Malware Analysis Report

2025-01-06 15:44

Sample ID 240525-tlmvasae43
Target 26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe
SHA256 c87cf131fd199eeaa85bcdba21817bf293f558f1a45a4663695ba0d9b8de8ba5
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c87cf131fd199eeaa85bcdba21817bf293f558f1a45a4663695ba0d9b8de8ba5

Threat Level: Known bad

The file 26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 16:08

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 16:08

Reported

2024-05-25 16:11

Platform

win7-20240221-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\VWCyBWX.exe N/A
N/A N/A C:\Windows\System\MbhSzJt.exe N/A
N/A N/A C:\Windows\System\MSvgRaj.exe N/A
N/A N/A C:\Windows\System\MoOOPMB.exe N/A
N/A N/A C:\Windows\System\VXOGugT.exe N/A
N/A N/A C:\Windows\System\oKAYiUD.exe N/A
N/A N/A C:\Windows\System\AVsWyla.exe N/A
N/A N/A C:\Windows\System\wHvkZUz.exe N/A
N/A N/A C:\Windows\System\DcyhSFY.exe N/A
N/A N/A C:\Windows\System\yerVflL.exe N/A
N/A N/A C:\Windows\System\juqthrO.exe N/A
N/A N/A C:\Windows\System\Dymafie.exe N/A
N/A N/A C:\Windows\System\yUzBFPq.exe N/A
N/A N/A C:\Windows\System\TMQBCWx.exe N/A
N/A N/A C:\Windows\System\cygpJGH.exe N/A
N/A N/A C:\Windows\System\QgbjyNF.exe N/A
N/A N/A C:\Windows\System\XEmuIId.exe N/A
N/A N/A C:\Windows\System\kKoCBry.exe N/A
N/A N/A C:\Windows\System\RdbCbAE.exe N/A
N/A N/A C:\Windows\System\uyOnpWW.exe N/A
N/A N/A C:\Windows\System\mtRxMMT.exe N/A
N/A N/A C:\Windows\System\eNSiPMJ.exe N/A
N/A N/A C:\Windows\System\tWHvQFU.exe N/A
N/A N/A C:\Windows\System\gArHkMh.exe N/A
N/A N/A C:\Windows\System\dFnDCUZ.exe N/A
N/A N/A C:\Windows\System\bTqPlZj.exe N/A
N/A N/A C:\Windows\System\QaHgREc.exe N/A
N/A N/A C:\Windows\System\AvxXnNS.exe N/A
N/A N/A C:\Windows\System\KvyqOkm.exe N/A
N/A N/A C:\Windows\System\ZxHZvvp.exe N/A
N/A N/A C:\Windows\System\fadopSA.exe N/A
N/A N/A C:\Windows\System\AShXrUQ.exe N/A
N/A N/A C:\Windows\System\cArcUNv.exe N/A
N/A N/A C:\Windows\System\MfquPdy.exe N/A
N/A N/A C:\Windows\System\EAxxGaa.exe N/A
N/A N/A C:\Windows\System\snnLRDM.exe N/A
N/A N/A C:\Windows\System\IXozgws.exe N/A
N/A N/A C:\Windows\System\SEBwJqs.exe N/A
N/A N/A C:\Windows\System\JFKprDv.exe N/A
N/A N/A C:\Windows\System\jaWqXVv.exe N/A
N/A N/A C:\Windows\System\JShGTAP.exe N/A
N/A N/A C:\Windows\System\hCypgKW.exe N/A
N/A N/A C:\Windows\System\mMphnxR.exe N/A
N/A N/A C:\Windows\System\HUFQKRP.exe N/A
N/A N/A C:\Windows\System\twpoOGH.exe N/A
N/A N/A C:\Windows\System\JnSGbIm.exe N/A
N/A N/A C:\Windows\System\glNfvPu.exe N/A
N/A N/A C:\Windows\System\fKZPFyC.exe N/A
N/A N/A C:\Windows\System\SNwvRca.exe N/A
N/A N/A C:\Windows\System\xVIIZkq.exe N/A
N/A N/A C:\Windows\System\smrLjAc.exe N/A
N/A N/A C:\Windows\System\GAGbCnR.exe N/A
N/A N/A C:\Windows\System\kkDMVBF.exe N/A
N/A N/A C:\Windows\System\eRmiFJO.exe N/A
N/A N/A C:\Windows\System\UAGzqaw.exe N/A
N/A N/A C:\Windows\System\aKWySKM.exe N/A
N/A N/A C:\Windows\System\mgpjEPJ.exe N/A
N/A N/A C:\Windows\System\enrLvqV.exe N/A
N/A N/A C:\Windows\System\ShTnPOj.exe N/A
N/A N/A C:\Windows\System\nINQrpb.exe N/A
N/A N/A C:\Windows\System\DkFdEKN.exe N/A
N/A N/A C:\Windows\System\YvEroyC.exe N/A
N/A N/A C:\Windows\System\EvuyqlZ.exe N/A
N/A N/A C:\Windows\System\fErJZAx.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\TNkljRY.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDGVMwq.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\orRllAb.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxSwWbx.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNLMaBv.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\XFsrTZq.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\RnUBdXR.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQWwgvd.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\JQpqKCV.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\XSrYPKb.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\nINQrpb.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\WbfnZCW.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\tNNXpln.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\otvVdiO.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\eOcarKR.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\XkUevYV.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOWrEUM.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktFGBgZ.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUbNKaH.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgawNpM.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\UMUwGPc.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\VEgToOe.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\ONljjAc.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\mITGkyT.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\rKNPJEv.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsQKYwq.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZVFHbw.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\QgEFbTo.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\GvQmhQQ.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxtrZbH.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\uuESxrx.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\PrZBezP.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRRTFCk.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGEltsq.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\ehakAKY.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmXeZmw.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRBtJMN.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBDiZCL.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\dcSKbZA.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\dPUDXdf.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\seQeiVg.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHDyKmS.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdgdGdF.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\VKggyaN.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\rjOgKxj.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\rxpfnBZ.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\TpwgOGT.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRgqwuN.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrqofgE.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\okJUkGo.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\BPZwyEk.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\CQVMawy.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\wjFylgC.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\giBotDE.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\khaqxGL.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\KeFMFMW.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMBQNWo.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\JAhCHlw.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\YYlkpGe.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsqcVSV.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\zEKmJmT.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\mdodaRy.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\yaEtamO.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\CCUOhLC.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2988 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2988 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2988 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2988 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\VWCyBWX.exe
PID 2988 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\VWCyBWX.exe
PID 2988 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\VWCyBWX.exe
PID 2988 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MbhSzJt.exe
PID 2988 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MbhSzJt.exe
PID 2988 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MbhSzJt.exe
PID 2988 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MSvgRaj.exe
PID 2988 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MSvgRaj.exe
PID 2988 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MSvgRaj.exe
PID 2988 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MoOOPMB.exe
PID 2988 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MoOOPMB.exe
PID 2988 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\MoOOPMB.exe
PID 2988 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\VXOGugT.exe
PID 2988 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\VXOGugT.exe
PID 2988 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\VXOGugT.exe
PID 2988 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\AVsWyla.exe
PID 2988 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\AVsWyla.exe
PID 2988 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\AVsWyla.exe
PID 2988 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\oKAYiUD.exe
PID 2988 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\oKAYiUD.exe
PID 2988 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\oKAYiUD.exe
PID 2988 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\wHvkZUz.exe
PID 2988 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\wHvkZUz.exe
PID 2988 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\wHvkZUz.exe
PID 2988 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\DcyhSFY.exe
PID 2988 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\DcyhSFY.exe
PID 2988 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\DcyhSFY.exe
PID 2988 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\yerVflL.exe
PID 2988 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\yerVflL.exe
PID 2988 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\yerVflL.exe
PID 2988 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\juqthrO.exe
PID 2988 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\juqthrO.exe
PID 2988 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\juqthrO.exe
PID 2988 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\cygpJGH.exe
PID 2988 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\cygpJGH.exe
PID 2988 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\cygpJGH.exe
PID 2988 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\Dymafie.exe
PID 2988 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\Dymafie.exe
PID 2988 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\Dymafie.exe
PID 2988 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\XEmuIId.exe
PID 2988 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\XEmuIId.exe
PID 2988 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\XEmuIId.exe
PID 2988 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\yUzBFPq.exe
PID 2988 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\yUzBFPq.exe
PID 2988 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\yUzBFPq.exe
PID 2988 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\kKoCBry.exe
PID 2988 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\kKoCBry.exe
PID 2988 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\kKoCBry.exe
PID 2988 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\TMQBCWx.exe
PID 2988 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\TMQBCWx.exe
PID 2988 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\TMQBCWx.exe
PID 2988 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\uyOnpWW.exe
PID 2988 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\uyOnpWW.exe
PID 2988 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\uyOnpWW.exe
PID 2988 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\QgbjyNF.exe
PID 2988 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\QgbjyNF.exe
PID 2988 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\QgbjyNF.exe
PID 2988 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\mtRxMMT.exe
PID 2988 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\mtRxMMT.exe
PID 2988 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\mtRxMMT.exe
PID 2988 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\RdbCbAE.exe

Processes

C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\VWCyBWX.exe

C:\Windows\System\VWCyBWX.exe

C:\Windows\System\MbhSzJt.exe

C:\Windows\System\MbhSzJt.exe

C:\Windows\System\MSvgRaj.exe

C:\Windows\System\MSvgRaj.exe

C:\Windows\System\MoOOPMB.exe

C:\Windows\System\MoOOPMB.exe

C:\Windows\System\VXOGugT.exe

C:\Windows\System\VXOGugT.exe

C:\Windows\System\AVsWyla.exe

C:\Windows\System\AVsWyla.exe

C:\Windows\System\oKAYiUD.exe

C:\Windows\System\oKAYiUD.exe

C:\Windows\System\wHvkZUz.exe

C:\Windows\System\wHvkZUz.exe

C:\Windows\System\DcyhSFY.exe

C:\Windows\System\DcyhSFY.exe

C:\Windows\System\yerVflL.exe

C:\Windows\System\yerVflL.exe

C:\Windows\System\juqthrO.exe

C:\Windows\System\juqthrO.exe

C:\Windows\System\cygpJGH.exe

C:\Windows\System\cygpJGH.exe

C:\Windows\System\Dymafie.exe

C:\Windows\System\Dymafie.exe

C:\Windows\System\XEmuIId.exe

C:\Windows\System\XEmuIId.exe

C:\Windows\System\yUzBFPq.exe

C:\Windows\System\yUzBFPq.exe

C:\Windows\System\kKoCBry.exe

C:\Windows\System\kKoCBry.exe

C:\Windows\System\TMQBCWx.exe

C:\Windows\System\TMQBCWx.exe

C:\Windows\System\uyOnpWW.exe

C:\Windows\System\uyOnpWW.exe

C:\Windows\System\QgbjyNF.exe

C:\Windows\System\QgbjyNF.exe

C:\Windows\System\mtRxMMT.exe

C:\Windows\System\mtRxMMT.exe

C:\Windows\System\RdbCbAE.exe

C:\Windows\System\RdbCbAE.exe

C:\Windows\System\tWHvQFU.exe

C:\Windows\System\tWHvQFU.exe

C:\Windows\System\eNSiPMJ.exe

C:\Windows\System\eNSiPMJ.exe

C:\Windows\System\gArHkMh.exe

C:\Windows\System\gArHkMh.exe

C:\Windows\System\dFnDCUZ.exe

C:\Windows\System\dFnDCUZ.exe

C:\Windows\System\bTqPlZj.exe

C:\Windows\System\bTqPlZj.exe

C:\Windows\System\QaHgREc.exe

C:\Windows\System\QaHgREc.exe

C:\Windows\System\AvxXnNS.exe

C:\Windows\System\AvxXnNS.exe

C:\Windows\System\KvyqOkm.exe

C:\Windows\System\KvyqOkm.exe

C:\Windows\System\ZxHZvvp.exe

C:\Windows\System\ZxHZvvp.exe

C:\Windows\System\fadopSA.exe

C:\Windows\System\fadopSA.exe

C:\Windows\System\AShXrUQ.exe

C:\Windows\System\AShXrUQ.exe

C:\Windows\System\cArcUNv.exe

C:\Windows\System\cArcUNv.exe

C:\Windows\System\MfquPdy.exe

C:\Windows\System\MfquPdy.exe

C:\Windows\System\EAxxGaa.exe

C:\Windows\System\EAxxGaa.exe

C:\Windows\System\snnLRDM.exe

C:\Windows\System\snnLRDM.exe

C:\Windows\System\IXozgws.exe

C:\Windows\System\IXozgws.exe

C:\Windows\System\SEBwJqs.exe

C:\Windows\System\SEBwJqs.exe

C:\Windows\System\JFKprDv.exe

C:\Windows\System\JFKprDv.exe

C:\Windows\System\jaWqXVv.exe

C:\Windows\System\jaWqXVv.exe

C:\Windows\System\JShGTAP.exe

C:\Windows\System\JShGTAP.exe

C:\Windows\System\hCypgKW.exe

C:\Windows\System\hCypgKW.exe

C:\Windows\System\mMphnxR.exe

C:\Windows\System\mMphnxR.exe

C:\Windows\System\HUFQKRP.exe

C:\Windows\System\HUFQKRP.exe

C:\Windows\System\twpoOGH.exe

C:\Windows\System\twpoOGH.exe

C:\Windows\System\JnSGbIm.exe

C:\Windows\System\JnSGbIm.exe

C:\Windows\System\glNfvPu.exe

C:\Windows\System\glNfvPu.exe

C:\Windows\System\fKZPFyC.exe

C:\Windows\System\fKZPFyC.exe

C:\Windows\System\SNwvRca.exe

C:\Windows\System\SNwvRca.exe

C:\Windows\System\xVIIZkq.exe

C:\Windows\System\xVIIZkq.exe

C:\Windows\System\smrLjAc.exe

C:\Windows\System\smrLjAc.exe

C:\Windows\System\GAGbCnR.exe

C:\Windows\System\GAGbCnR.exe

C:\Windows\System\kkDMVBF.exe

C:\Windows\System\kkDMVBF.exe

C:\Windows\System\eRmiFJO.exe

C:\Windows\System\eRmiFJO.exe

C:\Windows\System\UAGzqaw.exe

C:\Windows\System\UAGzqaw.exe

C:\Windows\System\aKWySKM.exe

C:\Windows\System\aKWySKM.exe

C:\Windows\System\mgpjEPJ.exe

C:\Windows\System\mgpjEPJ.exe

C:\Windows\System\enrLvqV.exe

C:\Windows\System\enrLvqV.exe

C:\Windows\System\ShTnPOj.exe

C:\Windows\System\ShTnPOj.exe

C:\Windows\System\nINQrpb.exe

C:\Windows\System\nINQrpb.exe

C:\Windows\System\DkFdEKN.exe

C:\Windows\System\DkFdEKN.exe

C:\Windows\System\YvEroyC.exe

C:\Windows\System\YvEroyC.exe

C:\Windows\System\EvuyqlZ.exe

C:\Windows\System\EvuyqlZ.exe

C:\Windows\System\fErJZAx.exe

C:\Windows\System\fErJZAx.exe

C:\Windows\System\zZXDCDx.exe

C:\Windows\System\zZXDCDx.exe

C:\Windows\System\wmmeIWm.exe

C:\Windows\System\wmmeIWm.exe

C:\Windows\System\LtmaePd.exe

C:\Windows\System\LtmaePd.exe

C:\Windows\System\AcDBaHL.exe

C:\Windows\System\AcDBaHL.exe

C:\Windows\System\dhDzIXW.exe

C:\Windows\System\dhDzIXW.exe

C:\Windows\System\XzETrqb.exe

C:\Windows\System\XzETrqb.exe

C:\Windows\System\EjiGfbU.exe

C:\Windows\System\EjiGfbU.exe

C:\Windows\System\XlBtYjk.exe

C:\Windows\System\XlBtYjk.exe

C:\Windows\System\rjrKyKh.exe

C:\Windows\System\rjrKyKh.exe

C:\Windows\System\dcSKbZA.exe

C:\Windows\System\dcSKbZA.exe

C:\Windows\System\HfqnvCj.exe

C:\Windows\System\HfqnvCj.exe

C:\Windows\System\opHWkER.exe

C:\Windows\System\opHWkER.exe

C:\Windows\System\eRfLlmW.exe

C:\Windows\System\eRfLlmW.exe

C:\Windows\System\nZVFHbw.exe

C:\Windows\System\nZVFHbw.exe

C:\Windows\System\uEHgmnr.exe

C:\Windows\System\uEHgmnr.exe

C:\Windows\System\GlFdiiX.exe

C:\Windows\System\GlFdiiX.exe

C:\Windows\System\BLZxIOk.exe

C:\Windows\System\BLZxIOk.exe

C:\Windows\System\aLWMWtz.exe

C:\Windows\System\aLWMWtz.exe

C:\Windows\System\qvcACOB.exe

C:\Windows\System\qvcACOB.exe

C:\Windows\System\LAgkBZf.exe

C:\Windows\System\LAgkBZf.exe

C:\Windows\System\cBCfdHa.exe

C:\Windows\System\cBCfdHa.exe

C:\Windows\System\MlqPFtN.exe

C:\Windows\System\MlqPFtN.exe

C:\Windows\System\ikZPVXy.exe

C:\Windows\System\ikZPVXy.exe

C:\Windows\System\nydtUdy.exe

C:\Windows\System\nydtUdy.exe

C:\Windows\System\KZsPQAn.exe

C:\Windows\System\KZsPQAn.exe

C:\Windows\System\sVaaXDG.exe

C:\Windows\System\sVaaXDG.exe

C:\Windows\System\ZfbQhlq.exe

C:\Windows\System\ZfbQhlq.exe

C:\Windows\System\tYZDrvB.exe

C:\Windows\System\tYZDrvB.exe

C:\Windows\System\hdJLFpy.exe

C:\Windows\System\hdJLFpy.exe

C:\Windows\System\CgedPiE.exe

C:\Windows\System\CgedPiE.exe

C:\Windows\System\bagqPpN.exe

C:\Windows\System\bagqPpN.exe

C:\Windows\System\FjAKVXQ.exe

C:\Windows\System\FjAKVXQ.exe

C:\Windows\System\spchUuv.exe

C:\Windows\System\spchUuv.exe

C:\Windows\System\fCsicPt.exe

C:\Windows\System\fCsicPt.exe

C:\Windows\System\KmWHrgu.exe

C:\Windows\System\KmWHrgu.exe

C:\Windows\System\iJhcKyY.exe

C:\Windows\System\iJhcKyY.exe

C:\Windows\System\gLoGbNz.exe

C:\Windows\System\gLoGbNz.exe

C:\Windows\System\nFVYgsa.exe

C:\Windows\System\nFVYgsa.exe

C:\Windows\System\YzDEBkD.exe

C:\Windows\System\YzDEBkD.exe

C:\Windows\System\VQJnuQW.exe

C:\Windows\System\VQJnuQW.exe

C:\Windows\System\htdQEGX.exe

C:\Windows\System\htdQEGX.exe

C:\Windows\System\dptnmhH.exe

C:\Windows\System\dptnmhH.exe

C:\Windows\System\GOIwafy.exe

C:\Windows\System\GOIwafy.exe

C:\Windows\System\bEjxGNQ.exe

C:\Windows\System\bEjxGNQ.exe

C:\Windows\System\jvPFgep.exe

C:\Windows\System\jvPFgep.exe

C:\Windows\System\SEDXnFI.exe

C:\Windows\System\SEDXnFI.exe

C:\Windows\System\Svmxzvd.exe

C:\Windows\System\Svmxzvd.exe

C:\Windows\System\FDAPcfc.exe

C:\Windows\System\FDAPcfc.exe

C:\Windows\System\xPVDpMO.exe

C:\Windows\System\xPVDpMO.exe

C:\Windows\System\ByqWGbd.exe

C:\Windows\System\ByqWGbd.exe

C:\Windows\System\tNOknmn.exe

C:\Windows\System\tNOknmn.exe

C:\Windows\System\ChKZuHq.exe

C:\Windows\System\ChKZuHq.exe

C:\Windows\System\YpGTdnk.exe

C:\Windows\System\YpGTdnk.exe

C:\Windows\System\LOdptJc.exe

C:\Windows\System\LOdptJc.exe

C:\Windows\System\tfPOlHw.exe

C:\Windows\System\tfPOlHw.exe

C:\Windows\System\AjSMCXv.exe

C:\Windows\System\AjSMCXv.exe

C:\Windows\System\YEMgyBa.exe

C:\Windows\System\YEMgyBa.exe

C:\Windows\System\IDXrWDM.exe

C:\Windows\System\IDXrWDM.exe

C:\Windows\System\sMvtgKl.exe

C:\Windows\System\sMvtgKl.exe

C:\Windows\System\fhbRcZB.exe

C:\Windows\System\fhbRcZB.exe

C:\Windows\System\NCyDnfk.exe

C:\Windows\System\NCyDnfk.exe

C:\Windows\System\OeBXRfA.exe

C:\Windows\System\OeBXRfA.exe

C:\Windows\System\SdyfDnH.exe

C:\Windows\System\SdyfDnH.exe

C:\Windows\System\xTOqIal.exe

C:\Windows\System\xTOqIal.exe

C:\Windows\System\YpsfBLb.exe

C:\Windows\System\YpsfBLb.exe

C:\Windows\System\WcNHIhL.exe

C:\Windows\System\WcNHIhL.exe

C:\Windows\System\wuwMnuP.exe

C:\Windows\System\wuwMnuP.exe

C:\Windows\System\jdCNWGA.exe

C:\Windows\System\jdCNWGA.exe

C:\Windows\System\eWXxaah.exe

C:\Windows\System\eWXxaah.exe

C:\Windows\System\uGMDhjX.exe

C:\Windows\System\uGMDhjX.exe

C:\Windows\System\DiUuJaf.exe

C:\Windows\System\DiUuJaf.exe

C:\Windows\System\gLqSKrF.exe

C:\Windows\System\gLqSKrF.exe

C:\Windows\System\fPBJHdd.exe

C:\Windows\System\fPBJHdd.exe

C:\Windows\System\OFsWaaW.exe

C:\Windows\System\OFsWaaW.exe

C:\Windows\System\UrYRUvk.exe

C:\Windows\System\UrYRUvk.exe

C:\Windows\System\otvVdiO.exe

C:\Windows\System\otvVdiO.exe

C:\Windows\System\HoBHCiT.exe

C:\Windows\System\HoBHCiT.exe

C:\Windows\System\QPofbSB.exe

C:\Windows\System\QPofbSB.exe

C:\Windows\System\qocRdvz.exe

C:\Windows\System\qocRdvz.exe

C:\Windows\System\lvcPzSR.exe

C:\Windows\System\lvcPzSR.exe

C:\Windows\System\usJgfhg.exe

C:\Windows\System\usJgfhg.exe

C:\Windows\System\FcCVARw.exe

C:\Windows\System\FcCVARw.exe

C:\Windows\System\xGEltsq.exe

C:\Windows\System\xGEltsq.exe

C:\Windows\System\dLXVMYe.exe

C:\Windows\System\dLXVMYe.exe

C:\Windows\System\sAwFqPZ.exe

C:\Windows\System\sAwFqPZ.exe

C:\Windows\System\KEJCbEI.exe

C:\Windows\System\KEJCbEI.exe

C:\Windows\System\TbMvpdC.exe

C:\Windows\System\TbMvpdC.exe

C:\Windows\System\cidbfuk.exe

C:\Windows\System\cidbfuk.exe

C:\Windows\System\PiCKrzL.exe

C:\Windows\System\PiCKrzL.exe

C:\Windows\System\qBRcQmN.exe

C:\Windows\System\qBRcQmN.exe

C:\Windows\System\YzeroMo.exe

C:\Windows\System\YzeroMo.exe

C:\Windows\System\CGVahNS.exe

C:\Windows\System\CGVahNS.exe

C:\Windows\System\OTMMXjb.exe

C:\Windows\System\OTMMXjb.exe

C:\Windows\System\EbtSFJO.exe

C:\Windows\System\EbtSFJO.exe

C:\Windows\System\nfRiCfg.exe

C:\Windows\System\nfRiCfg.exe

C:\Windows\System\cHFJqsx.exe

C:\Windows\System\cHFJqsx.exe

C:\Windows\System\vsqcVSV.exe

C:\Windows\System\vsqcVSV.exe

C:\Windows\System\EDVPYrd.exe

C:\Windows\System\EDVPYrd.exe

C:\Windows\System\OLRNbXz.exe

C:\Windows\System\OLRNbXz.exe

C:\Windows\System\TFUcNMu.exe

C:\Windows\System\TFUcNMu.exe

C:\Windows\System\yRjSnnu.exe

C:\Windows\System\yRjSnnu.exe

C:\Windows\System\AXJrtsP.exe

C:\Windows\System\AXJrtsP.exe

C:\Windows\System\zyMBLwJ.exe

C:\Windows\System\zyMBLwJ.exe

C:\Windows\System\YpfoAFu.exe

C:\Windows\System\YpfoAFu.exe

C:\Windows\System\VKVsvXK.exe

C:\Windows\System\VKVsvXK.exe

C:\Windows\System\vUrGPxG.exe

C:\Windows\System\vUrGPxG.exe

C:\Windows\System\JMGktqL.exe

C:\Windows\System\JMGktqL.exe

C:\Windows\System\vdZRnko.exe

C:\Windows\System\vdZRnko.exe

C:\Windows\System\fqHZVPo.exe

C:\Windows\System\fqHZVPo.exe

C:\Windows\System\KrdqIel.exe

C:\Windows\System\KrdqIel.exe

C:\Windows\System\AObxhGi.exe

C:\Windows\System\AObxhGi.exe

C:\Windows\System\hPCsLNC.exe

C:\Windows\System\hPCsLNC.exe

C:\Windows\System\cCeEznk.exe

C:\Windows\System\cCeEznk.exe

C:\Windows\System\KqWbrAw.exe

C:\Windows\System\KqWbrAw.exe

C:\Windows\System\nmbleQi.exe

C:\Windows\System\nmbleQi.exe

C:\Windows\System\NSZJvyC.exe

C:\Windows\System\NSZJvyC.exe

C:\Windows\System\JFrzsZO.exe

C:\Windows\System\JFrzsZO.exe

C:\Windows\System\XkUevYV.exe

C:\Windows\System\XkUevYV.exe

C:\Windows\System\ZUAztHE.exe

C:\Windows\System\ZUAztHE.exe

C:\Windows\System\kvbSllD.exe

C:\Windows\System\kvbSllD.exe

C:\Windows\System\kbNIqym.exe

C:\Windows\System\kbNIqym.exe

C:\Windows\System\rhtUxZY.exe

C:\Windows\System\rhtUxZY.exe

C:\Windows\System\kxpHhLz.exe

C:\Windows\System\kxpHhLz.exe

C:\Windows\System\YDCVTcu.exe

C:\Windows\System\YDCVTcu.exe

C:\Windows\System\VDeIdBT.exe

C:\Windows\System\VDeIdBT.exe

C:\Windows\System\rSLtbDt.exe

C:\Windows\System\rSLtbDt.exe

C:\Windows\System\kMeyNdA.exe

C:\Windows\System\kMeyNdA.exe

C:\Windows\System\AUPbflW.exe

C:\Windows\System\AUPbflW.exe

C:\Windows\System\hDyBlDm.exe

C:\Windows\System\hDyBlDm.exe

C:\Windows\System\tlwnEpV.exe

C:\Windows\System\tlwnEpV.exe

C:\Windows\System\bzJyTdq.exe

C:\Windows\System\bzJyTdq.exe

C:\Windows\System\iIdIgIX.exe

C:\Windows\System\iIdIgIX.exe

C:\Windows\System\VOtXHjp.exe

C:\Windows\System\VOtXHjp.exe

C:\Windows\System\ZSEdpPF.exe

C:\Windows\System\ZSEdpPF.exe

C:\Windows\System\CBgpUnh.exe

C:\Windows\System\CBgpUnh.exe

C:\Windows\System\qUdXwYb.exe

C:\Windows\System\qUdXwYb.exe

C:\Windows\System\DNIqzYP.exe

C:\Windows\System\DNIqzYP.exe

C:\Windows\System\ANpXlwp.exe

C:\Windows\System\ANpXlwp.exe

C:\Windows\System\TqdvZEh.exe

C:\Windows\System\TqdvZEh.exe

C:\Windows\System\jnUivrZ.exe

C:\Windows\System\jnUivrZ.exe

C:\Windows\System\hFHPLwg.exe

C:\Windows\System\hFHPLwg.exe

C:\Windows\System\IzoHBwZ.exe

C:\Windows\System\IzoHBwZ.exe

C:\Windows\System\imyViSa.exe

C:\Windows\System\imyViSa.exe

C:\Windows\System\KJxWoHP.exe

C:\Windows\System\KJxWoHP.exe

C:\Windows\System\TKHMIQY.exe

C:\Windows\System\TKHMIQY.exe

C:\Windows\System\VEgToOe.exe

C:\Windows\System\VEgToOe.exe

C:\Windows\System\PDKCwHj.exe

C:\Windows\System\PDKCwHj.exe

C:\Windows\System\yHkMovv.exe

C:\Windows\System\yHkMovv.exe

C:\Windows\System\ONljjAc.exe

C:\Windows\System\ONljjAc.exe

C:\Windows\System\VdYWQvy.exe

C:\Windows\System\VdYWQvy.exe

C:\Windows\System\SonReTh.exe

C:\Windows\System\SonReTh.exe

C:\Windows\System\jlMpOMW.exe

C:\Windows\System\jlMpOMW.exe

C:\Windows\System\sVBuLue.exe

C:\Windows\System\sVBuLue.exe

C:\Windows\System\mpvbpbN.exe

C:\Windows\System\mpvbpbN.exe

C:\Windows\System\gmkrHcf.exe

C:\Windows\System\gmkrHcf.exe

C:\Windows\System\yxGOdBa.exe

C:\Windows\System\yxGOdBa.exe

C:\Windows\System\BPdyhmg.exe

C:\Windows\System\BPdyhmg.exe

C:\Windows\System\lDlpsaH.exe

C:\Windows\System\lDlpsaH.exe

C:\Windows\System\rhCEHxT.exe

C:\Windows\System\rhCEHxT.exe

C:\Windows\System\IeSsbhK.exe

C:\Windows\System\IeSsbhK.exe

C:\Windows\System\OUFFhdG.exe

C:\Windows\System\OUFFhdG.exe

C:\Windows\System\SINDPfZ.exe

C:\Windows\System\SINDPfZ.exe

C:\Windows\System\rrorjMt.exe

C:\Windows\System\rrorjMt.exe

C:\Windows\System\AqTteaj.exe

C:\Windows\System\AqTteaj.exe

C:\Windows\System\Wzxmufz.exe

C:\Windows\System\Wzxmufz.exe

C:\Windows\System\UpygUvq.exe

C:\Windows\System\UpygUvq.exe

C:\Windows\System\qLNlYDD.exe

C:\Windows\System\qLNlYDD.exe

C:\Windows\System\yaEtamO.exe

C:\Windows\System\yaEtamO.exe

C:\Windows\System\twuCLMw.exe

C:\Windows\System\twuCLMw.exe

C:\Windows\System\iefpANV.exe

C:\Windows\System\iefpANV.exe

C:\Windows\System\NFyEYGJ.exe

C:\Windows\System\NFyEYGJ.exe

C:\Windows\System\yfMUuyT.exe

C:\Windows\System\yfMUuyT.exe

C:\Windows\System\gTZyexk.exe

C:\Windows\System\gTZyexk.exe

C:\Windows\System\mTjvyJk.exe

C:\Windows\System\mTjvyJk.exe

C:\Windows\System\RCpIsRS.exe

C:\Windows\System\RCpIsRS.exe

C:\Windows\System\nqHZGps.exe

C:\Windows\System\nqHZGps.exe

C:\Windows\System\zPXUqZc.exe

C:\Windows\System\zPXUqZc.exe

C:\Windows\System\JpiFUSF.exe

C:\Windows\System\JpiFUSF.exe

C:\Windows\System\nfWmVsJ.exe

C:\Windows\System\nfWmVsJ.exe

C:\Windows\System\gamPGcA.exe

C:\Windows\System\gamPGcA.exe

C:\Windows\System\AYvrDdK.exe

C:\Windows\System\AYvrDdK.exe

C:\Windows\System\XLImSOQ.exe

C:\Windows\System\XLImSOQ.exe

C:\Windows\System\sdeVfdy.exe

C:\Windows\System\sdeVfdy.exe

C:\Windows\System\heAsIcs.exe

C:\Windows\System\heAsIcs.exe

C:\Windows\System\teuJHSs.exe

C:\Windows\System\teuJHSs.exe

C:\Windows\System\TjKxgoY.exe

C:\Windows\System\TjKxgoY.exe

C:\Windows\System\JiyhGyO.exe

C:\Windows\System\JiyhGyO.exe

C:\Windows\System\YOlKEmO.exe

C:\Windows\System\YOlKEmO.exe

C:\Windows\System\KDAyylL.exe

C:\Windows\System\KDAyylL.exe

C:\Windows\System\UrpyDeF.exe

C:\Windows\System\UrpyDeF.exe

C:\Windows\System\hpvzlaQ.exe

C:\Windows\System\hpvzlaQ.exe

C:\Windows\System\NxiAxYs.exe

C:\Windows\System\NxiAxYs.exe

C:\Windows\System\yZFmPGN.exe

C:\Windows\System\yZFmPGN.exe

C:\Windows\System\qVFIHqg.exe

C:\Windows\System\qVFIHqg.exe

C:\Windows\System\vmZsbCu.exe

C:\Windows\System\vmZsbCu.exe

C:\Windows\System\dXIwriJ.exe

C:\Windows\System\dXIwriJ.exe

C:\Windows\System\ldSQodu.exe

C:\Windows\System\ldSQodu.exe

C:\Windows\System\vspBSxe.exe

C:\Windows\System\vspBSxe.exe

C:\Windows\System\QuYBygq.exe

C:\Windows\System\QuYBygq.exe

C:\Windows\System\CTXRKHi.exe

C:\Windows\System\CTXRKHi.exe

C:\Windows\System\qLftvaM.exe

C:\Windows\System\qLftvaM.exe

C:\Windows\System\cxhQswd.exe

C:\Windows\System\cxhQswd.exe

C:\Windows\System\wANxazj.exe

C:\Windows\System\wANxazj.exe

C:\Windows\System\uOadzvz.exe

C:\Windows\System\uOadzvz.exe

C:\Windows\System\BmrEYXi.exe

C:\Windows\System\BmrEYXi.exe

C:\Windows\System\cHNBMJz.exe

C:\Windows\System\cHNBMJz.exe

C:\Windows\System\BYECULj.exe

C:\Windows\System\BYECULj.exe

C:\Windows\System\UhVVNpG.exe

C:\Windows\System\UhVVNpG.exe

C:\Windows\System\klInetu.exe

C:\Windows\System\klInetu.exe

C:\Windows\System\qTspJsx.exe

C:\Windows\System\qTspJsx.exe

C:\Windows\System\xsjUfrJ.exe

C:\Windows\System\xsjUfrJ.exe

C:\Windows\System\mdodaRy.exe

C:\Windows\System\mdodaRy.exe

C:\Windows\System\ySxZInQ.exe

C:\Windows\System\ySxZInQ.exe

C:\Windows\System\HvBBSoy.exe

C:\Windows\System\HvBBSoy.exe

C:\Windows\System\murFMTu.exe

C:\Windows\System\murFMTu.exe

C:\Windows\System\PASTRMZ.exe

C:\Windows\System\PASTRMZ.exe

C:\Windows\System\oREpyns.exe

C:\Windows\System\oREpyns.exe

C:\Windows\System\bpXympV.exe

C:\Windows\System\bpXympV.exe

C:\Windows\System\nIgjKde.exe

C:\Windows\System\nIgjKde.exe

C:\Windows\System\KdgdGdF.exe

C:\Windows\System\KdgdGdF.exe

C:\Windows\System\hPUYyeb.exe

C:\Windows\System\hPUYyeb.exe

C:\Windows\System\FxuvFLq.exe

C:\Windows\System\FxuvFLq.exe

C:\Windows\System\GQPkilP.exe

C:\Windows\System\GQPkilP.exe

C:\Windows\System\lIIbTHo.exe

C:\Windows\System\lIIbTHo.exe

C:\Windows\System\khcEBIC.exe

C:\Windows\System\khcEBIC.exe

C:\Windows\System\KAboDRO.exe

C:\Windows\System\KAboDRO.exe

C:\Windows\System\bfQNbFz.exe

C:\Windows\System\bfQNbFz.exe

C:\Windows\System\pzPRYTi.exe

C:\Windows\System\pzPRYTi.exe

C:\Windows\System\roxSBrA.exe

C:\Windows\System\roxSBrA.exe

C:\Windows\System\ohzrIlZ.exe

C:\Windows\System\ohzrIlZ.exe

C:\Windows\System\QAwGWtm.exe

C:\Windows\System\QAwGWtm.exe

C:\Windows\System\wtDKoJH.exe

C:\Windows\System\wtDKoJH.exe

C:\Windows\System\QjniUvQ.exe

C:\Windows\System\QjniUvQ.exe

C:\Windows\System\XvSAhXV.exe

C:\Windows\System\XvSAhXV.exe

C:\Windows\System\ixRAPfE.exe

C:\Windows\System\ixRAPfE.exe

C:\Windows\System\orwULwV.exe

C:\Windows\System\orwULwV.exe

C:\Windows\System\urmDKRA.exe

C:\Windows\System\urmDKRA.exe

C:\Windows\System\xkWaPAK.exe

C:\Windows\System\xkWaPAK.exe

C:\Windows\System\OogIpax.exe

C:\Windows\System\OogIpax.exe

C:\Windows\System\mITGkyT.exe

C:\Windows\System\mITGkyT.exe

C:\Windows\System\eYmiXOw.exe

C:\Windows\System\eYmiXOw.exe

C:\Windows\System\RswnYJC.exe

C:\Windows\System\RswnYJC.exe

C:\Windows\System\Vflbvgu.exe

C:\Windows\System\Vflbvgu.exe

C:\Windows\System\CqTnjqJ.exe

C:\Windows\System\CqTnjqJ.exe

C:\Windows\System\NHOHOeq.exe

C:\Windows\System\NHOHOeq.exe

C:\Windows\System\rXxfbPK.exe

C:\Windows\System\rXxfbPK.exe

C:\Windows\System\rckeSjO.exe

C:\Windows\System\rckeSjO.exe

C:\Windows\System\pcXfuoF.exe

C:\Windows\System\pcXfuoF.exe

C:\Windows\System\tijNuVJ.exe

C:\Windows\System\tijNuVJ.exe

C:\Windows\System\KrJSbsZ.exe

C:\Windows\System\KrJSbsZ.exe

C:\Windows\System\EFZfSmy.exe

C:\Windows\System\EFZfSmy.exe

C:\Windows\System\AjZiSbw.exe

C:\Windows\System\AjZiSbw.exe

C:\Windows\System\xGdjQKj.exe

C:\Windows\System\xGdjQKj.exe

C:\Windows\System\sxkQRdE.exe

C:\Windows\System\sxkQRdE.exe

C:\Windows\System\GKhKOWi.exe

C:\Windows\System\GKhKOWi.exe

C:\Windows\System\IJkBjOf.exe

C:\Windows\System\IJkBjOf.exe

C:\Windows\System\yBtsHvW.exe

C:\Windows\System\yBtsHvW.exe

C:\Windows\System\NAYBGYX.exe

C:\Windows\System\NAYBGYX.exe

C:\Windows\System\VRjymcH.exe

C:\Windows\System\VRjymcH.exe

C:\Windows\System\LftXMGu.exe

C:\Windows\System\LftXMGu.exe

C:\Windows\System\TfVmsAz.exe

C:\Windows\System\TfVmsAz.exe

C:\Windows\System\QuzHdfe.exe

C:\Windows\System\QuzHdfe.exe

C:\Windows\System\DEBcVfd.exe

C:\Windows\System\DEBcVfd.exe

C:\Windows\System\oOsGryd.exe

C:\Windows\System\oOsGryd.exe

C:\Windows\System\JXfmiXU.exe

C:\Windows\System\JXfmiXU.exe

C:\Windows\System\iDbNukl.exe

C:\Windows\System\iDbNukl.exe

C:\Windows\System\iOzjSTq.exe

C:\Windows\System\iOzjSTq.exe

C:\Windows\System\JGYXVVw.exe

C:\Windows\System\JGYXVVw.exe

C:\Windows\System\baNZkbZ.exe

C:\Windows\System\baNZkbZ.exe

C:\Windows\System\TsyFVJA.exe

C:\Windows\System\TsyFVJA.exe

C:\Windows\System\skbeUwX.exe

C:\Windows\System\skbeUwX.exe

C:\Windows\System\YVkUxMp.exe

C:\Windows\System\YVkUxMp.exe

C:\Windows\System\QBHUWGS.exe

C:\Windows\System\QBHUWGS.exe

C:\Windows\System\hJrbZXA.exe

C:\Windows\System\hJrbZXA.exe

C:\Windows\System\anHdakE.exe

C:\Windows\System\anHdakE.exe

C:\Windows\System\ngCkNGB.exe

C:\Windows\System\ngCkNGB.exe

C:\Windows\System\MmLTcmE.exe

C:\Windows\System\MmLTcmE.exe

C:\Windows\System\AJmlthu.exe

C:\Windows\System\AJmlthu.exe

C:\Windows\System\laIbpzC.exe

C:\Windows\System\laIbpzC.exe

C:\Windows\System\tOuiPNM.exe

C:\Windows\System\tOuiPNM.exe

C:\Windows\System\kusCWIY.exe

C:\Windows\System\kusCWIY.exe

C:\Windows\System\CPWdOzm.exe

C:\Windows\System\CPWdOzm.exe

C:\Windows\System\KxHvQzW.exe

C:\Windows\System\KxHvQzW.exe

C:\Windows\System\xWSmhXu.exe

C:\Windows\System\xWSmhXu.exe

C:\Windows\System\zuHpbPB.exe

C:\Windows\System\zuHpbPB.exe

C:\Windows\System\GYnKUrv.exe

C:\Windows\System\GYnKUrv.exe

C:\Windows\System\lUJualL.exe

C:\Windows\System\lUJualL.exe

C:\Windows\System\JWeKfPf.exe

C:\Windows\System\JWeKfPf.exe

C:\Windows\System\icvJkVg.exe

C:\Windows\System\icvJkVg.exe

C:\Windows\System\IzsJqTb.exe

C:\Windows\System\IzsJqTb.exe

C:\Windows\System\jZobuwG.exe

C:\Windows\System\jZobuwG.exe

C:\Windows\System\ZGgzwPg.exe

C:\Windows\System\ZGgzwPg.exe

C:\Windows\System\SboGThp.exe

C:\Windows\System\SboGThp.exe

C:\Windows\System\zPVsKHG.exe

C:\Windows\System\zPVsKHG.exe

C:\Windows\System\eOnaivl.exe

C:\Windows\System\eOnaivl.exe

C:\Windows\System\pPlwFxF.exe

C:\Windows\System\pPlwFxF.exe

C:\Windows\System\fnRlgWb.exe

C:\Windows\System\fnRlgWb.exe

C:\Windows\System\hvMrBOt.exe

C:\Windows\System\hvMrBOt.exe

C:\Windows\System\ZMScZer.exe

C:\Windows\System\ZMScZer.exe

C:\Windows\System\rjkqdUR.exe

C:\Windows\System\rjkqdUR.exe

C:\Windows\System\nryHqhN.exe

C:\Windows\System\nryHqhN.exe

C:\Windows\System\tGRDlVC.exe

C:\Windows\System\tGRDlVC.exe

C:\Windows\System\XePrYiO.exe

C:\Windows\System\XePrYiO.exe

C:\Windows\System\CFBImgT.exe

C:\Windows\System\CFBImgT.exe

C:\Windows\System\ETBxGia.exe

C:\Windows\System\ETBxGia.exe

C:\Windows\System\LmUVApf.exe

C:\Windows\System\LmUVApf.exe

C:\Windows\System\QnKBCKj.exe

C:\Windows\System\QnKBCKj.exe

C:\Windows\System\QfRxZuB.exe

C:\Windows\System\QfRxZuB.exe

C:\Windows\System\jpMrkUv.exe

C:\Windows\System\jpMrkUv.exe

C:\Windows\System\mpiHNbu.exe

C:\Windows\System\mpiHNbu.exe

C:\Windows\System\eQTCzhZ.exe

C:\Windows\System\eQTCzhZ.exe

C:\Windows\System\FBZhYZK.exe

C:\Windows\System\FBZhYZK.exe

C:\Windows\System\tXZzLUJ.exe

C:\Windows\System\tXZzLUJ.exe

C:\Windows\System\WbfnZCW.exe

C:\Windows\System\WbfnZCW.exe

C:\Windows\System\VoAliay.exe

C:\Windows\System\VoAliay.exe

C:\Windows\System\zpuIVLE.exe

C:\Windows\System\zpuIVLE.exe

C:\Windows\System\OlpNFUw.exe

C:\Windows\System\OlpNFUw.exe

C:\Windows\System\BNoFdGp.exe

C:\Windows\System\BNoFdGp.exe

C:\Windows\System\jNoXxqP.exe

C:\Windows\System\jNoXxqP.exe

C:\Windows\System\wjFylgC.exe

C:\Windows\System\wjFylgC.exe

C:\Windows\System\emJQAIh.exe

C:\Windows\System\emJQAIh.exe

C:\Windows\System\NnyiNPL.exe

C:\Windows\System\NnyiNPL.exe

C:\Windows\System\hHPVSTA.exe

C:\Windows\System\hHPVSTA.exe

C:\Windows\System\JJFgTNN.exe

C:\Windows\System\JJFgTNN.exe

C:\Windows\System\rRcNkJB.exe

C:\Windows\System\rRcNkJB.exe

C:\Windows\System\VOSrSQc.exe

C:\Windows\System\VOSrSQc.exe

C:\Windows\System\MfOYVin.exe

C:\Windows\System\MfOYVin.exe

C:\Windows\System\fgLbQLt.exe

C:\Windows\System\fgLbQLt.exe

C:\Windows\System\cgPmOvu.exe

C:\Windows\System\cgPmOvu.exe

C:\Windows\System\ZRgqwuN.exe

C:\Windows\System\ZRgqwuN.exe

C:\Windows\System\OyERKEt.exe

C:\Windows\System\OyERKEt.exe

C:\Windows\System\jaqqYUL.exe

C:\Windows\System\jaqqYUL.exe

C:\Windows\System\qRyewwA.exe

C:\Windows\System\qRyewwA.exe

C:\Windows\System\ejfPIYE.exe

C:\Windows\System\ejfPIYE.exe

C:\Windows\System\ndjbtcF.exe

C:\Windows\System\ndjbtcF.exe

C:\Windows\System\RfhMspt.exe

C:\Windows\System\RfhMspt.exe

C:\Windows\System\EmyXwKi.exe

C:\Windows\System\EmyXwKi.exe

C:\Windows\System\WqFBokg.exe

C:\Windows\System\WqFBokg.exe

C:\Windows\System\fiJDcTf.exe

C:\Windows\System\fiJDcTf.exe

C:\Windows\System\TvkejyJ.exe

C:\Windows\System\TvkejyJ.exe

C:\Windows\System\HikBQOV.exe

C:\Windows\System\HikBQOV.exe

C:\Windows\System\tpXIilz.exe

C:\Windows\System\tpXIilz.exe

C:\Windows\System\wqifDRw.exe

C:\Windows\System\wqifDRw.exe

C:\Windows\System\JnlIBuQ.exe

C:\Windows\System\JnlIBuQ.exe

C:\Windows\System\PUMdrsT.exe

C:\Windows\System\PUMdrsT.exe

C:\Windows\System\DQXwqPE.exe

C:\Windows\System\DQXwqPE.exe

C:\Windows\System\ISAUhbO.exe

C:\Windows\System\ISAUhbO.exe

C:\Windows\System\sAhZOdW.exe

C:\Windows\System\sAhZOdW.exe

C:\Windows\System\XjwDcCt.exe

C:\Windows\System\XjwDcCt.exe

C:\Windows\System\dMhowis.exe

C:\Windows\System\dMhowis.exe

C:\Windows\System\bZMugop.exe

C:\Windows\System\bZMugop.exe

C:\Windows\System\WSylTEO.exe

C:\Windows\System\WSylTEO.exe

C:\Windows\System\sHgtEGZ.exe

C:\Windows\System\sHgtEGZ.exe

C:\Windows\System\rlLqMLN.exe

C:\Windows\System\rlLqMLN.exe

C:\Windows\System\ifmytDd.exe

C:\Windows\System\ifmytDd.exe

C:\Windows\System\FWpPJeg.exe

C:\Windows\System\FWpPJeg.exe

C:\Windows\System\HXBqpwn.exe

C:\Windows\System\HXBqpwn.exe

C:\Windows\System\WxYIagN.exe

C:\Windows\System\WxYIagN.exe

C:\Windows\System\MOuDbbK.exe

C:\Windows\System\MOuDbbK.exe

C:\Windows\System\jxOlyyX.exe

C:\Windows\System\jxOlyyX.exe

C:\Windows\System\xgshBLl.exe

C:\Windows\System\xgshBLl.exe

C:\Windows\System\CCUOhLC.exe

C:\Windows\System\CCUOhLC.exe

C:\Windows\System\mGSMulC.exe

C:\Windows\System\mGSMulC.exe

C:\Windows\System\FwhrNEv.exe

C:\Windows\System\FwhrNEv.exe

C:\Windows\System\VeBoOTK.exe

C:\Windows\System\VeBoOTK.exe

C:\Windows\System\HxFOQyB.exe

C:\Windows\System\HxFOQyB.exe

C:\Windows\System\PyPckWZ.exe

C:\Windows\System\PyPckWZ.exe

C:\Windows\System\RBiJXLI.exe

C:\Windows\System\RBiJXLI.exe

C:\Windows\System\FOwrDBy.exe

C:\Windows\System\FOwrDBy.exe

C:\Windows\System\WOTvLWa.exe

C:\Windows\System\WOTvLWa.exe

C:\Windows\System\JVOuXhQ.exe

C:\Windows\System\JVOuXhQ.exe

C:\Windows\System\OJraRWf.exe

C:\Windows\System\OJraRWf.exe

C:\Windows\System\LSoTSXo.exe

C:\Windows\System\LSoTSXo.exe

C:\Windows\System\RnUBdXR.exe

C:\Windows\System\RnUBdXR.exe

C:\Windows\System\xJrDSVz.exe

C:\Windows\System\xJrDSVz.exe

C:\Windows\System\YuVkucR.exe

C:\Windows\System\YuVkucR.exe

C:\Windows\System\cuQvyRD.exe

C:\Windows\System\cuQvyRD.exe

C:\Windows\System\XuoJGIE.exe

C:\Windows\System\XuoJGIE.exe

C:\Windows\System\niMPCMn.exe

C:\Windows\System\niMPCMn.exe

C:\Windows\System\eHfIDiI.exe

C:\Windows\System\eHfIDiI.exe

C:\Windows\System\MWnXdiC.exe

C:\Windows\System\MWnXdiC.exe

C:\Windows\System\wNEINfQ.exe

C:\Windows\System\wNEINfQ.exe

C:\Windows\System\DBbCeES.exe

C:\Windows\System\DBbCeES.exe

C:\Windows\System\yKogHjN.exe

C:\Windows\System\yKogHjN.exe

C:\Windows\System\NkNPDEE.exe

C:\Windows\System\NkNPDEE.exe

C:\Windows\System\jgzTzsL.exe

C:\Windows\System\jgzTzsL.exe

C:\Windows\System\WEvbskq.exe

C:\Windows\System\WEvbskq.exe

C:\Windows\System\DHjzzAX.exe

C:\Windows\System\DHjzzAX.exe

C:\Windows\System\klArMes.exe

C:\Windows\System\klArMes.exe

C:\Windows\System\eLReZZR.exe

C:\Windows\System\eLReZZR.exe

C:\Windows\System\enALTwH.exe

C:\Windows\System\enALTwH.exe

C:\Windows\System\wCtVxsO.exe

C:\Windows\System\wCtVxsO.exe

C:\Windows\System\qpsvUST.exe

C:\Windows\System\qpsvUST.exe

C:\Windows\System\yFvHGhu.exe

C:\Windows\System\yFvHGhu.exe

C:\Windows\System\MejXpim.exe

C:\Windows\System\MejXpim.exe

C:\Windows\System\FJOkNRp.exe

C:\Windows\System\FJOkNRp.exe

C:\Windows\System\LomvziI.exe

C:\Windows\System\LomvziI.exe

C:\Windows\System\pPiMUDK.exe

C:\Windows\System\pPiMUDK.exe

C:\Windows\System\BjrHYnG.exe

C:\Windows\System\BjrHYnG.exe

C:\Windows\System\pBxDQaW.exe

C:\Windows\System\pBxDQaW.exe

C:\Windows\System\LIeIrkc.exe

C:\Windows\System\LIeIrkc.exe

C:\Windows\System\Ayefweh.exe

C:\Windows\System\Ayefweh.exe

C:\Windows\System\LoOQBST.exe

C:\Windows\System\LoOQBST.exe

C:\Windows\System\KgGCBqZ.exe

C:\Windows\System\KgGCBqZ.exe

C:\Windows\System\wUnPcIv.exe

C:\Windows\System\wUnPcIv.exe

C:\Windows\System\COxlZcU.exe

C:\Windows\System\COxlZcU.exe

C:\Windows\System\eMkBKvS.exe

C:\Windows\System\eMkBKvS.exe

C:\Windows\System\WCXHyNJ.exe

C:\Windows\System\WCXHyNJ.exe

C:\Windows\System\OzpKSvw.exe

C:\Windows\System\OzpKSvw.exe

C:\Windows\System\NxHMqEf.exe

C:\Windows\System\NxHMqEf.exe

C:\Windows\System\HpsUPnc.exe

C:\Windows\System\HpsUPnc.exe

C:\Windows\System\nnkuESN.exe

C:\Windows\System\nnkuESN.exe

C:\Windows\System\YEXlktF.exe

C:\Windows\System\YEXlktF.exe

C:\Windows\System\JtwoqIL.exe

C:\Windows\System\JtwoqIL.exe

C:\Windows\System\xrvAnOi.exe

C:\Windows\System\xrvAnOi.exe

C:\Windows\System\ZSxNGGK.exe

C:\Windows\System\ZSxNGGK.exe

C:\Windows\System\JUBaJNt.exe

C:\Windows\System\JUBaJNt.exe

C:\Windows\System\gCqTGso.exe

C:\Windows\System\gCqTGso.exe

C:\Windows\System\ibShIAp.exe

C:\Windows\System\ibShIAp.exe

C:\Windows\System\AEvJlcE.exe

C:\Windows\System\AEvJlcE.exe

C:\Windows\System\VJVuGDi.exe

C:\Windows\System\VJVuGDi.exe

C:\Windows\System\FsHBvgX.exe

C:\Windows\System\FsHBvgX.exe

C:\Windows\System\ZbujenK.exe

C:\Windows\System\ZbujenK.exe

C:\Windows\System\uuZXGRe.exe

C:\Windows\System\uuZXGRe.exe

C:\Windows\System\HPrQjgx.exe

C:\Windows\System\HPrQjgx.exe

C:\Windows\System\rYiiswT.exe

C:\Windows\System\rYiiswT.exe

C:\Windows\System\QrJFTOb.exe

C:\Windows\System\QrJFTOb.exe

C:\Windows\System\aXjlnal.exe

C:\Windows\System\aXjlnal.exe

C:\Windows\System\oDuJtuI.exe

C:\Windows\System\oDuJtuI.exe

C:\Windows\System\ilGUdqr.exe

C:\Windows\System\ilGUdqr.exe

C:\Windows\System\XSfSKdI.exe

C:\Windows\System\XSfSKdI.exe

C:\Windows\System\FMROFPN.exe

C:\Windows\System\FMROFPN.exe

C:\Windows\System\iTkwFXZ.exe

C:\Windows\System\iTkwFXZ.exe

C:\Windows\System\sCtpmsV.exe

C:\Windows\System\sCtpmsV.exe

C:\Windows\System\zqQcZNu.exe

C:\Windows\System\zqQcZNu.exe

C:\Windows\System\HlOpDNg.exe

C:\Windows\System\HlOpDNg.exe

C:\Windows\System\UJicLPy.exe

C:\Windows\System\UJicLPy.exe

C:\Windows\System\oDXpzpL.exe

C:\Windows\System\oDXpzpL.exe

C:\Windows\System\nvvGXYE.exe

C:\Windows\System\nvvGXYE.exe

C:\Windows\System\QBwifbY.exe

C:\Windows\System\QBwifbY.exe

C:\Windows\System\bSoRBuL.exe

C:\Windows\System\bSoRBuL.exe

C:\Windows\System\GEIqIAL.exe

C:\Windows\System\GEIqIAL.exe

C:\Windows\System\rrcqpTM.exe

C:\Windows\System\rrcqpTM.exe

C:\Windows\System\QzEKGRy.exe

C:\Windows\System\QzEKGRy.exe

C:\Windows\System\MPwJljg.exe

C:\Windows\System\MPwJljg.exe

C:\Windows\System\wPJNUfj.exe

C:\Windows\System\wPJNUfj.exe

C:\Windows\System\LdmQkJg.exe

C:\Windows\System\LdmQkJg.exe

C:\Windows\System\NPSloju.exe

C:\Windows\System\NPSloju.exe

C:\Windows\System\kbGUHwA.exe

C:\Windows\System\kbGUHwA.exe

C:\Windows\System\XRXcFdg.exe

C:\Windows\System\XRXcFdg.exe

C:\Windows\System\NIlSfVI.exe

C:\Windows\System\NIlSfVI.exe

C:\Windows\System\ADpQllL.exe

C:\Windows\System\ADpQllL.exe

C:\Windows\System\vdMtrEH.exe

C:\Windows\System\vdMtrEH.exe

C:\Windows\System\jFYKdwE.exe

C:\Windows\System\jFYKdwE.exe

C:\Windows\System\vRCAbeG.exe

C:\Windows\System\vRCAbeG.exe

C:\Windows\System\yKKXFzH.exe

C:\Windows\System\yKKXFzH.exe

C:\Windows\System\YMCXzFu.exe

C:\Windows\System\YMCXzFu.exe

C:\Windows\System\pJVVLZQ.exe

C:\Windows\System\pJVVLZQ.exe

C:\Windows\System\nNZSsBu.exe

C:\Windows\System\nNZSsBu.exe

C:\Windows\System\KAWQzxS.exe

C:\Windows\System\KAWQzxS.exe

C:\Windows\System\tVBcaCo.exe

C:\Windows\System\tVBcaCo.exe

C:\Windows\System\fAhWeEf.exe

C:\Windows\System\fAhWeEf.exe

C:\Windows\System\PzMtxuS.exe

C:\Windows\System\PzMtxuS.exe

C:\Windows\System\aaEXDVY.exe

C:\Windows\System\aaEXDVY.exe

C:\Windows\System\KXKTsik.exe

C:\Windows\System\KXKTsik.exe

C:\Windows\System\YeRhroO.exe

C:\Windows\System\YeRhroO.exe

C:\Windows\System\YduOnvX.exe

C:\Windows\System\YduOnvX.exe

C:\Windows\System\FnurKAr.exe

C:\Windows\System\FnurKAr.exe

C:\Windows\System\OCJlXTR.exe

C:\Windows\System\OCJlXTR.exe

C:\Windows\System\TpwgOGT.exe

C:\Windows\System\TpwgOGT.exe

C:\Windows\System\ImmOvIF.exe

C:\Windows\System\ImmOvIF.exe

C:\Windows\System\JOjigZK.exe

C:\Windows\System\JOjigZK.exe

C:\Windows\System\prLlrxU.exe

C:\Windows\System\prLlrxU.exe

C:\Windows\System\xoibBHa.exe

C:\Windows\System\xoibBHa.exe

C:\Windows\System\jAzkUtJ.exe

C:\Windows\System\jAzkUtJ.exe

C:\Windows\System\tswpsaa.exe

C:\Windows\System\tswpsaa.exe

C:\Windows\System\jVFkIit.exe

C:\Windows\System\jVFkIit.exe

C:\Windows\System\YDfmNOM.exe

C:\Windows\System\YDfmNOM.exe

C:\Windows\System\PrfxdjJ.exe

C:\Windows\System\PrfxdjJ.exe

C:\Windows\System\JEiQpFf.exe

C:\Windows\System\JEiQpFf.exe

C:\Windows\System\OlGONIH.exe

C:\Windows\System\OlGONIH.exe

C:\Windows\System\aSeAsaD.exe

C:\Windows\System\aSeAsaD.exe

C:\Windows\System\bHVHieq.exe

C:\Windows\System\bHVHieq.exe

C:\Windows\System\HWBphJZ.exe

C:\Windows\System\HWBphJZ.exe

C:\Windows\System\UCAHzJh.exe

C:\Windows\System\UCAHzJh.exe

C:\Windows\System\DdLtqao.exe

C:\Windows\System\DdLtqao.exe

C:\Windows\System\qBnJvtY.exe

C:\Windows\System\qBnJvtY.exe

C:\Windows\System\DGjhqod.exe

C:\Windows\System\DGjhqod.exe

C:\Windows\System\tmHJEwY.exe

C:\Windows\System\tmHJEwY.exe

C:\Windows\System\DdwVzih.exe

C:\Windows\System\DdwVzih.exe

C:\Windows\System\EzqVYcA.exe

C:\Windows\System\EzqVYcA.exe

C:\Windows\System\AjRKWEM.exe

C:\Windows\System\AjRKWEM.exe

C:\Windows\System\tcKfMCz.exe

C:\Windows\System\tcKfMCz.exe

C:\Windows\System\oSnrwdD.exe

C:\Windows\System\oSnrwdD.exe

C:\Windows\System\DItHSfx.exe

C:\Windows\System\DItHSfx.exe

C:\Windows\System\vrbEpIf.exe

C:\Windows\System\vrbEpIf.exe

C:\Windows\System\rFlmMJj.exe

C:\Windows\System\rFlmMJj.exe

C:\Windows\System\eRtbhLA.exe

C:\Windows\System\eRtbhLA.exe

C:\Windows\System\Xzleqvl.exe

C:\Windows\System\Xzleqvl.exe

C:\Windows\System\cJhFujn.exe

C:\Windows\System\cJhFujn.exe

C:\Windows\System\EEsowUU.exe

C:\Windows\System\EEsowUU.exe

C:\Windows\System\mQmLSrr.exe

C:\Windows\System\mQmLSrr.exe

C:\Windows\System\dWcYpDr.exe

C:\Windows\System\dWcYpDr.exe

C:\Windows\System\VIxhcIr.exe

C:\Windows\System\VIxhcIr.exe

C:\Windows\System\VnwSvxT.exe

C:\Windows\System\VnwSvxT.exe

C:\Windows\System\TJKfRRe.exe

C:\Windows\System\TJKfRRe.exe

C:\Windows\System\EfSAYfv.exe

C:\Windows\System\EfSAYfv.exe

C:\Windows\System\GcrOqvy.exe

C:\Windows\System\GcrOqvy.exe

C:\Windows\System\yCHolor.exe

C:\Windows\System\yCHolor.exe

C:\Windows\System\ehakAKY.exe

C:\Windows\System\ehakAKY.exe

C:\Windows\System\uoTnsiF.exe

C:\Windows\System\uoTnsiF.exe

C:\Windows\System\iLTvQxm.exe

C:\Windows\System\iLTvQxm.exe

C:\Windows\System\HroOJeE.exe

C:\Windows\System\HroOJeE.exe

C:\Windows\System\EFFNvgG.exe

C:\Windows\System\EFFNvgG.exe

C:\Windows\System\pMxRZYv.exe

C:\Windows\System\pMxRZYv.exe

C:\Windows\System\dQkspaK.exe

C:\Windows\System\dQkspaK.exe

C:\Windows\System\IsGECEi.exe

C:\Windows\System\IsGECEi.exe

C:\Windows\System\nEFhazC.exe

C:\Windows\System\nEFhazC.exe

C:\Windows\System\DbljFuA.exe

C:\Windows\System\DbljFuA.exe

C:\Windows\System\mVxJBHE.exe

C:\Windows\System\mVxJBHE.exe

C:\Windows\System\BkgFAOt.exe

C:\Windows\System\BkgFAOt.exe

C:\Windows\System\dkiawCT.exe

C:\Windows\System\dkiawCT.exe

C:\Windows\System\ATiQPCv.exe

C:\Windows\System\ATiQPCv.exe

C:\Windows\System\PUuZjQd.exe

C:\Windows\System\PUuZjQd.exe

C:\Windows\System\BpKVFuN.exe

C:\Windows\System\BpKVFuN.exe

C:\Windows\System\hWkXCZP.exe

C:\Windows\System\hWkXCZP.exe

C:\Windows\System\crtVgTc.exe

C:\Windows\System\crtVgTc.exe

C:\Windows\System\AaJCBxy.exe

C:\Windows\System\AaJCBxy.exe

C:\Windows\System\JobAaLj.exe

C:\Windows\System\JobAaLj.exe

C:\Windows\System\iFHbJEM.exe

C:\Windows\System\iFHbJEM.exe

C:\Windows\System\rJAgrRI.exe

C:\Windows\System\rJAgrRI.exe

C:\Windows\System\QOFzoSA.exe

C:\Windows\System\QOFzoSA.exe

C:\Windows\System\COGkCrw.exe

C:\Windows\System\COGkCrw.exe

C:\Windows\System\jEkZQgs.exe

C:\Windows\System\jEkZQgs.exe

C:\Windows\System\OSKYegk.exe

C:\Windows\System\OSKYegk.exe

C:\Windows\System\dUqhsrY.exe

C:\Windows\System\dUqhsrY.exe

C:\Windows\System\HoizRuv.exe

C:\Windows\System\HoizRuv.exe

C:\Windows\System\bjXTXWh.exe

C:\Windows\System\bjXTXWh.exe

C:\Windows\System\KKsVUTQ.exe

C:\Windows\System\KKsVUTQ.exe

C:\Windows\System\rFJqdCi.exe

C:\Windows\System\rFJqdCi.exe

C:\Windows\System\jsCWEIC.exe

C:\Windows\System\jsCWEIC.exe

C:\Windows\System\rCnuuCV.exe

C:\Windows\System\rCnuuCV.exe

C:\Windows\System\gXoLXXj.exe

C:\Windows\System\gXoLXXj.exe

C:\Windows\System\riioPRM.exe

C:\Windows\System\riioPRM.exe

C:\Windows\System\roNUtqQ.exe

C:\Windows\System\roNUtqQ.exe

C:\Windows\System\eNOSKxH.exe

C:\Windows\System\eNOSKxH.exe

C:\Windows\System\SifSwJv.exe

C:\Windows\System\SifSwJv.exe

C:\Windows\System\iuAEERC.exe

C:\Windows\System\iuAEERC.exe

C:\Windows\System\aGNjIPN.exe

C:\Windows\System\aGNjIPN.exe

C:\Windows\System\tSUWuVv.exe

C:\Windows\System\tSUWuVv.exe

C:\Windows\System\jwVZdzB.exe

C:\Windows\System\jwVZdzB.exe

C:\Windows\System\OVUbeMd.exe

C:\Windows\System\OVUbeMd.exe

C:\Windows\System\qPwYRPZ.exe

C:\Windows\System\qPwYRPZ.exe

C:\Windows\System\EysROmY.exe

C:\Windows\System\EysROmY.exe

C:\Windows\System\ivyiJbh.exe

C:\Windows\System\ivyiJbh.exe

C:\Windows\System\VggdLRT.exe

C:\Windows\System\VggdLRT.exe

C:\Windows\System\ckUgWvX.exe

C:\Windows\System\ckUgWvX.exe

C:\Windows\System\ttFhtzG.exe

C:\Windows\System\ttFhtzG.exe

C:\Windows\System\OfWWrwU.exe

C:\Windows\System\OfWWrwU.exe

C:\Windows\System\ewMKmKZ.exe

C:\Windows\System\ewMKmKZ.exe

C:\Windows\System\cQGeFOo.exe

C:\Windows\System\cQGeFOo.exe

C:\Windows\System\LfwlTMc.exe

C:\Windows\System\LfwlTMc.exe

C:\Windows\System\UWUQXpl.exe

C:\Windows\System\UWUQXpl.exe

C:\Windows\System\hXOMncJ.exe

C:\Windows\System\hXOMncJ.exe

C:\Windows\System\UXsVdrk.exe

C:\Windows\System\UXsVdrk.exe

C:\Windows\System\MyOfDwm.exe

C:\Windows\System\MyOfDwm.exe

C:\Windows\System\uOWrEUM.exe

C:\Windows\System\uOWrEUM.exe

C:\Windows\System\sepkpmL.exe

C:\Windows\System\sepkpmL.exe

C:\Windows\System\wIswOIh.exe

C:\Windows\System\wIswOIh.exe

C:\Windows\System\BxuNlqi.exe

C:\Windows\System\BxuNlqi.exe

C:\Windows\System\vPyHKRJ.exe

C:\Windows\System\vPyHKRJ.exe

C:\Windows\System\YfuhNDh.exe

C:\Windows\System\YfuhNDh.exe

C:\Windows\System\dNhyIyD.exe

C:\Windows\System\dNhyIyD.exe

C:\Windows\System\NNoRmvT.exe

C:\Windows\System\NNoRmvT.exe

C:\Windows\System\tfwBmKc.exe

C:\Windows\System\tfwBmKc.exe

C:\Windows\System\FeKwVEo.exe

C:\Windows\System\FeKwVEo.exe

C:\Windows\System\uErnRXK.exe

C:\Windows\System\uErnRXK.exe

C:\Windows\System\DMBKILs.exe

C:\Windows\System\DMBKILs.exe

C:\Windows\System\DCAwibC.exe

C:\Windows\System\DCAwibC.exe

C:\Windows\System\iebBeyo.exe

C:\Windows\System\iebBeyo.exe

C:\Windows\System\yuiStVX.exe

C:\Windows\System\yuiStVX.exe

C:\Windows\System\LINZSUb.exe

C:\Windows\System\LINZSUb.exe

C:\Windows\System\InlMsFI.exe

C:\Windows\System\InlMsFI.exe

C:\Windows\System\UwPzUMz.exe

C:\Windows\System\UwPzUMz.exe

C:\Windows\System\fOXtTDx.exe

C:\Windows\System\fOXtTDx.exe

C:\Windows\System\zCRcAYO.exe

C:\Windows\System\zCRcAYO.exe

C:\Windows\System\TclXJbJ.exe

C:\Windows\System\TclXJbJ.exe

C:\Windows\System\EGfBtrf.exe

C:\Windows\System\EGfBtrf.exe

C:\Windows\System\fFhnPkL.exe

C:\Windows\System\fFhnPkL.exe

C:\Windows\System\CRxWTBJ.exe

C:\Windows\System\CRxWTBJ.exe

C:\Windows\System\Fokzwsp.exe

C:\Windows\System\Fokzwsp.exe

C:\Windows\System\olpWnGc.exe

C:\Windows\System\olpWnGc.exe

C:\Windows\System\TxdwOMp.exe

C:\Windows\System\TxdwOMp.exe

C:\Windows\System\RCnyfhm.exe

C:\Windows\System\RCnyfhm.exe

C:\Windows\System\rkxugYG.exe

C:\Windows\System\rkxugYG.exe

C:\Windows\System\mCWhbvb.exe

C:\Windows\System\mCWhbvb.exe

C:\Windows\System\rKNPJEv.exe

C:\Windows\System\rKNPJEv.exe

C:\Windows\System\yowALwl.exe

C:\Windows\System\yowALwl.exe

C:\Windows\System\bzCRDbZ.exe

C:\Windows\System\bzCRDbZ.exe

C:\Windows\System\nhwIFxG.exe

C:\Windows\System\nhwIFxG.exe

C:\Windows\System\lrVGSDo.exe

C:\Windows\System\lrVGSDo.exe

C:\Windows\System\OtLWKiV.exe

C:\Windows\System\OtLWKiV.exe

C:\Windows\System\JOYuRDX.exe

C:\Windows\System\JOYuRDX.exe

C:\Windows\System\hseSwoQ.exe

C:\Windows\System\hseSwoQ.exe

C:\Windows\System\JONUTDk.exe

C:\Windows\System\JONUTDk.exe

C:\Windows\System\pOLdpSY.exe

C:\Windows\System\pOLdpSY.exe

C:\Windows\System\VBRAgaL.exe

C:\Windows\System\VBRAgaL.exe

C:\Windows\System\SnkkJai.exe

C:\Windows\System\SnkkJai.exe

C:\Windows\System\DIzkMLj.exe

C:\Windows\System\DIzkMLj.exe

C:\Windows\System\AEkPDKs.exe

C:\Windows\System\AEkPDKs.exe

C:\Windows\System\rkMxFWF.exe

C:\Windows\System\rkMxFWF.exe

C:\Windows\System\EqAkwBR.exe

C:\Windows\System\EqAkwBR.exe

C:\Windows\System\lORsBKW.exe

C:\Windows\System\lORsBKW.exe

C:\Windows\System\XlNucOJ.exe

C:\Windows\System\XlNucOJ.exe

C:\Windows\System\jQznhkR.exe

C:\Windows\System\jQznhkR.exe

C:\Windows\System\nXLpVCW.exe

C:\Windows\System\nXLpVCW.exe

C:\Windows\System\XRhZltR.exe

C:\Windows\System\XRhZltR.exe

C:\Windows\System\eFyFkHI.exe

C:\Windows\System\eFyFkHI.exe

C:\Windows\System\VqZvNPE.exe

C:\Windows\System\VqZvNPE.exe

C:\Windows\System\FGcuVRs.exe

C:\Windows\System\FGcuVRs.exe

C:\Windows\System\NPRZcRP.exe

C:\Windows\System\NPRZcRP.exe

C:\Windows\System\TNkljRY.exe

C:\Windows\System\TNkljRY.exe

C:\Windows\System\NrpQukC.exe

C:\Windows\System\NrpQukC.exe

C:\Windows\System\fhTDaOo.exe

C:\Windows\System\fhTDaOo.exe

C:\Windows\System\oswdYaz.exe

C:\Windows\System\oswdYaz.exe

C:\Windows\System\lFuQlhF.exe

C:\Windows\System\lFuQlhF.exe

C:\Windows\System\wVmynUB.exe

C:\Windows\System\wVmynUB.exe

C:\Windows\System\pamZZdi.exe

C:\Windows\System\pamZZdi.exe

C:\Windows\System\zEKmJmT.exe

C:\Windows\System\zEKmJmT.exe

C:\Windows\System\pNyZREM.exe

C:\Windows\System\pNyZREM.exe

C:\Windows\System\PAIddJN.exe

C:\Windows\System\PAIddJN.exe

C:\Windows\System\JqIftpY.exe

C:\Windows\System\JqIftpY.exe

C:\Windows\System\xEWRbqa.exe

C:\Windows\System\xEWRbqa.exe

C:\Windows\System\tNNXpln.exe

C:\Windows\System\tNNXpln.exe

C:\Windows\System\YpVCMrN.exe

C:\Windows\System\YpVCMrN.exe

C:\Windows\System\CCaNNrD.exe

C:\Windows\System\CCaNNrD.exe

C:\Windows\System\ibuxrSv.exe

C:\Windows\System\ibuxrSv.exe

C:\Windows\System\TSzNiZt.exe

C:\Windows\System\TSzNiZt.exe

C:\Windows\System\QrRkNxi.exe

C:\Windows\System\QrRkNxi.exe

C:\Windows\System\KJIyZve.exe

C:\Windows\System\KJIyZve.exe

C:\Windows\System\wnmuWAL.exe

C:\Windows\System\wnmuWAL.exe

C:\Windows\System\wWdclQb.exe

C:\Windows\System\wWdclQb.exe

C:\Windows\System\fMaLEQn.exe

C:\Windows\System\fMaLEQn.exe

C:\Windows\System\WhfFVJg.exe

C:\Windows\System\WhfFVJg.exe

C:\Windows\System\aTuNnrI.exe

C:\Windows\System\aTuNnrI.exe

C:\Windows\System\GNHorFW.exe

C:\Windows\System\GNHorFW.exe

C:\Windows\System\szKfAIX.exe

C:\Windows\System\szKfAIX.exe

C:\Windows\System\bCvNciK.exe

C:\Windows\System\bCvNciK.exe

C:\Windows\System\fcmDDWJ.exe

C:\Windows\System\fcmDDWJ.exe

C:\Windows\System\KrzCkPe.exe

C:\Windows\System\KrzCkPe.exe

C:\Windows\System\TELazGw.exe

C:\Windows\System\TELazGw.exe

C:\Windows\System\gwNfglL.exe

C:\Windows\System\gwNfglL.exe

C:\Windows\System\WsUIRTx.exe

C:\Windows\System\WsUIRTx.exe

C:\Windows\System\HNaiWUq.exe

C:\Windows\System\HNaiWUq.exe

C:\Windows\System\izaUJjt.exe

C:\Windows\System\izaUJjt.exe

C:\Windows\System\yYsyFMA.exe

C:\Windows\System\yYsyFMA.exe

C:\Windows\System\dIDtQbh.exe

C:\Windows\System\dIDtQbh.exe

C:\Windows\System\KrqMZHJ.exe

C:\Windows\System\KrqMZHJ.exe

C:\Windows\System\FuUMEko.exe

C:\Windows\System\FuUMEko.exe

C:\Windows\System\cofRAGN.exe

C:\Windows\System\cofRAGN.exe

C:\Windows\System\PRbBXen.exe

C:\Windows\System\PRbBXen.exe

C:\Windows\System\SOoeJIc.exe

C:\Windows\System\SOoeJIc.exe

C:\Windows\System\MVSgVuw.exe

C:\Windows\System\MVSgVuw.exe

C:\Windows\System\bugrJgJ.exe

C:\Windows\System\bugrJgJ.exe

C:\Windows\System\HicsjCo.exe

C:\Windows\System\HicsjCo.exe

C:\Windows\System\POWmggC.exe

C:\Windows\System\POWmggC.exe

C:\Windows\System\XqHroUr.exe

C:\Windows\System\XqHroUr.exe

C:\Windows\System\qgYsNFu.exe

C:\Windows\System\qgYsNFu.exe

C:\Windows\System\loHfOjH.exe

C:\Windows\System\loHfOjH.exe

C:\Windows\System\PEodVAd.exe

C:\Windows\System\PEodVAd.exe

C:\Windows\System\GIXfiNH.exe

C:\Windows\System\GIXfiNH.exe

C:\Windows\System\rrqofgE.exe

C:\Windows\System\rrqofgE.exe

C:\Windows\System\fBPGkvt.exe

C:\Windows\System\fBPGkvt.exe

C:\Windows\System\bRMxDnd.exe

C:\Windows\System\bRMxDnd.exe

C:\Windows\System\eVHEmXw.exe

C:\Windows\System\eVHEmXw.exe

C:\Windows\System\SQQXRDP.exe

C:\Windows\System\SQQXRDP.exe

C:\Windows\System\hlYxpqH.exe

C:\Windows\System\hlYxpqH.exe

C:\Windows\System\IVTwAOO.exe

C:\Windows\System\IVTwAOO.exe

C:\Windows\System\HpyAmsD.exe

C:\Windows\System\HpyAmsD.exe

C:\Windows\System\hAZbgFv.exe

C:\Windows\System\hAZbgFv.exe

C:\Windows\System\vkbIqKA.exe

C:\Windows\System\vkbIqKA.exe

C:\Windows\System\iEjEKFA.exe

C:\Windows\System\iEjEKFA.exe

C:\Windows\System\qXukdgG.exe

C:\Windows\System\qXukdgG.exe

C:\Windows\System\ttshlBI.exe

C:\Windows\System\ttshlBI.exe

C:\Windows\System\nKprmMD.exe

C:\Windows\System\nKprmMD.exe

C:\Windows\System\YNrzSNA.exe

C:\Windows\System\YNrzSNA.exe

C:\Windows\System\rAAveLz.exe

C:\Windows\System\rAAveLz.exe

C:\Windows\System\dZdtJfU.exe

C:\Windows\System\dZdtJfU.exe

C:\Windows\System\olnxtgt.exe

C:\Windows\System\olnxtgt.exe

C:\Windows\System\JdWaboK.exe

C:\Windows\System\JdWaboK.exe

C:\Windows\System\tDLYfVF.exe

C:\Windows\System\tDLYfVF.exe

C:\Windows\System\hmAghcp.exe

C:\Windows\System\hmAghcp.exe

C:\Windows\System\ncUmhDc.exe

C:\Windows\System\ncUmhDc.exe

C:\Windows\System\rdTidXc.exe

C:\Windows\System\rdTidXc.exe

C:\Windows\System\ACPBoVj.exe

C:\Windows\System\ACPBoVj.exe

C:\Windows\System\USOzpRG.exe

C:\Windows\System\USOzpRG.exe

C:\Windows\System\HUoDGTJ.exe

C:\Windows\System\HUoDGTJ.exe

C:\Windows\System\XPHhZiA.exe

C:\Windows\System\XPHhZiA.exe

C:\Windows\System\yLrVeWV.exe

C:\Windows\System\yLrVeWV.exe

C:\Windows\System\nqSoaWY.exe

C:\Windows\System\nqSoaWY.exe

C:\Windows\System\tElrWCk.exe

C:\Windows\System\tElrWCk.exe

C:\Windows\System\xgSuvRa.exe

C:\Windows\System\xgSuvRa.exe

C:\Windows\System\ywjCqTm.exe

C:\Windows\System\ywjCqTm.exe

C:\Windows\System\fPNgwUJ.exe

C:\Windows\System\fPNgwUJ.exe

C:\Windows\System\hGKQdIi.exe

C:\Windows\System\hGKQdIi.exe

C:\Windows\System\qvPmCmj.exe

C:\Windows\System\qvPmCmj.exe

C:\Windows\System\UIamUOc.exe

C:\Windows\System\UIamUOc.exe

C:\Windows\System\dCMuxXv.exe

C:\Windows\System\dCMuxXv.exe

C:\Windows\System\jPTsRBl.exe

C:\Windows\System\jPTsRBl.exe

C:\Windows\System\VIZlxRY.exe

C:\Windows\System\VIZlxRY.exe

C:\Windows\System\LdTNLBx.exe

C:\Windows\System\LdTNLBx.exe

C:\Windows\System\UaeDuCR.exe

C:\Windows\System\UaeDuCR.exe

C:\Windows\System\oHGjRFP.exe

C:\Windows\System\oHGjRFP.exe

C:\Windows\System\fkAsgnS.exe

C:\Windows\System\fkAsgnS.exe

C:\Windows\System\MTrZNWL.exe

C:\Windows\System\MTrZNWL.exe

C:\Windows\System\MwUkNtS.exe

C:\Windows\System\MwUkNtS.exe

C:\Windows\System\TmdOLas.exe

C:\Windows\System\TmdOLas.exe

C:\Windows\System\EmPNbGx.exe

C:\Windows\System\EmPNbGx.exe

C:\Windows\System\SDGOcej.exe

C:\Windows\System\SDGOcej.exe

C:\Windows\System\pxZCLrs.exe

C:\Windows\System\pxZCLrs.exe

C:\Windows\System\nwaFzyA.exe

C:\Windows\System\nwaFzyA.exe

C:\Windows\System\lvojPbR.exe

C:\Windows\System\lvojPbR.exe

C:\Windows\System\tobOURH.exe

C:\Windows\System\tobOURH.exe

C:\Windows\System\yGtbPxK.exe

C:\Windows\System\yGtbPxK.exe

C:\Windows\System\fXUsptI.exe

C:\Windows\System\fXUsptI.exe

C:\Windows\System\hFKhQit.exe

C:\Windows\System\hFKhQit.exe

C:\Windows\System\UsHZsrO.exe

C:\Windows\System\UsHZsrO.exe

C:\Windows\System\wleOMdV.exe

C:\Windows\System\wleOMdV.exe

C:\Windows\System\kjIHeJz.exe

C:\Windows\System\kjIHeJz.exe

C:\Windows\System\dmXeZmw.exe

C:\Windows\System\dmXeZmw.exe

C:\Windows\System\aaccAmb.exe

C:\Windows\System\aaccAmb.exe

C:\Windows\System\HNDbHet.exe

C:\Windows\System\HNDbHet.exe

C:\Windows\System\OIIaIka.exe

C:\Windows\System\OIIaIka.exe

C:\Windows\System\lCyATih.exe

C:\Windows\System\lCyATih.exe

C:\Windows\System\CwCwNSI.exe

C:\Windows\System\CwCwNSI.exe

C:\Windows\System\iXxMkEY.exe

C:\Windows\System\iXxMkEY.exe

C:\Windows\System\Obrbuuy.exe

C:\Windows\System\Obrbuuy.exe

C:\Windows\System\AigHsWH.exe

C:\Windows\System\AigHsWH.exe

C:\Windows\System\OJJcHhL.exe

C:\Windows\System\OJJcHhL.exe

C:\Windows\System\ofBbdlr.exe

C:\Windows\System\ofBbdlr.exe

C:\Windows\System\wyNyoYV.exe

C:\Windows\System\wyNyoYV.exe

C:\Windows\System\hqJYatR.exe

C:\Windows\System\hqJYatR.exe

C:\Windows\System\CLJOxPk.exe

C:\Windows\System\CLJOxPk.exe

C:\Windows\System\wIBpHFp.exe

C:\Windows\System\wIBpHFp.exe

C:\Windows\System\owpppXV.exe

C:\Windows\System\owpppXV.exe

C:\Windows\System\kOTYXLI.exe

C:\Windows\System\kOTYXLI.exe

C:\Windows\System\FQOlsbO.exe

C:\Windows\System\FQOlsbO.exe

C:\Windows\System\lthWvfa.exe

C:\Windows\System\lthWvfa.exe

C:\Windows\System\OjbVrBI.exe

C:\Windows\System\OjbVrBI.exe

C:\Windows\System\EbnPEhu.exe

C:\Windows\System\EbnPEhu.exe

C:\Windows\System\lmUxQdf.exe

C:\Windows\System\lmUxQdf.exe

C:\Windows\System\lMpDJsE.exe

C:\Windows\System\lMpDJsE.exe

C:\Windows\System\PYqUTOl.exe

C:\Windows\System\PYqUTOl.exe

C:\Windows\System\mRpRsIg.exe

C:\Windows\System\mRpRsIg.exe

C:\Windows\System\HUvqDbH.exe

C:\Windows\System\HUvqDbH.exe

C:\Windows\System\gjuSzCP.exe

C:\Windows\System\gjuSzCP.exe

C:\Windows\System\EkLfphh.exe

C:\Windows\System\EkLfphh.exe

C:\Windows\System\rmFUzpj.exe

C:\Windows\System\rmFUzpj.exe

C:\Windows\System\wuPXpcB.exe

C:\Windows\System\wuPXpcB.exe

C:\Windows\System\gGWWkeo.exe

C:\Windows\System\gGWWkeo.exe

C:\Windows\System\IVCEuPf.exe

C:\Windows\System\IVCEuPf.exe

C:\Windows\System\uJcPFfm.exe

C:\Windows\System\uJcPFfm.exe

C:\Windows\System\WDEkzLh.exe

C:\Windows\System\WDEkzLh.exe

C:\Windows\System\LUfJhUr.exe

C:\Windows\System\LUfJhUr.exe

C:\Windows\System\dEbyYkx.exe

C:\Windows\System\dEbyYkx.exe

C:\Windows\System\yvCGVoW.exe

C:\Windows\System\yvCGVoW.exe

C:\Windows\System\sXeOQUR.exe

C:\Windows\System\sXeOQUR.exe

C:\Windows\System\njsuHuw.exe

C:\Windows\System\njsuHuw.exe

C:\Windows\System\TLWDKTk.exe

C:\Windows\System\TLWDKTk.exe

C:\Windows\System\xPrjiRr.exe

C:\Windows\System\xPrjiRr.exe

C:\Windows\System\TEiJFlF.exe

C:\Windows\System\TEiJFlF.exe

C:\Windows\System\BjpiXlF.exe

C:\Windows\System\BjpiXlF.exe

C:\Windows\System\ySgvyiX.exe

C:\Windows\System\ySgvyiX.exe

C:\Windows\System\ATAolwk.exe

C:\Windows\System\ATAolwk.exe

C:\Windows\System\awUsCmh.exe

C:\Windows\System\awUsCmh.exe

C:\Windows\System\CSwRVWu.exe

C:\Windows\System\CSwRVWu.exe

C:\Windows\System\QkvlFvv.exe

C:\Windows\System\QkvlFvv.exe

C:\Windows\System\SrfOrtj.exe

C:\Windows\System\SrfOrtj.exe

C:\Windows\System\USqMirH.exe

C:\Windows\System\USqMirH.exe

C:\Windows\System\wVPyXFM.exe

C:\Windows\System\wVPyXFM.exe

C:\Windows\System\drEAUns.exe

C:\Windows\System\drEAUns.exe

C:\Windows\System\kxtrZbH.exe

C:\Windows\System\kxtrZbH.exe

C:\Windows\System\mXuLtMT.exe

C:\Windows\System\mXuLtMT.exe

C:\Windows\System\SSVecDQ.exe

C:\Windows\System\SSVecDQ.exe

C:\Windows\System\gpOLMvO.exe

C:\Windows\System\gpOLMvO.exe

C:\Windows\System\FGEaMLV.exe

C:\Windows\System\FGEaMLV.exe

C:\Windows\System\GsjoLbb.exe

C:\Windows\System\GsjoLbb.exe

C:\Windows\System\vanIAjp.exe

C:\Windows\System\vanIAjp.exe

C:\Windows\System\KgLbWFK.exe

C:\Windows\System\KgLbWFK.exe

C:\Windows\System\DNYToYZ.exe

C:\Windows\System\DNYToYZ.exe

C:\Windows\System\QYJgqQT.exe

C:\Windows\System\QYJgqQT.exe

C:\Windows\System\bkwGoLO.exe

C:\Windows\System\bkwGoLO.exe

C:\Windows\System\pdFVrXw.exe

C:\Windows\System\pdFVrXw.exe

C:\Windows\System\ChOKLWq.exe

C:\Windows\System\ChOKLWq.exe

C:\Windows\System\jwjZPRY.exe

C:\Windows\System\jwjZPRY.exe

C:\Windows\System\YPWtzeQ.exe

C:\Windows\System\YPWtzeQ.exe

C:\Windows\System\REPEKOd.exe

C:\Windows\System\REPEKOd.exe

C:\Windows\System\iWMYGvE.exe

C:\Windows\System\iWMYGvE.exe

C:\Windows\System\SlpvnrB.exe

C:\Windows\System\SlpvnrB.exe

C:\Windows\System\ytoAFcf.exe

C:\Windows\System\ytoAFcf.exe

C:\Windows\System\SyIRFVB.exe

C:\Windows\System\SyIRFVB.exe

C:\Windows\System\mKBkcRy.exe

C:\Windows\System\mKBkcRy.exe

C:\Windows\System\LhBLDxi.exe

C:\Windows\System\LhBLDxi.exe

C:\Windows\System\JPveiqq.exe

C:\Windows\System\JPveiqq.exe

C:\Windows\System\YrlXQDA.exe

C:\Windows\System\YrlXQDA.exe

C:\Windows\System\qIhyxIn.exe

C:\Windows\System\qIhyxIn.exe

C:\Windows\System\dHFnWCP.exe

C:\Windows\System\dHFnWCP.exe

C:\Windows\System\GkoklGX.exe

C:\Windows\System\GkoklGX.exe

C:\Windows\System\vdIAByZ.exe

C:\Windows\System\vdIAByZ.exe

C:\Windows\System\gbOtUci.exe

C:\Windows\System\gbOtUci.exe

C:\Windows\System\doQybKC.exe

C:\Windows\System\doQybKC.exe

C:\Windows\System\QKOWelf.exe

C:\Windows\System\QKOWelf.exe

C:\Windows\System\UIMTYGu.exe

C:\Windows\System\UIMTYGu.exe

C:\Windows\System\AWDJiwE.exe

C:\Windows\System\AWDJiwE.exe

C:\Windows\System\nysIkbZ.exe

C:\Windows\System\nysIkbZ.exe

C:\Windows\System\XmQizjN.exe

C:\Windows\System\XmQizjN.exe

C:\Windows\System\ifaJfMA.exe

C:\Windows\System\ifaJfMA.exe

C:\Windows\System\tDLgFJP.exe

C:\Windows\System\tDLgFJP.exe

C:\Windows\System\HINBqCF.exe

C:\Windows\System\HINBqCF.exe

C:\Windows\System\zupFqYk.exe

C:\Windows\System\zupFqYk.exe

C:\Windows\System\sXWIUMj.exe

C:\Windows\System\sXWIUMj.exe

C:\Windows\System\MpjdTLU.exe

C:\Windows\System\MpjdTLU.exe

C:\Windows\System\YPDzjix.exe

C:\Windows\System\YPDzjix.exe

C:\Windows\System\qMoNbUn.exe

C:\Windows\System\qMoNbUn.exe

C:\Windows\System\NfRnLPX.exe

C:\Windows\System\NfRnLPX.exe

C:\Windows\System\vuzpMpw.exe

C:\Windows\System\vuzpMpw.exe

C:\Windows\System\gLjrYxj.exe

C:\Windows\System\gLjrYxj.exe

C:\Windows\System\ISkoGyA.exe

C:\Windows\System\ISkoGyA.exe

C:\Windows\System\ewEJGHX.exe

C:\Windows\System\ewEJGHX.exe

C:\Windows\System\YjHzKns.exe

C:\Windows\System\YjHzKns.exe

C:\Windows\System\OnGlsMf.exe

C:\Windows\System\OnGlsMf.exe

C:\Windows\System\oLNhqtY.exe

C:\Windows\System\oLNhqtY.exe

C:\Windows\System\LBnAINF.exe

C:\Windows\System\LBnAINF.exe

C:\Windows\System\bXCRumM.exe

C:\Windows\System\bXCRumM.exe

C:\Windows\System\TXrlBtz.exe

C:\Windows\System\TXrlBtz.exe

C:\Windows\System\MKTETFh.exe

C:\Windows\System\MKTETFh.exe

C:\Windows\System\DNPKEvK.exe

C:\Windows\System\DNPKEvK.exe

C:\Windows\System\iofGPCb.exe

C:\Windows\System\iofGPCb.exe

C:\Windows\System\hQLiQeI.exe

C:\Windows\System\hQLiQeI.exe

C:\Windows\System\TZRIPHu.exe

C:\Windows\System\TZRIPHu.exe

C:\Windows\System\rSImaUe.exe

C:\Windows\System\rSImaUe.exe

C:\Windows\System\SaswaPh.exe

C:\Windows\System\SaswaPh.exe

C:\Windows\System\dPUDXdf.exe

C:\Windows\System\dPUDXdf.exe

C:\Windows\System\nzmeQYk.exe

C:\Windows\System\nzmeQYk.exe

C:\Windows\System\FHWSZWM.exe

C:\Windows\System\FHWSZWM.exe

C:\Windows\System\AIIqRDc.exe

C:\Windows\System\AIIqRDc.exe

C:\Windows\System\ZdOpQND.exe

C:\Windows\System\ZdOpQND.exe

C:\Windows\System\ZeTqQRB.exe

C:\Windows\System\ZeTqQRB.exe

C:\Windows\System\hPuPLwy.exe

C:\Windows\System\hPuPLwy.exe

C:\Windows\System\rknpQpC.exe

C:\Windows\System\rknpQpC.exe

C:\Windows\System\NwfzWjn.exe

C:\Windows\System\NwfzWjn.exe

C:\Windows\System\sHeSypH.exe

C:\Windows\System\sHeSypH.exe

C:\Windows\System\KYFrnbg.exe

C:\Windows\System\KYFrnbg.exe

C:\Windows\System\tCKredg.exe

C:\Windows\System\tCKredg.exe

C:\Windows\System\sxAFBvP.exe

C:\Windows\System\sxAFBvP.exe

C:\Windows\System\AWEZTGn.exe

C:\Windows\System\AWEZTGn.exe

C:\Windows\System\ScLZGII.exe

C:\Windows\System\ScLZGII.exe

C:\Windows\System\LDZbDDp.exe

C:\Windows\System\LDZbDDp.exe

C:\Windows\System\ZFGmKaW.exe

C:\Windows\System\ZFGmKaW.exe

C:\Windows\System\gGOZlQR.exe

C:\Windows\System\gGOZlQR.exe

C:\Windows\System\pvpDUZO.exe

C:\Windows\System\pvpDUZO.exe

C:\Windows\System\LvHrszh.exe

C:\Windows\System\LvHrszh.exe

C:\Windows\System\BTRUiHg.exe

C:\Windows\System\BTRUiHg.exe

C:\Windows\System\oSlICGo.exe

C:\Windows\System\oSlICGo.exe

C:\Windows\System\kDdFuyL.exe

C:\Windows\System\kDdFuyL.exe

C:\Windows\System\XxeODCF.exe

C:\Windows\System\XxeODCF.exe

C:\Windows\System\rDEbbKj.exe

C:\Windows\System\rDEbbKj.exe

C:\Windows\System\agxjoOL.exe

C:\Windows\System\agxjoOL.exe

C:\Windows\System\FrLkqWL.exe

C:\Windows\System\FrLkqWL.exe

C:\Windows\System\WnArNab.exe

C:\Windows\System\WnArNab.exe

C:\Windows\System\sAxmwzS.exe

C:\Windows\System\sAxmwzS.exe

C:\Windows\System\NbuyDcX.exe

C:\Windows\System\NbuyDcX.exe

C:\Windows\System\bjgaXZn.exe

C:\Windows\System\bjgaXZn.exe

C:\Windows\System\ZrXlNNY.exe

C:\Windows\System\ZrXlNNY.exe

C:\Windows\System\HnqLKPX.exe

C:\Windows\System\HnqLKPX.exe

C:\Windows\System\PlQLXFP.exe

C:\Windows\System\PlQLXFP.exe

C:\Windows\System\vDzZdFV.exe

C:\Windows\System\vDzZdFV.exe

C:\Windows\System\QiUFjlU.exe

C:\Windows\System\QiUFjlU.exe

C:\Windows\System\RKVShvC.exe

C:\Windows\System\RKVShvC.exe

C:\Windows\System\nAuYGve.exe

C:\Windows\System\nAuYGve.exe

C:\Windows\System\UcSgUYh.exe

C:\Windows\System\UcSgUYh.exe

C:\Windows\System\eVvHBry.exe

C:\Windows\System\eVvHBry.exe

C:\Windows\System\ZItbZGr.exe

C:\Windows\System\ZItbZGr.exe

C:\Windows\System\qdAnbBz.exe

C:\Windows\System\qdAnbBz.exe

C:\Windows\System\tYnyvMl.exe

C:\Windows\System\tYnyvMl.exe

C:\Windows\System\wQWwgvd.exe

C:\Windows\System\wQWwgvd.exe

C:\Windows\System\MooJLjo.exe

C:\Windows\System\MooJLjo.exe

C:\Windows\System\dhOFKjW.exe

C:\Windows\System\dhOFKjW.exe

C:\Windows\System\BXdknpD.exe

C:\Windows\System\BXdknpD.exe

C:\Windows\System\SqBLutP.exe

C:\Windows\System\SqBLutP.exe

C:\Windows\System\LOhmRoh.exe

C:\Windows\System\LOhmRoh.exe

C:\Windows\System\wKeNQSp.exe

C:\Windows\System\wKeNQSp.exe

C:\Windows\System\iOLIsza.exe

C:\Windows\System\iOLIsza.exe

C:\Windows\System\wdAPkoo.exe

C:\Windows\System\wdAPkoo.exe

C:\Windows\System\LAWBCXf.exe

C:\Windows\System\LAWBCXf.exe

C:\Windows\System\PiyHUmp.exe

C:\Windows\System\PiyHUmp.exe

C:\Windows\System\okJUkGo.exe

C:\Windows\System\okJUkGo.exe

C:\Windows\System\GdUbNTF.exe

C:\Windows\System\GdUbNTF.exe

C:\Windows\System\JFEwJye.exe

C:\Windows\System\JFEwJye.exe

C:\Windows\System\uZFokxE.exe

C:\Windows\System\uZFokxE.exe

C:\Windows\System\RChpgVu.exe

C:\Windows\System\RChpgVu.exe

C:\Windows\System\ASrFTHl.exe

C:\Windows\System\ASrFTHl.exe

C:\Windows\System\cxiGzZB.exe

C:\Windows\System\cxiGzZB.exe

C:\Windows\System\YQHPMGg.exe

C:\Windows\System\YQHPMGg.exe

C:\Windows\System\CdykoFk.exe

C:\Windows\System\CdykoFk.exe

C:\Windows\System\gslmdPz.exe

C:\Windows\System\gslmdPz.exe

C:\Windows\System\HoZmXEM.exe

C:\Windows\System\HoZmXEM.exe

C:\Windows\System\SyTpNPn.exe

C:\Windows\System\SyTpNPn.exe

C:\Windows\System\vGfodFV.exe

C:\Windows\System\vGfodFV.exe

C:\Windows\System\kZbHWij.exe

C:\Windows\System\kZbHWij.exe

C:\Windows\System\BFjKUNV.exe

C:\Windows\System\BFjKUNV.exe

C:\Windows\System\JgIbhXj.exe

C:\Windows\System\JgIbhXj.exe

C:\Windows\System\VqTpXUV.exe

C:\Windows\System\VqTpXUV.exe

C:\Windows\System\qOEUYPI.exe

C:\Windows\System\qOEUYPI.exe

C:\Windows\System\yzpmNTs.exe

C:\Windows\System\yzpmNTs.exe

C:\Windows\System\BVSDWdQ.exe

C:\Windows\System\BVSDWdQ.exe

C:\Windows\System\gEpiEOO.exe

C:\Windows\System\gEpiEOO.exe

C:\Windows\System\zcWFOdW.exe

C:\Windows\System\zcWFOdW.exe

C:\Windows\System\rELMdaB.exe

C:\Windows\System\rELMdaB.exe

C:\Windows\System\qPKtlWE.exe

C:\Windows\System\qPKtlWE.exe

C:\Windows\System\asxHGAP.exe

C:\Windows\System\asxHGAP.exe

C:\Windows\System\vBWTQho.exe

C:\Windows\System\vBWTQho.exe

C:\Windows\System\pmbbUDQ.exe

C:\Windows\System\pmbbUDQ.exe

C:\Windows\System\THmbYuk.exe

C:\Windows\System\THmbYuk.exe

C:\Windows\System\wNlWZaX.exe

C:\Windows\System\wNlWZaX.exe

C:\Windows\System\rJiQqGt.exe

C:\Windows\System\rJiQqGt.exe

C:\Windows\System\MDRDyKS.exe

C:\Windows\System\MDRDyKS.exe

C:\Windows\System\sDhheZt.exe

C:\Windows\System\sDhheZt.exe

C:\Windows\System\LgjIBzU.exe

C:\Windows\System\LgjIBzU.exe

C:\Windows\System\MbZQzgw.exe

C:\Windows\System\MbZQzgw.exe

C:\Windows\System\EBCGfTY.exe

C:\Windows\System\EBCGfTY.exe

C:\Windows\System\KuAOYhM.exe

C:\Windows\System\KuAOYhM.exe

C:\Windows\System\UOkqdbD.exe

C:\Windows\System\UOkqdbD.exe

C:\Windows\System\poNVTPW.exe

C:\Windows\System\poNVTPW.exe

C:\Windows\System\ONLyooe.exe

C:\Windows\System\ONLyooe.exe

C:\Windows\System\loaNszC.exe

C:\Windows\System\loaNszC.exe

C:\Windows\System\GiwCSTx.exe

C:\Windows\System\GiwCSTx.exe

C:\Windows\System\EzjdqPO.exe

C:\Windows\System\EzjdqPO.exe

C:\Windows\System\imFNwEI.exe

C:\Windows\System\imFNwEI.exe

C:\Windows\System\yZDbeNl.exe

C:\Windows\System\yZDbeNl.exe

C:\Windows\System\HSmnRFw.exe

C:\Windows\System\HSmnRFw.exe

C:\Windows\System\XECcFOW.exe

C:\Windows\System\XECcFOW.exe

C:\Windows\System\xIaCwXd.exe

C:\Windows\System\xIaCwXd.exe

C:\Windows\System\okSassM.exe

C:\Windows\System\okSassM.exe

C:\Windows\System\PikVzXe.exe

C:\Windows\System\PikVzXe.exe

C:\Windows\System\QyGatOO.exe

C:\Windows\System\QyGatOO.exe

C:\Windows\System\UKEGnHS.exe

C:\Windows\System\UKEGnHS.exe

C:\Windows\System\UxQOKFp.exe

C:\Windows\System\UxQOKFp.exe

C:\Windows\System\fVDjlVU.exe

C:\Windows\System\fVDjlVU.exe

C:\Windows\System\zdVFivv.exe

C:\Windows\System\zdVFivv.exe

C:\Windows\System\HEhWYQl.exe

C:\Windows\System\HEhWYQl.exe

C:\Windows\System\eSixMAe.exe

C:\Windows\System\eSixMAe.exe

C:\Windows\System\RoezYLc.exe

C:\Windows\System\RoezYLc.exe

C:\Windows\System\OtBedFr.exe

C:\Windows\System\OtBedFr.exe

C:\Windows\System\AMJGVwv.exe

C:\Windows\System\AMJGVwv.exe

C:\Windows\System\zDRoYio.exe

C:\Windows\System\zDRoYio.exe

C:\Windows\System\LMhvVYp.exe

C:\Windows\System\LMhvVYp.exe

C:\Windows\System\NnmtvdI.exe

C:\Windows\System\NnmtvdI.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2988-0-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

memory/2988-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\VWCyBWX.exe

MD5 4a8f71a6cc4d329c2b69ca028cd31931
SHA1 7817e14e29fff7f8502e4c2c70d691fc01b285f7
SHA256 4e6f2eb9aaeddc834d7289a05160c994aab7e2f86ef9da40d27df6172ab0cf45
SHA512 bc1cffbd3dbc5b6ab2184878492fd0906727a28b1de1d276c902bd559cf6ea53d0da1394ee5f5bb4769566da1f6481f3179505e9f1e1bae1223a9654a36f2d96

memory/2516-9-0x000000013F8E0000-0x000000013FCD2000-memory.dmp

\Windows\system\MbhSzJt.exe

MD5 f4e395084a6ae43eea0da5ec8f444141
SHA1 3cd8eaf605c378bcbb49b803b53412ea8c5ce2b5
SHA256 a1f6b6b180f7c7cad0b59de810b9279f95844e1a4a567c4905e453b28b09cecc
SHA512 53233228edb3afdd7f6b86e8edc8a0d90a71f8cb2cfe5d59c08914a94b1a6de81803f832bb60bef67cb0c56f797d8b2c5d54a456c5013a901ff57d934c477a73

memory/2988-8-0x000000013F8E0000-0x000000013FCD2000-memory.dmp

memory/2984-19-0x000007FEF632E000-0x000007FEF632F000-memory.dmp

memory/2988-18-0x000000013FF50000-0x0000000140342000-memory.dmp

C:\Windows\system\MSvgRaj.exe

MD5 035ba9714311e24bcbc22e5da3eebf73
SHA1 4b6ab7a2938ecace059d325082561cb76632a340
SHA256 f78276efe4a3ec691aa26f9bf28835f8d2099021cf813f8e3edf9c1b085a42d1
SHA512 a32d81a9b17f31c6fbea01c83d1b20a9f10de0eee50390c5de7c5b4c6674bee57a99d7378cc120792615a6c3a34f0eac36dec9b8155b144950f7e8fb17d45cf2

\Windows\system\MoOOPMB.exe

MD5 990d837f64b5f17c1ab810b0dfc354db
SHA1 7bcad26cf34e0dfc6e28ffc18ceebc9d3853af6b
SHA256 9a297736709323e35b36293560318f17fcbaf94ea8fc75b85e150b2be94e9886
SHA512 b40fbba88cccf2bd4c570a0196d41e87a3c099d43f394cbad9c179a8335e81b63ab21f2461584af97abac4f054ae0a63f7ed115757c57a620879164827698c8c

memory/2984-30-0x0000000001EA0000-0x0000000001EA8000-memory.dmp

memory/2984-27-0x000000001B4D0000-0x000000001B7B2000-memory.dmp

C:\Windows\system\VXOGugT.exe

MD5 142405bbb566205b6237fa2eff35502c
SHA1 e89fd5da6fb8583ec8abc2919e9950a1e418cf59
SHA256 1455398fac0ccc4a38b1db3965923226de38289dab307858121251f0dc7f3762
SHA512 75821ef7147b8f444dede79017dc82500b613186c5dce99f73e2f1692dec9eb8d141455dc2ce81c1e724156a7f41abab5b214ef45aea4311aed4bf184b0d0eed

memory/2988-58-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

\Windows\system\wHvkZUz.exe

MD5 da4b07b8540805d5cbaff812829d8573
SHA1 dfa84bde3e024b3276034138233aa733cab8245a
SHA256 55878b02a0a8fb54f941611c45af8b9c998ded471db9c4cc0da3b167e723f54e
SHA512 274fbd2f8831e6ad97372d83b748b8cdd89fff4c715f9ebdd8c49eea0849781b3e79404e958e79ee813460ca2f48353e5fc4527db586158259d43d19607f3c73

C:\Windows\system\yerVflL.exe

MD5 130f5d2c694f80b476b10a3928bb1ae3
SHA1 b22366ba93c2843aa17685e96567dd4f1853caf6
SHA256 54bc4ae5c45af399aea6ebae9ddb6e492842e2e935fd1011e56e3d5e689b886f
SHA512 1358bd6a77e3ba2ade35b9b19af4583296b6a448d47f81c07684ab70b0a646d4622d32101b1898f71e12f9fd8f628165f407a1bce2e42092b67210e0db39a2ed

memory/2988-137-0x0000000003440000-0x0000000003832000-memory.dmp

C:\Windows\system\XEmuIId.exe

MD5 1359495d346640aebbbb3dbe5a0053ed
SHA1 012a227fea9c3ceab3ee96c9fffd0c2dd3ba8e79
SHA256 ff7de2d78084eadc1e73285e1a44bf0251449388be51bdfd564e1cd6fa9a3c14
SHA512 f4914227030da65718fd710b6b0cbea0ac85866f37cfab985e7c1b4873092fe736f4b2457779b1fed5d6601c56b94716cffb64ee4375188c054aeda745c3d5c4

C:\Windows\system\AShXrUQ.exe

MD5 057d07f8e8fbcdd301b1d17957bbe422
SHA1 38e240d2cba056c7468ad16afaa3d4758d3c2b3a
SHA256 746008b90ffe07395a4554347f96821b927e764a715aaf717d243185d2d21fb3
SHA512 23e27a308ec5cfa1b03b132189af43ec11eae84c0c7862c1bed47354ee6fe8a70f82cf259921cd4177117507539efda99d61bd45724810879352329b0595f775

memory/2988-253-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

C:\Windows\system\fadopSA.exe

MD5 9551d718fed7566cb9f880a682d388da
SHA1 71aa285c810703d24e00e9622b7462f13e47fbfd
SHA256 3a5c5fc8f0072bd59e1c31531e754d1f89df798b04ff32f7564e1fffea7bc6be
SHA512 fb643f28e4642c5538c6762201ed7a9037d730894dc03ba6b42841d842f45297e305dbf26f426004297c9fb0ea330ce2c3736f845fdc166df22eb66936e6611e

C:\Windows\system\ZxHZvvp.exe

MD5 5edd7ab29b73bb0b57a340460a61075e
SHA1 18b83d4619af36d058dfa7a9a7d24640238fe56e
SHA256 7c1a4302dcf5fd9d33b5b3d80fe6dcadac7ab8740304b7cd47854a219650d80c
SHA512 6fc31fe300b6566fbe322f46b87cd8ff984bbc1aed2222654f2213158fdc5414c6a333e455b29300e9bada8382849e0efe2aea2f8fe3edad022f3eb5ea4b70a4

C:\Windows\system\KvyqOkm.exe

MD5 b9b6207940941934aaea3ee07bedfc01
SHA1 40a7940922865cb88cef1b9df1fbf5dac29e9e6c
SHA256 420e9f46b173a3014d1e2a70971f5ec8f465f4d2745a8d83d9e80e8be74cac89
SHA512 2bd7953b9f11fb6c114718487e62003a1a0a0fe21c8e24db22b3dc89c151dcf614cd3f0ee6e8eb649ad0286c6550877d6beb11207125b35e52ebffa5131faf85

C:\Windows\system\AvxXnNS.exe

MD5 66f53eba84d347937154ce7a6ddbe864
SHA1 8809c12a516f0404e17428a63f87f88ebef17253
SHA256 94a2652041a12dc39b02d624f15cb8ca7c9029e5bc0a5f0d32b5c0ef15ebf85e
SHA512 56e68d1911b6b7897395080d0d9e9b1aede71caca3df2c96fcee033ebd2d045b670b834d66e1752e9a0a6d79e57b660f020807c1cb44c7dc21882ef44bc85c50

C:\Windows\system\QaHgREc.exe

MD5 e72b611ce87c8322a4eb8377684b4b8b
SHA1 8301f4ef0bcdfd3153ef4962c3da95ec8272236a
SHA256 ef6db2a49d6fa5cafd25522d556f7b1908442e654c01ebe3d74b4c5ef450d30e
SHA512 e98acf0c2b9201028f41e3815ba1b19fc9ace9bab7f17a4a4fc77eeb63a8127c4b5fe4732e11bb0afdfa937d4db79f846996c096e0b9293dec0882bf1c1c9053

C:\Windows\system\bTqPlZj.exe

MD5 39c6f656438edce0e882e2be22db30a5
SHA1 986a9853900a4202ea56c58268e50961a2a120ad
SHA256 07e0b2da15ecb7e8fa2322bd6d1c4cae95c4291e7a0cd00d532a8251e8a8789d
SHA512 ede13414f18d1faafa69aa31c42465270c16395f62be581d8328368f403485307c11e814ac4b7c68f6927abc9e460554581780db63ada2b4f3db38cd84b377a0

C:\Windows\system\dFnDCUZ.exe

MD5 ab7f0bcca975e11a1f4ae410c27de699
SHA1 d952f383158eb9724e82c81cb068123a6c1d8265
SHA256 b8614a4ca7b4520d5d66ea5b2508e1189b486c92b4a88f8785cf704507150c4e
SHA512 dd865758e9848fc575b11e8aa43fb465dba4e17135b540a1dc9aab52ecc440916577836a9637a9472743c855c6950a3473608fc71be92d8dd7a27076e44680ce

C:\Windows\system\gArHkMh.exe

MD5 92e803e623735f7c1221db7c6350fa49
SHA1 be55cdf5907949e52f09d21340886d891d8774e6
SHA256 afe0c28b5359f0d7bc0797547d4385039cfe744084ad36e64681ef4e890a2bae
SHA512 ff4f226dc5640885b3beaeb0c5eb0441132f24f120533867fd5ca52d8837de38a0f9cf120b78e7a181c4acec4dc12153f2fc908df7205a53184fe021e020cdde

C:\Windows\system\mtRxMMT.exe

MD5 bb771d40a89cd169fe9a2cc18279f44c
SHA1 f06fa9fed27adf3a7ae14ce9104c4bcb9679a59e
SHA256 7dc6d135c34c296f28c031b9e05852cbf353867ed19f7292f0045c64cb45be7b
SHA512 5459235fc284147d8e80b98fff5ebd88ed387a93fcd2117f158d2ed33df68e0e3de142595f2a1e7293d50c5b8f1db4106f52e929add014812aa7f3159d580603

memory/2988-142-0x000000013FDD0000-0x00000001401C2000-memory.dmp

\Windows\system\tWHvQFU.exe

MD5 78ccfa17d9fd5441926060189273f46a
SHA1 3294338fb3e3b1dbb57f3919de32a6981b469c02
SHA256 686e77e32b36e84268036a59ef005b2f26f45df204e9749d5b0c6f9b508a635b
SHA512 9566d217102ffc4578b3f7972fa57e249edc42caee5838c931bf21c73371c64b304fa6c52baf73417dfd6fcae5f6978bee9546b73db78cbc9356438e6b75785d

C:\Windows\system\eNSiPMJ.exe

MD5 c6656d7e3aa31eced8f9350bbac7b4c0
SHA1 2c6c3f9173f3bc8fb2eeeadbba91781785efcc1c
SHA256 b7b1e36e1f604dbf91ee87fb874d6f621cd85da4d5622a216bb9511c096e2930
SHA512 364e5584b136e07bc15703f75e8903c44452262f7aa56188bc153add9de4ccf466939e017adb571e338cdc2a894aa7c79ef0ed759b57cae56bbb4505b55635e8

C:\Windows\system\kKoCBry.exe

MD5 e1493ba84532b06b657fa2f437939cd8
SHA1 7424641b59351fd3ad8e76e2430edaccf8fdb304
SHA256 a85554a09d78069f63cc346d18391b68b008d162288c68ca40c3653b3a4bf041
SHA512 83e37efb6d00efce43becf39e6bd523f57318f57a99d3abb5bb3d132904200bc245ab2c782ce96b00b448e4c1921e2d27bd74fe6a8daa52c3813e8bb0a74e071

\Windows\system\uyOnpWW.exe

MD5 22da6b51c34acc01386e9a38f2a6fda0
SHA1 ad2099271c450b1ab51d85dd5185af4ae4b3044b
SHA256 c67526ea7a6b48a453d36140c57751cc3936c19bb4c2d541317466189a64e64a
SHA512 0ddcb55eeb5bc25871bfd59cb05d963fec727348c2dc6ba90f72dbb122ab95e4083363c4201f1e92f9047738e2ceddcb0baaf52b157d01feea42527b88ba7b0f

C:\Windows\system\RdbCbAE.exe

MD5 9bce962ebe00eff6ebf4d1886660fe4c
SHA1 5a0da1cc4b34700e857e857403b2a336aee50f1c
SHA256 ef273e92ddc25398120728b9e8aeaad8b62b1bd2b99921f0a8c08d9d55be2c67
SHA512 b8000118fca679dba07b2768ab799ad63c531f35ca3131ad1a928a87dfb236343a333984a68641c71b803a3fc7fd01405922e8a4558b7da8f36cc8c6808ac757

C:\Windows\system\QgbjyNF.exe

MD5 ea7a710d28087904dcdcfeedbb7882cd
SHA1 0e5c19d2710b12db21d34b3998893e10c455c6e5
SHA256 87123ba8bdbc749944fa0aa84b16992f4de8542b9e1f11f127669f7be1c41751
SHA512 f9f102ca75d8f81abed30d54a64730164e06d7f6c851797d486e29927349bb0e77c7f3f3c7760838fd1203b1c571673913c218bf05c58234a9f3b6344dbe1880

C:\Windows\system\cygpJGH.exe

MD5 c42cdcc378c5c91df4c09f3928e87d34
SHA1 97cad7f9ae4f7497ed94fae39ae6a541ca1510fb
SHA256 e71986c9017b240c1ad4a5e776141074067ac770475165815621d80c31be7cbe
SHA512 5aa041aa53bb09d8964ea5d9e5af868eaff45e0861da3b7d69099758a6b2c556bcb6d4cde3e867a4220f181872e43b279d9159010401fee2126060b0db25e740

memory/852-82-0x000000013FFF0000-0x00000001403E2000-memory.dmp

C:\Windows\system\TMQBCWx.exe

MD5 33acee3279021c52d5943151434f607a
SHA1 249514702e34a1091ae6ecd15d3ac7904ab7a9d3
SHA256 7e506f7f066b4587d824712799b5b34de0ae7f537b58ee16a88379e26e37037b
SHA512 544be0b026896574e58b521911274159b131a3f67f4ed2a6ce0a8e8b4948de41f0f7648916f188bf41b71b1840b4b4895b89d7dfc2e579cea059303e8d128120

C:\Windows\system\yUzBFPq.exe

MD5 871a5183ce33c843f33a2ec1d938107c
SHA1 99cb93105befca76959c952838eb3cd1ded3357e
SHA256 07927b59ce2182ef39a52d7d54be3fe0a1a9f1240b6004c1eeea5b67f5cf7197
SHA512 39d167349338d4c6e46146a4053e4c07b8592fc6640f20ba5ec71b65b863313190b82d2fe11d431529b437d917f194afd4d4b2c776d8dce691fa40a7bb4bc1bb

C:\Windows\system\Dymafie.exe

MD5 853c69b4fdb43921d4cabf8613b41fb1
SHA1 54a9ff0012c7696ccf1191a7769556f2d1f51cb1
SHA256 0bf6b3781b8629b2c252ede8ddf4337a5da77ee1281e21bdca619a3fc0abeeae
SHA512 7b7bc7c8b68fd6457581129be6a1cd87270da1012605fd11b8a79c8194c9773e3cd6b59f20ee5de09eb1ce9391b047e3c278b3b77ed661ee8d89be797522cc16

memory/1436-89-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2988-88-0x0000000003440000-0x0000000003832000-memory.dmp

C:\Windows\system\juqthrO.exe

MD5 220661f5fa1afb764f1fb9cb23591f9b
SHA1 139717f339e3baf66b93e068aabfc04680aaa0ab
SHA256 aa38de6f86374fa4ab58d92e92f0f44e474be3e82cc84573125d9bc720408385
SHA512 7d746e1cc93f1a0638ad618b8428c02eb878ac63259d9a1587f3525a4e566d3b8b940ed0d063bfdd3796f02b0137a9357aefeabe2b8b7c37490082ae9a390f91

memory/2988-78-0x000000013FFF0000-0x00000001403E2000-memory.dmp

memory/2352-77-0x000000013FC10000-0x0000000140002000-memory.dmp

memory/2988-76-0x000000013FC10000-0x0000000140002000-memory.dmp

memory/568-75-0x000000013F170000-0x000000013F562000-memory.dmp

memory/1908-74-0x000000013FAB0000-0x000000013FEA2000-memory.dmp

memory/2608-44-0x000000013FEF0000-0x00000001402E2000-memory.dmp

\Windows\system\AVsWyla.exe

MD5 8eaee7a50dc49a7135378e2ce947cf5c
SHA1 d313e77bf336ccbc85a3d70f230897a9975a9821
SHA256 fca3f98a39dfcf08d7ff732c844305e58f19419e3fc0d12f0a1dec89921b6849
SHA512 a2a852d45fbbb6796dd1ef33fb4f3f361ec972f568439e24dfe1239c075adbd64b072e78275c1b906637ec70d2121ad4d318534099522a444269409a9a3e2899

memory/2984-40-0x000007FEF6070000-0x000007FEF6A0D000-memory.dmp

C:\Windows\system\DcyhSFY.exe

MD5 71aec1c6caf5f54d77ae515c62a12878
SHA1 aafdef18d89d636cb3078a3f245bdbfd2a28ea05
SHA256 e376d702bea71b80b0ee509f37dfd56dfbe56e6361a9f2cce0305f3d52e3f851
SHA512 e8109812e96b7239d3a23b1d5f32760591c27e4db0d60822e2ebc19c5b088d16842d9cc2fea352fae1f5e994913d186d906e42dee34b92c01d7f366b553ab16b

memory/3068-59-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2988-57-0x000000013FAB0000-0x000000013FEA2000-memory.dmp

memory/2988-56-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2984-55-0x000007FEF6070000-0x000007FEF6A0D000-memory.dmp

memory/2384-54-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2988-53-0x0000000003440000-0x0000000003832000-memory.dmp

memory/2540-51-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/2984-50-0x000007FEF6070000-0x000007FEF6A0D000-memory.dmp

C:\Windows\system\oKAYiUD.exe

MD5 28f08037f059930a80f4c9957a34dc72
SHA1 065ad8e671e6406e4fc19aa4c7866986ba94f53b
SHA256 89f6300789e2e84f72a85c992c2c21fb314542adba72273c8289e2725f42b390
SHA512 cd35bb1bd9ca889d1155e51121ac81199522eddb5330badb90714aad7aa70f8069a92b81e2debdef0545678d50274f505d4b642ea95298f873991639672039f0

memory/2988-46-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/2688-39-0x000000013FF50000-0x0000000140342000-memory.dmp

memory/2984-35-0x000007FEF6070000-0x000007FEF6A0D000-memory.dmp

memory/2984-1811-0x000007FEF6070000-0x000007FEF6A0D000-memory.dmp

memory/2352-3246-0x000000013FC10000-0x0000000140002000-memory.dmp

memory/1436-3244-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2516-3243-0x000000013F8E0000-0x000000013FCD2000-memory.dmp

memory/3068-3242-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2384-3261-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2608-3260-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2688-3285-0x000000013FF50000-0x0000000140342000-memory.dmp

memory/852-3319-0x000000013FFF0000-0x00000001403E2000-memory.dmp

memory/568-4075-0x000000013F170000-0x000000013F562000-memory.dmp

memory/1908-4662-0x000000013FAB0000-0x000000013FEA2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 16:08

Reported

2024-05-25 16:11

Platform

win10v2004-20240508-en

Max time kernel

123s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\tZnxvkn.exe N/A
N/A N/A C:\Windows\System\dvMStoH.exe N/A
N/A N/A C:\Windows\System\NelGIQE.exe N/A
N/A N/A C:\Windows\System\RMzaCnh.exe N/A
N/A N/A C:\Windows\System\cYAmqVA.exe N/A
N/A N/A C:\Windows\System\tJxjlhw.exe N/A
N/A N/A C:\Windows\System\GGVBqBN.exe N/A
N/A N/A C:\Windows\System\eYKYqhH.exe N/A
N/A N/A C:\Windows\System\wCbUewx.exe N/A
N/A N/A C:\Windows\System\pdLyRtq.exe N/A
N/A N/A C:\Windows\System\ldcijzu.exe N/A
N/A N/A C:\Windows\System\WSQJXtU.exe N/A
N/A N/A C:\Windows\System\IAhzepO.exe N/A
N/A N/A C:\Windows\System\fAXqiUS.exe N/A
N/A N/A C:\Windows\System\JShXxkE.exe N/A
N/A N/A C:\Windows\System\mCMVFRq.exe N/A
N/A N/A C:\Windows\System\RKFfqti.exe N/A
N/A N/A C:\Windows\System\exomayS.exe N/A
N/A N/A C:\Windows\System\DcujSkn.exe N/A
N/A N/A C:\Windows\System\tPeMumq.exe N/A
N/A N/A C:\Windows\System\dfGwOmA.exe N/A
N/A N/A C:\Windows\System\SnMLxoo.exe N/A
N/A N/A C:\Windows\System\JjevbyK.exe N/A
N/A N/A C:\Windows\System\bbrltEg.exe N/A
N/A N/A C:\Windows\System\rhbUjCZ.exe N/A
N/A N/A C:\Windows\System\QFDAvMu.exe N/A
N/A N/A C:\Windows\System\cEGPXEJ.exe N/A
N/A N/A C:\Windows\System\ZhOWyHb.exe N/A
N/A N/A C:\Windows\System\JWSgZiI.exe N/A
N/A N/A C:\Windows\System\FNFVrDi.exe N/A
N/A N/A C:\Windows\System\IhtoAOM.exe N/A
N/A N/A C:\Windows\System\huBzImC.exe N/A
N/A N/A C:\Windows\System\NGMbSxW.exe N/A
N/A N/A C:\Windows\System\RfaDfTw.exe N/A
N/A N/A C:\Windows\System\NJucOvC.exe N/A
N/A N/A C:\Windows\System\AouZKYx.exe N/A
N/A N/A C:\Windows\System\nfNdAxf.exe N/A
N/A N/A C:\Windows\System\DXpGwea.exe N/A
N/A N/A C:\Windows\System\dBxNGmr.exe N/A
N/A N/A C:\Windows\System\BGijCry.exe N/A
N/A N/A C:\Windows\System\OveXCAy.exe N/A
N/A N/A C:\Windows\System\XkVKTOC.exe N/A
N/A N/A C:\Windows\System\PGDsUGi.exe N/A
N/A N/A C:\Windows\System\fObGxFp.exe N/A
N/A N/A C:\Windows\System\mWcHBIv.exe N/A
N/A N/A C:\Windows\System\RAeLDVM.exe N/A
N/A N/A C:\Windows\System\MwWEFfk.exe N/A
N/A N/A C:\Windows\System\zdSxpUR.exe N/A
N/A N/A C:\Windows\System\dfWBpaW.exe N/A
N/A N/A C:\Windows\System\OSgzmwu.exe N/A
N/A N/A C:\Windows\System\CyGTmBM.exe N/A
N/A N/A C:\Windows\System\HALqFXH.exe N/A
N/A N/A C:\Windows\System\LeJhadN.exe N/A
N/A N/A C:\Windows\System\vREPhvs.exe N/A
N/A N/A C:\Windows\System\xIbdBSh.exe N/A
N/A N/A C:\Windows\System\jQFVjyk.exe N/A
N/A N/A C:\Windows\System\ryKxzHM.exe N/A
N/A N/A C:\Windows\System\BYznBpF.exe N/A
N/A N/A C:\Windows\System\wjHoxhq.exe N/A
N/A N/A C:\Windows\System\zYdAkvk.exe N/A
N/A N/A C:\Windows\System\KJeoAyd.exe N/A
N/A N/A C:\Windows\System\vNFWKLK.exe N/A
N/A N/A C:\Windows\System\vazkVkw.exe N/A
N/A N/A C:\Windows\System\sKJeVpC.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\WOGutOw.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\jXNcuvt.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\tboaaKI.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\HNbmyFe.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\fAXqiUS.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\RufNkiI.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmveGmz.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMMdjot.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\hadFhnT.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\Huafwgl.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\eizMYpa.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\PnKafZS.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCgNdtn.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\swRaOSH.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\jIEqUKW.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\XSeXcKP.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPLdGRN.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQhTnZo.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhvHvCV.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXhkVvO.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\tatEhQW.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\xFSXtxw.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUECKLz.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\IurGjXJ.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\JbwUrsd.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\pdvTzuX.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\JMsholg.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXQSoFE.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\pCxeMPQ.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBwrTgf.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\wzcDuSD.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\kWxVaMs.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\RfKTyLd.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\tpDxOMG.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\IAhzepO.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\umuWIez.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\eYgoirZ.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\qwlrQzm.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\NysgfNv.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\eVkCRru.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\xIbdBSh.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\klLdbgA.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\xagatkO.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwmJasN.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\koynZor.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivtWgHu.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\smRqENg.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\jVJhRLq.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSyOnlN.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOZrRgX.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANSYhXa.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFDAvMu.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZmQXjAG.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJgSTHQ.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGkhnma.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxprYti.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\yTGGycw.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\UrIWAWE.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJRXMgH.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLlhSAy.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWfFiML.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\RFgyimx.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\GGVBqBN.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjeuntJ.exe C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1952 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1952 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1952 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\tZnxvkn.exe
PID 1952 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\tZnxvkn.exe
PID 1952 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\dvMStoH.exe
PID 1952 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\dvMStoH.exe
PID 1952 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\NelGIQE.exe
PID 1952 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\NelGIQE.exe
PID 1952 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\RMzaCnh.exe
PID 1952 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\RMzaCnh.exe
PID 1952 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\cYAmqVA.exe
PID 1952 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\cYAmqVA.exe
PID 1952 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\tJxjlhw.exe
PID 1952 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\tJxjlhw.exe
PID 1952 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\GGVBqBN.exe
PID 1952 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\GGVBqBN.exe
PID 1952 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\eYKYqhH.exe
PID 1952 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\eYKYqhH.exe
PID 1952 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\wCbUewx.exe
PID 1952 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\wCbUewx.exe
PID 1952 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\pdLyRtq.exe
PID 1952 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\pdLyRtq.exe
PID 1952 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\ldcijzu.exe
PID 1952 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\ldcijzu.exe
PID 1952 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\WSQJXtU.exe
PID 1952 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\WSQJXtU.exe
PID 1952 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\IAhzepO.exe
PID 1952 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\IAhzepO.exe
PID 1952 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\fAXqiUS.exe
PID 1952 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\fAXqiUS.exe
PID 1952 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\JShXxkE.exe
PID 1952 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\JShXxkE.exe
PID 1952 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\mCMVFRq.exe
PID 1952 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\mCMVFRq.exe
PID 1952 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\RKFfqti.exe
PID 1952 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\RKFfqti.exe
PID 1952 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\exomayS.exe
PID 1952 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\exomayS.exe
PID 1952 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\DcujSkn.exe
PID 1952 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\DcujSkn.exe
PID 1952 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\tPeMumq.exe
PID 1952 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\tPeMumq.exe
PID 1952 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\dfGwOmA.exe
PID 1952 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\dfGwOmA.exe
PID 1952 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\SnMLxoo.exe
PID 1952 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\SnMLxoo.exe
PID 1952 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\JjevbyK.exe
PID 1952 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\JjevbyK.exe
PID 1952 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\bbrltEg.exe
PID 1952 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\bbrltEg.exe
PID 1952 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\rhbUjCZ.exe
PID 1952 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\rhbUjCZ.exe
PID 1952 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\QFDAvMu.exe
PID 1952 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\QFDAvMu.exe
PID 1952 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\nfNdAxf.exe
PID 1952 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\nfNdAxf.exe
PID 1952 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\cEGPXEJ.exe
PID 1952 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\cEGPXEJ.exe
PID 1952 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\ZhOWyHb.exe
PID 1952 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\ZhOWyHb.exe
PID 1952 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\JWSgZiI.exe
PID 1952 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\JWSgZiI.exe
PID 1952 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\FNFVrDi.exe
PID 1952 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe C:\Windows\System\FNFVrDi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\26590cd7c82716739d9ea3c4ff0f7550_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\tZnxvkn.exe

C:\Windows\System\tZnxvkn.exe

C:\Windows\System\dvMStoH.exe

C:\Windows\System\dvMStoH.exe

C:\Windows\System\NelGIQE.exe

C:\Windows\System\NelGIQE.exe

C:\Windows\System\RMzaCnh.exe

C:\Windows\System\RMzaCnh.exe

C:\Windows\System\cYAmqVA.exe

C:\Windows\System\cYAmqVA.exe

C:\Windows\System\tJxjlhw.exe

C:\Windows\System\tJxjlhw.exe

C:\Windows\System\GGVBqBN.exe

C:\Windows\System\GGVBqBN.exe

C:\Windows\System\eYKYqhH.exe

C:\Windows\System\eYKYqhH.exe

C:\Windows\System\wCbUewx.exe

C:\Windows\System\wCbUewx.exe

C:\Windows\System\pdLyRtq.exe

C:\Windows\System\pdLyRtq.exe

C:\Windows\System\ldcijzu.exe

C:\Windows\System\ldcijzu.exe

C:\Windows\System\WSQJXtU.exe

C:\Windows\System\WSQJXtU.exe

C:\Windows\System\IAhzepO.exe

C:\Windows\System\IAhzepO.exe

C:\Windows\System\fAXqiUS.exe

C:\Windows\System\fAXqiUS.exe

C:\Windows\System\JShXxkE.exe

C:\Windows\System\JShXxkE.exe

C:\Windows\System\mCMVFRq.exe

C:\Windows\System\mCMVFRq.exe

C:\Windows\System\RKFfqti.exe

C:\Windows\System\RKFfqti.exe

C:\Windows\System\exomayS.exe

C:\Windows\System\exomayS.exe

C:\Windows\System\DcujSkn.exe

C:\Windows\System\DcujSkn.exe

C:\Windows\System\tPeMumq.exe

C:\Windows\System\tPeMumq.exe

C:\Windows\System\dfGwOmA.exe

C:\Windows\System\dfGwOmA.exe

C:\Windows\System\SnMLxoo.exe

C:\Windows\System\SnMLxoo.exe

C:\Windows\System\JjevbyK.exe

C:\Windows\System\JjevbyK.exe

C:\Windows\System\bbrltEg.exe

C:\Windows\System\bbrltEg.exe

C:\Windows\System\rhbUjCZ.exe

C:\Windows\System\rhbUjCZ.exe

C:\Windows\System\QFDAvMu.exe

C:\Windows\System\QFDAvMu.exe

C:\Windows\System\nfNdAxf.exe

C:\Windows\System\nfNdAxf.exe

C:\Windows\System\cEGPXEJ.exe

C:\Windows\System\cEGPXEJ.exe

C:\Windows\System\ZhOWyHb.exe

C:\Windows\System\ZhOWyHb.exe

C:\Windows\System\JWSgZiI.exe

C:\Windows\System\JWSgZiI.exe

C:\Windows\System\FNFVrDi.exe

C:\Windows\System\FNFVrDi.exe

C:\Windows\System\IhtoAOM.exe

C:\Windows\System\IhtoAOM.exe

C:\Windows\System\MwWEFfk.exe

C:\Windows\System\MwWEFfk.exe

C:\Windows\System\zdSxpUR.exe

C:\Windows\System\zdSxpUR.exe

C:\Windows\System\huBzImC.exe

C:\Windows\System\huBzImC.exe

C:\Windows\System\NGMbSxW.exe

C:\Windows\System\NGMbSxW.exe

C:\Windows\System\RfaDfTw.exe

C:\Windows\System\RfaDfTw.exe

C:\Windows\System\NJucOvC.exe

C:\Windows\System\NJucOvC.exe

C:\Windows\System\AouZKYx.exe

C:\Windows\System\AouZKYx.exe

C:\Windows\System\DXpGwea.exe

C:\Windows\System\DXpGwea.exe

C:\Windows\System\dBxNGmr.exe

C:\Windows\System\dBxNGmr.exe

C:\Windows\System\BGijCry.exe

C:\Windows\System\BGijCry.exe

C:\Windows\System\OveXCAy.exe

C:\Windows\System\OveXCAy.exe

C:\Windows\System\XkVKTOC.exe

C:\Windows\System\XkVKTOC.exe

C:\Windows\System\PGDsUGi.exe

C:\Windows\System\PGDsUGi.exe

C:\Windows\System\fObGxFp.exe

C:\Windows\System\fObGxFp.exe

C:\Windows\System\mWcHBIv.exe

C:\Windows\System\mWcHBIv.exe

C:\Windows\System\RAeLDVM.exe

C:\Windows\System\RAeLDVM.exe

C:\Windows\System\dfWBpaW.exe

C:\Windows\System\dfWBpaW.exe

C:\Windows\System\OSgzmwu.exe

C:\Windows\System\OSgzmwu.exe

C:\Windows\System\CyGTmBM.exe

C:\Windows\System\CyGTmBM.exe

C:\Windows\System\HALqFXH.exe

C:\Windows\System\HALqFXH.exe

C:\Windows\System\LeJhadN.exe

C:\Windows\System\LeJhadN.exe

C:\Windows\System\vREPhvs.exe

C:\Windows\System\vREPhvs.exe

C:\Windows\System\xIbdBSh.exe

C:\Windows\System\xIbdBSh.exe

C:\Windows\System\jQFVjyk.exe

C:\Windows\System\jQFVjyk.exe

C:\Windows\System\ryKxzHM.exe

C:\Windows\System\ryKxzHM.exe

C:\Windows\System\BYznBpF.exe

C:\Windows\System\BYznBpF.exe

C:\Windows\System\wjHoxhq.exe

C:\Windows\System\wjHoxhq.exe

C:\Windows\System\zYdAkvk.exe

C:\Windows\System\zYdAkvk.exe

C:\Windows\System\KJeoAyd.exe

C:\Windows\System\KJeoAyd.exe

C:\Windows\System\vNFWKLK.exe

C:\Windows\System\vNFWKLK.exe

C:\Windows\System\vazkVkw.exe

C:\Windows\System\vazkVkw.exe

C:\Windows\System\sKJeVpC.exe

C:\Windows\System\sKJeVpC.exe

C:\Windows\System\OETywgH.exe

C:\Windows\System\OETywgH.exe

C:\Windows\System\WlmxZVg.exe

C:\Windows\System\WlmxZVg.exe

C:\Windows\System\SSrdYqU.exe

C:\Windows\System\SSrdYqU.exe

C:\Windows\System\klLdbgA.exe

C:\Windows\System\klLdbgA.exe

C:\Windows\System\qXoAKfY.exe

C:\Windows\System\qXoAKfY.exe

C:\Windows\System\oSNAwxq.exe

C:\Windows\System\oSNAwxq.exe

C:\Windows\System\EhWkarm.exe

C:\Windows\System\EhWkarm.exe

C:\Windows\System\IBoPcxb.exe

C:\Windows\System\IBoPcxb.exe

C:\Windows\System\NOzeTSs.exe

C:\Windows\System\NOzeTSs.exe

C:\Windows\System\LZAVgbd.exe

C:\Windows\System\LZAVgbd.exe

C:\Windows\System\msQOstw.exe

C:\Windows\System\msQOstw.exe

C:\Windows\System\wpcvAiS.exe

C:\Windows\System\wpcvAiS.exe

C:\Windows\System\chaqqJC.exe

C:\Windows\System\chaqqJC.exe

C:\Windows\System\weiHdgO.exe

C:\Windows\System\weiHdgO.exe

C:\Windows\System\ssHpkbS.exe

C:\Windows\System\ssHpkbS.exe

C:\Windows\System\KsLHWbi.exe

C:\Windows\System\KsLHWbi.exe

C:\Windows\System\myJlIzE.exe

C:\Windows\System\myJlIzE.exe

C:\Windows\System\dxgXPtT.exe

C:\Windows\System\dxgXPtT.exe

C:\Windows\System\YfwBgXK.exe

C:\Windows\System\YfwBgXK.exe

C:\Windows\System\ljBebPC.exe

C:\Windows\System\ljBebPC.exe

C:\Windows\System\TzvTSBr.exe

C:\Windows\System\TzvTSBr.exe

C:\Windows\System\hSABXdA.exe

C:\Windows\System\hSABXdA.exe

C:\Windows\System\rMIsysm.exe

C:\Windows\System\rMIsysm.exe

C:\Windows\System\vNgyMmM.exe

C:\Windows\System\vNgyMmM.exe

C:\Windows\System\UngoLbn.exe

C:\Windows\System\UngoLbn.exe

C:\Windows\System\RrwhOGX.exe

C:\Windows\System\RrwhOGX.exe

C:\Windows\System\MNwjfPS.exe

C:\Windows\System\MNwjfPS.exe

C:\Windows\System\qCLjDMa.exe

C:\Windows\System\qCLjDMa.exe

C:\Windows\System\fguFPBk.exe

C:\Windows\System\fguFPBk.exe

C:\Windows\System\rqFvzhT.exe

C:\Windows\System\rqFvzhT.exe

C:\Windows\System\HYTnwLe.exe

C:\Windows\System\HYTnwLe.exe

C:\Windows\System\pYlSVFb.exe

C:\Windows\System\pYlSVFb.exe

C:\Windows\System\mIskkRe.exe

C:\Windows\System\mIskkRe.exe

C:\Windows\System\PhbBBfi.exe

C:\Windows\System\PhbBBfi.exe

C:\Windows\System\wzVyfYW.exe

C:\Windows\System\wzVyfYW.exe

C:\Windows\System\RcCWxcg.exe

C:\Windows\System\RcCWxcg.exe

C:\Windows\System\eizUUiS.exe

C:\Windows\System\eizUUiS.exe

C:\Windows\System\dHfczUO.exe

C:\Windows\System\dHfczUO.exe

C:\Windows\System\tVTZCzb.exe

C:\Windows\System\tVTZCzb.exe

C:\Windows\System\fBCulAq.exe

C:\Windows\System\fBCulAq.exe

C:\Windows\System\NoxkHwy.exe

C:\Windows\System\NoxkHwy.exe

C:\Windows\System\XigEGyO.exe

C:\Windows\System\XigEGyO.exe

C:\Windows\System\DeCdMnh.exe

C:\Windows\System\DeCdMnh.exe

C:\Windows\System\QPYKdeF.exe

C:\Windows\System\QPYKdeF.exe

C:\Windows\System\SJrToJW.exe

C:\Windows\System\SJrToJW.exe

C:\Windows\System\cnpVQdd.exe

C:\Windows\System\cnpVQdd.exe

C:\Windows\System\eFYASof.exe

C:\Windows\System\eFYASof.exe

C:\Windows\System\dFNAeDR.exe

C:\Windows\System\dFNAeDR.exe

C:\Windows\System\jUIzWGq.exe

C:\Windows\System\jUIzWGq.exe

C:\Windows\System\TDnYeyT.exe

C:\Windows\System\TDnYeyT.exe

C:\Windows\System\BomKITC.exe

C:\Windows\System\BomKITC.exe

C:\Windows\System\ARTvdSZ.exe

C:\Windows\System\ARTvdSZ.exe

C:\Windows\System\ZJPGXtm.exe

C:\Windows\System\ZJPGXtm.exe

C:\Windows\System\jkJcMKH.exe

C:\Windows\System\jkJcMKH.exe

C:\Windows\System\qwlrQzm.exe

C:\Windows\System\qwlrQzm.exe

C:\Windows\System\tAsWEMc.exe

C:\Windows\System\tAsWEMc.exe

C:\Windows\System\ToDiYYC.exe

C:\Windows\System\ToDiYYC.exe

C:\Windows\System\qOoqikP.exe

C:\Windows\System\qOoqikP.exe

C:\Windows\System\lYrkxnn.exe

C:\Windows\System\lYrkxnn.exe

C:\Windows\System\ExZtJWe.exe

C:\Windows\System\ExZtJWe.exe

C:\Windows\System\fuxYIsx.exe

C:\Windows\System\fuxYIsx.exe

C:\Windows\System\czEmUOp.exe

C:\Windows\System\czEmUOp.exe

C:\Windows\System\yyXWLay.exe

C:\Windows\System\yyXWLay.exe

C:\Windows\System\dBdSrdL.exe

C:\Windows\System\dBdSrdL.exe

C:\Windows\System\NMDatkj.exe

C:\Windows\System\NMDatkj.exe

C:\Windows\System\MadOnXI.exe

C:\Windows\System\MadOnXI.exe

C:\Windows\System\jKZkGXj.exe

C:\Windows\System\jKZkGXj.exe

C:\Windows\System\JrfvhVF.exe

C:\Windows\System\JrfvhVF.exe

C:\Windows\System\jpVAJuG.exe

C:\Windows\System\jpVAJuG.exe

C:\Windows\System\hlwgUwI.exe

C:\Windows\System\hlwgUwI.exe

C:\Windows\System\nlmBeCQ.exe

C:\Windows\System\nlmBeCQ.exe

C:\Windows\System\JhHjETW.exe

C:\Windows\System\JhHjETW.exe

C:\Windows\System\koynZor.exe

C:\Windows\System\koynZor.exe

C:\Windows\System\RkWpIgA.exe

C:\Windows\System\RkWpIgA.exe

C:\Windows\System\gHZaAlJ.exe

C:\Windows\System\gHZaAlJ.exe

C:\Windows\System\oHLPamd.exe

C:\Windows\System\oHLPamd.exe

C:\Windows\System\hhNhtid.exe

C:\Windows\System\hhNhtid.exe

C:\Windows\System\btUvBAi.exe

C:\Windows\System\btUvBAi.exe

C:\Windows\System\RIBtfBB.exe

C:\Windows\System\RIBtfBB.exe

C:\Windows\System\uhOKOOo.exe

C:\Windows\System\uhOKOOo.exe

C:\Windows\System\BQsqjxz.exe

C:\Windows\System\BQsqjxz.exe

C:\Windows\System\UYRoKiY.exe

C:\Windows\System\UYRoKiY.exe

C:\Windows\System\Jzfgdkw.exe

C:\Windows\System\Jzfgdkw.exe

C:\Windows\System\MNOCFgL.exe

C:\Windows\System\MNOCFgL.exe

C:\Windows\System\ieNqoGJ.exe

C:\Windows\System\ieNqoGJ.exe

C:\Windows\System\VmjNUqR.exe

C:\Windows\System\VmjNUqR.exe

C:\Windows\System\zCZfFtH.exe

C:\Windows\System\zCZfFtH.exe

C:\Windows\System\vLJbMOA.exe

C:\Windows\System\vLJbMOA.exe

C:\Windows\System\UkHbsQW.exe

C:\Windows\System\UkHbsQW.exe

C:\Windows\System\rRVXMib.exe

C:\Windows\System\rRVXMib.exe

C:\Windows\System\ciomsGR.exe

C:\Windows\System\ciomsGR.exe

C:\Windows\System\CKidozJ.exe

C:\Windows\System\CKidozJ.exe

C:\Windows\System\aPHaSaY.exe

C:\Windows\System\aPHaSaY.exe

C:\Windows\System\zcQdJjP.exe

C:\Windows\System\zcQdJjP.exe

C:\Windows\System\YhxdAPk.exe

C:\Windows\System\YhxdAPk.exe

C:\Windows\System\SyeZoNl.exe

C:\Windows\System\SyeZoNl.exe

C:\Windows\System\rJBICnh.exe

C:\Windows\System\rJBICnh.exe

C:\Windows\System\WIdyuJd.exe

C:\Windows\System\WIdyuJd.exe

C:\Windows\System\rlaOwnR.exe

C:\Windows\System\rlaOwnR.exe

C:\Windows\System\zjzHZTH.exe

C:\Windows\System\zjzHZTH.exe

C:\Windows\System\IowqUyi.exe

C:\Windows\System\IowqUyi.exe

C:\Windows\System\rLUEhgk.exe

C:\Windows\System\rLUEhgk.exe

C:\Windows\System\DsrYuFh.exe

C:\Windows\System\DsrYuFh.exe

C:\Windows\System\HXQSoFE.exe

C:\Windows\System\HXQSoFE.exe

C:\Windows\System\XFfnNuO.exe

C:\Windows\System\XFfnNuO.exe

C:\Windows\System\iZWCjMi.exe

C:\Windows\System\iZWCjMi.exe

C:\Windows\System\ogzftIs.exe

C:\Windows\System\ogzftIs.exe

C:\Windows\System\nbfbHuN.exe

C:\Windows\System\nbfbHuN.exe

C:\Windows\System\gfUbepJ.exe

C:\Windows\System\gfUbepJ.exe

C:\Windows\System\ShSunYu.exe

C:\Windows\System\ShSunYu.exe

C:\Windows\System\ghEAbAl.exe

C:\Windows\System\ghEAbAl.exe

C:\Windows\System\NuFFCzl.exe

C:\Windows\System\NuFFCzl.exe

C:\Windows\System\HGVDXGr.exe

C:\Windows\System\HGVDXGr.exe

C:\Windows\System\xgnqMmf.exe

C:\Windows\System\xgnqMmf.exe

C:\Windows\System\AlvpDnY.exe

C:\Windows\System\AlvpDnY.exe

C:\Windows\System\QfGvslx.exe

C:\Windows\System\QfGvslx.exe

C:\Windows\System\IZSkuyi.exe

C:\Windows\System\IZSkuyi.exe

C:\Windows\System\AhKYAEm.exe

C:\Windows\System\AhKYAEm.exe

C:\Windows\System\xRdDvov.exe

C:\Windows\System\xRdDvov.exe

C:\Windows\System\mgArEKP.exe

C:\Windows\System\mgArEKP.exe

C:\Windows\System\WjiuMke.exe

C:\Windows\System\WjiuMke.exe

C:\Windows\System\bkGmBsp.exe

C:\Windows\System\bkGmBsp.exe

C:\Windows\System\hOPpHro.exe

C:\Windows\System\hOPpHro.exe

C:\Windows\System\EUktKNN.exe

C:\Windows\System\EUktKNN.exe

C:\Windows\System\ADMlGbZ.exe

C:\Windows\System\ADMlGbZ.exe

C:\Windows\System\zYaSiYG.exe

C:\Windows\System\zYaSiYG.exe

C:\Windows\System\QAqbCoK.exe

C:\Windows\System\QAqbCoK.exe

C:\Windows\System\CXzbbqj.exe

C:\Windows\System\CXzbbqj.exe

C:\Windows\System\PWhxdjl.exe

C:\Windows\System\PWhxdjl.exe

C:\Windows\System\NbRvIwn.exe

C:\Windows\System\NbRvIwn.exe

C:\Windows\System\IhcgKpy.exe

C:\Windows\System\IhcgKpy.exe

C:\Windows\System\onWDOyH.exe

C:\Windows\System\onWDOyH.exe

C:\Windows\System\UHwEBTI.exe

C:\Windows\System\UHwEBTI.exe

C:\Windows\System\QlPHTuM.exe

C:\Windows\System\QlPHTuM.exe

C:\Windows\System\ZqCBCHX.exe

C:\Windows\System\ZqCBCHX.exe

C:\Windows\System\fAHjuSI.exe

C:\Windows\System\fAHjuSI.exe

C:\Windows\System\RTgXzZY.exe

C:\Windows\System\RTgXzZY.exe

C:\Windows\System\EjFxvGN.exe

C:\Windows\System\EjFxvGN.exe

C:\Windows\System\hJqLtzd.exe

C:\Windows\System\hJqLtzd.exe

C:\Windows\System\qKRqgSt.exe

C:\Windows\System\qKRqgSt.exe

C:\Windows\System\VGAleyo.exe

C:\Windows\System\VGAleyo.exe

C:\Windows\System\pCxeMPQ.exe

C:\Windows\System\pCxeMPQ.exe

C:\Windows\System\ghvcCyR.exe

C:\Windows\System\ghvcCyR.exe

C:\Windows\System\WmfVTyC.exe

C:\Windows\System\WmfVTyC.exe

C:\Windows\System\GDjluOL.exe

C:\Windows\System\GDjluOL.exe

C:\Windows\System\QLEyzZs.exe

C:\Windows\System\QLEyzZs.exe

C:\Windows\System\XminnOO.exe

C:\Windows\System\XminnOO.exe

C:\Windows\System\ogPmHMm.exe

C:\Windows\System\ogPmHMm.exe

C:\Windows\System\cFFaQAL.exe

C:\Windows\System\cFFaQAL.exe

C:\Windows\System\IIpYKmf.exe

C:\Windows\System\IIpYKmf.exe

C:\Windows\System\JqRNsSq.exe

C:\Windows\System\JqRNsSq.exe

C:\Windows\System\ndcsbAv.exe

C:\Windows\System\ndcsbAv.exe

C:\Windows\System\BJTsZIW.exe

C:\Windows\System\BJTsZIW.exe

C:\Windows\System\cXnBYXi.exe

C:\Windows\System\cXnBYXi.exe

C:\Windows\System\cbtZXbP.exe

C:\Windows\System\cbtZXbP.exe

C:\Windows\System\xfBaRRg.exe

C:\Windows\System\xfBaRRg.exe

C:\Windows\System\oRYvsTQ.exe

C:\Windows\System\oRYvsTQ.exe

C:\Windows\System\pbidfJo.exe

C:\Windows\System\pbidfJo.exe

C:\Windows\System\uXaEBai.exe

C:\Windows\System\uXaEBai.exe

C:\Windows\System\TsctRfb.exe

C:\Windows\System\TsctRfb.exe

C:\Windows\System\ZAVCaNa.exe

C:\Windows\System\ZAVCaNa.exe

C:\Windows\System\pHjbtwo.exe

C:\Windows\System\pHjbtwo.exe

C:\Windows\System\DBwrTgf.exe

C:\Windows\System\DBwrTgf.exe

C:\Windows\System\DUsfRdE.exe

C:\Windows\System\DUsfRdE.exe

C:\Windows\System\RajQBAV.exe

C:\Windows\System\RajQBAV.exe

C:\Windows\System\fwESTFa.exe

C:\Windows\System\fwESTFa.exe

C:\Windows\System\kUGZeqt.exe

C:\Windows\System\kUGZeqt.exe

C:\Windows\System\XNbHhbd.exe

C:\Windows\System\XNbHhbd.exe

C:\Windows\System\rfFMDXT.exe

C:\Windows\System\rfFMDXT.exe

C:\Windows\System\cPeZfLt.exe

C:\Windows\System\cPeZfLt.exe

C:\Windows\System\KCeKwqN.exe

C:\Windows\System\KCeKwqN.exe

C:\Windows\System\MBZcJNy.exe

C:\Windows\System\MBZcJNy.exe

C:\Windows\System\PpGbuEX.exe

C:\Windows\System\PpGbuEX.exe

C:\Windows\System\LoTDTow.exe

C:\Windows\System\LoTDTow.exe

C:\Windows\System\UviGwno.exe

C:\Windows\System\UviGwno.exe

C:\Windows\System\hTPOFko.exe

C:\Windows\System\hTPOFko.exe

C:\Windows\System\dKFBshq.exe

C:\Windows\System\dKFBshq.exe

C:\Windows\System\mRcxYnb.exe

C:\Windows\System\mRcxYnb.exe

C:\Windows\System\YZRoNMh.exe

C:\Windows\System\YZRoNMh.exe

C:\Windows\System\pIRqQbK.exe

C:\Windows\System\pIRqQbK.exe

C:\Windows\System\GjeuntJ.exe

C:\Windows\System\GjeuntJ.exe

C:\Windows\System\QglnELz.exe

C:\Windows\System\QglnELz.exe

C:\Windows\System\KwBuHpG.exe

C:\Windows\System\KwBuHpG.exe

C:\Windows\System\cHpNZnu.exe

C:\Windows\System\cHpNZnu.exe

C:\Windows\System\aDNBJka.exe

C:\Windows\System\aDNBJka.exe

C:\Windows\System\wGFDubu.exe

C:\Windows\System\wGFDubu.exe

C:\Windows\System\KfReXVD.exe

C:\Windows\System\KfReXVD.exe

C:\Windows\System\qQOzvoV.exe

C:\Windows\System\qQOzvoV.exe

C:\Windows\System\AjYiHDU.exe

C:\Windows\System\AjYiHDU.exe

C:\Windows\System\IKLLNyb.exe

C:\Windows\System\IKLLNyb.exe

C:\Windows\System\XTtCGBX.exe

C:\Windows\System\XTtCGBX.exe

C:\Windows\System\wcZFlBq.exe

C:\Windows\System\wcZFlBq.exe

C:\Windows\System\nuLqrHk.exe

C:\Windows\System\nuLqrHk.exe

C:\Windows\System\PEnQjdR.exe

C:\Windows\System\PEnQjdR.exe

C:\Windows\System\KjxFEEv.exe

C:\Windows\System\KjxFEEv.exe

C:\Windows\System\ddcTACu.exe

C:\Windows\System\ddcTACu.exe

C:\Windows\System\mdjkEBh.exe

C:\Windows\System\mdjkEBh.exe

C:\Windows\System\JbwUrsd.exe

C:\Windows\System\JbwUrsd.exe

C:\Windows\System\NysgfNv.exe

C:\Windows\System\NysgfNv.exe

C:\Windows\System\JcNoOjV.exe

C:\Windows\System\JcNoOjV.exe

C:\Windows\System\YYGhJud.exe

C:\Windows\System\YYGhJud.exe

C:\Windows\System\ypBWvql.exe

C:\Windows\System\ypBWvql.exe

C:\Windows\System\vDZFNuc.exe

C:\Windows\System\vDZFNuc.exe

C:\Windows\System\zbmwqVr.exe

C:\Windows\System\zbmwqVr.exe

C:\Windows\System\SmJxxLR.exe

C:\Windows\System\SmJxxLR.exe

C:\Windows\System\ggFPkSn.exe

C:\Windows\System\ggFPkSn.exe

C:\Windows\System\RorGBHy.exe

C:\Windows\System\RorGBHy.exe

C:\Windows\System\HSFlTZC.exe

C:\Windows\System\HSFlTZC.exe

C:\Windows\System\tkQHVfY.exe

C:\Windows\System\tkQHVfY.exe

C:\Windows\System\AOjxedH.exe

C:\Windows\System\AOjxedH.exe

C:\Windows\System\Qsjvgia.exe

C:\Windows\System\Qsjvgia.exe

C:\Windows\System\TSzsxwN.exe

C:\Windows\System\TSzsxwN.exe

C:\Windows\System\DsFnOsA.exe

C:\Windows\System\DsFnOsA.exe

C:\Windows\System\UHaqMaG.exe

C:\Windows\System\UHaqMaG.exe

C:\Windows\System\KoFpDWV.exe

C:\Windows\System\KoFpDWV.exe

C:\Windows\System\jmIqUzB.exe

C:\Windows\System\jmIqUzB.exe

C:\Windows\System\RVxQKgb.exe

C:\Windows\System\RVxQKgb.exe

C:\Windows\System\lQHQySU.exe

C:\Windows\System\lQHQySU.exe

C:\Windows\System\BYbccZc.exe

C:\Windows\System\BYbccZc.exe

C:\Windows\System\yGbhOUh.exe

C:\Windows\System\yGbhOUh.exe

C:\Windows\System\DvzYEHm.exe

C:\Windows\System\DvzYEHm.exe

C:\Windows\System\pIeASbO.exe

C:\Windows\System\pIeASbO.exe

C:\Windows\System\rESfPFN.exe

C:\Windows\System\rESfPFN.exe

C:\Windows\System\oFzNgfz.exe

C:\Windows\System\oFzNgfz.exe

C:\Windows\System\SsQOFOf.exe

C:\Windows\System\SsQOFOf.exe

C:\Windows\System\VeTBPsu.exe

C:\Windows\System\VeTBPsu.exe

C:\Windows\System\SeLMhyg.exe

C:\Windows\System\SeLMhyg.exe

C:\Windows\System\mXsCZrK.exe

C:\Windows\System\mXsCZrK.exe

C:\Windows\System\HADPRXE.exe

C:\Windows\System\HADPRXE.exe

C:\Windows\System\pTTKhhm.exe

C:\Windows\System\pTTKhhm.exe

C:\Windows\System\TuoJjHu.exe

C:\Windows\System\TuoJjHu.exe

C:\Windows\System\zebscyq.exe

C:\Windows\System\zebscyq.exe

C:\Windows\System\JHOPNcK.exe

C:\Windows\System\JHOPNcK.exe

C:\Windows\System\OtCsAPn.exe

C:\Windows\System\OtCsAPn.exe

C:\Windows\System\MoxyNeG.exe

C:\Windows\System\MoxyNeG.exe

C:\Windows\System\HwpzTRs.exe

C:\Windows\System\HwpzTRs.exe

C:\Windows\System\anxcYLE.exe

C:\Windows\System\anxcYLE.exe

C:\Windows\System\SmCFWyQ.exe

C:\Windows\System\SmCFWyQ.exe

C:\Windows\System\bfEYpSv.exe

C:\Windows\System\bfEYpSv.exe

C:\Windows\System\ykhFaDS.exe

C:\Windows\System\ykhFaDS.exe

C:\Windows\System\CwEqdEN.exe

C:\Windows\System\CwEqdEN.exe

C:\Windows\System\kOeoqid.exe

C:\Windows\System\kOeoqid.exe

C:\Windows\System\jWIQNPN.exe

C:\Windows\System\jWIQNPN.exe

C:\Windows\System\BKyDkZg.exe

C:\Windows\System\BKyDkZg.exe

C:\Windows\System\RmXxSKn.exe

C:\Windows\System\RmXxSKn.exe

C:\Windows\System\NEIQXJJ.exe

C:\Windows\System\NEIQXJJ.exe

C:\Windows\System\NFocSxr.exe

C:\Windows\System\NFocSxr.exe

C:\Windows\System\jSTEFtb.exe

C:\Windows\System\jSTEFtb.exe

C:\Windows\System\xubeKIb.exe

C:\Windows\System\xubeKIb.exe

C:\Windows\System\eLdZhzd.exe

C:\Windows\System\eLdZhzd.exe

C:\Windows\System\yzEoGou.exe

C:\Windows\System\yzEoGou.exe

C:\Windows\System\SqgcUef.exe

C:\Windows\System\SqgcUef.exe

C:\Windows\System\VKOIqtK.exe

C:\Windows\System\VKOIqtK.exe

C:\Windows\System\cyjbvoe.exe

C:\Windows\System\cyjbvoe.exe

C:\Windows\System\ZQOcpKh.exe

C:\Windows\System\ZQOcpKh.exe

C:\Windows\System\JWVoahM.exe

C:\Windows\System\JWVoahM.exe

C:\Windows\System\UrIWAWE.exe

C:\Windows\System\UrIWAWE.exe

C:\Windows\System\MotzDVy.exe

C:\Windows\System\MotzDVy.exe

C:\Windows\System\HtHuxGY.exe

C:\Windows\System\HtHuxGY.exe

C:\Windows\System\FJqFWGW.exe

C:\Windows\System\FJqFWGW.exe

C:\Windows\System\wGbCJlF.exe

C:\Windows\System\wGbCJlF.exe

C:\Windows\System\knNUrGP.exe

C:\Windows\System\knNUrGP.exe

C:\Windows\System\mHSRPGR.exe

C:\Windows\System\mHSRPGR.exe

C:\Windows\System\MrcyklJ.exe

C:\Windows\System\MrcyklJ.exe

C:\Windows\System\SjGaPns.exe

C:\Windows\System\SjGaPns.exe

C:\Windows\System\JvuwObt.exe

C:\Windows\System\JvuwObt.exe

C:\Windows\System\YECjbWz.exe

C:\Windows\System\YECjbWz.exe

C:\Windows\System\xdzVIEx.exe

C:\Windows\System\xdzVIEx.exe

C:\Windows\System\HZfCrtm.exe

C:\Windows\System\HZfCrtm.exe

C:\Windows\System\CYwbTgb.exe

C:\Windows\System\CYwbTgb.exe

C:\Windows\System\FoSHkQM.exe

C:\Windows\System\FoSHkQM.exe

C:\Windows\System\HnYdBhK.exe

C:\Windows\System\HnYdBhK.exe

C:\Windows\System\nrlTYEm.exe

C:\Windows\System\nrlTYEm.exe

C:\Windows\System\fIMoDvZ.exe

C:\Windows\System\fIMoDvZ.exe

C:\Windows\System\pGJwTke.exe

C:\Windows\System\pGJwTke.exe

C:\Windows\System\EYGousB.exe

C:\Windows\System\EYGousB.exe

C:\Windows\System\ByLdPWs.exe

C:\Windows\System\ByLdPWs.exe

C:\Windows\System\nojbyub.exe

C:\Windows\System\nojbyub.exe

C:\Windows\System\QffAzqy.exe

C:\Windows\System\QffAzqy.exe

C:\Windows\System\vblpzgh.exe

C:\Windows\System\vblpzgh.exe

C:\Windows\System\vCOmfnB.exe

C:\Windows\System\vCOmfnB.exe

C:\Windows\System\vZbYbjB.exe

C:\Windows\System\vZbYbjB.exe

C:\Windows\System\ecvdQpp.exe

C:\Windows\System\ecvdQpp.exe

C:\Windows\System\hnNfEdb.exe

C:\Windows\System\hnNfEdb.exe

C:\Windows\System\qoHmmED.exe

C:\Windows\System\qoHmmED.exe

C:\Windows\System\EjmmdQe.exe

C:\Windows\System\EjmmdQe.exe

C:\Windows\System\CBFUYQG.exe

C:\Windows\System\CBFUYQG.exe

C:\Windows\System\OSjNWsj.exe

C:\Windows\System\OSjNWsj.exe

C:\Windows\System\dKvNAqq.exe

C:\Windows\System\dKvNAqq.exe

C:\Windows\System\NQYELaj.exe

C:\Windows\System\NQYELaj.exe

C:\Windows\System\RufNkiI.exe

C:\Windows\System\RufNkiI.exe

C:\Windows\System\CXWHtdc.exe

C:\Windows\System\CXWHtdc.exe

C:\Windows\System\FtUTzgt.exe

C:\Windows\System\FtUTzgt.exe

C:\Windows\System\twtdbMS.exe

C:\Windows\System\twtdbMS.exe

C:\Windows\System\MSVQXMs.exe

C:\Windows\System\MSVQXMs.exe

C:\Windows\System\bnEmmMe.exe

C:\Windows\System\bnEmmMe.exe

C:\Windows\System\CMyVXwB.exe

C:\Windows\System\CMyVXwB.exe

C:\Windows\System\lnogkZs.exe

C:\Windows\System\lnogkZs.exe

C:\Windows\System\dBCbYvm.exe

C:\Windows\System\dBCbYvm.exe

C:\Windows\System\hadFhnT.exe

C:\Windows\System\hadFhnT.exe

C:\Windows\System\NQydNpY.exe

C:\Windows\System\NQydNpY.exe

C:\Windows\System\iBhKStw.exe

C:\Windows\System\iBhKStw.exe

C:\Windows\System\HsdbmlQ.exe

C:\Windows\System\HsdbmlQ.exe

C:\Windows\System\WYBntkb.exe

C:\Windows\System\WYBntkb.exe

C:\Windows\System\UXyqHLu.exe

C:\Windows\System\UXyqHLu.exe

C:\Windows\System\umVLSrH.exe

C:\Windows\System\umVLSrH.exe

C:\Windows\System\XudNfkU.exe

C:\Windows\System\XudNfkU.exe

C:\Windows\System\XSeXcKP.exe

C:\Windows\System\XSeXcKP.exe

C:\Windows\System\kYtZIUp.exe

C:\Windows\System\kYtZIUp.exe

C:\Windows\System\JCmcTOM.exe

C:\Windows\System\JCmcTOM.exe

C:\Windows\System\DLiYyRk.exe

C:\Windows\System\DLiYyRk.exe

C:\Windows\System\tRjLXIs.exe

C:\Windows\System\tRjLXIs.exe

C:\Windows\System\yFbmrjC.exe

C:\Windows\System\yFbmrjC.exe

C:\Windows\System\HwSLzsw.exe

C:\Windows\System\HwSLzsw.exe

C:\Windows\System\vbEviJc.exe

C:\Windows\System\vbEviJc.exe

C:\Windows\System\cCpPZPJ.exe

C:\Windows\System\cCpPZPJ.exe

C:\Windows\System\SWQHvZz.exe

C:\Windows\System\SWQHvZz.exe

C:\Windows\System\hHHqaJO.exe

C:\Windows\System\hHHqaJO.exe

C:\Windows\System\BHvYwSk.exe

C:\Windows\System\BHvYwSk.exe

C:\Windows\System\Huafwgl.exe

C:\Windows\System\Huafwgl.exe

C:\Windows\System\IOkUtId.exe

C:\Windows\System\IOkUtId.exe

C:\Windows\System\SggBeCb.exe

C:\Windows\System\SggBeCb.exe

C:\Windows\System\JvxgnpE.exe

C:\Windows\System\JvxgnpE.exe

C:\Windows\System\GmmRwBU.exe

C:\Windows\System\GmmRwBU.exe

C:\Windows\System\ejVPIvY.exe

C:\Windows\System\ejVPIvY.exe

C:\Windows\System\lMoqDUu.exe

C:\Windows\System\lMoqDUu.exe

C:\Windows\System\OBHhgyT.exe

C:\Windows\System\OBHhgyT.exe

C:\Windows\System\aRfYJBk.exe

C:\Windows\System\aRfYJBk.exe

C:\Windows\System\hHipBDk.exe

C:\Windows\System\hHipBDk.exe

C:\Windows\System\rVZqHur.exe

C:\Windows\System\rVZqHur.exe

C:\Windows\System\KJDSLdw.exe

C:\Windows\System\KJDSLdw.exe

C:\Windows\System\ahegrvh.exe

C:\Windows\System\ahegrvh.exe

C:\Windows\System\osCkuma.exe

C:\Windows\System\osCkuma.exe

C:\Windows\System\eqyyjjo.exe

C:\Windows\System\eqyyjjo.exe

C:\Windows\System\eOZuHoo.exe

C:\Windows\System\eOZuHoo.exe

C:\Windows\System\gmYzpSF.exe

C:\Windows\System\gmYzpSF.exe

C:\Windows\System\GrFuEFW.exe

C:\Windows\System\GrFuEFW.exe

C:\Windows\System\nKCxfOG.exe

C:\Windows\System\nKCxfOG.exe

C:\Windows\System\fcgNAjc.exe

C:\Windows\System\fcgNAjc.exe

C:\Windows\System\nhYbBrP.exe

C:\Windows\System\nhYbBrP.exe

C:\Windows\System\IUyzpZb.exe

C:\Windows\System\IUyzpZb.exe

C:\Windows\System\sPSmUBk.exe

C:\Windows\System\sPSmUBk.exe

C:\Windows\System\xklmbhE.exe

C:\Windows\System\xklmbhE.exe

C:\Windows\System\EzbVYeW.exe

C:\Windows\System\EzbVYeW.exe

C:\Windows\System\flfXYSk.exe

C:\Windows\System\flfXYSk.exe

C:\Windows\System\EWJwtxW.exe

C:\Windows\System\EWJwtxW.exe

C:\Windows\System\WMDqhHw.exe

C:\Windows\System\WMDqhHw.exe

C:\Windows\System\WOVAFnm.exe

C:\Windows\System\WOVAFnm.exe

C:\Windows\System\RmBRROM.exe

C:\Windows\System\RmBRROM.exe

C:\Windows\System\wzRiEyu.exe

C:\Windows\System\wzRiEyu.exe

C:\Windows\System\bRsMZuQ.exe

C:\Windows\System\bRsMZuQ.exe

C:\Windows\System\XTBPpfS.exe

C:\Windows\System\XTBPpfS.exe

C:\Windows\System\muQbrHd.exe

C:\Windows\System\muQbrHd.exe

C:\Windows\System\FSSjBeb.exe

C:\Windows\System\FSSjBeb.exe

C:\Windows\System\NmdUSIw.exe

C:\Windows\System\NmdUSIw.exe

C:\Windows\System\RxcDRmY.exe

C:\Windows\System\RxcDRmY.exe

C:\Windows\System\KuCrrPG.exe

C:\Windows\System\KuCrrPG.exe

C:\Windows\System\EiKPpgQ.exe

C:\Windows\System\EiKPpgQ.exe

C:\Windows\System\rXitMhj.exe

C:\Windows\System\rXitMhj.exe

C:\Windows\System\UbKtNvl.exe

C:\Windows\System\UbKtNvl.exe

C:\Windows\System\skuatIa.exe

C:\Windows\System\skuatIa.exe

C:\Windows\System\fdbNWJE.exe

C:\Windows\System\fdbNWJE.exe

C:\Windows\System\veYAZCp.exe

C:\Windows\System\veYAZCp.exe

C:\Windows\System\oosFUyj.exe

C:\Windows\System\oosFUyj.exe

C:\Windows\System\EVfTrEH.exe

C:\Windows\System\EVfTrEH.exe

C:\Windows\System\RJrOaau.exe

C:\Windows\System\RJrOaau.exe

C:\Windows\System\ivtWgHu.exe

C:\Windows\System\ivtWgHu.exe

C:\Windows\System\zfpvSCA.exe

C:\Windows\System\zfpvSCA.exe

C:\Windows\System\dAYAQBM.exe

C:\Windows\System\dAYAQBM.exe

C:\Windows\System\QhOwNlo.exe

C:\Windows\System\QhOwNlo.exe

C:\Windows\System\OJvvPWS.exe

C:\Windows\System\OJvvPWS.exe

C:\Windows\System\PDCBYPf.exe

C:\Windows\System\PDCBYPf.exe

C:\Windows\System\rmIJXAt.exe

C:\Windows\System\rmIJXAt.exe

C:\Windows\System\DaXCIjE.exe

C:\Windows\System\DaXCIjE.exe

C:\Windows\System\mjzvFkG.exe

C:\Windows\System\mjzvFkG.exe

C:\Windows\System\DHrzXWL.exe

C:\Windows\System\DHrzXWL.exe

C:\Windows\System\lnbwsWe.exe

C:\Windows\System\lnbwsWe.exe

C:\Windows\System\hwMpuHe.exe

C:\Windows\System\hwMpuHe.exe

C:\Windows\System\cvNKxoV.exe

C:\Windows\System\cvNKxoV.exe

C:\Windows\System\QjtJPRN.exe

C:\Windows\System\QjtJPRN.exe

C:\Windows\System\IUECKLz.exe

C:\Windows\System\IUECKLz.exe

C:\Windows\System\VaSEVCv.exe

C:\Windows\System\VaSEVCv.exe

C:\Windows\System\nnnTcWl.exe

C:\Windows\System\nnnTcWl.exe

C:\Windows\System\gzoupPd.exe

C:\Windows\System\gzoupPd.exe

C:\Windows\System\KCnZbaf.exe

C:\Windows\System\KCnZbaf.exe

C:\Windows\System\oUdxfsS.exe

C:\Windows\System\oUdxfsS.exe

C:\Windows\System\eBhfYNP.exe

C:\Windows\System\eBhfYNP.exe

C:\Windows\System\CYJIysS.exe

C:\Windows\System\CYJIysS.exe

C:\Windows\System\HUzOtTX.exe

C:\Windows\System\HUzOtTX.exe

C:\Windows\System\pHbsDJz.exe

C:\Windows\System\pHbsDJz.exe

C:\Windows\System\JZjEEPv.exe

C:\Windows\System\JZjEEPv.exe

C:\Windows\System\QzcLjnz.exe

C:\Windows\System\QzcLjnz.exe

C:\Windows\System\PNFfXrh.exe

C:\Windows\System\PNFfXrh.exe

C:\Windows\System\uGERaPR.exe

C:\Windows\System\uGERaPR.exe

C:\Windows\System\wSBZZFt.exe

C:\Windows\System\wSBZZFt.exe

C:\Windows\System\sXNFBpG.exe

C:\Windows\System\sXNFBpG.exe

C:\Windows\System\GfSiszF.exe

C:\Windows\System\GfSiszF.exe

C:\Windows\System\ISEvLoy.exe

C:\Windows\System\ISEvLoy.exe

C:\Windows\System\CmaXrsY.exe

C:\Windows\System\CmaXrsY.exe

C:\Windows\System\UapAzVj.exe

C:\Windows\System\UapAzVj.exe

C:\Windows\System\YpcwXdC.exe

C:\Windows\System\YpcwXdC.exe

C:\Windows\System\DEpJkbr.exe

C:\Windows\System\DEpJkbr.exe

C:\Windows\System\ZmQXjAG.exe

C:\Windows\System\ZmQXjAG.exe

C:\Windows\System\ATZdbiG.exe

C:\Windows\System\ATZdbiG.exe

C:\Windows\System\HRipimB.exe

C:\Windows\System\HRipimB.exe

C:\Windows\System\LfRMeED.exe

C:\Windows\System\LfRMeED.exe

C:\Windows\System\PzCeaZb.exe

C:\Windows\System\PzCeaZb.exe

C:\Windows\System\MAOhruB.exe

C:\Windows\System\MAOhruB.exe

C:\Windows\System\BByDNNc.exe

C:\Windows\System\BByDNNc.exe

C:\Windows\System\WCcJNJF.exe

C:\Windows\System\WCcJNJF.exe

C:\Windows\System\XgZfpzG.exe

C:\Windows\System\XgZfpzG.exe

C:\Windows\System\VyoTiYW.exe

C:\Windows\System\VyoTiYW.exe

C:\Windows\System\pWPVgzc.exe

C:\Windows\System\pWPVgzc.exe

C:\Windows\System\DtgRrCo.exe

C:\Windows\System\DtgRrCo.exe

C:\Windows\System\qKpyroT.exe

C:\Windows\System\qKpyroT.exe

C:\Windows\System\VTPVbUU.exe

C:\Windows\System\VTPVbUU.exe

C:\Windows\System\NfdTfrW.exe

C:\Windows\System\NfdTfrW.exe

C:\Windows\System\lnhHNYq.exe

C:\Windows\System\lnhHNYq.exe

C:\Windows\System\hRvDBze.exe

C:\Windows\System\hRvDBze.exe

C:\Windows\System\RYZxpTt.exe

C:\Windows\System\RYZxpTt.exe

C:\Windows\System\teBotDe.exe

C:\Windows\System\teBotDe.exe

C:\Windows\System\pZfAXfL.exe

C:\Windows\System\pZfAXfL.exe

C:\Windows\System\ouNxdRz.exe

C:\Windows\System\ouNxdRz.exe

C:\Windows\System\szBkDLL.exe

C:\Windows\System\szBkDLL.exe

C:\Windows\System\lgcirgv.exe

C:\Windows\System\lgcirgv.exe

C:\Windows\System\eizmmuP.exe

C:\Windows\System\eizmmuP.exe

C:\Windows\System\dqDmcXk.exe

C:\Windows\System\dqDmcXk.exe

C:\Windows\System\WxTACcN.exe

C:\Windows\System\WxTACcN.exe

C:\Windows\System\siymsNC.exe

C:\Windows\System\siymsNC.exe

C:\Windows\System\DXgRucl.exe

C:\Windows\System\DXgRucl.exe

C:\Windows\System\qXcTRxl.exe

C:\Windows\System\qXcTRxl.exe

C:\Windows\System\kSHLdSk.exe

C:\Windows\System\kSHLdSk.exe

C:\Windows\System\bLkNiTr.exe

C:\Windows\System\bLkNiTr.exe

C:\Windows\System\itfhpNY.exe

C:\Windows\System\itfhpNY.exe

C:\Windows\System\eNyFpFk.exe

C:\Windows\System\eNyFpFk.exe

C:\Windows\System\lelSAQY.exe

C:\Windows\System\lelSAQY.exe

C:\Windows\System\KzFmNeF.exe

C:\Windows\System\KzFmNeF.exe

C:\Windows\System\XfPLEkd.exe

C:\Windows\System\XfPLEkd.exe

C:\Windows\System\sUMBhjO.exe

C:\Windows\System\sUMBhjO.exe

C:\Windows\System\CpRLuJa.exe

C:\Windows\System\CpRLuJa.exe

C:\Windows\System\OWfFiML.exe

C:\Windows\System\OWfFiML.exe

C:\Windows\System\jscRsYj.exe

C:\Windows\System\jscRsYj.exe

C:\Windows\System\dnnmWYl.exe

C:\Windows\System\dnnmWYl.exe

C:\Windows\System\KigeIWR.exe

C:\Windows\System\KigeIWR.exe

C:\Windows\System\FrFuHay.exe

C:\Windows\System\FrFuHay.exe

C:\Windows\System\OrXcUuN.exe

C:\Windows\System\OrXcUuN.exe

C:\Windows\System\oZedjCi.exe

C:\Windows\System\oZedjCi.exe

C:\Windows\System\aHHSrVd.exe

C:\Windows\System\aHHSrVd.exe

C:\Windows\System\eEOxUcm.exe

C:\Windows\System\eEOxUcm.exe

C:\Windows\System\SPLdGRN.exe

C:\Windows\System\SPLdGRN.exe

C:\Windows\System\IurGjXJ.exe

C:\Windows\System\IurGjXJ.exe

C:\Windows\System\PZcGZDy.exe

C:\Windows\System\PZcGZDy.exe

C:\Windows\System\WcDNkQI.exe

C:\Windows\System\WcDNkQI.exe

C:\Windows\System\bQhTnZo.exe

C:\Windows\System\bQhTnZo.exe

C:\Windows\System\pDixxro.exe

C:\Windows\System\pDixxro.exe

C:\Windows\System\jBCvMuE.exe

C:\Windows\System\jBCvMuE.exe

C:\Windows\System\OxPQxan.exe

C:\Windows\System\OxPQxan.exe

C:\Windows\System\FrFkrZy.exe

C:\Windows\System\FrFkrZy.exe

C:\Windows\System\OKZRyqh.exe

C:\Windows\System\OKZRyqh.exe

C:\Windows\System\heCCXLQ.exe

C:\Windows\System\heCCXLQ.exe

C:\Windows\System\biHFDbX.exe

C:\Windows\System\biHFDbX.exe

C:\Windows\System\wHMnPSC.exe

C:\Windows\System\wHMnPSC.exe

C:\Windows\System\vfDsmAe.exe

C:\Windows\System\vfDsmAe.exe

C:\Windows\System\ZhvHvCV.exe

C:\Windows\System\ZhvHvCV.exe

C:\Windows\System\rIycXgA.exe

C:\Windows\System\rIycXgA.exe

C:\Windows\System\vxtzQOm.exe

C:\Windows\System\vxtzQOm.exe

C:\Windows\System\CDShBqr.exe

C:\Windows\System\CDShBqr.exe

C:\Windows\System\jDqRxpe.exe

C:\Windows\System\jDqRxpe.exe

C:\Windows\System\STrtQsq.exe

C:\Windows\System\STrtQsq.exe

C:\Windows\System\whysQTP.exe

C:\Windows\System\whysQTP.exe

C:\Windows\System\UjRNirj.exe

C:\Windows\System\UjRNirj.exe

C:\Windows\System\BDquwAL.exe

C:\Windows\System\BDquwAL.exe

C:\Windows\System\VbRqWTK.exe

C:\Windows\System\VbRqWTK.exe

C:\Windows\System\kSoDUfk.exe

C:\Windows\System\kSoDUfk.exe

C:\Windows\System\YrHGHkU.exe

C:\Windows\System\YrHGHkU.exe

C:\Windows\System\erHNsBn.exe

C:\Windows\System\erHNsBn.exe

C:\Windows\System\YPKhEsv.exe

C:\Windows\System\YPKhEsv.exe

C:\Windows\System\bEdSOSC.exe

C:\Windows\System\bEdSOSC.exe

C:\Windows\System\zIpjBdX.exe

C:\Windows\System\zIpjBdX.exe

C:\Windows\System\vDnLbCF.exe

C:\Windows\System\vDnLbCF.exe

C:\Windows\System\eqZOvKc.exe

C:\Windows\System\eqZOvKc.exe

C:\Windows\System\hkKHvjk.exe

C:\Windows\System\hkKHvjk.exe

C:\Windows\System\RAvWzoo.exe

C:\Windows\System\RAvWzoo.exe

C:\Windows\System\wJtuhrv.exe

C:\Windows\System\wJtuhrv.exe

C:\Windows\System\fSmNJpN.exe

C:\Windows\System\fSmNJpN.exe

C:\Windows\System\HTWLRlf.exe

C:\Windows\System\HTWLRlf.exe

C:\Windows\System\DLEEucR.exe

C:\Windows\System\DLEEucR.exe

C:\Windows\System\FzGwvto.exe

C:\Windows\System\FzGwvto.exe

C:\Windows\System\DXhkVvO.exe

C:\Windows\System\DXhkVvO.exe

C:\Windows\System\JDlUIuB.exe

C:\Windows\System\JDlUIuB.exe

C:\Windows\System\zmLAJKB.exe

C:\Windows\System\zmLAJKB.exe

C:\Windows\System\SbIqJRn.exe

C:\Windows\System\SbIqJRn.exe

C:\Windows\System\LmKRXLk.exe

C:\Windows\System\LmKRXLk.exe

C:\Windows\System\eLQqitt.exe

C:\Windows\System\eLQqitt.exe

C:\Windows\System\xBXGzGS.exe

C:\Windows\System\xBXGzGS.exe

C:\Windows\System\JdiEaAq.exe

C:\Windows\System\JdiEaAq.exe

C:\Windows\System\oLcZPAn.exe

C:\Windows\System\oLcZPAn.exe

C:\Windows\System\kAOiYmL.exe

C:\Windows\System\kAOiYmL.exe

C:\Windows\System\aLdTCXo.exe

C:\Windows\System\aLdTCXo.exe

C:\Windows\System\qqrOZIq.exe

C:\Windows\System\qqrOZIq.exe

C:\Windows\System\NsTQlxg.exe

C:\Windows\System\NsTQlxg.exe

C:\Windows\System\qCCDUQc.exe

C:\Windows\System\qCCDUQc.exe

C:\Windows\System\gXfVpme.exe

C:\Windows\System\gXfVpme.exe

C:\Windows\System\UPAsipE.exe

C:\Windows\System\UPAsipE.exe

C:\Windows\System\afpZjvZ.exe

C:\Windows\System\afpZjvZ.exe

C:\Windows\System\JEoBnLX.exe

C:\Windows\System\JEoBnLX.exe

C:\Windows\System\WOGutOw.exe

C:\Windows\System\WOGutOw.exe

C:\Windows\System\qmiZuKD.exe

C:\Windows\System\qmiZuKD.exe

C:\Windows\System\KVTuCPJ.exe

C:\Windows\System\KVTuCPJ.exe

C:\Windows\System\KPpUZsW.exe

C:\Windows\System\KPpUZsW.exe

C:\Windows\System\bwiqGKk.exe

C:\Windows\System\bwiqGKk.exe

C:\Windows\System\bSBUlXs.exe

C:\Windows\System\bSBUlXs.exe

C:\Windows\System\uzRxNQs.exe

C:\Windows\System\uzRxNQs.exe

C:\Windows\System\ieMfuwu.exe

C:\Windows\System\ieMfuwu.exe

C:\Windows\System\RjcEklB.exe

C:\Windows\System\RjcEklB.exe

C:\Windows\System\IAfRBNJ.exe

C:\Windows\System\IAfRBNJ.exe

C:\Windows\System\sVPLPSY.exe

C:\Windows\System\sVPLPSY.exe

C:\Windows\System\VpgYcOC.exe

C:\Windows\System\VpgYcOC.exe

C:\Windows\System\HOdaQsh.exe

C:\Windows\System\HOdaQsh.exe

C:\Windows\System\FXhzlvh.exe

C:\Windows\System\FXhzlvh.exe

C:\Windows\System\lvTPnHc.exe

C:\Windows\System\lvTPnHc.exe

C:\Windows\System\LYVcVQe.exe

C:\Windows\System\LYVcVQe.exe

C:\Windows\System\tbNjANa.exe

C:\Windows\System\tbNjANa.exe

C:\Windows\System\TglIXLk.exe

C:\Windows\System\TglIXLk.exe

C:\Windows\System\cHfrSHv.exe

C:\Windows\System\cHfrSHv.exe

C:\Windows\System\YJOzNpR.exe

C:\Windows\System\YJOzNpR.exe

C:\Windows\System\DNxinRT.exe

C:\Windows\System\DNxinRT.exe

C:\Windows\System\tatEhQW.exe

C:\Windows\System\tatEhQW.exe

C:\Windows\System\MJRXMgH.exe

C:\Windows\System\MJRXMgH.exe

C:\Windows\System\tbnYoVL.exe

C:\Windows\System\tbnYoVL.exe

C:\Windows\System\rpcgjWU.exe

C:\Windows\System\rpcgjWU.exe

C:\Windows\System\kDCJHzA.exe

C:\Windows\System\kDCJHzA.exe

C:\Windows\System\fvWEKaZ.exe

C:\Windows\System\fvWEKaZ.exe

C:\Windows\System\PyzqUmq.exe

C:\Windows\System\PyzqUmq.exe

C:\Windows\System\ovdNaAr.exe

C:\Windows\System\ovdNaAr.exe

C:\Windows\System\MPOizDX.exe

C:\Windows\System\MPOizDX.exe

C:\Windows\System\vjGGWAb.exe

C:\Windows\System\vjGGWAb.exe

C:\Windows\System\XJUHSiQ.exe

C:\Windows\System\XJUHSiQ.exe

C:\Windows\System\VxxWVPn.exe

C:\Windows\System\VxxWVPn.exe

C:\Windows\System\AeWFAxG.exe

C:\Windows\System\AeWFAxG.exe

C:\Windows\System\NCqibPy.exe

C:\Windows\System\NCqibPy.exe

C:\Windows\System\KBEhikE.exe

C:\Windows\System\KBEhikE.exe

C:\Windows\System\leDOwfH.exe

C:\Windows\System\leDOwfH.exe

C:\Windows\System\WfDckIl.exe

C:\Windows\System\WfDckIl.exe

C:\Windows\System\QyBStNg.exe

C:\Windows\System\QyBStNg.exe

C:\Windows\System\eDMSbJe.exe

C:\Windows\System\eDMSbJe.exe

C:\Windows\System\uiEKozW.exe

C:\Windows\System\uiEKozW.exe

C:\Windows\System\iIDDIen.exe

C:\Windows\System\iIDDIen.exe

C:\Windows\System\OIpWAkY.exe

C:\Windows\System\OIpWAkY.exe

C:\Windows\System\SMXkiVs.exe

C:\Windows\System\SMXkiVs.exe

C:\Windows\System\kTUGtpf.exe

C:\Windows\System\kTUGtpf.exe

C:\Windows\System\hvtXioW.exe

C:\Windows\System\hvtXioW.exe

C:\Windows\System\lMofVzf.exe

C:\Windows\System\lMofVzf.exe

C:\Windows\System\PWhrHog.exe

C:\Windows\System\PWhrHog.exe

C:\Windows\System\yUfDTJU.exe

C:\Windows\System\yUfDTJU.exe

C:\Windows\System\fbJajPP.exe

C:\Windows\System\fbJajPP.exe

C:\Windows\System\oHkcpcU.exe

C:\Windows\System\oHkcpcU.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 884 -p 11236 -ip 11236

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 932 -p 9500 -ip 9500

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 948 -p 9748 -ip 9748

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 980 -p 11996 -ip 11996

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 1004 -p 12408 -ip 12408

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 1080 -p 12600 -ip 12600

C:\Windows\System\WVWTaqH.exe

C:\Windows\System\WVWTaqH.exe

C:\Windows\System\rTOafpp.exe

C:\Windows\System\rTOafpp.exe

C:\Windows\System\kWxVaMs.exe

C:\Windows\System\kWxVaMs.exe

C:\Windows\System\vJzwmiT.exe

C:\Windows\System\vJzwmiT.exe

C:\Windows\System\pUKAbad.exe

C:\Windows\System\pUKAbad.exe

C:\Windows\System\ZkWkKnO.exe

C:\Windows\System\ZkWkKnO.exe

C:\Windows\System\uJZYbGZ.exe

C:\Windows\System\uJZYbGZ.exe

C:\Windows\System\cMNhjCF.exe

C:\Windows\System\cMNhjCF.exe

C:\Windows\System\PQidedn.exe

C:\Windows\System\PQidedn.exe

C:\Windows\System\TJszqDd.exe

C:\Windows\System\TJszqDd.exe

C:\Windows\System\cLUQlBp.exe

C:\Windows\System\cLUQlBp.exe

C:\Windows\System\YybwyWH.exe

C:\Windows\System\YybwyWH.exe

C:\Windows\System\eClXsFO.exe

C:\Windows\System\eClXsFO.exe

C:\Windows\System\OgIBKYv.exe

C:\Windows\System\OgIBKYv.exe

C:\Windows\System\oqLECeR.exe

C:\Windows\System\oqLECeR.exe

C:\Windows\System\wrkpeUB.exe

C:\Windows\System\wrkpeUB.exe

C:\Windows\System\YRXUXje.exe

C:\Windows\System\YRXUXje.exe

C:\Windows\System\IOZssds.exe

C:\Windows\System\IOZssds.exe

C:\Windows\System\LaQnqrA.exe

C:\Windows\System\LaQnqrA.exe

C:\Windows\System\yEKzOgs.exe

C:\Windows\System\yEKzOgs.exe

C:\Windows\System\RDPjjSy.exe

C:\Windows\System\RDPjjSy.exe

C:\Windows\System\wIKaRkl.exe

C:\Windows\System\wIKaRkl.exe

C:\Windows\System\cEMzUXF.exe

C:\Windows\System\cEMzUXF.exe

C:\Windows\System\NlhkMPs.exe

C:\Windows\System\NlhkMPs.exe

C:\Windows\System\busgkIH.exe

C:\Windows\System\busgkIH.exe

C:\Windows\System\oTeavte.exe

C:\Windows\System\oTeavte.exe

C:\Windows\System\znCCyTH.exe

C:\Windows\System\znCCyTH.exe

C:\Windows\System\TYKGsVT.exe

C:\Windows\System\TYKGsVT.exe

C:\Windows\System\pmdYOsx.exe

C:\Windows\System\pmdYOsx.exe

C:\Windows\System\RnAgvLN.exe

C:\Windows\System\RnAgvLN.exe

C:\Windows\System\OWuXxuL.exe

C:\Windows\System\OWuXxuL.exe

C:\Windows\System\zAQZOdt.exe

C:\Windows\System\zAQZOdt.exe

C:\Windows\System\zAHfPxV.exe

C:\Windows\System\zAHfPxV.exe

C:\Windows\System\iNvqqmN.exe

C:\Windows\System\iNvqqmN.exe

C:\Windows\System\RKsnxUN.exe

C:\Windows\System\RKsnxUN.exe

C:\Windows\System\dEeQPTb.exe

C:\Windows\System\dEeQPTb.exe

C:\Windows\System\oLDWeBt.exe

C:\Windows\System\oLDWeBt.exe

C:\Windows\System\NOfMzdw.exe

C:\Windows\System\NOfMzdw.exe

C:\Windows\System\GXdVqrt.exe

C:\Windows\System\GXdVqrt.exe

C:\Windows\System\NCRmaxX.exe

C:\Windows\System\NCRmaxX.exe

C:\Windows\System\EmIDQIs.exe

C:\Windows\System\EmIDQIs.exe

C:\Windows\System\kABbbGh.exe

C:\Windows\System\kABbbGh.exe

C:\Windows\System\WjMmeDH.exe

C:\Windows\System\WjMmeDH.exe

C:\Windows\System\MmaLbMt.exe

C:\Windows\System\MmaLbMt.exe

C:\Windows\System\kYlSxyr.exe

C:\Windows\System\kYlSxyr.exe

C:\Windows\System\bELpLtA.exe

C:\Windows\System\bELpLtA.exe

C:\Windows\System\gryEwjI.exe

C:\Windows\System\gryEwjI.exe

C:\Windows\System\kUZXKBd.exe

C:\Windows\System\kUZXKBd.exe

C:\Windows\System\dktWSAr.exe

C:\Windows\System\dktWSAr.exe

C:\Windows\System\PfIrzGX.exe

C:\Windows\System\PfIrzGX.exe

C:\Windows\System\knuQOUa.exe

C:\Windows\System\knuQOUa.exe

C:\Windows\System\xFSXtxw.exe

C:\Windows\System\xFSXtxw.exe

C:\Windows\System\xTwRFTh.exe

C:\Windows\System\xTwRFTh.exe

C:\Windows\System\OcsxPZl.exe

C:\Windows\System\OcsxPZl.exe

C:\Windows\System\lCnOFrY.exe

C:\Windows\System\lCnOFrY.exe

C:\Windows\System\cfQKZkc.exe

C:\Windows\System\cfQKZkc.exe

C:\Windows\System\CHKOgum.exe

C:\Windows\System\CHKOgum.exe

C:\Windows\System\FlOOnMy.exe

C:\Windows\System\FlOOnMy.exe

C:\Windows\System\YZjkYyA.exe

C:\Windows\System\YZjkYyA.exe

C:\Windows\System\tBDruxl.exe

C:\Windows\System\tBDruxl.exe

C:\Windows\System\rXQcxkU.exe

C:\Windows\System\rXQcxkU.exe

C:\Windows\System\BjRTJoL.exe

C:\Windows\System\BjRTJoL.exe

C:\Windows\System\veuZXJg.exe

C:\Windows\System\veuZXJg.exe

C:\Windows\System\rKQmZUw.exe

C:\Windows\System\rKQmZUw.exe

C:\Windows\System\RsKZsus.exe

C:\Windows\System\RsKZsus.exe

C:\Windows\System\fRwRtWP.exe

C:\Windows\System\fRwRtWP.exe

C:\Windows\System\JwltYLo.exe

C:\Windows\System\JwltYLo.exe

C:\Windows\System\HcSknng.exe

C:\Windows\System\HcSknng.exe

C:\Windows\System\lnMbSBH.exe

C:\Windows\System\lnMbSBH.exe

C:\Windows\System\GvMqEGm.exe

C:\Windows\System\GvMqEGm.exe

C:\Windows\System\GGGyvJZ.exe

C:\Windows\System\GGGyvJZ.exe

C:\Windows\System\uwjQoIF.exe

C:\Windows\System\uwjQoIF.exe

C:\Windows\System\fZdAACn.exe

C:\Windows\System\fZdAACn.exe

C:\Windows\System\QesXvfx.exe

C:\Windows\System\QesXvfx.exe

C:\Windows\System\iurCJeB.exe

C:\Windows\System\iurCJeB.exe

C:\Windows\System\xSYssaq.exe

C:\Windows\System\xSYssaq.exe

C:\Windows\System\rzOgjqQ.exe

C:\Windows\System\rzOgjqQ.exe

C:\Windows\System\zIqcgkj.exe

C:\Windows\System\zIqcgkj.exe

C:\Windows\System\ptVftEy.exe

C:\Windows\System\ptVftEy.exe

C:\Windows\System\yzmUyaj.exe

C:\Windows\System\yzmUyaj.exe

C:\Windows\System\WmqYjin.exe

C:\Windows\System\WmqYjin.exe

C:\Windows\System\dmuOlbd.exe

C:\Windows\System\dmuOlbd.exe

C:\Windows\System\ANSYhXa.exe

C:\Windows\System\ANSYhXa.exe

C:\Windows\System\obfsszs.exe

C:\Windows\System\obfsszs.exe

C:\Windows\System\IgrevWl.exe

C:\Windows\System\IgrevWl.exe

C:\Windows\System\zmSpNkt.exe

C:\Windows\System\zmSpNkt.exe

C:\Windows\System\olyvnQW.exe

C:\Windows\System\olyvnQW.exe

C:\Windows\System\bubGOKE.exe

C:\Windows\System\bubGOKE.exe

C:\Windows\System\QwmJasN.exe

C:\Windows\System\QwmJasN.exe

C:\Windows\System\fWUjfug.exe

C:\Windows\System\fWUjfug.exe

C:\Windows\System\MdxbCbD.exe

C:\Windows\System\MdxbCbD.exe

C:\Windows\System\pQWSUwO.exe

C:\Windows\System\pQWSUwO.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

memory/1952-0-0x00007FF6ED570000-0x00007FF6ED962000-memory.dmp

memory/1952-1-0x00000220C4AF0000-0x00000220C4B00000-memory.dmp

C:\Windows\System\tZnxvkn.exe

MD5 e85c2a6dbfd6e6f2eb50d6179d2eea7c
SHA1 75f770157fa1f27c5648483f300ce7c57d6e8bb5
SHA256 b0c69bd0457da22a8a1518e89972ad94d2bf3f1959e76e97e62122cc55012030
SHA512 95bd491887fbf0da698b5302e1e63334085963f0146794dd1a483122999c99c4ce46495df3c1f05e95891f36619fe19b535d8788e01efb788426a8f7aafa2762

C:\Windows\System\dvMStoH.exe

MD5 bf14fa3fc942b2ef294e330387e709b9
SHA1 3c7ae547396bb75729aa64ad73e7cf7b69c7b8dc
SHA256 92e00d4213b675ad623a4b4baf7884c2d38c6b8b035ae5d8a2e88c6f052af9e9
SHA512 af9230d9fccd32b629ea187c9df72f2665a6ae721ba1a32d3b3c33e1b9c2c222b8a2b6954a2f6c1a625c95777af3a8dd4b92484d1c59a930b774d08c08881e61

C:\Windows\System\RMzaCnh.exe

MD5 a205a671a8fc309a00786869c53f2ec7
SHA1 a3950ea226435549ce489cc4118f527a13ed1f77
SHA256 d735b63117cecdc24c61d2798d497ffd46efafcd8015ad0ec078c186cd36207a
SHA512 8eaf0da7d6e581532a74c0f755f06b5fd82b6551ebadfbe6734ab13205befa54b91039c0c0dcf67ea49fa2c994322127028a170ed966c723565eab74e7926b78

C:\Windows\System\tJxjlhw.exe

MD5 4f4112b57bbfafc9333adc461ca27a9f
SHA1 fdd06fe54b2a18f70a81a1e57b9aba6a14791874
SHA256 6b9d4dbbffa087fdf1cfd7ff7dad9e8a5219eb5646b745bb06494f29cf5a811a
SHA512 3dcdb3e9420c476fcae537ddb3efb4a1467897af0b3e5703d99ec99d74a9b4933553ed12c5fad7c1179cf8a7ecffa0eeb360f69b1da418e117a2f8245fefaed2

C:\Windows\System\RKFfqti.exe

MD5 4eef6089f6700f75d1f977eede0d6fba
SHA1 6e33b48462d1896809c0154d0752834d2b0cbc6e
SHA256 12df3c14d84d39171fdcc746e6713cbb562d71b47be437bcbeae42aba76cb6e5
SHA512 44528c7eb2fadd61dd15a6396ab931f05fed3bcd99353ff68994efa9c3aa40f81fbb34097cd0ef518bb2f8c684d48fe75708411c84ad389e72a5e27d5f9ccceb

C:\Windows\System\NGMbSxW.exe

MD5 253fa0275da762d611248624792bb661
SHA1 74969b87b0accfd74c9284b248d70ecaeb227d27
SHA256 c16470fc1b251285d07bc7ff29e03f0c665cc3e017f6a9957d69b3e45f3814a4
SHA512 6fb9a89d1daf6bc49416ba2deb0c993d105a65e363255ce339a01d2e99a934779b2d4d1c9ff6cb8bf0438833e0d098f285ca4cb1b42c8c955d98942843b47710

memory/1368-454-0x00007FF7E9440000-0x00007FF7E9832000-memory.dmp

memory/2044-639-0x00007FF6B3C10000-0x00007FF6B4002000-memory.dmp

memory/5068-643-0x00007FF68B960000-0x00007FF68BD52000-memory.dmp

memory/3268-649-0x00007FF621D10000-0x00007FF622102000-memory.dmp

memory/1772-731-0x0000028D7E750000-0x0000028D7E772000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wnaaex0m.b4o.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1228-653-0x00007FF74E210000-0x00007FF74E602000-memory.dmp

memory/1728-652-0x00007FF763590000-0x00007FF763982000-memory.dmp

memory/1716-651-0x00007FF69F610000-0x00007FF69FA02000-memory.dmp

memory/1772-650-0x00007FF917AA0000-0x00007FF918561000-memory.dmp

memory/3152-648-0x00007FF7E9180000-0x00007FF7E9572000-memory.dmp

memory/1744-647-0x00007FF68C1C0000-0x00007FF68C5B2000-memory.dmp

memory/1600-646-0x00007FF6C0110000-0x00007FF6C0502000-memory.dmp

memory/1300-645-0x00007FF7802E0000-0x00007FF7806D2000-memory.dmp

memory/2232-644-0x00007FF66DC30000-0x00007FF66E022000-memory.dmp

memory/3520-642-0x00007FF6AABD0000-0x00007FF6AAFC2000-memory.dmp

memory/1772-641-0x00007FF917AA0000-0x00007FF918561000-memory.dmp

memory/1688-574-0x00007FF772960000-0x00007FF772D52000-memory.dmp

memory/4224-363-0x00007FF7E40F0000-0x00007FF7E44E2000-memory.dmp

memory/4728-298-0x00007FF6D7DD0000-0x00007FF6D81C2000-memory.dmp

memory/4216-295-0x00007FF7A5230000-0x00007FF7A5622000-memory.dmp

memory/5116-247-0x00007FF7E0700000-0x00007FF7E0AF2000-memory.dmp

C:\Windows\System\PGDsUGi.exe

MD5 e0384b262777c5ec6e558f3213802324
SHA1 a3648acc7e778f43b024d5195f576b10a92b5e13
SHA256 a56a126c76183e2d7d2d18fb97795430fc73aff3df8c51bf564fc3b1ae60a4b6
SHA512 940a330e426ec27ec793e9aca8be693c007313776f39cb4ef37bf9b6623c21c29797b27d4a405e758d32c601f3ef5653078f6b894160a830b403ac78fb9f621c

C:\Windows\System\XkVKTOC.exe

MD5 175d316ff578e801a6754cefc482e776
SHA1 4805055e7bea1487b3d61694f8f82a132b7bd207
SHA256 8af88ae2113a5535418751dbbaec1d559f5fee2a769e3964d43acfc5144a4d98
SHA512 ad7374a680c8c6dbb167f8303a089f3764e77583c4a5950954c4cc8df5f46f5e2d0efbcaea12608e5912f28db827095261ffb8e8cd4127ae48807596839f9bc2

C:\Windows\System\ZhOWyHb.exe

MD5 da4fd8868397952eed8d2ffc98e4d2fb
SHA1 1ff6146904753b6cab468e2ee705605ed19d2957
SHA256 8c4677de02c303316b13e2e56ab9e19feb2b50df66dee24d75c267e5a0f2c4c6
SHA512 87f0eefcb13562caa72674784fb7193f9497d003875788daec7c2a737d3974e898de992b3a2d80c809eac286c518fd9983ca4532681cd391db2099f5bc8d0864

C:\Windows\System\cEGPXEJ.exe

MD5 aee0c77ee7f620c84bc1b3c33decfc81
SHA1 d0c77549ed8999e9b0695d99c1b041a4c009034f
SHA256 083eba736660a0cc683f2110be40271ce2a1757cbf9ff66e4dedf330f2a6b37b
SHA512 4995cc3c85c68ef74efe99a75627afa06e17b7bb68931f59bffece1a0372f924eee37b337e6b2b565250d7958e2fea2746fbca8bef6e3b3e23cdb498e3575011

C:\Windows\System\exomayS.exe

MD5 f668c8d94c4efd13a213ea5779a9be44
SHA1 ef1885a38303ab65013cf7837b0f35046e7778fc
SHA256 7066cd4155e2a830a77b4ed697004a0c5622a44217110b6a6777d118e9857cef
SHA512 b59dba8626202c626ebd400310eb22e73644b75eb9454f10b8150caabfc650dc3c955623b5dca218b9bc1392815b0f6385cd1b9c4908a9257dac3172a7ea799b

C:\Windows\System\OveXCAy.exe

MD5 2f7f6c61ff4764b1dd7f7f8cd6984ecb
SHA1 ce76a6e4fac7bf8995a56f63f8c312e25f97eebf
SHA256 d40a52f341da1f7d615e966a942602f57b206524529eaadfb7c896afbe0063f9
SHA512 023049791def34c64c33183b9f7bc9a546b2738123334b9452536ed0e756f36e85d25f96e3c398721748145a99b5fb8e84b5eeb01cdefda8cc0af8a2dda5540e

C:\Windows\System\BGijCry.exe

MD5 106db550b3f64b64421929cff667a641
SHA1 845f949bbe950bbb830fd801bb4b03f73060c0c3
SHA256 e97c5bd9394e597e26b49af4443d2b0240021dd1a9b362b5c56aff422355bef9
SHA512 8326cb38ae75117f67c9a64c6b0b69ca1d367a452652190fa4e3c68f32bb27e5c3e0b56861135e59c8e150f1114d42f19b2dc78fdb4b55b35ff3602d289a33d2

C:\Windows\System\dBxNGmr.exe

MD5 6a1f0aade7e5fdd73083863974fc5ef0
SHA1 6cb39a174442eb999410e5a47ffc2be1292d8ce7
SHA256 045500cf091c98936e3f275b0f1060db1db3c2c764724ab2840bdc3fd0d09dfb
SHA512 00af3a7cef6eb7d2f5f036e3cef5dac0797adec2d9c376e86021f9d0640d59b9696842cf5da10579edbdc7b2b23843e6a0de6ebac1b4e07a4f4e035e6b57f043

C:\Windows\System\DXpGwea.exe

MD5 246fca9753742abb8a49f8ff931037cf
SHA1 e80f37aaa1bd8fd469a9b509390e2c8d53be2c7f
SHA256 601af71642fdacff3b0e1ba6f9081ea043d837ccdc24118b14ae0166cdd09413
SHA512 1aadce30ffa7acc9bd2550c815f4ecaf2e6cfc04b828ed0cc7ea722368f29009f12ef95645c426cf00002cebcdf63b815a72d257060923d55b1e48343e2b238b

C:\Windows\System\nfNdAxf.exe

MD5 34c9c99b33c9302e6e0a06b23f876374
SHA1 685715dab5631b3fa970518a46c6d2dc5bdb69f1
SHA256 9b6082b26f8cfc5f450a00803f00262f3131d374c8bf9f8ebe6244898e84e506
SHA512 ab8574da2a864ba8aa9758fdf778d2c2ae8e27479e931495f3a18b76239348962f340b21bef75845d055810a87cd298ca7e8c0bb2d3e9d9c7e9586ea3f40e3fd

memory/3292-182-0x00007FF6BE6F0000-0x00007FF6BEAE2000-memory.dmp

C:\Windows\System\AouZKYx.exe

MD5 dfc015a67eb1c57fd18d4d9bf1343baf
SHA1 ff55ad92038171352f5b75ca9ba23ed307d7aa8e
SHA256 830caa2fcd644526c79ba763769abf0726e0fe846ce8382f29ee826f919b4d66
SHA512 c4d01031a56afdc250923367784d2e342d5aa3d5d6ff37f80d454a7403053d16bb448518ec9dabadd7211611fbc9f94142a126f593649334cc2ad58edcbf95d4

C:\Windows\System\NJucOvC.exe

MD5 0d2277f9dbcff40253dbedbc7a04bec3
SHA1 ac9e82d65a2131c0d639f2f09ab7c643d813cf4d
SHA256 5e30d7d9a7af58ea4d50ae3b67660ac47473ace2555512cad75b01228867dd2b
SHA512 d31e92f2edbc6d1a83426de6995e4bd3518eacb3862822d429878a20abc937fe645d7daccbe89a1f3e4e96b39ef4b48e847252631cf95cc5d90c1342489b536b

C:\Windows\System\RfaDfTw.exe

MD5 2e0d08c5fefaa2e85620020e93937869
SHA1 c35c0a632c1bfe8d21ad40b6b469164291057678
SHA256 33f1f47544bb2a04304cbf9bcd69fb055cbab6702ee49bed528fd65bf1b55291
SHA512 0d7bd7b259d55ad1a334b186bc0b973b595134307af96e91796d3b69f470e17541544f34a8c06ac716d44bd477bc737dc9e8d3953b460f49e1927f572ce4b73f

C:\Windows\System\huBzImC.exe

MD5 2fb63c82faf1386da370955df3aba342
SHA1 e0867b9191e4ad2c425fce7a21fd01a2c47f88a2
SHA256 bbadb3ee8918a5d9cec84faea8ae2361fdb5bb9becacb699919ebaedd3e2736c
SHA512 71e4ce4d440250bbe51367a439b1537e4edce60a6a94a5ffb4ea60f37b44b742334eb84719794dedf4641fa796193e793499462ce8b3f0c4ecc4ae5215e4c1f5

C:\Windows\System\IhtoAOM.exe

MD5 6df172658700143fec2ca71253e67dda
SHA1 a0557a2f364791110f631a52ee438b813e4e551a
SHA256 d8484cb935f60999873852ad8b7bce0f76730a94d42a1330d9b510da6bb90544
SHA512 230c9720e0370b9752dd17aa8fb734b8c47a99c72fd67d26ca34b8c0a95a2b3743a6d001b43ed85961327f01e7b9b6d18646e47d8864b5542c70fe5ba6eb6a2e

C:\Windows\System\DcujSkn.exe

MD5 08efd0cf027cd3401c85e57b3616ac53
SHA1 eaea52a6bdaea6ecd9829882fc7eefdec6a91255
SHA256 d32d65a273910f76de029415eb835b9d195f469663dcc35db88b5ab7efcea7e4
SHA512 e2645d718c5cf70d1d8a01b0b022d4d9dad23d77c2bf960ee4744ff8cf1caf0ee7dab7fab414028c669ebed5f9cdbd500673ea60ab0da8ba55ee0740e09f8929

C:\Windows\System\JShXxkE.exe

MD5 cded22557afe51caae8d607bd5aff242
SHA1 43542ba76377fe63fbab9b8cbab95bd36eb5aaad
SHA256 e902c135430e7ad64f585c4d8319c536e9da5c1841c0888d688398d9d7ba7dfd
SHA512 65d56dc6bee23f0df5850b00f5794e711f614079df95788f0748bf3ba6f3e8ced53be6f23497123cc0c678cb3046982969993dbb612ca8c43c0b7938a77feb34

C:\Windows\System\fAXqiUS.exe

MD5 de73e026014509b49420a23f4502fae7
SHA1 c512e159bb268381add902097197973b4d4e1983
SHA256 271cae3f4a1f01450525f05388be20a6f810975f28b2300c1eab866969baf8ef
SHA512 9a4629ed892bd0af80f17001c62514d8ffd872184859760166ceca5bd9184aa364291dc20db684047bf9d4325261c10af4c5ce5508aeb3d630fc7de7c87d51e4

C:\Windows\System\WSQJXtU.exe

MD5 19a50068ad256da647f6036710538bd5
SHA1 21ecd3a390bc6d6f874c49c950231e9ba29bf7fd
SHA256 573523063f48e441e044b7f47c0c7d417d9689484bb3916aa44677c236d1c81b
SHA512 234759500c0548eaed91480b55750c97d2d2e8a063be4716f9da2a356ba0ff60c3ce44b5d9205e4ecea6615bc7ea3610d48ab85a9fc3f4efbf86b2ae0059cb67

memory/412-132-0x00007FF6A9530000-0x00007FF6A9922000-memory.dmp

C:\Windows\System\QFDAvMu.exe

MD5 7f5e56a5d5cb3be727ec7c7e8c05d3c1
SHA1 69189669404050948828a6bb2d2a6e6080b659c5
SHA256 368e01aabb81c6c524bc28941944586090ef2b86ee662563fd44a7b3d5188a51
SHA512 4aa756a87d46509d124b0315ae81967192ffd8d4633dca82b9eada6738fa6f260a876511aac9fa71c50700a1784de4d142df4c8af04120f0dd05c28ad0236d69

C:\Windows\System\rhbUjCZ.exe

MD5 f73463ca3858091b939388d5fa156d8f
SHA1 0a20647c1f8db5162543da962fd2554f2b259037
SHA256 3e2b4a38816f92e5d9f11c114c0b325a2cc9e4df241fbfa61476ffa3498f7061
SHA512 e5e09c99aa01d00d317d6aa08e14544ca9ad7d17a342afb22267b4bd7093afb1b79cdd2177675cfc8ad9f9e82f2018a3d5f7ba272d651a57d6fed3965a2ed722

C:\Windows\System\bbrltEg.exe

MD5 1e746f06fad69a3c2e187aa5f177b21b
SHA1 38bb04ea07faa82514b21ae3c8894b7f59f5e85c
SHA256 3b08a0e36a8d29e240651fa7b7ec11052709b32cbcefa0f3824a35ff14ea288b
SHA512 dd16da7ac5a30a7627f48571fa97660df9d7f0ce757eb824c91264d375f7b973363bd662069f25803b2ec5547ce34c559bd1c78a619c30888204c6eac33754c5

C:\Windows\System\JjevbyK.exe

MD5 129fc361de6c8c1dcd45f73c2509847a
SHA1 6e58fcc04081ff060bba62620396358ef607fb98
SHA256 168bd835b64ef47d752de1bca539b0e535d95649395d34d40933b41afa4bc82d
SHA512 1a0883ff65e8acdbc18ab7d6aea2b9e08682c7729cbf44dd816b51a42afe0deb3a1a391c6b460192a9d546ed4cf5dabc556480377c062c98a563b14170940d23

C:\Windows\System\SnMLxoo.exe

MD5 53c24db5ac9a22df29a88447a0af02ab
SHA1 3c4ad2142582381f32c11f36f00b505b032ed35c
SHA256 07eb540fcd4f5c17b3eacf9029b0748608e67079c02fa121b195f1a6125ba30e
SHA512 1a7dd049142211ec587111ec56b1b6751119a7e82ba23c43dfd1455378730db120ecb8dfd200f23849481d9fea02a97a8c8a8a5e9dfe99ba657139303ebd646f

C:\Windows\System\ldcijzu.exe

MD5 a96e674cb9b23750f2e812e00e9121c5
SHA1 0f82f0b4dcb4497b4c960ad1f8c466202db83bc3
SHA256 2d67f0005552bf2d2871152135bc733f56091570c3a2de6993b1aced7cd01050
SHA512 0314ff6e1691ffc4e9bdfc5e05b8c8d46760d5e5b29645c4acdc5490f2427e18ef456a07431bf5a79461f325cdb43c56904824896a02b195ed1c26178fe41c24

C:\Windows\System\pdLyRtq.exe

MD5 323d4e2f7095de72743f1559632692f9
SHA1 6a3684aaaff8a6131a369390ba27a10f8c330df1
SHA256 9415f5b62fab5fe287217355a109b577ab388ffb150042f4d5ab1848d2f1d821
SHA512 ea5f72895ebb15dca9f4f21604b0ea1c5b355da3766b08caa142587d9df6f01bd336b4e07e7ec2b3bf7c5a1f4979cf1e476dc0a064005acb6c2062e47c3a8b43

C:\Windows\System\dfGwOmA.exe

MD5 80f23c682f81e8e54646a4ec718e0a8d
SHA1 c63efc4aba4cd872427fec3675c82d143da91974
SHA256 6640d72f9161908a771f64f98c737e7827441798b0a2f5c2d35a0ab56cb1e3cd
SHA512 4726c7582c4d7867636e742e6a6d6404559db3ee5400fcd95052195f6d4ee4e1612259403cbd18cae6accfa92addc26e8eb76a8366dc1f69072f8a4cce15ef1b

C:\Windows\System\FNFVrDi.exe

MD5 24d1a6ba10677e76bf485d1649c23b52
SHA1 f4ab31df32cf10d7f961f83b92a16b23d12b8d64
SHA256 4db1e5a4549d72b2fef686a396e4b73b812b557a0462d80e5d2afd5212d69f27
SHA512 197a1720e20039589ecd989c104939a54dded437135e427637374e85070f2c49949c56812b99377d0feb90e33ccf4faaa18be2647cda6277d094713743359505

C:\Windows\System\JWSgZiI.exe

MD5 b045dc2b2be3eb71d5563d971bab27a6
SHA1 7dfe8150ec1311856ef890ba0de104aa22208645
SHA256 8dc759c5e9b2fddbb2d2f495f463de313fe914a4427b38fb0d61ea96a82a6bca
SHA512 bae7685505933e9900b086fb70107e69a3b3bb68c3107ee302e01f271ae1afee589a40bef9081baeb36037446aa93b58f264fbb93a980420522d8168f252c97b

C:\Windows\System\wCbUewx.exe

MD5 8daad5d607403491ed49249d5ff257e4
SHA1 193bab095cb9c7cd1d41158585fa79e1165f88a8
SHA256 302f4eed31f7a243a57c574c24ad3618dae9f46db2c492f0a850c26953e0e19d
SHA512 def4e4fce743c32bca80a821c5d0a0e0da36355fc1eb52474acf68cd77439ebd641cd9b6c950fb8b9c574f94ca80149d1641289fa8efffdd0414ceed5bd55161

C:\Windows\System\IAhzepO.exe

MD5 7662ff9903e011b51c05fd18bf201e97
SHA1 5adb373735a560ede967279d0606b4b57f22ffc2
SHA256 f1304bcb5a67d2552b491fb3ede11ca2ad8bf85c2d4eadd880ba43ffe5451294
SHA512 4798a4e29d3680842b2273bb8adf91d64adaf23a5896a647ffa073dba085c21d214c95799db869b5693d573e549c44ad32817db895f948368e4b53e9e6df2571

memory/4228-84-0x00007FF61F100000-0x00007FF61F4F2000-memory.dmp

C:\Windows\System\GGVBqBN.exe

MD5 1dbc0127cd1b62d22c7007108678a38f
SHA1 2d86734c567fc9abe61e83bb3d7084fc01dc5f0f
SHA256 bfe32d6d6da44e1affc291b0894c2154f6e9176ee01930a3bbffbfefdad9dcbc
SHA512 7f5b0e8a0a1a0b4ad90f354f52d3421f11739300d2f3d288ed36d3b95a8c37045c960a4320097d4ad147da62233a170608d419ae8522499f858be6711e555859

C:\Windows\System\tPeMumq.exe

MD5 2be77bf9586ac640b44868ee2f0ace37
SHA1 494defc10afa91fed96a6a84cd46de14fe3662a9
SHA256 0ed33d11483452579a4e10b672d61e2ea80fbe2060931f609a0fe88ec1254ef3
SHA512 a9082e8d17d0ef95e465e369b0d8b656ffa2a8026c7eccba481fda480fadd86082019682c94f615e561fd72ab5af548d9536cbe2136f45e567b9271972823cb3

C:\Windows\System\NelGIQE.exe

MD5 68fc670de51292889ae84e8c5e0030f3
SHA1 8c5d27d716ee5ff4f931ab0c1c699962e900990f
SHA256 718eb83892c9cbfbcd63250549c83be03948ff5ac85a6822b20d5b6be4e0e578
SHA512 9deb4bbce47d6765e17775e8fa7c3a4bc63f3435f5ecdde2aff1f1790dd30c4c33dc17d3f0931801b8f1d09a5f5039396f645e259fc79ca2ff35684e136ae5b6

C:\Windows\System\eYKYqhH.exe

MD5 8d29a04b1109b0c9a78f77f0ff869442
SHA1 a44f34e9387dc4c7ea7c2276a9698331d912c896
SHA256 174849dfd0adf16ea89825170d0087623b10b8d202395f938b011936f63faaa2
SHA512 a37e109b62cef5b695c26a6dd1ab1c6296bbb3a44995be692719fdd5a5c6780ce8c75c3937d65f3842861d0275b72ccfc41b9de0325d69ee5c0e91b073150da3

C:\Windows\System\mCMVFRq.exe

MD5 724b272a6dbb32a509c36728e6f42bb0
SHA1 79f3cf213c8d5b905fbf3bb00d361d977e2de0bb
SHA256 52b49a898051f4ef1e0a64044ea34aaf250312c74b9e24c3af02515d782cc36b
SHA512 81030ad1e6555ac8d1bda5fe8b9383797b2d7a7cb2473b36a1dc08ad6ec1ba061689adc73e4310ea58b38a86937d0a92dc5bcc499cc68df9dd8fa61bf8daf90e

memory/1772-45-0x00007FF917AA3000-0x00007FF917AA5000-memory.dmp

memory/1152-44-0x00007FF6D32E0000-0x00007FF6D36D2000-memory.dmp

C:\Windows\System\cYAmqVA.exe

MD5 1358aee0301c4906244a25160247841a
SHA1 7f950dc497bdb82c28204e15fa48be310afa2c40
SHA256 484ae81ee6a3cdca06433e0907d5b30010935001fc009cc49f97882c6894be9e
SHA512 01d8314593cb8d0e6edb5597420909863b404bb28a8005df80178777c14f9634d8c3a6ea56dd652e3a48247d8d3ebc5c550fc227d3eefcfa83e7602384f62760

memory/4380-51-0x00007FF7FEF00000-0x00007FF7FF2F2000-memory.dmp

memory/3168-21-0x00007FF618670000-0x00007FF618A62000-memory.dmp

memory/3168-2731-0x00007FF618670000-0x00007FF618A62000-memory.dmp

memory/1152-2734-0x00007FF6D32E0000-0x00007FF6D36D2000-memory.dmp

memory/4228-2735-0x00007FF61F100000-0x00007FF61F4F2000-memory.dmp

memory/412-2737-0x00007FF6A9530000-0x00007FF6A9922000-memory.dmp

memory/3292-2739-0x00007FF6BE6F0000-0x00007FF6BEAE2000-memory.dmp

memory/4216-2741-0x00007FF7A5230000-0x00007FF7A5622000-memory.dmp

memory/4224-2752-0x00007FF7E40F0000-0x00007FF7E44E2000-memory.dmp

memory/1688-2756-0x00007FF772960000-0x00007FF772D52000-memory.dmp

memory/1368-2755-0x00007FF7E9440000-0x00007FF7E9832000-memory.dmp

memory/5116-2749-0x00007FF7E0700000-0x00007FF7E0AF2000-memory.dmp

memory/1728-2748-0x00007FF763590000-0x00007FF763982000-memory.dmp

memory/4380-2746-0x00007FF7FEF00000-0x00007FF7FF2F2000-memory.dmp

memory/1716-2744-0x00007FF69F610000-0x00007FF69FA02000-memory.dmp

memory/3152-2788-0x00007FF7E9180000-0x00007FF7E9572000-memory.dmp

memory/5068-2784-0x00007FF68B960000-0x00007FF68BD52000-memory.dmp

memory/1600-2781-0x00007FF6C0110000-0x00007FF6C0502000-memory.dmp

memory/2044-2780-0x00007FF6B3C10000-0x00007FF6B4002000-memory.dmp

memory/4728-2773-0x00007FF6D7DD0000-0x00007FF6D81C2000-memory.dmp

memory/2232-2772-0x00007FF66DC30000-0x00007FF66E022000-memory.dmp

memory/3520-2769-0x00007FF6AABD0000-0x00007FF6AAFC2000-memory.dmp

memory/1300-2765-0x00007FF7802E0000-0x00007FF7806D2000-memory.dmp

memory/1744-2760-0x00007FF68C1C0000-0x00007FF68C5B2000-memory.dmp

memory/1228-2764-0x00007FF74E210000-0x00007FF74E602000-memory.dmp

memory/3268-2759-0x00007FF621D10000-0x00007FF622102000-memory.dmp