Malware Analysis Report

2024-11-16 11:39

Sample ID 240612-jacj3svalr
Target 27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe
SHA256 1158008754e3b72449a53f3b833ea048afdaab95803bf3d5032c288672e06735
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1158008754e3b72449a53f3b833ea048afdaab95803bf3d5032c288672e06735

Threat Level: Known bad

The file 27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 07:27

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 07:27

Reported

2024-06-12 07:30

Platform

win7-20240508-en

Max time kernel

149s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\OzFnFAa.exe N/A
N/A N/A C:\Windows\System\TTyHSHt.exe N/A
N/A N/A C:\Windows\System\KfHaEAS.exe N/A
N/A N/A C:\Windows\System\YYOkRZL.exe N/A
N/A N/A C:\Windows\System\GuPjdVm.exe N/A
N/A N/A C:\Windows\System\cKfEuVF.exe N/A
N/A N/A C:\Windows\System\XYyzirE.exe N/A
N/A N/A C:\Windows\System\KUuLKQD.exe N/A
N/A N/A C:\Windows\System\ZZMHvUM.exe N/A
N/A N/A C:\Windows\System\xNXdiQz.exe N/A
N/A N/A C:\Windows\System\iyajeky.exe N/A
N/A N/A C:\Windows\System\KvJcCUA.exe N/A
N/A N/A C:\Windows\System\MDjnbnZ.exe N/A
N/A N/A C:\Windows\System\XXXkYTx.exe N/A
N/A N/A C:\Windows\System\ekrbrlq.exe N/A
N/A N/A C:\Windows\System\CVixTYE.exe N/A
N/A N/A C:\Windows\System\lsOHAkI.exe N/A
N/A N/A C:\Windows\System\jOPzMKr.exe N/A
N/A N/A C:\Windows\System\ElHUOhD.exe N/A
N/A N/A C:\Windows\System\PQonJwA.exe N/A
N/A N/A C:\Windows\System\jfwXkax.exe N/A
N/A N/A C:\Windows\System\MYGOlsR.exe N/A
N/A N/A C:\Windows\System\wcfSTkf.exe N/A
N/A N/A C:\Windows\System\RHtZOJs.exe N/A
N/A N/A C:\Windows\System\LBuhsBg.exe N/A
N/A N/A C:\Windows\System\sdodMxZ.exe N/A
N/A N/A C:\Windows\System\kDRNHuX.exe N/A
N/A N/A C:\Windows\System\ZviQAsi.exe N/A
N/A N/A C:\Windows\System\BdREBjN.exe N/A
N/A N/A C:\Windows\System\FLfCgUb.exe N/A
N/A N/A C:\Windows\System\OOGdlqM.exe N/A
N/A N/A C:\Windows\System\BaRNATr.exe N/A
N/A N/A C:\Windows\System\tTdzSTH.exe N/A
N/A N/A C:\Windows\System\NvyUnWi.exe N/A
N/A N/A C:\Windows\System\UJHoOEA.exe N/A
N/A N/A C:\Windows\System\HaplXDT.exe N/A
N/A N/A C:\Windows\System\zXhBkUb.exe N/A
N/A N/A C:\Windows\System\iNUIIHX.exe N/A
N/A N/A C:\Windows\System\FdkMDBP.exe N/A
N/A N/A C:\Windows\System\nTJtAwI.exe N/A
N/A N/A C:\Windows\System\tbscXeJ.exe N/A
N/A N/A C:\Windows\System\aENFiaH.exe N/A
N/A N/A C:\Windows\System\pTaqXLy.exe N/A
N/A N/A C:\Windows\System\eixcYud.exe N/A
N/A N/A C:\Windows\System\KFkhLiC.exe N/A
N/A N/A C:\Windows\System\XfQYYEi.exe N/A
N/A N/A C:\Windows\System\OBPHalI.exe N/A
N/A N/A C:\Windows\System\Yqkpswo.exe N/A
N/A N/A C:\Windows\System\LtLkbsb.exe N/A
N/A N/A C:\Windows\System\UGIhjZl.exe N/A
N/A N/A C:\Windows\System\cnWUFfk.exe N/A
N/A N/A C:\Windows\System\GEkROLO.exe N/A
N/A N/A C:\Windows\System\mBuxxrf.exe N/A
N/A N/A C:\Windows\System\KcgIskD.exe N/A
N/A N/A C:\Windows\System\xnBnGbq.exe N/A
N/A N/A C:\Windows\System\fRMntIe.exe N/A
N/A N/A C:\Windows\System\tBsyuTt.exe N/A
N/A N/A C:\Windows\System\cJxLhXy.exe N/A
N/A N/A C:\Windows\System\rVCFIXG.exe N/A
N/A N/A C:\Windows\System\zFgjtYr.exe N/A
N/A N/A C:\Windows\System\KwzaXPx.exe N/A
N/A N/A C:\Windows\System\QUMUIMu.exe N/A
N/A N/A C:\Windows\System\TIjeEvL.exe N/A
N/A N/A C:\Windows\System\CyMrrVB.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NVSCLwS.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\mZFrqxW.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\YEGRMgw.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\CIlkPWg.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\copkcZB.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\SlzWqbc.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhHpLVT.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEgrgDR.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\YEQkZUD.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\WbdDLIs.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\hIkrwpt.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DsPWyjW.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\qEopTgp.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHTqNLY.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDmbztR.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\easfwAU.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\hKYvtMk.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\TUgYTYQ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\woUQMtc.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFfiiwg.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\zixYUlY.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\CVhgMxw.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NUMGjwh.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmpcoNL.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\hCvKirL.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\awBczhi.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJrWifD.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\lVvKeSJ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\WiWkgYk.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\mDFevsM.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\GSzCExr.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\qaKQDmV.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRnlhLq.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdAmFmh.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpdOoOR.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\iglasca.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\UMkcfkp.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\lBARHIX.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\qSceDkX.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\QZvHsiL.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckBfkPC.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtzPrKK.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\VjLHIqK.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\hYctKZa.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\oaXxxQE.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\BFDJRqc.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbAoyLK.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFoSeov.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\lvXNiFN.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\oFJqwmq.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqnBwmS.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAsrGNm.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRAvmMW.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\XdKhBbJ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\mbshCiJ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\tAuHVrS.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\LRumnsz.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLULKdP.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rxQMjZP.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\WoLHFxg.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\PucRZXJ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\vWgzxPr.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\lfemLNm.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\oOVQHVN.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3052 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3052 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3052 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3052 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\OzFnFAa.exe
PID 3052 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\OzFnFAa.exe
PID 3052 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\OzFnFAa.exe
PID 3052 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\TTyHSHt.exe
PID 3052 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\TTyHSHt.exe
PID 3052 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\TTyHSHt.exe
PID 3052 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KfHaEAS.exe
PID 3052 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KfHaEAS.exe
PID 3052 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KfHaEAS.exe
PID 3052 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YYOkRZL.exe
PID 3052 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YYOkRZL.exe
PID 3052 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YYOkRZL.exe
PID 3052 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\GuPjdVm.exe
PID 3052 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\GuPjdVm.exe
PID 3052 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\GuPjdVm.exe
PID 3052 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\cKfEuVF.exe
PID 3052 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\cKfEuVF.exe
PID 3052 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\cKfEuVF.exe
PID 3052 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\XYyzirE.exe
PID 3052 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\XYyzirE.exe
PID 3052 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\XYyzirE.exe
PID 3052 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KUuLKQD.exe
PID 3052 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KUuLKQD.exe
PID 3052 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KUuLKQD.exe
PID 3052 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ZZMHvUM.exe
PID 3052 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ZZMHvUM.exe
PID 3052 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ZZMHvUM.exe
PID 3052 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\xNXdiQz.exe
PID 3052 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\xNXdiQz.exe
PID 3052 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\xNXdiQz.exe
PID 3052 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\iyajeky.exe
PID 3052 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\iyajeky.exe
PID 3052 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\iyajeky.exe
PID 3052 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KvJcCUA.exe
PID 3052 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KvJcCUA.exe
PID 3052 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\KvJcCUA.exe
PID 3052 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\MDjnbnZ.exe
PID 3052 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\MDjnbnZ.exe
PID 3052 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\MDjnbnZ.exe
PID 3052 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\XXXkYTx.exe
PID 3052 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\XXXkYTx.exe
PID 3052 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\XXXkYTx.exe
PID 3052 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ekrbrlq.exe
PID 3052 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ekrbrlq.exe
PID 3052 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ekrbrlq.exe
PID 3052 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\CVixTYE.exe
PID 3052 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\CVixTYE.exe
PID 3052 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\CVixTYE.exe
PID 3052 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\lsOHAkI.exe
PID 3052 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\lsOHAkI.exe
PID 3052 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\lsOHAkI.exe
PID 3052 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jOPzMKr.exe
PID 3052 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jOPzMKr.exe
PID 3052 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jOPzMKr.exe
PID 3052 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ElHUOhD.exe
PID 3052 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ElHUOhD.exe
PID 3052 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ElHUOhD.exe
PID 3052 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jfwXkax.exe
PID 3052 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jfwXkax.exe
PID 3052 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jfwXkax.exe
PID 3052 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\PQonJwA.exe

Processes

C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\OzFnFAa.exe

C:\Windows\System\OzFnFAa.exe

C:\Windows\System\TTyHSHt.exe

C:\Windows\System\TTyHSHt.exe

C:\Windows\System\KfHaEAS.exe

C:\Windows\System\KfHaEAS.exe

C:\Windows\System\YYOkRZL.exe

C:\Windows\System\YYOkRZL.exe

C:\Windows\System\GuPjdVm.exe

C:\Windows\System\GuPjdVm.exe

C:\Windows\System\cKfEuVF.exe

C:\Windows\System\cKfEuVF.exe

C:\Windows\System\XYyzirE.exe

C:\Windows\System\XYyzirE.exe

C:\Windows\System\KUuLKQD.exe

C:\Windows\System\KUuLKQD.exe

C:\Windows\System\ZZMHvUM.exe

C:\Windows\System\ZZMHvUM.exe

C:\Windows\System\xNXdiQz.exe

C:\Windows\System\xNXdiQz.exe

C:\Windows\System\iyajeky.exe

C:\Windows\System\iyajeky.exe

C:\Windows\System\KvJcCUA.exe

C:\Windows\System\KvJcCUA.exe

C:\Windows\System\MDjnbnZ.exe

C:\Windows\System\MDjnbnZ.exe

C:\Windows\System\XXXkYTx.exe

C:\Windows\System\XXXkYTx.exe

C:\Windows\System\ekrbrlq.exe

C:\Windows\System\ekrbrlq.exe

C:\Windows\System\CVixTYE.exe

C:\Windows\System\CVixTYE.exe

C:\Windows\System\lsOHAkI.exe

C:\Windows\System\lsOHAkI.exe

C:\Windows\System\jOPzMKr.exe

C:\Windows\System\jOPzMKr.exe

C:\Windows\System\ElHUOhD.exe

C:\Windows\System\ElHUOhD.exe

C:\Windows\System\jfwXkax.exe

C:\Windows\System\jfwXkax.exe

C:\Windows\System\PQonJwA.exe

C:\Windows\System\PQonJwA.exe

C:\Windows\System\wcfSTkf.exe

C:\Windows\System\wcfSTkf.exe

C:\Windows\System\MYGOlsR.exe

C:\Windows\System\MYGOlsR.exe

C:\Windows\System\UJHoOEA.exe

C:\Windows\System\UJHoOEA.exe

C:\Windows\System\RHtZOJs.exe

C:\Windows\System\RHtZOJs.exe

C:\Windows\System\FdkMDBP.exe

C:\Windows\System\FdkMDBP.exe

C:\Windows\System\LBuhsBg.exe

C:\Windows\System\LBuhsBg.exe

C:\Windows\System\KFkhLiC.exe

C:\Windows\System\KFkhLiC.exe

C:\Windows\System\sdodMxZ.exe

C:\Windows\System\sdodMxZ.exe

C:\Windows\System\xnBnGbq.exe

C:\Windows\System\xnBnGbq.exe

C:\Windows\System\kDRNHuX.exe

C:\Windows\System\kDRNHuX.exe

C:\Windows\System\KwzaXPx.exe

C:\Windows\System\KwzaXPx.exe

C:\Windows\System\ZviQAsi.exe

C:\Windows\System\ZviQAsi.exe

C:\Windows\System\TIjeEvL.exe

C:\Windows\System\TIjeEvL.exe

C:\Windows\System\BdREBjN.exe

C:\Windows\System\BdREBjN.exe

C:\Windows\System\CyMrrVB.exe

C:\Windows\System\CyMrrVB.exe

C:\Windows\System\FLfCgUb.exe

C:\Windows\System\FLfCgUb.exe

C:\Windows\System\TiHYMtW.exe

C:\Windows\System\TiHYMtW.exe

C:\Windows\System\OOGdlqM.exe

C:\Windows\System\OOGdlqM.exe

C:\Windows\System\ThBUWFo.exe

C:\Windows\System\ThBUWFo.exe

C:\Windows\System\BaRNATr.exe

C:\Windows\System\BaRNATr.exe

C:\Windows\System\gLdiiWP.exe

C:\Windows\System\gLdiiWP.exe

C:\Windows\System\tTdzSTH.exe

C:\Windows\System\tTdzSTH.exe

C:\Windows\System\BsJpzKe.exe

C:\Windows\System\BsJpzKe.exe

C:\Windows\System\NvyUnWi.exe

C:\Windows\System\NvyUnWi.exe

C:\Windows\System\fCGUcBQ.exe

C:\Windows\System\fCGUcBQ.exe

C:\Windows\System\HaplXDT.exe

C:\Windows\System\HaplXDT.exe

C:\Windows\System\zlzBrlS.exe

C:\Windows\System\zlzBrlS.exe

C:\Windows\System\zXhBkUb.exe

C:\Windows\System\zXhBkUb.exe

C:\Windows\System\dUijXlt.exe

C:\Windows\System\dUijXlt.exe

C:\Windows\System\iNUIIHX.exe

C:\Windows\System\iNUIIHX.exe

C:\Windows\System\clNAgka.exe

C:\Windows\System\clNAgka.exe

C:\Windows\System\nTJtAwI.exe

C:\Windows\System\nTJtAwI.exe

C:\Windows\System\pmQzTcS.exe

C:\Windows\System\pmQzTcS.exe

C:\Windows\System\tbscXeJ.exe

C:\Windows\System\tbscXeJ.exe

C:\Windows\System\efpDiPQ.exe

C:\Windows\System\efpDiPQ.exe

C:\Windows\System\aENFiaH.exe

C:\Windows\System\aENFiaH.exe

C:\Windows\System\HcbaOPa.exe

C:\Windows\System\HcbaOPa.exe

C:\Windows\System\pTaqXLy.exe

C:\Windows\System\pTaqXLy.exe

C:\Windows\System\aOMEcal.exe

C:\Windows\System\aOMEcal.exe

C:\Windows\System\eixcYud.exe

C:\Windows\System\eixcYud.exe

C:\Windows\System\LqJSUoM.exe

C:\Windows\System\LqJSUoM.exe

C:\Windows\System\XfQYYEi.exe

C:\Windows\System\XfQYYEi.exe

C:\Windows\System\MSeVjsC.exe

C:\Windows\System\MSeVjsC.exe

C:\Windows\System\OBPHalI.exe

C:\Windows\System\OBPHalI.exe

C:\Windows\System\vHZUsvh.exe

C:\Windows\System\vHZUsvh.exe

C:\Windows\System\Yqkpswo.exe

C:\Windows\System\Yqkpswo.exe

C:\Windows\System\BDOlQrp.exe

C:\Windows\System\BDOlQrp.exe

C:\Windows\System\LtLkbsb.exe

C:\Windows\System\LtLkbsb.exe

C:\Windows\System\cMjXKGx.exe

C:\Windows\System\cMjXKGx.exe

C:\Windows\System\UGIhjZl.exe

C:\Windows\System\UGIhjZl.exe

C:\Windows\System\WigneqW.exe

C:\Windows\System\WigneqW.exe

C:\Windows\System\cnWUFfk.exe

C:\Windows\System\cnWUFfk.exe

C:\Windows\System\vwPnZst.exe

C:\Windows\System\vwPnZst.exe

C:\Windows\System\GEkROLO.exe

C:\Windows\System\GEkROLO.exe

C:\Windows\System\hrgAuuq.exe

C:\Windows\System\hrgAuuq.exe

C:\Windows\System\mBuxxrf.exe

C:\Windows\System\mBuxxrf.exe

C:\Windows\System\UkdTBaF.exe

C:\Windows\System\UkdTBaF.exe

C:\Windows\System\KcgIskD.exe

C:\Windows\System\KcgIskD.exe

C:\Windows\System\lByxuha.exe

C:\Windows\System\lByxuha.exe

C:\Windows\System\fRMntIe.exe

C:\Windows\System\fRMntIe.exe

C:\Windows\System\sGlotxA.exe

C:\Windows\System\sGlotxA.exe

C:\Windows\System\tBsyuTt.exe

C:\Windows\System\tBsyuTt.exe

C:\Windows\System\kuWnJJb.exe

C:\Windows\System\kuWnJJb.exe

C:\Windows\System\cJxLhXy.exe

C:\Windows\System\cJxLhXy.exe

C:\Windows\System\ywuFwwd.exe

C:\Windows\System\ywuFwwd.exe

C:\Windows\System\rVCFIXG.exe

C:\Windows\System\rVCFIXG.exe

C:\Windows\System\UmsxZZc.exe

C:\Windows\System\UmsxZZc.exe

C:\Windows\System\zFgjtYr.exe

C:\Windows\System\zFgjtYr.exe

C:\Windows\System\QcLbmCo.exe

C:\Windows\System\QcLbmCo.exe

C:\Windows\System\QUMUIMu.exe

C:\Windows\System\QUMUIMu.exe

C:\Windows\System\UFkGtgH.exe

C:\Windows\System\UFkGtgH.exe

C:\Windows\System\CKGchlI.exe

C:\Windows\System\CKGchlI.exe

C:\Windows\System\JrMilyG.exe

C:\Windows\System\JrMilyG.exe

C:\Windows\System\bmOWhQO.exe

C:\Windows\System\bmOWhQO.exe

C:\Windows\System\cmZqgzz.exe

C:\Windows\System\cmZqgzz.exe

C:\Windows\System\DBOmXkQ.exe

C:\Windows\System\DBOmXkQ.exe

C:\Windows\System\GpVtGQT.exe

C:\Windows\System\GpVtGQT.exe

C:\Windows\System\iwdWkhj.exe

C:\Windows\System\iwdWkhj.exe

C:\Windows\System\xceiwLq.exe

C:\Windows\System\xceiwLq.exe

C:\Windows\System\jEzkILm.exe

C:\Windows\System\jEzkILm.exe

C:\Windows\System\VjZoPWe.exe

C:\Windows\System\VjZoPWe.exe

C:\Windows\System\VWtTzWH.exe

C:\Windows\System\VWtTzWH.exe

C:\Windows\System\mnOPxoT.exe

C:\Windows\System\mnOPxoT.exe

C:\Windows\System\ACHeDJg.exe

C:\Windows\System\ACHeDJg.exe

C:\Windows\System\HseomOv.exe

C:\Windows\System\HseomOv.exe

C:\Windows\System\OnsVXhZ.exe

C:\Windows\System\OnsVXhZ.exe

C:\Windows\System\supZnLh.exe

C:\Windows\System\supZnLh.exe

C:\Windows\System\dFQFdkR.exe

C:\Windows\System\dFQFdkR.exe

C:\Windows\System\UMQmyCB.exe

C:\Windows\System\UMQmyCB.exe

C:\Windows\System\dVcEDGu.exe

C:\Windows\System\dVcEDGu.exe

C:\Windows\System\DfASfSn.exe

C:\Windows\System\DfASfSn.exe

C:\Windows\System\mrJaoQQ.exe

C:\Windows\System\mrJaoQQ.exe

C:\Windows\System\UHfaPyW.exe

C:\Windows\System\UHfaPyW.exe

C:\Windows\System\FhgQgDk.exe

C:\Windows\System\FhgQgDk.exe

C:\Windows\System\LHhWfLH.exe

C:\Windows\System\LHhWfLH.exe

C:\Windows\System\oqHGVhU.exe

C:\Windows\System\oqHGVhU.exe

C:\Windows\System\ZFSbCIA.exe

C:\Windows\System\ZFSbCIA.exe

C:\Windows\System\Huofmvr.exe

C:\Windows\System\Huofmvr.exe

C:\Windows\System\pcEaxVU.exe

C:\Windows\System\pcEaxVU.exe

C:\Windows\System\Tzojvrv.exe

C:\Windows\System\Tzojvrv.exe

C:\Windows\System\YRkGWrI.exe

C:\Windows\System\YRkGWrI.exe

C:\Windows\System\LoYOkOS.exe

C:\Windows\System\LoYOkOS.exe

C:\Windows\System\szQcOao.exe

C:\Windows\System\szQcOao.exe

C:\Windows\System\bXCBBAs.exe

C:\Windows\System\bXCBBAs.exe

C:\Windows\System\HAFxLhw.exe

C:\Windows\System\HAFxLhw.exe

C:\Windows\System\XhDqtuc.exe

C:\Windows\System\XhDqtuc.exe

C:\Windows\System\PShhlgn.exe

C:\Windows\System\PShhlgn.exe

C:\Windows\System\BmVXMuZ.exe

C:\Windows\System\BmVXMuZ.exe

C:\Windows\System\tILyFVV.exe

C:\Windows\System\tILyFVV.exe

C:\Windows\System\wJjuqon.exe

C:\Windows\System\wJjuqon.exe

C:\Windows\System\xsuLrqQ.exe

C:\Windows\System\xsuLrqQ.exe

C:\Windows\System\BgUyBfF.exe

C:\Windows\System\BgUyBfF.exe

C:\Windows\System\TrqBXcP.exe

C:\Windows\System\TrqBXcP.exe

C:\Windows\System\DGvjlcF.exe

C:\Windows\System\DGvjlcF.exe

C:\Windows\System\PkgxViN.exe

C:\Windows\System\PkgxViN.exe

C:\Windows\System\eUMsZGa.exe

C:\Windows\System\eUMsZGa.exe

C:\Windows\System\XTZaHDT.exe

C:\Windows\System\XTZaHDT.exe

C:\Windows\System\wzQIdMG.exe

C:\Windows\System\wzQIdMG.exe

C:\Windows\System\TZjHPsq.exe

C:\Windows\System\TZjHPsq.exe

C:\Windows\System\gQjJKny.exe

C:\Windows\System\gQjJKny.exe

C:\Windows\System\xXMQvRr.exe

C:\Windows\System\xXMQvRr.exe

C:\Windows\System\KqApbza.exe

C:\Windows\System\KqApbza.exe

C:\Windows\System\BFhXTxR.exe

C:\Windows\System\BFhXTxR.exe

C:\Windows\System\QYDmLlB.exe

C:\Windows\System\QYDmLlB.exe

C:\Windows\System\yGpetYZ.exe

C:\Windows\System\yGpetYZ.exe

C:\Windows\System\bZQxBku.exe

C:\Windows\System\bZQxBku.exe

C:\Windows\System\cYJSDtn.exe

C:\Windows\System\cYJSDtn.exe

C:\Windows\System\tDwlwzT.exe

C:\Windows\System\tDwlwzT.exe

C:\Windows\System\TGyLRpK.exe

C:\Windows\System\TGyLRpK.exe

C:\Windows\System\VSyUAKS.exe

C:\Windows\System\VSyUAKS.exe

C:\Windows\System\JsWDXNs.exe

C:\Windows\System\JsWDXNs.exe

C:\Windows\System\razQiEU.exe

C:\Windows\System\razQiEU.exe

C:\Windows\System\FndDcKQ.exe

C:\Windows\System\FndDcKQ.exe

C:\Windows\System\PTPQbig.exe

C:\Windows\System\PTPQbig.exe

C:\Windows\System\xvhvrjf.exe

C:\Windows\System\xvhvrjf.exe

C:\Windows\System\BEVsMgf.exe

C:\Windows\System\BEVsMgf.exe

C:\Windows\System\hxUdQBw.exe

C:\Windows\System\hxUdQBw.exe

C:\Windows\System\ALaiYmY.exe

C:\Windows\System\ALaiYmY.exe

C:\Windows\System\kUpvrmm.exe

C:\Windows\System\kUpvrmm.exe

C:\Windows\System\IhbXAqA.exe

C:\Windows\System\IhbXAqA.exe

C:\Windows\System\PWNSGIb.exe

C:\Windows\System\PWNSGIb.exe

C:\Windows\System\RfbGmNm.exe

C:\Windows\System\RfbGmNm.exe

C:\Windows\System\aZcOmOk.exe

C:\Windows\System\aZcOmOk.exe

C:\Windows\System\OuWXrsS.exe

C:\Windows\System\OuWXrsS.exe

C:\Windows\System\yyXQfMn.exe

C:\Windows\System\yyXQfMn.exe

C:\Windows\System\gowBWLn.exe

C:\Windows\System\gowBWLn.exe

C:\Windows\System\VqNDUZS.exe

C:\Windows\System\VqNDUZS.exe

C:\Windows\System\NMxKnXD.exe

C:\Windows\System\NMxKnXD.exe

C:\Windows\System\bpecCcY.exe

C:\Windows\System\bpecCcY.exe

C:\Windows\System\oUdNcan.exe

C:\Windows\System\oUdNcan.exe

C:\Windows\System\SeoQxHm.exe

C:\Windows\System\SeoQxHm.exe

C:\Windows\System\SgvIFIv.exe

C:\Windows\System\SgvIFIv.exe

C:\Windows\System\cEbDBXg.exe

C:\Windows\System\cEbDBXg.exe

C:\Windows\System\TXmSwhI.exe

C:\Windows\System\TXmSwhI.exe

C:\Windows\System\oWYlalM.exe

C:\Windows\System\oWYlalM.exe

C:\Windows\System\lKucYFm.exe

C:\Windows\System\lKucYFm.exe

C:\Windows\System\kkuwiGv.exe

C:\Windows\System\kkuwiGv.exe

C:\Windows\System\GhPunGa.exe

C:\Windows\System\GhPunGa.exe

C:\Windows\System\sQVngTS.exe

C:\Windows\System\sQVngTS.exe

C:\Windows\System\mnXdCpE.exe

C:\Windows\System\mnXdCpE.exe

C:\Windows\System\HDUHiyM.exe

C:\Windows\System\HDUHiyM.exe

C:\Windows\System\JQEWWIT.exe

C:\Windows\System\JQEWWIT.exe

C:\Windows\System\xKObinQ.exe

C:\Windows\System\xKObinQ.exe

C:\Windows\System\HNTUghm.exe

C:\Windows\System\HNTUghm.exe

C:\Windows\System\dnPDWmL.exe

C:\Windows\System\dnPDWmL.exe

C:\Windows\System\CVAHUTP.exe

C:\Windows\System\CVAHUTP.exe

C:\Windows\System\QWBdkDQ.exe

C:\Windows\System\QWBdkDQ.exe

C:\Windows\System\ERIUgJg.exe

C:\Windows\System\ERIUgJg.exe

C:\Windows\System\aQInbaD.exe

C:\Windows\System\aQInbaD.exe

C:\Windows\System\uGRliME.exe

C:\Windows\System\uGRliME.exe

C:\Windows\System\HXSUeuc.exe

C:\Windows\System\HXSUeuc.exe

C:\Windows\System\sFPyroo.exe

C:\Windows\System\sFPyroo.exe

C:\Windows\System\gyyWJml.exe

C:\Windows\System\gyyWJml.exe

C:\Windows\System\RIllLWp.exe

C:\Windows\System\RIllLWp.exe

C:\Windows\System\InOPwxq.exe

C:\Windows\System\InOPwxq.exe

C:\Windows\System\VRoetcy.exe

C:\Windows\System\VRoetcy.exe

C:\Windows\System\RmqzWmI.exe

C:\Windows\System\RmqzWmI.exe

C:\Windows\System\NtqVZoi.exe

C:\Windows\System\NtqVZoi.exe

C:\Windows\System\dnSgbBY.exe

C:\Windows\System\dnSgbBY.exe

C:\Windows\System\nXOQKqa.exe

C:\Windows\System\nXOQKqa.exe

C:\Windows\System\HHlWghF.exe

C:\Windows\System\HHlWghF.exe

C:\Windows\System\ajClbIL.exe

C:\Windows\System\ajClbIL.exe

C:\Windows\System\MTzexcI.exe

C:\Windows\System\MTzexcI.exe

C:\Windows\System\cfCiGhg.exe

C:\Windows\System\cfCiGhg.exe

C:\Windows\System\twaWqMY.exe

C:\Windows\System\twaWqMY.exe

C:\Windows\System\xrBJiTe.exe

C:\Windows\System\xrBJiTe.exe

C:\Windows\System\HWirkUw.exe

C:\Windows\System\HWirkUw.exe

C:\Windows\System\ImVKPOb.exe

C:\Windows\System\ImVKPOb.exe

C:\Windows\System\MWOGbQi.exe

C:\Windows\System\MWOGbQi.exe

C:\Windows\System\WGOhUQM.exe

C:\Windows\System\WGOhUQM.exe

C:\Windows\System\DgjpiCp.exe

C:\Windows\System\DgjpiCp.exe

C:\Windows\System\oVpULfh.exe

C:\Windows\System\oVpULfh.exe

C:\Windows\System\LfWYsqJ.exe

C:\Windows\System\LfWYsqJ.exe

C:\Windows\System\fAiblyP.exe

C:\Windows\System\fAiblyP.exe

C:\Windows\System\kqjicXU.exe

C:\Windows\System\kqjicXU.exe

C:\Windows\System\DFyZUwQ.exe

C:\Windows\System\DFyZUwQ.exe

C:\Windows\System\zTpNRQQ.exe

C:\Windows\System\zTpNRQQ.exe

C:\Windows\System\uTcvNXO.exe

C:\Windows\System\uTcvNXO.exe

C:\Windows\System\VUlDeOo.exe

C:\Windows\System\VUlDeOo.exe

C:\Windows\System\ByLOHGH.exe

C:\Windows\System\ByLOHGH.exe

C:\Windows\System\oPrfdlM.exe

C:\Windows\System\oPrfdlM.exe

C:\Windows\System\hnDuLxj.exe

C:\Windows\System\hnDuLxj.exe

C:\Windows\System\BTsqmYV.exe

C:\Windows\System\BTsqmYV.exe

C:\Windows\System\gkzUJEm.exe

C:\Windows\System\gkzUJEm.exe

C:\Windows\System\IQcNePH.exe

C:\Windows\System\IQcNePH.exe

C:\Windows\System\MLYnvNJ.exe

C:\Windows\System\MLYnvNJ.exe

C:\Windows\System\XELUxCN.exe

C:\Windows\System\XELUxCN.exe

C:\Windows\System\KVqIBxi.exe

C:\Windows\System\KVqIBxi.exe

C:\Windows\System\esdUUDy.exe

C:\Windows\System\esdUUDy.exe

C:\Windows\System\ycnfqtq.exe

C:\Windows\System\ycnfqtq.exe

C:\Windows\System\udqJuhx.exe

C:\Windows\System\udqJuhx.exe

C:\Windows\System\ipnOlVY.exe

C:\Windows\System\ipnOlVY.exe

C:\Windows\System\MbPJRpA.exe

C:\Windows\System\MbPJRpA.exe

C:\Windows\System\rCXbIRF.exe

C:\Windows\System\rCXbIRF.exe

C:\Windows\System\TUXnsJy.exe

C:\Windows\System\TUXnsJy.exe

C:\Windows\System\pceUFQK.exe

C:\Windows\System\pceUFQK.exe

C:\Windows\System\QTaAwpK.exe

C:\Windows\System\QTaAwpK.exe

C:\Windows\System\jMRRuZk.exe

C:\Windows\System\jMRRuZk.exe

C:\Windows\System\CtShxDN.exe

C:\Windows\System\CtShxDN.exe

C:\Windows\System\fvuEuqL.exe

C:\Windows\System\fvuEuqL.exe

C:\Windows\System\alfHtkY.exe

C:\Windows\System\alfHtkY.exe

C:\Windows\System\TzYORuz.exe

C:\Windows\System\TzYORuz.exe

C:\Windows\System\dQVgFMc.exe

C:\Windows\System\dQVgFMc.exe

C:\Windows\System\CDRRycb.exe

C:\Windows\System\CDRRycb.exe

C:\Windows\System\VTSuvbO.exe

C:\Windows\System\VTSuvbO.exe

C:\Windows\System\OEcIUqJ.exe

C:\Windows\System\OEcIUqJ.exe

C:\Windows\System\ikSdjGk.exe

C:\Windows\System\ikSdjGk.exe

C:\Windows\System\TpXsbMa.exe

C:\Windows\System\TpXsbMa.exe

C:\Windows\System\bBYKIQt.exe

C:\Windows\System\bBYKIQt.exe

C:\Windows\System\uPzuEjb.exe

C:\Windows\System\uPzuEjb.exe

C:\Windows\System\QpVkkdn.exe

C:\Windows\System\QpVkkdn.exe

C:\Windows\System\fEpxHoP.exe

C:\Windows\System\fEpxHoP.exe

C:\Windows\System\FmIRItE.exe

C:\Windows\System\FmIRItE.exe

C:\Windows\System\hlUToQr.exe

C:\Windows\System\hlUToQr.exe

C:\Windows\System\gUhPOXl.exe

C:\Windows\System\gUhPOXl.exe

C:\Windows\System\ZXuNjmt.exe

C:\Windows\System\ZXuNjmt.exe

C:\Windows\System\LYbTcaN.exe

C:\Windows\System\LYbTcaN.exe

C:\Windows\System\bxYEkSM.exe

C:\Windows\System\bxYEkSM.exe

C:\Windows\System\naWUeBB.exe

C:\Windows\System\naWUeBB.exe

C:\Windows\System\pGpctrc.exe

C:\Windows\System\pGpctrc.exe

C:\Windows\System\njSgZBK.exe

C:\Windows\System\njSgZBK.exe

C:\Windows\System\LXdiGYu.exe

C:\Windows\System\LXdiGYu.exe

C:\Windows\System\cHuIseI.exe

C:\Windows\System\cHuIseI.exe

C:\Windows\System\LZonEHY.exe

C:\Windows\System\LZonEHY.exe

C:\Windows\System\RfzxQxQ.exe

C:\Windows\System\RfzxQxQ.exe

C:\Windows\System\BPWnJvz.exe

C:\Windows\System\BPWnJvz.exe

C:\Windows\System\xbmhUXM.exe

C:\Windows\System\xbmhUXM.exe

C:\Windows\System\ZbTRmNj.exe

C:\Windows\System\ZbTRmNj.exe

C:\Windows\System\kBNvfVK.exe

C:\Windows\System\kBNvfVK.exe

C:\Windows\System\AHixnUt.exe

C:\Windows\System\AHixnUt.exe

C:\Windows\System\dsQgEeD.exe

C:\Windows\System\dsQgEeD.exe

C:\Windows\System\EPwMrfq.exe

C:\Windows\System\EPwMrfq.exe

C:\Windows\System\hPGQlQU.exe

C:\Windows\System\hPGQlQU.exe

C:\Windows\System\SfaAlmF.exe

C:\Windows\System\SfaAlmF.exe

C:\Windows\System\VzNfOvu.exe

C:\Windows\System\VzNfOvu.exe

C:\Windows\System\ggweMFH.exe

C:\Windows\System\ggweMFH.exe

C:\Windows\System\KvqhYZO.exe

C:\Windows\System\KvqhYZO.exe

C:\Windows\System\remNjSO.exe

C:\Windows\System\remNjSO.exe

C:\Windows\System\DRSfckZ.exe

C:\Windows\System\DRSfckZ.exe

C:\Windows\System\CGtZAlO.exe

C:\Windows\System\CGtZAlO.exe

C:\Windows\System\eArFhlZ.exe

C:\Windows\System\eArFhlZ.exe

C:\Windows\System\XPwSqrh.exe

C:\Windows\System\XPwSqrh.exe

C:\Windows\System\tAeCnuU.exe

C:\Windows\System\tAeCnuU.exe

C:\Windows\System\mBKRRKK.exe

C:\Windows\System\mBKRRKK.exe

C:\Windows\System\pDvVSpW.exe

C:\Windows\System\pDvVSpW.exe

C:\Windows\System\JhoSkZk.exe

C:\Windows\System\JhoSkZk.exe

C:\Windows\System\aLMrMYE.exe

C:\Windows\System\aLMrMYE.exe

C:\Windows\System\rtolUbW.exe

C:\Windows\System\rtolUbW.exe

C:\Windows\System\WikVxcP.exe

C:\Windows\System\WikVxcP.exe

C:\Windows\System\tguOjPT.exe

C:\Windows\System\tguOjPT.exe

C:\Windows\System\vGdLmqY.exe

C:\Windows\System\vGdLmqY.exe

C:\Windows\System\TMxiWHy.exe

C:\Windows\System\TMxiWHy.exe

C:\Windows\System\pcHXumI.exe

C:\Windows\System\pcHXumI.exe

C:\Windows\System\bvusUcn.exe

C:\Windows\System\bvusUcn.exe

C:\Windows\System\MJidjMg.exe

C:\Windows\System\MJidjMg.exe

C:\Windows\System\ZEKhHYL.exe

C:\Windows\System\ZEKhHYL.exe

C:\Windows\System\WCGdfBh.exe

C:\Windows\System\WCGdfBh.exe

C:\Windows\System\zpROKLs.exe

C:\Windows\System\zpROKLs.exe

C:\Windows\System\XWHhvLj.exe

C:\Windows\System\XWHhvLj.exe

C:\Windows\System\wQmeYiM.exe

C:\Windows\System\wQmeYiM.exe

C:\Windows\System\TRxdZsl.exe

C:\Windows\System\TRxdZsl.exe

C:\Windows\System\fnEGNmS.exe

C:\Windows\System\fnEGNmS.exe

C:\Windows\System\dVxzaAa.exe

C:\Windows\System\dVxzaAa.exe

C:\Windows\System\fjzxhct.exe

C:\Windows\System\fjzxhct.exe

C:\Windows\System\JmpPGcZ.exe

C:\Windows\System\JmpPGcZ.exe

C:\Windows\System\eYDvGCZ.exe

C:\Windows\System\eYDvGCZ.exe

C:\Windows\System\EOWkMdH.exe

C:\Windows\System\EOWkMdH.exe

C:\Windows\System\aFKvhGv.exe

C:\Windows\System\aFKvhGv.exe

C:\Windows\System\mvsVqCm.exe

C:\Windows\System\mvsVqCm.exe

C:\Windows\System\inQqupu.exe

C:\Windows\System\inQqupu.exe

C:\Windows\System\QQslDpl.exe

C:\Windows\System\QQslDpl.exe

C:\Windows\System\dsqFXTN.exe

C:\Windows\System\dsqFXTN.exe

C:\Windows\System\jciyakQ.exe

C:\Windows\System\jciyakQ.exe

C:\Windows\System\gOTjieP.exe

C:\Windows\System\gOTjieP.exe

C:\Windows\System\nqSISzc.exe

C:\Windows\System\nqSISzc.exe

C:\Windows\System\eLkPkNL.exe

C:\Windows\System\eLkPkNL.exe

C:\Windows\System\yncDXDY.exe

C:\Windows\System\yncDXDY.exe

C:\Windows\System\KnTlAQL.exe

C:\Windows\System\KnTlAQL.exe

C:\Windows\System\LyrJOGq.exe

C:\Windows\System\LyrJOGq.exe

C:\Windows\System\WklnQqx.exe

C:\Windows\System\WklnQqx.exe

C:\Windows\System\ACbSvQK.exe

C:\Windows\System\ACbSvQK.exe

C:\Windows\System\mqiioSb.exe

C:\Windows\System\mqiioSb.exe

C:\Windows\System\IvTEZir.exe

C:\Windows\System\IvTEZir.exe

C:\Windows\System\DnNrMJu.exe

C:\Windows\System\DnNrMJu.exe

C:\Windows\System\TLrFSRD.exe

C:\Windows\System\TLrFSRD.exe

C:\Windows\System\QMBPoNI.exe

C:\Windows\System\QMBPoNI.exe

C:\Windows\System\dcdnxWD.exe

C:\Windows\System\dcdnxWD.exe

C:\Windows\System\OaDXrsE.exe

C:\Windows\System\OaDXrsE.exe

C:\Windows\System\ckEhQsa.exe

C:\Windows\System\ckEhQsa.exe

C:\Windows\System\ukwbRsT.exe

C:\Windows\System\ukwbRsT.exe

C:\Windows\System\BJyrBYK.exe

C:\Windows\System\BJyrBYK.exe

C:\Windows\System\nTSuMxe.exe

C:\Windows\System\nTSuMxe.exe

C:\Windows\System\zfYskuP.exe

C:\Windows\System\zfYskuP.exe

C:\Windows\System\BCHVFBe.exe

C:\Windows\System\BCHVFBe.exe

C:\Windows\System\hmZrTyq.exe

C:\Windows\System\hmZrTyq.exe

C:\Windows\System\CCznwdY.exe

C:\Windows\System\CCznwdY.exe

C:\Windows\System\GVAcjKp.exe

C:\Windows\System\GVAcjKp.exe

C:\Windows\System\QKkAKbL.exe

C:\Windows\System\QKkAKbL.exe

C:\Windows\System\qRkFDks.exe

C:\Windows\System\qRkFDks.exe

C:\Windows\System\AgOIlGp.exe

C:\Windows\System\AgOIlGp.exe

C:\Windows\System\IKaSZrh.exe

C:\Windows\System\IKaSZrh.exe

C:\Windows\System\KieTGDc.exe

C:\Windows\System\KieTGDc.exe

C:\Windows\System\UhvCTkV.exe

C:\Windows\System\UhvCTkV.exe

C:\Windows\System\IzFBUGN.exe

C:\Windows\System\IzFBUGN.exe

C:\Windows\System\WZbywFx.exe

C:\Windows\System\WZbywFx.exe

C:\Windows\System\xEiseoT.exe

C:\Windows\System\xEiseoT.exe

C:\Windows\System\TymlYna.exe

C:\Windows\System\TymlYna.exe

C:\Windows\System\MpofDxO.exe

C:\Windows\System\MpofDxO.exe

C:\Windows\System\qVfrVPO.exe

C:\Windows\System\qVfrVPO.exe

C:\Windows\System\MjlyqxI.exe

C:\Windows\System\MjlyqxI.exe

C:\Windows\System\GXGVZWc.exe

C:\Windows\System\GXGVZWc.exe

C:\Windows\System\JJJxHGE.exe

C:\Windows\System\JJJxHGE.exe

C:\Windows\System\uNHnXPM.exe

C:\Windows\System\uNHnXPM.exe

C:\Windows\System\LFbGOXS.exe

C:\Windows\System\LFbGOXS.exe

C:\Windows\System\OiUFXrd.exe

C:\Windows\System\OiUFXrd.exe

C:\Windows\System\NMOOGBW.exe

C:\Windows\System\NMOOGBW.exe

C:\Windows\System\XvRKNeM.exe

C:\Windows\System\XvRKNeM.exe

C:\Windows\System\IxVkifK.exe

C:\Windows\System\IxVkifK.exe

C:\Windows\System\nCHWvFY.exe

C:\Windows\System\nCHWvFY.exe

C:\Windows\System\oeEMTwI.exe

C:\Windows\System\oeEMTwI.exe

C:\Windows\System\SpwdcHJ.exe

C:\Windows\System\SpwdcHJ.exe

C:\Windows\System\QckTsMK.exe

C:\Windows\System\QckTsMK.exe

C:\Windows\System\GSbEYKy.exe

C:\Windows\System\GSbEYKy.exe

C:\Windows\System\xxAReWj.exe

C:\Windows\System\xxAReWj.exe

C:\Windows\System\UFECbrL.exe

C:\Windows\System\UFECbrL.exe

C:\Windows\System\mxbcywW.exe

C:\Windows\System\mxbcywW.exe

C:\Windows\System\FCzDXjz.exe

C:\Windows\System\FCzDXjz.exe

C:\Windows\System\PhPdpPy.exe

C:\Windows\System\PhPdpPy.exe

C:\Windows\System\gIbaTMD.exe

C:\Windows\System\gIbaTMD.exe

C:\Windows\System\ibpKqAv.exe

C:\Windows\System\ibpKqAv.exe

C:\Windows\System\nDqUITt.exe

C:\Windows\System\nDqUITt.exe

C:\Windows\System\nboSHGT.exe

C:\Windows\System\nboSHGT.exe

C:\Windows\System\aceApFQ.exe

C:\Windows\System\aceApFQ.exe

C:\Windows\System\NQYwewY.exe

C:\Windows\System\NQYwewY.exe

C:\Windows\System\TEYKRSp.exe

C:\Windows\System\TEYKRSp.exe

C:\Windows\System\POOgvzm.exe

C:\Windows\System\POOgvzm.exe

C:\Windows\System\cLcFjfq.exe

C:\Windows\System\cLcFjfq.exe

C:\Windows\System\eJixAXA.exe

C:\Windows\System\eJixAXA.exe

C:\Windows\System\ldvnsSD.exe

C:\Windows\System\ldvnsSD.exe

C:\Windows\System\LHsvBhb.exe

C:\Windows\System\LHsvBhb.exe

C:\Windows\System\rnslqHN.exe

C:\Windows\System\rnslqHN.exe

C:\Windows\System\vwGakwW.exe

C:\Windows\System\vwGakwW.exe

C:\Windows\System\ylSgUYA.exe

C:\Windows\System\ylSgUYA.exe

C:\Windows\System\hvkOyFi.exe

C:\Windows\System\hvkOyFi.exe

C:\Windows\System\aSQLQhi.exe

C:\Windows\System\aSQLQhi.exe

C:\Windows\System\uXVNzcm.exe

C:\Windows\System\uXVNzcm.exe

C:\Windows\System\JzncRDj.exe

C:\Windows\System\JzncRDj.exe

C:\Windows\System\qCfMeaM.exe

C:\Windows\System\qCfMeaM.exe

C:\Windows\System\XxrerhS.exe

C:\Windows\System\XxrerhS.exe

C:\Windows\System\TbYQLqU.exe

C:\Windows\System\TbYQLqU.exe

C:\Windows\System\eRFHUBj.exe

C:\Windows\System\eRFHUBj.exe

C:\Windows\System\YptVzCz.exe

C:\Windows\System\YptVzCz.exe

C:\Windows\System\Aameeel.exe

C:\Windows\System\Aameeel.exe

C:\Windows\System\clsRxwI.exe

C:\Windows\System\clsRxwI.exe

C:\Windows\System\zDuFuBH.exe

C:\Windows\System\zDuFuBH.exe

C:\Windows\System\ukMQyjU.exe

C:\Windows\System\ukMQyjU.exe

C:\Windows\System\INnYnTu.exe

C:\Windows\System\INnYnTu.exe

C:\Windows\System\ZXoAgjB.exe

C:\Windows\System\ZXoAgjB.exe

C:\Windows\System\OlIDSdi.exe

C:\Windows\System\OlIDSdi.exe

C:\Windows\System\cMtpLkM.exe

C:\Windows\System\cMtpLkM.exe

C:\Windows\System\MQodbOT.exe

C:\Windows\System\MQodbOT.exe

C:\Windows\System\GkNdJuV.exe

C:\Windows\System\GkNdJuV.exe

C:\Windows\System\HBWXSHZ.exe

C:\Windows\System\HBWXSHZ.exe

C:\Windows\System\vBtEEOr.exe

C:\Windows\System\vBtEEOr.exe

C:\Windows\System\OrzvTDz.exe

C:\Windows\System\OrzvTDz.exe

C:\Windows\System\NpegKVr.exe

C:\Windows\System\NpegKVr.exe

C:\Windows\System\RJyehyK.exe

C:\Windows\System\RJyehyK.exe

C:\Windows\System\xiEZlhr.exe

C:\Windows\System\xiEZlhr.exe

C:\Windows\System\TrltbnS.exe

C:\Windows\System\TrltbnS.exe

C:\Windows\System\AZdXRVu.exe

C:\Windows\System\AZdXRVu.exe

C:\Windows\System\lDLgvMq.exe

C:\Windows\System\lDLgvMq.exe

C:\Windows\System\EJIRjGK.exe

C:\Windows\System\EJIRjGK.exe

C:\Windows\System\jyXINYE.exe

C:\Windows\System\jyXINYE.exe

C:\Windows\System\bqKhOmt.exe

C:\Windows\System\bqKhOmt.exe

C:\Windows\System\icHpdgb.exe

C:\Windows\System\icHpdgb.exe

C:\Windows\System\unFJMCZ.exe

C:\Windows\System\unFJMCZ.exe

C:\Windows\System\yBvysGY.exe

C:\Windows\System\yBvysGY.exe

C:\Windows\System\qLGMpWp.exe

C:\Windows\System\qLGMpWp.exe

C:\Windows\System\MxSqqJk.exe

C:\Windows\System\MxSqqJk.exe

C:\Windows\System\QYFwqJC.exe

C:\Windows\System\QYFwqJC.exe

C:\Windows\System\ABcoZqm.exe

C:\Windows\System\ABcoZqm.exe

C:\Windows\System\zJppaDb.exe

C:\Windows\System\zJppaDb.exe

C:\Windows\System\TDzZiZw.exe

C:\Windows\System\TDzZiZw.exe

C:\Windows\System\KnnjHoc.exe

C:\Windows\System\KnnjHoc.exe

C:\Windows\System\eRkwwsi.exe

C:\Windows\System\eRkwwsi.exe

C:\Windows\System\GvFlGPF.exe

C:\Windows\System\GvFlGPF.exe

C:\Windows\System\osDxqhw.exe

C:\Windows\System\osDxqhw.exe

C:\Windows\System\nSVnLyG.exe

C:\Windows\System\nSVnLyG.exe

C:\Windows\System\lErWnLP.exe

C:\Windows\System\lErWnLP.exe

C:\Windows\System\wBKlDqU.exe

C:\Windows\System\wBKlDqU.exe

C:\Windows\System\DPYQvZV.exe

C:\Windows\System\DPYQvZV.exe

C:\Windows\System\vzQpyeR.exe

C:\Windows\System\vzQpyeR.exe

C:\Windows\System\BTWtnGI.exe

C:\Windows\System\BTWtnGI.exe

C:\Windows\System\gaYehxJ.exe

C:\Windows\System\gaYehxJ.exe

C:\Windows\System\RXLXtSc.exe

C:\Windows\System\RXLXtSc.exe

C:\Windows\System\aVsDYdw.exe

C:\Windows\System\aVsDYdw.exe

C:\Windows\System\xlwOiFV.exe

C:\Windows\System\xlwOiFV.exe

C:\Windows\System\DAERjYh.exe

C:\Windows\System\DAERjYh.exe

C:\Windows\System\DAOKfpq.exe

C:\Windows\System\DAOKfpq.exe

C:\Windows\System\oCpMhgh.exe

C:\Windows\System\oCpMhgh.exe

C:\Windows\System\RHfBXst.exe

C:\Windows\System\RHfBXst.exe

C:\Windows\System\utnFxzZ.exe

C:\Windows\System\utnFxzZ.exe

C:\Windows\System\yXYOfVg.exe

C:\Windows\System\yXYOfVg.exe

C:\Windows\System\lPvZFQb.exe

C:\Windows\System\lPvZFQb.exe

C:\Windows\System\SKAaSPc.exe

C:\Windows\System\SKAaSPc.exe

C:\Windows\System\TbVreGH.exe

C:\Windows\System\TbVreGH.exe

C:\Windows\System\bIcAiFh.exe

C:\Windows\System\bIcAiFh.exe

C:\Windows\System\gZuzlWt.exe

C:\Windows\System\gZuzlWt.exe

C:\Windows\System\yGYZdFv.exe

C:\Windows\System\yGYZdFv.exe

C:\Windows\System\stDChEF.exe

C:\Windows\System\stDChEF.exe

C:\Windows\System\FhYPShx.exe

C:\Windows\System\FhYPShx.exe

C:\Windows\System\GgPirGS.exe

C:\Windows\System\GgPirGS.exe

C:\Windows\System\aybeemP.exe

C:\Windows\System\aybeemP.exe

C:\Windows\System\esTErom.exe

C:\Windows\System\esTErom.exe

C:\Windows\System\pykofKe.exe

C:\Windows\System\pykofKe.exe

C:\Windows\System\qHUkEdb.exe

C:\Windows\System\qHUkEdb.exe

C:\Windows\System\lETGsKw.exe

C:\Windows\System\lETGsKw.exe

C:\Windows\System\WDPkPvt.exe

C:\Windows\System\WDPkPvt.exe

C:\Windows\System\FGSfNmB.exe

C:\Windows\System\FGSfNmB.exe

C:\Windows\System\aODoiTX.exe

C:\Windows\System\aODoiTX.exe

C:\Windows\System\Mdesrpr.exe

C:\Windows\System\Mdesrpr.exe

C:\Windows\System\JjlDsJK.exe

C:\Windows\System\JjlDsJK.exe

C:\Windows\System\YEtxbGh.exe

C:\Windows\System\YEtxbGh.exe

C:\Windows\System\clsqHQK.exe

C:\Windows\System\clsqHQK.exe

C:\Windows\System\EvPYeuI.exe

C:\Windows\System\EvPYeuI.exe

C:\Windows\System\WEXNwFH.exe

C:\Windows\System\WEXNwFH.exe

C:\Windows\System\moFAxSP.exe

C:\Windows\System\moFAxSP.exe

C:\Windows\System\WKiCvEB.exe

C:\Windows\System\WKiCvEB.exe

C:\Windows\System\OaDnSLK.exe

C:\Windows\System\OaDnSLK.exe

C:\Windows\System\zmLpofJ.exe

C:\Windows\System\zmLpofJ.exe

C:\Windows\System\cpjIXHG.exe

C:\Windows\System\cpjIXHG.exe

C:\Windows\System\iPwIwjr.exe

C:\Windows\System\iPwIwjr.exe

C:\Windows\System\mBBWYwP.exe

C:\Windows\System\mBBWYwP.exe

C:\Windows\System\cITIUMR.exe

C:\Windows\System\cITIUMR.exe

C:\Windows\System\pPMLTuw.exe

C:\Windows\System\pPMLTuw.exe

C:\Windows\System\saemGfO.exe

C:\Windows\System\saemGfO.exe

C:\Windows\System\SmwVKLF.exe

C:\Windows\System\SmwVKLF.exe

C:\Windows\System\clwsCIx.exe

C:\Windows\System\clwsCIx.exe

C:\Windows\System\nSOKIQa.exe

C:\Windows\System\nSOKIQa.exe

C:\Windows\System\vcecKTz.exe

C:\Windows\System\vcecKTz.exe

C:\Windows\System\ctKbgTJ.exe

C:\Windows\System\ctKbgTJ.exe

C:\Windows\System\OyzYSAY.exe

C:\Windows\System\OyzYSAY.exe

C:\Windows\System\CqNjKjh.exe

C:\Windows\System\CqNjKjh.exe

C:\Windows\System\lWubUYi.exe

C:\Windows\System\lWubUYi.exe

C:\Windows\System\NVSCLwS.exe

C:\Windows\System\NVSCLwS.exe

C:\Windows\System\KkklSHq.exe

C:\Windows\System\KkklSHq.exe

C:\Windows\System\MdUBYAP.exe

C:\Windows\System\MdUBYAP.exe

C:\Windows\System\fKdxpxB.exe

C:\Windows\System\fKdxpxB.exe

C:\Windows\System\IqlEvMj.exe

C:\Windows\System\IqlEvMj.exe

C:\Windows\System\VsBluJc.exe

C:\Windows\System\VsBluJc.exe

C:\Windows\System\qNHzqdA.exe

C:\Windows\System\qNHzqdA.exe

C:\Windows\System\BYLRnTB.exe

C:\Windows\System\BYLRnTB.exe

C:\Windows\System\NxCePTV.exe

C:\Windows\System\NxCePTV.exe

C:\Windows\System\todxGho.exe

C:\Windows\System\todxGho.exe

C:\Windows\System\CpmzGKG.exe

C:\Windows\System\CpmzGKG.exe

C:\Windows\System\RftsoKu.exe

C:\Windows\System\RftsoKu.exe

C:\Windows\System\DeHvqWi.exe

C:\Windows\System\DeHvqWi.exe

C:\Windows\System\GaeAbBP.exe

C:\Windows\System\GaeAbBP.exe

C:\Windows\System\yBsubpW.exe

C:\Windows\System\yBsubpW.exe

C:\Windows\System\SFbediU.exe

C:\Windows\System\SFbediU.exe

C:\Windows\System\DALcfhn.exe

C:\Windows\System\DALcfhn.exe

C:\Windows\System\orReVhA.exe

C:\Windows\System\orReVhA.exe

C:\Windows\System\lxyaETn.exe

C:\Windows\System\lxyaETn.exe

C:\Windows\System\DhlLBNW.exe

C:\Windows\System\DhlLBNW.exe

C:\Windows\System\EwEyGRk.exe

C:\Windows\System\EwEyGRk.exe

C:\Windows\System\KBmnNFK.exe

C:\Windows\System\KBmnNFK.exe

C:\Windows\System\OIpIcFH.exe

C:\Windows\System\OIpIcFH.exe

C:\Windows\System\wtsMAmv.exe

C:\Windows\System\wtsMAmv.exe

C:\Windows\System\tPZSgMa.exe

C:\Windows\System\tPZSgMa.exe

C:\Windows\System\SYBzxkx.exe

C:\Windows\System\SYBzxkx.exe

C:\Windows\System\pwUnfYf.exe

C:\Windows\System\pwUnfYf.exe

C:\Windows\System\SVyJqTj.exe

C:\Windows\System\SVyJqTj.exe

C:\Windows\System\iOyJZjr.exe

C:\Windows\System\iOyJZjr.exe

C:\Windows\System\GorluPI.exe

C:\Windows\System\GorluPI.exe

C:\Windows\System\UqdOMTG.exe

C:\Windows\System\UqdOMTG.exe

C:\Windows\System\XoZLHkB.exe

C:\Windows\System\XoZLHkB.exe

C:\Windows\System\ceIySHO.exe

C:\Windows\System\ceIySHO.exe

C:\Windows\System\sFHzAjD.exe

C:\Windows\System\sFHzAjD.exe

C:\Windows\System\kQxTlCW.exe

C:\Windows\System\kQxTlCW.exe

C:\Windows\System\rYbqjwu.exe

C:\Windows\System\rYbqjwu.exe

C:\Windows\System\rDiHBFv.exe

C:\Windows\System\rDiHBFv.exe

C:\Windows\System\iOXRNka.exe

C:\Windows\System\iOXRNka.exe

C:\Windows\System\WlyQBla.exe

C:\Windows\System\WlyQBla.exe

C:\Windows\System\ccFSKqK.exe

C:\Windows\System\ccFSKqK.exe

C:\Windows\System\YEqfYkC.exe

C:\Windows\System\YEqfYkC.exe

C:\Windows\System\sZLdRoK.exe

C:\Windows\System\sZLdRoK.exe

C:\Windows\System\HEZlbOx.exe

C:\Windows\System\HEZlbOx.exe

C:\Windows\System\MIvjXsq.exe

C:\Windows\System\MIvjXsq.exe

C:\Windows\System\omXspgO.exe

C:\Windows\System\omXspgO.exe

C:\Windows\System\bkgiWRJ.exe

C:\Windows\System\bkgiWRJ.exe

C:\Windows\System\tuUNmpE.exe

C:\Windows\System\tuUNmpE.exe

C:\Windows\System\ibGuRYQ.exe

C:\Windows\System\ibGuRYQ.exe

C:\Windows\System\ORsDaHw.exe

C:\Windows\System\ORsDaHw.exe

C:\Windows\System\MmzCmqN.exe

C:\Windows\System\MmzCmqN.exe

C:\Windows\System\sviIYLv.exe

C:\Windows\System\sviIYLv.exe

C:\Windows\System\JsgDATh.exe

C:\Windows\System\JsgDATh.exe

C:\Windows\System\pwwYtfA.exe

C:\Windows\System\pwwYtfA.exe

C:\Windows\System\xijeFSA.exe

C:\Windows\System\xijeFSA.exe

C:\Windows\System\NZpZkIl.exe

C:\Windows\System\NZpZkIl.exe

C:\Windows\System\GPGsxlS.exe

C:\Windows\System\GPGsxlS.exe

C:\Windows\System\IQANkab.exe

C:\Windows\System\IQANkab.exe

C:\Windows\System\gKFSHOz.exe

C:\Windows\System\gKFSHOz.exe

C:\Windows\System\xEiZKSO.exe

C:\Windows\System\xEiZKSO.exe

C:\Windows\System\WgMohIU.exe

C:\Windows\System\WgMohIU.exe

C:\Windows\System\jOrGHOi.exe

C:\Windows\System\jOrGHOi.exe

C:\Windows\System\nBalrdP.exe

C:\Windows\System\nBalrdP.exe

C:\Windows\System\CnYEzRw.exe

C:\Windows\System\CnYEzRw.exe

C:\Windows\System\DThoGVy.exe

C:\Windows\System\DThoGVy.exe

C:\Windows\System\UsxURpc.exe

C:\Windows\System\UsxURpc.exe

C:\Windows\System\rukwAcM.exe

C:\Windows\System\rukwAcM.exe

C:\Windows\System\ywYDORL.exe

C:\Windows\System\ywYDORL.exe

C:\Windows\System\UYAzgTV.exe

C:\Windows\System\UYAzgTV.exe

C:\Windows\System\fnNeaKk.exe

C:\Windows\System\fnNeaKk.exe

C:\Windows\System\OhezhZL.exe

C:\Windows\System\OhezhZL.exe

C:\Windows\System\GBDcWNl.exe

C:\Windows\System\GBDcWNl.exe

C:\Windows\System\dHgOTYA.exe

C:\Windows\System\dHgOTYA.exe

C:\Windows\System\ohNZEAV.exe

C:\Windows\System\ohNZEAV.exe

C:\Windows\System\tOhypIT.exe

C:\Windows\System\tOhypIT.exe

C:\Windows\System\FrizwFs.exe

C:\Windows\System\FrizwFs.exe

C:\Windows\System\alXDUmK.exe

C:\Windows\System\alXDUmK.exe

C:\Windows\System\iuPWgeQ.exe

C:\Windows\System\iuPWgeQ.exe

C:\Windows\System\FmVgBLx.exe

C:\Windows\System\FmVgBLx.exe

C:\Windows\System\HStxiRi.exe

C:\Windows\System\HStxiRi.exe

C:\Windows\System\jVUCESY.exe

C:\Windows\System\jVUCESY.exe

C:\Windows\System\AheiKyM.exe

C:\Windows\System\AheiKyM.exe

C:\Windows\System\BMWugal.exe

C:\Windows\System\BMWugal.exe

C:\Windows\System\DbQpNAY.exe

C:\Windows\System\DbQpNAY.exe

C:\Windows\System\WrlGFep.exe

C:\Windows\System\WrlGFep.exe

C:\Windows\System\wRAxELb.exe

C:\Windows\System\wRAxELb.exe

C:\Windows\System\UnPqELf.exe

C:\Windows\System\UnPqELf.exe

C:\Windows\System\OIGyVqo.exe

C:\Windows\System\OIGyVqo.exe

C:\Windows\System\xuchCCr.exe

C:\Windows\System\xuchCCr.exe

C:\Windows\System\HuxmzBh.exe

C:\Windows\System\HuxmzBh.exe

C:\Windows\System\UNgoxGS.exe

C:\Windows\System\UNgoxGS.exe

C:\Windows\System\wtCrSqw.exe

C:\Windows\System\wtCrSqw.exe

C:\Windows\System\jJpykgD.exe

C:\Windows\System\jJpykgD.exe

C:\Windows\System\fPODPkQ.exe

C:\Windows\System\fPODPkQ.exe

C:\Windows\System\achFqJv.exe

C:\Windows\System\achFqJv.exe

C:\Windows\System\ClKhwWM.exe

C:\Windows\System\ClKhwWM.exe

C:\Windows\System\tUJseYP.exe

C:\Windows\System\tUJseYP.exe

C:\Windows\System\tApdDiX.exe

C:\Windows\System\tApdDiX.exe

C:\Windows\System\qgbnfjV.exe

C:\Windows\System\qgbnfjV.exe

C:\Windows\System\ZncIqQK.exe

C:\Windows\System\ZncIqQK.exe

C:\Windows\System\CHirigP.exe

C:\Windows\System\CHirigP.exe

C:\Windows\System\HKXRVKm.exe

C:\Windows\System\HKXRVKm.exe

C:\Windows\System\XtCYugL.exe

C:\Windows\System\XtCYugL.exe

C:\Windows\System\SeetFPd.exe

C:\Windows\System\SeetFPd.exe

C:\Windows\System\OLMxRcy.exe

C:\Windows\System\OLMxRcy.exe

C:\Windows\System\DpRiSsr.exe

C:\Windows\System\DpRiSsr.exe

C:\Windows\System\CeAbLIf.exe

C:\Windows\System\CeAbLIf.exe

C:\Windows\System\zhSufBI.exe

C:\Windows\System\zhSufBI.exe

C:\Windows\System\XCzgRVI.exe

C:\Windows\System\XCzgRVI.exe

C:\Windows\System\CfKauIk.exe

C:\Windows\System\CfKauIk.exe

C:\Windows\System\NgqQjNo.exe

C:\Windows\System\NgqQjNo.exe

C:\Windows\System\vaLiMdD.exe

C:\Windows\System\vaLiMdD.exe

C:\Windows\System\XRAvmMW.exe

C:\Windows\System\XRAvmMW.exe

C:\Windows\System\ZOMqshc.exe

C:\Windows\System\ZOMqshc.exe

C:\Windows\System\oxYyCNr.exe

C:\Windows\System\oxYyCNr.exe

C:\Windows\System\exgNvdM.exe

C:\Windows\System\exgNvdM.exe

C:\Windows\System\ouMWMDy.exe

C:\Windows\System\ouMWMDy.exe

C:\Windows\System\ywogttJ.exe

C:\Windows\System\ywogttJ.exe

C:\Windows\System\nSOeurz.exe

C:\Windows\System\nSOeurz.exe

C:\Windows\System\cFrrebH.exe

C:\Windows\System\cFrrebH.exe

C:\Windows\System\BhlfXPG.exe

C:\Windows\System\BhlfXPG.exe

C:\Windows\System\SFUVstc.exe

C:\Windows\System\SFUVstc.exe

C:\Windows\System\EdKgaFr.exe

C:\Windows\System\EdKgaFr.exe

C:\Windows\System\ljRqDAy.exe

C:\Windows\System\ljRqDAy.exe

C:\Windows\System\FLluhyv.exe

C:\Windows\System\FLluhyv.exe

C:\Windows\System\zjmChgj.exe

C:\Windows\System\zjmChgj.exe

C:\Windows\System\ppnczsL.exe

C:\Windows\System\ppnczsL.exe

C:\Windows\System\StXFNpi.exe

C:\Windows\System\StXFNpi.exe

C:\Windows\System\lOaTXxr.exe

C:\Windows\System\lOaTXxr.exe

C:\Windows\System\rmkhVYY.exe

C:\Windows\System\rmkhVYY.exe

C:\Windows\System\sSwnbKf.exe

C:\Windows\System\sSwnbKf.exe

C:\Windows\System\WTWrelj.exe

C:\Windows\System\WTWrelj.exe

C:\Windows\System\LwzkwlL.exe

C:\Windows\System\LwzkwlL.exe

C:\Windows\System\jtLlXrN.exe

C:\Windows\System\jtLlXrN.exe

C:\Windows\System\PeCCDsm.exe

C:\Windows\System\PeCCDsm.exe

C:\Windows\System\yMndTLp.exe

C:\Windows\System\yMndTLp.exe

C:\Windows\System\umHcFHD.exe

C:\Windows\System\umHcFHD.exe

C:\Windows\System\rIFcvaT.exe

C:\Windows\System\rIFcvaT.exe

C:\Windows\System\dygCeQP.exe

C:\Windows\System\dygCeQP.exe

C:\Windows\System\WqhaFfq.exe

C:\Windows\System\WqhaFfq.exe

C:\Windows\System\TmMeMXr.exe

C:\Windows\System\TmMeMXr.exe

C:\Windows\System\HLEvRPm.exe

C:\Windows\System\HLEvRPm.exe

C:\Windows\System\uPTBpTY.exe

C:\Windows\System\uPTBpTY.exe

C:\Windows\System\qxabyCs.exe

C:\Windows\System\qxabyCs.exe

C:\Windows\System\pVfEjpt.exe

C:\Windows\System\pVfEjpt.exe

C:\Windows\System\VGUvWMb.exe

C:\Windows\System\VGUvWMb.exe

C:\Windows\System\UUfaYQY.exe

C:\Windows\System\UUfaYQY.exe

C:\Windows\System\HRdxYkh.exe

C:\Windows\System\HRdxYkh.exe

C:\Windows\System\pzxkOlv.exe

C:\Windows\System\pzxkOlv.exe

C:\Windows\System\yzpSGFS.exe

C:\Windows\System\yzpSGFS.exe

C:\Windows\System\DkOfWCg.exe

C:\Windows\System\DkOfWCg.exe

C:\Windows\System\UuvoALI.exe

C:\Windows\System\UuvoALI.exe

C:\Windows\System\WRFjjhj.exe

C:\Windows\System\WRFjjhj.exe

C:\Windows\System\ENimnLD.exe

C:\Windows\System\ENimnLD.exe

C:\Windows\System\BQgPiFl.exe

C:\Windows\System\BQgPiFl.exe

C:\Windows\System\cSaktLK.exe

C:\Windows\System\cSaktLK.exe

C:\Windows\System\QCsSWmx.exe

C:\Windows\System\QCsSWmx.exe

C:\Windows\System\uRIqhIB.exe

C:\Windows\System\uRIqhIB.exe

C:\Windows\System\zsKeaVG.exe

C:\Windows\System\zsKeaVG.exe

C:\Windows\System\bDzDpWZ.exe

C:\Windows\System\bDzDpWZ.exe

C:\Windows\System\UJcQAwS.exe

C:\Windows\System\UJcQAwS.exe

C:\Windows\System\xpVgegq.exe

C:\Windows\System\xpVgegq.exe

C:\Windows\System\GFyWCzy.exe

C:\Windows\System\GFyWCzy.exe

C:\Windows\System\TvhPKuK.exe

C:\Windows\System\TvhPKuK.exe

C:\Windows\System\tJlpXNu.exe

C:\Windows\System\tJlpXNu.exe

C:\Windows\System\LyKpkXh.exe

C:\Windows\System\LyKpkXh.exe

C:\Windows\System\qFDgqGY.exe

C:\Windows\System\qFDgqGY.exe

C:\Windows\System\aGaCHbS.exe

C:\Windows\System\aGaCHbS.exe

C:\Windows\System\aLWyfMB.exe

C:\Windows\System\aLWyfMB.exe

C:\Windows\System\UNphpQS.exe

C:\Windows\System\UNphpQS.exe

C:\Windows\System\XmyprwP.exe

C:\Windows\System\XmyprwP.exe

C:\Windows\System\ZCuRCWY.exe

C:\Windows\System\ZCuRCWY.exe

C:\Windows\System\tGuFwKV.exe

C:\Windows\System\tGuFwKV.exe

C:\Windows\System\xMmdvjO.exe

C:\Windows\System\xMmdvjO.exe

C:\Windows\System\cpHUfvO.exe

C:\Windows\System\cpHUfvO.exe

C:\Windows\System\glqOWek.exe

C:\Windows\System\glqOWek.exe

C:\Windows\System\WggmGCl.exe

C:\Windows\System\WggmGCl.exe

C:\Windows\System\vhNJSTN.exe

C:\Windows\System\vhNJSTN.exe

C:\Windows\System\bmNmDpL.exe

C:\Windows\System\bmNmDpL.exe

C:\Windows\System\EwjYSyh.exe

C:\Windows\System\EwjYSyh.exe

C:\Windows\System\JQQkiYU.exe

C:\Windows\System\JQQkiYU.exe

C:\Windows\System\AczOsWr.exe

C:\Windows\System\AczOsWr.exe

C:\Windows\System\PiCgmeK.exe

C:\Windows\System\PiCgmeK.exe

C:\Windows\System\OxAAunf.exe

C:\Windows\System\OxAAunf.exe

C:\Windows\System\xsNszXP.exe

C:\Windows\System\xsNszXP.exe

C:\Windows\System\illVkJj.exe

C:\Windows\System\illVkJj.exe

C:\Windows\System\zMMqJkt.exe

C:\Windows\System\zMMqJkt.exe

C:\Windows\System\eyGgUsu.exe

C:\Windows\System\eyGgUsu.exe

C:\Windows\System\rQiVbpk.exe

C:\Windows\System\rQiVbpk.exe

C:\Windows\System\IVbMHpY.exe

C:\Windows\System\IVbMHpY.exe

C:\Windows\System\IhCUOpu.exe

C:\Windows\System\IhCUOpu.exe

C:\Windows\System\APOtMhB.exe

C:\Windows\System\APOtMhB.exe

C:\Windows\System\ZBannwg.exe

C:\Windows\System\ZBannwg.exe

C:\Windows\System\MaiCyra.exe

C:\Windows\System\MaiCyra.exe

C:\Windows\System\wJjKHYJ.exe

C:\Windows\System\wJjKHYJ.exe

C:\Windows\System\uvCMuvz.exe

C:\Windows\System\uvCMuvz.exe

C:\Windows\System\JnbplkD.exe

C:\Windows\System\JnbplkD.exe

C:\Windows\System\cjQeMun.exe

C:\Windows\System\cjQeMun.exe

C:\Windows\System\KBIDdel.exe

C:\Windows\System\KBIDdel.exe

C:\Windows\System\FFMJaQf.exe

C:\Windows\System\FFMJaQf.exe

C:\Windows\System\ZCwDHFT.exe

C:\Windows\System\ZCwDHFT.exe

C:\Windows\System\MplePUw.exe

C:\Windows\System\MplePUw.exe

C:\Windows\System\jhgtwNW.exe

C:\Windows\System\jhgtwNW.exe

C:\Windows\System\MilRRwM.exe

C:\Windows\System\MilRRwM.exe

C:\Windows\System\aqdYala.exe

C:\Windows\System\aqdYala.exe

C:\Windows\System\QQEBpsQ.exe

C:\Windows\System\QQEBpsQ.exe

C:\Windows\System\PwrMhbm.exe

C:\Windows\System\PwrMhbm.exe

C:\Windows\System\IkXxsXs.exe

C:\Windows\System\IkXxsXs.exe

C:\Windows\System\omwQtSx.exe

C:\Windows\System\omwQtSx.exe

C:\Windows\System\AIHIfiE.exe

C:\Windows\System\AIHIfiE.exe

C:\Windows\System\HezylaB.exe

C:\Windows\System\HezylaB.exe

C:\Windows\System\kofTCqi.exe

C:\Windows\System\kofTCqi.exe

C:\Windows\System\mqpeRMy.exe

C:\Windows\System\mqpeRMy.exe

C:\Windows\System\YSNsiJK.exe

C:\Windows\System\YSNsiJK.exe

C:\Windows\System\jHIBElh.exe

C:\Windows\System\jHIBElh.exe

C:\Windows\System\yOVJERG.exe

C:\Windows\System\yOVJERG.exe

C:\Windows\System\BIxPwWI.exe

C:\Windows\System\BIxPwWI.exe

C:\Windows\System\ECuaUND.exe

C:\Windows\System\ECuaUND.exe

C:\Windows\System\NpPvIhP.exe

C:\Windows\System\NpPvIhP.exe

C:\Windows\System\hIQrzqY.exe

C:\Windows\System\hIQrzqY.exe

C:\Windows\System\vHnOitt.exe

C:\Windows\System\vHnOitt.exe

C:\Windows\System\GIcTjuW.exe

C:\Windows\System\GIcTjuW.exe

C:\Windows\System\VxoKosO.exe

C:\Windows\System\VxoKosO.exe

C:\Windows\System\bIghmen.exe

C:\Windows\System\bIghmen.exe

C:\Windows\System\oiMJCmx.exe

C:\Windows\System\oiMJCmx.exe

C:\Windows\System\JJebdEI.exe

C:\Windows\System\JJebdEI.exe

C:\Windows\System\JRCEjnl.exe

C:\Windows\System\JRCEjnl.exe

C:\Windows\System\KnMDZxX.exe

C:\Windows\System\KnMDZxX.exe

C:\Windows\System\jloixuf.exe

C:\Windows\System\jloixuf.exe

C:\Windows\System\xrrDHNZ.exe

C:\Windows\System\xrrDHNZ.exe

C:\Windows\System\VJFutrR.exe

C:\Windows\System\VJFutrR.exe

C:\Windows\System\wkXavTl.exe

C:\Windows\System\wkXavTl.exe

C:\Windows\System\THWUYTU.exe

C:\Windows\System\THWUYTU.exe

C:\Windows\System\ZQtkNcc.exe

C:\Windows\System\ZQtkNcc.exe

C:\Windows\System\TYXKvhp.exe

C:\Windows\System\TYXKvhp.exe

C:\Windows\System\PkHawOs.exe

C:\Windows\System\PkHawOs.exe

C:\Windows\System\KRFNcEH.exe

C:\Windows\System\KRFNcEH.exe

C:\Windows\System\xlxzLtY.exe

C:\Windows\System\xlxzLtY.exe

C:\Windows\System\crOGaDd.exe

C:\Windows\System\crOGaDd.exe

C:\Windows\System\EepSWcv.exe

C:\Windows\System\EepSWcv.exe

C:\Windows\System\GQWWWyn.exe

C:\Windows\System\GQWWWyn.exe

C:\Windows\System\cHGAapd.exe

C:\Windows\System\cHGAapd.exe

C:\Windows\System\tyCKRCx.exe

C:\Windows\System\tyCKRCx.exe

C:\Windows\System\TbdcUlz.exe

C:\Windows\System\TbdcUlz.exe

C:\Windows\System\KggKVlp.exe

C:\Windows\System\KggKVlp.exe

C:\Windows\System\SRcBuJM.exe

C:\Windows\System\SRcBuJM.exe

C:\Windows\System\kfADhbR.exe

C:\Windows\System\kfADhbR.exe

C:\Windows\System\fvxRGDW.exe

C:\Windows\System\fvxRGDW.exe

C:\Windows\System\uvMXneT.exe

C:\Windows\System\uvMXneT.exe

C:\Windows\System\yLOoyiI.exe

C:\Windows\System\yLOoyiI.exe

C:\Windows\System\dZOLOod.exe

C:\Windows\System\dZOLOod.exe

C:\Windows\System\TimkcuC.exe

C:\Windows\System\TimkcuC.exe

C:\Windows\System\EDQHRoz.exe

C:\Windows\System\EDQHRoz.exe

C:\Windows\System\eofIoVV.exe

C:\Windows\System\eofIoVV.exe

C:\Windows\System\ByEycua.exe

C:\Windows\System\ByEycua.exe

C:\Windows\System\yTxVkFT.exe

C:\Windows\System\yTxVkFT.exe

C:\Windows\System\OgHNKJk.exe

C:\Windows\System\OgHNKJk.exe

C:\Windows\System\NdBHIXf.exe

C:\Windows\System\NdBHIXf.exe

C:\Windows\System\DyDdsPN.exe

C:\Windows\System\DyDdsPN.exe

C:\Windows\System\EjNzdwA.exe

C:\Windows\System\EjNzdwA.exe

C:\Windows\System\jNaqsfJ.exe

C:\Windows\System\jNaqsfJ.exe

C:\Windows\System\mOaYcII.exe

C:\Windows\System\mOaYcII.exe

C:\Windows\System\aLwGmGc.exe

C:\Windows\System\aLwGmGc.exe

C:\Windows\System\HgMhKHk.exe

C:\Windows\System\HgMhKHk.exe

C:\Windows\System\cKThMBC.exe

C:\Windows\System\cKThMBC.exe

C:\Windows\System\BFolEXe.exe

C:\Windows\System\BFolEXe.exe

C:\Windows\System\pfYADCj.exe

C:\Windows\System\pfYADCj.exe

C:\Windows\System\TiQHNvK.exe

C:\Windows\System\TiQHNvK.exe

C:\Windows\System\dEbaITM.exe

C:\Windows\System\dEbaITM.exe

C:\Windows\System\PyGxxjm.exe

C:\Windows\System\PyGxxjm.exe

C:\Windows\System\WORtUBd.exe

C:\Windows\System\WORtUBd.exe

C:\Windows\System\mIoXyVG.exe

C:\Windows\System\mIoXyVG.exe

C:\Windows\System\gUbxxGG.exe

C:\Windows\System\gUbxxGG.exe

C:\Windows\System\byyERFT.exe

C:\Windows\System\byyERFT.exe

C:\Windows\System\pLQtAJA.exe

C:\Windows\System\pLQtAJA.exe

C:\Windows\System\WMMWoPL.exe

C:\Windows\System\WMMWoPL.exe

C:\Windows\System\KrNQYbI.exe

C:\Windows\System\KrNQYbI.exe

C:\Windows\System\fdHMGsh.exe

C:\Windows\System\fdHMGsh.exe

C:\Windows\System\wqjxgya.exe

C:\Windows\System\wqjxgya.exe

C:\Windows\System\OeWuFoN.exe

C:\Windows\System\OeWuFoN.exe

C:\Windows\System\UnCdLWw.exe

C:\Windows\System\UnCdLWw.exe

C:\Windows\System\sBjZisJ.exe

C:\Windows\System\sBjZisJ.exe

C:\Windows\System\lSjuIFK.exe

C:\Windows\System\lSjuIFK.exe

C:\Windows\System\sOIYpQy.exe

C:\Windows\System\sOIYpQy.exe

C:\Windows\System\KybSjhP.exe

C:\Windows\System\KybSjhP.exe

C:\Windows\System\GXzFnmI.exe

C:\Windows\System\GXzFnmI.exe

C:\Windows\System\kuVbKCe.exe

C:\Windows\System\kuVbKCe.exe

C:\Windows\System\uYdbdHw.exe

C:\Windows\System\uYdbdHw.exe

C:\Windows\System\uYHTLOL.exe

C:\Windows\System\uYHTLOL.exe

C:\Windows\System\nbLhSUT.exe

C:\Windows\System\nbLhSUT.exe

C:\Windows\System\YAjrkwl.exe

C:\Windows\System\YAjrkwl.exe

C:\Windows\System\vsBVcYv.exe

C:\Windows\System\vsBVcYv.exe

C:\Windows\System\UMXSvwy.exe

C:\Windows\System\UMXSvwy.exe

C:\Windows\System\jwXmAnM.exe

C:\Windows\System\jwXmAnM.exe

C:\Windows\System\JDqhPvL.exe

C:\Windows\System\JDqhPvL.exe

C:\Windows\System\ORTajQj.exe

C:\Windows\System\ORTajQj.exe

C:\Windows\System\ZkdMJpE.exe

C:\Windows\System\ZkdMJpE.exe

C:\Windows\System\ytoeyiz.exe

C:\Windows\System\ytoeyiz.exe

C:\Windows\System\OFdHtnk.exe

C:\Windows\System\OFdHtnk.exe

C:\Windows\System\fjbsVUo.exe

C:\Windows\System\fjbsVUo.exe

C:\Windows\System\yThRCDc.exe

C:\Windows\System\yThRCDc.exe

C:\Windows\System\mbiNWmK.exe

C:\Windows\System\mbiNWmK.exe

C:\Windows\System\WaDhNLD.exe

C:\Windows\System\WaDhNLD.exe

C:\Windows\System\DiMtgeA.exe

C:\Windows\System\DiMtgeA.exe

C:\Windows\System\GQeMQie.exe

C:\Windows\System\GQeMQie.exe

C:\Windows\System\sMfiKIX.exe

C:\Windows\System\sMfiKIX.exe

C:\Windows\System\acTZIAG.exe

C:\Windows\System\acTZIAG.exe

C:\Windows\System\sLNzVTQ.exe

C:\Windows\System\sLNzVTQ.exe

C:\Windows\System\WzlHKPf.exe

C:\Windows\System\WzlHKPf.exe

C:\Windows\System\OTWyPbJ.exe

C:\Windows\System\OTWyPbJ.exe

C:\Windows\System\JIdUTQN.exe

C:\Windows\System\JIdUTQN.exe

C:\Windows\System\sjLCkYb.exe

C:\Windows\System\sjLCkYb.exe

C:\Windows\System\wnUcqfo.exe

C:\Windows\System\wnUcqfo.exe

C:\Windows\System\FoXnwAH.exe

C:\Windows\System\FoXnwAH.exe

C:\Windows\System\SUMAwxM.exe

C:\Windows\System\SUMAwxM.exe

C:\Windows\System\SLjWaTe.exe

C:\Windows\System\SLjWaTe.exe

C:\Windows\System\YGFQFko.exe

C:\Windows\System\YGFQFko.exe

C:\Windows\System\mDgdIDa.exe

C:\Windows\System\mDgdIDa.exe

C:\Windows\System\SsnOBtJ.exe

C:\Windows\System\SsnOBtJ.exe

C:\Windows\System\zqlYVvL.exe

C:\Windows\System\zqlYVvL.exe

C:\Windows\System\chXEkZZ.exe

C:\Windows\System\chXEkZZ.exe

C:\Windows\System\RmRrXLB.exe

C:\Windows\System\RmRrXLB.exe

C:\Windows\System\Njkjrfb.exe

C:\Windows\System\Njkjrfb.exe

C:\Windows\System\HYpwfIc.exe

C:\Windows\System\HYpwfIc.exe

C:\Windows\System\oSpSHvl.exe

C:\Windows\System\oSpSHvl.exe

C:\Windows\System\RKGRfFp.exe

C:\Windows\System\RKGRfFp.exe

C:\Windows\System\jvSKORg.exe

C:\Windows\System\jvSKORg.exe

C:\Windows\System\Aahsqay.exe

C:\Windows\System\Aahsqay.exe

C:\Windows\System\MfIvTMq.exe

C:\Windows\System\MfIvTMq.exe

C:\Windows\System\wbwXGTD.exe

C:\Windows\System\wbwXGTD.exe

C:\Windows\System\efczEka.exe

C:\Windows\System\efczEka.exe

C:\Windows\System\fbRiTlg.exe

C:\Windows\System\fbRiTlg.exe

C:\Windows\System\zJMcMuc.exe

C:\Windows\System\zJMcMuc.exe

C:\Windows\System\SpanLlk.exe

C:\Windows\System\SpanLlk.exe

C:\Windows\System\eFRPmVY.exe

C:\Windows\System\eFRPmVY.exe

C:\Windows\System\bIKEenS.exe

C:\Windows\System\bIKEenS.exe

C:\Windows\System\VfUkJFf.exe

C:\Windows\System\VfUkJFf.exe

C:\Windows\System\RWVUlYw.exe

C:\Windows\System\RWVUlYw.exe

C:\Windows\System\KniQkZq.exe

C:\Windows\System\KniQkZq.exe

C:\Windows\System\psDPhWV.exe

C:\Windows\System\psDPhWV.exe

C:\Windows\System\arWxJQM.exe

C:\Windows\System\arWxJQM.exe

C:\Windows\System\YxHSdlZ.exe

C:\Windows\System\YxHSdlZ.exe

C:\Windows\System\fFpHgNU.exe

C:\Windows\System\fFpHgNU.exe

C:\Windows\System\aYEOTPz.exe

C:\Windows\System\aYEOTPz.exe

C:\Windows\System\dMiAGQF.exe

C:\Windows\System\dMiAGQF.exe

C:\Windows\System\ifUIxAp.exe

C:\Windows\System\ifUIxAp.exe

C:\Windows\System\zYPEgaH.exe

C:\Windows\System\zYPEgaH.exe

C:\Windows\System\bdmyhoQ.exe

C:\Windows\System\bdmyhoQ.exe

C:\Windows\System\TDvWFhv.exe

C:\Windows\System\TDvWFhv.exe

C:\Windows\System\QiPZaOV.exe

C:\Windows\System\QiPZaOV.exe

C:\Windows\System\sEzVaad.exe

C:\Windows\System\sEzVaad.exe

C:\Windows\System\ZeTcJwf.exe

C:\Windows\System\ZeTcJwf.exe

C:\Windows\System\RvosOJS.exe

C:\Windows\System\RvosOJS.exe

C:\Windows\System\lghDbkB.exe

C:\Windows\System\lghDbkB.exe

C:\Windows\System\OuPVbSg.exe

C:\Windows\System\OuPVbSg.exe

C:\Windows\System\QpkMFNP.exe

C:\Windows\System\QpkMFNP.exe

C:\Windows\System\VirKPCv.exe

C:\Windows\System\VirKPCv.exe

C:\Windows\System\nWcvIDk.exe

C:\Windows\System\nWcvIDk.exe

C:\Windows\System\fweKdRg.exe

C:\Windows\System\fweKdRg.exe

C:\Windows\System\yJkZwlW.exe

C:\Windows\System\yJkZwlW.exe

C:\Windows\System\MxdWsJg.exe

C:\Windows\System\MxdWsJg.exe

C:\Windows\System\NpIPtgl.exe

C:\Windows\System\NpIPtgl.exe

C:\Windows\System\EsXQMhK.exe

C:\Windows\System\EsXQMhK.exe

C:\Windows\System\oOpgVJg.exe

C:\Windows\System\oOpgVJg.exe

C:\Windows\System\WDZEUWv.exe

C:\Windows\System\WDZEUWv.exe

C:\Windows\System\UOZSApV.exe

C:\Windows\System\UOZSApV.exe

C:\Windows\System\MVyuKhO.exe

C:\Windows\System\MVyuKhO.exe

C:\Windows\System\RxQUaso.exe

C:\Windows\System\RxQUaso.exe

C:\Windows\System\shEImDp.exe

C:\Windows\System\shEImDp.exe

C:\Windows\System\EItIswA.exe

C:\Windows\System\EItIswA.exe

C:\Windows\System\XJsfAqI.exe

C:\Windows\System\XJsfAqI.exe

C:\Windows\System\JHHGCcB.exe

C:\Windows\System\JHHGCcB.exe

C:\Windows\System\RABQrGM.exe

C:\Windows\System\RABQrGM.exe

C:\Windows\System\AtgEfMf.exe

C:\Windows\System\AtgEfMf.exe

C:\Windows\System\USQikbU.exe

C:\Windows\System\USQikbU.exe

C:\Windows\System\rzFSyqm.exe

C:\Windows\System\rzFSyqm.exe

C:\Windows\System\fADCBrk.exe

C:\Windows\System\fADCBrk.exe

C:\Windows\System\TYQmoGg.exe

C:\Windows\System\TYQmoGg.exe

C:\Windows\System\SyyAzmM.exe

C:\Windows\System\SyyAzmM.exe

C:\Windows\System\axSZkDS.exe

C:\Windows\System\axSZkDS.exe

C:\Windows\System\HTHWVYz.exe

C:\Windows\System\HTHWVYz.exe

C:\Windows\System\uroQKcw.exe

C:\Windows\System\uroQKcw.exe

C:\Windows\System\pKtkJut.exe

C:\Windows\System\pKtkJut.exe

C:\Windows\System\jXUjIAV.exe

C:\Windows\System\jXUjIAV.exe

C:\Windows\System\TihZNHu.exe

C:\Windows\System\TihZNHu.exe

C:\Windows\System\NOYSfUK.exe

C:\Windows\System\NOYSfUK.exe

C:\Windows\System\WNsMqrj.exe

C:\Windows\System\WNsMqrj.exe

C:\Windows\System\HCHSMKR.exe

C:\Windows\System\HCHSMKR.exe

C:\Windows\System\TpBmYcE.exe

C:\Windows\System\TpBmYcE.exe

C:\Windows\System\RKxqtAX.exe

C:\Windows\System\RKxqtAX.exe

C:\Windows\System\tLWclbo.exe

C:\Windows\System\tLWclbo.exe

C:\Windows\System\AjCIwOG.exe

C:\Windows\System\AjCIwOG.exe

C:\Windows\System\iJjYuBa.exe

C:\Windows\System\iJjYuBa.exe

C:\Windows\System\nZosJXi.exe

C:\Windows\System\nZosJXi.exe

C:\Windows\System\BKERxif.exe

C:\Windows\System\BKERxif.exe

C:\Windows\System\ZIsGlFO.exe

C:\Windows\System\ZIsGlFO.exe

C:\Windows\System\EJSNVmO.exe

C:\Windows\System\EJSNVmO.exe

C:\Windows\System\bMseZNr.exe

C:\Windows\System\bMseZNr.exe

C:\Windows\System\nBHzfUW.exe

C:\Windows\System\nBHzfUW.exe

C:\Windows\System\CezBfWt.exe

C:\Windows\System\CezBfWt.exe

C:\Windows\System\sqrUsyg.exe

C:\Windows\System\sqrUsyg.exe

C:\Windows\System\mFNYFIT.exe

C:\Windows\System\mFNYFIT.exe

C:\Windows\System\aWPDgZh.exe

C:\Windows\System\aWPDgZh.exe

C:\Windows\System\JpkVdgm.exe

C:\Windows\System\JpkVdgm.exe

C:\Windows\System\MOGyLlB.exe

C:\Windows\System\MOGyLlB.exe

C:\Windows\System\qZxhOBM.exe

C:\Windows\System\qZxhOBM.exe

C:\Windows\System\OaBOXMm.exe

C:\Windows\System\OaBOXMm.exe

C:\Windows\System\ZEKiKHn.exe

C:\Windows\System\ZEKiKHn.exe

C:\Windows\System\LUQZvCu.exe

C:\Windows\System\LUQZvCu.exe

C:\Windows\System\skRSpFM.exe

C:\Windows\System\skRSpFM.exe

C:\Windows\System\Zanbuwb.exe

C:\Windows\System\Zanbuwb.exe

C:\Windows\System\AZPSJbf.exe

C:\Windows\System\AZPSJbf.exe

C:\Windows\System\AwXlFVl.exe

C:\Windows\System\AwXlFVl.exe

C:\Windows\System\XbyfVAe.exe

C:\Windows\System\XbyfVAe.exe

C:\Windows\System\tGoRChV.exe

C:\Windows\System\tGoRChV.exe

C:\Windows\System\iCIFCHY.exe

C:\Windows\System\iCIFCHY.exe

C:\Windows\System\gaiVJPh.exe

C:\Windows\System\gaiVJPh.exe

C:\Windows\System\BrSdShh.exe

C:\Windows\System\BrSdShh.exe

C:\Windows\System\SCfmzhN.exe

C:\Windows\System\SCfmzhN.exe

C:\Windows\System\nvaFesI.exe

C:\Windows\System\nvaFesI.exe

C:\Windows\System\ISuCdVq.exe

C:\Windows\System\ISuCdVq.exe

C:\Windows\System\YhACshY.exe

C:\Windows\System\YhACshY.exe

C:\Windows\System\SPnNxyu.exe

C:\Windows\System\SPnNxyu.exe

C:\Windows\System\irNQrTH.exe

C:\Windows\System\irNQrTH.exe

C:\Windows\System\UbflvAA.exe

C:\Windows\System\UbflvAA.exe

C:\Windows\System\fjAtxSx.exe

C:\Windows\System\fjAtxSx.exe

C:\Windows\System\KDRwrYb.exe

C:\Windows\System\KDRwrYb.exe

C:\Windows\System\qStBQdd.exe

C:\Windows\System\qStBQdd.exe

C:\Windows\System\oeJjAOw.exe

C:\Windows\System\oeJjAOw.exe

C:\Windows\System\jGSgKWv.exe

C:\Windows\System\jGSgKWv.exe

C:\Windows\System\QtndjxF.exe

C:\Windows\System\QtndjxF.exe

C:\Windows\System\TmDzlIB.exe

C:\Windows\System\TmDzlIB.exe

C:\Windows\System\PKxJCYE.exe

C:\Windows\System\PKxJCYE.exe

C:\Windows\System\GCedrIq.exe

C:\Windows\System\GCedrIq.exe

C:\Windows\System\OhqyhIh.exe

C:\Windows\System\OhqyhIh.exe

C:\Windows\System\YsnkZzT.exe

C:\Windows\System\YsnkZzT.exe

C:\Windows\System\LYytlVr.exe

C:\Windows\System\LYytlVr.exe

C:\Windows\System\qnrYCDJ.exe

C:\Windows\System\qnrYCDJ.exe

C:\Windows\System\gAkCYgM.exe

C:\Windows\System\gAkCYgM.exe

C:\Windows\System\VVrOKUz.exe

C:\Windows\System\VVrOKUz.exe

C:\Windows\System\sZkuGxV.exe

C:\Windows\System\sZkuGxV.exe

C:\Windows\System\cOJYNVk.exe

C:\Windows\System\cOJYNVk.exe

C:\Windows\System\tHkwLgT.exe

C:\Windows\System\tHkwLgT.exe

C:\Windows\System\gaImpFC.exe

C:\Windows\System\gaImpFC.exe

C:\Windows\System\eCVPPhJ.exe

C:\Windows\System\eCVPPhJ.exe

C:\Windows\System\QMRRZHd.exe

C:\Windows\System\QMRRZHd.exe

C:\Windows\System\pFxvleZ.exe

C:\Windows\System\pFxvleZ.exe

C:\Windows\System\ivgmcfJ.exe

C:\Windows\System\ivgmcfJ.exe

C:\Windows\System\YHVIasH.exe

C:\Windows\System\YHVIasH.exe

C:\Windows\System\jBDaAVB.exe

C:\Windows\System\jBDaAVB.exe

C:\Windows\System\jbwGXMt.exe

C:\Windows\System\jbwGXMt.exe

C:\Windows\System\MwgtQTB.exe

C:\Windows\System\MwgtQTB.exe

C:\Windows\System\WWcSCJw.exe

C:\Windows\System\WWcSCJw.exe

C:\Windows\System\nbCmSaB.exe

C:\Windows\System\nbCmSaB.exe

C:\Windows\System\ZkUcjbP.exe

C:\Windows\System\ZkUcjbP.exe

C:\Windows\System\nfqKXKZ.exe

C:\Windows\System\nfqKXKZ.exe

C:\Windows\System\hLBWgyi.exe

C:\Windows\System\hLBWgyi.exe

C:\Windows\System\lgsBtES.exe

C:\Windows\System\lgsBtES.exe

C:\Windows\System\hzEPjpK.exe

C:\Windows\System\hzEPjpK.exe

C:\Windows\System\fCZMqcF.exe

C:\Windows\System\fCZMqcF.exe

C:\Windows\System\AfsOTGS.exe

C:\Windows\System\AfsOTGS.exe

C:\Windows\System\BYEbyEl.exe

C:\Windows\System\BYEbyEl.exe

C:\Windows\System\BBrIzuZ.exe

C:\Windows\System\BBrIzuZ.exe

C:\Windows\System\tGBGNCl.exe

C:\Windows\System\tGBGNCl.exe

C:\Windows\System\TRVanqF.exe

C:\Windows\System\TRVanqF.exe

C:\Windows\System\KmgzTFQ.exe

C:\Windows\System\KmgzTFQ.exe

C:\Windows\System\hLwtiCz.exe

C:\Windows\System\hLwtiCz.exe

C:\Windows\System\vyXdEFs.exe

C:\Windows\System\vyXdEFs.exe

C:\Windows\System\eTrKCCR.exe

C:\Windows\System\eTrKCCR.exe

C:\Windows\System\gLlaHbY.exe

C:\Windows\System\gLlaHbY.exe

C:\Windows\System\aCLjcJH.exe

C:\Windows\System\aCLjcJH.exe

C:\Windows\System\DvUSmrh.exe

C:\Windows\System\DvUSmrh.exe

C:\Windows\System\KOEIAub.exe

C:\Windows\System\KOEIAub.exe

C:\Windows\System\YEiELyQ.exe

C:\Windows\System\YEiELyQ.exe

C:\Windows\System\mqvtcKh.exe

C:\Windows\System\mqvtcKh.exe

C:\Windows\System\ihBYvVN.exe

C:\Windows\System\ihBYvVN.exe

C:\Windows\System\AqWrhLG.exe

C:\Windows\System\AqWrhLG.exe

C:\Windows\System\cjWuiIc.exe

C:\Windows\System\cjWuiIc.exe

C:\Windows\System\kOHzRix.exe

C:\Windows\System\kOHzRix.exe

C:\Windows\System\HVSRoJr.exe

C:\Windows\System\HVSRoJr.exe

C:\Windows\System\FuLhbAp.exe

C:\Windows\System\FuLhbAp.exe

C:\Windows\System\RZnSuLj.exe

C:\Windows\System\RZnSuLj.exe

C:\Windows\System\GEkPEQt.exe

C:\Windows\System\GEkPEQt.exe

C:\Windows\System\CmFzWLJ.exe

C:\Windows\System\CmFzWLJ.exe

C:\Windows\System\nBmFHpI.exe

C:\Windows\System\nBmFHpI.exe

C:\Windows\System\CEOSjiv.exe

C:\Windows\System\CEOSjiv.exe

C:\Windows\System\SKKhtyI.exe

C:\Windows\System\SKKhtyI.exe

C:\Windows\System\hcyTaWn.exe

C:\Windows\System\hcyTaWn.exe

C:\Windows\System\ReAaAmo.exe

C:\Windows\System\ReAaAmo.exe

C:\Windows\System\VMleBlP.exe

C:\Windows\System\VMleBlP.exe

C:\Windows\System\ynYMAPl.exe

C:\Windows\System\ynYMAPl.exe

C:\Windows\System\hqbELTF.exe

C:\Windows\System\hqbELTF.exe

C:\Windows\System\WblSsiD.exe

C:\Windows\System\WblSsiD.exe

C:\Windows\System\QaJMuDW.exe

C:\Windows\System\QaJMuDW.exe

C:\Windows\System\gRbVjIM.exe

C:\Windows\System\gRbVjIM.exe

C:\Windows\System\fqbFikV.exe

C:\Windows\System\fqbFikV.exe

C:\Windows\System\kMzomff.exe

C:\Windows\System\kMzomff.exe

C:\Windows\System\syTeQtu.exe

C:\Windows\System\syTeQtu.exe

C:\Windows\System\hPXUXLw.exe

C:\Windows\System\hPXUXLw.exe

C:\Windows\System\MWZTgxx.exe

C:\Windows\System\MWZTgxx.exe

C:\Windows\System\VnSRVlY.exe

C:\Windows\System\VnSRVlY.exe

C:\Windows\System\NrgGxxn.exe

C:\Windows\System\NrgGxxn.exe

C:\Windows\System\FkzIopA.exe

C:\Windows\System\FkzIopA.exe

C:\Windows\System\nFdaPyq.exe

C:\Windows\System\nFdaPyq.exe

C:\Windows\System\JXPXqmy.exe

C:\Windows\System\JXPXqmy.exe

C:\Windows\System\cqmKnYx.exe

C:\Windows\System\cqmKnYx.exe

C:\Windows\System\zfaoVjg.exe

C:\Windows\System\zfaoVjg.exe

C:\Windows\System\KlXouuL.exe

C:\Windows\System\KlXouuL.exe

C:\Windows\System\fArXuDF.exe

C:\Windows\System\fArXuDF.exe

C:\Windows\System\fFFrSJD.exe

C:\Windows\System\fFFrSJD.exe

C:\Windows\System\KITPHxd.exe

C:\Windows\System\KITPHxd.exe

C:\Windows\System\NqwssWT.exe

C:\Windows\System\NqwssWT.exe

C:\Windows\System\tRrUNcB.exe

C:\Windows\System\tRrUNcB.exe

C:\Windows\System\QnbJLcy.exe

C:\Windows\System\QnbJLcy.exe

C:\Windows\System\KHdjMpF.exe

C:\Windows\System\KHdjMpF.exe

C:\Windows\System\SbrnvDC.exe

C:\Windows\System\SbrnvDC.exe

C:\Windows\System\dqspULL.exe

C:\Windows\System\dqspULL.exe

C:\Windows\System\axwfOev.exe

C:\Windows\System\axwfOev.exe

C:\Windows\System\VJtpIKz.exe

C:\Windows\System\VJtpIKz.exe

C:\Windows\System\GhPpYvW.exe

C:\Windows\System\GhPpYvW.exe

C:\Windows\System\FGkeegy.exe

C:\Windows\System\FGkeegy.exe

C:\Windows\System\iTFmuel.exe

C:\Windows\System\iTFmuel.exe

C:\Windows\System\XbExnVn.exe

C:\Windows\System\XbExnVn.exe

C:\Windows\System\TBAAaCT.exe

C:\Windows\System\TBAAaCT.exe

C:\Windows\System\nIKmjHw.exe

C:\Windows\System\nIKmjHw.exe

C:\Windows\System\YouGOCg.exe

C:\Windows\System\YouGOCg.exe

C:\Windows\System\BdirmHN.exe

C:\Windows\System\BdirmHN.exe

C:\Windows\System\UqHOQGM.exe

C:\Windows\System\UqHOQGM.exe

C:\Windows\System\seEisEj.exe

C:\Windows\System\seEisEj.exe

C:\Windows\System\RmMuqaQ.exe

C:\Windows\System\RmMuqaQ.exe

C:\Windows\System\TKyDNob.exe

C:\Windows\System\TKyDNob.exe

C:\Windows\System\JIgrqIG.exe

C:\Windows\System\JIgrqIG.exe

C:\Windows\System\rjcvOMs.exe

C:\Windows\System\rjcvOMs.exe

C:\Windows\System\QwLMLlA.exe

C:\Windows\System\QwLMLlA.exe

C:\Windows\System\kEjtxMR.exe

C:\Windows\System\kEjtxMR.exe

C:\Windows\System\NlKNAdh.exe

C:\Windows\System\NlKNAdh.exe

C:\Windows\System\mYKwUUw.exe

C:\Windows\System\mYKwUUw.exe

C:\Windows\System\oSwaZrP.exe

C:\Windows\System\oSwaZrP.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/3052-2-0x000000013FDA0000-0x0000000140196000-memory.dmp

memory/3052-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\OzFnFAa.exe

MD5 63aeb0476b509f4bdf51e432c91ccf59
SHA1 71e930a7b2cce5d5e7a8ac36450cff3b2a0ce2e0
SHA256 362faf1128ed48e0cfb9bc4daf3401cc983f3ddf2ad01c2d83fee342bc4eeabc
SHA512 9fe50eaae483043358a11bd65689c375abe7b67f606e0931ac30b9ca68e532a889ef9546930a92fee64368204d4e454b57c588ff9f1db4c913d8356701635193

memory/3052-7-0x000000013F280000-0x000000013F676000-memory.dmp

memory/3052-22-0x000000013F560000-0x000000013F956000-memory.dmp

memory/2608-20-0x000007FEF540E000-0x000007FEF540F000-memory.dmp

C:\Windows\system\KfHaEAS.exe

MD5 6d4c494b79632b0b4da0e41216fa6bdf
SHA1 4e03081cdc74d54c444f22568f7ae35694ac1d8b
SHA256 6aeb780817ed8269e1ccc521871c477c53feecc319c00938e71f777ab1d6e5b0
SHA512 bb87701532d46cfdd9cb4ebb1ffe90f13873be8cf76c2c196270ae886a024b6b0c41c00ee09252c143f7e0cbf7d193a0e3d6df0953399008c36128bc3c03116f

C:\Windows\system\YYOkRZL.exe

MD5 57c8575d31d62592e26a678e3bf6d512
SHA1 5726167f01a54039f24e3a9257ef0e436e50b4f5
SHA256 f4afdd3b721049eb6e5e923e2e2739468b7c63fc0ade4af03bbc530b4a8e850f
SHA512 84230d0bd489700eb4da27d17ba02e4f8fe9b096fa9ebc99a003657b2a82b953660402273f7922fa1c4ca921aa0c172a3a6c6cf93a41c41c1e6e3f0a8bf487e6

C:\Windows\system\GuPjdVm.exe

MD5 d313e71edb5f6bd9f77cf49402cc172f
SHA1 5405cfbf1e37158ed274cd03e28a6beb781f0d96
SHA256 26dadac630202c81291dcb82918cbebe32cb54b3dfb1119cf6119e99b9b1ac27
SHA512 30a6292e8c5627a31a0f0cb03b6ecbff41d3f25ac047e587d728245d1f298f74949d5ffc0591a989128028209be863a2029f43e1dba47c7576261185aa97e049

C:\Windows\system\XYyzirE.exe

MD5 8a11b9b83e24b88a7b082e2af07db068
SHA1 e3b307949277f43d883fc7328310ff689ec7a9d4
SHA256 d5a4c9a13228f69537d8f8ce4bd8f6c52455c315126c72902f0b46201f9c8a47
SHA512 af0e8718bf44375dd8a0dc98e4e761d3a6cd48305d8f2654ffde8c9c9a06c1524df5311bcba84d53cf4ff9a9220c4cbb4e1e9142d7a8f49c5455c71980bbbea5

C:\Windows\system\KUuLKQD.exe

MD5 fe69593708ebe69ffced1cfcdd52e65a
SHA1 dc8dd3f100271d5cc4f78f9ee3b2c739d3f25eb7
SHA256 fd64ccb050481d4c2b15653b24a30d57ae9c0532be46e8bea551d751a98e87dc
SHA512 f5613a5c01fc520c9588aa7b2814293bf1528e945f11e8b11600f61034cb2ec90bd7d4270f792901c1d1a6aa8df722458ee89daf268efb2e70203ef17c9c4953

C:\Windows\system\MDjnbnZ.exe

MD5 72fae17f1a73f24db9fdfd795bdb5d08
SHA1 149e690337a211dc1aef42b53b20a41694aefe17
SHA256 af9cc3322f5889a2adb551ba0273d4b72ae7bb6729df05f51493344bde2f5390
SHA512 c0f6a61d02550174ab9cfa51fc011d9c70c6259fad38c2fb58295d355ab71ce739e86798e8e19dcaca0e390f5c83901d9a8f8f9790d78dbc6cd4a82550589683

memory/2608-94-0x000000001B6B0000-0x000000001B992000-memory.dmp

C:\Windows\system\ElHUOhD.exe

MD5 bea46799bc3cbf97ab8a61feae7b20d6
SHA1 13c8e9d36a28d36da1c393a1910f0f4abb3bc95b
SHA256 4ac6841473ab2b0d73410e604f148d5db292cbed840903cd0e506c7b9ce852fb
SHA512 01a1ec2feba7df0c285ec394290380509dcd34e670a9f3c99edee0a436965e4cd89c98cee22694eaeca06c7062489141b878232a4f424faa19b586a9e4b6fa9a

\Windows\system\PQonJwA.exe

MD5 946f06a8eac71395a5a67c3149208ff1
SHA1 7384e2a0c6e97d9afe3a43709c1b5a07634c9cce
SHA256 3244ab34188e6cbdb0f000da35f27b95c672d7698b193710a226bc36e11bdf4c
SHA512 59ed2b35861c984f54cee7a61c56e32c042ee14b26e9aa25927b9450034281c89573146555bba7fe7647a26f71133201d3232fffe725f2a632d91da283451037

\Windows\system\MYGOlsR.exe

MD5 b8bc7383166886e97f8a38aabae5c6f1
SHA1 25c80258e9d138e21c3f98452cd03582dc8ff0de
SHA256 f0b39da495ac0af5d3305a5a669fc999bd7c8fed0e54fd5b2341a8992220a4c3
SHA512 e3cc7c3ae8fb847e879c6c62cd7246325601fa69653052b88b9e588cbd5aa0e397da75587985a60952adfce895195ac6edbf30a45ab46acbf5a5bf7122298bec

memory/2608-123-0x000007FEF5150000-0x000007FEF5AED000-memory.dmp

C:\Windows\system\wcfSTkf.exe

MD5 7a937546d546dbf80379a3a10c405791
SHA1 9172257c3078a81bf9068e3c07a9c54d9b9699ef
SHA256 8acc5c78e966dfbe615d8b5d7720cc19e5554a813d67737466e0ee397bd74d9f
SHA512 28998edc8b27afed6a4aabd6bca0480e602fb3687c2d7c65d50db7f49cbf1b232592a61c4220e4dd31aa8253551c62c809bafe515633ee6aa89be8d3a290fb77

\Windows\system\kDRNHuX.exe

MD5 4cc678a1995b86ff2ea8d6dd8f105130
SHA1 bf21309a3100a977abd9d2da279e1d4afb982f56
SHA256 463488384993b8fcb6baf76f904c20dbc3ede0093546c51944b56ea29d881f76
SHA512 0e55ed03bd3a327e1b14fa5e1cfd5c8520569e6b9425bcf775d9d3e8638be293c176897213fd660274edf571e6384979ee2d3cc61e6d65bee967625dc7ffb100

C:\Windows\system\BdREBjN.exe

MD5 b67f288169a134fd209670d0fcd80d43
SHA1 036cefec83eacaf5ea57853adccb26ddde0fe34b
SHA256 959db9cd0b3e7b70ab493a481e8ac6b80238e715f0f0464c7a7546625c645f95
SHA512 f75a59e70b368e924f3628ef3969742bcaab436172c93350142f58b6ddb754bcbf718218f69aec1aaf7760310460cce9b67fbf204243658feef9d6954ea1ed00

memory/2596-187-0x000000013FA80000-0x000000013FE76000-memory.dmp

memory/3052-190-0x000000013F3C0000-0x000000013F7B6000-memory.dmp

memory/2780-189-0x000000013F910000-0x000000013FD06000-memory.dmp

memory/3052-188-0x000000013F910000-0x000000013FD06000-memory.dmp

memory/3052-184-0x0000000003120000-0x0000000003516000-memory.dmp

memory/2536-183-0x000000013F580000-0x000000013F976000-memory.dmp

memory/3052-181-0x000000013F580000-0x000000013F976000-memory.dmp

memory/2572-173-0x000000013FE10000-0x0000000140206000-memory.dmp

\Windows\system\ZviQAsi.exe

MD5 b6ada57e58179c51c161967b4158679c
SHA1 e97a6540091287afa1ba06174bf2523ab82441ec
SHA256 997ce391644f5d8467ac64a0bb8d4d98333939982873fa15572b84506d40d8b1
SHA512 aebabd37d27d0204fd929cdbe1e86b20c6ab6c41ab3b98f7ef0773c3b7afda61eaf162327c18b3958bac056e4c11a95b51dc56894636c0eb99a812c73a38721a

C:\Windows\system\sdodMxZ.exe

MD5 dc187c05179fb3144c1ac03e9da2ef2c
SHA1 03d2eb3b15dc10a8bdbdbd6b4da572551f1ebe39
SHA256 447808d47b93f6c2c12ce61faaf0ebc6adfbeb49167321a735da40bc0db55347
SHA512 779e7edabf78c432e7c07bee6cb0f7e113d7193c5cbb3468c637e4583743ccaeadbcc0a77c359ca4f4358982596e967503c334c43b80cc7e1e876c6f1cff4b4d

memory/1724-145-0x000000013FD10000-0x0000000140106000-memory.dmp

\Windows\system\LBuhsBg.exe

MD5 25b2a3084741a63c8e3c1ce553c9ab51
SHA1 c1daf86ab553a8d3fc05ba8ec4ea7f6b6234a4f2
SHA256 b5f2d8e423daf8564957ac6f0ed1f7015594115b16b05e4a66a937b2e1a25b6d
SHA512 2d0b5f50f4765ea7312203b0dd3edcf4f935307708a612314ecafd28f532cf5c27f199c04596a979a9afc9c2dd50e48899b0e839f301b558952e06ebd07aa27e

memory/3052-138-0x0000000003120000-0x0000000003516000-memory.dmp

\Windows\system\RHtZOJs.exe

MD5 9e09ad4ad63a69e3ec5bf3d42fb996b0
SHA1 1351c46b5e7495d58944615cadc193b474a42c68
SHA256 aaf3026f9fbbb3a23dbd0d9a6a98d2ae912bf8f4be52883963e4896aab83a220
SHA512 54542e9b1a9f2662440819ffde6334302105ff9a6eb69fefed8baa157bc5ca85636e28d71b2e3ec9c82a6e9a2775e81e6cef4e9f6048ab81ed0b3bbfb0e8ad0d

memory/2608-127-0x000007FEF5150000-0x000007FEF5AED000-memory.dmp

memory/2608-103-0x00000000023B0000-0x00000000023B8000-memory.dmp

C:\Windows\system\jOPzMKr.exe

MD5 32a5bb0d20701b3b147548af765377d8
SHA1 b109299cd9ff1710e7007ab279953480bd725285
SHA256 5666016bc1b906442cc82c79227411e7e4c8c848dacde2c8442f4b5b8433d6e8
SHA512 a559744266572a932362ff5a335278afea6934d4947ac0e99e6804d403a5f1f041fad12f648829109338ea8675a3adf35e2fc950cce3797193089f063aff186b

\Windows\system\jfwXkax.exe

MD5 07c8b68dabfe54adf2dd67420d57c450
SHA1 b422d0e07e02198d80350bb54900a968b18ea9a0
SHA256 6cbbfe0a63e902b11953939f60b02fedf57117ca5b2bb4f50cccf9ceacaea1f2
SHA512 0c3ae306b470455f37c27abd1e2c052c26b6f0ae5491602d4b4e134aebdc9a017378b8c7ea63390ab9b65d20a20d43c7b00399a4f1dd46a6d7604cd509915a4f

C:\Windows\system\CVixTYE.exe

MD5 3038d8e10e6c1414d59887a24de960c0
SHA1 7556fc1fd5df8dfeb53c64f80f6d2a16ca892c9a
SHA256 cfb9582c3157250c5b880bd70d944188f16392c01bcf678cdfa8139c69c5d04b
SHA512 0566b621c009c1db7b69fd4c2018f494f3ba2378b42d04a6660acd12beaf0bffca08fac1feec922bcbb00edd933898b3636dbe0a8c957dcad873e336e8f27c3d

C:\Windows\system\lsOHAkI.exe

MD5 764e9185ec3717fc2d22b1e61daf8bd7
SHA1 ec8b8836019ff74cee1dba460af2e698b276f7ec
SHA256 7f607534f5780ebe4a84dbdfd11d0eca197cb7ea1f9535ee027ed72f5dcdeae2
SHA512 bfc696e2dbf457b88858f8cd21c75f5f7b732b2311e9ee9d8276b3f7cd397350b94ca30b64fe8421246c05cd1805e6e9837783b6c564c1dd3bc6427ba88daf9b

C:\Windows\system\ekrbrlq.exe

MD5 f4f624c9871df6b5c1352cf684d006c6
SHA1 95ce70d25605485cb4c3dc0eeac75aff5c837569
SHA256 b3a603b26863243c63894658304d9c8741e3c47adf47a2eb602e939b11c9f579
SHA512 23579367e8c83c7891e3be9fc8e48c7e2184e3aa910a943c8136cf0446c25433a6aa7f1c468158d9c4e2904c8046c2aa7892889df9f67893083f93eea31ba0e7

C:\Windows\system\XXXkYTx.exe

MD5 163454cee02f7a82d3749cd691fd684c
SHA1 5482386f0aa1ecc9e617b594903e5f843e70ce8f
SHA256 cbee98007d3dc89d1f0aa1f0e6b98ca8cb76da0c9e7b701ba07ae8b12c723887
SHA512 6e652379e11ad632deaba464968677c24051e918b0c86b9f379e774745525b1f4fe32cb56b7ee1690351b9123d19279518fa878d3e9899947c7a35f0f13bc65e

C:\Windows\system\KvJcCUA.exe

MD5 9fa50babe3bb8eeb1cce4b6d35279758
SHA1 86f9f6ae8dc8387a0c581726de039b325c6392e2
SHA256 91049c3940e5f4a6b72daa1c5b55a8732735795616119cda623d61058729b9a2
SHA512 3f9296ab5123d05ba90345b1ef717af0037540de8b5dae9b577f5b4a2e1e3617b6ae3a043874c6739ac35be97c092b77def04c36d02f2fed383828388b1af5f1

C:\Windows\system\iyajeky.exe

MD5 f3f71cddb625b4f206863cbd10387f9d
SHA1 64df06c82376853fb09b7c21aecf95aab9cacb43
SHA256 9a5091f4c57853249112bc80c61e0c993d83e1e279a0dae94b921c96b5c16372
SHA512 e7043c20552a52da50ad7a882f77c39ffeb1a073b9cad1a252527c00d5a4b2c426b2a1a747e22cf22f4dba3bd14f464d8be230d1ad3c2a9a554551b04215231b

C:\Windows\system\xNXdiQz.exe

MD5 80e4af6ab80b478ec305e814b8649e61
SHA1 eff17ec38c65cf982c15165976992e69c9585d53
SHA256 32f0ba2331d353b1e3d5268d7ee5860613f66e1ef4bfb434be6dbb4b9b814dce
SHA512 fff6d90d7fa28dad08b86fed75451a4c591f1c3e4ebe57aeca2031b63f3823b75b552f259626d2273149b8bec9a680fb8457294f533fa16e10a9b421415296ba

C:\Windows\system\ZZMHvUM.exe

MD5 9c39fbf0b40bb72a513d4884f720ed96
SHA1 cd0b816c12541971612395430713658440fa7cab
SHA256 3217250f926a8d6c3d63fb1813d53f877f24642e4841b01a6f86e31f8571e505
SHA512 5c0e798e81a18dcc797bd474a7e33bfbff9ed572a6d238eafb95601683ddf275149638c865c20a396d730bd12a0adc933c2b7df3a167a44bfef7cc1b5f417b44

C:\Windows\system\cKfEuVF.exe

MD5 9b67070fbdfc0361239f1e9bc493e627
SHA1 cea980d8ce7dbe55bfce745a29525ba392fa91a7
SHA256 dc039a3ce5fa71bef3008a04d6c9aca65adbea876e3169f51c511dc9aba220dc
SHA512 2674c0f9cd44fd8099431d99abf9b4f8122b1cb5d86dbc21664147838a574b8e2f22aef201c421fb8fc58d79b201b4bf1eb5cd795f5257b40ce1a19a35f6ed7b

memory/2788-134-0x000000013F680000-0x000000013FA76000-memory.dmp

\Windows\system\UJHoOEA.exe

MD5 6f0ffe573dec1158e6eda1087a036e6b
SHA1 2bcb553118fadde16e11a44469e75494a2c663f0
SHA256 9fe4aa36fc2b137b560a98af2697763d0ebd3b9aab6444cd7f5018d035463f66
SHA512 c15089998314b0b591a1636c2f6de64baee3c751265ace879e1428033a616953e12b91512d972f4b9b220ee2aec85911236fda1044eb7eb5aba29f54f8ed483b

memory/3052-168-0x0000000003120000-0x0000000003516000-memory.dmp

memory/3052-200-0x0000000003120000-0x0000000003516000-memory.dmp

memory/3052-205-0x000000013F680000-0x000000013FA76000-memory.dmp

memory/2608-526-0x000007FEF5150000-0x000007FEF5AED000-memory.dmp

memory/2832-204-0x000000013FA90000-0x000000013FE86000-memory.dmp

memory/2208-195-0x000000013F3C0000-0x000000013F7B6000-memory.dmp

\Windows\system\TIjeEvL.exe

MD5 6fcc5577bca4edc31134ebc1f54daf16
SHA1 4f6a126d773b0442e88004c7e0b538a3495e6519
SHA256 2f7d88e14edce5cf2cc3849924e49943b3cc04d110d6b5ba4013b46e94b168f0
SHA512 3e3a7be46e8dc4e03480cb598ad8947a731713b281dc54e2471f857a14705918c1cff42e2bc3b1d617cc1f9d95cd60f722dd349f68eae20eb398d6b2ea348870

\Windows\system\KwzaXPx.exe

MD5 c9fbb0afbbc4b8a880e963d9b3d7c2fd
SHA1 30892675b18eb1def476584a179ab5dd2b62a8e5
SHA256 91d04c241899a535dac6aef17a2c72ff24313e34e652241e970472a62b6f8b93
SHA512 57f177dea08d48e7f84ce4bd60ba0fcb1d686c9345e2720120a8f80d439a9b0588b4f43919105978ae636602df98e60f8b827d418ea6e719d52830ecad3ba0ed

memory/2564-161-0x000000013FC90000-0x0000000140086000-memory.dmp

\Windows\system\xnBnGbq.exe

MD5 2c6c6af92aeda5c2dd6c937bd58a2bf2
SHA1 f01c94a81a944a8f9961cca88707788e6dcb0863
SHA256 29f81b59526c9f8139ee9908e96c9cb0df729fbd8f9fea065e0be6b2a1785185
SHA512 39abb59693304552fe16b692dbe794420ee6838e49caa77d533a1838fb8d50fc74b01a2dfd568c1b9ad4c7d37f2f9e4cf0f6b3c6a0820668adb2cb3eda0a1a01

memory/3052-153-0x0000000003120000-0x0000000003516000-memory.dmp

memory/1704-152-0x000000013FBC0000-0x000000013FFB6000-memory.dmp

memory/3052-150-0x0000000003120000-0x0000000003516000-memory.dmp

\Windows\system\KFkhLiC.exe

MD5 b67e1cd486d0545638c4bf6cbef272dd
SHA1 0fe680f54796bc1452c4e3bc99d1e6cbfef6b173
SHA256 4c645be3d7a2d6acf2f5cde13ce3d7a166471a73c02a49d2c50de652f3539eeb
SHA512 3350e3fb0f4ab8e06cea8d551704f04ba19690dd133d2de3d1c11e15a9538f20e850faf94b43fad1a507844395c36561dfcab996ec8dced81f70d69a1e99dfb5

\Windows\system\FdkMDBP.exe

MD5 2a602ec2c0f9827de4b25dee041a94ac
SHA1 23daf05dd91e8bf0cea33409f8d210eb9916c43f
SHA256 98cf2851eeec74bad9ac6ade0cd8b83adcc433776725126d15a76340fd6c3714
SHA512 d0919927480bf52edf70e2cfeb33413a81564d26f3e36d02fd21d1b01ce34d4ef87a2339e33230af799d906227a398615b2a0c3204ea7c00a5948e5f77c1dba1

memory/2608-19-0x0000000002950000-0x00000000029D0000-memory.dmp

memory/2716-18-0x000000013F560000-0x000000013F956000-memory.dmp

memory/3032-17-0x000000013F280000-0x000000013F676000-memory.dmp

C:\Windows\system\TTyHSHt.exe

MD5 48956ead252ca868ee8066f315271f91
SHA1 bcdfb6136a970b9ff9ffbf1c577e4fe550531025
SHA256 d5ca7238feda4d0e8b1d1116d1591de6683438d68c3e072aeefa940e31e9b849
SHA512 442dc16d4d5411013101441fb3739e3b6386bf505143c77110bdf2ff756450f082cbad5c08320b6ed3c1a08bf6e3b575f4726a7c7a4b85b45e9ab0763d499bdf

memory/3052-2761-0x000000013FDA0000-0x0000000140196000-memory.dmp

memory/2716-2763-0x000000013F560000-0x000000013F956000-memory.dmp

memory/1724-7086-0x000000013FD10000-0x0000000140106000-memory.dmp

memory/1704-7091-0x000000013FBC0000-0x000000013FFB6000-memory.dmp

memory/2596-7095-0x000000013FA80000-0x000000013FE76000-memory.dmp

memory/2536-7093-0x000000013F580000-0x000000013F976000-memory.dmp

memory/2572-7092-0x000000013FE10000-0x0000000140206000-memory.dmp

memory/2208-7103-0x000000013F3C0000-0x000000013F7B6000-memory.dmp

memory/2780-7101-0x000000013F910000-0x000000013FD06000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 07:27

Reported

2024-06-12 07:30

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\WMCzjWI.exe N/A
N/A N/A C:\Windows\System\tLGkcgU.exe N/A
N/A N/A C:\Windows\System\bDyUYEK.exe N/A
N/A N/A C:\Windows\System\OgEnPiN.exe N/A
N/A N/A C:\Windows\System\Xucrexd.exe N/A
N/A N/A C:\Windows\System\ZYNuJAv.exe N/A
N/A N/A C:\Windows\System\eIZzpWn.exe N/A
N/A N/A C:\Windows\System\YrrqeBa.exe N/A
N/A N/A C:\Windows\System\ZTnUfWa.exe N/A
N/A N/A C:\Windows\System\YSJnCks.exe N/A
N/A N/A C:\Windows\System\mKkdXHa.exe N/A
N/A N/A C:\Windows\System\IzGouwV.exe N/A
N/A N/A C:\Windows\System\IVzbdDq.exe N/A
N/A N/A C:\Windows\System\oFPjhat.exe N/A
N/A N/A C:\Windows\System\hgPlaZv.exe N/A
N/A N/A C:\Windows\System\RBtmmmh.exe N/A
N/A N/A C:\Windows\System\zptlfPm.exe N/A
N/A N/A C:\Windows\System\MiEcnOq.exe N/A
N/A N/A C:\Windows\System\ftzrslP.exe N/A
N/A N/A C:\Windows\System\jrhFbPZ.exe N/A
N/A N/A C:\Windows\System\xckooGt.exe N/A
N/A N/A C:\Windows\System\WLguZKr.exe N/A
N/A N/A C:\Windows\System\jwvtYtv.exe N/A
N/A N/A C:\Windows\System\EBIcgyR.exe N/A
N/A N/A C:\Windows\System\qipwnIJ.exe N/A
N/A N/A C:\Windows\System\YvoGpcC.exe N/A
N/A N/A C:\Windows\System\zFzAkwe.exe N/A
N/A N/A C:\Windows\System\iCCTDCk.exe N/A
N/A N/A C:\Windows\System\xKzNaBp.exe N/A
N/A N/A C:\Windows\System\YyETNup.exe N/A
N/A N/A C:\Windows\System\PSgGrxg.exe N/A
N/A N/A C:\Windows\System\ppPRpwv.exe N/A
N/A N/A C:\Windows\System\FMqZMSc.exe N/A
N/A N/A C:\Windows\System\eIyfHdA.exe N/A
N/A N/A C:\Windows\System\oYSATTC.exe N/A
N/A N/A C:\Windows\System\gIjQcxQ.exe N/A
N/A N/A C:\Windows\System\GIsBMwG.exe N/A
N/A N/A C:\Windows\System\mTtPuiG.exe N/A
N/A N/A C:\Windows\System\udmJJRy.exe N/A
N/A N/A C:\Windows\System\ViIXeWP.exe N/A
N/A N/A C:\Windows\System\ZVFevvg.exe N/A
N/A N/A C:\Windows\System\kgsRGkY.exe N/A
N/A N/A C:\Windows\System\owKNUWv.exe N/A
N/A N/A C:\Windows\System\MAgWlTY.exe N/A
N/A N/A C:\Windows\System\AyREpip.exe N/A
N/A N/A C:\Windows\System\GuDUmZQ.exe N/A
N/A N/A C:\Windows\System\LmJxXjz.exe N/A
N/A N/A C:\Windows\System\sChFZKM.exe N/A
N/A N/A C:\Windows\System\rJHIyUU.exe N/A
N/A N/A C:\Windows\System\MEfaHHd.exe N/A
N/A N/A C:\Windows\System\oFKrEwP.exe N/A
N/A N/A C:\Windows\System\OYMokcU.exe N/A
N/A N/A C:\Windows\System\TUYJHHX.exe N/A
N/A N/A C:\Windows\System\SGzbIyo.exe N/A
N/A N/A C:\Windows\System\ZeBUgqE.exe N/A
N/A N/A C:\Windows\System\yyPhIrd.exe N/A
N/A N/A C:\Windows\System\KUmeemr.exe N/A
N/A N/A C:\Windows\System\DaSvOiy.exe N/A
N/A N/A C:\Windows\System\ffEqCRG.exe N/A
N/A N/A C:\Windows\System\qzjQotl.exe N/A
N/A N/A C:\Windows\System\vtAurLO.exe N/A
N/A N/A C:\Windows\System\wQKocbJ.exe N/A
N/A N/A C:\Windows\System\tZUzlBz.exe N/A
N/A N/A C:\Windows\System\cDEIuan.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ffEqCRG.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\tknHgfF.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzjigxP.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucqiDXl.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NAydYvh.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\EUsKCgk.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\KqrvZdW.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\UsuTBvx.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgdMnjY.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpIxFwJ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\tiyFbdZ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFxRWeS.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\nFTPgHf.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\FEzxjJP.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\JTnCiPP.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NjzlSQo.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLTUNzZ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADGuLeV.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\muRssmm.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\kcdhLWP.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUvwrwt.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\AIxwTZj.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\yySkQvk.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\VizsynW.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWKAAEu.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\WPxYbAf.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\OygYbXV.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\dqPtvnM.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rSBGbcY.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\nktNeby.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\vIGMjRy.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\SNWZQwq.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\exSiMJy.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ztBpLLB.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\sgriapk.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\xmovuQq.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\bqjFEgK.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilqJHIu.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DWgrJSZ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfohzSw.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\VavsMsM.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnSxkOI.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DHFZtcX.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\mlOdVNe.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmHUmMT.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrgzqnt.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DTXnMVP.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\bMBKKiJ.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\IDpedPG.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DhDKpup.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\UkdPnSt.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\IATGoIy.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOYtmNm.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\LQAcSye.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rgFQHDO.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\qUYkvDH.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\SoLXQHd.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\GmpDKxG.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUSQZwE.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\drNcFjz.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ESmNbaR.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvfjJIi.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\RaCLwQp.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
File created C:\Windows\System\KtjjzJl.exe C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3344 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3344 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3344 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\WMCzjWI.exe
PID 3344 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\WMCzjWI.exe
PID 3344 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\tLGkcgU.exe
PID 3344 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\tLGkcgU.exe
PID 3344 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\bDyUYEK.exe
PID 3344 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\bDyUYEK.exe
PID 3344 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\OgEnPiN.exe
PID 3344 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\OgEnPiN.exe
PID 3344 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\Xucrexd.exe
PID 3344 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\Xucrexd.exe
PID 3344 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ZYNuJAv.exe
PID 3344 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ZYNuJAv.exe
PID 3344 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\eIZzpWn.exe
PID 3344 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\eIZzpWn.exe
PID 3344 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YrrqeBa.exe
PID 3344 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YrrqeBa.exe
PID 3344 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ZTnUfWa.exe
PID 3344 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ZTnUfWa.exe
PID 3344 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YSJnCks.exe
PID 3344 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YSJnCks.exe
PID 3344 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\mKkdXHa.exe
PID 3344 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\mKkdXHa.exe
PID 3344 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\IzGouwV.exe
PID 3344 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\IzGouwV.exe
PID 3344 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\IVzbdDq.exe
PID 3344 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\IVzbdDq.exe
PID 3344 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\oFPjhat.exe
PID 3344 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\oFPjhat.exe
PID 3344 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\hgPlaZv.exe
PID 3344 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\hgPlaZv.exe
PID 3344 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\RBtmmmh.exe
PID 3344 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\RBtmmmh.exe
PID 3344 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\zptlfPm.exe
PID 3344 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\zptlfPm.exe
PID 3344 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\MiEcnOq.exe
PID 3344 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\MiEcnOq.exe
PID 3344 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ftzrslP.exe
PID 3344 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\ftzrslP.exe
PID 3344 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jrhFbPZ.exe
PID 3344 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jrhFbPZ.exe
PID 3344 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\xckooGt.exe
PID 3344 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\xckooGt.exe
PID 3344 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\WLguZKr.exe
PID 3344 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\WLguZKr.exe
PID 3344 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jwvtYtv.exe
PID 3344 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\jwvtYtv.exe
PID 3344 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\EBIcgyR.exe
PID 3344 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\EBIcgyR.exe
PID 3344 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\qipwnIJ.exe
PID 3344 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\qipwnIJ.exe
PID 3344 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YvoGpcC.exe
PID 3344 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YvoGpcC.exe
PID 3344 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\zFzAkwe.exe
PID 3344 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\zFzAkwe.exe
PID 3344 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\iCCTDCk.exe
PID 3344 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\iCCTDCk.exe
PID 3344 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\xKzNaBp.exe
PID 3344 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\xKzNaBp.exe
PID 3344 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YyETNup.exe
PID 3344 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\YyETNup.exe
PID 3344 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\PSgGrxg.exe
PID 3344 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe C:\Windows\System\PSgGrxg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\27f0d5902443fe4725afcc46f6f77880_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\WMCzjWI.exe

C:\Windows\System\WMCzjWI.exe

C:\Windows\System\tLGkcgU.exe

C:\Windows\System\tLGkcgU.exe

C:\Windows\System\bDyUYEK.exe

C:\Windows\System\bDyUYEK.exe

C:\Windows\System\OgEnPiN.exe

C:\Windows\System\OgEnPiN.exe

C:\Windows\System\Xucrexd.exe

C:\Windows\System\Xucrexd.exe

C:\Windows\System\ZYNuJAv.exe

C:\Windows\System\ZYNuJAv.exe

C:\Windows\System\eIZzpWn.exe

C:\Windows\System\eIZzpWn.exe

C:\Windows\System\YrrqeBa.exe

C:\Windows\System\YrrqeBa.exe

C:\Windows\System\ZTnUfWa.exe

C:\Windows\System\ZTnUfWa.exe

C:\Windows\System\YSJnCks.exe

C:\Windows\System\YSJnCks.exe

C:\Windows\System\mKkdXHa.exe

C:\Windows\System\mKkdXHa.exe

C:\Windows\System\IzGouwV.exe

C:\Windows\System\IzGouwV.exe

C:\Windows\System\IVzbdDq.exe

C:\Windows\System\IVzbdDq.exe

C:\Windows\System\oFPjhat.exe

C:\Windows\System\oFPjhat.exe

C:\Windows\System\hgPlaZv.exe

C:\Windows\System\hgPlaZv.exe

C:\Windows\System\RBtmmmh.exe

C:\Windows\System\RBtmmmh.exe

C:\Windows\System\zptlfPm.exe

C:\Windows\System\zptlfPm.exe

C:\Windows\System\MiEcnOq.exe

C:\Windows\System\MiEcnOq.exe

C:\Windows\System\ftzrslP.exe

C:\Windows\System\ftzrslP.exe

C:\Windows\System\jrhFbPZ.exe

C:\Windows\System\jrhFbPZ.exe

C:\Windows\System\xckooGt.exe

C:\Windows\System\xckooGt.exe

C:\Windows\System\WLguZKr.exe

C:\Windows\System\WLguZKr.exe

C:\Windows\System\jwvtYtv.exe

C:\Windows\System\jwvtYtv.exe

C:\Windows\System\EBIcgyR.exe

C:\Windows\System\EBIcgyR.exe

C:\Windows\System\qipwnIJ.exe

C:\Windows\System\qipwnIJ.exe

C:\Windows\System\YvoGpcC.exe

C:\Windows\System\YvoGpcC.exe

C:\Windows\System\zFzAkwe.exe

C:\Windows\System\zFzAkwe.exe

C:\Windows\System\iCCTDCk.exe

C:\Windows\System\iCCTDCk.exe

C:\Windows\System\xKzNaBp.exe

C:\Windows\System\xKzNaBp.exe

C:\Windows\System\YyETNup.exe

C:\Windows\System\YyETNup.exe

C:\Windows\System\PSgGrxg.exe

C:\Windows\System\PSgGrxg.exe

C:\Windows\System\ppPRpwv.exe

C:\Windows\System\ppPRpwv.exe

C:\Windows\System\FMqZMSc.exe

C:\Windows\System\FMqZMSc.exe

C:\Windows\System\eIyfHdA.exe

C:\Windows\System\eIyfHdA.exe

C:\Windows\System\oYSATTC.exe

C:\Windows\System\oYSATTC.exe

C:\Windows\System\gIjQcxQ.exe

C:\Windows\System\gIjQcxQ.exe

C:\Windows\System\GIsBMwG.exe

C:\Windows\System\GIsBMwG.exe

C:\Windows\System\mTtPuiG.exe

C:\Windows\System\mTtPuiG.exe

C:\Windows\System\udmJJRy.exe

C:\Windows\System\udmJJRy.exe

C:\Windows\System\ViIXeWP.exe

C:\Windows\System\ViIXeWP.exe

C:\Windows\System\ZVFevvg.exe

C:\Windows\System\ZVFevvg.exe

C:\Windows\System\kgsRGkY.exe

C:\Windows\System\kgsRGkY.exe

C:\Windows\System\owKNUWv.exe

C:\Windows\System\owKNUWv.exe

C:\Windows\System\MAgWlTY.exe

C:\Windows\System\MAgWlTY.exe

C:\Windows\System\AyREpip.exe

C:\Windows\System\AyREpip.exe

C:\Windows\System\GuDUmZQ.exe

C:\Windows\System\GuDUmZQ.exe

C:\Windows\System\LmJxXjz.exe

C:\Windows\System\LmJxXjz.exe

C:\Windows\System\sChFZKM.exe

C:\Windows\System\sChFZKM.exe

C:\Windows\System\rJHIyUU.exe

C:\Windows\System\rJHIyUU.exe

C:\Windows\System\MEfaHHd.exe

C:\Windows\System\MEfaHHd.exe

C:\Windows\System\oFKrEwP.exe

C:\Windows\System\oFKrEwP.exe

C:\Windows\System\OYMokcU.exe

C:\Windows\System\OYMokcU.exe

C:\Windows\System\TUYJHHX.exe

C:\Windows\System\TUYJHHX.exe

C:\Windows\System\SGzbIyo.exe

C:\Windows\System\SGzbIyo.exe

C:\Windows\System\ZeBUgqE.exe

C:\Windows\System\ZeBUgqE.exe

C:\Windows\System\yyPhIrd.exe

C:\Windows\System\yyPhIrd.exe

C:\Windows\System\KUmeemr.exe

C:\Windows\System\KUmeemr.exe

C:\Windows\System\DaSvOiy.exe

C:\Windows\System\DaSvOiy.exe

C:\Windows\System\ffEqCRG.exe

C:\Windows\System\ffEqCRG.exe

C:\Windows\System\qzjQotl.exe

C:\Windows\System\qzjQotl.exe

C:\Windows\System\vtAurLO.exe

C:\Windows\System\vtAurLO.exe

C:\Windows\System\wQKocbJ.exe

C:\Windows\System\wQKocbJ.exe

C:\Windows\System\tZUzlBz.exe

C:\Windows\System\tZUzlBz.exe

C:\Windows\System\cDEIuan.exe

C:\Windows\System\cDEIuan.exe

C:\Windows\System\qpfGupi.exe

C:\Windows\System\qpfGupi.exe

C:\Windows\System\sEcGsuf.exe

C:\Windows\System\sEcGsuf.exe

C:\Windows\System\SeAokAZ.exe

C:\Windows\System\SeAokAZ.exe

C:\Windows\System\LZFsznq.exe

C:\Windows\System\LZFsznq.exe

C:\Windows\System\hKoHZgZ.exe

C:\Windows\System\hKoHZgZ.exe

C:\Windows\System\LPDWMcn.exe

C:\Windows\System\LPDWMcn.exe

C:\Windows\System\FCsdEfL.exe

C:\Windows\System\FCsdEfL.exe

C:\Windows\System\dQtMORC.exe

C:\Windows\System\dQtMORC.exe

C:\Windows\System\XiWYKBq.exe

C:\Windows\System\XiWYKBq.exe

C:\Windows\System\HMildcR.exe

C:\Windows\System\HMildcR.exe

C:\Windows\System\idKwfwB.exe

C:\Windows\System\idKwfwB.exe

C:\Windows\System\EDHtzhb.exe

C:\Windows\System\EDHtzhb.exe

C:\Windows\System\WkqqzfK.exe

C:\Windows\System\WkqqzfK.exe

C:\Windows\System\mjLTGKL.exe

C:\Windows\System\mjLTGKL.exe

C:\Windows\System\EsjOmMg.exe

C:\Windows\System\EsjOmMg.exe

C:\Windows\System\BgUqbuv.exe

C:\Windows\System\BgUqbuv.exe

C:\Windows\System\JZlDojT.exe

C:\Windows\System\JZlDojT.exe

C:\Windows\System\ehSLqgh.exe

C:\Windows\System\ehSLqgh.exe

C:\Windows\System\nvOyQnI.exe

C:\Windows\System\nvOyQnI.exe

C:\Windows\System\HavzDDg.exe

C:\Windows\System\HavzDDg.exe

C:\Windows\System\HUPlsBJ.exe

C:\Windows\System\HUPlsBJ.exe

C:\Windows\System\FVeRqIL.exe

C:\Windows\System\FVeRqIL.exe

C:\Windows\System\pzfblMI.exe

C:\Windows\System\pzfblMI.exe

C:\Windows\System\KLhwqzh.exe

C:\Windows\System\KLhwqzh.exe

C:\Windows\System\iKbVVeG.exe

C:\Windows\System\iKbVVeG.exe

C:\Windows\System\WEhgDao.exe

C:\Windows\System\WEhgDao.exe

C:\Windows\System\ufBubCa.exe

C:\Windows\System\ufBubCa.exe

C:\Windows\System\kDClLSy.exe

C:\Windows\System\kDClLSy.exe

C:\Windows\System\BuGaTpU.exe

C:\Windows\System\BuGaTpU.exe

C:\Windows\System\AAYXugX.exe

C:\Windows\System\AAYXugX.exe

C:\Windows\System\oFPGpFI.exe

C:\Windows\System\oFPGpFI.exe

C:\Windows\System\jQyWsKA.exe

C:\Windows\System\jQyWsKA.exe

C:\Windows\System\zsCkuyf.exe

C:\Windows\System\zsCkuyf.exe

C:\Windows\System\kihifiM.exe

C:\Windows\System\kihifiM.exe

C:\Windows\System\ygQFbhv.exe

C:\Windows\System\ygQFbhv.exe

C:\Windows\System\GloeOnv.exe

C:\Windows\System\GloeOnv.exe

C:\Windows\System\gDjBIPK.exe

C:\Windows\System\gDjBIPK.exe

C:\Windows\System\AyfTnLL.exe

C:\Windows\System\AyfTnLL.exe

C:\Windows\System\wxQRUYx.exe

C:\Windows\System\wxQRUYx.exe

C:\Windows\System\MlCXdxF.exe

C:\Windows\System\MlCXdxF.exe

C:\Windows\System\yPtlbFD.exe

C:\Windows\System\yPtlbFD.exe

C:\Windows\System\ApLLyUy.exe

C:\Windows\System\ApLLyUy.exe

C:\Windows\System\ZybgpjC.exe

C:\Windows\System\ZybgpjC.exe

C:\Windows\System\jDCaSns.exe

C:\Windows\System\jDCaSns.exe

C:\Windows\System\dytZCXK.exe

C:\Windows\System\dytZCXK.exe

C:\Windows\System\DSdCAAF.exe

C:\Windows\System\DSdCAAF.exe

C:\Windows\System\kyoKdrh.exe

C:\Windows\System\kyoKdrh.exe

C:\Windows\System\cMnhAue.exe

C:\Windows\System\cMnhAue.exe

C:\Windows\System\iYqqipC.exe

C:\Windows\System\iYqqipC.exe

C:\Windows\System\rMNblrV.exe

C:\Windows\System\rMNblrV.exe

C:\Windows\System\tYGwsgW.exe

C:\Windows\System\tYGwsgW.exe

C:\Windows\System\bHBvGKk.exe

C:\Windows\System\bHBvGKk.exe

C:\Windows\System\GvFBlyS.exe

C:\Windows\System\GvFBlyS.exe

C:\Windows\System\KNwjrpt.exe

C:\Windows\System\KNwjrpt.exe

C:\Windows\System\OCPBisT.exe

C:\Windows\System\OCPBisT.exe

C:\Windows\System\YitjmSL.exe

C:\Windows\System\YitjmSL.exe

C:\Windows\System\GuCVpze.exe

C:\Windows\System\GuCVpze.exe

C:\Windows\System\yBqUpfs.exe

C:\Windows\System\yBqUpfs.exe

C:\Windows\System\rgFQHDO.exe

C:\Windows\System\rgFQHDO.exe

C:\Windows\System\UWhIkIP.exe

C:\Windows\System\UWhIkIP.exe

C:\Windows\System\eyQpCEM.exe

C:\Windows\System\eyQpCEM.exe

C:\Windows\System\YYXTgFq.exe

C:\Windows\System\YYXTgFq.exe

C:\Windows\System\zXXAqHo.exe

C:\Windows\System\zXXAqHo.exe

C:\Windows\System\lSBcOBI.exe

C:\Windows\System\lSBcOBI.exe

C:\Windows\System\sGnpaCZ.exe

C:\Windows\System\sGnpaCZ.exe

C:\Windows\System\YIwPPol.exe

C:\Windows\System\YIwPPol.exe

C:\Windows\System\urbCLMo.exe

C:\Windows\System\urbCLMo.exe

C:\Windows\System\SzBWvby.exe

C:\Windows\System\SzBWvby.exe

C:\Windows\System\XTCaHUh.exe

C:\Windows\System\XTCaHUh.exe

C:\Windows\System\PTZXzHh.exe

C:\Windows\System\PTZXzHh.exe

C:\Windows\System\PFYDvmx.exe

C:\Windows\System\PFYDvmx.exe

C:\Windows\System\WsAZwaB.exe

C:\Windows\System\WsAZwaB.exe

C:\Windows\System\LKQZibI.exe

C:\Windows\System\LKQZibI.exe

C:\Windows\System\HgAPGIG.exe

C:\Windows\System\HgAPGIG.exe

C:\Windows\System\fqBzFxg.exe

C:\Windows\System\fqBzFxg.exe

C:\Windows\System\CPLUdcb.exe

C:\Windows\System\CPLUdcb.exe

C:\Windows\System\pQbIbbh.exe

C:\Windows\System\pQbIbbh.exe

C:\Windows\System\SNWZQwq.exe

C:\Windows\System\SNWZQwq.exe

C:\Windows\System\WzmjHVO.exe

C:\Windows\System\WzmjHVO.exe

C:\Windows\System\CyapnWt.exe

C:\Windows\System\CyapnWt.exe

C:\Windows\System\BggeSWK.exe

C:\Windows\System\BggeSWK.exe

C:\Windows\System\oWciwvj.exe

C:\Windows\System\oWciwvj.exe

C:\Windows\System\fcqskBc.exe

C:\Windows\System\fcqskBc.exe

C:\Windows\System\WMIujWt.exe

C:\Windows\System\WMIujWt.exe

C:\Windows\System\HSTAkfz.exe

C:\Windows\System\HSTAkfz.exe

C:\Windows\System\CAnxvYc.exe

C:\Windows\System\CAnxvYc.exe

C:\Windows\System\ypimoSi.exe

C:\Windows\System\ypimoSi.exe

C:\Windows\System\eEkCznM.exe

C:\Windows\System\eEkCznM.exe

C:\Windows\System\tuGCgaE.exe

C:\Windows\System\tuGCgaE.exe

C:\Windows\System\FqkEsXS.exe

C:\Windows\System\FqkEsXS.exe

C:\Windows\System\LzBAlAq.exe

C:\Windows\System\LzBAlAq.exe

C:\Windows\System\dfiQckK.exe

C:\Windows\System\dfiQckK.exe

C:\Windows\System\WgWuGJw.exe

C:\Windows\System\WgWuGJw.exe

C:\Windows\System\fevtPtr.exe

C:\Windows\System\fevtPtr.exe

C:\Windows\System\Pgdbogq.exe

C:\Windows\System\Pgdbogq.exe

C:\Windows\System\gOleZtx.exe

C:\Windows\System\gOleZtx.exe

C:\Windows\System\HhSQwsz.exe

C:\Windows\System\HhSQwsz.exe

C:\Windows\System\aaBAhus.exe

C:\Windows\System\aaBAhus.exe

C:\Windows\System\grhdlTY.exe

C:\Windows\System\grhdlTY.exe

C:\Windows\System\OPEYszL.exe

C:\Windows\System\OPEYszL.exe

C:\Windows\System\izrLnTi.exe

C:\Windows\System\izrLnTi.exe

C:\Windows\System\SiJAYXu.exe

C:\Windows\System\SiJAYXu.exe

C:\Windows\System\CFdGzOS.exe

C:\Windows\System\CFdGzOS.exe

C:\Windows\System\DVrNewv.exe

C:\Windows\System\DVrNewv.exe

C:\Windows\System\uZGIfyQ.exe

C:\Windows\System\uZGIfyQ.exe

C:\Windows\System\gcogdwy.exe

C:\Windows\System\gcogdwy.exe

C:\Windows\System\eqJuNRA.exe

C:\Windows\System\eqJuNRA.exe

C:\Windows\System\hdNHkNj.exe

C:\Windows\System\hdNHkNj.exe

C:\Windows\System\CLjUGRH.exe

C:\Windows\System\CLjUGRH.exe

C:\Windows\System\zGGWOBj.exe

C:\Windows\System\zGGWOBj.exe

C:\Windows\System\PJQlxOY.exe

C:\Windows\System\PJQlxOY.exe

C:\Windows\System\hVUEVSM.exe

C:\Windows\System\hVUEVSM.exe

C:\Windows\System\bcFKSxG.exe

C:\Windows\System\bcFKSxG.exe

C:\Windows\System\UmRjmEB.exe

C:\Windows\System\UmRjmEB.exe

C:\Windows\System\bencbcI.exe

C:\Windows\System\bencbcI.exe

C:\Windows\System\cmDWklu.exe

C:\Windows\System\cmDWklu.exe

C:\Windows\System\awsJlgN.exe

C:\Windows\System\awsJlgN.exe

C:\Windows\System\lghImGj.exe

C:\Windows\System\lghImGj.exe

C:\Windows\System\uPkaoFQ.exe

C:\Windows\System\uPkaoFQ.exe

C:\Windows\System\RoFPaAU.exe

C:\Windows\System\RoFPaAU.exe

C:\Windows\System\oQaUoaD.exe

C:\Windows\System\oQaUoaD.exe

C:\Windows\System\BqnsLEu.exe

C:\Windows\System\BqnsLEu.exe

C:\Windows\System\YvMBiyF.exe

C:\Windows\System\YvMBiyF.exe

C:\Windows\System\scHWhtF.exe

C:\Windows\System\scHWhtF.exe

C:\Windows\System\JRRyZCx.exe

C:\Windows\System\JRRyZCx.exe

C:\Windows\System\mUIvykF.exe

C:\Windows\System\mUIvykF.exe

C:\Windows\System\oOpJQHq.exe

C:\Windows\System\oOpJQHq.exe

C:\Windows\System\QaQMRQA.exe

C:\Windows\System\QaQMRQA.exe

C:\Windows\System\RaniPuq.exe

C:\Windows\System\RaniPuq.exe

C:\Windows\System\pxFHNrr.exe

C:\Windows\System\pxFHNrr.exe

C:\Windows\System\fiIIIAm.exe

C:\Windows\System\fiIIIAm.exe

C:\Windows\System\INxdbkz.exe

C:\Windows\System\INxdbkz.exe

C:\Windows\System\yDGEfbt.exe

C:\Windows\System\yDGEfbt.exe

C:\Windows\System\RTLJisN.exe

C:\Windows\System\RTLJisN.exe

C:\Windows\System\kbbrHPw.exe

C:\Windows\System\kbbrHPw.exe

C:\Windows\System\cNtBpfV.exe

C:\Windows\System\cNtBpfV.exe

C:\Windows\System\GDWbqXX.exe

C:\Windows\System\GDWbqXX.exe

C:\Windows\System\rCnXSwe.exe

C:\Windows\System\rCnXSwe.exe

C:\Windows\System\hdaNiSb.exe

C:\Windows\System\hdaNiSb.exe

C:\Windows\System\jsjkvCg.exe

C:\Windows\System\jsjkvCg.exe

C:\Windows\System\srldKzA.exe

C:\Windows\System\srldKzA.exe

C:\Windows\System\qvJPuEj.exe

C:\Windows\System\qvJPuEj.exe

C:\Windows\System\OnxuVhW.exe

C:\Windows\System\OnxuVhW.exe

C:\Windows\System\zdNoReu.exe

C:\Windows\System\zdNoReu.exe

C:\Windows\System\MQLSNqW.exe

C:\Windows\System\MQLSNqW.exe

C:\Windows\System\rFRUklE.exe

C:\Windows\System\rFRUklE.exe

C:\Windows\System\bDlOqDk.exe

C:\Windows\System\bDlOqDk.exe

C:\Windows\System\ADNPUbs.exe

C:\Windows\System\ADNPUbs.exe

C:\Windows\System\nHNPKie.exe

C:\Windows\System\nHNPKie.exe

C:\Windows\System\uvcKFKD.exe

C:\Windows\System\uvcKFKD.exe

C:\Windows\System\tQJZHdG.exe

C:\Windows\System\tQJZHdG.exe

C:\Windows\System\WbIADkr.exe

C:\Windows\System\WbIADkr.exe

C:\Windows\System\aGEEbBE.exe

C:\Windows\System\aGEEbBE.exe

C:\Windows\System\ByknfgD.exe

C:\Windows\System\ByknfgD.exe

C:\Windows\System\HAipSjV.exe

C:\Windows\System\HAipSjV.exe

C:\Windows\System\pYeEJAU.exe

C:\Windows\System\pYeEJAU.exe

C:\Windows\System\LQgtfFS.exe

C:\Windows\System\LQgtfFS.exe

C:\Windows\System\dIqvsfg.exe

C:\Windows\System\dIqvsfg.exe

C:\Windows\System\RafpsVR.exe

C:\Windows\System\RafpsVR.exe

C:\Windows\System\bmvFxcJ.exe

C:\Windows\System\bmvFxcJ.exe

C:\Windows\System\VaWiHks.exe

C:\Windows\System\VaWiHks.exe

C:\Windows\System\pNvGeDM.exe

C:\Windows\System\pNvGeDM.exe

C:\Windows\System\TvuQKZk.exe

C:\Windows\System\TvuQKZk.exe

C:\Windows\System\qxYEvyF.exe

C:\Windows\System\qxYEvyF.exe

C:\Windows\System\GeGBhmV.exe

C:\Windows\System\GeGBhmV.exe

C:\Windows\System\hufPipK.exe

C:\Windows\System\hufPipK.exe

C:\Windows\System\GOiEPGk.exe

C:\Windows\System\GOiEPGk.exe

C:\Windows\System\MchzLHg.exe

C:\Windows\System\MchzLHg.exe

C:\Windows\System\kvaxTZu.exe

C:\Windows\System\kvaxTZu.exe

C:\Windows\System\BZuYqIX.exe

C:\Windows\System\BZuYqIX.exe

C:\Windows\System\EQxMQan.exe

C:\Windows\System\EQxMQan.exe

C:\Windows\System\VcCKOuW.exe

C:\Windows\System\VcCKOuW.exe

C:\Windows\System\vjmPwPI.exe

C:\Windows\System\vjmPwPI.exe

C:\Windows\System\eaDDVkL.exe

C:\Windows\System\eaDDVkL.exe

C:\Windows\System\EJvchmw.exe

C:\Windows\System\EJvchmw.exe

C:\Windows\System\jDlSQCJ.exe

C:\Windows\System\jDlSQCJ.exe

C:\Windows\System\jwAKHLj.exe

C:\Windows\System\jwAKHLj.exe

C:\Windows\System\BaGnucl.exe

C:\Windows\System\BaGnucl.exe

C:\Windows\System\iCDPRYK.exe

C:\Windows\System\iCDPRYK.exe

C:\Windows\System\XtgrXDG.exe

C:\Windows\System\XtgrXDG.exe

C:\Windows\System\GHRvZHH.exe

C:\Windows\System\GHRvZHH.exe

C:\Windows\System\SvSdWdL.exe

C:\Windows\System\SvSdWdL.exe

C:\Windows\System\lvVEsrH.exe

C:\Windows\System\lvVEsrH.exe

C:\Windows\System\UsuTBvx.exe

C:\Windows\System\UsuTBvx.exe

C:\Windows\System\NeaVvPm.exe

C:\Windows\System\NeaVvPm.exe

C:\Windows\System\laWHciD.exe

C:\Windows\System\laWHciD.exe

C:\Windows\System\JfoCMIp.exe

C:\Windows\System\JfoCMIp.exe

C:\Windows\System\nbcNzsq.exe

C:\Windows\System\nbcNzsq.exe

C:\Windows\System\ZizbVcB.exe

C:\Windows\System\ZizbVcB.exe

C:\Windows\System\vNhNLid.exe

C:\Windows\System\vNhNLid.exe

C:\Windows\System\PZzAKZr.exe

C:\Windows\System\PZzAKZr.exe

C:\Windows\System\OicCqvk.exe

C:\Windows\System\OicCqvk.exe

C:\Windows\System\JvLsYbB.exe

C:\Windows\System\JvLsYbB.exe

C:\Windows\System\WBkqxCw.exe

C:\Windows\System\WBkqxCw.exe

C:\Windows\System\MwDBcYs.exe

C:\Windows\System\MwDBcYs.exe

C:\Windows\System\krJZhcO.exe

C:\Windows\System\krJZhcO.exe

C:\Windows\System\pVvRefY.exe

C:\Windows\System\pVvRefY.exe

C:\Windows\System\mHpkzie.exe

C:\Windows\System\mHpkzie.exe

C:\Windows\System\vWVHLet.exe

C:\Windows\System\vWVHLet.exe

C:\Windows\System\LFUwQUr.exe

C:\Windows\System\LFUwQUr.exe

C:\Windows\System\nboyXct.exe

C:\Windows\System\nboyXct.exe

C:\Windows\System\YaxTABn.exe

C:\Windows\System\YaxTABn.exe

C:\Windows\System\kmdqKwR.exe

C:\Windows\System\kmdqKwR.exe

C:\Windows\System\mkClReG.exe

C:\Windows\System\mkClReG.exe

C:\Windows\System\oMhyMHH.exe

C:\Windows\System\oMhyMHH.exe

C:\Windows\System\XxkOBOG.exe

C:\Windows\System\XxkOBOG.exe

C:\Windows\System\RjgyPSv.exe

C:\Windows\System\RjgyPSv.exe

C:\Windows\System\tHtlOCT.exe

C:\Windows\System\tHtlOCT.exe

C:\Windows\System\pMVzIxA.exe

C:\Windows\System\pMVzIxA.exe

C:\Windows\System\SurkPIa.exe

C:\Windows\System\SurkPIa.exe

C:\Windows\System\ZMxujmw.exe

C:\Windows\System\ZMxujmw.exe

C:\Windows\System\MKOwiqE.exe

C:\Windows\System\MKOwiqE.exe

C:\Windows\System\kVcliFQ.exe

C:\Windows\System\kVcliFQ.exe

C:\Windows\System\dOkBnjM.exe

C:\Windows\System\dOkBnjM.exe

C:\Windows\System\zqbWOzX.exe

C:\Windows\System\zqbWOzX.exe

C:\Windows\System\vAuqJJO.exe

C:\Windows\System\vAuqJJO.exe

C:\Windows\System\bKagYdl.exe

C:\Windows\System\bKagYdl.exe

C:\Windows\System\NVROZeY.exe

C:\Windows\System\NVROZeY.exe

C:\Windows\System\hodwtJA.exe

C:\Windows\System\hodwtJA.exe

C:\Windows\System\XguVnuv.exe

C:\Windows\System\XguVnuv.exe

C:\Windows\System\tPjPnlR.exe

C:\Windows\System\tPjPnlR.exe

C:\Windows\System\VOFDXMb.exe

C:\Windows\System\VOFDXMb.exe

C:\Windows\System\WppltxS.exe

C:\Windows\System\WppltxS.exe

C:\Windows\System\ygmDcMZ.exe

C:\Windows\System\ygmDcMZ.exe

C:\Windows\System\qrpAmis.exe

C:\Windows\System\qrpAmis.exe

C:\Windows\System\JJfzmMr.exe

C:\Windows\System\JJfzmMr.exe

C:\Windows\System\qRKylvk.exe

C:\Windows\System\qRKylvk.exe

C:\Windows\System\rLkIjmh.exe

C:\Windows\System\rLkIjmh.exe

C:\Windows\System\JzCNZSQ.exe

C:\Windows\System\JzCNZSQ.exe

C:\Windows\System\EGwvkEg.exe

C:\Windows\System\EGwvkEg.exe

C:\Windows\System\ILmnEhs.exe

C:\Windows\System\ILmnEhs.exe

C:\Windows\System\tkYAiaM.exe

C:\Windows\System\tkYAiaM.exe

C:\Windows\System\JxVbkmm.exe

C:\Windows\System\JxVbkmm.exe

C:\Windows\System\KkSLZNn.exe

C:\Windows\System\KkSLZNn.exe

C:\Windows\System\rgKQtIN.exe

C:\Windows\System\rgKQtIN.exe

C:\Windows\System\MuAphBc.exe

C:\Windows\System\MuAphBc.exe

C:\Windows\System\KxbVJRc.exe

C:\Windows\System\KxbVJRc.exe

C:\Windows\System\XjUZQGt.exe

C:\Windows\System\XjUZQGt.exe

C:\Windows\System\MpJxhhb.exe

C:\Windows\System\MpJxhhb.exe

C:\Windows\System\NwRTXWa.exe

C:\Windows\System\NwRTXWa.exe

C:\Windows\System\CwWgAKC.exe

C:\Windows\System\CwWgAKC.exe

C:\Windows\System\vcBBMlM.exe

C:\Windows\System\vcBBMlM.exe

C:\Windows\System\SYLVJQA.exe

C:\Windows\System\SYLVJQA.exe

C:\Windows\System\EEsdHsD.exe

C:\Windows\System\EEsdHsD.exe

C:\Windows\System\HMHpOCx.exe

C:\Windows\System\HMHpOCx.exe

C:\Windows\System\zmyQrWB.exe

C:\Windows\System\zmyQrWB.exe

C:\Windows\System\mwdYfoD.exe

C:\Windows\System\mwdYfoD.exe

C:\Windows\System\feZtSeK.exe

C:\Windows\System\feZtSeK.exe

C:\Windows\System\wcivoPW.exe

C:\Windows\System\wcivoPW.exe

C:\Windows\System\KgGhLjA.exe

C:\Windows\System\KgGhLjA.exe

C:\Windows\System\HuyphrM.exe

C:\Windows\System\HuyphrM.exe

C:\Windows\System\ZdawNdT.exe

C:\Windows\System\ZdawNdT.exe

C:\Windows\System\hKcmtKF.exe

C:\Windows\System\hKcmtKF.exe

C:\Windows\System\vFtnKWv.exe

C:\Windows\System\vFtnKWv.exe

C:\Windows\System\FsBUJpI.exe

C:\Windows\System\FsBUJpI.exe

C:\Windows\System\ajyYSKE.exe

C:\Windows\System\ajyYSKE.exe

C:\Windows\System\YhqjNSt.exe

C:\Windows\System\YhqjNSt.exe

C:\Windows\System\sywsoBh.exe

C:\Windows\System\sywsoBh.exe

C:\Windows\System\VLbhLZS.exe

C:\Windows\System\VLbhLZS.exe

C:\Windows\System\DlVyfim.exe

C:\Windows\System\DlVyfim.exe

C:\Windows\System\ycyhonL.exe

C:\Windows\System\ycyhonL.exe

C:\Windows\System\GXeAzrB.exe

C:\Windows\System\GXeAzrB.exe

C:\Windows\System\tMExBHY.exe

C:\Windows\System\tMExBHY.exe

C:\Windows\System\qCpbuhu.exe

C:\Windows\System\qCpbuhu.exe

C:\Windows\System\LbpmQMv.exe

C:\Windows\System\LbpmQMv.exe

C:\Windows\System\WQQqtVi.exe

C:\Windows\System\WQQqtVi.exe

C:\Windows\System\reJqoNW.exe

C:\Windows\System\reJqoNW.exe

C:\Windows\System\RlerpjL.exe

C:\Windows\System\RlerpjL.exe

C:\Windows\System\MnbBUjR.exe

C:\Windows\System\MnbBUjR.exe

C:\Windows\System\QnmTNTH.exe

C:\Windows\System\QnmTNTH.exe

C:\Windows\System\CDnQKqH.exe

C:\Windows\System\CDnQKqH.exe

C:\Windows\System\cvEOGKg.exe

C:\Windows\System\cvEOGKg.exe

C:\Windows\System\KQXVMaw.exe

C:\Windows\System\KQXVMaw.exe

C:\Windows\System\DpbgtvH.exe

C:\Windows\System\DpbgtvH.exe

C:\Windows\System\azOGWgA.exe

C:\Windows\System\azOGWgA.exe

C:\Windows\System\LJqGUsq.exe

C:\Windows\System\LJqGUsq.exe

C:\Windows\System\dJhuxjC.exe

C:\Windows\System\dJhuxjC.exe

C:\Windows\System\TFIgutq.exe

C:\Windows\System\TFIgutq.exe

C:\Windows\System\rBSYPvm.exe

C:\Windows\System\rBSYPvm.exe

C:\Windows\System\AAaCCWI.exe

C:\Windows\System\AAaCCWI.exe

C:\Windows\System\dTjkgUo.exe

C:\Windows\System\dTjkgUo.exe

C:\Windows\System\Cudfazl.exe

C:\Windows\System\Cudfazl.exe

C:\Windows\System\PadjvAD.exe

C:\Windows\System\PadjvAD.exe

C:\Windows\System\cVlDJGU.exe

C:\Windows\System\cVlDJGU.exe

C:\Windows\System\EHUgShv.exe

C:\Windows\System\EHUgShv.exe

C:\Windows\System\YtzUVjw.exe

C:\Windows\System\YtzUVjw.exe

C:\Windows\System\VIyJWCJ.exe

C:\Windows\System\VIyJWCJ.exe

C:\Windows\System\etXZVjp.exe

C:\Windows\System\etXZVjp.exe

C:\Windows\System\qMokWrt.exe

C:\Windows\System\qMokWrt.exe

C:\Windows\System\FQAqMMC.exe

C:\Windows\System\FQAqMMC.exe

C:\Windows\System\WebELBz.exe

C:\Windows\System\WebELBz.exe

C:\Windows\System\slLqTte.exe

C:\Windows\System\slLqTte.exe

C:\Windows\System\aSHBMyL.exe

C:\Windows\System\aSHBMyL.exe

C:\Windows\System\VutbwGw.exe

C:\Windows\System\VutbwGw.exe

C:\Windows\System\pvyIZxK.exe

C:\Windows\System\pvyIZxK.exe

C:\Windows\System\ubhwLZg.exe

C:\Windows\System\ubhwLZg.exe

C:\Windows\System\kEgdelA.exe

C:\Windows\System\kEgdelA.exe

C:\Windows\System\QBUunia.exe

C:\Windows\System\QBUunia.exe

C:\Windows\System\iTNEsRG.exe

C:\Windows\System\iTNEsRG.exe

C:\Windows\System\RRlGwBf.exe

C:\Windows\System\RRlGwBf.exe

C:\Windows\System\oRRCUHE.exe

C:\Windows\System\oRRCUHE.exe

C:\Windows\System\OrMkkBY.exe

C:\Windows\System\OrMkkBY.exe

C:\Windows\System\jNAXCir.exe

C:\Windows\System\jNAXCir.exe

C:\Windows\System\sLCfIiW.exe

C:\Windows\System\sLCfIiW.exe

C:\Windows\System\YgsvGQK.exe

C:\Windows\System\YgsvGQK.exe

C:\Windows\System\JcKLtKD.exe

C:\Windows\System\JcKLtKD.exe

C:\Windows\System\iMeOzpF.exe

C:\Windows\System\iMeOzpF.exe

C:\Windows\System\ETswrqJ.exe

C:\Windows\System\ETswrqJ.exe

C:\Windows\System\FEzxjJP.exe

C:\Windows\System\FEzxjJP.exe

C:\Windows\System\BtOYIyo.exe

C:\Windows\System\BtOYIyo.exe

C:\Windows\System\mlRogrt.exe

C:\Windows\System\mlRogrt.exe

C:\Windows\System\jaeDixm.exe

C:\Windows\System\jaeDixm.exe

C:\Windows\System\irxfpkw.exe

C:\Windows\System\irxfpkw.exe

C:\Windows\System\XjwypZk.exe

C:\Windows\System\XjwypZk.exe

C:\Windows\System\KbhPAle.exe

C:\Windows\System\KbhPAle.exe

C:\Windows\System\JcrJwlT.exe

C:\Windows\System\JcrJwlT.exe

C:\Windows\System\KnqNvBN.exe

C:\Windows\System\KnqNvBN.exe

C:\Windows\System\NltuVcS.exe

C:\Windows\System\NltuVcS.exe

C:\Windows\System\pLGdEXM.exe

C:\Windows\System\pLGdEXM.exe

C:\Windows\System\CaFtBWf.exe

C:\Windows\System\CaFtBWf.exe

C:\Windows\System\JWFPkIb.exe

C:\Windows\System\JWFPkIb.exe

C:\Windows\System\ryWZqLq.exe

C:\Windows\System\ryWZqLq.exe

C:\Windows\System\YZNMJxT.exe

C:\Windows\System\YZNMJxT.exe

C:\Windows\System\FrcopNU.exe

C:\Windows\System\FrcopNU.exe

C:\Windows\System\irOhgTR.exe

C:\Windows\System\irOhgTR.exe

C:\Windows\System\cfzpVOV.exe

C:\Windows\System\cfzpVOV.exe

C:\Windows\System\mTVQiew.exe

C:\Windows\System\mTVQiew.exe

C:\Windows\System\GavUDyA.exe

C:\Windows\System\GavUDyA.exe

C:\Windows\System\mEOoaqb.exe

C:\Windows\System\mEOoaqb.exe

C:\Windows\System\pMkkxKS.exe

C:\Windows\System\pMkkxKS.exe

C:\Windows\System\aDHFRns.exe

C:\Windows\System\aDHFRns.exe

C:\Windows\System\OWMigbx.exe

C:\Windows\System\OWMigbx.exe

C:\Windows\System\uoKkiXa.exe

C:\Windows\System\uoKkiXa.exe

C:\Windows\System\Xmcpttc.exe

C:\Windows\System\Xmcpttc.exe

C:\Windows\System\rDZmWEP.exe

C:\Windows\System\rDZmWEP.exe

C:\Windows\System\nEAOwyo.exe

C:\Windows\System\nEAOwyo.exe

C:\Windows\System\IFBwodl.exe

C:\Windows\System\IFBwodl.exe

C:\Windows\System\Dixcdqn.exe

C:\Windows\System\Dixcdqn.exe

C:\Windows\System\VAmBoCD.exe

C:\Windows\System\VAmBoCD.exe

C:\Windows\System\wweKaTp.exe

C:\Windows\System\wweKaTp.exe

C:\Windows\System\bcgaHDn.exe

C:\Windows\System\bcgaHDn.exe

C:\Windows\System\LRAlOlO.exe

C:\Windows\System\LRAlOlO.exe

C:\Windows\System\fszAQBL.exe

C:\Windows\System\fszAQBL.exe

C:\Windows\System\yNgddbO.exe

C:\Windows\System\yNgddbO.exe

C:\Windows\System\jnIGWYp.exe

C:\Windows\System\jnIGWYp.exe

C:\Windows\System\gteIZZB.exe

C:\Windows\System\gteIZZB.exe

C:\Windows\System\KSIhgvF.exe

C:\Windows\System\KSIhgvF.exe

C:\Windows\System\MKnHsty.exe

C:\Windows\System\MKnHsty.exe

C:\Windows\System\TKbFLtQ.exe

C:\Windows\System\TKbFLtQ.exe

C:\Windows\System\GTNOhMC.exe

C:\Windows\System\GTNOhMC.exe

C:\Windows\System\TUjnLFF.exe

C:\Windows\System\TUjnLFF.exe

C:\Windows\System\uLlNhmo.exe

C:\Windows\System\uLlNhmo.exe

C:\Windows\System\YFjULZY.exe

C:\Windows\System\YFjULZY.exe

C:\Windows\System\SdjNFxd.exe

C:\Windows\System\SdjNFxd.exe

C:\Windows\System\jkFlgkS.exe

C:\Windows\System\jkFlgkS.exe

C:\Windows\System\fjCpsOh.exe

C:\Windows\System\fjCpsOh.exe

C:\Windows\System\vbWQhKF.exe

C:\Windows\System\vbWQhKF.exe

C:\Windows\System\JrSZbqV.exe

C:\Windows\System\JrSZbqV.exe

C:\Windows\System\VgulXnV.exe

C:\Windows\System\VgulXnV.exe

C:\Windows\System\wQUPnsM.exe

C:\Windows\System\wQUPnsM.exe

C:\Windows\System\aiHxRCT.exe

C:\Windows\System\aiHxRCT.exe

C:\Windows\System\rJPbEGF.exe

C:\Windows\System\rJPbEGF.exe

C:\Windows\System\OXKqSXD.exe

C:\Windows\System\OXKqSXD.exe

C:\Windows\System\lYJzZkY.exe

C:\Windows\System\lYJzZkY.exe

C:\Windows\System\QPNOaeU.exe

C:\Windows\System\QPNOaeU.exe

C:\Windows\System\doYQZXt.exe

C:\Windows\System\doYQZXt.exe

C:\Windows\System\FRSRkxs.exe

C:\Windows\System\FRSRkxs.exe

C:\Windows\System\AIJOwDS.exe

C:\Windows\System\AIJOwDS.exe

C:\Windows\System\oJObFBF.exe

C:\Windows\System\oJObFBF.exe

C:\Windows\System\crULtLZ.exe

C:\Windows\System\crULtLZ.exe

C:\Windows\System\TCSSVty.exe

C:\Windows\System\TCSSVty.exe

C:\Windows\System\jyMMgyF.exe

C:\Windows\System\jyMMgyF.exe

C:\Windows\System\nuFROEA.exe

C:\Windows\System\nuFROEA.exe

C:\Windows\System\vAJRuMk.exe

C:\Windows\System\vAJRuMk.exe

C:\Windows\System\duNiZYh.exe

C:\Windows\System\duNiZYh.exe

C:\Windows\System\TssMpFa.exe

C:\Windows\System\TssMpFa.exe

C:\Windows\System\XxwPOYH.exe

C:\Windows\System\XxwPOYH.exe

C:\Windows\System\hlkGWbY.exe

C:\Windows\System\hlkGWbY.exe

C:\Windows\System\lXCpyoY.exe

C:\Windows\System\lXCpyoY.exe

C:\Windows\System\IbLzPek.exe

C:\Windows\System\IbLzPek.exe

C:\Windows\System\wPpvQXJ.exe

C:\Windows\System\wPpvQXJ.exe

C:\Windows\System\uOZHBoQ.exe

C:\Windows\System\uOZHBoQ.exe

C:\Windows\System\wWrLAMN.exe

C:\Windows\System\wWrLAMN.exe

C:\Windows\System\TwqlKhm.exe

C:\Windows\System\TwqlKhm.exe

C:\Windows\System\RzjUfXj.exe

C:\Windows\System\RzjUfXj.exe

C:\Windows\System\iEOmqDu.exe

C:\Windows\System\iEOmqDu.exe

C:\Windows\System\bgkmpiI.exe

C:\Windows\System\bgkmpiI.exe

C:\Windows\System\iJKkUbw.exe

C:\Windows\System\iJKkUbw.exe

C:\Windows\System\knAbfzD.exe

C:\Windows\System\knAbfzD.exe

C:\Windows\System\KALArPs.exe

C:\Windows\System\KALArPs.exe

C:\Windows\System\dCTwVMi.exe

C:\Windows\System\dCTwVMi.exe

C:\Windows\System\eselHja.exe

C:\Windows\System\eselHja.exe

C:\Windows\System\PgvyljJ.exe

C:\Windows\System\PgvyljJ.exe

C:\Windows\System\YbCdzHV.exe

C:\Windows\System\YbCdzHV.exe

C:\Windows\System\jTyfgFh.exe

C:\Windows\System\jTyfgFh.exe

C:\Windows\System\VrvGVJE.exe

C:\Windows\System\VrvGVJE.exe

C:\Windows\System\HrzJgHg.exe

C:\Windows\System\HrzJgHg.exe

C:\Windows\System\kBmEqWE.exe

C:\Windows\System\kBmEqWE.exe

C:\Windows\System\pEitSQi.exe

C:\Windows\System\pEitSQi.exe

C:\Windows\System\jMNQBng.exe

C:\Windows\System\jMNQBng.exe

C:\Windows\System\ytGBlqQ.exe

C:\Windows\System\ytGBlqQ.exe

C:\Windows\System\FWkCMBY.exe

C:\Windows\System\FWkCMBY.exe

C:\Windows\System\ErmPFVm.exe

C:\Windows\System\ErmPFVm.exe

C:\Windows\System\UkOHmgu.exe

C:\Windows\System\UkOHmgu.exe

C:\Windows\System\GJhusaU.exe

C:\Windows\System\GJhusaU.exe

C:\Windows\System\FMbeCAn.exe

C:\Windows\System\FMbeCAn.exe

C:\Windows\System\ofxkNVJ.exe

C:\Windows\System\ofxkNVJ.exe

C:\Windows\System\NpPADVk.exe

C:\Windows\System\NpPADVk.exe

C:\Windows\System\HQQpLvH.exe

C:\Windows\System\HQQpLvH.exe

C:\Windows\System\mmIkPjV.exe

C:\Windows\System\mmIkPjV.exe

C:\Windows\System\hYbaXNH.exe

C:\Windows\System\hYbaXNH.exe

C:\Windows\System\yXOLgBC.exe

C:\Windows\System\yXOLgBC.exe

C:\Windows\System\vuHAnee.exe

C:\Windows\System\vuHAnee.exe

C:\Windows\System\KaqNtXO.exe

C:\Windows\System\KaqNtXO.exe

C:\Windows\System\ffIOefP.exe

C:\Windows\System\ffIOefP.exe

C:\Windows\System\PQlNAmP.exe

C:\Windows\System\PQlNAmP.exe

C:\Windows\System\tXlGUOs.exe

C:\Windows\System\tXlGUOs.exe

C:\Windows\System\vITXRbv.exe

C:\Windows\System\vITXRbv.exe

C:\Windows\System\kxaQTDJ.exe

C:\Windows\System\kxaQTDJ.exe

C:\Windows\System\ZdodORJ.exe

C:\Windows\System\ZdodORJ.exe

C:\Windows\System\FiTeNav.exe

C:\Windows\System\FiTeNav.exe

C:\Windows\System\PjmkUtc.exe

C:\Windows\System\PjmkUtc.exe

C:\Windows\System\gFhESAV.exe

C:\Windows\System\gFhESAV.exe

C:\Windows\System\rLZFavs.exe

C:\Windows\System\rLZFavs.exe

C:\Windows\System\nBKjsdw.exe

C:\Windows\System\nBKjsdw.exe

C:\Windows\System\GeQowLc.exe

C:\Windows\System\GeQowLc.exe

C:\Windows\System\LGQcrJc.exe

C:\Windows\System\LGQcrJc.exe

C:\Windows\System\UzpyJda.exe

C:\Windows\System\UzpyJda.exe

C:\Windows\System\ozjxTIz.exe

C:\Windows\System\ozjxTIz.exe

C:\Windows\System\SYfGmun.exe

C:\Windows\System\SYfGmun.exe

C:\Windows\System\FCLxLqE.exe

C:\Windows\System\FCLxLqE.exe

C:\Windows\System\YrRMufO.exe

C:\Windows\System\YrRMufO.exe

C:\Windows\System\OZfwtLg.exe

C:\Windows\System\OZfwtLg.exe

C:\Windows\System\APobrAj.exe

C:\Windows\System\APobrAj.exe

C:\Windows\System\wejKtei.exe

C:\Windows\System\wejKtei.exe

C:\Windows\System\wBsiaFT.exe

C:\Windows\System\wBsiaFT.exe

C:\Windows\System\OtgwMHR.exe

C:\Windows\System\OtgwMHR.exe

C:\Windows\System\vMIwVLL.exe

C:\Windows\System\vMIwVLL.exe

C:\Windows\System\qfAlnTy.exe

C:\Windows\System\qfAlnTy.exe

C:\Windows\System\stoQbwt.exe

C:\Windows\System\stoQbwt.exe

C:\Windows\System\CMCsJiZ.exe

C:\Windows\System\CMCsJiZ.exe

C:\Windows\System\nJZqpls.exe

C:\Windows\System\nJZqpls.exe

C:\Windows\System\UAklTbm.exe

C:\Windows\System\UAklTbm.exe

C:\Windows\System\KCHvfWL.exe

C:\Windows\System\KCHvfWL.exe

C:\Windows\System\ORqgvRk.exe

C:\Windows\System\ORqgvRk.exe

C:\Windows\System\CHMVdWy.exe

C:\Windows\System\CHMVdWy.exe

C:\Windows\System\yOjaxfP.exe

C:\Windows\System\yOjaxfP.exe

C:\Windows\System\QLNMCxl.exe

C:\Windows\System\QLNMCxl.exe

C:\Windows\System\Txdymdw.exe

C:\Windows\System\Txdymdw.exe

C:\Windows\System\ScfVtuW.exe

C:\Windows\System\ScfVtuW.exe

C:\Windows\System\CSFPvyU.exe

C:\Windows\System\CSFPvyU.exe

C:\Windows\System\ZLNIUTV.exe

C:\Windows\System\ZLNIUTV.exe

C:\Windows\System\uZoREHV.exe

C:\Windows\System\uZoREHV.exe

C:\Windows\System\FkLDiXr.exe

C:\Windows\System\FkLDiXr.exe

C:\Windows\System\CmUhcoC.exe

C:\Windows\System\CmUhcoC.exe

C:\Windows\System\fQXFxUn.exe

C:\Windows\System\fQXFxUn.exe

C:\Windows\System\nBfqxpV.exe

C:\Windows\System\nBfqxpV.exe

C:\Windows\System\LTupsor.exe

C:\Windows\System\LTupsor.exe

C:\Windows\System\fhPxPPp.exe

C:\Windows\System\fhPxPPp.exe

C:\Windows\System\DspsGpi.exe

C:\Windows\System\DspsGpi.exe

C:\Windows\System\WAKyIIZ.exe

C:\Windows\System\WAKyIIZ.exe

C:\Windows\System\AXDUEJV.exe

C:\Windows\System\AXDUEJV.exe

C:\Windows\System\DkIuzKO.exe

C:\Windows\System\DkIuzKO.exe

C:\Windows\System\HGYiFIc.exe

C:\Windows\System\HGYiFIc.exe

C:\Windows\System\ORLHzmt.exe

C:\Windows\System\ORLHzmt.exe

C:\Windows\System\zbAPdAb.exe

C:\Windows\System\zbAPdAb.exe

C:\Windows\System\IgtoMwk.exe

C:\Windows\System\IgtoMwk.exe

C:\Windows\System\DTBFuoR.exe

C:\Windows\System\DTBFuoR.exe

C:\Windows\System\VQjkvhd.exe

C:\Windows\System\VQjkvhd.exe

C:\Windows\System\bzSVbdu.exe

C:\Windows\System\bzSVbdu.exe

C:\Windows\System\NOqWzTl.exe

C:\Windows\System\NOqWzTl.exe

C:\Windows\System\smTdMiN.exe

C:\Windows\System\smTdMiN.exe

C:\Windows\System\lBQRKMP.exe

C:\Windows\System\lBQRKMP.exe

C:\Windows\System\RBULfRp.exe

C:\Windows\System\RBULfRp.exe

C:\Windows\System\NJBiVgV.exe

C:\Windows\System\NJBiVgV.exe

C:\Windows\System\rNcNQAk.exe

C:\Windows\System\rNcNQAk.exe

C:\Windows\System\ANFXemS.exe

C:\Windows\System\ANFXemS.exe

C:\Windows\System\xRzpqNs.exe

C:\Windows\System\xRzpqNs.exe

C:\Windows\System\WSotBbm.exe

C:\Windows\System\WSotBbm.exe

C:\Windows\System\NmnMZSR.exe

C:\Windows\System\NmnMZSR.exe

C:\Windows\System\tQjleJq.exe

C:\Windows\System\tQjleJq.exe

C:\Windows\System\FRqwXsZ.exe

C:\Windows\System\FRqwXsZ.exe

C:\Windows\System\SQfnxlv.exe

C:\Windows\System\SQfnxlv.exe

C:\Windows\System\tgbmEir.exe

C:\Windows\System\tgbmEir.exe

C:\Windows\System\jHtcYvd.exe

C:\Windows\System\jHtcYvd.exe

C:\Windows\System\kkyodZR.exe

C:\Windows\System\kkyodZR.exe

C:\Windows\System\hjYgFrY.exe

C:\Windows\System\hjYgFrY.exe

C:\Windows\System\zcDfDzj.exe

C:\Windows\System\zcDfDzj.exe

C:\Windows\System\mwsNDmy.exe

C:\Windows\System\mwsNDmy.exe

C:\Windows\System\SeHYOQL.exe

C:\Windows\System\SeHYOQL.exe

C:\Windows\System\ALcJDzx.exe

C:\Windows\System\ALcJDzx.exe

C:\Windows\System\yKRuPMa.exe

C:\Windows\System\yKRuPMa.exe

C:\Windows\System\VeOsiHe.exe

C:\Windows\System\VeOsiHe.exe

C:\Windows\System\FhSQUIj.exe

C:\Windows\System\FhSQUIj.exe

C:\Windows\System\LuIDGRA.exe

C:\Windows\System\LuIDGRA.exe

C:\Windows\System\tQnWXAh.exe

C:\Windows\System\tQnWXAh.exe

C:\Windows\System\oWoWpDa.exe

C:\Windows\System\oWoWpDa.exe

C:\Windows\System\wmpqrVF.exe

C:\Windows\System\wmpqrVF.exe

C:\Windows\System\GZTJHjS.exe

C:\Windows\System\GZTJHjS.exe

C:\Windows\System\cJLAYmv.exe

C:\Windows\System\cJLAYmv.exe

C:\Windows\System\afJiUft.exe

C:\Windows\System\afJiUft.exe

C:\Windows\System\Vzjzcpb.exe

C:\Windows\System\Vzjzcpb.exe

C:\Windows\System\CMXZdoh.exe

C:\Windows\System\CMXZdoh.exe

C:\Windows\System\GgxPPLc.exe

C:\Windows\System\GgxPPLc.exe

C:\Windows\System\MLgrjdf.exe

C:\Windows\System\MLgrjdf.exe

C:\Windows\System\KksYPHH.exe

C:\Windows\System\KksYPHH.exe

C:\Windows\System\pDdFiir.exe

C:\Windows\System\pDdFiir.exe

C:\Windows\System\auDfgbo.exe

C:\Windows\System\auDfgbo.exe

C:\Windows\System\hhxgFcO.exe

C:\Windows\System\hhxgFcO.exe

C:\Windows\System\YwrvmCP.exe

C:\Windows\System\YwrvmCP.exe

C:\Windows\System\ytffiLY.exe

C:\Windows\System\ytffiLY.exe

C:\Windows\System\yBSfNEv.exe

C:\Windows\System\yBSfNEv.exe

C:\Windows\System\wGPmClm.exe

C:\Windows\System\wGPmClm.exe

C:\Windows\System\KKSwWtm.exe

C:\Windows\System\KKSwWtm.exe

C:\Windows\System\magQonI.exe

C:\Windows\System\magQonI.exe

C:\Windows\System\CqnqtiA.exe

C:\Windows\System\CqnqtiA.exe

C:\Windows\System\FVZOAwb.exe

C:\Windows\System\FVZOAwb.exe

C:\Windows\System\HJCURgZ.exe

C:\Windows\System\HJCURgZ.exe

C:\Windows\System\HFFvrxz.exe

C:\Windows\System\HFFvrxz.exe

C:\Windows\System\NqOEBGk.exe

C:\Windows\System\NqOEBGk.exe

C:\Windows\System\emrDZFW.exe

C:\Windows\System\emrDZFW.exe

C:\Windows\System\ribIrFy.exe

C:\Windows\System\ribIrFy.exe

C:\Windows\System\pFapvhG.exe

C:\Windows\System\pFapvhG.exe

C:\Windows\System\sSSWMHs.exe

C:\Windows\System\sSSWMHs.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/3344-0-0x00007FF6B6C40000-0x00007FF6B7036000-memory.dmp

memory/3344-1-0x0000028F7E9B0000-0x0000028F7E9C0000-memory.dmp

memory/232-3-0x00007FFDB2F23000-0x00007FFDB2F25000-memory.dmp

C:\Windows\System\bDyUYEK.exe

MD5 8b136ad194ffff0f0b7b5d6c332bb587
SHA1 bb8f3b77c2b47c229ed159ab1501d8bf3d21d2bf
SHA256 d165d7c585fa394e7881de304ccc0bd45d60cf0e48b813deda0d7bebabceb377
SHA512 378d72021b65cbc79f473d914f62aaebe17db046600fd3e536a5cae39adee64b1665ce5179885a9b45ca1dbc1c666eb24466a74289861f30417873893d075db1

C:\Windows\System\WMCzjWI.exe

MD5 9d528d72511cc4c64e754796f3af313e
SHA1 c43f24682bff5ff0d694461afe587fc610326da1
SHA256 1be7a75bb8b0a296c1121e140fb788a0e271646d39a1a93b4e360a00f78e5749
SHA512 485e2526d02a658656ee742d738e08cec8cf46ba1d6e0250ff728d0855cbfc833a4e6696369a8b6502997b61ce57eac2654c5784ba07f0ff6e3086d0f73e23d3

C:\Windows\System\OgEnPiN.exe

MD5 3b85c20e74c90df350bc1b91183445d9
SHA1 3fa6cf590543d7b9aaf0e13868a08dc9fe847358
SHA256 5acf3350cbdfe9b220fe039d0806107dfcb164ebc04fd39c84cb9fd7d1f41111
SHA512 dce8a5dc48e9feffe2358ee31b14111fe3c63b61ea28929424686944648ad735be4c7eab71ae2031a38db293b86e165672b1939ff48d0b80b02bc26483cce688

memory/3092-12-0x00007FF66F470000-0x00007FF66F866000-memory.dmp

C:\Windows\System\Xucrexd.exe

MD5 85708d83825013a8e36b054072114251
SHA1 6f59f0aaf733846d584a206cd7255246c09943e2
SHA256 930b24928c63ba3814f20b2236c5755be9eaf9736199033ae63d08071abb3da4
SHA512 d36ae984034c1f1e577abd7b83f53dbaaf0c74c991e5714ca66e6220991eac69ecfcf0e0924771aeb0f3111c26908dd63b46a4c522a33d0e664fa603e50ac7a3

C:\Windows\System\tLGkcgU.exe

MD5 f29dd34137473748a1d5c826bf04338d
SHA1 abae5a71ce78f1d977a54df1cc853072ce61d3aa
SHA256 012406be43d58522577f96fb44bb249724de72d7dc66d19684eb099fbe4b97a0
SHA512 7b5ec7be5ad3a5a4b2ed1bd614159ce3cce5b0f4ab00aeaa6e3b94840198347e28124b5e9d742424644c1bb297525b193564692a6ee6d0af4a336b6955eca4c1

memory/232-30-0x00007FFDB2F20000-0x00007FFDB39E1000-memory.dmp

memory/232-40-0x0000016160AA0000-0x0000016160AC2000-memory.dmp

C:\Windows\System\eIZzpWn.exe

MD5 344b1feec519064f0fd4e9befe5d9af2
SHA1 c9dd3f844531e45107e71557b1362fa65818e4a3
SHA256 4c6eecafaa61e693691696554e82d6948198a5e7d4b5dbde94d9b18cf835af05
SHA512 8e08e06711c00ed92661d63cf4686e62b48fd226a8ee5749e70c9691963131ce3d2ad8c18b2cc78d8a2b88110ff8c5f994d1ec6c8654bfba1480c85f822b4add

C:\Windows\System\IVzbdDq.exe

MD5 95acd9539dda1867b921579db662ea21
SHA1 fd7244df68d52031df44023f2888ab8ca2e67cbc
SHA256 f87224275c6290ac95dea802fa77a93d211fac1e0d6f98ebc75aa27e7192ee62
SHA512 59a55dc15a13e044976eee3019dd17bd50506b99eabbcb5eb9191317219bb815d638af0b8cbb5f9d1022463e2c44b7c90dd4fc7d29b1febbb03b55a6ed764d2d

C:\Windows\System\oFPjhat.exe

MD5 e4ba20b6385d8733b083cbc387b125e9
SHA1 4a4499825b30c615e9d8d201c155fd2a850baad6
SHA256 9110ce490c90e49590d1f8c9072e2acd7a7d4b4bd26b225b1cb259cce990d087
SHA512 315b1e0961cc61014a8bd381bcd55570ceb815cf86e717df6b02db3bc0ad39c7668d58db7999f969a1cf525c98453fcc8e96720fc6688d7dfe7425883f06e81e

C:\Windows\System\zptlfPm.exe

MD5 638ef5deee8580717f75b399b281d7e9
SHA1 82ba3f95bbb92a3f0c86c7a72b232108866b3dcc
SHA256 ee8c84f18608b8dfb14561a2bd2e6df3765c925ed5a4daafcd99324f86c1cb99
SHA512 a6013a0b2fd617295da21ebf92ce3e9c6e174398ac161584e7284447d09fb6a7ca365942994a52f96caaf754a812699a34f5a5ab2f59019d58a80ea2a5f2de39

C:\Windows\System\EBIcgyR.exe

MD5 d93fbf6c2d9ef6d641af4a2a4bedcd58
SHA1 ded823cc2433dd9186d40526e5c8ee0b68c50b12
SHA256 8f293d3fedb0804094745c2e3a9fb53928fee8d40d0d5636bfb7437e190573e7
SHA512 cf6f18933d643ead61c182efb3ec607fb90cf95b9a6095d1761b4735b159d3e9cbd88e0bb074c12efbdb8b79b77db8ae840f230a2af893926574e86c0d34c1f6

C:\Windows\System\zFzAkwe.exe

MD5 1ebb84952db62fe2699a83c96edaed36
SHA1 92d5ea8d71f6aa9d580574a5421b8cc046596e99
SHA256 8177d474ffc3d35923dc4434839f58b9fb593de7a60414bb40b4967dddd471fa
SHA512 2eb11d613217bbbe29327bbecf61023f27745dca8e0c1d1efa839a2d5ee2689eef22d556dd2d90125a12c0b5c002db35fec035465593b7fb1f4dc288b9f60a41

C:\Windows\System\YyETNup.exe

MD5 75fa6b54f7d9a38a0524e45da0dd6d10
SHA1 bbf3d5efb024baf29131f7f9b0e341c8ea6f8b63
SHA256 c6394ad2f37a9e7e141dd8a6a6418849ef157ef4b8436bfb739bbcab106b4660
SHA512 0f91f09b149376b4a01c9a610d063b80f761b924e1c5def30789d11317a8f11ef82da81c4f75dc60d88880790bfe0cec3997aec22a4f06d1565d42f0e364f7a1

memory/4052-689-0x00007FF676F50000-0x00007FF677346000-memory.dmp

memory/3236-690-0x00007FF6B9450000-0x00007FF6B9846000-memory.dmp

memory/1848-691-0x00007FF7CF0A0000-0x00007FF7CF496000-memory.dmp

memory/4532-692-0x00007FF762D80000-0x00007FF763176000-memory.dmp

memory/376-693-0x00007FF7F8540000-0x00007FF7F8936000-memory.dmp

memory/1412-694-0x00007FF729D70000-0x00007FF72A166000-memory.dmp

C:\Windows\System\FMqZMSc.exe

MD5 d8958055ad1f3d53d16b564ca8fe34fd
SHA1 e3d3144b000b6786aebf3efd0c260266d0346b3f
SHA256 df1c66e76f2561a7702d4340ea8babe83f154a645319c250cc37a725f4daea0a
SHA512 fb525b0997b9e79a183696fde0dfbcb59573284a795cd10b1164ae52a280161da81743dfc75b5c3ef22bf440c5ecebfa9db808e8e2eb4e003de2e6e9aac86d67

C:\Windows\System\ppPRpwv.exe

MD5 6f21464dd829d5c7d201ee56db2daa60
SHA1 103958fb393fc319815fab12dd341a2c702067bc
SHA256 c60c46081e82befeb6661f1c171c38f272642e5dad975a633ae30624a65e6af6
SHA512 0b08b6524d3201f4101d852b9d4bbae1ca8209aaa27e05eff09035d4890829c58fe8c2fc7870cd9ed1fa3effbe935f859316af39760e9326bbeb2caa28c53aab

C:\Windows\System\PSgGrxg.exe

MD5 649f0b432b0417a40436ce9ab38ee6af
SHA1 a5cf1f4e0b2e45d3267748b052b40f91b139271d
SHA256 1d3a31f47afec16f7bfdadb55ad5eb6137fe6c5b16967a11c1781419a38f7c35
SHA512 676c4be4f453366aafe688652d8c27c8581dc8855646065cf0ff0b50583447cac1d6bceb0ece030d414259eaf195f8c27dd1d1841199a746ae45587ecdff03f1

C:\Windows\System\xKzNaBp.exe

MD5 cdb4bb650677047ba4d80b44a7072a06
SHA1 2cc194697eeba26390ba651417f7d08097e398ca
SHA256 59e156068aa061ac0145766106d2ba95a833a0358355f26b0df74bc5d1c1b976
SHA512 c55a4ffbed99b2be68ec33a8ba75392ec96e295513f4b096ab3d145747f27711a22431bf1f25da9d7da34c06b18cebe7c539069d1d4a0d9e7c5f24848e057e40

C:\Windows\System\iCCTDCk.exe

MD5 538a5b87ab486ed98fb842e756b082d9
SHA1 9d8425fcdaffd6475d5f17bcbd234f5d30ce9786
SHA256 c2a6c5b4b09579d774ba6c68ea13b6861db9dd47533f7553d86e1a0e06e19d34
SHA512 8f17c63c69cbe1d2203ed3cb24e5375d04faade8a98267ef0db4a2712e59ac6789a60bd83a8f544909408624594ed9793f2df590ae08d01abf7a9288f493fe7a

C:\Windows\System\YvoGpcC.exe

MD5 0a63217877b565380b5c8bea801bfda9
SHA1 2e8ec904432c4ad6c4dba0d0db305fd6ae82568e
SHA256 a2a93cce36da12f0486a0d379fb6f386e0c3f141969dcba1c54fe04849cc7850
SHA512 814e712c0ed4df19b6c7b131440ba164ca47f70ce5aa13021a9dca0e7a83f6953d0a1c5a03d86a95d1a82e6c32d71253ba66fc7dd2e46e7e3d563491753d35a7

C:\Windows\System\qipwnIJ.exe

MD5 c1f8b7a52e4b25c680d5209c607d4038
SHA1 b795456954bbaff1d0e3fc2c838b68a440a1e7a2
SHA256 6982b85ffa4b62076db2940e420dc2c7a8e1297b6659c2926785053efe72f968
SHA512 959aeab47929b864ed091c0efc70aa892fed085256787fe22790b30766668734e68e72f25e0d824c33c6399a16f4dc8d8c45b447104d481ef20f997b3a0bb641

memory/3596-695-0x00007FF6F84E0000-0x00007FF6F88D6000-memory.dmp

memory/536-696-0x00007FF6D8B60000-0x00007FF6D8F56000-memory.dmp

memory/1068-697-0x00007FF743980000-0x00007FF743D76000-memory.dmp

C:\Windows\System\jwvtYtv.exe

MD5 48bd7c8312da4b6cfe6919f9c975d5fa
SHA1 0c7938846297e621ad574a19fe3b4fc1e41c41a3
SHA256 73655ac804039dbd6cfa549e2d3c1cf6669616368c910a6d6b8957ec82d5d3b2
SHA512 f579cd2abec9a652ef6b8a49dff794f9e5106df0a708996838eaaecb03ab96773dfa18afa42162bdc1fc2f3c05693009abc76fd07b26c87de9457ade11477760

C:\Windows\System\WLguZKr.exe

MD5 f6ab5e61fa133044d97b68fd143acd5a
SHA1 a59852798319705e9fc181952db6d9cbfa9acea4
SHA256 f29e73559c54bcd183429f2ef44840fa2c400560e3e60b3f7de3c001023a9814
SHA512 136584d5ba1bf194a7a6aafd52ac29134397d6021c12379613436c71239a7e64416eaa0db7c4808992fe0c92782e365a223a87ad5935b34c4f71dfae741ad339

C:\Windows\System\xckooGt.exe

MD5 931c5eb952897dfb123c6e7d036f1945
SHA1 289456e533f5e8726a3c9ae78047d0cb010e4f4e
SHA256 c81e94696a0f1d171ffd0c9698f9d50c7fb9935a4404f8639c77a1325d84f022
SHA512 f3b043580d7b97c3c467c8736fd8435bfa384b2823afaca258563fe3a881a5072b52b8fd636005f45ef979817598f9852bfddfec5a01beec72fdcbf79e72a092

C:\Windows\System\jrhFbPZ.exe

MD5 deee91a0ed7543e498f875f61bc18b70
SHA1 51b9e6e0f611bef86cedd9b8a8dc337901bee42f
SHA256 71bde29956f043dd4466abd6983a20cf1ff211978461848ab78142135e9ad22d
SHA512 a7a3e9bf4aa148ea4323b543f51faa270447f6417681a03bcec582acc11ec48d4c582cbeeb0e7c04dec78d5518f1ea8183aa28d5cf6db7dbc415c3f34be49ca8

C:\Windows\System\ftzrslP.exe

MD5 318c10d6330fdac60d3779a1050f4d94
SHA1 27ea3dd6f1c5c1d8b7a9d67563fdaef22bf7b1cc
SHA256 9a4cbe8f12d3fb8a70fb7c113e24b81b241c4a716fb7e5d58f808a89fa6d0d29
SHA512 a3356ad26f04b84f6ee72ab7b318362b102d95af464bda6cfe2d9309f837ef5283212f00b22b3a93ad14fb0ac0796864fc19edeb4c34e23b84b8c1e2e7d13aed

C:\Windows\System\MiEcnOq.exe

MD5 045a8d290f4448eac8921223a980b9c7
SHA1 65f294a0965cbf81570c697d466b3edf09f928d3
SHA256 ffa3b6043ead4e90b44254bc819a8ff98b3c0ab495b74b9e3a4693b0579ae7ab
SHA512 7c1736e33ee9408fb6dac5149af51b76fcaa0431351442ab5f64034c60b5c48cfa66f02e3b0467992b7418a8737e77d242db00ef804c35a938bfc2c6598fefcb

C:\Windows\System\RBtmmmh.exe

MD5 92ddbbd8befc91ac18b397dfeec1aa23
SHA1 e08151e32ced5bedbd32c06e3a6e34bfd31a9245
SHA256 7df6ee8b0009ad11022b005d65f09eaf3356d42cc1727cb74b8ee35a3b12e9d3
SHA512 078fe8b943bc00da77960c4c751f6db04dbfb28f2e085fba35cc3b24d55051658145528f5d59b49682e7829068286e7cb959aab53d0d6eddd20388bae554a4c9

C:\Windows\System\hgPlaZv.exe

MD5 2d0619847145c83add7e1aebf23ec36e
SHA1 58d3fdda9a388026468edadd457b84b1aa87146e
SHA256 218262f583fc76697aaa82550932a20e51e18f372b590f69fd0d1b6504541873
SHA512 b76d36709c81fff2a4bdf09d1f446fd123be198a26c12db608c7ecd24d2d9070f5912edc5c03d09d2bf576be46cd3bb9af20e72d2f104837eddca72e1dc666dc

C:\Windows\System\IzGouwV.exe

MD5 398cdb9891c9d6c22590aec3e8e2877d
SHA1 cd38c01f13ca7b8fad04858c13ad0d7479d322c7
SHA256 220c2867ffe7dfcc5d73ee034015458628d64bb11f7e49a13e5f8f571da2d37a
SHA512 9abe270ae45ba0f35fa66793e78f3d2565af2e0b9e72b7ea347e591d5bcea24cfadc7959a13428e4721986a0b2eddcb78ce37c364972ed66d3ccbb6eff46769c

C:\Windows\System\mKkdXHa.exe

MD5 cc67fc30e5bc44e032508b6b1de7186e
SHA1 60f7962a58ca3a945ec0e2e4a37b948efb0927d8
SHA256 c3aa41cd551368f77dd214a14b4d80caf450434e40673c7f2fc8ef68554b439e
SHA512 cce553700e2d7e4928b911b1eed892b8208843d5e0b92451691916cd06ccb561f26b99174143dc8448549b882aedc7353a4b4917b1826a0ee2d967382d8d8da9

C:\Windows\System\YSJnCks.exe

MD5 5e03fe4bf4bf73763889ec802e9b6f58
SHA1 c23c8b56614ca2622b4837633a3772bce49a8571
SHA256 73a0f3b31c4c0dc2ae0e6b32b65c788cde89bfb47c50cdfa84846fafd99f66a0
SHA512 4e1d41bc61decf72aca5e829bdac58b8908d445b6f90d56750f8646b0c4292d9e2871dfb0dbb7ae46947b2d464b7d72538fbf9017fbe25a4aa581b9d65104aef

C:\Windows\System\ZTnUfWa.exe

MD5 b64d4d6909ef05d096732bb473ee1c97
SHA1 9769386e00d40dfbf73119fc5af6d44b8c1b707b
SHA256 231b4b65678d84ad687f2e4a427680b95cbed569fbba2f8d7ad2c53a11dbac55
SHA512 cbafc3047fd3b7570bec0ecc5d4e3db77914ff3ba1234aa2a0f00b53b499063f2db23993324ebb98eeea67050db9e7044ce6a249772f6a94da5aea0422c72a3a

C:\Windows\System\YrrqeBa.exe

MD5 c6a5ba6360d76af2d8b514982c65a6fd
SHA1 d80852bc2f79e83e489f25c6ec7b1398bd6183d9
SHA256 b2bd8122724158fc95e8b1ef71c10c25635e44781b4a400349a84503644cba8a
SHA512 165e80192c5f888558fa78001daefae22330179b62a7378156124c993fa9dfe539bbca06dbce35b2a5fb8a9592a5f17787ab18f33d9b404e7b1b147d7a3556b7

memory/2080-53-0x00007FF7A7520000-0x00007FF7A7916000-memory.dmp

C:\Windows\System\ZYNuJAv.exe

MD5 ea63bb0e3efebe2a364bcfdc456bbc0a
SHA1 6b27ec2567573a81dd39f3315b5ea1ebcec7ec1d
SHA256 00e247cb2e1c4304a63f93015b32586de5dea6f66b20ebfcb47b160cdceb840a
SHA512 4c140fbb4533c8d047b66c1a91584bb73ed494181e808ba2a021f266a6795733420140f7b8af7ea09da5887b4648c275ab316c10da8dbbfcf8cd41308cb46067

memory/3608-47-0x00007FF60DB90000-0x00007FF60DF86000-memory.dmp

memory/232-44-0x00007FFDB2F20000-0x00007FFDB39E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e3pwgmx0.jth.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4404-698-0x00007FF6FE8D0000-0x00007FF6FECC6000-memory.dmp

memory/3088-705-0x00007FF6401D0000-0x00007FF6405C6000-memory.dmp

memory/3504-708-0x00007FF785360000-0x00007FF785756000-memory.dmp

memory/4420-730-0x00007FF6F9790000-0x00007FF6F9B86000-memory.dmp

memory/1976-735-0x00007FF6AA870000-0x00007FF6AAC66000-memory.dmp

memory/4388-743-0x00007FF6509F0000-0x00007FF650DE6000-memory.dmp

memory/3648-748-0x00007FF7313B0000-0x00007FF7317A6000-memory.dmp

memory/4500-724-0x00007FF6AC920000-0x00007FF6ACD16000-memory.dmp

memory/4856-755-0x00007FF760830000-0x00007FF760C26000-memory.dmp

memory/2076-752-0x00007FF779600000-0x00007FF7799F6000-memory.dmp

memory/4800-721-0x00007FF6963E0000-0x00007FF6967D6000-memory.dmp

memory/2480-716-0x00007FF614A80000-0x00007FF614E76000-memory.dmp

memory/232-1771-0x00007FFDB2F20000-0x00007FFDB39E1000-memory.dmp

C:\Windows\System\wJInSZT.exe

MD5 7e1e9fcc71af27d4f3a70b3e20ac77b9
SHA1 09ec64762a6dbe9e03ecdb61ea5de2d274d170f0
SHA256 2f18658787aeca4d305f9fde7c9bc7343e5969bd51ec0e2c8583a2e506b9b404
SHA512 3beada4b1cd8ead153972e6e1293d504f7cea2d7323223a87897681d13a0872baba6942b9d88c8943892c0ad02e1f51ed3730edd702cc7d53ab31d006770ca91

memory/3092-2006-0x00007FF66F470000-0x00007FF66F866000-memory.dmp

memory/3092-2007-0x00007FF66F470000-0x00007FF66F866000-memory.dmp

memory/3608-2009-0x00007FF60DB90000-0x00007FF60DF86000-memory.dmp

memory/4052-2010-0x00007FF676F50000-0x00007FF677346000-memory.dmp

memory/3236-2008-0x00007FF6B9450000-0x00007FF6B9846000-memory.dmp

memory/2080-2011-0x00007FF7A7520000-0x00007FF7A7916000-memory.dmp

memory/1848-2012-0x00007FF7CF0A0000-0x00007FF7CF496000-memory.dmp

memory/376-2015-0x00007FF7F8540000-0x00007FF7F8936000-memory.dmp

memory/4856-2014-0x00007FF760830000-0x00007FF760C26000-memory.dmp

memory/4532-2013-0x00007FF762D80000-0x00007FF763176000-memory.dmp

memory/3596-2016-0x00007FF6F84E0000-0x00007FF6F88D6000-memory.dmp

memory/1412-2017-0x00007FF729D70000-0x00007FF72A166000-memory.dmp

memory/536-2019-0x00007FF6D8B60000-0x00007FF6D8F56000-memory.dmp

memory/1068-2018-0x00007FF743980000-0x00007FF743D76000-memory.dmp

memory/4404-2020-0x00007FF6FE8D0000-0x00007FF6FECC6000-memory.dmp

memory/3088-2023-0x00007FF6401D0000-0x00007FF6405C6000-memory.dmp

memory/4800-2024-0x00007FF6963E0000-0x00007FF6967D6000-memory.dmp

memory/3504-2022-0x00007FF785360000-0x00007FF785756000-memory.dmp

memory/2480-2021-0x00007FF614A80000-0x00007FF614E76000-memory.dmp

memory/4388-2029-0x00007FF6509F0000-0x00007FF650DE6000-memory.dmp

memory/3648-2028-0x00007FF7313B0000-0x00007FF7317A6000-memory.dmp

memory/2076-2027-0x00007FF779600000-0x00007FF7799F6000-memory.dmp

memory/4420-2026-0x00007FF6F9790000-0x00007FF6F9B86000-memory.dmp

memory/1976-2030-0x00007FF6AA870000-0x00007FF6AAC66000-memory.dmp

memory/4500-2025-0x00007FF6AC920000-0x00007FF6ACD16000-memory.dmp