Malware Analysis Report

2025-01-06 19:48

Sample ID 240527-wry6macf8s
Target 089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe
SHA256 cc48322f33330144b60ac34dbc15eb11c127ad89f8b771ee734040cb89146bea
Tags
upx miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cc48322f33330144b60ac34dbc15eb11c127ad89f8b771ee734040cb89146bea

Threat Level: Known bad

The file 089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 18:09

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 18:09

Reported

2024-05-27 18:12

Platform

win7-20240508-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\njIWGms.exe N/A
N/A N/A C:\Windows\System\MeUbOvv.exe N/A
N/A N/A C:\Windows\System\DtwUCJi.exe N/A
N/A N/A C:\Windows\System\gwdPrJA.exe N/A
N/A N/A C:\Windows\System\FfsqcMn.exe N/A
N/A N/A C:\Windows\System\BQrGVvx.exe N/A
N/A N/A C:\Windows\System\WfBGbNB.exe N/A
N/A N/A C:\Windows\System\PeiLxxA.exe N/A
N/A N/A C:\Windows\System\TanMURT.exe N/A
N/A N/A C:\Windows\System\UjEdhWr.exe N/A
N/A N/A C:\Windows\System\FNpQtDG.exe N/A
N/A N/A C:\Windows\System\afQoFMV.exe N/A
N/A N/A C:\Windows\System\wztEsZT.exe N/A
N/A N/A C:\Windows\System\KdRGcTh.exe N/A
N/A N/A C:\Windows\System\EQBIXfy.exe N/A
N/A N/A C:\Windows\System\rElhnri.exe N/A
N/A N/A C:\Windows\System\PQSmHTd.exe N/A
N/A N/A C:\Windows\System\NAecZLP.exe N/A
N/A N/A C:\Windows\System\QkYOKoX.exe N/A
N/A N/A C:\Windows\System\wtNiJaD.exe N/A
N/A N/A C:\Windows\System\lhcwXqr.exe N/A
N/A N/A C:\Windows\System\kedFFeH.exe N/A
N/A N/A C:\Windows\System\GwJPBGk.exe N/A
N/A N/A C:\Windows\System\tGAajhy.exe N/A
N/A N/A C:\Windows\System\qAWHoZK.exe N/A
N/A N/A C:\Windows\System\JDasrwG.exe N/A
N/A N/A C:\Windows\System\dbTxnZL.exe N/A
N/A N/A C:\Windows\System\kOptFsL.exe N/A
N/A N/A C:\Windows\System\vGDEywR.exe N/A
N/A N/A C:\Windows\System\ioLZzJn.exe N/A
N/A N/A C:\Windows\System\zsfJGNl.exe N/A
N/A N/A C:\Windows\System\KMmOlVo.exe N/A
N/A N/A C:\Windows\System\RmzxSMW.exe N/A
N/A N/A C:\Windows\System\mSMteQA.exe N/A
N/A N/A C:\Windows\System\qnUumPM.exe N/A
N/A N/A C:\Windows\System\IeLERKq.exe N/A
N/A N/A C:\Windows\System\NSUywXT.exe N/A
N/A N/A C:\Windows\System\TIszKQF.exe N/A
N/A N/A C:\Windows\System\HMEkocx.exe N/A
N/A N/A C:\Windows\System\MYUMWNS.exe N/A
N/A N/A C:\Windows\System\hAvReye.exe N/A
N/A N/A C:\Windows\System\leBPaVP.exe N/A
N/A N/A C:\Windows\System\xjBGePu.exe N/A
N/A N/A C:\Windows\System\RjTqXZg.exe N/A
N/A N/A C:\Windows\System\qJQRvJZ.exe N/A
N/A N/A C:\Windows\System\mKrmfxC.exe N/A
N/A N/A C:\Windows\System\EWGqcgb.exe N/A
N/A N/A C:\Windows\System\ksSuoxa.exe N/A
N/A N/A C:\Windows\System\jkKgmDS.exe N/A
N/A N/A C:\Windows\System\oSyRZJr.exe N/A
N/A N/A C:\Windows\System\aqfCoAl.exe N/A
N/A N/A C:\Windows\System\MhkZfjw.exe N/A
N/A N/A C:\Windows\System\jdNrTzO.exe N/A
N/A N/A C:\Windows\System\JnKnfKt.exe N/A
N/A N/A C:\Windows\System\ZhjTLiL.exe N/A
N/A N/A C:\Windows\System\WdUpTiJ.exe N/A
N/A N/A C:\Windows\System\lOUpuNU.exe N/A
N/A N/A C:\Windows\System\LuHrMJj.exe N/A
N/A N/A C:\Windows\System\FOvQYFZ.exe N/A
N/A N/A C:\Windows\System\dCJQguB.exe N/A
N/A N/A C:\Windows\System\TtHafJZ.exe N/A
N/A N/A C:\Windows\System\eTpbgUO.exe N/A
N/A N/A C:\Windows\System\uSXLMIn.exe N/A
N/A N/A C:\Windows\System\rbCbTlJ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NuHHnlK.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmSQptu.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ghklser.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XZbSiSL.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zFCDgDo.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aYSlokv.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdUrzAD.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TcvXSZa.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XBUQrSB.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dTMpxPY.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUjKKSs.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\FYcSPqC.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPdEvYD.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\FOvQYFZ.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zdxLXwp.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qpFtvNu.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmKMHiv.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdHGbbc.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZBklLm.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YiVdMPr.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzXPFjf.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvvOuMj.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYcsBdQ.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CQRYQOU.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ngzjbuf.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHQDofg.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xFHyCsO.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hARYMkJ.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bDJLIWn.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\revDobw.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKSAqcL.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\jbyGJvU.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\URLkKdf.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DRPTKYw.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dgZjTQq.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WItcFhv.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\VInXdSh.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZNpTGbC.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yAXlzha.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtwUCJi.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\pnwNRht.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCOnaeV.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tOLHBRJ.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVYncpi.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCVIuLb.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XaRBWsb.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZsIpQJL.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\wztEsZT.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\osIlMmd.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpPZiXK.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\jmjzPkv.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\rvDlYeO.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XvFjHnL.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PsyReZa.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DjFaDKU.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\pDYuYtu.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tZkfHNd.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\sehRAsP.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgRiJAD.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxYLCEO.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xLPmTCW.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lXhlrfS.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TanMURT.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\vbCHCSz.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1616 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\njIWGms.exe
PID 1616 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\njIWGms.exe
PID 1616 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\njIWGms.exe
PID 1616 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\MeUbOvv.exe
PID 1616 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\MeUbOvv.exe
PID 1616 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\MeUbOvv.exe
PID 1616 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\DtwUCJi.exe
PID 1616 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\DtwUCJi.exe
PID 1616 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\DtwUCJi.exe
PID 1616 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\gwdPrJA.exe
PID 1616 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\gwdPrJA.exe
PID 1616 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\gwdPrJA.exe
PID 1616 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\FfsqcMn.exe
PID 1616 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\FfsqcMn.exe
PID 1616 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\FfsqcMn.exe
PID 1616 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\BQrGVvx.exe
PID 1616 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\BQrGVvx.exe
PID 1616 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\BQrGVvx.exe
PID 1616 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\PeiLxxA.exe
PID 1616 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\PeiLxxA.exe
PID 1616 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\PeiLxxA.exe
PID 1616 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\WfBGbNB.exe
PID 1616 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\WfBGbNB.exe
PID 1616 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\WfBGbNB.exe
PID 1616 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\TanMURT.exe
PID 1616 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\TanMURT.exe
PID 1616 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\TanMURT.exe
PID 1616 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\UjEdhWr.exe
PID 1616 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\UjEdhWr.exe
PID 1616 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\UjEdhWr.exe
PID 1616 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\afQoFMV.exe
PID 1616 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\afQoFMV.exe
PID 1616 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\afQoFMV.exe
PID 1616 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\FNpQtDG.exe
PID 1616 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\FNpQtDG.exe
PID 1616 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\FNpQtDG.exe
PID 1616 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\wztEsZT.exe
PID 1616 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\wztEsZT.exe
PID 1616 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\wztEsZT.exe
PID 1616 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KdRGcTh.exe
PID 1616 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KdRGcTh.exe
PID 1616 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KdRGcTh.exe
PID 1616 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\rElhnri.exe
PID 1616 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\rElhnri.exe
PID 1616 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\rElhnri.exe
PID 1616 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\EQBIXfy.exe
PID 1616 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\EQBIXfy.exe
PID 1616 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\EQBIXfy.exe
PID 1616 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\NAecZLP.exe
PID 1616 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\NAecZLP.exe
PID 1616 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\NAecZLP.exe
PID 1616 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\PQSmHTd.exe
PID 1616 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\PQSmHTd.exe
PID 1616 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\PQSmHTd.exe
PID 1616 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\QkYOKoX.exe
PID 1616 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\QkYOKoX.exe
PID 1616 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\QkYOKoX.exe
PID 1616 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\wtNiJaD.exe
PID 1616 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\wtNiJaD.exe
PID 1616 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\wtNiJaD.exe
PID 1616 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lhcwXqr.exe
PID 1616 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lhcwXqr.exe
PID 1616 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lhcwXqr.exe
PID 1616 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\kedFFeH.exe

Processes

C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe"

C:\Windows\System\njIWGms.exe

C:\Windows\System\njIWGms.exe

C:\Windows\System\MeUbOvv.exe

C:\Windows\System\MeUbOvv.exe

C:\Windows\System\DtwUCJi.exe

C:\Windows\System\DtwUCJi.exe

C:\Windows\System\gwdPrJA.exe

C:\Windows\System\gwdPrJA.exe

C:\Windows\System\FfsqcMn.exe

C:\Windows\System\FfsqcMn.exe

C:\Windows\System\BQrGVvx.exe

C:\Windows\System\BQrGVvx.exe

C:\Windows\System\PeiLxxA.exe

C:\Windows\System\PeiLxxA.exe

C:\Windows\System\WfBGbNB.exe

C:\Windows\System\WfBGbNB.exe

C:\Windows\System\TanMURT.exe

C:\Windows\System\TanMURT.exe

C:\Windows\System\UjEdhWr.exe

C:\Windows\System\UjEdhWr.exe

C:\Windows\System\afQoFMV.exe

C:\Windows\System\afQoFMV.exe

C:\Windows\System\FNpQtDG.exe

C:\Windows\System\FNpQtDG.exe

C:\Windows\System\wztEsZT.exe

C:\Windows\System\wztEsZT.exe

C:\Windows\System\KdRGcTh.exe

C:\Windows\System\KdRGcTh.exe

C:\Windows\System\rElhnri.exe

C:\Windows\System\rElhnri.exe

C:\Windows\System\EQBIXfy.exe

C:\Windows\System\EQBIXfy.exe

C:\Windows\System\NAecZLP.exe

C:\Windows\System\NAecZLP.exe

C:\Windows\System\PQSmHTd.exe

C:\Windows\System\PQSmHTd.exe

C:\Windows\System\QkYOKoX.exe

C:\Windows\System\QkYOKoX.exe

C:\Windows\System\wtNiJaD.exe

C:\Windows\System\wtNiJaD.exe

C:\Windows\System\lhcwXqr.exe

C:\Windows\System\lhcwXqr.exe

C:\Windows\System\kedFFeH.exe

C:\Windows\System\kedFFeH.exe

C:\Windows\System\GwJPBGk.exe

C:\Windows\System\GwJPBGk.exe

C:\Windows\System\tGAajhy.exe

C:\Windows\System\tGAajhy.exe

C:\Windows\System\qAWHoZK.exe

C:\Windows\System\qAWHoZK.exe

C:\Windows\System\JDasrwG.exe

C:\Windows\System\JDasrwG.exe

C:\Windows\System\dbTxnZL.exe

C:\Windows\System\dbTxnZL.exe

C:\Windows\System\kOptFsL.exe

C:\Windows\System\kOptFsL.exe

C:\Windows\System\vGDEywR.exe

C:\Windows\System\vGDEywR.exe

C:\Windows\System\ioLZzJn.exe

C:\Windows\System\ioLZzJn.exe

C:\Windows\System\zsfJGNl.exe

C:\Windows\System\zsfJGNl.exe

C:\Windows\System\KMmOlVo.exe

C:\Windows\System\KMmOlVo.exe

C:\Windows\System\RmzxSMW.exe

C:\Windows\System\RmzxSMW.exe

C:\Windows\System\mSMteQA.exe

C:\Windows\System\mSMteQA.exe

C:\Windows\System\qnUumPM.exe

C:\Windows\System\qnUumPM.exe

C:\Windows\System\IeLERKq.exe

C:\Windows\System\IeLERKq.exe

C:\Windows\System\NSUywXT.exe

C:\Windows\System\NSUywXT.exe

C:\Windows\System\TIszKQF.exe

C:\Windows\System\TIszKQF.exe

C:\Windows\System\HMEkocx.exe

C:\Windows\System\HMEkocx.exe

C:\Windows\System\MYUMWNS.exe

C:\Windows\System\MYUMWNS.exe

C:\Windows\System\hAvReye.exe

C:\Windows\System\hAvReye.exe

C:\Windows\System\leBPaVP.exe

C:\Windows\System\leBPaVP.exe

C:\Windows\System\xjBGePu.exe

C:\Windows\System\xjBGePu.exe

C:\Windows\System\RjTqXZg.exe

C:\Windows\System\RjTqXZg.exe

C:\Windows\System\qJQRvJZ.exe

C:\Windows\System\qJQRvJZ.exe

C:\Windows\System\mKrmfxC.exe

C:\Windows\System\mKrmfxC.exe

C:\Windows\System\EWGqcgb.exe

C:\Windows\System\EWGqcgb.exe

C:\Windows\System\ksSuoxa.exe

C:\Windows\System\ksSuoxa.exe

C:\Windows\System\jkKgmDS.exe

C:\Windows\System\jkKgmDS.exe

C:\Windows\System\oSyRZJr.exe

C:\Windows\System\oSyRZJr.exe

C:\Windows\System\aqfCoAl.exe

C:\Windows\System\aqfCoAl.exe

C:\Windows\System\MhkZfjw.exe

C:\Windows\System\MhkZfjw.exe

C:\Windows\System\jdNrTzO.exe

C:\Windows\System\jdNrTzO.exe

C:\Windows\System\JnKnfKt.exe

C:\Windows\System\JnKnfKt.exe

C:\Windows\System\ZhjTLiL.exe

C:\Windows\System\ZhjTLiL.exe

C:\Windows\System\WdUpTiJ.exe

C:\Windows\System\WdUpTiJ.exe

C:\Windows\System\lOUpuNU.exe

C:\Windows\System\lOUpuNU.exe

C:\Windows\System\LuHrMJj.exe

C:\Windows\System\LuHrMJj.exe

C:\Windows\System\FOvQYFZ.exe

C:\Windows\System\FOvQYFZ.exe

C:\Windows\System\dCJQguB.exe

C:\Windows\System\dCJQguB.exe

C:\Windows\System\TtHafJZ.exe

C:\Windows\System\TtHafJZ.exe

C:\Windows\System\eTpbgUO.exe

C:\Windows\System\eTpbgUO.exe

C:\Windows\System\uSXLMIn.exe

C:\Windows\System\uSXLMIn.exe

C:\Windows\System\rbCbTlJ.exe

C:\Windows\System\rbCbTlJ.exe

C:\Windows\System\qLPuibT.exe

C:\Windows\System\qLPuibT.exe

C:\Windows\System\hTaVmcB.exe

C:\Windows\System\hTaVmcB.exe

C:\Windows\System\PPXHVDs.exe

C:\Windows\System\PPXHVDs.exe

C:\Windows\System\PmNqttz.exe

C:\Windows\System\PmNqttz.exe

C:\Windows\System\lOTUDXw.exe

C:\Windows\System\lOTUDXw.exe

C:\Windows\System\fWuWrXZ.exe

C:\Windows\System\fWuWrXZ.exe

C:\Windows\System\AehDXER.exe

C:\Windows\System\AehDXER.exe

C:\Windows\System\OgALSGd.exe

C:\Windows\System\OgALSGd.exe

C:\Windows\System\uFZBWKF.exe

C:\Windows\System\uFZBWKF.exe

C:\Windows\System\EwSEDQV.exe

C:\Windows\System\EwSEDQV.exe

C:\Windows\System\ojQapuv.exe

C:\Windows\System\ojQapuv.exe

C:\Windows\System\vqQBpEB.exe

C:\Windows\System\vqQBpEB.exe

C:\Windows\System\hzqgKsk.exe

C:\Windows\System\hzqgKsk.exe

C:\Windows\System\uFCxMuA.exe

C:\Windows\System\uFCxMuA.exe

C:\Windows\System\VoRTedR.exe

C:\Windows\System\VoRTedR.exe

C:\Windows\System\dJyIdes.exe

C:\Windows\System\dJyIdes.exe

C:\Windows\System\wbXkuqh.exe

C:\Windows\System\wbXkuqh.exe

C:\Windows\System\iYgAMnl.exe

C:\Windows\System\iYgAMnl.exe

C:\Windows\System\bkyvbTa.exe

C:\Windows\System\bkyvbTa.exe

C:\Windows\System\xnmbfjp.exe

C:\Windows\System\xnmbfjp.exe

C:\Windows\System\eOqJgUW.exe

C:\Windows\System\eOqJgUW.exe

C:\Windows\System\iTGYotY.exe

C:\Windows\System\iTGYotY.exe

C:\Windows\System\TcvXSZa.exe

C:\Windows\System\TcvXSZa.exe

C:\Windows\System\zazuONF.exe

C:\Windows\System\zazuONF.exe

C:\Windows\System\tpCogBJ.exe

C:\Windows\System\tpCogBJ.exe

C:\Windows\System\YdNEuvo.exe

C:\Windows\System\YdNEuvo.exe

C:\Windows\System\WLHkZwZ.exe

C:\Windows\System\WLHkZwZ.exe

C:\Windows\System\TzaCgGj.exe

C:\Windows\System\TzaCgGj.exe

C:\Windows\System\qQJUJmg.exe

C:\Windows\System\qQJUJmg.exe

C:\Windows\System\TLKMdvv.exe

C:\Windows\System\TLKMdvv.exe

C:\Windows\System\MapLjJY.exe

C:\Windows\System\MapLjJY.exe

C:\Windows\System\DjFaDKU.exe

C:\Windows\System\DjFaDKU.exe

C:\Windows\System\xFHyCsO.exe

C:\Windows\System\xFHyCsO.exe

C:\Windows\System\pnwNRht.exe

C:\Windows\System\pnwNRht.exe

C:\Windows\System\QJCnEKx.exe

C:\Windows\System\QJCnEKx.exe

C:\Windows\System\NDggtRU.exe

C:\Windows\System\NDggtRU.exe

C:\Windows\System\oGzXvhm.exe

C:\Windows\System\oGzXvhm.exe

C:\Windows\System\aFFzxjY.exe

C:\Windows\System\aFFzxjY.exe

C:\Windows\System\WRaPCZj.exe

C:\Windows\System\WRaPCZj.exe

C:\Windows\System\GJZOHDE.exe

C:\Windows\System\GJZOHDE.exe

C:\Windows\System\WLUEbYk.exe

C:\Windows\System\WLUEbYk.exe

C:\Windows\System\ERQyZvf.exe

C:\Windows\System\ERQyZvf.exe

C:\Windows\System\nkkbKHO.exe

C:\Windows\System\nkkbKHO.exe

C:\Windows\System\nlEBSUv.exe

C:\Windows\System\nlEBSUv.exe

C:\Windows\System\lUrexAR.exe

C:\Windows\System\lUrexAR.exe

C:\Windows\System\NuHHnlK.exe

C:\Windows\System\NuHHnlK.exe

C:\Windows\System\qsjxAlR.exe

C:\Windows\System\qsjxAlR.exe

C:\Windows\System\zCOnaeV.exe

C:\Windows\System\zCOnaeV.exe

C:\Windows\System\WRQUceq.exe

C:\Windows\System\WRQUceq.exe

C:\Windows\System\USXJQZf.exe

C:\Windows\System\USXJQZf.exe

C:\Windows\System\HBGNPHy.exe

C:\Windows\System\HBGNPHy.exe

C:\Windows\System\yhGmyXb.exe

C:\Windows\System\yhGmyXb.exe

C:\Windows\System\vfHnqvi.exe

C:\Windows\System\vfHnqvi.exe

C:\Windows\System\LuMWAPw.exe

C:\Windows\System\LuMWAPw.exe

C:\Windows\System\JFhmfTK.exe

C:\Windows\System\JFhmfTK.exe

C:\Windows\System\BUpDYKu.exe

C:\Windows\System\BUpDYKu.exe

C:\Windows\System\vgclWmn.exe

C:\Windows\System\vgclWmn.exe

C:\Windows\System\RBGTwGO.exe

C:\Windows\System\RBGTwGO.exe

C:\Windows\System\BHHjGpM.exe

C:\Windows\System\BHHjGpM.exe

C:\Windows\System\bDtMmcp.exe

C:\Windows\System\bDtMmcp.exe

C:\Windows\System\gzbHkff.exe

C:\Windows\System\gzbHkff.exe

C:\Windows\System\BWXpywi.exe

C:\Windows\System\BWXpywi.exe

C:\Windows\System\EHKhnoR.exe

C:\Windows\System\EHKhnoR.exe

C:\Windows\System\rvSqtVi.exe

C:\Windows\System\rvSqtVi.exe

C:\Windows\System\PcUVMmR.exe

C:\Windows\System\PcUVMmR.exe

C:\Windows\System\xMxfkRN.exe

C:\Windows\System\xMxfkRN.exe

C:\Windows\System\qZbqFOQ.exe

C:\Windows\System\qZbqFOQ.exe

C:\Windows\System\sdUrqYD.exe

C:\Windows\System\sdUrqYD.exe

C:\Windows\System\EIVRWUQ.exe

C:\Windows\System\EIVRWUQ.exe

C:\Windows\System\TeIGIBu.exe

C:\Windows\System\TeIGIBu.exe

C:\Windows\System\JfHgVLf.exe

C:\Windows\System\JfHgVLf.exe

C:\Windows\System\NlXPiMP.exe

C:\Windows\System\NlXPiMP.exe

C:\Windows\System\aPVLHav.exe

C:\Windows\System\aPVLHav.exe

C:\Windows\System\TthzLcC.exe

C:\Windows\System\TthzLcC.exe

C:\Windows\System\NerfyNo.exe

C:\Windows\System\NerfyNo.exe

C:\Windows\System\ncJQsoM.exe

C:\Windows\System\ncJQsoM.exe

C:\Windows\System\NaDzCrH.exe

C:\Windows\System\NaDzCrH.exe

C:\Windows\System\UVhVXjo.exe

C:\Windows\System\UVhVXjo.exe

C:\Windows\System\QEbHsFV.exe

C:\Windows\System\QEbHsFV.exe

C:\Windows\System\UhWdIKZ.exe

C:\Windows\System\UhWdIKZ.exe

C:\Windows\System\QuuVOYg.exe

C:\Windows\System\QuuVOYg.exe

C:\Windows\System\lLnqBjk.exe

C:\Windows\System\lLnqBjk.exe

C:\Windows\System\aqwQtrj.exe

C:\Windows\System\aqwQtrj.exe

C:\Windows\System\nSYhcan.exe

C:\Windows\System\nSYhcan.exe

C:\Windows\System\BWEifuL.exe

C:\Windows\System\BWEifuL.exe

C:\Windows\System\ssBcXOh.exe

C:\Windows\System\ssBcXOh.exe

C:\Windows\System\NYAEKjR.exe

C:\Windows\System\NYAEKjR.exe

C:\Windows\System\cdOeuqh.exe

C:\Windows\System\cdOeuqh.exe

C:\Windows\System\FfxPYYM.exe

C:\Windows\System\FfxPYYM.exe

C:\Windows\System\yNpYnux.exe

C:\Windows\System\yNpYnux.exe

C:\Windows\System\GybKPqW.exe

C:\Windows\System\GybKPqW.exe

C:\Windows\System\fUyVWNn.exe

C:\Windows\System\fUyVWNn.exe

C:\Windows\System\Ateetka.exe

C:\Windows\System\Ateetka.exe

C:\Windows\System\xWQgvEU.exe

C:\Windows\System\xWQgvEU.exe

C:\Windows\System\TBsRPgI.exe

C:\Windows\System\TBsRPgI.exe

C:\Windows\System\XUtRxIK.exe

C:\Windows\System\XUtRxIK.exe

C:\Windows\System\qoCpeTP.exe

C:\Windows\System\qoCpeTP.exe

C:\Windows\System\HadJVbo.exe

C:\Windows\System\HadJVbo.exe

C:\Windows\System\keYgehl.exe

C:\Windows\System\keYgehl.exe

C:\Windows\System\KoIJnDi.exe

C:\Windows\System\KoIJnDi.exe

C:\Windows\System\jKqtrby.exe

C:\Windows\System\jKqtrby.exe

C:\Windows\System\ajTYMhr.exe

C:\Windows\System\ajTYMhr.exe

C:\Windows\System\aCbePlh.exe

C:\Windows\System\aCbePlh.exe

C:\Windows\System\fYmsOdt.exe

C:\Windows\System\fYmsOdt.exe

C:\Windows\System\pWHWAhG.exe

C:\Windows\System\pWHWAhG.exe

C:\Windows\System\LDqERsF.exe

C:\Windows\System\LDqERsF.exe

C:\Windows\System\vpnUkEY.exe

C:\Windows\System\vpnUkEY.exe

C:\Windows\System\xccLFpf.exe

C:\Windows\System\xccLFpf.exe

C:\Windows\System\aBqOXIv.exe

C:\Windows\System\aBqOXIv.exe

C:\Windows\System\WeVDVwF.exe

C:\Windows\System\WeVDVwF.exe

C:\Windows\System\akyxkZv.exe

C:\Windows\System\akyxkZv.exe

C:\Windows\System\uHmKyoj.exe

C:\Windows\System\uHmKyoj.exe

C:\Windows\System\WqQXuvv.exe

C:\Windows\System\WqQXuvv.exe

C:\Windows\System\osIlMmd.exe

C:\Windows\System\osIlMmd.exe

C:\Windows\System\IrKckrC.exe

C:\Windows\System\IrKckrC.exe

C:\Windows\System\lftVIVj.exe

C:\Windows\System\lftVIVj.exe

C:\Windows\System\WsJQxMc.exe

C:\Windows\System\WsJQxMc.exe

C:\Windows\System\WKQbpsT.exe

C:\Windows\System\WKQbpsT.exe

C:\Windows\System\NpoiLGN.exe

C:\Windows\System\NpoiLGN.exe

C:\Windows\System\TKWAPIW.exe

C:\Windows\System\TKWAPIW.exe

C:\Windows\System\RGZeCzj.exe

C:\Windows\System\RGZeCzj.exe

C:\Windows\System\nulKZUk.exe

C:\Windows\System\nulKZUk.exe

C:\Windows\System\dUPwtSy.exe

C:\Windows\System\dUPwtSy.exe

C:\Windows\System\OskyElJ.exe

C:\Windows\System\OskyElJ.exe

C:\Windows\System\zjOzvJQ.exe

C:\Windows\System\zjOzvJQ.exe

C:\Windows\System\yyEpDyL.exe

C:\Windows\System\yyEpDyL.exe

C:\Windows\System\IsrVgqm.exe

C:\Windows\System\IsrVgqm.exe

C:\Windows\System\HiBxIZN.exe

C:\Windows\System\HiBxIZN.exe

C:\Windows\System\EqoIuog.exe

C:\Windows\System\EqoIuog.exe

C:\Windows\System\xvsVuTX.exe

C:\Windows\System\xvsVuTX.exe

C:\Windows\System\URLkKdf.exe

C:\Windows\System\URLkKdf.exe

C:\Windows\System\KYFWChf.exe

C:\Windows\System\KYFWChf.exe

C:\Windows\System\WIFHLtR.exe

C:\Windows\System\WIFHLtR.exe

C:\Windows\System\PGPlMCr.exe

C:\Windows\System\PGPlMCr.exe

C:\Windows\System\oRTmJfJ.exe

C:\Windows\System\oRTmJfJ.exe

C:\Windows\System\HXnOHGP.exe

C:\Windows\System\HXnOHGP.exe

C:\Windows\System\XTrzDAx.exe

C:\Windows\System\XTrzDAx.exe

C:\Windows\System\lYnBDAy.exe

C:\Windows\System\lYnBDAy.exe

C:\Windows\System\RYmEBEH.exe

C:\Windows\System\RYmEBEH.exe

C:\Windows\System\cLEkCLj.exe

C:\Windows\System\cLEkCLj.exe

C:\Windows\System\ArkJraw.exe

C:\Windows\System\ArkJraw.exe

C:\Windows\System\DSfzpTb.exe

C:\Windows\System\DSfzpTb.exe

C:\Windows\System\xOcQGkF.exe

C:\Windows\System\xOcQGkF.exe

C:\Windows\System\GPDcJif.exe

C:\Windows\System\GPDcJif.exe

C:\Windows\System\heMQpdO.exe

C:\Windows\System\heMQpdO.exe

C:\Windows\System\axhcYkZ.exe

C:\Windows\System\axhcYkZ.exe

C:\Windows\System\UjmIwYC.exe

C:\Windows\System\UjmIwYC.exe

C:\Windows\System\yGJVIox.exe

C:\Windows\System\yGJVIox.exe

C:\Windows\System\MQiWTJi.exe

C:\Windows\System\MQiWTJi.exe

C:\Windows\System\Qreedxi.exe

C:\Windows\System\Qreedxi.exe

C:\Windows\System\tomHSEs.exe

C:\Windows\System\tomHSEs.exe

C:\Windows\System\cKJNTEA.exe

C:\Windows\System\cKJNTEA.exe

C:\Windows\System\LyFPTOf.exe

C:\Windows\System\LyFPTOf.exe

C:\Windows\System\DcgjRnv.exe

C:\Windows\System\DcgjRnv.exe

C:\Windows\System\hQDrnmM.exe

C:\Windows\System\hQDrnmM.exe

C:\Windows\System\QeTmTMI.exe

C:\Windows\System\QeTmTMI.exe

C:\Windows\System\RpPZiXK.exe

C:\Windows\System\RpPZiXK.exe

C:\Windows\System\EGorzcw.exe

C:\Windows\System\EGorzcw.exe

C:\Windows\System\XAaKCWc.exe

C:\Windows\System\XAaKCWc.exe

C:\Windows\System\OIMvxDO.exe

C:\Windows\System\OIMvxDO.exe

C:\Windows\System\soLSJUX.exe

C:\Windows\System\soLSJUX.exe

C:\Windows\System\sJZEKBN.exe

C:\Windows\System\sJZEKBN.exe

C:\Windows\System\gqOMGkS.exe

C:\Windows\System\gqOMGkS.exe

C:\Windows\System\pqjdRAA.exe

C:\Windows\System\pqjdRAA.exe

C:\Windows\System\UzRWcXV.exe

C:\Windows\System\UzRWcXV.exe

C:\Windows\System\bRUUqBG.exe

C:\Windows\System\bRUUqBG.exe

C:\Windows\System\McyALvg.exe

C:\Windows\System\McyALvg.exe

C:\Windows\System\vCAtlss.exe

C:\Windows\System\vCAtlss.exe

C:\Windows\System\AygVjdF.exe

C:\Windows\System\AygVjdF.exe

C:\Windows\System\JDcaKPd.exe

C:\Windows\System\JDcaKPd.exe

C:\Windows\System\PgTljxM.exe

C:\Windows\System\PgTljxM.exe

C:\Windows\System\oHPOrFG.exe

C:\Windows\System\oHPOrFG.exe

C:\Windows\System\LCZPzMv.exe

C:\Windows\System\LCZPzMv.exe

C:\Windows\System\zfunuNp.exe

C:\Windows\System\zfunuNp.exe

C:\Windows\System\jrMPifo.exe

C:\Windows\System\jrMPifo.exe

C:\Windows\System\oezmbTm.exe

C:\Windows\System\oezmbTm.exe

C:\Windows\System\EEKLTzz.exe

C:\Windows\System\EEKLTzz.exe

C:\Windows\System\zhkIZrI.exe

C:\Windows\System\zhkIZrI.exe

C:\Windows\System\jDzKOMo.exe

C:\Windows\System\jDzKOMo.exe

C:\Windows\System\xVnWmWk.exe

C:\Windows\System\xVnWmWk.exe

C:\Windows\System\wLHgNyk.exe

C:\Windows\System\wLHgNyk.exe

C:\Windows\System\rqnawfG.exe

C:\Windows\System\rqnawfG.exe

C:\Windows\System\veSoOAQ.exe

C:\Windows\System\veSoOAQ.exe

C:\Windows\System\xLAtvOD.exe

C:\Windows\System\xLAtvOD.exe

C:\Windows\System\hFFOwGW.exe

C:\Windows\System\hFFOwGW.exe

C:\Windows\System\fCZeLff.exe

C:\Windows\System\fCZeLff.exe

C:\Windows\System\fKnKhkp.exe

C:\Windows\System\fKnKhkp.exe

C:\Windows\System\pDYuYtu.exe

C:\Windows\System\pDYuYtu.exe

C:\Windows\System\puFrvhX.exe

C:\Windows\System\puFrvhX.exe

C:\Windows\System\rGjaDvU.exe

C:\Windows\System\rGjaDvU.exe

C:\Windows\System\YamelXE.exe

C:\Windows\System\YamelXE.exe

C:\Windows\System\tLNQMiS.exe

C:\Windows\System\tLNQMiS.exe

C:\Windows\System\rsKhmhK.exe

C:\Windows\System\rsKhmhK.exe

C:\Windows\System\TISCyFQ.exe

C:\Windows\System\TISCyFQ.exe

C:\Windows\System\pgbDIdj.exe

C:\Windows\System\pgbDIdj.exe

C:\Windows\System\FQwmpMQ.exe

C:\Windows\System\FQwmpMQ.exe

C:\Windows\System\PfgUUWB.exe

C:\Windows\System\PfgUUWB.exe

C:\Windows\System\RalBwiA.exe

C:\Windows\System\RalBwiA.exe

C:\Windows\System\BDNjZbU.exe

C:\Windows\System\BDNjZbU.exe

C:\Windows\System\NJuVpdF.exe

C:\Windows\System\NJuVpdF.exe

C:\Windows\System\NHTVCgs.exe

C:\Windows\System\NHTVCgs.exe

C:\Windows\System\OWmXpZz.exe

C:\Windows\System\OWmXpZz.exe

C:\Windows\System\hARYMkJ.exe

C:\Windows\System\hARYMkJ.exe

C:\Windows\System\KvJezYL.exe

C:\Windows\System\KvJezYL.exe

C:\Windows\System\LSWThDH.exe

C:\Windows\System\LSWThDH.exe

C:\Windows\System\vbCHCSz.exe

C:\Windows\System\vbCHCSz.exe

C:\Windows\System\yEPOSJV.exe

C:\Windows\System\yEPOSJV.exe

C:\Windows\System\cAccOPs.exe

C:\Windows\System\cAccOPs.exe

C:\Windows\System\zaHFYEp.exe

C:\Windows\System\zaHFYEp.exe

C:\Windows\System\Ghklser.exe

C:\Windows\System\Ghklser.exe

C:\Windows\System\BCwkNdz.exe

C:\Windows\System\BCwkNdz.exe

C:\Windows\System\XeHHDcr.exe

C:\Windows\System\XeHHDcr.exe

C:\Windows\System\WdlSsJk.exe

C:\Windows\System\WdlSsJk.exe

C:\Windows\System\JZqaSrX.exe

C:\Windows\System\JZqaSrX.exe

C:\Windows\System\NizcAPs.exe

C:\Windows\System\NizcAPs.exe

C:\Windows\System\fylQKaU.exe

C:\Windows\System\fylQKaU.exe

C:\Windows\System\VdsWduP.exe

C:\Windows\System\VdsWduP.exe

C:\Windows\System\rpYiYIY.exe

C:\Windows\System\rpYiYIY.exe

C:\Windows\System\bQYwoJJ.exe

C:\Windows\System\bQYwoJJ.exe

C:\Windows\System\OxftPpM.exe

C:\Windows\System\OxftPpM.exe

C:\Windows\System\dftjwTn.exe

C:\Windows\System\dftjwTn.exe

C:\Windows\System\YnSiXCd.exe

C:\Windows\System\YnSiXCd.exe

C:\Windows\System\rIPwASw.exe

C:\Windows\System\rIPwASw.exe

C:\Windows\System\lOYmiSk.exe

C:\Windows\System\lOYmiSk.exe

C:\Windows\System\cdVogAc.exe

C:\Windows\System\cdVogAc.exe

C:\Windows\System\gOyjNYo.exe

C:\Windows\System\gOyjNYo.exe

C:\Windows\System\DkEIekm.exe

C:\Windows\System\DkEIekm.exe

C:\Windows\System\wIDeuLK.exe

C:\Windows\System\wIDeuLK.exe

C:\Windows\System\ZkUHqTK.exe

C:\Windows\System\ZkUHqTK.exe

C:\Windows\System\RoLovQJ.exe

C:\Windows\System\RoLovQJ.exe

C:\Windows\System\vWkDajm.exe

C:\Windows\System\vWkDajm.exe

C:\Windows\System\ZbZmKbK.exe

C:\Windows\System\ZbZmKbK.exe

C:\Windows\System\dCwBGHD.exe

C:\Windows\System\dCwBGHD.exe

C:\Windows\System\CuHIImn.exe

C:\Windows\System\CuHIImn.exe

C:\Windows\System\WCyxPHW.exe

C:\Windows\System\WCyxPHW.exe

C:\Windows\System\FrDDckd.exe

C:\Windows\System\FrDDckd.exe

C:\Windows\System\zdxLXwp.exe

C:\Windows\System\zdxLXwp.exe

C:\Windows\System\mJImXhx.exe

C:\Windows\System\mJImXhx.exe

C:\Windows\System\ZzwWAML.exe

C:\Windows\System\ZzwWAML.exe

C:\Windows\System\pxMppWE.exe

C:\Windows\System\pxMppWE.exe

C:\Windows\System\yDmMTtk.exe

C:\Windows\System\yDmMTtk.exe

C:\Windows\System\hJdzYJC.exe

C:\Windows\System\hJdzYJC.exe

C:\Windows\System\GebgJaV.exe

C:\Windows\System\GebgJaV.exe

C:\Windows\System\hXCMmyo.exe

C:\Windows\System\hXCMmyo.exe

C:\Windows\System\uJOoHEe.exe

C:\Windows\System\uJOoHEe.exe

C:\Windows\System\AbfCXgB.exe

C:\Windows\System\AbfCXgB.exe

C:\Windows\System\OohXIAz.exe

C:\Windows\System\OohXIAz.exe

C:\Windows\System\iCpGIMH.exe

C:\Windows\System\iCpGIMH.exe

C:\Windows\System\qpfbuLd.exe

C:\Windows\System\qpfbuLd.exe

C:\Windows\System\XBUQrSB.exe

C:\Windows\System\XBUQrSB.exe

C:\Windows\System\RIsHDyb.exe

C:\Windows\System\RIsHDyb.exe

C:\Windows\System\qhLnYTC.exe

C:\Windows\System\qhLnYTC.exe

C:\Windows\System\PgdfgZY.exe

C:\Windows\System\PgdfgZY.exe

C:\Windows\System\CjwgfeA.exe

C:\Windows\System\CjwgfeA.exe

C:\Windows\System\VIzdYee.exe

C:\Windows\System\VIzdYee.exe

C:\Windows\System\nfJeKjm.exe

C:\Windows\System\nfJeKjm.exe

C:\Windows\System\jvGIqgZ.exe

C:\Windows\System\jvGIqgZ.exe

C:\Windows\System\xBFbnQO.exe

C:\Windows\System\xBFbnQO.exe

C:\Windows\System\dFAAkCu.exe

C:\Windows\System\dFAAkCu.exe

C:\Windows\System\KxuYXnU.exe

C:\Windows\System\KxuYXnU.exe

C:\Windows\System\vJDkLUb.exe

C:\Windows\System\vJDkLUb.exe

C:\Windows\System\MjJvawB.exe

C:\Windows\System\MjJvawB.exe

C:\Windows\System\OCFpApK.exe

C:\Windows\System\OCFpApK.exe

C:\Windows\System\BNGUIJa.exe

C:\Windows\System\BNGUIJa.exe

C:\Windows\System\QgulgEW.exe

C:\Windows\System\QgulgEW.exe

C:\Windows\System\fmIdIey.exe

C:\Windows\System\fmIdIey.exe

C:\Windows\System\PLVgZkg.exe

C:\Windows\System\PLVgZkg.exe

C:\Windows\System\ZfceUcO.exe

C:\Windows\System\ZfceUcO.exe

C:\Windows\System\oJzRoQl.exe

C:\Windows\System\oJzRoQl.exe

C:\Windows\System\ohvIevD.exe

C:\Windows\System\ohvIevD.exe

C:\Windows\System\tOLHBRJ.exe

C:\Windows\System\tOLHBRJ.exe

C:\Windows\System\IQYDdMr.exe

C:\Windows\System\IQYDdMr.exe

C:\Windows\System\GnYXNaw.exe

C:\Windows\System\GnYXNaw.exe

C:\Windows\System\eMfOlkc.exe

C:\Windows\System\eMfOlkc.exe

C:\Windows\System\hlqYWza.exe

C:\Windows\System\hlqYWza.exe

C:\Windows\System\ozwyNLW.exe

C:\Windows\System\ozwyNLW.exe

C:\Windows\System\fIDNuZv.exe

C:\Windows\System\fIDNuZv.exe

C:\Windows\System\DRPTKYw.exe

C:\Windows\System\DRPTKYw.exe

C:\Windows\System\PQZKeVf.exe

C:\Windows\System\PQZKeVf.exe

C:\Windows\System\FlATthv.exe

C:\Windows\System\FlATthv.exe

C:\Windows\System\xtdJyVS.exe

C:\Windows\System\xtdJyVS.exe

C:\Windows\System\ONfokpz.exe

C:\Windows\System\ONfokpz.exe

C:\Windows\System\laAlamw.exe

C:\Windows\System\laAlamw.exe

C:\Windows\System\WAdRXYl.exe

C:\Windows\System\WAdRXYl.exe

C:\Windows\System\kwqlAbH.exe

C:\Windows\System\kwqlAbH.exe

C:\Windows\System\WUBAmHi.exe

C:\Windows\System\WUBAmHi.exe

C:\Windows\System\lFZkdZs.exe

C:\Windows\System\lFZkdZs.exe

C:\Windows\System\KYojYec.exe

C:\Windows\System\KYojYec.exe

C:\Windows\System\ACuvxeN.exe

C:\Windows\System\ACuvxeN.exe

C:\Windows\System\XBrWkfp.exe

C:\Windows\System\XBrWkfp.exe

C:\Windows\System\lhGAgdY.exe

C:\Windows\System\lhGAgdY.exe

C:\Windows\System\xrdYmVR.exe

C:\Windows\System\xrdYmVR.exe

C:\Windows\System\FbIrKjJ.exe

C:\Windows\System\FbIrKjJ.exe

C:\Windows\System\RoIXvBc.exe

C:\Windows\System\RoIXvBc.exe

C:\Windows\System\elXAJfk.exe

C:\Windows\System\elXAJfk.exe

C:\Windows\System\gKvPgXR.exe

C:\Windows\System\gKvPgXR.exe

C:\Windows\System\fvZjsTG.exe

C:\Windows\System\fvZjsTG.exe

C:\Windows\System\iUKuPmw.exe

C:\Windows\System\iUKuPmw.exe

C:\Windows\System\wCSZNKm.exe

C:\Windows\System\wCSZNKm.exe

C:\Windows\System\nbdqcdF.exe

C:\Windows\System\nbdqcdF.exe

C:\Windows\System\aediNyG.exe

C:\Windows\System\aediNyG.exe

C:\Windows\System\CPEFWwB.exe

C:\Windows\System\CPEFWwB.exe

C:\Windows\System\UEJMVvZ.exe

C:\Windows\System\UEJMVvZ.exe

C:\Windows\System\tyVIceY.exe

C:\Windows\System\tyVIceY.exe

C:\Windows\System\KWhnaPd.exe

C:\Windows\System\KWhnaPd.exe

C:\Windows\System\mnSWQbe.exe

C:\Windows\System\mnSWQbe.exe

C:\Windows\System\LvDFhoD.exe

C:\Windows\System\LvDFhoD.exe

C:\Windows\System\IeMEOgE.exe

C:\Windows\System\IeMEOgE.exe

C:\Windows\System\yGgztqr.exe

C:\Windows\System\yGgztqr.exe

C:\Windows\System\XJiAFUQ.exe

C:\Windows\System\XJiAFUQ.exe

C:\Windows\System\emTAVfP.exe

C:\Windows\System\emTAVfP.exe

C:\Windows\System\SsbnGXh.exe

C:\Windows\System\SsbnGXh.exe

C:\Windows\System\QVjhHUd.exe

C:\Windows\System\QVjhHUd.exe

C:\Windows\System\RmgbbWF.exe

C:\Windows\System\RmgbbWF.exe

C:\Windows\System\WItcFhv.exe

C:\Windows\System\WItcFhv.exe

C:\Windows\System\IBYuXoD.exe

C:\Windows\System\IBYuXoD.exe

C:\Windows\System\oUJjCZn.exe

C:\Windows\System\oUJjCZn.exe

C:\Windows\System\iRPBtNJ.exe

C:\Windows\System\iRPBtNJ.exe

C:\Windows\System\QjDVbMN.exe

C:\Windows\System\QjDVbMN.exe

C:\Windows\System\gJhnsJX.exe

C:\Windows\System\gJhnsJX.exe

C:\Windows\System\MeAxhSY.exe

C:\Windows\System\MeAxhSY.exe

C:\Windows\System\uLAwRIG.exe

C:\Windows\System\uLAwRIG.exe

C:\Windows\System\xNMaAXj.exe

C:\Windows\System\xNMaAXj.exe

C:\Windows\System\DitbFoU.exe

C:\Windows\System\DitbFoU.exe

C:\Windows\System\ahKorvr.exe

C:\Windows\System\ahKorvr.exe

C:\Windows\System\MhjSodS.exe

C:\Windows\System\MhjSodS.exe

C:\Windows\System\sNYYSik.exe

C:\Windows\System\sNYYSik.exe

C:\Windows\System\RfpuNJs.exe

C:\Windows\System\RfpuNJs.exe

C:\Windows\System\dNquutJ.exe

C:\Windows\System\dNquutJ.exe

C:\Windows\System\GNPevoM.exe

C:\Windows\System\GNPevoM.exe

C:\Windows\System\tZkfHNd.exe

C:\Windows\System\tZkfHNd.exe

C:\Windows\System\BzCrcfm.exe

C:\Windows\System\BzCrcfm.exe

C:\Windows\System\kmZyBCc.exe

C:\Windows\System\kmZyBCc.exe

C:\Windows\System\OAzLpPT.exe

C:\Windows\System\OAzLpPT.exe

C:\Windows\System\MSuNwkZ.exe

C:\Windows\System\MSuNwkZ.exe

C:\Windows\System\YiVdMPr.exe

C:\Windows\System\YiVdMPr.exe

C:\Windows\System\qJgzefb.exe

C:\Windows\System\qJgzefb.exe

C:\Windows\System\lVauPjz.exe

C:\Windows\System\lVauPjz.exe

C:\Windows\System\kFtLRdo.exe

C:\Windows\System\kFtLRdo.exe

C:\Windows\System\jZjzmhs.exe

C:\Windows\System\jZjzmhs.exe

C:\Windows\System\TilwNqZ.exe

C:\Windows\System\TilwNqZ.exe

C:\Windows\System\mdrhqox.exe

C:\Windows\System\mdrhqox.exe

C:\Windows\System\pOumLdb.exe

C:\Windows\System\pOumLdb.exe

C:\Windows\System\jmgluUY.exe

C:\Windows\System\jmgluUY.exe

C:\Windows\System\JJsbTTS.exe

C:\Windows\System\JJsbTTS.exe

C:\Windows\System\MPbbpLk.exe

C:\Windows\System\MPbbpLk.exe

C:\Windows\System\hARaRXx.exe

C:\Windows\System\hARaRXx.exe

C:\Windows\System\aExKZrJ.exe

C:\Windows\System\aExKZrJ.exe

C:\Windows\System\KEsqEcN.exe

C:\Windows\System\KEsqEcN.exe

C:\Windows\System\UaULUHH.exe

C:\Windows\System\UaULUHH.exe

C:\Windows\System\EvNheew.exe

C:\Windows\System\EvNheew.exe

C:\Windows\System\fnotryf.exe

C:\Windows\System\fnotryf.exe

C:\Windows\System\mgxthPC.exe

C:\Windows\System\mgxthPC.exe

C:\Windows\System\yrUAkfN.exe

C:\Windows\System\yrUAkfN.exe

C:\Windows\System\KQxHLPQ.exe

C:\Windows\System\KQxHLPQ.exe

C:\Windows\System\fXpslVj.exe

C:\Windows\System\fXpslVj.exe

C:\Windows\System\QFHPyAa.exe

C:\Windows\System\QFHPyAa.exe

C:\Windows\System\tkvHqiH.exe

C:\Windows\System\tkvHqiH.exe

C:\Windows\System\LlUuyxP.exe

C:\Windows\System\LlUuyxP.exe

C:\Windows\System\dgZjTQq.exe

C:\Windows\System\dgZjTQq.exe

C:\Windows\System\OxFXxGM.exe

C:\Windows\System\OxFXxGM.exe

C:\Windows\System\dMozoyW.exe

C:\Windows\System\dMozoyW.exe

C:\Windows\System\pBlwPJR.exe

C:\Windows\System\pBlwPJR.exe

C:\Windows\System\OYOGTJZ.exe

C:\Windows\System\OYOGTJZ.exe

C:\Windows\System\EnEusws.exe

C:\Windows\System\EnEusws.exe

C:\Windows\System\meDvllJ.exe

C:\Windows\System\meDvllJ.exe

C:\Windows\System\JaNquRH.exe

C:\Windows\System\JaNquRH.exe

C:\Windows\System\BVWSFiu.exe

C:\Windows\System\BVWSFiu.exe

C:\Windows\System\bmJEUDW.exe

C:\Windows\System\bmJEUDW.exe

C:\Windows\System\KcngsjI.exe

C:\Windows\System\KcngsjI.exe

C:\Windows\System\IPQmeeM.exe

C:\Windows\System\IPQmeeM.exe

C:\Windows\System\PiARdJV.exe

C:\Windows\System\PiARdJV.exe

C:\Windows\System\SVrydal.exe

C:\Windows\System\SVrydal.exe

C:\Windows\System\aLKDyrn.exe

C:\Windows\System\aLKDyrn.exe

C:\Windows\System\wFfLSRO.exe

C:\Windows\System\wFfLSRO.exe

C:\Windows\System\NBJjZbN.exe

C:\Windows\System\NBJjZbN.exe

C:\Windows\System\HqFaOHZ.exe

C:\Windows\System\HqFaOHZ.exe

C:\Windows\System\PWMIxGf.exe

C:\Windows\System\PWMIxGf.exe

C:\Windows\System\qedEBBJ.exe

C:\Windows\System\qedEBBJ.exe

C:\Windows\System\LNLixEM.exe

C:\Windows\System\LNLixEM.exe

C:\Windows\System\QzYChaQ.exe

C:\Windows\System\QzYChaQ.exe

C:\Windows\System\brMLzdK.exe

C:\Windows\System\brMLzdK.exe

C:\Windows\System\XzIMxRf.exe

C:\Windows\System\XzIMxRf.exe

C:\Windows\System\sehRAsP.exe

C:\Windows\System\sehRAsP.exe

C:\Windows\System\aWsvLnD.exe

C:\Windows\System\aWsvLnD.exe

C:\Windows\System\qpfoIEF.exe

C:\Windows\System\qpfoIEF.exe

C:\Windows\System\TctLmxy.exe

C:\Windows\System\TctLmxy.exe

C:\Windows\System\SEuEhcN.exe

C:\Windows\System\SEuEhcN.exe

C:\Windows\System\BoqAsTp.exe

C:\Windows\System\BoqAsTp.exe

C:\Windows\System\RInngoL.exe

C:\Windows\System\RInngoL.exe

C:\Windows\System\oFUhHhj.exe

C:\Windows\System\oFUhHhj.exe

C:\Windows\System\ocJUyyo.exe

C:\Windows\System\ocJUyyo.exe

C:\Windows\System\SztYbSY.exe

C:\Windows\System\SztYbSY.exe

C:\Windows\System\RKCbojr.exe

C:\Windows\System\RKCbojr.exe

C:\Windows\System\yhozajN.exe

C:\Windows\System\yhozajN.exe

C:\Windows\System\fdlmqMe.exe

C:\Windows\System\fdlmqMe.exe

C:\Windows\System\gVrbSAW.exe

C:\Windows\System\gVrbSAW.exe

C:\Windows\System\SHNzrZn.exe

C:\Windows\System\SHNzrZn.exe

C:\Windows\System\BBLMGmi.exe

C:\Windows\System\BBLMGmi.exe

C:\Windows\System\jLaLFRu.exe

C:\Windows\System\jLaLFRu.exe

C:\Windows\System\AnNlWWS.exe

C:\Windows\System\AnNlWWS.exe

C:\Windows\System\GGBKnWs.exe

C:\Windows\System\GGBKnWs.exe

C:\Windows\System\vljaZYT.exe

C:\Windows\System\vljaZYT.exe

C:\Windows\System\HLYFiFj.exe

C:\Windows\System\HLYFiFj.exe

C:\Windows\System\vbUrZkI.exe

C:\Windows\System\vbUrZkI.exe

C:\Windows\System\fJxGQGC.exe

C:\Windows\System\fJxGQGC.exe

C:\Windows\System\dRBgSsi.exe

C:\Windows\System\dRBgSsi.exe

C:\Windows\System\baMPIMz.exe

C:\Windows\System\baMPIMz.exe

C:\Windows\System\vWpCqPC.exe

C:\Windows\System\vWpCqPC.exe

C:\Windows\System\alHoDif.exe

C:\Windows\System\alHoDif.exe

C:\Windows\System\tjaKZdc.exe

C:\Windows\System\tjaKZdc.exe

C:\Windows\System\kgLabIa.exe

C:\Windows\System\kgLabIa.exe

C:\Windows\System\YWCHSpe.exe

C:\Windows\System\YWCHSpe.exe

C:\Windows\System\gsQkpNA.exe

C:\Windows\System\gsQkpNA.exe

C:\Windows\System\ctAgRuh.exe

C:\Windows\System\ctAgRuh.exe

C:\Windows\System\SaUGzrX.exe

C:\Windows\System\SaUGzrX.exe

C:\Windows\System\sarEZzP.exe

C:\Windows\System\sarEZzP.exe

C:\Windows\System\fwNOSoL.exe

C:\Windows\System\fwNOSoL.exe

C:\Windows\System\iGbtPRS.exe

C:\Windows\System\iGbtPRS.exe

C:\Windows\System\KnAujca.exe

C:\Windows\System\KnAujca.exe

C:\Windows\System\GtLPcaB.exe

C:\Windows\System\GtLPcaB.exe

C:\Windows\System\rdsZwcO.exe

C:\Windows\System\rdsZwcO.exe

C:\Windows\System\ZxUqrFx.exe

C:\Windows\System\ZxUqrFx.exe

C:\Windows\System\NlHTnVi.exe

C:\Windows\System\NlHTnVi.exe

C:\Windows\System\eXmZykL.exe

C:\Windows\System\eXmZykL.exe

C:\Windows\System\bzXPFjf.exe

C:\Windows\System\bzXPFjf.exe

C:\Windows\System\uShTvRx.exe

C:\Windows\System\uShTvRx.exe

C:\Windows\System\BKMPBIB.exe

C:\Windows\System\BKMPBIB.exe

C:\Windows\System\xiQcYyl.exe

C:\Windows\System\xiQcYyl.exe

C:\Windows\System\kKcGPUF.exe

C:\Windows\System\kKcGPUF.exe

C:\Windows\System\CsnLdmV.exe

C:\Windows\System\CsnLdmV.exe

C:\Windows\System\rjLESwa.exe

C:\Windows\System\rjLESwa.exe

C:\Windows\System\NPwCqZr.exe

C:\Windows\System\NPwCqZr.exe

C:\Windows\System\pjQaCao.exe

C:\Windows\System\pjQaCao.exe

C:\Windows\System\gOMbtyq.exe

C:\Windows\System\gOMbtyq.exe

C:\Windows\System\nXyJLRe.exe

C:\Windows\System\nXyJLRe.exe

C:\Windows\System\NLhUKNm.exe

C:\Windows\System\NLhUKNm.exe

C:\Windows\System\XSZpGwa.exe

C:\Windows\System\XSZpGwa.exe

C:\Windows\System\qoFkVxu.exe

C:\Windows\System\qoFkVxu.exe

C:\Windows\System\nQHyCoz.exe

C:\Windows\System\nQHyCoz.exe

C:\Windows\System\QzlPNoZ.exe

C:\Windows\System\QzlPNoZ.exe

C:\Windows\System\IAAmovn.exe

C:\Windows\System\IAAmovn.exe

C:\Windows\System\pDSMOFZ.exe

C:\Windows\System\pDSMOFZ.exe

C:\Windows\System\bukJKWh.exe

C:\Windows\System\bukJKWh.exe

C:\Windows\System\vlstxMr.exe

C:\Windows\System\vlstxMr.exe

C:\Windows\System\GdzWvRM.exe

C:\Windows\System\GdzWvRM.exe

C:\Windows\System\onkfGVl.exe

C:\Windows\System\onkfGVl.exe

C:\Windows\System\QytBIfk.exe

C:\Windows\System\QytBIfk.exe

C:\Windows\System\ZPGDoKO.exe

C:\Windows\System\ZPGDoKO.exe

C:\Windows\System\ttnzcNe.exe

C:\Windows\System\ttnzcNe.exe

C:\Windows\System\lNFvkrX.exe

C:\Windows\System\lNFvkrX.exe

C:\Windows\System\BXmGteS.exe

C:\Windows\System\BXmGteS.exe

C:\Windows\System\aOikObO.exe

C:\Windows\System\aOikObO.exe

C:\Windows\System\bDSpoyd.exe

C:\Windows\System\bDSpoyd.exe

C:\Windows\System\oGDUXbG.exe

C:\Windows\System\oGDUXbG.exe

C:\Windows\System\tgRiJAD.exe

C:\Windows\System\tgRiJAD.exe

C:\Windows\System\ZJKcOxn.exe

C:\Windows\System\ZJKcOxn.exe

C:\Windows\System\XGVXyOt.exe

C:\Windows\System\XGVXyOt.exe

C:\Windows\System\uwYhuFq.exe

C:\Windows\System\uwYhuFq.exe

C:\Windows\System\RDPuUES.exe

C:\Windows\System\RDPuUES.exe

C:\Windows\System\DfxAdnq.exe

C:\Windows\System\DfxAdnq.exe

C:\Windows\System\KLxptWP.exe

C:\Windows\System\KLxptWP.exe

C:\Windows\System\fSiCPGS.exe

C:\Windows\System\fSiCPGS.exe

C:\Windows\System\NSQFLNY.exe

C:\Windows\System\NSQFLNY.exe

C:\Windows\System\yiZYIUx.exe

C:\Windows\System\yiZYIUx.exe

C:\Windows\System\PcoWDeY.exe

C:\Windows\System\PcoWDeY.exe

C:\Windows\System\gqaoiEN.exe

C:\Windows\System\gqaoiEN.exe

C:\Windows\System\AqPRewJ.exe

C:\Windows\System\AqPRewJ.exe

C:\Windows\System\ZCfRDWq.exe

C:\Windows\System\ZCfRDWq.exe

C:\Windows\System\YOAMKyA.exe

C:\Windows\System\YOAMKyA.exe

C:\Windows\System\CRyPRFS.exe

C:\Windows\System\CRyPRFS.exe

C:\Windows\System\rMkZztE.exe

C:\Windows\System\rMkZztE.exe

C:\Windows\System\KAUWhiq.exe

C:\Windows\System\KAUWhiq.exe

C:\Windows\System\aUjKKSs.exe

C:\Windows\System\aUjKKSs.exe

C:\Windows\System\PiviGPZ.exe

C:\Windows\System\PiviGPZ.exe

C:\Windows\System\fODvnDH.exe

C:\Windows\System\fODvnDH.exe

C:\Windows\System\ELwzdrk.exe

C:\Windows\System\ELwzdrk.exe

C:\Windows\System\RfyGFiF.exe

C:\Windows\System\RfyGFiF.exe

C:\Windows\System\CDQRgNZ.exe

C:\Windows\System\CDQRgNZ.exe

C:\Windows\System\tbUPgBu.exe

C:\Windows\System\tbUPgBu.exe

C:\Windows\System\MBiMoOQ.exe

C:\Windows\System\MBiMoOQ.exe

C:\Windows\System\EDTYVNq.exe

C:\Windows\System\EDTYVNq.exe

C:\Windows\System\FHCIpsW.exe

C:\Windows\System\FHCIpsW.exe

C:\Windows\System\uQhxgVg.exe

C:\Windows\System\uQhxgVg.exe

C:\Windows\System\HEDCCcG.exe

C:\Windows\System\HEDCCcG.exe

C:\Windows\System\ZuQodea.exe

C:\Windows\System\ZuQodea.exe

C:\Windows\System\xeRjzxM.exe

C:\Windows\System\xeRjzxM.exe

C:\Windows\System\VoNOYLU.exe

C:\Windows\System\VoNOYLU.exe

C:\Windows\System\TmSQptu.exe

C:\Windows\System\TmSQptu.exe

C:\Windows\System\stCzMEe.exe

C:\Windows\System\stCzMEe.exe

C:\Windows\System\xnNqfmc.exe

C:\Windows\System\xnNqfmc.exe

C:\Windows\System\fcpnDdt.exe

C:\Windows\System\fcpnDdt.exe

C:\Windows\System\FzAbNZw.exe

C:\Windows\System\FzAbNZw.exe

C:\Windows\System\bezfwXl.exe

C:\Windows\System\bezfwXl.exe

C:\Windows\System\dLrxTxo.exe

C:\Windows\System\dLrxTxo.exe

C:\Windows\System\BIEStxg.exe

C:\Windows\System\BIEStxg.exe

C:\Windows\System\IcJuCKY.exe

C:\Windows\System\IcJuCKY.exe

C:\Windows\System\kJCvZTf.exe

C:\Windows\System\kJCvZTf.exe

C:\Windows\System\bDJLIWn.exe

C:\Windows\System\bDJLIWn.exe

C:\Windows\System\dcjVIfS.exe

C:\Windows\System\dcjVIfS.exe

C:\Windows\System\jkUCsKt.exe

C:\Windows\System\jkUCsKt.exe

C:\Windows\System\VuebNgq.exe

C:\Windows\System\VuebNgq.exe

C:\Windows\System\VodecUy.exe

C:\Windows\System\VodecUy.exe

C:\Windows\System\ouFKHdT.exe

C:\Windows\System\ouFKHdT.exe

C:\Windows\System\ZlrTUIh.exe

C:\Windows\System\ZlrTUIh.exe

C:\Windows\System\IVYncpi.exe

C:\Windows\System\IVYncpi.exe

C:\Windows\System\LjfDrtb.exe

C:\Windows\System\LjfDrtb.exe

C:\Windows\System\RLfcGfG.exe

C:\Windows\System\RLfcGfG.exe

C:\Windows\System\BNEPWWc.exe

C:\Windows\System\BNEPWWc.exe

C:\Windows\System\dthErvR.exe

C:\Windows\System\dthErvR.exe

C:\Windows\System\KQFRuDw.exe

C:\Windows\System\KQFRuDw.exe

C:\Windows\System\mdtyyLY.exe

C:\Windows\System\mdtyyLY.exe

C:\Windows\System\aRSwsTm.exe

C:\Windows\System\aRSwsTm.exe

C:\Windows\System\HQOHdrV.exe

C:\Windows\System\HQOHdrV.exe

C:\Windows\System\SdSHQGr.exe

C:\Windows\System\SdSHQGr.exe

C:\Windows\System\WOwfcfy.exe

C:\Windows\System\WOwfcfy.exe

C:\Windows\System\XCCPdTo.exe

C:\Windows\System\XCCPdTo.exe

C:\Windows\System\OyWlfny.exe

C:\Windows\System\OyWlfny.exe

C:\Windows\System\GLHYyrV.exe

C:\Windows\System\GLHYyrV.exe

C:\Windows\System\qvJnpiY.exe

C:\Windows\System\qvJnpiY.exe

C:\Windows\System\lFIOdnO.exe

C:\Windows\System\lFIOdnO.exe

C:\Windows\System\cdMvOut.exe

C:\Windows\System\cdMvOut.exe

C:\Windows\System\RmoATUG.exe

C:\Windows\System\RmoATUG.exe

C:\Windows\System\dlShZqK.exe

C:\Windows\System\dlShZqK.exe

C:\Windows\System\pgHUIaI.exe

C:\Windows\System\pgHUIaI.exe

C:\Windows\System\UIyJxGn.exe

C:\Windows\System\UIyJxGn.exe

C:\Windows\System\iDDUHAH.exe

C:\Windows\System\iDDUHAH.exe

C:\Windows\System\yARXCVT.exe

C:\Windows\System\yARXCVT.exe

C:\Windows\System\CxrlKQo.exe

C:\Windows\System\CxrlKQo.exe

C:\Windows\System\vaQtRfx.exe

C:\Windows\System\vaQtRfx.exe

C:\Windows\System\RPBHswx.exe

C:\Windows\System\RPBHswx.exe

C:\Windows\System\qZECRaY.exe

C:\Windows\System\qZECRaY.exe

C:\Windows\System\jotzZBe.exe

C:\Windows\System\jotzZBe.exe

C:\Windows\System\LUSPjeh.exe

C:\Windows\System\LUSPjeh.exe

C:\Windows\System\YWaMcOW.exe

C:\Windows\System\YWaMcOW.exe

C:\Windows\System\alEyHjT.exe

C:\Windows\System\alEyHjT.exe

C:\Windows\System\inepOnW.exe

C:\Windows\System\inepOnW.exe

C:\Windows\System\GXrTriM.exe

C:\Windows\System\GXrTriM.exe

C:\Windows\System\dTMpxPY.exe

C:\Windows\System\dTMpxPY.exe

C:\Windows\System\abZZXJQ.exe

C:\Windows\System\abZZXJQ.exe

C:\Windows\System\AeOQlyM.exe

C:\Windows\System\AeOQlyM.exe

C:\Windows\System\LbDeZVK.exe

C:\Windows\System\LbDeZVK.exe

C:\Windows\System\EiTfKmm.exe

C:\Windows\System\EiTfKmm.exe

C:\Windows\System\XvFjHnL.exe

C:\Windows\System\XvFjHnL.exe

C:\Windows\System\tZLvFTS.exe

C:\Windows\System\tZLvFTS.exe

C:\Windows\System\Iawllvg.exe

C:\Windows\System\Iawllvg.exe

C:\Windows\System\AWFOTjM.exe

C:\Windows\System\AWFOTjM.exe

C:\Windows\System\saYqxOz.exe

C:\Windows\System\saYqxOz.exe

C:\Windows\System\TZCVmva.exe

C:\Windows\System\TZCVmva.exe

C:\Windows\System\hUFZGqe.exe

C:\Windows\System\hUFZGqe.exe

C:\Windows\System\JIlXxbT.exe

C:\Windows\System\JIlXxbT.exe

C:\Windows\System\DZXhKGk.exe

C:\Windows\System\DZXhKGk.exe

C:\Windows\System\SeQITsu.exe

C:\Windows\System\SeQITsu.exe

C:\Windows\System\xNCPYPP.exe

C:\Windows\System\xNCPYPP.exe

C:\Windows\System\IxlYZzh.exe

C:\Windows\System\IxlYZzh.exe

C:\Windows\System\BzAUzFB.exe

C:\Windows\System\BzAUzFB.exe

C:\Windows\System\ZzgNXdJ.exe

C:\Windows\System\ZzgNXdJ.exe

C:\Windows\System\APYuUwJ.exe

C:\Windows\System\APYuUwJ.exe

C:\Windows\System\cuCsNfD.exe

C:\Windows\System\cuCsNfD.exe

C:\Windows\System\CPqXUww.exe

C:\Windows\System\CPqXUww.exe

C:\Windows\System\cmAEWOW.exe

C:\Windows\System\cmAEWOW.exe

C:\Windows\System\FCTYCsT.exe

C:\Windows\System\FCTYCsT.exe

C:\Windows\System\BnCjFam.exe

C:\Windows\System\BnCjFam.exe

C:\Windows\System\LSFAsQP.exe

C:\Windows\System\LSFAsQP.exe

C:\Windows\System\cnrUDDG.exe

C:\Windows\System\cnrUDDG.exe

C:\Windows\System\UKhkrfm.exe

C:\Windows\System\UKhkrfm.exe

C:\Windows\System\uJLRxGC.exe

C:\Windows\System\uJLRxGC.exe

C:\Windows\System\cWHJGbF.exe

C:\Windows\System\cWHJGbF.exe

C:\Windows\System\kgscFTh.exe

C:\Windows\System\kgscFTh.exe

C:\Windows\System\YNgsdvW.exe

C:\Windows\System\YNgsdvW.exe

C:\Windows\System\JuICXDo.exe

C:\Windows\System\JuICXDo.exe

C:\Windows\System\zVtiqiX.exe

C:\Windows\System\zVtiqiX.exe

C:\Windows\System\abclJFI.exe

C:\Windows\System\abclJFI.exe

C:\Windows\System\GxYLCEO.exe

C:\Windows\System\GxYLCEO.exe

C:\Windows\System\VKxIWrD.exe

C:\Windows\System\VKxIWrD.exe

C:\Windows\System\IeSqpUm.exe

C:\Windows\System\IeSqpUm.exe

C:\Windows\System\DzBfkox.exe

C:\Windows\System\DzBfkox.exe

C:\Windows\System\VxFasZm.exe

C:\Windows\System\VxFasZm.exe

C:\Windows\System\CYXTJqw.exe

C:\Windows\System\CYXTJqw.exe

C:\Windows\System\kGEFOuj.exe

C:\Windows\System\kGEFOuj.exe

C:\Windows\System\vBddOhs.exe

C:\Windows\System\vBddOhs.exe

C:\Windows\System\LPdDlis.exe

C:\Windows\System\LPdDlis.exe

C:\Windows\System\JxCaVuI.exe

C:\Windows\System\JxCaVuI.exe

C:\Windows\System\rkpESZX.exe

C:\Windows\System\rkpESZX.exe

C:\Windows\System\ithizzt.exe

C:\Windows\System\ithizzt.exe

C:\Windows\System\wXzraib.exe

C:\Windows\System\wXzraib.exe

C:\Windows\System\DGQitLw.exe

C:\Windows\System\DGQitLw.exe

C:\Windows\System\mpYQpjC.exe

C:\Windows\System\mpYQpjC.exe

C:\Windows\System\CYBQhuw.exe

C:\Windows\System\CYBQhuw.exe

C:\Windows\System\Lxbitss.exe

C:\Windows\System\Lxbitss.exe

C:\Windows\System\blbpOaH.exe

C:\Windows\System\blbpOaH.exe

C:\Windows\System\rJGwbWQ.exe

C:\Windows\System\rJGwbWQ.exe

C:\Windows\System\revDobw.exe

C:\Windows\System\revDobw.exe

C:\Windows\System\CuzgIxN.exe

C:\Windows\System\CuzgIxN.exe

C:\Windows\System\RWEsndy.exe

C:\Windows\System\RWEsndy.exe

C:\Windows\System\NhUKWmb.exe

C:\Windows\System\NhUKWmb.exe

C:\Windows\System\vgghhBg.exe

C:\Windows\System\vgghhBg.exe

C:\Windows\System\OXGZbMz.exe

C:\Windows\System\OXGZbMz.exe

C:\Windows\System\bHHeRky.exe

C:\Windows\System\bHHeRky.exe

C:\Windows\System\kdEngpZ.exe

C:\Windows\System\kdEngpZ.exe

C:\Windows\System\vaRtTcy.exe

C:\Windows\System\vaRtTcy.exe

C:\Windows\System\VInXdSh.exe

C:\Windows\System\VInXdSh.exe

C:\Windows\System\afZIIem.exe

C:\Windows\System\afZIIem.exe

C:\Windows\System\YiCdKma.exe

C:\Windows\System\YiCdKma.exe

C:\Windows\System\bEIrWBT.exe

C:\Windows\System\bEIrWBT.exe

C:\Windows\System\WHRAbbg.exe

C:\Windows\System\WHRAbbg.exe

C:\Windows\System\MGcreSb.exe

C:\Windows\System\MGcreSb.exe

C:\Windows\System\YNNLCat.exe

C:\Windows\System\YNNLCat.exe

C:\Windows\System\XZbSiSL.exe

C:\Windows\System\XZbSiSL.exe

C:\Windows\System\XiqqqlU.exe

C:\Windows\System\XiqqqlU.exe

C:\Windows\System\xMwknzN.exe

C:\Windows\System\xMwknzN.exe

C:\Windows\System\CYZZYYO.exe

C:\Windows\System\CYZZYYO.exe

C:\Windows\System\XdWMPvj.exe

C:\Windows\System\XdWMPvj.exe

C:\Windows\System\CPhohMN.exe

C:\Windows\System\CPhohMN.exe

C:\Windows\System\qaTUDji.exe

C:\Windows\System\qaTUDji.exe

C:\Windows\System\pGhISlF.exe

C:\Windows\System\pGhISlF.exe

C:\Windows\System\RKUTZCl.exe

C:\Windows\System\RKUTZCl.exe

C:\Windows\System\ADlLRJa.exe

C:\Windows\System\ADlLRJa.exe

C:\Windows\System\JbpCsJo.exe

C:\Windows\System\JbpCsJo.exe

C:\Windows\System\UGlKDPp.exe

C:\Windows\System\UGlKDPp.exe

C:\Windows\System\vGhLmKk.exe

C:\Windows\System\vGhLmKk.exe

C:\Windows\System\RoDqwIK.exe

C:\Windows\System\RoDqwIK.exe

C:\Windows\System\ZqGKlMh.exe

C:\Windows\System\ZqGKlMh.exe

C:\Windows\System\NhjYZLP.exe

C:\Windows\System\NhjYZLP.exe

C:\Windows\System\VwdfMEL.exe

C:\Windows\System\VwdfMEL.exe

C:\Windows\System\qpFtvNu.exe

C:\Windows\System\qpFtvNu.exe

C:\Windows\System\zFnLzXf.exe

C:\Windows\System\zFnLzXf.exe

C:\Windows\System\zcpsvvA.exe

C:\Windows\System\zcpsvvA.exe

C:\Windows\System\sByinBZ.exe

C:\Windows\System\sByinBZ.exe

C:\Windows\System\JHKSBQN.exe

C:\Windows\System\JHKSBQN.exe

C:\Windows\System\IikqKKm.exe

C:\Windows\System\IikqKKm.exe

C:\Windows\System\cdxLZFW.exe

C:\Windows\System\cdxLZFW.exe

C:\Windows\System\IDCDlZV.exe

C:\Windows\System\IDCDlZV.exe

C:\Windows\System\uHZVHGF.exe

C:\Windows\System\uHZVHGF.exe

C:\Windows\System\xfaNbhW.exe

C:\Windows\System\xfaNbhW.exe

C:\Windows\System\fUAVAIQ.exe

C:\Windows\System\fUAVAIQ.exe

C:\Windows\System\GttLYNd.exe

C:\Windows\System\GttLYNd.exe

C:\Windows\System\zFCDgDo.exe

C:\Windows\System\zFCDgDo.exe

C:\Windows\System\NcfdYmt.exe

C:\Windows\System\NcfdYmt.exe

C:\Windows\System\sBaOpZy.exe

C:\Windows\System\sBaOpZy.exe

C:\Windows\System\uRJMabV.exe

C:\Windows\System\uRJMabV.exe

C:\Windows\System\xZlZbER.exe

C:\Windows\System\xZlZbER.exe

C:\Windows\System\ZFcrXuj.exe

C:\Windows\System\ZFcrXuj.exe

C:\Windows\System\bXeQbEY.exe

C:\Windows\System\bXeQbEY.exe

C:\Windows\System\umOojDf.exe

C:\Windows\System\umOojDf.exe

C:\Windows\System\sQxfWAO.exe

C:\Windows\System\sQxfWAO.exe

C:\Windows\System\pvvOuMj.exe

C:\Windows\System\pvvOuMj.exe

C:\Windows\System\CsaZQxQ.exe

C:\Windows\System\CsaZQxQ.exe

C:\Windows\System\EptXYTo.exe

C:\Windows\System\EptXYTo.exe

C:\Windows\System\zrnXLQX.exe

C:\Windows\System\zrnXLQX.exe

C:\Windows\System\UIBkVYI.exe

C:\Windows\System\UIBkVYI.exe

C:\Windows\System\cUwudHm.exe

C:\Windows\System\cUwudHm.exe

C:\Windows\System\OKvUTvO.exe

C:\Windows\System\OKvUTvO.exe

C:\Windows\System\jaxxQZM.exe

C:\Windows\System\jaxxQZM.exe

C:\Windows\System\gnYrAdc.exe

C:\Windows\System\gnYrAdc.exe

C:\Windows\System\mcwcgPQ.exe

C:\Windows\System\mcwcgPQ.exe

C:\Windows\System\ICNvEps.exe

C:\Windows\System\ICNvEps.exe

C:\Windows\System\JIrzTum.exe

C:\Windows\System\JIrzTum.exe

C:\Windows\System\kEzCQSb.exe

C:\Windows\System\kEzCQSb.exe

C:\Windows\System\dyxnPhO.exe

C:\Windows\System\dyxnPhO.exe

C:\Windows\System\XoEeutY.exe

C:\Windows\System\XoEeutY.exe

C:\Windows\System\nyVLtsZ.exe

C:\Windows\System\nyVLtsZ.exe

C:\Windows\System\DomKdCO.exe

C:\Windows\System\DomKdCO.exe

C:\Windows\System\JAZPKTc.exe

C:\Windows\System\JAZPKTc.exe

C:\Windows\System\llHSDSX.exe

C:\Windows\System\llHSDSX.exe

C:\Windows\System\jIgMDUZ.exe

C:\Windows\System\jIgMDUZ.exe

C:\Windows\System\CpOKxbd.exe

C:\Windows\System\CpOKxbd.exe

C:\Windows\System\exkrwdf.exe

C:\Windows\System\exkrwdf.exe

C:\Windows\System\lxaPUVM.exe

C:\Windows\System\lxaPUVM.exe

C:\Windows\System\WMGfZgC.exe

C:\Windows\System\WMGfZgC.exe

C:\Windows\System\YXvdisj.exe

C:\Windows\System\YXvdisj.exe

C:\Windows\System\gWujHNv.exe

C:\Windows\System\gWujHNv.exe

C:\Windows\System\iGtoPxt.exe

C:\Windows\System\iGtoPxt.exe

C:\Windows\System\pRzWQUv.exe

C:\Windows\System\pRzWQUv.exe

C:\Windows\System\iIvdbQw.exe

C:\Windows\System\iIvdbQw.exe

C:\Windows\System\STgpPmG.exe

C:\Windows\System\STgpPmG.exe

C:\Windows\System\dkXyhDv.exe

C:\Windows\System\dkXyhDv.exe

C:\Windows\System\cGboAZx.exe

C:\Windows\System\cGboAZx.exe

C:\Windows\System\hlTOhSx.exe

C:\Windows\System\hlTOhSx.exe

C:\Windows\System\Kxgqehm.exe

C:\Windows\System\Kxgqehm.exe

C:\Windows\System\eyynCOk.exe

C:\Windows\System\eyynCOk.exe

C:\Windows\System\TdQyDlv.exe

C:\Windows\System\TdQyDlv.exe

C:\Windows\System\GDmXknF.exe

C:\Windows\System\GDmXknF.exe

C:\Windows\System\xCsnqge.exe

C:\Windows\System\xCsnqge.exe

C:\Windows\System\JLRgLDl.exe

C:\Windows\System\JLRgLDl.exe

C:\Windows\System\EPoXSCq.exe

C:\Windows\System\EPoXSCq.exe

C:\Windows\System\zHNhpPA.exe

C:\Windows\System\zHNhpPA.exe

C:\Windows\System\AuJZneb.exe

C:\Windows\System\AuJZneb.exe

C:\Windows\System\EzYkSZh.exe

C:\Windows\System\EzYkSZh.exe

C:\Windows\System\yHWddwq.exe

C:\Windows\System\yHWddwq.exe

C:\Windows\System\PCsiaZi.exe

C:\Windows\System\PCsiaZi.exe

C:\Windows\System\UrYSiSd.exe

C:\Windows\System\UrYSiSd.exe

C:\Windows\System\EZFLRHi.exe

C:\Windows\System\EZFLRHi.exe

C:\Windows\System\iwKllYF.exe

C:\Windows\System\iwKllYF.exe

C:\Windows\System\PsyReZa.exe

C:\Windows\System\PsyReZa.exe

C:\Windows\System\yvIqOsd.exe

C:\Windows\System\yvIqOsd.exe

C:\Windows\System\dfbjdlS.exe

C:\Windows\System\dfbjdlS.exe

C:\Windows\System\jkxVaWO.exe

C:\Windows\System\jkxVaWO.exe

C:\Windows\System\dqTUUzP.exe

C:\Windows\System\dqTUUzP.exe

C:\Windows\System\oTaFihS.exe

C:\Windows\System\oTaFihS.exe

C:\Windows\System\yFFQVZJ.exe

C:\Windows\System\yFFQVZJ.exe

C:\Windows\System\mHWVhtZ.exe

C:\Windows\System\mHWVhtZ.exe

C:\Windows\System\CnbjiQA.exe

C:\Windows\System\CnbjiQA.exe

C:\Windows\System\UXXxLzI.exe

C:\Windows\System\UXXxLzI.exe

C:\Windows\System\ZYAaUkg.exe

C:\Windows\System\ZYAaUkg.exe

C:\Windows\System\BgpLIPG.exe

C:\Windows\System\BgpLIPG.exe

C:\Windows\System\TtVqSnd.exe

C:\Windows\System\TtVqSnd.exe

C:\Windows\System\DceZfFW.exe

C:\Windows\System\DceZfFW.exe

C:\Windows\System\YneWKpk.exe

C:\Windows\System\YneWKpk.exe

C:\Windows\System\fVgkjAs.exe

C:\Windows\System\fVgkjAs.exe

C:\Windows\System\GSmLTlS.exe

C:\Windows\System\GSmLTlS.exe

C:\Windows\System\ceSVvtL.exe

C:\Windows\System\ceSVvtL.exe

C:\Windows\System\PiiOZsc.exe

C:\Windows\System\PiiOZsc.exe

C:\Windows\System\FpWauhF.exe

C:\Windows\System\FpWauhF.exe

C:\Windows\System\IqFVhgC.exe

C:\Windows\System\IqFVhgC.exe

C:\Windows\System\zlrhrKT.exe

C:\Windows\System\zlrhrKT.exe

C:\Windows\System\NOOHahK.exe

C:\Windows\System\NOOHahK.exe

C:\Windows\System\sdBNyRd.exe

C:\Windows\System\sdBNyRd.exe

C:\Windows\System\fmwjdQd.exe

C:\Windows\System\fmwjdQd.exe

C:\Windows\System\MCGhXtl.exe

C:\Windows\System\MCGhXtl.exe

C:\Windows\System\UUBRvlX.exe

C:\Windows\System\UUBRvlX.exe

C:\Windows\System\yFPlMRq.exe

C:\Windows\System\yFPlMRq.exe

C:\Windows\System\SxaTpUB.exe

C:\Windows\System\SxaTpUB.exe

C:\Windows\System\znRVPKW.exe

C:\Windows\System\znRVPKW.exe

C:\Windows\System\WlPXEtz.exe

C:\Windows\System\WlPXEtz.exe

C:\Windows\System\VOFMYPf.exe

C:\Windows\System\VOFMYPf.exe

C:\Windows\System\NPYMVaS.exe

C:\Windows\System\NPYMVaS.exe

C:\Windows\System\ZNpTGbC.exe

C:\Windows\System\ZNpTGbC.exe

C:\Windows\System\VJjhSoL.exe

C:\Windows\System\VJjhSoL.exe

C:\Windows\System\wuYDPZf.exe

C:\Windows\System\wuYDPZf.exe

C:\Windows\System\pWcZXrH.exe

C:\Windows\System\pWcZXrH.exe

C:\Windows\System\dkNTVjg.exe

C:\Windows\System\dkNTVjg.exe

C:\Windows\System\GYxavuy.exe

C:\Windows\System\GYxavuy.exe

C:\Windows\System\HCVIuLb.exe

C:\Windows\System\HCVIuLb.exe

C:\Windows\System\eMgANiY.exe

C:\Windows\System\eMgANiY.exe

C:\Windows\System\riPmFNe.exe

C:\Windows\System\riPmFNe.exe

C:\Windows\System\vEMTOOH.exe

C:\Windows\System\vEMTOOH.exe

C:\Windows\System\OzxSbYL.exe

C:\Windows\System\OzxSbYL.exe

C:\Windows\System\KHmSlZo.exe

C:\Windows\System\KHmSlZo.exe

C:\Windows\System\eOdTxKt.exe

C:\Windows\System\eOdTxKt.exe

C:\Windows\System\LyHMZQN.exe

C:\Windows\System\LyHMZQN.exe

C:\Windows\System\TiuaKNt.exe

C:\Windows\System\TiuaKNt.exe

C:\Windows\System\RYJWNoY.exe

C:\Windows\System\RYJWNoY.exe

C:\Windows\System\SjaMAFw.exe

C:\Windows\System\SjaMAFw.exe

C:\Windows\System\XwLMhBM.exe

C:\Windows\System\XwLMhBM.exe

C:\Windows\System\dZMVGhS.exe

C:\Windows\System\dZMVGhS.exe

C:\Windows\System\GZmwxCE.exe

C:\Windows\System\GZmwxCE.exe

C:\Windows\System\OHxMQca.exe

C:\Windows\System\OHxMQca.exe

C:\Windows\System\qbBBMFA.exe

C:\Windows\System\qbBBMFA.exe

C:\Windows\System\LpQbjXb.exe

C:\Windows\System\LpQbjXb.exe

C:\Windows\System\OYFFYJH.exe

C:\Windows\System\OYFFYJH.exe

C:\Windows\System\KZzBGLu.exe

C:\Windows\System\KZzBGLu.exe

C:\Windows\System\bvlPvhL.exe

C:\Windows\System\bvlPvhL.exe

C:\Windows\System\FYwxBjt.exe

C:\Windows\System\FYwxBjt.exe

C:\Windows\System\XaRBWsb.exe

C:\Windows\System\XaRBWsb.exe

C:\Windows\System\ayJJbqP.exe

C:\Windows\System\ayJJbqP.exe

C:\Windows\System\mcUDLiJ.exe

C:\Windows\System\mcUDLiJ.exe

C:\Windows\System\MWLnBSJ.exe

C:\Windows\System\MWLnBSJ.exe

C:\Windows\System\iXfeVmW.exe

C:\Windows\System\iXfeVmW.exe

C:\Windows\System\AsOzUTB.exe

C:\Windows\System\AsOzUTB.exe

C:\Windows\System\PMWNfDC.exe

C:\Windows\System\PMWNfDC.exe

C:\Windows\System\YEiEeKA.exe

C:\Windows\System\YEiEeKA.exe

C:\Windows\System\LJcaWjK.exe

C:\Windows\System\LJcaWjK.exe

C:\Windows\System\mfCwKcv.exe

C:\Windows\System\mfCwKcv.exe

C:\Windows\System\YImRjGv.exe

C:\Windows\System\YImRjGv.exe

C:\Windows\System\SBEBytD.exe

C:\Windows\System\SBEBytD.exe

C:\Windows\System\UadzaNH.exe

C:\Windows\System\UadzaNH.exe

C:\Windows\System\LwcQtBQ.exe

C:\Windows\System\LwcQtBQ.exe

C:\Windows\System\WMlSElY.exe

C:\Windows\System\WMlSElY.exe

C:\Windows\System\kllparh.exe

C:\Windows\System\kllparh.exe

C:\Windows\System\ZvyVzNN.exe

C:\Windows\System\ZvyVzNN.exe

C:\Windows\System\kqQUrRT.exe

C:\Windows\System\kqQUrRT.exe

C:\Windows\System\JhKbqkv.exe

C:\Windows\System\JhKbqkv.exe

C:\Windows\System\eXdGycG.exe

C:\Windows\System\eXdGycG.exe

C:\Windows\System\gmnaXcF.exe

C:\Windows\System\gmnaXcF.exe

C:\Windows\System\uDbAfhg.exe

C:\Windows\System\uDbAfhg.exe

C:\Windows\System\fUZqoFD.exe

C:\Windows\System\fUZqoFD.exe

C:\Windows\System\WzmEqMe.exe

C:\Windows\System\WzmEqMe.exe

C:\Windows\System\QiGmDGH.exe

C:\Windows\System\QiGmDGH.exe

C:\Windows\System\DSfGtvH.exe

C:\Windows\System\DSfGtvH.exe

C:\Windows\System\QuEGOzs.exe

C:\Windows\System\QuEGOzs.exe

C:\Windows\System\qkUzPni.exe

C:\Windows\System\qkUzPni.exe

C:\Windows\System\yqFYSVy.exe

C:\Windows\System\yqFYSVy.exe

C:\Windows\System\GrgxSgN.exe

C:\Windows\System\GrgxSgN.exe

C:\Windows\System\QuooaAf.exe

C:\Windows\System\QuooaAf.exe

C:\Windows\System\rBzbacY.exe

C:\Windows\System\rBzbacY.exe

C:\Windows\System\PklvgfN.exe

C:\Windows\System\PklvgfN.exe

C:\Windows\System\tZjFiml.exe

C:\Windows\System\tZjFiml.exe

C:\Windows\System\weKYHXr.exe

C:\Windows\System\weKYHXr.exe

C:\Windows\System\EuDatht.exe

C:\Windows\System\EuDatht.exe

C:\Windows\System\HqoTXlP.exe

C:\Windows\System\HqoTXlP.exe

C:\Windows\System\EYaLGyq.exe

C:\Windows\System\EYaLGyq.exe

C:\Windows\System\FONaMwA.exe

C:\Windows\System\FONaMwA.exe

C:\Windows\System\UjVnsQz.exe

C:\Windows\System\UjVnsQz.exe

C:\Windows\System\niZGeBb.exe

C:\Windows\System\niZGeBb.exe

C:\Windows\System\NUsoyMa.exe

C:\Windows\System\NUsoyMa.exe

C:\Windows\System\iaMZMHf.exe

C:\Windows\System\iaMZMHf.exe

C:\Windows\System\isGPWFV.exe

C:\Windows\System\isGPWFV.exe

C:\Windows\System\RmLUARS.exe

C:\Windows\System\RmLUARS.exe

C:\Windows\System\OkfNEOf.exe

C:\Windows\System\OkfNEOf.exe

C:\Windows\System\kCqwQxo.exe

C:\Windows\System\kCqwQxo.exe

C:\Windows\System\SEXysYt.exe

C:\Windows\System\SEXysYt.exe

C:\Windows\System\AhdWAvn.exe

C:\Windows\System\AhdWAvn.exe

C:\Windows\System\QOwjSZI.exe

C:\Windows\System\QOwjSZI.exe

C:\Windows\System\YiXdVqp.exe

C:\Windows\System\YiXdVqp.exe

C:\Windows\System\IWsZzIZ.exe

C:\Windows\System\IWsZzIZ.exe

C:\Windows\System\VUpIYks.exe

C:\Windows\System\VUpIYks.exe

C:\Windows\System\trFuzSg.exe

C:\Windows\System\trFuzSg.exe

C:\Windows\System\SKZXYfP.exe

C:\Windows\System\SKZXYfP.exe

C:\Windows\System\iXIzKOA.exe

C:\Windows\System\iXIzKOA.exe

C:\Windows\System\RnjVTqi.exe

C:\Windows\System\RnjVTqi.exe

C:\Windows\System\JNosRyj.exe

C:\Windows\System\JNosRyj.exe

C:\Windows\System\OymyXvi.exe

C:\Windows\System\OymyXvi.exe

C:\Windows\System\EdVwMGs.exe

C:\Windows\System\EdVwMGs.exe

C:\Windows\System\WiYHaJW.exe

C:\Windows\System\WiYHaJW.exe

C:\Windows\System\IPdEvYD.exe

C:\Windows\System\IPdEvYD.exe

C:\Windows\System\YPxLnHF.exe

C:\Windows\System\YPxLnHF.exe

C:\Windows\System\HPeJpaC.exe

C:\Windows\System\HPeJpaC.exe

C:\Windows\System\VhSrLXO.exe

C:\Windows\System\VhSrLXO.exe

C:\Windows\System\dPoiMuM.exe

C:\Windows\System\dPoiMuM.exe

C:\Windows\System\YicUbOn.exe

C:\Windows\System\YicUbOn.exe

C:\Windows\System\gVquoEh.exe

C:\Windows\System\gVquoEh.exe

C:\Windows\System\QmKMHiv.exe

C:\Windows\System\QmKMHiv.exe

C:\Windows\System\lepBrYY.exe

C:\Windows\System\lepBrYY.exe

C:\Windows\System\OVbJlkn.exe

C:\Windows\System\OVbJlkn.exe

C:\Windows\System\EWOQUPV.exe

C:\Windows\System\EWOQUPV.exe

C:\Windows\System\dimHeDy.exe

C:\Windows\System\dimHeDy.exe

C:\Windows\System\xUgfOSR.exe

C:\Windows\System\xUgfOSR.exe

C:\Windows\System\mpSVCIb.exe

C:\Windows\System\mpSVCIb.exe

C:\Windows\System\XTciVph.exe

C:\Windows\System\XTciVph.exe

C:\Windows\System\UCOYmwr.exe

C:\Windows\System\UCOYmwr.exe

C:\Windows\System\VolPtkf.exe

C:\Windows\System\VolPtkf.exe

C:\Windows\System\EpkMcvQ.exe

C:\Windows\System\EpkMcvQ.exe

C:\Windows\System\yBZKlwP.exe

C:\Windows\System\yBZKlwP.exe

C:\Windows\System\hYgXQnz.exe

C:\Windows\System\hYgXQnz.exe

C:\Windows\System\HIpkBfM.exe

C:\Windows\System\HIpkBfM.exe

C:\Windows\System\yXOcekI.exe

C:\Windows\System\yXOcekI.exe

C:\Windows\System\zqkjlpQ.exe

C:\Windows\System\zqkjlpQ.exe

C:\Windows\System\cHfXqlN.exe

C:\Windows\System\cHfXqlN.exe

C:\Windows\System\yeQkYnM.exe

C:\Windows\System\yeQkYnM.exe

C:\Windows\System\IiLYjjn.exe

C:\Windows\System\IiLYjjn.exe

C:\Windows\System\rPaabvU.exe

C:\Windows\System\rPaabvU.exe

C:\Windows\System\WgSqGYt.exe

C:\Windows\System\WgSqGYt.exe

C:\Windows\System\IMBcVSs.exe

C:\Windows\System\IMBcVSs.exe

C:\Windows\System\RMTQjpx.exe

C:\Windows\System\RMTQjpx.exe

C:\Windows\System\xXMLfwL.exe

C:\Windows\System\xXMLfwL.exe

C:\Windows\System\XCZbBRg.exe

C:\Windows\System\XCZbBRg.exe

C:\Windows\System\fmSczzH.exe

C:\Windows\System\fmSczzH.exe

C:\Windows\System\ZsIpQJL.exe

C:\Windows\System\ZsIpQJL.exe

C:\Windows\System\KMPAKUI.exe

C:\Windows\System\KMPAKUI.exe

C:\Windows\System\DlJMzCn.exe

C:\Windows\System\DlJMzCn.exe

C:\Windows\System\JETHJJc.exe

C:\Windows\System\JETHJJc.exe

C:\Windows\System\ZpmAnZF.exe

C:\Windows\System\ZpmAnZF.exe

C:\Windows\System\grsmlGb.exe

C:\Windows\System\grsmlGb.exe

C:\Windows\System\TxCQher.exe

C:\Windows\System\TxCQher.exe

C:\Windows\System\qarSYns.exe

C:\Windows\System\qarSYns.exe

C:\Windows\System\zUdwmGc.exe

C:\Windows\System\zUdwmGc.exe

C:\Windows\System\jaqaePF.exe

C:\Windows\System\jaqaePF.exe

C:\Windows\System\JobUGLh.exe

C:\Windows\System\JobUGLh.exe

C:\Windows\System\TVxmJHE.exe

C:\Windows\System\TVxmJHE.exe

C:\Windows\System\BXaHptq.exe

C:\Windows\System\BXaHptq.exe

C:\Windows\System\pCdnNhj.exe

C:\Windows\System\pCdnNhj.exe

C:\Windows\System\pUpjpYH.exe

C:\Windows\System\pUpjpYH.exe

C:\Windows\System\DVcbgPy.exe

C:\Windows\System\DVcbgPy.exe

C:\Windows\System\PRyWFXC.exe

C:\Windows\System\PRyWFXC.exe

C:\Windows\System\CntdJpu.exe

C:\Windows\System\CntdJpu.exe

C:\Windows\System\rNBPAxI.exe

C:\Windows\System\rNBPAxI.exe

C:\Windows\System\DnyUmaw.exe

C:\Windows\System\DnyUmaw.exe

C:\Windows\System\gYYCqcX.exe

C:\Windows\System\gYYCqcX.exe

C:\Windows\System\JvRvHVp.exe

C:\Windows\System\JvRvHVp.exe

C:\Windows\System\DRgnbbn.exe

C:\Windows\System\DRgnbbn.exe

C:\Windows\System\jmjzPkv.exe

C:\Windows\System\jmjzPkv.exe

C:\Windows\System\SlaUHLz.exe

C:\Windows\System\SlaUHLz.exe

C:\Windows\System\OVMdTTX.exe

C:\Windows\System\OVMdTTX.exe

C:\Windows\System\bPsxrDJ.exe

C:\Windows\System\bPsxrDJ.exe

C:\Windows\System\NbeVxXE.exe

C:\Windows\System\NbeVxXE.exe

C:\Windows\System\xLPmTCW.exe

C:\Windows\System\xLPmTCW.exe

C:\Windows\System\WVduwoJ.exe

C:\Windows\System\WVduwoJ.exe

C:\Windows\System\gJpbjUi.exe

C:\Windows\System\gJpbjUi.exe

C:\Windows\System\grfAQVO.exe

C:\Windows\System\grfAQVO.exe

C:\Windows\System\mgisXwj.exe

C:\Windows\System\mgisXwj.exe

C:\Windows\System\ElcQbWx.exe

C:\Windows\System\ElcQbWx.exe

C:\Windows\System\zSkxdKY.exe

C:\Windows\System\zSkxdKY.exe

C:\Windows\System\ZIlwEkO.exe

C:\Windows\System\ZIlwEkO.exe

C:\Windows\System\YGbojyf.exe

C:\Windows\System\YGbojyf.exe

C:\Windows\System\FUEKqva.exe

C:\Windows\System\FUEKqva.exe

C:\Windows\System\SyvIQBn.exe

C:\Windows\System\SyvIQBn.exe

C:\Windows\System\hYgCTZx.exe

C:\Windows\System\hYgCTZx.exe

C:\Windows\System\uniCmUo.exe

C:\Windows\System\uniCmUo.exe

C:\Windows\System\nDLzXER.exe

C:\Windows\System\nDLzXER.exe

C:\Windows\System\eVgFHTx.exe

C:\Windows\System\eVgFHTx.exe

C:\Windows\System\BlYFBzr.exe

C:\Windows\System\BlYFBzr.exe

C:\Windows\System\vlPZSax.exe

C:\Windows\System\vlPZSax.exe

C:\Windows\System\pCSpgin.exe

C:\Windows\System\pCSpgin.exe

C:\Windows\System\VDwAJlS.exe

C:\Windows\System\VDwAJlS.exe

C:\Windows\System\GaedlMT.exe

C:\Windows\System\GaedlMT.exe

C:\Windows\System\bOJHTRA.exe

C:\Windows\System\bOJHTRA.exe

C:\Windows\System\bvdDZxa.exe

C:\Windows\System\bvdDZxa.exe

C:\Windows\System\lwttDaD.exe

C:\Windows\System\lwttDaD.exe

C:\Windows\System\mXnGTDm.exe

C:\Windows\System\mXnGTDm.exe

C:\Windows\System\JbbxUNj.exe

C:\Windows\System\JbbxUNj.exe

C:\Windows\System\duZpLSK.exe

C:\Windows\System\duZpLSK.exe

C:\Windows\System\EUMJsuI.exe

C:\Windows\System\EUMJsuI.exe

C:\Windows\System\KFIbLZB.exe

C:\Windows\System\KFIbLZB.exe

C:\Windows\System\zROkQtD.exe

C:\Windows\System\zROkQtD.exe

C:\Windows\System\TJCkpuF.exe

C:\Windows\System\TJCkpuF.exe

C:\Windows\System\ECzPaWO.exe

C:\Windows\System\ECzPaWO.exe

C:\Windows\System\GuGEdwt.exe

C:\Windows\System\GuGEdwt.exe

C:\Windows\System\uEqKapI.exe

C:\Windows\System\uEqKapI.exe

C:\Windows\System\OsjtGoI.exe

C:\Windows\System\OsjtGoI.exe

C:\Windows\System\lPTkwvJ.exe

C:\Windows\System\lPTkwvJ.exe

C:\Windows\System\HsUHJTn.exe

C:\Windows\System\HsUHJTn.exe

C:\Windows\System\vkXgwWz.exe

C:\Windows\System\vkXgwWz.exe

C:\Windows\System\FtXBidS.exe

C:\Windows\System\FtXBidS.exe

C:\Windows\System\emUoUao.exe

C:\Windows\System\emUoUao.exe

C:\Windows\System\ivVSCmU.exe

C:\Windows\System\ivVSCmU.exe

C:\Windows\System\JKhnUHa.exe

C:\Windows\System\JKhnUHa.exe

C:\Windows\System\SQDXNhd.exe

C:\Windows\System\SQDXNhd.exe

C:\Windows\System\YlufSys.exe

C:\Windows\System\YlufSys.exe

C:\Windows\System\cXDpOMI.exe

C:\Windows\System\cXDpOMI.exe

C:\Windows\System\KaPISHd.exe

C:\Windows\System\KaPISHd.exe

C:\Windows\System\qljhdvB.exe

C:\Windows\System\qljhdvB.exe

C:\Windows\System\phxFveB.exe

C:\Windows\System\phxFveB.exe

C:\Windows\System\OzUjLhq.exe

C:\Windows\System\OzUjLhq.exe

C:\Windows\System\cWVNkjH.exe

C:\Windows\System\cWVNkjH.exe

C:\Windows\System\WauBzAd.exe

C:\Windows\System\WauBzAd.exe

C:\Windows\System\aXgvuBE.exe

C:\Windows\System\aXgvuBE.exe

C:\Windows\System\MQyBttc.exe

C:\Windows\System\MQyBttc.exe

C:\Windows\System\mUlWSQd.exe

C:\Windows\System\mUlWSQd.exe

C:\Windows\System\cJnckbd.exe

C:\Windows\System\cJnckbd.exe

C:\Windows\System\IQAORBj.exe

C:\Windows\System\IQAORBj.exe

C:\Windows\System\LkFPtaP.exe

C:\Windows\System\LkFPtaP.exe

C:\Windows\System\fqYrBXz.exe

C:\Windows\System\fqYrBXz.exe

C:\Windows\System\UJfpvQu.exe

C:\Windows\System\UJfpvQu.exe

C:\Windows\System\CeEwcNv.exe

C:\Windows\System\CeEwcNv.exe

C:\Windows\System\oTGEIqT.exe

C:\Windows\System\oTGEIqT.exe

C:\Windows\System\TMgPgOH.exe

C:\Windows\System\TMgPgOH.exe

C:\Windows\System\FgnfWNp.exe

C:\Windows\System\FgnfWNp.exe

C:\Windows\System\RdABbvD.exe

C:\Windows\System\RdABbvD.exe

C:\Windows\System\ylpswaY.exe

C:\Windows\System\ylpswaY.exe

C:\Windows\System\rzcyIev.exe

C:\Windows\System\rzcyIev.exe

C:\Windows\System\BFOSzdq.exe

C:\Windows\System\BFOSzdq.exe

C:\Windows\System\qUoBbip.exe

C:\Windows\System\qUoBbip.exe

C:\Windows\System\PnxbuLn.exe

C:\Windows\System\PnxbuLn.exe

C:\Windows\System\tWKQhDx.exe

C:\Windows\System\tWKQhDx.exe

C:\Windows\System\xpfLKza.exe

C:\Windows\System\xpfLKza.exe

C:\Windows\System\MhOXdvo.exe

C:\Windows\System\MhOXdvo.exe

C:\Windows\System\CFsVvkP.exe

C:\Windows\System\CFsVvkP.exe

C:\Windows\System\ERnHhLE.exe

C:\Windows\System\ERnHhLE.exe

C:\Windows\System\zAgAXiq.exe

C:\Windows\System\zAgAXiq.exe

C:\Windows\System\VXOdJKA.exe

C:\Windows\System\VXOdJKA.exe

C:\Windows\System\kQSndiM.exe

C:\Windows\System\kQSndiM.exe

C:\Windows\System\vZPJSvR.exe

C:\Windows\System\vZPJSvR.exe

C:\Windows\System\Vzwhqru.exe

C:\Windows\System\Vzwhqru.exe

C:\Windows\System\aYSlokv.exe

C:\Windows\System\aYSlokv.exe

C:\Windows\System\WTewniV.exe

C:\Windows\System\WTewniV.exe

C:\Windows\System\vHApvhh.exe

C:\Windows\System\vHApvhh.exe

C:\Windows\System\YSqmBvJ.exe

C:\Windows\System\YSqmBvJ.exe

C:\Windows\System\OABkXWl.exe

C:\Windows\System\OABkXWl.exe

Network

N/A

Files

memory/1616-0-0x000000013F7B0000-0x000000013FB01000-memory.dmp

memory/1616-1-0x0000000000180000-0x0000000000190000-memory.dmp

C:\Windows\system\njIWGms.exe

MD5 98b0f4a637327acaa357b5bf2a51b769
SHA1 949d0911f758e433128b0c53c86a976d42914f24
SHA256 90046cc8d9d7d7a46058e16e5af09a0d04ec97c795326d0455058463dbfdf75e
SHA512 6e2a25d0a8317440487f407d2918dcddd14dcd65e6352a58f69695afe75447184346c1828cdb255d5532a8034c9282ef7102b1cb44bd1a0fd5d37d35ed8d6c99

memory/2888-9-0x000000013F330000-0x000000013F681000-memory.dmp

memory/1616-7-0x000000013F330000-0x000000013F681000-memory.dmp

C:\Windows\system\MeUbOvv.exe

MD5 f3ecd33e7ec5d0c410bcd5df51044bec
SHA1 c0a2b67ad3f50461a6ce88dd35541e5b05b31a72
SHA256 f76b97df984770a08f08cb1fca8569a455fe8d59ebf85f843db1b44f37beb52f
SHA512 7c7bd0e708ccf5342c3737dd980101483cc38c6af8df7b89a2962ec14edfe36369f272c0773c8df071eb661376d7044961e25b1f04f53a42e7a35867a789a22d

memory/2576-15-0x000000013F210000-0x000000013F561000-memory.dmp

C:\Windows\system\DtwUCJi.exe

MD5 d6169272f4863d6429bf369780c0e0e9
SHA1 e676d1e7f5d11ff4a1a474ab3036fc42b3245113
SHA256 6706b03d4cba3a58e5978d4652d3c0557253d7f2af043be6de923a1746e1160e
SHA512 569861e1eb2b3795512b7fdaf8590f92cffc5734990bd0f9b8d63f85c863b59f17f87e871599bb39cf71aa90d842d9b4a4a325a4bae4cb8e6e10bcbec75ac779

memory/2828-22-0x000000013FCB0000-0x0000000140001000-memory.dmp

memory/1616-20-0x000000013FCB0000-0x0000000140001000-memory.dmp

\Windows\system\PeiLxxA.exe

MD5 1dbe1f2e1b4ea82109e7c290698ad2cf
SHA1 def37bcbb70d5a14c252a1af6b2a604adaf67634
SHA256 88f1b74d3c568202693166b3ec4f9f72a8f5a8ab056dab17ff1651e6e594d1e0
SHA512 db9f2a1e057b1df5cfdf525dd8dc31680e2bb1c2d938db683e92a32fb86daf39f42553befae94c1b8c3ae5bae5c929badbcbb1c82413b69e0bccbbc554cb2127

\Windows\system\TanMURT.exe

MD5 7973a612014d34c36ad8824e196178c9
SHA1 374f09a212e373ffb5f3f8b6b219844a01405827
SHA256 76057cdb98a5dd4a820bea12d66d9b623bbc3fcfbc3fb0d4c73b05d8c95b1574
SHA512 2486abff9e826dabf39bee63ce31de90c3f5bf13b675d7d378fcba6ab78a714908005c43884673ea601b182327b8afa748d9368f6b3f6b564612492f62c40d79

memory/1616-44-0x0000000001DE0000-0x0000000002131000-memory.dmp

C:\Windows\system\BQrGVvx.exe

MD5 08e4726fa1469643c9d4921686300c09
SHA1 16c909aa8d3379e290544d4d827f6ba2f987b1f0
SHA256 d4162fcb03d1b27dbac50356f469594d78f9ad3fc9360ece5e63e9c317d9f77a
SHA512 3e2589e1379a7a42ce0585011418650aa6002eedd302996ec576ec32e87ddae6d2d216f59484f8fa4dda2a2539fed172fc7ea1cf5322a335887cee20d59f2099

C:\Windows\system\WfBGbNB.exe

MD5 173e5ce3d1585176bf67b69c3b8b7218
SHA1 3b87813ed604b8fa7cd10cd70e35e0318e2473fc
SHA256 43f04b28ae6898ca5836ebcab91a1f685a050cf61d3517e4eb8bd08146b78588
SHA512 a12466bd545d1904c261d65051e9ba8d733e8d1914f13d8664b1bcd08bbd55532dfc1e4312b89a87c72e1d3ca679fa09e81ed60fd8b01ff87db3b360ac4dd0f1

memory/2748-48-0x000000013F970000-0x000000013FCC1000-memory.dmp

memory/2072-64-0x000000013FBD0000-0x000000013FF21000-memory.dmp

memory/2524-63-0x000000013FFF0000-0x0000000140341000-memory.dmp

memory/2752-62-0x000000013FAC0000-0x000000013FE11000-memory.dmp

C:\Windows\system\UjEdhWr.exe

MD5 7a6431dd1910246bc1bd525fcf36df6c
SHA1 44cc8adb85ba7332004babd004ca79490032a001
SHA256 c3aec4222e14d9993d55c54e379153a7042f595ed9907309ab0bd2a1be270352
SHA512 d0d10adbb1dd5eba68ee32f45ad36873431b38959088353adb5037a58f156989c36c682ddc722aa854efc0355cfc715d28d9fb479b5aa77f356894975d072c88

memory/1616-69-0x0000000001DE0000-0x0000000002131000-memory.dmp

memory/1720-70-0x000000013F510000-0x000000013F861000-memory.dmp

memory/1616-61-0x0000000001DE0000-0x0000000002131000-memory.dmp

memory/1616-60-0x0000000001DE0000-0x0000000002131000-memory.dmp

memory/2572-59-0x000000013F760000-0x000000013FAB1000-memory.dmp

memory/1616-58-0x000000013FBD0000-0x000000013FF21000-memory.dmp

memory/1616-56-0x000000013FFF0000-0x0000000140341000-memory.dmp

memory/2616-55-0x000000013F900000-0x000000013FC51000-memory.dmp

memory/1616-53-0x0000000001DE0000-0x0000000002131000-memory.dmp

C:\Windows\system\FfsqcMn.exe

MD5 10fd83d05156957d23f5c93b46539143
SHA1 b2e4803fd0ff028e61a96665d32be155d16464e2
SHA256 e2121578df9c25ce12cbacc7a0623156f0d98fbdd61f670de1b8fa92f8a5c368
SHA512 1fa2ce2c74949c4ff12a9613842a2963a103927306616cc907b9d78e52e3d4e62ec01d8e1d98d168088cf7087153d44b7fe5be70c4ebc75ec07a5972663c0028

C:\Windows\system\gwdPrJA.exe

MD5 a22ddaaf2934e69fa2fa861a9305039d
SHA1 d11717add8134342dd3ec3d82480c4534f0aa1f4
SHA256 1d8df02025b116daf551c4431bb49ad0b9f9c7dcc1bfb93b13f0ac3abc686141
SHA512 a3b01fbdbf3449a926bb58d7387464510f78a54ac6944fa4a8cebb10d81f930ea25e54a54746d723879a9bcf32b03aaaee7cdcb72428378d674c4f0e40e261e8

\Windows\system\afQoFMV.exe

MD5 fc3b76abcec7ec6b19f7051dab7d9a00
SHA1 7530868a51b8b97d4e6c73d99305fd1c88c32445
SHA256 aee20e70b27e05c5e7611f9fbb825bbde09aabd2da9dfde971940402bb7100a6
SHA512 3cddc2e53f6ab2a48eb18818e1c224452828a3b696bc449ee48930fd3bd23a36a790b63b07f9f56b886777880823f9a235746f1763670c4898f5ba100e665ffc

\Windows\system\rElhnri.exe

MD5 ff63e8f672bfb3ee3bc0c8cc19328c27
SHA1 109a63ff16b1e26d47be1de8f23abfca3addeab5
SHA256 bb08b46529fe44c9eea7826b1e68137ef8036d4d1e357398ed7ccfc7b498861b
SHA512 aa415ad9c55a933da2dd928b38a357cd4bb79e9cae3b4c3b8d8890cb310b1df1a36cfe16146b5e9f4dc6d16e703b075f03e4890e752cacd4cedcbc707b966602

\Windows\system\PQSmHTd.exe

MD5 ba06a4f7ae5de7f3871ddccae17dbbf3
SHA1 0012a96ea2c6563b59c5428f180d2c98a27ad18c
SHA256 70eab64a77bb1233baa5df23227c281f837d99542ab315f0277fc7b5fc7d6878
SHA512 e15aa6c2bfa4deab2e968991de816ae19370867f9a987fc71d9028866ea954f7132a1f76622819cae1672ee7d5aff576c6b9d0c2536d9a4c2599dee900fada00

\Windows\system\NAecZLP.exe

MD5 35db75eb340e57a28d131df03023e2df
SHA1 6c52235bd91ff9deb5c12eb71c425e715fefb57b
SHA256 d88cc5a08257b4cde61bac0ac5705a89a5d6169f54b79328f870f9d0b240d4fd
SHA512 634da074f9838d1c68f3decf291a3708ffa408647be28f0b24b71446ae8c79e32458f7f6d7fe5af5241d19bf50ba3a43fa43dc74e25ca0848728ec376d722a69

memory/1216-95-0x000000013FB60000-0x000000013FEB1000-memory.dmp

\Windows\system\QkYOKoX.exe

MD5 77b0f2b7c3bd96f5fc46b253ad8738e8
SHA1 e5b293f9290af6dfa901c84226bb69987a627a3d
SHA256 d4bc2a157246a9785af1e5422ff0974ed6b157c12d17e7fdb0f5f2255e393ce4
SHA512 10665c809148bb52dfdab27f2e96b6251cbe1ff29429fd71daa3bbd5322ececa70d33514aca8d9e84c695813c352efb0610223f0498a9230930b3e4d444563bf

\Windows\system\EQBIXfy.exe

MD5 24f7b365944393263ff64b19af493efa
SHA1 8b806986b315b5f5be648ffc956ab28439aa6b30
SHA256 e80d8cfa615f201d1278b6941e905feb26be8fb2bcdff14a1ba70e9c278e8fb6
SHA512 048f95aa39942bbb1cbe2bf57413ff757cdb3430b53a20090a6160644ac1a7918b344dfa4b8f81f9732f83caab9339a540c9aee7260acb4166e268774e6f015b

\Windows\system\KdRGcTh.exe

MD5 c0345e017091cda0779a8ecff4b2d598
SHA1 0da990336067ab7c8b5ba8a86f501d3d66a632f8
SHA256 9287a5811ab19f58167ee09e3e64b467060c6990dc63b48b77822d0a76dbf5b3
SHA512 8e5c2be19cf4a100a2817cd30d6a91857ab2f90963053100e8f0876488d8d93457b191cf1719845a4a0121ef269dcf22c8e9087dd60d6733bb896903e72face4

memory/1616-124-0x0000000001DE0000-0x0000000002131000-memory.dmp

memory/1616-122-0x000000013FB60000-0x000000013FEB1000-memory.dmp

memory/1616-120-0x0000000001DE0000-0x0000000002131000-memory.dmp

memory/1616-119-0x000000013F3B0000-0x000000013F701000-memory.dmp

memory/1224-118-0x000000013F510000-0x000000013F861000-memory.dmp

memory/1616-116-0x0000000001DE0000-0x0000000002131000-memory.dmp

memory/1616-111-0x0000000001DE0000-0x0000000002131000-memory.dmp

C:\Windows\system\wztEsZT.exe

MD5 4f53cf9c0c0e2fa6eb2491565b7a9847
SHA1 516d7137e3048f213b17ffad88f67ceae6b707d2
SHA256 9b644230c0f39475c6ad81d1557be74358559c3301ac05df8323c4cd95f41d6e
SHA512 24ef22f72450a688d2832a80be0f325833244454238def62fcf319dedf05a9d5f9ee91e8ec6ac414cf23ed8b518858e199288adef0445c1a7f0344680b4196f4

C:\Windows\system\wtNiJaD.exe

MD5 2fa6c06296c8428abf21da47d43b5cd2
SHA1 c0541301f3da88b8a4fe7144f207ab8fdae0451d
SHA256 eb800b75eacd8400f97a23a0aafb203d754b4c374e09054c5d751e73fe3e1db4
SHA512 85193bb2cde40adc7a23841b33819503cc9dacb766e6881bff8c9caa1f77a4379e2333f673ff217026b4ec8f31d7a82ae57ed72254bac19ace0bd30b489e5422

C:\Windows\system\lhcwXqr.exe

MD5 0788ee467b2457b104fe32036212dc58
SHA1 4cbc9010b8474ae6e7c74f4dafd464fdc1c418fb
SHA256 58a72db51afc553700cbad4af3805f6b5787b334344e9fbc5181a10337928ef5
SHA512 0512ad5074efe9ce115a4c5ad3d9564f8c96e89db4f2c9a1ef0cc12ce02cd38be01eeacffffe756fbc66d8f5592ada7c9bafc2c5d27b49e72eabf757725d33d5

C:\Windows\system\tGAajhy.exe

MD5 4f8cb9959d78267620b886b69731e37d
SHA1 de510ba138929684f9009a75d0359cbaa226d511
SHA256 57ab8a0431af3ccf4f57ba49c3fae3b9801febd67193155b3fee87c1b5361d33
SHA512 987cf5ae0c5e14b18613aed9df2322172dbdc9acd36d2d5f893a76e0257b96724c2ef213085bdec5e99f2a1c872fee7a964494417ba9056530757e1e62499895

C:\Windows\system\GwJPBGk.exe

MD5 b2da02549920dd821a35e1b5d1ccdcfd
SHA1 73fdd455b0f2e5d63f1f481dc83c548624a6bb86
SHA256 00a4e59e9ec5af80bcb5933eb4b5ddb6040d9ec610f835a1c235a5c72cef899d
SHA512 4dab4f96b55882c0bc070389f559f8b90e6cb29152ca35db43e6e304881ba5c7dffbd10ca815911adcf83f7c5399f12d1c83513b2b1f000ca22afb7b07c2d5d1

C:\Windows\system\qAWHoZK.exe

MD5 9c878f942b0ca82129b777a7e10bee1d
SHA1 faf103a23c09bf85ad95e014040e6ce8d462ce7a
SHA256 350931ece70a5b476ef5095dafb47e58403be68413e81d9d38bc29a8d99be0bb
SHA512 f0efd5cad1327122a483d813d06a304337f494c2700aadf7962f7418d2575df5b612af044b29114f98a563b404b38235b5332afca976013e2e0af9e3c97546a3

C:\Windows\system\vGDEywR.exe

MD5 ea620b1c3d5502b63305a1a43a1df279
SHA1 5d75ca53cf43b0606a2fc86cc614489baf2a1a2d
SHA256 246a7089306ca94d73e30ab4a1630f97d2d4f2313c7d5433864287ac21795246
SHA512 bfe8ab8ec56ce9886a6ed99ed8a1cb75c9c896ffbd26db24ce34e37681ce331535659d78764f2864d34415c605323f19f849c169ab455f57b7e4ca273c93ee0d

C:\Windows\system\ioLZzJn.exe

MD5 e99636d6431bcf77c810b611bba8e135
SHA1 7ec2946451d1aeb6b2819682a7125b80b0633f3b
SHA256 91cbbd345b08e3f8234849c4a59ee63497a2d4675d49c2533f92d0535bbac39e
SHA512 ad0e693e168a9526dbfaa06bc8b11141593bf9c696ccf31cff1a76705cb58a3de0e6781a328baa2856600632d79fe36e70fd8327edb7425337dacc1696366307

C:\Windows\system\KMmOlVo.exe

MD5 86811e9c32efc65db3bcf7e8deb40464
SHA1 43f66188d3fb3dad6af48797bf07253fb92c2dac
SHA256 f74164f21f5874d67ccdc360a5a948849d195ff78d7bd199578c31de22880b3a
SHA512 efc6766fe101a9cbc7d71b35f8dc083d304f2797a73dbc5eed61a28a7c68857411bb2afc41d354befe6248260d299b1d1b562be4b84dc6226fb43205db54d006

memory/1616-274-0x000000013F7B0000-0x000000013FB01000-memory.dmp

C:\Windows\system\zsfJGNl.exe

MD5 e8b970cc7ecf2eb807141812843087a9
SHA1 607be0bbc52197f881ce0fa2feb8c325e617c960
SHA256 e66a7ca9e80132d957bf3a57c687b893f8a4f24fd8874854925085eba6272af0
SHA512 8be5f2bb1ff196125da817cc22b15170ae0314e5eb8e613a622ab541644e975cd695c58bf4ac88cd9a44930f8eb8f5cd13c2a27849bdbb8a7cf06bd2258aec8f

C:\Windows\system\kOptFsL.exe

MD5 88ceada0130f5f5c389f6aa165dc2b0d
SHA1 89e1a6c94bbaa1022786b8d75e3f235b612c94f8
SHA256 8ff4944329f7a0389edde515a15fdd59e9eb1b11e5e7f534db58b7a60840e8b6
SHA512 6ff61edc887415765302779a7329d4bd913399558c2ef4c372231c45a169d035d2b8e77d1314c0feac2ea635c6d46a96aaa186d22047bf5856fd56d31afd7c33

C:\Windows\system\dbTxnZL.exe

MD5 025f14b90a8ba945d7fc86e8e60eab72
SHA1 e2fe6a7fdaa885a3e97657a961775c8807cca810
SHA256 c9d861abd5469c560dbc18734ef47bee6410e0e1037a90b23923aa88fcf16091
SHA512 3864256ae79037ec870c78aa249d261e54fa16f9632bc0e9e4acfd0518ebc52971aa835588d97cc7166cec2b0384be0c2480e0870f99af5bed911857b4198c93

C:\Windows\system\JDasrwG.exe

MD5 ba6b8e2003dcb166a952f73da1d00f0c
SHA1 39c6e9bc9bdecc524663fd4cfaaa0b0c5c8fc65b
SHA256 e000870162ab4699bc2509674f8f565f8c736ece5c84df5a832aa719d6e9c2d2
SHA512 3bf57b7469114ddf2cc05132b1f22e3a01f1f7ca1d3a11056877eb78557abea07c3d6c96c78345960bf130ba462a8a5a82c76ff4ee903e09a5303dbc80e4f1b0

C:\Windows\system\kedFFeH.exe

MD5 46cb31142508d906da6f021fddac3163
SHA1 11d192cfe84e3087613207a6b55996e5b71b7852
SHA256 f340c438a72a3e168041ae3fbdac4b91a76e325e272181c023f4c0d297ee58aa
SHA512 519070d39ceef96e6896bf508a63d1ba42f8255b4834f433610714afc9bbb2e844b658f674bf9577986a93cbff839ee0839c616e80a2e87d67283ea3755ec70d

C:\Windows\system\FNpQtDG.exe

MD5 3ef7e4814948b3750ac8acf4958e470e
SHA1 7b81f5789251f80050db595ff3d90fcd6c0564be
SHA256 ffa8c860d91ddb992bffa388571b1f594943dfa600688228a08e0dbb5bf5c744
SHA512 5f71ad3f6169fe218e0aa99953bb0fd47b7e953446ad5702ff05d0e20bcf7aa7c78aa8f63e2fa9413e58d4b13149aab7492ec4c41882b12f78cf26fef0ac6085

memory/2888-1037-0x000000013F330000-0x000000013F681000-memory.dmp

memory/1616-1271-0x000000013F210000-0x000000013F561000-memory.dmp

memory/2828-1648-0x000000013FCB0000-0x0000000140001000-memory.dmp

memory/1616-1649-0x0000000001DE0000-0x0000000002131000-memory.dmp

memory/2888-4206-0x000000013F330000-0x000000013F681000-memory.dmp

memory/1720-4211-0x000000013F510000-0x000000013F861000-memory.dmp

memory/2748-4208-0x000000013F970000-0x000000013FCC1000-memory.dmp

memory/2752-4210-0x000000013FAC0000-0x000000013FE11000-memory.dmp

memory/2576-4209-0x000000013F210000-0x000000013F561000-memory.dmp

memory/2572-4212-0x000000013F760000-0x000000013FAB1000-memory.dmp

memory/2828-4216-0x000000013FCB0000-0x0000000140001000-memory.dmp

memory/2072-4215-0x000000013FBD0000-0x000000013FF21000-memory.dmp

memory/2524-4220-0x000000013FFF0000-0x0000000140341000-memory.dmp

memory/2616-4218-0x000000013F900000-0x000000013FC51000-memory.dmp

memory/1216-4228-0x000000013FB60000-0x000000013FEB1000-memory.dmp

memory/1224-4235-0x000000013F510000-0x000000013F861000-memory.dmp

memory/1616-5064-0x0000000001DE0000-0x0000000002131000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 18:09

Reported

2024-05-27 18:12

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dlrYLKP.exe N/A
N/A N/A C:\Windows\System\KVnTHCc.exe N/A
N/A N/A C:\Windows\System\KRKfLWY.exe N/A
N/A N/A C:\Windows\System\xorkgWj.exe N/A
N/A N/A C:\Windows\System\JuJFYXv.exe N/A
N/A N/A C:\Windows\System\ufDrfzM.exe N/A
N/A N/A C:\Windows\System\lnqPVkg.exe N/A
N/A N/A C:\Windows\System\KBlTcqh.exe N/A
N/A N/A C:\Windows\System\NdEKTzN.exe N/A
N/A N/A C:\Windows\System\czNvOJI.exe N/A
N/A N/A C:\Windows\System\LnYakjk.exe N/A
N/A N/A C:\Windows\System\FmCAtMy.exe N/A
N/A N/A C:\Windows\System\daoVbAB.exe N/A
N/A N/A C:\Windows\System\dFBSKei.exe N/A
N/A N/A C:\Windows\System\uTexmHm.exe N/A
N/A N/A C:\Windows\System\Vpswtly.exe N/A
N/A N/A C:\Windows\System\PqFTDzR.exe N/A
N/A N/A C:\Windows\System\QbdnaFE.exe N/A
N/A N/A C:\Windows\System\AwYcecP.exe N/A
N/A N/A C:\Windows\System\LgQxcdo.exe N/A
N/A N/A C:\Windows\System\DBNnIRl.exe N/A
N/A N/A C:\Windows\System\ONkpKkm.exe N/A
N/A N/A C:\Windows\System\ApbcoUc.exe N/A
N/A N/A C:\Windows\System\QSeIVHy.exe N/A
N/A N/A C:\Windows\System\OTFgqLA.exe N/A
N/A N/A C:\Windows\System\tPDRKpD.exe N/A
N/A N/A C:\Windows\System\kSHZFHY.exe N/A
N/A N/A C:\Windows\System\lUwyvEI.exe N/A
N/A N/A C:\Windows\System\kXoGscf.exe N/A
N/A N/A C:\Windows\System\NWZSzTp.exe N/A
N/A N/A C:\Windows\System\nnIkoLR.exe N/A
N/A N/A C:\Windows\System\lbqToDc.exe N/A
N/A N/A C:\Windows\System\wRwMdWp.exe N/A
N/A N/A C:\Windows\System\bXxpKMp.exe N/A
N/A N/A C:\Windows\System\XfauMBf.exe N/A
N/A N/A C:\Windows\System\JZYnMlf.exe N/A
N/A N/A C:\Windows\System\LrVnLXV.exe N/A
N/A N/A C:\Windows\System\jUAXOPN.exe N/A
N/A N/A C:\Windows\System\sRxuTCy.exe N/A
N/A N/A C:\Windows\System\bmlSelM.exe N/A
N/A N/A C:\Windows\System\lXlRwIz.exe N/A
N/A N/A C:\Windows\System\ItaPrDN.exe N/A
N/A N/A C:\Windows\System\bSqqfvJ.exe N/A
N/A N/A C:\Windows\System\xXVOPcD.exe N/A
N/A N/A C:\Windows\System\CXKmVkf.exe N/A
N/A N/A C:\Windows\System\nYMllOM.exe N/A
N/A N/A C:\Windows\System\vOEttsy.exe N/A
N/A N/A C:\Windows\System\WoSsSaM.exe N/A
N/A N/A C:\Windows\System\tLensAJ.exe N/A
N/A N/A C:\Windows\System\ohNSEvM.exe N/A
N/A N/A C:\Windows\System\xznarpr.exe N/A
N/A N/A C:\Windows\System\NwJmjWH.exe N/A
N/A N/A C:\Windows\System\lWVPbth.exe N/A
N/A N/A C:\Windows\System\pnRmEJS.exe N/A
N/A N/A C:\Windows\System\UNcYPPv.exe N/A
N/A N/A C:\Windows\System\vrUxlmJ.exe N/A
N/A N/A C:\Windows\System\wFTqvPI.exe N/A
N/A N/A C:\Windows\System\QMrxPNA.exe N/A
N/A N/A C:\Windows\System\bofhXJC.exe N/A
N/A N/A C:\Windows\System\IdrjYnQ.exe N/A
N/A N/A C:\Windows\System\EortkPt.exe N/A
N/A N/A C:\Windows\System\YyCOboY.exe N/A
N/A N/A C:\Windows\System\KXFIFkO.exe N/A
N/A N/A C:\Windows\System\yVzFVrQ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\MrGxelX.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dZbdaPF.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DHknpvM.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmzbySo.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RhojUrP.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NYDLvTN.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWfcIAy.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\wgzkcLF.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fGYiVFO.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXztqoa.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJIrqNd.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mxYfklN.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgQoGcb.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LrVnLXV.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NnOlLwq.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RLuktZx.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\vMXfAcZ.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZYnMlf.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccGCgIt.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCJdZlL.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrLYCHJ.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kLjQZPj.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYmxUQs.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TyKGRZe.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGBhSkP.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\sLLeEST.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmdxYvF.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tbGNsdD.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmjweYh.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrEUvPs.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dyjihlS.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\eIuajxe.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhzLECN.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\FWFCEcZ.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\leAmmkV.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAerdYk.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\acydcLr.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmbrGvq.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KVnTHCc.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUwyvEI.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfauMBf.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ITPGUWG.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\rldRCKV.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ApbcoUc.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QTkPona.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RaLSIKe.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\sNxazzW.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYMllOM.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdlSPHt.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DLnlppg.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MRFyNyd.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AiGqRWC.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zmQiSlE.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\vkIgcLN.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WgKqiYr.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PNCrGrC.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OvBniIp.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\cuKTGzw.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbCDYrO.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxmDZjs.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IfXxdwT.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KMGGjTO.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HhbnMVm.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fmpFMhA.exe C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4768 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\dlrYLKP.exe
PID 4768 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\dlrYLKP.exe
PID 4768 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KVnTHCc.exe
PID 4768 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KVnTHCc.exe
PID 4768 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KRKfLWY.exe
PID 4768 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KRKfLWY.exe
PID 4768 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\xorkgWj.exe
PID 4768 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\xorkgWj.exe
PID 4768 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\JuJFYXv.exe
PID 4768 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\JuJFYXv.exe
PID 4768 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\ufDrfzM.exe
PID 4768 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\ufDrfzM.exe
PID 4768 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lnqPVkg.exe
PID 4768 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lnqPVkg.exe
PID 4768 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KBlTcqh.exe
PID 4768 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\KBlTcqh.exe
PID 4768 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\NdEKTzN.exe
PID 4768 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\NdEKTzN.exe
PID 4768 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\czNvOJI.exe
PID 4768 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\czNvOJI.exe
PID 4768 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\LnYakjk.exe
PID 4768 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\LnYakjk.exe
PID 4768 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\FmCAtMy.exe
PID 4768 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\FmCAtMy.exe
PID 4768 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\daoVbAB.exe
PID 4768 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\daoVbAB.exe
PID 4768 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\dFBSKei.exe
PID 4768 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\dFBSKei.exe
PID 4768 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\uTexmHm.exe
PID 4768 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\uTexmHm.exe
PID 4768 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\Vpswtly.exe
PID 4768 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\Vpswtly.exe
PID 4768 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\PqFTDzR.exe
PID 4768 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\PqFTDzR.exe
PID 4768 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\QbdnaFE.exe
PID 4768 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\QbdnaFE.exe
PID 4768 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\AwYcecP.exe
PID 4768 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\AwYcecP.exe
PID 4768 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\LgQxcdo.exe
PID 4768 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\LgQxcdo.exe
PID 4768 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\DBNnIRl.exe
PID 4768 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\DBNnIRl.exe
PID 4768 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\ONkpKkm.exe
PID 4768 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\ONkpKkm.exe
PID 4768 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\ApbcoUc.exe
PID 4768 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\ApbcoUc.exe
PID 4768 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\QSeIVHy.exe
PID 4768 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\QSeIVHy.exe
PID 4768 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\OTFgqLA.exe
PID 4768 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\OTFgqLA.exe
PID 4768 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\tPDRKpD.exe
PID 4768 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\tPDRKpD.exe
PID 4768 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\kSHZFHY.exe
PID 4768 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\kSHZFHY.exe
PID 4768 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lUwyvEI.exe
PID 4768 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lUwyvEI.exe
PID 4768 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\kXoGscf.exe
PID 4768 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\kXoGscf.exe
PID 4768 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\NWZSzTp.exe
PID 4768 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\NWZSzTp.exe
PID 4768 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\nnIkoLR.exe
PID 4768 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\nnIkoLR.exe
PID 4768 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lbqToDc.exe
PID 4768 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe C:\Windows\System\lbqToDc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\089fd044283e14070fdce47f97e48f10_NeikiAnalytics.exe"

C:\Windows\System\dlrYLKP.exe

C:\Windows\System\dlrYLKP.exe

C:\Windows\System\KVnTHCc.exe

C:\Windows\System\KVnTHCc.exe

C:\Windows\System\KRKfLWY.exe

C:\Windows\System\KRKfLWY.exe

C:\Windows\System\xorkgWj.exe

C:\Windows\System\xorkgWj.exe

C:\Windows\System\JuJFYXv.exe

C:\Windows\System\JuJFYXv.exe

C:\Windows\System\ufDrfzM.exe

C:\Windows\System\ufDrfzM.exe

C:\Windows\System\lnqPVkg.exe

C:\Windows\System\lnqPVkg.exe

C:\Windows\System\KBlTcqh.exe

C:\Windows\System\KBlTcqh.exe

C:\Windows\System\NdEKTzN.exe

C:\Windows\System\NdEKTzN.exe

C:\Windows\System\czNvOJI.exe

C:\Windows\System\czNvOJI.exe

C:\Windows\System\LnYakjk.exe

C:\Windows\System\LnYakjk.exe

C:\Windows\System\FmCAtMy.exe

C:\Windows\System\FmCAtMy.exe

C:\Windows\System\daoVbAB.exe

C:\Windows\System\daoVbAB.exe

C:\Windows\System\dFBSKei.exe

C:\Windows\System\dFBSKei.exe

C:\Windows\System\uTexmHm.exe

C:\Windows\System\uTexmHm.exe

C:\Windows\System\Vpswtly.exe

C:\Windows\System\Vpswtly.exe

C:\Windows\System\PqFTDzR.exe

C:\Windows\System\PqFTDzR.exe

C:\Windows\System\QbdnaFE.exe

C:\Windows\System\QbdnaFE.exe

C:\Windows\System\AwYcecP.exe

C:\Windows\System\AwYcecP.exe

C:\Windows\System\LgQxcdo.exe

C:\Windows\System\LgQxcdo.exe

C:\Windows\System\DBNnIRl.exe

C:\Windows\System\DBNnIRl.exe

C:\Windows\System\ONkpKkm.exe

C:\Windows\System\ONkpKkm.exe

C:\Windows\System\ApbcoUc.exe

C:\Windows\System\ApbcoUc.exe

C:\Windows\System\QSeIVHy.exe

C:\Windows\System\QSeIVHy.exe

C:\Windows\System\OTFgqLA.exe

C:\Windows\System\OTFgqLA.exe

C:\Windows\System\tPDRKpD.exe

C:\Windows\System\tPDRKpD.exe

C:\Windows\System\kSHZFHY.exe

C:\Windows\System\kSHZFHY.exe

C:\Windows\System\lUwyvEI.exe

C:\Windows\System\lUwyvEI.exe

C:\Windows\System\kXoGscf.exe

C:\Windows\System\kXoGscf.exe

C:\Windows\System\NWZSzTp.exe

C:\Windows\System\NWZSzTp.exe

C:\Windows\System\nnIkoLR.exe

C:\Windows\System\nnIkoLR.exe

C:\Windows\System\lbqToDc.exe

C:\Windows\System\lbqToDc.exe

C:\Windows\System\wRwMdWp.exe

C:\Windows\System\wRwMdWp.exe

C:\Windows\System\bXxpKMp.exe

C:\Windows\System\bXxpKMp.exe

C:\Windows\System\XfauMBf.exe

C:\Windows\System\XfauMBf.exe

C:\Windows\System\JZYnMlf.exe

C:\Windows\System\JZYnMlf.exe

C:\Windows\System\LrVnLXV.exe

C:\Windows\System\LrVnLXV.exe

C:\Windows\System\jUAXOPN.exe

C:\Windows\System\jUAXOPN.exe

C:\Windows\System\sRxuTCy.exe

C:\Windows\System\sRxuTCy.exe

C:\Windows\System\bmlSelM.exe

C:\Windows\System\bmlSelM.exe

C:\Windows\System\lXlRwIz.exe

C:\Windows\System\lXlRwIz.exe

C:\Windows\System\ItaPrDN.exe

C:\Windows\System\ItaPrDN.exe

C:\Windows\System\bSqqfvJ.exe

C:\Windows\System\bSqqfvJ.exe

C:\Windows\System\xXVOPcD.exe

C:\Windows\System\xXVOPcD.exe

C:\Windows\System\CXKmVkf.exe

C:\Windows\System\CXKmVkf.exe

C:\Windows\System\nYMllOM.exe

C:\Windows\System\nYMllOM.exe

C:\Windows\System\vOEttsy.exe

C:\Windows\System\vOEttsy.exe

C:\Windows\System\WoSsSaM.exe

C:\Windows\System\WoSsSaM.exe

C:\Windows\System\tLensAJ.exe

C:\Windows\System\tLensAJ.exe

C:\Windows\System\ohNSEvM.exe

C:\Windows\System\ohNSEvM.exe

C:\Windows\System\xznarpr.exe

C:\Windows\System\xznarpr.exe

C:\Windows\System\NwJmjWH.exe

C:\Windows\System\NwJmjWH.exe

C:\Windows\System\lWVPbth.exe

C:\Windows\System\lWVPbth.exe

C:\Windows\System\pnRmEJS.exe

C:\Windows\System\pnRmEJS.exe

C:\Windows\System\UNcYPPv.exe

C:\Windows\System\UNcYPPv.exe

C:\Windows\System\vrUxlmJ.exe

C:\Windows\System\vrUxlmJ.exe

C:\Windows\System\wFTqvPI.exe

C:\Windows\System\wFTqvPI.exe

C:\Windows\System\QMrxPNA.exe

C:\Windows\System\QMrxPNA.exe

C:\Windows\System\bofhXJC.exe

C:\Windows\System\bofhXJC.exe

C:\Windows\System\IdrjYnQ.exe

C:\Windows\System\IdrjYnQ.exe

C:\Windows\System\EortkPt.exe

C:\Windows\System\EortkPt.exe

C:\Windows\System\YyCOboY.exe

C:\Windows\System\YyCOboY.exe

C:\Windows\System\KXFIFkO.exe

C:\Windows\System\KXFIFkO.exe

C:\Windows\System\yVzFVrQ.exe

C:\Windows\System\yVzFVrQ.exe

C:\Windows\System\kASNKxF.exe

C:\Windows\System\kASNKxF.exe

C:\Windows\System\zWQgjjG.exe

C:\Windows\System\zWQgjjG.exe

C:\Windows\System\zbcmHmn.exe

C:\Windows\System\zbcmHmn.exe

C:\Windows\System\iSFxaes.exe

C:\Windows\System\iSFxaes.exe

C:\Windows\System\ONVVvHZ.exe

C:\Windows\System\ONVVvHZ.exe

C:\Windows\System\UwyarKU.exe

C:\Windows\System\UwyarKU.exe

C:\Windows\System\DmsZXWR.exe

C:\Windows\System\DmsZXWR.exe

C:\Windows\System\QTkPona.exe

C:\Windows\System\QTkPona.exe

C:\Windows\System\uSsvwEq.exe

C:\Windows\System\uSsvwEq.exe

C:\Windows\System\jeVFYfI.exe

C:\Windows\System\jeVFYfI.exe

C:\Windows\System\ktjmgjG.exe

C:\Windows\System\ktjmgjG.exe

C:\Windows\System\BePcDds.exe

C:\Windows\System\BePcDds.exe

C:\Windows\System\BGVINUN.exe

C:\Windows\System\BGVINUN.exe

C:\Windows\System\wXIEUxA.exe

C:\Windows\System\wXIEUxA.exe

C:\Windows\System\oiUBYlx.exe

C:\Windows\System\oiUBYlx.exe

C:\Windows\System\ZhCmaog.exe

C:\Windows\System\ZhCmaog.exe

C:\Windows\System\ZNRjlRx.exe

C:\Windows\System\ZNRjlRx.exe

C:\Windows\System\HDNVFwB.exe

C:\Windows\System\HDNVFwB.exe

C:\Windows\System\qPyzsUj.exe

C:\Windows\System\qPyzsUj.exe

C:\Windows\System\zxyHLee.exe

C:\Windows\System\zxyHLee.exe

C:\Windows\System\eyqkJyI.exe

C:\Windows\System\eyqkJyI.exe

C:\Windows\System\DHknpvM.exe

C:\Windows\System\DHknpvM.exe

C:\Windows\System\OmzbySo.exe

C:\Windows\System\OmzbySo.exe

C:\Windows\System\RaLSIKe.exe

C:\Windows\System\RaLSIKe.exe

C:\Windows\System\zSgJQkA.exe

C:\Windows\System\zSgJQkA.exe

C:\Windows\System\cevRRVO.exe

C:\Windows\System\cevRRVO.exe

C:\Windows\System\YRdzxFC.exe

C:\Windows\System\YRdzxFC.exe

C:\Windows\System\dyjihlS.exe

C:\Windows\System\dyjihlS.exe

C:\Windows\System\TyKGRZe.exe

C:\Windows\System\TyKGRZe.exe

C:\Windows\System\nSPYkfD.exe

C:\Windows\System\nSPYkfD.exe

C:\Windows\System\XTDLZzy.exe

C:\Windows\System\XTDLZzy.exe

C:\Windows\System\zRNuczw.exe

C:\Windows\System\zRNuczw.exe

C:\Windows\System\WnAtYGh.exe

C:\Windows\System\WnAtYGh.exe

C:\Windows\System\kJNPWPW.exe

C:\Windows\System\kJNPWPW.exe

C:\Windows\System\MhKjpTF.exe

C:\Windows\System\MhKjpTF.exe

C:\Windows\System\gPvIzOq.exe

C:\Windows\System\gPvIzOq.exe

C:\Windows\System\iNZulfs.exe

C:\Windows\System\iNZulfs.exe

C:\Windows\System\gwsPWTI.exe

C:\Windows\System\gwsPWTI.exe

C:\Windows\System\bWKSbOs.exe

C:\Windows\System\bWKSbOs.exe

C:\Windows\System\dgxnKYs.exe

C:\Windows\System\dgxnKYs.exe

C:\Windows\System\XGtozXo.exe

C:\Windows\System\XGtozXo.exe

C:\Windows\System\hGjoMoO.exe

C:\Windows\System\hGjoMoO.exe

C:\Windows\System\GTxNOPQ.exe

C:\Windows\System\GTxNOPQ.exe

C:\Windows\System\Jpxgnza.exe

C:\Windows\System\Jpxgnza.exe

C:\Windows\System\qbxKcpy.exe

C:\Windows\System\qbxKcpy.exe

C:\Windows\System\ncapdwv.exe

C:\Windows\System\ncapdwv.exe

C:\Windows\System\sAHFTKj.exe

C:\Windows\System\sAHFTKj.exe

C:\Windows\System\fqwOeVY.exe

C:\Windows\System\fqwOeVY.exe

C:\Windows\System\BqHPSTc.exe

C:\Windows\System\BqHPSTc.exe

C:\Windows\System\bWPazrU.exe

C:\Windows\System\bWPazrU.exe

C:\Windows\System\TKXmhKC.exe

C:\Windows\System\TKXmhKC.exe

C:\Windows\System\tAgcDMD.exe

C:\Windows\System\tAgcDMD.exe

C:\Windows\System\PSumnpW.exe

C:\Windows\System\PSumnpW.exe

C:\Windows\System\oACoDIy.exe

C:\Windows\System\oACoDIy.exe

C:\Windows\System\ybcBPcX.exe

C:\Windows\System\ybcBPcX.exe

C:\Windows\System\YgTodDZ.exe

C:\Windows\System\YgTodDZ.exe

C:\Windows\System\VSVQyGt.exe

C:\Windows\System\VSVQyGt.exe

C:\Windows\System\ZWnswFN.exe

C:\Windows\System\ZWnswFN.exe

C:\Windows\System\NdlSPHt.exe

C:\Windows\System\NdlSPHt.exe

C:\Windows\System\UUGMUvh.exe

C:\Windows\System\UUGMUvh.exe

C:\Windows\System\ffkKCOT.exe

C:\Windows\System\ffkKCOT.exe

C:\Windows\System\vobeCXO.exe

C:\Windows\System\vobeCXO.exe

C:\Windows\System\BrKPLpG.exe

C:\Windows\System\BrKPLpG.exe

C:\Windows\System\NCWXwrC.exe

C:\Windows\System\NCWXwrC.exe

C:\Windows\System\duLCxRv.exe

C:\Windows\System\duLCxRv.exe

C:\Windows\System\XJOigXL.exe

C:\Windows\System\XJOigXL.exe

C:\Windows\System\TmCMVRc.exe

C:\Windows\System\TmCMVRc.exe

C:\Windows\System\ccGCgIt.exe

C:\Windows\System\ccGCgIt.exe

C:\Windows\System\cGufrzZ.exe

C:\Windows\System\cGufrzZ.exe

C:\Windows\System\gsjVDCo.exe

C:\Windows\System\gsjVDCo.exe

C:\Windows\System\noVIBcb.exe

C:\Windows\System\noVIBcb.exe

C:\Windows\System\iVGWhYW.exe

C:\Windows\System\iVGWhYW.exe

C:\Windows\System\RKrjlpV.exe

C:\Windows\System\RKrjlpV.exe

C:\Windows\System\OivAboG.exe

C:\Windows\System\OivAboG.exe

C:\Windows\System\UpbbSGn.exe

C:\Windows\System\UpbbSGn.exe

C:\Windows\System\aiXUpnr.exe

C:\Windows\System\aiXUpnr.exe

C:\Windows\System\FKSpwOw.exe

C:\Windows\System\FKSpwOw.exe

C:\Windows\System\BBSxkmU.exe

C:\Windows\System\BBSxkmU.exe

C:\Windows\System\nQIxenB.exe

C:\Windows\System\nQIxenB.exe

C:\Windows\System\ZGonZzC.exe

C:\Windows\System\ZGonZzC.exe

C:\Windows\System\UoILHhZ.exe

C:\Windows\System\UoILHhZ.exe

C:\Windows\System\PpgBCmE.exe

C:\Windows\System\PpgBCmE.exe

C:\Windows\System\krEMrrh.exe

C:\Windows\System\krEMrrh.exe

C:\Windows\System\CGeFqBb.exe

C:\Windows\System\CGeFqBb.exe

C:\Windows\System\apYqcyO.exe

C:\Windows\System\apYqcyO.exe

C:\Windows\System\pnHpMqX.exe

C:\Windows\System\pnHpMqX.exe

C:\Windows\System\ABrKXhJ.exe

C:\Windows\System\ABrKXhJ.exe

C:\Windows\System\pskzotd.exe

C:\Windows\System\pskzotd.exe

C:\Windows\System\ZcNVJtW.exe

C:\Windows\System\ZcNVJtW.exe

C:\Windows\System\eWQjttp.exe

C:\Windows\System\eWQjttp.exe

C:\Windows\System\RhojUrP.exe

C:\Windows\System\RhojUrP.exe

C:\Windows\System\qzuyKMo.exe

C:\Windows\System\qzuyKMo.exe

C:\Windows\System\ORuNodP.exe

C:\Windows\System\ORuNodP.exe

C:\Windows\System\EpvpBcx.exe

C:\Windows\System\EpvpBcx.exe

C:\Windows\System\JKdeGND.exe

C:\Windows\System\JKdeGND.exe

C:\Windows\System\tkgYhrb.exe

C:\Windows\System\tkgYhrb.exe

C:\Windows\System\KMGGjTO.exe

C:\Windows\System\KMGGjTO.exe

C:\Windows\System\wsgjYUq.exe

C:\Windows\System\wsgjYUq.exe

C:\Windows\System\BkvJEjx.exe

C:\Windows\System\BkvJEjx.exe

C:\Windows\System\FcatYgW.exe

C:\Windows\System\FcatYgW.exe

C:\Windows\System\Ogyzoiu.exe

C:\Windows\System\Ogyzoiu.exe

C:\Windows\System\SkPOuMa.exe

C:\Windows\System\SkPOuMa.exe

C:\Windows\System\vNWPnkq.exe

C:\Windows\System\vNWPnkq.exe

C:\Windows\System\POPvYKM.exe

C:\Windows\System\POPvYKM.exe

C:\Windows\System\mbveOrP.exe

C:\Windows\System\mbveOrP.exe

C:\Windows\System\xhNqmNK.exe

C:\Windows\System\xhNqmNK.exe

C:\Windows\System\MRJNqGX.exe

C:\Windows\System\MRJNqGX.exe

C:\Windows\System\LdYyjEZ.exe

C:\Windows\System\LdYyjEZ.exe

C:\Windows\System\qQEkMpk.exe

C:\Windows\System\qQEkMpk.exe

C:\Windows\System\RCowjLi.exe

C:\Windows\System\RCowjLi.exe

C:\Windows\System\WOYJdgd.exe

C:\Windows\System\WOYJdgd.exe

C:\Windows\System\VKCuYbq.exe

C:\Windows\System\VKCuYbq.exe

C:\Windows\System\zsDXcHa.exe

C:\Windows\System\zsDXcHa.exe

C:\Windows\System\KJRDxDH.exe

C:\Windows\System\KJRDxDH.exe

C:\Windows\System\cncsBKD.exe

C:\Windows\System\cncsBKD.exe

C:\Windows\System\iMmCZvH.exe

C:\Windows\System\iMmCZvH.exe

C:\Windows\System\IwNsIFZ.exe

C:\Windows\System\IwNsIFZ.exe

C:\Windows\System\BhLqhxj.exe

C:\Windows\System\BhLqhxj.exe

C:\Windows\System\FhvSXSF.exe

C:\Windows\System\FhvSXSF.exe

C:\Windows\System\VmOmGnW.exe

C:\Windows\System\VmOmGnW.exe

C:\Windows\System\dZJLoeH.exe

C:\Windows\System\dZJLoeH.exe

C:\Windows\System\xBgtbkp.exe

C:\Windows\System\xBgtbkp.exe

C:\Windows\System\nwMBMpD.exe

C:\Windows\System\nwMBMpD.exe

C:\Windows\System\yfkSAQI.exe

C:\Windows\System\yfkSAQI.exe

C:\Windows\System\WgKqiYr.exe

C:\Windows\System\WgKqiYr.exe

C:\Windows\System\kwfOpaE.exe

C:\Windows\System\kwfOpaE.exe

C:\Windows\System\qVdXjLe.exe

C:\Windows\System\qVdXjLe.exe

C:\Windows\System\ZEucEuy.exe

C:\Windows\System\ZEucEuy.exe

C:\Windows\System\kbCAjOa.exe

C:\Windows\System\kbCAjOa.exe

C:\Windows\System\vFMDKXC.exe

C:\Windows\System\vFMDKXC.exe

C:\Windows\System\syRwNXA.exe

C:\Windows\System\syRwNXA.exe

C:\Windows\System\ndaPuiE.exe

C:\Windows\System\ndaPuiE.exe

C:\Windows\System\tbzzlZj.exe

C:\Windows\System\tbzzlZj.exe

C:\Windows\System\qXztqoa.exe

C:\Windows\System\qXztqoa.exe

C:\Windows\System\IJIrqNd.exe

C:\Windows\System\IJIrqNd.exe

C:\Windows\System\ToyXDkR.exe

C:\Windows\System\ToyXDkR.exe

C:\Windows\System\ylIwukz.exe

C:\Windows\System\ylIwukz.exe

C:\Windows\System\EjdRsIA.exe

C:\Windows\System\EjdRsIA.exe

C:\Windows\System\saLjJlr.exe

C:\Windows\System\saLjJlr.exe

C:\Windows\System\dkxYSCT.exe

C:\Windows\System\dkxYSCT.exe

C:\Windows\System\JwcAZAC.exe

C:\Windows\System\JwcAZAC.exe

C:\Windows\System\TNfnlMQ.exe

C:\Windows\System\TNfnlMQ.exe

C:\Windows\System\cdbFcSF.exe

C:\Windows\System\cdbFcSF.exe

C:\Windows\System\YlbKCdi.exe

C:\Windows\System\YlbKCdi.exe

C:\Windows\System\RudEExj.exe

C:\Windows\System\RudEExj.exe

C:\Windows\System\NoBkUfe.exe

C:\Windows\System\NoBkUfe.exe

C:\Windows\System\ZEDfwpK.exe

C:\Windows\System\ZEDfwpK.exe

C:\Windows\System\KJhHBxa.exe

C:\Windows\System\KJhHBxa.exe

C:\Windows\System\JxvPkeG.exe

C:\Windows\System\JxvPkeG.exe

C:\Windows\System\NTZACDy.exe

C:\Windows\System\NTZACDy.exe

C:\Windows\System\FQlhhey.exe

C:\Windows\System\FQlhhey.exe

C:\Windows\System\mCypqma.exe

C:\Windows\System\mCypqma.exe

C:\Windows\System\lBFeFkE.exe

C:\Windows\System\lBFeFkE.exe

C:\Windows\System\wUZLuUl.exe

C:\Windows\System\wUZLuUl.exe

C:\Windows\System\gqbZbQy.exe

C:\Windows\System\gqbZbQy.exe

C:\Windows\System\QLXiAHu.exe

C:\Windows\System\QLXiAHu.exe

C:\Windows\System\ZOtWkVP.exe

C:\Windows\System\ZOtWkVP.exe

C:\Windows\System\JrrbRaU.exe

C:\Windows\System\JrrbRaU.exe

C:\Windows\System\ZgVlbgm.exe

C:\Windows\System\ZgVlbgm.exe

C:\Windows\System\mxYfklN.exe

C:\Windows\System\mxYfklN.exe

C:\Windows\System\PBjYBYf.exe

C:\Windows\System\PBjYBYf.exe

C:\Windows\System\sMBhLlk.exe

C:\Windows\System\sMBhLlk.exe

C:\Windows\System\RFMGMvV.exe

C:\Windows\System\RFMGMvV.exe

C:\Windows\System\PNCrGrC.exe

C:\Windows\System\PNCrGrC.exe

C:\Windows\System\QIUagIi.exe

C:\Windows\System\QIUagIi.exe

C:\Windows\System\XPcJJyq.exe

C:\Windows\System\XPcJJyq.exe

C:\Windows\System\xAdgaaI.exe

C:\Windows\System\xAdgaaI.exe

C:\Windows\System\geAdLsB.exe

C:\Windows\System\geAdLsB.exe

C:\Windows\System\AYzdxgu.exe

C:\Windows\System\AYzdxgu.exe

C:\Windows\System\VMrimdo.exe

C:\Windows\System\VMrimdo.exe

C:\Windows\System\hESAtsf.exe

C:\Windows\System\hESAtsf.exe

C:\Windows\System\jdCQmGN.exe

C:\Windows\System\jdCQmGN.exe

C:\Windows\System\WiMBZYN.exe

C:\Windows\System\WiMBZYN.exe

C:\Windows\System\IgQoGcb.exe

C:\Windows\System\IgQoGcb.exe

C:\Windows\System\OTIlfos.exe

C:\Windows\System\OTIlfos.exe

C:\Windows\System\ObVcnpg.exe

C:\Windows\System\ObVcnpg.exe

C:\Windows\System\vFGgpMq.exe

C:\Windows\System\vFGgpMq.exe

C:\Windows\System\xsUPUKk.exe

C:\Windows\System\xsUPUKk.exe

C:\Windows\System\hhFQXGz.exe

C:\Windows\System\hhFQXGz.exe

C:\Windows\System\tfrBQTU.exe

C:\Windows\System\tfrBQTU.exe

C:\Windows\System\YuDovcf.exe

C:\Windows\System\YuDovcf.exe

C:\Windows\System\UgmVDeR.exe

C:\Windows\System\UgmVDeR.exe

C:\Windows\System\LZkDCNy.exe

C:\Windows\System\LZkDCNy.exe

C:\Windows\System\JFmJZKX.exe

C:\Windows\System\JFmJZKX.exe

C:\Windows\System\lPhefbJ.exe

C:\Windows\System\lPhefbJ.exe

C:\Windows\System\JFmoHvD.exe

C:\Windows\System\JFmoHvD.exe

C:\Windows\System\FMQTWCc.exe

C:\Windows\System\FMQTWCc.exe

C:\Windows\System\txwRbWL.exe

C:\Windows\System\txwRbWL.exe

C:\Windows\System\YRcUfFn.exe

C:\Windows\System\YRcUfFn.exe

C:\Windows\System\HsWJfro.exe

C:\Windows\System\HsWJfro.exe

C:\Windows\System\ITPGUWG.exe

C:\Windows\System\ITPGUWG.exe

C:\Windows\System\LPaWikJ.exe

C:\Windows\System\LPaWikJ.exe

C:\Windows\System\YThRJhh.exe

C:\Windows\System\YThRJhh.exe

C:\Windows\System\qCraTxI.exe

C:\Windows\System\qCraTxI.exe

C:\Windows\System\MGBhSkP.exe

C:\Windows\System\MGBhSkP.exe

C:\Windows\System\IRAxvCS.exe

C:\Windows\System\IRAxvCS.exe

C:\Windows\System\hCBBxfN.exe

C:\Windows\System\hCBBxfN.exe

C:\Windows\System\dOOMpeT.exe

C:\Windows\System\dOOMpeT.exe

C:\Windows\System\aNVWnyU.exe

C:\Windows\System\aNVWnyU.exe

C:\Windows\System\klSKjSi.exe

C:\Windows\System\klSKjSi.exe

C:\Windows\System\ETgpyjL.exe

C:\Windows\System\ETgpyjL.exe

C:\Windows\System\hBPNXPU.exe

C:\Windows\System\hBPNXPU.exe

C:\Windows\System\wAkFCSd.exe

C:\Windows\System\wAkFCSd.exe

C:\Windows\System\OtnAfjn.exe

C:\Windows\System\OtnAfjn.exe

C:\Windows\System\giOikJq.exe

C:\Windows\System\giOikJq.exe

C:\Windows\System\rMexZnE.exe

C:\Windows\System\rMexZnE.exe

C:\Windows\System\TiIJhPq.exe

C:\Windows\System\TiIJhPq.exe

C:\Windows\System\GgmDUSo.exe

C:\Windows\System\GgmDUSo.exe

C:\Windows\System\sqVwRnk.exe

C:\Windows\System\sqVwRnk.exe

C:\Windows\System\kpegAQi.exe

C:\Windows\System\kpegAQi.exe

C:\Windows\System\RyPkyyZ.exe

C:\Windows\System\RyPkyyZ.exe

C:\Windows\System\DELCnix.exe

C:\Windows\System\DELCnix.exe

C:\Windows\System\rGqiGYJ.exe

C:\Windows\System\rGqiGYJ.exe

C:\Windows\System\aqxaIde.exe

C:\Windows\System\aqxaIde.exe

C:\Windows\System\vyFAWfh.exe

C:\Windows\System\vyFAWfh.exe

C:\Windows\System\emYGezB.exe

C:\Windows\System\emYGezB.exe

C:\Windows\System\ylEHtkm.exe

C:\Windows\System\ylEHtkm.exe

C:\Windows\System\GDrFxWd.exe

C:\Windows\System\GDrFxWd.exe

C:\Windows\System\koDKtdk.exe

C:\Windows\System\koDKtdk.exe

C:\Windows\System\AnDeFMC.exe

C:\Windows\System\AnDeFMC.exe

C:\Windows\System\vMiFOjG.exe

C:\Windows\System\vMiFOjG.exe

C:\Windows\System\dsVRdFA.exe

C:\Windows\System\dsVRdFA.exe

C:\Windows\System\mJcZjjp.exe

C:\Windows\System\mJcZjjp.exe

C:\Windows\System\OzlxpDB.exe

C:\Windows\System\OzlxpDB.exe

C:\Windows\System\GRzdnvt.exe

C:\Windows\System\GRzdnvt.exe

C:\Windows\System\TyuRtWF.exe

C:\Windows\System\TyuRtWF.exe

C:\Windows\System\IaiFaiT.exe

C:\Windows\System\IaiFaiT.exe

C:\Windows\System\vceczjo.exe

C:\Windows\System\vceczjo.exe

C:\Windows\System\fJPoLxB.exe

C:\Windows\System\fJPoLxB.exe

C:\Windows\System\sJQRsxW.exe

C:\Windows\System\sJQRsxW.exe

C:\Windows\System\seWOpek.exe

C:\Windows\System\seWOpek.exe

C:\Windows\System\ZzzaooS.exe

C:\Windows\System\ZzzaooS.exe

C:\Windows\System\nETEDyO.exe

C:\Windows\System\nETEDyO.exe

C:\Windows\System\pJWNsHp.exe

C:\Windows\System\pJWNsHp.exe

C:\Windows\System\vRfRpBn.exe

C:\Windows\System\vRfRpBn.exe

C:\Windows\System\doPWRNh.exe

C:\Windows\System\doPWRNh.exe

C:\Windows\System\ZJFfZvg.exe

C:\Windows\System\ZJFfZvg.exe

C:\Windows\System\xZWYAlM.exe

C:\Windows\System\xZWYAlM.exe

C:\Windows\System\sLLeEST.exe

C:\Windows\System\sLLeEST.exe

C:\Windows\System\ygZgIFs.exe

C:\Windows\System\ygZgIFs.exe

C:\Windows\System\AWjMZOG.exe

C:\Windows\System\AWjMZOG.exe

C:\Windows\System\btfkccI.exe

C:\Windows\System\btfkccI.exe

C:\Windows\System\WrMDewu.exe

C:\Windows\System\WrMDewu.exe

C:\Windows\System\VGmbaod.exe

C:\Windows\System\VGmbaod.exe

C:\Windows\System\JebBMSn.exe

C:\Windows\System\JebBMSn.exe

C:\Windows\System\ULPXNAT.exe

C:\Windows\System\ULPXNAT.exe

C:\Windows\System\yJwIFxd.exe

C:\Windows\System\yJwIFxd.exe

C:\Windows\System\Mlvrlke.exe

C:\Windows\System\Mlvrlke.exe

C:\Windows\System\IlzwJOs.exe

C:\Windows\System\IlzwJOs.exe

C:\Windows\System\MOMxFME.exe

C:\Windows\System\MOMxFME.exe

C:\Windows\System\yMpiHRn.exe

C:\Windows\System\yMpiHRn.exe

C:\Windows\System\ORTTdNa.exe

C:\Windows\System\ORTTdNa.exe

C:\Windows\System\yQfYFRp.exe

C:\Windows\System\yQfYFRp.exe

C:\Windows\System\DLnlppg.exe

C:\Windows\System\DLnlppg.exe

C:\Windows\System\UgnNATA.exe

C:\Windows\System\UgnNATA.exe

C:\Windows\System\OLPLtCj.exe

C:\Windows\System\OLPLtCj.exe

C:\Windows\System\ZuiLPsC.exe

C:\Windows\System\ZuiLPsC.exe

C:\Windows\System\uwyQhTg.exe

C:\Windows\System\uwyQhTg.exe

C:\Windows\System\ztlBQVM.exe

C:\Windows\System\ztlBQVM.exe

C:\Windows\System\jwAOwCi.exe

C:\Windows\System\jwAOwCi.exe

C:\Windows\System\leAmmkV.exe

C:\Windows\System\leAmmkV.exe

C:\Windows\System\pPzQMKa.exe

C:\Windows\System\pPzQMKa.exe

C:\Windows\System\fFOOEgc.exe

C:\Windows\System\fFOOEgc.exe

C:\Windows\System\lSbLtgF.exe

C:\Windows\System\lSbLtgF.exe

C:\Windows\System\kRPCCIr.exe

C:\Windows\System\kRPCCIr.exe

C:\Windows\System\HhbnMVm.exe

C:\Windows\System\HhbnMVm.exe

C:\Windows\System\jLuJpLu.exe

C:\Windows\System\jLuJpLu.exe

C:\Windows\System\UaKZIkv.exe

C:\Windows\System\UaKZIkv.exe

C:\Windows\System\fmpFMhA.exe

C:\Windows\System\fmpFMhA.exe

C:\Windows\System\xDADpLF.exe

C:\Windows\System\xDADpLF.exe

C:\Windows\System\vdcaCVT.exe

C:\Windows\System\vdcaCVT.exe

C:\Windows\System\RsiXMGG.exe

C:\Windows\System\RsiXMGG.exe

C:\Windows\System\syIlWyv.exe

C:\Windows\System\syIlWyv.exe

C:\Windows\System\qqXjZjh.exe

C:\Windows\System\qqXjZjh.exe

C:\Windows\System\apTguCT.exe

C:\Windows\System\apTguCT.exe

C:\Windows\System\PlrYxgg.exe

C:\Windows\System\PlrYxgg.exe

C:\Windows\System\RhynKWH.exe

C:\Windows\System\RhynKWH.exe

C:\Windows\System\BxcBRcn.exe

C:\Windows\System\BxcBRcn.exe

C:\Windows\System\Pckzuib.exe

C:\Windows\System\Pckzuib.exe

C:\Windows\System\VPDtDSk.exe

C:\Windows\System\VPDtDSk.exe

C:\Windows\System\xUJPxZJ.exe

C:\Windows\System\xUJPxZJ.exe

C:\Windows\System\vuVhyPz.exe

C:\Windows\System\vuVhyPz.exe

C:\Windows\System\nAIYMgx.exe

C:\Windows\System\nAIYMgx.exe

C:\Windows\System\aBNCpuV.exe

C:\Windows\System\aBNCpuV.exe

C:\Windows\System\NnDlxtD.exe

C:\Windows\System\NnDlxtD.exe

C:\Windows\System\CkNzxWU.exe

C:\Windows\System\CkNzxWU.exe

C:\Windows\System\QmOczks.exe

C:\Windows\System\QmOczks.exe

C:\Windows\System\aZqVHcc.exe

C:\Windows\System\aZqVHcc.exe

C:\Windows\System\abhDhjf.exe

C:\Windows\System\abhDhjf.exe

C:\Windows\System\qsAvXdJ.exe

C:\Windows\System\qsAvXdJ.exe

C:\Windows\System\QJpWJIf.exe

C:\Windows\System\QJpWJIf.exe

C:\Windows\System\NPkqUUx.exe

C:\Windows\System\NPkqUUx.exe

C:\Windows\System\loGnbGu.exe

C:\Windows\System\loGnbGu.exe

C:\Windows\System\IWbFORb.exe

C:\Windows\System\IWbFORb.exe

C:\Windows\System\mviDYnc.exe

C:\Windows\System\mviDYnc.exe

C:\Windows\System\NJOAPop.exe

C:\Windows\System\NJOAPop.exe

C:\Windows\System\PqovUuO.exe

C:\Windows\System\PqovUuO.exe

C:\Windows\System\wLRGXld.exe

C:\Windows\System\wLRGXld.exe

C:\Windows\System\QShsutF.exe

C:\Windows\System\QShsutF.exe

C:\Windows\System\EamILZi.exe

C:\Windows\System\EamILZi.exe

C:\Windows\System\HemwiUa.exe

C:\Windows\System\HemwiUa.exe

C:\Windows\System\DBrERgx.exe

C:\Windows\System\DBrERgx.exe

C:\Windows\System\XecGtkK.exe

C:\Windows\System\XecGtkK.exe

C:\Windows\System\eIuajxe.exe

C:\Windows\System\eIuajxe.exe

C:\Windows\System\nNHNyBf.exe

C:\Windows\System\nNHNyBf.exe

C:\Windows\System\prPIWxu.exe

C:\Windows\System\prPIWxu.exe

C:\Windows\System\OzyHfOb.exe

C:\Windows\System\OzyHfOb.exe

C:\Windows\System\HXLCHXX.exe

C:\Windows\System\HXLCHXX.exe

C:\Windows\System\BfHBLja.exe

C:\Windows\System\BfHBLja.exe

C:\Windows\System\mIUWyoa.exe

C:\Windows\System\mIUWyoa.exe

C:\Windows\System\ubiCfWs.exe

C:\Windows\System\ubiCfWs.exe

C:\Windows\System\sTQTbhH.exe

C:\Windows\System\sTQTbhH.exe

C:\Windows\System\PZTLSiH.exe

C:\Windows\System\PZTLSiH.exe

C:\Windows\System\PcWxhBj.exe

C:\Windows\System\PcWxhBj.exe

C:\Windows\System\zyZkQcR.exe

C:\Windows\System\zyZkQcR.exe

C:\Windows\System\wdJZIiT.exe

C:\Windows\System\wdJZIiT.exe

C:\Windows\System\oXvWuER.exe

C:\Windows\System\oXvWuER.exe

C:\Windows\System\pBfZSsZ.exe

C:\Windows\System\pBfZSsZ.exe

C:\Windows\System\yLmlDUa.exe

C:\Windows\System\yLmlDUa.exe

C:\Windows\System\IBtayOH.exe

C:\Windows\System\IBtayOH.exe

C:\Windows\System\hoRVMpS.exe

C:\Windows\System\hoRVMpS.exe

C:\Windows\System\cTynAob.exe

C:\Windows\System\cTynAob.exe

C:\Windows\System\SAerdYk.exe

C:\Windows\System\SAerdYk.exe

C:\Windows\System\gyMEZoq.exe

C:\Windows\System\gyMEZoq.exe

C:\Windows\System\NbPUNEw.exe

C:\Windows\System\NbPUNEw.exe

C:\Windows\System\scTMifV.exe

C:\Windows\System\scTMifV.exe

C:\Windows\System\hDBBcPI.exe

C:\Windows\System\hDBBcPI.exe

C:\Windows\System\FhUnRVo.exe

C:\Windows\System\FhUnRVo.exe

C:\Windows\System\BBMremD.exe

C:\Windows\System\BBMremD.exe

C:\Windows\System\opPnCHr.exe

C:\Windows\System\opPnCHr.exe

C:\Windows\System\yfcnJGt.exe

C:\Windows\System\yfcnJGt.exe

C:\Windows\System\gmdxYvF.exe

C:\Windows\System\gmdxYvF.exe

C:\Windows\System\OvBniIp.exe

C:\Windows\System\OvBniIp.exe

C:\Windows\System\EcMJsAj.exe

C:\Windows\System\EcMJsAj.exe

C:\Windows\System\NYDLvTN.exe

C:\Windows\System\NYDLvTN.exe

C:\Windows\System\bqbsllN.exe

C:\Windows\System\bqbsllN.exe

C:\Windows\System\iGdqWBe.exe

C:\Windows\System\iGdqWBe.exe

C:\Windows\System\owZAUyj.exe

C:\Windows\System\owZAUyj.exe

C:\Windows\System\GWclUhj.exe

C:\Windows\System\GWclUhj.exe

C:\Windows\System\cuKTGzw.exe

C:\Windows\System\cuKTGzw.exe

C:\Windows\System\HsSGPGL.exe

C:\Windows\System\HsSGPGL.exe

C:\Windows\System\OCKgbkM.exe

C:\Windows\System\OCKgbkM.exe

C:\Windows\System\IcibzFb.exe

C:\Windows\System\IcibzFb.exe

C:\Windows\System\YtqJSdF.exe

C:\Windows\System\YtqJSdF.exe

C:\Windows\System\CixMtHp.exe

C:\Windows\System\CixMtHp.exe

C:\Windows\System\kfYoJDA.exe

C:\Windows\System\kfYoJDA.exe

C:\Windows\System\yIdJxGA.exe

C:\Windows\System\yIdJxGA.exe

C:\Windows\System\RrSfplG.exe

C:\Windows\System\RrSfplG.exe

C:\Windows\System\KsRpjSP.exe

C:\Windows\System\KsRpjSP.exe

C:\Windows\System\ZsQFMbt.exe

C:\Windows\System\ZsQFMbt.exe

C:\Windows\System\hdicyvg.exe

C:\Windows\System\hdicyvg.exe

C:\Windows\System\udYCXMC.exe

C:\Windows\System\udYCXMC.exe

C:\Windows\System\ZdWBaor.exe

C:\Windows\System\ZdWBaor.exe

C:\Windows\System\xIiPUDv.exe

C:\Windows\System\xIiPUDv.exe

C:\Windows\System\mtwJDxu.exe

C:\Windows\System\mtwJDxu.exe

C:\Windows\System\gAQsIWY.exe

C:\Windows\System\gAQsIWY.exe

C:\Windows\System\SEthVZu.exe

C:\Windows\System\SEthVZu.exe

C:\Windows\System\teAdcPg.exe

C:\Windows\System\teAdcPg.exe

C:\Windows\System\IjoUiZg.exe

C:\Windows\System\IjoUiZg.exe

C:\Windows\System\FxikzCC.exe

C:\Windows\System\FxikzCC.exe

C:\Windows\System\pkFyGCT.exe

C:\Windows\System\pkFyGCT.exe

C:\Windows\System\XKeNsik.exe

C:\Windows\System\XKeNsik.exe

C:\Windows\System\UhHhNce.exe

C:\Windows\System\UhHhNce.exe

C:\Windows\System\tELPVig.exe

C:\Windows\System\tELPVig.exe

C:\Windows\System\mXoeEBT.exe

C:\Windows\System\mXoeEBT.exe

C:\Windows\System\vErUGAz.exe

C:\Windows\System\vErUGAz.exe

C:\Windows\System\LAAzxzL.exe

C:\Windows\System\LAAzxzL.exe

C:\Windows\System\igrPfcf.exe

C:\Windows\System\igrPfcf.exe

C:\Windows\System\QQiqCqs.exe

C:\Windows\System\QQiqCqs.exe

C:\Windows\System\amzGOJj.exe

C:\Windows\System\amzGOJj.exe

C:\Windows\System\GsxWenb.exe

C:\Windows\System\GsxWenb.exe

C:\Windows\System\XPMZBrl.exe

C:\Windows\System\XPMZBrl.exe

C:\Windows\System\kgcgbfg.exe

C:\Windows\System\kgcgbfg.exe

C:\Windows\System\pJaJrlB.exe

C:\Windows\System\pJaJrlB.exe

C:\Windows\System\FlXPNYI.exe

C:\Windows\System\FlXPNYI.exe

C:\Windows\System\Ttutnuc.exe

C:\Windows\System\Ttutnuc.exe

C:\Windows\System\BNijkbj.exe

C:\Windows\System\BNijkbj.exe

C:\Windows\System\GHSmelt.exe

C:\Windows\System\GHSmelt.exe

C:\Windows\System\rhzLECN.exe

C:\Windows\System\rhzLECN.exe

C:\Windows\System\YwhQiXM.exe

C:\Windows\System\YwhQiXM.exe

C:\Windows\System\tgbqEDI.exe

C:\Windows\System\tgbqEDI.exe

C:\Windows\System\tuNhrQa.exe

C:\Windows\System\tuNhrQa.exe

C:\Windows\System\BmnJHDU.exe

C:\Windows\System\BmnJHDU.exe

C:\Windows\System\GvzLNma.exe

C:\Windows\System\GvzLNma.exe

C:\Windows\System\OSHehmo.exe

C:\Windows\System\OSHehmo.exe

C:\Windows\System\LLHwBYx.exe

C:\Windows\System\LLHwBYx.exe

C:\Windows\System\hoLQjHS.exe

C:\Windows\System\hoLQjHS.exe

C:\Windows\System\yDhJljj.exe

C:\Windows\System\yDhJljj.exe

C:\Windows\System\dZbdaPF.exe

C:\Windows\System\dZbdaPF.exe

C:\Windows\System\QfmzAVk.exe

C:\Windows\System\QfmzAVk.exe

C:\Windows\System\ElXxEcp.exe

C:\Windows\System\ElXxEcp.exe

C:\Windows\System\BlWQCeE.exe

C:\Windows\System\BlWQCeE.exe

C:\Windows\System\sZYgFRZ.exe

C:\Windows\System\sZYgFRZ.exe

C:\Windows\System\kLjQZPj.exe

C:\Windows\System\kLjQZPj.exe

C:\Windows\System\ckHrDJz.exe

C:\Windows\System\ckHrDJz.exe

C:\Windows\System\acydcLr.exe

C:\Windows\System\acydcLr.exe

C:\Windows\System\MRFyNyd.exe

C:\Windows\System\MRFyNyd.exe

C:\Windows\System\hdsfXiu.exe

C:\Windows\System\hdsfXiu.exe

C:\Windows\System\hGsbDTk.exe

C:\Windows\System\hGsbDTk.exe

C:\Windows\System\IBITQYs.exe

C:\Windows\System\IBITQYs.exe

C:\Windows\System\xYBqGOZ.exe

C:\Windows\System\xYBqGOZ.exe

C:\Windows\System\hEcDIDX.exe

C:\Windows\System\hEcDIDX.exe

C:\Windows\System\NnOlLwq.exe

C:\Windows\System\NnOlLwq.exe

C:\Windows\System\CCYOrDN.exe

C:\Windows\System\CCYOrDN.exe

C:\Windows\System\sokrGCm.exe

C:\Windows\System\sokrGCm.exe

C:\Windows\System\AuuuHRu.exe

C:\Windows\System\AuuuHRu.exe

C:\Windows\System\LfKKfir.exe

C:\Windows\System\LfKKfir.exe

C:\Windows\System\HkScTDA.exe

C:\Windows\System\HkScTDA.exe

C:\Windows\System\MHHmAXO.exe

C:\Windows\System\MHHmAXO.exe

C:\Windows\System\pFokRaX.exe

C:\Windows\System\pFokRaX.exe

C:\Windows\System\EZnPTEJ.exe

C:\Windows\System\EZnPTEJ.exe

C:\Windows\System\mfycJhz.exe

C:\Windows\System\mfycJhz.exe

C:\Windows\System\TtDWhOm.exe

C:\Windows\System\TtDWhOm.exe

C:\Windows\System\tumTLWD.exe

C:\Windows\System\tumTLWD.exe

C:\Windows\System\fQlwBGV.exe

C:\Windows\System\fQlwBGV.exe

C:\Windows\System\KemKszG.exe

C:\Windows\System\KemKszG.exe

C:\Windows\System\xSeuuDq.exe

C:\Windows\System\xSeuuDq.exe

C:\Windows\System\fJJWepQ.exe

C:\Windows\System\fJJWepQ.exe

C:\Windows\System\xOLuxJA.exe

C:\Windows\System\xOLuxJA.exe

C:\Windows\System\dVTxceH.exe

C:\Windows\System\dVTxceH.exe

C:\Windows\System\EkxEYkt.exe

C:\Windows\System\EkxEYkt.exe

C:\Windows\System\UREsCdO.exe

C:\Windows\System\UREsCdO.exe

C:\Windows\System\FWFCEcZ.exe

C:\Windows\System\FWFCEcZ.exe

C:\Windows\System\tRqfpES.exe

C:\Windows\System\tRqfpES.exe

C:\Windows\System\huIlfYR.exe

C:\Windows\System\huIlfYR.exe

C:\Windows\System\tazyGeJ.exe

C:\Windows\System\tazyGeJ.exe

C:\Windows\System\JVqwSmZ.exe

C:\Windows\System\JVqwSmZ.exe

C:\Windows\System\nAwBPZW.exe

C:\Windows\System\nAwBPZW.exe

C:\Windows\System\QCLXJha.exe

C:\Windows\System\QCLXJha.exe

C:\Windows\System\lzykvRu.exe

C:\Windows\System\lzykvRu.exe

C:\Windows\System\KJLQRkA.exe

C:\Windows\System\KJLQRkA.exe

C:\Windows\System\BJcZVlv.exe

C:\Windows\System\BJcZVlv.exe

C:\Windows\System\CmbrGvq.exe

C:\Windows\System\CmbrGvq.exe

C:\Windows\System\DykSnsf.exe

C:\Windows\System\DykSnsf.exe

C:\Windows\System\BHpfqTh.exe

C:\Windows\System\BHpfqTh.exe

C:\Windows\System\ULyHyvo.exe

C:\Windows\System\ULyHyvo.exe

C:\Windows\System\nYJsIHM.exe

C:\Windows\System\nYJsIHM.exe

C:\Windows\System\PNkooGJ.exe

C:\Windows\System\PNkooGJ.exe

C:\Windows\System\wCvFDkA.exe

C:\Windows\System\wCvFDkA.exe

C:\Windows\System\htoltpG.exe

C:\Windows\System\htoltpG.exe

C:\Windows\System\MYYCpkU.exe

C:\Windows\System\MYYCpkU.exe

C:\Windows\System\csiitUK.exe

C:\Windows\System\csiitUK.exe

C:\Windows\System\jZpxFYA.exe

C:\Windows\System\jZpxFYA.exe

C:\Windows\System\mvUyrSB.exe

C:\Windows\System\mvUyrSB.exe

C:\Windows\System\uWfcIAy.exe

C:\Windows\System\uWfcIAy.exe

C:\Windows\System\GWWeENw.exe

C:\Windows\System\GWWeENw.exe

C:\Windows\System\WAQVWTj.exe

C:\Windows\System\WAQVWTj.exe

C:\Windows\System\HDSqdgD.exe

C:\Windows\System\HDSqdgD.exe

C:\Windows\System\ROUcqFu.exe

C:\Windows\System\ROUcqFu.exe

C:\Windows\System\JloMcPZ.exe

C:\Windows\System\JloMcPZ.exe

C:\Windows\System\DqZyuNn.exe

C:\Windows\System\DqZyuNn.exe

C:\Windows\System\yrmTRTk.exe

C:\Windows\System\yrmTRTk.exe

C:\Windows\System\slAUMRR.exe

C:\Windows\System\slAUMRR.exe

C:\Windows\System\ZmrLZcx.exe

C:\Windows\System\ZmrLZcx.exe

C:\Windows\System\mKTIQSO.exe

C:\Windows\System\mKTIQSO.exe

C:\Windows\System\pStAhtM.exe

C:\Windows\System\pStAhtM.exe

C:\Windows\System\tbGNsdD.exe

C:\Windows\System\tbGNsdD.exe

C:\Windows\System\JqQBPHd.exe

C:\Windows\System\JqQBPHd.exe

C:\Windows\System\yCOterI.exe

C:\Windows\System\yCOterI.exe

C:\Windows\System\pylWHEN.exe

C:\Windows\System\pylWHEN.exe

C:\Windows\System\uousSsM.exe

C:\Windows\System\uousSsM.exe

C:\Windows\System\rldRCKV.exe

C:\Windows\System\rldRCKV.exe

C:\Windows\System\GPAMLQz.exe

C:\Windows\System\GPAMLQz.exe

C:\Windows\System\idexxBV.exe

C:\Windows\System\idexxBV.exe

C:\Windows\System\qhoHRIl.exe

C:\Windows\System\qhoHRIl.exe

C:\Windows\System\eVYoLsq.exe

C:\Windows\System\eVYoLsq.exe

C:\Windows\System\ZOQvoNg.exe

C:\Windows\System\ZOQvoNg.exe

C:\Windows\System\OxEhcsf.exe

C:\Windows\System\OxEhcsf.exe

C:\Windows\System\Niteydc.exe

C:\Windows\System\Niteydc.exe

C:\Windows\System\MWVdAYQ.exe

C:\Windows\System\MWVdAYQ.exe

C:\Windows\System\MKRmKIz.exe

C:\Windows\System\MKRmKIz.exe

C:\Windows\System\eojypUG.exe

C:\Windows\System\eojypUG.exe

C:\Windows\System\sYEvaHn.exe

C:\Windows\System\sYEvaHn.exe

C:\Windows\System\VsMraxB.exe

C:\Windows\System\VsMraxB.exe

C:\Windows\System\GYSgrdi.exe

C:\Windows\System\GYSgrdi.exe

C:\Windows\System\RrAEdGR.exe

C:\Windows\System\RrAEdGR.exe

C:\Windows\System\MrGxelX.exe

C:\Windows\System\MrGxelX.exe

C:\Windows\System\noetayh.exe

C:\Windows\System\noetayh.exe

C:\Windows\System\GRLEcqn.exe

C:\Windows\System\GRLEcqn.exe

C:\Windows\System\hINhjNx.exe

C:\Windows\System\hINhjNx.exe

C:\Windows\System\KiwhPSb.exe

C:\Windows\System\KiwhPSb.exe

C:\Windows\System\VDtydFE.exe

C:\Windows\System\VDtydFE.exe

C:\Windows\System\ngsOqtN.exe

C:\Windows\System\ngsOqtN.exe

C:\Windows\System\kBtTkPm.exe

C:\Windows\System\kBtTkPm.exe

C:\Windows\System\AiGqRWC.exe

C:\Windows\System\AiGqRWC.exe

C:\Windows\System\wrWtbxs.exe

C:\Windows\System\wrWtbxs.exe

C:\Windows\System\zoJIFIn.exe

C:\Windows\System\zoJIFIn.exe

C:\Windows\System\YiHzdpR.exe

C:\Windows\System\YiHzdpR.exe

C:\Windows\System\OCGMXaT.exe

C:\Windows\System\OCGMXaT.exe

C:\Windows\System\rwUtOSI.exe

C:\Windows\System\rwUtOSI.exe

C:\Windows\System\keuOosn.exe

C:\Windows\System\keuOosn.exe

C:\Windows\System\XYPAgYR.exe

C:\Windows\System\XYPAgYR.exe

C:\Windows\System\FaOqfHQ.exe

C:\Windows\System\FaOqfHQ.exe

C:\Windows\System\kQDNMzF.exe

C:\Windows\System\kQDNMzF.exe

C:\Windows\System\SWcRdlN.exe

C:\Windows\System\SWcRdlN.exe

C:\Windows\System\BLKeIOm.exe

C:\Windows\System\BLKeIOm.exe

C:\Windows\System\eKTQZqA.exe

C:\Windows\System\eKTQZqA.exe

C:\Windows\System\oPqgiTF.exe

C:\Windows\System\oPqgiTF.exe

C:\Windows\System\guOGwuK.exe

C:\Windows\System\guOGwuK.exe

C:\Windows\System\zmQiSlE.exe

C:\Windows\System\zmQiSlE.exe

C:\Windows\System\iYfygtD.exe

C:\Windows\System\iYfygtD.exe

C:\Windows\System\FcYbohG.exe

C:\Windows\System\FcYbohG.exe

C:\Windows\System\KWlyUYl.exe

C:\Windows\System\KWlyUYl.exe

C:\Windows\System\kejzPwE.exe

C:\Windows\System\kejzPwE.exe

C:\Windows\System\lWcVxnZ.exe

C:\Windows\System\lWcVxnZ.exe

C:\Windows\System\CpKnJyZ.exe

C:\Windows\System\CpKnJyZ.exe

C:\Windows\System\vSYVAYW.exe

C:\Windows\System\vSYVAYW.exe

C:\Windows\System\ywqpBuz.exe

C:\Windows\System\ywqpBuz.exe

C:\Windows\System\extBlRP.exe

C:\Windows\System\extBlRP.exe

C:\Windows\System\EBeCpvu.exe

C:\Windows\System\EBeCpvu.exe

C:\Windows\System\IKXtIoP.exe

C:\Windows\System\IKXtIoP.exe

C:\Windows\System\sLJnrGr.exe

C:\Windows\System\sLJnrGr.exe

C:\Windows\System\ZWAryBh.exe

C:\Windows\System\ZWAryBh.exe

C:\Windows\System\ifCKhJE.exe

C:\Windows\System\ifCKhJE.exe

C:\Windows\System\ZEcibhH.exe

C:\Windows\System\ZEcibhH.exe

C:\Windows\System\nnNRsQa.exe

C:\Windows\System\nnNRsQa.exe

C:\Windows\System\KRpVLGj.exe

C:\Windows\System\KRpVLGj.exe

C:\Windows\System\dIbUCwV.exe

C:\Windows\System\dIbUCwV.exe

C:\Windows\System\JpukrIs.exe

C:\Windows\System\JpukrIs.exe

C:\Windows\System\AwwuljG.exe

C:\Windows\System\AwwuljG.exe

C:\Windows\System\vBbSGLN.exe

C:\Windows\System\vBbSGLN.exe

C:\Windows\System\dRObtOa.exe

C:\Windows\System\dRObtOa.exe

C:\Windows\System\syWyfoz.exe

C:\Windows\System\syWyfoz.exe

C:\Windows\System\ScfLCOt.exe

C:\Windows\System\ScfLCOt.exe

C:\Windows\System\XxPYJkp.exe

C:\Windows\System\XxPYJkp.exe

C:\Windows\System\ooOHULY.exe

C:\Windows\System\ooOHULY.exe

C:\Windows\System\RTahKzv.exe

C:\Windows\System\RTahKzv.exe

C:\Windows\System\KptpjeB.exe

C:\Windows\System\KptpjeB.exe

C:\Windows\System\texxIsq.exe

C:\Windows\System\texxIsq.exe

C:\Windows\System\SGgTjsX.exe

C:\Windows\System\SGgTjsX.exe

C:\Windows\System\kyzvTeQ.exe

C:\Windows\System\kyzvTeQ.exe

C:\Windows\System\wgzkcLF.exe

C:\Windows\System\wgzkcLF.exe

C:\Windows\System\uJEIQrI.exe

C:\Windows\System\uJEIQrI.exe

C:\Windows\System\ORGtMPL.exe

C:\Windows\System\ORGtMPL.exe

C:\Windows\System\WbHSVLE.exe

C:\Windows\System\WbHSVLE.exe

C:\Windows\System\MCJdZlL.exe

C:\Windows\System\MCJdZlL.exe

C:\Windows\System\yfAMNdU.exe

C:\Windows\System\yfAMNdU.exe

C:\Windows\System\dchHufG.exe

C:\Windows\System\dchHufG.exe

C:\Windows\System\rEhLURV.exe

C:\Windows\System\rEhLURV.exe

C:\Windows\System\FatVYpH.exe

C:\Windows\System\FatVYpH.exe

C:\Windows\System\kbCDYrO.exe

C:\Windows\System\kbCDYrO.exe

C:\Windows\System\ileMkuE.exe

C:\Windows\System\ileMkuE.exe

C:\Windows\System\QmjweYh.exe

C:\Windows\System\QmjweYh.exe

C:\Windows\System\gklZsvu.exe

C:\Windows\System\gklZsvu.exe

C:\Windows\System\FGILHSs.exe

C:\Windows\System\FGILHSs.exe

C:\Windows\System\CKVhaxu.exe

C:\Windows\System\CKVhaxu.exe

C:\Windows\System\ZrhPALE.exe

C:\Windows\System\ZrhPALE.exe

C:\Windows\System\YwaNvsL.exe

C:\Windows\System\YwaNvsL.exe

C:\Windows\System\ZVciLHu.exe

C:\Windows\System\ZVciLHu.exe

C:\Windows\System\utDZwFw.exe

C:\Windows\System\utDZwFw.exe

C:\Windows\System\PJHNWep.exe

C:\Windows\System\PJHNWep.exe

C:\Windows\System\jBUuGJj.exe

C:\Windows\System\jBUuGJj.exe

C:\Windows\System\uJuUAuC.exe

C:\Windows\System\uJuUAuC.exe

C:\Windows\System\NeauUQr.exe

C:\Windows\System\NeauUQr.exe

C:\Windows\System\sYmxUQs.exe

C:\Windows\System\sYmxUQs.exe

C:\Windows\System\dyUfdJt.exe

C:\Windows\System\dyUfdJt.exe

C:\Windows\System\jCmjSFs.exe

C:\Windows\System\jCmjSFs.exe

C:\Windows\System\xBaxoaB.exe

C:\Windows\System\xBaxoaB.exe

C:\Windows\System\kBgyQAI.exe

C:\Windows\System\kBgyQAI.exe

C:\Windows\System\TnhxdTz.exe

C:\Windows\System\TnhxdTz.exe

C:\Windows\System\DOddQSr.exe

C:\Windows\System\DOddQSr.exe

C:\Windows\System\ICJpbMG.exe

C:\Windows\System\ICJpbMG.exe

C:\Windows\System\jejvDMa.exe

C:\Windows\System\jejvDMa.exe

C:\Windows\System\wDMBywp.exe

C:\Windows\System\wDMBywp.exe

C:\Windows\System\kxmDZjs.exe

C:\Windows\System\kxmDZjs.exe

C:\Windows\System\irbmgJv.exe

C:\Windows\System\irbmgJv.exe

C:\Windows\System\FFKcpKS.exe

C:\Windows\System\FFKcpKS.exe

C:\Windows\System\OYjfYCU.exe

C:\Windows\System\OYjfYCU.exe

C:\Windows\System\IfXxdwT.exe

C:\Windows\System\IfXxdwT.exe

C:\Windows\System\QMcrHnH.exe

C:\Windows\System\QMcrHnH.exe

C:\Windows\System\bFMDYni.exe

C:\Windows\System\bFMDYni.exe

C:\Windows\System\nIGQVfq.exe

C:\Windows\System\nIGQVfq.exe

C:\Windows\System\CxLjQhm.exe

C:\Windows\System\CxLjQhm.exe

C:\Windows\System\ZLpSJza.exe

C:\Windows\System\ZLpSJza.exe

C:\Windows\System\ECQFWKf.exe

C:\Windows\System\ECQFWKf.exe

C:\Windows\System\sNxazzW.exe

C:\Windows\System\sNxazzW.exe

C:\Windows\System\fJudueM.exe

C:\Windows\System\fJudueM.exe

C:\Windows\System\UvpxPmJ.exe

C:\Windows\System\UvpxPmJ.exe

C:\Windows\System\zALBKqK.exe

C:\Windows\System\zALBKqK.exe

C:\Windows\System\axXUnzA.exe

C:\Windows\System\axXUnzA.exe

C:\Windows\System\ZXzAJrR.exe

C:\Windows\System\ZXzAJrR.exe

C:\Windows\System\hltIPVT.exe

C:\Windows\System\hltIPVT.exe

C:\Windows\System\lQDoGgT.exe

C:\Windows\System\lQDoGgT.exe

C:\Windows\System\KTEtjpj.exe

C:\Windows\System\KTEtjpj.exe

C:\Windows\System\PyfAEVk.exe

C:\Windows\System\PyfAEVk.exe

C:\Windows\System\EKkHasa.exe

C:\Windows\System\EKkHasa.exe

C:\Windows\System\VXfAyUh.exe

C:\Windows\System\VXfAyUh.exe

C:\Windows\System\kEskpNF.exe

C:\Windows\System\kEskpNF.exe

C:\Windows\System\oOhmxsF.exe

C:\Windows\System\oOhmxsF.exe

C:\Windows\System\JqNyiIh.exe

C:\Windows\System\JqNyiIh.exe

C:\Windows\System\RCQyVmX.exe

C:\Windows\System\RCQyVmX.exe

C:\Windows\System\jcATLJH.exe

C:\Windows\System\jcATLJH.exe

C:\Windows\System\ZdlWbIo.exe

C:\Windows\System\ZdlWbIo.exe

C:\Windows\System\jZdkYrw.exe

C:\Windows\System\jZdkYrw.exe

C:\Windows\System\WDuRbCH.exe

C:\Windows\System\WDuRbCH.exe

C:\Windows\System\ThUfwyb.exe

C:\Windows\System\ThUfwyb.exe

C:\Windows\System\WMzfUED.exe

C:\Windows\System\WMzfUED.exe

C:\Windows\System\FOiUPoD.exe

C:\Windows\System\FOiUPoD.exe

C:\Windows\System\ekPScfa.exe

C:\Windows\System\ekPScfa.exe

C:\Windows\System\sauzGNA.exe

C:\Windows\System\sauzGNA.exe

C:\Windows\System\AXEVsty.exe

C:\Windows\System\AXEVsty.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

memory/4768-0-0x00007FF6D8900000-0x00007FF6D8C51000-memory.dmp

memory/4768-1-0x0000022BA7500000-0x0000022BA7510000-memory.dmp

C:\Windows\System\dlrYLKP.exe

MD5 a6e9da70d38a017baaf18a15078af008
SHA1 9c9e06ec78281cf98000fdde9eb10dcccf9e7dc4
SHA256 85362ba97e154d8c33fd537bb359e18c1c113320896673976b8f2f6dcf50ef8d
SHA512 a19cd5f15a1b1f9318a54a0f0d649c8da2fe3346e35cccffeed67f1229705b5f0f41282d6aac4a330c434303bf6a0b1e16666d4150391ed90b1b7c4229f7f411

C:\Windows\System\KVnTHCc.exe

MD5 a9adafd8a41b9b4060b129069cffa921
SHA1 db4023f2c537cef9fc496339c8517b36bb37f61d
SHA256 664805a752d94c5817297061d47e2a7735ae9b68b4780c43ad3b8c62ed41142e
SHA512 22360395d9f80841864fc4e0ef26caf7a495df559546e9db49ada2b5e11d443990d26bde505153ed41d2c96670d2a77072b2609349c7dde634f40d59d470caef

C:\Windows\System\KRKfLWY.exe

MD5 fc44c57ca81d4882252ccec4a08c4041
SHA1 462f2731192aa8d008c469c70a65ebb2ee44c965
SHA256 6a79e33d7c3f5657d37d7d2de1e55631729918235c26fc3784eedfd877064390
SHA512 de16d95eb880d404e1417e4b9455ff4f73ba9f2e9dd8e6c7e4e1fa1c2ef5b0c7b4d5fc28c1dcdadb97016a49dc265cb7a298a2423c447af6d29079482bacd61d

C:\Windows\System\lnqPVkg.exe

MD5 c70e070ff3b29a26c8d88fa0a00733a2
SHA1 5586f2ffacb07b6aed9bd86927dac8238bbdfd7b
SHA256 a0dc3b516cd1f142814e8da93add47a07f1ed175d77aa03ddd8d284cba9b4b35
SHA512 9c8175cdd610f408b37bffcfa54c71ab7579dc81e177c47901255d3b681019c2d4bbbd90ee739041da996c42bfcc678c9102168cddb1031fced11f06d8822439

C:\Windows\System\KBlTcqh.exe

MD5 8a722f73cab59758b52d04bf90692a8e
SHA1 ce64fc00417d88ae9b765825b7a21bcdc13aea7a
SHA256 72299a47bf24c2155a9fdc63170d69d7610ff7769ef926286419568424038fcd
SHA512 d764514dbe3f93501366b3d65461092912d2a5c0b8cc81c92ac0f1a4cf4bd71dd3e2e007e0b5931b088eeb79dd63a00066ba69a4324b6068e3541ce78042e686

C:\Windows\System\LnYakjk.exe

MD5 b6d9ebf40d14dda6bcc38e26c71386e0
SHA1 30b1a0df0625921486d5a07aef2761521ea7372e
SHA256 302ff2717eda312a1c5f5ed4269ca8a1a4f7d3b0e25407323d8c03c0335173ae
SHA512 505ac930b25636cd976218096a12b57bb84de865cb28d33793db21213f59a76a6f718eb020f6cabe9d11ef91cea85fe583851a002ad98874258d314b0e8b8beb

C:\Windows\System\Vpswtly.exe

MD5 da2aa17a85690a9f84832ba13bc6b3f4
SHA1 577e7f7befa9f4e81835ae4524e0317ecbac53cf
SHA256 05c01779c2b9e906ad614a874f6eedf8ee85f878b87f0a96970611f2afef1f51
SHA512 690b6a2e1eb69a5470cd3b77267683725d5aa1f55fc8394c2e16353958cb678dc50fdd88ff11bf58c6ad42a0638a17c563b4d7afdd2368fd860f7c4529513102

C:\Windows\System\DBNnIRl.exe

MD5 ff1e24a2426fd19532684a4c728fd796
SHA1 5e64b6972130dad5b2f114692a60e1918042ee2e
SHA256 88a59c2d7df546c3ad73b19309dc391b3238125151cc786710458285c450f08a
SHA512 fafa26da00df27d26c5b5dfcd5e486e92ae525da151a1bbfc1cc7a86a10a1c51bf35b277704219858c9c8a5af435728346c8572311cdec834b9908079c83b459

C:\Windows\System\kXoGscf.exe

MD5 e97e3b67b3cca7c2f0590f1b4a18171b
SHA1 6d8fb4096bf449440bd7e58471691225e6dfd9e0
SHA256 f5b2207a57be3ee5cf115fabf6607b777fc909fc961a958615177ccbad03aeff
SHA512 41f427f45fc63f236cca5132c24f82af69282b2e676b822e39e7adf486da5b63f60533ef0c9b315fa57d3f310d29503402532fb5b41079433dab59130000415d

memory/2260-442-0x00007FF659370000-0x00007FF6596C1000-memory.dmp

C:\Windows\System\wRwMdWp.exe

MD5 b6051973913024b35659a43ae0864662
SHA1 7c25fe8df23c247b9645b515f19276d30520fa71
SHA256 2f3c663f2c427814b6392267732bf33b225115fd8342674b261a9bd47d4030b2
SHA512 5b9e42a37cd386d44eb643aa8c3fb02ff99895b5e5f6574f2976fe876fac918a77be681aafe14840a4077b12e3d3790a04674a761953cdedded4b20037488482

C:\Windows\System\nnIkoLR.exe

MD5 d4c2dc2300783ef9428508a6bdf1a73a
SHA1 96e0630aa819c4009668314adf9d90fe052b38f0
SHA256 cfb7cfd6e3c10dd7ba05740dddb4c0a386e25a4cbd110569d424bccdaa794d78
SHA512 4c7875f1c2f00059086f90a32c722d570c91c67ba29ca3d3ce5adbf1bbb966cb7bc5864bb1890088c3266a7fc36a22ee89f928ea64d60f67d9ef6f2477fbb0df

C:\Windows\System\lbqToDc.exe

MD5 5a4e68f63ee4635d07cadd94d46ed398
SHA1 5fb8b6bc2dccc491a1897c3e9b4dc9b4763c46f1
SHA256 df36f787da8c9d731d54aac0c314c517a353ecede53542de32e9dc400e7a2225
SHA512 423c001225dc338fe2bcb80ae102a8056eeb6ce6692e8e61d3bac37325bae3ac72050fac9b8f460e1fa831f6dc8e406a29af6e286a3702ae6c9d844b2764b22a

C:\Windows\System\NWZSzTp.exe

MD5 07affc75aed6c93087366307d3e4c26b
SHA1 06c7edbe0ef78837443de237dfa5c98a6a94c0d2
SHA256 d6170eec6b2205bfdada2ffea85ac844a14b5b549eb939d5ac26058f1b2a5da0
SHA512 82fa9243ae65fbbdba4c252f2311b2ee510d1e65da562dd63549db4925aa2f63cb81b570effd57890c111e3eb078dc8228c6536cb8eb79c49282a53eb1f8a3bd

C:\Windows\System\lUwyvEI.exe

MD5 581514113e77e78bbbe37db4fc8e1558
SHA1 ab2deaed15d774ca09b8cdecb98fa5c396f5917c
SHA256 ad2591ba600765065cc740464792df8816632a299e7c7066c355be1440cc2f2f
SHA512 eae4e26dc344eb029bb4285d68753c6a4c81c33af05fb8fa98dd5ae79543121c46cda9ee93b9037e92c033bfa30f14696974d64014fc16d072388d06a3ae3a2e

C:\Windows\System\kSHZFHY.exe

MD5 b6ea6045a40dbc13daa6c56e079562e4
SHA1 512602d2a9feed34c00ecacf6a34f3ffcd175ced
SHA256 8fedc9c295147f6249eca07275f397cb3dc02f0734e45a9574a6e95a659c4b01
SHA512 8662e7db5bfac5af85dbb96b5ccf5e3d913efede35bc34845b7ae045b53cba1f7106a00d0a8b9b8eb4a1644d951ac99a8d2e387906a101e21cd1e4c410517ce9

C:\Windows\System\tPDRKpD.exe

MD5 d186d81520f14352bd7e321366ba43d1
SHA1 cba6ec86846aa85512b9541dff735271491fbedb
SHA256 d545f0c20cd6a32a8fc33586976a5be65815b6c06abff457bb298c0f3be9f6ba
SHA512 6683f6644a30eab62bba80b62c1d9dfa78dd20f10760ec2b35f316cfced4fd77f01922360520c424490aeb28903f0b38ddf4054fed1bc4daf9ba06437c59d82a

C:\Windows\System\OTFgqLA.exe

MD5 56a9384704d21cfc6499b1e8e088e920
SHA1 99002f6e8f1344d6143ac668076792e8f5587b3e
SHA256 46eaa012db9641ce2429fe0fe2fc3974b81ddd677a7ca903bf21960cfe5120e5
SHA512 51aefb065973d4f6d05b2c37463513c8d280cf5e6e158f3243cfa4503d8ed395ee8d1242ca952b49218fb249d7c6f695c79bebdef9f2be7533397162f392013f

C:\Windows\System\QSeIVHy.exe

MD5 19a110c8636e11bc72b38f592141fcc3
SHA1 b155c040119a503b00788c5914abbfa051d79a4a
SHA256 b5456e087fdf780246ea33128fb3a3c80db4af4a5d39f3db75b63d633c809aba
SHA512 b5a0e26e6bc27942938a0409cb002f597b0299ff1bf64b16133f6893667c9bcf1220ef844822477ae6337d6a3aad8e758e592415c25439d10db1bd043095d22d

C:\Windows\System\ApbcoUc.exe

MD5 48ffce3701052d373744ce565867aa98
SHA1 23346bee71ba6c923d5130026ce221c48ed696b2
SHA256 fb81b0fec215886827e30e1643d38a3061ad2a6b7623d0f7ee7f1d66d49bdd16
SHA512 b078f17fe77e67b56bc546ed3316e2b63f95fb21361c47bf931b980c4f00a2bade60deae0a4b784582f638b32813faa279ed276e35f1b3217085e2df0d4465f9

C:\Windows\System\ONkpKkm.exe

MD5 df71364ede44bf50c754e7cef393113c
SHA1 558d4b6889d4994ace6dc211923f1f82b65bc467
SHA256 e394245bcb2f385584d48ee5041be7706f5b3856bb71ca79dbf0e80aa9f19010
SHA512 f83f71c61dd99af2a41f6e3a47f86149b561adf6de59be34ff31ece6f398a3baa30e3622f62b0457f54c912ec348c7f120ca333face0619b69b718e04b2d31a1

C:\Windows\System\LgQxcdo.exe

MD5 8d51c09b60de7a8e93ac9bf4e5b3868a
SHA1 3a7c914993863c2e7efdb33e7a462fb71d549747
SHA256 003cf9b4a6cff53dfc8bbaa35ddb245e5dc1c3332a415eae85172a8339573088
SHA512 8c11af92019a2fe7a127d10821e4e7a3142e6107e93884365a6b5fb8ffc5b1cbf863744b0907f1b496fd47c05efcfca391e8f46135767ca3fd26a72cc3a12140

C:\Windows\System\AwYcecP.exe

MD5 94d7692f67cd2853f55c1037300d6567
SHA1 dc411419fe42d5798674bec333e19f889d30e85e
SHA256 e4ca5672c9131bf460ad8edd1fc2a906b7c1f1620491af36d1de8e96dbc83c50
SHA512 589088b648ad47cf40e9fefb7e1f3bf7563c20067f4de2812977079539110313bc9b129e0bd7c5f445249b99f77aa63806be0b83e2cc1e16cb8096498225873d

C:\Windows\System\QbdnaFE.exe

MD5 d240934e19a5e571156e1f1e7d72c836
SHA1 e83105b76d5b31ed22142f81b4127505eadefef7
SHA256 8fd40fe76a75ccbd89132a040cb2c14f1ad7fbeb6c469dba53c18b41ef1f8f00
SHA512 72c5f3ce43a48ea1cb47b96abbd3a182838293a39e4d5b9e2456178c516366859cf252e27d9d985ae07c79eb8b5a3243feccad3fd11e6d2ac915e5cec182c171

C:\Windows\System\PqFTDzR.exe

MD5 49495aeeccbf83e07a466dff67509aa6
SHA1 15fde522955ccb50aa444bd400c9f875cf19005b
SHA256 32bc82c5a49cd17a6b7138838564a9bb93c31653d0a6cbf3e6d4980cc478f8d6
SHA512 c9197397a3746061a26405b5b6f23aad3dd2d2ce32fb61ed15c3d6c120f9300dc0dced314a7a3126112c4bb385f7d67725f6975c895ac9d43daf437bca74242a

C:\Windows\System\uTexmHm.exe

MD5 55f0d59d5d033173151c442a9438dbbe
SHA1 b001ad3869ac772d47a3dacd655edbe046ece24b
SHA256 b5a75147dc1e17ad497c345fa515544907025ab4035da0108441d3da8909073f
SHA512 874cb44dd6f68cda43e61e87795500f7cb4e48fc6e5e74761e8485cb1084a887065fea6115c747b5637637ef5ada789ec7d60cb54da87ca1f04b0f3cca15e2ed

C:\Windows\System\dFBSKei.exe

MD5 cb83d672b2412e55bdace6d1865ddfa6
SHA1 f7c7c7a4e43bd7b2b9eefc12b19b2961a3908c52
SHA256 8b934b7b334d3d9e6a76422786c7cec71c7ac9e4f76765d8b0a8fb9dd4ea910e
SHA512 9e036306baadb0c820fcc61780a7a3f5568bd44e5e171278231a232737d95295e23fe9fea6c990c8f689df8147e688d25118062655db5aba0dab7bc1bc4732d9

C:\Windows\System\daoVbAB.exe

MD5 fdade2c41b40e1e49c9a25623c35861f
SHA1 b8fb16ad9ce8cbc1c9a8053a8bd56ab9558d28d7
SHA256 ab27d34964ceb5e2095176e65d1f60051163195570ca0a857eb44a094ffe1dcf
SHA512 d04b30846d68ebcc34284163daa11a2dfd57cc85b0e5f4d74475543508b2cafbdfecb02d88955666d4b8e38b66a5a49a4163e91e05f7ff0047df69e0af53c568

C:\Windows\System\FmCAtMy.exe

MD5 8780c4bb8cde4c767345bac70a533bfa
SHA1 684300c5292b69065f0914f09c802b7d43515e58
SHA256 1626f33d5a5573abd07a5b43ef8c4c78b4d4ec937eb52fc0a0c8fcaaceaee86a
SHA512 074e3fe3ac98a54e4ecea365214f4ebf10ba9bce6aa7b95e385740fcd79ecb2307f4f5ea7c506e92d36c6a3c96be4bd2169aba1559f7df29efd5d1917da4521f

C:\Windows\System\czNvOJI.exe

MD5 689dc1e511bb58f12f07dc27811cb1b6
SHA1 f5425b22a7920e9f636d0955a06d90c6eea26ce2
SHA256 826347a9068b524c59d33caafad111ede158e7546b7a7884d511773a0d412c67
SHA512 ee0b8a38fc3df7850d7daa52a3364f8b19731be652df9b52004b21efe019045216829b0ced88749e33c79cbc51b47c3f2bb551876fde33747379034d8444f403

C:\Windows\System\NdEKTzN.exe

MD5 9196aee2c0a866490a671d532e5500b4
SHA1 ebf4674eae2a12e37ce722b92734a2ee4d6b2084
SHA256 799fdc167e7e84d52f129732f70c989ffa0f1613ed4cb22aafbd6a6aeee1edaa
SHA512 deb97b7f3698827bf4f9a5f12073fc4419e29bef7d6c2df4ef1e4d2df5b30ba1869b7d177d831f84e52b642a7fb0dfd29aec725fe22b60902c1a42b3d12b3232

C:\Windows\System\ufDrfzM.exe

MD5 c5227e6155420e3e635dd67b04cda1b2
SHA1 62c68bca588ba35899db49dbed7f333e623ef4f9
SHA256 c2c59546db14c6874788a6b9e9baaab2493482dadc79db5aeaa865b490b87cb6
SHA512 cce60cb29a7e46f3ca5d23018038b3e2dd5aec8970f158cb50f1c36eac39be242e11a04ddca3a23d6c4bfcc1aa9deef09661ff30ee9672e916c3e54d97f65339

C:\Windows\System\JuJFYXv.exe

MD5 2794916d91f1bf557a22932005c17a74
SHA1 0e226faa68009a6c5c88a293c618a6f72fbfc7eb
SHA256 b570355e2b78d8f2fbd7d2668464cf7fa3056164876bf4099f8d8a78a64d5112
SHA512 7b07055a930dca25110510f6a1f24dbc068a093985f514861db9960b6c5146d98c947dc47aa28a0c205eb388573e765a5894422d9fda69d456c1acbb5be2fde6

C:\Windows\System\xorkgWj.exe

MD5 90a51e08988150ede0123be22ed8044a
SHA1 d77ca03a181ef366c299c88e6b9d0949b4441a05
SHA256 f52595fd0a85a4d995e87b5f8fde96f2e4b41571e99216f62a9cdc4b3e1bdc22
SHA512 c6a77bffdc19b467f63127b4fb9067c43432fb1b1d33d97339e700bc36f4deeaca74bc1057a4b2d15c3259f473d9b11c54d62c8e7e02153ac743630e7c9abc26

memory/992-20-0x00007FF6A1450000-0x00007FF6A17A1000-memory.dmp

memory/3988-9-0x00007FF6F8D40000-0x00007FF6F9091000-memory.dmp

memory/5000-443-0x00007FF689100000-0x00007FF689451000-memory.dmp

memory/1984-444-0x00007FF6261C0000-0x00007FF626511000-memory.dmp

memory/1624-445-0x00007FF6043D0000-0x00007FF604721000-memory.dmp

memory/3944-446-0x00007FF797F60000-0x00007FF7982B1000-memory.dmp

memory/4444-447-0x00007FF699280000-0x00007FF6995D1000-memory.dmp

memory/4324-464-0x00007FF6F6570000-0x00007FF6F68C1000-memory.dmp

memory/4488-486-0x00007FF7B6410000-0x00007FF7B6761000-memory.dmp

memory/4384-477-0x00007FF784190000-0x00007FF7844E1000-memory.dmp

memory/4664-452-0x00007FF735230000-0x00007FF735581000-memory.dmp

memory/4528-510-0x00007FF7BD6F0000-0x00007FF7BDA41000-memory.dmp

memory/2028-521-0x00007FF768800000-0x00007FF768B51000-memory.dmp

memory/2420-537-0x00007FF68A160000-0x00007FF68A4B1000-memory.dmp

memory/3040-550-0x00007FF6AFAB0000-0x00007FF6AFE01000-memory.dmp

memory/4636-611-0x00007FF6655D0000-0x00007FF665921000-memory.dmp

memory/428-619-0x00007FF7DB460000-0x00007FF7DB7B1000-memory.dmp

memory/216-605-0x00007FF7057E0000-0x00007FF705B31000-memory.dmp

memory/4036-601-0x00007FF7B5890000-0x00007FF7B5BE1000-memory.dmp

memory/4964-600-0x00007FF7B3880000-0x00007FF7B3BD1000-memory.dmp

memory/4064-596-0x00007FF6D4980000-0x00007FF6D4CD1000-memory.dmp

memory/1032-588-0x00007FF683520000-0x00007FF683871000-memory.dmp

memory/2708-585-0x00007FF68BE40000-0x00007FF68C191000-memory.dmp

memory/5084-581-0x00007FF718D20000-0x00007FF719071000-memory.dmp

memory/4576-578-0x00007FF7E2080000-0x00007FF7E23D1000-memory.dmp

memory/4856-562-0x00007FF7480D0000-0x00007FF748421000-memory.dmp

memory/2988-540-0x00007FF65CFC0000-0x00007FF65D311000-memory.dmp

memory/1792-495-0x00007FF7A4B30000-0x00007FF7A4E81000-memory.dmp

memory/4768-2219-0x00007FF6D8900000-0x00007FF6D8C51000-memory.dmp

memory/3988-2252-0x00007FF6F8D40000-0x00007FF6F9091000-memory.dmp

memory/2260-2253-0x00007FF659370000-0x00007FF6596C1000-memory.dmp

memory/3988-2259-0x00007FF6F8D40000-0x00007FF6F9091000-memory.dmp

memory/992-2261-0x00007FF6A1450000-0x00007FF6A17A1000-memory.dmp

memory/2260-2265-0x00007FF659370000-0x00007FF6596C1000-memory.dmp

memory/428-2264-0x00007FF7DB460000-0x00007FF7DB7B1000-memory.dmp

memory/3944-2270-0x00007FF797F60000-0x00007FF7982B1000-memory.dmp

memory/1984-2274-0x00007FF6261C0000-0x00007FF626511000-memory.dmp

memory/5000-2275-0x00007FF689100000-0x00007FF689451000-memory.dmp

memory/4664-2279-0x00007FF735230000-0x00007FF735581000-memory.dmp

memory/4324-2278-0x00007FF6F6570000-0x00007FF6F68C1000-memory.dmp

memory/1624-2272-0x00007FF6043D0000-0x00007FF604721000-memory.dmp

memory/4444-2268-0x00007FF699280000-0x00007FF6995D1000-memory.dmp

memory/3040-2282-0x00007FF6AFAB0000-0x00007FF6AFE01000-memory.dmp

memory/2988-2283-0x00007FF65CFC0000-0x00007FF65D311000-memory.dmp

memory/4036-2315-0x00007FF7B5890000-0x00007FF7B5BE1000-memory.dmp

memory/216-2313-0x00007FF7057E0000-0x00007FF705B31000-memory.dmp

memory/4636-2311-0x00007FF6655D0000-0x00007FF665921000-memory.dmp

memory/4384-2309-0x00007FF784190000-0x00007FF7844E1000-memory.dmp

memory/1792-2307-0x00007FF7A4B30000-0x00007FF7A4E81000-memory.dmp

memory/4488-2306-0x00007FF7B6410000-0x00007FF7B6761000-memory.dmp

memory/4856-2303-0x00007FF7480D0000-0x00007FF748421000-memory.dmp

memory/4576-2302-0x00007FF7E2080000-0x00007FF7E23D1000-memory.dmp

memory/2708-2298-0x00007FF68BE40000-0x00007FF68C191000-memory.dmp

memory/1032-2296-0x00007FF683520000-0x00007FF683871000-memory.dmp

memory/4064-2294-0x00007FF6D4980000-0x00007FF6D4CD1000-memory.dmp

memory/4528-2290-0x00007FF7BD6F0000-0x00007FF7BDA41000-memory.dmp

memory/2420-2288-0x00007FF68A160000-0x00007FF68A4B1000-memory.dmp

memory/2028-2285-0x00007FF768800000-0x00007FF768B51000-memory.dmp

memory/5084-2300-0x00007FF718D20000-0x00007FF719071000-memory.dmp

memory/4964-2292-0x00007FF7B3880000-0x00007FF7B3BD1000-memory.dmp