Malware Analysis Report

2025-04-19 18:42

Sample ID 240527-djb21sdh91
Target 1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe
SHA256 8a0c0702a69b165107771e727eba71e156635ac6891aba7d48c24791e4480e8c
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8a0c0702a69b165107771e727eba71e156635ac6891aba7d48c24791e4480e8c

Threat Level: Known bad

The file 1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 03:01

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 03:01

Reported

2024-05-27 03:04

Platform

win7-20240508-en

Max time kernel

149s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\TbfHaTH.exe N/A
N/A N/A C:\Windows\System\KrgxOYj.exe N/A
N/A N/A C:\Windows\System\mKhSUBD.exe N/A
N/A N/A C:\Windows\System\WxaNxfJ.exe N/A
N/A N/A C:\Windows\System\jyBrfLA.exe N/A
N/A N/A C:\Windows\System\GHGbMgy.exe N/A
N/A N/A C:\Windows\System\WlSdRiu.exe N/A
N/A N/A C:\Windows\System\Lmqjseh.exe N/A
N/A N/A C:\Windows\System\qwleiod.exe N/A
N/A N/A C:\Windows\System\CjIUuSO.exe N/A
N/A N/A C:\Windows\System\GcZrHRd.exe N/A
N/A N/A C:\Windows\System\DiSlNiq.exe N/A
N/A N/A C:\Windows\System\LGDJhoC.exe N/A
N/A N/A C:\Windows\System\HajpdtT.exe N/A
N/A N/A C:\Windows\System\OMbkvtb.exe N/A
N/A N/A C:\Windows\System\qGoRlTi.exe N/A
N/A N/A C:\Windows\System\tPwmBOo.exe N/A
N/A N/A C:\Windows\System\raEUsNc.exe N/A
N/A N/A C:\Windows\System\fVYfoaO.exe N/A
N/A N/A C:\Windows\System\tcCjUOv.exe N/A
N/A N/A C:\Windows\System\UzYFRBG.exe N/A
N/A N/A C:\Windows\System\lUabiAl.exe N/A
N/A N/A C:\Windows\System\rrRLlvq.exe N/A
N/A N/A C:\Windows\System\UdTWxAR.exe N/A
N/A N/A C:\Windows\System\ppIlDDB.exe N/A
N/A N/A C:\Windows\System\ehZkLak.exe N/A
N/A N/A C:\Windows\System\iWXruAv.exe N/A
N/A N/A C:\Windows\System\XQwoQIU.exe N/A
N/A N/A C:\Windows\System\wVuDPAN.exe N/A
N/A N/A C:\Windows\System\NiMEpQX.exe N/A
N/A N/A C:\Windows\System\UWInGSn.exe N/A
N/A N/A C:\Windows\System\OEsiRFU.exe N/A
N/A N/A C:\Windows\System\XlorOBW.exe N/A
N/A N/A C:\Windows\System\xVoYQjQ.exe N/A
N/A N/A C:\Windows\System\IteDoWF.exe N/A
N/A N/A C:\Windows\System\ZSXIAGh.exe N/A
N/A N/A C:\Windows\System\FXxBDNo.exe N/A
N/A N/A C:\Windows\System\NNgHYYl.exe N/A
N/A N/A C:\Windows\System\rXBGzUN.exe N/A
N/A N/A C:\Windows\System\gMLanEX.exe N/A
N/A N/A C:\Windows\System\OsiXYmD.exe N/A
N/A N/A C:\Windows\System\IBdINQb.exe N/A
N/A N/A C:\Windows\System\cItUbnU.exe N/A
N/A N/A C:\Windows\System\TVvvnGo.exe N/A
N/A N/A C:\Windows\System\NTXDjxa.exe N/A
N/A N/A C:\Windows\System\AgYtOIt.exe N/A
N/A N/A C:\Windows\System\sGlBWwP.exe N/A
N/A N/A C:\Windows\System\jBfWzun.exe N/A
N/A N/A C:\Windows\System\nSIgcav.exe N/A
N/A N/A C:\Windows\System\WlIjbUu.exe N/A
N/A N/A C:\Windows\System\JBDsyac.exe N/A
N/A N/A C:\Windows\System\bNXskpX.exe N/A
N/A N/A C:\Windows\System\jADtnOI.exe N/A
N/A N/A C:\Windows\System\EUVqwbM.exe N/A
N/A N/A C:\Windows\System\zwcPHwx.exe N/A
N/A N/A C:\Windows\System\PSAlOco.exe N/A
N/A N/A C:\Windows\System\ipbAKRO.exe N/A
N/A N/A C:\Windows\System\XAsdlQx.exe N/A
N/A N/A C:\Windows\System\GUuXVdg.exe N/A
N/A N/A C:\Windows\System\TkKVWbS.exe N/A
N/A N/A C:\Windows\System\TRadSic.exe N/A
N/A N/A C:\Windows\System\wyLzVAL.exe N/A
N/A N/A C:\Windows\System\MOGcIei.exe N/A
N/A N/A C:\Windows\System\SxThBLg.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\PpkudMr.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqIVUMo.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPWpnPH.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\sTIUkmt.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZeOxyu.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\dbtyQGz.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwaLWzI.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\bEIrmzL.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\RfRaIZy.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ljzwaKr.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\pzXWPtp.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\XkCCnjM.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\HujQmtC.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHGIGqM.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTfVrjJ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\pGvCcaV.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\sMuqjov.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMtiUNP.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\XOXSqSh.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\BcFGFgF.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ePnHJeO.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\wPsxyPt.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FucDLHZ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTfkTTd.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\CeUXOaM.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\QGLovEc.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\qWKLuWK.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\OyjTnQF.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\pGMBzPz.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\dliGpeJ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmwvfuD.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\QeZSxex.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\zAJcROA.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\HijEvzS.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\fAFXDjO.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUaBOtC.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\uMyfuEd.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\fRUgEAw.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kusrTnM.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJMEfIK.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rlMXAAK.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\NiSZONg.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\lfJVLZQ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsUGuBT.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kEHkEMm.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltHHJfQ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\waYLjFf.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\XWraPTh.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFFRnyN.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVSRyqe.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECrrVEi.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FkIySJF.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAYmKre.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXNZwfO.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMVOXbF.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALkLLEn.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\fAwbTIb.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\YcFQTUC.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\EyWDnTR.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqiKbkO.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\PbLaPlY.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\edhbgZW.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kgBMxxp.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\OYfcFdJ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2236 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2236 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2236 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\TbfHaTH.exe
PID 2236 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\TbfHaTH.exe
PID 2236 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\TbfHaTH.exe
PID 2236 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\KrgxOYj.exe
PID 2236 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\KrgxOYj.exe
PID 2236 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\KrgxOYj.exe
PID 2236 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\mKhSUBD.exe
PID 2236 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\mKhSUBD.exe
PID 2236 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\mKhSUBD.exe
PID 2236 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\WxaNxfJ.exe
PID 2236 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\WxaNxfJ.exe
PID 2236 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\WxaNxfJ.exe
PID 2236 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\jyBrfLA.exe
PID 2236 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\jyBrfLA.exe
PID 2236 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\jyBrfLA.exe
PID 2236 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\GHGbMgy.exe
PID 2236 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\GHGbMgy.exe
PID 2236 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\GHGbMgy.exe
PID 2236 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\WlSdRiu.exe
PID 2236 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\WlSdRiu.exe
PID 2236 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\WlSdRiu.exe
PID 2236 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\Lmqjseh.exe
PID 2236 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\Lmqjseh.exe
PID 2236 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\Lmqjseh.exe
PID 2236 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\qwleiod.exe
PID 2236 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\qwleiod.exe
PID 2236 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\qwleiod.exe
PID 2236 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\CjIUuSO.exe
PID 2236 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\CjIUuSO.exe
PID 2236 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\CjIUuSO.exe
PID 2236 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\GcZrHRd.exe
PID 2236 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\GcZrHRd.exe
PID 2236 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\GcZrHRd.exe
PID 2236 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\DiSlNiq.exe
PID 2236 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\DiSlNiq.exe
PID 2236 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\DiSlNiq.exe
PID 2236 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\LGDJhoC.exe
PID 2236 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\LGDJhoC.exe
PID 2236 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\LGDJhoC.exe
PID 2236 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\HajpdtT.exe
PID 2236 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\HajpdtT.exe
PID 2236 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\HajpdtT.exe
PID 2236 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\OMbkvtb.exe
PID 2236 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\OMbkvtb.exe
PID 2236 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\OMbkvtb.exe
PID 2236 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\qGoRlTi.exe
PID 2236 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\qGoRlTi.exe
PID 2236 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\qGoRlTi.exe
PID 2236 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\tPwmBOo.exe
PID 2236 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\tPwmBOo.exe
PID 2236 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\tPwmBOo.exe
PID 2236 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\raEUsNc.exe
PID 2236 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\raEUsNc.exe
PID 2236 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\raEUsNc.exe
PID 2236 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\fVYfoaO.exe
PID 2236 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\fVYfoaO.exe
PID 2236 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\fVYfoaO.exe
PID 2236 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\tcCjUOv.exe
PID 2236 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\tcCjUOv.exe
PID 2236 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\tcCjUOv.exe
PID 2236 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\UzYFRBG.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\TbfHaTH.exe

C:\Windows\System\TbfHaTH.exe

C:\Windows\System\KrgxOYj.exe

C:\Windows\System\KrgxOYj.exe

C:\Windows\System\mKhSUBD.exe

C:\Windows\System\mKhSUBD.exe

C:\Windows\System\WxaNxfJ.exe

C:\Windows\System\WxaNxfJ.exe

C:\Windows\System\jyBrfLA.exe

C:\Windows\System\jyBrfLA.exe

C:\Windows\System\GHGbMgy.exe

C:\Windows\System\GHGbMgy.exe

C:\Windows\System\WlSdRiu.exe

C:\Windows\System\WlSdRiu.exe

C:\Windows\System\Lmqjseh.exe

C:\Windows\System\Lmqjseh.exe

C:\Windows\System\qwleiod.exe

C:\Windows\System\qwleiod.exe

C:\Windows\System\CjIUuSO.exe

C:\Windows\System\CjIUuSO.exe

C:\Windows\System\GcZrHRd.exe

C:\Windows\System\GcZrHRd.exe

C:\Windows\System\DiSlNiq.exe

C:\Windows\System\DiSlNiq.exe

C:\Windows\System\LGDJhoC.exe

C:\Windows\System\LGDJhoC.exe

C:\Windows\System\HajpdtT.exe

C:\Windows\System\HajpdtT.exe

C:\Windows\System\OMbkvtb.exe

C:\Windows\System\OMbkvtb.exe

C:\Windows\System\qGoRlTi.exe

C:\Windows\System\qGoRlTi.exe

C:\Windows\System\tPwmBOo.exe

C:\Windows\System\tPwmBOo.exe

C:\Windows\System\raEUsNc.exe

C:\Windows\System\raEUsNc.exe

C:\Windows\System\fVYfoaO.exe

C:\Windows\System\fVYfoaO.exe

C:\Windows\System\tcCjUOv.exe

C:\Windows\System\tcCjUOv.exe

C:\Windows\System\UzYFRBG.exe

C:\Windows\System\UzYFRBG.exe

C:\Windows\System\lUabiAl.exe

C:\Windows\System\lUabiAl.exe

C:\Windows\System\rrRLlvq.exe

C:\Windows\System\rrRLlvq.exe

C:\Windows\System\UdTWxAR.exe

C:\Windows\System\UdTWxAR.exe

C:\Windows\System\ppIlDDB.exe

C:\Windows\System\ppIlDDB.exe

C:\Windows\System\iWXruAv.exe

C:\Windows\System\iWXruAv.exe

C:\Windows\System\ehZkLak.exe

C:\Windows\System\ehZkLak.exe

C:\Windows\System\VjcgQzN.exe

C:\Windows\System\VjcgQzN.exe

C:\Windows\System\XQwoQIU.exe

C:\Windows\System\XQwoQIU.exe

C:\Windows\System\BpcMmyz.exe

C:\Windows\System\BpcMmyz.exe

C:\Windows\System\wVuDPAN.exe

C:\Windows\System\wVuDPAN.exe

C:\Windows\System\WHlHzEq.exe

C:\Windows\System\WHlHzEq.exe

C:\Windows\System\NiMEpQX.exe

C:\Windows\System\NiMEpQX.exe

C:\Windows\System\wwHOtvc.exe

C:\Windows\System\wwHOtvc.exe

C:\Windows\System\UWInGSn.exe

C:\Windows\System\UWInGSn.exe

C:\Windows\System\FyEGLXW.exe

C:\Windows\System\FyEGLXW.exe

C:\Windows\System\OEsiRFU.exe

C:\Windows\System\OEsiRFU.exe

C:\Windows\System\bQAkrLY.exe

C:\Windows\System\bQAkrLY.exe

C:\Windows\System\XlorOBW.exe

C:\Windows\System\XlorOBW.exe

C:\Windows\System\uGGzMxt.exe

C:\Windows\System\uGGzMxt.exe

C:\Windows\System\xVoYQjQ.exe

C:\Windows\System\xVoYQjQ.exe

C:\Windows\System\JylAIIf.exe

C:\Windows\System\JylAIIf.exe

C:\Windows\System\IteDoWF.exe

C:\Windows\System\IteDoWF.exe

C:\Windows\System\PndagKG.exe

C:\Windows\System\PndagKG.exe

C:\Windows\System\ZSXIAGh.exe

C:\Windows\System\ZSXIAGh.exe

C:\Windows\System\QiStXdr.exe

C:\Windows\System\QiStXdr.exe

C:\Windows\System\FXxBDNo.exe

C:\Windows\System\FXxBDNo.exe

C:\Windows\System\rzWVdjk.exe

C:\Windows\System\rzWVdjk.exe

C:\Windows\System\NNgHYYl.exe

C:\Windows\System\NNgHYYl.exe

C:\Windows\System\KILFLZy.exe

C:\Windows\System\KILFLZy.exe

C:\Windows\System\rXBGzUN.exe

C:\Windows\System\rXBGzUN.exe

C:\Windows\System\mxQUgUG.exe

C:\Windows\System\mxQUgUG.exe

C:\Windows\System\gMLanEX.exe

C:\Windows\System\gMLanEX.exe

C:\Windows\System\AkGXFlT.exe

C:\Windows\System\AkGXFlT.exe

C:\Windows\System\OsiXYmD.exe

C:\Windows\System\OsiXYmD.exe

C:\Windows\System\IVSRyqe.exe

C:\Windows\System\IVSRyqe.exe

C:\Windows\System\IBdINQb.exe

C:\Windows\System\IBdINQb.exe

C:\Windows\System\AvrXumg.exe

C:\Windows\System\AvrXumg.exe

C:\Windows\System\cItUbnU.exe

C:\Windows\System\cItUbnU.exe

C:\Windows\System\tMwqGSL.exe

C:\Windows\System\tMwqGSL.exe

C:\Windows\System\TVvvnGo.exe

C:\Windows\System\TVvvnGo.exe

C:\Windows\System\IenyGtY.exe

C:\Windows\System\IenyGtY.exe

C:\Windows\System\NTXDjxa.exe

C:\Windows\System\NTXDjxa.exe

C:\Windows\System\MjaEKOE.exe

C:\Windows\System\MjaEKOE.exe

C:\Windows\System\AgYtOIt.exe

C:\Windows\System\AgYtOIt.exe

C:\Windows\System\tQCjufQ.exe

C:\Windows\System\tQCjufQ.exe

C:\Windows\System\sGlBWwP.exe

C:\Windows\System\sGlBWwP.exe

C:\Windows\System\PvBrHvB.exe

C:\Windows\System\PvBrHvB.exe

C:\Windows\System\jBfWzun.exe

C:\Windows\System\jBfWzun.exe

C:\Windows\System\vYLJIeb.exe

C:\Windows\System\vYLJIeb.exe

C:\Windows\System\nSIgcav.exe

C:\Windows\System\nSIgcav.exe

C:\Windows\System\iPthYfr.exe

C:\Windows\System\iPthYfr.exe

C:\Windows\System\WlIjbUu.exe

C:\Windows\System\WlIjbUu.exe

C:\Windows\System\fDhCsjG.exe

C:\Windows\System\fDhCsjG.exe

C:\Windows\System\JBDsyac.exe

C:\Windows\System\JBDsyac.exe

C:\Windows\System\uKBAUKx.exe

C:\Windows\System\uKBAUKx.exe

C:\Windows\System\bNXskpX.exe

C:\Windows\System\bNXskpX.exe

C:\Windows\System\umISVBV.exe

C:\Windows\System\umISVBV.exe

C:\Windows\System\jADtnOI.exe

C:\Windows\System\jADtnOI.exe

C:\Windows\System\MBTrUEp.exe

C:\Windows\System\MBTrUEp.exe

C:\Windows\System\EUVqwbM.exe

C:\Windows\System\EUVqwbM.exe

C:\Windows\System\RPZQqid.exe

C:\Windows\System\RPZQqid.exe

C:\Windows\System\zwcPHwx.exe

C:\Windows\System\zwcPHwx.exe

C:\Windows\System\tQWoAor.exe

C:\Windows\System\tQWoAor.exe

C:\Windows\System\PSAlOco.exe

C:\Windows\System\PSAlOco.exe

C:\Windows\System\stqrJno.exe

C:\Windows\System\stqrJno.exe

C:\Windows\System\ipbAKRO.exe

C:\Windows\System\ipbAKRO.exe

C:\Windows\System\umbyIZX.exe

C:\Windows\System\umbyIZX.exe

C:\Windows\System\XAsdlQx.exe

C:\Windows\System\XAsdlQx.exe

C:\Windows\System\jbXUSHJ.exe

C:\Windows\System\jbXUSHJ.exe

C:\Windows\System\GUuXVdg.exe

C:\Windows\System\GUuXVdg.exe

C:\Windows\System\qAkpTNb.exe

C:\Windows\System\qAkpTNb.exe

C:\Windows\System\TkKVWbS.exe

C:\Windows\System\TkKVWbS.exe

C:\Windows\System\eaqHjUN.exe

C:\Windows\System\eaqHjUN.exe

C:\Windows\System\TRadSic.exe

C:\Windows\System\TRadSic.exe

C:\Windows\System\PxcZbOB.exe

C:\Windows\System\PxcZbOB.exe

C:\Windows\System\wyLzVAL.exe

C:\Windows\System\wyLzVAL.exe

C:\Windows\System\sfrmIXT.exe

C:\Windows\System\sfrmIXT.exe

C:\Windows\System\MOGcIei.exe

C:\Windows\System\MOGcIei.exe

C:\Windows\System\GmEMaqs.exe

C:\Windows\System\GmEMaqs.exe

C:\Windows\System\SxThBLg.exe

C:\Windows\System\SxThBLg.exe

C:\Windows\System\JHyrINr.exe

C:\Windows\System\JHyrINr.exe

C:\Windows\System\iGAwJCD.exe

C:\Windows\System\iGAwJCD.exe

C:\Windows\System\HBzzLiS.exe

C:\Windows\System\HBzzLiS.exe

C:\Windows\System\YrDoJVl.exe

C:\Windows\System\YrDoJVl.exe

C:\Windows\System\VzTuiDN.exe

C:\Windows\System\VzTuiDN.exe

C:\Windows\System\PfpQYit.exe

C:\Windows\System\PfpQYit.exe

C:\Windows\System\BAHMuYQ.exe

C:\Windows\System\BAHMuYQ.exe

C:\Windows\System\DgthSMN.exe

C:\Windows\System\DgthSMN.exe

C:\Windows\System\mLfdTul.exe

C:\Windows\System\mLfdTul.exe

C:\Windows\System\rKCKnBY.exe

C:\Windows\System\rKCKnBY.exe

C:\Windows\System\NvpCIXU.exe

C:\Windows\System\NvpCIXU.exe

C:\Windows\System\BEyPtVX.exe

C:\Windows\System\BEyPtVX.exe

C:\Windows\System\qMqXFie.exe

C:\Windows\System\qMqXFie.exe

C:\Windows\System\cmOLhWy.exe

C:\Windows\System\cmOLhWy.exe

C:\Windows\System\zzxyJqE.exe

C:\Windows\System\zzxyJqE.exe

C:\Windows\System\eofGwWm.exe

C:\Windows\System\eofGwWm.exe

C:\Windows\System\LPIkGTb.exe

C:\Windows\System\LPIkGTb.exe

C:\Windows\System\vqbnrFn.exe

C:\Windows\System\vqbnrFn.exe

C:\Windows\System\gyBnjkP.exe

C:\Windows\System\gyBnjkP.exe

C:\Windows\System\VlsqmLn.exe

C:\Windows\System\VlsqmLn.exe

C:\Windows\System\VKTYDbr.exe

C:\Windows\System\VKTYDbr.exe

C:\Windows\System\AsywiVq.exe

C:\Windows\System\AsywiVq.exe

C:\Windows\System\JRvStFM.exe

C:\Windows\System\JRvStFM.exe

C:\Windows\System\scruzBh.exe

C:\Windows\System\scruzBh.exe

C:\Windows\System\UpMYSpd.exe

C:\Windows\System\UpMYSpd.exe

C:\Windows\System\ECkeMOA.exe

C:\Windows\System\ECkeMOA.exe

C:\Windows\System\kLiqTWA.exe

C:\Windows\System\kLiqTWA.exe

C:\Windows\System\bqQRYUD.exe

C:\Windows\System\bqQRYUD.exe

C:\Windows\System\frdRQsa.exe

C:\Windows\System\frdRQsa.exe

C:\Windows\System\ydhIGbx.exe

C:\Windows\System\ydhIGbx.exe

C:\Windows\System\uhxSQBh.exe

C:\Windows\System\uhxSQBh.exe

C:\Windows\System\arOgPaw.exe

C:\Windows\System\arOgPaw.exe

C:\Windows\System\mWyKXXA.exe

C:\Windows\System\mWyKXXA.exe

C:\Windows\System\gkrsTxw.exe

C:\Windows\System\gkrsTxw.exe

C:\Windows\System\UeHfqEO.exe

C:\Windows\System\UeHfqEO.exe

C:\Windows\System\HktmfiL.exe

C:\Windows\System\HktmfiL.exe

C:\Windows\System\zlOgKFQ.exe

C:\Windows\System\zlOgKFQ.exe

C:\Windows\System\fwyUedJ.exe

C:\Windows\System\fwyUedJ.exe

C:\Windows\System\DzHMCNj.exe

C:\Windows\System\DzHMCNj.exe

C:\Windows\System\mDHqwPv.exe

C:\Windows\System\mDHqwPv.exe

C:\Windows\System\WcEFIoc.exe

C:\Windows\System\WcEFIoc.exe

C:\Windows\System\ZlqbxmG.exe

C:\Windows\System\ZlqbxmG.exe

C:\Windows\System\SLZgbKn.exe

C:\Windows\System\SLZgbKn.exe

C:\Windows\System\wuAuWzc.exe

C:\Windows\System\wuAuWzc.exe

C:\Windows\System\nrtwqHk.exe

C:\Windows\System\nrtwqHk.exe

C:\Windows\System\SRgumPR.exe

C:\Windows\System\SRgumPR.exe

C:\Windows\System\TAYPfJf.exe

C:\Windows\System\TAYPfJf.exe

C:\Windows\System\kDYEdsU.exe

C:\Windows\System\kDYEdsU.exe

C:\Windows\System\UHREIFe.exe

C:\Windows\System\UHREIFe.exe

C:\Windows\System\yAGUZFe.exe

C:\Windows\System\yAGUZFe.exe

C:\Windows\System\AJkGsAT.exe

C:\Windows\System\AJkGsAT.exe

C:\Windows\System\XLSuaRp.exe

C:\Windows\System\XLSuaRp.exe

C:\Windows\System\krcMonV.exe

C:\Windows\System\krcMonV.exe

C:\Windows\System\tRnGwKP.exe

C:\Windows\System\tRnGwKP.exe

C:\Windows\System\BaWcuKk.exe

C:\Windows\System\BaWcuKk.exe

C:\Windows\System\iCMKEGl.exe

C:\Windows\System\iCMKEGl.exe

C:\Windows\System\IZGMLkS.exe

C:\Windows\System\IZGMLkS.exe

C:\Windows\System\GSREQKE.exe

C:\Windows\System\GSREQKE.exe

C:\Windows\System\vLgjEMd.exe

C:\Windows\System\vLgjEMd.exe

C:\Windows\System\HWkjZbk.exe

C:\Windows\System\HWkjZbk.exe

C:\Windows\System\QOgeNIt.exe

C:\Windows\System\QOgeNIt.exe

C:\Windows\System\mwoRaJH.exe

C:\Windows\System\mwoRaJH.exe

C:\Windows\System\lbudJgr.exe

C:\Windows\System\lbudJgr.exe

C:\Windows\System\IkuPGxy.exe

C:\Windows\System\IkuPGxy.exe

C:\Windows\System\kPagkdG.exe

C:\Windows\System\kPagkdG.exe

C:\Windows\System\mUDkXWQ.exe

C:\Windows\System\mUDkXWQ.exe

C:\Windows\System\OwnHDgc.exe

C:\Windows\System\OwnHDgc.exe

C:\Windows\System\INfNwUK.exe

C:\Windows\System\INfNwUK.exe

C:\Windows\System\APkYZbZ.exe

C:\Windows\System\APkYZbZ.exe

C:\Windows\System\JUDUQDg.exe

C:\Windows\System\JUDUQDg.exe

C:\Windows\System\QkUvwwH.exe

C:\Windows\System\QkUvwwH.exe

C:\Windows\System\fBHldyc.exe

C:\Windows\System\fBHldyc.exe

C:\Windows\System\kVlWuXE.exe

C:\Windows\System\kVlWuXE.exe

C:\Windows\System\RFiFXwo.exe

C:\Windows\System\RFiFXwo.exe

C:\Windows\System\SGknJPW.exe

C:\Windows\System\SGknJPW.exe

C:\Windows\System\CcPsVYh.exe

C:\Windows\System\CcPsVYh.exe

C:\Windows\System\mjkgXvU.exe

C:\Windows\System\mjkgXvU.exe

C:\Windows\System\lqsbHRm.exe

C:\Windows\System\lqsbHRm.exe

C:\Windows\System\dmomtqe.exe

C:\Windows\System\dmomtqe.exe

C:\Windows\System\HTuZjwT.exe

C:\Windows\System\HTuZjwT.exe

C:\Windows\System\szvbfIE.exe

C:\Windows\System\szvbfIE.exe

C:\Windows\System\mletCmD.exe

C:\Windows\System\mletCmD.exe

C:\Windows\System\MNndlfn.exe

C:\Windows\System\MNndlfn.exe

C:\Windows\System\ogBKLdH.exe

C:\Windows\System\ogBKLdH.exe

C:\Windows\System\ZjgkaZh.exe

C:\Windows\System\ZjgkaZh.exe

C:\Windows\System\CbrySsK.exe

C:\Windows\System\CbrySsK.exe

C:\Windows\System\CbgPYXS.exe

C:\Windows\System\CbgPYXS.exe

C:\Windows\System\khnVAUs.exe

C:\Windows\System\khnVAUs.exe

C:\Windows\System\obLYGLf.exe

C:\Windows\System\obLYGLf.exe

C:\Windows\System\wxciXWa.exe

C:\Windows\System\wxciXWa.exe

C:\Windows\System\UJGMVma.exe

C:\Windows\System\UJGMVma.exe

C:\Windows\System\cQqSVeR.exe

C:\Windows\System\cQqSVeR.exe

C:\Windows\System\QsLrnhv.exe

C:\Windows\System\QsLrnhv.exe

C:\Windows\System\OmdXbEZ.exe

C:\Windows\System\OmdXbEZ.exe

C:\Windows\System\xkUQkGB.exe

C:\Windows\System\xkUQkGB.exe

C:\Windows\System\sYNydvb.exe

C:\Windows\System\sYNydvb.exe

C:\Windows\System\akowNXx.exe

C:\Windows\System\akowNXx.exe

C:\Windows\System\HTITRKN.exe

C:\Windows\System\HTITRKN.exe

C:\Windows\System\hXuBkSY.exe

C:\Windows\System\hXuBkSY.exe

C:\Windows\System\ePIWqrc.exe

C:\Windows\System\ePIWqrc.exe

C:\Windows\System\uVEVazN.exe

C:\Windows\System\uVEVazN.exe

C:\Windows\System\NiAwzIZ.exe

C:\Windows\System\NiAwzIZ.exe

C:\Windows\System\UQDuQXq.exe

C:\Windows\System\UQDuQXq.exe

C:\Windows\System\wvHxKdw.exe

C:\Windows\System\wvHxKdw.exe

C:\Windows\System\byqxHyi.exe

C:\Windows\System\byqxHyi.exe

C:\Windows\System\guXyeQo.exe

C:\Windows\System\guXyeQo.exe

C:\Windows\System\CrwlYZW.exe

C:\Windows\System\CrwlYZW.exe

C:\Windows\System\pEyNACB.exe

C:\Windows\System\pEyNACB.exe

C:\Windows\System\gJOEwaK.exe

C:\Windows\System\gJOEwaK.exe

C:\Windows\System\kBcwAiQ.exe

C:\Windows\System\kBcwAiQ.exe

C:\Windows\System\aRpjJlA.exe

C:\Windows\System\aRpjJlA.exe

C:\Windows\System\NbrjoxP.exe

C:\Windows\System\NbrjoxP.exe

C:\Windows\System\hpCnyRd.exe

C:\Windows\System\hpCnyRd.exe

C:\Windows\System\rvkckcq.exe

C:\Windows\System\rvkckcq.exe

C:\Windows\System\tIUpJTe.exe

C:\Windows\System\tIUpJTe.exe

C:\Windows\System\kIKRmjh.exe

C:\Windows\System\kIKRmjh.exe

C:\Windows\System\QZEwrfT.exe

C:\Windows\System\QZEwrfT.exe

C:\Windows\System\vNhlFPg.exe

C:\Windows\System\vNhlFPg.exe

C:\Windows\System\BRSEQxq.exe

C:\Windows\System\BRSEQxq.exe

C:\Windows\System\AfamoRT.exe

C:\Windows\System\AfamoRT.exe

C:\Windows\System\sYZrTAM.exe

C:\Windows\System\sYZrTAM.exe

C:\Windows\System\aLxBZZo.exe

C:\Windows\System\aLxBZZo.exe

C:\Windows\System\urQxmnI.exe

C:\Windows\System\urQxmnI.exe

C:\Windows\System\smXdEQw.exe

C:\Windows\System\smXdEQw.exe

C:\Windows\System\TPwJGhN.exe

C:\Windows\System\TPwJGhN.exe

C:\Windows\System\cdSNBOi.exe

C:\Windows\System\cdSNBOi.exe

C:\Windows\System\qIxLiEF.exe

C:\Windows\System\qIxLiEF.exe

C:\Windows\System\qGEpNMy.exe

C:\Windows\System\qGEpNMy.exe

C:\Windows\System\IcsbkIh.exe

C:\Windows\System\IcsbkIh.exe

C:\Windows\System\zPzhwoR.exe

C:\Windows\System\zPzhwoR.exe

C:\Windows\System\BNMSsqJ.exe

C:\Windows\System\BNMSsqJ.exe

C:\Windows\System\lFtFTDX.exe

C:\Windows\System\lFtFTDX.exe

C:\Windows\System\nJBVlsK.exe

C:\Windows\System\nJBVlsK.exe

C:\Windows\System\WfdfKUE.exe

C:\Windows\System\WfdfKUE.exe

C:\Windows\System\EWjghLl.exe

C:\Windows\System\EWjghLl.exe

C:\Windows\System\LlFlsRM.exe

C:\Windows\System\LlFlsRM.exe

C:\Windows\System\MXmGINj.exe

C:\Windows\System\MXmGINj.exe

C:\Windows\System\lgYWeBz.exe

C:\Windows\System\lgYWeBz.exe

C:\Windows\System\uErYawm.exe

C:\Windows\System\uErYawm.exe

C:\Windows\System\kpRYHGD.exe

C:\Windows\System\kpRYHGD.exe

C:\Windows\System\Iwzyruo.exe

C:\Windows\System\Iwzyruo.exe

C:\Windows\System\RKrortj.exe

C:\Windows\System\RKrortj.exe

C:\Windows\System\EeizFBt.exe

C:\Windows\System\EeizFBt.exe

C:\Windows\System\fFeIvDb.exe

C:\Windows\System\fFeIvDb.exe

C:\Windows\System\hMxrysB.exe

C:\Windows\System\hMxrysB.exe

C:\Windows\System\ZBzlZKX.exe

C:\Windows\System\ZBzlZKX.exe

C:\Windows\System\WWOPZvo.exe

C:\Windows\System\WWOPZvo.exe

C:\Windows\System\flcMidH.exe

C:\Windows\System\flcMidH.exe

C:\Windows\System\YiMElAk.exe

C:\Windows\System\YiMElAk.exe

C:\Windows\System\UEsFfLU.exe

C:\Windows\System\UEsFfLU.exe

C:\Windows\System\UCgjJkw.exe

C:\Windows\System\UCgjJkw.exe

C:\Windows\System\gWPDiYR.exe

C:\Windows\System\gWPDiYR.exe

C:\Windows\System\jDApNXZ.exe

C:\Windows\System\jDApNXZ.exe

C:\Windows\System\VwpgmMk.exe

C:\Windows\System\VwpgmMk.exe

C:\Windows\System\PCSazfF.exe

C:\Windows\System\PCSazfF.exe

C:\Windows\System\pHGIGqM.exe

C:\Windows\System\pHGIGqM.exe

C:\Windows\System\xVGIzyu.exe

C:\Windows\System\xVGIzyu.exe

C:\Windows\System\pmxJhgj.exe

C:\Windows\System\pmxJhgj.exe

C:\Windows\System\OLpKrKG.exe

C:\Windows\System\OLpKrKG.exe

C:\Windows\System\BLAssgU.exe

C:\Windows\System\BLAssgU.exe

C:\Windows\System\XWrHKJe.exe

C:\Windows\System\XWrHKJe.exe

C:\Windows\System\zWQrWOu.exe

C:\Windows\System\zWQrWOu.exe

C:\Windows\System\mstGgwI.exe

C:\Windows\System\mstGgwI.exe

C:\Windows\System\SbqkMvx.exe

C:\Windows\System\SbqkMvx.exe

C:\Windows\System\UZhSjuo.exe

C:\Windows\System\UZhSjuo.exe

C:\Windows\System\FXKHVfW.exe

C:\Windows\System\FXKHVfW.exe

C:\Windows\System\vihaUbB.exe

C:\Windows\System\vihaUbB.exe

C:\Windows\System\xWPjUkc.exe

C:\Windows\System\xWPjUkc.exe

C:\Windows\System\uAaThKF.exe

C:\Windows\System\uAaThKF.exe

C:\Windows\System\YAaUDte.exe

C:\Windows\System\YAaUDte.exe

C:\Windows\System\aCzNWUn.exe

C:\Windows\System\aCzNWUn.exe

C:\Windows\System\gPlZYEB.exe

C:\Windows\System\gPlZYEB.exe

C:\Windows\System\BeHDmgt.exe

C:\Windows\System\BeHDmgt.exe

C:\Windows\System\mEMuOSQ.exe

C:\Windows\System\mEMuOSQ.exe

C:\Windows\System\ebfxCvU.exe

C:\Windows\System\ebfxCvU.exe

C:\Windows\System\xarGYmv.exe

C:\Windows\System\xarGYmv.exe

C:\Windows\System\TUBAPUg.exe

C:\Windows\System\TUBAPUg.exe

C:\Windows\System\NPgOZBz.exe

C:\Windows\System\NPgOZBz.exe

C:\Windows\System\edttKbq.exe

C:\Windows\System\edttKbq.exe

C:\Windows\System\ZcIetpZ.exe

C:\Windows\System\ZcIetpZ.exe

C:\Windows\System\aSFgnAr.exe

C:\Windows\System\aSFgnAr.exe

C:\Windows\System\VvKHeFk.exe

C:\Windows\System\VvKHeFk.exe

C:\Windows\System\hUhnOjo.exe

C:\Windows\System\hUhnOjo.exe

C:\Windows\System\BqYyNFj.exe

C:\Windows\System\BqYyNFj.exe

C:\Windows\System\AINnxqy.exe

C:\Windows\System\AINnxqy.exe

C:\Windows\System\YRggCzM.exe

C:\Windows\System\YRggCzM.exe

C:\Windows\System\ZpYaZPB.exe

C:\Windows\System\ZpYaZPB.exe

C:\Windows\System\aDQkOso.exe

C:\Windows\System\aDQkOso.exe

C:\Windows\System\RmVctvm.exe

C:\Windows\System\RmVctvm.exe

C:\Windows\System\ZgkVivX.exe

C:\Windows\System\ZgkVivX.exe

C:\Windows\System\ryrOrvo.exe

C:\Windows\System\ryrOrvo.exe

C:\Windows\System\ODrTYno.exe

C:\Windows\System\ODrTYno.exe

C:\Windows\System\GdZTzpc.exe

C:\Windows\System\GdZTzpc.exe

C:\Windows\System\CiCIZZz.exe

C:\Windows\System\CiCIZZz.exe

C:\Windows\System\PchBmhw.exe

C:\Windows\System\PchBmhw.exe

C:\Windows\System\jteWxch.exe

C:\Windows\System\jteWxch.exe

C:\Windows\System\JVbJHpK.exe

C:\Windows\System\JVbJHpK.exe

C:\Windows\System\ihXnJez.exe

C:\Windows\System\ihXnJez.exe

C:\Windows\System\xAojFVQ.exe

C:\Windows\System\xAojFVQ.exe

C:\Windows\System\SvXNeEz.exe

C:\Windows\System\SvXNeEz.exe

C:\Windows\System\xqdCpLh.exe

C:\Windows\System\xqdCpLh.exe

C:\Windows\System\aYUooiL.exe

C:\Windows\System\aYUooiL.exe

C:\Windows\System\FImktON.exe

C:\Windows\System\FImktON.exe

C:\Windows\System\vmGkRzO.exe

C:\Windows\System\vmGkRzO.exe

C:\Windows\System\mBaLYZn.exe

C:\Windows\System\mBaLYZn.exe

C:\Windows\System\ncBschf.exe

C:\Windows\System\ncBschf.exe

C:\Windows\System\VSZOwnD.exe

C:\Windows\System\VSZOwnD.exe

C:\Windows\System\vdWGwjY.exe

C:\Windows\System\vdWGwjY.exe

C:\Windows\System\UhRAAqu.exe

C:\Windows\System\UhRAAqu.exe

C:\Windows\System\qGemqVw.exe

C:\Windows\System\qGemqVw.exe

C:\Windows\System\ouxwVTg.exe

C:\Windows\System\ouxwVTg.exe

C:\Windows\System\niRrdff.exe

C:\Windows\System\niRrdff.exe

C:\Windows\System\zBVIiXB.exe

C:\Windows\System\zBVIiXB.exe

C:\Windows\System\xPKXxMI.exe

C:\Windows\System\xPKXxMI.exe

C:\Windows\System\sBJUiXV.exe

C:\Windows\System\sBJUiXV.exe

C:\Windows\System\iUXEWlk.exe

C:\Windows\System\iUXEWlk.exe

C:\Windows\System\qLEhDnj.exe

C:\Windows\System\qLEhDnj.exe

C:\Windows\System\fxtQgxG.exe

C:\Windows\System\fxtQgxG.exe

C:\Windows\System\siyDPpM.exe

C:\Windows\System\siyDPpM.exe

C:\Windows\System\nnQUuOC.exe

C:\Windows\System\nnQUuOC.exe

C:\Windows\System\QgVpkYb.exe

C:\Windows\System\QgVpkYb.exe

C:\Windows\System\UptDYOf.exe

C:\Windows\System\UptDYOf.exe

C:\Windows\System\YcoziQm.exe

C:\Windows\System\YcoziQm.exe

C:\Windows\System\lFPdtOL.exe

C:\Windows\System\lFPdtOL.exe

C:\Windows\System\FKZUKeD.exe

C:\Windows\System\FKZUKeD.exe

C:\Windows\System\ABxQywn.exe

C:\Windows\System\ABxQywn.exe

C:\Windows\System\JDsXdby.exe

C:\Windows\System\JDsXdby.exe

C:\Windows\System\uPhQBeG.exe

C:\Windows\System\uPhQBeG.exe

C:\Windows\System\NbPXtut.exe

C:\Windows\System\NbPXtut.exe

C:\Windows\System\piRapgi.exe

C:\Windows\System\piRapgi.exe

C:\Windows\System\GNNzMWn.exe

C:\Windows\System\GNNzMWn.exe

C:\Windows\System\NnQoEwN.exe

C:\Windows\System\NnQoEwN.exe

C:\Windows\System\tPQbedk.exe

C:\Windows\System\tPQbedk.exe

C:\Windows\System\VqPvLkk.exe

C:\Windows\System\VqPvLkk.exe

C:\Windows\System\YvOtOYr.exe

C:\Windows\System\YvOtOYr.exe

C:\Windows\System\onrmIUW.exe

C:\Windows\System\onrmIUW.exe

C:\Windows\System\MFcNhAe.exe

C:\Windows\System\MFcNhAe.exe

C:\Windows\System\SdQcBzz.exe

C:\Windows\System\SdQcBzz.exe

C:\Windows\System\fdURKQl.exe

C:\Windows\System\fdURKQl.exe

C:\Windows\System\UIzxGIW.exe

C:\Windows\System\UIzxGIW.exe

C:\Windows\System\jbKbHVv.exe

C:\Windows\System\jbKbHVv.exe

C:\Windows\System\MADKmlD.exe

C:\Windows\System\MADKmlD.exe

C:\Windows\System\xciXiDd.exe

C:\Windows\System\xciXiDd.exe

C:\Windows\System\QCwAvZm.exe

C:\Windows\System\QCwAvZm.exe

C:\Windows\System\kmtUByu.exe

C:\Windows\System\kmtUByu.exe

C:\Windows\System\ZEgxZDZ.exe

C:\Windows\System\ZEgxZDZ.exe

C:\Windows\System\XfBaCPN.exe

C:\Windows\System\XfBaCPN.exe

C:\Windows\System\pkGWiWS.exe

C:\Windows\System\pkGWiWS.exe

C:\Windows\System\isEtXuT.exe

C:\Windows\System\isEtXuT.exe

C:\Windows\System\SAdwJDQ.exe

C:\Windows\System\SAdwJDQ.exe

C:\Windows\System\qiQLGLc.exe

C:\Windows\System\qiQLGLc.exe

C:\Windows\System\ltfVIbB.exe

C:\Windows\System\ltfVIbB.exe

C:\Windows\System\ecqDMGC.exe

C:\Windows\System\ecqDMGC.exe

C:\Windows\System\Fqbpjte.exe

C:\Windows\System\Fqbpjte.exe

C:\Windows\System\NMPjzpG.exe

C:\Windows\System\NMPjzpG.exe

C:\Windows\System\SSaEFLo.exe

C:\Windows\System\SSaEFLo.exe

C:\Windows\System\MGbRkJX.exe

C:\Windows\System\MGbRkJX.exe

C:\Windows\System\VGTQAts.exe

C:\Windows\System\VGTQAts.exe

C:\Windows\System\guVkyAJ.exe

C:\Windows\System\guVkyAJ.exe

C:\Windows\System\PFdAeAO.exe

C:\Windows\System\PFdAeAO.exe

C:\Windows\System\hJNKVLA.exe

C:\Windows\System\hJNKVLA.exe

C:\Windows\System\NOahdUk.exe

C:\Windows\System\NOahdUk.exe

C:\Windows\System\jfvfEtv.exe

C:\Windows\System\jfvfEtv.exe

C:\Windows\System\ETJxosL.exe

C:\Windows\System\ETJxosL.exe

C:\Windows\System\ndqVCTM.exe

C:\Windows\System\ndqVCTM.exe

C:\Windows\System\TdnkqAU.exe

C:\Windows\System\TdnkqAU.exe

C:\Windows\System\nzxQdgl.exe

C:\Windows\System\nzxQdgl.exe

C:\Windows\System\vIUHnWt.exe

C:\Windows\System\vIUHnWt.exe

C:\Windows\System\fEVTqJn.exe

C:\Windows\System\fEVTqJn.exe

C:\Windows\System\ZJnHaqF.exe

C:\Windows\System\ZJnHaqF.exe

C:\Windows\System\jurrVLy.exe

C:\Windows\System\jurrVLy.exe

C:\Windows\System\RYClaHU.exe

C:\Windows\System\RYClaHU.exe

C:\Windows\System\gTbsyKv.exe

C:\Windows\System\gTbsyKv.exe

C:\Windows\System\EXXsSvc.exe

C:\Windows\System\EXXsSvc.exe

C:\Windows\System\llsonPx.exe

C:\Windows\System\llsonPx.exe

C:\Windows\System\JgUkvds.exe

C:\Windows\System\JgUkvds.exe

C:\Windows\System\IVebgvF.exe

C:\Windows\System\IVebgvF.exe

C:\Windows\System\RqzFskG.exe

C:\Windows\System\RqzFskG.exe

C:\Windows\System\IhVKKZn.exe

C:\Windows\System\IhVKKZn.exe

C:\Windows\System\cucCaqN.exe

C:\Windows\System\cucCaqN.exe

C:\Windows\System\OvZRIUs.exe

C:\Windows\System\OvZRIUs.exe

C:\Windows\System\mqbBVEE.exe

C:\Windows\System\mqbBVEE.exe

C:\Windows\System\pNOAswM.exe

C:\Windows\System\pNOAswM.exe

C:\Windows\System\vfUKVEt.exe

C:\Windows\System\vfUKVEt.exe

C:\Windows\System\jhEVWrG.exe

C:\Windows\System\jhEVWrG.exe

C:\Windows\System\yrFMwgh.exe

C:\Windows\System\yrFMwgh.exe

C:\Windows\System\jMZFvdb.exe

C:\Windows\System\jMZFvdb.exe

C:\Windows\System\xJeXKsc.exe

C:\Windows\System\xJeXKsc.exe

C:\Windows\System\YiEHapU.exe

C:\Windows\System\YiEHapU.exe

C:\Windows\System\iFBDtBx.exe

C:\Windows\System\iFBDtBx.exe

C:\Windows\System\swvkqHK.exe

C:\Windows\System\swvkqHK.exe

C:\Windows\System\ckXyGfs.exe

C:\Windows\System\ckXyGfs.exe

C:\Windows\System\RrNfwaQ.exe

C:\Windows\System\RrNfwaQ.exe

C:\Windows\System\oEzFxsM.exe

C:\Windows\System\oEzFxsM.exe

C:\Windows\System\fIXyeze.exe

C:\Windows\System\fIXyeze.exe

C:\Windows\System\dPsSJEZ.exe

C:\Windows\System\dPsSJEZ.exe

C:\Windows\System\GTQAKiL.exe

C:\Windows\System\GTQAKiL.exe

C:\Windows\System\gZzbJii.exe

C:\Windows\System\gZzbJii.exe

C:\Windows\System\GnOpSxF.exe

C:\Windows\System\GnOpSxF.exe

C:\Windows\System\AbWOuyO.exe

C:\Windows\System\AbWOuyO.exe

C:\Windows\System\irdIKMG.exe

C:\Windows\System\irdIKMG.exe

C:\Windows\System\BWRRFcU.exe

C:\Windows\System\BWRRFcU.exe

C:\Windows\System\NoKnpUC.exe

C:\Windows\System\NoKnpUC.exe

C:\Windows\System\yssSMLz.exe

C:\Windows\System\yssSMLz.exe

C:\Windows\System\TPVXqBP.exe

C:\Windows\System\TPVXqBP.exe

C:\Windows\System\xqrwuUj.exe

C:\Windows\System\xqrwuUj.exe

C:\Windows\System\vyrmWAF.exe

C:\Windows\System\vyrmWAF.exe

C:\Windows\System\ZsyckfC.exe

C:\Windows\System\ZsyckfC.exe

C:\Windows\System\aAubnwS.exe

C:\Windows\System\aAubnwS.exe

C:\Windows\System\xERfFys.exe

C:\Windows\System\xERfFys.exe

C:\Windows\System\qbogNnv.exe

C:\Windows\System\qbogNnv.exe

C:\Windows\System\whpppru.exe

C:\Windows\System\whpppru.exe

C:\Windows\System\pxwtgpB.exe

C:\Windows\System\pxwtgpB.exe

C:\Windows\System\efveAuc.exe

C:\Windows\System\efveAuc.exe

C:\Windows\System\rSMwPYy.exe

C:\Windows\System\rSMwPYy.exe

C:\Windows\System\pvsUgcS.exe

C:\Windows\System\pvsUgcS.exe

C:\Windows\System\apbdNVA.exe

C:\Windows\System\apbdNVA.exe

C:\Windows\System\BzdsyDw.exe

C:\Windows\System\BzdsyDw.exe

C:\Windows\System\lvOGGRV.exe

C:\Windows\System\lvOGGRV.exe

C:\Windows\System\tgqhLMi.exe

C:\Windows\System\tgqhLMi.exe

C:\Windows\System\kgUxRoO.exe

C:\Windows\System\kgUxRoO.exe

C:\Windows\System\KnZuHIV.exe

C:\Windows\System\KnZuHIV.exe

C:\Windows\System\ZnTKSMJ.exe

C:\Windows\System\ZnTKSMJ.exe

C:\Windows\System\nfRYWuL.exe

C:\Windows\System\nfRYWuL.exe

C:\Windows\System\pmfWFNA.exe

C:\Windows\System\pmfWFNA.exe

C:\Windows\System\QtxMKgb.exe

C:\Windows\System\QtxMKgb.exe

C:\Windows\System\eqkhiIG.exe

C:\Windows\System\eqkhiIG.exe

C:\Windows\System\NXkgnYW.exe

C:\Windows\System\NXkgnYW.exe

C:\Windows\System\CtZhNWL.exe

C:\Windows\System\CtZhNWL.exe

C:\Windows\System\jqThCyY.exe

C:\Windows\System\jqThCyY.exe

C:\Windows\System\pIUYGzw.exe

C:\Windows\System\pIUYGzw.exe

C:\Windows\System\QntjPsL.exe

C:\Windows\System\QntjPsL.exe

C:\Windows\System\rpsvtVG.exe

C:\Windows\System\rpsvtVG.exe

C:\Windows\System\qgRORkd.exe

C:\Windows\System\qgRORkd.exe

C:\Windows\System\lHHhKiV.exe

C:\Windows\System\lHHhKiV.exe

C:\Windows\System\rtviREO.exe

C:\Windows\System\rtviREO.exe

C:\Windows\System\tJDxbeF.exe

C:\Windows\System\tJDxbeF.exe

C:\Windows\System\rwKVeHx.exe

C:\Windows\System\rwKVeHx.exe

C:\Windows\System\RLLIqMB.exe

C:\Windows\System\RLLIqMB.exe

C:\Windows\System\UupablM.exe

C:\Windows\System\UupablM.exe

C:\Windows\System\VtjmHYq.exe

C:\Windows\System\VtjmHYq.exe

C:\Windows\System\cnBmgCj.exe

C:\Windows\System\cnBmgCj.exe

C:\Windows\System\SaHyNJO.exe

C:\Windows\System\SaHyNJO.exe

C:\Windows\System\JCcvUzo.exe

C:\Windows\System\JCcvUzo.exe

C:\Windows\System\PBBwhBX.exe

C:\Windows\System\PBBwhBX.exe

C:\Windows\System\qPXQVem.exe

C:\Windows\System\qPXQVem.exe

C:\Windows\System\mWXcaLC.exe

C:\Windows\System\mWXcaLC.exe

C:\Windows\System\jvOyiAs.exe

C:\Windows\System\jvOyiAs.exe

C:\Windows\System\xBfRpDb.exe

C:\Windows\System\xBfRpDb.exe

C:\Windows\System\qfixZfy.exe

C:\Windows\System\qfixZfy.exe

C:\Windows\System\bWdEkQA.exe

C:\Windows\System\bWdEkQA.exe

C:\Windows\System\DoRbVLD.exe

C:\Windows\System\DoRbVLD.exe

C:\Windows\System\sKCPwnp.exe

C:\Windows\System\sKCPwnp.exe

C:\Windows\System\dqzkvZG.exe

C:\Windows\System\dqzkvZG.exe

C:\Windows\System\icSIpEI.exe

C:\Windows\System\icSIpEI.exe

C:\Windows\System\XxvdpWh.exe

C:\Windows\System\XxvdpWh.exe

C:\Windows\System\levLgSt.exe

C:\Windows\System\levLgSt.exe

C:\Windows\System\mheLfmM.exe

C:\Windows\System\mheLfmM.exe

C:\Windows\System\lbHzEva.exe

C:\Windows\System\lbHzEva.exe

C:\Windows\System\zyZDvtX.exe

C:\Windows\System\zyZDvtX.exe

C:\Windows\System\gkOjJee.exe

C:\Windows\System\gkOjJee.exe

C:\Windows\System\TpwpXDE.exe

C:\Windows\System\TpwpXDE.exe

C:\Windows\System\vuxFTOY.exe

C:\Windows\System\vuxFTOY.exe

C:\Windows\System\yIgrMvX.exe

C:\Windows\System\yIgrMvX.exe

C:\Windows\System\sMuqjov.exe

C:\Windows\System\sMuqjov.exe

C:\Windows\System\gMxuvaL.exe

C:\Windows\System\gMxuvaL.exe

C:\Windows\System\conuUej.exe

C:\Windows\System\conuUej.exe

C:\Windows\System\zbwUsqV.exe

C:\Windows\System\zbwUsqV.exe

C:\Windows\System\JIKZUoi.exe

C:\Windows\System\JIKZUoi.exe

C:\Windows\System\WMJndJQ.exe

C:\Windows\System\WMJndJQ.exe

C:\Windows\System\BnQonVg.exe

C:\Windows\System\BnQonVg.exe

C:\Windows\System\GbStUhT.exe

C:\Windows\System\GbStUhT.exe

C:\Windows\System\KBThLfN.exe

C:\Windows\System\KBThLfN.exe

C:\Windows\System\kaPYeWG.exe

C:\Windows\System\kaPYeWG.exe

C:\Windows\System\XAhbosG.exe

C:\Windows\System\XAhbosG.exe

C:\Windows\System\DEPwSNc.exe

C:\Windows\System\DEPwSNc.exe

C:\Windows\System\RXbeAzk.exe

C:\Windows\System\RXbeAzk.exe

C:\Windows\System\PzkqJbF.exe

C:\Windows\System\PzkqJbF.exe

C:\Windows\System\iIZUiZR.exe

C:\Windows\System\iIZUiZR.exe

C:\Windows\System\CfbkQoL.exe

C:\Windows\System\CfbkQoL.exe

C:\Windows\System\WFUzPZV.exe

C:\Windows\System\WFUzPZV.exe

C:\Windows\System\LGYfeyX.exe

C:\Windows\System\LGYfeyX.exe

C:\Windows\System\JLCHhAY.exe

C:\Windows\System\JLCHhAY.exe

C:\Windows\System\PApBiNr.exe

C:\Windows\System\PApBiNr.exe

C:\Windows\System\xjqKpyd.exe

C:\Windows\System\xjqKpyd.exe

C:\Windows\System\kQiFNgT.exe

C:\Windows\System\kQiFNgT.exe

C:\Windows\System\cHEQktG.exe

C:\Windows\System\cHEQktG.exe

C:\Windows\System\QgwqFPl.exe

C:\Windows\System\QgwqFPl.exe

C:\Windows\System\QXxNixi.exe

C:\Windows\System\QXxNixi.exe

C:\Windows\System\NDzuQbw.exe

C:\Windows\System\NDzuQbw.exe

C:\Windows\System\zWwMIdx.exe

C:\Windows\System\zWwMIdx.exe

C:\Windows\System\hZaaHSv.exe

C:\Windows\System\hZaaHSv.exe

C:\Windows\System\SSyeIzu.exe

C:\Windows\System\SSyeIzu.exe

C:\Windows\System\zAJcROA.exe

C:\Windows\System\zAJcROA.exe

C:\Windows\System\ZMgnrWR.exe

C:\Windows\System\ZMgnrWR.exe

C:\Windows\System\vSsxmFa.exe

C:\Windows\System\vSsxmFa.exe

C:\Windows\System\atnrdaD.exe

C:\Windows\System\atnrdaD.exe

C:\Windows\System\zmkZBer.exe

C:\Windows\System\zmkZBer.exe

C:\Windows\System\xdEtKDQ.exe

C:\Windows\System\xdEtKDQ.exe

C:\Windows\System\MdHEJiy.exe

C:\Windows\System\MdHEJiy.exe

C:\Windows\System\fgCTawO.exe

C:\Windows\System\fgCTawO.exe

C:\Windows\System\LnkzMRV.exe

C:\Windows\System\LnkzMRV.exe

C:\Windows\System\ovGQSGn.exe

C:\Windows\System\ovGQSGn.exe

C:\Windows\System\PNFfXbx.exe

C:\Windows\System\PNFfXbx.exe

C:\Windows\System\gfoFPJO.exe

C:\Windows\System\gfoFPJO.exe

C:\Windows\System\bmTfiwJ.exe

C:\Windows\System\bmTfiwJ.exe

C:\Windows\System\JrfwbMk.exe

C:\Windows\System\JrfwbMk.exe

C:\Windows\System\pERzzCG.exe

C:\Windows\System\pERzzCG.exe

C:\Windows\System\mHHosgV.exe

C:\Windows\System\mHHosgV.exe

C:\Windows\System\AhZIcrQ.exe

C:\Windows\System\AhZIcrQ.exe

C:\Windows\System\tJfMauC.exe

C:\Windows\System\tJfMauC.exe

C:\Windows\System\FFjPEzD.exe

C:\Windows\System\FFjPEzD.exe

C:\Windows\System\yYDxyza.exe

C:\Windows\System\yYDxyza.exe

C:\Windows\System\ylSSAac.exe

C:\Windows\System\ylSSAac.exe

C:\Windows\System\AgiKoPh.exe

C:\Windows\System\AgiKoPh.exe

C:\Windows\System\xKlngHB.exe

C:\Windows\System\xKlngHB.exe

C:\Windows\System\uUqhSYf.exe

C:\Windows\System\uUqhSYf.exe

C:\Windows\System\qgTWpTs.exe

C:\Windows\System\qgTWpTs.exe

C:\Windows\System\fbhQiVl.exe

C:\Windows\System\fbhQiVl.exe

C:\Windows\System\fMZJMZz.exe

C:\Windows\System\fMZJMZz.exe

C:\Windows\System\HoNCWkw.exe

C:\Windows\System\HoNCWkw.exe

C:\Windows\System\nMpxaEa.exe

C:\Windows\System\nMpxaEa.exe

C:\Windows\System\sEuNZiB.exe

C:\Windows\System\sEuNZiB.exe

C:\Windows\System\FvVXmKj.exe

C:\Windows\System\FvVXmKj.exe

C:\Windows\System\ehKjTRJ.exe

C:\Windows\System\ehKjTRJ.exe

C:\Windows\System\glvlwGH.exe

C:\Windows\System\glvlwGH.exe

C:\Windows\System\bTYoqIO.exe

C:\Windows\System\bTYoqIO.exe

C:\Windows\System\dpUdBHU.exe

C:\Windows\System\dpUdBHU.exe

C:\Windows\System\pMbDGib.exe

C:\Windows\System\pMbDGib.exe

C:\Windows\System\uxSLCsA.exe

C:\Windows\System\uxSLCsA.exe

C:\Windows\System\JgOWhrs.exe

C:\Windows\System\JgOWhrs.exe

C:\Windows\System\sYIRBKm.exe

C:\Windows\System\sYIRBKm.exe

C:\Windows\System\cCRIidR.exe

C:\Windows\System\cCRIidR.exe

C:\Windows\System\pumIrlh.exe

C:\Windows\System\pumIrlh.exe

C:\Windows\System\CCRqNDN.exe

C:\Windows\System\CCRqNDN.exe

C:\Windows\System\MCdkcJL.exe

C:\Windows\System\MCdkcJL.exe

C:\Windows\System\JQkozHu.exe

C:\Windows\System\JQkozHu.exe

C:\Windows\System\VTdtsmJ.exe

C:\Windows\System\VTdtsmJ.exe

C:\Windows\System\MKsTmJY.exe

C:\Windows\System\MKsTmJY.exe

C:\Windows\System\gSievAd.exe

C:\Windows\System\gSievAd.exe

C:\Windows\System\CdgFrca.exe

C:\Windows\System\CdgFrca.exe

C:\Windows\System\hDrvePV.exe

C:\Windows\System\hDrvePV.exe

C:\Windows\System\xpxMWjm.exe

C:\Windows\System\xpxMWjm.exe

C:\Windows\System\YOdyibs.exe

C:\Windows\System\YOdyibs.exe

C:\Windows\System\sDWIyBj.exe

C:\Windows\System\sDWIyBj.exe

C:\Windows\System\NgOKzSZ.exe

C:\Windows\System\NgOKzSZ.exe

C:\Windows\System\zrthStL.exe

C:\Windows\System\zrthStL.exe

C:\Windows\System\ITAuSrh.exe

C:\Windows\System\ITAuSrh.exe

C:\Windows\System\DbzZJCl.exe

C:\Windows\System\DbzZJCl.exe

C:\Windows\System\vmSnKEp.exe

C:\Windows\System\vmSnKEp.exe

C:\Windows\System\ixBibqN.exe

C:\Windows\System\ixBibqN.exe

C:\Windows\System\nPFNnff.exe

C:\Windows\System\nPFNnff.exe

C:\Windows\System\uyXkMMH.exe

C:\Windows\System\uyXkMMH.exe

C:\Windows\System\qYaUUgj.exe

C:\Windows\System\qYaUUgj.exe

C:\Windows\System\QrBFQWs.exe

C:\Windows\System\QrBFQWs.exe

C:\Windows\System\EdlxxDi.exe

C:\Windows\System\EdlxxDi.exe

C:\Windows\System\IzuNugi.exe

C:\Windows\System\IzuNugi.exe

C:\Windows\System\EDiJcwx.exe

C:\Windows\System\EDiJcwx.exe

C:\Windows\System\hzLGrXM.exe

C:\Windows\System\hzLGrXM.exe

C:\Windows\System\OyJocop.exe

C:\Windows\System\OyJocop.exe

C:\Windows\System\gATGifx.exe

C:\Windows\System\gATGifx.exe

C:\Windows\System\uLLDqIn.exe

C:\Windows\System\uLLDqIn.exe

C:\Windows\System\SclOBYD.exe

C:\Windows\System\SclOBYD.exe

C:\Windows\System\AUEZfwY.exe

C:\Windows\System\AUEZfwY.exe

C:\Windows\System\yICXNBk.exe

C:\Windows\System\yICXNBk.exe

C:\Windows\System\MqAWmqK.exe

C:\Windows\System\MqAWmqK.exe

C:\Windows\System\OCJgbNb.exe

C:\Windows\System\OCJgbNb.exe

C:\Windows\System\spKUCxS.exe

C:\Windows\System\spKUCxS.exe

C:\Windows\System\rYdrcjA.exe

C:\Windows\System\rYdrcjA.exe

C:\Windows\System\AoVMAWq.exe

C:\Windows\System\AoVMAWq.exe

C:\Windows\System\hBZkQiu.exe

C:\Windows\System\hBZkQiu.exe

C:\Windows\System\Ixmoehl.exe

C:\Windows\System\Ixmoehl.exe

C:\Windows\System\mZDNjqD.exe

C:\Windows\System\mZDNjqD.exe

C:\Windows\System\eQFynOX.exe

C:\Windows\System\eQFynOX.exe

C:\Windows\System\TgoMiHl.exe

C:\Windows\System\TgoMiHl.exe

C:\Windows\System\YrJaQVK.exe

C:\Windows\System\YrJaQVK.exe

C:\Windows\System\epaUIPP.exe

C:\Windows\System\epaUIPP.exe

C:\Windows\System\ZjjKbGR.exe

C:\Windows\System\ZjjKbGR.exe

C:\Windows\System\OaWkXDi.exe

C:\Windows\System\OaWkXDi.exe

C:\Windows\System\hbArNfg.exe

C:\Windows\System\hbArNfg.exe

C:\Windows\System\wxwhSTo.exe

C:\Windows\System\wxwhSTo.exe

C:\Windows\System\nSNmZgm.exe

C:\Windows\System\nSNmZgm.exe

C:\Windows\System\HkMLXuP.exe

C:\Windows\System\HkMLXuP.exe

C:\Windows\System\AaVTmNN.exe

C:\Windows\System\AaVTmNN.exe

C:\Windows\System\hdPRsyC.exe

C:\Windows\System\hdPRsyC.exe

C:\Windows\System\PaYGqru.exe

C:\Windows\System\PaYGqru.exe

C:\Windows\System\EdGNFks.exe

C:\Windows\System\EdGNFks.exe

C:\Windows\System\mrCHuUx.exe

C:\Windows\System\mrCHuUx.exe

C:\Windows\System\OKJlEzc.exe

C:\Windows\System\OKJlEzc.exe

C:\Windows\System\OeFrAIh.exe

C:\Windows\System\OeFrAIh.exe

C:\Windows\System\Grsqiyy.exe

C:\Windows\System\Grsqiyy.exe

C:\Windows\System\FnSBhCp.exe

C:\Windows\System\FnSBhCp.exe

C:\Windows\System\hOpImPZ.exe

C:\Windows\System\hOpImPZ.exe

C:\Windows\System\fljnZXT.exe

C:\Windows\System\fljnZXT.exe

C:\Windows\System\StHROiV.exe

C:\Windows\System\StHROiV.exe

C:\Windows\System\jMpyvKS.exe

C:\Windows\System\jMpyvKS.exe

C:\Windows\System\DoztWZB.exe

C:\Windows\System\DoztWZB.exe

C:\Windows\System\dJZGNct.exe

C:\Windows\System\dJZGNct.exe

C:\Windows\System\CkjDRys.exe

C:\Windows\System\CkjDRys.exe

C:\Windows\System\smagrfM.exe

C:\Windows\System\smagrfM.exe

C:\Windows\System\MOlKVDB.exe

C:\Windows\System\MOlKVDB.exe

C:\Windows\System\ayzBjLH.exe

C:\Windows\System\ayzBjLH.exe

C:\Windows\System\esdVyIu.exe

C:\Windows\System\esdVyIu.exe

C:\Windows\System\NjNctnr.exe

C:\Windows\System\NjNctnr.exe

C:\Windows\System\QIbFNnA.exe

C:\Windows\System\QIbFNnA.exe

C:\Windows\System\UApiqim.exe

C:\Windows\System\UApiqim.exe

C:\Windows\System\LJesLOq.exe

C:\Windows\System\LJesLOq.exe

C:\Windows\System\UOFuQMt.exe

C:\Windows\System\UOFuQMt.exe

C:\Windows\System\SHvdemL.exe

C:\Windows\System\SHvdemL.exe

C:\Windows\System\BBlIBaN.exe

C:\Windows\System\BBlIBaN.exe

C:\Windows\System\ywdgyRS.exe

C:\Windows\System\ywdgyRS.exe

C:\Windows\System\oZEhseK.exe

C:\Windows\System\oZEhseK.exe

C:\Windows\System\GHORHwJ.exe

C:\Windows\System\GHORHwJ.exe

C:\Windows\System\XIDFqaz.exe

C:\Windows\System\XIDFqaz.exe

C:\Windows\System\UxKPmcT.exe

C:\Windows\System\UxKPmcT.exe

C:\Windows\System\PGcPNhZ.exe

C:\Windows\System\PGcPNhZ.exe

C:\Windows\System\AYVTTlh.exe

C:\Windows\System\AYVTTlh.exe

C:\Windows\System\CzxpMJQ.exe

C:\Windows\System\CzxpMJQ.exe

C:\Windows\System\XshgQoE.exe

C:\Windows\System\XshgQoE.exe

C:\Windows\System\DlsLgSz.exe

C:\Windows\System\DlsLgSz.exe

C:\Windows\System\WNDaDWV.exe

C:\Windows\System\WNDaDWV.exe

C:\Windows\System\SyprWGV.exe

C:\Windows\System\SyprWGV.exe

C:\Windows\System\bAXoLzN.exe

C:\Windows\System\bAXoLzN.exe

C:\Windows\System\vKkNCRM.exe

C:\Windows\System\vKkNCRM.exe

C:\Windows\System\mlChJua.exe

C:\Windows\System\mlChJua.exe

C:\Windows\System\kOWOYYp.exe

C:\Windows\System\kOWOYYp.exe

C:\Windows\System\AfThHOG.exe

C:\Windows\System\AfThHOG.exe

C:\Windows\System\rlcttGA.exe

C:\Windows\System\rlcttGA.exe

C:\Windows\System\DIFZjAZ.exe

C:\Windows\System\DIFZjAZ.exe

C:\Windows\System\qxBLfiL.exe

C:\Windows\System\qxBLfiL.exe

C:\Windows\System\UnZnxQx.exe

C:\Windows\System\UnZnxQx.exe

C:\Windows\System\yBKQBZz.exe

C:\Windows\System\yBKQBZz.exe

C:\Windows\System\ljuommA.exe

C:\Windows\System\ljuommA.exe

C:\Windows\System\BBzEAFt.exe

C:\Windows\System\BBzEAFt.exe

C:\Windows\System\ufNdRCZ.exe

C:\Windows\System\ufNdRCZ.exe

C:\Windows\System\KpPPrYP.exe

C:\Windows\System\KpPPrYP.exe

C:\Windows\System\CktpxWZ.exe

C:\Windows\System\CktpxWZ.exe

C:\Windows\System\arnWkQO.exe

C:\Windows\System\arnWkQO.exe

C:\Windows\System\ZhwzgwG.exe

C:\Windows\System\ZhwzgwG.exe

C:\Windows\System\YNKOnyB.exe

C:\Windows\System\YNKOnyB.exe

C:\Windows\System\NNivOdr.exe

C:\Windows\System\NNivOdr.exe

C:\Windows\System\kCEakWw.exe

C:\Windows\System\kCEakWw.exe

C:\Windows\System\KWDpZHL.exe

C:\Windows\System\KWDpZHL.exe

C:\Windows\System\tREnfgG.exe

C:\Windows\System\tREnfgG.exe

C:\Windows\System\MowemBu.exe

C:\Windows\System\MowemBu.exe

C:\Windows\System\WZWMBHE.exe

C:\Windows\System\WZWMBHE.exe

C:\Windows\System\GIYGZdQ.exe

C:\Windows\System\GIYGZdQ.exe

C:\Windows\System\bWzbHpX.exe

C:\Windows\System\bWzbHpX.exe

C:\Windows\System\mYhcYFJ.exe

C:\Windows\System\mYhcYFJ.exe

C:\Windows\System\KuTkTSJ.exe

C:\Windows\System\KuTkTSJ.exe

C:\Windows\System\ZuVGUME.exe

C:\Windows\System\ZuVGUME.exe

C:\Windows\System\GaXfTzZ.exe

C:\Windows\System\GaXfTzZ.exe

C:\Windows\System\LxVpNLI.exe

C:\Windows\System\LxVpNLI.exe

C:\Windows\System\tMJaMxM.exe

C:\Windows\System\tMJaMxM.exe

C:\Windows\System\VeosCSd.exe

C:\Windows\System\VeosCSd.exe

C:\Windows\System\LyTrgnG.exe

C:\Windows\System\LyTrgnG.exe

C:\Windows\System\XiOhHeZ.exe

C:\Windows\System\XiOhHeZ.exe

C:\Windows\System\nIADiHh.exe

C:\Windows\System\nIADiHh.exe

C:\Windows\System\pKPUqYe.exe

C:\Windows\System\pKPUqYe.exe

C:\Windows\System\WvuLOMD.exe

C:\Windows\System\WvuLOMD.exe

C:\Windows\System\sWrIWsF.exe

C:\Windows\System\sWrIWsF.exe

C:\Windows\System\mFZyZVS.exe

C:\Windows\System\mFZyZVS.exe

C:\Windows\System\gpokGSd.exe

C:\Windows\System\gpokGSd.exe

C:\Windows\System\YLIrgYh.exe

C:\Windows\System\YLIrgYh.exe

C:\Windows\System\pHXnsEu.exe

C:\Windows\System\pHXnsEu.exe

C:\Windows\System\fIVpoBb.exe

C:\Windows\System\fIVpoBb.exe

C:\Windows\System\WvAdSVt.exe

C:\Windows\System\WvAdSVt.exe

C:\Windows\System\hyEulXY.exe

C:\Windows\System\hyEulXY.exe

C:\Windows\System\AzgrWcP.exe

C:\Windows\System\AzgrWcP.exe

C:\Windows\System\oOcKRfi.exe

C:\Windows\System\oOcKRfi.exe

C:\Windows\System\MfPfxlQ.exe

C:\Windows\System\MfPfxlQ.exe

C:\Windows\System\QnCjlzK.exe

C:\Windows\System\QnCjlzK.exe

C:\Windows\System\KzxmcAe.exe

C:\Windows\System\KzxmcAe.exe

C:\Windows\System\dkghwfb.exe

C:\Windows\System\dkghwfb.exe

C:\Windows\System\yiEieMR.exe

C:\Windows\System\yiEieMR.exe

C:\Windows\System\cpUduNV.exe

C:\Windows\System\cpUduNV.exe

C:\Windows\System\yooHsxE.exe

C:\Windows\System\yooHsxE.exe

C:\Windows\System\cbKGlbx.exe

C:\Windows\System\cbKGlbx.exe

C:\Windows\System\dtEoXnL.exe

C:\Windows\System\dtEoXnL.exe

C:\Windows\System\UqKJlWD.exe

C:\Windows\System\UqKJlWD.exe

C:\Windows\System\oYfGbuy.exe

C:\Windows\System\oYfGbuy.exe

C:\Windows\System\dpheOLE.exe

C:\Windows\System\dpheOLE.exe

C:\Windows\System\bamMfeT.exe

C:\Windows\System\bamMfeT.exe

C:\Windows\System\wmbMAtf.exe

C:\Windows\System\wmbMAtf.exe

C:\Windows\System\OsTBnsh.exe

C:\Windows\System\OsTBnsh.exe

C:\Windows\System\iqazniy.exe

C:\Windows\System\iqazniy.exe

C:\Windows\System\ZAveoRU.exe

C:\Windows\System\ZAveoRU.exe

C:\Windows\System\NHiAruY.exe

C:\Windows\System\NHiAruY.exe

C:\Windows\System\eVGEYQC.exe

C:\Windows\System\eVGEYQC.exe

C:\Windows\System\yYQnIIm.exe

C:\Windows\System\yYQnIIm.exe

C:\Windows\System\gvvitYl.exe

C:\Windows\System\gvvitYl.exe

C:\Windows\System\JJdOdGW.exe

C:\Windows\System\JJdOdGW.exe

C:\Windows\System\MxFFlSj.exe

C:\Windows\System\MxFFlSj.exe

C:\Windows\System\KqZKHdY.exe

C:\Windows\System\KqZKHdY.exe

C:\Windows\System\sDZmIcx.exe

C:\Windows\System\sDZmIcx.exe

C:\Windows\System\OqsFurE.exe

C:\Windows\System\OqsFurE.exe

C:\Windows\System\DJTKqpm.exe

C:\Windows\System\DJTKqpm.exe

C:\Windows\System\wYFsBtq.exe

C:\Windows\System\wYFsBtq.exe

C:\Windows\System\oCXnUBP.exe

C:\Windows\System\oCXnUBP.exe

C:\Windows\System\UskHmsz.exe

C:\Windows\System\UskHmsz.exe

C:\Windows\System\QAlWVhY.exe

C:\Windows\System\QAlWVhY.exe

C:\Windows\System\PDjfdFI.exe

C:\Windows\System\PDjfdFI.exe

C:\Windows\System\BUhOCRs.exe

C:\Windows\System\BUhOCRs.exe

C:\Windows\System\FBREqxM.exe

C:\Windows\System\FBREqxM.exe

C:\Windows\System\XMZKaHF.exe

C:\Windows\System\XMZKaHF.exe

C:\Windows\System\lBpuZvJ.exe

C:\Windows\System\lBpuZvJ.exe

C:\Windows\System\eyvTuNV.exe

C:\Windows\System\eyvTuNV.exe

C:\Windows\System\MrwqWyO.exe

C:\Windows\System\MrwqWyO.exe

C:\Windows\System\pzGpdJM.exe

C:\Windows\System\pzGpdJM.exe

C:\Windows\System\xUUbAGG.exe

C:\Windows\System\xUUbAGG.exe

C:\Windows\System\srPtNnv.exe

C:\Windows\System\srPtNnv.exe

C:\Windows\System\iCQdXLp.exe

C:\Windows\System\iCQdXLp.exe

C:\Windows\System\uRMuNcz.exe

C:\Windows\System\uRMuNcz.exe

C:\Windows\System\dtyIxmx.exe

C:\Windows\System\dtyIxmx.exe

C:\Windows\System\AJmpTaT.exe

C:\Windows\System\AJmpTaT.exe

C:\Windows\System\FTcmNLv.exe

C:\Windows\System\FTcmNLv.exe

C:\Windows\System\eUgWohz.exe

C:\Windows\System\eUgWohz.exe

C:\Windows\System\VinyeYT.exe

C:\Windows\System\VinyeYT.exe

C:\Windows\System\SrEicxZ.exe

C:\Windows\System\SrEicxZ.exe

C:\Windows\System\BSJfuPg.exe

C:\Windows\System\BSJfuPg.exe

C:\Windows\System\uCUOhZH.exe

C:\Windows\System\uCUOhZH.exe

C:\Windows\System\GdVmQfs.exe

C:\Windows\System\GdVmQfs.exe

C:\Windows\System\dowaJdn.exe

C:\Windows\System\dowaJdn.exe

C:\Windows\System\wwKfqRW.exe

C:\Windows\System\wwKfqRW.exe

C:\Windows\System\OdYMEtB.exe

C:\Windows\System\OdYMEtB.exe

C:\Windows\System\YCcUtdw.exe

C:\Windows\System\YCcUtdw.exe

C:\Windows\System\vwWAsGx.exe

C:\Windows\System\vwWAsGx.exe

C:\Windows\System\qcRzZYC.exe

C:\Windows\System\qcRzZYC.exe

C:\Windows\System\WGYgwll.exe

C:\Windows\System\WGYgwll.exe

C:\Windows\System\ixPNhPR.exe

C:\Windows\System\ixPNhPR.exe

C:\Windows\System\beBrmmH.exe

C:\Windows\System\beBrmmH.exe

C:\Windows\System\TMLXZUL.exe

C:\Windows\System\TMLXZUL.exe

C:\Windows\System\EvrDHpZ.exe

C:\Windows\System\EvrDHpZ.exe

C:\Windows\System\KcRIkfj.exe

C:\Windows\System\KcRIkfj.exe

C:\Windows\System\UEkqwtA.exe

C:\Windows\System\UEkqwtA.exe

C:\Windows\System\OROGBCz.exe

C:\Windows\System\OROGBCz.exe

C:\Windows\System\WlfGmSf.exe

C:\Windows\System\WlfGmSf.exe

C:\Windows\System\cuXvYoH.exe

C:\Windows\System\cuXvYoH.exe

C:\Windows\System\rwphltt.exe

C:\Windows\System\rwphltt.exe

C:\Windows\System\OAcImNa.exe

C:\Windows\System\OAcImNa.exe

C:\Windows\System\YNfHhlk.exe

C:\Windows\System\YNfHhlk.exe

C:\Windows\System\WjMwcjn.exe

C:\Windows\System\WjMwcjn.exe

C:\Windows\System\xTaEGad.exe

C:\Windows\System\xTaEGad.exe

C:\Windows\System\qSdJBdp.exe

C:\Windows\System\qSdJBdp.exe

C:\Windows\System\nrOkQPF.exe

C:\Windows\System\nrOkQPF.exe

C:\Windows\System\LRgjNtN.exe

C:\Windows\System\LRgjNtN.exe

C:\Windows\System\UFyqIZj.exe

C:\Windows\System\UFyqIZj.exe

C:\Windows\System\RfGNMNQ.exe

C:\Windows\System\RfGNMNQ.exe

C:\Windows\System\nDNRuAk.exe

C:\Windows\System\nDNRuAk.exe

C:\Windows\System\jXlwfsj.exe

C:\Windows\System\jXlwfsj.exe

C:\Windows\System\SDLcbDi.exe

C:\Windows\System\SDLcbDi.exe

C:\Windows\System\QJJsvpX.exe

C:\Windows\System\QJJsvpX.exe

C:\Windows\System\iIVyJor.exe

C:\Windows\System\iIVyJor.exe

C:\Windows\System\fsUYEpo.exe

C:\Windows\System\fsUYEpo.exe

C:\Windows\System\MnVshMR.exe

C:\Windows\System\MnVshMR.exe

C:\Windows\System\OvGOSeH.exe

C:\Windows\System\OvGOSeH.exe

C:\Windows\System\nnsOtuR.exe

C:\Windows\System\nnsOtuR.exe

C:\Windows\System\muDTSmZ.exe

C:\Windows\System\muDTSmZ.exe

C:\Windows\System\cKgIwMI.exe

C:\Windows\System\cKgIwMI.exe

C:\Windows\System\aYMEmsJ.exe

C:\Windows\System\aYMEmsJ.exe

C:\Windows\System\PaZnShi.exe

C:\Windows\System\PaZnShi.exe

C:\Windows\System\TrcjHqJ.exe

C:\Windows\System\TrcjHqJ.exe

C:\Windows\System\HijEvzS.exe

C:\Windows\System\HijEvzS.exe

C:\Windows\System\YJRydFR.exe

C:\Windows\System\YJRydFR.exe

C:\Windows\System\DUPUBzj.exe

C:\Windows\System\DUPUBzj.exe

C:\Windows\System\ZMGCRcL.exe

C:\Windows\System\ZMGCRcL.exe

C:\Windows\System\xOeJWjN.exe

C:\Windows\System\xOeJWjN.exe

C:\Windows\System\DAikbqz.exe

C:\Windows\System\DAikbqz.exe

C:\Windows\System\kxZIbNM.exe

C:\Windows\System\kxZIbNM.exe

C:\Windows\System\puatAlY.exe

C:\Windows\System\puatAlY.exe

C:\Windows\System\ICJLOGK.exe

C:\Windows\System\ICJLOGK.exe

C:\Windows\System\OLMpeEA.exe

C:\Windows\System\OLMpeEA.exe

C:\Windows\System\fHiVjpG.exe

C:\Windows\System\fHiVjpG.exe

C:\Windows\System\yMdoiuE.exe

C:\Windows\System\yMdoiuE.exe

C:\Windows\System\mcffmPY.exe

C:\Windows\System\mcffmPY.exe

C:\Windows\System\znSYaYH.exe

C:\Windows\System\znSYaYH.exe

C:\Windows\System\deWESgD.exe

C:\Windows\System\deWESgD.exe

C:\Windows\System\GvaJsnQ.exe

C:\Windows\System\GvaJsnQ.exe

C:\Windows\System\TDZCQTT.exe

C:\Windows\System\TDZCQTT.exe

C:\Windows\System\PHVFdbA.exe

C:\Windows\System\PHVFdbA.exe

C:\Windows\System\ZXZBLyP.exe

C:\Windows\System\ZXZBLyP.exe

C:\Windows\System\CNHhkie.exe

C:\Windows\System\CNHhkie.exe

C:\Windows\System\DTQgPaX.exe

C:\Windows\System\DTQgPaX.exe

C:\Windows\System\keCkANV.exe

C:\Windows\System\keCkANV.exe

C:\Windows\System\fLaeQdE.exe

C:\Windows\System\fLaeQdE.exe

C:\Windows\System\oxWtgMO.exe

C:\Windows\System\oxWtgMO.exe

C:\Windows\System\uLbVvUl.exe

C:\Windows\System\uLbVvUl.exe

C:\Windows\System\FAbyIcU.exe

C:\Windows\System\FAbyIcU.exe

C:\Windows\System\ShUKulZ.exe

C:\Windows\System\ShUKulZ.exe

C:\Windows\System\TjxTzPx.exe

C:\Windows\System\TjxTzPx.exe

C:\Windows\System\kiEhKOS.exe

C:\Windows\System\kiEhKOS.exe

C:\Windows\System\dOkAZDT.exe

C:\Windows\System\dOkAZDT.exe

C:\Windows\System\CImRFTi.exe

C:\Windows\System\CImRFTi.exe

C:\Windows\System\MtOwwml.exe

C:\Windows\System\MtOwwml.exe

C:\Windows\System\xedeQpm.exe

C:\Windows\System\xedeQpm.exe

C:\Windows\System\JQSwLds.exe

C:\Windows\System\JQSwLds.exe

C:\Windows\System\CUpAWTQ.exe

C:\Windows\System\CUpAWTQ.exe

C:\Windows\System\YPhcxJA.exe

C:\Windows\System\YPhcxJA.exe

C:\Windows\System\kjNgwpJ.exe

C:\Windows\System\kjNgwpJ.exe

C:\Windows\System\pTUuEDB.exe

C:\Windows\System\pTUuEDB.exe

C:\Windows\System\NZUqZBm.exe

C:\Windows\System\NZUqZBm.exe

C:\Windows\System\CiiwiCx.exe

C:\Windows\System\CiiwiCx.exe

C:\Windows\System\NrgBXdM.exe

C:\Windows\System\NrgBXdM.exe

C:\Windows\System\EJIWiix.exe

C:\Windows\System\EJIWiix.exe

C:\Windows\System\CbQMFEw.exe

C:\Windows\System\CbQMFEw.exe

C:\Windows\System\pLrARdB.exe

C:\Windows\System\pLrARdB.exe

C:\Windows\System\cvXVpOB.exe

C:\Windows\System\cvXVpOB.exe

C:\Windows\System\tjrvsjL.exe

C:\Windows\System\tjrvsjL.exe

C:\Windows\System\mpoJzZl.exe

C:\Windows\System\mpoJzZl.exe

C:\Windows\System\MoPLssJ.exe

C:\Windows\System\MoPLssJ.exe

C:\Windows\System\mcsBBcH.exe

C:\Windows\System\mcsBBcH.exe

C:\Windows\System\JmFivZs.exe

C:\Windows\System\JmFivZs.exe

C:\Windows\System\cPJzYqk.exe

C:\Windows\System\cPJzYqk.exe

C:\Windows\System\IQGkqhA.exe

C:\Windows\System\IQGkqhA.exe

C:\Windows\System\egzFuKJ.exe

C:\Windows\System\egzFuKJ.exe

C:\Windows\System\UrLKVni.exe

C:\Windows\System\UrLKVni.exe

C:\Windows\System\RBtAXoy.exe

C:\Windows\System\RBtAXoy.exe

C:\Windows\System\CbLNaCR.exe

C:\Windows\System\CbLNaCR.exe

C:\Windows\System\xomURWs.exe

C:\Windows\System\xomURWs.exe

C:\Windows\System\XRfFoOJ.exe

C:\Windows\System\XRfFoOJ.exe

C:\Windows\System\vVJAsxL.exe

C:\Windows\System\vVJAsxL.exe

C:\Windows\System\QkLNQeK.exe

C:\Windows\System\QkLNQeK.exe

C:\Windows\System\nXUySFI.exe

C:\Windows\System\nXUySFI.exe

C:\Windows\System\rWaoyQC.exe

C:\Windows\System\rWaoyQC.exe

C:\Windows\System\GVXDMFt.exe

C:\Windows\System\GVXDMFt.exe

C:\Windows\System\ZnKrqbC.exe

C:\Windows\System\ZnKrqbC.exe

C:\Windows\System\jaKhkPR.exe

C:\Windows\System\jaKhkPR.exe

C:\Windows\System\opWFJft.exe

C:\Windows\System\opWFJft.exe

C:\Windows\System\rxsQsfi.exe

C:\Windows\System\rxsQsfi.exe

C:\Windows\System\EBLbwiW.exe

C:\Windows\System\EBLbwiW.exe

C:\Windows\System\wDHTHyw.exe

C:\Windows\System\wDHTHyw.exe

C:\Windows\System\mhJRATz.exe

C:\Windows\System\mhJRATz.exe

C:\Windows\System\FZVSNQm.exe

C:\Windows\System\FZVSNQm.exe

C:\Windows\System\dinwIcF.exe

C:\Windows\System\dinwIcF.exe

C:\Windows\System\XvdISNM.exe

C:\Windows\System\XvdISNM.exe

C:\Windows\System\fekfzrE.exe

C:\Windows\System\fekfzrE.exe

C:\Windows\System\eTpfhOo.exe

C:\Windows\System\eTpfhOo.exe

C:\Windows\System\MNTODCy.exe

C:\Windows\System\MNTODCy.exe

C:\Windows\System\ukTZbXj.exe

C:\Windows\System\ukTZbXj.exe

C:\Windows\System\JEDYlPV.exe

C:\Windows\System\JEDYlPV.exe

C:\Windows\System\ztxZBoh.exe

C:\Windows\System\ztxZBoh.exe

C:\Windows\System\fsZFxYx.exe

C:\Windows\System\fsZFxYx.exe

C:\Windows\System\UfaAxzn.exe

C:\Windows\System\UfaAxzn.exe

C:\Windows\System\dtiUlXb.exe

C:\Windows\System\dtiUlXb.exe

C:\Windows\System\tzwOdaz.exe

C:\Windows\System\tzwOdaz.exe

C:\Windows\System\VIBNAux.exe

C:\Windows\System\VIBNAux.exe

C:\Windows\System\ShANUXY.exe

C:\Windows\System\ShANUXY.exe

C:\Windows\System\VSMSkef.exe

C:\Windows\System\VSMSkef.exe

C:\Windows\System\PUYuNhS.exe

C:\Windows\System\PUYuNhS.exe

C:\Windows\System\dXDoMeu.exe

C:\Windows\System\dXDoMeu.exe

C:\Windows\System\sWReweq.exe

C:\Windows\System\sWReweq.exe

C:\Windows\System\RCQSijX.exe

C:\Windows\System\RCQSijX.exe

C:\Windows\System\uSWFvHB.exe

C:\Windows\System\uSWFvHB.exe

C:\Windows\System\rxpYpsu.exe

C:\Windows\System\rxpYpsu.exe

C:\Windows\System\MjugHci.exe

C:\Windows\System\MjugHci.exe

C:\Windows\System\FEtDssh.exe

C:\Windows\System\FEtDssh.exe

C:\Windows\System\xJflvGC.exe

C:\Windows\System\xJflvGC.exe

C:\Windows\System\yvcnnJQ.exe

C:\Windows\System\yvcnnJQ.exe

C:\Windows\System\sLPnhGN.exe

C:\Windows\System\sLPnhGN.exe

C:\Windows\System\LrVwyvj.exe

C:\Windows\System\LrVwyvj.exe

C:\Windows\System\whAXttz.exe

C:\Windows\System\whAXttz.exe

C:\Windows\System\onfRNyd.exe

C:\Windows\System\onfRNyd.exe

C:\Windows\System\iCeqqyC.exe

C:\Windows\System\iCeqqyC.exe

C:\Windows\System\MGEUKKG.exe

C:\Windows\System\MGEUKKG.exe

C:\Windows\System\PQaGawW.exe

C:\Windows\System\PQaGawW.exe

C:\Windows\System\TxRgcdN.exe

C:\Windows\System\TxRgcdN.exe

C:\Windows\System\YvxLrUk.exe

C:\Windows\System\YvxLrUk.exe

C:\Windows\System\hpAcEDi.exe

C:\Windows\System\hpAcEDi.exe

C:\Windows\System\iyIbXhg.exe

C:\Windows\System\iyIbXhg.exe

C:\Windows\System\GslRGdf.exe

C:\Windows\System\GslRGdf.exe

C:\Windows\System\qjhYhuD.exe

C:\Windows\System\qjhYhuD.exe

C:\Windows\System\BVSjmQZ.exe

C:\Windows\System\BVSjmQZ.exe

C:\Windows\System\stzTeUY.exe

C:\Windows\System\stzTeUY.exe

C:\Windows\System\UWTzxHP.exe

C:\Windows\System\UWTzxHP.exe

C:\Windows\System\NwsKJBj.exe

C:\Windows\System\NwsKJBj.exe

C:\Windows\System\oAVfqOl.exe

C:\Windows\System\oAVfqOl.exe

C:\Windows\System\jcTKSHM.exe

C:\Windows\System\jcTKSHM.exe

C:\Windows\System\vNFUERZ.exe

C:\Windows\System\vNFUERZ.exe

C:\Windows\System\ebbCXNT.exe

C:\Windows\System\ebbCXNT.exe

C:\Windows\System\ZGOpMLi.exe

C:\Windows\System\ZGOpMLi.exe

C:\Windows\System\qNdGiAc.exe

C:\Windows\System\qNdGiAc.exe

C:\Windows\System\ldCmNIc.exe

C:\Windows\System\ldCmNIc.exe

C:\Windows\System\kKQmEwI.exe

C:\Windows\System\kKQmEwI.exe

C:\Windows\System\eIkATki.exe

C:\Windows\System\eIkATki.exe

C:\Windows\System\ssgRHvJ.exe

C:\Windows\System\ssgRHvJ.exe

C:\Windows\System\LOWlysE.exe

C:\Windows\System\LOWlysE.exe

C:\Windows\System\srEUAjP.exe

C:\Windows\System\srEUAjP.exe

C:\Windows\System\uxmWZqv.exe

C:\Windows\System\uxmWZqv.exe

C:\Windows\System\ZbgAziB.exe

C:\Windows\System\ZbgAziB.exe

C:\Windows\System\irRNnwN.exe

C:\Windows\System\irRNnwN.exe

C:\Windows\System\FjzRlyE.exe

C:\Windows\System\FjzRlyE.exe

C:\Windows\System\ejDrvNX.exe

C:\Windows\System\ejDrvNX.exe

C:\Windows\System\hTSOfWR.exe

C:\Windows\System\hTSOfWR.exe

C:\Windows\System\cbhNOaS.exe

C:\Windows\System\cbhNOaS.exe

C:\Windows\System\WvtdhWB.exe

C:\Windows\System\WvtdhWB.exe

C:\Windows\System\jWGMAqD.exe

C:\Windows\System\jWGMAqD.exe

C:\Windows\System\pnZjsEK.exe

C:\Windows\System\pnZjsEK.exe

C:\Windows\System\AItWyLd.exe

C:\Windows\System\AItWyLd.exe

C:\Windows\System\qVXfUjR.exe

C:\Windows\System\qVXfUjR.exe

C:\Windows\System\IosxJGO.exe

C:\Windows\System\IosxJGO.exe

C:\Windows\System\SwNDBnG.exe

C:\Windows\System\SwNDBnG.exe

C:\Windows\System\POALLgR.exe

C:\Windows\System\POALLgR.exe

C:\Windows\System\WDHeCgo.exe

C:\Windows\System\WDHeCgo.exe

C:\Windows\System\HKpjuNH.exe

C:\Windows\System\HKpjuNH.exe

C:\Windows\System\UWoauBN.exe

C:\Windows\System\UWoauBN.exe

C:\Windows\System\brxUWSr.exe

C:\Windows\System\brxUWSr.exe

C:\Windows\System\SDdoMqj.exe

C:\Windows\System\SDdoMqj.exe

C:\Windows\System\RComfdn.exe

C:\Windows\System\RComfdn.exe

C:\Windows\System\zYFwyhD.exe

C:\Windows\System\zYFwyhD.exe

C:\Windows\System\UQZKEyE.exe

C:\Windows\System\UQZKEyE.exe

C:\Windows\System\JuMepwL.exe

C:\Windows\System\JuMepwL.exe

C:\Windows\System\zHJfoyI.exe

C:\Windows\System\zHJfoyI.exe

C:\Windows\System\XbWdOGb.exe

C:\Windows\System\XbWdOGb.exe

C:\Windows\System\mwoLpAc.exe

C:\Windows\System\mwoLpAc.exe

C:\Windows\System\TiRcIbs.exe

C:\Windows\System\TiRcIbs.exe

C:\Windows\System\MzSRqad.exe

C:\Windows\System\MzSRqad.exe

C:\Windows\System\jjSejBF.exe

C:\Windows\System\jjSejBF.exe

C:\Windows\System\ErGKawg.exe

C:\Windows\System\ErGKawg.exe

C:\Windows\System\MGIUYiD.exe

C:\Windows\System\MGIUYiD.exe

C:\Windows\System\aPNsbnu.exe

C:\Windows\System\aPNsbnu.exe

C:\Windows\System\zEZtPRH.exe

C:\Windows\System\zEZtPRH.exe

C:\Windows\System\GPbGUZI.exe

C:\Windows\System\GPbGUZI.exe

C:\Windows\System\QoihxCU.exe

C:\Windows\System\QoihxCU.exe

C:\Windows\System\rVpxeJY.exe

C:\Windows\System\rVpxeJY.exe

C:\Windows\System\kPmIOtq.exe

C:\Windows\System\kPmIOtq.exe

C:\Windows\System\lLXUpur.exe

C:\Windows\System\lLXUpur.exe

C:\Windows\System\IqrYQcA.exe

C:\Windows\System\IqrYQcA.exe

C:\Windows\System\JlbcMxo.exe

C:\Windows\System\JlbcMxo.exe

C:\Windows\System\tCExcAy.exe

C:\Windows\System\tCExcAy.exe

C:\Windows\System\DrtlMss.exe

C:\Windows\System\DrtlMss.exe

C:\Windows\System\JHwXkdM.exe

C:\Windows\System\JHwXkdM.exe

C:\Windows\System\BscGrIF.exe

C:\Windows\System\BscGrIF.exe

C:\Windows\System\KJVnNFR.exe

C:\Windows\System\KJVnNFR.exe

C:\Windows\System\cCJwNtu.exe

C:\Windows\System\cCJwNtu.exe

C:\Windows\System\PAvMfgr.exe

C:\Windows\System\PAvMfgr.exe

C:\Windows\System\fnYILzk.exe

C:\Windows\System\fnYILzk.exe

C:\Windows\System\hQSQPMp.exe

C:\Windows\System\hQSQPMp.exe

C:\Windows\System\UyrizIH.exe

C:\Windows\System\UyrizIH.exe

C:\Windows\System\KwTpRtP.exe

C:\Windows\System\KwTpRtP.exe

C:\Windows\System\uQYLSTJ.exe

C:\Windows\System\uQYLSTJ.exe

C:\Windows\System\QtDDynA.exe

C:\Windows\System\QtDDynA.exe

C:\Windows\System\zgWvtsS.exe

C:\Windows\System\zgWvtsS.exe

C:\Windows\System\YKHfhtL.exe

C:\Windows\System\YKHfhtL.exe

C:\Windows\System\PiIaJam.exe

C:\Windows\System\PiIaJam.exe

C:\Windows\System\XXtzmuT.exe

C:\Windows\System\XXtzmuT.exe

C:\Windows\System\rdWGBad.exe

C:\Windows\System\rdWGBad.exe

C:\Windows\System\MUlxuAI.exe

C:\Windows\System\MUlxuAI.exe

C:\Windows\System\tfpjDSx.exe

C:\Windows\System\tfpjDSx.exe

C:\Windows\System\anxDBEg.exe

C:\Windows\System\anxDBEg.exe

C:\Windows\System\vFmyqxZ.exe

C:\Windows\System\vFmyqxZ.exe

C:\Windows\System\BlkpsFs.exe

C:\Windows\System\BlkpsFs.exe

C:\Windows\System\qMgBLnN.exe

C:\Windows\System\qMgBLnN.exe

C:\Windows\System\qwCjvYk.exe

C:\Windows\System\qwCjvYk.exe

C:\Windows\System\ykXMIjX.exe

C:\Windows\System\ykXMIjX.exe

C:\Windows\System\oBFmZXz.exe

C:\Windows\System\oBFmZXz.exe

C:\Windows\System\EYZNxMH.exe

C:\Windows\System\EYZNxMH.exe

C:\Windows\System\DlzlMfc.exe

C:\Windows\System\DlzlMfc.exe

C:\Windows\System\iGSJnRB.exe

C:\Windows\System\iGSJnRB.exe

C:\Windows\System\PhyKsid.exe

C:\Windows\System\PhyKsid.exe

C:\Windows\System\MUSsXHe.exe

C:\Windows\System\MUSsXHe.exe

C:\Windows\System\flxMJhI.exe

C:\Windows\System\flxMJhI.exe

C:\Windows\System\aVeUoem.exe

C:\Windows\System\aVeUoem.exe

C:\Windows\System\jbLQyHr.exe

C:\Windows\System\jbLQyHr.exe

C:\Windows\System\LYwbhen.exe

C:\Windows\System\LYwbhen.exe

C:\Windows\System\PiwYQuQ.exe

C:\Windows\System\PiwYQuQ.exe

C:\Windows\System\jcjMyIb.exe

C:\Windows\System\jcjMyIb.exe

C:\Windows\System\RovIetz.exe

C:\Windows\System\RovIetz.exe

C:\Windows\System\XciLHSG.exe

C:\Windows\System\XciLHSG.exe

C:\Windows\System\pSaDnTv.exe

C:\Windows\System\pSaDnTv.exe

C:\Windows\System\SksAZAI.exe

C:\Windows\System\SksAZAI.exe

C:\Windows\System\tUienvj.exe

C:\Windows\System\tUienvj.exe

C:\Windows\System\BaZgayC.exe

C:\Windows\System\BaZgayC.exe

C:\Windows\System\CVckuav.exe

C:\Windows\System\CVckuav.exe

C:\Windows\System\llAxHDc.exe

C:\Windows\System\llAxHDc.exe

C:\Windows\System\TKUCXSL.exe

C:\Windows\System\TKUCXSL.exe

C:\Windows\System\OVkUPou.exe

C:\Windows\System\OVkUPou.exe

C:\Windows\System\BRIgNcN.exe

C:\Windows\System\BRIgNcN.exe

C:\Windows\System\JECZofs.exe

C:\Windows\System\JECZofs.exe

C:\Windows\System\Dfeccue.exe

C:\Windows\System\Dfeccue.exe

C:\Windows\System\KTnrrSp.exe

C:\Windows\System\KTnrrSp.exe

C:\Windows\System\qJhlvwl.exe

C:\Windows\System\qJhlvwl.exe

C:\Windows\System\riFHymp.exe

C:\Windows\System\riFHymp.exe

C:\Windows\System\OQuviwj.exe

C:\Windows\System\OQuviwj.exe

C:\Windows\System\ITOWUSs.exe

C:\Windows\System\ITOWUSs.exe

C:\Windows\System\MSjhbpL.exe

C:\Windows\System\MSjhbpL.exe

C:\Windows\System\OeSQuui.exe

C:\Windows\System\OeSQuui.exe

C:\Windows\System\JCMxhtn.exe

C:\Windows\System\JCMxhtn.exe

C:\Windows\System\uVEQrEM.exe

C:\Windows\System\uVEQrEM.exe

C:\Windows\System\BOOmjoh.exe

C:\Windows\System\BOOmjoh.exe

C:\Windows\System\ToFtAEQ.exe

C:\Windows\System\ToFtAEQ.exe

C:\Windows\System\FWJFsmM.exe

C:\Windows\System\FWJFsmM.exe

C:\Windows\System\ABLRcuq.exe

C:\Windows\System\ABLRcuq.exe

C:\Windows\System\BbvIDZb.exe

C:\Windows\System\BbvIDZb.exe

C:\Windows\System\TvMhdYo.exe

C:\Windows\System\TvMhdYo.exe

C:\Windows\System\WbpBnpE.exe

C:\Windows\System\WbpBnpE.exe

C:\Windows\System\YOoUHLe.exe

C:\Windows\System\YOoUHLe.exe

C:\Windows\System\UlpuKfF.exe

C:\Windows\System\UlpuKfF.exe

C:\Windows\System\OATocbh.exe

C:\Windows\System\OATocbh.exe

C:\Windows\System\XliDRJZ.exe

C:\Windows\System\XliDRJZ.exe

C:\Windows\System\deErblq.exe

C:\Windows\System\deErblq.exe

C:\Windows\System\RJRIxwx.exe

C:\Windows\System\RJRIxwx.exe

C:\Windows\System\udOBXUx.exe

C:\Windows\System\udOBXUx.exe

C:\Windows\System\DdTuzrX.exe

C:\Windows\System\DdTuzrX.exe

C:\Windows\System\TXgOLyf.exe

C:\Windows\System\TXgOLyf.exe

C:\Windows\System\JOVyOSw.exe

C:\Windows\System\JOVyOSw.exe

C:\Windows\System\FXGvyBE.exe

C:\Windows\System\FXGvyBE.exe

C:\Windows\System\aDAXsJN.exe

C:\Windows\System\aDAXsJN.exe

C:\Windows\System\bScBFjO.exe

C:\Windows\System\bScBFjO.exe

C:\Windows\System\ocaUzoR.exe

C:\Windows\System\ocaUzoR.exe

C:\Windows\System\sYJCmBI.exe

C:\Windows\System\sYJCmBI.exe

C:\Windows\System\ZTcyHek.exe

C:\Windows\System\ZTcyHek.exe

C:\Windows\System\nYPNdQi.exe

C:\Windows\System\nYPNdQi.exe

C:\Windows\System\xvBumTG.exe

C:\Windows\System\xvBumTG.exe

C:\Windows\System\YEUdCBj.exe

C:\Windows\System\YEUdCBj.exe

C:\Windows\System\amMaBkH.exe

C:\Windows\System\amMaBkH.exe

C:\Windows\System\fAFXDjO.exe

C:\Windows\System\fAFXDjO.exe

C:\Windows\System\zDsjIKR.exe

C:\Windows\System\zDsjIKR.exe

C:\Windows\System\WRCOaCn.exe

C:\Windows\System\WRCOaCn.exe

C:\Windows\System\vbeRELm.exe

C:\Windows\System\vbeRELm.exe

C:\Windows\System\VoXfRDS.exe

C:\Windows\System\VoXfRDS.exe

C:\Windows\System\fMiGNvr.exe

C:\Windows\System\fMiGNvr.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2236-1-0x00000000002F0000-0x0000000000300000-memory.dmp

memory/2236-0-0x000000013FB20000-0x000000013FF12000-memory.dmp

\Windows\system\TbfHaTH.exe

MD5 84fd5b311f95219b219feb64e7f369a6
SHA1 9273be0ca90a3d902896b32f68ec8c4ff1857e00
SHA256 37d9cf38cb79e916ca646add95119e85f35d19702eecd19236b5698eef3eeb55
SHA512 62c3f1b8a0cf9d9a2f00e169522e02f970d56b86cf323b308df5d3af68daec64b14c396089db8fb3ba4c85ba77868c645abd305e824cea8a455509ba64b17415

memory/2236-8-0x00000000031B0000-0x00000000035A2000-memory.dmp

memory/2772-9-0x000000013FE50000-0x0000000140242000-memory.dmp

C:\Windows\system\KrgxOYj.exe

MD5 96aa0c59d0eacd4d4ae72ed35933f09e
SHA1 75d3b3753a62b2d09602d15c839291792d3e00e5
SHA256 4d3449cd8479488661f7babc269fdd4b05eb5f6fe65ef603e1a8191b4b585e19
SHA512 281477a874db4c7c248e8de36994eea9b6edc929c4a82f280dcc7b07eb376b9c8c4a1a8b9f360c9276094418b4e6260675315df4695a940f4bcc3d63ec9f51d7

C:\Windows\system\mKhSUBD.exe

MD5 ae027202e6e9f7752ab1f9a40fca4283
SHA1 9023f46698974801b338d07332f2a4b4585b48c2
SHA256 96ac98efe2767f05c32eaccb7d7461f163c2439087a54442bc5607c18b42565f
SHA512 f368224540ab54999f94811ff8b30bd48aeaa5486d4a553ddf07734a44f4238722cd2f423be356f76309bee8cf24d105614d8d7043a2195496918988500416ec

memory/2236-22-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2216-28-0x000007FEF5D7E000-0x000007FEF5D7F000-memory.dmp

\Windows\system\WlSdRiu.exe

MD5 e6709d63a722d6cb507211ef31289b4e
SHA1 6e5d0d5bf0ea041c26bf705357d2517eed80438d
SHA256 ecc5853bbd5cfecd68ec1248a2e4572f40bdeaf0c4408f20344445b2f2c88ff2
SHA512 482aa6db565d517fdf846f5496faa9204a0f01000d07b9c85819b8615a043e49929c53d071cd5cb6ed75388aaab023725c08cae545cb4cdfb1e2fb0eecb7e572

C:\Windows\system\GHGbMgy.exe

MD5 d53e463db6e575edac90230232e22b30
SHA1 7a8ff0e0845b2569548ee18a9c7f85a90faa6b11
SHA256 c773b30831165f088c38e671a668b098e0427fbbd2e7732d21b2eb8b73c0b5b1
SHA512 0683ae191393c89b2c6f1b7b8604f9b82bfbb0808b7feda6fc68c6e4519cfbaa2b0f372fe0050355c93e9f3d43e470e7c742ccd637b4e3fa3ddc5c001ab73757

C:\Windows\system\GcZrHRd.exe

MD5 6aa350db8e0d84af4f12495dc58feab0
SHA1 93cf6ea740f9e2982df67a371cdd610b384a1d7e
SHA256 68bad46dafd94976ef648ac6b5aaf4445e4c615a0f672746909052dd79c061a6
SHA512 79879980cab4e8c5a754e548acb0edef4404bbf11ca150418d9ddd8d231d273356ffb0bb1b73a349a56f44c7066a00f417ae1512e21c3794cda69fbe40b56afe

C:\Windows\system\HajpdtT.exe

MD5 9ca5adb92a336b7532de80fe1841b825
SHA1 ea38de3980897d47a8b8766c34a3d6be6a92ce51
SHA256 c9d13d8740d748fa8e924a8023251cd6abc46bf578328b1a4ea86735ff72e7c7
SHA512 d29e551403f10430a46b5956ae87fcaf2769288126977b6dc8a34c4992a2f72d2ab40b0dac37b0edd12c50d0601313453e8dc1c6305bec1bac7aeb5d31b428e9

C:\Windows\system\raEUsNc.exe

MD5 e5ad15897c218e66358f933d66390ac1
SHA1 9cdcb07d9cb58ac2a446c1fe0c468d5e95bc9362
SHA256 3fa6f55df86cd0574d8dbd8bb6b79a08b377a93ef984340b3326f36d0515fdfb
SHA512 18abfbc6b5a5cb41aedbc32a7a9008f2b2708a612f1edf97091173397143b8564034ec58468ff63e0bbac824b297ae24c40b3d89019d311ab55dd7c0610bba07

C:\Windows\system\fVYfoaO.exe

MD5 e348cbb95b13943ccc5e3597d834c8c2
SHA1 b418ea48f276549680a6a53b0ec1d0268e028b8b
SHA256 537d485b194166e674669e76638c12a26d7fe5ea8b94d2bb945f964354bc08f1
SHA512 6585f7c6e549826be2cdfc45c5fadf1f6c44e41f2746bfda5958c65f1c683e6caf670d1c6d129eaeff6212181c867542afbea13a3f1bd5770a52be468f306dd6

C:\Windows\system\UzYFRBG.exe

MD5 ab982720254fe335e2c80b4519afecc1
SHA1 6fd7e3260e590bb95a65b8704b15e38e2356bb1d
SHA256 53fbd8a66878f0a9c327de7bdd56f6d93cc48beab6d4c5d69059e1baec5600e9
SHA512 07eacfe6535549a2ff4de7b7012293eef2cc7940b2b0b07cc49b4e2d1e4b577ac5fa50bc91207e28b04ddf2ce65bb951b1ea3bafaecb15c8dce2b433b2825bca

memory/2216-119-0x000007FEF5AC0000-0x000007FEF645D000-memory.dmp

C:\Windows\system\XQwoQIU.exe

MD5 b81c59c007e6c9e1bbe91f5c96b1a1b5
SHA1 b85295a0998be2d0e66bb874ab68cfcd0558fe70
SHA256 4bc87a2bbd2d35ba19063b4eefe290176a45b5b72cabcc6d85f47524210ae1e9
SHA512 edc179d72f09e86aec21de6cb57ef2dc5d36997adc1f1be171d3ea19ca4175eef8190c9741f97c964115f25f0f1cd7bd012a4e9d73d9664e5ca1f0718fc0ca27

C:\Windows\system\NiMEpQX.exe

MD5 8401415749c1001825e34ce7414d3b4e
SHA1 e5272e73380556f7bdc06fef2955a0fd0249358d
SHA256 f081057254f38db890921e29c18a4862ca3416065fab4cd752947d02ef435eb3
SHA512 95f486c8ddce7347d0d77efe009efc24f7370ef75f6ce291f64d58065f412da742fcb1f42ce7b84e80d46dbf4a7ddcdaec67935f2e8e747121822333054b3ece

C:\Windows\system\wVuDPAN.exe

MD5 b5bf091a60d5d5f21b7abca084ecbb9b
SHA1 25583e760b2b9e13e1b4646834f994ca2b696060
SHA256 f6f8c4eb7a31d9be530ee33a5cab8970d9be2121b2fa1d5a7645a0a00d343989
SHA512 b76f14af1ba777f5075cf4f64be4dd697342612ccc60d28120f7bcbe5e3d68f0a3fb14680b492aece6b8c05bd7eeae591d83bb3394975b703893b6ac149de54e

\Windows\system\ehZkLak.exe

MD5 2b47e0582a111d5304b32e15131901e2
SHA1 02d369068c435eeca308e490a2b3c612bbdac934
SHA256 30bed09ef29715b8a0cb445f66697806ed937ff79dc0ba3113a733f48b49c6c5
SHA512 e6b320d3769c7d383950e458111355e6abe9f4fbb8058c5d42f6f17c26d1bc74d864a5552a3cc5d5043fd86af2e3212b6caa62da7d0ba9630c82ea963d6bb9a8

C:\Windows\system\lUabiAl.exe

MD5 08a802b2d6eacda5cedba870245c26d1
SHA1 ebcb514ba22c444edd31cc38b35705a6ed10613e
SHA256 962b87899845d0804103b36ba15c930593b24cbd50ca32a5a9730273ecf2ecb0
SHA512 5c8afdad34154a2efc6a58926fab6d234ff76fafaaf1b1874e781e825ee59f3f2bffa5c2ed2b002bf962533375185b6685e4aa08382b17bf7c672fee4944b5cc

C:\Windows\system\ppIlDDB.exe

MD5 bde0f409d5572b52d439e3a8f4f1dfc0
SHA1 39da332df4f7905b1a5136e41149387333b405c1
SHA256 b1444808cec876f47a42c442e4c9d0d074495cc1944dc6045662d8720fff05d4
SHA512 3818846f858172d9f3e94411212f04a3716c6ab60b6b8e8d1f7e0c48398f25fadeb394f86e2b110ac82b8af80da7c8584275c2ecc7e3666826f99a5afa90f87e

memory/2236-140-0x00000000035A0000-0x0000000003992000-memory.dmp

memory/2784-139-0x000000013FC20000-0x0000000140012000-memory.dmp

memory/2236-136-0x00000000035A0000-0x0000000003992000-memory.dmp

memory/288-135-0x000000013F890000-0x000000013FC82000-memory.dmp

memory/2236-134-0x00000000035A0000-0x0000000003992000-memory.dmp

memory/2104-133-0x000000013F970000-0x000000013FD62000-memory.dmp

C:\Windows\system\rrRLlvq.exe

MD5 9629322dc662490609c05801527a9e69
SHA1 e1ffcefbe56a9ef3e1a6851e77f930d1424ce249
SHA256 99a76be585f6ce0465cf5f611b897e753e7d1d8f51efd408f57a74c896b19702
SHA512 4c019d2a30317fe9e0d19439f622b5ee39717d714a79343d0b15ef0676046fcfbc6a0ba6bf21d05cb1c503d060b95139e4d0d22d534fc4853873d74fca2384e1

memory/2236-132-0x00000000035A0000-0x0000000003992000-memory.dmp

memory/2932-131-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2236-130-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2536-129-0x000000013FD80000-0x0000000140172000-memory.dmp

memory/2236-128-0x00000000035A0000-0x0000000003992000-memory.dmp

memory/2200-127-0x000000013FF70000-0x0000000140362000-memory.dmp

memory/2236-126-0x000000013FF70000-0x0000000140362000-memory.dmp

memory/2724-125-0x000000013F210000-0x000000013F602000-memory.dmp

memory/2236-124-0x000000013F210000-0x000000013F602000-memory.dmp

memory/2576-123-0x000000013F700000-0x000000013FAF2000-memory.dmp

memory/2236-122-0x000000013F700000-0x000000013FAF2000-memory.dmp

memory/2764-121-0x000000013F9C0000-0x000000013FDB2000-memory.dmp

C:\Windows\system\tcCjUOv.exe

MD5 719a9077d89c836e02239a6909ad3789
SHA1 591bfa9c003e2be1b68ee264682f12e6051d4943
SHA256 371f4bbe1ea1438e9784cb731789df38f6db04c51265287d09c9e27c0a963161
SHA512 ee6c44d48263843c744e65d0f2c2011052edbcb4f86edbd7066a312d0891e168022604ba3f568f94e2d88cf6c40112cb51684f2524a08a11c163d6bf2c812940

C:\Windows\system\qGoRlTi.exe

MD5 3133554f0c01e65a975b2757a0af4e9e
SHA1 d508ee9e375311931a69d9571610f8d676b6db96
SHA256 b0c9d2587eea805ca4fbe04d0372dcc4888da0270d8b65cf02e288c514eabe21
SHA512 45457c7334c41c2ac4bd8be0956f00dfd3e1922f897888a58d8821a70a94d02445200ba39d3305781def8793d759def3287c287922bb63c68905081fd3f52f5a

C:\Windows\system\tPwmBOo.exe

MD5 8f779b158117520095caacffa39b05c3
SHA1 2b7bd4c5ab34e934203a50a95436c23ebbd7f3b6
SHA256 f4969c2f5d7524814700b1ca04f31047d91a90d7282e45e0f0c3bc7f9b464496
SHA512 6c3a14ad3d80616a7af33e5c163d1bac95d1cf22ae1a66d355e579fd07798820b2c1b07c7c20d2ffb2b25385fe1c4d4fe26897935e5eb0492b48ae0ca328fc16

C:\Windows\system\OMbkvtb.exe

MD5 11090f4508e62f5bfc7102d527cc800a
SHA1 b2ef78d4672ce80bde866890f922d4a21381adda
SHA256 572248dab3f629ad704ea4fb16fb361b85e25d9b6b0a89902e8e4e62df5034b1
SHA512 dc4b57549f5f9707875a050399262cd9a2ed3039cf974142f9c71b7ed5a51ba0d98d9efba31573ef3bb9833c717800dabd5bc7b3c004c5c86e98a2e3b3530b37

C:\Windows\system\LGDJhoC.exe

MD5 d6da7050d78d435d354f693aea2106e2
SHA1 111ed3314428f644113a08bb0501c71f14694db3
SHA256 cb639119165aa9a88c25a5a88cf98d672b4eae7f2f427be5d0d4ed4f2264993a
SHA512 9f56d27ec6833d9563319087a9a61114d5c87a2cb872ad567340f1b74652e1ed3646f2b169ef455d132042b25bb300fcf2b1254a62a8f24d4e0dfdcbd86d93ef

C:\Windows\system\DiSlNiq.exe

MD5 b9cb95165e693a487af31634801f8425
SHA1 e19bf40e83517812b98d24fb105f4d2007e7c0b8
SHA256 c139ece951c9dddebbc41516fe22944093f42b4804aab9ce0d3c601cde8cbe20
SHA512 39be1fa511ed7ce4e5ec0717c86fb78a13c0c7aa094ab92681ab1a89f9cd6d20692f39c24d2328847bfc5d8b70470b62443e2aa9a428a160b3e27caf8e92cadd

C:\Windows\system\CjIUuSO.exe

MD5 30d08ecf3087a8ffcedc43a8032ea8c2
SHA1 f1f92fab4fef9a6271a5fe6bd62e4f9914596d2a
SHA256 633adbd8824dd3ea860d5ef88fd533543bc34fd5a93070bc7c2bdb6dbfd66eb1
SHA512 d3a375ce92eb51d9e70f9b9eca901479a6ce61ac420f8b1c822c66fd8bfde5788593b71d6115a1d2d59968cea68e420e172b706e30a97ed1afa24b0a322c9dbd

C:\Windows\system\Lmqjseh.exe

MD5 886a93a6bb5cc0980c2f34db7b1d592a
SHA1 5a700f8095f8c70e3519b609fef518407aa6c487
SHA256 f3480e0f76b04177ad309c5683d3253f52276e06aa9a6f0859e77937a58a9568
SHA512 127ec892a19609e560f8d89097238d1ff1bb776b546446eee3022a56f68597e884dbe7dcea04f654522a95220e291f798c8c98125d18d4bebd8ccb42eda8febe

C:\Windows\system\qwleiod.exe

MD5 6f37652164aeba1e2b3fa93544f1b2dc
SHA1 f3ade69c90a00a2c5045778613ca122f9ff48577
SHA256 46f9febbf9bda0ea41b2f4edcd44230712da501fb5b6878d6525e36836a75f10
SHA512 5e186c8123d114d79233df2a7dbd2d34d81e996080934b7e91e6e6bfe0ab8e3007a38fd12f8dbabcc8220bd248500d937c699030e8d14f09e2434d7cbd35a885

C:\Windows\system\jyBrfLA.exe

MD5 aa8bab0d006ef3b7b8238a353ae343fe
SHA1 c4b078be97dfca38c8caf37c63c8767b2ac8d8f0
SHA256 124d1aade6a4e5f58bfd444c1406b7fa4bb60c444d24e1f6c4e688816990db8a
SHA512 68279794f386de82c2e9b87ee036e0a9c41426bc48dfb79fdb72ccc97056864a75587e513e6f60f39f03b8cece9d49bcc7cadc8446e811aa9500d4bae3a5711d

C:\Windows\system\WxaNxfJ.exe

MD5 9fb73d27d0ea1266a486f397a4eb2cec
SHA1 86a26b255f6f92b50f30c847faba98b845cc522c
SHA256 e681e2b97d38f4e2c33e2c578722c7415117e8b17da0bdbba4d5e3e7c5de2404
SHA512 1b5846e5c7ed5cac8aaa0f3e0ccdd7c181f43b7345d3a0d7e0c48453b0cb4acb0dba8e362c089f2903759916e23c71bd68e6bf7715f642d349a8d2dc6c491bb3

memory/2692-23-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2596-20-0x000000013F5F0000-0x000000013F9E2000-memory.dmp

memory/2236-17-0x000000013F5F0000-0x000000013F9E2000-memory.dmp

\Windows\system\iWXruAv.exe

MD5 b2553c0e9bad44129ea464231f9cd163
SHA1 08e437c45cec928da4a7145bcbbf3e66e5071989
SHA256 86091bc6852d79ddf7180c3b1ee61be65d6dd850d680b95faf8b6a376c057496
SHA512 8648d5de834c7b145cd9fc5ade6e863afb54ce635485fc686b9005051bf6a18aad1d8a6e213b060ab81736fbfecb6abe04d34d97b92095abef181ffa80ed6bf6

\Windows\system\VjcgQzN.exe

MD5 a5606d189ee268a2ac741ff692ed78aa
SHA1 20aaedd3515aae93aefbfd7f3d322d713bec9aab
SHA256 0c1a12aa0235119df9f0115c5447543a2e5dd0c19b21c195e9c82171e0928d82
SHA512 55756b6b619a5c1282403363cbf09baf867aaddb6ff6b498eb2d23c0195b9282ccfa09c5858e4382d1b9cc0d89ca5ce415815d273ccb29bca6c681718083ee49

C:\Windows\system\UdTWxAR.exe

MD5 26b2776709c901d8b548d8084f712b35
SHA1 e37e64572ac646968328d7102d370d1009980e46
SHA256 9eec7ba4fe52ac00045a5727451dd8f8a0fe0176d6413bcd117bb07176c0d80c
SHA512 d56934ae971042b09f3b2541028f2dadf0cf1577e482e0663aa1f4970c273437e82be71c63e37b4979df14d2e6ed098132997831aff2e8c3fe1b57fa53826dd8

memory/2216-161-0x00000000022D0000-0x00000000022D8000-memory.dmp

memory/2216-153-0x000000001B790000-0x000000001BA72000-memory.dmp

\Windows\system\wwHOtvc.exe

MD5 5d63847a26cdcf7ab028fadad22a472c
SHA1 4ee6e8048f3c13549fa739c824b571df7560aaa4
SHA256 91200126e2ee3977aadc1ee6ee88c56611ac750a070191c6757e72ec9de8c4bf
SHA512 e87b7c2ac2c4d2ea2d27cf362eade0204b8c6a82c84c622e5ade776c563e1b7eb4234c012896040a84fb4a7769b497547c3ccde27531b9ad9c03f557c5d560bf

\Windows\system\WHlHzEq.exe

MD5 7d6b780079b2b16d41560729f0f74c3c
SHA1 3b353294f5686f8249d82c31bb2b4d71b371c507
SHA256 d94ab6663ff0f3608b7de3483340a6e35b07e4e62c5a33cd457cf0798936a70a
SHA512 8683bf39152e6ac19cc9fcd12cc0c9d9f54161fa7956873d588ddb4e72e48128c90b28afce6631c33c57a16925b6aaf5fc8dbf5996562563aa4ef0b652d719c9

\Windows\system\BpcMmyz.exe

MD5 f5ebe0c5c88e3d4148437bc447d6c3cd
SHA1 45652b1373d8f7cf37be7f300a277e23ae6aea69
SHA256 e8bf54da53270cc8d237c156a9c802c424d5bf752a1f6f2d7bf73592cd2d92cf
SHA512 0c33e565538d86aadb91cb9ca76e92c53827221060c815b6773451a603f6296c8108427652a08b8a64e40c7553f970c7f05e2cc13dab998d9137a50463143fff

memory/2216-681-0x000007FEF5AC0000-0x000007FEF645D000-memory.dmp

memory/2236-1768-0x000000013FB20000-0x000000013FF12000-memory.dmp

memory/2932-4701-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2692-4719-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2784-4710-0x000000013FC20000-0x0000000140012000-memory.dmp

memory/2764-4705-0x000000013F9C0000-0x000000013FDB2000-memory.dmp

memory/2772-4723-0x000000013FE50000-0x0000000140242000-memory.dmp

memory/2724-4713-0x000000013F210000-0x000000013F602000-memory.dmp

memory/2536-4735-0x000000013FD80000-0x0000000140172000-memory.dmp

memory/2200-4847-0x000000013FF70000-0x0000000140362000-memory.dmp

memory/2576-4839-0x000000013F700000-0x000000013FAF2000-memory.dmp

memory/288-4815-0x000000013F890000-0x000000013FC82000-memory.dmp

memory/2596-4730-0x000000013F5F0000-0x000000013F9E2000-memory.dmp

C:\Windows\system\mneNDBk.exe

MD5 bde15b2ead8c80bd9adb93196fa26dbd
SHA1 dc2f51a48e5d52847073f853245e5bf80527fa84
SHA256 897a554176d39e9ef1a3494c4af72e02ec36d8ca92881b63e220a966c7aa27fe
SHA512 6a8b4d4b782e0d5eb3f0177188a94042b4c9e59512454c55775a50f9b1a123a2a12f4522c49fed572948865a1b6160bc9ec1d35a4c5a7500be5c6e91edfa9d45

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 03:01

Reported

2024-05-27 03:04

Platform

win10v2004-20240426-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\LGpooxQ.exe N/A
N/A N/A C:\Windows\System\kzYMEyI.exe N/A
N/A N/A C:\Windows\System\UmhYIEL.exe N/A
N/A N/A C:\Windows\System\gpkJzWP.exe N/A
N/A N/A C:\Windows\System\SyojmjK.exe N/A
N/A N/A C:\Windows\System\QBrlRDD.exe N/A
N/A N/A C:\Windows\System\FPlEYtS.exe N/A
N/A N/A C:\Windows\System\IuZtFtJ.exe N/A
N/A N/A C:\Windows\System\xKKRymP.exe N/A
N/A N/A C:\Windows\System\UmVLhyU.exe N/A
N/A N/A C:\Windows\System\KQIxHCB.exe N/A
N/A N/A C:\Windows\System\PooUfXl.exe N/A
N/A N/A C:\Windows\System\TadkSEF.exe N/A
N/A N/A C:\Windows\System\XSRIfsS.exe N/A
N/A N/A C:\Windows\System\NGQjIBe.exe N/A
N/A N/A C:\Windows\System\xWUZdGV.exe N/A
N/A N/A C:\Windows\System\wFgRKVD.exe N/A
N/A N/A C:\Windows\System\qtrrUmW.exe N/A
N/A N/A C:\Windows\System\KPvaNGW.exe N/A
N/A N/A C:\Windows\System\lYSAdZT.exe N/A
N/A N/A C:\Windows\System\nedMnrN.exe N/A
N/A N/A C:\Windows\System\MlgHcaZ.exe N/A
N/A N/A C:\Windows\System\NScYzDN.exe N/A
N/A N/A C:\Windows\System\slSagFA.exe N/A
N/A N/A C:\Windows\System\YOMOeLk.exe N/A
N/A N/A C:\Windows\System\XMTwAYI.exe N/A
N/A N/A C:\Windows\System\iddQUem.exe N/A
N/A N/A C:\Windows\System\xeKCQnf.exe N/A
N/A N/A C:\Windows\System\TrlMCDE.exe N/A
N/A N/A C:\Windows\System\amZgfft.exe N/A
N/A N/A C:\Windows\System\ZFoJgFE.exe N/A
N/A N/A C:\Windows\System\pSxvcqV.exe N/A
N/A N/A C:\Windows\System\lxANqNn.exe N/A
N/A N/A C:\Windows\System\ZbHroiy.exe N/A
N/A N/A C:\Windows\System\bpZghnz.exe N/A
N/A N/A C:\Windows\System\Ozfbddi.exe N/A
N/A N/A C:\Windows\System\qOMQhYr.exe N/A
N/A N/A C:\Windows\System\rXILqak.exe N/A
N/A N/A C:\Windows\System\ZaBzVIb.exe N/A
N/A N/A C:\Windows\System\FdXRjvW.exe N/A
N/A N/A C:\Windows\System\WQxpmSJ.exe N/A
N/A N/A C:\Windows\System\FnGtuCM.exe N/A
N/A N/A C:\Windows\System\mPEYymb.exe N/A
N/A N/A C:\Windows\System\pyMtNMq.exe N/A
N/A N/A C:\Windows\System\ILdxDgI.exe N/A
N/A N/A C:\Windows\System\rroZDKy.exe N/A
N/A N/A C:\Windows\System\VTGHTYk.exe N/A
N/A N/A C:\Windows\System\bXXNbLO.exe N/A
N/A N/A C:\Windows\System\lfTXwnN.exe N/A
N/A N/A C:\Windows\System\IJRgccM.exe N/A
N/A N/A C:\Windows\System\ALpCoAA.exe N/A
N/A N/A C:\Windows\System\fQXvQHp.exe N/A
N/A N/A C:\Windows\System\IYWlJep.exe N/A
N/A N/A C:\Windows\System\ipYeXaI.exe N/A
N/A N/A C:\Windows\System\nCsvYOZ.exe N/A
N/A N/A C:\Windows\System\lEAwEXR.exe N/A
N/A N/A C:\Windows\System\YeFjREr.exe N/A
N/A N/A C:\Windows\System\MyIuuSI.exe N/A
N/A N/A C:\Windows\System\mwOUEhM.exe N/A
N/A N/A C:\Windows\System\PNmTGGT.exe N/A
N/A N/A C:\Windows\System\raTUWsB.exe N/A
N/A N/A C:\Windows\System\nqBRAgU.exe N/A
N/A N/A C:\Windows\System\htIvtwT.exe N/A
N/A N/A C:\Windows\System\ETHpmgS.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LKvKbgF.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\JQRBbPo.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kHMaKrK.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\flmzPPo.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzppraw.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsQOZMb.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\MwrVLZv.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMVLaJq.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\VVxBgDH.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\RaiHMQz.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\XgQUVCD.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\YfiRKCa.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\MgadkLv.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\OnbmSDx.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADqZOwr.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROkdiFc.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\OeHcxys.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\PXwbOVk.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEcWXtf.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\RfRkwVw.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\bJVjPye.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\twOwztr.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWHdmkm.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\vfccMNt.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FkdHQCG.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\tOJgCEP.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\EzQYQeL.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\yLwJref.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQBuRhQ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\hwhyMau.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcttgaa.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rAoQwmN.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\AEFreRc.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\IknTUff.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\teKWmma.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdklgRC.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rqeMtEM.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwuDHsY.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckstYyX.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\IaQFpAk.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\tTHePbO.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLOONho.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\VvFmLIS.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\lzQbbEo.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TOrRsfL.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rkMlnpD.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKCEGEV.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FfuwYzP.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\AyTVIPU.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kfNjsYz.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\OpABIPW.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TCZIBof.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRrNUOm.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZRCnlD.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rOSiRYe.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\hEOnORt.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPuymEh.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\lfhdQEQ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\Jbbzpkn.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\GChnaPn.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kQhOdkA.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqCttHQ.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\IOFkIGN.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
File created C:\Windows\System\YDgdzIV.exe C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2784 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2784 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2784 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\LGpooxQ.exe
PID 2784 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\LGpooxQ.exe
PID 2784 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\kzYMEyI.exe
PID 2784 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\kzYMEyI.exe
PID 2784 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\UmhYIEL.exe
PID 2784 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\UmhYIEL.exe
PID 2784 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\gpkJzWP.exe
PID 2784 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\gpkJzWP.exe
PID 2784 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\SyojmjK.exe
PID 2784 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\SyojmjK.exe
PID 2784 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\IuZtFtJ.exe
PID 2784 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\IuZtFtJ.exe
PID 2784 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\QBrlRDD.exe
PID 2784 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\QBrlRDD.exe
PID 2784 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\FPlEYtS.exe
PID 2784 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\FPlEYtS.exe
PID 2784 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\xKKRymP.exe
PID 2784 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\xKKRymP.exe
PID 2784 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\UmVLhyU.exe
PID 2784 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\UmVLhyU.exe
PID 2784 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\KQIxHCB.exe
PID 2784 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\KQIxHCB.exe
PID 2784 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\xWUZdGV.exe
PID 2784 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\xWUZdGV.exe
PID 2784 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\PooUfXl.exe
PID 2784 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\PooUfXl.exe
PID 2784 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\qtrrUmW.exe
PID 2784 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\qtrrUmW.exe
PID 2784 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\KPvaNGW.exe
PID 2784 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\KPvaNGW.exe
PID 2784 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\TadkSEF.exe
PID 2784 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\TadkSEF.exe
PID 2784 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\XSRIfsS.exe
PID 2784 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\XSRIfsS.exe
PID 2784 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\NGQjIBe.exe
PID 2784 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\NGQjIBe.exe
PID 2784 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\wFgRKVD.exe
PID 2784 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\wFgRKVD.exe
PID 2784 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\lYSAdZT.exe
PID 2784 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\lYSAdZT.exe
PID 2784 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\nedMnrN.exe
PID 2784 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\nedMnrN.exe
PID 2784 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\MlgHcaZ.exe
PID 2784 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\MlgHcaZ.exe
PID 2784 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\NScYzDN.exe
PID 2784 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\NScYzDN.exe
PID 2784 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\slSagFA.exe
PID 2784 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\slSagFA.exe
PID 2784 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\YOMOeLk.exe
PID 2784 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\YOMOeLk.exe
PID 2784 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\XMTwAYI.exe
PID 2784 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\XMTwAYI.exe
PID 2784 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\iddQUem.exe
PID 2784 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\iddQUem.exe
PID 2784 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\xeKCQnf.exe
PID 2784 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\xeKCQnf.exe
PID 2784 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\TrlMCDE.exe
PID 2784 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\TrlMCDE.exe
PID 2784 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\amZgfft.exe
PID 2784 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\amZgfft.exe
PID 2784 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\ZFoJgFE.exe
PID 2784 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe C:\Windows\System\ZFoJgFE.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1b9a20c7caf86a38529f0312123b2c20_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\LGpooxQ.exe

C:\Windows\System\LGpooxQ.exe

C:\Windows\System\kzYMEyI.exe

C:\Windows\System\kzYMEyI.exe

C:\Windows\System\UmhYIEL.exe

C:\Windows\System\UmhYIEL.exe

C:\Windows\System\gpkJzWP.exe

C:\Windows\System\gpkJzWP.exe

C:\Windows\System\SyojmjK.exe

C:\Windows\System\SyojmjK.exe

C:\Windows\System\IuZtFtJ.exe

C:\Windows\System\IuZtFtJ.exe

C:\Windows\System\QBrlRDD.exe

C:\Windows\System\QBrlRDD.exe

C:\Windows\System\FPlEYtS.exe

C:\Windows\System\FPlEYtS.exe

C:\Windows\System\xKKRymP.exe

C:\Windows\System\xKKRymP.exe

C:\Windows\System\UmVLhyU.exe

C:\Windows\System\UmVLhyU.exe

C:\Windows\System\KQIxHCB.exe

C:\Windows\System\KQIxHCB.exe

C:\Windows\System\xWUZdGV.exe

C:\Windows\System\xWUZdGV.exe

C:\Windows\System\PooUfXl.exe

C:\Windows\System\PooUfXl.exe

C:\Windows\System\qtrrUmW.exe

C:\Windows\System\qtrrUmW.exe

C:\Windows\System\KPvaNGW.exe

C:\Windows\System\KPvaNGW.exe

C:\Windows\System\TadkSEF.exe

C:\Windows\System\TadkSEF.exe

C:\Windows\System\XSRIfsS.exe

C:\Windows\System\XSRIfsS.exe

C:\Windows\System\NGQjIBe.exe

C:\Windows\System\NGQjIBe.exe

C:\Windows\System\wFgRKVD.exe

C:\Windows\System\wFgRKVD.exe

C:\Windows\System\lYSAdZT.exe

C:\Windows\System\lYSAdZT.exe

C:\Windows\System\nedMnrN.exe

C:\Windows\System\nedMnrN.exe

C:\Windows\System\MlgHcaZ.exe

C:\Windows\System\MlgHcaZ.exe

C:\Windows\System\NScYzDN.exe

C:\Windows\System\NScYzDN.exe

C:\Windows\System\slSagFA.exe

C:\Windows\System\slSagFA.exe

C:\Windows\System\YOMOeLk.exe

C:\Windows\System\YOMOeLk.exe

C:\Windows\System\XMTwAYI.exe

C:\Windows\System\XMTwAYI.exe

C:\Windows\System\iddQUem.exe

C:\Windows\System\iddQUem.exe

C:\Windows\System\xeKCQnf.exe

C:\Windows\System\xeKCQnf.exe

C:\Windows\System\TrlMCDE.exe

C:\Windows\System\TrlMCDE.exe

C:\Windows\System\amZgfft.exe

C:\Windows\System\amZgfft.exe

C:\Windows\System\ZFoJgFE.exe

C:\Windows\System\ZFoJgFE.exe

C:\Windows\System\qOMQhYr.exe

C:\Windows\System\qOMQhYr.exe

C:\Windows\System\pSxvcqV.exe

C:\Windows\System\pSxvcqV.exe

C:\Windows\System\lxANqNn.exe

C:\Windows\System\lxANqNn.exe

C:\Windows\System\ZbHroiy.exe

C:\Windows\System\ZbHroiy.exe

C:\Windows\System\bpZghnz.exe

C:\Windows\System\bpZghnz.exe

C:\Windows\System\Ozfbddi.exe

C:\Windows\System\Ozfbddi.exe

C:\Windows\System\IYWlJep.exe

C:\Windows\System\IYWlJep.exe

C:\Windows\System\rXILqak.exe

C:\Windows\System\rXILqak.exe

C:\Windows\System\lEAwEXR.exe

C:\Windows\System\lEAwEXR.exe

C:\Windows\System\ZaBzVIb.exe

C:\Windows\System\ZaBzVIb.exe

C:\Windows\System\FdXRjvW.exe

C:\Windows\System\FdXRjvW.exe

C:\Windows\System\WQxpmSJ.exe

C:\Windows\System\WQxpmSJ.exe

C:\Windows\System\FnGtuCM.exe

C:\Windows\System\FnGtuCM.exe

C:\Windows\System\mPEYymb.exe

C:\Windows\System\mPEYymb.exe

C:\Windows\System\pyMtNMq.exe

C:\Windows\System\pyMtNMq.exe

C:\Windows\System\ILdxDgI.exe

C:\Windows\System\ILdxDgI.exe

C:\Windows\System\rroZDKy.exe

C:\Windows\System\rroZDKy.exe

C:\Windows\System\VTGHTYk.exe

C:\Windows\System\VTGHTYk.exe

C:\Windows\System\bXXNbLO.exe

C:\Windows\System\bXXNbLO.exe

C:\Windows\System\lfTXwnN.exe

C:\Windows\System\lfTXwnN.exe

C:\Windows\System\IJRgccM.exe

C:\Windows\System\IJRgccM.exe

C:\Windows\System\ALpCoAA.exe

C:\Windows\System\ALpCoAA.exe

C:\Windows\System\fQXvQHp.exe

C:\Windows\System\fQXvQHp.exe

C:\Windows\System\ipYeXaI.exe

C:\Windows\System\ipYeXaI.exe

C:\Windows\System\nCsvYOZ.exe

C:\Windows\System\nCsvYOZ.exe

C:\Windows\System\YeFjREr.exe

C:\Windows\System\YeFjREr.exe

C:\Windows\System\MyIuuSI.exe

C:\Windows\System\MyIuuSI.exe

C:\Windows\System\mwOUEhM.exe

C:\Windows\System\mwOUEhM.exe

C:\Windows\System\VaZetyD.exe

C:\Windows\System\VaZetyD.exe

C:\Windows\System\uKkddyD.exe

C:\Windows\System\uKkddyD.exe

C:\Windows\System\PNmTGGT.exe

C:\Windows\System\PNmTGGT.exe

C:\Windows\System\raTUWsB.exe

C:\Windows\System\raTUWsB.exe

C:\Windows\System\nqBRAgU.exe

C:\Windows\System\nqBRAgU.exe

C:\Windows\System\htIvtwT.exe

C:\Windows\System\htIvtwT.exe

C:\Windows\System\ETHpmgS.exe

C:\Windows\System\ETHpmgS.exe

C:\Windows\System\qRVDWkm.exe

C:\Windows\System\qRVDWkm.exe

C:\Windows\System\GYScYGH.exe

C:\Windows\System\GYScYGH.exe

C:\Windows\System\VlCGAOp.exe

C:\Windows\System\VlCGAOp.exe

C:\Windows\System\FMrTOIt.exe

C:\Windows\System\FMrTOIt.exe

C:\Windows\System\BWgtPVd.exe

C:\Windows\System\BWgtPVd.exe

C:\Windows\System\bYoJwLL.exe

C:\Windows\System\bYoJwLL.exe

C:\Windows\System\bqIfOxo.exe

C:\Windows\System\bqIfOxo.exe

C:\Windows\System\UmOwoAi.exe

C:\Windows\System\UmOwoAi.exe

C:\Windows\System\hceUixp.exe

C:\Windows\System\hceUixp.exe

C:\Windows\System\YqaGPPL.exe

C:\Windows\System\YqaGPPL.exe

C:\Windows\System\qfbzitt.exe

C:\Windows\System\qfbzitt.exe

C:\Windows\System\dgTSIRP.exe

C:\Windows\System\dgTSIRP.exe

C:\Windows\System\hkInleo.exe

C:\Windows\System\hkInleo.exe

C:\Windows\System\wOFyusU.exe

C:\Windows\System\wOFyusU.exe

C:\Windows\System\aExauAP.exe

C:\Windows\System\aExauAP.exe

C:\Windows\System\fokttzF.exe

C:\Windows\System\fokttzF.exe

C:\Windows\System\FBHOkca.exe

C:\Windows\System\FBHOkca.exe

C:\Windows\System\WkqbOum.exe

C:\Windows\System\WkqbOum.exe

C:\Windows\System\jyiMDyl.exe

C:\Windows\System\jyiMDyl.exe

C:\Windows\System\tTHePbO.exe

C:\Windows\System\tTHePbO.exe

C:\Windows\System\dLxXgbN.exe

C:\Windows\System\dLxXgbN.exe

C:\Windows\System\MUuzrzS.exe

C:\Windows\System\MUuzrzS.exe

C:\Windows\System\ovwrJKi.exe

C:\Windows\System\ovwrJKi.exe

C:\Windows\System\dzCPJjA.exe

C:\Windows\System\dzCPJjA.exe

C:\Windows\System\cJFwKoI.exe

C:\Windows\System\cJFwKoI.exe

C:\Windows\System\aLaLBcj.exe

C:\Windows\System\aLaLBcj.exe

C:\Windows\System\UAJXjXF.exe

C:\Windows\System\UAJXjXF.exe

C:\Windows\System\nSfSamw.exe

C:\Windows\System\nSfSamw.exe

C:\Windows\System\FyZsKsr.exe

C:\Windows\System\FyZsKsr.exe

C:\Windows\System\ATwlPvA.exe

C:\Windows\System\ATwlPvA.exe

C:\Windows\System\AOPAzvx.exe

C:\Windows\System\AOPAzvx.exe

C:\Windows\System\PmfFjyS.exe

C:\Windows\System\PmfFjyS.exe

C:\Windows\System\wVatJmW.exe

C:\Windows\System\wVatJmW.exe

C:\Windows\System\xdCJQOn.exe

C:\Windows\System\xdCJQOn.exe

C:\Windows\System\VHjQBGI.exe

C:\Windows\System\VHjQBGI.exe

C:\Windows\System\dszFkPJ.exe

C:\Windows\System\dszFkPJ.exe

C:\Windows\System\PfmzoAN.exe

C:\Windows\System\PfmzoAN.exe

C:\Windows\System\pESzgZX.exe

C:\Windows\System\pESzgZX.exe

C:\Windows\System\iWIhtYG.exe

C:\Windows\System\iWIhtYG.exe

C:\Windows\System\UCmXeyL.exe

C:\Windows\System\UCmXeyL.exe

C:\Windows\System\EVFFGfQ.exe

C:\Windows\System\EVFFGfQ.exe

C:\Windows\System\KrtLYwx.exe

C:\Windows\System\KrtLYwx.exe

C:\Windows\System\LwPNAQU.exe

C:\Windows\System\LwPNAQU.exe

C:\Windows\System\CFSMJEZ.exe

C:\Windows\System\CFSMJEZ.exe

C:\Windows\System\kppENXm.exe

C:\Windows\System\kppENXm.exe

C:\Windows\System\gHCwoDd.exe

C:\Windows\System\gHCwoDd.exe

C:\Windows\System\GXZzzoc.exe

C:\Windows\System\GXZzzoc.exe

C:\Windows\System\THIWixn.exe

C:\Windows\System\THIWixn.exe

C:\Windows\System\ouxncuF.exe

C:\Windows\System\ouxncuF.exe

C:\Windows\System\izdZjjb.exe

C:\Windows\System\izdZjjb.exe

C:\Windows\System\MkhKhFo.exe

C:\Windows\System\MkhKhFo.exe

C:\Windows\System\aIlURni.exe

C:\Windows\System\aIlURni.exe

C:\Windows\System\oizSwHL.exe

C:\Windows\System\oizSwHL.exe

C:\Windows\System\FsEfCoZ.exe

C:\Windows\System\FsEfCoZ.exe

C:\Windows\System\rqeMtEM.exe

C:\Windows\System\rqeMtEM.exe

C:\Windows\System\vaOKdfI.exe

C:\Windows\System\vaOKdfI.exe

C:\Windows\System\UIRtLfm.exe

C:\Windows\System\UIRtLfm.exe

C:\Windows\System\hCfuWPl.exe

C:\Windows\System\hCfuWPl.exe

C:\Windows\System\ptVHxxG.exe

C:\Windows\System\ptVHxxG.exe

C:\Windows\System\vQtCxJc.exe

C:\Windows\System\vQtCxJc.exe

C:\Windows\System\cMINGBg.exe

C:\Windows\System\cMINGBg.exe

C:\Windows\System\FLOvqAX.exe

C:\Windows\System\FLOvqAX.exe

C:\Windows\System\cOyyJLD.exe

C:\Windows\System\cOyyJLD.exe

C:\Windows\System\ArssFgK.exe

C:\Windows\System\ArssFgK.exe

C:\Windows\System\HmoAlDv.exe

C:\Windows\System\HmoAlDv.exe

C:\Windows\System\RaiHMQz.exe

C:\Windows\System\RaiHMQz.exe

C:\Windows\System\MxgEBlb.exe

C:\Windows\System\MxgEBlb.exe

C:\Windows\System\ruQovkq.exe

C:\Windows\System\ruQovkq.exe

C:\Windows\System\UmOZRnE.exe

C:\Windows\System\UmOZRnE.exe

C:\Windows\System\FXnLOMa.exe

C:\Windows\System\FXnLOMa.exe

C:\Windows\System\StxFWNV.exe

C:\Windows\System\StxFWNV.exe

C:\Windows\System\HgnrLAV.exe

C:\Windows\System\HgnrLAV.exe

C:\Windows\System\nGUdCsj.exe

C:\Windows\System\nGUdCsj.exe

C:\Windows\System\UJfzhdy.exe

C:\Windows\System\UJfzhdy.exe

C:\Windows\System\dKXzgjD.exe

C:\Windows\System\dKXzgjD.exe

C:\Windows\System\BmuFoJk.exe

C:\Windows\System\BmuFoJk.exe

C:\Windows\System\NbwgIYa.exe

C:\Windows\System\NbwgIYa.exe

C:\Windows\System\JKgWIuL.exe

C:\Windows\System\JKgWIuL.exe

C:\Windows\System\LmXDYOU.exe

C:\Windows\System\LmXDYOU.exe

C:\Windows\System\xaFtnkb.exe

C:\Windows\System\xaFtnkb.exe

C:\Windows\System\OOGyEFj.exe

C:\Windows\System\OOGyEFj.exe

C:\Windows\System\ZUZmyYR.exe

C:\Windows\System\ZUZmyYR.exe

C:\Windows\System\XwBppNo.exe

C:\Windows\System\XwBppNo.exe

C:\Windows\System\lNcaeWN.exe

C:\Windows\System\lNcaeWN.exe

C:\Windows\System\WcOKdxG.exe

C:\Windows\System\WcOKdxG.exe

C:\Windows\System\gxeGPZz.exe

C:\Windows\System\gxeGPZz.exe

C:\Windows\System\VrLJUuF.exe

C:\Windows\System\VrLJUuF.exe

C:\Windows\System\kgdMYaT.exe

C:\Windows\System\kgdMYaT.exe

C:\Windows\System\plCXesG.exe

C:\Windows\System\plCXesG.exe

C:\Windows\System\VqMPBRF.exe

C:\Windows\System\VqMPBRF.exe

C:\Windows\System\NSLALdV.exe

C:\Windows\System\NSLALdV.exe

C:\Windows\System\KtfpNtP.exe

C:\Windows\System\KtfpNtP.exe

C:\Windows\System\rFODzQm.exe

C:\Windows\System\rFODzQm.exe

C:\Windows\System\yQkAWxT.exe

C:\Windows\System\yQkAWxT.exe

C:\Windows\System\JVspdRl.exe

C:\Windows\System\JVspdRl.exe

C:\Windows\System\NRADlWb.exe

C:\Windows\System\NRADlWb.exe

C:\Windows\System\flruTEN.exe

C:\Windows\System\flruTEN.exe

C:\Windows\System\plSSCvX.exe

C:\Windows\System\plSSCvX.exe

C:\Windows\System\ofYTKfi.exe

C:\Windows\System\ofYTKfi.exe

C:\Windows\System\YnnwrKz.exe

C:\Windows\System\YnnwrKz.exe

C:\Windows\System\RCWfuTm.exe

C:\Windows\System\RCWfuTm.exe

C:\Windows\System\gZKxlRI.exe

C:\Windows\System\gZKxlRI.exe

C:\Windows\System\bAWPFtp.exe

C:\Windows\System\bAWPFtp.exe

C:\Windows\System\vciczAy.exe

C:\Windows\System\vciczAy.exe

C:\Windows\System\KrWnfLS.exe

C:\Windows\System\KrWnfLS.exe

C:\Windows\System\BlDMCrK.exe

C:\Windows\System\BlDMCrK.exe

C:\Windows\System\wWURcpX.exe

C:\Windows\System\wWURcpX.exe

C:\Windows\System\NTOEhsB.exe

C:\Windows\System\NTOEhsB.exe

C:\Windows\System\VKFnfHY.exe

C:\Windows\System\VKFnfHY.exe

C:\Windows\System\YQgVOqe.exe

C:\Windows\System\YQgVOqe.exe

C:\Windows\System\LKvKbgF.exe

C:\Windows\System\LKvKbgF.exe

C:\Windows\System\CpNtLyG.exe

C:\Windows\System\CpNtLyG.exe

C:\Windows\System\PuMmTvE.exe

C:\Windows\System\PuMmTvE.exe

C:\Windows\System\tJPCxgu.exe

C:\Windows\System\tJPCxgu.exe

C:\Windows\System\bKStAFK.exe

C:\Windows\System\bKStAFK.exe

C:\Windows\System\WXhaiAh.exe

C:\Windows\System\WXhaiAh.exe

C:\Windows\System\BmxpkqG.exe

C:\Windows\System\BmxpkqG.exe

C:\Windows\System\rjxhuZj.exe

C:\Windows\System\rjxhuZj.exe

C:\Windows\System\HWuJvkq.exe

C:\Windows\System\HWuJvkq.exe

C:\Windows\System\BnIwkHp.exe

C:\Windows\System\BnIwkHp.exe

C:\Windows\System\pBgEMVL.exe

C:\Windows\System\pBgEMVL.exe

C:\Windows\System\aWaebZd.exe

C:\Windows\System\aWaebZd.exe

C:\Windows\System\YierIiT.exe

C:\Windows\System\YierIiT.exe

C:\Windows\System\UXDQkBW.exe

C:\Windows\System\UXDQkBW.exe

C:\Windows\System\DpEKqco.exe

C:\Windows\System\DpEKqco.exe

C:\Windows\System\TGJMqQB.exe

C:\Windows\System\TGJMqQB.exe

C:\Windows\System\CnSipQP.exe

C:\Windows\System\CnSipQP.exe

C:\Windows\System\PtEGjcp.exe

C:\Windows\System\PtEGjcp.exe

C:\Windows\System\AEFreRc.exe

C:\Windows\System\AEFreRc.exe

C:\Windows\System\yLtCNTs.exe

C:\Windows\System\yLtCNTs.exe

C:\Windows\System\HmnRzDo.exe

C:\Windows\System\HmnRzDo.exe

C:\Windows\System\avbeIRA.exe

C:\Windows\System\avbeIRA.exe

C:\Windows\System\llQxrjz.exe

C:\Windows\System\llQxrjz.exe

C:\Windows\System\iySgOgc.exe

C:\Windows\System\iySgOgc.exe

C:\Windows\System\CbALKLe.exe

C:\Windows\System\CbALKLe.exe

C:\Windows\System\KaBNoco.exe

C:\Windows\System\KaBNoco.exe

C:\Windows\System\FobbtqJ.exe

C:\Windows\System\FobbtqJ.exe

C:\Windows\System\GjSpSwS.exe

C:\Windows\System\GjSpSwS.exe

C:\Windows\System\obYCGDk.exe

C:\Windows\System\obYCGDk.exe

C:\Windows\System\fzzEDOW.exe

C:\Windows\System\fzzEDOW.exe

C:\Windows\System\PybNsKo.exe

C:\Windows\System\PybNsKo.exe

C:\Windows\System\KkRozIY.exe

C:\Windows\System\KkRozIY.exe

C:\Windows\System\mSAFCRF.exe

C:\Windows\System\mSAFCRF.exe

C:\Windows\System\CSDrvFo.exe

C:\Windows\System\CSDrvFo.exe

C:\Windows\System\fEFQlur.exe

C:\Windows\System\fEFQlur.exe

C:\Windows\System\duKJPTx.exe

C:\Windows\System\duKJPTx.exe

C:\Windows\System\OyUppuS.exe

C:\Windows\System\OyUppuS.exe

C:\Windows\System\GZwJlxj.exe

C:\Windows\System\GZwJlxj.exe

C:\Windows\System\lgJmOwz.exe

C:\Windows\System\lgJmOwz.exe

C:\Windows\System\PWvXqGH.exe

C:\Windows\System\PWvXqGH.exe

C:\Windows\System\MOEenft.exe

C:\Windows\System\MOEenft.exe

C:\Windows\System\WuJOlPg.exe

C:\Windows\System\WuJOlPg.exe

C:\Windows\System\afjrADR.exe

C:\Windows\System\afjrADR.exe

C:\Windows\System\pFZDmEK.exe

C:\Windows\System\pFZDmEK.exe

C:\Windows\System\pNMzQaA.exe

C:\Windows\System\pNMzQaA.exe

C:\Windows\System\KnabDFr.exe

C:\Windows\System\KnabDFr.exe

C:\Windows\System\qfVGtBy.exe

C:\Windows\System\qfVGtBy.exe

C:\Windows\System\cPMiaqU.exe

C:\Windows\System\cPMiaqU.exe

C:\Windows\System\DwAPHkp.exe

C:\Windows\System\DwAPHkp.exe

C:\Windows\System\uSdQNtQ.exe

C:\Windows\System\uSdQNtQ.exe

C:\Windows\System\WtDcuCH.exe

C:\Windows\System\WtDcuCH.exe

C:\Windows\System\XPkjkAN.exe

C:\Windows\System\XPkjkAN.exe

C:\Windows\System\uxpwZWK.exe

C:\Windows\System\uxpwZWK.exe

C:\Windows\System\NZqgWWV.exe

C:\Windows\System\NZqgWWV.exe

C:\Windows\System\kdEHYbX.exe

C:\Windows\System\kdEHYbX.exe

C:\Windows\System\bOWcTIT.exe

C:\Windows\System\bOWcTIT.exe

C:\Windows\System\ryHWkzt.exe

C:\Windows\System\ryHWkzt.exe

C:\Windows\System\GLOONho.exe

C:\Windows\System\GLOONho.exe

C:\Windows\System\IKEnKDX.exe

C:\Windows\System\IKEnKDX.exe

C:\Windows\System\CPwRLaM.exe

C:\Windows\System\CPwRLaM.exe

C:\Windows\System\EVoqCJW.exe

C:\Windows\System\EVoqCJW.exe

C:\Windows\System\GQJDkSh.exe

C:\Windows\System\GQJDkSh.exe

C:\Windows\System\QimCAxn.exe

C:\Windows\System\QimCAxn.exe

C:\Windows\System\NuXwPyq.exe

C:\Windows\System\NuXwPyq.exe

C:\Windows\System\XwDSvmf.exe

C:\Windows\System\XwDSvmf.exe

C:\Windows\System\hHXSqJk.exe

C:\Windows\System\hHXSqJk.exe

C:\Windows\System\CHEnrXh.exe

C:\Windows\System\CHEnrXh.exe

C:\Windows\System\TBXonCH.exe

C:\Windows\System\TBXonCH.exe

C:\Windows\System\bJndUgn.exe

C:\Windows\System\bJndUgn.exe

C:\Windows\System\klFIXqE.exe

C:\Windows\System\klFIXqE.exe

C:\Windows\System\CKFoBJa.exe

C:\Windows\System\CKFoBJa.exe

C:\Windows\System\kHmZzGT.exe

C:\Windows\System\kHmZzGT.exe

C:\Windows\System\toQjORw.exe

C:\Windows\System\toQjORw.exe

C:\Windows\System\OJOAKqa.exe

C:\Windows\System\OJOAKqa.exe

C:\Windows\System\xnDGemG.exe

C:\Windows\System\xnDGemG.exe

C:\Windows\System\xQZHvUt.exe

C:\Windows\System\xQZHvUt.exe

C:\Windows\System\erFZUjf.exe

C:\Windows\System\erFZUjf.exe

C:\Windows\System\scbCCiA.exe

C:\Windows\System\scbCCiA.exe

C:\Windows\System\vBKrJDk.exe

C:\Windows\System\vBKrJDk.exe

C:\Windows\System\gxYnPzG.exe

C:\Windows\System\gxYnPzG.exe

C:\Windows\System\EjpVRKE.exe

C:\Windows\System\EjpVRKE.exe

C:\Windows\System\msylWWL.exe

C:\Windows\System\msylWWL.exe

C:\Windows\System\EoaEoiC.exe

C:\Windows\System\EoaEoiC.exe

C:\Windows\System\RvuFprt.exe

C:\Windows\System\RvuFprt.exe

C:\Windows\System\BwuDHsY.exe

C:\Windows\System\BwuDHsY.exe

C:\Windows\System\PzdDkcK.exe

C:\Windows\System\PzdDkcK.exe

C:\Windows\System\PPYSIAn.exe

C:\Windows\System\PPYSIAn.exe

C:\Windows\System\DmLSQHg.exe

C:\Windows\System\DmLSQHg.exe

C:\Windows\System\pZqalad.exe

C:\Windows\System\pZqalad.exe

C:\Windows\System\NekEzrZ.exe

C:\Windows\System\NekEzrZ.exe

C:\Windows\System\XHLEceF.exe

C:\Windows\System\XHLEceF.exe

C:\Windows\System\NgQWXNy.exe

C:\Windows\System\NgQWXNy.exe

C:\Windows\System\alJCurE.exe

C:\Windows\System\alJCurE.exe

C:\Windows\System\HMLAKYR.exe

C:\Windows\System\HMLAKYR.exe

C:\Windows\System\zYcSbuc.exe

C:\Windows\System\zYcSbuc.exe

C:\Windows\System\KvWIMoX.exe

C:\Windows\System\KvWIMoX.exe

C:\Windows\System\uSUmPur.exe

C:\Windows\System\uSUmPur.exe

C:\Windows\System\PzejIgn.exe

C:\Windows\System\PzejIgn.exe

C:\Windows\System\fYpAQSZ.exe

C:\Windows\System\fYpAQSZ.exe

C:\Windows\System\nIehazS.exe

C:\Windows\System\nIehazS.exe

C:\Windows\System\BmDHCnm.exe

C:\Windows\System\BmDHCnm.exe

C:\Windows\System\ABHpzKb.exe

C:\Windows\System\ABHpzKb.exe

C:\Windows\System\FvrFuVx.exe

C:\Windows\System\FvrFuVx.exe

C:\Windows\System\mtQietB.exe

C:\Windows\System\mtQietB.exe

C:\Windows\System\tYbXVxC.exe

C:\Windows\System\tYbXVxC.exe

C:\Windows\System\rxeYvIs.exe

C:\Windows\System\rxeYvIs.exe

C:\Windows\System\TeddTmY.exe

C:\Windows\System\TeddTmY.exe

C:\Windows\System\DnZUGjN.exe

C:\Windows\System\DnZUGjN.exe

C:\Windows\System\tdrBred.exe

C:\Windows\System\tdrBred.exe

C:\Windows\System\UEwytTs.exe

C:\Windows\System\UEwytTs.exe

C:\Windows\System\LJfNtbe.exe

C:\Windows\System\LJfNtbe.exe

C:\Windows\System\JTqOJbg.exe

C:\Windows\System\JTqOJbg.exe

C:\Windows\System\bFONwtT.exe

C:\Windows\System\bFONwtT.exe

C:\Windows\System\fLaGDDK.exe

C:\Windows\System\fLaGDDK.exe

C:\Windows\System\cvVkgHH.exe

C:\Windows\System\cvVkgHH.exe

C:\Windows\System\utlZuze.exe

C:\Windows\System\utlZuze.exe

C:\Windows\System\YYnoWdV.exe

C:\Windows\System\YYnoWdV.exe

C:\Windows\System\rzjwIfD.exe

C:\Windows\System\rzjwIfD.exe

C:\Windows\System\VTCMpVt.exe

C:\Windows\System\VTCMpVt.exe

C:\Windows\System\aBqeoTQ.exe

C:\Windows\System\aBqeoTQ.exe

C:\Windows\System\AzScTXF.exe

C:\Windows\System\AzScTXF.exe

C:\Windows\System\dnPbMVE.exe

C:\Windows\System\dnPbMVE.exe

C:\Windows\System\qiekbZe.exe

C:\Windows\System\qiekbZe.exe

C:\Windows\System\IknTUff.exe

C:\Windows\System\IknTUff.exe

C:\Windows\System\NNqOlUb.exe

C:\Windows\System\NNqOlUb.exe

C:\Windows\System\lgyGHxa.exe

C:\Windows\System\lgyGHxa.exe

C:\Windows\System\keHGUnu.exe

C:\Windows\System\keHGUnu.exe

C:\Windows\System\VhSZwsN.exe

C:\Windows\System\VhSZwsN.exe

C:\Windows\System\YZiCyRN.exe

C:\Windows\System\YZiCyRN.exe

C:\Windows\System\ALOZSQA.exe

C:\Windows\System\ALOZSQA.exe

C:\Windows\System\ActKZTE.exe

C:\Windows\System\ActKZTE.exe

C:\Windows\System\dcvdBZI.exe

C:\Windows\System\dcvdBZI.exe

C:\Windows\System\NVZMOvW.exe

C:\Windows\System\NVZMOvW.exe

C:\Windows\System\PqTGzVg.exe

C:\Windows\System\PqTGzVg.exe

C:\Windows\System\mwIEFOm.exe

C:\Windows\System\mwIEFOm.exe

C:\Windows\System\ZgPnylP.exe

C:\Windows\System\ZgPnylP.exe

C:\Windows\System\VyRAMkX.exe

C:\Windows\System\VyRAMkX.exe

C:\Windows\System\YxxaxYR.exe

C:\Windows\System\YxxaxYR.exe

C:\Windows\System\WjgRyzM.exe

C:\Windows\System\WjgRyzM.exe

C:\Windows\System\GOKnelW.exe

C:\Windows\System\GOKnelW.exe

C:\Windows\System\YOXhNnq.exe

C:\Windows\System\YOXhNnq.exe

C:\Windows\System\ttepIUL.exe

C:\Windows\System\ttepIUL.exe

C:\Windows\System\sAThfQI.exe

C:\Windows\System\sAThfQI.exe

C:\Windows\System\VyjvTly.exe

C:\Windows\System\VyjvTly.exe

C:\Windows\System\dqLZwtG.exe

C:\Windows\System\dqLZwtG.exe

C:\Windows\System\QjAHqoD.exe

C:\Windows\System\QjAHqoD.exe

C:\Windows\System\tUAEIHo.exe

C:\Windows\System\tUAEIHo.exe

C:\Windows\System\demFcQz.exe

C:\Windows\System\demFcQz.exe

C:\Windows\System\qQWnZkm.exe

C:\Windows\System\qQWnZkm.exe

C:\Windows\System\KqdZcDF.exe

C:\Windows\System\KqdZcDF.exe

C:\Windows\System\XAmqlCf.exe

C:\Windows\System\XAmqlCf.exe

C:\Windows\System\EcgrfJH.exe

C:\Windows\System\EcgrfJH.exe

C:\Windows\System\pOnIcKP.exe

C:\Windows\System\pOnIcKP.exe

C:\Windows\System\buDOYRt.exe

C:\Windows\System\buDOYRt.exe

C:\Windows\System\sgwDSKf.exe

C:\Windows\System\sgwDSKf.exe

C:\Windows\System\qlpAQSn.exe

C:\Windows\System\qlpAQSn.exe

C:\Windows\System\oUHZEKa.exe

C:\Windows\System\oUHZEKa.exe

C:\Windows\System\kHuHBEs.exe

C:\Windows\System\kHuHBEs.exe

C:\Windows\System\UpcAFvH.exe

C:\Windows\System\UpcAFvH.exe

C:\Windows\System\emkejMB.exe

C:\Windows\System\emkejMB.exe

C:\Windows\System\gZSEsPy.exe

C:\Windows\System\gZSEsPy.exe

C:\Windows\System\HtBJXHF.exe

C:\Windows\System\HtBJXHF.exe

C:\Windows\System\PoeWgtC.exe

C:\Windows\System\PoeWgtC.exe

C:\Windows\System\KdVQCBf.exe

C:\Windows\System\KdVQCBf.exe

C:\Windows\System\snfDtnJ.exe

C:\Windows\System\snfDtnJ.exe

C:\Windows\System\ZgUNlUn.exe

C:\Windows\System\ZgUNlUn.exe

C:\Windows\System\fhHFlmk.exe

C:\Windows\System\fhHFlmk.exe

C:\Windows\System\QJCQHQq.exe

C:\Windows\System\QJCQHQq.exe

C:\Windows\System\viaZaML.exe

C:\Windows\System\viaZaML.exe

C:\Windows\System\ERsvfDG.exe

C:\Windows\System\ERsvfDG.exe

C:\Windows\System\zikyAsh.exe

C:\Windows\System\zikyAsh.exe

C:\Windows\System\OIvIRoU.exe

C:\Windows\System\OIvIRoU.exe

C:\Windows\System\xSacLml.exe

C:\Windows\System\xSacLml.exe

C:\Windows\System\AckQPat.exe

C:\Windows\System\AckQPat.exe

C:\Windows\System\KaHleqX.exe

C:\Windows\System\KaHleqX.exe

C:\Windows\System\aNAIJGH.exe

C:\Windows\System\aNAIJGH.exe

C:\Windows\System\EizjtiN.exe

C:\Windows\System\EizjtiN.exe

C:\Windows\System\TZxHXJM.exe

C:\Windows\System\TZxHXJM.exe

C:\Windows\System\uKjrmPq.exe

C:\Windows\System\uKjrmPq.exe

C:\Windows\System\rBQyDnN.exe

C:\Windows\System\rBQyDnN.exe

C:\Windows\System\FMhRAGz.exe

C:\Windows\System\FMhRAGz.exe

C:\Windows\System\OPzAChn.exe

C:\Windows\System\OPzAChn.exe

C:\Windows\System\oAikBTk.exe

C:\Windows\System\oAikBTk.exe

C:\Windows\System\RVvCqhB.exe

C:\Windows\System\RVvCqhB.exe

C:\Windows\System\TgAjSLX.exe

C:\Windows\System\TgAjSLX.exe

C:\Windows\System\joptKlj.exe

C:\Windows\System\joptKlj.exe

C:\Windows\System\vXFxdPg.exe

C:\Windows\System\vXFxdPg.exe

C:\Windows\System\QfldoBO.exe

C:\Windows\System\QfldoBO.exe

C:\Windows\System\MrsMxHq.exe

C:\Windows\System\MrsMxHq.exe

C:\Windows\System\lzimtRz.exe

C:\Windows\System\lzimtRz.exe

C:\Windows\System\WEOhlOz.exe

C:\Windows\System\WEOhlOz.exe

C:\Windows\System\tyuoshP.exe

C:\Windows\System\tyuoshP.exe

C:\Windows\System\nJkpVMo.exe

C:\Windows\System\nJkpVMo.exe

C:\Windows\System\ujmiQDv.exe

C:\Windows\System\ujmiQDv.exe

C:\Windows\System\aYqDQCv.exe

C:\Windows\System\aYqDQCv.exe

C:\Windows\System\SnhOmoZ.exe

C:\Windows\System\SnhOmoZ.exe

C:\Windows\System\AurFyEQ.exe

C:\Windows\System\AurFyEQ.exe

C:\Windows\System\ECrLmSY.exe

C:\Windows\System\ECrLmSY.exe

C:\Windows\System\fCmzQAH.exe

C:\Windows\System\fCmzQAH.exe

C:\Windows\System\VPmwWkB.exe

C:\Windows\System\VPmwWkB.exe

C:\Windows\System\qDluBsa.exe

C:\Windows\System\qDluBsa.exe

C:\Windows\System\NxRiSBT.exe

C:\Windows\System\NxRiSBT.exe

C:\Windows\System\uXBfsWk.exe

C:\Windows\System\uXBfsWk.exe

C:\Windows\System\caRoOGX.exe

C:\Windows\System\caRoOGX.exe

C:\Windows\System\dNfsgWj.exe

C:\Windows\System\dNfsgWj.exe

C:\Windows\System\jxQIdAn.exe

C:\Windows\System\jxQIdAn.exe

C:\Windows\System\AiTyJdW.exe

C:\Windows\System\AiTyJdW.exe

C:\Windows\System\mgTmDqg.exe

C:\Windows\System\mgTmDqg.exe

C:\Windows\System\TEzJrJs.exe

C:\Windows\System\TEzJrJs.exe

C:\Windows\System\TsyHENy.exe

C:\Windows\System\TsyHENy.exe

C:\Windows\System\UxOFuKA.exe

C:\Windows\System\UxOFuKA.exe

C:\Windows\System\mUdsXKq.exe

C:\Windows\System\mUdsXKq.exe

C:\Windows\System\EMvKIzX.exe

C:\Windows\System\EMvKIzX.exe

C:\Windows\System\LAxnwAQ.exe

C:\Windows\System\LAxnwAQ.exe

C:\Windows\System\QVEvVVV.exe

C:\Windows\System\QVEvVVV.exe

C:\Windows\System\ImFOIKt.exe

C:\Windows\System\ImFOIKt.exe

C:\Windows\System\GVCferP.exe

C:\Windows\System\GVCferP.exe

C:\Windows\System\dEPiemr.exe

C:\Windows\System\dEPiemr.exe

C:\Windows\System\pedQdCc.exe

C:\Windows\System\pedQdCc.exe

C:\Windows\System\RoMNkZg.exe

C:\Windows\System\RoMNkZg.exe

C:\Windows\System\dEmyYHL.exe

C:\Windows\System\dEmyYHL.exe

C:\Windows\System\jubrDQk.exe

C:\Windows\System\jubrDQk.exe

C:\Windows\System\PtOhbNU.exe

C:\Windows\System\PtOhbNU.exe

C:\Windows\System\hUOfnTG.exe

C:\Windows\System\hUOfnTG.exe

C:\Windows\System\MrXGJFp.exe

C:\Windows\System\MrXGJFp.exe

C:\Windows\System\zRNJIkd.exe

C:\Windows\System\zRNJIkd.exe

C:\Windows\System\nGsujcm.exe

C:\Windows\System\nGsujcm.exe

C:\Windows\System\XtuAhzd.exe

C:\Windows\System\XtuAhzd.exe

C:\Windows\System\KJExBWu.exe

C:\Windows\System\KJExBWu.exe

C:\Windows\System\WqUhvLI.exe

C:\Windows\System\WqUhvLI.exe

C:\Windows\System\fuWcpgQ.exe

C:\Windows\System\fuWcpgQ.exe

C:\Windows\System\PuJnaWB.exe

C:\Windows\System\PuJnaWB.exe

C:\Windows\System\nmvvIoE.exe

C:\Windows\System\nmvvIoE.exe

C:\Windows\System\NyCMpCj.exe

C:\Windows\System\NyCMpCj.exe

C:\Windows\System\vLfUqZh.exe

C:\Windows\System\vLfUqZh.exe

C:\Windows\System\XUMFQGo.exe

C:\Windows\System\XUMFQGo.exe

C:\Windows\System\hgWtNFn.exe

C:\Windows\System\hgWtNFn.exe

C:\Windows\System\RkHvUKD.exe

C:\Windows\System\RkHvUKD.exe

C:\Windows\System\euWYCaR.exe

C:\Windows\System\euWYCaR.exe

C:\Windows\System\ejiYKRc.exe

C:\Windows\System\ejiYKRc.exe

C:\Windows\System\DlOJiNT.exe

C:\Windows\System\DlOJiNT.exe

C:\Windows\System\HNwOAdw.exe

C:\Windows\System\HNwOAdw.exe

C:\Windows\System\HidUHiT.exe

C:\Windows\System\HidUHiT.exe

C:\Windows\System\SBeIwLY.exe

C:\Windows\System\SBeIwLY.exe

C:\Windows\System\GVYNcLf.exe

C:\Windows\System\GVYNcLf.exe

C:\Windows\System\crWMPoe.exe

C:\Windows\System\crWMPoe.exe

C:\Windows\System\oYMxKXc.exe

C:\Windows\System\oYMxKXc.exe

C:\Windows\System\vjFcNuk.exe

C:\Windows\System\vjFcNuk.exe

C:\Windows\System\XbFJMhU.exe

C:\Windows\System\XbFJMhU.exe

C:\Windows\System\cvrqpzl.exe

C:\Windows\System\cvrqpzl.exe

C:\Windows\System\PRszFXc.exe

C:\Windows\System\PRszFXc.exe

C:\Windows\System\hCeeANe.exe

C:\Windows\System\hCeeANe.exe

C:\Windows\System\kZzEYAA.exe

C:\Windows\System\kZzEYAA.exe

C:\Windows\System\LBAebSi.exe

C:\Windows\System\LBAebSi.exe

C:\Windows\System\iaMAVjA.exe

C:\Windows\System\iaMAVjA.exe

C:\Windows\System\sXjiFWr.exe

C:\Windows\System\sXjiFWr.exe

C:\Windows\System\XdwxIVY.exe

C:\Windows\System\XdwxIVY.exe

C:\Windows\System\QRudnQp.exe

C:\Windows\System\QRudnQp.exe

C:\Windows\System\DEQalnw.exe

C:\Windows\System\DEQalnw.exe

C:\Windows\System\MYGsWCr.exe

C:\Windows\System\MYGsWCr.exe

C:\Windows\System\mVqUbdJ.exe

C:\Windows\System\mVqUbdJ.exe

C:\Windows\System\DuiCOXp.exe

C:\Windows\System\DuiCOXp.exe

C:\Windows\System\RCKLfzx.exe

C:\Windows\System\RCKLfzx.exe

C:\Windows\System\JapGgxR.exe

C:\Windows\System\JapGgxR.exe

C:\Windows\System\dzjYuBm.exe

C:\Windows\System\dzjYuBm.exe

C:\Windows\System\FHVgIqL.exe

C:\Windows\System\FHVgIqL.exe

C:\Windows\System\dRmLfMr.exe

C:\Windows\System\dRmLfMr.exe

C:\Windows\System\IWbNVAJ.exe

C:\Windows\System\IWbNVAJ.exe

C:\Windows\System\rCjZJtH.exe

C:\Windows\System\rCjZJtH.exe

C:\Windows\System\nwkOycb.exe

C:\Windows\System\nwkOycb.exe

C:\Windows\System\NUBvHYg.exe

C:\Windows\System\NUBvHYg.exe

C:\Windows\System\urAjGjF.exe

C:\Windows\System\urAjGjF.exe

C:\Windows\System\zVadpyD.exe

C:\Windows\System\zVadpyD.exe

C:\Windows\System\MDpFcFb.exe

C:\Windows\System\MDpFcFb.exe

C:\Windows\System\IsBNRBn.exe

C:\Windows\System\IsBNRBn.exe

C:\Windows\System\qBikqOB.exe

C:\Windows\System\qBikqOB.exe

C:\Windows\System\ZigiYSK.exe

C:\Windows\System\ZigiYSK.exe

C:\Windows\System\BJSBjKM.exe

C:\Windows\System\BJSBjKM.exe

C:\Windows\System\fYAsSBK.exe

C:\Windows\System\fYAsSBK.exe

C:\Windows\System\siXLGXF.exe

C:\Windows\System\siXLGXF.exe

C:\Windows\System\yYcWIRz.exe

C:\Windows\System\yYcWIRz.exe

C:\Windows\System\GPMnaWU.exe

C:\Windows\System\GPMnaWU.exe

C:\Windows\System\aRnIOkY.exe

C:\Windows\System\aRnIOkY.exe

C:\Windows\System\VjWXwZX.exe

C:\Windows\System\VjWXwZX.exe

C:\Windows\System\TVdhxEG.exe

C:\Windows\System\TVdhxEG.exe

C:\Windows\System\IUHXJGQ.exe

C:\Windows\System\IUHXJGQ.exe

C:\Windows\System\nczHFEh.exe

C:\Windows\System\nczHFEh.exe

C:\Windows\System\kmltlhR.exe

C:\Windows\System\kmltlhR.exe

C:\Windows\System\dsSgpNJ.exe

C:\Windows\System\dsSgpNJ.exe

C:\Windows\System\rtZLCpY.exe

C:\Windows\System\rtZLCpY.exe

C:\Windows\System\qhismRg.exe

C:\Windows\System\qhismRg.exe

C:\Windows\System\CsenXPE.exe

C:\Windows\System\CsenXPE.exe

C:\Windows\System\QcydoUK.exe

C:\Windows\System\QcydoUK.exe

C:\Windows\System\aXmhkzF.exe

C:\Windows\System\aXmhkzF.exe

C:\Windows\System\hTXsEMP.exe

C:\Windows\System\hTXsEMP.exe

C:\Windows\System\YosxHQv.exe

C:\Windows\System\YosxHQv.exe

C:\Windows\System\ZaGMFVD.exe

C:\Windows\System\ZaGMFVD.exe

C:\Windows\System\CYMTUAH.exe

C:\Windows\System\CYMTUAH.exe

C:\Windows\System\eJzFTVQ.exe

C:\Windows\System\eJzFTVQ.exe

C:\Windows\System\OsfSblA.exe

C:\Windows\System\OsfSblA.exe

C:\Windows\System\AjmhlOU.exe

C:\Windows\System\AjmhlOU.exe

C:\Windows\System\QrgeRna.exe

C:\Windows\System\QrgeRna.exe

C:\Windows\System\MEYUaEv.exe

C:\Windows\System\MEYUaEv.exe

C:\Windows\System\yKBSqDc.exe

C:\Windows\System\yKBSqDc.exe

C:\Windows\System\vsVHGtK.exe

C:\Windows\System\vsVHGtK.exe

C:\Windows\System\DqLDeJj.exe

C:\Windows\System\DqLDeJj.exe

C:\Windows\System\xHwmdEn.exe

C:\Windows\System\xHwmdEn.exe

C:\Windows\System\mYbNcRv.exe

C:\Windows\System\mYbNcRv.exe

C:\Windows\System\nvQGpTd.exe

C:\Windows\System\nvQGpTd.exe

C:\Windows\System\CWPcYBT.exe

C:\Windows\System\CWPcYBT.exe

C:\Windows\System\OvtmNoo.exe

C:\Windows\System\OvtmNoo.exe

C:\Windows\System\pRAMiyd.exe

C:\Windows\System\pRAMiyd.exe

C:\Windows\System\BpQECjr.exe

C:\Windows\System\BpQECjr.exe

C:\Windows\System\aiadhxh.exe

C:\Windows\System\aiadhxh.exe

C:\Windows\System\YhkDTbn.exe

C:\Windows\System\YhkDTbn.exe

C:\Windows\System\UdVEodW.exe

C:\Windows\System\UdVEodW.exe

C:\Windows\System\uxKCcdx.exe

C:\Windows\System\uxKCcdx.exe

C:\Windows\System\OjWClYc.exe

C:\Windows\System\OjWClYc.exe

C:\Windows\System\vfccMNt.exe

C:\Windows\System\vfccMNt.exe

C:\Windows\System\vKAaDJJ.exe

C:\Windows\System\vKAaDJJ.exe

C:\Windows\System\xPPuaLo.exe

C:\Windows\System\xPPuaLo.exe

C:\Windows\System\dQGLcwK.exe

C:\Windows\System\dQGLcwK.exe

C:\Windows\System\IhWPbsY.exe

C:\Windows\System\IhWPbsY.exe

C:\Windows\System\HdxyLoS.exe

C:\Windows\System\HdxyLoS.exe

C:\Windows\System\HoCmaIB.exe

C:\Windows\System\HoCmaIB.exe

C:\Windows\System\fUEstKr.exe

C:\Windows\System\fUEstKr.exe

C:\Windows\System\BytjmfP.exe

C:\Windows\System\BytjmfP.exe

C:\Windows\System\hzQbvep.exe

C:\Windows\System\hzQbvep.exe

C:\Windows\System\RiwFHzu.exe

C:\Windows\System\RiwFHzu.exe

C:\Windows\System\GaSNohG.exe

C:\Windows\System\GaSNohG.exe

C:\Windows\System\RoUgcap.exe

C:\Windows\System\RoUgcap.exe

C:\Windows\System\OxECXog.exe

C:\Windows\System\OxECXog.exe

C:\Windows\System\fgLfLWR.exe

C:\Windows\System\fgLfLWR.exe

C:\Windows\System\dPTdvdw.exe

C:\Windows\System\dPTdvdw.exe

C:\Windows\System\UAqhVwy.exe

C:\Windows\System\UAqhVwy.exe

C:\Windows\System\SvmnKOo.exe

C:\Windows\System\SvmnKOo.exe

C:\Windows\System\MevZzpq.exe

C:\Windows\System\MevZzpq.exe

C:\Windows\System\WKVdeoD.exe

C:\Windows\System\WKVdeoD.exe

C:\Windows\System\DHEnyrI.exe

C:\Windows\System\DHEnyrI.exe

C:\Windows\System\vKGIYOR.exe

C:\Windows\System\vKGIYOR.exe

C:\Windows\System\ZZWhjjg.exe

C:\Windows\System\ZZWhjjg.exe

C:\Windows\System\RNnjCJB.exe

C:\Windows\System\RNnjCJB.exe

C:\Windows\System\YHGpVPB.exe

C:\Windows\System\YHGpVPB.exe

C:\Windows\System\kbyWOCc.exe

C:\Windows\System\kbyWOCc.exe

C:\Windows\System\iiVJyoY.exe

C:\Windows\System\iiVJyoY.exe

C:\Windows\System\nftLXBA.exe

C:\Windows\System\nftLXBA.exe

C:\Windows\System\ytpRYZK.exe

C:\Windows\System\ytpRYZK.exe

C:\Windows\System\TwDdUeB.exe

C:\Windows\System\TwDdUeB.exe

C:\Windows\System\LXQzolV.exe

C:\Windows\System\LXQzolV.exe

C:\Windows\System\KNxvnBq.exe

C:\Windows\System\KNxvnBq.exe

C:\Windows\System\VayUXsD.exe

C:\Windows\System\VayUXsD.exe

C:\Windows\System\bRZqMOj.exe

C:\Windows\System\bRZqMOj.exe

C:\Windows\System\kgFGZFK.exe

C:\Windows\System\kgFGZFK.exe

C:\Windows\System\mXygKNW.exe

C:\Windows\System\mXygKNW.exe

C:\Windows\System\VBFEMOh.exe

C:\Windows\System\VBFEMOh.exe

C:\Windows\System\zPhfRAf.exe

C:\Windows\System\zPhfRAf.exe

C:\Windows\System\NkgjXBZ.exe

C:\Windows\System\NkgjXBZ.exe

C:\Windows\System\PTzphIT.exe

C:\Windows\System\PTzphIT.exe

C:\Windows\System\oSwoeII.exe

C:\Windows\System\oSwoeII.exe

C:\Windows\System\CDgUZgv.exe

C:\Windows\System\CDgUZgv.exe

C:\Windows\System\ktsOSYd.exe

C:\Windows\System\ktsOSYd.exe

C:\Windows\System\aMUtNNN.exe

C:\Windows\System\aMUtNNN.exe

C:\Windows\System\NkLocYp.exe

C:\Windows\System\NkLocYp.exe

C:\Windows\System\ieGfyRR.exe

C:\Windows\System\ieGfyRR.exe

C:\Windows\System\mUbzOzc.exe

C:\Windows\System\mUbzOzc.exe

C:\Windows\System\VcpltpJ.exe

C:\Windows\System\VcpltpJ.exe

C:\Windows\System\sDITlui.exe

C:\Windows\System\sDITlui.exe

C:\Windows\System\iHtiGkb.exe

C:\Windows\System\iHtiGkb.exe

C:\Windows\System\CeFBmaW.exe

C:\Windows\System\CeFBmaW.exe

C:\Windows\System\erXSjPs.exe

C:\Windows\System\erXSjPs.exe

C:\Windows\System\hRAztRu.exe

C:\Windows\System\hRAztRu.exe

C:\Windows\System\AyyzVcQ.exe

C:\Windows\System\AyyzVcQ.exe

C:\Windows\System\TfoGsKD.exe

C:\Windows\System\TfoGsKD.exe

C:\Windows\System\ncqExKo.exe

C:\Windows\System\ncqExKo.exe

C:\Windows\System\FxdDNyV.exe

C:\Windows\System\FxdDNyV.exe

C:\Windows\System\iRXGtJq.exe

C:\Windows\System\iRXGtJq.exe

C:\Windows\System\VrOzQTu.exe

C:\Windows\System\VrOzQTu.exe

C:\Windows\System\PHdiXGo.exe

C:\Windows\System\PHdiXGo.exe

C:\Windows\System\MtlJqGF.exe

C:\Windows\System\MtlJqGF.exe

C:\Windows\System\ZinuXWw.exe

C:\Windows\System\ZinuXWw.exe

C:\Windows\System\NGDLZMF.exe

C:\Windows\System\NGDLZMF.exe

C:\Windows\System\rzhOmYU.exe

C:\Windows\System\rzhOmYU.exe

C:\Windows\System\mXHMUnH.exe

C:\Windows\System\mXHMUnH.exe

C:\Windows\System\taOrQcf.exe

C:\Windows\System\taOrQcf.exe

C:\Windows\System\BNseHfZ.exe

C:\Windows\System\BNseHfZ.exe

C:\Windows\System\SIsvXoR.exe

C:\Windows\System\SIsvXoR.exe

C:\Windows\System\tYNbjcS.exe

C:\Windows\System\tYNbjcS.exe

C:\Windows\System\wlTLLvi.exe

C:\Windows\System\wlTLLvi.exe

C:\Windows\System\JJHBPrD.exe

C:\Windows\System\JJHBPrD.exe

C:\Windows\System\lqwGvJV.exe

C:\Windows\System\lqwGvJV.exe

C:\Windows\System\LpzrpcO.exe

C:\Windows\System\LpzrpcO.exe

C:\Windows\System\MxdNZCX.exe

C:\Windows\System\MxdNZCX.exe

C:\Windows\System\LdHjYyc.exe

C:\Windows\System\LdHjYyc.exe

C:\Windows\System\dOkQagU.exe

C:\Windows\System\dOkQagU.exe

C:\Windows\System\ffHwfze.exe

C:\Windows\System\ffHwfze.exe

C:\Windows\System\VPcDyxv.exe

C:\Windows\System\VPcDyxv.exe

C:\Windows\System\YLQgTGO.exe

C:\Windows\System\YLQgTGO.exe

C:\Windows\System\cYJEnoW.exe

C:\Windows\System\cYJEnoW.exe

C:\Windows\System\AkOHCJK.exe

C:\Windows\System\AkOHCJK.exe

C:\Windows\System\RQgYnsu.exe

C:\Windows\System\RQgYnsu.exe

C:\Windows\System\DljuxIi.exe

C:\Windows\System\DljuxIi.exe

C:\Windows\System\zmWbBOm.exe

C:\Windows\System\zmWbBOm.exe

C:\Windows\System\FkcHlTE.exe

C:\Windows\System\FkcHlTE.exe

C:\Windows\System\VWtbaku.exe

C:\Windows\System\VWtbaku.exe

C:\Windows\System\VRlOrQV.exe

C:\Windows\System\VRlOrQV.exe

C:\Windows\System\ipqiNVv.exe

C:\Windows\System\ipqiNVv.exe

C:\Windows\System\WtjeNJQ.exe

C:\Windows\System\WtjeNJQ.exe

C:\Windows\System\bhaQUFq.exe

C:\Windows\System\bhaQUFq.exe

C:\Windows\System\RvMIwwF.exe

C:\Windows\System\RvMIwwF.exe

C:\Windows\System\wFLieMq.exe

C:\Windows\System\wFLieMq.exe

C:\Windows\System\GOAgwqz.exe

C:\Windows\System\GOAgwqz.exe

C:\Windows\System\XxSrHAd.exe

C:\Windows\System\XxSrHAd.exe

C:\Windows\System\MqdqwEV.exe

C:\Windows\System\MqdqwEV.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System\zFVSnkA.exe

C:\Windows\System\zFVSnkA.exe

C:\Windows\System\ecOTTAb.exe

C:\Windows\System\ecOTTAb.exe

C:\Windows\System\mgSTGmN.exe

C:\Windows\System\mgSTGmN.exe

C:\Windows\System\uyoZuiF.exe

C:\Windows\System\uyoZuiF.exe

C:\Windows\System\VeOLdxj.exe

C:\Windows\System\VeOLdxj.exe

C:\Windows\System\hzmMNpX.exe

C:\Windows\System\hzmMNpX.exe

C:\Windows\System\FgrfsIT.exe

C:\Windows\System\FgrfsIT.exe

C:\Windows\System\eTmScWx.exe

C:\Windows\System\eTmScWx.exe

C:\Windows\System\FTwPBlM.exe

C:\Windows\System\FTwPBlM.exe

C:\Windows\System\outqtCp.exe

C:\Windows\System\outqtCp.exe

C:\Windows\System\BlaXNBu.exe

C:\Windows\System\BlaXNBu.exe

C:\Windows\System\lTXFlkA.exe

C:\Windows\System\lTXFlkA.exe

C:\Windows\System\SuCKCzJ.exe

C:\Windows\System\SuCKCzJ.exe

C:\Windows\System\fJPylkJ.exe

C:\Windows\System\fJPylkJ.exe

C:\Windows\System\NlgqTwr.exe

C:\Windows\System\NlgqTwr.exe

C:\Windows\System\XVUBvqy.exe

C:\Windows\System\XVUBvqy.exe

C:\Windows\System\ddaSqRN.exe

C:\Windows\System\ddaSqRN.exe

C:\Windows\System\yRzSFdI.exe

C:\Windows\System\yRzSFdI.exe

C:\Windows\System\tlczyuR.exe

C:\Windows\System\tlczyuR.exe

C:\Windows\System\tGNWvNM.exe

C:\Windows\System\tGNWvNM.exe

C:\Windows\System\KbhPclx.exe

C:\Windows\System\KbhPclx.exe

C:\Windows\System\YXgQyCX.exe

C:\Windows\System\YXgQyCX.exe

C:\Windows\System\uyxVVWt.exe

C:\Windows\System\uyxVVWt.exe

C:\Windows\System\oECvZzy.exe

C:\Windows\System\oECvZzy.exe

C:\Windows\System\MXntbIP.exe

C:\Windows\System\MXntbIP.exe

C:\Windows\System\hQvomBp.exe

C:\Windows\System\hQvomBp.exe

C:\Windows\System\FRLetWM.exe

C:\Windows\System\FRLetWM.exe

C:\Windows\System\fFsyfKk.exe

C:\Windows\System\fFsyfKk.exe

C:\Windows\System\DEaYNAm.exe

C:\Windows\System\DEaYNAm.exe

C:\Windows\System\eJLGKKa.exe

C:\Windows\System\eJLGKKa.exe

C:\Windows\System\fwbmQud.exe

C:\Windows\System\fwbmQud.exe

C:\Windows\System\spvDJQg.exe

C:\Windows\System\spvDJQg.exe

C:\Windows\System\vLcurpL.exe

C:\Windows\System\vLcurpL.exe

C:\Windows\System\OIvZYRr.exe

C:\Windows\System\OIvZYRr.exe

C:\Windows\System\pKVTNrA.exe

C:\Windows\System\pKVTNrA.exe

C:\Windows\System\oJWwwjc.exe

C:\Windows\System\oJWwwjc.exe

C:\Windows\System\nqQUAhY.exe

C:\Windows\System\nqQUAhY.exe

C:\Windows\System\gDFEYix.exe

C:\Windows\System\gDFEYix.exe

C:\Windows\System\WeziOLI.exe

C:\Windows\System\WeziOLI.exe

C:\Windows\System\cSSZivq.exe

C:\Windows\System\cSSZivq.exe

C:\Windows\System\MAzBKcV.exe

C:\Windows\System\MAzBKcV.exe

C:\Windows\System\BQciDHs.exe

C:\Windows\System\BQciDHs.exe

C:\Windows\System\nnxwwBH.exe

C:\Windows\System\nnxwwBH.exe

C:\Windows\System\tpwEphO.exe

C:\Windows\System\tpwEphO.exe

C:\Windows\System\sHOPZIy.exe

C:\Windows\System\sHOPZIy.exe

C:\Windows\System\jNOOljm.exe

C:\Windows\System\jNOOljm.exe

C:\Windows\System\qUZsDlk.exe

C:\Windows\System\qUZsDlk.exe

C:\Windows\System\ReoGRAg.exe

C:\Windows\System\ReoGRAg.exe

C:\Windows\System\buzCqdH.exe

C:\Windows\System\buzCqdH.exe

C:\Windows\System\BWylUJk.exe

C:\Windows\System\BWylUJk.exe

C:\Windows\System\qNYjLws.exe

C:\Windows\System\qNYjLws.exe

C:\Windows\System\uCMtZNb.exe

C:\Windows\System\uCMtZNb.exe

C:\Windows\System\mFrnwqN.exe

C:\Windows\System\mFrnwqN.exe

C:\Windows\System\EHOaNOT.exe

C:\Windows\System\EHOaNOT.exe

C:\Windows\System\PoFGYCn.exe

C:\Windows\System\PoFGYCn.exe

C:\Windows\System\QDtfSMT.exe

C:\Windows\System\QDtfSMT.exe

C:\Windows\System\wnwYZjg.exe

C:\Windows\System\wnwYZjg.exe

C:\Windows\System\hiKcmop.exe

C:\Windows\System\hiKcmop.exe

C:\Windows\System\xXAZjeq.exe

C:\Windows\System\xXAZjeq.exe

C:\Windows\System\MYTYYut.exe

C:\Windows\System\MYTYYut.exe

C:\Windows\System\dKZJSZo.exe

C:\Windows\System\dKZJSZo.exe

C:\Windows\System\orDJQBg.exe

C:\Windows\System\orDJQBg.exe

C:\Windows\System\cdlyEHb.exe

C:\Windows\System\cdlyEHb.exe

C:\Windows\System\bdxpAoj.exe

C:\Windows\System\bdxpAoj.exe

C:\Windows\System\fTfjiew.exe

C:\Windows\System\fTfjiew.exe

C:\Windows\System\YwNIOVd.exe

C:\Windows\System\YwNIOVd.exe

C:\Windows\System\uJxkViu.exe

C:\Windows\System\uJxkViu.exe

C:\Windows\System\FfuwYzP.exe

C:\Windows\System\FfuwYzP.exe

C:\Windows\System\HVAXHqA.exe

C:\Windows\System\HVAXHqA.exe

C:\Windows\System\fQCilPN.exe

C:\Windows\System\fQCilPN.exe

C:\Windows\System\QLGtlef.exe

C:\Windows\System\QLGtlef.exe

C:\Windows\System\xEFqKMO.exe

C:\Windows\System\xEFqKMO.exe

C:\Windows\System\RzKevWm.exe

C:\Windows\System\RzKevWm.exe

C:\Windows\System\HNVfbsN.exe

C:\Windows\System\HNVfbsN.exe

C:\Windows\System\ckstYyX.exe

C:\Windows\System\ckstYyX.exe

C:\Windows\System\ktIuQId.exe

C:\Windows\System\ktIuQId.exe

C:\Windows\System\tgSOoFc.exe

C:\Windows\System\tgSOoFc.exe

C:\Windows\System\PTbqBfR.exe

C:\Windows\System\PTbqBfR.exe

C:\Windows\System\bhxHVuu.exe

C:\Windows\System\bhxHVuu.exe

C:\Windows\System\cTpAlij.exe

C:\Windows\System\cTpAlij.exe

C:\Windows\System\NwLzjuv.exe

C:\Windows\System\NwLzjuv.exe

C:\Windows\System\BmxahCA.exe

C:\Windows\System\BmxahCA.exe

C:\Windows\System\JTCHSzk.exe

C:\Windows\System\JTCHSzk.exe

C:\Windows\System\mrJRwDO.exe

C:\Windows\System\mrJRwDO.exe

C:\Windows\System\ovZdPEB.exe

C:\Windows\System\ovZdPEB.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 11932 -s 28

C:\Windows\System\iVRyOpK.exe

C:\Windows\System\iVRyOpK.exe

C:\Windows\System\EWMewPl.exe

C:\Windows\System\EWMewPl.exe

C:\Windows\System\rGYCktT.exe

C:\Windows\System\rGYCktT.exe

C:\Windows\System\hBdyWkT.exe

C:\Windows\System\hBdyWkT.exe

C:\Windows\System\TlrJlUF.exe

C:\Windows\System\TlrJlUF.exe

C:\Windows\System\qoOBTkZ.exe

C:\Windows\System\qoOBTkZ.exe

C:\Windows\System\kqvrcWY.exe

C:\Windows\System\kqvrcWY.exe

C:\Windows\System\xTiVvPr.exe

C:\Windows\System\xTiVvPr.exe

C:\Windows\System\dGWyhlN.exe

C:\Windows\System\dGWyhlN.exe

C:\Windows\System\jrgTpkK.exe

C:\Windows\System\jrgTpkK.exe

C:\Windows\System\ejmsGsM.exe

C:\Windows\System\ejmsGsM.exe

C:\Windows\System\UjOYAIK.exe

C:\Windows\System\UjOYAIK.exe

C:\Windows\System\XHTKsIH.exe

C:\Windows\System\XHTKsIH.exe

C:\Windows\System\ISdDcHq.exe

C:\Windows\System\ISdDcHq.exe

C:\Windows\System\StBlsDP.exe

C:\Windows\System\StBlsDP.exe

C:\Windows\System\ZkNNulq.exe

C:\Windows\System\ZkNNulq.exe

C:\Windows\System\YGwFFUz.exe

C:\Windows\System\YGwFFUz.exe

C:\Windows\System\sAvXgPb.exe

C:\Windows\System\sAvXgPb.exe

C:\Windows\System\HzGMsgb.exe

C:\Windows\System\HzGMsgb.exe

C:\Windows\System\pwkDOVd.exe

C:\Windows\System\pwkDOVd.exe

C:\Windows\System\UhpHzKV.exe

C:\Windows\System\UhpHzKV.exe

C:\Windows\System\zfxfqJf.exe

C:\Windows\System\zfxfqJf.exe

C:\Windows\System\mnaHDnl.exe

C:\Windows\System\mnaHDnl.exe

C:\Windows\System\gtXUXcZ.exe

C:\Windows\System\gtXUXcZ.exe

C:\Windows\System\WcCtYdE.exe

C:\Windows\System\WcCtYdE.exe

C:\Windows\System\xbPOJdc.exe

C:\Windows\System\xbPOJdc.exe

C:\Windows\System\wjnEngw.exe

C:\Windows\System\wjnEngw.exe

C:\Windows\System\dSUpcbx.exe

C:\Windows\System\dSUpcbx.exe

C:\Windows\System\AmfgaGC.exe

C:\Windows\System\AmfgaGC.exe

C:\Windows\System\vnEwPhX.exe

C:\Windows\System\vnEwPhX.exe

C:\Windows\System\EApHBWp.exe

C:\Windows\System\EApHBWp.exe

C:\Windows\System\HpXsdTy.exe

C:\Windows\System\HpXsdTy.exe

C:\Windows\System\mqJATnw.exe

C:\Windows\System\mqJATnw.exe

C:\Windows\System\WqWLDqf.exe

C:\Windows\System\WqWLDqf.exe

C:\Windows\System\PLxecmR.exe

C:\Windows\System\PLxecmR.exe

C:\Windows\System\olNHCHb.exe

C:\Windows\System\olNHCHb.exe

C:\Windows\System\cFFAyhc.exe

C:\Windows\System\cFFAyhc.exe

C:\Windows\System\vtwAPtd.exe

C:\Windows\System\vtwAPtd.exe

C:\Windows\System\NksLsfs.exe

C:\Windows\System\NksLsfs.exe

C:\Windows\System\NBpRUxo.exe

C:\Windows\System\NBpRUxo.exe

C:\Windows\System\dxnXzQN.exe

C:\Windows\System\dxnXzQN.exe

C:\Windows\System\VRaUzBD.exe

C:\Windows\System\VRaUzBD.exe

C:\Windows\System\NYVcoRF.exe

C:\Windows\System\NYVcoRF.exe

C:\Windows\System\ibegZkE.exe

C:\Windows\System\ibegZkE.exe

C:\Windows\System\JZJuDwL.exe

C:\Windows\System\JZJuDwL.exe

C:\Windows\System\KCzDiLk.exe

C:\Windows\System\KCzDiLk.exe

C:\Windows\System\AkQsTWC.exe

C:\Windows\System\AkQsTWC.exe

C:\Windows\System\iGMBVbl.exe

C:\Windows\System\iGMBVbl.exe

C:\Windows\System\PTMBmSL.exe

C:\Windows\System\PTMBmSL.exe

C:\Windows\System\QOrOktX.exe

C:\Windows\System\QOrOktX.exe

C:\Windows\System\nHdRYsX.exe

C:\Windows\System\nHdRYsX.exe

C:\Windows\System\OUvrilI.exe

C:\Windows\System\OUvrilI.exe

C:\Windows\System\dxoMMdB.exe

C:\Windows\System\dxoMMdB.exe

C:\Windows\System\UEFjxOa.exe

C:\Windows\System\UEFjxOa.exe

C:\Windows\System\PWqFaCY.exe

C:\Windows\System\PWqFaCY.exe

C:\Windows\System\qigfbLi.exe

C:\Windows\System\qigfbLi.exe

C:\Windows\System\RJrBHeV.exe

C:\Windows\System\RJrBHeV.exe

C:\Windows\System\BDlTnbm.exe

C:\Windows\System\BDlTnbm.exe

C:\Windows\System\fuaSWen.exe

C:\Windows\System\fuaSWen.exe

C:\Windows\System\bEiauxt.exe

C:\Windows\System\bEiauxt.exe

C:\Windows\System\PvUxzRs.exe

C:\Windows\System\PvUxzRs.exe

C:\Windows\System\fEPziHe.exe

C:\Windows\System\fEPziHe.exe

C:\Windows\System\fccdrDB.exe

C:\Windows\System\fccdrDB.exe

C:\Windows\System\zVlIUmo.exe

C:\Windows\System\zVlIUmo.exe

C:\Windows\System\YViDZhU.exe

C:\Windows\System\YViDZhU.exe

C:\Windows\System\vWfLjsv.exe

C:\Windows\System\vWfLjsv.exe

C:\Windows\System\iWRrJLI.exe

C:\Windows\System\iWRrJLI.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.98.217:8080 tcp

Files

memory/2784-0-0x00007FF7E13F0000-0x00007FF7E17E2000-memory.dmp

memory/2784-1-0x000001A140BE0000-0x000001A140BF0000-memory.dmp

C:\Windows\System\LGpooxQ.exe

MD5 300d9af4a690e0380844d9c29505f8bd
SHA1 ddd8b58dfe780af1e37082fd502dcbb9d67f42d8
SHA256 b6a20aed1728ca11dba74da483b46de0275b22c08993ae70322a5df6d3cd16e8
SHA512 f0e1521905f62e2f81df3780aa1741071ecb600cee8a149e53d48c160e2e0e018625581cca228f02668f24b7c238e36452ecb00c017e93c04119247524d55c58

C:\Windows\System\gpkJzWP.exe

MD5 ce6e94ff7de627008e11056acf6788ea
SHA1 2b9f0a39c191d4b66199118287d8ef7332880afa
SHA256 967cc3e5095e4845b62f5824e683fd3b19a3b97c7aada31e761cfab96fb6b3f5
SHA512 ef12a50752d0ff7248c02e56bc40eb7c997f2c142281c88ac8bbb968a37402f764e60ef59f2f6156c6f76d29f31e8f425f0e99a7773e64562df61785aa34ffb9

C:\Windows\System\KQIxHCB.exe

MD5 d1ad56767d8fb679c9cc3916d1e7f885
SHA1 ea30c9a451edc549da5c2070edd08c4326ea5e31
SHA256 e52904761317a87778e88040533b7268f4dbbd3445f35875f5a4f61512de7aa1
SHA512 663bfcdcd17a756f90266c9b13b10bb26672c849fb5ef81422454d99168ce1b52d8da25f7d84db0bc92dbf60ad17d9911de0a70d6e61db23af23ce14bf3bec8f

C:\Windows\System\NGQjIBe.exe

MD5 c3b8ef28c37da6bd213beb4ade3e2d4f
SHA1 96362fc3a87d3f6cef467ef0bce10d854d0664dc
SHA256 3fff274a83e372d6b0b41b13fd76d41601c48db5402d98ba1ceb9d537838120c
SHA512 528de7a052bb6b1dc069a1d9bf8cf2d2476dd7882db2194505e899eaf85d91bb8d44457046f1b96351503c21b1d3eb8c65608f0cd1618099cad5c584a2a78236

memory/3564-563-0x00007FF62D000000-0x00007FF62D3F2000-memory.dmp

memory/5016-583-0x00007FF64D860000-0x00007FF64DC52000-memory.dmp

memory/1136-589-0x00007FF7BDC50000-0x00007FF7BE042000-memory.dmp

memory/992-824-0x00007FFF47190000-0x00007FFF47C51000-memory.dmp

memory/1720-993-0x00007FF76E630000-0x00007FF76EA22000-memory.dmp

memory/992-2342-0x00007FFF47190000-0x00007FFF47C51000-memory.dmp

memory/2576-597-0x00007FF612A30000-0x00007FF612E22000-memory.dmp

memory/3384-596-0x00007FF6956F0000-0x00007FF695AE2000-memory.dmp

memory/3244-595-0x00007FF6127A0000-0x00007FF612B92000-memory.dmp

memory/2280-594-0x00007FF6651D0000-0x00007FF6655C2000-memory.dmp

memory/4160-593-0x00007FF6CF9D0000-0x00007FF6CFDC2000-memory.dmp

memory/2900-592-0x00007FF710D20000-0x00007FF711112000-memory.dmp

memory/2368-591-0x00007FF7DD0E0000-0x00007FF7DD4D2000-memory.dmp

memory/4704-590-0x00007FF64B110000-0x00007FF64B502000-memory.dmp

memory/220-588-0x00007FF787FC0000-0x00007FF7883B2000-memory.dmp

memory/4956-587-0x00007FF7027D0000-0x00007FF702BC2000-memory.dmp

memory/4688-586-0x00007FF687AE0000-0x00007FF687ED2000-memory.dmp

memory/3216-585-0x00007FF66BD60000-0x00007FF66C152000-memory.dmp

memory/816-584-0x00007FF7DB930000-0x00007FF7DBD22000-memory.dmp

memory/4748-582-0x00007FF754D60000-0x00007FF755152000-memory.dmp

memory/1688-429-0x00007FF685300000-0x00007FF6856F2000-memory.dmp

memory/992-389-0x000002526E930000-0x000002526E952000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1svmbtql.4im.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1532-322-0x00007FF742940000-0x00007FF742D32000-memory.dmp

memory/5056-271-0x00007FF7B2C40000-0x00007FF7B3032000-memory.dmp

C:\Windows\System\NScYzDN.exe

MD5 f0ee486790dce068fb3ebd37d4e3b5dc
SHA1 6be2a722ae7032f9fd7507933f9c9ff9c78ba3c2
SHA256 cb6907b3f7da96c7631e6d538183272015cebd26665f277dbd461eeb0f1cfc22
SHA512 f6c0ec46cfc01afa312a89139fc4fb18a2a6cd792c3d3d7de017acbb80f97311defeeab2cd7199acbc0dbbf40eaaefe0c8f496b1218af179cadd38d60dd5457b

C:\Windows\System\rXILqak.exe

MD5 d05fea1aa9583f252937367a8ee89e82
SHA1 37a6583f618bb8670a9dab62ce9d5f9f68dffe5b
SHA256 cb38f46093f136acbf703ec3f653f5ac811ff60d0f6aeced1d7e1a398a104f4b
SHA512 baa03ef43d71b00f7c24da509f8064dbcf2defd4e785c1e3b44df13f8038967cac9d87a9d7451dcd9b9841a1d54a798da3519ec82c9902c46f367d278887108a

C:\Windows\System\ZFoJgFE.exe

MD5 fa98f3df7eafb75eacbfbbe0bc7ed2d6
SHA1 abe04e679b9007588a5fd60724f26bbe489b6e50
SHA256 dc205c8e246dc208e8501bf4ccf4d05a99b3514b8acddecd0730745303388ec2
SHA512 34827f529f0d82ce87ca0241b5c8752f1c8eb7919f5e3ef707eda21246dc0e3a7843b5d9cae6dad39f1ddb0008fe1689baf58e12eec551b2bd7173a92d46080a

C:\Windows\System\Ozfbddi.exe

MD5 83a20221e35e216ab13a4ab780b60d7d
SHA1 110790821dc31929dd5aef3e6ca6c9794464a479
SHA256 20365f7bea0e32fb7d412728c69d4d1dea5fc7473007e2c362ee909bd0b89829
SHA512 2d8b3c5dfa06b344e02804591912528e8d6e81101661e0b7f9dc4c5058c44c5dfbf85691bcc4ffea0f5d97186357965b1221d8eef2b5fa5a51161891b4e1db0c

C:\Windows\System\amZgfft.exe

MD5 b3bf784fa2e47d3b0074c1af1d82dadc
SHA1 3318898a3c73ee9023623d63c0beb5c923d0b952
SHA256 debfd84009c9abdb68b95b4e3ab5b9cecbef51fafcda35d6d2fa99164e5fb8bc
SHA512 7bded1e1bc5664492bd9a35b3a33147e6da9bbf2b8b7c4a791bf8ba5be623d83d0eaaeb00e7ff1b6664893d756a5f0a719469634a0a477ae0f96dbb28bf2c022

C:\Windows\System\KPvaNGW.exe

MD5 0123fd997e41a5078ebb46af2fdcf871
SHA1 5af87a81c0294320c05de453dd61f3ecf964a4b2
SHA256 e89a77e92cc3c4bc86dced6f411844255b379bba825cee399eedf85b44a6c9fb
SHA512 74ddc6c6e90219da59dbefe044a51b787e9a85a64a1132780d598d6e3c7ce13e293ca1d7906dbf8932f2225bb994f01a22d670a2a6239c8dad999aa713e98ca8

C:\Windows\System\qtrrUmW.exe

MD5 7643ce6b640bb6a2455a9641a5c85795
SHA1 a6b49ac30c478c480f6cebcc5ccd26b547eb58c3
SHA256 c09f7843f893844d8ea0452d537218d12d9466faa17bd247b9ca95bf6e9d49cf
SHA512 26b50f4ec3da5301f9a0bc85b92d9b4f79f331af99c7f11283954a8e67cd8132754f70651f4c78d5bb3f0270eab628cbfa9b7d35dacafa1a5aadd517294496dd

memory/1452-211-0x00007FF6684E0000-0x00007FF6688D2000-memory.dmp

C:\Windows\System\ZaBzVIb.exe

MD5 673359b41a75245a7454e96f762844ff
SHA1 19b49a5876bed84a726d80b54bfa8f2036aef0da
SHA256 e817852349a234d2ccc41159bb906b734b5cc955b486a844b080cc922e0b497d
SHA512 d2edbbb723116e782dee1f1ae153c232dd6449b2cb70a0be6336d1a57e834c5a968a0d90d9bb55f1a0d57625100bd4c0eb38f8a939236f9ecd05b55602cac315

C:\Windows\System\wFgRKVD.exe

MD5 5c49e632526f999247aa11b5b6aaba35
SHA1 9b96219a9cb1f2eff7cc5d8d939264b8d3f2ee86
SHA256 3ef3833080f509cec0ec2a14c2f2d902987b6e4ef6848856f53c201ce3c386b1
SHA512 e22438367d91b404875ba09b16d842f821ccb7513d915db07d6c67134607e758c3cf967177524d5ea914f21765214ea4e9ffa9c1f463a9ddc01b31067952d3ae

C:\Windows\System\bpZghnz.exe

MD5 6153588f8709f1d287b7982baad42913
SHA1 038306cb131f8f9399d3baf3e7c43af1d4ee81a5
SHA256 a3470b094fa46658e31d373014825008125df9ff853a0bf12e4a4209e50559b1
SHA512 be34147acfa2e3ad186c64bb94a15b474f2c359771806db0a491f4b6117f4ac52147e30ff3859ac89c6d1409184468acad3ce37388d35bf776c2d9116af7d948

C:\Windows\System\ZbHroiy.exe

MD5 adb5bb086ddc6057480e290d5b266044
SHA1 fc999b9fc3d201dbd4390920ff33dffeaade7b81
SHA256 0cf3d7f30f46ce81f95d1703d78035c50228b64ec7e992bd5715a5e0b9601f8f
SHA512 4b6b72165798fc0bf06c84ef600232981b9536ed2c76e6bb3b040aef9a09f2e3c04bec6fc5bddf5a2e9bb1c94fc325008202aef37a3d42c751c3dec247b6142c

C:\Windows\System\lxANqNn.exe

MD5 1535d86c26cd2b6c5b69d944c975c503
SHA1 b6ff3a46b73c0eec3134b97af3612ec28ce3801f
SHA256 a99e07a050028c61e6380652d9d279412a713a6e925ab4649ed58bfcc12edb78
SHA512 7a4ca5b9899e85ff481d9cbecda47a0d66acaca8451740a0fc33090a3c183bd1613f1eeb3d3db015dd6f962b38dae092cac9a62c33755912dc3c1f6f77d9cbbd

C:\Windows\System\XSRIfsS.exe

MD5 0601c57c731d01bc721c4349413f7e83
SHA1 1a448dd9242eb4c93217cb9b0ce8b3d4de70f142
SHA256 efe218f85909c0c6e0ca49bf16692c15ccf219bd6490ffe1e105d35c9119417e
SHA512 c18f7a7f571e9afaf3c58a1dedf5c95cb38dc652ff609226890854d14d77fa4f471870028083028649c3981114af237d43213e4d7b6abe9c464eadc8fc9ff54a

C:\Windows\System\pSxvcqV.exe

MD5 bab62eb035b79cfc09a32c659c3d2698
SHA1 34b67359f7412dc74e0dea9dc2e586d45dc85f46
SHA256 f5c4ee754540326be0b4198477ba56f3939ad2349ea71f3543e912db4058e35d
SHA512 ce86a1d1c16a1784519a9d748c76dea61578777e1f61c0d00ec89a1f632bca10efc03f244e508c361a166c240fb784c50fcd8b148cf62aac2ddc4ab4a0e48e54

C:\Windows\System\qOMQhYr.exe

MD5 c4644f5f69bdb3d7fa402cd20ccdefea
SHA1 84b078a7ec50c50abc81eea6e2f5e0ac75ed5583
SHA256 3d80acc2c48a329137df7eb07cde38266e694440cdfda7cd3d6ed964ddc9659b
SHA512 454fd6416072af5e714ac28d77e8baf4ee9bdf0da0977e5d57410d61a47e46eab9f9fb0fba8189ba072caa9a3233ee7700d9294513d15e17eb16157aa6bf5fe2

C:\Windows\System\MlgHcaZ.exe

MD5 e1e2dc1978f75284331da78d95297dae
SHA1 1c712c626476ba906e1b31331b00a2aa3752a81a
SHA256 46358646fe6b7c68fbdeffed5e4553ff5867730f62b19992e4f7dda40aa09159
SHA512 716c2a5f42dcf2536cf0f879790c0ad8544a92326e8c030aea357fa68f62ade5efd73522423920a68899adea28107fcf4be3fcc371b92335b5d88e9eb6fabaa0

C:\Windows\System\nedMnrN.exe

MD5 354f19edbdcb1af13e371c30891bb56e
SHA1 7cc0474c0abbf1edf90fa51c4af412c3c9ca060d
SHA256 b46106c2f8a5c949941eb4b5337d84474e0af17f9ccfac619e8e85a91641db00
SHA512 8874022d8239b6059033de32e34396013d689df61b00c68a28e0f9878a6a259a2e8591b74f976721bc2bc843f585cec7bbd872ab77a3af4d6bb69b5ccb62e356

C:\Windows\System\TrlMCDE.exe

MD5 13980f56d852772ea2a07cb564fccd76
SHA1 4e46b81fc984ef8b77f14abfa04fbc99d619cb7a
SHA256 b9952d5c88e718804aad50de10ac7327ba8a619dfaddaa4d5e53d3aadce1d997
SHA512 f2caa4f2e6962d2d030010c270894c61604353648eb7f3bca6ceb9f276b8ae2ce76160230e11dacc6fb5b3606131f370fe156b87666e75d8a752d86ac19651a1

C:\Windows\System\iddQUem.exe

MD5 77df849acf329d5ec62fdf403cd57f9b
SHA1 cb62749ca514f3592e128d4d4d8fc08871e4f213
SHA256 31358d286963a3d888dcf1eb73a0e042ddea8b78e01e4bf15a6f23f7dbb3573b
SHA512 5d2b1793d407d71b0a7068ed96d7d9c96b77e8ebc65f9a6d5f3bea34e980fe551cfab83d8dddc84d6a9f466a0f07f76458c03fce71ab39831be85311c2e932bd

C:\Windows\System\XMTwAYI.exe

MD5 672a56189cccdcf8a06d3983ea38f4f7
SHA1 18a9f703be94c9ca3c79c387ff5c9526716bf97d
SHA256 ca50477b4d508888096f0ab628f5ad2114f3500f575171e2a5bd96c30984c225
SHA512 00ba6a534b304a8c5d2ef18f869b6d58db23d5ab2468ab0e291fd3a048783af3b2979e62e5f19247f65e8d99ba82b9fefc12636729d8a6b764f2289a9d88079b

C:\Windows\System\YOMOeLk.exe

MD5 416963970fd080573b3255f0a22e7a03
SHA1 af8964baf9664f200e3d234012294fdd4b4c8923
SHA256 5369af8ee1dcd63a743568cba42e68b2ad4e487a61732385058f14c67bdd8cb9
SHA512 70530478ecee62915c6395e5b833bdeb79685cb2ad845264b36e56df07f0100a2107adeee41482973ceed04abe748fe2bbe3569b1ff28984d0131eb886aabd67

C:\Windows\System\slSagFA.exe

MD5 d311357f233345d373a67b10b209b25e
SHA1 f9a713c8104fd68a4f509a1a5abe3d02010617f9
SHA256 8be97541fddc1a16b078593f53d30e1a66aac9b06b57f4e8945f13e07df338b6
SHA512 62da70d9838d41b66dd0b6df79cc27ecd898e15ac48adfa57b5d2a773b96ab3f1af3ef816a4b0f79a13d8e6a777fcd0c0cb5cee2631e541f76b6e0ef9b5d0a72

C:\Windows\System\xWUZdGV.exe

MD5 bce742b7fd24807950fb9906a54ed5db
SHA1 9b10961d2bffc02ffd0ea3bd29a450b9cccda828
SHA256 140c8207b03b539d787f099212a26ff912cee9b8b668800add672f3538d63326
SHA512 a711f390f75ed0339a8d95e932be8feac7fbffa36977af8db2fd499575ffaa8f03ee93c146074c4d8467b9b01fd1e3272365cec8cbc9b9698e9b62a2fdda5448

memory/992-119-0x00007FFF47190000-0x00007FFF47C51000-memory.dmp

C:\Windows\System\UmVLhyU.exe

MD5 4ebbc1cfa8dec680f670269c720b9cae
SHA1 ff17f7b3941bf8c2a6ec3adcf6ff5bd009a4e20c
SHA256 73c4cd5ed59193ac8f1ef2fb8c28d218a780276bea8d3b5fce451c47f82d4194
SHA512 8a363cc759f6b3b54b3c04697ee62e0072fd96d2cd4462c58208982563a22bda8567c1ffe193f9d30cb3e134c555f52af1a3e0499213deeb84b2fdca329cdcbe

C:\Windows\System\lYSAdZT.exe

MD5 d0955967dc2fe8c871e3cfdf2f1a46fe
SHA1 b1047c247d5f7123619176ae2acc7a3f21236248
SHA256 62dd3f069eb3f69e28a95a423eefd6bd350207b44b4d0d1dd92cf63a9d2e2855
SHA512 1eca01d75fa6f20174f3ef7563c445680c4d318e25d2991e3d4e7ee61727ef1eecd6d68ca56236c09d50854031b33ca47b7e2386994c5747ccc59fe6ab023c8b

C:\Windows\System\xeKCQnf.exe

MD5 ff277d6e9f526a0d4b963b51ef098331
SHA1 e93a78674f3dd0765a43c501e33830f5f351ed49
SHA256 4e8a8802f2d0fbfb5c6a07feeb234fd829de84949eb6fc1e37a136a215a08a92
SHA512 56572ad41b15d413e1e1d9027c049f60b99a8c06e5b1dbf8f8f78ec4f5e49068c1cd10b695b2cf23a9ed2ac67356e2e1c03ac4ffae744af228d09235c9500d30

C:\Windows\System\TadkSEF.exe

MD5 349d6b152c0cb7936665a28c4704f2ac
SHA1 4b1abdae25f91e5fc08d1f6a230fe85dbdee1166
SHA256 0e00db010b02f463a054bac11d086d54881e00aa5b7723e9234ca0c7d5ff2350
SHA512 020ecb7464f352d21a309332d6b1a364266a21f7cf65a7ded3fcc928a17146c84954091f6814a90439e00c969846c1d9ac4aa66dfe2235e935711b6d2b7fd279

C:\Windows\System\PooUfXl.exe

MD5 9cadd9260240fdf7a384c6f0a17967b7
SHA1 c67a12b8fd01696f907a6ad7aa4a85842fa986c5
SHA256 44db73835e3f080fd7c1187c535b7223ddb411fb3e88b5bbba7e7996622c9ec0
SHA512 b35caf092bbeea53d4151809c826b7aa81dece8fb645cb10500a6e315475ba01e33fe3dc9b8d835bf7319a100799bbc0e290dccaf3d2f92e99bf98be33cb99f4

C:\Windows\System\IuZtFtJ.exe

MD5 35bbd2fc72673f33cc2067c55ee053d6
SHA1 dbb48eaa97db30c8e2fe2ffb9d8400f544157350
SHA256 d3eb0166c1f7b7f1041fe3c9adb8f17d13098bf7ee9c01b4dac28b16eba307cd
SHA512 6a916526d60915a5ada4a471186a7e334ca712e952be1a44daf4925bf21d590cf70459789d30d0c2947a2911281d5d542d3d19f84349758c650b816ed641b13e

C:\Windows\System\FPlEYtS.exe

MD5 d266ebc38136ab3f28db9b9f8f4e2362
SHA1 d3adc383c853eae3235f309b5a511c2b139783c9
SHA256 23c89ea5f5e7db6d1e996bb94a01b4e6ead29ea68829126b81507eea7eed8dcc
SHA512 31179a62d6504d24ed5580ccad48d569232935280ac4964d220b7f2947a7110956f07fb5fdef4d182a5e30927098f06c3d4787edf4060bbb4c16c615add8b723

C:\Windows\System\QBrlRDD.exe

MD5 fa61bd8fc982ac08bb048d30381a2293
SHA1 60bc0fad61d36278538e2cc27bb723f7a062cfd1
SHA256 06af76d5ccf5b44dbe2fbea6774228d9ce779f8fc723284be4907361cca4de9b
SHA512 39d6d8e59796ab8e228123d781e67167e26e748cd57bfdfa859f4df5a4f0cad508cf4298a3a1898279c5db0748409062973ee5253d6bbbb1fa05db71c5d13769

C:\Windows\System\SyojmjK.exe

MD5 fd323f39f45f06c6320aecf94af9e536
SHA1 097da73b7f01848bb453912f1accc75b7078cc95
SHA256 a11d45d779f0cf753a350c98290408248ce4d91463af80da3ea044f8847270d7
SHA512 66be2959265b7e351fcec3f0673f61a518a984929b45adf70829f5d9da4faa70f6ec66db0fb252af8e396bb34c9a574e0c3a6704d321cddb91e1f8b48428159f

C:\Windows\System\xKKRymP.exe

MD5 702632c44590640214cab0513d2238b9
SHA1 8868bb54e7fd5224d155895568ed6339a9384be9
SHA256 4249b739920afc2427bc01576a782916ec3121ebd7a3be9bc8c3f19cafc5d57b
SHA512 eb932ac3df65ac17c685438d3b6fd2693d4e7b5cc00e0974de3742102facb928c5fa0147dc7ba6a28f15e0521b7892ce573bea57701f1fab105cb06e1021cb0f

C:\Windows\System\UmhYIEL.exe

MD5 413c7047508fc458574ad315e24fd220
SHA1 db72d4180780c8e19b026a676734fa1c3ddab8b8
SHA256 d33473d779aae13530b16cfe67aca81eb3c358befe3a7e290bf894678c1bfa3d
SHA512 8b40a1bcfc2050cd3cd9ab2dd30aa9eb46d8456b15c962513fecbc24e4ae8d46d55333e616032f81d78e6910b9750466e67a16da07c397afcb645fd8fe3d2d82

memory/3380-33-0x00007FF799FA0000-0x00007FF79A392000-memory.dmp

C:\Windows\System\kzYMEyI.exe

MD5 c2526b9a25c997852a11d1a5abca3e40
SHA1 6baf9d7dd548c0f01ed3c24052fe9f025bda58fb
SHA256 3eb8e971d635e9f12d5372c9e847c82d69ddd80f767789dec02421cdff2fbfc7
SHA512 bfad6f4c69c89f0fb186330492026d2c9b0e6e28b6e863bebbf83d7d47e13e6b573dde7a3fb1cad9c082d1d19941cf45b059ed92818939bdc7bbe2191c6576b5

memory/4860-22-0x00007FF665980000-0x00007FF665D72000-memory.dmp

memory/992-5-0x00007FFF47193000-0x00007FFF47195000-memory.dmp

C:\Windows\System\JlnKnso.exe

MD5 66bd487d69202ef8b2b1bb2e1931ebf3
SHA1 6297e827d2cc12ba96555851f82fc059665704b0
SHA256 4443ea8760d035c6b4f05df6df4c7e7ad9c5afa8dead954bce57dab5a5afcf1e
SHA512 9e09fc0a19c454ee0cecdc74d2823aed9c4a94ebbcd2ca5a3004beafcda66afd0bc9b7ffcaee69b05991566849eedce2fe3d3b28ecd596511f3194e8d04c5acc

memory/4860-4540-0x00007FF665980000-0x00007FF665D72000-memory.dmp

memory/3380-4542-0x00007FF799FA0000-0x00007FF79A392000-memory.dmp

memory/1452-4544-0x00007FF6684E0000-0x00007FF6688D2000-memory.dmp

memory/5056-4548-0x00007FF7B2C40000-0x00007FF7B3032000-memory.dmp

memory/2576-4547-0x00007FF612A30000-0x00007FF612E22000-memory.dmp

memory/1532-4550-0x00007FF742940000-0x00007FF742D32000-memory.dmp

memory/5016-4553-0x00007FF64D860000-0x00007FF64DC52000-memory.dmp

memory/1720-4556-0x00007FF76E630000-0x00007FF76EA22000-memory.dmp

memory/3564-4555-0x00007FF62D000000-0x00007FF62D3F2000-memory.dmp

memory/2900-4580-0x00007FF710D20000-0x00007FF711112000-memory.dmp

memory/4748-4579-0x00007FF754D60000-0x00007FF755152000-memory.dmp

memory/2280-4573-0x00007FF6651D0000-0x00007FF6655C2000-memory.dmp

memory/1136-4571-0x00007FF7BDC50000-0x00007FF7BE042000-memory.dmp

memory/4160-4564-0x00007FF6CF9D0000-0x00007FF6CFDC2000-memory.dmp

memory/3244-4560-0x00007FF6127A0000-0x00007FF612B92000-memory.dmp

memory/4688-4559-0x00007FF687AE0000-0x00007FF687ED2000-memory.dmp

memory/220-4577-0x00007FF787FC0000-0x00007FF7883B2000-memory.dmp

memory/816-4575-0x00007FF7DB930000-0x00007FF7DBD22000-memory.dmp

memory/4704-4569-0x00007FF64B110000-0x00007FF64B502000-memory.dmp

memory/2368-4566-0x00007FF7DD0E0000-0x00007FF7DD4D2000-memory.dmp

memory/1688-4582-0x00007FF685300000-0x00007FF6856F2000-memory.dmp

memory/3216-4585-0x00007FF66BD60000-0x00007FF66C152000-memory.dmp

memory/3384-4601-0x00007FF6956F0000-0x00007FF695AE2000-memory.dmp

memory/4956-4597-0x00007FF7027D0000-0x00007FF702BC2000-memory.dmp