Malware Analysis Report

2024-09-10 01:46

Sample ID 240613-nf3exawfnf
Target 77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe
SHA256 c5ceac8b04ac73fe446933b88152e254851ab72e34c26b40c905406fe06da653
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c5ceac8b04ac73fe446933b88152e254851ab72e34c26b40c905406fe06da653

Threat Level: Known bad

The file 77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 11:21

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 11:21

Reported

2024-06-13 11:23

Platform

win7-20240220-en

Max time kernel

149s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\aRCvJzz.exe N/A
N/A N/A C:\Windows\System\OrIJopO.exe N/A
N/A N/A C:\Windows\System\ATwbqgT.exe N/A
N/A N/A C:\Windows\System\VapfMFD.exe N/A
N/A N/A C:\Windows\System\VodlCVf.exe N/A
N/A N/A C:\Windows\System\WemLOfx.exe N/A
N/A N/A C:\Windows\System\dFwqIlc.exe N/A
N/A N/A C:\Windows\System\kasMafw.exe N/A
N/A N/A C:\Windows\System\cidahTN.exe N/A
N/A N/A C:\Windows\System\ZBCtqMW.exe N/A
N/A N/A C:\Windows\System\mZPMwdM.exe N/A
N/A N/A C:\Windows\System\QCeEkjo.exe N/A
N/A N/A C:\Windows\System\leqloQP.exe N/A
N/A N/A C:\Windows\System\HLhuSfl.exe N/A
N/A N/A C:\Windows\System\JJCKfkM.exe N/A
N/A N/A C:\Windows\System\wHfylea.exe N/A
N/A N/A C:\Windows\System\ANKhMXs.exe N/A
N/A N/A C:\Windows\System\uVUEuRv.exe N/A
N/A N/A C:\Windows\System\QpUCjnc.exe N/A
N/A N/A C:\Windows\System\clIVPZu.exe N/A
N/A N/A C:\Windows\System\pxXeUtu.exe N/A
N/A N/A C:\Windows\System\XhYXFDE.exe N/A
N/A N/A C:\Windows\System\UBCAROS.exe N/A
N/A N/A C:\Windows\System\JhCOOYj.exe N/A
N/A N/A C:\Windows\System\qRwORIs.exe N/A
N/A N/A C:\Windows\System\gnYSWTh.exe N/A
N/A N/A C:\Windows\System\UzxXEee.exe N/A
N/A N/A C:\Windows\System\iuONBoZ.exe N/A
N/A N/A C:\Windows\System\NxBeiqg.exe N/A
N/A N/A C:\Windows\System\sTkzbnV.exe N/A
N/A N/A C:\Windows\System\GwchhMM.exe N/A
N/A N/A C:\Windows\System\ZuxUUXo.exe N/A
N/A N/A C:\Windows\System\tGcFFKO.exe N/A
N/A N/A C:\Windows\System\ueQKLrG.exe N/A
N/A N/A C:\Windows\System\fbdizOg.exe N/A
N/A N/A C:\Windows\System\gkOIAaJ.exe N/A
N/A N/A C:\Windows\System\WUadysY.exe N/A
N/A N/A C:\Windows\System\kHJbAVY.exe N/A
N/A N/A C:\Windows\System\CuReHCb.exe N/A
N/A N/A C:\Windows\System\lZSOWCk.exe N/A
N/A N/A C:\Windows\System\kTfYSxQ.exe N/A
N/A N/A C:\Windows\System\LOpIqyL.exe N/A
N/A N/A C:\Windows\System\zAmRoMu.exe N/A
N/A N/A C:\Windows\System\jVbPqwP.exe N/A
N/A N/A C:\Windows\System\JcuEGjq.exe N/A
N/A N/A C:\Windows\System\NETdeDL.exe N/A
N/A N/A C:\Windows\System\YJEVcdQ.exe N/A
N/A N/A C:\Windows\System\EGbMiSw.exe N/A
N/A N/A C:\Windows\System\zqtiCjn.exe N/A
N/A N/A C:\Windows\System\OeQlaBL.exe N/A
N/A N/A C:\Windows\System\leLdgDc.exe N/A
N/A N/A C:\Windows\System\YuvjlBe.exe N/A
N/A N/A C:\Windows\System\HGXVKzt.exe N/A
N/A N/A C:\Windows\System\iWnturf.exe N/A
N/A N/A C:\Windows\System\KXTKZlx.exe N/A
N/A N/A C:\Windows\System\EeSQZaV.exe N/A
N/A N/A C:\Windows\System\IgdqfwT.exe N/A
N/A N/A C:\Windows\System\sGRqoxI.exe N/A
N/A N/A C:\Windows\System\FPLYXMf.exe N/A
N/A N/A C:\Windows\System\sOQaqDW.exe N/A
N/A N/A C:\Windows\System\AUifeYF.exe N/A
N/A N/A C:\Windows\System\dCBBpFg.exe N/A
N/A N/A C:\Windows\System\MxVUDaT.exe N/A
N/A N/A C:\Windows\System\hmUgqFx.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NomRVBx.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\AwRivLK.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkvCCKJ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcmLkmh.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\VajXBVY.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\MRoRnkw.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\xyqrugx.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\QlsPMNM.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\zgcDSOB.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\DkHSnbH.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZHkwypV.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\wcvFKlg.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPRIJkm.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\AAiNRcQ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhaQGUH.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCEAbWY.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\OVWOXoA.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\hukHnJR.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\siKXcXv.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\zbDAQtk.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\NeDuiEM.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\KycGhvu.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\KMmDODJ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\WcUHUyF.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\nyISiGg.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhaLigf.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghJUoKX.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\xuxJYOT.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\RHICaZk.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\NVxPKRx.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\gRxOGYJ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ThXNmfc.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKRasRV.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKRLwqS.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ITuQnKa.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\kkrvcxR.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ppXLYRZ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfqZNWv.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbnyjZB.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrnpuep.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzpawQD.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNiXcxz.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\hEHLcOA.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\xtiXcJK.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\tjjIjNT.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\uRicQDV.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\woXEXOO.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\YFguYQx.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\pOXLEKa.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\lpocWEj.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGEmwtF.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\crGAJpk.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPCZvud.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\YedWJWH.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXDbHgz.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGZUuaM.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLtUOuT.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\qURPwGb.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZLxEmwO.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\qvazYxr.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\cTkDOya.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\qkWDGFa.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzDZmZT.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZKSKMbn.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2908 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2908 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2908 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\aRCvJzz.exe
PID 2908 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\aRCvJzz.exe
PID 2908 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\aRCvJzz.exe
PID 2908 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\VapfMFD.exe
PID 2908 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\VapfMFD.exe
PID 2908 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\VapfMFD.exe
PID 2908 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\OrIJopO.exe
PID 2908 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\OrIJopO.exe
PID 2908 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\OrIJopO.exe
PID 2908 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\VodlCVf.exe
PID 2908 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\VodlCVf.exe
PID 2908 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\VodlCVf.exe
PID 2908 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ATwbqgT.exe
PID 2908 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ATwbqgT.exe
PID 2908 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ATwbqgT.exe
PID 2908 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\kasMafw.exe
PID 2908 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\kasMafw.exe
PID 2908 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\kasMafw.exe
PID 2908 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\WemLOfx.exe
PID 2908 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\WemLOfx.exe
PID 2908 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\WemLOfx.exe
PID 2908 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\cidahTN.exe
PID 2908 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\cidahTN.exe
PID 2908 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\cidahTN.exe
PID 2908 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\dFwqIlc.exe
PID 2908 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\dFwqIlc.exe
PID 2908 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\dFwqIlc.exe
PID 2908 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ZBCtqMW.exe
PID 2908 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ZBCtqMW.exe
PID 2908 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ZBCtqMW.exe
PID 2908 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\mZPMwdM.exe
PID 2908 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\mZPMwdM.exe
PID 2908 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\mZPMwdM.exe
PID 2908 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\QCeEkjo.exe
PID 2908 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\QCeEkjo.exe
PID 2908 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\QCeEkjo.exe
PID 2908 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\leqloQP.exe
PID 2908 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\leqloQP.exe
PID 2908 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\leqloQP.exe
PID 2908 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\JJCKfkM.exe
PID 2908 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\JJCKfkM.exe
PID 2908 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\JJCKfkM.exe
PID 2908 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\HLhuSfl.exe
PID 2908 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\HLhuSfl.exe
PID 2908 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\HLhuSfl.exe
PID 2908 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\wHfylea.exe
PID 2908 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\wHfylea.exe
PID 2908 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\wHfylea.exe
PID 2908 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ANKhMXs.exe
PID 2908 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ANKhMXs.exe
PID 2908 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ANKhMXs.exe
PID 2908 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\uVUEuRv.exe
PID 2908 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\uVUEuRv.exe
PID 2908 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\uVUEuRv.exe
PID 2908 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\QpUCjnc.exe
PID 2908 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\QpUCjnc.exe
PID 2908 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\QpUCjnc.exe
PID 2908 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\clIVPZu.exe
PID 2908 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\clIVPZu.exe
PID 2908 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\clIVPZu.exe
PID 2908 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\pxXeUtu.exe

Processes

C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\aRCvJzz.exe

C:\Windows\System\aRCvJzz.exe

C:\Windows\System\VapfMFD.exe

C:\Windows\System\VapfMFD.exe

C:\Windows\System\OrIJopO.exe

C:\Windows\System\OrIJopO.exe

C:\Windows\System\VodlCVf.exe

C:\Windows\System\VodlCVf.exe

C:\Windows\System\ATwbqgT.exe

C:\Windows\System\ATwbqgT.exe

C:\Windows\System\kasMafw.exe

C:\Windows\System\kasMafw.exe

C:\Windows\System\WemLOfx.exe

C:\Windows\System\WemLOfx.exe

C:\Windows\System\cidahTN.exe

C:\Windows\System\cidahTN.exe

C:\Windows\System\dFwqIlc.exe

C:\Windows\System\dFwqIlc.exe

C:\Windows\System\ZBCtqMW.exe

C:\Windows\System\ZBCtqMW.exe

C:\Windows\System\mZPMwdM.exe

C:\Windows\System\mZPMwdM.exe

C:\Windows\System\QCeEkjo.exe

C:\Windows\System\QCeEkjo.exe

C:\Windows\System\leqloQP.exe

C:\Windows\System\leqloQP.exe

C:\Windows\System\JJCKfkM.exe

C:\Windows\System\JJCKfkM.exe

C:\Windows\System\HLhuSfl.exe

C:\Windows\System\HLhuSfl.exe

C:\Windows\System\wHfylea.exe

C:\Windows\System\wHfylea.exe

C:\Windows\System\ANKhMXs.exe

C:\Windows\System\ANKhMXs.exe

C:\Windows\System\uVUEuRv.exe

C:\Windows\System\uVUEuRv.exe

C:\Windows\System\QpUCjnc.exe

C:\Windows\System\QpUCjnc.exe

C:\Windows\System\clIVPZu.exe

C:\Windows\System\clIVPZu.exe

C:\Windows\System\pxXeUtu.exe

C:\Windows\System\pxXeUtu.exe

C:\Windows\System\XhYXFDE.exe

C:\Windows\System\XhYXFDE.exe

C:\Windows\System\UBCAROS.exe

C:\Windows\System\UBCAROS.exe

C:\Windows\System\JhCOOYj.exe

C:\Windows\System\JhCOOYj.exe

C:\Windows\System\qRwORIs.exe

C:\Windows\System\qRwORIs.exe

C:\Windows\System\gnYSWTh.exe

C:\Windows\System\gnYSWTh.exe

C:\Windows\System\UzxXEee.exe

C:\Windows\System\UzxXEee.exe

C:\Windows\System\iuONBoZ.exe

C:\Windows\System\iuONBoZ.exe

C:\Windows\System\NxBeiqg.exe

C:\Windows\System\NxBeiqg.exe

C:\Windows\System\sTkzbnV.exe

C:\Windows\System\sTkzbnV.exe

C:\Windows\System\GwchhMM.exe

C:\Windows\System\GwchhMM.exe

C:\Windows\System\ZuxUUXo.exe

C:\Windows\System\ZuxUUXo.exe

C:\Windows\System\tGcFFKO.exe

C:\Windows\System\tGcFFKO.exe

C:\Windows\System\ueQKLrG.exe

C:\Windows\System\ueQKLrG.exe

C:\Windows\System\fbdizOg.exe

C:\Windows\System\fbdizOg.exe

C:\Windows\System\gkOIAaJ.exe

C:\Windows\System\gkOIAaJ.exe

C:\Windows\System\WUadysY.exe

C:\Windows\System\WUadysY.exe

C:\Windows\System\kHJbAVY.exe

C:\Windows\System\kHJbAVY.exe

C:\Windows\System\CuReHCb.exe

C:\Windows\System\CuReHCb.exe

C:\Windows\System\kTfYSxQ.exe

C:\Windows\System\kTfYSxQ.exe

C:\Windows\System\lZSOWCk.exe

C:\Windows\System\lZSOWCk.exe

C:\Windows\System\jVbPqwP.exe

C:\Windows\System\jVbPqwP.exe

C:\Windows\System\LOpIqyL.exe

C:\Windows\System\LOpIqyL.exe

C:\Windows\System\NETdeDL.exe

C:\Windows\System\NETdeDL.exe

C:\Windows\System\zAmRoMu.exe

C:\Windows\System\zAmRoMu.exe

C:\Windows\System\YJEVcdQ.exe

C:\Windows\System\YJEVcdQ.exe

C:\Windows\System\JcuEGjq.exe

C:\Windows\System\JcuEGjq.exe

C:\Windows\System\EGbMiSw.exe

C:\Windows\System\EGbMiSw.exe

C:\Windows\System\zqtiCjn.exe

C:\Windows\System\zqtiCjn.exe

C:\Windows\System\OeQlaBL.exe

C:\Windows\System\OeQlaBL.exe

C:\Windows\System\leLdgDc.exe

C:\Windows\System\leLdgDc.exe

C:\Windows\System\YuvjlBe.exe

C:\Windows\System\YuvjlBe.exe

C:\Windows\System\HGXVKzt.exe

C:\Windows\System\HGXVKzt.exe

C:\Windows\System\EeSQZaV.exe

C:\Windows\System\EeSQZaV.exe

C:\Windows\System\iWnturf.exe

C:\Windows\System\iWnturf.exe

C:\Windows\System\sGRqoxI.exe

C:\Windows\System\sGRqoxI.exe

C:\Windows\System\KXTKZlx.exe

C:\Windows\System\KXTKZlx.exe

C:\Windows\System\FPLYXMf.exe

C:\Windows\System\FPLYXMf.exe

C:\Windows\System\IgdqfwT.exe

C:\Windows\System\IgdqfwT.exe

C:\Windows\System\sOQaqDW.exe

C:\Windows\System\sOQaqDW.exe

C:\Windows\System\AUifeYF.exe

C:\Windows\System\AUifeYF.exe

C:\Windows\System\dCBBpFg.exe

C:\Windows\System\dCBBpFg.exe

C:\Windows\System\MxVUDaT.exe

C:\Windows\System\MxVUDaT.exe

C:\Windows\System\hmUgqFx.exe

C:\Windows\System\hmUgqFx.exe

C:\Windows\System\FjkcfHz.exe

C:\Windows\System\FjkcfHz.exe

C:\Windows\System\JamCAHI.exe

C:\Windows\System\JamCAHI.exe

C:\Windows\System\utMyaoV.exe

C:\Windows\System\utMyaoV.exe

C:\Windows\System\sBmwRLK.exe

C:\Windows\System\sBmwRLK.exe

C:\Windows\System\QrCmUUP.exe

C:\Windows\System\QrCmUUP.exe

C:\Windows\System\iRMmINT.exe

C:\Windows\System\iRMmINT.exe

C:\Windows\System\maxEQLC.exe

C:\Windows\System\maxEQLC.exe

C:\Windows\System\QAuYrbp.exe

C:\Windows\System\QAuYrbp.exe

C:\Windows\System\mfbHeQE.exe

C:\Windows\System\mfbHeQE.exe

C:\Windows\System\ZZpqJec.exe

C:\Windows\System\ZZpqJec.exe

C:\Windows\System\telaSsN.exe

C:\Windows\System\telaSsN.exe

C:\Windows\System\riWdVhJ.exe

C:\Windows\System\riWdVhJ.exe

C:\Windows\System\SJtwWxp.exe

C:\Windows\System\SJtwWxp.exe

C:\Windows\System\ZyFqopX.exe

C:\Windows\System\ZyFqopX.exe

C:\Windows\System\uQiwiJl.exe

C:\Windows\System\uQiwiJl.exe

C:\Windows\System\MSrbBxX.exe

C:\Windows\System\MSrbBxX.exe

C:\Windows\System\RGUFgvz.exe

C:\Windows\System\RGUFgvz.exe

C:\Windows\System\RNNQORA.exe

C:\Windows\System\RNNQORA.exe

C:\Windows\System\BNmceql.exe

C:\Windows\System\BNmceql.exe

C:\Windows\System\PhKoCJy.exe

C:\Windows\System\PhKoCJy.exe

C:\Windows\System\LkYMwja.exe

C:\Windows\System\LkYMwja.exe

C:\Windows\System\QuQMxxX.exe

C:\Windows\System\QuQMxxX.exe

C:\Windows\System\rMUcqjw.exe

C:\Windows\System\rMUcqjw.exe

C:\Windows\System\kyqBUbE.exe

C:\Windows\System\kyqBUbE.exe

C:\Windows\System\rRHBmcR.exe

C:\Windows\System\rRHBmcR.exe

C:\Windows\System\kofgVKU.exe

C:\Windows\System\kofgVKU.exe

C:\Windows\System\SxEuGFY.exe

C:\Windows\System\SxEuGFY.exe

C:\Windows\System\EUGZRrW.exe

C:\Windows\System\EUGZRrW.exe

C:\Windows\System\EgsGzVq.exe

C:\Windows\System\EgsGzVq.exe

C:\Windows\System\vuMakxJ.exe

C:\Windows\System\vuMakxJ.exe

C:\Windows\System\IGoZvKZ.exe

C:\Windows\System\IGoZvKZ.exe

C:\Windows\System\nIJJOHV.exe

C:\Windows\System\nIJJOHV.exe

C:\Windows\System\LqfgijL.exe

C:\Windows\System\LqfgijL.exe

C:\Windows\System\FkTgMEG.exe

C:\Windows\System\FkTgMEG.exe

C:\Windows\System\jbmRuUN.exe

C:\Windows\System\jbmRuUN.exe

C:\Windows\System\OHJZrDx.exe

C:\Windows\System\OHJZrDx.exe

C:\Windows\System\HoMFTxB.exe

C:\Windows\System\HoMFTxB.exe

C:\Windows\System\ubavxpR.exe

C:\Windows\System\ubavxpR.exe

C:\Windows\System\qVmLVWo.exe

C:\Windows\System\qVmLVWo.exe

C:\Windows\System\UuNNZND.exe

C:\Windows\System\UuNNZND.exe

C:\Windows\System\quTJpaw.exe

C:\Windows\System\quTJpaw.exe

C:\Windows\System\NNhozfm.exe

C:\Windows\System\NNhozfm.exe

C:\Windows\System\fMbeiul.exe

C:\Windows\System\fMbeiul.exe

C:\Windows\System\cDpCMZo.exe

C:\Windows\System\cDpCMZo.exe

C:\Windows\System\vQPnafL.exe

C:\Windows\System\vQPnafL.exe

C:\Windows\System\IoONSyG.exe

C:\Windows\System\IoONSyG.exe

C:\Windows\System\nOjMRrV.exe

C:\Windows\System\nOjMRrV.exe

C:\Windows\System\uhfLMee.exe

C:\Windows\System\uhfLMee.exe

C:\Windows\System\LMzTWIA.exe

C:\Windows\System\LMzTWIA.exe

C:\Windows\System\Qwnnaob.exe

C:\Windows\System\Qwnnaob.exe

C:\Windows\System\yEbuHtX.exe

C:\Windows\System\yEbuHtX.exe

C:\Windows\System\qgCMAvI.exe

C:\Windows\System\qgCMAvI.exe

C:\Windows\System\mVojJuq.exe

C:\Windows\System\mVojJuq.exe

C:\Windows\System\rgamJCG.exe

C:\Windows\System\rgamJCG.exe

C:\Windows\System\mPNRRQK.exe

C:\Windows\System\mPNRRQK.exe

C:\Windows\System\WezHqDP.exe

C:\Windows\System\WezHqDP.exe

C:\Windows\System\jeFEsKu.exe

C:\Windows\System\jeFEsKu.exe

C:\Windows\System\OHCDcDb.exe

C:\Windows\System\OHCDcDb.exe

C:\Windows\System\DygesMa.exe

C:\Windows\System\DygesMa.exe

C:\Windows\System\OfmWbOz.exe

C:\Windows\System\OfmWbOz.exe

C:\Windows\System\fBrdPeS.exe

C:\Windows\System\fBrdPeS.exe

C:\Windows\System\ctkvrTv.exe

C:\Windows\System\ctkvrTv.exe

C:\Windows\System\BYyOImV.exe

C:\Windows\System\BYyOImV.exe

C:\Windows\System\tIvpjKy.exe

C:\Windows\System\tIvpjKy.exe

C:\Windows\System\dUwBHji.exe

C:\Windows\System\dUwBHji.exe

C:\Windows\System\niECOqv.exe

C:\Windows\System\niECOqv.exe

C:\Windows\System\GMETohh.exe

C:\Windows\System\GMETohh.exe

C:\Windows\System\IBZnOqr.exe

C:\Windows\System\IBZnOqr.exe

C:\Windows\System\PPkiffN.exe

C:\Windows\System\PPkiffN.exe

C:\Windows\System\yuGUgce.exe

C:\Windows\System\yuGUgce.exe

C:\Windows\System\bwxhgTE.exe

C:\Windows\System\bwxhgTE.exe

C:\Windows\System\HyOjimD.exe

C:\Windows\System\HyOjimD.exe

C:\Windows\System\IObqKYc.exe

C:\Windows\System\IObqKYc.exe

C:\Windows\System\XNWopDg.exe

C:\Windows\System\XNWopDg.exe

C:\Windows\System\WAjFEBU.exe

C:\Windows\System\WAjFEBU.exe

C:\Windows\System\qLmOEbh.exe

C:\Windows\System\qLmOEbh.exe

C:\Windows\System\NTcoczk.exe

C:\Windows\System\NTcoczk.exe

C:\Windows\System\hNXVXKF.exe

C:\Windows\System\hNXVXKF.exe

C:\Windows\System\vGBKQHp.exe

C:\Windows\System\vGBKQHp.exe

C:\Windows\System\CpAySSR.exe

C:\Windows\System\CpAySSR.exe

C:\Windows\System\PgvnfXm.exe

C:\Windows\System\PgvnfXm.exe

C:\Windows\System\GRqEiLn.exe

C:\Windows\System\GRqEiLn.exe

C:\Windows\System\ONggVnA.exe

C:\Windows\System\ONggVnA.exe

C:\Windows\System\XxDeNGa.exe

C:\Windows\System\XxDeNGa.exe

C:\Windows\System\LTcXyDb.exe

C:\Windows\System\LTcXyDb.exe

C:\Windows\System\qYpHgoJ.exe

C:\Windows\System\qYpHgoJ.exe

C:\Windows\System\bsVcuhD.exe

C:\Windows\System\bsVcuhD.exe

C:\Windows\System\SsScyom.exe

C:\Windows\System\SsScyom.exe

C:\Windows\System\kLEPuxl.exe

C:\Windows\System\kLEPuxl.exe

C:\Windows\System\aROjcCV.exe

C:\Windows\System\aROjcCV.exe

C:\Windows\System\fkjeRKI.exe

C:\Windows\System\fkjeRKI.exe

C:\Windows\System\mgnlESX.exe

C:\Windows\System\mgnlESX.exe

C:\Windows\System\WHzOQGC.exe

C:\Windows\System\WHzOQGC.exe

C:\Windows\System\qDiMDPE.exe

C:\Windows\System\qDiMDPE.exe

C:\Windows\System\mjKUYwN.exe

C:\Windows\System\mjKUYwN.exe

C:\Windows\System\PKsrpCy.exe

C:\Windows\System\PKsrpCy.exe

C:\Windows\System\xsPyFRQ.exe

C:\Windows\System\xsPyFRQ.exe

C:\Windows\System\fiurWyj.exe

C:\Windows\System\fiurWyj.exe

C:\Windows\System\OjgMNoQ.exe

C:\Windows\System\OjgMNoQ.exe

C:\Windows\System\kvchUfJ.exe

C:\Windows\System\kvchUfJ.exe

C:\Windows\System\rINdRZs.exe

C:\Windows\System\rINdRZs.exe

C:\Windows\System\vqZupNJ.exe

C:\Windows\System\vqZupNJ.exe

C:\Windows\System\naVDDSK.exe

C:\Windows\System\naVDDSK.exe

C:\Windows\System\WmHDQWM.exe

C:\Windows\System\WmHDQWM.exe

C:\Windows\System\soXceiE.exe

C:\Windows\System\soXceiE.exe

C:\Windows\System\llfjBxO.exe

C:\Windows\System\llfjBxO.exe

C:\Windows\System\JFdRLhZ.exe

C:\Windows\System\JFdRLhZ.exe

C:\Windows\System\wjxCtjn.exe

C:\Windows\System\wjxCtjn.exe

C:\Windows\System\FlsxoAJ.exe

C:\Windows\System\FlsxoAJ.exe

C:\Windows\System\IGjvnDk.exe

C:\Windows\System\IGjvnDk.exe

C:\Windows\System\yueLTQv.exe

C:\Windows\System\yueLTQv.exe

C:\Windows\System\WEnOLAp.exe

C:\Windows\System\WEnOLAp.exe

C:\Windows\System\brXDwqF.exe

C:\Windows\System\brXDwqF.exe

C:\Windows\System\EPCyvJx.exe

C:\Windows\System\EPCyvJx.exe

C:\Windows\System\JjSUzZV.exe

C:\Windows\System\JjSUzZV.exe

C:\Windows\System\YMHgxGd.exe

C:\Windows\System\YMHgxGd.exe

C:\Windows\System\rpgfBrU.exe

C:\Windows\System\rpgfBrU.exe

C:\Windows\System\vANzLbO.exe

C:\Windows\System\vANzLbO.exe

C:\Windows\System\mfEEixU.exe

C:\Windows\System\mfEEixU.exe

C:\Windows\System\wCUhsnE.exe

C:\Windows\System\wCUhsnE.exe

C:\Windows\System\QDVipKL.exe

C:\Windows\System\QDVipKL.exe

C:\Windows\System\SoceGpl.exe

C:\Windows\System\SoceGpl.exe

C:\Windows\System\VtOShCX.exe

C:\Windows\System\VtOShCX.exe

C:\Windows\System\AafBctv.exe

C:\Windows\System\AafBctv.exe

C:\Windows\System\IlkwhqU.exe

C:\Windows\System\IlkwhqU.exe

C:\Windows\System\shlJUxq.exe

C:\Windows\System\shlJUxq.exe

C:\Windows\System\aBNDMKj.exe

C:\Windows\System\aBNDMKj.exe

C:\Windows\System\SKuwQWN.exe

C:\Windows\System\SKuwQWN.exe

C:\Windows\System\CLdpyXB.exe

C:\Windows\System\CLdpyXB.exe

C:\Windows\System\cWUHUQr.exe

C:\Windows\System\cWUHUQr.exe

C:\Windows\System\MajBnIf.exe

C:\Windows\System\MajBnIf.exe

C:\Windows\System\FeyxHwd.exe

C:\Windows\System\FeyxHwd.exe

C:\Windows\System\QfhzvQZ.exe

C:\Windows\System\QfhzvQZ.exe

C:\Windows\System\WhWBDus.exe

C:\Windows\System\WhWBDus.exe

C:\Windows\System\AMqhKst.exe

C:\Windows\System\AMqhKst.exe

C:\Windows\System\BoJUuCH.exe

C:\Windows\System\BoJUuCH.exe

C:\Windows\System\qndJxXk.exe

C:\Windows\System\qndJxXk.exe

C:\Windows\System\QhgbBZN.exe

C:\Windows\System\QhgbBZN.exe

C:\Windows\System\hxlgnhA.exe

C:\Windows\System\hxlgnhA.exe

C:\Windows\System\ubhuSpg.exe

C:\Windows\System\ubhuSpg.exe

C:\Windows\System\nKHCqHx.exe

C:\Windows\System\nKHCqHx.exe

C:\Windows\System\yxywVrf.exe

C:\Windows\System\yxywVrf.exe

C:\Windows\System\ovouphl.exe

C:\Windows\System\ovouphl.exe

C:\Windows\System\UIbCQFV.exe

C:\Windows\System\UIbCQFV.exe

C:\Windows\System\GlsdhPt.exe

C:\Windows\System\GlsdhPt.exe

C:\Windows\System\WtXxnXA.exe

C:\Windows\System\WtXxnXA.exe

C:\Windows\System\YlNhCLk.exe

C:\Windows\System\YlNhCLk.exe

C:\Windows\System\AKhAurB.exe

C:\Windows\System\AKhAurB.exe

C:\Windows\System\ifErgOG.exe

C:\Windows\System\ifErgOG.exe

C:\Windows\System\stIGmyL.exe

C:\Windows\System\stIGmyL.exe

C:\Windows\System\wDbPgSh.exe

C:\Windows\System\wDbPgSh.exe

C:\Windows\System\HGeNZXC.exe

C:\Windows\System\HGeNZXC.exe

C:\Windows\System\VPXZdCy.exe

C:\Windows\System\VPXZdCy.exe

C:\Windows\System\DewoJIw.exe

C:\Windows\System\DewoJIw.exe

C:\Windows\System\SqxXoRq.exe

C:\Windows\System\SqxXoRq.exe

C:\Windows\System\FuiIWto.exe

C:\Windows\System\FuiIWto.exe

C:\Windows\System\mphIORE.exe

C:\Windows\System\mphIORE.exe

C:\Windows\System\OediFBf.exe

C:\Windows\System\OediFBf.exe

C:\Windows\System\apRajfo.exe

C:\Windows\System\apRajfo.exe

C:\Windows\System\uoifdCS.exe

C:\Windows\System\uoifdCS.exe

C:\Windows\System\ccCkcnA.exe

C:\Windows\System\ccCkcnA.exe

C:\Windows\System\bZFyszm.exe

C:\Windows\System\bZFyszm.exe

C:\Windows\System\fAZpcpd.exe

C:\Windows\System\fAZpcpd.exe

C:\Windows\System\jOmhPUg.exe

C:\Windows\System\jOmhPUg.exe

C:\Windows\System\eZWODLY.exe

C:\Windows\System\eZWODLY.exe

C:\Windows\System\CGhJrSJ.exe

C:\Windows\System\CGhJrSJ.exe

C:\Windows\System\FmVnfHr.exe

C:\Windows\System\FmVnfHr.exe

C:\Windows\System\oGtaYKW.exe

C:\Windows\System\oGtaYKW.exe

C:\Windows\System\vxfibZf.exe

C:\Windows\System\vxfibZf.exe

C:\Windows\System\blsXEBI.exe

C:\Windows\System\blsXEBI.exe

C:\Windows\System\SPWWAhi.exe

C:\Windows\System\SPWWAhi.exe

C:\Windows\System\oKGeohj.exe

C:\Windows\System\oKGeohj.exe

C:\Windows\System\rCQxTwh.exe

C:\Windows\System\rCQxTwh.exe

C:\Windows\System\WuQhKYi.exe

C:\Windows\System\WuQhKYi.exe

C:\Windows\System\OQXZXQE.exe

C:\Windows\System\OQXZXQE.exe

C:\Windows\System\NETTHoy.exe

C:\Windows\System\NETTHoy.exe

C:\Windows\System\QFROxYl.exe

C:\Windows\System\QFROxYl.exe

C:\Windows\System\rVJSUBA.exe

C:\Windows\System\rVJSUBA.exe

C:\Windows\System\nZlDAUo.exe

C:\Windows\System\nZlDAUo.exe

C:\Windows\System\vCanqZe.exe

C:\Windows\System\vCanqZe.exe

C:\Windows\System\AooTpTg.exe

C:\Windows\System\AooTpTg.exe

C:\Windows\System\oCAbkri.exe

C:\Windows\System\oCAbkri.exe

C:\Windows\System\vhBXBbK.exe

C:\Windows\System\vhBXBbK.exe

C:\Windows\System\LKipnlH.exe

C:\Windows\System\LKipnlH.exe

C:\Windows\System\CqOnFjj.exe

C:\Windows\System\CqOnFjj.exe

C:\Windows\System\IBeHdMt.exe

C:\Windows\System\IBeHdMt.exe

C:\Windows\System\ycJYqCp.exe

C:\Windows\System\ycJYqCp.exe

C:\Windows\System\YDgUWos.exe

C:\Windows\System\YDgUWos.exe

C:\Windows\System\wqYAboM.exe

C:\Windows\System\wqYAboM.exe

C:\Windows\System\UjTmPnt.exe

C:\Windows\System\UjTmPnt.exe

C:\Windows\System\vlBzzix.exe

C:\Windows\System\vlBzzix.exe

C:\Windows\System\zUNkqbp.exe

C:\Windows\System\zUNkqbp.exe

C:\Windows\System\PkBgLTf.exe

C:\Windows\System\PkBgLTf.exe

C:\Windows\System\QOVVWwN.exe

C:\Windows\System\QOVVWwN.exe

C:\Windows\System\dxqhnBW.exe

C:\Windows\System\dxqhnBW.exe

C:\Windows\System\eiseGzu.exe

C:\Windows\System\eiseGzu.exe

C:\Windows\System\IYGhsPG.exe

C:\Windows\System\IYGhsPG.exe

C:\Windows\System\bXPVFRS.exe

C:\Windows\System\bXPVFRS.exe

C:\Windows\System\CXZIkgm.exe

C:\Windows\System\CXZIkgm.exe

C:\Windows\System\iaFWOxA.exe

C:\Windows\System\iaFWOxA.exe

C:\Windows\System\lXhSbbj.exe

C:\Windows\System\lXhSbbj.exe

C:\Windows\System\EFhLOmA.exe

C:\Windows\System\EFhLOmA.exe

C:\Windows\System\LHeFDKK.exe

C:\Windows\System\LHeFDKK.exe

C:\Windows\System\qVBVHjg.exe

C:\Windows\System\qVBVHjg.exe

C:\Windows\System\IJVUuqg.exe

C:\Windows\System\IJVUuqg.exe

C:\Windows\System\rUedytR.exe

C:\Windows\System\rUedytR.exe

C:\Windows\System\aGeOgrF.exe

C:\Windows\System\aGeOgrF.exe

C:\Windows\System\oHjzeSb.exe

C:\Windows\System\oHjzeSb.exe

C:\Windows\System\BLrqBTr.exe

C:\Windows\System\BLrqBTr.exe

C:\Windows\System\UCvcNWa.exe

C:\Windows\System\UCvcNWa.exe

C:\Windows\System\ymObzMm.exe

C:\Windows\System\ymObzMm.exe

C:\Windows\System\tlwdlXo.exe

C:\Windows\System\tlwdlXo.exe

C:\Windows\System\YyUgmju.exe

C:\Windows\System\YyUgmju.exe

C:\Windows\System\XkNAaFJ.exe

C:\Windows\System\XkNAaFJ.exe

C:\Windows\System\BoadtAe.exe

C:\Windows\System\BoadtAe.exe

C:\Windows\System\eItHoIk.exe

C:\Windows\System\eItHoIk.exe

C:\Windows\System\PhzViPS.exe

C:\Windows\System\PhzViPS.exe

C:\Windows\System\SrSReYM.exe

C:\Windows\System\SrSReYM.exe

C:\Windows\System\MBgFcWh.exe

C:\Windows\System\MBgFcWh.exe

C:\Windows\System\xeSBiAk.exe

C:\Windows\System\xeSBiAk.exe

C:\Windows\System\CEneAuf.exe

C:\Windows\System\CEneAuf.exe

C:\Windows\System\TAPilnB.exe

C:\Windows\System\TAPilnB.exe

C:\Windows\System\CNKgltI.exe

C:\Windows\System\CNKgltI.exe

C:\Windows\System\wjhfNZb.exe

C:\Windows\System\wjhfNZb.exe

C:\Windows\System\LiuQgto.exe

C:\Windows\System\LiuQgto.exe

C:\Windows\System\ujPfvWP.exe

C:\Windows\System\ujPfvWP.exe

C:\Windows\System\LwOIwmv.exe

C:\Windows\System\LwOIwmv.exe

C:\Windows\System\XjFzKNH.exe

C:\Windows\System\XjFzKNH.exe

C:\Windows\System\rZnZuEu.exe

C:\Windows\System\rZnZuEu.exe

C:\Windows\System\dQjGASZ.exe

C:\Windows\System\dQjGASZ.exe

C:\Windows\System\PHrptXX.exe

C:\Windows\System\PHrptXX.exe

C:\Windows\System\rzKbFUe.exe

C:\Windows\System\rzKbFUe.exe

C:\Windows\System\KTykypK.exe

C:\Windows\System\KTykypK.exe

C:\Windows\System\ItpLfDE.exe

C:\Windows\System\ItpLfDE.exe

C:\Windows\System\axzriIJ.exe

C:\Windows\System\axzriIJ.exe

C:\Windows\System\FDdASrS.exe

C:\Windows\System\FDdASrS.exe

C:\Windows\System\rzYGDGK.exe

C:\Windows\System\rzYGDGK.exe

C:\Windows\System\nIAzEJH.exe

C:\Windows\System\nIAzEJH.exe

C:\Windows\System\uUNyNQW.exe

C:\Windows\System\uUNyNQW.exe

C:\Windows\System\WTuYgKE.exe

C:\Windows\System\WTuYgKE.exe

C:\Windows\System\GMZUsbi.exe

C:\Windows\System\GMZUsbi.exe

C:\Windows\System\RTvXaam.exe

C:\Windows\System\RTvXaam.exe

C:\Windows\System\wsUPdER.exe

C:\Windows\System\wsUPdER.exe

C:\Windows\System\LmrFcnD.exe

C:\Windows\System\LmrFcnD.exe

C:\Windows\System\rwolaVF.exe

C:\Windows\System\rwolaVF.exe

C:\Windows\System\heOrgod.exe

C:\Windows\System\heOrgod.exe

C:\Windows\System\NVLQABn.exe

C:\Windows\System\NVLQABn.exe

C:\Windows\System\SWHVvpU.exe

C:\Windows\System\SWHVvpU.exe

C:\Windows\System\UDNfQoG.exe

C:\Windows\System\UDNfQoG.exe

C:\Windows\System\ljolwJm.exe

C:\Windows\System\ljolwJm.exe

C:\Windows\System\ZSaDkUd.exe

C:\Windows\System\ZSaDkUd.exe

C:\Windows\System\oXQdcHE.exe

C:\Windows\System\oXQdcHE.exe

C:\Windows\System\rXsSSwS.exe

C:\Windows\System\rXsSSwS.exe

C:\Windows\System\VIzSsFH.exe

C:\Windows\System\VIzSsFH.exe

C:\Windows\System\CqDClnm.exe

C:\Windows\System\CqDClnm.exe

C:\Windows\System\ePLVhrL.exe

C:\Windows\System\ePLVhrL.exe

C:\Windows\System\sQdizHJ.exe

C:\Windows\System\sQdizHJ.exe

C:\Windows\System\WnlJRut.exe

C:\Windows\System\WnlJRut.exe

C:\Windows\System\Unlmown.exe

C:\Windows\System\Unlmown.exe

C:\Windows\System\QocWLeP.exe

C:\Windows\System\QocWLeP.exe

C:\Windows\System\zNaIptI.exe

C:\Windows\System\zNaIptI.exe

C:\Windows\System\MSSINLL.exe

C:\Windows\System\MSSINLL.exe

C:\Windows\System\VbumoFK.exe

C:\Windows\System\VbumoFK.exe

C:\Windows\System\FUUVLSj.exe

C:\Windows\System\FUUVLSj.exe

C:\Windows\System\hZqTvHt.exe

C:\Windows\System\hZqTvHt.exe

C:\Windows\System\TBycflQ.exe

C:\Windows\System\TBycflQ.exe

C:\Windows\System\MtrvzKu.exe

C:\Windows\System\MtrvzKu.exe

C:\Windows\System\UJvDaRG.exe

C:\Windows\System\UJvDaRG.exe

C:\Windows\System\rIWfujM.exe

C:\Windows\System\rIWfujM.exe

C:\Windows\System\ONFKdqS.exe

C:\Windows\System\ONFKdqS.exe

C:\Windows\System\tXRhqqM.exe

C:\Windows\System\tXRhqqM.exe

C:\Windows\System\rXSylxa.exe

C:\Windows\System\rXSylxa.exe

C:\Windows\System\BobysDJ.exe

C:\Windows\System\BobysDJ.exe

C:\Windows\System\tqPIjSy.exe

C:\Windows\System\tqPIjSy.exe

C:\Windows\System\trmNwMN.exe

C:\Windows\System\trmNwMN.exe

C:\Windows\System\HOKEjEb.exe

C:\Windows\System\HOKEjEb.exe

C:\Windows\System\MGLXyBQ.exe

C:\Windows\System\MGLXyBQ.exe

C:\Windows\System\aJHQNUj.exe

C:\Windows\System\aJHQNUj.exe

C:\Windows\System\HfTeVWs.exe

C:\Windows\System\HfTeVWs.exe

C:\Windows\System\gbwGwUP.exe

C:\Windows\System\gbwGwUP.exe

C:\Windows\System\yFsYCLd.exe

C:\Windows\System\yFsYCLd.exe

C:\Windows\System\EkskgrO.exe

C:\Windows\System\EkskgrO.exe

C:\Windows\System\BsVpktG.exe

C:\Windows\System\BsVpktG.exe

C:\Windows\System\hRhOtzM.exe

C:\Windows\System\hRhOtzM.exe

C:\Windows\System\crZaLBr.exe

C:\Windows\System\crZaLBr.exe

C:\Windows\System\wfFhEaj.exe

C:\Windows\System\wfFhEaj.exe

C:\Windows\System\qMRZSjH.exe

C:\Windows\System\qMRZSjH.exe

C:\Windows\System\oRDpGyW.exe

C:\Windows\System\oRDpGyW.exe

C:\Windows\System\DSrMUII.exe

C:\Windows\System\DSrMUII.exe

C:\Windows\System\cuVxajF.exe

C:\Windows\System\cuVxajF.exe

C:\Windows\System\CFOnVsr.exe

C:\Windows\System\CFOnVsr.exe

C:\Windows\System\ruNdqGV.exe

C:\Windows\System\ruNdqGV.exe

C:\Windows\System\fKPJhSV.exe

C:\Windows\System\fKPJhSV.exe

C:\Windows\System\MtjnYXM.exe

C:\Windows\System\MtjnYXM.exe

C:\Windows\System\WTGnrcH.exe

C:\Windows\System\WTGnrcH.exe

C:\Windows\System\CDSceUE.exe

C:\Windows\System\CDSceUE.exe

C:\Windows\System\ekKQTFw.exe

C:\Windows\System\ekKQTFw.exe

C:\Windows\System\wVmNXvN.exe

C:\Windows\System\wVmNXvN.exe

C:\Windows\System\cLQSFcJ.exe

C:\Windows\System\cLQSFcJ.exe

C:\Windows\System\KKKCyxB.exe

C:\Windows\System\KKKCyxB.exe

C:\Windows\System\dMkQjmR.exe

C:\Windows\System\dMkQjmR.exe

C:\Windows\System\SURvdXQ.exe

C:\Windows\System\SURvdXQ.exe

C:\Windows\System\HyWWXJT.exe

C:\Windows\System\HyWWXJT.exe

C:\Windows\System\mPZvZrR.exe

C:\Windows\System\mPZvZrR.exe

C:\Windows\System\wWuyqhZ.exe

C:\Windows\System\wWuyqhZ.exe

C:\Windows\System\ZWFKhaA.exe

C:\Windows\System\ZWFKhaA.exe

C:\Windows\System\faKRTrH.exe

C:\Windows\System\faKRTrH.exe

C:\Windows\System\XRJWKiL.exe

C:\Windows\System\XRJWKiL.exe

C:\Windows\System\ooHcIJw.exe

C:\Windows\System\ooHcIJw.exe

C:\Windows\System\zARFWsx.exe

C:\Windows\System\zARFWsx.exe

C:\Windows\System\jHHxsio.exe

C:\Windows\System\jHHxsio.exe

C:\Windows\System\zyrbTca.exe

C:\Windows\System\zyrbTca.exe

C:\Windows\System\TOFCFVO.exe

C:\Windows\System\TOFCFVO.exe

C:\Windows\System\UQaJYFB.exe

C:\Windows\System\UQaJYFB.exe

C:\Windows\System\vZgbrUT.exe

C:\Windows\System\vZgbrUT.exe

C:\Windows\System\VEJpMfz.exe

C:\Windows\System\VEJpMfz.exe

C:\Windows\System\cYbEpmi.exe

C:\Windows\System\cYbEpmi.exe

C:\Windows\System\DPltxkl.exe

C:\Windows\System\DPltxkl.exe

C:\Windows\System\NKyUFrb.exe

C:\Windows\System\NKyUFrb.exe

C:\Windows\System\fVBfopH.exe

C:\Windows\System\fVBfopH.exe

C:\Windows\System\rdEbCTC.exe

C:\Windows\System\rdEbCTC.exe

C:\Windows\System\TEsxRGi.exe

C:\Windows\System\TEsxRGi.exe

C:\Windows\System\eGzvptG.exe

C:\Windows\System\eGzvptG.exe

C:\Windows\System\zUBpfxL.exe

C:\Windows\System\zUBpfxL.exe

C:\Windows\System\YZaADoF.exe

C:\Windows\System\YZaADoF.exe

C:\Windows\System\mAuiAKg.exe

C:\Windows\System\mAuiAKg.exe

C:\Windows\System\oWoUeCO.exe

C:\Windows\System\oWoUeCO.exe

C:\Windows\System\quOBNlX.exe

C:\Windows\System\quOBNlX.exe

C:\Windows\System\RFJDODE.exe

C:\Windows\System\RFJDODE.exe

C:\Windows\System\IZWfGKO.exe

C:\Windows\System\IZWfGKO.exe

C:\Windows\System\EfvjcEr.exe

C:\Windows\System\EfvjcEr.exe

C:\Windows\System\VrGcXzp.exe

C:\Windows\System\VrGcXzp.exe

C:\Windows\System\djwwaGy.exe

C:\Windows\System\djwwaGy.exe

C:\Windows\System\IxFyDov.exe

C:\Windows\System\IxFyDov.exe

C:\Windows\System\czaznBe.exe

C:\Windows\System\czaznBe.exe

C:\Windows\System\sXNJYvr.exe

C:\Windows\System\sXNJYvr.exe

C:\Windows\System\yLRRtbO.exe

C:\Windows\System\yLRRtbO.exe

C:\Windows\System\lznJOFk.exe

C:\Windows\System\lznJOFk.exe

C:\Windows\System\EHHeHeu.exe

C:\Windows\System\EHHeHeu.exe

C:\Windows\System\CegHAuF.exe

C:\Windows\System\CegHAuF.exe

C:\Windows\System\rKKateg.exe

C:\Windows\System\rKKateg.exe

C:\Windows\System\eVLkLWI.exe

C:\Windows\System\eVLkLWI.exe

C:\Windows\System\ZleevbJ.exe

C:\Windows\System\ZleevbJ.exe

C:\Windows\System\MdeLddA.exe

C:\Windows\System\MdeLddA.exe

C:\Windows\System\hnYLcBA.exe

C:\Windows\System\hnYLcBA.exe

C:\Windows\System\xOJoeER.exe

C:\Windows\System\xOJoeER.exe

C:\Windows\System\YXTBlCJ.exe

C:\Windows\System\YXTBlCJ.exe

C:\Windows\System\eJEqGGf.exe

C:\Windows\System\eJEqGGf.exe

C:\Windows\System\ACifbHN.exe

C:\Windows\System\ACifbHN.exe

C:\Windows\System\mdBQyQV.exe

C:\Windows\System\mdBQyQV.exe

C:\Windows\System\QFNglap.exe

C:\Windows\System\QFNglap.exe

C:\Windows\System\vEkrfxy.exe

C:\Windows\System\vEkrfxy.exe

C:\Windows\System\EVnjySo.exe

C:\Windows\System\EVnjySo.exe

C:\Windows\System\QcHIWGB.exe

C:\Windows\System\QcHIWGB.exe

C:\Windows\System\zWGrqIF.exe

C:\Windows\System\zWGrqIF.exe

C:\Windows\System\kvclujD.exe

C:\Windows\System\kvclujD.exe

C:\Windows\System\qTjOdij.exe

C:\Windows\System\qTjOdij.exe

C:\Windows\System\FUsayAP.exe

C:\Windows\System\FUsayAP.exe

C:\Windows\System\ipMoedT.exe

C:\Windows\System\ipMoedT.exe

C:\Windows\System\nXLjsuX.exe

C:\Windows\System\nXLjsuX.exe

C:\Windows\System\SPjjDtP.exe

C:\Windows\System\SPjjDtP.exe

C:\Windows\System\iKmAfdE.exe

C:\Windows\System\iKmAfdE.exe

C:\Windows\System\BtUeUTH.exe

C:\Windows\System\BtUeUTH.exe

C:\Windows\System\tXIDRgP.exe

C:\Windows\System\tXIDRgP.exe

C:\Windows\System\OBjfQUe.exe

C:\Windows\System\OBjfQUe.exe

C:\Windows\System\lPwWAtJ.exe

C:\Windows\System\lPwWAtJ.exe

C:\Windows\System\waXerxD.exe

C:\Windows\System\waXerxD.exe

C:\Windows\System\lOETOhO.exe

C:\Windows\System\lOETOhO.exe

C:\Windows\System\DmImPXE.exe

C:\Windows\System\DmImPXE.exe

C:\Windows\System\EdKlQzJ.exe

C:\Windows\System\EdKlQzJ.exe

C:\Windows\System\BlgAioj.exe

C:\Windows\System\BlgAioj.exe

C:\Windows\System\QKILSSr.exe

C:\Windows\System\QKILSSr.exe

C:\Windows\System\EUSUaXZ.exe

C:\Windows\System\EUSUaXZ.exe

C:\Windows\System\loZvrZv.exe

C:\Windows\System\loZvrZv.exe

C:\Windows\System\CXpAUch.exe

C:\Windows\System\CXpAUch.exe

C:\Windows\System\vTwqQQB.exe

C:\Windows\System\vTwqQQB.exe

C:\Windows\System\PAHAZyt.exe

C:\Windows\System\PAHAZyt.exe

C:\Windows\System\CSLVFbl.exe

C:\Windows\System\CSLVFbl.exe

C:\Windows\System\jFdgKHX.exe

C:\Windows\System\jFdgKHX.exe

C:\Windows\System\ysPlvyj.exe

C:\Windows\System\ysPlvyj.exe

C:\Windows\System\YJGXBTb.exe

C:\Windows\System\YJGXBTb.exe

C:\Windows\System\dbkzcPr.exe

C:\Windows\System\dbkzcPr.exe

C:\Windows\System\kELhPIL.exe

C:\Windows\System\kELhPIL.exe

C:\Windows\System\cQqeYtw.exe

C:\Windows\System\cQqeYtw.exe

C:\Windows\System\aZEEDYw.exe

C:\Windows\System\aZEEDYw.exe

C:\Windows\System\vMsrKQA.exe

C:\Windows\System\vMsrKQA.exe

C:\Windows\System\GBJKihG.exe

C:\Windows\System\GBJKihG.exe

C:\Windows\System\uugXCEv.exe

C:\Windows\System\uugXCEv.exe

C:\Windows\System\UOWlZJz.exe

C:\Windows\System\UOWlZJz.exe

C:\Windows\System\UcwHeNF.exe

C:\Windows\System\UcwHeNF.exe

C:\Windows\System\YfYEjXa.exe

C:\Windows\System\YfYEjXa.exe

C:\Windows\System\TxomjSd.exe

C:\Windows\System\TxomjSd.exe

C:\Windows\System\SHVGLYV.exe

C:\Windows\System\SHVGLYV.exe

C:\Windows\System\niiakOS.exe

C:\Windows\System\niiakOS.exe

C:\Windows\System\aNLbNnF.exe

C:\Windows\System\aNLbNnF.exe

C:\Windows\System\oLHFkKT.exe

C:\Windows\System\oLHFkKT.exe

C:\Windows\System\pqdqjDN.exe

C:\Windows\System\pqdqjDN.exe

C:\Windows\System\cmKRwBv.exe

C:\Windows\System\cmKRwBv.exe

C:\Windows\System\rYdEWXZ.exe

C:\Windows\System\rYdEWXZ.exe

C:\Windows\System\USbSsvO.exe

C:\Windows\System\USbSsvO.exe

C:\Windows\System\XksvNsP.exe

C:\Windows\System\XksvNsP.exe

C:\Windows\System\XYKjWxD.exe

C:\Windows\System\XYKjWxD.exe

C:\Windows\System\dsKTFmR.exe

C:\Windows\System\dsKTFmR.exe

C:\Windows\System\VMFFUfn.exe

C:\Windows\System\VMFFUfn.exe

C:\Windows\System\gatjCFS.exe

C:\Windows\System\gatjCFS.exe

C:\Windows\System\PicYbxw.exe

C:\Windows\System\PicYbxw.exe

C:\Windows\System\cArVspB.exe

C:\Windows\System\cArVspB.exe

C:\Windows\System\PTYsSRC.exe

C:\Windows\System\PTYsSRC.exe

C:\Windows\System\dIsdJuz.exe

C:\Windows\System\dIsdJuz.exe

C:\Windows\System\gvKZRiD.exe

C:\Windows\System\gvKZRiD.exe

C:\Windows\System\uWYzTOh.exe

C:\Windows\System\uWYzTOh.exe

C:\Windows\System\wQOeGaW.exe

C:\Windows\System\wQOeGaW.exe

C:\Windows\System\XlvZTWJ.exe

C:\Windows\System\XlvZTWJ.exe

C:\Windows\System\JFDiSHS.exe

C:\Windows\System\JFDiSHS.exe

C:\Windows\System\SwjvPJg.exe

C:\Windows\System\SwjvPJg.exe

C:\Windows\System\RaablOk.exe

C:\Windows\System\RaablOk.exe

C:\Windows\System\NRLlOgT.exe

C:\Windows\System\NRLlOgT.exe

C:\Windows\System\fDcNPQj.exe

C:\Windows\System\fDcNPQj.exe

C:\Windows\System\zPiBsXk.exe

C:\Windows\System\zPiBsXk.exe

C:\Windows\System\RqQBMcN.exe

C:\Windows\System\RqQBMcN.exe

C:\Windows\System\LAXoOJJ.exe

C:\Windows\System\LAXoOJJ.exe

C:\Windows\System\BNXJbpa.exe

C:\Windows\System\BNXJbpa.exe

C:\Windows\System\CweIpif.exe

C:\Windows\System\CweIpif.exe

C:\Windows\System\OgneKqs.exe

C:\Windows\System\OgneKqs.exe

C:\Windows\System\soLKyqM.exe

C:\Windows\System\soLKyqM.exe

C:\Windows\System\jCqowZJ.exe

C:\Windows\System\jCqowZJ.exe

C:\Windows\System\czkLkwm.exe

C:\Windows\System\czkLkwm.exe

C:\Windows\System\zmIPvuJ.exe

C:\Windows\System\zmIPvuJ.exe

C:\Windows\System\CeNslwI.exe

C:\Windows\System\CeNslwI.exe

C:\Windows\System\RLMZGel.exe

C:\Windows\System\RLMZGel.exe

C:\Windows\System\OQmFler.exe

C:\Windows\System\OQmFler.exe

C:\Windows\System\mimQoSu.exe

C:\Windows\System\mimQoSu.exe

C:\Windows\System\yAgOCiT.exe

C:\Windows\System\yAgOCiT.exe

C:\Windows\System\mEvWYHr.exe

C:\Windows\System\mEvWYHr.exe

C:\Windows\System\xAKzpDA.exe

C:\Windows\System\xAKzpDA.exe

C:\Windows\System\iQqupJn.exe

C:\Windows\System\iQqupJn.exe

C:\Windows\System\HIcuJHH.exe

C:\Windows\System\HIcuJHH.exe

C:\Windows\System\ACgvXGq.exe

C:\Windows\System\ACgvXGq.exe

C:\Windows\System\pSIbmiR.exe

C:\Windows\System\pSIbmiR.exe

C:\Windows\System\dbHGGLH.exe

C:\Windows\System\dbHGGLH.exe

C:\Windows\System\XwvuvTD.exe

C:\Windows\System\XwvuvTD.exe

C:\Windows\System\LPruejj.exe

C:\Windows\System\LPruejj.exe

C:\Windows\System\PwKaKbM.exe

C:\Windows\System\PwKaKbM.exe

C:\Windows\System\sKQEEmd.exe

C:\Windows\System\sKQEEmd.exe

C:\Windows\System\azxYKxZ.exe

C:\Windows\System\azxYKxZ.exe

C:\Windows\System\oKgIBZM.exe

C:\Windows\System\oKgIBZM.exe

C:\Windows\System\gEGeUJf.exe

C:\Windows\System\gEGeUJf.exe

C:\Windows\System\nDvGIwG.exe

C:\Windows\System\nDvGIwG.exe

C:\Windows\System\BWCfDkk.exe

C:\Windows\System\BWCfDkk.exe

C:\Windows\System\pdCWLZx.exe

C:\Windows\System\pdCWLZx.exe

C:\Windows\System\CMyyNiA.exe

C:\Windows\System\CMyyNiA.exe

C:\Windows\System\ZmNcXUW.exe

C:\Windows\System\ZmNcXUW.exe

C:\Windows\System\CrtQgdC.exe

C:\Windows\System\CrtQgdC.exe

C:\Windows\System\kuYoWwh.exe

C:\Windows\System\kuYoWwh.exe

C:\Windows\System\ACmgvAV.exe

C:\Windows\System\ACmgvAV.exe

C:\Windows\System\yICwaVF.exe

C:\Windows\System\yICwaVF.exe

C:\Windows\System\TbMUHEX.exe

C:\Windows\System\TbMUHEX.exe

C:\Windows\System\ubuHIvQ.exe

C:\Windows\System\ubuHIvQ.exe

C:\Windows\System\fDnskie.exe

C:\Windows\System\fDnskie.exe

C:\Windows\System\XBewzsF.exe

C:\Windows\System\XBewzsF.exe

C:\Windows\System\oFhhduW.exe

C:\Windows\System\oFhhduW.exe

C:\Windows\System\sZdDjPP.exe

C:\Windows\System\sZdDjPP.exe

C:\Windows\System\IXpAoav.exe

C:\Windows\System\IXpAoav.exe

C:\Windows\System\SeZjUYC.exe

C:\Windows\System\SeZjUYC.exe

C:\Windows\System\dfFkcZM.exe

C:\Windows\System\dfFkcZM.exe

C:\Windows\System\ohpyKcc.exe

C:\Windows\System\ohpyKcc.exe

C:\Windows\System\JlGhpIR.exe

C:\Windows\System\JlGhpIR.exe

C:\Windows\System\dnPSGwc.exe

C:\Windows\System\dnPSGwc.exe

C:\Windows\System\FCnBjLZ.exe

C:\Windows\System\FCnBjLZ.exe

C:\Windows\System\IZDyyYQ.exe

C:\Windows\System\IZDyyYQ.exe

C:\Windows\System\MdVbfUt.exe

C:\Windows\System\MdVbfUt.exe

C:\Windows\System\dCankji.exe

C:\Windows\System\dCankji.exe

C:\Windows\System\enbuBza.exe

C:\Windows\System\enbuBza.exe

C:\Windows\System\KRTyUTN.exe

C:\Windows\System\KRTyUTN.exe

C:\Windows\System\mdcaNjX.exe

C:\Windows\System\mdcaNjX.exe

C:\Windows\System\qZdABOB.exe

C:\Windows\System\qZdABOB.exe

C:\Windows\System\VVrcYAT.exe

C:\Windows\System\VVrcYAT.exe

C:\Windows\System\kzDXlqD.exe

C:\Windows\System\kzDXlqD.exe

C:\Windows\System\UlbJvoJ.exe

C:\Windows\System\UlbJvoJ.exe

C:\Windows\System\xhHUkWz.exe

C:\Windows\System\xhHUkWz.exe

C:\Windows\System\vwuOOXJ.exe

C:\Windows\System\vwuOOXJ.exe

C:\Windows\System\NiAGArO.exe

C:\Windows\System\NiAGArO.exe

C:\Windows\System\qkZXTDd.exe

C:\Windows\System\qkZXTDd.exe

C:\Windows\System\rzhktOq.exe

C:\Windows\System\rzhktOq.exe

C:\Windows\System\rFeHfKC.exe

C:\Windows\System\rFeHfKC.exe

C:\Windows\System\XkTjXik.exe

C:\Windows\System\XkTjXik.exe

C:\Windows\System\HGjrqfe.exe

C:\Windows\System\HGjrqfe.exe

C:\Windows\System\RIGLBkf.exe

C:\Windows\System\RIGLBkf.exe

C:\Windows\System\xLEsXmu.exe

C:\Windows\System\xLEsXmu.exe

C:\Windows\System\jPdyOYD.exe

C:\Windows\System\jPdyOYD.exe

C:\Windows\System\KGvZwjo.exe

C:\Windows\System\KGvZwjo.exe

C:\Windows\System\HoOiHNu.exe

C:\Windows\System\HoOiHNu.exe

C:\Windows\System\sYMZvaE.exe

C:\Windows\System\sYMZvaE.exe

C:\Windows\System\FZeyrsp.exe

C:\Windows\System\FZeyrsp.exe

C:\Windows\System\xFjWanj.exe

C:\Windows\System\xFjWanj.exe

C:\Windows\System\eeQGHRb.exe

C:\Windows\System\eeQGHRb.exe

C:\Windows\System\KAGJQsG.exe

C:\Windows\System\KAGJQsG.exe

C:\Windows\System\uHMjYBi.exe

C:\Windows\System\uHMjYBi.exe

C:\Windows\System\svLMlYI.exe

C:\Windows\System\svLMlYI.exe

C:\Windows\System\wZJhCYa.exe

C:\Windows\System\wZJhCYa.exe

C:\Windows\System\pAqUkdT.exe

C:\Windows\System\pAqUkdT.exe

C:\Windows\System\oDkPRow.exe

C:\Windows\System\oDkPRow.exe

C:\Windows\System\hKxxjdp.exe

C:\Windows\System\hKxxjdp.exe

C:\Windows\System\SkPbsgW.exe

C:\Windows\System\SkPbsgW.exe

C:\Windows\System\ENQeYBW.exe

C:\Windows\System\ENQeYBW.exe

C:\Windows\System\yBsZcse.exe

C:\Windows\System\yBsZcse.exe

C:\Windows\System\sDWlTWG.exe

C:\Windows\System\sDWlTWG.exe

C:\Windows\System\WZeiMNM.exe

C:\Windows\System\WZeiMNM.exe

C:\Windows\System\jkLubSW.exe

C:\Windows\System\jkLubSW.exe

C:\Windows\System\obTlVsl.exe

C:\Windows\System\obTlVsl.exe

C:\Windows\System\Buylker.exe

C:\Windows\System\Buylker.exe

C:\Windows\System\YmokBMX.exe

C:\Windows\System\YmokBMX.exe

C:\Windows\System\CGFqKZt.exe

C:\Windows\System\CGFqKZt.exe

C:\Windows\System\KiheQDT.exe

C:\Windows\System\KiheQDT.exe

C:\Windows\System\jbvQoiw.exe

C:\Windows\System\jbvQoiw.exe

C:\Windows\System\mljNDTp.exe

C:\Windows\System\mljNDTp.exe

C:\Windows\System\HNoAnvs.exe

C:\Windows\System\HNoAnvs.exe

C:\Windows\System\TGhsJrx.exe

C:\Windows\System\TGhsJrx.exe

C:\Windows\System\lrtuiZM.exe

C:\Windows\System\lrtuiZM.exe

C:\Windows\System\DqjnxDe.exe

C:\Windows\System\DqjnxDe.exe

C:\Windows\System\VxLNGgE.exe

C:\Windows\System\VxLNGgE.exe

C:\Windows\System\TjdlEzz.exe

C:\Windows\System\TjdlEzz.exe

C:\Windows\System\GmmnaGY.exe

C:\Windows\System\GmmnaGY.exe

C:\Windows\System\TGyzorS.exe

C:\Windows\System\TGyzorS.exe

C:\Windows\System\mZxVzbB.exe

C:\Windows\System\mZxVzbB.exe

C:\Windows\System\ofichhj.exe

C:\Windows\System\ofichhj.exe

C:\Windows\System\xRSzQhs.exe

C:\Windows\System\xRSzQhs.exe

C:\Windows\System\MCmemAs.exe

C:\Windows\System\MCmemAs.exe

C:\Windows\System\TUYlRtR.exe

C:\Windows\System\TUYlRtR.exe

C:\Windows\System\DKHWrhC.exe

C:\Windows\System\DKHWrhC.exe

C:\Windows\System\YqRNVYH.exe

C:\Windows\System\YqRNVYH.exe

C:\Windows\System\yZHzSqJ.exe

C:\Windows\System\yZHzSqJ.exe

C:\Windows\System\LGtUNaJ.exe

C:\Windows\System\LGtUNaJ.exe

C:\Windows\System\SzsXLQQ.exe

C:\Windows\System\SzsXLQQ.exe

C:\Windows\System\kFsNRCJ.exe

C:\Windows\System\kFsNRCJ.exe

C:\Windows\System\hZfSLfk.exe

C:\Windows\System\hZfSLfk.exe

C:\Windows\System\rDrykxo.exe

C:\Windows\System\rDrykxo.exe

C:\Windows\System\LrTiYOe.exe

C:\Windows\System\LrTiYOe.exe

C:\Windows\System\ZNgpsLO.exe

C:\Windows\System\ZNgpsLO.exe

C:\Windows\System\JkGtyBX.exe

C:\Windows\System\JkGtyBX.exe

C:\Windows\System\ZozNeoC.exe

C:\Windows\System\ZozNeoC.exe

C:\Windows\System\kLkzeBk.exe

C:\Windows\System\kLkzeBk.exe

C:\Windows\System\HAIKvnz.exe

C:\Windows\System\HAIKvnz.exe

C:\Windows\System\sQXuYDR.exe

C:\Windows\System\sQXuYDR.exe

C:\Windows\System\OVWOQqf.exe

C:\Windows\System\OVWOQqf.exe

C:\Windows\System\ZRBVutX.exe

C:\Windows\System\ZRBVutX.exe

C:\Windows\System\vhIrmGL.exe

C:\Windows\System\vhIrmGL.exe

C:\Windows\System\yLsqMHT.exe

C:\Windows\System\yLsqMHT.exe

C:\Windows\System\tixDxcM.exe

C:\Windows\System\tixDxcM.exe

C:\Windows\System\NBVkdPG.exe

C:\Windows\System\NBVkdPG.exe

C:\Windows\System\sTZlWZY.exe

C:\Windows\System\sTZlWZY.exe

C:\Windows\System\OVVVdhf.exe

C:\Windows\System\OVVVdhf.exe

C:\Windows\System\MxqlnDr.exe

C:\Windows\System\MxqlnDr.exe

C:\Windows\System\ZsAQIsL.exe

C:\Windows\System\ZsAQIsL.exe

C:\Windows\System\XwjkOVP.exe

C:\Windows\System\XwjkOVP.exe

C:\Windows\System\HrZcGfU.exe

C:\Windows\System\HrZcGfU.exe

C:\Windows\System\lVSMGyh.exe

C:\Windows\System\lVSMGyh.exe

C:\Windows\System\CGOXyew.exe

C:\Windows\System\CGOXyew.exe

C:\Windows\System\ogSvSAW.exe

C:\Windows\System\ogSvSAW.exe

C:\Windows\System\wKZivOt.exe

C:\Windows\System\wKZivOt.exe

C:\Windows\System\jXmTZXA.exe

C:\Windows\System\jXmTZXA.exe

C:\Windows\System\tykixdI.exe

C:\Windows\System\tykixdI.exe

C:\Windows\System\iLwKhvA.exe

C:\Windows\System\iLwKhvA.exe

C:\Windows\System\vktnSQt.exe

C:\Windows\System\vktnSQt.exe

C:\Windows\System\BsUMYZY.exe

C:\Windows\System\BsUMYZY.exe

C:\Windows\System\cWVyxpG.exe

C:\Windows\System\cWVyxpG.exe

C:\Windows\System\BpPCuHl.exe

C:\Windows\System\BpPCuHl.exe

C:\Windows\System\hZCtrXq.exe

C:\Windows\System\hZCtrXq.exe

C:\Windows\System\eBzKEKA.exe

C:\Windows\System\eBzKEKA.exe

C:\Windows\System\kHsFWFk.exe

C:\Windows\System\kHsFWFk.exe

C:\Windows\System\tnqKEiG.exe

C:\Windows\System\tnqKEiG.exe

C:\Windows\System\eDpfyBu.exe

C:\Windows\System\eDpfyBu.exe

C:\Windows\System\buRlplv.exe

C:\Windows\System\buRlplv.exe

C:\Windows\System\EWfAont.exe

C:\Windows\System\EWfAont.exe

C:\Windows\System\zuogHvi.exe

C:\Windows\System\zuogHvi.exe

C:\Windows\System\sVovPbZ.exe

C:\Windows\System\sVovPbZ.exe

C:\Windows\System\fgabDix.exe

C:\Windows\System\fgabDix.exe

C:\Windows\System\lfTLjkr.exe

C:\Windows\System\lfTLjkr.exe

C:\Windows\System\oekCvzF.exe

C:\Windows\System\oekCvzF.exe

C:\Windows\System\zNnsuHs.exe

C:\Windows\System\zNnsuHs.exe

C:\Windows\System\fWbwMDr.exe

C:\Windows\System\fWbwMDr.exe

C:\Windows\System\oEAyOPN.exe

C:\Windows\System\oEAyOPN.exe

C:\Windows\System\jeuQnKS.exe

C:\Windows\System\jeuQnKS.exe

C:\Windows\System\sdgYpWJ.exe

C:\Windows\System\sdgYpWJ.exe

C:\Windows\System\wCtOPdh.exe

C:\Windows\System\wCtOPdh.exe

C:\Windows\System\CEokwwP.exe

C:\Windows\System\CEokwwP.exe

C:\Windows\System\kEtTigg.exe

C:\Windows\System\kEtTigg.exe

C:\Windows\System\PUMZRWP.exe

C:\Windows\System\PUMZRWP.exe

C:\Windows\System\qANCvfF.exe

C:\Windows\System\qANCvfF.exe

C:\Windows\System\qbgIubi.exe

C:\Windows\System\qbgIubi.exe

C:\Windows\System\GteCAAJ.exe

C:\Windows\System\GteCAAJ.exe

C:\Windows\System\TikqPKL.exe

C:\Windows\System\TikqPKL.exe

C:\Windows\System\WscYNKJ.exe

C:\Windows\System\WscYNKJ.exe

C:\Windows\System\mXxXopm.exe

C:\Windows\System\mXxXopm.exe

C:\Windows\System\FcrFuKD.exe

C:\Windows\System\FcrFuKD.exe

C:\Windows\System\bZwCKXa.exe

C:\Windows\System\bZwCKXa.exe

C:\Windows\System\dOqcfXL.exe

C:\Windows\System\dOqcfXL.exe

C:\Windows\System\NfSgLno.exe

C:\Windows\System\NfSgLno.exe

C:\Windows\System\dXChWsF.exe

C:\Windows\System\dXChWsF.exe

C:\Windows\System\EYYDuNA.exe

C:\Windows\System\EYYDuNA.exe

C:\Windows\System\FettsuV.exe

C:\Windows\System\FettsuV.exe

C:\Windows\System\etjGNnU.exe

C:\Windows\System\etjGNnU.exe

C:\Windows\System\zsoaQxX.exe

C:\Windows\System\zsoaQxX.exe

C:\Windows\System\ElEampZ.exe

C:\Windows\System\ElEampZ.exe

C:\Windows\System\sMnaYSn.exe

C:\Windows\System\sMnaYSn.exe

C:\Windows\System\QZryXUQ.exe

C:\Windows\System\QZryXUQ.exe

C:\Windows\System\vJbnoGY.exe

C:\Windows\System\vJbnoGY.exe

C:\Windows\System\trXVsLz.exe

C:\Windows\System\trXVsLz.exe

C:\Windows\System\NLoZUBF.exe

C:\Windows\System\NLoZUBF.exe

C:\Windows\System\cEFwNgO.exe

C:\Windows\System\cEFwNgO.exe

C:\Windows\System\CmzoSXH.exe

C:\Windows\System\CmzoSXH.exe

C:\Windows\System\dsRXeNU.exe

C:\Windows\System\dsRXeNU.exe

C:\Windows\System\OkHsvNE.exe

C:\Windows\System\OkHsvNE.exe

C:\Windows\System\coRxthP.exe

C:\Windows\System\coRxthP.exe

C:\Windows\System\mtZjsiP.exe

C:\Windows\System\mtZjsiP.exe

C:\Windows\System\lqcQFLF.exe

C:\Windows\System\lqcQFLF.exe

C:\Windows\System\DACRSnD.exe

C:\Windows\System\DACRSnD.exe

C:\Windows\System\ipnAzTU.exe

C:\Windows\System\ipnAzTU.exe

C:\Windows\System\KvRIzQn.exe

C:\Windows\System\KvRIzQn.exe

C:\Windows\System\HphdEyg.exe

C:\Windows\System\HphdEyg.exe

C:\Windows\System\VbbTFJg.exe

C:\Windows\System\VbbTFJg.exe

C:\Windows\System\LhHnAwj.exe

C:\Windows\System\LhHnAwj.exe

C:\Windows\System\EQinZFx.exe

C:\Windows\System\EQinZFx.exe

C:\Windows\System\RCmGzNF.exe

C:\Windows\System\RCmGzNF.exe

C:\Windows\System\lvngkWW.exe

C:\Windows\System\lvngkWW.exe

C:\Windows\System\ypQuHXr.exe

C:\Windows\System\ypQuHXr.exe

C:\Windows\System\bCYVCpH.exe

C:\Windows\System\bCYVCpH.exe

C:\Windows\System\iVvwBks.exe

C:\Windows\System\iVvwBks.exe

C:\Windows\System\vhhYxUT.exe

C:\Windows\System\vhhYxUT.exe

C:\Windows\System\NWocVqL.exe

C:\Windows\System\NWocVqL.exe

C:\Windows\System\LGXmAls.exe

C:\Windows\System\LGXmAls.exe

C:\Windows\System\oipEnoU.exe

C:\Windows\System\oipEnoU.exe

C:\Windows\System\YjQQWIx.exe

C:\Windows\System\YjQQWIx.exe

C:\Windows\System\QFjRBPy.exe

C:\Windows\System\QFjRBPy.exe

C:\Windows\System\IyGvWdQ.exe

C:\Windows\System\IyGvWdQ.exe

C:\Windows\System\lIybEFk.exe

C:\Windows\System\lIybEFk.exe

C:\Windows\System\pvyVPef.exe

C:\Windows\System\pvyVPef.exe

C:\Windows\System\QwAPqTJ.exe

C:\Windows\System\QwAPqTJ.exe

C:\Windows\System\BkkOUYF.exe

C:\Windows\System\BkkOUYF.exe

C:\Windows\System\fsAWlfs.exe

C:\Windows\System\fsAWlfs.exe

C:\Windows\System\EoIYfXR.exe

C:\Windows\System\EoIYfXR.exe

C:\Windows\System\bhFFtWM.exe

C:\Windows\System\bhFFtWM.exe

C:\Windows\System\jqMBDrU.exe

C:\Windows\System\jqMBDrU.exe

C:\Windows\System\EstDnCj.exe

C:\Windows\System\EstDnCj.exe

C:\Windows\System\CrhmEBz.exe

C:\Windows\System\CrhmEBz.exe

C:\Windows\System\RQVUKiw.exe

C:\Windows\System\RQVUKiw.exe

C:\Windows\System\mPxdqkt.exe

C:\Windows\System\mPxdqkt.exe

C:\Windows\System\KUNuBUK.exe

C:\Windows\System\KUNuBUK.exe

C:\Windows\System\kIcZbWp.exe

C:\Windows\System\kIcZbWp.exe

C:\Windows\System\QFaoScx.exe

C:\Windows\System\QFaoScx.exe

C:\Windows\System\xvEEiQZ.exe

C:\Windows\System\xvEEiQZ.exe

C:\Windows\System\oBsCPBw.exe

C:\Windows\System\oBsCPBw.exe

C:\Windows\System\BgEUuIr.exe

C:\Windows\System\BgEUuIr.exe

C:\Windows\System\QVQMdpl.exe

C:\Windows\System\QVQMdpl.exe

C:\Windows\System\lDHIJzm.exe

C:\Windows\System\lDHIJzm.exe

C:\Windows\System\CakniGg.exe

C:\Windows\System\CakniGg.exe

C:\Windows\System\CFizbvg.exe

C:\Windows\System\CFizbvg.exe

C:\Windows\System\icjKOaU.exe

C:\Windows\System\icjKOaU.exe

C:\Windows\System\IlyrznY.exe

C:\Windows\System\IlyrznY.exe

C:\Windows\System\hETZbRy.exe

C:\Windows\System\hETZbRy.exe

C:\Windows\System\lbUJyTT.exe

C:\Windows\System\lbUJyTT.exe

C:\Windows\System\sJanSCr.exe

C:\Windows\System\sJanSCr.exe

C:\Windows\System\rDYxlTg.exe

C:\Windows\System\rDYxlTg.exe

C:\Windows\System\xvwBxZI.exe

C:\Windows\System\xvwBxZI.exe

C:\Windows\System\HLETMIf.exe

C:\Windows\System\HLETMIf.exe

C:\Windows\System\kTKzzHz.exe

C:\Windows\System\kTKzzHz.exe

C:\Windows\System\LcQYodi.exe

C:\Windows\System\LcQYodi.exe

C:\Windows\System\wwcBcBW.exe

C:\Windows\System\wwcBcBW.exe

C:\Windows\System\SQGpbiZ.exe

C:\Windows\System\SQGpbiZ.exe

C:\Windows\System\ZObghDg.exe

C:\Windows\System\ZObghDg.exe

C:\Windows\System\fMjClFp.exe

C:\Windows\System\fMjClFp.exe

C:\Windows\System\VnDyMUE.exe

C:\Windows\System\VnDyMUE.exe

C:\Windows\System\dQbUjYL.exe

C:\Windows\System\dQbUjYL.exe

C:\Windows\System\hkUpMKu.exe

C:\Windows\System\hkUpMKu.exe

C:\Windows\System\VwReXat.exe

C:\Windows\System\VwReXat.exe

C:\Windows\System\RMXczDk.exe

C:\Windows\System\RMXczDk.exe

C:\Windows\System\ulFvjJB.exe

C:\Windows\System\ulFvjJB.exe

C:\Windows\System\nZesxio.exe

C:\Windows\System\nZesxio.exe

C:\Windows\System\NVabNAQ.exe

C:\Windows\System\NVabNAQ.exe

C:\Windows\System\bTLoKcY.exe

C:\Windows\System\bTLoKcY.exe

C:\Windows\System\WGMoToH.exe

C:\Windows\System\WGMoToH.exe

C:\Windows\System\daJcHkD.exe

C:\Windows\System\daJcHkD.exe

C:\Windows\System\oRwpONN.exe

C:\Windows\System\oRwpONN.exe

C:\Windows\System\pgsakNJ.exe

C:\Windows\System\pgsakNJ.exe

C:\Windows\System\TcgYJpx.exe

C:\Windows\System\TcgYJpx.exe

C:\Windows\System\SaSmgPe.exe

C:\Windows\System\SaSmgPe.exe

C:\Windows\System\UDcCmDw.exe

C:\Windows\System\UDcCmDw.exe

C:\Windows\System\dHjUcar.exe

C:\Windows\System\dHjUcar.exe

C:\Windows\System\GauUGBz.exe

C:\Windows\System\GauUGBz.exe

C:\Windows\System\SQrvSUz.exe

C:\Windows\System\SQrvSUz.exe

C:\Windows\System\CpoGIEX.exe

C:\Windows\System\CpoGIEX.exe

C:\Windows\System\eYrISLO.exe

C:\Windows\System\eYrISLO.exe

C:\Windows\System\ppuGyMA.exe

C:\Windows\System\ppuGyMA.exe

C:\Windows\System\GhBdbsM.exe

C:\Windows\System\GhBdbsM.exe

C:\Windows\System\RtFtVsf.exe

C:\Windows\System\RtFtVsf.exe

C:\Windows\System\UHrljLI.exe

C:\Windows\System\UHrljLI.exe

C:\Windows\System\LDiubCG.exe

C:\Windows\System\LDiubCG.exe

C:\Windows\System\EHOLZTD.exe

C:\Windows\System\EHOLZTD.exe

C:\Windows\System\lutmpCU.exe

C:\Windows\System\lutmpCU.exe

C:\Windows\System\aedmnhp.exe

C:\Windows\System\aedmnhp.exe

C:\Windows\System\qtXaGpk.exe

C:\Windows\System\qtXaGpk.exe

C:\Windows\System\KbsNGqN.exe

C:\Windows\System\KbsNGqN.exe

C:\Windows\System\vhdPEFX.exe

C:\Windows\System\vhdPEFX.exe

C:\Windows\System\orQDgKi.exe

C:\Windows\System\orQDgKi.exe

C:\Windows\System\SuMIZUQ.exe

C:\Windows\System\SuMIZUQ.exe

C:\Windows\System\YmWEpzH.exe

C:\Windows\System\YmWEpzH.exe

C:\Windows\System\oRECQRl.exe

C:\Windows\System\oRECQRl.exe

C:\Windows\System\vZoBPuV.exe

C:\Windows\System\vZoBPuV.exe

C:\Windows\System\HdXVWZN.exe

C:\Windows\System\HdXVWZN.exe

C:\Windows\System\LnDJhCb.exe

C:\Windows\System\LnDJhCb.exe

C:\Windows\System\FTJpdJi.exe

C:\Windows\System\FTJpdJi.exe

C:\Windows\System\wXFEDYM.exe

C:\Windows\System\wXFEDYM.exe

C:\Windows\System\LpQIeah.exe

C:\Windows\System\LpQIeah.exe

C:\Windows\System\lWsJPuF.exe

C:\Windows\System\lWsJPuF.exe

C:\Windows\System\IiKGWHw.exe

C:\Windows\System\IiKGWHw.exe

C:\Windows\System\RgZOdEQ.exe

C:\Windows\System\RgZOdEQ.exe

C:\Windows\System\zwHUacT.exe

C:\Windows\System\zwHUacT.exe

C:\Windows\System\WYemWkP.exe

C:\Windows\System\WYemWkP.exe

C:\Windows\System\fHtoSbv.exe

C:\Windows\System\fHtoSbv.exe

C:\Windows\System\jLhtdtz.exe

C:\Windows\System\jLhtdtz.exe

C:\Windows\System\SxCZckD.exe

C:\Windows\System\SxCZckD.exe

C:\Windows\System\GlshhFj.exe

C:\Windows\System\GlshhFj.exe

C:\Windows\System\LbMyRxL.exe

C:\Windows\System\LbMyRxL.exe

C:\Windows\System\rIcKMjK.exe

C:\Windows\System\rIcKMjK.exe

C:\Windows\System\zLYXqcR.exe

C:\Windows\System\zLYXqcR.exe

C:\Windows\System\wpgKvGu.exe

C:\Windows\System\wpgKvGu.exe

C:\Windows\System\pVVAzFu.exe

C:\Windows\System\pVVAzFu.exe

C:\Windows\System\tGRIazz.exe

C:\Windows\System\tGRIazz.exe

C:\Windows\System\LPZpqeU.exe

C:\Windows\System\LPZpqeU.exe

C:\Windows\System\AlVatEp.exe

C:\Windows\System\AlVatEp.exe

C:\Windows\System\SgzMVnC.exe

C:\Windows\System\SgzMVnC.exe

C:\Windows\System\dxFwxFk.exe

C:\Windows\System\dxFwxFk.exe

C:\Windows\System\eDdkGQd.exe

C:\Windows\System\eDdkGQd.exe

C:\Windows\System\LIZFDnz.exe

C:\Windows\System\LIZFDnz.exe

C:\Windows\System\kCNooJx.exe

C:\Windows\System\kCNooJx.exe

C:\Windows\System\MuCvdQq.exe

C:\Windows\System\MuCvdQq.exe

C:\Windows\System\BAUWhXQ.exe

C:\Windows\System\BAUWhXQ.exe

C:\Windows\System\tvzDQOL.exe

C:\Windows\System\tvzDQOL.exe

C:\Windows\System\OVLFMfc.exe

C:\Windows\System\OVLFMfc.exe

C:\Windows\System\lWTrGJE.exe

C:\Windows\System\lWTrGJE.exe

C:\Windows\System\UPDamyQ.exe

C:\Windows\System\UPDamyQ.exe

C:\Windows\System\HRpDvMR.exe

C:\Windows\System\HRpDvMR.exe

C:\Windows\System\YsdftpW.exe

C:\Windows\System\YsdftpW.exe

C:\Windows\System\wMNqELl.exe

C:\Windows\System\wMNqELl.exe

C:\Windows\System\zRwGXhb.exe

C:\Windows\System\zRwGXhb.exe

C:\Windows\System\vHfurPI.exe

C:\Windows\System\vHfurPI.exe

C:\Windows\System\ZYicxFx.exe

C:\Windows\System\ZYicxFx.exe

C:\Windows\System\qecFHBp.exe

C:\Windows\System\qecFHBp.exe

C:\Windows\System\YGZSeMz.exe

C:\Windows\System\YGZSeMz.exe

C:\Windows\System\BlWQHll.exe

C:\Windows\System\BlWQHll.exe

C:\Windows\System\KgvhtUC.exe

C:\Windows\System\KgvhtUC.exe

C:\Windows\System\nHbTNGj.exe

C:\Windows\System\nHbTNGj.exe

C:\Windows\System\lriISUs.exe

C:\Windows\System\lriISUs.exe

C:\Windows\System\tcWlRqt.exe

C:\Windows\System\tcWlRqt.exe

C:\Windows\System\DlknGqR.exe

C:\Windows\System\DlknGqR.exe

C:\Windows\System\juFHOno.exe

C:\Windows\System\juFHOno.exe

C:\Windows\System\ZGPNwTS.exe

C:\Windows\System\ZGPNwTS.exe

C:\Windows\System\hijeLVk.exe

C:\Windows\System\hijeLVk.exe

C:\Windows\System\PqYIUnd.exe

C:\Windows\System\PqYIUnd.exe

C:\Windows\System\oEhLDVq.exe

C:\Windows\System\oEhLDVq.exe

C:\Windows\System\yhaLigf.exe

C:\Windows\System\yhaLigf.exe

C:\Windows\System\lpJypup.exe

C:\Windows\System\lpJypup.exe

C:\Windows\System\NGEmwtF.exe

C:\Windows\System\NGEmwtF.exe

C:\Windows\System\rOZECVO.exe

C:\Windows\System\rOZECVO.exe

C:\Windows\System\FPMYSef.exe

C:\Windows\System\FPMYSef.exe

C:\Windows\System\sRQCkRw.exe

C:\Windows\System\sRQCkRw.exe

C:\Windows\System\DvoXmbe.exe

C:\Windows\System\DvoXmbe.exe

C:\Windows\System\AHzRMjV.exe

C:\Windows\System\AHzRMjV.exe

C:\Windows\System\diGzHVv.exe

C:\Windows\System\diGzHVv.exe

C:\Windows\System\kvDddCj.exe

C:\Windows\System\kvDddCj.exe

C:\Windows\System\JxATmdv.exe

C:\Windows\System\JxATmdv.exe

C:\Windows\System\CnZGOCu.exe

C:\Windows\System\CnZGOCu.exe

C:\Windows\System\ynMVEHB.exe

C:\Windows\System\ynMVEHB.exe

C:\Windows\System\lTbZSlp.exe

C:\Windows\System\lTbZSlp.exe

C:\Windows\System\IUHYljk.exe

C:\Windows\System\IUHYljk.exe

C:\Windows\System\AmZYpak.exe

C:\Windows\System\AmZYpak.exe

C:\Windows\System\oHbSTDZ.exe

C:\Windows\System\oHbSTDZ.exe

C:\Windows\System\gEarGif.exe

C:\Windows\System\gEarGif.exe

C:\Windows\System\idUpwIM.exe

C:\Windows\System\idUpwIM.exe

C:\Windows\System\YscxNbE.exe

C:\Windows\System\YscxNbE.exe

C:\Windows\System\fkeUHKI.exe

C:\Windows\System\fkeUHKI.exe

C:\Windows\System\VbVgbym.exe

C:\Windows\System\VbVgbym.exe

C:\Windows\System\bBaIleL.exe

C:\Windows\System\bBaIleL.exe

C:\Windows\System\zDpMhRv.exe

C:\Windows\System\zDpMhRv.exe

C:\Windows\System\PLvRIBW.exe

C:\Windows\System\PLvRIBW.exe

C:\Windows\System\AvhmgnU.exe

C:\Windows\System\AvhmgnU.exe

C:\Windows\System\IcpmceU.exe

C:\Windows\System\IcpmceU.exe

C:\Windows\System\GmurHpW.exe

C:\Windows\System\GmurHpW.exe

C:\Windows\System\hoFvOsg.exe

C:\Windows\System\hoFvOsg.exe

C:\Windows\System\YDzIXqo.exe

C:\Windows\System\YDzIXqo.exe

C:\Windows\System\IlTqMsg.exe

C:\Windows\System\IlTqMsg.exe

C:\Windows\System\clcgbYr.exe

C:\Windows\System\clcgbYr.exe

C:\Windows\System\OcstTQs.exe

C:\Windows\System\OcstTQs.exe

C:\Windows\System\nPMlzkw.exe

C:\Windows\System\nPMlzkw.exe

C:\Windows\System\nsZMurs.exe

C:\Windows\System\nsZMurs.exe

C:\Windows\System\HJpCphQ.exe

C:\Windows\System\HJpCphQ.exe

C:\Windows\System\BXkNmYe.exe

C:\Windows\System\BXkNmYe.exe

C:\Windows\System\VdhmvSa.exe

C:\Windows\System\VdhmvSa.exe

C:\Windows\System\yhBqGgp.exe

C:\Windows\System\yhBqGgp.exe

C:\Windows\System\Zipqzae.exe

C:\Windows\System\Zipqzae.exe

C:\Windows\System\WJvCaCt.exe

C:\Windows\System\WJvCaCt.exe

C:\Windows\System\sPCOIIH.exe

C:\Windows\System\sPCOIIH.exe

C:\Windows\System\hvcxqqV.exe

C:\Windows\System\hvcxqqV.exe

C:\Windows\System\DmFGIfI.exe

C:\Windows\System\DmFGIfI.exe

C:\Windows\System\dxcfnBI.exe

C:\Windows\System\dxcfnBI.exe

C:\Windows\System\UXOQbOR.exe

C:\Windows\System\UXOQbOR.exe

C:\Windows\System\ssKSbLP.exe

C:\Windows\System\ssKSbLP.exe

C:\Windows\System\sFqgKsQ.exe

C:\Windows\System\sFqgKsQ.exe

C:\Windows\System\YDJfyyb.exe

C:\Windows\System\YDJfyyb.exe

C:\Windows\System\okNRIwK.exe

C:\Windows\System\okNRIwK.exe

C:\Windows\System\YTjUIzW.exe

C:\Windows\System\YTjUIzW.exe

C:\Windows\System\pilkAAp.exe

C:\Windows\System\pilkAAp.exe

C:\Windows\System\nAWVLJn.exe

C:\Windows\System\nAWVLJn.exe

C:\Windows\System\oyUGpTW.exe

C:\Windows\System\oyUGpTW.exe

C:\Windows\System\TfEqouU.exe

C:\Windows\System\TfEqouU.exe

C:\Windows\System\QYbeLzs.exe

C:\Windows\System\QYbeLzs.exe

C:\Windows\System\UhUKhIN.exe

C:\Windows\System\UhUKhIN.exe

C:\Windows\System\avdYUTZ.exe

C:\Windows\System\avdYUTZ.exe

C:\Windows\System\EZzKldE.exe

C:\Windows\System\EZzKldE.exe

C:\Windows\System\MJImcnp.exe

C:\Windows\System\MJImcnp.exe

C:\Windows\System\LmfVXoy.exe

C:\Windows\System\LmfVXoy.exe

C:\Windows\System\HqztLXA.exe

C:\Windows\System\HqztLXA.exe

C:\Windows\System\ONFlSdj.exe

C:\Windows\System\ONFlSdj.exe

C:\Windows\System\SxHFhwx.exe

C:\Windows\System\SxHFhwx.exe

C:\Windows\System\qqbvhCr.exe

C:\Windows\System\qqbvhCr.exe

C:\Windows\System\uncLOah.exe

C:\Windows\System\uncLOah.exe

C:\Windows\System\oWPDfnQ.exe

C:\Windows\System\oWPDfnQ.exe

C:\Windows\System\ENbefOn.exe

C:\Windows\System\ENbefOn.exe

C:\Windows\System\oxMbyaP.exe

C:\Windows\System\oxMbyaP.exe

C:\Windows\System\iQrOeVj.exe

C:\Windows\System\iQrOeVj.exe

C:\Windows\System\DQQqHIX.exe

C:\Windows\System\DQQqHIX.exe

C:\Windows\System\zCacgWh.exe

C:\Windows\System\zCacgWh.exe

C:\Windows\System\QMuSyCK.exe

C:\Windows\System\QMuSyCK.exe

C:\Windows\System\BhYOKvO.exe

C:\Windows\System\BhYOKvO.exe

C:\Windows\System\wFLmMYW.exe

C:\Windows\System\wFLmMYW.exe

C:\Windows\System\NEbKLqM.exe

C:\Windows\System\NEbKLqM.exe

C:\Windows\System\QsxPfTa.exe

C:\Windows\System\QsxPfTa.exe

C:\Windows\System\UCIYmNz.exe

C:\Windows\System\UCIYmNz.exe

C:\Windows\System\tcqTdJl.exe

C:\Windows\System\tcqTdJl.exe

C:\Windows\System\rGtFLCp.exe

C:\Windows\System\rGtFLCp.exe

C:\Windows\System\ZMqyHEI.exe

C:\Windows\System\ZMqyHEI.exe

C:\Windows\System\yZDXxsW.exe

C:\Windows\System\yZDXxsW.exe

C:\Windows\System\eQZpuCi.exe

C:\Windows\System\eQZpuCi.exe

C:\Windows\System\WvQbAbD.exe

C:\Windows\System\WvQbAbD.exe

C:\Windows\System\WUAuNdX.exe

C:\Windows\System\WUAuNdX.exe

C:\Windows\System\xrKFOJj.exe

C:\Windows\System\xrKFOJj.exe

C:\Windows\System\LtjTWuK.exe

C:\Windows\System\LtjTWuK.exe

C:\Windows\System\JspJVgF.exe

C:\Windows\System\JspJVgF.exe

C:\Windows\System\pLOyazV.exe

C:\Windows\System\pLOyazV.exe

C:\Windows\System\wxOEUav.exe

C:\Windows\System\wxOEUav.exe

C:\Windows\System\Luunvxq.exe

C:\Windows\System\Luunvxq.exe

C:\Windows\System\GHOrlXt.exe

C:\Windows\System\GHOrlXt.exe

C:\Windows\System\ttprfWV.exe

C:\Windows\System\ttprfWV.exe

C:\Windows\System\Orwlqym.exe

C:\Windows\System\Orwlqym.exe

C:\Windows\System\LTXjDna.exe

C:\Windows\System\LTXjDna.exe

C:\Windows\System\RsUSVGF.exe

C:\Windows\System\RsUSVGF.exe

C:\Windows\System\DrExrmA.exe

C:\Windows\System\DrExrmA.exe

C:\Windows\System\NWaGXlI.exe

C:\Windows\System\NWaGXlI.exe

C:\Windows\System\QQYiMdE.exe

C:\Windows\System\QQYiMdE.exe

C:\Windows\System\VexLLuR.exe

C:\Windows\System\VexLLuR.exe

C:\Windows\System\SkmDLfi.exe

C:\Windows\System\SkmDLfi.exe

C:\Windows\System\gcSFBKN.exe

C:\Windows\System\gcSFBKN.exe

C:\Windows\System\MjWnasR.exe

C:\Windows\System\MjWnasR.exe

C:\Windows\System\tVAlCCj.exe

C:\Windows\System\tVAlCCj.exe

C:\Windows\System\EcLeJVB.exe

C:\Windows\System\EcLeJVB.exe

C:\Windows\System\ZaRGiAU.exe

C:\Windows\System\ZaRGiAU.exe

C:\Windows\System\kVZnwTf.exe

C:\Windows\System\kVZnwTf.exe

C:\Windows\System\kEcjUFf.exe

C:\Windows\System\kEcjUFf.exe

C:\Windows\System\cCtBACH.exe

C:\Windows\System\cCtBACH.exe

C:\Windows\System\tuIJqvd.exe

C:\Windows\System\tuIJqvd.exe

C:\Windows\System\ZvUAQpo.exe

C:\Windows\System\ZvUAQpo.exe

C:\Windows\System\Gzscdnk.exe

C:\Windows\System\Gzscdnk.exe

C:\Windows\System\pDXsPfa.exe

C:\Windows\System\pDXsPfa.exe

C:\Windows\System\LyWlBjO.exe

C:\Windows\System\LyWlBjO.exe

C:\Windows\System\CCZcQzl.exe

C:\Windows\System\CCZcQzl.exe

C:\Windows\System\MERuwXs.exe

C:\Windows\System\MERuwXs.exe

C:\Windows\System\mSKKVcF.exe

C:\Windows\System\mSKKVcF.exe

C:\Windows\System\Etoidyk.exe

C:\Windows\System\Etoidyk.exe

C:\Windows\System\Glrntra.exe

C:\Windows\System\Glrntra.exe

C:\Windows\System\IgabuDL.exe

C:\Windows\System\IgabuDL.exe

C:\Windows\System\cWEsLHF.exe

C:\Windows\System\cWEsLHF.exe

C:\Windows\System\qLvNIxm.exe

C:\Windows\System\qLvNIxm.exe

C:\Windows\System\mNKZNPx.exe

C:\Windows\System\mNKZNPx.exe

C:\Windows\System\ejUHJnu.exe

C:\Windows\System\ejUHJnu.exe

C:\Windows\System\YPCaaPY.exe

C:\Windows\System\YPCaaPY.exe

C:\Windows\System\jnRvEFk.exe

C:\Windows\System\jnRvEFk.exe

C:\Windows\System\CmoaHYd.exe

C:\Windows\System\CmoaHYd.exe

C:\Windows\System\HLUlnOJ.exe

C:\Windows\System\HLUlnOJ.exe

C:\Windows\System\zsGHRwb.exe

C:\Windows\System\zsGHRwb.exe

C:\Windows\System\JaCwolG.exe

C:\Windows\System\JaCwolG.exe

C:\Windows\System\iKRloSI.exe

C:\Windows\System\iKRloSI.exe

C:\Windows\System\PprKLyD.exe

C:\Windows\System\PprKLyD.exe

C:\Windows\System\Mnkkrfx.exe

C:\Windows\System\Mnkkrfx.exe

C:\Windows\System\qSHlWBR.exe

C:\Windows\System\qSHlWBR.exe

C:\Windows\System\zHeEKKp.exe

C:\Windows\System\zHeEKKp.exe

C:\Windows\System\Euowxrr.exe

C:\Windows\System\Euowxrr.exe

C:\Windows\System\cJrHRgE.exe

C:\Windows\System\cJrHRgE.exe

C:\Windows\System\CzsFTLJ.exe

C:\Windows\System\CzsFTLJ.exe

C:\Windows\System\xQKKnck.exe

C:\Windows\System\xQKKnck.exe

C:\Windows\System\pwkhTOt.exe

C:\Windows\System\pwkhTOt.exe

C:\Windows\System\lSiRCeB.exe

C:\Windows\System\lSiRCeB.exe

C:\Windows\System\jTDfwtl.exe

C:\Windows\System\jTDfwtl.exe

C:\Windows\System\dSfsTnR.exe

C:\Windows\System\dSfsTnR.exe

C:\Windows\System\IFsDuQc.exe

C:\Windows\System\IFsDuQc.exe

C:\Windows\System\jHIjlav.exe

C:\Windows\System\jHIjlav.exe

C:\Windows\System\zeMTZYj.exe

C:\Windows\System\zeMTZYj.exe

C:\Windows\System\xXaKEji.exe

C:\Windows\System\xXaKEji.exe

C:\Windows\System\ChiIJyj.exe

C:\Windows\System\ChiIJyj.exe

C:\Windows\System\rQCdjzP.exe

C:\Windows\System\rQCdjzP.exe

C:\Windows\System\xhZVbHh.exe

C:\Windows\System\xhZVbHh.exe

C:\Windows\System\EDrxfKy.exe

C:\Windows\System\EDrxfKy.exe

C:\Windows\System\utkWGIN.exe

C:\Windows\System\utkWGIN.exe

C:\Windows\System\bhqNbsr.exe

C:\Windows\System\bhqNbsr.exe

C:\Windows\System\rimrNgb.exe

C:\Windows\System\rimrNgb.exe

C:\Windows\System\Jgbtvdx.exe

C:\Windows\System\Jgbtvdx.exe

C:\Windows\System\eZnqVhk.exe

C:\Windows\System\eZnqVhk.exe

C:\Windows\System\beAJcGX.exe

C:\Windows\System\beAJcGX.exe

C:\Windows\System\jZfdTKQ.exe

C:\Windows\System\jZfdTKQ.exe

C:\Windows\System\LLkrlCM.exe

C:\Windows\System\LLkrlCM.exe

C:\Windows\System\lsTkDTx.exe

C:\Windows\System\lsTkDTx.exe

C:\Windows\System\IxuINIM.exe

C:\Windows\System\IxuINIM.exe

C:\Windows\System\FUAMGlS.exe

C:\Windows\System\FUAMGlS.exe

C:\Windows\System\acesHCp.exe

C:\Windows\System\acesHCp.exe

C:\Windows\System\PeUXsqd.exe

C:\Windows\System\PeUXsqd.exe

C:\Windows\System\acwiwrP.exe

C:\Windows\System\acwiwrP.exe

C:\Windows\System\YMVQLpH.exe

C:\Windows\System\YMVQLpH.exe

C:\Windows\System\PrxDhPM.exe

C:\Windows\System\PrxDhPM.exe

C:\Windows\System\AlySpQO.exe

C:\Windows\System\AlySpQO.exe

C:\Windows\System\KuhtiZl.exe

C:\Windows\System\KuhtiZl.exe

C:\Windows\System\dejLffa.exe

C:\Windows\System\dejLffa.exe

C:\Windows\System\MTaRTHv.exe

C:\Windows\System\MTaRTHv.exe

C:\Windows\System\nIRAfTp.exe

C:\Windows\System\nIRAfTp.exe

C:\Windows\System\LcRktyi.exe

C:\Windows\System\LcRktyi.exe

C:\Windows\System\zYYZkJw.exe

C:\Windows\System\zYYZkJw.exe

C:\Windows\System\KQcFnPU.exe

C:\Windows\System\KQcFnPU.exe

C:\Windows\System\OcxAEUG.exe

C:\Windows\System\OcxAEUG.exe

C:\Windows\System\jlQXOkV.exe

C:\Windows\System\jlQXOkV.exe

C:\Windows\System\RrvqbEg.exe

C:\Windows\System\RrvqbEg.exe

C:\Windows\System\CJJGVIW.exe

C:\Windows\System\CJJGVIW.exe

C:\Windows\System\QMxzPzv.exe

C:\Windows\System\QMxzPzv.exe

C:\Windows\System\Shmnrdg.exe

C:\Windows\System\Shmnrdg.exe

C:\Windows\System\JnpaUVN.exe

C:\Windows\System\JnpaUVN.exe

C:\Windows\System\RYXSkxP.exe

C:\Windows\System\RYXSkxP.exe

C:\Windows\System\WlqlpgX.exe

C:\Windows\System\WlqlpgX.exe

C:\Windows\System\lpxEvyV.exe

C:\Windows\System\lpxEvyV.exe

C:\Windows\System\hrxqhyh.exe

C:\Windows\System\hrxqhyh.exe

C:\Windows\System\whpOBLD.exe

C:\Windows\System\whpOBLD.exe

C:\Windows\System\FzfwdMP.exe

C:\Windows\System\FzfwdMP.exe

C:\Windows\System\UguoigX.exe

C:\Windows\System\UguoigX.exe

C:\Windows\System\PegRVvI.exe

C:\Windows\System\PegRVvI.exe

C:\Windows\System\yScWiLj.exe

C:\Windows\System\yScWiLj.exe

C:\Windows\System\akNyBlo.exe

C:\Windows\System\akNyBlo.exe

C:\Windows\System\AlnJhqv.exe

C:\Windows\System\AlnJhqv.exe

C:\Windows\System\CQjaGiN.exe

C:\Windows\System\CQjaGiN.exe

C:\Windows\System\OGHgtAK.exe

C:\Windows\System\OGHgtAK.exe

C:\Windows\System\WogihDn.exe

C:\Windows\System\WogihDn.exe

C:\Windows\System\EZQKtPR.exe

C:\Windows\System\EZQKtPR.exe

C:\Windows\System\CaZnEkv.exe

C:\Windows\System\CaZnEkv.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2908-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\VodlCVf.exe

MD5 895de4d0ae9eccd532de806cac6849c2
SHA1 307f04819dae7c464de6cd6e4a57b7c913aa5244
SHA256 ef6f0244648660472d59f8419ba5451305024b63049ad8234c0436983e3b0529
SHA512 f487137dead19ade5c0e11cc1757127fcadb07dc4f9f8ac69090f28c743772c08f8a997cda7717c5b7d4a60fe4fafc9269d5f0692eef5568cf0b387430fca919

memory/2908-29-0x00000000032F0000-0x00000000036E6000-memory.dmp

C:\Windows\system\WemLOfx.exe

MD5 04c1ee5013cc057ae8097e5681ed4658
SHA1 03da41776b1e84b57b5731407c140a153c0d6c03
SHA256 9f0927c7db358e22e2be0e6cb2c8794baa30c514057376eaab2c021423ed7490
SHA512 c136d21a3aea93dc5c4136261b90ebea89d134b7f5d8efb08748123bb31e961857312d3aa7678511d6379e818ec1ddd9106a4c83e261a62eca5cc158f8b3b1b5

C:\Windows\system\dFwqIlc.exe

MD5 24e95eeafd201e86aad098df5993f414
SHA1 0791fd815a910f39ed655a3595e79595df4c99bd
SHA256 532cacd1b668d9ea5571b4d9ab140396d1ff34b05ee16f3019828b207ce6cfdb
SHA512 16c5a8b08c4157ed5bd6dbdf8e0e98d2ea23e04cede86ec64fab4ef54aaf8a7778bab18ced081999ee9a7c0763b71db2a58e3b755c388105aa0ff5917eed57c6

memory/2544-47-0x000000013F8F0000-0x000000013FCE6000-memory.dmp

memory/2976-48-0x000000013FB50000-0x000000013FF46000-memory.dmp

memory/2908-50-0x000000013FFF0000-0x00000001403E6000-memory.dmp

memory/2908-53-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/2908-55-0x000000013FD50000-0x0000000140146000-memory.dmp

memory/2908-54-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/2908-52-0x00000000032F0000-0x00000000036E6000-memory.dmp

memory/2680-49-0x000000013F480000-0x000000013F876000-memory.dmp

C:\Windows\system\mZPMwdM.exe

MD5 17f93b1bb3a56eff15a62db896c7dcd0
SHA1 d74d5a237dab3682ae1a44d57fa8b391de9d4a8b
SHA256 6f018fe7a684e37120505173a576a1c395ec04a96def8f186677fa4f0782f606
SHA512 7d9da3a95e217c8b0d3324e8522aed791ead7a5b833ede9080c3fa3ce1a38125b69c566489b99e6c91b24ae8b071ce2a6025852ad0b60c9429032295e7c2bb5a

memory/2720-78-0x000000013F230000-0x000000013F626000-memory.dmp

memory/1516-81-0x000000013F540000-0x000000013F936000-memory.dmp

\Windows\system\QCeEkjo.exe

MD5 ac91ed90e6327da4870e325bbe165763
SHA1 9425111c03b9b1ac1dc96b91fb412920bbaab7cb
SHA256 29d2fb0e0056351f687e71b2964c5dee64e521c8c87318f8f60a23992f471b27
SHA512 637b9c26a2ac66ff6ae299314cac86f10db8f45a8b0437cfc169d7f1cf3fe775e158feabd9b0c83dd5201f72e1379292d99e75a88ac0f361e72979054286a6e7

memory/2908-83-0x0000000003480000-0x0000000003876000-memory.dmp

C:\Windows\system\ZBCtqMW.exe

MD5 85ab828b6752bae8fd05a94a8b802a41
SHA1 b75c3ad92badbe395de473a3fc6643666a19c90e
SHA256 663df731f99382da80200ba421d62a32f575b98ad90478b5bd2aabacd9d5a5a5
SHA512 8be2d150fc587aa66e63e4faa87ed102d96ce1628f7907816016f797fa10cb03d87586f10e8ec3e12e0d581bc57cd5fa4097a2d4c3a7d0c5d8cdaa506e30f926

memory/2704-66-0x000000013F670000-0x000000013FA66000-memory.dmp

C:\Windows\system\cidahTN.exe

MD5 57ef95734d4f5f7d60ae3399e739346c
SHA1 a5b48f286941f1067094352de75fe78a4a954ce4
SHA256 6076377d790b4194c033541d82100c19140f9601ec67cbe2dcadaf5aead59ed2
SHA512 4e6c3bd7c8f8dc68ccd8a3111451e6cdb360c0ddf9a61dd688086b517380caa6275a93f8f6e7a8301d14b6f6b798925e78f16a414a460a7fb2e152b9421a60e5

memory/2700-61-0x000000013FD50000-0x0000000140146000-memory.dmp

memory/2908-60-0x00000000032F0000-0x00000000036E6000-memory.dmp

memory/2672-59-0x000000013FD80000-0x0000000140176000-memory.dmp

C:\Windows\system\kasMafw.exe

MD5 44854bc92a3dcbae836222ae8bde1d51
SHA1 0fe85ef340cb7cc70a3d8f58470dda86785c4e25
SHA256 3df24b2a0c691e40c2ea08860902050cc4f69f4fc2df9a977e4b7adf8126e489
SHA512 9f1f5cc5c777836b89c411eaadf56c15e4090392933c870c0db02bb83b84161366df065e0b473c51baaaf1d4bbd46113b785bbcd6835baec7b4437874fbaa960

memory/2908-80-0x0000000003480000-0x0000000003876000-memory.dmp

memory/2764-57-0x000000013FFF0000-0x00000001403E6000-memory.dmp

memory/2540-41-0x000000013F220000-0x000000013F616000-memory.dmp

C:\Windows\system\pxXeUtu.exe

MD5 78c651d58d26f030811f7cddf56a9b53
SHA1 0fa5759a6dfe09b678b95f9acc30d6a2e07b8d63
SHA256 333df8c320a1babaaeca36ed9c1681bff4885f45d7c05968666b7b4a3d63d981
SHA512 af8a1eb10390c0a85bf2a081d0d070c85b81f583eab2ab2a199baff6ba56e946304ddf1259ecd29cd978caea4665ddbcdeaf19d99a8078ef0eaef930dbfca5ad

C:\Windows\system\JhCOOYj.exe

MD5 418d9e87dfe0107b08e10d65800c6e7a
SHA1 74bc4993669caa54ba8f94f686d52557a031d262
SHA256 ed8ac94598cdd79ad105f871f156dc5c6f60e7123e84aa0b5a5e996e1f2f9a83
SHA512 c641624ffea791c6846991ecd6c6ecbb4ce96652f6dcd8bf7a39af997b80327b09a696d9df01a2e657a73a8a451a2b0242a4d51c9381dcf25c5cbf57f74a13e3

C:\Windows\system\GwchhMM.exe

MD5 dc68bd976fbf69145f2f20ac484686de
SHA1 c51bffd346c25f1206a0f31c88bfbaafbcf3138b
SHA256 f3999f1399a5fe6762304aa0d6b8405103c52707e793bc5f683d0813ceb9cc5d
SHA512 3abd338ffef5a46b51aadc22ee107d17283e2cfb7bc66c0caa5bf2780fc2bd02bfdb0339168931b28c831aefdbb846fdedc9c738d05ceed0834d3290cea06338

memory/2908-1318-0x000000013FB50000-0x000000013FF46000-memory.dmp

memory/2784-1473-0x000000001B670000-0x000000001B952000-memory.dmp

memory/2908-374-0x000000013F4C0000-0x000000013F8B6000-memory.dmp

C:\Windows\system\ZuxUUXo.exe

MD5 a446e30a046a6ddf47e73c346f23f6fd
SHA1 d7b66f3cc9f852c2117945d9ed8cf473985f4cd6
SHA256 dc81ca05143209382e9e7f89d6a695e5754de75dff12b6365da234c378d56732
SHA512 dfc729f7b9c93f2dd978675fbbe2c8ea5becb0595229ff2b4f15c75c9b7782526c254e478b13d893ed9a6a9bd214cc74819ddb96e95586ba02e23a1df1050ca6

C:\Windows\system\sTkzbnV.exe

MD5 eec20a8d26b09f5282eaac9fa4f32913
SHA1 c1bcd63f8e0fffc4a829df546fc49b71dd4d6974
SHA256 2d9c72267fee97c8907ed6d7c150527ba1927bcb592276be80366fd611ba1457
SHA512 5d61896d8891fe0350e9395ae20bb7d42c558d45fee6a4c415eee717f3a2518f38b6cfa1fa9daaaae730233b83f679e0d75aa0fecd648f8c2098381a6f53cdee

C:\Windows\system\iuONBoZ.exe

MD5 580ffe70ebc860a4381cef482e4ab697
SHA1 425ffd81f343ecf88ee9f9950278996d6c4a6151
SHA256 8a3e923898bc40f8106e97e158771adc2413e6236c776c48a0311ad88b4dc926
SHA512 d5ffca0c453c9fcee0783ce5f6520bcf0ebf222ee881795cf9f56e63ff7337d0509b85ddcbd030c356a9f2ad8be179cc568ac841238d9089a7039e538dff7cdd

C:\Windows\system\NxBeiqg.exe

MD5 93ace19017ad9d06d565480bf078e818
SHA1 b031452a820484be6528b1fbf4c6f35d4f37a8cd
SHA256 60f4b8555865a79d3597e1554919beeb3bcb6e7c8ca6816b71ef923a927ffdcb
SHA512 937fd4fffc7f11a09937d305166c56557121ed5be0e64761836003e6ce4b9ed0a15c7a8b66138e98de627b13eed1b4327122b80fb5f5ee556763c31dff822a02

C:\Windows\system\UzxXEee.exe

MD5 a2104732707c9a3b2b6d4d3c3f5f3f28
SHA1 8e75ca319a3db4b9e82d2be940b7ac385f8a2a0c
SHA256 2659c22e6775249194130535e26c03cd56782d805d86bc22291073afb23a8f14
SHA512 31fd4b38f8d75e8578e85571321f994b12899d823e341259a32abf0af6ee5cf597628d686b0d9f394bfb02fe365e3fa6d2da278364439662c0f10567fae591c4

C:\Windows\system\gnYSWTh.exe

MD5 bd5bbbb3677eed3cc33b1b18f4d675fb
SHA1 19273270d87e300d9a8b1ec4d93c8553bc668b0d
SHA256 499f43c854ed014e0e2f023889ddd925bbedd5f0204cacd17031b998ac458c20
SHA512 1112ab84cc1e3a1085ef4e78d4ffc61c9bce290ca92dda28b558be4da23747906ef0126f016e8ea92f44c70189308942eceeb5c58d6f6275a0e6766e95f60519

C:\Windows\system\qRwORIs.exe

MD5 1978f942e22971f8581f2d0fefa6f0b5
SHA1 c5c7baa305e8d179577eb4f71162c2f7337ca3d3
SHA256 24afa8b8d0d44335e5bec575060fd10951a0e06dadcc90664ca17974733be22c
SHA512 519e31c07a347c3ebc1b1a78b0580ea3bcfe286c83a0fc2686627b73b3666b1728fc01f1922e23bff8c82ce57c29afa3f4b93dcede960957fcda54bdabe83a00

C:\Windows\system\XhYXFDE.exe

MD5 54bd3a59c16ed306046ac12c81a6158f
SHA1 f460a05712d4d580c4e6cc67871c8af366bcf52d
SHA256 3ba6f508019360fa5d38a61436c9622f8e5febd4d255647ce3da537542d7b5c5
SHA512 860f2b3d08696bef152712ee389065e5b9b8873b4314bbb2b0f9473181b9eb3830445853e58c24bcbd69fd9adc6f45ff6b566f2d21b2e0683d5da7ce9d6005a2

C:\Windows\system\UBCAROS.exe

MD5 113f60e3d613d817b99e5ac72b10775b
SHA1 4d5046ce3a2364ad32c721de1225f76a787762ef
SHA256 74d17d29201b0064c989926e3cadfdb7afa9b199f4703d37b4a8157156305dcb
SHA512 98679ed8b60ae7e60861e5e75cf56e28732dcc915aee8135fc5a5e109abc75221ec49c7057dfb6c57eea616276281e6936d618b13e545a497f08a5893e922128

C:\Windows\system\clIVPZu.exe

MD5 8a3d37b1b43cb2e1c0769afb022fe447
SHA1 70d578fcc5a84395390037307a10533bb70183b0
SHA256 5db91bc4fafea7881b9ee0921d954acf7483f7bd238aa9d8d07a21d87c970c31
SHA512 281fb7c9941e894dc4e773bf05f4d511a9c0174ed153b2f69e925a51531de6cedcdfde57787b8f3c4ad1b0a6254ae42ac31b6104dc532c547bef05ee674849c8

C:\Windows\system\uVUEuRv.exe

MD5 8a9f7bca83d62f65832fc28eda87a050
SHA1 34e1fba15f61490852f48902e6d3c30c475a7a8d
SHA256 2a60f5509885d004572f619820e2ade24c3cf517e026681bfde9a44502964d31
SHA512 206cbf49def76b3d55f721aec97cf1358c0eded460b295194d0c088ba351571eb4986a2c36f9cdc1decce205b12f6ce0abee9295f23f9e99522e5b759db600eb

C:\Windows\system\QpUCjnc.exe

MD5 d9976a4b5f5aef8834c0d2be5d23107b
SHA1 0ac513a1a9107e31fa1721df6416a3dc9bd7bc9d
SHA256 21ad764ae00cb2c578b57688b77ec55001eb1c00b3ca93f5329004c2c947dc19
SHA512 0c588b90a8a571f4eb7c8b5600b6b60e7535828ee9667a4bd472677663612717d1a20c6df08be3ff27465e4b90744ff74728325665be647c4cda2e20e234af2b

C:\Windows\system\wHfylea.exe

MD5 591d59914513cb173797030e5b35f3fc
SHA1 7c47ef91fb6395154e625df1334d05db3d5597eb
SHA256 f1ed9f74f87a63934562a2022df5145e13937d6d2c43c99064b132bf11b14395
SHA512 0c6be32f997a5dfd1cd1f6c931244482b19f730143870405d40869daa04ee100d230db9fca4dcc802b0ce599cc0aab5145df90ae37c8aaee89612cc00b6517d6

\Windows\system\JJCKfkM.exe

MD5 2b8a2b7bd2697b0ece5093c07e977169
SHA1 52a0b6e200e7a1278d19feb4552bd60063e1c50f
SHA256 58e7e2f68626484d5ea34a64faee248a7209407630da56e1e59a37ed9985e9b8
SHA512 f19918e8595d3d0e486e55d39b633613bb3217a61f9e795e8583a387abb7f4bcf6627e4bf53cea8c9078fb827d0c36f69805052bc8720127bcfe9859952f19d9

C:\Windows\system\ANKhMXs.exe

MD5 dd209ae49958dc17c6096e7128c45e15
SHA1 740f6cd82bb46f8c872f7165ac2efcfe56dcb824
SHA256 b0399b41c4efeb184e03bdfc02246e1da130a184ba03fc2d317b7b70e150a728
SHA512 6278281e91a1a9fc09e624cd05d8b9898755abd7d92c560b2300f6d1d71f107f87085eaae72f1307d97b9246dcec8b4d0dce660ed9a611e99e31ae754c088611

memory/2612-88-0x000000013F330000-0x000000013F726000-memory.dmp

C:\Windows\system\HLhuSfl.exe

MD5 74b223ae878e049e72319dbe74da9e56
SHA1 9a5edae4c86e4b7c921bc269157498aa48f8ae11
SHA256 8d1585ab3952e7a85c9bd13e818cb3f0d4738e34242a4d02bc98184a02fe1591
SHA512 48f66511a3774453b68e805ca29056edf4d32a9805080ca99471ceff8f5854cd6f477e65dc7b2a2787160509fc9042d217ea61ba660938ff271e5384a1996b87

C:\Windows\system\leqloQP.exe

MD5 0fa50ff7038d834c528b8d878fb115da
SHA1 19bf67871796784ed956b16ab1649c73d8e2213c
SHA256 b22bde62a081dcf8d8dcc25618bb0530bd8c2ddae4caa7d5c4b31b1a38944894
SHA512 5ab0c80a7adf72cb5e8758fb5bd641d37ded324d8ca477b88a23c11d31f595dc209d942d7a6530ad71b1c6e4fbd1ae5807bef99eac519d4804f3ec9a8f9528cb

memory/2908-15-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/2952-34-0x000000013F3A0000-0x000000013F796000-memory.dmp

C:\Windows\system\VapfMFD.exe

MD5 3c0f5b848228d5e0392f5c1b8337d728
SHA1 73b39cb80d2f8d2aba04c93672396035fbaed3cf
SHA256 c43591e643974e4bfd41753d9178d8c801b5e9d159338c93d8127f7921d17840
SHA512 2c19cbbf0cdea737c62eaa5faaf448308bc2112b6ca99ed250ec39d49a56257ff13bfbea57fe174bf979b912ce71a6259c36d34b754932102e7013b2293380be

C:\Windows\system\ATwbqgT.exe

MD5 9ed11efb6e71de82221a377cabe016bc
SHA1 b8ea4f99f7a174b4fe3ef6059e5ecde9468be11a
SHA256 ccd4f771d791a0d079d34b52b1ec08774095e6487e66d15f325b3ef3cc1139bb
SHA512 8241aba2d6e3c33f1831ccb649979441225650fccda6adacbae47cc440bba48433e31770a40d295d069c101345ff565ef032fe9a0c3819562601dfe4f944d4b7

C:\Windows\system\OrIJopO.exe

MD5 0c73977c7d98d7b192adefb25adebc68
SHA1 3fe0f87b5224985543adce2bbd7ac0541c2cc790
SHA256 c6e26238429a558e176b533bfa6317c5d2ff7fb41785c9f243b0aa41434548fd
SHA512 4da63845f629faf23386f0a4104e5402f7d8cc149b80f8e987a6f42c72a5e09adf8af1361657b62c86d5a69d85b08b2e19f39aee77f7d37cd0e1836e522d6d3d

C:\Windows\system\aRCvJzz.exe

MD5 b626aa02c60748cbb17a440660446e50
SHA1 701f0ba4e072170a30cd0b1e6fa1ddd3fa19ac82
SHA256 1b67f674a63673d89d3071778e5f3274753995e8271696374c10cca040850602
SHA512 8a55b5fe88bf8c9a84fc17189f98ba23a2fc0dd4c723a45c16cae74c9729d05cb612b9bfa8de4e8414e04fb90dbc33665201af52161418aa22ae39e4d4923c8b

memory/2908-2-0x000000013F4C0000-0x000000013F8B6000-memory.dmp

memory/2784-1809-0x0000000002790000-0x0000000002798000-memory.dmp

memory/2700-2961-0x000000013FD50000-0x0000000140146000-memory.dmp

memory/2704-3191-0x000000013F670000-0x000000013FA66000-memory.dmp

memory/2908-3504-0x0000000003480000-0x0000000003876000-memory.dmp

memory/2764-6075-0x000000013FFF0000-0x00000001403E6000-memory.dmp

memory/2672-6105-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/2720-6135-0x000000013F230000-0x000000013F626000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 11:21

Reported

2024-06-13 11:23

Platform

win10v2004-20240508-en

Max time kernel

73s

Max time network

66s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\OcAIqvt.exe N/A
N/A N/A C:\Windows\System\mCWJEwi.exe N/A
N/A N/A C:\Windows\System\bnbVcIw.exe N/A
N/A N/A C:\Windows\System\fdLHwzZ.exe N/A
N/A N/A C:\Windows\System\wHGzDyY.exe N/A
N/A N/A C:\Windows\System\neTOdUR.exe N/A
N/A N/A C:\Windows\System\YgCFzyC.exe N/A
N/A N/A C:\Windows\System\tGFaTPU.exe N/A
N/A N/A C:\Windows\System\xqhiIHL.exe N/A
N/A N/A C:\Windows\System\hAYTjBZ.exe N/A
N/A N/A C:\Windows\System\baXDJLx.exe N/A
N/A N/A C:\Windows\System\PHXChxP.exe N/A
N/A N/A C:\Windows\System\dqOCEeG.exe N/A
N/A N/A C:\Windows\System\KvnkNyp.exe N/A
N/A N/A C:\Windows\System\WefbJNQ.exe N/A
N/A N/A C:\Windows\System\FLmqzIi.exe N/A
N/A N/A C:\Windows\System\MZYYlOO.exe N/A
N/A N/A C:\Windows\System\cqqlUEF.exe N/A
N/A N/A C:\Windows\System\WiFRwsw.exe N/A
N/A N/A C:\Windows\System\ONVLRwF.exe N/A
N/A N/A C:\Windows\System\uMVMrJJ.exe N/A
N/A N/A C:\Windows\System\YiaxNcz.exe N/A
N/A N/A C:\Windows\System\IcIOOok.exe N/A
N/A N/A C:\Windows\System\qFsXMIM.exe N/A
N/A N/A C:\Windows\System\QDcdxAQ.exe N/A
N/A N/A C:\Windows\System\gvoHXrB.exe N/A
N/A N/A C:\Windows\System\yqcyFlV.exe N/A
N/A N/A C:\Windows\System\bbEWGSi.exe N/A
N/A N/A C:\Windows\System\ZbzGmfd.exe N/A
N/A N/A C:\Windows\System\NOIjzkd.exe N/A
N/A N/A C:\Windows\System\wJLZuBW.exe N/A
N/A N/A C:\Windows\System\ymcFEWq.exe N/A
N/A N/A C:\Windows\System\dQMqbSf.exe N/A
N/A N/A C:\Windows\System\zkhmwCi.exe N/A
N/A N/A C:\Windows\System\qqZebVy.exe N/A
N/A N/A C:\Windows\System\jfYsbKw.exe N/A
N/A N/A C:\Windows\System\nBcPpAw.exe N/A
N/A N/A C:\Windows\System\HIkGbJh.exe N/A
N/A N/A C:\Windows\System\DMQiays.exe N/A
N/A N/A C:\Windows\System\lOfuEvm.exe N/A
N/A N/A C:\Windows\System\AQTKHsJ.exe N/A
N/A N/A C:\Windows\System\vdfYBIs.exe N/A
N/A N/A C:\Windows\System\RapQzsX.exe N/A
N/A N/A C:\Windows\System\dKBRfta.exe N/A
N/A N/A C:\Windows\System\oTYxgYf.exe N/A
N/A N/A C:\Windows\System\kmzFhCJ.exe N/A
N/A N/A C:\Windows\System\vqckwld.exe N/A
N/A N/A C:\Windows\System\uuALtRy.exe N/A
N/A N/A C:\Windows\System\sbtGloK.exe N/A
N/A N/A C:\Windows\System\HQyVODi.exe N/A
N/A N/A C:\Windows\System\NWBmanR.exe N/A
N/A N/A C:\Windows\System\sLgdPvD.exe N/A
N/A N/A C:\Windows\System\tIaifot.exe N/A
N/A N/A C:\Windows\System\QqAxkuM.exe N/A
N/A N/A C:\Windows\System\JHmIWjb.exe N/A
N/A N/A C:\Windows\System\lJrmzQt.exe N/A
N/A N/A C:\Windows\System\Ryfkjfg.exe N/A
N/A N/A C:\Windows\System\NGdeTlP.exe N/A
N/A N/A C:\Windows\System\TwsxNqx.exe N/A
N/A N/A C:\Windows\System\fKcYnUv.exe N/A
N/A N/A C:\Windows\System\nIegLmo.exe N/A
N/A N/A C:\Windows\System\xcApsUV.exe N/A
N/A N/A C:\Windows\System\eACecYs.exe N/A
N/A N/A C:\Windows\System\MouRcLJ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wwHwNDA.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\YloUzwM.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\cquemqp.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAMdtua.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\oqhrLft.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHpDAIC.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\nBcPpAw.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\zJIAXRk.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\vxmUrIO.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\jjZzSGb.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\VJjKLTe.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\njpdAyt.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\bxbQaBy.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\xcApsUV.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\GQMJZvC.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\tsjwyZI.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJSJEht.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\zepXAbL.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzxwOOo.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\esFRxQs.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\SDsPLyZ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\aQibYCY.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ykVtjGG.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOHYQSP.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\pnGjzmO.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOumEHg.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHlkbPj.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\LPTZCYG.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMDFcOe.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\nnUqmxo.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\sLgdPvD.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\cZkZQOq.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\bpYZuda.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\pRybcmW.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNtbrLx.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\gwERCOo.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\nQrKXZI.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\USrgacI.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\ksMDpDW.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\atnLHdP.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\uSepkXd.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdMtvwH.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGhPvSW.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\UlELGSY.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\fYHFoQI.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\uFoOSmS.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\UCotuiJ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\fwZCWEC.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXEauCA.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\TjSwlZR.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwAxfbN.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\kvdaach.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\rjhTSVk.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvtWTCJ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrKUHes.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgRgcNN.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\jEOnGFa.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\poLleoz.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\qRAuPLi.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRDkmiU.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\zhdQxDH.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\hAYTjBZ.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\wJLZuBW.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
File created C:\Windows\System\HIkGbJh.exe C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4928 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4928 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4928 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\OcAIqvt.exe
PID 4928 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\OcAIqvt.exe
PID 4928 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\mCWJEwi.exe
PID 4928 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\mCWJEwi.exe
PID 4928 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\bnbVcIw.exe
PID 4928 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\bnbVcIw.exe
PID 4928 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\fdLHwzZ.exe
PID 4928 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\fdLHwzZ.exe
PID 4928 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\wHGzDyY.exe
PID 4928 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\wHGzDyY.exe
PID 4928 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\neTOdUR.exe
PID 4928 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\neTOdUR.exe
PID 4928 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\YgCFzyC.exe
PID 4928 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\YgCFzyC.exe
PID 4928 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\tGFaTPU.exe
PID 4928 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\tGFaTPU.exe
PID 4928 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\xqhiIHL.exe
PID 4928 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\xqhiIHL.exe
PID 4928 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\hAYTjBZ.exe
PID 4928 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\hAYTjBZ.exe
PID 4928 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\baXDJLx.exe
PID 4928 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\baXDJLx.exe
PID 4928 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\PHXChxP.exe
PID 4928 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\PHXChxP.exe
PID 4928 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\dqOCEeG.exe
PID 4928 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\dqOCEeG.exe
PID 4928 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\KvnkNyp.exe
PID 4928 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\KvnkNyp.exe
PID 4928 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\WefbJNQ.exe
PID 4928 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\WefbJNQ.exe
PID 4928 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\FLmqzIi.exe
PID 4928 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\FLmqzIi.exe
PID 4928 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\MZYYlOO.exe
PID 4928 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\MZYYlOO.exe
PID 4928 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\cqqlUEF.exe
PID 4928 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\cqqlUEF.exe
PID 4928 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\WiFRwsw.exe
PID 4928 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\WiFRwsw.exe
PID 4928 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ONVLRwF.exe
PID 4928 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ONVLRwF.exe
PID 4928 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\uMVMrJJ.exe
PID 4928 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\uMVMrJJ.exe
PID 4928 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\YiaxNcz.exe
PID 4928 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\YiaxNcz.exe
PID 4928 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\IcIOOok.exe
PID 4928 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\IcIOOok.exe
PID 4928 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\qFsXMIM.exe
PID 4928 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\qFsXMIM.exe
PID 4928 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\QDcdxAQ.exe
PID 4928 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\QDcdxAQ.exe
PID 4928 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\gvoHXrB.exe
PID 4928 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\gvoHXrB.exe
PID 4928 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\yqcyFlV.exe
PID 4928 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\yqcyFlV.exe
PID 4928 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\bbEWGSi.exe
PID 4928 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\bbEWGSi.exe
PID 4928 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ZbzGmfd.exe
PID 4928 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\ZbzGmfd.exe
PID 4928 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\NOIjzkd.exe
PID 4928 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\NOIjzkd.exe
PID 4928 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\wJLZuBW.exe
PID 4928 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe C:\Windows\System\wJLZuBW.exe

Processes

C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\77ac1342e03717ea2330f93a12666280_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\OcAIqvt.exe

C:\Windows\System\OcAIqvt.exe

C:\Windows\System\mCWJEwi.exe

C:\Windows\System\mCWJEwi.exe

C:\Windows\System\bnbVcIw.exe

C:\Windows\System\bnbVcIw.exe

C:\Windows\System\fdLHwzZ.exe

C:\Windows\System\fdLHwzZ.exe

C:\Windows\System\wHGzDyY.exe

C:\Windows\System\wHGzDyY.exe

C:\Windows\System\neTOdUR.exe

C:\Windows\System\neTOdUR.exe

C:\Windows\System\YgCFzyC.exe

C:\Windows\System\YgCFzyC.exe

C:\Windows\System\tGFaTPU.exe

C:\Windows\System\tGFaTPU.exe

C:\Windows\System\xqhiIHL.exe

C:\Windows\System\xqhiIHL.exe

C:\Windows\System\hAYTjBZ.exe

C:\Windows\System\hAYTjBZ.exe

C:\Windows\System\baXDJLx.exe

C:\Windows\System\baXDJLx.exe

C:\Windows\System\PHXChxP.exe

C:\Windows\System\PHXChxP.exe

C:\Windows\System\dqOCEeG.exe

C:\Windows\System\dqOCEeG.exe

C:\Windows\System\KvnkNyp.exe

C:\Windows\System\KvnkNyp.exe

C:\Windows\System\WefbJNQ.exe

C:\Windows\System\WefbJNQ.exe

C:\Windows\System\FLmqzIi.exe

C:\Windows\System\FLmqzIi.exe

C:\Windows\System\MZYYlOO.exe

C:\Windows\System\MZYYlOO.exe

C:\Windows\System\cqqlUEF.exe

C:\Windows\System\cqqlUEF.exe

C:\Windows\System\WiFRwsw.exe

C:\Windows\System\WiFRwsw.exe

C:\Windows\System\ONVLRwF.exe

C:\Windows\System\ONVLRwF.exe

C:\Windows\System\uMVMrJJ.exe

C:\Windows\System\uMVMrJJ.exe

C:\Windows\System\YiaxNcz.exe

C:\Windows\System\YiaxNcz.exe

C:\Windows\System\IcIOOok.exe

C:\Windows\System\IcIOOok.exe

C:\Windows\System\qFsXMIM.exe

C:\Windows\System\qFsXMIM.exe

C:\Windows\System\QDcdxAQ.exe

C:\Windows\System\QDcdxAQ.exe

C:\Windows\System\gvoHXrB.exe

C:\Windows\System\gvoHXrB.exe

C:\Windows\System\yqcyFlV.exe

C:\Windows\System\yqcyFlV.exe

C:\Windows\System\bbEWGSi.exe

C:\Windows\System\bbEWGSi.exe

C:\Windows\System\ZbzGmfd.exe

C:\Windows\System\ZbzGmfd.exe

C:\Windows\System\NOIjzkd.exe

C:\Windows\System\NOIjzkd.exe

C:\Windows\System\wJLZuBW.exe

C:\Windows\System\wJLZuBW.exe

C:\Windows\System\ymcFEWq.exe

C:\Windows\System\ymcFEWq.exe

C:\Windows\System\dQMqbSf.exe

C:\Windows\System\dQMqbSf.exe

C:\Windows\System\zkhmwCi.exe

C:\Windows\System\zkhmwCi.exe

C:\Windows\System\qqZebVy.exe

C:\Windows\System\qqZebVy.exe

C:\Windows\System\jfYsbKw.exe

C:\Windows\System\jfYsbKw.exe

C:\Windows\System\nBcPpAw.exe

C:\Windows\System\nBcPpAw.exe

C:\Windows\System\DMQiays.exe

C:\Windows\System\DMQiays.exe

C:\Windows\System\HIkGbJh.exe

C:\Windows\System\HIkGbJh.exe

C:\Windows\System\lOfuEvm.exe

C:\Windows\System\lOfuEvm.exe

C:\Windows\System\AQTKHsJ.exe

C:\Windows\System\AQTKHsJ.exe

C:\Windows\System\vdfYBIs.exe

C:\Windows\System\vdfYBIs.exe

C:\Windows\System\RapQzsX.exe

C:\Windows\System\RapQzsX.exe

C:\Windows\System\dKBRfta.exe

C:\Windows\System\dKBRfta.exe

C:\Windows\System\oTYxgYf.exe

C:\Windows\System\oTYxgYf.exe

C:\Windows\System\kmzFhCJ.exe

C:\Windows\System\kmzFhCJ.exe

C:\Windows\System\vqckwld.exe

C:\Windows\System\vqckwld.exe

C:\Windows\System\uuALtRy.exe

C:\Windows\System\uuALtRy.exe

C:\Windows\System\sbtGloK.exe

C:\Windows\System\sbtGloK.exe

C:\Windows\System\HQyVODi.exe

C:\Windows\System\HQyVODi.exe

C:\Windows\System\NWBmanR.exe

C:\Windows\System\NWBmanR.exe

C:\Windows\System\sLgdPvD.exe

C:\Windows\System\sLgdPvD.exe

C:\Windows\System\tIaifot.exe

C:\Windows\System\tIaifot.exe

C:\Windows\System\QqAxkuM.exe

C:\Windows\System\QqAxkuM.exe

C:\Windows\System\JHmIWjb.exe

C:\Windows\System\JHmIWjb.exe

C:\Windows\System\lJrmzQt.exe

C:\Windows\System\lJrmzQt.exe

C:\Windows\System\Ryfkjfg.exe

C:\Windows\System\Ryfkjfg.exe

C:\Windows\System\NGdeTlP.exe

C:\Windows\System\NGdeTlP.exe

C:\Windows\System\TwsxNqx.exe

C:\Windows\System\TwsxNqx.exe

C:\Windows\System\fKcYnUv.exe

C:\Windows\System\fKcYnUv.exe

C:\Windows\System\nIegLmo.exe

C:\Windows\System\nIegLmo.exe

C:\Windows\System\xcApsUV.exe

C:\Windows\System\xcApsUV.exe

C:\Windows\System\eACecYs.exe

C:\Windows\System\eACecYs.exe

C:\Windows\System\MouRcLJ.exe

C:\Windows\System\MouRcLJ.exe

C:\Windows\System\fqbaLkp.exe

C:\Windows\System\fqbaLkp.exe

C:\Windows\System\eqwjQCR.exe

C:\Windows\System\eqwjQCR.exe

C:\Windows\System\sJXuCWY.exe

C:\Windows\System\sJXuCWY.exe

C:\Windows\System\xrxOEcT.exe

C:\Windows\System\xrxOEcT.exe

C:\Windows\System\IdYxkVI.exe

C:\Windows\System\IdYxkVI.exe

C:\Windows\System\kXEjBYL.exe

C:\Windows\System\kXEjBYL.exe

C:\Windows\System\GtRXrTi.exe

C:\Windows\System\GtRXrTi.exe

C:\Windows\System\ixKUYoE.exe

C:\Windows\System\ixKUYoE.exe

C:\Windows\System\vVMJNWX.exe

C:\Windows\System\vVMJNWX.exe

C:\Windows\System\lzndHGR.exe

C:\Windows\System\lzndHGR.exe

C:\Windows\System\WOBMzEE.exe

C:\Windows\System\WOBMzEE.exe

C:\Windows\System\RBXKfkH.exe

C:\Windows\System\RBXKfkH.exe

C:\Windows\System\CESrscU.exe

C:\Windows\System\CESrscU.exe

C:\Windows\System\ZrIkMTa.exe

C:\Windows\System\ZrIkMTa.exe

C:\Windows\System\UGcdzWn.exe

C:\Windows\System\UGcdzWn.exe

C:\Windows\System\XmvpKdD.exe

C:\Windows\System\XmvpKdD.exe

C:\Windows\System\wSvUqgX.exe

C:\Windows\System\wSvUqgX.exe

C:\Windows\System\ffZApGG.exe

C:\Windows\System\ffZApGG.exe

C:\Windows\System\xoISdkg.exe

C:\Windows\System\xoISdkg.exe

C:\Windows\System\dbIjOxu.exe

C:\Windows\System\dbIjOxu.exe

C:\Windows\System\QRUefeW.exe

C:\Windows\System\QRUefeW.exe

C:\Windows\System\cZkZQOq.exe

C:\Windows\System\cZkZQOq.exe

C:\Windows\System\OtoQmHa.exe

C:\Windows\System\OtoQmHa.exe

C:\Windows\System\nlOtJsK.exe

C:\Windows\System\nlOtJsK.exe

C:\Windows\System\vOhozND.exe

C:\Windows\System\vOhozND.exe

C:\Windows\System\ZApIURl.exe

C:\Windows\System\ZApIURl.exe

C:\Windows\System\lEcGwaO.exe

C:\Windows\System\lEcGwaO.exe

C:\Windows\System\lYNxIfx.exe

C:\Windows\System\lYNxIfx.exe

C:\Windows\System\BqPUywt.exe

C:\Windows\System\BqPUywt.exe

C:\Windows\System\bOeUzch.exe

C:\Windows\System\bOeUzch.exe

C:\Windows\System\GQMJZvC.exe

C:\Windows\System\GQMJZvC.exe

C:\Windows\System\HNaYqGw.exe

C:\Windows\System\HNaYqGw.exe

C:\Windows\System\WeJTZXe.exe

C:\Windows\System\WeJTZXe.exe

C:\Windows\System\oEfQPpa.exe

C:\Windows\System\oEfQPpa.exe

C:\Windows\System\gQdQUtv.exe

C:\Windows\System\gQdQUtv.exe

C:\Windows\System\lEAfvrW.exe

C:\Windows\System\lEAfvrW.exe

C:\Windows\System\awIvpzM.exe

C:\Windows\System\awIvpzM.exe

C:\Windows\System\ETsOHOR.exe

C:\Windows\System\ETsOHOR.exe

C:\Windows\System\HbThWgD.exe

C:\Windows\System\HbThWgD.exe

C:\Windows\System\AdHAYJk.exe

C:\Windows\System\AdHAYJk.exe

C:\Windows\System\qdzHwtr.exe

C:\Windows\System\qdzHwtr.exe

C:\Windows\System\XZwENkc.exe

C:\Windows\System\XZwENkc.exe

C:\Windows\System\HdVwqQV.exe

C:\Windows\System\HdVwqQV.exe

C:\Windows\System\aQibYCY.exe

C:\Windows\System\aQibYCY.exe

C:\Windows\System\uFoOSmS.exe

C:\Windows\System\uFoOSmS.exe

C:\Windows\System\VDJrAFB.exe

C:\Windows\System\VDJrAFB.exe

C:\Windows\System\Sqklfis.exe

C:\Windows\System\Sqklfis.exe

C:\Windows\System\zPQVUdC.exe

C:\Windows\System\zPQVUdC.exe

C:\Windows\System\MwSeLWW.exe

C:\Windows\System\MwSeLWW.exe

C:\Windows\System\AldhBRM.exe

C:\Windows\System\AldhBRM.exe

C:\Windows\System\FTosJYW.exe

C:\Windows\System\FTosJYW.exe

C:\Windows\System\TcCVyUj.exe

C:\Windows\System\TcCVyUj.exe

C:\Windows\System\bgSTrdx.exe

C:\Windows\System\bgSTrdx.exe

C:\Windows\System\RYNodfK.exe

C:\Windows\System\RYNodfK.exe

C:\Windows\System\eRKUGsj.exe

C:\Windows\System\eRKUGsj.exe

C:\Windows\System\kVNlXRU.exe

C:\Windows\System\kVNlXRU.exe

C:\Windows\System\SPpVxCg.exe

C:\Windows\System\SPpVxCg.exe

C:\Windows\System\igIdLOd.exe

C:\Windows\System\igIdLOd.exe

C:\Windows\System\GMSzZaV.exe

C:\Windows\System\GMSzZaV.exe

C:\Windows\System\LNuNMnP.exe

C:\Windows\System\LNuNMnP.exe

C:\Windows\System\pHDDWvF.exe

C:\Windows\System\pHDDWvF.exe

C:\Windows\System\KxvXDyX.exe

C:\Windows\System\KxvXDyX.exe

C:\Windows\System\cSuyouI.exe

C:\Windows\System\cSuyouI.exe

C:\Windows\System\fJVnDWC.exe

C:\Windows\System\fJVnDWC.exe

C:\Windows\System\AfiSDdQ.exe

C:\Windows\System\AfiSDdQ.exe

C:\Windows\System\xCtqhmW.exe

C:\Windows\System\xCtqhmW.exe

C:\Windows\System\rIGNFWi.exe

C:\Windows\System\rIGNFWi.exe

C:\Windows\System\UCotuiJ.exe

C:\Windows\System\UCotuiJ.exe

C:\Windows\System\GuWItOT.exe

C:\Windows\System\GuWItOT.exe

C:\Windows\System\yhjOEkY.exe

C:\Windows\System\yhjOEkY.exe

C:\Windows\System\ptAguwq.exe

C:\Windows\System\ptAguwq.exe

C:\Windows\System\WciGtqu.exe

C:\Windows\System\WciGtqu.exe

C:\Windows\System\rjhTSVk.exe

C:\Windows\System\rjhTSVk.exe

C:\Windows\System\wlyhbac.exe

C:\Windows\System\wlyhbac.exe

C:\Windows\System\XebDyzN.exe

C:\Windows\System\XebDyzN.exe

C:\Windows\System\XxwBjzo.exe

C:\Windows\System\XxwBjzo.exe

C:\Windows\System\NedFMnp.exe

C:\Windows\System\NedFMnp.exe

C:\Windows\System\USrgacI.exe

C:\Windows\System\USrgacI.exe

C:\Windows\System\XBOJkUa.exe

C:\Windows\System\XBOJkUa.exe

C:\Windows\System\bpYZuda.exe

C:\Windows\System\bpYZuda.exe

C:\Windows\System\YVnkROj.exe

C:\Windows\System\YVnkROj.exe

C:\Windows\System\tsjwyZI.exe

C:\Windows\System\tsjwyZI.exe

C:\Windows\System\adWsKVW.exe

C:\Windows\System\adWsKVW.exe

C:\Windows\System\RXWCOdr.exe

C:\Windows\System\RXWCOdr.exe

C:\Windows\System\NvtWTCJ.exe

C:\Windows\System\NvtWTCJ.exe

C:\Windows\System\BODTDrI.exe

C:\Windows\System\BODTDrI.exe

C:\Windows\System\RoZaVmw.exe

C:\Windows\System\RoZaVmw.exe

C:\Windows\System\jNflfGK.exe

C:\Windows\System\jNflfGK.exe

C:\Windows\System\XTnKhWx.exe

C:\Windows\System\XTnKhWx.exe

C:\Windows\System\gQttNtp.exe

C:\Windows\System\gQttNtp.exe

C:\Windows\System\PyIOhmi.exe

C:\Windows\System\PyIOhmi.exe

C:\Windows\System\gEAwFAv.exe

C:\Windows\System\gEAwFAv.exe

C:\Windows\System\IuQkmLT.exe

C:\Windows\System\IuQkmLT.exe

C:\Windows\System\KomMxfw.exe

C:\Windows\System\KomMxfw.exe

C:\Windows\System\wxkcBxm.exe

C:\Windows\System\wxkcBxm.exe

C:\Windows\System\poLleoz.exe

C:\Windows\System\poLleoz.exe

C:\Windows\System\ICTszQm.exe

C:\Windows\System\ICTszQm.exe

C:\Windows\System\gYMXSib.exe

C:\Windows\System\gYMXSib.exe

C:\Windows\System\lXMfRyS.exe

C:\Windows\System\lXMfRyS.exe

C:\Windows\System\oyOtrEv.exe

C:\Windows\System\oyOtrEv.exe

C:\Windows\System\kMDFDLl.exe

C:\Windows\System\kMDFDLl.exe

C:\Windows\System\ykVtjGG.exe

C:\Windows\System\ykVtjGG.exe

C:\Windows\System\xwwIgnU.exe

C:\Windows\System\xwwIgnU.exe

C:\Windows\System\FVnbMkv.exe

C:\Windows\System\FVnbMkv.exe

C:\Windows\System\rQcyEmW.exe

C:\Windows\System\rQcyEmW.exe

C:\Windows\System\BZJiNXJ.exe

C:\Windows\System\BZJiNXJ.exe

C:\Windows\System\QTdxpPt.exe

C:\Windows\System\QTdxpPt.exe

C:\Windows\System\qaMQXbO.exe

C:\Windows\System\qaMQXbO.exe

C:\Windows\System\rwrFNav.exe

C:\Windows\System\rwrFNav.exe

C:\Windows\System\yfRIBxM.exe

C:\Windows\System\yfRIBxM.exe

C:\Windows\System\tUKNmHS.exe

C:\Windows\System\tUKNmHS.exe

C:\Windows\System\XEawgQg.exe

C:\Windows\System\XEawgQg.exe

C:\Windows\System\VyKiUUu.exe

C:\Windows\System\VyKiUUu.exe

C:\Windows\System\LujJEqT.exe

C:\Windows\System\LujJEqT.exe

C:\Windows\System\rtaionY.exe

C:\Windows\System\rtaionY.exe

C:\Windows\System\Hffonwc.exe

C:\Windows\System\Hffonwc.exe

C:\Windows\System\bbpFoEP.exe

C:\Windows\System\bbpFoEP.exe

C:\Windows\System\qrWKtYb.exe

C:\Windows\System\qrWKtYb.exe

C:\Windows\System\blsmcNi.exe

C:\Windows\System\blsmcNi.exe

C:\Windows\System\ZhqqPMI.exe

C:\Windows\System\ZhqqPMI.exe

C:\Windows\System\gZYQamA.exe

C:\Windows\System\gZYQamA.exe

C:\Windows\System\JaGRlRN.exe

C:\Windows\System\JaGRlRN.exe

C:\Windows\System\sUrPFRw.exe

C:\Windows\System\sUrPFRw.exe

C:\Windows\System\spCKRin.exe

C:\Windows\System\spCKRin.exe

C:\Windows\System\ZnnjwLL.exe

C:\Windows\System\ZnnjwLL.exe

C:\Windows\System\wwHwNDA.exe

C:\Windows\System\wwHwNDA.exe

C:\Windows\System\bSstqAj.exe

C:\Windows\System\bSstqAj.exe

C:\Windows\System\FqfKqbA.exe

C:\Windows\System\FqfKqbA.exe

C:\Windows\System\uiYuJyr.exe

C:\Windows\System\uiYuJyr.exe

C:\Windows\System\eqPlDBx.exe

C:\Windows\System\eqPlDBx.exe

C:\Windows\System\NSJZcUO.exe

C:\Windows\System\NSJZcUO.exe

C:\Windows\System\vUkeuza.exe

C:\Windows\System\vUkeuza.exe

C:\Windows\System\vckdayP.exe

C:\Windows\System\vckdayP.exe

C:\Windows\System\ghbZlYc.exe

C:\Windows\System\ghbZlYc.exe

C:\Windows\System\VLGBvtl.exe

C:\Windows\System\VLGBvtl.exe

C:\Windows\System\RjyOgzu.exe

C:\Windows\System\RjyOgzu.exe

C:\Windows\System\bHQYlBY.exe

C:\Windows\System\bHQYlBY.exe

C:\Windows\System\GzoZLMT.exe

C:\Windows\System\GzoZLMT.exe

C:\Windows\System\rWNvuIc.exe

C:\Windows\System\rWNvuIc.exe

C:\Windows\System\vTTbCuE.exe

C:\Windows\System\vTTbCuE.exe

C:\Windows\System\nlkMFNv.exe

C:\Windows\System\nlkMFNv.exe

C:\Windows\System\smzHreQ.exe

C:\Windows\System\smzHreQ.exe

C:\Windows\System\LeDJsBU.exe

C:\Windows\System\LeDJsBU.exe

C:\Windows\System\SotTzuP.exe

C:\Windows\System\SotTzuP.exe

C:\Windows\System\hjBXMMb.exe

C:\Windows\System\hjBXMMb.exe

C:\Windows\System\OxNNILY.exe

C:\Windows\System\OxNNILY.exe

C:\Windows\System\FjYrjlV.exe

C:\Windows\System\FjYrjlV.exe

C:\Windows\System\ZiVlURf.exe

C:\Windows\System\ZiVlURf.exe

C:\Windows\System\BhfKkQR.exe

C:\Windows\System\BhfKkQR.exe

C:\Windows\System\HVHtPkt.exe

C:\Windows\System\HVHtPkt.exe

C:\Windows\System\BdIiDJp.exe

C:\Windows\System\BdIiDJp.exe

C:\Windows\System\ZJIeyWT.exe

C:\Windows\System\ZJIeyWT.exe

C:\Windows\System\zrTbwQv.exe

C:\Windows\System\zrTbwQv.exe

C:\Windows\System\jUeYnjY.exe

C:\Windows\System\jUeYnjY.exe

C:\Windows\System\kokUyor.exe

C:\Windows\System\kokUyor.exe

C:\Windows\System\bNFaciB.exe

C:\Windows\System\bNFaciB.exe

C:\Windows\System\aRIooMO.exe

C:\Windows\System\aRIooMO.exe

C:\Windows\System\yEnizva.exe

C:\Windows\System\yEnizva.exe

C:\Windows\System\zgQjhjl.exe

C:\Windows\System\zgQjhjl.exe

C:\Windows\System\DTPHZEA.exe

C:\Windows\System\DTPHZEA.exe

C:\Windows\System\icUHCJA.exe

C:\Windows\System\icUHCJA.exe

C:\Windows\System\aoRgyiz.exe

C:\Windows\System\aoRgyiz.exe

C:\Windows\System\wFPLDVm.exe

C:\Windows\System\wFPLDVm.exe

C:\Windows\System\ATGyBWE.exe

C:\Windows\System\ATGyBWE.exe

C:\Windows\System\wcDcNyw.exe

C:\Windows\System\wcDcNyw.exe

C:\Windows\System\pEQDtiT.exe

C:\Windows\System\pEQDtiT.exe

C:\Windows\System\DmCCUGN.exe

C:\Windows\System\DmCCUGN.exe

C:\Windows\System\ykbLEqj.exe

C:\Windows\System\ykbLEqj.exe

C:\Windows\System\CRApaoj.exe

C:\Windows\System\CRApaoj.exe

C:\Windows\System\aSdpqcU.exe

C:\Windows\System\aSdpqcU.exe

C:\Windows\System\EdEfFfC.exe

C:\Windows\System\EdEfFfC.exe

C:\Windows\System\ApQjSgk.exe

C:\Windows\System\ApQjSgk.exe

C:\Windows\System\umOAUli.exe

C:\Windows\System\umOAUli.exe

C:\Windows\System\EEiFRYq.exe

C:\Windows\System\EEiFRYq.exe

C:\Windows\System\ajdorVw.exe

C:\Windows\System\ajdorVw.exe

C:\Windows\System\RdJcVBX.exe

C:\Windows\System\RdJcVBX.exe

C:\Windows\System\yTiYEaO.exe

C:\Windows\System\yTiYEaO.exe

C:\Windows\System\hfJftRr.exe

C:\Windows\System\hfJftRr.exe

C:\Windows\System\oCfyYgo.exe

C:\Windows\System\oCfyYgo.exe

C:\Windows\System\EogFedw.exe

C:\Windows\System\EogFedw.exe

C:\Windows\System\mThEdVO.exe

C:\Windows\System\mThEdVO.exe

C:\Windows\System\AJuzLmN.exe

C:\Windows\System\AJuzLmN.exe

C:\Windows\System\KUcwRCx.exe

C:\Windows\System\KUcwRCx.exe

C:\Windows\System\pRybcmW.exe

C:\Windows\System\pRybcmW.exe

C:\Windows\System\HyUrNdw.exe

C:\Windows\System\HyUrNdw.exe

C:\Windows\System\qRAuPLi.exe

C:\Windows\System\qRAuPLi.exe

C:\Windows\System\EBtPyuj.exe

C:\Windows\System\EBtPyuj.exe

C:\Windows\System\CUDWTOX.exe

C:\Windows\System\CUDWTOX.exe

C:\Windows\System\UOHYQSP.exe

C:\Windows\System\UOHYQSP.exe

C:\Windows\System\uFmdSdw.exe

C:\Windows\System\uFmdSdw.exe

C:\Windows\System\ykoPCPa.exe

C:\Windows\System\ykoPCPa.exe

C:\Windows\System\SriHvSE.exe

C:\Windows\System\SriHvSE.exe

C:\Windows\System\YjPymEF.exe

C:\Windows\System\YjPymEF.exe

C:\Windows\System\OqvbVRZ.exe

C:\Windows\System\OqvbVRZ.exe

C:\Windows\System\mFIywtz.exe

C:\Windows\System\mFIywtz.exe

C:\Windows\System\roXjiJr.exe

C:\Windows\System\roXjiJr.exe

C:\Windows\System\rCNOprw.exe

C:\Windows\System\rCNOprw.exe

C:\Windows\System\zsJjIVh.exe

C:\Windows\System\zsJjIVh.exe

C:\Windows\System\xTttvOU.exe

C:\Windows\System\xTttvOU.exe

C:\Windows\System\DOizSyH.exe

C:\Windows\System\DOizSyH.exe

C:\Windows\System\YloUzwM.exe

C:\Windows\System\YloUzwM.exe

C:\Windows\System\qmyWoIN.exe

C:\Windows\System\qmyWoIN.exe

C:\Windows\System\yHqrikg.exe

C:\Windows\System\yHqrikg.exe

C:\Windows\System\KrwUfNr.exe

C:\Windows\System\KrwUfNr.exe

C:\Windows\System\gEPlnkS.exe

C:\Windows\System\gEPlnkS.exe

C:\Windows\System\IdJNKwx.exe

C:\Windows\System\IdJNKwx.exe

C:\Windows\System\whZDyLO.exe

C:\Windows\System\whZDyLO.exe

C:\Windows\System\bPJaEuJ.exe

C:\Windows\System\bPJaEuJ.exe

C:\Windows\System\LuldciO.exe

C:\Windows\System\LuldciO.exe

C:\Windows\System\VnrPmHl.exe

C:\Windows\System\VnrPmHl.exe

C:\Windows\System\AQVrBXd.exe

C:\Windows\System\AQVrBXd.exe

C:\Windows\System\rmRSpWy.exe

C:\Windows\System\rmRSpWy.exe

C:\Windows\System\HXjghQH.exe

C:\Windows\System\HXjghQH.exe

C:\Windows\System\ZiiqHGi.exe

C:\Windows\System\ZiiqHGi.exe

C:\Windows\System\xdEhzoa.exe

C:\Windows\System\xdEhzoa.exe

C:\Windows\System\HhAsNMt.exe

C:\Windows\System\HhAsNMt.exe

C:\Windows\System\ERkXOBx.exe

C:\Windows\System\ERkXOBx.exe

C:\Windows\System\YhyXNgQ.exe

C:\Windows\System\YhyXNgQ.exe

C:\Windows\System\ffLDrkp.exe

C:\Windows\System\ffLDrkp.exe

C:\Windows\System\TJLHKjW.exe

C:\Windows\System\TJLHKjW.exe

C:\Windows\System\CZfSxff.exe

C:\Windows\System\CZfSxff.exe

C:\Windows\System\DOTALeB.exe

C:\Windows\System\DOTALeB.exe

C:\Windows\System\HWLwrCw.exe

C:\Windows\System\HWLwrCw.exe

C:\Windows\System\LyraqKX.exe

C:\Windows\System\LyraqKX.exe

C:\Windows\System\xIWSpSz.exe

C:\Windows\System\xIWSpSz.exe

C:\Windows\System\zYyxrjr.exe

C:\Windows\System\zYyxrjr.exe

C:\Windows\System\astghXA.exe

C:\Windows\System\astghXA.exe

C:\Windows\System\AenaNgd.exe

C:\Windows\System\AenaNgd.exe

C:\Windows\System\DrKUHes.exe

C:\Windows\System\DrKUHes.exe

C:\Windows\System\odBhWHD.exe

C:\Windows\System\odBhWHD.exe

C:\Windows\System\pnGjzmO.exe

C:\Windows\System\pnGjzmO.exe

C:\Windows\System\AbqZeOJ.exe

C:\Windows\System\AbqZeOJ.exe

C:\Windows\System\FsYbrBN.exe

C:\Windows\System\FsYbrBN.exe

C:\Windows\System\GmFBDnA.exe

C:\Windows\System\GmFBDnA.exe

C:\Windows\System\aQHiOKd.exe

C:\Windows\System\aQHiOKd.exe

C:\Windows\System\iCiKmeB.exe

C:\Windows\System\iCiKmeB.exe

C:\Windows\System\wJoJEyO.exe

C:\Windows\System\wJoJEyO.exe

C:\Windows\System\bkcoPkY.exe

C:\Windows\System\bkcoPkY.exe

C:\Windows\System\qpymbaO.exe

C:\Windows\System\qpymbaO.exe

C:\Windows\System\lOfxHzQ.exe

C:\Windows\System\lOfxHzQ.exe

C:\Windows\System\QGttmBx.exe

C:\Windows\System\QGttmBx.exe

C:\Windows\System\yoPytSC.exe

C:\Windows\System\yoPytSC.exe

C:\Windows\System\sURuwLd.exe

C:\Windows\System\sURuwLd.exe

C:\Windows\System\NbgfVJj.exe

C:\Windows\System\NbgfVJj.exe

C:\Windows\System\LPTZCYG.exe

C:\Windows\System\LPTZCYG.exe

C:\Windows\System\WqvwjTm.exe

C:\Windows\System\WqvwjTm.exe

C:\Windows\System\EEVNlUH.exe

C:\Windows\System\EEVNlUH.exe

C:\Windows\System\HGzGlRt.exe

C:\Windows\System\HGzGlRt.exe

C:\Windows\System\qUDYmhM.exe

C:\Windows\System\qUDYmhM.exe

C:\Windows\System\DwGQNyR.exe

C:\Windows\System\DwGQNyR.exe

C:\Windows\System\iJSJEht.exe

C:\Windows\System\iJSJEht.exe

C:\Windows\System\ohuMhdu.exe

C:\Windows\System\ohuMhdu.exe

C:\Windows\System\iKOaYyd.exe

C:\Windows\System\iKOaYyd.exe

C:\Windows\System\JQKMtrw.exe

C:\Windows\System\JQKMtrw.exe

C:\Windows\System\qtZIaFl.exe

C:\Windows\System\qtZIaFl.exe

C:\Windows\System\iEUgHwd.exe

C:\Windows\System\iEUgHwd.exe

C:\Windows\System\frocCRI.exe

C:\Windows\System\frocCRI.exe

C:\Windows\System\gToFcYn.exe

C:\Windows\System\gToFcYn.exe

C:\Windows\System\lASwZTO.exe

C:\Windows\System\lASwZTO.exe

C:\Windows\System\wembgeb.exe

C:\Windows\System\wembgeb.exe

C:\Windows\System\NYdxMXP.exe

C:\Windows\System\NYdxMXP.exe

C:\Windows\System\zJIAXRk.exe

C:\Windows\System\zJIAXRk.exe

C:\Windows\System\KdpHRIC.exe

C:\Windows\System\KdpHRIC.exe

C:\Windows\System\jGNRmPi.exe

C:\Windows\System\jGNRmPi.exe

C:\Windows\System\VGxUboP.exe

C:\Windows\System\VGxUboP.exe

C:\Windows\System\dooleyA.exe

C:\Windows\System\dooleyA.exe

C:\Windows\System\nXTJDdW.exe

C:\Windows\System\nXTJDdW.exe

C:\Windows\System\TKORXlu.exe

C:\Windows\System\TKORXlu.exe

C:\Windows\System\PeVuhiL.exe

C:\Windows\System\PeVuhiL.exe

C:\Windows\System\VtQWUFp.exe

C:\Windows\System\VtQWUFp.exe

C:\Windows\System\JGYdHYc.exe

C:\Windows\System\JGYdHYc.exe

C:\Windows\System\behuKkx.exe

C:\Windows\System\behuKkx.exe

C:\Windows\System\tgeqANp.exe

C:\Windows\System\tgeqANp.exe

C:\Windows\System\DUonylA.exe

C:\Windows\System\DUonylA.exe

C:\Windows\System\BSSQULU.exe

C:\Windows\System\BSSQULU.exe

C:\Windows\System\ksMDpDW.exe

C:\Windows\System\ksMDpDW.exe

C:\Windows\System\clgXkrP.exe

C:\Windows\System\clgXkrP.exe

C:\Windows\System\IZiRNzv.exe

C:\Windows\System\IZiRNzv.exe

C:\Windows\System\iqGEiwe.exe

C:\Windows\System\iqGEiwe.exe

C:\Windows\System\GONkUAi.exe

C:\Windows\System\GONkUAi.exe

C:\Windows\System\VJjKLTe.exe

C:\Windows\System\VJjKLTe.exe

C:\Windows\System\HZdoIjR.exe

C:\Windows\System\HZdoIjR.exe

C:\Windows\System\VpCrtiC.exe

C:\Windows\System\VpCrtiC.exe

C:\Windows\System\wnmAPsD.exe

C:\Windows\System\wnmAPsD.exe

C:\Windows\System\BhDkEFZ.exe

C:\Windows\System\BhDkEFZ.exe

C:\Windows\System\sWUZleD.exe

C:\Windows\System\sWUZleD.exe

C:\Windows\System\rpzRLRe.exe

C:\Windows\System\rpzRLRe.exe

C:\Windows\System\yhLaXqf.exe

C:\Windows\System\yhLaXqf.exe

C:\Windows\System\AvhwCwF.exe

C:\Windows\System\AvhwCwF.exe

C:\Windows\System\nFOAojS.exe

C:\Windows\System\nFOAojS.exe

C:\Windows\System\HLfTgSQ.exe

C:\Windows\System\HLfTgSQ.exe

C:\Windows\System\lzhiNhp.exe

C:\Windows\System\lzhiNhp.exe

C:\Windows\System\YPIBKZa.exe

C:\Windows\System\YPIBKZa.exe

C:\Windows\System\cxjhaQS.exe

C:\Windows\System\cxjhaQS.exe

C:\Windows\System\kObMNtm.exe

C:\Windows\System\kObMNtm.exe

C:\Windows\System\GTZDsUp.exe

C:\Windows\System\GTZDsUp.exe

C:\Windows\System\BerMWjy.exe

C:\Windows\System\BerMWjy.exe

C:\Windows\System\cDkCZYa.exe

C:\Windows\System\cDkCZYa.exe

C:\Windows\System\iaGHPiS.exe

C:\Windows\System\iaGHPiS.exe

C:\Windows\System\BeNkCji.exe

C:\Windows\System\BeNkCji.exe

C:\Windows\System\BQDDJBM.exe

C:\Windows\System\BQDDJBM.exe

C:\Windows\System\iNMrpAu.exe

C:\Windows\System\iNMrpAu.exe

C:\Windows\System\AxwEtYg.exe

C:\Windows\System\AxwEtYg.exe

C:\Windows\System\RbNQFcX.exe

C:\Windows\System\RbNQFcX.exe

C:\Windows\System\zOleGPc.exe

C:\Windows\System\zOleGPc.exe

C:\Windows\System\lisWvRy.exe

C:\Windows\System\lisWvRy.exe

C:\Windows\System\SqmkJIJ.exe

C:\Windows\System\SqmkJIJ.exe

C:\Windows\System\bVdTtKm.exe

C:\Windows\System\bVdTtKm.exe

C:\Windows\System\nXWKRtt.exe

C:\Windows\System\nXWKRtt.exe

C:\Windows\System\JsqLfpa.exe

C:\Windows\System\JsqLfpa.exe

C:\Windows\System\orIJzRe.exe

C:\Windows\System\orIJzRe.exe

C:\Windows\System\AqKynGK.exe

C:\Windows\System\AqKynGK.exe

C:\Windows\System\mdrpydz.exe

C:\Windows\System\mdrpydz.exe

C:\Windows\System\OeTUFkN.exe

C:\Windows\System\OeTUFkN.exe

C:\Windows\System\AWaXHiE.exe

C:\Windows\System\AWaXHiE.exe

C:\Windows\System\LgLiFVJ.exe

C:\Windows\System\LgLiFVJ.exe

C:\Windows\System\eqdpNgU.exe

C:\Windows\System\eqdpNgU.exe

C:\Windows\System\EVEDzpc.exe

C:\Windows\System\EVEDzpc.exe

C:\Windows\System\vzkMUkU.exe

C:\Windows\System\vzkMUkU.exe

C:\Windows\System\EVdzxnk.exe

C:\Windows\System\EVdzxnk.exe

C:\Windows\System\nYCRsXJ.exe

C:\Windows\System\nYCRsXJ.exe

C:\Windows\System\NnIgAhC.exe

C:\Windows\System\NnIgAhC.exe

C:\Windows\System\biALeUb.exe

C:\Windows\System\biALeUb.exe

C:\Windows\System\NmECMsb.exe

C:\Windows\System\NmECMsb.exe

C:\Windows\System\OueUnlk.exe

C:\Windows\System\OueUnlk.exe

C:\Windows\System\fvVoYqo.exe

C:\Windows\System\fvVoYqo.exe

C:\Windows\System\sBPteBE.exe

C:\Windows\System\sBPteBE.exe

C:\Windows\System\pxwICuG.exe

C:\Windows\System\pxwICuG.exe

C:\Windows\System\fwZCWEC.exe

C:\Windows\System\fwZCWEC.exe

C:\Windows\System\njpdAyt.exe

C:\Windows\System\njpdAyt.exe

C:\Windows\System\PQcElpZ.exe

C:\Windows\System\PQcElpZ.exe

C:\Windows\System\ciutywJ.exe

C:\Windows\System\ciutywJ.exe

C:\Windows\System\hBTpIqm.exe

C:\Windows\System\hBTpIqm.exe

C:\Windows\System\OkpXxbR.exe

C:\Windows\System\OkpXxbR.exe

C:\Windows\System\DZZivmd.exe

C:\Windows\System\DZZivmd.exe

C:\Windows\System\SNxXUge.exe

C:\Windows\System\SNxXUge.exe

C:\Windows\System\YYFGOzY.exe

C:\Windows\System\YYFGOzY.exe

C:\Windows\System\cJVTtel.exe

C:\Windows\System\cJVTtel.exe

C:\Windows\System\MgHWIpk.exe

C:\Windows\System\MgHWIpk.exe

C:\Windows\System\rhonrTx.exe

C:\Windows\System\rhonrTx.exe

C:\Windows\System\bTQniXE.exe

C:\Windows\System\bTQniXE.exe

C:\Windows\System\XOTgFZI.exe

C:\Windows\System\XOTgFZI.exe

C:\Windows\System\oGqdwbG.exe

C:\Windows\System\oGqdwbG.exe

C:\Windows\System\BucYJLw.exe

C:\Windows\System\BucYJLw.exe

C:\Windows\System\YegBDJf.exe

C:\Windows\System\YegBDJf.exe

C:\Windows\System\WGImbPI.exe

C:\Windows\System\WGImbPI.exe

C:\Windows\System\iwExsqg.exe

C:\Windows\System\iwExsqg.exe

C:\Windows\System\djYnOCc.exe

C:\Windows\System\djYnOCc.exe

C:\Windows\System\vxmUrIO.exe

C:\Windows\System\vxmUrIO.exe

C:\Windows\System\NVCZCSM.exe

C:\Windows\System\NVCZCSM.exe

C:\Windows\System\YXMlKTh.exe

C:\Windows\System\YXMlKTh.exe

C:\Windows\System\blGvUZB.exe

C:\Windows\System\blGvUZB.exe

C:\Windows\System\ITKxhmi.exe

C:\Windows\System\ITKxhmi.exe

C:\Windows\System\BJakKlK.exe

C:\Windows\System\BJakKlK.exe

C:\Windows\System\uSZDTQV.exe

C:\Windows\System\uSZDTQV.exe

C:\Windows\System\bWyMTXZ.exe

C:\Windows\System\bWyMTXZ.exe

C:\Windows\System\gMyfimq.exe

C:\Windows\System\gMyfimq.exe

C:\Windows\System\ZDfhYAy.exe

C:\Windows\System\ZDfhYAy.exe

C:\Windows\System\gjazVhq.exe

C:\Windows\System\gjazVhq.exe

C:\Windows\System\RGsDuQO.exe

C:\Windows\System\RGsDuQO.exe

C:\Windows\System\FtzUJZn.exe

C:\Windows\System\FtzUJZn.exe

C:\Windows\System\JYDAMwN.exe

C:\Windows\System\JYDAMwN.exe

C:\Windows\System\ZlIkdVk.exe

C:\Windows\System\ZlIkdVk.exe

C:\Windows\System\gLiVwtj.exe

C:\Windows\System\gLiVwtj.exe

C:\Windows\System\gXEauCA.exe

C:\Windows\System\gXEauCA.exe

C:\Windows\System\ylaRIQQ.exe

C:\Windows\System\ylaRIQQ.exe

C:\Windows\System\KrIsCyZ.exe

C:\Windows\System\KrIsCyZ.exe

C:\Windows\System\jduPYrb.exe

C:\Windows\System\jduPYrb.exe

C:\Windows\System\OlSOKWm.exe

C:\Windows\System\OlSOKWm.exe

C:\Windows\System\PDgjBLz.exe

C:\Windows\System\PDgjBLz.exe

C:\Windows\System\PUWPnTZ.exe

C:\Windows\System\PUWPnTZ.exe

C:\Windows\System\WUkmdLd.exe

C:\Windows\System\WUkmdLd.exe

C:\Windows\System\ajEEsFx.exe

C:\Windows\System\ajEEsFx.exe

C:\Windows\System\ZcmeBvr.exe

C:\Windows\System\ZcmeBvr.exe

C:\Windows\System\PHQoMbT.exe

C:\Windows\System\PHQoMbT.exe

C:\Windows\System\UfSzyqt.exe

C:\Windows\System\UfSzyqt.exe

C:\Windows\System\OYYtFMy.exe

C:\Windows\System\OYYtFMy.exe

C:\Windows\System\fFoogEj.exe

C:\Windows\System\fFoogEj.exe

C:\Windows\System\QnrnSRR.exe

C:\Windows\System\QnrnSRR.exe

C:\Windows\System\ypVbvYQ.exe

C:\Windows\System\ypVbvYQ.exe

C:\Windows\System\FykGSBJ.exe

C:\Windows\System\FykGSBJ.exe

C:\Windows\System\cBLsDfI.exe

C:\Windows\System\cBLsDfI.exe

C:\Windows\System\QgovULG.exe

C:\Windows\System\QgovULG.exe

C:\Windows\System\cTGXLdV.exe

C:\Windows\System\cTGXLdV.exe

C:\Windows\System\TwiudcP.exe

C:\Windows\System\TwiudcP.exe

C:\Windows\System\hwwgITv.exe

C:\Windows\System\hwwgITv.exe

C:\Windows\System\QhNrQTB.exe

C:\Windows\System\QhNrQTB.exe

C:\Windows\System\aQrgPmP.exe

C:\Windows\System\aQrgPmP.exe

C:\Windows\System\RUBFrlT.exe

C:\Windows\System\RUBFrlT.exe

C:\Windows\System\ggIwvXj.exe

C:\Windows\System\ggIwvXj.exe

C:\Windows\System\afPiGze.exe

C:\Windows\System\afPiGze.exe

C:\Windows\System\yNyUzXQ.exe

C:\Windows\System\yNyUzXQ.exe

C:\Windows\System\WVuQzQV.exe

C:\Windows\System\WVuQzQV.exe

C:\Windows\System\nuGFsNT.exe

C:\Windows\System\nuGFsNT.exe

C:\Windows\System\SVAQLre.exe

C:\Windows\System\SVAQLre.exe

C:\Windows\System\ZFMTzMg.exe

C:\Windows\System\ZFMTzMg.exe

C:\Windows\System\eAZgDcm.exe

C:\Windows\System\eAZgDcm.exe

C:\Windows\System\lBUaQZs.exe

C:\Windows\System\lBUaQZs.exe

C:\Windows\System\deQyBQu.exe

C:\Windows\System\deQyBQu.exe

C:\Windows\System\nxEBYqZ.exe

C:\Windows\System\nxEBYqZ.exe

C:\Windows\System\IqNpqyu.exe

C:\Windows\System\IqNpqyu.exe

C:\Windows\System\PbypWwg.exe

C:\Windows\System\PbypWwg.exe

C:\Windows\System\mmjmIOx.exe

C:\Windows\System\mmjmIOx.exe

C:\Windows\System\avtpIQX.exe

C:\Windows\System\avtpIQX.exe

C:\Windows\System\pZsIair.exe

C:\Windows\System\pZsIair.exe

C:\Windows\System\HOumEHg.exe

C:\Windows\System\HOumEHg.exe

C:\Windows\System\SvrSUDS.exe

C:\Windows\System\SvrSUDS.exe

C:\Windows\System\NbwKOkD.exe

C:\Windows\System\NbwKOkD.exe

C:\Windows\System\iuCWFDz.exe

C:\Windows\System\iuCWFDz.exe

C:\Windows\System\yXHtgGZ.exe

C:\Windows\System\yXHtgGZ.exe

C:\Windows\System\lHurDoz.exe

C:\Windows\System\lHurDoz.exe

C:\Windows\System\PdLWYIA.exe

C:\Windows\System\PdLWYIA.exe

C:\Windows\System\jNwdOOr.exe

C:\Windows\System\jNwdOOr.exe

C:\Windows\System\cBucOuu.exe

C:\Windows\System\cBucOuu.exe

C:\Windows\System\SfPrMGi.exe

C:\Windows\System\SfPrMGi.exe

C:\Windows\System\LMBGLuo.exe

C:\Windows\System\LMBGLuo.exe

C:\Windows\System\JOtdEjL.exe

C:\Windows\System\JOtdEjL.exe

C:\Windows\System\auZtpxQ.exe

C:\Windows\System\auZtpxQ.exe

C:\Windows\System\ItiPkMA.exe

C:\Windows\System\ItiPkMA.exe

C:\Windows\System\xjweDdV.exe

C:\Windows\System\xjweDdV.exe

C:\Windows\System\bIwCvNj.exe

C:\Windows\System\bIwCvNj.exe

C:\Windows\System\mPhoppl.exe

C:\Windows\System\mPhoppl.exe

C:\Windows\System\oTHmAgh.exe

C:\Windows\System\oTHmAgh.exe

C:\Windows\System\IyawNKZ.exe

C:\Windows\System\IyawNKZ.exe

C:\Windows\System\GXlvtXT.exe

C:\Windows\System\GXlvtXT.exe

C:\Windows\System\wNyMHNX.exe

C:\Windows\System\wNyMHNX.exe

C:\Windows\System\nQSHgOU.exe

C:\Windows\System\nQSHgOU.exe

C:\Windows\System\IHwmUzL.exe

C:\Windows\System\IHwmUzL.exe

C:\Windows\System\WSazsZh.exe

C:\Windows\System\WSazsZh.exe

C:\Windows\System\STOaPoN.exe

C:\Windows\System\STOaPoN.exe

C:\Windows\System\NQuwFoy.exe

C:\Windows\System\NQuwFoy.exe

C:\Windows\System\cSDwXdl.exe

C:\Windows\System\cSDwXdl.exe

C:\Windows\System\KjBZfpE.exe

C:\Windows\System\KjBZfpE.exe

C:\Windows\System\EJRhQSy.exe

C:\Windows\System\EJRhQSy.exe

C:\Windows\System\GqijJEk.exe

C:\Windows\System\GqijJEk.exe

C:\Windows\System\duoVvgI.exe

C:\Windows\System\duoVvgI.exe

C:\Windows\System\cApwXur.exe

C:\Windows\System\cApwXur.exe

C:\Windows\System\xjsHhJu.exe

C:\Windows\System\xjsHhJu.exe

C:\Windows\System\MquPYwl.exe

C:\Windows\System\MquPYwl.exe

C:\Windows\System\aYlNtAh.exe

C:\Windows\System\aYlNtAh.exe

C:\Windows\System\IVXwDtk.exe

C:\Windows\System\IVXwDtk.exe

C:\Windows\System\fUVKJGf.exe

C:\Windows\System\fUVKJGf.exe

C:\Windows\System\GIqcVbL.exe

C:\Windows\System\GIqcVbL.exe

C:\Windows\System\qEVjtgy.exe

C:\Windows\System\qEVjtgy.exe

C:\Windows\System\OyaPkDE.exe

C:\Windows\System\OyaPkDE.exe

C:\Windows\System\decJPxH.exe

C:\Windows\System\decJPxH.exe

C:\Windows\System\mjOCPir.exe

C:\Windows\System\mjOCPir.exe

C:\Windows\System\Eofkxkb.exe

C:\Windows\System\Eofkxkb.exe

C:\Windows\System\UFUdlCg.exe

C:\Windows\System\UFUdlCg.exe

C:\Windows\System\nwLmVkZ.exe

C:\Windows\System\nwLmVkZ.exe

C:\Windows\System\bhCUmLA.exe

C:\Windows\System\bhCUmLA.exe

C:\Windows\System\dwUlRsS.exe

C:\Windows\System\dwUlRsS.exe

C:\Windows\System\zepXAbL.exe

C:\Windows\System\zepXAbL.exe

C:\Windows\System\mLRSVUy.exe

C:\Windows\System\mLRSVUy.exe

C:\Windows\System\kXBWIRf.exe

C:\Windows\System\kXBWIRf.exe

C:\Windows\System\eZIWges.exe

C:\Windows\System\eZIWges.exe

C:\Windows\System\BzUZLcj.exe

C:\Windows\System\BzUZLcj.exe

C:\Windows\System\atnLHdP.exe

C:\Windows\System\atnLHdP.exe

C:\Windows\System\jOEhump.exe

C:\Windows\System\jOEhump.exe

C:\Windows\System\YVjFrIC.exe

C:\Windows\System\YVjFrIC.exe

C:\Windows\System\tjKNjEc.exe

C:\Windows\System\tjKNjEc.exe

C:\Windows\System\TgsBCIj.exe

C:\Windows\System\TgsBCIj.exe

C:\Windows\System\YpEGumP.exe

C:\Windows\System\YpEGumP.exe

C:\Windows\System\bMjMTGO.exe

C:\Windows\System\bMjMTGO.exe

C:\Windows\System\UqHYNZE.exe

C:\Windows\System\UqHYNZE.exe

C:\Windows\System\ZRmUTYM.exe

C:\Windows\System\ZRmUTYM.exe

C:\Windows\System\DIrqoIU.exe

C:\Windows\System\DIrqoIU.exe

C:\Windows\System\BQArrde.exe

C:\Windows\System\BQArrde.exe

C:\Windows\System\WrvexCQ.exe

C:\Windows\System\WrvexCQ.exe

C:\Windows\System\UfzwyBb.exe

C:\Windows\System\UfzwyBb.exe

C:\Windows\System\lPmyfvZ.exe

C:\Windows\System\lPmyfvZ.exe

C:\Windows\System\JQjYTeE.exe

C:\Windows\System\JQjYTeE.exe

C:\Windows\System\OluDOVn.exe

C:\Windows\System\OluDOVn.exe

C:\Windows\System\asiNIjY.exe

C:\Windows\System\asiNIjY.exe

C:\Windows\System\rmcazRE.exe

C:\Windows\System\rmcazRE.exe

C:\Windows\System\FyjjhWc.exe

C:\Windows\System\FyjjhWc.exe

C:\Windows\System\utafLVf.exe

C:\Windows\System\utafLVf.exe

C:\Windows\System\PwQHhPP.exe

C:\Windows\System\PwQHhPP.exe

C:\Windows\System\clopNJQ.exe

C:\Windows\System\clopNJQ.exe

C:\Windows\System\uUMViUt.exe

C:\Windows\System\uUMViUt.exe

C:\Windows\System\OCWcEZU.exe

C:\Windows\System\OCWcEZU.exe

C:\Windows\System\GbATYDT.exe

C:\Windows\System\GbATYDT.exe

C:\Windows\System\sUzhgKd.exe

C:\Windows\System\sUzhgKd.exe

C:\Windows\System\PmHLaXI.exe

C:\Windows\System\PmHLaXI.exe

C:\Windows\System\tEhLMrq.exe

C:\Windows\System\tEhLMrq.exe

C:\Windows\System\cVoKMWP.exe

C:\Windows\System\cVoKMWP.exe

C:\Windows\System\tQRbiAU.exe

C:\Windows\System\tQRbiAU.exe

C:\Windows\System\VSUmNKO.exe

C:\Windows\System\VSUmNKO.exe

C:\Windows\System\ACUNBRr.exe

C:\Windows\System\ACUNBRr.exe

C:\Windows\System\DaEETpW.exe

C:\Windows\System\DaEETpW.exe

C:\Windows\System\MXcnjNW.exe

C:\Windows\System\MXcnjNW.exe

C:\Windows\System\wdMtvwH.exe

C:\Windows\System\wdMtvwH.exe

C:\Windows\System\iRDkmiU.exe

C:\Windows\System\iRDkmiU.exe

C:\Windows\System\zvPKwEq.exe

C:\Windows\System\zvPKwEq.exe

C:\Windows\System\YGhPvSW.exe

C:\Windows\System\YGhPvSW.exe

C:\Windows\System\TAzOrAR.exe

C:\Windows\System\TAzOrAR.exe

C:\Windows\System\qSyXMsS.exe

C:\Windows\System\qSyXMsS.exe

C:\Windows\System\zXdxbYj.exe

C:\Windows\System\zXdxbYj.exe

C:\Windows\System\coecIYU.exe

C:\Windows\System\coecIYU.exe

C:\Windows\System\VeqKUle.exe

C:\Windows\System\VeqKUle.exe

C:\Windows\System\gMDFcOe.exe

C:\Windows\System\gMDFcOe.exe

C:\Windows\System\qvjEczy.exe

C:\Windows\System\qvjEczy.exe

C:\Windows\System\RHqcmqW.exe

C:\Windows\System\RHqcmqW.exe

C:\Windows\System\PEoUVwf.exe

C:\Windows\System\PEoUVwf.exe

C:\Windows\System\pFYufJm.exe

C:\Windows\System\pFYufJm.exe

C:\Windows\System\qzxwOOo.exe

C:\Windows\System\qzxwOOo.exe

C:\Windows\System\TVKKeCX.exe

C:\Windows\System\TVKKeCX.exe

C:\Windows\System\XaKqkEM.exe

C:\Windows\System\XaKqkEM.exe

C:\Windows\System\qKwqXIk.exe

C:\Windows\System\qKwqXIk.exe

C:\Windows\System\uSepkXd.exe

C:\Windows\System\uSepkXd.exe

C:\Windows\System\gQenpxs.exe

C:\Windows\System\gQenpxs.exe

C:\Windows\System\amciAWv.exe

C:\Windows\System\amciAWv.exe

C:\Windows\System\SJbwHEl.exe

C:\Windows\System\SJbwHEl.exe

C:\Windows\System\oZOdGou.exe

C:\Windows\System\oZOdGou.exe

C:\Windows\System\tYbbiSa.exe

C:\Windows\System\tYbbiSa.exe

C:\Windows\System\cquemqp.exe

C:\Windows\System\cquemqp.exe

C:\Windows\System\YVcuavE.exe

C:\Windows\System\YVcuavE.exe

C:\Windows\System\cQjgaBQ.exe

C:\Windows\System\cQjgaBQ.exe

C:\Windows\System\oKMVtmE.exe

C:\Windows\System\oKMVtmE.exe

C:\Windows\System\FxmIybx.exe

C:\Windows\System\FxmIybx.exe

C:\Windows\System\VgZRuEN.exe

C:\Windows\System\VgZRuEN.exe

C:\Windows\System\vsvisgZ.exe

C:\Windows\System\vsvisgZ.exe

C:\Windows\System\vTPEugW.exe

C:\Windows\System\vTPEugW.exe

C:\Windows\System\iQQGxsr.exe

C:\Windows\System\iQQGxsr.exe

C:\Windows\System\KinXciY.exe

C:\Windows\System\KinXciY.exe

C:\Windows\System\nNyGGeG.exe

C:\Windows\System\nNyGGeG.exe

C:\Windows\System\wXPgpwH.exe

C:\Windows\System\wXPgpwH.exe

C:\Windows\System\SgRgcNN.exe

C:\Windows\System\SgRgcNN.exe

C:\Windows\System\NlTVjIe.exe

C:\Windows\System\NlTVjIe.exe

C:\Windows\System\OXScYvd.exe

C:\Windows\System\OXScYvd.exe

C:\Windows\System\iGDQWZZ.exe

C:\Windows\System\iGDQWZZ.exe

C:\Windows\System\JvBhBvQ.exe

C:\Windows\System\JvBhBvQ.exe

C:\Windows\System\BujBupm.exe

C:\Windows\System\BujBupm.exe

C:\Windows\System\pHlkbPj.exe

C:\Windows\System\pHlkbPj.exe

C:\Windows\System\pZuFdPI.exe

C:\Windows\System\pZuFdPI.exe

C:\Windows\System\zhdQxDH.exe

C:\Windows\System\zhdQxDH.exe

C:\Windows\System\KRYOpbb.exe

C:\Windows\System\KRYOpbb.exe

C:\Windows\System\UlELGSY.exe

C:\Windows\System\UlELGSY.exe

C:\Windows\System\nhVDozL.exe

C:\Windows\System\nhVDozL.exe

C:\Windows\System\YYaMAgw.exe

C:\Windows\System\YYaMAgw.exe

C:\Windows\System\zJcLgDE.exe

C:\Windows\System\zJcLgDE.exe

C:\Windows\System\WcTcmPX.exe

C:\Windows\System\WcTcmPX.exe

C:\Windows\System\LxrjcMJ.exe

C:\Windows\System\LxrjcMJ.exe

C:\Windows\System\vniKJFg.exe

C:\Windows\System\vniKJFg.exe

C:\Windows\System\IFkuonh.exe

C:\Windows\System\IFkuonh.exe

C:\Windows\System\EkvGgzk.exe

C:\Windows\System\EkvGgzk.exe

C:\Windows\System\DQXIymv.exe

C:\Windows\System\DQXIymv.exe

C:\Windows\System\vEFyoiP.exe

C:\Windows\System\vEFyoiP.exe

C:\Windows\System\NdKsKKe.exe

C:\Windows\System\NdKsKKe.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
DE 3.120.98.217:8080 tcp

Files

memory/4928-0-0x00007FF728BF0000-0x00007FF728FE6000-memory.dmp

memory/4928-1-0x0000017D27AE0000-0x0000017D27AF0000-memory.dmp

C:\Windows\System\OcAIqvt.exe

MD5 8a399cd3d17806d4473a8c673e7a8bda
SHA1 966c6eb3e277c89b57698d809aced86aeb56d1e0
SHA256 8434052234627fe7212bbd34d577b58e33c7fcc4f997715240088012288cef49
SHA512 bfd3547ad8a99d07d207aa2652f08e2a7f4cb5bb38841fce74bceb2b4f8ad997af137234035e8a5d2876592cf5cf1c047927e7b0a0a34ea637ea318d1f37d934

C:\Windows\System\mCWJEwi.exe

MD5 6ca34910dc628e47769ea646282ab564
SHA1 0856792f171879b9a734c555878f44d0eb53dbed
SHA256 825d108fcb58e25521adeefed008166433d0dac289de6fe2e84adf1fde6a060e
SHA512 1816061d34d23de8dcf01e715d7ccb71c1b577c5733b17eafa61de1f01eb61497e2aee2e2452f297063e613696ef21937a1417e0370f3367bfd3853144434ee4

memory/4496-11-0x00007FF68F560000-0x00007FF68F956000-memory.dmp

C:\Windows\System\bnbVcIw.exe

MD5 f3d23a13e054648c6812116acffaa73b
SHA1 dd3493b2c827d682a9101c0ba8af86ea736d3e4c
SHA256 180f9d3bc4d5764e370e79e46d4e721d2206667c4796ab7d6b11d21cb60c140e
SHA512 75e395e5e38deb08f4ec15b11aeee05c06c3ed17b2d4a002044082b4acfd8996ebdf6db0d724c225a6e219a92ce13ddce762db07f39023f36bd260280728e061

memory/2728-19-0x00007FFE71AD3000-0x00007FFE71AD5000-memory.dmp

C:\Windows\System\wHGzDyY.exe

MD5 88a26ba5bd792577dc53116dbcbe8a5d
SHA1 15435648c86bd115548c11bfaf74c8ef84c2103a
SHA256 2268fbc5b91e159a1b50fb7c8b7b927d11eaa1b12a755bcbf594969fd1217840
SHA512 ebebf24fc955258a7fc3519ce450b5ad9f839d0e4d29d8bff5ba17d262249670d4cb4d0a4b5985f26823131338a876a221e38e256e074d22955d894477aa0b3f

C:\Windows\System\fdLHwzZ.exe

MD5 5bad1f848334d774f8f15794f6bb405b
SHA1 e6e7fbcec30757bcab8f1d9ae6bdbd1713439d93
SHA256 60ef3acae51046cd2bd2bf0d0a0f8aaf44c0f1af6c5e598765b759a23c112333
SHA512 a12379ea522ca110b76e10c20ba347e40d9c0397400f80130abe408b5c269220a1dd808a2ee27cef5fed26f26b80114154868d22e468c3917edce2d203f5d96f

C:\Windows\System\neTOdUR.exe

MD5 5e1658becaaed3acce0090f8a26e9af0
SHA1 16e2c671448bfc96cc549f3c9d7a44a1f5e22387
SHA256 1a02895ba8f0e4ab871ee2c5fae6b92ec5bd55993c1f0d9abace5b85cb7ef3a0
SHA512 d2fc3ee57189610d8cd5a97c301e3a8d377c01c2174f1c340d45dafb0b61835894ade176231865861b44a0ab954a7913897b2b345ba448248a0d7ceaedad59e0

C:\Windows\System\YgCFzyC.exe

MD5 b81db30c76e064d9e46e00bf15a139af
SHA1 83d83b48e04252e1a5c2d39d7ed77411bf464232
SHA256 267264978c8bc22db35af28f70e27a412737f58f9890823c5e04955ed3885e75
SHA512 c03babbf4fac727e193c656463f33bab9493a677f6859f51905f07f78fca1fa95135ad0a4c1939c3c7fd9526b7b8db6f6b2301a757e7828010e1a84cb52993d4

C:\Windows\System\tGFaTPU.exe

MD5 cdb61ac1eea7297ae8b871a379d7336f
SHA1 1f289d15818ba6ae57888ca039df052bd4029047
SHA256 ef404c3462d677a5d41d17ce790ca12188ff127883582254713b9c8165d2f7ef
SHA512 500322de80ccd20d90ea57c5d7bf08e7b1e4d762bcf32945fe1fd64b41424d4cec4e8a9e8949933d700c265a25548e400127ff5fd809815685121923daa9c03c

memory/4180-61-0x00007FF67DE10000-0x00007FF67E206000-memory.dmp

memory/1968-64-0x00007FF713E10000-0x00007FF714206000-memory.dmp

memory/2296-65-0x00007FF746B90000-0x00007FF746F86000-memory.dmp

memory/1796-67-0x00007FF672410000-0x00007FF672806000-memory.dmp

memory/436-69-0x00007FF6E7000000-0x00007FF6E73F6000-memory.dmp

memory/588-68-0x00007FF70F350000-0x00007FF70F746000-memory.dmp

memory/4572-66-0x00007FF626560000-0x00007FF626956000-memory.dmp

C:\Windows\System\xqhiIHL.exe

MD5 d76aafdabe4a33c8ff0249038f348b09
SHA1 192980921236797401569d79c3cf027126f7a113
SHA256 4ba6fcc720d53667867a2f426853f3837e7318fd1b75e6df468c6c045c02fedd
SHA512 37a64ae875c84ee435f05d80130c1a6c6703017b85ad345ddec222c41a5fb5f02e40f8cef8f193827883777369e0243d0234f82428344bc91f86f518b61375a5

memory/2728-55-0x00007FFE71AD0000-0x00007FFE72591000-memory.dmp

memory/2728-54-0x000001DF3C130000-0x000001DF3C152000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nzasuxg5.tha.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2728-17-0x000001DF3C190000-0x000001DF3C1A0000-memory.dmp

memory/2256-16-0x00007FF76E7E0000-0x00007FF76EBD6000-memory.dmp

C:\Windows\System\hAYTjBZ.exe

MD5 2f80374b61110c1d6ac0de895a04d265
SHA1 96549bb6477640521fcb6d7ffdc9ec7336308c2a
SHA256 b9a7fdc96cbe0c7ec671e626b1c33a0530aca7b30a452c4eaa05a0180a859397
SHA512 04748b1a0ad9fe149a988f1e44d30b0cd3154f385dcd2cd5a6715b1abd67014baac9368b37695fc7e748371b7643178d8423f5697aa232908aa9df2bb191b405

C:\Windows\System\baXDJLx.exe

MD5 560152433f75129d7f37085efc869955
SHA1 17d1da8056eb12418939942e5c76f559f2663d03
SHA256 2053fe9972216d9b900f9280eebbe955f00b89afa244c9d594b7e32461a23f44
SHA512 f374ed1580e5ea92483280bc25167320233fdb074d34aa0ef1b7891954a29623995bc43c0b2881c651c1462015d0745cbbed3ef94bc11c2bfb680228017c00b7

C:\Windows\System\PHXChxP.exe

MD5 f78f318e9b6332e30d7247923e944677
SHA1 3ad51cab34d5f3399d3547069b873bfff8ec6bbc
SHA256 f047b6ead36ac50fe07fc0801e6a9d6edcb6ae75067d4fa7489a32cfd9c5052a
SHA512 613935ddedb4c7bb524add33f0b2472759f258eaccdac47c1b84d1c46c3bf44c4c863f24b31c6ffbca0a1949b2f84c5635c4ec5ee8fafda6bef4d83d0cf388f7

memory/4860-83-0x00007FF781FD0000-0x00007FF7823C6000-memory.dmp

memory/3596-77-0x00007FF67CA20000-0x00007FF67CE16000-memory.dmp

C:\Windows\System\dqOCEeG.exe

MD5 9ce27e360c2d98cf9964737896b620fe
SHA1 feb1f67502b9d76fb1e0eb613a688da0f7c8cbc4
SHA256 0fcab37d19edc239ca822ea0a9a45234da5164a3cd0cf5c1f6a190598695f61e
SHA512 043aa2f01fd45fb87db20c3ab0a6ecd2042bc50d368d06cee3d2dddc59d3f711a9fbd53973a2a616b77400c764c1169cb3dd5895f20657253b5248b5337caf84

memory/3028-90-0x00007FF672870000-0x00007FF672C66000-memory.dmp

C:\Windows\System\WefbJNQ.exe

MD5 5b596bf96b0d8fa11d6eac4718d364e8
SHA1 ab88107598608d4ca44a0e3679ea232ebc367a58
SHA256 fefe67115c51ea39b7cc2d5b7dadfc2103adcc62fbda57fc7e0a98fa8f869c0b
SHA512 8f632d5dcc8d7b21955943b3f81319aa55520671c0df72daa807024aa3b562d01e7f28d7c693942eb799e0aedbd6b10f1480764fa3275b836dd5deb814168da2

C:\Windows\System\FLmqzIi.exe

MD5 25a2e1a99fa9e670821cfb68c92a5365
SHA1 d401f995813b15d9225f6eda3975ab738734a21c
SHA256 9fd3fa2430c0551a5f02472d61e3ab569e1274772064527cb5a588595327f36d
SHA512 59e7a88ed7bf86c2d41c91af4a39b50ce41f6bb71b548ab024ad66104ace57375f0ff2672bf86e7aa3bcc8ddebca91e46bce872236ba498f9cd7ceda66afda84

C:\Windows\System\cqqlUEF.exe

MD5 85bb96c594a9959225815bd841eae109
SHA1 fe25068fd9e140f5f79df3c77370fc20db6de64f
SHA256 b9ae7da51402830eb2580bff95656ed87556861284ae6df3accef9e7e716aa20
SHA512 09027bbd2616feef87acd2eec0abfae8ebc54fee49cdeb16b57a6b788653c7b0fac77af0798cf51136325243474247fe51414386e4ed3ae31126bc9a138d1ac7

C:\Windows\System\uMVMrJJ.exe

MD5 4ebdf67f4a8808522ecd8becebc7d010
SHA1 b0d31ed3bb8982e32f79a2cefdcef565b64c0cb9
SHA256 11d5b708bb414f26b216acec185ab731713e07b09f6360e618465de630b28682
SHA512 113c6179172a04b4ed6686bba39f3883b07b426d600ac20c7d777330fa4da91c0d39630f495a74ab352e76c5d9eb41e5557706ea69b12782bf4d7939fdb7a464

C:\Windows\System\ONVLRwF.exe

MD5 0156cd07406d79c84d824117773e6c04
SHA1 709a477ff59f15e80559f0eb71975662184c4972
SHA256 a641fab978707ffd243503a493f54a554b1c8e066db87b69af637f334b3df89e
SHA512 2c13605cd38c64831340cff8a212614156e80669504ffa796c2a056f3cb93078bc32afbb21b3a88c818413bb08747e98c2b0a50956016da900b4a0be3c1a3503

C:\Windows\System\IcIOOok.exe

MD5 6904dc102c52d1e4fde3ca1b4e8be355
SHA1 f4c32b3e46dc6440f86bd25cb02bde91b688636a
SHA256 b65422139f361bf7e9f40f22cf1b8d140698c876e5a525bde33707a551d2344c
SHA512 b2cd6ab555dfc326c81d2307e22a715ee5d8934b485065808a625da8c7834d9a734bedb980d19d3b27ed7190f6c22d0f6482bf7c4859646e8fe58915771c725b

C:\Windows\System\qFsXMIM.exe

MD5 775d6772de5bf2218d65bf275f43d441
SHA1 ef22428c47dd491768d79d78db7737eff73e5feb
SHA256 eccb69dbb38f0b99896f3ec8b97bf54e74ae5728fb9302c576306f9501abfb39
SHA512 6c38fd5f11cde3e49c3bd032d954ec46f6d76582602e9f28315c8223fa2977e793b2c0e8e19e63d40207b0ed1f9a2d18a020a470c21d9453bc122f9f66630473

C:\Windows\System\gvoHXrB.exe

MD5 fcd065a43cb2494cfc1f1d92818fb9e8
SHA1 6f119d9f30c79e23ae0faae8dc37fb2e00fd0224
SHA256 fcdf43a9841dfad0e37999a289f6ff68a9339b168dadd28d9e64cd911cbc0e11
SHA512 2b420fd87a3a04284b973d3c71c8ff551f315712a465d0cd87c417abf1a589ee00ba3213949a40e5df4c61afc0f8f458eed48958f094c59bd8a95f1aa743c35e

memory/4808-181-0x00007FF7CBCB0000-0x00007FF7CC0A6000-memory.dmp

C:\Windows\System\NOIjzkd.exe

MD5 8a684ffbe9b00d4757f90b89c5d2d8e6
SHA1 ec0d948ea8406840b8c54403a7c9b8fc865db0cb
SHA256 bec6c06d9c7c4a93c35b207a9eaf746a7efc29942ef3337004c778aea8e8a730
SHA512 3eacc072073754bc007ef1a4a09a151d257aa2313a89644ca14e87eda4d359c657c89b63906cb924ef5d3fffab80fa2a4b4ffd4c7a0e7e11169c732dde7174d2

C:\Windows\System\ZbzGmfd.exe

MD5 5beb8155d3d6f81a64f9a4646eb1620a
SHA1 a581dcf5807f7b464d328e1c645de2ee5e6d2b00
SHA256 3043ab233149bdaeb55c65a9721a2e70a72a52f75089759b91abb23adcabb461
SHA512 da4fa9b058935a8aba94996ab354f3ea819e63cc74a3df70c2277a333ca3991040551d71e3be98b2c24108fd62c2ea57b3fbb8cd8bcee34f2484843530844a83

C:\Windows\System\bbEWGSi.exe

MD5 c698cca5a0d7a7b3c35d61a6d0f4bc1c
SHA1 dc89d2f95b3625083b1f7ecab2b4a00a8eda490b
SHA256 092fa1d1c365de02e98a3855e0ced8aa68f98cd022d16a792d39db572e52da46
SHA512 ab087f603e9825bb10f05763f8943e683a4e8f8c5b57849c80d510f72351a30be481e1beac26a5a0b8d30657571fcd5b60aca05085b3c67702d6a2fae27d5471

C:\Windows\System\yqcyFlV.exe

MD5 af516a34d964017d24f1aa59cdf54167
SHA1 d0219b24862c5029b512971871bdd1f6f04abb3b
SHA256 7162d31a9138833a66a4b58f98e171877ce5bb2511e7370d30da9e42a3ce9ea0
SHA512 9794df811a61ffe60afbc4c1b7849841399e6f45a40fe5b1012ed83dcca42ae50797be3c2ba4ad9c4cc46d82bca6522cd80c1eaa0563fae1884d1740dffaf8a3

memory/928-184-0x00007FF6D9800000-0x00007FF6D9BF6000-memory.dmp

memory/2728-183-0x000001DF3C190000-0x000001DF3C1A0000-memory.dmp

memory/3200-182-0x00007FF7E2FA0000-0x00007FF7E3396000-memory.dmp

memory/4420-174-0x00007FF7E54C0000-0x00007FF7E58B6000-memory.dmp

C:\Windows\System\QDcdxAQ.exe

MD5 85ac4d771b19154cdf1462d58f9e7b11
SHA1 ecc3e62eb421f1e2aba5d59692141dcf46d6791e
SHA256 2f51e14cbfdb5348b577075c860be2e7301b13b57353e435283447012760b8b6
SHA512 e40f527dec042f55f214c13cbd9ba1b16d10644702a16744f23fe48ae774d589c7e87668757ad5d42f36ad3ddc90d21159793a92dd38af9f39b9b249f396b19f

memory/3148-161-0x00007FF796030000-0x00007FF796426000-memory.dmp

C:\Windows\System\YiaxNcz.exe

MD5 1d8dcd78b433d86af4ffba8e2f5b4542
SHA1 3834fa1ef5fedc5bdebaeb076feb2352a832ba66
SHA256 2120cc5e333aeb00a2354e8233c18d6ae7bbca0d7c3045ff406ffe80592aa894
SHA512 ddd984b46a60bcd0bfb04dfd83e073854e0f9296b791a25e7e6d4cd0eba148b16170295c6b2f81a22c81cecb9928cf77e0764bac89cd44d7246d3eac094507d7

memory/4788-156-0x00007FF7F0F70000-0x00007FF7F1366000-memory.dmp

memory/2256-155-0x00007FF76E7E0000-0x00007FF76EBD6000-memory.dmp

memory/4928-148-0x00007FF728BF0000-0x00007FF728FE6000-memory.dmp

memory/8-138-0x00007FF7158C0000-0x00007FF715CB6000-memory.dmp

C:\Windows\System\WiFRwsw.exe

MD5 42df7c77861011214fa785465c266a10
SHA1 7a59167056db639655bddce87e6f4f62aad58965
SHA256 a6fbe2bc6937e3d900c04e89f7c166d65728f08a559252a906d9afb83777dca7
SHA512 7c8a5571753273021445631d0c239f5b8194cafea3eeb6444d11853a1cc13471cca3b3c754f7657cc869e25e84cd5f5e5e8ac81f1fd5c5f520b87cbd99def374

memory/4768-130-0x00007FF7ABBF0000-0x00007FF7ABFE6000-memory.dmp

memory/2936-127-0x00007FF77B110000-0x00007FF77B506000-memory.dmp

memory/4028-122-0x00007FF79EA10000-0x00007FF79EE06000-memory.dmp

memory/2252-114-0x00007FF620540000-0x00007FF620936000-memory.dmp

C:\Windows\System\MZYYlOO.exe

MD5 9acf51e8e1a8f4560532f0be101ff0a3
SHA1 d0d28d757395865740d0dd499e560130c414cadf
SHA256 f5763f676de1593e5adc1e14adcb2d517d824e2357270e6027b9f52dbb46915b
SHA512 8aaafc15714cf8942d0a2b5a4434f35eb1c7f120e2e3d1ab647eeb40de9ea6227edbda1021d12292c303204aa3402771ef31529bdc84647e48e16b075ebf0ac0

memory/628-100-0x00007FF6CF190000-0x00007FF6CF586000-memory.dmp

C:\Windows\System\KvnkNyp.exe

MD5 cc871f55eedcfd5404bc6bef03800409
SHA1 844f4abf7f8373fd1d2f5f7d90febea1373a64b9
SHA256 2fe2b17bbd23e155b750fbe06515e71467c1098d455afb1718cc6f3955915ccb
SHA512 4f8f583a52249334fa68a95d4f17244fa971e4188d14c8668cf6a8bf75c2d119e5c6a570ecf4b4073a651c201bb2262b6fa3f0cd6f0f31a37de55e394b3662d2

C:\Windows\System\wJLZuBW.exe

MD5 eebc2d731640da6a18431e61cf40ed4f
SHA1 8e74f3a233401a36ff388469ee4ea1a9564bfdef
SHA256 074fda7cea306029890b60439326ccad130048bac091a630ea8f6009341cc3ec
SHA512 01b5963c3b49f88263894322c064488f50927134bd3157d962f76b4f8930526289783737e7a914cf62d16f59cb1cd0e867fdd22297db591026c45b46bf959041

C:\Windows\System\ymcFEWq.exe

MD5 46dd288521975f96b44abd9e81a1aeaf
SHA1 504e30f4baa6bf8ce1fcbfdcb5fd32f902e744b5
SHA256 1233b698b556ca673c2c49a28c42f9622bd2ff1bd223249354065b69cb21a78d
SHA512 1ed630b2e2d5393e7814a7639d30cead7d041191c3be87a7cb1bc98ab9344fcdbcb3e17169ef6288c41b3198f991578a9ed72ef3844f2563a2ddeb398d90ef1d

memory/2728-553-0x00007FFE71AD0000-0x00007FFE72591000-memory.dmp

memory/2728-1026-0x00007FFE71AD0000-0x00007FFE72591000-memory.dmp

memory/4768-2057-0x00007FF7ABBF0000-0x00007FF7ABFE6000-memory.dmp

memory/4496-2058-0x00007FF68F560000-0x00007FF68F956000-memory.dmp

memory/2256-2059-0x00007FF76E7E0000-0x00007FF76EBD6000-memory.dmp

memory/4180-2060-0x00007FF67DE10000-0x00007FF67E206000-memory.dmp

memory/1968-2061-0x00007FF713E10000-0x00007FF714206000-memory.dmp

memory/436-2062-0x00007FF6E7000000-0x00007FF6E73F6000-memory.dmp

memory/4572-2064-0x00007FF626560000-0x00007FF626956000-memory.dmp

memory/2296-2063-0x00007FF746B90000-0x00007FF746F86000-memory.dmp

memory/1796-2065-0x00007FF672410000-0x00007FF672806000-memory.dmp

memory/588-2066-0x00007FF70F350000-0x00007FF70F746000-memory.dmp

memory/3596-2067-0x00007FF67CA20000-0x00007FF67CE16000-memory.dmp

memory/4860-2068-0x00007FF781FD0000-0x00007FF7823C6000-memory.dmp

memory/3028-2069-0x00007FF672870000-0x00007FF672C66000-memory.dmp

memory/628-2070-0x00007FF6CF190000-0x00007FF6CF586000-memory.dmp

memory/2252-2071-0x00007FF620540000-0x00007FF620936000-memory.dmp

memory/4788-2073-0x00007FF7F0F70000-0x00007FF7F1366000-memory.dmp

memory/2936-2072-0x00007FF77B110000-0x00007FF77B506000-memory.dmp

memory/4028-2074-0x00007FF79EA10000-0x00007FF79EE06000-memory.dmp

memory/4768-2080-0x00007FF7ABBF0000-0x00007FF7ABFE6000-memory.dmp

memory/4420-2079-0x00007FF7E54C0000-0x00007FF7E58B6000-memory.dmp

memory/4808-2078-0x00007FF7CBCB0000-0x00007FF7CC0A6000-memory.dmp

memory/3148-2077-0x00007FF796030000-0x00007FF796426000-memory.dmp

memory/8-2076-0x00007FF7158C0000-0x00007FF715CB6000-memory.dmp

memory/3200-2075-0x00007FF7E2FA0000-0x00007FF7E3396000-memory.dmp

memory/928-2081-0x00007FF6D9800000-0x00007FF6D9BF6000-memory.dmp