Malware Analysis Report

2024-11-16 11:02

Sample ID 240612-mnpy4s1fje
Target 33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe
SHA256 01bba040f83bf45d5f743367f60b95f107f184321ef56cc99ecc501ca8909228
Tags
miner upx xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

01bba040f83bf45d5f743367f60b95f107f184321ef56cc99ecc501ca8909228

Threat Level: Known bad

The file 33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 10:36

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 10:36

Reported

2024-06-12 10:39

Platform

win7-20240508-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kfsuJNG.exe N/A
N/A N/A C:\Windows\System\HXJmqOh.exe N/A
N/A N/A C:\Windows\System\vtRjECp.exe N/A
N/A N/A C:\Windows\System\GABkBRr.exe N/A
N/A N/A C:\Windows\System\nUltlvz.exe N/A
N/A N/A C:\Windows\System\rnIfpTL.exe N/A
N/A N/A C:\Windows\System\DFHntnd.exe N/A
N/A N/A C:\Windows\System\peywRFi.exe N/A
N/A N/A C:\Windows\System\weGRfpo.exe N/A
N/A N/A C:\Windows\System\ADQrOBb.exe N/A
N/A N/A C:\Windows\System\GGvidHG.exe N/A
N/A N/A C:\Windows\System\HuMoYYf.exe N/A
N/A N/A C:\Windows\System\OJYIhIR.exe N/A
N/A N/A C:\Windows\System\YvUTesP.exe N/A
N/A N/A C:\Windows\System\VRhfEmI.exe N/A
N/A N/A C:\Windows\System\TatbBoW.exe N/A
N/A N/A C:\Windows\System\iTrXxxT.exe N/A
N/A N/A C:\Windows\System\jdQPTUp.exe N/A
N/A N/A C:\Windows\System\arhOfQD.exe N/A
N/A N/A C:\Windows\System\TOKwjRG.exe N/A
N/A N/A C:\Windows\System\JyxSEUF.exe N/A
N/A N/A C:\Windows\System\IsXBqtE.exe N/A
N/A N/A C:\Windows\System\vDinMDJ.exe N/A
N/A N/A C:\Windows\System\zKlctLH.exe N/A
N/A N/A C:\Windows\System\HdEGkae.exe N/A
N/A N/A C:\Windows\System\UCMouju.exe N/A
N/A N/A C:\Windows\System\knwJuuJ.exe N/A
N/A N/A C:\Windows\System\dVTrZjm.exe N/A
N/A N/A C:\Windows\System\WuKYmBd.exe N/A
N/A N/A C:\Windows\System\LTENwBr.exe N/A
N/A N/A C:\Windows\System\wAsoKVN.exe N/A
N/A N/A C:\Windows\System\pFtXDFk.exe N/A
N/A N/A C:\Windows\System\abzGaTe.exe N/A
N/A N/A C:\Windows\System\zxGyupB.exe N/A
N/A N/A C:\Windows\System\hfTquQs.exe N/A
N/A N/A C:\Windows\System\JdcApqy.exe N/A
N/A N/A C:\Windows\System\uoVFTpe.exe N/A
N/A N/A C:\Windows\System\uUCYGPC.exe N/A
N/A N/A C:\Windows\System\qlRZQzd.exe N/A
N/A N/A C:\Windows\System\qehhCMo.exe N/A
N/A N/A C:\Windows\System\yktsQST.exe N/A
N/A N/A C:\Windows\System\fbzfSeu.exe N/A
N/A N/A C:\Windows\System\ytLTcKg.exe N/A
N/A N/A C:\Windows\System\fkYnObY.exe N/A
N/A N/A C:\Windows\System\XuDItRu.exe N/A
N/A N/A C:\Windows\System\lKThFWB.exe N/A
N/A N/A C:\Windows\System\hBpSZXk.exe N/A
N/A N/A C:\Windows\System\LdcaEEI.exe N/A
N/A N/A C:\Windows\System\SeLxzPm.exe N/A
N/A N/A C:\Windows\System\qLQLFtT.exe N/A
N/A N/A C:\Windows\System\lCjHgyq.exe N/A
N/A N/A C:\Windows\System\FLdygYM.exe N/A
N/A N/A C:\Windows\System\iOxeeDL.exe N/A
N/A N/A C:\Windows\System\RIbPrxp.exe N/A
N/A N/A C:\Windows\System\yusXpsl.exe N/A
N/A N/A C:\Windows\System\EavOwok.exe N/A
N/A N/A C:\Windows\System\WReZWao.exe N/A
N/A N/A C:\Windows\System\gBKHUkg.exe N/A
N/A N/A C:\Windows\System\YVvZMBq.exe N/A
N/A N/A C:\Windows\System\DNxbsBS.exe N/A
N/A N/A C:\Windows\System\zYDVMYN.exe N/A
N/A N/A C:\Windows\System\PJlOyhz.exe N/A
N/A N/A C:\Windows\System\FvOoCDv.exe N/A
N/A N/A C:\Windows\System\Sszaubd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\MPBRvLr.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tmZFIaZ.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVuExgQ.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\hjENZPd.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\rtZAssR.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\xHMdRsf.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DynQtRf.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\jbdaEpP.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjiYjub.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\OjlHbOl.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\yZsKBXE.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWqzOzK.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\eFaUrIM.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\UGQXBsN.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\BdfIREU.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\MkhQnkf.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVrsENm.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tvxCwTG.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\MBYzdpJ.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOzucOO.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\xTHvLMo.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbiHSAk.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\VTqsyta.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\QQcOBgk.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tHkAteF.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\HuMoYYf.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQBFKpB.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\hydYLbF.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\eScLDtp.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\pSMnITA.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\jrTcsbu.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WygkwQR.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJAdcMK.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\exoIIrH.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOxRYmD.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxBWgTe.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJkaxav.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\GhaHgbY.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgsEtjg.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnpfezN.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\JdcApqy.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\fkQZYBE.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaMBokE.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSVIqrX.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\qaJWBjR.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuKYmBd.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlRACcR.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\uSiVqYq.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\YEpsvne.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\biSzdrW.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\vtRjECp.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFNvTYL.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\vjbVuer.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLJNZRO.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\enQtXPc.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\UHyPnSS.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\GMUbBIa.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DxgAqbH.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\CKHgRwM.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvKtKxW.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDrukiM.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnaJbJs.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tTpLqgV.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfGxVkZ.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 308 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\kfsuJNG.exe
PID 308 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\kfsuJNG.exe
PID 308 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\kfsuJNG.exe
PID 308 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\HXJmqOh.exe
PID 308 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\HXJmqOh.exe
PID 308 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\HXJmqOh.exe
PID 308 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\vtRjECp.exe
PID 308 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\vtRjECp.exe
PID 308 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\vtRjECp.exe
PID 308 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\GABkBRr.exe
PID 308 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\GABkBRr.exe
PID 308 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\GABkBRr.exe
PID 308 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\nUltlvz.exe
PID 308 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\nUltlvz.exe
PID 308 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\nUltlvz.exe
PID 308 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\rnIfpTL.exe
PID 308 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\rnIfpTL.exe
PID 308 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\rnIfpTL.exe
PID 308 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\DFHntnd.exe
PID 308 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\DFHntnd.exe
PID 308 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\DFHntnd.exe
PID 308 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\peywRFi.exe
PID 308 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\peywRFi.exe
PID 308 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\peywRFi.exe
PID 308 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\weGRfpo.exe
PID 308 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\weGRfpo.exe
PID 308 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\weGRfpo.exe
PID 308 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\ADQrOBb.exe
PID 308 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\ADQrOBb.exe
PID 308 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\ADQrOBb.exe
PID 308 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\GGvidHG.exe
PID 308 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\GGvidHG.exe
PID 308 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\GGvidHG.exe
PID 308 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\HuMoYYf.exe
PID 308 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\HuMoYYf.exe
PID 308 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\HuMoYYf.exe
PID 308 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\OJYIhIR.exe
PID 308 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\OJYIhIR.exe
PID 308 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\OJYIhIR.exe
PID 308 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\YvUTesP.exe
PID 308 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\YvUTesP.exe
PID 308 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\YvUTesP.exe
PID 308 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\VRhfEmI.exe
PID 308 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\VRhfEmI.exe
PID 308 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\VRhfEmI.exe
PID 308 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\TatbBoW.exe
PID 308 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\TatbBoW.exe
PID 308 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\TatbBoW.exe
PID 308 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\iTrXxxT.exe
PID 308 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\iTrXxxT.exe
PID 308 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\iTrXxxT.exe
PID 308 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\jdQPTUp.exe
PID 308 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\jdQPTUp.exe
PID 308 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\jdQPTUp.exe
PID 308 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\arhOfQD.exe
PID 308 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\arhOfQD.exe
PID 308 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\arhOfQD.exe
PID 308 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\TOKwjRG.exe
PID 308 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\TOKwjRG.exe
PID 308 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\TOKwjRG.exe
PID 308 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\JyxSEUF.exe
PID 308 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\JyxSEUF.exe
PID 308 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\JyxSEUF.exe
PID 308 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\IsXBqtE.exe

Processes

C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe"

C:\Windows\System\kfsuJNG.exe

C:\Windows\System\kfsuJNG.exe

C:\Windows\System\HXJmqOh.exe

C:\Windows\System\HXJmqOh.exe

C:\Windows\System\vtRjECp.exe

C:\Windows\System\vtRjECp.exe

C:\Windows\System\GABkBRr.exe

C:\Windows\System\GABkBRr.exe

C:\Windows\System\nUltlvz.exe

C:\Windows\System\nUltlvz.exe

C:\Windows\System\rnIfpTL.exe

C:\Windows\System\rnIfpTL.exe

C:\Windows\System\DFHntnd.exe

C:\Windows\System\DFHntnd.exe

C:\Windows\System\peywRFi.exe

C:\Windows\System\peywRFi.exe

C:\Windows\System\weGRfpo.exe

C:\Windows\System\weGRfpo.exe

C:\Windows\System\ADQrOBb.exe

C:\Windows\System\ADQrOBb.exe

C:\Windows\System\GGvidHG.exe

C:\Windows\System\GGvidHG.exe

C:\Windows\System\HuMoYYf.exe

C:\Windows\System\HuMoYYf.exe

C:\Windows\System\OJYIhIR.exe

C:\Windows\System\OJYIhIR.exe

C:\Windows\System\YvUTesP.exe

C:\Windows\System\YvUTesP.exe

C:\Windows\System\VRhfEmI.exe

C:\Windows\System\VRhfEmI.exe

C:\Windows\System\TatbBoW.exe

C:\Windows\System\TatbBoW.exe

C:\Windows\System\iTrXxxT.exe

C:\Windows\System\iTrXxxT.exe

C:\Windows\System\jdQPTUp.exe

C:\Windows\System\jdQPTUp.exe

C:\Windows\System\arhOfQD.exe

C:\Windows\System\arhOfQD.exe

C:\Windows\System\TOKwjRG.exe

C:\Windows\System\TOKwjRG.exe

C:\Windows\System\JyxSEUF.exe

C:\Windows\System\JyxSEUF.exe

C:\Windows\System\IsXBqtE.exe

C:\Windows\System\IsXBqtE.exe

C:\Windows\System\vDinMDJ.exe

C:\Windows\System\vDinMDJ.exe

C:\Windows\System\zKlctLH.exe

C:\Windows\System\zKlctLH.exe

C:\Windows\System\HdEGkae.exe

C:\Windows\System\HdEGkae.exe

C:\Windows\System\UCMouju.exe

C:\Windows\System\UCMouju.exe

C:\Windows\System\knwJuuJ.exe

C:\Windows\System\knwJuuJ.exe

C:\Windows\System\dVTrZjm.exe

C:\Windows\System\dVTrZjm.exe

C:\Windows\System\WuKYmBd.exe

C:\Windows\System\WuKYmBd.exe

C:\Windows\System\LTENwBr.exe

C:\Windows\System\LTENwBr.exe

C:\Windows\System\wAsoKVN.exe

C:\Windows\System\wAsoKVN.exe

C:\Windows\System\pFtXDFk.exe

C:\Windows\System\pFtXDFk.exe

C:\Windows\System\abzGaTe.exe

C:\Windows\System\abzGaTe.exe

C:\Windows\System\zxGyupB.exe

C:\Windows\System\zxGyupB.exe

C:\Windows\System\hfTquQs.exe

C:\Windows\System\hfTquQs.exe

C:\Windows\System\JdcApqy.exe

C:\Windows\System\JdcApqy.exe

C:\Windows\System\uoVFTpe.exe

C:\Windows\System\uoVFTpe.exe

C:\Windows\System\uUCYGPC.exe

C:\Windows\System\uUCYGPC.exe

C:\Windows\System\qlRZQzd.exe

C:\Windows\System\qlRZQzd.exe

C:\Windows\System\qehhCMo.exe

C:\Windows\System\qehhCMo.exe

C:\Windows\System\yktsQST.exe

C:\Windows\System\yktsQST.exe

C:\Windows\System\fbzfSeu.exe

C:\Windows\System\fbzfSeu.exe

C:\Windows\System\ytLTcKg.exe

C:\Windows\System\ytLTcKg.exe

C:\Windows\System\fkYnObY.exe

C:\Windows\System\fkYnObY.exe

C:\Windows\System\XuDItRu.exe

C:\Windows\System\XuDItRu.exe

C:\Windows\System\lKThFWB.exe

C:\Windows\System\lKThFWB.exe

C:\Windows\System\hBpSZXk.exe

C:\Windows\System\hBpSZXk.exe

C:\Windows\System\LdcaEEI.exe

C:\Windows\System\LdcaEEI.exe

C:\Windows\System\SeLxzPm.exe

C:\Windows\System\SeLxzPm.exe

C:\Windows\System\qLQLFtT.exe

C:\Windows\System\qLQLFtT.exe

C:\Windows\System\lCjHgyq.exe

C:\Windows\System\lCjHgyq.exe

C:\Windows\System\FLdygYM.exe

C:\Windows\System\FLdygYM.exe

C:\Windows\System\iOxeeDL.exe

C:\Windows\System\iOxeeDL.exe

C:\Windows\System\RIbPrxp.exe

C:\Windows\System\RIbPrxp.exe

C:\Windows\System\yusXpsl.exe

C:\Windows\System\yusXpsl.exe

C:\Windows\System\EavOwok.exe

C:\Windows\System\EavOwok.exe

C:\Windows\System\WReZWao.exe

C:\Windows\System\WReZWao.exe

C:\Windows\System\gBKHUkg.exe

C:\Windows\System\gBKHUkg.exe

C:\Windows\System\YVvZMBq.exe

C:\Windows\System\YVvZMBq.exe

C:\Windows\System\DNxbsBS.exe

C:\Windows\System\DNxbsBS.exe

C:\Windows\System\zYDVMYN.exe

C:\Windows\System\zYDVMYN.exe

C:\Windows\System\PJlOyhz.exe

C:\Windows\System\PJlOyhz.exe

C:\Windows\System\FvOoCDv.exe

C:\Windows\System\FvOoCDv.exe

C:\Windows\System\Sszaubd.exe

C:\Windows\System\Sszaubd.exe

C:\Windows\System\sOzukCg.exe

C:\Windows\System\sOzukCg.exe

C:\Windows\System\zcgLzwb.exe

C:\Windows\System\zcgLzwb.exe

C:\Windows\System\MGjApjO.exe

C:\Windows\System\MGjApjO.exe

C:\Windows\System\kuCESlG.exe

C:\Windows\System\kuCESlG.exe

C:\Windows\System\dWKXujt.exe

C:\Windows\System\dWKXujt.exe

C:\Windows\System\uEVMYcO.exe

C:\Windows\System\uEVMYcO.exe

C:\Windows\System\gHWmeIx.exe

C:\Windows\System\gHWmeIx.exe

C:\Windows\System\dhtyWmq.exe

C:\Windows\System\dhtyWmq.exe

C:\Windows\System\kriswWx.exe

C:\Windows\System\kriswWx.exe

C:\Windows\System\FjBGwkw.exe

C:\Windows\System\FjBGwkw.exe

C:\Windows\System\WStFLJU.exe

C:\Windows\System\WStFLJU.exe

C:\Windows\System\mJAdcMK.exe

C:\Windows\System\mJAdcMK.exe

C:\Windows\System\qprWvLC.exe

C:\Windows\System\qprWvLC.exe

C:\Windows\System\SepFmHn.exe

C:\Windows\System\SepFmHn.exe

C:\Windows\System\YuMOxow.exe

C:\Windows\System\YuMOxow.exe

C:\Windows\System\cfWdhSQ.exe

C:\Windows\System\cfWdhSQ.exe

C:\Windows\System\cubYDhw.exe

C:\Windows\System\cubYDhw.exe

C:\Windows\System\oxfLPUa.exe

C:\Windows\System\oxfLPUa.exe

C:\Windows\System\bqhVcRK.exe

C:\Windows\System\bqhVcRK.exe

C:\Windows\System\EWMiEHm.exe

C:\Windows\System\EWMiEHm.exe

C:\Windows\System\AdHSPgh.exe

C:\Windows\System\AdHSPgh.exe

C:\Windows\System\pKaaXZW.exe

C:\Windows\System\pKaaXZW.exe

C:\Windows\System\bVUIoAY.exe

C:\Windows\System\bVUIoAY.exe

C:\Windows\System\BxXnoZD.exe

C:\Windows\System\BxXnoZD.exe

C:\Windows\System\dncXInH.exe

C:\Windows\System\dncXInH.exe

C:\Windows\System\kKmbfdX.exe

C:\Windows\System\kKmbfdX.exe

C:\Windows\System\zjiYjub.exe

C:\Windows\System\zjiYjub.exe

C:\Windows\System\ieaTQHF.exe

C:\Windows\System\ieaTQHF.exe

C:\Windows\System\ENUBWux.exe

C:\Windows\System\ENUBWux.exe

C:\Windows\System\mTmFfhr.exe

C:\Windows\System\mTmFfhr.exe

C:\Windows\System\rJREQbX.exe

C:\Windows\System\rJREQbX.exe

C:\Windows\System\qvXzxII.exe

C:\Windows\System\qvXzxII.exe

C:\Windows\System\TsMPLgo.exe

C:\Windows\System\TsMPLgo.exe

C:\Windows\System\IOhLmAk.exe

C:\Windows\System\IOhLmAk.exe

C:\Windows\System\joxtujC.exe

C:\Windows\System\joxtujC.exe

C:\Windows\System\bOwEfXl.exe

C:\Windows\System\bOwEfXl.exe

C:\Windows\System\kcsVRpm.exe

C:\Windows\System\kcsVRpm.exe

C:\Windows\System\ikiUjQw.exe

C:\Windows\System\ikiUjQw.exe

C:\Windows\System\VXdCtKm.exe

C:\Windows\System\VXdCtKm.exe

C:\Windows\System\bZkUNiF.exe

C:\Windows\System\bZkUNiF.exe

C:\Windows\System\MiaRFph.exe

C:\Windows\System\MiaRFph.exe

C:\Windows\System\QSacsgl.exe

C:\Windows\System\QSacsgl.exe

C:\Windows\System\lgHkGPM.exe

C:\Windows\System\lgHkGPM.exe

C:\Windows\System\sEhyBVR.exe

C:\Windows\System\sEhyBVR.exe

C:\Windows\System\NyKaOOA.exe

C:\Windows\System\NyKaOOA.exe

C:\Windows\System\BSytBHv.exe

C:\Windows\System\BSytBHv.exe

C:\Windows\System\gpTlXdA.exe

C:\Windows\System\gpTlXdA.exe

C:\Windows\System\PjrngCs.exe

C:\Windows\System\PjrngCs.exe

C:\Windows\System\cQDiZYH.exe

C:\Windows\System\cQDiZYH.exe

C:\Windows\System\preAwWC.exe

C:\Windows\System\preAwWC.exe

C:\Windows\System\TxOrboC.exe

C:\Windows\System\TxOrboC.exe

C:\Windows\System\eKRFaSg.exe

C:\Windows\System\eKRFaSg.exe

C:\Windows\System\AQtZRjG.exe

C:\Windows\System\AQtZRjG.exe

C:\Windows\System\SthophT.exe

C:\Windows\System\SthophT.exe

C:\Windows\System\gJjZsbS.exe

C:\Windows\System\gJjZsbS.exe

C:\Windows\System\bdkpFfY.exe

C:\Windows\System\bdkpFfY.exe

C:\Windows\System\XwjDtpz.exe

C:\Windows\System\XwjDtpz.exe

C:\Windows\System\zHOkNVU.exe

C:\Windows\System\zHOkNVU.exe

C:\Windows\System\LQHiZMP.exe

C:\Windows\System\LQHiZMP.exe

C:\Windows\System\OXOQKTn.exe

C:\Windows\System\OXOQKTn.exe

C:\Windows\System\HKVSHCC.exe

C:\Windows\System\HKVSHCC.exe

C:\Windows\System\tDjLIuc.exe

C:\Windows\System\tDjLIuc.exe

C:\Windows\System\FEmrKcR.exe

C:\Windows\System\FEmrKcR.exe

C:\Windows\System\fkQZYBE.exe

C:\Windows\System\fkQZYBE.exe

C:\Windows\System\NrruXgC.exe

C:\Windows\System\NrruXgC.exe

C:\Windows\System\txDOatf.exe

C:\Windows\System\txDOatf.exe

C:\Windows\System\LAZDnzh.exe

C:\Windows\System\LAZDnzh.exe

C:\Windows\System\ipMYVex.exe

C:\Windows\System\ipMYVex.exe

C:\Windows\System\aMDhkKV.exe

C:\Windows\System\aMDhkKV.exe

C:\Windows\System\aoEUaNt.exe

C:\Windows\System\aoEUaNt.exe

C:\Windows\System\eyXwiJU.exe

C:\Windows\System\eyXwiJU.exe

C:\Windows\System\UtvGIcg.exe

C:\Windows\System\UtvGIcg.exe

C:\Windows\System\xCROMHR.exe

C:\Windows\System\xCROMHR.exe

C:\Windows\System\pvKtKxW.exe

C:\Windows\System\pvKtKxW.exe

C:\Windows\System\IuWhmhn.exe

C:\Windows\System\IuWhmhn.exe

C:\Windows\System\dCvmavc.exe

C:\Windows\System\dCvmavc.exe

C:\Windows\System\BdfIREU.exe

C:\Windows\System\BdfIREU.exe

C:\Windows\System\cLlaRif.exe

C:\Windows\System\cLlaRif.exe

C:\Windows\System\DOxRYmD.exe

C:\Windows\System\DOxRYmD.exe

C:\Windows\System\MbWgSLA.exe

C:\Windows\System\MbWgSLA.exe

C:\Windows\System\uAChbCB.exe

C:\Windows\System\uAChbCB.exe

C:\Windows\System\MBFdvKd.exe

C:\Windows\System\MBFdvKd.exe

C:\Windows\System\GcDdmhS.exe

C:\Windows\System\GcDdmhS.exe

C:\Windows\System\SsnhLxa.exe

C:\Windows\System\SsnhLxa.exe

C:\Windows\System\Glyzarb.exe

C:\Windows\System\Glyzarb.exe

C:\Windows\System\WevXfxH.exe

C:\Windows\System\WevXfxH.exe

C:\Windows\System\HKQQiRX.exe

C:\Windows\System\HKQQiRX.exe

C:\Windows\System\BHkecNs.exe

C:\Windows\System\BHkecNs.exe

C:\Windows\System\szWbOcz.exe

C:\Windows\System\szWbOcz.exe

C:\Windows\System\uebTgQO.exe

C:\Windows\System\uebTgQO.exe

C:\Windows\System\gfnctMq.exe

C:\Windows\System\gfnctMq.exe

C:\Windows\System\IJkaxav.exe

C:\Windows\System\IJkaxav.exe

C:\Windows\System\kUOTmUb.exe

C:\Windows\System\kUOTmUb.exe

C:\Windows\System\DVpAZQb.exe

C:\Windows\System\DVpAZQb.exe

C:\Windows\System\DtsztMl.exe

C:\Windows\System\DtsztMl.exe

C:\Windows\System\TmZsfle.exe

C:\Windows\System\TmZsfle.exe

C:\Windows\System\sAHGLSq.exe

C:\Windows\System\sAHGLSq.exe

C:\Windows\System\TuwSfyo.exe

C:\Windows\System\TuwSfyo.exe

C:\Windows\System\IiPwdca.exe

C:\Windows\System\IiPwdca.exe

C:\Windows\System\Gxifsoj.exe

C:\Windows\System\Gxifsoj.exe

C:\Windows\System\oMTTPWJ.exe

C:\Windows\System\oMTTPWJ.exe

C:\Windows\System\OLPznJL.exe

C:\Windows\System\OLPznJL.exe

C:\Windows\System\GjSpAZr.exe

C:\Windows\System\GjSpAZr.exe

C:\Windows\System\LJGZJOb.exe

C:\Windows\System\LJGZJOb.exe

C:\Windows\System\fixpwIj.exe

C:\Windows\System\fixpwIj.exe

C:\Windows\System\DodOOgq.exe

C:\Windows\System\DodOOgq.exe

C:\Windows\System\jOenZWS.exe

C:\Windows\System\jOenZWS.exe

C:\Windows\System\yigNTvR.exe

C:\Windows\System\yigNTvR.exe

C:\Windows\System\xOtNWUn.exe

C:\Windows\System\xOtNWUn.exe

C:\Windows\System\RgmjXVV.exe

C:\Windows\System\RgmjXVV.exe

C:\Windows\System\PcDTcUX.exe

C:\Windows\System\PcDTcUX.exe

C:\Windows\System\KWtQCKr.exe

C:\Windows\System\KWtQCKr.exe

C:\Windows\System\ydQmTMc.exe

C:\Windows\System\ydQmTMc.exe

C:\Windows\System\KjDiOpG.exe

C:\Windows\System\KjDiOpG.exe

C:\Windows\System\MkhQnkf.exe

C:\Windows\System\MkhQnkf.exe

C:\Windows\System\knPamQo.exe

C:\Windows\System\knPamQo.exe

C:\Windows\System\JalYddf.exe

C:\Windows\System\JalYddf.exe

C:\Windows\System\gYxkrhY.exe

C:\Windows\System\gYxkrhY.exe

C:\Windows\System\uPEvmGH.exe

C:\Windows\System\uPEvmGH.exe

C:\Windows\System\YwedzEm.exe

C:\Windows\System\YwedzEm.exe

C:\Windows\System\QVdRzsF.exe

C:\Windows\System\QVdRzsF.exe

C:\Windows\System\NNxnLIu.exe

C:\Windows\System\NNxnLIu.exe

C:\Windows\System\nmKZMCl.exe

C:\Windows\System\nmKZMCl.exe

C:\Windows\System\eXsEiJf.exe

C:\Windows\System\eXsEiJf.exe

C:\Windows\System\ldDFtqB.exe

C:\Windows\System\ldDFtqB.exe

C:\Windows\System\kKXftva.exe

C:\Windows\System\kKXftva.exe

C:\Windows\System\SKoywOv.exe

C:\Windows\System\SKoywOv.exe

C:\Windows\System\KwsNaJR.exe

C:\Windows\System\KwsNaJR.exe

C:\Windows\System\riJOwuk.exe

C:\Windows\System\riJOwuk.exe

C:\Windows\System\uSWpRTg.exe

C:\Windows\System\uSWpRTg.exe

C:\Windows\System\yKmfhlO.exe

C:\Windows\System\yKmfhlO.exe

C:\Windows\System\uHJyYXA.exe

C:\Windows\System\uHJyYXA.exe

C:\Windows\System\CuPZPyG.exe

C:\Windows\System\CuPZPyG.exe

C:\Windows\System\zFQLXXn.exe

C:\Windows\System\zFQLXXn.exe

C:\Windows\System\cfaNteL.exe

C:\Windows\System\cfaNteL.exe

C:\Windows\System\VNRnSRf.exe

C:\Windows\System\VNRnSRf.exe

C:\Windows\System\eeEIeUB.exe

C:\Windows\System\eeEIeUB.exe

C:\Windows\System\zvbaUUu.exe

C:\Windows\System\zvbaUUu.exe

C:\Windows\System\iDnKVbP.exe

C:\Windows\System\iDnKVbP.exe

C:\Windows\System\itiqwnD.exe

C:\Windows\System\itiqwnD.exe

C:\Windows\System\mZCooUF.exe

C:\Windows\System\mZCooUF.exe

C:\Windows\System\vBKeuyq.exe

C:\Windows\System\vBKeuyq.exe

C:\Windows\System\OvTKKdq.exe

C:\Windows\System\OvTKKdq.exe

C:\Windows\System\WcCMkqh.exe

C:\Windows\System\WcCMkqh.exe

C:\Windows\System\Rredxyi.exe

C:\Windows\System\Rredxyi.exe

C:\Windows\System\ahOgQGq.exe

C:\Windows\System\ahOgQGq.exe

C:\Windows\System\IruTQes.exe

C:\Windows\System\IruTQes.exe

C:\Windows\System\EUsOFTJ.exe

C:\Windows\System\EUsOFTJ.exe

C:\Windows\System\aaMxqEH.exe

C:\Windows\System\aaMxqEH.exe

C:\Windows\System\AUaPpVU.exe

C:\Windows\System\AUaPpVU.exe

C:\Windows\System\HVunzne.exe

C:\Windows\System\HVunzne.exe

C:\Windows\System\gSlGYbO.exe

C:\Windows\System\gSlGYbO.exe

C:\Windows\System\PylSwBX.exe

C:\Windows\System\PylSwBX.exe

C:\Windows\System\MyQwOeC.exe

C:\Windows\System\MyQwOeC.exe

C:\Windows\System\cgAtQpP.exe

C:\Windows\System\cgAtQpP.exe

C:\Windows\System\OJjLFqZ.exe

C:\Windows\System\OJjLFqZ.exe

C:\Windows\System\DLkGAVn.exe

C:\Windows\System\DLkGAVn.exe

C:\Windows\System\QNhpFzm.exe

C:\Windows\System\QNhpFzm.exe

C:\Windows\System\IDJxVOr.exe

C:\Windows\System\IDJxVOr.exe

C:\Windows\System\GgPOiNq.exe

C:\Windows\System\GgPOiNq.exe

C:\Windows\System\COYVxbo.exe

C:\Windows\System\COYVxbo.exe

C:\Windows\System\BnaaAOG.exe

C:\Windows\System\BnaaAOG.exe

C:\Windows\System\wrkNajY.exe

C:\Windows\System\wrkNajY.exe

C:\Windows\System\WRFZYRa.exe

C:\Windows\System\WRFZYRa.exe

C:\Windows\System\HQBFKpB.exe

C:\Windows\System\HQBFKpB.exe

C:\Windows\System\vQWiReZ.exe

C:\Windows\System\vQWiReZ.exe

C:\Windows\System\GKdAVBE.exe

C:\Windows\System\GKdAVBE.exe

C:\Windows\System\ihQGCDr.exe

C:\Windows\System\ihQGCDr.exe

C:\Windows\System\KUGECHd.exe

C:\Windows\System\KUGECHd.exe

C:\Windows\System\ZOEeJOF.exe

C:\Windows\System\ZOEeJOF.exe

C:\Windows\System\IZxWlbi.exe

C:\Windows\System\IZxWlbi.exe

C:\Windows\System\grpHsFN.exe

C:\Windows\System\grpHsFN.exe

C:\Windows\System\YaMBokE.exe

C:\Windows\System\YaMBokE.exe

C:\Windows\System\yUQFACu.exe

C:\Windows\System\yUQFACu.exe

C:\Windows\System\PkUcLeW.exe

C:\Windows\System\PkUcLeW.exe

C:\Windows\System\MwungrT.exe

C:\Windows\System\MwungrT.exe

C:\Windows\System\ervWWpc.exe

C:\Windows\System\ervWWpc.exe

C:\Windows\System\erJOGWz.exe

C:\Windows\System\erJOGWz.exe

C:\Windows\System\LqjaYzC.exe

C:\Windows\System\LqjaYzC.exe

C:\Windows\System\DWfHWuL.exe

C:\Windows\System\DWfHWuL.exe

C:\Windows\System\dQddpBu.exe

C:\Windows\System\dQddpBu.exe

C:\Windows\System\OuKHmdN.exe

C:\Windows\System\OuKHmdN.exe

C:\Windows\System\ZbbsuuP.exe

C:\Windows\System\ZbbsuuP.exe

C:\Windows\System\ZGnuyHJ.exe

C:\Windows\System\ZGnuyHJ.exe

C:\Windows\System\GxBWgTe.exe

C:\Windows\System\GxBWgTe.exe

C:\Windows\System\iYfXxgt.exe

C:\Windows\System\iYfXxgt.exe

C:\Windows\System\vFFNjJR.exe

C:\Windows\System\vFFNjJR.exe

C:\Windows\System\nVxAVzb.exe

C:\Windows\System\nVxAVzb.exe

C:\Windows\System\xEdYJkJ.exe

C:\Windows\System\xEdYJkJ.exe

C:\Windows\System\THwuIRv.exe

C:\Windows\System\THwuIRv.exe

C:\Windows\System\XzLcFkN.exe

C:\Windows\System\XzLcFkN.exe

C:\Windows\System\VdPRNIQ.exe

C:\Windows\System\VdPRNIQ.exe

C:\Windows\System\yfYMHPF.exe

C:\Windows\System\yfYMHPF.exe

C:\Windows\System\hnUCIEP.exe

C:\Windows\System\hnUCIEP.exe

C:\Windows\System\DTvpQxU.exe

C:\Windows\System\DTvpQxU.exe

C:\Windows\System\GTXoYIq.exe

C:\Windows\System\GTXoYIq.exe

C:\Windows\System\cgLuSER.exe

C:\Windows\System\cgLuSER.exe

C:\Windows\System\QJyBfkM.exe

C:\Windows\System\QJyBfkM.exe

C:\Windows\System\LPueWEV.exe

C:\Windows\System\LPueWEV.exe

C:\Windows\System\lxHSpko.exe

C:\Windows\System\lxHSpko.exe

C:\Windows\System\ARasjFo.exe

C:\Windows\System\ARasjFo.exe

C:\Windows\System\sQYQAqc.exe

C:\Windows\System\sQYQAqc.exe

C:\Windows\System\SvMkNbC.exe

C:\Windows\System\SvMkNbC.exe

C:\Windows\System\uLQCQbQ.exe

C:\Windows\System\uLQCQbQ.exe

C:\Windows\System\jVQdQlG.exe

C:\Windows\System\jVQdQlG.exe

C:\Windows\System\vSlBelt.exe

C:\Windows\System\vSlBelt.exe

C:\Windows\System\HjrDncl.exe

C:\Windows\System\HjrDncl.exe

C:\Windows\System\rcldCvU.exe

C:\Windows\System\rcldCvU.exe

C:\Windows\System\xpgcWLS.exe

C:\Windows\System\xpgcWLS.exe

C:\Windows\System\jxrwCRB.exe

C:\Windows\System\jxrwCRB.exe

C:\Windows\System\ROAZXuo.exe

C:\Windows\System\ROAZXuo.exe

C:\Windows\System\TaKWddw.exe

C:\Windows\System\TaKWddw.exe

C:\Windows\System\hymAizA.exe

C:\Windows\System\hymAizA.exe

C:\Windows\System\KNORuFZ.exe

C:\Windows\System\KNORuFZ.exe

C:\Windows\System\sGCpzgs.exe

C:\Windows\System\sGCpzgs.exe

C:\Windows\System\GFmgpkP.exe

C:\Windows\System\GFmgpkP.exe

C:\Windows\System\vmGwUea.exe

C:\Windows\System\vmGwUea.exe

C:\Windows\System\nesDAms.exe

C:\Windows\System\nesDAms.exe

C:\Windows\System\TUZgHba.exe

C:\Windows\System\TUZgHba.exe

C:\Windows\System\BMYcMqr.exe

C:\Windows\System\BMYcMqr.exe

C:\Windows\System\hWyqdgA.exe

C:\Windows\System\hWyqdgA.exe

C:\Windows\System\uMbGnXp.exe

C:\Windows\System\uMbGnXp.exe

C:\Windows\System\OrnPLbt.exe

C:\Windows\System\OrnPLbt.exe

C:\Windows\System\jrYGxWr.exe

C:\Windows\System\jrYGxWr.exe

C:\Windows\System\pCuHqhp.exe

C:\Windows\System\pCuHqhp.exe

C:\Windows\System\GNUwyHy.exe

C:\Windows\System\GNUwyHy.exe

C:\Windows\System\iFNvTYL.exe

C:\Windows\System\iFNvTYL.exe

C:\Windows\System\CQWqSmI.exe

C:\Windows\System\CQWqSmI.exe

C:\Windows\System\QpiJSXX.exe

C:\Windows\System\QpiJSXX.exe

C:\Windows\System\hTHEJnK.exe

C:\Windows\System\hTHEJnK.exe

C:\Windows\System\Qqiaugk.exe

C:\Windows\System\Qqiaugk.exe

C:\Windows\System\bBelXnF.exe

C:\Windows\System\bBelXnF.exe

C:\Windows\System\aQQWWSW.exe

C:\Windows\System\aQQWWSW.exe

C:\Windows\System\tYCmpCx.exe

C:\Windows\System\tYCmpCx.exe

C:\Windows\System\XfADuqX.exe

C:\Windows\System\XfADuqX.exe

C:\Windows\System\bBLrfrd.exe

C:\Windows\System\bBLrfrd.exe

C:\Windows\System\iaKrCfL.exe

C:\Windows\System\iaKrCfL.exe

C:\Windows\System\suQyTkP.exe

C:\Windows\System\suQyTkP.exe

C:\Windows\System\AjuENxs.exe

C:\Windows\System\AjuENxs.exe

C:\Windows\System\gboyKfF.exe

C:\Windows\System\gboyKfF.exe

C:\Windows\System\OgIwtaQ.exe

C:\Windows\System\OgIwtaQ.exe

C:\Windows\System\gjWqiqr.exe

C:\Windows\System\gjWqiqr.exe

C:\Windows\System\hhVJpXz.exe

C:\Windows\System\hhVJpXz.exe

C:\Windows\System\KMEDXkC.exe

C:\Windows\System\KMEDXkC.exe

C:\Windows\System\ffFbWHG.exe

C:\Windows\System\ffFbWHG.exe

C:\Windows\System\UdBORVl.exe

C:\Windows\System\UdBORVl.exe

C:\Windows\System\JtnXFJw.exe

C:\Windows\System\JtnXFJw.exe

C:\Windows\System\XdDUdNP.exe

C:\Windows\System\XdDUdNP.exe

C:\Windows\System\MCDJDOz.exe

C:\Windows\System\MCDJDOz.exe

C:\Windows\System\FGdgUPd.exe

C:\Windows\System\FGdgUPd.exe

C:\Windows\System\VLXaevW.exe

C:\Windows\System\VLXaevW.exe

C:\Windows\System\kUemDhu.exe

C:\Windows\System\kUemDhu.exe

C:\Windows\System\wzilVIj.exe

C:\Windows\System\wzilVIj.exe

C:\Windows\System\vjbVuer.exe

C:\Windows\System\vjbVuer.exe

C:\Windows\System\VLJNZRO.exe

C:\Windows\System\VLJNZRO.exe

C:\Windows\System\pmKTJoA.exe

C:\Windows\System\pmKTJoA.exe

C:\Windows\System\ZOFBOhS.exe

C:\Windows\System\ZOFBOhS.exe

C:\Windows\System\YomscbE.exe

C:\Windows\System\YomscbE.exe

C:\Windows\System\GdUHHDM.exe

C:\Windows\System\GdUHHDM.exe

C:\Windows\System\OlukoGz.exe

C:\Windows\System\OlukoGz.exe

C:\Windows\System\EamViFR.exe

C:\Windows\System\EamViFR.exe

C:\Windows\System\avdmZtG.exe

C:\Windows\System\avdmZtG.exe

C:\Windows\System\DYPehBP.exe

C:\Windows\System\DYPehBP.exe

C:\Windows\System\LxZxEdP.exe

C:\Windows\System\LxZxEdP.exe

C:\Windows\System\mbZojOf.exe

C:\Windows\System\mbZojOf.exe

C:\Windows\System\AscXIlT.exe

C:\Windows\System\AscXIlT.exe

C:\Windows\System\cAdHGNB.exe

C:\Windows\System\cAdHGNB.exe

C:\Windows\System\MOjoOPS.exe

C:\Windows\System\MOjoOPS.exe

C:\Windows\System\Nlqfcty.exe

C:\Windows\System\Nlqfcty.exe

C:\Windows\System\vtBHhNn.exe

C:\Windows\System\vtBHhNn.exe

C:\Windows\System\kgxzaCz.exe

C:\Windows\System\kgxzaCz.exe

C:\Windows\System\bpdrtqR.exe

C:\Windows\System\bpdrtqR.exe

C:\Windows\System\xkzmSom.exe

C:\Windows\System\xkzmSom.exe

C:\Windows\System\ndoVAlB.exe

C:\Windows\System\ndoVAlB.exe

C:\Windows\System\IVBZHUp.exe

C:\Windows\System\IVBZHUp.exe

C:\Windows\System\fvSywPX.exe

C:\Windows\System\fvSywPX.exe

C:\Windows\System\OSLNnIX.exe

C:\Windows\System\OSLNnIX.exe

C:\Windows\System\pXorWix.exe

C:\Windows\System\pXorWix.exe

C:\Windows\System\ShLuFeW.exe

C:\Windows\System\ShLuFeW.exe

C:\Windows\System\uwuaXeN.exe

C:\Windows\System\uwuaXeN.exe

C:\Windows\System\wBwxGbl.exe

C:\Windows\System\wBwxGbl.exe

C:\Windows\System\Gjcyrsw.exe

C:\Windows\System\Gjcyrsw.exe

C:\Windows\System\AxRzDwC.exe

C:\Windows\System\AxRzDwC.exe

C:\Windows\System\MlftVuQ.exe

C:\Windows\System\MlftVuQ.exe

C:\Windows\System\yxLwMOr.exe

C:\Windows\System\yxLwMOr.exe

C:\Windows\System\osLCBjb.exe

C:\Windows\System\osLCBjb.exe

C:\Windows\System\YpnDUpG.exe

C:\Windows\System\YpnDUpG.exe

C:\Windows\System\jGFOtOi.exe

C:\Windows\System\jGFOtOi.exe

C:\Windows\System\hpqgKDW.exe

C:\Windows\System\hpqgKDW.exe

C:\Windows\System\mmiicrA.exe

C:\Windows\System\mmiicrA.exe

C:\Windows\System\vHpulfs.exe

C:\Windows\System\vHpulfs.exe

C:\Windows\System\DxQaCrJ.exe

C:\Windows\System\DxQaCrJ.exe

C:\Windows\System\ghHeGPC.exe

C:\Windows\System\ghHeGPC.exe

C:\Windows\System\zktMZRr.exe

C:\Windows\System\zktMZRr.exe

C:\Windows\System\dxRQNEX.exe

C:\Windows\System\dxRQNEX.exe

C:\Windows\System\TtLBtdt.exe

C:\Windows\System\TtLBtdt.exe

C:\Windows\System\XqwvGJH.exe

C:\Windows\System\XqwvGJH.exe

C:\Windows\System\cXUYRNr.exe

C:\Windows\System\cXUYRNr.exe

C:\Windows\System\dKGRnrN.exe

C:\Windows\System\dKGRnrN.exe

C:\Windows\System\raDnFBw.exe

C:\Windows\System\raDnFBw.exe

C:\Windows\System\CysyMgj.exe

C:\Windows\System\CysyMgj.exe

C:\Windows\System\reJlJxj.exe

C:\Windows\System\reJlJxj.exe

C:\Windows\System\BLrrioG.exe

C:\Windows\System\BLrrioG.exe

C:\Windows\System\zugjtpg.exe

C:\Windows\System\zugjtpg.exe

C:\Windows\System\efWaWrM.exe

C:\Windows\System\efWaWrM.exe

C:\Windows\System\dvmIyrr.exe

C:\Windows\System\dvmIyrr.exe

C:\Windows\System\VgGRfWZ.exe

C:\Windows\System\VgGRfWZ.exe

C:\Windows\System\qDrukiM.exe

C:\Windows\System\qDrukiM.exe

C:\Windows\System\PhYSfTf.exe

C:\Windows\System\PhYSfTf.exe

C:\Windows\System\YLSLqed.exe

C:\Windows\System\YLSLqed.exe

C:\Windows\System\pVxaTJD.exe

C:\Windows\System\pVxaTJD.exe

C:\Windows\System\dhTLFsR.exe

C:\Windows\System\dhTLFsR.exe

C:\Windows\System\ruCQVNU.exe

C:\Windows\System\ruCQVNU.exe

C:\Windows\System\KZfuvok.exe

C:\Windows\System\KZfuvok.exe

C:\Windows\System\tyyYmDF.exe

C:\Windows\System\tyyYmDF.exe

C:\Windows\System\qfZscbx.exe

C:\Windows\System\qfZscbx.exe

C:\Windows\System\yKrbmiX.exe

C:\Windows\System\yKrbmiX.exe

C:\Windows\System\oUAjzUM.exe

C:\Windows\System\oUAjzUM.exe

C:\Windows\System\rAHFnnP.exe

C:\Windows\System\rAHFnnP.exe

C:\Windows\System\dPJedDC.exe

C:\Windows\System\dPJedDC.exe

C:\Windows\System\NbIuKDX.exe

C:\Windows\System\NbIuKDX.exe

C:\Windows\System\wCsnJEC.exe

C:\Windows\System\wCsnJEC.exe

C:\Windows\System\gTxXTwm.exe

C:\Windows\System\gTxXTwm.exe

C:\Windows\System\PZMYGHl.exe

C:\Windows\System\PZMYGHl.exe

C:\Windows\System\AZxgjoM.exe

C:\Windows\System\AZxgjoM.exe

C:\Windows\System\wXqmVDT.exe

C:\Windows\System\wXqmVDT.exe

C:\Windows\System\HYukYTd.exe

C:\Windows\System\HYukYTd.exe

C:\Windows\System\wxOlMwv.exe

C:\Windows\System\wxOlMwv.exe

C:\Windows\System\xyRGerm.exe

C:\Windows\System\xyRGerm.exe

C:\Windows\System\exoIIrH.exe

C:\Windows\System\exoIIrH.exe

C:\Windows\System\GlhwsJr.exe

C:\Windows\System\GlhwsJr.exe

C:\Windows\System\KYjNHTb.exe

C:\Windows\System\KYjNHTb.exe

C:\Windows\System\zVoCJzL.exe

C:\Windows\System\zVoCJzL.exe

C:\Windows\System\MHXdutK.exe

C:\Windows\System\MHXdutK.exe

C:\Windows\System\hcsuwZN.exe

C:\Windows\System\hcsuwZN.exe

C:\Windows\System\hCvKArL.exe

C:\Windows\System\hCvKArL.exe

C:\Windows\System\uaMQdFF.exe

C:\Windows\System\uaMQdFF.exe

C:\Windows\System\SNhjHcP.exe

C:\Windows\System\SNhjHcP.exe

C:\Windows\System\CgnyLrs.exe

C:\Windows\System\CgnyLrs.exe

C:\Windows\System\fuwkGNZ.exe

C:\Windows\System\fuwkGNZ.exe

C:\Windows\System\qfoGRMn.exe

C:\Windows\System\qfoGRMn.exe

C:\Windows\System\IMbswKp.exe

C:\Windows\System\IMbswKp.exe

C:\Windows\System\gydzunH.exe

C:\Windows\System\gydzunH.exe

C:\Windows\System\BnSCdPA.exe

C:\Windows\System\BnSCdPA.exe

C:\Windows\System\xWgODwc.exe

C:\Windows\System\xWgODwc.exe

C:\Windows\System\DLIfvER.exe

C:\Windows\System\DLIfvER.exe

C:\Windows\System\wWxwwDY.exe

C:\Windows\System\wWxwwDY.exe

C:\Windows\System\kEjAcad.exe

C:\Windows\System\kEjAcad.exe

C:\Windows\System\xsjaHtv.exe

C:\Windows\System\xsjaHtv.exe

C:\Windows\System\DTxiACF.exe

C:\Windows\System\DTxiACF.exe

C:\Windows\System\DqhbDfT.exe

C:\Windows\System\DqhbDfT.exe

C:\Windows\System\qdegKXL.exe

C:\Windows\System\qdegKXL.exe

C:\Windows\System\JVrsENm.exe

C:\Windows\System\JVrsENm.exe

C:\Windows\System\MTPtfuP.exe

C:\Windows\System\MTPtfuP.exe

C:\Windows\System\CZGunFK.exe

C:\Windows\System\CZGunFK.exe

C:\Windows\System\AYACWxC.exe

C:\Windows\System\AYACWxC.exe

C:\Windows\System\TugMvND.exe

C:\Windows\System\TugMvND.exe

C:\Windows\System\tHNobGk.exe

C:\Windows\System\tHNobGk.exe

C:\Windows\System\wSVIqrX.exe

C:\Windows\System\wSVIqrX.exe

C:\Windows\System\xJAerBq.exe

C:\Windows\System\xJAerBq.exe

C:\Windows\System\EiBDrog.exe

C:\Windows\System\EiBDrog.exe

C:\Windows\System\qmabmyr.exe

C:\Windows\System\qmabmyr.exe

C:\Windows\System\yxYYxXy.exe

C:\Windows\System\yxYYxXy.exe

C:\Windows\System\XMsixLH.exe

C:\Windows\System\XMsixLH.exe

C:\Windows\System\dOeFLHZ.exe

C:\Windows\System\dOeFLHZ.exe

C:\Windows\System\aYcYxbz.exe

C:\Windows\System\aYcYxbz.exe

C:\Windows\System\PiVOJvI.exe

C:\Windows\System\PiVOJvI.exe

C:\Windows\System\RBxBduZ.exe

C:\Windows\System\RBxBduZ.exe

C:\Windows\System\kwyLCUD.exe

C:\Windows\System\kwyLCUD.exe

C:\Windows\System\FkzTsvC.exe

C:\Windows\System\FkzTsvC.exe

C:\Windows\System\cTbaejA.exe

C:\Windows\System\cTbaejA.exe

C:\Windows\System\nxHUzFS.exe

C:\Windows\System\nxHUzFS.exe

C:\Windows\System\LAHqRKj.exe

C:\Windows\System\LAHqRKj.exe

C:\Windows\System\ELQIxiZ.exe

C:\Windows\System\ELQIxiZ.exe

C:\Windows\System\ZgsEXdb.exe

C:\Windows\System\ZgsEXdb.exe

C:\Windows\System\ZcHrWWe.exe

C:\Windows\System\ZcHrWWe.exe

C:\Windows\System\KkvSloF.exe

C:\Windows\System\KkvSloF.exe

C:\Windows\System\vzltPAg.exe

C:\Windows\System\vzltPAg.exe

C:\Windows\System\wFLXvZC.exe

C:\Windows\System\wFLXvZC.exe

C:\Windows\System\gnaJbJs.exe

C:\Windows\System\gnaJbJs.exe

C:\Windows\System\miIiXaM.exe

C:\Windows\System\miIiXaM.exe

C:\Windows\System\RAOvyiA.exe

C:\Windows\System\RAOvyiA.exe

C:\Windows\System\qLMsUFw.exe

C:\Windows\System\qLMsUFw.exe

C:\Windows\System\DEczibB.exe

C:\Windows\System\DEczibB.exe

C:\Windows\System\tqwmuJT.exe

C:\Windows\System\tqwmuJT.exe

C:\Windows\System\MvBjHfi.exe

C:\Windows\System\MvBjHfi.exe

C:\Windows\System\ttYzciF.exe

C:\Windows\System\ttYzciF.exe

C:\Windows\System\JnCnWJK.exe

C:\Windows\System\JnCnWJK.exe

C:\Windows\System\GfMwwBD.exe

C:\Windows\System\GfMwwBD.exe

C:\Windows\System\vSFmZAX.exe

C:\Windows\System\vSFmZAX.exe

C:\Windows\System\wiTeBpK.exe

C:\Windows\System\wiTeBpK.exe

C:\Windows\System\MhWXRVl.exe

C:\Windows\System\MhWXRVl.exe

C:\Windows\System\pXXAfgx.exe

C:\Windows\System\pXXAfgx.exe

C:\Windows\System\nxTBeGm.exe

C:\Windows\System\nxTBeGm.exe

C:\Windows\System\JKIhykK.exe

C:\Windows\System\JKIhykK.exe

C:\Windows\System\YTaOzAP.exe

C:\Windows\System\YTaOzAP.exe

C:\Windows\System\DdljXTO.exe

C:\Windows\System\DdljXTO.exe

C:\Windows\System\xOXZOxH.exe

C:\Windows\System\xOXZOxH.exe

C:\Windows\System\fOloMsu.exe

C:\Windows\System\fOloMsu.exe

C:\Windows\System\KDKPsGn.exe

C:\Windows\System\KDKPsGn.exe

C:\Windows\System\LCzwKmt.exe

C:\Windows\System\LCzwKmt.exe

C:\Windows\System\feVGTIS.exe

C:\Windows\System\feVGTIS.exe

C:\Windows\System\avPLclR.exe

C:\Windows\System\avPLclR.exe

C:\Windows\System\kyLCKML.exe

C:\Windows\System\kyLCKML.exe

C:\Windows\System\ZXVtrZl.exe

C:\Windows\System\ZXVtrZl.exe

C:\Windows\System\hjENZPd.exe

C:\Windows\System\hjENZPd.exe

C:\Windows\System\vSePSVl.exe

C:\Windows\System\vSePSVl.exe

C:\Windows\System\izeTkZe.exe

C:\Windows\System\izeTkZe.exe

C:\Windows\System\rhWVfhO.exe

C:\Windows\System\rhWVfhO.exe

C:\Windows\System\KcngMWA.exe

C:\Windows\System\KcngMWA.exe

C:\Windows\System\WnBVNkE.exe

C:\Windows\System\WnBVNkE.exe

C:\Windows\System\ResSTLm.exe

C:\Windows\System\ResSTLm.exe

C:\Windows\System\DDgmzql.exe

C:\Windows\System\DDgmzql.exe

C:\Windows\System\ewIgrKD.exe

C:\Windows\System\ewIgrKD.exe

C:\Windows\System\aEcRJRv.exe

C:\Windows\System\aEcRJRv.exe

C:\Windows\System\AounDrV.exe

C:\Windows\System\AounDrV.exe

C:\Windows\System\BDyjhXK.exe

C:\Windows\System\BDyjhXK.exe

C:\Windows\System\AZMyLmU.exe

C:\Windows\System\AZMyLmU.exe

C:\Windows\System\YIJjeES.exe

C:\Windows\System\YIJjeES.exe

C:\Windows\System\eiqIoGL.exe

C:\Windows\System\eiqIoGL.exe

C:\Windows\System\oCBHtNt.exe

C:\Windows\System\oCBHtNt.exe

C:\Windows\System\toePHUh.exe

C:\Windows\System\toePHUh.exe

C:\Windows\System\jJmbOfW.exe

C:\Windows\System\jJmbOfW.exe

C:\Windows\System\WRYkyMU.exe

C:\Windows\System\WRYkyMU.exe

C:\Windows\System\GhwiccQ.exe

C:\Windows\System\GhwiccQ.exe

C:\Windows\System\isPTEUE.exe

C:\Windows\System\isPTEUE.exe

C:\Windows\System\JIOwDwE.exe

C:\Windows\System\JIOwDwE.exe

C:\Windows\System\QZsoUtx.exe

C:\Windows\System\QZsoUtx.exe

C:\Windows\System\SrTWvUp.exe

C:\Windows\System\SrTWvUp.exe

C:\Windows\System\doUGlRj.exe

C:\Windows\System\doUGlRj.exe

C:\Windows\System\OjlHbOl.exe

C:\Windows\System\OjlHbOl.exe

C:\Windows\System\BYhkxkU.exe

C:\Windows\System\BYhkxkU.exe

C:\Windows\System\VzErERO.exe

C:\Windows\System\VzErERO.exe

C:\Windows\System\zgPmSkK.exe

C:\Windows\System\zgPmSkK.exe

C:\Windows\System\iPERlqa.exe

C:\Windows\System\iPERlqa.exe

C:\Windows\System\YRuSYDY.exe

C:\Windows\System\YRuSYDY.exe

C:\Windows\System\wilXsmk.exe

C:\Windows\System\wilXsmk.exe

C:\Windows\System\EscPkHQ.exe

C:\Windows\System\EscPkHQ.exe

C:\Windows\System\rgJmuUC.exe

C:\Windows\System\rgJmuUC.exe

C:\Windows\System\ILWxvyE.exe

C:\Windows\System\ILWxvyE.exe

C:\Windows\System\qAhzUUx.exe

C:\Windows\System\qAhzUUx.exe

C:\Windows\System\ZyiFgRB.exe

C:\Windows\System\ZyiFgRB.exe

C:\Windows\System\uUhXVhQ.exe

C:\Windows\System\uUhXVhQ.exe

C:\Windows\System\XdNpVTW.exe

C:\Windows\System\XdNpVTW.exe

C:\Windows\System\RdQiZtn.exe

C:\Windows\System\RdQiZtn.exe

C:\Windows\System\vWyrQIv.exe

C:\Windows\System\vWyrQIv.exe

C:\Windows\System\GhaHgbY.exe

C:\Windows\System\GhaHgbY.exe

C:\Windows\System\whSwUui.exe

C:\Windows\System\whSwUui.exe

C:\Windows\System\OcOQkbv.exe

C:\Windows\System\OcOQkbv.exe

C:\Windows\System\SxiwpdA.exe

C:\Windows\System\SxiwpdA.exe

C:\Windows\System\RQIRlDi.exe

C:\Windows\System\RQIRlDi.exe

C:\Windows\System\vcbNOCS.exe

C:\Windows\System\vcbNOCS.exe

C:\Windows\System\SKmqiod.exe

C:\Windows\System\SKmqiod.exe

C:\Windows\System\TSxUbeE.exe

C:\Windows\System\TSxUbeE.exe

C:\Windows\System\SiOHEzv.exe

C:\Windows\System\SiOHEzv.exe

C:\Windows\System\DeLyzJE.exe

C:\Windows\System\DeLyzJE.exe

C:\Windows\System\JjLRaOT.exe

C:\Windows\System\JjLRaOT.exe

C:\Windows\System\bCKMkMW.exe

C:\Windows\System\bCKMkMW.exe

C:\Windows\System\oLEwsIj.exe

C:\Windows\System\oLEwsIj.exe

C:\Windows\System\TdyuJsQ.exe

C:\Windows\System\TdyuJsQ.exe

C:\Windows\System\eeqYFRa.exe

C:\Windows\System\eeqYFRa.exe

C:\Windows\System\LXARhFJ.exe

C:\Windows\System\LXARhFJ.exe

C:\Windows\System\WKTRYzT.exe

C:\Windows\System\WKTRYzT.exe

C:\Windows\System\NgsEtjg.exe

C:\Windows\System\NgsEtjg.exe

C:\Windows\System\yoLomHD.exe

C:\Windows\System\yoLomHD.exe

C:\Windows\System\iuAHPXT.exe

C:\Windows\System\iuAHPXT.exe

C:\Windows\System\ZuYaZNz.exe

C:\Windows\System\ZuYaZNz.exe

C:\Windows\System\iBYjlXg.exe

C:\Windows\System\iBYjlXg.exe

C:\Windows\System\eUhROVl.exe

C:\Windows\System\eUhROVl.exe

C:\Windows\System\mwjIxkw.exe

C:\Windows\System\mwjIxkw.exe

C:\Windows\System\fTDZkXx.exe

C:\Windows\System\fTDZkXx.exe

C:\Windows\System\iiployl.exe

C:\Windows\System\iiployl.exe

C:\Windows\System\VqNgdnI.exe

C:\Windows\System\VqNgdnI.exe

C:\Windows\System\AFifZbc.exe

C:\Windows\System\AFifZbc.exe

C:\Windows\System\zkgsXrF.exe

C:\Windows\System\zkgsXrF.exe

C:\Windows\System\KRAYkrS.exe

C:\Windows\System\KRAYkrS.exe

C:\Windows\System\zLkjrul.exe

C:\Windows\System\zLkjrul.exe

C:\Windows\System\HboxYWM.exe

C:\Windows\System\HboxYWM.exe

C:\Windows\System\yVJrWfn.exe

C:\Windows\System\yVJrWfn.exe

C:\Windows\System\AbuDBpx.exe

C:\Windows\System\AbuDBpx.exe

C:\Windows\System\HUnyYaS.exe

C:\Windows\System\HUnyYaS.exe

C:\Windows\System\AytAYkm.exe

C:\Windows\System\AytAYkm.exe

C:\Windows\System\FmJdeis.exe

C:\Windows\System\FmJdeis.exe

C:\Windows\System\Ftdaksn.exe

C:\Windows\System\Ftdaksn.exe

C:\Windows\System\oHVvrLR.exe

C:\Windows\System\oHVvrLR.exe

C:\Windows\System\dUSBrCp.exe

C:\Windows\System\dUSBrCp.exe

C:\Windows\System\biCyhft.exe

C:\Windows\System\biCyhft.exe

C:\Windows\System\SCtfucN.exe

C:\Windows\System\SCtfucN.exe

C:\Windows\System\dCRhPfE.exe

C:\Windows\System\dCRhPfE.exe

C:\Windows\System\xPssyFr.exe

C:\Windows\System\xPssyFr.exe

C:\Windows\System\DfjVWEH.exe

C:\Windows\System\DfjVWEH.exe

C:\Windows\System\iwQmycD.exe

C:\Windows\System\iwQmycD.exe

C:\Windows\System\yzcYQPi.exe

C:\Windows\System\yzcYQPi.exe

C:\Windows\System\aHCkyHi.exe

C:\Windows\System\aHCkyHi.exe

C:\Windows\System\lSqkHRe.exe

C:\Windows\System\lSqkHRe.exe

C:\Windows\System\HDxkWUI.exe

C:\Windows\System\HDxkWUI.exe

C:\Windows\System\kgfyOeM.exe

C:\Windows\System\kgfyOeM.exe

C:\Windows\System\YRSHgUI.exe

C:\Windows\System\YRSHgUI.exe

C:\Windows\System\nmIEFbx.exe

C:\Windows\System\nmIEFbx.exe

C:\Windows\System\uDNuNOB.exe

C:\Windows\System\uDNuNOB.exe

C:\Windows\System\pBXmnZu.exe

C:\Windows\System\pBXmnZu.exe

C:\Windows\System\VQBugMH.exe

C:\Windows\System\VQBugMH.exe

C:\Windows\System\xbMGQQw.exe

C:\Windows\System\xbMGQQw.exe

C:\Windows\System\tfJzBok.exe

C:\Windows\System\tfJzBok.exe

C:\Windows\System\vCxYOLt.exe

C:\Windows\System\vCxYOLt.exe

C:\Windows\System\XJziZgt.exe

C:\Windows\System\XJziZgt.exe

C:\Windows\System\vDadzXY.exe

C:\Windows\System\vDadzXY.exe

C:\Windows\System\faBMhyw.exe

C:\Windows\System\faBMhyw.exe

C:\Windows\System\LNzrous.exe

C:\Windows\System\LNzrous.exe

C:\Windows\System\dOzucOO.exe

C:\Windows\System\dOzucOO.exe

C:\Windows\System\icmYuOM.exe

C:\Windows\System\icmYuOM.exe

C:\Windows\System\XizyCbJ.exe

C:\Windows\System\XizyCbJ.exe

C:\Windows\System\kIxWhuq.exe

C:\Windows\System\kIxWhuq.exe

C:\Windows\System\eyuCTcD.exe

C:\Windows\System\eyuCTcD.exe

C:\Windows\System\rKDkztY.exe

C:\Windows\System\rKDkztY.exe

C:\Windows\System\iWRCQEa.exe

C:\Windows\System\iWRCQEa.exe

C:\Windows\System\RJgRQhc.exe

C:\Windows\System\RJgRQhc.exe

C:\Windows\System\PpPSfQb.exe

C:\Windows\System\PpPSfQb.exe

C:\Windows\System\UgOvSlv.exe

C:\Windows\System\UgOvSlv.exe

C:\Windows\System\UGWCJKl.exe

C:\Windows\System\UGWCJKl.exe

C:\Windows\System\SNpBtIU.exe

C:\Windows\System\SNpBtIU.exe

C:\Windows\System\ljRzuov.exe

C:\Windows\System\ljRzuov.exe

C:\Windows\System\NMXrEXd.exe

C:\Windows\System\NMXrEXd.exe

C:\Windows\System\TRzlOBY.exe

C:\Windows\System\TRzlOBY.exe

C:\Windows\System\riTvAtw.exe

C:\Windows\System\riTvAtw.exe

C:\Windows\System\qDXgWZy.exe

C:\Windows\System\qDXgWZy.exe

C:\Windows\System\OwAtZHY.exe

C:\Windows\System\OwAtZHY.exe

C:\Windows\System\HJBTKjH.exe

C:\Windows\System\HJBTKjH.exe

C:\Windows\System\QURSMNu.exe

C:\Windows\System\QURSMNu.exe

C:\Windows\System\cbQAckd.exe

C:\Windows\System\cbQAckd.exe

C:\Windows\System\LKwffID.exe

C:\Windows\System\LKwffID.exe

C:\Windows\System\EOuzbKZ.exe

C:\Windows\System\EOuzbKZ.exe

C:\Windows\System\GRFWuqP.exe

C:\Windows\System\GRFWuqP.exe

C:\Windows\System\PbbCfUy.exe

C:\Windows\System\PbbCfUy.exe

C:\Windows\System\fLTXptG.exe

C:\Windows\System\fLTXptG.exe

C:\Windows\System\xWMgMpJ.exe

C:\Windows\System\xWMgMpJ.exe

C:\Windows\System\kRWOyxO.exe

C:\Windows\System\kRWOyxO.exe

C:\Windows\System\pqoHSNC.exe

C:\Windows\System\pqoHSNC.exe

C:\Windows\System\npHYBIr.exe

C:\Windows\System\npHYBIr.exe

C:\Windows\System\IflMAgK.exe

C:\Windows\System\IflMAgK.exe

C:\Windows\System\qTvRkYz.exe

C:\Windows\System\qTvRkYz.exe

C:\Windows\System\TMPGcPt.exe

C:\Windows\System\TMPGcPt.exe

C:\Windows\System\DnbAeGS.exe

C:\Windows\System\DnbAeGS.exe

C:\Windows\System\TyKArlS.exe

C:\Windows\System\TyKArlS.exe

C:\Windows\System\tTpLqgV.exe

C:\Windows\System\tTpLqgV.exe

C:\Windows\System\FEFPldm.exe

C:\Windows\System\FEFPldm.exe

C:\Windows\System\RIoVSmP.exe

C:\Windows\System\RIoVSmP.exe

C:\Windows\System\IPiDIuv.exe

C:\Windows\System\IPiDIuv.exe

C:\Windows\System\bMJMmXX.exe

C:\Windows\System\bMJMmXX.exe

C:\Windows\System\KxaagoI.exe

C:\Windows\System\KxaagoI.exe

C:\Windows\System\ntbzPPL.exe

C:\Windows\System\ntbzPPL.exe

C:\Windows\System\QSQYyvO.exe

C:\Windows\System\QSQYyvO.exe

C:\Windows\System\kwPvEnz.exe

C:\Windows\System\kwPvEnz.exe

C:\Windows\System\iigCJMv.exe

C:\Windows\System\iigCJMv.exe

C:\Windows\System\PSXPZqV.exe

C:\Windows\System\PSXPZqV.exe

C:\Windows\System\QRzWaSd.exe

C:\Windows\System\QRzWaSd.exe

C:\Windows\System\QkkDNwA.exe

C:\Windows\System\QkkDNwA.exe

C:\Windows\System\bTSkXSN.exe

C:\Windows\System\bTSkXSN.exe

C:\Windows\System\ZzJYWoS.exe

C:\Windows\System\ZzJYWoS.exe

C:\Windows\System\lvcForW.exe

C:\Windows\System\lvcForW.exe

C:\Windows\System\fDXcdcD.exe

C:\Windows\System\fDXcdcD.exe

C:\Windows\System\YKRhfOT.exe

C:\Windows\System\YKRhfOT.exe

C:\Windows\System\qugBdTy.exe

C:\Windows\System\qugBdTy.exe

C:\Windows\System\EfvREhe.exe

C:\Windows\System\EfvREhe.exe

C:\Windows\System\AgBBDWG.exe

C:\Windows\System\AgBBDWG.exe

C:\Windows\System\PjNYUti.exe

C:\Windows\System\PjNYUti.exe

C:\Windows\System\vMAdEJG.exe

C:\Windows\System\vMAdEJG.exe

C:\Windows\System\ZewTwsd.exe

C:\Windows\System\ZewTwsd.exe

C:\Windows\System\BTnzybo.exe

C:\Windows\System\BTnzybo.exe

C:\Windows\System\vkPJbuR.exe

C:\Windows\System\vkPJbuR.exe

C:\Windows\System\OqmTirG.exe

C:\Windows\System\OqmTirG.exe

C:\Windows\System\HETeUMq.exe

C:\Windows\System\HETeUMq.exe

C:\Windows\System\DZbmHMS.exe

C:\Windows\System\DZbmHMS.exe

C:\Windows\System\ZMScrcl.exe

C:\Windows\System\ZMScrcl.exe

C:\Windows\System\nyzNGoD.exe

C:\Windows\System\nyzNGoD.exe

C:\Windows\System\JcBStqt.exe

C:\Windows\System\JcBStqt.exe

C:\Windows\System\atnjsYh.exe

C:\Windows\System\atnjsYh.exe

C:\Windows\System\hYaFjaY.exe

C:\Windows\System\hYaFjaY.exe

C:\Windows\System\blKEySk.exe

C:\Windows\System\blKEySk.exe

C:\Windows\System\SPFjkyC.exe

C:\Windows\System\SPFjkyC.exe

C:\Windows\System\vkaYfMg.exe

C:\Windows\System\vkaYfMg.exe

C:\Windows\System\YRbLeqT.exe

C:\Windows\System\YRbLeqT.exe

C:\Windows\System\qMoufHD.exe

C:\Windows\System\qMoufHD.exe

C:\Windows\System\DTWCPSE.exe

C:\Windows\System\DTWCPSE.exe

C:\Windows\System\scAlilG.exe

C:\Windows\System\scAlilG.exe

C:\Windows\System\KgPMtOT.exe

C:\Windows\System\KgPMtOT.exe

C:\Windows\System\ZhtgzsF.exe

C:\Windows\System\ZhtgzsF.exe

C:\Windows\System\cfSbeJH.exe

C:\Windows\System\cfSbeJH.exe

C:\Windows\System\TvXijjr.exe

C:\Windows\System\TvXijjr.exe

C:\Windows\System\dcYpKpm.exe

C:\Windows\System\dcYpKpm.exe

C:\Windows\System\agNQSeo.exe

C:\Windows\System\agNQSeo.exe

C:\Windows\System\ALiTUgE.exe

C:\Windows\System\ALiTUgE.exe

C:\Windows\System\MLNMpaA.exe

C:\Windows\System\MLNMpaA.exe

C:\Windows\System\FoDfejG.exe

C:\Windows\System\FoDfejG.exe

C:\Windows\System\nBYwWMt.exe

C:\Windows\System\nBYwWMt.exe

C:\Windows\System\jdaCvkG.exe

C:\Windows\System\jdaCvkG.exe

C:\Windows\System\IWcAOuW.exe

C:\Windows\System\IWcAOuW.exe

C:\Windows\System\dclkINN.exe

C:\Windows\System\dclkINN.exe

C:\Windows\System\YxIgcbu.exe

C:\Windows\System\YxIgcbu.exe

C:\Windows\System\qBeIpKL.exe

C:\Windows\System\qBeIpKL.exe

C:\Windows\System\gKYnOif.exe

C:\Windows\System\gKYnOif.exe

C:\Windows\System\BLOkdui.exe

C:\Windows\System\BLOkdui.exe

C:\Windows\System\unROEPw.exe

C:\Windows\System\unROEPw.exe

C:\Windows\System\LCPEuUV.exe

C:\Windows\System\LCPEuUV.exe

C:\Windows\System\HieQdAm.exe

C:\Windows\System\HieQdAm.exe

C:\Windows\System\hjHmCTa.exe

C:\Windows\System\hjHmCTa.exe

C:\Windows\System\AkYFIUm.exe

C:\Windows\System\AkYFIUm.exe

C:\Windows\System\QutqqrF.exe

C:\Windows\System\QutqqrF.exe

C:\Windows\System\DQVQvbA.exe

C:\Windows\System\DQVQvbA.exe

C:\Windows\System\OCBTers.exe

C:\Windows\System\OCBTers.exe

C:\Windows\System\mbGFzzU.exe

C:\Windows\System\mbGFzzU.exe

C:\Windows\System\cGdHZUr.exe

C:\Windows\System\cGdHZUr.exe

C:\Windows\System\UJImRdr.exe

C:\Windows\System\UJImRdr.exe

C:\Windows\System\vdFvBOI.exe

C:\Windows\System\vdFvBOI.exe

C:\Windows\System\hydYLbF.exe

C:\Windows\System\hydYLbF.exe

C:\Windows\System\xrIJXLu.exe

C:\Windows\System\xrIJXLu.exe

C:\Windows\System\ItHvhrj.exe

C:\Windows\System\ItHvhrj.exe

C:\Windows\System\bdkNIFx.exe

C:\Windows\System\bdkNIFx.exe

C:\Windows\System\WigLeiL.exe

C:\Windows\System\WigLeiL.exe

C:\Windows\System\XUDKRdC.exe

C:\Windows\System\XUDKRdC.exe

C:\Windows\System\uBoQyLV.exe

C:\Windows\System\uBoQyLV.exe

C:\Windows\System\wuQwSgv.exe

C:\Windows\System\wuQwSgv.exe

C:\Windows\System\ZXtHkAa.exe

C:\Windows\System\ZXtHkAa.exe

C:\Windows\System\NiPEybp.exe

C:\Windows\System\NiPEybp.exe

C:\Windows\System\TAOugxA.exe

C:\Windows\System\TAOugxA.exe

C:\Windows\System\enQtXPc.exe

C:\Windows\System\enQtXPc.exe

C:\Windows\System\jtkTKYc.exe

C:\Windows\System\jtkTKYc.exe

C:\Windows\System\fJhAZkK.exe

C:\Windows\System\fJhAZkK.exe

C:\Windows\System\izOasUU.exe

C:\Windows\System\izOasUU.exe

C:\Windows\System\ZjtJyao.exe

C:\Windows\System\ZjtJyao.exe

C:\Windows\System\neCcSBg.exe

C:\Windows\System\neCcSBg.exe

C:\Windows\System\wqqEHuA.exe

C:\Windows\System\wqqEHuA.exe

C:\Windows\System\jVCqpPL.exe

C:\Windows\System\jVCqpPL.exe

C:\Windows\System\SDzRSlM.exe

C:\Windows\System\SDzRSlM.exe

C:\Windows\System\ribvdRZ.exe

C:\Windows\System\ribvdRZ.exe

C:\Windows\System\ApantfD.exe

C:\Windows\System\ApantfD.exe

C:\Windows\System\ykSZzFK.exe

C:\Windows\System\ykSZzFK.exe

C:\Windows\System\kkrmVPj.exe

C:\Windows\System\kkrmVPj.exe

C:\Windows\System\JqmgSKy.exe

C:\Windows\System\JqmgSKy.exe

C:\Windows\System\uhuXErD.exe

C:\Windows\System\uhuXErD.exe

C:\Windows\System\BVRcqfg.exe

C:\Windows\System\BVRcqfg.exe

C:\Windows\System\TKiefxK.exe

C:\Windows\System\TKiefxK.exe

C:\Windows\System\OHBZdZO.exe

C:\Windows\System\OHBZdZO.exe

C:\Windows\System\ClOKLAu.exe

C:\Windows\System\ClOKLAu.exe

C:\Windows\System\ITPJfuW.exe

C:\Windows\System\ITPJfuW.exe

C:\Windows\System\WwMLoMO.exe

C:\Windows\System\WwMLoMO.exe

C:\Windows\System\aXzpCpX.exe

C:\Windows\System\aXzpCpX.exe

C:\Windows\System\tshhyXg.exe

C:\Windows\System\tshhyXg.exe

C:\Windows\System\SmxrBLa.exe

C:\Windows\System\SmxrBLa.exe

C:\Windows\System\RptOBGA.exe

C:\Windows\System\RptOBGA.exe

C:\Windows\System\jzfWUrf.exe

C:\Windows\System\jzfWUrf.exe

C:\Windows\System\xkfocqK.exe

C:\Windows\System\xkfocqK.exe

C:\Windows\System\FUHLfot.exe

C:\Windows\System\FUHLfot.exe

C:\Windows\System\FMCSUqv.exe

C:\Windows\System\FMCSUqv.exe

C:\Windows\System\OrtnhSo.exe

C:\Windows\System\OrtnhSo.exe

C:\Windows\System\nkzcvUC.exe

C:\Windows\System\nkzcvUC.exe

C:\Windows\System\UfGxVkZ.exe

C:\Windows\System\UfGxVkZ.exe

C:\Windows\System\tVpHkQn.exe

C:\Windows\System\tVpHkQn.exe

C:\Windows\System\mhPCtqY.exe

C:\Windows\System\mhPCtqY.exe

C:\Windows\System\yrAEiIi.exe

C:\Windows\System\yrAEiIi.exe

C:\Windows\System\RzvrfYO.exe

C:\Windows\System\RzvrfYO.exe

C:\Windows\System\MPBRvLr.exe

C:\Windows\System\MPBRvLr.exe

C:\Windows\System\ShPwaBZ.exe

C:\Windows\System\ShPwaBZ.exe

C:\Windows\System\ONIlSib.exe

C:\Windows\System\ONIlSib.exe

C:\Windows\System\EiZrMYk.exe

C:\Windows\System\EiZrMYk.exe

C:\Windows\System\TAwiQVz.exe

C:\Windows\System\TAwiQVz.exe

C:\Windows\System\LAnEkda.exe

C:\Windows\System\LAnEkda.exe

C:\Windows\System\iYfnPFc.exe

C:\Windows\System\iYfnPFc.exe

C:\Windows\System\keZIUmG.exe

C:\Windows\System\keZIUmG.exe

C:\Windows\System\PcYAXHS.exe

C:\Windows\System\PcYAXHS.exe

C:\Windows\System\ezRAgDd.exe

C:\Windows\System\ezRAgDd.exe

C:\Windows\System\gFIpaTa.exe

C:\Windows\System\gFIpaTa.exe

C:\Windows\System\CDHPWxy.exe

C:\Windows\System\CDHPWxy.exe

C:\Windows\System\NsNgAoz.exe

C:\Windows\System\NsNgAoz.exe

C:\Windows\System\XihPEHG.exe

C:\Windows\System\XihPEHG.exe

C:\Windows\System\pMVCeGK.exe

C:\Windows\System\pMVCeGK.exe

C:\Windows\System\YubaRCc.exe

C:\Windows\System\YubaRCc.exe

C:\Windows\System\xzFKoIm.exe

C:\Windows\System\xzFKoIm.exe

C:\Windows\System\WaVsKka.exe

C:\Windows\System\WaVsKka.exe

C:\Windows\System\pMGgpyn.exe

C:\Windows\System\pMGgpyn.exe

C:\Windows\System\BwBHjfx.exe

C:\Windows\System\BwBHjfx.exe

C:\Windows\System\llMiMhZ.exe

C:\Windows\System\llMiMhZ.exe

C:\Windows\System\AJgHaYM.exe

C:\Windows\System\AJgHaYM.exe

C:\Windows\System\adIgLQT.exe

C:\Windows\System\adIgLQT.exe

C:\Windows\System\SuIJhpb.exe

C:\Windows\System\SuIJhpb.exe

C:\Windows\System\rnfqUOh.exe

C:\Windows\System\rnfqUOh.exe

C:\Windows\System\GoTJAPa.exe

C:\Windows\System\GoTJAPa.exe

C:\Windows\System\jWqLlSa.exe

C:\Windows\System\jWqLlSa.exe

C:\Windows\System\jEmWQDq.exe

C:\Windows\System\jEmWQDq.exe

C:\Windows\System\nAehfZH.exe

C:\Windows\System\nAehfZH.exe

C:\Windows\System\LZLOMQA.exe

C:\Windows\System\LZLOMQA.exe

C:\Windows\System\XFuCRva.exe

C:\Windows\System\XFuCRva.exe

C:\Windows\System\CKbMJVQ.exe

C:\Windows\System\CKbMJVQ.exe

C:\Windows\System\MRoSXbm.exe

C:\Windows\System\MRoSXbm.exe

C:\Windows\System\aPKOUZm.exe

C:\Windows\System\aPKOUZm.exe

C:\Windows\System\pCAaymw.exe

C:\Windows\System\pCAaymw.exe

C:\Windows\System\RtzjyXW.exe

C:\Windows\System\RtzjyXW.exe

C:\Windows\System\fPKZNvw.exe

C:\Windows\System\fPKZNvw.exe

C:\Windows\System\YlnUtGK.exe

C:\Windows\System\YlnUtGK.exe

C:\Windows\System\CkfrCKo.exe

C:\Windows\System\CkfrCKo.exe

C:\Windows\System\kEcCLsP.exe

C:\Windows\System\kEcCLsP.exe

C:\Windows\System\pHWqNhB.exe

C:\Windows\System\pHWqNhB.exe

C:\Windows\System\nkWvgxp.exe

C:\Windows\System\nkWvgxp.exe

C:\Windows\System\BvmAsrT.exe

C:\Windows\System\BvmAsrT.exe

C:\Windows\System\UHyPnSS.exe

C:\Windows\System\UHyPnSS.exe

C:\Windows\System\YEpsvne.exe

C:\Windows\System\YEpsvne.exe

C:\Windows\System\oWTzdyt.exe

C:\Windows\System\oWTzdyt.exe

C:\Windows\System\PGldZWh.exe

C:\Windows\System\PGldZWh.exe

C:\Windows\System\rKkXLlC.exe

C:\Windows\System\rKkXLlC.exe

C:\Windows\System\oBjmAyx.exe

C:\Windows\System\oBjmAyx.exe

C:\Windows\System\uTIiRfP.exe

C:\Windows\System\uTIiRfP.exe

C:\Windows\System\GZssaTG.exe

C:\Windows\System\GZssaTG.exe

C:\Windows\System\ZKLIfpH.exe

C:\Windows\System\ZKLIfpH.exe

C:\Windows\System\rvOZtZG.exe

C:\Windows\System\rvOZtZG.exe

C:\Windows\System\UMhpZgq.exe

C:\Windows\System\UMhpZgq.exe

C:\Windows\System\eaGopXZ.exe

C:\Windows\System\eaGopXZ.exe

C:\Windows\System\idzhMiv.exe

C:\Windows\System\idzhMiv.exe

C:\Windows\System\xSmLFqb.exe

C:\Windows\System\xSmLFqb.exe

C:\Windows\System\sHCVuZY.exe

C:\Windows\System\sHCVuZY.exe

C:\Windows\System\JGcWCSe.exe

C:\Windows\System\JGcWCSe.exe

C:\Windows\System\omhdnqi.exe

C:\Windows\System\omhdnqi.exe

C:\Windows\System\rqzMCsb.exe

C:\Windows\System\rqzMCsb.exe

C:\Windows\System\DRCuZTs.exe

C:\Windows\System\DRCuZTs.exe

C:\Windows\System\GWXJbXC.exe

C:\Windows\System\GWXJbXC.exe

C:\Windows\System\ZQuPNUo.exe

C:\Windows\System\ZQuPNUo.exe

C:\Windows\System\DZSYFco.exe

C:\Windows\System\DZSYFco.exe

C:\Windows\System\wHPYXkt.exe

C:\Windows\System\wHPYXkt.exe

C:\Windows\System\MlOwcvM.exe

C:\Windows\System\MlOwcvM.exe

C:\Windows\System\RLmeNig.exe

C:\Windows\System\RLmeNig.exe

C:\Windows\System\HCWqHZK.exe

C:\Windows\System\HCWqHZK.exe

C:\Windows\System\WCdjwZK.exe

C:\Windows\System\WCdjwZK.exe

C:\Windows\System\WklJuOj.exe

C:\Windows\System\WklJuOj.exe

C:\Windows\System\qWApmqs.exe

C:\Windows\System\qWApmqs.exe

C:\Windows\System\iMfaHIa.exe

C:\Windows\System\iMfaHIa.exe

C:\Windows\System\sgteUVj.exe

C:\Windows\System\sgteUVj.exe

C:\Windows\System\GFmdyWo.exe

C:\Windows\System\GFmdyWo.exe

C:\Windows\System\OoemcYU.exe

C:\Windows\System\OoemcYU.exe

C:\Windows\System\TykKfjQ.exe

C:\Windows\System\TykKfjQ.exe

C:\Windows\System\uFPaPav.exe

C:\Windows\System\uFPaPav.exe

C:\Windows\System\WkPYNYp.exe

C:\Windows\System\WkPYNYp.exe

C:\Windows\System\ufuGGsi.exe

C:\Windows\System\ufuGGsi.exe

C:\Windows\System\HbKJCnJ.exe

C:\Windows\System\HbKJCnJ.exe

C:\Windows\System\xTHvLMo.exe

C:\Windows\System\xTHvLMo.exe

C:\Windows\System\npJcbLu.exe

C:\Windows\System\npJcbLu.exe

C:\Windows\System\yZsKBXE.exe

C:\Windows\System\yZsKBXE.exe

C:\Windows\System\HYHQtCX.exe

C:\Windows\System\HYHQtCX.exe

C:\Windows\System\EVHJIUy.exe

C:\Windows\System\EVHJIUy.exe

C:\Windows\System\WNsCDLw.exe

C:\Windows\System\WNsCDLw.exe

C:\Windows\System\gvjIENi.exe

C:\Windows\System\gvjIENi.exe

C:\Windows\System\BivgIRn.exe

C:\Windows\System\BivgIRn.exe

C:\Windows\System\IYzSbrS.exe

C:\Windows\System\IYzSbrS.exe

C:\Windows\System\RFkUZjF.exe

C:\Windows\System\RFkUZjF.exe

C:\Windows\System\sxbSoZj.exe

C:\Windows\System\sxbSoZj.exe

C:\Windows\System\WVoTElD.exe

C:\Windows\System\WVoTElD.exe

C:\Windows\System\yxGOmhl.exe

C:\Windows\System\yxGOmhl.exe

C:\Windows\System\wgUHoqS.exe

C:\Windows\System\wgUHoqS.exe

C:\Windows\System\eScLDtp.exe

C:\Windows\System\eScLDtp.exe

C:\Windows\System\cKwlCJf.exe

C:\Windows\System\cKwlCJf.exe

C:\Windows\System\fqHiIeX.exe

C:\Windows\System\fqHiIeX.exe

C:\Windows\System\xWFRDpf.exe

C:\Windows\System\xWFRDpf.exe

C:\Windows\System\ZoKkvjQ.exe

C:\Windows\System\ZoKkvjQ.exe

C:\Windows\System\biSzdrW.exe

C:\Windows\System\biSzdrW.exe

C:\Windows\System\HxOWeJJ.exe

C:\Windows\System\HxOWeJJ.exe

C:\Windows\System\wxSfkVl.exe

C:\Windows\System\wxSfkVl.exe

C:\Windows\System\MMbcsSm.exe

C:\Windows\System\MMbcsSm.exe

C:\Windows\System\abOSIsD.exe

C:\Windows\System\abOSIsD.exe

C:\Windows\System\WYklYoT.exe

C:\Windows\System\WYklYoT.exe

C:\Windows\System\HliXtsA.exe

C:\Windows\System\HliXtsA.exe

C:\Windows\System\UYMNess.exe

C:\Windows\System\UYMNess.exe

C:\Windows\System\HiwWMDQ.exe

C:\Windows\System\HiwWMDQ.exe

C:\Windows\System\lhkCVdG.exe

C:\Windows\System\lhkCVdG.exe

C:\Windows\System\FpCqCMb.exe

C:\Windows\System\FpCqCMb.exe

C:\Windows\System\pSMnITA.exe

C:\Windows\System\pSMnITA.exe

C:\Windows\System\vYHoQxn.exe

C:\Windows\System\vYHoQxn.exe

C:\Windows\System\SmDzZCh.exe

C:\Windows\System\SmDzZCh.exe

C:\Windows\System\iuOIPhy.exe

C:\Windows\System\iuOIPhy.exe

C:\Windows\System\cpbtgbT.exe

C:\Windows\System\cpbtgbT.exe

C:\Windows\System\EoPxaZS.exe

C:\Windows\System\EoPxaZS.exe

C:\Windows\System\smuGDXv.exe

C:\Windows\System\smuGDXv.exe

C:\Windows\System\RmSrsUn.exe

C:\Windows\System\RmSrsUn.exe

C:\Windows\System\eSyMpDk.exe

C:\Windows\System\eSyMpDk.exe

C:\Windows\System\XqTeZbq.exe

C:\Windows\System\XqTeZbq.exe

C:\Windows\System\uCQVepP.exe

C:\Windows\System\uCQVepP.exe

C:\Windows\System\WIQtSKc.exe

C:\Windows\System\WIQtSKc.exe

C:\Windows\System\eTVhYYT.exe

C:\Windows\System\eTVhYYT.exe

C:\Windows\System\ELtuqVA.exe

C:\Windows\System\ELtuqVA.exe

C:\Windows\System\ExheuGz.exe

C:\Windows\System\ExheuGz.exe

C:\Windows\System\nPAGDOm.exe

C:\Windows\System\nPAGDOm.exe

C:\Windows\System\AOQlzSs.exe

C:\Windows\System\AOQlzSs.exe

C:\Windows\System\vQZHmpu.exe

C:\Windows\System\vQZHmpu.exe

C:\Windows\System\DHdmeKM.exe

C:\Windows\System\DHdmeKM.exe

C:\Windows\System\iVzQDXb.exe

C:\Windows\System\iVzQDXb.exe

C:\Windows\System\Dzqpkgk.exe

C:\Windows\System\Dzqpkgk.exe

C:\Windows\System\vDLWHon.exe

C:\Windows\System\vDLWHon.exe

C:\Windows\System\dfycdGj.exe

C:\Windows\System\dfycdGj.exe

C:\Windows\System\XupOUjF.exe

C:\Windows\System\XupOUjF.exe

C:\Windows\System\IbiHSAk.exe

C:\Windows\System\IbiHSAk.exe

C:\Windows\System\xZUEdRB.exe

C:\Windows\System\xZUEdRB.exe

C:\Windows\System\zPGUNch.exe

C:\Windows\System\zPGUNch.exe

C:\Windows\System\MdYPbmA.exe

C:\Windows\System\MdYPbmA.exe

C:\Windows\System\jrTcsbu.exe

C:\Windows\System\jrTcsbu.exe

C:\Windows\System\TsaFzsm.exe

C:\Windows\System\TsaFzsm.exe

C:\Windows\System\kgAFBis.exe

C:\Windows\System\kgAFBis.exe

C:\Windows\System\gKyVHTM.exe

C:\Windows\System\gKyVHTM.exe

C:\Windows\System\bVQUPRD.exe

C:\Windows\System\bVQUPRD.exe

C:\Windows\System\eNyCmVr.exe

C:\Windows\System\eNyCmVr.exe

C:\Windows\System\PLrlnJk.exe

C:\Windows\System\PLrlnJk.exe

C:\Windows\System\POrhKyK.exe

C:\Windows\System\POrhKyK.exe

C:\Windows\System\kAVUdHy.exe

C:\Windows\System\kAVUdHy.exe

C:\Windows\System\jIGiCet.exe

C:\Windows\System\jIGiCet.exe

C:\Windows\System\vobUimu.exe

C:\Windows\System\vobUimu.exe

C:\Windows\System\PeonWGY.exe

C:\Windows\System\PeonWGY.exe

C:\Windows\System\RsSvjCg.exe

C:\Windows\System\RsSvjCg.exe

C:\Windows\System\ZXplLQE.exe

C:\Windows\System\ZXplLQE.exe

C:\Windows\System\qaJWBjR.exe

C:\Windows\System\qaJWBjR.exe

C:\Windows\System\BxCStue.exe

C:\Windows\System\BxCStue.exe

C:\Windows\System\SFrxiHo.exe

C:\Windows\System\SFrxiHo.exe

C:\Windows\System\wmuhmsh.exe

C:\Windows\System\wmuhmsh.exe

C:\Windows\System\gRofhtQ.exe

C:\Windows\System\gRofhtQ.exe

C:\Windows\System\ZUsPdmq.exe

C:\Windows\System\ZUsPdmq.exe

C:\Windows\System\XZELtmD.exe

C:\Windows\System\XZELtmD.exe

C:\Windows\System\gsubkes.exe

C:\Windows\System\gsubkes.exe

C:\Windows\System\ooGmfiv.exe

C:\Windows\System\ooGmfiv.exe

C:\Windows\System\fWLZgla.exe

C:\Windows\System\fWLZgla.exe

C:\Windows\System\sZOgVvm.exe

C:\Windows\System\sZOgVvm.exe

C:\Windows\System\yqEyGJF.exe

C:\Windows\System\yqEyGJF.exe

C:\Windows\System\MVVRLNV.exe

C:\Windows\System\MVVRLNV.exe

C:\Windows\System\XYGiuEl.exe

C:\Windows\System\XYGiuEl.exe

C:\Windows\System\bBwnWpT.exe

C:\Windows\System\bBwnWpT.exe

C:\Windows\System\bOToGag.exe

C:\Windows\System\bOToGag.exe

C:\Windows\System\dKkWjrF.exe

C:\Windows\System\dKkWjrF.exe

C:\Windows\System\IqmvKUa.exe

C:\Windows\System\IqmvKUa.exe

C:\Windows\System\FOHXQDS.exe

C:\Windows\System\FOHXQDS.exe

C:\Windows\System\FpLquZj.exe

C:\Windows\System\FpLquZj.exe

C:\Windows\System\QQWbWDl.exe

C:\Windows\System\QQWbWDl.exe

C:\Windows\System\fyAfVjG.exe

C:\Windows\System\fyAfVjG.exe

C:\Windows\System\VhEvqbH.exe

C:\Windows\System\VhEvqbH.exe

C:\Windows\System\GJVZRXx.exe

C:\Windows\System\GJVZRXx.exe

C:\Windows\System\UfvXkpQ.exe

C:\Windows\System\UfvXkpQ.exe

C:\Windows\System\UPwSwZz.exe

C:\Windows\System\UPwSwZz.exe

C:\Windows\System\gVVFzFL.exe

C:\Windows\System\gVVFzFL.exe

C:\Windows\System\PekjIwk.exe

C:\Windows\System\PekjIwk.exe

C:\Windows\System\GMUbBIa.exe

C:\Windows\System\GMUbBIa.exe

C:\Windows\System\gJHOHlh.exe

C:\Windows\System\gJHOHlh.exe

C:\Windows\System\NTNELKm.exe

C:\Windows\System\NTNELKm.exe

C:\Windows\System\woCInAV.exe

C:\Windows\System\woCInAV.exe

C:\Windows\System\QvEpFNG.exe

C:\Windows\System\QvEpFNG.exe

C:\Windows\System\dGgOmsv.exe

C:\Windows\System\dGgOmsv.exe

C:\Windows\System\khDvPSk.exe

C:\Windows\System\khDvPSk.exe

C:\Windows\System\Hpvhqtn.exe

C:\Windows\System\Hpvhqtn.exe

C:\Windows\System\SVTIHfb.exe

C:\Windows\System\SVTIHfb.exe

C:\Windows\System\Ybjaydt.exe

C:\Windows\System\Ybjaydt.exe

C:\Windows\System\ZzKgpfC.exe

C:\Windows\System\ZzKgpfC.exe

C:\Windows\System\EOlptLv.exe

C:\Windows\System\EOlptLv.exe

C:\Windows\System\ydpYUpa.exe

C:\Windows\System\ydpYUpa.exe

C:\Windows\System\BxMAGsQ.exe

C:\Windows\System\BxMAGsQ.exe

C:\Windows\System\lZDKuLg.exe

C:\Windows\System\lZDKuLg.exe

C:\Windows\System\htzUMKJ.exe

C:\Windows\System\htzUMKJ.exe

C:\Windows\System\pFHZbiW.exe

C:\Windows\System\pFHZbiW.exe

C:\Windows\System\cuqKxcb.exe

C:\Windows\System\cuqKxcb.exe

C:\Windows\System\cjHjWoW.exe

C:\Windows\System\cjHjWoW.exe

C:\Windows\System\BJzAyFs.exe

C:\Windows\System\BJzAyFs.exe

C:\Windows\System\DxgAqbH.exe

C:\Windows\System\DxgAqbH.exe

C:\Windows\System\khylBFC.exe

C:\Windows\System\khylBFC.exe

C:\Windows\System\QEBxQag.exe

C:\Windows\System\QEBxQag.exe

C:\Windows\System\WXpWXvG.exe

C:\Windows\System\WXpWXvG.exe

C:\Windows\System\ZrZfhso.exe

C:\Windows\System\ZrZfhso.exe

C:\Windows\System\qKndPtK.exe

C:\Windows\System\qKndPtK.exe

C:\Windows\System\HCCftQt.exe

C:\Windows\System\HCCftQt.exe

C:\Windows\System\qNKDNUF.exe

C:\Windows\System\qNKDNUF.exe

C:\Windows\System\HVMriBJ.exe

C:\Windows\System\HVMriBJ.exe

C:\Windows\System\HPxLxHI.exe

C:\Windows\System\HPxLxHI.exe

C:\Windows\System\aCTeInX.exe

C:\Windows\System\aCTeInX.exe

C:\Windows\System\tvxCwTG.exe

C:\Windows\System\tvxCwTG.exe

C:\Windows\System\UwFoduv.exe

C:\Windows\System\UwFoduv.exe

C:\Windows\System\wiPfrps.exe

C:\Windows\System\wiPfrps.exe

C:\Windows\System\RJpEoay.exe

C:\Windows\System\RJpEoay.exe

C:\Windows\System\tmZFIaZ.exe

C:\Windows\System\tmZFIaZ.exe

C:\Windows\System\NNwyZfX.exe

C:\Windows\System\NNwyZfX.exe

C:\Windows\System\jVcJGLM.exe

C:\Windows\System\jVcJGLM.exe

C:\Windows\System\wvwDzJM.exe

C:\Windows\System\wvwDzJM.exe

C:\Windows\System\lvTZsIp.exe

C:\Windows\System\lvTZsIp.exe

C:\Windows\System\cpyVdjt.exe

C:\Windows\System\cpyVdjt.exe

C:\Windows\System\aTGCZVZ.exe

C:\Windows\System\aTGCZVZ.exe

C:\Windows\System\AVsEcNs.exe

C:\Windows\System\AVsEcNs.exe

C:\Windows\System\ZptZZod.exe

C:\Windows\System\ZptZZod.exe

C:\Windows\System\eTSiMTs.exe

C:\Windows\System\eTSiMTs.exe

C:\Windows\System\UKzidok.exe

C:\Windows\System\UKzidok.exe

C:\Windows\System\BIEnTbL.exe

C:\Windows\System\BIEnTbL.exe

C:\Windows\System\fpbqThq.exe

C:\Windows\System\fpbqThq.exe

C:\Windows\System\QpARZQG.exe

C:\Windows\System\QpARZQG.exe

C:\Windows\System\uFEgmzZ.exe

C:\Windows\System\uFEgmzZ.exe

C:\Windows\System\gNqLtWJ.exe

C:\Windows\System\gNqLtWJ.exe

C:\Windows\System\CzWGehd.exe

C:\Windows\System\CzWGehd.exe

C:\Windows\System\pbmWZab.exe

C:\Windows\System\pbmWZab.exe

C:\Windows\System\jsipQRn.exe

C:\Windows\System\jsipQRn.exe

C:\Windows\System\CGxAwjX.exe

C:\Windows\System\CGxAwjX.exe

C:\Windows\System\dfBbZpo.exe

C:\Windows\System\dfBbZpo.exe

C:\Windows\System\OXjgoSp.exe

C:\Windows\System\OXjgoSp.exe

C:\Windows\System\ehIjeNU.exe

C:\Windows\System\ehIjeNU.exe

C:\Windows\System\YFsEoBg.exe

C:\Windows\System\YFsEoBg.exe

C:\Windows\System\iwFZxuv.exe

C:\Windows\System\iwFZxuv.exe

C:\Windows\System\KNRWufS.exe

C:\Windows\System\KNRWufS.exe

C:\Windows\System\pAacCYC.exe

C:\Windows\System\pAacCYC.exe

C:\Windows\System\VDQzuYS.exe

C:\Windows\System\VDQzuYS.exe

C:\Windows\System\Vwwhesn.exe

C:\Windows\System\Vwwhesn.exe

C:\Windows\System\zqsusgO.exe

C:\Windows\System\zqsusgO.exe

C:\Windows\System\TSLnfuj.exe

C:\Windows\System\TSLnfuj.exe

C:\Windows\System\GxnKpPK.exe

C:\Windows\System\GxnKpPK.exe

C:\Windows\System\fpPGYcU.exe

C:\Windows\System\fpPGYcU.exe

C:\Windows\System\siWInFE.exe

C:\Windows\System\siWInFE.exe

C:\Windows\System\bUvHbsI.exe

C:\Windows\System\bUvHbsI.exe

C:\Windows\System\CKHgRwM.exe

C:\Windows\System\CKHgRwM.exe

C:\Windows\System\VqIpCzL.exe

C:\Windows\System\VqIpCzL.exe

C:\Windows\System\UhJjtSM.exe

C:\Windows\System\UhJjtSM.exe

C:\Windows\System\qdbMTlc.exe

C:\Windows\System\qdbMTlc.exe

C:\Windows\System\MBYzdpJ.exe

C:\Windows\System\MBYzdpJ.exe

C:\Windows\System\xCkDTFf.exe

C:\Windows\System\xCkDTFf.exe

C:\Windows\System\SVuExgQ.exe

C:\Windows\System\SVuExgQ.exe

C:\Windows\System\oSAGKIi.exe

C:\Windows\System\oSAGKIi.exe

C:\Windows\System\gJxHjZX.exe

C:\Windows\System\gJxHjZX.exe

C:\Windows\System\tbwWipx.exe

C:\Windows\System\tbwWipx.exe

C:\Windows\System\tTAYxEi.exe

C:\Windows\System\tTAYxEi.exe

C:\Windows\System\dkBuJSt.exe

C:\Windows\System\dkBuJSt.exe

C:\Windows\System\bnpfezN.exe

C:\Windows\System\bnpfezN.exe

C:\Windows\System\hrvvKSf.exe

C:\Windows\System\hrvvKSf.exe

C:\Windows\System\vsREdac.exe

C:\Windows\System\vsREdac.exe

C:\Windows\System\atzNbGl.exe

C:\Windows\System\atzNbGl.exe

C:\Windows\System\JwZmFVx.exe

C:\Windows\System\JwZmFVx.exe

C:\Windows\System\kVLvYww.exe

C:\Windows\System\kVLvYww.exe

C:\Windows\System\MiapNJp.exe

C:\Windows\System\MiapNJp.exe

C:\Windows\System\pcCZigf.exe

C:\Windows\System\pcCZigf.exe

C:\Windows\System\ZYnTLpE.exe

C:\Windows\System\ZYnTLpE.exe

C:\Windows\System\OrBDTaC.exe

C:\Windows\System\OrBDTaC.exe

C:\Windows\System\zRyDvOJ.exe

C:\Windows\System\zRyDvOJ.exe

C:\Windows\System\RhrqxWI.exe

C:\Windows\System\RhrqxWI.exe

C:\Windows\System\tdPuhYE.exe

C:\Windows\System\tdPuhYE.exe

C:\Windows\System\izzjTnM.exe

C:\Windows\System\izzjTnM.exe

C:\Windows\System\pUEdMpS.exe

C:\Windows\System\pUEdMpS.exe

C:\Windows\System\Sgjenpf.exe

C:\Windows\System\Sgjenpf.exe

C:\Windows\System\jLvuYwX.exe

C:\Windows\System\jLvuYwX.exe

C:\Windows\System\qsToFdq.exe

C:\Windows\System\qsToFdq.exe

C:\Windows\System\kDkoMnN.exe

C:\Windows\System\kDkoMnN.exe

C:\Windows\System\olBhXvb.exe

C:\Windows\System\olBhXvb.exe

C:\Windows\System\HbukCbI.exe

C:\Windows\System\HbukCbI.exe

C:\Windows\System\whwWrPa.exe

C:\Windows\System\whwWrPa.exe

C:\Windows\System\rREldnU.exe

C:\Windows\System\rREldnU.exe

C:\Windows\System\MUxwwRb.exe

C:\Windows\System\MUxwwRb.exe

C:\Windows\System\usbWUjG.exe

C:\Windows\System\usbWUjG.exe

C:\Windows\System\nMeGApJ.exe

C:\Windows\System\nMeGApJ.exe

C:\Windows\System\IkVcAAE.exe

C:\Windows\System\IkVcAAE.exe

C:\Windows\System\IvsZMRX.exe

C:\Windows\System\IvsZMRX.exe

C:\Windows\System\adjBbsM.exe

C:\Windows\System\adjBbsM.exe

C:\Windows\System\rtZAssR.exe

C:\Windows\System\rtZAssR.exe

C:\Windows\System\vhSTLtu.exe

C:\Windows\System\vhSTLtu.exe

C:\Windows\System\igMwRHY.exe

C:\Windows\System\igMwRHY.exe

C:\Windows\System\UxnkYip.exe

C:\Windows\System\UxnkYip.exe

C:\Windows\System\cxXXFwe.exe

C:\Windows\System\cxXXFwe.exe

C:\Windows\System\KdheiBs.exe

C:\Windows\System\KdheiBs.exe

Network

N/A

Files

memory/308-0-0x000000013F400000-0x000000013F754000-memory.dmp

memory/308-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\kfsuJNG.exe

MD5 8054411be2ecdb2bf394a2c823bb72cc
SHA1 1e38debec2ff9cb7604e94a7911e1e8d0f6df4bf
SHA256 e45430a25ac576d0f4a09df1156722bda3025cae60b06c0073f543e28ffac4e7
SHA512 d80e1a53e1ed8cf1e072d8e388e09ce381f8502dde59770154805679d826f1b26a7bb53175b9d674af4fd135355b59e3f9c75c9385e9dca66dbc2ba7020c95ae

memory/2812-8-0x000000013F190000-0x000000013F4E4000-memory.dmp

\Windows\system\HXJmqOh.exe

MD5 31f9612970526286213e96b9b724cc59
SHA1 a57ae15419991542430c0212ae7e71a7686bdd29
SHA256 ec30721e8f43879f17fc2e9d4f18c77d8702be14b8cad8a5e9828e9597366605
SHA512 b0194a746669277c2ecdfcbca8431913ca22bc4715a4a12dbc6bb258caea72c478ef5446a3ef65f6d57d931c3bbcee4c47a01ba016da5a7a83e7bff788a804fb

memory/2360-13-0x000000013F180000-0x000000013F4D4000-memory.dmp

C:\Windows\system\vtRjECp.exe

MD5 987414eda63f6bef23c72422fc58536c
SHA1 b7a4bb22b71eb200076cfd669578d3195be2ee4e
SHA256 7184ffee7697087bc5dcda516d130b18414e3a576228335611ef8c06b8e86857
SHA512 1c0dbb529f32a378a62a47c806e140b54bf6f00de2d4c8815a872c784db8cd39e6d2da8b6b7882971b9473d0b4008b6fffa98fce87eaa4f6f965668e22b809e1

memory/308-17-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/3028-19-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2044-27-0x000000013F220000-0x000000013F574000-memory.dmp

memory/308-26-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/2724-34-0x000000013FF30000-0x0000000140284000-memory.dmp

C:\Windows\system\rnIfpTL.exe

MD5 7df5835e273a77f141d5a5086b428bd8
SHA1 c8db7dfebff17b39191aaa4fadbca673d3b6c790
SHA256 f19b31c83a37ca66457a7da63425fe4967459b2d6a9daa3ae309a91436a008a6
SHA512 67098ad87daf552ab77462adf5e732bbf5f0b111806e7b5e9301eed7225dec82cbbdcd4b860632696694503afc3d2a2a8eec0b85c2a7fe4229d5cecfc8f5771b

memory/2812-53-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2880-54-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2884-47-0x000000013F4D0000-0x000000013F824000-memory.dmp

C:\Windows\system\ADQrOBb.exe

MD5 8823de010ef4650d778815b1351ef724
SHA1 937506c2d3380a0f45201a861157fd71734e30a1
SHA256 defdf1cbccd883147d1a396f1608ad1d8c3d2af70624fd0d16dbd734c3973980
SHA512 db244d5446569841e6cbeb1712f328aa47468861cb371badf065fc68ad712ba0f0702c8ad8894d63677d4bcd0e221e49e87efc53f5dcee8a353c2198dd56cc0e

memory/308-77-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/2988-92-0x000000013F590000-0x000000013F8E4000-memory.dmp

C:\Windows\system\iTrXxxT.exe

MD5 7cae7a2cd6edf9fedc51b05b0dfefa09
SHA1 c38d289d150aadd11f7efd71b333f74e97cac388
SHA256 cdbe7e7e9555fc0a60194cf9c8abcb5c9476326ad15e2bb25a9720cc60012df1
SHA512 d6a3d5759aaf8c7dddb00f1efb1009fa57c5951fcc9d5d5b096bb3d69fe918fb1f731d861c744d19c494e89bfd0636794eeb1b3de5f2783edb1f880f767e001d

C:\Windows\system\vDinMDJ.exe

MD5 2312a11bb8bf5c18f202dd4cd1aae3b4
SHA1 79b75d6ed7dc823b8c3490b9e104fb547d1d4d4b
SHA256 c5d602c57fba1895acca066be82463486f1c993661354f19c66e6e5d1ee5537d
SHA512 4f511889023ce735da4b1e25f03fb022c7eaa31e314bba7e0b7dfb0c7161e79fe922dc4be46f31580d913cf045d6a9aa7503557899df6a7088d107dd76afe21b

C:\Windows\system\HdEGkae.exe

MD5 f26c05cc8c0c17da582e432645d4a11a
SHA1 5ecded9520acd16bafdc576161a8903486b1d567
SHA256 b7bcc9982bf0908a3558419325216595826d25b5ac01a8a99afea0a10c5438b7
SHA512 a613c0af38b956688ba523129944f17a8212807565a361894c2223d9fab6efe27cebf5c8f5a9f42f0bf0c97cc0ed4aa7b73f942c9b9a19b191597b15239af833

memory/2884-314-0x000000013F4D0000-0x000000013F824000-memory.dmp

C:\Windows\system\pFtXDFk.exe

MD5 5d94cf00a5e1754a3270ad84633675ba
SHA1 1f7d970c13c94b8aa735d5fc234596995161c87b
SHA256 1478465fdac47a8cfda296ba84f9bd89f929a96883d201b7e838787669fce6e7
SHA512 66fb23c3413026e1f3e771d69351a4a4eaffff545dec78785c96c1ebab8e5cc5e70bebc3d58045efdebd4cc5dcd489ae50577c50da366a869e6d4dd432026552

C:\Windows\system\wAsoKVN.exe

MD5 9b8b3d73664af4856c8f594ab9e0f549
SHA1 dfc745e9082f5643fb2e40013af05f4f21fadb22
SHA256 602e40aa2aed3da8e7d5ca6986cefdf4f397cba756931a14fba5470622a55ed2
SHA512 9c7bfb971ba54f04d662966caf18e8cd1c335a9e4c9167ccee940e506eacff5fe62bac90f8d876183afc7dbd7035eafa1bb4c38a04eb675b2235ae4313e65882

C:\Windows\system\LTENwBr.exe

MD5 35e5c16ae2fa2b319fbcf84cb34f9f16
SHA1 c7ce60c8dff744ecd99b4b4e764fe013453c2613
SHA256 5cee64781092897c01c6694ad64e80b676ce0fa01feaa5b4c2bd8c7cedd060fd
SHA512 8a9bef9023eb197138539b551b47d1da983e4540aee5ffa4e10064c908a9217efd7ec580c22cad5c850107095cfba321500a3a397ae3891440130e14824a60c2

C:\Windows\system\WuKYmBd.exe

MD5 8bdfc3d26006c137075d35012d397d22
SHA1 d93a351eb7847ed01290f9bd10c4807fbbe24685
SHA256 76b5621f0165bb6adc84d172ddbe804613605d485370cdd9c6411afdcd802d4a
SHA512 082c728b876fa5c320352b570e5f9678b5b157fdbf53b3f9952ecaec39c04ddb7041527799d77bd94843c02b419a0c675b664850b4a1278027a0db9244d04f9d

C:\Windows\system\dVTrZjm.exe

MD5 cca853be41dd3ee7e67da4692a73e4c8
SHA1 52c8af1907614791812f169fa8dc4853e60e3377
SHA256 a245a82595e449552b1f982d3d146ee7d4c348eb7ecc8732c68754baa1e248c4
SHA512 2ffda45e8422df77b9068a8a843c0e53332818443865eaaefca2cf07f7286a22445252331b550be44877d2ed445933a9404f000412ed0e32e4b9c957ad685629

C:\Windows\system\knwJuuJ.exe

MD5 a1056723767268ca55c0b39398024982
SHA1 6d87fcb2b34ede0857b1b2e8cf7625fd130c96e8
SHA256 af31307c04ba2cec11d011727ce159c7ae0e7b3e02bb630dc84543283da72db3
SHA512 db9bdbeb9a2cfa5d5f9563d1a7e56e35d60769e3941ed59c3fc204d9f0e274fe6a8f622617e4705772c965d2ff39023657cd27cba0acb3408ba5a5f2f33d02f4

C:\Windows\system\UCMouju.exe

MD5 1857f0bbbd1608058f375fe15ed31c2b
SHA1 69556e9fa1b4e78e281d8e8345215ae364b7baf4
SHA256 59ba82ca0a2919b95c1f7e67b1b350da3d2056786e04477b879769170c0960ea
SHA512 c75f3ac75d2fb13cb9854fe3061122f8eb2ea358cc6d74bdedc1f37c507f8260891bf49f7dff6cda1284cecef32b5404521d6f09a21d815efd8d67faab15ae36

C:\Windows\system\zKlctLH.exe

MD5 07b66a47679448f0a98880bf69e8f881
SHA1 dd479528430b4b818a56b5b3dfebdf7188c7a797
SHA256 a0f1dfb3c327b728e88c00cd0a0e64720868308edc91ecfe6d715b7fd55cd936
SHA512 9284c1e98d2e8eebbc04d111a94957ac35a889011d0ecf635a42c28be9a2709d4272e868cf4f710026ede840f631c1ace5eba816c47fc31177694945d685d615

C:\Windows\system\IsXBqtE.exe

MD5 659b257fd9fc8ddbfb060e82e5e8c5c8
SHA1 528b326dc108307838e5869086bb6c7ba2add14f
SHA256 fc176690a7e54c89493bb88cb324b6a1165445105a9b9d8f5ad1244d5fb8b141
SHA512 ce286468d178349108c05de9c2aec85f06f9d26809f6be911711b90cf6efab62277a8f83ef0a5c82d13a0bb313016c7480b41cabed7afd5c4be5fff1698eaf5d

C:\Windows\system\JyxSEUF.exe

MD5 dede4861a178eb66100f3ab604ec38e7
SHA1 fb53a254fa8f78916b7cc28bd65db87c6f323608
SHA256 82df91efe6bd3a2f795df4299b06a43653e5d797b1388e97260997983110933b
SHA512 1dc482d50a4c00328f7942626db7a9c8204b12cf3d48871b13b6c9a73409c92ef5a006045776da11ce25e82d51ba46faa9d2de413ed3d9c257ecae65599d910e

C:\Windows\system\TOKwjRG.exe

MD5 3e0e2077766984bf06056b4ff6643b14
SHA1 5ffc9393a2fcce2f0e1bef5c0601f885f98938db
SHA256 0e04f48fb1e288ee2e36a93ea2aedfc1de7d7d5856df71c1265d67d9204e9c5c
SHA512 d54ccce5fde8372c8845575db5808cc99c9fde19e98b1037a95edef9f29f906093aa1a96d2699a7e95d9a737a1f9b580289484fbc9dfb7da51bfc575c5a2f7ad

C:\Windows\system\arhOfQD.exe

MD5 8d978011bb91359dc85f525976cccf2c
SHA1 c089ea380f91f480e465c798aab3cf35fd44aac2
SHA256 03bd571da58cca7d27a9aabdd2f8cf064e43bd53f507271e392977e2b7dd01de
SHA512 33e750ae422abe837c0c26e6810dab2c3107e5b03799f113ff05558ad8ee02551131ea7130c150dd16ff1e3fa6d6bb115e093960b33636cd7658d23f412b995f

C:\Windows\system\jdQPTUp.exe

MD5 2c4603a062f2ff5d9ec3358205c760e7
SHA1 930d15d3630fa4a9657e9f2b458a35a10003e872
SHA256 e175052a2b19b15e32c9a54eed695f9eb7162d6001349db5bcd8bbc7bbfbc656
SHA512 43fd9498c6542d446b7bbe623b27786da6855a0a565f057b11becfdf4b9bc881edbad7d7fb94dff7faea13359e3c77dbfb63f35acfb09176e329f5d7d416a96b

C:\Windows\system\TatbBoW.exe

MD5 b9b56e55f4b0aa1d07725fd91a99f0ad
SHA1 59ee8ac056eb94878a28fbecd02f5a6148c7dbf9
SHA256 ca009c1852c2d85164ed1c07355f0434d5ea489b35e156eccf86adec18e9afb0
SHA512 b9317f84dd64d8ea7874f3ee52644cb1f0c28529e8157bb9fd194bee06ec3ebe3780d5274f2ade1f3b3e4b418629f1cf86f9a95ae5ecb6aba7d6d035d25e53d1

memory/2896-104-0x000000013F870000-0x000000013FBC4000-memory.dmp

C:\Windows\system\VRhfEmI.exe

MD5 ed84a40144f222ed6d4f18114b74eb86
SHA1 371d8e87210da44b6eecfabce46b690ce17e3eca
SHA256 edec7a371d8c452d8375a5788eaef03ebecc13db52fc91c8a3407a33d575fab5
SHA512 4a788845a59e95cf7b2e6458fb9c6c224264d7cdff59e43741165ebbae95c106e475dec9fb04486049b3152d3f385163afb2081d76d1aa8fd77cc32d5896d4cb

memory/2712-99-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/308-98-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/308-91-0x0000000001FD0000-0x0000000002324000-memory.dmp

C:\Windows\system\OJYIhIR.exe

MD5 c7f6ea9aa7603c8bc42afcebcae71669
SHA1 a66e43160119520564d017ae36f244bef866d795
SHA256 ba5d01af700753fdb8d6b6b7e89adc0fc7907b90aed2d63da936d94ec71ff8f6
SHA512 2b730cdc60adb98584d8e51282a0e96ead16a7a7983f440a67146ee6fcf1d0ef57718d0a5e3fcc73ff67c7325e573ef6fd8282e62d7836242abf496f80a6097f

C:\Windows\system\YvUTesP.exe

MD5 347902db3c7cbffe878ed71af6122745
SHA1 3114ba9937455187418bd467fd72ccf54adeb4b9
SHA256 0c3214f56816f8130a92fd2eed7641ecab3aa551c5c87f37249963a09de98d4a
SHA512 639ce6adb36bd592df06e80a878cbf9aafc94d72327215c8c08a9e85bea66f1ec111d9ea1a8b8dea619878bcb3f020698a02a10ea448b9136a9488f9dcce302d

memory/2444-85-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/2044-84-0x000000013F220000-0x000000013F574000-memory.dmp

C:\Windows\system\HuMoYYf.exe

MD5 7ce1c2ce39366df1835baaa8f64b6979
SHA1 2cfa45b6e57f52b44e1b0d53bb277bdbcc64b802
SHA256 1133eaa1954ca18b30dfd759598ff4ef3cb2e2d80cd6fafa5c20973dd2a7034e
SHA512 69921d363f6ea151fba0f45df378a25e087ca532aeefc9d484e5336a5a75fdf5ec50db767eb010eee165f1a1ca7232524052912c056e3aa5eb34e1d21dde1b58

memory/308-79-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/2552-78-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/3028-76-0x000000013F070000-0x000000013F3C4000-memory.dmp

C:\Windows\system\GGvidHG.exe

MD5 16f145c9cff7a329d612130dd5eed62d
SHA1 55802524f7e16d44cdd19f14b34c9aa728fbc75b
SHA256 e8f71734f3d0e383226343d4044d911827c1a268a48ec49de62afc0134532646
SHA512 7e10b96c92743ee59f055aee6fecc723091de3d0cefe9b8220abd59f9e7c3d091708dfa8c7c688a102f002f3de15034cb2d8e34da85d517271b7505bf4a6a1a9

memory/2644-68-0x000000013FB00000-0x000000013FE54000-memory.dmp

memory/308-67-0x000000013FB00000-0x000000013FE54000-memory.dmp

memory/2860-61-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2360-60-0x000000013F180000-0x000000013F4D4000-memory.dmp

C:\Windows\system\weGRfpo.exe

MD5 812c6c9542b1ecc640bbb953d65cc89f
SHA1 fed67939e3222f765eadcd289497d02211251313
SHA256 bc7a79901a95ca407f0ac18580c5cd5ab75dfe856d660a81c395bfa5522f77b3
SHA512 bdeb5c6d0446e29e943bf4268e4b1dbd70f2e8507a5ff940abca60109dda2a98f7c3556267d32e5b627178edc7b834d7014ea73813f095dd2f315598536d4a4a

C:\Windows\system\DFHntnd.exe

MD5 8272ae3533b5529ea5f22fccc648b07e
SHA1 edb4abf6dacdb9241df56d049401b66a856af4c3
SHA256 2101978942e2a1270b846c3845369b36b07ef016a15fe499b7ea4b176af3ba34
SHA512 06b6bb742b2f452637c0b4d54ac443b6f650b9ca4eea0f7eb42623e5b2bb999ef0acc3e65932eaca181a7c26be7cf3097e0c16d5a0402672f72ebb8f6606fd1f

memory/2896-44-0x000000013F870000-0x000000013FBC4000-memory.dmp

C:\Windows\system\peywRFi.exe

MD5 a9a1ff07ee618ce7861e644e4d2d12de
SHA1 88dc8f1a34c2707c553e2cf5672947074dd31997
SHA256 484f1d3ab12ff5885cc502e3befd473db811d2135f0a5df5c1086e370af769aa
SHA512 deb178cee64d7d177d2df76057ff6485a112024c6ced1b6aad1c8b0bb52bafb76da789adca7db46f9aaf8f5702bccfa1a09629cdde2deb750183f9b0f5cecdfa

memory/308-43-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/308-42-0x000000013F400000-0x000000013F754000-memory.dmp

C:\Windows\system\nUltlvz.exe

MD5 d4122b1b8e7762738d5fac8112ead369
SHA1 238053d5620da139c0ed0b749429adfe800526ef
SHA256 1e4ca7651e9734f74192407606ad94a1986378b04cc5ed4cca85c49cf41bebc0
SHA512 9306481b6f1b2bb2a6bbfc279f5b55a85581e5de71bf46375eff7d9b86b5fb515273943c6d7e3eeb1ffc3d3a832d8372155ba8985cb976dc8143b678041478eb

memory/308-32-0x000000013FF30000-0x0000000140284000-memory.dmp

C:\Windows\system\GABkBRr.exe

MD5 14f70f5ba4ee0565ffe0fde132f8e5bb
SHA1 52aeede6e7cf4d4ff26107d2a8e7c25067ff56e0
SHA256 69e8c89cc1e47d1b10a0d015226303aa9d1287f5fa5fae850ad97b11b52748e5
SHA512 cf8a2f96aef6e234ca8e868ed411c0cc395d583cf6ef4485eaaebffcc7ce851df1335d13ac3cb1996da8dae89470c255d2fbc6471c4486e1cc1974ac25aee3d4

memory/2860-1751-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/308-2408-0x000000013FB00000-0x000000013FE54000-memory.dmp

memory/2644-2411-0x000000013FB00000-0x000000013FE54000-memory.dmp

memory/308-2558-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/308-2844-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/308-3007-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2812-4039-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2360-4040-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/3028-4041-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2044-4042-0x000000013F220000-0x000000013F574000-memory.dmp

memory/2880-4043-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2896-4044-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2860-4045-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2884-4046-0x000000013F4D0000-0x000000013F824000-memory.dmp

memory/2552-4047-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2444-4048-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/2988-4049-0x000000013F590000-0x000000013F8E4000-memory.dmp

memory/2644-4051-0x000000013FB00000-0x000000013FE54000-memory.dmp

memory/2712-4050-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2724-4052-0x000000013FF30000-0x0000000140284000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 10:36

Reported

2024-06-12 10:39

Platform

win10v2004-20240508-en

Max time kernel

124s

Max time network

62s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nQMZboy.exe N/A
N/A N/A C:\Windows\System\WlAOOMs.exe N/A
N/A N/A C:\Windows\System\cGDmspW.exe N/A
N/A N/A C:\Windows\System\oAeDOsd.exe N/A
N/A N/A C:\Windows\System\DvioGdC.exe N/A
N/A N/A C:\Windows\System\twnTDBY.exe N/A
N/A N/A C:\Windows\System\ItjzOQD.exe N/A
N/A N/A C:\Windows\System\NiwXldn.exe N/A
N/A N/A C:\Windows\System\qGygLHq.exe N/A
N/A N/A C:\Windows\System\MmhzPFE.exe N/A
N/A N/A C:\Windows\System\cSbHYCB.exe N/A
N/A N/A C:\Windows\System\zUIeEzW.exe N/A
N/A N/A C:\Windows\System\USoUBND.exe N/A
N/A N/A C:\Windows\System\BBhykXd.exe N/A
N/A N/A C:\Windows\System\UySdzAk.exe N/A
N/A N/A C:\Windows\System\cyifIXZ.exe N/A
N/A N/A C:\Windows\System\zUEOTSG.exe N/A
N/A N/A C:\Windows\System\gavPjtu.exe N/A
N/A N/A C:\Windows\System\LRibWjc.exe N/A
N/A N/A C:\Windows\System\aysZgNL.exe N/A
N/A N/A C:\Windows\System\VrEpMeV.exe N/A
N/A N/A C:\Windows\System\ymubAtw.exe N/A
N/A N/A C:\Windows\System\xotxQEr.exe N/A
N/A N/A C:\Windows\System\YDJCdqn.exe N/A
N/A N/A C:\Windows\System\YoPASIT.exe N/A
N/A N/A C:\Windows\System\rPClbSe.exe N/A
N/A N/A C:\Windows\System\fMRaFIs.exe N/A
N/A N/A C:\Windows\System\wlknYiY.exe N/A
N/A N/A C:\Windows\System\cXPBZZq.exe N/A
N/A N/A C:\Windows\System\mTFyaKC.exe N/A
N/A N/A C:\Windows\System\UBfhyTx.exe N/A
N/A N/A C:\Windows\System\iPxExxU.exe N/A
N/A N/A C:\Windows\System\SlUcWmu.exe N/A
N/A N/A C:\Windows\System\gecfQNK.exe N/A
N/A N/A C:\Windows\System\zVWWSpy.exe N/A
N/A N/A C:\Windows\System\rfYoIKk.exe N/A
N/A N/A C:\Windows\System\PPVJUHC.exe N/A
N/A N/A C:\Windows\System\GSzKnKx.exe N/A
N/A N/A C:\Windows\System\eyTzXFa.exe N/A
N/A N/A C:\Windows\System\lqlcrYn.exe N/A
N/A N/A C:\Windows\System\OriWwUx.exe N/A
N/A N/A C:\Windows\System\JIFKMVM.exe N/A
N/A N/A C:\Windows\System\oTvKyRq.exe N/A
N/A N/A C:\Windows\System\DIpiRpT.exe N/A
N/A N/A C:\Windows\System\lnTjgGY.exe N/A
N/A N/A C:\Windows\System\CpKcmdN.exe N/A
N/A N/A C:\Windows\System\znTxRWJ.exe N/A
N/A N/A C:\Windows\System\VZXTcbg.exe N/A
N/A N/A C:\Windows\System\OQHaONj.exe N/A
N/A N/A C:\Windows\System\HuttKgg.exe N/A
N/A N/A C:\Windows\System\RAyiOkF.exe N/A
N/A N/A C:\Windows\System\zpSizFw.exe N/A
N/A N/A C:\Windows\System\QWfZcRn.exe N/A
N/A N/A C:\Windows\System\srKPAze.exe N/A
N/A N/A C:\Windows\System\jgrVWwo.exe N/A
N/A N/A C:\Windows\System\BOgxqGt.exe N/A
N/A N/A C:\Windows\System\zItHZLe.exe N/A
N/A N/A C:\Windows\System\TPSCCmu.exe N/A
N/A N/A C:\Windows\System\RPATRWm.exe N/A
N/A N/A C:\Windows\System\bsPAuaN.exe N/A
N/A N/A C:\Windows\System\FZXuLZV.exe N/A
N/A N/A C:\Windows\System\zQepgLP.exe N/A
N/A N/A C:\Windows\System\jtUrnOm.exe N/A
N/A N/A C:\Windows\System\SUmLUZs.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\imDgbhY.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\pCcoisJ.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\FruTwMY.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwlWztw.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQHaONj.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\zSdPDuv.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\bRlZgBT.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\Passxev.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\CeEkdGY.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\nAWOQud.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\SlUcWmu.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\osMBRHx.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlpTjFp.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\irNiKDG.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\gCFurOk.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\KeGFOYt.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\PGmUdXc.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMsMABf.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\sWfKIkM.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\avMrTPm.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\rCfjPGO.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\CdFaFbP.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\MswQOsL.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\JENPRbv.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\fHaJtfq.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\JPzDOxE.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJleAUx.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\PNNmqqU.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\YAraSpC.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\VViJnKP.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaUkvUy.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\gIjFtsS.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\JhFqvIJ.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDhAXct.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\aacCPFK.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGtqfvu.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\SrFDipL.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\FZXuLZV.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTnLsRq.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\PNDoAhM.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\gRwDyji.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLcUtZG.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBeUFfp.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\bmsFwip.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\UySdzAk.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\aXANQtt.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\sRpeNkh.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjqNmJo.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhKpNTw.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCNVfDk.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\mfCNMrI.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\mfARKRn.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\SQAFDqI.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\dEpKost.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUZufUQ.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfvEHwO.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\piagwld.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlAOOMs.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\kqpcUae.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\SRSGZDz.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBLXShS.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\phLnyYt.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpBExiE.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A
File created C:\Windows\System\gEwIQkL.exe C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 556 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\nQMZboy.exe
PID 556 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\nQMZboy.exe
PID 556 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\cGDmspW.exe
PID 556 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\cGDmspW.exe
PID 556 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\WlAOOMs.exe
PID 556 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\WlAOOMs.exe
PID 556 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\oAeDOsd.exe
PID 556 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\oAeDOsd.exe
PID 556 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\DvioGdC.exe
PID 556 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\DvioGdC.exe
PID 556 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\twnTDBY.exe
PID 556 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\twnTDBY.exe
PID 556 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\NiwXldn.exe
PID 556 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\NiwXldn.exe
PID 556 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\ItjzOQD.exe
PID 556 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\ItjzOQD.exe
PID 556 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\qGygLHq.exe
PID 556 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\qGygLHq.exe
PID 556 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\MmhzPFE.exe
PID 556 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\MmhzPFE.exe
PID 556 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\cSbHYCB.exe
PID 556 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\cSbHYCB.exe
PID 556 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\zUIeEzW.exe
PID 556 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\zUIeEzW.exe
PID 556 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\USoUBND.exe
PID 556 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\USoUBND.exe
PID 556 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\BBhykXd.exe
PID 556 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\BBhykXd.exe
PID 556 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\UySdzAk.exe
PID 556 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\UySdzAk.exe
PID 556 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\cyifIXZ.exe
PID 556 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\cyifIXZ.exe
PID 556 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\zUEOTSG.exe
PID 556 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\zUEOTSG.exe
PID 556 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\gavPjtu.exe
PID 556 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\gavPjtu.exe
PID 556 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\LRibWjc.exe
PID 556 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\LRibWjc.exe
PID 556 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\aysZgNL.exe
PID 556 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\aysZgNL.exe
PID 556 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\VrEpMeV.exe
PID 556 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\VrEpMeV.exe
PID 556 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\ymubAtw.exe
PID 556 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\ymubAtw.exe
PID 556 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\xotxQEr.exe
PID 556 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\xotxQEr.exe
PID 556 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\YDJCdqn.exe
PID 556 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\YDJCdqn.exe
PID 556 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\YoPASIT.exe
PID 556 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\YoPASIT.exe
PID 556 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\rPClbSe.exe
PID 556 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\rPClbSe.exe
PID 556 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\fMRaFIs.exe
PID 556 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\fMRaFIs.exe
PID 556 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\wlknYiY.exe
PID 556 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\wlknYiY.exe
PID 556 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\cXPBZZq.exe
PID 556 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\cXPBZZq.exe
PID 556 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\mTFyaKC.exe
PID 556 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\mTFyaKC.exe
PID 556 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\UBfhyTx.exe
PID 556 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\UBfhyTx.exe
PID 556 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\iPxExxU.exe
PID 556 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe C:\Windows\System\iPxExxU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\33903da13d268eecc54afdfe0e342f30_NeikiAnalytics.exe"

C:\Windows\System\nQMZboy.exe

C:\Windows\System\nQMZboy.exe

C:\Windows\System\cGDmspW.exe

C:\Windows\System\cGDmspW.exe

C:\Windows\System\WlAOOMs.exe

C:\Windows\System\WlAOOMs.exe

C:\Windows\System\oAeDOsd.exe

C:\Windows\System\oAeDOsd.exe

C:\Windows\System\DvioGdC.exe

C:\Windows\System\DvioGdC.exe

C:\Windows\System\twnTDBY.exe

C:\Windows\System\twnTDBY.exe

C:\Windows\System\NiwXldn.exe

C:\Windows\System\NiwXldn.exe

C:\Windows\System\ItjzOQD.exe

C:\Windows\System\ItjzOQD.exe

C:\Windows\System\qGygLHq.exe

C:\Windows\System\qGygLHq.exe

C:\Windows\System\MmhzPFE.exe

C:\Windows\System\MmhzPFE.exe

C:\Windows\System\cSbHYCB.exe

C:\Windows\System\cSbHYCB.exe

C:\Windows\System\zUIeEzW.exe

C:\Windows\System\zUIeEzW.exe

C:\Windows\System\USoUBND.exe

C:\Windows\System\USoUBND.exe

C:\Windows\System\BBhykXd.exe

C:\Windows\System\BBhykXd.exe

C:\Windows\System\UySdzAk.exe

C:\Windows\System\UySdzAk.exe

C:\Windows\System\cyifIXZ.exe

C:\Windows\System\cyifIXZ.exe

C:\Windows\System\zUEOTSG.exe

C:\Windows\System\zUEOTSG.exe

C:\Windows\System\gavPjtu.exe

C:\Windows\System\gavPjtu.exe

C:\Windows\System\LRibWjc.exe

C:\Windows\System\LRibWjc.exe

C:\Windows\System\aysZgNL.exe

C:\Windows\System\aysZgNL.exe

C:\Windows\System\VrEpMeV.exe

C:\Windows\System\VrEpMeV.exe

C:\Windows\System\ymubAtw.exe

C:\Windows\System\ymubAtw.exe

C:\Windows\System\xotxQEr.exe

C:\Windows\System\xotxQEr.exe

C:\Windows\System\YDJCdqn.exe

C:\Windows\System\YDJCdqn.exe

C:\Windows\System\YoPASIT.exe

C:\Windows\System\YoPASIT.exe

C:\Windows\System\rPClbSe.exe

C:\Windows\System\rPClbSe.exe

C:\Windows\System\fMRaFIs.exe

C:\Windows\System\fMRaFIs.exe

C:\Windows\System\wlknYiY.exe

C:\Windows\System\wlknYiY.exe

C:\Windows\System\cXPBZZq.exe

C:\Windows\System\cXPBZZq.exe

C:\Windows\System\mTFyaKC.exe

C:\Windows\System\mTFyaKC.exe

C:\Windows\System\UBfhyTx.exe

C:\Windows\System\UBfhyTx.exe

C:\Windows\System\iPxExxU.exe

C:\Windows\System\iPxExxU.exe

C:\Windows\System\SlUcWmu.exe

C:\Windows\System\SlUcWmu.exe

C:\Windows\System\gecfQNK.exe

C:\Windows\System\gecfQNK.exe

C:\Windows\System\zVWWSpy.exe

C:\Windows\System\zVWWSpy.exe

C:\Windows\System\rfYoIKk.exe

C:\Windows\System\rfYoIKk.exe

C:\Windows\System\PPVJUHC.exe

C:\Windows\System\PPVJUHC.exe

C:\Windows\System\GSzKnKx.exe

C:\Windows\System\GSzKnKx.exe

C:\Windows\System\eyTzXFa.exe

C:\Windows\System\eyTzXFa.exe

C:\Windows\System\lqlcrYn.exe

C:\Windows\System\lqlcrYn.exe

C:\Windows\System\OriWwUx.exe

C:\Windows\System\OriWwUx.exe

C:\Windows\System\JIFKMVM.exe

C:\Windows\System\JIFKMVM.exe

C:\Windows\System\oTvKyRq.exe

C:\Windows\System\oTvKyRq.exe

C:\Windows\System\DIpiRpT.exe

C:\Windows\System\DIpiRpT.exe

C:\Windows\System\lnTjgGY.exe

C:\Windows\System\lnTjgGY.exe

C:\Windows\System\CpKcmdN.exe

C:\Windows\System\CpKcmdN.exe

C:\Windows\System\znTxRWJ.exe

C:\Windows\System\znTxRWJ.exe

C:\Windows\System\VZXTcbg.exe

C:\Windows\System\VZXTcbg.exe

C:\Windows\System\OQHaONj.exe

C:\Windows\System\OQHaONj.exe

C:\Windows\System\HuttKgg.exe

C:\Windows\System\HuttKgg.exe

C:\Windows\System\RAyiOkF.exe

C:\Windows\System\RAyiOkF.exe

C:\Windows\System\zpSizFw.exe

C:\Windows\System\zpSizFw.exe

C:\Windows\System\QWfZcRn.exe

C:\Windows\System\QWfZcRn.exe

C:\Windows\System\srKPAze.exe

C:\Windows\System\srKPAze.exe

C:\Windows\System\jgrVWwo.exe

C:\Windows\System\jgrVWwo.exe

C:\Windows\System\BOgxqGt.exe

C:\Windows\System\BOgxqGt.exe

C:\Windows\System\zItHZLe.exe

C:\Windows\System\zItHZLe.exe

C:\Windows\System\TPSCCmu.exe

C:\Windows\System\TPSCCmu.exe

C:\Windows\System\RPATRWm.exe

C:\Windows\System\RPATRWm.exe

C:\Windows\System\bsPAuaN.exe

C:\Windows\System\bsPAuaN.exe

C:\Windows\System\FZXuLZV.exe

C:\Windows\System\FZXuLZV.exe

C:\Windows\System\zQepgLP.exe

C:\Windows\System\zQepgLP.exe

C:\Windows\System\jtUrnOm.exe

C:\Windows\System\jtUrnOm.exe

C:\Windows\System\SUmLUZs.exe

C:\Windows\System\SUmLUZs.exe

C:\Windows\System\fsvfyvd.exe

C:\Windows\System\fsvfyvd.exe

C:\Windows\System\whQIyxD.exe

C:\Windows\System\whQIyxD.exe

C:\Windows\System\JFzbJJB.exe

C:\Windows\System\JFzbJJB.exe

C:\Windows\System\AAiCvca.exe

C:\Windows\System\AAiCvca.exe

C:\Windows\System\CZelTXb.exe

C:\Windows\System\CZelTXb.exe

C:\Windows\System\mnAhYmQ.exe

C:\Windows\System\mnAhYmQ.exe

C:\Windows\System\znkKcAu.exe

C:\Windows\System\znkKcAu.exe

C:\Windows\System\oVQgmbu.exe

C:\Windows\System\oVQgmbu.exe

C:\Windows\System\wYLAqKE.exe

C:\Windows\System\wYLAqKE.exe

C:\Windows\System\YbmjVOS.exe

C:\Windows\System\YbmjVOS.exe

C:\Windows\System\XPpEuez.exe

C:\Windows\System\XPpEuez.exe

C:\Windows\System\kqpcUae.exe

C:\Windows\System\kqpcUae.exe

C:\Windows\System\SnBjpqH.exe

C:\Windows\System\SnBjpqH.exe

C:\Windows\System\JYTMBuE.exe

C:\Windows\System\JYTMBuE.exe

C:\Windows\System\RcujYgm.exe

C:\Windows\System\RcujYgm.exe

C:\Windows\System\jcXkRDe.exe

C:\Windows\System\jcXkRDe.exe

C:\Windows\System\SQAFDqI.exe

C:\Windows\System\SQAFDqI.exe

C:\Windows\System\dkgWRRV.exe

C:\Windows\System\dkgWRRV.exe

C:\Windows\System\WLyUKjp.exe

C:\Windows\System\WLyUKjp.exe

C:\Windows\System\jkqEorq.exe

C:\Windows\System\jkqEorq.exe

C:\Windows\System\MoKaItr.exe

C:\Windows\System\MoKaItr.exe

C:\Windows\System\ilQVXHo.exe

C:\Windows\System\ilQVXHo.exe

C:\Windows\System\rMnuxoU.exe

C:\Windows\System\rMnuxoU.exe

C:\Windows\System\yfhIZaL.exe

C:\Windows\System\yfhIZaL.exe

C:\Windows\System\qdehfPK.exe

C:\Windows\System\qdehfPK.exe

C:\Windows\System\xpsXGgP.exe

C:\Windows\System\xpsXGgP.exe

C:\Windows\System\herBgFR.exe

C:\Windows\System\herBgFR.exe

C:\Windows\System\BHrXyrB.exe

C:\Windows\System\BHrXyrB.exe

C:\Windows\System\fEUmxeQ.exe

C:\Windows\System\fEUmxeQ.exe

C:\Windows\System\iTVmdmG.exe

C:\Windows\System\iTVmdmG.exe

C:\Windows\System\osMBRHx.exe

C:\Windows\System\osMBRHx.exe

C:\Windows\System\dEpKost.exe

C:\Windows\System\dEpKost.exe

C:\Windows\System\KePuVbC.exe

C:\Windows\System\KePuVbC.exe

C:\Windows\System\MaWNnQx.exe

C:\Windows\System\MaWNnQx.exe

C:\Windows\System\ngOxyRR.exe

C:\Windows\System\ngOxyRR.exe

C:\Windows\System\DgDgJMb.exe

C:\Windows\System\DgDgJMb.exe

C:\Windows\System\gpPdVbn.exe

C:\Windows\System\gpPdVbn.exe

C:\Windows\System\PnpMdhO.exe

C:\Windows\System\PnpMdhO.exe

C:\Windows\System\xhRMYwV.exe

C:\Windows\System\xhRMYwV.exe

C:\Windows\System\WgLdgHr.exe

C:\Windows\System\WgLdgHr.exe

C:\Windows\System\JENPRbv.exe

C:\Windows\System\JENPRbv.exe

C:\Windows\System\YpRdZLa.exe

C:\Windows\System\YpRdZLa.exe

C:\Windows\System\iAAJUeM.exe

C:\Windows\System\iAAJUeM.exe

C:\Windows\System\CmEGgZH.exe

C:\Windows\System\CmEGgZH.exe

C:\Windows\System\XKNDVRa.exe

C:\Windows\System\XKNDVRa.exe

C:\Windows\System\EvGwKYv.exe

C:\Windows\System\EvGwKYv.exe

C:\Windows\System\sTXziEz.exe

C:\Windows\System\sTXziEz.exe

C:\Windows\System\WTzvccd.exe

C:\Windows\System\WTzvccd.exe

C:\Windows\System\xNDBOPi.exe

C:\Windows\System\xNDBOPi.exe

C:\Windows\System\VbbdpcR.exe

C:\Windows\System\VbbdpcR.exe

C:\Windows\System\VdDoEHt.exe

C:\Windows\System\VdDoEHt.exe

C:\Windows\System\AwdwHBA.exe

C:\Windows\System\AwdwHBA.exe

C:\Windows\System\aXANQtt.exe

C:\Windows\System\aXANQtt.exe

C:\Windows\System\LLkCrjP.exe

C:\Windows\System\LLkCrjP.exe

C:\Windows\System\mQnUeMf.exe

C:\Windows\System\mQnUeMf.exe

C:\Windows\System\zoxfatr.exe

C:\Windows\System\zoxfatr.exe

C:\Windows\System\iBCCECL.exe

C:\Windows\System\iBCCECL.exe

C:\Windows\System\gRDLwVj.exe

C:\Windows\System\gRDLwVj.exe

C:\Windows\System\VailUVm.exe

C:\Windows\System\VailUVm.exe

C:\Windows\System\iitekHp.exe

C:\Windows\System\iitekHp.exe

C:\Windows\System\YlpTjFp.exe

C:\Windows\System\YlpTjFp.exe

C:\Windows\System\yTkjVTS.exe

C:\Windows\System\yTkjVTS.exe

C:\Windows\System\aVVWWQE.exe

C:\Windows\System\aVVWWQE.exe

C:\Windows\System\rCxfLOS.exe

C:\Windows\System\rCxfLOS.exe

C:\Windows\System\fHaJtfq.exe

C:\Windows\System\fHaJtfq.exe

C:\Windows\System\RPPbvXg.exe

C:\Windows\System\RPPbvXg.exe

C:\Windows\System\WSwffNb.exe

C:\Windows\System\WSwffNb.exe

C:\Windows\System\UnRlYEe.exe

C:\Windows\System\UnRlYEe.exe

C:\Windows\System\SvPAMwP.exe

C:\Windows\System\SvPAMwP.exe

C:\Windows\System\hRxPLkb.exe

C:\Windows\System\hRxPLkb.exe

C:\Windows\System\AykhsXs.exe

C:\Windows\System\AykhsXs.exe

C:\Windows\System\SNyVckg.exe

C:\Windows\System\SNyVckg.exe

C:\Windows\System\RDYGVko.exe

C:\Windows\System\RDYGVko.exe

C:\Windows\System\FwUIOtj.exe

C:\Windows\System\FwUIOtj.exe

C:\Windows\System\DUZufUQ.exe

C:\Windows\System\DUZufUQ.exe

C:\Windows\System\cPKWKKB.exe

C:\Windows\System\cPKWKKB.exe

C:\Windows\System\BFcTnxb.exe

C:\Windows\System\BFcTnxb.exe

C:\Windows\System\Rxqibux.exe

C:\Windows\System\Rxqibux.exe

C:\Windows\System\KeGFOYt.exe

C:\Windows\System\KeGFOYt.exe

C:\Windows\System\KTnLsRq.exe

C:\Windows\System\KTnLsRq.exe

C:\Windows\System\tTgnMiB.exe

C:\Windows\System\tTgnMiB.exe

C:\Windows\System\zXTXqsA.exe

C:\Windows\System\zXTXqsA.exe

C:\Windows\System\mfBLHNn.exe

C:\Windows\System\mfBLHNn.exe

C:\Windows\System\QcFqplb.exe

C:\Windows\System\QcFqplb.exe

C:\Windows\System\UuGZHKd.exe

C:\Windows\System\UuGZHKd.exe

C:\Windows\System\IiqECYq.exe

C:\Windows\System\IiqECYq.exe

C:\Windows\System\woRfjhO.exe

C:\Windows\System\woRfjhO.exe

C:\Windows\System\xTLLvAc.exe

C:\Windows\System\xTLLvAc.exe

C:\Windows\System\DSOKlDq.exe

C:\Windows\System\DSOKlDq.exe

C:\Windows\System\VsPePxf.exe

C:\Windows\System\VsPePxf.exe

C:\Windows\System\zRACnde.exe

C:\Windows\System\zRACnde.exe

C:\Windows\System\phLnyYt.exe

C:\Windows\System\phLnyYt.exe

C:\Windows\System\XavoLNO.exe

C:\Windows\System\XavoLNO.exe

C:\Windows\System\SRSGZDz.exe

C:\Windows\System\SRSGZDz.exe

C:\Windows\System\btxMQQw.exe

C:\Windows\System\btxMQQw.exe

C:\Windows\System\dyblnuv.exe

C:\Windows\System\dyblnuv.exe

C:\Windows\System\mbGXpSw.exe

C:\Windows\System\mbGXpSw.exe

C:\Windows\System\FfveeRg.exe

C:\Windows\System\FfveeRg.exe

C:\Windows\System\UAsBmEl.exe

C:\Windows\System\UAsBmEl.exe

C:\Windows\System\KALzUqz.exe

C:\Windows\System\KALzUqz.exe

C:\Windows\System\PHwOllw.exe

C:\Windows\System\PHwOllw.exe

C:\Windows\System\iqumthO.exe

C:\Windows\System\iqumthO.exe

C:\Windows\System\kLPdmoG.exe

C:\Windows\System\kLPdmoG.exe

C:\Windows\System\EbugJIE.exe

C:\Windows\System\EbugJIE.exe

C:\Windows\System\fjQDreK.exe

C:\Windows\System\fjQDreK.exe

C:\Windows\System\UPTkKor.exe

C:\Windows\System\UPTkKor.exe

C:\Windows\System\sCrGpVB.exe

C:\Windows\System\sCrGpVB.exe

C:\Windows\System\wOfSYeQ.exe

C:\Windows\System\wOfSYeQ.exe

C:\Windows\System\PGmUdXc.exe

C:\Windows\System\PGmUdXc.exe

C:\Windows\System\CEPUykr.exe

C:\Windows\System\CEPUykr.exe

C:\Windows\System\fafxViz.exe

C:\Windows\System\fafxViz.exe

C:\Windows\System\EmOQwXG.exe

C:\Windows\System\EmOQwXG.exe

C:\Windows\System\XZjXHlA.exe

C:\Windows\System\XZjXHlA.exe

C:\Windows\System\AgDLLGe.exe

C:\Windows\System\AgDLLGe.exe

C:\Windows\System\ZOnIutw.exe

C:\Windows\System\ZOnIutw.exe

C:\Windows\System\oZbKVCu.exe

C:\Windows\System\oZbKVCu.exe

C:\Windows\System\wZfjqLb.exe

C:\Windows\System\wZfjqLb.exe

C:\Windows\System\BizcIzG.exe

C:\Windows\System\BizcIzG.exe

C:\Windows\System\JPzDOxE.exe

C:\Windows\System\JPzDOxE.exe

C:\Windows\System\nGgzCLm.exe

C:\Windows\System\nGgzCLm.exe

C:\Windows\System\MYMJBKz.exe

C:\Windows\System\MYMJBKz.exe

C:\Windows\System\ecBthfg.exe

C:\Windows\System\ecBthfg.exe

C:\Windows\System\edaJtav.exe

C:\Windows\System\edaJtav.exe

C:\Windows\System\rHWgetz.exe

C:\Windows\System\rHWgetz.exe

C:\Windows\System\JhFqvIJ.exe

C:\Windows\System\JhFqvIJ.exe

C:\Windows\System\Ptroggr.exe

C:\Windows\System\Ptroggr.exe

C:\Windows\System\Bjqlybc.exe

C:\Windows\System\Bjqlybc.exe

C:\Windows\System\CsuFtFo.exe

C:\Windows\System\CsuFtFo.exe

C:\Windows\System\SBVCCIp.exe

C:\Windows\System\SBVCCIp.exe

C:\Windows\System\jDhAXct.exe

C:\Windows\System\jDhAXct.exe

C:\Windows\System\bknwgTY.exe

C:\Windows\System\bknwgTY.exe

C:\Windows\System\HAlUDUY.exe

C:\Windows\System\HAlUDUY.exe

C:\Windows\System\rWiQXwM.exe

C:\Windows\System\rWiQXwM.exe

C:\Windows\System\gOHUryb.exe

C:\Windows\System\gOHUryb.exe

C:\Windows\System\FnAsETY.exe

C:\Windows\System\FnAsETY.exe

C:\Windows\System\Rqfkilf.exe

C:\Windows\System\Rqfkilf.exe

C:\Windows\System\VCNJToD.exe

C:\Windows\System\VCNJToD.exe

C:\Windows\System\cGhSVPZ.exe

C:\Windows\System\cGhSVPZ.exe

C:\Windows\System\ZOTCENS.exe

C:\Windows\System\ZOTCENS.exe

C:\Windows\System\EizsZnN.exe

C:\Windows\System\EizsZnN.exe

C:\Windows\System\VLiOJuj.exe

C:\Windows\System\VLiOJuj.exe

C:\Windows\System\YSZfKSQ.exe

C:\Windows\System\YSZfKSQ.exe

C:\Windows\System\VKCLlxK.exe

C:\Windows\System\VKCLlxK.exe

C:\Windows\System\zSdPDuv.exe

C:\Windows\System\zSdPDuv.exe

C:\Windows\System\KpEhqav.exe

C:\Windows\System\KpEhqav.exe

C:\Windows\System\zmIJSlj.exe

C:\Windows\System\zmIJSlj.exe

C:\Windows\System\azRXiKs.exe

C:\Windows\System\azRXiKs.exe

C:\Windows\System\XfvEHwO.exe

C:\Windows\System\XfvEHwO.exe

C:\Windows\System\qYcWBxL.exe

C:\Windows\System\qYcWBxL.exe

C:\Windows\System\SLtqvTj.exe

C:\Windows\System\SLtqvTj.exe

C:\Windows\System\AaDQGye.exe

C:\Windows\System\AaDQGye.exe

C:\Windows\System\lVEfdBo.exe

C:\Windows\System\lVEfdBo.exe

C:\Windows\System\SJleAUx.exe

C:\Windows\System\SJleAUx.exe

C:\Windows\System\iXVnEFo.exe

C:\Windows\System\iXVnEFo.exe

C:\Windows\System\ronkIcW.exe

C:\Windows\System\ronkIcW.exe

C:\Windows\System\whWKYOK.exe

C:\Windows\System\whWKYOK.exe

C:\Windows\System\hlLHQHo.exe

C:\Windows\System\hlLHQHo.exe

C:\Windows\System\dyjpzgH.exe

C:\Windows\System\dyjpzgH.exe

C:\Windows\System\FNzDgZt.exe

C:\Windows\System\FNzDgZt.exe

C:\Windows\System\KYrRUyN.exe

C:\Windows\System\KYrRUyN.exe

C:\Windows\System\gWBkDpA.exe

C:\Windows\System\gWBkDpA.exe

C:\Windows\System\YJdMUBT.exe

C:\Windows\System\YJdMUBT.exe

C:\Windows\System\SQFjVuo.exe

C:\Windows\System\SQFjVuo.exe

C:\Windows\System\NnmGbRK.exe

C:\Windows\System\NnmGbRK.exe

C:\Windows\System\zLWJsuR.exe

C:\Windows\System\zLWJsuR.exe

C:\Windows\System\RQnXZiv.exe

C:\Windows\System\RQnXZiv.exe

C:\Windows\System\GklpOtd.exe

C:\Windows\System\GklpOtd.exe

C:\Windows\System\kuEMUro.exe

C:\Windows\System\kuEMUro.exe

C:\Windows\System\FcfQjGP.exe

C:\Windows\System\FcfQjGP.exe

C:\Windows\System\BuzeRPV.exe

C:\Windows\System\BuzeRPV.exe

C:\Windows\System\QkgxFfb.exe

C:\Windows\System\QkgxFfb.exe

C:\Windows\System\xhKpNTw.exe

C:\Windows\System\xhKpNTw.exe

C:\Windows\System\PvQrwgS.exe

C:\Windows\System\PvQrwgS.exe

C:\Windows\System\KTYTQYh.exe

C:\Windows\System\KTYTQYh.exe

C:\Windows\System\ivYLsWG.exe

C:\Windows\System\ivYLsWG.exe

C:\Windows\System\rynvKBa.exe

C:\Windows\System\rynvKBa.exe

C:\Windows\System\Nofxywf.exe

C:\Windows\System\Nofxywf.exe

C:\Windows\System\wCxulyH.exe

C:\Windows\System\wCxulyH.exe

C:\Windows\System\uAUpGNc.exe

C:\Windows\System\uAUpGNc.exe

C:\Windows\System\HiyfMDn.exe

C:\Windows\System\HiyfMDn.exe

C:\Windows\System\QnwGAIN.exe

C:\Windows\System\QnwGAIN.exe

C:\Windows\System\TMFOhgM.exe

C:\Windows\System\TMFOhgM.exe

C:\Windows\System\jdjVcPE.exe

C:\Windows\System\jdjVcPE.exe

C:\Windows\System\juuIFXI.exe

C:\Windows\System\juuIFXI.exe

C:\Windows\System\BLpzjrl.exe

C:\Windows\System\BLpzjrl.exe

C:\Windows\System\VISFNMF.exe

C:\Windows\System\VISFNMF.exe

C:\Windows\System\BkbCSmE.exe

C:\Windows\System\BkbCSmE.exe

C:\Windows\System\oCXpyXk.exe

C:\Windows\System\oCXpyXk.exe

C:\Windows\System\jObPitp.exe

C:\Windows\System\jObPitp.exe

C:\Windows\System\TJmdQeF.exe

C:\Windows\System\TJmdQeF.exe

C:\Windows\System\LQnQLKS.exe

C:\Windows\System\LQnQLKS.exe

C:\Windows\System\xyGVmnW.exe

C:\Windows\System\xyGVmnW.exe

C:\Windows\System\YWwPgBS.exe

C:\Windows\System\YWwPgBS.exe

C:\Windows\System\avMrTPm.exe

C:\Windows\System\avMrTPm.exe

C:\Windows\System\eKwmtsq.exe

C:\Windows\System\eKwmtsq.exe

C:\Windows\System\tQEnndX.exe

C:\Windows\System\tQEnndX.exe

C:\Windows\System\qqsyGnt.exe

C:\Windows\System\qqsyGnt.exe

C:\Windows\System\aNodPlm.exe

C:\Windows\System\aNodPlm.exe

C:\Windows\System\ALouCIG.exe

C:\Windows\System\ALouCIG.exe

C:\Windows\System\dHOVXwN.exe

C:\Windows\System\dHOVXwN.exe

C:\Windows\System\IfnDFQT.exe

C:\Windows\System\IfnDFQT.exe

C:\Windows\System\DFRqovD.exe

C:\Windows\System\DFRqovD.exe

C:\Windows\System\PNDoAhM.exe

C:\Windows\System\PNDoAhM.exe

C:\Windows\System\KwVxFBY.exe

C:\Windows\System\KwVxFBY.exe

C:\Windows\System\eKpWyGb.exe

C:\Windows\System\eKpWyGb.exe

C:\Windows\System\LpIQDqO.exe

C:\Windows\System\LpIQDqO.exe

C:\Windows\System\gFLFOjS.exe

C:\Windows\System\gFLFOjS.exe

C:\Windows\System\hSlFRus.exe

C:\Windows\System\hSlFRus.exe

C:\Windows\System\fVYztoA.exe

C:\Windows\System\fVYztoA.exe

C:\Windows\System\XOXxlpn.exe

C:\Windows\System\XOXxlpn.exe

C:\Windows\System\cDQZwiu.exe

C:\Windows\System\cDQZwiu.exe

C:\Windows\System\uNGJObg.exe

C:\Windows\System\uNGJObg.exe

C:\Windows\System\wDksHXd.exe

C:\Windows\System\wDksHXd.exe

C:\Windows\System\TWXomKR.exe

C:\Windows\System\TWXomKR.exe

C:\Windows\System\wPRESsh.exe

C:\Windows\System\wPRESsh.exe

C:\Windows\System\muKSlhV.exe

C:\Windows\System\muKSlhV.exe

C:\Windows\System\lScmxhm.exe

C:\Windows\System\lScmxhm.exe

C:\Windows\System\AXAKYzZ.exe

C:\Windows\System\AXAKYzZ.exe

C:\Windows\System\QMsMABf.exe

C:\Windows\System\QMsMABf.exe

C:\Windows\System\XwCZexJ.exe

C:\Windows\System\XwCZexJ.exe

C:\Windows\System\HcfJpsu.exe

C:\Windows\System\HcfJpsu.exe

C:\Windows\System\bKkARqt.exe

C:\Windows\System\bKkARqt.exe

C:\Windows\System\eLgFWTN.exe

C:\Windows\System\eLgFWTN.exe

C:\Windows\System\oLGfJWj.exe

C:\Windows\System\oLGfJWj.exe

C:\Windows\System\OYQZZgy.exe

C:\Windows\System\OYQZZgy.exe

C:\Windows\System\obiHQcK.exe

C:\Windows\System\obiHQcK.exe

C:\Windows\System\SwDKXqU.exe

C:\Windows\System\SwDKXqU.exe

C:\Windows\System\CgqIkBj.exe

C:\Windows\System\CgqIkBj.exe

C:\Windows\System\gjTeuKG.exe

C:\Windows\System\gjTeuKG.exe

C:\Windows\System\SdFreLX.exe

C:\Windows\System\SdFreLX.exe

C:\Windows\System\fcnFmuC.exe

C:\Windows\System\fcnFmuC.exe

C:\Windows\System\YKYdmKF.exe

C:\Windows\System\YKYdmKF.exe

C:\Windows\System\aNrvEmH.exe

C:\Windows\System\aNrvEmH.exe

C:\Windows\System\bRlZgBT.exe

C:\Windows\System\bRlZgBT.exe

C:\Windows\System\KLsiogR.exe

C:\Windows\System\KLsiogR.exe

C:\Windows\System\ROqAoNe.exe

C:\Windows\System\ROqAoNe.exe

C:\Windows\System\FgFcegd.exe

C:\Windows\System\FgFcegd.exe

C:\Windows\System\aacCPFK.exe

C:\Windows\System\aacCPFK.exe

C:\Windows\System\JfYkxKb.exe

C:\Windows\System\JfYkxKb.exe

C:\Windows\System\gyykQiL.exe

C:\Windows\System\gyykQiL.exe

C:\Windows\System\huETaYJ.exe

C:\Windows\System\huETaYJ.exe

C:\Windows\System\dopPeSV.exe

C:\Windows\System\dopPeSV.exe

C:\Windows\System\tzUYCkH.exe

C:\Windows\System\tzUYCkH.exe

C:\Windows\System\FAsNwkZ.exe

C:\Windows\System\FAsNwkZ.exe

C:\Windows\System\GGDolzX.exe

C:\Windows\System\GGDolzX.exe

C:\Windows\System\ngsMARf.exe

C:\Windows\System\ngsMARf.exe

C:\Windows\System\fBLXShS.exe

C:\Windows\System\fBLXShS.exe

C:\Windows\System\NGhogOn.exe

C:\Windows\System\NGhogOn.exe

C:\Windows\System\mEfxyNR.exe

C:\Windows\System\mEfxyNR.exe

C:\Windows\System\FwMmMoG.exe

C:\Windows\System\FwMmMoG.exe

C:\Windows\System\MYnRaoV.exe

C:\Windows\System\MYnRaoV.exe

C:\Windows\System\QQlKfja.exe

C:\Windows\System\QQlKfja.exe

C:\Windows\System\izTZYhe.exe

C:\Windows\System\izTZYhe.exe

C:\Windows\System\PINKtEy.exe

C:\Windows\System\PINKtEy.exe

C:\Windows\System\EABypmi.exe

C:\Windows\System\EABypmi.exe

C:\Windows\System\KqraiTk.exe

C:\Windows\System\KqraiTk.exe

C:\Windows\System\FxQjLOV.exe

C:\Windows\System\FxQjLOV.exe

C:\Windows\System\KHSQtJv.exe

C:\Windows\System\KHSQtJv.exe

C:\Windows\System\uiIvJAY.exe

C:\Windows\System\uiIvJAY.exe

C:\Windows\System\SDMlRPx.exe

C:\Windows\System\SDMlRPx.exe

C:\Windows\System\ZCTlcgW.exe

C:\Windows\System\ZCTlcgW.exe

C:\Windows\System\wnKOxBj.exe

C:\Windows\System\wnKOxBj.exe

C:\Windows\System\Passxev.exe

C:\Windows\System\Passxev.exe

C:\Windows\System\imDgbhY.exe

C:\Windows\System\imDgbhY.exe

C:\Windows\System\iGAlosW.exe

C:\Windows\System\iGAlosW.exe

C:\Windows\System\IdCIarl.exe

C:\Windows\System\IdCIarl.exe

C:\Windows\System\Tgybmzu.exe

C:\Windows\System\Tgybmzu.exe

C:\Windows\System\QBuySPJ.exe

C:\Windows\System\QBuySPJ.exe

C:\Windows\System\EyzjSRb.exe

C:\Windows\System\EyzjSRb.exe

C:\Windows\System\YaOJswV.exe

C:\Windows\System\YaOJswV.exe

C:\Windows\System\RerqrBI.exe

C:\Windows\System\RerqrBI.exe

C:\Windows\System\kuLEysJ.exe

C:\Windows\System\kuLEysJ.exe

C:\Windows\System\fDZFByS.exe

C:\Windows\System\fDZFByS.exe

C:\Windows\System\VnIznoi.exe

C:\Windows\System\VnIznoi.exe

C:\Windows\System\HwpZBEM.exe

C:\Windows\System\HwpZBEM.exe

C:\Windows\System\URRGTXz.exe

C:\Windows\System\URRGTXz.exe

C:\Windows\System\keqEzsf.exe

C:\Windows\System\keqEzsf.exe

C:\Windows\System\HvyxRyR.exe

C:\Windows\System\HvyxRyR.exe

C:\Windows\System\SGTjgXG.exe

C:\Windows\System\SGTjgXG.exe

C:\Windows\System\JhfeRPC.exe

C:\Windows\System\JhfeRPC.exe

C:\Windows\System\HvISSLm.exe

C:\Windows\System\HvISSLm.exe

C:\Windows\System\bsCSTEe.exe

C:\Windows\System\bsCSTEe.exe

C:\Windows\System\iJjaoBk.exe

C:\Windows\System\iJjaoBk.exe

C:\Windows\System\clhMJEn.exe

C:\Windows\System\clhMJEn.exe

C:\Windows\System\DgMIhws.exe

C:\Windows\System\DgMIhws.exe

C:\Windows\System\YENjRgd.exe

C:\Windows\System\YENjRgd.exe

C:\Windows\System\TwtjBla.exe

C:\Windows\System\TwtjBla.exe

C:\Windows\System\brWzhLx.exe

C:\Windows\System\brWzhLx.exe

C:\Windows\System\vgrJNEy.exe

C:\Windows\System\vgrJNEy.exe

C:\Windows\System\JydchWt.exe

C:\Windows\System\JydchWt.exe

C:\Windows\System\WKPXMVs.exe

C:\Windows\System\WKPXMVs.exe

C:\Windows\System\XEOyadK.exe

C:\Windows\System\XEOyadK.exe

C:\Windows\System\KrmcDlv.exe

C:\Windows\System\KrmcDlv.exe

C:\Windows\System\nYzkhxx.exe

C:\Windows\System\nYzkhxx.exe

C:\Windows\System\bOZRowp.exe

C:\Windows\System\bOZRowp.exe

C:\Windows\System\WWCpkmu.exe

C:\Windows\System\WWCpkmu.exe

C:\Windows\System\ugXLOvt.exe

C:\Windows\System\ugXLOvt.exe

C:\Windows\System\mcyRxBK.exe

C:\Windows\System\mcyRxBK.exe

C:\Windows\System\IzhcqgT.exe

C:\Windows\System\IzhcqgT.exe

C:\Windows\System\IGxKony.exe

C:\Windows\System\IGxKony.exe

C:\Windows\System\weYXcKf.exe

C:\Windows\System\weYXcKf.exe

C:\Windows\System\tCNVfDk.exe

C:\Windows\System\tCNVfDk.exe

C:\Windows\System\eSZhfut.exe

C:\Windows\System\eSZhfut.exe

C:\Windows\System\VfnuwmB.exe

C:\Windows\System\VfnuwmB.exe

C:\Windows\System\pCcoisJ.exe

C:\Windows\System\pCcoisJ.exe

C:\Windows\System\zLcSika.exe

C:\Windows\System\zLcSika.exe

C:\Windows\System\gfKkdNn.exe

C:\Windows\System\gfKkdNn.exe

C:\Windows\System\CaXdpjy.exe

C:\Windows\System\CaXdpjy.exe

C:\Windows\System\AWUCtWR.exe

C:\Windows\System\AWUCtWR.exe

C:\Windows\System\mfCNMrI.exe

C:\Windows\System\mfCNMrI.exe

C:\Windows\System\PcMJSYa.exe

C:\Windows\System\PcMJSYa.exe

C:\Windows\System\UGrgNDO.exe

C:\Windows\System\UGrgNDO.exe

C:\Windows\System\abMmODc.exe

C:\Windows\System\abMmODc.exe

C:\Windows\System\fhlVXyr.exe

C:\Windows\System\fhlVXyr.exe

C:\Windows\System\BppBxiK.exe

C:\Windows\System\BppBxiK.exe

C:\Windows\System\rJKzVab.exe

C:\Windows\System\rJKzVab.exe

C:\Windows\System\mVhxGYe.exe

C:\Windows\System\mVhxGYe.exe

C:\Windows\System\mugbInV.exe

C:\Windows\System\mugbInV.exe

C:\Windows\System\MKKAAzw.exe

C:\Windows\System\MKKAAzw.exe

C:\Windows\System\oeXAWSW.exe

C:\Windows\System\oeXAWSW.exe

C:\Windows\System\myTDjZq.exe

C:\Windows\System\myTDjZq.exe

C:\Windows\System\TwqJbON.exe

C:\Windows\System\TwqJbON.exe

C:\Windows\System\XpFRvyF.exe

C:\Windows\System\XpFRvyF.exe

C:\Windows\System\aUIvTeq.exe

C:\Windows\System\aUIvTeq.exe

C:\Windows\System\JbNTZgH.exe

C:\Windows\System\JbNTZgH.exe

C:\Windows\System\oIcGVlS.exe

C:\Windows\System\oIcGVlS.exe

C:\Windows\System\IbZJRUp.exe

C:\Windows\System\IbZJRUp.exe

C:\Windows\System\AwmAORL.exe

C:\Windows\System\AwmAORL.exe

C:\Windows\System\YxKqUNr.exe

C:\Windows\System\YxKqUNr.exe

C:\Windows\System\KRloYEU.exe

C:\Windows\System\KRloYEU.exe

C:\Windows\System\EUeUofU.exe

C:\Windows\System\EUeUofU.exe

C:\Windows\System\RcMaoCU.exe

C:\Windows\System\RcMaoCU.exe

C:\Windows\System\sKLmhus.exe

C:\Windows\System\sKLmhus.exe

C:\Windows\System\YaWxKmn.exe

C:\Windows\System\YaWxKmn.exe

C:\Windows\System\ymEOiIA.exe

C:\Windows\System\ymEOiIA.exe

C:\Windows\System\gffRuUm.exe

C:\Windows\System\gffRuUm.exe

C:\Windows\System\WNtiuUz.exe

C:\Windows\System\WNtiuUz.exe

C:\Windows\System\TskeJZZ.exe

C:\Windows\System\TskeJZZ.exe

C:\Windows\System\sGMaeZG.exe

C:\Windows\System\sGMaeZG.exe

C:\Windows\System\lkEHlcp.exe

C:\Windows\System\lkEHlcp.exe

C:\Windows\System\xKOmfMp.exe

C:\Windows\System\xKOmfMp.exe

C:\Windows\System\OYBKBuQ.exe

C:\Windows\System\OYBKBuQ.exe

C:\Windows\System\fUhDeqF.exe

C:\Windows\System\fUhDeqF.exe

C:\Windows\System\YoxLkAH.exe

C:\Windows\System\YoxLkAH.exe

C:\Windows\System\ROcpdxD.exe

C:\Windows\System\ROcpdxD.exe

C:\Windows\System\HJGYVHs.exe

C:\Windows\System\HJGYVHs.exe

C:\Windows\System\ZWwNjDa.exe

C:\Windows\System\ZWwNjDa.exe

C:\Windows\System\FVZeGQe.exe

C:\Windows\System\FVZeGQe.exe

C:\Windows\System\McvYfOP.exe

C:\Windows\System\McvYfOP.exe

C:\Windows\System\kFyBmIH.exe

C:\Windows\System\kFyBmIH.exe

C:\Windows\System\rIrcQwJ.exe

C:\Windows\System\rIrcQwJ.exe

C:\Windows\System\gjBxwYj.exe

C:\Windows\System\gjBxwYj.exe

C:\Windows\System\eTvVptE.exe

C:\Windows\System\eTvVptE.exe

C:\Windows\System\vaNDUZp.exe

C:\Windows\System\vaNDUZp.exe

C:\Windows\System\vQaWlXo.exe

C:\Windows\System\vQaWlXo.exe

C:\Windows\System\ijGndOf.exe

C:\Windows\System\ijGndOf.exe

C:\Windows\System\BJCIACk.exe

C:\Windows\System\BJCIACk.exe

C:\Windows\System\LmJQlvN.exe

C:\Windows\System\LmJQlvN.exe

C:\Windows\System\uSzQyiC.exe

C:\Windows\System\uSzQyiC.exe

C:\Windows\System\ZQiyMyX.exe

C:\Windows\System\ZQiyMyX.exe

C:\Windows\System\ZhyuJsN.exe

C:\Windows\System\ZhyuJsN.exe

C:\Windows\System\mBAHqUE.exe

C:\Windows\System\mBAHqUE.exe

C:\Windows\System\HDxfgCB.exe

C:\Windows\System\HDxfgCB.exe

C:\Windows\System\SENlIPs.exe

C:\Windows\System\SENlIPs.exe

C:\Windows\System\gRAWMKi.exe

C:\Windows\System\gRAWMKi.exe

C:\Windows\System\rmPfUZx.exe

C:\Windows\System\rmPfUZx.exe

C:\Windows\System\irNiKDG.exe

C:\Windows\System\irNiKDG.exe

C:\Windows\System\AMqWUcS.exe

C:\Windows\System\AMqWUcS.exe

C:\Windows\System\zoFhwVy.exe

C:\Windows\System\zoFhwVy.exe

C:\Windows\System\uDsespI.exe

C:\Windows\System\uDsespI.exe

C:\Windows\System\RvGOPKP.exe

C:\Windows\System\RvGOPKP.exe

C:\Windows\System\zSmmjaM.exe

C:\Windows\System\zSmmjaM.exe

C:\Windows\System\HesfBCH.exe

C:\Windows\System\HesfBCH.exe

C:\Windows\System\hdNaxWc.exe

C:\Windows\System\hdNaxWc.exe

C:\Windows\System\CVsGzgM.exe

C:\Windows\System\CVsGzgM.exe

C:\Windows\System\UwCXRQt.exe

C:\Windows\System\UwCXRQt.exe

C:\Windows\System\saWPbiw.exe

C:\Windows\System\saWPbiw.exe

C:\Windows\System\KngyEHA.exe

C:\Windows\System\KngyEHA.exe

C:\Windows\System\yndrsBr.exe

C:\Windows\System\yndrsBr.exe

C:\Windows\System\tYkPAiK.exe

C:\Windows\System\tYkPAiK.exe

C:\Windows\System\zcJGyRX.exe

C:\Windows\System\zcJGyRX.exe

C:\Windows\System\rCfjPGO.exe

C:\Windows\System\rCfjPGO.exe

C:\Windows\System\XPQtxBF.exe

C:\Windows\System\XPQtxBF.exe

C:\Windows\System\zekVsYA.exe

C:\Windows\System\zekVsYA.exe

C:\Windows\System\RbLrQYB.exe

C:\Windows\System\RbLrQYB.exe

C:\Windows\System\CWYRftK.exe

C:\Windows\System\CWYRftK.exe

C:\Windows\System\JdhAdfQ.exe

C:\Windows\System\JdhAdfQ.exe

C:\Windows\System\hoYITdU.exe

C:\Windows\System\hoYITdU.exe

C:\Windows\System\rQlVFCN.exe

C:\Windows\System\rQlVFCN.exe

C:\Windows\System\PvuNBVv.exe

C:\Windows\System\PvuNBVv.exe

C:\Windows\System\FXhqTKZ.exe

C:\Windows\System\FXhqTKZ.exe

C:\Windows\System\wQvWcwa.exe

C:\Windows\System\wQvWcwa.exe

C:\Windows\System\gRwDyji.exe

C:\Windows\System\gRwDyji.exe

C:\Windows\System\hxXFUhG.exe

C:\Windows\System\hxXFUhG.exe

C:\Windows\System\CdFaFbP.exe

C:\Windows\System\CdFaFbP.exe

C:\Windows\System\JCWCERu.exe

C:\Windows\System\JCWCERu.exe

C:\Windows\System\MfhvvWw.exe

C:\Windows\System\MfhvvWw.exe

C:\Windows\System\EJhlScq.exe

C:\Windows\System\EJhlScq.exe

C:\Windows\System\atpPNQa.exe

C:\Windows\System\atpPNQa.exe

C:\Windows\System\ppVMGko.exe

C:\Windows\System\ppVMGko.exe

C:\Windows\System\slSCNDq.exe

C:\Windows\System\slSCNDq.exe

C:\Windows\System\HqdrdJZ.exe

C:\Windows\System\HqdrdJZ.exe

C:\Windows\System\llFless.exe

C:\Windows\System\llFless.exe

C:\Windows\System\JNrzHZB.exe

C:\Windows\System\JNrzHZB.exe

C:\Windows\System\XfttSCP.exe

C:\Windows\System\XfttSCP.exe

C:\Windows\System\ICoTfrl.exe

C:\Windows\System\ICoTfrl.exe

C:\Windows\System\QNsiOqC.exe

C:\Windows\System\QNsiOqC.exe

C:\Windows\System\JjyCers.exe

C:\Windows\System\JjyCers.exe

C:\Windows\System\FjwsNQq.exe

C:\Windows\System\FjwsNQq.exe

C:\Windows\System\IHoTWZl.exe

C:\Windows\System\IHoTWZl.exe

C:\Windows\System\hIfigsv.exe

C:\Windows\System\hIfigsv.exe

C:\Windows\System\QHlgnlg.exe

C:\Windows\System\QHlgnlg.exe

C:\Windows\System\VtkKtiy.exe

C:\Windows\System\VtkKtiy.exe

C:\Windows\System\LgXrEbn.exe

C:\Windows\System\LgXrEbn.exe

C:\Windows\System\NuNedQL.exe

C:\Windows\System\NuNedQL.exe

C:\Windows\System\FsGUWXR.exe

C:\Windows\System\FsGUWXR.exe

C:\Windows\System\dpDBrih.exe

C:\Windows\System\dpDBrih.exe

C:\Windows\System\mGxvWIB.exe

C:\Windows\System\mGxvWIB.exe

C:\Windows\System\iWPjQHM.exe

C:\Windows\System\iWPjQHM.exe

C:\Windows\System\doeshXv.exe

C:\Windows\System\doeshXv.exe

C:\Windows\System\pKtqLJh.exe

C:\Windows\System\pKtqLJh.exe

C:\Windows\System\SPbrtXv.exe

C:\Windows\System\SPbrtXv.exe

C:\Windows\System\lSOXWVq.exe

C:\Windows\System\lSOXWVq.exe

C:\Windows\System\JVtAAII.exe

C:\Windows\System\JVtAAII.exe

C:\Windows\System\rFmtdjO.exe

C:\Windows\System\rFmtdjO.exe

C:\Windows\System\ISBbmCO.exe

C:\Windows\System\ISBbmCO.exe

C:\Windows\System\YMzBYns.exe

C:\Windows\System\YMzBYns.exe

C:\Windows\System\kuxLeWZ.exe

C:\Windows\System\kuxLeWZ.exe

C:\Windows\System\dErMMus.exe

C:\Windows\System\dErMMus.exe

C:\Windows\System\MswQOsL.exe

C:\Windows\System\MswQOsL.exe

C:\Windows\System\abOafRV.exe

C:\Windows\System\abOafRV.exe

C:\Windows\System\UybsLFb.exe

C:\Windows\System\UybsLFb.exe

C:\Windows\System\NGtqfvu.exe

C:\Windows\System\NGtqfvu.exe

C:\Windows\System\ObfYjwN.exe

C:\Windows\System\ObfYjwN.exe

C:\Windows\System\bAxmpUr.exe

C:\Windows\System\bAxmpUr.exe

C:\Windows\System\yVayuZl.exe

C:\Windows\System\yVayuZl.exe

C:\Windows\System\ovZpvay.exe

C:\Windows\System\ovZpvay.exe

C:\Windows\System\vxESvhW.exe

C:\Windows\System\vxESvhW.exe

C:\Windows\System\pZhrxwg.exe

C:\Windows\System\pZhrxwg.exe

C:\Windows\System\JOwTNik.exe

C:\Windows\System\JOwTNik.exe

C:\Windows\System\auoEaVK.exe

C:\Windows\System\auoEaVK.exe

C:\Windows\System\BBlkhuO.exe

C:\Windows\System\BBlkhuO.exe

C:\Windows\System\hNIfVYN.exe

C:\Windows\System\hNIfVYN.exe

C:\Windows\System\iaevsXm.exe

C:\Windows\System\iaevsXm.exe

C:\Windows\System\mfARKRn.exe

C:\Windows\System\mfARKRn.exe

C:\Windows\System\MFKavaS.exe

C:\Windows\System\MFKavaS.exe

C:\Windows\System\xXeeGLv.exe

C:\Windows\System\xXeeGLv.exe

C:\Windows\System\LLsveIr.exe

C:\Windows\System\LLsveIr.exe

C:\Windows\System\nOSXyMn.exe

C:\Windows\System\nOSXyMn.exe

C:\Windows\System\eJwarfE.exe

C:\Windows\System\eJwarfE.exe

C:\Windows\System\cGTVOKi.exe

C:\Windows\System\cGTVOKi.exe

C:\Windows\System\LysVDBM.exe

C:\Windows\System\LysVDBM.exe

C:\Windows\System\eXPeAXq.exe

C:\Windows\System\eXPeAXq.exe

C:\Windows\System\KpstujW.exe

C:\Windows\System\KpstujW.exe

C:\Windows\System\VeaLJiE.exe

C:\Windows\System\VeaLJiE.exe

C:\Windows\System\YATJtaB.exe

C:\Windows\System\YATJtaB.exe

C:\Windows\System\UxSoRmL.exe

C:\Windows\System\UxSoRmL.exe

C:\Windows\System\FruTwMY.exe

C:\Windows\System\FruTwMY.exe

C:\Windows\System\VGqaxtd.exe

C:\Windows\System\VGqaxtd.exe

C:\Windows\System\gTUiwdx.exe

C:\Windows\System\gTUiwdx.exe

C:\Windows\System\mYppIhp.exe

C:\Windows\System\mYppIhp.exe

C:\Windows\System\PvMFHYM.exe

C:\Windows\System\PvMFHYM.exe

C:\Windows\System\NuCfqQa.exe

C:\Windows\System\NuCfqQa.exe

C:\Windows\System\EzBYUWh.exe

C:\Windows\System\EzBYUWh.exe

C:\Windows\System\xrTfUDb.exe

C:\Windows\System\xrTfUDb.exe

C:\Windows\System\sRpeNkh.exe

C:\Windows\System\sRpeNkh.exe

C:\Windows\System\wYZCUKe.exe

C:\Windows\System\wYZCUKe.exe

C:\Windows\System\MhybjnL.exe

C:\Windows\System\MhybjnL.exe

C:\Windows\System\CAZeweq.exe

C:\Windows\System\CAZeweq.exe

C:\Windows\System\pofHFkn.exe

C:\Windows\System\pofHFkn.exe

C:\Windows\System\cYDMGCh.exe

C:\Windows\System\cYDMGCh.exe

C:\Windows\System\mzBXrVp.exe

C:\Windows\System\mzBXrVp.exe

C:\Windows\System\sTQbOEA.exe

C:\Windows\System\sTQbOEA.exe

C:\Windows\System\qxkAiOf.exe

C:\Windows\System\qxkAiOf.exe

C:\Windows\System\jCYtZEY.exe

C:\Windows\System\jCYtZEY.exe

C:\Windows\System\PNNmqqU.exe

C:\Windows\System\PNNmqqU.exe

C:\Windows\System\QjMSDhY.exe

C:\Windows\System\QjMSDhY.exe

C:\Windows\System\iaUkvUy.exe

C:\Windows\System\iaUkvUy.exe

C:\Windows\System\znrKXwC.exe

C:\Windows\System\znrKXwC.exe

C:\Windows\System\khIlARw.exe

C:\Windows\System\khIlARw.exe

C:\Windows\System\npOcSMM.exe

C:\Windows\System\npOcSMM.exe

C:\Windows\System\aTCFXpc.exe

C:\Windows\System\aTCFXpc.exe

C:\Windows\System\uSxtnOg.exe

C:\Windows\System\uSxtnOg.exe

C:\Windows\System\LjqNmJo.exe

C:\Windows\System\LjqNmJo.exe

C:\Windows\System\qdWhmcn.exe

C:\Windows\System\qdWhmcn.exe

C:\Windows\System\EaNOreA.exe

C:\Windows\System\EaNOreA.exe

C:\Windows\System\mwlWztw.exe

C:\Windows\System\mwlWztw.exe

C:\Windows\System\OEJQbVB.exe

C:\Windows\System\OEJQbVB.exe

C:\Windows\System\cwynSRf.exe

C:\Windows\System\cwynSRf.exe

C:\Windows\System\jzDRxmh.exe

C:\Windows\System\jzDRxmh.exe

C:\Windows\System\pOGQkCG.exe

C:\Windows\System\pOGQkCG.exe

C:\Windows\System\ERZwRbH.exe

C:\Windows\System\ERZwRbH.exe

C:\Windows\System\PIVTHrb.exe

C:\Windows\System\PIVTHrb.exe

C:\Windows\System\UphWtbY.exe

C:\Windows\System\UphWtbY.exe

C:\Windows\System\gxbxEEn.exe

C:\Windows\System\gxbxEEn.exe

C:\Windows\System\lxPHdgJ.exe

C:\Windows\System\lxPHdgJ.exe

C:\Windows\System\OaqaXxI.exe

C:\Windows\System\OaqaXxI.exe

C:\Windows\System\osnbUef.exe

C:\Windows\System\osnbUef.exe

C:\Windows\System\WpBExiE.exe

C:\Windows\System\WpBExiE.exe

C:\Windows\System\VqlCHxI.exe

C:\Windows\System\VqlCHxI.exe

C:\Windows\System\BFFspQc.exe

C:\Windows\System\BFFspQc.exe

C:\Windows\System\YAraSpC.exe

C:\Windows\System\YAraSpC.exe

C:\Windows\System\eEJzhpG.exe

C:\Windows\System\eEJzhpG.exe

C:\Windows\System\gEwIQkL.exe

C:\Windows\System\gEwIQkL.exe

C:\Windows\System\zWiopBj.exe

C:\Windows\System\zWiopBj.exe

C:\Windows\System\CgoAxMH.exe

C:\Windows\System\CgoAxMH.exe

C:\Windows\System\FLcUtZG.exe

C:\Windows\System\FLcUtZG.exe

C:\Windows\System\XfgWdZB.exe

C:\Windows\System\XfgWdZB.exe

C:\Windows\System\BjpiAvQ.exe

C:\Windows\System\BjpiAvQ.exe

C:\Windows\System\Umxepzn.exe

C:\Windows\System\Umxepzn.exe

C:\Windows\System\XBoPVhU.exe

C:\Windows\System\XBoPVhU.exe

C:\Windows\System\EtaCzrF.exe

C:\Windows\System\EtaCzrF.exe

C:\Windows\System\trmKhUH.exe

C:\Windows\System\trmKhUH.exe

C:\Windows\System\nIyVefG.exe

C:\Windows\System\nIyVefG.exe

C:\Windows\System\UwDEeQQ.exe

C:\Windows\System\UwDEeQQ.exe

C:\Windows\System\dLpVZJP.exe

C:\Windows\System\dLpVZJP.exe

C:\Windows\System\CVTsCDg.exe

C:\Windows\System\CVTsCDg.exe

C:\Windows\System\IFOEJNU.exe

C:\Windows\System\IFOEJNU.exe

C:\Windows\System\knHrVut.exe

C:\Windows\System\knHrVut.exe

C:\Windows\System\iBMuqKJ.exe

C:\Windows\System\iBMuqKJ.exe

C:\Windows\System\jzgUARm.exe

C:\Windows\System\jzgUARm.exe

C:\Windows\System\qYwYehf.exe

C:\Windows\System\qYwYehf.exe

C:\Windows\System\VoRMFiM.exe

C:\Windows\System\VoRMFiM.exe

C:\Windows\System\GSydWeD.exe

C:\Windows\System\GSydWeD.exe

C:\Windows\System\dOTaRCW.exe

C:\Windows\System\dOTaRCW.exe

C:\Windows\System\VvDAdXA.exe

C:\Windows\System\VvDAdXA.exe

C:\Windows\System\zaPaYEc.exe

C:\Windows\System\zaPaYEc.exe

C:\Windows\System\jysKWjf.exe

C:\Windows\System\jysKWjf.exe

C:\Windows\System\qsPPhYe.exe

C:\Windows\System\qsPPhYe.exe

C:\Windows\System\SQqmoxp.exe

C:\Windows\System\SQqmoxp.exe

C:\Windows\System\HPCAqTw.exe

C:\Windows\System\HPCAqTw.exe

C:\Windows\System\CMhWIpv.exe

C:\Windows\System\CMhWIpv.exe

C:\Windows\System\CeEkdGY.exe

C:\Windows\System\CeEkdGY.exe

C:\Windows\System\CIOvpLc.exe

C:\Windows\System\CIOvpLc.exe

C:\Windows\System\jmtHwLO.exe

C:\Windows\System\jmtHwLO.exe

C:\Windows\System\NQqWLub.exe

C:\Windows\System\NQqWLub.exe

C:\Windows\System\zCgJQAM.exe

C:\Windows\System\zCgJQAM.exe

C:\Windows\System\CIuTmxs.exe

C:\Windows\System\CIuTmxs.exe

C:\Windows\System\RpAlNqK.exe

C:\Windows\System\RpAlNqK.exe

C:\Windows\System\NQNfiQK.exe

C:\Windows\System\NQNfiQK.exe

C:\Windows\System\MdOErXH.exe

C:\Windows\System\MdOErXH.exe

C:\Windows\System\LruebVq.exe

C:\Windows\System\LruebVq.exe

C:\Windows\System\wGFPrNU.exe

C:\Windows\System\wGFPrNU.exe

C:\Windows\System\QnWXcRu.exe

C:\Windows\System\QnWXcRu.exe

C:\Windows\System\pUqXKDA.exe

C:\Windows\System\pUqXKDA.exe

C:\Windows\System\nEptUhk.exe

C:\Windows\System\nEptUhk.exe

C:\Windows\System\DBeUFfp.exe

C:\Windows\System\DBeUFfp.exe

C:\Windows\System\sWfKIkM.exe

C:\Windows\System\sWfKIkM.exe

C:\Windows\System\Zkyqgll.exe

C:\Windows\System\Zkyqgll.exe

C:\Windows\System\RsHxeDi.exe

C:\Windows\System\RsHxeDi.exe

C:\Windows\System\DgTgJRX.exe

C:\Windows\System\DgTgJRX.exe

C:\Windows\System\IbACFwP.exe

C:\Windows\System\IbACFwP.exe

C:\Windows\System\sSiFIBd.exe

C:\Windows\System\sSiFIBd.exe

C:\Windows\System\iGEsvxP.exe

C:\Windows\System\iGEsvxP.exe

C:\Windows\System\UMcYbYR.exe

C:\Windows\System\UMcYbYR.exe

C:\Windows\System\soxhugM.exe

C:\Windows\System\soxhugM.exe

C:\Windows\System\fMgQREa.exe

C:\Windows\System\fMgQREa.exe

C:\Windows\System\wkjXWQv.exe

C:\Windows\System\wkjXWQv.exe

C:\Windows\System\COERyfC.exe

C:\Windows\System\COERyfC.exe

C:\Windows\System\rsIfiey.exe

C:\Windows\System\rsIfiey.exe

C:\Windows\System\CcfRREh.exe

C:\Windows\System\CcfRREh.exe

C:\Windows\System\jWGwoCd.exe

C:\Windows\System\jWGwoCd.exe

C:\Windows\System\KLEjMmk.exe

C:\Windows\System\KLEjMmk.exe

C:\Windows\System\bmsFwip.exe

C:\Windows\System\bmsFwip.exe

C:\Windows\System\ALXqNcr.exe

C:\Windows\System\ALXqNcr.exe

C:\Windows\System\cJvaHxI.exe

C:\Windows\System\cJvaHxI.exe

C:\Windows\System\GNyrBKm.exe

C:\Windows\System\GNyrBKm.exe

C:\Windows\System\PvafdAH.exe

C:\Windows\System\PvafdAH.exe

C:\Windows\System\bEUYCxW.exe

C:\Windows\System\bEUYCxW.exe

C:\Windows\System\AzuJURZ.exe

C:\Windows\System\AzuJURZ.exe

C:\Windows\System\iHXTNIo.exe

C:\Windows\System\iHXTNIo.exe

C:\Windows\System\GauBgrG.exe

C:\Windows\System\GauBgrG.exe

C:\Windows\System\ugvYWpN.exe

C:\Windows\System\ugvYWpN.exe

C:\Windows\System\jWhcYsS.exe

C:\Windows\System\jWhcYsS.exe

C:\Windows\System\nmezpkD.exe

C:\Windows\System\nmezpkD.exe

C:\Windows\System\ikerbdw.exe

C:\Windows\System\ikerbdw.exe

C:\Windows\System\iHmQmtc.exe

C:\Windows\System\iHmQmtc.exe

C:\Windows\System\kvaSYTk.exe

C:\Windows\System\kvaSYTk.exe

C:\Windows\System\OWpZypi.exe

C:\Windows\System\OWpZypi.exe

C:\Windows\System\hDhKwOL.exe

C:\Windows\System\hDhKwOL.exe

C:\Windows\System\DRCAbJW.exe

C:\Windows\System\DRCAbJW.exe

C:\Windows\System\wZkmAMv.exe

C:\Windows\System\wZkmAMv.exe

C:\Windows\System\SXHHVaU.exe

C:\Windows\System\SXHHVaU.exe

C:\Windows\System\leApdMg.exe

C:\Windows\System\leApdMg.exe

C:\Windows\System\NsmIdtL.exe

C:\Windows\System\NsmIdtL.exe

C:\Windows\System\szAeoai.exe

C:\Windows\System\szAeoai.exe

C:\Windows\System\zKmYbVK.exe

C:\Windows\System\zKmYbVK.exe

C:\Windows\System\XgggNTm.exe

C:\Windows\System\XgggNTm.exe

C:\Windows\System\BVvbMWr.exe

C:\Windows\System\BVvbMWr.exe

C:\Windows\System\JNLnwQq.exe

C:\Windows\System\JNLnwQq.exe

C:\Windows\System\xgUhPaU.exe

C:\Windows\System\xgUhPaU.exe

C:\Windows\System\gCFurOk.exe

C:\Windows\System\gCFurOk.exe

C:\Windows\System\lwQazhU.exe

C:\Windows\System\lwQazhU.exe

C:\Windows\System\dsWsBRd.exe

C:\Windows\System\dsWsBRd.exe

C:\Windows\System\oIKcrmz.exe

C:\Windows\System\oIKcrmz.exe

C:\Windows\System\vdxJGAJ.exe

C:\Windows\System\vdxJGAJ.exe

C:\Windows\System\zJFVhcr.exe

C:\Windows\System\zJFVhcr.exe

C:\Windows\System\SrFDipL.exe

C:\Windows\System\SrFDipL.exe

C:\Windows\System\VHIYnpW.exe

C:\Windows\System\VHIYnpW.exe

C:\Windows\System\JuVyHRQ.exe

C:\Windows\System\JuVyHRQ.exe

C:\Windows\System\BkUvnpR.exe

C:\Windows\System\BkUvnpR.exe

C:\Windows\System\OsrvYLS.exe

C:\Windows\System\OsrvYLS.exe

C:\Windows\System\pNdTVfE.exe

C:\Windows\System\pNdTVfE.exe

C:\Windows\System\OPRMTie.exe

C:\Windows\System\OPRMTie.exe

C:\Windows\System\uUGbace.exe

C:\Windows\System\uUGbace.exe

C:\Windows\System\AWTmMKh.exe

C:\Windows\System\AWTmMKh.exe

C:\Windows\System\IgjjzvY.exe

C:\Windows\System\IgjjzvY.exe

C:\Windows\System\ZWJvvEF.exe

C:\Windows\System\ZWJvvEF.exe

C:\Windows\System\VViJnKP.exe

C:\Windows\System\VViJnKP.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/556-0-0x00007FF693A80000-0x00007FF693DD4000-memory.dmp

memory/556-1-0x000001807B550000-0x000001807B560000-memory.dmp

C:\Windows\System\nQMZboy.exe

MD5 3c3b840a1a7dcef11208397b87a2bff7
SHA1 557cd1c851db1b04df27492148a337af8c828ce5
SHA256 32d0cc0bdb080c2abce3d2d4e243ad5deece7913b0c005169045aacabb55fb39
SHA512 8dc251f0c893f1d44d95279ef4ad77132b165a38147b09eac6924e6ce37143b555fa5b6fd70dfe69b154e663239cacd1f4f5bdeae4e834fd6c44532e74ceea02

C:\Windows\System\oAeDOsd.exe

MD5 734b7994aa1f0a4344dffe8a31b8d1b4
SHA1 ed3d35e67571c8417a30a8b98c055d0bb28189a7
SHA256 3b04701ab5c1644fb97ef8a059666108515408abd26ebd8ab5efb6ad87f356f5
SHA512 fce941f2782be62df230d9c9ad712f1026b0100d6f4037b276e1ba8dd6699f7739fb932c1d46fd32a3816013c61f6022e49df2f020581d160cc2a92e4b952cee

C:\Windows\System\DvioGdC.exe

MD5 801ae9aa7da21aa5a525d2d77a1e203a
SHA1 00430cf6528c5df0b0942f14716155683a4d36e5
SHA256 7826563ec3465b5b121339d5d843533f3579319900d4f2de35315b5fd694e008
SHA512 32d5b43aa164812ff99e722f7cfdd14f49bf6083fe5b1fbd3c3ade41ef486da7caaf26f169ec3a52c00a2eebb1a7bf21ec6b2db8a0976edf030363734e7bfb90

C:\Windows\System\twnTDBY.exe

MD5 d136c4b2d57ccd334d5be136ac2e727a
SHA1 d8465b623a87181e41aa5892143c60d4154ee0ec
SHA256 31c7a622e3586f56bb0c8099bc76d127a01250f383a56439ea613a7169217aba
SHA512 d416cf0be2f7e8ada49e196d06f0f6898799e4fc51a5a4ad1dcf4a2cada5c4a7be164d7ac8b29f2a851694b64043c034d7d0760c2b7f3ca285a9ada9ca95f53c

C:\Windows\System\qGygLHq.exe

MD5 82b454c2bd7ab2d42495cfb5446c26fe
SHA1 a099fa56100ebb2bfd9a58878379fe1e1e6e8847
SHA256 2fb5e7bf009c38f7ce2614e9a7d13d8c5efeace971cfe6939f95bc64df3c85af
SHA512 b850e9087c18e2b85d35599a8b26858608ec3634fe90507a78e4a8dfba7bacadb64cb61b7b834dbbe8a0b99e55c2500a9c6f511f34d642debba9f9d6cafb23ea

memory/2468-58-0x00007FF6DD480000-0x00007FF6DD7D4000-memory.dmp

memory/1020-65-0x00007FF6E3810000-0x00007FF6E3B64000-memory.dmp

C:\Windows\System\USoUBND.exe

MD5 9bee72ff3955df3e72b8b643a9174c54
SHA1 b833fb26bd11ead80bba6e3b34f6ce0fd8b63fb8
SHA256 2eda5faa40d86cebd07fd0a75dbabf4314c9bf29a589ce5528931f6d0952a185
SHA512 33694ada3c4a2b5f0f2fe5c2efb54d0ddfa46cdd2d40b43c20e52808bbc530b3a07884211731cfc2089714883acda8e49e8c229f5a809c199873d5e7a71cf197

C:\Windows\System\BBhykXd.exe

MD5 219d2a4a5d94c43ef73a860d080b1d2c
SHA1 d8fa05c606c168b1d0a7096726bbeec382502fbc
SHA256 e9c7f7f27eb480c2cf8bf0b880f07b932befc1c73d17257431332496ce45d63a
SHA512 221a3a18a5944a4cf6f0fe374150590a940a8d4f25f6166f26a0f3706ef141053099a00483f8eb112c5697320db13e1f87b44cb5b4d60372083aca736c84b40e

memory/3208-87-0x00007FF765290000-0x00007FF7655E4000-memory.dmp

memory/4896-95-0x00007FF76C8C0000-0x00007FF76CC14000-memory.dmp

C:\Windows\System\xotxQEr.exe

MD5 66f07bb629d70693cc27830f66f66e7e
SHA1 6b4d9df38bedc09a76b3f04fc3308a16e6c648c1
SHA256 6fe0ab7d13c96c906cae2149c9ad919de05a19eb9c464d56f133069c8fe5e89c
SHA512 20fa0dbd649abd79343ed794b1d4bc7d1f2f8a4eb049408a48c6abea4c95953b3d8c4a0e9007f2fedd853a76d4bede6e26ee27e30345cfc1df275bf192798188

C:\Windows\System\YoPASIT.exe

MD5 ed12a56ee872d5657841b6f632445932
SHA1 66b874498ad7375542a53b33ab6cb67e3c3e5514
SHA256 1ff0f78f3c6fba1597cd4287a065d7ff343f309451a52cda46cc7db7818299ae
SHA512 e0a70a275986ce147a9fb4193d1a28f183cf13d47364450afb426a3ed553b6d0ca956e98a35b0287ad3e3d34d09d585848bdcaeed68ce68a354451985e5f325b

C:\Windows\System\UBfhyTx.exe

MD5 7beed48ee7fc2ad2f24958a4bf13d68b
SHA1 73747f76fdf8a1ca2915738419a2f344003e040d
SHA256 ecd3020d9523c8872ec2ace12c3e2febc24d577372f3dc45a98198067175950b
SHA512 84fc52684b9621af44c4becdbe7efa9393aa770d1794fbbf38494e1b528a9e7156b13aca88f550c02c2951e81d34b57f4de4264ad9685ad31483c069fd9e2e53

memory/4980-682-0x00007FF7BE620000-0x00007FF7BE974000-memory.dmp

memory/1972-683-0x00007FF64CA40000-0x00007FF64CD94000-memory.dmp

memory/4412-685-0x00007FF6966D0000-0x00007FF696A24000-memory.dmp

memory/4492-684-0x00007FF7837B0000-0x00007FF783B04000-memory.dmp

memory/2504-686-0x00007FF6B5490000-0x00007FF6B57E4000-memory.dmp

memory/4188-687-0x00007FF63DB70000-0x00007FF63DEC4000-memory.dmp

memory/1012-695-0x00007FF613990000-0x00007FF613CE4000-memory.dmp

memory/944-705-0x00007FF784790000-0x00007FF784AE4000-memory.dmp

memory/1548-712-0x00007FF765CE0000-0x00007FF766034000-memory.dmp

memory/4044-718-0x00007FF693280000-0x00007FF6935D4000-memory.dmp

memory/1632-709-0x00007FF7DFB30000-0x00007FF7DFE84000-memory.dmp

memory/4796-701-0x00007FF7EB260000-0x00007FF7EB5B4000-memory.dmp

memory/520-698-0x00007FF7CFD10000-0x00007FF7D0064000-memory.dmp

memory/5004-691-0x00007FF61A940000-0x00007FF61AC94000-memory.dmp

memory/1708-688-0x00007FF6D2D20000-0x00007FF6D3074000-memory.dmp

memory/3796-1078-0x00007FF729EF0000-0x00007FF72A244000-memory.dmp

memory/1484-1084-0x00007FF6951C0000-0x00007FF695514000-memory.dmp

C:\Windows\System\SlUcWmu.exe

MD5 3427109937fb716ebfbc3535177c62b4
SHA1 4b6bb579feadda32e63742d740278f7dd9b6fe8f
SHA256 78035e14263966a24260f8dc17ed48b7ab0fffca83115b18c8e4d790b2292f8c
SHA512 bb218f241fdf9552a5c3f2df649e63ae355fcb65422a7fce88b5bde52ad5826f568b49fdc33376aeaba65b0c9f511af3b1cd50ff5323dcdc79869cbaa561530a

C:\Windows\System\iPxExxU.exe

MD5 9bc2d9896c32bde4b63582c354077689
SHA1 d077d66138c508092a84e04a6aee8e3d76409597
SHA256 830c6482e345462d1b07d5c433ac9ff80b463a84880c0a893ad32f05768b8096
SHA512 4ca85935cba05a7577d54d090d07787a9fbbfcb6501342c2062992fab4a82cd36dc7578a3b81976d154b8384a43da3c605a5291618627841b9b373a30988415a

C:\Windows\System\mTFyaKC.exe

MD5 959b756e949838d20459c072d57045db
SHA1 f7d2848e64827311711afdb5c81994e6c5ebe202
SHA256 98e7b8fbd1c490a837cd72fd30f221b53d9b22887e204cc852a091d0eb60cb41
SHA512 0814c069107b9a15f62acd56246074bbc19b5b281158f9b2d0db56f049bcffc39999378b5cc7a7e390e4fb7acfeae27359ecdd1ec824252722df06e9b172105f

C:\Windows\System\cXPBZZq.exe

MD5 93084b1b52a54762a439665df5f564f2
SHA1 6cb87a7e692fcaf08557716cc61d529baf47c207
SHA256 0cc04a26eb1f857c6d27810bc86edc1dc8d42e867376c69ec9c54b926d279a1a
SHA512 0d3e3709adb82a8768d4240ecbf30bf09749179cb18e3bbcc9866c415815795f89634710266532df22fcc20341e8c86fc03427f373623252433a1caf1cf13365

C:\Windows\System\wlknYiY.exe

MD5 a5c14cb3ee3d416e692934af2489dd4d
SHA1 9ee2045dcfde103bb33a8ea9cfa8bc7993fcf497
SHA256 233b692255d5814ce5401f4ab6195382fc68cc253671ab6827a5678d9c2e010a
SHA512 eb98a7a18c5733652ae8b7065b8c4e57c381c851401630ea877fb71f498848a4e7c03573b357c71c9c3d2a5e55c36acd907e17dcacf885c4ac02b924e030aef1

C:\Windows\System\fMRaFIs.exe

MD5 f1a958fae8f99964c41aee8afc06a449
SHA1 0145a0d10a649be3c5f37c986c1faa9d41735509
SHA256 0c174b50993545501d03e7563128826b6e1654239a3309a40db11edc3dd36151
SHA512 3bd60251f18f529bb88cbdbc9a8752f8ec3a77e0b203967fdb73e81e62028b22e4f7f457f4b043e10b597f6da99ea87078c089b60d281853ecb8999077d5ff7e

C:\Windows\System\rPClbSe.exe

MD5 281440120081e7030bda9170fda16bf6
SHA1 843961acc1b788048fee6d708d9d8933becf4d95
SHA256 d15e8b94e8069bedb0ef9bb1fcdada04508a4a611d863f3d5b29aace112bd5a8
SHA512 9730487a743248aee1fbc0547f08ef3e4c2461a8d51a6502b34833fef773740f2cfb48bb00c8c7aa4726f92a497ba1c99c9460c7cfb5f4edd250aab773cad8cb

C:\Windows\System\YDJCdqn.exe

MD5 0db5dea3c2bb21252dc61f18cddbdac3
SHA1 27f7029420d548bcd61459378c0d2f08ddf00845
SHA256 2e638a851ba788e850a0ebfaff9191d17f8f3acfbf195c5526b846e022cff36f
SHA512 3947f2cd151673877f8c22df426204ab6e4b7748f3eb7efef17924a667b44cfb97b8b11883aa4e57b9d4bc07626bc2cdee680a8b0c5d3dfcdd845ed080c7ba08

C:\Windows\System\ymubAtw.exe

MD5 9da5e088be9e40b29004567609b3944b
SHA1 23d6d5b43e75edaad911ef16958f1a049bc79ee6
SHA256 6f8d075b9a5ff5f5bbd087503acd2e8d0396d3633a81b69d2c3d0b99b75b1a23
SHA512 5390e76a21283707151082853cf4198e6230cc6cfbf9f3db98ce438131917cba0f9d950c973d40c8313558b580bd23b1d263a8438ec1f4692472c508b97ffafc

C:\Windows\System\VrEpMeV.exe

MD5 b5dbbb3bca2d07d314fabdef72e2786b
SHA1 06562de6ba9a6d30940c4596ebf4d2e9b3a00482
SHA256 c8d7e9507fa72d3ff4de82af5def2fa3a0c865f907f612303e9d00f1f227ce34
SHA512 e8e3e6b936565e025200c86a30e344f1f1c42f2865db99774af9ef27eb2020a7f01a5621fef29216db5277e7245b283f8d28ed9249b9c69811fe08ebaf5b4371

C:\Windows\System\aysZgNL.exe

MD5 cc4a48a2942c691837138e3b0b6897e2
SHA1 270b55f2946aa3ee3406ac7c7fc38b1943742182
SHA256 0fde43ddb05ae968903a3fef5243a304a1581d82fcc26630f3d2e1786c1d7c86
SHA512 b3f1a54af8c790b42476ec3fec5c31c7b292ecd52f05e8cad0337664c0117dc69ee60d03bfecda973e4d1e7c55989aaeb8afefd5708da69eb6d439bc9fb9c45a

C:\Windows\System\LRibWjc.exe

MD5 62c501e7bc8e57aa2d3cbec0f60b7b51
SHA1 82dee947420a6507e6110506a65f2829cf85b633
SHA256 8edbcea98a42dd3f37a27ffc6e052ca724b7ed551fa3c1651b82b4374b41c9d6
SHA512 28b23316aeac35e0a3ef9a2c34dc0bf1f004fd87eb4c4d30cf182f951cb6249442b54a8169c752a6bf16db90abbe44877322e5140228db78adab06f627a98270

C:\Windows\System\gavPjtu.exe

MD5 2be3199bf5c2b9b4362d7fc532bdfc7b
SHA1 a6b4990923546c5cdffba997571a69c7ce9f691c
SHA256 f98de78f90cd234b42f74be3b4e8dfa200f4e7c47a2a9df4454e983c403b0536
SHA512 f1d07cc359fbc2d72930c8ce9e23b3b79d47df7838ac630c972d6d02406d9e5e6f522ba0c930a797143a4289cf7c4d48c59431b032f52e8dc748d99e437ce466

C:\Windows\System\zUEOTSG.exe

MD5 748df8187434f38bcfba072eb10bf0fe
SHA1 d8c2d2bebfdbe0f8962b653ba77780aa233aeb33
SHA256 0dfe5411d8c54c592577dd44e9fb92e5bbb8cd6bd0f800f548d6ad3a296ed05a
SHA512 9840e8e3efe9b24cbddcb2dd888d970af83884a291fc89df62c8f5c297e832a77d19b532b2d6f6ef3aa7246e90b99f01262ad6fb7c3d620aaabf6b787a347c71

C:\Windows\System\cyifIXZ.exe

MD5 ddd1cc55214ea9fa84afffa4eaa8750f
SHA1 10bfe070cdd72040d9bf9cb2711a05ca8fdb80fc
SHA256 810e764967ff2d30ab3246c45a1305f78793dd781fc496a9994c4b9bfc51bc25
SHA512 e472e9e709d653276559941229d24bc03c4bfb27e018d227a88cba7850f562425660b95bdf2885eac822a13f97acb2296ae361e67620cbd55c2392ec51dbc012

C:\Windows\System\UySdzAk.exe

MD5 48cd4928751ce1140a82a5c8c9445cff
SHA1 ca1be8077a34dc2186b898273034aca13ef53a1e
SHA256 07f4d5761f27a5059e46d904ec81520cc44d6088d73746c98475101bbff7942f
SHA512 40f1bbe9017f0c03c0c144f9549d1d94554e890d0624894ad3d87fa2e06fdfdb44c41953fc0bccecf27d2ec646a73e8a5c88dd961707310255291e5d28f4c6f9

memory/632-94-0x00007FF7E9260000-0x00007FF7E95B4000-memory.dmp

memory/2264-93-0x00007FF6606B0000-0x00007FF660A04000-memory.dmp

memory/556-88-0x00007FF693A80000-0x00007FF693DD4000-memory.dmp

memory/4976-82-0x00007FF600DD0000-0x00007FF601124000-memory.dmp

C:\Windows\System\zUIeEzW.exe

MD5 ba874b5660ba73432e7f5b07d8fbbd99
SHA1 de0390c3a9519960e5573a8c538ae47ac683b253
SHA256 3f16e7ce401740e35176580430973bf3d9153d536f21d5c965adc0193c81b764
SHA512 aa4dac63ef9e406bc0cd52dc0bbe00c6cebe1502eef16bec9e59be63e4c997f1e9ad96a7ebc77c9b41e6985b62fe52aa3195a909db54872f312834214d1629fc

memory/2888-77-0x00007FF658C00000-0x00007FF658F54000-memory.dmp

C:\Windows\System\MmhzPFE.exe

MD5 14b9c29979bba81de15446a1bcb2b147
SHA1 920b43f368b1af9bac221da3318261fd50720bb5
SHA256 e3a45e22016c8a56bbc285e33e895c98715112e0dfa96f7e039e3283e4e379b6
SHA512 3340d2b3f07285f74de3e37dc4903cfa3f51c2fa8d79a10c39f68779a014e0b687c4e8fa497c2eceb259b1225657c9a5dda2368ad332d426221ae29b79f8abe1

C:\Windows\System\cSbHYCB.exe

MD5 83b4bf4021f6b69b0b97eb6875d9692d
SHA1 7d914807055fe10a707b7319a79d847dfbc92388
SHA256 7128324eaa9d15819436d163b5060bd532ecc35720a3f350a5094269ccb4ed91
SHA512 364c2856da1c937447925017212bc34116ea6e71b7b623652d43b74ac1fbe3300ce28354bd2a22a94509e688caf7d38dfd3e88fcc28c9870f6ad7ff263f20fa0

memory/1968-69-0x00007FF691410000-0x00007FF691764000-memory.dmp

C:\Windows\System\NiwXldn.exe

MD5 812a6ed31e14c09a50aacc54d5af65f9
SHA1 d68ce6a7317a4b09208ed8b939934e69d3b2fdbb
SHA256 8af5577f5d8b7b69974c4ecb7acb4cfeddbd614bb2c0a30533c97f1ecaad2a73
SHA512 c6a6fa2c078f0b6e6a85ac42a10b258044184bb6a3d0c4ee726a6548c50d6c6260f5df50558d64fd1db7221497f31ab162fdeaec44a2c3d71878cab3285f9aa0

memory/3120-53-0x00007FF649F70000-0x00007FF64A2C4000-memory.dmp

memory/1540-50-0x00007FF7E7A70000-0x00007FF7E7DC4000-memory.dmp

C:\Windows\System\ItjzOQD.exe

MD5 6d55d053d20d2dd59f2421d8a583a45e
SHA1 c49dceaa7e591900543161ce7b22d722b83b5b0a
SHA256 aabf3ae069269d02b9fe386f9f69a0e6da2f8317144c315363ad4c30cb88f639
SHA512 f2e8de9c051824d8a19e311ec7e0dc245ff5a9067454bf274ef865fbc8ba89a2b35edd3c130c29bcb94bb695cfcbd68ffa312eea3a2ab517ac969fbb66b6faba

memory/5048-41-0x00007FF7B8F60000-0x00007FF7B92B4000-memory.dmp

memory/1484-36-0x00007FF6951C0000-0x00007FF695514000-memory.dmp

memory/3796-32-0x00007FF729EF0000-0x00007FF72A244000-memory.dmp

memory/4980-26-0x00007FF7BE620000-0x00007FF7BE974000-memory.dmp

C:\Windows\System\cGDmspW.exe

MD5 7be0f4e736e7d924925d93128cd65d18
SHA1 e04e73f91eb188a24323f82c30091314dd47336b
SHA256 8747895cfa7ca974437325793f50bfb9e28168421c8b77a712660ee1d41f101f
SHA512 65bd21185a795fbdf6269586e57afa1daaf16b2e52b78a16f65902fd078f551ae568e8e00927fc44426fcbb3b022cd04eec42f295475ee1510a658c9bef8a5d4

C:\Windows\System\WlAOOMs.exe

MD5 e805e706f5a9fb701df2ef7e0fe656f8
SHA1 cac1cdd26c9de9ce2cd2384105f2e90dfe779cec
SHA256 fbbca4a6c63a98b4ceeec45a47a3fb51528afd51747570656528606137b3a762
SHA512 11591377577f1a79e87cc70ab9d296b228b713f12ae03dc11692d56fd660620c411261754df9e9cd5776dff6c470401e939edafa94fc94530170607f5f61f65f

memory/632-19-0x00007FF7E9260000-0x00007FF7E95B4000-memory.dmp

memory/2264-14-0x00007FF6606B0000-0x00007FF660A04000-memory.dmp

memory/2468-1859-0x00007FF6DD480000-0x00007FF6DD7D4000-memory.dmp

memory/3120-1856-0x00007FF649F70000-0x00007FF64A2C4000-memory.dmp

memory/2888-2154-0x00007FF658C00000-0x00007FF658F54000-memory.dmp

memory/3208-2155-0x00007FF765290000-0x00007FF7655E4000-memory.dmp

memory/4976-2156-0x00007FF600DD0000-0x00007FF601124000-memory.dmp

memory/4896-2157-0x00007FF76C8C0000-0x00007FF76CC14000-memory.dmp

memory/2264-2158-0x00007FF6606B0000-0x00007FF660A04000-memory.dmp

memory/632-2159-0x00007FF7E9260000-0x00007FF7E95B4000-memory.dmp

memory/3796-2161-0x00007FF729EF0000-0x00007FF72A244000-memory.dmp

memory/4980-2160-0x00007FF7BE620000-0x00007FF7BE974000-memory.dmp

memory/1540-2163-0x00007FF7E7A70000-0x00007FF7E7DC4000-memory.dmp

memory/5048-2162-0x00007FF7B8F60000-0x00007FF7B92B4000-memory.dmp

memory/1484-2164-0x00007FF6951C0000-0x00007FF695514000-memory.dmp

memory/2468-2165-0x00007FF6DD480000-0x00007FF6DD7D4000-memory.dmp

memory/3120-2166-0x00007FF649F70000-0x00007FF64A2C4000-memory.dmp

memory/1968-2167-0x00007FF691410000-0x00007FF691764000-memory.dmp

memory/1020-2168-0x00007FF6E3810000-0x00007FF6E3B64000-memory.dmp

memory/3208-2171-0x00007FF765290000-0x00007FF7655E4000-memory.dmp

memory/2888-2170-0x00007FF658C00000-0x00007FF658F54000-memory.dmp

memory/4976-2169-0x00007FF600DD0000-0x00007FF601124000-memory.dmp

memory/4188-2177-0x00007FF63DB70000-0x00007FF63DEC4000-memory.dmp

memory/4492-2175-0x00007FF7837B0000-0x00007FF783B04000-memory.dmp

memory/1708-2178-0x00007FF6D2D20000-0x00007FF6D3074000-memory.dmp

memory/1972-2174-0x00007FF64CA40000-0x00007FF64CD94000-memory.dmp

memory/2504-2176-0x00007FF6B5490000-0x00007FF6B57E4000-memory.dmp

memory/4412-2173-0x00007FF6966D0000-0x00007FF696A24000-memory.dmp

memory/4896-2172-0x00007FF76C8C0000-0x00007FF76CC14000-memory.dmp

memory/5004-2184-0x00007FF61A940000-0x00007FF61AC94000-memory.dmp

memory/1632-2183-0x00007FF7DFB30000-0x00007FF7DFE84000-memory.dmp

memory/4044-2186-0x00007FF693280000-0x00007FF6935D4000-memory.dmp

memory/4796-2182-0x00007FF7EB260000-0x00007FF7EB5B4000-memory.dmp

memory/944-2181-0x00007FF784790000-0x00007FF784AE4000-memory.dmp

memory/1548-2185-0x00007FF765CE0000-0x00007FF766034000-memory.dmp

memory/520-2180-0x00007FF7CFD10000-0x00007FF7D0064000-memory.dmp

memory/1012-2179-0x00007FF613990000-0x00007FF613CE4000-memory.dmp