Malware Analysis Report

2024-09-10 20:10

Sample ID 240613-3vm14azdnk
Target 91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe
SHA256 fb2709f6a8447876824b3baf967d0ee5cfe47af4adcdef5dfec037f504fbe213
Tags
miner upx xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fb2709f6a8447876824b3baf967d0ee5cfe47af4adcdef5dfec037f504fbe213

Threat Level: Known bad

The file 91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:50

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:50

Reported

2024-06-13 23:52

Platform

win7-20240221-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ugAtHHh.exe N/A
N/A N/A C:\Windows\System\zYhpbqO.exe N/A
N/A N/A C:\Windows\System\byCOIHu.exe N/A
N/A N/A C:\Windows\System\ORBkYca.exe N/A
N/A N/A C:\Windows\System\mtUtHYg.exe N/A
N/A N/A C:\Windows\System\bFOXiqv.exe N/A
N/A N/A C:\Windows\System\zFdsFEd.exe N/A
N/A N/A C:\Windows\System\zZuOIoC.exe N/A
N/A N/A C:\Windows\System\NkRLCyB.exe N/A
N/A N/A C:\Windows\System\RkyKtis.exe N/A
N/A N/A C:\Windows\System\XmipvBp.exe N/A
N/A N/A C:\Windows\System\aUehbhr.exe N/A
N/A N/A C:\Windows\System\qwzimtq.exe N/A
N/A N/A C:\Windows\System\zcQKHrK.exe N/A
N/A N/A C:\Windows\System\eWyvnyP.exe N/A
N/A N/A C:\Windows\System\DVaRRhh.exe N/A
N/A N/A C:\Windows\System\aYptTgN.exe N/A
N/A N/A C:\Windows\System\WgSCPkr.exe N/A
N/A N/A C:\Windows\System\bsRnZzX.exe N/A
N/A N/A C:\Windows\System\emMLnWe.exe N/A
N/A N/A C:\Windows\System\pAwwGcY.exe N/A
N/A N/A C:\Windows\System\sPvnAQZ.exe N/A
N/A N/A C:\Windows\System\qCQycOw.exe N/A
N/A N/A C:\Windows\System\vcujauW.exe N/A
N/A N/A C:\Windows\System\kPFJFMr.exe N/A
N/A N/A C:\Windows\System\OMaVBbs.exe N/A
N/A N/A C:\Windows\System\DvImChk.exe N/A
N/A N/A C:\Windows\System\LYFKVNp.exe N/A
N/A N/A C:\Windows\System\syhvXmg.exe N/A
N/A N/A C:\Windows\System\UiQhOON.exe N/A
N/A N/A C:\Windows\System\RYmOvAP.exe N/A
N/A N/A C:\Windows\System\YRlUpAO.exe N/A
N/A N/A C:\Windows\System\joStRKe.exe N/A
N/A N/A C:\Windows\System\ybfcABN.exe N/A
N/A N/A C:\Windows\System\jZuvAff.exe N/A
N/A N/A C:\Windows\System\eayzCXO.exe N/A
N/A N/A C:\Windows\System\JdPcDfz.exe N/A
N/A N/A C:\Windows\System\gzLRhsG.exe N/A
N/A N/A C:\Windows\System\LDNaUmn.exe N/A
N/A N/A C:\Windows\System\trmKLjc.exe N/A
N/A N/A C:\Windows\System\GaqyoyP.exe N/A
N/A N/A C:\Windows\System\HLrOtPJ.exe N/A
N/A N/A C:\Windows\System\WyqIYzh.exe N/A
N/A N/A C:\Windows\System\zDgHnRE.exe N/A
N/A N/A C:\Windows\System\LeFZtjZ.exe N/A
N/A N/A C:\Windows\System\eSJZkbF.exe N/A
N/A N/A C:\Windows\System\GFdgrZX.exe N/A
N/A N/A C:\Windows\System\HkjCPTN.exe N/A
N/A N/A C:\Windows\System\fSFtnPW.exe N/A
N/A N/A C:\Windows\System\YRDUtAj.exe N/A
N/A N/A C:\Windows\System\CvLKhPG.exe N/A
N/A N/A C:\Windows\System\iWYoduL.exe N/A
N/A N/A C:\Windows\System\ZCgbdcZ.exe N/A
N/A N/A C:\Windows\System\SaBspZj.exe N/A
N/A N/A C:\Windows\System\KnWyajK.exe N/A
N/A N/A C:\Windows\System\USSGJkO.exe N/A
N/A N/A C:\Windows\System\VxeTnaP.exe N/A
N/A N/A C:\Windows\System\pEmyUDM.exe N/A
N/A N/A C:\Windows\System\whKnzKl.exe N/A
N/A N/A C:\Windows\System\fdYTIBr.exe N/A
N/A N/A C:\Windows\System\RlwiIUD.exe N/A
N/A N/A C:\Windows\System\jtVortb.exe N/A
N/A N/A C:\Windows\System\flYpozO.exe N/A
N/A N/A C:\Windows\System\lHcImkG.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\CYBQTQz.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\fMmfbWd.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTQOcwf.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\kUxaIYU.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTdHZNc.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\ooagQQx.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhHDgaN.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSOEczn.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\TinrgGV.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\aPAUhGW.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\bVSJQBd.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\pODOqTX.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGlTCDv.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\AaqrxvS.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\kVGaVdh.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmUsAAe.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLrOtPJ.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\GnoFofP.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjTXlsF.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFHdeNK.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\pUDIcbv.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\WOJygoV.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\RjBhQbf.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\mobtyAz.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLPbSwR.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\crwbicy.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\shLiUvq.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\HhFEcGb.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClzAyYq.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\tjJTDHZ.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkJqjRB.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\KusrxrP.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\cGbWJiY.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPzkatS.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\SrvYrKb.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\xAYqkcn.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\sNKFxtb.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\zGaxulm.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\zcQKHrK.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhzPkbz.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCmcjqy.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\jizbQSx.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\hbAnlZp.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\dyTnvBI.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVjEecL.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\MRbURJl.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\uaJqNmD.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\kQraard.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\WelXIqw.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdjxThI.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsbnTXz.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGUjlXu.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\VllUBnM.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBrBHDu.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\EgJcehZ.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\uASPYZI.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\UEflMWA.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgHsSGV.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\SXJXeJZ.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBkdUqQ.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\woomPTx.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRjZXMg.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\NuNjjnY.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfpfsCU.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2452 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ugAtHHh.exe
PID 2452 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ugAtHHh.exe
PID 2452 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ugAtHHh.exe
PID 2452 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\byCOIHu.exe
PID 2452 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\byCOIHu.exe
PID 2452 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\byCOIHu.exe
PID 2452 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zYhpbqO.exe
PID 2452 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zYhpbqO.exe
PID 2452 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zYhpbqO.exe
PID 2452 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ORBkYca.exe
PID 2452 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ORBkYca.exe
PID 2452 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ORBkYca.exe
PID 2452 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\bFOXiqv.exe
PID 2452 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\bFOXiqv.exe
PID 2452 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\bFOXiqv.exe
PID 2452 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\mtUtHYg.exe
PID 2452 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\mtUtHYg.exe
PID 2452 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\mtUtHYg.exe
PID 2452 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zZuOIoC.exe
PID 2452 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zZuOIoC.exe
PID 2452 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zZuOIoC.exe
PID 2452 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zFdsFEd.exe
PID 2452 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zFdsFEd.exe
PID 2452 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zFdsFEd.exe
PID 2452 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\XmipvBp.exe
PID 2452 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\XmipvBp.exe
PID 2452 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\XmipvBp.exe
PID 2452 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\NkRLCyB.exe
PID 2452 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\NkRLCyB.exe
PID 2452 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\NkRLCyB.exe
PID 2452 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\aUehbhr.exe
PID 2452 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\aUehbhr.exe
PID 2452 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\aUehbhr.exe
PID 2452 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\RkyKtis.exe
PID 2452 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\RkyKtis.exe
PID 2452 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\RkyKtis.exe
PID 2452 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\qwzimtq.exe
PID 2452 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\qwzimtq.exe
PID 2452 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\qwzimtq.exe
PID 2452 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zcQKHrK.exe
PID 2452 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zcQKHrK.exe
PID 2452 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zcQKHrK.exe
PID 2452 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\eWyvnyP.exe
PID 2452 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\eWyvnyP.exe
PID 2452 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\eWyvnyP.exe
PID 2452 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\DVaRRhh.exe
PID 2452 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\DVaRRhh.exe
PID 2452 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\DVaRRhh.exe
PID 2452 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\aYptTgN.exe
PID 2452 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\aYptTgN.exe
PID 2452 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\aYptTgN.exe
PID 2452 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\WgSCPkr.exe
PID 2452 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\WgSCPkr.exe
PID 2452 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\WgSCPkr.exe
PID 2452 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\bsRnZzX.exe
PID 2452 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\bsRnZzX.exe
PID 2452 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\bsRnZzX.exe
PID 2452 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\emMLnWe.exe
PID 2452 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\emMLnWe.exe
PID 2452 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\emMLnWe.exe
PID 2452 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\pAwwGcY.exe
PID 2452 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\pAwwGcY.exe
PID 2452 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\pAwwGcY.exe
PID 2452 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\sPvnAQZ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe"

C:\Windows\System\ugAtHHh.exe

C:\Windows\System\ugAtHHh.exe

C:\Windows\System\byCOIHu.exe

C:\Windows\System\byCOIHu.exe

C:\Windows\System\zYhpbqO.exe

C:\Windows\System\zYhpbqO.exe

C:\Windows\System\ORBkYca.exe

C:\Windows\System\ORBkYca.exe

C:\Windows\System\bFOXiqv.exe

C:\Windows\System\bFOXiqv.exe

C:\Windows\System\mtUtHYg.exe

C:\Windows\System\mtUtHYg.exe

C:\Windows\System\zZuOIoC.exe

C:\Windows\System\zZuOIoC.exe

C:\Windows\System\zFdsFEd.exe

C:\Windows\System\zFdsFEd.exe

C:\Windows\System\XmipvBp.exe

C:\Windows\System\XmipvBp.exe

C:\Windows\System\NkRLCyB.exe

C:\Windows\System\NkRLCyB.exe

C:\Windows\System\aUehbhr.exe

C:\Windows\System\aUehbhr.exe

C:\Windows\System\RkyKtis.exe

C:\Windows\System\RkyKtis.exe

C:\Windows\System\qwzimtq.exe

C:\Windows\System\qwzimtq.exe

C:\Windows\System\zcQKHrK.exe

C:\Windows\System\zcQKHrK.exe

C:\Windows\System\eWyvnyP.exe

C:\Windows\System\eWyvnyP.exe

C:\Windows\System\DVaRRhh.exe

C:\Windows\System\DVaRRhh.exe

C:\Windows\System\aYptTgN.exe

C:\Windows\System\aYptTgN.exe

C:\Windows\System\WgSCPkr.exe

C:\Windows\System\WgSCPkr.exe

C:\Windows\System\bsRnZzX.exe

C:\Windows\System\bsRnZzX.exe

C:\Windows\System\emMLnWe.exe

C:\Windows\System\emMLnWe.exe

C:\Windows\System\pAwwGcY.exe

C:\Windows\System\pAwwGcY.exe

C:\Windows\System\sPvnAQZ.exe

C:\Windows\System\sPvnAQZ.exe

C:\Windows\System\qCQycOw.exe

C:\Windows\System\qCQycOw.exe

C:\Windows\System\vcujauW.exe

C:\Windows\System\vcujauW.exe

C:\Windows\System\kPFJFMr.exe

C:\Windows\System\kPFJFMr.exe

C:\Windows\System\OMaVBbs.exe

C:\Windows\System\OMaVBbs.exe

C:\Windows\System\DvImChk.exe

C:\Windows\System\DvImChk.exe

C:\Windows\System\LYFKVNp.exe

C:\Windows\System\LYFKVNp.exe

C:\Windows\System\RYmOvAP.exe

C:\Windows\System\RYmOvAP.exe

C:\Windows\System\syhvXmg.exe

C:\Windows\System\syhvXmg.exe

C:\Windows\System\YRlUpAO.exe

C:\Windows\System\YRlUpAO.exe

C:\Windows\System\UiQhOON.exe

C:\Windows\System\UiQhOON.exe

C:\Windows\System\joStRKe.exe

C:\Windows\System\joStRKe.exe

C:\Windows\System\ybfcABN.exe

C:\Windows\System\ybfcABN.exe

C:\Windows\System\jZuvAff.exe

C:\Windows\System\jZuvAff.exe

C:\Windows\System\eayzCXO.exe

C:\Windows\System\eayzCXO.exe

C:\Windows\System\JdPcDfz.exe

C:\Windows\System\JdPcDfz.exe

C:\Windows\System\gzLRhsG.exe

C:\Windows\System\gzLRhsG.exe

C:\Windows\System\LDNaUmn.exe

C:\Windows\System\LDNaUmn.exe

C:\Windows\System\trmKLjc.exe

C:\Windows\System\trmKLjc.exe

C:\Windows\System\GaqyoyP.exe

C:\Windows\System\GaqyoyP.exe

C:\Windows\System\HLrOtPJ.exe

C:\Windows\System\HLrOtPJ.exe

C:\Windows\System\WyqIYzh.exe

C:\Windows\System\WyqIYzh.exe

C:\Windows\System\zDgHnRE.exe

C:\Windows\System\zDgHnRE.exe

C:\Windows\System\LeFZtjZ.exe

C:\Windows\System\LeFZtjZ.exe

C:\Windows\System\eSJZkbF.exe

C:\Windows\System\eSJZkbF.exe

C:\Windows\System\GFdgrZX.exe

C:\Windows\System\GFdgrZX.exe

C:\Windows\System\HkjCPTN.exe

C:\Windows\System\HkjCPTN.exe

C:\Windows\System\fSFtnPW.exe

C:\Windows\System\fSFtnPW.exe

C:\Windows\System\YRDUtAj.exe

C:\Windows\System\YRDUtAj.exe

C:\Windows\System\CvLKhPG.exe

C:\Windows\System\CvLKhPG.exe

C:\Windows\System\iWYoduL.exe

C:\Windows\System\iWYoduL.exe

C:\Windows\System\ZCgbdcZ.exe

C:\Windows\System\ZCgbdcZ.exe

C:\Windows\System\SaBspZj.exe

C:\Windows\System\SaBspZj.exe

C:\Windows\System\KnWyajK.exe

C:\Windows\System\KnWyajK.exe

C:\Windows\System\USSGJkO.exe

C:\Windows\System\USSGJkO.exe

C:\Windows\System\VxeTnaP.exe

C:\Windows\System\VxeTnaP.exe

C:\Windows\System\pEmyUDM.exe

C:\Windows\System\pEmyUDM.exe

C:\Windows\System\whKnzKl.exe

C:\Windows\System\whKnzKl.exe

C:\Windows\System\fdYTIBr.exe

C:\Windows\System\fdYTIBr.exe

C:\Windows\System\RlwiIUD.exe

C:\Windows\System\RlwiIUD.exe

C:\Windows\System\jtVortb.exe

C:\Windows\System\jtVortb.exe

C:\Windows\System\flYpozO.exe

C:\Windows\System\flYpozO.exe

C:\Windows\System\lHcImkG.exe

C:\Windows\System\lHcImkG.exe

C:\Windows\System\gQKTkqo.exe

C:\Windows\System\gQKTkqo.exe

C:\Windows\System\QBdglIL.exe

C:\Windows\System\QBdglIL.exe

C:\Windows\System\JfHzDyj.exe

C:\Windows\System\JfHzDyj.exe

C:\Windows\System\xAxwKfD.exe

C:\Windows\System\xAxwKfD.exe

C:\Windows\System\oOCSXkG.exe

C:\Windows\System\oOCSXkG.exe

C:\Windows\System\dFgrqKZ.exe

C:\Windows\System\dFgrqKZ.exe

C:\Windows\System\dElAphr.exe

C:\Windows\System\dElAphr.exe

C:\Windows\System\kgsADmE.exe

C:\Windows\System\kgsADmE.exe

C:\Windows\System\hDhisCP.exe

C:\Windows\System\hDhisCP.exe

C:\Windows\System\ttCVinR.exe

C:\Windows\System\ttCVinR.exe

C:\Windows\System\nvWgJSA.exe

C:\Windows\System\nvWgJSA.exe

C:\Windows\System\oVjEecL.exe

C:\Windows\System\oVjEecL.exe

C:\Windows\System\uYnPgHz.exe

C:\Windows\System\uYnPgHz.exe

C:\Windows\System\OWtucWd.exe

C:\Windows\System\OWtucWd.exe

C:\Windows\System\TiNwoHF.exe

C:\Windows\System\TiNwoHF.exe

C:\Windows\System\ZdxCjjZ.exe

C:\Windows\System\ZdxCjjZ.exe

C:\Windows\System\xuqpkBl.exe

C:\Windows\System\xuqpkBl.exe

C:\Windows\System\atuTSUI.exe

C:\Windows\System\atuTSUI.exe

C:\Windows\System\ucGGkjS.exe

C:\Windows\System\ucGGkjS.exe

C:\Windows\System\wtJVCpW.exe

C:\Windows\System\wtJVCpW.exe

C:\Windows\System\BfMOtrp.exe

C:\Windows\System\BfMOtrp.exe

C:\Windows\System\QAmcOos.exe

C:\Windows\System\QAmcOos.exe

C:\Windows\System\yPUNADo.exe

C:\Windows\System\yPUNADo.exe

C:\Windows\System\DFujezB.exe

C:\Windows\System\DFujezB.exe

C:\Windows\System\MGMeeoT.exe

C:\Windows\System\MGMeeoT.exe

C:\Windows\System\asackQp.exe

C:\Windows\System\asackQp.exe

C:\Windows\System\QVOKqui.exe

C:\Windows\System\QVOKqui.exe

C:\Windows\System\TMOMmPL.exe

C:\Windows\System\TMOMmPL.exe

C:\Windows\System\wuJSoFk.exe

C:\Windows\System\wuJSoFk.exe

C:\Windows\System\dTKjEoO.exe

C:\Windows\System\dTKjEoO.exe

C:\Windows\System\dvgQmfe.exe

C:\Windows\System\dvgQmfe.exe

C:\Windows\System\oHTodCR.exe

C:\Windows\System\oHTodCR.exe

C:\Windows\System\FSUCOXO.exe

C:\Windows\System\FSUCOXO.exe

C:\Windows\System\kUrDnlw.exe

C:\Windows\System\kUrDnlw.exe

C:\Windows\System\dblNmGH.exe

C:\Windows\System\dblNmGH.exe

C:\Windows\System\VnujxNY.exe

C:\Windows\System\VnujxNY.exe

C:\Windows\System\lzJWkGi.exe

C:\Windows\System\lzJWkGi.exe

C:\Windows\System\qcvfYBZ.exe

C:\Windows\System\qcvfYBZ.exe

C:\Windows\System\fNrPzIn.exe

C:\Windows\System\fNrPzIn.exe

C:\Windows\System\DEOPaRp.exe

C:\Windows\System\DEOPaRp.exe

C:\Windows\System\lRjZXMg.exe

C:\Windows\System\lRjZXMg.exe

C:\Windows\System\SgfAZJZ.exe

C:\Windows\System\SgfAZJZ.exe

C:\Windows\System\OphiWyl.exe

C:\Windows\System\OphiWyl.exe

C:\Windows\System\crwbicy.exe

C:\Windows\System\crwbicy.exe

C:\Windows\System\fImPpRI.exe

C:\Windows\System\fImPpRI.exe

C:\Windows\System\WsbnTXz.exe

C:\Windows\System\WsbnTXz.exe

C:\Windows\System\yWFgCwy.exe

C:\Windows\System\yWFgCwy.exe

C:\Windows\System\XxpFxbG.exe

C:\Windows\System\XxpFxbG.exe

C:\Windows\System\tqmNIHD.exe

C:\Windows\System\tqmNIHD.exe

C:\Windows\System\ZRkGuPu.exe

C:\Windows\System\ZRkGuPu.exe

C:\Windows\System\mtBCCvA.exe

C:\Windows\System\mtBCCvA.exe

C:\Windows\System\DnCxYos.exe

C:\Windows\System\DnCxYos.exe

C:\Windows\System\khzEDxq.exe

C:\Windows\System\khzEDxq.exe

C:\Windows\System\VBIYLvb.exe

C:\Windows\System\VBIYLvb.exe

C:\Windows\System\cwUeGkx.exe

C:\Windows\System\cwUeGkx.exe

C:\Windows\System\sxjfboX.exe

C:\Windows\System\sxjfboX.exe

C:\Windows\System\KTbmKqe.exe

C:\Windows\System\KTbmKqe.exe

C:\Windows\System\tIhTflt.exe

C:\Windows\System\tIhTflt.exe

C:\Windows\System\snLJLQL.exe

C:\Windows\System\snLJLQL.exe

C:\Windows\System\JcPnPoM.exe

C:\Windows\System\JcPnPoM.exe

C:\Windows\System\IOnKupW.exe

C:\Windows\System\IOnKupW.exe

C:\Windows\System\xVvbTvU.exe

C:\Windows\System\xVvbTvU.exe

C:\Windows\System\YpyNKNb.exe

C:\Windows\System\YpyNKNb.exe

C:\Windows\System\kgflIBe.exe

C:\Windows\System\kgflIBe.exe

C:\Windows\System\RMgHjCN.exe

C:\Windows\System\RMgHjCN.exe

C:\Windows\System\yVWUWgs.exe

C:\Windows\System\yVWUWgs.exe

C:\Windows\System\wULaVMZ.exe

C:\Windows\System\wULaVMZ.exe

C:\Windows\System\YzSQRge.exe

C:\Windows\System\YzSQRge.exe

C:\Windows\System\jJEvEJs.exe

C:\Windows\System\jJEvEJs.exe

C:\Windows\System\fnQAhZV.exe

C:\Windows\System\fnQAhZV.exe

C:\Windows\System\DlyPyPz.exe

C:\Windows\System\DlyPyPz.exe

C:\Windows\System\GXJSlwE.exe

C:\Windows\System\GXJSlwE.exe

C:\Windows\System\KusrxrP.exe

C:\Windows\System\KusrxrP.exe

C:\Windows\System\WCxZybG.exe

C:\Windows\System\WCxZybG.exe

C:\Windows\System\qjUCGyt.exe

C:\Windows\System\qjUCGyt.exe

C:\Windows\System\SZJGMEE.exe

C:\Windows\System\SZJGMEE.exe

C:\Windows\System\ehaJSlk.exe

C:\Windows\System\ehaJSlk.exe

C:\Windows\System\DnlLKdv.exe

C:\Windows\System\DnlLKdv.exe

C:\Windows\System\PZANvtp.exe

C:\Windows\System\PZANvtp.exe

C:\Windows\System\kmSExUy.exe

C:\Windows\System\kmSExUy.exe

C:\Windows\System\jvzYlXg.exe

C:\Windows\System\jvzYlXg.exe

C:\Windows\System\MHsKgOR.exe

C:\Windows\System\MHsKgOR.exe

C:\Windows\System\fRqvvaW.exe

C:\Windows\System\fRqvvaW.exe

C:\Windows\System\lPeCbWp.exe

C:\Windows\System\lPeCbWp.exe

C:\Windows\System\uubRKKj.exe

C:\Windows\System\uubRKKj.exe

C:\Windows\System\wEqQRZp.exe

C:\Windows\System\wEqQRZp.exe

C:\Windows\System\ObsHGfX.exe

C:\Windows\System\ObsHGfX.exe

C:\Windows\System\QOZddLs.exe

C:\Windows\System\QOZddLs.exe

C:\Windows\System\HALjElp.exe

C:\Windows\System\HALjElp.exe

C:\Windows\System\cxkMGHP.exe

C:\Windows\System\cxkMGHP.exe

C:\Windows\System\HYukuJw.exe

C:\Windows\System\HYukuJw.exe

C:\Windows\System\vGvhUmL.exe

C:\Windows\System\vGvhUmL.exe

C:\Windows\System\wZRnLpB.exe

C:\Windows\System\wZRnLpB.exe

C:\Windows\System\ADawHqS.exe

C:\Windows\System\ADawHqS.exe

C:\Windows\System\CsCPUzQ.exe

C:\Windows\System\CsCPUzQ.exe

C:\Windows\System\NlRYrlR.exe

C:\Windows\System\NlRYrlR.exe

C:\Windows\System\hnmDpNd.exe

C:\Windows\System\hnmDpNd.exe

C:\Windows\System\uqNrxgq.exe

C:\Windows\System\uqNrxgq.exe

C:\Windows\System\BxltOTy.exe

C:\Windows\System\BxltOTy.exe

C:\Windows\System\LfPnEfs.exe

C:\Windows\System\LfPnEfs.exe

C:\Windows\System\KqyyEgZ.exe

C:\Windows\System\KqyyEgZ.exe

C:\Windows\System\QADsYia.exe

C:\Windows\System\QADsYia.exe

C:\Windows\System\SKpHjaW.exe

C:\Windows\System\SKpHjaW.exe

C:\Windows\System\ZaUChuv.exe

C:\Windows\System\ZaUChuv.exe

C:\Windows\System\scgcbpj.exe

C:\Windows\System\scgcbpj.exe

C:\Windows\System\uGFmcyG.exe

C:\Windows\System\uGFmcyG.exe

C:\Windows\System\XtCGCXu.exe

C:\Windows\System\XtCGCXu.exe

C:\Windows\System\rujezkq.exe

C:\Windows\System\rujezkq.exe

C:\Windows\System\EvSaQyH.exe

C:\Windows\System\EvSaQyH.exe

C:\Windows\System\NoWCgCU.exe

C:\Windows\System\NoWCgCU.exe

C:\Windows\System\OHIZZMb.exe

C:\Windows\System\OHIZZMb.exe

C:\Windows\System\oqFCOBH.exe

C:\Windows\System\oqFCOBH.exe

C:\Windows\System\SsTQPfn.exe

C:\Windows\System\SsTQPfn.exe

C:\Windows\System\XdjCyIN.exe

C:\Windows\System\XdjCyIN.exe

C:\Windows\System\EgJcehZ.exe

C:\Windows\System\EgJcehZ.exe

C:\Windows\System\cGbWJiY.exe

C:\Windows\System\cGbWJiY.exe

C:\Windows\System\HNsiXlA.exe

C:\Windows\System\HNsiXlA.exe

C:\Windows\System\MWrIriO.exe

C:\Windows\System\MWrIriO.exe

C:\Windows\System\NYrGKpS.exe

C:\Windows\System\NYrGKpS.exe

C:\Windows\System\KZzNocB.exe

C:\Windows\System\KZzNocB.exe

C:\Windows\System\SQcNvkY.exe

C:\Windows\System\SQcNvkY.exe

C:\Windows\System\BVCqEWL.exe

C:\Windows\System\BVCqEWL.exe

C:\Windows\System\xLayKRt.exe

C:\Windows\System\xLayKRt.exe

C:\Windows\System\WhzPkbz.exe

C:\Windows\System\WhzPkbz.exe

C:\Windows\System\xHZVTYN.exe

C:\Windows\System\xHZVTYN.exe

C:\Windows\System\SgidUWH.exe

C:\Windows\System\SgidUWH.exe

C:\Windows\System\cDEYtnd.exe

C:\Windows\System\cDEYtnd.exe

C:\Windows\System\gvHleta.exe

C:\Windows\System\gvHleta.exe

C:\Windows\System\BWioWuR.exe

C:\Windows\System\BWioWuR.exe

C:\Windows\System\BRUlmSc.exe

C:\Windows\System\BRUlmSc.exe

C:\Windows\System\tUJzXhr.exe

C:\Windows\System\tUJzXhr.exe

C:\Windows\System\hUOoCcP.exe

C:\Windows\System\hUOoCcP.exe

C:\Windows\System\fTQOcwf.exe

C:\Windows\System\fTQOcwf.exe

C:\Windows\System\dtEBCYX.exe

C:\Windows\System\dtEBCYX.exe

C:\Windows\System\QVGotRw.exe

C:\Windows\System\QVGotRw.exe

C:\Windows\System\NzFOBgH.exe

C:\Windows\System\NzFOBgH.exe

C:\Windows\System\rsfoAWl.exe

C:\Windows\System\rsfoAWl.exe

C:\Windows\System\ZwyzYZy.exe

C:\Windows\System\ZwyzYZy.exe

C:\Windows\System\lPzkatS.exe

C:\Windows\System\lPzkatS.exe

C:\Windows\System\XvagzMo.exe

C:\Windows\System\XvagzMo.exe

C:\Windows\System\kGDJbEN.exe

C:\Windows\System\kGDJbEN.exe

C:\Windows\System\QLxnNZm.exe

C:\Windows\System\QLxnNZm.exe

C:\Windows\System\GnoFofP.exe

C:\Windows\System\GnoFofP.exe

C:\Windows\System\sfNftYH.exe

C:\Windows\System\sfNftYH.exe

C:\Windows\System\IrgIoGJ.exe

C:\Windows\System\IrgIoGJ.exe

C:\Windows\System\elVfmza.exe

C:\Windows\System\elVfmza.exe

C:\Windows\System\pefdYIq.exe

C:\Windows\System\pefdYIq.exe

C:\Windows\System\FYkLkyW.exe

C:\Windows\System\FYkLkyW.exe

C:\Windows\System\AOvbjuZ.exe

C:\Windows\System\AOvbjuZ.exe

C:\Windows\System\SLhUxOt.exe

C:\Windows\System\SLhUxOt.exe

C:\Windows\System\QCQpdxf.exe

C:\Windows\System\QCQpdxf.exe

C:\Windows\System\nwGwTWI.exe

C:\Windows\System\nwGwTWI.exe

C:\Windows\System\dIqHnSe.exe

C:\Windows\System\dIqHnSe.exe

C:\Windows\System\zKrenJp.exe

C:\Windows\System\zKrenJp.exe

C:\Windows\System\zzUvZHW.exe

C:\Windows\System\zzUvZHW.exe

C:\Windows\System\inljbVp.exe

C:\Windows\System\inljbVp.exe

C:\Windows\System\BUzfCrK.exe

C:\Windows\System\BUzfCrK.exe

C:\Windows\System\udTEKhI.exe

C:\Windows\System\udTEKhI.exe

C:\Windows\System\yDZrgbL.exe

C:\Windows\System\yDZrgbL.exe

C:\Windows\System\zAVWFWk.exe

C:\Windows\System\zAVWFWk.exe

C:\Windows\System\FGMLdsR.exe

C:\Windows\System\FGMLdsR.exe

C:\Windows\System\mloFPRN.exe

C:\Windows\System\mloFPRN.exe

C:\Windows\System\XVcvRgS.exe

C:\Windows\System\XVcvRgS.exe

C:\Windows\System\wdkvBiL.exe

C:\Windows\System\wdkvBiL.exe

C:\Windows\System\hxxYvpU.exe

C:\Windows\System\hxxYvpU.exe

C:\Windows\System\livBaHp.exe

C:\Windows\System\livBaHp.exe

C:\Windows\System\gNDHkkH.exe

C:\Windows\System\gNDHkkH.exe

C:\Windows\System\lIkmwhR.exe

C:\Windows\System\lIkmwhR.exe

C:\Windows\System\ilReMMI.exe

C:\Windows\System\ilReMMI.exe

C:\Windows\System\zYZTKCz.exe

C:\Windows\System\zYZTKCz.exe

C:\Windows\System\BJZIWjM.exe

C:\Windows\System\BJZIWjM.exe

C:\Windows\System\GjaSZkV.exe

C:\Windows\System\GjaSZkV.exe

C:\Windows\System\qaAKDNm.exe

C:\Windows\System\qaAKDNm.exe

C:\Windows\System\zLYIGPm.exe

C:\Windows\System\zLYIGPm.exe

C:\Windows\System\sCENGcO.exe

C:\Windows\System\sCENGcO.exe

C:\Windows\System\DXzsuOH.exe

C:\Windows\System\DXzsuOH.exe

C:\Windows\System\nVwDWMd.exe

C:\Windows\System\nVwDWMd.exe

C:\Windows\System\eZYgFZs.exe

C:\Windows\System\eZYgFZs.exe

C:\Windows\System\ODMzZWr.exe

C:\Windows\System\ODMzZWr.exe

C:\Windows\System\QURTUeC.exe

C:\Windows\System\QURTUeC.exe

C:\Windows\System\MJczcbK.exe

C:\Windows\System\MJczcbK.exe

C:\Windows\System\WCmcjqy.exe

C:\Windows\System\WCmcjqy.exe

C:\Windows\System\xulaQDF.exe

C:\Windows\System\xulaQDF.exe

C:\Windows\System\RpxxAWC.exe

C:\Windows\System\RpxxAWC.exe

C:\Windows\System\KIFPdxr.exe

C:\Windows\System\KIFPdxr.exe

C:\Windows\System\CXhrppt.exe

C:\Windows\System\CXhrppt.exe

C:\Windows\System\bqsExVX.exe

C:\Windows\System\bqsExVX.exe

C:\Windows\System\LheuGSk.exe

C:\Windows\System\LheuGSk.exe

C:\Windows\System\uZENQOA.exe

C:\Windows\System\uZENQOA.exe

C:\Windows\System\WugfeBs.exe

C:\Windows\System\WugfeBs.exe

C:\Windows\System\zwLDpVC.exe

C:\Windows\System\zwLDpVC.exe

C:\Windows\System\xtGhbvF.exe

C:\Windows\System\xtGhbvF.exe

C:\Windows\System\FzgAynO.exe

C:\Windows\System\FzgAynO.exe

C:\Windows\System\VmVMlvd.exe

C:\Windows\System\VmVMlvd.exe

C:\Windows\System\jypGksZ.exe

C:\Windows\System\jypGksZ.exe

C:\Windows\System\SrvYrKb.exe

C:\Windows\System\SrvYrKb.exe

C:\Windows\System\UXCneSS.exe

C:\Windows\System\UXCneSS.exe

C:\Windows\System\xAYqkcn.exe

C:\Windows\System\xAYqkcn.exe

C:\Windows\System\wUqqJAU.exe

C:\Windows\System\wUqqJAU.exe

C:\Windows\System\JQyXVun.exe

C:\Windows\System\JQyXVun.exe

C:\Windows\System\KkXYIkV.exe

C:\Windows\System\KkXYIkV.exe

C:\Windows\System\wDKSWWX.exe

C:\Windows\System\wDKSWWX.exe

C:\Windows\System\GsxNBqr.exe

C:\Windows\System\GsxNBqr.exe

C:\Windows\System\IXAZjJZ.exe

C:\Windows\System\IXAZjJZ.exe

C:\Windows\System\fgOmvfy.exe

C:\Windows\System\fgOmvfy.exe

C:\Windows\System\MVKzpWA.exe

C:\Windows\System\MVKzpWA.exe

C:\Windows\System\EXPVFtY.exe

C:\Windows\System\EXPVFtY.exe

C:\Windows\System\tpfZJac.exe

C:\Windows\System\tpfZJac.exe

C:\Windows\System\AipfkBs.exe

C:\Windows\System\AipfkBs.exe

C:\Windows\System\lVzdTGj.exe

C:\Windows\System\lVzdTGj.exe

C:\Windows\System\QvvxBgO.exe

C:\Windows\System\QvvxBgO.exe

C:\Windows\System\hHCHrYl.exe

C:\Windows\System\hHCHrYl.exe

C:\Windows\System\bLOyGSz.exe

C:\Windows\System\bLOyGSz.exe

C:\Windows\System\PkkTiYa.exe

C:\Windows\System\PkkTiYa.exe

C:\Windows\System\uDpmpXl.exe

C:\Windows\System\uDpmpXl.exe

C:\Windows\System\yPVNtLA.exe

C:\Windows\System\yPVNtLA.exe

C:\Windows\System\izWTLYc.exe

C:\Windows\System\izWTLYc.exe

C:\Windows\System\HIZeHCC.exe

C:\Windows\System\HIZeHCC.exe

C:\Windows\System\bnhQKog.exe

C:\Windows\System\bnhQKog.exe

C:\Windows\System\IiiEkhk.exe

C:\Windows\System\IiiEkhk.exe

C:\Windows\System\HgEwMsj.exe

C:\Windows\System\HgEwMsj.exe

C:\Windows\System\wqPfLRc.exe

C:\Windows\System\wqPfLRc.exe

C:\Windows\System\kdvZIQZ.exe

C:\Windows\System\kdvZIQZ.exe

C:\Windows\System\XbLCFOg.exe

C:\Windows\System\XbLCFOg.exe

C:\Windows\System\wwqvOfA.exe

C:\Windows\System\wwqvOfA.exe

C:\Windows\System\vAiJHKk.exe

C:\Windows\System\vAiJHKk.exe

C:\Windows\System\VAxWIHG.exe

C:\Windows\System\VAxWIHG.exe

C:\Windows\System\QSUefST.exe

C:\Windows\System\QSUefST.exe

C:\Windows\System\QJuTScf.exe

C:\Windows\System\QJuTScf.exe

C:\Windows\System\xXwtEdK.exe

C:\Windows\System\xXwtEdK.exe

C:\Windows\System\CTGSXfR.exe

C:\Windows\System\CTGSXfR.exe

C:\Windows\System\arLYtfq.exe

C:\Windows\System\arLYtfq.exe

C:\Windows\System\TxvAHjL.exe

C:\Windows\System\TxvAHjL.exe

C:\Windows\System\FIMpHsX.exe

C:\Windows\System\FIMpHsX.exe

C:\Windows\System\sOKzsNN.exe

C:\Windows\System\sOKzsNN.exe

C:\Windows\System\ozGdDFV.exe

C:\Windows\System\ozGdDFV.exe

C:\Windows\System\muYFcny.exe

C:\Windows\System\muYFcny.exe

C:\Windows\System\JJHRkYX.exe

C:\Windows\System\JJHRkYX.exe

C:\Windows\System\CDTAsZo.exe

C:\Windows\System\CDTAsZo.exe

C:\Windows\System\jmckmBo.exe

C:\Windows\System\jmckmBo.exe

C:\Windows\System\WByuORR.exe

C:\Windows\System\WByuORR.exe

C:\Windows\System\SfAbHnT.exe

C:\Windows\System\SfAbHnT.exe

C:\Windows\System\iHUoEKB.exe

C:\Windows\System\iHUoEKB.exe

C:\Windows\System\zVXfHpi.exe

C:\Windows\System\zVXfHpi.exe

C:\Windows\System\Widsroc.exe

C:\Windows\System\Widsroc.exe

C:\Windows\System\DhGnJKx.exe

C:\Windows\System\DhGnJKx.exe

C:\Windows\System\APvRadn.exe

C:\Windows\System\APvRadn.exe

C:\Windows\System\hapaaGY.exe

C:\Windows\System\hapaaGY.exe

C:\Windows\System\tmPxTgB.exe

C:\Windows\System\tmPxTgB.exe

C:\Windows\System\ZdSCZzm.exe

C:\Windows\System\ZdSCZzm.exe

C:\Windows\System\zzQQaHt.exe

C:\Windows\System\zzQQaHt.exe

C:\Windows\System\CEqtZqf.exe

C:\Windows\System\CEqtZqf.exe

C:\Windows\System\JTWTjOo.exe

C:\Windows\System\JTWTjOo.exe

C:\Windows\System\BKjtFlr.exe

C:\Windows\System\BKjtFlr.exe

C:\Windows\System\FHZZmkx.exe

C:\Windows\System\FHZZmkx.exe

C:\Windows\System\nBHMPwi.exe

C:\Windows\System\nBHMPwi.exe

C:\Windows\System\LODHUBC.exe

C:\Windows\System\LODHUBC.exe

C:\Windows\System\XTIxfin.exe

C:\Windows\System\XTIxfin.exe

C:\Windows\System\lMPKomL.exe

C:\Windows\System\lMPKomL.exe

C:\Windows\System\GesXtYQ.exe

C:\Windows\System\GesXtYQ.exe

C:\Windows\System\yvuFEKF.exe

C:\Windows\System\yvuFEKF.exe

C:\Windows\System\xvlyXkB.exe

C:\Windows\System\xvlyXkB.exe

C:\Windows\System\bhKvyfe.exe

C:\Windows\System\bhKvyfe.exe

C:\Windows\System\mVKuLEr.exe

C:\Windows\System\mVKuLEr.exe

C:\Windows\System\ArSAlgP.exe

C:\Windows\System\ArSAlgP.exe

C:\Windows\System\xGHjGVo.exe

C:\Windows\System\xGHjGVo.exe

C:\Windows\System\bpOTvek.exe

C:\Windows\System\bpOTvek.exe

C:\Windows\System\bDtpJqN.exe

C:\Windows\System\bDtpJqN.exe

C:\Windows\System\nmzaqMA.exe

C:\Windows\System\nmzaqMA.exe

C:\Windows\System\SWPCvPH.exe

C:\Windows\System\SWPCvPH.exe

C:\Windows\System\BqTEPtS.exe

C:\Windows\System\BqTEPtS.exe

C:\Windows\System\gwuQQHx.exe

C:\Windows\System\gwuQQHx.exe

C:\Windows\System\jPahRZB.exe

C:\Windows\System\jPahRZB.exe

C:\Windows\System\mIrJesw.exe

C:\Windows\System\mIrJesw.exe

C:\Windows\System\MGUjlXu.exe

C:\Windows\System\MGUjlXu.exe

C:\Windows\System\zNEHPqq.exe

C:\Windows\System\zNEHPqq.exe

C:\Windows\System\oAmyhoN.exe

C:\Windows\System\oAmyhoN.exe

C:\Windows\System\EEsGcXu.exe

C:\Windows\System\EEsGcXu.exe

C:\Windows\System\TnpHPyq.exe

C:\Windows\System\TnpHPyq.exe

C:\Windows\System\vjanRTI.exe

C:\Windows\System\vjanRTI.exe

C:\Windows\System\eZprpXt.exe

C:\Windows\System\eZprpXt.exe

C:\Windows\System\caJPrBQ.exe

C:\Windows\System\caJPrBQ.exe

C:\Windows\System\tEwPvkC.exe

C:\Windows\System\tEwPvkC.exe

C:\Windows\System\xMYsCCz.exe

C:\Windows\System\xMYsCCz.exe

C:\Windows\System\jximVcV.exe

C:\Windows\System\jximVcV.exe

C:\Windows\System\EKAbUae.exe

C:\Windows\System\EKAbUae.exe

C:\Windows\System\qdWXiWx.exe

C:\Windows\System\qdWXiWx.exe

C:\Windows\System\XjTXlsF.exe

C:\Windows\System\XjTXlsF.exe

C:\Windows\System\mpRCALA.exe

C:\Windows\System\mpRCALA.exe

C:\Windows\System\hYOOjww.exe

C:\Windows\System\hYOOjww.exe

C:\Windows\System\gxhHBsW.exe

C:\Windows\System\gxhHBsW.exe

C:\Windows\System\rGpxami.exe

C:\Windows\System\rGpxami.exe

C:\Windows\System\ZBxonKK.exe

C:\Windows\System\ZBxonKK.exe

C:\Windows\System\FrotMIN.exe

C:\Windows\System\FrotMIN.exe

C:\Windows\System\KoYFmzC.exe

C:\Windows\System\KoYFmzC.exe

C:\Windows\System\EDbQhsc.exe

C:\Windows\System\EDbQhsc.exe

C:\Windows\System\rXteWPw.exe

C:\Windows\System\rXteWPw.exe

C:\Windows\System\EXolnhU.exe

C:\Windows\System\EXolnhU.exe

C:\Windows\System\QsNYCGi.exe

C:\Windows\System\QsNYCGi.exe

C:\Windows\System\NuNjjnY.exe

C:\Windows\System\NuNjjnY.exe

C:\Windows\System\qbilNnF.exe

C:\Windows\System\qbilNnF.exe

C:\Windows\System\RNyishV.exe

C:\Windows\System\RNyishV.exe

C:\Windows\System\moHjDvv.exe

C:\Windows\System\moHjDvv.exe

C:\Windows\System\oNHSoHm.exe

C:\Windows\System\oNHSoHm.exe

C:\Windows\System\pbnUADc.exe

C:\Windows\System\pbnUADc.exe

C:\Windows\System\ftSwcFa.exe

C:\Windows\System\ftSwcFa.exe

C:\Windows\System\uXzuBUL.exe

C:\Windows\System\uXzuBUL.exe

C:\Windows\System\tYFvbGA.exe

C:\Windows\System\tYFvbGA.exe

C:\Windows\System\ZQFMpLu.exe

C:\Windows\System\ZQFMpLu.exe

C:\Windows\System\TudqAXu.exe

C:\Windows\System\TudqAXu.exe

C:\Windows\System\jCakyEu.exe

C:\Windows\System\jCakyEu.exe

C:\Windows\System\vwnOFlS.exe

C:\Windows\System\vwnOFlS.exe

C:\Windows\System\LvpaXyh.exe

C:\Windows\System\LvpaXyh.exe

C:\Windows\System\kUxaIYU.exe

C:\Windows\System\kUxaIYU.exe

C:\Windows\System\LTNhbTr.exe

C:\Windows\System\LTNhbTr.exe

C:\Windows\System\RhVDNvI.exe

C:\Windows\System\RhVDNvI.exe

C:\Windows\System\Buuitpj.exe

C:\Windows\System\Buuitpj.exe

C:\Windows\System\fpmWFWw.exe

C:\Windows\System\fpmWFWw.exe

C:\Windows\System\zxEDoES.exe

C:\Windows\System\zxEDoES.exe

C:\Windows\System\KRqwPUu.exe

C:\Windows\System\KRqwPUu.exe

C:\Windows\System\YgxfDzP.exe

C:\Windows\System\YgxfDzP.exe

C:\Windows\System\FBJPMAw.exe

C:\Windows\System\FBJPMAw.exe

C:\Windows\System\hjLfHjV.exe

C:\Windows\System\hjLfHjV.exe

C:\Windows\System\gyFpNes.exe

C:\Windows\System\gyFpNes.exe

C:\Windows\System\JEAdiRs.exe

C:\Windows\System\JEAdiRs.exe

C:\Windows\System\AAGOfBS.exe

C:\Windows\System\AAGOfBS.exe

C:\Windows\System\BxjwsTG.exe

C:\Windows\System\BxjwsTG.exe

C:\Windows\System\tzrvVHL.exe

C:\Windows\System\tzrvVHL.exe

C:\Windows\System\ihmzHkn.exe

C:\Windows\System\ihmzHkn.exe

C:\Windows\System\vKzyWnx.exe

C:\Windows\System\vKzyWnx.exe

C:\Windows\System\KfkjZwG.exe

C:\Windows\System\KfkjZwG.exe

C:\Windows\System\RwreHoO.exe

C:\Windows\System\RwreHoO.exe

C:\Windows\System\chCSAUR.exe

C:\Windows\System\chCSAUR.exe

C:\Windows\System\UmfNpZV.exe

C:\Windows\System\UmfNpZV.exe

C:\Windows\System\hITDnhn.exe

C:\Windows\System\hITDnhn.exe

C:\Windows\System\HbMsime.exe

C:\Windows\System\HbMsime.exe

C:\Windows\System\ZaczjFc.exe

C:\Windows\System\ZaczjFc.exe

C:\Windows\System\UYSGJpR.exe

C:\Windows\System\UYSGJpR.exe

C:\Windows\System\tpUWEQK.exe

C:\Windows\System\tpUWEQK.exe

C:\Windows\System\taSekhN.exe

C:\Windows\System\taSekhN.exe

C:\Windows\System\VCtILhT.exe

C:\Windows\System\VCtILhT.exe

C:\Windows\System\HTXpESc.exe

C:\Windows\System\HTXpESc.exe

C:\Windows\System\PayUVVU.exe

C:\Windows\System\PayUVVU.exe

C:\Windows\System\lTdHZNc.exe

C:\Windows\System\lTdHZNc.exe

C:\Windows\System\KhBTXiE.exe

C:\Windows\System\KhBTXiE.exe

C:\Windows\System\yJEWNHy.exe

C:\Windows\System\yJEWNHy.exe

C:\Windows\System\YlkzAuN.exe

C:\Windows\System\YlkzAuN.exe

C:\Windows\System\OZOdwzL.exe

C:\Windows\System\OZOdwzL.exe

C:\Windows\System\byvKNOa.exe

C:\Windows\System\byvKNOa.exe

C:\Windows\System\sYhFPLW.exe

C:\Windows\System\sYhFPLW.exe

C:\Windows\System\XZhRRQT.exe

C:\Windows\System\XZhRRQT.exe

C:\Windows\System\RfROkRN.exe

C:\Windows\System\RfROkRN.exe

C:\Windows\System\boLxQQf.exe

C:\Windows\System\boLxQQf.exe

C:\Windows\System\EkxVKWz.exe

C:\Windows\System\EkxVKWz.exe

C:\Windows\System\ZaOqqEm.exe

C:\Windows\System\ZaOqqEm.exe

C:\Windows\System\yoKbGTm.exe

C:\Windows\System\yoKbGTm.exe

C:\Windows\System\nKWvIWp.exe

C:\Windows\System\nKWvIWp.exe

C:\Windows\System\HVdptTu.exe

C:\Windows\System\HVdptTu.exe

C:\Windows\System\afbQXUS.exe

C:\Windows\System\afbQXUS.exe

C:\Windows\System\XTiGQry.exe

C:\Windows\System\XTiGQry.exe

C:\Windows\System\WUqnDjX.exe

C:\Windows\System\WUqnDjX.exe

C:\Windows\System\BrjWLdp.exe

C:\Windows\System\BrjWLdp.exe

C:\Windows\System\iPSjDmw.exe

C:\Windows\System\iPSjDmw.exe

C:\Windows\System\pDJdgpE.exe

C:\Windows\System\pDJdgpE.exe

C:\Windows\System\kMDSdWs.exe

C:\Windows\System\kMDSdWs.exe

C:\Windows\System\hIkbBjy.exe

C:\Windows\System\hIkbBjy.exe

C:\Windows\System\CfrmfVJ.exe

C:\Windows\System\CfrmfVJ.exe

C:\Windows\System\mobtyAz.exe

C:\Windows\System\mobtyAz.exe

C:\Windows\System\TEsmGak.exe

C:\Windows\System\TEsmGak.exe

C:\Windows\System\lnJKxtd.exe

C:\Windows\System\lnJKxtd.exe

C:\Windows\System\UZQGmQK.exe

C:\Windows\System\UZQGmQK.exe

C:\Windows\System\eKzehfs.exe

C:\Windows\System\eKzehfs.exe

C:\Windows\System\dWbtrtE.exe

C:\Windows\System\dWbtrtE.exe

C:\Windows\System\KmNsQVA.exe

C:\Windows\System\KmNsQVA.exe

C:\Windows\System\owwDrcs.exe

C:\Windows\System\owwDrcs.exe

C:\Windows\System\hvDyuTQ.exe

C:\Windows\System\hvDyuTQ.exe

C:\Windows\System\MHiUsii.exe

C:\Windows\System\MHiUsii.exe

C:\Windows\System\JDakmDT.exe

C:\Windows\System\JDakmDT.exe

C:\Windows\System\FdVsyfC.exe

C:\Windows\System\FdVsyfC.exe

C:\Windows\System\PRNdTgP.exe

C:\Windows\System\PRNdTgP.exe

C:\Windows\System\OJXbnzL.exe

C:\Windows\System\OJXbnzL.exe

C:\Windows\System\oLpSbTc.exe

C:\Windows\System\oLpSbTc.exe

C:\Windows\System\shLFPdB.exe

C:\Windows\System\shLFPdB.exe

C:\Windows\System\CmgKRzu.exe

C:\Windows\System\CmgKRzu.exe

C:\Windows\System\NBUVLyz.exe

C:\Windows\System\NBUVLyz.exe

C:\Windows\System\RQhiYBl.exe

C:\Windows\System\RQhiYBl.exe

C:\Windows\System\WGlTCDv.exe

C:\Windows\System\WGlTCDv.exe

C:\Windows\System\GuyjiVu.exe

C:\Windows\System\GuyjiVu.exe

C:\Windows\System\qxkaqXQ.exe

C:\Windows\System\qxkaqXQ.exe

C:\Windows\System\KrqtETQ.exe

C:\Windows\System\KrqtETQ.exe

C:\Windows\System\qAIMTQI.exe

C:\Windows\System\qAIMTQI.exe

C:\Windows\System\NyHVaab.exe

C:\Windows\System\NyHVaab.exe

C:\Windows\System\jVWeOpN.exe

C:\Windows\System\jVWeOpN.exe

C:\Windows\System\ubBGNMW.exe

C:\Windows\System\ubBGNMW.exe

C:\Windows\System\mmsclJb.exe

C:\Windows\System\mmsclJb.exe

C:\Windows\System\TxpKzmO.exe

C:\Windows\System\TxpKzmO.exe

C:\Windows\System\GtktKqr.exe

C:\Windows\System\GtktKqr.exe

C:\Windows\System\qUoghQB.exe

C:\Windows\System\qUoghQB.exe

C:\Windows\System\VMbqnJa.exe

C:\Windows\System\VMbqnJa.exe

C:\Windows\System\sTMarkE.exe

C:\Windows\System\sTMarkE.exe

C:\Windows\System\ettFWyS.exe

C:\Windows\System\ettFWyS.exe

C:\Windows\System\bJLCrEP.exe

C:\Windows\System\bJLCrEP.exe

C:\Windows\System\TUSaCQu.exe

C:\Windows\System\TUSaCQu.exe

C:\Windows\System\StIlGQC.exe

C:\Windows\System\StIlGQC.exe

C:\Windows\System\ooagQQx.exe

C:\Windows\System\ooagQQx.exe

C:\Windows\System\ewPDEGE.exe

C:\Windows\System\ewPDEGE.exe

C:\Windows\System\qzWIVZN.exe

C:\Windows\System\qzWIVZN.exe

C:\Windows\System\HYeMQzw.exe

C:\Windows\System\HYeMQzw.exe

C:\Windows\System\IMVaTyJ.exe

C:\Windows\System\IMVaTyJ.exe

C:\Windows\System\ldgnfbB.exe

C:\Windows\System\ldgnfbB.exe

C:\Windows\System\ZrDYvKD.exe

C:\Windows\System\ZrDYvKD.exe

C:\Windows\System\ZkAwwkF.exe

C:\Windows\System\ZkAwwkF.exe

C:\Windows\System\pcegMbY.exe

C:\Windows\System\pcegMbY.exe

C:\Windows\System\XlacvYV.exe

C:\Windows\System\XlacvYV.exe

C:\Windows\System\EScHALM.exe

C:\Windows\System\EScHALM.exe

C:\Windows\System\YQmHWxh.exe

C:\Windows\System\YQmHWxh.exe

C:\Windows\System\neuIEJE.exe

C:\Windows\System\neuIEJE.exe

C:\Windows\System\URpanGm.exe

C:\Windows\System\URpanGm.exe

C:\Windows\System\mUtGmPP.exe

C:\Windows\System\mUtGmPP.exe

C:\Windows\System\zFTNsFp.exe

C:\Windows\System\zFTNsFp.exe

C:\Windows\System\uASPYZI.exe

C:\Windows\System\uASPYZI.exe

C:\Windows\System\FKCgefy.exe

C:\Windows\System\FKCgefy.exe

C:\Windows\System\ZNeWRNz.exe

C:\Windows\System\ZNeWRNz.exe

C:\Windows\System\HUfcLtM.exe

C:\Windows\System\HUfcLtM.exe

C:\Windows\System\MnIMVol.exe

C:\Windows\System\MnIMVol.exe

C:\Windows\System\qYQZZTP.exe

C:\Windows\System\qYQZZTP.exe

C:\Windows\System\kyaXrcZ.exe

C:\Windows\System\kyaXrcZ.exe

C:\Windows\System\ALBXbsP.exe

C:\Windows\System\ALBXbsP.exe

C:\Windows\System\vPFpgQM.exe

C:\Windows\System\vPFpgQM.exe

C:\Windows\System\jizbQSx.exe

C:\Windows\System\jizbQSx.exe

C:\Windows\System\hEPFoEN.exe

C:\Windows\System\hEPFoEN.exe

C:\Windows\System\lciiyTM.exe

C:\Windows\System\lciiyTM.exe

C:\Windows\System\wYOYStW.exe

C:\Windows\System\wYOYStW.exe

C:\Windows\System\RHbalIZ.exe

C:\Windows\System\RHbalIZ.exe

C:\Windows\System\PjrXhYs.exe

C:\Windows\System\PjrXhYs.exe

C:\Windows\System\XqtZDhW.exe

C:\Windows\System\XqtZDhW.exe

C:\Windows\System\WVrrvOr.exe

C:\Windows\System\WVrrvOr.exe

C:\Windows\System\sldWdTp.exe

C:\Windows\System\sldWdTp.exe

C:\Windows\System\ZALldcA.exe

C:\Windows\System\ZALldcA.exe

C:\Windows\System\AKitSMq.exe

C:\Windows\System\AKitSMq.exe

C:\Windows\System\gBQgqCe.exe

C:\Windows\System\gBQgqCe.exe

C:\Windows\System\DntjPpp.exe

C:\Windows\System\DntjPpp.exe

C:\Windows\System\gXDINZZ.exe

C:\Windows\System\gXDINZZ.exe

C:\Windows\System\IoZzxDI.exe

C:\Windows\System\IoZzxDI.exe

C:\Windows\System\shLiUvq.exe

C:\Windows\System\shLiUvq.exe

C:\Windows\System\hbAnlZp.exe

C:\Windows\System\hbAnlZp.exe

C:\Windows\System\LIaPImH.exe

C:\Windows\System\LIaPImH.exe

C:\Windows\System\PrrNboW.exe

C:\Windows\System\PrrNboW.exe

C:\Windows\System\hUKwElp.exe

C:\Windows\System\hUKwElp.exe

C:\Windows\System\dkOcTwf.exe

C:\Windows\System\dkOcTwf.exe

C:\Windows\System\YOycTVl.exe

C:\Windows\System\YOycTVl.exe

C:\Windows\System\IIHhQpF.exe

C:\Windows\System\IIHhQpF.exe

C:\Windows\System\TnrpBzH.exe

C:\Windows\System\TnrpBzH.exe

C:\Windows\System\fdnUrRh.exe

C:\Windows\System\fdnUrRh.exe

C:\Windows\System\ndZUMKp.exe

C:\Windows\System\ndZUMKp.exe

C:\Windows\System\Rpthyff.exe

C:\Windows\System\Rpthyff.exe

C:\Windows\System\zQSBHKS.exe

C:\Windows\System\zQSBHKS.exe

C:\Windows\System\CYBQTQz.exe

C:\Windows\System\CYBQTQz.exe

C:\Windows\System\zZzHdxl.exe

C:\Windows\System\zZzHdxl.exe

C:\Windows\System\UEflMWA.exe

C:\Windows\System\UEflMWA.exe

C:\Windows\System\eBXtGbQ.exe

C:\Windows\System\eBXtGbQ.exe

C:\Windows\System\SNpymzP.exe

C:\Windows\System\SNpymzP.exe

C:\Windows\System\vvPwZWO.exe

C:\Windows\System\vvPwZWO.exe

C:\Windows\System\ZMqioJR.exe

C:\Windows\System\ZMqioJR.exe

C:\Windows\System\HKrPqQd.exe

C:\Windows\System\HKrPqQd.exe

C:\Windows\System\TXmeNWg.exe

C:\Windows\System\TXmeNWg.exe

C:\Windows\System\jUKBfzP.exe

C:\Windows\System\jUKBfzP.exe

C:\Windows\System\qTuAZcx.exe

C:\Windows\System\qTuAZcx.exe

C:\Windows\System\MsBuwKY.exe

C:\Windows\System\MsBuwKY.exe

C:\Windows\System\oYTFavi.exe

C:\Windows\System\oYTFavi.exe

C:\Windows\System\MHvkxhk.exe

C:\Windows\System\MHvkxhk.exe

C:\Windows\System\wleUKOg.exe

C:\Windows\System\wleUKOg.exe

C:\Windows\System\aKJsLzU.exe

C:\Windows\System\aKJsLzU.exe

C:\Windows\System\ZlehEun.exe

C:\Windows\System\ZlehEun.exe

C:\Windows\System\ylMwxqG.exe

C:\Windows\System\ylMwxqG.exe

C:\Windows\System\caaIVDF.exe

C:\Windows\System\caaIVDF.exe

C:\Windows\System\vmHDeHW.exe

C:\Windows\System\vmHDeHW.exe

C:\Windows\System\pMrSkTN.exe

C:\Windows\System\pMrSkTN.exe

C:\Windows\System\XXbkVOK.exe

C:\Windows\System\XXbkVOK.exe

C:\Windows\System\QCcNTny.exe

C:\Windows\System\QCcNTny.exe

C:\Windows\System\OvheOvT.exe

C:\Windows\System\OvheOvT.exe

C:\Windows\System\hrfMIsC.exe

C:\Windows\System\hrfMIsC.exe

C:\Windows\System\VmDcdgr.exe

C:\Windows\System\VmDcdgr.exe

C:\Windows\System\MYRXCLK.exe

C:\Windows\System\MYRXCLK.exe

C:\Windows\System\CWzNjrw.exe

C:\Windows\System\CWzNjrw.exe

C:\Windows\System\FqurxsI.exe

C:\Windows\System\FqurxsI.exe

C:\Windows\System\PlhoQry.exe

C:\Windows\System\PlhoQry.exe

C:\Windows\System\sNKFxtb.exe

C:\Windows\System\sNKFxtb.exe

C:\Windows\System\aKSFwOU.exe

C:\Windows\System\aKSFwOU.exe

C:\Windows\System\JCbCjbo.exe

C:\Windows\System\JCbCjbo.exe

C:\Windows\System\IxPcmBP.exe

C:\Windows\System\IxPcmBP.exe

C:\Windows\System\KpJoirg.exe

C:\Windows\System\KpJoirg.exe

C:\Windows\System\DxGyaAo.exe

C:\Windows\System\DxGyaAo.exe

C:\Windows\System\FGLwTKP.exe

C:\Windows\System\FGLwTKP.exe

C:\Windows\System\LUfvucD.exe

C:\Windows\System\LUfvucD.exe

C:\Windows\System\ZFHdeNK.exe

C:\Windows\System\ZFHdeNK.exe

C:\Windows\System\kewRLdz.exe

C:\Windows\System\kewRLdz.exe

C:\Windows\System\dyTnvBI.exe

C:\Windows\System\dyTnvBI.exe

C:\Windows\System\vREToGm.exe

C:\Windows\System\vREToGm.exe

C:\Windows\System\elXjfTb.exe

C:\Windows\System\elXjfTb.exe

C:\Windows\System\oAFAPJZ.exe

C:\Windows\System\oAFAPJZ.exe

C:\Windows\System\iyFUjux.exe

C:\Windows\System\iyFUjux.exe

C:\Windows\System\coOPVlO.exe

C:\Windows\System\coOPVlO.exe

C:\Windows\System\NNOBSLp.exe

C:\Windows\System\NNOBSLp.exe

C:\Windows\System\DyStxbw.exe

C:\Windows\System\DyStxbw.exe

C:\Windows\System\WYDQkhH.exe

C:\Windows\System\WYDQkhH.exe

C:\Windows\System\cebLztv.exe

C:\Windows\System\cebLztv.exe

C:\Windows\System\ABpQZps.exe

C:\Windows\System\ABpQZps.exe

C:\Windows\System\XCdCYSi.exe

C:\Windows\System\XCdCYSi.exe

C:\Windows\System\cOzLxkt.exe

C:\Windows\System\cOzLxkt.exe

C:\Windows\System\GqxDZHC.exe

C:\Windows\System\GqxDZHC.exe

C:\Windows\System\mhhKjLr.exe

C:\Windows\System\mhhKjLr.exe

C:\Windows\System\ciBqWat.exe

C:\Windows\System\ciBqWat.exe

C:\Windows\System\zYtzyqw.exe

C:\Windows\System\zYtzyqw.exe

C:\Windows\System\UPcyghY.exe

C:\Windows\System\UPcyghY.exe

C:\Windows\System\glEfXaP.exe

C:\Windows\System\glEfXaP.exe

C:\Windows\System\KeTecOf.exe

C:\Windows\System\KeTecOf.exe

C:\Windows\System\vOkjKYb.exe

C:\Windows\System\vOkjKYb.exe

C:\Windows\System\GtioNsn.exe

C:\Windows\System\GtioNsn.exe

C:\Windows\System\jJFyCfX.exe

C:\Windows\System\jJFyCfX.exe

C:\Windows\System\iFSvUUI.exe

C:\Windows\System\iFSvUUI.exe

C:\Windows\System\TinrgGV.exe

C:\Windows\System\TinrgGV.exe

C:\Windows\System\RlvrgTn.exe

C:\Windows\System\RlvrgTn.exe

C:\Windows\System\sytIGpA.exe

C:\Windows\System\sytIGpA.exe

C:\Windows\System\eedKSuK.exe

C:\Windows\System\eedKSuK.exe

C:\Windows\System\pUDIcbv.exe

C:\Windows\System\pUDIcbv.exe

C:\Windows\System\VwbCkEl.exe

C:\Windows\System\VwbCkEl.exe

C:\Windows\System\IhmPfQr.exe

C:\Windows\System\IhmPfQr.exe

C:\Windows\System\HhFEcGb.exe

C:\Windows\System\HhFEcGb.exe

C:\Windows\System\sxLNlHi.exe

C:\Windows\System\sxLNlHi.exe

C:\Windows\System\TFINoMj.exe

C:\Windows\System\TFINoMj.exe

C:\Windows\System\RvMzVRH.exe

C:\Windows\System\RvMzVRH.exe

C:\Windows\System\xPipMvb.exe

C:\Windows\System\xPipMvb.exe

C:\Windows\System\NDLHVYy.exe

C:\Windows\System\NDLHVYy.exe

C:\Windows\System\ZiIUbmN.exe

C:\Windows\System\ZiIUbmN.exe

C:\Windows\System\xPLAztU.exe

C:\Windows\System\xPLAztU.exe

C:\Windows\System\fmJeBIl.exe

C:\Windows\System\fmJeBIl.exe

C:\Windows\System\TeLdYUp.exe

C:\Windows\System\TeLdYUp.exe

C:\Windows\System\cdwFTLt.exe

C:\Windows\System\cdwFTLt.exe

C:\Windows\System\ZykvoaY.exe

C:\Windows\System\ZykvoaY.exe

C:\Windows\System\rRegwRj.exe

C:\Windows\System\rRegwRj.exe

C:\Windows\System\eGUcGWw.exe

C:\Windows\System\eGUcGWw.exe

C:\Windows\System\paCJsWS.exe

C:\Windows\System\paCJsWS.exe

C:\Windows\System\pcNQngu.exe

C:\Windows\System\pcNQngu.exe

C:\Windows\System\FKrkElY.exe

C:\Windows\System\FKrkElY.exe

C:\Windows\System\QZgUMaC.exe

C:\Windows\System\QZgUMaC.exe

C:\Windows\System\txnHzMc.exe

C:\Windows\System\txnHzMc.exe

C:\Windows\System\seGYiSx.exe

C:\Windows\System\seGYiSx.exe

C:\Windows\System\HBnwVPb.exe

C:\Windows\System\HBnwVPb.exe

C:\Windows\System\NwjdJZL.exe

C:\Windows\System\NwjdJZL.exe

C:\Windows\System\EpohYVs.exe

C:\Windows\System\EpohYVs.exe

C:\Windows\System\TLPbSwR.exe

C:\Windows\System\TLPbSwR.exe

C:\Windows\System\OWYZckO.exe

C:\Windows\System\OWYZckO.exe

C:\Windows\System\psgIbDR.exe

C:\Windows\System\psgIbDR.exe

C:\Windows\System\MRbURJl.exe

C:\Windows\System\MRbURJl.exe

C:\Windows\System\IOZdSAv.exe

C:\Windows\System\IOZdSAv.exe

C:\Windows\System\ccUFTjI.exe

C:\Windows\System\ccUFTjI.exe

C:\Windows\System\OduHvqW.exe

C:\Windows\System\OduHvqW.exe

C:\Windows\System\NvbwKsT.exe

C:\Windows\System\NvbwKsT.exe

C:\Windows\System\CXudJSc.exe

C:\Windows\System\CXudJSc.exe

C:\Windows\System\XjGapeK.exe

C:\Windows\System\XjGapeK.exe

C:\Windows\System\jrxrBNs.exe

C:\Windows\System\jrxrBNs.exe

C:\Windows\System\IgHsSGV.exe

C:\Windows\System\IgHsSGV.exe

C:\Windows\System\BnKiAiS.exe

C:\Windows\System\BnKiAiS.exe

C:\Windows\System\MctRqno.exe

C:\Windows\System\MctRqno.exe

C:\Windows\System\iuJOvNq.exe

C:\Windows\System\iuJOvNq.exe

C:\Windows\System\nVBgVSy.exe

C:\Windows\System\nVBgVSy.exe

C:\Windows\System\bqleIwL.exe

C:\Windows\System\bqleIwL.exe

C:\Windows\System\pZIhCwB.exe

C:\Windows\System\pZIhCwB.exe

C:\Windows\System\CtKjPQS.exe

C:\Windows\System\CtKjPQS.exe

C:\Windows\System\BttKYgO.exe

C:\Windows\System\BttKYgO.exe

C:\Windows\System\fBJZGkm.exe

C:\Windows\System\fBJZGkm.exe

C:\Windows\System\bAuAnAe.exe

C:\Windows\System\bAuAnAe.exe

C:\Windows\System\bDaiRfr.exe

C:\Windows\System\bDaiRfr.exe

C:\Windows\System\ALxsoGc.exe

C:\Windows\System\ALxsoGc.exe

C:\Windows\System\dUIAfKs.exe

C:\Windows\System\dUIAfKs.exe

C:\Windows\System\uTsABiw.exe

C:\Windows\System\uTsABiw.exe

C:\Windows\System\iErPMHO.exe

C:\Windows\System\iErPMHO.exe

C:\Windows\System\YclnQtu.exe

C:\Windows\System\YclnQtu.exe

C:\Windows\System\XYmsHPA.exe

C:\Windows\System\XYmsHPA.exe

C:\Windows\System\qxKoZsa.exe

C:\Windows\System\qxKoZsa.exe

C:\Windows\System\zGhBLcg.exe

C:\Windows\System\zGhBLcg.exe

C:\Windows\System\NcPPMmU.exe

C:\Windows\System\NcPPMmU.exe

C:\Windows\System\OJHdIlE.exe

C:\Windows\System\OJHdIlE.exe

C:\Windows\System\wBudnPh.exe

C:\Windows\System\wBudnPh.exe

C:\Windows\System\aILUMGK.exe

C:\Windows\System\aILUMGK.exe

C:\Windows\System\VmSSBoJ.exe

C:\Windows\System\VmSSBoJ.exe

C:\Windows\System\DKrLtSC.exe

C:\Windows\System\DKrLtSC.exe

C:\Windows\System\MMNqBBI.exe

C:\Windows\System\MMNqBBI.exe

C:\Windows\System\sSQlHzO.exe

C:\Windows\System\sSQlHzO.exe

C:\Windows\System\OsgHgvq.exe

C:\Windows\System\OsgHgvq.exe

C:\Windows\System\YrgCNus.exe

C:\Windows\System\YrgCNus.exe

C:\Windows\System\FjzUiND.exe

C:\Windows\System\FjzUiND.exe

C:\Windows\System\GUeNcus.exe

C:\Windows\System\GUeNcus.exe

C:\Windows\System\hSFzPQQ.exe

C:\Windows\System\hSFzPQQ.exe

C:\Windows\System\zOfBLOL.exe

C:\Windows\System\zOfBLOL.exe

C:\Windows\System\rcxSmGV.exe

C:\Windows\System\rcxSmGV.exe

C:\Windows\System\RMfAJZo.exe

C:\Windows\System\RMfAJZo.exe

C:\Windows\System\SzZPWok.exe

C:\Windows\System\SzZPWok.exe

C:\Windows\System\XeLLvyV.exe

C:\Windows\System\XeLLvyV.exe

C:\Windows\System\rlRwQdo.exe

C:\Windows\System\rlRwQdo.exe

C:\Windows\System\iwCuvMM.exe

C:\Windows\System\iwCuvMM.exe

C:\Windows\System\MIVrwQk.exe

C:\Windows\System\MIVrwQk.exe

C:\Windows\System\GhWGDRZ.exe

C:\Windows\System\GhWGDRZ.exe

C:\Windows\System\kJMHsCF.exe

C:\Windows\System\kJMHsCF.exe

C:\Windows\System\zLShedN.exe

C:\Windows\System\zLShedN.exe

C:\Windows\System\jYNFTTR.exe

C:\Windows\System\jYNFTTR.exe

C:\Windows\System\vbbCmMr.exe

C:\Windows\System\vbbCmMr.exe

C:\Windows\System\uEiSAgI.exe

C:\Windows\System\uEiSAgI.exe

C:\Windows\System\TQLRkCp.exe

C:\Windows\System\TQLRkCp.exe

C:\Windows\System\CkIcVHM.exe

C:\Windows\System\CkIcVHM.exe

C:\Windows\System\jnAlmlq.exe

C:\Windows\System\jnAlmlq.exe

C:\Windows\System\tdpWKyH.exe

C:\Windows\System\tdpWKyH.exe

C:\Windows\System\ostjnDZ.exe

C:\Windows\System\ostjnDZ.exe

C:\Windows\System\gWnCZEL.exe

C:\Windows\System\gWnCZEL.exe

C:\Windows\System\qCWDCms.exe

C:\Windows\System\qCWDCms.exe

C:\Windows\System\aCjdtTm.exe

C:\Windows\System\aCjdtTm.exe

C:\Windows\System\yfTInFj.exe

C:\Windows\System\yfTInFj.exe

C:\Windows\System\yKNdKXX.exe

C:\Windows\System\yKNdKXX.exe

C:\Windows\System\BuuCgIF.exe

C:\Windows\System\BuuCgIF.exe

C:\Windows\System\aIFBjso.exe

C:\Windows\System\aIFBjso.exe

C:\Windows\System\uaJqNmD.exe

C:\Windows\System\uaJqNmD.exe

C:\Windows\System\RQgCuJd.exe

C:\Windows\System\RQgCuJd.exe

C:\Windows\System\BtLPLVR.exe

C:\Windows\System\BtLPLVR.exe

C:\Windows\System\xfQigTO.exe

C:\Windows\System\xfQigTO.exe

C:\Windows\System\ektXmXk.exe

C:\Windows\System\ektXmXk.exe

C:\Windows\System\qkAuHiI.exe

C:\Windows\System\qkAuHiI.exe

C:\Windows\System\mDgLeWu.exe

C:\Windows\System\mDgLeWu.exe

C:\Windows\System\RdLJMcn.exe

C:\Windows\System\RdLJMcn.exe

C:\Windows\System\GgJfnVB.exe

C:\Windows\System\GgJfnVB.exe

C:\Windows\System\hiIJewg.exe

C:\Windows\System\hiIJewg.exe

C:\Windows\System\mDWmKNW.exe

C:\Windows\System\mDWmKNW.exe

C:\Windows\System\bPLBjeL.exe

C:\Windows\System\bPLBjeL.exe

C:\Windows\System\DzUPKKg.exe

C:\Windows\System\DzUPKKg.exe

C:\Windows\System\DFKYxyh.exe

C:\Windows\System\DFKYxyh.exe

C:\Windows\System\uXCWAIt.exe

C:\Windows\System\uXCWAIt.exe

C:\Windows\System\huEnpce.exe

C:\Windows\System\huEnpce.exe

C:\Windows\System\lHGdvHf.exe

C:\Windows\System\lHGdvHf.exe

C:\Windows\System\aKEgoBf.exe

C:\Windows\System\aKEgoBf.exe

C:\Windows\System\erWlqup.exe

C:\Windows\System\erWlqup.exe

C:\Windows\System\PKzxhUE.exe

C:\Windows\System\PKzxhUE.exe

C:\Windows\System\KVrOEqQ.exe

C:\Windows\System\KVrOEqQ.exe

C:\Windows\System\yesNbHF.exe

C:\Windows\System\yesNbHF.exe

C:\Windows\System\uSLNQFa.exe

C:\Windows\System\uSLNQFa.exe

C:\Windows\System\ClzAyYq.exe

C:\Windows\System\ClzAyYq.exe

C:\Windows\System\VkqHBgn.exe

C:\Windows\System\VkqHBgn.exe

C:\Windows\System\ThASnmv.exe

C:\Windows\System\ThASnmv.exe

C:\Windows\System\iOveGuA.exe

C:\Windows\System\iOveGuA.exe

C:\Windows\System\VYibvWw.exe

C:\Windows\System\VYibvWw.exe

C:\Windows\System\JfpfsCU.exe

C:\Windows\System\JfpfsCU.exe

C:\Windows\System\BTvmCzr.exe

C:\Windows\System\BTvmCzr.exe

C:\Windows\System\RRxydHK.exe

C:\Windows\System\RRxydHK.exe

C:\Windows\System\DmeOjlW.exe

C:\Windows\System\DmeOjlW.exe

C:\Windows\System\JDmavEa.exe

C:\Windows\System\JDmavEa.exe

C:\Windows\System\aPAUhGW.exe

C:\Windows\System\aPAUhGW.exe

C:\Windows\System\ZVgTfjC.exe

C:\Windows\System\ZVgTfjC.exe

C:\Windows\System\DMlUeYh.exe

C:\Windows\System\DMlUeYh.exe

C:\Windows\System\VfLmHMd.exe

C:\Windows\System\VfLmHMd.exe

C:\Windows\System\kQraard.exe

C:\Windows\System\kQraard.exe

C:\Windows\System\cAReRsk.exe

C:\Windows\System\cAReRsk.exe

C:\Windows\System\CVzYnEY.exe

C:\Windows\System\CVzYnEY.exe

C:\Windows\System\QgjxaYd.exe

C:\Windows\System\QgjxaYd.exe

C:\Windows\System\qjeiezZ.exe

C:\Windows\System\qjeiezZ.exe

C:\Windows\System\CRFbSJh.exe

C:\Windows\System\CRFbSJh.exe

C:\Windows\System\WOJygoV.exe

C:\Windows\System\WOJygoV.exe

C:\Windows\System\JauqpPX.exe

C:\Windows\System\JauqpPX.exe

C:\Windows\System\dVAgvPH.exe

C:\Windows\System\dVAgvPH.exe

C:\Windows\System\SLAELiD.exe

C:\Windows\System\SLAELiD.exe

C:\Windows\System\OivXsNT.exe

C:\Windows\System\OivXsNT.exe

C:\Windows\System\WfLKeRg.exe

C:\Windows\System\WfLKeRg.exe

C:\Windows\System\wwtJnAq.exe

C:\Windows\System\wwtJnAq.exe

C:\Windows\System\mjUJdSA.exe

C:\Windows\System\mjUJdSA.exe

C:\Windows\System\TQmXpYN.exe

C:\Windows\System\TQmXpYN.exe

C:\Windows\System\EYLcysF.exe

C:\Windows\System\EYLcysF.exe

C:\Windows\System\ElkbdIN.exe

C:\Windows\System\ElkbdIN.exe

C:\Windows\System\dOlKMVq.exe

C:\Windows\System\dOlKMVq.exe

C:\Windows\System\BBZoafL.exe

C:\Windows\System\BBZoafL.exe

C:\Windows\System\CAeJpah.exe

C:\Windows\System\CAeJpah.exe

C:\Windows\System\IPeHbbV.exe

C:\Windows\System\IPeHbbV.exe

C:\Windows\System\TKHFdyW.exe

C:\Windows\System\TKHFdyW.exe

C:\Windows\System\pclMcfU.exe

C:\Windows\System\pclMcfU.exe

C:\Windows\System\QikhCpp.exe

C:\Windows\System\QikhCpp.exe

C:\Windows\System\RIJQLUZ.exe

C:\Windows\System\RIJQLUZ.exe

C:\Windows\System\EBSyfKI.exe

C:\Windows\System\EBSyfKI.exe

C:\Windows\System\CVwmPYA.exe

C:\Windows\System\CVwmPYA.exe

C:\Windows\System\pqxdkIn.exe

C:\Windows\System\pqxdkIn.exe

C:\Windows\System\VkcTcOR.exe

C:\Windows\System\VkcTcOR.exe

C:\Windows\System\EQPipnH.exe

C:\Windows\System\EQPipnH.exe

C:\Windows\System\zZSmgVN.exe

C:\Windows\System\zZSmgVN.exe

C:\Windows\System\OisSGdk.exe

C:\Windows\System\OisSGdk.exe

C:\Windows\System\CUACHUP.exe

C:\Windows\System\CUACHUP.exe

C:\Windows\System\fOvZpeN.exe

C:\Windows\System\fOvZpeN.exe

C:\Windows\System\SHUWNfi.exe

C:\Windows\System\SHUWNfi.exe

C:\Windows\System\lVBnVSX.exe

C:\Windows\System\lVBnVSX.exe

C:\Windows\System\mdMixPQ.exe

C:\Windows\System\mdMixPQ.exe

C:\Windows\System\mgBvnkk.exe

C:\Windows\System\mgBvnkk.exe

C:\Windows\System\HsdoSFj.exe

C:\Windows\System\HsdoSFj.exe

C:\Windows\System\BSUxMyT.exe

C:\Windows\System\BSUxMyT.exe

C:\Windows\System\WCYngnA.exe

C:\Windows\System\WCYngnA.exe

C:\Windows\System\XYCGyZb.exe

C:\Windows\System\XYCGyZb.exe

C:\Windows\System\EoFECXS.exe

C:\Windows\System\EoFECXS.exe

C:\Windows\System\mqJUmYB.exe

C:\Windows\System\mqJUmYB.exe

C:\Windows\System\yTsoJAF.exe

C:\Windows\System\yTsoJAF.exe

C:\Windows\System\sHGvwqp.exe

C:\Windows\System\sHGvwqp.exe

C:\Windows\System\bgqivyO.exe

C:\Windows\System\bgqivyO.exe

C:\Windows\System\nftuQYa.exe

C:\Windows\System\nftuQYa.exe

C:\Windows\System\EoxEdDw.exe

C:\Windows\System\EoxEdDw.exe

C:\Windows\System\bbpdfnu.exe

C:\Windows\System\bbpdfnu.exe

C:\Windows\System\QZOyqnu.exe

C:\Windows\System\QZOyqnu.exe

C:\Windows\System\rJIJMBY.exe

C:\Windows\System\rJIJMBY.exe

C:\Windows\System\UQJlExT.exe

C:\Windows\System\UQJlExT.exe

C:\Windows\System\kQeoCGF.exe

C:\Windows\System\kQeoCGF.exe

C:\Windows\System\tNrUMax.exe

C:\Windows\System\tNrUMax.exe

C:\Windows\System\GfxjWIy.exe

C:\Windows\System\GfxjWIy.exe

C:\Windows\System\DJSjPBJ.exe

C:\Windows\System\DJSjPBJ.exe

C:\Windows\System\qfYkyVx.exe

C:\Windows\System\qfYkyVx.exe

C:\Windows\System\bVSJQBd.exe

C:\Windows\System\bVSJQBd.exe

C:\Windows\System\yezfkmh.exe

C:\Windows\System\yezfkmh.exe

C:\Windows\System\FYlFnSH.exe

C:\Windows\System\FYlFnSH.exe

C:\Windows\System\DETRUaU.exe

C:\Windows\System\DETRUaU.exe

C:\Windows\System\UsXoLdZ.exe

C:\Windows\System\UsXoLdZ.exe

C:\Windows\System\qjrqMln.exe

C:\Windows\System\qjrqMln.exe

C:\Windows\System\IrrHMsp.exe

C:\Windows\System\IrrHMsp.exe

C:\Windows\System\oockNfM.exe

C:\Windows\System\oockNfM.exe

C:\Windows\System\CuioUdr.exe

C:\Windows\System\CuioUdr.exe

C:\Windows\System\HuHRkDr.exe

C:\Windows\System\HuHRkDr.exe

C:\Windows\System\MBcETqR.exe

C:\Windows\System\MBcETqR.exe

C:\Windows\System\zlVpUce.exe

C:\Windows\System\zlVpUce.exe

C:\Windows\System\omijRfF.exe

C:\Windows\System\omijRfF.exe

C:\Windows\System\upNKKpF.exe

C:\Windows\System\upNKKpF.exe

C:\Windows\System\zGaxulm.exe

C:\Windows\System\zGaxulm.exe

C:\Windows\System\hzzaJqc.exe

C:\Windows\System\hzzaJqc.exe

C:\Windows\System\dThBTLS.exe

C:\Windows\System\dThBTLS.exe

C:\Windows\System\UpxfkCp.exe

C:\Windows\System\UpxfkCp.exe

C:\Windows\System\AbZFduJ.exe

C:\Windows\System\AbZFduJ.exe

C:\Windows\System\rfjuuXh.exe

C:\Windows\System\rfjuuXh.exe

C:\Windows\System\LfJgvAE.exe

C:\Windows\System\LfJgvAE.exe

C:\Windows\System\RoyVbhZ.exe

C:\Windows\System\RoyVbhZ.exe

C:\Windows\System\TtqLhIa.exe

C:\Windows\System\TtqLhIa.exe

C:\Windows\System\KEjmvOj.exe

C:\Windows\System\KEjmvOj.exe

C:\Windows\System\hyTVmEf.exe

C:\Windows\System\hyTVmEf.exe

C:\Windows\System\DaLmMZf.exe

C:\Windows\System\DaLmMZf.exe

C:\Windows\System\CmhfvAp.exe

C:\Windows\System\CmhfvAp.exe

C:\Windows\System\lujYTVp.exe

C:\Windows\System\lujYTVp.exe

C:\Windows\System\vEfHjfQ.exe

C:\Windows\System\vEfHjfQ.exe

C:\Windows\System\vuIZktP.exe

C:\Windows\System\vuIZktP.exe

C:\Windows\System\NyzwuPX.exe

C:\Windows\System\NyzwuPX.exe

C:\Windows\System\LRLKzkV.exe

C:\Windows\System\LRLKzkV.exe

C:\Windows\System\OWBuxrw.exe

C:\Windows\System\OWBuxrw.exe

C:\Windows\System\QdccYyg.exe

C:\Windows\System\QdccYyg.exe

C:\Windows\System\zvpDXIs.exe

C:\Windows\System\zvpDXIs.exe

C:\Windows\System\lTkDJot.exe

C:\Windows\System\lTkDJot.exe

C:\Windows\System\rpkClDm.exe

C:\Windows\System\rpkClDm.exe

C:\Windows\System\fUkypkQ.exe

C:\Windows\System\fUkypkQ.exe

C:\Windows\System\KVeQfAt.exe

C:\Windows\System\KVeQfAt.exe

C:\Windows\System\HQGSpTW.exe

C:\Windows\System\HQGSpTW.exe

C:\Windows\System\dUGBhFd.exe

C:\Windows\System\dUGBhFd.exe

C:\Windows\System\PxusHHe.exe

C:\Windows\System\PxusHHe.exe

C:\Windows\System\DzrCxnL.exe

C:\Windows\System\DzrCxnL.exe

C:\Windows\System\PCyRvdv.exe

C:\Windows\System\PCyRvdv.exe

C:\Windows\System\DfEnKUS.exe

C:\Windows\System\DfEnKUS.exe

C:\Windows\System\dRCBFtu.exe

C:\Windows\System\dRCBFtu.exe

C:\Windows\System\ufVTKuU.exe

C:\Windows\System\ufVTKuU.exe

C:\Windows\System\oUPyvGz.exe

C:\Windows\System\oUPyvGz.exe

C:\Windows\System\DIjreAm.exe

C:\Windows\System\DIjreAm.exe

C:\Windows\System\SXJXeJZ.exe

C:\Windows\System\SXJXeJZ.exe

C:\Windows\System\hPfsLAp.exe

C:\Windows\System\hPfsLAp.exe

C:\Windows\System\jTEaBEv.exe

C:\Windows\System\jTEaBEv.exe

C:\Windows\System\uEhDOsr.exe

C:\Windows\System\uEhDOsr.exe

C:\Windows\System\WaNnPcQ.exe

C:\Windows\System\WaNnPcQ.exe

C:\Windows\System\kcshOeL.exe

C:\Windows\System\kcshOeL.exe

C:\Windows\System\siHVuOh.exe

C:\Windows\System\siHVuOh.exe

C:\Windows\System\YfPJpFa.exe

C:\Windows\System\YfPJpFa.exe

C:\Windows\System\PkZSwyL.exe

C:\Windows\System\PkZSwyL.exe

C:\Windows\System\QbDHuiq.exe

C:\Windows\System\QbDHuiq.exe

C:\Windows\System\WimMuEW.exe

C:\Windows\System\WimMuEW.exe

C:\Windows\System\xtnhySM.exe

C:\Windows\System\xtnhySM.exe

C:\Windows\System\TfQpcAb.exe

C:\Windows\System\TfQpcAb.exe

C:\Windows\System\pzfyumr.exe

C:\Windows\System\pzfyumr.exe

C:\Windows\System\bPSGAjJ.exe

C:\Windows\System\bPSGAjJ.exe

C:\Windows\System\QURtAbP.exe

C:\Windows\System\QURtAbP.exe

C:\Windows\System\iclUbQB.exe

C:\Windows\System\iclUbQB.exe

C:\Windows\System\rcNFHiP.exe

C:\Windows\System\rcNFHiP.exe

C:\Windows\System\OUjhAwK.exe

C:\Windows\System\OUjhAwK.exe

C:\Windows\System\omFoQln.exe

C:\Windows\System\omFoQln.exe

C:\Windows\System\YAMXJAW.exe

C:\Windows\System\YAMXJAW.exe

C:\Windows\System\JmCllAL.exe

C:\Windows\System\JmCllAL.exe

C:\Windows\System\QnfUymC.exe

C:\Windows\System\QnfUymC.exe

C:\Windows\System\bpEpYUK.exe

C:\Windows\System\bpEpYUK.exe

C:\Windows\System\sDoNTOk.exe

C:\Windows\System\sDoNTOk.exe

C:\Windows\System\WOhahtG.exe

C:\Windows\System\WOhahtG.exe

C:\Windows\System\NVLsWUv.exe

C:\Windows\System\NVLsWUv.exe

C:\Windows\System\ptyoruT.exe

C:\Windows\System\ptyoruT.exe

C:\Windows\System\kFuNHFc.exe

C:\Windows\System\kFuNHFc.exe

C:\Windows\System\yrFJYpx.exe

C:\Windows\System\yrFJYpx.exe

C:\Windows\System\fWhYskT.exe

C:\Windows\System\fWhYskT.exe

C:\Windows\System\CYwhNAk.exe

C:\Windows\System\CYwhNAk.exe

C:\Windows\System\OVaDKwg.exe

C:\Windows\System\OVaDKwg.exe

C:\Windows\System\bVMwgQu.exe

C:\Windows\System\bVMwgQu.exe

C:\Windows\System\wQwkbCi.exe

C:\Windows\System\wQwkbCi.exe

C:\Windows\System\ahYsqlK.exe

C:\Windows\System\ahYsqlK.exe

C:\Windows\System\ANLvopq.exe

C:\Windows\System\ANLvopq.exe

C:\Windows\System\HfbdzaL.exe

C:\Windows\System\HfbdzaL.exe

C:\Windows\System\OUJmLXr.exe

C:\Windows\System\OUJmLXr.exe

C:\Windows\System\bPrXImX.exe

C:\Windows\System\bPrXImX.exe

C:\Windows\System\HXdvBYs.exe

C:\Windows\System\HXdvBYs.exe

C:\Windows\System\ITlPTsX.exe

C:\Windows\System\ITlPTsX.exe

C:\Windows\System\QCcYkKY.exe

C:\Windows\System\QCcYkKY.exe

C:\Windows\System\QAyOYQq.exe

C:\Windows\System\QAyOYQq.exe

C:\Windows\System\rbWVBOg.exe

C:\Windows\System\rbWVBOg.exe

C:\Windows\System\TVPaBVF.exe

C:\Windows\System\TVPaBVF.exe

C:\Windows\System\lJPOYWt.exe

C:\Windows\System\lJPOYWt.exe

C:\Windows\System\sgwDnYZ.exe

C:\Windows\System\sgwDnYZ.exe

C:\Windows\System\RWQKpgs.exe

C:\Windows\System\RWQKpgs.exe

C:\Windows\System\pUSznPM.exe

C:\Windows\System\pUSznPM.exe

C:\Windows\System\PDQuQjn.exe

C:\Windows\System\PDQuQjn.exe

C:\Windows\System\zRuWAXW.exe

C:\Windows\System\zRuWAXW.exe

C:\Windows\System\JHXkYbo.exe

C:\Windows\System\JHXkYbo.exe

C:\Windows\System\wfxDlTJ.exe

C:\Windows\System\wfxDlTJ.exe

C:\Windows\System\CkMTWoJ.exe

C:\Windows\System\CkMTWoJ.exe

C:\Windows\System\xTThYtM.exe

C:\Windows\System\xTThYtM.exe

C:\Windows\System\YzmvnZE.exe

C:\Windows\System\YzmvnZE.exe

C:\Windows\System\KTHCZHP.exe

C:\Windows\System\KTHCZHP.exe

C:\Windows\System\pBNxaJC.exe

C:\Windows\System\pBNxaJC.exe

C:\Windows\System\KpyBisD.exe

C:\Windows\System\KpyBisD.exe

C:\Windows\System\FZCqlGJ.exe

C:\Windows\System\FZCqlGJ.exe

C:\Windows\System\AFYqsvv.exe

C:\Windows\System\AFYqsvv.exe

C:\Windows\System\YqPdgIx.exe

C:\Windows\System\YqPdgIx.exe

C:\Windows\System\gkgjmgH.exe

C:\Windows\System\gkgjmgH.exe

C:\Windows\System\xnFtsGv.exe

C:\Windows\System\xnFtsGv.exe

C:\Windows\System\cOPDKBz.exe

C:\Windows\System\cOPDKBz.exe

C:\Windows\System\HosfVFU.exe

C:\Windows\System\HosfVFU.exe

C:\Windows\System\tTlvtIS.exe

C:\Windows\System\tTlvtIS.exe

C:\Windows\System\NhDWlLy.exe

C:\Windows\System\NhDWlLy.exe

C:\Windows\System\pvRMmAW.exe

C:\Windows\System\pvRMmAW.exe

C:\Windows\System\oMtpbih.exe

C:\Windows\System\oMtpbih.exe

C:\Windows\System\Mceqndm.exe

C:\Windows\System\Mceqndm.exe

C:\Windows\System\TOjbJIJ.exe

C:\Windows\System\TOjbJIJ.exe

C:\Windows\System\zEwNBzn.exe

C:\Windows\System\zEwNBzn.exe

C:\Windows\System\WhNJBVj.exe

C:\Windows\System\WhNJBVj.exe

C:\Windows\System\EoohRnV.exe

C:\Windows\System\EoohRnV.exe

C:\Windows\System\mEhBxXJ.exe

C:\Windows\System\mEhBxXJ.exe

C:\Windows\System\tKLzUhd.exe

C:\Windows\System\tKLzUhd.exe

C:\Windows\System\WelXIqw.exe

C:\Windows\System\WelXIqw.exe

C:\Windows\System\WQNjfst.exe

C:\Windows\System\WQNjfst.exe

C:\Windows\System\ZJbEyPI.exe

C:\Windows\System\ZJbEyPI.exe

C:\Windows\System\hfGFTTc.exe

C:\Windows\System\hfGFTTc.exe

C:\Windows\System\rguGvMB.exe

C:\Windows\System\rguGvMB.exe

C:\Windows\System\IScbzjj.exe

C:\Windows\System\IScbzjj.exe

C:\Windows\System\mFwdRBc.exe

C:\Windows\System\mFwdRBc.exe

C:\Windows\System\PWblFec.exe

C:\Windows\System\PWblFec.exe

C:\Windows\System\fUyZfWX.exe

C:\Windows\System\fUyZfWX.exe

C:\Windows\System\OskVDFl.exe

C:\Windows\System\OskVDFl.exe

C:\Windows\System\RjBhQbf.exe

C:\Windows\System\RjBhQbf.exe

C:\Windows\System\bWncFKa.exe

C:\Windows\System\bWncFKa.exe

C:\Windows\System\vSnRvMY.exe

C:\Windows\System\vSnRvMY.exe

C:\Windows\System\VKXQDfa.exe

C:\Windows\System\VKXQDfa.exe

C:\Windows\System\HBdVOQT.exe

C:\Windows\System\HBdVOQT.exe

C:\Windows\System\uGjaVgV.exe

C:\Windows\System\uGjaVgV.exe

C:\Windows\System\NYEdbGd.exe

C:\Windows\System\NYEdbGd.exe

C:\Windows\System\LaqSOYj.exe

C:\Windows\System\LaqSOYj.exe

C:\Windows\System\XsojuWq.exe

C:\Windows\System\XsojuWq.exe

C:\Windows\System\dZADLrN.exe

C:\Windows\System\dZADLrN.exe

C:\Windows\System\XZjsPMH.exe

C:\Windows\System\XZjsPMH.exe

C:\Windows\System\wWQEbPu.exe

C:\Windows\System\wWQEbPu.exe

C:\Windows\System\oWfPgTS.exe

C:\Windows\System\oWfPgTS.exe

C:\Windows\System\VFlxdvo.exe

C:\Windows\System\VFlxdvo.exe

C:\Windows\System\KwXRolk.exe

C:\Windows\System\KwXRolk.exe

C:\Windows\System\uRxCuUX.exe

C:\Windows\System\uRxCuUX.exe

C:\Windows\System\vqmMztC.exe

C:\Windows\System\vqmMztC.exe

C:\Windows\System\wYovBmb.exe

C:\Windows\System\wYovBmb.exe

C:\Windows\System\MPkndvT.exe

C:\Windows\System\MPkndvT.exe

C:\Windows\System\QSZkRly.exe

C:\Windows\System\QSZkRly.exe

C:\Windows\System\NwZseXv.exe

C:\Windows\System\NwZseXv.exe

C:\Windows\System\RYdtnmk.exe

C:\Windows\System\RYdtnmk.exe

C:\Windows\System\yrgFmaj.exe

C:\Windows\System\yrgFmaj.exe

C:\Windows\System\euKhYYt.exe

C:\Windows\System\euKhYYt.exe

C:\Windows\System\pCcUTni.exe

C:\Windows\System\pCcUTni.exe

C:\Windows\System\ysnjcSv.exe

C:\Windows\System\ysnjcSv.exe

C:\Windows\System\qnOeLwW.exe

C:\Windows\System\qnOeLwW.exe

C:\Windows\System\mPFxviv.exe

C:\Windows\System\mPFxviv.exe

C:\Windows\System\QzAjhIB.exe

C:\Windows\System\QzAjhIB.exe

C:\Windows\System\SRLATdk.exe

C:\Windows\System\SRLATdk.exe

C:\Windows\System\lrULJaK.exe

C:\Windows\System\lrULJaK.exe

C:\Windows\System\eyuPTAn.exe

C:\Windows\System\eyuPTAn.exe

C:\Windows\System\sULDIrE.exe

C:\Windows\System\sULDIrE.exe

C:\Windows\System\xOiJrPi.exe

C:\Windows\System\xOiJrPi.exe

C:\Windows\System\stCvooh.exe

C:\Windows\System\stCvooh.exe

C:\Windows\System\QqpUgJe.exe

C:\Windows\System\QqpUgJe.exe

C:\Windows\System\DBkdUqQ.exe

C:\Windows\System\DBkdUqQ.exe

C:\Windows\System\HAcuJgi.exe

C:\Windows\System\HAcuJgi.exe

C:\Windows\System\iHAESqO.exe

C:\Windows\System\iHAESqO.exe

C:\Windows\System\qgTNkLv.exe

C:\Windows\System\qgTNkLv.exe

C:\Windows\System\ThJqaFQ.exe

C:\Windows\System\ThJqaFQ.exe

C:\Windows\System\pUvpPrL.exe

C:\Windows\System\pUvpPrL.exe

C:\Windows\System\EKquQQx.exe

C:\Windows\System\EKquQQx.exe

C:\Windows\System\nBsDKTr.exe

C:\Windows\System\nBsDKTr.exe

C:\Windows\System\OtLbvpl.exe

C:\Windows\System\OtLbvpl.exe

C:\Windows\System\zsRwdoC.exe

C:\Windows\System\zsRwdoC.exe

C:\Windows\System\PQjYMyg.exe

C:\Windows\System\PQjYMyg.exe

C:\Windows\System\RPMQsfL.exe

C:\Windows\System\RPMQsfL.exe

C:\Windows\System\uvILrrk.exe

C:\Windows\System\uvILrrk.exe

C:\Windows\System\BnqqqJf.exe

C:\Windows\System\BnqqqJf.exe

C:\Windows\System\edehLcw.exe

C:\Windows\System\edehLcw.exe

C:\Windows\System\dtZZVRJ.exe

C:\Windows\System\dtZZVRJ.exe

C:\Windows\System\uCfSZBA.exe

C:\Windows\System\uCfSZBA.exe

C:\Windows\System\aKIJWXE.exe

C:\Windows\System\aKIJWXE.exe

C:\Windows\System\xMUAJeN.exe

C:\Windows\System\xMUAJeN.exe

C:\Windows\System\FFfmmbE.exe

C:\Windows\System\FFfmmbE.exe

C:\Windows\System\TgpfrCJ.exe

C:\Windows\System\TgpfrCJ.exe

C:\Windows\System\loXhlMA.exe

C:\Windows\System\loXhlMA.exe

C:\Windows\System\YNjqZvH.exe

C:\Windows\System\YNjqZvH.exe

C:\Windows\System\uCaCkVF.exe

C:\Windows\System\uCaCkVF.exe

C:\Windows\System\CnidoSe.exe

C:\Windows\System\CnidoSe.exe

C:\Windows\System\WXqbkDF.exe

C:\Windows\System\WXqbkDF.exe

C:\Windows\System\MotxuqZ.exe

C:\Windows\System\MotxuqZ.exe

C:\Windows\System\aXONtSF.exe

C:\Windows\System\aXONtSF.exe

C:\Windows\System\VllUBnM.exe

C:\Windows\System\VllUBnM.exe

C:\Windows\System\DcFpRTH.exe

C:\Windows\System\DcFpRTH.exe

C:\Windows\System\zsxPuax.exe

C:\Windows\System\zsxPuax.exe

C:\Windows\System\dGYQDfg.exe

C:\Windows\System\dGYQDfg.exe

C:\Windows\System\glHilhK.exe

C:\Windows\System\glHilhK.exe

C:\Windows\System\jAvNyOA.exe

C:\Windows\System\jAvNyOA.exe

C:\Windows\System\JgXSAdc.exe

C:\Windows\System\JgXSAdc.exe

C:\Windows\System\eNadiWp.exe

C:\Windows\System\eNadiWp.exe

C:\Windows\System\neijrQF.exe

C:\Windows\System\neijrQF.exe

C:\Windows\System\iIUuAXK.exe

C:\Windows\System\iIUuAXK.exe

C:\Windows\System\rvZJiRB.exe

C:\Windows\System\rvZJiRB.exe

C:\Windows\System\VkPMYxM.exe

C:\Windows\System\VkPMYxM.exe

C:\Windows\System\GsoNSge.exe

C:\Windows\System\GsoNSge.exe

C:\Windows\System\AIhOSXK.exe

C:\Windows\System\AIhOSXK.exe

C:\Windows\System\QZRkvcs.exe

C:\Windows\System\QZRkvcs.exe

C:\Windows\System\eYyznIQ.exe

C:\Windows\System\eYyznIQ.exe

C:\Windows\System\dMYEqGf.exe

C:\Windows\System\dMYEqGf.exe

C:\Windows\System\kzcqUQl.exe

C:\Windows\System\kzcqUQl.exe

C:\Windows\System\ptKLIdu.exe

C:\Windows\System\ptKLIdu.exe

C:\Windows\System\buYSAbZ.exe

C:\Windows\System\buYSAbZ.exe

C:\Windows\System\jKPExux.exe

C:\Windows\System\jKPExux.exe

C:\Windows\System\cwuyYhu.exe

C:\Windows\System\cwuyYhu.exe

C:\Windows\System\GUtkReL.exe

C:\Windows\System\GUtkReL.exe

C:\Windows\System\GNZRAHu.exe

C:\Windows\System\GNZRAHu.exe

C:\Windows\System\NMYVKDq.exe

C:\Windows\System\NMYVKDq.exe

C:\Windows\System\OformiX.exe

C:\Windows\System\OformiX.exe

C:\Windows\System\iNNQRxw.exe

C:\Windows\System\iNNQRxw.exe

C:\Windows\System\MTcvMvW.exe

C:\Windows\System\MTcvMvW.exe

C:\Windows\System\srGIqXt.exe

C:\Windows\System\srGIqXt.exe

C:\Windows\System\KQDvMFf.exe

C:\Windows\System\KQDvMFf.exe

C:\Windows\System\SADbUZy.exe

C:\Windows\System\SADbUZy.exe

C:\Windows\System\IiHzVqe.exe

C:\Windows\System\IiHzVqe.exe

C:\Windows\System\jgwKKvy.exe

C:\Windows\System\jgwKKvy.exe

C:\Windows\System\iHCsbon.exe

C:\Windows\System\iHCsbon.exe

C:\Windows\System\tlRCFOc.exe

C:\Windows\System\tlRCFOc.exe

C:\Windows\System\RRQpMif.exe

C:\Windows\System\RRQpMif.exe

C:\Windows\System\aChdqBD.exe

C:\Windows\System\aChdqBD.exe

C:\Windows\System\unnLhLm.exe

C:\Windows\System\unnLhLm.exe

C:\Windows\System\cehLypA.exe

C:\Windows\System\cehLypA.exe

C:\Windows\System\RVcBCwY.exe

C:\Windows\System\RVcBCwY.exe

C:\Windows\System\hHJIeQK.exe

C:\Windows\System\hHJIeQK.exe

C:\Windows\System\KEXscxu.exe

C:\Windows\System\KEXscxu.exe

Network

N/A

Files

memory/2452-0-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2452-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\ugAtHHh.exe

MD5 8a61dce70cf89a6c7bdc60111642f0d1
SHA1 91d3b94725e28d16756e0a90b53a3eb2f273c254
SHA256 6d911f73f67accdef4f8ea6932287304e1415b6b5dd998238e56e132ef93383f
SHA512 0b03e9e42552c93e1f2394b922fd3bc79994d6af44738b207286cfe73e2a037c4b0e2d7f288d4e286698fac764d59caf8b360fe5a061531db24ec56f788d5e82

C:\Windows\system\ORBkYca.exe

MD5 e409fd97c2fa63eb8cefbb2af9cd3cd5
SHA1 2ad36cc24aac6dd9a29a0310f6147d9a84eb02f3
SHA256 0eccf5baba4bddb3749ced3715fb55768a0d7f9d855f382247d31719188747e0
SHA512 080a447fd0fe39755894522a75b379369159c0d8b0e8a1a1a34411c67c60823dd78bc6d15bf447d0a20e6f96e3e0f3c60b255a88e3c3d836e4068abc404bb809

C:\Windows\system\zYhpbqO.exe

MD5 b7f38106d004173daa203597becd6cfb
SHA1 a891ad332cf84dfd215cd1df19393923136fdffa
SHA256 c818bdae1d892f79f1e5dc6668b85f4ed613928567ac9e08431243bcb6d3d02d
SHA512 3af83375d6960a2303f9002c65eaf9830f201fa08523ed1b81a4d7f8c845d3f69f8662596207c3ec19490c6f00c30c107268e320c9f356ef51c9dabe22f4468b

memory/2664-24-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2956-48-0x000000013FB40000-0x000000013FE94000-memory.dmp

C:\Windows\system\byCOIHu.exe

MD5 e182099d5da79065259fc44a1f84766e
SHA1 dd4d832ce27d0863d32ea08d281ca4483d7eb85e
SHA256 9b4ea964e8adb0cdaa7edaaf8afa13b48103cb6a8bbd3514bf961ccf6c1f7dcb
SHA512 0a92528f400c2c760abcd84edbb43b1db806241a056c1d3e5de15b500093b83f3ce16eef5e373ef51cbc5ab3614becc953816a15b28bda83fbc26af66cced84a

C:\Windows\system\NkRLCyB.exe

MD5 cda93b7712f0b6a67ebc74df82428727
SHA1 c45c717960c044b23a53e5e63ce58a89837233d1
SHA256 33dbcbb8b3e42cf7b35c9009f338d92cf38912fa65bb6f01bb60e481c25947d1
SHA512 b3a6f3443d70a4d01fe3329eb73e75cb448da8c2a67af25f3a711ab1f3752998b49e3fd5b56571f90cbe31196993c4a8ebb9b1700ad286bd081bbe731f3da20d

memory/2604-71-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/2452-72-0x0000000002110000-0x0000000002464000-memory.dmp

memory/3044-76-0x000000013FB80000-0x000000013FED4000-memory.dmp

C:\Windows\system\XmipvBp.exe

MD5 7d0bc98bedd0a000cac288dde98c020f
SHA1 b4ba7b1e431435a93378878c326af0710fdea53c
SHA256 89e2f4ca9611f43c069da838af3e82fd0c03c3dc5f41938cd7fc34226eb4d0d3
SHA512 4b1e716f90962f884929e318cc009b37489358bfeb647156f11d49200f9b3970b2c9bce5f03ed3da2b497db531689f4de5d09567804109edfb8a01b515f1b1b4

C:\Windows\system\zZuOIoC.exe

MD5 6fb7671d96b61f8421ffedfa229171f0
SHA1 754336a5f2e10d400170a235f941362725f61a37
SHA256 3da6ae6c15fc1cefc84f264731665ba4d4a71a5b1402be4c692629594b0e3859
SHA512 ddb681a71a05239cb456c8b2e2748b6396029270548103d57064a559695be32305dfcad48d838c33ab915c9e3d069d8ea2123c9a58ce062380d17910813712e3

memory/2268-81-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

\Windows\system\qwzimtq.exe

MD5 e4c51af28697b2c894a0820c31f20b76
SHA1 42f746a3796210e99236e2527d2a19a9d1e3f561
SHA256 f247e3ba1eae57b94eeef206ce7e98924e1a357bd60cf424d3cd69b06d4b55a2
SHA512 80004c8daed27dcdbfbcfbc5c32d92ded37aa859a3c3895298259e415da734113f3d6d92c3ea60932e2c72b2d8e629f30ade8ffc4565f715fbf86912d04f7c81

memory/2088-87-0x000000013FD40000-0x0000000140094000-memory.dmp

C:\Windows\system\zcQKHrK.exe

MD5 8557ba4bc1cf9becf367ca0dec62fe05
SHA1 45c8cff6897feeeff1a9b99bc5b4ba2bd9f54a8a
SHA256 33be33d2feffbedc536296f20ef01f7434a97db6a2b602b91d255c8b71e760bf
SHA512 12d86d41eef064a218e9ea2f60c6d06e7c89ca8a1458b0ddeeaa1fdf9303bbd60a18510b4aa095c272fb9e8f5d8b26593f84d191f36e5f715a2c69dd94beddfa

memory/772-98-0x000000013F820000-0x000000013FB74000-memory.dmp

C:\Windows\system\OMaVBbs.exe

MD5 c044b98cfea901e3eda18ec487562191
SHA1 b0b51d5c1f64357a4b3441ca7abd3fb18185538f
SHA256 766993f54edba89a1238c99feed923de702c6eee1bb8788a82fdbdfeab528782
SHA512 30538ca0807b71fc1d853ea30458e5896731b6b747aada4ea52c807ba37d55b3d951642648107b7c939f2b2acc5391d612b52a8a6003b26e490151bf1de46c6b

C:\Windows\system\qCQycOw.exe

MD5 5291fede6b6d079b398a3fe4009d5331
SHA1 1ae518d151481fc4406febc071214981433d7e58
SHA256 16ba40b1e19844f8705a5f185621715b5a859fd540f9e97305a7300225d98555
SHA512 1d4bc27bee065cdb0d281592827d5cdd2f1252d909a1897bd3ba1427e232812481b125adec37fd083071bf103d220c1513747fe655c87b74c60a5d38767eaf0f

memory/2532-724-0x000000013F1C0000-0x000000013F514000-memory.dmp

\Windows\system\YRlUpAO.exe

MD5 b608ebcab8813e0574e04d2d334db0a2
SHA1 238fd01e166ea5f5f0e5cebbd0ce0f2870d9eb48
SHA256 5685a376bc98a6da4132e6fb49ae1e764bd9c130595bb955e62fc12219b8299f
SHA512 a54b833e067a99d117ba0d2324d71b9b7ceb84b45582d17b865e921af8cc17f987784a85167c50d3678eb397ad9518d6fce76be2a07f3536d900f01fd8a78a2c

\Windows\system\RYmOvAP.exe

MD5 7624730d197e17917fc117c74c06ddd2
SHA1 4c26f7739a78c6582f5d559b25612a41aaa87558
SHA256 e20e6bfd35a7b241327f015e441bc93b1203595aa0ef635da02b279a05e570ac
SHA512 795dd3c4e51506b95d7016282c73f6d3309bf3ddb9bca38c4fd647db87dd8d32b2797a41ccc3eaa028aa7cdb27823b7ef876295af40a848bb7180212d792c536

C:\Windows\system\DvImChk.exe

MD5 8a41f6a4d10cfa9ac67535d095907ad2
SHA1 172b1a5f28b09d5a3cf712ca7a2b3245f77f05cf
SHA256 57be95ebf68d36eb32ab82faf913f6aa83a4a14cb451ed9da3d3a7aaf34d5c60
SHA512 249400f51a829bd4143be9882672add248b95b94f9a401ff798537d9cf419b4189719ee46fbebf1b44b3388f1d23f565aed6243447ec28e2cfe13581e23f4a04

C:\Windows\system\UiQhOON.exe

MD5 718d8671ee471b4032f5931ae9328762
SHA1 984d007fd0bfb19e4bbd42725a6eccb5809ecf64
SHA256 c42da444a0005bacd1da8700c7dabee3331b41eeecd520d37c2b0b60cefd6da0
SHA512 2ebc4db72a6e2d48817f5e725a2aee09e85480a575e3cbb16382b2adf13b6cd496c5a760d56f26e2be2401bf651d7a83e91891a302629adf6f4780998e8a1767

C:\Windows\system\kPFJFMr.exe

MD5 69d31efeb924f6ce8af4d275c80b8f76
SHA1 0dccf4396f235fb79af79fbfe67398e34ed3000d
SHA256 7bfae392dc47bcb0cd0ca68e5760ee36f50dc014736957922f09bf2721df1b84
SHA512 02a1b33916488bcc5ae6d0a04845031c61633b60d42ded0d16d6204aa180fd16e394c6fae72522afa61afa6e96c8d55e73ce3110768edb8a54793c131d0d6fec

C:\Windows\system\syhvXmg.exe

MD5 1a64a0dc679a86340fdd48376c7ace77
SHA1 b3e71dada8df3fef731b2f5828862e0b12636e67
SHA256 773db9db494a18735bca9b841b6e8af2eeb6a6d69c95a9b66472eab2668564c8
SHA512 e16eae41575d5c44a62ca5ef439b566177ac31dbcea53f5637bc9cecadd743470a1af84ff7e9fe3ae753000f287af49f0e496a1002684a4aeee07ee7b9c05b89

C:\Windows\system\LYFKVNp.exe

MD5 072e9d8a1dcdbb7b2f80ab845d2113bd
SHA1 b454f54d3c67c9ca0954b63e4c1c3b2090ba69dd
SHA256 ec9ec2d02ff5a764d2bf8e23091b7f89ea53f43e39471be317cb5e3772c1ec68
SHA512 663859595bf32651ec94560faa4aa7c1f28d7a6ce4fe8fb320e586e3eda7dbaeff339a12eec0f5aaec96bb0cfee5535d912e71d916b5bec9b1dd0d1d7dfd418d

C:\Windows\system\pAwwGcY.exe

MD5 ad06f60e58a05c7ed6be8cc20957aadb
SHA1 12700e68a7b0632879031fff932bb38f9dd407e5
SHA256 509a93f4fad159bab00a1b2583d919795341aaf8a0cefcdea1a254cb43690623
SHA512 64d4cea179656152d9a46d6f71e4951a9309665a65263a9c92e468f16b1867aa9d535cb953a43a5ddeb9fdf825f3094b6b178c8c9e753961ee2ca4e8309d16a6

C:\Windows\system\vcujauW.exe

MD5 0a20d781ab069cfe0f53d72972bf4994
SHA1 fdefd88cd53b75acb24b0ef783103447dac351a6
SHA256 9bb7e0559a1a1b6255629bc7191b8490938d8aadb585a0191ef117584fbcfcf8
SHA512 1550481548ea38a3e7d6f15c4584d8e824a47eb99bb23abd65f64e3edae10fa0163d84361357c63e69929e76b2fd73de98b4b70eeffe1f54aa604ce4d8cf3f7f

C:\Windows\system\sPvnAQZ.exe

MD5 30bfe0461247c711b95bd3edfa7a3cc6
SHA1 582ca926606ca94db07600293846b766f8c67c93
SHA256 16363e251220e702842d2da0c9106b3db20f39af56cec6433c3a269a5ff3a223
SHA512 82a3e0fc3b5ffbccd7d65c6a4c6e23e2c10d6e991e7e36fecf09f2e4dd9e09ddccf8f3dc3040ab1e88255e09520919927978a494e3d17f8477e7789b42da37bd

C:\Windows\system\emMLnWe.exe

MD5 80ad04d013d8f798bcf411efeee5ad8f
SHA1 c1f07984f4f2b22b84f60f3efc79bdf5836e380f
SHA256 d1acd26524d636c807b1c5fa40d6edf5a0244437971a93cec197a0013a7c8fbe
SHA512 6d8eb7a849aa2c4130111bce0a8fb3932645f05f4e7fdd835b105eb4fabd2bc7842a6a183f02d741beb472ad2ee1ebc545c9fea585443196c966469aac8bf9ea

C:\Windows\system\bsRnZzX.exe

MD5 5691bb7db0fe57453fc8f986f92e220e
SHA1 fbed7dbaf151544b5ded43fdf4ffe6451259e1a6
SHA256 efe74d6603cb113654df2b403e2a3c43b8b40a1e8ab8b4642d630426f1921250
SHA512 217e2850c24cc2b53d35b7b5148527e6f552b65b041bd3ca09e015e388d241284639ef95e2307201d84c989dc8cd1013d2142b7df363355d5724e5d8c6d8e913

C:\Windows\system\aYptTgN.exe

MD5 73e9dd054bc2f124dacca9e9a057d536
SHA1 433bb09aa2fe9798d32e77d778d36b7b21b64d04
SHA256 6a19073576ac7164a6211122df5a78ba873413f5eb311bc5ee09f82b4fc38089
SHA512 d4ebcde17e8421b2195ef04d623719f8e7101b878924c246988c0b5dab4e9455406fa32152c4513ed724c69642801ee4f7237c0cbbc15190f0f3b3fbb2c620c7

C:\Windows\system\eWyvnyP.exe

MD5 233808ab49c25e870ff54f106c1c445b
SHA1 0a103b2ade9bf8d6951de474ab0640b72feb6cbd
SHA256 bb7b1bd6c4c1722367d20152e34ebdc593caa403d87cdc48cf8b6ac44e303446
SHA512 4c435f5d299ce4c932063898b1aa2f3dc6304de33dfec40065a9a95a5c911b328897cba38afadf1130c4c9fa73f534576adc9e3c5dc6ff21d14f2d4d7b594fd8

memory/2452-103-0x000000013F750000-0x000000013FAA4000-memory.dmp

C:\Windows\system\WgSCPkr.exe

MD5 8ac9cf4166c9a27a5a03077eee65cfec
SHA1 c871b3c8233ba8fecdfe724bd2903865f1deb8e2
SHA256 0584cbe0dc15d2e656997cc1c3772116c73c97724d6d1fd79260e3a61995a9a4
SHA512 51700a97d87d03fe6c9d3ddab2df7859342ebda194111aea6450afa21f336f5e02c7db8d6804949e5118333fd76e436cfd7d70f8f67e32438646a170b9d19ac5

memory/2452-102-0x000000013FFD0000-0x0000000140324000-memory.dmp

C:\Windows\system\DVaRRhh.exe

MD5 5f9808e9da420542beec426c3e6c13aa
SHA1 1e2c9fd28951e839cc4ca98f209c4fa834585d9f
SHA256 fbd7203bc147238999ae0badc8bec50fc5f5217f449de0addb64bb124e5303fe
SHA512 e9bad7bf4c811acdb818b7c44e07dacf5923a02f597c1731f0db3df0f75acc5447f277a08613a3dc3de57eed23cae8aba2c6492dac409971ffa0e54b8560fb35

memory/2452-97-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2452-96-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2452-95-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2452-86-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2452-61-0x000000013FC40000-0x000000013FF94000-memory.dmp

\Windows\system\aUehbhr.exe

MD5 ac59c91ff650e2c7c0f965fb6ed2976b
SHA1 48737a7d6a31a5f8dd865b1d0e44937a961f7270
SHA256 bc2aab77c3f5d9967e2023e94cf0def15c35fb0774f83607ae71802e618519ab
SHA512 4bac5bcb48d1124bddf10b9bc00ef7a7094ab453783ff70e2631a9e0aefff517e8229292160614606bcf289c48cbc9dc7eae69a142871ed33da9034c0e6c6185

memory/1244-51-0x000000013FAF0000-0x000000013FE44000-memory.dmp

C:\Windows\system\zFdsFEd.exe

MD5 f16f37da500ccee3f6a4873ceee79615
SHA1 adac8b173c3c774cb914469d2da99d853ec90907
SHA256 e5f45fb77ea70eff56f94061613d875c1d04488d937ebb72c8d11583b8685e51
SHA512 31801e0f864d1b006bf4e7710e0a7cc80f5374740acc597ecd9ec095e6f6a267151c5dcd23514e1e23bb8086d56aa3f1cefdba507bebf2f1ef691feed5ca531a

memory/2596-44-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2748-43-0x000000013FA90000-0x000000013FDE4000-memory.dmp

C:\Windows\system\bFOXiqv.exe

MD5 f538038a60d0253b1703871d10c85c82
SHA1 34330bad6829a765c1fd2153110b484d5adfe8fc
SHA256 521aa3069f7ec6e2078f06e97ae7bae93f008fa806076c0d989c1ed4ae78df40
SHA512 aede85ab9ae68ef1c9417253bb972b6699a5d93ed25ac34d8f5e1dae4d8a072d1704e45ff1e8ef20072cf9233b4eca2f45f57e0fc1af2771bae4ba432c31b05c

memory/2452-40-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/2452-39-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2628-35-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2648-78-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2452-75-0x000000013FB80000-0x000000013FED4000-memory.dmp

memory/2396-74-0x000000013FC40000-0x000000013FF94000-memory.dmp

C:\Windows\system\RkyKtis.exe

MD5 451829dcf4d749ae29f01b0d4d0b4a7d
SHA1 a1f9d7315c368284479f06f25c39de00e2ef3f45
SHA256 b7e19d886c6383c35f5a3f8fd0e092227156ab0d535df8a645a9aea03ef0b096
SHA512 9e9cb40c9ab34626672bf04a8b0e6d52404882849d8c9eed2c417fb1db00d277a5ebba078c411330ddc6d319acf4bf19d85644f4add192b9181d7754d7311668

C:\Windows\system\mtUtHYg.exe

MD5 8e451ce9d7a3bde66b8c801add3d395d
SHA1 66e031e9c2798f9a29bea2db31e81036673c64d0
SHA256 ec6bd2eab58d5b05a051733bd62cae9bb684578986db9c72cb368ffb218f518b
SHA512 dfff39d447d2cde7fb894c7dc18fa7d04b103e1d88a6fe5b908fc8a4f090f6759718ca49aa604be6f91e1e134237843c237c033767992133af6cbe56397b1f5e

memory/2532-57-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2452-27-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2452-11-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2452-15-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2452-1249-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2452-1880-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2648-2818-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2268-2972-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

memory/2088-3165-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2452-3307-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2452-3554-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/2664-4019-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2628-4020-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2748-4021-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2596-4022-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/1244-4023-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2956-4024-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2268-4025-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

memory/2604-4026-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/2532-4027-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2088-4028-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2648-4029-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2396-4030-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/772-4031-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/3044-4032-0x000000013FB80000-0x000000013FED4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:50

Reported

2024-06-13 23:52

Platform

win10v2004-20240611-en

Max time kernel

106s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\BsxMkIS.exe N/A
N/A N/A C:\Windows\System\IQpWMaY.exe N/A
N/A N/A C:\Windows\System\QzszJLU.exe N/A
N/A N/A C:\Windows\System\WQQNOfx.exe N/A
N/A N/A C:\Windows\System\HPAMQxs.exe N/A
N/A N/A C:\Windows\System\yUdVrnE.exe N/A
N/A N/A C:\Windows\System\SnoasLM.exe N/A
N/A N/A C:\Windows\System\kbIkHQc.exe N/A
N/A N/A C:\Windows\System\TzRbQtl.exe N/A
N/A N/A C:\Windows\System\ttskUGH.exe N/A
N/A N/A C:\Windows\System\bAqWBXh.exe N/A
N/A N/A C:\Windows\System\RdqjFyJ.exe N/A
N/A N/A C:\Windows\System\DNfOiEW.exe N/A
N/A N/A C:\Windows\System\EvbTTBv.exe N/A
N/A N/A C:\Windows\System\VYDinAm.exe N/A
N/A N/A C:\Windows\System\AhITLff.exe N/A
N/A N/A C:\Windows\System\RZUBfaD.exe N/A
N/A N/A C:\Windows\System\FASMOsF.exe N/A
N/A N/A C:\Windows\System\caLilbj.exe N/A
N/A N/A C:\Windows\System\IPbTgOn.exe N/A
N/A N/A C:\Windows\System\EnEiOqF.exe N/A
N/A N/A C:\Windows\System\ZuifcKJ.exe N/A
N/A N/A C:\Windows\System\uYnTlIW.exe N/A
N/A N/A C:\Windows\System\rWrjDoi.exe N/A
N/A N/A C:\Windows\System\DlSpNkU.exe N/A
N/A N/A C:\Windows\System\HnPzAsL.exe N/A
N/A N/A C:\Windows\System\BmylYuD.exe N/A
N/A N/A C:\Windows\System\pLhBZDG.exe N/A
N/A N/A C:\Windows\System\eexjWEp.exe N/A
N/A N/A C:\Windows\System\uQbQmTL.exe N/A
N/A N/A C:\Windows\System\UUVISEr.exe N/A
N/A N/A C:\Windows\System\zBQvJxp.exe N/A
N/A N/A C:\Windows\System\UHIBJoD.exe N/A
N/A N/A C:\Windows\System\UpYrzpX.exe N/A
N/A N/A C:\Windows\System\bykPvUz.exe N/A
N/A N/A C:\Windows\System\vdpboUn.exe N/A
N/A N/A C:\Windows\System\yeOjDFh.exe N/A
N/A N/A C:\Windows\System\EoGyEjv.exe N/A
N/A N/A C:\Windows\System\ekJjiHh.exe N/A
N/A N/A C:\Windows\System\jQBByzi.exe N/A
N/A N/A C:\Windows\System\uoLMqvQ.exe N/A
N/A N/A C:\Windows\System\GQEiiyt.exe N/A
N/A N/A C:\Windows\System\CxSpJMI.exe N/A
N/A N/A C:\Windows\System\wrWosAu.exe N/A
N/A N/A C:\Windows\System\mPucZMp.exe N/A
N/A N/A C:\Windows\System\Miqepwk.exe N/A
N/A N/A C:\Windows\System\xctyaXc.exe N/A
N/A N/A C:\Windows\System\TsovUUC.exe N/A
N/A N/A C:\Windows\System\YxxISUg.exe N/A
N/A N/A C:\Windows\System\HTKkKbB.exe N/A
N/A N/A C:\Windows\System\zhwUEwc.exe N/A
N/A N/A C:\Windows\System\fWCzNRX.exe N/A
N/A N/A C:\Windows\System\xJpIYNd.exe N/A
N/A N/A C:\Windows\System\LzLAHWV.exe N/A
N/A N/A C:\Windows\System\fNevpzX.exe N/A
N/A N/A C:\Windows\System\xIoPxVw.exe N/A
N/A N/A C:\Windows\System\ZXQjsnm.exe N/A
N/A N/A C:\Windows\System\yYCwcGg.exe N/A
N/A N/A C:\Windows\System\hNUkCtU.exe N/A
N/A N/A C:\Windows\System\cXYTNji.exe N/A
N/A N/A C:\Windows\System\jpkhFOT.exe N/A
N/A N/A C:\Windows\System\EzPiPuJ.exe N/A
N/A N/A C:\Windows\System\likoKNw.exe N/A
N/A N/A C:\Windows\System\ectlBgk.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\pfGJUPH.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\bAqWBXh.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\UvSgcwG.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWSUeJe.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\LXizAiK.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\umAZRRf.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\kXROwsv.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\CBNfrPN.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktrfBEP.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbIkHQc.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\EvbTTBv.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\juTvqjH.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\ecgUHfs.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\RlhEgJX.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\cXYTNji.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\JPrPZEF.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\cceeyPa.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\tcQyWov.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCaUeXj.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDAtazu.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\zvqRtAk.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\bKAixEo.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmTpoSx.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoPHigz.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhlDfob.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\cIOTGvG.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdUftCl.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\nozXLFV.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\JQtyaax.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEZKNTo.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdrFAvP.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\GlFzFAP.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\QNgaUGF.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKSBGkY.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\KqcvWDb.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\UJWhhQv.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\UUVISEr.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\mPucZMp.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\SCXiQjq.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\dFUdMYd.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\iYxgAvi.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\mOroZxb.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\cuKOdAq.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObEmwSX.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\FiGTxiP.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\giTXpgX.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\yfcfAyi.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\DYbRdxw.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\lSPhNXX.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\dxLqcZc.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcPmrxR.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\juYTpVo.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYdgPQm.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\kQGVpKT.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\cizRsCP.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxSpJMI.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZXQjsnm.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRrPSoH.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzszJLU.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\SnoasLM.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\DHDLtwm.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEUSafG.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\nqzuFOv.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A
File created C:\Windows\System\AomUTuh.exe C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4356 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\BsxMkIS.exe
PID 4356 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\BsxMkIS.exe
PID 4356 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\IQpWMaY.exe
PID 4356 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\IQpWMaY.exe
PID 4356 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\QzszJLU.exe
PID 4356 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\QzszJLU.exe
PID 4356 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\WQQNOfx.exe
PID 4356 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\WQQNOfx.exe
PID 4356 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\HPAMQxs.exe
PID 4356 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\HPAMQxs.exe
PID 4356 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\yUdVrnE.exe
PID 4356 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\yUdVrnE.exe
PID 4356 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\SnoasLM.exe
PID 4356 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\SnoasLM.exe
PID 4356 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\kbIkHQc.exe
PID 4356 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\kbIkHQc.exe
PID 4356 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\TzRbQtl.exe
PID 4356 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\TzRbQtl.exe
PID 4356 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ttskUGH.exe
PID 4356 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ttskUGH.exe
PID 4356 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\bAqWBXh.exe
PID 4356 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\bAqWBXh.exe
PID 4356 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\RdqjFyJ.exe
PID 4356 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\RdqjFyJ.exe
PID 4356 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\DNfOiEW.exe
PID 4356 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\DNfOiEW.exe
PID 4356 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\EvbTTBv.exe
PID 4356 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\EvbTTBv.exe
PID 4356 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\caLilbj.exe
PID 4356 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\caLilbj.exe
PID 4356 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\VYDinAm.exe
PID 4356 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\VYDinAm.exe
PID 4356 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\AhITLff.exe
PID 4356 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\AhITLff.exe
PID 4356 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\RZUBfaD.exe
PID 4356 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\RZUBfaD.exe
PID 4356 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\FASMOsF.exe
PID 4356 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\FASMOsF.exe
PID 4356 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\IPbTgOn.exe
PID 4356 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\IPbTgOn.exe
PID 4356 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\EnEiOqF.exe
PID 4356 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\EnEiOqF.exe
PID 4356 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ZuifcKJ.exe
PID 4356 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\ZuifcKJ.exe
PID 4356 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\uYnTlIW.exe
PID 4356 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\uYnTlIW.exe
PID 4356 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\rWrjDoi.exe
PID 4356 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\rWrjDoi.exe
PID 4356 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\DlSpNkU.exe
PID 4356 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\DlSpNkU.exe
PID 4356 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\HnPzAsL.exe
PID 4356 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\HnPzAsL.exe
PID 4356 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\BmylYuD.exe
PID 4356 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\BmylYuD.exe
PID 4356 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\pLhBZDG.exe
PID 4356 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\pLhBZDG.exe
PID 4356 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\eexjWEp.exe
PID 4356 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\eexjWEp.exe
PID 4356 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\uQbQmTL.exe
PID 4356 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\uQbQmTL.exe
PID 4356 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\UUVISEr.exe
PID 4356 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\UUVISEr.exe
PID 4356 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zBQvJxp.exe
PID 4356 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe C:\Windows\System\zBQvJxp.exe

Processes

C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\91448e71a1d75d6d28fe6640c9be8310_NeikiAnalytics.exe"

C:\Windows\System\BsxMkIS.exe

C:\Windows\System\BsxMkIS.exe

C:\Windows\System\IQpWMaY.exe

C:\Windows\System\IQpWMaY.exe

C:\Windows\System\QzszJLU.exe

C:\Windows\System\QzszJLU.exe

C:\Windows\System\WQQNOfx.exe

C:\Windows\System\WQQNOfx.exe

C:\Windows\System\HPAMQxs.exe

C:\Windows\System\HPAMQxs.exe

C:\Windows\System\yUdVrnE.exe

C:\Windows\System\yUdVrnE.exe

C:\Windows\System\SnoasLM.exe

C:\Windows\System\SnoasLM.exe

C:\Windows\System\kbIkHQc.exe

C:\Windows\System\kbIkHQc.exe

C:\Windows\System\TzRbQtl.exe

C:\Windows\System\TzRbQtl.exe

C:\Windows\System\ttskUGH.exe

C:\Windows\System\ttskUGH.exe

C:\Windows\System\bAqWBXh.exe

C:\Windows\System\bAqWBXh.exe

C:\Windows\System\RdqjFyJ.exe

C:\Windows\System\RdqjFyJ.exe

C:\Windows\System\DNfOiEW.exe

C:\Windows\System\DNfOiEW.exe

C:\Windows\System\EvbTTBv.exe

C:\Windows\System\EvbTTBv.exe

C:\Windows\System\caLilbj.exe

C:\Windows\System\caLilbj.exe

C:\Windows\System\VYDinAm.exe

C:\Windows\System\VYDinAm.exe

C:\Windows\System\AhITLff.exe

C:\Windows\System\AhITLff.exe

C:\Windows\System\RZUBfaD.exe

C:\Windows\System\RZUBfaD.exe

C:\Windows\System\FASMOsF.exe

C:\Windows\System\FASMOsF.exe

C:\Windows\System\IPbTgOn.exe

C:\Windows\System\IPbTgOn.exe

C:\Windows\System\EnEiOqF.exe

C:\Windows\System\EnEiOqF.exe

C:\Windows\System\ZuifcKJ.exe

C:\Windows\System\ZuifcKJ.exe

C:\Windows\System\uYnTlIW.exe

C:\Windows\System\uYnTlIW.exe

C:\Windows\System\rWrjDoi.exe

C:\Windows\System\rWrjDoi.exe

C:\Windows\System\DlSpNkU.exe

C:\Windows\System\DlSpNkU.exe

C:\Windows\System\HnPzAsL.exe

C:\Windows\System\HnPzAsL.exe

C:\Windows\System\BmylYuD.exe

C:\Windows\System\BmylYuD.exe

C:\Windows\System\pLhBZDG.exe

C:\Windows\System\pLhBZDG.exe

C:\Windows\System\eexjWEp.exe

C:\Windows\System\eexjWEp.exe

C:\Windows\System\uQbQmTL.exe

C:\Windows\System\uQbQmTL.exe

C:\Windows\System\UUVISEr.exe

C:\Windows\System\UUVISEr.exe

C:\Windows\System\zBQvJxp.exe

C:\Windows\System\zBQvJxp.exe

C:\Windows\System\UHIBJoD.exe

C:\Windows\System\UHIBJoD.exe

C:\Windows\System\UpYrzpX.exe

C:\Windows\System\UpYrzpX.exe

C:\Windows\System\bykPvUz.exe

C:\Windows\System\bykPvUz.exe

C:\Windows\System\vdpboUn.exe

C:\Windows\System\vdpboUn.exe

C:\Windows\System\yeOjDFh.exe

C:\Windows\System\yeOjDFh.exe

C:\Windows\System\EoGyEjv.exe

C:\Windows\System\EoGyEjv.exe

C:\Windows\System\ekJjiHh.exe

C:\Windows\System\ekJjiHh.exe

C:\Windows\System\jQBByzi.exe

C:\Windows\System\jQBByzi.exe

C:\Windows\System\uoLMqvQ.exe

C:\Windows\System\uoLMqvQ.exe

C:\Windows\System\GQEiiyt.exe

C:\Windows\System\GQEiiyt.exe

C:\Windows\System\CxSpJMI.exe

C:\Windows\System\CxSpJMI.exe

C:\Windows\System\wrWosAu.exe

C:\Windows\System\wrWosAu.exe

C:\Windows\System\mPucZMp.exe

C:\Windows\System\mPucZMp.exe

C:\Windows\System\Miqepwk.exe

C:\Windows\System\Miqepwk.exe

C:\Windows\System\xctyaXc.exe

C:\Windows\System\xctyaXc.exe

C:\Windows\System\TsovUUC.exe

C:\Windows\System\TsovUUC.exe

C:\Windows\System\YxxISUg.exe

C:\Windows\System\YxxISUg.exe

C:\Windows\System\HTKkKbB.exe

C:\Windows\System\HTKkKbB.exe

C:\Windows\System\zhwUEwc.exe

C:\Windows\System\zhwUEwc.exe

C:\Windows\System\fWCzNRX.exe

C:\Windows\System\fWCzNRX.exe

C:\Windows\System\xJpIYNd.exe

C:\Windows\System\xJpIYNd.exe

C:\Windows\System\LzLAHWV.exe

C:\Windows\System\LzLAHWV.exe

C:\Windows\System\fNevpzX.exe

C:\Windows\System\fNevpzX.exe

C:\Windows\System\xIoPxVw.exe

C:\Windows\System\xIoPxVw.exe

C:\Windows\System\ZXQjsnm.exe

C:\Windows\System\ZXQjsnm.exe

C:\Windows\System\yYCwcGg.exe

C:\Windows\System\yYCwcGg.exe

C:\Windows\System\hNUkCtU.exe

C:\Windows\System\hNUkCtU.exe

C:\Windows\System\cXYTNji.exe

C:\Windows\System\cXYTNji.exe

C:\Windows\System\jpkhFOT.exe

C:\Windows\System\jpkhFOT.exe

C:\Windows\System\EzPiPuJ.exe

C:\Windows\System\EzPiPuJ.exe

C:\Windows\System\likoKNw.exe

C:\Windows\System\likoKNw.exe

C:\Windows\System\ectlBgk.exe

C:\Windows\System\ectlBgk.exe

C:\Windows\System\rhLXDbp.exe

C:\Windows\System\rhLXDbp.exe

C:\Windows\System\JuwZiJe.exe

C:\Windows\System\JuwZiJe.exe

C:\Windows\System\LVntxpB.exe

C:\Windows\System\LVntxpB.exe

C:\Windows\System\WNZsAMq.exe

C:\Windows\System\WNZsAMq.exe

C:\Windows\System\mUhvOME.exe

C:\Windows\System\mUhvOME.exe

C:\Windows\System\EoxZhWd.exe

C:\Windows\System\EoxZhWd.exe

C:\Windows\System\HQNFsYu.exe

C:\Windows\System\HQNFsYu.exe

C:\Windows\System\OGmOSQL.exe

C:\Windows\System\OGmOSQL.exe

C:\Windows\System\VIlpXdW.exe

C:\Windows\System\VIlpXdW.exe

C:\Windows\System\ncXkpvJ.exe

C:\Windows\System\ncXkpvJ.exe

C:\Windows\System\qoGejIK.exe

C:\Windows\System\qoGejIK.exe

C:\Windows\System\lAEmXxI.exe

C:\Windows\System\lAEmXxI.exe

C:\Windows\System\yUHhcBJ.exe

C:\Windows\System\yUHhcBJ.exe

C:\Windows\System\FKBZGgE.exe

C:\Windows\System\FKBZGgE.exe

C:\Windows\System\HydmbHk.exe

C:\Windows\System\HydmbHk.exe

C:\Windows\System\eIAJKwQ.exe

C:\Windows\System\eIAJKwQ.exe

C:\Windows\System\mmfJsaS.exe

C:\Windows\System\mmfJsaS.exe

C:\Windows\System\MbFoWOy.exe

C:\Windows\System\MbFoWOy.exe

C:\Windows\System\sUpMtSe.exe

C:\Windows\System\sUpMtSe.exe

C:\Windows\System\GWSUeJe.exe

C:\Windows\System\GWSUeJe.exe

C:\Windows\System\okKnXIB.exe

C:\Windows\System\okKnXIB.exe

C:\Windows\System\vuSKNEl.exe

C:\Windows\System\vuSKNEl.exe

C:\Windows\System\gOxeTeX.exe

C:\Windows\System\gOxeTeX.exe

C:\Windows\System\oWQirtT.exe

C:\Windows\System\oWQirtT.exe

C:\Windows\System\ufgzYdZ.exe

C:\Windows\System\ufgzYdZ.exe

C:\Windows\System\JDmTmnY.exe

C:\Windows\System\JDmTmnY.exe

C:\Windows\System\gUiSUZO.exe

C:\Windows\System\gUiSUZO.exe

C:\Windows\System\ybocDAw.exe

C:\Windows\System\ybocDAw.exe

C:\Windows\System\zdHvFhV.exe

C:\Windows\System\zdHvFhV.exe

C:\Windows\System\MMVqAzs.exe

C:\Windows\System\MMVqAzs.exe

C:\Windows\System\OTWTvJe.exe

C:\Windows\System\OTWTvJe.exe

C:\Windows\System\FQuJMdv.exe

C:\Windows\System\FQuJMdv.exe

C:\Windows\System\gyZUiOi.exe

C:\Windows\System\gyZUiOi.exe

C:\Windows\System\sulHpYO.exe

C:\Windows\System\sulHpYO.exe

C:\Windows\System\dLLOnOk.exe

C:\Windows\System\dLLOnOk.exe

C:\Windows\System\ZQQfNjM.exe

C:\Windows\System\ZQQfNjM.exe

C:\Windows\System\mhEtrWb.exe

C:\Windows\System\mhEtrWb.exe

C:\Windows\System\EqBXFsQ.exe

C:\Windows\System\EqBXFsQ.exe

C:\Windows\System\qpTsugw.exe

C:\Windows\System\qpTsugw.exe

C:\Windows\System\lSPhNXX.exe

C:\Windows\System\lSPhNXX.exe

C:\Windows\System\gBQcvbG.exe

C:\Windows\System\gBQcvbG.exe

C:\Windows\System\iUNJwcC.exe

C:\Windows\System\iUNJwcC.exe

C:\Windows\System\zmTYFbk.exe

C:\Windows\System\zmTYFbk.exe

C:\Windows\System\vOohrse.exe

C:\Windows\System\vOohrse.exe

C:\Windows\System\HgdNLZJ.exe

C:\Windows\System\HgdNLZJ.exe

C:\Windows\System\lqACdDG.exe

C:\Windows\System\lqACdDG.exe

C:\Windows\System\lldKQpo.exe

C:\Windows\System\lldKQpo.exe

C:\Windows\System\kQGVpKT.exe

C:\Windows\System\kQGVpKT.exe

C:\Windows\System\sbmreiy.exe

C:\Windows\System\sbmreiy.exe

C:\Windows\System\mknMZjh.exe

C:\Windows\System\mknMZjh.exe

C:\Windows\System\hwvoPZx.exe

C:\Windows\System\hwvoPZx.exe

C:\Windows\System\nSQQnPp.exe

C:\Windows\System\nSQQnPp.exe

C:\Windows\System\inNhzJP.exe

C:\Windows\System\inNhzJP.exe

C:\Windows\System\zdPsHAc.exe

C:\Windows\System\zdPsHAc.exe

C:\Windows\System\gLdUdqe.exe

C:\Windows\System\gLdUdqe.exe

C:\Windows\System\xTtDJZS.exe

C:\Windows\System\xTtDJZS.exe

C:\Windows\System\YdOAgKM.exe

C:\Windows\System\YdOAgKM.exe

C:\Windows\System\FdTcwmX.exe

C:\Windows\System\FdTcwmX.exe

C:\Windows\System\VIFXIpG.exe

C:\Windows\System\VIFXIpG.exe

C:\Windows\System\wzgYHhR.exe

C:\Windows\System\wzgYHhR.exe

C:\Windows\System\rHSNADw.exe

C:\Windows\System\rHSNADw.exe

C:\Windows\System\yvqPCur.exe

C:\Windows\System\yvqPCur.exe

C:\Windows\System\OoPHigz.exe

C:\Windows\System\OoPHigz.exe

C:\Windows\System\JQtyaax.exe

C:\Windows\System\JQtyaax.exe

C:\Windows\System\ttHTcQo.exe

C:\Windows\System\ttHTcQo.exe

C:\Windows\System\tFtvNwt.exe

C:\Windows\System\tFtvNwt.exe

C:\Windows\System\IpFVFvU.exe

C:\Windows\System\IpFVFvU.exe

C:\Windows\System\DubAXWz.exe

C:\Windows\System\DubAXWz.exe

C:\Windows\System\bbUYPjp.exe

C:\Windows\System\bbUYPjp.exe

C:\Windows\System\CvDqCJt.exe

C:\Windows\System\CvDqCJt.exe

C:\Windows\System\vlPtRjv.exe

C:\Windows\System\vlPtRjv.exe

C:\Windows\System\uLPESUw.exe

C:\Windows\System\uLPESUw.exe

C:\Windows\System\rxPbRyK.exe

C:\Windows\System\rxPbRyK.exe

C:\Windows\System\DEZKNTo.exe

C:\Windows\System\DEZKNTo.exe

C:\Windows\System\gqZktZI.exe

C:\Windows\System\gqZktZI.exe

C:\Windows\System\YynSfqB.exe

C:\Windows\System\YynSfqB.exe

C:\Windows\System\mcNPCVp.exe

C:\Windows\System\mcNPCVp.exe

C:\Windows\System\hVvbeHo.exe

C:\Windows\System\hVvbeHo.exe

C:\Windows\System\dxLqcZc.exe

C:\Windows\System\dxLqcZc.exe

C:\Windows\System\hVsWFZX.exe

C:\Windows\System\hVsWFZX.exe

C:\Windows\System\gqHcPbf.exe

C:\Windows\System\gqHcPbf.exe

C:\Windows\System\mzdGllS.exe

C:\Windows\System\mzdGllS.exe

C:\Windows\System\qOkJcvD.exe

C:\Windows\System\qOkJcvD.exe

C:\Windows\System\YsONjyH.exe

C:\Windows\System\YsONjyH.exe

C:\Windows\System\HSzagnf.exe

C:\Windows\System\HSzagnf.exe

C:\Windows\System\NNoWwdQ.exe

C:\Windows\System\NNoWwdQ.exe

C:\Windows\System\lbBmsKE.exe

C:\Windows\System\lbBmsKE.exe

C:\Windows\System\HvUjPdV.exe

C:\Windows\System\HvUjPdV.exe

C:\Windows\System\clCtpog.exe

C:\Windows\System\clCtpog.exe

C:\Windows\System\VZMiZcG.exe

C:\Windows\System\VZMiZcG.exe

C:\Windows\System\lDUkozX.exe

C:\Windows\System\lDUkozX.exe

C:\Windows\System\DDpAfqF.exe

C:\Windows\System\DDpAfqF.exe

C:\Windows\System\fuVkALi.exe

C:\Windows\System\fuVkALi.exe

C:\Windows\System\moZYAYP.exe

C:\Windows\System\moZYAYP.exe

C:\Windows\System\ojEqGHB.exe

C:\Windows\System\ojEqGHB.exe

C:\Windows\System\pJcRIui.exe

C:\Windows\System\pJcRIui.exe

C:\Windows\System\VojdGNg.exe

C:\Windows\System\VojdGNg.exe

C:\Windows\System\TESGwTp.exe

C:\Windows\System\TESGwTp.exe

C:\Windows\System\ZhlDfob.exe

C:\Windows\System\ZhlDfob.exe

C:\Windows\System\TnVrssg.exe

C:\Windows\System\TnVrssg.exe

C:\Windows\System\MYMxuCr.exe

C:\Windows\System\MYMxuCr.exe

C:\Windows\System\MLdQlen.exe

C:\Windows\System\MLdQlen.exe

C:\Windows\System\TOqiYEz.exe

C:\Windows\System\TOqiYEz.exe

C:\Windows\System\wREAYSA.exe

C:\Windows\System\wREAYSA.exe

C:\Windows\System\CWaNRSs.exe

C:\Windows\System\CWaNRSs.exe

C:\Windows\System\jJlXLWI.exe

C:\Windows\System\jJlXLWI.exe

C:\Windows\System\xdTuhWF.exe

C:\Windows\System\xdTuhWF.exe

C:\Windows\System\fNgnQux.exe

C:\Windows\System\fNgnQux.exe

C:\Windows\System\foDoVNl.exe

C:\Windows\System\foDoVNl.exe

C:\Windows\System\itTXqYU.exe

C:\Windows\System\itTXqYU.exe

C:\Windows\System\unOivpQ.exe

C:\Windows\System\unOivpQ.exe

C:\Windows\System\cWMSCsc.exe

C:\Windows\System\cWMSCsc.exe

C:\Windows\System\QtFesmb.exe

C:\Windows\System\QtFesmb.exe

C:\Windows\System\LXizAiK.exe

C:\Windows\System\LXizAiK.exe

C:\Windows\System\exlTHyH.exe

C:\Windows\System\exlTHyH.exe

C:\Windows\System\jnGxaPu.exe

C:\Windows\System\jnGxaPu.exe

C:\Windows\System\iSnwzBz.exe

C:\Windows\System\iSnwzBz.exe

C:\Windows\System\DqvBZTX.exe

C:\Windows\System\DqvBZTX.exe

C:\Windows\System\yYhOXnV.exe

C:\Windows\System\yYhOXnV.exe

C:\Windows\System\vuFFmpA.exe

C:\Windows\System\vuFFmpA.exe

C:\Windows\System\LnBoGdF.exe

C:\Windows\System\LnBoGdF.exe

C:\Windows\System\izDKhiT.exe

C:\Windows\System\izDKhiT.exe

C:\Windows\System\wsGJSWV.exe

C:\Windows\System\wsGJSWV.exe

C:\Windows\System\pKVSkDo.exe

C:\Windows\System\pKVSkDo.exe

C:\Windows\System\tGbsfAW.exe

C:\Windows\System\tGbsfAW.exe

C:\Windows\System\kHWDvAo.exe

C:\Windows\System\kHWDvAo.exe

C:\Windows\System\KBQroFy.exe

C:\Windows\System\KBQroFy.exe

C:\Windows\System\WlMVQkS.exe

C:\Windows\System\WlMVQkS.exe

C:\Windows\System\DRHIaWa.exe

C:\Windows\System\DRHIaWa.exe

C:\Windows\System\WepsHyl.exe

C:\Windows\System\WepsHyl.exe

C:\Windows\System\rOCgWFL.exe

C:\Windows\System\rOCgWFL.exe

C:\Windows\System\rOahNWL.exe

C:\Windows\System\rOahNWL.exe

C:\Windows\System\SYCosJz.exe

C:\Windows\System\SYCosJz.exe

C:\Windows\System\dSecxTA.exe

C:\Windows\System\dSecxTA.exe

C:\Windows\System\UdrFAvP.exe

C:\Windows\System\UdrFAvP.exe

C:\Windows\System\FFgIpby.exe

C:\Windows\System\FFgIpby.exe

C:\Windows\System\ZuFqVSh.exe

C:\Windows\System\ZuFqVSh.exe

C:\Windows\System\eSDriWZ.exe

C:\Windows\System\eSDriWZ.exe

C:\Windows\System\TuvNjZg.exe

C:\Windows\System\TuvNjZg.exe

C:\Windows\System\IhQiGMC.exe

C:\Windows\System\IhQiGMC.exe

C:\Windows\System\tXXAQFW.exe

C:\Windows\System\tXXAQFW.exe

C:\Windows\System\eAbyBFf.exe

C:\Windows\System\eAbyBFf.exe

C:\Windows\System\TRyHqcw.exe

C:\Windows\System\TRyHqcw.exe

C:\Windows\System\qMHuhZr.exe

C:\Windows\System\qMHuhZr.exe

C:\Windows\System\mmoQhKk.exe

C:\Windows\System\mmoQhKk.exe

C:\Windows\System\SwAupRU.exe

C:\Windows\System\SwAupRU.exe

C:\Windows\System\ZtiuHTi.exe

C:\Windows\System\ZtiuHTi.exe

C:\Windows\System\bKAixEo.exe

C:\Windows\System\bKAixEo.exe

C:\Windows\System\oaTRGhp.exe

C:\Windows\System\oaTRGhp.exe

C:\Windows\System\vsTXSTN.exe

C:\Windows\System\vsTXSTN.exe

C:\Windows\System\DNRmzUg.exe

C:\Windows\System\DNRmzUg.exe

C:\Windows\System\oCzvkNI.exe

C:\Windows\System\oCzvkNI.exe

C:\Windows\System\rmqowNf.exe

C:\Windows\System\rmqowNf.exe

C:\Windows\System\rAuMLKN.exe

C:\Windows\System\rAuMLKN.exe

C:\Windows\System\cQCWAic.exe

C:\Windows\System\cQCWAic.exe

C:\Windows\System\ziugVKJ.exe

C:\Windows\System\ziugVKJ.exe

C:\Windows\System\IcuZkHE.exe

C:\Windows\System\IcuZkHE.exe

C:\Windows\System\cIOTGvG.exe

C:\Windows\System\cIOTGvG.exe

C:\Windows\System\rOwKDGI.exe

C:\Windows\System\rOwKDGI.exe

C:\Windows\System\QbhcXtO.exe

C:\Windows\System\QbhcXtO.exe

C:\Windows\System\FmTpoSx.exe

C:\Windows\System\FmTpoSx.exe

C:\Windows\System\PUCkClm.exe

C:\Windows\System\PUCkClm.exe

C:\Windows\System\PZJfQCz.exe

C:\Windows\System\PZJfQCz.exe

C:\Windows\System\ecqAJrY.exe

C:\Windows\System\ecqAJrY.exe

C:\Windows\System\BugYSyr.exe

C:\Windows\System\BugYSyr.exe

C:\Windows\System\cceeyPa.exe

C:\Windows\System\cceeyPa.exe

C:\Windows\System\oOaldMN.exe

C:\Windows\System\oOaldMN.exe

C:\Windows\System\xbwFwBL.exe

C:\Windows\System\xbwFwBL.exe

C:\Windows\System\gCRKaKg.exe

C:\Windows\System\gCRKaKg.exe

C:\Windows\System\LkYLanX.exe

C:\Windows\System\LkYLanX.exe

C:\Windows\System\aZrStky.exe

C:\Windows\System\aZrStky.exe

C:\Windows\System\vXRiINf.exe

C:\Windows\System\vXRiINf.exe

C:\Windows\System\hRBrTEP.exe

C:\Windows\System\hRBrTEP.exe

C:\Windows\System\XTvsmOV.exe

C:\Windows\System\XTvsmOV.exe

C:\Windows\System\mPEXVTj.exe

C:\Windows\System\mPEXVTj.exe

C:\Windows\System\GalCEqO.exe

C:\Windows\System\GalCEqO.exe

C:\Windows\System\EXQGZjj.exe

C:\Windows\System\EXQGZjj.exe

C:\Windows\System\ODJtflI.exe

C:\Windows\System\ODJtflI.exe

C:\Windows\System\hXTdiGz.exe

C:\Windows\System\hXTdiGz.exe

C:\Windows\System\QzCXzoy.exe

C:\Windows\System\QzCXzoy.exe

C:\Windows\System\wDFFqhw.exe

C:\Windows\System\wDFFqhw.exe

C:\Windows\System\onkiZww.exe

C:\Windows\System\onkiZww.exe

C:\Windows\System\QxChvdi.exe

C:\Windows\System\QxChvdi.exe

C:\Windows\System\nIDaGJs.exe

C:\Windows\System\nIDaGJs.exe

C:\Windows\System\CkqWjDx.exe

C:\Windows\System\CkqWjDx.exe

C:\Windows\System\lkxHdtJ.exe

C:\Windows\System\lkxHdtJ.exe

C:\Windows\System\wBtqYax.exe

C:\Windows\System\wBtqYax.exe

C:\Windows\System\OFgZTQC.exe

C:\Windows\System\OFgZTQC.exe

C:\Windows\System\SssuGhM.exe

C:\Windows\System\SssuGhM.exe

C:\Windows\System\OGMNukN.exe

C:\Windows\System\OGMNukN.exe

C:\Windows\System\TlPnAnD.exe

C:\Windows\System\TlPnAnD.exe

C:\Windows\System\CcvghGR.exe

C:\Windows\System\CcvghGR.exe

C:\Windows\System\xhlNvKf.exe

C:\Windows\System\xhlNvKf.exe

C:\Windows\System\GlFzFAP.exe

C:\Windows\System\GlFzFAP.exe

C:\Windows\System\lgzlqqQ.exe

C:\Windows\System\lgzlqqQ.exe

C:\Windows\System\cuKOdAq.exe

C:\Windows\System\cuKOdAq.exe

C:\Windows\System\oqHuGbe.exe

C:\Windows\System\oqHuGbe.exe

C:\Windows\System\TJFCGem.exe

C:\Windows\System\TJFCGem.exe

C:\Windows\System\hNneWRj.exe

C:\Windows\System\hNneWRj.exe

C:\Windows\System\tdUftCl.exe

C:\Windows\System\tdUftCl.exe

C:\Windows\System\TKxuqOX.exe

C:\Windows\System\TKxuqOX.exe

C:\Windows\System\ainKzib.exe

C:\Windows\System\ainKzib.exe

C:\Windows\System\tbgchBE.exe

C:\Windows\System\tbgchBE.exe

C:\Windows\System\ovRHWQp.exe

C:\Windows\System\ovRHWQp.exe

C:\Windows\System\OaEgLMo.exe

C:\Windows\System\OaEgLMo.exe

C:\Windows\System\AODmuwh.exe

C:\Windows\System\AODmuwh.exe

C:\Windows\System\KPCYPYe.exe

C:\Windows\System\KPCYPYe.exe

C:\Windows\System\RcddoYI.exe

C:\Windows\System\RcddoYI.exe

C:\Windows\System\YlaRcyP.exe

C:\Windows\System\YlaRcyP.exe

C:\Windows\System\UvSgcwG.exe

C:\Windows\System\UvSgcwG.exe

C:\Windows\System\nKUxrPi.exe

C:\Windows\System\nKUxrPi.exe

C:\Windows\System\aouhWUw.exe

C:\Windows\System\aouhWUw.exe

C:\Windows\System\zcKqLfw.exe

C:\Windows\System\zcKqLfw.exe

C:\Windows\System\pKLEBiS.exe

C:\Windows\System\pKLEBiS.exe

C:\Windows\System\BWTHsvH.exe

C:\Windows\System\BWTHsvH.exe

C:\Windows\System\TmSlkxM.exe

C:\Windows\System\TmSlkxM.exe

C:\Windows\System\PMfASft.exe

C:\Windows\System\PMfASft.exe

C:\Windows\System\fByACbZ.exe

C:\Windows\System\fByACbZ.exe

C:\Windows\System\WXbWEvr.exe

C:\Windows\System\WXbWEvr.exe

C:\Windows\System\AJpNdvV.exe

C:\Windows\System\AJpNdvV.exe

C:\Windows\System\HtiQjQX.exe

C:\Windows\System\HtiQjQX.exe

C:\Windows\System\KfwLbvA.exe

C:\Windows\System\KfwLbvA.exe

C:\Windows\System\ZQoGOzV.exe

C:\Windows\System\ZQoGOzV.exe

C:\Windows\System\gXZJeVP.exe

C:\Windows\System\gXZJeVP.exe

C:\Windows\System\tnrnYda.exe

C:\Windows\System\tnrnYda.exe

C:\Windows\System\StJYtzI.exe

C:\Windows\System\StJYtzI.exe

C:\Windows\System\gTdKIzY.exe

C:\Windows\System\gTdKIzY.exe

C:\Windows\System\RiRGQfG.exe

C:\Windows\System\RiRGQfG.exe

C:\Windows\System\vpPSVCF.exe

C:\Windows\System\vpPSVCF.exe

C:\Windows\System\lAsdmRk.exe

C:\Windows\System\lAsdmRk.exe

C:\Windows\System\hiPUQXC.exe

C:\Windows\System\hiPUQXC.exe

C:\Windows\System\dJzBHgi.exe

C:\Windows\System\dJzBHgi.exe

C:\Windows\System\SqxIdfY.exe

C:\Windows\System\SqxIdfY.exe

C:\Windows\System\ksOGphH.exe

C:\Windows\System\ksOGphH.exe

C:\Windows\System\ZblBZeB.exe

C:\Windows\System\ZblBZeB.exe

C:\Windows\System\ThXtNyQ.exe

C:\Windows\System\ThXtNyQ.exe

C:\Windows\System\pHWjqoh.exe

C:\Windows\System\pHWjqoh.exe

C:\Windows\System\QNgaUGF.exe

C:\Windows\System\QNgaUGF.exe

C:\Windows\System\TwaNEPx.exe

C:\Windows\System\TwaNEPx.exe

C:\Windows\System\iXEIFPC.exe

C:\Windows\System\iXEIFPC.exe

C:\Windows\System\BUxfbyD.exe

C:\Windows\System\BUxfbyD.exe

C:\Windows\System\ThfRHkb.exe

C:\Windows\System\ThfRHkb.exe

C:\Windows\System\FjkJWiL.exe

C:\Windows\System\FjkJWiL.exe

C:\Windows\System\Yyzyvyd.exe

C:\Windows\System\Yyzyvyd.exe

C:\Windows\System\gmSaWZC.exe

C:\Windows\System\gmSaWZC.exe

C:\Windows\System\YnfbcCl.exe

C:\Windows\System\YnfbcCl.exe

C:\Windows\System\umAZRRf.exe

C:\Windows\System\umAZRRf.exe

C:\Windows\System\NXFOnZd.exe

C:\Windows\System\NXFOnZd.exe

C:\Windows\System\tpTgJed.exe

C:\Windows\System\tpTgJed.exe

C:\Windows\System\iRrPSoH.exe

C:\Windows\System\iRrPSoH.exe

C:\Windows\System\iZDxauj.exe

C:\Windows\System\iZDxauj.exe

C:\Windows\System\PgTpkuj.exe

C:\Windows\System\PgTpkuj.exe

C:\Windows\System\ojjmGxU.exe

C:\Windows\System\ojjmGxU.exe

C:\Windows\System\gRGHwBF.exe

C:\Windows\System\gRGHwBF.exe

C:\Windows\System\XuKECTs.exe

C:\Windows\System\XuKECTs.exe

C:\Windows\System\kRUgOzB.exe

C:\Windows\System\kRUgOzB.exe

C:\Windows\System\ggYXyQP.exe

C:\Windows\System\ggYXyQP.exe

C:\Windows\System\oFbsMyd.exe

C:\Windows\System\oFbsMyd.exe

C:\Windows\System\cVqdGfZ.exe

C:\Windows\System\cVqdGfZ.exe

C:\Windows\System\cNTgrrM.exe

C:\Windows\System\cNTgrrM.exe

C:\Windows\System\nqQnkUP.exe

C:\Windows\System\nqQnkUP.exe

C:\Windows\System\pfGJUPH.exe

C:\Windows\System\pfGJUPH.exe

C:\Windows\System\ydZQech.exe

C:\Windows\System\ydZQech.exe

C:\Windows\System\gjKMEUC.exe

C:\Windows\System\gjKMEUC.exe

C:\Windows\System\lSemCpw.exe

C:\Windows\System\lSemCpw.exe

C:\Windows\System\NbPprYZ.exe

C:\Windows\System\NbPprYZ.exe

C:\Windows\System\RCMWHJW.exe

C:\Windows\System\RCMWHJW.exe

C:\Windows\System\cUAtZiw.exe

C:\Windows\System\cUAtZiw.exe

C:\Windows\System\NEJidPH.exe

C:\Windows\System\NEJidPH.exe

C:\Windows\System\ZcxGRZX.exe

C:\Windows\System\ZcxGRZX.exe

C:\Windows\System\ReAuxrA.exe

C:\Windows\System\ReAuxrA.exe

C:\Windows\System\GODiTDq.exe

C:\Windows\System\GODiTDq.exe

C:\Windows\System\HsRKisO.exe

C:\Windows\System\HsRKisO.exe

C:\Windows\System\BcfKEyK.exe

C:\Windows\System\BcfKEyK.exe

C:\Windows\System\LREiSjn.exe

C:\Windows\System\LREiSjn.exe

C:\Windows\System\kFCQIOv.exe

C:\Windows\System\kFCQIOv.exe

C:\Windows\System\YYEhFIl.exe

C:\Windows\System\YYEhFIl.exe

C:\Windows\System\oAUSaDi.exe

C:\Windows\System\oAUSaDi.exe

C:\Windows\System\TCOdYjK.exe

C:\Windows\System\TCOdYjK.exe

C:\Windows\System\YUnKNoe.exe

C:\Windows\System\YUnKNoe.exe

C:\Windows\System\KEFQVju.exe

C:\Windows\System\KEFQVju.exe

C:\Windows\System\akCDBYi.exe

C:\Windows\System\akCDBYi.exe

C:\Windows\System\JbXBZlT.exe

C:\Windows\System\JbXBZlT.exe

C:\Windows\System\lLlnnWr.exe

C:\Windows\System\lLlnnWr.exe

C:\Windows\System\BXURCkY.exe

C:\Windows\System\BXURCkY.exe

C:\Windows\System\ginnBNi.exe

C:\Windows\System\ginnBNi.exe

C:\Windows\System\QqizfOd.exe

C:\Windows\System\QqizfOd.exe

C:\Windows\System\HwAtOwq.exe

C:\Windows\System\HwAtOwq.exe

C:\Windows\System\yYURGNF.exe

C:\Windows\System\yYURGNF.exe

C:\Windows\System\jMLDzMj.exe

C:\Windows\System\jMLDzMj.exe

C:\Windows\System\aKgPFQP.exe

C:\Windows\System\aKgPFQP.exe

C:\Windows\System\PblAVBs.exe

C:\Windows\System\PblAVBs.exe

C:\Windows\System\YeNmZJo.exe

C:\Windows\System\YeNmZJo.exe

C:\Windows\System\hUIosMR.exe

C:\Windows\System\hUIosMR.exe

C:\Windows\System\GNFAozm.exe

C:\Windows\System\GNFAozm.exe

C:\Windows\System\LSRzHSv.exe

C:\Windows\System\LSRzHSv.exe

C:\Windows\System\kuuDeDL.exe

C:\Windows\System\kuuDeDL.exe

C:\Windows\System\giDXztN.exe

C:\Windows\System\giDXztN.exe

C:\Windows\System\SfPuJjC.exe

C:\Windows\System\SfPuJjC.exe

C:\Windows\System\nOKlJEk.exe

C:\Windows\System\nOKlJEk.exe

C:\Windows\System\Xotrknp.exe

C:\Windows\System\Xotrknp.exe

C:\Windows\System\NDGBcsY.exe

C:\Windows\System\NDGBcsY.exe

C:\Windows\System\AIHHiIW.exe

C:\Windows\System\AIHHiIW.exe

C:\Windows\System\oabwfsL.exe

C:\Windows\System\oabwfsL.exe

C:\Windows\System\JNGoQPV.exe

C:\Windows\System\JNGoQPV.exe

C:\Windows\System\GZwHvrj.exe

C:\Windows\System\GZwHvrj.exe

C:\Windows\System\gNIYFCh.exe

C:\Windows\System\gNIYFCh.exe

C:\Windows\System\ZJRNdHo.exe

C:\Windows\System\ZJRNdHo.exe

C:\Windows\System\mCqZSIZ.exe

C:\Windows\System\mCqZSIZ.exe

C:\Windows\System\wbHKkyE.exe

C:\Windows\System\wbHKkyE.exe

C:\Windows\System\kOwBxqv.exe

C:\Windows\System\kOwBxqv.exe

C:\Windows\System\dwiMcID.exe

C:\Windows\System\dwiMcID.exe

C:\Windows\System\cKCSKmv.exe

C:\Windows\System\cKCSKmv.exe

C:\Windows\System\SdAlTjj.exe

C:\Windows\System\SdAlTjj.exe

C:\Windows\System\TuxEwtJ.exe

C:\Windows\System\TuxEwtJ.exe

C:\Windows\System\cizRsCP.exe

C:\Windows\System\cizRsCP.exe

C:\Windows\System\VYaZZVx.exe

C:\Windows\System\VYaZZVx.exe

C:\Windows\System\agyFXQX.exe

C:\Windows\System\agyFXQX.exe

C:\Windows\System\wKSBGkY.exe

C:\Windows\System\wKSBGkY.exe

C:\Windows\System\XDRoIAq.exe

C:\Windows\System\XDRoIAq.exe

C:\Windows\System\WjUFHzC.exe

C:\Windows\System\WjUFHzC.exe

C:\Windows\System\zzFADLZ.exe

C:\Windows\System\zzFADLZ.exe

C:\Windows\System\WblMDgA.exe

C:\Windows\System\WblMDgA.exe

C:\Windows\System\toqioPJ.exe

C:\Windows\System\toqioPJ.exe

C:\Windows\System\VIgKNRs.exe

C:\Windows\System\VIgKNRs.exe

C:\Windows\System\kdkttRQ.exe

C:\Windows\System\kdkttRQ.exe

C:\Windows\System\DEkunlX.exe

C:\Windows\System\DEkunlX.exe

C:\Windows\System\ByogQqz.exe

C:\Windows\System\ByogQqz.exe

C:\Windows\System\juYTpVo.exe

C:\Windows\System\juYTpVo.exe

C:\Windows\System\qGCKAHN.exe

C:\Windows\System\qGCKAHN.exe

C:\Windows\System\HynvagN.exe

C:\Windows\System\HynvagN.exe

C:\Windows\System\gGvLWxC.exe

C:\Windows\System\gGvLWxC.exe

C:\Windows\System\ObEmwSX.exe

C:\Windows\System\ObEmwSX.exe

C:\Windows\System\KqcvWDb.exe

C:\Windows\System\KqcvWDb.exe

C:\Windows\System\QcrkCHM.exe

C:\Windows\System\QcrkCHM.exe

C:\Windows\System\FiXOXuh.exe

C:\Windows\System\FiXOXuh.exe

C:\Windows\System\NrpjZbY.exe

C:\Windows\System\NrpjZbY.exe

C:\Windows\System\PSYFElf.exe

C:\Windows\System\PSYFElf.exe

C:\Windows\System\hxLbifB.exe

C:\Windows\System\hxLbifB.exe

C:\Windows\System\vOiflBt.exe

C:\Windows\System\vOiflBt.exe

C:\Windows\System\bFmUnRf.exe

C:\Windows\System\bFmUnRf.exe

C:\Windows\System\SqXROem.exe

C:\Windows\System\SqXROem.exe

C:\Windows\System\FiGTxiP.exe

C:\Windows\System\FiGTxiP.exe

C:\Windows\System\XUoZuTp.exe

C:\Windows\System\XUoZuTp.exe

C:\Windows\System\xRANXky.exe

C:\Windows\System\xRANXky.exe

C:\Windows\System\OwIQUMI.exe

C:\Windows\System\OwIQUMI.exe

C:\Windows\System\ndaqhCI.exe

C:\Windows\System\ndaqhCI.exe

C:\Windows\System\CNueDXN.exe

C:\Windows\System\CNueDXN.exe

C:\Windows\System\ESLGKDF.exe

C:\Windows\System\ESLGKDF.exe

C:\Windows\System\HEjsmdi.exe

C:\Windows\System\HEjsmdi.exe

C:\Windows\System\HYJVrqt.exe

C:\Windows\System\HYJVrqt.exe

C:\Windows\System\wkLoJCR.exe

C:\Windows\System\wkLoJCR.exe

C:\Windows\System\SlbEeLY.exe

C:\Windows\System\SlbEeLY.exe

C:\Windows\System\eNlxmar.exe

C:\Windows\System\eNlxmar.exe

C:\Windows\System\DHDLtwm.exe

C:\Windows\System\DHDLtwm.exe

C:\Windows\System\OAWyUtl.exe

C:\Windows\System\OAWyUtl.exe

C:\Windows\System\CwOhZIw.exe

C:\Windows\System\CwOhZIw.exe

C:\Windows\System\qwcsExB.exe

C:\Windows\System\qwcsExB.exe

C:\Windows\System\fgkhnBV.exe

C:\Windows\System\fgkhnBV.exe

C:\Windows\System\aozlPAF.exe

C:\Windows\System\aozlPAF.exe

C:\Windows\System\ShlWmkk.exe

C:\Windows\System\ShlWmkk.exe

C:\Windows\System\KecbKWX.exe

C:\Windows\System\KecbKWX.exe

C:\Windows\System\tcQyWov.exe

C:\Windows\System\tcQyWov.exe

C:\Windows\System\XfraLMM.exe

C:\Windows\System\XfraLMM.exe

C:\Windows\System\zawRXVK.exe

C:\Windows\System\zawRXVK.exe

C:\Windows\System\HcKoCXK.exe

C:\Windows\System\HcKoCXK.exe

C:\Windows\System\oEUSafG.exe

C:\Windows\System\oEUSafG.exe

C:\Windows\System\VLNkgRU.exe

C:\Windows\System\VLNkgRU.exe

C:\Windows\System\GiFemlb.exe

C:\Windows\System\GiFemlb.exe

C:\Windows\System\YSEgjZx.exe

C:\Windows\System\YSEgjZx.exe

C:\Windows\System\qULiJZn.exe

C:\Windows\System\qULiJZn.exe

C:\Windows\System\CIIFJVh.exe

C:\Windows\System\CIIFJVh.exe

C:\Windows\System\OgFOKnt.exe

C:\Windows\System\OgFOKnt.exe

C:\Windows\System\RWIVPvr.exe

C:\Windows\System\RWIVPvr.exe

C:\Windows\System\uaExEiO.exe

C:\Windows\System\uaExEiO.exe

C:\Windows\System\XifJkHm.exe

C:\Windows\System\XifJkHm.exe

C:\Windows\System\kmdOhVZ.exe

C:\Windows\System\kmdOhVZ.exe

C:\Windows\System\DeZBQRs.exe

C:\Windows\System\DeZBQRs.exe

C:\Windows\System\JkxQrsQ.exe

C:\Windows\System\JkxQrsQ.exe

C:\Windows\System\pwhqJnG.exe

C:\Windows\System\pwhqJnG.exe

C:\Windows\System\giTXpgX.exe

C:\Windows\System\giTXpgX.exe

C:\Windows\System\xOeBRQx.exe

C:\Windows\System\xOeBRQx.exe

C:\Windows\System\pqczdDL.exe

C:\Windows\System\pqczdDL.exe

C:\Windows\System\tnxCuAs.exe

C:\Windows\System\tnxCuAs.exe

C:\Windows\System\BVphTbg.exe

C:\Windows\System\BVphTbg.exe

C:\Windows\System\xTirWcZ.exe

C:\Windows\System\xTirWcZ.exe

C:\Windows\System\tKKNwwQ.exe

C:\Windows\System\tKKNwwQ.exe

C:\Windows\System\CvpRiCO.exe

C:\Windows\System\CvpRiCO.exe

C:\Windows\System\VTaZzar.exe

C:\Windows\System\VTaZzar.exe

C:\Windows\System\zyLFJJT.exe

C:\Windows\System\zyLFJJT.exe

C:\Windows\System\IfjlDzn.exe

C:\Windows\System\IfjlDzn.exe

C:\Windows\System\YHNaEcO.exe

C:\Windows\System\YHNaEcO.exe

C:\Windows\System\SJTUJnj.exe

C:\Windows\System\SJTUJnj.exe

C:\Windows\System\ZaQVmFS.exe

C:\Windows\System\ZaQVmFS.exe

C:\Windows\System\PQdyArk.exe

C:\Windows\System\PQdyArk.exe

C:\Windows\System\oPoeRWX.exe

C:\Windows\System\oPoeRWX.exe

C:\Windows\System\RoaJyoB.exe

C:\Windows\System\RoaJyoB.exe

C:\Windows\System\LDAwxbL.exe

C:\Windows\System\LDAwxbL.exe

C:\Windows\System\uVispEs.exe

C:\Windows\System\uVispEs.exe

C:\Windows\System\vrTVTAN.exe

C:\Windows\System\vrTVTAN.exe

C:\Windows\System\ASnBjgV.exe

C:\Windows\System\ASnBjgV.exe

C:\Windows\System\QqcYMOd.exe

C:\Windows\System\QqcYMOd.exe

C:\Windows\System\prqiGmw.exe

C:\Windows\System\prqiGmw.exe

C:\Windows\System\yfcfAyi.exe

C:\Windows\System\yfcfAyi.exe

C:\Windows\System\sTegRVp.exe

C:\Windows\System\sTegRVp.exe

C:\Windows\System\hriIISM.exe

C:\Windows\System\hriIISM.exe

C:\Windows\System\nqzuFOv.exe

C:\Windows\System\nqzuFOv.exe

C:\Windows\System\BlLXLqY.exe

C:\Windows\System\BlLXLqY.exe

C:\Windows\System\dRdTbQN.exe

C:\Windows\System\dRdTbQN.exe

C:\Windows\System\hmqMHYX.exe

C:\Windows\System\hmqMHYX.exe

C:\Windows\System\ugMGije.exe

C:\Windows\System\ugMGije.exe

C:\Windows\System\XzUZllm.exe

C:\Windows\System\XzUZllm.exe

C:\Windows\System\aHgluLw.exe

C:\Windows\System\aHgluLw.exe

C:\Windows\System\dywiUyi.exe

C:\Windows\System\dywiUyi.exe

C:\Windows\System\WyFfoAz.exe

C:\Windows\System\WyFfoAz.exe

C:\Windows\System\bIIVBRK.exe

C:\Windows\System\bIIVBRK.exe

C:\Windows\System\zBDrQny.exe

C:\Windows\System\zBDrQny.exe

C:\Windows\System\rYJVRqA.exe

C:\Windows\System\rYJVRqA.exe

C:\Windows\System\NxEFSUv.exe

C:\Windows\System\NxEFSUv.exe

C:\Windows\System\pREiWmZ.exe

C:\Windows\System\pREiWmZ.exe

C:\Windows\System\vAvqJSd.exe

C:\Windows\System\vAvqJSd.exe

C:\Windows\System\DDukvcc.exe

C:\Windows\System\DDukvcc.exe

C:\Windows\System\kXROwsv.exe

C:\Windows\System\kXROwsv.exe

C:\Windows\System\gjbAHVo.exe

C:\Windows\System\gjbAHVo.exe

C:\Windows\System\ZswhfCh.exe

C:\Windows\System\ZswhfCh.exe

C:\Windows\System\qPviqqj.exe

C:\Windows\System\qPviqqj.exe

C:\Windows\System\OzopqJJ.exe

C:\Windows\System\OzopqJJ.exe

C:\Windows\System\nAMPvyS.exe

C:\Windows\System\nAMPvyS.exe

C:\Windows\System\RhuNWHU.exe

C:\Windows\System\RhuNWHU.exe

C:\Windows\System\ApCvWDn.exe

C:\Windows\System\ApCvWDn.exe

C:\Windows\System\GvWhwLq.exe

C:\Windows\System\GvWhwLq.exe

C:\Windows\System\HdXGiJj.exe

C:\Windows\System\HdXGiJj.exe

C:\Windows\System\Xmtdbtr.exe

C:\Windows\System\Xmtdbtr.exe

C:\Windows\System\vxzEjef.exe

C:\Windows\System\vxzEjef.exe

C:\Windows\System\BFdypgj.exe

C:\Windows\System\BFdypgj.exe

C:\Windows\System\PyFungy.exe

C:\Windows\System\PyFungy.exe

C:\Windows\System\xvTKChL.exe

C:\Windows\System\xvTKChL.exe

C:\Windows\System\SmqUkjB.exe

C:\Windows\System\SmqUkjB.exe

C:\Windows\System\cuyDsOQ.exe

C:\Windows\System\cuyDsOQ.exe

C:\Windows\System\EWadKhL.exe

C:\Windows\System\EWadKhL.exe

C:\Windows\System\zqWqCFO.exe

C:\Windows\System\zqWqCFO.exe

C:\Windows\System\HtIBRvG.exe

C:\Windows\System\HtIBRvG.exe

C:\Windows\System\GRFPOPJ.exe

C:\Windows\System\GRFPOPJ.exe

C:\Windows\System\mqQLsLg.exe

C:\Windows\System\mqQLsLg.exe

C:\Windows\System\Yugzhrr.exe

C:\Windows\System\Yugzhrr.exe

C:\Windows\System\PsQxxDi.exe

C:\Windows\System\PsQxxDi.exe

C:\Windows\System\mFqCREt.exe

C:\Windows\System\mFqCREt.exe

C:\Windows\System\BAkSvYn.exe

C:\Windows\System\BAkSvYn.exe

C:\Windows\System\YjbQoyR.exe

C:\Windows\System\YjbQoyR.exe

C:\Windows\System\CQqlRBf.exe

C:\Windows\System\CQqlRBf.exe

C:\Windows\System\vvTVhkd.exe

C:\Windows\System\vvTVhkd.exe

C:\Windows\System\vRyFDCt.exe

C:\Windows\System\vRyFDCt.exe

C:\Windows\System\rMwRlSi.exe

C:\Windows\System\rMwRlSi.exe

C:\Windows\System\xXcZebK.exe

C:\Windows\System\xXcZebK.exe

C:\Windows\System\uVwcOcP.exe

C:\Windows\System\uVwcOcP.exe

C:\Windows\System\JhJDgVZ.exe

C:\Windows\System\JhJDgVZ.exe

C:\Windows\System\MkXmnGK.exe

C:\Windows\System\MkXmnGK.exe

C:\Windows\System\CBNfrPN.exe

C:\Windows\System\CBNfrPN.exe

C:\Windows\System\OYXQfSR.exe

C:\Windows\System\OYXQfSR.exe

C:\Windows\System\sbmNmkP.exe

C:\Windows\System\sbmNmkP.exe

C:\Windows\System\fyUbNGf.exe

C:\Windows\System\fyUbNGf.exe

C:\Windows\System\ZHFiusG.exe

C:\Windows\System\ZHFiusG.exe

C:\Windows\System\eOPXCDb.exe

C:\Windows\System\eOPXCDb.exe

C:\Windows\System\GqJWiqT.exe

C:\Windows\System\GqJWiqT.exe

C:\Windows\System\HINoHXR.exe

C:\Windows\System\HINoHXR.exe

C:\Windows\System\mIOhIwA.exe

C:\Windows\System\mIOhIwA.exe

C:\Windows\System\UTLLelQ.exe

C:\Windows\System\UTLLelQ.exe

C:\Windows\System\xnnkdQG.exe

C:\Windows\System\xnnkdQG.exe

C:\Windows\System\AomUTuh.exe

C:\Windows\System\AomUTuh.exe

C:\Windows\System\wQCojMR.exe

C:\Windows\System\wQCojMR.exe

C:\Windows\System\FJlSqzL.exe

C:\Windows\System\FJlSqzL.exe

C:\Windows\System\EkKAQQh.exe

C:\Windows\System\EkKAQQh.exe

C:\Windows\System\UJWhhQv.exe

C:\Windows\System\UJWhhQv.exe

C:\Windows\System\Ferffck.exe

C:\Windows\System\Ferffck.exe

C:\Windows\System\QVxxKPl.exe

C:\Windows\System\QVxxKPl.exe

C:\Windows\System\lJHkiBC.exe

C:\Windows\System\lJHkiBC.exe

C:\Windows\System\WiMWSaw.exe

C:\Windows\System\WiMWSaw.exe

C:\Windows\System\sMnslFA.exe

C:\Windows\System\sMnslFA.exe

C:\Windows\System\RzqeQMh.exe

C:\Windows\System\RzqeQMh.exe

C:\Windows\System\kPVVRrw.exe

C:\Windows\System\kPVVRrw.exe

C:\Windows\System\ktrfBEP.exe

C:\Windows\System\ktrfBEP.exe

C:\Windows\System\iYxgAvi.exe

C:\Windows\System\iYxgAvi.exe

C:\Windows\System\qhgHDsU.exe

C:\Windows\System\qhgHDsU.exe

C:\Windows\System\QxrGxBM.exe

C:\Windows\System\QxrGxBM.exe

C:\Windows\System\OOumZgn.exe

C:\Windows\System\OOumZgn.exe

C:\Windows\System\HutZzxW.exe

C:\Windows\System\HutZzxW.exe

C:\Windows\System\tNysrRU.exe

C:\Windows\System\tNysrRU.exe

C:\Windows\System\kRzbLew.exe

C:\Windows\System\kRzbLew.exe

C:\Windows\System\gzpKCmV.exe

C:\Windows\System\gzpKCmV.exe

C:\Windows\System\gWykhhU.exe

C:\Windows\System\gWykhhU.exe

C:\Windows\System\pPLKPpF.exe

C:\Windows\System\pPLKPpF.exe

C:\Windows\System\DYbRdxw.exe

C:\Windows\System\DYbRdxw.exe

C:\Windows\System\mOroZxb.exe

C:\Windows\System\mOroZxb.exe

C:\Windows\System\uecUJGw.exe

C:\Windows\System\uecUJGw.exe

C:\Windows\System\TeKVoBU.exe

C:\Windows\System\TeKVoBU.exe

C:\Windows\System\oAreAlL.exe

C:\Windows\System\oAreAlL.exe

C:\Windows\System\sCaUeXj.exe

C:\Windows\System\sCaUeXj.exe

C:\Windows\System\JJJbPkD.exe

C:\Windows\System\JJJbPkD.exe

C:\Windows\System\GXyZRTA.exe

C:\Windows\System\GXyZRTA.exe

C:\Windows\System\gwSHbeq.exe

C:\Windows\System\gwSHbeq.exe

C:\Windows\System\VAUFajp.exe

C:\Windows\System\VAUFajp.exe

C:\Windows\System\nYdgPQm.exe

C:\Windows\System\nYdgPQm.exe

C:\Windows\System\zlJBDZZ.exe

C:\Windows\System\zlJBDZZ.exe

C:\Windows\System\eEpLnDc.exe

C:\Windows\System\eEpLnDc.exe

C:\Windows\System\vtoasOV.exe

C:\Windows\System\vtoasOV.exe

C:\Windows\System\oZbHfsB.exe

C:\Windows\System\oZbHfsB.exe

C:\Windows\System\pngtwFT.exe

C:\Windows\System\pngtwFT.exe

C:\Windows\System\kDAtazu.exe

C:\Windows\System\kDAtazu.exe

C:\Windows\System\DvIaxOf.exe

C:\Windows\System\DvIaxOf.exe

C:\Windows\System\KaDdeGj.exe

C:\Windows\System\KaDdeGj.exe

C:\Windows\System\bYmlkDb.exe

C:\Windows\System\bYmlkDb.exe

C:\Windows\System\zvqRtAk.exe

C:\Windows\System\zvqRtAk.exe

C:\Windows\System\LtnJPai.exe

C:\Windows\System\LtnJPai.exe

C:\Windows\System\QzBdcFK.exe

C:\Windows\System\QzBdcFK.exe

C:\Windows\System\juTvqjH.exe

C:\Windows\System\juTvqjH.exe

C:\Windows\System\MXIZxjA.exe

C:\Windows\System\MXIZxjA.exe

C:\Windows\System\fDtxAGn.exe

C:\Windows\System\fDtxAGn.exe

C:\Windows\System\gohPRSU.exe

C:\Windows\System\gohPRSU.exe

C:\Windows\System\nHLYSKa.exe

C:\Windows\System\nHLYSKa.exe

C:\Windows\System\EFczYeS.exe

C:\Windows\System\EFczYeS.exe

C:\Windows\System\PWAhkns.exe

C:\Windows\System\PWAhkns.exe

C:\Windows\System\NMFoIsw.exe

C:\Windows\System\NMFoIsw.exe

C:\Windows\System\ixUZaoL.exe

C:\Windows\System\ixUZaoL.exe

C:\Windows\System\ZzhmdoC.exe

C:\Windows\System\ZzhmdoC.exe

C:\Windows\System\KqUcAUD.exe

C:\Windows\System\KqUcAUD.exe

C:\Windows\System\zwPpyYI.exe

C:\Windows\System\zwPpyYI.exe

C:\Windows\System\BDxIiIl.exe

C:\Windows\System\BDxIiIl.exe

C:\Windows\System\UDTGuId.exe

C:\Windows\System\UDTGuId.exe

C:\Windows\System\ydBwJUo.exe

C:\Windows\System\ydBwJUo.exe

C:\Windows\System\fbMtIhw.exe

C:\Windows\System\fbMtIhw.exe

C:\Windows\System\MQEDCbW.exe

C:\Windows\System\MQEDCbW.exe

C:\Windows\System\MrnucsF.exe

C:\Windows\System\MrnucsF.exe

C:\Windows\System\pphSdhm.exe

C:\Windows\System\pphSdhm.exe

C:\Windows\System\fRklhEy.exe

C:\Windows\System\fRklhEy.exe

C:\Windows\System\YsBeiPW.exe

C:\Windows\System\YsBeiPW.exe

C:\Windows\System\uEcgpuD.exe

C:\Windows\System\uEcgpuD.exe

C:\Windows\System\AIdMlPh.exe

C:\Windows\System\AIdMlPh.exe

C:\Windows\System\sHXsCfN.exe

C:\Windows\System\sHXsCfN.exe

C:\Windows\System\kkhejbm.exe

C:\Windows\System\kkhejbm.exe

C:\Windows\System\qOwhFuZ.exe

C:\Windows\System\qOwhFuZ.exe

C:\Windows\System\kuPGCYR.exe

C:\Windows\System\kuPGCYR.exe

C:\Windows\System\ORWXEqG.exe

C:\Windows\System\ORWXEqG.exe

C:\Windows\System\dEBeSdW.exe

C:\Windows\System\dEBeSdW.exe

C:\Windows\System\jyUDJsr.exe

C:\Windows\System\jyUDJsr.exe

C:\Windows\System\xUtIrXb.exe

C:\Windows\System\xUtIrXb.exe

C:\Windows\System\fhPlnby.exe

C:\Windows\System\fhPlnby.exe

C:\Windows\System\hjcGYzT.exe

C:\Windows\System\hjcGYzT.exe

C:\Windows\System\UBzurxW.exe

C:\Windows\System\UBzurxW.exe

C:\Windows\System\DpZFBqC.exe

C:\Windows\System\DpZFBqC.exe

C:\Windows\System\slFPNvT.exe

C:\Windows\System\slFPNvT.exe

C:\Windows\System\jPZCNQJ.exe

C:\Windows\System\jPZCNQJ.exe

C:\Windows\System\DcikPjS.exe

C:\Windows\System\DcikPjS.exe

C:\Windows\System\eVbDsUd.exe

C:\Windows\System\eVbDsUd.exe

C:\Windows\System\ZvkosQN.exe

C:\Windows\System\ZvkosQN.exe

C:\Windows\System\XFdmURd.exe

C:\Windows\System\XFdmURd.exe

C:\Windows\System\MAOHNiN.exe

C:\Windows\System\MAOHNiN.exe

C:\Windows\System\EpTeUrH.exe

C:\Windows\System\EpTeUrH.exe

C:\Windows\System\EabRlen.exe

C:\Windows\System\EabRlen.exe

C:\Windows\System\cRCqeZe.exe

C:\Windows\System\cRCqeZe.exe

C:\Windows\System\XKWdGIp.exe

C:\Windows\System\XKWdGIp.exe

C:\Windows\System\ZhVEPqS.exe

C:\Windows\System\ZhVEPqS.exe

C:\Windows\System\NfTUTwE.exe

C:\Windows\System\NfTUTwE.exe

C:\Windows\System\GXCyltm.exe

C:\Windows\System\GXCyltm.exe

C:\Windows\System\uuFBBAh.exe

C:\Windows\System\uuFBBAh.exe

C:\Windows\System\MfcuKtR.exe

C:\Windows\System\MfcuKtR.exe

C:\Windows\System\InZRUWy.exe

C:\Windows\System\InZRUWy.exe

C:\Windows\System\RYxHgNJ.exe

C:\Windows\System\RYxHgNJ.exe

C:\Windows\System\HXmvINT.exe

C:\Windows\System\HXmvINT.exe

C:\Windows\System\ronfSxY.exe

C:\Windows\System\ronfSxY.exe

C:\Windows\System\EfcssBh.exe

C:\Windows\System\EfcssBh.exe

C:\Windows\System\GSGKjXm.exe

C:\Windows\System\GSGKjXm.exe

C:\Windows\System\tsVTWBK.exe

C:\Windows\System\tsVTWBK.exe

C:\Windows\System\JPrPZEF.exe

C:\Windows\System\JPrPZEF.exe

C:\Windows\System\FXviWUy.exe

C:\Windows\System\FXviWUy.exe

C:\Windows\System\JezJFzj.exe

C:\Windows\System\JezJFzj.exe

C:\Windows\System\UcHrnrF.exe

C:\Windows\System\UcHrnrF.exe

C:\Windows\System\CurOpXm.exe

C:\Windows\System\CurOpXm.exe

C:\Windows\System\orzgzte.exe

C:\Windows\System\orzgzte.exe

C:\Windows\System\pHKcPej.exe

C:\Windows\System\pHKcPej.exe

C:\Windows\System\KtquevS.exe

C:\Windows\System\KtquevS.exe

C:\Windows\System\FDNralF.exe

C:\Windows\System\FDNralF.exe

C:\Windows\System\DUINLTl.exe

C:\Windows\System\DUINLTl.exe

C:\Windows\System\RxuxkhA.exe

C:\Windows\System\RxuxkhA.exe

C:\Windows\System\VXPBdiQ.exe

C:\Windows\System\VXPBdiQ.exe

C:\Windows\System\ugKomls.exe

C:\Windows\System\ugKomls.exe

C:\Windows\System\ruhvKdw.exe

C:\Windows\System\ruhvKdw.exe

C:\Windows\System\UALAVCT.exe

C:\Windows\System\UALAVCT.exe

C:\Windows\System\BDKeKmU.exe

C:\Windows\System\BDKeKmU.exe

C:\Windows\System\kDQTPRA.exe

C:\Windows\System\kDQTPRA.exe

C:\Windows\System\ForgfIV.exe

C:\Windows\System\ForgfIV.exe

C:\Windows\System\IkkhbmD.exe

C:\Windows\System\IkkhbmD.exe

C:\Windows\System\shQEHJV.exe

C:\Windows\System\shQEHJV.exe

C:\Windows\System\xyGotaz.exe

C:\Windows\System\xyGotaz.exe

C:\Windows\System\CkZvgKu.exe

C:\Windows\System\CkZvgKu.exe

C:\Windows\System\bfcCGJs.exe

C:\Windows\System\bfcCGJs.exe

C:\Windows\System\YOQQZmQ.exe

C:\Windows\System\YOQQZmQ.exe

C:\Windows\System\hBLzgNV.exe

C:\Windows\System\hBLzgNV.exe

C:\Windows\System\mxbuCVm.exe

C:\Windows\System\mxbuCVm.exe

C:\Windows\System\TLZjsYg.exe

C:\Windows\System\TLZjsYg.exe

C:\Windows\System\KGuyXTe.exe

C:\Windows\System\KGuyXTe.exe

C:\Windows\System\YrILXzd.exe

C:\Windows\System\YrILXzd.exe

C:\Windows\System\ZKyQtmo.exe

C:\Windows\System\ZKyQtmo.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

memory/4356-0-0x00007FF6AE8A0000-0x00007FF6AEBF4000-memory.dmp

memory/4356-1-0x00000205A48D0000-0x00000205A48E0000-memory.dmp

C:\Windows\System\BsxMkIS.exe

MD5 9a2e79e2ff2f85664d10dafa20f97c81
SHA1 c8ff5130b26d2e5c3e3941f978f377d5a77958bf
SHA256 71538044352853ff76f1ec0dc1a5b9a8f11008b73ea375fa4f0d6377b3b7ff1f
SHA512 802a852913a1b97ce4f3ad1ebee373bdc8b4db194b5bed31c757d000003f4aa54056dfbdb72f9fff7140de4f07d8ce3ebcc75f84043d100aca0035b5b0b631d2

C:\Windows\System\QzszJLU.exe

MD5 22f20bd2975cab734aab80dfa6a28a82
SHA1 5d48e1bc9df00899186eb730a07745d324cbed99
SHA256 3a57eedd1f426d00f4d396d1e844e2b09535dd5fe461ade227cfa1509a341d42
SHA512 86d90c3065ccabf958e51b54acfc7930af3d743bedf84ac9ea85059558f4e1a33b7ecdb204fb6f0f33fe72b9b7f384132d475e3ea3c972f61afac249a186ba24

C:\Windows\System\IQpWMaY.exe

MD5 d26c4b4780a8b7061dfc221f898a5744
SHA1 7b0c7965cbd075794c0242cad7e679f4b81e1ded
SHA256 eaf925b75cfc6d1639f4eae6ebb810c2dcedfb8ea9a5fce5a574171dd20146ae
SHA512 818e3403f609c931ebc7f16cb91556296581084af8e9cbced13cebe05b3fb6366a8fa2579b6c06ddab66a4aba3ba13db82a3aebe273fa62820375e966a5e6550

C:\Windows\System\HPAMQxs.exe

MD5 a05769652812878edcd8ed1eca283df2
SHA1 45cb556c93cf4600c4657c20ff303f786cf8dcc9
SHA256 ab2f662bcbb29dbb345f430171efc76d62dab2033e05be8df68544f863a44363
SHA512 879cf04032d281466da5e94ba4b7793cee3140a9a0cc09b28682fdc182ef78022c4735fb18f1ffb60bcfd5d0d6c884306f372319fb6fb1ce49e1d621fc4da756

C:\Windows\System\ttskUGH.exe

MD5 dfcaddec3fd8d01a209f4a0d44410e57
SHA1 61267a4d5820084c7b3b86b279fd56cbd6695aa5
SHA256 6602cb5634eb8b43ce4d11e0efc94f3395c4c029adf0eeda2c29317dce5dd09b
SHA512 e43bec2cb79acbdbec0d27eb99c69638ff3a1e288296281c37e5d5e2e0650b5ddec9a9157682242280f2ee8819fbf77c5a561086b5d869b3818c8da4316efa29

C:\Windows\System\EvbTTBv.exe

MD5 c7666ab16bfee29b41fe634b2f8307db
SHA1 55798092fa89507bc63886ebd50eb7f81741aa09
SHA256 0d7097268563e05d480c8d716c73265c94dedea38bbd512cb0b62793ec7db891
SHA512 42ad01aec53cea70999ae60218626787af0c43bd0675d10caa759a7ac57281920669ecf0f08fcb63c341a51975d26a1673b52d9fb04ab576fe2103ae25a36f69

memory/2036-86-0x00007FF65BDA0000-0x00007FF65C0F4000-memory.dmp

C:\Windows\System\FASMOsF.exe

MD5 bf390b85cbb59d383ff89f6ac2917a63
SHA1 c8a0bc401446fac1f297735cc02178767623bc60
SHA256 078a9bfaa0a8063a641af00286c03727761031ecdb4c7b8751fab825026d5bc4
SHA512 ee7fc1690247ec8a2029fbbbef3d564f393eb44bb6ddc6322c0a1d12db49900a65adc61099ba132ac9637fdb6e88a8701ee295b9a233ec298127d04ea822ee16

C:\Windows\System\HnPzAsL.exe

MD5 bf0c39ded4d7dbfb7fd1472c62b62ac3
SHA1 81639a465d824fbb81a4fbdbc81b7ceb447f057d
SHA256 37a90834afe3ef529f2f146580682fa7fe31b3c97c8dccb83bae6e24c1b2c95f
SHA512 9e79890e9879a7544d77832eb237da73324acc035c933fa38fe7db42bf1187c9f7b429e1b607c0c73836bb95a33570e69eb22dbeed51c1e2f543b8c8f937fd70

C:\Windows\System\rWrjDoi.exe

MD5 917e8d0a93d0606f839557e7db5b8f54
SHA1 6338e554bad0eaa07e5b9bce24324d400bc2b589
SHA256 a845a53bd1cfd7afd07631e29da4229b1c3d9e295f0ef76e0968b7a1d3bbbfd9
SHA512 fdbec0428878355ab4a64a7b929844894abdb763283f328e785b1b9de4dd0dee2a2d75d5da3834239e59ed57f04dc1bc9b61195b7c4d147d0834b9ec8ad66360

memory/1764-150-0x00007FF6C6C10000-0x00007FF6C6F64000-memory.dmp

memory/4480-154-0x00007FF6B3A60000-0x00007FF6B3DB4000-memory.dmp

memory/2700-157-0x00007FF6809F0000-0x00007FF680D44000-memory.dmp

memory/1784-158-0x00007FF6E2AE0000-0x00007FF6E2E34000-memory.dmp

memory/2904-156-0x00007FF7BF550000-0x00007FF7BF8A4000-memory.dmp

memory/4608-155-0x00007FF756400000-0x00007FF756754000-memory.dmp

memory/468-153-0x00007FF7E7600000-0x00007FF7E7954000-memory.dmp

memory/1928-152-0x00007FF7F1B40000-0x00007FF7F1E94000-memory.dmp

memory/4568-151-0x00007FF7418D0000-0x00007FF741C24000-memory.dmp

memory/3820-149-0x00007FF746900000-0x00007FF746C54000-memory.dmp

memory/2456-148-0x00007FF7AA7B0000-0x00007FF7AAB04000-memory.dmp

memory/5048-147-0x00007FF7E3E80000-0x00007FF7E41D4000-memory.dmp

C:\Windows\System\DlSpNkU.exe

MD5 2727e8dfff2926bace52bb7e375949cc
SHA1 4f2baa213d7dc00230f4e96e58d8a1ad98beee41
SHA256 426f5a72f2b7b971bfb0b18b4c787df571c146c44cfea81fd107be3bf42e5b2b
SHA512 ad271bb4353d5fa0bd49077177be4f6e93a2f5d9288e2a6a9464bf4dd6bae8bc22217c83a7757ed71660703f9333fe6c48c46513966cd66f04852658fd3d6e64

C:\Windows\System\uYnTlIW.exe

MD5 8773257224dc40e435778d05db2c4503
SHA1 50f67b08d3fcc28a0be356c494b300a252358ec8
SHA256 34fd5ec6dab09a8174d94c2a1956d8479a2aea6ca1411fb9edcdfc4bf3f9d090
SHA512 ee3fe52498e3ec6c4c4f089b1d4948178432beffa8c62992a087e6710f50f079d27762d5210c75af0ea401c7b2bb1bb93d6989b746b98f460c0403d3f18b8d12

C:\Windows\System\ZuifcKJ.exe

MD5 8961842761425dc117f4342bb44a73bd
SHA1 0c612c1ddf748fa54f7a9ad142d0d7cf353ca9d4
SHA256 4ac52cd94973daf8b7c8e6309ec6cb57ea54239835c4b9458b4176969fe08d91
SHA512 cf6fdaf7d8816cec222e79019b483b3675f6792705d9ac1f6160d69505c7dbbd44562641d062b6b03d2f426a7f6e673e3b07495ace95d0516cbf5a021feca256

C:\Windows\System\EnEiOqF.exe

MD5 1f285f27f660bfb1d665cadac161e2d6
SHA1 9929f9690b3d797e50aa4051e1a7b97cc42beb39
SHA256 6feecf9a483dbdd3e4f9c1d3bdf5d92da66d601cf903edcf612152848f8df348
SHA512 e764f3fd81664c0cc6a0283d00310ccf2cd8a43c55778b3488135fadcf3e2a3ae659cf46e6bcac362872d7859b371b66deb01927bccdeb0eb8cecae0ab7b2944

C:\Windows\System\IPbTgOn.exe

MD5 368f6d97b2fa9a78260ca4be11aff0b9
SHA1 e63e703969b116f3b475687ce5c65bf72a3b8a3c
SHA256 4ecad9ffe67fb3308703f952c23898e506b9f709b73fb71c7975d9f8e0007e9c
SHA512 3ca434c0c46e04062c4b3c01a7b8f58a8efc57320d7c7e38519fa69e343937dd362d8f0f43af00f2f004445cd43cee0c8fa1558f10eb614a0063ac245b6d2a3e

C:\Windows\System\caLilbj.exe

MD5 f2decc0af84270e02bf429256b184b45
SHA1 720bd9bdc6ff293f6372f0c1ab972e871aa48e58
SHA256 77bc20e8f4c31796f7cd6e6cecf10f4d8e250c4ad240e91a77de51b5b8fe2fc1
SHA512 6a9b4967057e214e40e0968eeec2edb53b6f11d6a1d42b45971014ecff8de3960922c6dd8dc75a8c50fcdd40a7bb88dd24bda6f06ed253965f42d283ce49f84f

C:\Windows\System\RZUBfaD.exe

MD5 b839c3e46371e73f4f1b81bc65aa94c1
SHA1 91481627fbc80acdebdee95efce4f1db063b3b27
SHA256 086051feca7639476e07bb58a2615b9180c4ec5bc88aa9fe3ed26010021af768
SHA512 d98bb7d641ace5c88dd2e0611edbd9de9cdcbf25e5dc6f6f87eb9896cd7c8a5b1dfd39031746dd485b3aacada38f59f5022aa66d6dae7c9db9dd3e64f09d4acb

C:\Windows\System\AhITLff.exe

MD5 8bd91bce9d613637316eab20e4b5ae81
SHA1 9d40af1bba2656146bcd609d2d6d589ff9cb79e2
SHA256 3c2c2588be4dd9c82d2b0f3497142383a35971baef5d4d2abc745dbd95465c89
SHA512 1789802cbc1144bf7b1c14e5bd451cacd3d7e5e5cdd2caa53223e967958fb85ebfae454ce99d6d4a763d7e9b913775e20129a9ef7d1fca308dd5b3626c74078f

C:\Windows\System\VYDinAm.exe

MD5 20c2c995ead915637dac306d40ce43d6
SHA1 e269be638cbf0ba9ad3332cc243a8eff32bc5a41
SHA256 bcfd16ef04621fc2e89c640139453f90d91f0cdb1af533dfbb3b51117ff9384b
SHA512 886297bca7f0221cdf0551ddbf1e18800b34a817e54311033eb3b7c31797a5a2210951cefe754ecbd7cb8ff4ac8feb913155e6467075d8d55a71ee3305ce0aed

memory/4308-122-0x00007FF784B10000-0x00007FF784E64000-memory.dmp

memory/3656-109-0x00007FF7AE430000-0x00007FF7AE784000-memory.dmp

memory/1520-83-0x00007FF6DE770000-0x00007FF6DEAC4000-memory.dmp

C:\Windows\System\DNfOiEW.exe

MD5 ef7863858004ddcdccc612221c4bd277
SHA1 4afd2c54e98d525cb0135097f3e1030975900a49
SHA256 59d22a14558a4393a481b2913bffb7ac7a78c1f9360705187e89a0cbdde83923
SHA512 26fa7e1fac0162ed9ff7601308321673924109502b2e7447be28639f67d420ddfef623f6a5ff433b8eabe118be5040e54ca542472171484b9c551588c8a7cbe8

memory/1192-78-0x00007FF64E290000-0x00007FF64E5E4000-memory.dmp

memory/1424-77-0x00007FF63E320000-0x00007FF63E674000-memory.dmp

C:\Windows\System\RdqjFyJ.exe

MD5 f85f5c8cdd7e71012eefd8a3c89bda74
SHA1 0a89b4a5fc3aed12aee005efaf15364fac3bff1c
SHA256 6431d960b6b8761b8fb7ff382748b4404b6fd7b29b8b81643ad81c4dfbafa869
SHA512 e7e4ff5f56a4e72e6812ce4c3e69b87b5b278e6c42f20207dddd0b699606d896d3c6a1b89591f432af35314637cc7a2e00ddea8810efba6db64ed42d23d84c41

memory/3400-72-0x00007FF6B4670000-0x00007FF6B49C4000-memory.dmp

memory/716-67-0x00007FF6F9460000-0x00007FF6F97B4000-memory.dmp

C:\Windows\System\bAqWBXh.exe

MD5 4fb21011582be66055632e5385f92095
SHA1 0a726d1de7af9634509d7dc4ebb6c5234fdbfff2
SHA256 32ae84cb0740fed8d6c752345576fafb28349e302ca79443f46e2f622c0a5f3c
SHA512 07a67b8b7e4f18256b2f0170cf361e1d7207a61fcfa74eb30e518ad93e24845bc51b94da7211b3a4797c5ec306943e591a3970243d743d94d365adcaac4acfad

C:\Windows\System\SnoasLM.exe

MD5 8ff63955c77b487fb9cdd6dd5a112922
SHA1 584a6adb98b37879479b7c81f98721b2f9162ba9
SHA256 ceca1f3934cf88579a454f3de4b580f5196a2cd9a0a872cc56d88765dbcccccd
SHA512 39a659f96e4fc54da78fcd6226c2253aba7540f332afa03efd763b0c069059eeb9564a9de84a5f6a884bedb3d6fb1991340d94ce0101a72f872fe34f2dd4c2ba

C:\Windows\System\TzRbQtl.exe

MD5 4270a646cd0e4aa08aafcfc8439797e8
SHA1 1d9726bbd96ac09e1b77117a969f9e0dec456a97
SHA256 49005bb457f1e1cc549d15375e3dac03ec473375c5c49e5e093ec35f35acc004
SHA512 f06c952726153a70d1b90a421f70031c602475301621668069834edeb4474ede940a9d3bb85338d9fb3613fe75578de64aeaa020f0e799f440450f3964797401

C:\Windows\System\kbIkHQc.exe

MD5 c466760be94e77b4d9c238ccbb2ebead
SHA1 40568491f5368c6605716cd4d4abcbd19d7b6b52
SHA256 543b1378c919fc94daa59a562b6def14176a7bdd9d2c16821d95bcde75770399
SHA512 98a95282fc2c303adb69a4b65f25e40f82a6e7a0dd5168cbd1944ec7e944aed1b337a566b31086b2f340d740dc8b958bdea680b915fcce0ac48018bd02639f75

memory/1460-49-0x00007FF7E86C0000-0x00007FF7E8A14000-memory.dmp

C:\Windows\System\yUdVrnE.exe

MD5 29ceec32e41dde63741c23d9d03f5898
SHA1 9328d96992d664f7edec7a7e37700c3875087263
SHA256 2c5a8d02837ba3b4af2c3c80b2356ab346053fa97ae0e812359b1f68dc2ec025
SHA512 99028da5f97c54000e1fb5d0f03c90236640b0ed8f288d398359abb642e7729ce780b2feed5aa5bade2b5011d2de3dfbbd330e4c84206647d70e35794c4e5501

memory/1332-38-0x00007FF7467D0000-0x00007FF746B24000-memory.dmp

memory/224-33-0x00007FF752600000-0x00007FF752954000-memory.dmp

C:\Windows\System\WQQNOfx.exe

MD5 88f789d41dabb641f0da9cfc91a54ae4
SHA1 f5d5673f9c369355cc5788b72d44f7beea89f8bd
SHA256 60a2a03156518757daaa172756804eec0c536cc2247930a2d90f1b99ddbb4421
SHA512 c77ecfc5f35715584c3d05fdb09e9055a2d28e42ce128b7558567eeb3ede254c52913c8e7a4f3ded3c81fe3f11b79a9fef8cf291eaface8e1755c3126ec93bf7

memory/1508-20-0x00007FF753040000-0x00007FF753394000-memory.dmp

memory/2996-19-0x00007FF719000000-0x00007FF719354000-memory.dmp

memory/440-10-0x00007FF68C2C0000-0x00007FF68C614000-memory.dmp

C:\Windows\System\BmylYuD.exe

MD5 9636d9128e773969750dcd191fdc1e44
SHA1 92f44fe95e02c215e2c18fc42c5d7190e17fc0d6
SHA256 c6fac4da237950414169ad59ef2cfd8749d03736c946bd9a13cff830fc99705b
SHA512 9dab377149f3bdb6e2c8d7f454fbd17b0af46c3f18065fd9b0b839b4ddf428bcbd10ebbc97a1b33a131849acf5f53be335c8e23659556d5e787c008819f88e97

memory/4248-169-0x00007FF6ABED0000-0x00007FF6AC224000-memory.dmp

C:\Windows\System\pLhBZDG.exe

MD5 fc6b2713efbd2091bb49684f51e840d7
SHA1 f00c67bccb04cf197cbf02ec2b9ac9ec01bea575
SHA256 b22303d59424a5e5f538d77e436ad75fb227a04dd10ce566503114a3d13c04c4
SHA512 4b703139b261442dabd425f1cf649a5361d5f49cb6d0c4c526b64189d0711b68550d90e12d998ed83d2f9de164bfb832673aa3bd19265dbf95a9a19680444401

C:\Windows\System\uQbQmTL.exe

MD5 5ad8b8ef06c931bb673ee1fe4e45083f
SHA1 85e691d37c8256600cd2ed23b52a86ccefd19176
SHA256 4701eeaecefd2ea297a52a4d9b5d505a25b394ea9a7fc0b3f8cab143cf0ba14e
SHA512 abedf630cf56bc1cb02a292204cc76661d00475c1cf0e2d877c8c2933607b19937ee7865a7de727dea6afd364cfe684310f024edf9e1057341c0ef34ac33d328

C:\Windows\System\UHIBJoD.exe

MD5 ca14ffa21bdfd55626c3696edb2cfcd9
SHA1 58b969a14728b459e3f86900f7c91e326640817a
SHA256 9ed4b43a0046681526edd80f02300cbeb08d70de652a1d3a13b85faf26a65804
SHA512 313ecc953cca1da6d1ebcc78b25d0fe752c682fe6e9511269d79986bda2baf654339b5d5e75cbe1e141c6d94a0d0e4cfb49460793ae09849687321c6f6e2284c

C:\Windows\System\UpYrzpX.exe

MD5 16b10b9a378ee302e1482c14b88781d1
SHA1 88b48ab7b4ab25f6f14c9f767b80d42b7bb79290
SHA256 c02d897163145726e87390be1cda19f338b5304d047262a2ffb24220ffbd327b
SHA512 2b380cbb77a6e1bce52da9f32ad471187d02ec9c58cb80c74ca51dcc88aadc9be3f37c1d8f9dc0f14af5bbb0b90240053757ee2e012ca7d0c03fe2d2e2457018

memory/3972-189-0x00007FF6ADC30000-0x00007FF6ADF84000-memory.dmp

memory/2944-186-0x00007FF6055F0000-0x00007FF605944000-memory.dmp

C:\Windows\System\zBQvJxp.exe

MD5 ebb4199091837e3bf83b6d6f65fa8f13
SHA1 73f95bac875c0b8d1226f769b6f730c82bca1a86
SHA256 63676d92673e4b024bb50b704ec01a0bbdad8228dec88b793f9e23f7853ce39e
SHA512 d929a8e28cb51cfb56d1305d8471f418d4f9c57648d45fea1979993b6182ceefd441a24890e15081649459f6a4da62f8451e039795718a1447e73f7e005d7a1e

C:\Windows\System\eexjWEp.exe

MD5 a716fbcceb555b649beac289be76a418
SHA1 7d2dc1a24398eaf3620a0d04f1bc57233e13feba
SHA256 b8d6baa7f9be003f9fd248df62d82411e35ffb2186a97a71418e48e9cf57b3f8
SHA512 c9d127bcef7e6476234cc05a6a29d4255b9a13a04caefc85ceb40351677b33ed94b93a554e70d16ab3f5bdef712966afc58f15413ac3dff7ee8bf331fc230e8c

C:\Windows\System\UUVISEr.exe

MD5 0a4803f77a273b1c428ee04471559cad
SHA1 7804173abb1a1b67ffbd1ae96b103de3d6069d84
SHA256 86149f6f6f3f141690bdbf22f9b920ee0f23236d5023bc21d83ad93a385ffc3e
SHA512 af2de499c1ca971436da7dd423d7c2007bd6c7b025c4f2bea2b5fc4914a60f2233fc1cfc1fcb2d58c5930e65ec67dc0b5db0310edd3e19726259e83ee27c0a80

memory/4356-935-0x00007FF6AE8A0000-0x00007FF6AEBF4000-memory.dmp

memory/224-1768-0x00007FF752600000-0x00007FF752954000-memory.dmp

memory/2996-1760-0x00007FF719000000-0x00007FF719354000-memory.dmp

memory/1332-1769-0x00007FF7467D0000-0x00007FF746B24000-memory.dmp

memory/1508-1765-0x00007FF753040000-0x00007FF753394000-memory.dmp

memory/716-2145-0x00007FF6F9460000-0x00007FF6F97B4000-memory.dmp

memory/1424-2146-0x00007FF63E320000-0x00007FF63E674000-memory.dmp

memory/1520-2147-0x00007FF6DE770000-0x00007FF6DEAC4000-memory.dmp

memory/4248-2148-0x00007FF6ABED0000-0x00007FF6AC224000-memory.dmp

memory/2944-2149-0x00007FF6055F0000-0x00007FF605944000-memory.dmp

memory/440-2150-0x00007FF68C2C0000-0x00007FF68C614000-memory.dmp

memory/2996-2151-0x00007FF719000000-0x00007FF719354000-memory.dmp

memory/1508-2152-0x00007FF753040000-0x00007FF753394000-memory.dmp

memory/1332-2154-0x00007FF7467D0000-0x00007FF746B24000-memory.dmp

memory/224-2153-0x00007FF752600000-0x00007FF752954000-memory.dmp

memory/3400-2156-0x00007FF6B4670000-0x00007FF6B49C4000-memory.dmp

memory/3656-2158-0x00007FF7AE430000-0x00007FF7AE784000-memory.dmp

memory/1192-2157-0x00007FF64E290000-0x00007FF64E5E4000-memory.dmp

memory/1460-2155-0x00007FF7E86C0000-0x00007FF7E8A14000-memory.dmp

memory/4308-2160-0x00007FF784B10000-0x00007FF784E64000-memory.dmp

memory/1424-2163-0x00007FF63E320000-0x00007FF63E674000-memory.dmp

memory/2700-2162-0x00007FF6809F0000-0x00007FF680D44000-memory.dmp

memory/716-2159-0x00007FF6F9460000-0x00007FF6F97B4000-memory.dmp

memory/1764-2169-0x00007FF6C6C10000-0x00007FF6C6F64000-memory.dmp

memory/1928-2172-0x00007FF7F1B40000-0x00007FF7F1E94000-memory.dmp

memory/2904-2175-0x00007FF7BF550000-0x00007FF7BF8A4000-memory.dmp

memory/4608-2174-0x00007FF756400000-0x00007FF756754000-memory.dmp

memory/4480-2173-0x00007FF6B3A60000-0x00007FF6B3DB4000-memory.dmp

memory/4568-2171-0x00007FF7418D0000-0x00007FF741C24000-memory.dmp

memory/468-2170-0x00007FF7E7600000-0x00007FF7E7954000-memory.dmp

memory/2036-2168-0x00007FF65BDA0000-0x00007FF65C0F4000-memory.dmp

memory/1520-2167-0x00007FF6DE770000-0x00007FF6DEAC4000-memory.dmp

memory/5048-2166-0x00007FF7E3E80000-0x00007FF7E41D4000-memory.dmp

memory/1784-2165-0x00007FF6E2AE0000-0x00007FF6E2E34000-memory.dmp

memory/2456-2164-0x00007FF7AA7B0000-0x00007FF7AAB04000-memory.dmp

memory/3820-2161-0x00007FF746900000-0x00007FF746C54000-memory.dmp

memory/4248-2176-0x00007FF6ABED0000-0x00007FF6AC224000-memory.dmp

memory/2944-2177-0x00007FF6055F0000-0x00007FF605944000-memory.dmp

memory/3972-2178-0x00007FF6ADC30000-0x00007FF6ADF84000-memory.dmp