Malware Analysis Report

2025-04-19 18:43

Sample ID 240527-c8k6jsed93
Target 1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe
SHA256 dc41d94c63660428dd1fc1f9cb609dccb08a845c07caa56667aaef35fafab457
Tags
miner upx xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dc41d94c63660428dd1fc1f9cb609dccb08a845c07caa56667aaef35fafab457

Threat Level: Known bad

The file 1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 02:44

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 02:44

Reported

2024-05-27 02:47

Platform

win7-20240215-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fUWpuYp.exe N/A
N/A N/A C:\Windows\System\YheniUQ.exe N/A
N/A N/A C:\Windows\System\yAqldtq.exe N/A
N/A N/A C:\Windows\System\TQrnTRf.exe N/A
N/A N/A C:\Windows\System\NXcuWnt.exe N/A
N/A N/A C:\Windows\System\RAfdprV.exe N/A
N/A N/A C:\Windows\System\AvMNBCt.exe N/A
N/A N/A C:\Windows\System\aPxBtvH.exe N/A
N/A N/A C:\Windows\System\ETxLIkS.exe N/A
N/A N/A C:\Windows\System\SUCgUug.exe N/A
N/A N/A C:\Windows\System\KnzSTKI.exe N/A
N/A N/A C:\Windows\System\bMAoVXr.exe N/A
N/A N/A C:\Windows\System\cuskZAO.exe N/A
N/A N/A C:\Windows\System\ZfSfVal.exe N/A
N/A N/A C:\Windows\System\xYyQBnF.exe N/A
N/A N/A C:\Windows\System\kgCDcDz.exe N/A
N/A N/A C:\Windows\System\uNnyNbH.exe N/A
N/A N/A C:\Windows\System\SIlXTaO.exe N/A
N/A N/A C:\Windows\System\TSpJQzT.exe N/A
N/A N/A C:\Windows\System\zAtPzsR.exe N/A
N/A N/A C:\Windows\System\YNLccmK.exe N/A
N/A N/A C:\Windows\System\YSzagWZ.exe N/A
N/A N/A C:\Windows\System\uHOqzYM.exe N/A
N/A N/A C:\Windows\System\evyeNEX.exe N/A
N/A N/A C:\Windows\System\RIlqqZL.exe N/A
N/A N/A C:\Windows\System\ilVXXiz.exe N/A
N/A N/A C:\Windows\System\ibDPAEf.exe N/A
N/A N/A C:\Windows\System\gwsfSEQ.exe N/A
N/A N/A C:\Windows\System\lUlEiwT.exe N/A
N/A N/A C:\Windows\System\zTNauPf.exe N/A
N/A N/A C:\Windows\System\mkzzjIz.exe N/A
N/A N/A C:\Windows\System\OwRqBPS.exe N/A
N/A N/A C:\Windows\System\VjDHypF.exe N/A
N/A N/A C:\Windows\System\SwMcPhj.exe N/A
N/A N/A C:\Windows\System\aKdzTHB.exe N/A
N/A N/A C:\Windows\System\NOjpBHu.exe N/A
N/A N/A C:\Windows\System\LlyCQSJ.exe N/A
N/A N/A C:\Windows\System\DhnGrIB.exe N/A
N/A N/A C:\Windows\System\NXnpZfJ.exe N/A
N/A N/A C:\Windows\System\wvvubsY.exe N/A
N/A N/A C:\Windows\System\gZcaXJx.exe N/A
N/A N/A C:\Windows\System\HkAzoaU.exe N/A
N/A N/A C:\Windows\System\caVHpun.exe N/A
N/A N/A C:\Windows\System\XHngTNP.exe N/A
N/A N/A C:\Windows\System\YuNTJQS.exe N/A
N/A N/A C:\Windows\System\aPpSuKr.exe N/A
N/A N/A C:\Windows\System\jwvgpUz.exe N/A
N/A N/A C:\Windows\System\fcaXBqX.exe N/A
N/A N/A C:\Windows\System\CqjcvWX.exe N/A
N/A N/A C:\Windows\System\TIjwjcr.exe N/A
N/A N/A C:\Windows\System\zvaFlLe.exe N/A
N/A N/A C:\Windows\System\ffgKZaP.exe N/A
N/A N/A C:\Windows\System\czXbmTU.exe N/A
N/A N/A C:\Windows\System\RBDusSl.exe N/A
N/A N/A C:\Windows\System\OtWGwOP.exe N/A
N/A N/A C:\Windows\System\CQfAqxf.exe N/A
N/A N/A C:\Windows\System\FPsslkF.exe N/A
N/A N/A C:\Windows\System\AyMiyPc.exe N/A
N/A N/A C:\Windows\System\lwoiCra.exe N/A
N/A N/A C:\Windows\System\HAPRIjz.exe N/A
N/A N/A C:\Windows\System\Hdynkls.exe N/A
N/A N/A C:\Windows\System\ghFUMdL.exe N/A
N/A N/A C:\Windows\System\qmimNbB.exe N/A
N/A N/A C:\Windows\System\UtfvCyy.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HRhGULg.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\MlxliIc.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\bMAoVXr.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\VZstiHE.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlhOGbn.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\cdfBSio.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\oANZOlY.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\UjLOBwj.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\MqiznJR.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNCrnMD.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ExPckWH.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\SqdcKXw.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IuTDCLc.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\pbOdMcY.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\kairqnS.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\OTxupVh.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\NXcuWnt.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpBCMtc.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\NHZzSjN.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\zIwKiaI.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ausgqzA.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vNyxdnq.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVjwrxK.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\zrPfxNA.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ysgYwgz.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\YheniUQ.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzQZHwS.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\QYDRUuF.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\SfklHQv.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\dYsXfUK.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\yktWLgw.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEmvlpr.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ESBsKnr.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\CbPpGjg.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\KEAtYdI.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXNEVJV.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EIxUxMj.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPiqIJs.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\xbSlveI.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IEfhRCC.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJmwDAn.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EUAnWib.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFhnWKo.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\VujbIby.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\NmnJDQy.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\LtWQTmR.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\xWFOueX.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\CfgpbcS.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\jxKHkop.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnNPAdE.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\VENQWhs.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlwRJPJ.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\qoSYIBl.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\dGvnoOz.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\MQuGFBc.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\fXNkBzI.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\rYaHwyb.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\JiGMUGG.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkoYHzo.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mbckHWU.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\qKJMRYS.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\FShoXKi.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\XBfMDot.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPuYqZg.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1244 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\fUWpuYp.exe
PID 1244 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\fUWpuYp.exe
PID 1244 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\fUWpuYp.exe
PID 1244 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YheniUQ.exe
PID 1244 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YheniUQ.exe
PID 1244 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YheniUQ.exe
PID 1244 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\yAqldtq.exe
PID 1244 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\yAqldtq.exe
PID 1244 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\yAqldtq.exe
PID 1244 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\NXcuWnt.exe
PID 1244 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\NXcuWnt.exe
PID 1244 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\NXcuWnt.exe
PID 1244 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TQrnTRf.exe
PID 1244 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TQrnTRf.exe
PID 1244 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TQrnTRf.exe
PID 1244 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\AvMNBCt.exe
PID 1244 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\AvMNBCt.exe
PID 1244 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\AvMNBCt.exe
PID 1244 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\RAfdprV.exe
PID 1244 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\RAfdprV.exe
PID 1244 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\RAfdprV.exe
PID 1244 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\aPxBtvH.exe
PID 1244 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\aPxBtvH.exe
PID 1244 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\aPxBtvH.exe
PID 1244 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\KnzSTKI.exe
PID 1244 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\KnzSTKI.exe
PID 1244 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\KnzSTKI.exe
PID 1244 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ETxLIkS.exe
PID 1244 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ETxLIkS.exe
PID 1244 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ETxLIkS.exe
PID 1244 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\bMAoVXr.exe
PID 1244 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\bMAoVXr.exe
PID 1244 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\bMAoVXr.exe
PID 1244 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SUCgUug.exe
PID 1244 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SUCgUug.exe
PID 1244 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SUCgUug.exe
PID 1244 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\cuskZAO.exe
PID 1244 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\cuskZAO.exe
PID 1244 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\cuskZAO.exe
PID 1244 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ZfSfVal.exe
PID 1244 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ZfSfVal.exe
PID 1244 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ZfSfVal.exe
PID 1244 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\xYyQBnF.exe
PID 1244 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\xYyQBnF.exe
PID 1244 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\xYyQBnF.exe
PID 1244 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\kgCDcDz.exe
PID 1244 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\kgCDcDz.exe
PID 1244 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\kgCDcDz.exe
PID 1244 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\uNnyNbH.exe
PID 1244 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\uNnyNbH.exe
PID 1244 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\uNnyNbH.exe
PID 1244 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SIlXTaO.exe
PID 1244 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SIlXTaO.exe
PID 1244 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SIlXTaO.exe
PID 1244 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TSpJQzT.exe
PID 1244 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TSpJQzT.exe
PID 1244 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TSpJQzT.exe
PID 1244 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\zAtPzsR.exe
PID 1244 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\zAtPzsR.exe
PID 1244 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\zAtPzsR.exe
PID 1244 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YNLccmK.exe
PID 1244 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YNLccmK.exe
PID 1244 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YNLccmK.exe
PID 1244 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YSzagWZ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe"

C:\Windows\System\fUWpuYp.exe

C:\Windows\System\fUWpuYp.exe

C:\Windows\System\YheniUQ.exe

C:\Windows\System\YheniUQ.exe

C:\Windows\System\yAqldtq.exe

C:\Windows\System\yAqldtq.exe

C:\Windows\System\NXcuWnt.exe

C:\Windows\System\NXcuWnt.exe

C:\Windows\System\TQrnTRf.exe

C:\Windows\System\TQrnTRf.exe

C:\Windows\System\AvMNBCt.exe

C:\Windows\System\AvMNBCt.exe

C:\Windows\System\RAfdprV.exe

C:\Windows\System\RAfdprV.exe

C:\Windows\System\aPxBtvH.exe

C:\Windows\System\aPxBtvH.exe

C:\Windows\System\KnzSTKI.exe

C:\Windows\System\KnzSTKI.exe

C:\Windows\System\ETxLIkS.exe

C:\Windows\System\ETxLIkS.exe

C:\Windows\System\bMAoVXr.exe

C:\Windows\System\bMAoVXr.exe

C:\Windows\System\SUCgUug.exe

C:\Windows\System\SUCgUug.exe

C:\Windows\System\cuskZAO.exe

C:\Windows\System\cuskZAO.exe

C:\Windows\System\ZfSfVal.exe

C:\Windows\System\ZfSfVal.exe

C:\Windows\System\xYyQBnF.exe

C:\Windows\System\xYyQBnF.exe

C:\Windows\System\kgCDcDz.exe

C:\Windows\System\kgCDcDz.exe

C:\Windows\System\uNnyNbH.exe

C:\Windows\System\uNnyNbH.exe

C:\Windows\System\SIlXTaO.exe

C:\Windows\System\SIlXTaO.exe

C:\Windows\System\TSpJQzT.exe

C:\Windows\System\TSpJQzT.exe

C:\Windows\System\zAtPzsR.exe

C:\Windows\System\zAtPzsR.exe

C:\Windows\System\YNLccmK.exe

C:\Windows\System\YNLccmK.exe

C:\Windows\System\YSzagWZ.exe

C:\Windows\System\YSzagWZ.exe

C:\Windows\System\uHOqzYM.exe

C:\Windows\System\uHOqzYM.exe

C:\Windows\System\evyeNEX.exe

C:\Windows\System\evyeNEX.exe

C:\Windows\System\RIlqqZL.exe

C:\Windows\System\RIlqqZL.exe

C:\Windows\System\ilVXXiz.exe

C:\Windows\System\ilVXXiz.exe

C:\Windows\System\ibDPAEf.exe

C:\Windows\System\ibDPAEf.exe

C:\Windows\System\gwsfSEQ.exe

C:\Windows\System\gwsfSEQ.exe

C:\Windows\System\lUlEiwT.exe

C:\Windows\System\lUlEiwT.exe

C:\Windows\System\zTNauPf.exe

C:\Windows\System\zTNauPf.exe

C:\Windows\System\mkzzjIz.exe

C:\Windows\System\mkzzjIz.exe

C:\Windows\System\OwRqBPS.exe

C:\Windows\System\OwRqBPS.exe

C:\Windows\System\VjDHypF.exe

C:\Windows\System\VjDHypF.exe

C:\Windows\System\SwMcPhj.exe

C:\Windows\System\SwMcPhj.exe

C:\Windows\System\aKdzTHB.exe

C:\Windows\System\aKdzTHB.exe

C:\Windows\System\NOjpBHu.exe

C:\Windows\System\NOjpBHu.exe

C:\Windows\System\LlyCQSJ.exe

C:\Windows\System\LlyCQSJ.exe

C:\Windows\System\DhnGrIB.exe

C:\Windows\System\DhnGrIB.exe

C:\Windows\System\NXnpZfJ.exe

C:\Windows\System\NXnpZfJ.exe

C:\Windows\System\wvvubsY.exe

C:\Windows\System\wvvubsY.exe

C:\Windows\System\gZcaXJx.exe

C:\Windows\System\gZcaXJx.exe

C:\Windows\System\HkAzoaU.exe

C:\Windows\System\HkAzoaU.exe

C:\Windows\System\caVHpun.exe

C:\Windows\System\caVHpun.exe

C:\Windows\System\XHngTNP.exe

C:\Windows\System\XHngTNP.exe

C:\Windows\System\YuNTJQS.exe

C:\Windows\System\YuNTJQS.exe

C:\Windows\System\aPpSuKr.exe

C:\Windows\System\aPpSuKr.exe

C:\Windows\System\jwvgpUz.exe

C:\Windows\System\jwvgpUz.exe

C:\Windows\System\fcaXBqX.exe

C:\Windows\System\fcaXBqX.exe

C:\Windows\System\CqjcvWX.exe

C:\Windows\System\CqjcvWX.exe

C:\Windows\System\TIjwjcr.exe

C:\Windows\System\TIjwjcr.exe

C:\Windows\System\zvaFlLe.exe

C:\Windows\System\zvaFlLe.exe

C:\Windows\System\ffgKZaP.exe

C:\Windows\System\ffgKZaP.exe

C:\Windows\System\czXbmTU.exe

C:\Windows\System\czXbmTU.exe

C:\Windows\System\RBDusSl.exe

C:\Windows\System\RBDusSl.exe

C:\Windows\System\OtWGwOP.exe

C:\Windows\System\OtWGwOP.exe

C:\Windows\System\CQfAqxf.exe

C:\Windows\System\CQfAqxf.exe

C:\Windows\System\FPsslkF.exe

C:\Windows\System\FPsslkF.exe

C:\Windows\System\AyMiyPc.exe

C:\Windows\System\AyMiyPc.exe

C:\Windows\System\lwoiCra.exe

C:\Windows\System\lwoiCra.exe

C:\Windows\System\HAPRIjz.exe

C:\Windows\System\HAPRIjz.exe

C:\Windows\System\Hdynkls.exe

C:\Windows\System\Hdynkls.exe

C:\Windows\System\ghFUMdL.exe

C:\Windows\System\ghFUMdL.exe

C:\Windows\System\qmimNbB.exe

C:\Windows\System\qmimNbB.exe

C:\Windows\System\UtfvCyy.exe

C:\Windows\System\UtfvCyy.exe

C:\Windows\System\jLRUvSH.exe

C:\Windows\System\jLRUvSH.exe

C:\Windows\System\KzzrbFX.exe

C:\Windows\System\KzzrbFX.exe

C:\Windows\System\LElvuLu.exe

C:\Windows\System\LElvuLu.exe

C:\Windows\System\iWzPBPr.exe

C:\Windows\System\iWzPBPr.exe

C:\Windows\System\fywKSgP.exe

C:\Windows\System\fywKSgP.exe

C:\Windows\System\ebJqvey.exe

C:\Windows\System\ebJqvey.exe

C:\Windows\System\Qurrqip.exe

C:\Windows\System\Qurrqip.exe

C:\Windows\System\FZXgVBp.exe

C:\Windows\System\FZXgVBp.exe

C:\Windows\System\cadLGCc.exe

C:\Windows\System\cadLGCc.exe

C:\Windows\System\ASkGzvx.exe

C:\Windows\System\ASkGzvx.exe

C:\Windows\System\cSSYOyk.exe

C:\Windows\System\cSSYOyk.exe

C:\Windows\System\zuvTWIR.exe

C:\Windows\System\zuvTWIR.exe

C:\Windows\System\eBKAbWD.exe

C:\Windows\System\eBKAbWD.exe

C:\Windows\System\EJBBFnX.exe

C:\Windows\System\EJBBFnX.exe

C:\Windows\System\cvzOjXU.exe

C:\Windows\System\cvzOjXU.exe

C:\Windows\System\cNgrapF.exe

C:\Windows\System\cNgrapF.exe

C:\Windows\System\YTUOwaC.exe

C:\Windows\System\YTUOwaC.exe

C:\Windows\System\vWgenmg.exe

C:\Windows\System\vWgenmg.exe

C:\Windows\System\yFhUBzP.exe

C:\Windows\System\yFhUBzP.exe

C:\Windows\System\ZQgKefb.exe

C:\Windows\System\ZQgKefb.exe

C:\Windows\System\BDpZqHj.exe

C:\Windows\System\BDpZqHj.exe

C:\Windows\System\kgBQofE.exe

C:\Windows\System\kgBQofE.exe

C:\Windows\System\YVMpQJv.exe

C:\Windows\System\YVMpQJv.exe

C:\Windows\System\npxAQhb.exe

C:\Windows\System\npxAQhb.exe

C:\Windows\System\KiSAIeS.exe

C:\Windows\System\KiSAIeS.exe

C:\Windows\System\uCqTqhd.exe

C:\Windows\System\uCqTqhd.exe

C:\Windows\System\zOsnokb.exe

C:\Windows\System\zOsnokb.exe

C:\Windows\System\whXTQPM.exe

C:\Windows\System\whXTQPM.exe

C:\Windows\System\VoqXfFd.exe

C:\Windows\System\VoqXfFd.exe

C:\Windows\System\pobyBer.exe

C:\Windows\System\pobyBer.exe

C:\Windows\System\XNRZHxk.exe

C:\Windows\System\XNRZHxk.exe

C:\Windows\System\fNtEJvd.exe

C:\Windows\System\fNtEJvd.exe

C:\Windows\System\rhGlSGF.exe

C:\Windows\System\rhGlSGF.exe

C:\Windows\System\nJnJsHA.exe

C:\Windows\System\nJnJsHA.exe

C:\Windows\System\CZSFLuH.exe

C:\Windows\System\CZSFLuH.exe

C:\Windows\System\YovleSJ.exe

C:\Windows\System\YovleSJ.exe

C:\Windows\System\bpiKxHB.exe

C:\Windows\System\bpiKxHB.exe

C:\Windows\System\fLYewwE.exe

C:\Windows\System\fLYewwE.exe

C:\Windows\System\gCJzQgk.exe

C:\Windows\System\gCJzQgk.exe

C:\Windows\System\BEKNDHB.exe

C:\Windows\System\BEKNDHB.exe

C:\Windows\System\ilwsPrM.exe

C:\Windows\System\ilwsPrM.exe

C:\Windows\System\sFiAxvv.exe

C:\Windows\System\sFiAxvv.exe

C:\Windows\System\SMXqvkc.exe

C:\Windows\System\SMXqvkc.exe

C:\Windows\System\nRSwegw.exe

C:\Windows\System\nRSwegw.exe

C:\Windows\System\doBHPSR.exe

C:\Windows\System\doBHPSR.exe

C:\Windows\System\BtaBCFw.exe

C:\Windows\System\BtaBCFw.exe

C:\Windows\System\MOgRpXA.exe

C:\Windows\System\MOgRpXA.exe

C:\Windows\System\PDIJFOB.exe

C:\Windows\System\PDIJFOB.exe

C:\Windows\System\KnzCdTI.exe

C:\Windows\System\KnzCdTI.exe

C:\Windows\System\CWrQXYb.exe

C:\Windows\System\CWrQXYb.exe

C:\Windows\System\cFKcWvg.exe

C:\Windows\System\cFKcWvg.exe

C:\Windows\System\uVjwrxK.exe

C:\Windows\System\uVjwrxK.exe

C:\Windows\System\xbsZFSp.exe

C:\Windows\System\xbsZFSp.exe

C:\Windows\System\jPWfYKV.exe

C:\Windows\System\jPWfYKV.exe

C:\Windows\System\sLnqaZw.exe

C:\Windows\System\sLnqaZw.exe

C:\Windows\System\lmAmFku.exe

C:\Windows\System\lmAmFku.exe

C:\Windows\System\eOfvYfW.exe

C:\Windows\System\eOfvYfW.exe

C:\Windows\System\gVoIvQO.exe

C:\Windows\System\gVoIvQO.exe

C:\Windows\System\rxRstlG.exe

C:\Windows\System\rxRstlG.exe

C:\Windows\System\yBQmOIe.exe

C:\Windows\System\yBQmOIe.exe

C:\Windows\System\rsUyxmB.exe

C:\Windows\System\rsUyxmB.exe

C:\Windows\System\abcFbeH.exe

C:\Windows\System\abcFbeH.exe

C:\Windows\System\RWAzbHk.exe

C:\Windows\System\RWAzbHk.exe

C:\Windows\System\uwqTgwV.exe

C:\Windows\System\uwqTgwV.exe

C:\Windows\System\zIwKiaI.exe

C:\Windows\System\zIwKiaI.exe

C:\Windows\System\qLTcHDT.exe

C:\Windows\System\qLTcHDT.exe

C:\Windows\System\XvvJfOa.exe

C:\Windows\System\XvvJfOa.exe

C:\Windows\System\zrPfxNA.exe

C:\Windows\System\zrPfxNA.exe

C:\Windows\System\kLDwpfE.exe

C:\Windows\System\kLDwpfE.exe

C:\Windows\System\JlLxPBq.exe

C:\Windows\System\JlLxPBq.exe

C:\Windows\System\DKTGlNX.exe

C:\Windows\System\DKTGlNX.exe

C:\Windows\System\UdzTNhw.exe

C:\Windows\System\UdzTNhw.exe

C:\Windows\System\ZOwybsK.exe

C:\Windows\System\ZOwybsK.exe

C:\Windows\System\SJRmuKI.exe

C:\Windows\System\SJRmuKI.exe

C:\Windows\System\XCvBaiJ.exe

C:\Windows\System\XCvBaiJ.exe

C:\Windows\System\HFoDmgl.exe

C:\Windows\System\HFoDmgl.exe

C:\Windows\System\KjwspxU.exe

C:\Windows\System\KjwspxU.exe

C:\Windows\System\vgpRGUD.exe

C:\Windows\System\vgpRGUD.exe

C:\Windows\System\bccdiaC.exe

C:\Windows\System\bccdiaC.exe

C:\Windows\System\FdpeQLc.exe

C:\Windows\System\FdpeQLc.exe

C:\Windows\System\KShkhnZ.exe

C:\Windows\System\KShkhnZ.exe

C:\Windows\System\BbtNbni.exe

C:\Windows\System\BbtNbni.exe

C:\Windows\System\hOGXnXL.exe

C:\Windows\System\hOGXnXL.exe

C:\Windows\System\apPAPwc.exe

C:\Windows\System\apPAPwc.exe

C:\Windows\System\srxtzgR.exe

C:\Windows\System\srxtzgR.exe

C:\Windows\System\UQInfPN.exe

C:\Windows\System\UQInfPN.exe

C:\Windows\System\qbWDOqY.exe

C:\Windows\System\qbWDOqY.exe

C:\Windows\System\xLTSrAF.exe

C:\Windows\System\xLTSrAF.exe

C:\Windows\System\GBrVJDr.exe

C:\Windows\System\GBrVJDr.exe

C:\Windows\System\nPGORkA.exe

C:\Windows\System\nPGORkA.exe

C:\Windows\System\dwEUYhn.exe

C:\Windows\System\dwEUYhn.exe

C:\Windows\System\vXqdvdv.exe

C:\Windows\System\vXqdvdv.exe

C:\Windows\System\vaxSgUQ.exe

C:\Windows\System\vaxSgUQ.exe

C:\Windows\System\LXdniky.exe

C:\Windows\System\LXdniky.exe

C:\Windows\System\vkYppxY.exe

C:\Windows\System\vkYppxY.exe

C:\Windows\System\lZfqoHx.exe

C:\Windows\System\lZfqoHx.exe

C:\Windows\System\IxaKPqn.exe

C:\Windows\System\IxaKPqn.exe

C:\Windows\System\eNkhAdm.exe

C:\Windows\System\eNkhAdm.exe

C:\Windows\System\cIxPcea.exe

C:\Windows\System\cIxPcea.exe

C:\Windows\System\fLMblcg.exe

C:\Windows\System\fLMblcg.exe

C:\Windows\System\BfgDide.exe

C:\Windows\System\BfgDide.exe

C:\Windows\System\nTqEfzx.exe

C:\Windows\System\nTqEfzx.exe

C:\Windows\System\PSkIgZa.exe

C:\Windows\System\PSkIgZa.exe

C:\Windows\System\zoTJDLv.exe

C:\Windows\System\zoTJDLv.exe

C:\Windows\System\vNyxdnq.exe

C:\Windows\System\vNyxdnq.exe

C:\Windows\System\GqmqKgn.exe

C:\Windows\System\GqmqKgn.exe

C:\Windows\System\VqTBNLy.exe

C:\Windows\System\VqTBNLy.exe

C:\Windows\System\Hlhmiij.exe

C:\Windows\System\Hlhmiij.exe

C:\Windows\System\wlQPdaU.exe

C:\Windows\System\wlQPdaU.exe

C:\Windows\System\ztoSsvo.exe

C:\Windows\System\ztoSsvo.exe

C:\Windows\System\thOgTmL.exe

C:\Windows\System\thOgTmL.exe

C:\Windows\System\JFNfVjY.exe

C:\Windows\System\JFNfVjY.exe

C:\Windows\System\RFgbxgA.exe

C:\Windows\System\RFgbxgA.exe

C:\Windows\System\PPKziuT.exe

C:\Windows\System\PPKziuT.exe

C:\Windows\System\OqFjTYy.exe

C:\Windows\System\OqFjTYy.exe

C:\Windows\System\MYKpmig.exe

C:\Windows\System\MYKpmig.exe

C:\Windows\System\Bdfwoqn.exe

C:\Windows\System\Bdfwoqn.exe

C:\Windows\System\thBuhaI.exe

C:\Windows\System\thBuhaI.exe

C:\Windows\System\qiHwBPt.exe

C:\Windows\System\qiHwBPt.exe

C:\Windows\System\CPXIIXN.exe

C:\Windows\System\CPXIIXN.exe

C:\Windows\System\mpqFRBD.exe

C:\Windows\System\mpqFRBD.exe

C:\Windows\System\yvISkul.exe

C:\Windows\System\yvISkul.exe

C:\Windows\System\RYsrqsT.exe

C:\Windows\System\RYsrqsT.exe

C:\Windows\System\lMBtSrY.exe

C:\Windows\System\lMBtSrY.exe

C:\Windows\System\XaMyaqv.exe

C:\Windows\System\XaMyaqv.exe

C:\Windows\System\IGQQguJ.exe

C:\Windows\System\IGQQguJ.exe

C:\Windows\System\TrHWQKg.exe

C:\Windows\System\TrHWQKg.exe

C:\Windows\System\dNHfZop.exe

C:\Windows\System\dNHfZop.exe

C:\Windows\System\fyZFmSb.exe

C:\Windows\System\fyZFmSb.exe

C:\Windows\System\LrJcPiv.exe

C:\Windows\System\LrJcPiv.exe

C:\Windows\System\YQQDTja.exe

C:\Windows\System\YQQDTja.exe

C:\Windows\System\gkoYHzo.exe

C:\Windows\System\gkoYHzo.exe

C:\Windows\System\TjdTUPV.exe

C:\Windows\System\TjdTUPV.exe

C:\Windows\System\iPpitkE.exe

C:\Windows\System\iPpitkE.exe

C:\Windows\System\ausgqzA.exe

C:\Windows\System\ausgqzA.exe

C:\Windows\System\lleOhFM.exe

C:\Windows\System\lleOhFM.exe

C:\Windows\System\bDQklST.exe

C:\Windows\System\bDQklST.exe

C:\Windows\System\VPhaVqg.exe

C:\Windows\System\VPhaVqg.exe

C:\Windows\System\DyHudgX.exe

C:\Windows\System\DyHudgX.exe

C:\Windows\System\fNpyncQ.exe

C:\Windows\System\fNpyncQ.exe

C:\Windows\System\bEkMPNF.exe

C:\Windows\System\bEkMPNF.exe

C:\Windows\System\tRtXEXy.exe

C:\Windows\System\tRtXEXy.exe

C:\Windows\System\KNCrnMD.exe

C:\Windows\System\KNCrnMD.exe

C:\Windows\System\QhleFmr.exe

C:\Windows\System\QhleFmr.exe

C:\Windows\System\vaGUofm.exe

C:\Windows\System\vaGUofm.exe

C:\Windows\System\oANZOlY.exe

C:\Windows\System\oANZOlY.exe

C:\Windows\System\aLzynlg.exe

C:\Windows\System\aLzynlg.exe

C:\Windows\System\ObTLldL.exe

C:\Windows\System\ObTLldL.exe

C:\Windows\System\UTbGLTL.exe

C:\Windows\System\UTbGLTL.exe

C:\Windows\System\EdXNDjN.exe

C:\Windows\System\EdXNDjN.exe

C:\Windows\System\nnVWrJb.exe

C:\Windows\System\nnVWrJb.exe

C:\Windows\System\BjzAegz.exe

C:\Windows\System\BjzAegz.exe

C:\Windows\System\upRIiKi.exe

C:\Windows\System\upRIiKi.exe

C:\Windows\System\huFqrpn.exe

C:\Windows\System\huFqrpn.exe

C:\Windows\System\BpyVkSg.exe

C:\Windows\System\BpyVkSg.exe

C:\Windows\System\GLKtwWY.exe

C:\Windows\System\GLKtwWY.exe

C:\Windows\System\TcvBUbw.exe

C:\Windows\System\TcvBUbw.exe

C:\Windows\System\EiTbQac.exe

C:\Windows\System\EiTbQac.exe

C:\Windows\System\MkDXwPi.exe

C:\Windows\System\MkDXwPi.exe

C:\Windows\System\BALUzpV.exe

C:\Windows\System\BALUzpV.exe

C:\Windows\System\OhPsWJA.exe

C:\Windows\System\OhPsWJA.exe

C:\Windows\System\yJvlAhV.exe

C:\Windows\System\yJvlAhV.exe

C:\Windows\System\cNTBffZ.exe

C:\Windows\System\cNTBffZ.exe

C:\Windows\System\ZLpIKix.exe

C:\Windows\System\ZLpIKix.exe

C:\Windows\System\ttewiMw.exe

C:\Windows\System\ttewiMw.exe

C:\Windows\System\qogYwVo.exe

C:\Windows\System\qogYwVo.exe

C:\Windows\System\NPTvdcO.exe

C:\Windows\System\NPTvdcO.exe

C:\Windows\System\LPDoKsh.exe

C:\Windows\System\LPDoKsh.exe

C:\Windows\System\sSgXIaC.exe

C:\Windows\System\sSgXIaC.exe

C:\Windows\System\mBmkOfI.exe

C:\Windows\System\mBmkOfI.exe

C:\Windows\System\CHjkjbw.exe

C:\Windows\System\CHjkjbw.exe

C:\Windows\System\DFZVJMd.exe

C:\Windows\System\DFZVJMd.exe

C:\Windows\System\EWlIGjw.exe

C:\Windows\System\EWlIGjw.exe

C:\Windows\System\NmnJDQy.exe

C:\Windows\System\NmnJDQy.exe

C:\Windows\System\tVRxnnx.exe

C:\Windows\System\tVRxnnx.exe

C:\Windows\System\RFYBQlM.exe

C:\Windows\System\RFYBQlM.exe

C:\Windows\System\ogaizcP.exe

C:\Windows\System\ogaizcP.exe

C:\Windows\System\VPnvdNg.exe

C:\Windows\System\VPnvdNg.exe

C:\Windows\System\OuHSAPh.exe

C:\Windows\System\OuHSAPh.exe

C:\Windows\System\LtWQTmR.exe

C:\Windows\System\LtWQTmR.exe

C:\Windows\System\CGZHyvy.exe

C:\Windows\System\CGZHyvy.exe

C:\Windows\System\yUISAZp.exe

C:\Windows\System\yUISAZp.exe

C:\Windows\System\nbJFOkL.exe

C:\Windows\System\nbJFOkL.exe

C:\Windows\System\NHZzSjN.exe

C:\Windows\System\NHZzSjN.exe

C:\Windows\System\uunloyy.exe

C:\Windows\System\uunloyy.exe

C:\Windows\System\lUWPUZd.exe

C:\Windows\System\lUWPUZd.exe

C:\Windows\System\SXOGMcQ.exe

C:\Windows\System\SXOGMcQ.exe

C:\Windows\System\gAvmgmF.exe

C:\Windows\System\gAvmgmF.exe

C:\Windows\System\mnnxKCJ.exe

C:\Windows\System\mnnxKCJ.exe

C:\Windows\System\RHtdnhm.exe

C:\Windows\System\RHtdnhm.exe

C:\Windows\System\VazYGMU.exe

C:\Windows\System\VazYGMU.exe

C:\Windows\System\yqzvCIa.exe

C:\Windows\System\yqzvCIa.exe

C:\Windows\System\qeKHgdx.exe

C:\Windows\System\qeKHgdx.exe

C:\Windows\System\aiKJzaw.exe

C:\Windows\System\aiKJzaw.exe

C:\Windows\System\SObVqdg.exe

C:\Windows\System\SObVqdg.exe

C:\Windows\System\sLuLjYy.exe

C:\Windows\System\sLuLjYy.exe

C:\Windows\System\DmiWmhr.exe

C:\Windows\System\DmiWmhr.exe

C:\Windows\System\UXoSolF.exe

C:\Windows\System\UXoSolF.exe

C:\Windows\System\EIxUxMj.exe

C:\Windows\System\EIxUxMj.exe

C:\Windows\System\Mjnakvo.exe

C:\Windows\System\Mjnakvo.exe

C:\Windows\System\fZgTxDX.exe

C:\Windows\System\fZgTxDX.exe

C:\Windows\System\ucElzcZ.exe

C:\Windows\System\ucElzcZ.exe

C:\Windows\System\JgSHlfa.exe

C:\Windows\System\JgSHlfa.exe

C:\Windows\System\iWvvGeq.exe

C:\Windows\System\iWvvGeq.exe

C:\Windows\System\KbDBgbX.exe

C:\Windows\System\KbDBgbX.exe

C:\Windows\System\XOCsxWQ.exe

C:\Windows\System\XOCsxWQ.exe

C:\Windows\System\kgRfOxC.exe

C:\Windows\System\kgRfOxC.exe

C:\Windows\System\cfMvibL.exe

C:\Windows\System\cfMvibL.exe

C:\Windows\System\sgwmgbK.exe

C:\Windows\System\sgwmgbK.exe

C:\Windows\System\WvMMUZX.exe

C:\Windows\System\WvMMUZX.exe

C:\Windows\System\BzCeYwS.exe

C:\Windows\System\BzCeYwS.exe

C:\Windows\System\yWMptpd.exe

C:\Windows\System\yWMptpd.exe

C:\Windows\System\WKYXAbq.exe

C:\Windows\System\WKYXAbq.exe

C:\Windows\System\bXfNtZU.exe

C:\Windows\System\bXfNtZU.exe

C:\Windows\System\lAZIMIh.exe

C:\Windows\System\lAZIMIh.exe

C:\Windows\System\eyyrMJl.exe

C:\Windows\System\eyyrMJl.exe

C:\Windows\System\iLHtJlB.exe

C:\Windows\System\iLHtJlB.exe

C:\Windows\System\mdGKxXH.exe

C:\Windows\System\mdGKxXH.exe

C:\Windows\System\mmzSjJq.exe

C:\Windows\System\mmzSjJq.exe

C:\Windows\System\ATWwSLU.exe

C:\Windows\System\ATWwSLU.exe

C:\Windows\System\kBHtEwg.exe

C:\Windows\System\kBHtEwg.exe

C:\Windows\System\xbSlveI.exe

C:\Windows\System\xbSlveI.exe

C:\Windows\System\IxXsJZf.exe

C:\Windows\System\IxXsJZf.exe

C:\Windows\System\jOaueIq.exe

C:\Windows\System\jOaueIq.exe

C:\Windows\System\TjINfkf.exe

C:\Windows\System\TjINfkf.exe

C:\Windows\System\bPiqIJs.exe

C:\Windows\System\bPiqIJs.exe

C:\Windows\System\ZuQjTdo.exe

C:\Windows\System\ZuQjTdo.exe

C:\Windows\System\LETeQfw.exe

C:\Windows\System\LETeQfw.exe

C:\Windows\System\SqCwTEu.exe

C:\Windows\System\SqCwTEu.exe

C:\Windows\System\muzjaKj.exe

C:\Windows\System\muzjaKj.exe

C:\Windows\System\nFDEZjF.exe

C:\Windows\System\nFDEZjF.exe

C:\Windows\System\VBWMSKz.exe

C:\Windows\System\VBWMSKz.exe

C:\Windows\System\BNSIMhp.exe

C:\Windows\System\BNSIMhp.exe

C:\Windows\System\kMveaHR.exe

C:\Windows\System\kMveaHR.exe

C:\Windows\System\RsYngwT.exe

C:\Windows\System\RsYngwT.exe

C:\Windows\System\izVXsMW.exe

C:\Windows\System\izVXsMW.exe

C:\Windows\System\lhdwDlk.exe

C:\Windows\System\lhdwDlk.exe

C:\Windows\System\LcKXQQT.exe

C:\Windows\System\LcKXQQT.exe

C:\Windows\System\VqQUowF.exe

C:\Windows\System\VqQUowF.exe

C:\Windows\System\OhJfTAI.exe

C:\Windows\System\OhJfTAI.exe

C:\Windows\System\bQtvyTA.exe

C:\Windows\System\bQtvyTA.exe

C:\Windows\System\aCDWsJi.exe

C:\Windows\System\aCDWsJi.exe

C:\Windows\System\oVnVYqp.exe

C:\Windows\System\oVnVYqp.exe

C:\Windows\System\tSXhexc.exe

C:\Windows\System\tSXhexc.exe

C:\Windows\System\EfeGUmZ.exe

C:\Windows\System\EfeGUmZ.exe

C:\Windows\System\voEpZzx.exe

C:\Windows\System\voEpZzx.exe

C:\Windows\System\YwnztJx.exe

C:\Windows\System\YwnztJx.exe

C:\Windows\System\JSBNMBO.exe

C:\Windows\System\JSBNMBO.exe

C:\Windows\System\KALHwPf.exe

C:\Windows\System\KALHwPf.exe

C:\Windows\System\aJSNHSB.exe

C:\Windows\System\aJSNHSB.exe

C:\Windows\System\kZaFdaC.exe

C:\Windows\System\kZaFdaC.exe

C:\Windows\System\yNuejso.exe

C:\Windows\System\yNuejso.exe

C:\Windows\System\aUJJibL.exe

C:\Windows\System\aUJJibL.exe

C:\Windows\System\pcDwsfZ.exe

C:\Windows\System\pcDwsfZ.exe

C:\Windows\System\TlTAaqC.exe

C:\Windows\System\TlTAaqC.exe

C:\Windows\System\NWpXHdH.exe

C:\Windows\System\NWpXHdH.exe

C:\Windows\System\ZuvCjDC.exe

C:\Windows\System\ZuvCjDC.exe

C:\Windows\System\GgClavy.exe

C:\Windows\System\GgClavy.exe

C:\Windows\System\qKJMRYS.exe

C:\Windows\System\qKJMRYS.exe

C:\Windows\System\cjUFMdD.exe

C:\Windows\System\cjUFMdD.exe

C:\Windows\System\NBlYgQN.exe

C:\Windows\System\NBlYgQN.exe

C:\Windows\System\EfXfVSV.exe

C:\Windows\System\EfXfVSV.exe

C:\Windows\System\OPsCdAi.exe

C:\Windows\System\OPsCdAi.exe

C:\Windows\System\lRzlXyJ.exe

C:\Windows\System\lRzlXyJ.exe

C:\Windows\System\sclVWLd.exe

C:\Windows\System\sclVWLd.exe

C:\Windows\System\oIxRIuD.exe

C:\Windows\System\oIxRIuD.exe

C:\Windows\System\JmjQgeR.exe

C:\Windows\System\JmjQgeR.exe

C:\Windows\System\JcCiDsS.exe

C:\Windows\System\JcCiDsS.exe

C:\Windows\System\OHolkxm.exe

C:\Windows\System\OHolkxm.exe

C:\Windows\System\dhkayII.exe

C:\Windows\System\dhkayII.exe

C:\Windows\System\RzRNilM.exe

C:\Windows\System\RzRNilM.exe

C:\Windows\System\SkNXfFH.exe

C:\Windows\System\SkNXfFH.exe

C:\Windows\System\hTPeSqE.exe

C:\Windows\System\hTPeSqE.exe

C:\Windows\System\dmNITpb.exe

C:\Windows\System\dmNITpb.exe

C:\Windows\System\GikhIJk.exe

C:\Windows\System\GikhIJk.exe

C:\Windows\System\eWFFzYu.exe

C:\Windows\System\eWFFzYu.exe

C:\Windows\System\JxonLgi.exe

C:\Windows\System\JxonLgi.exe

C:\Windows\System\yuEDsat.exe

C:\Windows\System\yuEDsat.exe

C:\Windows\System\RGlbIaG.exe

C:\Windows\System\RGlbIaG.exe

C:\Windows\System\VZstiHE.exe

C:\Windows\System\VZstiHE.exe

C:\Windows\System\VJvUaXa.exe

C:\Windows\System\VJvUaXa.exe

C:\Windows\System\wLiqTCY.exe

C:\Windows\System\wLiqTCY.exe

C:\Windows\System\BxDMeJR.exe

C:\Windows\System\BxDMeJR.exe

C:\Windows\System\mgjUePX.exe

C:\Windows\System\mgjUePX.exe

C:\Windows\System\jcCxHCZ.exe

C:\Windows\System\jcCxHCZ.exe

C:\Windows\System\iNiBduC.exe

C:\Windows\System\iNiBduC.exe

C:\Windows\System\rvcPjma.exe

C:\Windows\System\rvcPjma.exe

C:\Windows\System\qcENhIc.exe

C:\Windows\System\qcENhIc.exe

C:\Windows\System\fiqTBJV.exe

C:\Windows\System\fiqTBJV.exe

C:\Windows\System\HlnPTjg.exe

C:\Windows\System\HlnPTjg.exe

C:\Windows\System\gBPKyow.exe

C:\Windows\System\gBPKyow.exe

C:\Windows\System\dPtfwWW.exe

C:\Windows\System\dPtfwWW.exe

C:\Windows\System\FqYxuNQ.exe

C:\Windows\System\FqYxuNQ.exe

C:\Windows\System\gavPySP.exe

C:\Windows\System\gavPySP.exe

C:\Windows\System\ZgrDusS.exe

C:\Windows\System\ZgrDusS.exe

C:\Windows\System\MHrLMeH.exe

C:\Windows\System\MHrLMeH.exe

C:\Windows\System\RBGOTSL.exe

C:\Windows\System\RBGOTSL.exe

C:\Windows\System\fVocRhj.exe

C:\Windows\System\fVocRhj.exe

C:\Windows\System\FDFvYGL.exe

C:\Windows\System\FDFvYGL.exe

C:\Windows\System\BumDCLl.exe

C:\Windows\System\BumDCLl.exe

C:\Windows\System\JoDhXwJ.exe

C:\Windows\System\JoDhXwJ.exe

C:\Windows\System\lrOuDsW.exe

C:\Windows\System\lrOuDsW.exe

C:\Windows\System\QAcJbMk.exe

C:\Windows\System\QAcJbMk.exe

C:\Windows\System\lQSStVQ.exe

C:\Windows\System\lQSStVQ.exe

C:\Windows\System\yhwreKn.exe

C:\Windows\System\yhwreKn.exe

C:\Windows\System\TsRWeSU.exe

C:\Windows\System\TsRWeSU.exe

C:\Windows\System\jAehUTN.exe

C:\Windows\System\jAehUTN.exe

C:\Windows\System\ilxUOEq.exe

C:\Windows\System\ilxUOEq.exe

C:\Windows\System\drdsCxx.exe

C:\Windows\System\drdsCxx.exe

C:\Windows\System\gCpnjIQ.exe

C:\Windows\System\gCpnjIQ.exe

C:\Windows\System\FrdAFYt.exe

C:\Windows\System\FrdAFYt.exe

C:\Windows\System\bEMkyQY.exe

C:\Windows\System\bEMkyQY.exe

C:\Windows\System\lzxkBqo.exe

C:\Windows\System\lzxkBqo.exe

C:\Windows\System\lMBnDju.exe

C:\Windows\System\lMBnDju.exe

C:\Windows\System\AGuFZgJ.exe

C:\Windows\System\AGuFZgJ.exe

C:\Windows\System\InRTzem.exe

C:\Windows\System\InRTzem.exe

C:\Windows\System\wHhkRpa.exe

C:\Windows\System\wHhkRpa.exe

C:\Windows\System\mqZlysL.exe

C:\Windows\System\mqZlysL.exe

C:\Windows\System\UqgJjLz.exe

C:\Windows\System\UqgJjLz.exe

C:\Windows\System\lcmLLEt.exe

C:\Windows\System\lcmLLEt.exe

C:\Windows\System\bTaksEN.exe

C:\Windows\System\bTaksEN.exe

C:\Windows\System\BhsGlOc.exe

C:\Windows\System\BhsGlOc.exe

C:\Windows\System\oFCGUIw.exe

C:\Windows\System\oFCGUIw.exe

C:\Windows\System\LkikSwb.exe

C:\Windows\System\LkikSwb.exe

C:\Windows\System\lWvPGns.exe

C:\Windows\System\lWvPGns.exe

C:\Windows\System\FlDngqP.exe

C:\Windows\System\FlDngqP.exe

C:\Windows\System\cbKnTfG.exe

C:\Windows\System\cbKnTfG.exe

C:\Windows\System\LWWFpeP.exe

C:\Windows\System\LWWFpeP.exe

C:\Windows\System\IEfhRCC.exe

C:\Windows\System\IEfhRCC.exe

C:\Windows\System\Qfddpeh.exe

C:\Windows\System\Qfddpeh.exe

C:\Windows\System\qfPiSzZ.exe

C:\Windows\System\qfPiSzZ.exe

C:\Windows\System\EbevhVk.exe

C:\Windows\System\EbevhVk.exe

C:\Windows\System\AlACwlp.exe

C:\Windows\System\AlACwlp.exe

C:\Windows\System\SAyTqca.exe

C:\Windows\System\SAyTqca.exe

C:\Windows\System\yktWLgw.exe

C:\Windows\System\yktWLgw.exe

C:\Windows\System\uhMPfIg.exe

C:\Windows\System\uhMPfIg.exe

C:\Windows\System\FSmtKIF.exe

C:\Windows\System\FSmtKIF.exe

C:\Windows\System\lgxQVHo.exe

C:\Windows\System\lgxQVHo.exe

C:\Windows\System\oUYtoaK.exe

C:\Windows\System\oUYtoaK.exe

C:\Windows\System\uHzfyGx.exe

C:\Windows\System\uHzfyGx.exe

C:\Windows\System\CGfIHyO.exe

C:\Windows\System\CGfIHyO.exe

C:\Windows\System\IWlLVPV.exe

C:\Windows\System\IWlLVPV.exe

C:\Windows\System\uxWVBHi.exe

C:\Windows\System\uxWVBHi.exe

C:\Windows\System\mbckHWU.exe

C:\Windows\System\mbckHWU.exe

C:\Windows\System\opqSZMB.exe

C:\Windows\System\opqSZMB.exe

C:\Windows\System\DYgiUSd.exe

C:\Windows\System\DYgiUSd.exe

C:\Windows\System\FgiJYWA.exe

C:\Windows\System\FgiJYWA.exe

C:\Windows\System\krlXTRs.exe

C:\Windows\System\krlXTRs.exe

C:\Windows\System\IzjYaFT.exe

C:\Windows\System\IzjYaFT.exe

C:\Windows\System\WkTTAgU.exe

C:\Windows\System\WkTTAgU.exe

C:\Windows\System\KKZvwOU.exe

C:\Windows\System\KKZvwOU.exe

C:\Windows\System\EgYTbJS.exe

C:\Windows\System\EgYTbJS.exe

C:\Windows\System\rKtgRGO.exe

C:\Windows\System\rKtgRGO.exe

C:\Windows\System\UVGYiWF.exe

C:\Windows\System\UVGYiWF.exe

C:\Windows\System\FElcIpB.exe

C:\Windows\System\FElcIpB.exe

C:\Windows\System\TqAdGhH.exe

C:\Windows\System\TqAdGhH.exe

C:\Windows\System\RxByezQ.exe

C:\Windows\System\RxByezQ.exe

C:\Windows\System\zizKvBX.exe

C:\Windows\System\zizKvBX.exe

C:\Windows\System\atchElq.exe

C:\Windows\System\atchElq.exe

C:\Windows\System\JjvXjSf.exe

C:\Windows\System\JjvXjSf.exe

C:\Windows\System\VexPenn.exe

C:\Windows\System\VexPenn.exe

C:\Windows\System\IqXiYHx.exe

C:\Windows\System\IqXiYHx.exe

C:\Windows\System\fucGlSv.exe

C:\Windows\System\fucGlSv.exe

C:\Windows\System\LpMWVyL.exe

C:\Windows\System\LpMWVyL.exe

C:\Windows\System\uOBqjAf.exe

C:\Windows\System\uOBqjAf.exe

C:\Windows\System\yIXEnKc.exe

C:\Windows\System\yIXEnKc.exe

C:\Windows\System\nAUQLXS.exe

C:\Windows\System\nAUQLXS.exe

C:\Windows\System\FShoXKi.exe

C:\Windows\System\FShoXKi.exe

C:\Windows\System\cPjshDa.exe

C:\Windows\System\cPjshDa.exe

C:\Windows\System\zNzmIcf.exe

C:\Windows\System\zNzmIcf.exe

C:\Windows\System\ESEhIJu.exe

C:\Windows\System\ESEhIJu.exe

C:\Windows\System\YlDlwCP.exe

C:\Windows\System\YlDlwCP.exe

C:\Windows\System\GmzMTaC.exe

C:\Windows\System\GmzMTaC.exe

C:\Windows\System\AlaWvgJ.exe

C:\Windows\System\AlaWvgJ.exe

C:\Windows\System\FWwXXTE.exe

C:\Windows\System\FWwXXTE.exe

C:\Windows\System\CphTzXy.exe

C:\Windows\System\CphTzXy.exe

C:\Windows\System\UjLOBwj.exe

C:\Windows\System\UjLOBwj.exe

C:\Windows\System\hTnGyic.exe

C:\Windows\System\hTnGyic.exe

C:\Windows\System\xfzcicQ.exe

C:\Windows\System\xfzcicQ.exe

C:\Windows\System\dOFnimT.exe

C:\Windows\System\dOFnimT.exe

C:\Windows\System\vasgYpu.exe

C:\Windows\System\vasgYpu.exe

C:\Windows\System\uCcYuoo.exe

C:\Windows\System\uCcYuoo.exe

C:\Windows\System\NjOtmui.exe

C:\Windows\System\NjOtmui.exe

C:\Windows\System\HmCgfIv.exe

C:\Windows\System\HmCgfIv.exe

C:\Windows\System\dikUfUr.exe

C:\Windows\System\dikUfUr.exe

C:\Windows\System\YNxXghv.exe

C:\Windows\System\YNxXghv.exe

C:\Windows\System\nDFJTFn.exe

C:\Windows\System\nDFJTFn.exe

C:\Windows\System\LGNizWl.exe

C:\Windows\System\LGNizWl.exe

C:\Windows\System\yPDinUY.exe

C:\Windows\System\yPDinUY.exe

C:\Windows\System\dAnJgZs.exe

C:\Windows\System\dAnJgZs.exe

C:\Windows\System\BoCtCiG.exe

C:\Windows\System\BoCtCiG.exe

C:\Windows\System\XKXtsjJ.exe

C:\Windows\System\XKXtsjJ.exe

C:\Windows\System\UylbShq.exe

C:\Windows\System\UylbShq.exe

C:\Windows\System\imDyWvo.exe

C:\Windows\System\imDyWvo.exe

C:\Windows\System\RTJnYlp.exe

C:\Windows\System\RTJnYlp.exe

C:\Windows\System\jAaOJRx.exe

C:\Windows\System\jAaOJRx.exe

C:\Windows\System\EKOTsWB.exe

C:\Windows\System\EKOTsWB.exe

C:\Windows\System\XJFKnlQ.exe

C:\Windows\System\XJFKnlQ.exe

C:\Windows\System\XClwHTj.exe

C:\Windows\System\XClwHTj.exe

C:\Windows\System\XBfMDot.exe

C:\Windows\System\XBfMDot.exe

C:\Windows\System\hHnVvtl.exe

C:\Windows\System\hHnVvtl.exe

C:\Windows\System\vZHoaKp.exe

C:\Windows\System\vZHoaKp.exe

C:\Windows\System\odvEXom.exe

C:\Windows\System\odvEXom.exe

C:\Windows\System\ZJJkyfz.exe

C:\Windows\System\ZJJkyfz.exe

C:\Windows\System\tCcOWhz.exe

C:\Windows\System\tCcOWhz.exe

C:\Windows\System\fDaaETD.exe

C:\Windows\System\fDaaETD.exe

C:\Windows\System\eqERIHE.exe

C:\Windows\System\eqERIHE.exe

C:\Windows\System\MgTDIbJ.exe

C:\Windows\System\MgTDIbJ.exe

C:\Windows\System\TyXVpYr.exe

C:\Windows\System\TyXVpYr.exe

C:\Windows\System\wAhmdLf.exe

C:\Windows\System\wAhmdLf.exe

C:\Windows\System\AuLyapD.exe

C:\Windows\System\AuLyapD.exe

C:\Windows\System\ZjzYDDI.exe

C:\Windows\System\ZjzYDDI.exe

C:\Windows\System\apUEdFN.exe

C:\Windows\System\apUEdFN.exe

C:\Windows\System\ikAMYaU.exe

C:\Windows\System\ikAMYaU.exe

C:\Windows\System\NmLytiJ.exe

C:\Windows\System\NmLytiJ.exe

C:\Windows\System\annuxHM.exe

C:\Windows\System\annuxHM.exe

C:\Windows\System\XforrCJ.exe

C:\Windows\System\XforrCJ.exe

C:\Windows\System\aFQhoGa.exe

C:\Windows\System\aFQhoGa.exe

C:\Windows\System\rOqfjjf.exe

C:\Windows\System\rOqfjjf.exe

C:\Windows\System\rrXORzL.exe

C:\Windows\System\rrXORzL.exe

C:\Windows\System\fXNkBzI.exe

C:\Windows\System\fXNkBzI.exe

C:\Windows\System\xooPiYZ.exe

C:\Windows\System\xooPiYZ.exe

C:\Windows\System\LXaoYBl.exe

C:\Windows\System\LXaoYBl.exe

C:\Windows\System\sjyflIP.exe

C:\Windows\System\sjyflIP.exe

C:\Windows\System\gkeWMva.exe

C:\Windows\System\gkeWMva.exe

C:\Windows\System\iCFEjPU.exe

C:\Windows\System\iCFEjPU.exe

C:\Windows\System\TLiVNmM.exe

C:\Windows\System\TLiVNmM.exe

C:\Windows\System\GWjWtjH.exe

C:\Windows\System\GWjWtjH.exe

C:\Windows\System\oSBbfOt.exe

C:\Windows\System\oSBbfOt.exe

C:\Windows\System\KpUkdEJ.exe

C:\Windows\System\KpUkdEJ.exe

C:\Windows\System\ecBqxtm.exe

C:\Windows\System\ecBqxtm.exe

C:\Windows\System\vEmvlpr.exe

C:\Windows\System\vEmvlpr.exe

C:\Windows\System\VWYvdon.exe

C:\Windows\System\VWYvdon.exe

C:\Windows\System\AKKGJUC.exe

C:\Windows\System\AKKGJUC.exe

C:\Windows\System\PqMgLAc.exe

C:\Windows\System\PqMgLAc.exe

C:\Windows\System\JiGMUGG.exe

C:\Windows\System\JiGMUGG.exe

C:\Windows\System\iIXvIoH.exe

C:\Windows\System\iIXvIoH.exe

C:\Windows\System\kphXgHp.exe

C:\Windows\System\kphXgHp.exe

C:\Windows\System\ZHMYvdp.exe

C:\Windows\System\ZHMYvdp.exe

C:\Windows\System\LKaJwAB.exe

C:\Windows\System\LKaJwAB.exe

C:\Windows\System\KEqDKSk.exe

C:\Windows\System\KEqDKSk.exe

C:\Windows\System\bQPYgGe.exe

C:\Windows\System\bQPYgGe.exe

C:\Windows\System\IiQMWxE.exe

C:\Windows\System\IiQMWxE.exe

C:\Windows\System\imKluVK.exe

C:\Windows\System\imKluVK.exe

C:\Windows\System\MLucfuf.exe

C:\Windows\System\MLucfuf.exe

C:\Windows\System\NHbdbTX.exe

C:\Windows\System\NHbdbTX.exe

C:\Windows\System\yeojmho.exe

C:\Windows\System\yeojmho.exe

C:\Windows\System\CfgpbcS.exe

C:\Windows\System\CfgpbcS.exe

C:\Windows\System\eKQaoLI.exe

C:\Windows\System\eKQaoLI.exe

C:\Windows\System\OBgUmCX.exe

C:\Windows\System\OBgUmCX.exe

C:\Windows\System\MljYNjD.exe

C:\Windows\System\MljYNjD.exe

C:\Windows\System\hxRGxYl.exe

C:\Windows\System\hxRGxYl.exe

C:\Windows\System\VTGaciI.exe

C:\Windows\System\VTGaciI.exe

C:\Windows\System\pIhxGbv.exe

C:\Windows\System\pIhxGbv.exe

C:\Windows\System\uuWJPLU.exe

C:\Windows\System\uuWJPLU.exe

C:\Windows\System\ENzthpY.exe

C:\Windows\System\ENzthpY.exe

C:\Windows\System\LIkLMuo.exe

C:\Windows\System\LIkLMuo.exe

C:\Windows\System\VLYinJn.exe

C:\Windows\System\VLYinJn.exe

C:\Windows\System\tOKpmoa.exe

C:\Windows\System\tOKpmoa.exe

C:\Windows\System\wlrIakB.exe

C:\Windows\System\wlrIakB.exe

C:\Windows\System\pGTEgMu.exe

C:\Windows\System\pGTEgMu.exe

C:\Windows\System\zbNrqsU.exe

C:\Windows\System\zbNrqsU.exe

C:\Windows\System\YpXJMoR.exe

C:\Windows\System\YpXJMoR.exe

C:\Windows\System\qkslOZc.exe

C:\Windows\System\qkslOZc.exe

C:\Windows\System\ttPsShT.exe

C:\Windows\System\ttPsShT.exe

C:\Windows\System\bNQUfua.exe

C:\Windows\System\bNQUfua.exe

C:\Windows\System\pNwwycq.exe

C:\Windows\System\pNwwycq.exe

C:\Windows\System\LJASVPb.exe

C:\Windows\System\LJASVPb.exe

C:\Windows\System\FiUrxqp.exe

C:\Windows\System\FiUrxqp.exe

C:\Windows\System\IpBCMtc.exe

C:\Windows\System\IpBCMtc.exe

C:\Windows\System\SfyfULg.exe

C:\Windows\System\SfyfULg.exe

C:\Windows\System\oYtShQS.exe

C:\Windows\System\oYtShQS.exe

C:\Windows\System\BHYnTjw.exe

C:\Windows\System\BHYnTjw.exe

C:\Windows\System\vDBrBSG.exe

C:\Windows\System\vDBrBSG.exe

C:\Windows\System\grCsQoU.exe

C:\Windows\System\grCsQoU.exe

C:\Windows\System\OsKeAUS.exe

C:\Windows\System\OsKeAUS.exe

C:\Windows\System\RLysAOo.exe

C:\Windows\System\RLysAOo.exe

C:\Windows\System\dlhOGbn.exe

C:\Windows\System\dlhOGbn.exe

C:\Windows\System\PDdDdAk.exe

C:\Windows\System\PDdDdAk.exe

C:\Windows\System\SqdcKXw.exe

C:\Windows\System\SqdcKXw.exe

C:\Windows\System\vRgwewD.exe

C:\Windows\System\vRgwewD.exe

C:\Windows\System\HsNWecE.exe

C:\Windows\System\HsNWecE.exe

C:\Windows\System\znpGxVd.exe

C:\Windows\System\znpGxVd.exe

C:\Windows\System\oJUFWoV.exe

C:\Windows\System\oJUFWoV.exe

C:\Windows\System\npfxPHc.exe

C:\Windows\System\npfxPHc.exe

C:\Windows\System\aitSjVC.exe

C:\Windows\System\aitSjVC.exe

C:\Windows\System\cxcKuAa.exe

C:\Windows\System\cxcKuAa.exe

C:\Windows\System\IuTDCLc.exe

C:\Windows\System\IuTDCLc.exe

C:\Windows\System\LHzrzms.exe

C:\Windows\System\LHzrzms.exe

C:\Windows\System\bNVzJXY.exe

C:\Windows\System\bNVzJXY.exe

C:\Windows\System\IwOdUgh.exe

C:\Windows\System\IwOdUgh.exe

C:\Windows\System\LJmwDAn.exe

C:\Windows\System\LJmwDAn.exe

C:\Windows\System\EKHIiwg.exe

C:\Windows\System\EKHIiwg.exe

C:\Windows\System\jEWupsc.exe

C:\Windows\System\jEWupsc.exe

C:\Windows\System\ImLNhCZ.exe

C:\Windows\System\ImLNhCZ.exe

C:\Windows\System\DMXGCQO.exe

C:\Windows\System\DMXGCQO.exe

C:\Windows\System\zvtJKLK.exe

C:\Windows\System\zvtJKLK.exe

C:\Windows\System\uyxKKcS.exe

C:\Windows\System\uyxKKcS.exe

C:\Windows\System\bCbIqAW.exe

C:\Windows\System\bCbIqAW.exe

C:\Windows\System\dQtilyE.exe

C:\Windows\System\dQtilyE.exe

C:\Windows\System\vVOegLd.exe

C:\Windows\System\vVOegLd.exe

C:\Windows\System\zCLrHxX.exe

C:\Windows\System\zCLrHxX.exe

C:\Windows\System\MxpXgtp.exe

C:\Windows\System\MxpXgtp.exe

C:\Windows\System\OJpMIOE.exe

C:\Windows\System\OJpMIOE.exe

C:\Windows\System\cnphoXs.exe

C:\Windows\System\cnphoXs.exe

C:\Windows\System\LpymnHp.exe

C:\Windows\System\LpymnHp.exe

C:\Windows\System\ttyjxLx.exe

C:\Windows\System\ttyjxLx.exe

C:\Windows\System\zQLlkIc.exe

C:\Windows\System\zQLlkIc.exe

C:\Windows\System\OQCUdrU.exe

C:\Windows\System\OQCUdrU.exe

C:\Windows\System\JwbJSih.exe

C:\Windows\System\JwbJSih.exe

C:\Windows\System\iCLTozI.exe

C:\Windows\System\iCLTozI.exe

C:\Windows\System\jMhxCeK.exe

C:\Windows\System\jMhxCeK.exe

C:\Windows\System\kyciOuD.exe

C:\Windows\System\kyciOuD.exe

C:\Windows\System\NbuqEQD.exe

C:\Windows\System\NbuqEQD.exe

C:\Windows\System\XCEiyqg.exe

C:\Windows\System\XCEiyqg.exe

C:\Windows\System\wJKAEVd.exe

C:\Windows\System\wJKAEVd.exe

C:\Windows\System\SakFgqV.exe

C:\Windows\System\SakFgqV.exe

C:\Windows\System\YKaDtMd.exe

C:\Windows\System\YKaDtMd.exe

C:\Windows\System\GtSAqkg.exe

C:\Windows\System\GtSAqkg.exe

C:\Windows\System\PsRZLsQ.exe

C:\Windows\System\PsRZLsQ.exe

C:\Windows\System\GMvtofZ.exe

C:\Windows\System\GMvtofZ.exe

C:\Windows\System\ecYGrwz.exe

C:\Windows\System\ecYGrwz.exe

C:\Windows\System\TUBaktI.exe

C:\Windows\System\TUBaktI.exe

C:\Windows\System\yIIrlzE.exe

C:\Windows\System\yIIrlzE.exe

C:\Windows\System\YWnNrfb.exe

C:\Windows\System\YWnNrfb.exe

C:\Windows\System\AmBaOyC.exe

C:\Windows\System\AmBaOyC.exe

C:\Windows\System\kRZviRp.exe

C:\Windows\System\kRZviRp.exe

C:\Windows\System\TOPRVTn.exe

C:\Windows\System\TOPRVTn.exe

C:\Windows\System\MEYcCIs.exe

C:\Windows\System\MEYcCIs.exe

C:\Windows\System\VoIIkzd.exe

C:\Windows\System\VoIIkzd.exe

C:\Windows\System\YphABcG.exe

C:\Windows\System\YphABcG.exe

C:\Windows\System\SFsrJfW.exe

C:\Windows\System\SFsrJfW.exe

C:\Windows\System\TVqQzLn.exe

C:\Windows\System\TVqQzLn.exe

C:\Windows\System\KVMlyPQ.exe

C:\Windows\System\KVMlyPQ.exe

C:\Windows\System\VONTuRI.exe

C:\Windows\System\VONTuRI.exe

C:\Windows\System\hXNJNjL.exe

C:\Windows\System\hXNJNjL.exe

C:\Windows\System\jORmKGA.exe

C:\Windows\System\jORmKGA.exe

C:\Windows\System\nGLrlBF.exe

C:\Windows\System\nGLrlBF.exe

C:\Windows\System\hvYudZI.exe

C:\Windows\System\hvYudZI.exe

C:\Windows\System\umlvOAn.exe

C:\Windows\System\umlvOAn.exe

C:\Windows\System\rrcMiZb.exe

C:\Windows\System\rrcMiZb.exe

C:\Windows\System\Mcsvuzk.exe

C:\Windows\System\Mcsvuzk.exe

C:\Windows\System\ZuATqie.exe

C:\Windows\System\ZuATqie.exe

C:\Windows\System\YUVrvbA.exe

C:\Windows\System\YUVrvbA.exe

C:\Windows\System\CdogbSs.exe

C:\Windows\System\CdogbSs.exe

C:\Windows\System\QqATcyv.exe

C:\Windows\System\QqATcyv.exe

C:\Windows\System\IEntSBs.exe

C:\Windows\System\IEntSBs.exe

C:\Windows\System\IrcCYZi.exe

C:\Windows\System\IrcCYZi.exe

C:\Windows\System\oRcyytm.exe

C:\Windows\System\oRcyytm.exe

C:\Windows\System\bqcTxmZ.exe

C:\Windows\System\bqcTxmZ.exe

C:\Windows\System\chrReSO.exe

C:\Windows\System\chrReSO.exe

C:\Windows\System\qIDLjbC.exe

C:\Windows\System\qIDLjbC.exe

C:\Windows\System\qThPoAQ.exe

C:\Windows\System\qThPoAQ.exe

C:\Windows\System\sbMpPtw.exe

C:\Windows\System\sbMpPtw.exe

C:\Windows\System\TcxhwvP.exe

C:\Windows\System\TcxhwvP.exe

C:\Windows\System\ZcxtbkQ.exe

C:\Windows\System\ZcxtbkQ.exe

C:\Windows\System\auoxRIM.exe

C:\Windows\System\auoxRIM.exe

C:\Windows\System\XDNyOUS.exe

C:\Windows\System\XDNyOUS.exe

C:\Windows\System\KoxPLSz.exe

C:\Windows\System\KoxPLSz.exe

C:\Windows\System\EAuEHtd.exe

C:\Windows\System\EAuEHtd.exe

C:\Windows\System\AFytaus.exe

C:\Windows\System\AFytaus.exe

C:\Windows\System\CNOTLGP.exe

C:\Windows\System\CNOTLGP.exe

C:\Windows\System\hBpMMtF.exe

C:\Windows\System\hBpMMtF.exe

C:\Windows\System\RjlVktE.exe

C:\Windows\System\RjlVktE.exe

C:\Windows\System\iRsqRTf.exe

C:\Windows\System\iRsqRTf.exe

C:\Windows\System\bEigYvE.exe

C:\Windows\System\bEigYvE.exe

C:\Windows\System\bIikfRY.exe

C:\Windows\System\bIikfRY.exe

C:\Windows\System\ukaQMhY.exe

C:\Windows\System\ukaQMhY.exe

C:\Windows\System\SCVmAPX.exe

C:\Windows\System\SCVmAPX.exe

C:\Windows\System\oJEBoBF.exe

C:\Windows\System\oJEBoBF.exe

C:\Windows\System\TmQPYiK.exe

C:\Windows\System\TmQPYiK.exe

C:\Windows\System\DWhHfCs.exe

C:\Windows\System\DWhHfCs.exe

C:\Windows\System\vURhTeG.exe

C:\Windows\System\vURhTeG.exe

C:\Windows\System\fXcXrUq.exe

C:\Windows\System\fXcXrUq.exe

C:\Windows\System\aDmRYIM.exe

C:\Windows\System\aDmRYIM.exe

C:\Windows\System\CnhiJty.exe

C:\Windows\System\CnhiJty.exe

C:\Windows\System\ZQxoVPl.exe

C:\Windows\System\ZQxoVPl.exe

C:\Windows\System\BpXHeKA.exe

C:\Windows\System\BpXHeKA.exe

C:\Windows\System\jVHycPZ.exe

C:\Windows\System\jVHycPZ.exe

C:\Windows\System\iTfkKgT.exe

C:\Windows\System\iTfkKgT.exe

C:\Windows\System\EgYNgav.exe

C:\Windows\System\EgYNgav.exe

C:\Windows\System\fcJbOUa.exe

C:\Windows\System\fcJbOUa.exe

C:\Windows\System\mBgdqEg.exe

C:\Windows\System\mBgdqEg.exe

C:\Windows\System\AFmpkNw.exe

C:\Windows\System\AFmpkNw.exe

C:\Windows\System\cdfBSio.exe

C:\Windows\System\cdfBSio.exe

C:\Windows\System\hACrLhI.exe

C:\Windows\System\hACrLhI.exe

C:\Windows\System\HeMYhmH.exe

C:\Windows\System\HeMYhmH.exe

C:\Windows\System\TgWVywx.exe

C:\Windows\System\TgWVywx.exe

C:\Windows\System\tJqyyLJ.exe

C:\Windows\System\tJqyyLJ.exe

C:\Windows\System\fHWzIDI.exe

C:\Windows\System\fHWzIDI.exe

C:\Windows\System\kDvAyhE.exe

C:\Windows\System\kDvAyhE.exe

C:\Windows\System\Zjpekim.exe

C:\Windows\System\Zjpekim.exe

C:\Windows\System\rYaHwyb.exe

C:\Windows\System\rYaHwyb.exe

C:\Windows\System\QXqVVJE.exe

C:\Windows\System\QXqVVJE.exe

C:\Windows\System\JjDULyv.exe

C:\Windows\System\JjDULyv.exe

C:\Windows\System\Yfoxems.exe

C:\Windows\System\Yfoxems.exe

C:\Windows\System\fvDKZmp.exe

C:\Windows\System\fvDKZmp.exe

C:\Windows\System\zqLFJcD.exe

C:\Windows\System\zqLFJcD.exe

C:\Windows\System\cZwBaGe.exe

C:\Windows\System\cZwBaGe.exe

C:\Windows\System\gFsYdai.exe

C:\Windows\System\gFsYdai.exe

C:\Windows\System\xajUzry.exe

C:\Windows\System\xajUzry.exe

C:\Windows\System\tHUIhux.exe

C:\Windows\System\tHUIhux.exe

C:\Windows\System\AWRMCCa.exe

C:\Windows\System\AWRMCCa.exe

C:\Windows\System\qduPCkz.exe

C:\Windows\System\qduPCkz.exe

C:\Windows\System\SfklHQv.exe

C:\Windows\System\SfklHQv.exe

C:\Windows\System\XbvNwrg.exe

C:\Windows\System\XbvNwrg.exe

C:\Windows\System\jZEEQiS.exe

C:\Windows\System\jZEEQiS.exe

C:\Windows\System\ABsCkhw.exe

C:\Windows\System\ABsCkhw.exe

C:\Windows\System\MNFZpAn.exe

C:\Windows\System\MNFZpAn.exe

C:\Windows\System\MrKdtNm.exe

C:\Windows\System\MrKdtNm.exe

C:\Windows\System\DPXETWL.exe

C:\Windows\System\DPXETWL.exe

C:\Windows\System\kTmZMMZ.exe

C:\Windows\System\kTmZMMZ.exe

C:\Windows\System\fFQYsoI.exe

C:\Windows\System\fFQYsoI.exe

C:\Windows\System\ATCeROr.exe

C:\Windows\System\ATCeROr.exe

C:\Windows\System\sKnrvwB.exe

C:\Windows\System\sKnrvwB.exe

C:\Windows\System\apRPoAt.exe

C:\Windows\System\apRPoAt.exe

C:\Windows\System\FkrwKJu.exe

C:\Windows\System\FkrwKJu.exe

C:\Windows\System\oxegNIV.exe

C:\Windows\System\oxegNIV.exe

C:\Windows\System\YzStiLa.exe

C:\Windows\System\YzStiLa.exe

C:\Windows\System\KoaXRTB.exe

C:\Windows\System\KoaXRTB.exe

C:\Windows\System\JMwiktw.exe

C:\Windows\System\JMwiktw.exe

C:\Windows\System\WAcQBPr.exe

C:\Windows\System\WAcQBPr.exe

C:\Windows\System\EUAnWib.exe

C:\Windows\System\EUAnWib.exe

C:\Windows\System\bGXvAfJ.exe

C:\Windows\System\bGXvAfJ.exe

C:\Windows\System\grATKUR.exe

C:\Windows\System\grATKUR.exe

C:\Windows\System\wOqPnsA.exe

C:\Windows\System\wOqPnsA.exe

C:\Windows\System\kHBIWLF.exe

C:\Windows\System\kHBIWLF.exe

C:\Windows\System\tvCnIrr.exe

C:\Windows\System\tvCnIrr.exe

C:\Windows\System\yNMpMMa.exe

C:\Windows\System\yNMpMMa.exe

C:\Windows\System\VzWgeAc.exe

C:\Windows\System\VzWgeAc.exe

C:\Windows\System\mdsjkkx.exe

C:\Windows\System\mdsjkkx.exe

C:\Windows\System\oamzAWM.exe

C:\Windows\System\oamzAWM.exe

C:\Windows\System\nbpxCyE.exe

C:\Windows\System\nbpxCyE.exe

C:\Windows\System\DwgAGoh.exe

C:\Windows\System\DwgAGoh.exe

C:\Windows\System\fvADHes.exe

C:\Windows\System\fvADHes.exe

C:\Windows\System\TeHPsGE.exe

C:\Windows\System\TeHPsGE.exe

C:\Windows\System\EHqtwmQ.exe

C:\Windows\System\EHqtwmQ.exe

C:\Windows\System\OspWVQB.exe

C:\Windows\System\OspWVQB.exe

C:\Windows\System\RFWqWYq.exe

C:\Windows\System\RFWqWYq.exe

C:\Windows\System\eVTHvyn.exe

C:\Windows\System\eVTHvyn.exe

C:\Windows\System\FLaBTol.exe

C:\Windows\System\FLaBTol.exe

C:\Windows\System\AJOALTt.exe

C:\Windows\System\AJOALTt.exe

C:\Windows\System\JQlhdYW.exe

C:\Windows\System\JQlhdYW.exe

C:\Windows\System\HRhGULg.exe

C:\Windows\System\HRhGULg.exe

C:\Windows\System\bNrEgHB.exe

C:\Windows\System\bNrEgHB.exe

C:\Windows\System\CzYxFER.exe

C:\Windows\System\CzYxFER.exe

C:\Windows\System\OHtwcSm.exe

C:\Windows\System\OHtwcSm.exe

C:\Windows\System\yyWJUfF.exe

C:\Windows\System\yyWJUfF.exe

C:\Windows\System\vbwrRdG.exe

C:\Windows\System\vbwrRdG.exe

C:\Windows\System\NifIaeh.exe

C:\Windows\System\NifIaeh.exe

C:\Windows\System\gaZuhkS.exe

C:\Windows\System\gaZuhkS.exe

C:\Windows\System\ANIJUJN.exe

C:\Windows\System\ANIJUJN.exe

C:\Windows\System\TzvQcMo.exe

C:\Windows\System\TzvQcMo.exe

C:\Windows\System\TsvWAgj.exe

C:\Windows\System\TsvWAgj.exe

C:\Windows\System\jxKHkop.exe

C:\Windows\System\jxKHkop.exe

C:\Windows\System\IjefujO.exe

C:\Windows\System\IjefujO.exe

C:\Windows\System\dexsIYG.exe

C:\Windows\System\dexsIYG.exe

C:\Windows\System\MAjBNkj.exe

C:\Windows\System\MAjBNkj.exe

C:\Windows\System\LRJpFhV.exe

C:\Windows\System\LRJpFhV.exe

C:\Windows\System\VapSKvc.exe

C:\Windows\System\VapSKvc.exe

C:\Windows\System\IAnnbFx.exe

C:\Windows\System\IAnnbFx.exe

C:\Windows\System\rTsAylv.exe

C:\Windows\System\rTsAylv.exe

C:\Windows\System\KyAKDDe.exe

C:\Windows\System\KyAKDDe.exe

C:\Windows\System\pSZjdLV.exe

C:\Windows\System\pSZjdLV.exe

C:\Windows\System\iIOwqEP.exe

C:\Windows\System\iIOwqEP.exe

C:\Windows\System\NUkZkHB.exe

C:\Windows\System\NUkZkHB.exe

C:\Windows\System\xhpuHJo.exe

C:\Windows\System\xhpuHJo.exe

C:\Windows\System\alqYIaG.exe

C:\Windows\System\alqYIaG.exe

C:\Windows\System\qpztFZQ.exe

C:\Windows\System\qpztFZQ.exe

C:\Windows\System\NwaijFO.exe

C:\Windows\System\NwaijFO.exe

C:\Windows\System\kKUPpGh.exe

C:\Windows\System\kKUPpGh.exe

C:\Windows\System\dZRZEoW.exe

C:\Windows\System\dZRZEoW.exe

C:\Windows\System\PXnExMx.exe

C:\Windows\System\PXnExMx.exe

C:\Windows\System\pzfGKah.exe

C:\Windows\System\pzfGKah.exe

C:\Windows\System\QtzHMxf.exe

C:\Windows\System\QtzHMxf.exe

C:\Windows\System\sRYWmLP.exe

C:\Windows\System\sRYWmLP.exe

C:\Windows\System\IQGRFMq.exe

C:\Windows\System\IQGRFMq.exe

C:\Windows\System\hlagGZQ.exe

C:\Windows\System\hlagGZQ.exe

C:\Windows\System\LYPvFIi.exe

C:\Windows\System\LYPvFIi.exe

C:\Windows\System\ThmTNiI.exe

C:\Windows\System\ThmTNiI.exe

C:\Windows\System\XnyLGCM.exe

C:\Windows\System\XnyLGCM.exe

C:\Windows\System\VZijKIL.exe

C:\Windows\System\VZijKIL.exe

C:\Windows\System\iNmNVkF.exe

C:\Windows\System\iNmNVkF.exe

C:\Windows\System\uGygMRQ.exe

C:\Windows\System\uGygMRQ.exe

C:\Windows\System\OBeUyuB.exe

C:\Windows\System\OBeUyuB.exe

C:\Windows\System\VerVlRi.exe

C:\Windows\System\VerVlRi.exe

C:\Windows\System\BtvdeUK.exe

C:\Windows\System\BtvdeUK.exe

C:\Windows\System\cQTywOJ.exe

C:\Windows\System\cQTywOJ.exe

C:\Windows\System\VTzvBJN.exe

C:\Windows\System\VTzvBJN.exe

C:\Windows\System\oMQrbgq.exe

C:\Windows\System\oMQrbgq.exe

C:\Windows\System\VBvlMjJ.exe

C:\Windows\System\VBvlMjJ.exe

C:\Windows\System\wArzSBB.exe

C:\Windows\System\wArzSBB.exe

C:\Windows\System\cLPpUCu.exe

C:\Windows\System\cLPpUCu.exe

C:\Windows\System\Afnyabu.exe

C:\Windows\System\Afnyabu.exe

C:\Windows\System\tCGZOvR.exe

C:\Windows\System\tCGZOvR.exe

C:\Windows\System\TTpCnja.exe

C:\Windows\System\TTpCnja.exe

C:\Windows\System\YVyqWks.exe

C:\Windows\System\YVyqWks.exe

C:\Windows\System\jKvavYt.exe

C:\Windows\System\jKvavYt.exe

C:\Windows\System\lbLPVvu.exe

C:\Windows\System\lbLPVvu.exe

C:\Windows\System\nnydmKN.exe

C:\Windows\System\nnydmKN.exe

C:\Windows\System\gBGNtEn.exe

C:\Windows\System\gBGNtEn.exe

C:\Windows\System\ABzgFsH.exe

C:\Windows\System\ABzgFsH.exe

C:\Windows\System\kgrUVEq.exe

C:\Windows\System\kgrUVEq.exe

C:\Windows\System\wDPolnl.exe

C:\Windows\System\wDPolnl.exe

C:\Windows\System\pTkPRgI.exe

C:\Windows\System\pTkPRgI.exe

C:\Windows\System\oZoaoYf.exe

C:\Windows\System\oZoaoYf.exe

C:\Windows\System\oKZYtfF.exe

C:\Windows\System\oKZYtfF.exe

C:\Windows\System\pZzalNT.exe

C:\Windows\System\pZzalNT.exe

C:\Windows\System\plVozOE.exe

C:\Windows\System\plVozOE.exe

C:\Windows\System\QosxVyf.exe

C:\Windows\System\QosxVyf.exe

C:\Windows\System\VWoVTAO.exe

C:\Windows\System\VWoVTAO.exe

C:\Windows\System\mOdedxy.exe

C:\Windows\System\mOdedxy.exe

C:\Windows\System\ESBsKnr.exe

C:\Windows\System\ESBsKnr.exe

C:\Windows\System\norZNZz.exe

C:\Windows\System\norZNZz.exe

C:\Windows\System\rysECgt.exe

C:\Windows\System\rysECgt.exe

C:\Windows\System\NLouEtn.exe

C:\Windows\System\NLouEtn.exe

C:\Windows\System\joCtyLH.exe

C:\Windows\System\joCtyLH.exe

C:\Windows\System\WqJMhsK.exe

C:\Windows\System\WqJMhsK.exe

C:\Windows\System\mROEkWh.exe

C:\Windows\System\mROEkWh.exe

C:\Windows\System\eCOdAEj.exe

C:\Windows\System\eCOdAEj.exe

C:\Windows\System\nggjFIe.exe

C:\Windows\System\nggjFIe.exe

C:\Windows\System\jhnOsJc.exe

C:\Windows\System\jhnOsJc.exe

C:\Windows\System\rmVtyRs.exe

C:\Windows\System\rmVtyRs.exe

C:\Windows\System\miftvwX.exe

C:\Windows\System\miftvwX.exe

C:\Windows\System\DgdJYed.exe

C:\Windows\System\DgdJYed.exe

C:\Windows\System\nGsxFYH.exe

C:\Windows\System\nGsxFYH.exe

C:\Windows\System\RAJQGbh.exe

C:\Windows\System\RAJQGbh.exe

C:\Windows\System\bnNPAdE.exe

C:\Windows\System\bnNPAdE.exe

C:\Windows\System\Cqquyna.exe

C:\Windows\System\Cqquyna.exe

C:\Windows\System\GgGpXmm.exe

C:\Windows\System\GgGpXmm.exe

C:\Windows\System\LGbQHpf.exe

C:\Windows\System\LGbQHpf.exe

C:\Windows\System\hGQHTbj.exe

C:\Windows\System\hGQHTbj.exe

C:\Windows\System\FDwuufB.exe

C:\Windows\System\FDwuufB.exe

C:\Windows\System\HuaJPKD.exe

C:\Windows\System\HuaJPKD.exe

C:\Windows\System\NMBBeVj.exe

C:\Windows\System\NMBBeVj.exe

C:\Windows\System\oklJoAM.exe

C:\Windows\System\oklJoAM.exe

C:\Windows\System\JxRmvHF.exe

C:\Windows\System\JxRmvHF.exe

C:\Windows\System\svyMfAG.exe

C:\Windows\System\svyMfAG.exe

C:\Windows\System\GbwTwcY.exe

C:\Windows\System\GbwTwcY.exe

C:\Windows\System\vLHiJMU.exe

C:\Windows\System\vLHiJMU.exe

C:\Windows\System\qhHzSdh.exe

C:\Windows\System\qhHzSdh.exe

C:\Windows\System\hwmnmjn.exe

C:\Windows\System\hwmnmjn.exe

C:\Windows\System\PvkpWsC.exe

C:\Windows\System\PvkpWsC.exe

C:\Windows\System\BcScBFD.exe

C:\Windows\System\BcScBFD.exe

C:\Windows\System\QbeBgtw.exe

C:\Windows\System\QbeBgtw.exe

C:\Windows\System\LtBanxh.exe

C:\Windows\System\LtBanxh.exe

C:\Windows\System\NChxTWV.exe

C:\Windows\System\NChxTWV.exe

C:\Windows\System\bgAfFDe.exe

C:\Windows\System\bgAfFDe.exe

C:\Windows\System\lqjlIJS.exe

C:\Windows\System\lqjlIJS.exe

C:\Windows\System\AhAjwPg.exe

C:\Windows\System\AhAjwPg.exe

C:\Windows\System\WbPRRCz.exe

C:\Windows\System\WbPRRCz.exe

C:\Windows\System\mJqKkea.exe

C:\Windows\System\mJqKkea.exe

C:\Windows\System\MwvdJNH.exe

C:\Windows\System\MwvdJNH.exe

C:\Windows\System\VENQWhs.exe

C:\Windows\System\VENQWhs.exe

C:\Windows\System\MpBpdXm.exe

C:\Windows\System\MpBpdXm.exe

C:\Windows\System\THNJCVp.exe

C:\Windows\System\THNJCVp.exe

C:\Windows\System\UVBBrhC.exe

C:\Windows\System\UVBBrhC.exe

C:\Windows\System\yZEuwOb.exe

C:\Windows\System\yZEuwOb.exe

C:\Windows\System\XBRQRIn.exe

C:\Windows\System\XBRQRIn.exe

C:\Windows\System\IfiqOGw.exe

C:\Windows\System\IfiqOGw.exe

C:\Windows\System\FoUhbNH.exe

C:\Windows\System\FoUhbNH.exe

C:\Windows\System\BMhlctH.exe

C:\Windows\System\BMhlctH.exe

C:\Windows\System\gqgDfea.exe

C:\Windows\System\gqgDfea.exe

C:\Windows\System\epOGqRO.exe

C:\Windows\System\epOGqRO.exe

C:\Windows\System\xWFOueX.exe

C:\Windows\System\xWFOueX.exe

C:\Windows\System\aDdIKjL.exe

C:\Windows\System\aDdIKjL.exe

C:\Windows\System\ftAxluF.exe

C:\Windows\System\ftAxluF.exe

C:\Windows\System\QQzSTRj.exe

C:\Windows\System\QQzSTRj.exe

C:\Windows\System\RpzQiPG.exe

C:\Windows\System\RpzQiPG.exe

C:\Windows\System\dshIoei.exe

C:\Windows\System\dshIoei.exe

C:\Windows\System\OHQjyHw.exe

C:\Windows\System\OHQjyHw.exe

C:\Windows\System\aKaJnbl.exe

C:\Windows\System\aKaJnbl.exe

C:\Windows\System\UUBQeqL.exe

C:\Windows\System\UUBQeqL.exe

C:\Windows\System\yOcUjof.exe

C:\Windows\System\yOcUjof.exe

C:\Windows\System\cVrcFGZ.exe

C:\Windows\System\cVrcFGZ.exe

C:\Windows\System\sEyuNhw.exe

C:\Windows\System\sEyuNhw.exe

C:\Windows\System\WGjnocG.exe

C:\Windows\System\WGjnocG.exe

C:\Windows\System\KJxqwEN.exe

C:\Windows\System\KJxqwEN.exe

C:\Windows\System\MFeClVZ.exe

C:\Windows\System\MFeClVZ.exe

C:\Windows\System\diTOaPk.exe

C:\Windows\System\diTOaPk.exe

C:\Windows\System\ZAVXEOz.exe

C:\Windows\System\ZAVXEOz.exe

C:\Windows\System\AOczgqj.exe

C:\Windows\System\AOczgqj.exe

C:\Windows\System\VxzzBHw.exe

C:\Windows\System\VxzzBHw.exe

C:\Windows\System\RxAeenQ.exe

C:\Windows\System\RxAeenQ.exe

C:\Windows\System\xsAksAW.exe

C:\Windows\System\xsAksAW.exe

C:\Windows\System\zsFjYeg.exe

C:\Windows\System\zsFjYeg.exe

C:\Windows\System\BCcFwaz.exe

C:\Windows\System\BCcFwaz.exe

C:\Windows\System\DLFGRsF.exe

C:\Windows\System\DLFGRsF.exe

C:\Windows\System\HHKfRwN.exe

C:\Windows\System\HHKfRwN.exe

C:\Windows\System\nmqsRqB.exe

C:\Windows\System\nmqsRqB.exe

C:\Windows\System\KLOZDuX.exe

C:\Windows\System\KLOZDuX.exe

C:\Windows\System\zmovbgk.exe

C:\Windows\System\zmovbgk.exe

C:\Windows\System\vKiSIiA.exe

C:\Windows\System\vKiSIiA.exe

C:\Windows\System\RqTmhGQ.exe

C:\Windows\System\RqTmhGQ.exe

C:\Windows\System\vDMmHKC.exe

C:\Windows\System\vDMmHKC.exe

C:\Windows\System\QlmpYEK.exe

C:\Windows\System\QlmpYEK.exe

C:\Windows\System\RMACmBv.exe

C:\Windows\System\RMACmBv.exe

C:\Windows\System\sdPWiHH.exe

C:\Windows\System\sdPWiHH.exe

C:\Windows\System\CbPpGjg.exe

C:\Windows\System\CbPpGjg.exe

C:\Windows\System\IGcMfRi.exe

C:\Windows\System\IGcMfRi.exe

C:\Windows\System\GZgiqGA.exe

C:\Windows\System\GZgiqGA.exe

C:\Windows\System\AFYZLef.exe

C:\Windows\System\AFYZLef.exe

C:\Windows\System\yYhuVQF.exe

C:\Windows\System\yYhuVQF.exe

C:\Windows\System\dOCzaJL.exe

C:\Windows\System\dOCzaJL.exe

C:\Windows\System\GCvRbjl.exe

C:\Windows\System\GCvRbjl.exe

C:\Windows\System\tsqVGUx.exe

C:\Windows\System\tsqVGUx.exe

C:\Windows\System\RIhpguw.exe

C:\Windows\System\RIhpguw.exe

C:\Windows\System\WLYUgBc.exe

C:\Windows\System\WLYUgBc.exe

C:\Windows\System\lzSZPAS.exe

C:\Windows\System\lzSZPAS.exe

C:\Windows\System\MjCdDHs.exe

C:\Windows\System\MjCdDHs.exe

C:\Windows\System\DWzNRZy.exe

C:\Windows\System\DWzNRZy.exe

C:\Windows\System\TEGczju.exe

C:\Windows\System\TEGczju.exe

C:\Windows\System\lJjXOyI.exe

C:\Windows\System\lJjXOyI.exe

C:\Windows\System\rhhUPzM.exe

C:\Windows\System\rhhUPzM.exe

C:\Windows\System\KfUDwrr.exe

C:\Windows\System\KfUDwrr.exe

C:\Windows\System\uxPhbHY.exe

C:\Windows\System\uxPhbHY.exe

C:\Windows\System\QuLNXwT.exe

C:\Windows\System\QuLNXwT.exe

C:\Windows\System\wDNhZbI.exe

C:\Windows\System\wDNhZbI.exe

C:\Windows\System\sBByGxb.exe

C:\Windows\System\sBByGxb.exe

C:\Windows\System\mrLRTlw.exe

C:\Windows\System\mrLRTlw.exe

C:\Windows\System\hCRNZGL.exe

C:\Windows\System\hCRNZGL.exe

C:\Windows\System\fTKQTYC.exe

C:\Windows\System\fTKQTYC.exe

C:\Windows\System\cQwCrQB.exe

C:\Windows\System\cQwCrQB.exe

C:\Windows\System\TyedZpa.exe

C:\Windows\System\TyedZpa.exe

C:\Windows\System\VsHaRWY.exe

C:\Windows\System\VsHaRWY.exe

C:\Windows\System\lohUAsV.exe

C:\Windows\System\lohUAsV.exe

C:\Windows\System\tcpItdR.exe

C:\Windows\System\tcpItdR.exe

C:\Windows\System\hsScYAx.exe

C:\Windows\System\hsScYAx.exe

C:\Windows\System\obynaJL.exe

C:\Windows\System\obynaJL.exe

C:\Windows\System\HTMWdxH.exe

C:\Windows\System\HTMWdxH.exe

C:\Windows\System\FSKUcAH.exe

C:\Windows\System\FSKUcAH.exe

C:\Windows\System\pzRvMJe.exe

C:\Windows\System\pzRvMJe.exe

C:\Windows\System\sHuzQhW.exe

C:\Windows\System\sHuzQhW.exe

C:\Windows\System\UyMpsRh.exe

C:\Windows\System\UyMpsRh.exe

C:\Windows\System\YUWzBwT.exe

C:\Windows\System\YUWzBwT.exe

C:\Windows\System\ekKZPvZ.exe

C:\Windows\System\ekKZPvZ.exe

C:\Windows\System\RfEsdyj.exe

C:\Windows\System\RfEsdyj.exe

C:\Windows\System\MZBBbpf.exe

C:\Windows\System\MZBBbpf.exe

C:\Windows\System\SyLdnub.exe

C:\Windows\System\SyLdnub.exe

C:\Windows\System\XilnAmn.exe

C:\Windows\System\XilnAmn.exe

C:\Windows\System\XDyYRMU.exe

C:\Windows\System\XDyYRMU.exe

C:\Windows\System\DuSPmtl.exe

C:\Windows\System\DuSPmtl.exe

C:\Windows\System\KvDlVTG.exe

C:\Windows\System\KvDlVTG.exe

C:\Windows\System\MHgNppg.exe

C:\Windows\System\MHgNppg.exe

C:\Windows\System\UHmhZLD.exe

C:\Windows\System\UHmhZLD.exe

C:\Windows\System\rvLJRUL.exe

C:\Windows\System\rvLJRUL.exe

C:\Windows\System\HnMcLUB.exe

C:\Windows\System\HnMcLUB.exe

C:\Windows\System\pGATLnO.exe

C:\Windows\System\pGATLnO.exe

C:\Windows\System\KQswlTU.exe

C:\Windows\System\KQswlTU.exe

C:\Windows\System\oXWDTRq.exe

C:\Windows\System\oXWDTRq.exe

C:\Windows\System\sJByMkn.exe

C:\Windows\System\sJByMkn.exe

C:\Windows\System\TlwRJPJ.exe

C:\Windows\System\TlwRJPJ.exe

C:\Windows\System\BtxtNDS.exe

C:\Windows\System\BtxtNDS.exe

C:\Windows\System\bzQZHwS.exe

C:\Windows\System\bzQZHwS.exe

C:\Windows\System\QccwNIA.exe

C:\Windows\System\QccwNIA.exe

C:\Windows\System\BtBihJJ.exe

C:\Windows\System\BtBihJJ.exe

C:\Windows\System\LOPtXUg.exe

C:\Windows\System\LOPtXUg.exe

C:\Windows\System\ydXMjjq.exe

C:\Windows\System\ydXMjjq.exe

C:\Windows\System\JyXEWUm.exe

C:\Windows\System\JyXEWUm.exe

C:\Windows\System\jVYwzEQ.exe

C:\Windows\System\jVYwzEQ.exe

C:\Windows\System\qMKLqFS.exe

C:\Windows\System\qMKLqFS.exe

C:\Windows\System\mltVuDC.exe

C:\Windows\System\mltVuDC.exe

C:\Windows\System\OvxafMT.exe

C:\Windows\System\OvxafMT.exe

C:\Windows\System\GzVLKTl.exe

C:\Windows\System\GzVLKTl.exe

C:\Windows\System\LeAAbDe.exe

C:\Windows\System\LeAAbDe.exe

C:\Windows\System\GzdHjak.exe

C:\Windows\System\GzdHjak.exe

C:\Windows\System\wIkaQmH.exe

C:\Windows\System\wIkaQmH.exe

C:\Windows\System\onivVBl.exe

C:\Windows\System\onivVBl.exe

C:\Windows\System\TCpPznd.exe

C:\Windows\System\TCpPznd.exe

C:\Windows\System\MiQIddd.exe

C:\Windows\System\MiQIddd.exe

C:\Windows\System\sNvgfIe.exe

C:\Windows\System\sNvgfIe.exe

C:\Windows\System\oQxtEvJ.exe

C:\Windows\System\oQxtEvJ.exe

C:\Windows\System\KJXPIWE.exe

C:\Windows\System\KJXPIWE.exe

C:\Windows\System\CVqsXur.exe

C:\Windows\System\CVqsXur.exe

C:\Windows\System\CWrNamf.exe

C:\Windows\System\CWrNamf.exe

C:\Windows\System\WNtjrKN.exe

C:\Windows\System\WNtjrKN.exe

C:\Windows\System\rcVBnzv.exe

C:\Windows\System\rcVBnzv.exe

C:\Windows\System\JTmeFyr.exe

C:\Windows\System\JTmeFyr.exe

C:\Windows\System\GrarezW.exe

C:\Windows\System\GrarezW.exe

C:\Windows\System\DMLFqSe.exe

C:\Windows\System\DMLFqSe.exe

C:\Windows\System\XCsviLH.exe

C:\Windows\System\XCsviLH.exe

C:\Windows\System\IhXuIXb.exe

C:\Windows\System\IhXuIXb.exe

C:\Windows\System\WfHCLYR.exe

C:\Windows\System\WfHCLYR.exe

C:\Windows\System\onaTenJ.exe

C:\Windows\System\onaTenJ.exe

C:\Windows\System\MhcdgAY.exe

C:\Windows\System\MhcdgAY.exe

C:\Windows\System\RfEULhs.exe

C:\Windows\System\RfEULhs.exe

C:\Windows\System\lNZSWUE.exe

C:\Windows\System\lNZSWUE.exe

C:\Windows\System\EYBhvWt.exe

C:\Windows\System\EYBhvWt.exe

C:\Windows\System\pVWWChY.exe

C:\Windows\System\pVWWChY.exe

C:\Windows\System\ysgYwgz.exe

C:\Windows\System\ysgYwgz.exe

C:\Windows\System\LBLECWy.exe

C:\Windows\System\LBLECWy.exe

C:\Windows\System\DgzBAhe.exe

C:\Windows\System\DgzBAhe.exe

C:\Windows\System\Yaikuec.exe

C:\Windows\System\Yaikuec.exe

C:\Windows\System\YnYvKHQ.exe

C:\Windows\System\YnYvKHQ.exe

C:\Windows\System\DxIpQxX.exe

C:\Windows\System\DxIpQxX.exe

C:\Windows\System\ceyNtit.exe

C:\Windows\System\ceyNtit.exe

C:\Windows\System\nbacsiN.exe

C:\Windows\System\nbacsiN.exe

C:\Windows\System\hfiXEWt.exe

C:\Windows\System\hfiXEWt.exe

C:\Windows\System\tnKDNSf.exe

C:\Windows\System\tnKDNSf.exe

C:\Windows\System\eDGQACk.exe

C:\Windows\System\eDGQACk.exe

C:\Windows\System\nVSMLUM.exe

C:\Windows\System\nVSMLUM.exe

C:\Windows\System\RdbnkYA.exe

C:\Windows\System\RdbnkYA.exe

C:\Windows\System\pMHoABQ.exe

C:\Windows\System\pMHoABQ.exe

C:\Windows\System\IvHMHEu.exe

C:\Windows\System\IvHMHEu.exe

C:\Windows\System\cqxyesJ.exe

C:\Windows\System\cqxyesJ.exe

C:\Windows\System\OZxccLw.exe

C:\Windows\System\OZxccLw.exe

C:\Windows\System\KAuHIaU.exe

C:\Windows\System\KAuHIaU.exe

C:\Windows\System\cYFJKSi.exe

C:\Windows\System\cYFJKSi.exe

C:\Windows\System\sZpmiRk.exe

C:\Windows\System\sZpmiRk.exe

C:\Windows\System\FVbJPNZ.exe

C:\Windows\System\FVbJPNZ.exe

C:\Windows\System\ROtcMnN.exe

C:\Windows\System\ROtcMnN.exe

C:\Windows\System\EXExUwd.exe

C:\Windows\System\EXExUwd.exe

C:\Windows\System\jGxxTtk.exe

C:\Windows\System\jGxxTtk.exe

C:\Windows\System\PtqoZtM.exe

C:\Windows\System\PtqoZtM.exe

C:\Windows\System\svBbtID.exe

C:\Windows\System\svBbtID.exe

C:\Windows\System\UlXqTBs.exe

C:\Windows\System\UlXqTBs.exe

C:\Windows\System\pTPjtXU.exe

C:\Windows\System\pTPjtXU.exe

C:\Windows\System\Cqnlrlx.exe

C:\Windows\System\Cqnlrlx.exe

C:\Windows\System\hRrhNZr.exe

C:\Windows\System\hRrhNZr.exe

C:\Windows\System\MHFmnqG.exe

C:\Windows\System\MHFmnqG.exe

C:\Windows\System\KEAtYdI.exe

C:\Windows\System\KEAtYdI.exe

C:\Windows\System\kWdJlZB.exe

C:\Windows\System\kWdJlZB.exe

C:\Windows\System\MhlTxPX.exe

C:\Windows\System\MhlTxPX.exe

C:\Windows\System\dpUmHrJ.exe

C:\Windows\System\dpUmHrJ.exe

C:\Windows\System\ZPwMWnh.exe

C:\Windows\System\ZPwMWnh.exe

C:\Windows\System\COzjbtn.exe

C:\Windows\System\COzjbtn.exe

C:\Windows\System\SUIiOlE.exe

C:\Windows\System\SUIiOlE.exe

C:\Windows\System\qARPJqZ.exe

C:\Windows\System\qARPJqZ.exe

C:\Windows\System\ggIkyEu.exe

C:\Windows\System\ggIkyEu.exe

C:\Windows\System\ZIcVHUn.exe

C:\Windows\System\ZIcVHUn.exe

C:\Windows\System\zXVOfxd.exe

C:\Windows\System\zXVOfxd.exe

C:\Windows\System\ikmNlsF.exe

C:\Windows\System\ikmNlsF.exe

C:\Windows\System\DWqhXjC.exe

C:\Windows\System\DWqhXjC.exe

C:\Windows\System\PgyadYU.exe

C:\Windows\System\PgyadYU.exe

C:\Windows\System\qoSYIBl.exe

C:\Windows\System\qoSYIBl.exe

C:\Windows\System\nFBeLGq.exe

C:\Windows\System\nFBeLGq.exe

C:\Windows\System\LwgXfWv.exe

C:\Windows\System\LwgXfWv.exe

C:\Windows\System\lmVfnfX.exe

C:\Windows\System\lmVfnfX.exe

C:\Windows\System\zBNKvjt.exe

C:\Windows\System\zBNKvjt.exe

C:\Windows\System\ZDEtRpi.exe

C:\Windows\System\ZDEtRpi.exe

C:\Windows\System\vCGejhe.exe

C:\Windows\System\vCGejhe.exe

C:\Windows\System\SBgXklp.exe

C:\Windows\System\SBgXklp.exe

C:\Windows\System\GMsWVSj.exe

C:\Windows\System\GMsWVSj.exe

C:\Windows\System\GHmQdZp.exe

C:\Windows\System\GHmQdZp.exe

C:\Windows\System\eWJALwd.exe

C:\Windows\System\eWJALwd.exe

C:\Windows\System\erAXGfA.exe

C:\Windows\System\erAXGfA.exe

C:\Windows\System\alxDbkw.exe

C:\Windows\System\alxDbkw.exe

C:\Windows\System\iZiznxF.exe

C:\Windows\System\iZiznxF.exe

C:\Windows\System\ERZdKmr.exe

C:\Windows\System\ERZdKmr.exe

C:\Windows\System\GUriKaN.exe

C:\Windows\System\GUriKaN.exe

C:\Windows\System\uHWIKrP.exe

C:\Windows\System\uHWIKrP.exe

C:\Windows\System\WeGtVgJ.exe

C:\Windows\System\WeGtVgJ.exe

C:\Windows\System\YDxfkcP.exe

C:\Windows\System\YDxfkcP.exe

C:\Windows\System\xOFfPwX.exe

C:\Windows\System\xOFfPwX.exe

C:\Windows\System\LqRsXov.exe

C:\Windows\System\LqRsXov.exe

C:\Windows\System\FhFINtO.exe

C:\Windows\System\FhFINtO.exe

C:\Windows\System\CNAEaLB.exe

C:\Windows\System\CNAEaLB.exe

C:\Windows\System\llhtpzR.exe

C:\Windows\System\llhtpzR.exe

C:\Windows\System\VpIklUa.exe

C:\Windows\System\VpIklUa.exe

Network

N/A

Files

memory/1244-0-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/1244-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\fUWpuYp.exe

MD5 06f0d63607a72cdbf7fcbb4ac443370d
SHA1 517ae066ac697d8a37bff8890b869afe9f396b4b
SHA256 312466f44c97f4b679e599a9f284f129d208e5c36ee25b53f88f78c00c96bcd2
SHA512 73d637917eb366b68ea0ab9cfc5545f2d9ecbb253d6d29efecb067355cb44925398b785c24a811edca6e81c738292dbc78bd325a0a7151a76ec5c482bb7d46ca

C:\Windows\system\YheniUQ.exe

MD5 2446fe8f089894542f6f1ca779e39a75
SHA1 147f03165807f49b429274fa6be71d1e3571e178
SHA256 1c9953112cdada12b3f238bda3899f7b377725c96a3073d4386a0dd374c58996
SHA512 a4211395bc14f90c90d9cb7a6612462dece3a4927c0e0d2d290982ad990e65bdb0c66edfd79740acae6dd92ad2b8390e45f94527c9a03dbff3a2dbaee5441be8

memory/1944-14-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/1244-12-0x000000013FA00000-0x000000013FD54000-memory.dmp

C:\Windows\system\yAqldtq.exe

MD5 91fd7194478967caf32cfd77098f9d25
SHA1 fe2461ad79d223efa8bf0bd508e375f83dcdc177
SHA256 b5b575c6a16b6cca228a1cc80b6283f6476e81e43f1f12d0abd79bc4fe501e48
SHA512 a3964b18501c6e1545c9521d3163ba7e59231d17b7311fdfa18dc3e8634f6005c667af80eeba96bb99f7d09f921fd9850d72ed26cb7780d12159ff6fa5afb344

memory/548-22-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/1244-20-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/1244-19-0x000000013F630000-0x000000013F984000-memory.dmp

memory/1164-18-0x000000013F630000-0x000000013F984000-memory.dmp

\Windows\system\NXcuWnt.exe

MD5 12238d57b1f5dc86d1783352d05b0155
SHA1 725db8dad1c8adc7e79d19f318c589e187778f6d
SHA256 0df5563e6dc27a45cfbab6c2b7a6069ef4a54545489d0c6fe6f55a9728fd92f3
SHA512 4dc500c665a2f0fc1cbf970d3ccec6a36b9850159f344234c5b724e0a39d5f840d777d9e2493a50fe2e69a8fb35eb49473c37dec2f8ac2e5f4f3462b372b0817

C:\Windows\system\AvMNBCt.exe

MD5 58f8635cbb7eacff899cab58f389a886
SHA1 a0e2d5680ac04347f9525e5dfdf2c2e1f92b79de
SHA256 e31fb662035eb5600d7cdd8d12d804a39e1c02606bdb802285e5cfa2451de626
SHA512 4dc34720ade871bd5d05331edd1eb694fb1cda026f6b31c3a4925ae7f69401726ce8e0c8376cfe2180871f2c0bb810989833b0f5e62a8ad0412c7ff4aca91fbc

memory/2928-63-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/1244-74-0x000000013F310000-0x000000013F664000-memory.dmp

memory/2664-78-0x000000013F580000-0x000000013F8D4000-memory.dmp

C:\Windows\system\bMAoVXr.exe

MD5 06cbadb70199c5d80d68444fab53a2e1
SHA1 70e429745682f836826a07ce718fa85473800e8f
SHA256 1e7475f5cf2200a910d98579ff8f6b0c59fb77b00c9733382206418daa512070
SHA512 e81a3064b861c02a9fbfa1c456bae9b9bccb0830ebf0feb09620f34457c62070a9dbccf719aec84e766ae9fdb70a549b2e3e33d8c4e1883b094d5441d6a1692b

memory/2480-82-0x000000013F310000-0x000000013F664000-memory.dmp

C:\Windows\system\ZfSfVal.exe

MD5 68a29cf1e2557ab24470f5ca94958dc2
SHA1 c54cbac88a5326951eb95a92c9e3b83e23e1987d
SHA256 011260f22ff40dea80aea2b27208e003fb99b0e1b0002c8bc052c5f8a2c5e7d3
SHA512 68bc333fd77e634dec8ae1157b2bdb225909ed327d0b9c49b460ea5c9a8d34bcdca548a9e75d8c24c21870c2031313505692b124c813e4fff952d18da721c3a8

C:\Windows\system\SIlXTaO.exe

MD5 d3ee37645e090f58c5a04999cade6f7c
SHA1 ccafb50fdc035838fb957e0d753d2fb8c2645f09
SHA256 02867440d5c7bc80edaab37361dc01265ce31d8ead7476c3286b151850c3b022
SHA512 fd99d157b01298f65527cf6aec1fe6fb105375db069d947ced45dab821dd8d5635d310bd881ad33eef3368278fa826f9c484579bdb5fd315cf185511834addda

C:\Windows\system\YNLccmK.exe

MD5 393e8d94102fb049a603392f899fc057
SHA1 a57bc2754fa2cf60707ee3a2cd6f7a496df6e3bc
SHA256 88e50f5319b5c7fa9ab6277e1a6d0643af631a8b8ce8eb1182e7a1b00f093a73
SHA512 2e733b4c14803419128b08f2e81efaf4cda1300883008f824ac23343624aec12a1bc56fe7701fde5377e1e759b14bbd2bb4010a6cd8690b30a6ac98c782cce7b

C:\Windows\system\OwRqBPS.exe

MD5 c2345f598865770976a0d5fbfdff42dc
SHA1 16ad69d36b67def0179b20c41474a4e9767dc598
SHA256 e7db874955bf518bb7d7a30f1ae43ea764bf990eed97bfa59289272642578dde
SHA512 423c579e27715d2799b7083ee51bfe9887ed70bf0b51350a0d656ef45ad1bd14c7e57484994d58e6733a52ceacded08e74a0c630f3645973c93e18bf6283689b

memory/2556-946-0x000000013FAE0000-0x000000013FE34000-memory.dmp

memory/2568-1819-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2144-943-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/1244-942-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2268-564-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/548-563-0x000000013F6B0000-0x000000013FA04000-memory.dmp

C:\Windows\system\mkzzjIz.exe

MD5 ae2888dc22a222cfd4c434f2a0cd8c87
SHA1 ff54f6d7e29a1db5ba0b825a77ec154fa2d10a41
SHA256 b827444ad3fedb1ec112daecd2bca734b895dd02255afe9714deecd92ecf0a20
SHA512 31c5cd4e6c8f2f732b762d2120798b9d0096d486e66514fe4867e8523ae472a7d2f6e8dd17266b4470e78fee2d5639b6ef41112293a29ddb6656534a97229526

C:\Windows\system\zTNauPf.exe

MD5 ea6ba736a6cc27f3aa639d5b580b97a5
SHA1 6fbd116240bfb7ff5e046a5c209d5f30c1ef7a22
SHA256 3ff9b7a9079abec6f3a45ce1f6ec6a2fd730dc3c6e9248952af7df1524154871
SHA512 2129b3934ac81dcee47137e62230b811da66941bc27cd95bd1b9c24240778136b48b381203035e783579e31cb967d5f7180eaf1dc385bf3990adb4b6bb17e805

C:\Windows\system\lUlEiwT.exe

MD5 1d0ef908223444ecddf8327046a2ab08
SHA1 45004b1c75628f76c5800a3fc584eac506d62c52
SHA256 39a8a18f3baa8aea6f75115e06101310987115704b9299d3f99320b2c90723cf
SHA512 21fe0602cd80b467552b6bb58707c114b4d98c8d5239cab7b2a69e3623efbff12bbac70c7e70d4ad3716c32314ca0042f0951446014dbe0959cd70f06d1ffb08

C:\Windows\system\ibDPAEf.exe

MD5 49e502e5c99a7c73c16309c9ca1680cf
SHA1 199a9ea2e906e0fda43a93648b4cde0fc16b053c
SHA256 43048476ca36157c6ecdbeb4219ce62ab111aff908dffe74c5760592f436455c
SHA512 ad4e2a40d0a4c200d32d3c3fbb949ef1289789659258aa717836a575b1bc34766e6d869a609534062f07cc03fb488186666238366718434d2d27b3179c4635d9

C:\Windows\system\gwsfSEQ.exe

MD5 6f1b05728c424b4d85dd4f89cc845348
SHA1 98cc8d55e6f506d363a416bda9be34046d77e8c5
SHA256 2334caf53dc318725d22e6582cf30d5bbf915c99615877ce9c06685c38336de5
SHA512 96c4bf727140a1172a6b85d6d7675e97efe01eba339f427149aee91c8e84b6fd7967f136d22589f870cb09414937cc1105b324ea857cb612c8c99f186323f511

C:\Windows\system\RIlqqZL.exe

MD5 6266d528a0e3863ed0407a25c4e88a30
SHA1 e3a867b56d2d6c5978ec5648ce51e426ab47319d
SHA256 a5282b22969d3b788cdebc184088b68b1333a29c0a8ff7d4721ceb6c0eb717f5
SHA512 4e7844d1b1ae6164152d062b62bc679e3b86501191b6b5eabbc8c21acaee429c5df8620b8447e570fad656f1951e5dbd0f7f2d50f2cbb50378dfb22fe8b9ef91

C:\Windows\system\ilVXXiz.exe

MD5 f1e9194555540b17188d027d7990d59c
SHA1 5ff5ef651b772831790b9b7d7ca0213154dab0cd
SHA256 2d10f78f498812bd38387bcc470ede9573d797513e8f5208a7ee5ae3767f5b3e
SHA512 3557d3fb69d704ac69d66bd8a52a8714010e0a931c02576052769638522fe0eba41f01080a12c3d5e25cbaa9e6894a6707adf3172ff113a88fc28107a00b7bda

C:\Windows\system\evyeNEX.exe

MD5 49c926ea00ede43f5a9866a546dad8ea
SHA1 ec9019edc905475ef8ae8faae1297ea1897f3d83
SHA256 3954e5bb7923dfb40ba6a956907354b8e80df1e8fff26aed4e2c24d65a3d1eef
SHA512 f00721cdb3d6ca2c5c6578204b075473a3e3dbf2a8a4a7ae7ad168267684a82dc84b75c86aee2b774d11f96059924db46f1ba4bc4d22088680ff4aa2c89ff998

C:\Windows\system\uHOqzYM.exe

MD5 c8daaa9a9fefe52eb05a192fd30dc5c8
SHA1 9a6e433497cfe4e9f50f4c19c552eb6682f81243
SHA256 dc37d3c419b376c9700b3a4b35d0c306428927882b78e3bdcffb4222d4c2ed95
SHA512 99c88b870b40506c947b1742102795fe69ca07ee7dcfb38232c0101be4562a32d5321f930a2ce1f0445bed9df47f1c0c5f11b861d5a6e7cf33f94eb3c1f14c87

C:\Windows\system\YSzagWZ.exe

MD5 c001876c0b1ee0f007c043b5f5a051cc
SHA1 299c2285489226f53af1df2a81ca26f5451f018d
SHA256 2bebeb5ee58b87612757343c9cd4871a694ca5f09430b1e080dcfeb69158e4a1
SHA512 6a1d3596c9d8c07283a5c9624497f87db31325a5981d245e66668005296ef23078097c38d237bb79e6de5fd45dc88b69a24348e3413af29eee91b232f627d5ee

C:\Windows\system\TSpJQzT.exe

MD5 43bc047a2b1f03b9fed526b9a598a4c9
SHA1 9ce417a3675ecc64f485635b9dd9d6025074bab2
SHA256 65f7ea0a7dc8eb335db9dadd9d61bda5f7e85ca013df71b46183228163fd958a
SHA512 b59b73ab9dc8b31290c5c5ba2daa2769be5c3b586f31de55da3dee2ffc86dc5b66c61a1eeed49716d343bee0833374bdf15e532aae1119ff49e4493c59f8c2b4

C:\Windows\system\zAtPzsR.exe

MD5 2c4342d85488894d43a2381e0a0514cf
SHA1 4349e4387793e9fe68ab8f08f737ef86328ac8d7
SHA256 1cd242455695b55f71168fbe8e6b2f1e5b42eaf9902488152e40314d4c4fce10
SHA512 c4781c63092627e33b317a592e95c5ccb44bfbdc558c23617f467beefe9323a21ceff5d9912576d6c1d7c3e80a3c81d1dfecb5cf92b64c672a2682e81dadb03f

C:\Windows\system\uNnyNbH.exe

MD5 72d24b3c10900df95c3a70c0c89fba70
SHA1 f91387e76a0dc16952545880cdce21dcd36c8f86
SHA256 bcfd1ab5982796024b0398d1db86ff047c08db536e4e07cec3312b3f64a3cff2
SHA512 65e625a05e842b33c4dd4ae295597dafcbc02e72c86b3aa3c78cdb2b40a0872a69663161671379ff9e65c7fd0799a8fa577692c7304a20360df132459cb931ac

C:\Windows\system\xYyQBnF.exe

MD5 92fcc9d93cf66d60a17945491fb51d84
SHA1 f02de123723808acdad7ee8583fab2aa9c237f83
SHA256 5a9abee474c68308679be18e553409ac0cd2eed3a39ff1265bce0658ce1d0e59
SHA512 aa45a5e28086792ea3cd39e37cff9f84d8db2c764f7cc89607da223b49aecabf6f45d82398c21195682a218de4c864bbf5ffd442104dc7fe64a9b4dc45ef7c56

C:\Windows\system\kgCDcDz.exe

MD5 75a0b6d7dd247dc8d91cf8fd9642d6c9
SHA1 856d78b69546ff8231d006c981563252f020a96c
SHA256 3fdb8c44535c68320a9a225c90dc143f2aad1281d4f05d62e4f7acb8e58ddb58
SHA512 1bddd8e0c095b07811f9dbe42e57d5fe9696577be666ebcaaf8c9d3988b58858c49a28da50331a1c3c7d7279a35a86ea82f2be31799f3bf5ce61570d782a91fc

memory/1244-102-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/1764-99-0x000000013F610000-0x000000013F964000-memory.dmp

memory/3016-90-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/1244-89-0x000000013FF70000-0x00000001402C4000-memory.dmp

C:\Windows\system\cuskZAO.exe

MD5 595ce313ebdac96c26edff5c3e57294f
SHA1 b224d1fe9cabb032b5a3a3a3f592d5ca22b88205
SHA256 d0f505f9eb1f9453cc56d01629b1965050daafc6cc550c9c4459927d824b8e94
SHA512 9f8d3b92c4333a965af95a323bef8ad0e0df4653a156d4d15122321bcc9f22e9175cd897efad9370c3d4dd25c4f338fe2e03f1351e5419d70c2646822baea61a

memory/1244-86-0x0000000002150000-0x00000000024A4000-memory.dmp

memory/1244-94-0x000000013F610000-0x000000013F964000-memory.dmp

C:\Windows\system\TQrnTRf.exe

MD5 502cca81372bb6b9cdddb17aad1331f1
SHA1 85161f3fc7d67b996da13cec417f3e8c84695662
SHA256 545cda6f6b9d777e7c3badd149f66cadf2e174c94364e29cf73cbd85b5567933
SHA512 c01a4e5c004c557112a6d497789a4482bdcf6adb8ae4e24a03e45eb1453cc38cc647a88ca5e0ceb1d3763a533e456e2843edc73535f93bf2039308a09af4d7dc

memory/2256-80-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/1244-79-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/1244-77-0x000000013F500000-0x000000013F854000-memory.dmp

memory/1244-76-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2584-75-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2568-69-0x000000013F500000-0x000000013F854000-memory.dmp

C:\Windows\system\KnzSTKI.exe

MD5 bbe64f77527fc1fe96af334aaa5ad690
SHA1 0b238955490a72f254fc8f11136e49e301cd2ad2
SHA256 4e1aeb0c7117a6d3993ea48fa1b62160022d8b04f82ce76b4d7c743f1777f515
SHA512 4438ba0ba91d4c1dca1e0c5cda2175ba6b37692515a18c27b8f9bc4801593e6991384bd653d708c0215cfa6a712ac20d9ff99cabfd17bb0c14b0c334a39197a9

memory/2556-65-0x000000013FAE0000-0x000000013FE34000-memory.dmp

C:\Windows\system\SUCgUug.exe

MD5 ac2f860806051e7cff851c666c2c51f6
SHA1 ae21832f29a9597d920554a372e4ca03be0fb7d8
SHA256 44c61bd85f46a948b7abb673fb42a45f5bd49661b80e9205cc3ccf2ba4783b4e
SHA512 889e486ab77e345f35470bde996f74f77f4943255a40ef9aa552312c96009e99d4e2464558c91ae88e462bddb4cabc0d6b546ae145163b506abb4abbe992b56f

memory/1244-61-0x000000013FAE0000-0x000000013FE34000-memory.dmp

memory/2144-55-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

C:\Windows\system\ETxLIkS.exe

MD5 96b0acc9b5137313eda1a60a9d91ff54
SHA1 32acee27cec3bb1f78e52696f3fd9b043ffad6cd
SHA256 42abac1b6dbc11aa5ca2780e0219a54c85a7f71e3a8c81ca66b70bf756464432
SHA512 6bfb4f0365d6cbf6fbf396daf3efdea4d4bc2659298456e994ada8ceb46eb684f371e964739057c19bc4021686395d574eb7b64fe06da747585b057e1e455902

C:\Windows\system\aPxBtvH.exe

MD5 61f7aabbb56229c7df80532a0eea868e
SHA1 7717383ea0f346eed377dca84b3bf33b82697123
SHA256 2c51e64e33731547fe43145424df177c1bd120132afd028445f82205ebb73c2a
SHA512 c1e14791e9b65342f99665e490f47f2e121072b077f6d7a9e80a19d5a85dc63fc6480d720da028fdc18038ee556af8536c6857c1b29a3c16cf25e38b4aa469e8

memory/1244-51-0x000000013F820000-0x000000013FB74000-memory.dmp

C:\Windows\system\RAfdprV.exe

MD5 864c1e8c0da7e8582c53fe3fe3cd726b
SHA1 5682ae6ba64674dd327b274123516450335d8308
SHA256 48e596c4f3a39d47e7f4b209dbdf5720a072c14b3e109bd86ff3da6c70e5f0b1
SHA512 b5becf0705211455b50ee28f33fbf6ddeb75be1e7184d0b0b7f203c6027a9d5d6cf1f48aa87e3c2a72bb644c2463337ba98d31342be4318beb16cd41621ffc66

memory/1244-42-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/2268-36-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2480-2670-0x000000013F310000-0x000000013F664000-memory.dmp

memory/1244-2845-0x0000000002150000-0x00000000024A4000-memory.dmp

memory/3016-2969-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/1244-3057-0x000000013F610000-0x000000013F964000-memory.dmp

memory/1244-3589-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/1944-4017-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/1164-4018-0x000000013F630000-0x000000013F984000-memory.dmp

memory/548-4019-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2928-4020-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/2144-4021-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/2568-4022-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2664-4025-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2584-4024-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2556-4023-0x000000013FAE0000-0x000000013FE34000-memory.dmp

memory/2256-4026-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/3016-4027-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2268-4028-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2480-4029-0x000000013F310000-0x000000013F664000-memory.dmp

memory/1764-4030-0x000000013F610000-0x000000013F964000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 02:44

Reported

2024-05-27 02:47

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fUWpuYp.exe N/A
N/A N/A C:\Windows\System\YheniUQ.exe N/A
N/A N/A C:\Windows\System\yAqldtq.exe N/A
N/A N/A C:\Windows\System\NXcuWnt.exe N/A
N/A N/A C:\Windows\System\TQrnTRf.exe N/A
N/A N/A C:\Windows\System\AvMNBCt.exe N/A
N/A N/A C:\Windows\System\RAfdprV.exe N/A
N/A N/A C:\Windows\System\aPxBtvH.exe N/A
N/A N/A C:\Windows\System\KnzSTKI.exe N/A
N/A N/A C:\Windows\System\ETxLIkS.exe N/A
N/A N/A C:\Windows\System\bMAoVXr.exe N/A
N/A N/A C:\Windows\System\SUCgUug.exe N/A
N/A N/A C:\Windows\System\cuskZAO.exe N/A
N/A N/A C:\Windows\System\ZfSfVal.exe N/A
N/A N/A C:\Windows\System\xYyQBnF.exe N/A
N/A N/A C:\Windows\System\kgCDcDz.exe N/A
N/A N/A C:\Windows\System\uNnyNbH.exe N/A
N/A N/A C:\Windows\System\SIlXTaO.exe N/A
N/A N/A C:\Windows\System\TSpJQzT.exe N/A
N/A N/A C:\Windows\System\zAtPzsR.exe N/A
N/A N/A C:\Windows\System\YNLccmK.exe N/A
N/A N/A C:\Windows\System\YSzagWZ.exe N/A
N/A N/A C:\Windows\System\uHOqzYM.exe N/A
N/A N/A C:\Windows\System\evyeNEX.exe N/A
N/A N/A C:\Windows\System\RIlqqZL.exe N/A
N/A N/A C:\Windows\System\ilVXXiz.exe N/A
N/A N/A C:\Windows\System\ibDPAEf.exe N/A
N/A N/A C:\Windows\System\gwsfSEQ.exe N/A
N/A N/A C:\Windows\System\lUlEiwT.exe N/A
N/A N/A C:\Windows\System\zTNauPf.exe N/A
N/A N/A C:\Windows\System\mkzzjIz.exe N/A
N/A N/A C:\Windows\System\OwRqBPS.exe N/A
N/A N/A C:\Windows\System\VjDHypF.exe N/A
N/A N/A C:\Windows\System\SwMcPhj.exe N/A
N/A N/A C:\Windows\System\aKdzTHB.exe N/A
N/A N/A C:\Windows\System\NOjpBHu.exe N/A
N/A N/A C:\Windows\System\LlyCQSJ.exe N/A
N/A N/A C:\Windows\System\DhnGrIB.exe N/A
N/A N/A C:\Windows\System\NXnpZfJ.exe N/A
N/A N/A C:\Windows\System\wvvubsY.exe N/A
N/A N/A C:\Windows\System\gZcaXJx.exe N/A
N/A N/A C:\Windows\System\HkAzoaU.exe N/A
N/A N/A C:\Windows\System\caVHpun.exe N/A
N/A N/A C:\Windows\System\XHngTNP.exe N/A
N/A N/A C:\Windows\System\YuNTJQS.exe N/A
N/A N/A C:\Windows\System\aPpSuKr.exe N/A
N/A N/A C:\Windows\System\jwvgpUz.exe N/A
N/A N/A C:\Windows\System\fcaXBqX.exe N/A
N/A N/A C:\Windows\System\CqjcvWX.exe N/A
N/A N/A C:\Windows\System\TIjwjcr.exe N/A
N/A N/A C:\Windows\System\zvaFlLe.exe N/A
N/A N/A C:\Windows\System\ffgKZaP.exe N/A
N/A N/A C:\Windows\System\czXbmTU.exe N/A
N/A N/A C:\Windows\System\RBDusSl.exe N/A
N/A N/A C:\Windows\System\OtWGwOP.exe N/A
N/A N/A C:\Windows\System\CQfAqxf.exe N/A
N/A N/A C:\Windows\System\FPsslkF.exe N/A
N/A N/A C:\Windows\System\AyMiyPc.exe N/A
N/A N/A C:\Windows\System\lwoiCra.exe N/A
N/A N/A C:\Windows\System\HAPRIjz.exe N/A
N/A N/A C:\Windows\System\Hdynkls.exe N/A
N/A N/A C:\Windows\System\ghFUMdL.exe N/A
N/A N/A C:\Windows\System\qmimNbB.exe N/A
N/A N/A C:\Windows\System\UtfvCyy.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\gkeWMva.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCHWCBT.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\cFKcWvg.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdzTNhw.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\sclVWLd.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EKHIiwg.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IEntSBs.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\XvvJfOa.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObTLldL.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ogaizcP.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\bXfNtZU.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\TrHWQKg.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\NmnJDQy.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\nbJFOkL.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlTAaqC.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\NBlYgQN.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhwreKn.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\aFQhoGa.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\aQTMjcY.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\zrPfxNA.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vXqdvdv.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\oaBmPSM.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\grCsQoU.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\SFsrJfW.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWRMCCa.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGuFZgJ.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\LpMWVyL.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\annuxHM.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\JFQGFVC.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZQgKefb.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFiAxvv.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\UXoSolF.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUJJibL.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\AlACwlp.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhMPfIg.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vasgYpu.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\uCqTqhd.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\iPpitkE.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\MHrLMeH.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQSStVQ.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\FShoXKi.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\CdogbSs.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQHFrzI.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\lMBtSrY.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqzvCIa.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\opqSZMB.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\fcJbOUa.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\rCKPDFe.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ebJqvey.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\oIxRIuD.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\Qurrqip.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDpZqHj.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilxUOEq.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJJkyfz.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ikAMYaU.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\AFmpkNw.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\YSzagWZ.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\DhnGrIB.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\SakFgqV.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mBgdqEg.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\cZwBaGe.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuNTJQS.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\BEKNDHB.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A
File created C:\Windows\System\nTqEfzx.exe C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3660 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\fUWpuYp.exe
PID 3660 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\fUWpuYp.exe
PID 3660 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YheniUQ.exe
PID 3660 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YheniUQ.exe
PID 3660 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\yAqldtq.exe
PID 3660 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\yAqldtq.exe
PID 3660 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\NXcuWnt.exe
PID 3660 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\NXcuWnt.exe
PID 3660 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TQrnTRf.exe
PID 3660 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TQrnTRf.exe
PID 3660 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\AvMNBCt.exe
PID 3660 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\AvMNBCt.exe
PID 3660 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\RAfdprV.exe
PID 3660 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\RAfdprV.exe
PID 3660 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\aPxBtvH.exe
PID 3660 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\aPxBtvH.exe
PID 3660 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\KnzSTKI.exe
PID 3660 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\KnzSTKI.exe
PID 3660 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ETxLIkS.exe
PID 3660 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ETxLIkS.exe
PID 3660 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\bMAoVXr.exe
PID 3660 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\bMAoVXr.exe
PID 3660 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SUCgUug.exe
PID 3660 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SUCgUug.exe
PID 3660 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\cuskZAO.exe
PID 3660 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\cuskZAO.exe
PID 3660 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ZfSfVal.exe
PID 3660 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ZfSfVal.exe
PID 3660 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\xYyQBnF.exe
PID 3660 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\xYyQBnF.exe
PID 3660 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\kgCDcDz.exe
PID 3660 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\kgCDcDz.exe
PID 3660 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\uNnyNbH.exe
PID 3660 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\uNnyNbH.exe
PID 3660 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SIlXTaO.exe
PID 3660 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\SIlXTaO.exe
PID 3660 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TSpJQzT.exe
PID 3660 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\TSpJQzT.exe
PID 3660 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\zAtPzsR.exe
PID 3660 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\zAtPzsR.exe
PID 3660 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YNLccmK.exe
PID 3660 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YNLccmK.exe
PID 3660 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YSzagWZ.exe
PID 3660 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\YSzagWZ.exe
PID 3660 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\uHOqzYM.exe
PID 3660 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\uHOqzYM.exe
PID 3660 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\evyeNEX.exe
PID 3660 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\evyeNEX.exe
PID 3660 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\RIlqqZL.exe
PID 3660 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\RIlqqZL.exe
PID 3660 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ilVXXiz.exe
PID 3660 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ilVXXiz.exe
PID 3660 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ibDPAEf.exe
PID 3660 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\ibDPAEf.exe
PID 3660 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\gwsfSEQ.exe
PID 3660 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\gwsfSEQ.exe
PID 3660 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\lUlEiwT.exe
PID 3660 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\lUlEiwT.exe
PID 3660 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\zTNauPf.exe
PID 3660 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\zTNauPf.exe
PID 3660 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\mkzzjIz.exe
PID 3660 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\mkzzjIz.exe
PID 3660 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\OwRqBPS.exe
PID 3660 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe C:\Windows\System\OwRqBPS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1af4de48c19faa20d1b64b1a738e1890_NeikiAnalytics.exe"

C:\Windows\System\fUWpuYp.exe

C:\Windows\System\fUWpuYp.exe

C:\Windows\System\YheniUQ.exe

C:\Windows\System\YheniUQ.exe

C:\Windows\System\yAqldtq.exe

C:\Windows\System\yAqldtq.exe

C:\Windows\System\NXcuWnt.exe

C:\Windows\System\NXcuWnt.exe

C:\Windows\System\TQrnTRf.exe

C:\Windows\System\TQrnTRf.exe

C:\Windows\System\AvMNBCt.exe

C:\Windows\System\AvMNBCt.exe

C:\Windows\System\RAfdprV.exe

C:\Windows\System\RAfdprV.exe

C:\Windows\System\aPxBtvH.exe

C:\Windows\System\aPxBtvH.exe

C:\Windows\System\KnzSTKI.exe

C:\Windows\System\KnzSTKI.exe

C:\Windows\System\ETxLIkS.exe

C:\Windows\System\ETxLIkS.exe

C:\Windows\System\bMAoVXr.exe

C:\Windows\System\bMAoVXr.exe

C:\Windows\System\SUCgUug.exe

C:\Windows\System\SUCgUug.exe

C:\Windows\System\cuskZAO.exe

C:\Windows\System\cuskZAO.exe

C:\Windows\System\ZfSfVal.exe

C:\Windows\System\ZfSfVal.exe

C:\Windows\System\xYyQBnF.exe

C:\Windows\System\xYyQBnF.exe

C:\Windows\System\kgCDcDz.exe

C:\Windows\System\kgCDcDz.exe

C:\Windows\System\uNnyNbH.exe

C:\Windows\System\uNnyNbH.exe

C:\Windows\System\SIlXTaO.exe

C:\Windows\System\SIlXTaO.exe

C:\Windows\System\TSpJQzT.exe

C:\Windows\System\TSpJQzT.exe

C:\Windows\System\zAtPzsR.exe

C:\Windows\System\zAtPzsR.exe

C:\Windows\System\YNLccmK.exe

C:\Windows\System\YNLccmK.exe

C:\Windows\System\YSzagWZ.exe

C:\Windows\System\YSzagWZ.exe

C:\Windows\System\uHOqzYM.exe

C:\Windows\System\uHOqzYM.exe

C:\Windows\System\evyeNEX.exe

C:\Windows\System\evyeNEX.exe

C:\Windows\System\RIlqqZL.exe

C:\Windows\System\RIlqqZL.exe

C:\Windows\System\ilVXXiz.exe

C:\Windows\System\ilVXXiz.exe

C:\Windows\System\ibDPAEf.exe

C:\Windows\System\ibDPAEf.exe

C:\Windows\System\gwsfSEQ.exe

C:\Windows\System\gwsfSEQ.exe

C:\Windows\System\lUlEiwT.exe

C:\Windows\System\lUlEiwT.exe

C:\Windows\System\zTNauPf.exe

C:\Windows\System\zTNauPf.exe

C:\Windows\System\mkzzjIz.exe

C:\Windows\System\mkzzjIz.exe

C:\Windows\System\OwRqBPS.exe

C:\Windows\System\OwRqBPS.exe

C:\Windows\System\VjDHypF.exe

C:\Windows\System\VjDHypF.exe

C:\Windows\System\SwMcPhj.exe

C:\Windows\System\SwMcPhj.exe

C:\Windows\System\aKdzTHB.exe

C:\Windows\System\aKdzTHB.exe

C:\Windows\System\NOjpBHu.exe

C:\Windows\System\NOjpBHu.exe

C:\Windows\System\LlyCQSJ.exe

C:\Windows\System\LlyCQSJ.exe

C:\Windows\System\DhnGrIB.exe

C:\Windows\System\DhnGrIB.exe

C:\Windows\System\NXnpZfJ.exe

C:\Windows\System\NXnpZfJ.exe

C:\Windows\System\wvvubsY.exe

C:\Windows\System\wvvubsY.exe

C:\Windows\System\gZcaXJx.exe

C:\Windows\System\gZcaXJx.exe

C:\Windows\System\HkAzoaU.exe

C:\Windows\System\HkAzoaU.exe

C:\Windows\System\caVHpun.exe

C:\Windows\System\caVHpun.exe

C:\Windows\System\XHngTNP.exe

C:\Windows\System\XHngTNP.exe

C:\Windows\System\YuNTJQS.exe

C:\Windows\System\YuNTJQS.exe

C:\Windows\System\aPpSuKr.exe

C:\Windows\System\aPpSuKr.exe

C:\Windows\System\jwvgpUz.exe

C:\Windows\System\jwvgpUz.exe

C:\Windows\System\fcaXBqX.exe

C:\Windows\System\fcaXBqX.exe

C:\Windows\System\CqjcvWX.exe

C:\Windows\System\CqjcvWX.exe

C:\Windows\System\TIjwjcr.exe

C:\Windows\System\TIjwjcr.exe

C:\Windows\System\zvaFlLe.exe

C:\Windows\System\zvaFlLe.exe

C:\Windows\System\ffgKZaP.exe

C:\Windows\System\ffgKZaP.exe

C:\Windows\System\czXbmTU.exe

C:\Windows\System\czXbmTU.exe

C:\Windows\System\RBDusSl.exe

C:\Windows\System\RBDusSl.exe

C:\Windows\System\OtWGwOP.exe

C:\Windows\System\OtWGwOP.exe

C:\Windows\System\CQfAqxf.exe

C:\Windows\System\CQfAqxf.exe

C:\Windows\System\FPsslkF.exe

C:\Windows\System\FPsslkF.exe

C:\Windows\System\AyMiyPc.exe

C:\Windows\System\AyMiyPc.exe

C:\Windows\System\lwoiCra.exe

C:\Windows\System\lwoiCra.exe

C:\Windows\System\HAPRIjz.exe

C:\Windows\System\HAPRIjz.exe

C:\Windows\System\Hdynkls.exe

C:\Windows\System\Hdynkls.exe

C:\Windows\System\ghFUMdL.exe

C:\Windows\System\ghFUMdL.exe

C:\Windows\System\qmimNbB.exe

C:\Windows\System\qmimNbB.exe

C:\Windows\System\UtfvCyy.exe

C:\Windows\System\UtfvCyy.exe

C:\Windows\System\jLRUvSH.exe

C:\Windows\System\jLRUvSH.exe

C:\Windows\System\KzzrbFX.exe

C:\Windows\System\KzzrbFX.exe

C:\Windows\System\LElvuLu.exe

C:\Windows\System\LElvuLu.exe

C:\Windows\System\iWzPBPr.exe

C:\Windows\System\iWzPBPr.exe

C:\Windows\System\fywKSgP.exe

C:\Windows\System\fywKSgP.exe

C:\Windows\System\ebJqvey.exe

C:\Windows\System\ebJqvey.exe

C:\Windows\System\Qurrqip.exe

C:\Windows\System\Qurrqip.exe

C:\Windows\System\FZXgVBp.exe

C:\Windows\System\FZXgVBp.exe

C:\Windows\System\cadLGCc.exe

C:\Windows\System\cadLGCc.exe

C:\Windows\System\ASkGzvx.exe

C:\Windows\System\ASkGzvx.exe

C:\Windows\System\cSSYOyk.exe

C:\Windows\System\cSSYOyk.exe

C:\Windows\System\zuvTWIR.exe

C:\Windows\System\zuvTWIR.exe

C:\Windows\System\eBKAbWD.exe

C:\Windows\System\eBKAbWD.exe

C:\Windows\System\EJBBFnX.exe

C:\Windows\System\EJBBFnX.exe

C:\Windows\System\cvzOjXU.exe

C:\Windows\System\cvzOjXU.exe

C:\Windows\System\cNgrapF.exe

C:\Windows\System\cNgrapF.exe

C:\Windows\System\YTUOwaC.exe

C:\Windows\System\YTUOwaC.exe

C:\Windows\System\vWgenmg.exe

C:\Windows\System\vWgenmg.exe

C:\Windows\System\yFhUBzP.exe

C:\Windows\System\yFhUBzP.exe

C:\Windows\System\ZQgKefb.exe

C:\Windows\System\ZQgKefb.exe

C:\Windows\System\BDpZqHj.exe

C:\Windows\System\BDpZqHj.exe

C:\Windows\System\kgBQofE.exe

C:\Windows\System\kgBQofE.exe

C:\Windows\System\YVMpQJv.exe

C:\Windows\System\YVMpQJv.exe

C:\Windows\System\npxAQhb.exe

C:\Windows\System\npxAQhb.exe

C:\Windows\System\KiSAIeS.exe

C:\Windows\System\KiSAIeS.exe

C:\Windows\System\uCqTqhd.exe

C:\Windows\System\uCqTqhd.exe

C:\Windows\System\zOsnokb.exe

C:\Windows\System\zOsnokb.exe

C:\Windows\System\whXTQPM.exe

C:\Windows\System\whXTQPM.exe

C:\Windows\System\VoqXfFd.exe

C:\Windows\System\VoqXfFd.exe

C:\Windows\System\pobyBer.exe

C:\Windows\System\pobyBer.exe

C:\Windows\System\XNRZHxk.exe

C:\Windows\System\XNRZHxk.exe

C:\Windows\System\fNtEJvd.exe

C:\Windows\System\fNtEJvd.exe

C:\Windows\System\rhGlSGF.exe

C:\Windows\System\rhGlSGF.exe

C:\Windows\System\nJnJsHA.exe

C:\Windows\System\nJnJsHA.exe

C:\Windows\System\CZSFLuH.exe

C:\Windows\System\CZSFLuH.exe

C:\Windows\System\YovleSJ.exe

C:\Windows\System\YovleSJ.exe

C:\Windows\System\bpiKxHB.exe

C:\Windows\System\bpiKxHB.exe

C:\Windows\System\fLYewwE.exe

C:\Windows\System\fLYewwE.exe

C:\Windows\System\gCJzQgk.exe

C:\Windows\System\gCJzQgk.exe

C:\Windows\System\BEKNDHB.exe

C:\Windows\System\BEKNDHB.exe

C:\Windows\System\ilwsPrM.exe

C:\Windows\System\ilwsPrM.exe

C:\Windows\System\sFiAxvv.exe

C:\Windows\System\sFiAxvv.exe

C:\Windows\System\SMXqvkc.exe

C:\Windows\System\SMXqvkc.exe

C:\Windows\System\nRSwegw.exe

C:\Windows\System\nRSwegw.exe

C:\Windows\System\doBHPSR.exe

C:\Windows\System\doBHPSR.exe

C:\Windows\System\BtaBCFw.exe

C:\Windows\System\BtaBCFw.exe

C:\Windows\System\MOgRpXA.exe

C:\Windows\System\MOgRpXA.exe

C:\Windows\System\PDIJFOB.exe

C:\Windows\System\PDIJFOB.exe

C:\Windows\System\KnzCdTI.exe

C:\Windows\System\KnzCdTI.exe

C:\Windows\System\CWrQXYb.exe

C:\Windows\System\CWrQXYb.exe

C:\Windows\System\cFKcWvg.exe

C:\Windows\System\cFKcWvg.exe

C:\Windows\System\uVjwrxK.exe

C:\Windows\System\uVjwrxK.exe

C:\Windows\System\xbsZFSp.exe

C:\Windows\System\xbsZFSp.exe

C:\Windows\System\jPWfYKV.exe

C:\Windows\System\jPWfYKV.exe

C:\Windows\System\sLnqaZw.exe

C:\Windows\System\sLnqaZw.exe

C:\Windows\System\lmAmFku.exe

C:\Windows\System\lmAmFku.exe

C:\Windows\System\eOfvYfW.exe

C:\Windows\System\eOfvYfW.exe

C:\Windows\System\gVoIvQO.exe

C:\Windows\System\gVoIvQO.exe

C:\Windows\System\rxRstlG.exe

C:\Windows\System\rxRstlG.exe

C:\Windows\System\yBQmOIe.exe

C:\Windows\System\yBQmOIe.exe

C:\Windows\System\rsUyxmB.exe

C:\Windows\System\rsUyxmB.exe

C:\Windows\System\abcFbeH.exe

C:\Windows\System\abcFbeH.exe

C:\Windows\System\RWAzbHk.exe

C:\Windows\System\RWAzbHk.exe

C:\Windows\System\uwqTgwV.exe

C:\Windows\System\uwqTgwV.exe

C:\Windows\System\zIwKiaI.exe

C:\Windows\System\zIwKiaI.exe

C:\Windows\System\qLTcHDT.exe

C:\Windows\System\qLTcHDT.exe

C:\Windows\System\XvvJfOa.exe

C:\Windows\System\XvvJfOa.exe

C:\Windows\System\zrPfxNA.exe

C:\Windows\System\zrPfxNA.exe

C:\Windows\System\kLDwpfE.exe

C:\Windows\System\kLDwpfE.exe

C:\Windows\System\JlLxPBq.exe

C:\Windows\System\JlLxPBq.exe

C:\Windows\System\DKTGlNX.exe

C:\Windows\System\DKTGlNX.exe

C:\Windows\System\UdzTNhw.exe

C:\Windows\System\UdzTNhw.exe

C:\Windows\System\ZOwybsK.exe

C:\Windows\System\ZOwybsK.exe

C:\Windows\System\SJRmuKI.exe

C:\Windows\System\SJRmuKI.exe

C:\Windows\System\XCvBaiJ.exe

C:\Windows\System\XCvBaiJ.exe

C:\Windows\System\HFoDmgl.exe

C:\Windows\System\HFoDmgl.exe

C:\Windows\System\KjwspxU.exe

C:\Windows\System\KjwspxU.exe

C:\Windows\System\vgpRGUD.exe

C:\Windows\System\vgpRGUD.exe

C:\Windows\System\bccdiaC.exe

C:\Windows\System\bccdiaC.exe

C:\Windows\System\FdpeQLc.exe

C:\Windows\System\FdpeQLc.exe

C:\Windows\System\KShkhnZ.exe

C:\Windows\System\KShkhnZ.exe

C:\Windows\System\BbtNbni.exe

C:\Windows\System\BbtNbni.exe

C:\Windows\System\hOGXnXL.exe

C:\Windows\System\hOGXnXL.exe

C:\Windows\System\apPAPwc.exe

C:\Windows\System\apPAPwc.exe

C:\Windows\System\srxtzgR.exe

C:\Windows\System\srxtzgR.exe

C:\Windows\System\UQInfPN.exe

C:\Windows\System\UQInfPN.exe

C:\Windows\System\qbWDOqY.exe

C:\Windows\System\qbWDOqY.exe

C:\Windows\System\xLTSrAF.exe

C:\Windows\System\xLTSrAF.exe

C:\Windows\System\GBrVJDr.exe

C:\Windows\System\GBrVJDr.exe

C:\Windows\System\nPGORkA.exe

C:\Windows\System\nPGORkA.exe

C:\Windows\System\dwEUYhn.exe

C:\Windows\System\dwEUYhn.exe

C:\Windows\System\vXqdvdv.exe

C:\Windows\System\vXqdvdv.exe

C:\Windows\System\vaxSgUQ.exe

C:\Windows\System\vaxSgUQ.exe

C:\Windows\System\LXdniky.exe

C:\Windows\System\LXdniky.exe

C:\Windows\System\vkYppxY.exe

C:\Windows\System\vkYppxY.exe

C:\Windows\System\lZfqoHx.exe

C:\Windows\System\lZfqoHx.exe

C:\Windows\System\IxaKPqn.exe

C:\Windows\System\IxaKPqn.exe

C:\Windows\System\eNkhAdm.exe

C:\Windows\System\eNkhAdm.exe

C:\Windows\System\cIxPcea.exe

C:\Windows\System\cIxPcea.exe

C:\Windows\System\fLMblcg.exe

C:\Windows\System\fLMblcg.exe

C:\Windows\System\BfgDide.exe

C:\Windows\System\BfgDide.exe

C:\Windows\System\nTqEfzx.exe

C:\Windows\System\nTqEfzx.exe

C:\Windows\System\PSkIgZa.exe

C:\Windows\System\PSkIgZa.exe

C:\Windows\System\zoTJDLv.exe

C:\Windows\System\zoTJDLv.exe

C:\Windows\System\vNyxdnq.exe

C:\Windows\System\vNyxdnq.exe

C:\Windows\System\GqmqKgn.exe

C:\Windows\System\GqmqKgn.exe

C:\Windows\System\VqTBNLy.exe

C:\Windows\System\VqTBNLy.exe

C:\Windows\System\Hlhmiij.exe

C:\Windows\System\Hlhmiij.exe

C:\Windows\System\wlQPdaU.exe

C:\Windows\System\wlQPdaU.exe

C:\Windows\System\ztoSsvo.exe

C:\Windows\System\ztoSsvo.exe

C:\Windows\System\thOgTmL.exe

C:\Windows\System\thOgTmL.exe

C:\Windows\System\JFNfVjY.exe

C:\Windows\System\JFNfVjY.exe

C:\Windows\System\RFgbxgA.exe

C:\Windows\System\RFgbxgA.exe

C:\Windows\System\PPKziuT.exe

C:\Windows\System\PPKziuT.exe

C:\Windows\System\OqFjTYy.exe

C:\Windows\System\OqFjTYy.exe

C:\Windows\System\MYKpmig.exe

C:\Windows\System\MYKpmig.exe

C:\Windows\System\Bdfwoqn.exe

C:\Windows\System\Bdfwoqn.exe

C:\Windows\System\thBuhaI.exe

C:\Windows\System\thBuhaI.exe

C:\Windows\System\qiHwBPt.exe

C:\Windows\System\qiHwBPt.exe

C:\Windows\System\CPXIIXN.exe

C:\Windows\System\CPXIIXN.exe

C:\Windows\System\mpqFRBD.exe

C:\Windows\System\mpqFRBD.exe

C:\Windows\System\yvISkul.exe

C:\Windows\System\yvISkul.exe

C:\Windows\System\RYsrqsT.exe

C:\Windows\System\RYsrqsT.exe

C:\Windows\System\lMBtSrY.exe

C:\Windows\System\lMBtSrY.exe

C:\Windows\System\XaMyaqv.exe

C:\Windows\System\XaMyaqv.exe

C:\Windows\System\IGQQguJ.exe

C:\Windows\System\IGQQguJ.exe

C:\Windows\System\TrHWQKg.exe

C:\Windows\System\TrHWQKg.exe

C:\Windows\System\dNHfZop.exe

C:\Windows\System\dNHfZop.exe

C:\Windows\System\fyZFmSb.exe

C:\Windows\System\fyZFmSb.exe

C:\Windows\System\LrJcPiv.exe

C:\Windows\System\LrJcPiv.exe

C:\Windows\System\YQQDTja.exe

C:\Windows\System\YQQDTja.exe

C:\Windows\System\gkoYHzo.exe

C:\Windows\System\gkoYHzo.exe

C:\Windows\System\TjdTUPV.exe

C:\Windows\System\TjdTUPV.exe

C:\Windows\System\iPpitkE.exe

C:\Windows\System\iPpitkE.exe

C:\Windows\System\ausgqzA.exe

C:\Windows\System\ausgqzA.exe

C:\Windows\System\lleOhFM.exe

C:\Windows\System\lleOhFM.exe

C:\Windows\System\bDQklST.exe

C:\Windows\System\bDQklST.exe

C:\Windows\System\VPhaVqg.exe

C:\Windows\System\VPhaVqg.exe

C:\Windows\System\DyHudgX.exe

C:\Windows\System\DyHudgX.exe

C:\Windows\System\fNpyncQ.exe

C:\Windows\System\fNpyncQ.exe

C:\Windows\System\bEkMPNF.exe

C:\Windows\System\bEkMPNF.exe

C:\Windows\System\tRtXEXy.exe

C:\Windows\System\tRtXEXy.exe

C:\Windows\System\KNCrnMD.exe

C:\Windows\System\KNCrnMD.exe

C:\Windows\System\QhleFmr.exe

C:\Windows\System\QhleFmr.exe

C:\Windows\System\vaGUofm.exe

C:\Windows\System\vaGUofm.exe

C:\Windows\System\oANZOlY.exe

C:\Windows\System\oANZOlY.exe

C:\Windows\System\aLzynlg.exe

C:\Windows\System\aLzynlg.exe

C:\Windows\System\ObTLldL.exe

C:\Windows\System\ObTLldL.exe

C:\Windows\System\UTbGLTL.exe

C:\Windows\System\UTbGLTL.exe

C:\Windows\System\EdXNDjN.exe

C:\Windows\System\EdXNDjN.exe

C:\Windows\System\nnVWrJb.exe

C:\Windows\System\nnVWrJb.exe

C:\Windows\System\BjzAegz.exe

C:\Windows\System\BjzAegz.exe

C:\Windows\System\upRIiKi.exe

C:\Windows\System\upRIiKi.exe

C:\Windows\System\huFqrpn.exe

C:\Windows\System\huFqrpn.exe

C:\Windows\System\BpyVkSg.exe

C:\Windows\System\BpyVkSg.exe

C:\Windows\System\GLKtwWY.exe

C:\Windows\System\GLKtwWY.exe

C:\Windows\System\TcvBUbw.exe

C:\Windows\System\TcvBUbw.exe

C:\Windows\System\EiTbQac.exe

C:\Windows\System\EiTbQac.exe

C:\Windows\System\MkDXwPi.exe

C:\Windows\System\MkDXwPi.exe

C:\Windows\System\BALUzpV.exe

C:\Windows\System\BALUzpV.exe

C:\Windows\System\OhPsWJA.exe

C:\Windows\System\OhPsWJA.exe

C:\Windows\System\yJvlAhV.exe

C:\Windows\System\yJvlAhV.exe

C:\Windows\System\cNTBffZ.exe

C:\Windows\System\cNTBffZ.exe

C:\Windows\System\ZLpIKix.exe

C:\Windows\System\ZLpIKix.exe

C:\Windows\System\ttewiMw.exe

C:\Windows\System\ttewiMw.exe

C:\Windows\System\qogYwVo.exe

C:\Windows\System\qogYwVo.exe

C:\Windows\System\NPTvdcO.exe

C:\Windows\System\NPTvdcO.exe

C:\Windows\System\LPDoKsh.exe

C:\Windows\System\LPDoKsh.exe

C:\Windows\System\sSgXIaC.exe

C:\Windows\System\sSgXIaC.exe

C:\Windows\System\mBmkOfI.exe

C:\Windows\System\mBmkOfI.exe

C:\Windows\System\CHjkjbw.exe

C:\Windows\System\CHjkjbw.exe

C:\Windows\System\DFZVJMd.exe

C:\Windows\System\DFZVJMd.exe

C:\Windows\System\EWlIGjw.exe

C:\Windows\System\EWlIGjw.exe

C:\Windows\System\NmnJDQy.exe

C:\Windows\System\NmnJDQy.exe

C:\Windows\System\tVRxnnx.exe

C:\Windows\System\tVRxnnx.exe

C:\Windows\System\RFYBQlM.exe

C:\Windows\System\RFYBQlM.exe

C:\Windows\System\ogaizcP.exe

C:\Windows\System\ogaizcP.exe

C:\Windows\System\VPnvdNg.exe

C:\Windows\System\VPnvdNg.exe

C:\Windows\System\OuHSAPh.exe

C:\Windows\System\OuHSAPh.exe

C:\Windows\System\LtWQTmR.exe

C:\Windows\System\LtWQTmR.exe

C:\Windows\System\CGZHyvy.exe

C:\Windows\System\CGZHyvy.exe

C:\Windows\System\yUISAZp.exe

C:\Windows\System\yUISAZp.exe

C:\Windows\System\nbJFOkL.exe

C:\Windows\System\nbJFOkL.exe

C:\Windows\System\NHZzSjN.exe

C:\Windows\System\NHZzSjN.exe

C:\Windows\System\uunloyy.exe

C:\Windows\System\uunloyy.exe

C:\Windows\System\lUWPUZd.exe

C:\Windows\System\lUWPUZd.exe

C:\Windows\System\SXOGMcQ.exe

C:\Windows\System\SXOGMcQ.exe

C:\Windows\System\gAvmgmF.exe

C:\Windows\System\gAvmgmF.exe

C:\Windows\System\mnnxKCJ.exe

C:\Windows\System\mnnxKCJ.exe

C:\Windows\System\RHtdnhm.exe

C:\Windows\System\RHtdnhm.exe

C:\Windows\System\VazYGMU.exe

C:\Windows\System\VazYGMU.exe

C:\Windows\System\yqzvCIa.exe

C:\Windows\System\yqzvCIa.exe

C:\Windows\System\qeKHgdx.exe

C:\Windows\System\qeKHgdx.exe

C:\Windows\System\aiKJzaw.exe

C:\Windows\System\aiKJzaw.exe

C:\Windows\System\SObVqdg.exe

C:\Windows\System\SObVqdg.exe

C:\Windows\System\sLuLjYy.exe

C:\Windows\System\sLuLjYy.exe

C:\Windows\System\DmiWmhr.exe

C:\Windows\System\DmiWmhr.exe

C:\Windows\System\UXoSolF.exe

C:\Windows\System\UXoSolF.exe

C:\Windows\System\EIxUxMj.exe

C:\Windows\System\EIxUxMj.exe

C:\Windows\System\Mjnakvo.exe

C:\Windows\System\Mjnakvo.exe

C:\Windows\System\fZgTxDX.exe

C:\Windows\System\fZgTxDX.exe

C:\Windows\System\ucElzcZ.exe

C:\Windows\System\ucElzcZ.exe

C:\Windows\System\JgSHlfa.exe

C:\Windows\System\JgSHlfa.exe

C:\Windows\System\iWvvGeq.exe

C:\Windows\System\iWvvGeq.exe

C:\Windows\System\KbDBgbX.exe

C:\Windows\System\KbDBgbX.exe

C:\Windows\System\XOCsxWQ.exe

C:\Windows\System\XOCsxWQ.exe

C:\Windows\System\kgRfOxC.exe

C:\Windows\System\kgRfOxC.exe

C:\Windows\System\cfMvibL.exe

C:\Windows\System\cfMvibL.exe

C:\Windows\System\sgwmgbK.exe

C:\Windows\System\sgwmgbK.exe

C:\Windows\System\WvMMUZX.exe

C:\Windows\System\WvMMUZX.exe

C:\Windows\System\BzCeYwS.exe

C:\Windows\System\BzCeYwS.exe

C:\Windows\System\yWMptpd.exe

C:\Windows\System\yWMptpd.exe

C:\Windows\System\WKYXAbq.exe

C:\Windows\System\WKYXAbq.exe

C:\Windows\System\bXfNtZU.exe

C:\Windows\System\bXfNtZU.exe

C:\Windows\System\lAZIMIh.exe

C:\Windows\System\lAZIMIh.exe

C:\Windows\System\eyyrMJl.exe

C:\Windows\System\eyyrMJl.exe

C:\Windows\System\iLHtJlB.exe

C:\Windows\System\iLHtJlB.exe

C:\Windows\System\mdGKxXH.exe

C:\Windows\System\mdGKxXH.exe

C:\Windows\System\mmzSjJq.exe

C:\Windows\System\mmzSjJq.exe

C:\Windows\System\ATWwSLU.exe

C:\Windows\System\ATWwSLU.exe

C:\Windows\System\kBHtEwg.exe

C:\Windows\System\kBHtEwg.exe

C:\Windows\System\xbSlveI.exe

C:\Windows\System\xbSlveI.exe

C:\Windows\System\IxXsJZf.exe

C:\Windows\System\IxXsJZf.exe

C:\Windows\System\jOaueIq.exe

C:\Windows\System\jOaueIq.exe

C:\Windows\System\TjINfkf.exe

C:\Windows\System\TjINfkf.exe

C:\Windows\System\bPiqIJs.exe

C:\Windows\System\bPiqIJs.exe

C:\Windows\System\ZuQjTdo.exe

C:\Windows\System\ZuQjTdo.exe

C:\Windows\System\LETeQfw.exe

C:\Windows\System\LETeQfw.exe

C:\Windows\System\SqCwTEu.exe

C:\Windows\System\SqCwTEu.exe

C:\Windows\System\muzjaKj.exe

C:\Windows\System\muzjaKj.exe

C:\Windows\System\nFDEZjF.exe

C:\Windows\System\nFDEZjF.exe

C:\Windows\System\VBWMSKz.exe

C:\Windows\System\VBWMSKz.exe

C:\Windows\System\BNSIMhp.exe

C:\Windows\System\BNSIMhp.exe

C:\Windows\System\kMveaHR.exe

C:\Windows\System\kMveaHR.exe

C:\Windows\System\RsYngwT.exe

C:\Windows\System\RsYngwT.exe

C:\Windows\System\izVXsMW.exe

C:\Windows\System\izVXsMW.exe

C:\Windows\System\lhdwDlk.exe

C:\Windows\System\lhdwDlk.exe

C:\Windows\System\LcKXQQT.exe

C:\Windows\System\LcKXQQT.exe

C:\Windows\System\VqQUowF.exe

C:\Windows\System\VqQUowF.exe

C:\Windows\System\OhJfTAI.exe

C:\Windows\System\OhJfTAI.exe

C:\Windows\System\bQtvyTA.exe

C:\Windows\System\bQtvyTA.exe

C:\Windows\System\aCDWsJi.exe

C:\Windows\System\aCDWsJi.exe

C:\Windows\System\oVnVYqp.exe

C:\Windows\System\oVnVYqp.exe

C:\Windows\System\tSXhexc.exe

C:\Windows\System\tSXhexc.exe

C:\Windows\System\EfeGUmZ.exe

C:\Windows\System\EfeGUmZ.exe

C:\Windows\System\voEpZzx.exe

C:\Windows\System\voEpZzx.exe

C:\Windows\System\YwnztJx.exe

C:\Windows\System\YwnztJx.exe

C:\Windows\System\JSBNMBO.exe

C:\Windows\System\JSBNMBO.exe

C:\Windows\System\KALHwPf.exe

C:\Windows\System\KALHwPf.exe

C:\Windows\System\aJSNHSB.exe

C:\Windows\System\aJSNHSB.exe

C:\Windows\System\kZaFdaC.exe

C:\Windows\System\kZaFdaC.exe

C:\Windows\System\yNuejso.exe

C:\Windows\System\yNuejso.exe

C:\Windows\System\aUJJibL.exe

C:\Windows\System\aUJJibL.exe

C:\Windows\System\pcDwsfZ.exe

C:\Windows\System\pcDwsfZ.exe

C:\Windows\System\TlTAaqC.exe

C:\Windows\System\TlTAaqC.exe

C:\Windows\System\NWpXHdH.exe

C:\Windows\System\NWpXHdH.exe

C:\Windows\System\ZuvCjDC.exe

C:\Windows\System\ZuvCjDC.exe

C:\Windows\System\GgClavy.exe

C:\Windows\System\GgClavy.exe

C:\Windows\System\qKJMRYS.exe

C:\Windows\System\qKJMRYS.exe

C:\Windows\System\cjUFMdD.exe

C:\Windows\System\cjUFMdD.exe

C:\Windows\System\NBlYgQN.exe

C:\Windows\System\NBlYgQN.exe

C:\Windows\System\EfXfVSV.exe

C:\Windows\System\EfXfVSV.exe

C:\Windows\System\OPsCdAi.exe

C:\Windows\System\OPsCdAi.exe

C:\Windows\System\lRzlXyJ.exe

C:\Windows\System\lRzlXyJ.exe

C:\Windows\System\sclVWLd.exe

C:\Windows\System\sclVWLd.exe

C:\Windows\System\oIxRIuD.exe

C:\Windows\System\oIxRIuD.exe

C:\Windows\System\JmjQgeR.exe

C:\Windows\System\JmjQgeR.exe

C:\Windows\System\JcCiDsS.exe

C:\Windows\System\JcCiDsS.exe

C:\Windows\System\OHolkxm.exe

C:\Windows\System\OHolkxm.exe

C:\Windows\System\dhkayII.exe

C:\Windows\System\dhkayII.exe

C:\Windows\System\RzRNilM.exe

C:\Windows\System\RzRNilM.exe

C:\Windows\System\SkNXfFH.exe

C:\Windows\System\SkNXfFH.exe

C:\Windows\System\hTPeSqE.exe

C:\Windows\System\hTPeSqE.exe

C:\Windows\System\dmNITpb.exe

C:\Windows\System\dmNITpb.exe

C:\Windows\System\GikhIJk.exe

C:\Windows\System\GikhIJk.exe

C:\Windows\System\eWFFzYu.exe

C:\Windows\System\eWFFzYu.exe

C:\Windows\System\JxonLgi.exe

C:\Windows\System\JxonLgi.exe

C:\Windows\System\yuEDsat.exe

C:\Windows\System\yuEDsat.exe

C:\Windows\System\RGlbIaG.exe

C:\Windows\System\RGlbIaG.exe

C:\Windows\System\VZstiHE.exe

C:\Windows\System\VZstiHE.exe

C:\Windows\System\VJvUaXa.exe

C:\Windows\System\VJvUaXa.exe

C:\Windows\System\wLiqTCY.exe

C:\Windows\System\wLiqTCY.exe

C:\Windows\System\BxDMeJR.exe

C:\Windows\System\BxDMeJR.exe

C:\Windows\System\mgjUePX.exe

C:\Windows\System\mgjUePX.exe

C:\Windows\System\jcCxHCZ.exe

C:\Windows\System\jcCxHCZ.exe

C:\Windows\System\iNiBduC.exe

C:\Windows\System\iNiBduC.exe

C:\Windows\System\rvcPjma.exe

C:\Windows\System\rvcPjma.exe

C:\Windows\System\qcENhIc.exe

C:\Windows\System\qcENhIc.exe

C:\Windows\System\fiqTBJV.exe

C:\Windows\System\fiqTBJV.exe

C:\Windows\System\HlnPTjg.exe

C:\Windows\System\HlnPTjg.exe

C:\Windows\System\gBPKyow.exe

C:\Windows\System\gBPKyow.exe

C:\Windows\System\dPtfwWW.exe

C:\Windows\System\dPtfwWW.exe

C:\Windows\System\FqYxuNQ.exe

C:\Windows\System\FqYxuNQ.exe

C:\Windows\System\gavPySP.exe

C:\Windows\System\gavPySP.exe

C:\Windows\System\ZgrDusS.exe

C:\Windows\System\ZgrDusS.exe

C:\Windows\System\MHrLMeH.exe

C:\Windows\System\MHrLMeH.exe

C:\Windows\System\RBGOTSL.exe

C:\Windows\System\RBGOTSL.exe

C:\Windows\System\fVocRhj.exe

C:\Windows\System\fVocRhj.exe

C:\Windows\System\FDFvYGL.exe

C:\Windows\System\FDFvYGL.exe

C:\Windows\System\BumDCLl.exe

C:\Windows\System\BumDCLl.exe

C:\Windows\System\JoDhXwJ.exe

C:\Windows\System\JoDhXwJ.exe

C:\Windows\System\lrOuDsW.exe

C:\Windows\System\lrOuDsW.exe

C:\Windows\System\QAcJbMk.exe

C:\Windows\System\QAcJbMk.exe

C:\Windows\System\lQSStVQ.exe

C:\Windows\System\lQSStVQ.exe

C:\Windows\System\yhwreKn.exe

C:\Windows\System\yhwreKn.exe

C:\Windows\System\TsRWeSU.exe

C:\Windows\System\TsRWeSU.exe

C:\Windows\System\jAehUTN.exe

C:\Windows\System\jAehUTN.exe

C:\Windows\System\ilxUOEq.exe

C:\Windows\System\ilxUOEq.exe

C:\Windows\System\drdsCxx.exe

C:\Windows\System\drdsCxx.exe

C:\Windows\System\gCpnjIQ.exe

C:\Windows\System\gCpnjIQ.exe

C:\Windows\System\FrdAFYt.exe

C:\Windows\System\FrdAFYt.exe

C:\Windows\System\bEMkyQY.exe

C:\Windows\System\bEMkyQY.exe

C:\Windows\System\lzxkBqo.exe

C:\Windows\System\lzxkBqo.exe

C:\Windows\System\lMBnDju.exe

C:\Windows\System\lMBnDju.exe

C:\Windows\System\AGuFZgJ.exe

C:\Windows\System\AGuFZgJ.exe

C:\Windows\System\InRTzem.exe

C:\Windows\System\InRTzem.exe

C:\Windows\System\wHhkRpa.exe

C:\Windows\System\wHhkRpa.exe

C:\Windows\System\mqZlysL.exe

C:\Windows\System\mqZlysL.exe

C:\Windows\System\UqgJjLz.exe

C:\Windows\System\UqgJjLz.exe

C:\Windows\System\lcmLLEt.exe

C:\Windows\System\lcmLLEt.exe

C:\Windows\System\bTaksEN.exe

C:\Windows\System\bTaksEN.exe

C:\Windows\System\BhsGlOc.exe

C:\Windows\System\BhsGlOc.exe

C:\Windows\System\oFCGUIw.exe

C:\Windows\System\oFCGUIw.exe

C:\Windows\System\LkikSwb.exe

C:\Windows\System\LkikSwb.exe

C:\Windows\System\lWvPGns.exe

C:\Windows\System\lWvPGns.exe

C:\Windows\System\FlDngqP.exe

C:\Windows\System\FlDngqP.exe

C:\Windows\System\cbKnTfG.exe

C:\Windows\System\cbKnTfG.exe

C:\Windows\System\LWWFpeP.exe

C:\Windows\System\LWWFpeP.exe

C:\Windows\System\IEfhRCC.exe

C:\Windows\System\IEfhRCC.exe

C:\Windows\System\Qfddpeh.exe

C:\Windows\System\Qfddpeh.exe

C:\Windows\System\qfPiSzZ.exe

C:\Windows\System\qfPiSzZ.exe

C:\Windows\System\EbevhVk.exe

C:\Windows\System\EbevhVk.exe

C:\Windows\System\AlACwlp.exe

C:\Windows\System\AlACwlp.exe

C:\Windows\System\SAyTqca.exe

C:\Windows\System\SAyTqca.exe

C:\Windows\System\yktWLgw.exe

C:\Windows\System\yktWLgw.exe

C:\Windows\System\uhMPfIg.exe

C:\Windows\System\uhMPfIg.exe

C:\Windows\System\FSmtKIF.exe

C:\Windows\System\FSmtKIF.exe

C:\Windows\System\lgxQVHo.exe

C:\Windows\System\lgxQVHo.exe

C:\Windows\System\oUYtoaK.exe

C:\Windows\System\oUYtoaK.exe

C:\Windows\System\uHzfyGx.exe

C:\Windows\System\uHzfyGx.exe

C:\Windows\System\CGfIHyO.exe

C:\Windows\System\CGfIHyO.exe

C:\Windows\System\IWlLVPV.exe

C:\Windows\System\IWlLVPV.exe

C:\Windows\System\uxWVBHi.exe

C:\Windows\System\uxWVBHi.exe

C:\Windows\System\mbckHWU.exe

C:\Windows\System\mbckHWU.exe

C:\Windows\System\opqSZMB.exe

C:\Windows\System\opqSZMB.exe

C:\Windows\System\DYgiUSd.exe

C:\Windows\System\DYgiUSd.exe

C:\Windows\System\FgiJYWA.exe

C:\Windows\System\FgiJYWA.exe

C:\Windows\System\krlXTRs.exe

C:\Windows\System\krlXTRs.exe

C:\Windows\System\IzjYaFT.exe

C:\Windows\System\IzjYaFT.exe

C:\Windows\System\WkTTAgU.exe

C:\Windows\System\WkTTAgU.exe

C:\Windows\System\KKZvwOU.exe

C:\Windows\System\KKZvwOU.exe

C:\Windows\System\EgYTbJS.exe

C:\Windows\System\EgYTbJS.exe

C:\Windows\System\rKtgRGO.exe

C:\Windows\System\rKtgRGO.exe

C:\Windows\System\UVGYiWF.exe

C:\Windows\System\UVGYiWF.exe

C:\Windows\System\FElcIpB.exe

C:\Windows\System\FElcIpB.exe

C:\Windows\System\TqAdGhH.exe

C:\Windows\System\TqAdGhH.exe

C:\Windows\System\RxByezQ.exe

C:\Windows\System\RxByezQ.exe

C:\Windows\System\zizKvBX.exe

C:\Windows\System\zizKvBX.exe

C:\Windows\System\atchElq.exe

C:\Windows\System\atchElq.exe

C:\Windows\System\JjvXjSf.exe

C:\Windows\System\JjvXjSf.exe

C:\Windows\System\VexPenn.exe

C:\Windows\System\VexPenn.exe

C:\Windows\System\IqXiYHx.exe

C:\Windows\System\IqXiYHx.exe

C:\Windows\System\fucGlSv.exe

C:\Windows\System\fucGlSv.exe

C:\Windows\System\LpMWVyL.exe

C:\Windows\System\LpMWVyL.exe

C:\Windows\System\uOBqjAf.exe

C:\Windows\System\uOBqjAf.exe

C:\Windows\System\yIXEnKc.exe

C:\Windows\System\yIXEnKc.exe

C:\Windows\System\nAUQLXS.exe

C:\Windows\System\nAUQLXS.exe

C:\Windows\System\FShoXKi.exe

C:\Windows\System\FShoXKi.exe

C:\Windows\System\cPjshDa.exe

C:\Windows\System\cPjshDa.exe

C:\Windows\System\zNzmIcf.exe

C:\Windows\System\zNzmIcf.exe

C:\Windows\System\ESEhIJu.exe

C:\Windows\System\ESEhIJu.exe

C:\Windows\System\YlDlwCP.exe

C:\Windows\System\YlDlwCP.exe

C:\Windows\System\GmzMTaC.exe

C:\Windows\System\GmzMTaC.exe

C:\Windows\System\AlaWvgJ.exe

C:\Windows\System\AlaWvgJ.exe

C:\Windows\System\FWwXXTE.exe

C:\Windows\System\FWwXXTE.exe

C:\Windows\System\CphTzXy.exe

C:\Windows\System\CphTzXy.exe

C:\Windows\System\UjLOBwj.exe

C:\Windows\System\UjLOBwj.exe

C:\Windows\System\hTnGyic.exe

C:\Windows\System\hTnGyic.exe

C:\Windows\System\xfzcicQ.exe

C:\Windows\System\xfzcicQ.exe

C:\Windows\System\dOFnimT.exe

C:\Windows\System\dOFnimT.exe

C:\Windows\System\vasgYpu.exe

C:\Windows\System\vasgYpu.exe

C:\Windows\System\uCcYuoo.exe

C:\Windows\System\uCcYuoo.exe

C:\Windows\System\NjOtmui.exe

C:\Windows\System\NjOtmui.exe

C:\Windows\System\HmCgfIv.exe

C:\Windows\System\HmCgfIv.exe

C:\Windows\System\dikUfUr.exe

C:\Windows\System\dikUfUr.exe

C:\Windows\System\YNxXghv.exe

C:\Windows\System\YNxXghv.exe

C:\Windows\System\nDFJTFn.exe

C:\Windows\System\nDFJTFn.exe

C:\Windows\System\LGNizWl.exe

C:\Windows\System\LGNizWl.exe

C:\Windows\System\yPDinUY.exe

C:\Windows\System\yPDinUY.exe

C:\Windows\System\dAnJgZs.exe

C:\Windows\System\dAnJgZs.exe

C:\Windows\System\BoCtCiG.exe

C:\Windows\System\BoCtCiG.exe

C:\Windows\System\XKXtsjJ.exe

C:\Windows\System\XKXtsjJ.exe

C:\Windows\System\UylbShq.exe

C:\Windows\System\UylbShq.exe

C:\Windows\System\imDyWvo.exe

C:\Windows\System\imDyWvo.exe

C:\Windows\System\RTJnYlp.exe

C:\Windows\System\RTJnYlp.exe

C:\Windows\System\jAaOJRx.exe

C:\Windows\System\jAaOJRx.exe

C:\Windows\System\EKOTsWB.exe

C:\Windows\System\EKOTsWB.exe

C:\Windows\System\XJFKnlQ.exe

C:\Windows\System\XJFKnlQ.exe

C:\Windows\System\XClwHTj.exe

C:\Windows\System\XClwHTj.exe

C:\Windows\System\XBfMDot.exe

C:\Windows\System\XBfMDot.exe

C:\Windows\System\hHnVvtl.exe

C:\Windows\System\hHnVvtl.exe

C:\Windows\System\vZHoaKp.exe

C:\Windows\System\vZHoaKp.exe

C:\Windows\System\odvEXom.exe

C:\Windows\System\odvEXom.exe

C:\Windows\System\ZJJkyfz.exe

C:\Windows\System\ZJJkyfz.exe

C:\Windows\System\tCcOWhz.exe

C:\Windows\System\tCcOWhz.exe

C:\Windows\System\fDaaETD.exe

C:\Windows\System\fDaaETD.exe

C:\Windows\System\eqERIHE.exe

C:\Windows\System\eqERIHE.exe

C:\Windows\System\MgTDIbJ.exe

C:\Windows\System\MgTDIbJ.exe

C:\Windows\System\TyXVpYr.exe

C:\Windows\System\TyXVpYr.exe

C:\Windows\System\wAhmdLf.exe

C:\Windows\System\wAhmdLf.exe

C:\Windows\System\AuLyapD.exe

C:\Windows\System\AuLyapD.exe

C:\Windows\System\ZjzYDDI.exe

C:\Windows\System\ZjzYDDI.exe

C:\Windows\System\apUEdFN.exe

C:\Windows\System\apUEdFN.exe

C:\Windows\System\ikAMYaU.exe

C:\Windows\System\ikAMYaU.exe

C:\Windows\System\NmLytiJ.exe

C:\Windows\System\NmLytiJ.exe

C:\Windows\System\annuxHM.exe

C:\Windows\System\annuxHM.exe

C:\Windows\System\XforrCJ.exe

C:\Windows\System\XforrCJ.exe

C:\Windows\System\aFQhoGa.exe

C:\Windows\System\aFQhoGa.exe

C:\Windows\System\rOqfjjf.exe

C:\Windows\System\rOqfjjf.exe

C:\Windows\System\rrXORzL.exe

C:\Windows\System\rrXORzL.exe

C:\Windows\System\fXNkBzI.exe

C:\Windows\System\fXNkBzI.exe

C:\Windows\System\xooPiYZ.exe

C:\Windows\System\xooPiYZ.exe

C:\Windows\System\LXaoYBl.exe

C:\Windows\System\LXaoYBl.exe

C:\Windows\System\sjyflIP.exe

C:\Windows\System\sjyflIP.exe

C:\Windows\System\gkeWMva.exe

C:\Windows\System\gkeWMva.exe

C:\Windows\System\iCFEjPU.exe

C:\Windows\System\iCFEjPU.exe

C:\Windows\System\TLiVNmM.exe

C:\Windows\System\TLiVNmM.exe

C:\Windows\System\GWjWtjH.exe

C:\Windows\System\GWjWtjH.exe

C:\Windows\System\oSBbfOt.exe

C:\Windows\System\oSBbfOt.exe

C:\Windows\System\KpUkdEJ.exe

C:\Windows\System\KpUkdEJ.exe

C:\Windows\System\ecBqxtm.exe

C:\Windows\System\ecBqxtm.exe

C:\Windows\System\vEmvlpr.exe

C:\Windows\System\vEmvlpr.exe

C:\Windows\System\VWYvdon.exe

C:\Windows\System\VWYvdon.exe

C:\Windows\System\AKKGJUC.exe

C:\Windows\System\AKKGJUC.exe

C:\Windows\System\PqMgLAc.exe

C:\Windows\System\PqMgLAc.exe

C:\Windows\System\JiGMUGG.exe

C:\Windows\System\JiGMUGG.exe

C:\Windows\System\iIXvIoH.exe

C:\Windows\System\iIXvIoH.exe

C:\Windows\System\kphXgHp.exe

C:\Windows\System\kphXgHp.exe

C:\Windows\System\ZHMYvdp.exe

C:\Windows\System\ZHMYvdp.exe

C:\Windows\System\LKaJwAB.exe

C:\Windows\System\LKaJwAB.exe

C:\Windows\System\KEqDKSk.exe

C:\Windows\System\KEqDKSk.exe

C:\Windows\System\bQPYgGe.exe

C:\Windows\System\bQPYgGe.exe

C:\Windows\System\IiQMWxE.exe

C:\Windows\System\IiQMWxE.exe

C:\Windows\System\imKluVK.exe

C:\Windows\System\imKluVK.exe

C:\Windows\System\MLucfuf.exe

C:\Windows\System\MLucfuf.exe

C:\Windows\System\NHbdbTX.exe

C:\Windows\System\NHbdbTX.exe

C:\Windows\System\yeojmho.exe

C:\Windows\System\yeojmho.exe

C:\Windows\System\CfgpbcS.exe

C:\Windows\System\CfgpbcS.exe

C:\Windows\System\eKQaoLI.exe

C:\Windows\System\eKQaoLI.exe

C:\Windows\System\OBgUmCX.exe

C:\Windows\System\OBgUmCX.exe

C:\Windows\System\MljYNjD.exe

C:\Windows\System\MljYNjD.exe

C:\Windows\System\hxRGxYl.exe

C:\Windows\System\hxRGxYl.exe

C:\Windows\System\VTGaciI.exe

C:\Windows\System\VTGaciI.exe

C:\Windows\System\pIhxGbv.exe

C:\Windows\System\pIhxGbv.exe

C:\Windows\System\uuWJPLU.exe

C:\Windows\System\uuWJPLU.exe

C:\Windows\System\ENzthpY.exe

C:\Windows\System\ENzthpY.exe

C:\Windows\System\LIkLMuo.exe

C:\Windows\System\LIkLMuo.exe

C:\Windows\System\VLYinJn.exe

C:\Windows\System\VLYinJn.exe

C:\Windows\System\tOKpmoa.exe

C:\Windows\System\tOKpmoa.exe

C:\Windows\System\wlrIakB.exe

C:\Windows\System\wlrIakB.exe

C:\Windows\System\pGTEgMu.exe

C:\Windows\System\pGTEgMu.exe

C:\Windows\System\zbNrqsU.exe

C:\Windows\System\zbNrqsU.exe

C:\Windows\System\YpXJMoR.exe

C:\Windows\System\YpXJMoR.exe

C:\Windows\System\qkslOZc.exe

C:\Windows\System\qkslOZc.exe

C:\Windows\System\ttPsShT.exe

C:\Windows\System\ttPsShT.exe

C:\Windows\System\bNQUfua.exe

C:\Windows\System\bNQUfua.exe

C:\Windows\System\pNwwycq.exe

C:\Windows\System\pNwwycq.exe

C:\Windows\System\LJASVPb.exe

C:\Windows\System\LJASVPb.exe

C:\Windows\System\FiUrxqp.exe

C:\Windows\System\FiUrxqp.exe

C:\Windows\System\IpBCMtc.exe

C:\Windows\System\IpBCMtc.exe

C:\Windows\System\SfyfULg.exe

C:\Windows\System\SfyfULg.exe

C:\Windows\System\oYtShQS.exe

C:\Windows\System\oYtShQS.exe

C:\Windows\System\BHYnTjw.exe

C:\Windows\System\BHYnTjw.exe

C:\Windows\System\vDBrBSG.exe

C:\Windows\System\vDBrBSG.exe

C:\Windows\System\grCsQoU.exe

C:\Windows\System\grCsQoU.exe

C:\Windows\System\OsKeAUS.exe

C:\Windows\System\OsKeAUS.exe

C:\Windows\System\RLysAOo.exe

C:\Windows\System\RLysAOo.exe

C:\Windows\System\dlhOGbn.exe

C:\Windows\System\dlhOGbn.exe

C:\Windows\System\PDdDdAk.exe

C:\Windows\System\PDdDdAk.exe

C:\Windows\System\SqdcKXw.exe

C:\Windows\System\SqdcKXw.exe

C:\Windows\System\vRgwewD.exe

C:\Windows\System\vRgwewD.exe

C:\Windows\System\HsNWecE.exe

C:\Windows\System\HsNWecE.exe

C:\Windows\System\znpGxVd.exe

C:\Windows\System\znpGxVd.exe

C:\Windows\System\oJUFWoV.exe

C:\Windows\System\oJUFWoV.exe

C:\Windows\System\npfxPHc.exe

C:\Windows\System\npfxPHc.exe

C:\Windows\System\aitSjVC.exe

C:\Windows\System\aitSjVC.exe

C:\Windows\System\cxcKuAa.exe

C:\Windows\System\cxcKuAa.exe

C:\Windows\System\IuTDCLc.exe

C:\Windows\System\IuTDCLc.exe

C:\Windows\System\LHzrzms.exe

C:\Windows\System\LHzrzms.exe

C:\Windows\System\bNVzJXY.exe

C:\Windows\System\bNVzJXY.exe

C:\Windows\System\IwOdUgh.exe

C:\Windows\System\IwOdUgh.exe

C:\Windows\System\LJmwDAn.exe

C:\Windows\System\LJmwDAn.exe

C:\Windows\System\EKHIiwg.exe

C:\Windows\System\EKHIiwg.exe

C:\Windows\System\jEWupsc.exe

C:\Windows\System\jEWupsc.exe

C:\Windows\System\ImLNhCZ.exe

C:\Windows\System\ImLNhCZ.exe

C:\Windows\System\DMXGCQO.exe

C:\Windows\System\DMXGCQO.exe

C:\Windows\System\zvtJKLK.exe

C:\Windows\System\zvtJKLK.exe

C:\Windows\System\uyxKKcS.exe

C:\Windows\System\uyxKKcS.exe

C:\Windows\System\bCbIqAW.exe

C:\Windows\System\bCbIqAW.exe

C:\Windows\System\dQtilyE.exe

C:\Windows\System\dQtilyE.exe

C:\Windows\System\vVOegLd.exe

C:\Windows\System\vVOegLd.exe

C:\Windows\System\zCLrHxX.exe

C:\Windows\System\zCLrHxX.exe

C:\Windows\System\MxpXgtp.exe

C:\Windows\System\MxpXgtp.exe

C:\Windows\System\OJpMIOE.exe

C:\Windows\System\OJpMIOE.exe

C:\Windows\System\cnphoXs.exe

C:\Windows\System\cnphoXs.exe

C:\Windows\System\LpymnHp.exe

C:\Windows\System\LpymnHp.exe

C:\Windows\System\ttyjxLx.exe

C:\Windows\System\ttyjxLx.exe

C:\Windows\System\zQLlkIc.exe

C:\Windows\System\zQLlkIc.exe

C:\Windows\System\OQCUdrU.exe

C:\Windows\System\OQCUdrU.exe

C:\Windows\System\JwbJSih.exe

C:\Windows\System\JwbJSih.exe

C:\Windows\System\iCLTozI.exe

C:\Windows\System\iCLTozI.exe

C:\Windows\System\jMhxCeK.exe

C:\Windows\System\jMhxCeK.exe

C:\Windows\System\kyciOuD.exe

C:\Windows\System\kyciOuD.exe

C:\Windows\System\NbuqEQD.exe

C:\Windows\System\NbuqEQD.exe

C:\Windows\System\XCEiyqg.exe

C:\Windows\System\XCEiyqg.exe

C:\Windows\System\wJKAEVd.exe

C:\Windows\System\wJKAEVd.exe

C:\Windows\System\SakFgqV.exe

C:\Windows\System\SakFgqV.exe

C:\Windows\System\YKaDtMd.exe

C:\Windows\System\YKaDtMd.exe

C:\Windows\System\GtSAqkg.exe

C:\Windows\System\GtSAqkg.exe

C:\Windows\System\PsRZLsQ.exe

C:\Windows\System\PsRZLsQ.exe

C:\Windows\System\GMvtofZ.exe

C:\Windows\System\GMvtofZ.exe

C:\Windows\System\ecYGrwz.exe

C:\Windows\System\ecYGrwz.exe

C:\Windows\System\TUBaktI.exe

C:\Windows\System\TUBaktI.exe

C:\Windows\System\yIIrlzE.exe

C:\Windows\System\yIIrlzE.exe

C:\Windows\System\YWnNrfb.exe

C:\Windows\System\YWnNrfb.exe

C:\Windows\System\AmBaOyC.exe

C:\Windows\System\AmBaOyC.exe

C:\Windows\System\kRZviRp.exe

C:\Windows\System\kRZviRp.exe

C:\Windows\System\TOPRVTn.exe

C:\Windows\System\TOPRVTn.exe

C:\Windows\System\MEYcCIs.exe

C:\Windows\System\MEYcCIs.exe

C:\Windows\System\VoIIkzd.exe

C:\Windows\System\VoIIkzd.exe

C:\Windows\System\YphABcG.exe

C:\Windows\System\YphABcG.exe

C:\Windows\System\SFsrJfW.exe

C:\Windows\System\SFsrJfW.exe

C:\Windows\System\TVqQzLn.exe

C:\Windows\System\TVqQzLn.exe

C:\Windows\System\KVMlyPQ.exe

C:\Windows\System\KVMlyPQ.exe

C:\Windows\System\VONTuRI.exe

C:\Windows\System\VONTuRI.exe

C:\Windows\System\hXNJNjL.exe

C:\Windows\System\hXNJNjL.exe

C:\Windows\System\jORmKGA.exe

C:\Windows\System\jORmKGA.exe

C:\Windows\System\nGLrlBF.exe

C:\Windows\System\nGLrlBF.exe

C:\Windows\System\hvYudZI.exe

C:\Windows\System\hvYudZI.exe

C:\Windows\System\umlvOAn.exe

C:\Windows\System\umlvOAn.exe

C:\Windows\System\rrcMiZb.exe

C:\Windows\System\rrcMiZb.exe

C:\Windows\System\Mcsvuzk.exe

C:\Windows\System\Mcsvuzk.exe

C:\Windows\System\ZuATqie.exe

C:\Windows\System\ZuATqie.exe

C:\Windows\System\YUVrvbA.exe

C:\Windows\System\YUVrvbA.exe

C:\Windows\System\CdogbSs.exe

C:\Windows\System\CdogbSs.exe

C:\Windows\System\QqATcyv.exe

C:\Windows\System\QqATcyv.exe

C:\Windows\System\IEntSBs.exe

C:\Windows\System\IEntSBs.exe

C:\Windows\System\IrcCYZi.exe

C:\Windows\System\IrcCYZi.exe

C:\Windows\System\oRcyytm.exe

C:\Windows\System\oRcyytm.exe

C:\Windows\System\bqcTxmZ.exe

C:\Windows\System\bqcTxmZ.exe

C:\Windows\System\chrReSO.exe

C:\Windows\System\chrReSO.exe

C:\Windows\System\qIDLjbC.exe

C:\Windows\System\qIDLjbC.exe

C:\Windows\System\qThPoAQ.exe

C:\Windows\System\qThPoAQ.exe

C:\Windows\System\sbMpPtw.exe

C:\Windows\System\sbMpPtw.exe

C:\Windows\System\TcxhwvP.exe

C:\Windows\System\TcxhwvP.exe

C:\Windows\System\ZcxtbkQ.exe

C:\Windows\System\ZcxtbkQ.exe

C:\Windows\System\auoxRIM.exe

C:\Windows\System\auoxRIM.exe

C:\Windows\System\XDNyOUS.exe

C:\Windows\System\XDNyOUS.exe

C:\Windows\System\KoxPLSz.exe

C:\Windows\System\KoxPLSz.exe

C:\Windows\System\EAuEHtd.exe

C:\Windows\System\EAuEHtd.exe

C:\Windows\System\AFytaus.exe

C:\Windows\System\AFytaus.exe

C:\Windows\System\CNOTLGP.exe

C:\Windows\System\CNOTLGP.exe

C:\Windows\System\hBpMMtF.exe

C:\Windows\System\hBpMMtF.exe

C:\Windows\System\RjlVktE.exe

C:\Windows\System\RjlVktE.exe

C:\Windows\System\iRsqRTf.exe

C:\Windows\System\iRsqRTf.exe

C:\Windows\System\bEigYvE.exe

C:\Windows\System\bEigYvE.exe

C:\Windows\System\bIikfRY.exe

C:\Windows\System\bIikfRY.exe

C:\Windows\System\ukaQMhY.exe

C:\Windows\System\ukaQMhY.exe

C:\Windows\System\SCVmAPX.exe

C:\Windows\System\SCVmAPX.exe

C:\Windows\System\oJEBoBF.exe

C:\Windows\System\oJEBoBF.exe

C:\Windows\System\TmQPYiK.exe

C:\Windows\System\TmQPYiK.exe

C:\Windows\System\DWhHfCs.exe

C:\Windows\System\DWhHfCs.exe

C:\Windows\System\vURhTeG.exe

C:\Windows\System\vURhTeG.exe

C:\Windows\System\fXcXrUq.exe

C:\Windows\System\fXcXrUq.exe

C:\Windows\System\aDmRYIM.exe

C:\Windows\System\aDmRYIM.exe

C:\Windows\System\CnhiJty.exe

C:\Windows\System\CnhiJty.exe

C:\Windows\System\ZQxoVPl.exe

C:\Windows\System\ZQxoVPl.exe

C:\Windows\System\BpXHeKA.exe

C:\Windows\System\BpXHeKA.exe

C:\Windows\System\jVHycPZ.exe

C:\Windows\System\jVHycPZ.exe

C:\Windows\System\iTfkKgT.exe

C:\Windows\System\iTfkKgT.exe

C:\Windows\System\EgYNgav.exe

C:\Windows\System\EgYNgav.exe

C:\Windows\System\fcJbOUa.exe

C:\Windows\System\fcJbOUa.exe

C:\Windows\System\mBgdqEg.exe

C:\Windows\System\mBgdqEg.exe

C:\Windows\System\AFmpkNw.exe

C:\Windows\System\AFmpkNw.exe

C:\Windows\System\cdfBSio.exe

C:\Windows\System\cdfBSio.exe

C:\Windows\System\hACrLhI.exe

C:\Windows\System\hACrLhI.exe

C:\Windows\System\HeMYhmH.exe

C:\Windows\System\HeMYhmH.exe

C:\Windows\System\TgWVywx.exe

C:\Windows\System\TgWVywx.exe

C:\Windows\System\tJqyyLJ.exe

C:\Windows\System\tJqyyLJ.exe

C:\Windows\System\fHWzIDI.exe

C:\Windows\System\fHWzIDI.exe

C:\Windows\System\kDvAyhE.exe

C:\Windows\System\kDvAyhE.exe

C:\Windows\System\Zjpekim.exe

C:\Windows\System\Zjpekim.exe

C:\Windows\System\rYaHwyb.exe

C:\Windows\System\rYaHwyb.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
CZ 23.212.110.144:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 144.110.212.23.in-addr.arpa udp
CZ 23.212.110.144:443 www.bing.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp

Files

memory/3660-0-0x00007FF780F90000-0x00007FF7812E4000-memory.dmp

memory/3660-1-0x00000231BD420000-0x00000231BD430000-memory.dmp

C:\Windows\System\fUWpuYp.exe

MD5 06f0d63607a72cdbf7fcbb4ac443370d
SHA1 517ae066ac697d8a37bff8890b869afe9f396b4b
SHA256 312466f44c97f4b679e599a9f284f129d208e5c36ee25b53f88f78c00c96bcd2
SHA512 73d637917eb366b68ea0ab9cfc5545f2d9ecbb253d6d29efecb067355cb44925398b785c24a811edca6e81c738292dbc78bd325a0a7151a76ec5c482bb7d46ca

C:\Windows\System\yAqldtq.exe

MD5 91fd7194478967caf32cfd77098f9d25
SHA1 fe2461ad79d223efa8bf0bd508e375f83dcdc177
SHA256 b5b575c6a16b6cca228a1cc80b6283f6476e81e43f1f12d0abd79bc4fe501e48
SHA512 a3964b18501c6e1545c9521d3163ba7e59231d17b7311fdfa18dc3e8634f6005c667af80eeba96bb99f7d09f921fd9850d72ed26cb7780d12159ff6fa5afb344

memory/3012-13-0x00007FF792A00000-0x00007FF792D54000-memory.dmp

memory/212-16-0x00007FF60C930000-0x00007FF60CC84000-memory.dmp

memory/4320-24-0x00007FF73D110000-0x00007FF73D464000-memory.dmp

C:\Windows\System\NXcuWnt.exe

MD5 12238d57b1f5dc86d1783352d05b0155
SHA1 725db8dad1c8adc7e79d19f318c589e187778f6d
SHA256 0df5563e6dc27a45cfbab6c2b7a6069ef4a54545489d0c6fe6f55a9728fd92f3
SHA512 4dc500c665a2f0fc1cbf970d3ccec6a36b9850159f344234c5b724e0a39d5f840d777d9e2493a50fe2e69a8fb35eb49473c37dec2f8ac2e5f4f3462b372b0817

C:\Windows\System\TQrnTRf.exe

MD5 502cca81372bb6b9cdddb17aad1331f1
SHA1 85161f3fc7d67b996da13cec417f3e8c84695662
SHA256 545cda6f6b9d777e7c3badd149f66cadf2e174c94364e29cf73cbd85b5567933
SHA512 c01a4e5c004c557112a6d497789a4482bdcf6adb8ae4e24a03e45eb1453cc38cc647a88ca5e0ceb1d3763a533e456e2843edc73535f93bf2039308a09af4d7dc

memory/4268-30-0x00007FF661DE0000-0x00007FF662134000-memory.dmp

memory/2992-21-0x00007FF799290000-0x00007FF7995E4000-memory.dmp

C:\Windows\System\YheniUQ.exe

MD5 2446fe8f089894542f6f1ca779e39a75
SHA1 147f03165807f49b429274fa6be71d1e3571e178
SHA256 1c9953112cdada12b3f238bda3899f7b377725c96a3073d4386a0dd374c58996
SHA512 a4211395bc14f90c90d9cb7a6612462dece3a4927c0e0d2d290982ad990e65bdb0c66edfd79740acae6dd92ad2b8390e45f94527c9a03dbff3a2dbaee5441be8

C:\Windows\System\AvMNBCt.exe

MD5 58f8635cbb7eacff899cab58f389a886
SHA1 a0e2d5680ac04347f9525e5dfdf2c2e1f92b79de
SHA256 e31fb662035eb5600d7cdd8d12d804a39e1c02606bdb802285e5cfa2451de626
SHA512 4dc34720ade871bd5d05331edd1eb694fb1cda026f6b31c3a4925ae7f69401726ce8e0c8376cfe2180871f2c0bb810989833b0f5e62a8ad0412c7ff4aca91fbc

memory/1176-36-0x00007FF7636B0000-0x00007FF763A04000-memory.dmp

C:\Windows\System\aPxBtvH.exe

MD5 61f7aabbb56229c7df80532a0eea868e
SHA1 7717383ea0f346eed377dca84b3bf33b82697123
SHA256 2c51e64e33731547fe43145424df177c1bd120132afd028445f82205ebb73c2a
SHA512 c1e14791e9b65342f99665e490f47f2e121072b077f6d7a9e80a19d5a85dc63fc6480d720da028fdc18038ee556af8536c6857c1b29a3c16cf25e38b4aa469e8

C:\Windows\System\KnzSTKI.exe

MD5 bbe64f77527fc1fe96af334aaa5ad690
SHA1 0b238955490a72f254fc8f11136e49e301cd2ad2
SHA256 4e1aeb0c7117a6d3993ea48fa1b62160022d8b04f82ce76b4d7c743f1777f515
SHA512 4438ba0ba91d4c1dca1e0c5cda2175ba6b37692515a18c27b8f9bc4801593e6991384bd653d708c0215cfa6a712ac20d9ff99cabfd17bb0c14b0c334a39197a9

C:\Windows\System\ETxLIkS.exe

MD5 96b0acc9b5137313eda1a60a9d91ff54
SHA1 32acee27cec3bb1f78e52696f3fd9b043ffad6cd
SHA256 42abac1b6dbc11aa5ca2780e0219a54c85a7f71e3a8c81ca66b70bf756464432
SHA512 6bfb4f0365d6cbf6fbf396daf3efdea4d4bc2659298456e994ada8ceb46eb684f371e964739057c19bc4021686395d574eb7b64fe06da747585b057e1e455902

C:\Windows\System\SUCgUug.exe

MD5 ac2f860806051e7cff851c666c2c51f6
SHA1 ae21832f29a9597d920554a372e4ca03be0fb7d8
SHA256 44c61bd85f46a948b7abb673fb42a45f5bd49661b80e9205cc3ccf2ba4783b4e
SHA512 889e486ab77e345f35470bde996f74f77f4943255a40ef9aa552312c96009e99d4e2464558c91ae88e462bddb4cabc0d6b546ae145163b506abb4abbe992b56f

C:\Windows\System\ZfSfVal.exe

MD5 68a29cf1e2557ab24470f5ca94958dc2
SHA1 c54cbac88a5326951eb95a92c9e3b83e23e1987d
SHA256 011260f22ff40dea80aea2b27208e003fb99b0e1b0002c8bc052c5f8a2c5e7d3
SHA512 68bc333fd77e634dec8ae1157b2bdb225909ed327d0b9c49b460ea5c9a8d34bcdca548a9e75d8c24c21870c2031313505692b124c813e4fff952d18da721c3a8

C:\Windows\System\xYyQBnF.exe

MD5 92fcc9d93cf66d60a17945491fb51d84
SHA1 f02de123723808acdad7ee8583fab2aa9c237f83
SHA256 5a9abee474c68308679be18e553409ac0cd2eed3a39ff1265bce0658ce1d0e59
SHA512 aa45a5e28086792ea3cd39e37cff9f84d8db2c764f7cc89607da223b49aecabf6f45d82398c21195682a218de4c864bbf5ffd442104dc7fe64a9b4dc45ef7c56

C:\Windows\System\zAtPzsR.exe

MD5 2c4342d85488894d43a2381e0a0514cf
SHA1 4349e4387793e9fe68ab8f08f737ef86328ac8d7
SHA256 1cd242455695b55f71168fbe8e6b2f1e5b42eaf9902488152e40314d4c4fce10
SHA512 c4781c63092627e33b317a592e95c5ccb44bfbdc558c23617f467beefe9323a21ceff5d9912576d6c1d7c3e80a3c81d1dfecb5cf92b64c672a2682e81dadb03f

C:\Windows\System\ilVXXiz.exe

MD5 f1e9194555540b17188d027d7990d59c
SHA1 5ff5ef651b772831790b9b7d7ca0213154dab0cd
SHA256 2d10f78f498812bd38387bcc470ede9573d797513e8f5208a7ee5ae3767f5b3e
SHA512 3557d3fb69d704ac69d66bd8a52a8714010e0a931c02576052769638522fe0eba41f01080a12c3d5e25cbaa9e6894a6707adf3172ff113a88fc28107a00b7bda

C:\Windows\System\gwsfSEQ.exe

MD5 6f1b05728c424b4d85dd4f89cc845348
SHA1 98cc8d55e6f506d363a416bda9be34046d77e8c5
SHA256 2334caf53dc318725d22e6582cf30d5bbf915c99615877ce9c06685c38336de5
SHA512 96c4bf727140a1172a6b85d6d7675e97efe01eba339f427149aee91c8e84b6fd7967f136d22589f870cb09414937cc1105b324ea857cb612c8c99f186323f511

C:\Windows\System\zTNauPf.exe

MD5 ea6ba736a6cc27f3aa639d5b580b97a5
SHA1 6fbd116240bfb7ff5e046a5c209d5f30c1ef7a22
SHA256 3ff9b7a9079abec6f3a45ce1f6ec6a2fd730dc3c6e9248952af7df1524154871
SHA512 2129b3934ac81dcee47137e62230b811da66941bc27cd95bd1b9c24240778136b48b381203035e783579e31cb967d5f7180eaf1dc385bf3990adb4b6bb17e805

C:\Windows\System\VjDHypF.exe

MD5 3621379cbc221d2c226ce2254502a952
SHA1 b5f5749dd303cdc73d23f99609ec9087389a0d8e
SHA256 d6125bfe0119fba1e31ba06c4a204b112fbaae7e87142ef46c4ad988b09bcdee
SHA512 bf490c9ac83b47397c433decb3813ae2626e1758e9ddae8fb61225da0eba3130aae23683d431d81f5f401be08beb2f45d2610a35eb55adf4474717c2a3328150

C:\Windows\System\mkzzjIz.exe

MD5 ae2888dc22a222cfd4c434f2a0cd8c87
SHA1 ff54f6d7e29a1db5ba0b825a77ec154fa2d10a41
SHA256 b827444ad3fedb1ec112daecd2bca734b895dd02255afe9714deecd92ecf0a20
SHA512 31c5cd4e6c8f2f732b762d2120798b9d0096d486e66514fe4867e8523ae472a7d2f6e8dd17266b4470e78fee2d5639b6ef41112293a29ddb6656534a97229526

C:\Windows\System\OwRqBPS.exe

MD5 c2345f598865770976a0d5fbfdff42dc
SHA1 16ad69d36b67def0179b20c41474a4e9767dc598
SHA256 e7db874955bf518bb7d7a30f1ae43ea764bf990eed97bfa59289272642578dde
SHA512 423c579e27715d2799b7083ee51bfe9887ed70bf0b51350a0d656ef45ad1bd14c7e57484994d58e6733a52ceacded08e74a0c630f3645973c93e18bf6283689b

C:\Windows\System\lUlEiwT.exe

MD5 1d0ef908223444ecddf8327046a2ab08
SHA1 45004b1c75628f76c5800a3fc584eac506d62c52
SHA256 39a8a18f3baa8aea6f75115e06101310987115704b9299d3f99320b2c90723cf
SHA512 21fe0602cd80b467552b6bb58707c114b4d98c8d5239cab7b2a69e3623efbff12bbac70c7e70d4ad3716c32314ca0042f0951446014dbe0959cd70f06d1ffb08

C:\Windows\System\ibDPAEf.exe

MD5 49e502e5c99a7c73c16309c9ca1680cf
SHA1 199a9ea2e906e0fda43a93648b4cde0fc16b053c
SHA256 43048476ca36157c6ecdbeb4219ce62ab111aff908dffe74c5760592f436455c
SHA512 ad4e2a40d0a4c200d32d3c3fbb949ef1289789659258aa717836a575b1bc34766e6d869a609534062f07cc03fb488186666238366718434d2d27b3179c4635d9

C:\Windows\System\RIlqqZL.exe

MD5 6266d528a0e3863ed0407a25c4e88a30
SHA1 e3a867b56d2d6c5978ec5648ce51e426ab47319d
SHA256 a5282b22969d3b788cdebc184088b68b1333a29c0a8ff7d4721ceb6c0eb717f5
SHA512 4e7844d1b1ae6164152d062b62bc679e3b86501191b6b5eabbc8c21acaee429c5df8620b8447e570fad656f1951e5dbd0f7f2d50f2cbb50378dfb22fe8b9ef91

C:\Windows\System\evyeNEX.exe

MD5 49c926ea00ede43f5a9866a546dad8ea
SHA1 ec9019edc905475ef8ae8faae1297ea1897f3d83
SHA256 3954e5bb7923dfb40ba6a956907354b8e80df1e8fff26aed4e2c24d65a3d1eef
SHA512 f00721cdb3d6ca2c5c6578204b075473a3e3dbf2a8a4a7ae7ad168267684a82dc84b75c86aee2b774d11f96059924db46f1ba4bc4d22088680ff4aa2c89ff998

C:\Windows\System\uHOqzYM.exe

MD5 c8daaa9a9fefe52eb05a192fd30dc5c8
SHA1 9a6e433497cfe4e9f50f4c19c552eb6682f81243
SHA256 dc37d3c419b376c9700b3a4b35d0c306428927882b78e3bdcffb4222d4c2ed95
SHA512 99c88b870b40506c947b1742102795fe69ca07ee7dcfb38232c0101be4562a32d5321f930a2ce1f0445bed9df47f1c0c5f11b861d5a6e7cf33f94eb3c1f14c87

C:\Windows\System\YSzagWZ.exe

MD5 c001876c0b1ee0f007c043b5f5a051cc
SHA1 299c2285489226f53af1df2a81ca26f5451f018d
SHA256 2bebeb5ee58b87612757343c9cd4871a694ca5f09430b1e080dcfeb69158e4a1
SHA512 6a1d3596c9d8c07283a5c9624497f87db31325a5981d245e66668005296ef23078097c38d237bb79e6de5fd45dc88b69a24348e3413af29eee91b232f627d5ee

C:\Windows\System\YNLccmK.exe

MD5 393e8d94102fb049a603392f899fc057
SHA1 a57bc2754fa2cf60707ee3a2cd6f7a496df6e3bc
SHA256 88e50f5319b5c7fa9ab6277e1a6d0643af631a8b8ce8eb1182e7a1b00f093a73
SHA512 2e733b4c14803419128b08f2e81efaf4cda1300883008f824ac23343624aec12a1bc56fe7701fde5377e1e759b14bbd2bb4010a6cd8690b30a6ac98c782cce7b

C:\Windows\System\TSpJQzT.exe

MD5 43bc047a2b1f03b9fed526b9a598a4c9
SHA1 9ce417a3675ecc64f485635b9dd9d6025074bab2
SHA256 65f7ea0a7dc8eb335db9dadd9d61bda5f7e85ca013df71b46183228163fd958a
SHA512 b59b73ab9dc8b31290c5c5ba2daa2769be5c3b586f31de55da3dee2ffc86dc5b66c61a1eeed49716d343bee0833374bdf15e532aae1119ff49e4493c59f8c2b4

C:\Windows\System\SIlXTaO.exe

MD5 d3ee37645e090f58c5a04999cade6f7c
SHA1 ccafb50fdc035838fb957e0d753d2fb8c2645f09
SHA256 02867440d5c7bc80edaab37361dc01265ce31d8ead7476c3286b151850c3b022
SHA512 fd99d157b01298f65527cf6aec1fe6fb105375db069d947ced45dab821dd8d5635d310bd881ad33eef3368278fa826f9c484579bdb5fd315cf185511834addda

C:\Windows\System\uNnyNbH.exe

MD5 72d24b3c10900df95c3a70c0c89fba70
SHA1 f91387e76a0dc16952545880cdce21dcd36c8f86
SHA256 bcfd1ab5982796024b0398d1db86ff047c08db536e4e07cec3312b3f64a3cff2
SHA512 65e625a05e842b33c4dd4ae295597dafcbc02e72c86b3aa3c78cdb2b40a0872a69663161671379ff9e65c7fd0799a8fa577692c7304a20360df132459cb931ac

C:\Windows\System\kgCDcDz.exe

MD5 75a0b6d7dd247dc8d91cf8fd9642d6c9
SHA1 856d78b69546ff8231d006c981563252f020a96c
SHA256 3fdb8c44535c68320a9a225c90dc143f2aad1281d4f05d62e4f7acb8e58ddb58
SHA512 1bddd8e0c095b07811f9dbe42e57d5fe9696577be666ebcaaf8c9d3988b58858c49a28da50331a1c3c7d7279a35a86ea82f2be31799f3bf5ce61570d782a91fc

C:\Windows\System\cuskZAO.exe

MD5 595ce313ebdac96c26edff5c3e57294f
SHA1 b224d1fe9cabb032b5a3a3a3f592d5ca22b88205
SHA256 d0f505f9eb1f9453cc56d01629b1965050daafc6cc550c9c4459927d824b8e94
SHA512 9f8d3b92c4333a965af95a323bef8ad0e0df4653a156d4d15122321bcc9f22e9175cd897efad9370c3d4dd25c4f338fe2e03f1351e5419d70c2646822baea61a

C:\Windows\System\bMAoVXr.exe

MD5 06cbadb70199c5d80d68444fab53a2e1
SHA1 70e429745682f836826a07ce718fa85473800e8f
SHA256 1e7475f5cf2200a910d98579ff8f6b0c59fb77b00c9733382206418daa512070
SHA512 e81a3064b861c02a9fbfa1c456bae9b9bccb0830ebf0feb09620f34457c62070a9dbccf719aec84e766ae9fdb70a549b2e3e33d8c4e1883b094d5441d6a1692b

memory/1580-54-0x00007FF6C5E20000-0x00007FF6C6174000-memory.dmp

memory/4748-50-0x00007FF619D30000-0x00007FF61A084000-memory.dmp

memory/2900-46-0x00007FF621000000-0x00007FF621354000-memory.dmp

C:\Windows\System\RAfdprV.exe

MD5 864c1e8c0da7e8582c53fe3fe3cd726b
SHA1 5682ae6ba64674dd327b274123516450335d8308
SHA256 48e596c4f3a39d47e7f4b209dbdf5720a072c14b3e109bd86ff3da6c70e5f0b1
SHA512 b5becf0705211455b50ee28f33fbf6ddeb75be1e7184d0b0b7f203c6027a9d5d6cf1f48aa87e3c2a72bb644c2463337ba98d31342be4318beb16cd41621ffc66

memory/3772-710-0x00007FF75B1C0000-0x00007FF75B514000-memory.dmp

memory/1748-726-0x00007FF6AB350000-0x00007FF6AB6A4000-memory.dmp

memory/1812-717-0x00007FF731550000-0x00007FF7318A4000-memory.dmp

memory/3000-744-0x00007FF6D2F80000-0x00007FF6D32D4000-memory.dmp

memory/3896-737-0x00007FF618CA0000-0x00007FF618FF4000-memory.dmp

memory/3348-734-0x00007FF603710000-0x00007FF603A64000-memory.dmp

memory/1252-753-0x00007FF7C9580000-0x00007FF7C98D4000-memory.dmp

memory/3008-752-0x00007FF7D5980000-0x00007FF7D5CD4000-memory.dmp

memory/688-766-0x00007FF6FBE60000-0x00007FF6FC1B4000-memory.dmp

memory/776-782-0x00007FF69C390000-0x00007FF69C6E4000-memory.dmp

memory/208-786-0x00007FF6A3B50000-0x00007FF6A3EA4000-memory.dmp

memory/4640-781-0x00007FF6D4050000-0x00007FF6D43A4000-memory.dmp

memory/2352-799-0x00007FF7CB5A0000-0x00007FF7CB8F4000-memory.dmp

memory/2320-801-0x00007FF757D50000-0x00007FF7580A4000-memory.dmp

memory/3660-800-0x00007FF780F90000-0x00007FF7812E4000-memory.dmp

memory/4372-798-0x00007FF6EC760000-0x00007FF6ECAB4000-memory.dmp

memory/1276-776-0x00007FF657990000-0x00007FF657CE4000-memory.dmp

memory/4000-775-0x00007FF631BC0000-0x00007FF631F14000-memory.dmp

memory/3264-772-0x00007FF681790000-0x00007FF681AE4000-memory.dmp

memory/4544-759-0x00007FF7277A0000-0x00007FF727AF4000-memory.dmp

memory/2516-746-0x00007FF6C0C30000-0x00007FF6C0F84000-memory.dmp

memory/2992-1573-0x00007FF799290000-0x00007FF7995E4000-memory.dmp

memory/4320-2117-0x00007FF73D110000-0x00007FF73D464000-memory.dmp

memory/4268-2118-0x00007FF661DE0000-0x00007FF662134000-memory.dmp

memory/1176-2120-0x00007FF7636B0000-0x00007FF763A04000-memory.dmp

memory/1580-2121-0x00007FF6C5E20000-0x00007FF6C6174000-memory.dmp

memory/3012-2122-0x00007FF792A00000-0x00007FF792D54000-memory.dmp

memory/212-2123-0x00007FF60C930000-0x00007FF60CC84000-memory.dmp

memory/4320-2125-0x00007FF73D110000-0x00007FF73D464000-memory.dmp

memory/4268-2124-0x00007FF661DE0000-0x00007FF662134000-memory.dmp

memory/2992-2126-0x00007FF799290000-0x00007FF7995E4000-memory.dmp

memory/1176-2127-0x00007FF7636B0000-0x00007FF763A04000-memory.dmp

memory/2900-2128-0x00007FF621000000-0x00007FF621354000-memory.dmp

memory/4748-2129-0x00007FF619D30000-0x00007FF61A084000-memory.dmp

memory/1580-2130-0x00007FF6C5E20000-0x00007FF6C6174000-memory.dmp

memory/3772-2132-0x00007FF75B1C0000-0x00007FF75B514000-memory.dmp

memory/1748-2131-0x00007FF6AB350000-0x00007FF6AB6A4000-memory.dmp

memory/3348-2136-0x00007FF603710000-0x00007FF603A64000-memory.dmp

memory/1812-2135-0x00007FF731550000-0x00007FF7318A4000-memory.dmp

memory/2320-2134-0x00007FF757D50000-0x00007FF7580A4000-memory.dmp

memory/3896-2133-0x00007FF618CA0000-0x00007FF618FF4000-memory.dmp

memory/208-2140-0x00007FF6A3B50000-0x00007FF6A3EA4000-memory.dmp

memory/1276-2143-0x00007FF657990000-0x00007FF657CE4000-memory.dmp

memory/4000-2150-0x00007FF631BC0000-0x00007FF631F14000-memory.dmp

memory/3264-2149-0x00007FF681790000-0x00007FF681AE4000-memory.dmp

memory/2352-2148-0x00007FF7CB5A0000-0x00007FF7CB8F4000-memory.dmp

memory/4372-2147-0x00007FF6EC760000-0x00007FF6ECAB4000-memory.dmp

memory/3008-2146-0x00007FF7D5980000-0x00007FF7D5CD4000-memory.dmp

memory/4544-2144-0x00007FF7277A0000-0x00007FF727AF4000-memory.dmp

memory/776-2142-0x00007FF69C390000-0x00007FF69C6E4000-memory.dmp

memory/4640-2141-0x00007FF6D4050000-0x00007FF6D43A4000-memory.dmp

memory/1252-2139-0x00007FF7C9580000-0x00007FF7C98D4000-memory.dmp

memory/3000-2138-0x00007FF6D2F80000-0x00007FF6D32D4000-memory.dmp

memory/688-2145-0x00007FF6FBE60000-0x00007FF6FC1B4000-memory.dmp

memory/2516-2137-0x00007FF6C0C30000-0x00007FF6C0F84000-memory.dmp