Malware Analysis Report

2024-09-10 10:22

Sample ID 240613-p47j7stdqj
Target 7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe
SHA256 7008334bb5fd5dc6afafde8e8a56e71b0fdf94da762365a88d2fb79c2f8402e8
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7008334bb5fd5dc6afafde8e8a56e71b0fdf94da762365a88d2fb79c2f8402e8

Threat Level: Known bad

The file 7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:54

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:54

Reported

2024-06-13 12:56

Platform

win7-20240508-en

Max time kernel

150s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\uGzMPlF.exe N/A
N/A N/A C:\Windows\System\trOQwFY.exe N/A
N/A N/A C:\Windows\System\EupstiS.exe N/A
N/A N/A C:\Windows\System\UDkdwdY.exe N/A
N/A N/A C:\Windows\System\shbgDyX.exe N/A
N/A N/A C:\Windows\System\TrwnvZW.exe N/A
N/A N/A C:\Windows\System\ZfMwVwX.exe N/A
N/A N/A C:\Windows\System\zOgTMtJ.exe N/A
N/A N/A C:\Windows\System\tWNerBf.exe N/A
N/A N/A C:\Windows\System\JQVYDlx.exe N/A
N/A N/A C:\Windows\System\bJXCFMH.exe N/A
N/A N/A C:\Windows\System\ZMdCGLu.exe N/A
N/A N/A C:\Windows\System\SeABIAb.exe N/A
N/A N/A C:\Windows\System\dXCGsWW.exe N/A
N/A N/A C:\Windows\System\XvDAbBk.exe N/A
N/A N/A C:\Windows\System\cdQjoAR.exe N/A
N/A N/A C:\Windows\System\CfYApHu.exe N/A
N/A N/A C:\Windows\System\RJYGeoj.exe N/A
N/A N/A C:\Windows\System\CwdoDLG.exe N/A
N/A N/A C:\Windows\System\HYmgsYE.exe N/A
N/A N/A C:\Windows\System\sBzLKeX.exe N/A
N/A N/A C:\Windows\System\nUAeIvo.exe N/A
N/A N/A C:\Windows\System\ihzXMdx.exe N/A
N/A N/A C:\Windows\System\Snhwbhb.exe N/A
N/A N/A C:\Windows\System\mnPlptt.exe N/A
N/A N/A C:\Windows\System\rSrUUKc.exe N/A
N/A N/A C:\Windows\System\oEZyxXH.exe N/A
N/A N/A C:\Windows\System\oexPVWK.exe N/A
N/A N/A C:\Windows\System\EDxRjBO.exe N/A
N/A N/A C:\Windows\System\tpMWZBa.exe N/A
N/A N/A C:\Windows\System\egaUqJq.exe N/A
N/A N/A C:\Windows\System\RfPFmWO.exe N/A
N/A N/A C:\Windows\System\HyCSaIT.exe N/A
N/A N/A C:\Windows\System\nKqAodT.exe N/A
N/A N/A C:\Windows\System\GYwMYOi.exe N/A
N/A N/A C:\Windows\System\iiEYtwU.exe N/A
N/A N/A C:\Windows\System\TdIpJsK.exe N/A
N/A N/A C:\Windows\System\XvvXCfe.exe N/A
N/A N/A C:\Windows\System\cLASPPh.exe N/A
N/A N/A C:\Windows\System\BZxsWiM.exe N/A
N/A N/A C:\Windows\System\wnpyytC.exe N/A
N/A N/A C:\Windows\System\ZmYWIVb.exe N/A
N/A N/A C:\Windows\System\qnXOwaL.exe N/A
N/A N/A C:\Windows\System\YzdZAhz.exe N/A
N/A N/A C:\Windows\System\rQeRmZG.exe N/A
N/A N/A C:\Windows\System\lvpmhGs.exe N/A
N/A N/A C:\Windows\System\jpkSjAi.exe N/A
N/A N/A C:\Windows\System\PVmrQrw.exe N/A
N/A N/A C:\Windows\System\cSPyJgL.exe N/A
N/A N/A C:\Windows\System\oHjHYJW.exe N/A
N/A N/A C:\Windows\System\RVDCVCX.exe N/A
N/A N/A C:\Windows\System\OHjZaab.exe N/A
N/A N/A C:\Windows\System\dGrdDkr.exe N/A
N/A N/A C:\Windows\System\soGmmDX.exe N/A
N/A N/A C:\Windows\System\NgWfzVe.exe N/A
N/A N/A C:\Windows\System\DoDHEQl.exe N/A
N/A N/A C:\Windows\System\arhrowi.exe N/A
N/A N/A C:\Windows\System\syAuhwd.exe N/A
N/A N/A C:\Windows\System\EtWFeKD.exe N/A
N/A N/A C:\Windows\System\AyRUEhK.exe N/A
N/A N/A C:\Windows\System\qXdxmPN.exe N/A
N/A N/A C:\Windows\System\bUdSsrY.exe N/A
N/A N/A C:\Windows\System\HsfrTym.exe N/A
N/A N/A C:\Windows\System\KwJNQiP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RcLTNdz.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EbrXXsw.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wMBJddx.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\blqWBvn.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CtAXopG.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZjuUuBA.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UftIvcV.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\otPTaQT.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Awnelau.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZYYVvM.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzLUIKi.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oPfVqco.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hOVnsON.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMVHOzK.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTxlcza.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PmrYqSw.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PWXgsWA.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lAuNmMC.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HpydOQd.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VzWTxdh.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEfCHdp.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jOaivlW.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LcmdgGA.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wgANmUM.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGfOYit.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vvmfUbh.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CgPBjNf.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgrGfLU.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dnMNJIi.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cGDmokF.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZXTopW.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRIlXDd.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ysFCNVA.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qKFgHKZ.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiDxYXu.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IEfKpYd.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPOtnum.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXpojTs.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRBtKcm.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmDRbtg.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUbDuUR.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKTHAHn.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdPvmbO.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oDnUcIW.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vebiGKR.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhQBOFR.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEHXzhY.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wlvoPNW.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aLFiwPO.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTypnOq.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdfyAhz.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwQwTPc.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ksjqkSt.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rluyosB.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jRsoXLw.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMgHgnD.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VGIYHRM.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KZSbwQA.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQYBTZj.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pNcEdMU.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ejwNZlH.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SNTNcMH.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpgfYYG.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\upSrChz.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2232 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2232 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2232 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\uGzMPlF.exe
PID 2232 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\uGzMPlF.exe
PID 2232 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\uGzMPlF.exe
PID 2232 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\trOQwFY.exe
PID 2232 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\trOQwFY.exe
PID 2232 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\trOQwFY.exe
PID 2232 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\EupstiS.exe
PID 2232 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\EupstiS.exe
PID 2232 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\EupstiS.exe
PID 2232 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\UDkdwdY.exe
PID 2232 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\UDkdwdY.exe
PID 2232 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\UDkdwdY.exe
PID 2232 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\shbgDyX.exe
PID 2232 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\shbgDyX.exe
PID 2232 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\shbgDyX.exe
PID 2232 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\zOgTMtJ.exe
PID 2232 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\zOgTMtJ.exe
PID 2232 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\zOgTMtJ.exe
PID 2232 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\TrwnvZW.exe
PID 2232 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\TrwnvZW.exe
PID 2232 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\TrwnvZW.exe
PID 2232 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\tWNerBf.exe
PID 2232 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\tWNerBf.exe
PID 2232 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\tWNerBf.exe
PID 2232 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ZfMwVwX.exe
PID 2232 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ZfMwVwX.exe
PID 2232 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ZfMwVwX.exe
PID 2232 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\JQVYDlx.exe
PID 2232 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\JQVYDlx.exe
PID 2232 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\JQVYDlx.exe
PID 2232 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\bJXCFMH.exe
PID 2232 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\bJXCFMH.exe
PID 2232 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\bJXCFMH.exe
PID 2232 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ZMdCGLu.exe
PID 2232 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ZMdCGLu.exe
PID 2232 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ZMdCGLu.exe
PID 2232 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\SeABIAb.exe
PID 2232 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\SeABIAb.exe
PID 2232 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\SeABIAb.exe
PID 2232 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\dXCGsWW.exe
PID 2232 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\dXCGsWW.exe
PID 2232 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\dXCGsWW.exe
PID 2232 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\XvDAbBk.exe
PID 2232 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\XvDAbBk.exe
PID 2232 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\XvDAbBk.exe
PID 2232 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\cdQjoAR.exe
PID 2232 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\cdQjoAR.exe
PID 2232 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\cdQjoAR.exe
PID 2232 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\CfYApHu.exe
PID 2232 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\CfYApHu.exe
PID 2232 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\CfYApHu.exe
PID 2232 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\RJYGeoj.exe
PID 2232 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\RJYGeoj.exe
PID 2232 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\RJYGeoj.exe
PID 2232 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\CwdoDLG.exe
PID 2232 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\CwdoDLG.exe
PID 2232 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\CwdoDLG.exe
PID 2232 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\HYmgsYE.exe
PID 2232 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\HYmgsYE.exe
PID 2232 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\HYmgsYE.exe
PID 2232 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\sBzLKeX.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\uGzMPlF.exe

C:\Windows\System\uGzMPlF.exe

C:\Windows\System\trOQwFY.exe

C:\Windows\System\trOQwFY.exe

C:\Windows\System\EupstiS.exe

C:\Windows\System\EupstiS.exe

C:\Windows\System\UDkdwdY.exe

C:\Windows\System\UDkdwdY.exe

C:\Windows\System\shbgDyX.exe

C:\Windows\System\shbgDyX.exe

C:\Windows\System\zOgTMtJ.exe

C:\Windows\System\zOgTMtJ.exe

C:\Windows\System\TrwnvZW.exe

C:\Windows\System\TrwnvZW.exe

C:\Windows\System\tWNerBf.exe

C:\Windows\System\tWNerBf.exe

C:\Windows\System\ZfMwVwX.exe

C:\Windows\System\ZfMwVwX.exe

C:\Windows\System\JQVYDlx.exe

C:\Windows\System\JQVYDlx.exe

C:\Windows\System\bJXCFMH.exe

C:\Windows\System\bJXCFMH.exe

C:\Windows\System\ZMdCGLu.exe

C:\Windows\System\ZMdCGLu.exe

C:\Windows\System\SeABIAb.exe

C:\Windows\System\SeABIAb.exe

C:\Windows\System\dXCGsWW.exe

C:\Windows\System\dXCGsWW.exe

C:\Windows\System\XvDAbBk.exe

C:\Windows\System\XvDAbBk.exe

C:\Windows\System\cdQjoAR.exe

C:\Windows\System\cdQjoAR.exe

C:\Windows\System\CfYApHu.exe

C:\Windows\System\CfYApHu.exe

C:\Windows\System\RJYGeoj.exe

C:\Windows\System\RJYGeoj.exe

C:\Windows\System\CwdoDLG.exe

C:\Windows\System\CwdoDLG.exe

C:\Windows\System\HYmgsYE.exe

C:\Windows\System\HYmgsYE.exe

C:\Windows\System\sBzLKeX.exe

C:\Windows\System\sBzLKeX.exe

C:\Windows\System\nUAeIvo.exe

C:\Windows\System\nUAeIvo.exe

C:\Windows\System\ihzXMdx.exe

C:\Windows\System\ihzXMdx.exe

C:\Windows\System\Snhwbhb.exe

C:\Windows\System\Snhwbhb.exe

C:\Windows\System\mnPlptt.exe

C:\Windows\System\mnPlptt.exe

C:\Windows\System\rSrUUKc.exe

C:\Windows\System\rSrUUKc.exe

C:\Windows\System\oEZyxXH.exe

C:\Windows\System\oEZyxXH.exe

C:\Windows\System\oexPVWK.exe

C:\Windows\System\oexPVWK.exe

C:\Windows\System\EDxRjBO.exe

C:\Windows\System\EDxRjBO.exe

C:\Windows\System\tpMWZBa.exe

C:\Windows\System\tpMWZBa.exe

C:\Windows\System\egaUqJq.exe

C:\Windows\System\egaUqJq.exe

C:\Windows\System\RfPFmWO.exe

C:\Windows\System\RfPFmWO.exe

C:\Windows\System\HyCSaIT.exe

C:\Windows\System\HyCSaIT.exe

C:\Windows\System\nKqAodT.exe

C:\Windows\System\nKqAodT.exe

C:\Windows\System\GYwMYOi.exe

C:\Windows\System\GYwMYOi.exe

C:\Windows\System\iiEYtwU.exe

C:\Windows\System\iiEYtwU.exe

C:\Windows\System\TdIpJsK.exe

C:\Windows\System\TdIpJsK.exe

C:\Windows\System\XvvXCfe.exe

C:\Windows\System\XvvXCfe.exe

C:\Windows\System\cLASPPh.exe

C:\Windows\System\cLASPPh.exe

C:\Windows\System\BZxsWiM.exe

C:\Windows\System\BZxsWiM.exe

C:\Windows\System\wnpyytC.exe

C:\Windows\System\wnpyytC.exe

C:\Windows\System\ZmYWIVb.exe

C:\Windows\System\ZmYWIVb.exe

C:\Windows\System\qnXOwaL.exe

C:\Windows\System\qnXOwaL.exe

C:\Windows\System\YzdZAhz.exe

C:\Windows\System\YzdZAhz.exe

C:\Windows\System\rQeRmZG.exe

C:\Windows\System\rQeRmZG.exe

C:\Windows\System\lvpmhGs.exe

C:\Windows\System\lvpmhGs.exe

C:\Windows\System\jpkSjAi.exe

C:\Windows\System\jpkSjAi.exe

C:\Windows\System\PVmrQrw.exe

C:\Windows\System\PVmrQrw.exe

C:\Windows\System\cSPyJgL.exe

C:\Windows\System\cSPyJgL.exe

C:\Windows\System\oHjHYJW.exe

C:\Windows\System\oHjHYJW.exe

C:\Windows\System\RVDCVCX.exe

C:\Windows\System\RVDCVCX.exe

C:\Windows\System\OHjZaab.exe

C:\Windows\System\OHjZaab.exe

C:\Windows\System\dGrdDkr.exe

C:\Windows\System\dGrdDkr.exe

C:\Windows\System\soGmmDX.exe

C:\Windows\System\soGmmDX.exe

C:\Windows\System\NgWfzVe.exe

C:\Windows\System\NgWfzVe.exe

C:\Windows\System\DoDHEQl.exe

C:\Windows\System\DoDHEQl.exe

C:\Windows\System\arhrowi.exe

C:\Windows\System\arhrowi.exe

C:\Windows\System\EtWFeKD.exe

C:\Windows\System\EtWFeKD.exe

C:\Windows\System\syAuhwd.exe

C:\Windows\System\syAuhwd.exe

C:\Windows\System\AyRUEhK.exe

C:\Windows\System\AyRUEhK.exe

C:\Windows\System\qXdxmPN.exe

C:\Windows\System\qXdxmPN.exe

C:\Windows\System\bUdSsrY.exe

C:\Windows\System\bUdSsrY.exe

C:\Windows\System\HsfrTym.exe

C:\Windows\System\HsfrTym.exe

C:\Windows\System\KwJNQiP.exe

C:\Windows\System\KwJNQiP.exe

C:\Windows\System\nYGQUjM.exe

C:\Windows\System\nYGQUjM.exe

C:\Windows\System\sXIwAQQ.exe

C:\Windows\System\sXIwAQQ.exe

C:\Windows\System\tfMjGmI.exe

C:\Windows\System\tfMjGmI.exe

C:\Windows\System\xzkcrsB.exe

C:\Windows\System\xzkcrsB.exe

C:\Windows\System\bcVEJch.exe

C:\Windows\System\bcVEJch.exe

C:\Windows\System\xvvTFeg.exe

C:\Windows\System\xvvTFeg.exe

C:\Windows\System\xZImoZh.exe

C:\Windows\System\xZImoZh.exe

C:\Windows\System\avAbHUu.exe

C:\Windows\System\avAbHUu.exe

C:\Windows\System\iNBHeZq.exe

C:\Windows\System\iNBHeZq.exe

C:\Windows\System\kzyzAeU.exe

C:\Windows\System\kzyzAeU.exe

C:\Windows\System\StHtdqF.exe

C:\Windows\System\StHtdqF.exe

C:\Windows\System\UXIQTEN.exe

C:\Windows\System\UXIQTEN.exe

C:\Windows\System\OiqgbCk.exe

C:\Windows\System\OiqgbCk.exe

C:\Windows\System\zLxDcko.exe

C:\Windows\System\zLxDcko.exe

C:\Windows\System\PvMTzVC.exe

C:\Windows\System\PvMTzVC.exe

C:\Windows\System\BGnGEPO.exe

C:\Windows\System\BGnGEPO.exe

C:\Windows\System\yhtGJjA.exe

C:\Windows\System\yhtGJjA.exe

C:\Windows\System\TrUJCLS.exe

C:\Windows\System\TrUJCLS.exe

C:\Windows\System\dxBVnCd.exe

C:\Windows\System\dxBVnCd.exe

C:\Windows\System\dqGHAuu.exe

C:\Windows\System\dqGHAuu.exe

C:\Windows\System\yhqCEHH.exe

C:\Windows\System\yhqCEHH.exe

C:\Windows\System\QtswIem.exe

C:\Windows\System\QtswIem.exe

C:\Windows\System\YDbQKvR.exe

C:\Windows\System\YDbQKvR.exe

C:\Windows\System\SerGDVR.exe

C:\Windows\System\SerGDVR.exe

C:\Windows\System\ytrzXhs.exe

C:\Windows\System\ytrzXhs.exe

C:\Windows\System\ewRYOEH.exe

C:\Windows\System\ewRYOEH.exe

C:\Windows\System\gmKiFKR.exe

C:\Windows\System\gmKiFKR.exe

C:\Windows\System\uaXvDBo.exe

C:\Windows\System\uaXvDBo.exe

C:\Windows\System\kNNLmTd.exe

C:\Windows\System\kNNLmTd.exe

C:\Windows\System\CRiWtWE.exe

C:\Windows\System\CRiWtWE.exe

C:\Windows\System\VzVhmnH.exe

C:\Windows\System\VzVhmnH.exe

C:\Windows\System\UFQvxoJ.exe

C:\Windows\System\UFQvxoJ.exe

C:\Windows\System\ktzgIgy.exe

C:\Windows\System\ktzgIgy.exe

C:\Windows\System\zsHOaff.exe

C:\Windows\System\zsHOaff.exe

C:\Windows\System\YriNndw.exe

C:\Windows\System\YriNndw.exe

C:\Windows\System\HriBUAg.exe

C:\Windows\System\HriBUAg.exe

C:\Windows\System\FwaJrSy.exe

C:\Windows\System\FwaJrSy.exe

C:\Windows\System\xVUwjek.exe

C:\Windows\System\xVUwjek.exe

C:\Windows\System\oUtIDam.exe

C:\Windows\System\oUtIDam.exe

C:\Windows\System\LDzwIAU.exe

C:\Windows\System\LDzwIAU.exe

C:\Windows\System\ObSYhmm.exe

C:\Windows\System\ObSYhmm.exe

C:\Windows\System\qRDVMXY.exe

C:\Windows\System\qRDVMXY.exe

C:\Windows\System\nuptjkA.exe

C:\Windows\System\nuptjkA.exe

C:\Windows\System\dBgyEWo.exe

C:\Windows\System\dBgyEWo.exe

C:\Windows\System\AtrZzaH.exe

C:\Windows\System\AtrZzaH.exe

C:\Windows\System\MRsqgUQ.exe

C:\Windows\System\MRsqgUQ.exe

C:\Windows\System\zxznARb.exe

C:\Windows\System\zxznARb.exe

C:\Windows\System\eBLuQDX.exe

C:\Windows\System\eBLuQDX.exe

C:\Windows\System\DtihqWU.exe

C:\Windows\System\DtihqWU.exe

C:\Windows\System\GqqxmPm.exe

C:\Windows\System\GqqxmPm.exe

C:\Windows\System\EkCaivD.exe

C:\Windows\System\EkCaivD.exe

C:\Windows\System\khFRfiR.exe

C:\Windows\System\khFRfiR.exe

C:\Windows\System\RezkUBu.exe

C:\Windows\System\RezkUBu.exe

C:\Windows\System\BVFlfrY.exe

C:\Windows\System\BVFlfrY.exe

C:\Windows\System\pduzgHu.exe

C:\Windows\System\pduzgHu.exe

C:\Windows\System\oQAHVGw.exe

C:\Windows\System\oQAHVGw.exe

C:\Windows\System\ccxjELS.exe

C:\Windows\System\ccxjELS.exe

C:\Windows\System\mGIlfZY.exe

C:\Windows\System\mGIlfZY.exe

C:\Windows\System\zAitBIl.exe

C:\Windows\System\zAitBIl.exe

C:\Windows\System\AFUXwQG.exe

C:\Windows\System\AFUXwQG.exe

C:\Windows\System\ayZCbkC.exe

C:\Windows\System\ayZCbkC.exe

C:\Windows\System\ObMSkMA.exe

C:\Windows\System\ObMSkMA.exe

C:\Windows\System\ubolrRa.exe

C:\Windows\System\ubolrRa.exe

C:\Windows\System\wJfwzdY.exe

C:\Windows\System\wJfwzdY.exe

C:\Windows\System\TIlPuNl.exe

C:\Windows\System\TIlPuNl.exe

C:\Windows\System\USALckd.exe

C:\Windows\System\USALckd.exe

C:\Windows\System\IPKOXrb.exe

C:\Windows\System\IPKOXrb.exe

C:\Windows\System\GddmwmN.exe

C:\Windows\System\GddmwmN.exe

C:\Windows\System\oPBYjnU.exe

C:\Windows\System\oPBYjnU.exe

C:\Windows\System\TlelQme.exe

C:\Windows\System\TlelQme.exe

C:\Windows\System\zgtHfzc.exe

C:\Windows\System\zgtHfzc.exe

C:\Windows\System\wjOxWlR.exe

C:\Windows\System\wjOxWlR.exe

C:\Windows\System\aRWUFNA.exe

C:\Windows\System\aRWUFNA.exe

C:\Windows\System\YoGatkr.exe

C:\Windows\System\YoGatkr.exe

C:\Windows\System\SbLXwgg.exe

C:\Windows\System\SbLXwgg.exe

C:\Windows\System\iUMHyrj.exe

C:\Windows\System\iUMHyrj.exe

C:\Windows\System\MpbKalB.exe

C:\Windows\System\MpbKalB.exe

C:\Windows\System\sXdbuNl.exe

C:\Windows\System\sXdbuNl.exe

C:\Windows\System\LbJphRv.exe

C:\Windows\System\LbJphRv.exe

C:\Windows\System\XqlqszD.exe

C:\Windows\System\XqlqszD.exe

C:\Windows\System\VoiLDbg.exe

C:\Windows\System\VoiLDbg.exe

C:\Windows\System\KYTFKsa.exe

C:\Windows\System\KYTFKsa.exe

C:\Windows\System\dhbHapN.exe

C:\Windows\System\dhbHapN.exe

C:\Windows\System\GxvEGgX.exe

C:\Windows\System\GxvEGgX.exe

C:\Windows\System\tQfFZwU.exe

C:\Windows\System\tQfFZwU.exe

C:\Windows\System\lmeomIC.exe

C:\Windows\System\lmeomIC.exe

C:\Windows\System\SWnoptP.exe

C:\Windows\System\SWnoptP.exe

C:\Windows\System\MnjEzGM.exe

C:\Windows\System\MnjEzGM.exe

C:\Windows\System\DlTHWkp.exe

C:\Windows\System\DlTHWkp.exe

C:\Windows\System\XAEUjMq.exe

C:\Windows\System\XAEUjMq.exe

C:\Windows\System\ZDhdtCk.exe

C:\Windows\System\ZDhdtCk.exe

C:\Windows\System\tDXVFMO.exe

C:\Windows\System\tDXVFMO.exe

C:\Windows\System\BeFxFua.exe

C:\Windows\System\BeFxFua.exe

C:\Windows\System\bOlBceR.exe

C:\Windows\System\bOlBceR.exe

C:\Windows\System\YGkdPMm.exe

C:\Windows\System\YGkdPMm.exe

C:\Windows\System\tZnGDnU.exe

C:\Windows\System\tZnGDnU.exe

C:\Windows\System\ghYvTPm.exe

C:\Windows\System\ghYvTPm.exe

C:\Windows\System\EtybYtB.exe

C:\Windows\System\EtybYtB.exe

C:\Windows\System\zEfuiIY.exe

C:\Windows\System\zEfuiIY.exe

C:\Windows\System\TFZwGgk.exe

C:\Windows\System\TFZwGgk.exe

C:\Windows\System\YFElhFT.exe

C:\Windows\System\YFElhFT.exe

C:\Windows\System\DPxPHjO.exe

C:\Windows\System\DPxPHjO.exe

C:\Windows\System\MiOExEO.exe

C:\Windows\System\MiOExEO.exe

C:\Windows\System\OtsgmjY.exe

C:\Windows\System\OtsgmjY.exe

C:\Windows\System\htXhTKt.exe

C:\Windows\System\htXhTKt.exe

C:\Windows\System\auUglFp.exe

C:\Windows\System\auUglFp.exe

C:\Windows\System\bgCjTzJ.exe

C:\Windows\System\bgCjTzJ.exe

C:\Windows\System\hIMUpFD.exe

C:\Windows\System\hIMUpFD.exe

C:\Windows\System\eCfSkbd.exe

C:\Windows\System\eCfSkbd.exe

C:\Windows\System\bokBRJu.exe

C:\Windows\System\bokBRJu.exe

C:\Windows\System\zyexyuL.exe

C:\Windows\System\zyexyuL.exe

C:\Windows\System\IpFpYjD.exe

C:\Windows\System\IpFpYjD.exe

C:\Windows\System\ycqWQXs.exe

C:\Windows\System\ycqWQXs.exe

C:\Windows\System\DNoivKH.exe

C:\Windows\System\DNoivKH.exe

C:\Windows\System\xlQNntw.exe

C:\Windows\System\xlQNntw.exe

C:\Windows\System\RhgHdJB.exe

C:\Windows\System\RhgHdJB.exe

C:\Windows\System\zICfJwB.exe

C:\Windows\System\zICfJwB.exe

C:\Windows\System\BDpeGnc.exe

C:\Windows\System\BDpeGnc.exe

C:\Windows\System\pTueewq.exe

C:\Windows\System\pTueewq.exe

C:\Windows\System\mrUjrdH.exe

C:\Windows\System\mrUjrdH.exe

C:\Windows\System\qWZCSOF.exe

C:\Windows\System\qWZCSOF.exe

C:\Windows\System\CaNNcRi.exe

C:\Windows\System\CaNNcRi.exe

C:\Windows\System\aUqlxoS.exe

C:\Windows\System\aUqlxoS.exe

C:\Windows\System\csfVWql.exe

C:\Windows\System\csfVWql.exe

C:\Windows\System\AJsWQOr.exe

C:\Windows\System\AJsWQOr.exe

C:\Windows\System\cCnPNEq.exe

C:\Windows\System\cCnPNEq.exe

C:\Windows\System\oQtBZME.exe

C:\Windows\System\oQtBZME.exe

C:\Windows\System\jVzWeEy.exe

C:\Windows\System\jVzWeEy.exe

C:\Windows\System\PtBUGit.exe

C:\Windows\System\PtBUGit.exe

C:\Windows\System\SAjGnyC.exe

C:\Windows\System\SAjGnyC.exe

C:\Windows\System\VzqxMxz.exe

C:\Windows\System\VzqxMxz.exe

C:\Windows\System\aoOaubw.exe

C:\Windows\System\aoOaubw.exe

C:\Windows\System\WcTpZCP.exe

C:\Windows\System\WcTpZCP.exe

C:\Windows\System\tMpaUhL.exe

C:\Windows\System\tMpaUhL.exe

C:\Windows\System\RwbWAJJ.exe

C:\Windows\System\RwbWAJJ.exe

C:\Windows\System\MCCPeXW.exe

C:\Windows\System\MCCPeXW.exe

C:\Windows\System\qdDvlsc.exe

C:\Windows\System\qdDvlsc.exe

C:\Windows\System\vNNFRHr.exe

C:\Windows\System\vNNFRHr.exe

C:\Windows\System\NplBnAD.exe

C:\Windows\System\NplBnAD.exe

C:\Windows\System\IKZlymI.exe

C:\Windows\System\IKZlymI.exe

C:\Windows\System\TYSNtNj.exe

C:\Windows\System\TYSNtNj.exe

C:\Windows\System\QhyRGSx.exe

C:\Windows\System\QhyRGSx.exe

C:\Windows\System\XNidErW.exe

C:\Windows\System\XNidErW.exe

C:\Windows\System\MldFEMd.exe

C:\Windows\System\MldFEMd.exe

C:\Windows\System\gYEFOBb.exe

C:\Windows\System\gYEFOBb.exe

C:\Windows\System\DcJktZf.exe

C:\Windows\System\DcJktZf.exe

C:\Windows\System\GMEEMGe.exe

C:\Windows\System\GMEEMGe.exe

C:\Windows\System\MNEwaIf.exe

C:\Windows\System\MNEwaIf.exe

C:\Windows\System\OWMhlEh.exe

C:\Windows\System\OWMhlEh.exe

C:\Windows\System\VpjSCIi.exe

C:\Windows\System\VpjSCIi.exe

C:\Windows\System\XPQKLFP.exe

C:\Windows\System\XPQKLFP.exe

C:\Windows\System\XouCuMw.exe

C:\Windows\System\XouCuMw.exe

C:\Windows\System\jdMxfDx.exe

C:\Windows\System\jdMxfDx.exe

C:\Windows\System\iMPYMAi.exe

C:\Windows\System\iMPYMAi.exe

C:\Windows\System\UYPRlnI.exe

C:\Windows\System\UYPRlnI.exe

C:\Windows\System\CMmFOaK.exe

C:\Windows\System\CMmFOaK.exe

C:\Windows\System\IGbQgXf.exe

C:\Windows\System\IGbQgXf.exe

C:\Windows\System\LwJRkBs.exe

C:\Windows\System\LwJRkBs.exe

C:\Windows\System\bvUuuZk.exe

C:\Windows\System\bvUuuZk.exe

C:\Windows\System\HhJAKIw.exe

C:\Windows\System\HhJAKIw.exe

C:\Windows\System\nbXtIBW.exe

C:\Windows\System\nbXtIBW.exe

C:\Windows\System\mcEgBJe.exe

C:\Windows\System\mcEgBJe.exe

C:\Windows\System\ANzcBtE.exe

C:\Windows\System\ANzcBtE.exe

C:\Windows\System\vQAMdGW.exe

C:\Windows\System\vQAMdGW.exe

C:\Windows\System\SakquuM.exe

C:\Windows\System\SakquuM.exe

C:\Windows\System\MHfJkvC.exe

C:\Windows\System\MHfJkvC.exe

C:\Windows\System\zwIvdak.exe

C:\Windows\System\zwIvdak.exe

C:\Windows\System\zhAkHjg.exe

C:\Windows\System\zhAkHjg.exe

C:\Windows\System\eQqbqBf.exe

C:\Windows\System\eQqbqBf.exe

C:\Windows\System\TWljZpf.exe

C:\Windows\System\TWljZpf.exe

C:\Windows\System\UtNydDa.exe

C:\Windows\System\UtNydDa.exe

C:\Windows\System\UQZtsMJ.exe

C:\Windows\System\UQZtsMJ.exe

C:\Windows\System\jmWLpKv.exe

C:\Windows\System\jmWLpKv.exe

C:\Windows\System\FhNqPtb.exe

C:\Windows\System\FhNqPtb.exe

C:\Windows\System\vYaOyiZ.exe

C:\Windows\System\vYaOyiZ.exe

C:\Windows\System\jPbdHtb.exe

C:\Windows\System\jPbdHtb.exe

C:\Windows\System\VtmGFrG.exe

C:\Windows\System\VtmGFrG.exe

C:\Windows\System\BWxjgiE.exe

C:\Windows\System\BWxjgiE.exe

C:\Windows\System\MmoATYd.exe

C:\Windows\System\MmoATYd.exe

C:\Windows\System\SZknyTc.exe

C:\Windows\System\SZknyTc.exe

C:\Windows\System\jyIOxvp.exe

C:\Windows\System\jyIOxvp.exe

C:\Windows\System\hKFFiNb.exe

C:\Windows\System\hKFFiNb.exe

C:\Windows\System\QOoLmgI.exe

C:\Windows\System\QOoLmgI.exe

C:\Windows\System\jebPEyv.exe

C:\Windows\System\jebPEyv.exe

C:\Windows\System\slHPZLW.exe

C:\Windows\System\slHPZLW.exe

C:\Windows\System\bFBStOY.exe

C:\Windows\System\bFBStOY.exe

C:\Windows\System\YkxIVyI.exe

C:\Windows\System\YkxIVyI.exe

C:\Windows\System\skvstvi.exe

C:\Windows\System\skvstvi.exe

C:\Windows\System\oOBnxFU.exe

C:\Windows\System\oOBnxFU.exe

C:\Windows\System\nTDXgfv.exe

C:\Windows\System\nTDXgfv.exe

C:\Windows\System\XZXvhed.exe

C:\Windows\System\XZXvhed.exe

C:\Windows\System\BBeswBE.exe

C:\Windows\System\BBeswBE.exe

C:\Windows\System\yPxXgGw.exe

C:\Windows\System\yPxXgGw.exe

C:\Windows\System\hakuGoZ.exe

C:\Windows\System\hakuGoZ.exe

C:\Windows\System\HBqRZhL.exe

C:\Windows\System\HBqRZhL.exe

C:\Windows\System\WQgIGjy.exe

C:\Windows\System\WQgIGjy.exe

C:\Windows\System\yUdZWjz.exe

C:\Windows\System\yUdZWjz.exe

C:\Windows\System\iAGAybu.exe

C:\Windows\System\iAGAybu.exe

C:\Windows\System\OuaPXal.exe

C:\Windows\System\OuaPXal.exe

C:\Windows\System\OoVacxr.exe

C:\Windows\System\OoVacxr.exe

C:\Windows\System\WOOFDDf.exe

C:\Windows\System\WOOFDDf.exe

C:\Windows\System\GZHlkrL.exe

C:\Windows\System\GZHlkrL.exe

C:\Windows\System\pBdkKRH.exe

C:\Windows\System\pBdkKRH.exe

C:\Windows\System\WkKdcBP.exe

C:\Windows\System\WkKdcBP.exe

C:\Windows\System\AlwwsOm.exe

C:\Windows\System\AlwwsOm.exe

C:\Windows\System\BUrFnyn.exe

C:\Windows\System\BUrFnyn.exe

C:\Windows\System\uIwyZlU.exe

C:\Windows\System\uIwyZlU.exe

C:\Windows\System\pLTELiQ.exe

C:\Windows\System\pLTELiQ.exe

C:\Windows\System\aeHxnzY.exe

C:\Windows\System\aeHxnzY.exe

C:\Windows\System\yfVgAUY.exe

C:\Windows\System\yfVgAUY.exe

C:\Windows\System\qaMJrfX.exe

C:\Windows\System\qaMJrfX.exe

C:\Windows\System\oOqRbwZ.exe

C:\Windows\System\oOqRbwZ.exe

C:\Windows\System\szjklUL.exe

C:\Windows\System\szjklUL.exe

C:\Windows\System\dUamngk.exe

C:\Windows\System\dUamngk.exe

C:\Windows\System\gNxJWxv.exe

C:\Windows\System\gNxJWxv.exe

C:\Windows\System\pgUwdPo.exe

C:\Windows\System\pgUwdPo.exe

C:\Windows\System\CDRpRAI.exe

C:\Windows\System\CDRpRAI.exe

C:\Windows\System\SHcZhqP.exe

C:\Windows\System\SHcZhqP.exe

C:\Windows\System\gTncJlQ.exe

C:\Windows\System\gTncJlQ.exe

C:\Windows\System\EErwgnd.exe

C:\Windows\System\EErwgnd.exe

C:\Windows\System\YerLiYJ.exe

C:\Windows\System\YerLiYJ.exe

C:\Windows\System\HTNUqAa.exe

C:\Windows\System\HTNUqAa.exe

C:\Windows\System\BxoFmgc.exe

C:\Windows\System\BxoFmgc.exe

C:\Windows\System\oYxXsZB.exe

C:\Windows\System\oYxXsZB.exe

C:\Windows\System\zRdJmzI.exe

C:\Windows\System\zRdJmzI.exe

C:\Windows\System\ObxKqqt.exe

C:\Windows\System\ObxKqqt.exe

C:\Windows\System\PFOJXrQ.exe

C:\Windows\System\PFOJXrQ.exe

C:\Windows\System\LJBjSoz.exe

C:\Windows\System\LJBjSoz.exe

C:\Windows\System\ZezSTbS.exe

C:\Windows\System\ZezSTbS.exe

C:\Windows\System\NYikCXs.exe

C:\Windows\System\NYikCXs.exe

C:\Windows\System\qobTait.exe

C:\Windows\System\qobTait.exe

C:\Windows\System\yhWojZd.exe

C:\Windows\System\yhWojZd.exe

C:\Windows\System\UMEgLbv.exe

C:\Windows\System\UMEgLbv.exe

C:\Windows\System\JqnycqS.exe

C:\Windows\System\JqnycqS.exe

C:\Windows\System\nNLEAJZ.exe

C:\Windows\System\nNLEAJZ.exe

C:\Windows\System\gWnoBll.exe

C:\Windows\System\gWnoBll.exe

C:\Windows\System\oJzTpSG.exe

C:\Windows\System\oJzTpSG.exe

C:\Windows\System\TuzVnoD.exe

C:\Windows\System\TuzVnoD.exe

C:\Windows\System\ikaFUyW.exe

C:\Windows\System\ikaFUyW.exe

C:\Windows\System\XRDYuQA.exe

C:\Windows\System\XRDYuQA.exe

C:\Windows\System\nbXbCWT.exe

C:\Windows\System\nbXbCWT.exe

C:\Windows\System\sDAVxTN.exe

C:\Windows\System\sDAVxTN.exe

C:\Windows\System\QKvYbwu.exe

C:\Windows\System\QKvYbwu.exe

C:\Windows\System\PXYOIcy.exe

C:\Windows\System\PXYOIcy.exe

C:\Windows\System\MbUudgp.exe

C:\Windows\System\MbUudgp.exe

C:\Windows\System\tjCmAeU.exe

C:\Windows\System\tjCmAeU.exe

C:\Windows\System\rqRWwck.exe

C:\Windows\System\rqRWwck.exe

C:\Windows\System\VrowEMP.exe

C:\Windows\System\VrowEMP.exe

C:\Windows\System\VGkOLUC.exe

C:\Windows\System\VGkOLUC.exe

C:\Windows\System\qcDCSon.exe

C:\Windows\System\qcDCSon.exe

C:\Windows\System\DPTQIcT.exe

C:\Windows\System\DPTQIcT.exe

C:\Windows\System\DuAJGMO.exe

C:\Windows\System\DuAJGMO.exe

C:\Windows\System\NXdEVJK.exe

C:\Windows\System\NXdEVJK.exe

C:\Windows\System\NwIwkhS.exe

C:\Windows\System\NwIwkhS.exe

C:\Windows\System\JsCcWnF.exe

C:\Windows\System\JsCcWnF.exe

C:\Windows\System\wYgPyks.exe

C:\Windows\System\wYgPyks.exe

C:\Windows\System\BaLkPNq.exe

C:\Windows\System\BaLkPNq.exe

C:\Windows\System\qCYJNoL.exe

C:\Windows\System\qCYJNoL.exe

C:\Windows\System\qDrQcZE.exe

C:\Windows\System\qDrQcZE.exe

C:\Windows\System\OlSoDau.exe

C:\Windows\System\OlSoDau.exe

C:\Windows\System\AkRebhr.exe

C:\Windows\System\AkRebhr.exe

C:\Windows\System\CuTpNYY.exe

C:\Windows\System\CuTpNYY.exe

C:\Windows\System\SoFHDCT.exe

C:\Windows\System\SoFHDCT.exe

C:\Windows\System\utrsPVM.exe

C:\Windows\System\utrsPVM.exe

C:\Windows\System\dpVIrRZ.exe

C:\Windows\System\dpVIrRZ.exe

C:\Windows\System\cwjIUpk.exe

C:\Windows\System\cwjIUpk.exe

C:\Windows\System\ihVzAbM.exe

C:\Windows\System\ihVzAbM.exe

C:\Windows\System\DwIjTmd.exe

C:\Windows\System\DwIjTmd.exe

C:\Windows\System\nWMKGdx.exe

C:\Windows\System\nWMKGdx.exe

C:\Windows\System\NwZHCVU.exe

C:\Windows\System\NwZHCVU.exe

C:\Windows\System\hQPqsZo.exe

C:\Windows\System\hQPqsZo.exe

C:\Windows\System\RFZICGD.exe

C:\Windows\System\RFZICGD.exe

C:\Windows\System\oEOsqYs.exe

C:\Windows\System\oEOsqYs.exe

C:\Windows\System\rJbXXQO.exe

C:\Windows\System\rJbXXQO.exe

C:\Windows\System\TgybBiF.exe

C:\Windows\System\TgybBiF.exe

C:\Windows\System\FoVhWrW.exe

C:\Windows\System\FoVhWrW.exe

C:\Windows\System\UMkUNxa.exe

C:\Windows\System\UMkUNxa.exe

C:\Windows\System\ZpdYCHg.exe

C:\Windows\System\ZpdYCHg.exe

C:\Windows\System\kDkvyAF.exe

C:\Windows\System\kDkvyAF.exe

C:\Windows\System\HfZaDvU.exe

C:\Windows\System\HfZaDvU.exe

C:\Windows\System\iSoPFcN.exe

C:\Windows\System\iSoPFcN.exe

C:\Windows\System\YNIpRxQ.exe

C:\Windows\System\YNIpRxQ.exe

C:\Windows\System\ehugMgJ.exe

C:\Windows\System\ehugMgJ.exe

C:\Windows\System\NEQkoXi.exe

C:\Windows\System\NEQkoXi.exe

C:\Windows\System\asuGsDM.exe

C:\Windows\System\asuGsDM.exe

C:\Windows\System\fjWFFSf.exe

C:\Windows\System\fjWFFSf.exe

C:\Windows\System\PBlnEyn.exe

C:\Windows\System\PBlnEyn.exe

C:\Windows\System\BzAttMP.exe

C:\Windows\System\BzAttMP.exe

C:\Windows\System\uRVIKrV.exe

C:\Windows\System\uRVIKrV.exe

C:\Windows\System\gmIAiIU.exe

C:\Windows\System\gmIAiIU.exe

C:\Windows\System\sNLjRWl.exe

C:\Windows\System\sNLjRWl.exe

C:\Windows\System\mSlkEor.exe

C:\Windows\System\mSlkEor.exe

C:\Windows\System\hVcXIaB.exe

C:\Windows\System\hVcXIaB.exe

C:\Windows\System\BmxODWt.exe

C:\Windows\System\BmxODWt.exe

C:\Windows\System\QlyShiN.exe

C:\Windows\System\QlyShiN.exe

C:\Windows\System\mIDJQDL.exe

C:\Windows\System\mIDJQDL.exe

C:\Windows\System\FlfHBQW.exe

C:\Windows\System\FlfHBQW.exe

C:\Windows\System\iFJibsq.exe

C:\Windows\System\iFJibsq.exe

C:\Windows\System\XQbvGnc.exe

C:\Windows\System\XQbvGnc.exe

C:\Windows\System\vMttviY.exe

C:\Windows\System\vMttviY.exe

C:\Windows\System\gIfslfi.exe

C:\Windows\System\gIfslfi.exe

C:\Windows\System\VsxDpDF.exe

C:\Windows\System\VsxDpDF.exe

C:\Windows\System\ssPaPEa.exe

C:\Windows\System\ssPaPEa.exe

C:\Windows\System\NKlUVku.exe

C:\Windows\System\NKlUVku.exe

C:\Windows\System\paNXCMK.exe

C:\Windows\System\paNXCMK.exe

C:\Windows\System\dvSrSCr.exe

C:\Windows\System\dvSrSCr.exe

C:\Windows\System\ChhDfNt.exe

C:\Windows\System\ChhDfNt.exe

C:\Windows\System\LedSwlO.exe

C:\Windows\System\LedSwlO.exe

C:\Windows\System\XybGJGS.exe

C:\Windows\System\XybGJGS.exe

C:\Windows\System\lATRwfk.exe

C:\Windows\System\lATRwfk.exe

C:\Windows\System\VkwjIWI.exe

C:\Windows\System\VkwjIWI.exe

C:\Windows\System\MUTQMLY.exe

C:\Windows\System\MUTQMLY.exe

C:\Windows\System\rjjnBgV.exe

C:\Windows\System\rjjnBgV.exe

C:\Windows\System\PhceyHD.exe

C:\Windows\System\PhceyHD.exe

C:\Windows\System\kpLcnAS.exe

C:\Windows\System\kpLcnAS.exe

C:\Windows\System\CBtdVLB.exe

C:\Windows\System\CBtdVLB.exe

C:\Windows\System\ULnVJOx.exe

C:\Windows\System\ULnVJOx.exe

C:\Windows\System\GnpgrCI.exe

C:\Windows\System\GnpgrCI.exe

C:\Windows\System\OQtGtXX.exe

C:\Windows\System\OQtGtXX.exe

C:\Windows\System\UpMqnrv.exe

C:\Windows\System\UpMqnrv.exe

C:\Windows\System\cKErwzS.exe

C:\Windows\System\cKErwzS.exe

C:\Windows\System\haKBXMr.exe

C:\Windows\System\haKBXMr.exe

C:\Windows\System\kbXQIrx.exe

C:\Windows\System\kbXQIrx.exe

C:\Windows\System\hruSnsF.exe

C:\Windows\System\hruSnsF.exe

C:\Windows\System\vurenIw.exe

C:\Windows\System\vurenIw.exe

C:\Windows\System\zRYwuIA.exe

C:\Windows\System\zRYwuIA.exe

C:\Windows\System\XkcUJBs.exe

C:\Windows\System\XkcUJBs.exe

C:\Windows\System\jpHiVDy.exe

C:\Windows\System\jpHiVDy.exe

C:\Windows\System\kUkScFN.exe

C:\Windows\System\kUkScFN.exe

C:\Windows\System\PXZHTby.exe

C:\Windows\System\PXZHTby.exe

C:\Windows\System\SoHKSml.exe

C:\Windows\System\SoHKSml.exe

C:\Windows\System\MFOrUqZ.exe

C:\Windows\System\MFOrUqZ.exe

C:\Windows\System\bqcVjMZ.exe

C:\Windows\System\bqcVjMZ.exe

C:\Windows\System\IpfIDGA.exe

C:\Windows\System\IpfIDGA.exe

C:\Windows\System\YVzIgBv.exe

C:\Windows\System\YVzIgBv.exe

C:\Windows\System\ulVwoKH.exe

C:\Windows\System\ulVwoKH.exe

C:\Windows\System\GkqNOMj.exe

C:\Windows\System\GkqNOMj.exe

C:\Windows\System\hfcXpFt.exe

C:\Windows\System\hfcXpFt.exe

C:\Windows\System\SETRiaY.exe

C:\Windows\System\SETRiaY.exe

C:\Windows\System\tAEuKFJ.exe

C:\Windows\System\tAEuKFJ.exe

C:\Windows\System\KjpXsHV.exe

C:\Windows\System\KjpXsHV.exe

C:\Windows\System\IPtMeRP.exe

C:\Windows\System\IPtMeRP.exe

C:\Windows\System\FTefsCN.exe

C:\Windows\System\FTefsCN.exe

C:\Windows\System\UVABxZq.exe

C:\Windows\System\UVABxZq.exe

C:\Windows\System\geCjLcl.exe

C:\Windows\System\geCjLcl.exe

C:\Windows\System\cCOitNS.exe

C:\Windows\System\cCOitNS.exe

C:\Windows\System\VbPMOga.exe

C:\Windows\System\VbPMOga.exe

C:\Windows\System\ixNvdCW.exe

C:\Windows\System\ixNvdCW.exe

C:\Windows\System\mSwZijf.exe

C:\Windows\System\mSwZijf.exe

C:\Windows\System\ucgvmKi.exe

C:\Windows\System\ucgvmKi.exe

C:\Windows\System\oZLmIgl.exe

C:\Windows\System\oZLmIgl.exe

C:\Windows\System\NgBAXot.exe

C:\Windows\System\NgBAXot.exe

C:\Windows\System\omdAMXw.exe

C:\Windows\System\omdAMXw.exe

C:\Windows\System\wrmNeAM.exe

C:\Windows\System\wrmNeAM.exe

C:\Windows\System\WbGoGfr.exe

C:\Windows\System\WbGoGfr.exe

C:\Windows\System\tVTsQMt.exe

C:\Windows\System\tVTsQMt.exe

C:\Windows\System\LHwswJx.exe

C:\Windows\System\LHwswJx.exe

C:\Windows\System\mNpicEp.exe

C:\Windows\System\mNpicEp.exe

C:\Windows\System\WMCKeBD.exe

C:\Windows\System\WMCKeBD.exe

C:\Windows\System\cWbJMvt.exe

C:\Windows\System\cWbJMvt.exe

C:\Windows\System\uzzDOsT.exe

C:\Windows\System\uzzDOsT.exe

C:\Windows\System\EelVyPO.exe

C:\Windows\System\EelVyPO.exe

C:\Windows\System\lHqmPjj.exe

C:\Windows\System\lHqmPjj.exe

C:\Windows\System\yMAdvqG.exe

C:\Windows\System\yMAdvqG.exe

C:\Windows\System\htWZUJS.exe

C:\Windows\System\htWZUJS.exe

C:\Windows\System\OIjuooa.exe

C:\Windows\System\OIjuooa.exe

C:\Windows\System\fGZxgFg.exe

C:\Windows\System\fGZxgFg.exe

C:\Windows\System\JauYPVM.exe

C:\Windows\System\JauYPVM.exe

C:\Windows\System\SSLFfqc.exe

C:\Windows\System\SSLFfqc.exe

C:\Windows\System\kODVmNi.exe

C:\Windows\System\kODVmNi.exe

C:\Windows\System\afFPeYT.exe

C:\Windows\System\afFPeYT.exe

C:\Windows\System\PyLhFAI.exe

C:\Windows\System\PyLhFAI.exe

C:\Windows\System\wtlxUdz.exe

C:\Windows\System\wtlxUdz.exe

C:\Windows\System\IShqBGG.exe

C:\Windows\System\IShqBGG.exe

C:\Windows\System\bKnOhjG.exe

C:\Windows\System\bKnOhjG.exe

C:\Windows\System\yEqFUyN.exe

C:\Windows\System\yEqFUyN.exe

C:\Windows\System\nRinefy.exe

C:\Windows\System\nRinefy.exe

C:\Windows\System\FyYjpEf.exe

C:\Windows\System\FyYjpEf.exe

C:\Windows\System\WLikypi.exe

C:\Windows\System\WLikypi.exe

C:\Windows\System\BVjTJCq.exe

C:\Windows\System\BVjTJCq.exe

C:\Windows\System\UWZiAxc.exe

C:\Windows\System\UWZiAxc.exe

C:\Windows\System\YvbuuOM.exe

C:\Windows\System\YvbuuOM.exe

C:\Windows\System\DMpXNio.exe

C:\Windows\System\DMpXNio.exe

C:\Windows\System\LSPQcHg.exe

C:\Windows\System\LSPQcHg.exe

C:\Windows\System\uYvpCEV.exe

C:\Windows\System\uYvpCEV.exe

C:\Windows\System\ZsQtJuj.exe

C:\Windows\System\ZsQtJuj.exe

C:\Windows\System\ujCALCv.exe

C:\Windows\System\ujCALCv.exe

C:\Windows\System\juBqblC.exe

C:\Windows\System\juBqblC.exe

C:\Windows\System\wkRjLpm.exe

C:\Windows\System\wkRjLpm.exe

C:\Windows\System\WweJZoc.exe

C:\Windows\System\WweJZoc.exe

C:\Windows\System\vBcEwYL.exe

C:\Windows\System\vBcEwYL.exe

C:\Windows\System\VVeNflR.exe

C:\Windows\System\VVeNflR.exe

C:\Windows\System\rxROTds.exe

C:\Windows\System\rxROTds.exe

C:\Windows\System\IwLHtzE.exe

C:\Windows\System\IwLHtzE.exe

C:\Windows\System\SODhzir.exe

C:\Windows\System\SODhzir.exe

C:\Windows\System\QLpRvKY.exe

C:\Windows\System\QLpRvKY.exe

C:\Windows\System\BNdMBFm.exe

C:\Windows\System\BNdMBFm.exe

C:\Windows\System\fraCtMy.exe

C:\Windows\System\fraCtMy.exe

C:\Windows\System\yXjliQh.exe

C:\Windows\System\yXjliQh.exe

C:\Windows\System\kVLYiQE.exe

C:\Windows\System\kVLYiQE.exe

C:\Windows\System\zEzoMnp.exe

C:\Windows\System\zEzoMnp.exe

C:\Windows\System\szwrfXE.exe

C:\Windows\System\szwrfXE.exe

C:\Windows\System\CkPWLXP.exe

C:\Windows\System\CkPWLXP.exe

C:\Windows\System\BsEWkaH.exe

C:\Windows\System\BsEWkaH.exe

C:\Windows\System\ZOojLvN.exe

C:\Windows\System\ZOojLvN.exe

C:\Windows\System\PuZzwWJ.exe

C:\Windows\System\PuZzwWJ.exe

C:\Windows\System\oAKSQXM.exe

C:\Windows\System\oAKSQXM.exe

C:\Windows\System\KLBoTrT.exe

C:\Windows\System\KLBoTrT.exe

C:\Windows\System\DnSGCjQ.exe

C:\Windows\System\DnSGCjQ.exe

C:\Windows\System\ZinKcxl.exe

C:\Windows\System\ZinKcxl.exe

C:\Windows\System\bwbURuI.exe

C:\Windows\System\bwbURuI.exe

C:\Windows\System\aTLcFkx.exe

C:\Windows\System\aTLcFkx.exe

C:\Windows\System\PiVgHMe.exe

C:\Windows\System\PiVgHMe.exe

C:\Windows\System\uzGsQKs.exe

C:\Windows\System\uzGsQKs.exe

C:\Windows\System\RmhUdpd.exe

C:\Windows\System\RmhUdpd.exe

C:\Windows\System\KwejHNI.exe

C:\Windows\System\KwejHNI.exe

C:\Windows\System\SoaCTSy.exe

C:\Windows\System\SoaCTSy.exe

C:\Windows\System\FLrbyow.exe

C:\Windows\System\FLrbyow.exe

C:\Windows\System\NAgWDgt.exe

C:\Windows\System\NAgWDgt.exe

C:\Windows\System\MdFVFvh.exe

C:\Windows\System\MdFVFvh.exe

C:\Windows\System\vtSIcuJ.exe

C:\Windows\System\vtSIcuJ.exe

C:\Windows\System\xydsEhg.exe

C:\Windows\System\xydsEhg.exe

C:\Windows\System\YXDVAnY.exe

C:\Windows\System\YXDVAnY.exe

C:\Windows\System\jPxyjUV.exe

C:\Windows\System\jPxyjUV.exe

C:\Windows\System\eGYKzIr.exe

C:\Windows\System\eGYKzIr.exe

C:\Windows\System\zXzBgfS.exe

C:\Windows\System\zXzBgfS.exe

C:\Windows\System\FYkJdYE.exe

C:\Windows\System\FYkJdYE.exe

C:\Windows\System\IAnGUFC.exe

C:\Windows\System\IAnGUFC.exe

C:\Windows\System\IZrGgUz.exe

C:\Windows\System\IZrGgUz.exe

C:\Windows\System\LJPgRtd.exe

C:\Windows\System\LJPgRtd.exe

C:\Windows\System\JQYrPWh.exe

C:\Windows\System\JQYrPWh.exe

C:\Windows\System\XGSUBPT.exe

C:\Windows\System\XGSUBPT.exe

C:\Windows\System\zvONRip.exe

C:\Windows\System\zvONRip.exe

C:\Windows\System\FkSWNCW.exe

C:\Windows\System\FkSWNCW.exe

C:\Windows\System\TUoLlQT.exe

C:\Windows\System\TUoLlQT.exe

C:\Windows\System\aLFiwPO.exe

C:\Windows\System\aLFiwPO.exe

C:\Windows\System\KMRFPBa.exe

C:\Windows\System\KMRFPBa.exe

C:\Windows\System\KKYqEZE.exe

C:\Windows\System\KKYqEZE.exe

C:\Windows\System\hGznLkG.exe

C:\Windows\System\hGznLkG.exe

C:\Windows\System\hrfRUog.exe

C:\Windows\System\hrfRUog.exe

C:\Windows\System\PJusACi.exe

C:\Windows\System\PJusACi.exe

C:\Windows\System\RyqYNBw.exe

C:\Windows\System\RyqYNBw.exe

C:\Windows\System\anbEQfu.exe

C:\Windows\System\anbEQfu.exe

C:\Windows\System\XqCfXQK.exe

C:\Windows\System\XqCfXQK.exe

C:\Windows\System\HBwjHgo.exe

C:\Windows\System\HBwjHgo.exe

C:\Windows\System\QQpuEGQ.exe

C:\Windows\System\QQpuEGQ.exe

C:\Windows\System\kaGSPsU.exe

C:\Windows\System\kaGSPsU.exe

C:\Windows\System\WutPRNV.exe

C:\Windows\System\WutPRNV.exe

C:\Windows\System\MSOEuse.exe

C:\Windows\System\MSOEuse.exe

C:\Windows\System\jmsReZk.exe

C:\Windows\System\jmsReZk.exe

C:\Windows\System\beIkOSS.exe

C:\Windows\System\beIkOSS.exe

C:\Windows\System\OGisCGC.exe

C:\Windows\System\OGisCGC.exe

C:\Windows\System\vVdUreo.exe

C:\Windows\System\vVdUreo.exe

C:\Windows\System\CxJEZmR.exe

C:\Windows\System\CxJEZmR.exe

C:\Windows\System\OOReRRu.exe

C:\Windows\System\OOReRRu.exe

C:\Windows\System\KHwgMQc.exe

C:\Windows\System\KHwgMQc.exe

C:\Windows\System\ZXNQXsx.exe

C:\Windows\System\ZXNQXsx.exe

C:\Windows\System\yBOngYf.exe

C:\Windows\System\yBOngYf.exe

C:\Windows\System\lbiwgMZ.exe

C:\Windows\System\lbiwgMZ.exe

C:\Windows\System\MblaDQJ.exe

C:\Windows\System\MblaDQJ.exe

C:\Windows\System\pbSUlrP.exe

C:\Windows\System\pbSUlrP.exe

C:\Windows\System\uKWHNEr.exe

C:\Windows\System\uKWHNEr.exe

C:\Windows\System\fmgHZqN.exe

C:\Windows\System\fmgHZqN.exe

C:\Windows\System\IUcMrnp.exe

C:\Windows\System\IUcMrnp.exe

C:\Windows\System\AqIVPhh.exe

C:\Windows\System\AqIVPhh.exe

C:\Windows\System\CfbnQqg.exe

C:\Windows\System\CfbnQqg.exe

C:\Windows\System\cvhQERL.exe

C:\Windows\System\cvhQERL.exe

C:\Windows\System\IGpAAHs.exe

C:\Windows\System\IGpAAHs.exe

C:\Windows\System\qbdriYN.exe

C:\Windows\System\qbdriYN.exe

C:\Windows\System\lSecYzq.exe

C:\Windows\System\lSecYzq.exe

C:\Windows\System\kiGyCDG.exe

C:\Windows\System\kiGyCDG.exe

C:\Windows\System\uDtiYbC.exe

C:\Windows\System\uDtiYbC.exe

C:\Windows\System\ttiqLgN.exe

C:\Windows\System\ttiqLgN.exe

C:\Windows\System\rRmfPkc.exe

C:\Windows\System\rRmfPkc.exe

C:\Windows\System\ekmMHhH.exe

C:\Windows\System\ekmMHhH.exe

C:\Windows\System\iXCnFmm.exe

C:\Windows\System\iXCnFmm.exe

C:\Windows\System\WCQrUmb.exe

C:\Windows\System\WCQrUmb.exe

C:\Windows\System\cOlsQVc.exe

C:\Windows\System\cOlsQVc.exe

C:\Windows\System\GpIkMBc.exe

C:\Windows\System\GpIkMBc.exe

C:\Windows\System\MUUeEnv.exe

C:\Windows\System\MUUeEnv.exe

C:\Windows\System\UTzbkwL.exe

C:\Windows\System\UTzbkwL.exe

C:\Windows\System\zaexytV.exe

C:\Windows\System\zaexytV.exe

C:\Windows\System\PZlkIvw.exe

C:\Windows\System\PZlkIvw.exe

C:\Windows\System\WKEYolV.exe

C:\Windows\System\WKEYolV.exe

C:\Windows\System\kNPJIsJ.exe

C:\Windows\System\kNPJIsJ.exe

C:\Windows\System\tLOUJZd.exe

C:\Windows\System\tLOUJZd.exe

C:\Windows\System\lfkGwIs.exe

C:\Windows\System\lfkGwIs.exe

C:\Windows\System\QrWjqqs.exe

C:\Windows\System\QrWjqqs.exe

C:\Windows\System\GnNTGSq.exe

C:\Windows\System\GnNTGSq.exe

C:\Windows\System\kgANfhw.exe

C:\Windows\System\kgANfhw.exe

C:\Windows\System\aBZBNeA.exe

C:\Windows\System\aBZBNeA.exe

C:\Windows\System\qmDpbHd.exe

C:\Windows\System\qmDpbHd.exe

C:\Windows\System\UFnYWgR.exe

C:\Windows\System\UFnYWgR.exe

C:\Windows\System\szHPcBk.exe

C:\Windows\System\szHPcBk.exe

C:\Windows\System\KMTiLlp.exe

C:\Windows\System\KMTiLlp.exe

C:\Windows\System\ugNkyyi.exe

C:\Windows\System\ugNkyyi.exe

C:\Windows\System\odFrmSY.exe

C:\Windows\System\odFrmSY.exe

C:\Windows\System\HNHRkwi.exe

C:\Windows\System\HNHRkwi.exe

C:\Windows\System\dAyLccH.exe

C:\Windows\System\dAyLccH.exe

C:\Windows\System\pNgBYFS.exe

C:\Windows\System\pNgBYFS.exe

C:\Windows\System\iVQxNaI.exe

C:\Windows\System\iVQxNaI.exe

C:\Windows\System\UXLIVXL.exe

C:\Windows\System\UXLIVXL.exe

C:\Windows\System\CKrvHIZ.exe

C:\Windows\System\CKrvHIZ.exe

C:\Windows\System\pIOCzSG.exe

C:\Windows\System\pIOCzSG.exe

C:\Windows\System\fGmYkfA.exe

C:\Windows\System\fGmYkfA.exe

C:\Windows\System\zgfVwgF.exe

C:\Windows\System\zgfVwgF.exe

C:\Windows\System\cSjAqSX.exe

C:\Windows\System\cSjAqSX.exe

C:\Windows\System\IUBtXtV.exe

C:\Windows\System\IUBtXtV.exe

C:\Windows\System\eivwqtJ.exe

C:\Windows\System\eivwqtJ.exe

C:\Windows\System\ZqAojgp.exe

C:\Windows\System\ZqAojgp.exe

C:\Windows\System\tObTbqy.exe

C:\Windows\System\tObTbqy.exe

C:\Windows\System\YNNiFri.exe

C:\Windows\System\YNNiFri.exe

C:\Windows\System\GilKwwa.exe

C:\Windows\System\GilKwwa.exe

C:\Windows\System\enepsRF.exe

C:\Windows\System\enepsRF.exe

C:\Windows\System\VUccFnZ.exe

C:\Windows\System\VUccFnZ.exe

C:\Windows\System\QEbNelB.exe

C:\Windows\System\QEbNelB.exe

C:\Windows\System\PVrxyFX.exe

C:\Windows\System\PVrxyFX.exe

C:\Windows\System\xfFtbkO.exe

C:\Windows\System\xfFtbkO.exe

C:\Windows\System\ppXiEGe.exe

C:\Windows\System\ppXiEGe.exe

C:\Windows\System\kFInhlc.exe

C:\Windows\System\kFInhlc.exe

C:\Windows\System\PuHgJOd.exe

C:\Windows\System\PuHgJOd.exe

C:\Windows\System\aktLhKf.exe

C:\Windows\System\aktLhKf.exe

C:\Windows\System\pzUPlep.exe

C:\Windows\System\pzUPlep.exe

C:\Windows\System\YLBQhyO.exe

C:\Windows\System\YLBQhyO.exe

C:\Windows\System\yIVbCJg.exe

C:\Windows\System\yIVbCJg.exe

C:\Windows\System\UiSNGLb.exe

C:\Windows\System\UiSNGLb.exe

C:\Windows\System\tKRDGns.exe

C:\Windows\System\tKRDGns.exe

C:\Windows\System\WiwIZvn.exe

C:\Windows\System\WiwIZvn.exe

C:\Windows\System\MVCoISP.exe

C:\Windows\System\MVCoISP.exe

C:\Windows\System\oCYLBik.exe

C:\Windows\System\oCYLBik.exe

C:\Windows\System\PxqOUFk.exe

C:\Windows\System\PxqOUFk.exe

C:\Windows\System\zVigVWH.exe

C:\Windows\System\zVigVWH.exe

C:\Windows\System\tEpDoFq.exe

C:\Windows\System\tEpDoFq.exe

C:\Windows\System\PwoetqR.exe

C:\Windows\System\PwoetqR.exe

C:\Windows\System\TSvZFuX.exe

C:\Windows\System\TSvZFuX.exe

C:\Windows\System\LHclBMh.exe

C:\Windows\System\LHclBMh.exe

C:\Windows\System\DYuhCpE.exe

C:\Windows\System\DYuhCpE.exe

C:\Windows\System\wkpgGXA.exe

C:\Windows\System\wkpgGXA.exe

C:\Windows\System\iTgtcge.exe

C:\Windows\System\iTgtcge.exe

C:\Windows\System\Gkuwgya.exe

C:\Windows\System\Gkuwgya.exe

C:\Windows\System\LxtOUFw.exe

C:\Windows\System\LxtOUFw.exe

C:\Windows\System\eDUhuvX.exe

C:\Windows\System\eDUhuvX.exe

C:\Windows\System\yEbewQi.exe

C:\Windows\System\yEbewQi.exe

C:\Windows\System\pLiNgOX.exe

C:\Windows\System\pLiNgOX.exe

C:\Windows\System\iXlxKlS.exe

C:\Windows\System\iXlxKlS.exe

C:\Windows\System\Mtscgkv.exe

C:\Windows\System\Mtscgkv.exe

C:\Windows\System\epdeoiw.exe

C:\Windows\System\epdeoiw.exe

C:\Windows\System\AUDKJGf.exe

C:\Windows\System\AUDKJGf.exe

C:\Windows\System\DFfLbDq.exe

C:\Windows\System\DFfLbDq.exe

C:\Windows\System\YmASEoo.exe

C:\Windows\System\YmASEoo.exe

C:\Windows\System\ipqlJku.exe

C:\Windows\System\ipqlJku.exe

C:\Windows\System\TeuIpVl.exe

C:\Windows\System\TeuIpVl.exe

C:\Windows\System\ywLTTYP.exe

C:\Windows\System\ywLTTYP.exe

C:\Windows\System\PrURIvO.exe

C:\Windows\System\PrURIvO.exe

C:\Windows\System\ZBQgWJK.exe

C:\Windows\System\ZBQgWJK.exe

C:\Windows\System\vtIXYVz.exe

C:\Windows\System\vtIXYVz.exe

C:\Windows\System\WsBBpmL.exe

C:\Windows\System\WsBBpmL.exe

C:\Windows\System\weHVsDI.exe

C:\Windows\System\weHVsDI.exe

C:\Windows\System\HpeXlQP.exe

C:\Windows\System\HpeXlQP.exe

C:\Windows\System\qdywLPS.exe

C:\Windows\System\qdywLPS.exe

C:\Windows\System\dllHINe.exe

C:\Windows\System\dllHINe.exe

C:\Windows\System\LVMXfrv.exe

C:\Windows\System\LVMXfrv.exe

C:\Windows\System\SkiHyuQ.exe

C:\Windows\System\SkiHyuQ.exe

C:\Windows\System\gdbqfOQ.exe

C:\Windows\System\gdbqfOQ.exe

C:\Windows\System\fxhtzhs.exe

C:\Windows\System\fxhtzhs.exe

C:\Windows\System\WJvDPwK.exe

C:\Windows\System\WJvDPwK.exe

C:\Windows\System\DsAIhjH.exe

C:\Windows\System\DsAIhjH.exe

C:\Windows\System\PWIzyFa.exe

C:\Windows\System\PWIzyFa.exe

C:\Windows\System\joTulbV.exe

C:\Windows\System\joTulbV.exe

C:\Windows\System\yiLWacL.exe

C:\Windows\System\yiLWacL.exe

C:\Windows\System\ntydzTx.exe

C:\Windows\System\ntydzTx.exe

C:\Windows\System\ePJRolC.exe

C:\Windows\System\ePJRolC.exe

C:\Windows\System\MHMOQrG.exe

C:\Windows\System\MHMOQrG.exe

C:\Windows\System\dFYpzSG.exe

C:\Windows\System\dFYpzSG.exe

C:\Windows\System\dGZOwmz.exe

C:\Windows\System\dGZOwmz.exe

C:\Windows\System\rUYuRDJ.exe

C:\Windows\System\rUYuRDJ.exe

C:\Windows\System\nXSizXN.exe

C:\Windows\System\nXSizXN.exe

C:\Windows\System\LYXZYGz.exe

C:\Windows\System\LYXZYGz.exe

C:\Windows\System\RqfYvNx.exe

C:\Windows\System\RqfYvNx.exe

C:\Windows\System\paEUTEK.exe

C:\Windows\System\paEUTEK.exe

C:\Windows\System\lkkKhgD.exe

C:\Windows\System\lkkKhgD.exe

C:\Windows\System\ACZInBh.exe

C:\Windows\System\ACZInBh.exe

C:\Windows\System\smZQsde.exe

C:\Windows\System\smZQsde.exe

C:\Windows\System\vebiGKR.exe

C:\Windows\System\vebiGKR.exe

C:\Windows\System\MaBWBMk.exe

C:\Windows\System\MaBWBMk.exe

C:\Windows\System\PDOnTlH.exe

C:\Windows\System\PDOnTlH.exe

C:\Windows\System\XbEXpuY.exe

C:\Windows\System\XbEXpuY.exe

C:\Windows\System\LUKxNfJ.exe

C:\Windows\System\LUKxNfJ.exe

C:\Windows\System\IgbSSdz.exe

C:\Windows\System\IgbSSdz.exe

C:\Windows\System\yQTixGl.exe

C:\Windows\System\yQTixGl.exe

C:\Windows\System\KoXaFMt.exe

C:\Windows\System\KoXaFMt.exe

C:\Windows\System\yHuUJoZ.exe

C:\Windows\System\yHuUJoZ.exe

C:\Windows\System\pFgVLvs.exe

C:\Windows\System\pFgVLvs.exe

C:\Windows\System\RYQzCMB.exe

C:\Windows\System\RYQzCMB.exe

C:\Windows\System\EKlUchR.exe

C:\Windows\System\EKlUchR.exe

C:\Windows\System\dJsuwBZ.exe

C:\Windows\System\dJsuwBZ.exe

C:\Windows\System\xQYASUE.exe

C:\Windows\System\xQYASUE.exe

C:\Windows\System\VqmDENG.exe

C:\Windows\System\VqmDENG.exe

C:\Windows\System\uqsZtVq.exe

C:\Windows\System\uqsZtVq.exe

C:\Windows\System\GROkxml.exe

C:\Windows\System\GROkxml.exe

C:\Windows\System\AdzSClb.exe

C:\Windows\System\AdzSClb.exe

C:\Windows\System\yJlJMPM.exe

C:\Windows\System\yJlJMPM.exe

C:\Windows\System\QdsBKBK.exe

C:\Windows\System\QdsBKBK.exe

C:\Windows\System\RJSTkmc.exe

C:\Windows\System\RJSTkmc.exe

C:\Windows\System\JPuqAtl.exe

C:\Windows\System\JPuqAtl.exe

C:\Windows\System\clgMKlp.exe

C:\Windows\System\clgMKlp.exe

C:\Windows\System\mNgSzGi.exe

C:\Windows\System\mNgSzGi.exe

C:\Windows\System\zkuMQWQ.exe

C:\Windows\System\zkuMQWQ.exe

C:\Windows\System\boLWWps.exe

C:\Windows\System\boLWWps.exe

C:\Windows\System\KbQKjMt.exe

C:\Windows\System\KbQKjMt.exe

C:\Windows\System\WXPoQLw.exe

C:\Windows\System\WXPoQLw.exe

C:\Windows\System\lDziUvT.exe

C:\Windows\System\lDziUvT.exe

C:\Windows\System\ovacmfI.exe

C:\Windows\System\ovacmfI.exe

C:\Windows\System\uRnnsrD.exe

C:\Windows\System\uRnnsrD.exe

C:\Windows\System\HjYyQfj.exe

C:\Windows\System\HjYyQfj.exe

C:\Windows\System\vRIFUJh.exe

C:\Windows\System\vRIFUJh.exe

C:\Windows\System\pzZcOJn.exe

C:\Windows\System\pzZcOJn.exe

C:\Windows\System\fxHFdnU.exe

C:\Windows\System\fxHFdnU.exe

C:\Windows\System\SUJriZQ.exe

C:\Windows\System\SUJriZQ.exe

C:\Windows\System\sVtHGRL.exe

C:\Windows\System\sVtHGRL.exe

C:\Windows\System\NJSTrgl.exe

C:\Windows\System\NJSTrgl.exe

C:\Windows\System\MOMpCZE.exe

C:\Windows\System\MOMpCZE.exe

C:\Windows\System\ADPLdKM.exe

C:\Windows\System\ADPLdKM.exe

C:\Windows\System\lOOYocn.exe

C:\Windows\System\lOOYocn.exe

C:\Windows\System\QVOGjXn.exe

C:\Windows\System\QVOGjXn.exe

C:\Windows\System\clbRmnU.exe

C:\Windows\System\clbRmnU.exe

C:\Windows\System\QKlHclJ.exe

C:\Windows\System\QKlHclJ.exe

C:\Windows\System\qlzRyKu.exe

C:\Windows\System\qlzRyKu.exe

C:\Windows\System\KFBWZEQ.exe

C:\Windows\System\KFBWZEQ.exe

C:\Windows\System\kUEBugr.exe

C:\Windows\System\kUEBugr.exe

C:\Windows\System\bDOoplb.exe

C:\Windows\System\bDOoplb.exe

C:\Windows\System\HOFIcKy.exe

C:\Windows\System\HOFIcKy.exe

C:\Windows\System\engZMLR.exe

C:\Windows\System\engZMLR.exe

C:\Windows\System\zcZfIdK.exe

C:\Windows\System\zcZfIdK.exe

C:\Windows\System\QHoFkYH.exe

C:\Windows\System\QHoFkYH.exe

C:\Windows\System\HjBPnsG.exe

C:\Windows\System\HjBPnsG.exe

C:\Windows\System\rGPjilE.exe

C:\Windows\System\rGPjilE.exe

C:\Windows\System\JaEjtPt.exe

C:\Windows\System\JaEjtPt.exe

C:\Windows\System\ZjLTfSi.exe

C:\Windows\System\ZjLTfSi.exe

C:\Windows\System\AhlFNQM.exe

C:\Windows\System\AhlFNQM.exe

C:\Windows\System\YRWPgkS.exe

C:\Windows\System\YRWPgkS.exe

C:\Windows\System\SDLepFp.exe

C:\Windows\System\SDLepFp.exe

C:\Windows\System\GuEsRgy.exe

C:\Windows\System\GuEsRgy.exe

C:\Windows\System\nSnkaeG.exe

C:\Windows\System\nSnkaeG.exe

C:\Windows\System\oSEDstf.exe

C:\Windows\System\oSEDstf.exe

C:\Windows\System\SPtyQNy.exe

C:\Windows\System\SPtyQNy.exe

C:\Windows\System\LPIESEI.exe

C:\Windows\System\LPIESEI.exe

C:\Windows\System\sqptmhe.exe

C:\Windows\System\sqptmhe.exe

C:\Windows\System\BPAXWAV.exe

C:\Windows\System\BPAXWAV.exe

C:\Windows\System\rBaLctA.exe

C:\Windows\System\rBaLctA.exe

C:\Windows\System\ehDCBuJ.exe

C:\Windows\System\ehDCBuJ.exe

C:\Windows\System\mXIwuby.exe

C:\Windows\System\mXIwuby.exe

C:\Windows\System\ZIzqiPe.exe

C:\Windows\System\ZIzqiPe.exe

C:\Windows\System\ITIhKvB.exe

C:\Windows\System\ITIhKvB.exe

C:\Windows\System\WHSHhnG.exe

C:\Windows\System\WHSHhnG.exe

C:\Windows\System\LjgMCOM.exe

C:\Windows\System\LjgMCOM.exe

C:\Windows\System\EyjxvmA.exe

C:\Windows\System\EyjxvmA.exe

C:\Windows\System\zNuAWmj.exe

C:\Windows\System\zNuAWmj.exe

C:\Windows\System\vyHvUbW.exe

C:\Windows\System\vyHvUbW.exe

C:\Windows\System\buOjhaa.exe

C:\Windows\System\buOjhaa.exe

C:\Windows\System\bThgvAn.exe

C:\Windows\System\bThgvAn.exe

C:\Windows\System\WtFWRvv.exe

C:\Windows\System\WtFWRvv.exe

C:\Windows\System\IsSYYTw.exe

C:\Windows\System\IsSYYTw.exe

C:\Windows\System\zTiXptZ.exe

C:\Windows\System\zTiXptZ.exe

C:\Windows\System\hSZhIRA.exe

C:\Windows\System\hSZhIRA.exe

C:\Windows\System\NCFqCRx.exe

C:\Windows\System\NCFqCRx.exe

C:\Windows\System\IeqWeDb.exe

C:\Windows\System\IeqWeDb.exe

C:\Windows\System\EsbIVVi.exe

C:\Windows\System\EsbIVVi.exe

C:\Windows\System\ZEZNAjL.exe

C:\Windows\System\ZEZNAjL.exe

C:\Windows\System\GYFCDZG.exe

C:\Windows\System\GYFCDZG.exe

C:\Windows\System\xbQQyLV.exe

C:\Windows\System\xbQQyLV.exe

C:\Windows\System\qhBgPEN.exe

C:\Windows\System\qhBgPEN.exe

C:\Windows\System\TzjZgUZ.exe

C:\Windows\System\TzjZgUZ.exe

C:\Windows\System\RUrABRU.exe

C:\Windows\System\RUrABRU.exe

C:\Windows\System\wpfDsVl.exe

C:\Windows\System\wpfDsVl.exe

C:\Windows\System\SzLUIKi.exe

C:\Windows\System\SzLUIKi.exe

C:\Windows\System\CJfZAJz.exe

C:\Windows\System\CJfZAJz.exe

C:\Windows\System\saOduUE.exe

C:\Windows\System\saOduUE.exe

C:\Windows\System\XHrJtNm.exe

C:\Windows\System\XHrJtNm.exe

C:\Windows\System\RmpKSCL.exe

C:\Windows\System\RmpKSCL.exe

C:\Windows\System\AbkTeZG.exe

C:\Windows\System\AbkTeZG.exe

C:\Windows\System\tLMNigz.exe

C:\Windows\System\tLMNigz.exe

C:\Windows\System\gqWjyeD.exe

C:\Windows\System\gqWjyeD.exe

C:\Windows\System\NKLsOxi.exe

C:\Windows\System\NKLsOxi.exe

C:\Windows\System\vyikMQp.exe

C:\Windows\System\vyikMQp.exe

C:\Windows\System\vbCbVnW.exe

C:\Windows\System\vbCbVnW.exe

C:\Windows\System\FCEJCnj.exe

C:\Windows\System\FCEJCnj.exe

C:\Windows\System\ZGokwXl.exe

C:\Windows\System\ZGokwXl.exe

C:\Windows\System\kvrmYAe.exe

C:\Windows\System\kvrmYAe.exe

C:\Windows\System\TcZggcK.exe

C:\Windows\System\TcZggcK.exe

C:\Windows\System\rkyTlSL.exe

C:\Windows\System\rkyTlSL.exe

C:\Windows\System\gvUjcNt.exe

C:\Windows\System\gvUjcNt.exe

C:\Windows\System\TDUiaZQ.exe

C:\Windows\System\TDUiaZQ.exe

C:\Windows\System\VoNJUUW.exe

C:\Windows\System\VoNJUUW.exe

C:\Windows\System\nbgGiKO.exe

C:\Windows\System\nbgGiKO.exe

C:\Windows\System\EdhtOrH.exe

C:\Windows\System\EdhtOrH.exe

C:\Windows\System\hbfXhuv.exe

C:\Windows\System\hbfXhuv.exe

C:\Windows\System\hsqoGHp.exe

C:\Windows\System\hsqoGHp.exe

C:\Windows\System\PgYCBvq.exe

C:\Windows\System\PgYCBvq.exe

C:\Windows\System\AdufXrk.exe

C:\Windows\System\AdufXrk.exe

C:\Windows\System\npmtfdD.exe

C:\Windows\System\npmtfdD.exe

C:\Windows\System\ovJIRfH.exe

C:\Windows\System\ovJIRfH.exe

C:\Windows\System\IiuCERQ.exe

C:\Windows\System\IiuCERQ.exe

C:\Windows\System\GhZgweb.exe

C:\Windows\System\GhZgweb.exe

C:\Windows\System\NoIjGdy.exe

C:\Windows\System\NoIjGdy.exe

C:\Windows\System\HtZKJUR.exe

C:\Windows\System\HtZKJUR.exe

C:\Windows\System\FxwMORr.exe

C:\Windows\System\FxwMORr.exe

C:\Windows\System\DbJXzfo.exe

C:\Windows\System\DbJXzfo.exe

C:\Windows\System\RUypSrQ.exe

C:\Windows\System\RUypSrQ.exe

C:\Windows\System\swfZLMH.exe

C:\Windows\System\swfZLMH.exe

C:\Windows\System\FNnmGCl.exe

C:\Windows\System\FNnmGCl.exe

C:\Windows\System\XhNwWJM.exe

C:\Windows\System\XhNwWJM.exe

C:\Windows\System\WaDlZsZ.exe

C:\Windows\System\WaDlZsZ.exe

C:\Windows\System\XOcvdry.exe

C:\Windows\System\XOcvdry.exe

C:\Windows\System\LzBWhMa.exe

C:\Windows\System\LzBWhMa.exe

C:\Windows\System\JzGdouC.exe

C:\Windows\System\JzGdouC.exe

C:\Windows\System\ruaeNlm.exe

C:\Windows\System\ruaeNlm.exe

C:\Windows\System\RiaCYct.exe

C:\Windows\System\RiaCYct.exe

C:\Windows\System\vyhuPic.exe

C:\Windows\System\vyhuPic.exe

C:\Windows\System\WCTJONY.exe

C:\Windows\System\WCTJONY.exe

C:\Windows\System\UwzmVdf.exe

C:\Windows\System\UwzmVdf.exe

C:\Windows\System\bRngCSt.exe

C:\Windows\System\bRngCSt.exe

C:\Windows\System\chAhzGB.exe

C:\Windows\System\chAhzGB.exe

C:\Windows\System\lsBFHvN.exe

C:\Windows\System\lsBFHvN.exe

C:\Windows\System\qRxMkSC.exe

C:\Windows\System\qRxMkSC.exe

C:\Windows\System\fOMDjAm.exe

C:\Windows\System\fOMDjAm.exe

C:\Windows\System\WiMxgHM.exe

C:\Windows\System\WiMxgHM.exe

C:\Windows\System\ZIlPNNq.exe

C:\Windows\System\ZIlPNNq.exe

C:\Windows\System\GNMObHP.exe

C:\Windows\System\GNMObHP.exe

C:\Windows\System\vKzEQTz.exe

C:\Windows\System\vKzEQTz.exe

C:\Windows\System\tzvuDiE.exe

C:\Windows\System\tzvuDiE.exe

C:\Windows\System\mggIorl.exe

C:\Windows\System\mggIorl.exe

C:\Windows\System\WUmRztq.exe

C:\Windows\System\WUmRztq.exe

C:\Windows\System\bQGhRAB.exe

C:\Windows\System\bQGhRAB.exe

C:\Windows\System\IOCNEja.exe

C:\Windows\System\IOCNEja.exe

C:\Windows\System\TJKfKin.exe

C:\Windows\System\TJKfKin.exe

C:\Windows\System\caamvXI.exe

C:\Windows\System\caamvXI.exe

C:\Windows\System\CYhTDLv.exe

C:\Windows\System\CYhTDLv.exe

C:\Windows\System\EOLtvAn.exe

C:\Windows\System\EOLtvAn.exe

C:\Windows\System\PNZXJZk.exe

C:\Windows\System\PNZXJZk.exe

C:\Windows\System\WOmDKbG.exe

C:\Windows\System\WOmDKbG.exe

C:\Windows\System\KIFWydX.exe

C:\Windows\System\KIFWydX.exe

C:\Windows\System\PwjnTbs.exe

C:\Windows\System\PwjnTbs.exe

C:\Windows\System\hrkzTtl.exe

C:\Windows\System\hrkzTtl.exe

C:\Windows\System\vAYNQgf.exe

C:\Windows\System\vAYNQgf.exe

C:\Windows\System\hjUVTev.exe

C:\Windows\System\hjUVTev.exe

C:\Windows\System\QjdfpQq.exe

C:\Windows\System\QjdfpQq.exe

C:\Windows\System\GVZwojj.exe

C:\Windows\System\GVZwojj.exe

C:\Windows\System\pzEOpNx.exe

C:\Windows\System\pzEOpNx.exe

C:\Windows\System\eFhTWvG.exe

C:\Windows\System\eFhTWvG.exe

C:\Windows\System\NnxxZnF.exe

C:\Windows\System\NnxxZnF.exe

C:\Windows\System\KMldIHP.exe

C:\Windows\System\KMldIHP.exe

C:\Windows\System\HGBpLAQ.exe

C:\Windows\System\HGBpLAQ.exe

C:\Windows\System\XJlWWyl.exe

C:\Windows\System\XJlWWyl.exe

C:\Windows\System\EVOMmnO.exe

C:\Windows\System\EVOMmnO.exe

C:\Windows\System\qNpaPsY.exe

C:\Windows\System\qNpaPsY.exe

C:\Windows\System\RpBbjLO.exe

C:\Windows\System\RpBbjLO.exe

C:\Windows\System\GhrwXKN.exe

C:\Windows\System\GhrwXKN.exe

C:\Windows\System\PBLZBic.exe

C:\Windows\System\PBLZBic.exe

C:\Windows\System\DsLzQCs.exe

C:\Windows\System\DsLzQCs.exe

C:\Windows\System\HMtjPgM.exe

C:\Windows\System\HMtjPgM.exe

C:\Windows\System\ZjdhUOx.exe

C:\Windows\System\ZjdhUOx.exe

C:\Windows\System\boWrpGF.exe

C:\Windows\System\boWrpGF.exe

C:\Windows\System\knUOFQt.exe

C:\Windows\System\knUOFQt.exe

C:\Windows\System\NjzbMPW.exe

C:\Windows\System\NjzbMPW.exe

C:\Windows\System\jyTuLuD.exe

C:\Windows\System\jyTuLuD.exe

C:\Windows\System\HVeUePB.exe

C:\Windows\System\HVeUePB.exe

C:\Windows\System\WhoguFz.exe

C:\Windows\System\WhoguFz.exe

C:\Windows\System\BMGarJw.exe

C:\Windows\System\BMGarJw.exe

C:\Windows\System\JDWHYJI.exe

C:\Windows\System\JDWHYJI.exe

C:\Windows\System\qAfhvSR.exe

C:\Windows\System\qAfhvSR.exe

C:\Windows\System\MhNoaTi.exe

C:\Windows\System\MhNoaTi.exe

C:\Windows\System\ocTWEep.exe

C:\Windows\System\ocTWEep.exe

C:\Windows\System\uvdbXWS.exe

C:\Windows\System\uvdbXWS.exe

C:\Windows\System\yhbfTnw.exe

C:\Windows\System\yhbfTnw.exe

C:\Windows\System\nsPbtCX.exe

C:\Windows\System\nsPbtCX.exe

C:\Windows\System\mZLyGeg.exe

C:\Windows\System\mZLyGeg.exe

C:\Windows\System\SaFYdRw.exe

C:\Windows\System\SaFYdRw.exe

C:\Windows\System\ibxSofD.exe

C:\Windows\System\ibxSofD.exe

C:\Windows\System\bwpwVkN.exe

C:\Windows\System\bwpwVkN.exe

C:\Windows\System\KojVYkq.exe

C:\Windows\System\KojVYkq.exe

C:\Windows\System\uTxNwUb.exe

C:\Windows\System\uTxNwUb.exe

C:\Windows\System\fndvPDy.exe

C:\Windows\System\fndvPDy.exe

C:\Windows\System\ypGJuZs.exe

C:\Windows\System\ypGJuZs.exe

C:\Windows\System\LMvqFbE.exe

C:\Windows\System\LMvqFbE.exe

C:\Windows\System\EkHlifc.exe

C:\Windows\System\EkHlifc.exe

C:\Windows\System\SnvYuBU.exe

C:\Windows\System\SnvYuBU.exe

C:\Windows\System\bDpmXbP.exe

C:\Windows\System\bDpmXbP.exe

C:\Windows\System\vSctRoV.exe

C:\Windows\System\vSctRoV.exe

C:\Windows\System\IogCnfX.exe

C:\Windows\System\IogCnfX.exe

C:\Windows\System\IOgINzj.exe

C:\Windows\System\IOgINzj.exe

C:\Windows\System\FwiuhOc.exe

C:\Windows\System\FwiuhOc.exe

C:\Windows\System\ypLZAoJ.exe

C:\Windows\System\ypLZAoJ.exe

C:\Windows\System\lpEVdrB.exe

C:\Windows\System\lpEVdrB.exe

C:\Windows\System\oaTfzyW.exe

C:\Windows\System\oaTfzyW.exe

C:\Windows\System\cOSNRUI.exe

C:\Windows\System\cOSNRUI.exe

C:\Windows\System\xgvtSFu.exe

C:\Windows\System\xgvtSFu.exe

C:\Windows\System\IVEDuDK.exe

C:\Windows\System\IVEDuDK.exe

C:\Windows\System\nKMLXvS.exe

C:\Windows\System\nKMLXvS.exe

C:\Windows\System\WFGPpmZ.exe

C:\Windows\System\WFGPpmZ.exe

C:\Windows\System\ArjdIkW.exe

C:\Windows\System\ArjdIkW.exe

C:\Windows\System\ZfFOdSv.exe

C:\Windows\System\ZfFOdSv.exe

C:\Windows\System\iPxgGwh.exe

C:\Windows\System\iPxgGwh.exe

C:\Windows\System\nHCylut.exe

C:\Windows\System\nHCylut.exe

C:\Windows\System\naRMYLq.exe

C:\Windows\System\naRMYLq.exe

C:\Windows\System\gLtxrAu.exe

C:\Windows\System\gLtxrAu.exe

C:\Windows\System\SajWvbV.exe

C:\Windows\System\SajWvbV.exe

C:\Windows\System\yPuAJEQ.exe

C:\Windows\System\yPuAJEQ.exe

C:\Windows\System\hWQRPOv.exe

C:\Windows\System\hWQRPOv.exe

C:\Windows\System\iDeKLdk.exe

C:\Windows\System\iDeKLdk.exe

C:\Windows\System\hvOSccG.exe

C:\Windows\System\hvOSccG.exe

C:\Windows\System\ycpLzVP.exe

C:\Windows\System\ycpLzVP.exe

C:\Windows\System\uWRIyzB.exe

C:\Windows\System\uWRIyzB.exe

C:\Windows\System\VlstFSm.exe

C:\Windows\System\VlstFSm.exe

C:\Windows\System\QYbbBCm.exe

C:\Windows\System\QYbbBCm.exe

C:\Windows\System\tWROTkN.exe

C:\Windows\System\tWROTkN.exe

C:\Windows\System\SqcxHEY.exe

C:\Windows\System\SqcxHEY.exe

C:\Windows\System\CaUtbhc.exe

C:\Windows\System\CaUtbhc.exe

C:\Windows\System\zNJgDZZ.exe

C:\Windows\System\zNJgDZZ.exe

C:\Windows\System\DNvowtd.exe

C:\Windows\System\DNvowtd.exe

C:\Windows\System\RiZDTdc.exe

C:\Windows\System\RiZDTdc.exe

C:\Windows\System\eDJkMsl.exe

C:\Windows\System\eDJkMsl.exe

C:\Windows\System\HXmYhqg.exe

C:\Windows\System\HXmYhqg.exe

C:\Windows\System\YhzQxei.exe

C:\Windows\System\YhzQxei.exe

C:\Windows\System\BatKLRM.exe

C:\Windows\System\BatKLRM.exe

C:\Windows\System\jOzjBmy.exe

C:\Windows\System\jOzjBmy.exe

C:\Windows\System\xHDfprZ.exe

C:\Windows\System\xHDfprZ.exe

C:\Windows\System\kjOzVlJ.exe

C:\Windows\System\kjOzVlJ.exe

C:\Windows\System\hoGQxVy.exe

C:\Windows\System\hoGQxVy.exe

C:\Windows\System\tZZjKEW.exe

C:\Windows\System\tZZjKEW.exe

C:\Windows\System\ZyGbSkZ.exe

C:\Windows\System\ZyGbSkZ.exe

C:\Windows\System\AwxEhdw.exe

C:\Windows\System\AwxEhdw.exe

C:\Windows\System\dJViEEJ.exe

C:\Windows\System\dJViEEJ.exe

C:\Windows\System\AbiHgah.exe

C:\Windows\System\AbiHgah.exe

C:\Windows\System\cqsSzpv.exe

C:\Windows\System\cqsSzpv.exe

C:\Windows\System\wQNfGyZ.exe

C:\Windows\System\wQNfGyZ.exe

C:\Windows\System\UULwNWL.exe

C:\Windows\System\UULwNWL.exe

C:\Windows\System\HmnLdQn.exe

C:\Windows\System\HmnLdQn.exe

C:\Windows\System\oxYBRTC.exe

C:\Windows\System\oxYBRTC.exe

C:\Windows\System\BNBvFcC.exe

C:\Windows\System\BNBvFcC.exe

C:\Windows\System\SSvpoQR.exe

C:\Windows\System\SSvpoQR.exe

C:\Windows\System\eJJgpJL.exe

C:\Windows\System\eJJgpJL.exe

C:\Windows\System\erUlLbu.exe

C:\Windows\System\erUlLbu.exe

C:\Windows\System\luItDye.exe

C:\Windows\System\luItDye.exe

C:\Windows\System\YhIljZD.exe

C:\Windows\System\YhIljZD.exe

C:\Windows\System\mxxvlrL.exe

C:\Windows\System\mxxvlrL.exe

C:\Windows\System\uxFCcwK.exe

C:\Windows\System\uxFCcwK.exe

C:\Windows\System\AKuGtjp.exe

C:\Windows\System\AKuGtjp.exe

C:\Windows\System\dYsLWHM.exe

C:\Windows\System\dYsLWHM.exe

C:\Windows\System\XLdGxlg.exe

C:\Windows\System\XLdGxlg.exe

C:\Windows\System\FpRyBWD.exe

C:\Windows\System\FpRyBWD.exe

C:\Windows\System\UsNshSP.exe

C:\Windows\System\UsNshSP.exe

C:\Windows\System\aLhKiTd.exe

C:\Windows\System\aLhKiTd.exe

C:\Windows\System\AHZAgnj.exe

C:\Windows\System\AHZAgnj.exe

C:\Windows\System\FbXdsKk.exe

C:\Windows\System\FbXdsKk.exe

C:\Windows\System\yXONcNm.exe

C:\Windows\System\yXONcNm.exe

C:\Windows\System\OtDebRC.exe

C:\Windows\System\OtDebRC.exe

C:\Windows\System\ajPOOoQ.exe

C:\Windows\System\ajPOOoQ.exe

C:\Windows\System\xhWQbko.exe

C:\Windows\System\xhWQbko.exe

C:\Windows\System\yUBJkoh.exe

C:\Windows\System\yUBJkoh.exe

C:\Windows\System\qapxhGe.exe

C:\Windows\System\qapxhGe.exe

C:\Windows\System\wTPrMly.exe

C:\Windows\System\wTPrMly.exe

C:\Windows\System\GwWoTtV.exe

C:\Windows\System\GwWoTtV.exe

C:\Windows\System\antnPXc.exe

C:\Windows\System\antnPXc.exe

C:\Windows\System\rFMXPxG.exe

C:\Windows\System\rFMXPxG.exe

C:\Windows\System\eVokmms.exe

C:\Windows\System\eVokmms.exe

C:\Windows\System\ZeBicls.exe

C:\Windows\System\ZeBicls.exe

C:\Windows\System\TXNqhPI.exe

C:\Windows\System\TXNqhPI.exe

C:\Windows\System\axOuNci.exe

C:\Windows\System\axOuNci.exe

C:\Windows\System\ZUGhWXa.exe

C:\Windows\System\ZUGhWXa.exe

C:\Windows\System\SFQslnk.exe

C:\Windows\System\SFQslnk.exe

C:\Windows\System\xyLSmdT.exe

C:\Windows\System\xyLSmdT.exe

C:\Windows\System\PFpaIsu.exe

C:\Windows\System\PFpaIsu.exe

C:\Windows\System\RubiHtl.exe

C:\Windows\System\RubiHtl.exe

C:\Windows\System\gjWSrBL.exe

C:\Windows\System\gjWSrBL.exe

C:\Windows\System\VJArcyy.exe

C:\Windows\System\VJArcyy.exe

C:\Windows\System\MogGPya.exe

C:\Windows\System\MogGPya.exe

C:\Windows\System\blwmdFI.exe

C:\Windows\System\blwmdFI.exe

C:\Windows\System\IHSzbhl.exe

C:\Windows\System\IHSzbhl.exe

C:\Windows\System\SkvmqOJ.exe

C:\Windows\System\SkvmqOJ.exe

C:\Windows\System\dvLcVyD.exe

C:\Windows\System\dvLcVyD.exe

C:\Windows\System\NCxQoGw.exe

C:\Windows\System\NCxQoGw.exe

C:\Windows\System\kUCNfJd.exe

C:\Windows\System\kUCNfJd.exe

C:\Windows\System\wWKziWx.exe

C:\Windows\System\wWKziWx.exe

C:\Windows\System\SiIwAZm.exe

C:\Windows\System\SiIwAZm.exe

C:\Windows\System\urEyGMp.exe

C:\Windows\System\urEyGMp.exe

C:\Windows\System\amKMPwT.exe

C:\Windows\System\amKMPwT.exe

C:\Windows\System\yKLuyXB.exe

C:\Windows\System\yKLuyXB.exe

C:\Windows\System\vCdeMhu.exe

C:\Windows\System\vCdeMhu.exe

C:\Windows\System\mvIglQP.exe

C:\Windows\System\mvIglQP.exe

C:\Windows\System\MhHIMdW.exe

C:\Windows\System\MhHIMdW.exe

C:\Windows\System\HQxlKdf.exe

C:\Windows\System\HQxlKdf.exe

C:\Windows\System\vIUTdsa.exe

C:\Windows\System\vIUTdsa.exe

C:\Windows\System\sCAijtM.exe

C:\Windows\System\sCAijtM.exe

C:\Windows\System\owHJzgf.exe

C:\Windows\System\owHJzgf.exe

C:\Windows\System\TehrHnK.exe

C:\Windows\System\TehrHnK.exe

C:\Windows\System\sfcIczp.exe

C:\Windows\System\sfcIczp.exe

C:\Windows\System\FvQwftK.exe

C:\Windows\System\FvQwftK.exe

C:\Windows\System\MPAGkNC.exe

C:\Windows\System\MPAGkNC.exe

C:\Windows\System\ksqxHRM.exe

C:\Windows\System\ksqxHRM.exe

C:\Windows\System\ibxmmzi.exe

C:\Windows\System\ibxmmzi.exe

C:\Windows\System\IzGpVEr.exe

C:\Windows\System\IzGpVEr.exe

C:\Windows\System\ErxWGrm.exe

C:\Windows\System\ErxWGrm.exe

C:\Windows\System\NJVObPx.exe

C:\Windows\System\NJVObPx.exe

C:\Windows\System\aIFekdx.exe

C:\Windows\System\aIFekdx.exe

C:\Windows\System\AorpVBG.exe

C:\Windows\System\AorpVBG.exe

C:\Windows\System\YiuxpQN.exe

C:\Windows\System\YiuxpQN.exe

C:\Windows\System\SRcYziq.exe

C:\Windows\System\SRcYziq.exe

C:\Windows\System\DUWxFvw.exe

C:\Windows\System\DUWxFvw.exe

C:\Windows\System\HRBykBz.exe

C:\Windows\System\HRBykBz.exe

C:\Windows\System\pgKDzYU.exe

C:\Windows\System\pgKDzYU.exe

C:\Windows\System\UjWzkGv.exe

C:\Windows\System\UjWzkGv.exe

C:\Windows\System\YOGHBHy.exe

C:\Windows\System\YOGHBHy.exe

C:\Windows\System\QgyfUAA.exe

C:\Windows\System\QgyfUAA.exe

C:\Windows\System\DOmFnkM.exe

C:\Windows\System\DOmFnkM.exe

C:\Windows\System\glCVgcm.exe

C:\Windows\System\glCVgcm.exe

C:\Windows\System\umJKCcu.exe

C:\Windows\System\umJKCcu.exe

C:\Windows\System\MfafoVy.exe

C:\Windows\System\MfafoVy.exe

C:\Windows\System\mlUkRwF.exe

C:\Windows\System\mlUkRwF.exe

C:\Windows\System\JilFmUd.exe

C:\Windows\System\JilFmUd.exe

C:\Windows\System\JfrpjVu.exe

C:\Windows\System\JfrpjVu.exe

C:\Windows\System\wgtYbSc.exe

C:\Windows\System\wgtYbSc.exe

C:\Windows\System\jvHxemT.exe

C:\Windows\System\jvHxemT.exe

C:\Windows\System\sXojQLQ.exe

C:\Windows\System\sXojQLQ.exe

C:\Windows\System\sgzFrUm.exe

C:\Windows\System\sgzFrUm.exe

C:\Windows\System\MHatvql.exe

C:\Windows\System\MHatvql.exe

C:\Windows\System\IeiXWvu.exe

C:\Windows\System\IeiXWvu.exe

C:\Windows\System\gEueNRE.exe

C:\Windows\System\gEueNRE.exe

C:\Windows\System\ygCOnpd.exe

C:\Windows\System\ygCOnpd.exe

C:\Windows\System\QKlPmPu.exe

C:\Windows\System\QKlPmPu.exe

C:\Windows\System\BQBJqvb.exe

C:\Windows\System\BQBJqvb.exe

C:\Windows\System\zQQEsjt.exe

C:\Windows\System\zQQEsjt.exe

C:\Windows\System\HQVciBH.exe

C:\Windows\System\HQVciBH.exe

C:\Windows\System\KZsEKJm.exe

C:\Windows\System\KZsEKJm.exe

C:\Windows\System\gOGUsOG.exe

C:\Windows\System\gOGUsOG.exe

C:\Windows\System\iEWMqfc.exe

C:\Windows\System\iEWMqfc.exe

C:\Windows\System\oCDqDMz.exe

C:\Windows\System\oCDqDMz.exe

C:\Windows\System\GMPjaCa.exe

C:\Windows\System\GMPjaCa.exe

C:\Windows\System\tRNHtuI.exe

C:\Windows\System\tRNHtuI.exe

C:\Windows\System\wytZfSP.exe

C:\Windows\System\wytZfSP.exe

C:\Windows\System\cGyMzeU.exe

C:\Windows\System\cGyMzeU.exe

C:\Windows\System\pXMcrHg.exe

C:\Windows\System\pXMcrHg.exe

C:\Windows\System\PqBVzir.exe

C:\Windows\System\PqBVzir.exe

C:\Windows\System\NgIXZhU.exe

C:\Windows\System\NgIXZhU.exe

C:\Windows\System\LtTNJIN.exe

C:\Windows\System\LtTNJIN.exe

C:\Windows\System\bFWPVYI.exe

C:\Windows\System\bFWPVYI.exe

C:\Windows\System\qSOOTxS.exe

C:\Windows\System\qSOOTxS.exe

C:\Windows\System\AwpFiNH.exe

C:\Windows\System\AwpFiNH.exe

C:\Windows\System\tRRBrPd.exe

C:\Windows\System\tRRBrPd.exe

C:\Windows\System\qnwzqgf.exe

C:\Windows\System\qnwzqgf.exe

C:\Windows\System\MvHWXKN.exe

C:\Windows\System\MvHWXKN.exe

C:\Windows\System\eCxDWFE.exe

C:\Windows\System\eCxDWFE.exe

C:\Windows\System\EyxcfYm.exe

C:\Windows\System\EyxcfYm.exe

C:\Windows\System\bIzmWyN.exe

C:\Windows\System\bIzmWyN.exe

C:\Windows\System\tmmuEgg.exe

C:\Windows\System\tmmuEgg.exe

C:\Windows\System\vuxWVDY.exe

C:\Windows\System\vuxWVDY.exe

C:\Windows\System\yrpJFtn.exe

C:\Windows\System\yrpJFtn.exe

C:\Windows\System\OogLBqE.exe

C:\Windows\System\OogLBqE.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2232-0-0x0000000000080000-0x0000000000090000-memory.dmp

memory/2232-2-0x000000013F510000-0x000000013F906000-memory.dmp

\Windows\system\uGzMPlF.exe

MD5 7038a682f277b38acdc96cadd1cded40
SHA1 2a109da26136b5b86889276549560a38bd89714a
SHA256 96c1c8aa7cb15ba72ab2eb6f3b3b72d9ffba5f1d2bdf620698c9f6d713cd0481
SHA512 97c719adcad83601760eb4392b3d9b80e641db588f1a840369067d3e255319ec779e5a4bbbf16853f9ede253c9f7d19602951d56d1e4160f9ef77eb851292ae8

memory/2232-7-0x0000000003100000-0x00000000034F6000-memory.dmp

memory/2348-9-0x000000013F2F0000-0x000000013F6E6000-memory.dmp

C:\Windows\system\trOQwFY.exe

MD5 4327349391cb8d7a13d867700c1fd821
SHA1 d80aaeab605631f6ec590bc1c75f5fd8b98457a7
SHA256 0f55308fae02aefaa82720f11c64a0a918a590058bc8f18bdedf494e60e651aa
SHA512 43042fbc986207cc4a818799baaab4028e68da459cecca512a4934580e33afccd308af89c79e309ead2cd3ea40eaaff07801c484faaf4f8da5dec2ec595f4075

memory/2232-14-0x000000013F0F0000-0x000000013F4E6000-memory.dmp

memory/2652-16-0x000000013F0F0000-0x000000013F4E6000-memory.dmp

\Windows\system\EupstiS.exe

MD5 1d45ea7df9799a414bba10fb07880045
SHA1 501fb3ffc2d0be813d7eb9fd714e1fca1c456c41
SHA256 467bc4478f98a9a51ce4ef245517c10d5e4fd71288634dbf258a23df857a0f4a
SHA512 d3a4d2798df125a8a69493183e02d5cb28680553fca580126f493ef291ebcbf900bda813312da12360152bafc3fc1a1ad767aff2b7dd0e55b423f58c71773bbb

memory/2232-22-0x000000013FE10000-0x0000000140206000-memory.dmp

memory/2032-23-0x000007FEF586E000-0x000007FEF586F000-memory.dmp

memory/2032-25-0x0000000002790000-0x0000000002798000-memory.dmp

memory/2032-24-0x000000001B6B0000-0x000000001B992000-memory.dmp

memory/2032-29-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

memory/2032-30-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

memory/2820-32-0x000000013FE10000-0x0000000140206000-memory.dmp

\Windows\system\shbgDyX.exe

MD5 14b0321198dbf473bfb29c15d113d230
SHA1 a022ac8c547b36dd823b8da8d0ce72460d799a9b
SHA256 1c8cea46d5d96206a7dc69ce832e695275e65deb95d45fd9ee8fa48aebd03c46
SHA512 080a2a8197c4b662c359edc2a66efe25b2b887425d5909b8116841cfc6ac2f311d77c35287776675803b10075df2fb2afb175a1a3992f0530b571ff13051112c

memory/2232-46-0x00000000034E0000-0x00000000038D6000-memory.dmp

\Windows\system\ZfMwVwX.exe

MD5 4dd8e0b69dc66f0e94315c0b07e4b42a
SHA1 30bface6f311177d83aaf9d4e361b7673b3eb5e3
SHA256 1b36ebc0f0a5ca2de42c89b66a4b3dd41e9932aa6668db0a3411e8febaf3532d
SHA512 ed478c2c8128852b47b5ff95839a5771dc87b0f90561772aa53d15aa8b2d4245aefb41e6017af36c1e90e99fad73e0e1c0c1ff43e5de06f0e9be5cf81adbc191

memory/2232-63-0x000000013FF30000-0x0000000140326000-memory.dmp

C:\Windows\system\UDkdwdY.exe

MD5 7fe01d26c11cd078a94d3b4980cc3167
SHA1 37e32ae0264ace2636c7cba5ab9dff2ae041ee85
SHA256 242c0dcfc0be37e5cca9453e24d11d5d3e89d7a1ce654b60c93b1d78f0fe89fd
SHA512 cb90ebd801b4684ef4baf65712db61f626793138ebf7a477e73f17a683047eee5529bffbbd4159be8f1587da32bb2384970b1802c96730118341de9b931d42d2

\Windows\system\zOgTMtJ.exe

MD5 04d1d1cb256b90213c9c042998fdff66
SHA1 8a528738b12ab70f77e3662dc51c7b08dcbdc99e
SHA256 2e8751d7e82f238da04722742996ee3e652b1d5abe1bc3443c6ff969798ccbec
SHA512 100e9e63c58f92c0181b023fbef69cd10b3d03be91a67fbfe22b70a6a79dcb90b773146098f975af256c29fb4e96f5edf848c65ccbab15e7b1cca1d5ff167a48

memory/2232-89-0x000000013FE10000-0x0000000140206000-memory.dmp

C:\Windows\system\bJXCFMH.exe

MD5 227535cc85f44a5a7ba63aaf4966440b
SHA1 c3f8f5a9c29fdeaf05bdd8452c0849df4a5345a8
SHA256 89dae2a926b9d0b7e386b3164152cf9f5488dc4d35249ae9d0aefeba102e8043
SHA512 f35966e9f3c36269385de0f931fcf53eb0ec2619911ea2403587645be6b5a528c0ac22e10a669a7868e34fe2765e69ce89271282283f93fe6d29131eab0bd4fd

memory/1328-84-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

memory/2232-94-0x000000013FF60000-0x0000000140356000-memory.dmp

C:\Windows\system\CwdoDLG.exe

MD5 503ea136d5299747dd61a5db693443db
SHA1 6caca8740e09c76134325e86c4d06df73440d0eb
SHA256 769086dd96692f5573ffda04cfb2e07cb5c451f5e1bae95f71253aaf3a71ff86
SHA512 2b30020ec1ea280d67b217a2cf494f19ec1253f952321ce0f5f56d9368d65635c075d4ce9619d4563bdb9c11cdfc26ba5a21758da7f5f4520299d331373930c8

C:\Windows\system\oEZyxXH.exe

MD5 a4d0cf5b53571069c217064ed2298e2c
SHA1 8f6aa261b95d4f21d3cf18f3300f1919ccc0998b
SHA256 3ba12df51b8d5498e592288286da5e7691776212ebbc147b9a3af4156a73935c
SHA512 15459c346aa91e68d9c08333d02275396ffda9aab2e0fa404f2888feb18f20d306f75d7dea75eb05c01b9a27c292dca22f5b6b70de4bccc121c783fec39d3ba0

memory/2556-1046-0x000000013F9B0000-0x000000013FDA6000-memory.dmp

memory/2032-1881-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

memory/2124-1882-0x000000013FAC0000-0x000000013FEB6000-memory.dmp

memory/2232-666-0x00000000034E0000-0x00000000038D6000-memory.dmp

memory/2232-668-0x00000000034E0000-0x00000000038D6000-memory.dmp

C:\Windows\system\RfPFmWO.exe

MD5 6da737e4538a55791e0e3f646f623aea
SHA1 97fae09e0823bfaab63549481c74ef99dc017a1c
SHA256 2f4a87ccfcc7cc03651d0cd4967224ddb4e0131d3e1625193e5a38e430a03408
SHA512 ce3a68b43cfe87f82916dffe45deca8609fb392ab6b157ed59f5c83bb4dd93f44cddc42ba200b337424bab3c7fa549dcd11247fc3ffaf1e9bc01385e8d8393fd

C:\Windows\system\tpMWZBa.exe

MD5 4e4fbe7f8d26e26fd3a50927c988b747
SHA1 c4f64167a80ff212bbcc3801e811c86838710272
SHA256 96712d118045df3d1f25cc2f2d9e1d08ef74414aa18afcfea1548b397b9e4235
SHA512 dc1c14b119150657eadcf1eeae3ba9c3bbbc4a03803cf8242b513b64b223f87fc22b1ba6b9ee377cbeb73c672bb90566555e101220e2bbe9c01bd1e39466f019

C:\Windows\system\egaUqJq.exe

MD5 424096a6931fd47e3e2e92017d16aa90
SHA1 777e0c0b86095215028dd62fa7aac2d92f04aa88
SHA256 10d18586b5b95c8342ed0da7cfc177b439ae0df2373cd27c5c7f69f0d532da96
SHA512 d575b641f0b67e0dfbda1141edc57cb4871fe6d15837a62e5ef473c8540fd86251ab9137bde447654b71fc2ae35fec5b6e6d29f9809c9aad586494176c493f5a

C:\Windows\system\EDxRjBO.exe

MD5 695515d3ee0a0f8cac7947c779d72809
SHA1 b7146f39ab0ecd93dd59b395140f485a24261731
SHA256 5907d0893739a95bc05f1425c6b06444ba487bcd9554487fbfe2ba119594983f
SHA512 6f9cb6f5022364545749f328b9b6222ef6058dd37716a22d686cadcedc0e9a1a73aa0a7d66c2cd9f7d0f1b2a6d03dd52f98e3d0b11b8c809af51ceb2746d355f

C:\Windows\system\oexPVWK.exe

MD5 bd0b583ff1f636f026b456cd29fd8a0a
SHA1 e99cd8e00ba114d95bbfc6817ac5a46bc8f95349
SHA256 936a8cba3fb20f49c5c26afccb07ab47d8d53dbdcb0623b73845ea5043e59750
SHA512 1568731c44fd70625b8ceacf9836791b620ee3240c86021ec3a5ceb5af4e32ea27ede0f58567530911e19d4d1cd16b59fa9585ffccb7a03823133123a4cd1c78

C:\Windows\system\rSrUUKc.exe

MD5 e73613488ec672cdd4aa2107447acf71
SHA1 4c0318d4855fe5dcf355512823a11231e10d7b33
SHA256 8b63dbd6f88bcfc0149e6d962c63dca210da8ea2cb27ca650550d38736544b1c
SHA512 d588a9defdb79aed2149b8fe1516962eae01fa56d694931aef2da44a8730388dd20728c8cc8058ff1ee22335006a552310d5ec11c60072be08efce296a2c89d6

C:\Windows\system\mnPlptt.exe

MD5 0098641663003102616a786ab39d96bd
SHA1 954d4c466fa6b0d798415c195c0ef43d90a62337
SHA256 ccc6adb26758d86ee930226e60d338534838f30b5684e727aec7417981cbf0b6
SHA512 14decc32b2e771af02bc49cc6e509ae2aa90013b18c3f94742eb986fe4931c988d372b9b6c371b110374827d61ae3fbdb1bc31930210ac42648e1ac14645c757

C:\Windows\system\Snhwbhb.exe

MD5 072c4c86ff66258349e1951950b9a494
SHA1 40b921f66a2bb71fe1f2d6d1e5cd967bdf7e95ea
SHA256 dc2e05b6a91ac438b8b39f5b9386524a43848777def97a5bc8abb6afa7bd25a6
SHA512 075a9308b90d966898b0c627b264f5be64ca7402d80cd0c0543538637148ea97beacddc7b68f9eb55708199114c8886386dac6f685b3f89e1eb5b21d3620ef9c

C:\Windows\system\ihzXMdx.exe

MD5 ef5aa719bcdb94ef39f3fa00e2f60b1a
SHA1 7e71b5a073103a9739b96a9a4b8db28ca4cf8892
SHA256 443f1dbf7cbf4cf8b3384e833d7c0904e9cc4c33a17e3fa6db5147ce216a5b6c
SHA512 7988cf9ef4f61eb3a240ecf22348b8cc547a7e2b28339df648e187f5dc6f9c7e2aad38cc6be5de9f647201f0449c9217adf4ae84bce71a2bd7977f2a9aeee10b

C:\Windows\system\nUAeIvo.exe

MD5 c7b578f8948b1742dcea73970a010fe9
SHA1 52e3626d023a82b539cc9ae01bd9516bbff6d542
SHA256 6edc9ded68ec69e448cb7ebd7492eb92142f9a46c1faca305455e747bf21706a
SHA512 b807fa6f3c0701851002d98196a2a1786e556eabde64bd4fed4c21537f4fb844a33f63a45985ef9bc95064d11f59e237a90930f12929d1a234363af6af515263

C:\Windows\system\sBzLKeX.exe

MD5 b98153e945dbdf87cd97b7ca427a3ad9
SHA1 77e06661a89b24ec2e057dfd97ab71ca3fc54be7
SHA256 9609c81a708dd18698747d61d22ab4feb0abbf8d9d5aa2e395425ee548057651
SHA512 d02c02bc59aa81c414f1df81981d77d3f4c4bd08c9eb9cff74f9bd7c4099c8798db24461835ca24732497840058d977a11ea3b74235e1b9c5836487d5d4d086c

C:\Windows\system\HYmgsYE.exe

MD5 626b9d6a558264c109f5428a72083005
SHA1 985648de4801dd8c61e6f65d16a94492115d7e0f
SHA256 e40fddef2e9bcf45890c12c2145f3b09923b8683d4b1edaf3e1ef04251206886
SHA512 d7dd78f511ab14979ccc6f18a61ed8f09693a6049cd68257c55fb78c61afde9f37b3c568c81f0bbdb94ac018d2fddf32b0834dc74c222bb2c71177a78f16a1e4

C:\Windows\system\RJYGeoj.exe

MD5 906b31f31ec5d633c7d4dda1446931bc
SHA1 97cd7ab3d0e26f105e5719bbbea4635750215d98
SHA256 979c28efaf497dd2a292448251e4b2b744fd84994cab22da451c55d60750438a
SHA512 054fa3bb537ac41fdb12aae297e72d879b65a89dbae3270b08b15393be72ceb6abfe26f22484b2a8a0ce401c2179deffd29cae8a5045356deb4e0cc51338dd79

C:\Windows\system\CfYApHu.exe

MD5 9c19ce8a6f28981e7d7d2abdb4545c3f
SHA1 bb4d9e51b03e83c837a28823ddff7063a1e2047a
SHA256 e9686d6c6399a7ee76d36dff72371b2a6cf0e72ad7e15dc88d57a996391b8417
SHA512 0a3e5caf9309bdb9d78e26ad172e091526e1994ea52b4a48e4a2a4546b1746c885425577c57d188189198a94a06ad761707d10c39f30e9205084cea0f07229d1

C:\Windows\system\cdQjoAR.exe

MD5 d661bf168850ae4f9e2aaab1a79125b6
SHA1 9a047fbd1d4251ca8460597af90781d680ef619a
SHA256 727f77888c96b79ce122111ad1953fb7331ca2158cf08c135534a8bda7f7fda8
SHA512 3d5ca41eae907f83804ed3ef8d040181f554f889d5b1de2ffcb473adb699af42c80f04fb04fdb31f14d9c0868f88b94d9763411ef20f056bfebeae218550b33a

C:\Windows\system\dXCGsWW.exe

MD5 69bd66a5f6743c8b21d47de662758bbb
SHA1 cd46bd1fac0b87115088b98d21f3181681e4c33f
SHA256 fe9eb5bbc907ac1f7ef4027523df91faccd631d8ff3f4eae6fcc0e0655b17fde
SHA512 aed05641c60110d2b5be8ee3baab313bf9bce6b2e79c48e1b22a156c82f222f07ad4e46c92748cd19d3aa3d54e704090965e8f71d6716877bbfae2f527729f57

C:\Windows\system\XvDAbBk.exe

MD5 7e5d6dc0dcdee6e3414840ded9abd3d8
SHA1 b591ee8a0a2942dc012bcabce21d32969b5facfc
SHA256 783eed3ba7edeb6be4eff8bd1460e094d24eecd79f25c12ec83619fb58433ad3
SHA512 7b9b1b98d444f9321cfa31a8c51a137d5f63b35ae9f94a3b49f7be3b4518d3725d502ac258a9efba166f79815cec080284b9b9cecf567632e4e4d0ba062c6a52

C:\Windows\system\SeABIAb.exe

MD5 51c6678336a5cf5575e13e7b72bbbb1d
SHA1 ae0300cf2afccadc65b7a1784d0dabc202e58b4f
SHA256 954372237e6df1fb9c888efe22c019a21eac37c4c93ef674e986478fc2e896b6
SHA512 fe7c7352ab4e49aaf207fa72f0322ea3a8ce7019b55f1363e0e8f863e0758cf6c8fb725d49c97f10ea2fd85c189cd7c758755c87b0080d0bb202eff837538619

memory/2896-100-0x000000013FF60000-0x0000000140356000-memory.dmp

C:\Windows\system\ZMdCGLu.exe

MD5 6613a2eb22074048dd886560326bb05e
SHA1 580f3f02f87a50add79bcb9686fa44a33023304d
SHA256 f49af26524c5d942fa244cd72f00a63f749c0e5d668947eda87b53d46114bc1f
SHA512 cb0ef58a3d647845ae8fa49026c03a7287281bbd968b4b1ed963fd3a4705dac173da64092c16f2d879f8b810232e955f8f813caae4762431bf06a26af5c6ac2a

memory/2552-93-0x000000013F520000-0x000000013F916000-memory.dmp

memory/2232-92-0x00000000034E0000-0x00000000038D6000-memory.dmp

memory/2032-91-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

memory/2652-83-0x000000013F0F0000-0x000000013F4E6000-memory.dmp

memory/2160-82-0x000000013FF30000-0x0000000140326000-memory.dmp

memory/2508-80-0x000000013F2C0000-0x000000013F6B6000-memory.dmp

C:\Windows\system\JQVYDlx.exe

MD5 593226b9a7ab761a103ac4e2a2cc54c3
SHA1 16f08afe5b4ad462dd843a36e9c4f66b4dd123c8
SHA256 a86db4984beb2d2d27a888a2d38f2bdf78f7430b4bbba7ba634600be0adbca96
SHA512 87dfc01695bdb43441685f4a6eedbd5cb9970fdfb5eda481ed7fda81aefb60ce46437344db75e2c59e03f8d9dfb9970798f889837182c43f324add294d06498f

C:\Windows\system\tWNerBf.exe

MD5 d0d4a98e0682e6ab30baf909164f71ba
SHA1 17b93000d334f4138a047e3c969bd53320646711
SHA256 c0dcaab07ee564dd0c5068db7e2d2005aedd76f8f3553d52513cab4de2d1248c
SHA512 ed44988ce120cf2ee9d8cc2011ca2278bfba462da8b1cd6491d31798d29390e4c07ce6644dfca0c3805f0a494d03e231280d7647435cd0bf803f1a66a0af33f0

memory/2348-70-0x000000013F2F0000-0x000000013F6E6000-memory.dmp

memory/2124-69-0x000000013FAC0000-0x000000013FEB6000-memory.dmp

memory/2232-68-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

memory/2232-67-0x000000013F510000-0x000000013F906000-memory.dmp

memory/2556-66-0x000000013F9B0000-0x000000013FDA6000-memory.dmp

memory/2232-57-0x000000013F9B0000-0x000000013FDA6000-memory.dmp

memory/2232-56-0x00000000034E0000-0x00000000038D6000-memory.dmp

C:\Windows\system\TrwnvZW.exe

MD5 5ec436286cddfcdfb3b4c9e8a29f0c3c
SHA1 2a38be9694660447ca248baa8ac166ef35f9c227
SHA256 ef028f45fa37d6e4ab50f4fed772c96203d1ab1f98a29466e5de54dcaee9efe4
SHA512 c24f19abff5d93cf7f0e19543af511efe80948c7479e1bc522ca6d05b7d50b5430317115320c1cc76e77bb5851525a87a84eed2419a635ba9548740836458d28

memory/2132-53-0x000000013F200000-0x000000013F5F6000-memory.dmp

memory/2864-45-0x000000013F650000-0x000000013FA46000-memory.dmp

memory/2032-44-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

memory/2232-41-0x00000000034E0000-0x00000000038D6000-memory.dmp

memory/2232-2940-0x00000000034E0000-0x00000000038D6000-memory.dmp

memory/2552-2944-0x000000013F520000-0x000000013F916000-memory.dmp

memory/2232-3203-0x000000013FF60000-0x0000000140356000-memory.dmp

memory/2132-6265-0x000000013F200000-0x000000013F5F6000-memory.dmp

memory/2124-6397-0x000000013FAC0000-0x000000013FEB6000-memory.dmp

memory/2896-6429-0x000000013FF60000-0x0000000140356000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 12:54

Reported

2024-06-13 12:56

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mtCslXO.exe N/A
N/A N/A C:\Windows\System\UHyfeYF.exe N/A
N/A N/A C:\Windows\System\nWyyZlZ.exe N/A
N/A N/A C:\Windows\System\ThOYCWg.exe N/A
N/A N/A C:\Windows\System\fvnZGUe.exe N/A
N/A N/A C:\Windows\System\CIzlxGT.exe N/A
N/A N/A C:\Windows\System\NHVmnum.exe N/A
N/A N/A C:\Windows\System\fzIzWIQ.exe N/A
N/A N/A C:\Windows\System\gllidtK.exe N/A
N/A N/A C:\Windows\System\aTiPqJw.exe N/A
N/A N/A C:\Windows\System\XyNJFyf.exe N/A
N/A N/A C:\Windows\System\WMkNGjS.exe N/A
N/A N/A C:\Windows\System\MqKHjPZ.exe N/A
N/A N/A C:\Windows\System\TInqWjZ.exe N/A
N/A N/A C:\Windows\System\TzgysOg.exe N/A
N/A N/A C:\Windows\System\FxGuVmf.exe N/A
N/A N/A C:\Windows\System\ojleLlY.exe N/A
N/A N/A C:\Windows\System\npcVvck.exe N/A
N/A N/A C:\Windows\System\aotaaGu.exe N/A
N/A N/A C:\Windows\System\HMCyAbc.exe N/A
N/A N/A C:\Windows\System\LhDSgMe.exe N/A
N/A N/A C:\Windows\System\NdyLuVc.exe N/A
N/A N/A C:\Windows\System\DQKkZcL.exe N/A
N/A N/A C:\Windows\System\iwhAJnK.exe N/A
N/A N/A C:\Windows\System\NETOICk.exe N/A
N/A N/A C:\Windows\System\gInZijq.exe N/A
N/A N/A C:\Windows\System\AAVfxUJ.exe N/A
N/A N/A C:\Windows\System\QZXldCb.exe N/A
N/A N/A C:\Windows\System\AWupcwx.exe N/A
N/A N/A C:\Windows\System\KeIjSqT.exe N/A
N/A N/A C:\Windows\System\zRUbHOi.exe N/A
N/A N/A C:\Windows\System\dmrOMpP.exe N/A
N/A N/A C:\Windows\System\jiuRWiZ.exe N/A
N/A N/A C:\Windows\System\dLjzdve.exe N/A
N/A N/A C:\Windows\System\TVuRGes.exe N/A
N/A N/A C:\Windows\System\EZhzHVw.exe N/A
N/A N/A C:\Windows\System\LYvidQX.exe N/A
N/A N/A C:\Windows\System\FLRgUyu.exe N/A
N/A N/A C:\Windows\System\wxUmrov.exe N/A
N/A N/A C:\Windows\System\sXqpOQl.exe N/A
N/A N/A C:\Windows\System\YsBZCSE.exe N/A
N/A N/A C:\Windows\System\VRKmjQR.exe N/A
N/A N/A C:\Windows\System\vCpAmWX.exe N/A
N/A N/A C:\Windows\System\OrGsORG.exe N/A
N/A N/A C:\Windows\System\ENDhsNA.exe N/A
N/A N/A C:\Windows\System\JEjmfpr.exe N/A
N/A N/A C:\Windows\System\edQObTB.exe N/A
N/A N/A C:\Windows\System\WExniSK.exe N/A
N/A N/A C:\Windows\System\sgpqDgK.exe N/A
N/A N/A C:\Windows\System\FWuQowm.exe N/A
N/A N/A C:\Windows\System\TlNURVY.exe N/A
N/A N/A C:\Windows\System\dbklWii.exe N/A
N/A N/A C:\Windows\System\FGVEwgV.exe N/A
N/A N/A C:\Windows\System\XUPKxZB.exe N/A
N/A N/A C:\Windows\System\hlMmqBj.exe N/A
N/A N/A C:\Windows\System\iVVleng.exe N/A
N/A N/A C:\Windows\System\pUISkkz.exe N/A
N/A N/A C:\Windows\System\QDnkerf.exe N/A
N/A N/A C:\Windows\System\CeWuCqd.exe N/A
N/A N/A C:\Windows\System\kFvIsNB.exe N/A
N/A N/A C:\Windows\System\ZMafcHU.exe N/A
N/A N/A C:\Windows\System\ivdwlET.exe N/A
N/A N/A C:\Windows\System\szbHGtN.exe N/A
N/A N/A C:\Windows\System\lLjbxAW.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\SZLkmpq.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzQbSYb.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sBQAsmr.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sMqdCKq.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jmldDGz.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MkXikjH.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ribBiBU.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtvADXF.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRTppyP.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ILSOMEQ.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EggfkfQ.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kRJnSBC.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FxxTHrd.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSzLXFS.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yDbFzow.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rRwpRtu.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eexPUWo.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xSFygLJ.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUBfTjH.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwhuJZa.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bGOABRO.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOzyRQH.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQUPgRp.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NrEKaYQ.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BKnuSGu.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UxQvzib.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iGacObT.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cyPsqad.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bucQFKg.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pCQwkNI.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcmGvqU.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVwBMJF.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\paPmRRN.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kXRBNtO.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zOTwMrE.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kpLnVYY.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmLcZpG.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzdeZPj.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dqEuzxn.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cZXlvtN.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IguQxGu.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xITLagr.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNUElqI.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRPktTl.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSjkKdt.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GpEEGEm.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\utoFYJS.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sxwdnZV.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qltIMcS.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEMJwVy.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FAlkPYp.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QSbuBUa.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OksMHBn.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDZKjro.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIBHMho.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnACJee.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NBSECxY.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zshdyQj.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WRlrGbo.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cWKsvMA.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFFvBfn.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bLaNSSq.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\USUdnXT.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MezJlRW.exe C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4404 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\mtCslXO.exe
PID 4404 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\mtCslXO.exe
PID 4404 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\UHyfeYF.exe
PID 4404 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\UHyfeYF.exe
PID 4404 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\nWyyZlZ.exe
PID 4404 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\nWyyZlZ.exe
PID 4404 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\fvnZGUe.exe
PID 4404 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\fvnZGUe.exe
PID 4404 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ThOYCWg.exe
PID 4404 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ThOYCWg.exe
PID 4404 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\CIzlxGT.exe
PID 4404 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\CIzlxGT.exe
PID 4404 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\NHVmnum.exe
PID 4404 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\NHVmnum.exe
PID 4404 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\fzIzWIQ.exe
PID 4404 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\fzIzWIQ.exe
PID 4404 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\gllidtK.exe
PID 4404 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\gllidtK.exe
PID 4404 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\aTiPqJw.exe
PID 4404 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\aTiPqJw.exe
PID 4404 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\XyNJFyf.exe
PID 4404 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\XyNJFyf.exe
PID 4404 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\TInqWjZ.exe
PID 4404 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\TInqWjZ.exe
PID 4404 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\WMkNGjS.exe
PID 4404 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\WMkNGjS.exe
PID 4404 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\MqKHjPZ.exe
PID 4404 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\MqKHjPZ.exe
PID 4404 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\TzgysOg.exe
PID 4404 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\TzgysOg.exe
PID 4404 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\FxGuVmf.exe
PID 4404 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\FxGuVmf.exe
PID 4404 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ojleLlY.exe
PID 4404 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\ojleLlY.exe
PID 4404 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\npcVvck.exe
PID 4404 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\npcVvck.exe
PID 4404 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\aotaaGu.exe
PID 4404 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\aotaaGu.exe
PID 4404 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\HMCyAbc.exe
PID 4404 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\HMCyAbc.exe
PID 4404 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\LhDSgMe.exe
PID 4404 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\LhDSgMe.exe
PID 4404 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\NdyLuVc.exe
PID 4404 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\NdyLuVc.exe
PID 4404 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\DQKkZcL.exe
PID 4404 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\DQKkZcL.exe
PID 4404 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\iwhAJnK.exe
PID 4404 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\iwhAJnK.exe
PID 4404 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\NETOICk.exe
PID 4404 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\NETOICk.exe
PID 4404 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\gInZijq.exe
PID 4404 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\gInZijq.exe
PID 4404 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\AAVfxUJ.exe
PID 4404 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\AAVfxUJ.exe
PID 4404 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\QZXldCb.exe
PID 4404 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\QZXldCb.exe
PID 4404 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\AWupcwx.exe
PID 4404 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\AWupcwx.exe
PID 4404 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\KeIjSqT.exe
PID 4404 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\KeIjSqT.exe
PID 4404 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\zRUbHOi.exe
PID 4404 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe C:\Windows\System\zRUbHOi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7de62f58e44ca6926bc0203afa16c9b0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\mtCslXO.exe

C:\Windows\System\mtCslXO.exe

C:\Windows\System\UHyfeYF.exe

C:\Windows\System\UHyfeYF.exe

C:\Windows\System\nWyyZlZ.exe

C:\Windows\System\nWyyZlZ.exe

C:\Windows\System\fvnZGUe.exe

C:\Windows\System\fvnZGUe.exe

C:\Windows\System\ThOYCWg.exe

C:\Windows\System\ThOYCWg.exe

C:\Windows\System\CIzlxGT.exe

C:\Windows\System\CIzlxGT.exe

C:\Windows\System\NHVmnum.exe

C:\Windows\System\NHVmnum.exe

C:\Windows\System\fzIzWIQ.exe

C:\Windows\System\fzIzWIQ.exe

C:\Windows\System\gllidtK.exe

C:\Windows\System\gllidtK.exe

C:\Windows\System\aTiPqJw.exe

C:\Windows\System\aTiPqJw.exe

C:\Windows\System\XyNJFyf.exe

C:\Windows\System\XyNJFyf.exe

C:\Windows\System\TInqWjZ.exe

C:\Windows\System\TInqWjZ.exe

C:\Windows\System\WMkNGjS.exe

C:\Windows\System\WMkNGjS.exe

C:\Windows\System\MqKHjPZ.exe

C:\Windows\System\MqKHjPZ.exe

C:\Windows\System\TzgysOg.exe

C:\Windows\System\TzgysOg.exe

C:\Windows\System\FxGuVmf.exe

C:\Windows\System\FxGuVmf.exe

C:\Windows\System\ojleLlY.exe

C:\Windows\System\ojleLlY.exe

C:\Windows\System\npcVvck.exe

C:\Windows\System\npcVvck.exe

C:\Windows\System\aotaaGu.exe

C:\Windows\System\aotaaGu.exe

C:\Windows\System\HMCyAbc.exe

C:\Windows\System\HMCyAbc.exe

C:\Windows\System\LhDSgMe.exe

C:\Windows\System\LhDSgMe.exe

C:\Windows\System\NdyLuVc.exe

C:\Windows\System\NdyLuVc.exe

C:\Windows\System\DQKkZcL.exe

C:\Windows\System\DQKkZcL.exe

C:\Windows\System\iwhAJnK.exe

C:\Windows\System\iwhAJnK.exe

C:\Windows\System\NETOICk.exe

C:\Windows\System\NETOICk.exe

C:\Windows\System\gInZijq.exe

C:\Windows\System\gInZijq.exe

C:\Windows\System\AAVfxUJ.exe

C:\Windows\System\AAVfxUJ.exe

C:\Windows\System\QZXldCb.exe

C:\Windows\System\QZXldCb.exe

C:\Windows\System\AWupcwx.exe

C:\Windows\System\AWupcwx.exe

C:\Windows\System\KeIjSqT.exe

C:\Windows\System\KeIjSqT.exe

C:\Windows\System\zRUbHOi.exe

C:\Windows\System\zRUbHOi.exe

C:\Windows\System\dmrOMpP.exe

C:\Windows\System\dmrOMpP.exe

C:\Windows\System\jiuRWiZ.exe

C:\Windows\System\jiuRWiZ.exe

C:\Windows\System\dLjzdve.exe

C:\Windows\System\dLjzdve.exe

C:\Windows\System\TVuRGes.exe

C:\Windows\System\TVuRGes.exe

C:\Windows\System\EZhzHVw.exe

C:\Windows\System\EZhzHVw.exe

C:\Windows\System\LYvidQX.exe

C:\Windows\System\LYvidQX.exe

C:\Windows\System\FLRgUyu.exe

C:\Windows\System\FLRgUyu.exe

C:\Windows\System\wxUmrov.exe

C:\Windows\System\wxUmrov.exe

C:\Windows\System\sXqpOQl.exe

C:\Windows\System\sXqpOQl.exe

C:\Windows\System\YsBZCSE.exe

C:\Windows\System\YsBZCSE.exe

C:\Windows\System\VRKmjQR.exe

C:\Windows\System\VRKmjQR.exe

C:\Windows\System\vCpAmWX.exe

C:\Windows\System\vCpAmWX.exe

C:\Windows\System\OrGsORG.exe

C:\Windows\System\OrGsORG.exe

C:\Windows\System\ENDhsNA.exe

C:\Windows\System\ENDhsNA.exe

C:\Windows\System\JEjmfpr.exe

C:\Windows\System\JEjmfpr.exe

C:\Windows\System\edQObTB.exe

C:\Windows\System\edQObTB.exe

C:\Windows\System\WExniSK.exe

C:\Windows\System\WExniSK.exe

C:\Windows\System\sgpqDgK.exe

C:\Windows\System\sgpqDgK.exe

C:\Windows\System\FWuQowm.exe

C:\Windows\System\FWuQowm.exe

C:\Windows\System\TlNURVY.exe

C:\Windows\System\TlNURVY.exe

C:\Windows\System\dbklWii.exe

C:\Windows\System\dbklWii.exe

C:\Windows\System\FGVEwgV.exe

C:\Windows\System\FGVEwgV.exe

C:\Windows\System\XUPKxZB.exe

C:\Windows\System\XUPKxZB.exe

C:\Windows\System\hlMmqBj.exe

C:\Windows\System\hlMmqBj.exe

C:\Windows\System\iVVleng.exe

C:\Windows\System\iVVleng.exe

C:\Windows\System\pUISkkz.exe

C:\Windows\System\pUISkkz.exe

C:\Windows\System\QDnkerf.exe

C:\Windows\System\QDnkerf.exe

C:\Windows\System\CeWuCqd.exe

C:\Windows\System\CeWuCqd.exe

C:\Windows\System\kFvIsNB.exe

C:\Windows\System\kFvIsNB.exe

C:\Windows\System\ZMafcHU.exe

C:\Windows\System\ZMafcHU.exe

C:\Windows\System\ivdwlET.exe

C:\Windows\System\ivdwlET.exe

C:\Windows\System\szbHGtN.exe

C:\Windows\System\szbHGtN.exe

C:\Windows\System\lLjbxAW.exe

C:\Windows\System\lLjbxAW.exe

C:\Windows\System\TlqSHXm.exe

C:\Windows\System\TlqSHXm.exe

C:\Windows\System\DaFBrRS.exe

C:\Windows\System\DaFBrRS.exe

C:\Windows\System\zqwdGif.exe

C:\Windows\System\zqwdGif.exe

C:\Windows\System\gdCOIEz.exe

C:\Windows\System\gdCOIEz.exe

C:\Windows\System\GUrpLoj.exe

C:\Windows\System\GUrpLoj.exe

C:\Windows\System\PjacDQq.exe

C:\Windows\System\PjacDQq.exe

C:\Windows\System\McYybbP.exe

C:\Windows\System\McYybbP.exe

C:\Windows\System\TEnDXBW.exe

C:\Windows\System\TEnDXBW.exe

C:\Windows\System\mSBCZKk.exe

C:\Windows\System\mSBCZKk.exe

C:\Windows\System\YiftEuv.exe

C:\Windows\System\YiftEuv.exe

C:\Windows\System\qUiNMNS.exe

C:\Windows\System\qUiNMNS.exe

C:\Windows\System\xDhWOIc.exe

C:\Windows\System\xDhWOIc.exe

C:\Windows\System\esunaGF.exe

C:\Windows\System\esunaGF.exe

C:\Windows\System\hMIDXAi.exe

C:\Windows\System\hMIDXAi.exe

C:\Windows\System\OfJWxla.exe

C:\Windows\System\OfJWxla.exe

C:\Windows\System\lTZOXut.exe

C:\Windows\System\lTZOXut.exe

C:\Windows\System\USNqHIK.exe

C:\Windows\System\USNqHIK.exe

C:\Windows\System\hQgmFcu.exe

C:\Windows\System\hQgmFcu.exe

C:\Windows\System\iCgVRhG.exe

C:\Windows\System\iCgVRhG.exe

C:\Windows\System\GKavGAh.exe

C:\Windows\System\GKavGAh.exe

C:\Windows\System\SOgVkcE.exe

C:\Windows\System\SOgVkcE.exe

C:\Windows\System\JLJkWSF.exe

C:\Windows\System\JLJkWSF.exe

C:\Windows\System\SiqngGX.exe

C:\Windows\System\SiqngGX.exe

C:\Windows\System\jNKHmDN.exe

C:\Windows\System\jNKHmDN.exe

C:\Windows\System\PovGnbd.exe

C:\Windows\System\PovGnbd.exe

C:\Windows\System\RcvTEpz.exe

C:\Windows\System\RcvTEpz.exe

C:\Windows\System\BbUHmUl.exe

C:\Windows\System\BbUHmUl.exe

C:\Windows\System\ekNQkQx.exe

C:\Windows\System\ekNQkQx.exe

C:\Windows\System\ldVNAPR.exe

C:\Windows\System\ldVNAPR.exe

C:\Windows\System\DQWikgn.exe

C:\Windows\System\DQWikgn.exe

C:\Windows\System\IfUxexN.exe

C:\Windows\System\IfUxexN.exe

C:\Windows\System\FarPdVI.exe

C:\Windows\System\FarPdVI.exe

C:\Windows\System\oKLhlbj.exe

C:\Windows\System\oKLhlbj.exe

C:\Windows\System\WzvZJFe.exe

C:\Windows\System\WzvZJFe.exe

C:\Windows\System\Iyvfpdl.exe

C:\Windows\System\Iyvfpdl.exe

C:\Windows\System\qiYyKZb.exe

C:\Windows\System\qiYyKZb.exe

C:\Windows\System\IFjkzOa.exe

C:\Windows\System\IFjkzOa.exe

C:\Windows\System\SFNJLgD.exe

C:\Windows\System\SFNJLgD.exe

C:\Windows\System\VtWTjQw.exe

C:\Windows\System\VtWTjQw.exe

C:\Windows\System\lGToUqh.exe

C:\Windows\System\lGToUqh.exe

C:\Windows\System\QOgSKpG.exe

C:\Windows\System\QOgSKpG.exe

C:\Windows\System\yTWyJRV.exe

C:\Windows\System\yTWyJRV.exe

C:\Windows\System\UkGiZhX.exe

C:\Windows\System\UkGiZhX.exe

C:\Windows\System\msSoZtd.exe

C:\Windows\System\msSoZtd.exe

C:\Windows\System\IBOyimO.exe

C:\Windows\System\IBOyimO.exe

C:\Windows\System\dLgaWdL.exe

C:\Windows\System\dLgaWdL.exe

C:\Windows\System\BcmgZgp.exe

C:\Windows\System\BcmgZgp.exe

C:\Windows\System\FMYnwbY.exe

C:\Windows\System\FMYnwbY.exe

C:\Windows\System\IDBRoph.exe

C:\Windows\System\IDBRoph.exe

C:\Windows\System\jmIwPWn.exe

C:\Windows\System\jmIwPWn.exe

C:\Windows\System\QsdudSK.exe

C:\Windows\System\QsdudSK.exe

C:\Windows\System\ThlsEjo.exe

C:\Windows\System\ThlsEjo.exe

C:\Windows\System\sStoFdw.exe

C:\Windows\System\sStoFdw.exe

C:\Windows\System\HObdiLf.exe

C:\Windows\System\HObdiLf.exe

C:\Windows\System\qVSekKS.exe

C:\Windows\System\qVSekKS.exe

C:\Windows\System\NDMzoKF.exe

C:\Windows\System\NDMzoKF.exe

C:\Windows\System\xijxKEk.exe

C:\Windows\System\xijxKEk.exe

C:\Windows\System\EWCXNlg.exe

C:\Windows\System\EWCXNlg.exe

C:\Windows\System\SQBreKq.exe

C:\Windows\System\SQBreKq.exe

C:\Windows\System\YiDzZif.exe

C:\Windows\System\YiDzZif.exe

C:\Windows\System\PXLOSgj.exe

C:\Windows\System\PXLOSgj.exe

C:\Windows\System\xCtvPgG.exe

C:\Windows\System\xCtvPgG.exe

C:\Windows\System\SmMcmEG.exe

C:\Windows\System\SmMcmEG.exe

C:\Windows\System\RSLBWQD.exe

C:\Windows\System\RSLBWQD.exe

C:\Windows\System\cpTFgFd.exe

C:\Windows\System\cpTFgFd.exe

C:\Windows\System\paPmRRN.exe

C:\Windows\System\paPmRRN.exe

C:\Windows\System\ShSGuTS.exe

C:\Windows\System\ShSGuTS.exe

C:\Windows\System\deWbstY.exe

C:\Windows\System\deWbstY.exe

C:\Windows\System\SUTpVyr.exe

C:\Windows\System\SUTpVyr.exe

C:\Windows\System\YJvPozM.exe

C:\Windows\System\YJvPozM.exe

C:\Windows\System\naRneqc.exe

C:\Windows\System\naRneqc.exe

C:\Windows\System\pbtVvtd.exe

C:\Windows\System\pbtVvtd.exe

C:\Windows\System\saZvwsK.exe

C:\Windows\System\saZvwsK.exe

C:\Windows\System\obflBfw.exe

C:\Windows\System\obflBfw.exe

C:\Windows\System\jshocEy.exe

C:\Windows\System\jshocEy.exe

C:\Windows\System\zeknkHy.exe

C:\Windows\System\zeknkHy.exe

C:\Windows\System\DxrTJxS.exe

C:\Windows\System\DxrTJxS.exe

C:\Windows\System\XhbbSiu.exe

C:\Windows\System\XhbbSiu.exe

C:\Windows\System\ASPuADO.exe

C:\Windows\System\ASPuADO.exe

C:\Windows\System\PykYRjb.exe

C:\Windows\System\PykYRjb.exe

C:\Windows\System\kgFbEqX.exe

C:\Windows\System\kgFbEqX.exe

C:\Windows\System\UIftHUR.exe

C:\Windows\System\UIftHUR.exe

C:\Windows\System\ZeBDzYf.exe

C:\Windows\System\ZeBDzYf.exe

C:\Windows\System\MQvcavR.exe

C:\Windows\System\MQvcavR.exe

C:\Windows\System\fJJqlRo.exe

C:\Windows\System\fJJqlRo.exe

C:\Windows\System\CspBIYl.exe

C:\Windows\System\CspBIYl.exe

C:\Windows\System\prDfBly.exe

C:\Windows\System\prDfBly.exe

C:\Windows\System\rbeEWfk.exe

C:\Windows\System\rbeEWfk.exe

C:\Windows\System\BQUVQOG.exe

C:\Windows\System\BQUVQOG.exe

C:\Windows\System\XxyTTzo.exe

C:\Windows\System\XxyTTzo.exe

C:\Windows\System\VYvubsa.exe

C:\Windows\System\VYvubsa.exe

C:\Windows\System\MTVIVLi.exe

C:\Windows\System\MTVIVLi.exe

C:\Windows\System\gCMoMRK.exe

C:\Windows\System\gCMoMRK.exe

C:\Windows\System\khSddnO.exe

C:\Windows\System\khSddnO.exe

C:\Windows\System\RmZcySc.exe

C:\Windows\System\RmZcySc.exe

C:\Windows\System\wXrXVYJ.exe

C:\Windows\System\wXrXVYJ.exe

C:\Windows\System\hZpCXFg.exe

C:\Windows\System\hZpCXFg.exe

C:\Windows\System\AwLBxzj.exe

C:\Windows\System\AwLBxzj.exe

C:\Windows\System\sBifbDm.exe

C:\Windows\System\sBifbDm.exe

C:\Windows\System\XPxlHvR.exe

C:\Windows\System\XPxlHvR.exe

C:\Windows\System\EAixlnL.exe

C:\Windows\System\EAixlnL.exe

C:\Windows\System\jnLXNYH.exe

C:\Windows\System\jnLXNYH.exe

C:\Windows\System\yQhsUCj.exe

C:\Windows\System\yQhsUCj.exe

C:\Windows\System\oVPWTUD.exe

C:\Windows\System\oVPWTUD.exe

C:\Windows\System\AgXjcqg.exe

C:\Windows\System\AgXjcqg.exe

C:\Windows\System\VHKcKmP.exe

C:\Windows\System\VHKcKmP.exe

C:\Windows\System\cLVChID.exe

C:\Windows\System\cLVChID.exe

C:\Windows\System\aJwlCHP.exe

C:\Windows\System\aJwlCHP.exe

C:\Windows\System\vXkxcSZ.exe

C:\Windows\System\vXkxcSZ.exe

C:\Windows\System\EuFiDWr.exe

C:\Windows\System\EuFiDWr.exe

C:\Windows\System\LEAfxOv.exe

C:\Windows\System\LEAfxOv.exe

C:\Windows\System\OyCOeDL.exe

C:\Windows\System\OyCOeDL.exe

C:\Windows\System\AKeoXfY.exe

C:\Windows\System\AKeoXfY.exe

C:\Windows\System\TSRurMA.exe

C:\Windows\System\TSRurMA.exe

C:\Windows\System\cosYyWV.exe

C:\Windows\System\cosYyWV.exe

C:\Windows\System\hDGXZzS.exe

C:\Windows\System\hDGXZzS.exe

C:\Windows\System\UzhHaFs.exe

C:\Windows\System\UzhHaFs.exe

C:\Windows\System\gTbdJWF.exe

C:\Windows\System\gTbdJWF.exe

C:\Windows\System\DUOaMIs.exe

C:\Windows\System\DUOaMIs.exe

C:\Windows\System\aOdvzQD.exe

C:\Windows\System\aOdvzQD.exe

C:\Windows\System\KMSJKNo.exe

C:\Windows\System\KMSJKNo.exe

C:\Windows\System\WWpZvzr.exe

C:\Windows\System\WWpZvzr.exe

C:\Windows\System\FvfrrKc.exe

C:\Windows\System\FvfrrKc.exe

C:\Windows\System\AmRbZsw.exe

C:\Windows\System\AmRbZsw.exe

C:\Windows\System\vJbtYUS.exe

C:\Windows\System\vJbtYUS.exe

C:\Windows\System\IxfHruh.exe

C:\Windows\System\IxfHruh.exe

C:\Windows\System\vAdVrSS.exe

C:\Windows\System\vAdVrSS.exe

C:\Windows\System\jSCWrja.exe

C:\Windows\System\jSCWrja.exe

C:\Windows\System\pYVkacz.exe

C:\Windows\System\pYVkacz.exe

C:\Windows\System\IBbVrtx.exe

C:\Windows\System\IBbVrtx.exe

C:\Windows\System\HZTSPLt.exe

C:\Windows\System\HZTSPLt.exe

C:\Windows\System\bOfMXvf.exe

C:\Windows\System\bOfMXvf.exe

C:\Windows\System\lyBPvLd.exe

C:\Windows\System\lyBPvLd.exe

C:\Windows\System\tfdQHcG.exe

C:\Windows\System\tfdQHcG.exe

C:\Windows\System\uPjAaiv.exe

C:\Windows\System\uPjAaiv.exe

C:\Windows\System\NcbuQta.exe

C:\Windows\System\NcbuQta.exe

C:\Windows\System\XpncFMX.exe

C:\Windows\System\XpncFMX.exe

C:\Windows\System\LSLxfkS.exe

C:\Windows\System\LSLxfkS.exe

C:\Windows\System\GCMZoqn.exe

C:\Windows\System\GCMZoqn.exe

C:\Windows\System\ukpoAMk.exe

C:\Windows\System\ukpoAMk.exe

C:\Windows\System\LMjSivP.exe

C:\Windows\System\LMjSivP.exe

C:\Windows\System\UiPYCal.exe

C:\Windows\System\UiPYCal.exe

C:\Windows\System\GRmzRdW.exe

C:\Windows\System\GRmzRdW.exe

C:\Windows\System\bWxAfvf.exe

C:\Windows\System\bWxAfvf.exe

C:\Windows\System\kvPxQQf.exe

C:\Windows\System\kvPxQQf.exe

C:\Windows\System\RlGflEJ.exe

C:\Windows\System\RlGflEJ.exe

C:\Windows\System\BPaYqaF.exe

C:\Windows\System\BPaYqaF.exe

C:\Windows\System\PqiWfrl.exe

C:\Windows\System\PqiWfrl.exe

C:\Windows\System\GtweuBs.exe

C:\Windows\System\GtweuBs.exe

C:\Windows\System\uheohpo.exe

C:\Windows\System\uheohpo.exe

C:\Windows\System\JAhLpag.exe

C:\Windows\System\JAhLpag.exe

C:\Windows\System\lLdjTzZ.exe

C:\Windows\System\lLdjTzZ.exe

C:\Windows\System\LkGSYyS.exe

C:\Windows\System\LkGSYyS.exe

C:\Windows\System\ohUyykv.exe

C:\Windows\System\ohUyykv.exe

C:\Windows\System\yqRXgTB.exe

C:\Windows\System\yqRXgTB.exe

C:\Windows\System\jJtEjoX.exe

C:\Windows\System\jJtEjoX.exe

C:\Windows\System\xoFlIgM.exe

C:\Windows\System\xoFlIgM.exe

C:\Windows\System\eCKJUHP.exe

C:\Windows\System\eCKJUHP.exe

C:\Windows\System\zQszFAB.exe

C:\Windows\System\zQszFAB.exe

C:\Windows\System\pGFdyDI.exe

C:\Windows\System\pGFdyDI.exe

C:\Windows\System\GkAgKeQ.exe

C:\Windows\System\GkAgKeQ.exe

C:\Windows\System\NXdvIVa.exe

C:\Windows\System\NXdvIVa.exe

C:\Windows\System\uWcqupU.exe

C:\Windows\System\uWcqupU.exe

C:\Windows\System\dYvlfCm.exe

C:\Windows\System\dYvlfCm.exe

C:\Windows\System\WZUxHEZ.exe

C:\Windows\System\WZUxHEZ.exe

C:\Windows\System\JFVONSq.exe

C:\Windows\System\JFVONSq.exe

C:\Windows\System\jKNNMNq.exe

C:\Windows\System\jKNNMNq.exe

C:\Windows\System\ZjKuiCy.exe

C:\Windows\System\ZjKuiCy.exe

C:\Windows\System\cJDsIxI.exe

C:\Windows\System\cJDsIxI.exe

C:\Windows\System\mYFUAWJ.exe

C:\Windows\System\mYFUAWJ.exe

C:\Windows\System\GfoNdut.exe

C:\Windows\System\GfoNdut.exe

C:\Windows\System\KJnWWbk.exe

C:\Windows\System\KJnWWbk.exe

C:\Windows\System\cXOQyLF.exe

C:\Windows\System\cXOQyLF.exe

C:\Windows\System\zZkgrxa.exe

C:\Windows\System\zZkgrxa.exe

C:\Windows\System\ibwvMeV.exe

C:\Windows\System\ibwvMeV.exe

C:\Windows\System\CGHsovf.exe

C:\Windows\System\CGHsovf.exe

C:\Windows\System\QsgssWh.exe

C:\Windows\System\QsgssWh.exe

C:\Windows\System\ZhVDXpr.exe

C:\Windows\System\ZhVDXpr.exe

C:\Windows\System\FrCzTCS.exe

C:\Windows\System\FrCzTCS.exe

C:\Windows\System\gxacgTq.exe

C:\Windows\System\gxacgTq.exe

C:\Windows\System\euJkXZJ.exe

C:\Windows\System\euJkXZJ.exe

C:\Windows\System\krNWHLe.exe

C:\Windows\System\krNWHLe.exe

C:\Windows\System\tWDWOXC.exe

C:\Windows\System\tWDWOXC.exe

C:\Windows\System\xXqamJi.exe

C:\Windows\System\xXqamJi.exe

C:\Windows\System\yxDmFIL.exe

C:\Windows\System\yxDmFIL.exe

C:\Windows\System\SgDVawW.exe

C:\Windows\System\SgDVawW.exe

C:\Windows\System\JUIBNZv.exe

C:\Windows\System\JUIBNZv.exe

C:\Windows\System\UGoQfgf.exe

C:\Windows\System\UGoQfgf.exe

C:\Windows\System\ukyJaQi.exe

C:\Windows\System\ukyJaQi.exe

C:\Windows\System\oAekdqW.exe

C:\Windows\System\oAekdqW.exe

C:\Windows\System\pekODVV.exe

C:\Windows\System\pekODVV.exe

C:\Windows\System\bokFUdF.exe

C:\Windows\System\bokFUdF.exe

C:\Windows\System\WjhkjZp.exe

C:\Windows\System\WjhkjZp.exe

C:\Windows\System\WxbXdEq.exe

C:\Windows\System\WxbXdEq.exe

C:\Windows\System\WCTMgbe.exe

C:\Windows\System\WCTMgbe.exe

C:\Windows\System\ZrlDDQl.exe

C:\Windows\System\ZrlDDQl.exe

C:\Windows\System\qFXklvD.exe

C:\Windows\System\qFXklvD.exe

C:\Windows\System\aVkoYua.exe

C:\Windows\System\aVkoYua.exe

C:\Windows\System\enhqJMl.exe

C:\Windows\System\enhqJMl.exe

C:\Windows\System\giwmNIP.exe

C:\Windows\System\giwmNIP.exe

C:\Windows\System\tMWuciD.exe

C:\Windows\System\tMWuciD.exe

C:\Windows\System\zeRXBoo.exe

C:\Windows\System\zeRXBoo.exe

C:\Windows\System\HmXhJYp.exe

C:\Windows\System\HmXhJYp.exe

C:\Windows\System\ojuZfmM.exe

C:\Windows\System\ojuZfmM.exe

C:\Windows\System\dAqPSVG.exe

C:\Windows\System\dAqPSVG.exe

C:\Windows\System\OfcmRMs.exe

C:\Windows\System\OfcmRMs.exe

C:\Windows\System\VgGxpmR.exe

C:\Windows\System\VgGxpmR.exe

C:\Windows\System\aEqzJKA.exe

C:\Windows\System\aEqzJKA.exe

C:\Windows\System\oZqDWpO.exe

C:\Windows\System\oZqDWpO.exe

C:\Windows\System\MBrMfcS.exe

C:\Windows\System\MBrMfcS.exe

C:\Windows\System\kmxXlgo.exe

C:\Windows\System\kmxXlgo.exe

C:\Windows\System\qviAzBX.exe

C:\Windows\System\qviAzBX.exe

C:\Windows\System\wLDdPUC.exe

C:\Windows\System\wLDdPUC.exe

C:\Windows\System\KBoTYWe.exe

C:\Windows\System\KBoTYWe.exe

C:\Windows\System\YAIAqQm.exe

C:\Windows\System\YAIAqQm.exe

C:\Windows\System\xFsmoiq.exe

C:\Windows\System\xFsmoiq.exe

C:\Windows\System\WzljtIc.exe

C:\Windows\System\WzljtIc.exe

C:\Windows\System\jdBYoxP.exe

C:\Windows\System\jdBYoxP.exe

C:\Windows\System\euyyFax.exe

C:\Windows\System\euyyFax.exe

C:\Windows\System\ZXbdgvC.exe

C:\Windows\System\ZXbdgvC.exe

C:\Windows\System\RYKFUxD.exe

C:\Windows\System\RYKFUxD.exe

C:\Windows\System\bPEmtdU.exe

C:\Windows\System\bPEmtdU.exe

C:\Windows\System\ohvnWIu.exe

C:\Windows\System\ohvnWIu.exe

C:\Windows\System\YLXKTlg.exe

C:\Windows\System\YLXKTlg.exe

C:\Windows\System\ALcmUzm.exe

C:\Windows\System\ALcmUzm.exe

C:\Windows\System\cACoIyR.exe

C:\Windows\System\cACoIyR.exe

C:\Windows\System\SUyYVLA.exe

C:\Windows\System\SUyYVLA.exe

C:\Windows\System\PEuuUsq.exe

C:\Windows\System\PEuuUsq.exe

C:\Windows\System\qrunJRA.exe

C:\Windows\System\qrunJRA.exe

C:\Windows\System\yusVLFU.exe

C:\Windows\System\yusVLFU.exe

C:\Windows\System\BZjPiew.exe

C:\Windows\System\BZjPiew.exe

C:\Windows\System\RGgJkLG.exe

C:\Windows\System\RGgJkLG.exe

C:\Windows\System\lSsmaNM.exe

C:\Windows\System\lSsmaNM.exe

C:\Windows\System\eIbXiWM.exe

C:\Windows\System\eIbXiWM.exe

C:\Windows\System\uNRCSEM.exe

C:\Windows\System\uNRCSEM.exe

C:\Windows\System\rFmgPws.exe

C:\Windows\System\rFmgPws.exe

C:\Windows\System\bcKcEqq.exe

C:\Windows\System\bcKcEqq.exe

C:\Windows\System\HccawSv.exe

C:\Windows\System\HccawSv.exe

C:\Windows\System\shVPAvN.exe

C:\Windows\System\shVPAvN.exe

C:\Windows\System\nrjFyuB.exe

C:\Windows\System\nrjFyuB.exe

C:\Windows\System\QVAtjwK.exe

C:\Windows\System\QVAtjwK.exe

C:\Windows\System\yNojrTT.exe

C:\Windows\System\yNojrTT.exe

C:\Windows\System\dKoqYiU.exe

C:\Windows\System\dKoqYiU.exe

C:\Windows\System\PiuUNWK.exe

C:\Windows\System\PiuUNWK.exe

C:\Windows\System\fLPAokn.exe

C:\Windows\System\fLPAokn.exe

C:\Windows\System\grDzzSG.exe

C:\Windows\System\grDzzSG.exe

C:\Windows\System\mhEoTUb.exe

C:\Windows\System\mhEoTUb.exe

C:\Windows\System\GdGnoWq.exe

C:\Windows\System\GdGnoWq.exe

C:\Windows\System\DWtXlZB.exe

C:\Windows\System\DWtXlZB.exe

C:\Windows\System\QYgUhpD.exe

C:\Windows\System\QYgUhpD.exe

C:\Windows\System\UjpKKHP.exe

C:\Windows\System\UjpKKHP.exe

C:\Windows\System\RGAdDaW.exe

C:\Windows\System\RGAdDaW.exe

C:\Windows\System\CZlZUUQ.exe

C:\Windows\System\CZlZUUQ.exe

C:\Windows\System\QfqFpHn.exe

C:\Windows\System\QfqFpHn.exe

C:\Windows\System\OncsNGA.exe

C:\Windows\System\OncsNGA.exe

C:\Windows\System\ZfRzBgm.exe

C:\Windows\System\ZfRzBgm.exe

C:\Windows\System\reFpRst.exe

C:\Windows\System\reFpRst.exe

C:\Windows\System\qGubLDo.exe

C:\Windows\System\qGubLDo.exe

C:\Windows\System\PhySFKM.exe

C:\Windows\System\PhySFKM.exe

C:\Windows\System\KvRuyaz.exe

C:\Windows\System\KvRuyaz.exe

C:\Windows\System\NvgnzEb.exe

C:\Windows\System\NvgnzEb.exe

C:\Windows\System\QiYuXya.exe

C:\Windows\System\QiYuXya.exe

C:\Windows\System\pnBZiID.exe

C:\Windows\System\pnBZiID.exe

C:\Windows\System\oSfMRLN.exe

C:\Windows\System\oSfMRLN.exe

C:\Windows\System\YnatRxi.exe

C:\Windows\System\YnatRxi.exe

C:\Windows\System\qQfzrMk.exe

C:\Windows\System\qQfzrMk.exe

C:\Windows\System\mfIklOJ.exe

C:\Windows\System\mfIklOJ.exe

C:\Windows\System\nUkkXac.exe

C:\Windows\System\nUkkXac.exe

C:\Windows\System\NKEDGqK.exe

C:\Windows\System\NKEDGqK.exe

C:\Windows\System\DoLoSvd.exe

C:\Windows\System\DoLoSvd.exe

C:\Windows\System\gGkvukE.exe

C:\Windows\System\gGkvukE.exe

C:\Windows\System\WEulXCO.exe

C:\Windows\System\WEulXCO.exe

C:\Windows\System\hqqSabU.exe

C:\Windows\System\hqqSabU.exe

C:\Windows\System\uqAbNXp.exe

C:\Windows\System\uqAbNXp.exe

C:\Windows\System\QrMNolR.exe

C:\Windows\System\QrMNolR.exe

C:\Windows\System\kwWgFcQ.exe

C:\Windows\System\kwWgFcQ.exe

C:\Windows\System\kqZisUN.exe

C:\Windows\System\kqZisUN.exe

C:\Windows\System\PBvKgGY.exe

C:\Windows\System\PBvKgGY.exe

C:\Windows\System\DkwixAu.exe

C:\Windows\System\DkwixAu.exe

C:\Windows\System\bMtbUJh.exe

C:\Windows\System\bMtbUJh.exe

C:\Windows\System\MyJolXm.exe

C:\Windows\System\MyJolXm.exe

C:\Windows\System\ssGIvCl.exe

C:\Windows\System\ssGIvCl.exe

C:\Windows\System\DDypuNZ.exe

C:\Windows\System\DDypuNZ.exe

C:\Windows\System\whRTDDp.exe

C:\Windows\System\whRTDDp.exe

C:\Windows\System\jaGEdbf.exe

C:\Windows\System\jaGEdbf.exe

C:\Windows\System\xLCkwpx.exe

C:\Windows\System\xLCkwpx.exe

C:\Windows\System\ObYbZuu.exe

C:\Windows\System\ObYbZuu.exe

C:\Windows\System\ldjpwIt.exe

C:\Windows\System\ldjpwIt.exe

C:\Windows\System\NGpVnHh.exe

C:\Windows\System\NGpVnHh.exe

C:\Windows\System\NiPElDe.exe

C:\Windows\System\NiPElDe.exe

C:\Windows\System\goLlUsE.exe

C:\Windows\System\goLlUsE.exe

C:\Windows\System\IQmzImx.exe

C:\Windows\System\IQmzImx.exe

C:\Windows\System\UPikvVM.exe

C:\Windows\System\UPikvVM.exe

C:\Windows\System\DvdEUtJ.exe

C:\Windows\System\DvdEUtJ.exe

C:\Windows\System\qnVmqQF.exe

C:\Windows\System\qnVmqQF.exe

C:\Windows\System\WjdbHkD.exe

C:\Windows\System\WjdbHkD.exe

C:\Windows\System\SLDxqbe.exe

C:\Windows\System\SLDxqbe.exe

C:\Windows\System\bkkRQaZ.exe

C:\Windows\System\bkkRQaZ.exe

C:\Windows\System\FRySGiY.exe

C:\Windows\System\FRySGiY.exe

C:\Windows\System\cMjrXqs.exe

C:\Windows\System\cMjrXqs.exe

C:\Windows\System\onOAvuV.exe

C:\Windows\System\onOAvuV.exe

C:\Windows\System\TGpMgss.exe

C:\Windows\System\TGpMgss.exe

C:\Windows\System\DbzfLSF.exe

C:\Windows\System\DbzfLSF.exe

C:\Windows\System\bBjsklf.exe

C:\Windows\System\bBjsklf.exe

C:\Windows\System\hTkGkDG.exe

C:\Windows\System\hTkGkDG.exe

C:\Windows\System\AbjOrEA.exe

C:\Windows\System\AbjOrEA.exe

C:\Windows\System\CwszVZb.exe

C:\Windows\System\CwszVZb.exe

C:\Windows\System\mPbqMWp.exe

C:\Windows\System\mPbqMWp.exe

C:\Windows\System\GVQihDW.exe

C:\Windows\System\GVQihDW.exe

C:\Windows\System\JjjtcmN.exe

C:\Windows\System\JjjtcmN.exe

C:\Windows\System\wXLqFbn.exe

C:\Windows\System\wXLqFbn.exe

C:\Windows\System\xxNYvnb.exe

C:\Windows\System\xxNYvnb.exe

C:\Windows\System\XyAxIvL.exe

C:\Windows\System\XyAxIvL.exe

C:\Windows\System\UJQlsNJ.exe

C:\Windows\System\UJQlsNJ.exe

C:\Windows\System\NfMKnmw.exe

C:\Windows\System\NfMKnmw.exe

C:\Windows\System\euqPRll.exe

C:\Windows\System\euqPRll.exe

C:\Windows\System\NfyLOvL.exe

C:\Windows\System\NfyLOvL.exe

C:\Windows\System\jpoWLhC.exe

C:\Windows\System\jpoWLhC.exe

C:\Windows\System\cAuDhwp.exe

C:\Windows\System\cAuDhwp.exe

C:\Windows\System\RAZkylQ.exe

C:\Windows\System\RAZkylQ.exe

C:\Windows\System\JkjySER.exe

C:\Windows\System\JkjySER.exe

C:\Windows\System\ItEuxqr.exe

C:\Windows\System\ItEuxqr.exe

C:\Windows\System\GagRyNI.exe

C:\Windows\System\GagRyNI.exe

C:\Windows\System\cyFFGZU.exe

C:\Windows\System\cyFFGZU.exe

C:\Windows\System\DFIRlIr.exe

C:\Windows\System\DFIRlIr.exe

C:\Windows\System\ljRkRbx.exe

C:\Windows\System\ljRkRbx.exe

C:\Windows\System\FrfMtVQ.exe

C:\Windows\System\FrfMtVQ.exe

C:\Windows\System\HgSNuGh.exe

C:\Windows\System\HgSNuGh.exe

C:\Windows\System\OOPAsRc.exe

C:\Windows\System\OOPAsRc.exe

C:\Windows\System\akcKBvR.exe

C:\Windows\System\akcKBvR.exe

C:\Windows\System\TNsdFDB.exe

C:\Windows\System\TNsdFDB.exe

C:\Windows\System\ymwPaQj.exe

C:\Windows\System\ymwPaQj.exe

C:\Windows\System\ceVCyQT.exe

C:\Windows\System\ceVCyQT.exe

C:\Windows\System\lYqzwoZ.exe

C:\Windows\System\lYqzwoZ.exe

C:\Windows\System\GoOWygh.exe

C:\Windows\System\GoOWygh.exe

C:\Windows\System\dSVlJgB.exe

C:\Windows\System\dSVlJgB.exe

C:\Windows\System\RzrFdTC.exe

C:\Windows\System\RzrFdTC.exe

C:\Windows\System\qMMYvdY.exe

C:\Windows\System\qMMYvdY.exe

C:\Windows\System\DputLaq.exe

C:\Windows\System\DputLaq.exe

C:\Windows\System\DNwPBlt.exe

C:\Windows\System\DNwPBlt.exe

C:\Windows\System\VAJJhTR.exe

C:\Windows\System\VAJJhTR.exe

C:\Windows\System\DpsWjjA.exe

C:\Windows\System\DpsWjjA.exe

C:\Windows\System\nYJMfOt.exe

C:\Windows\System\nYJMfOt.exe

C:\Windows\System\nRSuJwt.exe

C:\Windows\System\nRSuJwt.exe

C:\Windows\System\nYzCjkf.exe

C:\Windows\System\nYzCjkf.exe

C:\Windows\System\PAVTuSj.exe

C:\Windows\System\PAVTuSj.exe

C:\Windows\System\TidKAHP.exe

C:\Windows\System\TidKAHP.exe

C:\Windows\System\HylVhNW.exe

C:\Windows\System\HylVhNW.exe

C:\Windows\System\WRddFwY.exe

C:\Windows\System\WRddFwY.exe

C:\Windows\System\XPqySXc.exe

C:\Windows\System\XPqySXc.exe

C:\Windows\System\oomgKNZ.exe

C:\Windows\System\oomgKNZ.exe

C:\Windows\System\sxPbKhY.exe

C:\Windows\System\sxPbKhY.exe

C:\Windows\System\KUzpNIy.exe

C:\Windows\System\KUzpNIy.exe

C:\Windows\System\cOzyRQH.exe

C:\Windows\System\cOzyRQH.exe

C:\Windows\System\dCOQPRW.exe

C:\Windows\System\dCOQPRW.exe

C:\Windows\System\SjrBNHD.exe

C:\Windows\System\SjrBNHD.exe

C:\Windows\System\gFeXNAl.exe

C:\Windows\System\gFeXNAl.exe

C:\Windows\System\dQzxaEG.exe

C:\Windows\System\dQzxaEG.exe

C:\Windows\System\sopGgQK.exe

C:\Windows\System\sopGgQK.exe

C:\Windows\System\yJObGkd.exe

C:\Windows\System\yJObGkd.exe

C:\Windows\System\evnowfU.exe

C:\Windows\System\evnowfU.exe

C:\Windows\System\rnFqqBy.exe

C:\Windows\System\rnFqqBy.exe

C:\Windows\System\dfmZCjl.exe

C:\Windows\System\dfmZCjl.exe

C:\Windows\System\AgBaNvW.exe

C:\Windows\System\AgBaNvW.exe

C:\Windows\System\wwdyNdw.exe

C:\Windows\System\wwdyNdw.exe

C:\Windows\System\fYDrCcw.exe

C:\Windows\System\fYDrCcw.exe

C:\Windows\System\WpSRzqI.exe

C:\Windows\System\WpSRzqI.exe

C:\Windows\System\NiJiOsP.exe

C:\Windows\System\NiJiOsP.exe

C:\Windows\System\ZIObYTp.exe

C:\Windows\System\ZIObYTp.exe

C:\Windows\System\BqEvoIS.exe

C:\Windows\System\BqEvoIS.exe

C:\Windows\System\mDMbycn.exe

C:\Windows\System\mDMbycn.exe

C:\Windows\System\xPKsRUf.exe

C:\Windows\System\xPKsRUf.exe

C:\Windows\System\iVhjmCv.exe

C:\Windows\System\iVhjmCv.exe

C:\Windows\System\SDUvoAz.exe

C:\Windows\System\SDUvoAz.exe

C:\Windows\System\BYnEqcG.exe

C:\Windows\System\BYnEqcG.exe

C:\Windows\System\qTLCKbe.exe

C:\Windows\System\qTLCKbe.exe

C:\Windows\System\EXbsxnY.exe

C:\Windows\System\EXbsxnY.exe

C:\Windows\System\iMTVrOI.exe

C:\Windows\System\iMTVrOI.exe

C:\Windows\System\XpLIFAi.exe

C:\Windows\System\XpLIFAi.exe

C:\Windows\System\rRwpRtu.exe

C:\Windows\System\rRwpRtu.exe

C:\Windows\System\CXnDpiv.exe

C:\Windows\System\CXnDpiv.exe

C:\Windows\System\DqCFMpZ.exe

C:\Windows\System\DqCFMpZ.exe

C:\Windows\System\iRMvzca.exe

C:\Windows\System\iRMvzca.exe

C:\Windows\System\TfBYzfa.exe

C:\Windows\System\TfBYzfa.exe

C:\Windows\System\SGGUJug.exe

C:\Windows\System\SGGUJug.exe

C:\Windows\System\puagwwb.exe

C:\Windows\System\puagwwb.exe

C:\Windows\System\MwdYwgk.exe

C:\Windows\System\MwdYwgk.exe

C:\Windows\System\GSHWZqE.exe

C:\Windows\System\GSHWZqE.exe

C:\Windows\System\SWgqXvt.exe

C:\Windows\System\SWgqXvt.exe

C:\Windows\System\nvvnMLz.exe

C:\Windows\System\nvvnMLz.exe

C:\Windows\System\EjlMSAP.exe

C:\Windows\System\EjlMSAP.exe

C:\Windows\System\gbkQDEW.exe

C:\Windows\System\gbkQDEW.exe

C:\Windows\System\RYqHmYK.exe

C:\Windows\System\RYqHmYK.exe

C:\Windows\System\VZcknLg.exe

C:\Windows\System\VZcknLg.exe

C:\Windows\System\yGMdqgL.exe

C:\Windows\System\yGMdqgL.exe

C:\Windows\System\AbMqnfN.exe

C:\Windows\System\AbMqnfN.exe

C:\Windows\System\UbhzDQV.exe

C:\Windows\System\UbhzDQV.exe

C:\Windows\System\Hbbqtnd.exe

C:\Windows\System\Hbbqtnd.exe

C:\Windows\System\JCuCHJJ.exe

C:\Windows\System\JCuCHJJ.exe

C:\Windows\System\aNzFHjx.exe

C:\Windows\System\aNzFHjx.exe

C:\Windows\System\eolVpMa.exe

C:\Windows\System\eolVpMa.exe

C:\Windows\System\jgbVxYp.exe

C:\Windows\System\jgbVxYp.exe

C:\Windows\System\MFAUCPl.exe

C:\Windows\System\MFAUCPl.exe

C:\Windows\System\bxvIwMc.exe

C:\Windows\System\bxvIwMc.exe

C:\Windows\System\pOqAHRu.exe

C:\Windows\System\pOqAHRu.exe

C:\Windows\System\YIBHMho.exe

C:\Windows\System\YIBHMho.exe

C:\Windows\System\rHQXrhM.exe

C:\Windows\System\rHQXrhM.exe

C:\Windows\System\hMWwnmq.exe

C:\Windows\System\hMWwnmq.exe

C:\Windows\System\WmxZnfI.exe

C:\Windows\System\WmxZnfI.exe

C:\Windows\System\YxgwmSX.exe

C:\Windows\System\YxgwmSX.exe

C:\Windows\System\VfTCFtK.exe

C:\Windows\System\VfTCFtK.exe

C:\Windows\System\SLKTAdr.exe

C:\Windows\System\SLKTAdr.exe

C:\Windows\System\MGjRaNX.exe

C:\Windows\System\MGjRaNX.exe

C:\Windows\System\tTLshyi.exe

C:\Windows\System\tTLshyi.exe

C:\Windows\System\OsVGtRU.exe

C:\Windows\System\OsVGtRU.exe

C:\Windows\System\iqGgPrT.exe

C:\Windows\System\iqGgPrT.exe

C:\Windows\System\MBLZJXG.exe

C:\Windows\System\MBLZJXG.exe

C:\Windows\System\mwhfNgK.exe

C:\Windows\System\mwhfNgK.exe

C:\Windows\System\zBFdDeR.exe

C:\Windows\System\zBFdDeR.exe

C:\Windows\System\pqdcBNx.exe

C:\Windows\System\pqdcBNx.exe

C:\Windows\System\botNbsv.exe

C:\Windows\System\botNbsv.exe

C:\Windows\System\DkCKvcV.exe

C:\Windows\System\DkCKvcV.exe

C:\Windows\System\CCOCAut.exe

C:\Windows\System\CCOCAut.exe

C:\Windows\System\EhlCpYs.exe

C:\Windows\System\EhlCpYs.exe

C:\Windows\System\XPAQxUx.exe

C:\Windows\System\XPAQxUx.exe

C:\Windows\System\BjURggR.exe

C:\Windows\System\BjURggR.exe

C:\Windows\System\XKVKfPD.exe

C:\Windows\System\XKVKfPD.exe

C:\Windows\System\VGNGsFc.exe

C:\Windows\System\VGNGsFc.exe

C:\Windows\System\VybiAfB.exe

C:\Windows\System\VybiAfB.exe

C:\Windows\System\HZmDuRL.exe

C:\Windows\System\HZmDuRL.exe

C:\Windows\System\FvqqKUa.exe

C:\Windows\System\FvqqKUa.exe

C:\Windows\System\sEnyMuL.exe

C:\Windows\System\sEnyMuL.exe

C:\Windows\System\CAcCNhv.exe

C:\Windows\System\CAcCNhv.exe

C:\Windows\System\IHlqMgV.exe

C:\Windows\System\IHlqMgV.exe

C:\Windows\System\cHiBMmA.exe

C:\Windows\System\cHiBMmA.exe

C:\Windows\System\cTxvxzQ.exe

C:\Windows\System\cTxvxzQ.exe

C:\Windows\System\NXMffkV.exe

C:\Windows\System\NXMffkV.exe

C:\Windows\System\SyaWWvg.exe

C:\Windows\System\SyaWWvg.exe

C:\Windows\System\fRQYtyI.exe

C:\Windows\System\fRQYtyI.exe

C:\Windows\System\ZvpUyLi.exe

C:\Windows\System\ZvpUyLi.exe

C:\Windows\System\RedLkhn.exe

C:\Windows\System\RedLkhn.exe

C:\Windows\System\ikVgeho.exe

C:\Windows\System\ikVgeho.exe

C:\Windows\System\QodFCKa.exe

C:\Windows\System\QodFCKa.exe

C:\Windows\System\TvbkUAy.exe

C:\Windows\System\TvbkUAy.exe

C:\Windows\System\pVzXMAA.exe

C:\Windows\System\pVzXMAA.exe

C:\Windows\System\HYCsGDj.exe

C:\Windows\System\HYCsGDj.exe

C:\Windows\System\MtYrQpC.exe

C:\Windows\System\MtYrQpC.exe

C:\Windows\System\EfzqtoG.exe

C:\Windows\System\EfzqtoG.exe

C:\Windows\System\MriPqiR.exe

C:\Windows\System\MriPqiR.exe

C:\Windows\System\HYKwKHF.exe

C:\Windows\System\HYKwKHF.exe

C:\Windows\System\fsmFNiF.exe

C:\Windows\System\fsmFNiF.exe

C:\Windows\System\JlGzmFn.exe

C:\Windows\System\JlGzmFn.exe

C:\Windows\System\XsONtOU.exe

C:\Windows\System\XsONtOU.exe

C:\Windows\System\ZrOyKXo.exe

C:\Windows\System\ZrOyKXo.exe

C:\Windows\System\wiEwqNC.exe

C:\Windows\System\wiEwqNC.exe

C:\Windows\System\PINmtyM.exe

C:\Windows\System\PINmtyM.exe

C:\Windows\System\cuJQJIW.exe

C:\Windows\System\cuJQJIW.exe

C:\Windows\System\esvEppj.exe

C:\Windows\System\esvEppj.exe

C:\Windows\System\oIqQehS.exe

C:\Windows\System\oIqQehS.exe

C:\Windows\System\nLuyyMK.exe

C:\Windows\System\nLuyyMK.exe

C:\Windows\System\vCNvwRA.exe

C:\Windows\System\vCNvwRA.exe

C:\Windows\System\RqJSgfQ.exe

C:\Windows\System\RqJSgfQ.exe

C:\Windows\System\VbjqrcB.exe

C:\Windows\System\VbjqrcB.exe

C:\Windows\System\JScOOtK.exe

C:\Windows\System\JScOOtK.exe

C:\Windows\System\yhsyone.exe

C:\Windows\System\yhsyone.exe

C:\Windows\System\rqFQUOS.exe

C:\Windows\System\rqFQUOS.exe

C:\Windows\System\DycKOfk.exe

C:\Windows\System\DycKOfk.exe

C:\Windows\System\yhHJkIf.exe

C:\Windows\System\yhHJkIf.exe

C:\Windows\System\DnBBEPI.exe

C:\Windows\System\DnBBEPI.exe

C:\Windows\System\hrMJXdr.exe

C:\Windows\System\hrMJXdr.exe

C:\Windows\System\jyQmpaa.exe

C:\Windows\System\jyQmpaa.exe

C:\Windows\System\CEJNkDk.exe

C:\Windows\System\CEJNkDk.exe

C:\Windows\System\RcxdBon.exe

C:\Windows\System\RcxdBon.exe

C:\Windows\System\IEWsVyn.exe

C:\Windows\System\IEWsVyn.exe

C:\Windows\System\NBVIrSm.exe

C:\Windows\System\NBVIrSm.exe

C:\Windows\System\FrQrZuf.exe

C:\Windows\System\FrQrZuf.exe

C:\Windows\System\cEJMnla.exe

C:\Windows\System\cEJMnla.exe

C:\Windows\System\vOtQTiM.exe

C:\Windows\System\vOtQTiM.exe

C:\Windows\System\IgRITop.exe

C:\Windows\System\IgRITop.exe

C:\Windows\System\xmYApos.exe

C:\Windows\System\xmYApos.exe

C:\Windows\System\yjbWnvi.exe

C:\Windows\System\yjbWnvi.exe

C:\Windows\System\dXnHiQe.exe

C:\Windows\System\dXnHiQe.exe

C:\Windows\System\kKXiCuR.exe

C:\Windows\System\kKXiCuR.exe

C:\Windows\System\XRJrjch.exe

C:\Windows\System\XRJrjch.exe

C:\Windows\System\vZDWqLf.exe

C:\Windows\System\vZDWqLf.exe

C:\Windows\System\VUOzxho.exe

C:\Windows\System\VUOzxho.exe

C:\Windows\System\wqwWztY.exe

C:\Windows\System\wqwWztY.exe

C:\Windows\System\QLAPJIV.exe

C:\Windows\System\QLAPJIV.exe

C:\Windows\System\oPWFjzF.exe

C:\Windows\System\oPWFjzF.exe

C:\Windows\System\xoHLqiV.exe

C:\Windows\System\xoHLqiV.exe

C:\Windows\System\wXjqsEP.exe

C:\Windows\System\wXjqsEP.exe

C:\Windows\System\yVpXiIg.exe

C:\Windows\System\yVpXiIg.exe

C:\Windows\System\dqEuzxn.exe

C:\Windows\System\dqEuzxn.exe

C:\Windows\System\byCQMtW.exe

C:\Windows\System\byCQMtW.exe

C:\Windows\System\Agrdvcz.exe

C:\Windows\System\Agrdvcz.exe

C:\Windows\System\GzINPEt.exe

C:\Windows\System\GzINPEt.exe

C:\Windows\System\TtohRJA.exe

C:\Windows\System\TtohRJA.exe

C:\Windows\System\lWhxZEB.exe

C:\Windows\System\lWhxZEB.exe

C:\Windows\System\UFAidEm.exe

C:\Windows\System\UFAidEm.exe

C:\Windows\System\TWOyilx.exe

C:\Windows\System\TWOyilx.exe

C:\Windows\System\zKTRxOn.exe

C:\Windows\System\zKTRxOn.exe

C:\Windows\System\zFyyCYx.exe

C:\Windows\System\zFyyCYx.exe

C:\Windows\System\BKqPKCd.exe

C:\Windows\System\BKqPKCd.exe

C:\Windows\System\nEZkxHC.exe

C:\Windows\System\nEZkxHC.exe

C:\Windows\System\yurnFgK.exe

C:\Windows\System\yurnFgK.exe

C:\Windows\System\lWmBulZ.exe

C:\Windows\System\lWmBulZ.exe

C:\Windows\System\IKWlUnD.exe

C:\Windows\System\IKWlUnD.exe

C:\Windows\System\xaEMEIW.exe

C:\Windows\System\xaEMEIW.exe

C:\Windows\System\uoZxmTm.exe

C:\Windows\System\uoZxmTm.exe

C:\Windows\System\QpGfvfI.exe

C:\Windows\System\QpGfvfI.exe

C:\Windows\System\Ohkbylt.exe

C:\Windows\System\Ohkbylt.exe

C:\Windows\System\WxFCKVj.exe

C:\Windows\System\WxFCKVj.exe

C:\Windows\System\mkLedrq.exe

C:\Windows\System\mkLedrq.exe

C:\Windows\System\AkavdQj.exe

C:\Windows\System\AkavdQj.exe

C:\Windows\System\BOeRGIM.exe

C:\Windows\System\BOeRGIM.exe

C:\Windows\System\PzyEhaN.exe

C:\Windows\System\PzyEhaN.exe

C:\Windows\System\DLjbchM.exe

C:\Windows\System\DLjbchM.exe

C:\Windows\System\bXruVuU.exe

C:\Windows\System\bXruVuU.exe

C:\Windows\System\YItZrjA.exe

C:\Windows\System\YItZrjA.exe

C:\Windows\System\ECOrevD.exe

C:\Windows\System\ECOrevD.exe

C:\Windows\System\fPxVTpW.exe

C:\Windows\System\fPxVTpW.exe

C:\Windows\System\hMpTLYT.exe

C:\Windows\System\hMpTLYT.exe

C:\Windows\System\Xnoxrdu.exe

C:\Windows\System\Xnoxrdu.exe

C:\Windows\System\qXFnbOy.exe

C:\Windows\System\qXFnbOy.exe

C:\Windows\System\XPwKFtx.exe

C:\Windows\System\XPwKFtx.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
DE 3.120.98.217:8080 tcp
NL 52.142.223.178:80 tcp

Files

memory/4404-0-0x00007FF719ED0000-0x00007FF71A2C6000-memory.dmp

memory/4404-1-0x0000016330DA0000-0x0000016330DB0000-memory.dmp

C:\Windows\System\mtCslXO.exe

MD5 efcae947293ff748b7c5a0a6ac06d7a3
SHA1 563518623817ffc4b00ecef4aaceda628c8bc27e
SHA256 9354a464a6dffa6b74c805b51a0bfbe2df469fd92700b705d18d0221c2edb9f1
SHA512 11bac91d593c26d158469d0178c664faa0e20e219847629a95edc5c84d4df158d75e1fe14ba65b46dd0573c0b4b71108d27e830387fdc46ebdb0b6bbb6b9ba8c

memory/3988-5-0x00007FFDB7033000-0x00007FFDB7035000-memory.dmp

C:\Windows\System\nWyyZlZ.exe

MD5 d7ee6b57680435505b3059922a71a109
SHA1 11ce1cadf06034ce28e0bf70e10778ce13592f58
SHA256 1461c38979b4b1724444a14a4b694befe533bec9f3d8eb4f086c72ecccd2ad2a
SHA512 552c4a9161bc2276a90c08f4c95e577f8953c0ae5f021e29ed96907a65d1e62c0696a68a2cc90febf6dbf1848d81046266517934872f8c869151297b44034307

C:\Windows\System\UHyfeYF.exe

MD5 424a0f3a7154d94a3a3a847e5d6d1f12
SHA1 41a1120b13b94ed9d14070b1d461967f93b11ee6
SHA256 2fd20dde47bc145f5a0f790d5cc034ffc743157b0910aeb9c0e88816ea59b453
SHA512 bc37828d3d9841055739bd2b1a4c29f5b41b74529db43434bcc47d2ed73f5995ce1a1a108ded09678933fde3d1b1a0c28e5218f4feb9ba20ba86e2981a9a7d20

memory/3988-21-0x00007FFDB7030000-0x00007FFDB7AF1000-memory.dmp

C:\Windows\System\gllidtK.exe

MD5 f12e5cdbacc0fe0855b40da98ce1a6c3
SHA1 d261890fe3b91046d0b786b428b0d54f0afde590
SHA256 1d4e6391eafc1b0f295218a3116c01315365ca0041d73c315c7c08a4c9fc828d
SHA512 babd3985c98476230fe7bde7235d7ea14d6c2f44e0a2f463dcf18f3fac776131da506ac25eb718cb5bbdec03c2202bf21c61cd555fd0b4362ba15e7ee811b470

memory/1636-57-0x00007FF7E9BB0000-0x00007FF7E9FA6000-memory.dmp

memory/3988-75-0x00000208DD160000-0x00000208DD182000-memory.dmp

C:\Windows\System\ojleLlY.exe

MD5 03aca04d3ecc4e32e2feab2b38329e0a
SHA1 0a9ac89cf8f01c1660428bd43a1289cd5e8a31af
SHA256 d1fa8f3b99834066cb0d9f73494fa9a6faa5e6b4454786a9ddb8415efd663d17
SHA512 3016e5e4a8a12bee418abb5efcb060d75ea09c94064dfedfa5d59c6fa32e65c5064fc2e108d90b0967d5f172a487c5cc7540bda6f4a422150e12fa0e65e4a050

C:\Windows\System\npcVvck.exe

MD5 5fa417ce3169dc9cb156aba46bf4215f
SHA1 48c5af45217565718e0fbe64aaf3501260c1d191
SHA256 991a1e8f11a2c18dd3cd5ebe118db03bee82ed10107a715588d79d72ab4e4655
SHA512 c8a534506533385a203b821b48d47e4ab1b2e68d5ca5b3d4ec008fa3003a5160493b64ea46ae03fbfebead0748a70b1c591ba3468ce2242561b013662274e9bb

memory/3616-127-0x00007FF673670000-0x00007FF673A66000-memory.dmp

memory/1340-141-0x00007FF787640000-0x00007FF787A36000-memory.dmp

memory/2900-143-0x00007FF68C500000-0x00007FF68C8F6000-memory.dmp

memory/3720-147-0x00007FF6A0270000-0x00007FF6A0666000-memory.dmp

memory/2564-151-0x00007FF6E9D40000-0x00007FF6EA136000-memory.dmp

memory/3236-155-0x00007FF74C7F0000-0x00007FF74CBE6000-memory.dmp

memory/3228-158-0x00007FF7E7920000-0x00007FF7E7D16000-memory.dmp

memory/3964-157-0x00007FF6E3720000-0x00007FF6E3B16000-memory.dmp

memory/2536-156-0x00007FF6BCD60000-0x00007FF6BD156000-memory.dmp

memory/4408-154-0x00007FF7F2C30000-0x00007FF7F3026000-memory.dmp

memory/1304-153-0x00007FF7909B0000-0x00007FF790DA6000-memory.dmp

memory/2584-152-0x00007FF7C4A10000-0x00007FF7C4E06000-memory.dmp

memory/2432-150-0x00007FF616B40000-0x00007FF616F36000-memory.dmp

memory/3684-149-0x00007FF7227A0000-0x00007FF722B96000-memory.dmp

memory/836-148-0x00007FF7742D0000-0x00007FF7746C6000-memory.dmp

memory/4876-146-0x00007FF776440000-0x00007FF776836000-memory.dmp

memory/2672-145-0x00007FF7D8040000-0x00007FF7D8436000-memory.dmp

memory/2288-144-0x00007FF6B6A80000-0x00007FF6B6E76000-memory.dmp

memory/2576-142-0x00007FF757EC0000-0x00007FF7582B6000-memory.dmp

C:\Windows\System\iwhAJnK.exe

MD5 341380992bc64cd9d2a2a8dc96a3632e
SHA1 bddb5494920b0090bcc432ec6df6a8da0f2d49e2
SHA256 fa282009211bb2182cd3a6266ebb91575863e1a7d3e832c2c70e277ee9a377da
SHA512 dbc1ec60117c6a96cb26e2e831da561cd3a24a701b3d0698826b3ea53453ff8a6ba2e4629639cd629100412a50c606070dfa77eb284b2a311369a1c819466393

C:\Windows\System\DQKkZcL.exe

MD5 dfdc02966615dc2d7d35c9935ef59f72
SHA1 83064792bdcfefa39dfd82a762b542e61d74721a
SHA256 68f646d01194104fe7009f8049a9ebdc55646d8f3335e9097d6eac3403ac11ca
SHA512 5aa5cf5e5bf52399cd4da1e096498af55fa3d730c55692579477fccbb02381bdf47526a2bfac4f0d6d04962d42fb0533b7c38883b82343752c60f2610cba8711

C:\Windows\System\NdyLuVc.exe

MD5 54a5c735672e2cc8a48bbecea7696d9a
SHA1 74ab10a613be7b1b087a96d9811a2ea874a94a26
SHA256 7a3d5640bc9ef09879f5cf886c08614c3e295290ef1712e528c4807df042770e
SHA512 5cd041ecddfc0d07b06ccbca8c02aa0866021270a9a1ad0fdbea1e64ada0e542a95fec124edb7b48c8f616eacf17e4c3cefe79c20b7d3a5d11f77a82710a47c9

C:\Windows\System\LhDSgMe.exe

MD5 307aec2338a76926850704c8c096d983
SHA1 626005cea42b044c9948032da2008c95c32d4a40
SHA256 fd731f19549377d8f282528477d93cffa40bb3f7cd02724da442c1119cff7eff
SHA512 2a666454a3fa038e2a5ccee4814ade01c8fbedc019cb7a5effdc49114d17d004bc6cb43677a74017c8ce48bd15d9ecf113a651a8e18529d8ea918c2c87ac73ab

C:\Windows\System\HMCyAbc.exe

MD5 6ff18b112225195e455bd626f4fbf108
SHA1 c13414a87bed0337c92cfb0651db590cef331963
SHA256 8a831dd1cd9bbbe607e98a87318f6a79b5448850be240ff721978648427c790a
SHA512 978b10e66730ef2bb6f0d7c8774b4f7ece87fca0548ee8d05b354fbd7f6654ae0738c66e5a183bd4258a50a48c830b213bb7052b4998f2f7510c2ca130f4ac5b

memory/1524-129-0x00007FF717C80000-0x00007FF718076000-memory.dmp

memory/456-128-0x00007FF671990000-0x00007FF671D86000-memory.dmp

C:\Windows\System\aotaaGu.exe

MD5 6f92d3bd4bb976643038160187344082
SHA1 964b998388cc973c42e34405d34bcd007e1a6ae8
SHA256 90a40861548b8e005f64a4f5c365ca399101e2e32d517f7bc4529b68808ae64e
SHA512 2e4d60387b342f5adbe2dca3e1f9994888f505e8c816f29e64bb266587ea5fe0d40ea0f587ff3c9dc4a721fc553419ae523c5e780a3c171ff71fbe24d78d3d08

memory/2088-115-0x00007FF7B6650000-0x00007FF7B6A46000-memory.dmp

C:\Windows\System\TzgysOg.exe

MD5 79c56419569d1c36856fec09b21236da
SHA1 958a31d860afab6525b54f6bab842b4893a4d884
SHA256 f9d90fecc29d83794d29279c0b44d79139440cfdfc2eb24920e7183e6dba9d17
SHA512 16ae2a4bc7a6a136c1abe5c178ceb6c60cffb827c9ce6d4119d3e32fe578a862ad94e679875c7e36015c830be605f2594e11fbbe19ce40d71e97f7f3f8c5de8d

C:\Windows\System\FxGuVmf.exe

MD5 f59d84fda5debf236364a04f9a6ab9c8
SHA1 de9ccd270b1ce73d8a367f69250a059a6b15af94
SHA256 4a50b5f8f7b3f6a236a8dd87e2dad4e2681bdc93290ff161ee63d2f46e139fff
SHA512 692f77aaa207b9093d78a452e14c01d17e476fd19fd6e2fcd38bfc00301305163957c42fe459e348e275089155369a0da5b99195761544e74f8cb89c0327045f

C:\Windows\System\TInqWjZ.exe

MD5 9b89e018b92000bbc975c32eb4eead2b
SHA1 55671e18282c0292c25e297f9066e1a2d15608b6
SHA256 a050b4d665681178b98ccfad7a504dfeef42ad8f65100ef05ac06825185356b3
SHA512 ea9ce6ace4050a3aa72643a8509fcd23df38774a8a94db46e1c44c3276e6236c31feea42cd06eab732369202bba0fe2be21dc33b089dedcd3160565db8542b80

C:\Windows\System\MqKHjPZ.exe

MD5 4dc50b97e8601b4386b3dcd431753cbd
SHA1 3f3c30f783a165333c545511520067a4c0190a75
SHA256 3dea676aea403931b5456e8b9bad9a8f8669768d74b3e8b2b5315dab842cd7ef
SHA512 01f33e48dc2121f9bce18a747937845863a867ea9f80a5b9e05c1533d569001a456b6d9c807a57a589674090ba88dbbd3b0f17f1bdff5ab3609e9e83c8f9bf22

C:\Windows\System\WMkNGjS.exe

MD5 32cd9f9ff504eed6d61750cfe2595ead
SHA1 18c96b9c8b872235d88b7db71c4f01f81fdcdfb5
SHA256 43b2f65034bfd4bd764acf5e0cfb8d9f5ba8482348809f2f70bfb93b09ff99bc
SHA512 493d742ff5d003183f35282fc177da40209e057caec3baa5a696ebe43772c25719faec75fe7c2ff471c5682eeef997a47864ba6bced75408a73172e43813735a

memory/2384-82-0x00007FF6100E0000-0x00007FF6104D6000-memory.dmp

C:\Windows\System\XyNJFyf.exe

MD5 dbe4c9335887dbdbe43c9e5979561448
SHA1 9ac5a2acfc14a591f5c9671b40706c162b5849d3
SHA256 bf1cf987911ef778896802ecc13b7ae599a1dbdf4739f6192d41247fc3698dd1
SHA512 803c9685b2426c66cb908848a50347880123328d9a0a3b2e349074922cd17e40604da35519081d713c8c9f0d8312721e9762c8bcea08bf287863d2ba16ed90ec

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2o4bgazp.a1v.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\aTiPqJw.exe

MD5 69efa902e26f8ab080d4d050cdb0290a
SHA1 b3ac0cc7941a18aa7ddbc484748359c7a173213e
SHA256 61e2bb7a3432374a33ac02a501745fd490eca38d452c35445eedec2c04a8c93c
SHA512 fd5087299b24dc03dd1f295c31fa7c05a0edc3774fca13d2f017c2283d18590f89b9c4929a62c38449ffcf0b59d5f29157c857e5a75710f787a9babbdb0e1be0

C:\Windows\System\fzIzWIQ.exe

MD5 277613d7a3db45b86592a7589df31088
SHA1 6ae41ee8faf539aaacdaee47bb2e64620e666024
SHA256 d48dcfbe29538636f8fc656780041385a270c0e955cf3a7dff8049cf2151a592
SHA512 6316b32ad5fa3c30a97f848c10aa5d77077911d7d6d39e1ef01e996d5f18ea0b019d20fb21615e163a29c5ecb7ed3a93b5408aa61468afc491a69fad32e8b9f7

C:\Windows\System\NHVmnum.exe

MD5 6a04e88d9cc89a2bb7fab92e0196154f
SHA1 3b9278d2aec741e99df2a94f798b93556577f7d8
SHA256 fc55f3bdd08e0cfec2dde806c99cc20dcfd31d4399f500ec6b342734f82e47ee
SHA512 2b271bb01c4dd3606ea2a035a2635ba15e57c26cf1d8dac88daf823766c9fa7c4b15f2344716bf55a5386d9120ce330040ab18300f69ae0cae54fc63af26116b

C:\Windows\System\CIzlxGT.exe

MD5 f8fdd88fb87db683ef0f9cbccb20b061
SHA1 478a0adbbb64b7c7f4b870e14f34862831bc35b0
SHA256 f07dc614f2002c1dc28591f78687abd5732d31cfeb50dd2392a76a0f592afaa8
SHA512 68ca50cc90e9f8d22668e6b11396521702800dddf14f3232289238edf9fc8498cdbc58fd98a93e50c712ab6ae1dd0c8f9cc433ec91c791f4b47613bbfeb16c08

C:\Windows\System\fvnZGUe.exe

MD5 b26c30d019b64093d37ee386200068dc
SHA1 dab3ef12a9699590087ccb076e906931f44d0264
SHA256 ec64272c1e99de21acc090851fd4bde125673d2a7924c38cde6db9d9fc64ee49
SHA512 4dba936524c248b89e2c881c9e006630e2df403675fca7932dd22919021bc4776422c3a7efbde40a10fa501f55c3ee36683c67194825c25fe604457c07df42fc

C:\Windows\System\ThOYCWg.exe

MD5 aa87a6db4c2e3718f65661e4141ba2b3
SHA1 2644e5a4263cf809c2a7fb4bfbb0616d117b76e0
SHA256 5cffb3ae0765cf8e4dd91b28ecff3f5d9b5b6c3a5c0e8d05545def9c94603951
SHA512 3715f7e261fd21e651c2ada8b39d4ca33f136d82de8d9b88ba724433a42edf272cc8750939dca6f51f68d723e293ac06ff28014bb47c0313b9060cb5b0342d28

C:\Windows\System\NETOICk.exe

MD5 7067a4e6645ca77e91843aa25141f536
SHA1 c182f01c8e98b83e1cbf807b69d5b63307e83f1f
SHA256 9aaf922fcb142080a62b5f0a8e4697dfc36c4a3f4fd8d33bdf13a3676638e33f
SHA512 dd13c9989220d904582966502b293f711fc544c2674690194ad7dab2795de9876ad8b81118491cfbcf952cde70f5cc9e8ceefc3899713fedb741fb8b20890903

C:\Windows\System\gInZijq.exe

MD5 253c592cebaa5c120d6f955c4a75c0f2
SHA1 c693b7749518eac9a8f2dc6e3e7cad3eaa2f57a7
SHA256 b29fd63a2c180940c2578a2aabb897e0c3b499bf4d0d4c22dea173f5e807b3a2
SHA512 f608b5428cacc30a0735a010b764c9e8a26fe2f249e633bf7ff75b94e547e424bb8eb06aeedd843b886423ad9e36196f82b6a2a2e30fe06b88ffd1acd5f3e43c

C:\Windows\System\AWupcwx.exe

MD5 567b43823479d28630ec214385a88e35
SHA1 aa385c09235c26e768e829f03395f9df9d465046
SHA256 8574083df74b75bb4b8d88ec7c03e75718d5ebfc45742352a2d2455cef0e37d5
SHA512 cf15cadb2e3b66da1cef1bdf173a9d19e615257d28bb44e2604234344263b05e0ea5fb22817ccd361af98b92d87d5c2a50c62bc0ae271d7a5ed19706f8ae7c5e

C:\Windows\System\QZXldCb.exe

MD5 768d068466452b221dc28c8c5d231da0
SHA1 df743cbc0ce270b7aea8e7ec1bf52a0780ba98cf
SHA256 c350b9771fb8224c6084d17790d5062e9c363ad76e4b383dfd9d0cb0d0bf7655
SHA512 c7ed71891939d6adfc826a8346090f496891900e651db71c020d5d4859cb0689bf7c428457e46e675a22fee200ffbec0d0e3cb9ae10aa44a9d8d0d963d5bdf23

C:\Windows\System\KeIjSqT.exe

MD5 7918fc6209a28d2c693d99b62824094e
SHA1 66438c5fb8829c8754619f2669b498f64dd80d48
SHA256 a99f2eb126e5e9eba8fcf2a40c89d41ead3a24230ee968ad4fa0b796680fe8f4
SHA512 7b61ca0bca9a1f2d007e7b8dc503844a563f40e2491221ce7d01fe7cd8a7dc960931767a78e92f63aa118b4609b801a4dd9b0f6aff355f193502b22094659658

C:\Windows\System\zRUbHOi.exe

MD5 758b54dd553fef2ed0ffd39c9a906d89
SHA1 e42d8bffab96d55bffe277ef5c6753508f7bc597
SHA256 6aedfc7ae6a2c473ea7843e06d62ded77963ad9947d5f1d3369f4dceaaecc328
SHA512 c8196c2c1bf76f5d5f247e4574b2bd479a8b872855d514529502a6f6286b4f317e7225e372eeac19378a0655b1b02b90a4921e5375d883ae10070401c7dbbbb2

C:\Windows\System\AAVfxUJ.exe

MD5 dd335b4f45deed7669f8b73f88031634
SHA1 6ca114af5091d2c0ddf73ba08733c4b8d18dabca
SHA256 73935be832ccc18f6f847781783070c6ae52c9573c1ab07db55b7502a02e5280
SHA512 49aa55a25a1a7367c910e1f648a85e3f97ee31df7ac5a4e07a0422df4fd4c5747dd21fd875c9d564887369bd7d6d1f39cf98d532703d0faf0578d9da236c15ad

C:\Windows\System\dmrOMpP.exe

MD5 7903f66884862ef89db94dd64cc4a9fd
SHA1 b54832b4408f97d43405fe4e65809af3476f6183
SHA256 3a1fb9e716d8d945d114c48ca5773a189627ee84705b842b90bc7052ace8de20
SHA512 d85546d243efcdd4cc23cf43bebca231bddc22958401da706235856e7b35de97e7bc191afa69d974de1167da1a3bf6164e6c802cbc41d42736b8d1ceb451d0a6

memory/3988-1236-0x00007FFDB7030000-0x00007FFDB7AF1000-memory.dmp

C:\Windows\System\tgQdHxB.exe

MD5 67d893d1a2095d39d451d08ee1cc05e9
SHA1 dad7ef4487e41ff3c3e600250e691ed16832dc94
SHA256 cc871666e89dd430f5e3dc9cc361cd1a4ecf7214b4b8daeb86cca2257079f3ce
SHA512 7799e4db272ac6c136cb55f2e50c1582a5027767dc6d148dbf159fdb6f776a047cf2ac573fbb2f2ca5a994173cf0465c93ef3f6e6c86e8981136e854def9801d

memory/1304-2049-0x00007FF7909B0000-0x00007FF790DA6000-memory.dmp

memory/1636-2050-0x00007FF7E9BB0000-0x00007FF7E9FA6000-memory.dmp

memory/2384-2051-0x00007FF6100E0000-0x00007FF6104D6000-memory.dmp

memory/4408-2052-0x00007FF7F2C30000-0x00007FF7F3026000-memory.dmp

memory/2576-2054-0x00007FF757EC0000-0x00007FF7582B6000-memory.dmp

memory/2088-2053-0x00007FF7B6650000-0x00007FF7B6A46000-memory.dmp

memory/1340-2057-0x00007FF787640000-0x00007FF787A36000-memory.dmp

memory/1524-2058-0x00007FF717C80000-0x00007FF718076000-memory.dmp

memory/3236-2059-0x00007FF74C7F0000-0x00007FF74CBE6000-memory.dmp

memory/3616-2056-0x00007FF673670000-0x00007FF673A66000-memory.dmp

memory/456-2055-0x00007FF671990000-0x00007FF671D86000-memory.dmp

memory/2900-2066-0x00007FF68C500000-0x00007FF68C8F6000-memory.dmp

memory/4876-2065-0x00007FF776440000-0x00007FF776836000-memory.dmp

memory/2536-2072-0x00007FF6BCD60000-0x00007FF6BD156000-memory.dmp

memory/2288-2071-0x00007FF6B6A80000-0x00007FF6B6E76000-memory.dmp

memory/2672-2070-0x00007FF7D8040000-0x00007FF7D8436000-memory.dmp

memory/3964-2069-0x00007FF6E3720000-0x00007FF6E3B16000-memory.dmp

memory/3228-2068-0x00007FF7E7920000-0x00007FF7E7D16000-memory.dmp

memory/836-2067-0x00007FF7742D0000-0x00007FF7746C6000-memory.dmp

memory/3720-2064-0x00007FF6A0270000-0x00007FF6A0666000-memory.dmp

memory/2432-2063-0x00007FF616B40000-0x00007FF616F36000-memory.dmp

memory/3684-2062-0x00007FF7227A0000-0x00007FF722B96000-memory.dmp

memory/2564-2061-0x00007FF6E9D40000-0x00007FF6EA136000-memory.dmp

memory/2584-2060-0x00007FF7C4A10000-0x00007FF7C4E06000-memory.dmp