Malware Analysis Report

2024-09-09 21:31

Sample ID 240613-lryvraxdpq
Target 71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe
SHA256 9ef3fc20c1f6299304a1812c6918808a461a90ee60e503b5d398c708516596ac
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9ef3fc20c1f6299304a1812c6918808a461a90ee60e503b5d398c708516596ac

Threat Level: Known bad

The file 71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:46

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:46

Reported

2024-06-13 09:49

Platform

win7-20240611-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\FJbhckL.exe N/A
N/A N/A C:\Windows\System\xUaRDHE.exe N/A
N/A N/A C:\Windows\System\JurZwTS.exe N/A
N/A N/A C:\Windows\System\UCZjNpW.exe N/A
N/A N/A C:\Windows\System\ybLMQZy.exe N/A
N/A N/A C:\Windows\System\RJQGwQq.exe N/A
N/A N/A C:\Windows\System\BwHcyBC.exe N/A
N/A N/A C:\Windows\System\iTFZmPD.exe N/A
N/A N/A C:\Windows\System\gFJvsGl.exe N/A
N/A N/A C:\Windows\System\jgNFqOQ.exe N/A
N/A N/A C:\Windows\System\KbxMiif.exe N/A
N/A N/A C:\Windows\System\ygdTwxT.exe N/A
N/A N/A C:\Windows\System\zhjfIwP.exe N/A
N/A N/A C:\Windows\System\SwcGZzt.exe N/A
N/A N/A C:\Windows\System\nmHIWHo.exe N/A
N/A N/A C:\Windows\System\rPXFeCm.exe N/A
N/A N/A C:\Windows\System\IjkTylW.exe N/A
N/A N/A C:\Windows\System\JjzpjHq.exe N/A
N/A N/A C:\Windows\System\qgRdJJk.exe N/A
N/A N/A C:\Windows\System\zHiuLQa.exe N/A
N/A N/A C:\Windows\System\sZWeWFy.exe N/A
N/A N/A C:\Windows\System\mZAEOPH.exe N/A
N/A N/A C:\Windows\System\FQRerjR.exe N/A
N/A N/A C:\Windows\System\MdFgyIm.exe N/A
N/A N/A C:\Windows\System\TjfDFgZ.exe N/A
N/A N/A C:\Windows\System\GAmqyLc.exe N/A
N/A N/A C:\Windows\System\wUotRgx.exe N/A
N/A N/A C:\Windows\System\VzLtyxZ.exe N/A
N/A N/A C:\Windows\System\QYkjzEJ.exe N/A
N/A N/A C:\Windows\System\KDnmkxh.exe N/A
N/A N/A C:\Windows\System\wgOvKml.exe N/A
N/A N/A C:\Windows\System\voLcOYX.exe N/A
N/A N/A C:\Windows\System\VXkLVJu.exe N/A
N/A N/A C:\Windows\System\pVTmNfE.exe N/A
N/A N/A C:\Windows\System\aDBMnqI.exe N/A
N/A N/A C:\Windows\System\BSFiZUc.exe N/A
N/A N/A C:\Windows\System\abGrBFu.exe N/A
N/A N/A C:\Windows\System\khdJwVD.exe N/A
N/A N/A C:\Windows\System\rzMpwtH.exe N/A
N/A N/A C:\Windows\System\LgHvSnV.exe N/A
N/A N/A C:\Windows\System\ccVDxeO.exe N/A
N/A N/A C:\Windows\System\BFIrQuo.exe N/A
N/A N/A C:\Windows\System\aJuuYWt.exe N/A
N/A N/A C:\Windows\System\QOPKVHg.exe N/A
N/A N/A C:\Windows\System\zWAdWUI.exe N/A
N/A N/A C:\Windows\System\CkZjdXw.exe N/A
N/A N/A C:\Windows\System\TQiPnqS.exe N/A
N/A N/A C:\Windows\System\YGyJTdA.exe N/A
N/A N/A C:\Windows\System\lHqKoUQ.exe N/A
N/A N/A C:\Windows\System\xFwFnnE.exe N/A
N/A N/A C:\Windows\System\nVxzlfE.exe N/A
N/A N/A C:\Windows\System\zyWUHAj.exe N/A
N/A N/A C:\Windows\System\HIRoAec.exe N/A
N/A N/A C:\Windows\System\ikQznjA.exe N/A
N/A N/A C:\Windows\System\ifQTFmF.exe N/A
N/A N/A C:\Windows\System\TvVVcce.exe N/A
N/A N/A C:\Windows\System\QowjbrC.exe N/A
N/A N/A C:\Windows\System\kXMadax.exe N/A
N/A N/A C:\Windows\System\RhudyCC.exe N/A
N/A N/A C:\Windows\System\MhDzIEQ.exe N/A
N/A N/A C:\Windows\System\GPujHAY.exe N/A
N/A N/A C:\Windows\System\pEcSwNu.exe N/A
N/A N/A C:\Windows\System\DoviYOC.exe N/A
N/A N/A C:\Windows\System\siSACdB.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ifQTFmF.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EdEWjPB.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FWiyryb.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mzmemXA.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOuQiMB.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDwoxsQ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vqUPuUx.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRRPqNR.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhjawKq.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lknlbjf.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tAieaWR.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BraESEQ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xZKlKCo.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qKQBXGB.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SSHgijZ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XFyGRds.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nTPiOBy.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wymfeDJ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TiFsRDZ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tpwtLoC.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIfdREA.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtAjqgc.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lMhomLC.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ENvTbRi.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zyOmRjF.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktIdAIm.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hhBmvWv.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yblUSYB.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RyBvtBt.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VbwoKbe.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTINbhQ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BvBQqtq.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBeCKqG.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DZzKutu.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GIpUeLS.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpVHeRM.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\axkcSdA.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UcDzggd.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NwjSjJA.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJtnvrf.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hNfTglB.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FtaGjSX.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zNyikqE.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GwgDyjY.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANtaAqE.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pCgCvtN.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJbgJUT.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAwtRsK.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uDGPGRo.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucnPDbE.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DgTlXxI.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvOQGJe.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NImJEBe.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rblHUhg.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZiuDWef.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmxsePk.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BQbJTRS.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUEnzKi.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcELyMm.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\umMkybR.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eJQdaSP.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QiqAPhj.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hFhspWi.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DQlpjXf.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1180 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1180 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1180 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1180 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\FJbhckL.exe
PID 1180 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\FJbhckL.exe
PID 1180 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\FJbhckL.exe
PID 1180 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\xUaRDHE.exe
PID 1180 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\xUaRDHE.exe
PID 1180 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\xUaRDHE.exe
PID 1180 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\JurZwTS.exe
PID 1180 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\JurZwTS.exe
PID 1180 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\JurZwTS.exe
PID 1180 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ybLMQZy.exe
PID 1180 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ybLMQZy.exe
PID 1180 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ybLMQZy.exe
PID 1180 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UCZjNpW.exe
PID 1180 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UCZjNpW.exe
PID 1180 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UCZjNpW.exe
PID 1180 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\RJQGwQq.exe
PID 1180 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\RJQGwQq.exe
PID 1180 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\RJQGwQq.exe
PID 1180 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\BwHcyBC.exe
PID 1180 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\BwHcyBC.exe
PID 1180 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\BwHcyBC.exe
PID 1180 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\KbxMiif.exe
PID 1180 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\KbxMiif.exe
PID 1180 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\KbxMiif.exe
PID 1180 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\iTFZmPD.exe
PID 1180 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\iTFZmPD.exe
PID 1180 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\iTFZmPD.exe
PID 1180 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\zhjfIwP.exe
PID 1180 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\zhjfIwP.exe
PID 1180 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\zhjfIwP.exe
PID 1180 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\gFJvsGl.exe
PID 1180 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\gFJvsGl.exe
PID 1180 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\gFJvsGl.exe
PID 1180 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\SwcGZzt.exe
PID 1180 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\SwcGZzt.exe
PID 1180 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\SwcGZzt.exe
PID 1180 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\jgNFqOQ.exe
PID 1180 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\jgNFqOQ.exe
PID 1180 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\jgNFqOQ.exe
PID 1180 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\nmHIWHo.exe
PID 1180 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\nmHIWHo.exe
PID 1180 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\nmHIWHo.exe
PID 1180 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ygdTwxT.exe
PID 1180 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ygdTwxT.exe
PID 1180 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ygdTwxT.exe
PID 1180 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\rPXFeCm.exe
PID 1180 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\rPXFeCm.exe
PID 1180 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\rPXFeCm.exe
PID 1180 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\IjkTylW.exe
PID 1180 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\IjkTylW.exe
PID 1180 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\IjkTylW.exe
PID 1180 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\JjzpjHq.exe
PID 1180 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\JjzpjHq.exe
PID 1180 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\JjzpjHq.exe
PID 1180 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\qgRdJJk.exe
PID 1180 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\qgRdJJk.exe
PID 1180 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\qgRdJJk.exe
PID 1180 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\zHiuLQa.exe
PID 1180 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\zHiuLQa.exe
PID 1180 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\zHiuLQa.exe
PID 1180 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\sZWeWFy.exe

Processes

C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\FJbhckL.exe

C:\Windows\System\FJbhckL.exe

C:\Windows\System\xUaRDHE.exe

C:\Windows\System\xUaRDHE.exe

C:\Windows\System\JurZwTS.exe

C:\Windows\System\JurZwTS.exe

C:\Windows\System\ybLMQZy.exe

C:\Windows\System\ybLMQZy.exe

C:\Windows\System\UCZjNpW.exe

C:\Windows\System\UCZjNpW.exe

C:\Windows\System\RJQGwQq.exe

C:\Windows\System\RJQGwQq.exe

C:\Windows\System\BwHcyBC.exe

C:\Windows\System\BwHcyBC.exe

C:\Windows\System\KbxMiif.exe

C:\Windows\System\KbxMiif.exe

C:\Windows\System\iTFZmPD.exe

C:\Windows\System\iTFZmPD.exe

C:\Windows\System\zhjfIwP.exe

C:\Windows\System\zhjfIwP.exe

C:\Windows\System\gFJvsGl.exe

C:\Windows\System\gFJvsGl.exe

C:\Windows\System\SwcGZzt.exe

C:\Windows\System\SwcGZzt.exe

C:\Windows\System\jgNFqOQ.exe

C:\Windows\System\jgNFqOQ.exe

C:\Windows\System\nmHIWHo.exe

C:\Windows\System\nmHIWHo.exe

C:\Windows\System\ygdTwxT.exe

C:\Windows\System\ygdTwxT.exe

C:\Windows\System\rPXFeCm.exe

C:\Windows\System\rPXFeCm.exe

C:\Windows\System\IjkTylW.exe

C:\Windows\System\IjkTylW.exe

C:\Windows\System\JjzpjHq.exe

C:\Windows\System\JjzpjHq.exe

C:\Windows\System\qgRdJJk.exe

C:\Windows\System\qgRdJJk.exe

C:\Windows\System\zHiuLQa.exe

C:\Windows\System\zHiuLQa.exe

C:\Windows\System\sZWeWFy.exe

C:\Windows\System\sZWeWFy.exe

C:\Windows\System\mZAEOPH.exe

C:\Windows\System\mZAEOPH.exe

C:\Windows\System\FQRerjR.exe

C:\Windows\System\FQRerjR.exe

C:\Windows\System\MdFgyIm.exe

C:\Windows\System\MdFgyIm.exe

C:\Windows\System\TjfDFgZ.exe

C:\Windows\System\TjfDFgZ.exe

C:\Windows\System\GQDmrPa.exe

C:\Windows\System\GQDmrPa.exe

C:\Windows\System\GAmqyLc.exe

C:\Windows\System\GAmqyLc.exe

C:\Windows\System\sRPVVBY.exe

C:\Windows\System\sRPVVBY.exe

C:\Windows\System\wUotRgx.exe

C:\Windows\System\wUotRgx.exe

C:\Windows\System\jAPoKCY.exe

C:\Windows\System\jAPoKCY.exe

C:\Windows\System\VzLtyxZ.exe

C:\Windows\System\VzLtyxZ.exe

C:\Windows\System\WAlwDgm.exe

C:\Windows\System\WAlwDgm.exe

C:\Windows\System\QYkjzEJ.exe

C:\Windows\System\QYkjzEJ.exe

C:\Windows\System\gEMeuSd.exe

C:\Windows\System\gEMeuSd.exe

C:\Windows\System\KDnmkxh.exe

C:\Windows\System\KDnmkxh.exe

C:\Windows\System\kkxYUhi.exe

C:\Windows\System\kkxYUhi.exe

C:\Windows\System\wgOvKml.exe

C:\Windows\System\wgOvKml.exe

C:\Windows\System\QsFDDHj.exe

C:\Windows\System\QsFDDHj.exe

C:\Windows\System\voLcOYX.exe

C:\Windows\System\voLcOYX.exe

C:\Windows\System\fJPKumH.exe

C:\Windows\System\fJPKumH.exe

C:\Windows\System\VXkLVJu.exe

C:\Windows\System\VXkLVJu.exe

C:\Windows\System\tLOakMR.exe

C:\Windows\System\tLOakMR.exe

C:\Windows\System\pVTmNfE.exe

C:\Windows\System\pVTmNfE.exe

C:\Windows\System\lczOFDG.exe

C:\Windows\System\lczOFDG.exe

C:\Windows\System\aDBMnqI.exe

C:\Windows\System\aDBMnqI.exe

C:\Windows\System\dABbktG.exe

C:\Windows\System\dABbktG.exe

C:\Windows\System\BSFiZUc.exe

C:\Windows\System\BSFiZUc.exe

C:\Windows\System\hHWuNqf.exe

C:\Windows\System\hHWuNqf.exe

C:\Windows\System\abGrBFu.exe

C:\Windows\System\abGrBFu.exe

C:\Windows\System\uiqAvEq.exe

C:\Windows\System\uiqAvEq.exe

C:\Windows\System\khdJwVD.exe

C:\Windows\System\khdJwVD.exe

C:\Windows\System\SKWQPhm.exe

C:\Windows\System\SKWQPhm.exe

C:\Windows\System\rzMpwtH.exe

C:\Windows\System\rzMpwtH.exe

C:\Windows\System\UuabspV.exe

C:\Windows\System\UuabspV.exe

C:\Windows\System\LgHvSnV.exe

C:\Windows\System\LgHvSnV.exe

C:\Windows\System\QHEsoxJ.exe

C:\Windows\System\QHEsoxJ.exe

C:\Windows\System\ccVDxeO.exe

C:\Windows\System\ccVDxeO.exe

C:\Windows\System\KRDXPum.exe

C:\Windows\System\KRDXPum.exe

C:\Windows\System\BFIrQuo.exe

C:\Windows\System\BFIrQuo.exe

C:\Windows\System\tqkHSdJ.exe

C:\Windows\System\tqkHSdJ.exe

C:\Windows\System\aJuuYWt.exe

C:\Windows\System\aJuuYWt.exe

C:\Windows\System\BaafXqU.exe

C:\Windows\System\BaafXqU.exe

C:\Windows\System\QOPKVHg.exe

C:\Windows\System\QOPKVHg.exe

C:\Windows\System\qMNVwqp.exe

C:\Windows\System\qMNVwqp.exe

C:\Windows\System\zWAdWUI.exe

C:\Windows\System\zWAdWUI.exe

C:\Windows\System\ZLeEtOi.exe

C:\Windows\System\ZLeEtOi.exe

C:\Windows\System\CkZjdXw.exe

C:\Windows\System\CkZjdXw.exe

C:\Windows\System\jJCgXdQ.exe

C:\Windows\System\jJCgXdQ.exe

C:\Windows\System\TQiPnqS.exe

C:\Windows\System\TQiPnqS.exe

C:\Windows\System\CnFFYVE.exe

C:\Windows\System\CnFFYVE.exe

C:\Windows\System\YGyJTdA.exe

C:\Windows\System\YGyJTdA.exe

C:\Windows\System\wWzrmjx.exe

C:\Windows\System\wWzrmjx.exe

C:\Windows\System\lHqKoUQ.exe

C:\Windows\System\lHqKoUQ.exe

C:\Windows\System\yxvcVmP.exe

C:\Windows\System\yxvcVmP.exe

C:\Windows\System\xFwFnnE.exe

C:\Windows\System\xFwFnnE.exe

C:\Windows\System\bGyJHmX.exe

C:\Windows\System\bGyJHmX.exe

C:\Windows\System\nVxzlfE.exe

C:\Windows\System\nVxzlfE.exe

C:\Windows\System\nqPftke.exe

C:\Windows\System\nqPftke.exe

C:\Windows\System\zyWUHAj.exe

C:\Windows\System\zyWUHAj.exe

C:\Windows\System\fnXKWCo.exe

C:\Windows\System\fnXKWCo.exe

C:\Windows\System\HIRoAec.exe

C:\Windows\System\HIRoAec.exe

C:\Windows\System\oygCXPl.exe

C:\Windows\System\oygCXPl.exe

C:\Windows\System\ikQznjA.exe

C:\Windows\System\ikQznjA.exe

C:\Windows\System\XCuRrAU.exe

C:\Windows\System\XCuRrAU.exe

C:\Windows\System\ifQTFmF.exe

C:\Windows\System\ifQTFmF.exe

C:\Windows\System\RUUwSMu.exe

C:\Windows\System\RUUwSMu.exe

C:\Windows\System\TvVVcce.exe

C:\Windows\System\TvVVcce.exe

C:\Windows\System\OlhWYOE.exe

C:\Windows\System\OlhWYOE.exe

C:\Windows\System\QowjbrC.exe

C:\Windows\System\QowjbrC.exe

C:\Windows\System\uVbNfPs.exe

C:\Windows\System\uVbNfPs.exe

C:\Windows\System\kXMadax.exe

C:\Windows\System\kXMadax.exe

C:\Windows\System\LIdKIpZ.exe

C:\Windows\System\LIdKIpZ.exe

C:\Windows\System\RhudyCC.exe

C:\Windows\System\RhudyCC.exe

C:\Windows\System\SSPqlAU.exe

C:\Windows\System\SSPqlAU.exe

C:\Windows\System\MhDzIEQ.exe

C:\Windows\System\MhDzIEQ.exe

C:\Windows\System\gvGdxYP.exe

C:\Windows\System\gvGdxYP.exe

C:\Windows\System\GPujHAY.exe

C:\Windows\System\GPujHAY.exe

C:\Windows\System\ZCVrOBu.exe

C:\Windows\System\ZCVrOBu.exe

C:\Windows\System\pEcSwNu.exe

C:\Windows\System\pEcSwNu.exe

C:\Windows\System\aIJdwJy.exe

C:\Windows\System\aIJdwJy.exe

C:\Windows\System\DoviYOC.exe

C:\Windows\System\DoviYOC.exe

C:\Windows\System\dhTqNTG.exe

C:\Windows\System\dhTqNTG.exe

C:\Windows\System\siSACdB.exe

C:\Windows\System\siSACdB.exe

C:\Windows\System\SUzLhGk.exe

C:\Windows\System\SUzLhGk.exe

C:\Windows\System\eMXDXYQ.exe

C:\Windows\System\eMXDXYQ.exe

C:\Windows\System\noeHltu.exe

C:\Windows\System\noeHltu.exe

C:\Windows\System\iXuspFI.exe

C:\Windows\System\iXuspFI.exe

C:\Windows\System\kyckDkQ.exe

C:\Windows\System\kyckDkQ.exe

C:\Windows\System\MeLrpQc.exe

C:\Windows\System\MeLrpQc.exe

C:\Windows\System\oMggiHP.exe

C:\Windows\System\oMggiHP.exe

C:\Windows\System\rLzQtam.exe

C:\Windows\System\rLzQtam.exe

C:\Windows\System\EcPLWbd.exe

C:\Windows\System\EcPLWbd.exe

C:\Windows\System\mqAQQFG.exe

C:\Windows\System\mqAQQFG.exe

C:\Windows\System\DIJbCwA.exe

C:\Windows\System\DIJbCwA.exe

C:\Windows\System\AJyxwEy.exe

C:\Windows\System\AJyxwEy.exe

C:\Windows\System\XMPtJQJ.exe

C:\Windows\System\XMPtJQJ.exe

C:\Windows\System\ojeGYZc.exe

C:\Windows\System\ojeGYZc.exe

C:\Windows\System\fWgUFZT.exe

C:\Windows\System\fWgUFZT.exe

C:\Windows\System\fnSZvGi.exe

C:\Windows\System\fnSZvGi.exe

C:\Windows\System\HGSAVLP.exe

C:\Windows\System\HGSAVLP.exe

C:\Windows\System\PJlijyy.exe

C:\Windows\System\PJlijyy.exe

C:\Windows\System\FoajkoF.exe

C:\Windows\System\FoajkoF.exe

C:\Windows\System\elqbonO.exe

C:\Windows\System\elqbonO.exe

C:\Windows\System\DNmHRju.exe

C:\Windows\System\DNmHRju.exe

C:\Windows\System\EVefodB.exe

C:\Windows\System\EVefodB.exe

C:\Windows\System\ubpXKid.exe

C:\Windows\System\ubpXKid.exe

C:\Windows\System\PnRhxlp.exe

C:\Windows\System\PnRhxlp.exe

C:\Windows\System\gpHubkY.exe

C:\Windows\System\gpHubkY.exe

C:\Windows\System\mMHafvk.exe

C:\Windows\System\mMHafvk.exe

C:\Windows\System\XkNTBpr.exe

C:\Windows\System\XkNTBpr.exe

C:\Windows\System\zAEBDDg.exe

C:\Windows\System\zAEBDDg.exe

C:\Windows\System\qnTyNpq.exe

C:\Windows\System\qnTyNpq.exe

C:\Windows\System\odfWSEM.exe

C:\Windows\System\odfWSEM.exe

C:\Windows\System\hyclEcu.exe

C:\Windows\System\hyclEcu.exe

C:\Windows\System\kVvYrnC.exe

C:\Windows\System\kVvYrnC.exe

C:\Windows\System\NQZPLAJ.exe

C:\Windows\System\NQZPLAJ.exe

C:\Windows\System\gARZVkt.exe

C:\Windows\System\gARZVkt.exe

C:\Windows\System\orzAANO.exe

C:\Windows\System\orzAANO.exe

C:\Windows\System\EwLegcq.exe

C:\Windows\System\EwLegcq.exe

C:\Windows\System\JkHSBQx.exe

C:\Windows\System\JkHSBQx.exe

C:\Windows\System\PfWJJJr.exe

C:\Windows\System\PfWJJJr.exe

C:\Windows\System\VbhXrjH.exe

C:\Windows\System\VbhXrjH.exe

C:\Windows\System\GtdqBVM.exe

C:\Windows\System\GtdqBVM.exe

C:\Windows\System\BSgyceQ.exe

C:\Windows\System\BSgyceQ.exe

C:\Windows\System\byTXRxr.exe

C:\Windows\System\byTXRxr.exe

C:\Windows\System\bsqWNIq.exe

C:\Windows\System\bsqWNIq.exe

C:\Windows\System\gTzlxve.exe

C:\Windows\System\gTzlxve.exe

C:\Windows\System\dzlLLtm.exe

C:\Windows\System\dzlLLtm.exe

C:\Windows\System\KAuHpVD.exe

C:\Windows\System\KAuHpVD.exe

C:\Windows\System\wHjSdcS.exe

C:\Windows\System\wHjSdcS.exe

C:\Windows\System\FzOPNEX.exe

C:\Windows\System\FzOPNEX.exe

C:\Windows\System\zLVnsYF.exe

C:\Windows\System\zLVnsYF.exe

C:\Windows\System\lxzgRAO.exe

C:\Windows\System\lxzgRAO.exe

C:\Windows\System\qBuRtZR.exe

C:\Windows\System\qBuRtZR.exe

C:\Windows\System\wXGvltD.exe

C:\Windows\System\wXGvltD.exe

C:\Windows\System\obKJmlO.exe

C:\Windows\System\obKJmlO.exe

C:\Windows\System\soxsJdV.exe

C:\Windows\System\soxsJdV.exe

C:\Windows\System\OrpcohR.exe

C:\Windows\System\OrpcohR.exe

C:\Windows\System\HZVDtqq.exe

C:\Windows\System\HZVDtqq.exe

C:\Windows\System\NtzfoEf.exe

C:\Windows\System\NtzfoEf.exe

C:\Windows\System\qPSVmSi.exe

C:\Windows\System\qPSVmSi.exe

C:\Windows\System\lHXUABe.exe

C:\Windows\System\lHXUABe.exe

C:\Windows\System\zUBacxR.exe

C:\Windows\System\zUBacxR.exe

C:\Windows\System\VFwEMMW.exe

C:\Windows\System\VFwEMMW.exe

C:\Windows\System\IKYxECV.exe

C:\Windows\System\IKYxECV.exe

C:\Windows\System\IOvvqBq.exe

C:\Windows\System\IOvvqBq.exe

C:\Windows\System\DdmuGAH.exe

C:\Windows\System\DdmuGAH.exe

C:\Windows\System\hlvNNkI.exe

C:\Windows\System\hlvNNkI.exe

C:\Windows\System\vEBMbJV.exe

C:\Windows\System\vEBMbJV.exe

C:\Windows\System\VcHnEWy.exe

C:\Windows\System\VcHnEWy.exe

C:\Windows\System\pIlRehe.exe

C:\Windows\System\pIlRehe.exe

C:\Windows\System\RlnTMLX.exe

C:\Windows\System\RlnTMLX.exe

C:\Windows\System\tMRDoOG.exe

C:\Windows\System\tMRDoOG.exe

C:\Windows\System\MpZAEcV.exe

C:\Windows\System\MpZAEcV.exe

C:\Windows\System\SVDjFfp.exe

C:\Windows\System\SVDjFfp.exe

C:\Windows\System\uUnvZZu.exe

C:\Windows\System\uUnvZZu.exe

C:\Windows\System\PLcvfvL.exe

C:\Windows\System\PLcvfvL.exe

C:\Windows\System\nmZxrts.exe

C:\Windows\System\nmZxrts.exe

C:\Windows\System\EkPVJsU.exe

C:\Windows\System\EkPVJsU.exe

C:\Windows\System\KKDHOJV.exe

C:\Windows\System\KKDHOJV.exe

C:\Windows\System\QRACISa.exe

C:\Windows\System\QRACISa.exe

C:\Windows\System\fQTKyMB.exe

C:\Windows\System\fQTKyMB.exe

C:\Windows\System\ojbBvbK.exe

C:\Windows\System\ojbBvbK.exe

C:\Windows\System\qsZfEST.exe

C:\Windows\System\qsZfEST.exe

C:\Windows\System\DoHRdpu.exe

C:\Windows\System\DoHRdpu.exe

C:\Windows\System\wRiuGAK.exe

C:\Windows\System\wRiuGAK.exe

C:\Windows\System\yLszoYW.exe

C:\Windows\System\yLszoYW.exe

C:\Windows\System\GVWROMT.exe

C:\Windows\System\GVWROMT.exe

C:\Windows\System\JgKYVEH.exe

C:\Windows\System\JgKYVEH.exe

C:\Windows\System\JFiRwIt.exe

C:\Windows\System\JFiRwIt.exe

C:\Windows\System\INURQat.exe

C:\Windows\System\INURQat.exe

C:\Windows\System\VEsLWWk.exe

C:\Windows\System\VEsLWWk.exe

C:\Windows\System\WCoVkMh.exe

C:\Windows\System\WCoVkMh.exe

C:\Windows\System\NMhJJOx.exe

C:\Windows\System\NMhJJOx.exe

C:\Windows\System\nrPHDMm.exe

C:\Windows\System\nrPHDMm.exe

C:\Windows\System\xVzJaKP.exe

C:\Windows\System\xVzJaKP.exe

C:\Windows\System\VJJpWvR.exe

C:\Windows\System\VJJpWvR.exe

C:\Windows\System\MBdiGOI.exe

C:\Windows\System\MBdiGOI.exe

C:\Windows\System\dgiwrkc.exe

C:\Windows\System\dgiwrkc.exe

C:\Windows\System\isAmeys.exe

C:\Windows\System\isAmeys.exe

C:\Windows\System\gBxFdiD.exe

C:\Windows\System\gBxFdiD.exe

C:\Windows\System\egwsfcn.exe

C:\Windows\System\egwsfcn.exe

C:\Windows\System\DWuvxVV.exe

C:\Windows\System\DWuvxVV.exe

C:\Windows\System\RnNMlxA.exe

C:\Windows\System\RnNMlxA.exe

C:\Windows\System\WxmaXQg.exe

C:\Windows\System\WxmaXQg.exe

C:\Windows\System\IogRcFZ.exe

C:\Windows\System\IogRcFZ.exe

C:\Windows\System\lluieht.exe

C:\Windows\System\lluieht.exe

C:\Windows\System\PjIOzmJ.exe

C:\Windows\System\PjIOzmJ.exe

C:\Windows\System\tYsrdXe.exe

C:\Windows\System\tYsrdXe.exe

C:\Windows\System\whrfolx.exe

C:\Windows\System\whrfolx.exe

C:\Windows\System\uhanALP.exe

C:\Windows\System\uhanALP.exe

C:\Windows\System\Ifmlaqk.exe

C:\Windows\System\Ifmlaqk.exe

C:\Windows\System\qDMDqwT.exe

C:\Windows\System\qDMDqwT.exe

C:\Windows\System\xigxMjG.exe

C:\Windows\System\xigxMjG.exe

C:\Windows\System\IbmpxPY.exe

C:\Windows\System\IbmpxPY.exe

C:\Windows\System\XYdsBHQ.exe

C:\Windows\System\XYdsBHQ.exe

C:\Windows\System\MoouOQn.exe

C:\Windows\System\MoouOQn.exe

C:\Windows\System\okKUniz.exe

C:\Windows\System\okKUniz.exe

C:\Windows\System\gfYeNRc.exe

C:\Windows\System\gfYeNRc.exe

C:\Windows\System\BUpCXTb.exe

C:\Windows\System\BUpCXTb.exe

C:\Windows\System\XKnbIly.exe

C:\Windows\System\XKnbIly.exe

C:\Windows\System\veJRORK.exe

C:\Windows\System\veJRORK.exe

C:\Windows\System\EpBICbt.exe

C:\Windows\System\EpBICbt.exe

C:\Windows\System\WahYlwE.exe

C:\Windows\System\WahYlwE.exe

C:\Windows\System\XcsZYit.exe

C:\Windows\System\XcsZYit.exe

C:\Windows\System\MqxAbmc.exe

C:\Windows\System\MqxAbmc.exe

C:\Windows\System\FvGpyKO.exe

C:\Windows\System\FvGpyKO.exe

C:\Windows\System\CyowfZC.exe

C:\Windows\System\CyowfZC.exe

C:\Windows\System\crtccHL.exe

C:\Windows\System\crtccHL.exe

C:\Windows\System\crSqaeW.exe

C:\Windows\System\crSqaeW.exe

C:\Windows\System\vosVFGd.exe

C:\Windows\System\vosVFGd.exe

C:\Windows\System\bRndeOF.exe

C:\Windows\System\bRndeOF.exe

C:\Windows\System\OqRPnEv.exe

C:\Windows\System\OqRPnEv.exe

C:\Windows\System\WSLXsgY.exe

C:\Windows\System\WSLXsgY.exe

C:\Windows\System\jrkqIlz.exe

C:\Windows\System\jrkqIlz.exe

C:\Windows\System\TgRsMtZ.exe

C:\Windows\System\TgRsMtZ.exe

C:\Windows\System\CRYazlJ.exe

C:\Windows\System\CRYazlJ.exe

C:\Windows\System\JbkVhXP.exe

C:\Windows\System\JbkVhXP.exe

C:\Windows\System\ObpjDeY.exe

C:\Windows\System\ObpjDeY.exe

C:\Windows\System\XiHXoUV.exe

C:\Windows\System\XiHXoUV.exe

C:\Windows\System\dDpoxdo.exe

C:\Windows\System\dDpoxdo.exe

C:\Windows\System\amNjMLD.exe

C:\Windows\System\amNjMLD.exe

C:\Windows\System\gNoIrgX.exe

C:\Windows\System\gNoIrgX.exe

C:\Windows\System\VyluTRh.exe

C:\Windows\System\VyluTRh.exe

C:\Windows\System\zSSlSTv.exe

C:\Windows\System\zSSlSTv.exe

C:\Windows\System\EOBqyqD.exe

C:\Windows\System\EOBqyqD.exe

C:\Windows\System\irmHjrY.exe

C:\Windows\System\irmHjrY.exe

C:\Windows\System\TYfKvdB.exe

C:\Windows\System\TYfKvdB.exe

C:\Windows\System\smPnRSz.exe

C:\Windows\System\smPnRSz.exe

C:\Windows\System\SdhFdQK.exe

C:\Windows\System\SdhFdQK.exe

C:\Windows\System\tIiDJrM.exe

C:\Windows\System\tIiDJrM.exe

C:\Windows\System\SekZjHt.exe

C:\Windows\System\SekZjHt.exe

C:\Windows\System\uxPNHUL.exe

C:\Windows\System\uxPNHUL.exe

C:\Windows\System\NgyUmpS.exe

C:\Windows\System\NgyUmpS.exe

C:\Windows\System\VXxPLSS.exe

C:\Windows\System\VXxPLSS.exe

C:\Windows\System\EmiUHFi.exe

C:\Windows\System\EmiUHFi.exe

C:\Windows\System\zVLBPYa.exe

C:\Windows\System\zVLBPYa.exe

C:\Windows\System\yTdfGKy.exe

C:\Windows\System\yTdfGKy.exe

C:\Windows\System\SBmVThe.exe

C:\Windows\System\SBmVThe.exe

C:\Windows\System\WxAnWve.exe

C:\Windows\System\WxAnWve.exe

C:\Windows\System\FoaTPHj.exe

C:\Windows\System\FoaTPHj.exe

C:\Windows\System\IBZKYLK.exe

C:\Windows\System\IBZKYLK.exe

C:\Windows\System\bHQaFLG.exe

C:\Windows\System\bHQaFLG.exe

C:\Windows\System\BraESEQ.exe

C:\Windows\System\BraESEQ.exe

C:\Windows\System\CnwjQbU.exe

C:\Windows\System\CnwjQbU.exe

C:\Windows\System\vsJwHxB.exe

C:\Windows\System\vsJwHxB.exe

C:\Windows\System\FmaMQsn.exe

C:\Windows\System\FmaMQsn.exe

C:\Windows\System\JbCQYAy.exe

C:\Windows\System\JbCQYAy.exe

C:\Windows\System\NZHuZjb.exe

C:\Windows\System\NZHuZjb.exe

C:\Windows\System\guqBlmX.exe

C:\Windows\System\guqBlmX.exe

C:\Windows\System\ySVviUy.exe

C:\Windows\System\ySVviUy.exe

C:\Windows\System\zyhqvLx.exe

C:\Windows\System\zyhqvLx.exe

C:\Windows\System\bUTotAR.exe

C:\Windows\System\bUTotAR.exe

C:\Windows\System\NoZbPzy.exe

C:\Windows\System\NoZbPzy.exe

C:\Windows\System\qiBQJjx.exe

C:\Windows\System\qiBQJjx.exe

C:\Windows\System\MVliUxq.exe

C:\Windows\System\MVliUxq.exe

C:\Windows\System\NtXiozt.exe

C:\Windows\System\NtXiozt.exe

C:\Windows\System\jyHBVAS.exe

C:\Windows\System\jyHBVAS.exe

C:\Windows\System\JQQewEd.exe

C:\Windows\System\JQQewEd.exe

C:\Windows\System\ioWwbLp.exe

C:\Windows\System\ioWwbLp.exe

C:\Windows\System\wfMWaLv.exe

C:\Windows\System\wfMWaLv.exe

C:\Windows\System\FZFGrVn.exe

C:\Windows\System\FZFGrVn.exe

C:\Windows\System\DVqyvVY.exe

C:\Windows\System\DVqyvVY.exe

C:\Windows\System\kMCJvIs.exe

C:\Windows\System\kMCJvIs.exe

C:\Windows\System\pruyVey.exe

C:\Windows\System\pruyVey.exe

C:\Windows\System\BFwXXDi.exe

C:\Windows\System\BFwXXDi.exe

C:\Windows\System\upcDeKk.exe

C:\Windows\System\upcDeKk.exe

C:\Windows\System\xZKlKCo.exe

C:\Windows\System\xZKlKCo.exe

C:\Windows\System\wVlSNGU.exe

C:\Windows\System\wVlSNGU.exe

C:\Windows\System\rcaEDbY.exe

C:\Windows\System\rcaEDbY.exe

C:\Windows\System\pcDNxcZ.exe

C:\Windows\System\pcDNxcZ.exe

C:\Windows\System\jrrqddC.exe

C:\Windows\System\jrrqddC.exe

C:\Windows\System\YzTialK.exe

C:\Windows\System\YzTialK.exe

C:\Windows\System\JiSqFyu.exe

C:\Windows\System\JiSqFyu.exe

C:\Windows\System\wINafPf.exe

C:\Windows\System\wINafPf.exe

C:\Windows\System\Mncecwl.exe

C:\Windows\System\Mncecwl.exe

C:\Windows\System\TsvYCPc.exe

C:\Windows\System\TsvYCPc.exe

C:\Windows\System\OLonFGQ.exe

C:\Windows\System\OLonFGQ.exe

C:\Windows\System\RJjGYJd.exe

C:\Windows\System\RJjGYJd.exe

C:\Windows\System\PYUTzhL.exe

C:\Windows\System\PYUTzhL.exe

C:\Windows\System\GcjoQBX.exe

C:\Windows\System\GcjoQBX.exe

C:\Windows\System\gtlXItI.exe

C:\Windows\System\gtlXItI.exe

C:\Windows\System\EyBWJoD.exe

C:\Windows\System\EyBWJoD.exe

C:\Windows\System\DXgThki.exe

C:\Windows\System\DXgThki.exe

C:\Windows\System\oVFPtsF.exe

C:\Windows\System\oVFPtsF.exe

C:\Windows\System\FURlqpn.exe

C:\Windows\System\FURlqpn.exe

C:\Windows\System\qQpfWxJ.exe

C:\Windows\System\qQpfWxJ.exe

C:\Windows\System\yNVgLPW.exe

C:\Windows\System\yNVgLPW.exe

C:\Windows\System\GRpJVVG.exe

C:\Windows\System\GRpJVVG.exe

C:\Windows\System\TUdHNDN.exe

C:\Windows\System\TUdHNDN.exe

C:\Windows\System\FRnGaRJ.exe

C:\Windows\System\FRnGaRJ.exe

C:\Windows\System\QwtIIRd.exe

C:\Windows\System\QwtIIRd.exe

C:\Windows\System\LSOWIew.exe

C:\Windows\System\LSOWIew.exe

C:\Windows\System\HchLNRT.exe

C:\Windows\System\HchLNRT.exe

C:\Windows\System\wDoqwNs.exe

C:\Windows\System\wDoqwNs.exe

C:\Windows\System\UTkWrpK.exe

C:\Windows\System\UTkWrpK.exe

C:\Windows\System\hpcRqFO.exe

C:\Windows\System\hpcRqFO.exe

C:\Windows\System\xLvpzwr.exe

C:\Windows\System\xLvpzwr.exe

C:\Windows\System\wGRTMlT.exe

C:\Windows\System\wGRTMlT.exe

C:\Windows\System\nrvldhT.exe

C:\Windows\System\nrvldhT.exe

C:\Windows\System\SdtLebL.exe

C:\Windows\System\SdtLebL.exe

C:\Windows\System\eYtptIt.exe

C:\Windows\System\eYtptIt.exe

C:\Windows\System\QedykzE.exe

C:\Windows\System\QedykzE.exe

C:\Windows\System\cVwJqGI.exe

C:\Windows\System\cVwJqGI.exe

C:\Windows\System\gJXRdTU.exe

C:\Windows\System\gJXRdTU.exe

C:\Windows\System\aCqyFmc.exe

C:\Windows\System\aCqyFmc.exe

C:\Windows\System\LczGeqo.exe

C:\Windows\System\LczGeqo.exe

C:\Windows\System\UFUmrHr.exe

C:\Windows\System\UFUmrHr.exe

C:\Windows\System\xSVmfLe.exe

C:\Windows\System\xSVmfLe.exe

C:\Windows\System\KSxnNJW.exe

C:\Windows\System\KSxnNJW.exe

C:\Windows\System\ytZoknG.exe

C:\Windows\System\ytZoknG.exe

C:\Windows\System\PzMWnhA.exe

C:\Windows\System\PzMWnhA.exe

C:\Windows\System\WTjHVTQ.exe

C:\Windows\System\WTjHVTQ.exe

C:\Windows\System\dgeOQFg.exe

C:\Windows\System\dgeOQFg.exe

C:\Windows\System\IbSWtpf.exe

C:\Windows\System\IbSWtpf.exe

C:\Windows\System\zRxKwdY.exe

C:\Windows\System\zRxKwdY.exe

C:\Windows\System\nzYUbbU.exe

C:\Windows\System\nzYUbbU.exe

C:\Windows\System\VmriIyK.exe

C:\Windows\System\VmriIyK.exe

C:\Windows\System\CxQFftS.exe

C:\Windows\System\CxQFftS.exe

C:\Windows\System\ZzyAmvM.exe

C:\Windows\System\ZzyAmvM.exe

C:\Windows\System\juFJcLx.exe

C:\Windows\System\juFJcLx.exe

C:\Windows\System\VbwoKbe.exe

C:\Windows\System\VbwoKbe.exe

C:\Windows\System\nlNMHPC.exe

C:\Windows\System\nlNMHPC.exe

C:\Windows\System\xXyAOzE.exe

C:\Windows\System\xXyAOzE.exe

C:\Windows\System\NmJApoI.exe

C:\Windows\System\NmJApoI.exe

C:\Windows\System\KplssUK.exe

C:\Windows\System\KplssUK.exe

C:\Windows\System\pWBpPqJ.exe

C:\Windows\System\pWBpPqJ.exe

C:\Windows\System\syNBzPq.exe

C:\Windows\System\syNBzPq.exe

C:\Windows\System\SykkzXr.exe

C:\Windows\System\SykkzXr.exe

C:\Windows\System\lQAvAYH.exe

C:\Windows\System\lQAvAYH.exe

C:\Windows\System\VjRrZUv.exe

C:\Windows\System\VjRrZUv.exe

C:\Windows\System\DTIVogp.exe

C:\Windows\System\DTIVogp.exe

C:\Windows\System\DfbchrP.exe

C:\Windows\System\DfbchrP.exe

C:\Windows\System\JgcDsFK.exe

C:\Windows\System\JgcDsFK.exe

C:\Windows\System\RDAXhbu.exe

C:\Windows\System\RDAXhbu.exe

C:\Windows\System\hibVGve.exe

C:\Windows\System\hibVGve.exe

C:\Windows\System\DRcsYfg.exe

C:\Windows\System\DRcsYfg.exe

C:\Windows\System\HRZDPBi.exe

C:\Windows\System\HRZDPBi.exe

C:\Windows\System\plsFQbx.exe

C:\Windows\System\plsFQbx.exe

C:\Windows\System\MgQaAQG.exe

C:\Windows\System\MgQaAQG.exe

C:\Windows\System\sfTuQYm.exe

C:\Windows\System\sfTuQYm.exe

C:\Windows\System\CatWraa.exe

C:\Windows\System\CatWraa.exe

C:\Windows\System\GJXmQPm.exe

C:\Windows\System\GJXmQPm.exe

C:\Windows\System\LJCMNUK.exe

C:\Windows\System\LJCMNUK.exe

C:\Windows\System\dqtGDpo.exe

C:\Windows\System\dqtGDpo.exe

C:\Windows\System\bUEnzKi.exe

C:\Windows\System\bUEnzKi.exe

C:\Windows\System\CJjSNgy.exe

C:\Windows\System\CJjSNgy.exe

C:\Windows\System\qbZKfkR.exe

C:\Windows\System\qbZKfkR.exe

C:\Windows\System\QbbjhXa.exe

C:\Windows\System\QbbjhXa.exe

C:\Windows\System\qNJOCYW.exe

C:\Windows\System\qNJOCYW.exe

C:\Windows\System\rzSKvvh.exe

C:\Windows\System\rzSKvvh.exe

C:\Windows\System\jmzHtoi.exe

C:\Windows\System\jmzHtoi.exe

C:\Windows\System\LXrPJPb.exe

C:\Windows\System\LXrPJPb.exe

C:\Windows\System\CjjePOf.exe

C:\Windows\System\CjjePOf.exe

C:\Windows\System\FGOXXOS.exe

C:\Windows\System\FGOXXOS.exe

C:\Windows\System\kFYippz.exe

C:\Windows\System\kFYippz.exe

C:\Windows\System\qSjubUY.exe

C:\Windows\System\qSjubUY.exe

C:\Windows\System\nZdFbKT.exe

C:\Windows\System\nZdFbKT.exe

C:\Windows\System\dBbFgdu.exe

C:\Windows\System\dBbFgdu.exe

C:\Windows\System\StSVmuX.exe

C:\Windows\System\StSVmuX.exe

C:\Windows\System\UEIuDSy.exe

C:\Windows\System\UEIuDSy.exe

C:\Windows\System\fHPciuM.exe

C:\Windows\System\fHPciuM.exe

C:\Windows\System\rivMAOI.exe

C:\Windows\System\rivMAOI.exe

C:\Windows\System\tmlhkty.exe

C:\Windows\System\tmlhkty.exe

C:\Windows\System\FZtSkws.exe

C:\Windows\System\FZtSkws.exe

C:\Windows\System\qoJSNSq.exe

C:\Windows\System\qoJSNSq.exe

C:\Windows\System\FtIuryY.exe

C:\Windows\System\FtIuryY.exe

C:\Windows\System\fRmmMAS.exe

C:\Windows\System\fRmmMAS.exe

C:\Windows\System\TEtXULK.exe

C:\Windows\System\TEtXULK.exe

C:\Windows\System\RjahpHO.exe

C:\Windows\System\RjahpHO.exe

C:\Windows\System\jlVjzGu.exe

C:\Windows\System\jlVjzGu.exe

C:\Windows\System\iRLwMff.exe

C:\Windows\System\iRLwMff.exe

C:\Windows\System\oxYTQlk.exe

C:\Windows\System\oxYTQlk.exe

C:\Windows\System\pjaSwfe.exe

C:\Windows\System\pjaSwfe.exe

C:\Windows\System\jbZkNOQ.exe

C:\Windows\System\jbZkNOQ.exe

C:\Windows\System\uAlpJub.exe

C:\Windows\System\uAlpJub.exe

C:\Windows\System\uYAvBbn.exe

C:\Windows\System\uYAvBbn.exe

C:\Windows\System\rzUdHzq.exe

C:\Windows\System\rzUdHzq.exe

C:\Windows\System\CFZnPVo.exe

C:\Windows\System\CFZnPVo.exe

C:\Windows\System\mtaJvsw.exe

C:\Windows\System\mtaJvsw.exe

C:\Windows\System\vgfllBz.exe

C:\Windows\System\vgfllBz.exe

C:\Windows\System\wSdteRT.exe

C:\Windows\System\wSdteRT.exe

C:\Windows\System\lLXCybF.exe

C:\Windows\System\lLXCybF.exe

C:\Windows\System\nWxIafS.exe

C:\Windows\System\nWxIafS.exe

C:\Windows\System\cpQQcEj.exe

C:\Windows\System\cpQQcEj.exe

C:\Windows\System\xJTQWKn.exe

C:\Windows\System\xJTQWKn.exe

C:\Windows\System\NTPgQuo.exe

C:\Windows\System\NTPgQuo.exe

C:\Windows\System\ybLMSAF.exe

C:\Windows\System\ybLMSAF.exe

C:\Windows\System\jbVQHER.exe

C:\Windows\System\jbVQHER.exe

C:\Windows\System\VUZqGjG.exe

C:\Windows\System\VUZqGjG.exe

C:\Windows\System\WdTAboU.exe

C:\Windows\System\WdTAboU.exe

C:\Windows\System\usympxj.exe

C:\Windows\System\usympxj.exe

C:\Windows\System\ysneCIT.exe

C:\Windows\System\ysneCIT.exe

C:\Windows\System\RprkLcM.exe

C:\Windows\System\RprkLcM.exe

C:\Windows\System\FJvyXoi.exe

C:\Windows\System\FJvyXoi.exe

C:\Windows\System\ZgSdEWJ.exe

C:\Windows\System\ZgSdEWJ.exe

C:\Windows\System\POstloG.exe

C:\Windows\System\POstloG.exe

C:\Windows\System\hDfSnbC.exe

C:\Windows\System\hDfSnbC.exe

C:\Windows\System\ryqqWyC.exe

C:\Windows\System\ryqqWyC.exe

C:\Windows\System\xUqSqYH.exe

C:\Windows\System\xUqSqYH.exe

C:\Windows\System\NGKygmv.exe

C:\Windows\System\NGKygmv.exe

C:\Windows\System\rsKvZaP.exe

C:\Windows\System\rsKvZaP.exe

C:\Windows\System\BiMxgtk.exe

C:\Windows\System\BiMxgtk.exe

C:\Windows\System\oMpBkci.exe

C:\Windows\System\oMpBkci.exe

C:\Windows\System\OexeJHw.exe

C:\Windows\System\OexeJHw.exe

C:\Windows\System\gpusupm.exe

C:\Windows\System\gpusupm.exe

C:\Windows\System\ycmSedZ.exe

C:\Windows\System\ycmSedZ.exe

C:\Windows\System\YGWWKmQ.exe

C:\Windows\System\YGWWKmQ.exe

C:\Windows\System\PesMWKi.exe

C:\Windows\System\PesMWKi.exe

C:\Windows\System\cDRxmNF.exe

C:\Windows\System\cDRxmNF.exe

C:\Windows\System\VFDLJHF.exe

C:\Windows\System\VFDLJHF.exe

C:\Windows\System\ltmpZxr.exe

C:\Windows\System\ltmpZxr.exe

C:\Windows\System\FKgxJwz.exe

C:\Windows\System\FKgxJwz.exe

C:\Windows\System\LFVLCoy.exe

C:\Windows\System\LFVLCoy.exe

C:\Windows\System\scfIcVW.exe

C:\Windows\System\scfIcVW.exe

C:\Windows\System\yfQbjou.exe

C:\Windows\System\yfQbjou.exe

C:\Windows\System\IEauCqT.exe

C:\Windows\System\IEauCqT.exe

C:\Windows\System\DTQDBQp.exe

C:\Windows\System\DTQDBQp.exe

C:\Windows\System\rJbWgGM.exe

C:\Windows\System\rJbWgGM.exe

C:\Windows\System\TJCroCf.exe

C:\Windows\System\TJCroCf.exe

C:\Windows\System\DmVgdSR.exe

C:\Windows\System\DmVgdSR.exe

C:\Windows\System\mRZbZcE.exe

C:\Windows\System\mRZbZcE.exe

C:\Windows\System\KVucMlH.exe

C:\Windows\System\KVucMlH.exe

C:\Windows\System\WfSRMNZ.exe

C:\Windows\System\WfSRMNZ.exe

C:\Windows\System\yFdlcUt.exe

C:\Windows\System\yFdlcUt.exe

C:\Windows\System\yUxgFDt.exe

C:\Windows\System\yUxgFDt.exe

C:\Windows\System\gaPXEaR.exe

C:\Windows\System\gaPXEaR.exe

C:\Windows\System\roHVgCP.exe

C:\Windows\System\roHVgCP.exe

C:\Windows\System\liewhkB.exe

C:\Windows\System\liewhkB.exe

C:\Windows\System\cSNrCBF.exe

C:\Windows\System\cSNrCBF.exe

C:\Windows\System\BmgCnxf.exe

C:\Windows\System\BmgCnxf.exe

C:\Windows\System\fflrScc.exe

C:\Windows\System\fflrScc.exe

C:\Windows\System\oHPoVUv.exe

C:\Windows\System\oHPoVUv.exe

C:\Windows\System\JtAdQst.exe

C:\Windows\System\JtAdQst.exe

C:\Windows\System\hSxqzaF.exe

C:\Windows\System\hSxqzaF.exe

C:\Windows\System\SYaGoHW.exe

C:\Windows\System\SYaGoHW.exe

C:\Windows\System\tQiKxCe.exe

C:\Windows\System\tQiKxCe.exe

C:\Windows\System\TDTZLZr.exe

C:\Windows\System\TDTZLZr.exe

C:\Windows\System\mLcoLuU.exe

C:\Windows\System\mLcoLuU.exe

C:\Windows\System\KSgmKhS.exe

C:\Windows\System\KSgmKhS.exe

C:\Windows\System\SkBezQY.exe

C:\Windows\System\SkBezQY.exe

C:\Windows\System\qfFSwnd.exe

C:\Windows\System\qfFSwnd.exe

C:\Windows\System\njGmILB.exe

C:\Windows\System\njGmILB.exe

C:\Windows\System\gZLjWDu.exe

C:\Windows\System\gZLjWDu.exe

C:\Windows\System\xRRPVJG.exe

C:\Windows\System\xRRPVJG.exe

C:\Windows\System\KFUISpX.exe

C:\Windows\System\KFUISpX.exe

C:\Windows\System\THrqKle.exe

C:\Windows\System\THrqKle.exe

C:\Windows\System\XFjJpOt.exe

C:\Windows\System\XFjJpOt.exe

C:\Windows\System\kjaSSFf.exe

C:\Windows\System\kjaSSFf.exe

C:\Windows\System\jDEpEPH.exe

C:\Windows\System\jDEpEPH.exe

C:\Windows\System\NiPRJTx.exe

C:\Windows\System\NiPRJTx.exe

C:\Windows\System\TzzwUZp.exe

C:\Windows\System\TzzwUZp.exe

C:\Windows\System\qsXlkqq.exe

C:\Windows\System\qsXlkqq.exe

C:\Windows\System\oRFQJkt.exe

C:\Windows\System\oRFQJkt.exe

C:\Windows\System\eLauQbW.exe

C:\Windows\System\eLauQbW.exe

C:\Windows\System\ATKWTGl.exe

C:\Windows\System\ATKWTGl.exe

C:\Windows\System\icGLiiR.exe

C:\Windows\System\icGLiiR.exe

C:\Windows\System\vhIrNCG.exe

C:\Windows\System\vhIrNCG.exe

C:\Windows\System\XXYBEPK.exe

C:\Windows\System\XXYBEPK.exe

C:\Windows\System\iToZJZn.exe

C:\Windows\System\iToZJZn.exe

C:\Windows\System\MtfvLjF.exe

C:\Windows\System\MtfvLjF.exe

C:\Windows\System\BBZpmvo.exe

C:\Windows\System\BBZpmvo.exe

C:\Windows\System\RrDgEFn.exe

C:\Windows\System\RrDgEFn.exe

C:\Windows\System\lobxJwj.exe

C:\Windows\System\lobxJwj.exe

C:\Windows\System\uqwPJet.exe

C:\Windows\System\uqwPJet.exe

C:\Windows\System\LlYAxFH.exe

C:\Windows\System\LlYAxFH.exe

C:\Windows\System\JQHyjBO.exe

C:\Windows\System\JQHyjBO.exe

C:\Windows\System\yGJRKkA.exe

C:\Windows\System\yGJRKkA.exe

C:\Windows\System\uSOfVpS.exe

C:\Windows\System\uSOfVpS.exe

C:\Windows\System\SdrTveY.exe

C:\Windows\System\SdrTveY.exe

C:\Windows\System\lpiFILy.exe

C:\Windows\System\lpiFILy.exe

C:\Windows\System\TkgBfOr.exe

C:\Windows\System\TkgBfOr.exe

C:\Windows\System\gmLxmvq.exe

C:\Windows\System\gmLxmvq.exe

C:\Windows\System\mPwAfzb.exe

C:\Windows\System\mPwAfzb.exe

C:\Windows\System\GuSiUhY.exe

C:\Windows\System\GuSiUhY.exe

C:\Windows\System\auLYeKS.exe

C:\Windows\System\auLYeKS.exe

C:\Windows\System\LZewTck.exe

C:\Windows\System\LZewTck.exe

C:\Windows\System\SHxgUcp.exe

C:\Windows\System\SHxgUcp.exe

C:\Windows\System\foRaLMG.exe

C:\Windows\System\foRaLMG.exe

C:\Windows\System\aluNUuP.exe

C:\Windows\System\aluNUuP.exe

C:\Windows\System\QHBQkGs.exe

C:\Windows\System\QHBQkGs.exe

C:\Windows\System\xHuiZQw.exe

C:\Windows\System\xHuiZQw.exe

C:\Windows\System\BYHCkgt.exe

C:\Windows\System\BYHCkgt.exe

C:\Windows\System\VMhhosy.exe

C:\Windows\System\VMhhosy.exe

C:\Windows\System\RTaoWFy.exe

C:\Windows\System\RTaoWFy.exe

C:\Windows\System\QrpAFSM.exe

C:\Windows\System\QrpAFSM.exe

C:\Windows\System\CREymRN.exe

C:\Windows\System\CREymRN.exe

C:\Windows\System\DyRvZjv.exe

C:\Windows\System\DyRvZjv.exe

C:\Windows\System\PVqYXXi.exe

C:\Windows\System\PVqYXXi.exe

C:\Windows\System\GldunXe.exe

C:\Windows\System\GldunXe.exe

C:\Windows\System\KDpkjYD.exe

C:\Windows\System\KDpkjYD.exe

C:\Windows\System\fRpUuEK.exe

C:\Windows\System\fRpUuEK.exe

C:\Windows\System\rbmuNqr.exe

C:\Windows\System\rbmuNqr.exe

C:\Windows\System\OzuIkEr.exe

C:\Windows\System\OzuIkEr.exe

C:\Windows\System\oXnKHJP.exe

C:\Windows\System\oXnKHJP.exe

C:\Windows\System\UIPTfbv.exe

C:\Windows\System\UIPTfbv.exe

C:\Windows\System\xXNtOGG.exe

C:\Windows\System\xXNtOGG.exe

C:\Windows\System\CDkbKjH.exe

C:\Windows\System\CDkbKjH.exe

C:\Windows\System\YwnOCQk.exe

C:\Windows\System\YwnOCQk.exe

C:\Windows\System\GiIHYcT.exe

C:\Windows\System\GiIHYcT.exe

C:\Windows\System\jdBmwZs.exe

C:\Windows\System\jdBmwZs.exe

C:\Windows\System\UBkzoAe.exe

C:\Windows\System\UBkzoAe.exe

C:\Windows\System\xqwzCfm.exe

C:\Windows\System\xqwzCfm.exe

C:\Windows\System\PghUGqU.exe

C:\Windows\System\PghUGqU.exe

C:\Windows\System\FjShGqo.exe

C:\Windows\System\FjShGqo.exe

C:\Windows\System\jIngxen.exe

C:\Windows\System\jIngxen.exe

C:\Windows\System\oqieBIP.exe

C:\Windows\System\oqieBIP.exe

C:\Windows\System\FLkWnuf.exe

C:\Windows\System\FLkWnuf.exe

C:\Windows\System\gTgkhQl.exe

C:\Windows\System\gTgkhQl.exe

C:\Windows\System\HbWKmtF.exe

C:\Windows\System\HbWKmtF.exe

C:\Windows\System\wqOunMR.exe

C:\Windows\System\wqOunMR.exe

C:\Windows\System\vtmwYwz.exe

C:\Windows\System\vtmwYwz.exe

C:\Windows\System\fAJwVDi.exe

C:\Windows\System\fAJwVDi.exe

C:\Windows\System\xlEwaPQ.exe

C:\Windows\System\xlEwaPQ.exe

C:\Windows\System\WtaUUSn.exe

C:\Windows\System\WtaUUSn.exe

C:\Windows\System\LpsPOXC.exe

C:\Windows\System\LpsPOXC.exe

C:\Windows\System\qhfzZzP.exe

C:\Windows\System\qhfzZzP.exe

C:\Windows\System\OMpFxgC.exe

C:\Windows\System\OMpFxgC.exe

C:\Windows\System\pXRcnel.exe

C:\Windows\System\pXRcnel.exe

C:\Windows\System\HeHGTdD.exe

C:\Windows\System\HeHGTdD.exe

C:\Windows\System\oTmETtt.exe

C:\Windows\System\oTmETtt.exe

C:\Windows\System\dfrsDKH.exe

C:\Windows\System\dfrsDKH.exe

C:\Windows\System\pyHTAhN.exe

C:\Windows\System\pyHTAhN.exe

C:\Windows\System\WBOobRD.exe

C:\Windows\System\WBOobRD.exe

C:\Windows\System\SJsKVFZ.exe

C:\Windows\System\SJsKVFZ.exe

C:\Windows\System\IRjXfGZ.exe

C:\Windows\System\IRjXfGZ.exe

C:\Windows\System\CytWMKT.exe

C:\Windows\System\CytWMKT.exe

C:\Windows\System\rUmdnys.exe

C:\Windows\System\rUmdnys.exe

C:\Windows\System\mEKQPyN.exe

C:\Windows\System\mEKQPyN.exe

C:\Windows\System\JdlKJQU.exe

C:\Windows\System\JdlKJQU.exe

C:\Windows\System\KXoSqpd.exe

C:\Windows\System\KXoSqpd.exe

C:\Windows\System\wLeIhtA.exe

C:\Windows\System\wLeIhtA.exe

C:\Windows\System\CjMOQCI.exe

C:\Windows\System\CjMOQCI.exe

C:\Windows\System\mxARQfZ.exe

C:\Windows\System\mxARQfZ.exe

C:\Windows\System\DaucESp.exe

C:\Windows\System\DaucESp.exe

C:\Windows\System\fSIbOdK.exe

C:\Windows\System\fSIbOdK.exe

C:\Windows\System\YHmmwdh.exe

C:\Windows\System\YHmmwdh.exe

C:\Windows\System\RwmNjDB.exe

C:\Windows\System\RwmNjDB.exe

C:\Windows\System\IfezGxw.exe

C:\Windows\System\IfezGxw.exe

C:\Windows\System\LJgyjwQ.exe

C:\Windows\System\LJgyjwQ.exe

C:\Windows\System\XpjlIyR.exe

C:\Windows\System\XpjlIyR.exe

C:\Windows\System\lQaAzBW.exe

C:\Windows\System\lQaAzBW.exe

C:\Windows\System\CiOQqHl.exe

C:\Windows\System\CiOQqHl.exe

C:\Windows\System\bvXRBLb.exe

C:\Windows\System\bvXRBLb.exe

C:\Windows\System\bhEWEKw.exe

C:\Windows\System\bhEWEKw.exe

C:\Windows\System\TwGyMbG.exe

C:\Windows\System\TwGyMbG.exe

C:\Windows\System\FXMYsFH.exe

C:\Windows\System\FXMYsFH.exe

C:\Windows\System\TSgFdSC.exe

C:\Windows\System\TSgFdSC.exe

C:\Windows\System\rltWqIo.exe

C:\Windows\System\rltWqIo.exe

C:\Windows\System\ioRtOqa.exe

C:\Windows\System\ioRtOqa.exe

C:\Windows\System\EjDcJHi.exe

C:\Windows\System\EjDcJHi.exe

C:\Windows\System\pexztoF.exe

C:\Windows\System\pexztoF.exe

C:\Windows\System\DvAvzaV.exe

C:\Windows\System\DvAvzaV.exe

C:\Windows\System\PrftspQ.exe

C:\Windows\System\PrftspQ.exe

C:\Windows\System\pRxCwps.exe

C:\Windows\System\pRxCwps.exe

C:\Windows\System\GofPMyT.exe

C:\Windows\System\GofPMyT.exe

C:\Windows\System\eSUzcTU.exe

C:\Windows\System\eSUzcTU.exe

C:\Windows\System\afCcnYC.exe

C:\Windows\System\afCcnYC.exe

C:\Windows\System\zSfKFKC.exe

C:\Windows\System\zSfKFKC.exe

C:\Windows\System\qjncXBS.exe

C:\Windows\System\qjncXBS.exe

C:\Windows\System\YnzWZtP.exe

C:\Windows\System\YnzWZtP.exe

C:\Windows\System\UDyOrkS.exe

C:\Windows\System\UDyOrkS.exe

C:\Windows\System\orrVYsK.exe

C:\Windows\System\orrVYsK.exe

C:\Windows\System\ZePDBdK.exe

C:\Windows\System\ZePDBdK.exe

C:\Windows\System\KCrUvzK.exe

C:\Windows\System\KCrUvzK.exe

C:\Windows\System\gqxhmHk.exe

C:\Windows\System\gqxhmHk.exe

C:\Windows\System\eUgpulC.exe

C:\Windows\System\eUgpulC.exe

C:\Windows\System\xTolFib.exe

C:\Windows\System\xTolFib.exe

C:\Windows\System\iEQUmYF.exe

C:\Windows\System\iEQUmYF.exe

C:\Windows\System\IxQkdkB.exe

C:\Windows\System\IxQkdkB.exe

C:\Windows\System\GqAbsUA.exe

C:\Windows\System\GqAbsUA.exe

C:\Windows\System\VUlMhHF.exe

C:\Windows\System\VUlMhHF.exe

C:\Windows\System\sFehEaZ.exe

C:\Windows\System\sFehEaZ.exe

C:\Windows\System\gfZsPrB.exe

C:\Windows\System\gfZsPrB.exe

C:\Windows\System\UnyhZkS.exe

C:\Windows\System\UnyhZkS.exe

C:\Windows\System\VmcMeMG.exe

C:\Windows\System\VmcMeMG.exe

C:\Windows\System\avgppem.exe

C:\Windows\System\avgppem.exe

C:\Windows\System\oJtVXtQ.exe

C:\Windows\System\oJtVXtQ.exe

C:\Windows\System\MpaZHFJ.exe

C:\Windows\System\MpaZHFJ.exe

C:\Windows\System\hSZdSCi.exe

C:\Windows\System\hSZdSCi.exe

C:\Windows\System\snVIRLc.exe

C:\Windows\System\snVIRLc.exe

C:\Windows\System\rDBSnOl.exe

C:\Windows\System\rDBSnOl.exe

C:\Windows\System\AnEiqdD.exe

C:\Windows\System\AnEiqdD.exe

C:\Windows\System\MurtbTh.exe

C:\Windows\System\MurtbTh.exe

C:\Windows\System\SBxVFRX.exe

C:\Windows\System\SBxVFRX.exe

C:\Windows\System\FZcWsaE.exe

C:\Windows\System\FZcWsaE.exe

C:\Windows\System\VWsWYlJ.exe

C:\Windows\System\VWsWYlJ.exe

C:\Windows\System\xJULuex.exe

C:\Windows\System\xJULuex.exe

C:\Windows\System\iVDsdBI.exe

C:\Windows\System\iVDsdBI.exe

C:\Windows\System\nkyRpPT.exe

C:\Windows\System\nkyRpPT.exe

C:\Windows\System\edODMXI.exe

C:\Windows\System\edODMXI.exe

C:\Windows\System\yBzHhns.exe

C:\Windows\System\yBzHhns.exe

C:\Windows\System\JRIUnHL.exe

C:\Windows\System\JRIUnHL.exe

C:\Windows\System\PvkTMRJ.exe

C:\Windows\System\PvkTMRJ.exe

C:\Windows\System\huXbDqg.exe

C:\Windows\System\huXbDqg.exe

C:\Windows\System\YyLGlna.exe

C:\Windows\System\YyLGlna.exe

C:\Windows\System\ssBnKpW.exe

C:\Windows\System\ssBnKpW.exe

C:\Windows\System\mztmrFj.exe

C:\Windows\System\mztmrFj.exe

C:\Windows\System\wAWbJCC.exe

C:\Windows\System\wAWbJCC.exe

C:\Windows\System\HNyKlyZ.exe

C:\Windows\System\HNyKlyZ.exe

C:\Windows\System\jgmvyYR.exe

C:\Windows\System\jgmvyYR.exe

C:\Windows\System\BBFAHGY.exe

C:\Windows\System\BBFAHGY.exe

C:\Windows\System\bxVaHEb.exe

C:\Windows\System\bxVaHEb.exe

C:\Windows\System\PvpTljX.exe

C:\Windows\System\PvpTljX.exe

C:\Windows\System\jypoRvv.exe

C:\Windows\System\jypoRvv.exe

C:\Windows\System\zEeAret.exe

C:\Windows\System\zEeAret.exe

C:\Windows\System\AbINzvB.exe

C:\Windows\System\AbINzvB.exe

C:\Windows\System\NaJqIjo.exe

C:\Windows\System\NaJqIjo.exe

C:\Windows\System\dVnLkrZ.exe

C:\Windows\System\dVnLkrZ.exe

C:\Windows\System\TOxvXwN.exe

C:\Windows\System\TOxvXwN.exe

C:\Windows\System\OkMbKBl.exe

C:\Windows\System\OkMbKBl.exe

C:\Windows\System\zabqUxd.exe

C:\Windows\System\zabqUxd.exe

C:\Windows\System\jUKhtxt.exe

C:\Windows\System\jUKhtxt.exe

C:\Windows\System\ugVislK.exe

C:\Windows\System\ugVislK.exe

C:\Windows\System\aLahONh.exe

C:\Windows\System\aLahONh.exe

C:\Windows\System\gecAVfr.exe

C:\Windows\System\gecAVfr.exe

C:\Windows\System\eMBeXGi.exe

C:\Windows\System\eMBeXGi.exe

C:\Windows\System\aZTGhNp.exe

C:\Windows\System\aZTGhNp.exe

C:\Windows\System\NTjCJFa.exe

C:\Windows\System\NTjCJFa.exe

C:\Windows\System\NdJWEVC.exe

C:\Windows\System\NdJWEVC.exe

C:\Windows\System\WQMhKza.exe

C:\Windows\System\WQMhKza.exe

C:\Windows\System\ixXPPFY.exe

C:\Windows\System\ixXPPFY.exe

C:\Windows\System\xbnhhnX.exe

C:\Windows\System\xbnhhnX.exe

C:\Windows\System\mSKzuFA.exe

C:\Windows\System\mSKzuFA.exe

C:\Windows\System\zpBudQu.exe

C:\Windows\System\zpBudQu.exe

C:\Windows\System\zqGfbpo.exe

C:\Windows\System\zqGfbpo.exe

C:\Windows\System\tTVgZnV.exe

C:\Windows\System\tTVgZnV.exe

C:\Windows\System\gROkMnU.exe

C:\Windows\System\gROkMnU.exe

C:\Windows\System\fvyoBox.exe

C:\Windows\System\fvyoBox.exe

C:\Windows\System\QRDqSvn.exe

C:\Windows\System\QRDqSvn.exe

C:\Windows\System\vQoosDp.exe

C:\Windows\System\vQoosDp.exe

C:\Windows\System\FyNePRS.exe

C:\Windows\System\FyNePRS.exe

C:\Windows\System\THhnDPh.exe

C:\Windows\System\THhnDPh.exe

C:\Windows\System\vSWmEUU.exe

C:\Windows\System\vSWmEUU.exe

C:\Windows\System\puPGPae.exe

C:\Windows\System\puPGPae.exe

C:\Windows\System\VrDVAUS.exe

C:\Windows\System\VrDVAUS.exe

C:\Windows\System\VAJROaQ.exe

C:\Windows\System\VAJROaQ.exe

C:\Windows\System\HuXKiIT.exe

C:\Windows\System\HuXKiIT.exe

C:\Windows\System\owiUQcF.exe

C:\Windows\System\owiUQcF.exe

C:\Windows\System\QXUvTHJ.exe

C:\Windows\System\QXUvTHJ.exe

C:\Windows\System\rYzSiRp.exe

C:\Windows\System\rYzSiRp.exe

C:\Windows\System\ZpNEIqZ.exe

C:\Windows\System\ZpNEIqZ.exe

C:\Windows\System\YmhXJuX.exe

C:\Windows\System\YmhXJuX.exe

C:\Windows\System\vmOXbJM.exe

C:\Windows\System\vmOXbJM.exe

C:\Windows\System\uCteDxW.exe

C:\Windows\System\uCteDxW.exe

C:\Windows\System\DEyaVkO.exe

C:\Windows\System\DEyaVkO.exe

C:\Windows\System\xQvHbdr.exe

C:\Windows\System\xQvHbdr.exe

C:\Windows\System\BqtBSfX.exe

C:\Windows\System\BqtBSfX.exe

C:\Windows\System\fdMeVdL.exe

C:\Windows\System\fdMeVdL.exe

C:\Windows\System\OcDyPYO.exe

C:\Windows\System\OcDyPYO.exe

C:\Windows\System\VOULqgQ.exe

C:\Windows\System\VOULqgQ.exe

C:\Windows\System\fIjRebh.exe

C:\Windows\System\fIjRebh.exe

C:\Windows\System\ePQXZgM.exe

C:\Windows\System\ePQXZgM.exe

C:\Windows\System\MyMDHrY.exe

C:\Windows\System\MyMDHrY.exe

C:\Windows\System\yuAoCoM.exe

C:\Windows\System\yuAoCoM.exe

C:\Windows\System\imvzCvR.exe

C:\Windows\System\imvzCvR.exe

C:\Windows\System\zAOYbcE.exe

C:\Windows\System\zAOYbcE.exe

C:\Windows\System\bxmICod.exe

C:\Windows\System\bxmICod.exe

C:\Windows\System\AVRxUfL.exe

C:\Windows\System\AVRxUfL.exe

C:\Windows\System\cxsgOJv.exe

C:\Windows\System\cxsgOJv.exe

C:\Windows\System\DyTNMft.exe

C:\Windows\System\DyTNMft.exe

C:\Windows\System\pojcTro.exe

C:\Windows\System\pojcTro.exe

C:\Windows\System\YeWxbKG.exe

C:\Windows\System\YeWxbKG.exe

C:\Windows\System\lRWGvbs.exe

C:\Windows\System\lRWGvbs.exe

C:\Windows\System\mrZziHA.exe

C:\Windows\System\mrZziHA.exe

C:\Windows\System\GHjoxka.exe

C:\Windows\System\GHjoxka.exe

C:\Windows\System\jciKQOP.exe

C:\Windows\System\jciKQOP.exe

C:\Windows\System\GgyFMat.exe

C:\Windows\System\GgyFMat.exe

C:\Windows\System\NHCoIjZ.exe

C:\Windows\System\NHCoIjZ.exe

C:\Windows\System\MCbzoZe.exe

C:\Windows\System\MCbzoZe.exe

C:\Windows\System\daaOdAz.exe

C:\Windows\System\daaOdAz.exe

C:\Windows\System\hNqZiFp.exe

C:\Windows\System\hNqZiFp.exe

C:\Windows\System\GEOQKhR.exe

C:\Windows\System\GEOQKhR.exe

C:\Windows\System\kgGqNpM.exe

C:\Windows\System\kgGqNpM.exe

C:\Windows\System\ThewrLb.exe

C:\Windows\System\ThewrLb.exe

C:\Windows\System\bVmezdu.exe

C:\Windows\System\bVmezdu.exe

C:\Windows\System\hfOOrVS.exe

C:\Windows\System\hfOOrVS.exe

C:\Windows\System\qGaabyg.exe

C:\Windows\System\qGaabyg.exe

C:\Windows\System\EeVebbZ.exe

C:\Windows\System\EeVebbZ.exe

C:\Windows\System\ELRPIAR.exe

C:\Windows\System\ELRPIAR.exe

C:\Windows\System\cwiIxKS.exe

C:\Windows\System\cwiIxKS.exe

C:\Windows\System\lNVBwRn.exe

C:\Windows\System\lNVBwRn.exe

C:\Windows\System\WBPXtbI.exe

C:\Windows\System\WBPXtbI.exe

C:\Windows\System\nWsEsAv.exe

C:\Windows\System\nWsEsAv.exe

C:\Windows\System\DQvRXRP.exe

C:\Windows\System\DQvRXRP.exe

C:\Windows\System\taLjpev.exe

C:\Windows\System\taLjpev.exe

C:\Windows\System\hLzodpm.exe

C:\Windows\System\hLzodpm.exe

C:\Windows\System\TOmbMoT.exe

C:\Windows\System\TOmbMoT.exe

C:\Windows\System\ZuXeaAD.exe

C:\Windows\System\ZuXeaAD.exe

C:\Windows\System\frAqfbX.exe

C:\Windows\System\frAqfbX.exe

C:\Windows\System\zXGGRRY.exe

C:\Windows\System\zXGGRRY.exe

C:\Windows\System\BCdsnSj.exe

C:\Windows\System\BCdsnSj.exe

C:\Windows\System\kKUlWLX.exe

C:\Windows\System\kKUlWLX.exe

C:\Windows\System\qbwHKAF.exe

C:\Windows\System\qbwHKAF.exe

C:\Windows\System\PrkayRN.exe

C:\Windows\System\PrkayRN.exe

C:\Windows\System\RexCcjO.exe

C:\Windows\System\RexCcjO.exe

C:\Windows\System\HiKxmbb.exe

C:\Windows\System\HiKxmbb.exe

C:\Windows\System\WkjNiPn.exe

C:\Windows\System\WkjNiPn.exe

C:\Windows\System\mLVPFLT.exe

C:\Windows\System\mLVPFLT.exe

C:\Windows\System\HpsWAJV.exe

C:\Windows\System\HpsWAJV.exe

C:\Windows\System\gDTOnBg.exe

C:\Windows\System\gDTOnBg.exe

C:\Windows\System\aEuTejn.exe

C:\Windows\System\aEuTejn.exe

C:\Windows\System\iTGLBdD.exe

C:\Windows\System\iTGLBdD.exe

C:\Windows\System\UxhLDxc.exe

C:\Windows\System\UxhLDxc.exe

C:\Windows\System\cJnPoNW.exe

C:\Windows\System\cJnPoNW.exe

C:\Windows\System\iFTIHRi.exe

C:\Windows\System\iFTIHRi.exe

C:\Windows\System\sPOPOxB.exe

C:\Windows\System\sPOPOxB.exe

C:\Windows\System\lEfpYZE.exe

C:\Windows\System\lEfpYZE.exe

C:\Windows\System\qpDBFmL.exe

C:\Windows\System\qpDBFmL.exe

C:\Windows\System\rgSWtbN.exe

C:\Windows\System\rgSWtbN.exe

C:\Windows\System\CZachSt.exe

C:\Windows\System\CZachSt.exe

C:\Windows\System\AcNbMON.exe

C:\Windows\System\AcNbMON.exe

C:\Windows\System\CYcdlBS.exe

C:\Windows\System\CYcdlBS.exe

C:\Windows\System\YfksOwE.exe

C:\Windows\System\YfksOwE.exe

C:\Windows\System\jvttwyg.exe

C:\Windows\System\jvttwyg.exe

C:\Windows\System\cShjDkk.exe

C:\Windows\System\cShjDkk.exe

C:\Windows\System\sowjoRA.exe

C:\Windows\System\sowjoRA.exe

C:\Windows\System\wSvIfdn.exe

C:\Windows\System\wSvIfdn.exe

C:\Windows\System\MpKMFOq.exe

C:\Windows\System\MpKMFOq.exe

C:\Windows\System\XwsoBRa.exe

C:\Windows\System\XwsoBRa.exe

C:\Windows\System\NGUsESG.exe

C:\Windows\System\NGUsESG.exe

C:\Windows\System\MkBkPWK.exe

C:\Windows\System\MkBkPWK.exe

C:\Windows\System\hWgiYSC.exe

C:\Windows\System\hWgiYSC.exe

C:\Windows\System\TROSkxl.exe

C:\Windows\System\TROSkxl.exe

C:\Windows\System\vlINkAL.exe

C:\Windows\System\vlINkAL.exe

C:\Windows\System\XLYlbWf.exe

C:\Windows\System\XLYlbWf.exe

C:\Windows\System\UGqzeXb.exe

C:\Windows\System\UGqzeXb.exe

C:\Windows\System\ApBEchT.exe

C:\Windows\System\ApBEchT.exe

C:\Windows\System\gIRDjrt.exe

C:\Windows\System\gIRDjrt.exe

C:\Windows\System\gKfmnEF.exe

C:\Windows\System\gKfmnEF.exe

C:\Windows\System\MDlDfqL.exe

C:\Windows\System\MDlDfqL.exe

C:\Windows\System\QLsyluJ.exe

C:\Windows\System\QLsyluJ.exe

C:\Windows\System\wFlyXBL.exe

C:\Windows\System\wFlyXBL.exe

C:\Windows\System\EzwWenS.exe

C:\Windows\System\EzwWenS.exe

C:\Windows\System\hggugdE.exe

C:\Windows\System\hggugdE.exe

C:\Windows\System\tWxKkau.exe

C:\Windows\System\tWxKkau.exe

C:\Windows\System\iOtQxHL.exe

C:\Windows\System\iOtQxHL.exe

C:\Windows\System\rTRPenj.exe

C:\Windows\System\rTRPenj.exe

C:\Windows\System\mimLcQt.exe

C:\Windows\System\mimLcQt.exe

C:\Windows\System\dqieXJd.exe

C:\Windows\System\dqieXJd.exe

C:\Windows\System\nmfklvM.exe

C:\Windows\System\nmfklvM.exe

C:\Windows\System\RPqSnTB.exe

C:\Windows\System\RPqSnTB.exe

C:\Windows\System\MUpXdqI.exe

C:\Windows\System\MUpXdqI.exe

C:\Windows\System\BcgMhtX.exe

C:\Windows\System\BcgMhtX.exe

C:\Windows\System\FCcSJLb.exe

C:\Windows\System\FCcSJLb.exe

C:\Windows\System\eMhFnjd.exe

C:\Windows\System\eMhFnjd.exe

C:\Windows\System\pNabVsZ.exe

C:\Windows\System\pNabVsZ.exe

C:\Windows\System\IdKaiMD.exe

C:\Windows\System\IdKaiMD.exe

C:\Windows\System\pgnOsyN.exe

C:\Windows\System\pgnOsyN.exe

C:\Windows\System\HmIiLUB.exe

C:\Windows\System\HmIiLUB.exe

C:\Windows\System\lKbCyUX.exe

C:\Windows\System\lKbCyUX.exe

C:\Windows\System\cGBdRtW.exe

C:\Windows\System\cGBdRtW.exe

C:\Windows\System\mlJecUr.exe

C:\Windows\System\mlJecUr.exe

C:\Windows\System\xwsayZu.exe

C:\Windows\System\xwsayZu.exe

C:\Windows\System\CTwtsSL.exe

C:\Windows\System\CTwtsSL.exe

C:\Windows\System\emxvExE.exe

C:\Windows\System\emxvExE.exe

C:\Windows\System\bQcgGRu.exe

C:\Windows\System\bQcgGRu.exe

C:\Windows\System\IIWkfFx.exe

C:\Windows\System\IIWkfFx.exe

C:\Windows\System\uAZLyVc.exe

C:\Windows\System\uAZLyVc.exe

C:\Windows\System\PbCPlXt.exe

C:\Windows\System\PbCPlXt.exe

C:\Windows\System\PPQiZvn.exe

C:\Windows\System\PPQiZvn.exe

C:\Windows\System\HvqNENt.exe

C:\Windows\System\HvqNENt.exe

C:\Windows\System\kkVqKzd.exe

C:\Windows\System\kkVqKzd.exe

C:\Windows\System\RumTdfm.exe

C:\Windows\System\RumTdfm.exe

C:\Windows\System\vMrFwuk.exe

C:\Windows\System\vMrFwuk.exe

C:\Windows\System\scJsOmO.exe

C:\Windows\System\scJsOmO.exe

C:\Windows\System\kIeNWfe.exe

C:\Windows\System\kIeNWfe.exe

C:\Windows\System\dPSAORj.exe

C:\Windows\System\dPSAORj.exe

C:\Windows\System\oQWoQyN.exe

C:\Windows\System\oQWoQyN.exe

C:\Windows\System\VKnJNfv.exe

C:\Windows\System\VKnJNfv.exe

C:\Windows\System\GZBMyHL.exe

C:\Windows\System\GZBMyHL.exe

C:\Windows\System\FwlLHhi.exe

C:\Windows\System\FwlLHhi.exe

C:\Windows\System\fhIiGih.exe

C:\Windows\System\fhIiGih.exe

C:\Windows\System\JOXddaz.exe

C:\Windows\System\JOXddaz.exe

C:\Windows\System\ishYwct.exe

C:\Windows\System\ishYwct.exe

C:\Windows\System\whPiWcX.exe

C:\Windows\System\whPiWcX.exe

C:\Windows\System\hOXdPvi.exe

C:\Windows\System\hOXdPvi.exe

C:\Windows\System\bfsXxze.exe

C:\Windows\System\bfsXxze.exe

C:\Windows\System\GRNVMyU.exe

C:\Windows\System\GRNVMyU.exe

C:\Windows\System\lqkdKDI.exe

C:\Windows\System\lqkdKDI.exe

C:\Windows\System\eLZpeGs.exe

C:\Windows\System\eLZpeGs.exe

C:\Windows\System\UVGVwvz.exe

C:\Windows\System\UVGVwvz.exe

C:\Windows\System\ZPQNFVu.exe

C:\Windows\System\ZPQNFVu.exe

C:\Windows\System\unQfUOL.exe

C:\Windows\System\unQfUOL.exe

C:\Windows\System\NLiLPha.exe

C:\Windows\System\NLiLPha.exe

C:\Windows\System\yTqhHXL.exe

C:\Windows\System\yTqhHXL.exe

C:\Windows\System\HjqoHch.exe

C:\Windows\System\HjqoHch.exe

C:\Windows\System\BRDQbAK.exe

C:\Windows\System\BRDQbAK.exe

C:\Windows\System\sYHvYPS.exe

C:\Windows\System\sYHvYPS.exe

C:\Windows\System\wFOBtZH.exe

C:\Windows\System\wFOBtZH.exe

C:\Windows\System\mtbMvVf.exe

C:\Windows\System\mtbMvVf.exe

C:\Windows\System\VCFEgzn.exe

C:\Windows\System\VCFEgzn.exe

C:\Windows\System\YVEPZjc.exe

C:\Windows\System\YVEPZjc.exe

C:\Windows\System\oVNWQjc.exe

C:\Windows\System\oVNWQjc.exe

C:\Windows\System\erKHKZT.exe

C:\Windows\System\erKHKZT.exe

C:\Windows\System\FtaGjSX.exe

C:\Windows\System\FtaGjSX.exe

C:\Windows\System\sXKqJCA.exe

C:\Windows\System\sXKqJCA.exe

C:\Windows\System\MDdduTL.exe

C:\Windows\System\MDdduTL.exe

C:\Windows\System\MVqXwDy.exe

C:\Windows\System\MVqXwDy.exe

C:\Windows\System\fKGYFRj.exe

C:\Windows\System\fKGYFRj.exe

C:\Windows\System\tSJpFmX.exe

C:\Windows\System\tSJpFmX.exe

C:\Windows\System\WzqSShO.exe

C:\Windows\System\WzqSShO.exe

C:\Windows\System\ywwvIjP.exe

C:\Windows\System\ywwvIjP.exe

C:\Windows\System\TCRVxay.exe

C:\Windows\System\TCRVxay.exe

C:\Windows\System\irSIdIO.exe

C:\Windows\System\irSIdIO.exe

C:\Windows\System\HfXRkRf.exe

C:\Windows\System\HfXRkRf.exe

C:\Windows\System\HMcDlSu.exe

C:\Windows\System\HMcDlSu.exe

C:\Windows\System\sPJCOQm.exe

C:\Windows\System\sPJCOQm.exe

C:\Windows\System\aLGvBtG.exe

C:\Windows\System\aLGvBtG.exe

C:\Windows\System\IlMHsnj.exe

C:\Windows\System\IlMHsnj.exe

C:\Windows\System\EdSzznP.exe

C:\Windows\System\EdSzznP.exe

C:\Windows\System\weVnxhk.exe

C:\Windows\System\weVnxhk.exe

C:\Windows\System\IdOdwBD.exe

C:\Windows\System\IdOdwBD.exe

C:\Windows\System\sMRIbHN.exe

C:\Windows\System\sMRIbHN.exe

C:\Windows\System\gMDcJHW.exe

C:\Windows\System\gMDcJHW.exe

C:\Windows\System\LLBBCJZ.exe

C:\Windows\System\LLBBCJZ.exe

C:\Windows\System\eTINbhQ.exe

C:\Windows\System\eTINbhQ.exe

C:\Windows\System\rVHkjFW.exe

C:\Windows\System\rVHkjFW.exe

C:\Windows\System\LpxuvJf.exe

C:\Windows\System\LpxuvJf.exe

C:\Windows\System\JZAbWNM.exe

C:\Windows\System\JZAbWNM.exe

C:\Windows\System\ecaEGeY.exe

C:\Windows\System\ecaEGeY.exe

C:\Windows\System\ZzUoGfj.exe

C:\Windows\System\ZzUoGfj.exe

C:\Windows\System\MgJEjpk.exe

C:\Windows\System\MgJEjpk.exe

C:\Windows\System\GUyNgVU.exe

C:\Windows\System\GUyNgVU.exe

C:\Windows\System\VeGwaYB.exe

C:\Windows\System\VeGwaYB.exe

C:\Windows\System\JHzQUBg.exe

C:\Windows\System\JHzQUBg.exe

C:\Windows\System\CSXeORz.exe

C:\Windows\System\CSXeORz.exe

C:\Windows\System\tpjobOF.exe

C:\Windows\System\tpjobOF.exe

C:\Windows\System\ocBVHHM.exe

C:\Windows\System\ocBVHHM.exe

C:\Windows\System\tboRAyO.exe

C:\Windows\System\tboRAyO.exe

C:\Windows\System\dwCXpNw.exe

C:\Windows\System\dwCXpNw.exe

C:\Windows\System\nSULwbq.exe

C:\Windows\System\nSULwbq.exe

C:\Windows\System\PGKwkPm.exe

C:\Windows\System\PGKwkPm.exe

C:\Windows\System\NoRNrAs.exe

C:\Windows\System\NoRNrAs.exe

C:\Windows\System\wnKrpcx.exe

C:\Windows\System\wnKrpcx.exe

C:\Windows\System\gMSgwCG.exe

C:\Windows\System\gMSgwCG.exe

C:\Windows\System\himBaAj.exe

C:\Windows\System\himBaAj.exe

C:\Windows\System\vDwRbyC.exe

C:\Windows\System\vDwRbyC.exe

C:\Windows\System\VtFQEmP.exe

C:\Windows\System\VtFQEmP.exe

C:\Windows\System\xwjrOkq.exe

C:\Windows\System\xwjrOkq.exe

C:\Windows\System\DaPAWVB.exe

C:\Windows\System\DaPAWVB.exe

C:\Windows\System\XEdjKhD.exe

C:\Windows\System\XEdjKhD.exe

C:\Windows\System\avmSMhI.exe

C:\Windows\System\avmSMhI.exe

C:\Windows\System\MlmWVuz.exe

C:\Windows\System\MlmWVuz.exe

C:\Windows\System\SSBdMQY.exe

C:\Windows\System\SSBdMQY.exe

C:\Windows\System\bTtBjKy.exe

C:\Windows\System\bTtBjKy.exe

C:\Windows\System\ewzYOFJ.exe

C:\Windows\System\ewzYOFJ.exe

C:\Windows\System\BSRoKNl.exe

C:\Windows\System\BSRoKNl.exe

C:\Windows\System\NupSPQp.exe

C:\Windows\System\NupSPQp.exe

C:\Windows\System\lryEvnl.exe

C:\Windows\System\lryEvnl.exe

C:\Windows\System\GEJzlEY.exe

C:\Windows\System\GEJzlEY.exe

C:\Windows\System\WDsxsMc.exe

C:\Windows\System\WDsxsMc.exe

C:\Windows\System\ickeLpd.exe

C:\Windows\System\ickeLpd.exe

C:\Windows\System\dBDtohC.exe

C:\Windows\System\dBDtohC.exe

C:\Windows\System\kWDNAjp.exe

C:\Windows\System\kWDNAjp.exe

C:\Windows\System\OMkibfe.exe

C:\Windows\System\OMkibfe.exe

C:\Windows\System\cMwaYcF.exe

C:\Windows\System\cMwaYcF.exe

C:\Windows\System\YVVbIQT.exe

C:\Windows\System\YVVbIQT.exe

C:\Windows\System\NTVMzOL.exe

C:\Windows\System\NTVMzOL.exe

C:\Windows\System\ZGHTNPr.exe

C:\Windows\System\ZGHTNPr.exe

C:\Windows\System\RvRXqFX.exe

C:\Windows\System\RvRXqFX.exe

C:\Windows\System\CdybCLn.exe

C:\Windows\System\CdybCLn.exe

C:\Windows\System\vBIWKaL.exe

C:\Windows\System\vBIWKaL.exe

C:\Windows\System\loqEkLs.exe

C:\Windows\System\loqEkLs.exe

C:\Windows\System\wlEMCtZ.exe

C:\Windows\System\wlEMCtZ.exe

C:\Windows\System\mTJeNpN.exe

C:\Windows\System\mTJeNpN.exe

C:\Windows\System\ILMVaht.exe

C:\Windows\System\ILMVaht.exe

C:\Windows\System\wpcIUft.exe

C:\Windows\System\wpcIUft.exe

C:\Windows\System\zAwixPQ.exe

C:\Windows\System\zAwixPQ.exe

C:\Windows\System\gBUMCLw.exe

C:\Windows\System\gBUMCLw.exe

C:\Windows\System\uPoLSzB.exe

C:\Windows\System\uPoLSzB.exe

C:\Windows\System\fdIuqOk.exe

C:\Windows\System\fdIuqOk.exe

C:\Windows\System\ePzYuLo.exe

C:\Windows\System\ePzYuLo.exe

C:\Windows\System\SFAbtqF.exe

C:\Windows\System\SFAbtqF.exe

C:\Windows\System\dVJiQmB.exe

C:\Windows\System\dVJiQmB.exe

C:\Windows\System\XbYlZyw.exe

C:\Windows\System\XbYlZyw.exe

C:\Windows\System\BSiRWHJ.exe

C:\Windows\System\BSiRWHJ.exe

C:\Windows\System\QlyLYqz.exe

C:\Windows\System\QlyLYqz.exe

C:\Windows\System\SEXWIaz.exe

C:\Windows\System\SEXWIaz.exe

C:\Windows\System\nlMmJQF.exe

C:\Windows\System\nlMmJQF.exe

C:\Windows\System\SIGPjzM.exe

C:\Windows\System\SIGPjzM.exe

C:\Windows\System\XsAsQgR.exe

C:\Windows\System\XsAsQgR.exe

C:\Windows\System\QiMIUeu.exe

C:\Windows\System\QiMIUeu.exe

C:\Windows\System\kmUFNqy.exe

C:\Windows\System\kmUFNqy.exe

C:\Windows\System\XwGOEVv.exe

C:\Windows\System\XwGOEVv.exe

C:\Windows\System\lpxQZJz.exe

C:\Windows\System\lpxQZJz.exe

C:\Windows\System\dfqJttn.exe

C:\Windows\System\dfqJttn.exe

C:\Windows\System\dmXyrrA.exe

C:\Windows\System\dmXyrrA.exe

C:\Windows\System\aRIJbdJ.exe

C:\Windows\System\aRIJbdJ.exe

C:\Windows\System\szewIIb.exe

C:\Windows\System\szewIIb.exe

C:\Windows\System\ipUcJWt.exe

C:\Windows\System\ipUcJWt.exe

C:\Windows\System\BvBQqtq.exe

C:\Windows\System\BvBQqtq.exe

C:\Windows\System\BeRXahE.exe

C:\Windows\System\BeRXahE.exe

C:\Windows\System\ZNzdLGJ.exe

C:\Windows\System\ZNzdLGJ.exe

C:\Windows\System\JPSYlME.exe

C:\Windows\System\JPSYlME.exe

C:\Windows\System\eGoQxdx.exe

C:\Windows\System\eGoQxdx.exe

C:\Windows\System\pSljqZJ.exe

C:\Windows\System\pSljqZJ.exe

C:\Windows\System\uPNmgcS.exe

C:\Windows\System\uPNmgcS.exe

C:\Windows\System\YbZQojQ.exe

C:\Windows\System\YbZQojQ.exe

C:\Windows\System\neoxVYg.exe

C:\Windows\System\neoxVYg.exe

C:\Windows\System\YTbKRpk.exe

C:\Windows\System\YTbKRpk.exe

C:\Windows\System\HqYAqbE.exe

C:\Windows\System\HqYAqbE.exe

C:\Windows\System\zmEMJUD.exe

C:\Windows\System\zmEMJUD.exe

C:\Windows\System\bXlWmrc.exe

C:\Windows\System\bXlWmrc.exe

C:\Windows\System\hZTHCPx.exe

C:\Windows\System\hZTHCPx.exe

C:\Windows\System\thRaGaG.exe

C:\Windows\System\thRaGaG.exe

C:\Windows\System\LSCdzKA.exe

C:\Windows\System\LSCdzKA.exe

C:\Windows\System\nvBDWtU.exe

C:\Windows\System\nvBDWtU.exe

C:\Windows\System\zNyikqE.exe

C:\Windows\System\zNyikqE.exe

C:\Windows\System\gXoRaew.exe

C:\Windows\System\gXoRaew.exe

C:\Windows\System\uTdUEhN.exe

C:\Windows\System\uTdUEhN.exe

C:\Windows\System\xSxGffq.exe

C:\Windows\System\xSxGffq.exe

C:\Windows\System\wAYBgMG.exe

C:\Windows\System\wAYBgMG.exe

C:\Windows\System\ysYERBe.exe

C:\Windows\System\ysYERBe.exe

C:\Windows\System\GHzQqzs.exe

C:\Windows\System\GHzQqzs.exe

C:\Windows\System\CfGtJdB.exe

C:\Windows\System\CfGtJdB.exe

C:\Windows\System\icYvxWU.exe

C:\Windows\System\icYvxWU.exe

C:\Windows\System\QRZttCc.exe

C:\Windows\System\QRZttCc.exe

C:\Windows\System\NeQaCms.exe

C:\Windows\System\NeQaCms.exe

C:\Windows\System\siJlxBm.exe

C:\Windows\System\siJlxBm.exe

C:\Windows\System\PRUYMaA.exe

C:\Windows\System\PRUYMaA.exe

C:\Windows\System\eVTOjMi.exe

C:\Windows\System\eVTOjMi.exe

C:\Windows\System\Oceuwrf.exe

C:\Windows\System\Oceuwrf.exe

C:\Windows\System\dJlWlBy.exe

C:\Windows\System\dJlWlBy.exe

C:\Windows\System\TyuGKvF.exe

C:\Windows\System\TyuGKvF.exe

C:\Windows\System\QabFYnw.exe

C:\Windows\System\QabFYnw.exe

C:\Windows\System\EjvCwti.exe

C:\Windows\System\EjvCwti.exe

C:\Windows\System\lOLuvUC.exe

C:\Windows\System\lOLuvUC.exe

C:\Windows\System\tjMcgVZ.exe

C:\Windows\System\tjMcgVZ.exe

C:\Windows\System\EbekrAN.exe

C:\Windows\System\EbekrAN.exe

C:\Windows\System\aiyEoeM.exe

C:\Windows\System\aiyEoeM.exe

C:\Windows\System\QGcSnZi.exe

C:\Windows\System\QGcSnZi.exe

C:\Windows\System\IBYlwqF.exe

C:\Windows\System\IBYlwqF.exe

C:\Windows\System\UeZnmWP.exe

C:\Windows\System\UeZnmWP.exe

C:\Windows\System\vljvUwu.exe

C:\Windows\System\vljvUwu.exe

C:\Windows\System\klJPZiX.exe

C:\Windows\System\klJPZiX.exe

C:\Windows\System\cZRFdmM.exe

C:\Windows\System\cZRFdmM.exe

C:\Windows\System\KDvAJIT.exe

C:\Windows\System\KDvAJIT.exe

C:\Windows\System\mbqGBWU.exe

C:\Windows\System\mbqGBWU.exe

C:\Windows\System\BmbJHAa.exe

C:\Windows\System\BmbJHAa.exe

C:\Windows\System\uExYgEr.exe

C:\Windows\System\uExYgEr.exe

C:\Windows\System\joDMuuX.exe

C:\Windows\System\joDMuuX.exe

C:\Windows\System\ATIfBHe.exe

C:\Windows\System\ATIfBHe.exe

C:\Windows\System\MjRNAiU.exe

C:\Windows\System\MjRNAiU.exe

C:\Windows\System\cDlmUJW.exe

C:\Windows\System\cDlmUJW.exe

C:\Windows\System\MLihAZs.exe

C:\Windows\System\MLihAZs.exe

C:\Windows\System\rZgMprp.exe

C:\Windows\System\rZgMprp.exe

C:\Windows\System\uSTYhLW.exe

C:\Windows\System\uSTYhLW.exe

C:\Windows\System\hZQmeDO.exe

C:\Windows\System\hZQmeDO.exe

C:\Windows\System\YdDYuoJ.exe

C:\Windows\System\YdDYuoJ.exe

C:\Windows\System\SUCKkuc.exe

C:\Windows\System\SUCKkuc.exe

C:\Windows\System\SgvDdTf.exe

C:\Windows\System\SgvDdTf.exe

C:\Windows\System\vRWBOPn.exe

C:\Windows\System\vRWBOPn.exe

C:\Windows\System\xQUZSxK.exe

C:\Windows\System\xQUZSxK.exe

C:\Windows\System\jtOzUZs.exe

C:\Windows\System\jtOzUZs.exe

C:\Windows\System\cIXzria.exe

C:\Windows\System\cIXzria.exe

C:\Windows\System\IQUfnLQ.exe

C:\Windows\System\IQUfnLQ.exe

C:\Windows\System\AhmhgHV.exe

C:\Windows\System\AhmhgHV.exe

C:\Windows\System\QszGKkS.exe

C:\Windows\System\QszGKkS.exe

C:\Windows\System\aDGOatR.exe

C:\Windows\System\aDGOatR.exe

C:\Windows\System\CJdWozm.exe

C:\Windows\System\CJdWozm.exe

C:\Windows\System\gGbUTGf.exe

C:\Windows\System\gGbUTGf.exe

C:\Windows\System\RKjChRG.exe

C:\Windows\System\RKjChRG.exe

C:\Windows\System\ASmtjmI.exe

C:\Windows\System\ASmtjmI.exe

C:\Windows\System\ghOQsxf.exe

C:\Windows\System\ghOQsxf.exe

C:\Windows\System\ztViCIY.exe

C:\Windows\System\ztViCIY.exe

C:\Windows\System\odQYAcO.exe

C:\Windows\System\odQYAcO.exe

C:\Windows\System\qvZWcJr.exe

C:\Windows\System\qvZWcJr.exe

C:\Windows\System\lLHCPDI.exe

C:\Windows\System\lLHCPDI.exe

C:\Windows\System\TjjyGVw.exe

C:\Windows\System\TjjyGVw.exe

C:\Windows\System\yeAWuKU.exe

C:\Windows\System\yeAWuKU.exe

C:\Windows\System\xzYkMxH.exe

C:\Windows\System\xzYkMxH.exe

C:\Windows\System\lRKpHWM.exe

C:\Windows\System\lRKpHWM.exe

C:\Windows\System\NVgVfar.exe

C:\Windows\System\NVgVfar.exe

C:\Windows\System\YRPbTZD.exe

C:\Windows\System\YRPbTZD.exe

C:\Windows\System\nrLtkgz.exe

C:\Windows\System\nrLtkgz.exe

C:\Windows\System\SVSfOxt.exe

C:\Windows\System\SVSfOxt.exe

C:\Windows\System\fNMeTtr.exe

C:\Windows\System\fNMeTtr.exe

C:\Windows\System\buHPiBz.exe

C:\Windows\System\buHPiBz.exe

C:\Windows\System\yXAaIPM.exe

C:\Windows\System\yXAaIPM.exe

C:\Windows\System\WVZSCdr.exe

C:\Windows\System\WVZSCdr.exe

C:\Windows\System\PeXcqIr.exe

C:\Windows\System\PeXcqIr.exe

C:\Windows\System\ZxVSKeK.exe

C:\Windows\System\ZxVSKeK.exe

C:\Windows\System\MpEOHzZ.exe

C:\Windows\System\MpEOHzZ.exe

C:\Windows\System\pRYHeBt.exe

C:\Windows\System\pRYHeBt.exe

C:\Windows\System\pecKBHt.exe

C:\Windows\System\pecKBHt.exe

C:\Windows\System\feqakhn.exe

C:\Windows\System\feqakhn.exe

C:\Windows\System\zLPeCjy.exe

C:\Windows\System\zLPeCjy.exe

C:\Windows\System\zjtWZoj.exe

C:\Windows\System\zjtWZoj.exe

C:\Windows\System\ktUHXww.exe

C:\Windows\System\ktUHXww.exe

C:\Windows\System\VvVJwBv.exe

C:\Windows\System\VvVJwBv.exe

C:\Windows\System\CJilNTn.exe

C:\Windows\System\CJilNTn.exe

C:\Windows\System\CDUHnmw.exe

C:\Windows\System\CDUHnmw.exe

C:\Windows\System\fdFrVhE.exe

C:\Windows\System\fdFrVhE.exe

C:\Windows\System\mKbldJm.exe

C:\Windows\System\mKbldJm.exe

C:\Windows\System\LaoVAIG.exe

C:\Windows\System\LaoVAIG.exe

C:\Windows\System\bjueVWo.exe

C:\Windows\System\bjueVWo.exe

C:\Windows\System\gyKRnRz.exe

C:\Windows\System\gyKRnRz.exe

C:\Windows\System\UZXeGNi.exe

C:\Windows\System\UZXeGNi.exe

C:\Windows\System\KRxbDta.exe

C:\Windows\System\KRxbDta.exe

C:\Windows\System\GWQZVNq.exe

C:\Windows\System\GWQZVNq.exe

C:\Windows\System\kdMLYAF.exe

C:\Windows\System\kdMLYAF.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1180-0-0x000000013FDD0000-0x00000001401C6000-memory.dmp

memory/1180-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\xUaRDHE.exe

MD5 58c637c06d0076924cd9e3860d885332
SHA1 751ae5eeda2488a9f0a2f6768984d142a5888fac
SHA256 613bf739ea524df1599ed25401e65af91b00acec5b663ba483815a31d67a1547
SHA512 83d539eb15a74381329884f4ba4ddac6bda634ed9076803f1608784363d2ec103f01aee3e8928468a52201ecc206d8634e3dca105c87b352ecbd664947bcfd8c

memory/1180-7-0x000000013F5E0000-0x000000013F9D6000-memory.dmp

C:\Windows\system\FJbhckL.exe

MD5 f03a0628262e02864fb705de91e9b123
SHA1 f02fba0d33f9aa947aa0e5e16aab9b46d9f0e1a4
SHA256 c6add1e1c622411e78eeb03ec0e4ec1564aacf4bdfce97ecaba00a05f960758f
SHA512 6bf0d6b3495625404e637482202bb956daa238085ed65b81294916ceb1794248c15c75dd686ee69deee82fbc45df5af630fd0fa53c6f8cc0caa654f671c8c990

memory/2692-15-0x000000013F690000-0x000000013FA86000-memory.dmp

memory/1180-14-0x000000013F690000-0x000000013FA86000-memory.dmp

C:\Windows\system\JurZwTS.exe

MD5 5f59aff051b9fa4519a5739df672dfff
SHA1 e806e58c07c33852b850eb4cc7463be41a878a83
SHA256 6b527b09f0711a482ad1fcef588b5bc907aab41ec698e381d7f44618132ddfce
SHA512 697a3f3edd610a1a6e4e08fbb86c2b5dafcb3056f3f2fcc15028843d9d3605c36f5be1dd5b34717e10e1d59eeb220fc2e0bf93b44859a778e26d41c1713bc7ed

C:\Windows\system\ybLMQZy.exe

MD5 154cb8f0a937e24e34a444a81802f6c0
SHA1 63485e4b09d10a7cf46976061c3762bfa58cbbcc
SHA256 0c07121c951e10f9819235ba6dab925ea1b9f310819d8e11e2e184be79ae8cd7
SHA512 5f2dd76ff7c7a9411ef64c4da673c7ce8e783ecd61f7f64e3ef2f0edfd5d5748c0645faf953f916327e5405d75cebc51fff93f46452bd34b24a0ce674e5f862a

memory/2696-34-0x000000013FF90000-0x0000000140386000-memory.dmp

memory/2560-57-0x000000013FB00000-0x000000013FEF6000-memory.dmp

\Windows\system\jgNFqOQ.exe

MD5 555e43e43316be670c241426830c44a9
SHA1 12050193f9c280555c0a12b1420ebe8387753588
SHA256 da9110aeb486dd5dad0e621018fbc469c133e8425abb8711b3cfe20286fc7268
SHA512 1871fecc99a94c4e224b8ad0e996eb2bc177acf93192955825624be38e0fad7c346fe9b672cbffbab666f79c940ac9992bf23e29e93230673cc10f9e710066ad

\Windows\system\RJQGwQq.exe

MD5 f586baeb3934eda80c6e41e736654e9f
SHA1 8bf0ba31bea1e106b17ec4637fea219a588381f3
SHA256 5207ad8927fcef25a23b4405162407a36de3c741ca0abdca8d5202e1ae14046d
SHA512 47e79572596d468ded4f77c9d3ed5571f56cdcef69be82e7867a07677c418ac7d36baf2cc2141fbf1df24318b6bd47f54b1839ff6c9cbccc98b17f391ed04b1f

memory/1180-38-0x000000013F520000-0x000000013F916000-memory.dmp

memory/2808-40-0x000000013F520000-0x000000013F916000-memory.dmp

\Windows\system\ygdTwxT.exe

MD5 8267cca6dd25ab124590a2981cb04071
SHA1 250912cd19a01f5d542706d2b88cfea63e17edc1
SHA256 dafddc5c72827a13cf149a181a90401b4b4b7e1c28f4ad7dae05734efb7a50ac
SHA512 c7b6313ea066a35cc6bdfa7927ebd19b99c62600993382bd203a1bf2ddc4a44b4ef909a81b768fa027a864654a32c387263cf298a58d24807ec59c23fac6d21a

C:\Windows\system\nmHIWHo.exe

MD5 b09f297c078c4754f3224a942040f2c0
SHA1 e048e215f57528373bb978ed2f618303f981ce18
SHA256 1356af0203beca460d33f5520d218ea232428611834ab843999675266aa5a846
SHA512 825c8acbbefe6be14c5f6d662668e6779fe633eab38a0e4f48fadb919733209011b2ea671ea2806d64fe87b4e8784f6cfc56f61b34943ffb2695b7fccff99973

C:\Windows\system\rPXFeCm.exe

MD5 0948dd862d3728cd32277f412767e714
SHA1 7af67682bfc9fb58eb88e1468a549e3401aa4a6a
SHA256 fe5c6abef557e10392f9cb606d85e635b5d4fb2c67a9011d91b56ca8d2045304
SHA512 0763fdbd6e6329b573340a2bc110ac6d7bfeacdc6590f556d360c9785ecd8982a753ba348cfadc7232b773c026cef6e4cf49aba13e3df5a07afe4f8ae8457775

C:\Windows\system\JjzpjHq.exe

MD5 dffcf8ca11cbe84f321b5588b30e4cea
SHA1 f928eb9614e32052f89410b361943a21516906f6
SHA256 da8a8ed38553d74f04e9aed6ff4fc5ddf7eca3da8ef47f9acd2ea8831c8d7b02
SHA512 add4951afc4d82e810fec1f2d6794a6dc664d73db66de7bf6796081b76ed35df0bade6a24052f62975b819ccecc37071e007bcfb85993d5fecb1b1cf001da705

C:\Windows\system\mZAEOPH.exe

MD5 4179d5da3601ed0061258f6a332db58f
SHA1 36f537b1a5ee0899a3ba8ae5276df41bac7a82f3
SHA256 d0513207fc731a7410d73833ed2846835cdec5048187c6c2fd02d609ecd46a35
SHA512 63661da86790a405ff526b63e77f70089c0bee0c44bbcc7d68658cb70bc626eb52a5873f21ce8b5ede3c94eda50cb13dba3ecfc9bba74ad2f399be1c9b597659

C:\Windows\system\FQRerjR.exe

MD5 b97bf3a6392988289481f4f5d3d343a8
SHA1 62e921f89571eb006f67d24eff87c4123be88759
SHA256 4a08ed1184a212e8b983126c161e5a73772bcd0bc83c896bc3e6ee0217fdd0f5
SHA512 3ec89e915fbac1047e694eaa4ea144feee260ec45db0c3e57d8081aa01bcdd4fc64d6508d45a86c78ed2cf0d897ece11e65293209d3e8dab2c80689d6938550d

C:\Windows\system\wUotRgx.exe

MD5 0fc328b42bfbcf4093d5804bf5ab43dd
SHA1 d241299700f8f8b695adde7abeb85c7a3a3855aa
SHA256 75b8c0fa0c22e1c4973f344dab28b453ba993a44ebc5c1c43355eb5438b4a426
SHA512 8bf36399b895629180ce4f68887462bc9c39fd008f44ca99489ddf122178c84459ba6e5a6389c3568f63f134a1f284b4d4e021525c0dcc337d68ed5f90da4a22

\Windows\system\KDnmkxh.exe

MD5 e9406f2f19be2714da44df8f34360ec7
SHA1 26d33863b1afe1be34b9b2263ad3657ce521963c
SHA256 bc63d32fa37b9301476dce598a8ec22d8a5b66156a951c0493d55c257996c7df
SHA512 c719649c4e478759ad02d3c4944d62cfd57d4c192d26ad2a6d9bb300e5f85f710346b4cc67f50c4c46cdfde23bece5d734f32a612c93469487aebab4221d693d

C:\Windows\system\QYkjzEJ.exe

MD5 487fe29800ecb600d17808a6628c045e
SHA1 b74eb150b0feef1f389faf0eb2108f2b24bf6ca8
SHA256 75838059e0bc59cad10f92e23e993eddecf875572a3999ca8f1f15b8aecbedd1
SHA512 46c96223f7223ae7dc2c195c75c45cc7eda25befe776cb8be79b46cf17e20878c76430dbcd6e24fe881dbb36688963467b615916348d3dc804207e1393379604

C:\Windows\system\VzLtyxZ.exe

MD5 f3eadf0b38f9910d28a4aa1ab739adcb
SHA1 0161c593c5e052078a123670f99954f28a6b7fc6
SHA256 8b58cac9233b5eaafa94a2581cb4f42d49b218bd2df3bc933efdd2f4920f6eb9
SHA512 966e604a209855f352ad931260cb9f8ab9827bb09dfec20b78e13b2bd25bad0e6871bc976d0dc9cb75e0419a5cab3524d0f4a6644af4c0f36f33a2a731d41dba

C:\Windows\system\GAmqyLc.exe

MD5 8d79580951a3a9668c41aa4b79bdc3bf
SHA1 85bba50c5b09d33fceff16a336fe5b65ee9e7300
SHA256 df55ffa3e4f061ab1a8713a209c088ef29796d459093e3d0fa864d0cbf68c979
SHA512 b05bdc7c24da4e005ca6aad2368422f9d2b33d9d82c2aef0b31742fa4c6675610dcddab2732fcbfd3393e634f5cafb086cc9fe1134214afac96c4564e5b9547a

C:\Windows\system\TjfDFgZ.exe

MD5 730912789bd4c493f94c0ba8324581f6
SHA1 57d8649a315ce12576351c096a2fb0f7b3f701e3
SHA256 77e93cd7c1919bc1fa30637b59932f8855d8c77e1274ed784dcfd518d5e933df
SHA512 e64f93bfa9ab552dd9abf605c0e727a437873d1cfcf690e2e71ea61cb9bf64e6c8445457b61a13759cf31d7b6de0cef51776d38f1c7e7c7a409893df35e91072

memory/3036-145-0x000000001B790000-0x000000001BA72000-memory.dmp

C:\Windows\system\sZWeWFy.exe

MD5 b1771d4e0a9bb54ea04619270916fcf0
SHA1 e3b5a5e72eb3caf30e7722dac024d48111791dc2
SHA256 a7eb46a1e758f790fad8085749d1ad65e012ad75f1a04e2b787beafa0dfec02e
SHA512 817ce55526b08018969bb382a16287b924813785dd2bb13ef66f9cc71e5db0236341d8168328d2a1e3171115a9aa7f9cb6921062ec6456b4a6a28c223522cd37

C:\Windows\system\zHiuLQa.exe

MD5 70a90a22cdf3effcea0924cf09d23986
SHA1 be7604293bcd1cecbf019cb26483085778e29e90
SHA256 dce424c07379dd6ff88c150f8fe70bbab3430ef3576accef284a4e93517020c0
SHA512 b04dd4cb525ba542289b5e00d621ce9e225beed06070993a1be5660248fd00cc335e6371954d25c26eed7e6720376e4f050e1cd5e16bcb01a17c9ff6e1ec7bb4

C:\Windows\system\qgRdJJk.exe

MD5 8069949b7dea3d737f34a56bd29b4c83
SHA1 8d3fc93a968d9d429d836ceb9e9a4b6115ac5332
SHA256 e36b301ef40f3a21d27894d53d7e44de0c8fd9aea36f263616af139ba97eea30
SHA512 007f08bdc6f5f95a996f320b67d2ac4900b4f073b46439bbe278d260438850c3bbf0324f72d9e7071aa04cb4a81aa43519f59f21a55ceecb8b117ed4b81012f7

C:\Windows\system\IjkTylW.exe

MD5 4d93bfe53363f74b1aa62f6f49e44efa
SHA1 e8e2dee7ddbe1752939e9c1a74942d2f1fbc0a85
SHA256 2d823736ff1219dd8a3dab21a67ef3eeef00700a88c557258ed60d81790ff6fc
SHA512 8fe6f62a9a33eb9c5bbb36c91d2a6d93e9af87ec725dce50e08a1dc420660b28cdcc2bc52f91c23e50080642580a8fbc46d57fb263d8bdf8fc6edc6f3897320d

memory/1180-91-0x000000013F150000-0x000000013F546000-memory.dmp

memory/1180-90-0x000000013F580000-0x000000013F976000-memory.dmp

memory/1180-89-0x000000013F7B0000-0x000000013FBA6000-memory.dmp

memory/2592-88-0x000000013F500000-0x000000013F8F6000-memory.dmp

C:\Windows\system\KbxMiif.exe

MD5 5ba4c7b6670f6a418dab0b96b0f03ce8
SHA1 6038b5be86cfe1b950e4c2ec8dbadf60d5eeb2d3
SHA256 6ff7bd33ca30c6242d729c6e1d2846bd8d38a78a0326b55c23bbbfd795a3a615
SHA512 d11c3d9c6a584a30fab8ba55d69efd3643219e5dbeea06691e7f0ec35ffd17d13e782e165299f6b65aff717ec49f363bab5e813412297a380bd0f23b468376f7

memory/1180-86-0x000000013F500000-0x000000013F8F6000-memory.dmp

memory/2576-85-0x000000013F9E0000-0x000000013FDD6000-memory.dmp

\Windows\system\GQDmrPa.exe

MD5 02b6ebfb54da6e2089bf5493fa4eb08f
SHA1 a86ebed6686be1d45b3e9bca7759a4890c3dc9ba
SHA256 fc044f602b0778783fb34a463ab838a99be16ef4b3e8b8b5456ba5a5cfa48f6d
SHA512 104b547d40bbc72a496cc8b139ad52239fdb4b1e74ea00ea095ca362f384cf2bcd3fee9b8b0f4bdb73ca5b544677367ed056647e75785fc436edc4e5d403bb07

memory/1180-84-0x000000013F2E0000-0x000000013F6D6000-memory.dmp

memory/1180-83-0x0000000003040000-0x0000000003436000-memory.dmp

memory/2468-80-0x000000013F7B0000-0x000000013FBA6000-memory.dmp

memory/1180-79-0x0000000003040000-0x0000000003436000-memory.dmp

C:\Windows\system\gFJvsGl.exe

MD5 e80de94c49d8a886fb9204fc433eddee
SHA1 9998060c6fb4632053ae71c2b123c2d2a6c3d398
SHA256 0dbcf468e011c3ce61962538556b09db29cb39269f816f97122d03201d1b3778
SHA512 cc0a5447bededf4874c37bfcea788358ea5ca183b64837acd0caf3ea2d03cde4575bb623e45de934c313ff602fbd7ecbe1982c13551ffe6f563c1156806ed061

memory/1180-75-0x000000013F050000-0x000000013F446000-memory.dmp

\Windows\system\SwcGZzt.exe

MD5 55b5f0eeba6e54bd89b17b0d169ec436
SHA1 de0a32990d64af420d32eafaf8e6152b68c82927
SHA256 b1122075107b32e8c4a122a65db07fe1979b900be18d0b4ba0b4b67597f8a752
SHA512 ecd07465619f11a7b49ae501ce84823647ca690cab8faee3ac6d029227d0dba7f292c8160c54ca253084ff3e5fa5769769b15c0874d837a51d9a84ebff4d7634

C:\Windows\system\iTFZmPD.exe

MD5 6350db5b605ca748e08f6815b43a8335
SHA1 5be09ce10109181629027917e8294079977990a6
SHA256 99de123a4fb42baad96d86358735063051b1c74439bdeb184980d3ea728c07b2
SHA512 1f64c6e46391536bd8dc789da2bace6e401b2a0301f506d9b6966476f0b458a8bd9bb972faab39853c35ec6cd1d2426388e18296f1b2b1bce2322946632b5b43

\Windows\system\zhjfIwP.exe

MD5 24dccc38d711a1e27425e5e42260703b
SHA1 2518366aaa4fe686223059a3377ababf5e13cb5e
SHA256 ac308ba744b95badc40807dde20251a1681f4aa2c297817b2b577363c56e9cd8
SHA512 5d3d1fd7d815db13ba1261ac9240f9588eb31a54de0e665d211629b87fdb64ed99f80fca23e6249387395c85a1c1ca3cb934411e2a0f6c58dddf761117316f65

memory/756-95-0x000000013F580000-0x000000013F976000-memory.dmp

memory/1180-52-0x0000000003040000-0x0000000003436000-memory.dmp

C:\Windows\system\BwHcyBC.exe

MD5 7104aaf323f074d89496132d2ed4ef61
SHA1 d20f75bf124af54c0112169fb76fda632ec95f3e
SHA256 5186a35e92084f2e7a927c99814cd8f59f544cdca9ab96c07dc35ca48fe1d61f
SHA512 cf6cdf205373afae0b4e5ef43c958ca8c01162b27bf5f2ea7e1ba28b6c66ee3c6fa30d982ff77762a2cf29a6bdaf3dcd8d33239cf8734575a7ac78056c5ee1ba

memory/2932-48-0x000000013F4D0000-0x000000013F8C6000-memory.dmp

memory/1180-42-0x000000013F4D0000-0x000000013F8C6000-memory.dmp

C:\Windows\system\UCZjNpW.exe

MD5 7554d0d4e5c9b79caf0c3254fd9fa507
SHA1 d752738ae41f74bfba24e0da7eba6e2f9fd42343
SHA256 d0d30d7a77cf4189ab81821e0287a2a78d67a61686befce2f9e98776ad767be0
SHA512 2d0eb232b471c6fbee6891c531998ad3658e8b01f0aedcb92a9981ce5f654899004dbd30447aec0fae5da63150d320724fe6d7f6c14c7152d02f6e5f06ad02f1

memory/2872-13-0x000000013F5E0000-0x000000013F9D6000-memory.dmp

\Windows\system\MdFgyIm.exe

MD5 efe93a5fa54ff3f271593f2338b99dd9
SHA1 52010f91d9a68098826d2adaaeff2b545613ee76
SHA256 bbdfda354c46cda789db997deb21f46065b23450e925306d12fe59126085ae77
SHA512 36e12b5d1da0ef787828be3b6ed521a4bc61069432c29560819a2cc6a80b9d19650f2c475f7af07960228b2df6ced0c35887bf85fe1b2c79aa9bc1eab19eef01

memory/3036-150-0x0000000001E40000-0x0000000001E48000-memory.dmp

\Windows\system\jAPoKCY.exe

MD5 89988f7ec5deefba0f5e3f1b475a9e9c
SHA1 6f5a0de4e327f41d62814db8510d7e8da3278b9c
SHA256 e6fc01753bb5ccff2603833ccfa90a2deae5a5466c8e7b403365b669575d7566
SHA512 558b39bc7817af13554d3f62465110dacf43ee949aac387f2423b52ac7ea4e6d7b912cf2b202ce65001441e12bb061ab66756ce3777ab11f0c7519d561d8bd5d

\Windows\system\sRPVVBY.exe

MD5 8ae4723f4b3e569f71ec006ef2b15568
SHA1 e56d94bfd732922961ea31deba667d95bfe72080
SHA256 cfacc6cbf6d7430f15c5f9bab60b86078129dadab2bc27c7886a9a80939cf3a0
SHA512 f3280162861506c19605b71396ecaf277af60d406126172ec6ecf6a97cfdf0e3f0acf914d06255f643548f0588401de30bfcc46407851c5c046afe46f4ae4a2b

\Windows\system\gEMeuSd.exe

MD5 32acb771f26b0bae968833b640f45952
SHA1 559c3b9e674dd2e688e81865819bc81b494c4eff
SHA256 eae4b148eeda92684139be7f8e8b08ddf6e97434144b89aa234b8ca05f2f4b0f
SHA512 fb7c9b22cc0d4e8c7591186d2bb7ac3a598b7b02a906544deaf62914dc16b00605915be940c1d7324924bcf7da9e99b39505f7a75d92cc6ae6f72f58959abc03

\Windows\system\WAlwDgm.exe

MD5 19f1fc39a513cd0f184bf537ee494d05
SHA1 a3e55647ea6d7c17c13e02e0538aad225d371771
SHA256 3f3b5dfc8c104c48fd62824fff068a8609608c2fcd4bd0fa1c5c8527ee094f2d
SHA512 2ccf1fba1aa75bf33d7c5b54eedfed67fd48957ba5a59d80c1c75599e64c9a3d3a85b377569a9d10fdfedfa3d7a526dc08b2ead67d37f21e54e5482eda702ef6

memory/2872-3856-0x000000013F5E0000-0x000000013F9D6000-memory.dmp

memory/2560-5371-0x000000013FB00000-0x000000013FEF6000-memory.dmp

memory/1180-5551-0x0000000003040000-0x0000000003436000-memory.dmp

memory/2872-5742-0x000000013F5E0000-0x000000013F9D6000-memory.dmp

memory/2932-5760-0x000000013F4D0000-0x000000013F8C6000-memory.dmp

memory/2576-5815-0x000000013F9E0000-0x000000013FDD6000-memory.dmp

memory/756-5837-0x000000013F580000-0x000000013F976000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:46

Reported

2024-06-13 09:49

Platform

win10v2004-20240611-en

Max time kernel

92s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\xodWyOV.exe N/A
N/A N/A C:\Windows\System\XcTgtak.exe N/A
N/A N/A C:\Windows\System\rernlWi.exe N/A
N/A N/A C:\Windows\System\QTVIRQF.exe N/A
N/A N/A C:\Windows\System\DBNbUNf.exe N/A
N/A N/A C:\Windows\System\UviYgdA.exe N/A
N/A N/A C:\Windows\System\vUojyWT.exe N/A
N/A N/A C:\Windows\System\EEshNyQ.exe N/A
N/A N/A C:\Windows\System\iZeMCNx.exe N/A
N/A N/A C:\Windows\System\YkoVwcW.exe N/A
N/A N/A C:\Windows\System\ktzCzjJ.exe N/A
N/A N/A C:\Windows\System\UsnuhXY.exe N/A
N/A N/A C:\Windows\System\nOxJwxz.exe N/A
N/A N/A C:\Windows\System\WFPJNBA.exe N/A
N/A N/A C:\Windows\System\ujGJOCO.exe N/A
N/A N/A C:\Windows\System\UkNQLwB.exe N/A
N/A N/A C:\Windows\System\meFpUHs.exe N/A
N/A N/A C:\Windows\System\fPKEIvr.exe N/A
N/A N/A C:\Windows\System\HQZOoEY.exe N/A
N/A N/A C:\Windows\System\zuxLTUz.exe N/A
N/A N/A C:\Windows\System\DEalznE.exe N/A
N/A N/A C:\Windows\System\MqylAoD.exe N/A
N/A N/A C:\Windows\System\jskrEio.exe N/A
N/A N/A C:\Windows\System\kmFlgOV.exe N/A
N/A N/A C:\Windows\System\CIjgfgI.exe N/A
N/A N/A C:\Windows\System\vyzrFfo.exe N/A
N/A N/A C:\Windows\System\KEhezQe.exe N/A
N/A N/A C:\Windows\System\MLprdpp.exe N/A
N/A N/A C:\Windows\System\rnlJKTg.exe N/A
N/A N/A C:\Windows\System\IpLJDsR.exe N/A
N/A N/A C:\Windows\System\qrEAOCQ.exe N/A
N/A N/A C:\Windows\System\qHNFeAn.exe N/A
N/A N/A C:\Windows\System\kIcZnfH.exe N/A
N/A N/A C:\Windows\System\VFxdqkg.exe N/A
N/A N/A C:\Windows\System\PImqSNk.exe N/A
N/A N/A C:\Windows\System\PjbGiyL.exe N/A
N/A N/A C:\Windows\System\oaBwWKy.exe N/A
N/A N/A C:\Windows\System\xITFNZz.exe N/A
N/A N/A C:\Windows\System\PifEqFl.exe N/A
N/A N/A C:\Windows\System\dIIHmUg.exe N/A
N/A N/A C:\Windows\System\xdwuaiF.exe N/A
N/A N/A C:\Windows\System\oxHzLHH.exe N/A
N/A N/A C:\Windows\System\vslYLbQ.exe N/A
N/A N/A C:\Windows\System\iUchUnF.exe N/A
N/A N/A C:\Windows\System\msZclWu.exe N/A
N/A N/A C:\Windows\System\BQwbadF.exe N/A
N/A N/A C:\Windows\System\xGmWaov.exe N/A
N/A N/A C:\Windows\System\oroyfQt.exe N/A
N/A N/A C:\Windows\System\ihgjnFs.exe N/A
N/A N/A C:\Windows\System\DxCALiG.exe N/A
N/A N/A C:\Windows\System\mpnathL.exe N/A
N/A N/A C:\Windows\System\gWXdLpk.exe N/A
N/A N/A C:\Windows\System\TzyRppk.exe N/A
N/A N/A C:\Windows\System\AirzvLr.exe N/A
N/A N/A C:\Windows\System\flFCJba.exe N/A
N/A N/A C:\Windows\System\voeOPVE.exe N/A
N/A N/A C:\Windows\System\kMwnBSe.exe N/A
N/A N/A C:\Windows\System\ObUCQiG.exe N/A
N/A N/A C:\Windows\System\Lldrloo.exe N/A
N/A N/A C:\Windows\System\VxOuGJB.exe N/A
N/A N/A C:\Windows\System\JGjbNOH.exe N/A
N/A N/A C:\Windows\System\IAaBPDP.exe N/A
N/A N/A C:\Windows\System\CVLjIBH.exe N/A
N/A N/A C:\Windows\System\ScwidJF.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\QTVIRQF.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzwXBgn.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ztjPHlW.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRrkGZh.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TkpyEHJ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxALWFh.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfymoTF.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDcadfg.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDTiDMy.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oDQRnNz.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GkVPumK.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvthryS.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmueshW.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xtpsqMy.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDTqjuW.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVrayoC.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PeIytxA.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FgDVBwf.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZwmcLQb.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpoPHkJ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zNnLWLl.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OkUIiZR.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTUfvED.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQseVgB.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gWXdLpk.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\waWiulD.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZUbzFd.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBxKCPr.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OEfxzco.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hReweez.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ARrPHjD.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AuroAcD.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hhfJjBv.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\olibIzq.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZGDbLfL.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbEGesc.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OCzHuWi.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MAqLBhL.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHlALfF.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UkNQLwB.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWrOGuX.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsBrdAd.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LVmFvjr.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfBRTgL.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LTzkRRS.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMoeJWE.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sUPmpDG.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfYWtWu.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OFFsZuc.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eaEWxZf.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cfYOPul.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zQjeFrn.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZzCuhzI.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YAdUfJG.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QdfirpN.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qLFoGZr.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VbMXGyQ.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Bxwsnvw.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gfdCTXB.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfDJHTK.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GvhXWid.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ApRhqRd.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yEtaqaz.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dJYScAP.exe C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3044 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3044 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3044 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\xodWyOV.exe
PID 3044 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\xodWyOV.exe
PID 3044 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\XcTgtak.exe
PID 3044 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\XcTgtak.exe
PID 3044 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\rernlWi.exe
PID 3044 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\rernlWi.exe
PID 3044 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\QTVIRQF.exe
PID 3044 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\QTVIRQF.exe
PID 3044 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\DBNbUNf.exe
PID 3044 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\DBNbUNf.exe
PID 3044 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UviYgdA.exe
PID 3044 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UviYgdA.exe
PID 3044 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\vUojyWT.exe
PID 3044 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\vUojyWT.exe
PID 3044 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\EEshNyQ.exe
PID 3044 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\EEshNyQ.exe
PID 3044 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\iZeMCNx.exe
PID 3044 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\iZeMCNx.exe
PID 3044 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\YkoVwcW.exe
PID 3044 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\YkoVwcW.exe
PID 3044 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ktzCzjJ.exe
PID 3044 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ktzCzjJ.exe
PID 3044 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UsnuhXY.exe
PID 3044 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UsnuhXY.exe
PID 3044 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\nOxJwxz.exe
PID 3044 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\nOxJwxz.exe
PID 3044 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\WFPJNBA.exe
PID 3044 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\WFPJNBA.exe
PID 3044 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ujGJOCO.exe
PID 3044 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\ujGJOCO.exe
PID 3044 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UkNQLwB.exe
PID 3044 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\UkNQLwB.exe
PID 3044 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\meFpUHs.exe
PID 3044 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\meFpUHs.exe
PID 3044 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\fPKEIvr.exe
PID 3044 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\fPKEIvr.exe
PID 3044 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\HQZOoEY.exe
PID 3044 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\HQZOoEY.exe
PID 3044 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\zuxLTUz.exe
PID 3044 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\zuxLTUz.exe
PID 3044 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\DEalznE.exe
PID 3044 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\DEalznE.exe
PID 3044 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\MqylAoD.exe
PID 3044 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\MqylAoD.exe
PID 3044 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\jskrEio.exe
PID 3044 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\jskrEio.exe
PID 3044 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\kmFlgOV.exe
PID 3044 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\kmFlgOV.exe
PID 3044 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\CIjgfgI.exe
PID 3044 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\CIjgfgI.exe
PID 3044 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\vyzrFfo.exe
PID 3044 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\vyzrFfo.exe
PID 3044 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\KEhezQe.exe
PID 3044 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\KEhezQe.exe
PID 3044 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\MLprdpp.exe
PID 3044 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\MLprdpp.exe
PID 3044 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\rnlJKTg.exe
PID 3044 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\rnlJKTg.exe
PID 3044 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\IpLJDsR.exe
PID 3044 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\IpLJDsR.exe
PID 3044 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\qrEAOCQ.exe
PID 3044 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe C:\Windows\System\qrEAOCQ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\71bbf3c21ccf3fdc4056b6b8aa44a3e0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\xodWyOV.exe

C:\Windows\System\xodWyOV.exe

C:\Windows\System\XcTgtak.exe

C:\Windows\System\XcTgtak.exe

C:\Windows\System\rernlWi.exe

C:\Windows\System\rernlWi.exe

C:\Windows\System\QTVIRQF.exe

C:\Windows\System\QTVIRQF.exe

C:\Windows\System\DBNbUNf.exe

C:\Windows\System\DBNbUNf.exe

C:\Windows\System\UviYgdA.exe

C:\Windows\System\UviYgdA.exe

C:\Windows\System\vUojyWT.exe

C:\Windows\System\vUojyWT.exe

C:\Windows\System\EEshNyQ.exe

C:\Windows\System\EEshNyQ.exe

C:\Windows\System\iZeMCNx.exe

C:\Windows\System\iZeMCNx.exe

C:\Windows\System\YkoVwcW.exe

C:\Windows\System\YkoVwcW.exe

C:\Windows\System\ktzCzjJ.exe

C:\Windows\System\ktzCzjJ.exe

C:\Windows\System\UsnuhXY.exe

C:\Windows\System\UsnuhXY.exe

C:\Windows\System\nOxJwxz.exe

C:\Windows\System\nOxJwxz.exe

C:\Windows\System\WFPJNBA.exe

C:\Windows\System\WFPJNBA.exe

C:\Windows\System\ujGJOCO.exe

C:\Windows\System\ujGJOCO.exe

C:\Windows\System\UkNQLwB.exe

C:\Windows\System\UkNQLwB.exe

C:\Windows\System\meFpUHs.exe

C:\Windows\System\meFpUHs.exe

C:\Windows\System\fPKEIvr.exe

C:\Windows\System\fPKEIvr.exe

C:\Windows\System\HQZOoEY.exe

C:\Windows\System\HQZOoEY.exe

C:\Windows\System\zuxLTUz.exe

C:\Windows\System\zuxLTUz.exe

C:\Windows\System\DEalznE.exe

C:\Windows\System\DEalznE.exe

C:\Windows\System\MqylAoD.exe

C:\Windows\System\MqylAoD.exe

C:\Windows\System\jskrEio.exe

C:\Windows\System\jskrEio.exe

C:\Windows\System\kmFlgOV.exe

C:\Windows\System\kmFlgOV.exe

C:\Windows\System\CIjgfgI.exe

C:\Windows\System\CIjgfgI.exe

C:\Windows\System\vyzrFfo.exe

C:\Windows\System\vyzrFfo.exe

C:\Windows\System\KEhezQe.exe

C:\Windows\System\KEhezQe.exe

C:\Windows\System\MLprdpp.exe

C:\Windows\System\MLprdpp.exe

C:\Windows\System\rnlJKTg.exe

C:\Windows\System\rnlJKTg.exe

C:\Windows\System\IpLJDsR.exe

C:\Windows\System\IpLJDsR.exe

C:\Windows\System\qrEAOCQ.exe

C:\Windows\System\qrEAOCQ.exe

C:\Windows\System\qHNFeAn.exe

C:\Windows\System\qHNFeAn.exe

C:\Windows\System\kIcZnfH.exe

C:\Windows\System\kIcZnfH.exe

C:\Windows\System\VFxdqkg.exe

C:\Windows\System\VFxdqkg.exe

C:\Windows\System\PImqSNk.exe

C:\Windows\System\PImqSNk.exe

C:\Windows\System\PjbGiyL.exe

C:\Windows\System\PjbGiyL.exe

C:\Windows\System\oaBwWKy.exe

C:\Windows\System\oaBwWKy.exe

C:\Windows\System\xITFNZz.exe

C:\Windows\System\xITFNZz.exe

C:\Windows\System\PifEqFl.exe

C:\Windows\System\PifEqFl.exe

C:\Windows\System\dIIHmUg.exe

C:\Windows\System\dIIHmUg.exe

C:\Windows\System\xdwuaiF.exe

C:\Windows\System\xdwuaiF.exe

C:\Windows\System\oxHzLHH.exe

C:\Windows\System\oxHzLHH.exe

C:\Windows\System\vslYLbQ.exe

C:\Windows\System\vslYLbQ.exe

C:\Windows\System\iUchUnF.exe

C:\Windows\System\iUchUnF.exe

C:\Windows\System\msZclWu.exe

C:\Windows\System\msZclWu.exe

C:\Windows\System\BQwbadF.exe

C:\Windows\System\BQwbadF.exe

C:\Windows\System\xGmWaov.exe

C:\Windows\System\xGmWaov.exe

C:\Windows\System\oroyfQt.exe

C:\Windows\System\oroyfQt.exe

C:\Windows\System\ihgjnFs.exe

C:\Windows\System\ihgjnFs.exe

C:\Windows\System\DxCALiG.exe

C:\Windows\System\DxCALiG.exe

C:\Windows\System\mpnathL.exe

C:\Windows\System\mpnathL.exe

C:\Windows\System\gWXdLpk.exe

C:\Windows\System\gWXdLpk.exe

C:\Windows\System\TzyRppk.exe

C:\Windows\System\TzyRppk.exe

C:\Windows\System\AirzvLr.exe

C:\Windows\System\AirzvLr.exe

C:\Windows\System\flFCJba.exe

C:\Windows\System\flFCJba.exe

C:\Windows\System\voeOPVE.exe

C:\Windows\System\voeOPVE.exe

C:\Windows\System\kMwnBSe.exe

C:\Windows\System\kMwnBSe.exe

C:\Windows\System\ObUCQiG.exe

C:\Windows\System\ObUCQiG.exe

C:\Windows\System\Lldrloo.exe

C:\Windows\System\Lldrloo.exe

C:\Windows\System\VxOuGJB.exe

C:\Windows\System\VxOuGJB.exe

C:\Windows\System\JGjbNOH.exe

C:\Windows\System\JGjbNOH.exe

C:\Windows\System\IAaBPDP.exe

C:\Windows\System\IAaBPDP.exe

C:\Windows\System\CVLjIBH.exe

C:\Windows\System\CVLjIBH.exe

C:\Windows\System\ScwidJF.exe

C:\Windows\System\ScwidJF.exe

C:\Windows\System\XajeBQq.exe

C:\Windows\System\XajeBQq.exe

C:\Windows\System\kOjSlOk.exe

C:\Windows\System\kOjSlOk.exe

C:\Windows\System\AvJdlLT.exe

C:\Windows\System\AvJdlLT.exe

C:\Windows\System\amTRnhO.exe

C:\Windows\System\amTRnhO.exe

C:\Windows\System\xAFzpCU.exe

C:\Windows\System\xAFzpCU.exe

C:\Windows\System\MjkGeHO.exe

C:\Windows\System\MjkGeHO.exe

C:\Windows\System\nKWOGYa.exe

C:\Windows\System\nKWOGYa.exe

C:\Windows\System\hfmTCHR.exe

C:\Windows\System\hfmTCHR.exe

C:\Windows\System\pUqGkxK.exe

C:\Windows\System\pUqGkxK.exe

C:\Windows\System\nhkVZCj.exe

C:\Windows\System\nhkVZCj.exe

C:\Windows\System\VpWZXBR.exe

C:\Windows\System\VpWZXBR.exe

C:\Windows\System\EmYYCru.exe

C:\Windows\System\EmYYCru.exe

C:\Windows\System\DeBGksa.exe

C:\Windows\System\DeBGksa.exe

C:\Windows\System\OrZeoAX.exe

C:\Windows\System\OrZeoAX.exe

C:\Windows\System\FiTWFYP.exe

C:\Windows\System\FiTWFYP.exe

C:\Windows\System\HAJRphT.exe

C:\Windows\System\HAJRphT.exe

C:\Windows\System\dslgFvn.exe

C:\Windows\System\dslgFvn.exe

C:\Windows\System\CXsmagM.exe

C:\Windows\System\CXsmagM.exe

C:\Windows\System\oimzQPl.exe

C:\Windows\System\oimzQPl.exe

C:\Windows\System\AfOFFFP.exe

C:\Windows\System\AfOFFFP.exe

C:\Windows\System\CUytmIC.exe

C:\Windows\System\CUytmIC.exe

C:\Windows\System\KmlkgAV.exe

C:\Windows\System\KmlkgAV.exe

C:\Windows\System\NSssznl.exe

C:\Windows\System\NSssznl.exe

C:\Windows\System\XMAPHwA.exe

C:\Windows\System\XMAPHwA.exe

C:\Windows\System\gjApzkn.exe

C:\Windows\System\gjApzkn.exe

C:\Windows\System\huFIOsk.exe

C:\Windows\System\huFIOsk.exe

C:\Windows\System\FLWAScY.exe

C:\Windows\System\FLWAScY.exe

C:\Windows\System\vSTgpEh.exe

C:\Windows\System\vSTgpEh.exe

C:\Windows\System\RpufMGp.exe

C:\Windows\System\RpufMGp.exe

C:\Windows\System\TJDBcSv.exe

C:\Windows\System\TJDBcSv.exe

C:\Windows\System\yOKPAOe.exe

C:\Windows\System\yOKPAOe.exe

C:\Windows\System\aQipdMO.exe

C:\Windows\System\aQipdMO.exe

C:\Windows\System\DYGllnJ.exe

C:\Windows\System\DYGllnJ.exe

C:\Windows\System\wJKCpkB.exe

C:\Windows\System\wJKCpkB.exe

C:\Windows\System\aUwjxNi.exe

C:\Windows\System\aUwjxNi.exe

C:\Windows\System\RHIamit.exe

C:\Windows\System\RHIamit.exe

C:\Windows\System\GxLKYJe.exe

C:\Windows\System\GxLKYJe.exe

C:\Windows\System\yJNEpVZ.exe

C:\Windows\System\yJNEpVZ.exe

C:\Windows\System\SHvLqbK.exe

C:\Windows\System\SHvLqbK.exe

C:\Windows\System\sWTMBxq.exe

C:\Windows\System\sWTMBxq.exe

C:\Windows\System\nqlwzbk.exe

C:\Windows\System\nqlwzbk.exe

C:\Windows\System\nqykhns.exe

C:\Windows\System\nqykhns.exe

C:\Windows\System\XVKhfDf.exe

C:\Windows\System\XVKhfDf.exe

C:\Windows\System\mxOihHF.exe

C:\Windows\System\mxOihHF.exe

C:\Windows\System\UmpQXUi.exe

C:\Windows\System\UmpQXUi.exe

C:\Windows\System\EyTQYRL.exe

C:\Windows\System\EyTQYRL.exe

C:\Windows\System\lrmJToA.exe

C:\Windows\System\lrmJToA.exe

C:\Windows\System\fncEKze.exe

C:\Windows\System\fncEKze.exe

C:\Windows\System\zJbAWYT.exe

C:\Windows\System\zJbAWYT.exe

C:\Windows\System\gMcagDJ.exe

C:\Windows\System\gMcagDJ.exe

C:\Windows\System\MRYRsbF.exe

C:\Windows\System\MRYRsbF.exe

C:\Windows\System\GUvUjJg.exe

C:\Windows\System\GUvUjJg.exe

C:\Windows\System\WXgKIIW.exe

C:\Windows\System\WXgKIIW.exe

C:\Windows\System\uPBERtS.exe

C:\Windows\System\uPBERtS.exe

C:\Windows\System\gfrEzIF.exe

C:\Windows\System\gfrEzIF.exe

C:\Windows\System\gBezpPQ.exe

C:\Windows\System\gBezpPQ.exe

C:\Windows\System\cPXwpqX.exe

C:\Windows\System\cPXwpqX.exe

C:\Windows\System\XEVVJAO.exe

C:\Windows\System\XEVVJAO.exe

C:\Windows\System\yAIhRpK.exe

C:\Windows\System\yAIhRpK.exe

C:\Windows\System\irVbmBT.exe

C:\Windows\System\irVbmBT.exe

C:\Windows\System\BnQsmZi.exe

C:\Windows\System\BnQsmZi.exe

C:\Windows\System\eDXBxKj.exe

C:\Windows\System\eDXBxKj.exe

C:\Windows\System\fyoYAYd.exe

C:\Windows\System\fyoYAYd.exe

C:\Windows\System\BynzyPD.exe

C:\Windows\System\BynzyPD.exe

C:\Windows\System\nkpIRnk.exe

C:\Windows\System\nkpIRnk.exe

C:\Windows\System\slUuqea.exe

C:\Windows\System\slUuqea.exe

C:\Windows\System\JKEtife.exe

C:\Windows\System\JKEtife.exe

C:\Windows\System\VgEnJEA.exe

C:\Windows\System\VgEnJEA.exe

C:\Windows\System\TrxmDPk.exe

C:\Windows\System\TrxmDPk.exe

C:\Windows\System\lWtHcpk.exe

C:\Windows\System\lWtHcpk.exe

C:\Windows\System\YOSEqeB.exe

C:\Windows\System\YOSEqeB.exe

C:\Windows\System\GIxmkIV.exe

C:\Windows\System\GIxmkIV.exe

C:\Windows\System\yJUsNPD.exe

C:\Windows\System\yJUsNPD.exe

C:\Windows\System\EmYLIQT.exe

C:\Windows\System\EmYLIQT.exe

C:\Windows\System\VFinErQ.exe

C:\Windows\System\VFinErQ.exe

C:\Windows\System\aufxfgM.exe

C:\Windows\System\aufxfgM.exe

C:\Windows\System\PfmRBdH.exe

C:\Windows\System\PfmRBdH.exe

C:\Windows\System\AdWPPEQ.exe

C:\Windows\System\AdWPPEQ.exe

C:\Windows\System\usrvUIY.exe

C:\Windows\System\usrvUIY.exe

C:\Windows\System\BZfoBOw.exe

C:\Windows\System\BZfoBOw.exe

C:\Windows\System\iqqnSMi.exe

C:\Windows\System\iqqnSMi.exe

C:\Windows\System\kcCLJkg.exe

C:\Windows\System\kcCLJkg.exe

C:\Windows\System\cQYqOew.exe

C:\Windows\System\cQYqOew.exe

C:\Windows\System\jSlifIY.exe

C:\Windows\System\jSlifIY.exe

C:\Windows\System\wsXsKhX.exe

C:\Windows\System\wsXsKhX.exe

C:\Windows\System\FNmfABA.exe

C:\Windows\System\FNmfABA.exe

C:\Windows\System\dbexRwH.exe

C:\Windows\System\dbexRwH.exe

C:\Windows\System\ezInQyl.exe

C:\Windows\System\ezInQyl.exe

C:\Windows\System\kdAuTdf.exe

C:\Windows\System\kdAuTdf.exe

C:\Windows\System\pzvQdLP.exe

C:\Windows\System\pzvQdLP.exe

C:\Windows\System\ssULSbu.exe

C:\Windows\System\ssULSbu.exe

C:\Windows\System\HrIotki.exe

C:\Windows\System\HrIotki.exe

C:\Windows\System\XEEiHBF.exe

C:\Windows\System\XEEiHBF.exe

C:\Windows\System\QLNFqqW.exe

C:\Windows\System\QLNFqqW.exe

C:\Windows\System\tEKClwg.exe

C:\Windows\System\tEKClwg.exe

C:\Windows\System\RzLoGwU.exe

C:\Windows\System\RzLoGwU.exe

C:\Windows\System\rHbcyIb.exe

C:\Windows\System\rHbcyIb.exe

C:\Windows\System\aCrtZHF.exe

C:\Windows\System\aCrtZHF.exe

C:\Windows\System\sJDDVsf.exe

C:\Windows\System\sJDDVsf.exe

C:\Windows\System\ZOUtNbD.exe

C:\Windows\System\ZOUtNbD.exe

C:\Windows\System\nFCJHkN.exe

C:\Windows\System\nFCJHkN.exe

C:\Windows\System\xeJLwqj.exe

C:\Windows\System\xeJLwqj.exe

C:\Windows\System\iLNpdxk.exe

C:\Windows\System\iLNpdxk.exe

C:\Windows\System\HGRDuVn.exe

C:\Windows\System\HGRDuVn.exe

C:\Windows\System\PrAOkpA.exe

C:\Windows\System\PrAOkpA.exe

C:\Windows\System\IpwreuX.exe

C:\Windows\System\IpwreuX.exe

C:\Windows\System\ymEktqR.exe

C:\Windows\System\ymEktqR.exe

C:\Windows\System\LdXkZFi.exe

C:\Windows\System\LdXkZFi.exe

C:\Windows\System\SheifGB.exe

C:\Windows\System\SheifGB.exe

C:\Windows\System\pvthryS.exe

C:\Windows\System\pvthryS.exe

C:\Windows\System\WjZQEqR.exe

C:\Windows\System\WjZQEqR.exe

C:\Windows\System\BVjVeBD.exe

C:\Windows\System\BVjVeBD.exe

C:\Windows\System\YsQNlDr.exe

C:\Windows\System\YsQNlDr.exe

C:\Windows\System\LsCSmDm.exe

C:\Windows\System\LsCSmDm.exe

C:\Windows\System\jnqfVVl.exe

C:\Windows\System\jnqfVVl.exe

C:\Windows\System\apeXKru.exe

C:\Windows\System\apeXKru.exe

C:\Windows\System\lIXWZbR.exe

C:\Windows\System\lIXWZbR.exe

C:\Windows\System\CnORCwd.exe

C:\Windows\System\CnORCwd.exe

C:\Windows\System\vkuxdnN.exe

C:\Windows\System\vkuxdnN.exe

C:\Windows\System\VOirMMP.exe

C:\Windows\System\VOirMMP.exe

C:\Windows\System\WlAZVod.exe

C:\Windows\System\WlAZVod.exe

C:\Windows\System\QVKFZhT.exe

C:\Windows\System\QVKFZhT.exe

C:\Windows\System\klgGiuX.exe

C:\Windows\System\klgGiuX.exe

C:\Windows\System\eQIYSWe.exe

C:\Windows\System\eQIYSWe.exe

C:\Windows\System\wguvcTi.exe

C:\Windows\System\wguvcTi.exe

C:\Windows\System\pBjJiGk.exe

C:\Windows\System\pBjJiGk.exe

C:\Windows\System\OFwtioH.exe

C:\Windows\System\OFwtioH.exe

C:\Windows\System\UJvTsBM.exe

C:\Windows\System\UJvTsBM.exe

C:\Windows\System\whItMHf.exe

C:\Windows\System\whItMHf.exe

C:\Windows\System\MNaYFJr.exe

C:\Windows\System\MNaYFJr.exe

C:\Windows\System\hRrkGZh.exe

C:\Windows\System\hRrkGZh.exe

C:\Windows\System\ywQwCfG.exe

C:\Windows\System\ywQwCfG.exe

C:\Windows\System\sfqPsDW.exe

C:\Windows\System\sfqPsDW.exe

C:\Windows\System\MUIYBBD.exe

C:\Windows\System\MUIYBBD.exe

C:\Windows\System\HyqaRJO.exe

C:\Windows\System\HyqaRJO.exe

C:\Windows\System\jSYQQUw.exe

C:\Windows\System\jSYQQUw.exe

C:\Windows\System\FOpupCF.exe

C:\Windows\System\FOpupCF.exe

C:\Windows\System\ClljtFV.exe

C:\Windows\System\ClljtFV.exe

C:\Windows\System\wkWTzDF.exe

C:\Windows\System\wkWTzDF.exe

C:\Windows\System\uGdHvWc.exe

C:\Windows\System\uGdHvWc.exe

C:\Windows\System\OkLfTyM.exe

C:\Windows\System\OkLfTyM.exe

C:\Windows\System\MqpYZON.exe

C:\Windows\System\MqpYZON.exe

C:\Windows\System\UqxxjUt.exe

C:\Windows\System\UqxxjUt.exe

C:\Windows\System\WcdSaVL.exe

C:\Windows\System\WcdSaVL.exe

C:\Windows\System\pvvifui.exe

C:\Windows\System\pvvifui.exe

C:\Windows\System\KyhSfQb.exe

C:\Windows\System\KyhSfQb.exe

C:\Windows\System\wsDPmXi.exe

C:\Windows\System\wsDPmXi.exe

C:\Windows\System\LIHLgQi.exe

C:\Windows\System\LIHLgQi.exe

C:\Windows\System\jSoIzte.exe

C:\Windows\System\jSoIzte.exe

C:\Windows\System\VbaTzXE.exe

C:\Windows\System\VbaTzXE.exe

C:\Windows\System\uMDrbbh.exe

C:\Windows\System\uMDrbbh.exe

C:\Windows\System\snEZaul.exe

C:\Windows\System\snEZaul.exe

C:\Windows\System\pmiPHLH.exe

C:\Windows\System\pmiPHLH.exe

C:\Windows\System\uNHuhSE.exe

C:\Windows\System\uNHuhSE.exe

C:\Windows\System\TxSlIxO.exe

C:\Windows\System\TxSlIxO.exe

C:\Windows\System\qIwBsio.exe

C:\Windows\System\qIwBsio.exe

C:\Windows\System\Fsawkun.exe

C:\Windows\System\Fsawkun.exe

C:\Windows\System\OkKByXh.exe

C:\Windows\System\OkKByXh.exe

C:\Windows\System\UBZFVuD.exe

C:\Windows\System\UBZFVuD.exe

C:\Windows\System\DzdJZAQ.exe

C:\Windows\System\DzdJZAQ.exe

C:\Windows\System\pmWLaDm.exe

C:\Windows\System\pmWLaDm.exe

C:\Windows\System\ntVHayX.exe

C:\Windows\System\ntVHayX.exe

C:\Windows\System\GLjEryf.exe

C:\Windows\System\GLjEryf.exe

C:\Windows\System\jFbMgdK.exe

C:\Windows\System\jFbMgdK.exe

C:\Windows\System\hiejoSX.exe

C:\Windows\System\hiejoSX.exe

C:\Windows\System\YpQvDtK.exe

C:\Windows\System\YpQvDtK.exe

C:\Windows\System\fDxogtb.exe

C:\Windows\System\fDxogtb.exe

C:\Windows\System\BaFwFgX.exe

C:\Windows\System\BaFwFgX.exe

C:\Windows\System\MkfgEBY.exe

C:\Windows\System\MkfgEBY.exe

C:\Windows\System\qcgILNt.exe

C:\Windows\System\qcgILNt.exe

C:\Windows\System\WVDFIcR.exe

C:\Windows\System\WVDFIcR.exe

C:\Windows\System\RZeepIA.exe

C:\Windows\System\RZeepIA.exe

C:\Windows\System\wJQeJmL.exe

C:\Windows\System\wJQeJmL.exe

C:\Windows\System\EUGSIcF.exe

C:\Windows\System\EUGSIcF.exe

C:\Windows\System\BdLQRZT.exe

C:\Windows\System\BdLQRZT.exe

C:\Windows\System\qYovUWZ.exe

C:\Windows\System\qYovUWZ.exe

C:\Windows\System\YCjbcIX.exe

C:\Windows\System\YCjbcIX.exe

C:\Windows\System\zodDKSy.exe

C:\Windows\System\zodDKSy.exe

C:\Windows\System\ZJBHrLN.exe

C:\Windows\System\ZJBHrLN.exe

C:\Windows\System\jVbjtRw.exe

C:\Windows\System\jVbjtRw.exe

C:\Windows\System\vObzsoQ.exe

C:\Windows\System\vObzsoQ.exe

C:\Windows\System\HnJHXpF.exe

C:\Windows\System\HnJHXpF.exe

C:\Windows\System\LABLLqa.exe

C:\Windows\System\LABLLqa.exe

C:\Windows\System\pJCUdoo.exe

C:\Windows\System\pJCUdoo.exe

C:\Windows\System\yyECwPo.exe

C:\Windows\System\yyECwPo.exe

C:\Windows\System\IEjAKGI.exe

C:\Windows\System\IEjAKGI.exe

C:\Windows\System\frtwBKy.exe

C:\Windows\System\frtwBKy.exe

C:\Windows\System\vsUodsq.exe

C:\Windows\System\vsUodsq.exe

C:\Windows\System\ATMkkga.exe

C:\Windows\System\ATMkkga.exe

C:\Windows\System\OGZhjzt.exe

C:\Windows\System\OGZhjzt.exe

C:\Windows\System\ncSihJS.exe

C:\Windows\System\ncSihJS.exe

C:\Windows\System\WZnpXhj.exe

C:\Windows\System\WZnpXhj.exe

C:\Windows\System\XpvWakS.exe

C:\Windows\System\XpvWakS.exe

C:\Windows\System\oqUQdjX.exe

C:\Windows\System\oqUQdjX.exe

C:\Windows\System\hCPQbbp.exe

C:\Windows\System\hCPQbbp.exe

C:\Windows\System\ZgGaTUR.exe

C:\Windows\System\ZgGaTUR.exe

C:\Windows\System\FRUeVLn.exe

C:\Windows\System\FRUeVLn.exe

C:\Windows\System\JVKGyeq.exe

C:\Windows\System\JVKGyeq.exe

C:\Windows\System\rBYtryH.exe

C:\Windows\System\rBYtryH.exe

C:\Windows\System\TmsQuPo.exe

C:\Windows\System\TmsQuPo.exe

C:\Windows\System\ZlFYpys.exe

C:\Windows\System\ZlFYpys.exe

C:\Windows\System\nxTiYBn.exe

C:\Windows\System\nxTiYBn.exe

C:\Windows\System\XXTJPzV.exe

C:\Windows\System\XXTJPzV.exe

C:\Windows\System\UZdNbtv.exe

C:\Windows\System\UZdNbtv.exe

C:\Windows\System\qnAOzqD.exe

C:\Windows\System\qnAOzqD.exe

C:\Windows\System\txciGsb.exe

C:\Windows\System\txciGsb.exe

C:\Windows\System\YqWuFVv.exe

C:\Windows\System\YqWuFVv.exe

C:\Windows\System\kjEttfh.exe

C:\Windows\System\kjEttfh.exe

C:\Windows\System\pWuuciG.exe

C:\Windows\System\pWuuciG.exe

C:\Windows\System\bKoHuHs.exe

C:\Windows\System\bKoHuHs.exe

C:\Windows\System\kCeWLkG.exe

C:\Windows\System\kCeWLkG.exe

C:\Windows\System\NKkJtBg.exe

C:\Windows\System\NKkJtBg.exe

C:\Windows\System\JFjaSsj.exe

C:\Windows\System\JFjaSsj.exe

C:\Windows\System\PfNiGqN.exe

C:\Windows\System\PfNiGqN.exe

C:\Windows\System\BvbURPU.exe

C:\Windows\System\BvbURPU.exe

C:\Windows\System\qNtuueA.exe

C:\Windows\System\qNtuueA.exe

C:\Windows\System\PjgQCSY.exe

C:\Windows\System\PjgQCSY.exe

C:\Windows\System\OEfxzco.exe

C:\Windows\System\OEfxzco.exe

C:\Windows\System\BEJUkDE.exe

C:\Windows\System\BEJUkDE.exe

C:\Windows\System\GgmqnIS.exe

C:\Windows\System\GgmqnIS.exe

C:\Windows\System\ilVAzDr.exe

C:\Windows\System\ilVAzDr.exe

C:\Windows\System\VBmhThd.exe

C:\Windows\System\VBmhThd.exe

C:\Windows\System\iZbsWmC.exe

C:\Windows\System\iZbsWmC.exe

C:\Windows\System\hMkYmOT.exe

C:\Windows\System\hMkYmOT.exe

C:\Windows\System\FXrCvyy.exe

C:\Windows\System\FXrCvyy.exe

C:\Windows\System\xAgiOrw.exe

C:\Windows\System\xAgiOrw.exe

C:\Windows\System\szncvoJ.exe

C:\Windows\System\szncvoJ.exe

C:\Windows\System\mmksfgt.exe

C:\Windows\System\mmksfgt.exe

C:\Windows\System\pMODXar.exe

C:\Windows\System\pMODXar.exe

C:\Windows\System\uwdSOoW.exe

C:\Windows\System\uwdSOoW.exe

C:\Windows\System\PlNWvKa.exe

C:\Windows\System\PlNWvKa.exe

C:\Windows\System\XMlHejF.exe

C:\Windows\System\XMlHejF.exe

C:\Windows\System\jHjeQJt.exe

C:\Windows\System\jHjeQJt.exe

C:\Windows\System\bdcEKvK.exe

C:\Windows\System\bdcEKvK.exe

C:\Windows\System\YJqEqFI.exe

C:\Windows\System\YJqEqFI.exe

C:\Windows\System\aHUEVrS.exe

C:\Windows\System\aHUEVrS.exe

C:\Windows\System\tvCxgRz.exe

C:\Windows\System\tvCxgRz.exe

C:\Windows\System\UjGbSfB.exe

C:\Windows\System\UjGbSfB.exe

C:\Windows\System\ODnfxlu.exe

C:\Windows\System\ODnfxlu.exe

C:\Windows\System\TwNIkOj.exe

C:\Windows\System\TwNIkOj.exe

C:\Windows\System\RQigaSw.exe

C:\Windows\System\RQigaSw.exe

C:\Windows\System\SeFzkht.exe

C:\Windows\System\SeFzkht.exe

C:\Windows\System\CZhyTrq.exe

C:\Windows\System\CZhyTrq.exe

C:\Windows\System\yYzmQJi.exe

C:\Windows\System\yYzmQJi.exe

C:\Windows\System\YBjOgZE.exe

C:\Windows\System\YBjOgZE.exe

C:\Windows\System\OVfMUiq.exe

C:\Windows\System\OVfMUiq.exe

C:\Windows\System\AHRYoKz.exe

C:\Windows\System\AHRYoKz.exe

C:\Windows\System\JhMAsjE.exe

C:\Windows\System\JhMAsjE.exe

C:\Windows\System\saWnjin.exe

C:\Windows\System\saWnjin.exe

C:\Windows\System\oYJddJj.exe

C:\Windows\System\oYJddJj.exe

C:\Windows\System\UOSlxAw.exe

C:\Windows\System\UOSlxAw.exe

C:\Windows\System\afchwDS.exe

C:\Windows\System\afchwDS.exe

C:\Windows\System\XjbvhIc.exe

C:\Windows\System\XjbvhIc.exe

C:\Windows\System\AueyDeU.exe

C:\Windows\System\AueyDeU.exe

C:\Windows\System\JCrcDEW.exe

C:\Windows\System\JCrcDEW.exe

C:\Windows\System\QHoVgdF.exe

C:\Windows\System\QHoVgdF.exe

C:\Windows\System\HgoQgyO.exe

C:\Windows\System\HgoQgyO.exe

C:\Windows\System\fcXHAgV.exe

C:\Windows\System\fcXHAgV.exe

C:\Windows\System\gAszNkN.exe

C:\Windows\System\gAszNkN.exe

C:\Windows\System\hfCPkGV.exe

C:\Windows\System\hfCPkGV.exe

C:\Windows\System\mUnbJpv.exe

C:\Windows\System\mUnbJpv.exe

C:\Windows\System\npDDPLe.exe

C:\Windows\System\npDDPLe.exe

C:\Windows\System\iboYSvY.exe

C:\Windows\System\iboYSvY.exe

C:\Windows\System\PeIytxA.exe

C:\Windows\System\PeIytxA.exe

C:\Windows\System\zQjeFrn.exe

C:\Windows\System\zQjeFrn.exe

C:\Windows\System\QmueshW.exe

C:\Windows\System\QmueshW.exe

C:\Windows\System\CzEZVRE.exe

C:\Windows\System\CzEZVRE.exe

C:\Windows\System\zXpWrWA.exe

C:\Windows\System\zXpWrWA.exe

C:\Windows\System\wzbzVZd.exe

C:\Windows\System\wzbzVZd.exe

C:\Windows\System\UYQvngx.exe

C:\Windows\System\UYQvngx.exe

C:\Windows\System\yambnAC.exe

C:\Windows\System\yambnAC.exe

C:\Windows\System\FIbvKZi.exe

C:\Windows\System\FIbvKZi.exe

C:\Windows\System\flAtEew.exe

C:\Windows\System\flAtEew.exe

C:\Windows\System\QSYmyFk.exe

C:\Windows\System\QSYmyFk.exe

C:\Windows\System\zIezSwV.exe

C:\Windows\System\zIezSwV.exe

C:\Windows\System\FHrzdgP.exe

C:\Windows\System\FHrzdgP.exe

C:\Windows\System\GZtPPij.exe

C:\Windows\System\GZtPPij.exe

C:\Windows\System\DoOaoSW.exe

C:\Windows\System\DoOaoSW.exe

C:\Windows\System\NSZyyQs.exe

C:\Windows\System\NSZyyQs.exe

C:\Windows\System\QDTBgMJ.exe

C:\Windows\System\QDTBgMJ.exe

C:\Windows\System\kSnRVbh.exe

C:\Windows\System\kSnRVbh.exe

C:\Windows\System\eUjLWZW.exe

C:\Windows\System\eUjLWZW.exe

C:\Windows\System\OrFypXR.exe

C:\Windows\System\OrFypXR.exe

C:\Windows\System\jbPjGww.exe

C:\Windows\System\jbPjGww.exe

C:\Windows\System\agEibmD.exe

C:\Windows\System\agEibmD.exe

C:\Windows\System\DBpSzwZ.exe

C:\Windows\System\DBpSzwZ.exe

C:\Windows\System\VBDolHC.exe

C:\Windows\System\VBDolHC.exe

C:\Windows\System\nGsRsbU.exe

C:\Windows\System\nGsRsbU.exe

C:\Windows\System\WcoqLHa.exe

C:\Windows\System\WcoqLHa.exe

C:\Windows\System\qdjHvIb.exe

C:\Windows\System\qdjHvIb.exe

C:\Windows\System\xfAZcEN.exe

C:\Windows\System\xfAZcEN.exe

C:\Windows\System\DfckJld.exe

C:\Windows\System\DfckJld.exe

C:\Windows\System\qLjFLiq.exe

C:\Windows\System\qLjFLiq.exe

C:\Windows\System\JaxuYQq.exe

C:\Windows\System\JaxuYQq.exe

C:\Windows\System\QePZRJq.exe

C:\Windows\System\QePZRJq.exe

C:\Windows\System\xHqsswy.exe

C:\Windows\System\xHqsswy.exe

C:\Windows\System\EFrlEbv.exe

C:\Windows\System\EFrlEbv.exe

C:\Windows\System\vOUFfzJ.exe

C:\Windows\System\vOUFfzJ.exe

C:\Windows\System\nKCBYJq.exe

C:\Windows\System\nKCBYJq.exe

C:\Windows\System\sJsJpcd.exe

C:\Windows\System\sJsJpcd.exe

C:\Windows\System\lNcWMES.exe

C:\Windows\System\lNcWMES.exe

C:\Windows\System\ZhEFjzW.exe

C:\Windows\System\ZhEFjzW.exe

C:\Windows\System\NlKXJul.exe

C:\Windows\System\NlKXJul.exe

C:\Windows\System\waWiulD.exe

C:\Windows\System\waWiulD.exe

C:\Windows\System\IcrSQNV.exe

C:\Windows\System\IcrSQNV.exe

C:\Windows\System\NtalcSW.exe

C:\Windows\System\NtalcSW.exe

C:\Windows\System\sOdGlGP.exe

C:\Windows\System\sOdGlGP.exe

C:\Windows\System\SWpeKSJ.exe

C:\Windows\System\SWpeKSJ.exe

C:\Windows\System\mugkpMY.exe

C:\Windows\System\mugkpMY.exe

C:\Windows\System\bLzGEVI.exe

C:\Windows\System\bLzGEVI.exe

C:\Windows\System\glVeVUx.exe

C:\Windows\System\glVeVUx.exe

C:\Windows\System\crSpYJL.exe

C:\Windows\System\crSpYJL.exe

C:\Windows\System\XpzEijH.exe

C:\Windows\System\XpzEijH.exe

C:\Windows\System\rBQMVQZ.exe

C:\Windows\System\rBQMVQZ.exe

C:\Windows\System\GqUngOQ.exe

C:\Windows\System\GqUngOQ.exe

C:\Windows\System\muOyiTH.exe

C:\Windows\System\muOyiTH.exe

C:\Windows\System\VYLcJrM.exe

C:\Windows\System\VYLcJrM.exe

C:\Windows\System\IJOSDiG.exe

C:\Windows\System\IJOSDiG.exe

C:\Windows\System\FTnJpnS.exe

C:\Windows\System\FTnJpnS.exe

C:\Windows\System\qFycDoS.exe

C:\Windows\System\qFycDoS.exe

C:\Windows\System\dyXRytr.exe

C:\Windows\System\dyXRytr.exe

C:\Windows\System\RHDEvwq.exe

C:\Windows\System\RHDEvwq.exe

C:\Windows\System\bzJohUr.exe

C:\Windows\System\bzJohUr.exe

C:\Windows\System\jZxZghh.exe

C:\Windows\System\jZxZghh.exe

C:\Windows\System\aPKCKSx.exe

C:\Windows\System\aPKCKSx.exe

C:\Windows\System\MBSNLaL.exe

C:\Windows\System\MBSNLaL.exe

C:\Windows\System\RAYbkSS.exe

C:\Windows\System\RAYbkSS.exe

C:\Windows\System\yHWjeiO.exe

C:\Windows\System\yHWjeiO.exe

C:\Windows\System\TivBhFz.exe

C:\Windows\System\TivBhFz.exe

C:\Windows\System\BwdVdzx.exe

C:\Windows\System\BwdVdzx.exe

C:\Windows\System\kBKwAXh.exe

C:\Windows\System\kBKwAXh.exe

C:\Windows\System\ggSNXTl.exe

C:\Windows\System\ggSNXTl.exe

C:\Windows\System\vNuTRfh.exe

C:\Windows\System\vNuTRfh.exe

C:\Windows\System\UagVAhQ.exe

C:\Windows\System\UagVAhQ.exe

C:\Windows\System\lYoBhza.exe

C:\Windows\System\lYoBhza.exe

C:\Windows\System\NajyQOx.exe

C:\Windows\System\NajyQOx.exe

C:\Windows\System\PvgdzAR.exe

C:\Windows\System\PvgdzAR.exe

C:\Windows\System\FANvcqr.exe

C:\Windows\System\FANvcqr.exe

C:\Windows\System\WvymbTX.exe

C:\Windows\System\WvymbTX.exe

C:\Windows\System\ybpdRLu.exe

C:\Windows\System\ybpdRLu.exe

C:\Windows\System\vGcCSPe.exe

C:\Windows\System\vGcCSPe.exe

C:\Windows\System\BjSaabY.exe

C:\Windows\System\BjSaabY.exe

C:\Windows\System\wYCULGU.exe

C:\Windows\System\wYCULGU.exe

C:\Windows\System\RXdFfWB.exe

C:\Windows\System\RXdFfWB.exe

C:\Windows\System\yVSjfMT.exe

C:\Windows\System\yVSjfMT.exe

C:\Windows\System\BSgcIpP.exe

C:\Windows\System\BSgcIpP.exe

C:\Windows\System\TkpyEHJ.exe

C:\Windows\System\TkpyEHJ.exe

C:\Windows\System\SlWMsJb.exe

C:\Windows\System\SlWMsJb.exe

C:\Windows\System\jrUrZVN.exe

C:\Windows\System\jrUrZVN.exe

C:\Windows\System\tcCmrwO.exe

C:\Windows\System\tcCmrwO.exe

C:\Windows\System\FfWsZVX.exe

C:\Windows\System\FfWsZVX.exe

C:\Windows\System\FxgErQo.exe

C:\Windows\System\FxgErQo.exe

C:\Windows\System\lEPimRH.exe

C:\Windows\System\lEPimRH.exe

C:\Windows\System\ObrvZky.exe

C:\Windows\System\ObrvZky.exe

C:\Windows\System\yZqRfkh.exe

C:\Windows\System\yZqRfkh.exe

C:\Windows\System\eaGUnbJ.exe

C:\Windows\System\eaGUnbJ.exe

C:\Windows\System\iEsdpdk.exe

C:\Windows\System\iEsdpdk.exe

C:\Windows\System\ivLKWaf.exe

C:\Windows\System\ivLKWaf.exe

C:\Windows\System\eTzAiAq.exe

C:\Windows\System\eTzAiAq.exe

C:\Windows\System\KzbLfJJ.exe

C:\Windows\System\KzbLfJJ.exe

C:\Windows\System\zblPzuF.exe

C:\Windows\System\zblPzuF.exe

C:\Windows\System\UxONebX.exe

C:\Windows\System\UxONebX.exe

C:\Windows\System\pAiFZUb.exe

C:\Windows\System\pAiFZUb.exe

C:\Windows\System\jSXMcio.exe

C:\Windows\System\jSXMcio.exe

C:\Windows\System\lhzsPlU.exe

C:\Windows\System\lhzsPlU.exe

C:\Windows\System\tTsuAJb.exe

C:\Windows\System\tTsuAJb.exe

C:\Windows\System\Npwmcsh.exe

C:\Windows\System\Npwmcsh.exe

C:\Windows\System\oAArZLt.exe

C:\Windows\System\oAArZLt.exe

C:\Windows\System\MAqLBhL.exe

C:\Windows\System\MAqLBhL.exe

C:\Windows\System\khXtFji.exe

C:\Windows\System\khXtFji.exe

C:\Windows\System\EAmUwZq.exe

C:\Windows\System\EAmUwZq.exe

C:\Windows\System\gEPmwIJ.exe

C:\Windows\System\gEPmwIJ.exe

C:\Windows\System\vgWgUHO.exe

C:\Windows\System\vgWgUHO.exe

C:\Windows\System\NEDAoJi.exe

C:\Windows\System\NEDAoJi.exe

C:\Windows\System\JXTEiyM.exe

C:\Windows\System\JXTEiyM.exe

C:\Windows\System\LZgpenw.exe

C:\Windows\System\LZgpenw.exe

C:\Windows\System\UrPmwhr.exe

C:\Windows\System\UrPmwhr.exe

C:\Windows\System\PfMNbuh.exe

C:\Windows\System\PfMNbuh.exe

C:\Windows\System\TAfALwP.exe

C:\Windows\System\TAfALwP.exe

C:\Windows\System\MTffcEV.exe

C:\Windows\System\MTffcEV.exe

C:\Windows\System\nGkHRNM.exe

C:\Windows\System\nGkHRNM.exe

C:\Windows\System\WQgzXeG.exe

C:\Windows\System\WQgzXeG.exe

C:\Windows\System\CftDiUL.exe

C:\Windows\System\CftDiUL.exe

C:\Windows\System\zJkkEaR.exe

C:\Windows\System\zJkkEaR.exe

C:\Windows\System\BIqbnaM.exe

C:\Windows\System\BIqbnaM.exe

C:\Windows\System\sUPmpDG.exe

C:\Windows\System\sUPmpDG.exe

C:\Windows\System\SAzSfUb.exe

C:\Windows\System\SAzSfUb.exe

C:\Windows\System\uCrfQhe.exe

C:\Windows\System\uCrfQhe.exe

C:\Windows\System\KsevgbC.exe

C:\Windows\System\KsevgbC.exe

C:\Windows\System\ZzIHDOQ.exe

C:\Windows\System\ZzIHDOQ.exe

C:\Windows\System\jIxydCR.exe

C:\Windows\System\jIxydCR.exe

C:\Windows\System\dWfJMab.exe

C:\Windows\System\dWfJMab.exe

C:\Windows\System\UrPvIwo.exe

C:\Windows\System\UrPvIwo.exe

C:\Windows\System\hokCFcK.exe

C:\Windows\System\hokCFcK.exe

C:\Windows\System\aDlsCkg.exe

C:\Windows\System\aDlsCkg.exe

C:\Windows\System\uZDTuCP.exe

C:\Windows\System\uZDTuCP.exe

C:\Windows\System\lHFRCcI.exe

C:\Windows\System\lHFRCcI.exe

C:\Windows\System\SQxGxHP.exe

C:\Windows\System\SQxGxHP.exe

C:\Windows\System\GOJviEe.exe

C:\Windows\System\GOJviEe.exe

C:\Windows\System\VRrYoWn.exe

C:\Windows\System\VRrYoWn.exe

C:\Windows\System\cJvxyas.exe

C:\Windows\System\cJvxyas.exe

C:\Windows\System\JmzmkqA.exe

C:\Windows\System\JmzmkqA.exe

C:\Windows\System\lUboBdz.exe

C:\Windows\System\lUboBdz.exe

C:\Windows\System\pKiCBzO.exe

C:\Windows\System\pKiCBzO.exe

C:\Windows\System\AkcaWbM.exe

C:\Windows\System\AkcaWbM.exe

C:\Windows\System\sRhyUSe.exe

C:\Windows\System\sRhyUSe.exe

C:\Windows\System\QpdWjdp.exe

C:\Windows\System\QpdWjdp.exe

C:\Windows\System\iAUEgLD.exe

C:\Windows\System\iAUEgLD.exe

C:\Windows\System\JjDEVfa.exe

C:\Windows\System\JjDEVfa.exe

C:\Windows\System\ogyuSFf.exe

C:\Windows\System\ogyuSFf.exe

C:\Windows\System\YCKcNZf.exe

C:\Windows\System\YCKcNZf.exe

C:\Windows\System\rSIVGGf.exe

C:\Windows\System\rSIVGGf.exe

C:\Windows\System\XIVxBjB.exe

C:\Windows\System\XIVxBjB.exe

C:\Windows\System\uBNrehw.exe

C:\Windows\System\uBNrehw.exe

C:\Windows\System\clMfUks.exe

C:\Windows\System\clMfUks.exe

C:\Windows\System\GVQWZDy.exe

C:\Windows\System\GVQWZDy.exe

C:\Windows\System\OHYJJoN.exe

C:\Windows\System\OHYJJoN.exe

C:\Windows\System\imQtBnK.exe

C:\Windows\System\imQtBnK.exe

C:\Windows\System\DscnMDL.exe

C:\Windows\System\DscnMDL.exe

C:\Windows\System\OBAwNNH.exe

C:\Windows\System\OBAwNNH.exe

C:\Windows\System\alOMQbg.exe

C:\Windows\System\alOMQbg.exe

C:\Windows\System\RXxSoIp.exe

C:\Windows\System\RXxSoIp.exe

C:\Windows\System\nvSXkJj.exe

C:\Windows\System\nvSXkJj.exe

C:\Windows\System\TYFMIpY.exe

C:\Windows\System\TYFMIpY.exe

C:\Windows\System\mjhlSJY.exe

C:\Windows\System\mjhlSJY.exe

C:\Windows\System\TpUjuWf.exe

C:\Windows\System\TpUjuWf.exe

C:\Windows\System\DbTODDy.exe

C:\Windows\System\DbTODDy.exe

C:\Windows\System\oyFuDOQ.exe

C:\Windows\System\oyFuDOQ.exe

C:\Windows\System\tKvZGGs.exe

C:\Windows\System\tKvZGGs.exe

C:\Windows\System\hgbQAXJ.exe

C:\Windows\System\hgbQAXJ.exe

C:\Windows\System\CgsiXgR.exe

C:\Windows\System\CgsiXgR.exe

C:\Windows\System\EsfKpxL.exe

C:\Windows\System\EsfKpxL.exe

C:\Windows\System\OettGjy.exe

C:\Windows\System\OettGjy.exe

C:\Windows\System\WfZATyo.exe

C:\Windows\System\WfZATyo.exe

C:\Windows\System\pbDRliv.exe

C:\Windows\System\pbDRliv.exe

C:\Windows\System\kkmaNfR.exe

C:\Windows\System\kkmaNfR.exe

C:\Windows\System\TKwyBpn.exe

C:\Windows\System\TKwyBpn.exe

C:\Windows\System\FvwGjmY.exe

C:\Windows\System\FvwGjmY.exe

C:\Windows\System\AjYuSCn.exe

C:\Windows\System\AjYuSCn.exe

C:\Windows\System\GQrrSPs.exe

C:\Windows\System\GQrrSPs.exe

C:\Windows\System\apJHGlw.exe

C:\Windows\System\apJHGlw.exe

C:\Windows\System\peMJeqE.exe

C:\Windows\System\peMJeqE.exe

C:\Windows\System\kSGrhwl.exe

C:\Windows\System\kSGrhwl.exe

C:\Windows\System\AEqJWLj.exe

C:\Windows\System\AEqJWLj.exe

C:\Windows\System\xplEcrt.exe

C:\Windows\System\xplEcrt.exe

C:\Windows\System\xtpsqMy.exe

C:\Windows\System\xtpsqMy.exe

C:\Windows\System\lWOJjdl.exe

C:\Windows\System\lWOJjdl.exe

C:\Windows\System\ECvmWfD.exe

C:\Windows\System\ECvmWfD.exe

C:\Windows\System\qAHFQfe.exe

C:\Windows\System\qAHFQfe.exe

C:\Windows\System\edUnQuM.exe

C:\Windows\System\edUnQuM.exe

C:\Windows\System\ltRgGav.exe

C:\Windows\System\ltRgGav.exe

C:\Windows\System\PfoZPbf.exe

C:\Windows\System\PfoZPbf.exe

C:\Windows\System\ZmynRru.exe

C:\Windows\System\ZmynRru.exe

C:\Windows\System\Yxhdmce.exe

C:\Windows\System\Yxhdmce.exe

C:\Windows\System\OYahaLs.exe

C:\Windows\System\OYahaLs.exe

C:\Windows\System\LiaVERL.exe

C:\Windows\System\LiaVERL.exe

C:\Windows\System\nzxmipJ.exe

C:\Windows\System\nzxmipJ.exe

C:\Windows\System\AsYQyRi.exe

C:\Windows\System\AsYQyRi.exe

C:\Windows\System\IXELIAX.exe

C:\Windows\System\IXELIAX.exe

C:\Windows\System\iYilsmV.exe

C:\Windows\System\iYilsmV.exe

C:\Windows\System\LKNBJQZ.exe

C:\Windows\System\LKNBJQZ.exe

C:\Windows\System\OoasRGT.exe

C:\Windows\System\OoasRGT.exe

C:\Windows\System\dfdFTuL.exe

C:\Windows\System\dfdFTuL.exe

C:\Windows\System\NJkYJtA.exe

C:\Windows\System\NJkYJtA.exe

C:\Windows\System\mBQNFWb.exe

C:\Windows\System\mBQNFWb.exe

C:\Windows\System\xmtnqRr.exe

C:\Windows\System\xmtnqRr.exe

C:\Windows\System\PBBnxaq.exe

C:\Windows\System\PBBnxaq.exe

C:\Windows\System\dUFFIxn.exe

C:\Windows\System\dUFFIxn.exe

C:\Windows\System\sLZNrDc.exe

C:\Windows\System\sLZNrDc.exe

C:\Windows\System\kDmeZtR.exe

C:\Windows\System\kDmeZtR.exe

C:\Windows\System\VJbAHpG.exe

C:\Windows\System\VJbAHpG.exe

C:\Windows\System\LqHtazk.exe

C:\Windows\System\LqHtazk.exe

C:\Windows\System\OYumPPh.exe

C:\Windows\System\OYumPPh.exe

C:\Windows\System\nIYSLnV.exe

C:\Windows\System\nIYSLnV.exe

C:\Windows\System\ZprYXHQ.exe

C:\Windows\System\ZprYXHQ.exe

C:\Windows\System\eyVSnlw.exe

C:\Windows\System\eyVSnlw.exe

C:\Windows\System\mVmZmss.exe

C:\Windows\System\mVmZmss.exe

C:\Windows\System\wfrQFXq.exe

C:\Windows\System\wfrQFXq.exe

C:\Windows\System\AyYrHUa.exe

C:\Windows\System\AyYrHUa.exe

C:\Windows\System\GTKBLSA.exe

C:\Windows\System\GTKBLSA.exe

C:\Windows\System\oRUFYED.exe

C:\Windows\System\oRUFYED.exe

C:\Windows\System\uOtpPVi.exe

C:\Windows\System\uOtpPVi.exe

C:\Windows\System\XjfLGJn.exe

C:\Windows\System\XjfLGJn.exe

C:\Windows\System\sbroipw.exe

C:\Windows\System\sbroipw.exe

C:\Windows\System\xQxcpZj.exe

C:\Windows\System\xQxcpZj.exe

C:\Windows\System\lmkqFYX.exe

C:\Windows\System\lmkqFYX.exe

C:\Windows\System\UqAitiR.exe

C:\Windows\System\UqAitiR.exe

C:\Windows\System\vfIgzEc.exe

C:\Windows\System\vfIgzEc.exe

C:\Windows\System\kDVItif.exe

C:\Windows\System\kDVItif.exe

C:\Windows\System\HyGPcZy.exe

C:\Windows\System\HyGPcZy.exe

C:\Windows\System\YvFSasL.exe

C:\Windows\System\YvFSasL.exe

C:\Windows\System\nBtQVeN.exe

C:\Windows\System\nBtQVeN.exe

C:\Windows\System\hkEAYmD.exe

C:\Windows\System\hkEAYmD.exe

C:\Windows\System\IwhWcvn.exe

C:\Windows\System\IwhWcvn.exe

C:\Windows\System\yzDCqoO.exe

C:\Windows\System\yzDCqoO.exe

C:\Windows\System\YcjjIBa.exe

C:\Windows\System\YcjjIBa.exe

C:\Windows\System\JEabnhC.exe

C:\Windows\System\JEabnhC.exe

C:\Windows\System\XZzgnJh.exe

C:\Windows\System\XZzgnJh.exe

C:\Windows\System\BvRnsjQ.exe

C:\Windows\System\BvRnsjQ.exe

C:\Windows\System\FwFOKjO.exe

C:\Windows\System\FwFOKjO.exe

C:\Windows\System\jWPqwGa.exe

C:\Windows\System\jWPqwGa.exe

C:\Windows\System\yetoukA.exe

C:\Windows\System\yetoukA.exe

C:\Windows\System\EXLsmrL.exe

C:\Windows\System\EXLsmrL.exe

C:\Windows\System\QNrnTHy.exe

C:\Windows\System\QNrnTHy.exe

C:\Windows\System\KZylLJG.exe

C:\Windows\System\KZylLJG.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1864" "2964" "2920" "2968" "0" "0" "2972" "0" "0" "0" "0" "0"

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/3044-0-0x00007FF6F3F60000-0x00007FF6F4356000-memory.dmp

memory/3044-1-0x00000286EE970000-0x00000286EE980000-memory.dmp

C:\Windows\System\xodWyOV.exe

MD5 641dad62024e172a037d120b956a8a3b
SHA1 606013b567ceb48e7459437bed091b184ed3716b
SHA256 d03acb881e5b632104d8b1ffd5cf9e541f2270073e3966ceeadcfa7d700b8853
SHA512 53edcd54137c756e9b4f771acfa6ac6574db1b102f5c1e70c08005e7732a1f469cea4015f1a5d2558d02dd3bf39de3df044a45ff8a4016b4965f4da3b5809866

C:\Windows\System\XcTgtak.exe

MD5 d036922bb942ac7b687f9e55aa7a0d38
SHA1 d6cbd21b6c7a3e6fa51c50afb3dafeb82d2de6d9
SHA256 b37a20edd71ade30c45d20dfc21a81e2f933344d1057a5d6a9ffec6af337b307
SHA512 ccc63d34e309c7cffe5b41d6d2154a6ef8c774a89ca77ad11f048ed22e89b53de0ecf61ec1f169440f899365a96bffc76288bab4f9933853da551201795ed2ed

C:\Windows\System\rernlWi.exe

MD5 a7480af1fdf0e9e1f1c98faed2e21127
SHA1 8fa9f3fa8a28366c665d79342eea02d2d8455d3b
SHA256 20d7b480eaa87e3b76274a6776d63e3dbf1307486259f125fabbd2cb0119712d
SHA512 a79909989e0854b872b87bcca029c64a484dd90dbfec2659000156546723dc13092868848a884da864147dd1649d17af1366c16d819ac54d183793d09076336f

memory/1864-22-0x00007FFC391B0000-0x00007FFC39C71000-memory.dmp

C:\Windows\System\DBNbUNf.exe

MD5 f4ea6492298046307a702b02e319eab2
SHA1 fc6129f0973233fff806de42d89adf1217ab83e7
SHA256 132430aa6e1a9ac41c9653826367cfee585415b3e1aa0ae0013c50017fcb50a2
SHA512 4f35190e94512c97a628aa6731817a8b98726ac829c0d757099855d062e5372e5b1a494cc2d93aa3bb16d12dcd0e4d6f3926f1d21d60d94eee1de1f1f4dc038c

C:\Windows\System\QTVIRQF.exe

MD5 b54e1133b99939f2668ece3de6208e6b
SHA1 8753828e6128667a1b7d8de7316f1ebee08fdf6a
SHA256 8f9fa9ba9460f2fe494814ae6aaddb721e0d5bf460b9ca28921bd3dd8b0e1b0f
SHA512 a572310a2c0e4ed63003a6b3463006ec7618a7c6bc2a7d542296eb28ce05f33a7823ec5f9abc290c679d0edc608c41fea6908d13072d85f046e6f20fc00740c8

C:\Windows\System\UviYgdA.exe

MD5 10662454b8d17a6e6ba711316589d1f5
SHA1 4ec3c34e5bbc95eb73f5cb9adaacb4d595fd2386
SHA256 520f229e3f4a6aa03bb3b988e1119441781c845e6515c47991ad6b1ae2d08946
SHA512 1219debc57f5d3a391b94db337c55b39223ca161b9ef2dc6fa043b76ecb8382490d75a1a17e01b7a66e88a413d27151ee6d83148148c449ffc624db32e19fa3b

C:\Windows\System\vUojyWT.exe

MD5 5c3aa86e610bb16911c07559d0d9fba0
SHA1 9e421fca825e0d7178b3184d274cf11eab491b21
SHA256 cad4f6306ea9030d86ab30c9c910b326e770350ca4a6f807c349eb6df4cf40b5
SHA512 27386b4d4a1262faf3bdecfe3237351868d45d0f8b89d0a7f52e6138361f3bdd3c0377c78700be8ef12cfc903316e51a27d6c09bb2fc19f640868420d593b440

C:\Windows\System\EEshNyQ.exe

MD5 cb0a476e709ed89319e1baa5f4dd7226
SHA1 8fce17b4769018c5132d22bb247b70bd1ec45958
SHA256 367d4de82da28975ace2124b43952421de19e27eb302e410690ec6daa17197b3
SHA512 43a555d072fc50d11940a473bd61b4681f86815e6aca0c6348c0ef777858d6e162b38541b6fc4a27d4a20da8f32f6f2f0f10f981f808383415007e79945d4a1d

C:\Windows\System\YkoVwcW.exe

MD5 b6e2c8881673a9d8d519e3a6bdb7f65a
SHA1 ddea5ba6c7289c6bdcd95043f9e5394509ddae71
SHA256 ea94bd688babcd519a53b43be1a533b0176d448d25123b526720c94b1180d591
SHA512 f93894399a380dce517a4a983458595f1cf0ca84b3349782caa6061e3e3270a08b10c545f488f59075101ff3904c03502164cd4aeaa7d3ca8cd7a0be8d5e10db

C:\Windows\System\nOxJwxz.exe

MD5 c09a2dee68580a741def9509c01c133d
SHA1 a958f34709a7b4d804301e667524c12e468dd2a5
SHA256 979a061d5c1ca8c36ef2989ccf1fb9fc77f9db62a3d8e1d31df199e4021db585
SHA512 ca0f338edf35d1b22dd3b181e038f15786901c834c59f33e29a37505b34e0463d6d0b4394de2bd389db7a96ea3411df4363916884cfaea59f0554137c56d655b

C:\Windows\System\WFPJNBA.exe

MD5 a598e8d55b716008f63cd6a3c0dece50
SHA1 d4b3bf92211c5ad1bd59d64f1ab44e4b9abc622c
SHA256 4597a2d6ee77c99c9d1cc5e130e78e8d4359b02a72041446fb7c18be31a83a06
SHA512 87c6d2384b797364c5072dac2906fd8f7c440a310e6604a5d81598d0ba3f0899692cffe614cd665a6bb2d4728f4f0cd4e9abb084777fe7c68ef61942f42ca1fe

C:\Windows\System\ujGJOCO.exe

MD5 675de39560456a07cf6c09ec913e07bc
SHA1 ee2669e9662ead01bffc4ffa84cbed0b20156dc5
SHA256 ebaadcca25f94d19d8e93d061f7bcd8fbecb004495687808c7279269b8803a48
SHA512 3b6e7e6893e55885e54a81d40871612f094e9e9daa37a69c382f87262ce2a78776dff017cfc36732d631f9259556d0ddbc86ab4200ffcc24ee99c1a6ee3fc772

C:\Windows\System\zuxLTUz.exe

MD5 c0368ca7c4796ff54e30fc8f135c8085
SHA1 bd107e1f946bdaaa1a9f06ec788b5f8dce11b4d6
SHA256 850e4435bcf2574d4127fad20a82ebbb50753faededb505f7c05fc2132d2a91b
SHA512 d74992a5f37051b8dfe83468755f8a40733746a4844901c74dffad20c0bfb58fcc26771ccd58f4d1ff53b2a7a44096e2ae2430a1ef91ab8269b0e831c8d02da6

C:\Windows\System\MqylAoD.exe

MD5 870c2c38a71d24a04004780aaf3f8ef5
SHA1 156b34dc380d885b4b64cc9cddbaeb6d52a9d028
SHA256 beac9bed3a3a168a89d4f1bfa316899397b1fa2c977593e3fe9d19940c909820
SHA512 6ace19b3c05020733cbe26ee8c9eced9fccb00523d35355579c04e93ec8a71c8037710dab3172a31b2d54b118f3c7d35a622e29b0ef089636de2cb518d96565e

C:\Windows\System\kmFlgOV.exe

MD5 2d788f11fa522ddf4d0dc6c9729832a1
SHA1 bf4037f440d8882dd11f73406b1981ee36892a32
SHA256 3d8bee52cc12378c3cbbf55475680ed4dcf4a8b6b33b78902a5cd5d77691696e
SHA512 d4e9b07b5419507ee14491570d459e05175d7f5dd0101bd59c0fc5baf4baab6ccd8c76531ce33dcfadd45377e5a3b99e0d45a44bfdf83b1ec9bc20395f551c58

C:\Windows\System\IpLJDsR.exe

MD5 efc76f685f37e65e35cecdcc0a7f27d2
SHA1 32ccef89bce73dd80b7fdb7bf89c0bfc826b0fea
SHA256 008898ea0c1c92d45fece084d6b2762fda4fadcb461f8a796656f07500fd92ed
SHA512 a67eeff46343580a54047bdd0a254fafc89bc796a798fa11e076418f0aefe80c4874cbe84bb13c72a9fb5ffe5b54e2916ee0de714e6d6d2c382d83ed66c29e16

memory/2728-799-0x00007FF71D0D0000-0x00007FF71D4C6000-memory.dmp

C:\Windows\System\kIcZnfH.exe

MD5 b1702c6d1751cb7b5ee5e02f1b484d4c
SHA1 e8e6a22f1697cbd944c77fb5ec538b26fa4fb5c9
SHA256 1b2dbdcda506786f14e0b69017927938356dad193c6e618c64472c55fc51b339
SHA512 92c640a92bfa6c59861cc8aefce2411741ccc3d1d99b1d6a627692f58ea13ab9d162f8db3703d766d296625d39065a2b3f33a97cf464083fd02df4abce79d7e0

C:\Windows\System\qrEAOCQ.exe

MD5 01a066b436bcc2e110cca7c2a869c6e3
SHA1 3f1ba22668412bfe6a940717433685a8f12b134b
SHA256 d2082b4004f8cf30dab82bbd1337e4995f5ade542bebb8fb897781a9f9c80940
SHA512 cb23f2b7278dcb86ba119e80310649d1435309aad5c597b025136dd1417c591c4e8b01c887d1cfbdcc5760c456b20e3e3b6cccdc540448b44478839b88893a6b

C:\Windows\System\qHNFeAn.exe

MD5 a8de3da98b7b49d9cb8392856326b6e4
SHA1 738c6aca017d92c576a1fbd9efe51648e0cf12c7
SHA256 d2491de3365ba06fa588ad6a90a388b9011270d80fbea78eb5730e4e4914fdc7
SHA512 319c202a1d59e7f8db2d07526f9d31faa9a9e27237b8cc2253a762e25af66bcef06a6e6d25694f647fb474fcdf94a0f5573b3d8511de86d9861241d725ab1bde

C:\Windows\System\rnlJKTg.exe

MD5 d4c5b45cf2581992e5c6a241daf71e3c
SHA1 cfbb4a9c3d9c5cc544395b744e74ac4dad0153e0
SHA256 64bf37ea6e1f0020f704c2097f462f8364e6b26dcc6ae7825c9d7130ad7fc0a0
SHA512 691ab4731322b700bf9e160ca074f033f5856e23ed29abdd08dadc051b209beb8ca86aa552f4498df461e4183688ec4c0c3acf1efbe13a81dfc9b7ad1595af0e

C:\Windows\System\MLprdpp.exe

MD5 4dac369d18e240a2abe0918ede750a3b
SHA1 69b922bf6f317badddf0b5ee2759f9e449d438c7
SHA256 7cd730d9a015cbd8a340862e8c62557eff6fbec4410512bc1b81253f83ef0e0b
SHA512 ec97bc703e46e7d15e602688df71b88cc4e3c15e7b507e6ad19011bad42c1ae45b3baaafb368f236c3e7bbeb10fac71c69f5aac53051bfcd55655df5b78e793e

C:\Windows\System\KEhezQe.exe

MD5 d880bd97fb7189131b658ef910185bb8
SHA1 32ff2e746db7f6a15e13e07dce7e062a0d03e3ac
SHA256 3fec47dda4ee90c2720451f6b72fb4ac8ebbce9b7589ff1a668cd604e3abcad3
SHA512 79862f2678335ed43b08d9948e67bb3e9628e75633cc72d6312f5f3427ae0c4706d968ccf1013f1eeca018d4b268bf90f8721430231966a754c537c21358da89

C:\Windows\System\vyzrFfo.exe

MD5 23d94fab031866d1eafa9f852aacdac2
SHA1 6c4ec025dcebbdeaf63b12b79abfe0964dd84708
SHA256 f5729922986a1552050419ee93f585740efa2e580f7d1d82a257e0ab5a642e25
SHA512 c3c5c8372b842695df09d370151e80b0f5be7d0c2dabf3108edbf8f69505d14865ab7b91546cba3957a26222a5cee0eac16bf09c588eb4d8657456234e77c03a

C:\Windows\System\CIjgfgI.exe

MD5 20c7822178d83992369410e5339db5fc
SHA1 1eca630a46c93cb6fd8bea423d62fcda7590a144
SHA256 0914c0bd79a12caf5a0eaf1d9cd2323ad325357dfe5d16e4e6a3873216223bfd
SHA512 06088473ee7df3b68b00d37f8d4e7b1c16943ec34004ff5aa4607eb6c44d72de4ec1b03fe8c72ba450d981a708615d8fc73b568483a9b2f721ed74944a5e295c

C:\Windows\System\jskrEio.exe

MD5 e7c6f2f6e2e9ef80947dcc4bb27793ca
SHA1 ac75bca9403984194a2d366e4643af5b6f0a49b1
SHA256 9f1c8abf4273808222ee8449418ef99177cc93314ad7549e3c1ef4abfa60bb26
SHA512 06d1e02a459525517b6ccece7e3c16f3de866c179b28a367e40de12673a3461978e8d4b6cdfd90347ca21854db5d9a04155fadd122ac538a5db39edac3224d5e

C:\Windows\System\DEalznE.exe

MD5 4e9cc7b77b1f55120aaf7d92833aa31e
SHA1 062957aa416aafbdf97290b9b38ebfc130315c7e
SHA256 e622741880abf983a16c46bf87ed795fa28a0c12145341031413b72e9c608418
SHA512 7981a303245f37e623c6ffec0e470b54f35570a51770cee83373030066dfe85295c38410255dcf26b94c2ee4e928d794bee47b6fa1f05b51a623218b7a93e886

C:\Windows\System\HQZOoEY.exe

MD5 7963c7542d47a9fe192ab4a44ebd2de7
SHA1 fb9305f17b8926c113cd80fd9184b2c7ea13cb35
SHA256 645fbfa6114a3f64aed3132c4b776e616a216f0ed8e86d2cb79216e3f99d6ff3
SHA512 8844e60e60a9f09eced6d14c730541d469097f28a37b5ed2ad7fe37627fd0c888bed6153037d777c81d1d4fefe4447d66482cae944fa743d20414fcad3269047

C:\Windows\System\fPKEIvr.exe

MD5 8093e09d29e13250dd649f5601122615
SHA1 544f68a077a7ac806131cf0cee4f9ae962bca60b
SHA256 fc36b5c855a3682d1388245ed394c0cc28e30caaef6a8d0818b6496152158ec2
SHA512 97267b8741d2e2fe287dfb66a1d51c509957ba79c14aa7554680570c83d94fda42417044f1e03efdef880fc5ad30dc17efa86e6c681a53e78115e46edd544f6b

C:\Windows\System\meFpUHs.exe

MD5 851dbfb72c608e6b431b7ad663e56ace
SHA1 0e827f0c238402c5914e2fb257cf12cd889876c2
SHA256 22c0d0223b54acf6c25cf0c660e4f78e273bf42f54e23447fe39a966103c6924
SHA512 e1db78c2d5c63ba86e336741e3540583860e93e75a05685d680e151872d28128e52b50028ad57475e499291b3e99129ab215cc3875005201fbcffbf46da08b42

C:\Windows\System\UkNQLwB.exe

MD5 4440de1180f1852694a7b292e37354d0
SHA1 8eea6c519c71acb393aec4faa0fd21adfec717d7
SHA256 93f2d8aa82afd8e24c315855adb0c00e3d6fe6eb31ccccf4423503bc3ddae63c
SHA512 53a6c67b4401aa61453296d3f10974d9ca3d3d5aada4753f53c491ce3e6856ade270003685eb27c5fb477680f803031b209cfddc12afb4d0808717d8defe1b63

memory/1812-103-0x00007FF7D38F0000-0x00007FF7D3CE6000-memory.dmp

memory/4192-98-0x00007FF7B7D80000-0x00007FF7B8176000-memory.dmp

memory/2280-95-0x00007FF6626A0000-0x00007FF662A96000-memory.dmp

memory/3308-91-0x00007FF69CDF0000-0x00007FF69D1E6000-memory.dmp

memory/2244-86-0x00007FF766910000-0x00007FF766D06000-memory.dmp

C:\Windows\System\UsnuhXY.exe

MD5 e7e9099a16816e2f55232aefe9360388
SHA1 3c2c9751d5a4ec85a9a7539d43c160896aa7c31b
SHA256 f96b8ab2d5dfdefe364d5804e1ad91a92e17d6e8c81f15ecf9fb8c9c097d7c00
SHA512 1ec2d5a42472f56e38f77449d34e30af1f8e35cf6173c1a0ab87a293625fdc59fa07024f36125b0894fcb7ec0b38ffe826d8d7ee3570a1ea8b50480caaddcfdc

memory/2836-84-0x00007FF6A54D0000-0x00007FF6A58C6000-memory.dmp

memory/1864-80-0x00007FFC391B0000-0x00007FFC39C71000-memory.dmp

C:\Windows\System\ktzCzjJ.exe

MD5 81388d4aa6fd20ff96bea2d9247e9033
SHA1 2c483e864a0f9b3f3762ecdad1f7575c2b3f12db
SHA256 84d97cdaa7756840c8cb74a35fe4560f5c56f3a890cee03ccea9fb8da19b3e83
SHA512 beb2ad992c745416ea8ae5ad58fea9ba0a9f8a64be7b92ca73299b4c428c840e62184ede26f9b9b4cdff8ae5dae2c8892a0dbdd0ae0cdfcd43a0db8958851668

C:\Windows\System\iZeMCNx.exe

MD5 281e82a15925e6a9190eba494bbf53c1
SHA1 bfaa2fa4166c2b3aee5ecb8c5d3166128a914a54
SHA256 aac59567170450de58fbd517d755746833f979b30b9059dfed54b3815d14d571
SHA512 a5f8b706b4bb29a0dd1d10d4ae607888889463ae3c175f4eb91b6e3457bc92b74f916af234634026a987c82e83599ab9e15e98d839a66a22180a8667640d21f5

memory/2736-54-0x00007FF628C40000-0x00007FF629036000-memory.dmp

memory/1692-46-0x00007FF6E1610000-0x00007FF6E1A06000-memory.dmp

memory/3444-43-0x00007FF615240000-0x00007FF615636000-memory.dmp

memory/1864-38-0x000001E9567F0000-0x000001E956812000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zzqhgcjt.ish.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4148-27-0x00007FF6966D0000-0x00007FF696AC6000-memory.dmp

memory/1864-9-0x00007FFC391B3000-0x00007FFC391B5000-memory.dmp

memory/2260-8-0x00007FF741250000-0x00007FF741646000-memory.dmp

memory/4412-807-0x00007FF7FBFE0000-0x00007FF7FC3D6000-memory.dmp

memory/1856-825-0x00007FF653B50000-0x00007FF653F46000-memory.dmp

memory/516-840-0x00007FF76A570000-0x00007FF76A966000-memory.dmp

memory/2264-850-0x00007FF7E9E00000-0x00007FF7EA1F6000-memory.dmp

memory/4980-857-0x00007FF637D30000-0x00007FF638126000-memory.dmp

memory/3168-854-0x00007FF626650000-0x00007FF626A46000-memory.dmp

memory/824-847-0x00007FF784DA0000-0x00007FF785196000-memory.dmp

memory/4300-844-0x00007FF7139C0000-0x00007FF713DB6000-memory.dmp

memory/4840-834-0x00007FF66A690000-0x00007FF66AA86000-memory.dmp

memory/4388-832-0x00007FF6FBE70000-0x00007FF6FC266000-memory.dmp

memory/4480-819-0x00007FF72E0D0000-0x00007FF72E4C6000-memory.dmp

memory/4660-813-0x00007FF72A6D0000-0x00007FF72AAC6000-memory.dmp

memory/1864-864-0x000001E9573A0000-0x000001E957B46000-memory.dmp

C:\Windows\System\svBcekT.exe

MD5 f691a081f3fbc76f4d31ef7de17a6701
SHA1 c2f76e341f16e6acb16a6ddc45ff81004b3276d6
SHA256 450bfe715b4ccd0a120f80318a52bca1da767f73da444842c593d2dc3aa52f90
SHA512 f6ca059bd1fe81cd2b89f4a60769b80b184c327ad9125f03a3fb647cc5bd867822450e2063331cf912047a4388326ba03f9c0aa4adbfe96890a979115d876404

memory/1864-2002-0x00007FFC391B3000-0x00007FFC391B5000-memory.dmp

memory/1864-2003-0x00007FFC391B0000-0x00007FFC39C71000-memory.dmp

memory/2736-2004-0x00007FF628C40000-0x00007FF629036000-memory.dmp

memory/1864-2005-0x00007FFC391B0000-0x00007FFC39C71000-memory.dmp

memory/1864-2015-0x00007FFC391B0000-0x00007FFC39C71000-memory.dmp

memory/2260-2016-0x00007FF741250000-0x00007FF741646000-memory.dmp

memory/4148-2017-0x00007FF6966D0000-0x00007FF696AC6000-memory.dmp

memory/3444-2018-0x00007FF615240000-0x00007FF615636000-memory.dmp

memory/2836-2019-0x00007FF6A54D0000-0x00007FF6A58C6000-memory.dmp

memory/1692-2020-0x00007FF6E1610000-0x00007FF6E1A06000-memory.dmp

memory/2244-2021-0x00007FF766910000-0x00007FF766D06000-memory.dmp

memory/2736-2022-0x00007FF628C40000-0x00007FF629036000-memory.dmp

memory/2728-2023-0x00007FF71D0D0000-0x00007FF71D4C6000-memory.dmp

memory/3308-2024-0x00007FF69CDF0000-0x00007FF69D1E6000-memory.dmp

memory/4192-2025-0x00007FF7B7D80000-0x00007FF7B8176000-memory.dmp

memory/2280-2026-0x00007FF6626A0000-0x00007FF662A96000-memory.dmp

memory/1812-2027-0x00007FF7D38F0000-0x00007FF7D3CE6000-memory.dmp

memory/4660-2028-0x00007FF72A6D0000-0x00007FF72AAC6000-memory.dmp

memory/4412-2029-0x00007FF7FBFE0000-0x00007FF7FC3D6000-memory.dmp

memory/1856-2034-0x00007FF653B50000-0x00007FF653F46000-memory.dmp

memory/4388-2033-0x00007FF6FBE70000-0x00007FF6FC266000-memory.dmp

memory/4840-2032-0x00007FF66A690000-0x00007FF66AA86000-memory.dmp

memory/516-2031-0x00007FF76A570000-0x00007FF76A966000-memory.dmp

memory/4480-2030-0x00007FF72E0D0000-0x00007FF72E4C6000-memory.dmp

memory/2264-2038-0x00007FF7E9E00000-0x00007FF7EA1F6000-memory.dmp

memory/824-2039-0x00007FF784DA0000-0x00007FF785196000-memory.dmp

memory/4300-2037-0x00007FF7139C0000-0x00007FF713DB6000-memory.dmp

memory/3168-2036-0x00007FF626650000-0x00007FF626A46000-memory.dmp

memory/4980-2035-0x00007FF637D30000-0x00007FF638126000-memory.dmp