Malware Analysis Report

2025-04-19 18:53

Sample ID 240527-edljyafb3v
Target 1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe
SHA256 1b0f213d3a2e077ce0b02626356b4149e0305ff4b6bd727422a951379f51433b
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b0f213d3a2e077ce0b02626356b4149e0305ff4b6bd727422a951379f51433b

Threat Level: Known bad

The file 1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 03:49

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 03:49

Reported

2024-05-27 03:52

Platform

win7-20240221-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\YlRYQOm.exe N/A
N/A N/A C:\Windows\System\tpmYZiM.exe N/A
N/A N/A C:\Windows\System\vvHAMZM.exe N/A
N/A N/A C:\Windows\System\vkThjNL.exe N/A
N/A N/A C:\Windows\System\EDjxRsq.exe N/A
N/A N/A C:\Windows\System\ZSdygqy.exe N/A
N/A N/A C:\Windows\System\nPaHZuA.exe N/A
N/A N/A C:\Windows\System\ANGXOwe.exe N/A
N/A N/A C:\Windows\System\NEFcjtC.exe N/A
N/A N/A C:\Windows\System\suKetav.exe N/A
N/A N/A C:\Windows\System\kAuNgFO.exe N/A
N/A N/A C:\Windows\System\dBuJxDK.exe N/A
N/A N/A C:\Windows\System\GjJgyRr.exe N/A
N/A N/A C:\Windows\System\VeqKvhY.exe N/A
N/A N/A C:\Windows\System\dchyfnP.exe N/A
N/A N/A C:\Windows\System\VWUpELG.exe N/A
N/A N/A C:\Windows\System\FDTVHjz.exe N/A
N/A N/A C:\Windows\System\jQUDhqa.exe N/A
N/A N/A C:\Windows\System\HhHJmSZ.exe N/A
N/A N/A C:\Windows\System\TYdmFNp.exe N/A
N/A N/A C:\Windows\System\gbhaROp.exe N/A
N/A N/A C:\Windows\System\pdtBauV.exe N/A
N/A N/A C:\Windows\System\cwIAvXw.exe N/A
N/A N/A C:\Windows\System\PaCcNrq.exe N/A
N/A N/A C:\Windows\System\zQhswWN.exe N/A
N/A N/A C:\Windows\System\hZWCPLb.exe N/A
N/A N/A C:\Windows\System\TaKMEme.exe N/A
N/A N/A C:\Windows\System\OCWxiko.exe N/A
N/A N/A C:\Windows\System\jkhWWLw.exe N/A
N/A N/A C:\Windows\System\FHQeHiT.exe N/A
N/A N/A C:\Windows\System\rViMQTZ.exe N/A
N/A N/A C:\Windows\System\FSkGDgU.exe N/A
N/A N/A C:\Windows\System\rejZwIA.exe N/A
N/A N/A C:\Windows\System\aEMDVBX.exe N/A
N/A N/A C:\Windows\System\Nwgmmip.exe N/A
N/A N/A C:\Windows\System\ELWBXvn.exe N/A
N/A N/A C:\Windows\System\rJBHfli.exe N/A
N/A N/A C:\Windows\System\sjBCXmi.exe N/A
N/A N/A C:\Windows\System\TPtWpal.exe N/A
N/A N/A C:\Windows\System\lvOrpCE.exe N/A
N/A N/A C:\Windows\System\wodHkPe.exe N/A
N/A N/A C:\Windows\System\boTDePg.exe N/A
N/A N/A C:\Windows\System\xrdgppD.exe N/A
N/A N/A C:\Windows\System\IFsWRFO.exe N/A
N/A N/A C:\Windows\System\fLFniOv.exe N/A
N/A N/A C:\Windows\System\IUasVjP.exe N/A
N/A N/A C:\Windows\System\mojyIda.exe N/A
N/A N/A C:\Windows\System\MdPJXvu.exe N/A
N/A N/A C:\Windows\System\QMzCUnn.exe N/A
N/A N/A C:\Windows\System\ejjyaEE.exe N/A
N/A N/A C:\Windows\System\MRwLafz.exe N/A
N/A N/A C:\Windows\System\wtSMNgo.exe N/A
N/A N/A C:\Windows\System\QBNhLZO.exe N/A
N/A N/A C:\Windows\System\YzCXjrZ.exe N/A
N/A N/A C:\Windows\System\SECUWub.exe N/A
N/A N/A C:\Windows\System\fKOfkFK.exe N/A
N/A N/A C:\Windows\System\kxhXJuu.exe N/A
N/A N/A C:\Windows\System\blCsWEF.exe N/A
N/A N/A C:\Windows\System\RwBRmfD.exe N/A
N/A N/A C:\Windows\System\qJhIasd.exe N/A
N/A N/A C:\Windows\System\cOWuyjW.exe N/A
N/A N/A C:\Windows\System\fWpCHtQ.exe N/A
N/A N/A C:\Windows\System\gKUfHAm.exe N/A
N/A N/A C:\Windows\System\FiIABwL.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\mTUXqcC.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\Guzceki.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\luphVDH.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDUqrHr.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJyoAis.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQTXnMk.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\umDBKWS.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\riYGZKg.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxazBAY.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJcZIzD.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\eLshAYy.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\PxPTFta.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\xToghuM.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\JPjlsus.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\kBpMmag.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMBHmPY.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\LXgKWua.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\NJiCgdu.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\LwZUJQn.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\APZLaEP.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\XvOwWgN.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\jizMwRC.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\grZFvvs.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\vAxkacM.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\xszaRWN.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHVQxLM.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNQAxiY.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\WvvpTJh.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\urRPlUB.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\pmPQbWM.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\AlPhcDw.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLQqaSQ.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\tqFaWyy.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\HjbsOps.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\NRpPhLc.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqMKKlP.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\iEQOGGM.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\fkRIJAy.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\HYjMBtF.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\ittOHpL.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\JFeQJHc.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmqKRcS.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulAdiez.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\QEGWsUc.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\xaHvRGD.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\TIaNoik.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwcXftU.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\mASbthA.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\tIJShJX.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrjwAGz.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\btQBoCd.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\fqDpFif.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAMFhjt.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\LgEdNiU.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\nUJcsJK.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyqYNWR.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\FUbsdkr.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJXOLEz.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\CcEuFSL.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXOeAyd.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoamiTE.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\dMJEfGH.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXlWJFj.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\MynOkxL.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2528 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2528 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2528 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2528 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\YlRYQOm.exe
PID 2528 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\YlRYQOm.exe
PID 2528 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\YlRYQOm.exe
PID 2528 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\tpmYZiM.exe
PID 2528 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\tpmYZiM.exe
PID 2528 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\tpmYZiM.exe
PID 2528 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vvHAMZM.exe
PID 2528 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vvHAMZM.exe
PID 2528 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vvHAMZM.exe
PID 2528 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vkThjNL.exe
PID 2528 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vkThjNL.exe
PID 2528 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vkThjNL.exe
PID 2528 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\EDjxRsq.exe
PID 2528 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\EDjxRsq.exe
PID 2528 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\EDjxRsq.exe
PID 2528 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ZSdygqy.exe
PID 2528 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ZSdygqy.exe
PID 2528 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ZSdygqy.exe
PID 2528 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\nPaHZuA.exe
PID 2528 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\nPaHZuA.exe
PID 2528 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\nPaHZuA.exe
PID 2528 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ANGXOwe.exe
PID 2528 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ANGXOwe.exe
PID 2528 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ANGXOwe.exe
PID 2528 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\NEFcjtC.exe
PID 2528 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\NEFcjtC.exe
PID 2528 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\NEFcjtC.exe
PID 2528 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\suKetav.exe
PID 2528 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\suKetav.exe
PID 2528 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\suKetav.exe
PID 2528 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\kAuNgFO.exe
PID 2528 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\kAuNgFO.exe
PID 2528 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\kAuNgFO.exe
PID 2528 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dBuJxDK.exe
PID 2528 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dBuJxDK.exe
PID 2528 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dBuJxDK.exe
PID 2528 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\GjJgyRr.exe
PID 2528 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\GjJgyRr.exe
PID 2528 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\GjJgyRr.exe
PID 2528 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\TYdmFNp.exe
PID 2528 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\TYdmFNp.exe
PID 2528 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\TYdmFNp.exe
PID 2528 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VeqKvhY.exe
PID 2528 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VeqKvhY.exe
PID 2528 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VeqKvhY.exe
PID 2528 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\gbhaROp.exe
PID 2528 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\gbhaROp.exe
PID 2528 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\gbhaROp.exe
PID 2528 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dchyfnP.exe
PID 2528 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dchyfnP.exe
PID 2528 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dchyfnP.exe
PID 2528 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\pdtBauV.exe
PID 2528 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\pdtBauV.exe
PID 2528 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\pdtBauV.exe
PID 2528 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VWUpELG.exe
PID 2528 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VWUpELG.exe
PID 2528 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VWUpELG.exe
PID 2528 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\cwIAvXw.exe
PID 2528 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\cwIAvXw.exe
PID 2528 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\cwIAvXw.exe
PID 2528 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\FDTVHjz.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\YlRYQOm.exe

C:\Windows\System\YlRYQOm.exe

C:\Windows\System\tpmYZiM.exe

C:\Windows\System\tpmYZiM.exe

C:\Windows\System\vvHAMZM.exe

C:\Windows\System\vvHAMZM.exe

C:\Windows\System\vkThjNL.exe

C:\Windows\System\vkThjNL.exe

C:\Windows\System\EDjxRsq.exe

C:\Windows\System\EDjxRsq.exe

C:\Windows\System\ZSdygqy.exe

C:\Windows\System\ZSdygqy.exe

C:\Windows\System\nPaHZuA.exe

C:\Windows\System\nPaHZuA.exe

C:\Windows\System\ANGXOwe.exe

C:\Windows\System\ANGXOwe.exe

C:\Windows\System\NEFcjtC.exe

C:\Windows\System\NEFcjtC.exe

C:\Windows\System\suKetav.exe

C:\Windows\System\suKetav.exe

C:\Windows\System\kAuNgFO.exe

C:\Windows\System\kAuNgFO.exe

C:\Windows\System\dBuJxDK.exe

C:\Windows\System\dBuJxDK.exe

C:\Windows\System\GjJgyRr.exe

C:\Windows\System\GjJgyRr.exe

C:\Windows\System\TYdmFNp.exe

C:\Windows\System\TYdmFNp.exe

C:\Windows\System\VeqKvhY.exe

C:\Windows\System\VeqKvhY.exe

C:\Windows\System\gbhaROp.exe

C:\Windows\System\gbhaROp.exe

C:\Windows\System\dchyfnP.exe

C:\Windows\System\dchyfnP.exe

C:\Windows\System\pdtBauV.exe

C:\Windows\System\pdtBauV.exe

C:\Windows\System\VWUpELG.exe

C:\Windows\System\VWUpELG.exe

C:\Windows\System\cwIAvXw.exe

C:\Windows\System\cwIAvXw.exe

C:\Windows\System\FDTVHjz.exe

C:\Windows\System\FDTVHjz.exe

C:\Windows\System\PaCcNrq.exe

C:\Windows\System\PaCcNrq.exe

C:\Windows\System\jQUDhqa.exe

C:\Windows\System\jQUDhqa.exe

C:\Windows\System\zQhswWN.exe

C:\Windows\System\zQhswWN.exe

C:\Windows\System\HhHJmSZ.exe

C:\Windows\System\HhHJmSZ.exe

C:\Windows\System\hZWCPLb.exe

C:\Windows\System\hZWCPLb.exe

C:\Windows\System\TaKMEme.exe

C:\Windows\System\TaKMEme.exe

C:\Windows\System\RwBRmfD.exe

C:\Windows\System\RwBRmfD.exe

C:\Windows\System\OCWxiko.exe

C:\Windows\System\OCWxiko.exe

C:\Windows\System\qJhIasd.exe

C:\Windows\System\qJhIasd.exe

C:\Windows\System\jkhWWLw.exe

C:\Windows\System\jkhWWLw.exe

C:\Windows\System\cOWuyjW.exe

C:\Windows\System\cOWuyjW.exe

C:\Windows\System\FHQeHiT.exe

C:\Windows\System\FHQeHiT.exe

C:\Windows\System\fWpCHtQ.exe

C:\Windows\System\fWpCHtQ.exe

C:\Windows\System\rViMQTZ.exe

C:\Windows\System\rViMQTZ.exe

C:\Windows\System\gKUfHAm.exe

C:\Windows\System\gKUfHAm.exe

C:\Windows\System\FSkGDgU.exe

C:\Windows\System\FSkGDgU.exe

C:\Windows\System\FiIABwL.exe

C:\Windows\System\FiIABwL.exe

C:\Windows\System\rejZwIA.exe

C:\Windows\System\rejZwIA.exe

C:\Windows\System\vKciekM.exe

C:\Windows\System\vKciekM.exe

C:\Windows\System\aEMDVBX.exe

C:\Windows\System\aEMDVBX.exe

C:\Windows\System\tfkJERp.exe

C:\Windows\System\tfkJERp.exe

C:\Windows\System\Nwgmmip.exe

C:\Windows\System\Nwgmmip.exe

C:\Windows\System\LDHcWgl.exe

C:\Windows\System\LDHcWgl.exe

C:\Windows\System\ELWBXvn.exe

C:\Windows\System\ELWBXvn.exe

C:\Windows\System\EkpXiSH.exe

C:\Windows\System\EkpXiSH.exe

C:\Windows\System\rJBHfli.exe

C:\Windows\System\rJBHfli.exe

C:\Windows\System\ZsrLHSm.exe

C:\Windows\System\ZsrLHSm.exe

C:\Windows\System\sjBCXmi.exe

C:\Windows\System\sjBCXmi.exe

C:\Windows\System\cQEokNb.exe

C:\Windows\System\cQEokNb.exe

C:\Windows\System\TPtWpal.exe

C:\Windows\System\TPtWpal.exe

C:\Windows\System\FErbgsW.exe

C:\Windows\System\FErbgsW.exe

C:\Windows\System\lvOrpCE.exe

C:\Windows\System\lvOrpCE.exe

C:\Windows\System\KDJbGnU.exe

C:\Windows\System\KDJbGnU.exe

C:\Windows\System\wodHkPe.exe

C:\Windows\System\wodHkPe.exe

C:\Windows\System\iYnEWtx.exe

C:\Windows\System\iYnEWtx.exe

C:\Windows\System\boTDePg.exe

C:\Windows\System\boTDePg.exe

C:\Windows\System\jPyDdlT.exe

C:\Windows\System\jPyDdlT.exe

C:\Windows\System\xrdgppD.exe

C:\Windows\System\xrdgppD.exe

C:\Windows\System\eumLDpX.exe

C:\Windows\System\eumLDpX.exe

C:\Windows\System\IFsWRFO.exe

C:\Windows\System\IFsWRFO.exe

C:\Windows\System\APZLaEP.exe

C:\Windows\System\APZLaEP.exe

C:\Windows\System\fLFniOv.exe

C:\Windows\System\fLFniOv.exe

C:\Windows\System\OZTLQWy.exe

C:\Windows\System\OZTLQWy.exe

C:\Windows\System\IUasVjP.exe

C:\Windows\System\IUasVjP.exe

C:\Windows\System\wouXtok.exe

C:\Windows\System\wouXtok.exe

C:\Windows\System\mojyIda.exe

C:\Windows\System\mojyIda.exe

C:\Windows\System\nPXEwoN.exe

C:\Windows\System\nPXEwoN.exe

C:\Windows\System\MdPJXvu.exe

C:\Windows\System\MdPJXvu.exe

C:\Windows\System\fMypwfX.exe

C:\Windows\System\fMypwfX.exe

C:\Windows\System\QMzCUnn.exe

C:\Windows\System\QMzCUnn.exe

C:\Windows\System\KcbxhiN.exe

C:\Windows\System\KcbxhiN.exe

C:\Windows\System\ejjyaEE.exe

C:\Windows\System\ejjyaEE.exe

C:\Windows\System\BuTeGes.exe

C:\Windows\System\BuTeGes.exe

C:\Windows\System\MRwLafz.exe

C:\Windows\System\MRwLafz.exe

C:\Windows\System\XbdFLKH.exe

C:\Windows\System\XbdFLKH.exe

C:\Windows\System\wtSMNgo.exe

C:\Windows\System\wtSMNgo.exe

C:\Windows\System\QodamhF.exe

C:\Windows\System\QodamhF.exe

C:\Windows\System\QBNhLZO.exe

C:\Windows\System\QBNhLZO.exe

C:\Windows\System\kkePMYx.exe

C:\Windows\System\kkePMYx.exe

C:\Windows\System\YzCXjrZ.exe

C:\Windows\System\YzCXjrZ.exe

C:\Windows\System\LrJfGlW.exe

C:\Windows\System\LrJfGlW.exe

C:\Windows\System\SECUWub.exe

C:\Windows\System\SECUWub.exe

C:\Windows\System\FFPVtis.exe

C:\Windows\System\FFPVtis.exe

C:\Windows\System\fKOfkFK.exe

C:\Windows\System\fKOfkFK.exe

C:\Windows\System\oMyoUOP.exe

C:\Windows\System\oMyoUOP.exe

C:\Windows\System\kxhXJuu.exe

C:\Windows\System\kxhXJuu.exe

C:\Windows\System\wyyZblx.exe

C:\Windows\System\wyyZblx.exe

C:\Windows\System\blCsWEF.exe

C:\Windows\System\blCsWEF.exe

C:\Windows\System\WldOhhy.exe

C:\Windows\System\WldOhhy.exe

C:\Windows\System\mzFzrSZ.exe

C:\Windows\System\mzFzrSZ.exe

C:\Windows\System\KXMujJh.exe

C:\Windows\System\KXMujJh.exe

C:\Windows\System\bPMfJUe.exe

C:\Windows\System\bPMfJUe.exe

C:\Windows\System\DrSxbgr.exe

C:\Windows\System\DrSxbgr.exe

C:\Windows\System\ZugEpWW.exe

C:\Windows\System\ZugEpWW.exe

C:\Windows\System\ZJTUwpZ.exe

C:\Windows\System\ZJTUwpZ.exe

C:\Windows\System\RojZNuD.exe

C:\Windows\System\RojZNuD.exe

C:\Windows\System\mswNlLH.exe

C:\Windows\System\mswNlLH.exe

C:\Windows\System\QpYaKvq.exe

C:\Windows\System\QpYaKvq.exe

C:\Windows\System\IQeQYRf.exe

C:\Windows\System\IQeQYRf.exe

C:\Windows\System\XZpYAUG.exe

C:\Windows\System\XZpYAUG.exe

C:\Windows\System\iiWNlHG.exe

C:\Windows\System\iiWNlHG.exe

C:\Windows\System\ujwIenj.exe

C:\Windows\System\ujwIenj.exe

C:\Windows\System\VkPIyms.exe

C:\Windows\System\VkPIyms.exe

C:\Windows\System\YeOqDhC.exe

C:\Windows\System\YeOqDhC.exe

C:\Windows\System\QEGWsUc.exe

C:\Windows\System\QEGWsUc.exe

C:\Windows\System\fjfmwaD.exe

C:\Windows\System\fjfmwaD.exe

C:\Windows\System\CNRlpMb.exe

C:\Windows\System\CNRlpMb.exe

C:\Windows\System\KAqBXig.exe

C:\Windows\System\KAqBXig.exe

C:\Windows\System\WYMgiHs.exe

C:\Windows\System\WYMgiHs.exe

C:\Windows\System\KJqcrBv.exe

C:\Windows\System\KJqcrBv.exe

C:\Windows\System\CzZJpak.exe

C:\Windows\System\CzZJpak.exe

C:\Windows\System\XYMdwBP.exe

C:\Windows\System\XYMdwBP.exe

C:\Windows\System\jRctxUP.exe

C:\Windows\System\jRctxUP.exe

C:\Windows\System\VMllsFC.exe

C:\Windows\System\VMllsFC.exe

C:\Windows\System\xXTrvaF.exe

C:\Windows\System\xXTrvaF.exe

C:\Windows\System\QczaJaR.exe

C:\Windows\System\QczaJaR.exe

C:\Windows\System\aDrVxZo.exe

C:\Windows\System\aDrVxZo.exe

C:\Windows\System\KSuXqpy.exe

C:\Windows\System\KSuXqpy.exe

C:\Windows\System\HdfIaAl.exe

C:\Windows\System\HdfIaAl.exe

C:\Windows\System\AYWALqJ.exe

C:\Windows\System\AYWALqJ.exe

C:\Windows\System\OEClONU.exe

C:\Windows\System\OEClONU.exe

C:\Windows\System\LZCcAHo.exe

C:\Windows\System\LZCcAHo.exe

C:\Windows\System\xRCBrNG.exe

C:\Windows\System\xRCBrNG.exe

C:\Windows\System\SUZUhFQ.exe

C:\Windows\System\SUZUhFQ.exe

C:\Windows\System\qAxFSZK.exe

C:\Windows\System\qAxFSZK.exe

C:\Windows\System\pomkiEM.exe

C:\Windows\System\pomkiEM.exe

C:\Windows\System\OhxjtCU.exe

C:\Windows\System\OhxjtCU.exe

C:\Windows\System\IHjiLLa.exe

C:\Windows\System\IHjiLLa.exe

C:\Windows\System\TpItEiD.exe

C:\Windows\System\TpItEiD.exe

C:\Windows\System\zcsvOmn.exe

C:\Windows\System\zcsvOmn.exe

C:\Windows\System\aXzEbEg.exe

C:\Windows\System\aXzEbEg.exe

C:\Windows\System\gipofBx.exe

C:\Windows\System\gipofBx.exe

C:\Windows\System\DuplItx.exe

C:\Windows\System\DuplItx.exe

C:\Windows\System\AgvJBjz.exe

C:\Windows\System\AgvJBjz.exe

C:\Windows\System\slNnrcE.exe

C:\Windows\System\slNnrcE.exe

C:\Windows\System\xyxmeEc.exe

C:\Windows\System\xyxmeEc.exe

C:\Windows\System\LseSGmo.exe

C:\Windows\System\LseSGmo.exe

C:\Windows\System\klopbxH.exe

C:\Windows\System\klopbxH.exe

C:\Windows\System\zmryVjh.exe

C:\Windows\System\zmryVjh.exe

C:\Windows\System\PRNTTYx.exe

C:\Windows\System\PRNTTYx.exe

C:\Windows\System\DJMTwUv.exe

C:\Windows\System\DJMTwUv.exe

C:\Windows\System\GfkcMsF.exe

C:\Windows\System\GfkcMsF.exe

C:\Windows\System\sstPmqg.exe

C:\Windows\System\sstPmqg.exe

C:\Windows\System\OmfVcuh.exe

C:\Windows\System\OmfVcuh.exe

C:\Windows\System\ueAIRgG.exe

C:\Windows\System\ueAIRgG.exe

C:\Windows\System\EEWCnZH.exe

C:\Windows\System\EEWCnZH.exe

C:\Windows\System\kmszNDq.exe

C:\Windows\System\kmszNDq.exe

C:\Windows\System\pEHIrwZ.exe

C:\Windows\System\pEHIrwZ.exe

C:\Windows\System\vKhcfHe.exe

C:\Windows\System\vKhcfHe.exe

C:\Windows\System\PrTkSBL.exe

C:\Windows\System\PrTkSBL.exe

C:\Windows\System\xecpEod.exe

C:\Windows\System\xecpEod.exe

C:\Windows\System\WlgBCEX.exe

C:\Windows\System\WlgBCEX.exe

C:\Windows\System\MflddAs.exe

C:\Windows\System\MflddAs.exe

C:\Windows\System\rWSRkin.exe

C:\Windows\System\rWSRkin.exe

C:\Windows\System\yXvsqiE.exe

C:\Windows\System\yXvsqiE.exe

C:\Windows\System\xdARykE.exe

C:\Windows\System\xdARykE.exe

C:\Windows\System\aoCAtiP.exe

C:\Windows\System\aoCAtiP.exe

C:\Windows\System\qgbMRjN.exe

C:\Windows\System\qgbMRjN.exe

C:\Windows\System\bCxiAfZ.exe

C:\Windows\System\bCxiAfZ.exe

C:\Windows\System\ohimnxV.exe

C:\Windows\System\ohimnxV.exe

C:\Windows\System\WcUXKRa.exe

C:\Windows\System\WcUXKRa.exe

C:\Windows\System\ELMfqQw.exe

C:\Windows\System\ELMfqQw.exe

C:\Windows\System\axIXzJJ.exe

C:\Windows\System\axIXzJJ.exe

C:\Windows\System\RbvJcFb.exe

C:\Windows\System\RbvJcFb.exe

C:\Windows\System\WSfYKpj.exe

C:\Windows\System\WSfYKpj.exe

C:\Windows\System\nEgskPI.exe

C:\Windows\System\nEgskPI.exe

C:\Windows\System\LZsttpO.exe

C:\Windows\System\LZsttpO.exe

C:\Windows\System\RhPiZrf.exe

C:\Windows\System\RhPiZrf.exe

C:\Windows\System\cHCHTOa.exe

C:\Windows\System\cHCHTOa.exe

C:\Windows\System\GATFEWK.exe

C:\Windows\System\GATFEWK.exe

C:\Windows\System\MoTKKCV.exe

C:\Windows\System\MoTKKCV.exe

C:\Windows\System\lrULilR.exe

C:\Windows\System\lrULilR.exe

C:\Windows\System\DJwmmXv.exe

C:\Windows\System\DJwmmXv.exe

C:\Windows\System\rOTZYqV.exe

C:\Windows\System\rOTZYqV.exe

C:\Windows\System\AEcPLWV.exe

C:\Windows\System\AEcPLWV.exe

C:\Windows\System\YBHJRCZ.exe

C:\Windows\System\YBHJRCZ.exe

C:\Windows\System\VsxeBLr.exe

C:\Windows\System\VsxeBLr.exe

C:\Windows\System\PLomKYr.exe

C:\Windows\System\PLomKYr.exe

C:\Windows\System\DyDoPzS.exe

C:\Windows\System\DyDoPzS.exe

C:\Windows\System\VrFtAXu.exe

C:\Windows\System\VrFtAXu.exe

C:\Windows\System\cXcYVpl.exe

C:\Windows\System\cXcYVpl.exe

C:\Windows\System\HYjMBtF.exe

C:\Windows\System\HYjMBtF.exe

C:\Windows\System\tksMNwI.exe

C:\Windows\System\tksMNwI.exe

C:\Windows\System\YAEBaDH.exe

C:\Windows\System\YAEBaDH.exe

C:\Windows\System\iGnmauc.exe

C:\Windows\System\iGnmauc.exe

C:\Windows\System\OxbgMFs.exe

C:\Windows\System\OxbgMFs.exe

C:\Windows\System\KFoQrGq.exe

C:\Windows\System\KFoQrGq.exe

C:\Windows\System\ABEpQhB.exe

C:\Windows\System\ABEpQhB.exe

C:\Windows\System\bSFEKAK.exe

C:\Windows\System\bSFEKAK.exe

C:\Windows\System\ZAnqCIW.exe

C:\Windows\System\ZAnqCIW.exe

C:\Windows\System\GjvWBiR.exe

C:\Windows\System\GjvWBiR.exe

C:\Windows\System\lXYlFNH.exe

C:\Windows\System\lXYlFNH.exe

C:\Windows\System\LBcGaJq.exe

C:\Windows\System\LBcGaJq.exe

C:\Windows\System\YpzYoKZ.exe

C:\Windows\System\YpzYoKZ.exe

C:\Windows\System\XebRGft.exe

C:\Windows\System\XebRGft.exe

C:\Windows\System\IkALDMQ.exe

C:\Windows\System\IkALDMQ.exe

C:\Windows\System\KMtPJGx.exe

C:\Windows\System\KMtPJGx.exe

C:\Windows\System\LZrqGoM.exe

C:\Windows\System\LZrqGoM.exe

C:\Windows\System\mMFLADa.exe

C:\Windows\System\mMFLADa.exe

C:\Windows\System\nJGnbTa.exe

C:\Windows\System\nJGnbTa.exe

C:\Windows\System\VpeQALs.exe

C:\Windows\System\VpeQALs.exe

C:\Windows\System\FvhGPbP.exe

C:\Windows\System\FvhGPbP.exe

C:\Windows\System\SgttQal.exe

C:\Windows\System\SgttQal.exe

C:\Windows\System\mLOdobB.exe

C:\Windows\System\mLOdobB.exe

C:\Windows\System\CKfhKcv.exe

C:\Windows\System\CKfhKcv.exe

C:\Windows\System\zafIFkm.exe

C:\Windows\System\zafIFkm.exe

C:\Windows\System\wqxuDEA.exe

C:\Windows\System\wqxuDEA.exe

C:\Windows\System\myccdKa.exe

C:\Windows\System\myccdKa.exe

C:\Windows\System\hwXoCXi.exe

C:\Windows\System\hwXoCXi.exe

C:\Windows\System\qlDrWRg.exe

C:\Windows\System\qlDrWRg.exe

C:\Windows\System\SnWeJam.exe

C:\Windows\System\SnWeJam.exe

C:\Windows\System\QcmkRzs.exe

C:\Windows\System\QcmkRzs.exe

C:\Windows\System\pIQuvOi.exe

C:\Windows\System\pIQuvOi.exe

C:\Windows\System\OVsxTbL.exe

C:\Windows\System\OVsxTbL.exe

C:\Windows\System\nfQsEvo.exe

C:\Windows\System\nfQsEvo.exe

C:\Windows\System\LxODPnq.exe

C:\Windows\System\LxODPnq.exe

C:\Windows\System\qTDbIii.exe

C:\Windows\System\qTDbIii.exe

C:\Windows\System\EzhdMaN.exe

C:\Windows\System\EzhdMaN.exe

C:\Windows\System\ROyMgRt.exe

C:\Windows\System\ROyMgRt.exe

C:\Windows\System\wJFyqlZ.exe

C:\Windows\System\wJFyqlZ.exe

C:\Windows\System\EmqjIWU.exe

C:\Windows\System\EmqjIWU.exe

C:\Windows\System\FnykJCC.exe

C:\Windows\System\FnykJCC.exe

C:\Windows\System\qRETzBc.exe

C:\Windows\System\qRETzBc.exe

C:\Windows\System\FjgPZed.exe

C:\Windows\System\FjgPZed.exe

C:\Windows\System\CzubtgR.exe

C:\Windows\System\CzubtgR.exe

C:\Windows\System\uopjFAN.exe

C:\Windows\System\uopjFAN.exe

C:\Windows\System\KulKSXd.exe

C:\Windows\System\KulKSXd.exe

C:\Windows\System\QiTpfiH.exe

C:\Windows\System\QiTpfiH.exe

C:\Windows\System\YORBzAi.exe

C:\Windows\System\YORBzAi.exe

C:\Windows\System\bRUBMmb.exe

C:\Windows\System\bRUBMmb.exe

C:\Windows\System\qvbpLPJ.exe

C:\Windows\System\qvbpLPJ.exe

C:\Windows\System\gdMzcTS.exe

C:\Windows\System\gdMzcTS.exe

C:\Windows\System\RZjTFFM.exe

C:\Windows\System\RZjTFFM.exe

C:\Windows\System\dKhEzqL.exe

C:\Windows\System\dKhEzqL.exe

C:\Windows\System\oHFtfSu.exe

C:\Windows\System\oHFtfSu.exe

C:\Windows\System\JwYFIpl.exe

C:\Windows\System\JwYFIpl.exe

C:\Windows\System\vuvBKQI.exe

C:\Windows\System\vuvBKQI.exe

C:\Windows\System\TCsUCqU.exe

C:\Windows\System\TCsUCqU.exe

C:\Windows\System\zjFPWrP.exe

C:\Windows\System\zjFPWrP.exe

C:\Windows\System\wHdHCqd.exe

C:\Windows\System\wHdHCqd.exe

C:\Windows\System\FVXREye.exe

C:\Windows\System\FVXREye.exe

C:\Windows\System\VUvPGQP.exe

C:\Windows\System\VUvPGQP.exe

C:\Windows\System\dKuJnRo.exe

C:\Windows\System\dKuJnRo.exe

C:\Windows\System\SgwvtnH.exe

C:\Windows\System\SgwvtnH.exe

C:\Windows\System\dnVdBDQ.exe

C:\Windows\System\dnVdBDQ.exe

C:\Windows\System\nOYLIPh.exe

C:\Windows\System\nOYLIPh.exe

C:\Windows\System\DxrOung.exe

C:\Windows\System\DxrOung.exe

C:\Windows\System\zwWYBnX.exe

C:\Windows\System\zwWYBnX.exe

C:\Windows\System\TLFBAeI.exe

C:\Windows\System\TLFBAeI.exe

C:\Windows\System\pQjegsb.exe

C:\Windows\System\pQjegsb.exe

C:\Windows\System\CgPYBSQ.exe

C:\Windows\System\CgPYBSQ.exe

C:\Windows\System\DFEiJGb.exe

C:\Windows\System\DFEiJGb.exe

C:\Windows\System\GspZzBQ.exe

C:\Windows\System\GspZzBQ.exe

C:\Windows\System\LVnWaOK.exe

C:\Windows\System\LVnWaOK.exe

C:\Windows\System\fgAkvqK.exe

C:\Windows\System\fgAkvqK.exe

C:\Windows\System\yqABUhC.exe

C:\Windows\System\yqABUhC.exe

C:\Windows\System\siNWifY.exe

C:\Windows\System\siNWifY.exe

C:\Windows\System\uYXXwjW.exe

C:\Windows\System\uYXXwjW.exe

C:\Windows\System\rZGvdgw.exe

C:\Windows\System\rZGvdgw.exe

C:\Windows\System\CEFUVaW.exe

C:\Windows\System\CEFUVaW.exe

C:\Windows\System\MuoBXYG.exe

C:\Windows\System\MuoBXYG.exe

C:\Windows\System\EiPPvwQ.exe

C:\Windows\System\EiPPvwQ.exe

C:\Windows\System\eFWaDpZ.exe

C:\Windows\System\eFWaDpZ.exe

C:\Windows\System\PszAUIG.exe

C:\Windows\System\PszAUIG.exe

C:\Windows\System\IfshNjI.exe

C:\Windows\System\IfshNjI.exe

C:\Windows\System\yPkClBn.exe

C:\Windows\System\yPkClBn.exe

C:\Windows\System\AzScrfC.exe

C:\Windows\System\AzScrfC.exe

C:\Windows\System\ibFKjKV.exe

C:\Windows\System\ibFKjKV.exe

C:\Windows\System\qfKhZHN.exe

C:\Windows\System\qfKhZHN.exe

C:\Windows\System\qwxCfPQ.exe

C:\Windows\System\qwxCfPQ.exe

C:\Windows\System\iGDkqea.exe

C:\Windows\System\iGDkqea.exe

C:\Windows\System\ptocPJd.exe

C:\Windows\System\ptocPJd.exe

C:\Windows\System\FspfibN.exe

C:\Windows\System\FspfibN.exe

C:\Windows\System\hReLTIn.exe

C:\Windows\System\hReLTIn.exe

C:\Windows\System\DBfCOfv.exe

C:\Windows\System\DBfCOfv.exe

C:\Windows\System\XObQJFK.exe

C:\Windows\System\XObQJFK.exe

C:\Windows\System\VWTNELk.exe

C:\Windows\System\VWTNELk.exe

C:\Windows\System\yjAsVeT.exe

C:\Windows\System\yjAsVeT.exe

C:\Windows\System\uTqyrbL.exe

C:\Windows\System\uTqyrbL.exe

C:\Windows\System\nREaIvb.exe

C:\Windows\System\nREaIvb.exe

C:\Windows\System\xlKAeNo.exe

C:\Windows\System\xlKAeNo.exe

C:\Windows\System\OrBxbaf.exe

C:\Windows\System\OrBxbaf.exe

C:\Windows\System\OiMBgCM.exe

C:\Windows\System\OiMBgCM.exe

C:\Windows\System\vscGJRm.exe

C:\Windows\System\vscGJRm.exe

C:\Windows\System\RgWUnoX.exe

C:\Windows\System\RgWUnoX.exe

C:\Windows\System\TSkqeHF.exe

C:\Windows\System\TSkqeHF.exe

C:\Windows\System\ODpXdbz.exe

C:\Windows\System\ODpXdbz.exe

C:\Windows\System\YkLJgJK.exe

C:\Windows\System\YkLJgJK.exe

C:\Windows\System\XbeHvGX.exe

C:\Windows\System\XbeHvGX.exe

C:\Windows\System\cCwmGFK.exe

C:\Windows\System\cCwmGFK.exe

C:\Windows\System\eciHmHj.exe

C:\Windows\System\eciHmHj.exe

C:\Windows\System\YIpwwic.exe

C:\Windows\System\YIpwwic.exe

C:\Windows\System\KiZuxiG.exe

C:\Windows\System\KiZuxiG.exe

C:\Windows\System\WijHQbr.exe

C:\Windows\System\WijHQbr.exe

C:\Windows\System\mDfcTlX.exe

C:\Windows\System\mDfcTlX.exe

C:\Windows\System\icFKDpK.exe

C:\Windows\System\icFKDpK.exe

C:\Windows\System\WgqutrR.exe

C:\Windows\System\WgqutrR.exe

C:\Windows\System\NXtyMrt.exe

C:\Windows\System\NXtyMrt.exe

C:\Windows\System\PJClJlc.exe

C:\Windows\System\PJClJlc.exe

C:\Windows\System\iTNCEMZ.exe

C:\Windows\System\iTNCEMZ.exe

C:\Windows\System\hLxBIcW.exe

C:\Windows\System\hLxBIcW.exe

C:\Windows\System\JbUEkgV.exe

C:\Windows\System\JbUEkgV.exe

C:\Windows\System\PQUbRvr.exe

C:\Windows\System\PQUbRvr.exe

C:\Windows\System\iIbyxvj.exe

C:\Windows\System\iIbyxvj.exe

C:\Windows\System\tkcQVuO.exe

C:\Windows\System\tkcQVuO.exe

C:\Windows\System\kaZDhPe.exe

C:\Windows\System\kaZDhPe.exe

C:\Windows\System\RNFwMdU.exe

C:\Windows\System\RNFwMdU.exe

C:\Windows\System\wXtTRUD.exe

C:\Windows\System\wXtTRUD.exe

C:\Windows\System\JvaWHbR.exe

C:\Windows\System\JvaWHbR.exe

C:\Windows\System\pggCkDy.exe

C:\Windows\System\pggCkDy.exe

C:\Windows\System\yssQKLb.exe

C:\Windows\System\yssQKLb.exe

C:\Windows\System\kkEXIRt.exe

C:\Windows\System\kkEXIRt.exe

C:\Windows\System\VGZMVzb.exe

C:\Windows\System\VGZMVzb.exe

C:\Windows\System\BMcfKyH.exe

C:\Windows\System\BMcfKyH.exe

C:\Windows\System\ZYNxfEg.exe

C:\Windows\System\ZYNxfEg.exe

C:\Windows\System\zrltJyQ.exe

C:\Windows\System\zrltJyQ.exe

C:\Windows\System\kyAKkII.exe

C:\Windows\System\kyAKkII.exe

C:\Windows\System\lqDqceY.exe

C:\Windows\System\lqDqceY.exe

C:\Windows\System\dOKiEvr.exe

C:\Windows\System\dOKiEvr.exe

C:\Windows\System\FWcmLXO.exe

C:\Windows\System\FWcmLXO.exe

C:\Windows\System\xGzqRVC.exe

C:\Windows\System\xGzqRVC.exe

C:\Windows\System\oiVWWPm.exe

C:\Windows\System\oiVWWPm.exe

C:\Windows\System\mJxKJLV.exe

C:\Windows\System\mJxKJLV.exe

C:\Windows\System\EnAZhNE.exe

C:\Windows\System\EnAZhNE.exe

C:\Windows\System\JVWNhRR.exe

C:\Windows\System\JVWNhRR.exe

C:\Windows\System\cfqaBCF.exe

C:\Windows\System\cfqaBCF.exe

C:\Windows\System\upptgEu.exe

C:\Windows\System\upptgEu.exe

C:\Windows\System\vwLzOof.exe

C:\Windows\System\vwLzOof.exe

C:\Windows\System\YwseVAj.exe

C:\Windows\System\YwseVAj.exe

C:\Windows\System\klkiNvC.exe

C:\Windows\System\klkiNvC.exe

C:\Windows\System\cSbFjbd.exe

C:\Windows\System\cSbFjbd.exe

C:\Windows\System\zdlbIuN.exe

C:\Windows\System\zdlbIuN.exe

C:\Windows\System\iMAGBUQ.exe

C:\Windows\System\iMAGBUQ.exe

C:\Windows\System\QjnYdwQ.exe

C:\Windows\System\QjnYdwQ.exe

C:\Windows\System\nYmFkop.exe

C:\Windows\System\nYmFkop.exe

C:\Windows\System\rRfZmFK.exe

C:\Windows\System\rRfZmFK.exe

C:\Windows\System\pvQRVew.exe

C:\Windows\System\pvQRVew.exe

C:\Windows\System\wzaekMT.exe

C:\Windows\System\wzaekMT.exe

C:\Windows\System\OHUDHfK.exe

C:\Windows\System\OHUDHfK.exe

C:\Windows\System\oqBOxAY.exe

C:\Windows\System\oqBOxAY.exe

C:\Windows\System\cVmNFfL.exe

C:\Windows\System\cVmNFfL.exe

C:\Windows\System\WtsQjPy.exe

C:\Windows\System\WtsQjPy.exe

C:\Windows\System\pldgcua.exe

C:\Windows\System\pldgcua.exe

C:\Windows\System\uCKWGai.exe

C:\Windows\System\uCKWGai.exe

C:\Windows\System\VxjNWMR.exe

C:\Windows\System\VxjNWMR.exe

C:\Windows\System\csDsgPQ.exe

C:\Windows\System\csDsgPQ.exe

C:\Windows\System\OiGuEpE.exe

C:\Windows\System\OiGuEpE.exe

C:\Windows\System\LtYtmSr.exe

C:\Windows\System\LtYtmSr.exe

C:\Windows\System\kuZGrpn.exe

C:\Windows\System\kuZGrpn.exe

C:\Windows\System\olCJUrt.exe

C:\Windows\System\olCJUrt.exe

C:\Windows\System\qKMWpNJ.exe

C:\Windows\System\qKMWpNJ.exe

C:\Windows\System\DScNgSx.exe

C:\Windows\System\DScNgSx.exe

C:\Windows\System\BeAWXlZ.exe

C:\Windows\System\BeAWXlZ.exe

C:\Windows\System\WvZcqaC.exe

C:\Windows\System\WvZcqaC.exe

C:\Windows\System\UJvYfli.exe

C:\Windows\System\UJvYfli.exe

C:\Windows\System\oDpqwDz.exe

C:\Windows\System\oDpqwDz.exe

C:\Windows\System\RyWUQas.exe

C:\Windows\System\RyWUQas.exe

C:\Windows\System\LjrPURl.exe

C:\Windows\System\LjrPURl.exe

C:\Windows\System\mSBqCEg.exe

C:\Windows\System\mSBqCEg.exe

C:\Windows\System\SnlRrBQ.exe

C:\Windows\System\SnlRrBQ.exe

C:\Windows\System\YuadkiS.exe

C:\Windows\System\YuadkiS.exe

C:\Windows\System\xyOnYvC.exe

C:\Windows\System\xyOnYvC.exe

C:\Windows\System\tQrObyw.exe

C:\Windows\System\tQrObyw.exe

C:\Windows\System\XEstzIx.exe

C:\Windows\System\XEstzIx.exe

C:\Windows\System\ScjClOW.exe

C:\Windows\System\ScjClOW.exe

C:\Windows\System\XEjursc.exe

C:\Windows\System\XEjursc.exe

C:\Windows\System\PjMWmDE.exe

C:\Windows\System\PjMWmDE.exe

C:\Windows\System\XWZCIvu.exe

C:\Windows\System\XWZCIvu.exe

C:\Windows\System\WtumBFI.exe

C:\Windows\System\WtumBFI.exe

C:\Windows\System\McEefDq.exe

C:\Windows\System\McEefDq.exe

C:\Windows\System\TVfkigm.exe

C:\Windows\System\TVfkigm.exe

C:\Windows\System\GsIzohi.exe

C:\Windows\System\GsIzohi.exe

C:\Windows\System\YUCBwib.exe

C:\Windows\System\YUCBwib.exe

C:\Windows\System\qycvRuZ.exe

C:\Windows\System\qycvRuZ.exe

C:\Windows\System\mBGtJqp.exe

C:\Windows\System\mBGtJqp.exe

C:\Windows\System\hltQRAc.exe

C:\Windows\System\hltQRAc.exe

C:\Windows\System\HUDKtci.exe

C:\Windows\System\HUDKtci.exe

C:\Windows\System\SXGkKdW.exe

C:\Windows\System\SXGkKdW.exe

C:\Windows\System\WwvsVEF.exe

C:\Windows\System\WwvsVEF.exe

C:\Windows\System\PiFgozU.exe

C:\Windows\System\PiFgozU.exe

C:\Windows\System\UIPQqOd.exe

C:\Windows\System\UIPQqOd.exe

C:\Windows\System\IfPDipn.exe

C:\Windows\System\IfPDipn.exe

C:\Windows\System\brpTYHT.exe

C:\Windows\System\brpTYHT.exe

C:\Windows\System\qRjMbTY.exe

C:\Windows\System\qRjMbTY.exe

C:\Windows\System\DMsxvco.exe

C:\Windows\System\DMsxvco.exe

C:\Windows\System\jJNAQMm.exe

C:\Windows\System\jJNAQMm.exe

C:\Windows\System\HdTWmkr.exe

C:\Windows\System\HdTWmkr.exe

C:\Windows\System\CggEgQi.exe

C:\Windows\System\CggEgQi.exe

C:\Windows\System\EHAWMQO.exe

C:\Windows\System\EHAWMQO.exe

C:\Windows\System\mwRuUeb.exe

C:\Windows\System\mwRuUeb.exe

C:\Windows\System\GzCPluQ.exe

C:\Windows\System\GzCPluQ.exe

C:\Windows\System\YnLjkFB.exe

C:\Windows\System\YnLjkFB.exe

C:\Windows\System\kflmfha.exe

C:\Windows\System\kflmfha.exe

C:\Windows\System\btakViR.exe

C:\Windows\System\btakViR.exe

C:\Windows\System\LZkGcll.exe

C:\Windows\System\LZkGcll.exe

C:\Windows\System\dtuWUiJ.exe

C:\Windows\System\dtuWUiJ.exe

C:\Windows\System\kxePVTo.exe

C:\Windows\System\kxePVTo.exe

C:\Windows\System\Netggnd.exe

C:\Windows\System\Netggnd.exe

C:\Windows\System\OwzNEzL.exe

C:\Windows\System\OwzNEzL.exe

C:\Windows\System\bwngBgQ.exe

C:\Windows\System\bwngBgQ.exe

C:\Windows\System\ujxvKmP.exe

C:\Windows\System\ujxvKmP.exe

C:\Windows\System\QfAJyEi.exe

C:\Windows\System\QfAJyEi.exe

C:\Windows\System\wQYaJpb.exe

C:\Windows\System\wQYaJpb.exe

C:\Windows\System\slwkLLm.exe

C:\Windows\System\slwkLLm.exe

C:\Windows\System\mXQyfkx.exe

C:\Windows\System\mXQyfkx.exe

C:\Windows\System\AXkturS.exe

C:\Windows\System\AXkturS.exe

C:\Windows\System\gpewAGs.exe

C:\Windows\System\gpewAGs.exe

C:\Windows\System\EiXEoDy.exe

C:\Windows\System\EiXEoDy.exe

C:\Windows\System\aTGcRbW.exe

C:\Windows\System\aTGcRbW.exe

C:\Windows\System\bQKeQLB.exe

C:\Windows\System\bQKeQLB.exe

C:\Windows\System\wGLdFOW.exe

C:\Windows\System\wGLdFOW.exe

C:\Windows\System\EnKreSf.exe

C:\Windows\System\EnKreSf.exe

C:\Windows\System\lcgJfbJ.exe

C:\Windows\System\lcgJfbJ.exe

C:\Windows\System\rIXlqYL.exe

C:\Windows\System\rIXlqYL.exe

C:\Windows\System\WQtggkv.exe

C:\Windows\System\WQtggkv.exe

C:\Windows\System\wItCcCO.exe

C:\Windows\System\wItCcCO.exe

C:\Windows\System\HPPZSbH.exe

C:\Windows\System\HPPZSbH.exe

C:\Windows\System\ytodECC.exe

C:\Windows\System\ytodECC.exe

C:\Windows\System\MTnzkdn.exe

C:\Windows\System\MTnzkdn.exe

C:\Windows\System\NJeoHAr.exe

C:\Windows\System\NJeoHAr.exe

C:\Windows\System\IDmPnYX.exe

C:\Windows\System\IDmPnYX.exe

C:\Windows\System\GUpHROE.exe

C:\Windows\System\GUpHROE.exe

C:\Windows\System\XTkvkbF.exe

C:\Windows\System\XTkvkbF.exe

C:\Windows\System\RPBSYHb.exe

C:\Windows\System\RPBSYHb.exe

C:\Windows\System\vCMCWBX.exe

C:\Windows\System\vCMCWBX.exe

C:\Windows\System\asZazsX.exe

C:\Windows\System\asZazsX.exe

C:\Windows\System\tTXceQx.exe

C:\Windows\System\tTXceQx.exe

C:\Windows\System\Vkwkpoc.exe

C:\Windows\System\Vkwkpoc.exe

C:\Windows\System\VOlNcKb.exe

C:\Windows\System\VOlNcKb.exe

C:\Windows\System\CZfceCs.exe

C:\Windows\System\CZfceCs.exe

C:\Windows\System\EsisWcP.exe

C:\Windows\System\EsisWcP.exe

C:\Windows\System\LICXzVr.exe

C:\Windows\System\LICXzVr.exe

C:\Windows\System\ncxTwpj.exe

C:\Windows\System\ncxTwpj.exe

C:\Windows\System\xzdYrDw.exe

C:\Windows\System\xzdYrDw.exe

C:\Windows\System\dRdlcJd.exe

C:\Windows\System\dRdlcJd.exe

C:\Windows\System\pMpvZOW.exe

C:\Windows\System\pMpvZOW.exe

C:\Windows\System\UsqdXGb.exe

C:\Windows\System\UsqdXGb.exe

C:\Windows\System\dwIMKqO.exe

C:\Windows\System\dwIMKqO.exe

C:\Windows\System\CkeFaWj.exe

C:\Windows\System\CkeFaWj.exe

C:\Windows\System\TFKCZGt.exe

C:\Windows\System\TFKCZGt.exe

C:\Windows\System\ybXHjhA.exe

C:\Windows\System\ybXHjhA.exe

C:\Windows\System\HcbgOzc.exe

C:\Windows\System\HcbgOzc.exe

C:\Windows\System\aEcfgKA.exe

C:\Windows\System\aEcfgKA.exe

C:\Windows\System\EkRSpwo.exe

C:\Windows\System\EkRSpwo.exe

C:\Windows\System\zjKEtlc.exe

C:\Windows\System\zjKEtlc.exe

C:\Windows\System\PEeGRps.exe

C:\Windows\System\PEeGRps.exe

C:\Windows\System\yyXiSwH.exe

C:\Windows\System\yyXiSwH.exe

C:\Windows\System\yVmbEKf.exe

C:\Windows\System\yVmbEKf.exe

C:\Windows\System\NkKuzbh.exe

C:\Windows\System\NkKuzbh.exe

C:\Windows\System\rvaJUdW.exe

C:\Windows\System\rvaJUdW.exe

C:\Windows\System\DApTAzn.exe

C:\Windows\System\DApTAzn.exe

C:\Windows\System\dvavqLr.exe

C:\Windows\System\dvavqLr.exe

C:\Windows\System\ZmGgQlo.exe

C:\Windows\System\ZmGgQlo.exe

C:\Windows\System\HCDvIMM.exe

C:\Windows\System\HCDvIMM.exe

C:\Windows\System\YqokbNl.exe

C:\Windows\System\YqokbNl.exe

C:\Windows\System\FzfMHIm.exe

C:\Windows\System\FzfMHIm.exe

C:\Windows\System\FHoVcaB.exe

C:\Windows\System\FHoVcaB.exe

C:\Windows\System\jbumfJr.exe

C:\Windows\System\jbumfJr.exe

C:\Windows\System\kYcNlsE.exe

C:\Windows\System\kYcNlsE.exe

C:\Windows\System\nIOBLeg.exe

C:\Windows\System\nIOBLeg.exe

C:\Windows\System\BKYuuED.exe

C:\Windows\System\BKYuuED.exe

C:\Windows\System\AJydYIV.exe

C:\Windows\System\AJydYIV.exe

C:\Windows\System\BmyVXaZ.exe

C:\Windows\System\BmyVXaZ.exe

C:\Windows\System\ukqPxBU.exe

C:\Windows\System\ukqPxBU.exe

C:\Windows\System\MhbnqKJ.exe

C:\Windows\System\MhbnqKJ.exe

C:\Windows\System\luPPIUx.exe

C:\Windows\System\luPPIUx.exe

C:\Windows\System\xSYWEUh.exe

C:\Windows\System\xSYWEUh.exe

C:\Windows\System\uJGUfGH.exe

C:\Windows\System\uJGUfGH.exe

C:\Windows\System\euKEqgb.exe

C:\Windows\System\euKEqgb.exe

C:\Windows\System\dWjEGkf.exe

C:\Windows\System\dWjEGkf.exe

C:\Windows\System\ZYhEbKi.exe

C:\Windows\System\ZYhEbKi.exe

C:\Windows\System\vvXCUif.exe

C:\Windows\System\vvXCUif.exe

C:\Windows\System\rwmDHaC.exe

C:\Windows\System\rwmDHaC.exe

C:\Windows\System\KWHcjsp.exe

C:\Windows\System\KWHcjsp.exe

C:\Windows\System\aSBlmRy.exe

C:\Windows\System\aSBlmRy.exe

C:\Windows\System\FMGERzb.exe

C:\Windows\System\FMGERzb.exe

C:\Windows\System\ebGJEkd.exe

C:\Windows\System\ebGJEkd.exe

C:\Windows\System\tfwyNkH.exe

C:\Windows\System\tfwyNkH.exe

C:\Windows\System\bUfdmrJ.exe

C:\Windows\System\bUfdmrJ.exe

C:\Windows\System\HWOMhbs.exe

C:\Windows\System\HWOMhbs.exe

C:\Windows\System\CicKfSk.exe

C:\Windows\System\CicKfSk.exe

C:\Windows\System\SOIidfK.exe

C:\Windows\System\SOIidfK.exe

C:\Windows\System\bpvvFPC.exe

C:\Windows\System\bpvvFPC.exe

C:\Windows\System\rNAIsFy.exe

C:\Windows\System\rNAIsFy.exe

C:\Windows\System\pHVcuwV.exe

C:\Windows\System\pHVcuwV.exe

C:\Windows\System\ZtoVfiV.exe

C:\Windows\System\ZtoVfiV.exe

C:\Windows\System\dCRMQCK.exe

C:\Windows\System\dCRMQCK.exe

C:\Windows\System\HqRXRwR.exe

C:\Windows\System\HqRXRwR.exe

C:\Windows\System\CswqmIr.exe

C:\Windows\System\CswqmIr.exe

C:\Windows\System\MnVuEdj.exe

C:\Windows\System\MnVuEdj.exe

C:\Windows\System\AOnwBZE.exe

C:\Windows\System\AOnwBZE.exe

C:\Windows\System\XxjjxIb.exe

C:\Windows\System\XxjjxIb.exe

C:\Windows\System\PzSUPwH.exe

C:\Windows\System\PzSUPwH.exe

C:\Windows\System\JmyruGW.exe

C:\Windows\System\JmyruGW.exe

C:\Windows\System\pDOVkcf.exe

C:\Windows\System\pDOVkcf.exe

C:\Windows\System\JifNbZa.exe

C:\Windows\System\JifNbZa.exe

C:\Windows\System\dayDhVx.exe

C:\Windows\System\dayDhVx.exe

C:\Windows\System\WcbBubn.exe

C:\Windows\System\WcbBubn.exe

C:\Windows\System\JxbjfkK.exe

C:\Windows\System\JxbjfkK.exe

C:\Windows\System\lpvpZfd.exe

C:\Windows\System\lpvpZfd.exe

C:\Windows\System\MVetuJp.exe

C:\Windows\System\MVetuJp.exe

C:\Windows\System\XDjHktV.exe

C:\Windows\System\XDjHktV.exe

C:\Windows\System\yZvxqWB.exe

C:\Windows\System\yZvxqWB.exe

C:\Windows\System\AGzRzeg.exe

C:\Windows\System\AGzRzeg.exe

C:\Windows\System\VdgjIir.exe

C:\Windows\System\VdgjIir.exe

C:\Windows\System\RGkrQqz.exe

C:\Windows\System\RGkrQqz.exe

C:\Windows\System\MEBkcvI.exe

C:\Windows\System\MEBkcvI.exe

C:\Windows\System\qcQmZFE.exe

C:\Windows\System\qcQmZFE.exe

C:\Windows\System\JdwpYPE.exe

C:\Windows\System\JdwpYPE.exe

C:\Windows\System\kVFqgEq.exe

C:\Windows\System\kVFqgEq.exe

C:\Windows\System\KKJZPIK.exe

C:\Windows\System\KKJZPIK.exe

C:\Windows\System\BdNrlOE.exe

C:\Windows\System\BdNrlOE.exe

C:\Windows\System\xVhHaCW.exe

C:\Windows\System\xVhHaCW.exe

C:\Windows\System\fXVZCKO.exe

C:\Windows\System\fXVZCKO.exe

C:\Windows\System\yYLGSpI.exe

C:\Windows\System\yYLGSpI.exe

C:\Windows\System\BwRtjvY.exe

C:\Windows\System\BwRtjvY.exe

C:\Windows\System\akwvQww.exe

C:\Windows\System\akwvQww.exe

C:\Windows\System\nzGhUMh.exe

C:\Windows\System\nzGhUMh.exe

C:\Windows\System\OsgoBIW.exe

C:\Windows\System\OsgoBIW.exe

C:\Windows\System\PqTTfeM.exe

C:\Windows\System\PqTTfeM.exe

C:\Windows\System\KukrvTz.exe

C:\Windows\System\KukrvTz.exe

C:\Windows\System\LPbGzrO.exe

C:\Windows\System\LPbGzrO.exe

C:\Windows\System\kvYxbyj.exe

C:\Windows\System\kvYxbyj.exe

C:\Windows\System\ZMDCVmG.exe

C:\Windows\System\ZMDCVmG.exe

C:\Windows\System\gYlmXDb.exe

C:\Windows\System\gYlmXDb.exe

C:\Windows\System\uMfTdnh.exe

C:\Windows\System\uMfTdnh.exe

C:\Windows\System\xPecoAO.exe

C:\Windows\System\xPecoAO.exe

C:\Windows\System\bwUIeox.exe

C:\Windows\System\bwUIeox.exe

C:\Windows\System\KKjfByL.exe

C:\Windows\System\KKjfByL.exe

C:\Windows\System\mylvsgn.exe

C:\Windows\System\mylvsgn.exe

C:\Windows\System\IQjabeV.exe

C:\Windows\System\IQjabeV.exe

C:\Windows\System\sYAIKxc.exe

C:\Windows\System\sYAIKxc.exe

C:\Windows\System\ZNrQRdU.exe

C:\Windows\System\ZNrQRdU.exe

C:\Windows\System\IIjDeIj.exe

C:\Windows\System\IIjDeIj.exe

C:\Windows\System\WURvYCo.exe

C:\Windows\System\WURvYCo.exe

C:\Windows\System\yLAePTH.exe

C:\Windows\System\yLAePTH.exe

C:\Windows\System\Uqstztq.exe

C:\Windows\System\Uqstztq.exe

C:\Windows\System\XauMQtN.exe

C:\Windows\System\XauMQtN.exe

C:\Windows\System\ZKlmsLX.exe

C:\Windows\System\ZKlmsLX.exe

C:\Windows\System\nzHhicS.exe

C:\Windows\System\nzHhicS.exe

C:\Windows\System\ZdgDtzu.exe

C:\Windows\System\ZdgDtzu.exe

C:\Windows\System\pqppZiY.exe

C:\Windows\System\pqppZiY.exe

C:\Windows\System\ByaWahy.exe

C:\Windows\System\ByaWahy.exe

C:\Windows\System\dkvSXng.exe

C:\Windows\System\dkvSXng.exe

C:\Windows\System\pfmmohd.exe

C:\Windows\System\pfmmohd.exe

C:\Windows\System\qlFldYd.exe

C:\Windows\System\qlFldYd.exe

C:\Windows\System\xjWkkIi.exe

C:\Windows\System\xjWkkIi.exe

C:\Windows\System\xDxkDjh.exe

C:\Windows\System\xDxkDjh.exe

C:\Windows\System\gsFyfWz.exe

C:\Windows\System\gsFyfWz.exe

C:\Windows\System\SLtLWfI.exe

C:\Windows\System\SLtLWfI.exe

C:\Windows\System\zGwvPhT.exe

C:\Windows\System\zGwvPhT.exe

C:\Windows\System\fOQOzOX.exe

C:\Windows\System\fOQOzOX.exe

C:\Windows\System\CsVSIHj.exe

C:\Windows\System\CsVSIHj.exe

C:\Windows\System\GcDsEtz.exe

C:\Windows\System\GcDsEtz.exe

C:\Windows\System\FeLoOMB.exe

C:\Windows\System\FeLoOMB.exe

C:\Windows\System\CRKMAwF.exe

C:\Windows\System\CRKMAwF.exe

C:\Windows\System\UUvlnoX.exe

C:\Windows\System\UUvlnoX.exe

C:\Windows\System\ecIInUu.exe

C:\Windows\System\ecIInUu.exe

C:\Windows\System\HVrhVtm.exe

C:\Windows\System\HVrhVtm.exe

C:\Windows\System\CsTUAfO.exe

C:\Windows\System\CsTUAfO.exe

C:\Windows\System\UFFaJBu.exe

C:\Windows\System\UFFaJBu.exe

C:\Windows\System\XUbpXrh.exe

C:\Windows\System\XUbpXrh.exe

C:\Windows\System\HxVrztB.exe

C:\Windows\System\HxVrztB.exe

C:\Windows\System\BpHqrhH.exe

C:\Windows\System\BpHqrhH.exe

C:\Windows\System\iSxrhOo.exe

C:\Windows\System\iSxrhOo.exe

C:\Windows\System\oVurrup.exe

C:\Windows\System\oVurrup.exe

C:\Windows\System\IJWbduq.exe

C:\Windows\System\IJWbduq.exe

C:\Windows\System\ofvRdUw.exe

C:\Windows\System\ofvRdUw.exe

C:\Windows\System\VETjPnV.exe

C:\Windows\System\VETjPnV.exe

C:\Windows\System\zXIJwZk.exe

C:\Windows\System\zXIJwZk.exe

C:\Windows\System\JselEdW.exe

C:\Windows\System\JselEdW.exe

C:\Windows\System\YagWHyT.exe

C:\Windows\System\YagWHyT.exe

C:\Windows\System\dAuPsHu.exe

C:\Windows\System\dAuPsHu.exe

C:\Windows\System\wyszcRW.exe

C:\Windows\System\wyszcRW.exe

C:\Windows\System\eFeTTph.exe

C:\Windows\System\eFeTTph.exe

C:\Windows\System\nZzdHNT.exe

C:\Windows\System\nZzdHNT.exe

C:\Windows\System\sKebExH.exe

C:\Windows\System\sKebExH.exe

C:\Windows\System\wNZszrZ.exe

C:\Windows\System\wNZszrZ.exe

C:\Windows\System\nAoFokb.exe

C:\Windows\System\nAoFokb.exe

C:\Windows\System\yXOLmuI.exe

C:\Windows\System\yXOLmuI.exe

C:\Windows\System\QndzACW.exe

C:\Windows\System\QndzACW.exe

C:\Windows\System\BNTYpCF.exe

C:\Windows\System\BNTYpCF.exe

C:\Windows\System\YopHBXu.exe

C:\Windows\System\YopHBXu.exe

C:\Windows\System\FWKuzJf.exe

C:\Windows\System\FWKuzJf.exe

C:\Windows\System\EQrwFEx.exe

C:\Windows\System\EQrwFEx.exe

C:\Windows\System\LemimSr.exe

C:\Windows\System\LemimSr.exe

C:\Windows\System\bevaBeJ.exe

C:\Windows\System\bevaBeJ.exe

C:\Windows\System\xTxXdmE.exe

C:\Windows\System\xTxXdmE.exe

C:\Windows\System\GFuHRUU.exe

C:\Windows\System\GFuHRUU.exe

C:\Windows\System\WEXeyls.exe

C:\Windows\System\WEXeyls.exe

C:\Windows\System\RRgVpbv.exe

C:\Windows\System\RRgVpbv.exe

C:\Windows\System\TILOXlw.exe

C:\Windows\System\TILOXlw.exe

C:\Windows\System\ZcMiWKw.exe

C:\Windows\System\ZcMiWKw.exe

C:\Windows\System\ABkHTMp.exe

C:\Windows\System\ABkHTMp.exe

C:\Windows\System\WSrkPGu.exe

C:\Windows\System\WSrkPGu.exe

C:\Windows\System\SgdzUFU.exe

C:\Windows\System\SgdzUFU.exe

C:\Windows\System\nvswVdm.exe

C:\Windows\System\nvswVdm.exe

C:\Windows\System\SXZgLSX.exe

C:\Windows\System\SXZgLSX.exe

C:\Windows\System\YHndwKh.exe

C:\Windows\System\YHndwKh.exe

C:\Windows\System\PIgGcqY.exe

C:\Windows\System\PIgGcqY.exe

C:\Windows\System\TvcuBwm.exe

C:\Windows\System\TvcuBwm.exe

C:\Windows\System\TcqssmB.exe

C:\Windows\System\TcqssmB.exe

C:\Windows\System\ojWtPeS.exe

C:\Windows\System\ojWtPeS.exe

C:\Windows\System\VdGUFRK.exe

C:\Windows\System\VdGUFRK.exe

C:\Windows\System\WcGZArl.exe

C:\Windows\System\WcGZArl.exe

C:\Windows\System\wymIJlL.exe

C:\Windows\System\wymIJlL.exe

C:\Windows\System\wWYNlAf.exe

C:\Windows\System\wWYNlAf.exe

C:\Windows\System\mqHbFct.exe

C:\Windows\System\mqHbFct.exe

C:\Windows\System\aKqaaEt.exe

C:\Windows\System\aKqaaEt.exe

C:\Windows\System\XykcseA.exe

C:\Windows\System\XykcseA.exe

C:\Windows\System\atpWPGI.exe

C:\Windows\System\atpWPGI.exe

C:\Windows\System\gLreukL.exe

C:\Windows\System\gLreukL.exe

C:\Windows\System\SJYFAXk.exe

C:\Windows\System\SJYFAXk.exe

C:\Windows\System\dFjLNCo.exe

C:\Windows\System\dFjLNCo.exe

C:\Windows\System\aGoKUkT.exe

C:\Windows\System\aGoKUkT.exe

C:\Windows\System\eKLeObY.exe

C:\Windows\System\eKLeObY.exe

C:\Windows\System\KeotOjf.exe

C:\Windows\System\KeotOjf.exe

C:\Windows\System\JkThqSz.exe

C:\Windows\System\JkThqSz.exe

C:\Windows\System\FJOaeNH.exe

C:\Windows\System\FJOaeNH.exe

C:\Windows\System\SWgERIP.exe

C:\Windows\System\SWgERIP.exe

C:\Windows\System\zukmHPm.exe

C:\Windows\System\zukmHPm.exe

C:\Windows\System\GZnahtH.exe

C:\Windows\System\GZnahtH.exe

C:\Windows\System\KgVcYWV.exe

C:\Windows\System\KgVcYWV.exe

C:\Windows\System\pWjYxjE.exe

C:\Windows\System\pWjYxjE.exe

C:\Windows\System\nvVZvJc.exe

C:\Windows\System\nvVZvJc.exe

C:\Windows\System\SFBVfrb.exe

C:\Windows\System\SFBVfrb.exe

C:\Windows\System\kxSLPAF.exe

C:\Windows\System\kxSLPAF.exe

C:\Windows\System\eGUDYiu.exe

C:\Windows\System\eGUDYiu.exe

C:\Windows\System\PacDhUh.exe

C:\Windows\System\PacDhUh.exe

C:\Windows\System\nQcAaFT.exe

C:\Windows\System\nQcAaFT.exe

C:\Windows\System\OKPYGSb.exe

C:\Windows\System\OKPYGSb.exe

C:\Windows\System\bQiWIYS.exe

C:\Windows\System\bQiWIYS.exe

C:\Windows\System\Juvpxwq.exe

C:\Windows\System\Juvpxwq.exe

C:\Windows\System\vftmfIu.exe

C:\Windows\System\vftmfIu.exe

C:\Windows\System\ZNikZim.exe

C:\Windows\System\ZNikZim.exe

C:\Windows\System\HCKiEbC.exe

C:\Windows\System\HCKiEbC.exe

C:\Windows\System\ciISJZS.exe

C:\Windows\System\ciISJZS.exe

C:\Windows\System\eMqxQYQ.exe

C:\Windows\System\eMqxQYQ.exe

C:\Windows\System\LLQoBeA.exe

C:\Windows\System\LLQoBeA.exe

C:\Windows\System\LpNEaSv.exe

C:\Windows\System\LpNEaSv.exe

C:\Windows\System\NEZyAsD.exe

C:\Windows\System\NEZyAsD.exe

C:\Windows\System\llTWXYT.exe

C:\Windows\System\llTWXYT.exe

C:\Windows\System\aNNOQeg.exe

C:\Windows\System\aNNOQeg.exe

C:\Windows\System\jExLDNV.exe

C:\Windows\System\jExLDNV.exe

C:\Windows\System\eSBtWBJ.exe

C:\Windows\System\eSBtWBJ.exe

C:\Windows\System\KbRNyjC.exe

C:\Windows\System\KbRNyjC.exe

C:\Windows\System\vGkZwiS.exe

C:\Windows\System\vGkZwiS.exe

C:\Windows\System\xCcTcXJ.exe

C:\Windows\System\xCcTcXJ.exe

C:\Windows\System\rPaAaSK.exe

C:\Windows\System\rPaAaSK.exe

C:\Windows\System\RfuJktF.exe

C:\Windows\System\RfuJktF.exe

C:\Windows\System\wynUhUM.exe

C:\Windows\System\wynUhUM.exe

C:\Windows\System\ZDyLMSi.exe

C:\Windows\System\ZDyLMSi.exe

C:\Windows\System\TTuuMMf.exe

C:\Windows\System\TTuuMMf.exe

C:\Windows\System\pDnLHMs.exe

C:\Windows\System\pDnLHMs.exe

C:\Windows\System\myXunuQ.exe

C:\Windows\System\myXunuQ.exe

C:\Windows\System\acQUUQF.exe

C:\Windows\System\acQUUQF.exe

C:\Windows\System\ZdkLiSZ.exe

C:\Windows\System\ZdkLiSZ.exe

C:\Windows\System\rpcWAQX.exe

C:\Windows\System\rpcWAQX.exe

C:\Windows\System\KcpLjtt.exe

C:\Windows\System\KcpLjtt.exe

C:\Windows\System\unjBAQo.exe

C:\Windows\System\unjBAQo.exe

C:\Windows\System\fStmCXp.exe

C:\Windows\System\fStmCXp.exe

C:\Windows\System\vNzJUOm.exe

C:\Windows\System\vNzJUOm.exe

C:\Windows\System\GLvWCme.exe

C:\Windows\System\GLvWCme.exe

C:\Windows\System\LBTQFLe.exe

C:\Windows\System\LBTQFLe.exe

C:\Windows\System\utxyzsF.exe

C:\Windows\System\utxyzsF.exe

C:\Windows\System\tIwSWLU.exe

C:\Windows\System\tIwSWLU.exe

C:\Windows\System\ZPWYqUT.exe

C:\Windows\System\ZPWYqUT.exe

C:\Windows\System\AALLAjk.exe

C:\Windows\System\AALLAjk.exe

C:\Windows\System\LjfJvee.exe

C:\Windows\System\LjfJvee.exe

C:\Windows\System\mNmlibf.exe

C:\Windows\System\mNmlibf.exe

C:\Windows\System\vIXwbfA.exe

C:\Windows\System\vIXwbfA.exe

C:\Windows\System\NsDwEko.exe

C:\Windows\System\NsDwEko.exe

C:\Windows\System\ubYNEvd.exe

C:\Windows\System\ubYNEvd.exe

C:\Windows\System\Bdxydzy.exe

C:\Windows\System\Bdxydzy.exe

C:\Windows\System\pzsWKHX.exe

C:\Windows\System\pzsWKHX.exe

C:\Windows\System\fKOUTKt.exe

C:\Windows\System\fKOUTKt.exe

C:\Windows\System\LSiMqhi.exe

C:\Windows\System\LSiMqhi.exe

C:\Windows\System\EKsYAwO.exe

C:\Windows\System\EKsYAwO.exe

C:\Windows\System\hXSwgLX.exe

C:\Windows\System\hXSwgLX.exe

C:\Windows\System\rCSrhWO.exe

C:\Windows\System\rCSrhWO.exe

C:\Windows\System\TSdWGCe.exe

C:\Windows\System\TSdWGCe.exe

C:\Windows\System\pyICQoW.exe

C:\Windows\System\pyICQoW.exe

C:\Windows\System\YJZIgAn.exe

C:\Windows\System\YJZIgAn.exe

C:\Windows\System\WOzAFIx.exe

C:\Windows\System\WOzAFIx.exe

C:\Windows\System\RMcJEjC.exe

C:\Windows\System\RMcJEjC.exe

C:\Windows\System\Evplbfa.exe

C:\Windows\System\Evplbfa.exe

C:\Windows\System\NqubKrf.exe

C:\Windows\System\NqubKrf.exe

C:\Windows\System\DQTWctn.exe

C:\Windows\System\DQTWctn.exe

C:\Windows\System\vDvGNVh.exe

C:\Windows\System\vDvGNVh.exe

C:\Windows\System\dZEICkY.exe

C:\Windows\System\dZEICkY.exe

C:\Windows\System\EZCxXJn.exe

C:\Windows\System\EZCxXJn.exe

C:\Windows\System\QuviEkw.exe

C:\Windows\System\QuviEkw.exe

C:\Windows\System\zPqPexb.exe

C:\Windows\System\zPqPexb.exe

C:\Windows\System\dnWbmim.exe

C:\Windows\System\dnWbmim.exe

C:\Windows\System\UuNZdew.exe

C:\Windows\System\UuNZdew.exe

C:\Windows\System\MNCJPbp.exe

C:\Windows\System\MNCJPbp.exe

C:\Windows\System\jCtjqGT.exe

C:\Windows\System\jCtjqGT.exe

C:\Windows\System\yssOhvL.exe

C:\Windows\System\yssOhvL.exe

C:\Windows\System\XtWwPVT.exe

C:\Windows\System\XtWwPVT.exe

C:\Windows\System\ORFcMMh.exe

C:\Windows\System\ORFcMMh.exe

C:\Windows\System\WRpuSNI.exe

C:\Windows\System\WRpuSNI.exe

C:\Windows\System\vRkgZVv.exe

C:\Windows\System\vRkgZVv.exe

C:\Windows\System\MekUyPO.exe

C:\Windows\System\MekUyPO.exe

C:\Windows\System\GCffdkF.exe

C:\Windows\System\GCffdkF.exe

C:\Windows\System\moNNvbv.exe

C:\Windows\System\moNNvbv.exe

C:\Windows\System\vDXnhGC.exe

C:\Windows\System\vDXnhGC.exe

C:\Windows\System\FxOwbma.exe

C:\Windows\System\FxOwbma.exe

C:\Windows\System\JAGGkhk.exe

C:\Windows\System\JAGGkhk.exe

C:\Windows\System\ihKHYne.exe

C:\Windows\System\ihKHYne.exe

C:\Windows\System\msuyoJZ.exe

C:\Windows\System\msuyoJZ.exe

C:\Windows\System\PPJGpaJ.exe

C:\Windows\System\PPJGpaJ.exe

C:\Windows\System\ISnIinn.exe

C:\Windows\System\ISnIinn.exe

C:\Windows\System\CEwYRfr.exe

C:\Windows\System\CEwYRfr.exe

C:\Windows\System\OhRDtli.exe

C:\Windows\System\OhRDtli.exe

C:\Windows\System\sZRXshF.exe

C:\Windows\System\sZRXshF.exe

C:\Windows\System\ROLepSs.exe

C:\Windows\System\ROLepSs.exe

C:\Windows\System\yVqBDVM.exe

C:\Windows\System\yVqBDVM.exe

C:\Windows\System\nHfUCWK.exe

C:\Windows\System\nHfUCWK.exe

C:\Windows\System\bhNeBpU.exe

C:\Windows\System\bhNeBpU.exe

C:\Windows\System\gZCBXyH.exe

C:\Windows\System\gZCBXyH.exe

C:\Windows\System\NcMYsSG.exe

C:\Windows\System\NcMYsSG.exe

C:\Windows\System\icepENM.exe

C:\Windows\System\icepENM.exe

C:\Windows\System\xfwzENK.exe

C:\Windows\System\xfwzENK.exe

C:\Windows\System\NYvyLso.exe

C:\Windows\System\NYvyLso.exe

C:\Windows\System\CNJZXzr.exe

C:\Windows\System\CNJZXzr.exe

C:\Windows\System\SIlIGkG.exe

C:\Windows\System\SIlIGkG.exe

C:\Windows\System\RuYajnq.exe

C:\Windows\System\RuYajnq.exe

C:\Windows\System\euCfvfL.exe

C:\Windows\System\euCfvfL.exe

C:\Windows\System\hajhbjY.exe

C:\Windows\System\hajhbjY.exe

C:\Windows\System\PeIAkUz.exe

C:\Windows\System\PeIAkUz.exe

C:\Windows\System\UwFhmQV.exe

C:\Windows\System\UwFhmQV.exe

C:\Windows\System\kdllRUn.exe

C:\Windows\System\kdllRUn.exe

C:\Windows\System\qtMNGws.exe

C:\Windows\System\qtMNGws.exe

C:\Windows\System\KRZSHcS.exe

C:\Windows\System\KRZSHcS.exe

C:\Windows\System\vUnaHOM.exe

C:\Windows\System\vUnaHOM.exe

C:\Windows\System\nqqqImF.exe

C:\Windows\System\nqqqImF.exe

C:\Windows\System\ovHGIfx.exe

C:\Windows\System\ovHGIfx.exe

C:\Windows\System\PLoLAwJ.exe

C:\Windows\System\PLoLAwJ.exe

C:\Windows\System\XmiGLSA.exe

C:\Windows\System\XmiGLSA.exe

C:\Windows\System\zyblKHv.exe

C:\Windows\System\zyblKHv.exe

C:\Windows\System\nPUuIum.exe

C:\Windows\System\nPUuIum.exe

C:\Windows\System\cIFKBny.exe

C:\Windows\System\cIFKBny.exe

C:\Windows\System\pWBtrOG.exe

C:\Windows\System\pWBtrOG.exe

C:\Windows\System\HSsilrh.exe

C:\Windows\System\HSsilrh.exe

C:\Windows\System\NZTTFWV.exe

C:\Windows\System\NZTTFWV.exe

C:\Windows\System\xeDBLNh.exe

C:\Windows\System\xeDBLNh.exe

C:\Windows\System\dAwAyul.exe

C:\Windows\System\dAwAyul.exe

C:\Windows\System\nAjCIki.exe

C:\Windows\System\nAjCIki.exe

C:\Windows\System\FOYhaOz.exe

C:\Windows\System\FOYhaOz.exe

C:\Windows\System\JYiVdEm.exe

C:\Windows\System\JYiVdEm.exe

C:\Windows\System\BWEcfkS.exe

C:\Windows\System\BWEcfkS.exe

C:\Windows\System\QDacCqA.exe

C:\Windows\System\QDacCqA.exe

C:\Windows\System\EtTzctl.exe

C:\Windows\System\EtTzctl.exe

C:\Windows\System\MDtlbAx.exe

C:\Windows\System\MDtlbAx.exe

C:\Windows\System\Odenlca.exe

C:\Windows\System\Odenlca.exe

C:\Windows\System\qcbVKdd.exe

C:\Windows\System\qcbVKdd.exe

C:\Windows\System\JBwggVX.exe

C:\Windows\System\JBwggVX.exe

C:\Windows\System\xiAGOVT.exe

C:\Windows\System\xiAGOVT.exe

C:\Windows\System\XkdBMjE.exe

C:\Windows\System\XkdBMjE.exe

C:\Windows\System\cmJwrzm.exe

C:\Windows\System\cmJwrzm.exe

C:\Windows\System\hMYIlDc.exe

C:\Windows\System\hMYIlDc.exe

C:\Windows\System\bDwRSqs.exe

C:\Windows\System\bDwRSqs.exe

C:\Windows\System\IONNZqC.exe

C:\Windows\System\IONNZqC.exe

C:\Windows\System\KpKJaiX.exe

C:\Windows\System\KpKJaiX.exe

C:\Windows\System\eodPbvj.exe

C:\Windows\System\eodPbvj.exe

C:\Windows\System\vrBozcs.exe

C:\Windows\System\vrBozcs.exe

C:\Windows\System\CfRMNUE.exe

C:\Windows\System\CfRMNUE.exe

C:\Windows\System\PKEwFVc.exe

C:\Windows\System\PKEwFVc.exe

C:\Windows\System\wXwKESG.exe

C:\Windows\System\wXwKESG.exe

C:\Windows\System\GgQoqjg.exe

C:\Windows\System\GgQoqjg.exe

C:\Windows\System\SVqjMcC.exe

C:\Windows\System\SVqjMcC.exe

C:\Windows\System\bZYNnNQ.exe

C:\Windows\System\bZYNnNQ.exe

C:\Windows\System\dAePaGN.exe

C:\Windows\System\dAePaGN.exe

C:\Windows\System\smSNSid.exe

C:\Windows\System\smSNSid.exe

C:\Windows\System\jZbHpBF.exe

C:\Windows\System\jZbHpBF.exe

C:\Windows\System\FWRzQVY.exe

C:\Windows\System\FWRzQVY.exe

C:\Windows\System\yUrSrJQ.exe

C:\Windows\System\yUrSrJQ.exe

C:\Windows\System\lmoMwwC.exe

C:\Windows\System\lmoMwwC.exe

C:\Windows\System\rRYstrL.exe

C:\Windows\System\rRYstrL.exe

C:\Windows\System\ibjMdnd.exe

C:\Windows\System\ibjMdnd.exe

C:\Windows\System\ADeyTBD.exe

C:\Windows\System\ADeyTBD.exe

C:\Windows\System\PfSCZVx.exe

C:\Windows\System\PfSCZVx.exe

C:\Windows\System\CyjBFgk.exe

C:\Windows\System\CyjBFgk.exe

C:\Windows\System\cxbeSxz.exe

C:\Windows\System\cxbeSxz.exe

C:\Windows\System\KFLRReG.exe

C:\Windows\System\KFLRReG.exe

C:\Windows\System\ihimftx.exe

C:\Windows\System\ihimftx.exe

C:\Windows\System\vVuxCHc.exe

C:\Windows\System\vVuxCHc.exe

C:\Windows\System\WbMHpIL.exe

C:\Windows\System\WbMHpIL.exe

C:\Windows\System\rJpdRhW.exe

C:\Windows\System\rJpdRhW.exe

C:\Windows\System\svDMpcw.exe

C:\Windows\System\svDMpcw.exe

C:\Windows\System\Mbmtfzm.exe

C:\Windows\System\Mbmtfzm.exe

C:\Windows\System\XoRXtIU.exe

C:\Windows\System\XoRXtIU.exe

C:\Windows\System\hFYrRbP.exe

C:\Windows\System\hFYrRbP.exe

C:\Windows\System\SLJNnRi.exe

C:\Windows\System\SLJNnRi.exe

C:\Windows\System\PxlGfqw.exe

C:\Windows\System\PxlGfqw.exe

C:\Windows\System\IZdepSh.exe

C:\Windows\System\IZdepSh.exe

C:\Windows\System\jAlLGXw.exe

C:\Windows\System\jAlLGXw.exe

C:\Windows\System\xgcRpGp.exe

C:\Windows\System\xgcRpGp.exe

C:\Windows\System\LDCjiNs.exe

C:\Windows\System\LDCjiNs.exe

C:\Windows\System\QZNGUWX.exe

C:\Windows\System\QZNGUWX.exe

C:\Windows\System\mAUHjGY.exe

C:\Windows\System\mAUHjGY.exe

C:\Windows\System\umAvveC.exe

C:\Windows\System\umAvveC.exe

C:\Windows\System\jUAzMbj.exe

C:\Windows\System\jUAzMbj.exe

C:\Windows\System\QByVpNw.exe

C:\Windows\System\QByVpNw.exe

C:\Windows\System\dAKMzQD.exe

C:\Windows\System\dAKMzQD.exe

C:\Windows\System\oOpxtNj.exe

C:\Windows\System\oOpxtNj.exe

C:\Windows\System\eUCtged.exe

C:\Windows\System\eUCtged.exe

C:\Windows\System\uOhBmqH.exe

C:\Windows\System\uOhBmqH.exe

C:\Windows\System\rlnDGlP.exe

C:\Windows\System\rlnDGlP.exe

C:\Windows\System\CgYAWCb.exe

C:\Windows\System\CgYAWCb.exe

C:\Windows\System\xEmhBBU.exe

C:\Windows\System\xEmhBBU.exe

C:\Windows\System\gwuctFL.exe

C:\Windows\System\gwuctFL.exe

C:\Windows\System\VUPWcfb.exe

C:\Windows\System\VUPWcfb.exe

C:\Windows\System\kGPaQHt.exe

C:\Windows\System\kGPaQHt.exe

C:\Windows\System\tEXlvZL.exe

C:\Windows\System\tEXlvZL.exe

C:\Windows\System\vFlQOQf.exe

C:\Windows\System\vFlQOQf.exe

C:\Windows\System\JxYyDCV.exe

C:\Windows\System\JxYyDCV.exe

C:\Windows\System\kTYKPlK.exe

C:\Windows\System\kTYKPlK.exe

C:\Windows\System\fmWnvSf.exe

C:\Windows\System\fmWnvSf.exe

C:\Windows\System\hAWzfrm.exe

C:\Windows\System\hAWzfrm.exe

C:\Windows\System\yyunOmF.exe

C:\Windows\System\yyunOmF.exe

C:\Windows\System\pZlWbut.exe

C:\Windows\System\pZlWbut.exe

C:\Windows\System\zgnnxTs.exe

C:\Windows\System\zgnnxTs.exe

C:\Windows\System\CXnFoOd.exe

C:\Windows\System\CXnFoOd.exe

C:\Windows\System\jYCDDZY.exe

C:\Windows\System\jYCDDZY.exe

C:\Windows\System\IBygBmA.exe

C:\Windows\System\IBygBmA.exe

C:\Windows\System\cvgscwz.exe

C:\Windows\System\cvgscwz.exe

C:\Windows\System\rARuvvp.exe

C:\Windows\System\rARuvvp.exe

C:\Windows\System\BTONSjr.exe

C:\Windows\System\BTONSjr.exe

C:\Windows\System\xhSNSVO.exe

C:\Windows\System\xhSNSVO.exe

C:\Windows\System\BDAajSu.exe

C:\Windows\System\BDAajSu.exe

C:\Windows\System\vzByhZl.exe

C:\Windows\System\vzByhZl.exe

C:\Windows\System\WLbCcep.exe

C:\Windows\System\WLbCcep.exe

C:\Windows\System\FKvvuFB.exe

C:\Windows\System\FKvvuFB.exe

C:\Windows\System\meGTpAf.exe

C:\Windows\System\meGTpAf.exe

C:\Windows\System\SlLSIcT.exe

C:\Windows\System\SlLSIcT.exe

C:\Windows\System\SMBsSgF.exe

C:\Windows\System\SMBsSgF.exe

C:\Windows\System\NITBGpH.exe

C:\Windows\System\NITBGpH.exe

C:\Windows\System\MqTzQxL.exe

C:\Windows\System\MqTzQxL.exe

C:\Windows\System\BrSvqZu.exe

C:\Windows\System\BrSvqZu.exe

C:\Windows\System\vRLAwPM.exe

C:\Windows\System\vRLAwPM.exe

C:\Windows\System\whekNff.exe

C:\Windows\System\whekNff.exe

C:\Windows\System\cpqNGwv.exe

C:\Windows\System\cpqNGwv.exe

C:\Windows\System\APMpkHm.exe

C:\Windows\System\APMpkHm.exe

C:\Windows\System\MNhjoTr.exe

C:\Windows\System\MNhjoTr.exe

C:\Windows\System\SOxGUnq.exe

C:\Windows\System\SOxGUnq.exe

C:\Windows\System\wlkcwov.exe

C:\Windows\System\wlkcwov.exe

C:\Windows\System\uukcBLd.exe

C:\Windows\System\uukcBLd.exe

C:\Windows\System\LArkFnG.exe

C:\Windows\System\LArkFnG.exe

C:\Windows\System\jwDecKN.exe

C:\Windows\System\jwDecKN.exe

C:\Windows\System\fkorMsM.exe

C:\Windows\System\fkorMsM.exe

C:\Windows\System\zczeRHi.exe

C:\Windows\System\zczeRHi.exe

C:\Windows\System\zcAyXya.exe

C:\Windows\System\zcAyXya.exe

C:\Windows\System\wqUVcTn.exe

C:\Windows\System\wqUVcTn.exe

C:\Windows\System\cKbMdEu.exe

C:\Windows\System\cKbMdEu.exe

C:\Windows\System\mdgAUgY.exe

C:\Windows\System\mdgAUgY.exe

C:\Windows\System\ODKVzCp.exe

C:\Windows\System\ODKVzCp.exe

C:\Windows\System\VdoNiTs.exe

C:\Windows\System\VdoNiTs.exe

C:\Windows\System\rtklgOq.exe

C:\Windows\System\rtklgOq.exe

C:\Windows\System\hTryjby.exe

C:\Windows\System\hTryjby.exe

C:\Windows\System\bglyHgt.exe

C:\Windows\System\bglyHgt.exe

C:\Windows\System\ScPZkKv.exe

C:\Windows\System\ScPZkKv.exe

C:\Windows\System\cLhvLxr.exe

C:\Windows\System\cLhvLxr.exe

C:\Windows\System\PTYWZsz.exe

C:\Windows\System\PTYWZsz.exe

C:\Windows\System\MoivkWz.exe

C:\Windows\System\MoivkWz.exe

C:\Windows\System\WwOKcwA.exe

C:\Windows\System\WwOKcwA.exe

C:\Windows\System\CjeCpCL.exe

C:\Windows\System\CjeCpCL.exe

C:\Windows\System\FJXgKLB.exe

C:\Windows\System\FJXgKLB.exe

C:\Windows\System\JuvTWVC.exe

C:\Windows\System\JuvTWVC.exe

C:\Windows\System\GFJKXJO.exe

C:\Windows\System\GFJKXJO.exe

C:\Windows\System\zHFcQCo.exe

C:\Windows\System\zHFcQCo.exe

C:\Windows\System\XvbNDXF.exe

C:\Windows\System\XvbNDXF.exe

C:\Windows\System\aYsvORB.exe

C:\Windows\System\aYsvORB.exe

C:\Windows\System\PUyCPkx.exe

C:\Windows\System\PUyCPkx.exe

C:\Windows\System\oMwzYjd.exe

C:\Windows\System\oMwzYjd.exe

C:\Windows\System\GmettSI.exe

C:\Windows\System\GmettSI.exe

C:\Windows\System\uaegXCT.exe

C:\Windows\System\uaegXCT.exe

C:\Windows\System\vQgMEII.exe

C:\Windows\System\vQgMEII.exe

C:\Windows\System\HEhdVjh.exe

C:\Windows\System\HEhdVjh.exe

C:\Windows\System\NsrJVtr.exe

C:\Windows\System\NsrJVtr.exe

C:\Windows\System\WrrVcqN.exe

C:\Windows\System\WrrVcqN.exe

C:\Windows\System\hVkuOJC.exe

C:\Windows\System\hVkuOJC.exe

C:\Windows\System\jzWMtFS.exe

C:\Windows\System\jzWMtFS.exe

C:\Windows\System\AftAXRb.exe

C:\Windows\System\AftAXRb.exe

C:\Windows\System\pDzicpY.exe

C:\Windows\System\pDzicpY.exe

C:\Windows\System\qcmkxOW.exe

C:\Windows\System\qcmkxOW.exe

C:\Windows\System\cqitgQo.exe

C:\Windows\System\cqitgQo.exe

C:\Windows\System\zdemtrZ.exe

C:\Windows\System\zdemtrZ.exe

C:\Windows\System\WuZKUDg.exe

C:\Windows\System\WuZKUDg.exe

C:\Windows\System\RgKdSZc.exe

C:\Windows\System\RgKdSZc.exe

C:\Windows\System\OAjDvap.exe

C:\Windows\System\OAjDvap.exe

C:\Windows\System\MNxNjde.exe

C:\Windows\System\MNxNjde.exe

C:\Windows\System\aSixhqC.exe

C:\Windows\System\aSixhqC.exe

C:\Windows\System\mnDgBhS.exe

C:\Windows\System\mnDgBhS.exe

C:\Windows\System\IsFUwPn.exe

C:\Windows\System\IsFUwPn.exe

C:\Windows\System\eDNhCiA.exe

C:\Windows\System\eDNhCiA.exe

C:\Windows\System\luwePhE.exe

C:\Windows\System\luwePhE.exe

C:\Windows\System\JfUuoni.exe

C:\Windows\System\JfUuoni.exe

C:\Windows\System\sHhYnaH.exe

C:\Windows\System\sHhYnaH.exe

C:\Windows\System\xikHMQt.exe

C:\Windows\System\xikHMQt.exe

C:\Windows\System\KXEuRwC.exe

C:\Windows\System\KXEuRwC.exe

C:\Windows\System\QTmRZyv.exe

C:\Windows\System\QTmRZyv.exe

C:\Windows\System\aQhVVIC.exe

C:\Windows\System\aQhVVIC.exe

C:\Windows\System\wHrsiPm.exe

C:\Windows\System\wHrsiPm.exe

C:\Windows\System\YFCEbRg.exe

C:\Windows\System\YFCEbRg.exe

C:\Windows\System\UfRsePi.exe

C:\Windows\System\UfRsePi.exe

C:\Windows\System\AlLcbWF.exe

C:\Windows\System\AlLcbWF.exe

C:\Windows\System\eofyFku.exe

C:\Windows\System\eofyFku.exe

C:\Windows\System\XfoKhPs.exe

C:\Windows\System\XfoKhPs.exe

C:\Windows\System\PGAHQTc.exe

C:\Windows\System\PGAHQTc.exe

C:\Windows\System\oCCRZfT.exe

C:\Windows\System\oCCRZfT.exe

C:\Windows\System\IzQvmLk.exe

C:\Windows\System\IzQvmLk.exe

C:\Windows\System\GpxeXsW.exe

C:\Windows\System\GpxeXsW.exe

C:\Windows\System\sdCaozh.exe

C:\Windows\System\sdCaozh.exe

C:\Windows\System\mnJzrem.exe

C:\Windows\System\mnJzrem.exe

C:\Windows\System\hHgRcPt.exe

C:\Windows\System\hHgRcPt.exe

C:\Windows\System\GbjcaQk.exe

C:\Windows\System\GbjcaQk.exe

C:\Windows\System\fWxrAbo.exe

C:\Windows\System\fWxrAbo.exe

C:\Windows\System\RjtZywd.exe

C:\Windows\System\RjtZywd.exe

C:\Windows\System\dGaPzmN.exe

C:\Windows\System\dGaPzmN.exe

C:\Windows\System\DuGJaOj.exe

C:\Windows\System\DuGJaOj.exe

C:\Windows\System\tygULQF.exe

C:\Windows\System\tygULQF.exe

C:\Windows\System\faWRysF.exe

C:\Windows\System\faWRysF.exe

C:\Windows\System\HWKVYZk.exe

C:\Windows\System\HWKVYZk.exe

C:\Windows\System\iXpCIAo.exe

C:\Windows\System\iXpCIAo.exe

C:\Windows\System\vAGajFK.exe

C:\Windows\System\vAGajFK.exe

C:\Windows\System\xqHmLkS.exe

C:\Windows\System\xqHmLkS.exe

C:\Windows\System\lGmkORh.exe

C:\Windows\System\lGmkORh.exe

C:\Windows\System\fyuvQtF.exe

C:\Windows\System\fyuvQtF.exe

C:\Windows\System\SMFQfmB.exe

C:\Windows\System\SMFQfmB.exe

C:\Windows\System\TWnOvbN.exe

C:\Windows\System\TWnOvbN.exe

C:\Windows\System\rYNfVVt.exe

C:\Windows\System\rYNfVVt.exe

C:\Windows\System\FzoQHci.exe

C:\Windows\System\FzoQHci.exe

C:\Windows\System\vbZDZLW.exe

C:\Windows\System\vbZDZLW.exe

C:\Windows\System\NtiGfBq.exe

C:\Windows\System\NtiGfBq.exe

C:\Windows\System\rTQbciC.exe

C:\Windows\System\rTQbciC.exe

C:\Windows\System\qVvtIZj.exe

C:\Windows\System\qVvtIZj.exe

C:\Windows\System\GCizKlT.exe

C:\Windows\System\GCizKlT.exe

C:\Windows\System\BkVqIqv.exe

C:\Windows\System\BkVqIqv.exe

C:\Windows\System\JPjlsus.exe

C:\Windows\System\JPjlsus.exe

C:\Windows\System\TgtoeDm.exe

C:\Windows\System\TgtoeDm.exe

C:\Windows\System\neUHpny.exe

C:\Windows\System\neUHpny.exe

C:\Windows\System\oCjINMh.exe

C:\Windows\System\oCjINMh.exe

C:\Windows\System\amGHuAN.exe

C:\Windows\System\amGHuAN.exe

C:\Windows\System\ZnkHLXN.exe

C:\Windows\System\ZnkHLXN.exe

C:\Windows\System\KhSRDyW.exe

C:\Windows\System\KhSRDyW.exe

C:\Windows\System\dDZyNfn.exe

C:\Windows\System\dDZyNfn.exe

C:\Windows\System\cnrAFff.exe

C:\Windows\System\cnrAFff.exe

C:\Windows\System\nVETkvF.exe

C:\Windows\System\nVETkvF.exe

C:\Windows\System\nnLXLbH.exe

C:\Windows\System\nnLXLbH.exe

C:\Windows\System\lOnXvNX.exe

C:\Windows\System\lOnXvNX.exe

C:\Windows\System\DeMpvmz.exe

C:\Windows\System\DeMpvmz.exe

C:\Windows\System\SOhdvpU.exe

C:\Windows\System\SOhdvpU.exe

C:\Windows\System\wOnKTdU.exe

C:\Windows\System\wOnKTdU.exe

C:\Windows\System\TtpvzNB.exe

C:\Windows\System\TtpvzNB.exe

C:\Windows\System\OwrABXD.exe

C:\Windows\System\OwrABXD.exe

C:\Windows\System\KJKytWK.exe

C:\Windows\System\KJKytWK.exe

C:\Windows\System\BlbQUuM.exe

C:\Windows\System\BlbQUuM.exe

C:\Windows\System\YwXZTlU.exe

C:\Windows\System\YwXZTlU.exe

C:\Windows\System\TcuWIZY.exe

C:\Windows\System\TcuWIZY.exe

C:\Windows\System\EbfpQVC.exe

C:\Windows\System\EbfpQVC.exe

C:\Windows\System\iuyoFhX.exe

C:\Windows\System\iuyoFhX.exe

C:\Windows\System\pscjFmf.exe

C:\Windows\System\pscjFmf.exe

C:\Windows\System\WKTjHkg.exe

C:\Windows\System\WKTjHkg.exe

C:\Windows\System\tLzliOe.exe

C:\Windows\System\tLzliOe.exe

C:\Windows\System\WxyLOFk.exe

C:\Windows\System\WxyLOFk.exe

C:\Windows\System\kxkXNog.exe

C:\Windows\System\kxkXNog.exe

C:\Windows\System\xogCCYb.exe

C:\Windows\System\xogCCYb.exe

C:\Windows\System\GnpsVyT.exe

C:\Windows\System\GnpsVyT.exe

C:\Windows\System\EqluNGG.exe

C:\Windows\System\EqluNGG.exe

C:\Windows\System\GNRLCjs.exe

C:\Windows\System\GNRLCjs.exe

C:\Windows\System\tfXJldm.exe

C:\Windows\System\tfXJldm.exe

C:\Windows\System\xpWyHtw.exe

C:\Windows\System\xpWyHtw.exe

C:\Windows\System\vXWpBdU.exe

C:\Windows\System\vXWpBdU.exe

C:\Windows\System\sNFehLh.exe

C:\Windows\System\sNFehLh.exe

C:\Windows\System\jrMIGVY.exe

C:\Windows\System\jrMIGVY.exe

C:\Windows\System\oBYMwQR.exe

C:\Windows\System\oBYMwQR.exe

C:\Windows\System\tRvIzkR.exe

C:\Windows\System\tRvIzkR.exe

C:\Windows\System\YFqznjd.exe

C:\Windows\System\YFqznjd.exe

C:\Windows\System\fRSepEX.exe

C:\Windows\System\fRSepEX.exe

C:\Windows\System\fTivGJo.exe

C:\Windows\System\fTivGJo.exe

C:\Windows\System\xhhXJiH.exe

C:\Windows\System\xhhXJiH.exe

C:\Windows\System\vDQKStE.exe

C:\Windows\System\vDQKStE.exe

C:\Windows\System\KMzGAKc.exe

C:\Windows\System\KMzGAKc.exe

C:\Windows\System\VXjFRaQ.exe

C:\Windows\System\VXjFRaQ.exe

C:\Windows\System\hBuPWqn.exe

C:\Windows\System\hBuPWqn.exe

C:\Windows\System\ljYewwV.exe

C:\Windows\System\ljYewwV.exe

C:\Windows\System\pAivbfZ.exe

C:\Windows\System\pAivbfZ.exe

C:\Windows\System\HiYrGhd.exe

C:\Windows\System\HiYrGhd.exe

C:\Windows\System\pQMAjZW.exe

C:\Windows\System\pQMAjZW.exe

C:\Windows\System\oPKguYJ.exe

C:\Windows\System\oPKguYJ.exe

C:\Windows\System\eFwTEvQ.exe

C:\Windows\System\eFwTEvQ.exe

C:\Windows\System\PycpWdD.exe

C:\Windows\System\PycpWdD.exe

C:\Windows\System\rByKhoJ.exe

C:\Windows\System\rByKhoJ.exe

C:\Windows\System\IAYrWSp.exe

C:\Windows\System\IAYrWSp.exe

C:\Windows\System\xlIozTB.exe

C:\Windows\System\xlIozTB.exe

C:\Windows\System\bZRlDRQ.exe

C:\Windows\System\bZRlDRQ.exe

C:\Windows\System\atoaMLs.exe

C:\Windows\System\atoaMLs.exe

C:\Windows\System\QFIEcJY.exe

C:\Windows\System\QFIEcJY.exe

C:\Windows\System\igcibkw.exe

C:\Windows\System\igcibkw.exe

C:\Windows\System\GUEGlRU.exe

C:\Windows\System\GUEGlRU.exe

C:\Windows\System\kCjjdXQ.exe

C:\Windows\System\kCjjdXQ.exe

C:\Windows\System\pAqXcMH.exe

C:\Windows\System\pAqXcMH.exe

C:\Windows\System\oFGIRfQ.exe

C:\Windows\System\oFGIRfQ.exe

C:\Windows\System\uejUDSK.exe

C:\Windows\System\uejUDSK.exe

C:\Windows\System\LQUUewp.exe

C:\Windows\System\LQUUewp.exe

C:\Windows\System\LqImlSy.exe

C:\Windows\System\LqImlSy.exe

C:\Windows\System\xdPKjBF.exe

C:\Windows\System\xdPKjBF.exe

C:\Windows\System\MeiElgo.exe

C:\Windows\System\MeiElgo.exe

C:\Windows\System\xsxvPLS.exe

C:\Windows\System\xsxvPLS.exe

C:\Windows\System\iAMFhjt.exe

C:\Windows\System\iAMFhjt.exe

C:\Windows\System\FpSXhlr.exe

C:\Windows\System\FpSXhlr.exe

C:\Windows\System\kilpkaU.exe

C:\Windows\System\kilpkaU.exe

C:\Windows\System\mvPbSLT.exe

C:\Windows\System\mvPbSLT.exe

C:\Windows\System\rdRffaS.exe

C:\Windows\System\rdRffaS.exe

C:\Windows\System\NMFROHf.exe

C:\Windows\System\NMFROHf.exe

C:\Windows\System\mlfGlPb.exe

C:\Windows\System\mlfGlPb.exe

C:\Windows\System\aiOCucT.exe

C:\Windows\System\aiOCucT.exe

C:\Windows\System\yeDpIuK.exe

C:\Windows\System\yeDpIuK.exe

C:\Windows\System\YsDmiho.exe

C:\Windows\System\YsDmiho.exe

C:\Windows\System\dBBvVdD.exe

C:\Windows\System\dBBvVdD.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2528-1-0x000000013FAB0000-0x000000013FEA6000-memory.dmp

memory/2528-0-0x0000000000170000-0x0000000000180000-memory.dmp

\Windows\system\YlRYQOm.exe

MD5 aa22ac70d645c93b1e2d06c67dcb0a36
SHA1 2d8128a8910169944d8ab9b013a6dab2a0f488ca
SHA256 c5cd44fcd24558a541115b15ba43528b9181997645eb2c93f37d65f5ef28b904
SHA512 33fc6fdebe7988da7869f19e0fcc3c3992c0f6e36d3ac433c79512f983607964e0c5421ce0d459316627e9598d4a1e5788b4b9ac2adbf7684cdd0d96902f2f1a

memory/2528-8-0x0000000002F70000-0x0000000003366000-memory.dmp

memory/2796-13-0x000000013FE00000-0x00000001401F6000-memory.dmp

\Windows\system\tpmYZiM.exe

MD5 0a39705b78748d72da9690d9f85306b8
SHA1 25be75be3e48b7b4c053e742cf3dfd7fec12f32a
SHA256 d61555e0a72854299dd7162893cdd6d0abebec65e9decb8ef574840a540a3eb0
SHA512 f2005d3def8095da0f7f1fa3059233258352b39aa6f5d63cfe69e4c98db5307eecb4ccf2894fda8e8c7b96a5b7e0ea63139042939f87cdabdc055c4f7637b0fd

C:\Windows\system\vvHAMZM.exe

MD5 438a9bcfe1c21214c8d5336e9633adcc
SHA1 81447479f2c63ae03b030b3118f2dc8a1c4c9daa
SHA256 fc36c9f56858ffe9c667da2f10dcb084dea572198fa92ab3cb4539e7a6c0743e
SHA512 7849a5c27fc85b9c05e68b3f70f8ab2d00e56ffab968f17a1f691ce75b7b0f44ce0484987244f16ddc11162e6483a498d4aab2e5efb14853ceca242a14eabeaf

C:\Windows\system\vkThjNL.exe

MD5 a83a7da410c8db3fded35fc780496e29
SHA1 6fd9cccdb135f9e18298cc5cd024bb4e6ef3731f
SHA256 d0da5715a8c31296bc879f326b4b9886070570bdd6327b58985033ccd8911a85
SHA512 299a1f1f59f9a1667fcee27287ccf92007fd8bf0720df806a9fe5b5831649bc215e4701cbb350cf10567b53c396fc4cbd33f34d34b46ffdd20fdc7e8ccb87db5

C:\Windows\system\EDjxRsq.exe

MD5 24d675835aa53d8fda0e8abc9af7b617
SHA1 5546ae5675a514511a4691a3c6accbab5fe1397b
SHA256 c7389a30f2eb78f3db0aee28e3ee7b33f353024cd7f1614edd491a1e409e45f2
SHA512 f2129d22da198a8475f99a5b53d63ebe633b88ae7e03e93fe3435c4d34429dac1f79c69e2f6bfc8b982e99377dfe72af4223e3c69ae5d8db92d48ecbed4c8f0f

C:\Windows\system\ZSdygqy.exe

MD5 700cb47c74b1d551f518177190adcb59
SHA1 0b4210f79c2e92bb0c347f68a3966c2bbd8ade53
SHA256 753ef8ff4d4f091403cefdfcf5f5c89f06b32287dd2008b0267452c10b84bd07
SHA512 8e5157ebf7c9fb666a50c1b8d1612ff68768016f27c7386e8bd27e1d74f32ed7a423b062e5ae74e801c7a66712dba16afd098ff352d1eafb9ecbde61ab495e9b

C:\Windows\system\nPaHZuA.exe

MD5 a3ec0e35632825b5370ad3722be5fc45
SHA1 8e1ffc79eacdd2fcb5ef6f2bc52b554b4eda7190
SHA256 d617e08e0c51c06c8c0db4a11ea85e0ab9610f572e9b69717b548f6ebdfc1169
SHA512 19b8a27ee42b232f24b3bd73319bfab69b16b3a7cb5f5dfbb7843fa95d74b8d543756183c479e2abcb09f852adf2124d8c4d58e97801d08c21affbf7c20ab04c

\Windows\system\NEFcjtC.exe

MD5 4f5a7fd607f50a62f3bc6af7bb82c947
SHA1 a7ca3ba0e54ab2b104321e262f03dd49e2baad8d
SHA256 a8c765157a1259dd6093221f048863c37c13370ee211e645dc766e26b43ce956
SHA512 ca10cb0414bc9c5799aa478eae7bfad0eb1fd2bf1760d717e7e8d9803362c246114aeff92cc15b2ba75d6aa6df0729c6722045886642ef6f6510a0911a1dabbe

C:\Windows\system\kAuNgFO.exe

MD5 2914b298d87b2ddc8a238d8462dbe958
SHA1 252a1ceb999ae63621614f065f203389a6e0bb6b
SHA256 d57a4fb5a3cf8471f42cf739d9227d7cd9f0db850846b0638dfa46abdff20148
SHA512 162882896ba590c6845af413cff4d011fe3407b1ab12c8dea8f3c758ef3051a859821b38aaa20ca041baa9d43060375f63e4695c348dd3721ed38cbd1cfcb1ad

C:\Windows\system\GjJgyRr.exe

MD5 346d69fc76359e5176279d2d84843564
SHA1 83fd61370e378db3b57d909d29a484ff49ca4799
SHA256 e4883534f981b0769d573c12bd62806cd488e5919e090ff914fd182f3d6fe0c5
SHA512 add61b5a47ab6ce5f5713266f3f468d7d36ba2541973f553a0a147f95c2eadfb86bd832e6227f6ab416cb8af03530cb8cef9ee7071ddeb2ad66a3a847e4be934

C:\Windows\system\VeqKvhY.exe

MD5 b8bac2ca34776f40255d541202efcf24
SHA1 69b3e42491c711fe5fc79be5be5c499bfe5d9e4a
SHA256 797124743b9ffad6a90015680a80d48b0ee2b672dd65741f4604097536be2a8b
SHA512 a7178222512a8f2bbf65f4f85adef449fb640b6e72f24b5147dea7f3cfbff7c700a7654fc17e5a2e473311dca5ee49974316e1a67d150f8c76765df86d321f70

\Windows\system\FDTVHjz.exe

MD5 4138b513b766f03a88c243e3df42043f
SHA1 80ce890ae8009cc3a9f58034c93bc4d23c081f34
SHA256 3e1caba3d152cc701a22833c9230b36466718a6298556a10ff6f2c5429bee4d8
SHA512 a3ce8e2424f8b48bbd727d159f804c053731c3f9d3174940e3ad37427c9621aaf5adcb684716e35d3cc6563f78d2e29c886fc7428afd4b270f26113164542704

memory/1948-107-0x000007FEF5A80000-0x000007FEF641D000-memory.dmp

memory/2528-110-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/2608-111-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/2528-112-0x000000013F640000-0x000000013FA36000-memory.dmp

memory/2744-113-0x000000013F640000-0x000000013FA36000-memory.dmp

memory/1948-109-0x000007FEF5A80000-0x000007FEF641D000-memory.dmp

memory/2528-128-0x000000013F160000-0x000000013F556000-memory.dmp

memory/2444-130-0x000000013F160000-0x000000013F556000-memory.dmp

memory/2528-135-0x00000000035A0000-0x0000000003996000-memory.dmp

memory/2032-137-0x000000013FE90000-0x0000000140286000-memory.dmp

memory/2372-134-0x000000013FEB0000-0x00000001402A6000-memory.dmp

C:\Windows\system\cwIAvXw.exe

MD5 09029ce5b45502c735fe857b07c73a24
SHA1 c25f98b07718e82b7c21bdae86294d466decae6b
SHA256 188e54fe042a6c40f91d242a46b8d3ca959d7e5427c511adddc03767cfa59172
SHA512 5822cdd64119da0215a131dfafa2f05b490613ea02ea3f83f30408aadd1a2a4a01a668e7676d2a387a0772dc6f54731777feb5910adde41d19d4feda883f0cda

memory/2528-123-0x000000013FEE0000-0x00000001402D6000-memory.dmp

memory/2472-122-0x000000013F510000-0x000000013F906000-memory.dmp

memory/2528-119-0x000000013F510000-0x000000013F906000-memory.dmp

memory/2612-118-0x000000013F900000-0x000000013FCF6000-memory.dmp

memory/2528-117-0x00000000035A0000-0x0000000003996000-memory.dmp

\Windows\system\PaCcNrq.exe

MD5 cb042c313cbd4cb4b9e7143cd229305d
SHA1 1ce07353fe3d1864b95d94b979491d349ce46015
SHA256 2f158eaaa1a1a07a5b84359c520e3a2d8ef295b7ee8101e6fddd3bd00ffa0097
SHA512 60a954836b11941b77d3cde84bae5cd4102af238f8fa9540f6c8d0f1b87ddfa7af280327194dc0b807e6da48840bc972d66f0dcb1d19a69e155011c8cf81507e

C:\Windows\system\VWUpELG.exe

MD5 2dedd3d1c0854d91e97b34c007a86d1d
SHA1 da0d05671ad10aeaaecc3c41aadd335b21b63d77
SHA256 b37d50bc90d8848def98913fd0a0265470e6aa37c38a0b09cbf4534c3e4451c8
SHA512 972cff400d8a658c345a860ca4cbee2822ef85504a39da0da1c20a60c9de375993e09992cbd0e542ea3008753a08e7bd1d1d842451991a013109a47e342e516a

\Windows\system\pdtBauV.exe

MD5 8bc36149803902513cce20204cd69327
SHA1 abd2eb929262ae325af6677cdf4a20c5fe67fe45
SHA256 ac67f63d8308771b18c7cba371911883aaca16c8fd63a02f2c1c071e9edf8046
SHA512 78a9efd6a79bbfa45d5b44120d3834bda281622629b85d35cb1a5a63ce1831cdeb321c301861aaf65aac46b5c7d986843c5f3e909cc19464f3c7dc40a0d3a06d

\Windows\system\gbhaROp.exe

MD5 eae4ea19d63a2276cbddb3767a8aa1e1
SHA1 be71794a4161c7e2e43178a78ed1b85b3bc997ca
SHA256 ecef72470d0ebe71df13ea9def505b94e73702fe624578cfe6cfe83f0cb66dd0
SHA512 0137067138c8621321abbc004810488393d70dabd4d75e71739c62066c949fe3820bf632306cf45c3a0ad840e4710782cc8eddd3ad55224e4325bb51b84a7574

\Windows\system\TYdmFNp.exe

MD5 c63242a380bf6eaf7940879fdee24a17
SHA1 29ea0c2e32b660eb9d15c67f32c25e6dc92ecb8a
SHA256 0df2b7f3eeaf93e54423e8b3f8740a2ecce292eb8018a84149407e7abf40c8eb
SHA512 2f2b8f8efb836c5e0184084a4ad02b9e813403e9be83e09d2fe89c85cc3017dd1f2bb95506f25b6dd79be578b5d6875b0e67e4496544dd919259768c1d638caa

C:\Windows\system\HhHJmSZ.exe

MD5 07bac4763f0b04c2f1b42bc7c4900e67
SHA1 f88f5d1de7e29f3c615d9e88821b9b35c5b794d3
SHA256 2181c9f74c816161fbe2898ae7afd49e022429f73b828772525bf489c72ca023
SHA512 aee4be4ac613c8f9c36a78e8e68de7b59c8a3562ce83dbfde185fe6b0fa999c709e3dde37f52c087ade1b5820350373c9b776e68eb53a9a21f23a6fcf3fe1f65

memory/2528-133-0x000000013FEB0000-0x00000001402A6000-memory.dmp

memory/2488-132-0x000000013F440000-0x000000013F836000-memory.dmp

memory/2528-131-0x000000013F440000-0x000000013F836000-memory.dmp

C:\Windows\system\jQUDhqa.exe

MD5 e605d6a25643ca7c94dda867f6e4aa70
SHA1 636f13e2b5fefeb35eb96d7f40411811d4049a60
SHA256 d421a27eda93f1ab0ccbe32f66fb0e300c7a2ac2f8b2a3f06853c97009fdf26f
SHA512 3135ba1f141327639f1212165da228975496d381de901e22ff9717af6f1db4e0be56f0f4c4e1ac7ed23935e477b4e4f5e3cd10e9e21e0177e239f0b8eadee41e

memory/2492-127-0x000000013FEE0000-0x00000001402D6000-memory.dmp

C:\Windows\system\dchyfnP.exe

MD5 df88c528b42fb409b3369be37739c047
SHA1 10b418e04e467d0e6a008c4cb6ba5f508ad68f25
SHA256 861ecf6622f4271a4a1b68fb84a64fcff943f63cbb5b263607694837313a4647
SHA512 6121e7ed48b27f15215749ec303a114bbea97bab26876ee9751060fc3e72a0b9140262551febfc97ad40a9be82f9f64699a3871cb252ab2eafc4fab645aa4ee8

memory/1948-72-0x000000001B5B0000-0x000000001B892000-memory.dmp

memory/1948-78-0x0000000001D30000-0x0000000001D38000-memory.dmp

C:\Windows\system\dBuJxDK.exe

MD5 c0bd54dd284b27954740d639c99d243a
SHA1 62a2ff54775c4639a7ddf797c574788b3199b809
SHA256 6503e311d4351d9b263ffd5ef7c3097d3335398ca52970e242d354a90d7045e9
SHA512 48a14777178bda016f3fe643bda534970d9ec75c7cec7e0f726baad6e332fffea1da17e6d709ffa4b87fa19d3c521960eb9d8ca52c0c4c209889adada1f7a13d

memory/2580-145-0x000000013F380000-0x000000013F776000-memory.dmp

\Windows\system\fWpCHtQ.exe

MD5 ae09154f94d63f01889b7c766b4b6772
SHA1 ca41e43bab1154916988dca3801f8a09fadb773d
SHA256 524d1f64dcb23da4f7ce153ac9ed3ca0ef89c85ad7552e53152d77f0e8c08cb2
SHA512 b6abdc9c1dcbedfabfc6ba155495a1b55507e6c2ab16f1867fc185c7174640db41d921ee81807bd945a6696ddfd855cb28562ba18f775abcc5a88d7cb9b6a400

\Windows\system\cOWuyjW.exe

MD5 61ab30228fe742857ed7498df7e314e0
SHA1 71b71e40844f9456d1a7caf48e15f604795930f2
SHA256 6f29f899027db0aef4a8c972581539c0b73202a023022ddfdeac8dbcea7772b5
SHA512 4cc9eb9a29122f5e26ee098366f7f0e7e15d1dc97375870defbac9483862100b678ed893dad791c94529eda4b82e33326df5841806b7b24242f6556fbf2f6751

\Windows\system\qJhIasd.exe

MD5 bb2277efece9bdbddf75545da47033f3
SHA1 d2ce8e3590f382d26974efab0fac54747afd8827
SHA256 74df05103474eb5d3fba98aa43ab54c79a7bb1411295893407cf789c499dcc46
SHA512 1b40de6f774d5f29ff34e2722874156a47ccf7ace402b0072cbf10f94b0e999482c72619e24e8e4705644c321770f48c56bb3d45a15fceda768ac529b58070ce

\Windows\system\RwBRmfD.exe

MD5 137fef4fd088219b3e637c83ad4654a1
SHA1 2712dfa1e25b798d8dfc269f8d5ab9405d4e96ef
SHA256 eab18d78c22c0b79924c6fb1f2f89784410183365941b31ae1da9d41cbd9114f
SHA512 a85d0f1103984ef155288bf0363f322665bfe9217a1d55f4fdda23314e6dde593bc0774dc84e2eee1f48a0df05801fa7f1782e0a6db6dda17fc51a22b053571e

C:\Windows\system\hZWCPLb.exe

MD5 1c46f2f87562736e3b6dd2884d9c1bc1
SHA1 850760b0f8bace122fb96a7fdac1cb6a7339f78c
SHA256 6a8637d05e58401cf12a69315e210fe63cf2e670ddf0a3383d38fc5f72c0658e
SHA512 7f8b2967ed82aa7281421f18cc082d998e9fc59d628267c1ac8df90580d3d0c1ee68ebfad670500db0139f8f26040037947f90396bb9ebfec401a6ca0782b66a

C:\Windows\system\zQhswWN.exe

MD5 ee1c572ecf4399ada4a59ae06ac112f2
SHA1 1162cae601d6f7e904c9325647063bf8b1e77234
SHA256 4704215745d98225de53e4abb637d0d7631497c0038865bbba7ee791ba410c94
SHA512 9859562c653bc5cadee7a1322e988f7b6fe0b7beb5a8f3b49552a419303a08a987ddb704627d3b3a9bffcf3ff2ec86af1878de54ca0c5da19247de0f3aa6b3bb

memory/1948-144-0x000007FEF5A80000-0x000007FEF641D000-memory.dmp

memory/1904-143-0x000000013F1B0000-0x000000013F5A6000-memory.dmp

memory/2528-2531-0x000000013FAB0000-0x000000013FEA6000-memory.dmp

memory/1948-397-0x000007FEF5A80000-0x000007FEF641D000-memory.dmp

memory/2528-141-0x000000013F1B0000-0x000000013F5A6000-memory.dmp

C:\Windows\system\FHQeHiT.exe

MD5 1954787cbff9c8163bc58992cf17b2f8
SHA1 92c64eb9830ca125f9ddaaf8a3bc0c223adc4ae8
SHA256 604117577dc5b45762825178b1481fb8d0fc924f678d742f6f9a0701b5d678e3
SHA512 88bae615000894b6c02d5577669c9ace08964f9b35d9c063576d3e7ee7f2c1ae87eca324cfad7efef6c8904d39f96cc183bb94ddc9b8d8ab2579363552e04516

C:\Windows\system\jkhWWLw.exe

MD5 36f35d1a91bd5fc01bd9275f56954598
SHA1 7ea59fe9327b35b5c2440dfb8a3c9381b363c6c0
SHA256 73ac435928a0b10853c0e7aba1ca5cda5ff20cb94c8296a7ecb28a0538fe9cbe
SHA512 06a1097a263edcae7eedcac94974df6bef9d5901ce80f092fa9a12101c4b360fa6acaebec5d503133e1e714dd2caf2883ed1ef065b7b3ee7cdb5174a31fb051e

C:\Windows\system\OCWxiko.exe

MD5 448b1c30aeef79e57280c21c1fbce535
SHA1 4169ee05b8bfb93c30de4dcabee37ee1d1d3afe7
SHA256 5179fc7b804612a6019c0a0968334dd1d2667135523f240c988515a02e5e0359
SHA512 09aa2c81e5def5732fed5dd06342be7f6a85e693e23799c9262198c273133d8e863ea9f522b7a4380ecf7dbfaf5a32fe1fa8e0b95a4bada94baa9cdf95f71e46

C:\Windows\system\TaKMEme.exe

MD5 07354e31142623c2ec1cbf58885bcccc
SHA1 b4fac53d600bd9ada8bc82b7dedff4f895e947c0
SHA256 401318563f782c0118ba63a32a7cea4b575dde1fcb44ef6b7b0e51806b3fa372
SHA512 19cfe9f0990b56cd022ca9ad1168e1a5eaa858ce7ded09ca5d0e1cb2ecef3d2a83f60a1e6ef2d49f0bf9f47c5f74e0e2fee090474655725ed1558ce5d7ca27e7

C:\Windows\system\suKetav.exe

MD5 ac76962e1cbd2e879b7870588e9a502c
SHA1 9de06d3e2fe5a52f6cfbf5d187fb11aa23e19aec
SHA256 1a09db6e653856ebddb724ae334e539367164014268b26e7f9ef89eea4456aca
SHA512 0a6aa8f99fc8ac6a191f7986c70309beae567676a9f9cdf197c716740ca7bc8efaca31aafecd406a219fc6cd9c07911bc110caa4eabad24f945e42d06be6f4bf

C:\Windows\system\ANGXOwe.exe

MD5 14e062650931c81d6a04548371320ee2
SHA1 982e9e66ae7ce40ad4036a86415c4a138620fd8c
SHA256 34d8e2cc54351c85e18f72c2358d5b8d6d0d2c1fcfba8b1d1c156a1a827d16ee
SHA512 5198169591e64927c57c15b57e219f50aa77f3fada04a16645d68b2febfc67769657582d73c1bb534cc74a1c2d1acba47a1c10cef6e5a7fa45674a94866e39a7

memory/1948-19-0x000007FEF5D3E000-0x000007FEF5D3F000-memory.dmp

memory/1948-18-0x0000000002D50000-0x0000000002DD0000-memory.dmp

memory/2528-17-0x000000013F380000-0x000000013F776000-memory.dmp

memory/2528-2871-0x0000000002F70000-0x0000000003366000-memory.dmp

memory/2528-3907-0x00000000035A0000-0x0000000003996000-memory.dmp

memory/2580-5687-0x000000013F380000-0x000000013F776000-memory.dmp

memory/2612-5730-0x000000013F900000-0x000000013FCF6000-memory.dmp

memory/2032-5746-0x000000013FE90000-0x0000000140286000-memory.dmp

memory/2372-5747-0x000000013FEB0000-0x00000001402A6000-memory.dmp

memory/1904-5748-0x000000013F1B0000-0x000000013F5A6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 03:49

Reported

2024-05-27 03:52

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\YlRYQOm.exe N/A
N/A N/A C:\Windows\System\tpmYZiM.exe N/A
N/A N/A C:\Windows\System\vvHAMZM.exe N/A
N/A N/A C:\Windows\System\vkThjNL.exe N/A
N/A N/A C:\Windows\System\EDjxRsq.exe N/A
N/A N/A C:\Windows\System\nPaHZuA.exe N/A
N/A N/A C:\Windows\System\ZSdygqy.exe N/A
N/A N/A C:\Windows\System\ANGXOwe.exe N/A
N/A N/A C:\Windows\System\NEFcjtC.exe N/A
N/A N/A C:\Windows\System\suKetav.exe N/A
N/A N/A C:\Windows\System\kAuNgFO.exe N/A
N/A N/A C:\Windows\System\dBuJxDK.exe N/A
N/A N/A C:\Windows\System\GjJgyRr.exe N/A
N/A N/A C:\Windows\System\TYdmFNp.exe N/A
N/A N/A C:\Windows\System\VeqKvhY.exe N/A
N/A N/A C:\Windows\System\gbhaROp.exe N/A
N/A N/A C:\Windows\System\pdtBauV.exe N/A
N/A N/A C:\Windows\System\VWUpELG.exe N/A
N/A N/A C:\Windows\System\dchyfnP.exe N/A
N/A N/A C:\Windows\System\cwIAvXw.exe N/A
N/A N/A C:\Windows\System\FDTVHjz.exe N/A
N/A N/A C:\Windows\System\PaCcNrq.exe N/A
N/A N/A C:\Windows\System\jQUDhqa.exe N/A
N/A N/A C:\Windows\System\zQhswWN.exe N/A
N/A N/A C:\Windows\System\HhHJmSZ.exe N/A
N/A N/A C:\Windows\System\hZWCPLb.exe N/A
N/A N/A C:\Windows\System\TaKMEme.exe N/A
N/A N/A C:\Windows\System\RwBRmfD.exe N/A
N/A N/A C:\Windows\System\OCWxiko.exe N/A
N/A N/A C:\Windows\System\qJhIasd.exe N/A
N/A N/A C:\Windows\System\jkhWWLw.exe N/A
N/A N/A C:\Windows\System\cOWuyjW.exe N/A
N/A N/A C:\Windows\System\FHQeHiT.exe N/A
N/A N/A C:\Windows\System\fWpCHtQ.exe N/A
N/A N/A C:\Windows\System\gKUfHAm.exe N/A
N/A N/A C:\Windows\System\FSkGDgU.exe N/A
N/A N/A C:\Windows\System\FiIABwL.exe N/A
N/A N/A C:\Windows\System\rejZwIA.exe N/A
N/A N/A C:\Windows\System\rViMQTZ.exe N/A
N/A N/A C:\Windows\System\vKciekM.exe N/A
N/A N/A C:\Windows\System\aEMDVBX.exe N/A
N/A N/A C:\Windows\System\tfkJERp.exe N/A
N/A N/A C:\Windows\System\Nwgmmip.exe N/A
N/A N/A C:\Windows\System\LDHcWgl.exe N/A
N/A N/A C:\Windows\System\ELWBXvn.exe N/A
N/A N/A C:\Windows\System\EkpXiSH.exe N/A
N/A N/A C:\Windows\System\rJBHfli.exe N/A
N/A N/A C:\Windows\System\ZsrLHSm.exe N/A
N/A N/A C:\Windows\System\sjBCXmi.exe N/A
N/A N/A C:\Windows\System\cQEokNb.exe N/A
N/A N/A C:\Windows\System\TPtWpal.exe N/A
N/A N/A C:\Windows\System\FErbgsW.exe N/A
N/A N/A C:\Windows\System\lvOrpCE.exe N/A
N/A N/A C:\Windows\System\KDJbGnU.exe N/A
N/A N/A C:\Windows\System\wodHkPe.exe N/A
N/A N/A C:\Windows\System\iYnEWtx.exe N/A
N/A N/A C:\Windows\System\boTDePg.exe N/A
N/A N/A C:\Windows\System\jPyDdlT.exe N/A
N/A N/A C:\Windows\System\xrdgppD.exe N/A
N/A N/A C:\Windows\System\eumLDpX.exe N/A
N/A N/A C:\Windows\System\IFsWRFO.exe N/A
N/A N/A C:\Windows\System\APZLaEP.exe N/A
N/A N/A C:\Windows\System\fLFniOv.exe N/A
N/A N/A C:\Windows\System\OZTLQWy.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aEcfgKA.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZtoVfiV.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\vACSTLh.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHQeHiT.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\FErbgsW.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\WSfYKpj.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\wHdHCqd.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\SLtLWfI.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKciekM.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJTUwpZ.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgttQal.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\OZTLQWy.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\ueAIRgG.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYmFkop.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\asZazsX.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\xPecoAO.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRKMAwF.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\uyInvXa.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\eumLDpX.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\fKOfkFK.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmfVcuh.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwzNEzL.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\MhbnqKJ.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\pomkiEM.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\YORBzAi.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\UsqdXGb.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\PaCcNrq.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\NkKuzbh.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsgoBIW.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRNTTYx.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjvWBiR.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\CgPYBSQ.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwLzOof.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\XWZCIvu.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVuWuUm.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZWCPLb.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\tfkJERp.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLomKYr.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAnqCIW.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjAsVeT.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\yssQKLb.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSbFjbd.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\KKJZPIK.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUfdmrJ.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\bevaBeJ.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\iGnmauc.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\icFKDpK.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\PJClJlc.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\oqBOxAY.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\lcgJfbJ.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\mMFLADa.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\pggCkDy.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHUDHfK.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuadkiS.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\nIOBLeg.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\QfAJyEi.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\GUpHROE.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\yVmbEKf.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\ofvRdUw.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIgGcqY.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\xyxmeEc.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\WtsQjPy.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\WvZcqaC.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZmGgQlo.exe C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2156 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2156 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2156 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\YlRYQOm.exe
PID 2156 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\YlRYQOm.exe
PID 2156 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\tpmYZiM.exe
PID 2156 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\tpmYZiM.exe
PID 2156 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vvHAMZM.exe
PID 2156 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vvHAMZM.exe
PID 2156 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vkThjNL.exe
PID 2156 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\vkThjNL.exe
PID 2156 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\EDjxRsq.exe
PID 2156 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\EDjxRsq.exe
PID 2156 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ZSdygqy.exe
PID 2156 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ZSdygqy.exe
PID 2156 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\nPaHZuA.exe
PID 2156 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\nPaHZuA.exe
PID 2156 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ANGXOwe.exe
PID 2156 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\ANGXOwe.exe
PID 2156 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\NEFcjtC.exe
PID 2156 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\NEFcjtC.exe
PID 2156 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\suKetav.exe
PID 2156 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\suKetav.exe
PID 2156 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\kAuNgFO.exe
PID 2156 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\kAuNgFO.exe
PID 2156 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dBuJxDK.exe
PID 2156 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dBuJxDK.exe
PID 2156 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\GjJgyRr.exe
PID 2156 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\GjJgyRr.exe
PID 2156 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\TYdmFNp.exe
PID 2156 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\TYdmFNp.exe
PID 2156 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VeqKvhY.exe
PID 2156 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VeqKvhY.exe
PID 2156 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\gbhaROp.exe
PID 2156 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\gbhaROp.exe
PID 2156 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dchyfnP.exe
PID 2156 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\dchyfnP.exe
PID 2156 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\pdtBauV.exe
PID 2156 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\pdtBauV.exe
PID 2156 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VWUpELG.exe
PID 2156 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\VWUpELG.exe
PID 2156 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\cwIAvXw.exe
PID 2156 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\cwIAvXw.exe
PID 2156 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\FDTVHjz.exe
PID 2156 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\FDTVHjz.exe
PID 2156 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\PaCcNrq.exe
PID 2156 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\PaCcNrq.exe
PID 2156 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\jQUDhqa.exe
PID 2156 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\jQUDhqa.exe
PID 2156 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\zQhswWN.exe
PID 2156 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\zQhswWN.exe
PID 2156 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\HhHJmSZ.exe
PID 2156 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\HhHJmSZ.exe
PID 2156 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\hZWCPLb.exe
PID 2156 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\hZWCPLb.exe
PID 2156 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\TaKMEme.exe
PID 2156 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\TaKMEme.exe
PID 2156 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\RwBRmfD.exe
PID 2156 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\RwBRmfD.exe
PID 2156 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\OCWxiko.exe
PID 2156 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\OCWxiko.exe
PID 2156 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\qJhIasd.exe
PID 2156 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\qJhIasd.exe
PID 2156 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\jkhWWLw.exe
PID 2156 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe C:\Windows\System\jkhWWLw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1d890b8e9febe4fa0b35bfc2a8dc6980_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\YlRYQOm.exe

C:\Windows\System\YlRYQOm.exe

C:\Windows\System\tpmYZiM.exe

C:\Windows\System\tpmYZiM.exe

C:\Windows\System\vvHAMZM.exe

C:\Windows\System\vvHAMZM.exe

C:\Windows\System\vkThjNL.exe

C:\Windows\System\vkThjNL.exe

C:\Windows\System\EDjxRsq.exe

C:\Windows\System\EDjxRsq.exe

C:\Windows\System\ZSdygqy.exe

C:\Windows\System\ZSdygqy.exe

C:\Windows\System\nPaHZuA.exe

C:\Windows\System\nPaHZuA.exe

C:\Windows\System\ANGXOwe.exe

C:\Windows\System\ANGXOwe.exe

C:\Windows\System\NEFcjtC.exe

C:\Windows\System\NEFcjtC.exe

C:\Windows\System\suKetav.exe

C:\Windows\System\suKetav.exe

C:\Windows\System\kAuNgFO.exe

C:\Windows\System\kAuNgFO.exe

C:\Windows\System\dBuJxDK.exe

C:\Windows\System\dBuJxDK.exe

C:\Windows\System\GjJgyRr.exe

C:\Windows\System\GjJgyRr.exe

C:\Windows\System\TYdmFNp.exe

C:\Windows\System\TYdmFNp.exe

C:\Windows\System\VeqKvhY.exe

C:\Windows\System\VeqKvhY.exe

C:\Windows\System\gbhaROp.exe

C:\Windows\System\gbhaROp.exe

C:\Windows\System\dchyfnP.exe

C:\Windows\System\dchyfnP.exe

C:\Windows\System\pdtBauV.exe

C:\Windows\System\pdtBauV.exe

C:\Windows\System\VWUpELG.exe

C:\Windows\System\VWUpELG.exe

C:\Windows\System\cwIAvXw.exe

C:\Windows\System\cwIAvXw.exe

C:\Windows\System\FDTVHjz.exe

C:\Windows\System\FDTVHjz.exe

C:\Windows\System\PaCcNrq.exe

C:\Windows\System\PaCcNrq.exe

C:\Windows\System\jQUDhqa.exe

C:\Windows\System\jQUDhqa.exe

C:\Windows\System\zQhswWN.exe

C:\Windows\System\zQhswWN.exe

C:\Windows\System\HhHJmSZ.exe

C:\Windows\System\HhHJmSZ.exe

C:\Windows\System\hZWCPLb.exe

C:\Windows\System\hZWCPLb.exe

C:\Windows\System\TaKMEme.exe

C:\Windows\System\TaKMEme.exe

C:\Windows\System\RwBRmfD.exe

C:\Windows\System\RwBRmfD.exe

C:\Windows\System\OCWxiko.exe

C:\Windows\System\OCWxiko.exe

C:\Windows\System\qJhIasd.exe

C:\Windows\System\qJhIasd.exe

C:\Windows\System\jkhWWLw.exe

C:\Windows\System\jkhWWLw.exe

C:\Windows\System\cOWuyjW.exe

C:\Windows\System\cOWuyjW.exe

C:\Windows\System\FHQeHiT.exe

C:\Windows\System\FHQeHiT.exe

C:\Windows\System\fWpCHtQ.exe

C:\Windows\System\fWpCHtQ.exe

C:\Windows\System\rViMQTZ.exe

C:\Windows\System\rViMQTZ.exe

C:\Windows\System\gKUfHAm.exe

C:\Windows\System\gKUfHAm.exe

C:\Windows\System\FSkGDgU.exe

C:\Windows\System\FSkGDgU.exe

C:\Windows\System\FiIABwL.exe

C:\Windows\System\FiIABwL.exe

C:\Windows\System\rejZwIA.exe

C:\Windows\System\rejZwIA.exe

C:\Windows\System\vKciekM.exe

C:\Windows\System\vKciekM.exe

C:\Windows\System\aEMDVBX.exe

C:\Windows\System\aEMDVBX.exe

C:\Windows\System\tfkJERp.exe

C:\Windows\System\tfkJERp.exe

C:\Windows\System\Nwgmmip.exe

C:\Windows\System\Nwgmmip.exe

C:\Windows\System\LDHcWgl.exe

C:\Windows\System\LDHcWgl.exe

C:\Windows\System\ELWBXvn.exe

C:\Windows\System\ELWBXvn.exe

C:\Windows\System\EkpXiSH.exe

C:\Windows\System\EkpXiSH.exe

C:\Windows\System\rJBHfli.exe

C:\Windows\System\rJBHfli.exe

C:\Windows\System\ZsrLHSm.exe

C:\Windows\System\ZsrLHSm.exe

C:\Windows\System\sjBCXmi.exe

C:\Windows\System\sjBCXmi.exe

C:\Windows\System\cQEokNb.exe

C:\Windows\System\cQEokNb.exe

C:\Windows\System\TPtWpal.exe

C:\Windows\System\TPtWpal.exe

C:\Windows\System\FErbgsW.exe

C:\Windows\System\FErbgsW.exe

C:\Windows\System\lvOrpCE.exe

C:\Windows\System\lvOrpCE.exe

C:\Windows\System\KDJbGnU.exe

C:\Windows\System\KDJbGnU.exe

C:\Windows\System\wodHkPe.exe

C:\Windows\System\wodHkPe.exe

C:\Windows\System\iYnEWtx.exe

C:\Windows\System\iYnEWtx.exe

C:\Windows\System\boTDePg.exe

C:\Windows\System\boTDePg.exe

C:\Windows\System\jPyDdlT.exe

C:\Windows\System\jPyDdlT.exe

C:\Windows\System\xrdgppD.exe

C:\Windows\System\xrdgppD.exe

C:\Windows\System\eumLDpX.exe

C:\Windows\System\eumLDpX.exe

C:\Windows\System\IFsWRFO.exe

C:\Windows\System\IFsWRFO.exe

C:\Windows\System\APZLaEP.exe

C:\Windows\System\APZLaEP.exe

C:\Windows\System\fLFniOv.exe

C:\Windows\System\fLFniOv.exe

C:\Windows\System\OZTLQWy.exe

C:\Windows\System\OZTLQWy.exe

C:\Windows\System\IUasVjP.exe

C:\Windows\System\IUasVjP.exe

C:\Windows\System\wouXtok.exe

C:\Windows\System\wouXtok.exe

C:\Windows\System\mojyIda.exe

C:\Windows\System\mojyIda.exe

C:\Windows\System\nPXEwoN.exe

C:\Windows\System\nPXEwoN.exe

C:\Windows\System\MdPJXvu.exe

C:\Windows\System\MdPJXvu.exe

C:\Windows\System\fMypwfX.exe

C:\Windows\System\fMypwfX.exe

C:\Windows\System\QMzCUnn.exe

C:\Windows\System\QMzCUnn.exe

C:\Windows\System\KcbxhiN.exe

C:\Windows\System\KcbxhiN.exe

C:\Windows\System\ejjyaEE.exe

C:\Windows\System\ejjyaEE.exe

C:\Windows\System\BuTeGes.exe

C:\Windows\System\BuTeGes.exe

C:\Windows\System\MRwLafz.exe

C:\Windows\System\MRwLafz.exe

C:\Windows\System\XbdFLKH.exe

C:\Windows\System\XbdFLKH.exe

C:\Windows\System\wtSMNgo.exe

C:\Windows\System\wtSMNgo.exe

C:\Windows\System\QodamhF.exe

C:\Windows\System\QodamhF.exe

C:\Windows\System\QBNhLZO.exe

C:\Windows\System\QBNhLZO.exe

C:\Windows\System\kkePMYx.exe

C:\Windows\System\kkePMYx.exe

C:\Windows\System\YzCXjrZ.exe

C:\Windows\System\YzCXjrZ.exe

C:\Windows\System\LrJfGlW.exe

C:\Windows\System\LrJfGlW.exe

C:\Windows\System\SECUWub.exe

C:\Windows\System\SECUWub.exe

C:\Windows\System\FFPVtis.exe

C:\Windows\System\FFPVtis.exe

C:\Windows\System\fKOfkFK.exe

C:\Windows\System\fKOfkFK.exe

C:\Windows\System\oMyoUOP.exe

C:\Windows\System\oMyoUOP.exe

C:\Windows\System\kxhXJuu.exe

C:\Windows\System\kxhXJuu.exe

C:\Windows\System\wyyZblx.exe

C:\Windows\System\wyyZblx.exe

C:\Windows\System\blCsWEF.exe

C:\Windows\System\blCsWEF.exe

C:\Windows\System\WldOhhy.exe

C:\Windows\System\WldOhhy.exe

C:\Windows\System\mzFzrSZ.exe

C:\Windows\System\mzFzrSZ.exe

C:\Windows\System\KXMujJh.exe

C:\Windows\System\KXMujJh.exe

C:\Windows\System\bPMfJUe.exe

C:\Windows\System\bPMfJUe.exe

C:\Windows\System\DrSxbgr.exe

C:\Windows\System\DrSxbgr.exe

C:\Windows\System\ZugEpWW.exe

C:\Windows\System\ZugEpWW.exe

C:\Windows\System\ZJTUwpZ.exe

C:\Windows\System\ZJTUwpZ.exe

C:\Windows\System\RojZNuD.exe

C:\Windows\System\RojZNuD.exe

C:\Windows\System\mswNlLH.exe

C:\Windows\System\mswNlLH.exe

C:\Windows\System\QpYaKvq.exe

C:\Windows\System\QpYaKvq.exe

C:\Windows\System\IQeQYRf.exe

C:\Windows\System\IQeQYRf.exe

C:\Windows\System\XZpYAUG.exe

C:\Windows\System\XZpYAUG.exe

C:\Windows\System\iiWNlHG.exe

C:\Windows\System\iiWNlHG.exe

C:\Windows\System\ujwIenj.exe

C:\Windows\System\ujwIenj.exe

C:\Windows\System\VkPIyms.exe

C:\Windows\System\VkPIyms.exe

C:\Windows\System\YeOqDhC.exe

C:\Windows\System\YeOqDhC.exe

C:\Windows\System\QEGWsUc.exe

C:\Windows\System\QEGWsUc.exe

C:\Windows\System\fjfmwaD.exe

C:\Windows\System\fjfmwaD.exe

C:\Windows\System\CNRlpMb.exe

C:\Windows\System\CNRlpMb.exe

C:\Windows\System\KAqBXig.exe

C:\Windows\System\KAqBXig.exe

C:\Windows\System\WYMgiHs.exe

C:\Windows\System\WYMgiHs.exe

C:\Windows\System\KJqcrBv.exe

C:\Windows\System\KJqcrBv.exe

C:\Windows\System\CzZJpak.exe

C:\Windows\System\CzZJpak.exe

C:\Windows\System\XYMdwBP.exe

C:\Windows\System\XYMdwBP.exe

C:\Windows\System\jRctxUP.exe

C:\Windows\System\jRctxUP.exe

C:\Windows\System\VMllsFC.exe

C:\Windows\System\VMllsFC.exe

C:\Windows\System\xXTrvaF.exe

C:\Windows\System\xXTrvaF.exe

C:\Windows\System\QczaJaR.exe

C:\Windows\System\QczaJaR.exe

C:\Windows\System\aDrVxZo.exe

C:\Windows\System\aDrVxZo.exe

C:\Windows\System\KSuXqpy.exe

C:\Windows\System\KSuXqpy.exe

C:\Windows\System\HdfIaAl.exe

C:\Windows\System\HdfIaAl.exe

C:\Windows\System\AYWALqJ.exe

C:\Windows\System\AYWALqJ.exe

C:\Windows\System\OEClONU.exe

C:\Windows\System\OEClONU.exe

C:\Windows\System\LZCcAHo.exe

C:\Windows\System\LZCcAHo.exe

C:\Windows\System\xRCBrNG.exe

C:\Windows\System\xRCBrNG.exe

C:\Windows\System\SUZUhFQ.exe

C:\Windows\System\SUZUhFQ.exe

C:\Windows\System\qAxFSZK.exe

C:\Windows\System\qAxFSZK.exe

C:\Windows\System\pomkiEM.exe

C:\Windows\System\pomkiEM.exe

C:\Windows\System\OhxjtCU.exe

C:\Windows\System\OhxjtCU.exe

C:\Windows\System\IHjiLLa.exe

C:\Windows\System\IHjiLLa.exe

C:\Windows\System\TpItEiD.exe

C:\Windows\System\TpItEiD.exe

C:\Windows\System\zcsvOmn.exe

C:\Windows\System\zcsvOmn.exe

C:\Windows\System\aXzEbEg.exe

C:\Windows\System\aXzEbEg.exe

C:\Windows\System\gipofBx.exe

C:\Windows\System\gipofBx.exe

C:\Windows\System\DuplItx.exe

C:\Windows\System\DuplItx.exe

C:\Windows\System\AgvJBjz.exe

C:\Windows\System\AgvJBjz.exe

C:\Windows\System\slNnrcE.exe

C:\Windows\System\slNnrcE.exe

C:\Windows\System\xyxmeEc.exe

C:\Windows\System\xyxmeEc.exe

C:\Windows\System\LseSGmo.exe

C:\Windows\System\LseSGmo.exe

C:\Windows\System\klopbxH.exe

C:\Windows\System\klopbxH.exe

C:\Windows\System\zmryVjh.exe

C:\Windows\System\zmryVjh.exe

C:\Windows\System\PRNTTYx.exe

C:\Windows\System\PRNTTYx.exe

C:\Windows\System\DJMTwUv.exe

C:\Windows\System\DJMTwUv.exe

C:\Windows\System\GfkcMsF.exe

C:\Windows\System\GfkcMsF.exe

C:\Windows\System\sstPmqg.exe

C:\Windows\System\sstPmqg.exe

C:\Windows\System\OmfVcuh.exe

C:\Windows\System\OmfVcuh.exe

C:\Windows\System\ueAIRgG.exe

C:\Windows\System\ueAIRgG.exe

C:\Windows\System\EEWCnZH.exe

C:\Windows\System\EEWCnZH.exe

C:\Windows\System\kmszNDq.exe

C:\Windows\System\kmszNDq.exe

C:\Windows\System\pEHIrwZ.exe

C:\Windows\System\pEHIrwZ.exe

C:\Windows\System\vKhcfHe.exe

C:\Windows\System\vKhcfHe.exe

C:\Windows\System\PrTkSBL.exe

C:\Windows\System\PrTkSBL.exe

C:\Windows\System\xecpEod.exe

C:\Windows\System\xecpEod.exe

C:\Windows\System\WlgBCEX.exe

C:\Windows\System\WlgBCEX.exe

C:\Windows\System\MflddAs.exe

C:\Windows\System\MflddAs.exe

C:\Windows\System\rWSRkin.exe

C:\Windows\System\rWSRkin.exe

C:\Windows\System\yXvsqiE.exe

C:\Windows\System\yXvsqiE.exe

C:\Windows\System\xdARykE.exe

C:\Windows\System\xdARykE.exe

C:\Windows\System\aoCAtiP.exe

C:\Windows\System\aoCAtiP.exe

C:\Windows\System\qgbMRjN.exe

C:\Windows\System\qgbMRjN.exe

C:\Windows\System\bCxiAfZ.exe

C:\Windows\System\bCxiAfZ.exe

C:\Windows\System\ohimnxV.exe

C:\Windows\System\ohimnxV.exe

C:\Windows\System\WcUXKRa.exe

C:\Windows\System\WcUXKRa.exe

C:\Windows\System\ELMfqQw.exe

C:\Windows\System\ELMfqQw.exe

C:\Windows\System\axIXzJJ.exe

C:\Windows\System\axIXzJJ.exe

C:\Windows\System\RbvJcFb.exe

C:\Windows\System\RbvJcFb.exe

C:\Windows\System\WSfYKpj.exe

C:\Windows\System\WSfYKpj.exe

C:\Windows\System\nEgskPI.exe

C:\Windows\System\nEgskPI.exe

C:\Windows\System\LZsttpO.exe

C:\Windows\System\LZsttpO.exe

C:\Windows\System\RhPiZrf.exe

C:\Windows\System\RhPiZrf.exe

C:\Windows\System\cHCHTOa.exe

C:\Windows\System\cHCHTOa.exe

C:\Windows\System\GATFEWK.exe

C:\Windows\System\GATFEWK.exe

C:\Windows\System\MoTKKCV.exe

C:\Windows\System\MoTKKCV.exe

C:\Windows\System\lrULilR.exe

C:\Windows\System\lrULilR.exe

C:\Windows\System\DJwmmXv.exe

C:\Windows\System\DJwmmXv.exe

C:\Windows\System\rOTZYqV.exe

C:\Windows\System\rOTZYqV.exe

C:\Windows\System\AEcPLWV.exe

C:\Windows\System\AEcPLWV.exe

C:\Windows\System\YBHJRCZ.exe

C:\Windows\System\YBHJRCZ.exe

C:\Windows\System\VsxeBLr.exe

C:\Windows\System\VsxeBLr.exe

C:\Windows\System\PLomKYr.exe

C:\Windows\System\PLomKYr.exe

C:\Windows\System\DyDoPzS.exe

C:\Windows\System\DyDoPzS.exe

C:\Windows\System\VrFtAXu.exe

C:\Windows\System\VrFtAXu.exe

C:\Windows\System\cXcYVpl.exe

C:\Windows\System\cXcYVpl.exe

C:\Windows\System\HYjMBtF.exe

C:\Windows\System\HYjMBtF.exe

C:\Windows\System\tksMNwI.exe

C:\Windows\System\tksMNwI.exe

C:\Windows\System\YAEBaDH.exe

C:\Windows\System\YAEBaDH.exe

C:\Windows\System\iGnmauc.exe

C:\Windows\System\iGnmauc.exe

C:\Windows\System\OxbgMFs.exe

C:\Windows\System\OxbgMFs.exe

C:\Windows\System\KFoQrGq.exe

C:\Windows\System\KFoQrGq.exe

C:\Windows\System\ABEpQhB.exe

C:\Windows\System\ABEpQhB.exe

C:\Windows\System\bSFEKAK.exe

C:\Windows\System\bSFEKAK.exe

C:\Windows\System\ZAnqCIW.exe

C:\Windows\System\ZAnqCIW.exe

C:\Windows\System\GjvWBiR.exe

C:\Windows\System\GjvWBiR.exe

C:\Windows\System\lXYlFNH.exe

C:\Windows\System\lXYlFNH.exe

C:\Windows\System\LBcGaJq.exe

C:\Windows\System\LBcGaJq.exe

C:\Windows\System\YpzYoKZ.exe

C:\Windows\System\YpzYoKZ.exe

C:\Windows\System\XebRGft.exe

C:\Windows\System\XebRGft.exe

C:\Windows\System\IkALDMQ.exe

C:\Windows\System\IkALDMQ.exe

C:\Windows\System\KMtPJGx.exe

C:\Windows\System\KMtPJGx.exe

C:\Windows\System\LZrqGoM.exe

C:\Windows\System\LZrqGoM.exe

C:\Windows\System\mMFLADa.exe

C:\Windows\System\mMFLADa.exe

C:\Windows\System\nJGnbTa.exe

C:\Windows\System\nJGnbTa.exe

C:\Windows\System\VpeQALs.exe

C:\Windows\System\VpeQALs.exe

C:\Windows\System\FvhGPbP.exe

C:\Windows\System\FvhGPbP.exe

C:\Windows\System\SgttQal.exe

C:\Windows\System\SgttQal.exe

C:\Windows\System\mLOdobB.exe

C:\Windows\System\mLOdobB.exe

C:\Windows\System\CKfhKcv.exe

C:\Windows\System\CKfhKcv.exe

C:\Windows\System\zafIFkm.exe

C:\Windows\System\zafIFkm.exe

C:\Windows\System\wqxuDEA.exe

C:\Windows\System\wqxuDEA.exe

C:\Windows\System\myccdKa.exe

C:\Windows\System\myccdKa.exe

C:\Windows\System\hwXoCXi.exe

C:\Windows\System\hwXoCXi.exe

C:\Windows\System\qlDrWRg.exe

C:\Windows\System\qlDrWRg.exe

C:\Windows\System\SnWeJam.exe

C:\Windows\System\SnWeJam.exe

C:\Windows\System\QcmkRzs.exe

C:\Windows\System\QcmkRzs.exe

C:\Windows\System\pIQuvOi.exe

C:\Windows\System\pIQuvOi.exe

C:\Windows\System\OVsxTbL.exe

C:\Windows\System\OVsxTbL.exe

C:\Windows\System\nfQsEvo.exe

C:\Windows\System\nfQsEvo.exe

C:\Windows\System\LxODPnq.exe

C:\Windows\System\LxODPnq.exe

C:\Windows\System\qTDbIii.exe

C:\Windows\System\qTDbIii.exe

C:\Windows\System\EzhdMaN.exe

C:\Windows\System\EzhdMaN.exe

C:\Windows\System\ROyMgRt.exe

C:\Windows\System\ROyMgRt.exe

C:\Windows\System\wJFyqlZ.exe

C:\Windows\System\wJFyqlZ.exe

C:\Windows\System\EmqjIWU.exe

C:\Windows\System\EmqjIWU.exe

C:\Windows\System\FnykJCC.exe

C:\Windows\System\FnykJCC.exe

C:\Windows\System\qRETzBc.exe

C:\Windows\System\qRETzBc.exe

C:\Windows\System\FjgPZed.exe

C:\Windows\System\FjgPZed.exe

C:\Windows\System\CzubtgR.exe

C:\Windows\System\CzubtgR.exe

C:\Windows\System\uopjFAN.exe

C:\Windows\System\uopjFAN.exe

C:\Windows\System\KulKSXd.exe

C:\Windows\System\KulKSXd.exe

C:\Windows\System\QiTpfiH.exe

C:\Windows\System\QiTpfiH.exe

C:\Windows\System\YORBzAi.exe

C:\Windows\System\YORBzAi.exe

C:\Windows\System\bRUBMmb.exe

C:\Windows\System\bRUBMmb.exe

C:\Windows\System\qvbpLPJ.exe

C:\Windows\System\qvbpLPJ.exe

C:\Windows\System\gdMzcTS.exe

C:\Windows\System\gdMzcTS.exe

C:\Windows\System\RZjTFFM.exe

C:\Windows\System\RZjTFFM.exe

C:\Windows\System\dKhEzqL.exe

C:\Windows\System\dKhEzqL.exe

C:\Windows\System\oHFtfSu.exe

C:\Windows\System\oHFtfSu.exe

C:\Windows\System\JwYFIpl.exe

C:\Windows\System\JwYFIpl.exe

C:\Windows\System\vuvBKQI.exe

C:\Windows\System\vuvBKQI.exe

C:\Windows\System\TCsUCqU.exe

C:\Windows\System\TCsUCqU.exe

C:\Windows\System\zjFPWrP.exe

C:\Windows\System\zjFPWrP.exe

C:\Windows\System\wHdHCqd.exe

C:\Windows\System\wHdHCqd.exe

C:\Windows\System\FVXREye.exe

C:\Windows\System\FVXREye.exe

C:\Windows\System\VUvPGQP.exe

C:\Windows\System\VUvPGQP.exe

C:\Windows\System\dKuJnRo.exe

C:\Windows\System\dKuJnRo.exe

C:\Windows\System\SgwvtnH.exe

C:\Windows\System\SgwvtnH.exe

C:\Windows\System\dnVdBDQ.exe

C:\Windows\System\dnVdBDQ.exe

C:\Windows\System\nOYLIPh.exe

C:\Windows\System\nOYLIPh.exe

C:\Windows\System\DxrOung.exe

C:\Windows\System\DxrOung.exe

C:\Windows\System\zwWYBnX.exe

C:\Windows\System\zwWYBnX.exe

C:\Windows\System\TLFBAeI.exe

C:\Windows\System\TLFBAeI.exe

C:\Windows\System\pQjegsb.exe

C:\Windows\System\pQjegsb.exe

C:\Windows\System\CgPYBSQ.exe

C:\Windows\System\CgPYBSQ.exe

C:\Windows\System\DFEiJGb.exe

C:\Windows\System\DFEiJGb.exe

C:\Windows\System\GspZzBQ.exe

C:\Windows\System\GspZzBQ.exe

C:\Windows\System\LVnWaOK.exe

C:\Windows\System\LVnWaOK.exe

C:\Windows\System\fgAkvqK.exe

C:\Windows\System\fgAkvqK.exe

C:\Windows\System\yqABUhC.exe

C:\Windows\System\yqABUhC.exe

C:\Windows\System\siNWifY.exe

C:\Windows\System\siNWifY.exe

C:\Windows\System\uYXXwjW.exe

C:\Windows\System\uYXXwjW.exe

C:\Windows\System\rZGvdgw.exe

C:\Windows\System\rZGvdgw.exe

C:\Windows\System\CEFUVaW.exe

C:\Windows\System\CEFUVaW.exe

C:\Windows\System\MuoBXYG.exe

C:\Windows\System\MuoBXYG.exe

C:\Windows\System\EiPPvwQ.exe

C:\Windows\System\EiPPvwQ.exe

C:\Windows\System\eFWaDpZ.exe

C:\Windows\System\eFWaDpZ.exe

C:\Windows\System\PszAUIG.exe

C:\Windows\System\PszAUIG.exe

C:\Windows\System\IfshNjI.exe

C:\Windows\System\IfshNjI.exe

C:\Windows\System\yPkClBn.exe

C:\Windows\System\yPkClBn.exe

C:\Windows\System\AzScrfC.exe

C:\Windows\System\AzScrfC.exe

C:\Windows\System\ibFKjKV.exe

C:\Windows\System\ibFKjKV.exe

C:\Windows\System\qfKhZHN.exe

C:\Windows\System\qfKhZHN.exe

C:\Windows\System\qwxCfPQ.exe

C:\Windows\System\qwxCfPQ.exe

C:\Windows\System\iGDkqea.exe

C:\Windows\System\iGDkqea.exe

C:\Windows\System\ptocPJd.exe

C:\Windows\System\ptocPJd.exe

C:\Windows\System\FspfibN.exe

C:\Windows\System\FspfibN.exe

C:\Windows\System\hReLTIn.exe

C:\Windows\System\hReLTIn.exe

C:\Windows\System\DBfCOfv.exe

C:\Windows\System\DBfCOfv.exe

C:\Windows\System\XObQJFK.exe

C:\Windows\System\XObQJFK.exe

C:\Windows\System\VWTNELk.exe

C:\Windows\System\VWTNELk.exe

C:\Windows\System\yjAsVeT.exe

C:\Windows\System\yjAsVeT.exe

C:\Windows\System\uTqyrbL.exe

C:\Windows\System\uTqyrbL.exe

C:\Windows\System\nREaIvb.exe

C:\Windows\System\nREaIvb.exe

C:\Windows\System\xlKAeNo.exe

C:\Windows\System\xlKAeNo.exe

C:\Windows\System\OrBxbaf.exe

C:\Windows\System\OrBxbaf.exe

C:\Windows\System\OiMBgCM.exe

C:\Windows\System\OiMBgCM.exe

C:\Windows\System\vscGJRm.exe

C:\Windows\System\vscGJRm.exe

C:\Windows\System\RgWUnoX.exe

C:\Windows\System\RgWUnoX.exe

C:\Windows\System\TSkqeHF.exe

C:\Windows\System\TSkqeHF.exe

C:\Windows\System\ODpXdbz.exe

C:\Windows\System\ODpXdbz.exe

C:\Windows\System\YkLJgJK.exe

C:\Windows\System\YkLJgJK.exe

C:\Windows\System\XbeHvGX.exe

C:\Windows\System\XbeHvGX.exe

C:\Windows\System\cCwmGFK.exe

C:\Windows\System\cCwmGFK.exe

C:\Windows\System\eciHmHj.exe

C:\Windows\System\eciHmHj.exe

C:\Windows\System\YIpwwic.exe

C:\Windows\System\YIpwwic.exe

C:\Windows\System\KiZuxiG.exe

C:\Windows\System\KiZuxiG.exe

C:\Windows\System\WijHQbr.exe

C:\Windows\System\WijHQbr.exe

C:\Windows\System\mDfcTlX.exe

C:\Windows\System\mDfcTlX.exe

C:\Windows\System\icFKDpK.exe

C:\Windows\System\icFKDpK.exe

C:\Windows\System\WgqutrR.exe

C:\Windows\System\WgqutrR.exe

C:\Windows\System\NXtyMrt.exe

C:\Windows\System\NXtyMrt.exe

C:\Windows\System\PJClJlc.exe

C:\Windows\System\PJClJlc.exe

C:\Windows\System\iTNCEMZ.exe

C:\Windows\System\iTNCEMZ.exe

C:\Windows\System\hLxBIcW.exe

C:\Windows\System\hLxBIcW.exe

C:\Windows\System\JbUEkgV.exe

C:\Windows\System\JbUEkgV.exe

C:\Windows\System\PQUbRvr.exe

C:\Windows\System\PQUbRvr.exe

C:\Windows\System\iIbyxvj.exe

C:\Windows\System\iIbyxvj.exe

C:\Windows\System\tkcQVuO.exe

C:\Windows\System\tkcQVuO.exe

C:\Windows\System\kaZDhPe.exe

C:\Windows\System\kaZDhPe.exe

C:\Windows\System\RNFwMdU.exe

C:\Windows\System\RNFwMdU.exe

C:\Windows\System\wXtTRUD.exe

C:\Windows\System\wXtTRUD.exe

C:\Windows\System\JvaWHbR.exe

C:\Windows\System\JvaWHbR.exe

C:\Windows\System\pggCkDy.exe

C:\Windows\System\pggCkDy.exe

C:\Windows\System\yssQKLb.exe

C:\Windows\System\yssQKLb.exe

C:\Windows\System\kkEXIRt.exe

C:\Windows\System\kkEXIRt.exe

C:\Windows\System\VGZMVzb.exe

C:\Windows\System\VGZMVzb.exe

C:\Windows\System\BMcfKyH.exe

C:\Windows\System\BMcfKyH.exe

C:\Windows\System\ZYNxfEg.exe

C:\Windows\System\ZYNxfEg.exe

C:\Windows\System\zrltJyQ.exe

C:\Windows\System\zrltJyQ.exe

C:\Windows\System\kyAKkII.exe

C:\Windows\System\kyAKkII.exe

C:\Windows\System\lqDqceY.exe

C:\Windows\System\lqDqceY.exe

C:\Windows\System\dOKiEvr.exe

C:\Windows\System\dOKiEvr.exe

C:\Windows\System\FWcmLXO.exe

C:\Windows\System\FWcmLXO.exe

C:\Windows\System\xGzqRVC.exe

C:\Windows\System\xGzqRVC.exe

C:\Windows\System\oiVWWPm.exe

C:\Windows\System\oiVWWPm.exe

C:\Windows\System\mJxKJLV.exe

C:\Windows\System\mJxKJLV.exe

C:\Windows\System\EnAZhNE.exe

C:\Windows\System\EnAZhNE.exe

C:\Windows\System\JVWNhRR.exe

C:\Windows\System\JVWNhRR.exe

C:\Windows\System\cfqaBCF.exe

C:\Windows\System\cfqaBCF.exe

C:\Windows\System\upptgEu.exe

C:\Windows\System\upptgEu.exe

C:\Windows\System\vwLzOof.exe

C:\Windows\System\vwLzOof.exe

C:\Windows\System\YwseVAj.exe

C:\Windows\System\YwseVAj.exe

C:\Windows\System\klkiNvC.exe

C:\Windows\System\klkiNvC.exe

C:\Windows\System\cSbFjbd.exe

C:\Windows\System\cSbFjbd.exe

C:\Windows\System\zdlbIuN.exe

C:\Windows\System\zdlbIuN.exe

C:\Windows\System\iMAGBUQ.exe

C:\Windows\System\iMAGBUQ.exe

C:\Windows\System\QjnYdwQ.exe

C:\Windows\System\QjnYdwQ.exe

C:\Windows\System\nYmFkop.exe

C:\Windows\System\nYmFkop.exe

C:\Windows\System\rRfZmFK.exe

C:\Windows\System\rRfZmFK.exe

C:\Windows\System\pvQRVew.exe

C:\Windows\System\pvQRVew.exe

C:\Windows\System\wzaekMT.exe

C:\Windows\System\wzaekMT.exe

C:\Windows\System\OHUDHfK.exe

C:\Windows\System\OHUDHfK.exe

C:\Windows\System\oqBOxAY.exe

C:\Windows\System\oqBOxAY.exe

C:\Windows\System\cVmNFfL.exe

C:\Windows\System\cVmNFfL.exe

C:\Windows\System\WtsQjPy.exe

C:\Windows\System\WtsQjPy.exe

C:\Windows\System\pldgcua.exe

C:\Windows\System\pldgcua.exe

C:\Windows\System\uCKWGai.exe

C:\Windows\System\uCKWGai.exe

C:\Windows\System\VxjNWMR.exe

C:\Windows\System\VxjNWMR.exe

C:\Windows\System\csDsgPQ.exe

C:\Windows\System\csDsgPQ.exe

C:\Windows\System\OiGuEpE.exe

C:\Windows\System\OiGuEpE.exe

C:\Windows\System\LtYtmSr.exe

C:\Windows\System\LtYtmSr.exe

C:\Windows\System\kuZGrpn.exe

C:\Windows\System\kuZGrpn.exe

C:\Windows\System\olCJUrt.exe

C:\Windows\System\olCJUrt.exe

C:\Windows\System\qKMWpNJ.exe

C:\Windows\System\qKMWpNJ.exe

C:\Windows\System\DScNgSx.exe

C:\Windows\System\DScNgSx.exe

C:\Windows\System\BeAWXlZ.exe

C:\Windows\System\BeAWXlZ.exe

C:\Windows\System\WvZcqaC.exe

C:\Windows\System\WvZcqaC.exe

C:\Windows\System\UJvYfli.exe

C:\Windows\System\UJvYfli.exe

C:\Windows\System\oDpqwDz.exe

C:\Windows\System\oDpqwDz.exe

C:\Windows\System\RyWUQas.exe

C:\Windows\System\RyWUQas.exe

C:\Windows\System\LjrPURl.exe

C:\Windows\System\LjrPURl.exe

C:\Windows\System\mSBqCEg.exe

C:\Windows\System\mSBqCEg.exe

C:\Windows\System\SnlRrBQ.exe

C:\Windows\System\SnlRrBQ.exe

C:\Windows\System\YuadkiS.exe

C:\Windows\System\YuadkiS.exe

C:\Windows\System\xyOnYvC.exe

C:\Windows\System\xyOnYvC.exe

C:\Windows\System\tQrObyw.exe

C:\Windows\System\tQrObyw.exe

C:\Windows\System\XEstzIx.exe

C:\Windows\System\XEstzIx.exe

C:\Windows\System\ScjClOW.exe

C:\Windows\System\ScjClOW.exe

C:\Windows\System\XEjursc.exe

C:\Windows\System\XEjursc.exe

C:\Windows\System\PjMWmDE.exe

C:\Windows\System\PjMWmDE.exe

C:\Windows\System\XWZCIvu.exe

C:\Windows\System\XWZCIvu.exe

C:\Windows\System\WtumBFI.exe

C:\Windows\System\WtumBFI.exe

C:\Windows\System\McEefDq.exe

C:\Windows\System\McEefDq.exe

C:\Windows\System\TVfkigm.exe

C:\Windows\System\TVfkigm.exe

C:\Windows\System\GsIzohi.exe

C:\Windows\System\GsIzohi.exe

C:\Windows\System\YUCBwib.exe

C:\Windows\System\YUCBwib.exe

C:\Windows\System\qycvRuZ.exe

C:\Windows\System\qycvRuZ.exe

C:\Windows\System\mBGtJqp.exe

C:\Windows\System\mBGtJqp.exe

C:\Windows\System\hltQRAc.exe

C:\Windows\System\hltQRAc.exe

C:\Windows\System\HUDKtci.exe

C:\Windows\System\HUDKtci.exe

C:\Windows\System\SXGkKdW.exe

C:\Windows\System\SXGkKdW.exe

C:\Windows\System\WwvsVEF.exe

C:\Windows\System\WwvsVEF.exe

C:\Windows\System\PiFgozU.exe

C:\Windows\System\PiFgozU.exe

C:\Windows\System\UIPQqOd.exe

C:\Windows\System\UIPQqOd.exe

C:\Windows\System\IfPDipn.exe

C:\Windows\System\IfPDipn.exe

C:\Windows\System\brpTYHT.exe

C:\Windows\System\brpTYHT.exe

C:\Windows\System\qRjMbTY.exe

C:\Windows\System\qRjMbTY.exe

C:\Windows\System\DMsxvco.exe

C:\Windows\System\DMsxvco.exe

C:\Windows\System\jJNAQMm.exe

C:\Windows\System\jJNAQMm.exe

C:\Windows\System\HdTWmkr.exe

C:\Windows\System\HdTWmkr.exe

C:\Windows\System\CggEgQi.exe

C:\Windows\System\CggEgQi.exe

C:\Windows\System\EHAWMQO.exe

C:\Windows\System\EHAWMQO.exe

C:\Windows\System\mwRuUeb.exe

C:\Windows\System\mwRuUeb.exe

C:\Windows\System\GzCPluQ.exe

C:\Windows\System\GzCPluQ.exe

C:\Windows\System\YnLjkFB.exe

C:\Windows\System\YnLjkFB.exe

C:\Windows\System\kflmfha.exe

C:\Windows\System\kflmfha.exe

C:\Windows\System\btakViR.exe

C:\Windows\System\btakViR.exe

C:\Windows\System\LZkGcll.exe

C:\Windows\System\LZkGcll.exe

C:\Windows\System\dtuWUiJ.exe

C:\Windows\System\dtuWUiJ.exe

C:\Windows\System\kxePVTo.exe

C:\Windows\System\kxePVTo.exe

C:\Windows\System\Netggnd.exe

C:\Windows\System\Netggnd.exe

C:\Windows\System\OwzNEzL.exe

C:\Windows\System\OwzNEzL.exe

C:\Windows\System\bwngBgQ.exe

C:\Windows\System\bwngBgQ.exe

C:\Windows\System\ujxvKmP.exe

C:\Windows\System\ujxvKmP.exe

C:\Windows\System\QfAJyEi.exe

C:\Windows\System\QfAJyEi.exe

C:\Windows\System\wQYaJpb.exe

C:\Windows\System\wQYaJpb.exe

C:\Windows\System\slwkLLm.exe

C:\Windows\System\slwkLLm.exe

C:\Windows\System\mXQyfkx.exe

C:\Windows\System\mXQyfkx.exe

C:\Windows\System\AXkturS.exe

C:\Windows\System\AXkturS.exe

C:\Windows\System\gpewAGs.exe

C:\Windows\System\gpewAGs.exe

C:\Windows\System\EiXEoDy.exe

C:\Windows\System\EiXEoDy.exe

C:\Windows\System\aTGcRbW.exe

C:\Windows\System\aTGcRbW.exe

C:\Windows\System\bQKeQLB.exe

C:\Windows\System\bQKeQLB.exe

C:\Windows\System\wGLdFOW.exe

C:\Windows\System\wGLdFOW.exe

C:\Windows\System\EnKreSf.exe

C:\Windows\System\EnKreSf.exe

C:\Windows\System\lcgJfbJ.exe

C:\Windows\System\lcgJfbJ.exe

C:\Windows\System\rIXlqYL.exe

C:\Windows\System\rIXlqYL.exe

C:\Windows\System\WQtggkv.exe

C:\Windows\System\WQtggkv.exe

C:\Windows\System\wItCcCO.exe

C:\Windows\System\wItCcCO.exe

C:\Windows\System\HPPZSbH.exe

C:\Windows\System\HPPZSbH.exe

C:\Windows\System\ytodECC.exe

C:\Windows\System\ytodECC.exe

C:\Windows\System\MTnzkdn.exe

C:\Windows\System\MTnzkdn.exe

C:\Windows\System\NJeoHAr.exe

C:\Windows\System\NJeoHAr.exe

C:\Windows\System\IDmPnYX.exe

C:\Windows\System\IDmPnYX.exe

C:\Windows\System\GUpHROE.exe

C:\Windows\System\GUpHROE.exe

C:\Windows\System\XTkvkbF.exe

C:\Windows\System\XTkvkbF.exe

C:\Windows\System\RPBSYHb.exe

C:\Windows\System\RPBSYHb.exe

C:\Windows\System\vCMCWBX.exe

C:\Windows\System\vCMCWBX.exe

C:\Windows\System\asZazsX.exe

C:\Windows\System\asZazsX.exe

C:\Windows\System\tTXceQx.exe

C:\Windows\System\tTXceQx.exe

C:\Windows\System\Vkwkpoc.exe

C:\Windows\System\Vkwkpoc.exe

C:\Windows\System\VOlNcKb.exe

C:\Windows\System\VOlNcKb.exe

C:\Windows\System\CZfceCs.exe

C:\Windows\System\CZfceCs.exe

C:\Windows\System\EsisWcP.exe

C:\Windows\System\EsisWcP.exe

C:\Windows\System\LICXzVr.exe

C:\Windows\System\LICXzVr.exe

C:\Windows\System\ncxTwpj.exe

C:\Windows\System\ncxTwpj.exe

C:\Windows\System\xzdYrDw.exe

C:\Windows\System\xzdYrDw.exe

C:\Windows\System\dRdlcJd.exe

C:\Windows\System\dRdlcJd.exe

C:\Windows\System\pMpvZOW.exe

C:\Windows\System\pMpvZOW.exe

C:\Windows\System\UsqdXGb.exe

C:\Windows\System\UsqdXGb.exe

C:\Windows\System\dwIMKqO.exe

C:\Windows\System\dwIMKqO.exe

C:\Windows\System\CkeFaWj.exe

C:\Windows\System\CkeFaWj.exe

C:\Windows\System\TFKCZGt.exe

C:\Windows\System\TFKCZGt.exe

C:\Windows\System\ybXHjhA.exe

C:\Windows\System\ybXHjhA.exe

C:\Windows\System\HcbgOzc.exe

C:\Windows\System\HcbgOzc.exe

C:\Windows\System\aEcfgKA.exe

C:\Windows\System\aEcfgKA.exe

C:\Windows\System\EkRSpwo.exe

C:\Windows\System\EkRSpwo.exe

C:\Windows\System\zjKEtlc.exe

C:\Windows\System\zjKEtlc.exe

C:\Windows\System\PEeGRps.exe

C:\Windows\System\PEeGRps.exe

C:\Windows\System\yyXiSwH.exe

C:\Windows\System\yyXiSwH.exe

C:\Windows\System\yVmbEKf.exe

C:\Windows\System\yVmbEKf.exe

C:\Windows\System\NkKuzbh.exe

C:\Windows\System\NkKuzbh.exe

C:\Windows\System\rvaJUdW.exe

C:\Windows\System\rvaJUdW.exe

C:\Windows\System\DApTAzn.exe

C:\Windows\System\DApTAzn.exe

C:\Windows\System\dvavqLr.exe

C:\Windows\System\dvavqLr.exe

C:\Windows\System\ZmGgQlo.exe

C:\Windows\System\ZmGgQlo.exe

C:\Windows\System\HCDvIMM.exe

C:\Windows\System\HCDvIMM.exe

C:\Windows\System\YqokbNl.exe

C:\Windows\System\YqokbNl.exe

C:\Windows\System\FzfMHIm.exe

C:\Windows\System\FzfMHIm.exe

C:\Windows\System\FHoVcaB.exe

C:\Windows\System\FHoVcaB.exe

C:\Windows\System\jbumfJr.exe

C:\Windows\System\jbumfJr.exe

C:\Windows\System\kYcNlsE.exe

C:\Windows\System\kYcNlsE.exe

C:\Windows\System\nIOBLeg.exe

C:\Windows\System\nIOBLeg.exe

C:\Windows\System\BKYuuED.exe

C:\Windows\System\BKYuuED.exe

C:\Windows\System\AJydYIV.exe

C:\Windows\System\AJydYIV.exe

C:\Windows\System\BmyVXaZ.exe

C:\Windows\System\BmyVXaZ.exe

C:\Windows\System\ukqPxBU.exe

C:\Windows\System\ukqPxBU.exe

C:\Windows\System\MhbnqKJ.exe

C:\Windows\System\MhbnqKJ.exe

C:\Windows\System\luPPIUx.exe

C:\Windows\System\luPPIUx.exe

C:\Windows\System\xSYWEUh.exe

C:\Windows\System\xSYWEUh.exe

C:\Windows\System\uJGUfGH.exe

C:\Windows\System\uJGUfGH.exe

C:\Windows\System\euKEqgb.exe

C:\Windows\System\euKEqgb.exe

C:\Windows\System\dWjEGkf.exe

C:\Windows\System\dWjEGkf.exe

C:\Windows\System\ZYhEbKi.exe

C:\Windows\System\ZYhEbKi.exe

C:\Windows\System\vvXCUif.exe

C:\Windows\System\vvXCUif.exe

C:\Windows\System\rwmDHaC.exe

C:\Windows\System\rwmDHaC.exe

C:\Windows\System\KWHcjsp.exe

C:\Windows\System\KWHcjsp.exe

C:\Windows\System\aSBlmRy.exe

C:\Windows\System\aSBlmRy.exe

C:\Windows\System\FMGERzb.exe

C:\Windows\System\FMGERzb.exe

C:\Windows\System\ebGJEkd.exe

C:\Windows\System\ebGJEkd.exe

C:\Windows\System\tfwyNkH.exe

C:\Windows\System\tfwyNkH.exe

C:\Windows\System\bUfdmrJ.exe

C:\Windows\System\bUfdmrJ.exe

C:\Windows\System\HWOMhbs.exe

C:\Windows\System\HWOMhbs.exe

C:\Windows\System\CicKfSk.exe

C:\Windows\System\CicKfSk.exe

C:\Windows\System\SOIidfK.exe

C:\Windows\System\SOIidfK.exe

C:\Windows\System\bpvvFPC.exe

C:\Windows\System\bpvvFPC.exe

C:\Windows\System\rNAIsFy.exe

C:\Windows\System\rNAIsFy.exe

C:\Windows\System\pHVcuwV.exe

C:\Windows\System\pHVcuwV.exe

C:\Windows\System\ZtoVfiV.exe

C:\Windows\System\ZtoVfiV.exe

C:\Windows\System\dCRMQCK.exe

C:\Windows\System\dCRMQCK.exe

C:\Windows\System\HqRXRwR.exe

C:\Windows\System\HqRXRwR.exe

C:\Windows\System\CswqmIr.exe

C:\Windows\System\CswqmIr.exe

C:\Windows\System\MnVuEdj.exe

C:\Windows\System\MnVuEdj.exe

C:\Windows\System\AOnwBZE.exe

C:\Windows\System\AOnwBZE.exe

C:\Windows\System\XxjjxIb.exe

C:\Windows\System\XxjjxIb.exe

C:\Windows\System\PzSUPwH.exe

C:\Windows\System\PzSUPwH.exe

C:\Windows\System\JmyruGW.exe

C:\Windows\System\JmyruGW.exe

C:\Windows\System\pDOVkcf.exe

C:\Windows\System\pDOVkcf.exe

C:\Windows\System\JifNbZa.exe

C:\Windows\System\JifNbZa.exe

C:\Windows\System\dayDhVx.exe

C:\Windows\System\dayDhVx.exe

C:\Windows\System\WcbBubn.exe

C:\Windows\System\WcbBubn.exe

C:\Windows\System\JxbjfkK.exe

C:\Windows\System\JxbjfkK.exe

C:\Windows\System\lpvpZfd.exe

C:\Windows\System\lpvpZfd.exe

C:\Windows\System\MVetuJp.exe

C:\Windows\System\MVetuJp.exe

C:\Windows\System\XDjHktV.exe

C:\Windows\System\XDjHktV.exe

C:\Windows\System\yZvxqWB.exe

C:\Windows\System\yZvxqWB.exe

C:\Windows\System\AGzRzeg.exe

C:\Windows\System\AGzRzeg.exe

C:\Windows\System\VdgjIir.exe

C:\Windows\System\VdgjIir.exe

C:\Windows\System\RGkrQqz.exe

C:\Windows\System\RGkrQqz.exe

C:\Windows\System\MEBkcvI.exe

C:\Windows\System\MEBkcvI.exe

C:\Windows\System\qcQmZFE.exe

C:\Windows\System\qcQmZFE.exe

C:\Windows\System\JdwpYPE.exe

C:\Windows\System\JdwpYPE.exe

C:\Windows\System\kVFqgEq.exe

C:\Windows\System\kVFqgEq.exe

C:\Windows\System\KKJZPIK.exe

C:\Windows\System\KKJZPIK.exe

C:\Windows\System\BdNrlOE.exe

C:\Windows\System\BdNrlOE.exe

C:\Windows\System\xVhHaCW.exe

C:\Windows\System\xVhHaCW.exe

C:\Windows\System\fXVZCKO.exe

C:\Windows\System\fXVZCKO.exe

C:\Windows\System\yYLGSpI.exe

C:\Windows\System\yYLGSpI.exe

C:\Windows\System\BwRtjvY.exe

C:\Windows\System\BwRtjvY.exe

C:\Windows\System\akwvQww.exe

C:\Windows\System\akwvQww.exe

C:\Windows\System\nzGhUMh.exe

C:\Windows\System\nzGhUMh.exe

C:\Windows\System\OsgoBIW.exe

C:\Windows\System\OsgoBIW.exe

C:\Windows\System\PqTTfeM.exe

C:\Windows\System\PqTTfeM.exe

C:\Windows\System\KukrvTz.exe

C:\Windows\System\KukrvTz.exe

C:\Windows\System\LPbGzrO.exe

C:\Windows\System\LPbGzrO.exe

C:\Windows\System\kvYxbyj.exe

C:\Windows\System\kvYxbyj.exe

C:\Windows\System\ZMDCVmG.exe

C:\Windows\System\ZMDCVmG.exe

C:\Windows\System\gYlmXDb.exe

C:\Windows\System\gYlmXDb.exe

C:\Windows\System\uMfTdnh.exe

C:\Windows\System\uMfTdnh.exe

C:\Windows\System\xPecoAO.exe

C:\Windows\System\xPecoAO.exe

C:\Windows\System\bwUIeox.exe

C:\Windows\System\bwUIeox.exe

C:\Windows\System\KKjfByL.exe

C:\Windows\System\KKjfByL.exe

C:\Windows\System\mylvsgn.exe

C:\Windows\System\mylvsgn.exe

C:\Windows\System\IQjabeV.exe

C:\Windows\System\IQjabeV.exe

C:\Windows\System\sYAIKxc.exe

C:\Windows\System\sYAIKxc.exe

C:\Windows\System\ZNrQRdU.exe

C:\Windows\System\ZNrQRdU.exe

C:\Windows\System\IIjDeIj.exe

C:\Windows\System\IIjDeIj.exe

C:\Windows\System\WURvYCo.exe

C:\Windows\System\WURvYCo.exe

C:\Windows\System\yLAePTH.exe

C:\Windows\System\yLAePTH.exe

C:\Windows\System\Uqstztq.exe

C:\Windows\System\Uqstztq.exe

C:\Windows\System\XauMQtN.exe

C:\Windows\System\XauMQtN.exe

C:\Windows\System\ZKlmsLX.exe

C:\Windows\System\ZKlmsLX.exe

C:\Windows\System\nzHhicS.exe

C:\Windows\System\nzHhicS.exe

C:\Windows\System\ZdgDtzu.exe

C:\Windows\System\ZdgDtzu.exe

C:\Windows\System\pqppZiY.exe

C:\Windows\System\pqppZiY.exe

C:\Windows\System\ByaWahy.exe

C:\Windows\System\ByaWahy.exe

C:\Windows\System\dkvSXng.exe

C:\Windows\System\dkvSXng.exe

C:\Windows\System\pfmmohd.exe

C:\Windows\System\pfmmohd.exe

C:\Windows\System\qlFldYd.exe

C:\Windows\System\qlFldYd.exe

C:\Windows\System\xjWkkIi.exe

C:\Windows\System\xjWkkIi.exe

C:\Windows\System\xDxkDjh.exe

C:\Windows\System\xDxkDjh.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/2156-0-0x00007FF614F50000-0x00007FF615346000-memory.dmp

memory/2156-1-0x000001E75EAC0000-0x000001E75EAD0000-memory.dmp

C:\Windows\System\YlRYQOm.exe

MD5 aa22ac70d645c93b1e2d06c67dcb0a36
SHA1 2d8128a8910169944d8ab9b013a6dab2a0f488ca
SHA256 c5cd44fcd24558a541115b15ba43528b9181997645eb2c93f37d65f5ef28b904
SHA512 33fc6fdebe7988da7869f19e0fcc3c3992c0f6e36d3ac433c79512f983607964e0c5421ce0d459316627e9598d4a1e5788b4b9ac2adbf7684cdd0d96902f2f1a

memory/4200-6-0x00007FF841563000-0x00007FF841565000-memory.dmp

C:\Windows\System\vvHAMZM.exe

MD5 438a9bcfe1c21214c8d5336e9633adcc
SHA1 81447479f2c63ae03b030b3118f2dc8a1c4c9daa
SHA256 fc36c9f56858ffe9c667da2f10dcb084dea572198fa92ab3cb4539e7a6c0743e
SHA512 7849a5c27fc85b9c05e68b3f70f8ab2d00e56ffab968f17a1f691ce75b7b0f44ce0484987244f16ddc11162e6483a498d4aab2e5efb14853ceca242a14eabeaf

memory/4200-22-0x00007FF841560000-0x00007FF842021000-memory.dmp

C:\Windows\System\vkThjNL.exe

MD5 a83a7da410c8db3fded35fc780496e29
SHA1 6fd9cccdb135f9e18298cc5cd024bb4e6ef3731f
SHA256 d0da5715a8c31296bc879f326b4b9886070570bdd6327b58985033ccd8911a85
SHA512 299a1f1f59f9a1667fcee27287ccf92007fd8bf0720df806a9fe5b5831649bc215e4701cbb350cf10567b53c396fc4cbd33f34d34b46ffdd20fdc7e8ccb87db5

C:\Windows\System\tpmYZiM.exe

MD5 0a39705b78748d72da9690d9f85306b8
SHA1 25be75be3e48b7b4c053e742cf3dfd7fec12f32a
SHA256 d61555e0a72854299dd7162893cdd6d0abebec65e9decb8ef574840a540a3eb0
SHA512 f2005d3def8095da0f7f1fa3059233258352b39aa6f5d63cfe69e4c98db5307eecb4ccf2894fda8e8c7b96a5b7e0ea63139042939f87cdabdc055c4f7637b0fd

C:\Windows\System\EDjxRsq.exe

MD5 24d675835aa53d8fda0e8abc9af7b617
SHA1 5546ae5675a514511a4691a3c6accbab5fe1397b
SHA256 c7389a30f2eb78f3db0aee28e3ee7b33f353024cd7f1614edd491a1e409e45f2
SHA512 f2129d22da198a8475f99a5b53d63ebe633b88ae7e03e93fe3435c4d34429dac1f79c69e2f6bfc8b982e99377dfe72af4223e3c69ae5d8db92d48ecbed4c8f0f

C:\Windows\System\ZSdygqy.exe

MD5 700cb47c74b1d551f518177190adcb59
SHA1 0b4210f79c2e92bb0c347f68a3966c2bbd8ade53
SHA256 753ef8ff4d4f091403cefdfcf5f5c89f06b32287dd2008b0267452c10b84bd07
SHA512 8e5157ebf7c9fb666a50c1b8d1612ff68768016f27c7386e8bd27e1d74f32ed7a423b062e5ae74e801c7a66712dba16afd098ff352d1eafb9ecbde61ab495e9b

C:\Windows\System\nPaHZuA.exe

MD5 a3ec0e35632825b5370ad3722be5fc45
SHA1 8e1ffc79eacdd2fcb5ef6f2bc52b554b4eda7190
SHA256 d617e08e0c51c06c8c0db4a11ea85e0ab9610f572e9b69717b548f6ebdfc1169
SHA512 19b8a27ee42b232f24b3bd73319bfab69b16b3a7cb5f5dfbb7843fa95d74b8d543756183c479e2abcb09f852adf2124d8c4d58e97801d08c21affbf7c20ab04c

C:\Windows\System\dBuJxDK.exe

MD5 c0bd54dd284b27954740d639c99d243a
SHA1 62a2ff54775c4639a7ddf797c574788b3199b809
SHA256 6503e311d4351d9b263ffd5ef7c3097d3335398ca52970e242d354a90d7045e9
SHA512 48a14777178bda016f3fe643bda534970d9ec75c7cec7e0f726baad6e332fffea1da17e6d709ffa4b87fa19d3c521960eb9d8ca52c0c4c209889adada1f7a13d

C:\Windows\System\GjJgyRr.exe

MD5 346d69fc76359e5176279d2d84843564
SHA1 83fd61370e378db3b57d909d29a484ff49ca4799
SHA256 e4883534f981b0769d573c12bd62806cd488e5919e090ff914fd182f3d6fe0c5
SHA512 add61b5a47ab6ce5f5713266f3f468d7d36ba2541973f553a0a147f95c2eadfb86bd832e6227f6ab416cb8af03530cb8cef9ee7071ddeb2ad66a3a847e4be934

C:\Windows\System\TYdmFNp.exe

MD5 c63242a380bf6eaf7940879fdee24a17
SHA1 29ea0c2e32b660eb9d15c67f32c25e6dc92ecb8a
SHA256 0df2b7f3eeaf93e54423e8b3f8740a2ecce292eb8018a84149407e7abf40c8eb
SHA512 2f2b8f8efb836c5e0184084a4ad02b9e813403e9be83e09d2fe89c85cc3017dd1f2bb95506f25b6dd79be578b5d6875b0e67e4496544dd919259768c1d638caa

memory/2280-92-0x00007FF7846A0000-0x00007FF784A96000-memory.dmp

memory/2244-94-0x00007FF63F840000-0x00007FF63FC36000-memory.dmp

memory/4200-95-0x00007FF841560000-0x00007FF842021000-memory.dmp

memory/2204-98-0x00007FF6863B0000-0x00007FF6867A6000-memory.dmp

memory/3728-99-0x00007FF672870000-0x00007FF672C66000-memory.dmp

memory/2764-97-0x00007FF6BAFE0000-0x00007FF6BB3D6000-memory.dmp

memory/1716-96-0x00007FF72A870000-0x00007FF72AC66000-memory.dmp

memory/1004-93-0x00007FF7846D0000-0x00007FF784AC6000-memory.dmp

memory/3520-91-0x00007FF7A6180000-0x00007FF7A6576000-memory.dmp

memory/5048-90-0x00007FF6D0D80000-0x00007FF6D1176000-memory.dmp

memory/4108-87-0x00007FF6050B0000-0x00007FF6054A6000-memory.dmp

memory/3592-84-0x00007FF6B3AA0000-0x00007FF6B3E96000-memory.dmp

C:\Windows\System\kAuNgFO.exe

MD5 2914b298d87b2ddc8a238d8462dbe958
SHA1 252a1ceb999ae63621614f065f203389a6e0bb6b
SHA256 d57a4fb5a3cf8471f42cf739d9227d7cd9f0db850846b0638dfa46abdff20148
SHA512 162882896ba590c6845af413cff4d011fe3407b1ab12c8dea8f3c758ef3051a859821b38aaa20ca041baa9d43060375f63e4695c348dd3721ed38cbd1cfcb1ad

memory/4480-78-0x00007FF68C3E0000-0x00007FF68C7D6000-memory.dmp

C:\Windows\System\suKetav.exe

MD5 ac76962e1cbd2e879b7870588e9a502c
SHA1 9de06d3e2fe5a52f6cfbf5d187fb11aa23e19aec
SHA256 1a09db6e653856ebddb724ae334e539367164014268b26e7f9ef89eea4456aca
SHA512 0a6aa8f99fc8ac6a191f7986c70309beae567676a9f9cdf197c716740ca7bc8efaca31aafecd406a219fc6cd9c07911bc110caa4eabad24f945e42d06be6f4bf

memory/4200-69-0x000002691D6D0000-0x000002691D6F2000-memory.dmp

memory/4200-100-0x000002691E270000-0x000002691EA16000-memory.dmp

memory/228-66-0x00007FF6641B0000-0x00007FF6645A6000-memory.dmp

C:\Windows\System\NEFcjtC.exe

MD5 4f5a7fd607f50a62f3bc6af7bb82c947
SHA1 a7ca3ba0e54ab2b104321e262f03dd49e2baad8d
SHA256 a8c765157a1259dd6093221f048863c37c13370ee211e645dc766e26b43ce956
SHA512 ca10cb0414bc9c5799aa478eae7bfad0eb1fd2bf1760d717e7e8d9803362c246114aeff92cc15b2ba75d6aa6df0729c6722045886642ef6f6510a0911a1dabbe

C:\Windows\System\ANGXOwe.exe

MD5 14e062650931c81d6a04548371320ee2
SHA1 982e9e66ae7ce40ad4036a86415c4a138620fd8c
SHA256 34d8e2cc54351c85e18f72c2358d5b8d6d0d2c1fcfba8b1d1c156a1a827d16ee
SHA512 5198169591e64927c57c15b57e219f50aa77f3fada04a16645d68b2febfc67769657582d73c1bb534cc74a1c2d1acba47a1c10cef6e5a7fa45674a94866e39a7

memory/744-40-0x00007FF68BF10000-0x00007FF68C306000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pt5jw1o5.2mo.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\VeqKvhY.exe

MD5 b8bac2ca34776f40255d541202efcf24
SHA1 69b3e42491c711fe5fc79be5be5c499bfe5d9e4a
SHA256 797124743b9ffad6a90015680a80d48b0ee2b672dd65741f4604097536be2a8b
SHA512 a7178222512a8f2bbf65f4f85adef449fb640b6e72f24b5147dea7f3cfbff7c700a7654fc17e5a2e473311dca5ee49974316e1a67d150f8c76765df86d321f70

C:\Windows\System\dchyfnP.exe

MD5 df88c528b42fb409b3369be37739c047
SHA1 10b418e04e467d0e6a008c4cb6ba5f508ad68f25
SHA256 861ecf6622f4271a4a1b68fb84a64fcff943f63cbb5b263607694837313a4647
SHA512 6121e7ed48b27f15215749ec303a114bbea97bab26876ee9751060fc3e72a0b9140262551febfc97ad40a9be82f9f64699a3871cb252ab2eafc4fab645aa4ee8

C:\Windows\System\zQhswWN.exe

MD5 ee1c572ecf4399ada4a59ae06ac112f2
SHA1 1162cae601d6f7e904c9325647063bf8b1e77234
SHA256 4704215745d98225de53e4abb637d0d7631497c0038865bbba7ee791ba410c94
SHA512 9859562c653bc5cadee7a1322e988f7b6fe0b7beb5a8f3b49552a419303a08a987ddb704627d3b3a9bffcf3ff2ec86af1878de54ca0c5da19247de0f3aa6b3bb

C:\Windows\System\HhHJmSZ.exe

MD5 07bac4763f0b04c2f1b42bc7c4900e67
SHA1 f88f5d1de7e29f3c615d9e88821b9b35c5b794d3
SHA256 2181c9f74c816161fbe2898ae7afd49e022429f73b828772525bf489c72ca023
SHA512 aee4be4ac613c8f9c36a78e8e68de7b59c8a3562ce83dbfde185fe6b0fa999c709e3dde37f52c087ade1b5820350373c9b776e68eb53a9a21f23a6fcf3fe1f65

C:\Windows\System\fWpCHtQ.exe

MD5 ae09154f94d63f01889b7c766b4b6772
SHA1 ca41e43bab1154916988dca3801f8a09fadb773d
SHA256 524d1f64dcb23da4f7ce153ac9ed3ca0ef89c85ad7552e53152d77f0e8c08cb2
SHA512 b6abdc9c1dcbedfabfc6ba155495a1b55507e6c2ab16f1867fc185c7174640db41d921ee81807bd945a6696ddfd855cb28562ba18f775abcc5a88d7cb9b6a400

C:\Windows\System\qJhIasd.exe

MD5 bb2277efece9bdbddf75545da47033f3
SHA1 d2ce8e3590f382d26974efab0fac54747afd8827
SHA256 74df05103474eb5d3fba98aa43ab54c79a7bb1411295893407cf789c499dcc46
SHA512 1b40de6f774d5f29ff34e2722874156a47ccf7ace402b0072cbf10f94b0e999482c72619e24e8e4705644c321770f48c56bb3d45a15fceda768ac529b58070ce

memory/2076-432-0x00007FF6FA4D0000-0x00007FF6FA8C6000-memory.dmp

memory/2052-440-0x00007FF700610000-0x00007FF700A06000-memory.dmp

C:\Windows\System\gKUfHAm.exe

MD5 b4c17f69d4a05e7f27e9cd8d94498ba5
SHA1 b65b8cbbdd6287d911e4fc19f5c8ada39b5dd392
SHA256 56adf01fdfed7ebf0f458aee405b2e4835690320b2cc85718b1cb89f437a3ee5
SHA512 b2c75c5f9360f271d9ab1c0562c35672c4398f8ab4cf6b7a05181565749a9f3f10aa9dac50560dc5c75755951604bb65070b51399bd05ada7171aceb97bbf24c

C:\Windows\System\RwBRmfD.exe

MD5 137fef4fd088219b3e637c83ad4654a1
SHA1 2712dfa1e25b798d8dfc269f8d5ab9405d4e96ef
SHA256 eab18d78c22c0b79924c6fb1f2f89784410183365941b31ae1da9d41cbd9114f
SHA512 a85d0f1103984ef155288bf0363f322665bfe9217a1d55f4fdda23314e6dde593bc0774dc84e2eee1f48a0df05801fa7f1782e0a6db6dda17fc51a22b053571e

memory/4420-418-0x00007FF6F72A0000-0x00007FF6F7696000-memory.dmp

C:\Windows\System\TaKMEme.exe

MD5 07354e31142623c2ec1cbf58885bcccc
SHA1 b4fac53d600bd9ada8bc82b7dedff4f895e947c0
SHA256 401318563f782c0118ba63a32a7cea4b575dde1fcb44ef6b7b0e51806b3fa372
SHA512 19cfe9f0990b56cd022ca9ad1168e1a5eaa858ce7ded09ca5d0e1cb2ecef3d2a83f60a1e6ef2d49f0bf9f47c5f74e0e2fee090474655725ed1558ce5d7ca27e7

C:\Windows\System\hZWCPLb.exe

MD5 1c46f2f87562736e3b6dd2884d9c1bc1
SHA1 850760b0f8bace122fb96a7fdac1cb6a7339f78c
SHA256 6a8637d05e58401cf12a69315e210fe63cf2e670ddf0a3383d38fc5f72c0658e
SHA512 7f8b2967ed82aa7281421f18cc082d998e9fc59d628267c1ac8df90580d3d0c1ee68ebfad670500db0139f8f26040037947f90396bb9ebfec401a6ca0782b66a

C:\Windows\System\FHQeHiT.exe

MD5 1954787cbff9c8163bc58992cf17b2f8
SHA1 92c64eb9830ca125f9ddaaf8a3bc0c223adc4ae8
SHA256 604117577dc5b45762825178b1481fb8d0fc924f678d742f6f9a0701b5d678e3
SHA512 88bae615000894b6c02d5577669c9ace08964f9b35d9c063576d3e7ee7f2c1ae87eca324cfad7efef6c8904d39f96cc183bb94ddc9b8d8ab2579363552e04516

memory/4400-398-0x00007FF756F00000-0x00007FF7572F6000-memory.dmp

C:\Windows\System\jkhWWLw.exe

MD5 36f35d1a91bd5fc01bd9275f56954598
SHA1 7ea59fe9327b35b5c2440dfb8a3c9381b363c6c0
SHA256 73ac435928a0b10853c0e7aba1ca5cda5ff20cb94c8296a7ecb28a0538fe9cbe
SHA512 06a1097a263edcae7eedcac94974df6bef9d5901ce80f092fa9a12101c4b360fa6acaebec5d503133e1e714dd2caf2883ed1ef065b7b3ee7cdb5174a31fb051e

C:\Windows\System\cOWuyjW.exe

MD5 61ab30228fe742857ed7498df7e314e0
SHA1 71b71e40844f9456d1a7caf48e15f604795930f2
SHA256 6f29f899027db0aef4a8c972581539c0b73202a023022ddfdeac8dbcea7772b5
SHA512 4cc9eb9a29122f5e26ee098366f7f0e7e15d1dc97375870defbac9483862100b678ed893dad791c94529eda4b82e33326df5841806b7b24242f6556fbf2f6751

C:\Windows\System\OCWxiko.exe

MD5 448b1c30aeef79e57280c21c1fbce535
SHA1 4169ee05b8bfb93c30de4dcabee37ee1d1d3afe7
SHA256 5179fc7b804612a6019c0a0968334dd1d2667135523f240c988515a02e5e0359
SHA512 09aa2c81e5def5732fed5dd06342be7f6a85e693e23799c9262198c273133d8e863ea9f522b7a4380ecf7dbfaf5a32fe1fa8e0b95a4bada94baa9cdf95f71e46

C:\Windows\System\jQUDhqa.exe

MD5 e605d6a25643ca7c94dda867f6e4aa70
SHA1 636f13e2b5fefeb35eb96d7f40411811d4049a60
SHA256 d421a27eda93f1ab0ccbe32f66fb0e300c7a2ac2f8b2a3f06853c97009fdf26f
SHA512 3135ba1f141327639f1212165da228975496d381de901e22ff9717af6f1db4e0be56f0f4c4e1ac7ed23935e477b4e4f5e3cd10e9e21e0177e239f0b8eadee41e

memory/1992-370-0x00007FF7783E0000-0x00007FF7787D6000-memory.dmp

C:\Windows\System\PaCcNrq.exe

MD5 cb042c313cbd4cb4b9e7143cd229305d
SHA1 1ce07353fe3d1864b95d94b979491d349ce46015
SHA256 2f158eaaa1a1a07a5b84359c520e3a2d8ef295b7ee8101e6fddd3bd00ffa0097
SHA512 60a954836b11941b77d3cde84bae5cd4102af238f8fa9540f6c8d0f1b87ddfa7af280327194dc0b807e6da48840bc972d66f0dcb1d19a69e155011c8cf81507e

C:\Windows\System\FDTVHjz.exe

MD5 4138b513b766f03a88c243e3df42043f
SHA1 80ce890ae8009cc3a9f58034c93bc4d23c081f34
SHA256 3e1caba3d152cc701a22833c9230b36466718a6298556a10ff6f2c5429bee4d8
SHA512 a3ce8e2424f8b48bbd727d159f804c053731c3f9d3174940e3ad37427c9621aaf5adcb684716e35d3cc6563f78d2e29c886fc7428afd4b270f26113164542704

C:\Windows\System\cwIAvXw.exe

MD5 09029ce5b45502c735fe857b07c73a24
SHA1 c25f98b07718e82b7c21bdae86294d466decae6b
SHA256 188e54fe042a6c40f91d242a46b8d3ca959d7e5427c511adddc03767cfa59172
SHA512 5822cdd64119da0215a131dfafa2f05b490613ea02ea3f83f30408aadd1a2a4a01a668e7676d2a387a0772dc6f54731777feb5910adde41d19d4feda883f0cda

memory/2756-354-0x00007FF719650000-0x00007FF719A46000-memory.dmp

C:\Windows\System\VWUpELG.exe

MD5 2dedd3d1c0854d91e97b34c007a86d1d
SHA1 da0d05671ad10aeaaecc3c41aadd335b21b63d77
SHA256 b37d50bc90d8848def98913fd0a0265470e6aa37c38a0b09cbf4534c3e4451c8
SHA512 972cff400d8a658c345a860ca4cbee2822ef85504a39da0da1c20a60c9de375993e09992cbd0e542ea3008753a08e7bd1d1d842451991a013109a47e342e516a

C:\Windows\System\pdtBauV.exe

MD5 8bc36149803902513cce20204cd69327
SHA1 abd2eb929262ae325af6677cdf4a20c5fe67fe45
SHA256 ac67f63d8308771b18c7cba371911883aaca16c8fd63a02f2c1c071e9edf8046
SHA512 78a9efd6a79bbfa45d5b44120d3834bda281622629b85d35cb1a5a63ce1831cdeb321c301861aaf65aac46b5c7d986843c5f3e909cc19464f3c7dc40a0d3a06d

memory/5072-336-0x00007FF750290000-0x00007FF750686000-memory.dmp

C:\Windows\System\gbhaROp.exe

MD5 eae4ea19d63a2276cbddb3767a8aa1e1
SHA1 be71794a4161c7e2e43178a78ed1b85b3bc997ca
SHA256 ecef72470d0ebe71df13ea9def505b94e73702fe624578cfe6cfe83f0cb66dd0
SHA512 0137067138c8621321abbc004810488393d70dabd4d75e71739c62066c949fe3820bf632306cf45c3a0ad840e4710782cc8eddd3ad55224e4325bb51b84a7574

memory/4376-317-0x00007FF7C7A40000-0x00007FF7C7E36000-memory.dmp

memory/4492-319-0x00007FF69D5F0000-0x00007FF69D9E6000-memory.dmp

memory/2584-300-0x00007FF7EC7C0000-0x00007FF7ECBB6000-memory.dmp

memory/4200-2060-0x00007FF841560000-0x00007FF842021000-memory.dmp

memory/4200-2061-0x00007FF841563000-0x00007FF841565000-memory.dmp

memory/4376-2062-0x00007FF7C7A40000-0x00007FF7C7E36000-memory.dmp

memory/4492-2063-0x00007FF69D5F0000-0x00007FF69D9E6000-memory.dmp

memory/2756-2064-0x00007FF719650000-0x00007FF719A46000-memory.dmp

memory/2584-2065-0x00007FF7EC7C0000-0x00007FF7ECBB6000-memory.dmp

memory/5072-2066-0x00007FF750290000-0x00007FF750686000-memory.dmp

memory/1992-2067-0x00007FF7783E0000-0x00007FF7787D6000-memory.dmp

memory/4400-2068-0x00007FF756F00000-0x00007FF7572F6000-memory.dmp

memory/744-2069-0x00007FF68BF10000-0x00007FF68C306000-memory.dmp

memory/228-2070-0x00007FF6641B0000-0x00007FF6645A6000-memory.dmp

memory/4480-2072-0x00007FF68C3E0000-0x00007FF68C7D6000-memory.dmp

memory/3592-2071-0x00007FF6B3AA0000-0x00007FF6B3E96000-memory.dmp

memory/5048-2078-0x00007FF6D0D80000-0x00007FF6D1176000-memory.dmp

memory/2280-2081-0x00007FF7846A0000-0x00007FF784A96000-memory.dmp

memory/1716-2080-0x00007FF72A870000-0x00007FF72AC66000-memory.dmp

memory/2244-2079-0x00007FF63F840000-0x00007FF63FC36000-memory.dmp

memory/4108-2077-0x00007FF6050B0000-0x00007FF6054A6000-memory.dmp

memory/1004-2076-0x00007FF7846D0000-0x00007FF784AC6000-memory.dmp

memory/2204-2074-0x00007FF6863B0000-0x00007FF6867A6000-memory.dmp

memory/3728-2073-0x00007FF672870000-0x00007FF672C66000-memory.dmp

memory/2764-2075-0x00007FF6BAFE0000-0x00007FF6BB3D6000-memory.dmp

memory/3520-2082-0x00007FF7A6180000-0x00007FF7A6576000-memory.dmp

memory/4376-2083-0x00007FF7C7A40000-0x00007FF7C7E36000-memory.dmp

memory/2584-2084-0x00007FF7EC7C0000-0x00007FF7ECBB6000-memory.dmp

memory/2756-2090-0x00007FF719650000-0x00007FF719A46000-memory.dmp

memory/1992-2089-0x00007FF7783E0000-0x00007FF7787D6000-memory.dmp

memory/2052-2091-0x00007FF700610000-0x00007FF700A06000-memory.dmp

memory/4492-2088-0x00007FF69D5F0000-0x00007FF69D9E6000-memory.dmp

memory/4420-2087-0x00007FF6F72A0000-0x00007FF6F7696000-memory.dmp

memory/5072-2086-0x00007FF750290000-0x00007FF750686000-memory.dmp

memory/2076-2085-0x00007FF6FA4D0000-0x00007FF6FA8C6000-memory.dmp

memory/4400-2092-0x00007FF756F00000-0x00007FF7572F6000-memory.dmp