Malware Analysis Report

2025-01-06 15:38

Sample ID 240525-ty5wmsba25
Target 26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe
SHA256 95813db7adb9d8230eaf6f1bfe612086dee0c9a049eced198798f97c7113277a
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

95813db7adb9d8230eaf6f1bfe612086dee0c9a049eced198798f97c7113277a

Threat Level: Known bad

The file 26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 16:28

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 16:28

Reported

2024-05-25 16:31

Platform

win7-20240508-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dbPZUjV.exe N/A
N/A N/A C:\Windows\System\IUFzDHx.exe N/A
N/A N/A C:\Windows\System\NqBsJcj.exe N/A
N/A N/A C:\Windows\System\yDFFlQa.exe N/A
N/A N/A C:\Windows\System\ikyuinX.exe N/A
N/A N/A C:\Windows\System\UPhSEjr.exe N/A
N/A N/A C:\Windows\System\lYiKRPC.exe N/A
N/A N/A C:\Windows\System\XZRNRYo.exe N/A
N/A N/A C:\Windows\System\zFTEYIo.exe N/A
N/A N/A C:\Windows\System\kyIljpk.exe N/A
N/A N/A C:\Windows\System\KIoQRQV.exe N/A
N/A N/A C:\Windows\System\mhdMfBo.exe N/A
N/A N/A C:\Windows\System\MdIrsEY.exe N/A
N/A N/A C:\Windows\System\zmfHrma.exe N/A
N/A N/A C:\Windows\System\gnqIfoP.exe N/A
N/A N/A C:\Windows\System\FfgnNos.exe N/A
N/A N/A C:\Windows\System\UxMhaeb.exe N/A
N/A N/A C:\Windows\System\QubnOvJ.exe N/A
N/A N/A C:\Windows\System\wVdPruI.exe N/A
N/A N/A C:\Windows\System\QoCMQRD.exe N/A
N/A N/A C:\Windows\System\yjMdtdw.exe N/A
N/A N/A C:\Windows\System\XhhHqdG.exe N/A
N/A N/A C:\Windows\System\giCHmoW.exe N/A
N/A N/A C:\Windows\System\innXFbP.exe N/A
N/A N/A C:\Windows\System\CBvCQGa.exe N/A
N/A N/A C:\Windows\System\xkwBPVz.exe N/A
N/A N/A C:\Windows\System\mFwQtHH.exe N/A
N/A N/A C:\Windows\System\dXPDvEa.exe N/A
N/A N/A C:\Windows\System\CvqzYSo.exe N/A
N/A N/A C:\Windows\System\DmPvpKv.exe N/A
N/A N/A C:\Windows\System\NskRmLi.exe N/A
N/A N/A C:\Windows\System\JhvvXJb.exe N/A
N/A N/A C:\Windows\System\mrHHeep.exe N/A
N/A N/A C:\Windows\System\nLXHsrk.exe N/A
N/A N/A C:\Windows\System\IWdbfQh.exe N/A
N/A N/A C:\Windows\System\BFCPVgX.exe N/A
N/A N/A C:\Windows\System\lpQwLoa.exe N/A
N/A N/A C:\Windows\System\JwljqDg.exe N/A
N/A N/A C:\Windows\System\fabmswg.exe N/A
N/A N/A C:\Windows\System\PDQDauC.exe N/A
N/A N/A C:\Windows\System\StbtNgQ.exe N/A
N/A N/A C:\Windows\System\IRFGYZt.exe N/A
N/A N/A C:\Windows\System\yrAaiPT.exe N/A
N/A N/A C:\Windows\System\CAzSxYo.exe N/A
N/A N/A C:\Windows\System\hIVsAFQ.exe N/A
N/A N/A C:\Windows\System\cnIxEGM.exe N/A
N/A N/A C:\Windows\System\DJvbzNa.exe N/A
N/A N/A C:\Windows\System\WxfnPvy.exe N/A
N/A N/A C:\Windows\System\cXxLvHL.exe N/A
N/A N/A C:\Windows\System\MCiOJSQ.exe N/A
N/A N/A C:\Windows\System\tNAvQcf.exe N/A
N/A N/A C:\Windows\System\UWvYrbR.exe N/A
N/A N/A C:\Windows\System\xBGMWdp.exe N/A
N/A N/A C:\Windows\System\dihDFmO.exe N/A
N/A N/A C:\Windows\System\XmgVllP.exe N/A
N/A N/A C:\Windows\System\mWZdOVn.exe N/A
N/A N/A C:\Windows\System\dhecDuV.exe N/A
N/A N/A C:\Windows\System\guUJHry.exe N/A
N/A N/A C:\Windows\System\RweGJEO.exe N/A
N/A N/A C:\Windows\System\XsidSuK.exe N/A
N/A N/A C:\Windows\System\qqvRIcL.exe N/A
N/A N/A C:\Windows\System\dxxTkre.exe N/A
N/A N/A C:\Windows\System\NOYAYIu.exe N/A
N/A N/A C:\Windows\System\JqFnZsM.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LigHoBN.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lpuKtgj.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ERaoeVE.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yuSKxGq.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKkraDs.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSYOoeI.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CMDBPxk.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HmScQbL.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OBdbEng.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezAkmwr.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFsYtZb.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VgvoZCn.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJIuGcp.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FfSPjaM.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wALXteE.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RXOSZjW.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uzrGysh.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSnvdET.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNzQMyq.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImloAGN.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SWWQjYq.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UUDLtxg.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TKENgBt.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivwKMHC.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FSjsRBB.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AFJfdqi.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IraRoIR.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRxISBu.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSUAkNQ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bmZRLYn.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZObsbe.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SxBCTym.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvQdfxZ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dRmIffA.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDZaZQZ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zASMwMz.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzWCTiE.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BjqpJOp.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VWQBAgy.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nPGWNZb.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqkxxfZ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHLQkxr.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lteVjYL.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PQGEsNN.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\irzhauH.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MvLlGXh.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mAwZBMP.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKvipha.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEhmGEK.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTjyNws.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tYptRmp.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Teppira.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jOkylQV.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FswifPU.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYOraui.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHycrtU.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KgrqWRW.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZJEhsL.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EkutxFN.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dQaCYOj.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DvOgRIy.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TDZAqXz.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FJQpifB.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnazHbS.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2984 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2984 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2984 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2984 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\dbPZUjV.exe
PID 2984 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\dbPZUjV.exe
PID 2984 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\dbPZUjV.exe
PID 2984 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\IUFzDHx.exe
PID 2984 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\IUFzDHx.exe
PID 2984 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\IUFzDHx.exe
PID 2984 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\NqBsJcj.exe
PID 2984 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\NqBsJcj.exe
PID 2984 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\NqBsJcj.exe
PID 2984 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\lYiKRPC.exe
PID 2984 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\lYiKRPC.exe
PID 2984 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\lYiKRPC.exe
PID 2984 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\yDFFlQa.exe
PID 2984 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\yDFFlQa.exe
PID 2984 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\yDFFlQa.exe
PID 2984 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zFTEYIo.exe
PID 2984 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zFTEYIo.exe
PID 2984 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zFTEYIo.exe
PID 2984 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\ikyuinX.exe
PID 2984 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\ikyuinX.exe
PID 2984 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\ikyuinX.exe
PID 2984 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\mhdMfBo.exe
PID 2984 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\mhdMfBo.exe
PID 2984 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\mhdMfBo.exe
PID 2984 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UPhSEjr.exe
PID 2984 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UPhSEjr.exe
PID 2984 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UPhSEjr.exe
PID 2984 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\MdIrsEY.exe
PID 2984 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\MdIrsEY.exe
PID 2984 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\MdIrsEY.exe
PID 2984 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\XZRNRYo.exe
PID 2984 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\XZRNRYo.exe
PID 2984 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\XZRNRYo.exe
PID 2984 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\gnqIfoP.exe
PID 2984 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\gnqIfoP.exe
PID 2984 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\gnqIfoP.exe
PID 2984 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\kyIljpk.exe
PID 2984 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\kyIljpk.exe
PID 2984 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\kyIljpk.exe
PID 2984 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\FfgnNos.exe
PID 2984 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\FfgnNos.exe
PID 2984 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\FfgnNos.exe
PID 2984 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\KIoQRQV.exe
PID 2984 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\KIoQRQV.exe
PID 2984 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\KIoQRQV.exe
PID 2984 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UxMhaeb.exe
PID 2984 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UxMhaeb.exe
PID 2984 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UxMhaeb.exe
PID 2984 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zmfHrma.exe
PID 2984 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zmfHrma.exe
PID 2984 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zmfHrma.exe
PID 2984 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QubnOvJ.exe
PID 2984 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QubnOvJ.exe
PID 2984 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QubnOvJ.exe
PID 2984 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\wVdPruI.exe
PID 2984 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\wVdPruI.exe
PID 2984 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\wVdPruI.exe
PID 2984 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QoCMQRD.exe
PID 2984 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QoCMQRD.exe
PID 2984 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QoCMQRD.exe
PID 2984 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\yjMdtdw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\dbPZUjV.exe

C:\Windows\System\dbPZUjV.exe

C:\Windows\System\IUFzDHx.exe

C:\Windows\System\IUFzDHx.exe

C:\Windows\System\NqBsJcj.exe

C:\Windows\System\NqBsJcj.exe

C:\Windows\System\lYiKRPC.exe

C:\Windows\System\lYiKRPC.exe

C:\Windows\System\yDFFlQa.exe

C:\Windows\System\yDFFlQa.exe

C:\Windows\System\zFTEYIo.exe

C:\Windows\System\zFTEYIo.exe

C:\Windows\System\ikyuinX.exe

C:\Windows\System\ikyuinX.exe

C:\Windows\System\mhdMfBo.exe

C:\Windows\System\mhdMfBo.exe

C:\Windows\System\UPhSEjr.exe

C:\Windows\System\UPhSEjr.exe

C:\Windows\System\MdIrsEY.exe

C:\Windows\System\MdIrsEY.exe

C:\Windows\System\XZRNRYo.exe

C:\Windows\System\XZRNRYo.exe

C:\Windows\System\gnqIfoP.exe

C:\Windows\System\gnqIfoP.exe

C:\Windows\System\kyIljpk.exe

C:\Windows\System\kyIljpk.exe

C:\Windows\System\FfgnNos.exe

C:\Windows\System\FfgnNos.exe

C:\Windows\System\KIoQRQV.exe

C:\Windows\System\KIoQRQV.exe

C:\Windows\System\UxMhaeb.exe

C:\Windows\System\UxMhaeb.exe

C:\Windows\System\zmfHrma.exe

C:\Windows\System\zmfHrma.exe

C:\Windows\System\QubnOvJ.exe

C:\Windows\System\QubnOvJ.exe

C:\Windows\System\wVdPruI.exe

C:\Windows\System\wVdPruI.exe

C:\Windows\System\QoCMQRD.exe

C:\Windows\System\QoCMQRD.exe

C:\Windows\System\yjMdtdw.exe

C:\Windows\System\yjMdtdw.exe

C:\Windows\System\XhhHqdG.exe

C:\Windows\System\XhhHqdG.exe

C:\Windows\System\giCHmoW.exe

C:\Windows\System\giCHmoW.exe

C:\Windows\System\innXFbP.exe

C:\Windows\System\innXFbP.exe

C:\Windows\System\CBvCQGa.exe

C:\Windows\System\CBvCQGa.exe

C:\Windows\System\xkwBPVz.exe

C:\Windows\System\xkwBPVz.exe

C:\Windows\System\mFwQtHH.exe

C:\Windows\System\mFwQtHH.exe

C:\Windows\System\dXPDvEa.exe

C:\Windows\System\dXPDvEa.exe

C:\Windows\System\CvqzYSo.exe

C:\Windows\System\CvqzYSo.exe

C:\Windows\System\IWdbfQh.exe

C:\Windows\System\IWdbfQh.exe

C:\Windows\System\DmPvpKv.exe

C:\Windows\System\DmPvpKv.exe

C:\Windows\System\hIVsAFQ.exe

C:\Windows\System\hIVsAFQ.exe

C:\Windows\System\NskRmLi.exe

C:\Windows\System\NskRmLi.exe

C:\Windows\System\cnIxEGM.exe

C:\Windows\System\cnIxEGM.exe

C:\Windows\System\JhvvXJb.exe

C:\Windows\System\JhvvXJb.exe

C:\Windows\System\DJvbzNa.exe

C:\Windows\System\DJvbzNa.exe

C:\Windows\System\mrHHeep.exe

C:\Windows\System\mrHHeep.exe

C:\Windows\System\WxfnPvy.exe

C:\Windows\System\WxfnPvy.exe

C:\Windows\System\nLXHsrk.exe

C:\Windows\System\nLXHsrk.exe

C:\Windows\System\cXxLvHL.exe

C:\Windows\System\cXxLvHL.exe

C:\Windows\System\BFCPVgX.exe

C:\Windows\System\BFCPVgX.exe

C:\Windows\System\MCiOJSQ.exe

C:\Windows\System\MCiOJSQ.exe

C:\Windows\System\lpQwLoa.exe

C:\Windows\System\lpQwLoa.exe

C:\Windows\System\tNAvQcf.exe

C:\Windows\System\tNAvQcf.exe

C:\Windows\System\JwljqDg.exe

C:\Windows\System\JwljqDg.exe

C:\Windows\System\UWvYrbR.exe

C:\Windows\System\UWvYrbR.exe

C:\Windows\System\fabmswg.exe

C:\Windows\System\fabmswg.exe

C:\Windows\System\xBGMWdp.exe

C:\Windows\System\xBGMWdp.exe

C:\Windows\System\PDQDauC.exe

C:\Windows\System\PDQDauC.exe

C:\Windows\System\dihDFmO.exe

C:\Windows\System\dihDFmO.exe

C:\Windows\System\StbtNgQ.exe

C:\Windows\System\StbtNgQ.exe

C:\Windows\System\XmgVllP.exe

C:\Windows\System\XmgVllP.exe

C:\Windows\System\IRFGYZt.exe

C:\Windows\System\IRFGYZt.exe

C:\Windows\System\mWZdOVn.exe

C:\Windows\System\mWZdOVn.exe

C:\Windows\System\yrAaiPT.exe

C:\Windows\System\yrAaiPT.exe

C:\Windows\System\dhecDuV.exe

C:\Windows\System\dhecDuV.exe

C:\Windows\System\CAzSxYo.exe

C:\Windows\System\CAzSxYo.exe

C:\Windows\System\VRsjJYI.exe

C:\Windows\System\VRsjJYI.exe

C:\Windows\System\guUJHry.exe

C:\Windows\System\guUJHry.exe

C:\Windows\System\lKjWMdc.exe

C:\Windows\System\lKjWMdc.exe

C:\Windows\System\RweGJEO.exe

C:\Windows\System\RweGJEO.exe

C:\Windows\System\UcxebqK.exe

C:\Windows\System\UcxebqK.exe

C:\Windows\System\XsidSuK.exe

C:\Windows\System\XsidSuK.exe

C:\Windows\System\aPlOGiM.exe

C:\Windows\System\aPlOGiM.exe

C:\Windows\System\qqvRIcL.exe

C:\Windows\System\qqvRIcL.exe

C:\Windows\System\UIDouGp.exe

C:\Windows\System\UIDouGp.exe

C:\Windows\System\dxxTkre.exe

C:\Windows\System\dxxTkre.exe

C:\Windows\System\eWJkhiZ.exe

C:\Windows\System\eWJkhiZ.exe

C:\Windows\System\NOYAYIu.exe

C:\Windows\System\NOYAYIu.exe

C:\Windows\System\CHEuGNE.exe

C:\Windows\System\CHEuGNE.exe

C:\Windows\System\JqFnZsM.exe

C:\Windows\System\JqFnZsM.exe

C:\Windows\System\nlIpjaX.exe

C:\Windows\System\nlIpjaX.exe

C:\Windows\System\khawvcN.exe

C:\Windows\System\khawvcN.exe

C:\Windows\System\EtZcBrP.exe

C:\Windows\System\EtZcBrP.exe

C:\Windows\System\uyFmVtq.exe

C:\Windows\System\uyFmVtq.exe

C:\Windows\System\zvWFbgi.exe

C:\Windows\System\zvWFbgi.exe

C:\Windows\System\mmlMiCx.exe

C:\Windows\System\mmlMiCx.exe

C:\Windows\System\lYpmhUH.exe

C:\Windows\System\lYpmhUH.exe

C:\Windows\System\qLuvaDx.exe

C:\Windows\System\qLuvaDx.exe

C:\Windows\System\mcwVMzn.exe

C:\Windows\System\mcwVMzn.exe

C:\Windows\System\qqZNXts.exe

C:\Windows\System\qqZNXts.exe

C:\Windows\System\MhtyQxA.exe

C:\Windows\System\MhtyQxA.exe

C:\Windows\System\WEXCbWh.exe

C:\Windows\System\WEXCbWh.exe

C:\Windows\System\JbWNUEt.exe

C:\Windows\System\JbWNUEt.exe

C:\Windows\System\OAiYagG.exe

C:\Windows\System\OAiYagG.exe

C:\Windows\System\UxgeIEK.exe

C:\Windows\System\UxgeIEK.exe

C:\Windows\System\SWUSvJJ.exe

C:\Windows\System\SWUSvJJ.exe

C:\Windows\System\DpWxQfV.exe

C:\Windows\System\DpWxQfV.exe

C:\Windows\System\FPbCkCW.exe

C:\Windows\System\FPbCkCW.exe

C:\Windows\System\HAHQgoS.exe

C:\Windows\System\HAHQgoS.exe

C:\Windows\System\vVhTcDR.exe

C:\Windows\System\vVhTcDR.exe

C:\Windows\System\rCmuBwL.exe

C:\Windows\System\rCmuBwL.exe

C:\Windows\System\NRwTTqp.exe

C:\Windows\System\NRwTTqp.exe

C:\Windows\System\bWdoNra.exe

C:\Windows\System\bWdoNra.exe

C:\Windows\System\VrTImvI.exe

C:\Windows\System\VrTImvI.exe

C:\Windows\System\yKZQVYm.exe

C:\Windows\System\yKZQVYm.exe

C:\Windows\System\IRqOMDr.exe

C:\Windows\System\IRqOMDr.exe

C:\Windows\System\rTNkPEY.exe

C:\Windows\System\rTNkPEY.exe

C:\Windows\System\MfqEqgD.exe

C:\Windows\System\MfqEqgD.exe

C:\Windows\System\aVFlvnN.exe

C:\Windows\System\aVFlvnN.exe

C:\Windows\System\XvnxoMD.exe

C:\Windows\System\XvnxoMD.exe

C:\Windows\System\PJfyAHN.exe

C:\Windows\System\PJfyAHN.exe

C:\Windows\System\ysbyIxT.exe

C:\Windows\System\ysbyIxT.exe

C:\Windows\System\TeoJXxq.exe

C:\Windows\System\TeoJXxq.exe

C:\Windows\System\xcPHaaj.exe

C:\Windows\System\xcPHaaj.exe

C:\Windows\System\pjJPADC.exe

C:\Windows\System\pjJPADC.exe

C:\Windows\System\CCUTkvz.exe

C:\Windows\System\CCUTkvz.exe

C:\Windows\System\xZsTltL.exe

C:\Windows\System\xZsTltL.exe

C:\Windows\System\Dydvpki.exe

C:\Windows\System\Dydvpki.exe

C:\Windows\System\RPlBwMq.exe

C:\Windows\System\RPlBwMq.exe

C:\Windows\System\QDYiRyX.exe

C:\Windows\System\QDYiRyX.exe

C:\Windows\System\keAsKEH.exe

C:\Windows\System\keAsKEH.exe

C:\Windows\System\wZEJZMU.exe

C:\Windows\System\wZEJZMU.exe

C:\Windows\System\xAzQAHC.exe

C:\Windows\System\xAzQAHC.exe

C:\Windows\System\MLRhpjl.exe

C:\Windows\System\MLRhpjl.exe

C:\Windows\System\SfvPwrx.exe

C:\Windows\System\SfvPwrx.exe

C:\Windows\System\oWIhIhi.exe

C:\Windows\System\oWIhIhi.exe

C:\Windows\System\lMPhrHL.exe

C:\Windows\System\lMPhrHL.exe

C:\Windows\System\YjPDEUU.exe

C:\Windows\System\YjPDEUU.exe

C:\Windows\System\hfWEiqo.exe

C:\Windows\System\hfWEiqo.exe

C:\Windows\System\VKXtrBi.exe

C:\Windows\System\VKXtrBi.exe

C:\Windows\System\AilJMpm.exe

C:\Windows\System\AilJMpm.exe

C:\Windows\System\qvXnciX.exe

C:\Windows\System\qvXnciX.exe

C:\Windows\System\DwjMDBi.exe

C:\Windows\System\DwjMDBi.exe

C:\Windows\System\LdYQckb.exe

C:\Windows\System\LdYQckb.exe

C:\Windows\System\TXGZWeF.exe

C:\Windows\System\TXGZWeF.exe

C:\Windows\System\fHenWaO.exe

C:\Windows\System\fHenWaO.exe

C:\Windows\System\hdXSpvJ.exe

C:\Windows\System\hdXSpvJ.exe

C:\Windows\System\bdzahzk.exe

C:\Windows\System\bdzahzk.exe

C:\Windows\System\qXfwqsG.exe

C:\Windows\System\qXfwqsG.exe

C:\Windows\System\zioJSqD.exe

C:\Windows\System\zioJSqD.exe

C:\Windows\System\XJOHsSM.exe

C:\Windows\System\XJOHsSM.exe

C:\Windows\System\zfFWgcr.exe

C:\Windows\System\zfFWgcr.exe

C:\Windows\System\hRPNRYL.exe

C:\Windows\System\hRPNRYL.exe

C:\Windows\System\ojBQGmZ.exe

C:\Windows\System\ojBQGmZ.exe

C:\Windows\System\dPBpPLX.exe

C:\Windows\System\dPBpPLX.exe

C:\Windows\System\EQLKcmK.exe

C:\Windows\System\EQLKcmK.exe

C:\Windows\System\HUGzmRn.exe

C:\Windows\System\HUGzmRn.exe

C:\Windows\System\IkrtkCV.exe

C:\Windows\System\IkrtkCV.exe

C:\Windows\System\Kivbymj.exe

C:\Windows\System\Kivbymj.exe

C:\Windows\System\fEdyivM.exe

C:\Windows\System\fEdyivM.exe

C:\Windows\System\ConpoCh.exe

C:\Windows\System\ConpoCh.exe

C:\Windows\System\uqxARIc.exe

C:\Windows\System\uqxARIc.exe

C:\Windows\System\OGcsjcz.exe

C:\Windows\System\OGcsjcz.exe

C:\Windows\System\avnfVmq.exe

C:\Windows\System\avnfVmq.exe

C:\Windows\System\vOaIrqA.exe

C:\Windows\System\vOaIrqA.exe

C:\Windows\System\TJVHWda.exe

C:\Windows\System\TJVHWda.exe

C:\Windows\System\GxDnBhy.exe

C:\Windows\System\GxDnBhy.exe

C:\Windows\System\nLIbEVt.exe

C:\Windows\System\nLIbEVt.exe

C:\Windows\System\FVhSUZS.exe

C:\Windows\System\FVhSUZS.exe

C:\Windows\System\IugtROE.exe

C:\Windows\System\IugtROE.exe

C:\Windows\System\COZbDDs.exe

C:\Windows\System\COZbDDs.exe

C:\Windows\System\wYkLHUl.exe

C:\Windows\System\wYkLHUl.exe

C:\Windows\System\LxJqZen.exe

C:\Windows\System\LxJqZen.exe

C:\Windows\System\uHZBfHl.exe

C:\Windows\System\uHZBfHl.exe

C:\Windows\System\iEvOJRi.exe

C:\Windows\System\iEvOJRi.exe

C:\Windows\System\OhlPtlj.exe

C:\Windows\System\OhlPtlj.exe

C:\Windows\System\rJrddVa.exe

C:\Windows\System\rJrddVa.exe

C:\Windows\System\CYNReCT.exe

C:\Windows\System\CYNReCT.exe

C:\Windows\System\yAAQuHB.exe

C:\Windows\System\yAAQuHB.exe

C:\Windows\System\fetTJwk.exe

C:\Windows\System\fetTJwk.exe

C:\Windows\System\NQppbGi.exe

C:\Windows\System\NQppbGi.exe

C:\Windows\System\tqZrRiQ.exe

C:\Windows\System\tqZrRiQ.exe

C:\Windows\System\BxZVtqn.exe

C:\Windows\System\BxZVtqn.exe

C:\Windows\System\mMqeNtz.exe

C:\Windows\System\mMqeNtz.exe

C:\Windows\System\nlMkGlE.exe

C:\Windows\System\nlMkGlE.exe

C:\Windows\System\eBsVfkC.exe

C:\Windows\System\eBsVfkC.exe

C:\Windows\System\lPhWfSb.exe

C:\Windows\System\lPhWfSb.exe

C:\Windows\System\BOtbIJm.exe

C:\Windows\System\BOtbIJm.exe

C:\Windows\System\pCQlLng.exe

C:\Windows\System\pCQlLng.exe

C:\Windows\System\YdkCJNl.exe

C:\Windows\System\YdkCJNl.exe

C:\Windows\System\IQKrNAH.exe

C:\Windows\System\IQKrNAH.exe

C:\Windows\System\OSxqUwp.exe

C:\Windows\System\OSxqUwp.exe

C:\Windows\System\VfEOkCm.exe

C:\Windows\System\VfEOkCm.exe

C:\Windows\System\iAubPNm.exe

C:\Windows\System\iAubPNm.exe

C:\Windows\System\dkRCzPP.exe

C:\Windows\System\dkRCzPP.exe

C:\Windows\System\uEmoaPG.exe

C:\Windows\System\uEmoaPG.exe

C:\Windows\System\rTgDrMH.exe

C:\Windows\System\rTgDrMH.exe

C:\Windows\System\HnKMcHA.exe

C:\Windows\System\HnKMcHA.exe

C:\Windows\System\KuXFUfp.exe

C:\Windows\System\KuXFUfp.exe

C:\Windows\System\fhHazZj.exe

C:\Windows\System\fhHazZj.exe

C:\Windows\System\jNyFWTr.exe

C:\Windows\System\jNyFWTr.exe

C:\Windows\System\eLPoYDA.exe

C:\Windows\System\eLPoYDA.exe

C:\Windows\System\vyInyqf.exe

C:\Windows\System\vyInyqf.exe

C:\Windows\System\gzsofse.exe

C:\Windows\System\gzsofse.exe

C:\Windows\System\hNVPXRZ.exe

C:\Windows\System\hNVPXRZ.exe

C:\Windows\System\KxMkCYS.exe

C:\Windows\System\KxMkCYS.exe

C:\Windows\System\GPoCQsX.exe

C:\Windows\System\GPoCQsX.exe

C:\Windows\System\mIMECvG.exe

C:\Windows\System\mIMECvG.exe

C:\Windows\System\PTUQnYy.exe

C:\Windows\System\PTUQnYy.exe

C:\Windows\System\LmigdIN.exe

C:\Windows\System\LmigdIN.exe

C:\Windows\System\CskxYPS.exe

C:\Windows\System\CskxYPS.exe

C:\Windows\System\BfRcoTE.exe

C:\Windows\System\BfRcoTE.exe

C:\Windows\System\nXLzSuQ.exe

C:\Windows\System\nXLzSuQ.exe

C:\Windows\System\XYqVlcs.exe

C:\Windows\System\XYqVlcs.exe

C:\Windows\System\gzsmOQd.exe

C:\Windows\System\gzsmOQd.exe

C:\Windows\System\bmGSYIh.exe

C:\Windows\System\bmGSYIh.exe

C:\Windows\System\HGWQvgp.exe

C:\Windows\System\HGWQvgp.exe

C:\Windows\System\jMriaTZ.exe

C:\Windows\System\jMriaTZ.exe

C:\Windows\System\OaWTbAU.exe

C:\Windows\System\OaWTbAU.exe

C:\Windows\System\MKGlESu.exe

C:\Windows\System\MKGlESu.exe

C:\Windows\System\HPKVrDp.exe

C:\Windows\System\HPKVrDp.exe

C:\Windows\System\TXRasaG.exe

C:\Windows\System\TXRasaG.exe

C:\Windows\System\qlppWGw.exe

C:\Windows\System\qlppWGw.exe

C:\Windows\System\ZzBmdLM.exe

C:\Windows\System\ZzBmdLM.exe

C:\Windows\System\iQigJBr.exe

C:\Windows\System\iQigJBr.exe

C:\Windows\System\mVGxrKW.exe

C:\Windows\System\mVGxrKW.exe

C:\Windows\System\dtjdyUB.exe

C:\Windows\System\dtjdyUB.exe

C:\Windows\System\tffedQT.exe

C:\Windows\System\tffedQT.exe

C:\Windows\System\wAzsKDJ.exe

C:\Windows\System\wAzsKDJ.exe

C:\Windows\System\RAesSAV.exe

C:\Windows\System\RAesSAV.exe

C:\Windows\System\MLJuVAi.exe

C:\Windows\System\MLJuVAi.exe

C:\Windows\System\ffMTubZ.exe

C:\Windows\System\ffMTubZ.exe

C:\Windows\System\ZwnKaYR.exe

C:\Windows\System\ZwnKaYR.exe

C:\Windows\System\GKJdySB.exe

C:\Windows\System\GKJdySB.exe

C:\Windows\System\HgzTyHh.exe

C:\Windows\System\HgzTyHh.exe

C:\Windows\System\PFZgYTL.exe

C:\Windows\System\PFZgYTL.exe

C:\Windows\System\BtLTiAo.exe

C:\Windows\System\BtLTiAo.exe

C:\Windows\System\DqpNnna.exe

C:\Windows\System\DqpNnna.exe

C:\Windows\System\QSMjTYR.exe

C:\Windows\System\QSMjTYR.exe

C:\Windows\System\BjlhPZq.exe

C:\Windows\System\BjlhPZq.exe

C:\Windows\System\iUVnTDN.exe

C:\Windows\System\iUVnTDN.exe

C:\Windows\System\UtAIUTG.exe

C:\Windows\System\UtAIUTG.exe

C:\Windows\System\YBnandx.exe

C:\Windows\System\YBnandx.exe

C:\Windows\System\DmaRjvM.exe

C:\Windows\System\DmaRjvM.exe

C:\Windows\System\cLgtTwg.exe

C:\Windows\System\cLgtTwg.exe

C:\Windows\System\JTWVnkH.exe

C:\Windows\System\JTWVnkH.exe

C:\Windows\System\UdpEVXT.exe

C:\Windows\System\UdpEVXT.exe

C:\Windows\System\HkMeznf.exe

C:\Windows\System\HkMeznf.exe

C:\Windows\System\kAOIXEG.exe

C:\Windows\System\kAOIXEG.exe

C:\Windows\System\BeClztH.exe

C:\Windows\System\BeClztH.exe

C:\Windows\System\lVmCgKo.exe

C:\Windows\System\lVmCgKo.exe

C:\Windows\System\JUsVECk.exe

C:\Windows\System\JUsVECk.exe

C:\Windows\System\CrxzHfc.exe

C:\Windows\System\CrxzHfc.exe

C:\Windows\System\VeoPnfM.exe

C:\Windows\System\VeoPnfM.exe

C:\Windows\System\QXJvuUR.exe

C:\Windows\System\QXJvuUR.exe

C:\Windows\System\AIAkwgW.exe

C:\Windows\System\AIAkwgW.exe

C:\Windows\System\iLTUuXl.exe

C:\Windows\System\iLTUuXl.exe

C:\Windows\System\ohNwYyw.exe

C:\Windows\System\ohNwYyw.exe

C:\Windows\System\EohzQdP.exe

C:\Windows\System\EohzQdP.exe

C:\Windows\System\zCUTxpW.exe

C:\Windows\System\zCUTxpW.exe

C:\Windows\System\zBgoKVQ.exe

C:\Windows\System\zBgoKVQ.exe

C:\Windows\System\tYHacyr.exe

C:\Windows\System\tYHacyr.exe

C:\Windows\System\puvIbsF.exe

C:\Windows\System\puvIbsF.exe

C:\Windows\System\XyGyLMm.exe

C:\Windows\System\XyGyLMm.exe

C:\Windows\System\iOCywlm.exe

C:\Windows\System\iOCywlm.exe

C:\Windows\System\cDdqqDY.exe

C:\Windows\System\cDdqqDY.exe

C:\Windows\System\TPJMJWI.exe

C:\Windows\System\TPJMJWI.exe

C:\Windows\System\zwLvVYm.exe

C:\Windows\System\zwLvVYm.exe

C:\Windows\System\cNczmpl.exe

C:\Windows\System\cNczmpl.exe

C:\Windows\System\VRtQXSN.exe

C:\Windows\System\VRtQXSN.exe

C:\Windows\System\sEblPno.exe

C:\Windows\System\sEblPno.exe

C:\Windows\System\xwwAtWa.exe

C:\Windows\System\xwwAtWa.exe

C:\Windows\System\WlDcqbv.exe

C:\Windows\System\WlDcqbv.exe

C:\Windows\System\PUzfSbv.exe

C:\Windows\System\PUzfSbv.exe

C:\Windows\System\UBgXbkd.exe

C:\Windows\System\UBgXbkd.exe

C:\Windows\System\ulkuOoX.exe

C:\Windows\System\ulkuOoX.exe

C:\Windows\System\hQOIKcr.exe

C:\Windows\System\hQOIKcr.exe

C:\Windows\System\BcPNwmn.exe

C:\Windows\System\BcPNwmn.exe

C:\Windows\System\ZcjSJUG.exe

C:\Windows\System\ZcjSJUG.exe

C:\Windows\System\VSqJrHI.exe

C:\Windows\System\VSqJrHI.exe

C:\Windows\System\urXYzGL.exe

C:\Windows\System\urXYzGL.exe

C:\Windows\System\DcmQbsA.exe

C:\Windows\System\DcmQbsA.exe

C:\Windows\System\xATEwtq.exe

C:\Windows\System\xATEwtq.exe

C:\Windows\System\pTJZKce.exe

C:\Windows\System\pTJZKce.exe

C:\Windows\System\ixNSpNj.exe

C:\Windows\System\ixNSpNj.exe

C:\Windows\System\RUtLLVk.exe

C:\Windows\System\RUtLLVk.exe

C:\Windows\System\qERExPN.exe

C:\Windows\System\qERExPN.exe

C:\Windows\System\qnzxlPR.exe

C:\Windows\System\qnzxlPR.exe

C:\Windows\System\HcHVTqX.exe

C:\Windows\System\HcHVTqX.exe

C:\Windows\System\GXzCeGX.exe

C:\Windows\System\GXzCeGX.exe

C:\Windows\System\NRUetoM.exe

C:\Windows\System\NRUetoM.exe

C:\Windows\System\VnAurkr.exe

C:\Windows\System\VnAurkr.exe

C:\Windows\System\bYSXlro.exe

C:\Windows\System\bYSXlro.exe

C:\Windows\System\qwaDaTh.exe

C:\Windows\System\qwaDaTh.exe

C:\Windows\System\pAJpHEN.exe

C:\Windows\System\pAJpHEN.exe

C:\Windows\System\YYUTXMa.exe

C:\Windows\System\YYUTXMa.exe

C:\Windows\System\SPRjLlU.exe

C:\Windows\System\SPRjLlU.exe

C:\Windows\System\RKLlNHm.exe

C:\Windows\System\RKLlNHm.exe

C:\Windows\System\XfvqOyS.exe

C:\Windows\System\XfvqOyS.exe

C:\Windows\System\DOstYlY.exe

C:\Windows\System\DOstYlY.exe

C:\Windows\System\BSgifer.exe

C:\Windows\System\BSgifer.exe

C:\Windows\System\OSjEqbk.exe

C:\Windows\System\OSjEqbk.exe

C:\Windows\System\LcvQcVL.exe

C:\Windows\System\LcvQcVL.exe

C:\Windows\System\uulFaDK.exe

C:\Windows\System\uulFaDK.exe

C:\Windows\System\SfRdQwQ.exe

C:\Windows\System\SfRdQwQ.exe

C:\Windows\System\bpcCYpM.exe

C:\Windows\System\bpcCYpM.exe

C:\Windows\System\XjMPYbe.exe

C:\Windows\System\XjMPYbe.exe

C:\Windows\System\vyPoAnX.exe

C:\Windows\System\vyPoAnX.exe

C:\Windows\System\KfrvDdg.exe

C:\Windows\System\KfrvDdg.exe

C:\Windows\System\SynVaue.exe

C:\Windows\System\SynVaue.exe

C:\Windows\System\gIjxUSc.exe

C:\Windows\System\gIjxUSc.exe

C:\Windows\System\uNOsJop.exe

C:\Windows\System\uNOsJop.exe

C:\Windows\System\JTxoatz.exe

C:\Windows\System\JTxoatz.exe

C:\Windows\System\gTWSegE.exe

C:\Windows\System\gTWSegE.exe

C:\Windows\System\jZJBszT.exe

C:\Windows\System\jZJBszT.exe

C:\Windows\System\WRArXIp.exe

C:\Windows\System\WRArXIp.exe

C:\Windows\System\SpNHuCh.exe

C:\Windows\System\SpNHuCh.exe

C:\Windows\System\kUayhoA.exe

C:\Windows\System\kUayhoA.exe

C:\Windows\System\LNVkyST.exe

C:\Windows\System\LNVkyST.exe

C:\Windows\System\boWUHcH.exe

C:\Windows\System\boWUHcH.exe

C:\Windows\System\eTYqSAT.exe

C:\Windows\System\eTYqSAT.exe

C:\Windows\System\qdJueZE.exe

C:\Windows\System\qdJueZE.exe

C:\Windows\System\iRJSVvJ.exe

C:\Windows\System\iRJSVvJ.exe

C:\Windows\System\pHUrygG.exe

C:\Windows\System\pHUrygG.exe

C:\Windows\System\FXfoZlf.exe

C:\Windows\System\FXfoZlf.exe

C:\Windows\System\RHieMUA.exe

C:\Windows\System\RHieMUA.exe

C:\Windows\System\odFwgTM.exe

C:\Windows\System\odFwgTM.exe

C:\Windows\System\SZDRfzS.exe

C:\Windows\System\SZDRfzS.exe

C:\Windows\System\VvEPLoU.exe

C:\Windows\System\VvEPLoU.exe

C:\Windows\System\jGfxuKW.exe

C:\Windows\System\jGfxuKW.exe

C:\Windows\System\SdyYoZe.exe

C:\Windows\System\SdyYoZe.exe

C:\Windows\System\eYKnhqR.exe

C:\Windows\System\eYKnhqR.exe

C:\Windows\System\FTGiBUi.exe

C:\Windows\System\FTGiBUi.exe

C:\Windows\System\ZyGmpPC.exe

C:\Windows\System\ZyGmpPC.exe

C:\Windows\System\LSGUkhv.exe

C:\Windows\System\LSGUkhv.exe

C:\Windows\System\xWviHVj.exe

C:\Windows\System\xWviHVj.exe

C:\Windows\System\isTdQdP.exe

C:\Windows\System\isTdQdP.exe

C:\Windows\System\rCyaygJ.exe

C:\Windows\System\rCyaygJ.exe

C:\Windows\System\tcHnKvZ.exe

C:\Windows\System\tcHnKvZ.exe

C:\Windows\System\YrTlekm.exe

C:\Windows\System\YrTlekm.exe

C:\Windows\System\eHrsaRT.exe

C:\Windows\System\eHrsaRT.exe

C:\Windows\System\exrKHIz.exe

C:\Windows\System\exrKHIz.exe

C:\Windows\System\TFUHOhl.exe

C:\Windows\System\TFUHOhl.exe

C:\Windows\System\eoVjfxk.exe

C:\Windows\System\eoVjfxk.exe

C:\Windows\System\BoklFiH.exe

C:\Windows\System\BoklFiH.exe

C:\Windows\System\uFeTncG.exe

C:\Windows\System\uFeTncG.exe

C:\Windows\System\qqKAcdR.exe

C:\Windows\System\qqKAcdR.exe

C:\Windows\System\hlGppzZ.exe

C:\Windows\System\hlGppzZ.exe

C:\Windows\System\LELlCCH.exe

C:\Windows\System\LELlCCH.exe

C:\Windows\System\xXtZTQm.exe

C:\Windows\System\xXtZTQm.exe

C:\Windows\System\NSukmKA.exe

C:\Windows\System\NSukmKA.exe

C:\Windows\System\hCJnkCT.exe

C:\Windows\System\hCJnkCT.exe

C:\Windows\System\IfwJktP.exe

C:\Windows\System\IfwJktP.exe

C:\Windows\System\iVadcTn.exe

C:\Windows\System\iVadcTn.exe

C:\Windows\System\fTJoVgN.exe

C:\Windows\System\fTJoVgN.exe

C:\Windows\System\EvGiLqv.exe

C:\Windows\System\EvGiLqv.exe

C:\Windows\System\NmhAULb.exe

C:\Windows\System\NmhAULb.exe

C:\Windows\System\RedcGKn.exe

C:\Windows\System\RedcGKn.exe

C:\Windows\System\fNFVTpo.exe

C:\Windows\System\fNFVTpo.exe

C:\Windows\System\wvrpxQp.exe

C:\Windows\System\wvrpxQp.exe

C:\Windows\System\DOVFFPZ.exe

C:\Windows\System\DOVFFPZ.exe

C:\Windows\System\fVqCDee.exe

C:\Windows\System\fVqCDee.exe

C:\Windows\System\kQwjFNl.exe

C:\Windows\System\kQwjFNl.exe

C:\Windows\System\iGsAZLI.exe

C:\Windows\System\iGsAZLI.exe

C:\Windows\System\zMQVlvz.exe

C:\Windows\System\zMQVlvz.exe

C:\Windows\System\kJVaiGH.exe

C:\Windows\System\kJVaiGH.exe

C:\Windows\System\hBTdSDQ.exe

C:\Windows\System\hBTdSDQ.exe

C:\Windows\System\xCLNRqU.exe

C:\Windows\System\xCLNRqU.exe

C:\Windows\System\OJWkOeJ.exe

C:\Windows\System\OJWkOeJ.exe

C:\Windows\System\tRdeihl.exe

C:\Windows\System\tRdeihl.exe

C:\Windows\System\xOFGSdF.exe

C:\Windows\System\xOFGSdF.exe

C:\Windows\System\WBlHzRR.exe

C:\Windows\System\WBlHzRR.exe

C:\Windows\System\WxQNjuN.exe

C:\Windows\System\WxQNjuN.exe

C:\Windows\System\VuvEpny.exe

C:\Windows\System\VuvEpny.exe

C:\Windows\System\PHeGAWz.exe

C:\Windows\System\PHeGAWz.exe

C:\Windows\System\EUqtPwo.exe

C:\Windows\System\EUqtPwo.exe

C:\Windows\System\yFZVbbX.exe

C:\Windows\System\yFZVbbX.exe

C:\Windows\System\gDCTzEn.exe

C:\Windows\System\gDCTzEn.exe

C:\Windows\System\PjsCUXP.exe

C:\Windows\System\PjsCUXP.exe

C:\Windows\System\aiWZYsx.exe

C:\Windows\System\aiWZYsx.exe

C:\Windows\System\QBNOdhX.exe

C:\Windows\System\QBNOdhX.exe

C:\Windows\System\pbnQiVu.exe

C:\Windows\System\pbnQiVu.exe

C:\Windows\System\vTmuIOY.exe

C:\Windows\System\vTmuIOY.exe

C:\Windows\System\dRTHLXS.exe

C:\Windows\System\dRTHLXS.exe

C:\Windows\System\POTOQoE.exe

C:\Windows\System\POTOQoE.exe

C:\Windows\System\tomtbZQ.exe

C:\Windows\System\tomtbZQ.exe

C:\Windows\System\ZkPwbok.exe

C:\Windows\System\ZkPwbok.exe

C:\Windows\System\HNUPyEV.exe

C:\Windows\System\HNUPyEV.exe

C:\Windows\System\uQVLwVb.exe

C:\Windows\System\uQVLwVb.exe

C:\Windows\System\DoVtMPy.exe

C:\Windows\System\DoVtMPy.exe

C:\Windows\System\UgFQLXG.exe

C:\Windows\System\UgFQLXG.exe

C:\Windows\System\rFXXntP.exe

C:\Windows\System\rFXXntP.exe

C:\Windows\System\kDCxFlk.exe

C:\Windows\System\kDCxFlk.exe

C:\Windows\System\pJPBIJf.exe

C:\Windows\System\pJPBIJf.exe

C:\Windows\System\apNDMYN.exe

C:\Windows\System\apNDMYN.exe

C:\Windows\System\OwzgrtD.exe

C:\Windows\System\OwzgrtD.exe

C:\Windows\System\YeAzlrx.exe

C:\Windows\System\YeAzlrx.exe

C:\Windows\System\bJxbLMD.exe

C:\Windows\System\bJxbLMD.exe

C:\Windows\System\mjbkUAe.exe

C:\Windows\System\mjbkUAe.exe

C:\Windows\System\vytKWPx.exe

C:\Windows\System\vytKWPx.exe

C:\Windows\System\aKFqPPq.exe

C:\Windows\System\aKFqPPq.exe

C:\Windows\System\ngNOnjW.exe

C:\Windows\System\ngNOnjW.exe

C:\Windows\System\AtNSmnm.exe

C:\Windows\System\AtNSmnm.exe

C:\Windows\System\CYkFMhs.exe

C:\Windows\System\CYkFMhs.exe

C:\Windows\System\xowOCdI.exe

C:\Windows\System\xowOCdI.exe

C:\Windows\System\wcePWhE.exe

C:\Windows\System\wcePWhE.exe

C:\Windows\System\YGdlCAk.exe

C:\Windows\System\YGdlCAk.exe

C:\Windows\System\UnXzXch.exe

C:\Windows\System\UnXzXch.exe

C:\Windows\System\ownWBPP.exe

C:\Windows\System\ownWBPP.exe

C:\Windows\System\FhbCddk.exe

C:\Windows\System\FhbCddk.exe

C:\Windows\System\ZTQORkB.exe

C:\Windows\System\ZTQORkB.exe

C:\Windows\System\WeomfoS.exe

C:\Windows\System\WeomfoS.exe

C:\Windows\System\itcfcTL.exe

C:\Windows\System\itcfcTL.exe

C:\Windows\System\nAMXPvi.exe

C:\Windows\System\nAMXPvi.exe

C:\Windows\System\BATMhqe.exe

C:\Windows\System\BATMhqe.exe

C:\Windows\System\lKSPkNH.exe

C:\Windows\System\lKSPkNH.exe

C:\Windows\System\sGfHzJC.exe

C:\Windows\System\sGfHzJC.exe

C:\Windows\System\aXufMmj.exe

C:\Windows\System\aXufMmj.exe

C:\Windows\System\AXFykgy.exe

C:\Windows\System\AXFykgy.exe

C:\Windows\System\waiKBad.exe

C:\Windows\System\waiKBad.exe

C:\Windows\System\MFjwADg.exe

C:\Windows\System\MFjwADg.exe

C:\Windows\System\etvwagh.exe

C:\Windows\System\etvwagh.exe

C:\Windows\System\oWvhVBZ.exe

C:\Windows\System\oWvhVBZ.exe

C:\Windows\System\qIsuvdd.exe

C:\Windows\System\qIsuvdd.exe

C:\Windows\System\AYOraui.exe

C:\Windows\System\AYOraui.exe

C:\Windows\System\icKcOzB.exe

C:\Windows\System\icKcOzB.exe

C:\Windows\System\AHbLNgI.exe

C:\Windows\System\AHbLNgI.exe

C:\Windows\System\aixbsUc.exe

C:\Windows\System\aixbsUc.exe

C:\Windows\System\AIOxiok.exe

C:\Windows\System\AIOxiok.exe

C:\Windows\System\fcuaCln.exe

C:\Windows\System\fcuaCln.exe

C:\Windows\System\kWYIfHQ.exe

C:\Windows\System\kWYIfHQ.exe

C:\Windows\System\zddjnQC.exe

C:\Windows\System\zddjnQC.exe

C:\Windows\System\iDAwjpm.exe

C:\Windows\System\iDAwjpm.exe

C:\Windows\System\PovmLSS.exe

C:\Windows\System\PovmLSS.exe

C:\Windows\System\avdALKc.exe

C:\Windows\System\avdALKc.exe

C:\Windows\System\mkxbcJe.exe

C:\Windows\System\mkxbcJe.exe

C:\Windows\System\whpAEbS.exe

C:\Windows\System\whpAEbS.exe

C:\Windows\System\bkWmFII.exe

C:\Windows\System\bkWmFII.exe

C:\Windows\System\HtGTHHx.exe

C:\Windows\System\HtGTHHx.exe

C:\Windows\System\vIGZFMw.exe

C:\Windows\System\vIGZFMw.exe

C:\Windows\System\DDmLOUn.exe

C:\Windows\System\DDmLOUn.exe

C:\Windows\System\vKIhJWS.exe

C:\Windows\System\vKIhJWS.exe

C:\Windows\System\dmmJBSI.exe

C:\Windows\System\dmmJBSI.exe

C:\Windows\System\zfcUPyE.exe

C:\Windows\System\zfcUPyE.exe

C:\Windows\System\QHkPFsf.exe

C:\Windows\System\QHkPFsf.exe

C:\Windows\System\IBUdIKU.exe

C:\Windows\System\IBUdIKU.exe

C:\Windows\System\LhZJoLI.exe

C:\Windows\System\LhZJoLI.exe

C:\Windows\System\NAwUXmS.exe

C:\Windows\System\NAwUXmS.exe

C:\Windows\System\wYaJMBU.exe

C:\Windows\System\wYaJMBU.exe

C:\Windows\System\bwhUybP.exe

C:\Windows\System\bwhUybP.exe

C:\Windows\System\rRpBsGb.exe

C:\Windows\System\rRpBsGb.exe

C:\Windows\System\glGUvKn.exe

C:\Windows\System\glGUvKn.exe

C:\Windows\System\YWWEjwt.exe

C:\Windows\System\YWWEjwt.exe

C:\Windows\System\viaSgUN.exe

C:\Windows\System\viaSgUN.exe

C:\Windows\System\wOxlAxj.exe

C:\Windows\System\wOxlAxj.exe

C:\Windows\System\OCzLXnF.exe

C:\Windows\System\OCzLXnF.exe

C:\Windows\System\DLWUMrx.exe

C:\Windows\System\DLWUMrx.exe

C:\Windows\System\AcUFgag.exe

C:\Windows\System\AcUFgag.exe

C:\Windows\System\lvcsQqm.exe

C:\Windows\System\lvcsQqm.exe

C:\Windows\System\ybwBEKQ.exe

C:\Windows\System\ybwBEKQ.exe

C:\Windows\System\qroTges.exe

C:\Windows\System\qroTges.exe

C:\Windows\System\UmnjhBG.exe

C:\Windows\System\UmnjhBG.exe

C:\Windows\System\BTElmgo.exe

C:\Windows\System\BTElmgo.exe

C:\Windows\System\kbmtdAA.exe

C:\Windows\System\kbmtdAA.exe

C:\Windows\System\GoLMNMw.exe

C:\Windows\System\GoLMNMw.exe

C:\Windows\System\kdueqDR.exe

C:\Windows\System\kdueqDR.exe

C:\Windows\System\ZLvfRyc.exe

C:\Windows\System\ZLvfRyc.exe

C:\Windows\System\QBHFUjc.exe

C:\Windows\System\QBHFUjc.exe

C:\Windows\System\WrVLnKH.exe

C:\Windows\System\WrVLnKH.exe

C:\Windows\System\lVxutSS.exe

C:\Windows\System\lVxutSS.exe

C:\Windows\System\qWUirIe.exe

C:\Windows\System\qWUirIe.exe

C:\Windows\System\gVQaEWA.exe

C:\Windows\System\gVQaEWA.exe

C:\Windows\System\vYnHLWO.exe

C:\Windows\System\vYnHLWO.exe

C:\Windows\System\JgBzlEU.exe

C:\Windows\System\JgBzlEU.exe

C:\Windows\System\uRynSkL.exe

C:\Windows\System\uRynSkL.exe

C:\Windows\System\CujEDDP.exe

C:\Windows\System\CujEDDP.exe

C:\Windows\System\nnwwpEV.exe

C:\Windows\System\nnwwpEV.exe

C:\Windows\System\fqGfHej.exe

C:\Windows\System\fqGfHej.exe

C:\Windows\System\BeuhesM.exe

C:\Windows\System\BeuhesM.exe

C:\Windows\System\IXKiAgP.exe

C:\Windows\System\IXKiAgP.exe

C:\Windows\System\VprBxvM.exe

C:\Windows\System\VprBxvM.exe

C:\Windows\System\nkzzCbF.exe

C:\Windows\System\nkzzCbF.exe

C:\Windows\System\TBJOnfs.exe

C:\Windows\System\TBJOnfs.exe

C:\Windows\System\YsWYGXb.exe

C:\Windows\System\YsWYGXb.exe

C:\Windows\System\qSMHfWO.exe

C:\Windows\System\qSMHfWO.exe

C:\Windows\System\NGUzbto.exe

C:\Windows\System\NGUzbto.exe

C:\Windows\System\yuSKxGq.exe

C:\Windows\System\yuSKxGq.exe

C:\Windows\System\avVlmhh.exe

C:\Windows\System\avVlmhh.exe

C:\Windows\System\iSVmFYR.exe

C:\Windows\System\iSVmFYR.exe

C:\Windows\System\EGwebFU.exe

C:\Windows\System\EGwebFU.exe

C:\Windows\System\pvRuAyN.exe

C:\Windows\System\pvRuAyN.exe

C:\Windows\System\txonGqH.exe

C:\Windows\System\txonGqH.exe

C:\Windows\System\eaFkYYq.exe

C:\Windows\System\eaFkYYq.exe

C:\Windows\System\FKFZubs.exe

C:\Windows\System\FKFZubs.exe

C:\Windows\System\TuKLhQM.exe

C:\Windows\System\TuKLhQM.exe

C:\Windows\System\CpNbShO.exe

C:\Windows\System\CpNbShO.exe

C:\Windows\System\agHwuve.exe

C:\Windows\System\agHwuve.exe

C:\Windows\System\uDuudlt.exe

C:\Windows\System\uDuudlt.exe

C:\Windows\System\gioRMXp.exe

C:\Windows\System\gioRMXp.exe

C:\Windows\System\qHWPTDu.exe

C:\Windows\System\qHWPTDu.exe

C:\Windows\System\cyoLczR.exe

C:\Windows\System\cyoLczR.exe

C:\Windows\System\PjkzUBL.exe

C:\Windows\System\PjkzUBL.exe

C:\Windows\System\XsfqUDL.exe

C:\Windows\System\XsfqUDL.exe

C:\Windows\System\IqZnvAB.exe

C:\Windows\System\IqZnvAB.exe

C:\Windows\System\sNJtfVV.exe

C:\Windows\System\sNJtfVV.exe

C:\Windows\System\jSeTeic.exe

C:\Windows\System\jSeTeic.exe

C:\Windows\System\tPLvqdi.exe

C:\Windows\System\tPLvqdi.exe

C:\Windows\System\QXAAAVH.exe

C:\Windows\System\QXAAAVH.exe

C:\Windows\System\mKuHRCT.exe

C:\Windows\System\mKuHRCT.exe

C:\Windows\System\lwQFWWI.exe

C:\Windows\System\lwQFWWI.exe

C:\Windows\System\zeQADaT.exe

C:\Windows\System\zeQADaT.exe

C:\Windows\System\XcLRHoD.exe

C:\Windows\System\XcLRHoD.exe

C:\Windows\System\BfyqOfY.exe

C:\Windows\System\BfyqOfY.exe

C:\Windows\System\qjkozqJ.exe

C:\Windows\System\qjkozqJ.exe

C:\Windows\System\nrtYCjY.exe

C:\Windows\System\nrtYCjY.exe

C:\Windows\System\WaVSnuo.exe

C:\Windows\System\WaVSnuo.exe

C:\Windows\System\RFXUnrf.exe

C:\Windows\System\RFXUnrf.exe

C:\Windows\System\tabWpOp.exe

C:\Windows\System\tabWpOp.exe

C:\Windows\System\nsWiLpj.exe

C:\Windows\System\nsWiLpj.exe

C:\Windows\System\DiVOHVF.exe

C:\Windows\System\DiVOHVF.exe

C:\Windows\System\DjHXKXw.exe

C:\Windows\System\DjHXKXw.exe

C:\Windows\System\vqaVbhw.exe

C:\Windows\System\vqaVbhw.exe

C:\Windows\System\iieEHoL.exe

C:\Windows\System\iieEHoL.exe

C:\Windows\System\ZTfDulI.exe

C:\Windows\System\ZTfDulI.exe

C:\Windows\System\tGgCEQh.exe

C:\Windows\System\tGgCEQh.exe

C:\Windows\System\DIZlzNC.exe

C:\Windows\System\DIZlzNC.exe

C:\Windows\System\gYPqdSA.exe

C:\Windows\System\gYPqdSA.exe

C:\Windows\System\qKSfMiI.exe

C:\Windows\System\qKSfMiI.exe

C:\Windows\System\ydXHBGy.exe

C:\Windows\System\ydXHBGy.exe

C:\Windows\System\IaYnQRE.exe

C:\Windows\System\IaYnQRE.exe

C:\Windows\System\ByXnhhb.exe

C:\Windows\System\ByXnhhb.exe

C:\Windows\System\uFqWOfI.exe

C:\Windows\System\uFqWOfI.exe

C:\Windows\System\BPInray.exe

C:\Windows\System\BPInray.exe

C:\Windows\System\UDyktyq.exe

C:\Windows\System\UDyktyq.exe

C:\Windows\System\QWHdrzb.exe

C:\Windows\System\QWHdrzb.exe

C:\Windows\System\TvMzkrz.exe

C:\Windows\System\TvMzkrz.exe

C:\Windows\System\HDsqLGs.exe

C:\Windows\System\HDsqLGs.exe

C:\Windows\System\NTAbDok.exe

C:\Windows\System\NTAbDok.exe

C:\Windows\System\ZsaSSLp.exe

C:\Windows\System\ZsaSSLp.exe

C:\Windows\System\Tibadrn.exe

C:\Windows\System\Tibadrn.exe

C:\Windows\System\ynQPbwU.exe

C:\Windows\System\ynQPbwU.exe

C:\Windows\System\ZWUurAG.exe

C:\Windows\System\ZWUurAG.exe

C:\Windows\System\hHSexUI.exe

C:\Windows\System\hHSexUI.exe

C:\Windows\System\diBogqQ.exe

C:\Windows\System\diBogqQ.exe

C:\Windows\System\LvgksCR.exe

C:\Windows\System\LvgksCR.exe

C:\Windows\System\HJhjWlH.exe

C:\Windows\System\HJhjWlH.exe

C:\Windows\System\nIPonts.exe

C:\Windows\System\nIPonts.exe

C:\Windows\System\sTAihNP.exe

C:\Windows\System\sTAihNP.exe

C:\Windows\System\VYwMftk.exe

C:\Windows\System\VYwMftk.exe

C:\Windows\System\qxMIDPl.exe

C:\Windows\System\qxMIDPl.exe

C:\Windows\System\kCKofAC.exe

C:\Windows\System\kCKofAC.exe

C:\Windows\System\MzaQEwz.exe

C:\Windows\System\MzaQEwz.exe

C:\Windows\System\jDkKxKQ.exe

C:\Windows\System\jDkKxKQ.exe

C:\Windows\System\LMyBjMl.exe

C:\Windows\System\LMyBjMl.exe

C:\Windows\System\BqebkkH.exe

C:\Windows\System\BqebkkH.exe

C:\Windows\System\BYvPFtA.exe

C:\Windows\System\BYvPFtA.exe

C:\Windows\System\fmquOFN.exe

C:\Windows\System\fmquOFN.exe

C:\Windows\System\dxgOelP.exe

C:\Windows\System\dxgOelP.exe

C:\Windows\System\faWSGLe.exe

C:\Windows\System\faWSGLe.exe

C:\Windows\System\guRSiSn.exe

C:\Windows\System\guRSiSn.exe

C:\Windows\System\iZvJKhY.exe

C:\Windows\System\iZvJKhY.exe

C:\Windows\System\waHwmej.exe

C:\Windows\System\waHwmej.exe

C:\Windows\System\ALycOoX.exe

C:\Windows\System\ALycOoX.exe

C:\Windows\System\mNzQMyq.exe

C:\Windows\System\mNzQMyq.exe

C:\Windows\System\mtncdvq.exe

C:\Windows\System\mtncdvq.exe

C:\Windows\System\YFBWXJv.exe

C:\Windows\System\YFBWXJv.exe

C:\Windows\System\uJBpecT.exe

C:\Windows\System\uJBpecT.exe

C:\Windows\System\olHPaQf.exe

C:\Windows\System\olHPaQf.exe

C:\Windows\System\qaFTnhX.exe

C:\Windows\System\qaFTnhX.exe

C:\Windows\System\XlSzifN.exe

C:\Windows\System\XlSzifN.exe

C:\Windows\System\LBPwToF.exe

C:\Windows\System\LBPwToF.exe

C:\Windows\System\ATMhPaU.exe

C:\Windows\System\ATMhPaU.exe

C:\Windows\System\uTrVwMJ.exe

C:\Windows\System\uTrVwMJ.exe

C:\Windows\System\AEqrdSZ.exe

C:\Windows\System\AEqrdSZ.exe

C:\Windows\System\XrFkHaZ.exe

C:\Windows\System\XrFkHaZ.exe

C:\Windows\System\buKPzuZ.exe

C:\Windows\System\buKPzuZ.exe

C:\Windows\System\qlAXzcP.exe

C:\Windows\System\qlAXzcP.exe

C:\Windows\System\EBFUWXP.exe

C:\Windows\System\EBFUWXP.exe

C:\Windows\System\BnBCPPm.exe

C:\Windows\System\BnBCPPm.exe

C:\Windows\System\tepcYgM.exe

C:\Windows\System\tepcYgM.exe

C:\Windows\System\UnXruqW.exe

C:\Windows\System\UnXruqW.exe

C:\Windows\System\VgLZljK.exe

C:\Windows\System\VgLZljK.exe

C:\Windows\System\vCBIlPu.exe

C:\Windows\System\vCBIlPu.exe

C:\Windows\System\mnrXImR.exe

C:\Windows\System\mnrXImR.exe

C:\Windows\System\qeUXeNa.exe

C:\Windows\System\qeUXeNa.exe

C:\Windows\System\aItfICn.exe

C:\Windows\System\aItfICn.exe

C:\Windows\System\tnDSvmF.exe

C:\Windows\System\tnDSvmF.exe

C:\Windows\System\RWTmDlA.exe

C:\Windows\System\RWTmDlA.exe

C:\Windows\System\fSTDMSD.exe

C:\Windows\System\fSTDMSD.exe

C:\Windows\System\QMNJFRb.exe

C:\Windows\System\QMNJFRb.exe

C:\Windows\System\jrLcbuA.exe

C:\Windows\System\jrLcbuA.exe

C:\Windows\System\HuScrvZ.exe

C:\Windows\System\HuScrvZ.exe

C:\Windows\System\GeMOjyy.exe

C:\Windows\System\GeMOjyy.exe

C:\Windows\System\lnvhncG.exe

C:\Windows\System\lnvhncG.exe

C:\Windows\System\qIbFcfg.exe

C:\Windows\System\qIbFcfg.exe

C:\Windows\System\sleDCxX.exe

C:\Windows\System\sleDCxX.exe

C:\Windows\System\aYqhIxT.exe

C:\Windows\System\aYqhIxT.exe

C:\Windows\System\JPbwcia.exe

C:\Windows\System\JPbwcia.exe

C:\Windows\System\qeIwFmn.exe

C:\Windows\System\qeIwFmn.exe

C:\Windows\System\MYInkxg.exe

C:\Windows\System\MYInkxg.exe

C:\Windows\System\OeGNGQF.exe

C:\Windows\System\OeGNGQF.exe

C:\Windows\System\NSslPaC.exe

C:\Windows\System\NSslPaC.exe

C:\Windows\System\DVmdzNp.exe

C:\Windows\System\DVmdzNp.exe

C:\Windows\System\ImUBeJS.exe

C:\Windows\System\ImUBeJS.exe

C:\Windows\System\jJORBgU.exe

C:\Windows\System\jJORBgU.exe

C:\Windows\System\KHoTPyp.exe

C:\Windows\System\KHoTPyp.exe

C:\Windows\System\hQUobdQ.exe

C:\Windows\System\hQUobdQ.exe

C:\Windows\System\dHDQcAn.exe

C:\Windows\System\dHDQcAn.exe

C:\Windows\System\sJWvuXh.exe

C:\Windows\System\sJWvuXh.exe

C:\Windows\System\kdgIUxo.exe

C:\Windows\System\kdgIUxo.exe

C:\Windows\System\GUIWDUw.exe

C:\Windows\System\GUIWDUw.exe

C:\Windows\System\IpmQxFP.exe

C:\Windows\System\IpmQxFP.exe

C:\Windows\System\XNXIiHw.exe

C:\Windows\System\XNXIiHw.exe

C:\Windows\System\CZEgwoj.exe

C:\Windows\System\CZEgwoj.exe

C:\Windows\System\mRviQcN.exe

C:\Windows\System\mRviQcN.exe

C:\Windows\System\MtBICny.exe

C:\Windows\System\MtBICny.exe

C:\Windows\System\gEsmEvq.exe

C:\Windows\System\gEsmEvq.exe

C:\Windows\System\mWqFFeN.exe

C:\Windows\System\mWqFFeN.exe

C:\Windows\System\zdnjQCu.exe

C:\Windows\System\zdnjQCu.exe

C:\Windows\System\pDcMvaF.exe

C:\Windows\System\pDcMvaF.exe

C:\Windows\System\SDeXAIi.exe

C:\Windows\System\SDeXAIi.exe

C:\Windows\System\TCLyjDO.exe

C:\Windows\System\TCLyjDO.exe

C:\Windows\System\CSySFQo.exe

C:\Windows\System\CSySFQo.exe

C:\Windows\System\PtsEBzM.exe

C:\Windows\System\PtsEBzM.exe

C:\Windows\System\KmkCpCS.exe

C:\Windows\System\KmkCpCS.exe

C:\Windows\System\fUcuxEZ.exe

C:\Windows\System\fUcuxEZ.exe

C:\Windows\System\vdHGIES.exe

C:\Windows\System\vdHGIES.exe

C:\Windows\System\KriuTms.exe

C:\Windows\System\KriuTms.exe

C:\Windows\System\qZJrtSv.exe

C:\Windows\System\qZJrtSv.exe

C:\Windows\System\gfdDbVE.exe

C:\Windows\System\gfdDbVE.exe

C:\Windows\System\SzkIDmD.exe

C:\Windows\System\SzkIDmD.exe

C:\Windows\System\KCwzkLG.exe

C:\Windows\System\KCwzkLG.exe

C:\Windows\System\TblrgKz.exe

C:\Windows\System\TblrgKz.exe

C:\Windows\System\HTnSrxy.exe

C:\Windows\System\HTnSrxy.exe

C:\Windows\System\sRvIQyK.exe

C:\Windows\System\sRvIQyK.exe

C:\Windows\System\NXWqwVp.exe

C:\Windows\System\NXWqwVp.exe

C:\Windows\System\odfnUin.exe

C:\Windows\System\odfnUin.exe

C:\Windows\System\eOgcnWX.exe

C:\Windows\System\eOgcnWX.exe

C:\Windows\System\YcjgxYO.exe

C:\Windows\System\YcjgxYO.exe

C:\Windows\System\KeThHEk.exe

C:\Windows\System\KeThHEk.exe

C:\Windows\System\feGIhaw.exe

C:\Windows\System\feGIhaw.exe

C:\Windows\System\zkXWXib.exe

C:\Windows\System\zkXWXib.exe

C:\Windows\System\lYYbFby.exe

C:\Windows\System\lYYbFby.exe

C:\Windows\System\fqjbkTQ.exe

C:\Windows\System\fqjbkTQ.exe

C:\Windows\System\sSxEuMH.exe

C:\Windows\System\sSxEuMH.exe

C:\Windows\System\oTumOsI.exe

C:\Windows\System\oTumOsI.exe

C:\Windows\System\XDYrEex.exe

C:\Windows\System\XDYrEex.exe

C:\Windows\System\LxcHgzz.exe

C:\Windows\System\LxcHgzz.exe

C:\Windows\System\iVXfMMH.exe

C:\Windows\System\iVXfMMH.exe

C:\Windows\System\tltAakZ.exe

C:\Windows\System\tltAakZ.exe

C:\Windows\System\ulnkfTJ.exe

C:\Windows\System\ulnkfTJ.exe

C:\Windows\System\BMgJyve.exe

C:\Windows\System\BMgJyve.exe

C:\Windows\System\jEwjQvm.exe

C:\Windows\System\jEwjQvm.exe

C:\Windows\System\faZZTkJ.exe

C:\Windows\System\faZZTkJ.exe

C:\Windows\System\WrYCnAA.exe

C:\Windows\System\WrYCnAA.exe

C:\Windows\System\CQELeoA.exe

C:\Windows\System\CQELeoA.exe

C:\Windows\System\SaSiHLa.exe

C:\Windows\System\SaSiHLa.exe

C:\Windows\System\ifHbNpb.exe

C:\Windows\System\ifHbNpb.exe

C:\Windows\System\OfabslF.exe

C:\Windows\System\OfabslF.exe

C:\Windows\System\iNQRgxl.exe

C:\Windows\System\iNQRgxl.exe

C:\Windows\System\awwSdlp.exe

C:\Windows\System\awwSdlp.exe

C:\Windows\System\oRfzMiL.exe

C:\Windows\System\oRfzMiL.exe

C:\Windows\System\wtGoZEO.exe

C:\Windows\System\wtGoZEO.exe

C:\Windows\System\ruXaZSa.exe

C:\Windows\System\ruXaZSa.exe

C:\Windows\System\qlihKoV.exe

C:\Windows\System\qlihKoV.exe

C:\Windows\System\FUyvtFk.exe

C:\Windows\System\FUyvtFk.exe

C:\Windows\System\molRcIG.exe

C:\Windows\System\molRcIG.exe

C:\Windows\System\VlrwAkl.exe

C:\Windows\System\VlrwAkl.exe

C:\Windows\System\OUkiXXu.exe

C:\Windows\System\OUkiXXu.exe

C:\Windows\System\guvrMzp.exe

C:\Windows\System\guvrMzp.exe

C:\Windows\System\OgeTqEn.exe

C:\Windows\System\OgeTqEn.exe

C:\Windows\System\ehoygqn.exe

C:\Windows\System\ehoygqn.exe

C:\Windows\System\ZGJvliF.exe

C:\Windows\System\ZGJvliF.exe

C:\Windows\System\xtVxImc.exe

C:\Windows\System\xtVxImc.exe

C:\Windows\System\vXNSjBm.exe

C:\Windows\System\vXNSjBm.exe

C:\Windows\System\EeKXEju.exe

C:\Windows\System\EeKXEju.exe

C:\Windows\System\HKlbOZa.exe

C:\Windows\System\HKlbOZa.exe

C:\Windows\System\zLmjoAG.exe

C:\Windows\System\zLmjoAG.exe

C:\Windows\System\QgNZaWP.exe

C:\Windows\System\QgNZaWP.exe

C:\Windows\System\fYbUteL.exe

C:\Windows\System\fYbUteL.exe

C:\Windows\System\qVOPZRb.exe

C:\Windows\System\qVOPZRb.exe

C:\Windows\System\VnvJFNV.exe

C:\Windows\System\VnvJFNV.exe

C:\Windows\System\rGnpsXq.exe

C:\Windows\System\rGnpsXq.exe

C:\Windows\System\FNxxbRZ.exe

C:\Windows\System\FNxxbRZ.exe

C:\Windows\System\XhOeegz.exe

C:\Windows\System\XhOeegz.exe

C:\Windows\System\jIINPcH.exe

C:\Windows\System\jIINPcH.exe

C:\Windows\System\RVMnmqA.exe

C:\Windows\System\RVMnmqA.exe

C:\Windows\System\dqisssz.exe

C:\Windows\System\dqisssz.exe

C:\Windows\System\eqjknUw.exe

C:\Windows\System\eqjknUw.exe

C:\Windows\System\GurgxUW.exe

C:\Windows\System\GurgxUW.exe

C:\Windows\System\TJvXOQq.exe

C:\Windows\System\TJvXOQq.exe

C:\Windows\System\rIOQVBG.exe

C:\Windows\System\rIOQVBG.exe

C:\Windows\System\JYGZuhB.exe

C:\Windows\System\JYGZuhB.exe

C:\Windows\System\OgUTzMy.exe

C:\Windows\System\OgUTzMy.exe

C:\Windows\System\LARUSjm.exe

C:\Windows\System\LARUSjm.exe

C:\Windows\System\KxwJzVb.exe

C:\Windows\System\KxwJzVb.exe

C:\Windows\System\psPTEYr.exe

C:\Windows\System\psPTEYr.exe

C:\Windows\System\LltvKOB.exe

C:\Windows\System\LltvKOB.exe

C:\Windows\System\ybBSFEv.exe

C:\Windows\System\ybBSFEv.exe

C:\Windows\System\HOtnYBZ.exe

C:\Windows\System\HOtnYBZ.exe

C:\Windows\System\RiiWZzX.exe

C:\Windows\System\RiiWZzX.exe

C:\Windows\System\lChHdVO.exe

C:\Windows\System\lChHdVO.exe

C:\Windows\System\wEVtSkj.exe

C:\Windows\System\wEVtSkj.exe

C:\Windows\System\yHcxIWE.exe

C:\Windows\System\yHcxIWE.exe

C:\Windows\System\NASzuJZ.exe

C:\Windows\System\NASzuJZ.exe

C:\Windows\System\qhqfbSq.exe

C:\Windows\System\qhqfbSq.exe

C:\Windows\System\PIKeDzK.exe

C:\Windows\System\PIKeDzK.exe

C:\Windows\System\xhNWyTW.exe

C:\Windows\System\xhNWyTW.exe

C:\Windows\System\XyfsWyJ.exe

C:\Windows\System\XyfsWyJ.exe

C:\Windows\System\AnMOTEn.exe

C:\Windows\System\AnMOTEn.exe

C:\Windows\System\wUxWueG.exe

C:\Windows\System\wUxWueG.exe

C:\Windows\System\XRgqtsG.exe

C:\Windows\System\XRgqtsG.exe

C:\Windows\System\prgMsNg.exe

C:\Windows\System\prgMsNg.exe

C:\Windows\System\oairHgG.exe

C:\Windows\System\oairHgG.exe

C:\Windows\System\htKPUIi.exe

C:\Windows\System\htKPUIi.exe

C:\Windows\System\BuXtnbk.exe

C:\Windows\System\BuXtnbk.exe

C:\Windows\System\xvhpcRm.exe

C:\Windows\System\xvhpcRm.exe

C:\Windows\System\QFMrenY.exe

C:\Windows\System\QFMrenY.exe

C:\Windows\System\ueSpVrK.exe

C:\Windows\System\ueSpVrK.exe

C:\Windows\System\DICkucv.exe

C:\Windows\System\DICkucv.exe

C:\Windows\System\zutmFCo.exe

C:\Windows\System\zutmFCo.exe

C:\Windows\System\zCASxsM.exe

C:\Windows\System\zCASxsM.exe

C:\Windows\System\PLsDAPg.exe

C:\Windows\System\PLsDAPg.exe

C:\Windows\System\EYyAlSG.exe

C:\Windows\System\EYyAlSG.exe

C:\Windows\System\LpsiqDc.exe

C:\Windows\System\LpsiqDc.exe

C:\Windows\System\toqpLhq.exe

C:\Windows\System\toqpLhq.exe

C:\Windows\System\KsBdvLJ.exe

C:\Windows\System\KsBdvLJ.exe

C:\Windows\System\gxMzyaR.exe

C:\Windows\System\gxMzyaR.exe

C:\Windows\System\BjqpJOp.exe

C:\Windows\System\BjqpJOp.exe

C:\Windows\System\higiGrB.exe

C:\Windows\System\higiGrB.exe

C:\Windows\System\sRnpqpQ.exe

C:\Windows\System\sRnpqpQ.exe

C:\Windows\System\OwecIxG.exe

C:\Windows\System\OwecIxG.exe

C:\Windows\System\odhdBqA.exe

C:\Windows\System\odhdBqA.exe

C:\Windows\System\tHSCQcf.exe

C:\Windows\System\tHSCQcf.exe

C:\Windows\System\qYVyAIx.exe

C:\Windows\System\qYVyAIx.exe

C:\Windows\System\GpEMNHc.exe

C:\Windows\System\GpEMNHc.exe

C:\Windows\System\jnxQrSD.exe

C:\Windows\System\jnxQrSD.exe

C:\Windows\System\aZSjbND.exe

C:\Windows\System\aZSjbND.exe

C:\Windows\System\LXUwrLF.exe

C:\Windows\System\LXUwrLF.exe

C:\Windows\System\lzXLNDI.exe

C:\Windows\System\lzXLNDI.exe

C:\Windows\System\RybgmTg.exe

C:\Windows\System\RybgmTg.exe

C:\Windows\System\DjgQJwl.exe

C:\Windows\System\DjgQJwl.exe

C:\Windows\System\ezMRzec.exe

C:\Windows\System\ezMRzec.exe

C:\Windows\System\LlhNgJU.exe

C:\Windows\System\LlhNgJU.exe

C:\Windows\System\ktNcNVP.exe

C:\Windows\System\ktNcNVP.exe

C:\Windows\System\ksgKHNg.exe

C:\Windows\System\ksgKHNg.exe

C:\Windows\System\KleuRvc.exe

C:\Windows\System\KleuRvc.exe

C:\Windows\System\FTIHduF.exe

C:\Windows\System\FTIHduF.exe

C:\Windows\System\yOowcrS.exe

C:\Windows\System\yOowcrS.exe

C:\Windows\System\xUAKoxt.exe

C:\Windows\System\xUAKoxt.exe

C:\Windows\System\tMexFqs.exe

C:\Windows\System\tMexFqs.exe

C:\Windows\System\lZjLEUg.exe

C:\Windows\System\lZjLEUg.exe

C:\Windows\System\biyTqsA.exe

C:\Windows\System\biyTqsA.exe

C:\Windows\System\FQaXoKi.exe

C:\Windows\System\FQaXoKi.exe

C:\Windows\System\aqPGIHT.exe

C:\Windows\System\aqPGIHT.exe

C:\Windows\System\HZbjUMz.exe

C:\Windows\System\HZbjUMz.exe

C:\Windows\System\JnqCHsx.exe

C:\Windows\System\JnqCHsx.exe

C:\Windows\System\maXSqzR.exe

C:\Windows\System\maXSqzR.exe

C:\Windows\System\PMmhoUs.exe

C:\Windows\System\PMmhoUs.exe

C:\Windows\System\MarRJoM.exe

C:\Windows\System\MarRJoM.exe

C:\Windows\System\zsSviYC.exe

C:\Windows\System\zsSviYC.exe

C:\Windows\System\TLwwAwQ.exe

C:\Windows\System\TLwwAwQ.exe

C:\Windows\System\rmPTCuS.exe

C:\Windows\System\rmPTCuS.exe

C:\Windows\System\ollSZHo.exe

C:\Windows\System\ollSZHo.exe

C:\Windows\System\gLApxIw.exe

C:\Windows\System\gLApxIw.exe

C:\Windows\System\vAaNAQG.exe

C:\Windows\System\vAaNAQG.exe

C:\Windows\System\lclONBG.exe

C:\Windows\System\lclONBG.exe

C:\Windows\System\pCUHkze.exe

C:\Windows\System\pCUHkze.exe

C:\Windows\System\qVPaoyJ.exe

C:\Windows\System\qVPaoyJ.exe

C:\Windows\System\FHeycYt.exe

C:\Windows\System\FHeycYt.exe

C:\Windows\System\TwIIhGX.exe

C:\Windows\System\TwIIhGX.exe

C:\Windows\System\AkoCmGY.exe

C:\Windows\System\AkoCmGY.exe

C:\Windows\System\JokTugD.exe

C:\Windows\System\JokTugD.exe

C:\Windows\System\rmCRvgY.exe

C:\Windows\System\rmCRvgY.exe

C:\Windows\System\EJnutEn.exe

C:\Windows\System\EJnutEn.exe

C:\Windows\System\YHTXdQV.exe

C:\Windows\System\YHTXdQV.exe

C:\Windows\System\tBBODkA.exe

C:\Windows\System\tBBODkA.exe

C:\Windows\System\LbdGaxa.exe

C:\Windows\System\LbdGaxa.exe

C:\Windows\System\ibBGoVI.exe

C:\Windows\System\ibBGoVI.exe

C:\Windows\System\OkulicU.exe

C:\Windows\System\OkulicU.exe

C:\Windows\System\NESugRX.exe

C:\Windows\System\NESugRX.exe

C:\Windows\System\HeiPsah.exe

C:\Windows\System\HeiPsah.exe

C:\Windows\System\GBRlSLH.exe

C:\Windows\System\GBRlSLH.exe

C:\Windows\System\GlWBhso.exe

C:\Windows\System\GlWBhso.exe

C:\Windows\System\LORDxGW.exe

C:\Windows\System\LORDxGW.exe

C:\Windows\System\MWSVzYL.exe

C:\Windows\System\MWSVzYL.exe

C:\Windows\System\HphJQEQ.exe

C:\Windows\System\HphJQEQ.exe

C:\Windows\System\XTyHvBr.exe

C:\Windows\System\XTyHvBr.exe

C:\Windows\System\bPEkbmA.exe

C:\Windows\System\bPEkbmA.exe

C:\Windows\System\odgdDki.exe

C:\Windows\System\odgdDki.exe

C:\Windows\System\FGluEDq.exe

C:\Windows\System\FGluEDq.exe

C:\Windows\System\vWFjKqt.exe

C:\Windows\System\vWFjKqt.exe

C:\Windows\System\hJnmOVT.exe

C:\Windows\System\hJnmOVT.exe

C:\Windows\System\NAABkJl.exe

C:\Windows\System\NAABkJl.exe

C:\Windows\System\cnMbvPr.exe

C:\Windows\System\cnMbvPr.exe

C:\Windows\System\fTDVjgf.exe

C:\Windows\System\fTDVjgf.exe

C:\Windows\System\gMtSrBr.exe

C:\Windows\System\gMtSrBr.exe

C:\Windows\System\whQXlJa.exe

C:\Windows\System\whQXlJa.exe

C:\Windows\System\bQKaIGi.exe

C:\Windows\System\bQKaIGi.exe

C:\Windows\System\zHAcNUO.exe

C:\Windows\System\zHAcNUO.exe

C:\Windows\System\AQPRbwN.exe

C:\Windows\System\AQPRbwN.exe

C:\Windows\System\jwJenKp.exe

C:\Windows\System\jwJenKp.exe

C:\Windows\System\AAvFDoR.exe

C:\Windows\System\AAvFDoR.exe

C:\Windows\System\dMlcQER.exe

C:\Windows\System\dMlcQER.exe

C:\Windows\System\RnjEGAP.exe

C:\Windows\System\RnjEGAP.exe

C:\Windows\System\NYRkOwv.exe

C:\Windows\System\NYRkOwv.exe

C:\Windows\System\xCRNuHw.exe

C:\Windows\System\xCRNuHw.exe

C:\Windows\System\CQtaKvS.exe

C:\Windows\System\CQtaKvS.exe

C:\Windows\System\SZUqqWW.exe

C:\Windows\System\SZUqqWW.exe

C:\Windows\System\YwUkHYt.exe

C:\Windows\System\YwUkHYt.exe

C:\Windows\System\mKHadUu.exe

C:\Windows\System\mKHadUu.exe

C:\Windows\System\ydQylML.exe

C:\Windows\System\ydQylML.exe

C:\Windows\System\HweMmVi.exe

C:\Windows\System\HweMmVi.exe

C:\Windows\System\xOkmAZc.exe

C:\Windows\System\xOkmAZc.exe

C:\Windows\System\UneDLfL.exe

C:\Windows\System\UneDLfL.exe

C:\Windows\System\wVfNvcR.exe

C:\Windows\System\wVfNvcR.exe

C:\Windows\System\MOTvzxn.exe

C:\Windows\System\MOTvzxn.exe

C:\Windows\System\URvLqJU.exe

C:\Windows\System\URvLqJU.exe

C:\Windows\System\bVlYSWB.exe

C:\Windows\System\bVlYSWB.exe

C:\Windows\System\YmyLiyL.exe

C:\Windows\System\YmyLiyL.exe

C:\Windows\System\clOCwqx.exe

C:\Windows\System\clOCwqx.exe

C:\Windows\System\JBNkCKJ.exe

C:\Windows\System\JBNkCKJ.exe

C:\Windows\System\bVpGLsd.exe

C:\Windows\System\bVpGLsd.exe

C:\Windows\System\QgOoQeL.exe

C:\Windows\System\QgOoQeL.exe

C:\Windows\System\NoKsOeA.exe

C:\Windows\System\NoKsOeA.exe

C:\Windows\System\UEQpLfR.exe

C:\Windows\System\UEQpLfR.exe

C:\Windows\System\aDMWYnh.exe

C:\Windows\System\aDMWYnh.exe

C:\Windows\System\FPilVnq.exe

C:\Windows\System\FPilVnq.exe

C:\Windows\System\IzmOhtG.exe

C:\Windows\System\IzmOhtG.exe

C:\Windows\System\vjBajub.exe

C:\Windows\System\vjBajub.exe

C:\Windows\System\NwyBCUd.exe

C:\Windows\System\NwyBCUd.exe

C:\Windows\System\JmvhRHc.exe

C:\Windows\System\JmvhRHc.exe

C:\Windows\System\wFVlVVB.exe

C:\Windows\System\wFVlVVB.exe

C:\Windows\System\QcXNwYb.exe

C:\Windows\System\QcXNwYb.exe

C:\Windows\System\VnAIHBq.exe

C:\Windows\System\VnAIHBq.exe

C:\Windows\System\CbJzUuk.exe

C:\Windows\System\CbJzUuk.exe

C:\Windows\System\YcwAmBv.exe

C:\Windows\System\YcwAmBv.exe

C:\Windows\System\MWuiAYV.exe

C:\Windows\System\MWuiAYV.exe

C:\Windows\System\oRKLPoH.exe

C:\Windows\System\oRKLPoH.exe

C:\Windows\System\ELNnusi.exe

C:\Windows\System\ELNnusi.exe

C:\Windows\System\BjPtHMz.exe

C:\Windows\System\BjPtHMz.exe

C:\Windows\System\eXACoMe.exe

C:\Windows\System\eXACoMe.exe

C:\Windows\System\luGzoBv.exe

C:\Windows\System\luGzoBv.exe

C:\Windows\System\CRmOrHA.exe

C:\Windows\System\CRmOrHA.exe

C:\Windows\System\TLxuVyB.exe

C:\Windows\System\TLxuVyB.exe

C:\Windows\System\opXzfsu.exe

C:\Windows\System\opXzfsu.exe

C:\Windows\System\pnmtcGY.exe

C:\Windows\System\pnmtcGY.exe

C:\Windows\System\ngGIFva.exe

C:\Windows\System\ngGIFva.exe

C:\Windows\System\IKeNgYX.exe

C:\Windows\System\IKeNgYX.exe

C:\Windows\System\tVihzeK.exe

C:\Windows\System\tVihzeK.exe

C:\Windows\System\llluVJp.exe

C:\Windows\System\llluVJp.exe

C:\Windows\System\aazPwRq.exe

C:\Windows\System\aazPwRq.exe

C:\Windows\System\NQXwEAF.exe

C:\Windows\System\NQXwEAF.exe

C:\Windows\System\Nzlojij.exe

C:\Windows\System\Nzlojij.exe

C:\Windows\System\rAmHeGP.exe

C:\Windows\System\rAmHeGP.exe

C:\Windows\System\IltWriS.exe

C:\Windows\System\IltWriS.exe

C:\Windows\System\NPajxhx.exe

C:\Windows\System\NPajxhx.exe

C:\Windows\System\mFBlNWE.exe

C:\Windows\System\mFBlNWE.exe

C:\Windows\System\qvBMAQU.exe

C:\Windows\System\qvBMAQU.exe

C:\Windows\System\dhsWcAW.exe

C:\Windows\System\dhsWcAW.exe

C:\Windows\System\FwEDWHI.exe

C:\Windows\System\FwEDWHI.exe

C:\Windows\System\hFVrBBV.exe

C:\Windows\System\hFVrBBV.exe

C:\Windows\System\UzTTeyb.exe

C:\Windows\System\UzTTeyb.exe

C:\Windows\System\jaXOKMl.exe

C:\Windows\System\jaXOKMl.exe

C:\Windows\System\yARHZoh.exe

C:\Windows\System\yARHZoh.exe

C:\Windows\System\AfVxyFG.exe

C:\Windows\System\AfVxyFG.exe

C:\Windows\System\DDlJnBG.exe

C:\Windows\System\DDlJnBG.exe

C:\Windows\System\OhoRuvJ.exe

C:\Windows\System\OhoRuvJ.exe

C:\Windows\System\otPuidk.exe

C:\Windows\System\otPuidk.exe

C:\Windows\System\trBbbXN.exe

C:\Windows\System\trBbbXN.exe

C:\Windows\System\LoSWzhA.exe

C:\Windows\System\LoSWzhA.exe

C:\Windows\System\rENBVQa.exe

C:\Windows\System\rENBVQa.exe

C:\Windows\System\coZhuBt.exe

C:\Windows\System\coZhuBt.exe

C:\Windows\System\fYIyJjG.exe

C:\Windows\System\fYIyJjG.exe

C:\Windows\System\oUJUywa.exe

C:\Windows\System\oUJUywa.exe

C:\Windows\System\aKxuXzo.exe

C:\Windows\System\aKxuXzo.exe

C:\Windows\System\qTTPZfe.exe

C:\Windows\System\qTTPZfe.exe

C:\Windows\System\oVixFGE.exe

C:\Windows\System\oVixFGE.exe

C:\Windows\System\kFPVqnJ.exe

C:\Windows\System\kFPVqnJ.exe

C:\Windows\System\QOnVPjH.exe

C:\Windows\System\QOnVPjH.exe

C:\Windows\System\QVhLjsG.exe

C:\Windows\System\QVhLjsG.exe

C:\Windows\System\jqZExKX.exe

C:\Windows\System\jqZExKX.exe

C:\Windows\System\CifIEZJ.exe

C:\Windows\System\CifIEZJ.exe

C:\Windows\System\IuFfyNC.exe

C:\Windows\System\IuFfyNC.exe

C:\Windows\System\VAIMNQf.exe

C:\Windows\System\VAIMNQf.exe

C:\Windows\System\ZvhUWlD.exe

C:\Windows\System\ZvhUWlD.exe

C:\Windows\System\gxtEldt.exe

C:\Windows\System\gxtEldt.exe

C:\Windows\System\mrvmvnH.exe

C:\Windows\System\mrvmvnH.exe

C:\Windows\System\PrPywSd.exe

C:\Windows\System\PrPywSd.exe

C:\Windows\System\AhukdFu.exe

C:\Windows\System\AhukdFu.exe

C:\Windows\System\DWPIZUe.exe

C:\Windows\System\DWPIZUe.exe

C:\Windows\System\jplgLof.exe

C:\Windows\System\jplgLof.exe

C:\Windows\System\jMmdGlR.exe

C:\Windows\System\jMmdGlR.exe

C:\Windows\System\FDPJJsV.exe

C:\Windows\System\FDPJJsV.exe

C:\Windows\System\yDNjRdH.exe

C:\Windows\System\yDNjRdH.exe

C:\Windows\System\wshFWwQ.exe

C:\Windows\System\wshFWwQ.exe

C:\Windows\System\OdEFElP.exe

C:\Windows\System\OdEFElP.exe

C:\Windows\System\DVdACxE.exe

C:\Windows\System\DVdACxE.exe

C:\Windows\System\mbjXmwO.exe

C:\Windows\System\mbjXmwO.exe

C:\Windows\System\BJThFns.exe

C:\Windows\System\BJThFns.exe

C:\Windows\System\xiwAGiI.exe

C:\Windows\System\xiwAGiI.exe

C:\Windows\System\jPSCZbs.exe

C:\Windows\System\jPSCZbs.exe

C:\Windows\System\JxOoHKO.exe

C:\Windows\System\JxOoHKO.exe

C:\Windows\System\mcOBbTU.exe

C:\Windows\System\mcOBbTU.exe

C:\Windows\System\hQboaGU.exe

C:\Windows\System\hQboaGU.exe

C:\Windows\System\qzFSPZE.exe

C:\Windows\System\qzFSPZE.exe

C:\Windows\System\nDzepdf.exe

C:\Windows\System\nDzepdf.exe

C:\Windows\System\PuwESUP.exe

C:\Windows\System\PuwESUP.exe

C:\Windows\System\UMLMZGB.exe

C:\Windows\System\UMLMZGB.exe

C:\Windows\System\spjhuGV.exe

C:\Windows\System\spjhuGV.exe

C:\Windows\System\dxjydqT.exe

C:\Windows\System\dxjydqT.exe

C:\Windows\System\ewZBtPh.exe

C:\Windows\System\ewZBtPh.exe

C:\Windows\System\FdoTwwv.exe

C:\Windows\System\FdoTwwv.exe

C:\Windows\System\Kjauuaf.exe

C:\Windows\System\Kjauuaf.exe

C:\Windows\System\ZaQeFFX.exe

C:\Windows\System\ZaQeFFX.exe

C:\Windows\System\gwNILvp.exe

C:\Windows\System\gwNILvp.exe

C:\Windows\System\tBRMtGQ.exe

C:\Windows\System\tBRMtGQ.exe

C:\Windows\System\FHRhLBl.exe

C:\Windows\System\FHRhLBl.exe

C:\Windows\System\emheruj.exe

C:\Windows\System\emheruj.exe

C:\Windows\System\LigHoBN.exe

C:\Windows\System\LigHoBN.exe

C:\Windows\System\RwqhSHV.exe

C:\Windows\System\RwqhSHV.exe

C:\Windows\System\CqnJMom.exe

C:\Windows\System\CqnJMom.exe

C:\Windows\System\aMAfyVx.exe

C:\Windows\System\aMAfyVx.exe

C:\Windows\System\KbnoTOZ.exe

C:\Windows\System\KbnoTOZ.exe

C:\Windows\System\ZuyqwJy.exe

C:\Windows\System\ZuyqwJy.exe

C:\Windows\System\QeRKSBG.exe

C:\Windows\System\QeRKSBG.exe

C:\Windows\System\RCqEunq.exe

C:\Windows\System\RCqEunq.exe

C:\Windows\System\BnoUzlt.exe

C:\Windows\System\BnoUzlt.exe

C:\Windows\System\wUNhZxl.exe

C:\Windows\System\wUNhZxl.exe

C:\Windows\System\VdidLhX.exe

C:\Windows\System\VdidLhX.exe

C:\Windows\System\NkWjjVZ.exe

C:\Windows\System\NkWjjVZ.exe

C:\Windows\System\LtkGpPp.exe

C:\Windows\System\LtkGpPp.exe

C:\Windows\System\cdGTCqV.exe

C:\Windows\System\cdGTCqV.exe

C:\Windows\System\LvwQADY.exe

C:\Windows\System\LvwQADY.exe

C:\Windows\System\KlhcqKS.exe

C:\Windows\System\KlhcqKS.exe

C:\Windows\System\tSQfsWq.exe

C:\Windows\System\tSQfsWq.exe

C:\Windows\System\WXfQzSa.exe

C:\Windows\System\WXfQzSa.exe

C:\Windows\System\fEpUFZW.exe

C:\Windows\System\fEpUFZW.exe

C:\Windows\System\BENlCvu.exe

C:\Windows\System\BENlCvu.exe

C:\Windows\System\LCDqQBx.exe

C:\Windows\System\LCDqQBx.exe

C:\Windows\System\AIbVTls.exe

C:\Windows\System\AIbVTls.exe

C:\Windows\System\wCgmmlR.exe

C:\Windows\System\wCgmmlR.exe

C:\Windows\System\EHpFQXa.exe

C:\Windows\System\EHpFQXa.exe

C:\Windows\System\eepMrSP.exe

C:\Windows\System\eepMrSP.exe

C:\Windows\System\hwgHgxj.exe

C:\Windows\System\hwgHgxj.exe

C:\Windows\System\eeJdKYo.exe

C:\Windows\System\eeJdKYo.exe

C:\Windows\System\jcUzHDp.exe

C:\Windows\System\jcUzHDp.exe

C:\Windows\System\ViKsQWw.exe

C:\Windows\System\ViKsQWw.exe

C:\Windows\System\coWBLJq.exe

C:\Windows\System\coWBLJq.exe

C:\Windows\System\wVNHvDd.exe

C:\Windows\System\wVNHvDd.exe

C:\Windows\System\BQaTYMo.exe

C:\Windows\System\BQaTYMo.exe

C:\Windows\System\jAwHyEw.exe

C:\Windows\System\jAwHyEw.exe

C:\Windows\System\lOWpQjB.exe

C:\Windows\System\lOWpQjB.exe

C:\Windows\System\xqUapoW.exe

C:\Windows\System\xqUapoW.exe

C:\Windows\System\Gaulrxs.exe

C:\Windows\System\Gaulrxs.exe

C:\Windows\System\MLUAHWH.exe

C:\Windows\System\MLUAHWH.exe

C:\Windows\System\gSmsawW.exe

C:\Windows\System\gSmsawW.exe

C:\Windows\System\BexfoqN.exe

C:\Windows\System\BexfoqN.exe

C:\Windows\System\HlgviTY.exe

C:\Windows\System\HlgviTY.exe

C:\Windows\System\xEfbCXF.exe

C:\Windows\System\xEfbCXF.exe

C:\Windows\System\UpcCSrg.exe

C:\Windows\System\UpcCSrg.exe

C:\Windows\System\vpVsJcQ.exe

C:\Windows\System\vpVsJcQ.exe

C:\Windows\System\QomFkqP.exe

C:\Windows\System\QomFkqP.exe

C:\Windows\System\ozVjDan.exe

C:\Windows\System\ozVjDan.exe

C:\Windows\System\BBOGHub.exe

C:\Windows\System\BBOGHub.exe

C:\Windows\System\ELgETaE.exe

C:\Windows\System\ELgETaE.exe

C:\Windows\System\icrSppA.exe

C:\Windows\System\icrSppA.exe

C:\Windows\System\CeDmtzM.exe

C:\Windows\System\CeDmtzM.exe

C:\Windows\System\ZhLjKmW.exe

C:\Windows\System\ZhLjKmW.exe

C:\Windows\System\ujbnsDW.exe

C:\Windows\System\ujbnsDW.exe

C:\Windows\System\qeSlKUg.exe

C:\Windows\System\qeSlKUg.exe

C:\Windows\System\rrDGomV.exe

C:\Windows\System\rrDGomV.exe

C:\Windows\System\SGlVaJp.exe

C:\Windows\System\SGlVaJp.exe

C:\Windows\System\pWyJdgB.exe

C:\Windows\System\pWyJdgB.exe

C:\Windows\System\FjKADra.exe

C:\Windows\System\FjKADra.exe

C:\Windows\System\kCDylhZ.exe

C:\Windows\System\kCDylhZ.exe

C:\Windows\System\WvcuPuu.exe

C:\Windows\System\WvcuPuu.exe

C:\Windows\System\YyAnKrM.exe

C:\Windows\System\YyAnKrM.exe

C:\Windows\System\bZyklmu.exe

C:\Windows\System\bZyklmu.exe

C:\Windows\System\viIJACf.exe

C:\Windows\System\viIJACf.exe

C:\Windows\System\rBKuuLz.exe

C:\Windows\System\rBKuuLz.exe

C:\Windows\System\qdpRkOg.exe

C:\Windows\System\qdpRkOg.exe

C:\Windows\System\cLgRFXt.exe

C:\Windows\System\cLgRFXt.exe

C:\Windows\System\NwLWREg.exe

C:\Windows\System\NwLWREg.exe

C:\Windows\System\eZncVTB.exe

C:\Windows\System\eZncVTB.exe

C:\Windows\System\DKmzRQQ.exe

C:\Windows\System\DKmzRQQ.exe

C:\Windows\System\QTuNEJn.exe

C:\Windows\System\QTuNEJn.exe

C:\Windows\System\kdTOkxn.exe

C:\Windows\System\kdTOkxn.exe

C:\Windows\System\HhrPrvp.exe

C:\Windows\System\HhrPrvp.exe

C:\Windows\System\JSYzvYg.exe

C:\Windows\System\JSYzvYg.exe

C:\Windows\System\CpixMys.exe

C:\Windows\System\CpixMys.exe

C:\Windows\System\tixAIMD.exe

C:\Windows\System\tixAIMD.exe

C:\Windows\System\GUiszkM.exe

C:\Windows\System\GUiszkM.exe

C:\Windows\System\DMkeaKW.exe

C:\Windows\System\DMkeaKW.exe

C:\Windows\System\BvicMto.exe

C:\Windows\System\BvicMto.exe

C:\Windows\System\ssGhatf.exe

C:\Windows\System\ssGhatf.exe

C:\Windows\System\DjITPmU.exe

C:\Windows\System\DjITPmU.exe

C:\Windows\System\bxyvptN.exe

C:\Windows\System\bxyvptN.exe

C:\Windows\System\ASlSHME.exe

C:\Windows\System\ASlSHME.exe

C:\Windows\System\qlufQiM.exe

C:\Windows\System\qlufQiM.exe

C:\Windows\System\kufofkv.exe

C:\Windows\System\kufofkv.exe

C:\Windows\System\XUTIoUa.exe

C:\Windows\System\XUTIoUa.exe

C:\Windows\System\ItwBTbc.exe

C:\Windows\System\ItwBTbc.exe

C:\Windows\System\IHDqOcI.exe

C:\Windows\System\IHDqOcI.exe

C:\Windows\System\XvatKrw.exe

C:\Windows\System\XvatKrw.exe

C:\Windows\System\PhhWnpr.exe

C:\Windows\System\PhhWnpr.exe

C:\Windows\System\ggAtXKr.exe

C:\Windows\System\ggAtXKr.exe

C:\Windows\System\vnvGXlY.exe

C:\Windows\System\vnvGXlY.exe

C:\Windows\System\eykIIvI.exe

C:\Windows\System\eykIIvI.exe

C:\Windows\System\GCJiOUw.exe

C:\Windows\System\GCJiOUw.exe

C:\Windows\System\KwQdtFj.exe

C:\Windows\System\KwQdtFj.exe

C:\Windows\System\GyPeQYp.exe

C:\Windows\System\GyPeQYp.exe

C:\Windows\System\lPTQsDu.exe

C:\Windows\System\lPTQsDu.exe

C:\Windows\System\AqMYjoJ.exe

C:\Windows\System\AqMYjoJ.exe

C:\Windows\System\dvwquYP.exe

C:\Windows\System\dvwquYP.exe

C:\Windows\System\xPsymNG.exe

C:\Windows\System\xPsymNG.exe

C:\Windows\System\HtpgSxl.exe

C:\Windows\System\HtpgSxl.exe

C:\Windows\System\NmIGbcJ.exe

C:\Windows\System\NmIGbcJ.exe

C:\Windows\System\XIAIhlL.exe

C:\Windows\System\XIAIhlL.exe

C:\Windows\System\KwNNJXH.exe

C:\Windows\System\KwNNJXH.exe

C:\Windows\System\PiVpfAX.exe

C:\Windows\System\PiVpfAX.exe

C:\Windows\System\jCxvzHd.exe

C:\Windows\System\jCxvzHd.exe

C:\Windows\System\QcIDBvU.exe

C:\Windows\System\QcIDBvU.exe

C:\Windows\System\QxzcfbD.exe

C:\Windows\System\QxzcfbD.exe

C:\Windows\System\uwGzFzp.exe

C:\Windows\System\uwGzFzp.exe

C:\Windows\System\mhtBTcz.exe

C:\Windows\System\mhtBTcz.exe

C:\Windows\System\RcYBvcd.exe

C:\Windows\System\RcYBvcd.exe

C:\Windows\System\DphFAXp.exe

C:\Windows\System\DphFAXp.exe

C:\Windows\System\CtjfzuC.exe

C:\Windows\System\CtjfzuC.exe

C:\Windows\System\TYSVMId.exe

C:\Windows\System\TYSVMId.exe

C:\Windows\System\SzeUGuJ.exe

C:\Windows\System\SzeUGuJ.exe

C:\Windows\System\YHyOeJU.exe

C:\Windows\System\YHyOeJU.exe

C:\Windows\System\CCNDVHq.exe

C:\Windows\System\CCNDVHq.exe

C:\Windows\System\ZuilwTW.exe

C:\Windows\System\ZuilwTW.exe

C:\Windows\System\MmdhSra.exe

C:\Windows\System\MmdhSra.exe

C:\Windows\System\YzftzCa.exe

C:\Windows\System\YzftzCa.exe

C:\Windows\System\HFpdrxj.exe

C:\Windows\System\HFpdrxj.exe

C:\Windows\System\BalEoJi.exe

C:\Windows\System\BalEoJi.exe

C:\Windows\System\tsNWYng.exe

C:\Windows\System\tsNWYng.exe

C:\Windows\System\rigoFQW.exe

C:\Windows\System\rigoFQW.exe

C:\Windows\System\TCxmwBx.exe

C:\Windows\System\TCxmwBx.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2984-0-0x000000013F6D0000-0x000000013FAC6000-memory.dmp

memory/2984-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\dbPZUjV.exe

MD5 b778a3b4ce6913801cf6bc2d28b30783
SHA1 e2cc4a43431d41b1c80dc8a16144d2114ac4e5aa
SHA256 3c797086f5d44409a1190454486e9d6dcd3343fc61e1b31f041a07cb749f9d7d
SHA512 a377e97f4145f48a1409bae2d969f7e9f13bf08b88fc932bdf98541041b9b4c7b2170bee7c32bd583351c15c45f4a6df0dd6aa7470290d7cd25bad7c1bdc20df

memory/2984-12-0x0000000003120000-0x0000000003516000-memory.dmp

memory/2204-15-0x000007FEF58DE000-0x000007FEF58DF000-memory.dmp

\Windows\system\IUFzDHx.exe

MD5 7f11bfa4b1da0750e5b2053b47bfcd46
SHA1 663b9442664a92cc74b7a5c0cbab469701e3123e
SHA256 81d582f582df1e48890b28821317da8aae7fafcc5642d2ec3c1647511e44efb3
SHA512 f0c222c6b4e10bf64caa2e75a1cd86fb337de7ee1e38c0ff417f68f055a0063674cdbc65bd4b421f7147f5576929876fce72f8068c3adfd2d9d4a1f50c1fbd76

memory/2204-14-0x0000000002A00000-0x0000000002A80000-memory.dmp

memory/1152-13-0x000000013F790000-0x000000013FB86000-memory.dmp

C:\Windows\system\NqBsJcj.exe

MD5 6eed695e229489b33feaf80366842887
SHA1 75eb4c02fb93f3433101b487b31d133f976462f0
SHA256 57d0154548cef237cceadbd292f329cceb2d8bd129a97d6da3a88475739c499b
SHA512 110a49bc7b0b142691f28b60c38976ef94d6ecf58aebea86d31ef750c2f4e6876d91fa870d78a495be3b775d17f333fbc84374527eb49748717d3ed18fe960db

memory/2204-21-0x00000000027E0000-0x00000000027E8000-memory.dmp

memory/2204-43-0x000007FEF5620000-0x000007FEF5FBD000-memory.dmp

memory/2300-64-0x000000013F380000-0x000000013F776000-memory.dmp

C:\Windows\system\kyIljpk.exe

MD5 79fe6e4344a7545ff22e14bc9fe9cf4a
SHA1 b9da6c33194e264247c790416d00c58e22d761d5
SHA256 6765ae8d0e943edfe02fdd44b2cb21e2cb2e11efbc7e02a881e9aeaf9c638b31
SHA512 8177a0b06b50a42c45334abdb5049f43549e460aed37a4fa31a941ea94374c0180ba39ff9ea68bba17b8ee5842a09a307cc03655a6240642854fe6c64087fa53

memory/2920-76-0x000000013FD30000-0x0000000140126000-memory.dmp

memory/2568-81-0x000000013F170000-0x000000013F566000-memory.dmp

\Windows\system\KIoQRQV.exe

MD5 4016b43956c0cf7641a37e10b2c502e3
SHA1 a91c4e245bba079113f5f61b4ea57f55ecb18548
SHA256 bc2db11804ee91cb4ff5486c7efc47a31513cc6f4911c2a01a0a12b5b304604e
SHA512 d97300999445b307b210647d7ba9223c93fd0074aae35ba844a44e98bee39d60c69407261723176d24266a16e715de4e7e3119a4002c1c2c4a59910cc9ad901f

\Windows\system\zFTEYIo.exe

MD5 61f026632ae059d75a92614dc8f3c017
SHA1 82072bdc7450043045ef59eadd3ccef853c69eb2
SHA256 15bdbe16af76c707a399fd39818f6e1e5b863e4835d41cbdd4e9489b0070cce6
SHA512 90888eba70236152b85ee1e4c78bf0e4fad689f460bba1c3be4b117ba6d0acd776981ee9971fa569aa484ca27e39893bcbb84c99b7c12d8ddd9d0401c92d1d44

\Windows\system\zmfHrma.exe

MD5 9ffb3bec7b42bad094c2262b1937344f
SHA1 88083b853520ffdea2b8361307958f513cc408f3
SHA256 240bfc5a516e52151dae2ae094baf79f9e76167ea337c416e373e5b9370968c5
SHA512 30872c7841fcf2564793c74b59876aee1fdbd50d5cf31ff5ba31e2a9f52a9ea3dd9c1ff3d6b16457f838ab41b9087ee660325e21c0973ac3f388d744b365e157

C:\Windows\system\UxMhaeb.exe

MD5 d5d3b0680b61fe57dac3097bdb01d0b7
SHA1 b5ec2a43c78dc59afdf931c04f951c5fdff200ba
SHA256 1fbb95012df73bcac62db464bd17df49880e14b533ba3394ceba2d96c63f11eb
SHA512 a84979d09fcf5591398d24dae93fd6061fb27740d2a31e6d9e14d2ffe9739abc60e8f91b26e33a93973512cbcd02083ddce89f6682a4a4f3d64776c9a583d5ac

memory/2984-103-0x000000013FFF0000-0x00000001403E6000-memory.dmp

memory/2984-102-0x000000013FBC0000-0x000000013FFB6000-memory.dmp

memory/2204-101-0x000007FEF5620000-0x000007FEF5FBD000-memory.dmp

memory/2824-100-0x000000013F070000-0x000000013F466000-memory.dmp

C:\Windows\system\MdIrsEY.exe

MD5 9878de959a20e0e28b033b911e873815
SHA1 1bc8d9381aa59fe6f08d591346418fb217e4d77b
SHA256 aa8868ccf602d7b0f42adc8432933bbd50e1141330e7d4fb794732eaa0081cda
SHA512 a39743309c2aa61c2b789584f5f14f7c4c14c8f22f20415cf4652eaa4c60cf8944ae6397e7bafc94b9bb8cbe4dbc367d8b3b54ceb7b0d02dcac2db9123369eb8

memory/2984-97-0x000000013F070000-0x000000013F466000-memory.dmp

memory/3060-96-0x000000013F610000-0x000000013FA06000-memory.dmp

\Windows\system\DmPvpKv.exe

MD5 529aff2ab4c3ea8614b235c330106c16
SHA1 82340f04351a85e553d98fdebfde7ee9394ebe9d
SHA256 0c04abd6847a7265832c23944cb1a224f14d4fb7836626b635f56df515711663
SHA512 15fc3fcc6242eccecc7f2375eea6eee66ed9072f1cb97f60b25062be1ed1ab72dfd98db9b85eb851a0abb3d3469a0aad5b80f1fb087073e161c2a2da0be30858

C:\Windows\system\CvqzYSo.exe

MD5 c12f7d0379ea8a0e39bef692d579d39f
SHA1 432d96753578f81675427d22ca58e2fb32a07641
SHA256 97e3e98bbf5afa3b368771490a0a2c305fda59070a2f38aba5f5bfaa8b1cecb1
SHA512 53881887d9341ff0d1028cf4a9c71669c168eb5c98e5e12f49c7148c88cb7aed3887e97922ab081b894470d3d91fe295b827214678b26694765425ac66297af6

C:\Windows\system\mFwQtHH.exe

MD5 5d53b3d40c06c4d4bae7a302826c831a
SHA1 946462de7493ea150a429833f4f52554158acb4e
SHA256 5d1218b41f69af808d24c9fe975a3c34bc8b86dd751700cca0ef58bed6de6c3a
SHA512 a472b20384fcb5fb4e00e78e0b41d081d762ff471710ce4b3c4af515a8317f5fb913c14af34b9192d0d786c45935b6b2de76b7098b4096ed3ad76526479dcc0f

C:\Windows\system\CBvCQGa.exe

MD5 bd5157bdb5313e819ee1b72c0335d758
SHA1 96897b0f290f35d2c6f6e2dc9608e9f16cb3f326
SHA256 abb4d675dbf4be17d1c9ea652e20195c4588eab68d3e044f0e5a196fefbc25c7
SHA512 634217ca08939c2b82bb3993bedaccab30419ac002023a8151a646dcd91cc39945aee6ec3b625c3127201b72eb08d19da48ce38a586a3d45fc79c1c2e80928be

C:\Windows\system\giCHmoW.exe

MD5 46ee3271f0207e26e0aa19a04b233153
SHA1 5a6d49292870b635729c33bdf5938c57f2595801
SHA256 303d49aad22f00500c394447647ace3801a1eafe3427b0f7c9827c0f61121e80
SHA512 73961b63fa0812b265e158914f0b6f77361c9c73e1ed04b2f9b9d13015e6b3d36809ee31801f178b63233476bb19949497bc8e28d656f1b807a88d538a983a30

C:\Windows\system\XhhHqdG.exe

MD5 36e22f5fd016cb354b29004dfcce2479
SHA1 2149fffc09bcd5619ee87066a72075dfeb849834
SHA256 abeb798d1413f8b2302756977dc9647665f8d813ac28d6289a674f66b06ec446
SHA512 2e5247691760c0e123982f05a50680d03cbdf01979222516038230e60af525234d8f57f964df1d1642590070d540ae6dfcecb33f0de432355bc55c50e9b3a55c

C:\Windows\system\QoCMQRD.exe

MD5 300d6eb6df7ae3a902fe0b85544b7c4c
SHA1 cef4ae83d636504ca7ec5f5c2937096b34cf5707
SHA256 479787e7d3056e5cd57c576d2984f8e833e28327eaa76b7aae4ea90d1cab2d1a
SHA512 96205519e7fa2627d71c532d597de5ba5cb2cf497ecbd4588fa34f9156dfd261788a635eba56b73f2769e9f8a117c75471400809c3f7060e2d4f650903b7001d

C:\Windows\system\yjMdtdw.exe

MD5 880d792fc96561fc69cf84f07e1522f9
SHA1 38e9122ebca5e873ff5023fdc88e05ac49410c09
SHA256 e6e34bfc37f956af1148220f09b0a521bf1651444d9f55292657122a07c3941b
SHA512 41930eea346cd2cdc345465c4481a3372d230fc9e3da6333d9eb4bdf2ba3c27536bb315cc2f6b261e99c013733130d0ad36a74987d8d35f4cbccc71c26a409a9

C:\Windows\system\wVdPruI.exe

MD5 5a4760e36a23f043f97aa5bde7e1ee6e
SHA1 1209efcf188e71b40ba42892ca404cde1c3cfa88
SHA256 870f11260f158997e1239ef02bb81d3f1c0494b3001146af62ed48c98cafe595
SHA512 8b2e0000689bf4bb4bb7271df262eea6cdde7976eacba449df94fbfef7771f8a2409258545f25f0038865904c9d066960b1bea285901e2502b96b974dd3897d1

C:\Windows\system\QubnOvJ.exe

MD5 91e28f74a9b4d8452ead7018d3c2f7f9
SHA1 f81a5c4d5e52419ebf758feb11b14282aa9c14a8
SHA256 6972c2f1c75130484eb494186a309f6b619af8f5b49b336a9a4117c500be8455
SHA512 b581d295f969705615cda34be301f0eb63b0b104f18487bceb6bed66216976489b6ba3c3f5ae8551227ecc285f80ac8a8a24346d0c38dddadbc9916b925d6dcf

memory/2984-95-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2572-94-0x000000013F710000-0x000000013FB06000-memory.dmp

C:\Windows\system\mhdMfBo.exe

MD5 13395b5015ec80322a231f207e0289a0
SHA1 859ab8b9f690c0ffb7d1697d5e5677b04c1b8f03
SHA256 831912d5cdced2f292e855f2f2b53b7c0860e4371a2398b072520d2081091ad4
SHA512 106794e64bf273f880d8144576db8545b0cc17bf7dd8c33a153d1d2cd76cd6ed812d2737910ca0729c92fff35cf11045e393cd64ed7b0c1d36c3c164ebf17bd2

memory/2984-92-0x0000000003890000-0x0000000003C86000-memory.dmp

\Windows\system\NskRmLi.exe

MD5 46d48e19ea8862bb750fe7a3067a831d
SHA1 980ce14dbb7b48b475dd83c55690a9077d977ea3
SHA256 8f6b40b3bea193235f6b91d703425fc2c3cbb4e1a3e437fc1f95e5f389846d17
SHA512 169ba9f5e200ec6840483e6434f7409828a3edd69cec119029a9611e8c8a63d56879a3afa16b2862319609b950d96dd6ddb0608e1fe68562395a48288940044d

\Windows\system\FfgnNos.exe

MD5 18854b2d66c33b8c99b186aa59e5c999
SHA1 23c5f70d3c5cd8b48b51506696b273ca1490402e
SHA256 0ef163e33ef64a71be7b9fd1358dc63fb6d015af9dbb36e34cd1b03c5bbf84cc
SHA512 d7d2281e8431fe1d0716ef1a6be5d1add3d61919fec5207bf191d34396440793f484a200351558bf0a7b02535a7e7613c3af72d6414c914597ee0ab077d64883

memory/2984-70-0x000000013F170000-0x000000013F566000-memory.dmp

memory/2984-66-0x0000000003890000-0x0000000003C86000-memory.dmp

\Windows\system\gnqIfoP.exe

MD5 907cc045a2b719282c4f9b523e8548aa
SHA1 bcf634f0001d2c1b40b60173cc34415cdc03b66f
SHA256 aebc7856eb513abd1bd5027502f03de804054bf3e5fc83eae293f2983643260f
SHA512 c8bb45b066f2cd31f59e0b5a7c91b62455f796cc568d4160b3c4fd02e9ee004b5c621f024f18b8baaab2b682a6a1c0d820884e61f2210ffaf8a74a483d5fadc7

C:\Windows\system\lYiKRPC.exe

MD5 e3b86679fc968676090a92d941f4863f
SHA1 3178f9ae424df6e2a931f555f609e4330db947db
SHA256 25703d96fb991f8f5c29b7d719f861fb3283251ff6a354c2d3dda0af6c0adbd7
SHA512 250a53b35153cdbf7694ffd3984b7fd3e9c6fcd9f4678d6903db4079523f9d3407d4c8f080cdeeefce2763bd4bac2676db23347cfa90a75682415abfdf508eea

memory/2984-58-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2984-57-0x0000000003890000-0x0000000003C86000-memory.dmp

C:\Windows\system\UPhSEjr.exe

MD5 c4a1a781a672d4f033ecc25b6e8c5930
SHA1 1f4a32539283e683f951c50614ff41078a03bd0b
SHA256 1e9ca1f89b7881cdfde4647aa94dc80040e52c6060be26faa4dde2e809686600
SHA512 f85e4f07cf843c35c9d43d6f0f8fd6074c3e31dadedb5f55d1bd2acf8170644bf7636d414f541cb48e87af680af6806fd461b8cfbbc48d7638117bb75849bf42

memory/2984-111-0x000000013F0C0000-0x000000013F4B6000-memory.dmp

memory/2344-110-0x000000013F5A0000-0x000000013F996000-memory.dmp

memory/2204-29-0x000007FEF5620000-0x000007FEF5FBD000-memory.dmp

memory/2984-106-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

memory/2772-105-0x000000013F870000-0x000000013FC66000-memory.dmp

C:\Windows\system\XZRNRYo.exe

MD5 4534dc7b718be5d5d76b301db48376e6
SHA1 745cac33b8699be6f15c776a9419f611d482d743
SHA256 713fed9c27ba553300f56737595e717b6809c771218b9cc238f5388fa275cf0f
SHA512 a4d85ef308713601102a9c6909557f4feb09628a8e7813b0c8c7a7141535909a67dad103bd119a8d564c0d65d26dd5fa96bd09294ee9b3b01c0290bf712606cc

memory/2676-49-0x000000013FBC0000-0x000000013FFB6000-memory.dmp

C:\Windows\system\ikyuinX.exe

MD5 6ca148b570a72ef02deac6d78cd54c9f
SHA1 f44683c26ba53c5d1eff1d14960b28f3849e5344
SHA256 ffa9f04ad710a0a93adcfd0b3adadfd22b235c021b451be10e68c87267de771d
SHA512 ff7d1849ba475aca8d307e8df09e2c9ec3c879083299cc1400acffda67f7be0bd680240c238730bdcba911018508a11c55b1df779bb592973ef7b185bfbb0b60

C:\Windows\system\yDFFlQa.exe

MD5 ae50dbdd241ab3402329511a197f6618
SHA1 7cb50977be307737ecf22d4115ca3cf00f2f0019
SHA256 7dbd4081129a3c5cb1c840366db715c4d6dbc8fd424f63208d8d5af1adbbbc23
SHA512 41d39afdb0c461f69b00af501314c9c1020c8bbb1f5209260602f104bc37096dc01d09abab4d4add9ad50735d89a7558283363de8dc20c7fa3d81dc00f1536bf

C:\Windows\system\innXFbP.exe

MD5 6e0de1dea1ecf7383550224f78af235e
SHA1 09a3a9cd069a2a5ead28f4e65062dcf4a2b0e3ce
SHA256 67c6636d89166f1eb2ad0c658ba96bc5540b72bd6576a1682cf6a0b7ca5a9ade
SHA512 784e9c27d1fef2e082349d6ea632754fef4ad877d1dcec5401355b6e4becf0b4548d9acffb5ad8a473266b12d317b5419683c2361f3f929738cb9cc9f5a07008

\Windows\system\IWdbfQh.exe

MD5 b11cb344ff98dd6fad6ae16be771188e
SHA1 982db26aaf701424743f0c3ac4efd2eedb23b60d
SHA256 732c080f1b741e7d378bc600ef76153eb0b04f633593da7ef961d980cdd11c7f
SHA512 b3ab785f8dbdebdff60242b1a6d40e3e3467540e9e0391a1f56d28b1b0d866223a7f7a485ca2b30d17f740a7c8413cfab323ed7a5ee977a3a766554fb6d4213c

memory/2204-19-0x000000001B790000-0x000000001BA72000-memory.dmp

C:\Windows\system\xkwBPVz.exe

MD5 6d21c5637b0e1765dc32d0d930c4b4a7
SHA1 00bbb2e20727118fe31974b0860e7b138b70b9fc
SHA256 a2f59c7b4504761f65ad8796f5e30227dd3f1a4a2cadeb3d9f0f6278c2be2af9
SHA512 31d5aeacb82c259f4f4830706ac9de81e61d17689293613c91ad1f8dea4d8cf2f40f2806576cb49facfbc7d13dc1220d67f741e6f80b85f193132f84d2f96600

C:\Windows\system\dXPDvEa.exe

MD5 f2132a917bf58894b9bbf0d1052ce971
SHA1 aa0c41c6f76700e59c1078323d4fd32712ba6a2a
SHA256 ccf114d5d5c554acfd308fb5517f342b4f1016f7c7be2d6ee89b850f9b2032dd
SHA512 cd94df97b9d1729bf14d8e7f8ee23509fccbcbf8871ed5764fcee7a8e44c5dea3031e0e8ad2569fce76dd75b6f12612c1feaf8a274ac39425485c34af9728957

\Windows\system\hIVsAFQ.exe

MD5 ca9b9fa561a402a36bee0a7ddb45e6c9
SHA1 a11c90e9ccd23a8279abc413d10b1425943a5cae
SHA256 d79444471da4004dcc5a144886b5aaabd4a777c6b62898c695f8504539e0b1a6
SHA512 d029941fb3266f12d0b2bd2922979f34aa3bfe24fe61275fca779ef02b823320ec2e0e9773a827107f7e2a1a8d95bd2108b9c396f48e940235a98887b0031cc3

memory/2204-332-0x000007FEF5620000-0x000007FEF5FBD000-memory.dmp

memory/2984-2928-0x000000013F6D0000-0x000000013FAC6000-memory.dmp

memory/2984-2930-0x0000000003120000-0x0000000003516000-memory.dmp

memory/2984-3144-0x0000000003890000-0x0000000003C86000-memory.dmp

memory/2572-6579-0x000000013F710000-0x000000013FB06000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 16:28

Reported

2024-05-25 16:31

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dbPZUjV.exe N/A
N/A N/A C:\Windows\System\IUFzDHx.exe N/A
N/A N/A C:\Windows\System\NqBsJcj.exe N/A
N/A N/A C:\Windows\System\lYiKRPC.exe N/A
N/A N/A C:\Windows\System\yDFFlQa.exe N/A
N/A N/A C:\Windows\System\zFTEYIo.exe N/A
N/A N/A C:\Windows\System\mhdMfBo.exe N/A
N/A N/A C:\Windows\System\ikyuinX.exe N/A
N/A N/A C:\Windows\System\UPhSEjr.exe N/A
N/A N/A C:\Windows\System\MdIrsEY.exe N/A
N/A N/A C:\Windows\System\XZRNRYo.exe N/A
N/A N/A C:\Windows\System\gnqIfoP.exe N/A
N/A N/A C:\Windows\System\kyIljpk.exe N/A
N/A N/A C:\Windows\System\FfgnNos.exe N/A
N/A N/A C:\Windows\System\KIoQRQV.exe N/A
N/A N/A C:\Windows\System\UxMhaeb.exe N/A
N/A N/A C:\Windows\System\zmfHrma.exe N/A
N/A N/A C:\Windows\System\QubnOvJ.exe N/A
N/A N/A C:\Windows\System\wVdPruI.exe N/A
N/A N/A C:\Windows\System\QoCMQRD.exe N/A
N/A N/A C:\Windows\System\yjMdtdw.exe N/A
N/A N/A C:\Windows\System\XhhHqdG.exe N/A
N/A N/A C:\Windows\System\giCHmoW.exe N/A
N/A N/A C:\Windows\System\innXFbP.exe N/A
N/A N/A C:\Windows\System\CBvCQGa.exe N/A
N/A N/A C:\Windows\System\xkwBPVz.exe N/A
N/A N/A C:\Windows\System\mFwQtHH.exe N/A
N/A N/A C:\Windows\System\dXPDvEa.exe N/A
N/A N/A C:\Windows\System\CvqzYSo.exe N/A
N/A N/A C:\Windows\System\IWdbfQh.exe N/A
N/A N/A C:\Windows\System\DmPvpKv.exe N/A
N/A N/A C:\Windows\System\hIVsAFQ.exe N/A
N/A N/A C:\Windows\System\NskRmLi.exe N/A
N/A N/A C:\Windows\System\cnIxEGM.exe N/A
N/A N/A C:\Windows\System\JhvvXJb.exe N/A
N/A N/A C:\Windows\System\DJvbzNa.exe N/A
N/A N/A C:\Windows\System\mrHHeep.exe N/A
N/A N/A C:\Windows\System\WxfnPvy.exe N/A
N/A N/A C:\Windows\System\nLXHsrk.exe N/A
N/A N/A C:\Windows\System\cXxLvHL.exe N/A
N/A N/A C:\Windows\System\BFCPVgX.exe N/A
N/A N/A C:\Windows\System\MCiOJSQ.exe N/A
N/A N/A C:\Windows\System\lpQwLoa.exe N/A
N/A N/A C:\Windows\System\tNAvQcf.exe N/A
N/A N/A C:\Windows\System\JwljqDg.exe N/A
N/A N/A C:\Windows\System\UWvYrbR.exe N/A
N/A N/A C:\Windows\System\fabmswg.exe N/A
N/A N/A C:\Windows\System\xBGMWdp.exe N/A
N/A N/A C:\Windows\System\PDQDauC.exe N/A
N/A N/A C:\Windows\System\dihDFmO.exe N/A
N/A N/A C:\Windows\System\StbtNgQ.exe N/A
N/A N/A C:\Windows\System\XmgVllP.exe N/A
N/A N/A C:\Windows\System\IRFGYZt.exe N/A
N/A N/A C:\Windows\System\mWZdOVn.exe N/A
N/A N/A C:\Windows\System\yrAaiPT.exe N/A
N/A N/A C:\Windows\System\dhecDuV.exe N/A
N/A N/A C:\Windows\System\CAzSxYo.exe N/A
N/A N/A C:\Windows\System\VRsjJYI.exe N/A
N/A N/A C:\Windows\System\guUJHry.exe N/A
N/A N/A C:\Windows\System\lKjWMdc.exe N/A
N/A N/A C:\Windows\System\RweGJEO.exe N/A
N/A N/A C:\Windows\System\UcxebqK.exe N/A
N/A N/A C:\Windows\System\XsidSuK.exe N/A
N/A N/A C:\Windows\System\aPlOGiM.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vCBIlPu.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMNJFRb.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hQUobdQ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXfwqsG.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XyGyLMm.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmmJBSI.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qjkozqJ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNzQMyq.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fzPwFAV.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JhvvXJb.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdpEVXT.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpNHuCh.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMQVlvz.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uDuudlt.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tabWpOp.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHEuGNE.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KuXFUfp.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mIMECvG.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mVGxrKW.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tffedQT.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JTWVnkH.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NRUetoM.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnDSvmF.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TeoJXxq.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hBHdKAm.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iQigJBr.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EUqtPwo.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDmLOUn.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZLvfRyc.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gYPqdSA.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BYvPFtA.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxDnBhy.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nkzzCbF.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WrVLnKH.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAubPNm.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXLzSuQ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zwLvVYm.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NmhAULb.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ojBQGmZ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOstYlY.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xXtZTQm.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aKFqPPq.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oWvhVBZ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gEsmEvq.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHzKifu.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyInyqf.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LNVkyST.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKIhJWS.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bwhUybP.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QdCPTZi.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwwGfJd.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdYQckb.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tomtbZQ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPLvqdi.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WaVSnuo.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\urXYzGL.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\StbtNgQ.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRqOMDr.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXGZWeF.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vIGZFMw.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHkPFsf.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sTAihNP.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dihDFmO.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpWxQfV.exe C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5072 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5072 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5072 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\dbPZUjV.exe
PID 5072 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\dbPZUjV.exe
PID 5072 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\IUFzDHx.exe
PID 5072 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\IUFzDHx.exe
PID 5072 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\NqBsJcj.exe
PID 5072 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\NqBsJcj.exe
PID 5072 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\lYiKRPC.exe
PID 5072 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\lYiKRPC.exe
PID 5072 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\yDFFlQa.exe
PID 5072 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\yDFFlQa.exe
PID 5072 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zFTEYIo.exe
PID 5072 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zFTEYIo.exe
PID 5072 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\ikyuinX.exe
PID 5072 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\ikyuinX.exe
PID 5072 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\mhdMfBo.exe
PID 5072 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\mhdMfBo.exe
PID 5072 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UPhSEjr.exe
PID 5072 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UPhSEjr.exe
PID 5072 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\MdIrsEY.exe
PID 5072 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\MdIrsEY.exe
PID 5072 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\XZRNRYo.exe
PID 5072 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\XZRNRYo.exe
PID 5072 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\gnqIfoP.exe
PID 5072 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\gnqIfoP.exe
PID 5072 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\kyIljpk.exe
PID 5072 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\kyIljpk.exe
PID 5072 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\FfgnNos.exe
PID 5072 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\FfgnNos.exe
PID 5072 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\KIoQRQV.exe
PID 5072 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\KIoQRQV.exe
PID 5072 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UxMhaeb.exe
PID 5072 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\UxMhaeb.exe
PID 5072 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zmfHrma.exe
PID 5072 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\zmfHrma.exe
PID 5072 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QubnOvJ.exe
PID 5072 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QubnOvJ.exe
PID 5072 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\wVdPruI.exe
PID 5072 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\wVdPruI.exe
PID 5072 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QoCMQRD.exe
PID 5072 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\QoCMQRD.exe
PID 5072 wrote to memory of 416 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\yjMdtdw.exe
PID 5072 wrote to memory of 416 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\yjMdtdw.exe
PID 5072 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\XhhHqdG.exe
PID 5072 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\XhhHqdG.exe
PID 5072 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\giCHmoW.exe
PID 5072 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\giCHmoW.exe
PID 5072 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\innXFbP.exe
PID 5072 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\innXFbP.exe
PID 5072 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\CBvCQGa.exe
PID 5072 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\CBvCQGa.exe
PID 5072 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\xkwBPVz.exe
PID 5072 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\xkwBPVz.exe
PID 5072 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\mFwQtHH.exe
PID 5072 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\mFwQtHH.exe
PID 5072 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\dXPDvEa.exe
PID 5072 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\dXPDvEa.exe
PID 5072 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\CvqzYSo.exe
PID 5072 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\CvqzYSo.exe
PID 5072 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\IWdbfQh.exe
PID 5072 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\IWdbfQh.exe
PID 5072 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\DmPvpKv.exe
PID 5072 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe C:\Windows\System\DmPvpKv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\26c3a0e2a10ab3d4e835e5e43f95a9e0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\dbPZUjV.exe

C:\Windows\System\dbPZUjV.exe

C:\Windows\System\IUFzDHx.exe

C:\Windows\System\IUFzDHx.exe

C:\Windows\System\NqBsJcj.exe

C:\Windows\System\NqBsJcj.exe

C:\Windows\System\lYiKRPC.exe

C:\Windows\System\lYiKRPC.exe

C:\Windows\System\yDFFlQa.exe

C:\Windows\System\yDFFlQa.exe

C:\Windows\System\zFTEYIo.exe

C:\Windows\System\zFTEYIo.exe

C:\Windows\System\ikyuinX.exe

C:\Windows\System\ikyuinX.exe

C:\Windows\System\mhdMfBo.exe

C:\Windows\System\mhdMfBo.exe

C:\Windows\System\UPhSEjr.exe

C:\Windows\System\UPhSEjr.exe

C:\Windows\System\MdIrsEY.exe

C:\Windows\System\MdIrsEY.exe

C:\Windows\System\XZRNRYo.exe

C:\Windows\System\XZRNRYo.exe

C:\Windows\System\gnqIfoP.exe

C:\Windows\System\gnqIfoP.exe

C:\Windows\System\kyIljpk.exe

C:\Windows\System\kyIljpk.exe

C:\Windows\System\FfgnNos.exe

C:\Windows\System\FfgnNos.exe

C:\Windows\System\KIoQRQV.exe

C:\Windows\System\KIoQRQV.exe

C:\Windows\System\UxMhaeb.exe

C:\Windows\System\UxMhaeb.exe

C:\Windows\System\zmfHrma.exe

C:\Windows\System\zmfHrma.exe

C:\Windows\System\QubnOvJ.exe

C:\Windows\System\QubnOvJ.exe

C:\Windows\System\wVdPruI.exe

C:\Windows\System\wVdPruI.exe

C:\Windows\System\QoCMQRD.exe

C:\Windows\System\QoCMQRD.exe

C:\Windows\System\yjMdtdw.exe

C:\Windows\System\yjMdtdw.exe

C:\Windows\System\XhhHqdG.exe

C:\Windows\System\XhhHqdG.exe

C:\Windows\System\giCHmoW.exe

C:\Windows\System\giCHmoW.exe

C:\Windows\System\innXFbP.exe

C:\Windows\System\innXFbP.exe

C:\Windows\System\CBvCQGa.exe

C:\Windows\System\CBvCQGa.exe

C:\Windows\System\xkwBPVz.exe

C:\Windows\System\xkwBPVz.exe

C:\Windows\System\mFwQtHH.exe

C:\Windows\System\mFwQtHH.exe

C:\Windows\System\dXPDvEa.exe

C:\Windows\System\dXPDvEa.exe

C:\Windows\System\CvqzYSo.exe

C:\Windows\System\CvqzYSo.exe

C:\Windows\System\IWdbfQh.exe

C:\Windows\System\IWdbfQh.exe

C:\Windows\System\DmPvpKv.exe

C:\Windows\System\DmPvpKv.exe

C:\Windows\System\hIVsAFQ.exe

C:\Windows\System\hIVsAFQ.exe

C:\Windows\System\NskRmLi.exe

C:\Windows\System\NskRmLi.exe

C:\Windows\System\cnIxEGM.exe

C:\Windows\System\cnIxEGM.exe

C:\Windows\System\JhvvXJb.exe

C:\Windows\System\JhvvXJb.exe

C:\Windows\System\DJvbzNa.exe

C:\Windows\System\DJvbzNa.exe

C:\Windows\System\mrHHeep.exe

C:\Windows\System\mrHHeep.exe

C:\Windows\System\WxfnPvy.exe

C:\Windows\System\WxfnPvy.exe

C:\Windows\System\nLXHsrk.exe

C:\Windows\System\nLXHsrk.exe

C:\Windows\System\cXxLvHL.exe

C:\Windows\System\cXxLvHL.exe

C:\Windows\System\BFCPVgX.exe

C:\Windows\System\BFCPVgX.exe

C:\Windows\System\MCiOJSQ.exe

C:\Windows\System\MCiOJSQ.exe

C:\Windows\System\lpQwLoa.exe

C:\Windows\System\lpQwLoa.exe

C:\Windows\System\tNAvQcf.exe

C:\Windows\System\tNAvQcf.exe

C:\Windows\System\JwljqDg.exe

C:\Windows\System\JwljqDg.exe

C:\Windows\System\UWvYrbR.exe

C:\Windows\System\UWvYrbR.exe

C:\Windows\System\fabmswg.exe

C:\Windows\System\fabmswg.exe

C:\Windows\System\xBGMWdp.exe

C:\Windows\System\xBGMWdp.exe

C:\Windows\System\PDQDauC.exe

C:\Windows\System\PDQDauC.exe

C:\Windows\System\dihDFmO.exe

C:\Windows\System\dihDFmO.exe

C:\Windows\System\StbtNgQ.exe

C:\Windows\System\StbtNgQ.exe

C:\Windows\System\XmgVllP.exe

C:\Windows\System\XmgVllP.exe

C:\Windows\System\IRFGYZt.exe

C:\Windows\System\IRFGYZt.exe

C:\Windows\System\mWZdOVn.exe

C:\Windows\System\mWZdOVn.exe

C:\Windows\System\yrAaiPT.exe

C:\Windows\System\yrAaiPT.exe

C:\Windows\System\dhecDuV.exe

C:\Windows\System\dhecDuV.exe

C:\Windows\System\CAzSxYo.exe

C:\Windows\System\CAzSxYo.exe

C:\Windows\System\VRsjJYI.exe

C:\Windows\System\VRsjJYI.exe

C:\Windows\System\guUJHry.exe

C:\Windows\System\guUJHry.exe

C:\Windows\System\lKjWMdc.exe

C:\Windows\System\lKjWMdc.exe

C:\Windows\System\RweGJEO.exe

C:\Windows\System\RweGJEO.exe

C:\Windows\System\UcxebqK.exe

C:\Windows\System\UcxebqK.exe

C:\Windows\System\XsidSuK.exe

C:\Windows\System\XsidSuK.exe

C:\Windows\System\aPlOGiM.exe

C:\Windows\System\aPlOGiM.exe

C:\Windows\System\qqvRIcL.exe

C:\Windows\System\qqvRIcL.exe

C:\Windows\System\UIDouGp.exe

C:\Windows\System\UIDouGp.exe

C:\Windows\System\dxxTkre.exe

C:\Windows\System\dxxTkre.exe

C:\Windows\System\eWJkhiZ.exe

C:\Windows\System\eWJkhiZ.exe

C:\Windows\System\NOYAYIu.exe

C:\Windows\System\NOYAYIu.exe

C:\Windows\System\CHEuGNE.exe

C:\Windows\System\CHEuGNE.exe

C:\Windows\System\JqFnZsM.exe

C:\Windows\System\JqFnZsM.exe

C:\Windows\System\nlIpjaX.exe

C:\Windows\System\nlIpjaX.exe

C:\Windows\System\khawvcN.exe

C:\Windows\System\khawvcN.exe

C:\Windows\System\EtZcBrP.exe

C:\Windows\System\EtZcBrP.exe

C:\Windows\System\uyFmVtq.exe

C:\Windows\System\uyFmVtq.exe

C:\Windows\System\zvWFbgi.exe

C:\Windows\System\zvWFbgi.exe

C:\Windows\System\mmlMiCx.exe

C:\Windows\System\mmlMiCx.exe

C:\Windows\System\lYpmhUH.exe

C:\Windows\System\lYpmhUH.exe

C:\Windows\System\qLuvaDx.exe

C:\Windows\System\qLuvaDx.exe

C:\Windows\System\mcwVMzn.exe

C:\Windows\System\mcwVMzn.exe

C:\Windows\System\qqZNXts.exe

C:\Windows\System\qqZNXts.exe

C:\Windows\System\MhtyQxA.exe

C:\Windows\System\MhtyQxA.exe

C:\Windows\System\WEXCbWh.exe

C:\Windows\System\WEXCbWh.exe

C:\Windows\System\JbWNUEt.exe

C:\Windows\System\JbWNUEt.exe

C:\Windows\System\OAiYagG.exe

C:\Windows\System\OAiYagG.exe

C:\Windows\System\UxgeIEK.exe

C:\Windows\System\UxgeIEK.exe

C:\Windows\System\SWUSvJJ.exe

C:\Windows\System\SWUSvJJ.exe

C:\Windows\System\DpWxQfV.exe

C:\Windows\System\DpWxQfV.exe

C:\Windows\System\FPbCkCW.exe

C:\Windows\System\FPbCkCW.exe

C:\Windows\System\HAHQgoS.exe

C:\Windows\System\HAHQgoS.exe

C:\Windows\System\vVhTcDR.exe

C:\Windows\System\vVhTcDR.exe

C:\Windows\System\rCmuBwL.exe

C:\Windows\System\rCmuBwL.exe

C:\Windows\System\NRwTTqp.exe

C:\Windows\System\NRwTTqp.exe

C:\Windows\System\bWdoNra.exe

C:\Windows\System\bWdoNra.exe

C:\Windows\System\VrTImvI.exe

C:\Windows\System\VrTImvI.exe

C:\Windows\System\yKZQVYm.exe

C:\Windows\System\yKZQVYm.exe

C:\Windows\System\IRqOMDr.exe

C:\Windows\System\IRqOMDr.exe

C:\Windows\System\rTNkPEY.exe

C:\Windows\System\rTNkPEY.exe

C:\Windows\System\MfqEqgD.exe

C:\Windows\System\MfqEqgD.exe

C:\Windows\System\aVFlvnN.exe

C:\Windows\System\aVFlvnN.exe

C:\Windows\System\XvnxoMD.exe

C:\Windows\System\XvnxoMD.exe

C:\Windows\System\PJfyAHN.exe

C:\Windows\System\PJfyAHN.exe

C:\Windows\System\ysbyIxT.exe

C:\Windows\System\ysbyIxT.exe

C:\Windows\System\TeoJXxq.exe

C:\Windows\System\TeoJXxq.exe

C:\Windows\System\xcPHaaj.exe

C:\Windows\System\xcPHaaj.exe

C:\Windows\System\pjJPADC.exe

C:\Windows\System\pjJPADC.exe

C:\Windows\System\CCUTkvz.exe

C:\Windows\System\CCUTkvz.exe

C:\Windows\System\xZsTltL.exe

C:\Windows\System\xZsTltL.exe

C:\Windows\System\Dydvpki.exe

C:\Windows\System\Dydvpki.exe

C:\Windows\System\RPlBwMq.exe

C:\Windows\System\RPlBwMq.exe

C:\Windows\System\QDYiRyX.exe

C:\Windows\System\QDYiRyX.exe

C:\Windows\System\keAsKEH.exe

C:\Windows\System\keAsKEH.exe

C:\Windows\System\wZEJZMU.exe

C:\Windows\System\wZEJZMU.exe

C:\Windows\System\xAzQAHC.exe

C:\Windows\System\xAzQAHC.exe

C:\Windows\System\MLRhpjl.exe

C:\Windows\System\MLRhpjl.exe

C:\Windows\System\SfvPwrx.exe

C:\Windows\System\SfvPwrx.exe

C:\Windows\System\oWIhIhi.exe

C:\Windows\System\oWIhIhi.exe

C:\Windows\System\lMPhrHL.exe

C:\Windows\System\lMPhrHL.exe

C:\Windows\System\YjPDEUU.exe

C:\Windows\System\YjPDEUU.exe

C:\Windows\System\hfWEiqo.exe

C:\Windows\System\hfWEiqo.exe

C:\Windows\System\VKXtrBi.exe

C:\Windows\System\VKXtrBi.exe

C:\Windows\System\AilJMpm.exe

C:\Windows\System\AilJMpm.exe

C:\Windows\System\qvXnciX.exe

C:\Windows\System\qvXnciX.exe

C:\Windows\System\DwjMDBi.exe

C:\Windows\System\DwjMDBi.exe

C:\Windows\System\LdYQckb.exe

C:\Windows\System\LdYQckb.exe

C:\Windows\System\TXGZWeF.exe

C:\Windows\System\TXGZWeF.exe

C:\Windows\System\fHenWaO.exe

C:\Windows\System\fHenWaO.exe

C:\Windows\System\hdXSpvJ.exe

C:\Windows\System\hdXSpvJ.exe

C:\Windows\System\bdzahzk.exe

C:\Windows\System\bdzahzk.exe

C:\Windows\System\qXfwqsG.exe

C:\Windows\System\qXfwqsG.exe

C:\Windows\System\zioJSqD.exe

C:\Windows\System\zioJSqD.exe

C:\Windows\System\XJOHsSM.exe

C:\Windows\System\XJOHsSM.exe

C:\Windows\System\zfFWgcr.exe

C:\Windows\System\zfFWgcr.exe

C:\Windows\System\hRPNRYL.exe

C:\Windows\System\hRPNRYL.exe

C:\Windows\System\ojBQGmZ.exe

C:\Windows\System\ojBQGmZ.exe

C:\Windows\System\dPBpPLX.exe

C:\Windows\System\dPBpPLX.exe

C:\Windows\System\EQLKcmK.exe

C:\Windows\System\EQLKcmK.exe

C:\Windows\System\HUGzmRn.exe

C:\Windows\System\HUGzmRn.exe

C:\Windows\System\IkrtkCV.exe

C:\Windows\System\IkrtkCV.exe

C:\Windows\System\Kivbymj.exe

C:\Windows\System\Kivbymj.exe

C:\Windows\System\fEdyivM.exe

C:\Windows\System\fEdyivM.exe

C:\Windows\System\ConpoCh.exe

C:\Windows\System\ConpoCh.exe

C:\Windows\System\uqxARIc.exe

C:\Windows\System\uqxARIc.exe

C:\Windows\System\OGcsjcz.exe

C:\Windows\System\OGcsjcz.exe

C:\Windows\System\avnfVmq.exe

C:\Windows\System\avnfVmq.exe

C:\Windows\System\vOaIrqA.exe

C:\Windows\System\vOaIrqA.exe

C:\Windows\System\TJVHWda.exe

C:\Windows\System\TJVHWda.exe

C:\Windows\System\GxDnBhy.exe

C:\Windows\System\GxDnBhy.exe

C:\Windows\System\nLIbEVt.exe

C:\Windows\System\nLIbEVt.exe

C:\Windows\System\FVhSUZS.exe

C:\Windows\System\FVhSUZS.exe

C:\Windows\System\IugtROE.exe

C:\Windows\System\IugtROE.exe

C:\Windows\System\COZbDDs.exe

C:\Windows\System\COZbDDs.exe

C:\Windows\System\wYkLHUl.exe

C:\Windows\System\wYkLHUl.exe

C:\Windows\System\LxJqZen.exe

C:\Windows\System\LxJqZen.exe

C:\Windows\System\uHZBfHl.exe

C:\Windows\System\uHZBfHl.exe

C:\Windows\System\iEvOJRi.exe

C:\Windows\System\iEvOJRi.exe

C:\Windows\System\OhlPtlj.exe

C:\Windows\System\OhlPtlj.exe

C:\Windows\System\rJrddVa.exe

C:\Windows\System\rJrddVa.exe

C:\Windows\System\CYNReCT.exe

C:\Windows\System\CYNReCT.exe

C:\Windows\System\yAAQuHB.exe

C:\Windows\System\yAAQuHB.exe

C:\Windows\System\fetTJwk.exe

C:\Windows\System\fetTJwk.exe

C:\Windows\System\NQppbGi.exe

C:\Windows\System\NQppbGi.exe

C:\Windows\System\tqZrRiQ.exe

C:\Windows\System\tqZrRiQ.exe

C:\Windows\System\BxZVtqn.exe

C:\Windows\System\BxZVtqn.exe

C:\Windows\System\mMqeNtz.exe

C:\Windows\System\mMqeNtz.exe

C:\Windows\System\nlMkGlE.exe

C:\Windows\System\nlMkGlE.exe

C:\Windows\System\eBsVfkC.exe

C:\Windows\System\eBsVfkC.exe

C:\Windows\System\lPhWfSb.exe

C:\Windows\System\lPhWfSb.exe

C:\Windows\System\BOtbIJm.exe

C:\Windows\System\BOtbIJm.exe

C:\Windows\System\pCQlLng.exe

C:\Windows\System\pCQlLng.exe

C:\Windows\System\YdkCJNl.exe

C:\Windows\System\YdkCJNl.exe

C:\Windows\System\IQKrNAH.exe

C:\Windows\System\IQKrNAH.exe

C:\Windows\System\OSxqUwp.exe

C:\Windows\System\OSxqUwp.exe

C:\Windows\System\VfEOkCm.exe

C:\Windows\System\VfEOkCm.exe

C:\Windows\System\iAubPNm.exe

C:\Windows\System\iAubPNm.exe

C:\Windows\System\dkRCzPP.exe

C:\Windows\System\dkRCzPP.exe

C:\Windows\System\uEmoaPG.exe

C:\Windows\System\uEmoaPG.exe

C:\Windows\System\rTgDrMH.exe

C:\Windows\System\rTgDrMH.exe

C:\Windows\System\HnKMcHA.exe

C:\Windows\System\HnKMcHA.exe

C:\Windows\System\KuXFUfp.exe

C:\Windows\System\KuXFUfp.exe

C:\Windows\System\fhHazZj.exe

C:\Windows\System\fhHazZj.exe

C:\Windows\System\jNyFWTr.exe

C:\Windows\System\jNyFWTr.exe

C:\Windows\System\eLPoYDA.exe

C:\Windows\System\eLPoYDA.exe

C:\Windows\System\vyInyqf.exe

C:\Windows\System\vyInyqf.exe

C:\Windows\System\gzsofse.exe

C:\Windows\System\gzsofse.exe

C:\Windows\System\hNVPXRZ.exe

C:\Windows\System\hNVPXRZ.exe

C:\Windows\System\KxMkCYS.exe

C:\Windows\System\KxMkCYS.exe

C:\Windows\System\GPoCQsX.exe

C:\Windows\System\GPoCQsX.exe

C:\Windows\System\mIMECvG.exe

C:\Windows\System\mIMECvG.exe

C:\Windows\System\PTUQnYy.exe

C:\Windows\System\PTUQnYy.exe

C:\Windows\System\LmigdIN.exe

C:\Windows\System\LmigdIN.exe

C:\Windows\System\CskxYPS.exe

C:\Windows\System\CskxYPS.exe

C:\Windows\System\BfRcoTE.exe

C:\Windows\System\BfRcoTE.exe

C:\Windows\System\nXLzSuQ.exe

C:\Windows\System\nXLzSuQ.exe

C:\Windows\System\XYqVlcs.exe

C:\Windows\System\XYqVlcs.exe

C:\Windows\System\gzsmOQd.exe

C:\Windows\System\gzsmOQd.exe

C:\Windows\System\bmGSYIh.exe

C:\Windows\System\bmGSYIh.exe

C:\Windows\System\HGWQvgp.exe

C:\Windows\System\HGWQvgp.exe

C:\Windows\System\jMriaTZ.exe

C:\Windows\System\jMriaTZ.exe

C:\Windows\System\OaWTbAU.exe

C:\Windows\System\OaWTbAU.exe

C:\Windows\System\MKGlESu.exe

C:\Windows\System\MKGlESu.exe

C:\Windows\System\HPKVrDp.exe

C:\Windows\System\HPKVrDp.exe

C:\Windows\System\TXRasaG.exe

C:\Windows\System\TXRasaG.exe

C:\Windows\System\qlppWGw.exe

C:\Windows\System\qlppWGw.exe

C:\Windows\System\ZzBmdLM.exe

C:\Windows\System\ZzBmdLM.exe

C:\Windows\System\iQigJBr.exe

C:\Windows\System\iQigJBr.exe

C:\Windows\System\mVGxrKW.exe

C:\Windows\System\mVGxrKW.exe

C:\Windows\System\dtjdyUB.exe

C:\Windows\System\dtjdyUB.exe

C:\Windows\System\tffedQT.exe

C:\Windows\System\tffedQT.exe

C:\Windows\System\wAzsKDJ.exe

C:\Windows\System\wAzsKDJ.exe

C:\Windows\System\RAesSAV.exe

C:\Windows\System\RAesSAV.exe

C:\Windows\System\MLJuVAi.exe

C:\Windows\System\MLJuVAi.exe

C:\Windows\System\ffMTubZ.exe

C:\Windows\System\ffMTubZ.exe

C:\Windows\System\ZwnKaYR.exe

C:\Windows\System\ZwnKaYR.exe

C:\Windows\System\GKJdySB.exe

C:\Windows\System\GKJdySB.exe

C:\Windows\System\HgzTyHh.exe

C:\Windows\System\HgzTyHh.exe

C:\Windows\System\PFZgYTL.exe

C:\Windows\System\PFZgYTL.exe

C:\Windows\System\BtLTiAo.exe

C:\Windows\System\BtLTiAo.exe

C:\Windows\System\DqpNnna.exe

C:\Windows\System\DqpNnna.exe

C:\Windows\System\QSMjTYR.exe

C:\Windows\System\QSMjTYR.exe

C:\Windows\System\BjlhPZq.exe

C:\Windows\System\BjlhPZq.exe

C:\Windows\System\iUVnTDN.exe

C:\Windows\System\iUVnTDN.exe

C:\Windows\System\UtAIUTG.exe

C:\Windows\System\UtAIUTG.exe

C:\Windows\System\YBnandx.exe

C:\Windows\System\YBnandx.exe

C:\Windows\System\DmaRjvM.exe

C:\Windows\System\DmaRjvM.exe

C:\Windows\System\cLgtTwg.exe

C:\Windows\System\cLgtTwg.exe

C:\Windows\System\JTWVnkH.exe

C:\Windows\System\JTWVnkH.exe

C:\Windows\System\UdpEVXT.exe

C:\Windows\System\UdpEVXT.exe

C:\Windows\System\HkMeznf.exe

C:\Windows\System\HkMeznf.exe

C:\Windows\System\kAOIXEG.exe

C:\Windows\System\kAOIXEG.exe

C:\Windows\System\BeClztH.exe

C:\Windows\System\BeClztH.exe

C:\Windows\System\lVmCgKo.exe

C:\Windows\System\lVmCgKo.exe

C:\Windows\System\JUsVECk.exe

C:\Windows\System\JUsVECk.exe

C:\Windows\System\CrxzHfc.exe

C:\Windows\System\CrxzHfc.exe

C:\Windows\System\VeoPnfM.exe

C:\Windows\System\VeoPnfM.exe

C:\Windows\System\QXJvuUR.exe

C:\Windows\System\QXJvuUR.exe

C:\Windows\System\AIAkwgW.exe

C:\Windows\System\AIAkwgW.exe

C:\Windows\System\iLTUuXl.exe

C:\Windows\System\iLTUuXl.exe

C:\Windows\System\ohNwYyw.exe

C:\Windows\System\ohNwYyw.exe

C:\Windows\System\EohzQdP.exe

C:\Windows\System\EohzQdP.exe

C:\Windows\System\zCUTxpW.exe

C:\Windows\System\zCUTxpW.exe

C:\Windows\System\zBgoKVQ.exe

C:\Windows\System\zBgoKVQ.exe

C:\Windows\System\tYHacyr.exe

C:\Windows\System\tYHacyr.exe

C:\Windows\System\puvIbsF.exe

C:\Windows\System\puvIbsF.exe

C:\Windows\System\XyGyLMm.exe

C:\Windows\System\XyGyLMm.exe

C:\Windows\System\iOCywlm.exe

C:\Windows\System\iOCywlm.exe

C:\Windows\System\cDdqqDY.exe

C:\Windows\System\cDdqqDY.exe

C:\Windows\System\TPJMJWI.exe

C:\Windows\System\TPJMJWI.exe

C:\Windows\System\zwLvVYm.exe

C:\Windows\System\zwLvVYm.exe

C:\Windows\System\cNczmpl.exe

C:\Windows\System\cNczmpl.exe

C:\Windows\System\VRtQXSN.exe

C:\Windows\System\VRtQXSN.exe

C:\Windows\System\sEblPno.exe

C:\Windows\System\sEblPno.exe

C:\Windows\System\xwwAtWa.exe

C:\Windows\System\xwwAtWa.exe

C:\Windows\System\WlDcqbv.exe

C:\Windows\System\WlDcqbv.exe

C:\Windows\System\PUzfSbv.exe

C:\Windows\System\PUzfSbv.exe

C:\Windows\System\UBgXbkd.exe

C:\Windows\System\UBgXbkd.exe

C:\Windows\System\ulkuOoX.exe

C:\Windows\System\ulkuOoX.exe

C:\Windows\System\hQOIKcr.exe

C:\Windows\System\hQOIKcr.exe

C:\Windows\System\BcPNwmn.exe

C:\Windows\System\BcPNwmn.exe

C:\Windows\System\ZcjSJUG.exe

C:\Windows\System\ZcjSJUG.exe

C:\Windows\System\VSqJrHI.exe

C:\Windows\System\VSqJrHI.exe

C:\Windows\System\urXYzGL.exe

C:\Windows\System\urXYzGL.exe

C:\Windows\System\DcmQbsA.exe

C:\Windows\System\DcmQbsA.exe

C:\Windows\System\xATEwtq.exe

C:\Windows\System\xATEwtq.exe

C:\Windows\System\pTJZKce.exe

C:\Windows\System\pTJZKce.exe

C:\Windows\System\ixNSpNj.exe

C:\Windows\System\ixNSpNj.exe

C:\Windows\System\RUtLLVk.exe

C:\Windows\System\RUtLLVk.exe

C:\Windows\System\qERExPN.exe

C:\Windows\System\qERExPN.exe

C:\Windows\System\qnzxlPR.exe

C:\Windows\System\qnzxlPR.exe

C:\Windows\System\HcHVTqX.exe

C:\Windows\System\HcHVTqX.exe

C:\Windows\System\GXzCeGX.exe

C:\Windows\System\GXzCeGX.exe

C:\Windows\System\NRUetoM.exe

C:\Windows\System\NRUetoM.exe

C:\Windows\System\VnAurkr.exe

C:\Windows\System\VnAurkr.exe

C:\Windows\System\bYSXlro.exe

C:\Windows\System\bYSXlro.exe

C:\Windows\System\qwaDaTh.exe

C:\Windows\System\qwaDaTh.exe

C:\Windows\System\pAJpHEN.exe

C:\Windows\System\pAJpHEN.exe

C:\Windows\System\YYUTXMa.exe

C:\Windows\System\YYUTXMa.exe

C:\Windows\System\SPRjLlU.exe

C:\Windows\System\SPRjLlU.exe

C:\Windows\System\RKLlNHm.exe

C:\Windows\System\RKLlNHm.exe

C:\Windows\System\XfvqOyS.exe

C:\Windows\System\XfvqOyS.exe

C:\Windows\System\DOstYlY.exe

C:\Windows\System\DOstYlY.exe

C:\Windows\System\BSgifer.exe

C:\Windows\System\BSgifer.exe

C:\Windows\System\OSjEqbk.exe

C:\Windows\System\OSjEqbk.exe

C:\Windows\System\LcvQcVL.exe

C:\Windows\System\LcvQcVL.exe

C:\Windows\System\uulFaDK.exe

C:\Windows\System\uulFaDK.exe

C:\Windows\System\SfRdQwQ.exe

C:\Windows\System\SfRdQwQ.exe

C:\Windows\System\bpcCYpM.exe

C:\Windows\System\bpcCYpM.exe

C:\Windows\System\XjMPYbe.exe

C:\Windows\System\XjMPYbe.exe

C:\Windows\System\vyPoAnX.exe

C:\Windows\System\vyPoAnX.exe

C:\Windows\System\KfrvDdg.exe

C:\Windows\System\KfrvDdg.exe

C:\Windows\System\SynVaue.exe

C:\Windows\System\SynVaue.exe

C:\Windows\System\gIjxUSc.exe

C:\Windows\System\gIjxUSc.exe

C:\Windows\System\uNOsJop.exe

C:\Windows\System\uNOsJop.exe

C:\Windows\System\JTxoatz.exe

C:\Windows\System\JTxoatz.exe

C:\Windows\System\gTWSegE.exe

C:\Windows\System\gTWSegE.exe

C:\Windows\System\jZJBszT.exe

C:\Windows\System\jZJBszT.exe

C:\Windows\System\WRArXIp.exe

C:\Windows\System\WRArXIp.exe

C:\Windows\System\SpNHuCh.exe

C:\Windows\System\SpNHuCh.exe

C:\Windows\System\kUayhoA.exe

C:\Windows\System\kUayhoA.exe

C:\Windows\System\LNVkyST.exe

C:\Windows\System\LNVkyST.exe

C:\Windows\System\boWUHcH.exe

C:\Windows\System\boWUHcH.exe

C:\Windows\System\eTYqSAT.exe

C:\Windows\System\eTYqSAT.exe

C:\Windows\System\qdJueZE.exe

C:\Windows\System\qdJueZE.exe

C:\Windows\System\iRJSVvJ.exe

C:\Windows\System\iRJSVvJ.exe

C:\Windows\System\pHUrygG.exe

C:\Windows\System\pHUrygG.exe

C:\Windows\System\FXfoZlf.exe

C:\Windows\System\FXfoZlf.exe

C:\Windows\System\RHieMUA.exe

C:\Windows\System\RHieMUA.exe

C:\Windows\System\odFwgTM.exe

C:\Windows\System\odFwgTM.exe

C:\Windows\System\SZDRfzS.exe

C:\Windows\System\SZDRfzS.exe

C:\Windows\System\VvEPLoU.exe

C:\Windows\System\VvEPLoU.exe

C:\Windows\System\jGfxuKW.exe

C:\Windows\System\jGfxuKW.exe

C:\Windows\System\SdyYoZe.exe

C:\Windows\System\SdyYoZe.exe

C:\Windows\System\eYKnhqR.exe

C:\Windows\System\eYKnhqR.exe

C:\Windows\System\FTGiBUi.exe

C:\Windows\System\FTGiBUi.exe

C:\Windows\System\ZyGmpPC.exe

C:\Windows\System\ZyGmpPC.exe

C:\Windows\System\LSGUkhv.exe

C:\Windows\System\LSGUkhv.exe

C:\Windows\System\xWviHVj.exe

C:\Windows\System\xWviHVj.exe

C:\Windows\System\isTdQdP.exe

C:\Windows\System\isTdQdP.exe

C:\Windows\System\rCyaygJ.exe

C:\Windows\System\rCyaygJ.exe

C:\Windows\System\tcHnKvZ.exe

C:\Windows\System\tcHnKvZ.exe

C:\Windows\System\YrTlekm.exe

C:\Windows\System\YrTlekm.exe

C:\Windows\System\eHrsaRT.exe

C:\Windows\System\eHrsaRT.exe

C:\Windows\System\exrKHIz.exe

C:\Windows\System\exrKHIz.exe

C:\Windows\System\TFUHOhl.exe

C:\Windows\System\TFUHOhl.exe

C:\Windows\System\eoVjfxk.exe

C:\Windows\System\eoVjfxk.exe

C:\Windows\System\BoklFiH.exe

C:\Windows\System\BoklFiH.exe

C:\Windows\System\uFeTncG.exe

C:\Windows\System\uFeTncG.exe

C:\Windows\System\qqKAcdR.exe

C:\Windows\System\qqKAcdR.exe

C:\Windows\System\hlGppzZ.exe

C:\Windows\System\hlGppzZ.exe

C:\Windows\System\LELlCCH.exe

C:\Windows\System\LELlCCH.exe

C:\Windows\System\xXtZTQm.exe

C:\Windows\System\xXtZTQm.exe

C:\Windows\System\NSukmKA.exe

C:\Windows\System\NSukmKA.exe

C:\Windows\System\hCJnkCT.exe

C:\Windows\System\hCJnkCT.exe

C:\Windows\System\IfwJktP.exe

C:\Windows\System\IfwJktP.exe

C:\Windows\System\iVadcTn.exe

C:\Windows\System\iVadcTn.exe

C:\Windows\System\fTJoVgN.exe

C:\Windows\System\fTJoVgN.exe

C:\Windows\System\EvGiLqv.exe

C:\Windows\System\EvGiLqv.exe

C:\Windows\System\NmhAULb.exe

C:\Windows\System\NmhAULb.exe

C:\Windows\System\RedcGKn.exe

C:\Windows\System\RedcGKn.exe

C:\Windows\System\fNFVTpo.exe

C:\Windows\System\fNFVTpo.exe

C:\Windows\System\wvrpxQp.exe

C:\Windows\System\wvrpxQp.exe

C:\Windows\System\DOVFFPZ.exe

C:\Windows\System\DOVFFPZ.exe

C:\Windows\System\fVqCDee.exe

C:\Windows\System\fVqCDee.exe

C:\Windows\System\kQwjFNl.exe

C:\Windows\System\kQwjFNl.exe

C:\Windows\System\iGsAZLI.exe

C:\Windows\System\iGsAZLI.exe

C:\Windows\System\zMQVlvz.exe

C:\Windows\System\zMQVlvz.exe

C:\Windows\System\kJVaiGH.exe

C:\Windows\System\kJVaiGH.exe

C:\Windows\System\hBTdSDQ.exe

C:\Windows\System\hBTdSDQ.exe

C:\Windows\System\xCLNRqU.exe

C:\Windows\System\xCLNRqU.exe

C:\Windows\System\OJWkOeJ.exe

C:\Windows\System\OJWkOeJ.exe

C:\Windows\System\tRdeihl.exe

C:\Windows\System\tRdeihl.exe

C:\Windows\System\xOFGSdF.exe

C:\Windows\System\xOFGSdF.exe

C:\Windows\System\WBlHzRR.exe

C:\Windows\System\WBlHzRR.exe

C:\Windows\System\WxQNjuN.exe

C:\Windows\System\WxQNjuN.exe

C:\Windows\System\VuvEpny.exe

C:\Windows\System\VuvEpny.exe

C:\Windows\System\PHeGAWz.exe

C:\Windows\System\PHeGAWz.exe

C:\Windows\System\EUqtPwo.exe

C:\Windows\System\EUqtPwo.exe

C:\Windows\System\yFZVbbX.exe

C:\Windows\System\yFZVbbX.exe

C:\Windows\System\gDCTzEn.exe

C:\Windows\System\gDCTzEn.exe

C:\Windows\System\PjsCUXP.exe

C:\Windows\System\PjsCUXP.exe

C:\Windows\System\aiWZYsx.exe

C:\Windows\System\aiWZYsx.exe

C:\Windows\System\QBNOdhX.exe

C:\Windows\System\QBNOdhX.exe

C:\Windows\System\pbnQiVu.exe

C:\Windows\System\pbnQiVu.exe

C:\Windows\System\vTmuIOY.exe

C:\Windows\System\vTmuIOY.exe

C:\Windows\System\dRTHLXS.exe

C:\Windows\System\dRTHLXS.exe

C:\Windows\System\POTOQoE.exe

C:\Windows\System\POTOQoE.exe

C:\Windows\System\tomtbZQ.exe

C:\Windows\System\tomtbZQ.exe

C:\Windows\System\ZkPwbok.exe

C:\Windows\System\ZkPwbok.exe

C:\Windows\System\HNUPyEV.exe

C:\Windows\System\HNUPyEV.exe

C:\Windows\System\uQVLwVb.exe

C:\Windows\System\uQVLwVb.exe

C:\Windows\System\DoVtMPy.exe

C:\Windows\System\DoVtMPy.exe

C:\Windows\System\UgFQLXG.exe

C:\Windows\System\UgFQLXG.exe

C:\Windows\System\rFXXntP.exe

C:\Windows\System\rFXXntP.exe

C:\Windows\System\kDCxFlk.exe

C:\Windows\System\kDCxFlk.exe

C:\Windows\System\pJPBIJf.exe

C:\Windows\System\pJPBIJf.exe

C:\Windows\System\apNDMYN.exe

C:\Windows\System\apNDMYN.exe

C:\Windows\System\OwzgrtD.exe

C:\Windows\System\OwzgrtD.exe

C:\Windows\System\YeAzlrx.exe

C:\Windows\System\YeAzlrx.exe

C:\Windows\System\bJxbLMD.exe

C:\Windows\System\bJxbLMD.exe

C:\Windows\System\mjbkUAe.exe

C:\Windows\System\mjbkUAe.exe

C:\Windows\System\vytKWPx.exe

C:\Windows\System\vytKWPx.exe

C:\Windows\System\aKFqPPq.exe

C:\Windows\System\aKFqPPq.exe

C:\Windows\System\ngNOnjW.exe

C:\Windows\System\ngNOnjW.exe

C:\Windows\System\AtNSmnm.exe

C:\Windows\System\AtNSmnm.exe

C:\Windows\System\CYkFMhs.exe

C:\Windows\System\CYkFMhs.exe

C:\Windows\System\xowOCdI.exe

C:\Windows\System\xowOCdI.exe

C:\Windows\System\wcePWhE.exe

C:\Windows\System\wcePWhE.exe

C:\Windows\System\YGdlCAk.exe

C:\Windows\System\YGdlCAk.exe

C:\Windows\System\UnXzXch.exe

C:\Windows\System\UnXzXch.exe

C:\Windows\System\ownWBPP.exe

C:\Windows\System\ownWBPP.exe

C:\Windows\System\FhbCddk.exe

C:\Windows\System\FhbCddk.exe

C:\Windows\System\ZTQORkB.exe

C:\Windows\System\ZTQORkB.exe

C:\Windows\System\WeomfoS.exe

C:\Windows\System\WeomfoS.exe

C:\Windows\System\itcfcTL.exe

C:\Windows\System\itcfcTL.exe

C:\Windows\System\nAMXPvi.exe

C:\Windows\System\nAMXPvi.exe

C:\Windows\System\BATMhqe.exe

C:\Windows\System\BATMhqe.exe

C:\Windows\System\lKSPkNH.exe

C:\Windows\System\lKSPkNH.exe

C:\Windows\System\sGfHzJC.exe

C:\Windows\System\sGfHzJC.exe

C:\Windows\System\aXufMmj.exe

C:\Windows\System\aXufMmj.exe

C:\Windows\System\AXFykgy.exe

C:\Windows\System\AXFykgy.exe

C:\Windows\System\waiKBad.exe

C:\Windows\System\waiKBad.exe

C:\Windows\System\MFjwADg.exe

C:\Windows\System\MFjwADg.exe

C:\Windows\System\etvwagh.exe

C:\Windows\System\etvwagh.exe

C:\Windows\System\oWvhVBZ.exe

C:\Windows\System\oWvhVBZ.exe

C:\Windows\System\qIsuvdd.exe

C:\Windows\System\qIsuvdd.exe

C:\Windows\System\AYOraui.exe

C:\Windows\System\AYOraui.exe

C:\Windows\System\icKcOzB.exe

C:\Windows\System\icKcOzB.exe

C:\Windows\System\AHbLNgI.exe

C:\Windows\System\AHbLNgI.exe

C:\Windows\System\aixbsUc.exe

C:\Windows\System\aixbsUc.exe

C:\Windows\System\AIOxiok.exe

C:\Windows\System\AIOxiok.exe

C:\Windows\System\fcuaCln.exe

C:\Windows\System\fcuaCln.exe

C:\Windows\System\kWYIfHQ.exe

C:\Windows\System\kWYIfHQ.exe

C:\Windows\System\zddjnQC.exe

C:\Windows\System\zddjnQC.exe

C:\Windows\System\iDAwjpm.exe

C:\Windows\System\iDAwjpm.exe

C:\Windows\System\PovmLSS.exe

C:\Windows\System\PovmLSS.exe

C:\Windows\System\avdALKc.exe

C:\Windows\System\avdALKc.exe

C:\Windows\System\mkxbcJe.exe

C:\Windows\System\mkxbcJe.exe

C:\Windows\System\whpAEbS.exe

C:\Windows\System\whpAEbS.exe

C:\Windows\System\bkWmFII.exe

C:\Windows\System\bkWmFII.exe

C:\Windows\System\HtGTHHx.exe

C:\Windows\System\HtGTHHx.exe

C:\Windows\System\vIGZFMw.exe

C:\Windows\System\vIGZFMw.exe

C:\Windows\System\DDmLOUn.exe

C:\Windows\System\DDmLOUn.exe

C:\Windows\System\vKIhJWS.exe

C:\Windows\System\vKIhJWS.exe

C:\Windows\System\dmmJBSI.exe

C:\Windows\System\dmmJBSI.exe

C:\Windows\System\zfcUPyE.exe

C:\Windows\System\zfcUPyE.exe

C:\Windows\System\QHkPFsf.exe

C:\Windows\System\QHkPFsf.exe

C:\Windows\System\IBUdIKU.exe

C:\Windows\System\IBUdIKU.exe

C:\Windows\System\LhZJoLI.exe

C:\Windows\System\LhZJoLI.exe

C:\Windows\System\NAwUXmS.exe

C:\Windows\System\NAwUXmS.exe

C:\Windows\System\wYaJMBU.exe

C:\Windows\System\wYaJMBU.exe

C:\Windows\System\bwhUybP.exe

C:\Windows\System\bwhUybP.exe

C:\Windows\System\rRpBsGb.exe

C:\Windows\System\rRpBsGb.exe

C:\Windows\System\glGUvKn.exe

C:\Windows\System\glGUvKn.exe

C:\Windows\System\YWWEjwt.exe

C:\Windows\System\YWWEjwt.exe

C:\Windows\System\viaSgUN.exe

C:\Windows\System\viaSgUN.exe

C:\Windows\System\wOxlAxj.exe

C:\Windows\System\wOxlAxj.exe

C:\Windows\System\OCzLXnF.exe

C:\Windows\System\OCzLXnF.exe

C:\Windows\System\DLWUMrx.exe

C:\Windows\System\DLWUMrx.exe

C:\Windows\System\AcUFgag.exe

C:\Windows\System\AcUFgag.exe

C:\Windows\System\lvcsQqm.exe

C:\Windows\System\lvcsQqm.exe

C:\Windows\System\ybwBEKQ.exe

C:\Windows\System\ybwBEKQ.exe

C:\Windows\System\qroTges.exe

C:\Windows\System\qroTges.exe

C:\Windows\System\UmnjhBG.exe

C:\Windows\System\UmnjhBG.exe

C:\Windows\System\BTElmgo.exe

C:\Windows\System\BTElmgo.exe

C:\Windows\System\kbmtdAA.exe

C:\Windows\System\kbmtdAA.exe

C:\Windows\System\GoLMNMw.exe

C:\Windows\System\GoLMNMw.exe

C:\Windows\System\kdueqDR.exe

C:\Windows\System\kdueqDR.exe

C:\Windows\System\ZLvfRyc.exe

C:\Windows\System\ZLvfRyc.exe

C:\Windows\System\QBHFUjc.exe

C:\Windows\System\QBHFUjc.exe

C:\Windows\System\WrVLnKH.exe

C:\Windows\System\WrVLnKH.exe

C:\Windows\System\lVxutSS.exe

C:\Windows\System\lVxutSS.exe

C:\Windows\System\qWUirIe.exe

C:\Windows\System\qWUirIe.exe

C:\Windows\System\gVQaEWA.exe

C:\Windows\System\gVQaEWA.exe

C:\Windows\System\vYnHLWO.exe

C:\Windows\System\vYnHLWO.exe

C:\Windows\System\JgBzlEU.exe

C:\Windows\System\JgBzlEU.exe

C:\Windows\System\uRynSkL.exe

C:\Windows\System\uRynSkL.exe

C:\Windows\System\CujEDDP.exe

C:\Windows\System\CujEDDP.exe

C:\Windows\System\nnwwpEV.exe

C:\Windows\System\nnwwpEV.exe

C:\Windows\System\fqGfHej.exe

C:\Windows\System\fqGfHej.exe

C:\Windows\System\BeuhesM.exe

C:\Windows\System\BeuhesM.exe

C:\Windows\System\IXKiAgP.exe

C:\Windows\System\IXKiAgP.exe

C:\Windows\System\VprBxvM.exe

C:\Windows\System\VprBxvM.exe

C:\Windows\System\nkzzCbF.exe

C:\Windows\System\nkzzCbF.exe

C:\Windows\System\TBJOnfs.exe

C:\Windows\System\TBJOnfs.exe

C:\Windows\System\YsWYGXb.exe

C:\Windows\System\YsWYGXb.exe

C:\Windows\System\qSMHfWO.exe

C:\Windows\System\qSMHfWO.exe

C:\Windows\System\NGUzbto.exe

C:\Windows\System\NGUzbto.exe

C:\Windows\System\yuSKxGq.exe

C:\Windows\System\yuSKxGq.exe

C:\Windows\System\avVlmhh.exe

C:\Windows\System\avVlmhh.exe

C:\Windows\System\iSVmFYR.exe

C:\Windows\System\iSVmFYR.exe

C:\Windows\System\EGwebFU.exe

C:\Windows\System\EGwebFU.exe

C:\Windows\System\pvRuAyN.exe

C:\Windows\System\pvRuAyN.exe

C:\Windows\System\txonGqH.exe

C:\Windows\System\txonGqH.exe

C:\Windows\System\eaFkYYq.exe

C:\Windows\System\eaFkYYq.exe

C:\Windows\System\FKFZubs.exe

C:\Windows\System\FKFZubs.exe

C:\Windows\System\TuKLhQM.exe

C:\Windows\System\TuKLhQM.exe

C:\Windows\System\CpNbShO.exe

C:\Windows\System\CpNbShO.exe

C:\Windows\System\agHwuve.exe

C:\Windows\System\agHwuve.exe

C:\Windows\System\uDuudlt.exe

C:\Windows\System\uDuudlt.exe

C:\Windows\System\gioRMXp.exe

C:\Windows\System\gioRMXp.exe

C:\Windows\System\qHWPTDu.exe

C:\Windows\System\qHWPTDu.exe

C:\Windows\System\cyoLczR.exe

C:\Windows\System\cyoLczR.exe

C:\Windows\System\PjkzUBL.exe

C:\Windows\System\PjkzUBL.exe

C:\Windows\System\XsfqUDL.exe

C:\Windows\System\XsfqUDL.exe

C:\Windows\System\IqZnvAB.exe

C:\Windows\System\IqZnvAB.exe

C:\Windows\System\sNJtfVV.exe

C:\Windows\System\sNJtfVV.exe

C:\Windows\System\jSeTeic.exe

C:\Windows\System\jSeTeic.exe

C:\Windows\System\tPLvqdi.exe

C:\Windows\System\tPLvqdi.exe

C:\Windows\System\QXAAAVH.exe

C:\Windows\System\QXAAAVH.exe

C:\Windows\System\mKuHRCT.exe

C:\Windows\System\mKuHRCT.exe

C:\Windows\System\lwQFWWI.exe

C:\Windows\System\lwQFWWI.exe

C:\Windows\System\zeQADaT.exe

C:\Windows\System\zeQADaT.exe

C:\Windows\System\XcLRHoD.exe

C:\Windows\System\XcLRHoD.exe

C:\Windows\System\BfyqOfY.exe

C:\Windows\System\BfyqOfY.exe

C:\Windows\System\qjkozqJ.exe

C:\Windows\System\qjkozqJ.exe

C:\Windows\System\nrtYCjY.exe

C:\Windows\System\nrtYCjY.exe

C:\Windows\System\WaVSnuo.exe

C:\Windows\System\WaVSnuo.exe

C:\Windows\System\RFXUnrf.exe

C:\Windows\System\RFXUnrf.exe

C:\Windows\System\tabWpOp.exe

C:\Windows\System\tabWpOp.exe

C:\Windows\System\nsWiLpj.exe

C:\Windows\System\nsWiLpj.exe

C:\Windows\System\DiVOHVF.exe

C:\Windows\System\DiVOHVF.exe

C:\Windows\System\DjHXKXw.exe

C:\Windows\System\DjHXKXw.exe

C:\Windows\System\vqaVbhw.exe

C:\Windows\System\vqaVbhw.exe

C:\Windows\System\iieEHoL.exe

C:\Windows\System\iieEHoL.exe

C:\Windows\System\ZTfDulI.exe

C:\Windows\System\ZTfDulI.exe

C:\Windows\System\tGgCEQh.exe

C:\Windows\System\tGgCEQh.exe

C:\Windows\System\DIZlzNC.exe

C:\Windows\System\DIZlzNC.exe

C:\Windows\System\gYPqdSA.exe

C:\Windows\System\gYPqdSA.exe

C:\Windows\System\qKSfMiI.exe

C:\Windows\System\qKSfMiI.exe

C:\Windows\System\ydXHBGy.exe

C:\Windows\System\ydXHBGy.exe

C:\Windows\System\IaYnQRE.exe

C:\Windows\System\IaYnQRE.exe

C:\Windows\System\ByXnhhb.exe

C:\Windows\System\ByXnhhb.exe

C:\Windows\System\uFqWOfI.exe

C:\Windows\System\uFqWOfI.exe

C:\Windows\System\BPInray.exe

C:\Windows\System\BPInray.exe

C:\Windows\System\UDyktyq.exe

C:\Windows\System\UDyktyq.exe

C:\Windows\System\QWHdrzb.exe

C:\Windows\System\QWHdrzb.exe

C:\Windows\System\TvMzkrz.exe

C:\Windows\System\TvMzkrz.exe

C:\Windows\System\HDsqLGs.exe

C:\Windows\System\HDsqLGs.exe

C:\Windows\System\NTAbDok.exe

C:\Windows\System\NTAbDok.exe

C:\Windows\System\ZsaSSLp.exe

C:\Windows\System\ZsaSSLp.exe

C:\Windows\System\Tibadrn.exe

C:\Windows\System\Tibadrn.exe

C:\Windows\System\ynQPbwU.exe

C:\Windows\System\ynQPbwU.exe

C:\Windows\System\ZWUurAG.exe

C:\Windows\System\ZWUurAG.exe

C:\Windows\System\hHSexUI.exe

C:\Windows\System\hHSexUI.exe

C:\Windows\System\diBogqQ.exe

C:\Windows\System\diBogqQ.exe

C:\Windows\System\LvgksCR.exe

C:\Windows\System\LvgksCR.exe

C:\Windows\System\HJhjWlH.exe

C:\Windows\System\HJhjWlH.exe

C:\Windows\System\nIPonts.exe

C:\Windows\System\nIPonts.exe

C:\Windows\System\sTAihNP.exe

C:\Windows\System\sTAihNP.exe

C:\Windows\System\VYwMftk.exe

C:\Windows\System\VYwMftk.exe

C:\Windows\System\qxMIDPl.exe

C:\Windows\System\qxMIDPl.exe

C:\Windows\System\kCKofAC.exe

C:\Windows\System\kCKofAC.exe

C:\Windows\System\MzaQEwz.exe

C:\Windows\System\MzaQEwz.exe

C:\Windows\System\jDkKxKQ.exe

C:\Windows\System\jDkKxKQ.exe

C:\Windows\System\LMyBjMl.exe

C:\Windows\System\LMyBjMl.exe

C:\Windows\System\BqebkkH.exe

C:\Windows\System\BqebkkH.exe

C:\Windows\System\BYvPFtA.exe

C:\Windows\System\BYvPFtA.exe

C:\Windows\System\fmquOFN.exe

C:\Windows\System\fmquOFN.exe

C:\Windows\System\dxgOelP.exe

C:\Windows\System\dxgOelP.exe

C:\Windows\System\faWSGLe.exe

C:\Windows\System\faWSGLe.exe

C:\Windows\System\guRSiSn.exe

C:\Windows\System\guRSiSn.exe

C:\Windows\System\iZvJKhY.exe

C:\Windows\System\iZvJKhY.exe

C:\Windows\System\waHwmej.exe

C:\Windows\System\waHwmej.exe

C:\Windows\System\ALycOoX.exe

C:\Windows\System\ALycOoX.exe

C:\Windows\System\mNzQMyq.exe

C:\Windows\System\mNzQMyq.exe

C:\Windows\System\mtncdvq.exe

C:\Windows\System\mtncdvq.exe

C:\Windows\System\YFBWXJv.exe

C:\Windows\System\YFBWXJv.exe

C:\Windows\System\uJBpecT.exe

C:\Windows\System\uJBpecT.exe

C:\Windows\System\olHPaQf.exe

C:\Windows\System\olHPaQf.exe

C:\Windows\System\qaFTnhX.exe

C:\Windows\System\qaFTnhX.exe

C:\Windows\System\XlSzifN.exe

C:\Windows\System\XlSzifN.exe

C:\Windows\System\LBPwToF.exe

C:\Windows\System\LBPwToF.exe

C:\Windows\System\ATMhPaU.exe

C:\Windows\System\ATMhPaU.exe

C:\Windows\System\uTrVwMJ.exe

C:\Windows\System\uTrVwMJ.exe

C:\Windows\System\AEqrdSZ.exe

C:\Windows\System\AEqrdSZ.exe

C:\Windows\System\XrFkHaZ.exe

C:\Windows\System\XrFkHaZ.exe

C:\Windows\System\buKPzuZ.exe

C:\Windows\System\buKPzuZ.exe

C:\Windows\System\qlAXzcP.exe

C:\Windows\System\qlAXzcP.exe

C:\Windows\System\EBFUWXP.exe

C:\Windows\System\EBFUWXP.exe

C:\Windows\System\BnBCPPm.exe

C:\Windows\System\BnBCPPm.exe

C:\Windows\System\tepcYgM.exe

C:\Windows\System\tepcYgM.exe

C:\Windows\System\UnXruqW.exe

C:\Windows\System\UnXruqW.exe

C:\Windows\System\VgLZljK.exe

C:\Windows\System\VgLZljK.exe

C:\Windows\System\vCBIlPu.exe

C:\Windows\System\vCBIlPu.exe

C:\Windows\System\mnrXImR.exe

C:\Windows\System\mnrXImR.exe

C:\Windows\System\qeUXeNa.exe

C:\Windows\System\qeUXeNa.exe

C:\Windows\System\aItfICn.exe

C:\Windows\System\aItfICn.exe

C:\Windows\System\tnDSvmF.exe

C:\Windows\System\tnDSvmF.exe

C:\Windows\System\RWTmDlA.exe

C:\Windows\System\RWTmDlA.exe

C:\Windows\System\fSTDMSD.exe

C:\Windows\System\fSTDMSD.exe

C:\Windows\System\QMNJFRb.exe

C:\Windows\System\QMNJFRb.exe

C:\Windows\System\jrLcbuA.exe

C:\Windows\System\jrLcbuA.exe

C:\Windows\System\HuScrvZ.exe

C:\Windows\System\HuScrvZ.exe

C:\Windows\System\GeMOjyy.exe

C:\Windows\System\GeMOjyy.exe

C:\Windows\System\lnvhncG.exe

C:\Windows\System\lnvhncG.exe

C:\Windows\System\qIbFcfg.exe

C:\Windows\System\qIbFcfg.exe

C:\Windows\System\sleDCxX.exe

C:\Windows\System\sleDCxX.exe

C:\Windows\System\aYqhIxT.exe

C:\Windows\System\aYqhIxT.exe

C:\Windows\System\JPbwcia.exe

C:\Windows\System\JPbwcia.exe

C:\Windows\System\qeIwFmn.exe

C:\Windows\System\qeIwFmn.exe

C:\Windows\System\MYInkxg.exe

C:\Windows\System\MYInkxg.exe

C:\Windows\System\OeGNGQF.exe

C:\Windows\System\OeGNGQF.exe

C:\Windows\System\NSslPaC.exe

C:\Windows\System\NSslPaC.exe

C:\Windows\System\DVmdzNp.exe

C:\Windows\System\DVmdzNp.exe

C:\Windows\System\ImUBeJS.exe

C:\Windows\System\ImUBeJS.exe

C:\Windows\System\jJORBgU.exe

C:\Windows\System\jJORBgU.exe

C:\Windows\System\KHoTPyp.exe

C:\Windows\System\KHoTPyp.exe

C:\Windows\System\hQUobdQ.exe

C:\Windows\System\hQUobdQ.exe

C:\Windows\System\dHDQcAn.exe

C:\Windows\System\dHDQcAn.exe

C:\Windows\System\sJWvuXh.exe

C:\Windows\System\sJWvuXh.exe

C:\Windows\System\kdgIUxo.exe

C:\Windows\System\kdgIUxo.exe

C:\Windows\System\GUIWDUw.exe

C:\Windows\System\GUIWDUw.exe

C:\Windows\System\mWqFFeN.exe

C:\Windows\System\mWqFFeN.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

memory/5072-0-0x00007FF7D24E0000-0x00007FF7D28D6000-memory.dmp

memory/5072-1-0x00000198DDCD0000-0x00000198DDCE0000-memory.dmp

memory/3824-3-0x00007FFE98213000-0x00007FFE98215000-memory.dmp

C:\Windows\System\dbPZUjV.exe

MD5 b778a3b4ce6913801cf6bc2d28b30783
SHA1 e2cc4a43431d41b1c80dc8a16144d2114ac4e5aa
SHA256 3c797086f5d44409a1190454486e9d6dcd3343fc61e1b31f041a07cb749f9d7d
SHA512 a377e97f4145f48a1409bae2d969f7e9f13bf08b88fc932bdf98541041b9b4c7b2170bee7c32bd583351c15c45f4a6df0dd6aa7470290d7cd25bad7c1bdc20df

C:\Windows\System\NqBsJcj.exe

MD5 6eed695e229489b33feaf80366842887
SHA1 75eb4c02fb93f3433101b487b31d133f976462f0
SHA256 57d0154548cef237cceadbd292f329cceb2d8bd129a97d6da3a88475739c499b
SHA512 110a49bc7b0b142691f28b60c38976ef94d6ecf58aebea86d31ef750c2f4e6876d91fa870d78a495be3b775d17f333fbc84374527eb49748717d3ed18fe960db

C:\Windows\System\IUFzDHx.exe

MD5 7f11bfa4b1da0750e5b2053b47bfcd46
SHA1 663b9442664a92cc74b7a5c0cbab469701e3123e
SHA256 81d582f582df1e48890b28821317da8aae7fafcc5642d2ec3c1647511e44efb3
SHA512 f0c222c6b4e10bf64caa2e75a1cd86fb337de7ee1e38c0ff417f68f055a0063674cdbc65bd4b421f7147f5576929876fce72f8068c3adfd2d9d4a1f50c1fbd76

memory/2084-28-0x00007FF7E4940000-0x00007FF7E4D36000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kbpgav2a.uhn.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\yDFFlQa.exe

MD5 ae50dbdd241ab3402329511a197f6618
SHA1 7cb50977be307737ecf22d4115ca3cf00f2f0019
SHA256 7dbd4081129a3c5cb1c840366db715c4d6dbc8fd424f63208d8d5af1adbbbc23
SHA512 41d39afdb0c461f69b00af501314c9c1020c8bbb1f5209260602f104bc37096dc01d09abab4d4add9ad50735d89a7558283363de8dc20c7fa3d81dc00f1536bf

C:\Windows\System\ikyuinX.exe

MD5 6ca148b570a72ef02deac6d78cd54c9f
SHA1 f44683c26ba53c5d1eff1d14960b28f3849e5344
SHA256 ffa9f04ad710a0a93adcfd0b3adadfd22b235c021b451be10e68c87267de771d
SHA512 ff7d1849ba475aca8d307e8df09e2c9ec3c879083299cc1400acffda67f7be0bd680240c238730bdcba911018508a11c55b1df779bb592973ef7b185bfbb0b60

C:\Windows\System\MdIrsEY.exe

MD5 9878de959a20e0e28b033b911e873815
SHA1 1bc8d9381aa59fe6f08d591346418fb217e4d77b
SHA256 aa8868ccf602d7b0f42adc8432933bbd50e1141330e7d4fb794732eaa0081cda
SHA512 a39743309c2aa61c2b789584f5f14f7c4c14c8f22f20415cf4652eaa4c60cf8944ae6397e7bafc94b9bb8cbe4dbc367d8b3b54ceb7b0d02dcac2db9123369eb8

memory/756-72-0x00007FF601970000-0x00007FF601D66000-memory.dmp

memory/3908-75-0x00007FF693D60000-0x00007FF694156000-memory.dmp

memory/4796-78-0x00007FF716B00000-0x00007FF716EF6000-memory.dmp

memory/3284-80-0x00007FF777710000-0x00007FF777B06000-memory.dmp

memory/5012-84-0x00007FF6871E0000-0x00007FF6875D6000-memory.dmp

memory/1380-86-0x00007FF7946F0000-0x00007FF794AE6000-memory.dmp

memory/3952-87-0x00007FF6487F0000-0x00007FF648BE6000-memory.dmp

memory/624-85-0x00007FF77E820000-0x00007FF77EC16000-memory.dmp

C:\Windows\System\gnqIfoP.exe

MD5 907cc045a2b719282c4f9b523e8548aa
SHA1 bcf634f0001d2c1b40b60173cc34415cdc03b66f
SHA256 aebc7856eb513abd1bd5027502f03de804054bf3e5fc83eae293f2983643260f
SHA512 c8bb45b066f2cd31f59e0b5a7c91b62455f796cc568d4160b3c4fd02e9ee004b5c621f024f18b8baaab2b682a6a1c0d820884e61f2210ffaf8a74a483d5fadc7

memory/3824-81-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

memory/2108-79-0x00007FF7EAB40000-0x00007FF7EAF36000-memory.dmp

C:\Windows\System\XZRNRYo.exe

MD5 4534dc7b718be5d5d76b301db48376e6
SHA1 745cac33b8699be6f15c776a9419f611d482d743
SHA256 713fed9c27ba553300f56737595e717b6809c771218b9cc238f5388fa275cf0f
SHA512 a4d85ef308713601102a9c6909557f4feb09628a8e7813b0c8c7a7141535909a67dad103bd119a8d564c0d65d26dd5fa96bd09294ee9b3b01c0290bf712606cc

memory/688-68-0x00007FF72D080000-0x00007FF72D476000-memory.dmp

C:\Windows\System\mhdMfBo.exe

MD5 13395b5015ec80322a231f207e0289a0
SHA1 859ab8b9f690c0ffb7d1697d5e5677b04c1b8f03
SHA256 831912d5cdced2f292e855f2f2b53b7c0860e4371a2398b072520d2081091ad4
SHA512 106794e64bf273f880d8144576db8545b0cc17bf7dd8c33a153d1d2cd76cd6ed812d2737910ca0729c92fff35cf11045e393cd64ed7b0c1d36c3c164ebf17bd2

C:\Windows\System\UPhSEjr.exe

MD5 c4a1a781a672d4f033ecc25b6e8c5930
SHA1 1f4a32539283e683f951c50614ff41078a03bd0b
SHA256 1e9ca1f89b7881cdfde4647aa94dc80040e52c6060be26faa4dde2e809686600
SHA512 f85e4f07cf843c35c9d43d6f0f8fd6074c3e31dadedb5f55d1bd2acf8170644bf7636d414f541cb48e87af680af6806fd461b8cfbbc48d7638117bb75849bf42

C:\Windows\System\zFTEYIo.exe

MD5 61f026632ae059d75a92614dc8f3c017
SHA1 82072bdc7450043045ef59eadd3ccef853c69eb2
SHA256 15bdbe16af76c707a399fd39818f6e1e5b863e4835d41cbdd4e9489b0070cce6
SHA512 90888eba70236152b85ee1e4c78bf0e4fad689f460bba1c3be4b117ba6d0acd776981ee9971fa569aa484ca27e39893bcbb84c99b7c12d8ddd9d0401c92d1d44

C:\Windows\System\lYiKRPC.exe

MD5 e3b86679fc968676090a92d941f4863f
SHA1 3178f9ae424df6e2a931f555f609e4330db947db
SHA256 25703d96fb991f8f5c29b7d719f861fb3283251ff6a354c2d3dda0af6c0adbd7
SHA512 250a53b35153cdbf7694ffd3984b7fd3e9c6fcd9f4678d6903db4079523f9d3407d4c8f080cdeeefce2763bd4bac2676db23347cfa90a75682415abfdf508eea

memory/1424-42-0x00007FF781AB0000-0x00007FF781EA6000-memory.dmp

memory/3824-41-0x00000295B8100000-0x00000295B8122000-memory.dmp

memory/3824-19-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

C:\Windows\System\kyIljpk.exe

MD5 79fe6e4344a7545ff22e14bc9fe9cf4a
SHA1 b9da6c33194e264247c790416d00c58e22d761d5
SHA256 6765ae8d0e943edfe02fdd44b2cb21e2cb2e11efbc7e02a881e9aeaf9c638b31
SHA512 8177a0b06b50a42c45334abdb5049f43549e460aed37a4fa31a941ea94374c0180ba39ff9ea68bba17b8ee5842a09a307cc03655a6240642854fe6c64087fa53

C:\Windows\System\KIoQRQV.exe

MD5 4016b43956c0cf7641a37e10b2c502e3
SHA1 a91c4e245bba079113f5f61b4ea57f55ecb18548
SHA256 bc2db11804ee91cb4ff5486c7efc47a31513cc6f4911c2a01a0a12b5b304604e
SHA512 d97300999445b307b210647d7ba9223c93fd0074aae35ba844a44e98bee39d60c69407261723176d24266a16e715de4e7e3119a4002c1c2c4a59910cc9ad901f

memory/2888-99-0x00007FF7F7760000-0x00007FF7F7B56000-memory.dmp

memory/3116-101-0x00007FF720000000-0x00007FF7203F6000-memory.dmp

C:\Windows\System\UxMhaeb.exe

MD5 d5d3b0680b61fe57dac3097bdb01d0b7
SHA1 b5ec2a43c78dc59afdf931c04f951c5fdff200ba
SHA256 1fbb95012df73bcac62db464bd17df49880e14b533ba3394ceba2d96c63f11eb
SHA512 a84979d09fcf5591398d24dae93fd6061fb27740d2a31e6d9e14d2ffe9739abc60e8f91b26e33a93973512cbcd02083ddce89f6682a4a4f3d64776c9a583d5ac

C:\Windows\System\FfgnNos.exe

MD5 18854b2d66c33b8c99b186aa59e5c999
SHA1 23c5f70d3c5cd8b48b51506696b273ca1490402e
SHA256 0ef163e33ef64a71be7b9fd1358dc63fb6d015af9dbb36e34cd1b03c5bbf84cc
SHA512 d7d2281e8431fe1d0716ef1a6be5d1add3d61919fec5207bf191d34396440793f484a200351558bf0a7b02535a7e7613c3af72d6414c914597ee0ab077d64883

memory/1412-112-0x00007FF77C180000-0x00007FF77C576000-memory.dmp

C:\Windows\System\QubnOvJ.exe

MD5 91e28f74a9b4d8452ead7018d3c2f7f9
SHA1 f81a5c4d5e52419ebf758feb11b14282aa9c14a8
SHA256 6972c2f1c75130484eb494186a309f6b619af8f5b49b336a9a4117c500be8455
SHA512 b581d295f969705615cda34be301f0eb63b0b104f18487bceb6bed66216976489b6ba3c3f5ae8551227ecc285f80ac8a8a24346d0c38dddadbc9916b925d6dcf

C:\Windows\System\zmfHrma.exe

MD5 9ffb3bec7b42bad094c2262b1937344f
SHA1 88083b853520ffdea2b8361307958f513cc408f3
SHA256 240bfc5a516e52151dae2ae094baf79f9e76167ea337c416e373e5b9370968c5
SHA512 30872c7841fcf2564793c74b59876aee1fdbd50d5cf31ff5ba31e2a9f52a9ea3dd9c1ff3d6b16457f838ab41b9087ee660325e21c0973ac3f388d744b365e157

C:\Windows\System\wVdPruI.exe

MD5 5a4760e36a23f043f97aa5bde7e1ee6e
SHA1 1209efcf188e71b40ba42892ca404cde1c3cfa88
SHA256 870f11260f158997e1239ef02bb81d3f1c0494b3001146af62ed48c98cafe595
SHA512 8b2e0000689bf4bb4bb7271df262eea6cdde7976eacba449df94fbfef7771f8a2409258545f25f0038865904c9d066960b1bea285901e2502b96b974dd3897d1

memory/3872-127-0x00007FF692300000-0x00007FF6926F6000-memory.dmp

memory/3136-128-0x00007FF6B11F0000-0x00007FF6B15E6000-memory.dmp

memory/2864-113-0x00007FF799910000-0x00007FF799D06000-memory.dmp

memory/3688-96-0x00007FF668A90000-0x00007FF668E86000-memory.dmp

C:\Windows\System\QoCMQRD.exe

MD5 300d6eb6df7ae3a902fe0b85544b7c4c
SHA1 cef4ae83d636504ca7ec5f5c2937096b34cf5707
SHA256 479787e7d3056e5cd57c576d2984f8e833e28327eaa76b7aae4ea90d1cab2d1a
SHA512 96205519e7fa2627d71c532d597de5ba5cb2cf497ecbd4588fa34f9156dfd261788a635eba56b73f2769e9f8a117c75471400809c3f7060e2d4f650903b7001d

C:\Windows\System\yjMdtdw.exe

MD5 880d792fc96561fc69cf84f07e1522f9
SHA1 38e9122ebca5e873ff5023fdc88e05ac49410c09
SHA256 e6e34bfc37f956af1148220f09b0a521bf1651444d9f55292657122a07c3941b
SHA512 41930eea346cd2cdc345465c4481a3372d230fc9e3da6333d9eb4bdf2ba3c27536bb315cc2f6b261e99c013733130d0ad36a74987d8d35f4cbccc71c26a409a9

memory/5072-151-0x00007FF7D24E0000-0x00007FF7D28D6000-memory.dmp

C:\Windows\System\innXFbP.exe

MD5 6e0de1dea1ecf7383550224f78af235e
SHA1 09a3a9cd069a2a5ead28f4e65062dcf4a2b0e3ce
SHA256 67c6636d89166f1eb2ad0c658ba96bc5540b72bd6576a1682cf6a0b7ca5a9ade
SHA512 784e9c27d1fef2e082349d6ea632754fef4ad877d1dcec5401355b6e4becf0b4548d9acffb5ad8a473266b12d317b5419683c2361f3f929738cb9cc9f5a07008

C:\Windows\System\CBvCQGa.exe

MD5 bd5157bdb5313e819ee1b72c0335d758
SHA1 96897b0f290f35d2c6f6e2dc9608e9f16cb3f326
SHA256 abb4d675dbf4be17d1c9ea652e20195c4588eab68d3e044f0e5a196fefbc25c7
SHA512 634217ca08939c2b82bb3993bedaccab30419ac002023a8151a646dcd91cc39945aee6ec3b625c3127201b72eb08d19da48ce38a586a3d45fc79c1c2e80928be

C:\Windows\System\xkwBPVz.exe

MD5 6d21c5637b0e1765dc32d0d930c4b4a7
SHA1 00bbb2e20727118fe31974b0860e7b138b70b9fc
SHA256 a2f59c7b4504761f65ad8796f5e30227dd3f1a4a2cadeb3d9f0f6278c2be2af9
SHA512 31d5aeacb82c259f4f4830706ac9de81e61d17689293613c91ad1f8dea4d8cf2f40f2806576cb49facfbc7d13dc1220d67f741e6f80b85f193132f84d2f96600

memory/416-165-0x00007FF757130000-0x00007FF757526000-memory.dmp

C:\Windows\System\mFwQtHH.exe

MD5 5d53b3d40c06c4d4bae7a302826c831a
SHA1 946462de7493ea150a429833f4f52554158acb4e
SHA256 5d1218b41f69af808d24c9fe975a3c34bc8b86dd751700cca0ef58bed6de6c3a
SHA512 a472b20384fcb5fb4e00e78e0b41d081d762ff471710ce4b3c4af515a8317f5fb913c14af34b9192d0d786c45935b6b2de76b7098b4096ed3ad76526479dcc0f

memory/3824-175-0x00000295D15B0000-0x00000295D1D56000-memory.dmp

C:\Windows\System\dXPDvEa.exe

MD5 f2132a917bf58894b9bbf0d1052ce971
SHA1 aa0c41c6f76700e59c1078323d4fd32712ba6a2a
SHA256 ccf114d5d5c554acfd308fb5517f342b4f1016f7c7be2d6ee89b850f9b2032dd
SHA512 cd94df97b9d1729bf14d8e7f8ee23509fccbcbf8871ed5764fcee7a8e44c5dea3031e0e8ad2569fce76dd75b6f12612c1feaf8a274ac39425485c34af9728957

memory/3824-182-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

memory/3284-176-0x00007FF777710000-0x00007FF777B06000-memory.dmp

memory/1256-170-0x00007FF697B60000-0x00007FF697F56000-memory.dmp

memory/3824-169-0x00007FFE98213000-0x00007FFE98215000-memory.dmp

memory/2928-166-0x00007FF6411D0000-0x00007FF6415C6000-memory.dmp

C:\Windows\System\giCHmoW.exe

MD5 46ee3271f0207e26e0aa19a04b233153
SHA1 5a6d49292870b635729c33bdf5938c57f2595801
SHA256 303d49aad22f00500c394447647ace3801a1eafe3427b0f7c9827c0f61121e80
SHA512 73961b63fa0812b265e158914f0b6f77361c9c73e1ed04b2f9b9d13015e6b3d36809ee31801f178b63233476bb19949497bc8e28d656f1b807a88d538a983a30

memory/3824-157-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

memory/4940-148-0x00007FF7CF0A0000-0x00007FF7CF496000-memory.dmp

memory/3748-146-0x00007FF6C09F0000-0x00007FF6C0DE6000-memory.dmp

C:\Windows\System\XhhHqdG.exe

MD5 36e22f5fd016cb354b29004dfcce2479
SHA1 2149fffc09bcd5619ee87066a72075dfeb849834
SHA256 abeb798d1413f8b2302756977dc9647665f8d813ac28d6289a674f66b06ec446
SHA512 2e5247691760c0e123982f05a50680d03cbdf01979222516038230e60af525234d8f57f964df1d1642590070d540ae6dfcecb33f0de432355bc55c50e9b3a55c

C:\Windows\System\CvqzYSo.exe

MD5 c12f7d0379ea8a0e39bef692d579d39f
SHA1 432d96753578f81675427d22ca58e2fb32a07641
SHA256 97e3e98bbf5afa3b368771490a0a2c305fda59070a2f38aba5f5bfaa8b1cecb1
SHA512 53881887d9341ff0d1028cf4a9c71669c168eb5c98e5e12f49c7148c88cb7aed3887e97922ab081b894470d3d91fe295b827214678b26694765425ac66297af6

C:\Windows\System\IWdbfQh.exe

MD5 b11cb344ff98dd6fad6ae16be771188e
SHA1 982db26aaf701424743f0c3ac4efd2eedb23b60d
SHA256 732c080f1b741e7d378bc600ef76153eb0b04f633593da7ef961d980cdd11c7f
SHA512 b3ab785f8dbdebdff60242b1a6d40e3e3467540e9e0391a1f56d28b1b0d866223a7f7a485ca2b30d17f740a7c8413cfab323ed7a5ee977a3a766554fb6d4213c

C:\Windows\System\DmPvpKv.exe

MD5 529aff2ab4c3ea8614b235c330106c16
SHA1 82340f04351a85e553d98fdebfde7ee9394ebe9d
SHA256 0c04abd6847a7265832c23944cb1a224f14d4fb7836626b635f56df515711663
SHA512 15fc3fcc6242eccecc7f2375eea6eee66ed9072f1cb97f60b25062be1ed1ab72dfd98db9b85eb851a0abb3d3469a0aad5b80f1fb087073e161c2a2da0be30858

C:\Windows\System\hIVsAFQ.exe

MD5 ca9b9fa561a402a36bee0a7ddb45e6c9
SHA1 a11c90e9ccd23a8279abc413d10b1425943a5cae
SHA256 d79444471da4004dcc5a144886b5aaabd4a777c6b62898c695f8504539e0b1a6
SHA512 d029941fb3266f12d0b2bd2922979f34aa3bfe24fe61275fca779ef02b823320ec2e0e9773a827107f7e2a1a8d95bd2108b9c396f48e940235a98887b0031cc3

memory/3688-506-0x00007FF668A90000-0x00007FF668E86000-memory.dmp

memory/2888-744-0x00007FF7F7760000-0x00007FF7F7B56000-memory.dmp

memory/3116-1275-0x00007FF720000000-0x00007FF7203F6000-memory.dmp

memory/1412-1277-0x00007FF77C180000-0x00007FF77C576000-memory.dmp

memory/2864-1874-0x00007FF799910000-0x00007FF799D06000-memory.dmp

memory/3136-2038-0x00007FF6B11F0000-0x00007FF6B15E6000-memory.dmp

memory/2084-2211-0x00007FF7E4940000-0x00007FF7E4D36000-memory.dmp

memory/688-2212-0x00007FF72D080000-0x00007FF72D476000-memory.dmp

memory/1424-2213-0x00007FF781AB0000-0x00007FF781EA6000-memory.dmp

memory/5012-2214-0x00007FF6871E0000-0x00007FF6875D6000-memory.dmp

memory/756-2215-0x00007FF601970000-0x00007FF601D66000-memory.dmp

memory/624-2216-0x00007FF77E820000-0x00007FF77EC16000-memory.dmp

memory/4796-2219-0x00007FF716B00000-0x00007FF716EF6000-memory.dmp

memory/1380-2218-0x00007FF7946F0000-0x00007FF794AE6000-memory.dmp

memory/3908-2217-0x00007FF693D60000-0x00007FF694156000-memory.dmp

memory/2108-2220-0x00007FF7EAB40000-0x00007FF7EAF36000-memory.dmp

memory/3284-2221-0x00007FF777710000-0x00007FF777B06000-memory.dmp

memory/3952-2222-0x00007FF6487F0000-0x00007FF648BE6000-memory.dmp

memory/3688-2223-0x00007FF668A90000-0x00007FF668E86000-memory.dmp

memory/3116-2224-0x00007FF720000000-0x00007FF7203F6000-memory.dmp

memory/2888-2225-0x00007FF7F7760000-0x00007FF7F7B56000-memory.dmp

memory/3872-2227-0x00007FF692300000-0x00007FF6926F6000-memory.dmp

memory/2864-2226-0x00007FF799910000-0x00007FF799D06000-memory.dmp

memory/1412-2228-0x00007FF77C180000-0x00007FF77C576000-memory.dmp

memory/3748-2230-0x00007FF6C09F0000-0x00007FF6C0DE6000-memory.dmp

memory/3136-2229-0x00007FF6B11F0000-0x00007FF6B15E6000-memory.dmp

memory/416-2233-0x00007FF757130000-0x00007FF757526000-memory.dmp

memory/4940-2232-0x00007FF7CF0A0000-0x00007FF7CF496000-memory.dmp

memory/2928-2231-0x00007FF6411D0000-0x00007FF6415C6000-memory.dmp

memory/1256-2234-0x00007FF697B60000-0x00007FF697F56000-memory.dmp