Malware Analysis Report

2024-09-10 12:45

Sample ID 240613-pz49aazajb
Target 7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
SHA256 3ef82713d883f0c3cbb7f3afe4b71abaa41fda7c418eb971da3b1144bfcacc85
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3ef82713d883f0c3cbb7f3afe4b71abaa41fda7c418eb971da3b1144bfcacc85

Threat Level: Known bad

The file 7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:46

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:46

Reported

2024-06-13 12:49

Platform

win7-20240611-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\etnbDCX.exe N/A
N/A N/A C:\Windows\System\wEKzUul.exe N/A
N/A N/A C:\Windows\System\SbaYKGC.exe N/A
N/A N/A C:\Windows\System\umGEftd.exe N/A
N/A N/A C:\Windows\System\evyRPkf.exe N/A
N/A N/A C:\Windows\System\GWubKtt.exe N/A
N/A N/A C:\Windows\System\onDtHZH.exe N/A
N/A N/A C:\Windows\System\EpBVFUh.exe N/A
N/A N/A C:\Windows\System\hsuCepJ.exe N/A
N/A N/A C:\Windows\System\KOahWkx.exe N/A
N/A N/A C:\Windows\System\vmBoTxH.exe N/A
N/A N/A C:\Windows\System\PaDsPFm.exe N/A
N/A N/A C:\Windows\System\kdVYxPC.exe N/A
N/A N/A C:\Windows\System\ifxrXmv.exe N/A
N/A N/A C:\Windows\System\NZgjDPS.exe N/A
N/A N/A C:\Windows\System\OvLGXbZ.exe N/A
N/A N/A C:\Windows\System\rtoAFOa.exe N/A
N/A N/A C:\Windows\System\XlsVVrQ.exe N/A
N/A N/A C:\Windows\System\ljdFuyw.exe N/A
N/A N/A C:\Windows\System\zNBNbWL.exe N/A
N/A N/A C:\Windows\System\SGeTDFk.exe N/A
N/A N/A C:\Windows\System\POdNrFP.exe N/A
N/A N/A C:\Windows\System\QvTteKT.exe N/A
N/A N/A C:\Windows\System\naQMCGk.exe N/A
N/A N/A C:\Windows\System\abOkfnw.exe N/A
N/A N/A C:\Windows\System\MtpHNVh.exe N/A
N/A N/A C:\Windows\System\lmVHCIg.exe N/A
N/A N/A C:\Windows\System\kDtLyhF.exe N/A
N/A N/A C:\Windows\System\LCjWEgT.exe N/A
N/A N/A C:\Windows\System\bghsHTz.exe N/A
N/A N/A C:\Windows\System\NQiEkjb.exe N/A
N/A N/A C:\Windows\System\bhmWCvI.exe N/A
N/A N/A C:\Windows\System\ntKKDaM.exe N/A
N/A N/A C:\Windows\System\jRuBRnj.exe N/A
N/A N/A C:\Windows\System\ExejwwD.exe N/A
N/A N/A C:\Windows\System\PdhKXYt.exe N/A
N/A N/A C:\Windows\System\mTrMhoY.exe N/A
N/A N/A C:\Windows\System\BOBcfCo.exe N/A
N/A N/A C:\Windows\System\pHBwPkP.exe N/A
N/A N/A C:\Windows\System\EafEGef.exe N/A
N/A N/A C:\Windows\System\CdMJhVK.exe N/A
N/A N/A C:\Windows\System\kwudUNs.exe N/A
N/A N/A C:\Windows\System\bhOGgCC.exe N/A
N/A N/A C:\Windows\System\kiDzJxi.exe N/A
N/A N/A C:\Windows\System\UXFGUWb.exe N/A
N/A N/A C:\Windows\System\FiXmICJ.exe N/A
N/A N/A C:\Windows\System\ZFFcwSL.exe N/A
N/A N/A C:\Windows\System\sYFYfgu.exe N/A
N/A N/A C:\Windows\System\nYSyTqe.exe N/A
N/A N/A C:\Windows\System\viUuxgd.exe N/A
N/A N/A C:\Windows\System\tyefAVt.exe N/A
N/A N/A C:\Windows\System\ydSrCBI.exe N/A
N/A N/A C:\Windows\System\WzTNvSz.exe N/A
N/A N/A C:\Windows\System\uBApRKS.exe N/A
N/A N/A C:\Windows\System\COyKMwT.exe N/A
N/A N/A C:\Windows\System\TUkEUDk.exe N/A
N/A N/A C:\Windows\System\HEzkOZu.exe N/A
N/A N/A C:\Windows\System\WUuBrTa.exe N/A
N/A N/A C:\Windows\System\xGssMGg.exe N/A
N/A N/A C:\Windows\System\EEYvoiD.exe N/A
N/A N/A C:\Windows\System\sUjmKdv.exe N/A
N/A N/A C:\Windows\System\Phdlllh.exe N/A
N/A N/A C:\Windows\System\hLSkKSM.exe N/A
N/A N/A C:\Windows\System\iPLkPqC.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\owvXTdm.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXiegLG.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsWRSbe.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBfnRfE.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\YItnLvr.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\dWWclvh.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVWjzoI.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\eLytHoM.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\KhdMEaR.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\sJbtFYs.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrNIlAr.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\xzGiNeT.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyFiHNR.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\DTZGWZI.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\tYdnykK.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\nsRwwvx.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\GXEPuaI.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\iYRthsF.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\YKbtCVg.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\RCvQWjV.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\hDBvZUw.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\fgzLAwA.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\bIIaJsD.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\CwhhfoU.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMZXUDw.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\NPduGnY.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\SYvRbKe.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNBydBb.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwQnREe.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\loWVCRs.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdHhibl.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\uBVwvou.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZVXjtBs.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\yEssWvi.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\iwTigZZ.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxWboVp.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\dGhmmJi.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNEYrbG.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNKOXnY.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwAazDn.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClAbDLA.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\wcUZGSm.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPWNjEL.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\xJlHkic.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\CbOiGsy.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\aYONKwD.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\YfXLhjh.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\QAtJrqV.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\ovyDZxM.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\SCgqbtX.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\UFRmKbJ.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\PfbHWdH.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\cvGJppO.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZlhTXpE.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaeiMXF.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYFYfgu.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\sxWTIoT.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\amkJkpV.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\vJqrgPN.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\NZgjDPS.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\FwFnvdX.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\PYCLWqL.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\fkrmJQD.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubsiBRv.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2248 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2248 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2248 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2248 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\etnbDCX.exe
PID 2248 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\etnbDCX.exe
PID 2248 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\etnbDCX.exe
PID 2248 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\wEKzUul.exe
PID 2248 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\wEKzUul.exe
PID 2248 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\wEKzUul.exe
PID 2248 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\SbaYKGC.exe
PID 2248 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\SbaYKGC.exe
PID 2248 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\SbaYKGC.exe
PID 2248 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\umGEftd.exe
PID 2248 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\umGEftd.exe
PID 2248 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\umGEftd.exe
PID 2248 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\evyRPkf.exe
PID 2248 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\evyRPkf.exe
PID 2248 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\evyRPkf.exe
PID 2248 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GWubKtt.exe
PID 2248 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GWubKtt.exe
PID 2248 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GWubKtt.exe
PID 2248 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\onDtHZH.exe
PID 2248 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\onDtHZH.exe
PID 2248 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\onDtHZH.exe
PID 2248 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\hsuCepJ.exe
PID 2248 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\hsuCepJ.exe
PID 2248 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\hsuCepJ.exe
PID 2248 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\EpBVFUh.exe
PID 2248 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\EpBVFUh.exe
PID 2248 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\EpBVFUh.exe
PID 2248 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\KOahWkx.exe
PID 2248 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\KOahWkx.exe
PID 2248 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\KOahWkx.exe
PID 2248 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\vmBoTxH.exe
PID 2248 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\vmBoTxH.exe
PID 2248 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\vmBoTxH.exe
PID 2248 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\PaDsPFm.exe
PID 2248 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\PaDsPFm.exe
PID 2248 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\PaDsPFm.exe
PID 2248 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\kdVYxPC.exe
PID 2248 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\kdVYxPC.exe
PID 2248 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\kdVYxPC.exe
PID 2248 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ifxrXmv.exe
PID 2248 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ifxrXmv.exe
PID 2248 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ifxrXmv.exe
PID 2248 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\NZgjDPS.exe
PID 2248 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\NZgjDPS.exe
PID 2248 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\NZgjDPS.exe
PID 2248 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\OvLGXbZ.exe
PID 2248 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\OvLGXbZ.exe
PID 2248 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\OvLGXbZ.exe
PID 2248 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\rtoAFOa.exe
PID 2248 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\rtoAFOa.exe
PID 2248 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\rtoAFOa.exe
PID 2248 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\XlsVVrQ.exe
PID 2248 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\XlsVVrQ.exe
PID 2248 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\XlsVVrQ.exe
PID 2248 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ljdFuyw.exe
PID 2248 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ljdFuyw.exe
PID 2248 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ljdFuyw.exe
PID 2248 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\zNBNbWL.exe
PID 2248 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\zNBNbWL.exe
PID 2248 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\zNBNbWL.exe
PID 2248 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\SGeTDFk.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\etnbDCX.exe

C:\Windows\System\etnbDCX.exe

C:\Windows\System\wEKzUul.exe

C:\Windows\System\wEKzUul.exe

C:\Windows\System\SbaYKGC.exe

C:\Windows\System\SbaYKGC.exe

C:\Windows\System\umGEftd.exe

C:\Windows\System\umGEftd.exe

C:\Windows\System\evyRPkf.exe

C:\Windows\System\evyRPkf.exe

C:\Windows\System\GWubKtt.exe

C:\Windows\System\GWubKtt.exe

C:\Windows\System\onDtHZH.exe

C:\Windows\System\onDtHZH.exe

C:\Windows\System\hsuCepJ.exe

C:\Windows\System\hsuCepJ.exe

C:\Windows\System\EpBVFUh.exe

C:\Windows\System\EpBVFUh.exe

C:\Windows\System\KOahWkx.exe

C:\Windows\System\KOahWkx.exe

C:\Windows\System\vmBoTxH.exe

C:\Windows\System\vmBoTxH.exe

C:\Windows\System\PaDsPFm.exe

C:\Windows\System\PaDsPFm.exe

C:\Windows\System\kdVYxPC.exe

C:\Windows\System\kdVYxPC.exe

C:\Windows\System\ifxrXmv.exe

C:\Windows\System\ifxrXmv.exe

C:\Windows\System\NZgjDPS.exe

C:\Windows\System\NZgjDPS.exe

C:\Windows\System\OvLGXbZ.exe

C:\Windows\System\OvLGXbZ.exe

C:\Windows\System\rtoAFOa.exe

C:\Windows\System\rtoAFOa.exe

C:\Windows\System\XlsVVrQ.exe

C:\Windows\System\XlsVVrQ.exe

C:\Windows\System\ljdFuyw.exe

C:\Windows\System\ljdFuyw.exe

C:\Windows\System\zNBNbWL.exe

C:\Windows\System\zNBNbWL.exe

C:\Windows\System\SGeTDFk.exe

C:\Windows\System\SGeTDFk.exe

C:\Windows\System\POdNrFP.exe

C:\Windows\System\POdNrFP.exe

C:\Windows\System\QvTteKT.exe

C:\Windows\System\QvTteKT.exe

C:\Windows\System\naQMCGk.exe

C:\Windows\System\naQMCGk.exe

C:\Windows\System\abOkfnw.exe

C:\Windows\System\abOkfnw.exe

C:\Windows\System\MtpHNVh.exe

C:\Windows\System\MtpHNVh.exe

C:\Windows\System\lmVHCIg.exe

C:\Windows\System\lmVHCIg.exe

C:\Windows\System\kDtLyhF.exe

C:\Windows\System\kDtLyhF.exe

C:\Windows\System\LCjWEgT.exe

C:\Windows\System\LCjWEgT.exe

C:\Windows\System\bghsHTz.exe

C:\Windows\System\bghsHTz.exe

C:\Windows\System\NQiEkjb.exe

C:\Windows\System\NQiEkjb.exe

C:\Windows\System\bhmWCvI.exe

C:\Windows\System\bhmWCvI.exe

C:\Windows\System\ntKKDaM.exe

C:\Windows\System\ntKKDaM.exe

C:\Windows\System\jRuBRnj.exe

C:\Windows\System\jRuBRnj.exe

C:\Windows\System\ExejwwD.exe

C:\Windows\System\ExejwwD.exe

C:\Windows\System\PdhKXYt.exe

C:\Windows\System\PdhKXYt.exe

C:\Windows\System\mTrMhoY.exe

C:\Windows\System\mTrMhoY.exe

C:\Windows\System\BOBcfCo.exe

C:\Windows\System\BOBcfCo.exe

C:\Windows\System\pHBwPkP.exe

C:\Windows\System\pHBwPkP.exe

C:\Windows\System\EafEGef.exe

C:\Windows\System\EafEGef.exe

C:\Windows\System\CdMJhVK.exe

C:\Windows\System\CdMJhVK.exe

C:\Windows\System\kwudUNs.exe

C:\Windows\System\kwudUNs.exe

C:\Windows\System\bhOGgCC.exe

C:\Windows\System\bhOGgCC.exe

C:\Windows\System\kiDzJxi.exe

C:\Windows\System\kiDzJxi.exe

C:\Windows\System\UXFGUWb.exe

C:\Windows\System\UXFGUWb.exe

C:\Windows\System\FiXmICJ.exe

C:\Windows\System\FiXmICJ.exe

C:\Windows\System\ZFFcwSL.exe

C:\Windows\System\ZFFcwSL.exe

C:\Windows\System\sYFYfgu.exe

C:\Windows\System\sYFYfgu.exe

C:\Windows\System\nYSyTqe.exe

C:\Windows\System\nYSyTqe.exe

C:\Windows\System\viUuxgd.exe

C:\Windows\System\viUuxgd.exe

C:\Windows\System\tyefAVt.exe

C:\Windows\System\tyefAVt.exe

C:\Windows\System\ydSrCBI.exe

C:\Windows\System\ydSrCBI.exe

C:\Windows\System\WzTNvSz.exe

C:\Windows\System\WzTNvSz.exe

C:\Windows\System\uBApRKS.exe

C:\Windows\System\uBApRKS.exe

C:\Windows\System\COyKMwT.exe

C:\Windows\System\COyKMwT.exe

C:\Windows\System\TUkEUDk.exe

C:\Windows\System\TUkEUDk.exe

C:\Windows\System\HEzkOZu.exe

C:\Windows\System\HEzkOZu.exe

C:\Windows\System\WUuBrTa.exe

C:\Windows\System\WUuBrTa.exe

C:\Windows\System\xGssMGg.exe

C:\Windows\System\xGssMGg.exe

C:\Windows\System\EEYvoiD.exe

C:\Windows\System\EEYvoiD.exe

C:\Windows\System\sUjmKdv.exe

C:\Windows\System\sUjmKdv.exe

C:\Windows\System\Phdlllh.exe

C:\Windows\System\Phdlllh.exe

C:\Windows\System\hLSkKSM.exe

C:\Windows\System\hLSkKSM.exe

C:\Windows\System\iPLkPqC.exe

C:\Windows\System\iPLkPqC.exe

C:\Windows\System\BFiuXvc.exe

C:\Windows\System\BFiuXvc.exe

C:\Windows\System\pDGYUaL.exe

C:\Windows\System\pDGYUaL.exe

C:\Windows\System\dIDzYYz.exe

C:\Windows\System\dIDzYYz.exe

C:\Windows\System\isGgjoY.exe

C:\Windows\System\isGgjoY.exe

C:\Windows\System\nnLrAFG.exe

C:\Windows\System\nnLrAFG.exe

C:\Windows\System\qyitoMc.exe

C:\Windows\System\qyitoMc.exe

C:\Windows\System\TbbKaoe.exe

C:\Windows\System\TbbKaoe.exe

C:\Windows\System\kEipZSl.exe

C:\Windows\System\kEipZSl.exe

C:\Windows\System\VYVZCtL.exe

C:\Windows\System\VYVZCtL.exe

C:\Windows\System\jAjScBX.exe

C:\Windows\System\jAjScBX.exe

C:\Windows\System\OFqhGAv.exe

C:\Windows\System\OFqhGAv.exe

C:\Windows\System\dmTymdl.exe

C:\Windows\System\dmTymdl.exe

C:\Windows\System\TBBtRkr.exe

C:\Windows\System\TBBtRkr.exe

C:\Windows\System\PSwNpsV.exe

C:\Windows\System\PSwNpsV.exe

C:\Windows\System\wXofzxv.exe

C:\Windows\System\wXofzxv.exe

C:\Windows\System\mzAsFQu.exe

C:\Windows\System\mzAsFQu.exe

C:\Windows\System\jOlbiuI.exe

C:\Windows\System\jOlbiuI.exe

C:\Windows\System\lalEVqS.exe

C:\Windows\System\lalEVqS.exe

C:\Windows\System\XAsUZUy.exe

C:\Windows\System\XAsUZUy.exe

C:\Windows\System\HwqwOZe.exe

C:\Windows\System\HwqwOZe.exe

C:\Windows\System\HPYJGzB.exe

C:\Windows\System\HPYJGzB.exe

C:\Windows\System\UMLoxyP.exe

C:\Windows\System\UMLoxyP.exe

C:\Windows\System\ZOnoSQM.exe

C:\Windows\System\ZOnoSQM.exe

C:\Windows\System\zIcNEaL.exe

C:\Windows\System\zIcNEaL.exe

C:\Windows\System\zIFPJkn.exe

C:\Windows\System\zIFPJkn.exe

C:\Windows\System\KvbXOOg.exe

C:\Windows\System\KvbXOOg.exe

C:\Windows\System\ysfOBrU.exe

C:\Windows\System\ysfOBrU.exe

C:\Windows\System\NypAjFq.exe

C:\Windows\System\NypAjFq.exe

C:\Windows\System\fxMNAhr.exe

C:\Windows\System\fxMNAhr.exe

C:\Windows\System\vdIAdoS.exe

C:\Windows\System\vdIAdoS.exe

C:\Windows\System\qUYJtGt.exe

C:\Windows\System\qUYJtGt.exe

C:\Windows\System\vGjJxuy.exe

C:\Windows\System\vGjJxuy.exe

C:\Windows\System\HKHtTSo.exe

C:\Windows\System\HKHtTSo.exe

C:\Windows\System\juGQCPi.exe

C:\Windows\System\juGQCPi.exe

C:\Windows\System\yhHYCFV.exe

C:\Windows\System\yhHYCFV.exe

C:\Windows\System\pZsXyFA.exe

C:\Windows\System\pZsXyFA.exe

C:\Windows\System\wvTZsKu.exe

C:\Windows\System\wvTZsKu.exe

C:\Windows\System\HzvecQj.exe

C:\Windows\System\HzvecQj.exe

C:\Windows\System\sPerTsL.exe

C:\Windows\System\sPerTsL.exe

C:\Windows\System\idGIUjj.exe

C:\Windows\System\idGIUjj.exe

C:\Windows\System\vkUnLPl.exe

C:\Windows\System\vkUnLPl.exe

C:\Windows\System\WTEdrQN.exe

C:\Windows\System\WTEdrQN.exe

C:\Windows\System\nFoGoTY.exe

C:\Windows\System\nFoGoTY.exe

C:\Windows\System\uNcBFKH.exe

C:\Windows\System\uNcBFKH.exe

C:\Windows\System\uixNAzh.exe

C:\Windows\System\uixNAzh.exe

C:\Windows\System\ywgOeRt.exe

C:\Windows\System\ywgOeRt.exe

C:\Windows\System\ywnlUWQ.exe

C:\Windows\System\ywnlUWQ.exe

C:\Windows\System\NsEKGPV.exe

C:\Windows\System\NsEKGPV.exe

C:\Windows\System\KvyvvNb.exe

C:\Windows\System\KvyvvNb.exe

C:\Windows\System\AdoOczj.exe

C:\Windows\System\AdoOczj.exe

C:\Windows\System\OWpkHHD.exe

C:\Windows\System\OWpkHHD.exe

C:\Windows\System\rxtjPzm.exe

C:\Windows\System\rxtjPzm.exe

C:\Windows\System\ANqngDr.exe

C:\Windows\System\ANqngDr.exe

C:\Windows\System\ZxxwHat.exe

C:\Windows\System\ZxxwHat.exe

C:\Windows\System\jImvlLW.exe

C:\Windows\System\jImvlLW.exe

C:\Windows\System\KZEupHD.exe

C:\Windows\System\KZEupHD.exe

C:\Windows\System\LtjEFOz.exe

C:\Windows\System\LtjEFOz.exe

C:\Windows\System\mreYjZz.exe

C:\Windows\System\mreYjZz.exe

C:\Windows\System\iEgWcLn.exe

C:\Windows\System\iEgWcLn.exe

C:\Windows\System\VmVGiCO.exe

C:\Windows\System\VmVGiCO.exe

C:\Windows\System\jBfSVsP.exe

C:\Windows\System\jBfSVsP.exe

C:\Windows\System\zegbtHu.exe

C:\Windows\System\zegbtHu.exe

C:\Windows\System\kdmOuct.exe

C:\Windows\System\kdmOuct.exe

C:\Windows\System\jFBiRyg.exe

C:\Windows\System\jFBiRyg.exe

C:\Windows\System\XIuBieN.exe

C:\Windows\System\XIuBieN.exe

C:\Windows\System\oflsBOH.exe

C:\Windows\System\oflsBOH.exe

C:\Windows\System\qfXSGJF.exe

C:\Windows\System\qfXSGJF.exe

C:\Windows\System\qGkVkMX.exe

C:\Windows\System\qGkVkMX.exe

C:\Windows\System\WYYzwNu.exe

C:\Windows\System\WYYzwNu.exe

C:\Windows\System\FVHXMJC.exe

C:\Windows\System\FVHXMJC.exe

C:\Windows\System\tydzexI.exe

C:\Windows\System\tydzexI.exe

C:\Windows\System\NlEKEjx.exe

C:\Windows\System\NlEKEjx.exe

C:\Windows\System\XCZmZID.exe

C:\Windows\System\XCZmZID.exe

C:\Windows\System\CUuhaRC.exe

C:\Windows\System\CUuhaRC.exe

C:\Windows\System\bRVggLD.exe

C:\Windows\System\bRVggLD.exe

C:\Windows\System\kRhivDM.exe

C:\Windows\System\kRhivDM.exe

C:\Windows\System\NfZpmtV.exe

C:\Windows\System\NfZpmtV.exe

C:\Windows\System\AcZggMy.exe

C:\Windows\System\AcZggMy.exe

C:\Windows\System\fwVEaXz.exe

C:\Windows\System\fwVEaXz.exe

C:\Windows\System\psspGsX.exe

C:\Windows\System\psspGsX.exe

C:\Windows\System\cvbYFzh.exe

C:\Windows\System\cvbYFzh.exe

C:\Windows\System\MwVyAJx.exe

C:\Windows\System\MwVyAJx.exe

C:\Windows\System\uIvuMWN.exe

C:\Windows\System\uIvuMWN.exe

C:\Windows\System\HywjmdM.exe

C:\Windows\System\HywjmdM.exe

C:\Windows\System\BmxKZhX.exe

C:\Windows\System\BmxKZhX.exe

C:\Windows\System\JtqLOxS.exe

C:\Windows\System\JtqLOxS.exe

C:\Windows\System\fpUHgQU.exe

C:\Windows\System\fpUHgQU.exe

C:\Windows\System\pcIwxuv.exe

C:\Windows\System\pcIwxuv.exe

C:\Windows\System\XKNZNSa.exe

C:\Windows\System\XKNZNSa.exe

C:\Windows\System\jDYgECH.exe

C:\Windows\System\jDYgECH.exe

C:\Windows\System\QHBIPBl.exe

C:\Windows\System\QHBIPBl.exe

C:\Windows\System\OkmVmCj.exe

C:\Windows\System\OkmVmCj.exe

C:\Windows\System\tlMjDsM.exe

C:\Windows\System\tlMjDsM.exe

C:\Windows\System\PCNJOTN.exe

C:\Windows\System\PCNJOTN.exe

C:\Windows\System\MLKjkDG.exe

C:\Windows\System\MLKjkDG.exe

C:\Windows\System\hYjuxIW.exe

C:\Windows\System\hYjuxIW.exe

C:\Windows\System\IuNdcbI.exe

C:\Windows\System\IuNdcbI.exe

C:\Windows\System\NFwJqzm.exe

C:\Windows\System\NFwJqzm.exe

C:\Windows\System\yWasQCj.exe

C:\Windows\System\yWasQCj.exe

C:\Windows\System\LdUvDcH.exe

C:\Windows\System\LdUvDcH.exe

C:\Windows\System\YCtEWcQ.exe

C:\Windows\System\YCtEWcQ.exe

C:\Windows\System\YYTlwvg.exe

C:\Windows\System\YYTlwvg.exe

C:\Windows\System\WSEvMCn.exe

C:\Windows\System\WSEvMCn.exe

C:\Windows\System\ClAbDLA.exe

C:\Windows\System\ClAbDLA.exe

C:\Windows\System\wfNKvrD.exe

C:\Windows\System\wfNKvrD.exe

C:\Windows\System\qUJbjyS.exe

C:\Windows\System\qUJbjyS.exe

C:\Windows\System\huxpFon.exe

C:\Windows\System\huxpFon.exe

C:\Windows\System\lAvWsYj.exe

C:\Windows\System\lAvWsYj.exe

C:\Windows\System\bGwORsX.exe

C:\Windows\System\bGwORsX.exe

C:\Windows\System\nChvWpL.exe

C:\Windows\System\nChvWpL.exe

C:\Windows\System\nnCSlEw.exe

C:\Windows\System\nnCSlEw.exe

C:\Windows\System\hOySqlJ.exe

C:\Windows\System\hOySqlJ.exe

C:\Windows\System\gNfjVlw.exe

C:\Windows\System\gNfjVlw.exe

C:\Windows\System\jzMEgqL.exe

C:\Windows\System\jzMEgqL.exe

C:\Windows\System\hEznutn.exe

C:\Windows\System\hEznutn.exe

C:\Windows\System\BFSbeXH.exe

C:\Windows\System\BFSbeXH.exe

C:\Windows\System\MVUCczA.exe

C:\Windows\System\MVUCczA.exe

C:\Windows\System\kIjYbDw.exe

C:\Windows\System\kIjYbDw.exe

C:\Windows\System\cbMVIcz.exe

C:\Windows\System\cbMVIcz.exe

C:\Windows\System\jYjnzLU.exe

C:\Windows\System\jYjnzLU.exe

C:\Windows\System\vXPuHJL.exe

C:\Windows\System\vXPuHJL.exe

C:\Windows\System\LDtlXHk.exe

C:\Windows\System\LDtlXHk.exe

C:\Windows\System\ahbQZXy.exe

C:\Windows\System\ahbQZXy.exe

C:\Windows\System\ykSuuIs.exe

C:\Windows\System\ykSuuIs.exe

C:\Windows\System\hgvBBER.exe

C:\Windows\System\hgvBBER.exe

C:\Windows\System\LbhyfTD.exe

C:\Windows\System\LbhyfTD.exe

C:\Windows\System\EuwYBQi.exe

C:\Windows\System\EuwYBQi.exe

C:\Windows\System\yYPLqnS.exe

C:\Windows\System\yYPLqnS.exe

C:\Windows\System\GqONTKU.exe

C:\Windows\System\GqONTKU.exe

C:\Windows\System\FAEeeFY.exe

C:\Windows\System\FAEeeFY.exe

C:\Windows\System\GzumwNc.exe

C:\Windows\System\GzumwNc.exe

C:\Windows\System\uoimoyK.exe

C:\Windows\System\uoimoyK.exe

C:\Windows\System\EbItBFo.exe

C:\Windows\System\EbItBFo.exe

C:\Windows\System\YYJinfb.exe

C:\Windows\System\YYJinfb.exe

C:\Windows\System\HOYdlTd.exe

C:\Windows\System\HOYdlTd.exe

C:\Windows\System\Zliibcn.exe

C:\Windows\System\Zliibcn.exe

C:\Windows\System\gtTvlMT.exe

C:\Windows\System\gtTvlMT.exe

C:\Windows\System\XmErMtu.exe

C:\Windows\System\XmErMtu.exe

C:\Windows\System\ufACXBF.exe

C:\Windows\System\ufACXBF.exe

C:\Windows\System\icJCHiC.exe

C:\Windows\System\icJCHiC.exe

C:\Windows\System\pSkkqtQ.exe

C:\Windows\System\pSkkqtQ.exe

C:\Windows\System\RerTtVi.exe

C:\Windows\System\RerTtVi.exe

C:\Windows\System\CZudDsK.exe

C:\Windows\System\CZudDsK.exe

C:\Windows\System\uyIQEdu.exe

C:\Windows\System\uyIQEdu.exe

C:\Windows\System\YHWFiih.exe

C:\Windows\System\YHWFiih.exe

C:\Windows\System\uYchsTJ.exe

C:\Windows\System\uYchsTJ.exe

C:\Windows\System\QJVfbkh.exe

C:\Windows\System\QJVfbkh.exe

C:\Windows\System\zPrgAnd.exe

C:\Windows\System\zPrgAnd.exe

C:\Windows\System\yiodDjb.exe

C:\Windows\System\yiodDjb.exe

C:\Windows\System\jSjXlpQ.exe

C:\Windows\System\jSjXlpQ.exe

C:\Windows\System\wLankKz.exe

C:\Windows\System\wLankKz.exe

C:\Windows\System\pmyObmc.exe

C:\Windows\System\pmyObmc.exe

C:\Windows\System\nLWRDln.exe

C:\Windows\System\nLWRDln.exe

C:\Windows\System\WMsZuVf.exe

C:\Windows\System\WMsZuVf.exe

C:\Windows\System\MVRJScX.exe

C:\Windows\System\MVRJScX.exe

C:\Windows\System\AixIKcu.exe

C:\Windows\System\AixIKcu.exe

C:\Windows\System\ReovjMn.exe

C:\Windows\System\ReovjMn.exe

C:\Windows\System\TbSPBXb.exe

C:\Windows\System\TbSPBXb.exe

C:\Windows\System\pOXBhKm.exe

C:\Windows\System\pOXBhKm.exe

C:\Windows\System\aYOaVyf.exe

C:\Windows\System\aYOaVyf.exe

C:\Windows\System\JjdJsSf.exe

C:\Windows\System\JjdJsSf.exe

C:\Windows\System\xxekDmz.exe

C:\Windows\System\xxekDmz.exe

C:\Windows\System\wKhGOSr.exe

C:\Windows\System\wKhGOSr.exe

C:\Windows\System\loWVCRs.exe

C:\Windows\System\loWVCRs.exe

C:\Windows\System\aZuiNqo.exe

C:\Windows\System\aZuiNqo.exe

C:\Windows\System\qFEkVct.exe

C:\Windows\System\qFEkVct.exe

C:\Windows\System\FVoXshO.exe

C:\Windows\System\FVoXshO.exe

C:\Windows\System\RPutOQq.exe

C:\Windows\System\RPutOQq.exe

C:\Windows\System\GFrJAgk.exe

C:\Windows\System\GFrJAgk.exe

C:\Windows\System\EuBZrPB.exe

C:\Windows\System\EuBZrPB.exe

C:\Windows\System\hQOuWww.exe

C:\Windows\System\hQOuWww.exe

C:\Windows\System\bbbxAIn.exe

C:\Windows\System\bbbxAIn.exe

C:\Windows\System\qAfuSEn.exe

C:\Windows\System\qAfuSEn.exe

C:\Windows\System\lgsVprp.exe

C:\Windows\System\lgsVprp.exe

C:\Windows\System\UqKPVTW.exe

C:\Windows\System\UqKPVTW.exe

C:\Windows\System\ftjQWTi.exe

C:\Windows\System\ftjQWTi.exe

C:\Windows\System\HUYFhqw.exe

C:\Windows\System\HUYFhqw.exe

C:\Windows\System\LmTdIsz.exe

C:\Windows\System\LmTdIsz.exe

C:\Windows\System\achBJac.exe

C:\Windows\System\achBJac.exe

C:\Windows\System\PsTfEAc.exe

C:\Windows\System\PsTfEAc.exe

C:\Windows\System\tqFRWOS.exe

C:\Windows\System\tqFRWOS.exe

C:\Windows\System\AbKhVfB.exe

C:\Windows\System\AbKhVfB.exe

C:\Windows\System\aBfnRfE.exe

C:\Windows\System\aBfnRfE.exe

C:\Windows\System\uFpOpSi.exe

C:\Windows\System\uFpOpSi.exe

C:\Windows\System\QExzOaS.exe

C:\Windows\System\QExzOaS.exe

C:\Windows\System\DpfdjNn.exe

C:\Windows\System\DpfdjNn.exe

C:\Windows\System\zzBsirr.exe

C:\Windows\System\zzBsirr.exe

C:\Windows\System\jthWsrl.exe

C:\Windows\System\jthWsrl.exe

C:\Windows\System\MAqDNPs.exe

C:\Windows\System\MAqDNPs.exe

C:\Windows\System\MrHuHUG.exe

C:\Windows\System\MrHuHUG.exe

C:\Windows\System\HSefNeW.exe

C:\Windows\System\HSefNeW.exe

C:\Windows\System\YZMqUvx.exe

C:\Windows\System\YZMqUvx.exe

C:\Windows\System\twUGZwf.exe

C:\Windows\System\twUGZwf.exe

C:\Windows\System\ZMhHqdt.exe

C:\Windows\System\ZMhHqdt.exe

C:\Windows\System\flcyypk.exe

C:\Windows\System\flcyypk.exe

C:\Windows\System\KdmUOlf.exe

C:\Windows\System\KdmUOlf.exe

C:\Windows\System\zkbqCcu.exe

C:\Windows\System\zkbqCcu.exe

C:\Windows\System\ILYiDzz.exe

C:\Windows\System\ILYiDzz.exe

C:\Windows\System\mEkcOPZ.exe

C:\Windows\System\mEkcOPZ.exe

C:\Windows\System\atfROAm.exe

C:\Windows\System\atfROAm.exe

C:\Windows\System\afGFUSW.exe

C:\Windows\System\afGFUSW.exe

C:\Windows\System\CFCcyEL.exe

C:\Windows\System\CFCcyEL.exe

C:\Windows\System\DaSiKjI.exe

C:\Windows\System\DaSiKjI.exe

C:\Windows\System\kiVaYjm.exe

C:\Windows\System\kiVaYjm.exe

C:\Windows\System\OThtHFc.exe

C:\Windows\System\OThtHFc.exe

C:\Windows\System\KzSndoh.exe

C:\Windows\System\KzSndoh.exe

C:\Windows\System\eqhXxqB.exe

C:\Windows\System\eqhXxqB.exe

C:\Windows\System\pjiSCNi.exe

C:\Windows\System\pjiSCNi.exe

C:\Windows\System\BDqLCCw.exe

C:\Windows\System\BDqLCCw.exe

C:\Windows\System\yaHgshS.exe

C:\Windows\System\yaHgshS.exe

C:\Windows\System\krqiitS.exe

C:\Windows\System\krqiitS.exe

C:\Windows\System\LAbFFDx.exe

C:\Windows\System\LAbFFDx.exe

C:\Windows\System\lgTPzgc.exe

C:\Windows\System\lgTPzgc.exe

C:\Windows\System\ELMouIZ.exe

C:\Windows\System\ELMouIZ.exe

C:\Windows\System\SYZQjiR.exe

C:\Windows\System\SYZQjiR.exe

C:\Windows\System\rdEqqxq.exe

C:\Windows\System\rdEqqxq.exe

C:\Windows\System\cEwhznI.exe

C:\Windows\System\cEwhznI.exe

C:\Windows\System\HGIosBZ.exe

C:\Windows\System\HGIosBZ.exe

C:\Windows\System\TYRMxtq.exe

C:\Windows\System\TYRMxtq.exe

C:\Windows\System\tDwSyxV.exe

C:\Windows\System\tDwSyxV.exe

C:\Windows\System\AGSSvLm.exe

C:\Windows\System\AGSSvLm.exe

C:\Windows\System\cYERilQ.exe

C:\Windows\System\cYERilQ.exe

C:\Windows\System\qMYwoTR.exe

C:\Windows\System\qMYwoTR.exe

C:\Windows\System\UCEZlIx.exe

C:\Windows\System\UCEZlIx.exe

C:\Windows\System\hzNqOjC.exe

C:\Windows\System\hzNqOjC.exe

C:\Windows\System\ovwXwdW.exe

C:\Windows\System\ovwXwdW.exe

C:\Windows\System\RKbzUGj.exe

C:\Windows\System\RKbzUGj.exe

C:\Windows\System\vjQrHvJ.exe

C:\Windows\System\vjQrHvJ.exe

C:\Windows\System\aKLKgPR.exe

C:\Windows\System\aKLKgPR.exe

C:\Windows\System\PGKUhfh.exe

C:\Windows\System\PGKUhfh.exe

C:\Windows\System\vEIcCCo.exe

C:\Windows\System\vEIcCCo.exe

C:\Windows\System\lTWNSIy.exe

C:\Windows\System\lTWNSIy.exe

C:\Windows\System\DWrCwbg.exe

C:\Windows\System\DWrCwbg.exe

C:\Windows\System\ZWssrAJ.exe

C:\Windows\System\ZWssrAJ.exe

C:\Windows\System\jxlCLvx.exe

C:\Windows\System\jxlCLvx.exe

C:\Windows\System\FFnsXix.exe

C:\Windows\System\FFnsXix.exe

C:\Windows\System\jwUtHMo.exe

C:\Windows\System\jwUtHMo.exe

C:\Windows\System\OFzXurO.exe

C:\Windows\System\OFzXurO.exe

C:\Windows\System\axMJPwA.exe

C:\Windows\System\axMJPwA.exe

C:\Windows\System\PeLWFRZ.exe

C:\Windows\System\PeLWFRZ.exe

C:\Windows\System\COjvkdb.exe

C:\Windows\System\COjvkdb.exe

C:\Windows\System\ieUFIyp.exe

C:\Windows\System\ieUFIyp.exe

C:\Windows\System\txaFEDF.exe

C:\Windows\System\txaFEDF.exe

C:\Windows\System\CXiZfqL.exe

C:\Windows\System\CXiZfqL.exe

C:\Windows\System\lIuqTVZ.exe

C:\Windows\System\lIuqTVZ.exe

C:\Windows\System\clOOxgW.exe

C:\Windows\System\clOOxgW.exe

C:\Windows\System\MaWGFLH.exe

C:\Windows\System\MaWGFLH.exe

C:\Windows\System\vzqwEJE.exe

C:\Windows\System\vzqwEJE.exe

C:\Windows\System\cQTarMI.exe

C:\Windows\System\cQTarMI.exe

C:\Windows\System\dAAnbiP.exe

C:\Windows\System\dAAnbiP.exe

C:\Windows\System\zHyqrXF.exe

C:\Windows\System\zHyqrXF.exe

C:\Windows\System\NKWcAAy.exe

C:\Windows\System\NKWcAAy.exe

C:\Windows\System\NGQHtWg.exe

C:\Windows\System\NGQHtWg.exe

C:\Windows\System\MEGfFDl.exe

C:\Windows\System\MEGfFDl.exe

C:\Windows\System\ibSerxA.exe

C:\Windows\System\ibSerxA.exe

C:\Windows\System\vTkYCKK.exe

C:\Windows\System\vTkYCKK.exe

C:\Windows\System\fSwzOIU.exe

C:\Windows\System\fSwzOIU.exe

C:\Windows\System\uVWjzoI.exe

C:\Windows\System\uVWjzoI.exe

C:\Windows\System\vxyEgJB.exe

C:\Windows\System\vxyEgJB.exe

C:\Windows\System\GqfWHqD.exe

C:\Windows\System\GqfWHqD.exe

C:\Windows\System\YaeiMXF.exe

C:\Windows\System\YaeiMXF.exe

C:\Windows\System\ECQqywS.exe

C:\Windows\System\ECQqywS.exe

C:\Windows\System\NPlnZFx.exe

C:\Windows\System\NPlnZFx.exe

C:\Windows\System\KMfbZgG.exe

C:\Windows\System\KMfbZgG.exe

C:\Windows\System\TIibROT.exe

C:\Windows\System\TIibROT.exe

C:\Windows\System\gafXMDp.exe

C:\Windows\System\gafXMDp.exe

C:\Windows\System\CDLxBhY.exe

C:\Windows\System\CDLxBhY.exe

C:\Windows\System\zAiIMxq.exe

C:\Windows\System\zAiIMxq.exe

C:\Windows\System\eiWtExu.exe

C:\Windows\System\eiWtExu.exe

C:\Windows\System\oQLELsY.exe

C:\Windows\System\oQLELsY.exe

C:\Windows\System\dGhmmJi.exe

C:\Windows\System\dGhmmJi.exe

C:\Windows\System\qtILcEP.exe

C:\Windows\System\qtILcEP.exe

C:\Windows\System\qrPlHsX.exe

C:\Windows\System\qrPlHsX.exe

C:\Windows\System\wCMtMrQ.exe

C:\Windows\System\wCMtMrQ.exe

C:\Windows\System\STPoGVB.exe

C:\Windows\System\STPoGVB.exe

C:\Windows\System\bhQifRQ.exe

C:\Windows\System\bhQifRQ.exe

C:\Windows\System\KfBHytd.exe

C:\Windows\System\KfBHytd.exe

C:\Windows\System\SPXmiXp.exe

C:\Windows\System\SPXmiXp.exe

C:\Windows\System\nSKyXjK.exe

C:\Windows\System\nSKyXjK.exe

C:\Windows\System\vKtZIXh.exe

C:\Windows\System\vKtZIXh.exe

C:\Windows\System\RQPCiCX.exe

C:\Windows\System\RQPCiCX.exe

C:\Windows\System\KjCGywv.exe

C:\Windows\System\KjCGywv.exe

C:\Windows\System\LogOQbf.exe

C:\Windows\System\LogOQbf.exe

C:\Windows\System\HwpKvnX.exe

C:\Windows\System\HwpKvnX.exe

C:\Windows\System\ArYzTZT.exe

C:\Windows\System\ArYzTZT.exe

C:\Windows\System\EIcMmBV.exe

C:\Windows\System\EIcMmBV.exe

C:\Windows\System\cGucKNP.exe

C:\Windows\System\cGucKNP.exe

C:\Windows\System\VtiCNSk.exe

C:\Windows\System\VtiCNSk.exe

C:\Windows\System\yOvYuNb.exe

C:\Windows\System\yOvYuNb.exe

C:\Windows\System\cToflMt.exe

C:\Windows\System\cToflMt.exe

C:\Windows\System\ERMOPix.exe

C:\Windows\System\ERMOPix.exe

C:\Windows\System\quoWSPN.exe

C:\Windows\System\quoWSPN.exe

C:\Windows\System\plbNwgr.exe

C:\Windows\System\plbNwgr.exe

C:\Windows\System\huRNvfw.exe

C:\Windows\System\huRNvfw.exe

C:\Windows\System\SOWhqYl.exe

C:\Windows\System\SOWhqYl.exe

C:\Windows\System\AsGnNnT.exe

C:\Windows\System\AsGnNnT.exe

C:\Windows\System\pcLSyDk.exe

C:\Windows\System\pcLSyDk.exe

C:\Windows\System\AIPjLVy.exe

C:\Windows\System\AIPjLVy.exe

C:\Windows\System\zDMVUPQ.exe

C:\Windows\System\zDMVUPQ.exe

C:\Windows\System\sXlXYNn.exe

C:\Windows\System\sXlXYNn.exe

C:\Windows\System\KpcSUIG.exe

C:\Windows\System\KpcSUIG.exe

C:\Windows\System\YiQqkAy.exe

C:\Windows\System\YiQqkAy.exe

C:\Windows\System\TDGsPKq.exe

C:\Windows\System\TDGsPKq.exe

C:\Windows\System\SZKhCyg.exe

C:\Windows\System\SZKhCyg.exe

C:\Windows\System\NrzRAad.exe

C:\Windows\System\NrzRAad.exe

C:\Windows\System\EUVoEYU.exe

C:\Windows\System\EUVoEYU.exe

C:\Windows\System\KwNwXgs.exe

C:\Windows\System\KwNwXgs.exe

C:\Windows\System\siiGByS.exe

C:\Windows\System\siiGByS.exe

C:\Windows\System\bZVWoIF.exe

C:\Windows\System\bZVWoIF.exe

C:\Windows\System\jPzIrSx.exe

C:\Windows\System\jPzIrSx.exe

C:\Windows\System\RjrOGNO.exe

C:\Windows\System\RjrOGNO.exe

C:\Windows\System\qiDoKws.exe

C:\Windows\System\qiDoKws.exe

C:\Windows\System\lcTNfIx.exe

C:\Windows\System\lcTNfIx.exe

C:\Windows\System\FxUgPXJ.exe

C:\Windows\System\FxUgPXJ.exe

C:\Windows\System\FIHXcOU.exe

C:\Windows\System\FIHXcOU.exe

C:\Windows\System\eTrJOzh.exe

C:\Windows\System\eTrJOzh.exe

C:\Windows\System\FuaKhsK.exe

C:\Windows\System\FuaKhsK.exe

C:\Windows\System\NXmYhEP.exe

C:\Windows\System\NXmYhEP.exe

C:\Windows\System\ibrGEuu.exe

C:\Windows\System\ibrGEuu.exe

C:\Windows\System\VAfcMag.exe

C:\Windows\System\VAfcMag.exe

C:\Windows\System\Kswdahp.exe

C:\Windows\System\Kswdahp.exe

C:\Windows\System\iXiRwGY.exe

C:\Windows\System\iXiRwGY.exe

C:\Windows\System\MWitfQz.exe

C:\Windows\System\MWitfQz.exe

C:\Windows\System\qupelxj.exe

C:\Windows\System\qupelxj.exe

C:\Windows\System\chTJtSW.exe

C:\Windows\System\chTJtSW.exe

C:\Windows\System\kIazPfV.exe

C:\Windows\System\kIazPfV.exe

C:\Windows\System\rVvjKAj.exe

C:\Windows\System\rVvjKAj.exe

C:\Windows\System\kEuXBLL.exe

C:\Windows\System\kEuXBLL.exe

C:\Windows\System\RBfLYrE.exe

C:\Windows\System\RBfLYrE.exe

C:\Windows\System\EtPlKah.exe

C:\Windows\System\EtPlKah.exe

C:\Windows\System\XCQTQqZ.exe

C:\Windows\System\XCQTQqZ.exe

C:\Windows\System\FaxiSmu.exe

C:\Windows\System\FaxiSmu.exe

C:\Windows\System\tKOgJcQ.exe

C:\Windows\System\tKOgJcQ.exe

C:\Windows\System\dZcFvmt.exe

C:\Windows\System\dZcFvmt.exe

C:\Windows\System\FiSZtTb.exe

C:\Windows\System\FiSZtTb.exe

C:\Windows\System\GEFeqbx.exe

C:\Windows\System\GEFeqbx.exe

C:\Windows\System\LWyQbIN.exe

C:\Windows\System\LWyQbIN.exe

C:\Windows\System\sXZdkJA.exe

C:\Windows\System\sXZdkJA.exe

C:\Windows\System\vxKopmY.exe

C:\Windows\System\vxKopmY.exe

C:\Windows\System\sdDhUQm.exe

C:\Windows\System\sdDhUQm.exe

C:\Windows\System\toymheg.exe

C:\Windows\System\toymheg.exe

C:\Windows\System\YPTQDtA.exe

C:\Windows\System\YPTQDtA.exe

C:\Windows\System\pXvLCiq.exe

C:\Windows\System\pXvLCiq.exe

C:\Windows\System\BEVHOqV.exe

C:\Windows\System\BEVHOqV.exe

C:\Windows\System\WkUXPOG.exe

C:\Windows\System\WkUXPOG.exe

C:\Windows\System\DUgytWP.exe

C:\Windows\System\DUgytWP.exe

C:\Windows\System\umeKzsY.exe

C:\Windows\System\umeKzsY.exe

C:\Windows\System\EwnmWKg.exe

C:\Windows\System\EwnmWKg.exe

C:\Windows\System\TJZzHXd.exe

C:\Windows\System\TJZzHXd.exe

C:\Windows\System\JnNrzvs.exe

C:\Windows\System\JnNrzvs.exe

C:\Windows\System\tQZUlEB.exe

C:\Windows\System\tQZUlEB.exe

C:\Windows\System\IyOOpzd.exe

C:\Windows\System\IyOOpzd.exe

C:\Windows\System\AGCqklj.exe

C:\Windows\System\AGCqklj.exe

C:\Windows\System\LpvHKWy.exe

C:\Windows\System\LpvHKWy.exe

C:\Windows\System\VBAklBM.exe

C:\Windows\System\VBAklBM.exe

C:\Windows\System\skItXsE.exe

C:\Windows\System\skItXsE.exe

C:\Windows\System\CCyXzAK.exe

C:\Windows\System\CCyXzAK.exe

C:\Windows\System\nKxqmpu.exe

C:\Windows\System\nKxqmpu.exe

C:\Windows\System\VYlbwtl.exe

C:\Windows\System\VYlbwtl.exe

C:\Windows\System\NXIxIzk.exe

C:\Windows\System\NXIxIzk.exe

C:\Windows\System\vddELlC.exe

C:\Windows\System\vddELlC.exe

C:\Windows\System\wnYogCU.exe

C:\Windows\System\wnYogCU.exe

C:\Windows\System\NeWWlaw.exe

C:\Windows\System\NeWWlaw.exe

C:\Windows\System\DhZjeGf.exe

C:\Windows\System\DhZjeGf.exe

C:\Windows\System\PsMCJzt.exe

C:\Windows\System\PsMCJzt.exe

C:\Windows\System\ZWKlxeZ.exe

C:\Windows\System\ZWKlxeZ.exe

C:\Windows\System\lUSgBiW.exe

C:\Windows\System\lUSgBiW.exe

C:\Windows\System\eyIUSzl.exe

C:\Windows\System\eyIUSzl.exe

C:\Windows\System\ocYNTFu.exe

C:\Windows\System\ocYNTFu.exe

C:\Windows\System\bgupstI.exe

C:\Windows\System\bgupstI.exe

C:\Windows\System\NJsGXAd.exe

C:\Windows\System\NJsGXAd.exe

C:\Windows\System\yYvtdMo.exe

C:\Windows\System\yYvtdMo.exe

C:\Windows\System\oSQIhej.exe

C:\Windows\System\oSQIhej.exe

C:\Windows\System\TFuGkLM.exe

C:\Windows\System\TFuGkLM.exe

C:\Windows\System\zERuCxs.exe

C:\Windows\System\zERuCxs.exe

C:\Windows\System\MkOvket.exe

C:\Windows\System\MkOvket.exe

C:\Windows\System\aocMdRC.exe

C:\Windows\System\aocMdRC.exe

C:\Windows\System\gonovrX.exe

C:\Windows\System\gonovrX.exe

C:\Windows\System\ovyDZxM.exe

C:\Windows\System\ovyDZxM.exe

C:\Windows\System\EoJEzgU.exe

C:\Windows\System\EoJEzgU.exe

C:\Windows\System\LkSrhms.exe

C:\Windows\System\LkSrhms.exe

C:\Windows\System\xDghQGU.exe

C:\Windows\System\xDghQGU.exe

C:\Windows\System\auFzGkr.exe

C:\Windows\System\auFzGkr.exe

C:\Windows\System\NJxTqZb.exe

C:\Windows\System\NJxTqZb.exe

C:\Windows\System\qVxHLMh.exe

C:\Windows\System\qVxHLMh.exe

C:\Windows\System\cLMOJgi.exe

C:\Windows\System\cLMOJgi.exe

C:\Windows\System\kJigJnr.exe

C:\Windows\System\kJigJnr.exe

C:\Windows\System\LedhBJB.exe

C:\Windows\System\LedhBJB.exe

C:\Windows\System\SzgOukM.exe

C:\Windows\System\SzgOukM.exe

C:\Windows\System\jRpNGQa.exe

C:\Windows\System\jRpNGQa.exe

C:\Windows\System\KzjjVxh.exe

C:\Windows\System\KzjjVxh.exe

C:\Windows\System\UKAlsOW.exe

C:\Windows\System\UKAlsOW.exe

C:\Windows\System\jKdGCVV.exe

C:\Windows\System\jKdGCVV.exe

C:\Windows\System\pteRQgG.exe

C:\Windows\System\pteRQgG.exe

C:\Windows\System\myzwzKb.exe

C:\Windows\System\myzwzKb.exe

C:\Windows\System\EDMISno.exe

C:\Windows\System\EDMISno.exe

C:\Windows\System\pYNNSbQ.exe

C:\Windows\System\pYNNSbQ.exe

C:\Windows\System\jlProZa.exe

C:\Windows\System\jlProZa.exe

C:\Windows\System\QZNtreX.exe

C:\Windows\System\QZNtreX.exe

C:\Windows\System\jdVLgqk.exe

C:\Windows\System\jdVLgqk.exe

C:\Windows\System\cxWboVp.exe

C:\Windows\System\cxWboVp.exe

C:\Windows\System\rlIjUas.exe

C:\Windows\System\rlIjUas.exe

C:\Windows\System\FgRDoqF.exe

C:\Windows\System\FgRDoqF.exe

C:\Windows\System\AtmXvgI.exe

C:\Windows\System\AtmXvgI.exe

C:\Windows\System\CvDohCo.exe

C:\Windows\System\CvDohCo.exe

C:\Windows\System\GWsumcy.exe

C:\Windows\System\GWsumcy.exe

C:\Windows\System\HDOGGOe.exe

C:\Windows\System\HDOGGOe.exe

C:\Windows\System\mtogNsX.exe

C:\Windows\System\mtogNsX.exe

C:\Windows\System\SMlxJsI.exe

C:\Windows\System\SMlxJsI.exe

C:\Windows\System\CwhhfoU.exe

C:\Windows\System\CwhhfoU.exe

C:\Windows\System\bifZqAH.exe

C:\Windows\System\bifZqAH.exe

C:\Windows\System\aJevQXs.exe

C:\Windows\System\aJevQXs.exe

C:\Windows\System\wZByjNQ.exe

C:\Windows\System\wZByjNQ.exe

C:\Windows\System\COvfXKn.exe

C:\Windows\System\COvfXKn.exe

C:\Windows\System\rpaZLWh.exe

C:\Windows\System\rpaZLWh.exe

C:\Windows\System\NJKgdHm.exe

C:\Windows\System\NJKgdHm.exe

C:\Windows\System\xUegJnH.exe

C:\Windows\System\xUegJnH.exe

C:\Windows\System\UUyFnwI.exe

C:\Windows\System\UUyFnwI.exe

C:\Windows\System\jLkpMMk.exe

C:\Windows\System\jLkpMMk.exe

C:\Windows\System\WiuRPLi.exe

C:\Windows\System\WiuRPLi.exe

C:\Windows\System\cQowLsj.exe

C:\Windows\System\cQowLsj.exe

C:\Windows\System\FFeUEMr.exe

C:\Windows\System\FFeUEMr.exe

C:\Windows\System\AFhCkOI.exe

C:\Windows\System\AFhCkOI.exe

C:\Windows\System\oAmhoOn.exe

C:\Windows\System\oAmhoOn.exe

C:\Windows\System\plceZgc.exe

C:\Windows\System\plceZgc.exe

C:\Windows\System\nMpIQKT.exe

C:\Windows\System\nMpIQKT.exe

C:\Windows\System\SjXNCMB.exe

C:\Windows\System\SjXNCMB.exe

C:\Windows\System\FqFozZb.exe

C:\Windows\System\FqFozZb.exe

C:\Windows\System\mpbsuZJ.exe

C:\Windows\System\mpbsuZJ.exe

C:\Windows\System\zehqkTo.exe

C:\Windows\System\zehqkTo.exe

C:\Windows\System\XJzASoF.exe

C:\Windows\System\XJzASoF.exe

C:\Windows\System\QAWVCUW.exe

C:\Windows\System\QAWVCUW.exe

C:\Windows\System\DFWREhC.exe

C:\Windows\System\DFWREhC.exe

C:\Windows\System\UqJxkSZ.exe

C:\Windows\System\UqJxkSZ.exe

C:\Windows\System\PHuGScK.exe

C:\Windows\System\PHuGScK.exe

C:\Windows\System\dOdIDgJ.exe

C:\Windows\System\dOdIDgJ.exe

C:\Windows\System\ueOdLcd.exe

C:\Windows\System\ueOdLcd.exe

C:\Windows\System\vThhGEe.exe

C:\Windows\System\vThhGEe.exe

C:\Windows\System\lxhfIyd.exe

C:\Windows\System\lxhfIyd.exe

C:\Windows\System\vvhZzAz.exe

C:\Windows\System\vvhZzAz.exe

C:\Windows\System\jQiEJIt.exe

C:\Windows\System\jQiEJIt.exe

C:\Windows\System\EUJSQfW.exe

C:\Windows\System\EUJSQfW.exe

C:\Windows\System\GAZdjHl.exe

C:\Windows\System\GAZdjHl.exe

C:\Windows\System\KIBrBpx.exe

C:\Windows\System\KIBrBpx.exe

C:\Windows\System\iLZoJwz.exe

C:\Windows\System\iLZoJwz.exe

C:\Windows\System\WyqEsmc.exe

C:\Windows\System\WyqEsmc.exe

C:\Windows\System\FBksvAv.exe

C:\Windows\System\FBksvAv.exe

C:\Windows\System\LVKVpXX.exe

C:\Windows\System\LVKVpXX.exe

C:\Windows\System\NBESegQ.exe

C:\Windows\System\NBESegQ.exe

C:\Windows\System\YRuJbag.exe

C:\Windows\System\YRuJbag.exe

C:\Windows\System\GqFGsaf.exe

C:\Windows\System\GqFGsaf.exe

C:\Windows\System\XKFyozL.exe

C:\Windows\System\XKFyozL.exe

C:\Windows\System\eyDZYOb.exe

C:\Windows\System\eyDZYOb.exe

C:\Windows\System\AasHTCb.exe

C:\Windows\System\AasHTCb.exe

C:\Windows\System\xUzMCAC.exe

C:\Windows\System\xUzMCAC.exe

C:\Windows\System\OZmbsVV.exe

C:\Windows\System\OZmbsVV.exe

C:\Windows\System\BeJvZqA.exe

C:\Windows\System\BeJvZqA.exe

C:\Windows\System\hPoADyH.exe

C:\Windows\System\hPoADyH.exe

C:\Windows\System\YItnLvr.exe

C:\Windows\System\YItnLvr.exe

C:\Windows\System\bkVzAnx.exe

C:\Windows\System\bkVzAnx.exe

C:\Windows\System\LTYYkiV.exe

C:\Windows\System\LTYYkiV.exe

C:\Windows\System\VxKBlve.exe

C:\Windows\System\VxKBlve.exe

C:\Windows\System\wcUZGSm.exe

C:\Windows\System\wcUZGSm.exe

C:\Windows\System\roogvAs.exe

C:\Windows\System\roogvAs.exe

C:\Windows\System\ucOsQQl.exe

C:\Windows\System\ucOsQQl.exe

C:\Windows\System\rZLNYWC.exe

C:\Windows\System\rZLNYWC.exe

C:\Windows\System\aVyBEJj.exe

C:\Windows\System\aVyBEJj.exe

C:\Windows\System\hNvvkrQ.exe

C:\Windows\System\hNvvkrQ.exe

C:\Windows\System\KnaYUBd.exe

C:\Windows\System\KnaYUBd.exe

C:\Windows\System\EOmaAhU.exe

C:\Windows\System\EOmaAhU.exe

C:\Windows\System\JkKlRoZ.exe

C:\Windows\System\JkKlRoZ.exe

C:\Windows\System\kCeafBG.exe

C:\Windows\System\kCeafBG.exe

C:\Windows\System\AfkTmMB.exe

C:\Windows\System\AfkTmMB.exe

C:\Windows\System\ERxPWiK.exe

C:\Windows\System\ERxPWiK.exe

C:\Windows\System\WnzDOFS.exe

C:\Windows\System\WnzDOFS.exe

C:\Windows\System\UwKUnaf.exe

C:\Windows\System\UwKUnaf.exe

C:\Windows\System\LzssfTU.exe

C:\Windows\System\LzssfTU.exe

C:\Windows\System\PtawwGM.exe

C:\Windows\System\PtawwGM.exe

C:\Windows\System\xiovPRZ.exe

C:\Windows\System\xiovPRZ.exe

C:\Windows\System\AddhZMh.exe

C:\Windows\System\AddhZMh.exe

C:\Windows\System\qPfUHWi.exe

C:\Windows\System\qPfUHWi.exe

C:\Windows\System\XAPGgqH.exe

C:\Windows\System\XAPGgqH.exe

C:\Windows\System\ESqEaut.exe

C:\Windows\System\ESqEaut.exe

C:\Windows\System\BjtOYUU.exe

C:\Windows\System\BjtOYUU.exe

C:\Windows\System\tIVSyAI.exe

C:\Windows\System\tIVSyAI.exe

C:\Windows\System\LcgKVBz.exe

C:\Windows\System\LcgKVBz.exe

C:\Windows\System\nTeOziO.exe

C:\Windows\System\nTeOziO.exe

C:\Windows\System\ZqLHncv.exe

C:\Windows\System\ZqLHncv.exe

C:\Windows\System\vNkdtaV.exe

C:\Windows\System\vNkdtaV.exe

C:\Windows\System\UrsKNGj.exe

C:\Windows\System\UrsKNGj.exe

C:\Windows\System\kObEMaz.exe

C:\Windows\System\kObEMaz.exe

C:\Windows\System\AyCWnhq.exe

C:\Windows\System\AyCWnhq.exe

C:\Windows\System\QfEFHoG.exe

C:\Windows\System\QfEFHoG.exe

C:\Windows\System\xyqyNdR.exe

C:\Windows\System\xyqyNdR.exe

C:\Windows\System\BKwAgjw.exe

C:\Windows\System\BKwAgjw.exe

C:\Windows\System\VfaVyEV.exe

C:\Windows\System\VfaVyEV.exe

C:\Windows\System\rdiJnae.exe

C:\Windows\System\rdiJnae.exe

C:\Windows\System\sFbzIOr.exe

C:\Windows\System\sFbzIOr.exe

C:\Windows\System\iDMNGLA.exe

C:\Windows\System\iDMNGLA.exe

C:\Windows\System\szsMnpV.exe

C:\Windows\System\szsMnpV.exe

C:\Windows\System\uTXdsep.exe

C:\Windows\System\uTXdsep.exe

C:\Windows\System\kPWNjEL.exe

C:\Windows\System\kPWNjEL.exe

C:\Windows\System\XhtxrcV.exe

C:\Windows\System\XhtxrcV.exe

C:\Windows\System\JDvJyhq.exe

C:\Windows\System\JDvJyhq.exe

C:\Windows\System\wDtNHRY.exe

C:\Windows\System\wDtNHRY.exe

C:\Windows\System\SaPbRzP.exe

C:\Windows\System\SaPbRzP.exe

C:\Windows\System\qOfWsRP.exe

C:\Windows\System\qOfWsRP.exe

C:\Windows\System\QbJuORq.exe

C:\Windows\System\QbJuORq.exe

C:\Windows\System\wfYKuRE.exe

C:\Windows\System\wfYKuRE.exe

C:\Windows\System\rwVnfzf.exe

C:\Windows\System\rwVnfzf.exe

C:\Windows\System\pQQCSqr.exe

C:\Windows\System\pQQCSqr.exe

C:\Windows\System\fmCdzBU.exe

C:\Windows\System\fmCdzBU.exe

C:\Windows\System\saDOseb.exe

C:\Windows\System\saDOseb.exe

C:\Windows\System\OJIvMXj.exe

C:\Windows\System\OJIvMXj.exe

C:\Windows\System\isDjjMR.exe

C:\Windows\System\isDjjMR.exe

C:\Windows\System\AdryYvk.exe

C:\Windows\System\AdryYvk.exe

C:\Windows\System\EaODBrL.exe

C:\Windows\System\EaODBrL.exe

C:\Windows\System\EXNeuqX.exe

C:\Windows\System\EXNeuqX.exe

C:\Windows\System\ctBeWge.exe

C:\Windows\System\ctBeWge.exe

C:\Windows\System\mqeLjbd.exe

C:\Windows\System\mqeLjbd.exe

C:\Windows\System\bqlYSQW.exe

C:\Windows\System\bqlYSQW.exe

C:\Windows\System\niFOqIm.exe

C:\Windows\System\niFOqIm.exe

C:\Windows\System\AIzAiPP.exe

C:\Windows\System\AIzAiPP.exe

C:\Windows\System\qhHDAEW.exe

C:\Windows\System\qhHDAEW.exe

C:\Windows\System\kARTVAL.exe

C:\Windows\System\kARTVAL.exe

C:\Windows\System\XFzVnKp.exe

C:\Windows\System\XFzVnKp.exe

C:\Windows\System\IvYCrgs.exe

C:\Windows\System\IvYCrgs.exe

C:\Windows\System\EtOXdyC.exe

C:\Windows\System\EtOXdyC.exe

C:\Windows\System\bSIlOMY.exe

C:\Windows\System\bSIlOMY.exe

C:\Windows\System\uvtoAaR.exe

C:\Windows\System\uvtoAaR.exe

C:\Windows\System\gEjRUUK.exe

C:\Windows\System\gEjRUUK.exe

C:\Windows\System\GUFLnHk.exe

C:\Windows\System\GUFLnHk.exe

C:\Windows\System\XttfEZo.exe

C:\Windows\System\XttfEZo.exe

C:\Windows\System\asRuoHM.exe

C:\Windows\System\asRuoHM.exe

C:\Windows\System\UXKBGUi.exe

C:\Windows\System\UXKBGUi.exe

C:\Windows\System\RCvQWjV.exe

C:\Windows\System\RCvQWjV.exe

C:\Windows\System\leseZel.exe

C:\Windows\System\leseZel.exe

C:\Windows\System\bEoLIAV.exe

C:\Windows\System\bEoLIAV.exe

C:\Windows\System\DvnDFFz.exe

C:\Windows\System\DvnDFFz.exe

C:\Windows\System\aMLCNeZ.exe

C:\Windows\System\aMLCNeZ.exe

C:\Windows\System\ovOQMcR.exe

C:\Windows\System\ovOQMcR.exe

C:\Windows\System\MMyVEwJ.exe

C:\Windows\System\MMyVEwJ.exe

C:\Windows\System\HXOZdJA.exe

C:\Windows\System\HXOZdJA.exe

C:\Windows\System\lvHdCEI.exe

C:\Windows\System\lvHdCEI.exe

C:\Windows\System\EhJYwTb.exe

C:\Windows\System\EhJYwTb.exe

C:\Windows\System\EvYNqjz.exe

C:\Windows\System\EvYNqjz.exe

C:\Windows\System\oTXilsz.exe

C:\Windows\System\oTXilsz.exe

C:\Windows\System\AMZXUDw.exe

C:\Windows\System\AMZXUDw.exe

C:\Windows\System\kZpkinv.exe

C:\Windows\System\kZpkinv.exe

C:\Windows\System\ZzMVLwe.exe

C:\Windows\System\ZzMVLwe.exe

C:\Windows\System\ijoWjfw.exe

C:\Windows\System\ijoWjfw.exe

C:\Windows\System\kiPxrCg.exe

C:\Windows\System\kiPxrCg.exe

C:\Windows\System\ZBxIwph.exe

C:\Windows\System\ZBxIwph.exe

C:\Windows\System\TLznpps.exe

C:\Windows\System\TLznpps.exe

C:\Windows\System\FvGVVcG.exe

C:\Windows\System\FvGVVcG.exe

C:\Windows\System\jvNYsDI.exe

C:\Windows\System\jvNYsDI.exe

C:\Windows\System\PvtZBCV.exe

C:\Windows\System\PvtZBCV.exe

C:\Windows\System\vVXUZhm.exe

C:\Windows\System\vVXUZhm.exe

C:\Windows\System\HLEuQUt.exe

C:\Windows\System\HLEuQUt.exe

C:\Windows\System\kkWLjcl.exe

C:\Windows\System\kkWLjcl.exe

C:\Windows\System\ilWeEqs.exe

C:\Windows\System\ilWeEqs.exe

C:\Windows\System\tldkNaC.exe

C:\Windows\System\tldkNaC.exe

C:\Windows\System\ccEHqCw.exe

C:\Windows\System\ccEHqCw.exe

C:\Windows\System\jgggBMs.exe

C:\Windows\System\jgggBMs.exe

C:\Windows\System\NGDXqPe.exe

C:\Windows\System\NGDXqPe.exe

C:\Windows\System\gIsFONT.exe

C:\Windows\System\gIsFONT.exe

C:\Windows\System\SMiDSps.exe

C:\Windows\System\SMiDSps.exe

C:\Windows\System\higoAOL.exe

C:\Windows\System\higoAOL.exe

C:\Windows\System\laaPnXx.exe

C:\Windows\System\laaPnXx.exe

C:\Windows\System\vuUPhWx.exe

C:\Windows\System\vuUPhWx.exe

C:\Windows\System\dCwyiDj.exe

C:\Windows\System\dCwyiDj.exe

C:\Windows\System\WWTSYme.exe

C:\Windows\System\WWTSYme.exe

C:\Windows\System\hZmoumu.exe

C:\Windows\System\hZmoumu.exe

C:\Windows\System\IvWeEWt.exe

C:\Windows\System\IvWeEWt.exe

C:\Windows\System\xGWwHxF.exe

C:\Windows\System\xGWwHxF.exe

C:\Windows\System\eMqEyze.exe

C:\Windows\System\eMqEyze.exe

C:\Windows\System\kNIGrOQ.exe

C:\Windows\System\kNIGrOQ.exe

C:\Windows\System\iSoImMk.exe

C:\Windows\System\iSoImMk.exe

C:\Windows\System\xEAWeqs.exe

C:\Windows\System\xEAWeqs.exe

C:\Windows\System\tYRobQE.exe

C:\Windows\System\tYRobQE.exe

C:\Windows\System\UssonwI.exe

C:\Windows\System\UssonwI.exe

C:\Windows\System\ooPFDXu.exe

C:\Windows\System\ooPFDXu.exe

C:\Windows\System\cabkbmN.exe

C:\Windows\System\cabkbmN.exe

C:\Windows\System\AlulfBP.exe

C:\Windows\System\AlulfBP.exe

C:\Windows\System\hmTtaQU.exe

C:\Windows\System\hmTtaQU.exe

C:\Windows\System\oHiiole.exe

C:\Windows\System\oHiiole.exe

C:\Windows\System\JFcNGOx.exe

C:\Windows\System\JFcNGOx.exe

C:\Windows\System\dxGgqat.exe

C:\Windows\System\dxGgqat.exe

C:\Windows\System\eDGUzOq.exe

C:\Windows\System\eDGUzOq.exe

C:\Windows\System\twZUDij.exe

C:\Windows\System\twZUDij.exe

C:\Windows\System\IBCAzYB.exe

C:\Windows\System\IBCAzYB.exe

C:\Windows\System\QnPEEcM.exe

C:\Windows\System\QnPEEcM.exe

C:\Windows\System\FYLCuiK.exe

C:\Windows\System\FYLCuiK.exe

C:\Windows\System\WHqHFSo.exe

C:\Windows\System\WHqHFSo.exe

C:\Windows\System\xQLwITK.exe

C:\Windows\System\xQLwITK.exe

C:\Windows\System\CDAEZID.exe

C:\Windows\System\CDAEZID.exe

C:\Windows\System\zFCtsMD.exe

C:\Windows\System\zFCtsMD.exe

C:\Windows\System\NPduGnY.exe

C:\Windows\System\NPduGnY.exe

C:\Windows\System\ubsiBRv.exe

C:\Windows\System\ubsiBRv.exe

C:\Windows\System\Arwkhre.exe

C:\Windows\System\Arwkhre.exe

C:\Windows\System\KZMCiFE.exe

C:\Windows\System\KZMCiFE.exe

C:\Windows\System\pEuGzZx.exe

C:\Windows\System\pEuGzZx.exe

C:\Windows\System\jPxyFot.exe

C:\Windows\System\jPxyFot.exe

C:\Windows\System\MrNIlAr.exe

C:\Windows\System\MrNIlAr.exe

C:\Windows\System\PoDeAtf.exe

C:\Windows\System\PoDeAtf.exe

C:\Windows\System\xCvHSsR.exe

C:\Windows\System\xCvHSsR.exe

C:\Windows\System\lTKIdfW.exe

C:\Windows\System\lTKIdfW.exe

C:\Windows\System\teErHrl.exe

C:\Windows\System\teErHrl.exe

C:\Windows\System\dbEUCeE.exe

C:\Windows\System\dbEUCeE.exe

C:\Windows\System\XuYrngI.exe

C:\Windows\System\XuYrngI.exe

C:\Windows\System\hOouIeC.exe

C:\Windows\System\hOouIeC.exe

C:\Windows\System\DlbFiHA.exe

C:\Windows\System\DlbFiHA.exe

C:\Windows\System\dkhwSWu.exe

C:\Windows\System\dkhwSWu.exe

C:\Windows\System\EJcxnAR.exe

C:\Windows\System\EJcxnAR.exe

C:\Windows\System\FoDOeld.exe

C:\Windows\System\FoDOeld.exe

C:\Windows\System\mfmUbQq.exe

C:\Windows\System\mfmUbQq.exe

C:\Windows\System\ktrsNpQ.exe

C:\Windows\System\ktrsNpQ.exe

C:\Windows\System\UZlCiAP.exe

C:\Windows\System\UZlCiAP.exe

C:\Windows\System\YhkUbZW.exe

C:\Windows\System\YhkUbZW.exe

C:\Windows\System\zTIaLyV.exe

C:\Windows\System\zTIaLyV.exe

C:\Windows\System\RIVDOAp.exe

C:\Windows\System\RIVDOAp.exe

C:\Windows\System\hgaGOSF.exe

C:\Windows\System\hgaGOSF.exe

C:\Windows\System\tzUonvG.exe

C:\Windows\System\tzUonvG.exe

C:\Windows\System\lvVYAHi.exe

C:\Windows\System\lvVYAHi.exe

C:\Windows\System\qNEYrbG.exe

C:\Windows\System\qNEYrbG.exe

C:\Windows\System\Nspcdyj.exe

C:\Windows\System\Nspcdyj.exe

C:\Windows\System\wTDfOdw.exe

C:\Windows\System\wTDfOdw.exe

C:\Windows\System\plGlaUL.exe

C:\Windows\System\plGlaUL.exe

C:\Windows\System\iGWoQIE.exe

C:\Windows\System\iGWoQIE.exe

C:\Windows\System\IszebwD.exe

C:\Windows\System\IszebwD.exe

C:\Windows\System\UAxaqvr.exe

C:\Windows\System\UAxaqvr.exe

C:\Windows\System\ftctvHQ.exe

C:\Windows\System\ftctvHQ.exe

C:\Windows\System\PwjdlTu.exe

C:\Windows\System\PwjdlTu.exe

C:\Windows\System\qvThetz.exe

C:\Windows\System\qvThetz.exe

C:\Windows\System\hjYYXYT.exe

C:\Windows\System\hjYYXYT.exe

C:\Windows\System\ohGvBdN.exe

C:\Windows\System\ohGvBdN.exe

C:\Windows\System\vhrHbbV.exe

C:\Windows\System\vhrHbbV.exe

C:\Windows\System\RRAGLrH.exe

C:\Windows\System\RRAGLrH.exe

C:\Windows\System\ZUQrqmL.exe

C:\Windows\System\ZUQrqmL.exe

C:\Windows\System\eRkqUst.exe

C:\Windows\System\eRkqUst.exe

C:\Windows\System\nBqnZTM.exe

C:\Windows\System\nBqnZTM.exe

C:\Windows\System\owvXTdm.exe

C:\Windows\System\owvXTdm.exe

C:\Windows\System\tdMcdQD.exe

C:\Windows\System\tdMcdQD.exe

C:\Windows\System\aLlugbj.exe

C:\Windows\System\aLlugbj.exe

C:\Windows\System\KMBYxVy.exe

C:\Windows\System\KMBYxVy.exe

C:\Windows\System\JEXBrqg.exe

C:\Windows\System\JEXBrqg.exe

C:\Windows\System\raXTPpb.exe

C:\Windows\System\raXTPpb.exe

C:\Windows\System\ZhtCXfS.exe

C:\Windows\System\ZhtCXfS.exe

C:\Windows\System\wtWIIdw.exe

C:\Windows\System\wtWIIdw.exe

C:\Windows\System\WOVdPyf.exe

C:\Windows\System\WOVdPyf.exe

C:\Windows\System\ZEgYKOY.exe

C:\Windows\System\ZEgYKOY.exe

C:\Windows\System\somJbLQ.exe

C:\Windows\System\somJbLQ.exe

C:\Windows\System\XbpDQPi.exe

C:\Windows\System\XbpDQPi.exe

C:\Windows\System\HDkdqws.exe

C:\Windows\System\HDkdqws.exe

C:\Windows\System\wjNCdpJ.exe

C:\Windows\System\wjNCdpJ.exe

C:\Windows\System\KiYlDZE.exe

C:\Windows\System\KiYlDZE.exe

C:\Windows\System\mZnMRWc.exe

C:\Windows\System\mZnMRWc.exe

C:\Windows\System\NAucWKx.exe

C:\Windows\System\NAucWKx.exe

C:\Windows\System\YeutQGX.exe

C:\Windows\System\YeutQGX.exe

C:\Windows\System\bdkZAfV.exe

C:\Windows\System\bdkZAfV.exe

C:\Windows\System\hefhArg.exe

C:\Windows\System\hefhArg.exe

C:\Windows\System\LpbzCIr.exe

C:\Windows\System\LpbzCIr.exe

C:\Windows\System\ouQXHkH.exe

C:\Windows\System\ouQXHkH.exe

C:\Windows\System\xljnIEQ.exe

C:\Windows\System\xljnIEQ.exe

C:\Windows\System\Lrybydr.exe

C:\Windows\System\Lrybydr.exe

C:\Windows\System\JbXIKmr.exe

C:\Windows\System\JbXIKmr.exe

C:\Windows\System\YhToprg.exe

C:\Windows\System\YhToprg.exe

C:\Windows\System\SapUPwn.exe

C:\Windows\System\SapUPwn.exe

C:\Windows\System\smMPxtu.exe

C:\Windows\System\smMPxtu.exe

C:\Windows\System\azlVOyQ.exe

C:\Windows\System\azlVOyQ.exe

C:\Windows\System\LLfPTrH.exe

C:\Windows\System\LLfPTrH.exe

C:\Windows\System\OYsIvGn.exe

C:\Windows\System\OYsIvGn.exe

C:\Windows\System\vMxujGY.exe

C:\Windows\System\vMxujGY.exe

C:\Windows\System\lgXQpga.exe

C:\Windows\System\lgXQpga.exe

C:\Windows\System\YiQlvfn.exe

C:\Windows\System\YiQlvfn.exe

C:\Windows\System\eatoSYi.exe

C:\Windows\System\eatoSYi.exe

C:\Windows\System\JhrDyNj.exe

C:\Windows\System\JhrDyNj.exe

C:\Windows\System\GPahSmT.exe

C:\Windows\System\GPahSmT.exe

C:\Windows\System\lwgLKaY.exe

C:\Windows\System\lwgLKaY.exe

C:\Windows\System\ludPvJy.exe

C:\Windows\System\ludPvJy.exe

C:\Windows\System\ecGMTLq.exe

C:\Windows\System\ecGMTLq.exe

C:\Windows\System\QJihrnf.exe

C:\Windows\System\QJihrnf.exe

C:\Windows\System\hcSXJPH.exe

C:\Windows\System\hcSXJPH.exe

C:\Windows\System\iCFKlzW.exe

C:\Windows\System\iCFKlzW.exe

C:\Windows\System\dfJYcxx.exe

C:\Windows\System\dfJYcxx.exe

C:\Windows\System\QrRtWJE.exe

C:\Windows\System\QrRtWJE.exe

C:\Windows\System\jrJOADG.exe

C:\Windows\System\jrJOADG.exe

C:\Windows\System\AwPHImZ.exe

C:\Windows\System\AwPHImZ.exe

C:\Windows\System\ecmaMZX.exe

C:\Windows\System\ecmaMZX.exe

C:\Windows\System\DTZGWZI.exe

C:\Windows\System\DTZGWZI.exe

C:\Windows\System\msKiCnm.exe

C:\Windows\System\msKiCnm.exe

C:\Windows\System\xJlHkic.exe

C:\Windows\System\xJlHkic.exe

C:\Windows\System\MVRXGMn.exe

C:\Windows\System\MVRXGMn.exe

C:\Windows\System\BQvjGIN.exe

C:\Windows\System\BQvjGIN.exe

C:\Windows\System\LbxFwrU.exe

C:\Windows\System\LbxFwrU.exe

C:\Windows\System\DXvJWvj.exe

C:\Windows\System\DXvJWvj.exe

C:\Windows\System\wWWElgO.exe

C:\Windows\System\wWWElgO.exe

C:\Windows\System\rKSOvXX.exe

C:\Windows\System\rKSOvXX.exe

C:\Windows\System\TaXxphd.exe

C:\Windows\System\TaXxphd.exe

C:\Windows\System\KYqNkOH.exe

C:\Windows\System\KYqNkOH.exe

C:\Windows\System\LXvuETd.exe

C:\Windows\System\LXvuETd.exe

C:\Windows\System\HiPzYVY.exe

C:\Windows\System\HiPzYVY.exe

C:\Windows\System\CSMrIln.exe

C:\Windows\System\CSMrIln.exe

C:\Windows\System\RHuObRC.exe

C:\Windows\System\RHuObRC.exe

C:\Windows\System\PAxJJqM.exe

C:\Windows\System\PAxJJqM.exe

C:\Windows\System\VVOBttV.exe

C:\Windows\System\VVOBttV.exe

C:\Windows\System\TgrAYlZ.exe

C:\Windows\System\TgrAYlZ.exe

C:\Windows\System\HpmBTjx.exe

C:\Windows\System\HpmBTjx.exe

C:\Windows\System\WyFiHNR.exe

C:\Windows\System\WyFiHNR.exe

C:\Windows\System\lcfeAHB.exe

C:\Windows\System\lcfeAHB.exe

C:\Windows\System\vSInRGQ.exe

C:\Windows\System\vSInRGQ.exe

C:\Windows\System\LLjCHkW.exe

C:\Windows\System\LLjCHkW.exe

C:\Windows\System\ykdyIcQ.exe

C:\Windows\System\ykdyIcQ.exe

C:\Windows\System\GCEKKGx.exe

C:\Windows\System\GCEKKGx.exe

C:\Windows\System\bxDJFco.exe

C:\Windows\System\bxDJFco.exe

C:\Windows\System\AcceVUG.exe

C:\Windows\System\AcceVUG.exe

C:\Windows\System\StYiucb.exe

C:\Windows\System\StYiucb.exe

C:\Windows\System\GpMuugx.exe

C:\Windows\System\GpMuugx.exe

C:\Windows\System\dRBRhUZ.exe

C:\Windows\System\dRBRhUZ.exe

C:\Windows\System\GszQxOF.exe

C:\Windows\System\GszQxOF.exe

C:\Windows\System\oWxzJEI.exe

C:\Windows\System\oWxzJEI.exe

C:\Windows\System\ermTiJb.exe

C:\Windows\System\ermTiJb.exe

C:\Windows\System\VdkNowN.exe

C:\Windows\System\VdkNowN.exe

C:\Windows\System\tYdnykK.exe

C:\Windows\System\tYdnykK.exe

C:\Windows\System\VpjkElh.exe

C:\Windows\System\VpjkElh.exe

C:\Windows\System\uqdtwvl.exe

C:\Windows\System\uqdtwvl.exe

C:\Windows\System\zNAsmEm.exe

C:\Windows\System\zNAsmEm.exe

C:\Windows\System\MaChnwU.exe

C:\Windows\System\MaChnwU.exe

C:\Windows\System\ZtGwzIw.exe

C:\Windows\System\ZtGwzIw.exe

C:\Windows\System\rGckdGB.exe

C:\Windows\System\rGckdGB.exe

C:\Windows\System\PVsoBCc.exe

C:\Windows\System\PVsoBCc.exe

C:\Windows\System\FwFnvdX.exe

C:\Windows\System\FwFnvdX.exe

C:\Windows\System\kPLXCVD.exe

C:\Windows\System\kPLXCVD.exe

C:\Windows\System\DRxAwBa.exe

C:\Windows\System\DRxAwBa.exe

C:\Windows\System\lKdjYJz.exe

C:\Windows\System\lKdjYJz.exe

C:\Windows\System\yaHwIlS.exe

C:\Windows\System\yaHwIlS.exe

C:\Windows\System\Rpacuoc.exe

C:\Windows\System\Rpacuoc.exe

C:\Windows\System\EfhzHoF.exe

C:\Windows\System\EfhzHoF.exe

C:\Windows\System\yUPDCEQ.exe

C:\Windows\System\yUPDCEQ.exe

C:\Windows\System\NuAfovI.exe

C:\Windows\System\NuAfovI.exe

C:\Windows\System\WXNBeXx.exe

C:\Windows\System\WXNBeXx.exe

C:\Windows\System\lxBWyer.exe

C:\Windows\System\lxBWyer.exe

C:\Windows\System\ZbJVxLv.exe

C:\Windows\System\ZbJVxLv.exe

C:\Windows\System\jbCMbOy.exe

C:\Windows\System\jbCMbOy.exe

C:\Windows\System\tiDugzL.exe

C:\Windows\System\tiDugzL.exe

C:\Windows\System\tCXVwhn.exe

C:\Windows\System\tCXVwhn.exe

C:\Windows\System\IWOTDfm.exe

C:\Windows\System\IWOTDfm.exe

C:\Windows\System\NRbegWl.exe

C:\Windows\System\NRbegWl.exe

C:\Windows\System\PwrMOKL.exe

C:\Windows\System\PwrMOKL.exe

C:\Windows\System\OtiUXdO.exe

C:\Windows\System\OtiUXdO.exe

C:\Windows\System\VaLOHdx.exe

C:\Windows\System\VaLOHdx.exe

C:\Windows\System\FOsOdBA.exe

C:\Windows\System\FOsOdBA.exe

C:\Windows\System\KLelohD.exe

C:\Windows\System\KLelohD.exe

C:\Windows\System\bBUXTkj.exe

C:\Windows\System\bBUXTkj.exe

C:\Windows\System\ueAPmlF.exe

C:\Windows\System\ueAPmlF.exe

C:\Windows\System\sRYJFGF.exe

C:\Windows\System\sRYJFGF.exe

C:\Windows\System\lsuyQEf.exe

C:\Windows\System\lsuyQEf.exe

C:\Windows\System\GQQJPGX.exe

C:\Windows\System\GQQJPGX.exe

C:\Windows\System\dtRxgIN.exe

C:\Windows\System\dtRxgIN.exe

C:\Windows\System\JCBgSHP.exe

C:\Windows\System\JCBgSHP.exe

C:\Windows\System\mnmHQAh.exe

C:\Windows\System\mnmHQAh.exe

C:\Windows\System\yrIBkFs.exe

C:\Windows\System\yrIBkFs.exe

C:\Windows\System\IfZdjmb.exe

C:\Windows\System\IfZdjmb.exe

C:\Windows\System\hWbrVkU.exe

C:\Windows\System\hWbrVkU.exe

C:\Windows\System\mOufFfu.exe

C:\Windows\System\mOufFfu.exe

C:\Windows\System\EbTdTFT.exe

C:\Windows\System\EbTdTFT.exe

C:\Windows\System\yvUnHdj.exe

C:\Windows\System\yvUnHdj.exe

C:\Windows\System\hyfdueo.exe

C:\Windows\System\hyfdueo.exe

C:\Windows\System\rblzjDT.exe

C:\Windows\System\rblzjDT.exe

C:\Windows\System\PTgFbVV.exe

C:\Windows\System\PTgFbVV.exe

C:\Windows\System\YRejviX.exe

C:\Windows\System\YRejviX.exe

C:\Windows\System\MHARQBv.exe

C:\Windows\System\MHARQBv.exe

C:\Windows\System\pJAjZxe.exe

C:\Windows\System\pJAjZxe.exe

C:\Windows\System\eXIvYOi.exe

C:\Windows\System\eXIvYOi.exe

C:\Windows\System\WFaPhBd.exe

C:\Windows\System\WFaPhBd.exe

C:\Windows\System\QKUREhz.exe

C:\Windows\System\QKUREhz.exe

C:\Windows\System\BTyyOwn.exe

C:\Windows\System\BTyyOwn.exe

C:\Windows\System\dceiNSZ.exe

C:\Windows\System\dceiNSZ.exe

C:\Windows\System\TfVpdTB.exe

C:\Windows\System\TfVpdTB.exe

C:\Windows\System\DHWIeIz.exe

C:\Windows\System\DHWIeIz.exe

C:\Windows\System\bdqmAZV.exe

C:\Windows\System\bdqmAZV.exe

C:\Windows\System\AfSnFBA.exe

C:\Windows\System\AfSnFBA.exe

C:\Windows\System\ZOywStn.exe

C:\Windows\System\ZOywStn.exe

C:\Windows\System\YfSNwXf.exe

C:\Windows\System\YfSNwXf.exe

C:\Windows\System\CjfWYCE.exe

C:\Windows\System\CjfWYCE.exe

C:\Windows\System\xroBHcz.exe

C:\Windows\System\xroBHcz.exe

C:\Windows\System\AONAMRJ.exe

C:\Windows\System\AONAMRJ.exe

C:\Windows\System\qhjiRLe.exe

C:\Windows\System\qhjiRLe.exe

C:\Windows\System\rayBMTg.exe

C:\Windows\System\rayBMTg.exe

C:\Windows\System\wItzkUq.exe

C:\Windows\System\wItzkUq.exe

C:\Windows\System\iPtXjOc.exe

C:\Windows\System\iPtXjOc.exe

C:\Windows\System\pMgZukg.exe

C:\Windows\System\pMgZukg.exe

C:\Windows\System\fmWxPMh.exe

C:\Windows\System\fmWxPMh.exe

C:\Windows\System\boTfgGR.exe

C:\Windows\System\boTfgGR.exe

C:\Windows\System\ZXorxga.exe

C:\Windows\System\ZXorxga.exe

C:\Windows\System\niTkNcu.exe

C:\Windows\System\niTkNcu.exe

C:\Windows\System\tReWXFh.exe

C:\Windows\System\tReWXFh.exe

C:\Windows\System\Betogyf.exe

C:\Windows\System\Betogyf.exe

C:\Windows\System\kFhkacH.exe

C:\Windows\System\kFhkacH.exe

C:\Windows\System\vbWelsi.exe

C:\Windows\System\vbWelsi.exe

C:\Windows\System\zGFqjbW.exe

C:\Windows\System\zGFqjbW.exe

C:\Windows\System\SQSJBoe.exe

C:\Windows\System\SQSJBoe.exe

C:\Windows\System\qvJkGdv.exe

C:\Windows\System\qvJkGdv.exe

C:\Windows\System\sllekcl.exe

C:\Windows\System\sllekcl.exe

C:\Windows\System\eXCNqlg.exe

C:\Windows\System\eXCNqlg.exe

C:\Windows\System\Yyhclzj.exe

C:\Windows\System\Yyhclzj.exe

C:\Windows\System\wncEODN.exe

C:\Windows\System\wncEODN.exe

C:\Windows\System\mhnYQDc.exe

C:\Windows\System\mhnYQDc.exe

C:\Windows\System\XxEHLUo.exe

C:\Windows\System\XxEHLUo.exe

C:\Windows\System\tQeheLJ.exe

C:\Windows\System\tQeheLJ.exe

C:\Windows\System\ZJSPtTR.exe

C:\Windows\System\ZJSPtTR.exe

C:\Windows\System\NkeSiik.exe

C:\Windows\System\NkeSiik.exe

C:\Windows\System\LzUuoyO.exe

C:\Windows\System\LzUuoyO.exe

C:\Windows\System\YrwUvjD.exe

C:\Windows\System\YrwUvjD.exe

C:\Windows\System\YJfZAoj.exe

C:\Windows\System\YJfZAoj.exe

C:\Windows\System\UywWWfA.exe

C:\Windows\System\UywWWfA.exe

C:\Windows\System\aOPFhPm.exe

C:\Windows\System\aOPFhPm.exe

C:\Windows\System\hcKyYzX.exe

C:\Windows\System\hcKyYzX.exe

C:\Windows\System\oWwTGWZ.exe

C:\Windows\System\oWwTGWZ.exe

C:\Windows\System\nsRwwvx.exe

C:\Windows\System\nsRwwvx.exe

C:\Windows\System\oWfGacE.exe

C:\Windows\System\oWfGacE.exe

C:\Windows\System\CXaMaOr.exe

C:\Windows\System\CXaMaOr.exe

C:\Windows\System\AbHujrV.exe

C:\Windows\System\AbHujrV.exe

C:\Windows\System\xzGiNeT.exe

C:\Windows\System\xzGiNeT.exe

C:\Windows\System\sxWTIoT.exe

C:\Windows\System\sxWTIoT.exe

C:\Windows\System\vFhHKbb.exe

C:\Windows\System\vFhHKbb.exe

C:\Windows\System\vxfHdiT.exe

C:\Windows\System\vxfHdiT.exe

C:\Windows\System\gQhqpbk.exe

C:\Windows\System\gQhqpbk.exe

C:\Windows\System\GXEPuaI.exe

C:\Windows\System\GXEPuaI.exe

C:\Windows\System\eEYHILW.exe

C:\Windows\System\eEYHILW.exe

C:\Windows\System\bkaUJra.exe

C:\Windows\System\bkaUJra.exe

C:\Windows\System\kXbydCq.exe

C:\Windows\System\kXbydCq.exe

C:\Windows\System\PdmqTZN.exe

C:\Windows\System\PdmqTZN.exe

C:\Windows\System\IyMFxoy.exe

C:\Windows\System\IyMFxoy.exe

C:\Windows\System\zjgNaia.exe

C:\Windows\System\zjgNaia.exe

C:\Windows\System\uszFEJb.exe

C:\Windows\System\uszFEJb.exe

C:\Windows\System\BauGcdw.exe

C:\Windows\System\BauGcdw.exe

C:\Windows\System\zybNqOZ.exe

C:\Windows\System\zybNqOZ.exe

C:\Windows\System\iMakXhw.exe

C:\Windows\System\iMakXhw.exe

C:\Windows\System\bPAaQRF.exe

C:\Windows\System\bPAaQRF.exe

C:\Windows\System\UFRmKbJ.exe

C:\Windows\System\UFRmKbJ.exe

C:\Windows\System\dXLJleN.exe

C:\Windows\System\dXLJleN.exe

C:\Windows\System\evmkeBD.exe

C:\Windows\System\evmkeBD.exe

C:\Windows\System\fCqjBZH.exe

C:\Windows\System\fCqjBZH.exe

C:\Windows\System\mqfKOZN.exe

C:\Windows\System\mqfKOZN.exe

C:\Windows\System\XhwJOIP.exe

C:\Windows\System\XhwJOIP.exe

C:\Windows\System\urYJvjh.exe

C:\Windows\System\urYJvjh.exe

C:\Windows\System\hvYtQTy.exe

C:\Windows\System\hvYtQTy.exe

C:\Windows\System\sjnmobO.exe

C:\Windows\System\sjnmobO.exe

C:\Windows\System\aBeeoOf.exe

C:\Windows\System\aBeeoOf.exe

C:\Windows\System\ZFSdVrF.exe

C:\Windows\System\ZFSdVrF.exe

C:\Windows\System\bXyNnHV.exe

C:\Windows\System\bXyNnHV.exe

C:\Windows\System\XEYBskQ.exe

C:\Windows\System\XEYBskQ.exe

C:\Windows\System\XdOPiHW.exe

C:\Windows\System\XdOPiHW.exe

C:\Windows\System\AtIKvKm.exe

C:\Windows\System\AtIKvKm.exe

C:\Windows\System\kPFLSjR.exe

C:\Windows\System\kPFLSjR.exe

C:\Windows\System\xXbQAlh.exe

C:\Windows\System\xXbQAlh.exe

C:\Windows\System\RuqMohS.exe

C:\Windows\System\RuqMohS.exe

C:\Windows\System\JCngJuM.exe

C:\Windows\System\JCngJuM.exe

C:\Windows\System\WPmtFBw.exe

C:\Windows\System\WPmtFBw.exe

C:\Windows\System\RwwzkMP.exe

C:\Windows\System\RwwzkMP.exe

C:\Windows\System\WirgLUg.exe

C:\Windows\System\WirgLUg.exe

C:\Windows\System\qkhZfUJ.exe

C:\Windows\System\qkhZfUJ.exe

C:\Windows\System\bFvHuao.exe

C:\Windows\System\bFvHuao.exe

C:\Windows\System\Vytxyoz.exe

C:\Windows\System\Vytxyoz.exe

C:\Windows\System\ROutXLo.exe

C:\Windows\System\ROutXLo.exe

C:\Windows\System\PgaTNlj.exe

C:\Windows\System\PgaTNlj.exe

C:\Windows\System\wFPrObF.exe

C:\Windows\System\wFPrObF.exe

C:\Windows\System\zduPWKc.exe

C:\Windows\System\zduPWKc.exe

C:\Windows\System\TjKmCGO.exe

C:\Windows\System\TjKmCGO.exe

C:\Windows\System\sqMDRQu.exe

C:\Windows\System\sqMDRQu.exe

C:\Windows\System\gtyKQfW.exe

C:\Windows\System\gtyKQfW.exe

C:\Windows\System\CPPCRzD.exe

C:\Windows\System\CPPCRzD.exe

C:\Windows\System\bZALHoY.exe

C:\Windows\System\bZALHoY.exe

C:\Windows\System\EFNlvrK.exe

C:\Windows\System\EFNlvrK.exe

C:\Windows\System\BHGMOom.exe

C:\Windows\System\BHGMOom.exe

C:\Windows\System\hDFnSCy.exe

C:\Windows\System\hDFnSCy.exe

C:\Windows\System\TpPIVjH.exe

C:\Windows\System\TpPIVjH.exe

C:\Windows\System\PrAKHWA.exe

C:\Windows\System\PrAKHWA.exe

C:\Windows\System\pnAysNS.exe

C:\Windows\System\pnAysNS.exe

C:\Windows\System\OEtVBHE.exe

C:\Windows\System\OEtVBHE.exe

C:\Windows\System\VZXUBxU.exe

C:\Windows\System\VZXUBxU.exe

C:\Windows\System\UzQOzjW.exe

C:\Windows\System\UzQOzjW.exe

C:\Windows\System\ykbYIuH.exe

C:\Windows\System\ykbYIuH.exe

C:\Windows\System\ioOCRfv.exe

C:\Windows\System\ioOCRfv.exe

C:\Windows\System\jZpHovT.exe

C:\Windows\System\jZpHovT.exe

C:\Windows\System\vxybgHz.exe

C:\Windows\System\vxybgHz.exe

C:\Windows\System\vtTWYmp.exe

C:\Windows\System\vtTWYmp.exe

C:\Windows\System\mZwrDLB.exe

C:\Windows\System\mZwrDLB.exe

C:\Windows\System\yNOQLJu.exe

C:\Windows\System\yNOQLJu.exe

C:\Windows\System\gRXUEys.exe

C:\Windows\System\gRXUEys.exe

C:\Windows\System\elFdmFE.exe

C:\Windows\System\elFdmFE.exe

C:\Windows\System\dFFSrBn.exe

C:\Windows\System\dFFSrBn.exe

C:\Windows\System\LZOpIqM.exe

C:\Windows\System\LZOpIqM.exe

C:\Windows\System\PRdmQvo.exe

C:\Windows\System\PRdmQvo.exe

C:\Windows\System\tqeuhSW.exe

C:\Windows\System\tqeuhSW.exe

C:\Windows\System\LbRJVhy.exe

C:\Windows\System\LbRJVhy.exe

C:\Windows\System\aAsuLfA.exe

C:\Windows\System\aAsuLfA.exe

C:\Windows\System\MXQVaSy.exe

C:\Windows\System\MXQVaSy.exe

C:\Windows\System\DqzdlGr.exe

C:\Windows\System\DqzdlGr.exe

C:\Windows\System\MAcEyQq.exe

C:\Windows\System\MAcEyQq.exe

C:\Windows\System\cFyXabs.exe

C:\Windows\System\cFyXabs.exe

C:\Windows\System\CLuVTHX.exe

C:\Windows\System\CLuVTHX.exe

C:\Windows\System\fCzNYBE.exe

C:\Windows\System\fCzNYBE.exe

C:\Windows\System\zyIbUma.exe

C:\Windows\System\zyIbUma.exe

C:\Windows\System\osrKYhf.exe

C:\Windows\System\osrKYhf.exe

C:\Windows\System\iIKGWHi.exe

C:\Windows\System\iIKGWHi.exe

C:\Windows\System\qoWLSMz.exe

C:\Windows\System\qoWLSMz.exe

C:\Windows\System\vBTMchW.exe

C:\Windows\System\vBTMchW.exe

C:\Windows\System\WCAwhRo.exe

C:\Windows\System\WCAwhRo.exe

C:\Windows\System\yzTpZHm.exe

C:\Windows\System\yzTpZHm.exe

C:\Windows\System\bdZYnDK.exe

C:\Windows\System\bdZYnDK.exe

C:\Windows\System\WvvHbtQ.exe

C:\Windows\System\WvvHbtQ.exe

C:\Windows\System\OYKqSIh.exe

C:\Windows\System\OYKqSIh.exe

C:\Windows\System\JBhddYT.exe

C:\Windows\System\JBhddYT.exe

C:\Windows\System\hkTxfsj.exe

C:\Windows\System\hkTxfsj.exe

C:\Windows\System\pMFgpVt.exe

C:\Windows\System\pMFgpVt.exe

C:\Windows\System\KZkCLDm.exe

C:\Windows\System\KZkCLDm.exe

C:\Windows\System\HLTZJze.exe

C:\Windows\System\HLTZJze.exe

C:\Windows\System\WkxZNqE.exe

C:\Windows\System\WkxZNqE.exe

C:\Windows\System\jwCekoA.exe

C:\Windows\System\jwCekoA.exe

C:\Windows\System\FvcszJf.exe

C:\Windows\System\FvcszJf.exe

C:\Windows\System\fXNAhMM.exe

C:\Windows\System\fXNAhMM.exe

C:\Windows\System\FdCfsTF.exe

C:\Windows\System\FdCfsTF.exe

C:\Windows\System\yhRHZvH.exe

C:\Windows\System\yhRHZvH.exe

C:\Windows\System\oreFvwr.exe

C:\Windows\System\oreFvwr.exe

C:\Windows\System\ROnHZvD.exe

C:\Windows\System\ROnHZvD.exe

C:\Windows\System\pgEykTi.exe

C:\Windows\System\pgEykTi.exe

C:\Windows\System\PKOBfXg.exe

C:\Windows\System\PKOBfXg.exe

C:\Windows\System\naaMVyK.exe

C:\Windows\System\naaMVyK.exe

C:\Windows\System\vjakphk.exe

C:\Windows\System\vjakphk.exe

C:\Windows\System\vfBEHbU.exe

C:\Windows\System\vfBEHbU.exe

C:\Windows\System\HAxlnTS.exe

C:\Windows\System\HAxlnTS.exe

C:\Windows\System\qvsNFWB.exe

C:\Windows\System\qvsNFWB.exe

C:\Windows\System\UEoXbjW.exe

C:\Windows\System\UEoXbjW.exe

C:\Windows\System\AzFnJfS.exe

C:\Windows\System\AzFnJfS.exe

C:\Windows\System\xQrBsIC.exe

C:\Windows\System\xQrBsIC.exe

C:\Windows\System\KfKoItx.exe

C:\Windows\System\KfKoItx.exe

C:\Windows\System\CPveSXE.exe

C:\Windows\System\CPveSXE.exe

C:\Windows\System\kJPZcwu.exe

C:\Windows\System\kJPZcwu.exe

C:\Windows\System\FopyIej.exe

C:\Windows\System\FopyIej.exe

C:\Windows\System\ayjxhlT.exe

C:\Windows\System\ayjxhlT.exe

C:\Windows\System\tiGrokx.exe

C:\Windows\System\tiGrokx.exe

C:\Windows\System\dWWclvh.exe

C:\Windows\System\dWWclvh.exe

C:\Windows\System\aesmbcu.exe

C:\Windows\System\aesmbcu.exe

C:\Windows\System\QPnBuri.exe

C:\Windows\System\QPnBuri.exe

C:\Windows\System\frjrrAs.exe

C:\Windows\System\frjrrAs.exe

C:\Windows\System\uWagnGJ.exe

C:\Windows\System\uWagnGJ.exe

C:\Windows\System\BZNILCC.exe

C:\Windows\System\BZNILCC.exe

C:\Windows\System\wYqnPKu.exe

C:\Windows\System\wYqnPKu.exe

C:\Windows\System\Wnflitp.exe

C:\Windows\System\Wnflitp.exe

C:\Windows\System\oxasYYh.exe

C:\Windows\System\oxasYYh.exe

C:\Windows\System\USnFkbp.exe

C:\Windows\System\USnFkbp.exe

C:\Windows\System\vqZXwuK.exe

C:\Windows\System\vqZXwuK.exe

C:\Windows\System\PfbHWdH.exe

C:\Windows\System\PfbHWdH.exe

C:\Windows\System\NKhJGAv.exe

C:\Windows\System\NKhJGAv.exe

C:\Windows\System\uBqjgMI.exe

C:\Windows\System\uBqjgMI.exe

C:\Windows\System\JdatZDx.exe

C:\Windows\System\JdatZDx.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2248-0-0x000000013F810000-0x000000013FC06000-memory.dmp

memory/2248-1-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\etnbDCX.exe

MD5 98465fd8df6dcf00e63bcb8a0fb7d780
SHA1 ff7e5dbdafcd29402b1fb5462671f0011f898b56
SHA256 5ae8c137b15785bea3f2d8b44f665a1656f1d59698f471403fc9cddaa347a876
SHA512 bd7f4ba6aae0b17c88fa4600bf16f03b74286df72e4528e234510c0b0f804625cd6325a84f24d631c1b19f7b7dc3b6a40d0642e22cfe0773b6b4b5c6281a970e

memory/2248-12-0x0000000002C30000-0x0000000003026000-memory.dmp

memory/2456-15-0x000007FEF5E9E000-0x000007FEF5E9F000-memory.dmp

memory/2456-14-0x0000000002AC0000-0x0000000002B40000-memory.dmp

memory/2384-13-0x000000013F4E0000-0x000000013F8D6000-memory.dmp

\Windows\system\wEKzUul.exe

MD5 3ed360e40f46095f3b6b8e506f9f5c53
SHA1 64e59766b70354ac085a78619a8074fb50c37da5
SHA256 2c42e8ebd41171c1e7a70a83eab432fcb98cbdf35183a788b958bec04486b691
SHA512 3b34dd1f4c3259b0320f3aefbae456dc4b1bcba424c2cfc95289780036f6ffb81595c7fd17965de198baa5f0c2d2e2f431946077ca827fc4b38be08580ac6b88

\Windows\system\SbaYKGC.exe

MD5 aa6e9bfc67dbc05f6decc68c042578df
SHA1 44cf8a08b21266a1caa6b3a5b0b4f2fe3a93636b
SHA256 09d4efe8d909b9fc2407620e79535c21e6896565cf54c0737a799640fe459e9c
SHA512 70f272b042771325d12a6a0c8583d69434bac77b1bbe8cc53c216e5877025195ff1f4efe799683d4a2e70db6fee40d6bd449ff00f04ccc01d07aa81dc02bba27

\Windows\system\umGEftd.exe

MD5 dc3c7ee050e89ffd4789a3c88ab2a394
SHA1 f875021aa0970aa85976889465235ac883a58d32
SHA256 cb55347bd58070e15831d1f5196059d36bcac4589d736738be56035669348df8
SHA512 5a5e21c74f0e697da07b2f7d937c683d9401ff37a703787a8165286d4010120a110bf61579a520b9e03ac135d69c3ab8807bfee7d57d3817277dab9d6b866403

C:\Windows\system\evyRPkf.exe

MD5 f31be7bb625b787e63a7c5130f47d473
SHA1 49c125cbe1f6ed25ea5990e59ce666191bbd33e6
SHA256 2d01b7ce9c6d278c28b8b529b036c126a57ff5a51c8b1b3edc1ac0da29bd3965
SHA512 b67ab66657b63688c4f5a511a081e2a6525888abcce9dbf23e3c6492b770a0a7a56a2759ea807c6a0efeaa6a784addea063f225a572f746e06b832312b1091ff

C:\Windows\system\GWubKtt.exe

MD5 3ac7c8095b85aa898d61145d3032e562
SHA1 ab2c1f08d2e24c63f5061f474d80435e10802f75
SHA256 d2b19d5dda1751de1c6e64c19cadc618de1cc7df54e05933c17a52ba0f5003bc
SHA512 a6aa071d595b6b4118c718145256b89a2ffaf407ba8e129daf0345632981815527240e9afe2f16218780a3d848cb8404819318ab0f8cc024c738fd2c1104da0a

\Windows\system\onDtHZH.exe

MD5 401f0d65182f8742fbd0047fba29d0ee
SHA1 0589588b8bd1d4a105564f8ac06163f8ee399ff8
SHA256 6d8c6cec57df5a1e689a6ae89643c2fbe939c5eb9565e839033ec145077642ed
SHA512 3db8f6e778aab746a5e49baefcd69b3b9733079fa291219531a23c941403583d36f1634814d935f32c0558bc9f8cb27bfd80de5a1b32dd7a48538d26420e8bf9

memory/2456-39-0x000000001B370000-0x000000001B652000-memory.dmp

C:\Windows\system\EpBVFUh.exe

MD5 0bd0101ffec856e3e3dac02c64efaa00
SHA1 d9c5f1c3efca57cd2b183f1e4da462a2b57f945c
SHA256 30ab98e6f9e2ebe14b3ed28a146e5646eb8aa1b8e3add6234436b197a681b81b
SHA512 147fea28978d3e846daae7ed64aa501a412514e0d9c3d269edd87743b2ca2fff61d942e17abe38318264ac1a73d33f2f121d0e116dbccc0074b12cc60baefa67

memory/2120-57-0x000000013F5F0000-0x000000013F9E6000-memory.dmp

memory/2248-58-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/2772-70-0x000000013F270000-0x000000013F666000-memory.dmp

memory/2248-87-0x0000000002C30000-0x0000000003026000-memory.dmp

C:\Windows\system\PaDsPFm.exe

MD5 6227017588ff98230d2eb2cff6f8bbea
SHA1 f29b5a7f5934fe7869657f479bce442a6aac7a01
SHA256 57024467d585f42f77579f0272b552ba08b2dd8e27f233013072eae1f8e20ac8
SHA512 0a617fc8aa70b483e7ba2d9af83aea38b33a3a9a86c954972beaf13f49b2502f7b73e70d5569d3245df9ef879cc390de26028f9fcba8df6e3568f892ba388915

memory/2952-95-0x000000013F130000-0x000000013F526000-memory.dmp

C:\Windows\system\OvLGXbZ.exe

MD5 934a27fb83ff6c6bf99c7b0527113d8c
SHA1 92fb821dbd6e8bda2b32db074f9e6ef7b3a6355f
SHA256 1dffdcfa0c0962db61133099a51ea04eae7448a0bd464f8622229e1fcfa3496f
SHA512 21cb75b15bfa040b2302bca8242956b17eb38090c9f89d1f297ab2f85f4c16deacb3e225dbb1f0af03d229020d4b17f51f5a0c1b084b54eea1cad0a5c4a0f540

C:\Windows\system\SGeTDFk.exe

MD5 21848b130462ab024a64e185fba139f8
SHA1 08ad2df174505c51696eff82513dc42cb9a9a671
SHA256 bff328463ec8f346341b46d9090bee67519863b4c44bc645df856725e8a8508b
SHA512 1c735bb5fa5d2f870644269c8f1e3386d7b489d58c0330a5cc1066e00fb0defb8d0e708d82f11905e0c355d15c93ea1006d0473970e4d255697717bb56599ea3

C:\Windows\system\POdNrFP.exe

MD5 bc50702011f849732ec7d931d1ab0e8b
SHA1 2f2136ba1033a73bca0eddb01635723b7b364f84
SHA256 87e36b625c20afd1884185492c2d4b9f2509c915279afc8661d3acf1b1b9061d
SHA512 922417066c2156fa1c050ec46fd616cdf65db88d6e80a9ca34d6f4296132b4d38dadae386cf5d52d8f086aabb9d96117abf11c6905864736d9852a27caa441cd

C:\Windows\system\MtpHNVh.exe

MD5 74a5a3ea504078e83c2887d905168fcb
SHA1 66aca63fb8d60c066bccdc52ae82e377165a496d
SHA256 c07908d401d48b0cc9157b48d644685924d2c4972db3e088e1fcffc5eb02d588
SHA512 415b6a84eacad87e66f9dfafc457c6266fb8b879e733f0ebeb743c9838dd7a809a2ea115e5976e447494c1d41832e7cf7605e33ece28f73bfc39154c026a59f8

C:\Windows\system\NQiEkjb.exe

MD5 6745a4ae5154322a8a9d2714accb8737
SHA1 5d2f5dc26853c57a1a78b85ec5d90b966a02e594
SHA256 2eaecfeb517455a6429b3b725cd021e3317768a308a64b8bc1a8485d3943b636
SHA512 470bcd9112f897480c41d6306f38d8b24250235314289d6bf99712aede926412a17c48d94315165bddcc16c61d67cc5011a43ec17109cbc62a61961aef99a5a9

memory/2456-904-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

memory/2248-1973-0x000000013F810000-0x000000013FC06000-memory.dmp

memory/2780-1977-0x000000013F9A0000-0x000000013FD96000-memory.dmp

memory/2496-1978-0x000000013F290000-0x000000013F686000-memory.dmp

memory/2384-2255-0x000000013F4E0000-0x000000013F8D6000-memory.dmp

memory/2120-2318-0x000000013F5F0000-0x000000013F9E6000-memory.dmp

memory/1096-2312-0x000000013F920000-0x000000013FD16000-memory.dmp

memory/2776-2338-0x000000013FEF0000-0x00000001402E6000-memory.dmp

memory/2760-2339-0x000000013FC70000-0x0000000140066000-memory.dmp

memory/2728-2364-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/2248-2362-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/2772-2366-0x000000013F270000-0x000000013F666000-memory.dmp

memory/2728-2365-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/1252-2360-0x000000013FEC0000-0x00000001402B6000-memory.dmp

C:\Windows\system\bhmWCvI.exe

MD5 6274dee4859819ff3c96e5f99994a733
SHA1 7a4b75984b27d7172c6dc6c67809953cb88f3c11
SHA256 76f4b788c2136d3f1a3dacb9a77ec3ecc02921ea5384ed3b1ff61304518beeec
SHA512 8beb42eed869401859b4fc835abc7225736e1b2abba63af7da310929b1ddc57443bfc76a02821de898b02ba98b02a5fd1c690930b284d3d3dbe930e6ddfda147

C:\Windows\system\bghsHTz.exe

MD5 fc3275e040e52a5f7d2da3d8db30d24f
SHA1 491ea200c99114bdbfda729599067b843e536ac1
SHA256 17506806a8cf7d4f9f4df0b426a2decc19158b494c5e393861325aa9323cc39b
SHA512 4ed68de6efd2d42c19a8ce26cb6c44f83455a6e653fe654ff157ab26c00f7daf02da39e7da8f3700fd72c198ee53affb0fa872e6c8e86073667b24ad0300e2e2

C:\Windows\system\LCjWEgT.exe

MD5 752d7567a93d35e8f21155c5aaf70944
SHA1 8d921b244ff3a1a99c4ab019d06e0f42ca50932e
SHA256 cc41ebe81675f22b4dec07fd344688f920e67ff8f2fd38aa5c58a56d8ec1067a
SHA512 9626f94fe2aedf39982896f080e8d17590f0338e4ca85a749e24a25cd1caa111832d0cbfaa61c2cd8c47e9cee2a10256613ba54219afe8d64d4606f02d056530

C:\Windows\system\kDtLyhF.exe

MD5 b9058c79a5193c8883d2a8005c15aff5
SHA1 7d5f782835627bd6184da6c3fccb1f83db3ee72c
SHA256 b86ff00e1d1eed7bbf9749887650fec0937abc984284b764e1773b61a800bfc5
SHA512 e8173fb8c979d842c413e988ad83bf08c053d4dc022c01a49cede9f0b1630a7fb343149a0c5ebf28850265f3d704a1f499573cdff6b5753b5585a1bff2a4e5be

C:\Windows\system\lmVHCIg.exe

MD5 b271086a6de60b5470b56a66797d70ea
SHA1 9463c2df2837d2279d256d472882c4001454cf8e
SHA256 6c90b768dafc0f8cbfef228da302814ef02a7fd92bb8e639f0cf7f9c7a93f774
SHA512 71d2334fb3a2b94db1ee99b7eeaa18ca916cb243b2ac2e6ce0dff2f9dd42535e471fec3e6ae51ef10001724cad605b6af9a85734d01b64c111f74008f213e9d1

C:\Windows\system\abOkfnw.exe

MD5 61de71aa3e3bd0df5cf3e0b2f5fa9ee0
SHA1 a1756c9a2f8021a0db372689f6a0a5df9a1c95c7
SHA256 aa752ec871e1be7fbf30c2f1ad1a1cd96bf1743c7fc8a1e7e603aa0e230ad5de
SHA512 cc34c0b12d1cf4d6e084997c5ef087e7f64b54c25a1b9206797f82e1c8461f5d7e87ccf60411e519d701be060c0fd95f70684a8a59eb96df07c62de0766a51f6

C:\Windows\system\naQMCGk.exe

MD5 71112ca9db5148c0a911ccc285f561c6
SHA1 d26c4250050a6fa0ca401bb9ecd9e24b639b2acd
SHA256 69e319a649008894f99da659d368da52aeb349fb3bdd401684478f516ebc1690
SHA512 4621c3e2b7d02427066bf53a76cc34dcd5c91b3519b656e37c90d8a04c4638b177b7c60ec896bbd439be0e94c51c7612d30cf5cde65534ce6e6665923d7f1356

C:\Windows\system\QvTteKT.exe

MD5 cbb2e7c81be67ed38230d022ed476a34
SHA1 bd69fd49d8e27f2949245d29b894c2001bacbb9f
SHA256 167737fd7e476a1f077dcc1d8aa9ff61cd567f990a14554bc0fb1c8e85f40bb9
SHA512 c5c518d614e1f312575581282e3f817dd70300ae11e63e5704b08aa23eda6f8b2ea2c3024e4d8c47e91b41703e65d69dd176c7c84aeb2a54730f1e87981d6a4b

C:\Windows\system\zNBNbWL.exe

MD5 a768ea01f7c3dae57605e77c402c168e
SHA1 83236a4eecf881700c9e406ebc5f92a33102bc22
SHA256 b5766c8a9b3ab94f76b7f5e403c0f683a21548280b4e9c89a3407f9043ee1f94
SHA512 2c31d2f8802a50988f84f37a754f32fa0459ff1e0b6101462de98b60a8f60eac075ed86a70d0f2e1413192739a131babd8caa34a1c93a914fcd0cc73507660df

C:\Windows\system\ljdFuyw.exe

MD5 a40cf6fbf3da617c17b529d6347b3405
SHA1 48b0013b027c3281ee92c9f39570d4a9663d934a
SHA256 d8f24f62be982159cce76e5196a14a74ae5bc4326d6bcf68168a9e58973d7d6e
SHA512 e4761f91955030729fbb7f72c6529100f5246720fc7decaed34be977a5c1cb0ebf80a78616d21f38de3fb01bf47a3b0fb9eb088db924cb76ca2242d1cc0bc83c

C:\Windows\system\XlsVVrQ.exe

MD5 6c78a6da2b4c21e4dbfb7604dfae75b2
SHA1 87c8dceb4a799713c47ff454f32a90b9ff3d1561
SHA256 f5d646e848b794dc801cf59679db3d0d7dfd1a925f573168f5c21ac42d189140
SHA512 5fd0ab63e5198e2e02b9beab2255d22cc4f8da769eb3560fb5fc9e36af2cff80865aa44ec24f8b7f916e01016be12976fe1775150492e7b0a631e9532aaa6d4b

C:\Windows\system\rtoAFOa.exe

MD5 a0ee29c093e8ace74ce57ae9e6798b25
SHA1 9b967729234870e1a8e404c72faa206af5cf703e
SHA256 ac56cd4f1c80e303e75df32a60989ff004b98f9eadf7f0ae16caffa2bb68fb6a
SHA512 a0b9e79f165ac829e907ad8f49a23c21b7ccaa9784328bbd7987ad1b134685375ade332a5c094c81ca98270858606b173c376b7747013223932d1f579fdd4bd4

memory/1872-103-0x000000013F080000-0x000000013F476000-memory.dmp

C:\Windows\system\ifxrXmv.exe

MD5 e394216d6fcf11eb5235c3697b4675f6
SHA1 bf162a9c5ef549e1d7c0d308b9ff14843f86cb7d
SHA256 384f7eadb43ebc472046ddc644ba3c9930c8427278da770db52f82e9296ccb6f
SHA512 a7c3473f39c3bbe240d9ac9c5c1d1c5cf0441f15730001eb5c6596666158109d5187e0cbcd9c5119fd947350a549276af233814d30f94f31e2d74085661de869

memory/2248-97-0x000000013F080000-0x000000013F476000-memory.dmp

memory/2248-96-0x000000013F290000-0x000000013F686000-memory.dmp

C:\Windows\system\NZgjDPS.exe

MD5 b4ebc890215f82bcf6a0a832ad31542c
SHA1 b57e14cb42083cad0c5ebf6f24030967bcffed5b
SHA256 49346afcc6f406abbe35f570bd14326a9adaac06e9106343ce6248d2660aa9a5
SHA512 d84d4a35bde7c31a18ed615e995fb7e7325199ce3d967edf198ed3025e9d41c1e18dcf0ad096882197ad74ac4e12cdc2a9e008f97c4e2b41eab3af3f39b952a9

memory/1252-91-0x000000013FEC0000-0x00000001402B6000-memory.dmp

memory/2248-89-0x000000013FEC0000-0x00000001402B6000-memory.dmp

memory/2780-80-0x000000013F9A0000-0x000000013FD96000-memory.dmp

memory/2248-88-0x0000000003110000-0x0000000003506000-memory.dmp

memory/2496-86-0x000000013F290000-0x000000013F686000-memory.dmp

C:\Windows\system\kdVYxPC.exe

MD5 3d4b2aae60b7563be3ee62de2af7a81f
SHA1 53c6898bd77b9f6ba18f160f7c19eb45831acf6a
SHA256 ad651cff821e91c5824cd70540c4f55978c7122b84e79cdf8f9af3c74ee3e439
SHA512 e03076d00557b69d1fe2b7aca59f8e9a4efb23378c1f8fc6cd19781851dea66f65ca5866e317878bfd57415617c98e1fb2315c143724244d91a1a5b0aa34701c

memory/2456-72-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

memory/2776-77-0x000000013FEF0000-0x00000001402E6000-memory.dmp

memory/2248-71-0x000000013FEF0000-0x00000001402E6000-memory.dmp

C:\Windows\system\KOahWkx.exe

MD5 0008df801a8509fa2d3d75858423c63f
SHA1 ffe210e1a5c512d6f2c902a588b12a19c330cb5b
SHA256 3d3ba322d4cfd3bd3d6f1a3a54a78cd34da741412831f173dd5dce5336d470b9
SHA512 b7677645b8afdfc4334e25ca9e1cf33249d88096a16fd1929d79c498a62b3ac2201a184c1b6180488b63fe00fff1717a5afdc9685217049dc9fae10a939948fd

C:\Windows\system\vmBoTxH.exe

MD5 d1bfeb1919ded6fca3718400aae0360b
SHA1 d37f6a6e6e553f4ea144b1df57f95dda001046b1
SHA256 6038ead10ee0b5fc13ecf210be247e4350cb738784aef3f6b93911b5446f6661
SHA512 f51cbdd9c4ec100fc4fa3f95433a06f16cdc2175a89a685d341ac8442ee09248601b8138c9e1eefae9fd7a8336e53c7b8b9b70323bcd0e373689b5fdf9f526a5

memory/2248-67-0x000000013F270000-0x000000013F666000-memory.dmp

memory/2760-66-0x000000013FC70000-0x0000000140066000-memory.dmp

memory/2248-60-0x000000013FC70000-0x0000000140066000-memory.dmp

memory/2728-59-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/1096-50-0x000000013F920000-0x000000013FD16000-memory.dmp

memory/2456-49-0x0000000001E60000-0x0000000001E68000-memory.dmp

\Windows\system\hsuCepJ.exe

MD5 30ffc58294a89ea5f883c13e812b5d71
SHA1 dd7247262bf1d8a6f467500f5c48e9470ae3758f
SHA256 d651235498bf8db54b4724cb3a455f3a7d4854f2154673ee20d1b483f4e7dc0a
SHA512 b1e2b83624bb39f9abd0210c1c6779bdcbf862eb39f271ed4b2c9fc2cdac18a3298ac9d8dbedf585170086b44859a64205ef8fb4b9b4305003912f5a31fd889f

memory/2248-53-0x0000000002C30000-0x0000000003026000-memory.dmp

memory/2456-44-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

memory/2248-2594-0x0000000003110000-0x0000000003506000-memory.dmp

memory/2952-2595-0x000000013F130000-0x000000013F526000-memory.dmp

memory/1872-2597-0x000000013F080000-0x000000013F476000-memory.dmp

memory/2248-2596-0x000000013F290000-0x000000013F686000-memory.dmp

memory/2780-2923-0x000000013F9A0000-0x000000013FD96000-memory.dmp

memory/2952-2972-0x000000013F130000-0x000000013F526000-memory.dmp

memory/2496-2924-0x000000013F290000-0x000000013F686000-memory.dmp

memory/1872-2927-0x000000013F080000-0x000000013F476000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 12:46

Reported

2024-06-13 12:49

Platform

win10v2004-20240508-en

Max time kernel

60s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GqKcJoP.exe N/A
N/A N/A C:\Windows\System\fkmsaWY.exe N/A
N/A N/A C:\Windows\System\QXjyUQh.exe N/A
N/A N/A C:\Windows\System\hPUtASx.exe N/A
N/A N/A C:\Windows\System\XmLlTvy.exe N/A
N/A N/A C:\Windows\System\GipOXwX.exe N/A
N/A N/A C:\Windows\System\WyqRAkx.exe N/A
N/A N/A C:\Windows\System\zbnHNUB.exe N/A
N/A N/A C:\Windows\System\KXZitdA.exe N/A
N/A N/A C:\Windows\System\SPGEkVR.exe N/A
N/A N/A C:\Windows\System\tuPzapb.exe N/A
N/A N/A C:\Windows\System\NOSYCSR.exe N/A
N/A N/A C:\Windows\System\gbarzIT.exe N/A
N/A N/A C:\Windows\System\ajMDpaF.exe N/A
N/A N/A C:\Windows\System\ubGGDCE.exe N/A
N/A N/A C:\Windows\System\MDvnTsp.exe N/A
N/A N/A C:\Windows\System\lvAVSkp.exe N/A
N/A N/A C:\Windows\System\nmSXkWU.exe N/A
N/A N/A C:\Windows\System\yoJxbkO.exe N/A
N/A N/A C:\Windows\System\skwyCwp.exe N/A
N/A N/A C:\Windows\System\GEzhXTo.exe N/A
N/A N/A C:\Windows\System\pxgxJWv.exe N/A
N/A N/A C:\Windows\System\lhIoLXK.exe N/A
N/A N/A C:\Windows\System\szHisWt.exe N/A
N/A N/A C:\Windows\System\EqaTGFE.exe N/A
N/A N/A C:\Windows\System\XHbXDie.exe N/A
N/A N/A C:\Windows\System\WhHKUOe.exe N/A
N/A N/A C:\Windows\System\JvkTOqO.exe N/A
N/A N/A C:\Windows\System\wYLiVKd.exe N/A
N/A N/A C:\Windows\System\qHXmVgf.exe N/A
N/A N/A C:\Windows\System\omOPayt.exe N/A
N/A N/A C:\Windows\System\TSZGlBL.exe N/A
N/A N/A C:\Windows\System\DwfiTIO.exe N/A
N/A N/A C:\Windows\System\ETJqrwQ.exe N/A
N/A N/A C:\Windows\System\aDihukc.exe N/A
N/A N/A C:\Windows\System\mJJuWdj.exe N/A
N/A N/A C:\Windows\System\dLFIiQT.exe N/A
N/A N/A C:\Windows\System\zIIwaye.exe N/A
N/A N/A C:\Windows\System\yYJMxPE.exe N/A
N/A N/A C:\Windows\System\sdTohUA.exe N/A
N/A N/A C:\Windows\System\itwCvrh.exe N/A
N/A N/A C:\Windows\System\YrKjyhQ.exe N/A
N/A N/A C:\Windows\System\zqZYRzW.exe N/A
N/A N/A C:\Windows\System\VTnxzAm.exe N/A
N/A N/A C:\Windows\System\GFrKWOA.exe N/A
N/A N/A C:\Windows\System\jOXemxH.exe N/A
N/A N/A C:\Windows\System\TUqsqZL.exe N/A
N/A N/A C:\Windows\System\FiAUoAl.exe N/A
N/A N/A C:\Windows\System\UGtsusq.exe N/A
N/A N/A C:\Windows\System\fdDDccZ.exe N/A
N/A N/A C:\Windows\System\jePXwUJ.exe N/A
N/A N/A C:\Windows\System\pVNczZS.exe N/A
N/A N/A C:\Windows\System\nxMsirr.exe N/A
N/A N/A C:\Windows\System\UBjIqYo.exe N/A
N/A N/A C:\Windows\System\RFdgBwi.exe N/A
N/A N/A C:\Windows\System\KPCZDXE.exe N/A
N/A N/A C:\Windows\System\CleWTiz.exe N/A
N/A N/A C:\Windows\System\rjmZtNq.exe N/A
N/A N/A C:\Windows\System\TEErefZ.exe N/A
N/A N/A C:\Windows\System\rnAKvku.exe N/A
N/A N/A C:\Windows\System\luSbPwX.exe N/A
N/A N/A C:\Windows\System\sPcFPYZ.exe N/A
N/A N/A C:\Windows\System\jgNroSx.exe N/A
N/A N/A C:\Windows\System\VJBPTAx.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\GfxOphr.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUrMZpe.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezXFhxW.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyLqFaz.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHCYmVm.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\wyYLvmA.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLBciox.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\tguCAyi.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJAkNhc.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\xIFfqrV.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\mOugoju.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\lujLPyD.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\fMxFIsT.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubGGDCE.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDviduX.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCEXQLa.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\UEOZCuN.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\GYITzpb.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\lYrXfhi.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\FCICYtv.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFPPPbE.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJqGbFe.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\szHisWt.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\HNRPsKt.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHrYItd.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBjIqYo.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsNJeqQ.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\zdGmFlR.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\xAtiBSZ.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\wpYxNLa.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPduNik.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\zbnHNUB.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\hOLssas.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\KoMnyfP.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\uRJAAJc.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\HcDyfDj.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjAviJf.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\fyxQret.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJDpNSl.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\ToqsoPG.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\UoeXzqM.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\aobucpp.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\bxooYzL.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDRLaEi.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuvBbUH.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\hprRwRt.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\BaZJgRH.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\FEDlAmO.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDHUTsD.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\CXCqqwy.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\kOxjGnG.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\aGIURWk.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzGTnBO.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\sMUMVWA.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\IWLueQK.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\vxrVpCe.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZGMzNV.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDFyUTf.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXjyUQh.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\itwCvrh.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\oNuQItY.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFSqvma.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\BivFzAa.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbjwiCq.exe C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1020 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1020 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1020 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GqKcJoP.exe
PID 1020 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GqKcJoP.exe
PID 1020 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\fkmsaWY.exe
PID 1020 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\fkmsaWY.exe
PID 1020 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\QXjyUQh.exe
PID 1020 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\QXjyUQh.exe
PID 1020 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\hPUtASx.exe
PID 1020 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\hPUtASx.exe
PID 1020 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\XmLlTvy.exe
PID 1020 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\XmLlTvy.exe
PID 1020 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GipOXwX.exe
PID 1020 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GipOXwX.exe
PID 1020 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\WyqRAkx.exe
PID 1020 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\WyqRAkx.exe
PID 1020 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\zbnHNUB.exe
PID 1020 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\zbnHNUB.exe
PID 1020 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\KXZitdA.exe
PID 1020 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\KXZitdA.exe
PID 1020 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\SPGEkVR.exe
PID 1020 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\SPGEkVR.exe
PID 1020 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\tuPzapb.exe
PID 1020 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\tuPzapb.exe
PID 1020 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\NOSYCSR.exe
PID 1020 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\NOSYCSR.exe
PID 1020 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\gbarzIT.exe
PID 1020 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\gbarzIT.exe
PID 1020 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ajMDpaF.exe
PID 1020 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ajMDpaF.exe
PID 1020 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ubGGDCE.exe
PID 1020 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\ubGGDCE.exe
PID 1020 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\MDvnTsp.exe
PID 1020 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\MDvnTsp.exe
PID 1020 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\lvAVSkp.exe
PID 1020 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\lvAVSkp.exe
PID 1020 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\nmSXkWU.exe
PID 1020 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\nmSXkWU.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\yoJxbkO.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\yoJxbkO.exe
PID 1020 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\skwyCwp.exe
PID 1020 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\skwyCwp.exe
PID 1020 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GEzhXTo.exe
PID 1020 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\GEzhXTo.exe
PID 1020 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\pxgxJWv.exe
PID 1020 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\pxgxJWv.exe
PID 1020 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\lhIoLXK.exe
PID 1020 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\lhIoLXK.exe
PID 1020 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\szHisWt.exe
PID 1020 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\szHisWt.exe
PID 1020 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\EqaTGFE.exe
PID 1020 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\EqaTGFE.exe
PID 1020 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\XHbXDie.exe
PID 1020 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\XHbXDie.exe
PID 1020 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\WhHKUOe.exe
PID 1020 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\WhHKUOe.exe
PID 1020 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\JvkTOqO.exe
PID 1020 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\JvkTOqO.exe
PID 1020 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\wYLiVKd.exe
PID 1020 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\wYLiVKd.exe
PID 1020 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\qHXmVgf.exe
PID 1020 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\qHXmVgf.exe
PID 1020 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\omOPayt.exe
PID 1020 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe C:\Windows\System\omOPayt.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\GqKcJoP.exe

C:\Windows\System\GqKcJoP.exe

C:\Windows\System\fkmsaWY.exe

C:\Windows\System\fkmsaWY.exe

C:\Windows\System\QXjyUQh.exe

C:\Windows\System\QXjyUQh.exe

C:\Windows\System\hPUtASx.exe

C:\Windows\System\hPUtASx.exe

C:\Windows\System\XmLlTvy.exe

C:\Windows\System\XmLlTvy.exe

C:\Windows\System\GipOXwX.exe

C:\Windows\System\GipOXwX.exe

C:\Windows\System\WyqRAkx.exe

C:\Windows\System\WyqRAkx.exe

C:\Windows\System\zbnHNUB.exe

C:\Windows\System\zbnHNUB.exe

C:\Windows\System\KXZitdA.exe

C:\Windows\System\KXZitdA.exe

C:\Windows\System\SPGEkVR.exe

C:\Windows\System\SPGEkVR.exe

C:\Windows\System\tuPzapb.exe

C:\Windows\System\tuPzapb.exe

C:\Windows\System\NOSYCSR.exe

C:\Windows\System\NOSYCSR.exe

C:\Windows\System\gbarzIT.exe

C:\Windows\System\gbarzIT.exe

C:\Windows\System\ajMDpaF.exe

C:\Windows\System\ajMDpaF.exe

C:\Windows\System\ubGGDCE.exe

C:\Windows\System\ubGGDCE.exe

C:\Windows\System\MDvnTsp.exe

C:\Windows\System\MDvnTsp.exe

C:\Windows\System\lvAVSkp.exe

C:\Windows\System\lvAVSkp.exe

C:\Windows\System\nmSXkWU.exe

C:\Windows\System\nmSXkWU.exe

C:\Windows\System\yoJxbkO.exe

C:\Windows\System\yoJxbkO.exe

C:\Windows\System\skwyCwp.exe

C:\Windows\System\skwyCwp.exe

C:\Windows\System\GEzhXTo.exe

C:\Windows\System\GEzhXTo.exe

C:\Windows\System\pxgxJWv.exe

C:\Windows\System\pxgxJWv.exe

C:\Windows\System\lhIoLXK.exe

C:\Windows\System\lhIoLXK.exe

C:\Windows\System\szHisWt.exe

C:\Windows\System\szHisWt.exe

C:\Windows\System\EqaTGFE.exe

C:\Windows\System\EqaTGFE.exe

C:\Windows\System\XHbXDie.exe

C:\Windows\System\XHbXDie.exe

C:\Windows\System\WhHKUOe.exe

C:\Windows\System\WhHKUOe.exe

C:\Windows\System\JvkTOqO.exe

C:\Windows\System\JvkTOqO.exe

C:\Windows\System\wYLiVKd.exe

C:\Windows\System\wYLiVKd.exe

C:\Windows\System\qHXmVgf.exe

C:\Windows\System\qHXmVgf.exe

C:\Windows\System\omOPayt.exe

C:\Windows\System\omOPayt.exe

C:\Windows\System\TSZGlBL.exe

C:\Windows\System\TSZGlBL.exe

C:\Windows\System\DwfiTIO.exe

C:\Windows\System\DwfiTIO.exe

C:\Windows\System\ETJqrwQ.exe

C:\Windows\System\ETJqrwQ.exe

C:\Windows\System\aDihukc.exe

C:\Windows\System\aDihukc.exe

C:\Windows\System\mJJuWdj.exe

C:\Windows\System\mJJuWdj.exe

C:\Windows\System\dLFIiQT.exe

C:\Windows\System\dLFIiQT.exe

C:\Windows\System\zIIwaye.exe

C:\Windows\System\zIIwaye.exe

C:\Windows\System\yYJMxPE.exe

C:\Windows\System\yYJMxPE.exe

C:\Windows\System\sdTohUA.exe

C:\Windows\System\sdTohUA.exe

C:\Windows\System\itwCvrh.exe

C:\Windows\System\itwCvrh.exe

C:\Windows\System\YrKjyhQ.exe

C:\Windows\System\YrKjyhQ.exe

C:\Windows\System\zqZYRzW.exe

C:\Windows\System\zqZYRzW.exe

C:\Windows\System\VTnxzAm.exe

C:\Windows\System\VTnxzAm.exe

C:\Windows\System\GFrKWOA.exe

C:\Windows\System\GFrKWOA.exe

C:\Windows\System\jOXemxH.exe

C:\Windows\System\jOXemxH.exe

C:\Windows\System\TUqsqZL.exe

C:\Windows\System\TUqsqZL.exe

C:\Windows\System\FiAUoAl.exe

C:\Windows\System\FiAUoAl.exe

C:\Windows\System\UGtsusq.exe

C:\Windows\System\UGtsusq.exe

C:\Windows\System\fdDDccZ.exe

C:\Windows\System\fdDDccZ.exe

C:\Windows\System\jePXwUJ.exe

C:\Windows\System\jePXwUJ.exe

C:\Windows\System\pVNczZS.exe

C:\Windows\System\pVNczZS.exe

C:\Windows\System\nxMsirr.exe

C:\Windows\System\nxMsirr.exe

C:\Windows\System\UBjIqYo.exe

C:\Windows\System\UBjIqYo.exe

C:\Windows\System\RFdgBwi.exe

C:\Windows\System\RFdgBwi.exe

C:\Windows\System\KPCZDXE.exe

C:\Windows\System\KPCZDXE.exe

C:\Windows\System\CleWTiz.exe

C:\Windows\System\CleWTiz.exe

C:\Windows\System\rjmZtNq.exe

C:\Windows\System\rjmZtNq.exe

C:\Windows\System\TEErefZ.exe

C:\Windows\System\TEErefZ.exe

C:\Windows\System\rnAKvku.exe

C:\Windows\System\rnAKvku.exe

C:\Windows\System\luSbPwX.exe

C:\Windows\System\luSbPwX.exe

C:\Windows\System\sPcFPYZ.exe

C:\Windows\System\sPcFPYZ.exe

C:\Windows\System\jgNroSx.exe

C:\Windows\System\jgNroSx.exe

C:\Windows\System\VJBPTAx.exe

C:\Windows\System\VJBPTAx.exe

C:\Windows\System\datzeaT.exe

C:\Windows\System\datzeaT.exe

C:\Windows\System\PMFFLTK.exe

C:\Windows\System\PMFFLTK.exe

C:\Windows\System\eiywfwI.exe

C:\Windows\System\eiywfwI.exe

C:\Windows\System\ykyEhPb.exe

C:\Windows\System\ykyEhPb.exe

C:\Windows\System\bxapFpF.exe

C:\Windows\System\bxapFpF.exe

C:\Windows\System\ZfYMiGG.exe

C:\Windows\System\ZfYMiGG.exe

C:\Windows\System\SlnhegM.exe

C:\Windows\System\SlnhegM.exe

C:\Windows\System\IxvLVwu.exe

C:\Windows\System\IxvLVwu.exe

C:\Windows\System\rtNFYlA.exe

C:\Windows\System\rtNFYlA.exe

C:\Windows\System\ADtHfzm.exe

C:\Windows\System\ADtHfzm.exe

C:\Windows\System\irQGRRZ.exe

C:\Windows\System\irQGRRZ.exe

C:\Windows\System\VlriWAk.exe

C:\Windows\System\VlriWAk.exe

C:\Windows\System\OmOOEND.exe

C:\Windows\System\OmOOEND.exe

C:\Windows\System\GVjLKnC.exe

C:\Windows\System\GVjLKnC.exe

C:\Windows\System\zjnXCBM.exe

C:\Windows\System\zjnXCBM.exe

C:\Windows\System\isuORXj.exe

C:\Windows\System\isuORXj.exe

C:\Windows\System\yjAviJf.exe

C:\Windows\System\yjAviJf.exe

C:\Windows\System\aobucpp.exe

C:\Windows\System\aobucpp.exe

C:\Windows\System\oRYLDMp.exe

C:\Windows\System\oRYLDMp.exe

C:\Windows\System\hUNCniH.exe

C:\Windows\System\hUNCniH.exe

C:\Windows\System\PRfVQFk.exe

C:\Windows\System\PRfVQFk.exe

C:\Windows\System\HfBDfOc.exe

C:\Windows\System\HfBDfOc.exe

C:\Windows\System\QmwDpwY.exe

C:\Windows\System\QmwDpwY.exe

C:\Windows\System\jAZIMIx.exe

C:\Windows\System\jAZIMIx.exe

C:\Windows\System\ouRyNIv.exe

C:\Windows\System\ouRyNIv.exe

C:\Windows\System\tgFPXLW.exe

C:\Windows\System\tgFPXLW.exe

C:\Windows\System\LCLvLNr.exe

C:\Windows\System\LCLvLNr.exe

C:\Windows\System\YULMXoR.exe

C:\Windows\System\YULMXoR.exe

C:\Windows\System\hmUThUF.exe

C:\Windows\System\hmUThUF.exe

C:\Windows\System\GTZiuiD.exe

C:\Windows\System\GTZiuiD.exe

C:\Windows\System\LOlMMkb.exe

C:\Windows\System\LOlMMkb.exe

C:\Windows\System\TRxBFMn.exe

C:\Windows\System\TRxBFMn.exe

C:\Windows\System\NrkqDuF.exe

C:\Windows\System\NrkqDuF.exe

C:\Windows\System\APXxdHl.exe

C:\Windows\System\APXxdHl.exe

C:\Windows\System\MUIYOOt.exe

C:\Windows\System\MUIYOOt.exe

C:\Windows\System\GGYVKbk.exe

C:\Windows\System\GGYVKbk.exe

C:\Windows\System\GYITzpb.exe

C:\Windows\System\GYITzpb.exe

C:\Windows\System\RxlaBom.exe

C:\Windows\System\RxlaBom.exe

C:\Windows\System\XlOWRdn.exe

C:\Windows\System\XlOWRdn.exe

C:\Windows\System\YsNJeqQ.exe

C:\Windows\System\YsNJeqQ.exe

C:\Windows\System\PpASIZK.exe

C:\Windows\System\PpASIZK.exe

C:\Windows\System\cTSMgyG.exe

C:\Windows\System\cTSMgyG.exe

C:\Windows\System\qpuaKLp.exe

C:\Windows\System\qpuaKLp.exe

C:\Windows\System\ODnoiBS.exe

C:\Windows\System\ODnoiBS.exe

C:\Windows\System\MMNysUA.exe

C:\Windows\System\MMNysUA.exe

C:\Windows\System\oNuQItY.exe

C:\Windows\System\oNuQItY.exe

C:\Windows\System\ufAaBVF.exe

C:\Windows\System\ufAaBVF.exe

C:\Windows\System\ppjaFqg.exe

C:\Windows\System\ppjaFqg.exe

C:\Windows\System\gyLqFaz.exe

C:\Windows\System\gyLqFaz.exe

C:\Windows\System\hYrLFdt.exe

C:\Windows\System\hYrLFdt.exe

C:\Windows\System\FwZKuao.exe

C:\Windows\System\FwZKuao.exe

C:\Windows\System\BNkMooD.exe

C:\Windows\System\BNkMooD.exe

C:\Windows\System\qshAupw.exe

C:\Windows\System\qshAupw.exe

C:\Windows\System\BaZJgRH.exe

C:\Windows\System\BaZJgRH.exe

C:\Windows\System\esQSxbo.exe

C:\Windows\System\esQSxbo.exe

C:\Windows\System\SAeknLf.exe

C:\Windows\System\SAeknLf.exe

C:\Windows\System\PKkDgsX.exe

C:\Windows\System\PKkDgsX.exe

C:\Windows\System\vfNZXtn.exe

C:\Windows\System\vfNZXtn.exe

C:\Windows\System\qAcfUik.exe

C:\Windows\System\qAcfUik.exe

C:\Windows\System\oeXeBwu.exe

C:\Windows\System\oeXeBwu.exe

C:\Windows\System\RRhxIgC.exe

C:\Windows\System\RRhxIgC.exe

C:\Windows\System\lJWMqYG.exe

C:\Windows\System\lJWMqYG.exe

C:\Windows\System\wHNXmpC.exe

C:\Windows\System\wHNXmpC.exe

C:\Windows\System\LXmyaDO.exe

C:\Windows\System\LXmyaDO.exe

C:\Windows\System\iljyqFE.exe

C:\Windows\System\iljyqFE.exe

C:\Windows\System\yoVlVXL.exe

C:\Windows\System\yoVlVXL.exe

C:\Windows\System\LPutnft.exe

C:\Windows\System\LPutnft.exe

C:\Windows\System\YkGnaxS.exe

C:\Windows\System\YkGnaxS.exe

C:\Windows\System\KFawNtd.exe

C:\Windows\System\KFawNtd.exe

C:\Windows\System\bqWuZEI.exe

C:\Windows\System\bqWuZEI.exe

C:\Windows\System\IvDtRVX.exe

C:\Windows\System\IvDtRVX.exe

C:\Windows\System\kInuKzh.exe

C:\Windows\System\kInuKzh.exe

C:\Windows\System\SeVzPxx.exe

C:\Windows\System\SeVzPxx.exe

C:\Windows\System\ypJPsDR.exe

C:\Windows\System\ypJPsDR.exe

C:\Windows\System\PBdOBVe.exe

C:\Windows\System\PBdOBVe.exe

C:\Windows\System\jDKoyzE.exe

C:\Windows\System\jDKoyzE.exe

C:\Windows\System\vlNHnBL.exe

C:\Windows\System\vlNHnBL.exe

C:\Windows\System\oyuQOWQ.exe

C:\Windows\System\oyuQOWQ.exe

C:\Windows\System\FVvcQSy.exe

C:\Windows\System\FVvcQSy.exe

C:\Windows\System\YOynswI.exe

C:\Windows\System\YOynswI.exe

C:\Windows\System\VXAGBsO.exe

C:\Windows\System\VXAGBsO.exe

C:\Windows\System\xIFfqrV.exe

C:\Windows\System\xIFfqrV.exe

C:\Windows\System\aHVAdXG.exe

C:\Windows\System\aHVAdXG.exe

C:\Windows\System\YwFCtee.exe

C:\Windows\System\YwFCtee.exe

C:\Windows\System\MHgQTiv.exe

C:\Windows\System\MHgQTiv.exe

C:\Windows\System\yMQIdDJ.exe

C:\Windows\System\yMQIdDJ.exe

C:\Windows\System\yGHXIBP.exe

C:\Windows\System\yGHXIBP.exe

C:\Windows\System\WrcwQae.exe

C:\Windows\System\WrcwQae.exe

C:\Windows\System\SJHQMBP.exe

C:\Windows\System\SJHQMBP.exe

C:\Windows\System\rnUmIGB.exe

C:\Windows\System\rnUmIGB.exe

C:\Windows\System\MQzOMII.exe

C:\Windows\System\MQzOMII.exe

C:\Windows\System\OgZSXQs.exe

C:\Windows\System\OgZSXQs.exe

C:\Windows\System\ioSVQCH.exe

C:\Windows\System\ioSVQCH.exe

C:\Windows\System\UJiGKtM.exe

C:\Windows\System\UJiGKtM.exe

C:\Windows\System\bReotUL.exe

C:\Windows\System\bReotUL.exe

C:\Windows\System\jpKezeh.exe

C:\Windows\System\jpKezeh.exe

C:\Windows\System\MeDxvGw.exe

C:\Windows\System\MeDxvGw.exe

C:\Windows\System\vAxaMZe.exe

C:\Windows\System\vAxaMZe.exe

C:\Windows\System\VFSqvma.exe

C:\Windows\System\VFSqvma.exe

C:\Windows\System\fyxQret.exe

C:\Windows\System\fyxQret.exe

C:\Windows\System\OmgoiRd.exe

C:\Windows\System\OmgoiRd.exe

C:\Windows\System\pcIYQGM.exe

C:\Windows\System\pcIYQGM.exe

C:\Windows\System\SRRgetP.exe

C:\Windows\System\SRRgetP.exe

C:\Windows\System\UEQxQDq.exe

C:\Windows\System\UEQxQDq.exe

C:\Windows\System\DkDPVUH.exe

C:\Windows\System\DkDPVUH.exe

C:\Windows\System\LXeXPiq.exe

C:\Windows\System\LXeXPiq.exe

C:\Windows\System\BaEmFOH.exe

C:\Windows\System\BaEmFOH.exe

C:\Windows\System\tvpMYOL.exe

C:\Windows\System\tvpMYOL.exe

C:\Windows\System\hRjNISD.exe

C:\Windows\System\hRjNISD.exe

C:\Windows\System\XMzqjuC.exe

C:\Windows\System\XMzqjuC.exe

C:\Windows\System\HNRPsKt.exe

C:\Windows\System\HNRPsKt.exe

C:\Windows\System\BivFzAa.exe

C:\Windows\System\BivFzAa.exe

C:\Windows\System\uKnlwRg.exe

C:\Windows\System\uKnlwRg.exe

C:\Windows\System\wIDpTwk.exe

C:\Windows\System\wIDpTwk.exe

C:\Windows\System\TGXkcWw.exe

C:\Windows\System\TGXkcWw.exe

C:\Windows\System\HklgZcM.exe

C:\Windows\System\HklgZcM.exe

C:\Windows\System\NttSbag.exe

C:\Windows\System\NttSbag.exe

C:\Windows\System\HLueWPe.exe

C:\Windows\System\HLueWPe.exe

C:\Windows\System\EdiIFDH.exe

C:\Windows\System\EdiIFDH.exe

C:\Windows\System\gnLFYlA.exe

C:\Windows\System\gnLFYlA.exe

C:\Windows\System\KOuHkYT.exe

C:\Windows\System\KOuHkYT.exe

C:\Windows\System\jAgTToT.exe

C:\Windows\System\jAgTToT.exe

C:\Windows\System\dQBizjK.exe

C:\Windows\System\dQBizjK.exe

C:\Windows\System\STkWLWZ.exe

C:\Windows\System\STkWLWZ.exe

C:\Windows\System\CYFYYfD.exe

C:\Windows\System\CYFYYfD.exe

C:\Windows\System\DNSaYyj.exe

C:\Windows\System\DNSaYyj.exe

C:\Windows\System\YOkvLFY.exe

C:\Windows\System\YOkvLFY.exe

C:\Windows\System\wVfSuhG.exe

C:\Windows\System\wVfSuhG.exe

C:\Windows\System\gXnaidV.exe

C:\Windows\System\gXnaidV.exe

C:\Windows\System\mCafRzG.exe

C:\Windows\System\mCafRzG.exe

C:\Windows\System\YZbwNKU.exe

C:\Windows\System\YZbwNKU.exe

C:\Windows\System\oIpqGAR.exe

C:\Windows\System\oIpqGAR.exe

C:\Windows\System\EZGMzNV.exe

C:\Windows\System\EZGMzNV.exe

C:\Windows\System\ZNGwIHU.exe

C:\Windows\System\ZNGwIHU.exe

C:\Windows\System\kRCJDrn.exe

C:\Windows\System\kRCJDrn.exe

C:\Windows\System\kMEXliH.exe

C:\Windows\System\kMEXliH.exe

C:\Windows\System\SmvOlLT.exe

C:\Windows\System\SmvOlLT.exe

C:\Windows\System\cIpZCjW.exe

C:\Windows\System\cIpZCjW.exe

C:\Windows\System\gEndLzJ.exe

C:\Windows\System\gEndLzJ.exe

C:\Windows\System\bxMuOHh.exe

C:\Windows\System\bxMuOHh.exe

C:\Windows\System\BSiHXrR.exe

C:\Windows\System\BSiHXrR.exe

C:\Windows\System\kbjwiCq.exe

C:\Windows\System\kbjwiCq.exe

C:\Windows\System\EmyerLT.exe

C:\Windows\System\EmyerLT.exe

C:\Windows\System\hVaSZlP.exe

C:\Windows\System\hVaSZlP.exe

C:\Windows\System\mOugoju.exe

C:\Windows\System\mOugoju.exe

C:\Windows\System\zREChIn.exe

C:\Windows\System\zREChIn.exe

C:\Windows\System\IaFucdC.exe

C:\Windows\System\IaFucdC.exe

C:\Windows\System\IyLGiWm.exe

C:\Windows\System\IyLGiWm.exe

C:\Windows\System\lqdlXjA.exe

C:\Windows\System\lqdlXjA.exe

C:\Windows\System\wnSVzya.exe

C:\Windows\System\wnSVzya.exe

C:\Windows\System\NJoAOLq.exe

C:\Windows\System\NJoAOLq.exe

C:\Windows\System\lujLPyD.exe

C:\Windows\System\lujLPyD.exe

C:\Windows\System\WXEbqXn.exe

C:\Windows\System\WXEbqXn.exe

C:\Windows\System\oeIrTZK.exe

C:\Windows\System\oeIrTZK.exe

C:\Windows\System\IfQbudm.exe

C:\Windows\System\IfQbudm.exe

C:\Windows\System\AHJwWMo.exe

C:\Windows\System\AHJwWMo.exe

C:\Windows\System\WksyYWD.exe

C:\Windows\System\WksyYWD.exe

C:\Windows\System\XDWbGpu.exe

C:\Windows\System\XDWbGpu.exe

C:\Windows\System\lPyInpW.exe

C:\Windows\System\lPyInpW.exe

C:\Windows\System\XLEheAO.exe

C:\Windows\System\XLEheAO.exe

C:\Windows\System\xvFNzjM.exe

C:\Windows\System\xvFNzjM.exe

C:\Windows\System\aGIURWk.exe

C:\Windows\System\aGIURWk.exe

C:\Windows\System\dsZGmqF.exe

C:\Windows\System\dsZGmqF.exe

C:\Windows\System\iJpjPVP.exe

C:\Windows\System\iJpjPVP.exe

C:\Windows\System\fGADGVS.exe

C:\Windows\System\fGADGVS.exe

C:\Windows\System\nzxHOSJ.exe

C:\Windows\System\nzxHOSJ.exe

C:\Windows\System\LDviduX.exe

C:\Windows\System\LDviduX.exe

C:\Windows\System\rcXXAjb.exe

C:\Windows\System\rcXXAjb.exe

C:\Windows\System\IVgAJVM.exe

C:\Windows\System\IVgAJVM.exe

C:\Windows\System\LJDpNSl.exe

C:\Windows\System\LJDpNSl.exe

C:\Windows\System\jTioGMr.exe

C:\Windows\System\jTioGMr.exe

C:\Windows\System\NxOwltI.exe

C:\Windows\System\NxOwltI.exe

C:\Windows\System\GWqRBGA.exe

C:\Windows\System\GWqRBGA.exe

C:\Windows\System\ESIFUNd.exe

C:\Windows\System\ESIFUNd.exe

C:\Windows\System\RyRQSEB.exe

C:\Windows\System\RyRQSEB.exe

C:\Windows\System\sQbbWYn.exe

C:\Windows\System\sQbbWYn.exe

C:\Windows\System\lYrXfhi.exe

C:\Windows\System\lYrXfhi.exe

C:\Windows\System\iCYmDXd.exe

C:\Windows\System\iCYmDXd.exe

C:\Windows\System\pqmzQyE.exe

C:\Windows\System\pqmzQyE.exe

C:\Windows\System\GKgEuBS.exe

C:\Windows\System\GKgEuBS.exe

C:\Windows\System\nfXOuqS.exe

C:\Windows\System\nfXOuqS.exe

C:\Windows\System\zyZgjiS.exe

C:\Windows\System\zyZgjiS.exe

C:\Windows\System\IiHWxcv.exe

C:\Windows\System\IiHWxcv.exe

C:\Windows\System\rTABgHf.exe

C:\Windows\System\rTABgHf.exe

C:\Windows\System\iWeAMIk.exe

C:\Windows\System\iWeAMIk.exe

C:\Windows\System\aSsfdaK.exe

C:\Windows\System\aSsfdaK.exe

C:\Windows\System\zCimRMC.exe

C:\Windows\System\zCimRMC.exe

C:\Windows\System\RsEaJxe.exe

C:\Windows\System\RsEaJxe.exe

C:\Windows\System\ONKSExj.exe

C:\Windows\System\ONKSExj.exe

C:\Windows\System\XYlhpAl.exe

C:\Windows\System\XYlhpAl.exe

C:\Windows\System\QghckDG.exe

C:\Windows\System\QghckDG.exe

C:\Windows\System\iBNkYSA.exe

C:\Windows\System\iBNkYSA.exe

C:\Windows\System\EUWByvA.exe

C:\Windows\System\EUWByvA.exe

C:\Windows\System\AdzzPpI.exe

C:\Windows\System\AdzzPpI.exe

C:\Windows\System\ZoElVfa.exe

C:\Windows\System\ZoElVfa.exe

C:\Windows\System\JXSyNJu.exe

C:\Windows\System\JXSyNJu.exe

C:\Windows\System\qrLWuMP.exe

C:\Windows\System\qrLWuMP.exe

C:\Windows\System\ucRXeEA.exe

C:\Windows\System\ucRXeEA.exe

C:\Windows\System\qBIxhqU.exe

C:\Windows\System\qBIxhqU.exe

C:\Windows\System\TtpCKQz.exe

C:\Windows\System\TtpCKQz.exe

C:\Windows\System\sRfRzyN.exe

C:\Windows\System\sRfRzyN.exe

C:\Windows\System\hNaWuKL.exe

C:\Windows\System\hNaWuKL.exe

C:\Windows\System\EQFaPxP.exe

C:\Windows\System\EQFaPxP.exe

C:\Windows\System\odQIqAv.exe

C:\Windows\System\odQIqAv.exe

C:\Windows\System\ycPIhRB.exe

C:\Windows\System\ycPIhRB.exe

C:\Windows\System\GaahGft.exe

C:\Windows\System\GaahGft.exe

C:\Windows\System\ObDTRum.exe

C:\Windows\System\ObDTRum.exe

C:\Windows\System\CxzLvdt.exe

C:\Windows\System\CxzLvdt.exe

C:\Windows\System\swirCQS.exe

C:\Windows\System\swirCQS.exe

C:\Windows\System\pXHQexI.exe

C:\Windows\System\pXHQexI.exe

C:\Windows\System\aqrGhuB.exe

C:\Windows\System\aqrGhuB.exe

C:\Windows\System\WLQqiYa.exe

C:\Windows\System\WLQqiYa.exe

C:\Windows\System\hOLssas.exe

C:\Windows\System\hOLssas.exe

C:\Windows\System\zGnyAWR.exe

C:\Windows\System\zGnyAWR.exe

C:\Windows\System\ufEgsfy.exe

C:\Windows\System\ufEgsfy.exe

C:\Windows\System\XzGTnBO.exe

C:\Windows\System\XzGTnBO.exe

C:\Windows\System\zAvOoCh.exe

C:\Windows\System\zAvOoCh.exe

C:\Windows\System\xeYWYXi.exe

C:\Windows\System\xeYWYXi.exe

C:\Windows\System\MIWTeps.exe

C:\Windows\System\MIWTeps.exe

C:\Windows\System\FZJOqGt.exe

C:\Windows\System\FZJOqGt.exe

C:\Windows\System\eZoJhiT.exe

C:\Windows\System\eZoJhiT.exe

C:\Windows\System\sMUMVWA.exe

C:\Windows\System\sMUMVWA.exe

C:\Windows\System\FgdtHzT.exe

C:\Windows\System\FgdtHzT.exe

C:\Windows\System\aFOfXsu.exe

C:\Windows\System\aFOfXsu.exe

C:\Windows\System\AoZoLVg.exe

C:\Windows\System\AoZoLVg.exe

C:\Windows\System\dRDJbCq.exe

C:\Windows\System\dRDJbCq.exe

C:\Windows\System\STYsPFC.exe

C:\Windows\System\STYsPFC.exe

C:\Windows\System\GMwyOWZ.exe

C:\Windows\System\GMwyOWZ.exe

C:\Windows\System\TGFNQjN.exe

C:\Windows\System\TGFNQjN.exe

C:\Windows\System\OUqBIjU.exe

C:\Windows\System\OUqBIjU.exe

C:\Windows\System\tJQZxog.exe

C:\Windows\System\tJQZxog.exe

C:\Windows\System\biznVTP.exe

C:\Windows\System\biznVTP.exe

C:\Windows\System\KyQVwun.exe

C:\Windows\System\KyQVwun.exe

C:\Windows\System\iYIAQBj.exe

C:\Windows\System\iYIAQBj.exe

C:\Windows\System\FGFwNxv.exe

C:\Windows\System\FGFwNxv.exe

C:\Windows\System\nzmEPNa.exe

C:\Windows\System\nzmEPNa.exe

C:\Windows\System\vIRMsSk.exe

C:\Windows\System\vIRMsSk.exe

C:\Windows\System\uLTsesA.exe

C:\Windows\System\uLTsesA.exe

C:\Windows\System\GynuQwK.exe

C:\Windows\System\GynuQwK.exe

C:\Windows\System\LCEXQLa.exe

C:\Windows\System\LCEXQLa.exe

C:\Windows\System\eqRuevJ.exe

C:\Windows\System\eqRuevJ.exe

C:\Windows\System\PImwxZW.exe

C:\Windows\System\PImwxZW.exe

C:\Windows\System\eHCYmVm.exe

C:\Windows\System\eHCYmVm.exe

C:\Windows\System\LDLJWHx.exe

C:\Windows\System\LDLJWHx.exe

C:\Windows\System\hdlAOpb.exe

C:\Windows\System\hdlAOpb.exe

C:\Windows\System\FEDlAmO.exe

C:\Windows\System\FEDlAmO.exe

C:\Windows\System\qFTRFGf.exe

C:\Windows\System\qFTRFGf.exe

C:\Windows\System\JJuWsEi.exe

C:\Windows\System\JJuWsEi.exe

C:\Windows\System\gNcJcap.exe

C:\Windows\System\gNcJcap.exe

C:\Windows\System\JhgpUkL.exe

C:\Windows\System\JhgpUkL.exe

C:\Windows\System\NNUhDcJ.exe

C:\Windows\System\NNUhDcJ.exe

C:\Windows\System\DvPiyyP.exe

C:\Windows\System\DvPiyyP.exe

C:\Windows\System\xCYiTmG.exe

C:\Windows\System\xCYiTmG.exe

C:\Windows\System\dDHUTsD.exe

C:\Windows\System\dDHUTsD.exe

C:\Windows\System\PdlURJB.exe

C:\Windows\System\PdlURJB.exe

C:\Windows\System\uGztMyd.exe

C:\Windows\System\uGztMyd.exe

C:\Windows\System\JcgNNpm.exe

C:\Windows\System\JcgNNpm.exe

C:\Windows\System\DhttCjh.exe

C:\Windows\System\DhttCjh.exe

C:\Windows\System\JViIWgb.exe

C:\Windows\System\JViIWgb.exe

C:\Windows\System\NEqpxqa.exe

C:\Windows\System\NEqpxqa.exe

C:\Windows\System\wyYLvmA.exe

C:\Windows\System\wyYLvmA.exe

C:\Windows\System\kRDVkVZ.exe

C:\Windows\System\kRDVkVZ.exe

C:\Windows\System\dMUxeXJ.exe

C:\Windows\System\dMUxeXJ.exe

C:\Windows\System\mkvjgka.exe

C:\Windows\System\mkvjgka.exe

C:\Windows\System\Twyolyv.exe

C:\Windows\System\Twyolyv.exe

C:\Windows\System\FaMokNp.exe

C:\Windows\System\FaMokNp.exe

C:\Windows\System\MNRxAdP.exe

C:\Windows\System\MNRxAdP.exe

C:\Windows\System\KVPKhPp.exe

C:\Windows\System\KVPKhPp.exe

C:\Windows\System\yjwQxfh.exe

C:\Windows\System\yjwQxfh.exe

C:\Windows\System\FkNiNVF.exe

C:\Windows\System\FkNiNVF.exe

C:\Windows\System\RCqBWqt.exe

C:\Windows\System\RCqBWqt.exe

C:\Windows\System\HbUCYcu.exe

C:\Windows\System\HbUCYcu.exe

C:\Windows\System\UBuuFuL.exe

C:\Windows\System\UBuuFuL.exe

C:\Windows\System\yCrfhUr.exe

C:\Windows\System\yCrfhUr.exe

C:\Windows\System\DANVEWb.exe

C:\Windows\System\DANVEWb.exe

C:\Windows\System\KoMnyfP.exe

C:\Windows\System\KoMnyfP.exe

C:\Windows\System\UUCpDRq.exe

C:\Windows\System\UUCpDRq.exe

C:\Windows\System\XsSwVLH.exe

C:\Windows\System\XsSwVLH.exe

C:\Windows\System\IMnYFsW.exe

C:\Windows\System\IMnYFsW.exe

C:\Windows\System\txLSYEM.exe

C:\Windows\System\txLSYEM.exe

C:\Windows\System\yIlRZXC.exe

C:\Windows\System\yIlRZXC.exe

C:\Windows\System\SYxTeMo.exe

C:\Windows\System\SYxTeMo.exe

C:\Windows\System\sJsgIlM.exe

C:\Windows\System\sJsgIlM.exe

C:\Windows\System\feuQZhi.exe

C:\Windows\System\feuQZhi.exe

C:\Windows\System\JEPKJdR.exe

C:\Windows\System\JEPKJdR.exe

C:\Windows\System\Gxdkdcm.exe

C:\Windows\System\Gxdkdcm.exe

C:\Windows\System\KRyKMiU.exe

C:\Windows\System\KRyKMiU.exe

C:\Windows\System\YxczOwg.exe

C:\Windows\System\YxczOwg.exe

C:\Windows\System\woEUmsK.exe

C:\Windows\System\woEUmsK.exe

C:\Windows\System\fKAlIFe.exe

C:\Windows\System\fKAlIFe.exe

C:\Windows\System\WwUcRDu.exe

C:\Windows\System\WwUcRDu.exe

C:\Windows\System\MdxGdJZ.exe

C:\Windows\System\MdxGdJZ.exe

C:\Windows\System\uUntYhn.exe

C:\Windows\System\uUntYhn.exe

C:\Windows\System\nNlUehj.exe

C:\Windows\System\nNlUehj.exe

C:\Windows\System\dSfrAHe.exe

C:\Windows\System\dSfrAHe.exe

C:\Windows\System\NVfxght.exe

C:\Windows\System\NVfxght.exe

C:\Windows\System\SCeaQdC.exe

C:\Windows\System\SCeaQdC.exe

C:\Windows\System\wPmucCz.exe

C:\Windows\System\wPmucCz.exe

C:\Windows\System\vFcWVxc.exe

C:\Windows\System\vFcWVxc.exe

C:\Windows\System\CgBRTuk.exe

C:\Windows\System\CgBRTuk.exe

C:\Windows\System\jQdExAD.exe

C:\Windows\System\jQdExAD.exe

C:\Windows\System\ansbDVE.exe

C:\Windows\System\ansbDVE.exe

C:\Windows\System\jxsIBIn.exe

C:\Windows\System\jxsIBIn.exe

C:\Windows\System\yGKBDuY.exe

C:\Windows\System\yGKBDuY.exe

C:\Windows\System\xmJZAxI.exe

C:\Windows\System\xmJZAxI.exe

C:\Windows\System\NUcxlWk.exe

C:\Windows\System\NUcxlWk.exe

C:\Windows\System\DpmkCGH.exe

C:\Windows\System\DpmkCGH.exe

C:\Windows\System\lvUhyjE.exe

C:\Windows\System\lvUhyjE.exe

C:\Windows\System\bxooYzL.exe

C:\Windows\System\bxooYzL.exe

C:\Windows\System\MKwnloo.exe

C:\Windows\System\MKwnloo.exe

C:\Windows\System\todrIVL.exe

C:\Windows\System\todrIVL.exe

C:\Windows\System\DbkSLVD.exe

C:\Windows\System\DbkSLVD.exe

C:\Windows\System\gmRazBE.exe

C:\Windows\System\gmRazBE.exe

C:\Windows\System\TdhJpgj.exe

C:\Windows\System\TdhJpgj.exe

C:\Windows\System\eVDNcfq.exe

C:\Windows\System\eVDNcfq.exe

C:\Windows\System\CGwCKvc.exe

C:\Windows\System\CGwCKvc.exe

C:\Windows\System\BByQrnH.exe

C:\Windows\System\BByQrnH.exe

C:\Windows\System\odbmrBq.exe

C:\Windows\System\odbmrBq.exe

C:\Windows\System\PpkxFRh.exe

C:\Windows\System\PpkxFRh.exe

C:\Windows\System\LhKwBaw.exe

C:\Windows\System\LhKwBaw.exe

C:\Windows\System\gQcZYhu.exe

C:\Windows\System\gQcZYhu.exe

C:\Windows\System\deHxfUR.exe

C:\Windows\System\deHxfUR.exe

C:\Windows\System\kisZJDn.exe

C:\Windows\System\kisZJDn.exe

C:\Windows\System\uRJAAJc.exe

C:\Windows\System\uRJAAJc.exe

C:\Windows\System\qHaOWnz.exe

C:\Windows\System\qHaOWnz.exe

C:\Windows\System\UJvAecC.exe

C:\Windows\System\UJvAecC.exe

C:\Windows\System\pzCSHsL.exe

C:\Windows\System\pzCSHsL.exe

C:\Windows\System\pTaSAUU.exe

C:\Windows\System\pTaSAUU.exe

C:\Windows\System\UhMHmbG.exe

C:\Windows\System\UhMHmbG.exe

C:\Windows\System\egWtAiv.exe

C:\Windows\System\egWtAiv.exe

C:\Windows\System\brYKHRe.exe

C:\Windows\System\brYKHRe.exe

C:\Windows\System\XTJsrLQ.exe

C:\Windows\System\XTJsrLQ.exe

C:\Windows\System\mjLZDvq.exe

C:\Windows\System\mjLZDvq.exe

C:\Windows\System\dKJecUJ.exe

C:\Windows\System\dKJecUJ.exe

C:\Windows\System\FxUHfHk.exe

C:\Windows\System\FxUHfHk.exe

C:\Windows\System\jpOrtyl.exe

C:\Windows\System\jpOrtyl.exe

C:\Windows\System\JRrsTNZ.exe

C:\Windows\System\JRrsTNZ.exe

C:\Windows\System\bCkhteZ.exe

C:\Windows\System\bCkhteZ.exe

C:\Windows\System\nDneIOb.exe

C:\Windows\System\nDneIOb.exe

C:\Windows\System\XAWjCXh.exe

C:\Windows\System\XAWjCXh.exe

C:\Windows\System\sClgILb.exe

C:\Windows\System\sClgILb.exe

C:\Windows\System\ZpYmRdP.exe

C:\Windows\System\ZpYmRdP.exe

C:\Windows\System\odsFmSj.exe

C:\Windows\System\odsFmSj.exe

C:\Windows\System\zrYvsGQ.exe

C:\Windows\System\zrYvsGQ.exe

C:\Windows\System\GLBciox.exe

C:\Windows\System\GLBciox.exe

C:\Windows\System\CXCqqwy.exe

C:\Windows\System\CXCqqwy.exe

C:\Windows\System\fsjorLz.exe

C:\Windows\System\fsjorLz.exe

C:\Windows\System\jrzLfsQ.exe

C:\Windows\System\jrzLfsQ.exe

C:\Windows\System\gHUdRLJ.exe

C:\Windows\System\gHUdRLJ.exe

C:\Windows\System\qscprni.exe

C:\Windows\System\qscprni.exe

C:\Windows\System\tguCAyi.exe

C:\Windows\System\tguCAyi.exe

C:\Windows\System\OyLsSXZ.exe

C:\Windows\System\OyLsSXZ.exe

C:\Windows\System\GTRIxkf.exe

C:\Windows\System\GTRIxkf.exe

C:\Windows\System\xHoGVDd.exe

C:\Windows\System\xHoGVDd.exe

C:\Windows\System\huBOMEt.exe

C:\Windows\System\huBOMEt.exe

C:\Windows\System\gKVFQkU.exe

C:\Windows\System\gKVFQkU.exe

C:\Windows\System\GfxOphr.exe

C:\Windows\System\GfxOphr.exe

C:\Windows\System\OZKaYhr.exe

C:\Windows\System\OZKaYhr.exe

C:\Windows\System\qXxeLfU.exe

C:\Windows\System\qXxeLfU.exe

C:\Windows\System\ctMxlCe.exe

C:\Windows\System\ctMxlCe.exe

C:\Windows\System\ARjLToN.exe

C:\Windows\System\ARjLToN.exe

C:\Windows\System\SMQxiDS.exe

C:\Windows\System\SMQxiDS.exe

C:\Windows\System\EyQqHJB.exe

C:\Windows\System\EyQqHJB.exe

C:\Windows\System\ThOVgMr.exe

C:\Windows\System\ThOVgMr.exe

C:\Windows\System\fAqfnWw.exe

C:\Windows\System\fAqfnWw.exe

C:\Windows\System\HSglnuh.exe

C:\Windows\System\HSglnuh.exe

C:\Windows\System\bXwuGyJ.exe

C:\Windows\System\bXwuGyJ.exe

C:\Windows\System\ETtqXHt.exe

C:\Windows\System\ETtqXHt.exe

C:\Windows\System\JqoEFxY.exe

C:\Windows\System\JqoEFxY.exe

C:\Windows\System\iNzgqeu.exe

C:\Windows\System\iNzgqeu.exe

C:\Windows\System\HcDyfDj.exe

C:\Windows\System\HcDyfDj.exe

C:\Windows\System\xmrSOTo.exe

C:\Windows\System\xmrSOTo.exe

C:\Windows\System\IyvKcAd.exe

C:\Windows\System\IyvKcAd.exe

C:\Windows\System\pTrEFyZ.exe

C:\Windows\System\pTrEFyZ.exe

C:\Windows\System\KeJCOZl.exe

C:\Windows\System\KeJCOZl.exe

C:\Windows\System\gWAgPkz.exe

C:\Windows\System\gWAgPkz.exe

C:\Windows\System\RDRLaEi.exe

C:\Windows\System\RDRLaEi.exe

C:\Windows\System\VuHHIsp.exe

C:\Windows\System\VuHHIsp.exe

C:\Windows\System\ziyQeVe.exe

C:\Windows\System\ziyQeVe.exe

C:\Windows\System\SUvKnFG.exe

C:\Windows\System\SUvKnFG.exe

C:\Windows\System\QdBNAKn.exe

C:\Windows\System\QdBNAKn.exe

C:\Windows\System\ZySdQry.exe

C:\Windows\System\ZySdQry.exe

C:\Windows\System\xAtiBSZ.exe

C:\Windows\System\xAtiBSZ.exe

C:\Windows\System\fMxFIsT.exe

C:\Windows\System\fMxFIsT.exe

C:\Windows\System\tCfxnqG.exe

C:\Windows\System\tCfxnqG.exe

C:\Windows\System\XYarenj.exe

C:\Windows\System\XYarenj.exe

C:\Windows\System\UEncmKZ.exe

C:\Windows\System\UEncmKZ.exe

C:\Windows\System\MOCgKZO.exe

C:\Windows\System\MOCgKZO.exe

C:\Windows\System\nIYqWvp.exe

C:\Windows\System\nIYqWvp.exe

C:\Windows\System\ZNezbYs.exe

C:\Windows\System\ZNezbYs.exe

C:\Windows\System\fNAqknB.exe

C:\Windows\System\fNAqknB.exe

C:\Windows\System\zMavGbk.exe

C:\Windows\System\zMavGbk.exe

C:\Windows\System\LmQWzxG.exe

C:\Windows\System\LmQWzxG.exe

C:\Windows\System\usdIxyj.exe

C:\Windows\System\usdIxyj.exe

C:\Windows\System\uKhuPwc.exe

C:\Windows\System\uKhuPwc.exe

C:\Windows\System\RpWndPf.exe

C:\Windows\System\RpWndPf.exe

C:\Windows\System\ugaZaKT.exe

C:\Windows\System\ugaZaKT.exe

C:\Windows\System\QitIyom.exe

C:\Windows\System\QitIyom.exe

C:\Windows\System\QXddgZF.exe

C:\Windows\System\QXddgZF.exe

C:\Windows\System\DFVOxvX.exe

C:\Windows\System\DFVOxvX.exe

C:\Windows\System\QJYvIdH.exe

C:\Windows\System\QJYvIdH.exe

C:\Windows\System\ogxNXci.exe

C:\Windows\System\ogxNXci.exe

C:\Windows\System\ziWpGQa.exe

C:\Windows\System\ziWpGQa.exe

C:\Windows\System\CHLweob.exe

C:\Windows\System\CHLweob.exe

C:\Windows\System\rqIObYq.exe

C:\Windows\System\rqIObYq.exe

C:\Windows\System\pGZTpAX.exe

C:\Windows\System\pGZTpAX.exe

C:\Windows\System\WQwWqlV.exe

C:\Windows\System\WQwWqlV.exe

C:\Windows\System\wDFyUTf.exe

C:\Windows\System\wDFyUTf.exe

C:\Windows\System\gCcEXac.exe

C:\Windows\System\gCcEXac.exe

C:\Windows\System\uqMkHjl.exe

C:\Windows\System\uqMkHjl.exe

C:\Windows\System\KjzWQpk.exe

C:\Windows\System\KjzWQpk.exe

C:\Windows\System\AyadlRj.exe

C:\Windows\System\AyadlRj.exe

C:\Windows\System\fQBPoIs.exe

C:\Windows\System\fQBPoIs.exe

C:\Windows\System\IWLueQK.exe

C:\Windows\System\IWLueQK.exe

C:\Windows\System\qXgTQww.exe

C:\Windows\System\qXgTQww.exe

C:\Windows\System\QHrYItd.exe

C:\Windows\System\QHrYItd.exe

C:\Windows\System\BJBgnCe.exe

C:\Windows\System\BJBgnCe.exe

C:\Windows\System\HaGRhQG.exe

C:\Windows\System\HaGRhQG.exe

C:\Windows\System\kVGTaFu.exe

C:\Windows\System\kVGTaFu.exe

C:\Windows\System\FVIdKMl.exe

C:\Windows\System\FVIdKMl.exe

C:\Windows\System\FCICYtv.exe

C:\Windows\System\FCICYtv.exe

C:\Windows\System\WYHNVNL.exe

C:\Windows\System\WYHNVNL.exe

C:\Windows\System\lmOolkL.exe

C:\Windows\System\lmOolkL.exe

C:\Windows\System\yvSUjTG.exe

C:\Windows\System\yvSUjTG.exe

C:\Windows\System\DUrMZpe.exe

C:\Windows\System\DUrMZpe.exe

C:\Windows\System\sKQDOLf.exe

C:\Windows\System\sKQDOLf.exe

C:\Windows\System\FkdhCvs.exe

C:\Windows\System\FkdhCvs.exe

C:\Windows\System\SQVZkYH.exe

C:\Windows\System\SQVZkYH.exe

C:\Windows\System\jKXYvHY.exe

C:\Windows\System\jKXYvHY.exe

C:\Windows\System\esHtUhu.exe

C:\Windows\System\esHtUhu.exe

C:\Windows\System\EFCsDcU.exe

C:\Windows\System\EFCsDcU.exe

C:\Windows\System\ulgYmYA.exe

C:\Windows\System\ulgYmYA.exe

C:\Windows\System\DNOzbdl.exe

C:\Windows\System\DNOzbdl.exe

C:\Windows\System\ezXFhxW.exe

C:\Windows\System\ezXFhxW.exe

C:\Windows\System\jlNeCkN.exe

C:\Windows\System\jlNeCkN.exe

C:\Windows\System\zdGmFlR.exe

C:\Windows\System\zdGmFlR.exe

C:\Windows\System\xwzTBNW.exe

C:\Windows\System\xwzTBNW.exe

C:\Windows\System\MrhSBKE.exe

C:\Windows\System\MrhSBKE.exe

C:\Windows\System\YXQsxnT.exe

C:\Windows\System\YXQsxnT.exe

C:\Windows\System\BPMwlSp.exe

C:\Windows\System\BPMwlSp.exe

C:\Windows\System\ELjJUym.exe

C:\Windows\System\ELjJUym.exe

C:\Windows\System\ToqsoPG.exe

C:\Windows\System\ToqsoPG.exe

C:\Windows\System\UEOZCuN.exe

C:\Windows\System\UEOZCuN.exe

C:\Windows\System\QZaXzll.exe

C:\Windows\System\QZaXzll.exe

C:\Windows\System\qiQDoFh.exe

C:\Windows\System\qiQDoFh.exe

C:\Windows\System\vWboAWy.exe

C:\Windows\System\vWboAWy.exe

C:\Windows\System\kytXwIt.exe

C:\Windows\System\kytXwIt.exe

C:\Windows\System\rcdfduv.exe

C:\Windows\System\rcdfduv.exe

C:\Windows\System\bYwpZAf.exe

C:\Windows\System\bYwpZAf.exe

C:\Windows\System\cTyIauz.exe

C:\Windows\System\cTyIauz.exe

C:\Windows\System\TwzSoYW.exe

C:\Windows\System\TwzSoYW.exe

C:\Windows\System\ApSAsiZ.exe

C:\Windows\System\ApSAsiZ.exe

C:\Windows\System\DyMFfKZ.exe

C:\Windows\System\DyMFfKZ.exe

C:\Windows\System\IPkyQZj.exe

C:\Windows\System\IPkyQZj.exe

C:\Windows\System\DiMPgnc.exe

C:\Windows\System\DiMPgnc.exe

C:\Windows\System\diuDlSf.exe

C:\Windows\System\diuDlSf.exe

C:\Windows\System\TuvBbUH.exe

C:\Windows\System\TuvBbUH.exe

C:\Windows\System\RowlXya.exe

C:\Windows\System\RowlXya.exe

C:\Windows\System\pLCnGGM.exe

C:\Windows\System\pLCnGGM.exe

C:\Windows\System\wGpNbRz.exe

C:\Windows\System\wGpNbRz.exe

C:\Windows\System\dGJvGRm.exe

C:\Windows\System\dGJvGRm.exe

C:\Windows\System\DyftApP.exe

C:\Windows\System\DyftApP.exe

C:\Windows\System\PwdTRUa.exe

C:\Windows\System\PwdTRUa.exe

C:\Windows\System\rhwoCLD.exe

C:\Windows\System\rhwoCLD.exe

C:\Windows\System\NrjjlSO.exe

C:\Windows\System\NrjjlSO.exe

C:\Windows\System\UGjvzpV.exe

C:\Windows\System\UGjvzpV.exe

C:\Windows\System\vvaqqOP.exe

C:\Windows\System\vvaqqOP.exe

C:\Windows\System\vxrVpCe.exe

C:\Windows\System\vxrVpCe.exe

C:\Windows\System\FWlZbcF.exe

C:\Windows\System\FWlZbcF.exe

C:\Windows\System\SVcVxUY.exe

C:\Windows\System\SVcVxUY.exe

C:\Windows\System\xnnmeFn.exe

C:\Windows\System\xnnmeFn.exe

C:\Windows\System\sFPPPbE.exe

C:\Windows\System\sFPPPbE.exe

C:\Windows\System\UoeXzqM.exe

C:\Windows\System\UoeXzqM.exe

C:\Windows\System\RnrnKCA.exe

C:\Windows\System\RnrnKCA.exe

C:\Windows\System\horibOA.exe

C:\Windows\System\horibOA.exe

C:\Windows\System\jxzEnAa.exe

C:\Windows\System\jxzEnAa.exe

C:\Windows\System\NNmCkIS.exe

C:\Windows\System\NNmCkIS.exe

C:\Windows\System\LsjQwBe.exe

C:\Windows\System\LsjQwBe.exe

C:\Windows\System\UReQrWM.exe

C:\Windows\System\UReQrWM.exe

C:\Windows\System\GeYmfOP.exe

C:\Windows\System\GeYmfOP.exe

C:\Windows\System\SKMcRUN.exe

C:\Windows\System\SKMcRUN.exe

C:\Windows\System\Iiszmpa.exe

C:\Windows\System\Iiszmpa.exe

C:\Windows\System\PZIpRcC.exe

C:\Windows\System\PZIpRcC.exe

C:\Windows\System\MwJJQmq.exe

C:\Windows\System\MwJJQmq.exe

C:\Windows\System\jrjEgUd.exe

C:\Windows\System\jrjEgUd.exe

C:\Windows\System\HmWstjQ.exe

C:\Windows\System\HmWstjQ.exe

C:\Windows\System\SINLryW.exe

C:\Windows\System\SINLryW.exe

C:\Windows\System\gxosbXk.exe

C:\Windows\System\gxosbXk.exe

C:\Windows\System\kdBCbbe.exe

C:\Windows\System\kdBCbbe.exe

C:\Windows\System\WSDLwvP.exe

C:\Windows\System\WSDLwvP.exe

C:\Windows\System\qbyRjtx.exe

C:\Windows\System\qbyRjtx.exe

C:\Windows\System\iGMiAcH.exe

C:\Windows\System\iGMiAcH.exe

C:\Windows\System\yVFTwfW.exe

C:\Windows\System\yVFTwfW.exe

C:\Windows\System\HFVAbNb.exe

C:\Windows\System\HFVAbNb.exe

C:\Windows\System\GRTCzIb.exe

C:\Windows\System\GRTCzIb.exe

C:\Windows\System\HtTVVMC.exe

C:\Windows\System\HtTVVMC.exe

C:\Windows\System\uXrebra.exe

C:\Windows\System\uXrebra.exe

C:\Windows\System\meHAZng.exe

C:\Windows\System\meHAZng.exe

C:\Windows\System\fqLgujx.exe

C:\Windows\System\fqLgujx.exe

C:\Windows\System\eSjDIQS.exe

C:\Windows\System\eSjDIQS.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/1020-0-0x00007FF600970000-0x00007FF600D66000-memory.dmp

memory/1020-1-0x000002CC2A1A0000-0x000002CC2A1B0000-memory.dmp

C:\Windows\System\GqKcJoP.exe

MD5 9a711d8946779c78837cdab4c7b82f38
SHA1 ca0ee88bb19926ff7b162496889256a04fc584df
SHA256 43be55c93c7e87877e0f1ea0a6e6e8370b16ec8d8b37d77065486c2d8e0ee091
SHA512 f1dddc036f42b7197438822cab107b5e92d495073e5d14b40636dd0a8fa1314ce997773326ef6ee448b96098f41a45529a9c5229e20fd60ad1a6981bde197a78

C:\Windows\System\QXjyUQh.exe

MD5 9dd48c6c452f92fc85de5f05a613d01b
SHA1 029e000442bb02d65ec37316b97220522cc6a3bf
SHA256 dc4077b8a284418311125ac543be013d148823120359ec96b978d1ab78f8dc4e
SHA512 bcd2a1d99a5feb6c712f5532afc3d03d607532c09044da130c159d766c670ec4d401e76bfc8ffc778e30cd7d4d6f5a8de449343f93d5b58b6a3396e3f22376fc

memory/3096-12-0x00007FF8B1453000-0x00007FF8B1455000-memory.dmp

C:\Windows\System\hPUtASx.exe

MD5 0ff72916dbd80484097ff462a22aba18
SHA1 e34b271f5f0b603d2ce859f23f058db54faaec2e
SHA256 2c5b2c54909a418e96d1853ab8335a720dba0e94572a9030da8d5592120ef57f
SHA512 1bcbff4bc62fbe1a302313ffa59a3142609647601f7a7d8a1436733b8f5f3330f4ea489241c31ffad0b0bfd6be8706a7b99ca74c8fbf9d39a13813fd8e1eb7e4

C:\Windows\System\XmLlTvy.exe

MD5 f8eb5f8c4b0294256a166c829af7721d
SHA1 8f021f2a4109073b5bb48e62800cc9331f79751d
SHA256 f7106ac31bea07f44e624dd43cca252c324a51cdcef88f2bed6b7c22058d16eb
SHA512 88965c7b39de68109a892a4549803e8c67dbb7e94f135ee52cba01e89f8beb515fc06c0b30658f3c8cc44c83e67ea3d5a604483c370b9cd705ccde968b8a84e5

memory/3096-30-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

C:\Windows\System\GipOXwX.exe

MD5 00bc5844597d85bc9ebbaae1e3b253d9
SHA1 ebfcdee0d0b4c1d39f383e781fb990e78b2e6890
SHA256 75ea8919e462eef994ba5a8009e49fc41cb3b7c6b88da80db76e083953e4e7fc
SHA512 c0acf7ad6696780419cb5b80c2f4b5c04ced8150dd75240d9d3526f3505f07a9a258f42a8a72777aaa09aabdb9611fc06e05422b42f28109a7b3c62eb65f2fd6

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ntf2cmt2.qbp.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\SPGEkVR.exe

MD5 1ef4b0af3ddf3987456a3bdb68d8ddf9
SHA1 33d138601bf8af65e7e7adbef5ae7cd9a3750065
SHA256 081b5d909948cf2558068e36eb869dc174a2e086aa5ee8ca6ace9f3f43236f7e
SHA512 53ea1880903ccbad0b7c0a0f25a91932776c9aed335bfa59334c86e36c7692655a0ae1efbee5283678dc48ba40cdba95b51bdcfece77f6154e946f5605842263

memory/400-68-0x00007FF6CABC0000-0x00007FF6CAFB6000-memory.dmp

memory/3052-71-0x00007FF65A880000-0x00007FF65AC76000-memory.dmp

memory/2988-75-0x00007FF763C80000-0x00007FF764076000-memory.dmp

C:\Windows\System\NOSYCSR.exe

MD5 0eb8d220f331bb647d9ddebd227f292e
SHA1 9c6722bdc43f8d0aacc769fc8bb1585698732538
SHA256 cda14d05943d9c1ab68689035d249239a335dde8fd71fab20ab2178e89074a95
SHA512 9ffcc63039e097c77cd61048ecd2a1bc9b071b72b6e5b2f48af6335bdfa3af206f84a4c52c711c7d28ed9976101c9967dddefcc1d28e704b69db834917e65e2f

memory/1428-80-0x00007FF68C700000-0x00007FF68CAF6000-memory.dmp

memory/1912-86-0x00007FF638190000-0x00007FF638586000-memory.dmp

C:\Windows\System\gbarzIT.exe

MD5 b4a75c8b05f68b5b2a589b6d3d6a4e0c
SHA1 ed296e0361d1de592ec17ce9296c1e38db6a6dfd
SHA256 7291cfc794c8793c86a86c717cbe3eb4715c5ccf8d5520bf9d3d0724b3b9e783
SHA512 f4b422e124f22fab0e543b55fc4484232b4788588efdac3ddfbe685d67a2222a0dc37489b09c6131e792012a0180b1f83696243d78b425030aff69c96a2bf8b9

memory/5060-96-0x00007FF7195F0000-0x00007FF7199E6000-memory.dmp

memory/2208-97-0x00007FF7B0DA0000-0x00007FF7B1196000-memory.dmp

memory/2340-99-0x00007FF7ACBE0000-0x00007FF7ACFD6000-memory.dmp

memory/2964-98-0x00007FF6F1A40000-0x00007FF6F1E36000-memory.dmp

C:\Windows\System\pxgxJWv.exe

MD5 1dc1439e64dd4d9597b3e4387c400999
SHA1 c6914794db31ae78760c90239d75119d06e07d42
SHA256 03ae178057b9673a82ce2d5a985b7ee251e15801d2797193dcee21ea586b089e
SHA512 0db4ef932325613f3596f3b89f09439f696cf86a9a48eb1d9df6bf7a15c05340d00590806a59b66d936aed5f6acda3c6e25c66412293f9b3e250c6107df9fe27

C:\Windows\System\EqaTGFE.exe

MD5 1d813a6526d4e2350bb3226337f4207e
SHA1 9cac62849b153760aeb3b46ab8005901ef0037f3
SHA256 ee0c3e39166aca0b0ff7c5331dbd76e4b53c1fdb3cd90d5b5e355fb179506d0d
SHA512 32000eb7648f9749b51fc90ddeb71c58570eed80cfb8bcf8eeffef33e97d2b36574644c38a81fcbe765a09a7f84aaf6699bc19f0e98df7413177e20249c190a5

C:\Windows\System\JvkTOqO.exe

MD5 c091327c84e9d033d2ebb171ea17594d
SHA1 5dd3367608f05c16bb76ae33f1bc5b4131bcbdf0
SHA256 684a583c96e871b7079204e7c69eebe2363344962d03fedefa4c180e08e59a1e
SHA512 e828a3a3c8cef542acf55f8a66b095e0ce15eeeccf21d17428baf3de84bd7fc8643052dce2fffcdde8b5e83a6f7ce0d7010255fc190170b56a7548eaa7ad9e52

C:\Windows\System\qHXmVgf.exe

MD5 e0c83e5cad2393b35c97fcf2a4ce81b6
SHA1 edefc62ded1cd544e33463d9a12087176dc441e4
SHA256 1635f30e20691aba03fa51052ae0ea773f3e7a92a184bd0e566906731ff279cc
SHA512 fef9017a51c1f5764fce5e2adfb6356b12b7911f5d510f4ae1ef624fcea3040311d80a41bb2d7b4e3c254df95deb920809b5bbad77cec15f833f9f898b4bb63f

memory/996-733-0x00007FF6203E0000-0x00007FF6207D6000-memory.dmp

memory/2076-735-0x00007FF6B6040000-0x00007FF6B6436000-memory.dmp

memory/1760-736-0x00007FF728010000-0x00007FF728406000-memory.dmp

memory/812-734-0x00007FF65C4C0000-0x00007FF65C8B6000-memory.dmp

memory/2360-737-0x00007FF651480000-0x00007FF651876000-memory.dmp

memory/3328-738-0x00007FF6C9390000-0x00007FF6C9786000-memory.dmp

memory/3760-739-0x00007FF744520000-0x00007FF744916000-memory.dmp

memory/2160-740-0x00007FF7EAD90000-0x00007FF7EB186000-memory.dmp

memory/3012-741-0x00007FF68FB40000-0x00007FF68FF36000-memory.dmp

memory/4568-742-0x00007FF7A5FE0000-0x00007FF7A63D6000-memory.dmp

memory/3096-1889-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

C:\Windows\System\DwfiTIO.exe

MD5 29fa78cec66d218db37a5fc919102b44
SHA1 6c275a4067bc084681798c452190a586e572ef21
SHA256 ff275977c58066a0b85728638a5610525973c387def240a633bfd5047194fdc1
SHA512 3f7358d325ecfd053398c9efed3195980488580e91cfa7f7ed2d4d7a3a69b4117ad3cfe7f40895b73fcaa7311e1549b025995592f84d8c623c99b1381868eaed

C:\Windows\System\omOPayt.exe

MD5 002a581ed3da78c6ca2469ab409c98ce
SHA1 311c9b82554cb88266fbeffc1a18de510fe8edd4
SHA256 e3b688c810840918c34f0051b6e1e1cca74edce53c8826e95bd3e8ae9b26be53
SHA512 1b27fd5dc9b0c8bf15b5119daccf79a239f40575f894d50901769a60947b378c15677ac2f6de779b7ff3533638c456f03b97aa9beacd6af5d94e4b7deec63a7c

C:\Windows\System\TSZGlBL.exe

MD5 53f41b0b6f8a8e340ec21abf3a5a9580
SHA1 b40d120ece5b1f145e25db6a5c3024f5c3bfd19f
SHA256 b9695f95e2b36f86699bc6041bd6f60315f66b638eb85fa1e864c93379a3a2ae
SHA512 60e7aa56bd946fbe8722a27409c9fe8ae640ae00f33c7cce172d13f955142c09d42f0f1340e428b356cb25f234d138968c5850fb5528ddbb8187df17c32416a3

C:\Windows\System\wYLiVKd.exe

MD5 3566b643f4782aa6ea6e976a3c97e2de
SHA1 c7b5ba96e29419b57c8133dde493114fb3d03c81
SHA256 f3dcde10a0824882c2b2bde69674fd17a5cd3a2536c95bb468f44a52d7b38379
SHA512 c35f69f6af686dd2bcf1e511480738254bcaa02513270adb658096abf3780094e2c3100e9bf1fc7a755e26cf118ae37a678dc28482a7d2e46c69fd17d8c70234

C:\Windows\System\WhHKUOe.exe

MD5 5c5ad2ed1552527a9b843e3cf5a06b92
SHA1 aae918e45d01e30ab7d8b705582f34cfe15c46a7
SHA256 eba65874a37e6480f0a6fcd95e9b3cc61c4902bb648ce60f9b935bdb6cae995d
SHA512 4ffff36fb35659e1d601acf7471c79f88f3c29d60949ef2645c6a9fbf672108d9a94f32a28e5d57cda5cd6f1c4bbc20da221ea1c67b53705cc3105ede1d722c8

C:\Windows\System\XHbXDie.exe

MD5 3cb5e71db5163f57b401f20d5b6b4a58
SHA1 5ae23158ac1ba4483b46235a2bb30116f4178e35
SHA256 cdfc69ff48236ffbb28472ecc31aa021f7db682f594d424fed1b559b32dafeed
SHA512 5df31d8884a77e67cdef50b7dc3c8b61e7153236cc499c6376cf4142f435c83192c2a13ed6cb1167280b0efb79adcbfcc4e1416886552cc07d6d87230e2e14b5

C:\Windows\System\szHisWt.exe

MD5 586ecf3dadfdb11c99b63830bec49195
SHA1 2cf21a3a98135968c65646aecb018e7f5c4b4287
SHA256 132207481aa2d22129a316e902062d0633ce1555fdb96da83393320b1369dc20
SHA512 f9c2b8e910b32569ed3046a61903025943af77f738776d5cf69d55f5942c8152bbf244bb1e3c053021e494f0528834abf3b0eb5a21123d3b41370da87731310b

C:\Windows\System\lhIoLXK.exe

MD5 ff018c37aa7274ad18985c20a60af282
SHA1 88df7fa493aeecad248caf839262dbf431291b45
SHA256 24afee36730fe2169b087ce67a9c79bca4e4ef45089585fc047e33fbfb63b21d
SHA512 a2197e8bf3fde42d67fc0e283ff9b9bb87cbc8536c3a268e57468b7a35826dc62a55fbc51a49dd11cf424ff177c0e2c3c012785e0066689adeed41b07fd110f2

C:\Windows\System\GEzhXTo.exe

MD5 e4db2d00df144f1e596f0e42b71aca68
SHA1 8cdae81b925b21f3a6275e56314888e827583e6e
SHA256 780c12042550b620baa956be090eb1da35a027e243b9099aa5bcc567625d6eba
SHA512 706a9ce338f9b683c72acd807a792f237ddc1f4943f821b53cb5148a45f5e34550334bee48a9bc2ae015d3e5f8709ec91ffc48d353f530a4881131927dab85c5

C:\Windows\System\skwyCwp.exe

MD5 20fea29e085b4a2ab40a34568c8aa61c
SHA1 d35eb6eaa1a1c27cb24e5a3082959fa2ac347357
SHA256 5e659ded9e6e66443721992c5d6ee4c421377c83919f2f3f631ab5fe9766a458
SHA512 d2933556ea667f0484c5560d728bde41b5f9fd039122da0746c2fbcc108923086517bdec7f31f77176aa02fc8d63329d500ffe5df01850bc9e059d223d139f46

C:\Windows\System\yoJxbkO.exe

MD5 be6f019d7a0bfd160a324076a5d75551
SHA1 d7b2c7ae8977a2228d710ea6337271e6a237beab
SHA256 6a95897753430ea99d162573ab3ba2e445cfa51fad2b67f9a3650cf038ce1990
SHA512 cbe1a0dae1e675886f8400483b5db07702f4b23ce84c46079a12cd40ae2d5def93d3a1941274b6f3729b86fa384609595ec8aa4b19dd2e22f0e8bc9879996f01

C:\Windows\System\nmSXkWU.exe

MD5 b447d1273906958cc04e5da1622e4b16
SHA1 5a4ebb4a88f6131d923a94e2f9ad9d587622398b
SHA256 e3bb1b050739f0ee083b3143b1e8ddd2e577dafcee86ca69f99ddcbe1e675de0
SHA512 687cf47411e2d37afc699897509de16267fba7412eeb15096ba5951e8bd832c0126bc2282c95992e220b106062d8896eb4bfe2c2f4a33abc1b0daeec8fe5333c

C:\Windows\System\lvAVSkp.exe

MD5 d3444c79912ce338a7d9eefc08ecc8e8
SHA1 0e3065976ee614110bd33788914a406ec12ea81e
SHA256 cfabdc91228bb3cf736c163dc781624121f1f87be7417bef032bf3d809fc73a0
SHA512 7d4c7e7fa2e30fbfc5817e18a6e64c08b47c02038e95b82b63b150bd9de6d3c052e20ec95c0cc9dceb848f68a706c53dcd0aaf8a489f7deed4a0a988cc2426b2

C:\Windows\System\MDvnTsp.exe

MD5 bb8d6023733ff3c42d32592f18cf8454
SHA1 f40d8f5c04dbdb31305417b4eecdc4d48eb6f32f
SHA256 a4e1a838a66006ac40da07e2173905eb59ddd928a06161097c4597a4f459031d
SHA512 aeaf5abc4122656136ad3abc672d739791aa6b6058bad8578c0093793924070207c9e94d137e0c5622c20e9d0e821ad0b202e71d468f2d12f470a9e602c3fb76

C:\Windows\System\ubGGDCE.exe

MD5 6b91eaa279712374006cf2b0e4504a3e
SHA1 c718d25dee567ac7051796715ba80a818e7557ce
SHA256 4c4791efb18b416bb69da932e207e368ae5468f22d3a7e27b76f9334a285072c
SHA512 5437821586719e3fc0235ebbc02edb52d2cd5ef425f1353f6bbca1ef4b359ff23ddd6c295271045bee4480da2d1e107df9ec5848a8ee50745445cf52f5e71fac

C:\Windows\System\ajMDpaF.exe

MD5 92a43e5fb1d031e5a399310d6b632cdb
SHA1 ec209b097afd89e98046600822b391aa4c1c205c
SHA256 47648e63d98ff02c4aa09149dfea719481ee33d07471185fef1c24f5015877dc
SHA512 5483de3df783ec6e7b701746669ab6f6cd6ae14e4d9220162999e3ca53766bef06e37e4e8525c8b231e62844e0de0eb739f044489af387227e7d5533f498aefd

memory/396-93-0x00007FF66C3E0000-0x00007FF66C7D6000-memory.dmp

memory/2420-90-0x00007FF7B10F0000-0x00007FF7B14E6000-memory.dmp

memory/1972-78-0x00007FF6C1A40000-0x00007FF6C1E36000-memory.dmp

C:\Windows\System\tuPzapb.exe

MD5 48cf940a8804244f32d06e9f82389561
SHA1 4daabe6a74857088a37f550b6d901ae318da8325
SHA256 db14ead74938f67c7ea00d540ed9523d4064b6dba578e50c5c212babe3162695
SHA512 aff7612c62bd7536f01feabf5a5c2c0cfbb9b057fb016ca789a8e3c1e7400d5994e4ef0cb84b68f8b060e95f5fbadd16ad5b197acc70feaca62540f76718cf13

C:\Windows\System\KXZitdA.exe

MD5 1adcbae2ae8dab5f9e2b8930a25fa8eb
SHA1 603a8603f77025d0957723477e087a5afb99b276
SHA256 3c634350864007f3bc14de59971e5b2ec2b07bc72ca89a9dac4086f2f8523b65
SHA512 8a89b2650c84d2fd7e150f7413bbec93aa550ad216389f28826c387413a69b0476807ce3264be85afe7907188578a42773f1ff19c5e98d27328c57fabcb1b13d

memory/4980-1890-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp

memory/916-62-0x00007FF615F00000-0x00007FF6162F6000-memory.dmp

C:\Windows\System\zbnHNUB.exe

MD5 e277287c16c81d51ceeb8967e0623550
SHA1 db10b06a2c9dbf3994be9d89cf94f2626f997804
SHA256 6c449170abd7026e22f0f86855dcf919169a9dac78d75a161b2727a68b90a9dd
SHA512 107f02f867ee9b44ddf947f250ddf79e45eb44f61a223fd467355683487ddd8e6235b9c6b6aef85caeeff5a98b67ef55ea1527c0215e5b36fb0ac84109fa7418

C:\Windows\System\WyqRAkx.exe

MD5 bef7e72ada0c8449cb6364f062a9c5bc
SHA1 84324431e86ca475971aaa8e42e20491b87b5bb8
SHA256 4cc5de8d6e1873d3141ded54544c022a6068f258cb579d961170b2d87fb6011b
SHA512 778c1144988768cafbe6a44066b4db1a876ae9b2b2373410af176e0d8ee1348434f5f14067f62b8355b6a7913498e683189436c209b94a7dfbe2ceb3ca44b259

memory/3096-53-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

memory/3096-51-0x00000270CCF20000-0x00000270CCF42000-memory.dmp

C:\Windows\System\fkmsaWY.exe

MD5 e709bd9afec24b0c042cc7125b574032
SHA1 b824963c6f84339398e8dd3911103fef92d2e2ae
SHA256 b4fbd747351f198491f468fd833d431285934725ccaaedc17e1b906995e9746d
SHA512 96472ba156354ebd1f2788aa477759fbd6b80f3a3a9b4b5b6150dbc8fcb4b915f7887c8e9d5d66a9fc5a9ec8cd19d1c3c40a6abee79db01f188d5f81c7724b48

memory/4980-11-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp

memory/4980-1891-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp

memory/1428-1892-0x00007FF68C700000-0x00007FF68CAF6000-memory.dmp

memory/1912-1893-0x00007FF638190000-0x00007FF638586000-memory.dmp

memory/916-1894-0x00007FF615F00000-0x00007FF6162F6000-memory.dmp

memory/400-1895-0x00007FF6CABC0000-0x00007FF6CAFB6000-memory.dmp

memory/3052-1896-0x00007FF65A880000-0x00007FF65AC76000-memory.dmp

memory/2420-1898-0x00007FF7B10F0000-0x00007FF7B14E6000-memory.dmp

memory/2988-1897-0x00007FF763C80000-0x00007FF764076000-memory.dmp

memory/1972-1899-0x00007FF6C1A40000-0x00007FF6C1E36000-memory.dmp

memory/396-1901-0x00007FF66C3E0000-0x00007FF66C7D6000-memory.dmp

memory/5060-1900-0x00007FF7195F0000-0x00007FF7199E6000-memory.dmp

memory/2208-1902-0x00007FF7B0DA0000-0x00007FF7B1196000-memory.dmp

memory/2964-1903-0x00007FF6F1A40000-0x00007FF6F1E36000-memory.dmp

memory/2340-1904-0x00007FF7ACBE0000-0x00007FF7ACFD6000-memory.dmp

memory/996-1905-0x00007FF6203E0000-0x00007FF6207D6000-memory.dmp

memory/812-1906-0x00007FF65C4C0000-0x00007FF65C8B6000-memory.dmp

memory/2076-1908-0x00007FF6B6040000-0x00007FF6B6436000-memory.dmp

memory/1760-1907-0x00007FF728010000-0x00007FF728406000-memory.dmp

memory/2360-1909-0x00007FF651480000-0x00007FF651876000-memory.dmp

memory/3328-1910-0x00007FF6C9390000-0x00007FF6C9786000-memory.dmp

memory/3760-1911-0x00007FF744520000-0x00007FF744916000-memory.dmp

memory/4568-1914-0x00007FF7A5FE0000-0x00007FF7A63D6000-memory.dmp

memory/3012-1913-0x00007FF68FB40000-0x00007FF68FF36000-memory.dmp

memory/2160-1912-0x00007FF7EAD90000-0x00007FF7EB186000-memory.dmp