Malware Analysis Report

2024-10-10 08:38

Sample ID 240604-aygz2afa2s
Target 1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
SHA256 6429ffa8e988e457715aecf422ce67b7797269e4df84464ff6e60c6d69ca4535
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6429ffa8e988e457715aecf422ce67b7797269e4df84464ff6e60c6d69ca4535

Threat Level: Known bad

The file 1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

KPOT Core Executable

KPOT

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 00:37

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 00:37

Reported

2024-06-04 00:39

Platform

win7-20240508-en

Max time kernel

122s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\iXSQwuh.exe N/A
N/A N/A C:\Windows\System\wwbFVqI.exe N/A
N/A N/A C:\Windows\System\YyCdSQF.exe N/A
N/A N/A C:\Windows\System\TzXvdOB.exe N/A
N/A N/A C:\Windows\System\aUvbWVt.exe N/A
N/A N/A C:\Windows\System\NyMZXjE.exe N/A
N/A N/A C:\Windows\System\AZmlNwP.exe N/A
N/A N/A C:\Windows\System\bktWtJB.exe N/A
N/A N/A C:\Windows\System\KJmxVui.exe N/A
N/A N/A C:\Windows\System\hDRwFbS.exe N/A
N/A N/A C:\Windows\System\PZrpFEK.exe N/A
N/A N/A C:\Windows\System\OTcusua.exe N/A
N/A N/A C:\Windows\System\vfnLyXw.exe N/A
N/A N/A C:\Windows\System\VMooCKS.exe N/A
N/A N/A C:\Windows\System\uiWnIet.exe N/A
N/A N/A C:\Windows\System\azCSYif.exe N/A
N/A N/A C:\Windows\System\qfaPDTW.exe N/A
N/A N/A C:\Windows\System\sWJkDFv.exe N/A
N/A N/A C:\Windows\System\sbJQgGY.exe N/A
N/A N/A C:\Windows\System\qpeIKWc.exe N/A
N/A N/A C:\Windows\System\jEChWtC.exe N/A
N/A N/A C:\Windows\System\hcJUfXR.exe N/A
N/A N/A C:\Windows\System\qiphGIm.exe N/A
N/A N/A C:\Windows\System\TPWqdkO.exe N/A
N/A N/A C:\Windows\System\WbNozne.exe N/A
N/A N/A C:\Windows\System\sIyCikc.exe N/A
N/A N/A C:\Windows\System\imHmcSv.exe N/A
N/A N/A C:\Windows\System\sSXthrq.exe N/A
N/A N/A C:\Windows\System\qWZTnub.exe N/A
N/A N/A C:\Windows\System\BsFBusD.exe N/A
N/A N/A C:\Windows\System\KsfIdlL.exe N/A
N/A N/A C:\Windows\System\wxHvyBW.exe N/A
N/A N/A C:\Windows\System\ETHzoyO.exe N/A
N/A N/A C:\Windows\System\rUSGqQA.exe N/A
N/A N/A C:\Windows\System\GbVVHGg.exe N/A
N/A N/A C:\Windows\System\mlELtOG.exe N/A
N/A N/A C:\Windows\System\EaEYSLu.exe N/A
N/A N/A C:\Windows\System\qZuQOJb.exe N/A
N/A N/A C:\Windows\System\QMiEORB.exe N/A
N/A N/A C:\Windows\System\mxLPhXo.exe N/A
N/A N/A C:\Windows\System\xeYjqSN.exe N/A
N/A N/A C:\Windows\System\wiSUXBx.exe N/A
N/A N/A C:\Windows\System\mylDMaY.exe N/A
N/A N/A C:\Windows\System\pCBqbzN.exe N/A
N/A N/A C:\Windows\System\UvevaCB.exe N/A
N/A N/A C:\Windows\System\dYUHTTs.exe N/A
N/A N/A C:\Windows\System\QWnLqDl.exe N/A
N/A N/A C:\Windows\System\KyddFCX.exe N/A
N/A N/A C:\Windows\System\pobNbdc.exe N/A
N/A N/A C:\Windows\System\zKAwthv.exe N/A
N/A N/A C:\Windows\System\XjpwkHE.exe N/A
N/A N/A C:\Windows\System\nDkmXRG.exe N/A
N/A N/A C:\Windows\System\SbBJqQa.exe N/A
N/A N/A C:\Windows\System\wUTcyeo.exe N/A
N/A N/A C:\Windows\System\EnJocOK.exe N/A
N/A N/A C:\Windows\System\rEvzLXF.exe N/A
N/A N/A C:\Windows\System\DvzRkqZ.exe N/A
N/A N/A C:\Windows\System\vmfhvDI.exe N/A
N/A N/A C:\Windows\System\iqEQnUu.exe N/A
N/A N/A C:\Windows\System\zeORUaR.exe N/A
N/A N/A C:\Windows\System\qLAqkTk.exe N/A
N/A N/A C:\Windows\System\JwVJlWk.exe N/A
N/A N/A C:\Windows\System\MYcUrvX.exe N/A
N/A N/A C:\Windows\System\BkkFauI.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\YCBrQeK.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NNdAzQP.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFnCxXe.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qpeIKWc.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rMurvkw.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fsRstWc.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWUSNtg.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDpyZyV.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxZiLRM.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLrUGqe.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lwsdmPB.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YDHmcGc.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JBENPIp.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TzXvdOB.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tOyhaXq.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwEWHsN.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EudeZfB.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZEsZYT.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHHBiVQ.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aasjCGf.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UazSelO.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LRENEdl.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\okjhRby.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fEnKfES.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhIqloV.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Knqojmi.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEkSmoK.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sRAOeHg.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyqhEiU.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XQSrFWe.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLYkgmo.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xNCkfoc.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wUbnShK.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZVAKdn.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\givmUID.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJlMFtU.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\udohBne.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mbUZjtt.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\knNOVJK.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vnDuBlH.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KJmxVui.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cpYLoLf.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TNDNyuB.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\whPbJdl.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EQrpQUI.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vkBLWhI.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GctTThm.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UMmmFuD.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RwdYsZQ.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RjpuldD.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xWTyKPG.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pSmcYeL.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KfpqUzM.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zyfOwLG.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBlJHQr.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LHQCFpy.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fgBlmCH.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jGQgGRx.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXTESrk.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\StBQEDf.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XZSFybh.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QBImPDM.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lVScFaf.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wBoVxzL.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2932 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\iXSQwuh.exe
PID 2932 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\iXSQwuh.exe
PID 2932 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\iXSQwuh.exe
PID 2932 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\wwbFVqI.exe
PID 2932 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\wwbFVqI.exe
PID 2932 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\wwbFVqI.exe
PID 2932 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\YyCdSQF.exe
PID 2932 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\YyCdSQF.exe
PID 2932 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\YyCdSQF.exe
PID 2932 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\TzXvdOB.exe
PID 2932 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\TzXvdOB.exe
PID 2932 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\TzXvdOB.exe
PID 2932 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\aUvbWVt.exe
PID 2932 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\aUvbWVt.exe
PID 2932 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\aUvbWVt.exe
PID 2932 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\NyMZXjE.exe
PID 2932 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\NyMZXjE.exe
PID 2932 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\NyMZXjE.exe
PID 2932 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\AZmlNwP.exe
PID 2932 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\AZmlNwP.exe
PID 2932 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\AZmlNwP.exe
PID 2932 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\bktWtJB.exe
PID 2932 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\bktWtJB.exe
PID 2932 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\bktWtJB.exe
PID 2932 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\KJmxVui.exe
PID 2932 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\KJmxVui.exe
PID 2932 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\KJmxVui.exe
PID 2932 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\hDRwFbS.exe
PID 2932 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\hDRwFbS.exe
PID 2932 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\hDRwFbS.exe
PID 2932 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\OTcusua.exe
PID 2932 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\OTcusua.exe
PID 2932 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\OTcusua.exe
PID 2932 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PZrpFEK.exe
PID 2932 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PZrpFEK.exe
PID 2932 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PZrpFEK.exe
PID 2932 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\vfnLyXw.exe
PID 2932 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\vfnLyXw.exe
PID 2932 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\vfnLyXw.exe
PID 2932 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\VMooCKS.exe
PID 2932 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\VMooCKS.exe
PID 2932 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\VMooCKS.exe
PID 2932 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\uiWnIet.exe
PID 2932 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\uiWnIet.exe
PID 2932 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\uiWnIet.exe
PID 2932 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\azCSYif.exe
PID 2932 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\azCSYif.exe
PID 2932 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\azCSYif.exe
PID 2932 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qfaPDTW.exe
PID 2932 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qfaPDTW.exe
PID 2932 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qfaPDTW.exe
PID 2932 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\sWJkDFv.exe
PID 2932 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\sWJkDFv.exe
PID 2932 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\sWJkDFv.exe
PID 2932 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\sbJQgGY.exe
PID 2932 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\sbJQgGY.exe
PID 2932 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\sbJQgGY.exe
PID 2932 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qpeIKWc.exe
PID 2932 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qpeIKWc.exe
PID 2932 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qpeIKWc.exe
PID 2932 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\jEChWtC.exe
PID 2932 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\jEChWtC.exe
PID 2932 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\jEChWtC.exe
PID 2932 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\hcJUfXR.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe"

C:\Windows\System\iXSQwuh.exe

C:\Windows\System\iXSQwuh.exe

C:\Windows\System\wwbFVqI.exe

C:\Windows\System\wwbFVqI.exe

C:\Windows\System\YyCdSQF.exe

C:\Windows\System\YyCdSQF.exe

C:\Windows\System\TzXvdOB.exe

C:\Windows\System\TzXvdOB.exe

C:\Windows\System\aUvbWVt.exe

C:\Windows\System\aUvbWVt.exe

C:\Windows\System\NyMZXjE.exe

C:\Windows\System\NyMZXjE.exe

C:\Windows\System\AZmlNwP.exe

C:\Windows\System\AZmlNwP.exe

C:\Windows\System\bktWtJB.exe

C:\Windows\System\bktWtJB.exe

C:\Windows\System\KJmxVui.exe

C:\Windows\System\KJmxVui.exe

C:\Windows\System\hDRwFbS.exe

C:\Windows\System\hDRwFbS.exe

C:\Windows\System\OTcusua.exe

C:\Windows\System\OTcusua.exe

C:\Windows\System\PZrpFEK.exe

C:\Windows\System\PZrpFEK.exe

C:\Windows\System\vfnLyXw.exe

C:\Windows\System\vfnLyXw.exe

C:\Windows\System\VMooCKS.exe

C:\Windows\System\VMooCKS.exe

C:\Windows\System\uiWnIet.exe

C:\Windows\System\uiWnIet.exe

C:\Windows\System\azCSYif.exe

C:\Windows\System\azCSYif.exe

C:\Windows\System\qfaPDTW.exe

C:\Windows\System\qfaPDTW.exe

C:\Windows\System\sWJkDFv.exe

C:\Windows\System\sWJkDFv.exe

C:\Windows\System\sbJQgGY.exe

C:\Windows\System\sbJQgGY.exe

C:\Windows\System\qpeIKWc.exe

C:\Windows\System\qpeIKWc.exe

C:\Windows\System\jEChWtC.exe

C:\Windows\System\jEChWtC.exe

C:\Windows\System\hcJUfXR.exe

C:\Windows\System\hcJUfXR.exe

C:\Windows\System\qiphGIm.exe

C:\Windows\System\qiphGIm.exe

C:\Windows\System\TPWqdkO.exe

C:\Windows\System\TPWqdkO.exe

C:\Windows\System\WbNozne.exe

C:\Windows\System\WbNozne.exe

C:\Windows\System\sIyCikc.exe

C:\Windows\System\sIyCikc.exe

C:\Windows\System\imHmcSv.exe

C:\Windows\System\imHmcSv.exe

C:\Windows\System\sSXthrq.exe

C:\Windows\System\sSXthrq.exe

C:\Windows\System\qWZTnub.exe

C:\Windows\System\qWZTnub.exe

C:\Windows\System\BsFBusD.exe

C:\Windows\System\BsFBusD.exe

C:\Windows\System\KsfIdlL.exe

C:\Windows\System\KsfIdlL.exe

C:\Windows\System\wxHvyBW.exe

C:\Windows\System\wxHvyBW.exe

C:\Windows\System\ETHzoyO.exe

C:\Windows\System\ETHzoyO.exe

C:\Windows\System\rUSGqQA.exe

C:\Windows\System\rUSGqQA.exe

C:\Windows\System\GbVVHGg.exe

C:\Windows\System\GbVVHGg.exe

C:\Windows\System\mlELtOG.exe

C:\Windows\System\mlELtOG.exe

C:\Windows\System\EaEYSLu.exe

C:\Windows\System\EaEYSLu.exe

C:\Windows\System\qZuQOJb.exe

C:\Windows\System\qZuQOJb.exe

C:\Windows\System\mxLPhXo.exe

C:\Windows\System\mxLPhXo.exe

C:\Windows\System\QMiEORB.exe

C:\Windows\System\QMiEORB.exe

C:\Windows\System\xeYjqSN.exe

C:\Windows\System\xeYjqSN.exe

C:\Windows\System\wiSUXBx.exe

C:\Windows\System\wiSUXBx.exe

C:\Windows\System\mylDMaY.exe

C:\Windows\System\mylDMaY.exe

C:\Windows\System\pCBqbzN.exe

C:\Windows\System\pCBqbzN.exe

C:\Windows\System\UvevaCB.exe

C:\Windows\System\UvevaCB.exe

C:\Windows\System\dYUHTTs.exe

C:\Windows\System\dYUHTTs.exe

C:\Windows\System\QWnLqDl.exe

C:\Windows\System\QWnLqDl.exe

C:\Windows\System\KyddFCX.exe

C:\Windows\System\KyddFCX.exe

C:\Windows\System\pobNbdc.exe

C:\Windows\System\pobNbdc.exe

C:\Windows\System\zKAwthv.exe

C:\Windows\System\zKAwthv.exe

C:\Windows\System\XjpwkHE.exe

C:\Windows\System\XjpwkHE.exe

C:\Windows\System\nDkmXRG.exe

C:\Windows\System\nDkmXRG.exe

C:\Windows\System\SbBJqQa.exe

C:\Windows\System\SbBJqQa.exe

C:\Windows\System\wUTcyeo.exe

C:\Windows\System\wUTcyeo.exe

C:\Windows\System\EnJocOK.exe

C:\Windows\System\EnJocOK.exe

C:\Windows\System\rEvzLXF.exe

C:\Windows\System\rEvzLXF.exe

C:\Windows\System\DvzRkqZ.exe

C:\Windows\System\DvzRkqZ.exe

C:\Windows\System\vmfhvDI.exe

C:\Windows\System\vmfhvDI.exe

C:\Windows\System\iqEQnUu.exe

C:\Windows\System\iqEQnUu.exe

C:\Windows\System\zeORUaR.exe

C:\Windows\System\zeORUaR.exe

C:\Windows\System\qLAqkTk.exe

C:\Windows\System\qLAqkTk.exe

C:\Windows\System\JwVJlWk.exe

C:\Windows\System\JwVJlWk.exe

C:\Windows\System\MYcUrvX.exe

C:\Windows\System\MYcUrvX.exe

C:\Windows\System\BkkFauI.exe

C:\Windows\System\BkkFauI.exe

C:\Windows\System\ZZxCdpB.exe

C:\Windows\System\ZZxCdpB.exe

C:\Windows\System\uOzaLrm.exe

C:\Windows\System\uOzaLrm.exe

C:\Windows\System\kIqVkNF.exe

C:\Windows\System\kIqVkNF.exe

C:\Windows\System\UUSYiHs.exe

C:\Windows\System\UUSYiHs.exe

C:\Windows\System\eMGAGFF.exe

C:\Windows\System\eMGAGFF.exe

C:\Windows\System\PmhJpHY.exe

C:\Windows\System\PmhJpHY.exe

C:\Windows\System\vWphxhF.exe

C:\Windows\System\vWphxhF.exe

C:\Windows\System\zdazNJQ.exe

C:\Windows\System\zdazNJQ.exe

C:\Windows\System\ZxUIgqO.exe

C:\Windows\System\ZxUIgqO.exe

C:\Windows\System\kdFhLOn.exe

C:\Windows\System\kdFhLOn.exe

C:\Windows\System\WYWiATQ.exe

C:\Windows\System\WYWiATQ.exe

C:\Windows\System\FkDjoQD.exe

C:\Windows\System\FkDjoQD.exe

C:\Windows\System\lOqLqGw.exe

C:\Windows\System\lOqLqGw.exe

C:\Windows\System\qCzINUF.exe

C:\Windows\System\qCzINUF.exe

C:\Windows\System\XYzOHOJ.exe

C:\Windows\System\XYzOHOJ.exe

C:\Windows\System\DpekrMl.exe

C:\Windows\System\DpekrMl.exe

C:\Windows\System\eHDLVzN.exe

C:\Windows\System\eHDLVzN.exe

C:\Windows\System\zkHqHCb.exe

C:\Windows\System\zkHqHCb.exe

C:\Windows\System\kUJWaEF.exe

C:\Windows\System\kUJWaEF.exe

C:\Windows\System\CVZOiGE.exe

C:\Windows\System\CVZOiGE.exe

C:\Windows\System\zraarPs.exe

C:\Windows\System\zraarPs.exe

C:\Windows\System\VucDXCz.exe

C:\Windows\System\VucDXCz.exe

C:\Windows\System\TGHMDTA.exe

C:\Windows\System\TGHMDTA.exe

C:\Windows\System\XEeYizX.exe

C:\Windows\System\XEeYizX.exe

C:\Windows\System\aKmSUUV.exe

C:\Windows\System\aKmSUUV.exe

C:\Windows\System\uLpmfjV.exe

C:\Windows\System\uLpmfjV.exe

C:\Windows\System\DOALasd.exe

C:\Windows\System\DOALasd.exe

C:\Windows\System\rEjfztu.exe

C:\Windows\System\rEjfztu.exe

C:\Windows\System\dNWPJpm.exe

C:\Windows\System\dNWPJpm.exe

C:\Windows\System\LtoxEgV.exe

C:\Windows\System\LtoxEgV.exe

C:\Windows\System\zIWBpdl.exe

C:\Windows\System\zIWBpdl.exe

C:\Windows\System\VmppBte.exe

C:\Windows\System\VmppBte.exe

C:\Windows\System\bzPTCAF.exe

C:\Windows\System\bzPTCAF.exe

C:\Windows\System\RxsyxBN.exe

C:\Windows\System\RxsyxBN.exe

C:\Windows\System\fdwRLiQ.exe

C:\Windows\System\fdwRLiQ.exe

C:\Windows\System\GMRbumM.exe

C:\Windows\System\GMRbumM.exe

C:\Windows\System\XUQGCkY.exe

C:\Windows\System\XUQGCkY.exe

C:\Windows\System\wUskdIa.exe

C:\Windows\System\wUskdIa.exe

C:\Windows\System\TiufHyj.exe

C:\Windows\System\TiufHyj.exe

C:\Windows\System\QLGEvwz.exe

C:\Windows\System\QLGEvwz.exe

C:\Windows\System\ZmaizaJ.exe

C:\Windows\System\ZmaizaJ.exe

C:\Windows\System\StmTcSA.exe

C:\Windows\System\StmTcSA.exe

C:\Windows\System\otDcbyw.exe

C:\Windows\System\otDcbyw.exe

C:\Windows\System\XZBIJgO.exe

C:\Windows\System\XZBIJgO.exe

C:\Windows\System\qUwSUdt.exe

C:\Windows\System\qUwSUdt.exe

C:\Windows\System\TSocBGk.exe

C:\Windows\System\TSocBGk.exe

C:\Windows\System\ECRUBuY.exe

C:\Windows\System\ECRUBuY.exe

C:\Windows\System\ZJSZzOa.exe

C:\Windows\System\ZJSZzOa.exe

C:\Windows\System\NxBvCkF.exe

C:\Windows\System\NxBvCkF.exe

C:\Windows\System\OABRaSH.exe

C:\Windows\System\OABRaSH.exe

C:\Windows\System\juBnTpN.exe

C:\Windows\System\juBnTpN.exe

C:\Windows\System\WaFqsUZ.exe

C:\Windows\System\WaFqsUZ.exe

C:\Windows\System\pcazeYB.exe

C:\Windows\System\pcazeYB.exe

C:\Windows\System\TMjiXRB.exe

C:\Windows\System\TMjiXRB.exe

C:\Windows\System\TcznEqc.exe

C:\Windows\System\TcznEqc.exe

C:\Windows\System\MnJsemr.exe

C:\Windows\System\MnJsemr.exe

C:\Windows\System\cSADHpl.exe

C:\Windows\System\cSADHpl.exe

C:\Windows\System\vDLNOTr.exe

C:\Windows\System\vDLNOTr.exe

C:\Windows\System\yOmfkXC.exe

C:\Windows\System\yOmfkXC.exe

C:\Windows\System\IoJvoJG.exe

C:\Windows\System\IoJvoJG.exe

C:\Windows\System\OxAqkqT.exe

C:\Windows\System\OxAqkqT.exe

C:\Windows\System\sVHFRzX.exe

C:\Windows\System\sVHFRzX.exe

C:\Windows\System\liITnWF.exe

C:\Windows\System\liITnWF.exe

C:\Windows\System\AqqoIRp.exe

C:\Windows\System\AqqoIRp.exe

C:\Windows\System\caTNcvL.exe

C:\Windows\System\caTNcvL.exe

C:\Windows\System\gPAyoFv.exe

C:\Windows\System\gPAyoFv.exe

C:\Windows\System\WhcQeKF.exe

C:\Windows\System\WhcQeKF.exe

C:\Windows\System\DJNnTRd.exe

C:\Windows\System\DJNnTRd.exe

C:\Windows\System\ySuTttw.exe

C:\Windows\System\ySuTttw.exe

C:\Windows\System\EGxnpAt.exe

C:\Windows\System\EGxnpAt.exe

C:\Windows\System\CzEGZBJ.exe

C:\Windows\System\CzEGZBJ.exe

C:\Windows\System\jLhqvMm.exe

C:\Windows\System\jLhqvMm.exe

C:\Windows\System\CuejIDX.exe

C:\Windows\System\CuejIDX.exe

C:\Windows\System\cxOFLxM.exe

C:\Windows\System\cxOFLxM.exe

C:\Windows\System\iUtQShF.exe

C:\Windows\System\iUtQShF.exe

C:\Windows\System\BHMCxCi.exe

C:\Windows\System\BHMCxCi.exe

C:\Windows\System\cSHdtOI.exe

C:\Windows\System\cSHdtOI.exe

C:\Windows\System\BcqeVxl.exe

C:\Windows\System\BcqeVxl.exe

C:\Windows\System\bKHZOjn.exe

C:\Windows\System\bKHZOjn.exe

C:\Windows\System\sBkydHj.exe

C:\Windows\System\sBkydHj.exe

C:\Windows\System\ZueEpqp.exe

C:\Windows\System\ZueEpqp.exe

C:\Windows\System\DlqTJyD.exe

C:\Windows\System\DlqTJyD.exe

C:\Windows\System\NHvwTWm.exe

C:\Windows\System\NHvwTWm.exe

C:\Windows\System\IycFzzu.exe

C:\Windows\System\IycFzzu.exe

C:\Windows\System\MVAxvFJ.exe

C:\Windows\System\MVAxvFJ.exe

C:\Windows\System\iBiwAAz.exe

C:\Windows\System\iBiwAAz.exe

C:\Windows\System\LzEAiFv.exe

C:\Windows\System\LzEAiFv.exe

C:\Windows\System\pHfsHeM.exe

C:\Windows\System\pHfsHeM.exe

C:\Windows\System\tOyhaXq.exe

C:\Windows\System\tOyhaXq.exe

C:\Windows\System\IdVkpdK.exe

C:\Windows\System\IdVkpdK.exe

C:\Windows\System\Knqojmi.exe

C:\Windows\System\Knqojmi.exe

C:\Windows\System\teKxOFM.exe

C:\Windows\System\teKxOFM.exe

C:\Windows\System\pGhOpbk.exe

C:\Windows\System\pGhOpbk.exe

C:\Windows\System\EOSWBdp.exe

C:\Windows\System\EOSWBdp.exe

C:\Windows\System\rAQzyXl.exe

C:\Windows\System\rAQzyXl.exe

C:\Windows\System\vRsafqe.exe

C:\Windows\System\vRsafqe.exe

C:\Windows\System\ACrEBJe.exe

C:\Windows\System\ACrEBJe.exe

C:\Windows\System\IgQyLzy.exe

C:\Windows\System\IgQyLzy.exe

C:\Windows\System\xgdXlrM.exe

C:\Windows\System\xgdXlrM.exe

C:\Windows\System\hzmYsQg.exe

C:\Windows\System\hzmYsQg.exe

C:\Windows\System\KDpcQmF.exe

C:\Windows\System\KDpcQmF.exe

C:\Windows\System\kSfoZEy.exe

C:\Windows\System\kSfoZEy.exe

C:\Windows\System\fgBlmCH.exe

C:\Windows\System\fgBlmCH.exe

C:\Windows\System\pQvvXQp.exe

C:\Windows\System\pQvvXQp.exe

C:\Windows\System\UTXrJRU.exe

C:\Windows\System\UTXrJRU.exe

C:\Windows\System\AWYNwqv.exe

C:\Windows\System\AWYNwqv.exe

C:\Windows\System\DKXgtdP.exe

C:\Windows\System\DKXgtdP.exe

C:\Windows\System\poVEIju.exe

C:\Windows\System\poVEIju.exe

C:\Windows\System\ZckYIdZ.exe

C:\Windows\System\ZckYIdZ.exe

C:\Windows\System\jgXPDsR.exe

C:\Windows\System\jgXPDsR.exe

C:\Windows\System\LujOJmR.exe

C:\Windows\System\LujOJmR.exe

C:\Windows\System\YJhQonO.exe

C:\Windows\System\YJhQonO.exe

C:\Windows\System\vLLjCFE.exe

C:\Windows\System\vLLjCFE.exe

C:\Windows\System\iknWSCL.exe

C:\Windows\System\iknWSCL.exe

C:\Windows\System\MMasyfq.exe

C:\Windows\System\MMasyfq.exe

C:\Windows\System\LRSDtgm.exe

C:\Windows\System\LRSDtgm.exe

C:\Windows\System\guYwhws.exe

C:\Windows\System\guYwhws.exe

C:\Windows\System\ohMZnGo.exe

C:\Windows\System\ohMZnGo.exe

C:\Windows\System\QscENAc.exe

C:\Windows\System\QscENAc.exe

C:\Windows\System\aRhYkdz.exe

C:\Windows\System\aRhYkdz.exe

C:\Windows\System\ZxAOodf.exe

C:\Windows\System\ZxAOodf.exe

C:\Windows\System\zSQdkoC.exe

C:\Windows\System\zSQdkoC.exe

C:\Windows\System\DclBUDF.exe

C:\Windows\System\DclBUDF.exe

C:\Windows\System\HqcGtBd.exe

C:\Windows\System\HqcGtBd.exe

C:\Windows\System\qNuhiRi.exe

C:\Windows\System\qNuhiRi.exe

C:\Windows\System\DzVrpmk.exe

C:\Windows\System\DzVrpmk.exe

C:\Windows\System\RQoQAXo.exe

C:\Windows\System\RQoQAXo.exe

C:\Windows\System\szTjiUv.exe

C:\Windows\System\szTjiUv.exe

C:\Windows\System\gwMpWmq.exe

C:\Windows\System\gwMpWmq.exe

C:\Windows\System\wlCWTen.exe

C:\Windows\System\wlCWTen.exe

C:\Windows\System\MLbiZnx.exe

C:\Windows\System\MLbiZnx.exe

C:\Windows\System\yukfSqc.exe

C:\Windows\System\yukfSqc.exe

C:\Windows\System\IKcGnpP.exe

C:\Windows\System\IKcGnpP.exe

C:\Windows\System\gflDFzo.exe

C:\Windows\System\gflDFzo.exe

C:\Windows\System\rlesmKS.exe

C:\Windows\System\rlesmKS.exe

C:\Windows\System\YjZFVsD.exe

C:\Windows\System\YjZFVsD.exe

C:\Windows\System\mePogrL.exe

C:\Windows\System\mePogrL.exe

C:\Windows\System\lwsdmPB.exe

C:\Windows\System\lwsdmPB.exe

C:\Windows\System\jCumbLS.exe

C:\Windows\System\jCumbLS.exe

C:\Windows\System\EyTaKfu.exe

C:\Windows\System\EyTaKfu.exe

C:\Windows\System\zRhDveb.exe

C:\Windows\System\zRhDveb.exe

C:\Windows\System\DPNdxXD.exe

C:\Windows\System\DPNdxXD.exe

C:\Windows\System\doXiLXO.exe

C:\Windows\System\doXiLXO.exe

C:\Windows\System\CHkiRmc.exe

C:\Windows\System\CHkiRmc.exe

C:\Windows\System\LaqWZuz.exe

C:\Windows\System\LaqWZuz.exe

C:\Windows\System\PAkryjq.exe

C:\Windows\System\PAkryjq.exe

C:\Windows\System\iHDBbsG.exe

C:\Windows\System\iHDBbsG.exe

C:\Windows\System\RXGhoqt.exe

C:\Windows\System\RXGhoqt.exe

C:\Windows\System\msnghTG.exe

C:\Windows\System\msnghTG.exe

C:\Windows\System\nfUFxcE.exe

C:\Windows\System\nfUFxcE.exe

C:\Windows\System\KbVmhQI.exe

C:\Windows\System\KbVmhQI.exe

C:\Windows\System\fQtsNhE.exe

C:\Windows\System\fQtsNhE.exe

C:\Windows\System\DtmxQth.exe

C:\Windows\System\DtmxQth.exe

C:\Windows\System\mFntvYf.exe

C:\Windows\System\mFntvYf.exe

C:\Windows\System\xaTvHXH.exe

C:\Windows\System\xaTvHXH.exe

C:\Windows\System\RUcQtXo.exe

C:\Windows\System\RUcQtXo.exe

C:\Windows\System\JSKxRKL.exe

C:\Windows\System\JSKxRKL.exe

C:\Windows\System\AvQQIJL.exe

C:\Windows\System\AvQQIJL.exe

C:\Windows\System\aRyejTL.exe

C:\Windows\System\aRyejTL.exe

C:\Windows\System\lrFnYLN.exe

C:\Windows\System\lrFnYLN.exe

C:\Windows\System\IOOzQkA.exe

C:\Windows\System\IOOzQkA.exe

C:\Windows\System\DhetIIS.exe

C:\Windows\System\DhetIIS.exe

C:\Windows\System\nJXlqQs.exe

C:\Windows\System\nJXlqQs.exe

C:\Windows\System\CaGmTsS.exe

C:\Windows\System\CaGmTsS.exe

C:\Windows\System\VQPcxAR.exe

C:\Windows\System\VQPcxAR.exe

C:\Windows\System\fRZOxKo.exe

C:\Windows\System\fRZOxKo.exe

C:\Windows\System\dBbjBRt.exe

C:\Windows\System\dBbjBRt.exe

C:\Windows\System\mgSRloq.exe

C:\Windows\System\mgSRloq.exe

C:\Windows\System\JfgQEWg.exe

C:\Windows\System\JfgQEWg.exe

C:\Windows\System\HlHmmjO.exe

C:\Windows\System\HlHmmjO.exe

C:\Windows\System\uVJntJe.exe

C:\Windows\System\uVJntJe.exe

C:\Windows\System\hoNofNf.exe

C:\Windows\System\hoNofNf.exe

C:\Windows\System\tOJhLcw.exe

C:\Windows\System\tOJhLcw.exe

C:\Windows\System\KjByxDQ.exe

C:\Windows\System\KjByxDQ.exe

C:\Windows\System\QSZNGNv.exe

C:\Windows\System\QSZNGNv.exe

C:\Windows\System\EYCycMJ.exe

C:\Windows\System\EYCycMJ.exe

C:\Windows\System\kgUwOcp.exe

C:\Windows\System\kgUwOcp.exe

C:\Windows\System\TODSonK.exe

C:\Windows\System\TODSonK.exe

C:\Windows\System\WUABSJq.exe

C:\Windows\System\WUABSJq.exe

C:\Windows\System\AIGimSI.exe

C:\Windows\System\AIGimSI.exe

C:\Windows\System\wTYBrUy.exe

C:\Windows\System\wTYBrUy.exe

C:\Windows\System\TJrZRlc.exe

C:\Windows\System\TJrZRlc.exe

C:\Windows\System\gAluegC.exe

C:\Windows\System\gAluegC.exe

C:\Windows\System\ltnzYYj.exe

C:\Windows\System\ltnzYYj.exe

C:\Windows\System\cpYLoLf.exe

C:\Windows\System\cpYLoLf.exe

C:\Windows\System\AefExZd.exe

C:\Windows\System\AefExZd.exe

C:\Windows\System\YRyCDjc.exe

C:\Windows\System\YRyCDjc.exe

C:\Windows\System\gQvOmJJ.exe

C:\Windows\System\gQvOmJJ.exe

C:\Windows\System\jUGTmjI.exe

C:\Windows\System\jUGTmjI.exe

C:\Windows\System\bsWeqDW.exe

C:\Windows\System\bsWeqDW.exe

C:\Windows\System\viUtmzw.exe

C:\Windows\System\viUtmzw.exe

C:\Windows\System\oxEJeSM.exe

C:\Windows\System\oxEJeSM.exe

C:\Windows\System\wOlKKMj.exe

C:\Windows\System\wOlKKMj.exe

C:\Windows\System\jdLopcT.exe

C:\Windows\System\jdLopcT.exe

C:\Windows\System\nTAgwAU.exe

C:\Windows\System\nTAgwAU.exe

C:\Windows\System\mrGkQFB.exe

C:\Windows\System\mrGkQFB.exe

C:\Windows\System\qEHRvpd.exe

C:\Windows\System\qEHRvpd.exe

C:\Windows\System\yTJftJx.exe

C:\Windows\System\yTJftJx.exe

C:\Windows\System\rOAfYml.exe

C:\Windows\System\rOAfYml.exe

C:\Windows\System\eOfDIIc.exe

C:\Windows\System\eOfDIIc.exe

C:\Windows\System\lWUSNtg.exe

C:\Windows\System\lWUSNtg.exe

C:\Windows\System\awVgfmO.exe

C:\Windows\System\awVgfmO.exe

C:\Windows\System\sOUrPlf.exe

C:\Windows\System\sOUrPlf.exe

C:\Windows\System\NVHLPBU.exe

C:\Windows\System\NVHLPBU.exe

C:\Windows\System\vatjDlf.exe

C:\Windows\System\vatjDlf.exe

C:\Windows\System\PtUROMT.exe

C:\Windows\System\PtUROMT.exe

C:\Windows\System\xTOQrtf.exe

C:\Windows\System\xTOQrtf.exe

C:\Windows\System\YntOwlR.exe

C:\Windows\System\YntOwlR.exe

C:\Windows\System\LyZBGMG.exe

C:\Windows\System\LyZBGMG.exe

C:\Windows\System\EtOChEJ.exe

C:\Windows\System\EtOChEJ.exe

C:\Windows\System\EepZhqy.exe

C:\Windows\System\EepZhqy.exe

C:\Windows\System\oEkSmoK.exe

C:\Windows\System\oEkSmoK.exe

C:\Windows\System\IyIuulm.exe

C:\Windows\System\IyIuulm.exe

C:\Windows\System\aSmMXqn.exe

C:\Windows\System\aSmMXqn.exe

C:\Windows\System\voKEdFu.exe

C:\Windows\System\voKEdFu.exe

C:\Windows\System\avqSXkY.exe

C:\Windows\System\avqSXkY.exe

C:\Windows\System\nRmyjIh.exe

C:\Windows\System\nRmyjIh.exe

C:\Windows\System\VDjlrbD.exe

C:\Windows\System\VDjlrbD.exe

C:\Windows\System\QQRmxhM.exe

C:\Windows\System\QQRmxhM.exe

C:\Windows\System\UyjFxvx.exe

C:\Windows\System\UyjFxvx.exe

C:\Windows\System\yLYyitt.exe

C:\Windows\System\yLYyitt.exe

C:\Windows\System\OBNkPga.exe

C:\Windows\System\OBNkPga.exe

C:\Windows\System\PFjGZCv.exe

C:\Windows\System\PFjGZCv.exe

C:\Windows\System\bWwOwXQ.exe

C:\Windows\System\bWwOwXQ.exe

C:\Windows\System\LyVeQlw.exe

C:\Windows\System\LyVeQlw.exe

C:\Windows\System\jBxHHOG.exe

C:\Windows\System\jBxHHOG.exe

C:\Windows\System\aVvGSWa.exe

C:\Windows\System\aVvGSWa.exe

C:\Windows\System\GBCSKmJ.exe

C:\Windows\System\GBCSKmJ.exe

C:\Windows\System\mHoowix.exe

C:\Windows\System\mHoowix.exe

C:\Windows\System\tXmRaPI.exe

C:\Windows\System\tXmRaPI.exe

C:\Windows\System\CHIvxWF.exe

C:\Windows\System\CHIvxWF.exe

C:\Windows\System\wJbfGhz.exe

C:\Windows\System\wJbfGhz.exe

C:\Windows\System\hUNyzBe.exe

C:\Windows\System\hUNyzBe.exe

C:\Windows\System\KrgCHRw.exe

C:\Windows\System\KrgCHRw.exe

C:\Windows\System\uWgqINd.exe

C:\Windows\System\uWgqINd.exe

C:\Windows\System\oDcqLcx.exe

C:\Windows\System\oDcqLcx.exe

C:\Windows\System\ZyrJYwf.exe

C:\Windows\System\ZyrJYwf.exe

C:\Windows\System\MpALddA.exe

C:\Windows\System\MpALddA.exe

C:\Windows\System\MjyKnOr.exe

C:\Windows\System\MjyKnOr.exe

C:\Windows\System\xSIHulI.exe

C:\Windows\System\xSIHulI.exe

C:\Windows\System\ASFeTGb.exe

C:\Windows\System\ASFeTGb.exe

C:\Windows\System\oSloJQZ.exe

C:\Windows\System\oSloJQZ.exe

C:\Windows\System\wKkcaLO.exe

C:\Windows\System\wKkcaLO.exe

C:\Windows\System\mbqCtPD.exe

C:\Windows\System\mbqCtPD.exe

C:\Windows\System\tCKsrkk.exe

C:\Windows\System\tCKsrkk.exe

C:\Windows\System\CCTGzGC.exe

C:\Windows\System\CCTGzGC.exe

C:\Windows\System\zNZwwjl.exe

C:\Windows\System\zNZwwjl.exe

C:\Windows\System\AnWpvPT.exe

C:\Windows\System\AnWpvPT.exe

C:\Windows\System\lAMZWEk.exe

C:\Windows\System\lAMZWEk.exe

C:\Windows\System\qdDCxyT.exe

C:\Windows\System\qdDCxyT.exe

C:\Windows\System\mXxLhbz.exe

C:\Windows\System\mXxLhbz.exe

C:\Windows\System\hXdjYSv.exe

C:\Windows\System\hXdjYSv.exe

C:\Windows\System\EMHQhGG.exe

C:\Windows\System\EMHQhGG.exe

C:\Windows\System\HNwSjea.exe

C:\Windows\System\HNwSjea.exe

C:\Windows\System\nRrksES.exe

C:\Windows\System\nRrksES.exe

C:\Windows\System\FyUGxdA.exe

C:\Windows\System\FyUGxdA.exe

C:\Windows\System\WnSAioK.exe

C:\Windows\System\WnSAioK.exe

C:\Windows\System\kcheuuT.exe

C:\Windows\System\kcheuuT.exe

C:\Windows\System\emzsNRX.exe

C:\Windows\System\emzsNRX.exe

C:\Windows\System\ucAmMyr.exe

C:\Windows\System\ucAmMyr.exe

C:\Windows\System\ZREGKpr.exe

C:\Windows\System\ZREGKpr.exe

C:\Windows\System\bckALJk.exe

C:\Windows\System\bckALJk.exe

C:\Windows\System\ZYRraUi.exe

C:\Windows\System\ZYRraUi.exe

C:\Windows\System\gqGcLRl.exe

C:\Windows\System\gqGcLRl.exe

C:\Windows\System\enwRGBW.exe

C:\Windows\System\enwRGBW.exe

C:\Windows\System\fWfFQqC.exe

C:\Windows\System\fWfFQqC.exe

C:\Windows\System\PEVTxPs.exe

C:\Windows\System\PEVTxPs.exe

C:\Windows\System\ZZSaqir.exe

C:\Windows\System\ZZSaqir.exe

C:\Windows\System\ktbTuFl.exe

C:\Windows\System\ktbTuFl.exe

C:\Windows\System\WnmDcrs.exe

C:\Windows\System\WnmDcrs.exe

C:\Windows\System\lZKPZRe.exe

C:\Windows\System\lZKPZRe.exe

C:\Windows\System\bJYAhAR.exe

C:\Windows\System\bJYAhAR.exe

C:\Windows\System\ieMFvRv.exe

C:\Windows\System\ieMFvRv.exe

C:\Windows\System\awfFcVA.exe

C:\Windows\System\awfFcVA.exe

C:\Windows\System\aQoRlYe.exe

C:\Windows\System\aQoRlYe.exe

C:\Windows\System\uCOFVgc.exe

C:\Windows\System\uCOFVgc.exe

C:\Windows\System\faTDtTm.exe

C:\Windows\System\faTDtTm.exe

C:\Windows\System\TtDDJHg.exe

C:\Windows\System\TtDDJHg.exe

C:\Windows\System\DZvnldr.exe

C:\Windows\System\DZvnldr.exe

C:\Windows\System\ZorMXQg.exe

C:\Windows\System\ZorMXQg.exe

C:\Windows\System\GQhcLyn.exe

C:\Windows\System\GQhcLyn.exe

C:\Windows\System\xXwNKnr.exe

C:\Windows\System\xXwNKnr.exe

C:\Windows\System\pbIkCjl.exe

C:\Windows\System\pbIkCjl.exe

C:\Windows\System\KVlTpFI.exe

C:\Windows\System\KVlTpFI.exe

C:\Windows\System\EmQHHYK.exe

C:\Windows\System\EmQHHYK.exe

C:\Windows\System\GKSQbEj.exe

C:\Windows\System\GKSQbEj.exe

C:\Windows\System\reIDcCY.exe

C:\Windows\System\reIDcCY.exe

C:\Windows\System\WocIKwK.exe

C:\Windows\System\WocIKwK.exe

C:\Windows\System\tScPsQV.exe

C:\Windows\System\tScPsQV.exe

C:\Windows\System\oeOJNES.exe

C:\Windows\System\oeOJNES.exe

C:\Windows\System\iTguJnN.exe

C:\Windows\System\iTguJnN.exe

C:\Windows\System\VEOSuGy.exe

C:\Windows\System\VEOSuGy.exe

C:\Windows\System\zBlfbVV.exe

C:\Windows\System\zBlfbVV.exe

C:\Windows\System\hWXVvqp.exe

C:\Windows\System\hWXVvqp.exe

C:\Windows\System\Cdmjydv.exe

C:\Windows\System\Cdmjydv.exe

C:\Windows\System\rxJPOBI.exe

C:\Windows\System\rxJPOBI.exe

C:\Windows\System\UVxaLex.exe

C:\Windows\System\UVxaLex.exe

C:\Windows\System\OvDxOeS.exe

C:\Windows\System\OvDxOeS.exe

C:\Windows\System\CZVAKdn.exe

C:\Windows\System\CZVAKdn.exe

C:\Windows\System\hvHNgSG.exe

C:\Windows\System\hvHNgSG.exe

C:\Windows\System\OkghMMh.exe

C:\Windows\System\OkghMMh.exe

C:\Windows\System\QAaFQha.exe

C:\Windows\System\QAaFQha.exe

C:\Windows\System\XjjDhds.exe

C:\Windows\System\XjjDhds.exe

C:\Windows\System\DFLfjau.exe

C:\Windows\System\DFLfjau.exe

C:\Windows\System\aQdclFT.exe

C:\Windows\System\aQdclFT.exe

C:\Windows\System\pcUaZZr.exe

C:\Windows\System\pcUaZZr.exe

C:\Windows\System\mOKXIFG.exe

C:\Windows\System\mOKXIFG.exe

C:\Windows\System\EntDUed.exe

C:\Windows\System\EntDUed.exe

C:\Windows\System\eLhXysG.exe

C:\Windows\System\eLhXysG.exe

C:\Windows\System\yfSgaJi.exe

C:\Windows\System\yfSgaJi.exe

C:\Windows\System\wSGIDjW.exe

C:\Windows\System\wSGIDjW.exe

C:\Windows\System\LYuDcWn.exe

C:\Windows\System\LYuDcWn.exe

C:\Windows\System\KkLAUuz.exe

C:\Windows\System\KkLAUuz.exe

C:\Windows\System\EDGvzUV.exe

C:\Windows\System\EDGvzUV.exe

C:\Windows\System\pMWetzd.exe

C:\Windows\System\pMWetzd.exe

C:\Windows\System\YhjRfZL.exe

C:\Windows\System\YhjRfZL.exe

C:\Windows\System\CDBMfVv.exe

C:\Windows\System\CDBMfVv.exe

C:\Windows\System\ZDwfhYo.exe

C:\Windows\System\ZDwfhYo.exe

C:\Windows\System\HXyUDUa.exe

C:\Windows\System\HXyUDUa.exe

C:\Windows\System\TZFezJZ.exe

C:\Windows\System\TZFezJZ.exe

C:\Windows\System\TxCfbqG.exe

C:\Windows\System\TxCfbqG.exe

C:\Windows\System\NMwTxYz.exe

C:\Windows\System\NMwTxYz.exe

C:\Windows\System\uLjgpfd.exe

C:\Windows\System\uLjgpfd.exe

C:\Windows\System\ktdFoiG.exe

C:\Windows\System\ktdFoiG.exe

C:\Windows\System\gvvWjVV.exe

C:\Windows\System\gvvWjVV.exe

C:\Windows\System\vVTfUrg.exe

C:\Windows\System\vVTfUrg.exe

C:\Windows\System\KOyoRYU.exe

C:\Windows\System\KOyoRYU.exe

C:\Windows\System\vRLggZW.exe

C:\Windows\System\vRLggZW.exe

C:\Windows\System\OoERUva.exe

C:\Windows\System\OoERUva.exe

C:\Windows\System\WraeqZh.exe

C:\Windows\System\WraeqZh.exe

C:\Windows\System\ZwSvGRY.exe

C:\Windows\System\ZwSvGRY.exe

C:\Windows\System\kEMhNNZ.exe

C:\Windows\System\kEMhNNZ.exe

C:\Windows\System\xOeiIxM.exe

C:\Windows\System\xOeiIxM.exe

C:\Windows\System\MabBiHv.exe

C:\Windows\System\MabBiHv.exe

C:\Windows\System\vEEvTXW.exe

C:\Windows\System\vEEvTXW.exe

C:\Windows\System\jlduKHu.exe

C:\Windows\System\jlduKHu.exe

C:\Windows\System\XmmXFHO.exe

C:\Windows\System\XmmXFHO.exe

C:\Windows\System\gNBmoKL.exe

C:\Windows\System\gNBmoKL.exe

C:\Windows\System\ZLsLRuR.exe

C:\Windows\System\ZLsLRuR.exe

C:\Windows\System\DvLAElA.exe

C:\Windows\System\DvLAElA.exe

C:\Windows\System\SwTbnhx.exe

C:\Windows\System\SwTbnhx.exe

C:\Windows\System\XYMkINr.exe

C:\Windows\System\XYMkINr.exe

C:\Windows\System\ONPEaaY.exe

C:\Windows\System\ONPEaaY.exe

C:\Windows\System\xvHxOHM.exe

C:\Windows\System\xvHxOHM.exe

C:\Windows\System\gQETrhb.exe

C:\Windows\System\gQETrhb.exe

C:\Windows\System\yNvUPmL.exe

C:\Windows\System\yNvUPmL.exe

C:\Windows\System\aVVRZGp.exe

C:\Windows\System\aVVRZGp.exe

C:\Windows\System\KASRato.exe

C:\Windows\System\KASRato.exe

C:\Windows\System\Soujmno.exe

C:\Windows\System\Soujmno.exe

C:\Windows\System\WYnuLaF.exe

C:\Windows\System\WYnuLaF.exe

C:\Windows\System\yaFaTdO.exe

C:\Windows\System\yaFaTdO.exe

C:\Windows\System\uYGKjWc.exe

C:\Windows\System\uYGKjWc.exe

C:\Windows\System\xmuZqBw.exe

C:\Windows\System\xmuZqBw.exe

C:\Windows\System\pOcBdCd.exe

C:\Windows\System\pOcBdCd.exe

C:\Windows\System\SyvpyUX.exe

C:\Windows\System\SyvpyUX.exe

C:\Windows\System\uPFgGZw.exe

C:\Windows\System\uPFgGZw.exe

C:\Windows\System\kpJhnvp.exe

C:\Windows\System\kpJhnvp.exe

C:\Windows\System\sRAOeHg.exe

C:\Windows\System\sRAOeHg.exe

C:\Windows\System\QrrBjqa.exe

C:\Windows\System\QrrBjqa.exe

C:\Windows\System\GrJzAhg.exe

C:\Windows\System\GrJzAhg.exe

C:\Windows\System\hFtvHBK.exe

C:\Windows\System\hFtvHBK.exe

C:\Windows\System\qEAYIfw.exe

C:\Windows\System\qEAYIfw.exe

C:\Windows\System\jGQgGRx.exe

C:\Windows\System\jGQgGRx.exe

C:\Windows\System\puyJtCM.exe

C:\Windows\System\puyJtCM.exe

C:\Windows\System\rMurvkw.exe

C:\Windows\System\rMurvkw.exe

C:\Windows\System\fijYxzC.exe

C:\Windows\System\fijYxzC.exe

C:\Windows\System\QEcaLuH.exe

C:\Windows\System\QEcaLuH.exe

C:\Windows\System\ZCZuOnw.exe

C:\Windows\System\ZCZuOnw.exe

C:\Windows\System\LaxpHfM.exe

C:\Windows\System\LaxpHfM.exe

C:\Windows\System\cwlAvua.exe

C:\Windows\System\cwlAvua.exe

C:\Windows\System\mVChxAB.exe

C:\Windows\System\mVChxAB.exe

C:\Windows\System\EaglfHT.exe

C:\Windows\System\EaglfHT.exe

C:\Windows\System\ziGVrNH.exe

C:\Windows\System\ziGVrNH.exe

C:\Windows\System\egRLlaP.exe

C:\Windows\System\egRLlaP.exe

C:\Windows\System\IfdxqOl.exe

C:\Windows\System\IfdxqOl.exe

C:\Windows\System\YCBrQeK.exe

C:\Windows\System\YCBrQeK.exe

C:\Windows\System\tcucibn.exe

C:\Windows\System\tcucibn.exe

C:\Windows\System\LedjThK.exe

C:\Windows\System\LedjThK.exe

C:\Windows\System\sXMZkfv.exe

C:\Windows\System\sXMZkfv.exe

C:\Windows\System\JgQUGmo.exe

C:\Windows\System\JgQUGmo.exe

C:\Windows\System\lfCHoIc.exe

C:\Windows\System\lfCHoIc.exe

C:\Windows\System\pFdZATn.exe

C:\Windows\System\pFdZATn.exe

C:\Windows\System\ZeRBPVA.exe

C:\Windows\System\ZeRBPVA.exe

C:\Windows\System\xWMFHQh.exe

C:\Windows\System\xWMFHQh.exe

C:\Windows\System\bYrLwnY.exe

C:\Windows\System\bYrLwnY.exe

C:\Windows\System\yPNfHyK.exe

C:\Windows\System\yPNfHyK.exe

C:\Windows\System\qKhKXEP.exe

C:\Windows\System\qKhKXEP.exe

C:\Windows\System\VDmJpfc.exe

C:\Windows\System\VDmJpfc.exe

C:\Windows\System\MAnOzOO.exe

C:\Windows\System\MAnOzOO.exe

C:\Windows\System\haGnvTd.exe

C:\Windows\System\haGnvTd.exe

C:\Windows\System\xEfyQis.exe

C:\Windows\System\xEfyQis.exe

C:\Windows\System\jaqAYSq.exe

C:\Windows\System\jaqAYSq.exe

C:\Windows\System\BZAGvLc.exe

C:\Windows\System\BZAGvLc.exe

C:\Windows\System\xKrqsMd.exe

C:\Windows\System\xKrqsMd.exe

C:\Windows\System\VnyFpvQ.exe

C:\Windows\System\VnyFpvQ.exe

C:\Windows\System\VEnKoiv.exe

C:\Windows\System\VEnKoiv.exe

C:\Windows\System\qljYIZW.exe

C:\Windows\System\qljYIZW.exe

C:\Windows\System\cBtthaY.exe

C:\Windows\System\cBtthaY.exe

C:\Windows\System\TXTESrk.exe

C:\Windows\System\TXTESrk.exe

C:\Windows\System\vUrHQmJ.exe

C:\Windows\System\vUrHQmJ.exe

C:\Windows\System\ruopkAy.exe

C:\Windows\System\ruopkAy.exe

C:\Windows\System\SwcHUnx.exe

C:\Windows\System\SwcHUnx.exe

C:\Windows\System\BEXhPRU.exe

C:\Windows\System\BEXhPRU.exe

C:\Windows\System\mkQxEBu.exe

C:\Windows\System\mkQxEBu.exe

C:\Windows\System\mlwzcIA.exe

C:\Windows\System\mlwzcIA.exe

C:\Windows\System\uTgGoFb.exe

C:\Windows\System\uTgGoFb.exe

C:\Windows\System\vyqhEiU.exe

C:\Windows\System\vyqhEiU.exe

C:\Windows\System\itoBnez.exe

C:\Windows\System\itoBnez.exe

C:\Windows\System\QUDQgTI.exe

C:\Windows\System\QUDQgTI.exe

C:\Windows\System\DxUmXdG.exe

C:\Windows\System\DxUmXdG.exe

C:\Windows\System\PxUtgoo.exe

C:\Windows\System\PxUtgoo.exe

C:\Windows\System\hijpsky.exe

C:\Windows\System\hijpsky.exe

C:\Windows\System\RIhuUac.exe

C:\Windows\System\RIhuUac.exe

C:\Windows\System\MtnxQDZ.exe

C:\Windows\System\MtnxQDZ.exe

C:\Windows\System\PLBRHNn.exe

C:\Windows\System\PLBRHNn.exe

C:\Windows\System\XOiXaPW.exe

C:\Windows\System\XOiXaPW.exe

C:\Windows\System\ousLfwR.exe

C:\Windows\System\ousLfwR.exe

C:\Windows\System\DsIAJUU.exe

C:\Windows\System\DsIAJUU.exe

C:\Windows\System\vwIHNWh.exe

C:\Windows\System\vwIHNWh.exe

C:\Windows\System\eDELnxI.exe

C:\Windows\System\eDELnxI.exe

C:\Windows\System\TOOGjdg.exe

C:\Windows\System\TOOGjdg.exe

C:\Windows\System\aQBIwSA.exe

C:\Windows\System\aQBIwSA.exe

C:\Windows\System\NJfsUhr.exe

C:\Windows\System\NJfsUhr.exe

C:\Windows\System\mXbiBic.exe

C:\Windows\System\mXbiBic.exe

C:\Windows\System\hSlUsSR.exe

C:\Windows\System\hSlUsSR.exe

C:\Windows\System\IsdyZBx.exe

C:\Windows\System\IsdyZBx.exe

C:\Windows\System\paYAMyT.exe

C:\Windows\System\paYAMyT.exe

C:\Windows\System\nGITDgT.exe

C:\Windows\System\nGITDgT.exe

C:\Windows\System\eSJBVVZ.exe

C:\Windows\System\eSJBVVZ.exe

C:\Windows\System\JNcsejk.exe

C:\Windows\System\JNcsejk.exe

C:\Windows\System\YEoWuOQ.exe

C:\Windows\System\YEoWuOQ.exe

C:\Windows\System\HKEhQQW.exe

C:\Windows\System\HKEhQQW.exe

C:\Windows\System\elNeSfP.exe

C:\Windows\System\elNeSfP.exe

C:\Windows\System\nKLoMvf.exe

C:\Windows\System\nKLoMvf.exe

C:\Windows\System\OpreYaw.exe

C:\Windows\System\OpreYaw.exe

C:\Windows\System\iqPczGc.exe

C:\Windows\System\iqPczGc.exe

C:\Windows\System\eklFbNg.exe

C:\Windows\System\eklFbNg.exe

C:\Windows\System\YVjwxeS.exe

C:\Windows\System\YVjwxeS.exe

C:\Windows\System\XUxQivp.exe

C:\Windows\System\XUxQivp.exe

C:\Windows\System\BHpHTxB.exe

C:\Windows\System\BHpHTxB.exe

C:\Windows\System\iIwVluR.exe

C:\Windows\System\iIwVluR.exe

C:\Windows\System\ubbXnjL.exe

C:\Windows\System\ubbXnjL.exe

C:\Windows\System\sIPulcs.exe

C:\Windows\System\sIPulcs.exe

C:\Windows\System\ujdlaCr.exe

C:\Windows\System\ujdlaCr.exe

C:\Windows\System\siIiHIB.exe

C:\Windows\System\siIiHIB.exe

C:\Windows\System\kWBVrps.exe

C:\Windows\System\kWBVrps.exe

C:\Windows\System\dZXzDdz.exe

C:\Windows\System\dZXzDdz.exe

C:\Windows\System\QFEfljo.exe

C:\Windows\System\QFEfljo.exe

C:\Windows\System\diaFaln.exe

C:\Windows\System\diaFaln.exe

C:\Windows\System\IwEWHsN.exe

C:\Windows\System\IwEWHsN.exe

C:\Windows\System\jTxYcyF.exe

C:\Windows\System\jTxYcyF.exe

C:\Windows\System\UwzSeva.exe

C:\Windows\System\UwzSeva.exe

C:\Windows\System\kPFEiqL.exe

C:\Windows\System\kPFEiqL.exe

C:\Windows\System\KDsjCVs.exe

C:\Windows\System\KDsjCVs.exe

C:\Windows\System\zyfOwLG.exe

C:\Windows\System\zyfOwLG.exe

C:\Windows\System\jBGWWCi.exe

C:\Windows\System\jBGWWCi.exe

C:\Windows\System\aygBWGI.exe

C:\Windows\System\aygBWGI.exe

C:\Windows\System\EbKaEso.exe

C:\Windows\System\EbKaEso.exe

C:\Windows\System\xXjHztP.exe

C:\Windows\System\xXjHztP.exe

C:\Windows\System\RwdYsZQ.exe

C:\Windows\System\RwdYsZQ.exe

C:\Windows\System\lCVumqL.exe

C:\Windows\System\lCVumqL.exe

C:\Windows\System\rgqhEom.exe

C:\Windows\System\rgqhEom.exe

C:\Windows\System\CNxnBdf.exe

C:\Windows\System\CNxnBdf.exe

C:\Windows\System\gIXPaBR.exe

C:\Windows\System\gIXPaBR.exe

C:\Windows\System\aOFhzXc.exe

C:\Windows\System\aOFhzXc.exe

C:\Windows\System\SqpbCUi.exe

C:\Windows\System\SqpbCUi.exe

C:\Windows\System\RYDtjQH.exe

C:\Windows\System\RYDtjQH.exe

C:\Windows\System\EudeZfB.exe

C:\Windows\System\EudeZfB.exe

C:\Windows\System\bHIpPab.exe

C:\Windows\System\bHIpPab.exe

C:\Windows\System\wiZBskA.exe

C:\Windows\System\wiZBskA.exe

C:\Windows\System\HrhUSwx.exe

C:\Windows\System\HrhUSwx.exe

C:\Windows\System\vQrwbuB.exe

C:\Windows\System\vQrwbuB.exe

C:\Windows\System\XsVWWLX.exe

C:\Windows\System\XsVWWLX.exe

C:\Windows\System\UYePGhl.exe

C:\Windows\System\UYePGhl.exe

C:\Windows\System\ZfJgQyY.exe

C:\Windows\System\ZfJgQyY.exe

C:\Windows\System\nNAiawe.exe

C:\Windows\System\nNAiawe.exe

C:\Windows\System\hmqsUBB.exe

C:\Windows\System\hmqsUBB.exe

C:\Windows\System\MTDhCNT.exe

C:\Windows\System\MTDhCNT.exe

C:\Windows\System\TMRmowF.exe

C:\Windows\System\TMRmowF.exe

C:\Windows\System\givmUID.exe

C:\Windows\System\givmUID.exe

C:\Windows\System\FzNgCVb.exe

C:\Windows\System\FzNgCVb.exe

C:\Windows\System\mcOrqrT.exe

C:\Windows\System\mcOrqrT.exe

C:\Windows\System\IETZYkD.exe

C:\Windows\System\IETZYkD.exe

C:\Windows\System\xzHbdAS.exe

C:\Windows\System\xzHbdAS.exe

C:\Windows\System\FahCxwe.exe

C:\Windows\System\FahCxwe.exe

C:\Windows\System\SLNoEfC.exe

C:\Windows\System\SLNoEfC.exe

C:\Windows\System\YTjEffp.exe

C:\Windows\System\YTjEffp.exe

C:\Windows\System\WVKMper.exe

C:\Windows\System\WVKMper.exe

C:\Windows\System\TPEjCaB.exe

C:\Windows\System\TPEjCaB.exe

C:\Windows\System\mWtKEmh.exe

C:\Windows\System\mWtKEmh.exe

C:\Windows\System\DnqLWWY.exe

C:\Windows\System\DnqLWWY.exe

C:\Windows\System\VmtltQQ.exe

C:\Windows\System\VmtltQQ.exe

C:\Windows\System\AibCRNH.exe

C:\Windows\System\AibCRNH.exe

C:\Windows\System\JENdglT.exe

C:\Windows\System\JENdglT.exe

C:\Windows\System\rlAnqfa.exe

C:\Windows\System\rlAnqfa.exe

C:\Windows\System\nTtuxKz.exe

C:\Windows\System\nTtuxKz.exe

C:\Windows\System\MXVsqlw.exe

C:\Windows\System\MXVsqlw.exe

C:\Windows\System\DDDDTFd.exe

C:\Windows\System\DDDDTFd.exe

C:\Windows\System\DkyGCVC.exe

C:\Windows\System\DkyGCVC.exe

C:\Windows\System\kdqcgPW.exe

C:\Windows\System\kdqcgPW.exe

C:\Windows\System\ZXhBOeN.exe

C:\Windows\System\ZXhBOeN.exe

C:\Windows\System\RapuuEm.exe

C:\Windows\System\RapuuEm.exe

C:\Windows\System\gpgLHFT.exe

C:\Windows\System\gpgLHFT.exe

C:\Windows\System\uJSmMhT.exe

C:\Windows\System\uJSmMhT.exe

C:\Windows\System\GcuDZDh.exe

C:\Windows\System\GcuDZDh.exe

C:\Windows\System\SLipxQs.exe

C:\Windows\System\SLipxQs.exe

C:\Windows\System\kvIvNUm.exe

C:\Windows\System\kvIvNUm.exe

C:\Windows\System\EKOGTTk.exe

C:\Windows\System\EKOGTTk.exe

C:\Windows\System\EjTXojx.exe

C:\Windows\System\EjTXojx.exe

C:\Windows\System\GMFdzIW.exe

C:\Windows\System\GMFdzIW.exe

C:\Windows\System\VYlOkfo.exe

C:\Windows\System\VYlOkfo.exe

C:\Windows\System\HqmYzXT.exe

C:\Windows\System\HqmYzXT.exe

C:\Windows\System\RsBHRpo.exe

C:\Windows\System\RsBHRpo.exe

C:\Windows\System\rTxMqvr.exe

C:\Windows\System\rTxMqvr.exe

C:\Windows\System\RCqpUXK.exe

C:\Windows\System\RCqpUXK.exe

C:\Windows\System\KWjlosL.exe

C:\Windows\System\KWjlosL.exe

C:\Windows\System\qgdeLbH.exe

C:\Windows\System\qgdeLbH.exe

C:\Windows\System\RUKFGFZ.exe

C:\Windows\System\RUKFGFZ.exe

C:\Windows\System\IMDGVNp.exe

C:\Windows\System\IMDGVNp.exe

C:\Windows\System\MOMPLrB.exe

C:\Windows\System\MOMPLrB.exe

C:\Windows\System\uvbgmGR.exe

C:\Windows\System\uvbgmGR.exe

C:\Windows\System\UqGYSTm.exe

C:\Windows\System\UqGYSTm.exe

C:\Windows\System\tulXAMy.exe

C:\Windows\System\tulXAMy.exe

C:\Windows\System\XQSrFWe.exe

C:\Windows\System\XQSrFWe.exe

C:\Windows\System\UaRSkqs.exe

C:\Windows\System\UaRSkqs.exe

C:\Windows\System\YzyvtjK.exe

C:\Windows\System\YzyvtjK.exe

C:\Windows\System\YYeGNCN.exe

C:\Windows\System\YYeGNCN.exe

C:\Windows\System\WvcWmZI.exe

C:\Windows\System\WvcWmZI.exe

C:\Windows\System\YffePgL.exe

C:\Windows\System\YffePgL.exe

C:\Windows\System\SBoiftM.exe

C:\Windows\System\SBoiftM.exe

C:\Windows\System\ytwZLyF.exe

C:\Windows\System\ytwZLyF.exe

C:\Windows\System\BIZRKwS.exe

C:\Windows\System\BIZRKwS.exe

C:\Windows\System\YcNShle.exe

C:\Windows\System\YcNShle.exe

C:\Windows\System\UZItRFs.exe

C:\Windows\System\UZItRFs.exe

C:\Windows\System\JZEsZYT.exe

C:\Windows\System\JZEsZYT.exe

C:\Windows\System\xqrvByP.exe

C:\Windows\System\xqrvByP.exe

C:\Windows\System\conUERT.exe

C:\Windows\System\conUERT.exe

C:\Windows\System\XIiPPhn.exe

C:\Windows\System\XIiPPhn.exe

C:\Windows\System\YjvfoRG.exe

C:\Windows\System\YjvfoRG.exe

C:\Windows\System\TcJlZns.exe

C:\Windows\System\TcJlZns.exe

C:\Windows\System\VuYtDpF.exe

C:\Windows\System\VuYtDpF.exe

C:\Windows\System\vpimACq.exe

C:\Windows\System\vpimACq.exe

C:\Windows\System\aJlMFtU.exe

C:\Windows\System\aJlMFtU.exe

C:\Windows\System\uoqZVqY.exe

C:\Windows\System\uoqZVqY.exe

C:\Windows\System\JfHlRFH.exe

C:\Windows\System\JfHlRFH.exe

C:\Windows\System\NCplPBZ.exe

C:\Windows\System\NCplPBZ.exe

C:\Windows\System\ODndwZE.exe

C:\Windows\System\ODndwZE.exe

C:\Windows\System\CGdQHIJ.exe

C:\Windows\System\CGdQHIJ.exe

C:\Windows\System\ZARhJDJ.exe

C:\Windows\System\ZARhJDJ.exe

C:\Windows\System\pGowImS.exe

C:\Windows\System\pGowImS.exe

C:\Windows\System\TNDNyuB.exe

C:\Windows\System\TNDNyuB.exe

C:\Windows\System\vJGBfzm.exe

C:\Windows\System\vJGBfzm.exe

C:\Windows\System\IJPrAHv.exe

C:\Windows\System\IJPrAHv.exe

C:\Windows\System\suuSSIC.exe

C:\Windows\System\suuSSIC.exe

C:\Windows\System\azBKqDR.exe

C:\Windows\System\azBKqDR.exe

C:\Windows\System\AinsIOv.exe

C:\Windows\System\AinsIOv.exe

C:\Windows\System\IxZiLRM.exe

C:\Windows\System\IxZiLRM.exe

C:\Windows\System\ULRcuNb.exe

C:\Windows\System\ULRcuNb.exe

C:\Windows\System\kyYhSym.exe

C:\Windows\System\kyYhSym.exe

C:\Windows\System\yXvzcnU.exe

C:\Windows\System\yXvzcnU.exe

C:\Windows\System\lKIoWxC.exe

C:\Windows\System\lKIoWxC.exe

C:\Windows\System\DxZKFWS.exe

C:\Windows\System\DxZKFWS.exe

C:\Windows\System\QVeqyoA.exe

C:\Windows\System\QVeqyoA.exe

C:\Windows\System\IFIxJSG.exe

C:\Windows\System\IFIxJSG.exe

C:\Windows\System\pNPMDHR.exe

C:\Windows\System\pNPMDHR.exe

C:\Windows\System\IrfkjvU.exe

C:\Windows\System\IrfkjvU.exe

C:\Windows\System\HqjPkiK.exe

C:\Windows\System\HqjPkiK.exe

C:\Windows\System\JiiIIlR.exe

C:\Windows\System\JiiIIlR.exe

C:\Windows\System\FtEquye.exe

C:\Windows\System\FtEquye.exe

C:\Windows\System\rwuvNWU.exe

C:\Windows\System\rwuvNWU.exe

C:\Windows\System\BcHzwxu.exe

C:\Windows\System\BcHzwxu.exe

C:\Windows\System\qRyJoTK.exe

C:\Windows\System\qRyJoTK.exe

C:\Windows\System\EWJARDV.exe

C:\Windows\System\EWJARDV.exe

C:\Windows\System\TaUjMCm.exe

C:\Windows\System\TaUjMCm.exe

C:\Windows\System\uvaCmTK.exe

C:\Windows\System\uvaCmTK.exe

C:\Windows\System\rJGJjyS.exe

C:\Windows\System\rJGJjyS.exe

C:\Windows\System\BXkPokr.exe

C:\Windows\System\BXkPokr.exe

C:\Windows\System\HoPxsBd.exe

C:\Windows\System\HoPxsBd.exe

C:\Windows\System\YbtZWpf.exe

C:\Windows\System\YbtZWpf.exe

C:\Windows\System\GwvBWEN.exe

C:\Windows\System\GwvBWEN.exe

C:\Windows\System\jbSTHMf.exe

C:\Windows\System\jbSTHMf.exe

C:\Windows\System\bSDQijI.exe

C:\Windows\System\bSDQijI.exe

C:\Windows\System\EODAmia.exe

C:\Windows\System\EODAmia.exe

C:\Windows\System\lqYwecQ.exe

C:\Windows\System\lqYwecQ.exe

C:\Windows\System\gElxDNn.exe

C:\Windows\System\gElxDNn.exe

C:\Windows\System\FjEZLLA.exe

C:\Windows\System\FjEZLLA.exe

C:\Windows\System\rneHTeM.exe

C:\Windows\System\rneHTeM.exe

C:\Windows\System\kUvHvph.exe

C:\Windows\System\kUvHvph.exe

C:\Windows\System\rorGYXl.exe

C:\Windows\System\rorGYXl.exe

C:\Windows\System\oSOSNkf.exe

C:\Windows\System\oSOSNkf.exe

C:\Windows\System\NjETiVr.exe

C:\Windows\System\NjETiVr.exe

C:\Windows\System\YYMFgAq.exe

C:\Windows\System\YYMFgAq.exe

C:\Windows\System\sLPwjnY.exe

C:\Windows\System\sLPwjnY.exe

C:\Windows\System\qDxcmXo.exe

C:\Windows\System\qDxcmXo.exe

C:\Windows\System\QZYUxhb.exe

C:\Windows\System\QZYUxhb.exe

C:\Windows\System\oitBDKZ.exe

C:\Windows\System\oitBDKZ.exe

C:\Windows\System\eCLfeMk.exe

C:\Windows\System\eCLfeMk.exe

C:\Windows\System\ukoXDMB.exe

C:\Windows\System\ukoXDMB.exe

C:\Windows\System\CuPlEqn.exe

C:\Windows\System\CuPlEqn.exe

C:\Windows\System\kexozKV.exe

C:\Windows\System\kexozKV.exe

C:\Windows\System\oBdQDZJ.exe

C:\Windows\System\oBdQDZJ.exe

C:\Windows\System\KXrSrcx.exe

C:\Windows\System\KXrSrcx.exe

C:\Windows\System\EWSAODV.exe

C:\Windows\System\EWSAODV.exe

C:\Windows\System\aDNMFcT.exe

C:\Windows\System\aDNMFcT.exe

C:\Windows\System\KAQlRMl.exe

C:\Windows\System\KAQlRMl.exe

C:\Windows\System\FrNIPdD.exe

C:\Windows\System\FrNIPdD.exe

C:\Windows\System\vawfDwl.exe

C:\Windows\System\vawfDwl.exe

C:\Windows\System\wxvLIzp.exe

C:\Windows\System\wxvLIzp.exe

C:\Windows\System\EQbPATJ.exe

C:\Windows\System\EQbPATJ.exe

C:\Windows\System\JaWyuQH.exe

C:\Windows\System\JaWyuQH.exe

C:\Windows\System\hPIlozQ.exe

C:\Windows\System\hPIlozQ.exe

C:\Windows\System\Givquve.exe

C:\Windows\System\Givquve.exe

C:\Windows\System\FYfgsKj.exe

C:\Windows\System\FYfgsKj.exe

C:\Windows\System\eioyNsz.exe

C:\Windows\System\eioyNsz.exe

C:\Windows\System\DDuLFAH.exe

C:\Windows\System\DDuLFAH.exe

C:\Windows\System\VwNhscx.exe

C:\Windows\System\VwNhscx.exe

C:\Windows\System\gOBFvnW.exe

C:\Windows\System\gOBFvnW.exe

C:\Windows\System\bMNpjqC.exe

C:\Windows\System\bMNpjqC.exe

C:\Windows\System\ixmfwXx.exe

C:\Windows\System\ixmfwXx.exe

C:\Windows\System\jmkVcPs.exe

C:\Windows\System\jmkVcPs.exe

C:\Windows\System\PamNJOY.exe

C:\Windows\System\PamNJOY.exe

C:\Windows\System\ZehTZMO.exe

C:\Windows\System\ZehTZMO.exe

C:\Windows\System\snXgLwA.exe

C:\Windows\System\snXgLwA.exe

C:\Windows\System\XFrruBA.exe

C:\Windows\System\XFrruBA.exe

C:\Windows\System\EIKoPny.exe

C:\Windows\System\EIKoPny.exe

C:\Windows\System\UaYHmUv.exe

C:\Windows\System\UaYHmUv.exe

C:\Windows\System\OvEwVHC.exe

C:\Windows\System\OvEwVHC.exe

C:\Windows\System\StBQEDf.exe

C:\Windows\System\StBQEDf.exe

C:\Windows\System\VEiDfQh.exe

C:\Windows\System\VEiDfQh.exe

C:\Windows\System\itQAdlw.exe

C:\Windows\System\itQAdlw.exe

C:\Windows\System\mYJhWuj.exe

C:\Windows\System\mYJhWuj.exe

C:\Windows\System\PtuBGNz.exe

C:\Windows\System\PtuBGNz.exe

C:\Windows\System\uZhjnjJ.exe

C:\Windows\System\uZhjnjJ.exe

C:\Windows\System\MgRAVAw.exe

C:\Windows\System\MgRAVAw.exe

C:\Windows\System\fDoGtVz.exe

C:\Windows\System\fDoGtVz.exe

C:\Windows\System\SQONOlu.exe

C:\Windows\System\SQONOlu.exe

C:\Windows\System\FLYkgmo.exe

C:\Windows\System\FLYkgmo.exe

C:\Windows\System\SJjmVSs.exe

C:\Windows\System\SJjmVSs.exe

C:\Windows\System\fmnwQFO.exe

C:\Windows\System\fmnwQFO.exe

C:\Windows\System\ACvxFyM.exe

C:\Windows\System\ACvxFyM.exe

C:\Windows\System\bVbQUZX.exe

C:\Windows\System\bVbQUZX.exe

C:\Windows\System\vHKegwX.exe

C:\Windows\System\vHKegwX.exe

C:\Windows\System\vuhkjjU.exe

C:\Windows\System\vuhkjjU.exe

C:\Windows\System\ZSzZqml.exe

C:\Windows\System\ZSzZqml.exe

C:\Windows\System\uUJjNNP.exe

C:\Windows\System\uUJjNNP.exe

C:\Windows\System\czhoPEc.exe

C:\Windows\System\czhoPEc.exe

C:\Windows\System\eJqrsgs.exe

C:\Windows\System\eJqrsgs.exe

C:\Windows\System\DjhkldK.exe

C:\Windows\System\DjhkldK.exe

C:\Windows\System\RCXHMeU.exe

C:\Windows\System\RCXHMeU.exe

C:\Windows\System\GCIenbC.exe

C:\Windows\System\GCIenbC.exe

C:\Windows\System\kZAGxVT.exe

C:\Windows\System\kZAGxVT.exe

C:\Windows\System\csUohzi.exe

C:\Windows\System\csUohzi.exe

C:\Windows\System\ELmIuHq.exe

C:\Windows\System\ELmIuHq.exe

C:\Windows\System\HBKOrsm.exe

C:\Windows\System\HBKOrsm.exe

C:\Windows\System\gfBgfRs.exe

C:\Windows\System\gfBgfRs.exe

C:\Windows\System\HbceGwZ.exe

C:\Windows\System\HbceGwZ.exe

C:\Windows\System\ekAzUsf.exe

C:\Windows\System\ekAzUsf.exe

C:\Windows\System\Mbrtkht.exe

C:\Windows\System\Mbrtkht.exe

C:\Windows\System\evUCpEw.exe

C:\Windows\System\evUCpEw.exe

C:\Windows\System\CwBeyWV.exe

C:\Windows\System\CwBeyWV.exe

C:\Windows\System\NTwvRvl.exe

C:\Windows\System\NTwvRvl.exe

C:\Windows\System\QEDpZNL.exe

C:\Windows\System\QEDpZNL.exe

C:\Windows\System\aPNrkCJ.exe

C:\Windows\System\aPNrkCJ.exe

C:\Windows\System\fAZpPCD.exe

C:\Windows\System\fAZpPCD.exe

C:\Windows\System\XZSFybh.exe

C:\Windows\System\XZSFybh.exe

C:\Windows\System\hYGomsn.exe

C:\Windows\System\hYGomsn.exe

C:\Windows\System\sSbZOez.exe

C:\Windows\System\sSbZOez.exe

C:\Windows\System\nXsApHz.exe

C:\Windows\System\nXsApHz.exe

C:\Windows\System\vgiEpMc.exe

C:\Windows\System\vgiEpMc.exe

C:\Windows\System\FGMzKaB.exe

C:\Windows\System\FGMzKaB.exe

C:\Windows\System\mvLXJCk.exe

C:\Windows\System\mvLXJCk.exe

C:\Windows\System\PPltKtZ.exe

C:\Windows\System\PPltKtZ.exe

C:\Windows\System\xsgyxSA.exe

C:\Windows\System\xsgyxSA.exe

C:\Windows\System\ZMEWTOY.exe

C:\Windows\System\ZMEWTOY.exe

C:\Windows\System\NtTgCVR.exe

C:\Windows\System\NtTgCVR.exe

C:\Windows\System\tSciJQd.exe

C:\Windows\System\tSciJQd.exe

C:\Windows\System\OHHBiVQ.exe

C:\Windows\System\OHHBiVQ.exe

C:\Windows\System\yRroCLW.exe

C:\Windows\System\yRroCLW.exe

C:\Windows\System\reBHWge.exe

C:\Windows\System\reBHWge.exe

C:\Windows\System\bEFwYZY.exe

C:\Windows\System\bEFwYZY.exe

C:\Windows\System\rUDbzBr.exe

C:\Windows\System\rUDbzBr.exe

C:\Windows\System\nRqnesZ.exe

C:\Windows\System\nRqnesZ.exe

C:\Windows\System\uRhPicV.exe

C:\Windows\System\uRhPicV.exe

C:\Windows\System\AnMjYte.exe

C:\Windows\System\AnMjYte.exe

C:\Windows\System\UQYnhjJ.exe

C:\Windows\System\UQYnhjJ.exe

C:\Windows\System\NSloVMd.exe

C:\Windows\System\NSloVMd.exe

C:\Windows\System\WtdQZQz.exe

C:\Windows\System\WtdQZQz.exe

C:\Windows\System\QBImPDM.exe

C:\Windows\System\QBImPDM.exe

C:\Windows\System\izFCobE.exe

C:\Windows\System\izFCobE.exe

C:\Windows\System\BZFslen.exe

C:\Windows\System\BZFslen.exe

C:\Windows\System\IIIiLiP.exe

C:\Windows\System\IIIiLiP.exe

C:\Windows\System\LlDjujW.exe

C:\Windows\System\LlDjujW.exe

C:\Windows\System\CiLUxtF.exe

C:\Windows\System\CiLUxtF.exe

C:\Windows\System\bGlZjBx.exe

C:\Windows\System\bGlZjBx.exe

C:\Windows\System\ThLIgfW.exe

C:\Windows\System\ThLIgfW.exe

C:\Windows\System\fqZtzBk.exe

C:\Windows\System\fqZtzBk.exe

C:\Windows\System\yliwxap.exe

C:\Windows\System\yliwxap.exe

C:\Windows\System\aasjCGf.exe

C:\Windows\System\aasjCGf.exe

C:\Windows\System\lVScFaf.exe

C:\Windows\System\lVScFaf.exe

C:\Windows\System\RjpuldD.exe

C:\Windows\System\RjpuldD.exe

C:\Windows\System\vLgrBeo.exe

C:\Windows\System\vLgrBeo.exe

C:\Windows\System\ordZzUr.exe

C:\Windows\System\ordZzUr.exe

C:\Windows\System\Gdcrauk.exe

C:\Windows\System\Gdcrauk.exe

C:\Windows\System\ZWOvbqe.exe

C:\Windows\System\ZWOvbqe.exe

C:\Windows\System\fkNiZsd.exe

C:\Windows\System\fkNiZsd.exe

C:\Windows\System\HNIhbHg.exe

C:\Windows\System\HNIhbHg.exe

C:\Windows\System\KUzryxU.exe

C:\Windows\System\KUzryxU.exe

C:\Windows\System\TouflOy.exe

C:\Windows\System\TouflOy.exe

C:\Windows\System\RwtiPeS.exe

C:\Windows\System\RwtiPeS.exe

C:\Windows\System\LxZWNOS.exe

C:\Windows\System\LxZWNOS.exe

C:\Windows\System\OTFPXhI.exe

C:\Windows\System\OTFPXhI.exe

C:\Windows\System\mHsnNyt.exe

C:\Windows\System\mHsnNyt.exe

C:\Windows\System\VLRSGwJ.exe

C:\Windows\System\VLRSGwJ.exe

C:\Windows\System\MQhVaPw.exe

C:\Windows\System\MQhVaPw.exe

C:\Windows\System\bmHcWUh.exe

C:\Windows\System\bmHcWUh.exe

C:\Windows\System\iVIGXGB.exe

C:\Windows\System\iVIGXGB.exe

C:\Windows\System\dFreEcW.exe

C:\Windows\System\dFreEcW.exe

C:\Windows\System\MASPlRn.exe

C:\Windows\System\MASPlRn.exe

C:\Windows\System\CWtLVwa.exe

C:\Windows\System\CWtLVwa.exe

C:\Windows\System\SQDfBsL.exe

C:\Windows\System\SQDfBsL.exe

C:\Windows\System\npUgWkc.exe

C:\Windows\System\npUgWkc.exe

C:\Windows\System\lpvdIOh.exe

C:\Windows\System\lpvdIOh.exe

C:\Windows\System\dvHrATx.exe

C:\Windows\System\dvHrATx.exe

C:\Windows\System\aqgcRVL.exe

C:\Windows\System\aqgcRVL.exe

C:\Windows\System\ESGCjmr.exe

C:\Windows\System\ESGCjmr.exe

C:\Windows\System\MDFZQcH.exe

C:\Windows\System\MDFZQcH.exe

C:\Windows\System\URjGNgV.exe

C:\Windows\System\URjGNgV.exe

C:\Windows\System\LsCoVew.exe

C:\Windows\System\LsCoVew.exe

C:\Windows\System\QeDrKEu.exe

C:\Windows\System\QeDrKEu.exe

C:\Windows\System\pjPqbgl.exe

C:\Windows\System\pjPqbgl.exe

C:\Windows\System\Isuthdh.exe

C:\Windows\System\Isuthdh.exe

C:\Windows\System\vCkKiYy.exe

C:\Windows\System\vCkKiYy.exe

C:\Windows\System\trhngMX.exe

C:\Windows\System\trhngMX.exe

C:\Windows\System\AoGwbxx.exe

C:\Windows\System\AoGwbxx.exe

C:\Windows\System\FQZAEhV.exe

C:\Windows\System\FQZAEhV.exe

C:\Windows\System\nkkpDDZ.exe

C:\Windows\System\nkkpDDZ.exe

C:\Windows\System\phcbdQx.exe

C:\Windows\System\phcbdQx.exe

C:\Windows\System\KJIZvJN.exe

C:\Windows\System\KJIZvJN.exe

C:\Windows\System\YKESjbV.exe

C:\Windows\System\YKESjbV.exe

C:\Windows\System\OThWCjx.exe

C:\Windows\System\OThWCjx.exe

C:\Windows\System\jTMOjYJ.exe

C:\Windows\System\jTMOjYJ.exe

C:\Windows\System\UlFQQtH.exe

C:\Windows\System\UlFQQtH.exe

C:\Windows\System\ZgInDNr.exe

C:\Windows\System\ZgInDNr.exe

C:\Windows\System\OTbTuCO.exe

C:\Windows\System\OTbTuCO.exe

C:\Windows\System\rhBKHFS.exe

C:\Windows\System\rhBKHFS.exe

C:\Windows\System\TnQEAuB.exe

C:\Windows\System\TnQEAuB.exe

C:\Windows\System\nzBvRtV.exe

C:\Windows\System\nzBvRtV.exe

C:\Windows\System\sDpyZyV.exe

C:\Windows\System\sDpyZyV.exe

C:\Windows\System\JBENPIp.exe

C:\Windows\System\JBENPIp.exe

C:\Windows\System\wBoVxzL.exe

C:\Windows\System\wBoVxzL.exe

C:\Windows\System\nqYSreU.exe

C:\Windows\System\nqYSreU.exe

C:\Windows\System\OPXAGcU.exe

C:\Windows\System\OPXAGcU.exe

C:\Windows\System\eWGVumn.exe

C:\Windows\System\eWGVumn.exe

C:\Windows\System\gmEMbDr.exe

C:\Windows\System\gmEMbDr.exe

C:\Windows\System\vvlKcZk.exe

C:\Windows\System\vvlKcZk.exe

C:\Windows\System\rNAgppb.exe

C:\Windows\System\rNAgppb.exe

C:\Windows\System\TyeMWeU.exe

C:\Windows\System\TyeMWeU.exe

C:\Windows\System\qkljyME.exe

C:\Windows\System\qkljyME.exe

C:\Windows\System\WbMrDmi.exe

C:\Windows\System\WbMrDmi.exe

C:\Windows\System\zpdAHhp.exe

C:\Windows\System\zpdAHhp.exe

C:\Windows\System\NivPfUL.exe

C:\Windows\System\NivPfUL.exe

C:\Windows\System\cyWWLcL.exe

C:\Windows\System\cyWWLcL.exe

C:\Windows\System\kJpCvLK.exe

C:\Windows\System\kJpCvLK.exe

C:\Windows\System\qbgYMfm.exe

C:\Windows\System\qbgYMfm.exe

C:\Windows\System\JcCRRea.exe

C:\Windows\System\JcCRRea.exe

C:\Windows\System\cJLfJAY.exe

C:\Windows\System\cJLfJAY.exe

C:\Windows\System\sxoGKcP.exe

C:\Windows\System\sxoGKcP.exe

C:\Windows\System\zYLRGmk.exe

C:\Windows\System\zYLRGmk.exe

C:\Windows\System\iHjxaFh.exe

C:\Windows\System\iHjxaFh.exe

C:\Windows\System\NIvExGh.exe

C:\Windows\System\NIvExGh.exe

C:\Windows\System\nbPYYMc.exe

C:\Windows\System\nbPYYMc.exe

C:\Windows\System\sidGaUl.exe

C:\Windows\System\sidGaUl.exe

C:\Windows\System\BBncavN.exe

C:\Windows\System\BBncavN.exe

C:\Windows\System\RCiYbrx.exe

C:\Windows\System\RCiYbrx.exe

C:\Windows\System\Wmboecu.exe

C:\Windows\System\Wmboecu.exe

C:\Windows\System\NMlJBHu.exe

C:\Windows\System\NMlJBHu.exe

C:\Windows\System\LtTOJNJ.exe

C:\Windows\System\LtTOJNJ.exe

C:\Windows\System\TzYETPh.exe

C:\Windows\System\TzYETPh.exe

C:\Windows\System\udohBne.exe

C:\Windows\System\udohBne.exe

C:\Windows\System\PVQNaQi.exe

C:\Windows\System\PVQNaQi.exe

C:\Windows\System\uJWDXNR.exe

C:\Windows\System\uJWDXNR.exe

C:\Windows\System\YUtSPZN.exe

C:\Windows\System\YUtSPZN.exe

C:\Windows\System\ehxLIhF.exe

C:\Windows\System\ehxLIhF.exe

C:\Windows\System\XLeGQoE.exe

C:\Windows\System\XLeGQoE.exe

C:\Windows\System\nuAxYNC.exe

C:\Windows\System\nuAxYNC.exe

C:\Windows\System\YdMpEsJ.exe

C:\Windows\System\YdMpEsJ.exe

C:\Windows\System\YdrHKLG.exe

C:\Windows\System\YdrHKLG.exe

C:\Windows\System\hcOrwGa.exe

C:\Windows\System\hcOrwGa.exe

C:\Windows\System\Uzlwfdo.exe

C:\Windows\System\Uzlwfdo.exe

C:\Windows\System\mbUZjtt.exe

C:\Windows\System\mbUZjtt.exe

C:\Windows\System\RXMDqNS.exe

C:\Windows\System\RXMDqNS.exe

C:\Windows\System\XalTKGt.exe

C:\Windows\System\XalTKGt.exe

C:\Windows\System\oCPXziR.exe

C:\Windows\System\oCPXziR.exe

C:\Windows\System\KkJKvoF.exe

C:\Windows\System\KkJKvoF.exe

C:\Windows\System\OdHkbQe.exe

C:\Windows\System\OdHkbQe.exe

C:\Windows\System\SuPFLTB.exe

C:\Windows\System\SuPFLTB.exe

C:\Windows\System\obKVCgm.exe

C:\Windows\System\obKVCgm.exe

C:\Windows\System\GbQNDKP.exe

C:\Windows\System\GbQNDKP.exe

C:\Windows\System\iCjqIWH.exe

C:\Windows\System\iCjqIWH.exe

C:\Windows\System\HyCgKtA.exe

C:\Windows\System\HyCgKtA.exe

C:\Windows\System\TiLFTEH.exe

C:\Windows\System\TiLFTEH.exe

C:\Windows\System\cbWnqES.exe

C:\Windows\System\cbWnqES.exe

C:\Windows\System\dUnLWSg.exe

C:\Windows\System\dUnLWSg.exe

C:\Windows\System\pPKwupb.exe

C:\Windows\System\pPKwupb.exe

C:\Windows\System\xWTyKPG.exe

C:\Windows\System\xWTyKPG.exe

C:\Windows\System\qNDFntl.exe

C:\Windows\System\qNDFntl.exe

C:\Windows\System\xDOlEFl.exe

C:\Windows\System\xDOlEFl.exe

C:\Windows\System\CDaRaIX.exe

C:\Windows\System\CDaRaIX.exe

C:\Windows\System\rbWnETG.exe

C:\Windows\System\rbWnETG.exe

C:\Windows\System\EQrpQUI.exe

C:\Windows\System\EQrpQUI.exe

C:\Windows\System\YDHmcGc.exe

C:\Windows\System\YDHmcGc.exe

C:\Windows\System\mQwejwv.exe

C:\Windows\System\mQwejwv.exe

C:\Windows\System\jQlJktM.exe

C:\Windows\System\jQlJktM.exe

C:\Windows\System\FVLYGsS.exe

C:\Windows\System\FVLYGsS.exe

C:\Windows\System\jAGwmuC.exe

C:\Windows\System\jAGwmuC.exe

C:\Windows\System\wXApQPn.exe

C:\Windows\System\wXApQPn.exe

C:\Windows\System\ahoBpWA.exe

C:\Windows\System\ahoBpWA.exe

C:\Windows\System\qhIrHdj.exe

C:\Windows\System\qhIrHdj.exe

C:\Windows\System\PlgaDUM.exe

C:\Windows\System\PlgaDUM.exe

C:\Windows\System\duEmBYR.exe

C:\Windows\System\duEmBYR.exe

C:\Windows\System\BUqECbC.exe

C:\Windows\System\BUqECbC.exe

C:\Windows\System\cCpnGgh.exe

C:\Windows\System\cCpnGgh.exe

C:\Windows\System\xNCkfoc.exe

C:\Windows\System\xNCkfoc.exe

C:\Windows\System\UazSelO.exe

C:\Windows\System\UazSelO.exe

C:\Windows\System\OPjfiXn.exe

C:\Windows\System\OPjfiXn.exe

C:\Windows\System\HARZGid.exe

C:\Windows\System\HARZGid.exe

C:\Windows\System\AuHesAd.exe

C:\Windows\System\AuHesAd.exe

C:\Windows\System\SaHvXsX.exe

C:\Windows\System\SaHvXsX.exe

C:\Windows\System\YMuKUmR.exe

C:\Windows\System\YMuKUmR.exe

C:\Windows\System\DoxNgPb.exe

C:\Windows\System\DoxNgPb.exe

C:\Windows\System\MwMbOYg.exe

C:\Windows\System\MwMbOYg.exe

C:\Windows\System\yrZmxyB.exe

C:\Windows\System\yrZmxyB.exe

C:\Windows\System\cagpMoS.exe

C:\Windows\System\cagpMoS.exe

C:\Windows\System\vyXKxRp.exe

C:\Windows\System\vyXKxRp.exe

C:\Windows\System\ERUhdOL.exe

C:\Windows\System\ERUhdOL.exe

C:\Windows\System\XFXSPUW.exe

C:\Windows\System\XFXSPUW.exe

C:\Windows\System\xxfKVEE.exe

C:\Windows\System\xxfKVEE.exe

C:\Windows\System\OsWgSim.exe

C:\Windows\System\OsWgSim.exe

C:\Windows\System\PJtuatB.exe

C:\Windows\System\PJtuatB.exe

C:\Windows\System\dgniXsM.exe

C:\Windows\System\dgniXsM.exe

C:\Windows\System\wPEnIMy.exe

C:\Windows\System\wPEnIMy.exe

C:\Windows\System\OFhmXYd.exe

C:\Windows\System\OFhmXYd.exe

C:\Windows\System\yTfhPiL.exe

C:\Windows\System\yTfhPiL.exe

C:\Windows\System\vmQWmUU.exe

C:\Windows\System\vmQWmUU.exe

C:\Windows\System\gruTKWh.exe

C:\Windows\System\gruTKWh.exe

C:\Windows\System\LnLhOXN.exe

C:\Windows\System\LnLhOXN.exe

C:\Windows\System\NNdAzQP.exe

C:\Windows\System\NNdAzQP.exe

C:\Windows\System\nggVtAp.exe

C:\Windows\System\nggVtAp.exe

C:\Windows\System\enXrPBN.exe

C:\Windows\System\enXrPBN.exe

C:\Windows\System\XbHDhyY.exe

C:\Windows\System\XbHDhyY.exe

C:\Windows\System\wltHGOe.exe

C:\Windows\System\wltHGOe.exe

C:\Windows\System\TzpUtAX.exe

C:\Windows\System\TzpUtAX.exe

C:\Windows\System\MiqBawY.exe

C:\Windows\System\MiqBawY.exe

C:\Windows\System\Ybirzkw.exe

C:\Windows\System\Ybirzkw.exe

C:\Windows\System\tlpAsHZ.exe

C:\Windows\System\tlpAsHZ.exe

C:\Windows\System\oWCVmeh.exe

C:\Windows\System\oWCVmeh.exe

C:\Windows\System\DPfbIfu.exe

C:\Windows\System\DPfbIfu.exe

C:\Windows\System\knNOVJK.exe

C:\Windows\System\knNOVJK.exe

C:\Windows\System\TgleYXX.exe

C:\Windows\System\TgleYXX.exe

C:\Windows\System\fRxcJYL.exe

C:\Windows\System\fRxcJYL.exe

C:\Windows\System\TqlJqkA.exe

C:\Windows\System\TqlJqkA.exe

C:\Windows\System\SFCApOr.exe

C:\Windows\System\SFCApOr.exe

C:\Windows\System\SDVlcia.exe

C:\Windows\System\SDVlcia.exe

C:\Windows\System\srpngHv.exe

C:\Windows\System\srpngHv.exe

C:\Windows\System\ZXOPdfP.exe

C:\Windows\System\ZXOPdfP.exe

C:\Windows\System\KkqEEzS.exe

C:\Windows\System\KkqEEzS.exe

C:\Windows\System\CRnvMcI.exe

C:\Windows\System\CRnvMcI.exe

C:\Windows\System\UjGWUwe.exe

C:\Windows\System\UjGWUwe.exe

C:\Windows\System\sKQYvSP.exe

C:\Windows\System\sKQYvSP.exe

C:\Windows\System\KxVziqR.exe

C:\Windows\System\KxVziqR.exe

C:\Windows\System\waocigm.exe

C:\Windows\System\waocigm.exe

C:\Windows\System\WmjNOBw.exe

C:\Windows\System\WmjNOBw.exe

C:\Windows\System\ZtTphrA.exe

C:\Windows\System\ZtTphrA.exe

C:\Windows\System\WTBgHmS.exe

C:\Windows\System\WTBgHmS.exe

C:\Windows\System\GRHHZXb.exe

C:\Windows\System\GRHHZXb.exe

C:\Windows\System\PskTJFq.exe

C:\Windows\System\PskTJFq.exe

C:\Windows\System\FKchIGX.exe

C:\Windows\System\FKchIGX.exe

C:\Windows\System\tEGMEOz.exe

C:\Windows\System\tEGMEOz.exe

C:\Windows\System\hJzgBwK.exe

C:\Windows\System\hJzgBwK.exe

C:\Windows\System\vmOWQpy.exe

C:\Windows\System\vmOWQpy.exe

C:\Windows\System\XcxWMpq.exe

C:\Windows\System\XcxWMpq.exe

C:\Windows\System\qauRmvW.exe

C:\Windows\System\qauRmvW.exe

C:\Windows\System\LUZdQYs.exe

C:\Windows\System\LUZdQYs.exe

C:\Windows\System\euUNimd.exe

C:\Windows\System\euUNimd.exe

C:\Windows\System\QoYncAV.exe

C:\Windows\System\QoYncAV.exe

C:\Windows\System\Rzdruan.exe

C:\Windows\System\Rzdruan.exe

C:\Windows\System\qmKCzjI.exe

C:\Windows\System\qmKCzjI.exe

C:\Windows\System\piqMfeu.exe

C:\Windows\System\piqMfeu.exe

C:\Windows\System\eULUBRp.exe

C:\Windows\System\eULUBRp.exe

C:\Windows\System\fEimIYI.exe

C:\Windows\System\fEimIYI.exe

C:\Windows\System\YOWWwRM.exe

C:\Windows\System\YOWWwRM.exe

C:\Windows\System\hOZIQSp.exe

C:\Windows\System\hOZIQSp.exe

C:\Windows\System\cFXbmmH.exe

C:\Windows\System\cFXbmmH.exe

C:\Windows\System\xvDQUjX.exe

C:\Windows\System\xvDQUjX.exe

C:\Windows\System\TsjJevu.exe

C:\Windows\System\TsjJevu.exe

C:\Windows\System\dxJKqeK.exe

C:\Windows\System\dxJKqeK.exe

C:\Windows\System\VJJDuRh.exe

C:\Windows\System\VJJDuRh.exe

C:\Windows\System\hiligkB.exe

C:\Windows\System\hiligkB.exe

C:\Windows\System\NNLBEIC.exe

C:\Windows\System\NNLBEIC.exe

C:\Windows\System\QTdwRrM.exe

C:\Windows\System\QTdwRrM.exe

C:\Windows\System\meJaKZu.exe

C:\Windows\System\meJaKZu.exe

C:\Windows\System\hipAeDx.exe

C:\Windows\System\hipAeDx.exe

C:\Windows\System\QHfiiwe.exe

C:\Windows\System\QHfiiwe.exe

C:\Windows\System\NSaGMSx.exe

C:\Windows\System\NSaGMSx.exe

C:\Windows\System\jVVZQKR.exe

C:\Windows\System\jVVZQKR.exe

C:\Windows\System\OFnLZIG.exe

C:\Windows\System\OFnLZIG.exe

C:\Windows\System\eGLkXVY.exe

C:\Windows\System\eGLkXVY.exe

C:\Windows\System\hrbkvOM.exe

C:\Windows\System\hrbkvOM.exe

C:\Windows\System\rkYCLLk.exe

C:\Windows\System\rkYCLLk.exe

C:\Windows\System\MHOCuPv.exe

C:\Windows\System\MHOCuPv.exe

C:\Windows\System\zZtPqJS.exe

C:\Windows\System\zZtPqJS.exe

C:\Windows\System\NgXXdcC.exe

C:\Windows\System\NgXXdcC.exe

C:\Windows\System\TQCzbbm.exe

C:\Windows\System\TQCzbbm.exe

C:\Windows\System\jHUZylP.exe

C:\Windows\System\jHUZylP.exe

C:\Windows\System\dMMpNum.exe

C:\Windows\System\dMMpNum.exe

C:\Windows\System\PlbFZpW.exe

C:\Windows\System\PlbFZpW.exe

C:\Windows\System\tnFNYUQ.exe

C:\Windows\System\tnFNYUQ.exe

C:\Windows\System\XjLOUee.exe

C:\Windows\System\XjLOUee.exe

C:\Windows\System\PSWjXgN.exe

C:\Windows\System\PSWjXgN.exe

C:\Windows\System\ClkCgzJ.exe

C:\Windows\System\ClkCgzJ.exe

C:\Windows\System\IYLlKGs.exe

C:\Windows\System\IYLlKGs.exe

C:\Windows\System\iMDdOhG.exe

C:\Windows\System\iMDdOhG.exe

C:\Windows\System\WxlbHfI.exe

C:\Windows\System\WxlbHfI.exe

C:\Windows\System\rVHlkQC.exe

C:\Windows\System\rVHlkQC.exe

C:\Windows\System\XfVZEkS.exe

C:\Windows\System\XfVZEkS.exe

C:\Windows\System\tILULDI.exe

C:\Windows\System\tILULDI.exe

C:\Windows\System\kRPuZwk.exe

C:\Windows\System\kRPuZwk.exe

C:\Windows\System\xyJJcKC.exe

C:\Windows\System\xyJJcKC.exe

C:\Windows\System\YclzUbl.exe

C:\Windows\System\YclzUbl.exe

C:\Windows\System\VbvlcCG.exe

C:\Windows\System\VbvlcCG.exe

C:\Windows\System\AgVqNnu.exe

C:\Windows\System\AgVqNnu.exe

C:\Windows\System\xASOeVI.exe

C:\Windows\System\xASOeVI.exe

C:\Windows\System\fpOHMWz.exe

C:\Windows\System\fpOHMWz.exe

C:\Windows\System\YRWHemG.exe

C:\Windows\System\YRWHemG.exe

C:\Windows\System\CxKwlkj.exe

C:\Windows\System\CxKwlkj.exe

C:\Windows\System\fLxVwXF.exe

C:\Windows\System\fLxVwXF.exe

C:\Windows\System\mHgDXdw.exe

C:\Windows\System\mHgDXdw.exe

C:\Windows\System\wPoLdhA.exe

C:\Windows\System\wPoLdhA.exe

C:\Windows\System\hmwUNZi.exe

C:\Windows\System\hmwUNZi.exe

C:\Windows\System\itXZIse.exe

C:\Windows\System\itXZIse.exe

C:\Windows\System\VRRXrLe.exe

C:\Windows\System\VRRXrLe.exe

C:\Windows\System\UQkpSfV.exe

C:\Windows\System\UQkpSfV.exe

C:\Windows\System\uDxFmYE.exe

C:\Windows\System\uDxFmYE.exe

C:\Windows\System\fCCVrjN.exe

C:\Windows\System\fCCVrjN.exe

C:\Windows\System\sjuYQuO.exe

C:\Windows\System\sjuYQuO.exe

C:\Windows\System\WqdKIGh.exe

C:\Windows\System\WqdKIGh.exe

C:\Windows\System\JFrvBDw.exe

C:\Windows\System\JFrvBDw.exe

C:\Windows\System\ubcpbqG.exe

C:\Windows\System\ubcpbqG.exe

C:\Windows\System\gLMtdiv.exe

C:\Windows\System\gLMtdiv.exe

C:\Windows\System\kyYIrrn.exe

C:\Windows\System\kyYIrrn.exe

C:\Windows\System\thLiEVZ.exe

C:\Windows\System\thLiEVZ.exe

C:\Windows\System\nLrUGqe.exe

C:\Windows\System\nLrUGqe.exe

C:\Windows\System\RhPKGlM.exe

C:\Windows\System\RhPKGlM.exe

C:\Windows\System\brMSszi.exe

C:\Windows\System\brMSszi.exe

C:\Windows\System\FQChbfH.exe

C:\Windows\System\FQChbfH.exe

C:\Windows\System\yCTVROx.exe

C:\Windows\System\yCTVROx.exe

C:\Windows\System\EBiqyyJ.exe

C:\Windows\System\EBiqyyJ.exe

C:\Windows\System\NtUYQut.exe

C:\Windows\System\NtUYQut.exe

C:\Windows\System\MsPcYsa.exe

C:\Windows\System\MsPcYsa.exe

Network

N/A

Files

memory/2932-0-0x000000013F250000-0x000000013F5A4000-memory.dmp

memory/2932-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\iXSQwuh.exe

MD5 eed752b8ef3f34a803032397c48f0d5e
SHA1 22eee4bd6ee328e10c8a5b614e97abd360390f10
SHA256 eea85f8897e55582ce468ae6fb8327f61574449ea0c0c492cd91591c3e3daff3
SHA512 3fd3e07dc8fac9283fc03cd1759a410d854857c84cd3eb0b9e7eb37bf383167523e0e08f52b72493ea1248f23e0680bed7efa47e4eea0157eb60e02d36603584

memory/2932-7-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/2076-9-0x000000013F7B0000-0x000000013FB04000-memory.dmp

\Windows\system\wwbFVqI.exe

MD5 14724a2b50c65c40fad70c8b84b62a94
SHA1 3f586687d3e0c68be9cef9da0f12c871ec6cdeb2
SHA256 72218e8768736cc0c49d0a21e5f3cf6bc14763a4b6bed32a905f87a21ae12294
SHA512 dee8c80cb82a676695e5d7516d57ce9a239802a8d17ca3f27735db48ea16f3cd59709c5a390359c99e25c99045633bec3f75af144d970ca203da22f059fd4dd8

C:\Windows\system\YyCdSQF.exe

MD5 16c8b22f1c2f54dae6a867d909e96d05
SHA1 e971d4989335c8df07a283dd07f4c775db4f547a
SHA256 dee7fb3756cdc7d71c07da32ea4abf4519231527c65d02611794e7f225aec128
SHA512 53fc037c493796601c8e71d246727b0be78391a5ab433cb9f19c2a6ca76170e5afe6f3f111cb39422aeffe58eafdbc16f631beebdd1cd4a708ab5c6f469c3399

C:\Windows\system\TzXvdOB.exe

MD5 875ce478c4db053a128d999dbb386a05
SHA1 9dc0ab81d1aac80fe177f0ad167ecb661fcf95da
SHA256 6e8d069aa031b6e546d1e994671864554b49f2dbf28a7821a1fe5c67aae7deb3
SHA512 858bda9e41c5040ec903d5092b134cce9b8a960ce83e47ced750e52a8e6cf96f8f1ba7730b859e8a6a21ca35d126a067dde05519fadf609e905907b5f403a1eb

memory/2924-22-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2656-30-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/2932-28-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/2948-19-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2932-18-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2932-16-0x0000000001FE0000-0x0000000002334000-memory.dmp

\Windows\system\NyMZXjE.exe

MD5 82c5ee92f448f436faf2ca2768d2ca85
SHA1 c3b42d15366db81021dc258756191d3ad79374c0
SHA256 85e7cdb8a5028a49ea986780e80359b5208ff6f79171e65116f9d50ffe23db71
SHA512 21bd94a9bad33ee30ad097bc43ab585cfb9abbb0b4050e4b711f37db38e4ba9fcc953da8fef7e69d4612272231be160df6b5c9de28c9da82ad9b3eb03b608d24

\Windows\system\bktWtJB.exe

MD5 a1fc0e4ecfbe7a27b92dee745f335e04
SHA1 000242c3e96e675a58d477cf02e65bb51a94e9ea
SHA256 2556887ac278171267ad6262a330cab3205bccada91c6578be281cd931ad3029
SHA512 95cddc001a373cc453fd40cbb1fc6026c7a0106bb96f3958aae43889982d55c57e5b23a817591512f737a17bc49838428e3dfb30df2b305b3e63d65f3834aac1

\Windows\system\AZmlNwP.exe

MD5 67a066765a0788e60d03346e5ed6b941
SHA1 856c69d51fd58b35db0f93c84dd7b29ab2b16be4
SHA256 9aa9d846b96940cc9515776150385f41efcb55a7088d9f7f937f15cd2d1311f5
SHA512 6f9877ddcdd59d0a9284b885eab5dbf1961d061e9012fb3ebb1709504a6a8f23c235a6b05b0fb721dfb6dbaac402724091403deb76e1f0d39b08fb85b358b2e8

memory/2760-58-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2932-50-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/2932-49-0x000000013F250000-0x000000013F5A4000-memory.dmp

memory/2612-56-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/2776-43-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2932-42-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2748-36-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2932-35-0x000000013FE10000-0x0000000140164000-memory.dmp

C:\Windows\system\aUvbWVt.exe

MD5 dd08696f4615dd74c6d8c28f921aff38
SHA1 8fc6011eb6145a2a25e99517198c028f9d2a65f8
SHA256 52c2caa032692b023e9213fb476206499f25e8c059e4fe211e7899a1c10fed98
SHA512 52f4a3d9ab67a0c8e81133f5fffbb8215215abde2e13839f9696872d9460583b94e3ff1e8be4c152abd2a5e794ad340c22c8aa3816930cc6283f86a79f3729db

C:\Windows\system\hDRwFbS.exe

MD5 5ca0b8b77625163eddaa8e6a880d6124
SHA1 e642d81dfb1506ba4438c3b2d77439dbd4b24755
SHA256 d43f9b0dde312e2e89f14006b8a19cd27f8ba4cacf4ff000343e41e7e0a40f36
SHA512 909ce8add4f0719f6a6e905ed65f72b2f9f5abdd038b4646d75a9c8e0ad7788ee17b5e6101abd08f64b14abfb061d387c2ed5bfd007dfb8133c35e988f1c3820

memory/2932-77-0x000000013FA00000-0x000000013FD54000-memory.dmp

\Windows\system\PZrpFEK.exe

MD5 d7740a2b30b2d4ab0dfe2547887b5466
SHA1 ede5beaa8a15edee42d653447d9c801d6f49d6ea
SHA256 3a96b8df54d2ac527c5594748ce023bd5d5c7938425cf83b7add74e014f82216
SHA512 1c89c4d7ccc88a01bbaf72c8d551dae681ffbef694027dce11a97263ab4d7d808b3a9bac63797949690ee6a004750c2673d3539ddec2ec6e51534fef39f462ad

memory/2516-65-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2656-98-0x000000013F880000-0x000000013FBD4000-memory.dmp

C:\Windows\system\uiWnIet.exe

MD5 df10770416f123ad0de251c2dff3db9e
SHA1 7d133d2923689839b49cd91f67220d991b773215
SHA256 8e727e8eb683812212b2fc5ba39c5618acdad38dac7649fc9f01c66694f1de13
SHA512 0e3e4364164f574d0ed0e313e09f330ccce965f97e78888a391bc88cf9cb01375876c7757f5c210557addbd6cbea88a8c77c5d09e7115cdfa15efad4fbe02d83

C:\Windows\system\qpeIKWc.exe

MD5 2a881cabd905ef6e5a25091e457e1d78
SHA1 993881e456d5db417d325578c8796413b90de981
SHA256 4a9fcea730ba81dae873dd6996b0deb33860f3a5eccc48a392d641657c2b5caa
SHA512 2d6a9944501eb419bbe5f7b4f7a5d7e91a626e319c7999c7b2ba79987a178abdb0ca9acd507f2ce2b4b25991ae9912c613d462988a0b0bb5ce3e2fff19b81d29

memory/2932-1527-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2916-1541-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2760-907-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2516-596-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2612-320-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/2776-319-0x000000013F780000-0x000000013FAD4000-memory.dmp

C:\Windows\system\wxHvyBW.exe

MD5 f4092b594719681d9303801259b6cb4b
SHA1 c15524434abb049d1a7e7e02edfebe1d1740cc10
SHA256 d766e55196790dc8a9156e3f4cb06788fa6603f3fd0bc4ba0b780c795a8c516a
SHA512 fffecf2c359777427ddbbf90a8aac915ece3cb580d735a2afd3b74eb304eff54daaf5a5aed8f109b7439751f4c0a1fbdb3c48720fe215c862100e79cc805d096

C:\Windows\system\KsfIdlL.exe

MD5 51376497aff06d91d4a277d16ba05972
SHA1 5f45302bec5fc246438a5ee0ef5815babe94685d
SHA256 faa64fafb388bdd94aef2b4e0626c377c954ae71e9cc9724d001a2485e56927f
SHA512 bb9b6dde4594dbdf7ddf28195779ebb3e0d88365f6c243cd50445233b0ab7b8a09be3b803969c6bdf15a3cda2a1b8fc2fcfbc95d43d0ab3bdd86cc887a9b87c0

C:\Windows\system\BsFBusD.exe

MD5 950e791d1f52f57d3042671c956f9c40
SHA1 514680d896196e1a34abc68322be6adddb7c7264
SHA256 445fd48ac8b435d22ea00a6597d2ef175241f74a1a6acac6ec66e21507d99888
SHA512 46e77fac7bf0f11dbef43ce0cb8b4080f74f111bd08a0f1f739502dddf78b19ab41226fb2a0dfac0e4ad20a29f0a5d9131171ba82b805a34a961ee6c2bd377ad

C:\Windows\system\qWZTnub.exe

MD5 2a5dc2ad5a8dc5e9b5f97c487a9015e4
SHA1 f36e458a145591396c6124d594ac01cd77275cd2
SHA256 b16400d8e052c104c64cd7a95b84f9504777e3faa73be1ac5b732f2812d812df
SHA512 d3d66d373fd925b6ab6216c6e3403aa3c1aba809c7165018acc25c01435a3e128d26ba981e185af17c716cf0ab9e48d399c31ea51d2e467e8c85dff72c6b4b46

C:\Windows\system\sSXthrq.exe

MD5 98126afe5f976ad1f5715cf777cf063b
SHA1 7547abfc6853126aa0b6b19f792edd192535ce57
SHA256 6aefb391b89492ad7ab077a5d8f31a4aa1a7481f1049cb5b81e0d339926252d6
SHA512 664c77111f281aae862dcef12ca50c6994accbbee532b9043af116ed0933c233386e9b0a4525dae17a93a86545bad4488549922b9c4ef11056e899051ff53d43

C:\Windows\system\imHmcSv.exe

MD5 edf35ccbea4bbfb88218cfb7dac9dea5
SHA1 c454c899f8108b4f0a7e092a4426f55c5f07e5ae
SHA256 a1f1c709f71ab1595ea5d6c654a0e79ccca32e04f34d85f1f5d562215c077d65
SHA512 c475a8572c4ca5fd342ec9fdfd83806c984e30be4e37a66236cb4cbb9a3b0d5116413ec325d3816cacfba5b38e53c260c9339c486b0dd0f717a9695ebb44815f

C:\Windows\system\sIyCikc.exe

MD5 9cec10c31ec942d4bb07ea21e0191fed
SHA1 8cdabe85230b5817bfa89a6d16dccbcc582ea299
SHA256 2625bbad412401aeb923ad9dd7c5c64dc755a48c4da8a76ea39f33cbc176bded
SHA512 8d8d0e421c413be2c315d8986921233ca48aa0e54ae27fd1b7d456a1ce55ebfaf2abb14078d611b6613330f55f05b803e989403712623db082f33cec1fec3e00

C:\Windows\system\WbNozne.exe

MD5 7aab07769fa63eb55ef4492ab59f4ba4
SHA1 d7b72704ac950688ff408ff6a8700c964380eaea
SHA256 a183b69cf55eeaa2ccab4a50a9809656fc61c85b8a0790ea685b5d7c904595f2
SHA512 444d4d73e78c12d239dc019a1ad306734db8ac21c3e649ff784f878114b69bf75957d344cebbee493fa53eb3bccf3ff8b43efda9d6e8253c23e7dee440d89e15

C:\Windows\system\TPWqdkO.exe

MD5 2d91ed94346fb9981f51bd4d1ef020be
SHA1 72739a4af6f9d01eaabdd0f163cac2c945845bec
SHA256 7252c3324a52b8fcf24fecaf3a486c3fa845e5388b4d698a48e85029c969f014
SHA512 447fdf8a02f2a8cc27e3f254ef4894fda4807a9fa4961aa7db46a6a718cbc3aefa58aa0aa3ba3c9a20ab597c21355cfb1a8bd3c61b6ecbf87434503f10c20d1d

C:\Windows\system\qiphGIm.exe

MD5 66161b7df3b0951a96ddf74eea0afbe0
SHA1 e21b48065e81a3ab992783b022036a15db5dcf37
SHA256 74e80d26903d9bca38e8076779bd152288808d1fcf77115e9efb3805f599e168
SHA512 9bab43540990512b40243496aa317301be9c80eae7d4c09a22ced29e293642aac84d2c647ca5a1575baf8403ce60d0b92ee0f9209be1a6f315b5a518d197731d

C:\Windows\system\hcJUfXR.exe

MD5 05fb32cb5e587b82d1a96563257b5f92
SHA1 bf37628f08e6264d993d72e5bb0967c76c8bc9f2
SHA256 985811e9bee5db9d973715652fbd3aef90ba4a9f2fb0947f8d1dd44e6a018a49
SHA512 ba9e5f7f8cbb8d90f157836c45cdb555c1060569e89a46cfc79c8f17bb1fa3933a208d63436bb974dcb5fd138026d166c95a2d094b0ab9cf9bf5a06b96886032

C:\Windows\system\jEChWtC.exe

MD5 53c94f7345de1c06beb7efe57eafa2fc
SHA1 4b6b6f5c901bf273f32ca13fbb5b4cbc8948cf85
SHA256 054621140a3acbb25b11e22ae5524ff4f62941ee575d03d8070156fb2dbe2937
SHA512 f84d80ee1d9a49c00acdad1a5e26b5a3d492148b9417249bcdf31f54a1b3c82f40285adca6c9f3c93a26d5ca3d92926573ad39054e878102b7895e94a0c7d466

C:\Windows\system\sbJQgGY.exe

MD5 c1dded7fc7db5bdadbdb10379e7c05d3
SHA1 035ec0bdbac4a3b53d3031693534a88e926fbbfa
SHA256 9f6877dfc200e03059963d4d790ef73e8924d89a840c232edb22ccb426104d57
SHA512 ec47896e43f79d288f3c8d831f9bca865817f952d9f0c7fd4f508be02a1516ee396183c078a1383fef80dd0fb26252329ced65902792084f94dbc339453838fb

C:\Windows\system\sWJkDFv.exe

MD5 85bafc1f9b5349356f7c2fea1943e0d7
SHA1 a6dc8e87d7ff9704e6a9ea74beb4a260920ed7c1
SHA256 82b3f8779ecae14b64a48f988321c5b52678764197dc90c4b372000c18aef8ac
SHA512 71316560be1ebd44130622fae66e483676b71b1fafea11df0ad1f7b17674c93a1d91954257af7bbe5f6ecaa1be4e7e04f535a5206d784b16406c2fa7864f7c99

C:\Windows\system\qfaPDTW.exe

MD5 814562f8ed1a9d68ed3f85f07d95fbed
SHA1 4290168066b3285e87a05a514943087216960c52
SHA256 28d5d8458722d5c3a5583e2d7fea46529cee1dc97be336de1057b35ae334728f
SHA512 b5154d13dda8d2f8446555ea3da3c5231841f1cb4bbd1dbb287e10aed892cba2fc326ac6688fe7a6191d6109b8d281fee42bceac4dedbec03bc1c2a8ac710030

C:\Windows\system\azCSYif.exe

MD5 8d22f8e6d84ae3878ebf2f00f4cf46fc
SHA1 53e3b48c84c4a99e42fd3fe18856c83fcea0cc8d
SHA256 11c9805dfea7b3cf9175a39aa8df45072bc5adfa288494ed298ef3460fc8d7ac
SHA512 6c0eddb07c8c22bf11d7ac5721722e123a30d207a9b1838e54ca0c706aef7c1f02f20dd8cc03f7443548d064ba4d933025b67e8309aef474c19ddd7e4385f54d

memory/2932-106-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2748-105-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/1432-100-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2932-99-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2044-93-0x000000013F480000-0x000000013F7D4000-memory.dmp

C:\Windows\system\vfnLyXw.exe

MD5 a7efb0e0aba85da199c35c4fb9afb357
SHA1 d78d30970d095dec3285692232d70ea4e1fa9bd0
SHA256 08172cafd6a9bbac54747cfaeca60152ab847d1f70b6bf63907d2e15298e8391
SHA512 2472aaf7b7e5b657f7919fb96a9e10a0e4a6fb4246b9f67e91e9909bdf178e16968959e2d3bba4619c95e0a51b0c5de26ec5e034c4d6f39075692faaaf19825f

memory/1696-91-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/2924-90-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2948-89-0x000000013F240000-0x000000013F594000-memory.dmp

C:\Windows\system\OTcusua.exe

MD5 866a0a8e5240ff1a9f5b853e3f328571
SHA1 87729a3c9a16ad537f429680b3a457d197e5b9b0
SHA256 0593aa2b621d2c9ff62b44c077388a08b862d4af0a24383dfacd4a400856f754
SHA512 4e26b11618865250fa8e1c45d9d6771a4aa545bfccd3d243246beb73b0bdda40d01e750aec9718b5e6876f5857d0bad5278e81ab69e1e09c798571f21a684e75

memory/2932-87-0x0000000001FE0000-0x0000000002334000-memory.dmp

memory/2932-86-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2932-85-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/2916-83-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2588-82-0x000000013FA00000-0x000000013FD54000-memory.dmp

C:\Windows\system\VMooCKS.exe

MD5 e120d7ac43791f2df97567562f2a7353
SHA1 cd84baaf3013bed77b6ce2484f517639b4578aad
SHA256 07a932d557c16beace6fe3bfaa5195fd382c0a526d06df11600ae203a2dcf869
SHA512 91cf9e79e9ba06907bade40a61e8bc1a07cf7a90e631f7efb312c8061fdda156a53d979b5df24ee5dae9e96cedaf0ed07e5b180c73c20f49e779774fd5887f5e

memory/2076-63-0x000000013F7B0000-0x000000013FB04000-memory.dmp

C:\Windows\system\KJmxVui.exe

MD5 f916598e9662e3bd24cf88e929495d98
SHA1 2dee4d293eaf8bd3fd75eecedafcb508503c8255
SHA256 8cd3b0cc692d62a3ef2871e8bcfec1dc10567470c10e00115df35e4dc5c74907
SHA512 620fbf753cb197171d88260116a74a86850f64877873e77f5c662b6eab2ea0f86409b61004c4f688489d6eb2051104ceb1ef5da1bdfd50414005d06965934d49

memory/2932-2114-0x0000000001FE0000-0x0000000002334000-memory.dmp

memory/1696-2560-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/2044-2681-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/1432-2858-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2932-2854-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2932-2942-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2932-4014-0x000000013F250000-0x000000013F5A4000-memory.dmp

memory/2076-4015-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/2948-4016-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2656-4017-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/2924-4018-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2748-4019-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2776-4020-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2760-4021-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2612-4022-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/2516-4023-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2588-4024-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2916-4025-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/1432-4026-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2044-4027-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/1696-4028-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 00:37

Reported

2024-06-04 00:39

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lAmwOUS.exe N/A
N/A N/A C:\Windows\System\RfVNXRx.exe N/A
N/A N/A C:\Windows\System\zqdIjbI.exe N/A
N/A N/A C:\Windows\System\BzBFyqm.exe N/A
N/A N/A C:\Windows\System\qDsWrDw.exe N/A
N/A N/A C:\Windows\System\PHqMlRQ.exe N/A
N/A N/A C:\Windows\System\KCjWFlY.exe N/A
N/A N/A C:\Windows\System\CseSyLX.exe N/A
N/A N/A C:\Windows\System\MteMJMk.exe N/A
N/A N/A C:\Windows\System\tmjMOfv.exe N/A
N/A N/A C:\Windows\System\kfITnpU.exe N/A
N/A N/A C:\Windows\System\PrnXlmt.exe N/A
N/A N/A C:\Windows\System\CnEXSci.exe N/A
N/A N/A C:\Windows\System\xStSIpg.exe N/A
N/A N/A C:\Windows\System\tOzlDld.exe N/A
N/A N/A C:\Windows\System\jXqWfRi.exe N/A
N/A N/A C:\Windows\System\GgoyhpC.exe N/A
N/A N/A C:\Windows\System\qSojTeA.exe N/A
N/A N/A C:\Windows\System\dJJcXZp.exe N/A
N/A N/A C:\Windows\System\FZLmHTh.exe N/A
N/A N/A C:\Windows\System\uxKwWET.exe N/A
N/A N/A C:\Windows\System\YOYuqPJ.exe N/A
N/A N/A C:\Windows\System\sTAsKBd.exe N/A
N/A N/A C:\Windows\System\rIvQVIC.exe N/A
N/A N/A C:\Windows\System\fmPahdK.exe N/A
N/A N/A C:\Windows\System\PVorQSL.exe N/A
N/A N/A C:\Windows\System\dEcLoZe.exe N/A
N/A N/A C:\Windows\System\Lhhpfic.exe N/A
N/A N/A C:\Windows\System\wzeEaSn.exe N/A
N/A N/A C:\Windows\System\cBGlgJP.exe N/A
N/A N/A C:\Windows\System\aubCSjD.exe N/A
N/A N/A C:\Windows\System\qGLcrkO.exe N/A
N/A N/A C:\Windows\System\wVcckJf.exe N/A
N/A N/A C:\Windows\System\gBonUoJ.exe N/A
N/A N/A C:\Windows\System\YSQBeWu.exe N/A
N/A N/A C:\Windows\System\UmAzMrs.exe N/A
N/A N/A C:\Windows\System\ZBEbTcL.exe N/A
N/A N/A C:\Windows\System\DYrLvEW.exe N/A
N/A N/A C:\Windows\System\SKOpodl.exe N/A
N/A N/A C:\Windows\System\LYlzLVA.exe N/A
N/A N/A C:\Windows\System\NlNNNUr.exe N/A
N/A N/A C:\Windows\System\SOgASsP.exe N/A
N/A N/A C:\Windows\System\cYVtjgi.exe N/A
N/A N/A C:\Windows\System\NaSkVNI.exe N/A
N/A N/A C:\Windows\System\invWMqf.exe N/A
N/A N/A C:\Windows\System\uCTKsiD.exe N/A
N/A N/A C:\Windows\System\hHRypCJ.exe N/A
N/A N/A C:\Windows\System\MCgedYv.exe N/A
N/A N/A C:\Windows\System\mhXrqbh.exe N/A
N/A N/A C:\Windows\System\QlmeyVI.exe N/A
N/A N/A C:\Windows\System\vgEXRtU.exe N/A
N/A N/A C:\Windows\System\phZNqHr.exe N/A
N/A N/A C:\Windows\System\AjkEofC.exe N/A
N/A N/A C:\Windows\System\XDucHhl.exe N/A
N/A N/A C:\Windows\System\piRmJZN.exe N/A
N/A N/A C:\Windows\System\gzgiFpX.exe N/A
N/A N/A C:\Windows\System\feWzmbP.exe N/A
N/A N/A C:\Windows\System\aAnkcwW.exe N/A
N/A N/A C:\Windows\System\bkJTkhq.exe N/A
N/A N/A C:\Windows\System\YAorWzM.exe N/A
N/A N/A C:\Windows\System\wMUQjUs.exe N/A
N/A N/A C:\Windows\System\uDOjTBt.exe N/A
N/A N/A C:\Windows\System\qWaPcGO.exe N/A
N/A N/A C:\Windows\System\uVWqHsX.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\uSzhpLe.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBonUoJ.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eerOWxM.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CFTZlHj.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mOZfIya.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhVnQZl.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dposxtF.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kClYqFa.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUkunkz.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\knjqxHP.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhXrqbh.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhnyXTj.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DsJcASS.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pqsNXMm.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\taeIWZD.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YVKRMNA.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDLnQWT.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzoJOFI.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VMyFEfC.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMUYQYo.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fjfmwFw.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AaUsBls.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkJTkhq.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZzgkEnH.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPSLaja.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xgSsAoO.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IlUejAQ.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aRCIAqY.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YQWyDHS.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KPZOfte.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJKpYLT.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jUcfGgO.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nAfMxza.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQgkPcn.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJNkayd.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rAuuDIV.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sdGozUZ.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FDBfqiG.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FFWzjZE.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SCcKPDJ.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\plUyRVH.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYtHyMC.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tRNdNsy.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNjizLC.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wzeEaSn.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgEXRtU.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KEwqowJ.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XThjBoS.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBNcEnH.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vnpKzCC.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ybKsWFQ.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aFrTemF.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zOvecvO.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zlYeBlc.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGSBWrK.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EXQSRWM.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OEmJVUH.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eWlnOuk.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgrvbpT.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qHFULgi.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\abYGTfN.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lZNJEXB.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJgTzLs.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lyafltk.exe C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3880 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\lAmwOUS.exe
PID 3880 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\lAmwOUS.exe
PID 3880 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\RfVNXRx.exe
PID 3880 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\RfVNXRx.exe
PID 3880 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\zqdIjbI.exe
PID 3880 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\zqdIjbI.exe
PID 3880 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\BzBFyqm.exe
PID 3880 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\BzBFyqm.exe
PID 3880 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qDsWrDw.exe
PID 3880 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qDsWrDw.exe
PID 3880 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PHqMlRQ.exe
PID 3880 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PHqMlRQ.exe
PID 3880 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\KCjWFlY.exe
PID 3880 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\KCjWFlY.exe
PID 3880 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\CseSyLX.exe
PID 3880 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\CseSyLX.exe
PID 3880 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\MteMJMk.exe
PID 3880 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\MteMJMk.exe
PID 3880 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\tmjMOfv.exe
PID 3880 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\tmjMOfv.exe
PID 3880 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\kfITnpU.exe
PID 3880 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\kfITnpU.exe
PID 3880 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PrnXlmt.exe
PID 3880 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PrnXlmt.exe
PID 3880 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\CnEXSci.exe
PID 3880 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\CnEXSci.exe
PID 3880 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\xStSIpg.exe
PID 3880 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\xStSIpg.exe
PID 3880 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\tOzlDld.exe
PID 3880 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\tOzlDld.exe
PID 3880 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\jXqWfRi.exe
PID 3880 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\jXqWfRi.exe
PID 3880 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\GgoyhpC.exe
PID 3880 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\GgoyhpC.exe
PID 3880 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qSojTeA.exe
PID 3880 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qSojTeA.exe
PID 3880 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\dJJcXZp.exe
PID 3880 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\dJJcXZp.exe
PID 3880 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\FZLmHTh.exe
PID 3880 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\FZLmHTh.exe
PID 3880 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\uxKwWET.exe
PID 3880 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\uxKwWET.exe
PID 3880 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\YOYuqPJ.exe
PID 3880 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\YOYuqPJ.exe
PID 3880 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\sTAsKBd.exe
PID 3880 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\sTAsKBd.exe
PID 3880 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\rIvQVIC.exe
PID 3880 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\rIvQVIC.exe
PID 3880 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\fmPahdK.exe
PID 3880 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\fmPahdK.exe
PID 3880 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PVorQSL.exe
PID 3880 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\PVorQSL.exe
PID 3880 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\dEcLoZe.exe
PID 3880 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\dEcLoZe.exe
PID 3880 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\Lhhpfic.exe
PID 3880 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\Lhhpfic.exe
PID 3880 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\wzeEaSn.exe
PID 3880 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\wzeEaSn.exe
PID 3880 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\cBGlgJP.exe
PID 3880 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\cBGlgJP.exe
PID 3880 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\aubCSjD.exe
PID 3880 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\aubCSjD.exe
PID 3880 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qGLcrkO.exe
PID 3880 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe C:\Windows\System\qGLcrkO.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe"

C:\Windows\System\lAmwOUS.exe

C:\Windows\System\lAmwOUS.exe

C:\Windows\System\RfVNXRx.exe

C:\Windows\System\RfVNXRx.exe

C:\Windows\System\zqdIjbI.exe

C:\Windows\System\zqdIjbI.exe

C:\Windows\System\BzBFyqm.exe

C:\Windows\System\BzBFyqm.exe

C:\Windows\System\qDsWrDw.exe

C:\Windows\System\qDsWrDw.exe

C:\Windows\System\PHqMlRQ.exe

C:\Windows\System\PHqMlRQ.exe

C:\Windows\System\KCjWFlY.exe

C:\Windows\System\KCjWFlY.exe

C:\Windows\System\CseSyLX.exe

C:\Windows\System\CseSyLX.exe

C:\Windows\System\MteMJMk.exe

C:\Windows\System\MteMJMk.exe

C:\Windows\System\tmjMOfv.exe

C:\Windows\System\tmjMOfv.exe

C:\Windows\System\kfITnpU.exe

C:\Windows\System\kfITnpU.exe

C:\Windows\System\PrnXlmt.exe

C:\Windows\System\PrnXlmt.exe

C:\Windows\System\CnEXSci.exe

C:\Windows\System\CnEXSci.exe

C:\Windows\System\xStSIpg.exe

C:\Windows\System\xStSIpg.exe

C:\Windows\System\tOzlDld.exe

C:\Windows\System\tOzlDld.exe

C:\Windows\System\jXqWfRi.exe

C:\Windows\System\jXqWfRi.exe

C:\Windows\System\GgoyhpC.exe

C:\Windows\System\GgoyhpC.exe

C:\Windows\System\qSojTeA.exe

C:\Windows\System\qSojTeA.exe

C:\Windows\System\dJJcXZp.exe

C:\Windows\System\dJJcXZp.exe

C:\Windows\System\FZLmHTh.exe

C:\Windows\System\FZLmHTh.exe

C:\Windows\System\uxKwWET.exe

C:\Windows\System\uxKwWET.exe

C:\Windows\System\YOYuqPJ.exe

C:\Windows\System\YOYuqPJ.exe

C:\Windows\System\sTAsKBd.exe

C:\Windows\System\sTAsKBd.exe

C:\Windows\System\rIvQVIC.exe

C:\Windows\System\rIvQVIC.exe

C:\Windows\System\fmPahdK.exe

C:\Windows\System\fmPahdK.exe

C:\Windows\System\PVorQSL.exe

C:\Windows\System\PVorQSL.exe

C:\Windows\System\dEcLoZe.exe

C:\Windows\System\dEcLoZe.exe

C:\Windows\System\Lhhpfic.exe

C:\Windows\System\Lhhpfic.exe

C:\Windows\System\wzeEaSn.exe

C:\Windows\System\wzeEaSn.exe

C:\Windows\System\cBGlgJP.exe

C:\Windows\System\cBGlgJP.exe

C:\Windows\System\aubCSjD.exe

C:\Windows\System\aubCSjD.exe

C:\Windows\System\qGLcrkO.exe

C:\Windows\System\qGLcrkO.exe

C:\Windows\System\wVcckJf.exe

C:\Windows\System\wVcckJf.exe

C:\Windows\System\gBonUoJ.exe

C:\Windows\System\gBonUoJ.exe

C:\Windows\System\YSQBeWu.exe

C:\Windows\System\YSQBeWu.exe

C:\Windows\System\UmAzMrs.exe

C:\Windows\System\UmAzMrs.exe

C:\Windows\System\ZBEbTcL.exe

C:\Windows\System\ZBEbTcL.exe

C:\Windows\System\DYrLvEW.exe

C:\Windows\System\DYrLvEW.exe

C:\Windows\System\SKOpodl.exe

C:\Windows\System\SKOpodl.exe

C:\Windows\System\LYlzLVA.exe

C:\Windows\System\LYlzLVA.exe

C:\Windows\System\NlNNNUr.exe

C:\Windows\System\NlNNNUr.exe

C:\Windows\System\SOgASsP.exe

C:\Windows\System\SOgASsP.exe

C:\Windows\System\cYVtjgi.exe

C:\Windows\System\cYVtjgi.exe

C:\Windows\System\NaSkVNI.exe

C:\Windows\System\NaSkVNI.exe

C:\Windows\System\invWMqf.exe

C:\Windows\System\invWMqf.exe

C:\Windows\System\uCTKsiD.exe

C:\Windows\System\uCTKsiD.exe

C:\Windows\System\hHRypCJ.exe

C:\Windows\System\hHRypCJ.exe

C:\Windows\System\MCgedYv.exe

C:\Windows\System\MCgedYv.exe

C:\Windows\System\mhXrqbh.exe

C:\Windows\System\mhXrqbh.exe

C:\Windows\System\QlmeyVI.exe

C:\Windows\System\QlmeyVI.exe

C:\Windows\System\vgEXRtU.exe

C:\Windows\System\vgEXRtU.exe

C:\Windows\System\phZNqHr.exe

C:\Windows\System\phZNqHr.exe

C:\Windows\System\AjkEofC.exe

C:\Windows\System\AjkEofC.exe

C:\Windows\System\XDucHhl.exe

C:\Windows\System\XDucHhl.exe

C:\Windows\System\piRmJZN.exe

C:\Windows\System\piRmJZN.exe

C:\Windows\System\gzgiFpX.exe

C:\Windows\System\gzgiFpX.exe

C:\Windows\System\feWzmbP.exe

C:\Windows\System\feWzmbP.exe

C:\Windows\System\aAnkcwW.exe

C:\Windows\System\aAnkcwW.exe

C:\Windows\System\bkJTkhq.exe

C:\Windows\System\bkJTkhq.exe

C:\Windows\System\YAorWzM.exe

C:\Windows\System\YAorWzM.exe

C:\Windows\System\wMUQjUs.exe

C:\Windows\System\wMUQjUs.exe

C:\Windows\System\uDOjTBt.exe

C:\Windows\System\uDOjTBt.exe

C:\Windows\System\qWaPcGO.exe

C:\Windows\System\qWaPcGO.exe

C:\Windows\System\uVWqHsX.exe

C:\Windows\System\uVWqHsX.exe

C:\Windows\System\FDBfqiG.exe

C:\Windows\System\FDBfqiG.exe

C:\Windows\System\rTiXKsN.exe

C:\Windows\System\rTiXKsN.exe

C:\Windows\System\qzyoEfs.exe

C:\Windows\System\qzyoEfs.exe

C:\Windows\System\kaGWCxM.exe

C:\Windows\System\kaGWCxM.exe

C:\Windows\System\KPZOfte.exe

C:\Windows\System\KPZOfte.exe

C:\Windows\System\zVTXpQZ.exe

C:\Windows\System\zVTXpQZ.exe

C:\Windows\System\OCDNChC.exe

C:\Windows\System\OCDNChC.exe

C:\Windows\System\SQxgUxT.exe

C:\Windows\System\SQxgUxT.exe

C:\Windows\System\tewHaVV.exe

C:\Windows\System\tewHaVV.exe

C:\Windows\System\LVpKssJ.exe

C:\Windows\System\LVpKssJ.exe

C:\Windows\System\XVShjov.exe

C:\Windows\System\XVShjov.exe

C:\Windows\System\LZsaheX.exe

C:\Windows\System\LZsaheX.exe

C:\Windows\System\NLAYsdB.exe

C:\Windows\System\NLAYsdB.exe

C:\Windows\System\pwdXczO.exe

C:\Windows\System\pwdXczO.exe

C:\Windows\System\RGgqaGy.exe

C:\Windows\System\RGgqaGy.exe

C:\Windows\System\JegsbpG.exe

C:\Windows\System\JegsbpG.exe

C:\Windows\System\VdbreIZ.exe

C:\Windows\System\VdbreIZ.exe

C:\Windows\System\ofIAJzW.exe

C:\Windows\System\ofIAJzW.exe

C:\Windows\System\fqbVBVl.exe

C:\Windows\System\fqbVBVl.exe

C:\Windows\System\pjEsaqI.exe

C:\Windows\System\pjEsaqI.exe

C:\Windows\System\Tudilbu.exe

C:\Windows\System\Tudilbu.exe

C:\Windows\System\ONSyXkR.exe

C:\Windows\System\ONSyXkR.exe

C:\Windows\System\syZzNHv.exe

C:\Windows\System\syZzNHv.exe

C:\Windows\System\UuotTsg.exe

C:\Windows\System\UuotTsg.exe

C:\Windows\System\ntwcrpY.exe

C:\Windows\System\ntwcrpY.exe

C:\Windows\System\HzvhGuN.exe

C:\Windows\System\HzvhGuN.exe

C:\Windows\System\lJKpYLT.exe

C:\Windows\System\lJKpYLT.exe

C:\Windows\System\ChAridi.exe

C:\Windows\System\ChAridi.exe

C:\Windows\System\FFWzjZE.exe

C:\Windows\System\FFWzjZE.exe

C:\Windows\System\zlYeBlc.exe

C:\Windows\System\zlYeBlc.exe

C:\Windows\System\vrRGyKL.exe

C:\Windows\System\vrRGyKL.exe

C:\Windows\System\ImyAtdP.exe

C:\Windows\System\ImyAtdP.exe

C:\Windows\System\SlSGMwT.exe

C:\Windows\System\SlSGMwT.exe

C:\Windows\System\VJqAyRS.exe

C:\Windows\System\VJqAyRS.exe

C:\Windows\System\jNFNQRf.exe

C:\Windows\System\jNFNQRf.exe

C:\Windows\System\iegDhbK.exe

C:\Windows\System\iegDhbK.exe

C:\Windows\System\bgnVFWY.exe

C:\Windows\System\bgnVFWY.exe

C:\Windows\System\dXzkPhr.exe

C:\Windows\System\dXzkPhr.exe

C:\Windows\System\DBiyfkJ.exe

C:\Windows\System\DBiyfkJ.exe

C:\Windows\System\DSgVOVl.exe

C:\Windows\System\DSgVOVl.exe

C:\Windows\System\eAMgLEX.exe

C:\Windows\System\eAMgLEX.exe

C:\Windows\System\aJdbSxp.exe

C:\Windows\System\aJdbSxp.exe

C:\Windows\System\lVwBpMv.exe

C:\Windows\System\lVwBpMv.exe

C:\Windows\System\pHYPfkE.exe

C:\Windows\System\pHYPfkE.exe

C:\Windows\System\BgrvbpT.exe

C:\Windows\System\BgrvbpT.exe

C:\Windows\System\WnEgJXr.exe

C:\Windows\System\WnEgJXr.exe

C:\Windows\System\XfViMMX.exe

C:\Windows\System\XfViMMX.exe

C:\Windows\System\fBThvgL.exe

C:\Windows\System\fBThvgL.exe

C:\Windows\System\imBGjTh.exe

C:\Windows\System\imBGjTh.exe

C:\Windows\System\ucGuUgX.exe

C:\Windows\System\ucGuUgX.exe

C:\Windows\System\dayjwIM.exe

C:\Windows\System\dayjwIM.exe

C:\Windows\System\sUQZZDB.exe

C:\Windows\System\sUQZZDB.exe

C:\Windows\System\OiZodio.exe

C:\Windows\System\OiZodio.exe

C:\Windows\System\EenoQby.exe

C:\Windows\System\EenoQby.exe

C:\Windows\System\RjDqqTp.exe

C:\Windows\System\RjDqqTp.exe

C:\Windows\System\kyWirIK.exe

C:\Windows\System\kyWirIK.exe

C:\Windows\System\nXTKKuy.exe

C:\Windows\System\nXTKKuy.exe

C:\Windows\System\jNAnpUO.exe

C:\Windows\System\jNAnpUO.exe

C:\Windows\System\JYNiega.exe

C:\Windows\System\JYNiega.exe

C:\Windows\System\bzoJOFI.exe

C:\Windows\System\bzoJOFI.exe

C:\Windows\System\fXMrMBG.exe

C:\Windows\System\fXMrMBG.exe

C:\Windows\System\xmIdeZF.exe

C:\Windows\System\xmIdeZF.exe

C:\Windows\System\yHryzCz.exe

C:\Windows\System\yHryzCz.exe

C:\Windows\System\NIXvndD.exe

C:\Windows\System\NIXvndD.exe

C:\Windows\System\trKTyCG.exe

C:\Windows\System\trKTyCG.exe

C:\Windows\System\EZLMJjD.exe

C:\Windows\System\EZLMJjD.exe

C:\Windows\System\YrzreYz.exe

C:\Windows\System\YrzreYz.exe

C:\Windows\System\xGSBWrK.exe

C:\Windows\System\xGSBWrK.exe

C:\Windows\System\yBymdgq.exe

C:\Windows\System\yBymdgq.exe

C:\Windows\System\MkriZOb.exe

C:\Windows\System\MkriZOb.exe

C:\Windows\System\YrQriPh.exe

C:\Windows\System\YrQriPh.exe

C:\Windows\System\ifkFQcm.exe

C:\Windows\System\ifkFQcm.exe

C:\Windows\System\XvlbJhD.exe

C:\Windows\System\XvlbJhD.exe

C:\Windows\System\tyYUXta.exe

C:\Windows\System\tyYUXta.exe

C:\Windows\System\luwmMMj.exe

C:\Windows\System\luwmMMj.exe

C:\Windows\System\IUbmhRG.exe

C:\Windows\System\IUbmhRG.exe

C:\Windows\System\cuxgPGG.exe

C:\Windows\System\cuxgPGG.exe

C:\Windows\System\qXvmfIM.exe

C:\Windows\System\qXvmfIM.exe

C:\Windows\System\hSQOEVc.exe

C:\Windows\System\hSQOEVc.exe

C:\Windows\System\qsBdDFZ.exe

C:\Windows\System\qsBdDFZ.exe

C:\Windows\System\YOIKaWo.exe

C:\Windows\System\YOIKaWo.exe

C:\Windows\System\qHFULgi.exe

C:\Windows\System\qHFULgi.exe

C:\Windows\System\kBteoCG.exe

C:\Windows\System\kBteoCG.exe

C:\Windows\System\yiuOVnv.exe

C:\Windows\System\yiuOVnv.exe

C:\Windows\System\adQYcXL.exe

C:\Windows\System\adQYcXL.exe

C:\Windows\System\NxddYci.exe

C:\Windows\System\NxddYci.exe

C:\Windows\System\BVFQjce.exe

C:\Windows\System\BVFQjce.exe

C:\Windows\System\kTGRaRE.exe

C:\Windows\System\kTGRaRE.exe

C:\Windows\System\EgyQwzq.exe

C:\Windows\System\EgyQwzq.exe

C:\Windows\System\irSvRKc.exe

C:\Windows\System\irSvRKc.exe

C:\Windows\System\dYDOdDW.exe

C:\Windows\System\dYDOdDW.exe

C:\Windows\System\SCcKPDJ.exe

C:\Windows\System\SCcKPDJ.exe

C:\Windows\System\cNNjGMf.exe

C:\Windows\System\cNNjGMf.exe

C:\Windows\System\TCocCQO.exe

C:\Windows\System\TCocCQO.exe

C:\Windows\System\GANMVbE.exe

C:\Windows\System\GANMVbE.exe

C:\Windows\System\FVuTnqm.exe

C:\Windows\System\FVuTnqm.exe

C:\Windows\System\udpVfJk.exe

C:\Windows\System\udpVfJk.exe

C:\Windows\System\uJPCKSx.exe

C:\Windows\System\uJPCKSx.exe

C:\Windows\System\JyGkucX.exe

C:\Windows\System\JyGkucX.exe

C:\Windows\System\lCPsMTE.exe

C:\Windows\System\lCPsMTE.exe

C:\Windows\System\lyafltk.exe

C:\Windows\System\lyafltk.exe

C:\Windows\System\EyRbfcJ.exe

C:\Windows\System\EyRbfcJ.exe

C:\Windows\System\KIFYhRW.exe

C:\Windows\System\KIFYhRW.exe

C:\Windows\System\iijCWCR.exe

C:\Windows\System\iijCWCR.exe

C:\Windows\System\VMyFEfC.exe

C:\Windows\System\VMyFEfC.exe

C:\Windows\System\YyOjryw.exe

C:\Windows\System\YyOjryw.exe

C:\Windows\System\MycAAdy.exe

C:\Windows\System\MycAAdy.exe

C:\Windows\System\nUUIUSt.exe

C:\Windows\System\nUUIUSt.exe

C:\Windows\System\jUcfGgO.exe

C:\Windows\System\jUcfGgO.exe

C:\Windows\System\UMzzezv.exe

C:\Windows\System\UMzzezv.exe

C:\Windows\System\bkMtuBl.exe

C:\Windows\System\bkMtuBl.exe

C:\Windows\System\KaLYiId.exe

C:\Windows\System\KaLYiId.exe

C:\Windows\System\UHlUrmc.exe

C:\Windows\System\UHlUrmc.exe

C:\Windows\System\YhnyXTj.exe

C:\Windows\System\YhnyXTj.exe

C:\Windows\System\ZzgkEnH.exe

C:\Windows\System\ZzgkEnH.exe

C:\Windows\System\PDlnTSs.exe

C:\Windows\System\PDlnTSs.exe

C:\Windows\System\UtaHvev.exe

C:\Windows\System\UtaHvev.exe

C:\Windows\System\JqOZFYO.exe

C:\Windows\System\JqOZFYO.exe

C:\Windows\System\nAfMxza.exe

C:\Windows\System\nAfMxza.exe

C:\Windows\System\oUkunkz.exe

C:\Windows\System\oUkunkz.exe

C:\Windows\System\VJjGxwa.exe

C:\Windows\System\VJjGxwa.exe

C:\Windows\System\QhUjyMh.exe

C:\Windows\System\QhUjyMh.exe

C:\Windows\System\CTBlCbY.exe

C:\Windows\System\CTBlCbY.exe

C:\Windows\System\UaOhxmx.exe

C:\Windows\System\UaOhxmx.exe

C:\Windows\System\ORvSjbq.exe

C:\Windows\System\ORvSjbq.exe

C:\Windows\System\qipAdXB.exe

C:\Windows\System\qipAdXB.exe

C:\Windows\System\IprvCkU.exe

C:\Windows\System\IprvCkU.exe

C:\Windows\System\jmVcBPR.exe

C:\Windows\System\jmVcBPR.exe

C:\Windows\System\HPZVVBv.exe

C:\Windows\System\HPZVVBv.exe

C:\Windows\System\cWNhius.exe

C:\Windows\System\cWNhius.exe

C:\Windows\System\plUyRVH.exe

C:\Windows\System\plUyRVH.exe

C:\Windows\System\DvMBFnI.exe

C:\Windows\System\DvMBFnI.exe

C:\Windows\System\ymvpvvd.exe

C:\Windows\System\ymvpvvd.exe

C:\Windows\System\GoUMgTd.exe

C:\Windows\System\GoUMgTd.exe

C:\Windows\System\LswWqzY.exe

C:\Windows\System\LswWqzY.exe

C:\Windows\System\UMmCtMD.exe

C:\Windows\System\UMmCtMD.exe

C:\Windows\System\dJYpULF.exe

C:\Windows\System\dJYpULF.exe

C:\Windows\System\NHzVnKh.exe

C:\Windows\System\NHzVnKh.exe

C:\Windows\System\aNSfKxV.exe

C:\Windows\System\aNSfKxV.exe

C:\Windows\System\Snsbnfx.exe

C:\Windows\System\Snsbnfx.exe

C:\Windows\System\iDWUYEO.exe

C:\Windows\System\iDWUYEO.exe

C:\Windows\System\ofcfVrW.exe

C:\Windows\System\ofcfVrW.exe

C:\Windows\System\jDGjmAa.exe

C:\Windows\System\jDGjmAa.exe

C:\Windows\System\fxLulqq.exe

C:\Windows\System\fxLulqq.exe

C:\Windows\System\EXQSRWM.exe

C:\Windows\System\EXQSRWM.exe

C:\Windows\System\fxdUzWr.exe

C:\Windows\System\fxdUzWr.exe

C:\Windows\System\AXbOsXG.exe

C:\Windows\System\AXbOsXG.exe

C:\Windows\System\kqKXrby.exe

C:\Windows\System\kqKXrby.exe

C:\Windows\System\JzDxtMK.exe

C:\Windows\System\JzDxtMK.exe

C:\Windows\System\FWnhDaL.exe

C:\Windows\System\FWnhDaL.exe

C:\Windows\System\DhWOwTJ.exe

C:\Windows\System\DhWOwTJ.exe

C:\Windows\System\cSMRazW.exe

C:\Windows\System\cSMRazW.exe

C:\Windows\System\OEmJVUH.exe

C:\Windows\System\OEmJVUH.exe

C:\Windows\System\IWsklzR.exe

C:\Windows\System\IWsklzR.exe

C:\Windows\System\MjNnrKH.exe

C:\Windows\System\MjNnrKH.exe

C:\Windows\System\AsPPTng.exe

C:\Windows\System\AsPPTng.exe

C:\Windows\System\nslyhoE.exe

C:\Windows\System\nslyhoE.exe

C:\Windows\System\MgRYCqg.exe

C:\Windows\System\MgRYCqg.exe

C:\Windows\System\XaojvfN.exe

C:\Windows\System\XaojvfN.exe

C:\Windows\System\xipxLwc.exe

C:\Windows\System\xipxLwc.exe

C:\Windows\System\eerOWxM.exe

C:\Windows\System\eerOWxM.exe

C:\Windows\System\SDhmcwf.exe

C:\Windows\System\SDhmcwf.exe

C:\Windows\System\KqkHmbI.exe

C:\Windows\System\KqkHmbI.exe

C:\Windows\System\tDgTXsC.exe

C:\Windows\System\tDgTXsC.exe

C:\Windows\System\FKdgeFh.exe

C:\Windows\System\FKdgeFh.exe

C:\Windows\System\BRqDFGL.exe

C:\Windows\System\BRqDFGL.exe

C:\Windows\System\lciYuJT.exe

C:\Windows\System\lciYuJT.exe

C:\Windows\System\wlGXLcn.exe

C:\Windows\System\wlGXLcn.exe

C:\Windows\System\MoGclVS.exe

C:\Windows\System\MoGclVS.exe

C:\Windows\System\iJDeuce.exe

C:\Windows\System\iJDeuce.exe

C:\Windows\System\LZsWFGY.exe

C:\Windows\System\LZsWFGY.exe

C:\Windows\System\FejXtbO.exe

C:\Windows\System\FejXtbO.exe

C:\Windows\System\kjNPTYK.exe

C:\Windows\System\kjNPTYK.exe

C:\Windows\System\WiRNFZD.exe

C:\Windows\System\WiRNFZD.exe

C:\Windows\System\rddonNf.exe

C:\Windows\System\rddonNf.exe

C:\Windows\System\cauyGWI.exe

C:\Windows\System\cauyGWI.exe

C:\Windows\System\TdEXqss.exe

C:\Windows\System\TdEXqss.exe

C:\Windows\System\tgrycQS.exe

C:\Windows\System\tgrycQS.exe

C:\Windows\System\xWmQtfQ.exe

C:\Windows\System\xWmQtfQ.exe

C:\Windows\System\vTYOcbk.exe

C:\Windows\System\vTYOcbk.exe

C:\Windows\System\kqreCbR.exe

C:\Windows\System\kqreCbR.exe

C:\Windows\System\YjuYMnb.exe

C:\Windows\System\YjuYMnb.exe

C:\Windows\System\qCBXUtr.exe

C:\Windows\System\qCBXUtr.exe

C:\Windows\System\vhmGXoa.exe

C:\Windows\System\vhmGXoa.exe

C:\Windows\System\YDUorkm.exe

C:\Windows\System\YDUorkm.exe

C:\Windows\System\wPJeNFp.exe

C:\Windows\System\wPJeNFp.exe

C:\Windows\System\mwdznMQ.exe

C:\Windows\System\mwdznMQ.exe

C:\Windows\System\iyNDXhS.exe

C:\Windows\System\iyNDXhS.exe

C:\Windows\System\VdvJLto.exe

C:\Windows\System\VdvJLto.exe

C:\Windows\System\bCMVyRh.exe

C:\Windows\System\bCMVyRh.exe

C:\Windows\System\jzwpAht.exe

C:\Windows\System\jzwpAht.exe

C:\Windows\System\RTvELyS.exe

C:\Windows\System\RTvELyS.exe

C:\Windows\System\OFSMqyw.exe

C:\Windows\System\OFSMqyw.exe

C:\Windows\System\cdCesfq.exe

C:\Windows\System\cdCesfq.exe

C:\Windows\System\OLBVhvy.exe

C:\Windows\System\OLBVhvy.exe

C:\Windows\System\Zwojgai.exe

C:\Windows\System\Zwojgai.exe

C:\Windows\System\EOoUjPF.exe

C:\Windows\System\EOoUjPF.exe

C:\Windows\System\JYzPeKX.exe

C:\Windows\System\JYzPeKX.exe

C:\Windows\System\fLuvwrO.exe

C:\Windows\System\fLuvwrO.exe

C:\Windows\System\WYtHyMC.exe

C:\Windows\System\WYtHyMC.exe

C:\Windows\System\tkhdaMD.exe

C:\Windows\System\tkhdaMD.exe

C:\Windows\System\llNyUsp.exe

C:\Windows\System\llNyUsp.exe

C:\Windows\System\iXUDBqq.exe

C:\Windows\System\iXUDBqq.exe

C:\Windows\System\dHLGFjc.exe

C:\Windows\System\dHLGFjc.exe

C:\Windows\System\qXTclGz.exe

C:\Windows\System\qXTclGz.exe

C:\Windows\System\fXqpuZg.exe

C:\Windows\System\fXqpuZg.exe

C:\Windows\System\WpiRSIM.exe

C:\Windows\System\WpiRSIM.exe

C:\Windows\System\OctqLkp.exe

C:\Windows\System\OctqLkp.exe

C:\Windows\System\tWZYcho.exe

C:\Windows\System\tWZYcho.exe

C:\Windows\System\sCuwQcn.exe

C:\Windows\System\sCuwQcn.exe

C:\Windows\System\PMFZGdE.exe

C:\Windows\System\PMFZGdE.exe

C:\Windows\System\PzgxYmt.exe

C:\Windows\System\PzgxYmt.exe

C:\Windows\System\PDGmbRH.exe

C:\Windows\System\PDGmbRH.exe

C:\Windows\System\rjviGvo.exe

C:\Windows\System\rjviGvo.exe

C:\Windows\System\zxZKERk.exe

C:\Windows\System\zxZKERk.exe

C:\Windows\System\GcOFTZf.exe

C:\Windows\System\GcOFTZf.exe

C:\Windows\System\exRgNLt.exe

C:\Windows\System\exRgNLt.exe

C:\Windows\System\ivzAPgk.exe

C:\Windows\System\ivzAPgk.exe

C:\Windows\System\OIjTqPa.exe

C:\Windows\System\OIjTqPa.exe

C:\Windows\System\qiMKPCP.exe

C:\Windows\System\qiMKPCP.exe

C:\Windows\System\gRNQuFn.exe

C:\Windows\System\gRNQuFn.exe

C:\Windows\System\vzVWBrm.exe

C:\Windows\System\vzVWBrm.exe

C:\Windows\System\gZcxctW.exe

C:\Windows\System\gZcxctW.exe

C:\Windows\System\oqdnIfH.exe

C:\Windows\System\oqdnIfH.exe

C:\Windows\System\kTrwzrN.exe

C:\Windows\System\kTrwzrN.exe

C:\Windows\System\ZPSLaja.exe

C:\Windows\System\ZPSLaja.exe

C:\Windows\System\CElVOok.exe

C:\Windows\System\CElVOok.exe

C:\Windows\System\HJXkcBc.exe

C:\Windows\System\HJXkcBc.exe

C:\Windows\System\BBYJYdh.exe

C:\Windows\System\BBYJYdh.exe

C:\Windows\System\nikFvnV.exe

C:\Windows\System\nikFvnV.exe

C:\Windows\System\asNaxkX.exe

C:\Windows\System\asNaxkX.exe

C:\Windows\System\CTNPOLz.exe

C:\Windows\System\CTNPOLz.exe

C:\Windows\System\hRoYgVO.exe

C:\Windows\System\hRoYgVO.exe

C:\Windows\System\AjHoxHK.exe

C:\Windows\System\AjHoxHK.exe

C:\Windows\System\gCYVCvX.exe

C:\Windows\System\gCYVCvX.exe

C:\Windows\System\dQPzMzr.exe

C:\Windows\System\dQPzMzr.exe

C:\Windows\System\xEuDJxx.exe

C:\Windows\System\xEuDJxx.exe

C:\Windows\System\uVMPQqn.exe

C:\Windows\System\uVMPQqn.exe

C:\Windows\System\VfkqXbZ.exe

C:\Windows\System\VfkqXbZ.exe

C:\Windows\System\xgSsAoO.exe

C:\Windows\System\xgSsAoO.exe

C:\Windows\System\TYIAAwU.exe

C:\Windows\System\TYIAAwU.exe

C:\Windows\System\sXwFFsL.exe

C:\Windows\System\sXwFFsL.exe

C:\Windows\System\IcsrfXX.exe

C:\Windows\System\IcsrfXX.exe

C:\Windows\System\ZQeTRYb.exe

C:\Windows\System\ZQeTRYb.exe

C:\Windows\System\ceINGlB.exe

C:\Windows\System\ceINGlB.exe

C:\Windows\System\UNJwqCw.exe

C:\Windows\System\UNJwqCw.exe

C:\Windows\System\WVywRyI.exe

C:\Windows\System\WVywRyI.exe

C:\Windows\System\pIAJFQA.exe

C:\Windows\System\pIAJFQA.exe

C:\Windows\System\MCoURDu.exe

C:\Windows\System\MCoURDu.exe

C:\Windows\System\rcmIpXD.exe

C:\Windows\System\rcmIpXD.exe

C:\Windows\System\WkNCdcq.exe

C:\Windows\System\WkNCdcq.exe

C:\Windows\System\FLrHAUT.exe

C:\Windows\System\FLrHAUT.exe

C:\Windows\System\qUrvtfA.exe

C:\Windows\System\qUrvtfA.exe

C:\Windows\System\anhHbMh.exe

C:\Windows\System\anhHbMh.exe

C:\Windows\System\WGcdBZu.exe

C:\Windows\System\WGcdBZu.exe

C:\Windows\System\aCBMXBk.exe

C:\Windows\System\aCBMXBk.exe

C:\Windows\System\LWdiXWU.exe

C:\Windows\System\LWdiXWU.exe

C:\Windows\System\ODMCKcT.exe

C:\Windows\System\ODMCKcT.exe

C:\Windows\System\ZqngOOi.exe

C:\Windows\System\ZqngOOi.exe

C:\Windows\System\xuKmpIp.exe

C:\Windows\System\xuKmpIp.exe

C:\Windows\System\tllXDQw.exe

C:\Windows\System\tllXDQw.exe

C:\Windows\System\xURcjQN.exe

C:\Windows\System\xURcjQN.exe

C:\Windows\System\kRuxqpN.exe

C:\Windows\System\kRuxqpN.exe

C:\Windows\System\DXkLhVv.exe

C:\Windows\System\DXkLhVv.exe

C:\Windows\System\abYGTfN.exe

C:\Windows\System\abYGTfN.exe

C:\Windows\System\nPMqinU.exe

C:\Windows\System\nPMqinU.exe

C:\Windows\System\NkqndIs.exe

C:\Windows\System\NkqndIs.exe

C:\Windows\System\dMVjuij.exe

C:\Windows\System\dMVjuij.exe

C:\Windows\System\aycXjlP.exe

C:\Windows\System\aycXjlP.exe

C:\Windows\System\zUzFnZa.exe

C:\Windows\System\zUzFnZa.exe

C:\Windows\System\SPEGqQu.exe

C:\Windows\System\SPEGqQu.exe

C:\Windows\System\kOGOnCK.exe

C:\Windows\System\kOGOnCK.exe

C:\Windows\System\QplYWac.exe

C:\Windows\System\QplYWac.exe

C:\Windows\System\HGzjOQZ.exe

C:\Windows\System\HGzjOQZ.exe

C:\Windows\System\azbRYAs.exe

C:\Windows\System\azbRYAs.exe

C:\Windows\System\jYNNAoF.exe

C:\Windows\System\jYNNAoF.exe

C:\Windows\System\teyvFvu.exe

C:\Windows\System\teyvFvu.exe

C:\Windows\System\lZNJEXB.exe

C:\Windows\System\lZNJEXB.exe

C:\Windows\System\DGLUUWb.exe

C:\Windows\System\DGLUUWb.exe

C:\Windows\System\ogUYRAV.exe

C:\Windows\System\ogUYRAV.exe

C:\Windows\System\aKlpfin.exe

C:\Windows\System\aKlpfin.exe

C:\Windows\System\SgOhlqa.exe

C:\Windows\System\SgOhlqa.exe

C:\Windows\System\XfaDvob.exe

C:\Windows\System\XfaDvob.exe

C:\Windows\System\aVnmmPe.exe

C:\Windows\System\aVnmmPe.exe

C:\Windows\System\RVJbcyM.exe

C:\Windows\System\RVJbcyM.exe

C:\Windows\System\yWMxjCl.exe

C:\Windows\System\yWMxjCl.exe

C:\Windows\System\ekPrJys.exe

C:\Windows\System\ekPrJys.exe

C:\Windows\System\ORtByuZ.exe

C:\Windows\System\ORtByuZ.exe

C:\Windows\System\zKesvJy.exe

C:\Windows\System\zKesvJy.exe

C:\Windows\System\TzIDRiM.exe

C:\Windows\System\TzIDRiM.exe

C:\Windows\System\BVyQkdN.exe

C:\Windows\System\BVyQkdN.exe

C:\Windows\System\pLMyRkz.exe

C:\Windows\System\pLMyRkz.exe

C:\Windows\System\cLYlXyG.exe

C:\Windows\System\cLYlXyG.exe

C:\Windows\System\WTlsMWn.exe

C:\Windows\System\WTlsMWn.exe

C:\Windows\System\AmCdZVM.exe

C:\Windows\System\AmCdZVM.exe

C:\Windows\System\ubILFKR.exe

C:\Windows\System\ubILFKR.exe

C:\Windows\System\qCYqTYa.exe

C:\Windows\System\qCYqTYa.exe

C:\Windows\System\YAhrCKk.exe

C:\Windows\System\YAhrCKk.exe

C:\Windows\System\hOwLNRB.exe

C:\Windows\System\hOwLNRB.exe

C:\Windows\System\ybKsWFQ.exe

C:\Windows\System\ybKsWFQ.exe

C:\Windows\System\IQTGUqV.exe

C:\Windows\System\IQTGUqV.exe

C:\Windows\System\TYeommc.exe

C:\Windows\System\TYeommc.exe

C:\Windows\System\zpJtWkY.exe

C:\Windows\System\zpJtWkY.exe

C:\Windows\System\ZiSqeOH.exe

C:\Windows\System\ZiSqeOH.exe

C:\Windows\System\knjqxHP.exe

C:\Windows\System\knjqxHP.exe

C:\Windows\System\DsJcASS.exe

C:\Windows\System\DsJcASS.exe

C:\Windows\System\GNPqGwM.exe

C:\Windows\System\GNPqGwM.exe

C:\Windows\System\YJauYeW.exe

C:\Windows\System\YJauYeW.exe

C:\Windows\System\GIWHMvs.exe

C:\Windows\System\GIWHMvs.exe

C:\Windows\System\NzDiwWN.exe

C:\Windows\System\NzDiwWN.exe

C:\Windows\System\XYVrCyt.exe

C:\Windows\System\XYVrCyt.exe

C:\Windows\System\DySYrqb.exe

C:\Windows\System\DySYrqb.exe

C:\Windows\System\tRNdNsy.exe

C:\Windows\System\tRNdNsy.exe

C:\Windows\System\RLDeadc.exe

C:\Windows\System\RLDeadc.exe

C:\Windows\System\wvNHEei.exe

C:\Windows\System\wvNHEei.exe

C:\Windows\System\hMUYQYo.exe

C:\Windows\System\hMUYQYo.exe

C:\Windows\System\qNjizLC.exe

C:\Windows\System\qNjizLC.exe

C:\Windows\System\WccXqzx.exe

C:\Windows\System\WccXqzx.exe

C:\Windows\System\jiBPRgH.exe

C:\Windows\System\jiBPRgH.exe

C:\Windows\System\ewTArYB.exe

C:\Windows\System\ewTArYB.exe

C:\Windows\System\sdGozUZ.exe

C:\Windows\System\sdGozUZ.exe

C:\Windows\System\kPCiWZJ.exe

C:\Windows\System\kPCiWZJ.exe

C:\Windows\System\khsaRhp.exe

C:\Windows\System\khsaRhp.exe

C:\Windows\System\uoabBEL.exe

C:\Windows\System\uoabBEL.exe

C:\Windows\System\iyLJhVQ.exe

C:\Windows\System\iyLJhVQ.exe

C:\Windows\System\nFFyUZf.exe

C:\Windows\System\nFFyUZf.exe

C:\Windows\System\LRcNKhg.exe

C:\Windows\System\LRcNKhg.exe

C:\Windows\System\zRkDhmm.exe

C:\Windows\System\zRkDhmm.exe

C:\Windows\System\pvxBLSf.exe

C:\Windows\System\pvxBLSf.exe

C:\Windows\System\BLYKGnm.exe

C:\Windows\System\BLYKGnm.exe

C:\Windows\System\YgYbCnB.exe

C:\Windows\System\YgYbCnB.exe

C:\Windows\System\rJpuuvS.exe

C:\Windows\System\rJpuuvS.exe

C:\Windows\System\qLJafAt.exe

C:\Windows\System\qLJafAt.exe

C:\Windows\System\gCaOyAY.exe

C:\Windows\System\gCaOyAY.exe

C:\Windows\System\MOYQFOJ.exe

C:\Windows\System\MOYQFOJ.exe

C:\Windows\System\iPMJwcV.exe

C:\Windows\System\iPMJwcV.exe

C:\Windows\System\rYTxeXP.exe

C:\Windows\System\rYTxeXP.exe

C:\Windows\System\hkEqqHV.exe

C:\Windows\System\hkEqqHV.exe

C:\Windows\System\PtSgkcf.exe

C:\Windows\System\PtSgkcf.exe

C:\Windows\System\IlUejAQ.exe

C:\Windows\System\IlUejAQ.exe

C:\Windows\System\ZUtHBZH.exe

C:\Windows\System\ZUtHBZH.exe

C:\Windows\System\djmCNxS.exe

C:\Windows\System\djmCNxS.exe

C:\Windows\System\NrTHSlW.exe

C:\Windows\System\NrTHSlW.exe

C:\Windows\System\VnmGcsS.exe

C:\Windows\System\VnmGcsS.exe

C:\Windows\System\HAAvRiu.exe

C:\Windows\System\HAAvRiu.exe

C:\Windows\System\KCCNppm.exe

C:\Windows\System\KCCNppm.exe

C:\Windows\System\DVUrMGq.exe

C:\Windows\System\DVUrMGq.exe

C:\Windows\System\mYIoDjp.exe

C:\Windows\System\mYIoDjp.exe

C:\Windows\System\pYygLHH.exe

C:\Windows\System\pYygLHH.exe

C:\Windows\System\DSoFwnH.exe

C:\Windows\System\DSoFwnH.exe

C:\Windows\System\mAPTguF.exe

C:\Windows\System\mAPTguF.exe

C:\Windows\System\kedbVWA.exe

C:\Windows\System\kedbVWA.exe

C:\Windows\System\TkGCTYX.exe

C:\Windows\System\TkGCTYX.exe

C:\Windows\System\YcaLSiD.exe

C:\Windows\System\YcaLSiD.exe

C:\Windows\System\LpIavmt.exe

C:\Windows\System\LpIavmt.exe

C:\Windows\System\dSTSNpZ.exe

C:\Windows\System\dSTSNpZ.exe

C:\Windows\System\SEfdAkO.exe

C:\Windows\System\SEfdAkO.exe

C:\Windows\System\KEwqowJ.exe

C:\Windows\System\KEwqowJ.exe

C:\Windows\System\OrVKrhG.exe

C:\Windows\System\OrVKrhG.exe

C:\Windows\System\aFrTemF.exe

C:\Windows\System\aFrTemF.exe

C:\Windows\System\BMzmYFr.exe

C:\Windows\System\BMzmYFr.exe

C:\Windows\System\nUaFMCI.exe

C:\Windows\System\nUaFMCI.exe

C:\Windows\System\tNpopot.exe

C:\Windows\System\tNpopot.exe

C:\Windows\System\kmKEMGp.exe

C:\Windows\System\kmKEMGp.exe

C:\Windows\System\vOQRooM.exe

C:\Windows\System\vOQRooM.exe

C:\Windows\System\wwOebwI.exe

C:\Windows\System\wwOebwI.exe

C:\Windows\System\jMMuFDG.exe

C:\Windows\System\jMMuFDG.exe

C:\Windows\System\QNSPFVh.exe

C:\Windows\System\QNSPFVh.exe

C:\Windows\System\iTELthH.exe

C:\Windows\System\iTELthH.exe

C:\Windows\System\ZHmDogf.exe

C:\Windows\System\ZHmDogf.exe

C:\Windows\System\TwZViiQ.exe

C:\Windows\System\TwZViiQ.exe

C:\Windows\System\QDLuPcG.exe

C:\Windows\System\QDLuPcG.exe

C:\Windows\System\oNzJaGg.exe

C:\Windows\System\oNzJaGg.exe

C:\Windows\System\IyOelOK.exe

C:\Windows\System\IyOelOK.exe

C:\Windows\System\lUdzaRW.exe

C:\Windows\System\lUdzaRW.exe

C:\Windows\System\TWoXLXZ.exe

C:\Windows\System\TWoXLXZ.exe

C:\Windows\System\bSNZYUm.exe

C:\Windows\System\bSNZYUm.exe

C:\Windows\System\iRZoIoX.exe

C:\Windows\System\iRZoIoX.exe

C:\Windows\System\mFetgIc.exe

C:\Windows\System\mFetgIc.exe

C:\Windows\System\WSibfMG.exe

C:\Windows\System\WSibfMG.exe

C:\Windows\System\qSEXPze.exe

C:\Windows\System\qSEXPze.exe

C:\Windows\System\YGuUZkC.exe

C:\Windows\System\YGuUZkC.exe

C:\Windows\System\xiVCAJJ.exe

C:\Windows\System\xiVCAJJ.exe

C:\Windows\System\twVbZMg.exe

C:\Windows\System\twVbZMg.exe

C:\Windows\System\rIxRSJG.exe

C:\Windows\System\rIxRSJG.exe

C:\Windows\System\pqsNXMm.exe

C:\Windows\System\pqsNXMm.exe

C:\Windows\System\GmyLYBa.exe

C:\Windows\System\GmyLYBa.exe

C:\Windows\System\sDQetre.exe

C:\Windows\System\sDQetre.exe

C:\Windows\System\xlMfAPX.exe

C:\Windows\System\xlMfAPX.exe

C:\Windows\System\BDmOfoB.exe

C:\Windows\System\BDmOfoB.exe

C:\Windows\System\OtBKiEQ.exe

C:\Windows\System\OtBKiEQ.exe

C:\Windows\System\KJXGisn.exe

C:\Windows\System\KJXGisn.exe

C:\Windows\System\sTZBWGN.exe

C:\Windows\System\sTZBWGN.exe

C:\Windows\System\iKvuanx.exe

C:\Windows\System\iKvuanx.exe

C:\Windows\System\NyuqxmU.exe

C:\Windows\System\NyuqxmU.exe

C:\Windows\System\Fniytza.exe

C:\Windows\System\Fniytza.exe

C:\Windows\System\AmedgdE.exe

C:\Windows\System\AmedgdE.exe

C:\Windows\System\joCxlGH.exe

C:\Windows\System\joCxlGH.exe

C:\Windows\System\GBefTPP.exe

C:\Windows\System\GBefTPP.exe

C:\Windows\System\TGvEeQK.exe

C:\Windows\System\TGvEeQK.exe

C:\Windows\System\YkPouZw.exe

C:\Windows\System\YkPouZw.exe

C:\Windows\System\nRlsewE.exe

C:\Windows\System\nRlsewE.exe

C:\Windows\System\MmFGRYv.exe

C:\Windows\System\MmFGRYv.exe

C:\Windows\System\CzxuBOk.exe

C:\Windows\System\CzxuBOk.exe

C:\Windows\System\ksdzvke.exe

C:\Windows\System\ksdzvke.exe

C:\Windows\System\WuQEuqj.exe

C:\Windows\System\WuQEuqj.exe

C:\Windows\System\QuFAACl.exe

C:\Windows\System\QuFAACl.exe

C:\Windows\System\JVBlhEN.exe

C:\Windows\System\JVBlhEN.exe

C:\Windows\System\eWlnOuk.exe

C:\Windows\System\eWlnOuk.exe

C:\Windows\System\sUVYpgr.exe

C:\Windows\System\sUVYpgr.exe

C:\Windows\System\iSyGzwY.exe

C:\Windows\System\iSyGzwY.exe

C:\Windows\System\gUUEMKl.exe

C:\Windows\System\gUUEMKl.exe

C:\Windows\System\kGmSHSo.exe

C:\Windows\System\kGmSHSo.exe

C:\Windows\System\teuAVUJ.exe

C:\Windows\System\teuAVUJ.exe

C:\Windows\System\uJmdbEL.exe

C:\Windows\System\uJmdbEL.exe

C:\Windows\System\cKtEuvK.exe

C:\Windows\System\cKtEuvK.exe

C:\Windows\System\YgwdqHo.exe

C:\Windows\System\YgwdqHo.exe

C:\Windows\System\pRsybrB.exe

C:\Windows\System\pRsybrB.exe

C:\Windows\System\ELOHzYb.exe

C:\Windows\System\ELOHzYb.exe

C:\Windows\System\VRAvYOs.exe

C:\Windows\System\VRAvYOs.exe

C:\Windows\System\TPHpBaM.exe

C:\Windows\System\TPHpBaM.exe

C:\Windows\System\zrpkbMP.exe

C:\Windows\System\zrpkbMP.exe

C:\Windows\System\OSzokXT.exe

C:\Windows\System\OSzokXT.exe

C:\Windows\System\YjvqDWI.exe

C:\Windows\System\YjvqDWI.exe

C:\Windows\System\JrbftZP.exe

C:\Windows\System\JrbftZP.exe

C:\Windows\System\iSXGPqH.exe

C:\Windows\System\iSXGPqH.exe

C:\Windows\System\EWBFqoP.exe

C:\Windows\System\EWBFqoP.exe

C:\Windows\System\HbNpNJv.exe

C:\Windows\System\HbNpNJv.exe

C:\Windows\System\pXaruvd.exe

C:\Windows\System\pXaruvd.exe

C:\Windows\System\rRMuHBE.exe

C:\Windows\System\rRMuHBE.exe

C:\Windows\System\kwKgyRI.exe

C:\Windows\System\kwKgyRI.exe

C:\Windows\System\Skqoell.exe

C:\Windows\System\Skqoell.exe

C:\Windows\System\OsDktBw.exe

C:\Windows\System\OsDktBw.exe

C:\Windows\System\CFTZlHj.exe

C:\Windows\System\CFTZlHj.exe

C:\Windows\System\HakrbEN.exe

C:\Windows\System\HakrbEN.exe

C:\Windows\System\JuDQVbi.exe

C:\Windows\System\JuDQVbi.exe

C:\Windows\System\VxZPeBm.exe

C:\Windows\System\VxZPeBm.exe

C:\Windows\System\PZLzAMY.exe

C:\Windows\System\PZLzAMY.exe

C:\Windows\System\UNMcmWb.exe

C:\Windows\System\UNMcmWb.exe

C:\Windows\System\CRHdkah.exe

C:\Windows\System\CRHdkah.exe

C:\Windows\System\SDDZrnf.exe

C:\Windows\System\SDDZrnf.exe

C:\Windows\System\eeeBoMQ.exe

C:\Windows\System\eeeBoMQ.exe

C:\Windows\System\fJqClTh.exe

C:\Windows\System\fJqClTh.exe

C:\Windows\System\NgCryGz.exe

C:\Windows\System\NgCryGz.exe

C:\Windows\System\MksRjYt.exe

C:\Windows\System\MksRjYt.exe

C:\Windows\System\CFNEXHO.exe

C:\Windows\System\CFNEXHO.exe

C:\Windows\System\VXbWeUW.exe

C:\Windows\System\VXbWeUW.exe

C:\Windows\System\fjfmwFw.exe

C:\Windows\System\fjfmwFw.exe

C:\Windows\System\uMnTpVX.exe

C:\Windows\System\uMnTpVX.exe

C:\Windows\System\MQSAKvJ.exe

C:\Windows\System\MQSAKvJ.exe

C:\Windows\System\vJHdFFF.exe

C:\Windows\System\vJHdFFF.exe

C:\Windows\System\kbQiTBU.exe

C:\Windows\System\kbQiTBU.exe

C:\Windows\System\wTisAhY.exe

C:\Windows\System\wTisAhY.exe

C:\Windows\System\taeIWZD.exe

C:\Windows\System\taeIWZD.exe

C:\Windows\System\DCjSBuX.exe

C:\Windows\System\DCjSBuX.exe

C:\Windows\System\EXHhRTf.exe

C:\Windows\System\EXHhRTf.exe

C:\Windows\System\lMmXNeA.exe

C:\Windows\System\lMmXNeA.exe

C:\Windows\System\aPuhQrq.exe

C:\Windows\System\aPuhQrq.exe

C:\Windows\System\eaVlEmB.exe

C:\Windows\System\eaVlEmB.exe

C:\Windows\System\VdGMXKx.exe

C:\Windows\System\VdGMXKx.exe

C:\Windows\System\lxTLqGa.exe

C:\Windows\System\lxTLqGa.exe

C:\Windows\System\uDtVnGh.exe

C:\Windows\System\uDtVnGh.exe

C:\Windows\System\uxXsUum.exe

C:\Windows\System\uxXsUum.exe

C:\Windows\System\XThjBoS.exe

C:\Windows\System\XThjBoS.exe

C:\Windows\System\aJVYZbs.exe

C:\Windows\System\aJVYZbs.exe

C:\Windows\System\cMeyzhw.exe

C:\Windows\System\cMeyzhw.exe

C:\Windows\System\gtLUnMe.exe

C:\Windows\System\gtLUnMe.exe

C:\Windows\System\iavWXvg.exe

C:\Windows\System\iavWXvg.exe

C:\Windows\System\rfACxkg.exe

C:\Windows\System\rfACxkg.exe

C:\Windows\System\AaUsBls.exe

C:\Windows\System\AaUsBls.exe

C:\Windows\System\DxZPobo.exe

C:\Windows\System\DxZPobo.exe

C:\Windows\System\AqDreRG.exe

C:\Windows\System\AqDreRG.exe

C:\Windows\System\uWYQHUO.exe

C:\Windows\System\uWYQHUO.exe

C:\Windows\System\KQgkPcn.exe

C:\Windows\System\KQgkPcn.exe

C:\Windows\System\IxBhTLr.exe

C:\Windows\System\IxBhTLr.exe

C:\Windows\System\rJVxgvg.exe

C:\Windows\System\rJVxgvg.exe

C:\Windows\System\yKSjoho.exe

C:\Windows\System\yKSjoho.exe

C:\Windows\System\nTbUgLM.exe

C:\Windows\System\nTbUgLM.exe

C:\Windows\System\MWHFpVU.exe

C:\Windows\System\MWHFpVU.exe

C:\Windows\System\YoJUTkC.exe

C:\Windows\System\YoJUTkC.exe

C:\Windows\System\uUxKnAV.exe

C:\Windows\System\uUxKnAV.exe

C:\Windows\System\UoWxqwJ.exe

C:\Windows\System\UoWxqwJ.exe

C:\Windows\System\xkHopPj.exe

C:\Windows\System\xkHopPj.exe

C:\Windows\System\vpUOWZT.exe

C:\Windows\System\vpUOWZT.exe

C:\Windows\System\IwiosNA.exe

C:\Windows\System\IwiosNA.exe

C:\Windows\System\tJQBFHF.exe

C:\Windows\System\tJQBFHF.exe

C:\Windows\System\shScxsA.exe

C:\Windows\System\shScxsA.exe

C:\Windows\System\SXaFWPY.exe

C:\Windows\System\SXaFWPY.exe

C:\Windows\System\aKmiFMb.exe

C:\Windows\System\aKmiFMb.exe

C:\Windows\System\XyFbDTX.exe

C:\Windows\System\XyFbDTX.exe

C:\Windows\System\qeOGsUX.exe

C:\Windows\System\qeOGsUX.exe

C:\Windows\System\jHuvNXU.exe

C:\Windows\System\jHuvNXU.exe

C:\Windows\System\SrbxQqA.exe

C:\Windows\System\SrbxQqA.exe

C:\Windows\System\LmsXbNJ.exe

C:\Windows\System\LmsXbNJ.exe

C:\Windows\System\uQtAnaj.exe

C:\Windows\System\uQtAnaj.exe

C:\Windows\System\YVKRMNA.exe

C:\Windows\System\YVKRMNA.exe

C:\Windows\System\qJgTzLs.exe

C:\Windows\System\qJgTzLs.exe

C:\Windows\System\TmYXzOI.exe

C:\Windows\System\TmYXzOI.exe

C:\Windows\System\enzNmbR.exe

C:\Windows\System\enzNmbR.exe

C:\Windows\System\LJNkayd.exe

C:\Windows\System\LJNkayd.exe

C:\Windows\System\tbPAPVv.exe

C:\Windows\System\tbPAPVv.exe

C:\Windows\System\TRXanph.exe

C:\Windows\System\TRXanph.exe

C:\Windows\System\NKdEgVU.exe

C:\Windows\System\NKdEgVU.exe

C:\Windows\System\ZjFnaVv.exe

C:\Windows\System\ZjFnaVv.exe

C:\Windows\System\CwfTtAX.exe

C:\Windows\System\CwfTtAX.exe

C:\Windows\System\FpYOUwH.exe

C:\Windows\System\FpYOUwH.exe

C:\Windows\System\nDLnQWT.exe

C:\Windows\System\nDLnQWT.exe

C:\Windows\System\wPtZQCh.exe

C:\Windows\System\wPtZQCh.exe

C:\Windows\System\uGJNBdW.exe

C:\Windows\System\uGJNBdW.exe

C:\Windows\System\xsDMUuv.exe

C:\Windows\System\xsDMUuv.exe

C:\Windows\System\BpfFUzw.exe

C:\Windows\System\BpfFUzw.exe

C:\Windows\System\oBNcEnH.exe

C:\Windows\System\oBNcEnH.exe

C:\Windows\System\bcqvSQF.exe

C:\Windows\System\bcqvSQF.exe

C:\Windows\System\zdAfBGu.exe

C:\Windows\System\zdAfBGu.exe

C:\Windows\System\vnpKzCC.exe

C:\Windows\System\vnpKzCC.exe

C:\Windows\System\ELPExpz.exe

C:\Windows\System\ELPExpz.exe

C:\Windows\System\asQNxxL.exe

C:\Windows\System\asQNxxL.exe

C:\Windows\System\KlJrjCS.exe

C:\Windows\System\KlJrjCS.exe

C:\Windows\System\ZToDXWe.exe

C:\Windows\System\ZToDXWe.exe

C:\Windows\System\aRCIAqY.exe

C:\Windows\System\aRCIAqY.exe

C:\Windows\System\KaSruQi.exe

C:\Windows\System\KaSruQi.exe

C:\Windows\System\ZfmwKNe.exe

C:\Windows\System\ZfmwKNe.exe

C:\Windows\System\CWfsBWo.exe

C:\Windows\System\CWfsBWo.exe

C:\Windows\System\SRQjNzB.exe

C:\Windows\System\SRQjNzB.exe

C:\Windows\System\GGJxBHL.exe

C:\Windows\System\GGJxBHL.exe

C:\Windows\System\DqeIAhM.exe

C:\Windows\System\DqeIAhM.exe

C:\Windows\System\SClnUIQ.exe

C:\Windows\System\SClnUIQ.exe

C:\Windows\System\ykTWpZf.exe

C:\Windows\System\ykTWpZf.exe

C:\Windows\System\pLdabro.exe

C:\Windows\System\pLdabro.exe

C:\Windows\System\PqPUqGP.exe

C:\Windows\System\PqPUqGP.exe

C:\Windows\System\vzuuWKy.exe

C:\Windows\System\vzuuWKy.exe

C:\Windows\System\zGNxrjn.exe

C:\Windows\System\zGNxrjn.exe

C:\Windows\System\UpMhQIo.exe

C:\Windows\System\UpMhQIo.exe

C:\Windows\System\zOvecvO.exe

C:\Windows\System\zOvecvO.exe

C:\Windows\System\NIfbYic.exe

C:\Windows\System\NIfbYic.exe

C:\Windows\System\WkekBCh.exe

C:\Windows\System\WkekBCh.exe

C:\Windows\System\rZxPWUR.exe

C:\Windows\System\rZxPWUR.exe

C:\Windows\System\jSoSaQV.exe

C:\Windows\System\jSoSaQV.exe

C:\Windows\System\CrnrszZ.exe

C:\Windows\System\CrnrszZ.exe

C:\Windows\System\XOlDIfA.exe

C:\Windows\System\XOlDIfA.exe

C:\Windows\System\rErgCoW.exe

C:\Windows\System\rErgCoW.exe

C:\Windows\System\vVFJzIn.exe

C:\Windows\System\vVFJzIn.exe

C:\Windows\System\TbGaSBW.exe

C:\Windows\System\TbGaSBW.exe

C:\Windows\System\rdCxGWs.exe

C:\Windows\System\rdCxGWs.exe

C:\Windows\System\FgHxkcm.exe

C:\Windows\System\FgHxkcm.exe

C:\Windows\System\vCZPyyX.exe

C:\Windows\System\vCZPyyX.exe

C:\Windows\System\BvldjTV.exe

C:\Windows\System\BvldjTV.exe

C:\Windows\System\mOZfIya.exe

C:\Windows\System\mOZfIya.exe

C:\Windows\System\XYGLvQW.exe

C:\Windows\System\XYGLvQW.exe

C:\Windows\System\EBVLOBA.exe

C:\Windows\System\EBVLOBA.exe

C:\Windows\System\iswCsoO.exe

C:\Windows\System\iswCsoO.exe

C:\Windows\System\nRqfeBn.exe

C:\Windows\System\nRqfeBn.exe

C:\Windows\System\YeqCEVg.exe

C:\Windows\System\YeqCEVg.exe

C:\Windows\System\saSIxte.exe

C:\Windows\System\saSIxte.exe

C:\Windows\System\gtyLrdN.exe

C:\Windows\System\gtyLrdN.exe

C:\Windows\System\dFlDccm.exe

C:\Windows\System\dFlDccm.exe

C:\Windows\System\WhVnQZl.exe

C:\Windows\System\WhVnQZl.exe

C:\Windows\System\pcqGlDS.exe

C:\Windows\System\pcqGlDS.exe

C:\Windows\System\NNLaDpW.exe

C:\Windows\System\NNLaDpW.exe

C:\Windows\System\FNjZWiE.exe

C:\Windows\System\FNjZWiE.exe

C:\Windows\System\IjPkJZg.exe

C:\Windows\System\IjPkJZg.exe

C:\Windows\System\WROYOSc.exe

C:\Windows\System\WROYOSc.exe

C:\Windows\System\lmCPiHm.exe

C:\Windows\System\lmCPiHm.exe

C:\Windows\System\eFFdCbR.exe

C:\Windows\System\eFFdCbR.exe

C:\Windows\System\osdBNOC.exe

C:\Windows\System\osdBNOC.exe

C:\Windows\System\VSNeVAu.exe

C:\Windows\System\VSNeVAu.exe

C:\Windows\System\arhdpcq.exe

C:\Windows\System\arhdpcq.exe

C:\Windows\System\rzMUitv.exe

C:\Windows\System\rzMUitv.exe

C:\Windows\System\gWuPGcU.exe

C:\Windows\System\gWuPGcU.exe

C:\Windows\System\oLZvylU.exe

C:\Windows\System\oLZvylU.exe

C:\Windows\System\esrzbWk.exe

C:\Windows\System\esrzbWk.exe

C:\Windows\System\xvZgsGa.exe

C:\Windows\System\xvZgsGa.exe

C:\Windows\System\vmdmgfQ.exe

C:\Windows\System\vmdmgfQ.exe

C:\Windows\System\ekijsTM.exe

C:\Windows\System\ekijsTM.exe

C:\Windows\System\ubxpUHK.exe

C:\Windows\System\ubxpUHK.exe

C:\Windows\System\QJciRlV.exe

C:\Windows\System\QJciRlV.exe

C:\Windows\System\JlkwiFm.exe

C:\Windows\System\JlkwiFm.exe

C:\Windows\System\CEPJhup.exe

C:\Windows\System\CEPJhup.exe

C:\Windows\System\CUfuVMd.exe

C:\Windows\System\CUfuVMd.exe

C:\Windows\System\WkYciUe.exe

C:\Windows\System\WkYciUe.exe

C:\Windows\System\rAuuDIV.exe

C:\Windows\System\rAuuDIV.exe

C:\Windows\System\AZNsMFc.exe

C:\Windows\System\AZNsMFc.exe

C:\Windows\System\gZWNUJq.exe

C:\Windows\System\gZWNUJq.exe

C:\Windows\System\KBCites.exe

C:\Windows\System\KBCites.exe

C:\Windows\System\BUXUHUt.exe

C:\Windows\System\BUXUHUt.exe

C:\Windows\System\nCpjGXX.exe

C:\Windows\System\nCpjGXX.exe

C:\Windows\System\YQWyDHS.exe

C:\Windows\System\YQWyDHS.exe

C:\Windows\System\gUJUdzU.exe

C:\Windows\System\gUJUdzU.exe

C:\Windows\System\hNPqBBd.exe

C:\Windows\System\hNPqBBd.exe

C:\Windows\System\dCCPATj.exe

C:\Windows\System\dCCPATj.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

memory/3880-0-0x00007FF731DD0000-0x00007FF732124000-memory.dmp

memory/3880-1-0x000002755A980000-0x000002755A990000-memory.dmp

C:\Windows\System\lAmwOUS.exe

MD5 340dc92906c9ba0a55eb20c1a05dafef
SHA1 5d271fbe98f2dfde7996d75f989a5a53dd6161db
SHA256 5dc51a9a43f6b6f89506d657f3bcc5b6b4399e2b602a59c702ce1dfddb61e7c3
SHA512 1c2c9262f8d97b31fcf9656f9a657c2c41fcea0949c0523c18b3af9947832d2d4856c9001839decfc67674d3316b382e9aafe4d4e6e921c3e86b95e9f21cfd2f

C:\Windows\System\zqdIjbI.exe

MD5 faff90fcf955c81c66109d10e12a254f
SHA1 36d1102b79d605bd39c75bce6248ce8f413a0f02
SHA256 90d4b7bd334ea77eae77edfee8f7ad15871f91a4e8879271e3e247e22b1eacfd
SHA512 606d5d91c382f84480168b21af8b71ca71ed62e27d6b259257744e2646293978c1cff6ce20d197610a3556eeff01facfe208d8c16098a1a80984d9e0b57cb831

memory/4508-10-0x00007FF605EC0000-0x00007FF606214000-memory.dmp

C:\Windows\System\RfVNXRx.exe

MD5 4ad72b668bb7d70577e37b52a57c97a7
SHA1 06a31468b31e2bedc7d08ea107125bb4a8047fff
SHA256 c0871d8f98a46671560152ae6c8bad0f2412bb2ec808a376f0243a6ed364f14a
SHA512 5cbe3653e957094624fcfc434ffc4a2df57dc7b0ae01c777e92bc01de26fe031ce96801f1b27a19e1233a88308f23f42576c0b1bf8372e6df1438a0e7e9087dd

C:\Windows\System\KCjWFlY.exe

MD5 69ff82cc5ec852c8bdba5e4ac3e85074
SHA1 d0dd734a281f99614e891dad2f7a84ac1dd4fa74
SHA256 7b1186c58dc7d34054a6ab26ee272539de5a4dbe7a851cbd597911f48772fc02
SHA512 1233618d7f16ca1a9f75bcd2f6ea704a701d2362dfeba721ab2cb5c118da8dea337d5a1b32ac68ecb04ef01b5f60f1fece8431c986849e9e0b8d15d71f9a1ddd

C:\Windows\System\CseSyLX.exe

MD5 66617bf0ec68e27d46781c046e321443
SHA1 99b7f8b7d4426013c22f191890fd9fd1675e890a
SHA256 b3ec12fce3e5d7ec89e7823696a274c8cb290ed3bec4f334c8a8f9c64a133344
SHA512 bc2ffae8d3929f8beac25a75a48150aa4abcd2d87aa75a34d5c67d3a1db6ba99bde2c3686f562d0b17ef9f94aca653841961dd5814538aa4edfff49c6ea1505f

C:\Windows\System\kfITnpU.exe

MD5 3dbb584bd0627fa24f656c9e1f228045
SHA1 cdaca00ed79a788714cbf2a3ca81fe31b000ece6
SHA256 6b3a36db1354ccdf9a3d5cfce51bdc3ab71949ed3bfbd1622948c4c52448cef3
SHA512 cb51243bc1b2f2a7f23f34bf8c4ccf0497f38dafcd66f200e3b9410ce343bbd129af348793a85ee02bbb949fa4d2f80711fb86d8c8453b79befb6fa21f7ff698

C:\Windows\System\CnEXSci.exe

MD5 5a116f09b4d6fc9fc4c90bd27cdd6831
SHA1 c847a060c0e2d82ff8bcda1b510d6f4865bacc26
SHA256 950c2b0762d61ee6ad905803fa0d1397846d68f45126bc6d4bc10bb87a2fd94c
SHA512 e5385c0bc685e170e41aa2ddd163c3dc67829a6a8ee5d9724bfb0345b41c10be4343689c27eb720659177910fa637710e37952b155aa440e1dbea38a1a4f0ac4

C:\Windows\System\GgoyhpC.exe

MD5 069a2dac318474ee04c4766632a2805d
SHA1 c9b58d4a2562bfb0007736f27d26ad36e1d62799
SHA256 697d14e03a70c1cc8eaf69b58b03f2f851017e78c8e8a0a61ae132b999a4c3b3
SHA512 f015070221eb69c726c0e3189f9783a9ca32cc58cba8f44c15449707e6ce709ffa3c54f210514496aaaaeb1e3f2afc14f3c21a75fb1d8d7d0e2f21a318f3a84e

C:\Windows\System\qSojTeA.exe

MD5 391df06f390c41c538c10cf87dfe2014
SHA1 3e5c3debc5f85693bb3a78d57dea4bc7ad37e7ba
SHA256 c1d0df75d9f2affbe763f49288709b548be2910c4874a35e41a9aaa642659dfe
SHA512 0e49a8abea56840bf68c3f886b56fdb1ee997cdab2267ae83cc6cf4a1463f096f63ba1b4b9e87085a88862824828f7d0d6500adfe5b9d8c0fc23fff4a5c0e597

C:\Windows\System\PVorQSL.exe

MD5 f5eabac02a3af86d2e32240f75262c43
SHA1 21d4446502633770ed8463ea8c7e029751014042
SHA256 caaa2ede156fec055c8c964a8cc5ca764826500582bb90bcdc89b3d55f092409
SHA512 e71f059bc65028a57a498f1f3fae91f1c6d27d515ceadeb8169cdc0e62239c2e0fc37a54ff2396bcff2d244b5c21ee52c674b4cbe81f462f67bdb56be88933e0

C:\Windows\System\wzeEaSn.exe

MD5 f04f04eb3edde0562ecb335b23e9bd24
SHA1 d981cf8b2281b8a8223a8a38e87e8a1cbd710189
SHA256 7223b5656c140d2442d35d4cd2801d002f33e7352f09b619c1a3134104e76093
SHA512 8035231072581d077d1aafffd82f5045efd7112bb6e7d4236b8f6518427c67e1ef5acd9d9f46f232deff04b80c9daa25e422f91bd6a84ef1e1e44641acea85ac

memory/3456-680-0x00007FF677230000-0x00007FF677584000-memory.dmp

memory/3036-681-0x00007FF6AE4A0000-0x00007FF6AE7F4000-memory.dmp

memory/1708-683-0x00007FF71B1F0000-0x00007FF71B544000-memory.dmp

memory/916-682-0x00007FF7F87E0000-0x00007FF7F8B34000-memory.dmp

C:\Windows\System\wVcckJf.exe

MD5 f800aef2e74f415126d094d89a58d749
SHA1 657ad65cce0971944f43aa108d011c7252cd843e
SHA256 044be0e662265247d3329437198d3133ce215bb6e16bf83ce37f35833c93e781
SHA512 04ffdd364657b485aa94f2112070d9c95bd1f07cdf3116ba426623dd0494090933a6e762b0777ac14dafb15ac47593a9f3aa55481e7ea4895824819bdcdd73b7

C:\Windows\System\aubCSjD.exe

MD5 e146e6e8227dee9172cf9d075356680c
SHA1 bf6def56b07d21046d5dd87d2ce6ae775212796e
SHA256 6a436767e1fc2cfbe9f407a55b890e2402a38674da27b07e97dd79abde2f121b
SHA512 7b7583f4c9c90df220dc2fe7b43803d11bd9085505d252bd2fd6e1fd5f068cd38ac58bcbd4002f4b955060e26f496b3ebbde6fc468f02a9fb0055532e66daee6

C:\Windows\System\qGLcrkO.exe

MD5 ee49ccc09600576c8d3930abfefe88b5
SHA1 4d889f40f2f6d120abc807a1a1185bc7acf959a8
SHA256 073e62c43038374af7ed08b0b40864b5399cdb0b6b5e56be108ab88d85c18b55
SHA512 e313de8df81e0f95ffae054c20bc4dd7296c4c4c409a73a755f9696d8dcf2e25a4d9db1d312270df0b491b842d903943baf5ac4b983b95c5d9ffb84adea4303b

C:\Windows\System\cBGlgJP.exe

MD5 a1cc80c23a35858cec7386c0ec580659
SHA1 5810d1f8c6a820134f3d9c48d25d16a0f99347ae
SHA256 a7123bf0074f16b63e2b0c7da4eb79a39a7f7800364b3fb08850818d605a8c36
SHA512 686f161739006d9d277a348496c35a2acba04fa11b0dc46980bea4889005afce5b8fa2dd33173dcfcdd1e5523ce1d3b9087782fd92fece3a5a5fe436ba220168

C:\Windows\System\Lhhpfic.exe

MD5 1b884051f0666e3545199693d2c1f465
SHA1 d017afb28e2ccd46a2c1b344b0a62cc1ab89d226
SHA256 9d91a0369bc2c8fb987f3149f4918fa48889f09be40153ead17c4a19092ebff0
SHA512 0da4b76049917a76b1194b0538dbb6eca1ef57a9718cfbf517ef3b8742a7a9198d7c285a6181510c79d36abbbf53f2e006050a609baf7356fc96be9780530057

C:\Windows\System\dEcLoZe.exe

MD5 44d65a47c48ac2a424cc37311abdca75
SHA1 7d82185e9394c00b2d0be5e5e360188ec8215eaa
SHA256 55bf5e80f3496754bcaa2805d5fa3702cf8a22fd46f552e78a600eda08b7f836
SHA512 9c837387af1114b9c8bb6227fd62f71d45d0f4842112e86ebe3763ef81b65c7aab845c83ce237644dff2446580b7bd209e5dc32066cda70d77717cbebed55587

C:\Windows\System\fmPahdK.exe

MD5 fbdf2ff51b1064e02c38336483e379f0
SHA1 00041136f443f0640b9d9fa6c8c51f5f86a05d4c
SHA256 44a9ce0770174d8010be637acccab1fe6644bdc1c16e305fbf01198981f47bf2
SHA512 25d71bd0dfe1278f730a8ea6366df75b2ca2952013083ca5fe15f6b7777b466be2c6fb619e41aaa2f89890392798c7f195eefd20adf69ef539f1ea5043ea1fa7

C:\Windows\System\rIvQVIC.exe

MD5 c7f6fcd7d402a83a4ac87b540c08af28
SHA1 7309bcea85596d73d7a8cff7af5803b02c682179
SHA256 594b1d01d4dc6f77540110f31a6e5dbabac41c24cd34aff5e71ab392b22710f6
SHA512 ce2de6c234023b8b0a6c9a239e3d21d5caee9d2e04ff4a8ea531d567ff5398cb4b171d255ac71d4a6828d997f1afd64674ae7da453853b94ee7ac56783802b84

C:\Windows\System\sTAsKBd.exe

MD5 2b35d1c5eebf6c88dc0e13f6d7d935f4
SHA1 7ca4ec86feaa25b0db94f71a274db69784257bf6
SHA256 32d5ceb1471b26dae2273f1ea743a29cffe5ddbba53970823373c6995052aacc
SHA512 454848821ac6622879c184907be2664d4468635b78ee789e38d266e47ba3e59dd7890ebb57fccb238fa04b6885477c07a51f510633aa361a1c326fd10b1e1ce4

C:\Windows\System\YOYuqPJ.exe

MD5 91fc222b3b2fa94c2506a48e1488611e
SHA1 113069dd265fffa2f7b17740c1a920527c36d310
SHA256 e38dd58fd83dba73a39e24f97bbd52f900aa678b9d1e809afee857c4c08a2a3b
SHA512 3e95a130a3abfba97161072f140ae8274c5a2fecad6719e2abbd531b6ee6008638a5a685460e00ee09e48dfad4dca389fe3e3e9f1aec282ea820d3f7e3e26f7e

C:\Windows\System\uxKwWET.exe

MD5 786cb894626faf362ae8c49a74a239bb
SHA1 b961a295f2d8ad6719de85b2005738d835a656bc
SHA256 7e6c4a68035586e9846148c1852c35793f69ba5ae4c0caf67e1105e6003b6ac9
SHA512 a195cb381e0f13a7ad7cac1f04bc62498302759d2918c16b2ad010477f3a196dcb82b72ed91e4d18fd89bcf70e06051ba477175a1ee378104cc348b7832e4b45

C:\Windows\System\FZLmHTh.exe

MD5 4afc984354e03af0a5b79060b484eb18
SHA1 5867eafaa4c1b4cb7e34beef89d9f2de23ee6b83
SHA256 5d503bcf51fd28d6f1bc7ddb0a0ef639a7caeee49556f3f3201ea9901d9871e4
SHA512 3c3014de67d6704d05bf8542d86fd799c3396e26210a91b1f2f26fd56cc044bbff4d9d4309c4c2d3f308c3236a6ba81b8e0425edb0a8bc194b1b08b0a84d68ca

memory/4572-684-0x00007FF7B1EE0000-0x00007FF7B2234000-memory.dmp

memory/4052-685-0x00007FF6BAA70000-0x00007FF6BADC4000-memory.dmp

C:\Windows\System\dJJcXZp.exe

MD5 4603ed0d1355b6320986ccb44e2c5b10
SHA1 e566a7139fb64063a739e9933c29135c2b96d0f5
SHA256 b8b2f6c021a706552979861236152515aece2db565ae1f5818d3a7e747f130c5
SHA512 2e80eef5ac2e68f280896700600b792a956c188995dc57890f1f5e7e64b481e96450419d570d61e2132efb18446cfe8eefaf5e25b2d3545adbebd5880823b957

C:\Windows\System\jXqWfRi.exe

MD5 19da44eb7701760a022e4e7b2263d56d
SHA1 2ce17324913b3b4238537fb7566a8014682cf734
SHA256 68708c0bb76c0b4678ff40c157827a30f6ff00cd9f65dbd80e82d17b6e003235
SHA512 9c450d6562906d2320b47bace10927667c31876f819a63143273d0efa279469882d5c21500bb812b36a90342e54e7abc7853b0a5d623222ccbb9ea52f2d300f9

C:\Windows\System\tOzlDld.exe

MD5 163c05a8bf1c324f2120aa9c89fdd8bc
SHA1 f86c10bd7c9bcece709f8f349f11ec47365df42a
SHA256 1b5159456c27d4bdcf6286d876287a33f42b940f13e27299114bea2e3ebe06b1
SHA512 5f8a864787fc967207f5f8d76c8f8b905ec7d57f2e60ea7cc812b89255d23fa6a53a8ea680e5a996e826b700b9de60fc2f4e1cadbbfbb9050fa2f63c6ba73b8f

C:\Windows\System\xStSIpg.exe

MD5 8fb8774fcb45d0fd45b5fa5a277dae6c
SHA1 bfb1952505d14e1a4694fc5d9a84883930b6324e
SHA256 6bbb0dc4c71245d7a35b233ceac5fc23e071ad23e39261458cf31fddec0e311b
SHA512 b4587593d936598decf1c55e7aa943bdd9c8af2bf0a907d82349b4ae6c1b35f701948a3ced922029ccaf48a0a66e30db57384892c95e9be7eaf54f4dc5334606

C:\Windows\System\PrnXlmt.exe

MD5 ee440be6ff2f1d6c7ad63d95d865294a
SHA1 6d7352b9e2d66ae55ee0c3c74eacc8a33094fbf2
SHA256 3763477422d7dcd79530887f5308e5ebe12148b2d0caf2b572fd447ecfed8854
SHA512 36801c55a68e0b2f482c1eda85f54f70d9275ed6e871684c23b330d268222cd909c2b6522861db0fcd9c573461214252ab651b88a3491f7214eabbe20f328d06

C:\Windows\System\tmjMOfv.exe

MD5 5e96876c33ac8c64d32902d3faf400d7
SHA1 389f277593811b2d81b161a52a0dfcbc7543525c
SHA256 2f809a885912b8ffb07f05d73510107967067fecdb359e8c1ab187ba03be8ee1
SHA512 01d99881fc948d60dee6f6ca2dc00b174a72baeb553ccb8ad9a234264bb9a533de3c02bc24b1c651d33f15934fb2e544f283dbe128e15d644baa456ab4fd8975

C:\Windows\System\MteMJMk.exe

MD5 f05a9a413456a32d28324acd749d7d11
SHA1 484389df70c7121bb204b5f9c0de2de91f7df10b
SHA256 2f3cdabb92d26caf6dcbdfc5ae65474791c724af1c2ba212c7afbe4a066cecdb
SHA512 6959c86980215a8796c8e7b2a781dd5dfd05f74ae5f586118e3f9510038966be9b0218a811a517e87e9e506d10d40b22c9bcb0ef083e9becf4dcb67b69648b99

C:\Windows\System\PHqMlRQ.exe

MD5 24b032e6ac771712c8c673dbfdecfcd1
SHA1 e4d1ccc917c92b027dea407640e13190d6fbbe80
SHA256 9cf9961d10c0dae05703ecddadbef424da39259cd79ce82480da2fbca2ca77b2
SHA512 fa3aa817a0f230be8c7610f4067ee365ec102b45eba00485a32e91dcbfc5d93990021c396c14ea2a0ac0452f8904a2a56aecf12827b2ba9b17d83fba77358fcd

memory/1680-41-0x00007FF6C40B0000-0x00007FF6C4404000-memory.dmp

memory/4688-37-0x00007FF662600000-0x00007FF662954000-memory.dmp

memory/3340-36-0x00007FF7D9580000-0x00007FF7D98D4000-memory.dmp

C:\Windows\System\qDsWrDw.exe

MD5 86f979b2fe94e4013fb3b58e45ef1a92
SHA1 e3deda562a4edb2b82edb66cdf4511e22add50ba
SHA256 3515722849a66ec9e23e52a5883710517867eeee6f2a355297bf59cc0a428fd4
SHA512 939a0a68fb7dc686dc38e34473ac47fa53a17522faa06234b12190906511171802fddcc9bd92ce1bd7f0962439b046dd193569fca803c45bb1b6a9068399e1c8

memory/3108-29-0x00007FF785CF0000-0x00007FF786044000-memory.dmp

C:\Windows\System\BzBFyqm.exe

MD5 74427e9dfa7710a5a6302d88569cbd0d
SHA1 8cf6afb22c603c5d5d473fce53096870ca574e60
SHA256 942c1a12a97affe2b474925bf6a3d5ae32b47015ad6e5bc716ff8d097d0733df
SHA512 49a862d097a54a5703bf4d7873a965c42ff12b647dbe6ce78da845f36aa81cf045744daa2b5fd900de3d7e204983c56291a46ce6937c74d583f4c78f015c2952

memory/1588-21-0x00007FF7BA9C0000-0x00007FF7BAD14000-memory.dmp

memory/1288-686-0x00007FF691DE0000-0x00007FF692134000-memory.dmp

memory/4720-701-0x00007FF748220000-0x00007FF748574000-memory.dmp

memory/4204-705-0x00007FF7352B0000-0x00007FF735604000-memory.dmp

memory/2168-710-0x00007FF6C3CA0000-0x00007FF6C3FF4000-memory.dmp

memory/3928-713-0x00007FF7BB420000-0x00007FF7BB774000-memory.dmp

memory/2916-734-0x00007FF79F470000-0x00007FF79F7C4000-memory.dmp

memory/2364-746-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp

memory/220-743-0x00007FF7CC2E0000-0x00007FF7CC634000-memory.dmp

memory/5060-742-0x00007FF70B9A0000-0x00007FF70BCF4000-memory.dmp

memory/4132-759-0x00007FF7B7600000-0x00007FF7B7954000-memory.dmp

memory/3288-760-0x00007FF6DEFB0000-0x00007FF6DF304000-memory.dmp

memory/3488-763-0x00007FF6B2010000-0x00007FF6B2364000-memory.dmp

memory/2192-758-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp

memory/2436-728-0x00007FF787820000-0x00007FF787B74000-memory.dmp

memory/656-722-0x00007FF695870000-0x00007FF695BC4000-memory.dmp

memory/1052-718-0x00007FF79A0C0000-0x00007FF79A414000-memory.dmp

memory/4776-717-0x00007FF6C1B70000-0x00007FF6C1EC4000-memory.dmp

memory/3880-2096-0x00007FF731DD0000-0x00007FF732124000-memory.dmp

memory/1588-2097-0x00007FF7BA9C0000-0x00007FF7BAD14000-memory.dmp

memory/3340-2098-0x00007FF7D9580000-0x00007FF7D98D4000-memory.dmp

memory/1680-2099-0x00007FF6C40B0000-0x00007FF6C4404000-memory.dmp

memory/3456-2100-0x00007FF677230000-0x00007FF677584000-memory.dmp

memory/4508-2101-0x00007FF605EC0000-0x00007FF606214000-memory.dmp

memory/3108-2102-0x00007FF785CF0000-0x00007FF786044000-memory.dmp

memory/1588-2103-0x00007FF7BA9C0000-0x00007FF7BAD14000-memory.dmp

memory/4688-2104-0x00007FF662600000-0x00007FF662954000-memory.dmp

memory/3340-2105-0x00007FF7D9580000-0x00007FF7D98D4000-memory.dmp

memory/1680-2106-0x00007FF6C40B0000-0x00007FF6C4404000-memory.dmp

memory/3456-2107-0x00007FF677230000-0x00007FF677584000-memory.dmp

memory/3488-2108-0x00007FF6B2010000-0x00007FF6B2364000-memory.dmp

memory/3036-2109-0x00007FF6AE4A0000-0x00007FF6AE7F4000-memory.dmp

memory/4572-2111-0x00007FF7B1EE0000-0x00007FF7B2234000-memory.dmp

memory/2168-2116-0x00007FF6C3CA0000-0x00007FF6C3FF4000-memory.dmp

memory/4720-2117-0x00007FF748220000-0x00007FF748574000-memory.dmp

memory/4204-2115-0x00007FF7352B0000-0x00007FF735604000-memory.dmp

memory/1288-2114-0x00007FF691DE0000-0x00007FF692134000-memory.dmp

memory/4052-2113-0x00007FF6BAA70000-0x00007FF6BADC4000-memory.dmp

memory/1708-2112-0x00007FF71B1F0000-0x00007FF71B544000-memory.dmp

memory/916-2110-0x00007FF7F87E0000-0x00007FF7F8B34000-memory.dmp

memory/3928-2118-0x00007FF7BB420000-0x00007FF7BB774000-memory.dmp

memory/4776-2119-0x00007FF6C1B70000-0x00007FF6C1EC4000-memory.dmp

memory/1052-2127-0x00007FF79A0C0000-0x00007FF79A414000-memory.dmp

memory/3288-2129-0x00007FF6DEFB0000-0x00007FF6DF304000-memory.dmp

memory/5060-2128-0x00007FF70B9A0000-0x00007FF70BCF4000-memory.dmp

memory/2436-2126-0x00007FF787820000-0x00007FF787B74000-memory.dmp

memory/656-2125-0x00007FF695870000-0x00007FF695BC4000-memory.dmp

memory/4132-2124-0x00007FF7B7600000-0x00007FF7B7954000-memory.dmp

memory/2192-2123-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp

memory/220-2122-0x00007FF7CC2E0000-0x00007FF7CC634000-memory.dmp

memory/2916-2121-0x00007FF79F470000-0x00007FF79F7C4000-memory.dmp

memory/2364-2120-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp