Malware Analysis Report

2025-01-06 15:14

Sample ID 240525-qmzzgaea2x
Target 185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe
SHA256 0c488d1d7e6d39c70fda992c8f44d36245b56b8f0fade157e71d1f72fa38bb64
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0c488d1d7e6d39c70fda992c8f44d36245b56b8f0fade157e71d1f72fa38bb64

Threat Level: Known bad

The file 185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 13:23

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 13:23

Reported

2024-05-25 13:36

Platform

win7-20240220-en

Max time kernel

149s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\DLnmYig.exe N/A
N/A N/A C:\Windows\System\ySsGLEI.exe N/A
N/A N/A C:\Windows\System\sWUNRvu.exe N/A
N/A N/A C:\Windows\System\KWNyAOL.exe N/A
N/A N/A C:\Windows\System\GGMelui.exe N/A
N/A N/A C:\Windows\System\BIFKcgY.exe N/A
N/A N/A C:\Windows\System\fcHizFy.exe N/A
N/A N/A C:\Windows\System\UdkiZFK.exe N/A
N/A N/A C:\Windows\System\vePzgUi.exe N/A
N/A N/A C:\Windows\System\imLBGdk.exe N/A
N/A N/A C:\Windows\System\QXNpYhC.exe N/A
N/A N/A C:\Windows\System\gNNSoeX.exe N/A
N/A N/A C:\Windows\System\LDyaKvB.exe N/A
N/A N/A C:\Windows\System\PpTdPns.exe N/A
N/A N/A C:\Windows\System\eKaNPuc.exe N/A
N/A N/A C:\Windows\System\CVZCcQs.exe N/A
N/A N/A C:\Windows\System\CtKQmNv.exe N/A
N/A N/A C:\Windows\System\ElVGVrK.exe N/A
N/A N/A C:\Windows\System\pcfKoCL.exe N/A
N/A N/A C:\Windows\System\KLlaCkQ.exe N/A
N/A N/A C:\Windows\System\jqGLlaL.exe N/A
N/A N/A C:\Windows\System\nccYEWy.exe N/A
N/A N/A C:\Windows\System\htPXEEn.exe N/A
N/A N/A C:\Windows\System\lPbtell.exe N/A
N/A N/A C:\Windows\System\EofaHlU.exe N/A
N/A N/A C:\Windows\System\kLnsyay.exe N/A
N/A N/A C:\Windows\System\zFuyJTI.exe N/A
N/A N/A C:\Windows\System\QQCezzb.exe N/A
N/A N/A C:\Windows\System\vMhMidl.exe N/A
N/A N/A C:\Windows\System\FNfRHJi.exe N/A
N/A N/A C:\Windows\System\KukqlhC.exe N/A
N/A N/A C:\Windows\System\ZssOExi.exe N/A
N/A N/A C:\Windows\System\NsaOiCV.exe N/A
N/A N/A C:\Windows\System\GmtuScm.exe N/A
N/A N/A C:\Windows\System\xYKtFIp.exe N/A
N/A N/A C:\Windows\System\NFHXsGO.exe N/A
N/A N/A C:\Windows\System\ybSdCzj.exe N/A
N/A N/A C:\Windows\System\ppRTxny.exe N/A
N/A N/A C:\Windows\System\hhYMrXV.exe N/A
N/A N/A C:\Windows\System\PEWIWWK.exe N/A
N/A N/A C:\Windows\System\XgZIzSu.exe N/A
N/A N/A C:\Windows\System\wDWPbQH.exe N/A
N/A N/A C:\Windows\System\nasOewy.exe N/A
N/A N/A C:\Windows\System\gSAFZCI.exe N/A
N/A N/A C:\Windows\System\OmxIomW.exe N/A
N/A N/A C:\Windows\System\uWBAbJt.exe N/A
N/A N/A C:\Windows\System\tylBfjj.exe N/A
N/A N/A C:\Windows\System\YmMwmrG.exe N/A
N/A N/A C:\Windows\System\CJlWtXf.exe N/A
N/A N/A C:\Windows\System\xCWxzUv.exe N/A
N/A N/A C:\Windows\System\EPxeJjj.exe N/A
N/A N/A C:\Windows\System\Vqtijrl.exe N/A
N/A N/A C:\Windows\System\nWSAQIT.exe N/A
N/A N/A C:\Windows\System\PVKMiou.exe N/A
N/A N/A C:\Windows\System\AFqndml.exe N/A
N/A N/A C:\Windows\System\OOhkALk.exe N/A
N/A N/A C:\Windows\System\DTXOqXt.exe N/A
N/A N/A C:\Windows\System\CesfjOe.exe N/A
N/A N/A C:\Windows\System\fopOGWU.exe N/A
N/A N/A C:\Windows\System\jFBCUnl.exe N/A
N/A N/A C:\Windows\System\xyCecdS.exe N/A
N/A N/A C:\Windows\System\swlxhjt.exe N/A
N/A N/A C:\Windows\System\IYhuKnA.exe N/A
N/A N/A C:\Windows\System\yHRDnyt.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\hpyzIMh.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpcdFaW.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\pciSkby.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghrlsNP.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwmlahK.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhTHHbS.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\GPqfLIf.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\VypZysN.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\bKirJFJ.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhGdLyc.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFDPypq.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\SfrySAu.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\RLtBGtt.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwRlGVD.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\qQLIkvn.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHXyGlK.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\dFraaNR.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\VREeLGJ.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\lKlSJhs.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\AvQKORM.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVJURRo.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZdhHIP.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzMNQtU.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\fHrRYXL.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhQlkVq.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\QgSTNkr.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcTAWgi.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKorrMl.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFqVjeB.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\lSKNHQq.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZAMLGg.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDWPbQH.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFbxHMF.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhaEZjV.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\FuGbbvs.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxvZSrI.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\znGHLxM.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\zSWFYmv.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\nNUlLVY.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdBLkGj.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\LbixVsh.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\lIkNJvi.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxNGyrN.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsjiHjk.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\AXmrzWR.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbmLYas.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyaBnZl.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDtcLGB.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\dXlLEDu.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\APuUapg.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzvpViM.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\TNiSxon.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\cgHypRN.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZLGcAIp.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwxSMul.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYUmfTu.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRGuIBo.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\apfmEqw.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\bldjPRX.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQyEbpC.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\JJgSCig.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\haeLHUs.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\cUuPrxl.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\DxiQVvh.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1972 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1972 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1972 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1972 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\DLnmYig.exe
PID 1972 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\DLnmYig.exe
PID 1972 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\DLnmYig.exe
PID 1972 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\ySsGLEI.exe
PID 1972 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\ySsGLEI.exe
PID 1972 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\ySsGLEI.exe
PID 1972 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\sWUNRvu.exe
PID 1972 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\sWUNRvu.exe
PID 1972 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\sWUNRvu.exe
PID 1972 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\KWNyAOL.exe
PID 1972 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\KWNyAOL.exe
PID 1972 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\KWNyAOL.exe
PID 1972 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\GGMelui.exe
PID 1972 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\GGMelui.exe
PID 1972 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\GGMelui.exe
PID 1972 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\BIFKcgY.exe
PID 1972 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\BIFKcgY.exe
PID 1972 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\BIFKcgY.exe
PID 1972 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\fcHizFy.exe
PID 1972 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\fcHizFy.exe
PID 1972 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\fcHizFy.exe
PID 1972 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\UdkiZFK.exe
PID 1972 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\UdkiZFK.exe
PID 1972 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\UdkiZFK.exe
PID 1972 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\vePzgUi.exe
PID 1972 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\vePzgUi.exe
PID 1972 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\vePzgUi.exe
PID 1972 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\LDyaKvB.exe
PID 1972 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\LDyaKvB.exe
PID 1972 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\LDyaKvB.exe
PID 1972 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\imLBGdk.exe
PID 1972 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\imLBGdk.exe
PID 1972 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\imLBGdk.exe
PID 1972 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\CVZCcQs.exe
PID 1972 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\CVZCcQs.exe
PID 1972 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\CVZCcQs.exe
PID 1972 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\QXNpYhC.exe
PID 1972 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\QXNpYhC.exe
PID 1972 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\QXNpYhC.exe
PID 1972 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\CtKQmNv.exe
PID 1972 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\CtKQmNv.exe
PID 1972 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\CtKQmNv.exe
PID 1972 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\gNNSoeX.exe
PID 1972 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\gNNSoeX.exe
PID 1972 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\gNNSoeX.exe
PID 1972 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\ElVGVrK.exe
PID 1972 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\ElVGVrK.exe
PID 1972 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\ElVGVrK.exe
PID 1972 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\PpTdPns.exe
PID 1972 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\PpTdPns.exe
PID 1972 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\PpTdPns.exe
PID 1972 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\pcfKoCL.exe
PID 1972 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\pcfKoCL.exe
PID 1972 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\pcfKoCL.exe
PID 1972 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\eKaNPuc.exe
PID 1972 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\eKaNPuc.exe
PID 1972 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\eKaNPuc.exe
PID 1972 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\KLlaCkQ.exe
PID 1972 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\KLlaCkQ.exe
PID 1972 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\KLlaCkQ.exe
PID 1972 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\jqGLlaL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\DLnmYig.exe

C:\Windows\System\DLnmYig.exe

C:\Windows\System\ySsGLEI.exe

C:\Windows\System\ySsGLEI.exe

C:\Windows\System\sWUNRvu.exe

C:\Windows\System\sWUNRvu.exe

C:\Windows\System\KWNyAOL.exe

C:\Windows\System\KWNyAOL.exe

C:\Windows\System\GGMelui.exe

C:\Windows\System\GGMelui.exe

C:\Windows\System\BIFKcgY.exe

C:\Windows\System\BIFKcgY.exe

C:\Windows\System\fcHizFy.exe

C:\Windows\System\fcHizFy.exe

C:\Windows\System\UdkiZFK.exe

C:\Windows\System\UdkiZFK.exe

C:\Windows\System\vePzgUi.exe

C:\Windows\System\vePzgUi.exe

C:\Windows\System\LDyaKvB.exe

C:\Windows\System\LDyaKvB.exe

C:\Windows\System\imLBGdk.exe

C:\Windows\System\imLBGdk.exe

C:\Windows\System\CVZCcQs.exe

C:\Windows\System\CVZCcQs.exe

C:\Windows\System\QXNpYhC.exe

C:\Windows\System\QXNpYhC.exe

C:\Windows\System\CtKQmNv.exe

C:\Windows\System\CtKQmNv.exe

C:\Windows\System\gNNSoeX.exe

C:\Windows\System\gNNSoeX.exe

C:\Windows\System\ElVGVrK.exe

C:\Windows\System\ElVGVrK.exe

C:\Windows\System\PpTdPns.exe

C:\Windows\System\PpTdPns.exe

C:\Windows\System\pcfKoCL.exe

C:\Windows\System\pcfKoCL.exe

C:\Windows\System\eKaNPuc.exe

C:\Windows\System\eKaNPuc.exe

C:\Windows\System\KLlaCkQ.exe

C:\Windows\System\KLlaCkQ.exe

C:\Windows\System\jqGLlaL.exe

C:\Windows\System\jqGLlaL.exe

C:\Windows\System\YMMhlAw.exe

C:\Windows\System\YMMhlAw.exe

C:\Windows\System\nccYEWy.exe

C:\Windows\System\nccYEWy.exe

C:\Windows\System\nktXhoy.exe

C:\Windows\System\nktXhoy.exe

C:\Windows\System\htPXEEn.exe

C:\Windows\System\htPXEEn.exe

C:\Windows\System\UsLrHJj.exe

C:\Windows\System\UsLrHJj.exe

C:\Windows\System\lPbtell.exe

C:\Windows\System\lPbtell.exe

C:\Windows\System\ZFLRAzP.exe

C:\Windows\System\ZFLRAzP.exe

C:\Windows\System\EofaHlU.exe

C:\Windows\System\EofaHlU.exe

C:\Windows\System\AvhDXkF.exe

C:\Windows\System\AvhDXkF.exe

C:\Windows\System\kLnsyay.exe

C:\Windows\System\kLnsyay.exe

C:\Windows\System\JJgSCig.exe

C:\Windows\System\JJgSCig.exe

C:\Windows\System\zFuyJTI.exe

C:\Windows\System\zFuyJTI.exe

C:\Windows\System\LZhdaMD.exe

C:\Windows\System\LZhdaMD.exe

C:\Windows\System\QQCezzb.exe

C:\Windows\System\QQCezzb.exe

C:\Windows\System\VKWzbCT.exe

C:\Windows\System\VKWzbCT.exe

C:\Windows\System\vMhMidl.exe

C:\Windows\System\vMhMidl.exe

C:\Windows\System\dEFwIYH.exe

C:\Windows\System\dEFwIYH.exe

C:\Windows\System\FNfRHJi.exe

C:\Windows\System\FNfRHJi.exe

C:\Windows\System\iGhTbfk.exe

C:\Windows\System\iGhTbfk.exe

C:\Windows\System\KukqlhC.exe

C:\Windows\System\KukqlhC.exe

C:\Windows\System\YChLxSu.exe

C:\Windows\System\YChLxSu.exe

C:\Windows\System\ZssOExi.exe

C:\Windows\System\ZssOExi.exe

C:\Windows\System\UsdBoVg.exe

C:\Windows\System\UsdBoVg.exe

C:\Windows\System\NsaOiCV.exe

C:\Windows\System\NsaOiCV.exe

C:\Windows\System\mPZIYMJ.exe

C:\Windows\System\mPZIYMJ.exe

C:\Windows\System\GmtuScm.exe

C:\Windows\System\GmtuScm.exe

C:\Windows\System\nYzcbip.exe

C:\Windows\System\nYzcbip.exe

C:\Windows\System\xYKtFIp.exe

C:\Windows\System\xYKtFIp.exe

C:\Windows\System\XTdGZZN.exe

C:\Windows\System\XTdGZZN.exe

C:\Windows\System\NFHXsGO.exe

C:\Windows\System\NFHXsGO.exe

C:\Windows\System\gtxnFUX.exe

C:\Windows\System\gtxnFUX.exe

C:\Windows\System\ybSdCzj.exe

C:\Windows\System\ybSdCzj.exe

C:\Windows\System\iwbybDA.exe

C:\Windows\System\iwbybDA.exe

C:\Windows\System\ppRTxny.exe

C:\Windows\System\ppRTxny.exe

C:\Windows\System\vNAglto.exe

C:\Windows\System\vNAglto.exe

C:\Windows\System\hhYMrXV.exe

C:\Windows\System\hhYMrXV.exe

C:\Windows\System\zZLTcig.exe

C:\Windows\System\zZLTcig.exe

C:\Windows\System\PEWIWWK.exe

C:\Windows\System\PEWIWWK.exe

C:\Windows\System\AmOBaBs.exe

C:\Windows\System\AmOBaBs.exe

C:\Windows\System\XgZIzSu.exe

C:\Windows\System\XgZIzSu.exe

C:\Windows\System\Mhpueoi.exe

C:\Windows\System\Mhpueoi.exe

C:\Windows\System\wDWPbQH.exe

C:\Windows\System\wDWPbQH.exe

C:\Windows\System\LLwQAgk.exe

C:\Windows\System\LLwQAgk.exe

C:\Windows\System\nasOewy.exe

C:\Windows\System\nasOewy.exe

C:\Windows\System\wgWHmam.exe

C:\Windows\System\wgWHmam.exe

C:\Windows\System\gSAFZCI.exe

C:\Windows\System\gSAFZCI.exe

C:\Windows\System\pUVUzKL.exe

C:\Windows\System\pUVUzKL.exe

C:\Windows\System\OmxIomW.exe

C:\Windows\System\OmxIomW.exe

C:\Windows\System\tWXxlAB.exe

C:\Windows\System\tWXxlAB.exe

C:\Windows\System\uWBAbJt.exe

C:\Windows\System\uWBAbJt.exe

C:\Windows\System\KmknfGA.exe

C:\Windows\System\KmknfGA.exe

C:\Windows\System\tylBfjj.exe

C:\Windows\System\tylBfjj.exe

C:\Windows\System\GafjeFk.exe

C:\Windows\System\GafjeFk.exe

C:\Windows\System\YmMwmrG.exe

C:\Windows\System\YmMwmrG.exe

C:\Windows\System\UcbWfBh.exe

C:\Windows\System\UcbWfBh.exe

C:\Windows\System\CJlWtXf.exe

C:\Windows\System\CJlWtXf.exe

C:\Windows\System\bDjxApi.exe

C:\Windows\System\bDjxApi.exe

C:\Windows\System\xCWxzUv.exe

C:\Windows\System\xCWxzUv.exe

C:\Windows\System\bodQgtk.exe

C:\Windows\System\bodQgtk.exe

C:\Windows\System\EPxeJjj.exe

C:\Windows\System\EPxeJjj.exe

C:\Windows\System\AQRDENp.exe

C:\Windows\System\AQRDENp.exe

C:\Windows\System\Vqtijrl.exe

C:\Windows\System\Vqtijrl.exe

C:\Windows\System\gqifRLC.exe

C:\Windows\System\gqifRLC.exe

C:\Windows\System\nWSAQIT.exe

C:\Windows\System\nWSAQIT.exe

C:\Windows\System\VMdxPti.exe

C:\Windows\System\VMdxPti.exe

C:\Windows\System\PVKMiou.exe

C:\Windows\System\PVKMiou.exe

C:\Windows\System\bKirJFJ.exe

C:\Windows\System\bKirJFJ.exe

C:\Windows\System\AFqndml.exe

C:\Windows\System\AFqndml.exe

C:\Windows\System\FVpYKgM.exe

C:\Windows\System\FVpYKgM.exe

C:\Windows\System\OOhkALk.exe

C:\Windows\System\OOhkALk.exe

C:\Windows\System\Qnxfctl.exe

C:\Windows\System\Qnxfctl.exe

C:\Windows\System\DTXOqXt.exe

C:\Windows\System\DTXOqXt.exe

C:\Windows\System\akfFzqJ.exe

C:\Windows\System\akfFzqJ.exe

C:\Windows\System\CesfjOe.exe

C:\Windows\System\CesfjOe.exe

C:\Windows\System\UcPPiri.exe

C:\Windows\System\UcPPiri.exe

C:\Windows\System\fopOGWU.exe

C:\Windows\System\fopOGWU.exe

C:\Windows\System\JwOHmsM.exe

C:\Windows\System\JwOHmsM.exe

C:\Windows\System\jFBCUnl.exe

C:\Windows\System\jFBCUnl.exe

C:\Windows\System\DoqhTre.exe

C:\Windows\System\DoqhTre.exe

C:\Windows\System\xyCecdS.exe

C:\Windows\System\xyCecdS.exe

C:\Windows\System\FBDaFRy.exe

C:\Windows\System\FBDaFRy.exe

C:\Windows\System\swlxhjt.exe

C:\Windows\System\swlxhjt.exe

C:\Windows\System\cTBtSyC.exe

C:\Windows\System\cTBtSyC.exe

C:\Windows\System\IYhuKnA.exe

C:\Windows\System\IYhuKnA.exe

C:\Windows\System\RfemdIK.exe

C:\Windows\System\RfemdIK.exe

C:\Windows\System\yHRDnyt.exe

C:\Windows\System\yHRDnyt.exe

C:\Windows\System\uEGjcAN.exe

C:\Windows\System\uEGjcAN.exe

C:\Windows\System\fysEgOV.exe

C:\Windows\System\fysEgOV.exe

C:\Windows\System\sqJmgys.exe

C:\Windows\System\sqJmgys.exe

C:\Windows\System\GmnteXY.exe

C:\Windows\System\GmnteXY.exe

C:\Windows\System\ENGZpwh.exe

C:\Windows\System\ENGZpwh.exe

C:\Windows\System\FFIKslN.exe

C:\Windows\System\FFIKslN.exe

C:\Windows\System\OXaUWZD.exe

C:\Windows\System\OXaUWZD.exe

C:\Windows\System\MyYxxoL.exe

C:\Windows\System\MyYxxoL.exe

C:\Windows\System\NjbEnxP.exe

C:\Windows\System\NjbEnxP.exe

C:\Windows\System\oqqOwZn.exe

C:\Windows\System\oqqOwZn.exe

C:\Windows\System\tjVhhtI.exe

C:\Windows\System\tjVhhtI.exe

C:\Windows\System\xkPRtva.exe

C:\Windows\System\xkPRtva.exe

C:\Windows\System\GTzppvS.exe

C:\Windows\System\GTzppvS.exe

C:\Windows\System\laCKWHU.exe

C:\Windows\System\laCKWHU.exe

C:\Windows\System\yhVOaQO.exe

C:\Windows\System\yhVOaQO.exe

C:\Windows\System\SWcmvYu.exe

C:\Windows\System\SWcmvYu.exe

C:\Windows\System\obLpIXG.exe

C:\Windows\System\obLpIXG.exe

C:\Windows\System\GIPRDVf.exe

C:\Windows\System\GIPRDVf.exe

C:\Windows\System\TwCHPgv.exe

C:\Windows\System\TwCHPgv.exe

C:\Windows\System\sikPrAx.exe

C:\Windows\System\sikPrAx.exe

C:\Windows\System\UQngaUM.exe

C:\Windows\System\UQngaUM.exe

C:\Windows\System\BUkObkN.exe

C:\Windows\System\BUkObkN.exe

C:\Windows\System\VYpSHAG.exe

C:\Windows\System\VYpSHAG.exe

C:\Windows\System\LoRGYAO.exe

C:\Windows\System\LoRGYAO.exe

C:\Windows\System\WJSCrQk.exe

C:\Windows\System\WJSCrQk.exe

C:\Windows\System\mSmtMxw.exe

C:\Windows\System\mSmtMxw.exe

C:\Windows\System\oivEuCP.exe

C:\Windows\System\oivEuCP.exe

C:\Windows\System\GiqOHGs.exe

C:\Windows\System\GiqOHGs.exe

C:\Windows\System\AXmrzWR.exe

C:\Windows\System\AXmrzWR.exe

C:\Windows\System\AJiINIs.exe

C:\Windows\System\AJiINIs.exe

C:\Windows\System\hiFVwWx.exe

C:\Windows\System\hiFVwWx.exe

C:\Windows\System\uIpkHIy.exe

C:\Windows\System\uIpkHIy.exe

C:\Windows\System\fuLOxeq.exe

C:\Windows\System\fuLOxeq.exe

C:\Windows\System\YgOcPPD.exe

C:\Windows\System\YgOcPPD.exe

C:\Windows\System\dTDxRdq.exe

C:\Windows\System\dTDxRdq.exe

C:\Windows\System\wRVrSAj.exe

C:\Windows\System\wRVrSAj.exe

C:\Windows\System\OfoFsuS.exe

C:\Windows\System\OfoFsuS.exe

C:\Windows\System\nQoUUlN.exe

C:\Windows\System\nQoUUlN.exe

C:\Windows\System\iNMheqC.exe

C:\Windows\System\iNMheqC.exe

C:\Windows\System\AwEhxWt.exe

C:\Windows\System\AwEhxWt.exe

C:\Windows\System\nwxMHMW.exe

C:\Windows\System\nwxMHMW.exe

C:\Windows\System\jzmDFuY.exe

C:\Windows\System\jzmDFuY.exe

C:\Windows\System\gDtApYA.exe

C:\Windows\System\gDtApYA.exe

C:\Windows\System\cFIAwoi.exe

C:\Windows\System\cFIAwoi.exe

C:\Windows\System\JEcSylC.exe

C:\Windows\System\JEcSylC.exe

C:\Windows\System\YgHAeww.exe

C:\Windows\System\YgHAeww.exe

C:\Windows\System\xzULyOv.exe

C:\Windows\System\xzULyOv.exe

C:\Windows\System\WWPAAdG.exe

C:\Windows\System\WWPAAdG.exe

C:\Windows\System\VhVtwNv.exe

C:\Windows\System\VhVtwNv.exe

C:\Windows\System\mwwoCki.exe

C:\Windows\System\mwwoCki.exe

C:\Windows\System\qdnbylW.exe

C:\Windows\System\qdnbylW.exe

C:\Windows\System\WsDDbnC.exe

C:\Windows\System\WsDDbnC.exe

C:\Windows\System\bHGKfbj.exe

C:\Windows\System\bHGKfbj.exe

C:\Windows\System\DGuOsHR.exe

C:\Windows\System\DGuOsHR.exe

C:\Windows\System\mwrzkPA.exe

C:\Windows\System\mwrzkPA.exe

C:\Windows\System\LkNdLfa.exe

C:\Windows\System\LkNdLfa.exe

C:\Windows\System\zkRLuph.exe

C:\Windows\System\zkRLuph.exe

C:\Windows\System\TtwGwft.exe

C:\Windows\System\TtwGwft.exe

C:\Windows\System\SVJdSPL.exe

C:\Windows\System\SVJdSPL.exe

C:\Windows\System\hmVhTzF.exe

C:\Windows\System\hmVhTzF.exe

C:\Windows\System\utERCcu.exe

C:\Windows\System\utERCcu.exe

C:\Windows\System\khBvKSO.exe

C:\Windows\System\khBvKSO.exe

C:\Windows\System\JCEINll.exe

C:\Windows\System\JCEINll.exe

C:\Windows\System\WEHbPLi.exe

C:\Windows\System\WEHbPLi.exe

C:\Windows\System\awFsQfK.exe

C:\Windows\System\awFsQfK.exe

C:\Windows\System\oCDrjAs.exe

C:\Windows\System\oCDrjAs.exe

C:\Windows\System\XkkUGyE.exe

C:\Windows\System\XkkUGyE.exe

C:\Windows\System\QFQLgvP.exe

C:\Windows\System\QFQLgvP.exe

C:\Windows\System\tuCMJlw.exe

C:\Windows\System\tuCMJlw.exe

C:\Windows\System\uKBjyXP.exe

C:\Windows\System\uKBjyXP.exe

C:\Windows\System\oxrvhcP.exe

C:\Windows\System\oxrvhcP.exe

C:\Windows\System\CQJRolS.exe

C:\Windows\System\CQJRolS.exe

C:\Windows\System\rxQCZyV.exe

C:\Windows\System\rxQCZyV.exe

C:\Windows\System\uNbwQei.exe

C:\Windows\System\uNbwQei.exe

C:\Windows\System\jCeNCQc.exe

C:\Windows\System\jCeNCQc.exe

C:\Windows\System\UuUwAtv.exe

C:\Windows\System\UuUwAtv.exe

C:\Windows\System\xefJzNH.exe

C:\Windows\System\xefJzNH.exe

C:\Windows\System\mvadtFX.exe

C:\Windows\System\mvadtFX.exe

C:\Windows\System\MlkRdGy.exe

C:\Windows\System\MlkRdGy.exe

C:\Windows\System\kgTyyRR.exe

C:\Windows\System\kgTyyRR.exe

C:\Windows\System\aaLdSlJ.exe

C:\Windows\System\aaLdSlJ.exe

C:\Windows\System\AKKorTi.exe

C:\Windows\System\AKKorTi.exe

C:\Windows\System\YSSXPqs.exe

C:\Windows\System\YSSXPqs.exe

C:\Windows\System\GYUHvSH.exe

C:\Windows\System\GYUHvSH.exe

C:\Windows\System\IGedyUe.exe

C:\Windows\System\IGedyUe.exe

C:\Windows\System\pVnnYRU.exe

C:\Windows\System\pVnnYRU.exe

C:\Windows\System\SYArJxJ.exe

C:\Windows\System\SYArJxJ.exe

C:\Windows\System\SnjqLMK.exe

C:\Windows\System\SnjqLMK.exe

C:\Windows\System\AWfcaSy.exe

C:\Windows\System\AWfcaSy.exe

C:\Windows\System\WIQIWfd.exe

C:\Windows\System\WIQIWfd.exe

C:\Windows\System\YSmvesV.exe

C:\Windows\System\YSmvesV.exe

C:\Windows\System\LeZoeMM.exe

C:\Windows\System\LeZoeMM.exe

C:\Windows\System\iBkQYKk.exe

C:\Windows\System\iBkQYKk.exe

C:\Windows\System\dbJTotP.exe

C:\Windows\System\dbJTotP.exe

C:\Windows\System\DLLCgnx.exe

C:\Windows\System\DLLCgnx.exe

C:\Windows\System\IfvLaMd.exe

C:\Windows\System\IfvLaMd.exe

C:\Windows\System\ULFWukg.exe

C:\Windows\System\ULFWukg.exe

C:\Windows\System\VFbxHMF.exe

C:\Windows\System\VFbxHMF.exe

C:\Windows\System\RPtRtXu.exe

C:\Windows\System\RPtRtXu.exe

C:\Windows\System\VIbmpws.exe

C:\Windows\System\VIbmpws.exe

C:\Windows\System\sfFzbXO.exe

C:\Windows\System\sfFzbXO.exe

C:\Windows\System\jsntebR.exe

C:\Windows\System\jsntebR.exe

C:\Windows\System\UDwuGvl.exe

C:\Windows\System\UDwuGvl.exe

C:\Windows\System\aWMyotI.exe

C:\Windows\System\aWMyotI.exe

C:\Windows\System\wBvtpWO.exe

C:\Windows\System\wBvtpWO.exe

C:\Windows\System\aIDUobN.exe

C:\Windows\System\aIDUobN.exe

C:\Windows\System\ABMNyPu.exe

C:\Windows\System\ABMNyPu.exe

C:\Windows\System\vdEwZUs.exe

C:\Windows\System\vdEwZUs.exe

C:\Windows\System\QgSTNkr.exe

C:\Windows\System\QgSTNkr.exe

C:\Windows\System\WvXZiwo.exe

C:\Windows\System\WvXZiwo.exe

C:\Windows\System\trXckMc.exe

C:\Windows\System\trXckMc.exe

C:\Windows\System\WnKsFRi.exe

C:\Windows\System\WnKsFRi.exe

C:\Windows\System\fqYXcaj.exe

C:\Windows\System\fqYXcaj.exe

C:\Windows\System\oWZkXcF.exe

C:\Windows\System\oWZkXcF.exe

C:\Windows\System\zkGmcdw.exe

C:\Windows\System\zkGmcdw.exe

C:\Windows\System\GKcqaJb.exe

C:\Windows\System\GKcqaJb.exe

C:\Windows\System\NMBHxjH.exe

C:\Windows\System\NMBHxjH.exe

C:\Windows\System\eGKfVkL.exe

C:\Windows\System\eGKfVkL.exe

C:\Windows\System\zZVJriq.exe

C:\Windows\System\zZVJriq.exe

C:\Windows\System\mvgNkxq.exe

C:\Windows\System\mvgNkxq.exe

C:\Windows\System\oUjxdEa.exe

C:\Windows\System\oUjxdEa.exe

C:\Windows\System\IFWXVAb.exe

C:\Windows\System\IFWXVAb.exe

C:\Windows\System\tgxtypD.exe

C:\Windows\System\tgxtypD.exe

C:\Windows\System\wbvesIx.exe

C:\Windows\System\wbvesIx.exe

C:\Windows\System\jgRQkEV.exe

C:\Windows\System\jgRQkEV.exe

C:\Windows\System\iNUwKGY.exe

C:\Windows\System\iNUwKGY.exe

C:\Windows\System\BBrrwpO.exe

C:\Windows\System\BBrrwpO.exe

C:\Windows\System\KFJcAOK.exe

C:\Windows\System\KFJcAOK.exe

C:\Windows\System\cODyDtZ.exe

C:\Windows\System\cODyDtZ.exe

C:\Windows\System\aLWdAeK.exe

C:\Windows\System\aLWdAeK.exe

C:\Windows\System\Qlebpuk.exe

C:\Windows\System\Qlebpuk.exe

C:\Windows\System\nnXWzgi.exe

C:\Windows\System\nnXWzgi.exe

C:\Windows\System\dFraaNR.exe

C:\Windows\System\dFraaNR.exe

C:\Windows\System\VStNceV.exe

C:\Windows\System\VStNceV.exe

C:\Windows\System\CHBRhCK.exe

C:\Windows\System\CHBRhCK.exe

C:\Windows\System\QaTbApw.exe

C:\Windows\System\QaTbApw.exe

C:\Windows\System\KKzTbID.exe

C:\Windows\System\KKzTbID.exe

C:\Windows\System\gJsMJro.exe

C:\Windows\System\gJsMJro.exe

C:\Windows\System\WkmaTxZ.exe

C:\Windows\System\WkmaTxZ.exe

C:\Windows\System\YzHavIp.exe

C:\Windows\System\YzHavIp.exe

C:\Windows\System\DqEDPFy.exe

C:\Windows\System\DqEDPFy.exe

C:\Windows\System\tfucrPL.exe

C:\Windows\System\tfucrPL.exe

C:\Windows\System\yLYtWPx.exe

C:\Windows\System\yLYtWPx.exe

C:\Windows\System\FEiUClD.exe

C:\Windows\System\FEiUClD.exe

C:\Windows\System\ZwmdPgQ.exe

C:\Windows\System\ZwmdPgQ.exe

C:\Windows\System\SoaVupF.exe

C:\Windows\System\SoaVupF.exe

C:\Windows\System\OXEvUQl.exe

C:\Windows\System\OXEvUQl.exe

C:\Windows\System\qmrCuAv.exe

C:\Windows\System\qmrCuAv.exe

C:\Windows\System\IJqxQDv.exe

C:\Windows\System\IJqxQDv.exe

C:\Windows\System\aSUXNnZ.exe

C:\Windows\System\aSUXNnZ.exe

C:\Windows\System\nWIqVNH.exe

C:\Windows\System\nWIqVNH.exe

C:\Windows\System\RnhXNox.exe

C:\Windows\System\RnhXNox.exe

C:\Windows\System\QNuewSg.exe

C:\Windows\System\QNuewSg.exe

C:\Windows\System\FCCRGME.exe

C:\Windows\System\FCCRGME.exe

C:\Windows\System\NoDyuns.exe

C:\Windows\System\NoDyuns.exe

C:\Windows\System\iRjTJjp.exe

C:\Windows\System\iRjTJjp.exe

C:\Windows\System\PdLAbge.exe

C:\Windows\System\PdLAbge.exe

C:\Windows\System\PtPdqga.exe

C:\Windows\System\PtPdqga.exe

C:\Windows\System\VNeJxXE.exe

C:\Windows\System\VNeJxXE.exe

C:\Windows\System\GvOvmXm.exe

C:\Windows\System\GvOvmXm.exe

C:\Windows\System\yXuqswP.exe

C:\Windows\System\yXuqswP.exe

C:\Windows\System\SOBMFPa.exe

C:\Windows\System\SOBMFPa.exe

C:\Windows\System\WKSRRan.exe

C:\Windows\System\WKSRRan.exe

C:\Windows\System\TykcvSV.exe

C:\Windows\System\TykcvSV.exe

C:\Windows\System\OFCcfmR.exe

C:\Windows\System\OFCcfmR.exe

C:\Windows\System\ZnIPoaV.exe

C:\Windows\System\ZnIPoaV.exe

C:\Windows\System\ByUdvXI.exe

C:\Windows\System\ByUdvXI.exe

C:\Windows\System\IpcdFaW.exe

C:\Windows\System\IpcdFaW.exe

C:\Windows\System\yWYnnxm.exe

C:\Windows\System\yWYnnxm.exe

C:\Windows\System\CnBAwGo.exe

C:\Windows\System\CnBAwGo.exe

C:\Windows\System\mDZxfct.exe

C:\Windows\System\mDZxfct.exe

C:\Windows\System\AbDpyOK.exe

C:\Windows\System\AbDpyOK.exe

C:\Windows\System\mNleNuN.exe

C:\Windows\System\mNleNuN.exe

C:\Windows\System\CkuyKBo.exe

C:\Windows\System\CkuyKBo.exe

C:\Windows\System\dTXDEYN.exe

C:\Windows\System\dTXDEYN.exe

C:\Windows\System\VaSpEtl.exe

C:\Windows\System\VaSpEtl.exe

C:\Windows\System\jhWVHYi.exe

C:\Windows\System\jhWVHYi.exe

C:\Windows\System\mIfvijO.exe

C:\Windows\System\mIfvijO.exe

C:\Windows\System\qzEYGOi.exe

C:\Windows\System\qzEYGOi.exe

C:\Windows\System\tDhuFMN.exe

C:\Windows\System\tDhuFMN.exe

C:\Windows\System\niJCGVB.exe

C:\Windows\System\niJCGVB.exe

C:\Windows\System\eqlQxnN.exe

C:\Windows\System\eqlQxnN.exe

C:\Windows\System\TTXNLbz.exe

C:\Windows\System\TTXNLbz.exe

C:\Windows\System\QIJoySk.exe

C:\Windows\System\QIJoySk.exe

C:\Windows\System\nLrjTQm.exe

C:\Windows\System\nLrjTQm.exe

C:\Windows\System\RTlvvBg.exe

C:\Windows\System\RTlvvBg.exe

C:\Windows\System\BSIkSSl.exe

C:\Windows\System\BSIkSSl.exe

C:\Windows\System\QMdWhmq.exe

C:\Windows\System\QMdWhmq.exe

C:\Windows\System\VwCYsAG.exe

C:\Windows\System\VwCYsAG.exe

C:\Windows\System\lgtMWDD.exe

C:\Windows\System\lgtMWDD.exe

C:\Windows\System\xiCpAkW.exe

C:\Windows\System\xiCpAkW.exe

C:\Windows\System\poEAYJR.exe

C:\Windows\System\poEAYJR.exe

C:\Windows\System\rozJnLs.exe

C:\Windows\System\rozJnLs.exe

C:\Windows\System\SFCFiqG.exe

C:\Windows\System\SFCFiqG.exe

C:\Windows\System\WNqRjXu.exe

C:\Windows\System\WNqRjXu.exe

C:\Windows\System\MVNRNuq.exe

C:\Windows\System\MVNRNuq.exe

C:\Windows\System\dhgRRkN.exe

C:\Windows\System\dhgRRkN.exe

C:\Windows\System\qoLulSn.exe

C:\Windows\System\qoLulSn.exe

C:\Windows\System\LTMBnEP.exe

C:\Windows\System\LTMBnEP.exe

C:\Windows\System\liGvpwV.exe

C:\Windows\System\liGvpwV.exe

C:\Windows\System\UiWEoku.exe

C:\Windows\System\UiWEoku.exe

C:\Windows\System\FbmLYas.exe

C:\Windows\System\FbmLYas.exe

C:\Windows\System\TZAWcKL.exe

C:\Windows\System\TZAWcKL.exe

C:\Windows\System\pbJBOID.exe

C:\Windows\System\pbJBOID.exe

C:\Windows\System\hwlLgpM.exe

C:\Windows\System\hwlLgpM.exe

C:\Windows\System\BmwnoWP.exe

C:\Windows\System\BmwnoWP.exe

C:\Windows\System\beEvVDn.exe

C:\Windows\System\beEvVDn.exe

C:\Windows\System\OBSNDdY.exe

C:\Windows\System\OBSNDdY.exe

C:\Windows\System\VKvdYhR.exe

C:\Windows\System\VKvdYhR.exe

C:\Windows\System\QLCBuhe.exe

C:\Windows\System\QLCBuhe.exe

C:\Windows\System\dDtAQkA.exe

C:\Windows\System\dDtAQkA.exe

C:\Windows\System\ryNqpjj.exe

C:\Windows\System\ryNqpjj.exe

C:\Windows\System\opjsLpm.exe

C:\Windows\System\opjsLpm.exe

C:\Windows\System\tpswqXJ.exe

C:\Windows\System\tpswqXJ.exe

C:\Windows\System\TtlPmwL.exe

C:\Windows\System\TtlPmwL.exe

C:\Windows\System\kwkrEHT.exe

C:\Windows\System\kwkrEHT.exe

C:\Windows\System\CAYZCvv.exe

C:\Windows\System\CAYZCvv.exe

C:\Windows\System\IuWscoS.exe

C:\Windows\System\IuWscoS.exe

C:\Windows\System\oKjJmsI.exe

C:\Windows\System\oKjJmsI.exe

C:\Windows\System\nzENkDS.exe

C:\Windows\System\nzENkDS.exe

C:\Windows\System\ASqJYWP.exe

C:\Windows\System\ASqJYWP.exe

C:\Windows\System\DSzAfzh.exe

C:\Windows\System\DSzAfzh.exe

C:\Windows\System\qUKlAVZ.exe

C:\Windows\System\qUKlAVZ.exe

C:\Windows\System\rgdmcda.exe

C:\Windows\System\rgdmcda.exe

C:\Windows\System\aKeytpq.exe

C:\Windows\System\aKeytpq.exe

C:\Windows\System\XRrRIRe.exe

C:\Windows\System\XRrRIRe.exe

C:\Windows\System\mICuVaY.exe

C:\Windows\System\mICuVaY.exe

C:\Windows\System\TLfvRVP.exe

C:\Windows\System\TLfvRVP.exe

C:\Windows\System\szjyoJG.exe

C:\Windows\System\szjyoJG.exe

C:\Windows\System\QtPMdvi.exe

C:\Windows\System\QtPMdvi.exe

C:\Windows\System\muNKaBg.exe

C:\Windows\System\muNKaBg.exe

C:\Windows\System\NmhGwzS.exe

C:\Windows\System\NmhGwzS.exe

C:\Windows\System\GVsIwZf.exe

C:\Windows\System\GVsIwZf.exe

C:\Windows\System\oHPVClB.exe

C:\Windows\System\oHPVClB.exe

C:\Windows\System\GDNxziB.exe

C:\Windows\System\GDNxziB.exe

C:\Windows\System\CdESrIc.exe

C:\Windows\System\CdESrIc.exe

C:\Windows\System\gToTjnL.exe

C:\Windows\System\gToTjnL.exe

C:\Windows\System\XITXaPM.exe

C:\Windows\System\XITXaPM.exe

C:\Windows\System\ohkBBcL.exe

C:\Windows\System\ohkBBcL.exe

C:\Windows\System\gdWgQcj.exe

C:\Windows\System\gdWgQcj.exe

C:\Windows\System\wMLfKLf.exe

C:\Windows\System\wMLfKLf.exe

C:\Windows\System\DkaLvtv.exe

C:\Windows\System\DkaLvtv.exe

C:\Windows\System\DFQfcpw.exe

C:\Windows\System\DFQfcpw.exe

C:\Windows\System\ZDHaIob.exe

C:\Windows\System\ZDHaIob.exe

C:\Windows\System\IAebYiW.exe

C:\Windows\System\IAebYiW.exe

C:\Windows\System\YuSUSLI.exe

C:\Windows\System\YuSUSLI.exe

C:\Windows\System\PLuUCoq.exe

C:\Windows\System\PLuUCoq.exe

C:\Windows\System\rlaJqDh.exe

C:\Windows\System\rlaJqDh.exe

C:\Windows\System\XOPSVaf.exe

C:\Windows\System\XOPSVaf.exe

C:\Windows\System\ahshkhr.exe

C:\Windows\System\ahshkhr.exe

C:\Windows\System\DwBnNzn.exe

C:\Windows\System\DwBnNzn.exe

C:\Windows\System\xnFrydI.exe

C:\Windows\System\xnFrydI.exe

C:\Windows\System\xRnDSwa.exe

C:\Windows\System\xRnDSwa.exe

C:\Windows\System\RWhphlX.exe

C:\Windows\System\RWhphlX.exe

C:\Windows\System\EoyBCaB.exe

C:\Windows\System\EoyBCaB.exe

C:\Windows\System\cXgehPu.exe

C:\Windows\System\cXgehPu.exe

C:\Windows\System\YJurFyD.exe

C:\Windows\System\YJurFyD.exe

C:\Windows\System\zkzjvuN.exe

C:\Windows\System\zkzjvuN.exe

C:\Windows\System\qBpYEqP.exe

C:\Windows\System\qBpYEqP.exe

C:\Windows\System\bCKADSS.exe

C:\Windows\System\bCKADSS.exe

C:\Windows\System\EDqXNeP.exe

C:\Windows\System\EDqXNeP.exe

C:\Windows\System\EyYUCPS.exe

C:\Windows\System\EyYUCPS.exe

C:\Windows\System\McnTTor.exe

C:\Windows\System\McnTTor.exe

C:\Windows\System\uTBmVfs.exe

C:\Windows\System\uTBmVfs.exe

C:\Windows\System\GVSaFxZ.exe

C:\Windows\System\GVSaFxZ.exe

C:\Windows\System\xNtThRn.exe

C:\Windows\System\xNtThRn.exe

C:\Windows\System\ClZakkl.exe

C:\Windows\System\ClZakkl.exe

C:\Windows\System\QmWnIul.exe

C:\Windows\System\QmWnIul.exe

C:\Windows\System\rqTqfcd.exe

C:\Windows\System\rqTqfcd.exe

C:\Windows\System\kwUWCDU.exe

C:\Windows\System\kwUWCDU.exe

C:\Windows\System\ETxgdmP.exe

C:\Windows\System\ETxgdmP.exe

C:\Windows\System\jvvzvrD.exe

C:\Windows\System\jvvzvrD.exe

C:\Windows\System\MKiyluF.exe

C:\Windows\System\MKiyluF.exe

C:\Windows\System\JYnvXBl.exe

C:\Windows\System\JYnvXBl.exe

C:\Windows\System\rLFUTVX.exe

C:\Windows\System\rLFUTVX.exe

C:\Windows\System\aRhOoUr.exe

C:\Windows\System\aRhOoUr.exe

C:\Windows\System\jDgcUKJ.exe

C:\Windows\System\jDgcUKJ.exe

C:\Windows\System\yAHpmXK.exe

C:\Windows\System\yAHpmXK.exe

C:\Windows\System\ftWPVqy.exe

C:\Windows\System\ftWPVqy.exe

C:\Windows\System\mLARRxz.exe

C:\Windows\System\mLARRxz.exe

C:\Windows\System\lxkncJL.exe

C:\Windows\System\lxkncJL.exe

C:\Windows\System\XHNtvfv.exe

C:\Windows\System\XHNtvfv.exe

C:\Windows\System\BrmBRSY.exe

C:\Windows\System\BrmBRSY.exe

C:\Windows\System\qYHwGhs.exe

C:\Windows\System\qYHwGhs.exe

C:\Windows\System\UACJqqS.exe

C:\Windows\System\UACJqqS.exe

C:\Windows\System\MpmgZYB.exe

C:\Windows\System\MpmgZYB.exe

C:\Windows\System\rhaEZjV.exe

C:\Windows\System\rhaEZjV.exe

C:\Windows\System\kapXkel.exe

C:\Windows\System\kapXkel.exe

C:\Windows\System\IooipTC.exe

C:\Windows\System\IooipTC.exe

C:\Windows\System\DRekpOQ.exe

C:\Windows\System\DRekpOQ.exe

C:\Windows\System\iJkzhrv.exe

C:\Windows\System\iJkzhrv.exe

C:\Windows\System\MQJiSBC.exe

C:\Windows\System\MQJiSBC.exe

C:\Windows\System\JzKbjbG.exe

C:\Windows\System\JzKbjbG.exe

C:\Windows\System\dDViOxk.exe

C:\Windows\System\dDViOxk.exe

C:\Windows\System\LUKhrrI.exe

C:\Windows\System\LUKhrrI.exe

C:\Windows\System\ePPKcfZ.exe

C:\Windows\System\ePPKcfZ.exe

C:\Windows\System\IIlucmx.exe

C:\Windows\System\IIlucmx.exe

C:\Windows\System\noiZZvK.exe

C:\Windows\System\noiZZvK.exe

C:\Windows\System\PXLZnVe.exe

C:\Windows\System\PXLZnVe.exe

C:\Windows\System\aSgWDIL.exe

C:\Windows\System\aSgWDIL.exe

C:\Windows\System\myUyrsL.exe

C:\Windows\System\myUyrsL.exe

C:\Windows\System\uwrcVuS.exe

C:\Windows\System\uwrcVuS.exe

C:\Windows\System\DshgEiV.exe

C:\Windows\System\DshgEiV.exe

C:\Windows\System\vxzWPWn.exe

C:\Windows\System\vxzWPWn.exe

C:\Windows\System\DjmxwPo.exe

C:\Windows\System\DjmxwPo.exe

C:\Windows\System\xhFmmKy.exe

C:\Windows\System\xhFmmKy.exe

C:\Windows\System\tivxJYX.exe

C:\Windows\System\tivxJYX.exe

C:\Windows\System\TmVWjNG.exe

C:\Windows\System\TmVWjNG.exe

C:\Windows\System\dBPaPPG.exe

C:\Windows\System\dBPaPPG.exe

C:\Windows\System\jsCFxkE.exe

C:\Windows\System\jsCFxkE.exe

C:\Windows\System\XsKkBwZ.exe

C:\Windows\System\XsKkBwZ.exe

C:\Windows\System\tggkUbc.exe

C:\Windows\System\tggkUbc.exe

C:\Windows\System\yvgxXEx.exe

C:\Windows\System\yvgxXEx.exe

C:\Windows\System\mIgGdwN.exe

C:\Windows\System\mIgGdwN.exe

C:\Windows\System\TwBHoNR.exe

C:\Windows\System\TwBHoNR.exe

C:\Windows\System\JSjESxC.exe

C:\Windows\System\JSjESxC.exe

C:\Windows\System\WYVQZmJ.exe

C:\Windows\System\WYVQZmJ.exe

C:\Windows\System\ckXnBYH.exe

C:\Windows\System\ckXnBYH.exe

C:\Windows\System\vLqHZQW.exe

C:\Windows\System\vLqHZQW.exe

C:\Windows\System\jYUmfTu.exe

C:\Windows\System\jYUmfTu.exe

C:\Windows\System\DhkpAWk.exe

C:\Windows\System\DhkpAWk.exe

C:\Windows\System\XZVzVtT.exe

C:\Windows\System\XZVzVtT.exe

C:\Windows\System\njjXimG.exe

C:\Windows\System\njjXimG.exe

C:\Windows\System\LhZvkmT.exe

C:\Windows\System\LhZvkmT.exe

C:\Windows\System\HRpXnYZ.exe

C:\Windows\System\HRpXnYZ.exe

C:\Windows\System\IjveXRO.exe

C:\Windows\System\IjveXRO.exe

C:\Windows\System\oeXbYku.exe

C:\Windows\System\oeXbYku.exe

C:\Windows\System\DJtOqge.exe

C:\Windows\System\DJtOqge.exe

C:\Windows\System\nrdXKuG.exe

C:\Windows\System\nrdXKuG.exe

C:\Windows\System\VREeLGJ.exe

C:\Windows\System\VREeLGJ.exe

C:\Windows\System\KJRvQMM.exe

C:\Windows\System\KJRvQMM.exe

C:\Windows\System\hpROHot.exe

C:\Windows\System\hpROHot.exe

C:\Windows\System\smdynCw.exe

C:\Windows\System\smdynCw.exe

C:\Windows\System\zRblzkd.exe

C:\Windows\System\zRblzkd.exe

C:\Windows\System\dYzmDki.exe

C:\Windows\System\dYzmDki.exe

C:\Windows\System\seEoQFo.exe

C:\Windows\System\seEoQFo.exe

C:\Windows\System\LmVudlD.exe

C:\Windows\System\LmVudlD.exe

C:\Windows\System\mJVqCwz.exe

C:\Windows\System\mJVqCwz.exe

C:\Windows\System\qhLZSva.exe

C:\Windows\System\qhLZSva.exe

C:\Windows\System\nQoySuB.exe

C:\Windows\System\nQoySuB.exe

C:\Windows\System\eNRyOSa.exe

C:\Windows\System\eNRyOSa.exe

C:\Windows\System\MGUOlNA.exe

C:\Windows\System\MGUOlNA.exe

C:\Windows\System\SugcusP.exe

C:\Windows\System\SugcusP.exe

C:\Windows\System\TasJDbR.exe

C:\Windows\System\TasJDbR.exe

C:\Windows\System\qyXeiIT.exe

C:\Windows\System\qyXeiIT.exe

C:\Windows\System\FhGMTCa.exe

C:\Windows\System\FhGMTCa.exe

C:\Windows\System\IbjQIhJ.exe

C:\Windows\System\IbjQIhJ.exe

C:\Windows\System\yQNbooz.exe

C:\Windows\System\yQNbooz.exe

C:\Windows\System\BbSPaCc.exe

C:\Windows\System\BbSPaCc.exe

C:\Windows\System\ooYXViG.exe

C:\Windows\System\ooYXViG.exe

C:\Windows\System\gKbxXob.exe

C:\Windows\System\gKbxXob.exe

C:\Windows\System\glBuWCu.exe

C:\Windows\System\glBuWCu.exe

C:\Windows\System\ryNXhuX.exe

C:\Windows\System\ryNXhuX.exe

C:\Windows\System\HVGhgjZ.exe

C:\Windows\System\HVGhgjZ.exe

C:\Windows\System\xNlYMJh.exe

C:\Windows\System\xNlYMJh.exe

C:\Windows\System\TfpBYOe.exe

C:\Windows\System\TfpBYOe.exe

C:\Windows\System\SQMGMAA.exe

C:\Windows\System\SQMGMAA.exe

C:\Windows\System\sjesmbW.exe

C:\Windows\System\sjesmbW.exe

C:\Windows\System\XGVuNxK.exe

C:\Windows\System\XGVuNxK.exe

C:\Windows\System\yyNDiei.exe

C:\Windows\System\yyNDiei.exe

C:\Windows\System\DhOLhNH.exe

C:\Windows\System\DhOLhNH.exe

C:\Windows\System\FvGnTNR.exe

C:\Windows\System\FvGnTNR.exe

C:\Windows\System\eSsKDBH.exe

C:\Windows\System\eSsKDBH.exe

C:\Windows\System\ICSHzxf.exe

C:\Windows\System\ICSHzxf.exe

C:\Windows\System\zOJgIvl.exe

C:\Windows\System\zOJgIvl.exe

C:\Windows\System\jrxpzeH.exe

C:\Windows\System\jrxpzeH.exe

C:\Windows\System\CfzmBIl.exe

C:\Windows\System\CfzmBIl.exe

C:\Windows\System\JTdBCrK.exe

C:\Windows\System\JTdBCrK.exe

C:\Windows\System\IcTAWgi.exe

C:\Windows\System\IcTAWgi.exe

C:\Windows\System\dMdHqWL.exe

C:\Windows\System\dMdHqWL.exe

C:\Windows\System\BWVIeZj.exe

C:\Windows\System\BWVIeZj.exe

C:\Windows\System\DQhqJHC.exe

C:\Windows\System\DQhqJHC.exe

C:\Windows\System\uOpQFnM.exe

C:\Windows\System\uOpQFnM.exe

C:\Windows\System\cVJypig.exe

C:\Windows\System\cVJypig.exe

C:\Windows\System\CJqPvPx.exe

C:\Windows\System\CJqPvPx.exe

C:\Windows\System\yUrRHWe.exe

C:\Windows\System\yUrRHWe.exe

C:\Windows\System\dnwvQoo.exe

C:\Windows\System\dnwvQoo.exe

C:\Windows\System\OpBsVmS.exe

C:\Windows\System\OpBsVmS.exe

C:\Windows\System\cIUGTsw.exe

C:\Windows\System\cIUGTsw.exe

C:\Windows\System\GrFteah.exe

C:\Windows\System\GrFteah.exe

C:\Windows\System\SLQXlvS.exe

C:\Windows\System\SLQXlvS.exe

C:\Windows\System\AoNsDlB.exe

C:\Windows\System\AoNsDlB.exe

C:\Windows\System\FvjDeMK.exe

C:\Windows\System\FvjDeMK.exe

C:\Windows\System\BitEbXd.exe

C:\Windows\System\BitEbXd.exe

C:\Windows\System\XgYAioE.exe

C:\Windows\System\XgYAioE.exe

C:\Windows\System\WyjWsvH.exe

C:\Windows\System\WyjWsvH.exe

C:\Windows\System\HlDhbyd.exe

C:\Windows\System\HlDhbyd.exe

C:\Windows\System\ZIyKZYt.exe

C:\Windows\System\ZIyKZYt.exe

C:\Windows\System\CAUdDcA.exe

C:\Windows\System\CAUdDcA.exe

C:\Windows\System\hTuwLcO.exe

C:\Windows\System\hTuwLcO.exe

C:\Windows\System\gRPhzuU.exe

C:\Windows\System\gRPhzuU.exe

C:\Windows\System\kZOtEFL.exe

C:\Windows\System\kZOtEFL.exe

C:\Windows\System\xcHFqhW.exe

C:\Windows\System\xcHFqhW.exe

C:\Windows\System\lWAvnzl.exe

C:\Windows\System\lWAvnzl.exe

C:\Windows\System\DnPbcZX.exe

C:\Windows\System\DnPbcZX.exe

C:\Windows\System\TyrRwXJ.exe

C:\Windows\System\TyrRwXJ.exe

C:\Windows\System\ZXwApbu.exe

C:\Windows\System\ZXwApbu.exe

C:\Windows\System\JFJcjfQ.exe

C:\Windows\System\JFJcjfQ.exe

C:\Windows\System\pKVTySX.exe

C:\Windows\System\pKVTySX.exe

C:\Windows\System\oGKaOes.exe

C:\Windows\System\oGKaOes.exe

C:\Windows\System\NtiWRFt.exe

C:\Windows\System\NtiWRFt.exe

C:\Windows\System\DIroDxw.exe

C:\Windows\System\DIroDxw.exe

C:\Windows\System\bHAuNej.exe

C:\Windows\System\bHAuNej.exe

C:\Windows\System\lSZicxW.exe

C:\Windows\System\lSZicxW.exe

C:\Windows\System\xJMXSVV.exe

C:\Windows\System\xJMXSVV.exe

C:\Windows\System\cmEzsPL.exe

C:\Windows\System\cmEzsPL.exe

C:\Windows\System\dFvsMQH.exe

C:\Windows\System\dFvsMQH.exe

C:\Windows\System\pbNjXTz.exe

C:\Windows\System\pbNjXTz.exe

C:\Windows\System\YKQBXsk.exe

C:\Windows\System\YKQBXsk.exe

C:\Windows\System\nkfFyfQ.exe

C:\Windows\System\nkfFyfQ.exe

C:\Windows\System\IObsylP.exe

C:\Windows\System\IObsylP.exe

C:\Windows\System\UkeGqPC.exe

C:\Windows\System\UkeGqPC.exe

C:\Windows\System\kTvTrBR.exe

C:\Windows\System\kTvTrBR.exe

C:\Windows\System\gGdqilX.exe

C:\Windows\System\gGdqilX.exe

C:\Windows\System\UtMRfgw.exe

C:\Windows\System\UtMRfgw.exe

C:\Windows\System\AyznRem.exe

C:\Windows\System\AyznRem.exe

C:\Windows\System\QeNPJeM.exe

C:\Windows\System\QeNPJeM.exe

C:\Windows\System\icjZAzs.exe

C:\Windows\System\icjZAzs.exe

C:\Windows\System\VIVomBV.exe

C:\Windows\System\VIVomBV.exe

C:\Windows\System\QpEpgkG.exe

C:\Windows\System\QpEpgkG.exe

C:\Windows\System\vKorrMl.exe

C:\Windows\System\vKorrMl.exe

C:\Windows\System\gPamnnw.exe

C:\Windows\System\gPamnnw.exe

C:\Windows\System\bebVMFP.exe

C:\Windows\System\bebVMFP.exe

C:\Windows\System\LeALlAG.exe

C:\Windows\System\LeALlAG.exe

C:\Windows\System\EehpdUC.exe

C:\Windows\System\EehpdUC.exe

C:\Windows\System\fiSXpZm.exe

C:\Windows\System\fiSXpZm.exe

C:\Windows\System\ioUvDDE.exe

C:\Windows\System\ioUvDDE.exe

C:\Windows\System\XFgcmLr.exe

C:\Windows\System\XFgcmLr.exe

C:\Windows\System\nseLnuu.exe

C:\Windows\System\nseLnuu.exe

C:\Windows\System\FAOyuTe.exe

C:\Windows\System\FAOyuTe.exe

C:\Windows\System\oEmhLlw.exe

C:\Windows\System\oEmhLlw.exe

C:\Windows\System\zebPoQw.exe

C:\Windows\System\zebPoQw.exe

C:\Windows\System\agASIOY.exe

C:\Windows\System\agASIOY.exe

C:\Windows\System\KPeafir.exe

C:\Windows\System\KPeafir.exe

C:\Windows\System\qZVjzyA.exe

C:\Windows\System\qZVjzyA.exe

C:\Windows\System\EpIKazm.exe

C:\Windows\System\EpIKazm.exe

C:\Windows\System\rAoLYmt.exe

C:\Windows\System\rAoLYmt.exe

C:\Windows\System\nGWnIVd.exe

C:\Windows\System\nGWnIVd.exe

C:\Windows\System\pIvweBF.exe

C:\Windows\System\pIvweBF.exe

C:\Windows\System\fRywozT.exe

C:\Windows\System\fRywozT.exe

C:\Windows\System\rvnyddT.exe

C:\Windows\System\rvnyddT.exe

C:\Windows\System\ynOAijx.exe

C:\Windows\System\ynOAijx.exe

C:\Windows\System\zzFmxpE.exe

C:\Windows\System\zzFmxpE.exe

C:\Windows\System\oMsOtQt.exe

C:\Windows\System\oMsOtQt.exe

C:\Windows\System\BwAUIUG.exe

C:\Windows\System\BwAUIUG.exe

C:\Windows\System\ZMcpurK.exe

C:\Windows\System\ZMcpurK.exe

C:\Windows\System\YIZuhsU.exe

C:\Windows\System\YIZuhsU.exe

C:\Windows\System\jNKkBSW.exe

C:\Windows\System\jNKkBSW.exe

C:\Windows\System\tOPGrje.exe

C:\Windows\System\tOPGrje.exe

C:\Windows\System\qZtClFh.exe

C:\Windows\System\qZtClFh.exe

C:\Windows\System\YuGcHEZ.exe

C:\Windows\System\YuGcHEZ.exe

C:\Windows\System\wSfxOKn.exe

C:\Windows\System\wSfxOKn.exe

C:\Windows\System\UNglMUr.exe

C:\Windows\System\UNglMUr.exe

C:\Windows\System\MTWiTlv.exe

C:\Windows\System\MTWiTlv.exe

C:\Windows\System\IRAhEsU.exe

C:\Windows\System\IRAhEsU.exe

C:\Windows\System\sdjGpoC.exe

C:\Windows\System\sdjGpoC.exe

C:\Windows\System\pYorGdg.exe

C:\Windows\System\pYorGdg.exe

C:\Windows\System\lAwCVDk.exe

C:\Windows\System\lAwCVDk.exe

C:\Windows\System\ftUQbHP.exe

C:\Windows\System\ftUQbHP.exe

C:\Windows\System\zDgchIV.exe

C:\Windows\System\zDgchIV.exe

C:\Windows\System\WJIptUC.exe

C:\Windows\System\WJIptUC.exe

C:\Windows\System\sFBwHzm.exe

C:\Windows\System\sFBwHzm.exe

C:\Windows\System\tOseHqf.exe

C:\Windows\System\tOseHqf.exe

C:\Windows\System\APdHyeL.exe

C:\Windows\System\APdHyeL.exe

C:\Windows\System\MDdnICz.exe

C:\Windows\System\MDdnICz.exe

C:\Windows\System\bwOEeyg.exe

C:\Windows\System\bwOEeyg.exe

C:\Windows\System\VLwPcin.exe

C:\Windows\System\VLwPcin.exe

C:\Windows\System\liNblxN.exe

C:\Windows\System\liNblxN.exe

C:\Windows\System\jifNkIr.exe

C:\Windows\System\jifNkIr.exe

C:\Windows\System\ySGkvnu.exe

C:\Windows\System\ySGkvnu.exe

C:\Windows\System\scOWoEO.exe

C:\Windows\System\scOWoEO.exe

C:\Windows\System\mourlPP.exe

C:\Windows\System\mourlPP.exe

C:\Windows\System\EJxwgyZ.exe

C:\Windows\System\EJxwgyZ.exe

C:\Windows\System\IccRWIs.exe

C:\Windows\System\IccRWIs.exe

C:\Windows\System\mteUUCt.exe

C:\Windows\System\mteUUCt.exe

C:\Windows\System\veJZvcd.exe

C:\Windows\System\veJZvcd.exe

C:\Windows\System\YUpdjHE.exe

C:\Windows\System\YUpdjHE.exe

C:\Windows\System\TEUGqpF.exe

C:\Windows\System\TEUGqpF.exe

C:\Windows\System\AhSyUcA.exe

C:\Windows\System\AhSyUcA.exe

C:\Windows\System\IzkLhZZ.exe

C:\Windows\System\IzkLhZZ.exe

C:\Windows\System\fGPokDS.exe

C:\Windows\System\fGPokDS.exe

C:\Windows\System\hbzaSly.exe

C:\Windows\System\hbzaSly.exe

C:\Windows\System\njzmVZh.exe

C:\Windows\System\njzmVZh.exe

C:\Windows\System\GLOgtHG.exe

C:\Windows\System\GLOgtHG.exe

C:\Windows\System\jVMOjHt.exe

C:\Windows\System\jVMOjHt.exe

C:\Windows\System\OGQRmMw.exe

C:\Windows\System\OGQRmMw.exe

C:\Windows\System\XCXOKYO.exe

C:\Windows\System\XCXOKYO.exe

C:\Windows\System\zTkdiBx.exe

C:\Windows\System\zTkdiBx.exe

C:\Windows\System\zyfXUVi.exe

C:\Windows\System\zyfXUVi.exe

C:\Windows\System\APHxykW.exe

C:\Windows\System\APHxykW.exe

C:\Windows\System\UJOsmZX.exe

C:\Windows\System\UJOsmZX.exe

C:\Windows\System\kfvRuWI.exe

C:\Windows\System\kfvRuWI.exe

C:\Windows\System\ouQtcEW.exe

C:\Windows\System\ouQtcEW.exe

C:\Windows\System\NhOIMWZ.exe

C:\Windows\System\NhOIMWZ.exe

C:\Windows\System\eStzjVp.exe

C:\Windows\System\eStzjVp.exe

C:\Windows\System\FuGbbvs.exe

C:\Windows\System\FuGbbvs.exe

C:\Windows\System\GsvVpCP.exe

C:\Windows\System\GsvVpCP.exe

C:\Windows\System\SLvDfsi.exe

C:\Windows\System\SLvDfsi.exe

C:\Windows\System\OLYCXVd.exe

C:\Windows\System\OLYCXVd.exe

C:\Windows\System\ahtDMrD.exe

C:\Windows\System\ahtDMrD.exe

C:\Windows\System\LbnlocE.exe

C:\Windows\System\LbnlocE.exe

C:\Windows\System\DBxRHVy.exe

C:\Windows\System\DBxRHVy.exe

C:\Windows\System\XgwPXan.exe

C:\Windows\System\XgwPXan.exe

C:\Windows\System\AotNmBC.exe

C:\Windows\System\AotNmBC.exe

C:\Windows\System\FyxVqHb.exe

C:\Windows\System\FyxVqHb.exe

C:\Windows\System\hVIPNXP.exe

C:\Windows\System\hVIPNXP.exe

C:\Windows\System\AwxujrV.exe

C:\Windows\System\AwxujrV.exe

C:\Windows\System\kIffIod.exe

C:\Windows\System\kIffIod.exe

C:\Windows\System\YicDQAw.exe

C:\Windows\System\YicDQAw.exe

C:\Windows\System\BmLDftY.exe

C:\Windows\System\BmLDftY.exe

C:\Windows\System\RrreNDN.exe

C:\Windows\System\RrreNDN.exe

C:\Windows\System\YtszxdC.exe

C:\Windows\System\YtszxdC.exe

C:\Windows\System\wnRFlOY.exe

C:\Windows\System\wnRFlOY.exe

C:\Windows\System\dNRFoFb.exe

C:\Windows\System\dNRFoFb.exe

C:\Windows\System\eOPYjYF.exe

C:\Windows\System\eOPYjYF.exe

C:\Windows\System\lvKFKGC.exe

C:\Windows\System\lvKFKGC.exe

C:\Windows\System\Ojcbffw.exe

C:\Windows\System\Ojcbffw.exe

C:\Windows\System\ZFqVjeB.exe

C:\Windows\System\ZFqVjeB.exe

C:\Windows\System\ASOYKFK.exe

C:\Windows\System\ASOYKFK.exe

C:\Windows\System\bXFFzTE.exe

C:\Windows\System\bXFFzTE.exe

C:\Windows\System\eUPhpDp.exe

C:\Windows\System\eUPhpDp.exe

C:\Windows\System\cfevQyh.exe

C:\Windows\System\cfevQyh.exe

C:\Windows\System\MJEFGKQ.exe

C:\Windows\System\MJEFGKQ.exe

C:\Windows\System\pzffKWH.exe

C:\Windows\System\pzffKWH.exe

C:\Windows\System\iwwIObm.exe

C:\Windows\System\iwwIObm.exe

C:\Windows\System\BXsnTEi.exe

C:\Windows\System\BXsnTEi.exe

C:\Windows\System\BuMTKGe.exe

C:\Windows\System\BuMTKGe.exe

C:\Windows\System\LqQSwph.exe

C:\Windows\System\LqQSwph.exe

C:\Windows\System\xwQYXMn.exe

C:\Windows\System\xwQYXMn.exe

C:\Windows\System\zFZueXK.exe

C:\Windows\System\zFZueXK.exe

C:\Windows\System\hfWECzd.exe

C:\Windows\System\hfWECzd.exe

C:\Windows\System\DqovOWU.exe

C:\Windows\System\DqovOWU.exe

C:\Windows\System\lQemjmc.exe

C:\Windows\System\lQemjmc.exe

C:\Windows\System\VGDlewO.exe

C:\Windows\System\VGDlewO.exe

C:\Windows\System\yBCOODf.exe

C:\Windows\System\yBCOODf.exe

C:\Windows\System\CDgmclJ.exe

C:\Windows\System\CDgmclJ.exe

C:\Windows\System\WgETkIr.exe

C:\Windows\System\WgETkIr.exe

C:\Windows\System\darPjww.exe

C:\Windows\System\darPjww.exe

C:\Windows\System\luDouMo.exe

C:\Windows\System\luDouMo.exe

C:\Windows\System\EECoEym.exe

C:\Windows\System\EECoEym.exe

C:\Windows\System\Dmwlflu.exe

C:\Windows\System\Dmwlflu.exe

C:\Windows\System\vAFBuLE.exe

C:\Windows\System\vAFBuLE.exe

C:\Windows\System\TutSLCj.exe

C:\Windows\System\TutSLCj.exe

C:\Windows\System\PyPAbWS.exe

C:\Windows\System\PyPAbWS.exe

C:\Windows\System\nNUlLVY.exe

C:\Windows\System\nNUlLVY.exe

C:\Windows\System\MzhWivL.exe

C:\Windows\System\MzhWivL.exe

C:\Windows\System\iIobrjd.exe

C:\Windows\System\iIobrjd.exe

C:\Windows\System\CYiDJor.exe

C:\Windows\System\CYiDJor.exe

C:\Windows\System\jRZTxuI.exe

C:\Windows\System\jRZTxuI.exe

C:\Windows\System\tcQLmnU.exe

C:\Windows\System\tcQLmnU.exe

C:\Windows\System\ywjeNXA.exe

C:\Windows\System\ywjeNXA.exe

C:\Windows\System\mxoRxSi.exe

C:\Windows\System\mxoRxSi.exe

C:\Windows\System\DRchQbm.exe

C:\Windows\System\DRchQbm.exe

C:\Windows\System\lYwRQTh.exe

C:\Windows\System\lYwRQTh.exe

C:\Windows\System\QpXFwYW.exe

C:\Windows\System\QpXFwYW.exe

C:\Windows\System\KhODcLW.exe

C:\Windows\System\KhODcLW.exe

C:\Windows\System\AifJalx.exe

C:\Windows\System\AifJalx.exe

C:\Windows\System\CNUpGtd.exe

C:\Windows\System\CNUpGtd.exe

C:\Windows\System\baxbwsp.exe

C:\Windows\System\baxbwsp.exe

C:\Windows\System\urOZHGn.exe

C:\Windows\System\urOZHGn.exe

C:\Windows\System\EKcgOzy.exe

C:\Windows\System\EKcgOzy.exe

C:\Windows\System\BdBmsGn.exe

C:\Windows\System\BdBmsGn.exe

C:\Windows\System\SotRvtH.exe

C:\Windows\System\SotRvtH.exe

C:\Windows\System\XZxrVlQ.exe

C:\Windows\System\XZxrVlQ.exe

C:\Windows\System\aETxmlu.exe

C:\Windows\System\aETxmlu.exe

C:\Windows\System\hMUiRjk.exe

C:\Windows\System\hMUiRjk.exe

C:\Windows\System\dhfEpiX.exe

C:\Windows\System\dhfEpiX.exe

C:\Windows\System\gDOxXRo.exe

C:\Windows\System\gDOxXRo.exe

C:\Windows\System\mTpgKKP.exe

C:\Windows\System\mTpgKKP.exe

C:\Windows\System\wdzENaH.exe

C:\Windows\System\wdzENaH.exe

C:\Windows\System\aZESJtq.exe

C:\Windows\System\aZESJtq.exe

C:\Windows\System\uckUvkR.exe

C:\Windows\System\uckUvkR.exe

C:\Windows\System\XxdEdaR.exe

C:\Windows\System\XxdEdaR.exe

C:\Windows\System\OMTIxpv.exe

C:\Windows\System\OMTIxpv.exe

C:\Windows\System\vyaBnZl.exe

C:\Windows\System\vyaBnZl.exe

C:\Windows\System\tibnmiY.exe

C:\Windows\System\tibnmiY.exe

C:\Windows\System\hwVQRPj.exe

C:\Windows\System\hwVQRPj.exe

C:\Windows\System\fWdSElf.exe

C:\Windows\System\fWdSElf.exe

C:\Windows\System\mdHPrcq.exe

C:\Windows\System\mdHPrcq.exe

C:\Windows\System\scUQGbK.exe

C:\Windows\System\scUQGbK.exe

C:\Windows\System\wNhfstA.exe

C:\Windows\System\wNhfstA.exe

C:\Windows\System\reUDmhv.exe

C:\Windows\System\reUDmhv.exe

C:\Windows\System\LdYYCBv.exe

C:\Windows\System\LdYYCBv.exe

C:\Windows\System\rRAauNh.exe

C:\Windows\System\rRAauNh.exe

C:\Windows\System\RmJngJo.exe

C:\Windows\System\RmJngJo.exe

C:\Windows\System\zjjmdUi.exe

C:\Windows\System\zjjmdUi.exe

C:\Windows\System\mJuORGx.exe

C:\Windows\System\mJuORGx.exe

C:\Windows\System\wOQXDxZ.exe

C:\Windows\System\wOQXDxZ.exe

C:\Windows\System\ZEtppKX.exe

C:\Windows\System\ZEtppKX.exe

C:\Windows\System\LdOfzaO.exe

C:\Windows\System\LdOfzaO.exe

C:\Windows\System\AUImqQz.exe

C:\Windows\System\AUImqQz.exe

C:\Windows\System\SJYHgHt.exe

C:\Windows\System\SJYHgHt.exe

C:\Windows\System\DoodybD.exe

C:\Windows\System\DoodybD.exe

C:\Windows\System\unRvMmi.exe

C:\Windows\System\unRvMmi.exe

C:\Windows\System\uGjuvmX.exe

C:\Windows\System\uGjuvmX.exe

C:\Windows\System\epRoncs.exe

C:\Windows\System\epRoncs.exe

C:\Windows\System\WrWtIeL.exe

C:\Windows\System\WrWtIeL.exe

C:\Windows\System\dAfrcya.exe

C:\Windows\System\dAfrcya.exe

C:\Windows\System\MSuEdkX.exe

C:\Windows\System\MSuEdkX.exe

C:\Windows\System\STPGtDu.exe

C:\Windows\System\STPGtDu.exe

C:\Windows\System\ZJVCgIO.exe

C:\Windows\System\ZJVCgIO.exe

C:\Windows\System\qYuiHnF.exe

C:\Windows\System\qYuiHnF.exe

C:\Windows\System\iffEobf.exe

C:\Windows\System\iffEobf.exe

C:\Windows\System\voHTAZn.exe

C:\Windows\System\voHTAZn.exe

C:\Windows\System\GyXMepS.exe

C:\Windows\System\GyXMepS.exe

C:\Windows\System\VHBhxhb.exe

C:\Windows\System\VHBhxhb.exe

C:\Windows\System\LUIzkTs.exe

C:\Windows\System\LUIzkTs.exe

C:\Windows\System\muyEvTu.exe

C:\Windows\System\muyEvTu.exe

C:\Windows\System\lHASiFn.exe

C:\Windows\System\lHASiFn.exe

C:\Windows\System\iQXcDwC.exe

C:\Windows\System\iQXcDwC.exe

C:\Windows\System\bRjUUqb.exe

C:\Windows\System\bRjUUqb.exe

C:\Windows\System\IgJvURV.exe

C:\Windows\System\IgJvURV.exe

C:\Windows\System\iHeXETh.exe

C:\Windows\System\iHeXETh.exe

C:\Windows\System\nRQxhuw.exe

C:\Windows\System\nRQxhuw.exe

C:\Windows\System\FzfHRot.exe

C:\Windows\System\FzfHRot.exe

C:\Windows\System\dINTZtu.exe

C:\Windows\System\dINTZtu.exe

C:\Windows\System\dDrnHiL.exe

C:\Windows\System\dDrnHiL.exe

C:\Windows\System\lzOjndz.exe

C:\Windows\System\lzOjndz.exe

C:\Windows\System\OtuSjxt.exe

C:\Windows\System\OtuSjxt.exe

C:\Windows\System\OtvQPgc.exe

C:\Windows\System\OtvQPgc.exe

C:\Windows\System\LvevSRm.exe

C:\Windows\System\LvevSRm.exe

C:\Windows\System\ildjXWN.exe

C:\Windows\System\ildjXWN.exe

C:\Windows\System\gihirmU.exe

C:\Windows\System\gihirmU.exe

C:\Windows\System\jZCNWfE.exe

C:\Windows\System\jZCNWfE.exe

C:\Windows\System\rYsDDUb.exe

C:\Windows\System\rYsDDUb.exe

C:\Windows\System\tUfXmPX.exe

C:\Windows\System\tUfXmPX.exe

C:\Windows\System\FJllOmB.exe

C:\Windows\System\FJllOmB.exe

C:\Windows\System\xUAMdwu.exe

C:\Windows\System\xUAMdwu.exe

C:\Windows\System\CaQvuxz.exe

C:\Windows\System\CaQvuxz.exe

C:\Windows\System\ZGhgnJf.exe

C:\Windows\System\ZGhgnJf.exe

C:\Windows\System\XQBnBin.exe

C:\Windows\System\XQBnBin.exe

C:\Windows\System\MAraAQU.exe

C:\Windows\System\MAraAQU.exe

C:\Windows\System\cwofWGM.exe

C:\Windows\System\cwofWGM.exe

C:\Windows\System\mnGLTFK.exe

C:\Windows\System\mnGLTFK.exe

C:\Windows\System\yixymBn.exe

C:\Windows\System\yixymBn.exe

C:\Windows\System\tWYKByn.exe

C:\Windows\System\tWYKByn.exe

C:\Windows\System\KleUVYV.exe

C:\Windows\System\KleUVYV.exe

C:\Windows\System\QFbOySv.exe

C:\Windows\System\QFbOySv.exe

C:\Windows\System\ULGZeaj.exe

C:\Windows\System\ULGZeaj.exe

C:\Windows\System\elaKEKx.exe

C:\Windows\System\elaKEKx.exe

C:\Windows\System\cnQvqFW.exe

C:\Windows\System\cnQvqFW.exe

C:\Windows\System\twpsCPy.exe

C:\Windows\System\twpsCPy.exe

C:\Windows\System\gQOyeRT.exe

C:\Windows\System\gQOyeRT.exe

C:\Windows\System\RLcQtJm.exe

C:\Windows\System\RLcQtJm.exe

C:\Windows\System\JxnemSa.exe

C:\Windows\System\JxnemSa.exe

C:\Windows\System\HrYqNZu.exe

C:\Windows\System\HrYqNZu.exe

C:\Windows\System\xYPrLEj.exe

C:\Windows\System\xYPrLEj.exe

C:\Windows\System\OtTtHKk.exe

C:\Windows\System\OtTtHKk.exe

C:\Windows\System\OABuTsf.exe

C:\Windows\System\OABuTsf.exe

C:\Windows\System\hZmgDxk.exe

C:\Windows\System\hZmgDxk.exe

C:\Windows\System\mAXnjrn.exe

C:\Windows\System\mAXnjrn.exe

C:\Windows\System\VgdiHtz.exe

C:\Windows\System\VgdiHtz.exe

C:\Windows\System\daGTyrI.exe

C:\Windows\System\daGTyrI.exe

C:\Windows\System\LVaveZz.exe

C:\Windows\System\LVaveZz.exe

C:\Windows\System\LfFPYCz.exe

C:\Windows\System\LfFPYCz.exe

C:\Windows\System\NCsaFUU.exe

C:\Windows\System\NCsaFUU.exe

C:\Windows\System\sDwitfP.exe

C:\Windows\System\sDwitfP.exe

C:\Windows\System\lSKNHQq.exe

C:\Windows\System\lSKNHQq.exe

C:\Windows\System\RUyzBRm.exe

C:\Windows\System\RUyzBRm.exe

C:\Windows\System\XoBULfU.exe

C:\Windows\System\XoBULfU.exe

C:\Windows\System\AbnqzWF.exe

C:\Windows\System\AbnqzWF.exe

C:\Windows\System\sJdkGlX.exe

C:\Windows\System\sJdkGlX.exe

C:\Windows\System\WpAYeBO.exe

C:\Windows\System\WpAYeBO.exe

C:\Windows\System\CMGVMUK.exe

C:\Windows\System\CMGVMUK.exe

C:\Windows\System\GxpdbIJ.exe

C:\Windows\System\GxpdbIJ.exe

C:\Windows\System\egBsfdq.exe

C:\Windows\System\egBsfdq.exe

C:\Windows\System\FixwJQD.exe

C:\Windows\System\FixwJQD.exe

C:\Windows\System\fUGDEah.exe

C:\Windows\System\fUGDEah.exe

C:\Windows\System\ACewykB.exe

C:\Windows\System\ACewykB.exe

C:\Windows\System\kmwZMxD.exe

C:\Windows\System\kmwZMxD.exe

C:\Windows\System\FPoXmkX.exe

C:\Windows\System\FPoXmkX.exe

C:\Windows\System\MbZxxXk.exe

C:\Windows\System\MbZxxXk.exe

C:\Windows\System\hYmTYtb.exe

C:\Windows\System\hYmTYtb.exe

C:\Windows\System\APuUapg.exe

C:\Windows\System\APuUapg.exe

C:\Windows\System\VBdpdWU.exe

C:\Windows\System\VBdpdWU.exe

C:\Windows\System\LvzzMww.exe

C:\Windows\System\LvzzMww.exe

C:\Windows\System\dJAwlYM.exe

C:\Windows\System\dJAwlYM.exe

C:\Windows\System\VlaIEqB.exe

C:\Windows\System\VlaIEqB.exe

C:\Windows\System\HjhzghU.exe

C:\Windows\System\HjhzghU.exe

C:\Windows\System\EUGjzwk.exe

C:\Windows\System\EUGjzwk.exe

C:\Windows\System\ccQOpmJ.exe

C:\Windows\System\ccQOpmJ.exe

C:\Windows\System\mjNnsNf.exe

C:\Windows\System\mjNnsNf.exe

C:\Windows\System\hLcHZjd.exe

C:\Windows\System\hLcHZjd.exe

C:\Windows\System\YRidZLT.exe

C:\Windows\System\YRidZLT.exe

C:\Windows\System\KtObrJa.exe

C:\Windows\System\KtObrJa.exe

C:\Windows\System\OTRxEEC.exe

C:\Windows\System\OTRxEEC.exe

C:\Windows\System\pEKCYYl.exe

C:\Windows\System\pEKCYYl.exe

C:\Windows\System\jQTLuog.exe

C:\Windows\System\jQTLuog.exe

C:\Windows\System\UhDmHDc.exe

C:\Windows\System\UhDmHDc.exe

C:\Windows\System\gLmzGHm.exe

C:\Windows\System\gLmzGHm.exe

C:\Windows\System\JQIAaks.exe

C:\Windows\System\JQIAaks.exe

C:\Windows\System\odltpoF.exe

C:\Windows\System\odltpoF.exe

C:\Windows\System\IkFPzpy.exe

C:\Windows\System\IkFPzpy.exe

C:\Windows\System\KPoBppH.exe

C:\Windows\System\KPoBppH.exe

C:\Windows\System\ZPxoPsI.exe

C:\Windows\System\ZPxoPsI.exe

C:\Windows\System\Atgacfw.exe

C:\Windows\System\Atgacfw.exe

C:\Windows\System\ooFfFPa.exe

C:\Windows\System\ooFfFPa.exe

C:\Windows\System\BNaoPaA.exe

C:\Windows\System\BNaoPaA.exe

C:\Windows\System\rZEyLyK.exe

C:\Windows\System\rZEyLyK.exe

C:\Windows\System\CTGHrRV.exe

C:\Windows\System\CTGHrRV.exe

C:\Windows\System\EasFFhg.exe

C:\Windows\System\EasFFhg.exe

C:\Windows\System\QNlwzgH.exe

C:\Windows\System\QNlwzgH.exe

C:\Windows\System\oNqEfSo.exe

C:\Windows\System\oNqEfSo.exe

C:\Windows\System\CoauByN.exe

C:\Windows\System\CoauByN.exe

C:\Windows\System\UixeOVy.exe

C:\Windows\System\UixeOVy.exe

C:\Windows\System\nnSFqhj.exe

C:\Windows\System\nnSFqhj.exe

C:\Windows\System\XpoihDa.exe

C:\Windows\System\XpoihDa.exe

C:\Windows\System\qeXssZH.exe

C:\Windows\System\qeXssZH.exe

C:\Windows\System\KGpeBWL.exe

C:\Windows\System\KGpeBWL.exe

C:\Windows\System\FrEkoWK.exe

C:\Windows\System\FrEkoWK.exe

C:\Windows\System\QtjUGzy.exe

C:\Windows\System\QtjUGzy.exe

C:\Windows\System\gKCqyLq.exe

C:\Windows\System\gKCqyLq.exe

C:\Windows\System\kRwoNtr.exe

C:\Windows\System\kRwoNtr.exe

C:\Windows\System\DrVzTKq.exe

C:\Windows\System\DrVzTKq.exe

C:\Windows\System\Uuqcsll.exe

C:\Windows\System\Uuqcsll.exe

C:\Windows\System\TZUynGq.exe

C:\Windows\System\TZUynGq.exe

C:\Windows\System\woUZIsz.exe

C:\Windows\System\woUZIsz.exe

C:\Windows\System\IFxLsag.exe

C:\Windows\System\IFxLsag.exe

C:\Windows\System\qnSqbHu.exe

C:\Windows\System\qnSqbHu.exe

C:\Windows\System\jcRLMMh.exe

C:\Windows\System\jcRLMMh.exe

C:\Windows\System\lyWzjdI.exe

C:\Windows\System\lyWzjdI.exe

C:\Windows\System\MrzREGc.exe

C:\Windows\System\MrzREGc.exe

C:\Windows\System\SJAgmup.exe

C:\Windows\System\SJAgmup.exe

C:\Windows\System\RJIZncl.exe

C:\Windows\System\RJIZncl.exe

C:\Windows\System\MxdxDli.exe

C:\Windows\System\MxdxDli.exe

C:\Windows\System\ASeGXBt.exe

C:\Windows\System\ASeGXBt.exe

C:\Windows\System\LdBLkGj.exe

C:\Windows\System\LdBLkGj.exe

C:\Windows\System\meqmMQB.exe

C:\Windows\System\meqmMQB.exe

C:\Windows\System\xhERrmt.exe

C:\Windows\System\xhERrmt.exe

C:\Windows\System\ilxMymF.exe

C:\Windows\System\ilxMymF.exe

C:\Windows\System\FNWYFNg.exe

C:\Windows\System\FNWYFNg.exe

C:\Windows\System\tfoHsjH.exe

C:\Windows\System\tfoHsjH.exe

C:\Windows\System\eEXLXLz.exe

C:\Windows\System\eEXLXLz.exe

C:\Windows\System\lTuZXpn.exe

C:\Windows\System\lTuZXpn.exe

C:\Windows\System\YXFdasG.exe

C:\Windows\System\YXFdasG.exe

C:\Windows\System\jZZBEbt.exe

C:\Windows\System\jZZBEbt.exe

C:\Windows\System\ewjUavT.exe

C:\Windows\System\ewjUavT.exe

C:\Windows\System\irOimEB.exe

C:\Windows\System\irOimEB.exe

C:\Windows\System\usCPGjT.exe

C:\Windows\System\usCPGjT.exe

C:\Windows\System\AtzHDgD.exe

C:\Windows\System\AtzHDgD.exe

C:\Windows\System\gRvQvwa.exe

C:\Windows\System\gRvQvwa.exe

C:\Windows\System\yYeLuAD.exe

C:\Windows\System\yYeLuAD.exe

C:\Windows\System\iMqVrlq.exe

C:\Windows\System\iMqVrlq.exe

C:\Windows\System\COMVTSB.exe

C:\Windows\System\COMVTSB.exe

C:\Windows\System\RBJMfbX.exe

C:\Windows\System\RBJMfbX.exe

C:\Windows\System\hsQaPNd.exe

C:\Windows\System\hsQaPNd.exe

C:\Windows\System\ZlFcmKa.exe

C:\Windows\System\ZlFcmKa.exe

C:\Windows\System\DYRLqaK.exe

C:\Windows\System\DYRLqaK.exe

C:\Windows\System\JsmZWfI.exe

C:\Windows\System\JsmZWfI.exe

C:\Windows\System\JoLjcTQ.exe

C:\Windows\System\JoLjcTQ.exe

C:\Windows\System\VyAkSgx.exe

C:\Windows\System\VyAkSgx.exe

C:\Windows\System\DssTrwb.exe

C:\Windows\System\DssTrwb.exe

C:\Windows\System\HtBlfHp.exe

C:\Windows\System\HtBlfHp.exe

C:\Windows\System\KcuoASb.exe

C:\Windows\System\KcuoASb.exe

C:\Windows\System\WrNYAnQ.exe

C:\Windows\System\WrNYAnQ.exe

C:\Windows\System\lKlSJhs.exe

C:\Windows\System\lKlSJhs.exe

C:\Windows\System\PcjFSnY.exe

C:\Windows\System\PcjFSnY.exe

C:\Windows\System\dbjHKSn.exe

C:\Windows\System\dbjHKSn.exe

C:\Windows\System\yPJMiSp.exe

C:\Windows\System\yPJMiSp.exe

C:\Windows\System\bEbwJQB.exe

C:\Windows\System\bEbwJQB.exe

C:\Windows\System\KLtWcGw.exe

C:\Windows\System\KLtWcGw.exe

C:\Windows\System\eYXzYzI.exe

C:\Windows\System\eYXzYzI.exe

C:\Windows\System\ODHGntx.exe

C:\Windows\System\ODHGntx.exe

C:\Windows\System\pkjNglb.exe

C:\Windows\System\pkjNglb.exe

C:\Windows\System\qwztgNp.exe

C:\Windows\System\qwztgNp.exe

C:\Windows\System\GhKqzno.exe

C:\Windows\System\GhKqzno.exe

C:\Windows\System\IQLlOZo.exe

C:\Windows\System\IQLlOZo.exe

C:\Windows\System\aJDxDlQ.exe

C:\Windows\System\aJDxDlQ.exe

C:\Windows\System\KgVJGVf.exe

C:\Windows\System\KgVJGVf.exe

C:\Windows\System\xTEsLyX.exe

C:\Windows\System\xTEsLyX.exe

C:\Windows\System\IpvlcrQ.exe

C:\Windows\System\IpvlcrQ.exe

C:\Windows\System\SjAEfxw.exe

C:\Windows\System\SjAEfxw.exe

C:\Windows\System\WNsxPNL.exe

C:\Windows\System\WNsxPNL.exe

C:\Windows\System\QGGPeou.exe

C:\Windows\System\QGGPeou.exe

C:\Windows\System\NKrDnMD.exe

C:\Windows\System\NKrDnMD.exe

C:\Windows\System\WknZaiy.exe

C:\Windows\System\WknZaiy.exe

C:\Windows\System\oJWGjzP.exe

C:\Windows\System\oJWGjzP.exe

C:\Windows\System\pzwpZNu.exe

C:\Windows\System\pzwpZNu.exe

C:\Windows\System\AvQKORM.exe

C:\Windows\System\AvQKORM.exe

C:\Windows\System\LRFlKYC.exe

C:\Windows\System\LRFlKYC.exe

C:\Windows\System\GEHIMEh.exe

C:\Windows\System\GEHIMEh.exe

C:\Windows\System\fQerDPa.exe

C:\Windows\System\fQerDPa.exe

C:\Windows\System\AgUcQzr.exe

C:\Windows\System\AgUcQzr.exe

C:\Windows\System\tunbMwx.exe

C:\Windows\System\tunbMwx.exe

C:\Windows\System\APHIIDS.exe

C:\Windows\System\APHIIDS.exe

C:\Windows\System\GAlsnWU.exe

C:\Windows\System\GAlsnWU.exe

C:\Windows\System\xmNmugZ.exe

C:\Windows\System\xmNmugZ.exe

C:\Windows\System\pNhGPOP.exe

C:\Windows\System\pNhGPOP.exe

C:\Windows\System\FDTWBzB.exe

C:\Windows\System\FDTWBzB.exe

C:\Windows\System\BJWgMfb.exe

C:\Windows\System\BJWgMfb.exe

C:\Windows\System\MSUTclj.exe

C:\Windows\System\MSUTclj.exe

C:\Windows\System\ZeOFWbG.exe

C:\Windows\System\ZeOFWbG.exe

C:\Windows\System\VABgmpi.exe

C:\Windows\System\VABgmpi.exe

C:\Windows\System\ZHWCyCW.exe

C:\Windows\System\ZHWCyCW.exe

C:\Windows\System\LbixVsh.exe

C:\Windows\System\LbixVsh.exe

C:\Windows\System\glIykKG.exe

C:\Windows\System\glIykKG.exe

C:\Windows\System\bDAPDRr.exe

C:\Windows\System\bDAPDRr.exe

C:\Windows\System\oQetFnt.exe

C:\Windows\System\oQetFnt.exe

C:\Windows\System\uZKpELO.exe

C:\Windows\System\uZKpELO.exe

C:\Windows\System\wYmnBZR.exe

C:\Windows\System\wYmnBZR.exe

C:\Windows\System\ooKGQac.exe

C:\Windows\System\ooKGQac.exe

C:\Windows\System\fTymQyI.exe

C:\Windows\System\fTymQyI.exe

C:\Windows\System\rWpNjtK.exe

C:\Windows\System\rWpNjtK.exe

C:\Windows\System\GyeHVUf.exe

C:\Windows\System\GyeHVUf.exe

C:\Windows\System\aiKeMHz.exe

C:\Windows\System\aiKeMHz.exe

C:\Windows\System\ADOWQnO.exe

C:\Windows\System\ADOWQnO.exe

C:\Windows\System\vDdJdwS.exe

C:\Windows\System\vDdJdwS.exe

C:\Windows\System\gNXqQTJ.exe

C:\Windows\System\gNXqQTJ.exe

C:\Windows\System\QsQrdpB.exe

C:\Windows\System\QsQrdpB.exe

C:\Windows\System\FuATwVz.exe

C:\Windows\System\FuATwVz.exe

C:\Windows\System\LxAWras.exe

C:\Windows\System\LxAWras.exe

C:\Windows\System\gBmBLzu.exe

C:\Windows\System\gBmBLzu.exe

C:\Windows\System\kEnFTEB.exe

C:\Windows\System\kEnFTEB.exe

C:\Windows\System\JRUFozO.exe

C:\Windows\System\JRUFozO.exe

C:\Windows\System\NSONWEU.exe

C:\Windows\System\NSONWEU.exe

C:\Windows\System\faGmyDE.exe

C:\Windows\System\faGmyDE.exe

C:\Windows\System\bItdCEb.exe

C:\Windows\System\bItdCEb.exe

C:\Windows\System\YnugsEX.exe

C:\Windows\System\YnugsEX.exe

C:\Windows\System\VdlTPkA.exe

C:\Windows\System\VdlTPkA.exe

C:\Windows\System\cWbTZXI.exe

C:\Windows\System\cWbTZXI.exe

C:\Windows\System\xZttTpt.exe

C:\Windows\System\xZttTpt.exe

C:\Windows\System\FmApHcz.exe

C:\Windows\System\FmApHcz.exe

C:\Windows\System\qFxZzPk.exe

C:\Windows\System\qFxZzPk.exe

C:\Windows\System\icNEbBO.exe

C:\Windows\System\icNEbBO.exe

C:\Windows\System\ZGEufhf.exe

C:\Windows\System\ZGEufhf.exe

C:\Windows\System\YNQEjLz.exe

C:\Windows\System\YNQEjLz.exe

C:\Windows\System\XFQPLAw.exe

C:\Windows\System\XFQPLAw.exe

C:\Windows\System\RTunuKP.exe

C:\Windows\System\RTunuKP.exe

C:\Windows\System\rUqzIhI.exe

C:\Windows\System\rUqzIhI.exe

C:\Windows\System\hziIDkV.exe

C:\Windows\System\hziIDkV.exe

C:\Windows\System\MIIwzgG.exe

C:\Windows\System\MIIwzgG.exe

C:\Windows\System\OHAOuzs.exe

C:\Windows\System\OHAOuzs.exe

C:\Windows\System\ZlUxVag.exe

C:\Windows\System\ZlUxVag.exe

C:\Windows\System\moDmKOh.exe

C:\Windows\System\moDmKOh.exe

C:\Windows\System\rFqxyAM.exe

C:\Windows\System\rFqxyAM.exe

C:\Windows\System\HgcchOy.exe

C:\Windows\System\HgcchOy.exe

C:\Windows\System\qkYyuoB.exe

C:\Windows\System\qkYyuoB.exe

C:\Windows\System\pciSkby.exe

C:\Windows\System\pciSkby.exe

C:\Windows\System\XJsYZJz.exe

C:\Windows\System\XJsYZJz.exe

C:\Windows\System\IzYPAYl.exe

C:\Windows\System\IzYPAYl.exe

C:\Windows\System\lMKdFpQ.exe

C:\Windows\System\lMKdFpQ.exe

C:\Windows\System\yYhgcUU.exe

C:\Windows\System\yYhgcUU.exe

C:\Windows\System\lnBfXZI.exe

C:\Windows\System\lnBfXZI.exe

C:\Windows\System\FFGdhPS.exe

C:\Windows\System\FFGdhPS.exe

C:\Windows\System\tcHpqfR.exe

C:\Windows\System\tcHpqfR.exe

C:\Windows\System\QGejhKN.exe

C:\Windows\System\QGejhKN.exe

C:\Windows\System\pnDPnLr.exe

C:\Windows\System\pnDPnLr.exe

C:\Windows\System\WLRYqCg.exe

C:\Windows\System\WLRYqCg.exe

C:\Windows\System\xMSOpLo.exe

C:\Windows\System\xMSOpLo.exe

C:\Windows\System\wzwJTuf.exe

C:\Windows\System\wzwJTuf.exe

C:\Windows\System\RlwYmDJ.exe

C:\Windows\System\RlwYmDJ.exe

C:\Windows\System\bNZXmYR.exe

C:\Windows\System\bNZXmYR.exe

C:\Windows\System\ZzGhEEX.exe

C:\Windows\System\ZzGhEEX.exe

C:\Windows\System\hcQaxpi.exe

C:\Windows\System\hcQaxpi.exe

C:\Windows\System\AsvqSjN.exe

C:\Windows\System\AsvqSjN.exe

C:\Windows\System\XuwypFp.exe

C:\Windows\System\XuwypFp.exe

C:\Windows\System\LOlsMlX.exe

C:\Windows\System\LOlsMlX.exe

C:\Windows\System\ZqvDMlj.exe

C:\Windows\System\ZqvDMlj.exe

C:\Windows\System\KUgFFcP.exe

C:\Windows\System\KUgFFcP.exe

C:\Windows\System\VCDiiRR.exe

C:\Windows\System\VCDiiRR.exe

C:\Windows\System\ZfNeLae.exe

C:\Windows\System\ZfNeLae.exe

C:\Windows\System\kAlNPKC.exe

C:\Windows\System\kAlNPKC.exe

C:\Windows\System\XkPvHxe.exe

C:\Windows\System\XkPvHxe.exe

C:\Windows\System\edsXTyT.exe

C:\Windows\System\edsXTyT.exe

C:\Windows\System\NiYzBye.exe

C:\Windows\System\NiYzBye.exe

C:\Windows\System\QlnQwwC.exe

C:\Windows\System\QlnQwwC.exe

C:\Windows\System\THXGbwe.exe

C:\Windows\System\THXGbwe.exe

C:\Windows\System\KabzbPL.exe

C:\Windows\System\KabzbPL.exe

C:\Windows\System\UjquZdH.exe

C:\Windows\System\UjquZdH.exe

C:\Windows\System\DMrlNmp.exe

C:\Windows\System\DMrlNmp.exe

C:\Windows\System\JGYTUWx.exe

C:\Windows\System\JGYTUWx.exe

C:\Windows\System\eUOgHPv.exe

C:\Windows\System\eUOgHPv.exe

C:\Windows\System\kjhFeAV.exe

C:\Windows\System\kjhFeAV.exe

C:\Windows\System\QWtySPr.exe

C:\Windows\System\QWtySPr.exe

C:\Windows\System\nlyfQfO.exe

C:\Windows\System\nlyfQfO.exe

C:\Windows\System\qGRXExX.exe

C:\Windows\System\qGRXExX.exe

C:\Windows\System\uVJURRo.exe

C:\Windows\System\uVJURRo.exe

C:\Windows\System\yFPPwAp.exe

C:\Windows\System\yFPPwAp.exe

C:\Windows\System\tDFXETd.exe

C:\Windows\System\tDFXETd.exe

C:\Windows\System\OkhCXVY.exe

C:\Windows\System\OkhCXVY.exe

C:\Windows\System\sTnQZnO.exe

C:\Windows\System\sTnQZnO.exe

C:\Windows\System\GyzilJa.exe

C:\Windows\System\GyzilJa.exe

C:\Windows\System\SCQvxFJ.exe

C:\Windows\System\SCQvxFJ.exe

C:\Windows\System\VdIsYKx.exe

C:\Windows\System\VdIsYKx.exe

C:\Windows\System\XDMzVeM.exe

C:\Windows\System\XDMzVeM.exe

C:\Windows\System\DMbvznw.exe

C:\Windows\System\DMbvznw.exe

C:\Windows\System\uszNCSO.exe

C:\Windows\System\uszNCSO.exe

C:\Windows\System\BlNmXRR.exe

C:\Windows\System\BlNmXRR.exe

C:\Windows\System\BfdiBqH.exe

C:\Windows\System\BfdiBqH.exe

C:\Windows\System\hqZHrGl.exe

C:\Windows\System\hqZHrGl.exe

C:\Windows\System\RNvIPQl.exe

C:\Windows\System\RNvIPQl.exe

C:\Windows\System\nSpVegu.exe

C:\Windows\System\nSpVegu.exe

C:\Windows\System\gsmPWzK.exe

C:\Windows\System\gsmPWzK.exe

C:\Windows\System\awMjjVz.exe

C:\Windows\System\awMjjVz.exe

C:\Windows\System\ghrlsNP.exe

C:\Windows\System\ghrlsNP.exe

C:\Windows\System\FmWtvsU.exe

C:\Windows\System\FmWtvsU.exe

C:\Windows\System\KZCcYhS.exe

C:\Windows\System\KZCcYhS.exe

C:\Windows\System\OzClSpK.exe

C:\Windows\System\OzClSpK.exe

C:\Windows\System\TMHpImc.exe

C:\Windows\System\TMHpImc.exe

C:\Windows\System\mMzIvFh.exe

C:\Windows\System\mMzIvFh.exe

C:\Windows\System\eoQRHpa.exe

C:\Windows\System\eoQRHpa.exe

C:\Windows\System\DZNdZkQ.exe

C:\Windows\System\DZNdZkQ.exe

C:\Windows\System\klhHJEl.exe

C:\Windows\System\klhHJEl.exe

C:\Windows\System\BUVWQiP.exe

C:\Windows\System\BUVWQiP.exe

C:\Windows\System\QqdISha.exe

C:\Windows\System\QqdISha.exe

C:\Windows\System\DRZyRlB.exe

C:\Windows\System\DRZyRlB.exe

C:\Windows\System\bfgxPrU.exe

C:\Windows\System\bfgxPrU.exe

C:\Windows\System\MHERUYr.exe

C:\Windows\System\MHERUYr.exe

C:\Windows\System\PufhRWU.exe

C:\Windows\System\PufhRWU.exe

C:\Windows\System\votDWaw.exe

C:\Windows\System\votDWaw.exe

C:\Windows\System\zyaxsxW.exe

C:\Windows\System\zyaxsxW.exe

C:\Windows\System\fYgEdgZ.exe

C:\Windows\System\fYgEdgZ.exe

C:\Windows\System\QYcfGwn.exe

C:\Windows\System\QYcfGwn.exe

C:\Windows\System\iPjkVhF.exe

C:\Windows\System\iPjkVhF.exe

C:\Windows\System\usKKqTX.exe

C:\Windows\System\usKKqTX.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1972-1-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2920-9-0x000000013FA90000-0x000000013FE82000-memory.dmp

C:\Windows\system\DLnmYig.exe

MD5 6abe562602b1a2f15b7e14d385045f2b
SHA1 4afd67bd27967fd8c58e36561792f7a1a359145b
SHA256 a6401327afc5004bdccf4107657a36caaee48b1c4438fc4749a71dc7f1de79e9
SHA512 cf1c4272c3f53d37950c4518381f5a9777f3ff6222603f152f67fe48370b18f1e859ba52cfdce043a0c1753f1bdfb2da08e078a4a5db5e3fe1bb7bbff60be9b1

memory/1972-6-0x000000013FA90000-0x000000013FE82000-memory.dmp

memory/1972-0-0x000000013F100000-0x000000013F4F2000-memory.dmp

\Windows\system\ySsGLEI.exe

MD5 dbc843c6dfd68b27fd7f3692bfc8dc5f
SHA1 b2398d3b5abaae8ef7186fa58beefac7d643734b
SHA256 eb9d9dca0d8a42066e8819a50a6905c741fd35004912c54ab9d5c5d02c1d53a5
SHA512 28d91a65186789544dc7750711ec819492d1de937c7f51948b1f0193eccaf13e5b608f5546452765e30f87695a57b475d75988231e2af665afe5af05e6e51c5d

C:\Windows\system\sWUNRvu.exe

MD5 fcd8d42edc5d0a6f1703d9bb91f122e9
SHA1 154789a4327940d0cf457074d3bd191b6d4f66f1
SHA256 7523d76927c2c9fcb59c505902ca375674194eb5224b91d7cd30b481e9709133
SHA512 9aa32b8abbaca34e365550acd476002f0ed9ecb94e30f7eb9fcc9900ea11a42e7d56ea3d224165fb9dd4e03c330bf38279347020c2873872888acace72b3e438

memory/2604-20-0x000007FEF58CE000-0x000007FEF58CF000-memory.dmp

memory/2636-19-0x000000013F560000-0x000000013F952000-memory.dmp

memory/1972-13-0x000000013F560000-0x000000013F952000-memory.dmp

\Windows\system\fcHizFy.exe

MD5 b5cd5081bf724df83277c88e7e64b1ac
SHA1 2f9c3b44f741df1403e6b8a2c2071478b9442566
SHA256 2a231fd6d7706884f26cd0099426c7e86d51e206adcbb42b9ec5c757c2ec960e
SHA512 be8adffbb226a61b099fde27aea64fdde1f023e639199a8e4bb547a1638b5cdda0e3bc8ea05e09a05663ebabf7f5c00f3e9dab68da02070c9a6e669f9df63a43

C:\Windows\system\UdkiZFK.exe

MD5 96bbddacfd87d5010eb9b03bba496a24
SHA1 3accfdc9eac6ff79d980caeed44dd21dfb65b81e
SHA256 6452a08ade7ac889f85906ff7598867973b1282201546571c92a35ec9eb79ef2
SHA512 073727372b9d01dd3e88f8b93490dbb2d1649379a3beb245e14dc43f7a765abfe324cc4a93c608e63334498b8c87833d019cf7417dbebc6952523dd693c5273a

memory/2604-46-0x000000001B780000-0x000000001BA62000-memory.dmp

C:\Windows\system\vePzgUi.exe

MD5 ba63c9d7379fcda684b2d1d92b3e44f7
SHA1 79ad91c0c5393b734e5becc3826ed66b1c20a5c9
SHA256 08ac5969ebd03ddfa2985f1737498082f679339ccfbe0e3cecb4f8f68a159353
SHA512 994d2ecdea2793473919b88f45242b2434ccbebda81fffe505c9265d9d33415e3c8eed452dd8af1265533a0c8c8a25f2d93a3cc030d0261037ff36e46025ceb4

memory/2604-52-0x0000000001E60000-0x0000000001E68000-memory.dmp

\Windows\system\imLBGdk.exe

MD5 5dc24a28f403db60c6b1bb673ba04d4c
SHA1 d964ecb00043591df641b616910f83dc6244add6
SHA256 7b6afcfaaf2e4124c6e8dc3d8dcaad23734e00293a342294f0314543d6cbf183
SHA512 28d3fc4fd220106d2e2d6d811ffa41ee3801d17174779364f9e14a87039151e6e1ca055aaf6dd331fbb33444d1e3b838be0505032c11652184a4efb6e82f6569

memory/2676-70-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

memory/2644-72-0x000000013F370000-0x000000013F762000-memory.dmp

memory/1972-73-0x00000000037D0000-0x0000000003BC2000-memory.dmp

memory/2432-74-0x000000013F430000-0x000000013F822000-memory.dmp

memory/2884-78-0x000000013F520000-0x000000013F912000-memory.dmp

memory/2604-83-0x000007FEF5610000-0x000007FEF5FAD000-memory.dmp

memory/1556-85-0x000000013FA30000-0x000000013FE22000-memory.dmp

memory/1972-89-0x000000013F880000-0x000000013FC72000-memory.dmp

\Windows\system\gNNSoeX.exe

MD5 9ab3c652b179ddefa86a691b33abcf30
SHA1 d4d58860de3e4e2c2de2ff7fc0cf4fa890731b2d
SHA256 16456413f6fbfb56fb731c5241a6f50d5e04f725f18411db48b186dc81516968
SHA512 73bf16defcf7292b42b7b61cd9429fda40ee13ff280707f57233b64ecb35ec811f3022951a8be984f58efee3628f31ae2f3e9722bd7b0029a911544315c0bf0d

memory/1636-97-0x000000013FA40000-0x000000013FE32000-memory.dmp

memory/1972-99-0x000000013FD10000-0x0000000140102000-memory.dmp

C:\Windows\system\eKaNPuc.exe

MD5 1ec21322cda96ac6b9ea4fdb00c82fdb
SHA1 7d3bfeb7ba90a12d664d029b40ea191459138e3d
SHA256 5c1607d7ffbe8d2585ff2d3e62f33372ce51d2924470beec500b1a6461c28ce2
SHA512 8554724e9ec61203f3815e025f8adbe527a69c97af0df2367828d48efdf404730d19d76a574bca8ba5f4c0003f4550ac5b72c4be7840c0be6a909d2d19f1523b

C:\Windows\system\QXNpYhC.exe

MD5 51c14946f182690b91edc9ca7e92d37d
SHA1 a7739190425b958b477217347eb132952e89e613
SHA256 f8c84bb045faeb39e9d4b35f574d38382599f92e91af6a5c8592d6a10c4bd535
SHA512 b0af35be03103d08299da9e5663859a2cbc0b9730bd9eb3b240be9563af6e1323276b35370a04bd763bc8d73e9257adf203c4962960b2a64079f5858720b5b52

\Windows\system\CtKQmNv.exe

MD5 904565144d9fafae5ef6c52c57dec53d
SHA1 7852b0dfbdeee92c6bd12f36b17295f6f26acb71
SHA256 90918ea1be507205235216348192c031d529e88a65c5822d7f5652affdc3b41e
SHA512 a3325102b532a50e11cd12e78e40efc77016dd769a0d14bfe169fd88802abdb71cb3687cd3d9509eebff652b25a411c0bd1a4e7ee360bddd7b0d243f84c28d54

\Windows\system\CVZCcQs.exe

MD5 5507e9973b7602e92278de095d804529
SHA1 47769653f311e93a2c8bbf61611d940f19579cac
SHA256 32aa8a7454a89403475e5c68247cc4bca509e6e8044e090c545c548f4786136c
SHA512 fc7d2d7a5a9bfaf9cd79cab4013f4fe221f66dce35d8c390b43cbb5e4e8106057fb299adfcdc75d9c13b1c77f8c09466f40517f8cb7d755a602689e676686e06

memory/2604-60-0x000007FEF5610000-0x000007FEF5FAD000-memory.dmp

\Windows\system\LDyaKvB.exe

MD5 8ea13267e1552032f8abb1e4f36fd526
SHA1 43025261f6d2210c9f1dfa16c536bc163808bd35
SHA256 d8aed3da2b428d18f975ada009d1defe35baa8d94e6b7af6d19a38fa7190c1a3
SHA512 ca6ba20bf19f2f2afbf1b57614261ec8fd72912d5a722ea78c9647eabc1fa3af9e769d750f38f93573a6298a08b1161da28c2c1d56027273f938c0a812db36bd

C:\Windows\system\PpTdPns.exe

MD5 b21ea5fa0e41e21a3c18d8ae26fa3b1b
SHA1 5117ca2f6b8f297aadc721e63b2288bc55eb2d71
SHA256 eeb448c79b848aad90e3917cdbb9d2a5dcd96f2d0a25fedc536efc7b7a7b1293
SHA512 da6c3dd9e0c18cb28c7761fac5892833cccfd70bd3b2003e716138ed52e5cc5a399de8cec33ee12e23859698319d2c014e0a5aba3aa151ce09a6110151123f9e

C:\Windows\system\nccYEWy.exe

MD5 e2a2c4c3696fa0caeaf5971199412106
SHA1 c4f6a55865f9bff803f9637993c759729115457d
SHA256 1737222e0dbb306eace78e34048cdf315aea5a82ee252e889e3b4047700e6659
SHA512 3e8d02c530d36b95352c5df58edb1a37c5e080591a4d2aa34d21ce58d87c8fd9370a43c7efb06907f340120824690b7797cdd4fa7acea70cf3cf803a479543d1

C:\Windows\system\htPXEEn.exe

MD5 3eaddc4c0ec671902492746b3856f251
SHA1 889f83d7e1bd221d9b6fc59f2753640596d87963
SHA256 b53c9d9af9309b705ce5864b4a05151260f43d4eeee579800b370641be25a648
SHA512 3b96c02f3c4d6e0738c8e157c7744c25dea7c02b46fbbdd098a2bd81a04b8ace1b39eed58234c6a28797b87a83835deffe77fac3f9e20a5fb03fdb3822a85df2

\Windows\system\lPbtell.exe

MD5 3d03287e73ad2a7caf9546d1a88dd177
SHA1 bcc0fe48d7d806e7fbd0c23b5188a79423957c2b
SHA256 c55ac578fb1c16023ab4de57eb265e6544f5308b1ca23ce50c9ce987167de0b4
SHA512 626365ee1cce515a61aaee9de370762d4ebcca82353c27b379ab2ead87d1ccf1f8729ea1bfb2cf99326793a1314f25169c41a018d3927f79c3b7098051e07f9a

\Windows\system\ElVGVrK.exe

MD5 1e6bb9c7fc3decd2d0606af4d15671a9
SHA1 df9189c1b3376018888cdd925af7dfab6b8b59e8
SHA256 a2b0169c5923fa3f31fa29731b311949e9e9b43000ce7dba3fe562aae3acbd66
SHA512 f61c1bcf03eafe81661bc9c65e6c45ce22e26ca5070322f49eee6b9a47b527b6cd421735b90866f1e002f382776b38fab2472306d7c88fade204b7a82c9c1f61

\Windows\system\pcfKoCL.exe

MD5 bcd2429ae35814b8ea496765cf5874f9
SHA1 6ae957d79bf74fce3964cb62d7f7b5f8e96c4a2f
SHA256 ec38bf6c94a04c64e44c34cfe26b6f23c446c01d49c9f2028bcccd73e8cc2694
SHA512 18e9760495106ca5433f8de8e00022988b3898332771fcebb83a331b87ca032acb88c9f9d42c2cb3aea207cbb8e4b04313cb68b8d22a78796dd190671e295350

\Windows\system\AvhDXkF.exe

MD5 02bdf487fa8ea639ed7b164c77d0b98e
SHA1 3e1aa154f39fbd7de36e6d5dd06561fd30825b65
SHA256 3f80e798953bc2eef0a208427d5f15f8597f05109c42f7aeff1e9d22a5143d88
SHA512 e8289251d76b65ddebce17d950debb8932a471adf209e787c8618fc30014fdba19349e597285118ae3508b28a0a31bad8fff71d9a6e440d1854707b1bfaef048

\Windows\system\ZFLRAzP.exe

MD5 62235b6fd63a3ac969999b51c2b454d4
SHA1 ab8c4e7b2b3a38a1e12d51ba01cc07e577b0a23e
SHA256 a572a8bdc30421783f718cad7fd8c9eb3a27f23e80ba229ec058ab6ce5b12930
SHA512 ace17d3016329c0eea70586783b0290adc6641fcca887e7085ba3f8c201f682b679c695d71e5312b915914bac52acf496254e6cee0936f3e311df4940481ee8f

\Windows\system\UsLrHJj.exe

MD5 611bc781577a0b4b1c665d216663179b
SHA1 3d2180b18e995736fcc1fade900aa2c9dcb20b2c
SHA256 b948888c804dc6647262e0dd8475b8efc3ba0f78f81eb9941b8dc25cbc3826e6
SHA512 4ae1c9056e01dbfd95113c02dbf457f7787f2ad2226cc89239a5fdebce1af9ee0ae9315b4b62293af6322253d972e275774fdcc3f500ba50ff61472df94a5d57

\Windows\system\nktXhoy.exe

MD5 f51e534b854950a3a993d5e0e8b5325a
SHA1 e8908ca47e48e3d8d18aacb0daf49bc34ccb4fb3
SHA256 532fcd2157d10b9894c863801e08869a6add09e56b67fe71c09bc15d91dc3eb8
SHA512 6d212ccdea8ce166301b6c602cddf7bbf136bb11949b2425bce6a89e55dd1e955f36edbd02914510c1a01c870e6556e715c51a5197489ae0741a03e0d9a1b90a

\Windows\system\YMMhlAw.exe

MD5 c441d70180ebe0b037fac313a0e038f4
SHA1 eb8e5c77597f8156117b0b311b69186119504214
SHA256 d46f8fd00f944099892a3ebf6e69ddeca0713647311d0c08acecf165cfc2544e
SHA512 ad0ab26f18c721e49648e069b4920227512f8c30916e926655a5419367e94009d87441667938cdd8d8b11e106fd6eee02cd0a105b14a3a2487d6aee18e9ab3ad

C:\Windows\system\KLlaCkQ.exe

MD5 436ae666cf71fe18817efa1557ed76e5
SHA1 78c6009b10d0c78f9ceccb5e691864b5092dbff9
SHA256 f37703f369c511411716396b291c8000ad2617d6000f387a280b48b5da38f5e6
SHA512 107cc0e9b2efb8d5b7f84e27deb54f6543df53402af799696499e4b1fe02a094260ea7dbbe79639cfa274658bff4dfb6a4f6e12d8cb105274e5663eb59f884c8

\Windows\system\VKWzbCT.exe

MD5 86de9efdb45157d08f09ccafcc72c8d7
SHA1 9bbaa86392fb8124b0cca8e8f34757479f6edd7a
SHA256 5ef3fdeda134a810f45d1a0e2588eb0b37a6432b210ad1c9f2d318e4b2608e5a
SHA512 322ca8df2b237c228b49061b9b9b3d6be2427a5ae15e14e94f0b74483870de85341e0054fa6dfbee2d7dcf6644fe9e1d60c9d37743ab9f77779833a36c3bbb3d

\Windows\system\LZhdaMD.exe

MD5 48564c946671c54f058ead76458a7c05
SHA1 1c220172fde04ae6cb691b708671f91ec0034762
SHA256 255cf19f0d2e995943fb6d3056717226e9af7da5d288b4fcc2b8169751f552a9
SHA512 8e117c5dfd79364cca8001cfee5cdcef4fccf167ad688d023785cb2b3bd9bd37819f8407615fb3f5f5abb2a9c513c3ed671048844653b0909bbccaaed3a1de77

\Windows\system\JJgSCig.exe

MD5 4fdee68d0a3e1416fd5810ad69f19428
SHA1 c96db5aa9cbbea1795e5ebb6a45bf8d10db6f4a4
SHA256 5180ef4e8dc9db97e70b14a343178c7ebc23f309d360da85ae3abe888ee7f709
SHA512 68f60e57d2e0c68a8158e05993c432af01d91f2aba8bd0b7d479c6c6f5ebfd2abdc655d8cc729fd93ca810f0f50184a80eb2580a515377867de8ede51db1fc5d

memory/2604-593-0x000007FEF5610000-0x000007FEF5FAD000-memory.dmp

C:\Windows\system\QQCezzb.exe

MD5 263720e6cf6f350bd81790d088b25e6d
SHA1 5abedcfb05dcbf6faff141d52d70dea14b5b29a7
SHA256 4c8259eb988f9f87f4c4b6d9f4bd1ac7bcc5d8e580e83f0042ea3d88a8494c78
SHA512 7485726d781ff162ef92ea6364f8ec93eeaef564d1bd9a9e7eda799db112a6e2bdf2dbb99cb48358fdb0f4d50c6e0e10317e500f1ca76f5525e9f9acc3958ff1

C:\Windows\system\zFuyJTI.exe

MD5 4714423d64314bce10ac98a90c9015db
SHA1 af7ef48ea5ab2837a9bcde13a70b22576f68aa6f
SHA256 c18076633bf4df863f3897f209faf6ad6afc3adf1ef648ec2bae0f9112b43e6f
SHA512 8f2efe125227450eb797f0bc110501e25fbdc42d7a78c66b990a6d1ca1beeae012d42b312b72fad1ca726ba550aa55ed9d6cdcb0a3652cc0a38881e67824581b

C:\Windows\system\kLnsyay.exe

MD5 73d0da95e33f487e4ca7f846eb9ad6ed
SHA1 e3fe34eae0eb310fe9d1265888f21bb24bbbb36a
SHA256 b1cb105130759ec4c19b9c1613906b056ec466e9e8e785b88c755ed7a430951e
SHA512 081b560c28f459ec7cff144cc1c8bd16dab7af25e7c2190bad9c0a146f5c8a1fb06a519571cd0a153a65183aea54ee1d95771be39b3f963dce80fa330206b47c

C:\Windows\system\EofaHlU.exe

MD5 6f4b49b5361a0d99b3dfa954e07e4fc3
SHA1 ec4d39fd9a90ecae5218dbadf0f32ed6435cb7a2
SHA256 22ea22a3f7e07dd881ed67c6a0ff8ed6169738b3a679181990a119f3bc99c6e7
SHA512 178a190ee07eeeaa02faa034813ae9df4335ca24fbc2743e230007a397d5f434e331e706b97a100e18f6593b774ee464f9484257de4752ba44bb9125230b175a

C:\Windows\system\jqGLlaL.exe

MD5 8d0c53c0ca668cb37ae8428fd57842b3
SHA1 1f30d50e9d2cd3dc8028eb7101002e9b20758c4b
SHA256 6fe6ae498f3c77da2b0a644eafc216208e63a1c3545c780c132513975e6635af
SHA512 269e2c906df1ca1e43583c0b7cf438cef25cb6f91b94438e8c5f78a779079abc09a2822e5d1c0f0a1c9c819e9fadb1083fd604a42fe6f4517c2135a561226ab5

memory/1972-98-0x000000013F9B0000-0x000000013FDA2000-memory.dmp

memory/1972-96-0x000000013FFB0000-0x00000001403A2000-memory.dmp

memory/1972-95-0x0000000002FE0000-0x00000000033D2000-memory.dmp

memory/1972-86-0x000000013FA40000-0x000000013FE32000-memory.dmp

memory/1972-84-0x000000013FA30000-0x000000013FE22000-memory.dmp

memory/1972-77-0x000000013F520000-0x000000013F912000-memory.dmp

memory/2492-76-0x000000013F6F0000-0x000000013FAE2000-memory.dmp

memory/1972-75-0x000000013F6F0000-0x000000013FAE2000-memory.dmp

memory/1972-71-0x00000000037D0000-0x0000000003BC2000-memory.dmp

memory/2532-64-0x000000013F440000-0x000000013F832000-memory.dmp

memory/2604-51-0x000007FEF5610000-0x000007FEF5FAD000-memory.dmp

C:\Windows\system\BIFKcgY.exe

MD5 360672b9a0ea293d99eb4bb97c2afbcf
SHA1 86dbfbd0eb7cfbacab9ddf24b47bac70ea5cc0db
SHA256 e1de97e3b890bfad405ba995a20e132de0c829ae90fb7579412e4afa9a79bce9
SHA512 7a0142ad9732d351987c12ff34e78006fca29530ef9407540ba6545469e324062452b7da046d7da52ee854509ae8a13919fb46fbfd618de86ab4efa219bfbc58

C:\Windows\system\GGMelui.exe

MD5 26189fb4930d9aa682a53aaf2b16892b
SHA1 87aab5c1f36b713c74d28dceb5ef9bb3d4efc149
SHA256 416dbd8a987db4dadd84e1b38013f383672e6c5079a5fbcc362c262a339ad152
SHA512 575ae5a251f8c37f0dafb22854f9ffd23a20ba638b2e83c129276c0c7a1c32e677579c565dee451dc968162a7d3e3ea2cfb743317bfe169ab36b14fc6802593d

C:\Windows\system\KWNyAOL.exe

MD5 6369beaaa321f674628e0d8b97b7a3e5
SHA1 5a89d92302bc731071131914f8e0cc759056ffaf
SHA256 53862f1aa9f203e565bde72a7afbc4657433dc2323f6cfa4abb813b63b175a22
SHA512 a7e48d31f33c5aae8a0d1e02b13dafb455df0554df4bc6bc10a9c034b7cb840c1b8ca5eef5da83110ab19e54ea99a4fe4b5fd96791d1e275ddd43887e36a48a2

memory/1972-1118-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/2636-3228-0x000000013F560000-0x000000013F952000-memory.dmp

memory/2920-3237-0x000000013FA90000-0x000000013FE82000-memory.dmp

memory/2676-3590-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

memory/2532-3602-0x000000013F440000-0x000000013F832000-memory.dmp

memory/2432-3608-0x000000013F430000-0x000000013F822000-memory.dmp

memory/1636-3604-0x000000013FA40000-0x000000013FE32000-memory.dmp

memory/2884-3630-0x000000013F520000-0x000000013F912000-memory.dmp

memory/1556-3643-0x000000013FA30000-0x000000013FE22000-memory.dmp

memory/2644-3644-0x000000013F370000-0x000000013F762000-memory.dmp

memory/2492-3645-0x000000013F6F0000-0x000000013FAE2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 13:23

Reported

2024-05-25 13:33

Platform

win10v2004-20240508-en

Max time kernel

118s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\OfNtQDC.exe N/A
N/A N/A C:\Windows\System\LesvqYp.exe N/A
N/A N/A C:\Windows\System\iPKZFQf.exe N/A
N/A N/A C:\Windows\System\GgEWajW.exe N/A
N/A N/A C:\Windows\System\SzZwpxT.exe N/A
N/A N/A C:\Windows\System\bbRBRkc.exe N/A
N/A N/A C:\Windows\System\qdLAeLq.exe N/A
N/A N/A C:\Windows\System\RcGQAtB.exe N/A
N/A N/A C:\Windows\System\nALLrsN.exe N/A
N/A N/A C:\Windows\System\IuAjMaS.exe N/A
N/A N/A C:\Windows\System\rVZharl.exe N/A
N/A N/A C:\Windows\System\fkcbjTQ.exe N/A
N/A N/A C:\Windows\System\oyllmfh.exe N/A
N/A N/A C:\Windows\System\tPtZnGn.exe N/A
N/A N/A C:\Windows\System\hsjGtJz.exe N/A
N/A N/A C:\Windows\System\EUUkmaX.exe N/A
N/A N/A C:\Windows\System\sNITUvN.exe N/A
N/A N/A C:\Windows\System\QQZfYLN.exe N/A
N/A N/A C:\Windows\System\YTzSitQ.exe N/A
N/A N/A C:\Windows\System\hBoHMMb.exe N/A
N/A N/A C:\Windows\System\MLxpzLw.exe N/A
N/A N/A C:\Windows\System\UIPgSWw.exe N/A
N/A N/A C:\Windows\System\pTHeuyK.exe N/A
N/A N/A C:\Windows\System\EWqoNfD.exe N/A
N/A N/A C:\Windows\System\sVOkVrb.exe N/A
N/A N/A C:\Windows\System\qsnEWsT.exe N/A
N/A N/A C:\Windows\System\bUnFhWV.exe N/A
N/A N/A C:\Windows\System\AqTttUc.exe N/A
N/A N/A C:\Windows\System\EbGAORs.exe N/A
N/A N/A C:\Windows\System\RYYEFns.exe N/A
N/A N/A C:\Windows\System\BZqkbLh.exe N/A
N/A N/A C:\Windows\System\CFCNYql.exe N/A
N/A N/A C:\Windows\System\rSftplB.exe N/A
N/A N/A C:\Windows\System\voGfNbb.exe N/A
N/A N/A C:\Windows\System\NcoJxoZ.exe N/A
N/A N/A C:\Windows\System\QNeVrrV.exe N/A
N/A N/A C:\Windows\System\JtqojEn.exe N/A
N/A N/A C:\Windows\System\GDcqPYT.exe N/A
N/A N/A C:\Windows\System\aNKUSzR.exe N/A
N/A N/A C:\Windows\System\gHHFkZT.exe N/A
N/A N/A C:\Windows\System\YzBjCHl.exe N/A
N/A N/A C:\Windows\System\AhWMVDk.exe N/A
N/A N/A C:\Windows\System\DUXrkfp.exe N/A
N/A N/A C:\Windows\System\mmzBzdq.exe N/A
N/A N/A C:\Windows\System\WjkQNvi.exe N/A
N/A N/A C:\Windows\System\WVAVyTY.exe N/A
N/A N/A C:\Windows\System\XMnNYJo.exe N/A
N/A N/A C:\Windows\System\CeDxsqQ.exe N/A
N/A N/A C:\Windows\System\bnFoxhb.exe N/A
N/A N/A C:\Windows\System\VeeWypi.exe N/A
N/A N/A C:\Windows\System\bVRCSnm.exe N/A
N/A N/A C:\Windows\System\hqENjmo.exe N/A
N/A N/A C:\Windows\System\JSwaIpp.exe N/A
N/A N/A C:\Windows\System\mqJpIkm.exe N/A
N/A N/A C:\Windows\System\yRbXoCu.exe N/A
N/A N/A C:\Windows\System\rJCFLbV.exe N/A
N/A N/A C:\Windows\System\Harnshi.exe N/A
N/A N/A C:\Windows\System\kmlHESK.exe N/A
N/A N/A C:\Windows\System\cxpelFk.exe N/A
N/A N/A C:\Windows\System\RZdeuQC.exe N/A
N/A N/A C:\Windows\System\SjMOIpF.exe N/A
N/A N/A C:\Windows\System\botYvAC.exe N/A
N/A N/A C:\Windows\System\siRqyyt.exe N/A
N/A N/A C:\Windows\System\qJdgqyD.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NfHSxSr.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\NfrTGUW.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\MDCcDkZ.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvHwtrc.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\shJZgCp.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzdWNjm.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjTTwQn.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZltBiq.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\hGiMgBt.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\bWiTWyn.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\giCcvUd.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJQdhvh.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\OGvUcSU.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNKUSzR.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\oKqdGvb.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYlAJij.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\todWZmg.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZMWxrE.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgJlfgf.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyRuHwn.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\iNbCMtc.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\OKeDKnB.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRQhcKo.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\JReUXTr.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\VAcuVIu.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\sMbhIBT.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVgUrIv.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\CoyQMjG.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\OUwwegY.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKvBWjc.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\cEAiIKw.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\aXQBpRB.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\wRDcpDW.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\mERaVFC.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\WbBqGzt.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\BRokeTi.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\RsWJdBi.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\TltFfmS.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\QWarnVY.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZqadNc.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZgpIjZ.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\xjSqFvJ.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\GcdnHoB.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\WovkRJo.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqFsRfJ.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxFBDlk.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\RaXMznr.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\utUwSBe.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\peSPKYX.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\ihLCmld.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\sNPViVX.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\sUVnFrk.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\aeZtXqi.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZpoNBCU.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\JJHDqio.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\voACFeR.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFdOXdm.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\txvcnRj.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\TYaBBME.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\CabKhlm.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\ommDfje.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\jmFhwwO.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\AxAntna.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
File created C:\Windows\System\pKlQBsd.exe C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1812 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1812 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1812 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\OfNtQDC.exe
PID 1812 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\OfNtQDC.exe
PID 1812 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\LesvqYp.exe
PID 1812 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\LesvqYp.exe
PID 1812 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\iPKZFQf.exe
PID 1812 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\iPKZFQf.exe
PID 1812 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\SzZwpxT.exe
PID 1812 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\SzZwpxT.exe
PID 1812 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\GgEWajW.exe
PID 1812 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\GgEWajW.exe
PID 1812 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\bbRBRkc.exe
PID 1812 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\bbRBRkc.exe
PID 1812 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\qdLAeLq.exe
PID 1812 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\qdLAeLq.exe
PID 1812 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\RcGQAtB.exe
PID 1812 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\RcGQAtB.exe
PID 1812 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\IuAjMaS.exe
PID 1812 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\IuAjMaS.exe
PID 1812 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\nALLrsN.exe
PID 1812 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\nALLrsN.exe
PID 1812 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\rVZharl.exe
PID 1812 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\rVZharl.exe
PID 1812 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\fkcbjTQ.exe
PID 1812 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\fkcbjTQ.exe
PID 1812 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\oyllmfh.exe
PID 1812 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\oyllmfh.exe
PID 1812 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\tPtZnGn.exe
PID 1812 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\tPtZnGn.exe
PID 1812 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\hsjGtJz.exe
PID 1812 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\hsjGtJz.exe
PID 1812 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\EUUkmaX.exe
PID 1812 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\EUUkmaX.exe
PID 1812 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\sNITUvN.exe
PID 1812 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\sNITUvN.exe
PID 1812 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\QQZfYLN.exe
PID 1812 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\QQZfYLN.exe
PID 1812 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\YTzSitQ.exe
PID 1812 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\YTzSitQ.exe
PID 1812 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\hBoHMMb.exe
PID 1812 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\hBoHMMb.exe
PID 1812 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\MLxpzLw.exe
PID 1812 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\MLxpzLw.exe
PID 1812 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\UIPgSWw.exe
PID 1812 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\UIPgSWw.exe
PID 1812 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\pTHeuyK.exe
PID 1812 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\pTHeuyK.exe
PID 1812 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\EWqoNfD.exe
PID 1812 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\EWqoNfD.exe
PID 1812 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\sVOkVrb.exe
PID 1812 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\sVOkVrb.exe
PID 1812 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\qsnEWsT.exe
PID 1812 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\qsnEWsT.exe
PID 1812 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\bUnFhWV.exe
PID 1812 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\bUnFhWV.exe
PID 1812 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\AqTttUc.exe
PID 1812 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\AqTttUc.exe
PID 1812 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\EbGAORs.exe
PID 1812 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\EbGAORs.exe
PID 1812 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\RYYEFns.exe
PID 1812 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\RYYEFns.exe
PID 1812 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\BZqkbLh.exe
PID 1812 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe C:\Windows\System\BZqkbLh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\185942d8adb38a532ca50daf7c592180_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\OfNtQDC.exe

C:\Windows\System\OfNtQDC.exe

C:\Windows\System\LesvqYp.exe

C:\Windows\System\LesvqYp.exe

C:\Windows\System\iPKZFQf.exe

C:\Windows\System\iPKZFQf.exe

C:\Windows\System\SzZwpxT.exe

C:\Windows\System\SzZwpxT.exe

C:\Windows\System\GgEWajW.exe

C:\Windows\System\GgEWajW.exe

C:\Windows\System\bbRBRkc.exe

C:\Windows\System\bbRBRkc.exe

C:\Windows\System\qdLAeLq.exe

C:\Windows\System\qdLAeLq.exe

C:\Windows\System\RcGQAtB.exe

C:\Windows\System\RcGQAtB.exe

C:\Windows\System\IuAjMaS.exe

C:\Windows\System\IuAjMaS.exe

C:\Windows\System\nALLrsN.exe

C:\Windows\System\nALLrsN.exe

C:\Windows\System\rVZharl.exe

C:\Windows\System\rVZharl.exe

C:\Windows\System\fkcbjTQ.exe

C:\Windows\System\fkcbjTQ.exe

C:\Windows\System\oyllmfh.exe

C:\Windows\System\oyllmfh.exe

C:\Windows\System\tPtZnGn.exe

C:\Windows\System\tPtZnGn.exe

C:\Windows\System\hsjGtJz.exe

C:\Windows\System\hsjGtJz.exe

C:\Windows\System\EUUkmaX.exe

C:\Windows\System\EUUkmaX.exe

C:\Windows\System\sNITUvN.exe

C:\Windows\System\sNITUvN.exe

C:\Windows\System\QQZfYLN.exe

C:\Windows\System\QQZfYLN.exe

C:\Windows\System\YTzSitQ.exe

C:\Windows\System\YTzSitQ.exe

C:\Windows\System\hBoHMMb.exe

C:\Windows\System\hBoHMMb.exe

C:\Windows\System\MLxpzLw.exe

C:\Windows\System\MLxpzLw.exe

C:\Windows\System\UIPgSWw.exe

C:\Windows\System\UIPgSWw.exe

C:\Windows\System\pTHeuyK.exe

C:\Windows\System\pTHeuyK.exe

C:\Windows\System\EWqoNfD.exe

C:\Windows\System\EWqoNfD.exe

C:\Windows\System\sVOkVrb.exe

C:\Windows\System\sVOkVrb.exe

C:\Windows\System\qsnEWsT.exe

C:\Windows\System\qsnEWsT.exe

C:\Windows\System\bUnFhWV.exe

C:\Windows\System\bUnFhWV.exe

C:\Windows\System\AqTttUc.exe

C:\Windows\System\AqTttUc.exe

C:\Windows\System\EbGAORs.exe

C:\Windows\System\EbGAORs.exe

C:\Windows\System\RYYEFns.exe

C:\Windows\System\RYYEFns.exe

C:\Windows\System\BZqkbLh.exe

C:\Windows\System\BZqkbLh.exe

C:\Windows\System\CFCNYql.exe

C:\Windows\System\CFCNYql.exe

C:\Windows\System\rSftplB.exe

C:\Windows\System\rSftplB.exe

C:\Windows\System\voGfNbb.exe

C:\Windows\System\voGfNbb.exe

C:\Windows\System\NcoJxoZ.exe

C:\Windows\System\NcoJxoZ.exe

C:\Windows\System\QNeVrrV.exe

C:\Windows\System\QNeVrrV.exe

C:\Windows\System\JtqojEn.exe

C:\Windows\System\JtqojEn.exe

C:\Windows\System\GDcqPYT.exe

C:\Windows\System\GDcqPYT.exe

C:\Windows\System\aNKUSzR.exe

C:\Windows\System\aNKUSzR.exe

C:\Windows\System\gHHFkZT.exe

C:\Windows\System\gHHFkZT.exe

C:\Windows\System\YzBjCHl.exe

C:\Windows\System\YzBjCHl.exe

C:\Windows\System\AhWMVDk.exe

C:\Windows\System\AhWMVDk.exe

C:\Windows\System\DUXrkfp.exe

C:\Windows\System\DUXrkfp.exe

C:\Windows\System\mmzBzdq.exe

C:\Windows\System\mmzBzdq.exe

C:\Windows\System\WjkQNvi.exe

C:\Windows\System\WjkQNvi.exe

C:\Windows\System\WVAVyTY.exe

C:\Windows\System\WVAVyTY.exe

C:\Windows\System\XMnNYJo.exe

C:\Windows\System\XMnNYJo.exe

C:\Windows\System\CeDxsqQ.exe

C:\Windows\System\CeDxsqQ.exe

C:\Windows\System\bnFoxhb.exe

C:\Windows\System\bnFoxhb.exe

C:\Windows\System\VeeWypi.exe

C:\Windows\System\VeeWypi.exe

C:\Windows\System\bVRCSnm.exe

C:\Windows\System\bVRCSnm.exe

C:\Windows\System\hqENjmo.exe

C:\Windows\System\hqENjmo.exe

C:\Windows\System\JSwaIpp.exe

C:\Windows\System\JSwaIpp.exe

C:\Windows\System\mqJpIkm.exe

C:\Windows\System\mqJpIkm.exe

C:\Windows\System\yRbXoCu.exe

C:\Windows\System\yRbXoCu.exe

C:\Windows\System\rJCFLbV.exe

C:\Windows\System\rJCFLbV.exe

C:\Windows\System\Harnshi.exe

C:\Windows\System\Harnshi.exe

C:\Windows\System\kmlHESK.exe

C:\Windows\System\kmlHESK.exe

C:\Windows\System\cxpelFk.exe

C:\Windows\System\cxpelFk.exe

C:\Windows\System\RZdeuQC.exe

C:\Windows\System\RZdeuQC.exe

C:\Windows\System\SjMOIpF.exe

C:\Windows\System\SjMOIpF.exe

C:\Windows\System\botYvAC.exe

C:\Windows\System\botYvAC.exe

C:\Windows\System\siRqyyt.exe

C:\Windows\System\siRqyyt.exe

C:\Windows\System\qJdgqyD.exe

C:\Windows\System\qJdgqyD.exe

C:\Windows\System\RbMDMSG.exe

C:\Windows\System\RbMDMSG.exe

C:\Windows\System\lNjWCGo.exe

C:\Windows\System\lNjWCGo.exe

C:\Windows\System\olVNbmj.exe

C:\Windows\System\olVNbmj.exe

C:\Windows\System\qTRbeAZ.exe

C:\Windows\System\qTRbeAZ.exe

C:\Windows\System\RoKlKLG.exe

C:\Windows\System\RoKlKLG.exe

C:\Windows\System\HQCfWSI.exe

C:\Windows\System\HQCfWSI.exe

C:\Windows\System\LlOQHKR.exe

C:\Windows\System\LlOQHKR.exe

C:\Windows\System\ZUgpvwo.exe

C:\Windows\System\ZUgpvwo.exe

C:\Windows\System\yimWSwg.exe

C:\Windows\System\yimWSwg.exe

C:\Windows\System\IylGnZX.exe

C:\Windows\System\IylGnZX.exe

C:\Windows\System\AVsQWzG.exe

C:\Windows\System\AVsQWzG.exe

C:\Windows\System\MQsLTCm.exe

C:\Windows\System\MQsLTCm.exe

C:\Windows\System\ZWqljAw.exe

C:\Windows\System\ZWqljAw.exe

C:\Windows\System\dArTdkV.exe

C:\Windows\System\dArTdkV.exe

C:\Windows\System\YaUOGvO.exe

C:\Windows\System\YaUOGvO.exe

C:\Windows\System\qPNbVud.exe

C:\Windows\System\qPNbVud.exe

C:\Windows\System\NXrffTV.exe

C:\Windows\System\NXrffTV.exe

C:\Windows\System\iofToTw.exe

C:\Windows\System\iofToTw.exe

C:\Windows\System\iYoIZEi.exe

C:\Windows\System\iYoIZEi.exe

C:\Windows\System\sFpmNwW.exe

C:\Windows\System\sFpmNwW.exe

C:\Windows\System\ByOnVtS.exe

C:\Windows\System\ByOnVtS.exe

C:\Windows\System\nvHENAs.exe

C:\Windows\System\nvHENAs.exe

C:\Windows\System\RJTCCZy.exe

C:\Windows\System\RJTCCZy.exe

C:\Windows\System\LaUtXpz.exe

C:\Windows\System\LaUtXpz.exe

C:\Windows\System\uXJBDuK.exe

C:\Windows\System\uXJBDuK.exe

C:\Windows\System\mudZrUH.exe

C:\Windows\System\mudZrUH.exe

C:\Windows\System\AxDSZuc.exe

C:\Windows\System\AxDSZuc.exe

C:\Windows\System\UdHPFMD.exe

C:\Windows\System\UdHPFMD.exe

C:\Windows\System\kEjhOdn.exe

C:\Windows\System\kEjhOdn.exe

C:\Windows\System\QHLQyOT.exe

C:\Windows\System\QHLQyOT.exe

C:\Windows\System\FkOByNk.exe

C:\Windows\System\FkOByNk.exe

C:\Windows\System\SzdWNjm.exe

C:\Windows\System\SzdWNjm.exe

C:\Windows\System\JfYJoni.exe

C:\Windows\System\JfYJoni.exe

C:\Windows\System\liOdaoV.exe

C:\Windows\System\liOdaoV.exe

C:\Windows\System\idFobhp.exe

C:\Windows\System\idFobhp.exe

C:\Windows\System\eezeKjx.exe

C:\Windows\System\eezeKjx.exe

C:\Windows\System\NKgTaRb.exe

C:\Windows\System\NKgTaRb.exe

C:\Windows\System\tGeVSrt.exe

C:\Windows\System\tGeVSrt.exe

C:\Windows\System\TwZIUiz.exe

C:\Windows\System\TwZIUiz.exe

C:\Windows\System\TlzRHLZ.exe

C:\Windows\System\TlzRHLZ.exe

C:\Windows\System\HjyWZYz.exe

C:\Windows\System\HjyWZYz.exe

C:\Windows\System\CeIYBdv.exe

C:\Windows\System\CeIYBdv.exe

C:\Windows\System\KwijiJi.exe

C:\Windows\System\KwijiJi.exe

C:\Windows\System\riywAxg.exe

C:\Windows\System\riywAxg.exe

C:\Windows\System\eBPbnfw.exe

C:\Windows\System\eBPbnfw.exe

C:\Windows\System\CNhidpa.exe

C:\Windows\System\CNhidpa.exe

C:\Windows\System\DTIBkOF.exe

C:\Windows\System\DTIBkOF.exe

C:\Windows\System\wRDcpDW.exe

C:\Windows\System\wRDcpDW.exe

C:\Windows\System\SpNFkOw.exe

C:\Windows\System\SpNFkOw.exe

C:\Windows\System\iLSkuZs.exe

C:\Windows\System\iLSkuZs.exe

C:\Windows\System\JEovVJw.exe

C:\Windows\System\JEovVJw.exe

C:\Windows\System\fjjeTYG.exe

C:\Windows\System\fjjeTYG.exe

C:\Windows\System\zOBkZnI.exe

C:\Windows\System\zOBkZnI.exe

C:\Windows\System\ffOqWow.exe

C:\Windows\System\ffOqWow.exe

C:\Windows\System\SDGuCFx.exe

C:\Windows\System\SDGuCFx.exe

C:\Windows\System\lHSdZMg.exe

C:\Windows\System\lHSdZMg.exe

C:\Windows\System\tEsYnIx.exe

C:\Windows\System\tEsYnIx.exe

C:\Windows\System\pgzIHAS.exe

C:\Windows\System\pgzIHAS.exe

C:\Windows\System\rahnEeb.exe

C:\Windows\System\rahnEeb.exe

C:\Windows\System\eXpDyNV.exe

C:\Windows\System\eXpDyNV.exe

C:\Windows\System\dFHRtIj.exe

C:\Windows\System\dFHRtIj.exe

C:\Windows\System\WeSIKXd.exe

C:\Windows\System\WeSIKXd.exe

C:\Windows\System\fjCVhDC.exe

C:\Windows\System\fjCVhDC.exe

C:\Windows\System\aLAGlVg.exe

C:\Windows\System\aLAGlVg.exe

C:\Windows\System\Rshwjqh.exe

C:\Windows\System\Rshwjqh.exe

C:\Windows\System\HNRuvXR.exe

C:\Windows\System\HNRuvXR.exe

C:\Windows\System\xATmKWR.exe

C:\Windows\System\xATmKWR.exe

C:\Windows\System\CGrFpGH.exe

C:\Windows\System\CGrFpGH.exe

C:\Windows\System\axkUvUT.exe

C:\Windows\System\axkUvUT.exe

C:\Windows\System\YoIgBwc.exe

C:\Windows\System\YoIgBwc.exe

C:\Windows\System\APwQWlH.exe

C:\Windows\System\APwQWlH.exe

C:\Windows\System\kAazKOx.exe

C:\Windows\System\kAazKOx.exe

C:\Windows\System\qAFgfxu.exe

C:\Windows\System\qAFgfxu.exe

C:\Windows\System\rTyyNsb.exe

C:\Windows\System\rTyyNsb.exe

C:\Windows\System\oVOJLOQ.exe

C:\Windows\System\oVOJLOQ.exe

C:\Windows\System\KPZReeA.exe

C:\Windows\System\KPZReeA.exe

C:\Windows\System\pbXbxjI.exe

C:\Windows\System\pbXbxjI.exe

C:\Windows\System\JbnrNDn.exe

C:\Windows\System\JbnrNDn.exe

C:\Windows\System\CeSEZCl.exe

C:\Windows\System\CeSEZCl.exe

C:\Windows\System\qudasEM.exe

C:\Windows\System\qudasEM.exe

C:\Windows\System\funKwHM.exe

C:\Windows\System\funKwHM.exe

C:\Windows\System\GwSXQym.exe

C:\Windows\System\GwSXQym.exe

C:\Windows\System\DVkgFFX.exe

C:\Windows\System\DVkgFFX.exe

C:\Windows\System\VTdMtZm.exe

C:\Windows\System\VTdMtZm.exe

C:\Windows\System\sJbVoEX.exe

C:\Windows\System\sJbVoEX.exe

C:\Windows\System\OglOfds.exe

C:\Windows\System\OglOfds.exe

C:\Windows\System\NtNYlBh.exe

C:\Windows\System\NtNYlBh.exe

C:\Windows\System\IyqAJJs.exe

C:\Windows\System\IyqAJJs.exe

C:\Windows\System\owAWAMZ.exe

C:\Windows\System\owAWAMZ.exe

C:\Windows\System\BArOgnw.exe

C:\Windows\System\BArOgnw.exe

C:\Windows\System\wmnASkP.exe

C:\Windows\System\wmnASkP.exe

C:\Windows\System\hWtJrFi.exe

C:\Windows\System\hWtJrFi.exe

C:\Windows\System\fEczTzE.exe

C:\Windows\System\fEczTzE.exe

C:\Windows\System\TNfzGqV.exe

C:\Windows\System\TNfzGqV.exe

C:\Windows\System\uyotsIy.exe

C:\Windows\System\uyotsIy.exe

C:\Windows\System\zFgRavp.exe

C:\Windows\System\zFgRavp.exe

C:\Windows\System\eWSErtn.exe

C:\Windows\System\eWSErtn.exe

C:\Windows\System\akDvzzZ.exe

C:\Windows\System\akDvzzZ.exe

C:\Windows\System\eeVYqQV.exe

C:\Windows\System\eeVYqQV.exe

C:\Windows\System\ouduhsk.exe

C:\Windows\System\ouduhsk.exe

C:\Windows\System\syOXRkF.exe

C:\Windows\System\syOXRkF.exe

C:\Windows\System\FXJDpTb.exe

C:\Windows\System\FXJDpTb.exe

C:\Windows\System\AFBkFBV.exe

C:\Windows\System\AFBkFBV.exe

C:\Windows\System\ZDGGeMp.exe

C:\Windows\System\ZDGGeMp.exe

C:\Windows\System\vAwzYGB.exe

C:\Windows\System\vAwzYGB.exe

C:\Windows\System\zAQQAdE.exe

C:\Windows\System\zAQQAdE.exe

C:\Windows\System\HsMVJkB.exe

C:\Windows\System\HsMVJkB.exe

C:\Windows\System\BrCWcpt.exe

C:\Windows\System\BrCWcpt.exe

C:\Windows\System\SIKXZtz.exe

C:\Windows\System\SIKXZtz.exe

C:\Windows\System\uzMyPUo.exe

C:\Windows\System\uzMyPUo.exe

C:\Windows\System\FQftuuO.exe

C:\Windows\System\FQftuuO.exe

C:\Windows\System\Okjkyre.exe

C:\Windows\System\Okjkyre.exe

C:\Windows\System\ChSSdIF.exe

C:\Windows\System\ChSSdIF.exe

C:\Windows\System\BxWjDTJ.exe

C:\Windows\System\BxWjDTJ.exe

C:\Windows\System\uzypKIn.exe

C:\Windows\System\uzypKIn.exe

C:\Windows\System\SOPxOzr.exe

C:\Windows\System\SOPxOzr.exe

C:\Windows\System\zVpbKTe.exe

C:\Windows\System\zVpbKTe.exe

C:\Windows\System\NpgGvYN.exe

C:\Windows\System\NpgGvYN.exe

C:\Windows\System\iqzMiNM.exe

C:\Windows\System\iqzMiNM.exe

C:\Windows\System\RddykbM.exe

C:\Windows\System\RddykbM.exe

C:\Windows\System\AgzsZeD.exe

C:\Windows\System\AgzsZeD.exe

C:\Windows\System\qvZmvLJ.exe

C:\Windows\System\qvZmvLJ.exe

C:\Windows\System\AzUyPVc.exe

C:\Windows\System\AzUyPVc.exe

C:\Windows\System\fficuKL.exe

C:\Windows\System\fficuKL.exe

C:\Windows\System\joyaudT.exe

C:\Windows\System\joyaudT.exe

C:\Windows\System\RztKDvz.exe

C:\Windows\System\RztKDvz.exe

C:\Windows\System\apYaKrq.exe

C:\Windows\System\apYaKrq.exe

C:\Windows\System\tlreAZM.exe

C:\Windows\System\tlreAZM.exe

C:\Windows\System\FccUAWI.exe

C:\Windows\System\FccUAWI.exe

C:\Windows\System\mJjYRlM.exe

C:\Windows\System\mJjYRlM.exe

C:\Windows\System\MntFJIF.exe

C:\Windows\System\MntFJIF.exe

C:\Windows\System\PnuPehM.exe

C:\Windows\System\PnuPehM.exe

C:\Windows\System\atasEUK.exe

C:\Windows\System\atasEUK.exe

C:\Windows\System\aGYYPOQ.exe

C:\Windows\System\aGYYPOQ.exe

C:\Windows\System\xyLrIzd.exe

C:\Windows\System\xyLrIzd.exe

C:\Windows\System\FcvOSNn.exe

C:\Windows\System\FcvOSNn.exe

C:\Windows\System\WdyBfTI.exe

C:\Windows\System\WdyBfTI.exe

C:\Windows\System\hBPrfFZ.exe

C:\Windows\System\hBPrfFZ.exe

C:\Windows\System\fRUjono.exe

C:\Windows\System\fRUjono.exe

C:\Windows\System\ckZWbyR.exe

C:\Windows\System\ckZWbyR.exe

C:\Windows\System\IfEeDdG.exe

C:\Windows\System\IfEeDdG.exe

C:\Windows\System\BRcvERY.exe

C:\Windows\System\BRcvERY.exe

C:\Windows\System\SgJlfgf.exe

C:\Windows\System\SgJlfgf.exe

C:\Windows\System\xionMId.exe

C:\Windows\System\xionMId.exe

C:\Windows\System\JjeohnD.exe

C:\Windows\System\JjeohnD.exe

C:\Windows\System\EwYNtnd.exe

C:\Windows\System\EwYNtnd.exe

C:\Windows\System\nRwoOMc.exe

C:\Windows\System\nRwoOMc.exe

C:\Windows\System\SflJrGB.exe

C:\Windows\System\SflJrGB.exe

C:\Windows\System\dlzZUJp.exe

C:\Windows\System\dlzZUJp.exe

C:\Windows\System\CAIkHrz.exe

C:\Windows\System\CAIkHrz.exe

C:\Windows\System\BMxqiNP.exe

C:\Windows\System\BMxqiNP.exe

C:\Windows\System\gWIXpPv.exe

C:\Windows\System\gWIXpPv.exe

C:\Windows\System\nzWCLvc.exe

C:\Windows\System\nzWCLvc.exe

C:\Windows\System\vbFsjIT.exe

C:\Windows\System\vbFsjIT.exe

C:\Windows\System\ybiHThZ.exe

C:\Windows\System\ybiHThZ.exe

C:\Windows\System\jthlAiA.exe

C:\Windows\System\jthlAiA.exe

C:\Windows\System\kxoahbD.exe

C:\Windows\System\kxoahbD.exe

C:\Windows\System\jtFFByf.exe

C:\Windows\System\jtFFByf.exe

C:\Windows\System\DyHAxyF.exe

C:\Windows\System\DyHAxyF.exe

C:\Windows\System\APnpMsV.exe

C:\Windows\System\APnpMsV.exe

C:\Windows\System\NPBuEbg.exe

C:\Windows\System\NPBuEbg.exe

C:\Windows\System\RtDHJYu.exe

C:\Windows\System\RtDHJYu.exe

C:\Windows\System\kzhRCWg.exe

C:\Windows\System\kzhRCWg.exe

C:\Windows\System\YwGBapL.exe

C:\Windows\System\YwGBapL.exe

C:\Windows\System\JaLclZp.exe

C:\Windows\System\JaLclZp.exe

C:\Windows\System\BeJxabo.exe

C:\Windows\System\BeJxabo.exe

C:\Windows\System\SLfacIT.exe

C:\Windows\System\SLfacIT.exe

C:\Windows\System\lRJbize.exe

C:\Windows\System\lRJbize.exe

C:\Windows\System\DbUAUEK.exe

C:\Windows\System\DbUAUEK.exe

C:\Windows\System\aSpeNQa.exe

C:\Windows\System\aSpeNQa.exe

C:\Windows\System\DcSPMKi.exe

C:\Windows\System\DcSPMKi.exe

C:\Windows\System\nTBLyhr.exe

C:\Windows\System\nTBLyhr.exe

C:\Windows\System\UyAYjWg.exe

C:\Windows\System\UyAYjWg.exe

C:\Windows\System\TUshDjB.exe

C:\Windows\System\TUshDjB.exe

C:\Windows\System\qfQkbLu.exe

C:\Windows\System\qfQkbLu.exe

C:\Windows\System\OLGNQkI.exe

C:\Windows\System\OLGNQkI.exe

C:\Windows\System\LUtRsCq.exe

C:\Windows\System\LUtRsCq.exe

C:\Windows\System\rTCrEiK.exe

C:\Windows\System\rTCrEiK.exe

C:\Windows\System\hpMdGCM.exe

C:\Windows\System\hpMdGCM.exe

C:\Windows\System\xvQkUyY.exe

C:\Windows\System\xvQkUyY.exe

C:\Windows\System\mcpzUOR.exe

C:\Windows\System\mcpzUOR.exe

C:\Windows\System\XFkFjMi.exe

C:\Windows\System\XFkFjMi.exe

C:\Windows\System\zzWlFtf.exe

C:\Windows\System\zzWlFtf.exe

C:\Windows\System\sfRUTBV.exe

C:\Windows\System\sfRUTBV.exe

C:\Windows\System\PCfvCZu.exe

C:\Windows\System\PCfvCZu.exe

C:\Windows\System\FdGFsZk.exe

C:\Windows\System\FdGFsZk.exe

C:\Windows\System\ggXpOzy.exe

C:\Windows\System\ggXpOzy.exe

C:\Windows\System\IlIEkvJ.exe

C:\Windows\System\IlIEkvJ.exe

C:\Windows\System\cvwXsko.exe

C:\Windows\System\cvwXsko.exe

C:\Windows\System\JSCYjTR.exe

C:\Windows\System\JSCYjTR.exe

C:\Windows\System\yeUPmAq.exe

C:\Windows\System\yeUPmAq.exe

C:\Windows\System\DHheZQB.exe

C:\Windows\System\DHheZQB.exe

C:\Windows\System\aeMEoOP.exe

C:\Windows\System\aeMEoOP.exe

C:\Windows\System\BxpKXtQ.exe

C:\Windows\System\BxpKXtQ.exe

C:\Windows\System\mmPIdRe.exe

C:\Windows\System\mmPIdRe.exe

C:\Windows\System\lBPjHoh.exe

C:\Windows\System\lBPjHoh.exe

C:\Windows\System\NiryvCO.exe

C:\Windows\System\NiryvCO.exe

C:\Windows\System\RutzPYD.exe

C:\Windows\System\RutzPYD.exe

C:\Windows\System\fswlhqy.exe

C:\Windows\System\fswlhqy.exe

C:\Windows\System\xkQebfX.exe

C:\Windows\System\xkQebfX.exe

C:\Windows\System\aIdxFAh.exe

C:\Windows\System\aIdxFAh.exe

C:\Windows\System\VinJmVM.exe

C:\Windows\System\VinJmVM.exe

C:\Windows\System\ZteSuym.exe

C:\Windows\System\ZteSuym.exe

C:\Windows\System\zeaDvOi.exe

C:\Windows\System\zeaDvOi.exe

C:\Windows\System\RYgiWca.exe

C:\Windows\System\RYgiWca.exe

C:\Windows\System\joXJRMF.exe

C:\Windows\System\joXJRMF.exe

C:\Windows\System\uBbacPe.exe

C:\Windows\System\uBbacPe.exe

C:\Windows\System\WtkUUuv.exe

C:\Windows\System\WtkUUuv.exe

C:\Windows\System\YPpVTPd.exe

C:\Windows\System\YPpVTPd.exe

C:\Windows\System\xXRHbOV.exe

C:\Windows\System\xXRHbOV.exe

C:\Windows\System\yicOXVc.exe

C:\Windows\System\yicOXVc.exe

C:\Windows\System\wiwFcrQ.exe

C:\Windows\System\wiwFcrQ.exe

C:\Windows\System\uUzCEpB.exe

C:\Windows\System\uUzCEpB.exe

C:\Windows\System\TltFfmS.exe

C:\Windows\System\TltFfmS.exe

C:\Windows\System\DwmXedW.exe

C:\Windows\System\DwmXedW.exe

C:\Windows\System\yKAsokj.exe

C:\Windows\System\yKAsokj.exe

C:\Windows\System\LQlcBqK.exe

C:\Windows\System\LQlcBqK.exe

C:\Windows\System\XuaASPs.exe

C:\Windows\System\XuaASPs.exe

C:\Windows\System\sUVnFrk.exe

C:\Windows\System\sUVnFrk.exe

C:\Windows\System\Jzvsjna.exe

C:\Windows\System\Jzvsjna.exe

C:\Windows\System\ICNebxL.exe

C:\Windows\System\ICNebxL.exe

C:\Windows\System\gfgbKWd.exe

C:\Windows\System\gfgbKWd.exe

C:\Windows\System\ecvzMJr.exe

C:\Windows\System\ecvzMJr.exe

C:\Windows\System\vyRuHwn.exe

C:\Windows\System\vyRuHwn.exe

C:\Windows\System\QWarnVY.exe

C:\Windows\System\QWarnVY.exe

C:\Windows\System\nbSMMIB.exe

C:\Windows\System\nbSMMIB.exe

C:\Windows\System\aEwjyZc.exe

C:\Windows\System\aEwjyZc.exe

C:\Windows\System\fsDLBaO.exe

C:\Windows\System\fsDLBaO.exe

C:\Windows\System\BToGFUW.exe

C:\Windows\System\BToGFUW.exe

C:\Windows\System\WHYNWIF.exe

C:\Windows\System\WHYNWIF.exe

C:\Windows\System\tQjgmbQ.exe

C:\Windows\System\tQjgmbQ.exe

C:\Windows\System\MLQmLDR.exe

C:\Windows\System\MLQmLDR.exe

C:\Windows\System\UxCnUdX.exe

C:\Windows\System\UxCnUdX.exe

C:\Windows\System\ArBNyQG.exe

C:\Windows\System\ArBNyQG.exe

C:\Windows\System\OlweVmM.exe

C:\Windows\System\OlweVmM.exe

C:\Windows\System\bFQjPGD.exe

C:\Windows\System\bFQjPGD.exe

C:\Windows\System\olGKXFz.exe

C:\Windows\System\olGKXFz.exe

C:\Windows\System\JuefOCd.exe

C:\Windows\System\JuefOCd.exe

C:\Windows\System\BtyLPYy.exe

C:\Windows\System\BtyLPYy.exe

C:\Windows\System\BHNcPnb.exe

C:\Windows\System\BHNcPnb.exe

C:\Windows\System\gEuwasa.exe

C:\Windows\System\gEuwasa.exe

C:\Windows\System\UBKBKwS.exe

C:\Windows\System\UBKBKwS.exe

C:\Windows\System\fcdVkuu.exe

C:\Windows\System\fcdVkuu.exe

C:\Windows\System\NjEWQlZ.exe

C:\Windows\System\NjEWQlZ.exe

C:\Windows\System\YgNgrvR.exe

C:\Windows\System\YgNgrvR.exe

C:\Windows\System\uoODKgL.exe

C:\Windows\System\uoODKgL.exe

C:\Windows\System\BvWuPld.exe

C:\Windows\System\BvWuPld.exe

C:\Windows\System\WVHXvQw.exe

C:\Windows\System\WVHXvQw.exe

C:\Windows\System\DuZKBAo.exe

C:\Windows\System\DuZKBAo.exe

C:\Windows\System\WcwtNVG.exe

C:\Windows\System\WcwtNVG.exe

C:\Windows\System\SZiibWe.exe

C:\Windows\System\SZiibWe.exe

C:\Windows\System\vaMexEL.exe

C:\Windows\System\vaMexEL.exe

C:\Windows\System\nBCGmNb.exe

C:\Windows\System\nBCGmNb.exe

C:\Windows\System\aDQVqbr.exe

C:\Windows\System\aDQVqbr.exe

C:\Windows\System\ONFbkhy.exe

C:\Windows\System\ONFbkhy.exe

C:\Windows\System\HybMWVI.exe

C:\Windows\System\HybMWVI.exe

C:\Windows\System\zmeeHaR.exe

C:\Windows\System\zmeeHaR.exe

C:\Windows\System\GNSdmsK.exe

C:\Windows\System\GNSdmsK.exe

C:\Windows\System\TJoByHR.exe

C:\Windows\System\TJoByHR.exe

C:\Windows\System\HCmvtrK.exe

C:\Windows\System\HCmvtrK.exe

C:\Windows\System\CubglTU.exe

C:\Windows\System\CubglTU.exe

C:\Windows\System\oMIJmOy.exe

C:\Windows\System\oMIJmOy.exe

C:\Windows\System\mUTyMSD.exe

C:\Windows\System\mUTyMSD.exe

C:\Windows\System\PQZQcjB.exe

C:\Windows\System\PQZQcjB.exe

C:\Windows\System\wESkKuO.exe

C:\Windows\System\wESkKuO.exe

C:\Windows\System\VkTthqJ.exe

C:\Windows\System\VkTthqJ.exe

C:\Windows\System\lCAeQnR.exe

C:\Windows\System\lCAeQnR.exe

C:\Windows\System\KfIPdLf.exe

C:\Windows\System\KfIPdLf.exe

C:\Windows\System\tBonKGH.exe

C:\Windows\System\tBonKGH.exe

C:\Windows\System\dGcfyTB.exe

C:\Windows\System\dGcfyTB.exe

C:\Windows\System\HDhuHuf.exe

C:\Windows\System\HDhuHuf.exe

C:\Windows\System\mJvTVLI.exe

C:\Windows\System\mJvTVLI.exe

C:\Windows\System\cRbeZPb.exe

C:\Windows\System\cRbeZPb.exe

C:\Windows\System\xQnHtDE.exe

C:\Windows\System\xQnHtDE.exe

C:\Windows\System\PYrphkZ.exe

C:\Windows\System\PYrphkZ.exe

C:\Windows\System\GqYlrUq.exe

C:\Windows\System\GqYlrUq.exe

C:\Windows\System\VMXXNLu.exe

C:\Windows\System\VMXXNLu.exe

C:\Windows\System\QVrlccd.exe

C:\Windows\System\QVrlccd.exe

C:\Windows\System\hbhapNo.exe

C:\Windows\System\hbhapNo.exe

C:\Windows\System\rXNCxeJ.exe

C:\Windows\System\rXNCxeJ.exe

C:\Windows\System\AoGqJZU.exe

C:\Windows\System\AoGqJZU.exe

C:\Windows\System\uBfBtkq.exe

C:\Windows\System\uBfBtkq.exe

C:\Windows\System\vCjFUkU.exe

C:\Windows\System\vCjFUkU.exe

C:\Windows\System\HmKLdpo.exe

C:\Windows\System\HmKLdpo.exe

C:\Windows\System\amovmBd.exe

C:\Windows\System\amovmBd.exe

C:\Windows\System\JHZzyem.exe

C:\Windows\System\JHZzyem.exe

C:\Windows\System\EYaQaQN.exe

C:\Windows\System\EYaQaQN.exe

C:\Windows\System\YIrAGCr.exe

C:\Windows\System\YIrAGCr.exe

C:\Windows\System\MHRvhrE.exe

C:\Windows\System\MHRvhrE.exe

C:\Windows\System\rFdOXdm.exe

C:\Windows\System\rFdOXdm.exe

C:\Windows\System\RBnKTLx.exe

C:\Windows\System\RBnKTLx.exe

C:\Windows\System\sWjADXA.exe

C:\Windows\System\sWjADXA.exe

C:\Windows\System\kUsdaNo.exe

C:\Windows\System\kUsdaNo.exe

C:\Windows\System\TWcNIgy.exe

C:\Windows\System\TWcNIgy.exe

C:\Windows\System\IIsYGyJ.exe

C:\Windows\System\IIsYGyJ.exe

C:\Windows\System\WOviZjW.exe

C:\Windows\System\WOviZjW.exe

C:\Windows\System\hZNOyHU.exe

C:\Windows\System\hZNOyHU.exe

C:\Windows\System\QBdtbfM.exe

C:\Windows\System\QBdtbfM.exe

C:\Windows\System\gZZDRMV.exe

C:\Windows\System\gZZDRMV.exe

C:\Windows\System\ixKurOg.exe

C:\Windows\System\ixKurOg.exe

C:\Windows\System\zAwCXlX.exe

C:\Windows\System\zAwCXlX.exe

C:\Windows\System\DTZpcpK.exe

C:\Windows\System\DTZpcpK.exe

C:\Windows\System\scyEiFq.exe

C:\Windows\System\scyEiFq.exe

C:\Windows\System\iyMDehs.exe

C:\Windows\System\iyMDehs.exe

C:\Windows\System\abQavum.exe

C:\Windows\System\abQavum.exe

C:\Windows\System\jXxPsBv.exe

C:\Windows\System\jXxPsBv.exe

C:\Windows\System\PAOzCFm.exe

C:\Windows\System\PAOzCFm.exe

C:\Windows\System\GcdnHoB.exe

C:\Windows\System\GcdnHoB.exe

C:\Windows\System\YMhHCVj.exe

C:\Windows\System\YMhHCVj.exe

C:\Windows\System\KxFBDlk.exe

C:\Windows\System\KxFBDlk.exe

C:\Windows\System\bAzBDyj.exe

C:\Windows\System\bAzBDyj.exe

C:\Windows\System\OPWvweJ.exe

C:\Windows\System\OPWvweJ.exe

C:\Windows\System\sEpjbDh.exe

C:\Windows\System\sEpjbDh.exe

C:\Windows\System\KnYmeDt.exe

C:\Windows\System\KnYmeDt.exe

C:\Windows\System\fXEwwof.exe

C:\Windows\System\fXEwwof.exe

C:\Windows\System\CUKtQJZ.exe

C:\Windows\System\CUKtQJZ.exe

C:\Windows\System\hUYuNFs.exe

C:\Windows\System\hUYuNFs.exe

C:\Windows\System\oXAxHrA.exe

C:\Windows\System\oXAxHrA.exe

C:\Windows\System\ceEyRSm.exe

C:\Windows\System\ceEyRSm.exe

C:\Windows\System\mJdqTsw.exe

C:\Windows\System\mJdqTsw.exe

C:\Windows\System\ZVisVmj.exe

C:\Windows\System\ZVisVmj.exe

C:\Windows\System\ChHmKRV.exe

C:\Windows\System\ChHmKRV.exe

C:\Windows\System\mglyPYh.exe

C:\Windows\System\mglyPYh.exe

C:\Windows\System\SVeFvua.exe

C:\Windows\System\SVeFvua.exe

C:\Windows\System\CLgcJBH.exe

C:\Windows\System\CLgcJBH.exe

C:\Windows\System\gAhaMNQ.exe

C:\Windows\System\gAhaMNQ.exe

C:\Windows\System\eeHSOFU.exe

C:\Windows\System\eeHSOFU.exe

C:\Windows\System\sxhmClg.exe

C:\Windows\System\sxhmClg.exe

C:\Windows\System\inYWlkm.exe

C:\Windows\System\inYWlkm.exe

C:\Windows\System\XqLxxOv.exe

C:\Windows\System\XqLxxOv.exe

C:\Windows\System\zqJjUeq.exe

C:\Windows\System\zqJjUeq.exe

C:\Windows\System\jzxZGzT.exe

C:\Windows\System\jzxZGzT.exe

C:\Windows\System\rCDRKKC.exe

C:\Windows\System\rCDRKKC.exe

C:\Windows\System\nZeswDq.exe

C:\Windows\System\nZeswDq.exe

C:\Windows\System\QwCFRpt.exe

C:\Windows\System\QwCFRpt.exe

C:\Windows\System\tcNjfdN.exe

C:\Windows\System\tcNjfdN.exe

C:\Windows\System\ogalVTV.exe

C:\Windows\System\ogalVTV.exe

C:\Windows\System\sMEUkOc.exe

C:\Windows\System\sMEUkOc.exe

C:\Windows\System\jVWBPRo.exe

C:\Windows\System\jVWBPRo.exe

C:\Windows\System\xpuvdhY.exe

C:\Windows\System\xpuvdhY.exe

C:\Windows\System\GgOCTfx.exe

C:\Windows\System\GgOCTfx.exe

C:\Windows\System\uTIENOb.exe

C:\Windows\System\uTIENOb.exe

C:\Windows\System\jfhCrKp.exe

C:\Windows\System\jfhCrKp.exe

C:\Windows\System\DPVQWTl.exe

C:\Windows\System\DPVQWTl.exe

C:\Windows\System\llVcFUV.exe

C:\Windows\System\llVcFUV.exe

C:\Windows\System\rIMWpja.exe

C:\Windows\System\rIMWpja.exe

C:\Windows\System\uHhLfXf.exe

C:\Windows\System\uHhLfXf.exe

C:\Windows\System\DUecqmh.exe

C:\Windows\System\DUecqmh.exe

C:\Windows\System\jYstZEU.exe

C:\Windows\System\jYstZEU.exe

C:\Windows\System\OmAXMeP.exe

C:\Windows\System\OmAXMeP.exe

C:\Windows\System\UuGRPfa.exe

C:\Windows\System\UuGRPfa.exe

C:\Windows\System\JPcvZes.exe

C:\Windows\System\JPcvZes.exe

C:\Windows\System\MLNaeBw.exe

C:\Windows\System\MLNaeBw.exe

C:\Windows\System\ScgtzFM.exe

C:\Windows\System\ScgtzFM.exe

C:\Windows\System\UmyGBnk.exe

C:\Windows\System\UmyGBnk.exe

C:\Windows\System\hSsooIG.exe

C:\Windows\System\hSsooIG.exe

C:\Windows\System\Vwttgxx.exe

C:\Windows\System\Vwttgxx.exe

C:\Windows\System\BrpQpUS.exe

C:\Windows\System\BrpQpUS.exe

C:\Windows\System\MhfsdeF.exe

C:\Windows\System\MhfsdeF.exe

C:\Windows\System\CIRHDME.exe

C:\Windows\System\CIRHDME.exe

C:\Windows\System\UjiAbtk.exe

C:\Windows\System\UjiAbtk.exe

C:\Windows\System\bvtaSQn.exe

C:\Windows\System\bvtaSQn.exe

C:\Windows\System\wRiBfNq.exe

C:\Windows\System\wRiBfNq.exe

C:\Windows\System\PftEtes.exe

C:\Windows\System\PftEtes.exe

C:\Windows\System\dnVrbcV.exe

C:\Windows\System\dnVrbcV.exe

C:\Windows\System\meKBMEm.exe

C:\Windows\System\meKBMEm.exe

C:\Windows\System\vCbgzGN.exe

C:\Windows\System\vCbgzGN.exe

C:\Windows\System\uiqAWpP.exe

C:\Windows\System\uiqAWpP.exe

C:\Windows\System\VwYfmNV.exe

C:\Windows\System\VwYfmNV.exe

C:\Windows\System\spHGjTG.exe

C:\Windows\System\spHGjTG.exe

C:\Windows\System\mvfFRJs.exe

C:\Windows\System\mvfFRJs.exe

C:\Windows\System\rYrboPZ.exe

C:\Windows\System\rYrboPZ.exe

C:\Windows\System\fAnemGL.exe

C:\Windows\System\fAnemGL.exe

C:\Windows\System\WoKtWFc.exe

C:\Windows\System\WoKtWFc.exe

C:\Windows\System\CMzQZyQ.exe

C:\Windows\System\CMzQZyQ.exe

C:\Windows\System\BGQNNxU.exe

C:\Windows\System\BGQNNxU.exe

C:\Windows\System\ttugnyK.exe

C:\Windows\System\ttugnyK.exe

C:\Windows\System\tuRNBAh.exe

C:\Windows\System\tuRNBAh.exe

C:\Windows\System\fgeDhgS.exe

C:\Windows\System\fgeDhgS.exe

C:\Windows\System\xxCKGvq.exe

C:\Windows\System\xxCKGvq.exe

C:\Windows\System\tUZDJeG.exe

C:\Windows\System\tUZDJeG.exe

C:\Windows\System\SglAPvx.exe

C:\Windows\System\SglAPvx.exe

C:\Windows\System\tOZthjt.exe

C:\Windows\System\tOZthjt.exe

C:\Windows\System\kLWGNdW.exe

C:\Windows\System\kLWGNdW.exe

C:\Windows\System\EJLtRrE.exe

C:\Windows\System\EJLtRrE.exe

C:\Windows\System\oNcoGrO.exe

C:\Windows\System\oNcoGrO.exe

C:\Windows\System\vLGtBvn.exe

C:\Windows\System\vLGtBvn.exe

C:\Windows\System\NvIXfht.exe

C:\Windows\System\NvIXfht.exe

C:\Windows\System\BMbRVlp.exe

C:\Windows\System\BMbRVlp.exe

C:\Windows\System\MfoeYvW.exe

C:\Windows\System\MfoeYvW.exe

C:\Windows\System\ObcyaAQ.exe

C:\Windows\System\ObcyaAQ.exe

C:\Windows\System\YFRyQyB.exe

C:\Windows\System\YFRyQyB.exe

C:\Windows\System\gQzILWm.exe

C:\Windows\System\gQzILWm.exe

C:\Windows\System\XIybhYz.exe

C:\Windows\System\XIybhYz.exe

C:\Windows\System\BHiZrEB.exe

C:\Windows\System\BHiZrEB.exe

C:\Windows\System\jkSnSsT.exe

C:\Windows\System\jkSnSsT.exe

C:\Windows\System\lHiUjEH.exe

C:\Windows\System\lHiUjEH.exe

C:\Windows\System\OvaQCqh.exe

C:\Windows\System\OvaQCqh.exe

C:\Windows\System\CbkbFga.exe

C:\Windows\System\CbkbFga.exe

C:\Windows\System\KIHwxWB.exe

C:\Windows\System\KIHwxWB.exe

C:\Windows\System\BGWYowu.exe

C:\Windows\System\BGWYowu.exe

C:\Windows\System\tYYyXTN.exe

C:\Windows\System\tYYyXTN.exe

C:\Windows\System\liQGWYA.exe

C:\Windows\System\liQGWYA.exe

C:\Windows\System\JBxFKKO.exe

C:\Windows\System\JBxFKKO.exe

C:\Windows\System\mERaVFC.exe

C:\Windows\System\mERaVFC.exe

C:\Windows\System\tHZCIBl.exe

C:\Windows\System\tHZCIBl.exe

C:\Windows\System\TCXYrWi.exe

C:\Windows\System\TCXYrWi.exe

C:\Windows\System\BYpUDGu.exe

C:\Windows\System\BYpUDGu.exe

C:\Windows\System\qslEyvO.exe

C:\Windows\System\qslEyvO.exe

C:\Windows\System\MzoJCJD.exe

C:\Windows\System\MzoJCJD.exe

C:\Windows\System\jBbHPou.exe

C:\Windows\System\jBbHPou.exe

C:\Windows\System\SftZdUq.exe

C:\Windows\System\SftZdUq.exe

C:\Windows\System\rFvBNAR.exe

C:\Windows\System\rFvBNAR.exe

C:\Windows\System\pygORuk.exe

C:\Windows\System\pygORuk.exe

C:\Windows\System\cSzZCiT.exe

C:\Windows\System\cSzZCiT.exe

C:\Windows\System\kOVryZe.exe

C:\Windows\System\kOVryZe.exe

C:\Windows\System\doXsdPT.exe

C:\Windows\System\doXsdPT.exe

C:\Windows\System\cSSSsDM.exe

C:\Windows\System\cSSSsDM.exe

C:\Windows\System\tXAELNV.exe

C:\Windows\System\tXAELNV.exe

C:\Windows\System\TMDfnxc.exe

C:\Windows\System\TMDfnxc.exe

C:\Windows\System\FlIOKiH.exe

C:\Windows\System\FlIOKiH.exe

C:\Windows\System\gPgeJRO.exe

C:\Windows\System\gPgeJRO.exe

C:\Windows\System\kYDHTxd.exe

C:\Windows\System\kYDHTxd.exe

C:\Windows\System\dPHiqXP.exe

C:\Windows\System\dPHiqXP.exe

C:\Windows\System\XPUZaIQ.exe

C:\Windows\System\XPUZaIQ.exe

C:\Windows\System\tZAYQbc.exe

C:\Windows\System\tZAYQbc.exe

C:\Windows\System\CCHrVnp.exe

C:\Windows\System\CCHrVnp.exe

C:\Windows\System\UchSizU.exe

C:\Windows\System\UchSizU.exe

C:\Windows\System\uGCoQNc.exe

C:\Windows\System\uGCoQNc.exe

C:\Windows\System\hzZBarh.exe

C:\Windows\System\hzZBarh.exe

C:\Windows\System\DWmYfDg.exe

C:\Windows\System\DWmYfDg.exe

C:\Windows\System\gWwlXqn.exe

C:\Windows\System\gWwlXqn.exe

C:\Windows\System\IHlfsXI.exe

C:\Windows\System\IHlfsXI.exe

C:\Windows\System\hcWLHPy.exe

C:\Windows\System\hcWLHPy.exe

C:\Windows\System\YSrJUHD.exe

C:\Windows\System\YSrJUHD.exe

C:\Windows\System\RWjKwKg.exe

C:\Windows\System\RWjKwKg.exe

C:\Windows\System\EMurTlg.exe

C:\Windows\System\EMurTlg.exe

C:\Windows\System\LRRdpaU.exe

C:\Windows\System\LRRdpaU.exe

C:\Windows\System\liMZPyt.exe

C:\Windows\System\liMZPyt.exe

C:\Windows\System\jAxvPXk.exe

C:\Windows\System\jAxvPXk.exe

C:\Windows\System\HrdkeJH.exe

C:\Windows\System\HrdkeJH.exe

C:\Windows\System\bpFkkuM.exe

C:\Windows\System\bpFkkuM.exe

C:\Windows\System\lKvvPuv.exe

C:\Windows\System\lKvvPuv.exe

C:\Windows\System\qQrSrNG.exe

C:\Windows\System\qQrSrNG.exe

C:\Windows\System\NnKBZyS.exe

C:\Windows\System\NnKBZyS.exe

C:\Windows\System\csQPhQt.exe

C:\Windows\System\csQPhQt.exe

C:\Windows\System\wjQKcIk.exe

C:\Windows\System\wjQKcIk.exe

C:\Windows\System\cqPHkZJ.exe

C:\Windows\System\cqPHkZJ.exe

C:\Windows\System\PYqFzLB.exe

C:\Windows\System\PYqFzLB.exe

C:\Windows\System\RmQXDAR.exe

C:\Windows\System\RmQXDAR.exe

C:\Windows\System\EHupnoj.exe

C:\Windows\System\EHupnoj.exe

C:\Windows\System\NigMqBB.exe

C:\Windows\System\NigMqBB.exe

C:\Windows\System\mNLjxkr.exe

C:\Windows\System\mNLjxkr.exe

C:\Windows\System\NPsyvuI.exe

C:\Windows\System\NPsyvuI.exe

C:\Windows\System\KpwAxME.exe

C:\Windows\System\KpwAxME.exe

C:\Windows\System\uKlXLIH.exe

C:\Windows\System\uKlXLIH.exe

C:\Windows\System\XHtkYJu.exe

C:\Windows\System\XHtkYJu.exe

C:\Windows\System\qvNGvEV.exe

C:\Windows\System\qvNGvEV.exe

C:\Windows\System\hvqUsHt.exe

C:\Windows\System\hvqUsHt.exe

C:\Windows\System\hzaAIcv.exe

C:\Windows\System\hzaAIcv.exe

C:\Windows\System\QpJEMEB.exe

C:\Windows\System\QpJEMEB.exe

C:\Windows\System\KHfHylZ.exe

C:\Windows\System\KHfHylZ.exe

C:\Windows\System\EwEkwbK.exe

C:\Windows\System\EwEkwbK.exe

C:\Windows\System\KAtqkFS.exe

C:\Windows\System\KAtqkFS.exe

C:\Windows\System\OKdiFUD.exe

C:\Windows\System\OKdiFUD.exe

C:\Windows\System\gdQRXPg.exe

C:\Windows\System\gdQRXPg.exe

C:\Windows\System\CkyduOG.exe

C:\Windows\System\CkyduOG.exe

C:\Windows\System\VgOSqgf.exe

C:\Windows\System\VgOSqgf.exe

C:\Windows\System\BAXsolI.exe

C:\Windows\System\BAXsolI.exe

C:\Windows\System\oZFnJDf.exe

C:\Windows\System\oZFnJDf.exe

C:\Windows\System\WjnBBvr.exe

C:\Windows\System\WjnBBvr.exe

C:\Windows\System\aEtdxex.exe

C:\Windows\System\aEtdxex.exe

C:\Windows\System\dGmrziv.exe

C:\Windows\System\dGmrziv.exe

C:\Windows\System\qaoljoO.exe

C:\Windows\System\qaoljoO.exe

C:\Windows\System\SXoTjHs.exe

C:\Windows\System\SXoTjHs.exe

C:\Windows\System\PBcJnVu.exe

C:\Windows\System\PBcJnVu.exe

C:\Windows\System\yeRyujg.exe

C:\Windows\System\yeRyujg.exe

C:\Windows\System\IBCItXo.exe

C:\Windows\System\IBCItXo.exe

C:\Windows\System\RFCkPSz.exe

C:\Windows\System\RFCkPSz.exe

C:\Windows\System\pJiVXRn.exe

C:\Windows\System\pJiVXRn.exe

C:\Windows\System\vgfSneS.exe

C:\Windows\System\vgfSneS.exe

C:\Windows\System\AxAntna.exe

C:\Windows\System\AxAntna.exe

C:\Windows\System\glGeexg.exe

C:\Windows\System\glGeexg.exe

C:\Windows\System\NYrepLV.exe

C:\Windows\System\NYrepLV.exe

C:\Windows\System\vyMhNGK.exe

C:\Windows\System\vyMhNGK.exe

C:\Windows\System\rENTLGt.exe

C:\Windows\System\rENTLGt.exe

C:\Windows\System\NtddDFl.exe

C:\Windows\System\NtddDFl.exe

C:\Windows\System\LmotVYx.exe

C:\Windows\System\LmotVYx.exe

C:\Windows\System\qtktMes.exe

C:\Windows\System\qtktMes.exe

C:\Windows\System\mcGYUIK.exe

C:\Windows\System\mcGYUIK.exe

C:\Windows\System\TrDXPom.exe

C:\Windows\System\TrDXPom.exe

C:\Windows\System\OGEXWYb.exe

C:\Windows\System\OGEXWYb.exe

C:\Windows\System\VuPnOwu.exe

C:\Windows\System\VuPnOwu.exe

C:\Windows\System\RexLYHw.exe

C:\Windows\System\RexLYHw.exe

C:\Windows\System\wsiTVVW.exe

C:\Windows\System\wsiTVVW.exe

C:\Windows\System\KCiEQmR.exe

C:\Windows\System\KCiEQmR.exe

C:\Windows\System\UcIftWj.exe

C:\Windows\System\UcIftWj.exe

C:\Windows\System\sOYFbCU.exe

C:\Windows\System\sOYFbCU.exe

C:\Windows\System\kSDyUgA.exe

C:\Windows\System\kSDyUgA.exe

C:\Windows\System\cuFYvaf.exe

C:\Windows\System\cuFYvaf.exe

C:\Windows\System\dUoRwSU.exe

C:\Windows\System\dUoRwSU.exe

C:\Windows\System\YURoqGj.exe

C:\Windows\System\YURoqGj.exe

C:\Windows\System\OOWynHW.exe

C:\Windows\System\OOWynHW.exe

C:\Windows\System\nTPDiDO.exe

C:\Windows\System\nTPDiDO.exe

C:\Windows\System\qMNHAlM.exe

C:\Windows\System\qMNHAlM.exe

C:\Windows\System\XZsVQDA.exe

C:\Windows\System\XZsVQDA.exe

C:\Windows\System\mMZsuyN.exe

C:\Windows\System\mMZsuyN.exe

C:\Windows\System\edJhaWL.exe

C:\Windows\System\edJhaWL.exe

C:\Windows\System\SWywCnj.exe

C:\Windows\System\SWywCnj.exe

C:\Windows\System\YdxYiwB.exe

C:\Windows\System\YdxYiwB.exe

C:\Windows\System\rfkqtGa.exe

C:\Windows\System\rfkqtGa.exe

C:\Windows\System\vpXhLSf.exe

C:\Windows\System\vpXhLSf.exe

C:\Windows\System\HcHkFgu.exe

C:\Windows\System\HcHkFgu.exe

C:\Windows\System\FqcDJHW.exe

C:\Windows\System\FqcDJHW.exe

C:\Windows\System\rOmaaHg.exe

C:\Windows\System\rOmaaHg.exe

C:\Windows\System\CnJQTss.exe

C:\Windows\System\CnJQTss.exe

C:\Windows\System\ueuenhI.exe

C:\Windows\System\ueuenhI.exe

C:\Windows\System\DOtlxQJ.exe

C:\Windows\System\DOtlxQJ.exe

C:\Windows\System\MWNKbPo.exe

C:\Windows\System\MWNKbPo.exe

C:\Windows\System\POoxjMT.exe

C:\Windows\System\POoxjMT.exe

C:\Windows\System\roEwnvR.exe

C:\Windows\System\roEwnvR.exe

C:\Windows\System\gFoOUmU.exe

C:\Windows\System\gFoOUmU.exe

C:\Windows\System\TUKtlZC.exe

C:\Windows\System\TUKtlZC.exe

C:\Windows\System\nVrBVRq.exe

C:\Windows\System\nVrBVRq.exe

C:\Windows\System\veTqmaV.exe

C:\Windows\System\veTqmaV.exe

C:\Windows\System\TFqFQFU.exe

C:\Windows\System\TFqFQFU.exe

C:\Windows\System\frlEanj.exe

C:\Windows\System\frlEanj.exe

C:\Windows\System\IouiPCQ.exe

C:\Windows\System\IouiPCQ.exe

C:\Windows\System\qDPjWBe.exe

C:\Windows\System\qDPjWBe.exe

C:\Windows\System\ggZaODS.exe

C:\Windows\System\ggZaODS.exe

C:\Windows\System\rSJpFEM.exe

C:\Windows\System\rSJpFEM.exe

C:\Windows\System\CQASwbh.exe

C:\Windows\System\CQASwbh.exe

C:\Windows\System\sMbhIBT.exe

C:\Windows\System\sMbhIBT.exe

C:\Windows\System\FhpYWGg.exe

C:\Windows\System\FhpYWGg.exe

C:\Windows\System\xOhlqwb.exe

C:\Windows\System\xOhlqwb.exe

C:\Windows\System\eBgSBZV.exe

C:\Windows\System\eBgSBZV.exe

C:\Windows\System\dfjEgCe.exe

C:\Windows\System\dfjEgCe.exe

C:\Windows\System\mgzqITY.exe

C:\Windows\System\mgzqITY.exe

C:\Windows\System\pJdEruW.exe

C:\Windows\System\pJdEruW.exe

C:\Windows\System\ptaZtqv.exe

C:\Windows\System\ptaZtqv.exe

C:\Windows\System\uGGrdcX.exe

C:\Windows\System\uGGrdcX.exe

C:\Windows\System\JWGTijI.exe

C:\Windows\System\JWGTijI.exe

C:\Windows\System\DdKwVNr.exe

C:\Windows\System\DdKwVNr.exe

C:\Windows\System\hvcWsUo.exe

C:\Windows\System\hvcWsUo.exe

C:\Windows\System\TsYjkaK.exe

C:\Windows\System\TsYjkaK.exe

C:\Windows\System\PpixuRH.exe

C:\Windows\System\PpixuRH.exe

C:\Windows\System\EvfTRva.exe

C:\Windows\System\EvfTRva.exe

C:\Windows\System\vJPTvtB.exe

C:\Windows\System\vJPTvtB.exe

C:\Windows\System\SKJpeaM.exe

C:\Windows\System\SKJpeaM.exe

C:\Windows\System\eUugBuQ.exe

C:\Windows\System\eUugBuQ.exe

C:\Windows\System\xRfRZse.exe

C:\Windows\System\xRfRZse.exe

C:\Windows\system32\WerFaultSecure.exe

"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 11780 -i 11780 -h 412 -j 668 -s 644 -d 11748

C:\Windows\System\fFavJoC.exe

C:\Windows\System\fFavJoC.exe

C:\Windows\System\zUkaKZo.exe

C:\Windows\System\zUkaKZo.exe

C:\Windows\System\twXIwif.exe

C:\Windows\System\twXIwif.exe

C:\Windows\System\fTtnkRR.exe

C:\Windows\System\fTtnkRR.exe

C:\Windows\System\CfoCpLs.exe

C:\Windows\System\CfoCpLs.exe

C:\Windows\System\fTVWkst.exe

C:\Windows\System\fTVWkst.exe

C:\Windows\System\hcIyUBW.exe

C:\Windows\System\hcIyUBW.exe

C:\Windows\System\uSTSQUZ.exe

C:\Windows\System\uSTSQUZ.exe

C:\Windows\System\dRjuMCc.exe

C:\Windows\System\dRjuMCc.exe

C:\Windows\System\zbMCHuq.exe

C:\Windows\System\zbMCHuq.exe

C:\Windows\System\GxATkYL.exe

C:\Windows\System\GxATkYL.exe

C:\Windows\System\oAHqRLr.exe

C:\Windows\System\oAHqRLr.exe

C:\Windows\System\vbFVxRS.exe

C:\Windows\System\vbFVxRS.exe

C:\Windows\System\DqGVYFP.exe

C:\Windows\System\DqGVYFP.exe

C:\Windows\System\NEouRlr.exe

C:\Windows\System\NEouRlr.exe

C:\Windows\System\DLVdqSQ.exe

C:\Windows\System\DLVdqSQ.exe

C:\Windows\System\cycNZUS.exe

C:\Windows\System\cycNZUS.exe

C:\Windows\System\ScGPVer.exe

C:\Windows\System\ScGPVer.exe

C:\Windows\System\eCxCgbO.exe

C:\Windows\System\eCxCgbO.exe

C:\Windows\System\iQtsIMF.exe

C:\Windows\System\iQtsIMF.exe

C:\Windows\System\qNhJbzW.exe

C:\Windows\System\qNhJbzW.exe

C:\Windows\System\PlIymgu.exe

C:\Windows\System\PlIymgu.exe

C:\Windows\System\gbFzdfu.exe

C:\Windows\System\gbFzdfu.exe

C:\Windows\System\waKyQxP.exe

C:\Windows\System\waKyQxP.exe

C:\Windows\System\LelVybB.exe

C:\Windows\System\LelVybB.exe

C:\Windows\System\yVmMvzP.exe

C:\Windows\System\yVmMvzP.exe

C:\Windows\System\WoNlsFf.exe

C:\Windows\System\WoNlsFf.exe

C:\Windows\System\KDwLAYZ.exe

C:\Windows\System\KDwLAYZ.exe

C:\Windows\System\TNuMzQb.exe

C:\Windows\System\TNuMzQb.exe

C:\Windows\System\LmZrvaQ.exe

C:\Windows\System\LmZrvaQ.exe

C:\Windows\System\lOxanLB.exe

C:\Windows\System\lOxanLB.exe

C:\Windows\System\kXVIPNx.exe

C:\Windows\System\kXVIPNx.exe

C:\Windows\System\pGTuUoi.exe

C:\Windows\System\pGTuUoi.exe

C:\Windows\System\sBuDvtu.exe

C:\Windows\System\sBuDvtu.exe

C:\Windows\System\WMbSiKL.exe

C:\Windows\System\WMbSiKL.exe

C:\Windows\System\frdVAVY.exe

C:\Windows\System\frdVAVY.exe

C:\Windows\System\nfVniCG.exe

C:\Windows\System\nfVniCG.exe

C:\Windows\System\apQQvVo.exe

C:\Windows\System\apQQvVo.exe

C:\Windows\System\pFThDpE.exe

C:\Windows\System\pFThDpE.exe

C:\Windows\System\pvHgoxB.exe

C:\Windows\System\pvHgoxB.exe

C:\Windows\System\maJbqSU.exe

C:\Windows\System\maJbqSU.exe

C:\Windows\System\FCOnGqw.exe

C:\Windows\System\FCOnGqw.exe

C:\Windows\System\VVaHDMQ.exe

C:\Windows\System\VVaHDMQ.exe

C:\Windows\System\jVDMrHU.exe

C:\Windows\System\jVDMrHU.exe

C:\Windows\System\aHNcURE.exe

C:\Windows\System\aHNcURE.exe

C:\Windows\System\LUZOaKW.exe

C:\Windows\System\LUZOaKW.exe

C:\Windows\System\NfrTGUW.exe

C:\Windows\System\NfrTGUW.exe

C:\Windows\System\YaigFMx.exe

C:\Windows\System\YaigFMx.exe

C:\Windows\System\TPGjEqU.exe

C:\Windows\System\TPGjEqU.exe

C:\Windows\System\coJrzwA.exe

C:\Windows\System\coJrzwA.exe

C:\Windows\System\fjATFIM.exe

C:\Windows\System\fjATFIM.exe

C:\Windows\System\chIKihC.exe

C:\Windows\System\chIKihC.exe

C:\Windows\System\qLyzAoS.exe

C:\Windows\System\qLyzAoS.exe

C:\Windows\System\UTAylci.exe

C:\Windows\System\UTAylci.exe

C:\Windows\System\NGebwXv.exe

C:\Windows\System\NGebwXv.exe

C:\Windows\System\EbtcuzM.exe

C:\Windows\System\EbtcuzM.exe

C:\Windows\System\ByhmWIN.exe

C:\Windows\System\ByhmWIN.exe

C:\Windows\System\qcBDYQM.exe

C:\Windows\System\qcBDYQM.exe

C:\Windows\System\USPguTn.exe

C:\Windows\System\USPguTn.exe

C:\Windows\System\xbQJWpo.exe

C:\Windows\System\xbQJWpo.exe

C:\Windows\System\acvOahw.exe

C:\Windows\System\acvOahw.exe

C:\Windows\System\RQaaWdB.exe

C:\Windows\System\RQaaWdB.exe

C:\Windows\System\vPmhZZO.exe

C:\Windows\System\vPmhZZO.exe

C:\Windows\System\vVQUFXd.exe

C:\Windows\System\vVQUFXd.exe

C:\Windows\System\iWqLvBX.exe

C:\Windows\System\iWqLvBX.exe

C:\Windows\System\rBwoBaR.exe

C:\Windows\System\rBwoBaR.exe

C:\Windows\System\HvibXtp.exe

C:\Windows\System\HvibXtp.exe

C:\Windows\System\JXKYSUh.exe

C:\Windows\System\JXKYSUh.exe

C:\Windows\System\reJIZtb.exe

C:\Windows\System\reJIZtb.exe

C:\Windows\System\ukRQuAi.exe

C:\Windows\System\ukRQuAi.exe

C:\Windows\System\IXyrMhH.exe

C:\Windows\System\IXyrMhH.exe

C:\Windows\System\FAIiJIi.exe

C:\Windows\System\FAIiJIi.exe

C:\Windows\System\ErrYzft.exe

C:\Windows\System\ErrYzft.exe

C:\Windows\System\oBuvErF.exe

C:\Windows\System\oBuvErF.exe

C:\Windows\System\MFlyVPZ.exe

C:\Windows\System\MFlyVPZ.exe

C:\Windows\System\bUJtCjX.exe

C:\Windows\System\bUJtCjX.exe

C:\Windows\System\bTbXjFn.exe

C:\Windows\System\bTbXjFn.exe

C:\Windows\System\SVmTDQT.exe

C:\Windows\System\SVmTDQT.exe

C:\Windows\System\kbOBOHp.exe

C:\Windows\System\kbOBOHp.exe

C:\Windows\System\kJtdqiG.exe

C:\Windows\System\kJtdqiG.exe

C:\Windows\System\rDGzwip.exe

C:\Windows\System\rDGzwip.exe

C:\Windows\System\nuaqpkB.exe

C:\Windows\System\nuaqpkB.exe

C:\Windows\System\KZblAho.exe

C:\Windows\System\KZblAho.exe

C:\Windows\System\GBjqwde.exe

C:\Windows\System\GBjqwde.exe

C:\Windows\System\ztrVLmo.exe

C:\Windows\System\ztrVLmo.exe

C:\Windows\System\cdLLStz.exe

C:\Windows\System\cdLLStz.exe

C:\Windows\System\pYqItoZ.exe

C:\Windows\System\pYqItoZ.exe

C:\Windows\System\ewTmZZm.exe

C:\Windows\System\ewTmZZm.exe

C:\Windows\System\aHaxDai.exe

C:\Windows\System\aHaxDai.exe

C:\Windows\System\CKeezcL.exe

C:\Windows\System\CKeezcL.exe

C:\Windows\System\LzkggAt.exe

C:\Windows\System\LzkggAt.exe

C:\Windows\System\sDKStif.exe

C:\Windows\System\sDKStif.exe

C:\Windows\System\AsiDlVz.exe

C:\Windows\System\AsiDlVz.exe

C:\Windows\System\oVyfPWO.exe

C:\Windows\System\oVyfPWO.exe

C:\Windows\System\ytPSbvR.exe

C:\Windows\System\ytPSbvR.exe

C:\Windows\System\XiaJcpn.exe

C:\Windows\System\XiaJcpn.exe

C:\Windows\System\gtwYBkS.exe

C:\Windows\System\gtwYBkS.exe

C:\Windows\System\HCuMbux.exe

C:\Windows\System\HCuMbux.exe

C:\Windows\System\TndLsFd.exe

C:\Windows\System\TndLsFd.exe

C:\Windows\System\tXVqeJr.exe

C:\Windows\System\tXVqeJr.exe

C:\Windows\System\MNarGND.exe

C:\Windows\System\MNarGND.exe

C:\Windows\System\igntqwq.exe

C:\Windows\System\igntqwq.exe

C:\Windows\System\tUioUsE.exe

C:\Windows\System\tUioUsE.exe

C:\Windows\System\wHeCJBU.exe

C:\Windows\System\wHeCJBU.exe

C:\Windows\System\WnDoCFT.exe

C:\Windows\System\WnDoCFT.exe

C:\Windows\System\ooPnAUM.exe

C:\Windows\System\ooPnAUM.exe

C:\Windows\System\TLmiAxu.exe

C:\Windows\System\TLmiAxu.exe

C:\Windows\System\WCRhoLc.exe

C:\Windows\System\WCRhoLc.exe

C:\Windows\System\uVhpVob.exe

C:\Windows\System\uVhpVob.exe

C:\Windows\System\srYjEMo.exe

C:\Windows\System\srYjEMo.exe

C:\Windows\System\qDYFQAJ.exe

C:\Windows\System\qDYFQAJ.exe

C:\Windows\System\GQmYorR.exe

C:\Windows\System\GQmYorR.exe

C:\Windows\System\lMLPozm.exe

C:\Windows\System\lMLPozm.exe

C:\Windows\System\HHANIPp.exe

C:\Windows\System\HHANIPp.exe

C:\Windows\System\aWeGOfG.exe

C:\Windows\System\aWeGOfG.exe

C:\Windows\System\WNgEexJ.exe

C:\Windows\System\WNgEexJ.exe

C:\Windows\System\RUJDhBY.exe

C:\Windows\System\RUJDhBY.exe

C:\Windows\System\GzJEdTS.exe

C:\Windows\System\GzJEdTS.exe

C:\Windows\System\qbAVXVY.exe

C:\Windows\System\qbAVXVY.exe

C:\Windows\System\cgFPucC.exe

C:\Windows\System\cgFPucC.exe

C:\Windows\System\xbynHZj.exe

C:\Windows\System\xbynHZj.exe

C:\Windows\System\xfgYVbm.exe

C:\Windows\System\xfgYVbm.exe

C:\Windows\System\VMZbYdN.exe

C:\Windows\System\VMZbYdN.exe

C:\Windows\System\npgZPTR.exe

C:\Windows\System\npgZPTR.exe

C:\Windows\System\eNLkAvS.exe

C:\Windows\System\eNLkAvS.exe

C:\Windows\System\KvbYumU.exe

C:\Windows\System\KvbYumU.exe

C:\Windows\System\soKzMaG.exe

C:\Windows\System\soKzMaG.exe

C:\Windows\System\ZUqESTF.exe

C:\Windows\System\ZUqESTF.exe

C:\Windows\System\zeWjIaU.exe

C:\Windows\System\zeWjIaU.exe

C:\Windows\System\UEDgyQS.exe

C:\Windows\System\UEDgyQS.exe

C:\Windows\System\wAhfsaP.exe

C:\Windows\System\wAhfsaP.exe

C:\Windows\System\EpIigBL.exe

C:\Windows\System\EpIigBL.exe

C:\Windows\System\YDDpPbK.exe

C:\Windows\System\YDDpPbK.exe

C:\Windows\System\INCwKWE.exe

C:\Windows\System\INCwKWE.exe

C:\Windows\System\RnxctfK.exe

C:\Windows\System\RnxctfK.exe

C:\Windows\System\nvTfpti.exe

C:\Windows\System\nvTfpti.exe

C:\Windows\System\oDjeswm.exe

C:\Windows\System\oDjeswm.exe

C:\Windows\System\nPtKnlu.exe

C:\Windows\System\nPtKnlu.exe

C:\Windows\System\GQIjNOq.exe

C:\Windows\System\GQIjNOq.exe

C:\Windows\System\JMtLexv.exe

C:\Windows\System\JMtLexv.exe

C:\Windows\System\KNUUSKo.exe

C:\Windows\System\KNUUSKo.exe

C:\Windows\System\hATNNUh.exe

C:\Windows\System\hATNNUh.exe

C:\Windows\System\YlgLVRH.exe

C:\Windows\System\YlgLVRH.exe

C:\Windows\System\YQCZtvu.exe

C:\Windows\System\YQCZtvu.exe

C:\Windows\System\aqchtLi.exe

C:\Windows\System\aqchtLi.exe

C:\Windows\System\nnHnTDg.exe

C:\Windows\System\nnHnTDg.exe

C:\Windows\System\ScwpOht.exe

C:\Windows\System\ScwpOht.exe

C:\Windows\System\YijVUpF.exe

C:\Windows\System\YijVUpF.exe

C:\Windows\System\jBzqvdH.exe

C:\Windows\System\jBzqvdH.exe

C:\Windows\System\pLqeOzh.exe

C:\Windows\System\pLqeOzh.exe

C:\Windows\System\blceFOS.exe

C:\Windows\System\blceFOS.exe

C:\Windows\System\HLgQzSQ.exe

C:\Windows\System\HLgQzSQ.exe

C:\Windows\System\JvXNHUT.exe

C:\Windows\System\JvXNHUT.exe

C:\Windows\System\vRKuNFO.exe

C:\Windows\System\vRKuNFO.exe

C:\Windows\System\xooyUbH.exe

C:\Windows\System\xooyUbH.exe

C:\Windows\System\BjpUcPC.exe

C:\Windows\System\BjpUcPC.exe

C:\Windows\System\gBatlGG.exe

C:\Windows\System\gBatlGG.exe

C:\Windows\System\uiRHkWe.exe

C:\Windows\System\uiRHkWe.exe

C:\Windows\System\ddIhlIk.exe

C:\Windows\System\ddIhlIk.exe

C:\Windows\System\BNtgccU.exe

C:\Windows\System\BNtgccU.exe

C:\Windows\System\SsewNXa.exe

C:\Windows\System\SsewNXa.exe

C:\Windows\System\WjsiujD.exe

C:\Windows\System\WjsiujD.exe

C:\Windows\System\PexPjre.exe

C:\Windows\System\PexPjre.exe

C:\Windows\System\JtmXozu.exe

C:\Windows\System\JtmXozu.exe

C:\Windows\System\TmnaHTO.exe

C:\Windows\System\TmnaHTO.exe

C:\Windows\System\vuPrziU.exe

C:\Windows\System\vuPrziU.exe

C:\Windows\System\OKeDKnB.exe

C:\Windows\System\OKeDKnB.exe

C:\Windows\System\XiMxLSc.exe

C:\Windows\System\XiMxLSc.exe

C:\Windows\System\hoKyOJN.exe

C:\Windows\System\hoKyOJN.exe

C:\Windows\System\aPOqZwo.exe

C:\Windows\System\aPOqZwo.exe

C:\Windows\System\ihheewf.exe

C:\Windows\System\ihheewf.exe

C:\Windows\System\kSdlrCt.exe

C:\Windows\System\kSdlrCt.exe

C:\Windows\System\uEdkHcM.exe

C:\Windows\System\uEdkHcM.exe

C:\Windows\System\sBwFnyh.exe

C:\Windows\System\sBwFnyh.exe

C:\Windows\System\lTDDUyO.exe

C:\Windows\System\lTDDUyO.exe

C:\Windows\System\pFUjvev.exe

C:\Windows\System\pFUjvev.exe

C:\Windows\System\YQybXaS.exe

C:\Windows\System\YQybXaS.exe

C:\Windows\System\CVxKwLf.exe

C:\Windows\System\CVxKwLf.exe

C:\Windows\System\fBEFDEB.exe

C:\Windows\System\fBEFDEB.exe

C:\Windows\System\uNphaVy.exe

C:\Windows\System\uNphaVy.exe

C:\Windows\System\wfudWFK.exe

C:\Windows\System\wfudWFK.exe

C:\Windows\System\ChPMpdU.exe

C:\Windows\System\ChPMpdU.exe

C:\Windows\System\oxEyyBz.exe

C:\Windows\System\oxEyyBz.exe

C:\Windows\System\mBcTxBx.exe

C:\Windows\System\mBcTxBx.exe

C:\Windows\System\HVwapVu.exe

C:\Windows\System\HVwapVu.exe

C:\Windows\System\pTgHIwC.exe

C:\Windows\System\pTgHIwC.exe

C:\Windows\System\oLKfaxo.exe

C:\Windows\System\oLKfaxo.exe

C:\Windows\System\mMYMBoW.exe

C:\Windows\System\mMYMBoW.exe

C:\Windows\System\bIKoaMz.exe

C:\Windows\System\bIKoaMz.exe

C:\Windows\System\oBzWaIC.exe

C:\Windows\System\oBzWaIC.exe

C:\Windows\System\nbhDfAF.exe

C:\Windows\System\nbhDfAF.exe

C:\Windows\System\dvamBcU.exe

C:\Windows\System\dvamBcU.exe

C:\Windows\System\YKQfBjQ.exe

C:\Windows\System\YKQfBjQ.exe

C:\Windows\System\SQPOdTz.exe

C:\Windows\System\SQPOdTz.exe

C:\Windows\System\clTOIcV.exe

C:\Windows\System\clTOIcV.exe

C:\Windows\System\QQgxYrS.exe

C:\Windows\System\QQgxYrS.exe

C:\Windows\System\txvcnRj.exe

C:\Windows\System\txvcnRj.exe

C:\Windows\System\aeZtXqi.exe

C:\Windows\System\aeZtXqi.exe

C:\Windows\System\qdAoboI.exe

C:\Windows\System\qdAoboI.exe

C:\Windows\System\wlgqbld.exe

C:\Windows\System\wlgqbld.exe

C:\Windows\System\WJbRBAK.exe

C:\Windows\System\WJbRBAK.exe

C:\Windows\System\UrbXfge.exe

C:\Windows\System\UrbXfge.exe

C:\Windows\System\HteyrOR.exe

C:\Windows\System\HteyrOR.exe

C:\Windows\System\ZVqTNXh.exe

C:\Windows\System\ZVqTNXh.exe

C:\Windows\System\oDNdWOO.exe

C:\Windows\System\oDNdWOO.exe

C:\Windows\System\cjTMfwb.exe

C:\Windows\System\cjTMfwb.exe

C:\Windows\System\dSTOsAE.exe

C:\Windows\System\dSTOsAE.exe

C:\Windows\System\euLDKUF.exe

C:\Windows\System\euLDKUF.exe

C:\Windows\System\OeXQETb.exe

C:\Windows\System\OeXQETb.exe

C:\Windows\System\duIlfIV.exe

C:\Windows\System\duIlfIV.exe

C:\Windows\System\YqYBXdB.exe

C:\Windows\System\YqYBXdB.exe

C:\Windows\System\NHZLPlM.exe

C:\Windows\System\NHZLPlM.exe

C:\Windows\System\MYlAJij.exe

C:\Windows\System\MYlAJij.exe

C:\Windows\System\VhqZGLw.exe

C:\Windows\System\VhqZGLw.exe

C:\Windows\System\dAayImT.exe

C:\Windows\System\dAayImT.exe

C:\Windows\System\VjqEOMr.exe

C:\Windows\System\VjqEOMr.exe

C:\Windows\System\UaGSAay.exe

C:\Windows\System\UaGSAay.exe

C:\Windows\System\kzMaZtP.exe

C:\Windows\System\kzMaZtP.exe

C:\Windows\System\zBrKHuj.exe

C:\Windows\System\zBrKHuj.exe

C:\Windows\System\vOAuiaV.exe

C:\Windows\System\vOAuiaV.exe

C:\Windows\System\zHyNkyf.exe

C:\Windows\System\zHyNkyf.exe

C:\Windows\System\kUvCsXL.exe

C:\Windows\System\kUvCsXL.exe

C:\Windows\System\IdiwPPu.exe

C:\Windows\System\IdiwPPu.exe

C:\Windows\System\rSoNuGL.exe

C:\Windows\System\rSoNuGL.exe

C:\Windows\System\tVlpbwE.exe

C:\Windows\System\tVlpbwE.exe

C:\Windows\System\dLkrznI.exe

C:\Windows\System\dLkrznI.exe

C:\Windows\System\VxPXeLY.exe

C:\Windows\System\VxPXeLY.exe

C:\Windows\System\ndViRJl.exe

C:\Windows\System\ndViRJl.exe

C:\Windows\System\jsRuigd.exe

C:\Windows\System\jsRuigd.exe

C:\Windows\System\WHwCaaR.exe

C:\Windows\System\WHwCaaR.exe

C:\Windows\System\yQkSxpT.exe

C:\Windows\System\yQkSxpT.exe

C:\Windows\System\VIGUcfV.exe

C:\Windows\System\VIGUcfV.exe

C:\Windows\System\szNVMCm.exe

C:\Windows\System\szNVMCm.exe

C:\Windows\System\mxeMXtt.exe

C:\Windows\System\mxeMXtt.exe

C:\Windows\System\cOyENOS.exe

C:\Windows\System\cOyENOS.exe

C:\Windows\System\OBZMtVw.exe

C:\Windows\System\OBZMtVw.exe

C:\Windows\System\QsQWmHj.exe

C:\Windows\System\QsQWmHj.exe

C:\Windows\System\LOhGvDo.exe

C:\Windows\System\LOhGvDo.exe

C:\Windows\System\UkOSJUy.exe

C:\Windows\System\UkOSJUy.exe

C:\Windows\System\BupTxii.exe

C:\Windows\System\BupTxii.exe

C:\Windows\System\qZhPFgG.exe

C:\Windows\System\qZhPFgG.exe

C:\Windows\System\HdJNAbn.exe

C:\Windows\System\HdJNAbn.exe

C:\Windows\System\xcKeLnF.exe

C:\Windows\System\xcKeLnF.exe

C:\Windows\System\ZgYkqqS.exe

C:\Windows\System\ZgYkqqS.exe

C:\Windows\System\jEGwHXU.exe

C:\Windows\System\jEGwHXU.exe

C:\Windows\System\tTpdKhB.exe

C:\Windows\System\tTpdKhB.exe

C:\Windows\System\IyuOkaJ.exe

C:\Windows\System\IyuOkaJ.exe

C:\Windows\System\ILeQPhU.exe

C:\Windows\System\ILeQPhU.exe

C:\Windows\System\yPEbLJm.exe

C:\Windows\System\yPEbLJm.exe

C:\Windows\System\KWtoIpe.exe

C:\Windows\System\KWtoIpe.exe

C:\Windows\System\gIXpYUh.exe

C:\Windows\System\gIXpYUh.exe

C:\Windows\System\aEgPBUB.exe

C:\Windows\System\aEgPBUB.exe

C:\Windows\System\rVcHCpB.exe

C:\Windows\System\rVcHCpB.exe

C:\Windows\System\XXGkBlL.exe

C:\Windows\System\XXGkBlL.exe

C:\Windows\System\WiDGIVY.exe

C:\Windows\System\WiDGIVY.exe

C:\Windows\System\EFUTHry.exe

C:\Windows\System\EFUTHry.exe

C:\Windows\System\JYTBWou.exe

C:\Windows\System\JYTBWou.exe

C:\Windows\System\rwbhcNW.exe

C:\Windows\System\rwbhcNW.exe

C:\Windows\System\ZMqcESI.exe

C:\Windows\System\ZMqcESI.exe

C:\Windows\System\dieuaGZ.exe

C:\Windows\System\dieuaGZ.exe

C:\Windows\System\bYCYPkw.exe

C:\Windows\System\bYCYPkw.exe

C:\Windows\System\TMudlDy.exe

C:\Windows\System\TMudlDy.exe

C:\Windows\System\WdRvfLQ.exe

C:\Windows\System\WdRvfLQ.exe

C:\Windows\System\EXCYLNU.exe

C:\Windows\System\EXCYLNU.exe

C:\Windows\System\OWHrmMX.exe

C:\Windows\System\OWHrmMX.exe

C:\Windows\System\aArXqCs.exe

C:\Windows\System\aArXqCs.exe

C:\Windows\System\gUpYNER.exe

C:\Windows\System\gUpYNER.exe

C:\Windows\System\HeeDmow.exe

C:\Windows\System\HeeDmow.exe

C:\Windows\System\hpPMSId.exe

C:\Windows\System\hpPMSId.exe

C:\Windows\System\mCsUqFy.exe

C:\Windows\System\mCsUqFy.exe

C:\Windows\System\rEgMnAh.exe

C:\Windows\System\rEgMnAh.exe

C:\Windows\System\gSLmURH.exe

C:\Windows\System\gSLmURH.exe

C:\Windows\System\keBOkrb.exe

C:\Windows\System\keBOkrb.exe

C:\Windows\System\PGyLCLl.exe

C:\Windows\System\PGyLCLl.exe

C:\Windows\System\rQewWPB.exe

C:\Windows\System\rQewWPB.exe

C:\Windows\System\DEQRnAq.exe

C:\Windows\System\DEQRnAq.exe

C:\Windows\System\xHDfZpa.exe

C:\Windows\System\xHDfZpa.exe

C:\Windows\System\qVYKvNX.exe

C:\Windows\System\qVYKvNX.exe

C:\Windows\System\PLdKPqg.exe

C:\Windows\System\PLdKPqg.exe

C:\Windows\System\iOYphkO.exe

C:\Windows\System\iOYphkO.exe

C:\Windows\System\RhosJYw.exe

C:\Windows\System\RhosJYw.exe

C:\Windows\System\GLycnfM.exe

C:\Windows\System\GLycnfM.exe

C:\Windows\System\vbQqcLC.exe

C:\Windows\System\vbQqcLC.exe

C:\Windows\System\uORVpgT.exe

C:\Windows\System\uORVpgT.exe

C:\Windows\System\VXMMfZr.exe

C:\Windows\System\VXMMfZr.exe

C:\Windows\System\uTzBkZR.exe

C:\Windows\System\uTzBkZR.exe

C:\Windows\System\ZOLipmg.exe

C:\Windows\System\ZOLipmg.exe

C:\Windows\System\xYQaQcR.exe

C:\Windows\System\xYQaQcR.exe

C:\Windows\System\NGNCEsp.exe

C:\Windows\System\NGNCEsp.exe

C:\Windows\System\FTxdxsS.exe

C:\Windows\System\FTxdxsS.exe

C:\Windows\System\WCUeaDk.exe

C:\Windows\System\WCUeaDk.exe

C:\Windows\System\rTiqyPW.exe

C:\Windows\System\rTiqyPW.exe

C:\Windows\System\JHbVAIh.exe

C:\Windows\System\JHbVAIh.exe

C:\Windows\System\SxVQBxw.exe

C:\Windows\System\SxVQBxw.exe

C:\Windows\System\epZbpZx.exe

C:\Windows\System\epZbpZx.exe

C:\Windows\System\ekGFvDW.exe

C:\Windows\System\ekGFvDW.exe

C:\Windows\System\qPzSLzT.exe

C:\Windows\System\qPzSLzT.exe

C:\Windows\System\wJlajsa.exe

C:\Windows\System\wJlajsa.exe

C:\Windows\System\oEXJtcR.exe

C:\Windows\System\oEXJtcR.exe

C:\Windows\System\QjoagrK.exe

C:\Windows\System\QjoagrK.exe

C:\Windows\System\WUtzPbi.exe

C:\Windows\System\WUtzPbi.exe

C:\Windows\System\eXucXJe.exe

C:\Windows\System\eXucXJe.exe

C:\Windows\System\CWIsswT.exe

C:\Windows\System\CWIsswT.exe

C:\Windows\System\uqDGXdg.exe

C:\Windows\System\uqDGXdg.exe

C:\Windows\System\aIrmBWP.exe

C:\Windows\System\aIrmBWP.exe

C:\Windows\System\IcBOGrW.exe

C:\Windows\System\IcBOGrW.exe

C:\Windows\System\gcorlDB.exe

C:\Windows\System\gcorlDB.exe

C:\Windows\System\eYDNCri.exe

C:\Windows\System\eYDNCri.exe

C:\Windows\System\XXRUdAe.exe

C:\Windows\System\XXRUdAe.exe

C:\Windows\System\KxaQOFl.exe

C:\Windows\System\KxaQOFl.exe

C:\Windows\System\svmFmkV.exe

C:\Windows\System\svmFmkV.exe

C:\Windows\System\agqWiYp.exe

C:\Windows\System\agqWiYp.exe

C:\Windows\System\gGtJjZL.exe

C:\Windows\System\gGtJjZL.exe

C:\Windows\System\tCMyuzB.exe

C:\Windows\System\tCMyuzB.exe

C:\Windows\System\BzzUGKW.exe

C:\Windows\System\BzzUGKW.exe

C:\Windows\System\oIrtfVO.exe

C:\Windows\System\oIrtfVO.exe

C:\Windows\System\niXrdQG.exe

C:\Windows\System\niXrdQG.exe

C:\Windows\System\zBajZfV.exe

C:\Windows\System\zBajZfV.exe

C:\Windows\System\Dirmycl.exe

C:\Windows\System\Dirmycl.exe

C:\Windows\System\IIoEKPe.exe

C:\Windows\System\IIoEKPe.exe

C:\Windows\System\oWQzYtM.exe

C:\Windows\System\oWQzYtM.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 616 -p 7712 -ip 7712

C:\Windows\System\AVKQrGz.exe

C:\Windows\System\AVKQrGz.exe

C:\Windows\System\vYmSCrN.exe

C:\Windows\System\vYmSCrN.exe

C:\Windows\System\jAKlqER.exe

C:\Windows\System\jAKlqER.exe

C:\Windows\System\LZVCNwk.exe

C:\Windows\System\LZVCNwk.exe

C:\Windows\System\JVsJiFN.exe

C:\Windows\System\JVsJiFN.exe

C:\Windows\System\OHBAkAE.exe

C:\Windows\System\OHBAkAE.exe

C:\Windows\System\CYTvhea.exe

C:\Windows\System\CYTvhea.exe

C:\Windows\System\dqYZOOo.exe

C:\Windows\System\dqYZOOo.exe

C:\Windows\System\QciJVuZ.exe

C:\Windows\System\QciJVuZ.exe

C:\Windows\System\YfchZFo.exe

C:\Windows\System\YfchZFo.exe

C:\Windows\System\AjhzZYX.exe

C:\Windows\System\AjhzZYX.exe

C:\Windows\System\pOwFlzD.exe

C:\Windows\System\pOwFlzD.exe

C:\Windows\System\EgOlmaW.exe

C:\Windows\System\EgOlmaW.exe

C:\Windows\System\sysTaho.exe

C:\Windows\System\sysTaho.exe

C:\Windows\System\frUDTYH.exe

C:\Windows\System\frUDTYH.exe

C:\Windows\System\KSKbHyM.exe

C:\Windows\System\KSKbHyM.exe

C:\Windows\System\XxalqTE.exe

C:\Windows\System\XxalqTE.exe

C:\Windows\System\sFjhhOk.exe

C:\Windows\System\sFjhhOk.exe

C:\Windows\System\ZwWjkjE.exe

C:\Windows\System\ZwWjkjE.exe

C:\Windows\System\krTJoxQ.exe

C:\Windows\System\krTJoxQ.exe

C:\Windows\System\ahZfbzy.exe

C:\Windows\System\ahZfbzy.exe

C:\Windows\System\vUUtRrX.exe

C:\Windows\System\vUUtRrX.exe

C:\Windows\System\LAhUNCK.exe

C:\Windows\System\LAhUNCK.exe

C:\Windows\System\KvEWLFq.exe

C:\Windows\System\KvEWLFq.exe

C:\Windows\System\CPhiCcc.exe

C:\Windows\System\CPhiCcc.exe

C:\Windows\System\iAYlvfa.exe

C:\Windows\System\iAYlvfa.exe

C:\Windows\System\RAuQwlK.exe

C:\Windows\System\RAuQwlK.exe

C:\Windows\System\NfNsYpM.exe

C:\Windows\System\NfNsYpM.exe

C:\Windows\System\gxtDhbl.exe

C:\Windows\System\gxtDhbl.exe

C:\Windows\System\uVFgALH.exe

C:\Windows\System\uVFgALH.exe

C:\Windows\System\iFerzbc.exe

C:\Windows\System\iFerzbc.exe

C:\Windows\System\fadjEgb.exe

C:\Windows\System\fadjEgb.exe

C:\Windows\System\plKvDHf.exe

C:\Windows\System\plKvDHf.exe

C:\Windows\System\zUgnKsh.exe

C:\Windows\System\zUgnKsh.exe

C:\Windows\System\kelTAqQ.exe

C:\Windows\System\kelTAqQ.exe

C:\Windows\System\EEBBbAN.exe

C:\Windows\System\EEBBbAN.exe

C:\Windows\System\vLWqNSW.exe

C:\Windows\System\vLWqNSW.exe

C:\Windows\System\nYeLHoQ.exe

C:\Windows\System\nYeLHoQ.exe

C:\Windows\System\oWmEbpi.exe

C:\Windows\System\oWmEbpi.exe

C:\Windows\System\BiiKQcl.exe

C:\Windows\System\BiiKQcl.exe

C:\Windows\System\ycxeEsI.exe

C:\Windows\System\ycxeEsI.exe

C:\Windows\System\XqZacEt.exe

C:\Windows\System\XqZacEt.exe

C:\Windows\System\WyjVMwV.exe

C:\Windows\System\WyjVMwV.exe

C:\Windows\System\yHwwPMh.exe

C:\Windows\System\yHwwPMh.exe

C:\Windows\System\SojrKeC.exe

C:\Windows\System\SojrKeC.exe

C:\Windows\System\wtLJrMO.exe

C:\Windows\System\wtLJrMO.exe

C:\Windows\System\RAeXvCo.exe

C:\Windows\System\RAeXvCo.exe

C:\Windows\System\phXgkxf.exe

C:\Windows\System\phXgkxf.exe

C:\Windows\System\jlvYYnM.exe

C:\Windows\System\jlvYYnM.exe

C:\Windows\System\EJdDvKI.exe

C:\Windows\System\EJdDvKI.exe

C:\Windows\System\RxVEwGA.exe

C:\Windows\System\RxVEwGA.exe

C:\Windows\System\uYexBCV.exe

C:\Windows\System\uYexBCV.exe

C:\Windows\System\DAcSBUF.exe

C:\Windows\System\DAcSBUF.exe

C:\Windows\System\KUIzNkf.exe

C:\Windows\System\KUIzNkf.exe

C:\Windows\System\QfyYcBx.exe

C:\Windows\System\QfyYcBx.exe

C:\Windows\System\rThQdOO.exe

C:\Windows\System\rThQdOO.exe

C:\Windows\System\OAVGGUV.exe

C:\Windows\System\OAVGGUV.exe

C:\Windows\System\qKQBSMX.exe

C:\Windows\System\qKQBSMX.exe

C:\Windows\System\SOzCpfd.exe

C:\Windows\System\SOzCpfd.exe

C:\Windows\System\hHmqwcW.exe

C:\Windows\System\hHmqwcW.exe

C:\Windows\System\pyxbifJ.exe

C:\Windows\System\pyxbifJ.exe

C:\Windows\System\ZnURTvn.exe

C:\Windows\System\ZnURTvn.exe

C:\Windows\System\YvzOiPm.exe

C:\Windows\System\YvzOiPm.exe

C:\Windows\System\vAFkpMX.exe

C:\Windows\System\vAFkpMX.exe

C:\Windows\System\EcVUbYl.exe

C:\Windows\System\EcVUbYl.exe

C:\Windows\System\TLttWYS.exe

C:\Windows\System\TLttWYS.exe

C:\Windows\System\ucHeGpl.exe

C:\Windows\System\ucHeGpl.exe

C:\Windows\System\IlBvwGv.exe

C:\Windows\System\IlBvwGv.exe

C:\Windows\System\ZsnbLLU.exe

C:\Windows\System\ZsnbLLU.exe

C:\Windows\System\vCQgvyM.exe

C:\Windows\System\vCQgvyM.exe

C:\Windows\System\CZvmPGL.exe

C:\Windows\System\CZvmPGL.exe

C:\Windows\System\gwfyEZJ.exe

C:\Windows\System\gwfyEZJ.exe

C:\Windows\System\qHLPbNh.exe

C:\Windows\System\qHLPbNh.exe

C:\Windows\System\isaUJTF.exe

C:\Windows\System\isaUJTF.exe

C:\Windows\System\AEnHWXU.exe

C:\Windows\System\AEnHWXU.exe

C:\Windows\System\OcYgayH.exe

C:\Windows\System\OcYgayH.exe

C:\Windows\System\mnMaRWM.exe

C:\Windows\System\mnMaRWM.exe

C:\Windows\System\ggmcrUb.exe

C:\Windows\System\ggmcrUb.exe

C:\Windows\System\vNZbEDl.exe

C:\Windows\System\vNZbEDl.exe

C:\Windows\System\IffuLrg.exe

C:\Windows\System\IffuLrg.exe

C:\Windows\System\ZcFrjLf.exe

C:\Windows\System\ZcFrjLf.exe

C:\Windows\System\qVXYBZr.exe

C:\Windows\System\qVXYBZr.exe

C:\Windows\System\scVxKwA.exe

C:\Windows\System\scVxKwA.exe

C:\Windows\System\AVYChLv.exe

C:\Windows\System\AVYChLv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp

Files

memory/1812-0-0x00007FF7D7AF0000-0x00007FF7D7EE2000-memory.dmp

memory/1812-1-0x00000157117C0000-0x00000157117D0000-memory.dmp

C:\Windows\System\OfNtQDC.exe

MD5 36881c6d5e7e5e331f22b8b8f282238b
SHA1 3d9792f1a77569fbc6270ab0da4bb05c46164358
SHA256 de291ef52a57436f064baac65b5dbdaa08a5499eaf18937d6b891eab4d4eea1d
SHA512 a6f2733d16fdd5c1b9958d7a72c0b2bd541c23d77b8d3dedabd37d7626629e1290870248bf4ed3f1abf2dbf4dbeab184f7e881d0b8c609b81b3b9f004d0cd3f9

C:\Windows\System\LesvqYp.exe

MD5 e0a918b65abac5a1d9be91c80a0500f8
SHA1 27bf57f29ea70cb168e84da0774e53556ea8d3d8
SHA256 abf95fe937fe0d7bcfef74979bcbe35a0ff4c053bdbe6efa22233d34da17b986
SHA512 98ec19aa5a4881c41d222e5087dd402f1aedd7cb97caded37f1206f1a8cff8c95e13319802ebf64d2d7ef0b17289a80e742566bbde013a0ddceb7c4921e817f7

C:\Windows\System\SzZwpxT.exe

MD5 cdc848c09721be68d963e2c67b614d91
SHA1 bb78aabafca2c670f0090a531f5eca9149a9bc54
SHA256 2d7b78ad04378a094be48937b251e9fb2c14b23f2c48cecbeb2bdac4c067f6be
SHA512 bc883a99c250b889cc878aead3d6a158ed22e5c9be2978dc92581a8e167325c075f23f42e1d6c565bfdf52d732f01eb8eacabd7efdb069fc11b72b3adedab914

C:\Windows\System\GgEWajW.exe

MD5 753c84a53324c2c161db09a8f03c4a9d
SHA1 f6b5e593ba59bd328e6ada20ad6d2b930fb89407
SHA256 f5ca3b6e291acaef4ab136040f496298a4ac77ef3f4f5ebcda41e496a69cbf80
SHA512 c6c1e16b8b2af905621c2fdb5cfe82cb571e8d4a2327e7477ebc2a302d79a32c05f8f1bb515c47cf9d6969a93e1edb01089b279771de73843d29778dbd42d357

C:\Windows\System\qdLAeLq.exe

MD5 43d316e011776e867add0d73fee77583
SHA1 81063f91ceb04f4d8a14048cc432d37863ed2cac
SHA256 5c402bcddbf66dffd0d35b4f0259f358b8a18eedf71d3673c0dae3f4c2fcbef6
SHA512 5f9c37e05f7799b214e26cf5aac3b9e6586be833f00038833c82a75d13cded7b2716adb8c88f7724c391e63cf34ad01f6be95722ee8d052fd6b6b9d337ef95dc

memory/4216-47-0x000001A9DCF20000-0x000001A9DCF30000-memory.dmp

C:\Windows\System\IuAjMaS.exe

MD5 e78543820e17836deec75f8f7c449f13
SHA1 1dac6353c3b47662df212f0ff8d12afd4cb1ba5f
SHA256 ea41e5ba2e8f2d30471e11f63324c239645357aa7e81a9de1254ae72b00462fd
SHA512 05207d33a1981da7e5ca081e0817a04e8d0594352a3ce1f78bd6172b43b9d4ba7bc3ffb89525a502300569dfe3d753c63a5967ce90c9c8a1e99a809c9da73460

C:\Windows\System\rVZharl.exe

MD5 e288943f54fb13fcb48a282c11aa1647
SHA1 23bac8d1dc8cbff0ec09708b6d66150f7026aaf4
SHA256 6e57a0d1a29680d60c39b4ee1ba341eff2b6bd0adf6b4db962d8e28536f22886
SHA512 cb185d4c4cdd53df73eca6418d84a1bc217f6d526535a01da293674cd10c5c3538291da74c15e8b5905df3409cb933b7347290e80baf56cbc5158ea403bb4b72

memory/4400-75-0x00007FF696460000-0x00007FF696852000-memory.dmp

memory/5004-112-0x00007FF67C530000-0x00007FF67C922000-memory.dmp

memory/4576-123-0x00007FF6DDB10000-0x00007FF6DDF02000-memory.dmp

C:\Windows\System\hBoHMMb.exe

MD5 5a1add801bce033e97fa74ea160cbb7a
SHA1 a6975a6d39caedd15609b286effbf6d994dbb00d
SHA256 29e9769a327f6d578af02303c9f85f3df689989e7c4e5124c41a57bb72d9f3c0
SHA512 6c5fe7bc1ca05e65744eec816ce2d217bf5809735058032c6373c1cc25e5fdca19f8f62a2bf149c949191a1b9cac6b9c9a8672b27db53ae40b5b6f96812bc174

C:\Windows\System\EWqoNfD.exe

MD5 bc690f6ed693a9e35c33ce3b7a3a827a
SHA1 c8fe37a708fcf17dee6d228c82dddb4ffdc8854d
SHA256 e2367f6b96e929abd7c466546d58cdc73d10e1448cb2b6c7ced93e8f8278574d
SHA512 dd8dccaf478e55218e65b88706a7cb6b71d80a3f85ee5e4d3c021a4ae75cb43cec461a3c95418d1b51380b0068e4c8f388af33a9403cfa2678ffbb9855f6249c

memory/232-167-0x00007FF6212A0000-0x00007FF621692000-memory.dmp

C:\Windows\System\BZqkbLh.exe

MD5 8bb0f5e9df6e434118e3db692e7eca54
SHA1 14efc3e04b12cba51be7827edb44e4611b5af24c
SHA256 db85647707e5e1eef7cac0f709c5c564b43a1c0295a17d2644481ea3e2349bdf
SHA512 d4c2c10c1d965f1743aa5c2bf2dca8b90d8c427c4cda8c0b38f52426376d66e0ada891dec65c314659facedec81120cf0a2a945896e63e771f995281b80068fc

memory/3116-208-0x00007FF678FB0000-0x00007FF6793A2000-memory.dmp

memory/4216-555-0x000001A9DFD80000-0x000001A9E0526000-memory.dmp

C:\Windows\System\rSftplB.exe

MD5 c1744abfa853623e4e9e2883850c6c5a
SHA1 034d11224c729dbefe01ddd60791fdbe871e463d
SHA256 55f367e35a2ceef0bfba4eef5eb83199a1a7642d10b7162a42812cdac11a36cf
SHA512 43046d0e5d4c24ecee980531c2124b12e06f69a85a76e8e14577cca1ce2ebc23a48f3df879ef47f30afdcf3ff56e244a9bf502cd71835a8845fca806adbbf624

memory/2196-196-0x00007FF7AB7E0000-0x00007FF7ABBD2000-memory.dmp

C:\Windows\System\CFCNYql.exe

MD5 d433a83f220f106c5c9444f12e4d8daa
SHA1 c5b8ae0d40eed20aa76cb23ef15e1af88133de91
SHA256 7460684f5dd2c4bb9ba1f7052a465c0c6420ea9bc2006a1cbfbc72a26afda722
SHA512 77a29e25e80c2ed79356c0ef3f5d6cbfdfadc4fddca861046af3bc47f1fa505c894f491408d99662386c2b010da74b2db6c4adbfe2ac65554b2df9b61468e751

C:\Windows\System\RYYEFns.exe

MD5 1a717589512b5d1193c9c7bf3a91ec36
SHA1 a494b703f50da04e6801aa437584d9bdbfed500e
SHA256 38712c2719e2187bcab71eb69bdeb3bac9e950e8ee53e0738c9d209a2eff6a2f
SHA512 b85b0a78decb261e98192f5e4a2e593c56edb67e6237cb7aa022ee5223a987004e60b549c9f1e8a2837eb29e46c6e6bb31ac66599ded346d3de5c2602ef9e956

memory/2448-190-0x00007FF6E5410000-0x00007FF6E5802000-memory.dmp

C:\Windows\System\EbGAORs.exe

MD5 ecb3ffd9cc68b93d35745eed096b5611
SHA1 4d69948e88679c558eb81fa9c966220cfe0ac54e
SHA256 1e09d2d5e8202613f16c485c903adf0145b7c530e6987047f578f0b62b2eb861
SHA512 da033756243ac6170387d9f4b5bc17042843bc1784fcb7d3c0f5208ea2386fae5cabdf268624831af5c5a1df5c820f3af2024c7f48eaa13f60540b939c86d6c0

memory/1064-184-0x00007FF690620000-0x00007FF690A12000-memory.dmp

C:\Windows\System\AqTttUc.exe

MD5 02b8188c29e2b21bb4b55a85d63e841b
SHA1 6c4567b118d7959c5987aeb9194ea7dbfdc18400
SHA256 745bbdaba0066bfa50ba20411858b9f8d0cb3a253c71e96f852422067c80ce9e
SHA512 e41824a2b87353b53c28970a531f5bdd6b53c2a3b4b12ac71eab1732a701716b900878782ccc76801c57e4e8fee177306cb926f328e5766ff6f141d79a453c8b

C:\Windows\System\bUnFhWV.exe

MD5 b690def0b25fdff297ff32726cd1e149
SHA1 3620bae0840b8c99be5ff8e77747289dcdf749a7
SHA256 a3d046d2bd2200ea564219fafb3c9474496c14926124e317f24863487743aa74
SHA512 19d6bc6a863fb8411ce6f2e4cd5e7d1a046f278b747073534cbd6a5489dcdef578bf701d6250c315ed779363aed77799d830db7f83fe012ebd3e762babec96ea

memory/1792-173-0x00007FF616B20000-0x00007FF616F12000-memory.dmp

C:\Windows\System\qsnEWsT.exe

MD5 57362a96e347885f92b0b560a9f524f5
SHA1 bb8c8fa2997b7c52065e165a5fdbb71da83972b5
SHA256 8a22040616a00f2f121eedc7a10080970001c0a9e26609efacf815c1bce8c9ac
SHA512 3bcae9bb468fbe7d8d08d6de5ef9c054ff27e35a5dcc8912e9b60fd229c0d8522a5d87b667ed6f9a41b2465a94cf676c735e021cbe98f50c42b22f502833894f

C:\Windows\System\sVOkVrb.exe

MD5 c370f12bee75bb05ce3ef4a7dd2cffcb
SHA1 29dfd1becb2825bb1f2a41bc892e2a2a8286638a
SHA256 7e6af2efaee934b7bf8e0606af144e7090412d64655e4d601ad5354831ed93e9
SHA512 dd57e203b72512147fe5b94f084f7f2c42edf593a22c1a94cbc5f58aa7a006a81f47a93e2a737cdbf8c5140840b457e04dcb63115e4aab1f03c017e126e4d747

memory/2120-156-0x00007FF6080A0000-0x00007FF608492000-memory.dmp

C:\Windows\System\pTHeuyK.exe

MD5 1f2764e9db92352b8ec29ac8f3166c28
SHA1 0c02326a42a7edcda641bc24e6240e27067d3f73
SHA256 a4571a0ce7cae00d7ffa365cb4bbeed32905c14cac68ce884785d61728723dcf
SHA512 3d897a650a71825a5772fc440694b8cfd6e962f294cfe1bd6b64bf65197e6a7f603a7d00507dca4bd81043ddb643ef5cdac537f9f6b497d87a0b870a6ad1ddb6

C:\Windows\System\UIPgSWw.exe

MD5 738ec39f621a5534f5999741e622ae89
SHA1 799238b4d5742cdea45d110f6b56a35d0b05b153
SHA256 f0fec95deba97117671ad363034f43043bd6bc00971e3a4762df175015cd2e45
SHA512 01dcb1b5b38aa3581a5f45d0718115cdaccb73201c1aaff5f84326584889a8c84a34bb4589beb64d5dd505dccbb23ec55ec14e6bed96c81369dc8e1ea4524cce

C:\Windows\System\MLxpzLw.exe

MD5 f7e84bd02d961175cb2f0ac1e430a447
SHA1 61067480811e4c5a11aef25b204b0e0529805251
SHA256 b56ecfcfc444e7ba40d669b22d7572c8a95086c0f89143c3452f337a76927bf3
SHA512 460a2d90c354be331eb7c56b5cd011355a9710a40911c6c4a5a399516a204eb5df5f8b852227d8d7d0c1ec3b55d7278b9541aac2411e04104b409329af065361

memory/3144-140-0x00007FF6AD570000-0x00007FF6AD962000-memory.dmp

C:\Windows\System\YTzSitQ.exe

MD5 03f4ece9052d49a8f0888c1ffd517235
SHA1 8efdb0bc5c8d401d58c983236a99632f3284811e
SHA256 ae95e52b95fa873b2a493046b106f0c72d491b013012c9b8eb8eb1f8c3660527
SHA512 baa0fc4b5482b9bb8d4e19fbb7eb3c92b480030f6a1e507df4439eac8902e44aec5732e37a585fabc273707633f1b96d56b6cfc541a57bdcba5184de8324e60c

memory/2500-129-0x00007FF7D6170000-0x00007FF7D6562000-memory.dmp

C:\Windows\System\QQZfYLN.exe

MD5 977f1841fdabd35d092377af3c98410b
SHA1 c98f8bed62a904247ac0f3d3e8bd2e3cdef07afb
SHA256 252cc76d8b5842ea57e34254bb50ccf9da397c822b544f86e17b4a9a93f9679e
SHA512 f101e911a776ae3bffbc83ea106bb523970fa83110d24884dcef59a0593a877b0e980834f2c164515324566da03ddc468b6578b533243c50f49eb368723f593e

C:\Windows\System\sNITUvN.exe

MD5 6905f5cde44dd5fd2133f2f4127d9350
SHA1 cd74b908f638ab2ffb498a54935584900cd664d3
SHA256 41790abd9c3ac57d4df0d74637ac67bfa8a55c5cd847376a2356ab89effd21f2
SHA512 c3e96eddedc3157877ffb2f99202a9b95467c1eebc48eaa5c77672063b2b11290ba6091e0e600151019353014e3f4baf77ddd860f4bd748951585263a7c8c3d8

C:\Windows\System\EUUkmaX.exe

MD5 84de66aa6b5c7e2b9b9217d3c2ce5576
SHA1 ff1d84e233695a87203afb43bc3bc7c26efcbdb4
SHA256 2602ccf750d666aa58943cbcc90a5c2e6661a3b84ac5381145367c802706e08c
SHA512 960eee07515db15167bf762d458a7ef24a07628c7e5c297c4fe8badf4b02bb351d448b29b2a8f8b9a49273ce1694277f46a1cd2d06f8b4e2ed11371514d902aa

C:\Windows\System\hsjGtJz.exe

MD5 7d5cc8c5ef45b121dc36ba00a2c94359
SHA1 0c7efa7c22d5753aa103768b82443395ac4819d7
SHA256 d283bcbbc8c8e7aa520b3169d7157d095fed8453df7c14981b6bf6bb950fdbc3
SHA512 d3a9c51a1c2a6497739caae071de417e12d0c0d20b8cb3d17addd0a2625f0c130ba40260474377cb49e4ad1ab5aa72a56780ab920cb92ee45ffefdc11c74f9a4

C:\Windows\System\tPtZnGn.exe

MD5 1a611de62e87877c88eb8f37d048d63c
SHA1 09b2257086f14eb15d766a067ed352f7aa53ed11
SHA256 3ff6a04f46ccf3af18e53c06f9d79b009650fa6a71f28b0121b6325309a416f7
SHA512 3fec62999763f06ef961975625356893e778c9c008b9d9de53ad3c5ca480f6e6775e6115adf08a5b2c9c15c5d0c692a755c0d3ddb5db51b43246ce43509090ec

memory/224-101-0x00007FF67B790000-0x00007FF67BB82000-memory.dmp

memory/2168-97-0x00007FF665880000-0x00007FF665C72000-memory.dmp

memory/1008-89-0x00007FF64D360000-0x00007FF64D752000-memory.dmp

memory/4216-86-0x00007FFEF9573000-0x00007FFEF9575000-memory.dmp

memory/3932-85-0x00007FF6E2DE0000-0x00007FF6E31D2000-memory.dmp

memory/4216-84-0x000001A9DCE60000-0x000001A9DCE82000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vdyt4ft5.au3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\oyllmfh.exe

MD5 0fea1aa7f4632197219cb90d6636219a
SHA1 c81d1a8e55500fdfc6f1c5dbed103c9e05e13d20
SHA256 136887ebfbc83508c11b7a35623ae9c98400c18a7e8d60459d206040a4338a38
SHA512 ebb88c78db8ca8ba949dd5681f4be3e4eded8e769347de2586fc23d3586eaf37652175810949b49a57756118d1fb9527019dd437f57a5fe1bd5da16a88f91be9

memory/2156-76-0x00007FF645B30000-0x00007FF645F22000-memory.dmp

C:\Windows\System\fkcbjTQ.exe

MD5 9ce48eb8e5f8be8a95f97dfe09420326
SHA1 755ac959cd6149c1f1023c4bb97581980fee041f
SHA256 85fee176df71b3003e2450c96bbc98ba8d01fe6b3873b27ad7979f22247c846c
SHA512 988da0389e387d7ad1c1d1e8375864a24571f6f87d528b3613e293e891cf2d1e1e5f71f4e0079f0d28dbcd95fa1dea8767ad69f94989611ee0c0976acde81f09

memory/952-71-0x00007FF614990000-0x00007FF614D82000-memory.dmp

C:\Windows\System\nALLrsN.exe

MD5 d757f4bc1258fc18b4528558d52fecf6
SHA1 6d66754789b44c57777af4af47d91caff39029a8
SHA256 d31dabc7ed963bb8f65a64262a923c690b3429e4c53838c29ad23ef0ca372690
SHA512 bb665dae2d88fb7e0ee39bb1556f2b1f65435d25742bb76bc15164c360a8c6e7159f3dcbf6b41cada4b4cf9758196304b2e3f3fa9a17555dd5a9612557695869

memory/976-60-0x00007FF7459A0000-0x00007FF745D92000-memory.dmp

C:\Windows\System\bbRBRkc.exe

MD5 511fd9bbb1c5631d0544b615874c03d1
SHA1 85a6fdef657a2c65bdfb041c253df947c9f5a8bb
SHA256 f70c57b1be8f64b9f44239452bc1aad0bbdf6f21715fd7a4fc545836cabf34a0
SHA512 4e7129930b3f9cf3fa60133f0a1104bcf6b3ff514730964df7d36aaedf59ed078ffa912d26b8897bf0f0a7433defb7cf54852ec76a456b5c74a0fd8962dcd304

C:\Windows\System\RcGQAtB.exe

MD5 973d75d9995c2ad5fad4e8289b5ff892
SHA1 3738581a9fbc4b5fb540c88d559bb721202e0176
SHA256 624816c51dec83fdbb718f88f07baef0cffaef3f65cb915babbb783cd8c88698
SHA512 83a6931ba0e6706eab46fef00bdfd8915986268f13714b5d865ed1450dfc17c54cf16dbab937223e99cc587980adba92600be8ad9f7758813145f5aaa9f31efa

memory/692-46-0x00007FF6EA510000-0x00007FF6EA902000-memory.dmp

memory/4216-41-0x000001A9DCF20000-0x000001A9DCF30000-memory.dmp

memory/1016-40-0x00007FF7154F0000-0x00007FF7158E2000-memory.dmp

memory/1964-30-0x00007FF7A1700000-0x00007FF7A1AF2000-memory.dmp

C:\Windows\System\iPKZFQf.exe

MD5 7defece711a865d03b90b7de9045ad69
SHA1 77e19e8143128a37071f041fc16ccf43c8b7ad8b
SHA256 d32e09d6b65a897b6c466db0506d5d29b2282d6bf2da3f22983774f7999fc444
SHA512 bbf517bafec44fc38bd42052ba0427e93b9d7ba4910602c4850c2c5728202afa4aa7d8769224f299f9dd2dae5480826eb8dec4918c8d24df099d673aa7458c36

memory/4724-25-0x00007FF795890000-0x00007FF795C82000-memory.dmp

memory/688-14-0x00007FF617410000-0x00007FF617802000-memory.dmp

memory/1016-2289-0x00007FF7154F0000-0x00007FF7158E2000-memory.dmp

memory/1964-2283-0x00007FF7A1700000-0x00007FF7A1AF2000-memory.dmp

memory/976-2316-0x00007FF7459A0000-0x00007FF745D92000-memory.dmp

memory/2168-2323-0x00007FF665880000-0x00007FF665C72000-memory.dmp

memory/1008-2336-0x00007FF64D360000-0x00007FF64D752000-memory.dmp

memory/224-2344-0x00007FF67B790000-0x00007FF67BB82000-memory.dmp

memory/2156-2335-0x00007FF645B30000-0x00007FF645F22000-memory.dmp

memory/3932-2333-0x00007FF6E2DE0000-0x00007FF6E31D2000-memory.dmp

memory/4400-2327-0x00007FF696460000-0x00007FF696852000-memory.dmp

memory/952-2303-0x00007FF614990000-0x00007FF614D82000-memory.dmp

memory/2448-2410-0x00007FF6E5410000-0x00007FF6E5802000-memory.dmp

memory/3144-2425-0x00007FF6AD570000-0x00007FF6AD962000-memory.dmp

memory/2196-2421-0x00007FF7AB7E0000-0x00007FF7ABBD2000-memory.dmp

memory/232-2400-0x00007FF6212A0000-0x00007FF621692000-memory.dmp

memory/3116-2416-0x00007FF678FB0000-0x00007FF6793A2000-memory.dmp

memory/2120-2394-0x00007FF6080A0000-0x00007FF608492000-memory.dmp

memory/1064-2405-0x00007FF690620000-0x00007FF690A12000-memory.dmp

memory/2500-2390-0x00007FF7D6170000-0x00007FF7D6562000-memory.dmp

memory/1812-5884-0x00007FF7D7AF0000-0x00007FF7D7EE2000-memory.dmp