Malware Analysis Report

2024-11-16 11:02

Sample ID 240612-mndabavemj
Target 338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe
SHA256 35576e56c76aae02d6fce418833c9b13a71f5459012fc299ab5d8526135e5790
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

35576e56c76aae02d6fce418833c9b13a71f5459012fc299ab5d8526135e5790

Threat Level: Known bad

The file 338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 10:36

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 10:36

Reported

2024-06-12 10:38

Platform

win7-20240508-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\iJSPiKG.exe N/A
N/A N/A C:\Windows\System\vpxhzeS.exe N/A
N/A N/A C:\Windows\System\srngTQn.exe N/A
N/A N/A C:\Windows\System\GRJFQzn.exe N/A
N/A N/A C:\Windows\System\axhAGSG.exe N/A
N/A N/A C:\Windows\System\IpNVzSJ.exe N/A
N/A N/A C:\Windows\System\xkoTUda.exe N/A
N/A N/A C:\Windows\System\DwSmukF.exe N/A
N/A N/A C:\Windows\System\UAPhgbL.exe N/A
N/A N/A C:\Windows\System\iuKEbRg.exe N/A
N/A N/A C:\Windows\System\CcdkVGe.exe N/A
N/A N/A C:\Windows\System\rzMsvNo.exe N/A
N/A N/A C:\Windows\System\SceYsQa.exe N/A
N/A N/A C:\Windows\System\UmoMpyY.exe N/A
N/A N/A C:\Windows\System\JSNGDzH.exe N/A
N/A N/A C:\Windows\System\HnyrHZQ.exe N/A
N/A N/A C:\Windows\System\NwuKuMA.exe N/A
N/A N/A C:\Windows\System\ALWapwZ.exe N/A
N/A N/A C:\Windows\System\rAHoleH.exe N/A
N/A N/A C:\Windows\System\YZmVgwG.exe N/A
N/A N/A C:\Windows\System\spBftJO.exe N/A
N/A N/A C:\Windows\System\YqXwkGr.exe N/A
N/A N/A C:\Windows\System\eAOllCQ.exe N/A
N/A N/A C:\Windows\System\UccfIXg.exe N/A
N/A N/A C:\Windows\System\xIYHCtY.exe N/A
N/A N/A C:\Windows\System\FouCAIe.exe N/A
N/A N/A C:\Windows\System\ZHfeTCB.exe N/A
N/A N/A C:\Windows\System\DpuJHdC.exe N/A
N/A N/A C:\Windows\System\ktMUPmH.exe N/A
N/A N/A C:\Windows\System\ZDNgTBV.exe N/A
N/A N/A C:\Windows\System\YRTEyMO.exe N/A
N/A N/A C:\Windows\System\AWOKlGy.exe N/A
N/A N/A C:\Windows\System\KbyuTWI.exe N/A
N/A N/A C:\Windows\System\exTQQwV.exe N/A
N/A N/A C:\Windows\System\NLKhsmT.exe N/A
N/A N/A C:\Windows\System\EzbBMgU.exe N/A
N/A N/A C:\Windows\System\VokxAlw.exe N/A
N/A N/A C:\Windows\System\YLIWIOV.exe N/A
N/A N/A C:\Windows\System\BpmLiSr.exe N/A
N/A N/A C:\Windows\System\EALVVgF.exe N/A
N/A N/A C:\Windows\System\Jwnpncb.exe N/A
N/A N/A C:\Windows\System\jPhuJBx.exe N/A
N/A N/A C:\Windows\System\YYOiyhr.exe N/A
N/A N/A C:\Windows\System\ynGZnuE.exe N/A
N/A N/A C:\Windows\System\hcOTMEl.exe N/A
N/A N/A C:\Windows\System\NFsoTtw.exe N/A
N/A N/A C:\Windows\System\yhsoHmI.exe N/A
N/A N/A C:\Windows\System\GIKwjby.exe N/A
N/A N/A C:\Windows\System\awWuNid.exe N/A
N/A N/A C:\Windows\System\eGjCutn.exe N/A
N/A N/A C:\Windows\System\gfCdwZq.exe N/A
N/A N/A C:\Windows\System\AXhyfRM.exe N/A
N/A N/A C:\Windows\System\ekLEfdq.exe N/A
N/A N/A C:\Windows\System\VUTPDCl.exe N/A
N/A N/A C:\Windows\System\uczvoIu.exe N/A
N/A N/A C:\Windows\System\MHENwSq.exe N/A
N/A N/A C:\Windows\System\fseAKtJ.exe N/A
N/A N/A C:\Windows\System\cgXHtSA.exe N/A
N/A N/A C:\Windows\System\xDCkvcA.exe N/A
N/A N/A C:\Windows\System\qgzXlKL.exe N/A
N/A N/A C:\Windows\System\GkzGfWb.exe N/A
N/A N/A C:\Windows\System\jMQgJCV.exe N/A
N/A N/A C:\Windows\System\PrxapSS.exe N/A
N/A N/A C:\Windows\System\ewcUtgK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\COsZtwI.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nIlRlXh.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZkBRcmw.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWcztVy.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HTKBbIS.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FaKrPph.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vctzHKC.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VcYISZa.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PhGIIrU.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixxcCTI.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PTITiiH.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rEIYqYo.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\paYTwHC.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbvxEMM.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlEEcjZ.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RyygjOc.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\miUfWqK.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eWjlEUF.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDxvGQE.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmkzUHd.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xytdFSS.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrZNUCd.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DIobquw.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qjvBKUx.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdzCOUI.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmriEhi.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzGfRJo.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qbYLQpN.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EMyLmTX.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TWlBtIw.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\poRGrIw.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OFWgafC.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NTNGoiN.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dyTguHq.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RynZWtH.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qiWLlLB.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VMJFvVQ.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\exmQXIi.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsAVsDj.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqXlEUK.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dgJfMwI.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUNcssh.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\idytsMl.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXEDGXe.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsnIKst.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCCzmXB.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HiSHKOc.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YVYTfle.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LOMGlbn.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tpbtAIw.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulqSGZn.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\riBwSqF.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XlbihKi.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKTgJMf.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ndLexhe.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WtcZJtD.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwCAKws.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RYcueIU.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sfSnelU.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIdmuxR.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftSUXjX.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYKwLMH.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKcZYWK.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxJKihm.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2932 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2932 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2932 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2932 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\iJSPiKG.exe
PID 2932 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\iJSPiKG.exe
PID 2932 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\iJSPiKG.exe
PID 2932 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\vpxhzeS.exe
PID 2932 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\vpxhzeS.exe
PID 2932 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\vpxhzeS.exe
PID 2932 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\srngTQn.exe
PID 2932 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\srngTQn.exe
PID 2932 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\srngTQn.exe
PID 2932 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\GRJFQzn.exe
PID 2932 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\GRJFQzn.exe
PID 2932 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\GRJFQzn.exe
PID 2932 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\axhAGSG.exe
PID 2932 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\axhAGSG.exe
PID 2932 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\axhAGSG.exe
PID 2932 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\xkoTUda.exe
PID 2932 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\xkoTUda.exe
PID 2932 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\xkoTUda.exe
PID 2932 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\IpNVzSJ.exe
PID 2932 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\IpNVzSJ.exe
PID 2932 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\IpNVzSJ.exe
PID 2932 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\DwSmukF.exe
PID 2932 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\DwSmukF.exe
PID 2932 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\DwSmukF.exe
PID 2932 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\UAPhgbL.exe
PID 2932 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\UAPhgbL.exe
PID 2932 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\UAPhgbL.exe
PID 2932 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\iuKEbRg.exe
PID 2932 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\iuKEbRg.exe
PID 2932 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\iuKEbRg.exe
PID 2932 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\CcdkVGe.exe
PID 2932 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\CcdkVGe.exe
PID 2932 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\CcdkVGe.exe
PID 2932 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\rzMsvNo.exe
PID 2932 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\rzMsvNo.exe
PID 2932 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\rzMsvNo.exe
PID 2932 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\SceYsQa.exe
PID 2932 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\SceYsQa.exe
PID 2932 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\SceYsQa.exe
PID 2932 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\UmoMpyY.exe
PID 2932 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\UmoMpyY.exe
PID 2932 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\UmoMpyY.exe
PID 2932 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\JSNGDzH.exe
PID 2932 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\JSNGDzH.exe
PID 2932 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\JSNGDzH.exe
PID 2932 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\HnyrHZQ.exe
PID 2932 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\HnyrHZQ.exe
PID 2932 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\HnyrHZQ.exe
PID 2932 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\NwuKuMA.exe
PID 2932 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\NwuKuMA.exe
PID 2932 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\NwuKuMA.exe
PID 2932 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ALWapwZ.exe
PID 2932 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ALWapwZ.exe
PID 2932 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ALWapwZ.exe
PID 2932 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\rAHoleH.exe
PID 2932 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\rAHoleH.exe
PID 2932 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\rAHoleH.exe
PID 2932 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YZmVgwG.exe
PID 2932 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YZmVgwG.exe
PID 2932 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YZmVgwG.exe
PID 2932 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\spBftJO.exe

Processes

C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\iJSPiKG.exe

C:\Windows\System\iJSPiKG.exe

C:\Windows\System\vpxhzeS.exe

C:\Windows\System\vpxhzeS.exe

C:\Windows\System\srngTQn.exe

C:\Windows\System\srngTQn.exe

C:\Windows\System\GRJFQzn.exe

C:\Windows\System\GRJFQzn.exe

C:\Windows\System\axhAGSG.exe

C:\Windows\System\axhAGSG.exe

C:\Windows\System\xkoTUda.exe

C:\Windows\System\xkoTUda.exe

C:\Windows\System\IpNVzSJ.exe

C:\Windows\System\IpNVzSJ.exe

C:\Windows\System\DwSmukF.exe

C:\Windows\System\DwSmukF.exe

C:\Windows\System\UAPhgbL.exe

C:\Windows\System\UAPhgbL.exe

C:\Windows\System\iuKEbRg.exe

C:\Windows\System\iuKEbRg.exe

C:\Windows\System\CcdkVGe.exe

C:\Windows\System\CcdkVGe.exe

C:\Windows\System\rzMsvNo.exe

C:\Windows\System\rzMsvNo.exe

C:\Windows\System\SceYsQa.exe

C:\Windows\System\SceYsQa.exe

C:\Windows\System\UmoMpyY.exe

C:\Windows\System\UmoMpyY.exe

C:\Windows\System\JSNGDzH.exe

C:\Windows\System\JSNGDzH.exe

C:\Windows\System\HnyrHZQ.exe

C:\Windows\System\HnyrHZQ.exe

C:\Windows\System\NwuKuMA.exe

C:\Windows\System\NwuKuMA.exe

C:\Windows\System\ALWapwZ.exe

C:\Windows\System\ALWapwZ.exe

C:\Windows\System\rAHoleH.exe

C:\Windows\System\rAHoleH.exe

C:\Windows\System\YZmVgwG.exe

C:\Windows\System\YZmVgwG.exe

C:\Windows\System\spBftJO.exe

C:\Windows\System\spBftJO.exe

C:\Windows\System\YqXwkGr.exe

C:\Windows\System\YqXwkGr.exe

C:\Windows\System\eAOllCQ.exe

C:\Windows\System\eAOllCQ.exe

C:\Windows\System\UccfIXg.exe

C:\Windows\System\UccfIXg.exe

C:\Windows\System\xIYHCtY.exe

C:\Windows\System\xIYHCtY.exe

C:\Windows\System\FouCAIe.exe

C:\Windows\System\FouCAIe.exe

C:\Windows\System\ZHfeTCB.exe

C:\Windows\System\ZHfeTCB.exe

C:\Windows\System\DpuJHdC.exe

C:\Windows\System\DpuJHdC.exe

C:\Windows\System\ktMUPmH.exe

C:\Windows\System\ktMUPmH.exe

C:\Windows\System\ZDNgTBV.exe

C:\Windows\System\ZDNgTBV.exe

C:\Windows\System\YRTEyMO.exe

C:\Windows\System\YRTEyMO.exe

C:\Windows\System\AWOKlGy.exe

C:\Windows\System\AWOKlGy.exe

C:\Windows\System\KbyuTWI.exe

C:\Windows\System\KbyuTWI.exe

C:\Windows\System\exTQQwV.exe

C:\Windows\System\exTQQwV.exe

C:\Windows\System\NLKhsmT.exe

C:\Windows\System\NLKhsmT.exe

C:\Windows\System\EzbBMgU.exe

C:\Windows\System\EzbBMgU.exe

C:\Windows\System\VokxAlw.exe

C:\Windows\System\VokxAlw.exe

C:\Windows\System\YLIWIOV.exe

C:\Windows\System\YLIWIOV.exe

C:\Windows\System\BpmLiSr.exe

C:\Windows\System\BpmLiSr.exe

C:\Windows\System\EALVVgF.exe

C:\Windows\System\EALVVgF.exe

C:\Windows\System\Jwnpncb.exe

C:\Windows\System\Jwnpncb.exe

C:\Windows\System\jPhuJBx.exe

C:\Windows\System\jPhuJBx.exe

C:\Windows\System\YYOiyhr.exe

C:\Windows\System\YYOiyhr.exe

C:\Windows\System\ynGZnuE.exe

C:\Windows\System\ynGZnuE.exe

C:\Windows\System\hcOTMEl.exe

C:\Windows\System\hcOTMEl.exe

C:\Windows\System\NFsoTtw.exe

C:\Windows\System\NFsoTtw.exe

C:\Windows\System\yhsoHmI.exe

C:\Windows\System\yhsoHmI.exe

C:\Windows\System\GIKwjby.exe

C:\Windows\System\GIKwjby.exe

C:\Windows\System\awWuNid.exe

C:\Windows\System\awWuNid.exe

C:\Windows\System\eGjCutn.exe

C:\Windows\System\eGjCutn.exe

C:\Windows\System\gfCdwZq.exe

C:\Windows\System\gfCdwZq.exe

C:\Windows\System\AXhyfRM.exe

C:\Windows\System\AXhyfRM.exe

C:\Windows\System\ekLEfdq.exe

C:\Windows\System\ekLEfdq.exe

C:\Windows\System\VUTPDCl.exe

C:\Windows\System\VUTPDCl.exe

C:\Windows\System\uczvoIu.exe

C:\Windows\System\uczvoIu.exe

C:\Windows\System\MHENwSq.exe

C:\Windows\System\MHENwSq.exe

C:\Windows\System\fseAKtJ.exe

C:\Windows\System\fseAKtJ.exe

C:\Windows\System\cgXHtSA.exe

C:\Windows\System\cgXHtSA.exe

C:\Windows\System\xDCkvcA.exe

C:\Windows\System\xDCkvcA.exe

C:\Windows\System\qgzXlKL.exe

C:\Windows\System\qgzXlKL.exe

C:\Windows\System\GkzGfWb.exe

C:\Windows\System\GkzGfWb.exe

C:\Windows\System\jMQgJCV.exe

C:\Windows\System\jMQgJCV.exe

C:\Windows\System\PrxapSS.exe

C:\Windows\System\PrxapSS.exe

C:\Windows\System\ewcUtgK.exe

C:\Windows\System\ewcUtgK.exe

C:\Windows\System\qWuDmES.exe

C:\Windows\System\qWuDmES.exe

C:\Windows\System\gMosjpn.exe

C:\Windows\System\gMosjpn.exe

C:\Windows\System\NmYooQo.exe

C:\Windows\System\NmYooQo.exe

C:\Windows\System\CIVqmYC.exe

C:\Windows\System\CIVqmYC.exe

C:\Windows\System\fVqAbrb.exe

C:\Windows\System\fVqAbrb.exe

C:\Windows\System\kQVKTWI.exe

C:\Windows\System\kQVKTWI.exe

C:\Windows\System\ixanQIf.exe

C:\Windows\System\ixanQIf.exe

C:\Windows\System\apptkts.exe

C:\Windows\System\apptkts.exe

C:\Windows\System\FcVzSkT.exe

C:\Windows\System\FcVzSkT.exe

C:\Windows\System\gPMTxgw.exe

C:\Windows\System\gPMTxgw.exe

C:\Windows\System\trxhsGx.exe

C:\Windows\System\trxhsGx.exe

C:\Windows\System\DZgkude.exe

C:\Windows\System\DZgkude.exe

C:\Windows\System\rnaASIx.exe

C:\Windows\System\rnaASIx.exe

C:\Windows\System\jMFItcl.exe

C:\Windows\System\jMFItcl.exe

C:\Windows\System\KOhtUSK.exe

C:\Windows\System\KOhtUSK.exe

C:\Windows\System\BmWxuRY.exe

C:\Windows\System\BmWxuRY.exe

C:\Windows\System\jEQpelk.exe

C:\Windows\System\jEQpelk.exe

C:\Windows\System\VqdDfgd.exe

C:\Windows\System\VqdDfgd.exe

C:\Windows\System\qoSJWdY.exe

C:\Windows\System\qoSJWdY.exe

C:\Windows\System\zhHaIus.exe

C:\Windows\System\zhHaIus.exe

C:\Windows\System\oMtFrZd.exe

C:\Windows\System\oMtFrZd.exe

C:\Windows\System\YuNSTDx.exe

C:\Windows\System\YuNSTDx.exe

C:\Windows\System\vgGrjSr.exe

C:\Windows\System\vgGrjSr.exe

C:\Windows\System\HpPVltO.exe

C:\Windows\System\HpPVltO.exe

C:\Windows\System\UAoJpaV.exe

C:\Windows\System\UAoJpaV.exe

C:\Windows\System\RbuKqUK.exe

C:\Windows\System\RbuKqUK.exe

C:\Windows\System\EHIchoY.exe

C:\Windows\System\EHIchoY.exe

C:\Windows\System\qbRFnqZ.exe

C:\Windows\System\qbRFnqZ.exe

C:\Windows\System\hoAMbLo.exe

C:\Windows\System\hoAMbLo.exe

C:\Windows\System\SOgQEYn.exe

C:\Windows\System\SOgQEYn.exe

C:\Windows\System\zQxJzXR.exe

C:\Windows\System\zQxJzXR.exe

C:\Windows\System\lIhPRVP.exe

C:\Windows\System\lIhPRVP.exe

C:\Windows\System\gZcqxdT.exe

C:\Windows\System\gZcqxdT.exe

C:\Windows\System\JSEDvGC.exe

C:\Windows\System\JSEDvGC.exe

C:\Windows\System\NvJdQFH.exe

C:\Windows\System\NvJdQFH.exe

C:\Windows\System\APVYcOq.exe

C:\Windows\System\APVYcOq.exe

C:\Windows\System\WgqwOTP.exe

C:\Windows\System\WgqwOTP.exe

C:\Windows\System\oYvwaRO.exe

C:\Windows\System\oYvwaRO.exe

C:\Windows\System\qTTDcgx.exe

C:\Windows\System\qTTDcgx.exe

C:\Windows\System\lewBbAk.exe

C:\Windows\System\lewBbAk.exe

C:\Windows\System\hHgwZLE.exe

C:\Windows\System\hHgwZLE.exe

C:\Windows\System\eIAPwUi.exe

C:\Windows\System\eIAPwUi.exe

C:\Windows\System\DHTSvCE.exe

C:\Windows\System\DHTSvCE.exe

C:\Windows\System\wUmDqyP.exe

C:\Windows\System\wUmDqyP.exe

C:\Windows\System\wBwAVAj.exe

C:\Windows\System\wBwAVAj.exe

C:\Windows\System\SmApTLl.exe

C:\Windows\System\SmApTLl.exe

C:\Windows\System\MWlGOPa.exe

C:\Windows\System\MWlGOPa.exe

C:\Windows\System\orGqoQs.exe

C:\Windows\System\orGqoQs.exe

C:\Windows\System\JNWIUFM.exe

C:\Windows\System\JNWIUFM.exe

C:\Windows\System\hHAdHAC.exe

C:\Windows\System\hHAdHAC.exe

C:\Windows\System\dmMeAeu.exe

C:\Windows\System\dmMeAeu.exe

C:\Windows\System\pDXyZRs.exe

C:\Windows\System\pDXyZRs.exe

C:\Windows\System\iTLtOiy.exe

C:\Windows\System\iTLtOiy.exe

C:\Windows\System\yxbYEIq.exe

C:\Windows\System\yxbYEIq.exe

C:\Windows\System\uvTSHTp.exe

C:\Windows\System\uvTSHTp.exe

C:\Windows\System\BxpnYLL.exe

C:\Windows\System\BxpnYLL.exe

C:\Windows\System\xaanumP.exe

C:\Windows\System\xaanumP.exe

C:\Windows\System\UPblozx.exe

C:\Windows\System\UPblozx.exe

C:\Windows\System\UvYknrA.exe

C:\Windows\System\UvYknrA.exe

C:\Windows\System\bSCYNfn.exe

C:\Windows\System\bSCYNfn.exe

C:\Windows\System\BVpqjKA.exe

C:\Windows\System\BVpqjKA.exe

C:\Windows\System\jajhBVf.exe

C:\Windows\System\jajhBVf.exe

C:\Windows\System\HgJeNuQ.exe

C:\Windows\System\HgJeNuQ.exe

C:\Windows\System\PawcPQa.exe

C:\Windows\System\PawcPQa.exe

C:\Windows\System\RxKifxE.exe

C:\Windows\System\RxKifxE.exe

C:\Windows\System\Vnbgsna.exe

C:\Windows\System\Vnbgsna.exe

C:\Windows\System\XwmFWuX.exe

C:\Windows\System\XwmFWuX.exe

C:\Windows\System\EQdNAsl.exe

C:\Windows\System\EQdNAsl.exe

C:\Windows\System\MtMxJWn.exe

C:\Windows\System\MtMxJWn.exe

C:\Windows\System\RTZXruD.exe

C:\Windows\System\RTZXruD.exe

C:\Windows\System\Gmjomal.exe

C:\Windows\System\Gmjomal.exe

C:\Windows\System\JlsItwL.exe

C:\Windows\System\JlsItwL.exe

C:\Windows\System\YxdkovU.exe

C:\Windows\System\YxdkovU.exe

C:\Windows\System\HVIWOoL.exe

C:\Windows\System\HVIWOoL.exe

C:\Windows\System\LFLcSYE.exe

C:\Windows\System\LFLcSYE.exe

C:\Windows\System\ZFUjVRm.exe

C:\Windows\System\ZFUjVRm.exe

C:\Windows\System\UNeCaib.exe

C:\Windows\System\UNeCaib.exe

C:\Windows\System\nsFqBqH.exe

C:\Windows\System\nsFqBqH.exe

C:\Windows\System\lTMmBZj.exe

C:\Windows\System\lTMmBZj.exe

C:\Windows\System\HsPdEDv.exe

C:\Windows\System\HsPdEDv.exe

C:\Windows\System\bTWyXmy.exe

C:\Windows\System\bTWyXmy.exe

C:\Windows\System\itxiDlX.exe

C:\Windows\System\itxiDlX.exe

C:\Windows\System\JojzuFs.exe

C:\Windows\System\JojzuFs.exe

C:\Windows\System\NCOSEYa.exe

C:\Windows\System\NCOSEYa.exe

C:\Windows\System\AuOkPbH.exe

C:\Windows\System\AuOkPbH.exe

C:\Windows\System\jEjKnHE.exe

C:\Windows\System\jEjKnHE.exe

C:\Windows\System\iVlsKMj.exe

C:\Windows\System\iVlsKMj.exe

C:\Windows\System\GZyYUYv.exe

C:\Windows\System\GZyYUYv.exe

C:\Windows\System\OSjeIHA.exe

C:\Windows\System\OSjeIHA.exe

C:\Windows\System\EFWVyxN.exe

C:\Windows\System\EFWVyxN.exe

C:\Windows\System\UGnXGLq.exe

C:\Windows\System\UGnXGLq.exe

C:\Windows\System\GAMzrXa.exe

C:\Windows\System\GAMzrXa.exe

C:\Windows\System\azAkiCN.exe

C:\Windows\System\azAkiCN.exe

C:\Windows\System\pjqiNjW.exe

C:\Windows\System\pjqiNjW.exe

C:\Windows\System\HBythFa.exe

C:\Windows\System\HBythFa.exe

C:\Windows\System\LtxZYaY.exe

C:\Windows\System\LtxZYaY.exe

C:\Windows\System\zgVckAP.exe

C:\Windows\System\zgVckAP.exe

C:\Windows\System\YDSynGt.exe

C:\Windows\System\YDSynGt.exe

C:\Windows\System\kjiaqaq.exe

C:\Windows\System\kjiaqaq.exe

C:\Windows\System\vrKHQEs.exe

C:\Windows\System\vrKHQEs.exe

C:\Windows\System\DjkXBHQ.exe

C:\Windows\System\DjkXBHQ.exe

C:\Windows\System\SEcYrzn.exe

C:\Windows\System\SEcYrzn.exe

C:\Windows\System\ajDBRqY.exe

C:\Windows\System\ajDBRqY.exe

C:\Windows\System\isiMjWC.exe

C:\Windows\System\isiMjWC.exe

C:\Windows\System\YDMGvvB.exe

C:\Windows\System\YDMGvvB.exe

C:\Windows\System\QBEFitP.exe

C:\Windows\System\QBEFitP.exe

C:\Windows\System\eZdDxtw.exe

C:\Windows\System\eZdDxtw.exe

C:\Windows\System\VnlXmqj.exe

C:\Windows\System\VnlXmqj.exe

C:\Windows\System\DRHaIJc.exe

C:\Windows\System\DRHaIJc.exe

C:\Windows\System\qxvlzNQ.exe

C:\Windows\System\qxvlzNQ.exe

C:\Windows\System\oNeStrh.exe

C:\Windows\System\oNeStrh.exe

C:\Windows\System\rBjHKqM.exe

C:\Windows\System\rBjHKqM.exe

C:\Windows\System\XINgbgN.exe

C:\Windows\System\XINgbgN.exe

C:\Windows\System\MfmbWQM.exe

C:\Windows\System\MfmbWQM.exe

C:\Windows\System\rDXIrdW.exe

C:\Windows\System\rDXIrdW.exe

C:\Windows\System\LhclLgl.exe

C:\Windows\System\LhclLgl.exe

C:\Windows\System\ORJyPJe.exe

C:\Windows\System\ORJyPJe.exe

C:\Windows\System\yPWPmGM.exe

C:\Windows\System\yPWPmGM.exe

C:\Windows\System\AvxMhmC.exe

C:\Windows\System\AvxMhmC.exe

C:\Windows\System\SbXGKNQ.exe

C:\Windows\System\SbXGKNQ.exe

C:\Windows\System\CHFtVGu.exe

C:\Windows\System\CHFtVGu.exe

C:\Windows\System\DBwzNul.exe

C:\Windows\System\DBwzNul.exe

C:\Windows\System\wyvtBvD.exe

C:\Windows\System\wyvtBvD.exe

C:\Windows\System\WtYQpgs.exe

C:\Windows\System\WtYQpgs.exe

C:\Windows\System\Fhlrwvg.exe

C:\Windows\System\Fhlrwvg.exe

C:\Windows\System\thVMajf.exe

C:\Windows\System\thVMajf.exe

C:\Windows\System\MKjNsrU.exe

C:\Windows\System\MKjNsrU.exe

C:\Windows\System\MHALCyI.exe

C:\Windows\System\MHALCyI.exe

C:\Windows\System\CWNbYFu.exe

C:\Windows\System\CWNbYFu.exe

C:\Windows\System\ydzXEVN.exe

C:\Windows\System\ydzXEVN.exe

C:\Windows\System\oyhWExa.exe

C:\Windows\System\oyhWExa.exe

C:\Windows\System\rhnjazO.exe

C:\Windows\System\rhnjazO.exe

C:\Windows\System\dYvaaKy.exe

C:\Windows\System\dYvaaKy.exe

C:\Windows\System\QzALKqH.exe

C:\Windows\System\QzALKqH.exe

C:\Windows\System\ZBTwjrp.exe

C:\Windows\System\ZBTwjrp.exe

C:\Windows\System\koARAts.exe

C:\Windows\System\koARAts.exe

C:\Windows\System\BARzmHL.exe

C:\Windows\System\BARzmHL.exe

C:\Windows\System\mWwrMed.exe

C:\Windows\System\mWwrMed.exe

C:\Windows\System\WflDdcp.exe

C:\Windows\System\WflDdcp.exe

C:\Windows\System\hLPEcBa.exe

C:\Windows\System\hLPEcBa.exe

C:\Windows\System\JwDQIiE.exe

C:\Windows\System\JwDQIiE.exe

C:\Windows\System\uezrBTW.exe

C:\Windows\System\uezrBTW.exe

C:\Windows\System\KDHiWvE.exe

C:\Windows\System\KDHiWvE.exe

C:\Windows\System\masBjqp.exe

C:\Windows\System\masBjqp.exe

C:\Windows\System\xHDKbTx.exe

C:\Windows\System\xHDKbTx.exe

C:\Windows\System\rfJNBUt.exe

C:\Windows\System\rfJNBUt.exe

C:\Windows\System\RMMlIng.exe

C:\Windows\System\RMMlIng.exe

C:\Windows\System\wJwgkKZ.exe

C:\Windows\System\wJwgkKZ.exe

C:\Windows\System\okQvxbI.exe

C:\Windows\System\okQvxbI.exe

C:\Windows\System\XXUhOix.exe

C:\Windows\System\XXUhOix.exe

C:\Windows\System\LxMfBfQ.exe

C:\Windows\System\LxMfBfQ.exe

C:\Windows\System\BQbziND.exe

C:\Windows\System\BQbziND.exe

C:\Windows\System\FtWdErj.exe

C:\Windows\System\FtWdErj.exe

C:\Windows\System\QrsSQEG.exe

C:\Windows\System\QrsSQEG.exe

C:\Windows\System\UtDCCsP.exe

C:\Windows\System\UtDCCsP.exe

C:\Windows\System\USdczcP.exe

C:\Windows\System\USdczcP.exe

C:\Windows\System\oFqqaaw.exe

C:\Windows\System\oFqqaaw.exe

C:\Windows\System\ypEDGRK.exe

C:\Windows\System\ypEDGRK.exe

C:\Windows\System\KMWPCDw.exe

C:\Windows\System\KMWPCDw.exe

C:\Windows\System\ouyrlZQ.exe

C:\Windows\System\ouyrlZQ.exe

C:\Windows\System\daqgeGB.exe

C:\Windows\System\daqgeGB.exe

C:\Windows\System\DvlnWID.exe

C:\Windows\System\DvlnWID.exe

C:\Windows\System\wTXYaMM.exe

C:\Windows\System\wTXYaMM.exe

C:\Windows\System\MiSsUhQ.exe

C:\Windows\System\MiSsUhQ.exe

C:\Windows\System\lCkyToF.exe

C:\Windows\System\lCkyToF.exe

C:\Windows\System\apxQkoG.exe

C:\Windows\System\apxQkoG.exe

C:\Windows\System\PNmyLnQ.exe

C:\Windows\System\PNmyLnQ.exe

C:\Windows\System\HudZNVP.exe

C:\Windows\System\HudZNVP.exe

C:\Windows\System\gNzvOSl.exe

C:\Windows\System\gNzvOSl.exe

C:\Windows\System\fiBohrq.exe

C:\Windows\System\fiBohrq.exe

C:\Windows\System\tnokaGb.exe

C:\Windows\System\tnokaGb.exe

C:\Windows\System\McUyxeY.exe

C:\Windows\System\McUyxeY.exe

C:\Windows\System\ntLIGzZ.exe

C:\Windows\System\ntLIGzZ.exe

C:\Windows\System\gCFwrqg.exe

C:\Windows\System\gCFwrqg.exe

C:\Windows\System\KteRdnN.exe

C:\Windows\System\KteRdnN.exe

C:\Windows\System\JLSGHik.exe

C:\Windows\System\JLSGHik.exe

C:\Windows\System\yVAkJme.exe

C:\Windows\System\yVAkJme.exe

C:\Windows\System\LjOHnSd.exe

C:\Windows\System\LjOHnSd.exe

C:\Windows\System\IZXzoyF.exe

C:\Windows\System\IZXzoyF.exe

C:\Windows\System\kRXXdMv.exe

C:\Windows\System\kRXXdMv.exe

C:\Windows\System\WDQUKSY.exe

C:\Windows\System\WDQUKSY.exe

C:\Windows\System\IYlWTwz.exe

C:\Windows\System\IYlWTwz.exe

C:\Windows\System\MaDpgIz.exe

C:\Windows\System\MaDpgIz.exe

C:\Windows\System\vkiObdw.exe

C:\Windows\System\vkiObdw.exe

C:\Windows\System\dRPlEGT.exe

C:\Windows\System\dRPlEGT.exe

C:\Windows\System\HriacKZ.exe

C:\Windows\System\HriacKZ.exe

C:\Windows\System\cFfuJVC.exe

C:\Windows\System\cFfuJVC.exe

C:\Windows\System\UOVHBcj.exe

C:\Windows\System\UOVHBcj.exe

C:\Windows\System\EthkAaw.exe

C:\Windows\System\EthkAaw.exe

C:\Windows\System\mSeSrRk.exe

C:\Windows\System\mSeSrRk.exe

C:\Windows\System\cNlzLzA.exe

C:\Windows\System\cNlzLzA.exe

C:\Windows\System\yjSAZJt.exe

C:\Windows\System\yjSAZJt.exe

C:\Windows\System\tMwPgWm.exe

C:\Windows\System\tMwPgWm.exe

C:\Windows\System\XTRwtOT.exe

C:\Windows\System\XTRwtOT.exe

C:\Windows\System\WPxgzuI.exe

C:\Windows\System\WPxgzuI.exe

C:\Windows\System\CtNHcGZ.exe

C:\Windows\System\CtNHcGZ.exe

C:\Windows\System\ObngVwx.exe

C:\Windows\System\ObngVwx.exe

C:\Windows\System\pluapVF.exe

C:\Windows\System\pluapVF.exe

C:\Windows\System\eiZeBxi.exe

C:\Windows\System\eiZeBxi.exe

C:\Windows\System\zUOddXF.exe

C:\Windows\System\zUOddXF.exe

C:\Windows\System\UBotliC.exe

C:\Windows\System\UBotliC.exe

C:\Windows\System\VrxEdBm.exe

C:\Windows\System\VrxEdBm.exe

C:\Windows\System\xFFSXpB.exe

C:\Windows\System\xFFSXpB.exe

C:\Windows\System\POokQgE.exe

C:\Windows\System\POokQgE.exe

C:\Windows\System\LWyrRwo.exe

C:\Windows\System\LWyrRwo.exe

C:\Windows\System\jdhPZsm.exe

C:\Windows\System\jdhPZsm.exe

C:\Windows\System\FAcEsBf.exe

C:\Windows\System\FAcEsBf.exe

C:\Windows\System\gDLFdDC.exe

C:\Windows\System\gDLFdDC.exe

C:\Windows\System\tYLNULx.exe

C:\Windows\System\tYLNULx.exe

C:\Windows\System\kFPthdC.exe

C:\Windows\System\kFPthdC.exe

C:\Windows\System\VPfoDeP.exe

C:\Windows\System\VPfoDeP.exe

C:\Windows\System\ymeqwzl.exe

C:\Windows\System\ymeqwzl.exe

C:\Windows\System\kCUbCJc.exe

C:\Windows\System\kCUbCJc.exe

C:\Windows\System\qgEqFaq.exe

C:\Windows\System\qgEqFaq.exe

C:\Windows\System\qOptHxi.exe

C:\Windows\System\qOptHxi.exe

C:\Windows\System\FHxfNID.exe

C:\Windows\System\FHxfNID.exe

C:\Windows\System\LanaTTY.exe

C:\Windows\System\LanaTTY.exe

C:\Windows\System\kEHXgVH.exe

C:\Windows\System\kEHXgVH.exe

C:\Windows\System\wEIWvXs.exe

C:\Windows\System\wEIWvXs.exe

C:\Windows\System\hhKUQMO.exe

C:\Windows\System\hhKUQMO.exe

C:\Windows\System\BPdDxMP.exe

C:\Windows\System\BPdDxMP.exe

C:\Windows\System\VQRynzQ.exe

C:\Windows\System\VQRynzQ.exe

C:\Windows\System\WVxUgJv.exe

C:\Windows\System\WVxUgJv.exe

C:\Windows\System\CikqExD.exe

C:\Windows\System\CikqExD.exe

C:\Windows\System\pQKgxMz.exe

C:\Windows\System\pQKgxMz.exe

C:\Windows\System\bLFovbl.exe

C:\Windows\System\bLFovbl.exe

C:\Windows\System\AuGOVTJ.exe

C:\Windows\System\AuGOVTJ.exe

C:\Windows\System\fiZMcih.exe

C:\Windows\System\fiZMcih.exe

C:\Windows\System\qdRKLjN.exe

C:\Windows\System\qdRKLjN.exe

C:\Windows\System\xLxCtxS.exe

C:\Windows\System\xLxCtxS.exe

C:\Windows\System\zwQqdIG.exe

C:\Windows\System\zwQqdIG.exe

C:\Windows\System\pTtapTL.exe

C:\Windows\System\pTtapTL.exe

C:\Windows\System\SQOGUlN.exe

C:\Windows\System\SQOGUlN.exe

C:\Windows\System\WfvvbgZ.exe

C:\Windows\System\WfvvbgZ.exe

C:\Windows\System\AYoKEcd.exe

C:\Windows\System\AYoKEcd.exe

C:\Windows\System\hyRjsFC.exe

C:\Windows\System\hyRjsFC.exe

C:\Windows\System\OFkzJAU.exe

C:\Windows\System\OFkzJAU.exe

C:\Windows\System\rsPJDPs.exe

C:\Windows\System\rsPJDPs.exe

C:\Windows\System\KvBjoXS.exe

C:\Windows\System\KvBjoXS.exe

C:\Windows\System\AIpwFIL.exe

C:\Windows\System\AIpwFIL.exe

C:\Windows\System\LnFKUAV.exe

C:\Windows\System\LnFKUAV.exe

C:\Windows\System\LfKDmWi.exe

C:\Windows\System\LfKDmWi.exe

C:\Windows\System\iOkWyoI.exe

C:\Windows\System\iOkWyoI.exe

C:\Windows\System\SjCcvyS.exe

C:\Windows\System\SjCcvyS.exe

C:\Windows\System\ytoiMIq.exe

C:\Windows\System\ytoiMIq.exe

C:\Windows\System\jyGewVL.exe

C:\Windows\System\jyGewVL.exe

C:\Windows\System\WtIInOG.exe

C:\Windows\System\WtIInOG.exe

C:\Windows\System\Zpjaxyr.exe

C:\Windows\System\Zpjaxyr.exe

C:\Windows\System\OpAsACo.exe

C:\Windows\System\OpAsACo.exe

C:\Windows\System\zQWhJjH.exe

C:\Windows\System\zQWhJjH.exe

C:\Windows\System\UbZoztY.exe

C:\Windows\System\UbZoztY.exe

C:\Windows\System\kcVUmkK.exe

C:\Windows\System\kcVUmkK.exe

C:\Windows\System\AlGbyHq.exe

C:\Windows\System\AlGbyHq.exe

C:\Windows\System\cIXbRHC.exe

C:\Windows\System\cIXbRHC.exe

C:\Windows\System\uTizTKi.exe

C:\Windows\System\uTizTKi.exe

C:\Windows\System\czxVtKy.exe

C:\Windows\System\czxVtKy.exe

C:\Windows\System\ZYdCtyL.exe

C:\Windows\System\ZYdCtyL.exe

C:\Windows\System\BFMxdQF.exe

C:\Windows\System\BFMxdQF.exe

C:\Windows\System\MIrqYQJ.exe

C:\Windows\System\MIrqYQJ.exe

C:\Windows\System\qmmSSdg.exe

C:\Windows\System\qmmSSdg.exe

C:\Windows\System\MhwuiIK.exe

C:\Windows\System\MhwuiIK.exe

C:\Windows\System\JMMLRMn.exe

C:\Windows\System\JMMLRMn.exe

C:\Windows\System\MIHLjlg.exe

C:\Windows\System\MIHLjlg.exe

C:\Windows\System\rbpbAPZ.exe

C:\Windows\System\rbpbAPZ.exe

C:\Windows\System\GbeaDIr.exe

C:\Windows\System\GbeaDIr.exe

C:\Windows\System\YTQlwen.exe

C:\Windows\System\YTQlwen.exe

C:\Windows\System\kihznQF.exe

C:\Windows\System\kihznQF.exe

C:\Windows\System\jztfnbe.exe

C:\Windows\System\jztfnbe.exe

C:\Windows\System\JLuyjvf.exe

C:\Windows\System\JLuyjvf.exe

C:\Windows\System\OymBOtj.exe

C:\Windows\System\OymBOtj.exe

C:\Windows\System\qnJpauL.exe

C:\Windows\System\qnJpauL.exe

C:\Windows\System\nsTjUVv.exe

C:\Windows\System\nsTjUVv.exe

C:\Windows\System\YDOKFHy.exe

C:\Windows\System\YDOKFHy.exe

C:\Windows\System\ymqRzEy.exe

C:\Windows\System\ymqRzEy.exe

C:\Windows\System\dCicpzo.exe

C:\Windows\System\dCicpzo.exe

C:\Windows\System\twiZgHX.exe

C:\Windows\System\twiZgHX.exe

C:\Windows\System\cnUAEQX.exe

C:\Windows\System\cnUAEQX.exe

C:\Windows\System\vDvmhRB.exe

C:\Windows\System\vDvmhRB.exe

C:\Windows\System\fQiuOHq.exe

C:\Windows\System\fQiuOHq.exe

C:\Windows\System\cmsILEp.exe

C:\Windows\System\cmsILEp.exe

C:\Windows\System\rlQzjnS.exe

C:\Windows\System\rlQzjnS.exe

C:\Windows\System\EKTJbQY.exe

C:\Windows\System\EKTJbQY.exe

C:\Windows\System\gCaCuzn.exe

C:\Windows\System\gCaCuzn.exe

C:\Windows\System\MrGywMa.exe

C:\Windows\System\MrGywMa.exe

C:\Windows\System\fwJyiAV.exe

C:\Windows\System\fwJyiAV.exe

C:\Windows\System\vZEYAJX.exe

C:\Windows\System\vZEYAJX.exe

C:\Windows\System\lzPkFHk.exe

C:\Windows\System\lzPkFHk.exe

C:\Windows\System\QmnVKfe.exe

C:\Windows\System\QmnVKfe.exe

C:\Windows\System\ndZFQCq.exe

C:\Windows\System\ndZFQCq.exe

C:\Windows\System\SCyFJYm.exe

C:\Windows\System\SCyFJYm.exe

C:\Windows\System\XxOodhy.exe

C:\Windows\System\XxOodhy.exe

C:\Windows\System\tgvCQLP.exe

C:\Windows\System\tgvCQLP.exe

C:\Windows\System\PnnDRUk.exe

C:\Windows\System\PnnDRUk.exe

C:\Windows\System\tHcnbuP.exe

C:\Windows\System\tHcnbuP.exe

C:\Windows\System\tNKEHdV.exe

C:\Windows\System\tNKEHdV.exe

C:\Windows\System\SYOobdy.exe

C:\Windows\System\SYOobdy.exe

C:\Windows\System\TlXUTDS.exe

C:\Windows\System\TlXUTDS.exe

C:\Windows\System\dfCbLGL.exe

C:\Windows\System\dfCbLGL.exe

C:\Windows\System\DlxAJbW.exe

C:\Windows\System\DlxAJbW.exe

C:\Windows\System\RZdjoIR.exe

C:\Windows\System\RZdjoIR.exe

C:\Windows\System\CZvvzCH.exe

C:\Windows\System\CZvvzCH.exe

C:\Windows\System\NbgtUDC.exe

C:\Windows\System\NbgtUDC.exe

C:\Windows\System\BTrfEyd.exe

C:\Windows\System\BTrfEyd.exe

C:\Windows\System\nxKcyTt.exe

C:\Windows\System\nxKcyTt.exe

C:\Windows\System\fvKebuA.exe

C:\Windows\System\fvKebuA.exe

C:\Windows\System\aKsAQvh.exe

C:\Windows\System\aKsAQvh.exe

C:\Windows\System\AHWeXTJ.exe

C:\Windows\System\AHWeXTJ.exe

C:\Windows\System\PedzexG.exe

C:\Windows\System\PedzexG.exe

C:\Windows\System\fqplfgP.exe

C:\Windows\System\fqplfgP.exe

C:\Windows\System\pRDyOVs.exe

C:\Windows\System\pRDyOVs.exe

C:\Windows\System\aHhOObe.exe

C:\Windows\System\aHhOObe.exe

C:\Windows\System\fOYTuiN.exe

C:\Windows\System\fOYTuiN.exe

C:\Windows\System\teAGQVn.exe

C:\Windows\System\teAGQVn.exe

C:\Windows\System\DZypZTZ.exe

C:\Windows\System\DZypZTZ.exe

C:\Windows\System\UNbDAmd.exe

C:\Windows\System\UNbDAmd.exe

C:\Windows\System\JwgjWIn.exe

C:\Windows\System\JwgjWIn.exe

C:\Windows\System\YUptGhr.exe

C:\Windows\System\YUptGhr.exe

C:\Windows\System\tgyqGVl.exe

C:\Windows\System\tgyqGVl.exe

C:\Windows\System\NlhWzKd.exe

C:\Windows\System\NlhWzKd.exe

C:\Windows\System\aLsnTdi.exe

C:\Windows\System\aLsnTdi.exe

C:\Windows\System\cxBzCJp.exe

C:\Windows\System\cxBzCJp.exe

C:\Windows\System\mWYDXsl.exe

C:\Windows\System\mWYDXsl.exe

C:\Windows\System\GtZVggV.exe

C:\Windows\System\GtZVggV.exe

C:\Windows\System\cUWIxPY.exe

C:\Windows\System\cUWIxPY.exe

C:\Windows\System\FvvtBlj.exe

C:\Windows\System\FvvtBlj.exe

C:\Windows\System\SNMvcbX.exe

C:\Windows\System\SNMvcbX.exe

C:\Windows\System\xoAmVaz.exe

C:\Windows\System\xoAmVaz.exe

C:\Windows\System\zREtihQ.exe

C:\Windows\System\zREtihQ.exe

C:\Windows\System\ZfbROmh.exe

C:\Windows\System\ZfbROmh.exe

C:\Windows\System\bDIrZpO.exe

C:\Windows\System\bDIrZpO.exe

C:\Windows\System\EfnXtVs.exe

C:\Windows\System\EfnXtVs.exe

C:\Windows\System\ylJsPKC.exe

C:\Windows\System\ylJsPKC.exe

C:\Windows\System\CFziwAV.exe

C:\Windows\System\CFziwAV.exe

C:\Windows\System\vguGelS.exe

C:\Windows\System\vguGelS.exe

C:\Windows\System\ObswTfs.exe

C:\Windows\System\ObswTfs.exe

C:\Windows\System\iBNVuFG.exe

C:\Windows\System\iBNVuFG.exe

C:\Windows\System\YgoWuqQ.exe

C:\Windows\System\YgoWuqQ.exe

C:\Windows\System\PraCssh.exe

C:\Windows\System\PraCssh.exe

C:\Windows\System\dRnEhtN.exe

C:\Windows\System\dRnEhtN.exe

C:\Windows\System\zMaEljO.exe

C:\Windows\System\zMaEljO.exe

C:\Windows\System\FIWlBlh.exe

C:\Windows\System\FIWlBlh.exe

C:\Windows\System\icSdYHR.exe

C:\Windows\System\icSdYHR.exe

C:\Windows\System\PJdNJUW.exe

C:\Windows\System\PJdNJUW.exe

C:\Windows\System\QdgtzGP.exe

C:\Windows\System\QdgtzGP.exe

C:\Windows\System\xRsWbSB.exe

C:\Windows\System\xRsWbSB.exe

C:\Windows\System\pKIjbEH.exe

C:\Windows\System\pKIjbEH.exe

C:\Windows\System\UYpTQde.exe

C:\Windows\System\UYpTQde.exe

C:\Windows\System\BtkLxYf.exe

C:\Windows\System\BtkLxYf.exe

C:\Windows\System\hxqpJJO.exe

C:\Windows\System\hxqpJJO.exe

C:\Windows\System\eAbBmGe.exe

C:\Windows\System\eAbBmGe.exe

C:\Windows\System\WGNqbgR.exe

C:\Windows\System\WGNqbgR.exe

C:\Windows\System\eKcttGP.exe

C:\Windows\System\eKcttGP.exe

C:\Windows\System\fDjOrnz.exe

C:\Windows\System\fDjOrnz.exe

C:\Windows\System\VldzKrG.exe

C:\Windows\System\VldzKrG.exe

C:\Windows\System\HQDkoEN.exe

C:\Windows\System\HQDkoEN.exe

C:\Windows\System\oTxLJDW.exe

C:\Windows\System\oTxLJDW.exe

C:\Windows\System\hNaJZCe.exe

C:\Windows\System\hNaJZCe.exe

C:\Windows\System\glimhzd.exe

C:\Windows\System\glimhzd.exe

C:\Windows\System\RgSlFZs.exe

C:\Windows\System\RgSlFZs.exe

C:\Windows\System\QQkqkSt.exe

C:\Windows\System\QQkqkSt.exe

C:\Windows\System\lIQRuJI.exe

C:\Windows\System\lIQRuJI.exe

C:\Windows\System\hfmLxRA.exe

C:\Windows\System\hfmLxRA.exe

C:\Windows\System\OusowtG.exe

C:\Windows\System\OusowtG.exe

C:\Windows\System\uPdiECG.exe

C:\Windows\System\uPdiECG.exe

C:\Windows\System\KECbGtp.exe

C:\Windows\System\KECbGtp.exe

C:\Windows\System\BxrfcjJ.exe

C:\Windows\System\BxrfcjJ.exe

C:\Windows\System\VAUmUdh.exe

C:\Windows\System\VAUmUdh.exe

C:\Windows\System\OVEwNki.exe

C:\Windows\System\OVEwNki.exe

C:\Windows\System\UxuZWbF.exe

C:\Windows\System\UxuZWbF.exe

C:\Windows\System\RVWZbyE.exe

C:\Windows\System\RVWZbyE.exe

C:\Windows\System\mbtaGhR.exe

C:\Windows\System\mbtaGhR.exe

C:\Windows\System\SLCEoXz.exe

C:\Windows\System\SLCEoXz.exe

C:\Windows\System\rWvBliv.exe

C:\Windows\System\rWvBliv.exe

C:\Windows\System\mGTXEaj.exe

C:\Windows\System\mGTXEaj.exe

C:\Windows\System\pKUqpUH.exe

C:\Windows\System\pKUqpUH.exe

C:\Windows\System\AKPpNSr.exe

C:\Windows\System\AKPpNSr.exe

C:\Windows\System\yJYyEgS.exe

C:\Windows\System\yJYyEgS.exe

C:\Windows\System\kqoCmja.exe

C:\Windows\System\kqoCmja.exe

C:\Windows\System\ZDPyWxJ.exe

C:\Windows\System\ZDPyWxJ.exe

C:\Windows\System\JSPVfbI.exe

C:\Windows\System\JSPVfbI.exe

C:\Windows\System\PftZMpg.exe

C:\Windows\System\PftZMpg.exe

C:\Windows\System\fiJgIGq.exe

C:\Windows\System\fiJgIGq.exe

C:\Windows\System\HeATbQF.exe

C:\Windows\System\HeATbQF.exe

C:\Windows\System\wPWRzVF.exe

C:\Windows\System\wPWRzVF.exe

C:\Windows\System\eUlzvwo.exe

C:\Windows\System\eUlzvwo.exe

C:\Windows\System\crhKfNw.exe

C:\Windows\System\crhKfNw.exe

C:\Windows\System\kRBNZqM.exe

C:\Windows\System\kRBNZqM.exe

C:\Windows\System\VklILVu.exe

C:\Windows\System\VklILVu.exe

C:\Windows\System\XtahOgW.exe

C:\Windows\System\XtahOgW.exe

C:\Windows\System\aswKoRn.exe

C:\Windows\System\aswKoRn.exe

C:\Windows\System\IJEYvek.exe

C:\Windows\System\IJEYvek.exe

C:\Windows\System\ePRAhQa.exe

C:\Windows\System\ePRAhQa.exe

C:\Windows\System\nMrPVsE.exe

C:\Windows\System\nMrPVsE.exe

C:\Windows\System\iqJqkFF.exe

C:\Windows\System\iqJqkFF.exe

C:\Windows\System\XrKJZjR.exe

C:\Windows\System\XrKJZjR.exe

C:\Windows\System\SFdgzgP.exe

C:\Windows\System\SFdgzgP.exe

C:\Windows\System\UNVvOum.exe

C:\Windows\System\UNVvOum.exe

C:\Windows\System\SMeWudp.exe

C:\Windows\System\SMeWudp.exe

C:\Windows\System\ndLHRUW.exe

C:\Windows\System\ndLHRUW.exe

C:\Windows\System\FSTLejx.exe

C:\Windows\System\FSTLejx.exe

C:\Windows\System\fCOELdT.exe

C:\Windows\System\fCOELdT.exe

C:\Windows\System\JoccmOH.exe

C:\Windows\System\JoccmOH.exe

C:\Windows\System\RDVZbad.exe

C:\Windows\System\RDVZbad.exe

C:\Windows\System\zqFhlTy.exe

C:\Windows\System\zqFhlTy.exe

C:\Windows\System\ilNfLrr.exe

C:\Windows\System\ilNfLrr.exe

C:\Windows\System\rKPiwRW.exe

C:\Windows\System\rKPiwRW.exe

C:\Windows\System\wmcCBNc.exe

C:\Windows\System\wmcCBNc.exe

C:\Windows\System\QHBLdGg.exe

C:\Windows\System\QHBLdGg.exe

C:\Windows\System\afrHToS.exe

C:\Windows\System\afrHToS.exe

C:\Windows\System\VPaOCqF.exe

C:\Windows\System\VPaOCqF.exe

C:\Windows\System\RRdBDVT.exe

C:\Windows\System\RRdBDVT.exe

C:\Windows\System\oSibKbq.exe

C:\Windows\System\oSibKbq.exe

C:\Windows\System\PaMNDgq.exe

C:\Windows\System\PaMNDgq.exe

C:\Windows\System\IxxcbDT.exe

C:\Windows\System\IxxcbDT.exe

C:\Windows\System\BIhXlAk.exe

C:\Windows\System\BIhXlAk.exe

C:\Windows\System\sBhGGbD.exe

C:\Windows\System\sBhGGbD.exe

C:\Windows\System\FvcRmIo.exe

C:\Windows\System\FvcRmIo.exe

C:\Windows\System\BIMKBLV.exe

C:\Windows\System\BIMKBLV.exe

C:\Windows\System\EKtccMA.exe

C:\Windows\System\EKtccMA.exe

C:\Windows\System\CAlnZDa.exe

C:\Windows\System\CAlnZDa.exe

C:\Windows\System\XSWLzpr.exe

C:\Windows\System\XSWLzpr.exe

C:\Windows\System\QdLwizx.exe

C:\Windows\System\QdLwizx.exe

C:\Windows\System\XEiwHJZ.exe

C:\Windows\System\XEiwHJZ.exe

C:\Windows\System\yAsdagm.exe

C:\Windows\System\yAsdagm.exe

C:\Windows\System\qUwAVLE.exe

C:\Windows\System\qUwAVLE.exe

C:\Windows\System\ICwAlKU.exe

C:\Windows\System\ICwAlKU.exe

C:\Windows\System\iWnnewq.exe

C:\Windows\System\iWnnewq.exe

C:\Windows\System\udAXgoX.exe

C:\Windows\System\udAXgoX.exe

C:\Windows\System\yyykwGe.exe

C:\Windows\System\yyykwGe.exe

C:\Windows\System\UXmQBDt.exe

C:\Windows\System\UXmQBDt.exe

C:\Windows\System\EaEHAsx.exe

C:\Windows\System\EaEHAsx.exe

C:\Windows\System\lOXpSqS.exe

C:\Windows\System\lOXpSqS.exe

C:\Windows\System\kgQztQb.exe

C:\Windows\System\kgQztQb.exe

C:\Windows\System\xwuLNje.exe

C:\Windows\System\xwuLNje.exe

C:\Windows\System\QTSPwYB.exe

C:\Windows\System\QTSPwYB.exe

C:\Windows\System\PFmRbRV.exe

C:\Windows\System\PFmRbRV.exe

C:\Windows\System\EPLxZtu.exe

C:\Windows\System\EPLxZtu.exe

C:\Windows\System\QdKYySS.exe

C:\Windows\System\QdKYySS.exe

C:\Windows\System\GbflAJB.exe

C:\Windows\System\GbflAJB.exe

C:\Windows\System\qqrvOdv.exe

C:\Windows\System\qqrvOdv.exe

C:\Windows\System\pWOBArD.exe

C:\Windows\System\pWOBArD.exe

C:\Windows\System\oiKXuSe.exe

C:\Windows\System\oiKXuSe.exe

C:\Windows\System\BgkKPxQ.exe

C:\Windows\System\BgkKPxQ.exe

C:\Windows\System\vxEGYOz.exe

C:\Windows\System\vxEGYOz.exe

C:\Windows\System\rKhdZLM.exe

C:\Windows\System\rKhdZLM.exe

C:\Windows\System\EpiVRmH.exe

C:\Windows\System\EpiVRmH.exe

C:\Windows\System\IILAfzO.exe

C:\Windows\System\IILAfzO.exe

C:\Windows\System\eyMUevT.exe

C:\Windows\System\eyMUevT.exe

C:\Windows\System\tccJJfg.exe

C:\Windows\System\tccJJfg.exe

C:\Windows\System\xzHNNAP.exe

C:\Windows\System\xzHNNAP.exe

C:\Windows\System\qlNdpOO.exe

C:\Windows\System\qlNdpOO.exe

C:\Windows\System\POTjCrJ.exe

C:\Windows\System\POTjCrJ.exe

C:\Windows\System\YKLylhN.exe

C:\Windows\System\YKLylhN.exe

C:\Windows\System\QcXXkfp.exe

C:\Windows\System\QcXXkfp.exe

C:\Windows\System\VZkJVWF.exe

C:\Windows\System\VZkJVWF.exe

C:\Windows\System\GZnjjBT.exe

C:\Windows\System\GZnjjBT.exe

C:\Windows\System\DXOogCg.exe

C:\Windows\System\DXOogCg.exe

C:\Windows\System\WJHehfK.exe

C:\Windows\System\WJHehfK.exe

C:\Windows\System\GTPjXHK.exe

C:\Windows\System\GTPjXHK.exe

C:\Windows\System\tPruKaB.exe

C:\Windows\System\tPruKaB.exe

C:\Windows\System\mOAUPef.exe

C:\Windows\System\mOAUPef.exe

C:\Windows\System\naIcTVC.exe

C:\Windows\System\naIcTVC.exe

C:\Windows\System\rwBvXti.exe

C:\Windows\System\rwBvXti.exe

C:\Windows\System\QCiycGj.exe

C:\Windows\System\QCiycGj.exe

C:\Windows\System\YiyBZsQ.exe

C:\Windows\System\YiyBZsQ.exe

C:\Windows\System\CkWSbxw.exe

C:\Windows\System\CkWSbxw.exe

C:\Windows\System\dpsijPo.exe

C:\Windows\System\dpsijPo.exe

C:\Windows\System\llvIGzH.exe

C:\Windows\System\llvIGzH.exe

C:\Windows\System\iJpGYnY.exe

C:\Windows\System\iJpGYnY.exe

C:\Windows\System\PZIKcPU.exe

C:\Windows\System\PZIKcPU.exe

C:\Windows\System\ASOfQqf.exe

C:\Windows\System\ASOfQqf.exe

C:\Windows\System\glQZxLQ.exe

C:\Windows\System\glQZxLQ.exe

C:\Windows\System\QqdLXbz.exe

C:\Windows\System\QqdLXbz.exe

C:\Windows\System\tLhiLRD.exe

C:\Windows\System\tLhiLRD.exe

C:\Windows\System\FCHPFWY.exe

C:\Windows\System\FCHPFWY.exe

C:\Windows\System\JIUtWxd.exe

C:\Windows\System\JIUtWxd.exe

C:\Windows\System\VXAxaIB.exe

C:\Windows\System\VXAxaIB.exe

C:\Windows\System\ULrmJEV.exe

C:\Windows\System\ULrmJEV.exe

C:\Windows\System\aLRuHVf.exe

C:\Windows\System\aLRuHVf.exe

C:\Windows\System\WcYrqeL.exe

C:\Windows\System\WcYrqeL.exe

C:\Windows\System\NsMbuxT.exe

C:\Windows\System\NsMbuxT.exe

C:\Windows\System\xKJyvpb.exe

C:\Windows\System\xKJyvpb.exe

C:\Windows\System\sLpcfei.exe

C:\Windows\System\sLpcfei.exe

C:\Windows\System\pXNJeeL.exe

C:\Windows\System\pXNJeeL.exe

C:\Windows\System\sYPNgXI.exe

C:\Windows\System\sYPNgXI.exe

C:\Windows\System\LiXQUyh.exe

C:\Windows\System\LiXQUyh.exe

C:\Windows\System\TCBSKkn.exe

C:\Windows\System\TCBSKkn.exe

C:\Windows\System\oYQZnPv.exe

C:\Windows\System\oYQZnPv.exe

C:\Windows\System\NCLGgsh.exe

C:\Windows\System\NCLGgsh.exe

C:\Windows\System\UJaeTNX.exe

C:\Windows\System\UJaeTNX.exe

C:\Windows\System\RukIBtc.exe

C:\Windows\System\RukIBtc.exe

C:\Windows\System\vGCbfOq.exe

C:\Windows\System\vGCbfOq.exe

C:\Windows\System\uBwacBO.exe

C:\Windows\System\uBwacBO.exe

C:\Windows\System\UwcYJPv.exe

C:\Windows\System\UwcYJPv.exe

C:\Windows\System\cLwzwuD.exe

C:\Windows\System\cLwzwuD.exe

C:\Windows\System\ExbnZmi.exe

C:\Windows\System\ExbnZmi.exe

C:\Windows\System\ihiXlAy.exe

C:\Windows\System\ihiXlAy.exe

C:\Windows\System\ZKbOZBX.exe

C:\Windows\System\ZKbOZBX.exe

C:\Windows\System\SrbtLkj.exe

C:\Windows\System\SrbtLkj.exe

C:\Windows\System\yZmwmiJ.exe

C:\Windows\System\yZmwmiJ.exe

C:\Windows\System\djTmjpM.exe

C:\Windows\System\djTmjpM.exe

C:\Windows\System\cukvEJf.exe

C:\Windows\System\cukvEJf.exe

C:\Windows\System\cBMbYCw.exe

C:\Windows\System\cBMbYCw.exe

C:\Windows\System\YGAmlxj.exe

C:\Windows\System\YGAmlxj.exe

C:\Windows\System\acQasBZ.exe

C:\Windows\System\acQasBZ.exe

C:\Windows\System\dSaFsiR.exe

C:\Windows\System\dSaFsiR.exe

C:\Windows\System\udCjKcC.exe

C:\Windows\System\udCjKcC.exe

C:\Windows\System\cONiJZD.exe

C:\Windows\System\cONiJZD.exe

C:\Windows\System\vQTmHGH.exe

C:\Windows\System\vQTmHGH.exe

C:\Windows\System\jyLcTPe.exe

C:\Windows\System\jyLcTPe.exe

C:\Windows\System\yMYmXVM.exe

C:\Windows\System\yMYmXVM.exe

C:\Windows\System\chPkzqY.exe

C:\Windows\System\chPkzqY.exe

C:\Windows\System\ivJCyhR.exe

C:\Windows\System\ivJCyhR.exe

C:\Windows\System\zvKtqJx.exe

C:\Windows\System\zvKtqJx.exe

C:\Windows\System\khDujjk.exe

C:\Windows\System\khDujjk.exe

C:\Windows\System\ElYNBMQ.exe

C:\Windows\System\ElYNBMQ.exe

C:\Windows\System\eTNTjbv.exe

C:\Windows\System\eTNTjbv.exe

C:\Windows\System\ceFHUNw.exe

C:\Windows\System\ceFHUNw.exe

C:\Windows\System\pleckto.exe

C:\Windows\System\pleckto.exe

C:\Windows\System\uPLnCTb.exe

C:\Windows\System\uPLnCTb.exe

C:\Windows\System\RIpfjrt.exe

C:\Windows\System\RIpfjrt.exe

C:\Windows\System\hgiuUfX.exe

C:\Windows\System\hgiuUfX.exe

C:\Windows\System\OzkubdO.exe

C:\Windows\System\OzkubdO.exe

C:\Windows\System\VaIIGfw.exe

C:\Windows\System\VaIIGfw.exe

C:\Windows\System\QqouCMm.exe

C:\Windows\System\QqouCMm.exe

C:\Windows\System\apuBMcw.exe

C:\Windows\System\apuBMcw.exe

C:\Windows\System\ddKLJpu.exe

C:\Windows\System\ddKLJpu.exe

C:\Windows\System\EhLiQfc.exe

C:\Windows\System\EhLiQfc.exe

C:\Windows\System\XsqJyma.exe

C:\Windows\System\XsqJyma.exe

C:\Windows\System\scylaWB.exe

C:\Windows\System\scylaWB.exe

C:\Windows\System\FGMcqTS.exe

C:\Windows\System\FGMcqTS.exe

C:\Windows\System\euYqXCN.exe

C:\Windows\System\euYqXCN.exe

C:\Windows\System\PFKFjQD.exe

C:\Windows\System\PFKFjQD.exe

C:\Windows\System\EPXEwdj.exe

C:\Windows\System\EPXEwdj.exe

C:\Windows\System\KvMqHGC.exe

C:\Windows\System\KvMqHGC.exe

C:\Windows\System\kWXwzuz.exe

C:\Windows\System\kWXwzuz.exe

C:\Windows\System\IISmvpC.exe

C:\Windows\System\IISmvpC.exe

C:\Windows\System\urSqRer.exe

C:\Windows\System\urSqRer.exe

C:\Windows\System\uXRCFtc.exe

C:\Windows\System\uXRCFtc.exe

C:\Windows\System\AYEGMAZ.exe

C:\Windows\System\AYEGMAZ.exe

C:\Windows\System\zLAKgOM.exe

C:\Windows\System\zLAKgOM.exe

C:\Windows\System\BDbjvEE.exe

C:\Windows\System\BDbjvEE.exe

C:\Windows\System\WzQMVYc.exe

C:\Windows\System\WzQMVYc.exe

C:\Windows\System\kTAtgmG.exe

C:\Windows\System\kTAtgmG.exe

C:\Windows\System\cngbZZv.exe

C:\Windows\System\cngbZZv.exe

C:\Windows\System\VoLmysY.exe

C:\Windows\System\VoLmysY.exe

C:\Windows\System\MhxGUiv.exe

C:\Windows\System\MhxGUiv.exe

C:\Windows\System\njcybFt.exe

C:\Windows\System\njcybFt.exe

C:\Windows\System\KgNNSCH.exe

C:\Windows\System\KgNNSCH.exe

C:\Windows\System\oQLTSmS.exe

C:\Windows\System\oQLTSmS.exe

C:\Windows\System\qWDvUPe.exe

C:\Windows\System\qWDvUPe.exe

C:\Windows\System\uLSFKMn.exe

C:\Windows\System\uLSFKMn.exe

C:\Windows\System\WhpKrda.exe

C:\Windows\System\WhpKrda.exe

C:\Windows\System\njiEUNS.exe

C:\Windows\System\njiEUNS.exe

C:\Windows\System\xWuNyvy.exe

C:\Windows\System\xWuNyvy.exe

C:\Windows\System\DwLZoHp.exe

C:\Windows\System\DwLZoHp.exe

C:\Windows\System\KSXkWyN.exe

C:\Windows\System\KSXkWyN.exe

C:\Windows\System\CmxiGOZ.exe

C:\Windows\System\CmxiGOZ.exe

C:\Windows\System\XpLCEIy.exe

C:\Windows\System\XpLCEIy.exe

C:\Windows\System\DFAVuMQ.exe

C:\Windows\System\DFAVuMQ.exe

C:\Windows\System\CbEmkpy.exe

C:\Windows\System\CbEmkpy.exe

C:\Windows\System\xwtBbpL.exe

C:\Windows\System\xwtBbpL.exe

C:\Windows\System\xyarsrh.exe

C:\Windows\System\xyarsrh.exe

C:\Windows\System\jjgFUDe.exe

C:\Windows\System\jjgFUDe.exe

C:\Windows\System\iulrLIt.exe

C:\Windows\System\iulrLIt.exe

C:\Windows\System\DIxBOVd.exe

C:\Windows\System\DIxBOVd.exe

C:\Windows\System\lBpbXqd.exe

C:\Windows\System\lBpbXqd.exe

C:\Windows\System\uFSJbuB.exe

C:\Windows\System\uFSJbuB.exe

C:\Windows\System\aIBqYPw.exe

C:\Windows\System\aIBqYPw.exe

C:\Windows\System\VFzgYAv.exe

C:\Windows\System\VFzgYAv.exe

C:\Windows\System\KVtgXbc.exe

C:\Windows\System\KVtgXbc.exe

C:\Windows\System\GNJYqLg.exe

C:\Windows\System\GNJYqLg.exe

C:\Windows\System\MmCrUbU.exe

C:\Windows\System\MmCrUbU.exe

C:\Windows\System\owDSxPV.exe

C:\Windows\System\owDSxPV.exe

C:\Windows\System\StIgPrf.exe

C:\Windows\System\StIgPrf.exe

C:\Windows\System\WXvMmEI.exe

C:\Windows\System\WXvMmEI.exe

C:\Windows\System\OHOarLw.exe

C:\Windows\System\OHOarLw.exe

C:\Windows\System\pzGFUnt.exe

C:\Windows\System\pzGFUnt.exe

C:\Windows\System\roSPPFs.exe

C:\Windows\System\roSPPFs.exe

C:\Windows\System\reFNcJB.exe

C:\Windows\System\reFNcJB.exe

C:\Windows\System\srwUWjs.exe

C:\Windows\System\srwUWjs.exe

C:\Windows\System\idORICs.exe

C:\Windows\System\idORICs.exe

C:\Windows\System\WkramEj.exe

C:\Windows\System\WkramEj.exe

C:\Windows\System\CUfvIHz.exe

C:\Windows\System\CUfvIHz.exe

C:\Windows\System\VyyheUQ.exe

C:\Windows\System\VyyheUQ.exe

C:\Windows\System\RrOiqIn.exe

C:\Windows\System\RrOiqIn.exe

C:\Windows\System\qSKJKYi.exe

C:\Windows\System\qSKJKYi.exe

C:\Windows\System\cbxXXoV.exe

C:\Windows\System\cbxXXoV.exe

C:\Windows\System\bKVAfnR.exe

C:\Windows\System\bKVAfnR.exe

C:\Windows\System\kimRVTD.exe

C:\Windows\System\kimRVTD.exe

C:\Windows\System\MMexEoo.exe

C:\Windows\System\MMexEoo.exe

C:\Windows\System\ztZuztU.exe

C:\Windows\System\ztZuztU.exe

C:\Windows\System\AjAPXYQ.exe

C:\Windows\System\AjAPXYQ.exe

C:\Windows\System\GQetzlY.exe

C:\Windows\System\GQetzlY.exe

C:\Windows\System\qXVfmks.exe

C:\Windows\System\qXVfmks.exe

C:\Windows\System\UIwLrxg.exe

C:\Windows\System\UIwLrxg.exe

C:\Windows\System\kIcRYMy.exe

C:\Windows\System\kIcRYMy.exe

C:\Windows\System\QtKRkKP.exe

C:\Windows\System\QtKRkKP.exe

C:\Windows\System\umskrOH.exe

C:\Windows\System\umskrOH.exe

C:\Windows\System\IfsIUuR.exe

C:\Windows\System\IfsIUuR.exe

C:\Windows\System\fqLbraJ.exe

C:\Windows\System\fqLbraJ.exe

C:\Windows\System\HenfKMD.exe

C:\Windows\System\HenfKMD.exe

C:\Windows\System\rXldvCj.exe

C:\Windows\System\rXldvCj.exe

C:\Windows\System\ZxzlJGv.exe

C:\Windows\System\ZxzlJGv.exe

C:\Windows\System\lmSsnuN.exe

C:\Windows\System\lmSsnuN.exe

C:\Windows\System\SMOmFzg.exe

C:\Windows\System\SMOmFzg.exe

C:\Windows\System\TRapEsO.exe

C:\Windows\System\TRapEsO.exe

C:\Windows\System\jVZkEkE.exe

C:\Windows\System\jVZkEkE.exe

C:\Windows\System\hIyaxdM.exe

C:\Windows\System\hIyaxdM.exe

C:\Windows\System\hFWGwpE.exe

C:\Windows\System\hFWGwpE.exe

C:\Windows\System\peDXTgH.exe

C:\Windows\System\peDXTgH.exe

C:\Windows\System\nxOmIwB.exe

C:\Windows\System\nxOmIwB.exe

C:\Windows\System\YlptbWa.exe

C:\Windows\System\YlptbWa.exe

C:\Windows\System\zVhxpBx.exe

C:\Windows\System\zVhxpBx.exe

C:\Windows\System\qPImnuD.exe

C:\Windows\System\qPImnuD.exe

C:\Windows\System\IONamHe.exe

C:\Windows\System\IONamHe.exe

C:\Windows\System\pnWtWqp.exe

C:\Windows\System\pnWtWqp.exe

C:\Windows\System\PiXLqXn.exe

C:\Windows\System\PiXLqXn.exe

C:\Windows\System\dFFCWDu.exe

C:\Windows\System\dFFCWDu.exe

C:\Windows\System\hcLesEu.exe

C:\Windows\System\hcLesEu.exe

C:\Windows\System\OQHHWwj.exe

C:\Windows\System\OQHHWwj.exe

C:\Windows\System\DOFDXwZ.exe

C:\Windows\System\DOFDXwZ.exe

C:\Windows\System\oEsXwNz.exe

C:\Windows\System\oEsXwNz.exe

C:\Windows\System\ToqHavW.exe

C:\Windows\System\ToqHavW.exe

C:\Windows\System\kocsEIw.exe

C:\Windows\System\kocsEIw.exe

C:\Windows\System\pNtVPiq.exe

C:\Windows\System\pNtVPiq.exe

C:\Windows\System\PheqASW.exe

C:\Windows\System\PheqASW.exe

C:\Windows\System\zSalzTn.exe

C:\Windows\System\zSalzTn.exe

C:\Windows\System\Hugplwa.exe

C:\Windows\System\Hugplwa.exe

C:\Windows\System\XAKVIwz.exe

C:\Windows\System\XAKVIwz.exe

C:\Windows\System\QyRyXhS.exe

C:\Windows\System\QyRyXhS.exe

C:\Windows\System\UMRlGWz.exe

C:\Windows\System\UMRlGWz.exe

C:\Windows\System\gOVxsMs.exe

C:\Windows\System\gOVxsMs.exe

C:\Windows\System\iEZnmbs.exe

C:\Windows\System\iEZnmbs.exe

C:\Windows\System\fRNyetg.exe

C:\Windows\System\fRNyetg.exe

C:\Windows\System\aJnJbZS.exe

C:\Windows\System\aJnJbZS.exe

C:\Windows\System\YTfVKGC.exe

C:\Windows\System\YTfVKGC.exe

C:\Windows\System\bpunbuW.exe

C:\Windows\System\bpunbuW.exe

C:\Windows\System\xkIwPIQ.exe

C:\Windows\System\xkIwPIQ.exe

C:\Windows\System\BNxdaKs.exe

C:\Windows\System\BNxdaKs.exe

C:\Windows\System\QAuwxdT.exe

C:\Windows\System\QAuwxdT.exe

C:\Windows\System\zSwGRjZ.exe

C:\Windows\System\zSwGRjZ.exe

C:\Windows\System\ZnGudGs.exe

C:\Windows\System\ZnGudGs.exe

C:\Windows\System\oNkUTdP.exe

C:\Windows\System\oNkUTdP.exe

C:\Windows\System\SUQiQoA.exe

C:\Windows\System\SUQiQoA.exe

C:\Windows\System\SmuLsft.exe

C:\Windows\System\SmuLsft.exe

C:\Windows\System\CgIXpuY.exe

C:\Windows\System\CgIXpuY.exe

C:\Windows\System\PoopsFJ.exe

C:\Windows\System\PoopsFJ.exe

C:\Windows\System\veHJyAD.exe

C:\Windows\System\veHJyAD.exe

C:\Windows\System\NpMktzO.exe

C:\Windows\System\NpMktzO.exe

C:\Windows\System\pFWJqQM.exe

C:\Windows\System\pFWJqQM.exe

C:\Windows\System\BituzBi.exe

C:\Windows\System\BituzBi.exe

C:\Windows\System\VBgHKEj.exe

C:\Windows\System\VBgHKEj.exe

C:\Windows\System\YRCjeCD.exe

C:\Windows\System\YRCjeCD.exe

C:\Windows\System\utBmiYe.exe

C:\Windows\System\utBmiYe.exe

C:\Windows\System\jHsPPBP.exe

C:\Windows\System\jHsPPBP.exe

C:\Windows\System\LoSoFCQ.exe

C:\Windows\System\LoSoFCQ.exe

C:\Windows\System\cnsdStL.exe

C:\Windows\System\cnsdStL.exe

C:\Windows\System\ewoWxSo.exe

C:\Windows\System\ewoWxSo.exe

C:\Windows\System\EMjPUPc.exe

C:\Windows\System\EMjPUPc.exe

C:\Windows\System\lLcdYoE.exe

C:\Windows\System\lLcdYoE.exe

C:\Windows\System\hqAtMOR.exe

C:\Windows\System\hqAtMOR.exe

C:\Windows\System\cGjsDte.exe

C:\Windows\System\cGjsDte.exe

C:\Windows\System\gjJgiYT.exe

C:\Windows\System\gjJgiYT.exe

C:\Windows\System\wfWXDAa.exe

C:\Windows\System\wfWXDAa.exe

C:\Windows\System\gROktFm.exe

C:\Windows\System\gROktFm.exe

C:\Windows\System\jnClrIR.exe

C:\Windows\System\jnClrIR.exe

C:\Windows\System\NcSvSPW.exe

C:\Windows\System\NcSvSPW.exe

C:\Windows\System\INhqVLW.exe

C:\Windows\System\INhqVLW.exe

C:\Windows\System\kbFcDXK.exe

C:\Windows\System\kbFcDXK.exe

C:\Windows\System\TxjYKft.exe

C:\Windows\System\TxjYKft.exe

C:\Windows\System\lvnfmrJ.exe

C:\Windows\System\lvnfmrJ.exe

C:\Windows\System\zaAwQIS.exe

C:\Windows\System\zaAwQIS.exe

C:\Windows\System\ZGOgjMI.exe

C:\Windows\System\ZGOgjMI.exe

C:\Windows\System\BqtSYji.exe

C:\Windows\System\BqtSYji.exe

C:\Windows\System\BAHcdWZ.exe

C:\Windows\System\BAHcdWZ.exe

C:\Windows\System\itVZGBU.exe

C:\Windows\System\itVZGBU.exe

C:\Windows\System\cfLazHl.exe

C:\Windows\System\cfLazHl.exe

C:\Windows\System\lGIEBFs.exe

C:\Windows\System\lGIEBFs.exe

C:\Windows\System\ewVXlYY.exe

C:\Windows\System\ewVXlYY.exe

C:\Windows\System\WROfOOl.exe

C:\Windows\System\WROfOOl.exe

C:\Windows\System\voxTnPg.exe

C:\Windows\System\voxTnPg.exe

C:\Windows\System\MwRNzEu.exe

C:\Windows\System\MwRNzEu.exe

C:\Windows\System\llmCUQE.exe

C:\Windows\System\llmCUQE.exe

C:\Windows\System\DhsSULp.exe

C:\Windows\System\DhsSULp.exe

C:\Windows\System\KfROknl.exe

C:\Windows\System\KfROknl.exe

C:\Windows\System\DhpjZrI.exe

C:\Windows\System\DhpjZrI.exe

C:\Windows\System\SjZLbAf.exe

C:\Windows\System\SjZLbAf.exe

C:\Windows\System\NhncPEC.exe

C:\Windows\System\NhncPEC.exe

C:\Windows\System\FexRlFk.exe

C:\Windows\System\FexRlFk.exe

C:\Windows\System\WgnWGoq.exe

C:\Windows\System\WgnWGoq.exe

C:\Windows\System\IfrwTAC.exe

C:\Windows\System\IfrwTAC.exe

C:\Windows\System\EscAZll.exe

C:\Windows\System\EscAZll.exe

C:\Windows\System\OhxISGc.exe

C:\Windows\System\OhxISGc.exe

C:\Windows\System\lBwQaNF.exe

C:\Windows\System\lBwQaNF.exe

C:\Windows\System\PWhKQGQ.exe

C:\Windows\System\PWhKQGQ.exe

C:\Windows\System\nNYmttG.exe

C:\Windows\System\nNYmttG.exe

C:\Windows\System\XLFHiQE.exe

C:\Windows\System\XLFHiQE.exe

C:\Windows\System\IdjgjDk.exe

C:\Windows\System\IdjgjDk.exe

C:\Windows\System\ZnGkpGZ.exe

C:\Windows\System\ZnGkpGZ.exe

C:\Windows\System\BwcDXSq.exe

C:\Windows\System\BwcDXSq.exe

C:\Windows\System\wqsmVZk.exe

C:\Windows\System\wqsmVZk.exe

C:\Windows\System\dJmLIZd.exe

C:\Windows\System\dJmLIZd.exe

C:\Windows\System\gjUmeLW.exe

C:\Windows\System\gjUmeLW.exe

C:\Windows\System\DHylbWM.exe

C:\Windows\System\DHylbWM.exe

C:\Windows\System\phjbTgU.exe

C:\Windows\System\phjbTgU.exe

C:\Windows\System\gFUkdXj.exe

C:\Windows\System\gFUkdXj.exe

C:\Windows\System\jtvxWGj.exe

C:\Windows\System\jtvxWGj.exe

C:\Windows\System\BjlBsjw.exe

C:\Windows\System\BjlBsjw.exe

C:\Windows\System\ctpilTY.exe

C:\Windows\System\ctpilTY.exe

C:\Windows\System\rxEqgBe.exe

C:\Windows\System\rxEqgBe.exe

C:\Windows\System\nFLaaMr.exe

C:\Windows\System\nFLaaMr.exe

C:\Windows\System\jEDYZoQ.exe

C:\Windows\System\jEDYZoQ.exe

C:\Windows\System\RuyOvrk.exe

C:\Windows\System\RuyOvrk.exe

C:\Windows\System\xgmqFTt.exe

C:\Windows\System\xgmqFTt.exe

C:\Windows\System\UGXPrxN.exe

C:\Windows\System\UGXPrxN.exe

C:\Windows\System\EcfTQmg.exe

C:\Windows\System\EcfTQmg.exe

C:\Windows\System\RtNUXwQ.exe

C:\Windows\System\RtNUXwQ.exe

C:\Windows\System\PnchNyW.exe

C:\Windows\System\PnchNyW.exe

C:\Windows\System\eGPVSPh.exe

C:\Windows\System\eGPVSPh.exe

C:\Windows\System\MbfYbzl.exe

C:\Windows\System\MbfYbzl.exe

C:\Windows\System\PezlbLp.exe

C:\Windows\System\PezlbLp.exe

C:\Windows\System\LwXaKDY.exe

C:\Windows\System\LwXaKDY.exe

C:\Windows\System\LmOVOFu.exe

C:\Windows\System\LmOVOFu.exe

C:\Windows\System\bmwixft.exe

C:\Windows\System\bmwixft.exe

C:\Windows\System\hwRDpvb.exe

C:\Windows\System\hwRDpvb.exe

C:\Windows\System\AMiruAB.exe

C:\Windows\System\AMiruAB.exe

C:\Windows\System\FwcdbQf.exe

C:\Windows\System\FwcdbQf.exe

C:\Windows\System\bJVGUxE.exe

C:\Windows\System\bJVGUxE.exe

C:\Windows\System\xDqSDak.exe

C:\Windows\System\xDqSDak.exe

C:\Windows\System\kPISRMa.exe

C:\Windows\System\kPISRMa.exe

C:\Windows\System\LdngToC.exe

C:\Windows\System\LdngToC.exe

C:\Windows\System\iQpdpqx.exe

C:\Windows\System\iQpdpqx.exe

C:\Windows\System\cTzgZuw.exe

C:\Windows\System\cTzgZuw.exe

C:\Windows\System\ETTOxqJ.exe

C:\Windows\System\ETTOxqJ.exe

C:\Windows\System\EkeHqQN.exe

C:\Windows\System\EkeHqQN.exe

C:\Windows\System\syMUkjp.exe

C:\Windows\System\syMUkjp.exe

C:\Windows\System\NDniJMH.exe

C:\Windows\System\NDniJMH.exe

C:\Windows\System\GbBtDrR.exe

C:\Windows\System\GbBtDrR.exe

C:\Windows\System\dRjoGUr.exe

C:\Windows\System\dRjoGUr.exe

C:\Windows\System\ZsnnHNR.exe

C:\Windows\System\ZsnnHNR.exe

C:\Windows\System\wusdpue.exe

C:\Windows\System\wusdpue.exe

C:\Windows\System\RivZkrz.exe

C:\Windows\System\RivZkrz.exe

C:\Windows\System\JiqifyF.exe

C:\Windows\System\JiqifyF.exe

C:\Windows\System\KmqPlmS.exe

C:\Windows\System\KmqPlmS.exe

C:\Windows\System\rhIDuAU.exe

C:\Windows\System\rhIDuAU.exe

C:\Windows\System\sqyszzV.exe

C:\Windows\System\sqyszzV.exe

C:\Windows\System\HgsABoz.exe

C:\Windows\System\HgsABoz.exe

C:\Windows\System\XmuGRhV.exe

C:\Windows\System\XmuGRhV.exe

C:\Windows\System\vqbANRb.exe

C:\Windows\System\vqbANRb.exe

C:\Windows\System\EIdOqjO.exe

C:\Windows\System\EIdOqjO.exe

C:\Windows\System\WJivfSv.exe

C:\Windows\System\WJivfSv.exe

C:\Windows\System\LVWXfje.exe

C:\Windows\System\LVWXfje.exe

C:\Windows\System\xvqmZiW.exe

C:\Windows\System\xvqmZiW.exe

C:\Windows\System\JWNyNPx.exe

C:\Windows\System\JWNyNPx.exe

C:\Windows\System\YBDJicO.exe

C:\Windows\System\YBDJicO.exe

C:\Windows\System\VbdvHJw.exe

C:\Windows\System\VbdvHJw.exe

C:\Windows\System\vcEOVgl.exe

C:\Windows\System\vcEOVgl.exe

C:\Windows\System\UaGgeId.exe

C:\Windows\System\UaGgeId.exe

C:\Windows\System\JwGjTpk.exe

C:\Windows\System\JwGjTpk.exe

C:\Windows\System\pmuGReA.exe

C:\Windows\System\pmuGReA.exe

C:\Windows\System\USNLILo.exe

C:\Windows\System\USNLILo.exe

C:\Windows\System\pUhLugD.exe

C:\Windows\System\pUhLugD.exe

C:\Windows\System\muzmWvy.exe

C:\Windows\System\muzmWvy.exe

C:\Windows\System\dpqzqrV.exe

C:\Windows\System\dpqzqrV.exe

C:\Windows\System\vqFEHgv.exe

C:\Windows\System\vqFEHgv.exe

C:\Windows\System\QDMoFOU.exe

C:\Windows\System\QDMoFOU.exe

C:\Windows\System\agnoPwA.exe

C:\Windows\System\agnoPwA.exe

C:\Windows\System\tEoANHS.exe

C:\Windows\System\tEoANHS.exe

C:\Windows\System\gsyigTf.exe

C:\Windows\System\gsyigTf.exe

C:\Windows\System\PzCUrbt.exe

C:\Windows\System\PzCUrbt.exe

C:\Windows\System\oPRlBpb.exe

C:\Windows\System\oPRlBpb.exe

C:\Windows\System\XHgBSIi.exe

C:\Windows\System\XHgBSIi.exe

C:\Windows\System\sWHVRrb.exe

C:\Windows\System\sWHVRrb.exe

C:\Windows\System\XIvsbGN.exe

C:\Windows\System\XIvsbGN.exe

C:\Windows\System\sxPhaxM.exe

C:\Windows\System\sxPhaxM.exe

C:\Windows\System\KLeOZPt.exe

C:\Windows\System\KLeOZPt.exe

C:\Windows\System\hAasrdW.exe

C:\Windows\System\hAasrdW.exe

C:\Windows\System\yCcrevG.exe

C:\Windows\System\yCcrevG.exe

C:\Windows\System\yIpjAtE.exe

C:\Windows\System\yIpjAtE.exe

C:\Windows\System\GrEPzng.exe

C:\Windows\System\GrEPzng.exe

C:\Windows\System\VLPTwdS.exe

C:\Windows\System\VLPTwdS.exe

C:\Windows\System\RSJbjpb.exe

C:\Windows\System\RSJbjpb.exe

C:\Windows\System\CkpPnib.exe

C:\Windows\System\CkpPnib.exe

C:\Windows\System\APTadcX.exe

C:\Windows\System\APTadcX.exe

C:\Windows\System\hNHPaSC.exe

C:\Windows\System\hNHPaSC.exe

C:\Windows\System\EQgPVdv.exe

C:\Windows\System\EQgPVdv.exe

C:\Windows\System\kpTOLfw.exe

C:\Windows\System\kpTOLfw.exe

C:\Windows\System\goWkcnG.exe

C:\Windows\System\goWkcnG.exe

C:\Windows\System\DwdkZrn.exe

C:\Windows\System\DwdkZrn.exe

C:\Windows\System\qMDUyzh.exe

C:\Windows\System\qMDUyzh.exe

C:\Windows\System\tkYDBFD.exe

C:\Windows\System\tkYDBFD.exe

C:\Windows\System\kUPHhNr.exe

C:\Windows\System\kUPHhNr.exe

C:\Windows\System\KSTxWql.exe

C:\Windows\System\KSTxWql.exe

C:\Windows\System\WOXsqJO.exe

C:\Windows\System\WOXsqJO.exe

C:\Windows\System\irAbJJu.exe

C:\Windows\System\irAbJJu.exe

C:\Windows\System\hvFhbaI.exe

C:\Windows\System\hvFhbaI.exe

C:\Windows\System\mWbAnog.exe

C:\Windows\System\mWbAnog.exe

C:\Windows\System\QyOjPom.exe

C:\Windows\System\QyOjPom.exe

C:\Windows\System\XxrTkXM.exe

C:\Windows\System\XxrTkXM.exe

C:\Windows\System\TEkPkCG.exe

C:\Windows\System\TEkPkCG.exe

C:\Windows\System\dEFcZyk.exe

C:\Windows\System\dEFcZyk.exe

C:\Windows\System\LGKhlCa.exe

C:\Windows\System\LGKhlCa.exe

C:\Windows\System\HIPYvyO.exe

C:\Windows\System\HIPYvyO.exe

C:\Windows\System\vHCoOmZ.exe

C:\Windows\System\vHCoOmZ.exe

C:\Windows\System\VbgGoLY.exe

C:\Windows\System\VbgGoLY.exe

C:\Windows\System\wkusnUW.exe

C:\Windows\System\wkusnUW.exe

C:\Windows\System\HkEIqVm.exe

C:\Windows\System\HkEIqVm.exe

C:\Windows\System\PAQaRpp.exe

C:\Windows\System\PAQaRpp.exe

C:\Windows\System\XiosCfm.exe

C:\Windows\System\XiosCfm.exe

C:\Windows\System\dYoLxMf.exe

C:\Windows\System\dYoLxMf.exe

C:\Windows\System\jxGhpAQ.exe

C:\Windows\System\jxGhpAQ.exe

C:\Windows\System\MyRPfwp.exe

C:\Windows\System\MyRPfwp.exe

C:\Windows\System\lrpdXGy.exe

C:\Windows\System\lrpdXGy.exe

C:\Windows\System\ItszaYu.exe

C:\Windows\System\ItszaYu.exe

C:\Windows\System\GvkDRbS.exe

C:\Windows\System\GvkDRbS.exe

C:\Windows\System\DxMNPpe.exe

C:\Windows\System\DxMNPpe.exe

C:\Windows\System\SzdUPYC.exe

C:\Windows\System\SzdUPYC.exe

C:\Windows\System\ITkfjwk.exe

C:\Windows\System\ITkfjwk.exe

C:\Windows\System\mZiWVrf.exe

C:\Windows\System\mZiWVrf.exe

C:\Windows\System\XlrTAam.exe

C:\Windows\System\XlrTAam.exe

C:\Windows\System\aQBybSD.exe

C:\Windows\System\aQBybSD.exe

C:\Windows\System\aFLfyCO.exe

C:\Windows\System\aFLfyCO.exe

C:\Windows\System\oORxZRn.exe

C:\Windows\System\oORxZRn.exe

C:\Windows\System\JALtiyM.exe

C:\Windows\System\JALtiyM.exe

C:\Windows\System\tEyIRzX.exe

C:\Windows\System\tEyIRzX.exe

C:\Windows\System\aXVTMml.exe

C:\Windows\System\aXVTMml.exe

C:\Windows\System\sLPzEIz.exe

C:\Windows\System\sLPzEIz.exe

C:\Windows\System\KVqSzzn.exe

C:\Windows\System\KVqSzzn.exe

C:\Windows\System\FLegRrf.exe

C:\Windows\System\FLegRrf.exe

C:\Windows\System\pblsVWo.exe

C:\Windows\System\pblsVWo.exe

C:\Windows\System\JRMTmQJ.exe

C:\Windows\System\JRMTmQJ.exe

C:\Windows\System\dSNHLwF.exe

C:\Windows\System\dSNHLwF.exe

C:\Windows\System\ymjZfYg.exe

C:\Windows\System\ymjZfYg.exe

C:\Windows\System\ShlkEYa.exe

C:\Windows\System\ShlkEYa.exe

C:\Windows\System\TDGYUFM.exe

C:\Windows\System\TDGYUFM.exe

C:\Windows\System\NurNSqg.exe

C:\Windows\System\NurNSqg.exe

C:\Windows\System\HANKWzI.exe

C:\Windows\System\HANKWzI.exe

C:\Windows\System\VBVlmgJ.exe

C:\Windows\System\VBVlmgJ.exe

C:\Windows\System\ckfENrY.exe

C:\Windows\System\ckfENrY.exe

C:\Windows\System\aAQWJvo.exe

C:\Windows\System\aAQWJvo.exe

C:\Windows\System\JRnndZe.exe

C:\Windows\System\JRnndZe.exe

C:\Windows\System\OoPltAW.exe

C:\Windows\System\OoPltAW.exe

C:\Windows\System\poWRMhN.exe

C:\Windows\System\poWRMhN.exe

C:\Windows\System\htqYlEv.exe

C:\Windows\System\htqYlEv.exe

C:\Windows\System\HWshJTC.exe

C:\Windows\System\HWshJTC.exe

C:\Windows\System\dImXand.exe

C:\Windows\System\dImXand.exe

C:\Windows\System\SWHeFPH.exe

C:\Windows\System\SWHeFPH.exe

C:\Windows\System\RVPLjke.exe

C:\Windows\System\RVPLjke.exe

C:\Windows\System\jPQtIIW.exe

C:\Windows\System\jPQtIIW.exe

C:\Windows\System\lAagFUY.exe

C:\Windows\System\lAagFUY.exe

C:\Windows\System\nGMBwUM.exe

C:\Windows\System\nGMBwUM.exe

C:\Windows\System\mGROOhZ.exe

C:\Windows\System\mGROOhZ.exe

C:\Windows\System\DRNAKik.exe

C:\Windows\System\DRNAKik.exe

C:\Windows\System\XpooGND.exe

C:\Windows\System\XpooGND.exe

C:\Windows\System\GrdNeYp.exe

C:\Windows\System\GrdNeYp.exe

C:\Windows\System\blXvFVr.exe

C:\Windows\System\blXvFVr.exe

C:\Windows\System\XHpAQLN.exe

C:\Windows\System\XHpAQLN.exe

C:\Windows\System\bJHCYsW.exe

C:\Windows\System\bJHCYsW.exe

C:\Windows\System\cXIpnaB.exe

C:\Windows\System\cXIpnaB.exe

C:\Windows\System\YZcVvpy.exe

C:\Windows\System\YZcVvpy.exe

C:\Windows\System\LyzBSfJ.exe

C:\Windows\System\LyzBSfJ.exe

C:\Windows\System\KGUaSOA.exe

C:\Windows\System\KGUaSOA.exe

C:\Windows\System\mywQIrq.exe

C:\Windows\System\mywQIrq.exe

C:\Windows\System\onXQkMr.exe

C:\Windows\System\onXQkMr.exe

C:\Windows\System\SUpPXKx.exe

C:\Windows\System\SUpPXKx.exe

C:\Windows\System\UiQdcyz.exe

C:\Windows\System\UiQdcyz.exe

C:\Windows\System\YcBWBra.exe

C:\Windows\System\YcBWBra.exe

C:\Windows\System\SOWzDdg.exe

C:\Windows\System\SOWzDdg.exe

C:\Windows\System\VSTPLZn.exe

C:\Windows\System\VSTPLZn.exe

C:\Windows\System\xMzmOVP.exe

C:\Windows\System\xMzmOVP.exe

C:\Windows\System\aNUwbbl.exe

C:\Windows\System\aNUwbbl.exe

C:\Windows\System\PnqoBsY.exe

C:\Windows\System\PnqoBsY.exe

C:\Windows\System\fPlqlAE.exe

C:\Windows\System\fPlqlAE.exe

C:\Windows\System\pSEvFTt.exe

C:\Windows\System\pSEvFTt.exe

C:\Windows\System\KfXVCkJ.exe

C:\Windows\System\KfXVCkJ.exe

C:\Windows\System\JaikwoP.exe

C:\Windows\System\JaikwoP.exe

C:\Windows\System\vdZYUPy.exe

C:\Windows\System\vdZYUPy.exe

C:\Windows\System\pHGvnzy.exe

C:\Windows\System\pHGvnzy.exe

C:\Windows\System\KJugRMs.exe

C:\Windows\System\KJugRMs.exe

C:\Windows\System\uYcRzUs.exe

C:\Windows\System\uYcRzUs.exe

C:\Windows\System\GzhuoEC.exe

C:\Windows\System\GzhuoEC.exe

C:\Windows\System\XBwZDux.exe

C:\Windows\System\XBwZDux.exe

C:\Windows\System\uThshem.exe

C:\Windows\System\uThshem.exe

C:\Windows\System\EvyovcL.exe

C:\Windows\System\EvyovcL.exe

C:\Windows\System\LXepCnu.exe

C:\Windows\System\LXepCnu.exe

C:\Windows\System\dxbImIE.exe

C:\Windows\System\dxbImIE.exe

C:\Windows\System\TXxjxXl.exe

C:\Windows\System\TXxjxXl.exe

C:\Windows\System\YQPabKg.exe

C:\Windows\System\YQPabKg.exe

C:\Windows\System\HFZOTZQ.exe

C:\Windows\System\HFZOTZQ.exe

C:\Windows\System\PmdjPuC.exe

C:\Windows\System\PmdjPuC.exe

C:\Windows\System\FWaeGcK.exe

C:\Windows\System\FWaeGcK.exe

C:\Windows\System\PNrPiIx.exe

C:\Windows\System\PNrPiIx.exe

C:\Windows\System\ZKRrYBM.exe

C:\Windows\System\ZKRrYBM.exe

C:\Windows\System\sAdOyOB.exe

C:\Windows\System\sAdOyOB.exe

C:\Windows\System\oheezxl.exe

C:\Windows\System\oheezxl.exe

C:\Windows\System\oGezxkt.exe

C:\Windows\System\oGezxkt.exe

C:\Windows\System\JkRIQKE.exe

C:\Windows\System\JkRIQKE.exe

C:\Windows\System\hKyUurC.exe

C:\Windows\System\hKyUurC.exe

C:\Windows\System\lYedMYL.exe

C:\Windows\System\lYedMYL.exe

C:\Windows\System\McQCUmM.exe

C:\Windows\System\McQCUmM.exe

C:\Windows\System\XvulbGR.exe

C:\Windows\System\XvulbGR.exe

C:\Windows\System\FsaYZBD.exe

C:\Windows\System\FsaYZBD.exe

C:\Windows\System\xvVIhUz.exe

C:\Windows\System\xvVIhUz.exe

C:\Windows\System\FippBis.exe

C:\Windows\System\FippBis.exe

C:\Windows\System\pNgzxGS.exe

C:\Windows\System\pNgzxGS.exe

C:\Windows\System\SijvecN.exe

C:\Windows\System\SijvecN.exe

C:\Windows\System\SpHCFIb.exe

C:\Windows\System\SpHCFIb.exe

C:\Windows\System\EbhOoci.exe

C:\Windows\System\EbhOoci.exe

C:\Windows\System\DHIynUq.exe

C:\Windows\System\DHIynUq.exe

C:\Windows\System\cXePJtd.exe

C:\Windows\System\cXePJtd.exe

C:\Windows\System\SjOyCar.exe

C:\Windows\System\SjOyCar.exe

C:\Windows\System\BshSNYv.exe

C:\Windows\System\BshSNYv.exe

C:\Windows\System\alXwMCN.exe

C:\Windows\System\alXwMCN.exe

C:\Windows\System\WrlqJBh.exe

C:\Windows\System\WrlqJBh.exe

C:\Windows\System\shwzSxh.exe

C:\Windows\System\shwzSxh.exe

C:\Windows\System\DgAVOwv.exe

C:\Windows\System\DgAVOwv.exe

C:\Windows\System\RULWHJi.exe

C:\Windows\System\RULWHJi.exe

C:\Windows\System\BwcPPPZ.exe

C:\Windows\System\BwcPPPZ.exe

C:\Windows\System\jiLsNBb.exe

C:\Windows\System\jiLsNBb.exe

C:\Windows\System\kgXaaFU.exe

C:\Windows\System\kgXaaFU.exe

C:\Windows\System\clsYXCl.exe

C:\Windows\System\clsYXCl.exe

C:\Windows\System\ITwIttp.exe

C:\Windows\System\ITwIttp.exe

C:\Windows\System\ctLmAGE.exe

C:\Windows\System\ctLmAGE.exe

C:\Windows\System\DbvJlEU.exe

C:\Windows\System\DbvJlEU.exe

C:\Windows\System\uHOmMZH.exe

C:\Windows\System\uHOmMZH.exe

C:\Windows\System\WxaMdoo.exe

C:\Windows\System\WxaMdoo.exe

C:\Windows\System\JqPyfto.exe

C:\Windows\System\JqPyfto.exe

C:\Windows\System\nAJIkGS.exe

C:\Windows\System\nAJIkGS.exe

C:\Windows\System\rrFnDDR.exe

C:\Windows\System\rrFnDDR.exe

C:\Windows\System\dNHqCbf.exe

C:\Windows\System\dNHqCbf.exe

C:\Windows\System\yqXXuvP.exe

C:\Windows\System\yqXXuvP.exe

C:\Windows\System\IxrOayu.exe

C:\Windows\System\IxrOayu.exe

C:\Windows\System\yXxZFqX.exe

C:\Windows\System\yXxZFqX.exe

C:\Windows\System\MtImtKh.exe

C:\Windows\System\MtImtKh.exe

C:\Windows\System\JSQgnyk.exe

C:\Windows\System\JSQgnyk.exe

C:\Windows\System\xIOURPR.exe

C:\Windows\System\xIOURPR.exe

C:\Windows\System\gnQsbCe.exe

C:\Windows\System\gnQsbCe.exe

C:\Windows\System\RPMYPrF.exe

C:\Windows\System\RPMYPrF.exe

C:\Windows\System\OvCLrXI.exe

C:\Windows\System\OvCLrXI.exe

C:\Windows\System\uSfyjmt.exe

C:\Windows\System\uSfyjmt.exe

C:\Windows\System\mhxuCIv.exe

C:\Windows\System\mhxuCIv.exe

C:\Windows\System\xDsSoHs.exe

C:\Windows\System\xDsSoHs.exe

C:\Windows\System\CuSSDIV.exe

C:\Windows\System\CuSSDIV.exe

C:\Windows\System\zYgsstP.exe

C:\Windows\System\zYgsstP.exe

C:\Windows\System\nbuVLKN.exe

C:\Windows\System\nbuVLKN.exe

C:\Windows\System\GaSfNmC.exe

C:\Windows\System\GaSfNmC.exe

C:\Windows\System\wyWJkdJ.exe

C:\Windows\System\wyWJkdJ.exe

C:\Windows\System\aAHtHAj.exe

C:\Windows\System\aAHtHAj.exe

C:\Windows\System\GCqrhgT.exe

C:\Windows\System\GCqrhgT.exe

C:\Windows\System\verJPuH.exe

C:\Windows\System\verJPuH.exe

C:\Windows\System\iEBfnqL.exe

C:\Windows\System\iEBfnqL.exe

C:\Windows\System\EmTeAau.exe

C:\Windows\System\EmTeAau.exe

C:\Windows\System\ImVcYBd.exe

C:\Windows\System\ImVcYBd.exe

C:\Windows\System\ZArQBza.exe

C:\Windows\System\ZArQBza.exe

C:\Windows\System\omxIrYi.exe

C:\Windows\System\omxIrYi.exe

C:\Windows\System\YNMwnSW.exe

C:\Windows\System\YNMwnSW.exe

C:\Windows\System\OuwNKmP.exe

C:\Windows\System\OuwNKmP.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2932-0-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/2932-1-0x000000013F680000-0x000000013FA76000-memory.dmp

C:\Windows\system\iJSPiKG.exe

MD5 aec3cb328f79673ab5e8b7d64a7e4e85
SHA1 306b4ab531b22e1a97fe897fb5ac75a1fdbf9d07
SHA256 d43e40c1e862aa67c74c1172594faad2104adf4d16cebefd8ad7ba8337064667
SHA512 4db24f2ec6b132e353f119f4681cf0858756386a8401a9bb81474e3ffeff447b4dbddb944470493328fe7dc06922a20e6d7e8f838098a5bda4cf2910afe58e47

memory/2932-7-0x000000013F090000-0x000000013F486000-memory.dmp

\Windows\system\vpxhzeS.exe

MD5 a3488007246de84ab2eab1bc5b49d3b8
SHA1 4c02f668c85d866787e145043d0577f3400374ee
SHA256 92d61860b7c8eea8ff489dd0481ce9226d792793cd9ae9b9c770a2201658573e
SHA512 f830af79e2e9173a511d87990905db738ec373fbb1441f460f6ab00d4978b055a322e8deb26c564b823f19b9f650de356757d341616d970067fef83daadd3cf4

memory/2604-15-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

C:\Windows\system\srngTQn.exe

MD5 cab32ea9a70f6e7f60915ce4e5936a05
SHA1 0ffac1f62c8f0477987d49d6de48ed7ab6db7eb7
SHA256 ea0ad2fe77b89129d0bc76daed79320f2b77e88f3fbd0eae504e80f92041b6bd
SHA512 5809bc796af036e7c2251fa3574c31f8109a0a2d95fda65fe8ea8b1d47a89440d293d1779d6d5bcfc782f562b19b72cf1d4531a9b25382c19d26bba8e333b08a

memory/2932-25-0x0000000003090000-0x0000000003486000-memory.dmp

C:\Windows\system\GRJFQzn.exe

MD5 7d28c1c5dfc6fac1efd5fa12016d6d7b
SHA1 d545d661a99fb45c9293b9f3f75753e104cc4aa3
SHA256 aae4c69a7d436dcd41b1f1ba96facb0b4003eef93463095be084cf3402119e8d
SHA512 d546957663ba0ffd1990041def3fe0e75e37710e74e4de2308b7d68899e581fb580699097cdb4bba20e4d1faedd19043157354b9b51d63e7ffb8e193bb60f8c4

\Windows\system\axhAGSG.exe

MD5 2bd904790896785d71ca0a17fce411f7
SHA1 86a7415ec16bc99661e9b2bea45a8a9727fd02a8
SHA256 d1ee6b101b80ac88de796f968bb786bbb283ddec4cfa593f88ee7329c79aa6b2
SHA512 6aaed08d282cf269a77dca4bc97be4ef083f487ee8b6ad9c58a740bc30fba8ea0ede0d7065efe4349e45754e5710a20b4904f00e27577d6700853c21bdca03f0

memory/2012-33-0x000007FEF5CBE000-0x000007FEF5CBF000-memory.dmp

memory/2012-32-0x0000000002CE0000-0x0000000002D60000-memory.dmp

memory/2932-31-0x0000000003090000-0x0000000003486000-memory.dmp

memory/2708-29-0x000000013F5A0000-0x000000013F996000-memory.dmp

memory/2932-14-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

memory/1720-12-0x000000013F090000-0x000000013F486000-memory.dmp

memory/2012-36-0x000000001B5F0000-0x000000001B8D2000-memory.dmp

memory/2012-48-0x000007FEF5A00000-0x000007FEF639D000-memory.dmp

memory/2932-53-0x0000000003620000-0x0000000003A16000-memory.dmp

memory/2840-54-0x000000013FE80000-0x0000000140276000-memory.dmp

memory/2640-57-0x000000013F440000-0x000000013F836000-memory.dmp

memory/2012-58-0x000007FEF5A00000-0x000007FEF639D000-memory.dmp

C:\Windows\system\xkoTUda.exe

MD5 ac38ae089d4348ff6122cfdc6d592ff8
SHA1 eb32b274d78bdce5b9d198fec898590485d03697
SHA256 885f072b71685b2064da04717cad3a236d5805c4c9076d716a181d5330609a86
SHA512 66fa90d01521d1d5e4b7b7b5833513a0deae21be381e13de7643c26bef5a021e1fe5254d0b8e9a29c9091c3766d4067007f6f75391e475b0457ece53fe75d1b3

memory/2728-61-0x000000013F630000-0x000000013FA26000-memory.dmp

memory/2932-74-0x000000013F680000-0x000000013FA76000-memory.dmp

memory/2976-68-0x000000013F420000-0x000000013F816000-memory.dmp

memory/1644-92-0x000000013F7C0000-0x000000013FBB6000-memory.dmp

\Windows\system\YRTEyMO.exe

MD5 a1a508711dd3a1c9d8b3e673d5ac5994
SHA1 73b4b9910f573d884ff7958a36ff7a207cfdb90e
SHA256 b0e849ab75fafd5227a1e9010da1202c309cbc2a51b221c281579db5c10c77e3
SHA512 2936dd1d0be3a9bdf5bdf7b0c007efeab6ce855a134b5e340d31452fe535431e085f2fb32a560e52fc3d7b97d7e3ee2fd06bbe1e3f3b19c5dd744921313c8451

memory/2932-1821-0x0000000003620000-0x0000000003A16000-memory.dmp

memory/2728-934-0x000000013F630000-0x000000013FA26000-memory.dmp

C:\Windows\system\AWOKlGy.exe

MD5 213c747ecca72f892f031c274fd2eea4
SHA1 02b2ef5d0b6f7c38f0637b422ba660ab279b67b0
SHA256 64d5df8041256e2c5de4d6f902ec7436f8ad1e00c8f7f739226d2c9335e6a5c6
SHA512 834174a03d203fb85406d062228dca2485fde32010e0c1803866ca6e1f11dab384d78c17323ef65d9bf34a2d349abda7e9dc04ef5052c4a137ec6b879a844890

C:\Windows\system\ZDNgTBV.exe

MD5 7498b9d971ab4d1bb39345511c6c1f21
SHA1 c11141f41ca1423eee069a82deae558826ee670d
SHA256 b714fdacb96f57387dc837e0b614abc289f70bcf0648422c22674324d73e8592
SHA512 09912f1910b7d7604785d9ac7ed901eca4366650cdd14288a083f7fb8a7d1c84c057e50feb0c5f35a7ea90133a3f34bef690308e1dc7bb986f83cd4b93651aa9

C:\Windows\system\ktMUPmH.exe

MD5 fef2b5173159a14c1b4255fa71740eab
SHA1 e205bbfb8919f00c77fe48fe2d4dd99124632152
SHA256 295347411102044579d06c9150ffc3fef078fe204dac5d743970e30212ae2194
SHA512 9c4603c16785462c07d004b9479375466c6744412c046d399ea099fd54cae1c7e942dd24ed1adb63388822e647b5258011b970dc0be61b94cf90b7203157e892

C:\Windows\system\DpuJHdC.exe

MD5 d06617ff37778800abc93d2c12611bf6
SHA1 ea929bec4b2f8d45fe8d85770cb9faee955448a7
SHA256 1b305dd61223826ff0f97c93c335759c204edc4dcf60442c46b0068cbdbe18bb
SHA512 4a2a8e40898aa03036d23978e0be7cedfda41136b92322eccde2fccb7f0d9251962c4d8fbf0a33eebb72a29dc1bda9bb0e4677022bdd46ee44dd3026ad78ba54

C:\Windows\system\FouCAIe.exe

MD5 5116550186610f65e5dc0ce0be0c7c47
SHA1 6001c84effbae848b25f41e83b3a22970843cb63
SHA256 fdc88d0b34824a62ac4df2439c0f99ab223ce394e19fba099cd4ccd9f59dfe51
SHA512 d01d778598a92c0bac0e1a4c00c9faca8faf3460c420bba1fa8b42558a76b03e67e282c452add6a5cabc1207594bf0cd54ad3143bf2f06df22508e01ee93d320

C:\Windows\system\ZHfeTCB.exe

MD5 462f0f591d4fab8d67f4a917824428ee
SHA1 125a2c5e600ac548404df9ba6c95301a2dd82665
SHA256 d43eee16c232af3d0b71c2f8bdb14b141e4193868c87d6bd6dafdf8019597f44
SHA512 ddf73938dd9fe511230bb99285a8c5c53b88da8d30e7d80b63192fc3690bb1129f8a960a66a90f81d86fc5890abab47ec8803a4cad0dd34e1196c73379c63c61

C:\Windows\system\xIYHCtY.exe

MD5 32a1aae559ea88b376c7df3aba49b9fd
SHA1 94e7071e888e63b4d55f2b85fda267def0d7796e
SHA256 91028e01d8eff18017275858e1dc440b61807911a5b2af2faef174b2c6dd3a5e
SHA512 24e3836cf9070f5ad6698901dcc34ce6a1dc28828cdcb6e56917063cb8917a62523ae5cb359ee309916faec8140751ff43013fc72ed4709f3f634d345252f207

C:\Windows\system\UccfIXg.exe

MD5 331f5a6e6f9f2e05036beb791d8729e6
SHA1 4b2755a5dcb0d2848edfba5a3bd788002342dd1a
SHA256 20a1bc087d343366e2a37c64139d03dfbcbffdadf405317f6331c5385cb34486
SHA512 d2d5ed28cbf09b4e6343b28bb9355d4a51e992e40565ceb25e9e399b41d297528310f75dac56498f6aede116751873c0b90ef2fb920ed64b8053a6166e7a375d

C:\Windows\system\eAOllCQ.exe

MD5 427a5b846b264b50ceadf9777440b3a9
SHA1 703158947799605d7b96a3a7a92d65a92357aad6
SHA256 3b579a2c0c2b44777607b5ce10c26b6bff9515ab83f38acd6730383a255d8a0b
SHA512 448069001f9209d278c536110169004672065cf57a7bdafa61b6994f2d3c56a75252fc212d8cf47c7c20b9f1f5d124c3bc348fdd2a48b4f5c16690b126f1446c

C:\Windows\system\YqXwkGr.exe

MD5 367e285fcd4f3d155d6b1a0f8c041acc
SHA1 6dbdd2034f404ef2a8bd8506e4ebeca74294ba9f
SHA256 8dd72f9169ad015ad63264d5afe10afa67ac1be97ee7bcef90e250e13df5aa4d
SHA512 be04cf12823a64c6e70e7fe07ebc566a7225e8807d58c7186587d837326bf2583ff8383ef17a54d2d0911e27c34def19211ddbfa36a14a4d416af939ed1d58dc

C:\Windows\system\spBftJO.exe

MD5 db4991c13ddc5e84c1ed02380934eb18
SHA1 91c0c8de7b6f82b992d89de1901fbb4f609015fe
SHA256 04e91b9cbc52add575c16002e105f89b36defe14f42223ca774b50f7462e1aa0
SHA512 4244d8899a184cb0e063b2ceef8d50379721ecee0fd7412f3823c1221ba319ef3c99db14f411d11bf3f3c64b33ef622423eff001bcb2915b62b6ab677f946096

C:\Windows\system\YZmVgwG.exe

MD5 5e061d86d4925e75488f90f418dcbc17
SHA1 0deeb41886ed7f4ff5e2fc03159a1bc895a67c56
SHA256 b7399d3c32b2485fe358cd506ea63212fadf9c8fb780108052d82fad69ee9abc
SHA512 76eb950afdd0cb4531dffdceb96b3ef5e6f9970dc2efa00214aa79faf6f1439b35ad3ae6be6f42ceb6a6d49362083f95d7ccbb30a32e270d10fbda202b16c8fd

C:\Windows\system\ALWapwZ.exe

MD5 568c56c0b663cde8298dd8c2e69349bf
SHA1 d3f8e7b88b2ec5fd114611d6cc3508c365963acf
SHA256 0247a00a579c1f26a37f0e3ba1f00501bbeebb22fdbcf1e7f2b1363221228c1a
SHA512 37fb5c52079c7a6cff516be482caba11894976d8764a70d2d521308164749650dfc4706326e8640db396cf1eed91b1a9ad996d3b485df746ece208e5913c9a1b

C:\Windows\system\rAHoleH.exe

MD5 75402ec6a1f34dcfa84b042534de63c5
SHA1 763aaae58345eae2f47d654f2e81d96d0a40a782
SHA256 253ec79c7b13689f624a563f0297da9d60ccb17a892b79b47204f030a002dcb4
SHA512 d38a0ded70953c47183062591b05e6085d81caa3975ff0fc39e2095b2347ce6e924b3f4ee8e985cbde8da785f13b38b0c2add07b1044e877fbbf033725eef971

C:\Windows\system\NwuKuMA.exe

MD5 83997d97e8bf4bbb744df1f1b69ba18d
SHA1 1827fe34ff33a3309fee984765459827b35ac2a8
SHA256 ebcee89c904e3f7ad02072f6d7f2367c57d75d5f3bb9fa9e8e1d6d82220bf585
SHA512 53e4460bd67f2860226c704a37effa5ffbef4ead8d2b7eb991b3651f5dfda68debb7eb45d2d7daf5383f22378d7f1d729273e6a5b6058982100d12227bfd889b

C:\Windows\system\HnyrHZQ.exe

MD5 19d580f202987e31a5392d6c643f6d56
SHA1 04c438a227eec147d04c4bdcd25f311c71c8b9c9
SHA256 4554ed0a059d1c7ba915558751628b071ce81ce29f635eb96108b5619db7ffb2
SHA512 aafc9c5f6083f67d705b9ba765c1324e67f78319feff7310f667f7844e9cb018f3b50df7b89deae42e335707f505c30050489df0e3a616c3fa44a5814a30d230

C:\Windows\system\UmoMpyY.exe

MD5 1a7ce424005bf3fa35e3574ed3cbe87d
SHA1 ca99ef3613961c5d7bceca6433635e3a3e724b0e
SHA256 c09500df267bcbb6e9f09dbc73c96cee2f0b0e20adddfdf1c79dee033fb6ba9f
SHA512 9c97c49cfef3459ee152e103f0aaecbc14211b297a747444aae5c8a89ecedf683bf0272122987d3735cc702c3c9a898e9bde1ff705a913430c80e111e151995b

memory/2932-103-0x000000013F1C0000-0x000000013F5B6000-memory.dmp

C:\Windows\system\SceYsQa.exe

MD5 17befebf2b82e704a062178efa5d90ca
SHA1 5c5ceea34e49de5d8e0ba41bf394cb10258e20cc
SHA256 d999f53073e8a52777430af6588e9c2c3c8374798952c49b1b364ac865e80f98
SHA512 a37f4bf6a1af3c946f2477af3d0fc4a50596e641c7ff133a5eb7004ac4d42fea514b152fea47a398b8f9fd08a02ea2127ebdd4e7c87393c68ce63de260abe215

memory/2012-101-0x000007FEF5A00000-0x000007FEF639D000-memory.dmp

C:\Windows\system\JSNGDzH.exe

MD5 e69f62a7ccd5be41bce5d480112160af
SHA1 64bf0080205ddb2a77ee145fa647f2296edccd67
SHA256 096f9002b61f2ef80241f2b509db3d1fa528aabad7eb87eb7f84916672e5dbd7
SHA512 e8ebd7b757ad21e6b25405a08e48d9ea5710351ceadeac0d877f83ef3d90903ebd063a7559f3d5d3b0529215bc5ae69e4dfda7bbfa716d7e46edf6f9d201402c

memory/1868-110-0x000000013F1C0000-0x000000013F5B6000-memory.dmp

C:\Windows\system\rzMsvNo.exe

MD5 1bd7a0b3ee077b58dad7fcc79a17de6a
SHA1 bf6f3c3a3e3fa40f5836d8a454f63e88026d93b6
SHA256 0e3c86dfd37d9b7d5484f63a0c506a5044e00c6bd8a5b9a600b78ab62e18b77f
SHA512 f45d4c600ffa2450fb8db5caea8a514f97593e874f8a4e873d5e0c358e52588445c3496a1f3ea75d7fc5ff97686c388f9689933195be305111bbb27beb13812f

memory/2932-90-0x0000000003620000-0x0000000003A16000-memory.dmp

memory/2012-89-0x0000000002CE0000-0x0000000002D60000-memory.dmp

C:\Windows\system\CcdkVGe.exe

MD5 0af248e90afd5dcc2fbb6abc3bce72ed
SHA1 b5af57651daceac356a14fd1e6eadae673bb14b9
SHA256 acacd7ea7c2dec2ffdd2295503feb9882ddfced1f8a79aa1f7509246a5e1e133
SHA512 41b6f3c13bb1fe28149e8157e854b56d1e118aabcb0dec4c75f0cbad90fb9f35ceed058b9ac2a34f5ae7a922027b57053d3a238c9a3fc7234133794d85386602

memory/2808-84-0x000000013FAB0000-0x000000013FEA6000-memory.dmp

memory/2708-83-0x000000013F5A0000-0x000000013F996000-memory.dmp

C:\Windows\system\iuKEbRg.exe

MD5 94f84f22739f8996952c2a189243726d
SHA1 00ff9121ee67bad09dca0af00ebf4dce6cf1513e
SHA256 5a4ec2952a46eb07ef9c4df41744eef58558c0684474394fe5c3b440fca7a5c5
SHA512 22306d449ca370cf54621904109bcb782590ebaf78c1d1302c36a48ff773545d0aaec46ebfe434da016afce06fe3c4b7463394b0a676ae54a18fabebf0d78dec

memory/2932-78-0x000000013FAB0000-0x000000013FEA6000-memory.dmp

memory/1536-77-0x000000013F270000-0x000000013F666000-memory.dmp

C:\Windows\system\DwSmukF.exe

MD5 514d037af5440563afd25feef54fb643
SHA1 0eb90a43ac8129ed8f3c80e03e105ca3ca4d4768
SHA256 19f23e6614506af6b705ec6df27bb09f24c5a57cf55cc8d7f03b230d180e5aa5
SHA512 66c75e702caf00ce22f7abe132901e927fe36580f9f8fdc400105a828dc1eca922b1e2c23659484831cb7685b3a7c4100f50c61d540e3efe1e9e3901f4db39c3

memory/1720-75-0x000000013F090000-0x000000013F486000-memory.dmp

C:\Windows\system\UAPhgbL.exe

MD5 6f79e068f6aebe92c50fdf064fec1644
SHA1 7d175a6cdd0b5bfa1651d8555a2201b6a9b15c86
SHA256 465f685093dbc4c4efef6a0f377db8fb4f2d840c2813fa02d2504a32a3046a00
SHA512 0c7bbfb71f96f293ce8301eafa67dbcca4046948c9e2e193d63748561799367ca84717158355f898a1438b63b92f9805c5320888848fe330bb2f2a54adb44d04

memory/2012-43-0x0000000001FF0000-0x0000000001FF8000-memory.dmp

memory/2448-59-0x000000013F0A0000-0x000000013F496000-memory.dmp

memory/2932-55-0x000000013F0A0000-0x000000013F496000-memory.dmp

C:\Windows\system\IpNVzSJ.exe

MD5 3a1532114f5eccbd62e805c7a372a4dd
SHA1 6921937ea0d84dfd6e0ddea28f0a13890ab3fd32
SHA256 fea26568b835e849b03387e82b5a9c7348a07d0214a699a45dcaf8b7336c66d0
SHA512 ea83c8cbe1093331b00a1d14b50545f04c9cdbbca61e63849ac366569d96472afdeeed0e86c51eb582c9fda8e9905a9ee13024646c49e47c947f144f1026b1e0

memory/2932-49-0x000000013FE80000-0x0000000140276000-memory.dmp

memory/2012-37-0x000007FEF5A00000-0x000007FEF639D000-memory.dmp

memory/2012-2670-0x000007FEF5A00000-0x000007FEF639D000-memory.dmp

memory/2932-3197-0x0000000003620000-0x0000000003A16000-memory.dmp

memory/2932-3495-0x000000013F1C0000-0x000000013F5B6000-memory.dmp

memory/2604-4360-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

memory/1720-4361-0x000000013F090000-0x000000013F486000-memory.dmp

memory/2708-4362-0x000000013F5A0000-0x000000013F996000-memory.dmp

memory/2640-4363-0x000000013F440000-0x000000013F836000-memory.dmp

memory/2840-4364-0x000000013FE80000-0x0000000140276000-memory.dmp

memory/2448-4365-0x000000013F0A0000-0x000000013F496000-memory.dmp

memory/2976-4367-0x000000013F420000-0x000000013F816000-memory.dmp

memory/2728-4366-0x000000013F630000-0x000000013FA26000-memory.dmp

memory/1536-4368-0x000000013F270000-0x000000013F666000-memory.dmp

memory/2808-4369-0x000000013FAB0000-0x000000013FEA6000-memory.dmp

memory/1644-4370-0x000000013F7C0000-0x000000013FBB6000-memory.dmp

memory/1868-4371-0x000000013F1C0000-0x000000013F5B6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 10:36

Reported

2024-06-12 10:38

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\aocvEoX.exe N/A
N/A N/A C:\Windows\System\aTnmzTD.exe N/A
N/A N/A C:\Windows\System\YKTBaqt.exe N/A
N/A N/A C:\Windows\System\expwpFz.exe N/A
N/A N/A C:\Windows\System\BxUsNqP.exe N/A
N/A N/A C:\Windows\System\AWHlFzk.exe N/A
N/A N/A C:\Windows\System\CFmczna.exe N/A
N/A N/A C:\Windows\System\pZVIZAi.exe N/A
N/A N/A C:\Windows\System\TOoUnhx.exe N/A
N/A N/A C:\Windows\System\zxPmOqn.exe N/A
N/A N/A C:\Windows\System\zQLqUjC.exe N/A
N/A N/A C:\Windows\System\tnWoKlT.exe N/A
N/A N/A C:\Windows\System\OKPjyzR.exe N/A
N/A N/A C:\Windows\System\DFwNhrb.exe N/A
N/A N/A C:\Windows\System\FVqxUEK.exe N/A
N/A N/A C:\Windows\System\jHwCoTm.exe N/A
N/A N/A C:\Windows\System\rzPgPqW.exe N/A
N/A N/A C:\Windows\System\XripGja.exe N/A
N/A N/A C:\Windows\System\HsPaISv.exe N/A
N/A N/A C:\Windows\System\YMCfpIn.exe N/A
N/A N/A C:\Windows\System\KcFePzN.exe N/A
N/A N/A C:\Windows\System\yHVVWYe.exe N/A
N/A N/A C:\Windows\System\AbZGzCf.exe N/A
N/A N/A C:\Windows\System\slcjqcP.exe N/A
N/A N/A C:\Windows\System\ghckcuG.exe N/A
N/A N/A C:\Windows\System\ueqIHgs.exe N/A
N/A N/A C:\Windows\System\dLaTTHD.exe N/A
N/A N/A C:\Windows\System\YjdfPRT.exe N/A
N/A N/A C:\Windows\System\fMJsIhq.exe N/A
N/A N/A C:\Windows\System\ysJBEjO.exe N/A
N/A N/A C:\Windows\System\tBMKPRx.exe N/A
N/A N/A C:\Windows\System\UeqTTZz.exe N/A
N/A N/A C:\Windows\System\mKqlPwP.exe N/A
N/A N/A C:\Windows\System\UyMPFOg.exe N/A
N/A N/A C:\Windows\System\SIImaCd.exe N/A
N/A N/A C:\Windows\System\aqEjaxx.exe N/A
N/A N/A C:\Windows\System\VjYyVJJ.exe N/A
N/A N/A C:\Windows\System\GSffbhm.exe N/A
N/A N/A C:\Windows\System\VaOfLrE.exe N/A
N/A N/A C:\Windows\System\CzETNOd.exe N/A
N/A N/A C:\Windows\System\lCzQrAl.exe N/A
N/A N/A C:\Windows\System\ftSKkvn.exe N/A
N/A N/A C:\Windows\System\evoUodD.exe N/A
N/A N/A C:\Windows\System\nfjtteD.exe N/A
N/A N/A C:\Windows\System\lRvjKke.exe N/A
N/A N/A C:\Windows\System\lVmoJdv.exe N/A
N/A N/A C:\Windows\System\tVQcHGb.exe N/A
N/A N/A C:\Windows\System\NscsBCM.exe N/A
N/A N/A C:\Windows\System\jKwmIjc.exe N/A
N/A N/A C:\Windows\System\nWnLCYD.exe N/A
N/A N/A C:\Windows\System\avMmAtq.exe N/A
N/A N/A C:\Windows\System\PjiKcZS.exe N/A
N/A N/A C:\Windows\System\GkwggRU.exe N/A
N/A N/A C:\Windows\System\AzcnOYP.exe N/A
N/A N/A C:\Windows\System\OZpCfwz.exe N/A
N/A N/A C:\Windows\System\roeqWql.exe N/A
N/A N/A C:\Windows\System\mUFbPhZ.exe N/A
N/A N/A C:\Windows\System\oroelzU.exe N/A
N/A N/A C:\Windows\System\HjXkXWs.exe N/A
N/A N/A C:\Windows\System\SvVLYqD.exe N/A
N/A N/A C:\Windows\System\hZwnNGq.exe N/A
N/A N/A C:\Windows\System\qmQBBXX.exe N/A
N/A N/A C:\Windows\System\BytycMt.exe N/A
N/A N/A C:\Windows\System\FMCZaza.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RArTRWh.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFOIfTj.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCUraDO.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWRgPWv.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yvOJccY.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzNWsxq.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQfwFfG.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kGuTZyS.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDOoKFf.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XblcepS.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMDcrVN.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLkGVHi.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\synnvQC.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FdkjCdx.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CXWHYeb.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GTPaGYH.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xqYadUs.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxNSglO.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QGusCEX.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LbPbOUV.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjgmKBy.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulwGqJD.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmwdtyB.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EYyznyE.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZNZPXSC.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfGRXtJ.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QSPPARB.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAtfVBG.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKilpEz.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ExkNNIQ.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iUlVgyX.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXWfrQe.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\izuaTJw.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BKuiOdU.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHJLueV.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOXPOlo.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YCabJdf.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMniCLt.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mMfYBeg.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UxvWkIF.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CDJnFoV.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CkZjQYJ.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnxSekr.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vGUVRnM.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xJfZPTP.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RbpVawB.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bFEcvDM.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XQfUJFA.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QWNhNva.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQhuxMS.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhSQCPg.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LRwkLJZ.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ypTAsXv.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VDAaDSD.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRwIrSK.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvQhfhQ.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJLMaUT.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftWdSJQ.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLmAKBt.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yToCNDq.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yaVvgxm.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMzwODK.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KkhrVZC.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LwsCZyU.exe C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4216 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4216 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4216 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\aocvEoX.exe
PID 4216 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\aocvEoX.exe
PID 4216 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\expwpFz.exe
PID 4216 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\expwpFz.exe
PID 4216 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\aTnmzTD.exe
PID 4216 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\aTnmzTD.exe
PID 4216 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YKTBaqt.exe
PID 4216 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YKTBaqt.exe
PID 4216 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\BxUsNqP.exe
PID 4216 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\BxUsNqP.exe
PID 4216 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\AWHlFzk.exe
PID 4216 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\AWHlFzk.exe
PID 4216 wrote to memory of 184 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\CFmczna.exe
PID 4216 wrote to memory of 184 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\CFmczna.exe
PID 4216 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\pZVIZAi.exe
PID 4216 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\pZVIZAi.exe
PID 4216 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\TOoUnhx.exe
PID 4216 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\TOoUnhx.exe
PID 4216 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\zxPmOqn.exe
PID 4216 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\zxPmOqn.exe
PID 4216 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\zQLqUjC.exe
PID 4216 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\zQLqUjC.exe
PID 4216 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\tnWoKlT.exe
PID 4216 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\tnWoKlT.exe
PID 4216 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\OKPjyzR.exe
PID 4216 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\OKPjyzR.exe
PID 4216 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\DFwNhrb.exe
PID 4216 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\DFwNhrb.exe
PID 4216 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\FVqxUEK.exe
PID 4216 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\FVqxUEK.exe
PID 4216 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\jHwCoTm.exe
PID 4216 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\jHwCoTm.exe
PID 4216 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\rzPgPqW.exe
PID 4216 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\rzPgPqW.exe
PID 4216 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\XripGja.exe
PID 4216 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\XripGja.exe
PID 4216 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\HsPaISv.exe
PID 4216 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\HsPaISv.exe
PID 4216 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YMCfpIn.exe
PID 4216 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YMCfpIn.exe
PID 4216 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\KcFePzN.exe
PID 4216 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\KcFePzN.exe
PID 4216 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\yHVVWYe.exe
PID 4216 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\yHVVWYe.exe
PID 4216 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\AbZGzCf.exe
PID 4216 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\AbZGzCf.exe
PID 4216 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\slcjqcP.exe
PID 4216 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\slcjqcP.exe
PID 4216 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ghckcuG.exe
PID 4216 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ghckcuG.exe
PID 4216 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ueqIHgs.exe
PID 4216 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ueqIHgs.exe
PID 4216 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\dLaTTHD.exe
PID 4216 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\dLaTTHD.exe
PID 4216 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YjdfPRT.exe
PID 4216 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\YjdfPRT.exe
PID 4216 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\fMJsIhq.exe
PID 4216 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\fMJsIhq.exe
PID 4216 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ysJBEjO.exe
PID 4216 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\ysJBEjO.exe
PID 4216 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\tBMKPRx.exe
PID 4216 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe C:\Windows\System\tBMKPRx.exe

Processes

C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\338ed259eff5ae75ff5ea11c5ec013b0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\aocvEoX.exe

C:\Windows\System\aocvEoX.exe

C:\Windows\System\expwpFz.exe

C:\Windows\System\expwpFz.exe

C:\Windows\System\aTnmzTD.exe

C:\Windows\System\aTnmzTD.exe

C:\Windows\System\YKTBaqt.exe

C:\Windows\System\YKTBaqt.exe

C:\Windows\System\BxUsNqP.exe

C:\Windows\System\BxUsNqP.exe

C:\Windows\System\AWHlFzk.exe

C:\Windows\System\AWHlFzk.exe

C:\Windows\System\CFmczna.exe

C:\Windows\System\CFmczna.exe

C:\Windows\System\pZVIZAi.exe

C:\Windows\System\pZVIZAi.exe

C:\Windows\System\TOoUnhx.exe

C:\Windows\System\TOoUnhx.exe

C:\Windows\System\zxPmOqn.exe

C:\Windows\System\zxPmOqn.exe

C:\Windows\System\zQLqUjC.exe

C:\Windows\System\zQLqUjC.exe

C:\Windows\System\tnWoKlT.exe

C:\Windows\System\tnWoKlT.exe

C:\Windows\System\OKPjyzR.exe

C:\Windows\System\OKPjyzR.exe

C:\Windows\System\DFwNhrb.exe

C:\Windows\System\DFwNhrb.exe

C:\Windows\System\FVqxUEK.exe

C:\Windows\System\FVqxUEK.exe

C:\Windows\System\jHwCoTm.exe

C:\Windows\System\jHwCoTm.exe

C:\Windows\System\rzPgPqW.exe

C:\Windows\System\rzPgPqW.exe

C:\Windows\System\XripGja.exe

C:\Windows\System\XripGja.exe

C:\Windows\System\HsPaISv.exe

C:\Windows\System\HsPaISv.exe

C:\Windows\System\YMCfpIn.exe

C:\Windows\System\YMCfpIn.exe

C:\Windows\System\KcFePzN.exe

C:\Windows\System\KcFePzN.exe

C:\Windows\System\yHVVWYe.exe

C:\Windows\System\yHVVWYe.exe

C:\Windows\System\AbZGzCf.exe

C:\Windows\System\AbZGzCf.exe

C:\Windows\System\slcjqcP.exe

C:\Windows\System\slcjqcP.exe

C:\Windows\System\ghckcuG.exe

C:\Windows\System\ghckcuG.exe

C:\Windows\System\ueqIHgs.exe

C:\Windows\System\ueqIHgs.exe

C:\Windows\System\dLaTTHD.exe

C:\Windows\System\dLaTTHD.exe

C:\Windows\System\YjdfPRT.exe

C:\Windows\System\YjdfPRT.exe

C:\Windows\System\fMJsIhq.exe

C:\Windows\System\fMJsIhq.exe

C:\Windows\System\ysJBEjO.exe

C:\Windows\System\ysJBEjO.exe

C:\Windows\System\tBMKPRx.exe

C:\Windows\System\tBMKPRx.exe

C:\Windows\System\UeqTTZz.exe

C:\Windows\System\UeqTTZz.exe

C:\Windows\System\mKqlPwP.exe

C:\Windows\System\mKqlPwP.exe

C:\Windows\System\UyMPFOg.exe

C:\Windows\System\UyMPFOg.exe

C:\Windows\System\SIImaCd.exe

C:\Windows\System\SIImaCd.exe

C:\Windows\System\aqEjaxx.exe

C:\Windows\System\aqEjaxx.exe

C:\Windows\System\VjYyVJJ.exe

C:\Windows\System\VjYyVJJ.exe

C:\Windows\System\GSffbhm.exe

C:\Windows\System\GSffbhm.exe

C:\Windows\System\VaOfLrE.exe

C:\Windows\System\VaOfLrE.exe

C:\Windows\System\CzETNOd.exe

C:\Windows\System\CzETNOd.exe

C:\Windows\System\lCzQrAl.exe

C:\Windows\System\lCzQrAl.exe

C:\Windows\System\ftSKkvn.exe

C:\Windows\System\ftSKkvn.exe

C:\Windows\System\evoUodD.exe

C:\Windows\System\evoUodD.exe

C:\Windows\System\nfjtteD.exe

C:\Windows\System\nfjtteD.exe

C:\Windows\System\lRvjKke.exe

C:\Windows\System\lRvjKke.exe

C:\Windows\System\lVmoJdv.exe

C:\Windows\System\lVmoJdv.exe

C:\Windows\System\tVQcHGb.exe

C:\Windows\System\tVQcHGb.exe

C:\Windows\System\NscsBCM.exe

C:\Windows\System\NscsBCM.exe

C:\Windows\System\jKwmIjc.exe

C:\Windows\System\jKwmIjc.exe

C:\Windows\System\nWnLCYD.exe

C:\Windows\System\nWnLCYD.exe

C:\Windows\System\avMmAtq.exe

C:\Windows\System\avMmAtq.exe

C:\Windows\System\PjiKcZS.exe

C:\Windows\System\PjiKcZS.exe

C:\Windows\System\GkwggRU.exe

C:\Windows\System\GkwggRU.exe

C:\Windows\System\AzcnOYP.exe

C:\Windows\System\AzcnOYP.exe

C:\Windows\System\OZpCfwz.exe

C:\Windows\System\OZpCfwz.exe

C:\Windows\System\roeqWql.exe

C:\Windows\System\roeqWql.exe

C:\Windows\System\mUFbPhZ.exe

C:\Windows\System\mUFbPhZ.exe

C:\Windows\System\oroelzU.exe

C:\Windows\System\oroelzU.exe

C:\Windows\System\HjXkXWs.exe

C:\Windows\System\HjXkXWs.exe

C:\Windows\System\SvVLYqD.exe

C:\Windows\System\SvVLYqD.exe

C:\Windows\System\hZwnNGq.exe

C:\Windows\System\hZwnNGq.exe

C:\Windows\System\qmQBBXX.exe

C:\Windows\System\qmQBBXX.exe

C:\Windows\System\BytycMt.exe

C:\Windows\System\BytycMt.exe

C:\Windows\System\FMCZaza.exe

C:\Windows\System\FMCZaza.exe

C:\Windows\System\XjexSrB.exe

C:\Windows\System\XjexSrB.exe

C:\Windows\System\rPtGaqp.exe

C:\Windows\System\rPtGaqp.exe

C:\Windows\System\LxIqnEL.exe

C:\Windows\System\LxIqnEL.exe

C:\Windows\System\stfbDbI.exe

C:\Windows\System\stfbDbI.exe

C:\Windows\System\JFMldDd.exe

C:\Windows\System\JFMldDd.exe

C:\Windows\System\BFALSAS.exe

C:\Windows\System\BFALSAS.exe

C:\Windows\System\xtqAvLN.exe

C:\Windows\System\xtqAvLN.exe

C:\Windows\System\TykUAaN.exe

C:\Windows\System\TykUAaN.exe

C:\Windows\System\RgVvFNV.exe

C:\Windows\System\RgVvFNV.exe

C:\Windows\System\VzBMBxY.exe

C:\Windows\System\VzBMBxY.exe

C:\Windows\System\RaXKkVK.exe

C:\Windows\System\RaXKkVK.exe

C:\Windows\System\gFFqpiB.exe

C:\Windows\System\gFFqpiB.exe

C:\Windows\System\GEeHQVa.exe

C:\Windows\System\GEeHQVa.exe

C:\Windows\System\RNPHosf.exe

C:\Windows\System\RNPHosf.exe

C:\Windows\System\QGevSqh.exe

C:\Windows\System\QGevSqh.exe

C:\Windows\System\lyAFVFv.exe

C:\Windows\System\lyAFVFv.exe

C:\Windows\System\FpkZbKv.exe

C:\Windows\System\FpkZbKv.exe

C:\Windows\System\jPoghxE.exe

C:\Windows\System\jPoghxE.exe

C:\Windows\System\wtpJAJB.exe

C:\Windows\System\wtpJAJB.exe

C:\Windows\System\cJiNOAe.exe

C:\Windows\System\cJiNOAe.exe

C:\Windows\System\IAbYYva.exe

C:\Windows\System\IAbYYva.exe

C:\Windows\System\RUWFZrQ.exe

C:\Windows\System\RUWFZrQ.exe

C:\Windows\System\pCdOGcy.exe

C:\Windows\System\pCdOGcy.exe

C:\Windows\System\QXiOUTB.exe

C:\Windows\System\QXiOUTB.exe

C:\Windows\System\lvsYFUy.exe

C:\Windows\System\lvsYFUy.exe

C:\Windows\System\LHYFZEJ.exe

C:\Windows\System\LHYFZEJ.exe

C:\Windows\System\awLCWyA.exe

C:\Windows\System\awLCWyA.exe

C:\Windows\System\ZlHaMFi.exe

C:\Windows\System\ZlHaMFi.exe

C:\Windows\System\iwAOpHb.exe

C:\Windows\System\iwAOpHb.exe

C:\Windows\System\TNUbvqW.exe

C:\Windows\System\TNUbvqW.exe

C:\Windows\System\mxwYjhg.exe

C:\Windows\System\mxwYjhg.exe

C:\Windows\System\fdAjxCO.exe

C:\Windows\System\fdAjxCO.exe

C:\Windows\System\kpgrbQF.exe

C:\Windows\System\kpgrbQF.exe

C:\Windows\System\gZsOVhA.exe

C:\Windows\System\gZsOVhA.exe

C:\Windows\System\FLdvRFv.exe

C:\Windows\System\FLdvRFv.exe

C:\Windows\System\jGTdJnk.exe

C:\Windows\System\jGTdJnk.exe

C:\Windows\System\SiGXOPr.exe

C:\Windows\System\SiGXOPr.exe

C:\Windows\System\JJoRCbg.exe

C:\Windows\System\JJoRCbg.exe

C:\Windows\System\YswNHWy.exe

C:\Windows\System\YswNHWy.exe

C:\Windows\System\LpPBvrx.exe

C:\Windows\System\LpPBvrx.exe

C:\Windows\System\rulqJHY.exe

C:\Windows\System\rulqJHY.exe

C:\Windows\System\dLTssOg.exe

C:\Windows\System\dLTssOg.exe

C:\Windows\System\sEjzkzj.exe

C:\Windows\System\sEjzkzj.exe

C:\Windows\System\xUYCUew.exe

C:\Windows\System\xUYCUew.exe

C:\Windows\System\EQTZEEp.exe

C:\Windows\System\EQTZEEp.exe

C:\Windows\System\jgfZJUh.exe

C:\Windows\System\jgfZJUh.exe

C:\Windows\System\FuZzodw.exe

C:\Windows\System\FuZzodw.exe

C:\Windows\System\PKTbTot.exe

C:\Windows\System\PKTbTot.exe

C:\Windows\System\Ogpsaga.exe

C:\Windows\System\Ogpsaga.exe

C:\Windows\System\KCSckPL.exe

C:\Windows\System\KCSckPL.exe

C:\Windows\System\pumzwCJ.exe

C:\Windows\System\pumzwCJ.exe

C:\Windows\System\YDCZrSP.exe

C:\Windows\System\YDCZrSP.exe

C:\Windows\System\IPNxGRA.exe

C:\Windows\System\IPNxGRA.exe

C:\Windows\System\FpEIHcx.exe

C:\Windows\System\FpEIHcx.exe

C:\Windows\System\vvrpTVN.exe

C:\Windows\System\vvrpTVN.exe

C:\Windows\System\SssfrPV.exe

C:\Windows\System\SssfrPV.exe

C:\Windows\System\LYMBIeg.exe

C:\Windows\System\LYMBIeg.exe

C:\Windows\System\lfVXVDF.exe

C:\Windows\System\lfVXVDF.exe

C:\Windows\System\oLqiQBE.exe

C:\Windows\System\oLqiQBE.exe

C:\Windows\System\zvdAqxM.exe

C:\Windows\System\zvdAqxM.exe

C:\Windows\System\ymTDhGh.exe

C:\Windows\System\ymTDhGh.exe

C:\Windows\System\TBRKgxm.exe

C:\Windows\System\TBRKgxm.exe

C:\Windows\System\fqgNHhF.exe

C:\Windows\System\fqgNHhF.exe

C:\Windows\System\sachmDx.exe

C:\Windows\System\sachmDx.exe

C:\Windows\System\aWsQQpw.exe

C:\Windows\System\aWsQQpw.exe

C:\Windows\System\qnqPibK.exe

C:\Windows\System\qnqPibK.exe

C:\Windows\System\ZNuxuVO.exe

C:\Windows\System\ZNuxuVO.exe

C:\Windows\System\bJWCwHw.exe

C:\Windows\System\bJWCwHw.exe

C:\Windows\System\qGeNvhT.exe

C:\Windows\System\qGeNvhT.exe

C:\Windows\System\WrquHPl.exe

C:\Windows\System\WrquHPl.exe

C:\Windows\System\ugGUcRl.exe

C:\Windows\System\ugGUcRl.exe

C:\Windows\System\uePoKEX.exe

C:\Windows\System\uePoKEX.exe

C:\Windows\System\qGhDnae.exe

C:\Windows\System\qGhDnae.exe

C:\Windows\System\XIghOkQ.exe

C:\Windows\System\XIghOkQ.exe

C:\Windows\System\cOZlqoe.exe

C:\Windows\System\cOZlqoe.exe

C:\Windows\System\qXAWHhB.exe

C:\Windows\System\qXAWHhB.exe

C:\Windows\System\MVuLJCr.exe

C:\Windows\System\MVuLJCr.exe

C:\Windows\System\SuuqZLH.exe

C:\Windows\System\SuuqZLH.exe

C:\Windows\System\ZKbrULC.exe

C:\Windows\System\ZKbrULC.exe

C:\Windows\System\zzOLknb.exe

C:\Windows\System\zzOLknb.exe

C:\Windows\System\qLtHYBp.exe

C:\Windows\System\qLtHYBp.exe

C:\Windows\System\zdJWzOO.exe

C:\Windows\System\zdJWzOO.exe

C:\Windows\System\FtIDToK.exe

C:\Windows\System\FtIDToK.exe

C:\Windows\System\SVOhXnM.exe

C:\Windows\System\SVOhXnM.exe

C:\Windows\System\unrVkwb.exe

C:\Windows\System\unrVkwb.exe

C:\Windows\System\zKufJgm.exe

C:\Windows\System\zKufJgm.exe

C:\Windows\System\GyBjOFT.exe

C:\Windows\System\GyBjOFT.exe

C:\Windows\System\lMlYsxb.exe

C:\Windows\System\lMlYsxb.exe

C:\Windows\System\MyksDkQ.exe

C:\Windows\System\MyksDkQ.exe

C:\Windows\System\EuQVicL.exe

C:\Windows\System\EuQVicL.exe

C:\Windows\System\QbBnoth.exe

C:\Windows\System\QbBnoth.exe

C:\Windows\System\aQKeGfu.exe

C:\Windows\System\aQKeGfu.exe

C:\Windows\System\FXzjhZw.exe

C:\Windows\System\FXzjhZw.exe

C:\Windows\System\qCXTOjT.exe

C:\Windows\System\qCXTOjT.exe

C:\Windows\System\AhnAQLI.exe

C:\Windows\System\AhnAQLI.exe

C:\Windows\System\OzJqqTF.exe

C:\Windows\System\OzJqqTF.exe

C:\Windows\System\BYmivyR.exe

C:\Windows\System\BYmivyR.exe

C:\Windows\System\NGeYUMb.exe

C:\Windows\System\NGeYUMb.exe

C:\Windows\System\VYcDjUE.exe

C:\Windows\System\VYcDjUE.exe

C:\Windows\System\HBiwJbZ.exe

C:\Windows\System\HBiwJbZ.exe

C:\Windows\System\jWOjFhA.exe

C:\Windows\System\jWOjFhA.exe

C:\Windows\System\Hcqgxoh.exe

C:\Windows\System\Hcqgxoh.exe

C:\Windows\System\FRexpnB.exe

C:\Windows\System\FRexpnB.exe

C:\Windows\System\INECQHh.exe

C:\Windows\System\INECQHh.exe

C:\Windows\System\rqDIEUg.exe

C:\Windows\System\rqDIEUg.exe

C:\Windows\System\DPBJHZo.exe

C:\Windows\System\DPBJHZo.exe

C:\Windows\System\fEwWMKi.exe

C:\Windows\System\fEwWMKi.exe

C:\Windows\System\HoVgzkn.exe

C:\Windows\System\HoVgzkn.exe

C:\Windows\System\UmUFIAQ.exe

C:\Windows\System\UmUFIAQ.exe

C:\Windows\System\bDQSmiN.exe

C:\Windows\System\bDQSmiN.exe

C:\Windows\System\sTBAtLR.exe

C:\Windows\System\sTBAtLR.exe

C:\Windows\System\xKgoQSV.exe

C:\Windows\System\xKgoQSV.exe

C:\Windows\System\YqBypol.exe

C:\Windows\System\YqBypol.exe

C:\Windows\System\clPoSay.exe

C:\Windows\System\clPoSay.exe

C:\Windows\System\VHzbDHo.exe

C:\Windows\System\VHzbDHo.exe

C:\Windows\System\bEuKHOB.exe

C:\Windows\System\bEuKHOB.exe

C:\Windows\System\aQgSgSd.exe

C:\Windows\System\aQgSgSd.exe

C:\Windows\System\cfJXhqo.exe

C:\Windows\System\cfJXhqo.exe

C:\Windows\System\GwRIPxw.exe

C:\Windows\System\GwRIPxw.exe

C:\Windows\System\FxgKTzM.exe

C:\Windows\System\FxgKTzM.exe

C:\Windows\System\VExANNd.exe

C:\Windows\System\VExANNd.exe

C:\Windows\System\fxYKgTC.exe

C:\Windows\System\fxYKgTC.exe

C:\Windows\System\iYjznRF.exe

C:\Windows\System\iYjznRF.exe

C:\Windows\System\uvSXsiD.exe

C:\Windows\System\uvSXsiD.exe

C:\Windows\System\AicNECI.exe

C:\Windows\System\AicNECI.exe

C:\Windows\System\ZcOEEZe.exe

C:\Windows\System\ZcOEEZe.exe

C:\Windows\System\TCLpKFi.exe

C:\Windows\System\TCLpKFi.exe

C:\Windows\System\MLLLQcs.exe

C:\Windows\System\MLLLQcs.exe

C:\Windows\System\ctqzAAs.exe

C:\Windows\System\ctqzAAs.exe

C:\Windows\System\pesuAQI.exe

C:\Windows\System\pesuAQI.exe

C:\Windows\System\jYJqHKV.exe

C:\Windows\System\jYJqHKV.exe

C:\Windows\System\sIEVvUx.exe

C:\Windows\System\sIEVvUx.exe

C:\Windows\System\suVAoLM.exe

C:\Windows\System\suVAoLM.exe

C:\Windows\System\QKnBxlC.exe

C:\Windows\System\QKnBxlC.exe

C:\Windows\System\vUaaJRb.exe

C:\Windows\System\vUaaJRb.exe

C:\Windows\System\lHZDmPw.exe

C:\Windows\System\lHZDmPw.exe

C:\Windows\System\aVJoGSF.exe

C:\Windows\System\aVJoGSF.exe

C:\Windows\System\CjlibPE.exe

C:\Windows\System\CjlibPE.exe

C:\Windows\System\PtNiWKZ.exe

C:\Windows\System\PtNiWKZ.exe

C:\Windows\System\TmeHfjC.exe

C:\Windows\System\TmeHfjC.exe

C:\Windows\System\tcUdFQk.exe

C:\Windows\System\tcUdFQk.exe

C:\Windows\System\yXRyxcC.exe

C:\Windows\System\yXRyxcC.exe

C:\Windows\System\tHKwkpN.exe

C:\Windows\System\tHKwkpN.exe

C:\Windows\System\CLNEKhy.exe

C:\Windows\System\CLNEKhy.exe

C:\Windows\System\BdOCdiB.exe

C:\Windows\System\BdOCdiB.exe

C:\Windows\System\FwzAszX.exe

C:\Windows\System\FwzAszX.exe

C:\Windows\System\UPhFtzH.exe

C:\Windows\System\UPhFtzH.exe

C:\Windows\System\zmSGpkX.exe

C:\Windows\System\zmSGpkX.exe

C:\Windows\System\hztByZL.exe

C:\Windows\System\hztByZL.exe

C:\Windows\System\oQPvBXD.exe

C:\Windows\System\oQPvBXD.exe

C:\Windows\System\Fikhfzh.exe

C:\Windows\System\Fikhfzh.exe

C:\Windows\System\XfKhPAg.exe

C:\Windows\System\XfKhPAg.exe

C:\Windows\System\qsQxFmE.exe

C:\Windows\System\qsQxFmE.exe

C:\Windows\System\WMxsKoT.exe

C:\Windows\System\WMxsKoT.exe

C:\Windows\System\zMxIwZB.exe

C:\Windows\System\zMxIwZB.exe

C:\Windows\System\BGkbUrk.exe

C:\Windows\System\BGkbUrk.exe

C:\Windows\System\dndLDjk.exe

C:\Windows\System\dndLDjk.exe

C:\Windows\System\QvFnyXi.exe

C:\Windows\System\QvFnyXi.exe

C:\Windows\System\ahCUVfG.exe

C:\Windows\System\ahCUVfG.exe

C:\Windows\System\WTucSUc.exe

C:\Windows\System\WTucSUc.exe

C:\Windows\System\wjTLhau.exe

C:\Windows\System\wjTLhau.exe

C:\Windows\System\eyJBdUz.exe

C:\Windows\System\eyJBdUz.exe

C:\Windows\System\pkBmMAl.exe

C:\Windows\System\pkBmMAl.exe

C:\Windows\System\upMRVlX.exe

C:\Windows\System\upMRVlX.exe

C:\Windows\System\hBUFfzR.exe

C:\Windows\System\hBUFfzR.exe

C:\Windows\System\XmvVOCu.exe

C:\Windows\System\XmvVOCu.exe

C:\Windows\System\AbrRuaO.exe

C:\Windows\System\AbrRuaO.exe

C:\Windows\System\hvmjowg.exe

C:\Windows\System\hvmjowg.exe

C:\Windows\System\myNEfOG.exe

C:\Windows\System\myNEfOG.exe

C:\Windows\System\zkVhJgU.exe

C:\Windows\System\zkVhJgU.exe

C:\Windows\System\fRPzSwt.exe

C:\Windows\System\fRPzSwt.exe

C:\Windows\System\KMhjbtz.exe

C:\Windows\System\KMhjbtz.exe

C:\Windows\System\gmvVXAa.exe

C:\Windows\System\gmvVXAa.exe

C:\Windows\System\SuUtTuW.exe

C:\Windows\System\SuUtTuW.exe

C:\Windows\System\pwsxqjJ.exe

C:\Windows\System\pwsxqjJ.exe

C:\Windows\System\cBydnkg.exe

C:\Windows\System\cBydnkg.exe

C:\Windows\System\lcmWpSG.exe

C:\Windows\System\lcmWpSG.exe

C:\Windows\System\suebmaZ.exe

C:\Windows\System\suebmaZ.exe

C:\Windows\System\BesGwUv.exe

C:\Windows\System\BesGwUv.exe

C:\Windows\System\yoNLLMJ.exe

C:\Windows\System\yoNLLMJ.exe

C:\Windows\System\RzZhkvl.exe

C:\Windows\System\RzZhkvl.exe

C:\Windows\System\KxknsuC.exe

C:\Windows\System\KxknsuC.exe

C:\Windows\System\piKAIHC.exe

C:\Windows\System\piKAIHC.exe

C:\Windows\System\JdGYJoj.exe

C:\Windows\System\JdGYJoj.exe

C:\Windows\System\jdLIkDH.exe

C:\Windows\System\jdLIkDH.exe

C:\Windows\System\ySkVBsP.exe

C:\Windows\System\ySkVBsP.exe

C:\Windows\System\FoqvAwo.exe

C:\Windows\System\FoqvAwo.exe

C:\Windows\System\xkGevNg.exe

C:\Windows\System\xkGevNg.exe

C:\Windows\System\CPWHlmK.exe

C:\Windows\System\CPWHlmK.exe

C:\Windows\System\nzGfgkL.exe

C:\Windows\System\nzGfgkL.exe

C:\Windows\System\uaGKiqs.exe

C:\Windows\System\uaGKiqs.exe

C:\Windows\System\QePNpdu.exe

C:\Windows\System\QePNpdu.exe

C:\Windows\System\Qofkrpe.exe

C:\Windows\System\Qofkrpe.exe

C:\Windows\System\NqIZQmk.exe

C:\Windows\System\NqIZQmk.exe

C:\Windows\System\lQabGwb.exe

C:\Windows\System\lQabGwb.exe

C:\Windows\System\wcaCZfM.exe

C:\Windows\System\wcaCZfM.exe

C:\Windows\System\OMhqkIB.exe

C:\Windows\System\OMhqkIB.exe

C:\Windows\System\iFgWQol.exe

C:\Windows\System\iFgWQol.exe

C:\Windows\System\BjhFnrj.exe

C:\Windows\System\BjhFnrj.exe

C:\Windows\System\ROgqNad.exe

C:\Windows\System\ROgqNad.exe

C:\Windows\System\szwjSMi.exe

C:\Windows\System\szwjSMi.exe

C:\Windows\System\NwIqtGP.exe

C:\Windows\System\NwIqtGP.exe

C:\Windows\System\PhGQepk.exe

C:\Windows\System\PhGQepk.exe

C:\Windows\System\iMQhTaB.exe

C:\Windows\System\iMQhTaB.exe

C:\Windows\System\olsKrvQ.exe

C:\Windows\System\olsKrvQ.exe

C:\Windows\System\woToDHq.exe

C:\Windows\System\woToDHq.exe

C:\Windows\System\ogmDQCV.exe

C:\Windows\System\ogmDQCV.exe

C:\Windows\System\RwiAaXm.exe

C:\Windows\System\RwiAaXm.exe

C:\Windows\System\ITmaDtn.exe

C:\Windows\System\ITmaDtn.exe

C:\Windows\System\zamZLlw.exe

C:\Windows\System\zamZLlw.exe

C:\Windows\System\OjIuGeY.exe

C:\Windows\System\OjIuGeY.exe

C:\Windows\System\HTVRUDj.exe

C:\Windows\System\HTVRUDj.exe

C:\Windows\System\gNocgBT.exe

C:\Windows\System\gNocgBT.exe

C:\Windows\System\XGKfqQl.exe

C:\Windows\System\XGKfqQl.exe

C:\Windows\System\itzccQZ.exe

C:\Windows\System\itzccQZ.exe

C:\Windows\System\NgUdYbF.exe

C:\Windows\System\NgUdYbF.exe

C:\Windows\System\nWzUvbB.exe

C:\Windows\System\nWzUvbB.exe

C:\Windows\System\BbgWodI.exe

C:\Windows\System\BbgWodI.exe

C:\Windows\System\ufTkrEY.exe

C:\Windows\System\ufTkrEY.exe

C:\Windows\System\CBCBIVo.exe

C:\Windows\System\CBCBIVo.exe

C:\Windows\System\CJwyblI.exe

C:\Windows\System\CJwyblI.exe

C:\Windows\System\pEzJjdK.exe

C:\Windows\System\pEzJjdK.exe

C:\Windows\System\KFECPlN.exe

C:\Windows\System\KFECPlN.exe

C:\Windows\System\mVCdoJi.exe

C:\Windows\System\mVCdoJi.exe

C:\Windows\System\pKQQfFV.exe

C:\Windows\System\pKQQfFV.exe

C:\Windows\System\ojKSFjJ.exe

C:\Windows\System\ojKSFjJ.exe

C:\Windows\System\CJrdTfB.exe

C:\Windows\System\CJrdTfB.exe

C:\Windows\System\jdSOWuX.exe

C:\Windows\System\jdSOWuX.exe

C:\Windows\System\HqMfIYu.exe

C:\Windows\System\HqMfIYu.exe

C:\Windows\System\ihzeDfu.exe

C:\Windows\System\ihzeDfu.exe

C:\Windows\System\ShQmlDJ.exe

C:\Windows\System\ShQmlDJ.exe

C:\Windows\System\IsCDqFn.exe

C:\Windows\System\IsCDqFn.exe

C:\Windows\System\jXKNrXe.exe

C:\Windows\System\jXKNrXe.exe

C:\Windows\System\qEjMpUT.exe

C:\Windows\System\qEjMpUT.exe

C:\Windows\System\HZuIWXQ.exe

C:\Windows\System\HZuIWXQ.exe

C:\Windows\System\tZQTHPR.exe

C:\Windows\System\tZQTHPR.exe

C:\Windows\System\BYvIYQw.exe

C:\Windows\System\BYvIYQw.exe

C:\Windows\System\fikNVBt.exe

C:\Windows\System\fikNVBt.exe

C:\Windows\System\VtvsUUC.exe

C:\Windows\System\VtvsUUC.exe

C:\Windows\System\QhOlJmL.exe

C:\Windows\System\QhOlJmL.exe

C:\Windows\System\hiibBSU.exe

C:\Windows\System\hiibBSU.exe

C:\Windows\System\QpzRoNv.exe

C:\Windows\System\QpzRoNv.exe

C:\Windows\System\DXcovZh.exe

C:\Windows\System\DXcovZh.exe

C:\Windows\System\Ttgqsse.exe

C:\Windows\System\Ttgqsse.exe

C:\Windows\System\RlqoWMw.exe

C:\Windows\System\RlqoWMw.exe

C:\Windows\System\XHArvIw.exe

C:\Windows\System\XHArvIw.exe

C:\Windows\System\SkvaKHx.exe

C:\Windows\System\SkvaKHx.exe

C:\Windows\System\SbBSiRS.exe

C:\Windows\System\SbBSiRS.exe

C:\Windows\System\vFIBbGf.exe

C:\Windows\System\vFIBbGf.exe

C:\Windows\System\gMyzZkX.exe

C:\Windows\System\gMyzZkX.exe

C:\Windows\System\tuvjJgc.exe

C:\Windows\System\tuvjJgc.exe

C:\Windows\System\ypVfqyS.exe

C:\Windows\System\ypVfqyS.exe

C:\Windows\System\pmGEpKw.exe

C:\Windows\System\pmGEpKw.exe

C:\Windows\System\nrGrVpf.exe

C:\Windows\System\nrGrVpf.exe

C:\Windows\System\HWIIKll.exe

C:\Windows\System\HWIIKll.exe

C:\Windows\System\NPiFwGk.exe

C:\Windows\System\NPiFwGk.exe

C:\Windows\System\XbgGwdO.exe

C:\Windows\System\XbgGwdO.exe

C:\Windows\System\BJiPcgZ.exe

C:\Windows\System\BJiPcgZ.exe

C:\Windows\System\lnxrBJR.exe

C:\Windows\System\lnxrBJR.exe

C:\Windows\System\vosYVdt.exe

C:\Windows\System\vosYVdt.exe

C:\Windows\System\ZkMEOet.exe

C:\Windows\System\ZkMEOet.exe

C:\Windows\System\WAZYjmp.exe

C:\Windows\System\WAZYjmp.exe

C:\Windows\System\jHEdWrQ.exe

C:\Windows\System\jHEdWrQ.exe

C:\Windows\System\mAdvLxi.exe

C:\Windows\System\mAdvLxi.exe

C:\Windows\System\AajKeoA.exe

C:\Windows\System\AajKeoA.exe

C:\Windows\System\enMcbCm.exe

C:\Windows\System\enMcbCm.exe

C:\Windows\System\ooVkYDC.exe

C:\Windows\System\ooVkYDC.exe

C:\Windows\System\TXWfrQe.exe

C:\Windows\System\TXWfrQe.exe

C:\Windows\System\jstrjJs.exe

C:\Windows\System\jstrjJs.exe

C:\Windows\System\xqYadUs.exe

C:\Windows\System\xqYadUs.exe

C:\Windows\System\plduUFj.exe

C:\Windows\System\plduUFj.exe

C:\Windows\System\tkpUqJF.exe

C:\Windows\System\tkpUqJF.exe

C:\Windows\System\QppciKi.exe

C:\Windows\System\QppciKi.exe

C:\Windows\System\tSXNpLY.exe

C:\Windows\System\tSXNpLY.exe

C:\Windows\System\aNwWVCs.exe

C:\Windows\System\aNwWVCs.exe

C:\Windows\System\ZwbgYAZ.exe

C:\Windows\System\ZwbgYAZ.exe

C:\Windows\System\ASBOjuS.exe

C:\Windows\System\ASBOjuS.exe

C:\Windows\System\dQOYLPk.exe

C:\Windows\System\dQOYLPk.exe

C:\Windows\System\GxmoOHf.exe

C:\Windows\System\GxmoOHf.exe

C:\Windows\System\oLMIlKC.exe

C:\Windows\System\oLMIlKC.exe

C:\Windows\System\WRmYPZr.exe

C:\Windows\System\WRmYPZr.exe

C:\Windows\System\YhRcFVk.exe

C:\Windows\System\YhRcFVk.exe

C:\Windows\System\GgeDdov.exe

C:\Windows\System\GgeDdov.exe

C:\Windows\System\DTHgLth.exe

C:\Windows\System\DTHgLth.exe

C:\Windows\System\nedwLQo.exe

C:\Windows\System\nedwLQo.exe

C:\Windows\System\MKlDAgo.exe

C:\Windows\System\MKlDAgo.exe

C:\Windows\System\dRuYSCr.exe

C:\Windows\System\dRuYSCr.exe

C:\Windows\System\rRPRNaI.exe

C:\Windows\System\rRPRNaI.exe

C:\Windows\System\GSlTtJC.exe

C:\Windows\System\GSlTtJC.exe

C:\Windows\System\zzFKUbv.exe

C:\Windows\System\zzFKUbv.exe

C:\Windows\System\MZOqYKR.exe

C:\Windows\System\MZOqYKR.exe

C:\Windows\System\PdwJMJN.exe

C:\Windows\System\PdwJMJN.exe

C:\Windows\System\ChtQMXC.exe

C:\Windows\System\ChtQMXC.exe

C:\Windows\System\vIIdsSf.exe

C:\Windows\System\vIIdsSf.exe

C:\Windows\System\LPhhIDV.exe

C:\Windows\System\LPhhIDV.exe

C:\Windows\System\DzoOLKi.exe

C:\Windows\System\DzoOLKi.exe

C:\Windows\System\fLvDHPb.exe

C:\Windows\System\fLvDHPb.exe

C:\Windows\System\fLeSznm.exe

C:\Windows\System\fLeSznm.exe

C:\Windows\System\kmUYKWS.exe

C:\Windows\System\kmUYKWS.exe

C:\Windows\System\FaUhYQk.exe

C:\Windows\System\FaUhYQk.exe

C:\Windows\System\SEdKIRm.exe

C:\Windows\System\SEdKIRm.exe

C:\Windows\System\TxfKLBq.exe

C:\Windows\System\TxfKLBq.exe

C:\Windows\System\LCakzMI.exe

C:\Windows\System\LCakzMI.exe

C:\Windows\System\swHAVMW.exe

C:\Windows\System\swHAVMW.exe

C:\Windows\System\XwhVKkw.exe

C:\Windows\System\XwhVKkw.exe

C:\Windows\System\pyJPqxq.exe

C:\Windows\System\pyJPqxq.exe

C:\Windows\System\sWhaOXz.exe

C:\Windows\System\sWhaOXz.exe

C:\Windows\System\qOTWuah.exe

C:\Windows\System\qOTWuah.exe

C:\Windows\System\NVeOLdM.exe

C:\Windows\System\NVeOLdM.exe

C:\Windows\System\WBTZDdV.exe

C:\Windows\System\WBTZDdV.exe

C:\Windows\System\BuoVUhJ.exe

C:\Windows\System\BuoVUhJ.exe

C:\Windows\System\XsSadKR.exe

C:\Windows\System\XsSadKR.exe

C:\Windows\System\ZCRIWkd.exe

C:\Windows\System\ZCRIWkd.exe

C:\Windows\System\IBlwTQf.exe

C:\Windows\System\IBlwTQf.exe

C:\Windows\System\xDVlAYz.exe

C:\Windows\System\xDVlAYz.exe

C:\Windows\System\lpcNahW.exe

C:\Windows\System\lpcNahW.exe

C:\Windows\System\RwscMOF.exe

C:\Windows\System\RwscMOF.exe

C:\Windows\System\WaxhTAg.exe

C:\Windows\System\WaxhTAg.exe

C:\Windows\System\TWiTfjn.exe

C:\Windows\System\TWiTfjn.exe

C:\Windows\System\WeGhegC.exe

C:\Windows\System\WeGhegC.exe

C:\Windows\System\BWgyYHo.exe

C:\Windows\System\BWgyYHo.exe

C:\Windows\System\OhSxFOd.exe

C:\Windows\System\OhSxFOd.exe

C:\Windows\System\dziWWLn.exe

C:\Windows\System\dziWWLn.exe

C:\Windows\System\gciwYxn.exe

C:\Windows\System\gciwYxn.exe

C:\Windows\System\MGUYytW.exe

C:\Windows\System\MGUYytW.exe

C:\Windows\System\NfFczuT.exe

C:\Windows\System\NfFczuT.exe

C:\Windows\System\fDDmxmX.exe

C:\Windows\System\fDDmxmX.exe

C:\Windows\System\PAPXHkz.exe

C:\Windows\System\PAPXHkz.exe

C:\Windows\System\EYyznyE.exe

C:\Windows\System\EYyznyE.exe

C:\Windows\System\mQKuHJp.exe

C:\Windows\System\mQKuHJp.exe

C:\Windows\System\FEZjYeI.exe

C:\Windows\System\FEZjYeI.exe

C:\Windows\System\jSrQdkM.exe

C:\Windows\System\jSrQdkM.exe

C:\Windows\System\DBsPLLP.exe

C:\Windows\System\DBsPLLP.exe

C:\Windows\System\YPGyYTj.exe

C:\Windows\System\YPGyYTj.exe

C:\Windows\System\EvQKdKe.exe

C:\Windows\System\EvQKdKe.exe

C:\Windows\System\JaNKPbA.exe

C:\Windows\System\JaNKPbA.exe

C:\Windows\System\swpOJpj.exe

C:\Windows\System\swpOJpj.exe

C:\Windows\System\YRSEqRM.exe

C:\Windows\System\YRSEqRM.exe

C:\Windows\System\GBOgCtf.exe

C:\Windows\System\GBOgCtf.exe

C:\Windows\System\SRKRcPx.exe

C:\Windows\System\SRKRcPx.exe

C:\Windows\System\YhjPywl.exe

C:\Windows\System\YhjPywl.exe

C:\Windows\System\lCRndRK.exe

C:\Windows\System\lCRndRK.exe

C:\Windows\System\xNQtEgC.exe

C:\Windows\System\xNQtEgC.exe

C:\Windows\System\jYymLdT.exe

C:\Windows\System\jYymLdT.exe

C:\Windows\System\MLppyaE.exe

C:\Windows\System\MLppyaE.exe

C:\Windows\System\UIPUVKY.exe

C:\Windows\System\UIPUVKY.exe

C:\Windows\System\KXLRBwS.exe

C:\Windows\System\KXLRBwS.exe

C:\Windows\System\ZmAlArf.exe

C:\Windows\System\ZmAlArf.exe

C:\Windows\System\RxXChWH.exe

C:\Windows\System\RxXChWH.exe

C:\Windows\System\GnmDSSg.exe

C:\Windows\System\GnmDSSg.exe

C:\Windows\System\WdnklMN.exe

C:\Windows\System\WdnklMN.exe

C:\Windows\System\JbqVozu.exe

C:\Windows\System\JbqVozu.exe

C:\Windows\System\tlFDtYs.exe

C:\Windows\System\tlFDtYs.exe

C:\Windows\System\CJxcxzB.exe

C:\Windows\System\CJxcxzB.exe

C:\Windows\System\OrDLxqt.exe

C:\Windows\System\OrDLxqt.exe

C:\Windows\System\VZVVGFY.exe

C:\Windows\System\VZVVGFY.exe

C:\Windows\System\CDIoita.exe

C:\Windows\System\CDIoita.exe

C:\Windows\System\XosBWzu.exe

C:\Windows\System\XosBWzu.exe

C:\Windows\System\vJFoHoz.exe

C:\Windows\System\vJFoHoz.exe

C:\Windows\System\mLXIezU.exe

C:\Windows\System\mLXIezU.exe

C:\Windows\System\WEvCcwJ.exe

C:\Windows\System\WEvCcwJ.exe

C:\Windows\System\cnyghDd.exe

C:\Windows\System\cnyghDd.exe

C:\Windows\System\OSnastQ.exe

C:\Windows\System\OSnastQ.exe

C:\Windows\System\xjXYVHe.exe

C:\Windows\System\xjXYVHe.exe

C:\Windows\System\gGJAzVT.exe

C:\Windows\System\gGJAzVT.exe

C:\Windows\System\KMTcqXg.exe

C:\Windows\System\KMTcqXg.exe

C:\Windows\System\UjNFnOI.exe

C:\Windows\System\UjNFnOI.exe

C:\Windows\System\RdSyMyl.exe

C:\Windows\System\RdSyMyl.exe

C:\Windows\System\bnEwPES.exe

C:\Windows\System\bnEwPES.exe

C:\Windows\System\iyYHdtf.exe

C:\Windows\System\iyYHdtf.exe

C:\Windows\System\zzAmbll.exe

C:\Windows\System\zzAmbll.exe

C:\Windows\System\AbtPBrO.exe

C:\Windows\System\AbtPBrO.exe

C:\Windows\System\eyrnDGq.exe

C:\Windows\System\eyrnDGq.exe

C:\Windows\System\nrGUrbT.exe

C:\Windows\System\nrGUrbT.exe

C:\Windows\System\PQUhrNH.exe

C:\Windows\System\PQUhrNH.exe

C:\Windows\System\sateDvP.exe

C:\Windows\System\sateDvP.exe

C:\Windows\System\HOZvPos.exe

C:\Windows\System\HOZvPos.exe

C:\Windows\System\UEaooBC.exe

C:\Windows\System\UEaooBC.exe

C:\Windows\System\ahAXVIS.exe

C:\Windows\System\ahAXVIS.exe

C:\Windows\System\rGbsvSE.exe

C:\Windows\System\rGbsvSE.exe

C:\Windows\System\FgzvBbq.exe

C:\Windows\System\FgzvBbq.exe

C:\Windows\System\DdszZpC.exe

C:\Windows\System\DdszZpC.exe

C:\Windows\System\eiXzNKy.exe

C:\Windows\System\eiXzNKy.exe

C:\Windows\System\EkHgXtA.exe

C:\Windows\System\EkHgXtA.exe

C:\Windows\System\BuoeKuz.exe

C:\Windows\System\BuoeKuz.exe

C:\Windows\System\rAjxSPx.exe

C:\Windows\System\rAjxSPx.exe

C:\Windows\System\BmUdRUB.exe

C:\Windows\System\BmUdRUB.exe

C:\Windows\System\kIroRav.exe

C:\Windows\System\kIroRav.exe

C:\Windows\System\AfpoSnl.exe

C:\Windows\System\AfpoSnl.exe

C:\Windows\System\qyMoboL.exe

C:\Windows\System\qyMoboL.exe

C:\Windows\System\SzNYRHo.exe

C:\Windows\System\SzNYRHo.exe

C:\Windows\System\pWXDyjf.exe

C:\Windows\System\pWXDyjf.exe

C:\Windows\System\OnQAofO.exe

C:\Windows\System\OnQAofO.exe

C:\Windows\System\ETSTdJg.exe

C:\Windows\System\ETSTdJg.exe

C:\Windows\System\LbbNHhm.exe

C:\Windows\System\LbbNHhm.exe

C:\Windows\System\KVsNqJM.exe

C:\Windows\System\KVsNqJM.exe

C:\Windows\System\nkZhRGW.exe

C:\Windows\System\nkZhRGW.exe

C:\Windows\System\uxWKDxc.exe

C:\Windows\System\uxWKDxc.exe

C:\Windows\System\HIOQzVz.exe

C:\Windows\System\HIOQzVz.exe

C:\Windows\System\vJHswBq.exe

C:\Windows\System\vJHswBq.exe

C:\Windows\System\KuAmguN.exe

C:\Windows\System\KuAmguN.exe

C:\Windows\System\IVHGFPk.exe

C:\Windows\System\IVHGFPk.exe

C:\Windows\System\jYFXLRH.exe

C:\Windows\System\jYFXLRH.exe

C:\Windows\System\RuESxFT.exe

C:\Windows\System\RuESxFT.exe

C:\Windows\System\ymPoHNY.exe

C:\Windows\System\ymPoHNY.exe

C:\Windows\System\IYrqMUt.exe

C:\Windows\System\IYrqMUt.exe

C:\Windows\System\zlqIbXb.exe

C:\Windows\System\zlqIbXb.exe

C:\Windows\System\nIWTxAD.exe

C:\Windows\System\nIWTxAD.exe

C:\Windows\System\teXbDlK.exe

C:\Windows\System\teXbDlK.exe

C:\Windows\System\NeTsLDr.exe

C:\Windows\System\NeTsLDr.exe

C:\Windows\System\LAVisUd.exe

C:\Windows\System\LAVisUd.exe

C:\Windows\System\fRhaFbk.exe

C:\Windows\System\fRhaFbk.exe

C:\Windows\System\MGbyWYi.exe

C:\Windows\System\MGbyWYi.exe

C:\Windows\System\HJDcAqK.exe

C:\Windows\System\HJDcAqK.exe

C:\Windows\System\yWVBBVS.exe

C:\Windows\System\yWVBBVS.exe

C:\Windows\System\QEKvOFP.exe

C:\Windows\System\QEKvOFP.exe

C:\Windows\System\HJVndNo.exe

C:\Windows\System\HJVndNo.exe

C:\Windows\System\isvORDr.exe

C:\Windows\System\isvORDr.exe

C:\Windows\System\hKSjcKY.exe

C:\Windows\System\hKSjcKY.exe

C:\Windows\System\fNKldUp.exe

C:\Windows\System\fNKldUp.exe

C:\Windows\System\DOoIHnW.exe

C:\Windows\System\DOoIHnW.exe

C:\Windows\System\WPjOZCm.exe

C:\Windows\System\WPjOZCm.exe

C:\Windows\System\BjtdIQu.exe

C:\Windows\System\BjtdIQu.exe

C:\Windows\System\SKoZZcK.exe

C:\Windows\System\SKoZZcK.exe

C:\Windows\System\bdQOSfC.exe

C:\Windows\System\bdQOSfC.exe

C:\Windows\System\KVZQkLb.exe

C:\Windows\System\KVZQkLb.exe

C:\Windows\System\sIYwYwp.exe

C:\Windows\System\sIYwYwp.exe

C:\Windows\System\PsZPMow.exe

C:\Windows\System\PsZPMow.exe

C:\Windows\System\LXjEQSg.exe

C:\Windows\System\LXjEQSg.exe

C:\Windows\System\PwJoWUb.exe

C:\Windows\System\PwJoWUb.exe

C:\Windows\System\AFXHDri.exe

C:\Windows\System\AFXHDri.exe

C:\Windows\System\OMzUWVL.exe

C:\Windows\System\OMzUWVL.exe

C:\Windows\System\nlfwhPp.exe

C:\Windows\System\nlfwhPp.exe

C:\Windows\System\ATOfUNd.exe

C:\Windows\System\ATOfUNd.exe

C:\Windows\System\aHMGWui.exe

C:\Windows\System\aHMGWui.exe

C:\Windows\System\ZNfdcBY.exe

C:\Windows\System\ZNfdcBY.exe

C:\Windows\System\IaGfpcx.exe

C:\Windows\System\IaGfpcx.exe

C:\Windows\System\YZMwIov.exe

C:\Windows\System\YZMwIov.exe

C:\Windows\System\EmweiXD.exe

C:\Windows\System\EmweiXD.exe

C:\Windows\System\bCBFsAx.exe

C:\Windows\System\bCBFsAx.exe

C:\Windows\System\rjxckOB.exe

C:\Windows\System\rjxckOB.exe

C:\Windows\System\NVpgLqV.exe

C:\Windows\System\NVpgLqV.exe

C:\Windows\System\jhlLBcw.exe

C:\Windows\System\jhlLBcw.exe

C:\Windows\System\sDeUVqv.exe

C:\Windows\System\sDeUVqv.exe

C:\Windows\System\imkJdfX.exe

C:\Windows\System\imkJdfX.exe

C:\Windows\System\vxvTMki.exe

C:\Windows\System\vxvTMki.exe

C:\Windows\System\jbcZfww.exe

C:\Windows\System\jbcZfww.exe

C:\Windows\System\LjSuGPM.exe

C:\Windows\System\LjSuGPM.exe

C:\Windows\System\ABwTEUU.exe

C:\Windows\System\ABwTEUU.exe

C:\Windows\System\OdZstqk.exe

C:\Windows\System\OdZstqk.exe

C:\Windows\System\mHzGoeu.exe

C:\Windows\System\mHzGoeu.exe

C:\Windows\System\Ksjpmit.exe

C:\Windows\System\Ksjpmit.exe

C:\Windows\System\BhxroJt.exe

C:\Windows\System\BhxroJt.exe

C:\Windows\System\meURUYM.exe

C:\Windows\System\meURUYM.exe

C:\Windows\System\LsWbCRO.exe

C:\Windows\System\LsWbCRO.exe

C:\Windows\System\LhFqPiC.exe

C:\Windows\System\LhFqPiC.exe

C:\Windows\System\GuKvKJx.exe

C:\Windows\System\GuKvKJx.exe

C:\Windows\System\CtvnqxW.exe

C:\Windows\System\CtvnqxW.exe

C:\Windows\System\JAXDdcv.exe

C:\Windows\System\JAXDdcv.exe

C:\Windows\System\UIALxVC.exe

C:\Windows\System\UIALxVC.exe

C:\Windows\System\sqvnRER.exe

C:\Windows\System\sqvnRER.exe

C:\Windows\System\KGvovFa.exe

C:\Windows\System\KGvovFa.exe

C:\Windows\System\gmwfyXe.exe

C:\Windows\System\gmwfyXe.exe

C:\Windows\System\YzjBzME.exe

C:\Windows\System\YzjBzME.exe

C:\Windows\System\eRiexqF.exe

C:\Windows\System\eRiexqF.exe

C:\Windows\System\swtvfdr.exe

C:\Windows\System\swtvfdr.exe

C:\Windows\System\EAfctlW.exe

C:\Windows\System\EAfctlW.exe

C:\Windows\System\bTNRyAu.exe

C:\Windows\System\bTNRyAu.exe

C:\Windows\System\wVNXvmS.exe

C:\Windows\System\wVNXvmS.exe

C:\Windows\System\CrirbuV.exe

C:\Windows\System\CrirbuV.exe

C:\Windows\System\zqYTDMy.exe

C:\Windows\System\zqYTDMy.exe

C:\Windows\System\olfEJny.exe

C:\Windows\System\olfEJny.exe

C:\Windows\System\ohsqMiR.exe

C:\Windows\System\ohsqMiR.exe

C:\Windows\System\SyRnQXW.exe

C:\Windows\System\SyRnQXW.exe

C:\Windows\System\xUhDpID.exe

C:\Windows\System\xUhDpID.exe

C:\Windows\System\fchFqGW.exe

C:\Windows\System\fchFqGW.exe

C:\Windows\System\bZBStzB.exe

C:\Windows\System\bZBStzB.exe

C:\Windows\System\mKzKDZN.exe

C:\Windows\System\mKzKDZN.exe

C:\Windows\System\lCZLWIs.exe

C:\Windows\System\lCZLWIs.exe

C:\Windows\System\HCUNbWA.exe

C:\Windows\System\HCUNbWA.exe

C:\Windows\System\jIpdFwx.exe

C:\Windows\System\jIpdFwx.exe

C:\Windows\System\iGSHfDc.exe

C:\Windows\System\iGSHfDc.exe

C:\Windows\System\NwjaZeD.exe

C:\Windows\System\NwjaZeD.exe

C:\Windows\System\ydSThNY.exe

C:\Windows\System\ydSThNY.exe

C:\Windows\System\EjCaGpd.exe

C:\Windows\System\EjCaGpd.exe

C:\Windows\System\nqWoRHs.exe

C:\Windows\System\nqWoRHs.exe

C:\Windows\System\eNNjEWb.exe

C:\Windows\System\eNNjEWb.exe

C:\Windows\System\nrmxxhY.exe

C:\Windows\System\nrmxxhY.exe

C:\Windows\System\vWTsIZE.exe

C:\Windows\System\vWTsIZE.exe

C:\Windows\System\oShkfHF.exe

C:\Windows\System\oShkfHF.exe

C:\Windows\System\nQvyXTy.exe

C:\Windows\System\nQvyXTy.exe

C:\Windows\System\ExoImPB.exe

C:\Windows\System\ExoImPB.exe

C:\Windows\System\DlOwMKk.exe

C:\Windows\System\DlOwMKk.exe

C:\Windows\System\LEQYuHh.exe

C:\Windows\System\LEQYuHh.exe

C:\Windows\System\KeVunlO.exe

C:\Windows\System\KeVunlO.exe

C:\Windows\System\RRWYqrA.exe

C:\Windows\System\RRWYqrA.exe

C:\Windows\System\NwRNQri.exe

C:\Windows\System\NwRNQri.exe

C:\Windows\System\LTAuNJi.exe

C:\Windows\System\LTAuNJi.exe

C:\Windows\System\REeREEO.exe

C:\Windows\System\REeREEO.exe

C:\Windows\System\ciMtvGo.exe

C:\Windows\System\ciMtvGo.exe

C:\Windows\System\uYWOalz.exe

C:\Windows\System\uYWOalz.exe

C:\Windows\System\HkfelSQ.exe

C:\Windows\System\HkfelSQ.exe

C:\Windows\System\bALoSnA.exe

C:\Windows\System\bALoSnA.exe

C:\Windows\System\WJLTjme.exe

C:\Windows\System\WJLTjme.exe

C:\Windows\System\tIVpNCr.exe

C:\Windows\System\tIVpNCr.exe

C:\Windows\System\PAheqnk.exe

C:\Windows\System\PAheqnk.exe

C:\Windows\System\ZUoTgwi.exe

C:\Windows\System\ZUoTgwi.exe

C:\Windows\System\QUQBrnw.exe

C:\Windows\System\QUQBrnw.exe

C:\Windows\System\LWymwgj.exe

C:\Windows\System\LWymwgj.exe

C:\Windows\System\axRbfFw.exe

C:\Windows\System\axRbfFw.exe

C:\Windows\System\TgZvuQH.exe

C:\Windows\System\TgZvuQH.exe

C:\Windows\System\aZHvEUZ.exe

C:\Windows\System\aZHvEUZ.exe

C:\Windows\System\WxjOfci.exe

C:\Windows\System\WxjOfci.exe

C:\Windows\System\UsGzjIb.exe

C:\Windows\System\UsGzjIb.exe

C:\Windows\System\QaFrkEW.exe

C:\Windows\System\QaFrkEW.exe

C:\Windows\System\LhEEEtc.exe

C:\Windows\System\LhEEEtc.exe

C:\Windows\System\SJxxNEk.exe

C:\Windows\System\SJxxNEk.exe

C:\Windows\System\NNzIGWu.exe

C:\Windows\System\NNzIGWu.exe

C:\Windows\System\PEAUXWK.exe

C:\Windows\System\PEAUXWK.exe

C:\Windows\System\GUYrreC.exe

C:\Windows\System\GUYrreC.exe

C:\Windows\System\hlfTtSu.exe

C:\Windows\System\hlfTtSu.exe

C:\Windows\System\oIeKytL.exe

C:\Windows\System\oIeKytL.exe

C:\Windows\System\WMEcNgH.exe

C:\Windows\System\WMEcNgH.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\nWcWYQu.exe

C:\Windows\System\nWcWYQu.exe

C:\Windows\System\rbzkpEM.exe

C:\Windows\System\rbzkpEM.exe

C:\Windows\System\kxjaQut.exe

C:\Windows\System\kxjaQut.exe

C:\Windows\System\ReqaiuB.exe

C:\Windows\System\ReqaiuB.exe

C:\Windows\System\BlVgeEi.exe

C:\Windows\System\BlVgeEi.exe

C:\Windows\System\LjrBGLM.exe

C:\Windows\System\LjrBGLM.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\ruVVZcW.exe

C:\Windows\System\ruVVZcW.exe

C:\Windows\System\VgQpFVr.exe

C:\Windows\System\VgQpFVr.exe

C:\Windows\System\IDPIOzi.exe

C:\Windows\System\IDPIOzi.exe

C:\Windows\System\GUozKco.exe

C:\Windows\System\GUozKco.exe

C:\Windows\System\sHSfbes.exe

C:\Windows\System\sHSfbes.exe

C:\Windows\System\ENdUemZ.exe

C:\Windows\System\ENdUemZ.exe

C:\Windows\System\COtgFdh.exe

C:\Windows\System\COtgFdh.exe

C:\Windows\System\MnVHiKj.exe

C:\Windows\System\MnVHiKj.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/4216-0-0x00007FF74C920000-0x00007FF74CD16000-memory.dmp

memory/4216-1-0x0000024776BE0000-0x0000024776BF0000-memory.dmp

C:\Windows\System\aTnmzTD.exe

MD5 ea6ba98539f9e97129c0e1e46baab25f
SHA1 cf679135003c2ab3cf8b0ab346b1e5a81f96c0cc
SHA256 51965e8aa9c444af84f53451c2037e0caabc08fa4175b6913af2d0bd8afd3afd
SHA512 835955c90cfee92793614bfd24836e58b72a14879019688945c87de6a1947b5dcfacbb35d2bf354a772f2b3c671aeeced2d64b3d7ec5a0bd78697da98e082479

C:\Windows\System\YKTBaqt.exe

MD5 53ca6e4a339381e77e223ae95d5d3214
SHA1 3739522e7b535fec82fd1b45998416299896251e
SHA256 b4487e4d9fb21d9ebb88b947b727ae8115c0c284d04448ccee2433144c6c2c56
SHA512 5f460ae263c101cf202b3384fda86b4b7a9f709fb1be90468988d612f7fd809478e058b0e0118d02e1cfd19c9af3aa8e8caf00a395d7c0189a902065d7d2c74c

C:\Windows\System\BxUsNqP.exe

MD5 d8b9a08955bb7326158c6b8e15f1d9d3
SHA1 a8d0b449f0531f8d5e48f934ab776b945479a10b
SHA256 3ad47523c22ca18c6d1f3dfbc6d1cb2d90746a80d1395191ed5689a693c827e1
SHA512 dff9236234ed9c57c77acb386ab4f471ce2d44a3bcada73a7562c813c4fb331973568dd6ace4f2f25718a9e721eba2ab4a986bfbdc97265c95758c6be47be8bc

C:\Windows\System\expwpFz.exe

MD5 74aa660002c4f854e62ab5ec949d67a2
SHA1 679661996ed6e8629079f4e3917ec026520c071c
SHA256 1b0589ea4778b327b70bf680d0d5a87e006be6421a7f59beffb816fa38e7393a
SHA512 1d63d6f1ea8f1fdc44cb0e52c2f664ea9f0def05a5e0d721e4278789a961c55053fd0d52d9a5d28fd94c2f2739de71fe8103a3528407c39fc3deb0332cb15757

memory/3380-17-0x00007FF64BDD0000-0x00007FF64C1C6000-memory.dmp

C:\Windows\System\aocvEoX.exe

MD5 4671e75ceb84db652330c21e63535bf4
SHA1 e42e9ba8c2ad738fc6a22b2a7c5f17039f4eab53
SHA256 72b418de00d1597bbff460ef9582ed972c3c0115142af12884e28d2eaace1eb3
SHA512 54f3d155a2e521a517c87c72fbbc5f34beaf12b2606d97d7f6d94f24d0e22b81c19e1361d000e28305f68ca5408f511385e1b919644f3b6d8fe366b515eb0d89

C:\Windows\System\AWHlFzk.exe

MD5 8d568f16fdb5ea164db4de4d282300fa
SHA1 1b9b52d58c1141b43c372040a2c7f433fdc178b1
SHA256 f3c64b5f966248294d9bb49da225df39f876276bfdbc7b33baeaed6f3bb98c41
SHA512 3b31f4415ca0d65a83d0839b64a6ff999144ea906a87ef16a76c76bd817ff8caa92b846333e505ef55dc26c94d5af3d94ca8f8d0a5651edb01696c99ceee917d

memory/3604-41-0x00007FF6E6EA0000-0x00007FF6E7296000-memory.dmp

memory/4156-50-0x00007FF6CB660000-0x00007FF6CBA56000-memory.dmp

C:\Windows\System\TOoUnhx.exe

MD5 ea8941a3d8d1e991f995320fdd6d54a4
SHA1 2bb0a7473b71d81b85eeca16642b69061aa94480
SHA256 c485b44933a5a05771d106781cad1dd76d2f64ca9f2115a835f30ff206ee1428
SHA512 f9a9b6b1b92f6da79066ee6f22fff9ec57f0cf6f19da0ad41aba80805bbe4b15c092d3f656aacd7d200ce5523a8db57ed51c13748d2117fb2629b73f40f399f4

C:\Windows\System\zQLqUjC.exe

MD5 6f0537a767c1683d775531cb372e3564
SHA1 781210ef09380af9cff60a3b219b142b17bef632
SHA256 66e0343a0d53775675142acb20032bd7ae67f5b527d6bfe22e5e785a26c310fe
SHA512 954d4beee388bf72acb5a50de68100b98bc40bd56e0b34c1f1bccf6497bfa6edf5a3057b5f6c47ebca39c5ac4a8f1ffeb5965c13b23b5374f73a87c4d56471d0

memory/3272-68-0x00007FFF8D2A0000-0x00007FFF8DD61000-memory.dmp

C:\Windows\System\tnWoKlT.exe

MD5 12aa587ea87811982b97f4b6190c0d79
SHA1 4aa3ff7a61696ba7f3e6111d03821afe23703c09
SHA256 e793e57fc9836f1e8a664a836137870f0f31d8f5925c20e57861a1fc966dfb84
SHA512 8e63aad3ec8d7937d29384cb00bdace4bb4f9cc7b9b3c9f0ceb8b1735fb6d169d8785521642013d6af01d1af7aa906811c5f8a5d371ad9404b1c9c4a7431c0b1

memory/3272-79-0x000001F3787F0000-0x000001F378812000-memory.dmp

memory/1732-82-0x00007FF6C1140000-0x00007FF6C1536000-memory.dmp

memory/912-84-0x00007FF6201F0000-0x00007FF6205E6000-memory.dmp

memory/5104-86-0x00007FF600510000-0x00007FF600906000-memory.dmp

C:\Windows\System\DFwNhrb.exe

MD5 bb716d4fe9c76627e5137d4d697853b2
SHA1 476f2f513720c8e7b07c81f3e3dca1d9c6cd3433
SHA256 34819fcc32cb5d17e6ee39fee3419b4f21f7760737bcbe639fb59e0e24509251
SHA512 89a245efcb16d892853d060ab44aa6511e7ca13c436cd35074065829714c5087dac18cc553cad48667cd8f42dd56d0c7cc519bdbe0ac574c88cd8a45091b9367

C:\Windows\System\rzPgPqW.exe

MD5 de6676b06dd54dcf997e3939f182e0b9
SHA1 7ea1e82f2017a163ee4a473191858d92282a34ef
SHA256 6f8d54e841957b08c35b672b48a4466a68a59d4657786bdc06eee0ac4554db4c
SHA512 31fa30daa43451c71fb955b5d1cd9241dc8361840254043032f3d6d2a4462b212bb171c675670386c5429fe64fd4f63c3325aab3c6f23ee8041c842ab0072979

C:\Windows\System\jHwCoTm.exe

MD5 027af1280624f00f882bf20033724c27
SHA1 5533d142b51260f54b00e331a7e2ff7f26659a33
SHA256 b8b98af9e956c540bc50598ca611aa9e2c82996685a76bcfb4e2a5fbf2d0bf15
SHA512 2c36e8d6936fb082ca0e41fe3debc51a18f2eda310af6f06a9fc3c49d6c8bfefc8a47b1f3a25d06a1a4b163e7ddd5d2339709266bde5ccd7660fcd246a23a22d

memory/1388-140-0x00007FF7F8800000-0x00007FF7F8BF6000-memory.dmp

C:\Windows\System\ghckcuG.exe

MD5 b09014649606630bec18524da97eb263
SHA1 31a7b907a51ee80a713e8493d2e18fd33baf680f
SHA256 2ce456ff680989afcd22529195a7d1d8a79b0aefedabde124ddee6ab904f19da
SHA512 b8c2e82e10fc7e92b4d3ef619b579f93ce60e78f46f0bdf8d64489044da2a6b884ff190208e32337f31307593e9e25874cd352c050919ea1b1a348cf4d7fca92

memory/2068-158-0x00007FF6D4340000-0x00007FF6D4736000-memory.dmp

memory/2336-162-0x00007FF6C3580000-0x00007FF6C3976000-memory.dmp

memory/2776-164-0x00007FF6B23E0000-0x00007FF6B27D6000-memory.dmp

memory/1692-163-0x00007FF7EDB20000-0x00007FF7EDF16000-memory.dmp

memory/4432-161-0x00007FF60D060000-0x00007FF60D456000-memory.dmp

memory/2484-160-0x00007FF645120000-0x00007FF645516000-memory.dmp

memory/1940-159-0x00007FF682DA0000-0x00007FF683196000-memory.dmp

memory/800-157-0x00007FF616B10000-0x00007FF616F06000-memory.dmp

memory/2828-156-0x00007FF7446A0000-0x00007FF744A96000-memory.dmp

memory/5092-146-0x00007FF7D9530000-0x00007FF7D9926000-memory.dmp

C:\Windows\System\slcjqcP.exe

MD5 5053c66535805dda28a1e29b61b9b4aa
SHA1 634f0c2bc7020382e9655d2ab719cda7af0cd2e3
SHA256 70c097163b3f4137fcf8fd4c1ae7c8e42ef7b7c7c4326ee8672ed4e764e78885
SHA512 3a2b77f7389f8077583d22ca9b9476741c3f0e6bbc53d8dbc8df55eeb61de2867e0cfc57abdd0d6019e53e65105ac5511f3d3b0ca63cc1010449be0d7f412f3b

C:\Windows\System\AbZGzCf.exe

MD5 4db117f809d40a2135466610f92b6ba6
SHA1 f420ec5340cc5dcec4cab2b9a1a2908133454d3d
SHA256 20c1a5c634f3b29610c482a8b2dd5e8a48e3bace5202cf5346d564a659b50453
SHA512 84b78ca7e9efcb5f34735501568587bf84849f710515e30b9778dbaad8224d2b900b7c1436d0d6165561f268bd237f88bf4b32a4ce82bb6075b7bca399624907

C:\Windows\System\yHVVWYe.exe

MD5 a88b7786e74d6ec2945dfc6bba9f645c
SHA1 ab055b01d8346a941cb20fcc30b3c7a3a698c03c
SHA256 4d17289e7935813d64a1bb2ef0de727e3d141d3dedaf347c055200202f1ffb1c
SHA512 6d5a29c8164ef4bc2992db3f8fe287ab55c9c3786c20da6de589b95290413e49e58918ca1fb6ded2454830338d664f8992cac056782af78505562b3e2fa00cb3

C:\Windows\System\KcFePzN.exe

MD5 5aae67a201219bdc6c2163d25146a033
SHA1 709d0f189450c042db24315062eae1325b9b54c2
SHA256 ed0ceb0aebd775f1269c38e46174230f2179a5f48c2e041db154001ba20b7225
SHA512 d3e8db943b2df22461cda77d36c256f77870f468b120ac920828157a11521f98bec52fba30ea13f96b07c0220f5ae109021ce3efb58410094660cc299badede7

C:\Windows\System\YMCfpIn.exe

MD5 b2b66a50a871e989aaa7d8f869c94345
SHA1 a76b85dccf251589ff2fe614bb4c88d223960b0a
SHA256 e63f03850dab3498eed6d4c8f2525b6c8fdcb52eccd8d2b08e8a9c92804c79ca
SHA512 64ed743e258f88f00d2cb975847080e37fe3108bd5338d697b7c750e511ac52380cc86b5b15486881f3d5d34cf5aef229cc5202477f8a4364eccd413cc033d72

C:\Windows\System\HsPaISv.exe

MD5 7725bed5b6e14d01bc8cdb04d0e5b122
SHA1 56f958d92e647f6df5a48f0a7bb699635547d1a3
SHA256 18966a2ee3393d061b9f8f671590efbcbb3e7bb624d9f35600b322325db5fada
SHA512 66fa9e5d26f9d00ed826c783fa7a3d9f9739d2933a905b749c88d4f0b8a1c7e75c4cdeddacdaba075abf19bc6317174f5ef05f38667fe07fea90869d1a928fc7

C:\Windows\System\XripGja.exe

MD5 50c115966a9e097945d1f7281b7de963
SHA1 80e5ddeb02fb3121711843caaa8ee007b6f18241
SHA256 f114851ebe00ac034b5f9f9fecd000d893b03bb3893e52903b1a68e2dd9206f6
SHA512 af7c59c18e6b002a78d9a312286a1ed6a09efa9d39194119ee6e6ad0dd4be8f46fd851ea0d7caa6a93a72489b096b3d1fb175fe911040f94622f4cbb33154700

memory/3184-134-0x00007FF65B060000-0x00007FF65B456000-memory.dmp

C:\Windows\System\FVqxUEK.exe

MD5 5210af9d44eafe364a086a6275ca86d7
SHA1 a461ccdad3890a4870f9a995d9a7af0f9b251378
SHA256 4ebf8774d17bd395848eeefce7c5209f064e324efb94b7f4cb7a2ee01b21de57
SHA512 773f3e5cd753e6d4bbfe4097f69bf0a3a7876a1317dcbd7b2b3a1bc751aad82a7929e770cf27494a05ecab29dc48ed6dd865cf8936e2bd007ae185de48d45562

C:\Windows\System\OKPjyzR.exe

MD5 4a2088dfe2882372d99514b36f915808
SHA1 6a1397872875478c727cba45653fa57082afcbd4
SHA256 3c0f571487e9c98aabf7e590c6308e36d130f94c46df4ba2c946f3d1ea3129f2
SHA512 faaa6411ebd1f7dcdc6a42499caf477ce850c145bc5fdd11b11bed3ab8ed7e584ac09cce8b36161a721ec550364263bd11ec97ad50b262ff901be8baa151a6b0

memory/1932-87-0x00007FF7845F0000-0x00007FF7849E6000-memory.dmp

memory/184-85-0x00007FF61E0D0000-0x00007FF61E4C6000-memory.dmp

memory/3692-83-0x00007FF78F830000-0x00007FF78FC26000-memory.dmp

memory/3720-81-0x00007FF77A2F0000-0x00007FF77A6E6000-memory.dmp

memory/4940-80-0x00007FF75CFA0000-0x00007FF75D396000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_weembv4r.xxd.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3272-69-0x00007FFF8D2A0000-0x00007FFF8DD61000-memory.dmp

C:\Windows\System\zxPmOqn.exe

MD5 7b1f7a4d3eed45305d1a0e12f94f942b
SHA1 2d55051536f683acbbc9a36b298a4920bef25675
SHA256 ac0707412507c7a8f4289f14d090c1ef689b86ca7523a3b9509512f402aef8de
SHA512 c3dac68d120a0364b6c6fe32ba9abd54f5a983af76e6f8df18936e51737b9760981bffd3e25a6289a82de873eb7f7b43ff6dd5214f67ef0d0175dd480965a33d

C:\Windows\System\pZVIZAi.exe

MD5 9fa7f301b2ea2e37f33756232382a28b
SHA1 3b5ad07636d859c84d094c0bce3293fea3122e0b
SHA256 a5e04f675f29bc3439e87e7ccfbe4b6f198455106760288e3f51437c6b5bd355
SHA512 025fdc027f97cd7cf6f23df50e705f19396b7fcf2504b1780253a8b8098047ebcde41faac76b2db18871ea630cfa49c24eab74e09427e914c70085746b54f4d9

C:\Windows\System\CFmczna.exe

MD5 d3f229b02fafef93bddb2718c110c277
SHA1 87445729c3ed15e39340c11eb657be82e2f9d605
SHA256 6d15248b8a86307ce0b056a2bf6d696e7f7127624d8a5d64bb7c9adcbf6198e2
SHA512 cabed2bc0760570d37fde05e9580c6e8db1f809b58e27d15231de5c8bfc82829cc39a1c7514cef79d5e286040a859b8b2e5669ca64465247858ccef904231839

memory/3272-51-0x00007FFF8D2A3000-0x00007FFF8D2A5000-memory.dmp

memory/3976-24-0x00007FF6EF080000-0x00007FF6EF476000-memory.dmp

C:\Windows\System\ueqIHgs.exe

MD5 a5be0cc445d097632aba2cb489c2299e
SHA1 693b885967792153a48bbeea65eaf8c0a863c5c1
SHA256 3097fb2440b71d9b268405a380c55ff398283d0554cdc76d7a899cc82af4e408
SHA512 d049be2eae8d49f3746b2337eeeb0b3d4ccf51620689dda3016e7a466aa7cc8cc7d625fb97ce9912f525ff411cc89e62834e2638e90739780b778ffe019e6e33

C:\Windows\System\dLaTTHD.exe

MD5 186a06fcae2bcfcf3824f5a83e23b051
SHA1 b541248564f2d9790dc578edb73c34f42d4bb9cf
SHA256 c508e9c889b2caf4fb4c5fdd3a9e15aabd4a44f43f3f9b15974fe76bdcd0d5b6
SHA512 079fd6e3a8d7801be44d774ef9d1329693b520bcb1ca7230c2809539a06071d54143962a79b0abf4da5745095f60c219a5772018f5637514b2c58ed88d6f508a

C:\Windows\System\YjdfPRT.exe

MD5 688a8308f45e71a6169a6b3c9d3382bb
SHA1 6b6a1c37757a0063d95dd4eb1a71f8fecc432541
SHA256 4caf61edb9e2218211d60f58364274213134f373ad926f1edd34f062556d66ae
SHA512 3b38ce16f7dfc69922e8a8884049bdb6db024d1794db50c367f25b7f48c7579e4b6ce0cb89e5d0adb2f3e909cc9c9f4fe2095a0d90f542c232f59baf369bd55d

C:\Windows\System\fMJsIhq.exe

MD5 cd34b6f6215570ba021414e6574d78bb
SHA1 61c294060ddd47154d0548b4d9cc9d5e9d74179b
SHA256 ce2b7c1bc8d80f7e667b90744fcc614bc169e15d3547508ac804e6f5fe3a457f
SHA512 5f55a83d3601e06f806eb18efba655432aba973720b1332b68bb7ec6fb03c74c648884d8d083506ec796c00c517c4d87e4add7b6b7ae9e4edd2c9e2378fc65f4

C:\Windows\System\ysJBEjO.exe

MD5 8f68346868d672171f5d0d177e7e550c
SHA1 5cb746e5004b32f4a1887d41b0afbe211285193f
SHA256 18109267d7ed54ff2c8118f75801a03e518da99eda156a1044b3571e49bf1250
SHA512 a376a5f2b5577b5abe380ddcdcaab89bf38ab1c8d6a661e7987042aeaa99bf63e2285cfe72c2169aa431822a3e926592a04141186548c01a5273aa5e210de7de

C:\Windows\System\tBMKPRx.exe

MD5 f27d9fdb5bd0bf2ff5845df167da8c29
SHA1 c583b980c313280e7b18d946ce0656902b85e438
SHA256 f4c5a42250c9756d41c883a53d266871d15ea39f075d4267821cbcbaed8dd331
SHA512 a230f18b56d4091ef356fa008d7963bbdfaa8ea4e77752c352b63fb2a4d6970a2c7252f9672de8a549bfa05ed512d9568b7bd6bd580520b343784211a46b3fdb

C:\Windows\System\mKqlPwP.exe

MD5 a5a088c47c3c73ebd821907af0b483e6
SHA1 60f7d20d47f29eaa4f799f56843d21005ed2a07c
SHA256 db3a54a6aa538da8e98a6f0083c079ec0679da39794f3ddbb666cbf4c5607c16
SHA512 c67e146b171213062fd892ec110d608170c4e6d379a563eb262214336a436f0915e013324fb39334634d2c2e1f2234abd720e9629f26408b1da33066483eebec

C:\Windows\System\UeqTTZz.exe

MD5 33723d93c59395863429e40a767b1ee5
SHA1 47641f0ade6425324075184ed06099c0a2583343
SHA256 9de052f947c254cf77ae8fd9f43cbed5b89324b49bc66c931851379cb94284b8
SHA512 576aca02ac0ca757383550d38dd3eb35c39039f14bd99fa67e7eabe28a75d0d3b95ccf289e0165dc0c3a4b60233c72fdec444614fb3b2bed8fe96f661f4fa41e

memory/3272-1799-0x00007FFF8D2A0000-0x00007FFF8DD61000-memory.dmp

C:\Windows\System\ZLTCwcz.exe

MD5 8e1226661f8ca09fc62a1fef1fd7fcb8
SHA1 5b44def3d0e8d434236fee53ad977e411181a3d8
SHA256 7c2ccee11204a3d84ff9c71237bbe484161717fa152009f68b3a2efb0ad9c1c9
SHA512 45cc72f2ca6df3fbb9deac023207f7093a2e236cf6702146e776d1f3b55a9e5f29fbb748ba3deb570ab4a7bdfa68cee4df84414f0ac4a063de36a2a303bd6323

memory/3380-2341-0x00007FF64BDD0000-0x00007FF64C1C6000-memory.dmp

memory/3976-2342-0x00007FF6EF080000-0x00007FF6EF476000-memory.dmp

memory/3604-2343-0x00007FF6E6EA0000-0x00007FF6E7296000-memory.dmp

memory/3380-2344-0x00007FF64BDD0000-0x00007FF64C1C6000-memory.dmp

memory/3692-2346-0x00007FF78F830000-0x00007FF78FC26000-memory.dmp

memory/4156-2345-0x00007FF6CB660000-0x00007FF6CBA56000-memory.dmp

memory/3604-2349-0x00007FF6E6EA0000-0x00007FF6E7296000-memory.dmp

memory/3976-2348-0x00007FF6EF080000-0x00007FF6EF476000-memory.dmp

memory/912-2347-0x00007FF6201F0000-0x00007FF6205E6000-memory.dmp

memory/5104-2350-0x00007FF600510000-0x00007FF600906000-memory.dmp

memory/184-2351-0x00007FF61E0D0000-0x00007FF61E4C6000-memory.dmp

memory/3720-2353-0x00007FF77A2F0000-0x00007FF77A6E6000-memory.dmp

memory/4940-2352-0x00007FF75CFA0000-0x00007FF75D396000-memory.dmp

memory/1932-2354-0x00007FF7845F0000-0x00007FF7849E6000-memory.dmp

memory/1732-2355-0x00007FF6C1140000-0x00007FF6C1536000-memory.dmp

memory/3184-2356-0x00007FF65B060000-0x00007FF65B456000-memory.dmp

memory/1388-2357-0x00007FF7F8800000-0x00007FF7F8BF6000-memory.dmp

memory/5092-2358-0x00007FF7D9530000-0x00007FF7D9926000-memory.dmp

memory/800-2360-0x00007FF616B10000-0x00007FF616F06000-memory.dmp

memory/2828-2359-0x00007FF7446A0000-0x00007FF744A96000-memory.dmp

memory/2484-2365-0x00007FF645120000-0x00007FF645516000-memory.dmp

memory/1940-2366-0x00007FF682DA0000-0x00007FF683196000-memory.dmp

memory/2068-2364-0x00007FF6D4340000-0x00007FF6D4736000-memory.dmp

memory/2336-2363-0x00007FF6C3580000-0x00007FF6C3976000-memory.dmp

memory/2776-2362-0x00007FF6B23E0000-0x00007FF6B27D6000-memory.dmp

memory/1692-2361-0x00007FF7EDB20000-0x00007FF7EDF16000-memory.dmp

memory/4432-2367-0x00007FF60D060000-0x00007FF60D456000-memory.dmp